diff --git a/.circleci/config.yml b/.circleci/config.yml index 4513a0b1..f56af56a 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -173,14 +173,14 @@ references: command: | if "${RUN_TESTS}"; then cd cmake - ./test/gitversion/gitversion-test - if [ ! "$DISABLE_BROKEN_TSAN_TESTS" = true ] ; then ./test/cpp-utils/cpp-utils-test ; fi - if [ ! "$DISABLE_BROKEN_ASAN_TESTS" = true ] ; then ./test/fspp/fspp-test ; fi - ./test/parallelaccessstore/parallelaccessstore-test - ./test/blockstore/blockstore-test - ./test/blobstore/blobstore-test - ./test/cryfs/cryfs-test - if [ ! "$DISABLE_BROKEN_TSAN_TESTS" = true ] ; then ./test/cryfs-cli/cryfs-cli-test ; fi + ./test/gitversion/gitversion-test ${GTEST_ARGS} + ./test/cpp-utils/cpp-utils-test ${GTEST_ARGS} + if [ ! "$DISABLE_BROKEN_ASAN_TESTS" = true ] ; then ./test/fspp/fspp-test ${GTEST_ARGS} ; fi + ./test/parallelaccessstore/parallelaccessstore-test ${GTEST_ARGS} + ./test/blockstore/blockstore-test ${GTEST_ARGS} + ./test/blobstore/blobstore-test ${GTEST_ARGS} + ./test/cryfs/cryfs-test ${GTEST_ARGS} + ./test/cryfs-cli/cryfs-cli-test ${GTEST_ARGS} fi job_definition: &job_definition <<: *container_config @@ -212,6 +212,7 @@ jobs: APT_COMPILER_PACKAGE: "g++-5" CXXFLAGS: "" BUILD_TYPE: "Debug" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true gcc_5_release: @@ -223,6 +224,7 @@ jobs: APT_COMPILER_PACKAGE: "g++-5" CXXFLAGS: "" BUILD_TYPE: "Release" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true gcc_6_debug: @@ -234,6 +236,7 @@ jobs: APT_COMPILER_PACKAGE: "g++-6" CXXFLAGS: "" BUILD_TYPE: "Debug" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true gcc_6_release: @@ -245,6 +248,7 @@ jobs: APT_COMPILER_PACKAGE: "g++-6" CXXFLAGS: "" BUILD_TYPE: "Release" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true gcc_7_debug: @@ -256,6 +260,7 @@ jobs: APT_COMPILER_PACKAGE: "g++-7" CXXFLAGS: "" BUILD_TYPE: "Debug" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true gcc_7_release: @@ -267,6 +272,7 @@ jobs: APT_COMPILER_PACKAGE: "g++-7" CXXFLAGS: "" BUILD_TYPE: "Release" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true gcc_8_debug: @@ -278,6 +284,7 @@ jobs: APT_COMPILER_PACKAGE: "g++-8" CXXFLAGS: "" BUILD_TYPE: "Debug" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true gcc_8_release: @@ -289,6 +296,7 @@ jobs: APT_COMPILER_PACKAGE: "g++-8" CXXFLAGS: "" BUILD_TYPE: "Release" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true clang_4_debug: @@ -300,6 +308,7 @@ jobs: APT_COMPILER_PACKAGE: clang-4.0 CXXFLAGS: "" BUILD_TYPE: "Debug" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true clang_4_release: @@ -311,6 +320,7 @@ jobs: APT_COMPILER_PACKAGE: clang-4.0 CXXFLAGS: "" BUILD_TYPE: "Release" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true clang_5_debug: @@ -322,6 +332,7 @@ jobs: APT_COMPILER_PACKAGE: clang-5.0 CXXFLAGS: "" BUILD_TYPE: "Debug" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true clang_5_release: @@ -333,6 +344,7 @@ jobs: APT_COMPILER_PACKAGE: clang-5.0 CXXFLAGS: "" BUILD_TYPE: "Release" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true clang_6_debug: @@ -344,6 +356,7 @@ jobs: APT_COMPILER_PACKAGE: clang-6.0 CXXFLAGS: "" BUILD_TYPE: "Debug" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true clang_6_release: @@ -355,6 +368,7 @@ jobs: APT_COMPILER_PACKAGE: clang-6.0 CXXFLAGS: "" BUILD_TYPE: "Release" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true clang_7_debug: @@ -366,6 +380,7 @@ jobs: APT_COMPILER_PACKAGE: clang-7 CXXFLAGS: "" BUILD_TYPE: "Debug" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true clang_7_release: @@ -377,6 +392,7 @@ jobs: APT_COMPILER_PACKAGE: clang-7 CXXFLAGS: "" BUILD_TYPE: "Release" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true clang_werror: @@ -388,6 +404,7 @@ jobs: APT_COMPILER_PACKAGE: clang-7 CXXFLAGS: "" BUILD_TYPE: "Release" + GTEST_ARGS: "" CMAKE_FLAGS: "-DUSE_WERROR=on" RUN_TESTS: false gcc_werror: @@ -399,6 +416,7 @@ jobs: APT_COMPILER_PACKAGE: "g++-8" CXXFLAGS: "" BUILD_TYPE: "Release" + GTEST_ARGS: "" CMAKE_FLAGS: "-DUSE_WERROR=on" RUN_TESTS: false gcc_werror: @@ -410,6 +428,7 @@ jobs: APT_COMPILER_PACKAGE: "g++-8" CXXFLAGS: "-Werror" BUILD_TYPE: "Release" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: false no_compatibility: @@ -421,6 +440,7 @@ jobs: APT_COMPILER_PACKAGE: clang-7 CXXFLAGS: "-DCRYFS_NO_COMPATIBILITY" BUILD_TYPE: "Debug" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true address_sanitizer: @@ -434,6 +454,7 @@ jobs: BUILD_TYPE: "Debug" ASAN_OPTIONS: "detect_leaks=1 check_initialization_order=1 detect_stack_use_after_return=1 detect_invalid_pointer_pairs=1 atexit=1" DISABLE_BROKEN_ASAN_TESTS: true + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true ub_sanitizer: @@ -445,6 +466,7 @@ jobs: APT_COMPILER_PACKAGE: clang-7 CXXFLAGS: "-O2 -fno-sanitize-recover=undefined,nullability,implicit-conversion,unsigned-integer-overflow -fno-omit-frame-pointer -fno-common" BUILD_TYPE: "Debug" + GTEST_ARGS: "" CMAKE_FLAGS: "" RUN_TESTS: true thread_sanitizer: @@ -457,7 +479,7 @@ jobs: OMP_NUM_THREADS: "1" CXXFLAGS: "-O2 -fsanitize=thread -fno-omit-frame-pointer" BUILD_TYPE: "Debug" - DISABLE_BROKEN_TSAN_TESTS: true + GTEST_ARGS: "--gtest_filter=-LoggingTest.LoggingAlsoWorksAfterFork:AssertTest_DebugBuild.*:CliTest_Setup.*:CliTest_IntegrityCheck.*:*/CliTest_WrongEnvironment.*:CliTest_Unmount.*" CMAKE_FLAGS: "" RUN_TESTS: true clang_tidy: diff --git a/.travisci/install.sh b/.travisci/install.sh index 9057a75b..abb7f680 100755 --- a/.travisci/install.sh +++ b/.travisci/install.sh @@ -2,6 +2,9 @@ set -e +# Workaround homebrew bug, see https://twitter.com/axccl/status/1083393735277363205 and https://github.com/openPMD/openPMD-api/pull/431/files +brew upgrade --cleanup || brew upgrade --cleanup + # Install newer GCC if we're running on GCC if [ "${CXX}" == "g++" ]; then # We need to uninstall oclint because it creates a /usr/local/include/c++ symlink that clashes with the gcc5 package diff --git a/ChangeLog.txt b/ChangeLog.txt index 24dc6d59..7ef4b3d9 100644 --- a/ChangeLog.txt +++ b/ChangeLog.txt @@ -12,16 +12,19 @@ New Features & Improvements: * New block size options: 4KB and 16KB * New default block size: 16KB. This should decrease the size of the ciphertext directory for most users. * Increased scrypt hardness to (N=1048576, r=4, p=8) to make it harder to crack the key while allowing cryfs to take advantage of multicore machines. +* cryfs-unmount tool to unmount filesystems Fixed bugs: * `du` shows correct file system size on Mac OS X. * On Mac OS X, Finder shows the correct name for the mount directory -Version 0.9.10 (unreleased) +Version 0.9.10 -------------- Fixed bugs: * Fixed occasional deadlock (https://github.com/cryfs/cryfs/issues/64) +* Fix for reading empty files out of bounds +* Fixed race condition (https://github.com/cryfs/cryfs/issues/224 and https://github.com/cryfs/cryfs/issues/243) Version 0.9.9 diff --git a/appveyor.yml b/appveyor.yml index 6555400a..d5fa3de9 100644 --- a/appveyor.yml +++ b/appveyor.yml @@ -12,7 +12,7 @@ platform: configuration: - Debug - RelWithDebInfo -# - Release + - Release version: '{branch}-{build}' @@ -20,13 +20,11 @@ init: - echo %NUMBER_OF_PROCESSORS% - echo %PLATFORM% - echo %APPVEYOR_BUILD_WORKER_IMAGE% -- set arch= -- if "%PLATFORM%"=="x64" ( set arch= Win64) -- if "%APPVEYOR_BUILD_WORKER_IMAGE%"=="Visual Studio 2013" (set generator=Visual Studio 12 2013%arch%) -- if "%APPVEYOR_BUILD_WORKER_IMAGE%"=="Visual Studio 2015" (set generator=Visual Studio 14 2015%arch%) -- if "%APPVEYOR_BUILD_WORKER_IMAGE%"=="Visual Studio 2017" (set generator=Visual Studio 15 2017%arch%) -- if "%APPVEYOR_BUILD_WORKER_IMAGE%"=="Visual Studio 2017 Preview" (set generator=Visual Studio 15 2017%arch%) -- echo %generator% +- set arch=32 +- if "%PLATFORM%"=="x64" ( set arch=64) +- set VisualStudioVersion=2017 +- if "%APPVEYOR_BUILD_WORKER_IMAGE%" == "Visual Studio 2017 Preview" ( set VisualStudioVersion=Preview) +- cmd: call "C:\Program Files (x86)\Microsoft Visual Studio\%VisualStudioVersion%\Community\VC\Auxiliary\Build\vcvars%arch%.bat" install: - choco install -y dokany --version 1.1.0.2000 --installargs INSTALLDEVFILES=1 @@ -35,17 +33,17 @@ install: build_script: - cmd: mkdir build - cmd: cd build - - cmd: cmake .. -G "%generator%" -DBUILD_TESTING=on -DBOOST_ROOT="C:/Libraries/boost_1_65_1" -DDOKAN_PATH="C:/Program Files/Dokan/DokanLibrary-1.1.0" - # TODO Make build parallel + - cmd: cmake .. -G "Ninja" -DBUILD_TESTING=on -DBOOST_ROOT="C:/Libraries/boost_1_65_1" -DDOKAN_PATH="C:/Program Files/Dokan/DokanLibrary-1.1.0" - cmd: cmake --build . --config %CONFIGURATION% - - cmd: .\test\gitversion\%CONFIGURATION%\gitversion-test.exe - - cmd: cd .\test\cpp-utils\%CONFIGURATION%\ && .\cpp-utils-test.exe && cd ..\..\.. - #- cmd: .\test\fspp\%CONFIGURATION%\fspp-test.exe - - cmd: .\test\parallelaccessstore\%CONFIGURATION%\parallelaccessstore-test.exe - - cmd: .\test\blockstore\%CONFIGURATION%\blockstore-test.exe - - cmd: .\test\blobstore\%CONFIGURATION%\blobstore-test.exe - - cmd: .\test\cryfs\%CONFIGURATION%\cryfs-test.exe - #- cmd: .\test\cryfs-cli\%CONFIGURATION%\cryfs-cli-test.exe + - cmd: .\test\gitversion\gitversion-test.exe + # cpp-utils-test disables ThreadDebuggingTest_ThreadName.*_thenIsCorrect because the appveyor image is too old to support the API needed for that + - cmd: cd .\test\cpp-utils\ && .\cpp-utils-test.exe --gtest_filter=-ThreadDebuggingTest_ThreadName.*_thenIsCorrect && cd ..\.. + #- cmd: .\test\fspp\fspp-test.exe + - cmd: .\test\parallelaccessstore\parallelaccessstore-test.exe + - cmd: .\test\blockstore\blockstore-test.exe + - cmd: .\test\blobstore\blobstore-test.exe + - cmd: .\test\cryfs\cryfs-test.exe + #- cmd: .\test\cryfs-cli\cryfs-cli-test.exe - cmd: cpack -C %CONFIGURATION% --verbose -G WIX diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt index 42b57a14..a803b1c8 100644 --- a/src/CMakeLists.txt +++ b/src/CMakeLists.txt @@ -8,4 +8,5 @@ add_subdirectory(blockstore) add_subdirectory(blobstore) add_subdirectory(cryfs) add_subdirectory(cryfs-cli) +add_subdirectory(cryfs-unmount) add_subdirectory(stats) diff --git a/src/blobstore/CMakeLists.txt b/src/blobstore/CMakeLists.txt index e43d5a61..df2fc63a 100644 --- a/src/blobstore/CMakeLists.txt +++ b/src/blobstore/CMakeLists.txt @@ -11,6 +11,7 @@ set(SOURCES implementations/onblocks/datanodestore/DataInnerNode.cpp implementations/onblocks/datanodestore/DataNodeStore.cpp implementations/onblocks/datatreestore/impl/algorithms.cpp + implementations/onblocks/datatreestore/impl/CachedValue.cpp implementations/onblocks/datatreestore/impl/LeafTraverser.cpp implementations/onblocks/datatreestore/LeafHandle.cpp implementations/onblocks/datatreestore/DataTree.cpp diff --git a/src/blobstore/implementations/onblocks/BlobOnBlocks.cpp b/src/blobstore/implementations/onblocks/BlobOnBlocks.cpp index 0202d23a..3c08ce9c 100644 --- a/src/blobstore/implementations/onblocks/BlobOnBlocks.cpp +++ b/src/blobstore/implementations/onblocks/BlobOnBlocks.cpp @@ -8,13 +8,9 @@ #include #include "datatreestore/LeafHandle.h" -using std::function; -using std::unique_lock; -using std::mutex; using cpputils::unique_ref; using cpputils::Data; using blockstore::BlockId; -using blobstore::onblocks::datatreestore::LeafHandle; namespace blobstore { namespace onblocks { @@ -22,128 +18,34 @@ namespace onblocks { using parallelaccessdatatreestore::DataTreeRef; BlobOnBlocks::BlobOnBlocks(unique_ref datatree) -: _datatree(std::move(datatree)), _sizeCache(boost::none), _mutex() { +: _datatree(std::move(datatree)) { } BlobOnBlocks::~BlobOnBlocks() { } // NOLINT (workaround https://gcc.gnu.org/bugzilla/show_bug.cgi?id=82481 ) uint64_t BlobOnBlocks::size() const { - if (_sizeCache == boost::none) { - _sizeCache = _datatree->numStoredBytes(); - } - return *_sizeCache; + return _datatree->numBytes(); } void BlobOnBlocks::resize(uint64_t numBytes) { _datatree->resizeNumBytes(numBytes); - _sizeCache = numBytes; -} - -void BlobOnBlocks::_traverseLeaves(uint64_t beginByte, uint64_t sizeBytes, function onExistingLeaf, function onCreateLeaf) const { - unique_lock lock(_mutex); // TODO Multiple traverse calls in parallel? - uint64_t endByte = beginByte + sizeBytes; - uint64_t maxBytesPerLeaf = _datatree->maxBytesPerLeaf(); - uint32_t firstLeaf = beginByte / maxBytesPerLeaf; - uint32_t endLeaf = utils::ceilDivision(endByte, maxBytesPerLeaf); - bool blobIsGrowingFromThisTraversal = false; - auto _onExistingLeaf = [&onExistingLeaf, beginByte, endByte, endLeaf, maxBytesPerLeaf, &blobIsGrowingFromThisTraversal] (uint32_t leafIndex, bool isRightBorderLeaf, LeafHandle leafHandle) { - uint64_t indexOfFirstLeafByte = leafIndex * maxBytesPerLeaf; - ASSERT(endByte > indexOfFirstLeafByte, "Traversal went too far right"); - uint32_t dataBegin = utils::maxZeroSubtraction(beginByte, indexOfFirstLeafByte); - uint32_t dataEnd = std::min(maxBytesPerLeaf, endByte - indexOfFirstLeafByte); - // If we are traversing exactly until the last leaf, then the last leaf wasn't resized by the traversal and might have a wrong size. We have to fix it. - if (isRightBorderLeaf) { - ASSERT(leafIndex == endLeaf-1, "If we traversed further right, this wouldn't be the right border leaf."); - auto leaf = leafHandle.node(); - if (leaf->numBytes() < dataEnd) { - leaf->resize(dataEnd); - blobIsGrowingFromThisTraversal = true; - } - } - onExistingLeaf(indexOfFirstLeafByte, std::move(leafHandle), dataBegin, dataEnd-dataBegin); - }; - auto _onCreateLeaf = [&onCreateLeaf, maxBytesPerLeaf, beginByte, firstLeaf, endByte, endLeaf, &blobIsGrowingFromThisTraversal] (uint32_t leafIndex) -> Data { - blobIsGrowingFromThisTraversal = true; - uint64_t indexOfFirstLeafByte = leafIndex * maxBytesPerLeaf; - ASSERT(endByte > indexOfFirstLeafByte, "Traversal went too far right"); - uint32_t dataBegin = utils::maxZeroSubtraction(beginByte, indexOfFirstLeafByte); - uint32_t dataEnd = std::min(maxBytesPerLeaf, endByte - indexOfFirstLeafByte); - ASSERT(leafIndex == firstLeaf || dataBegin == 0, "Only the leftmost leaf can have a gap on the left."); - ASSERT(leafIndex == endLeaf-1 || dataEnd == maxBytesPerLeaf, "Only the rightmost leaf can have a gap on the right"); - Data data = onCreateLeaf(indexOfFirstLeafByte + dataBegin, dataEnd-dataBegin); - ASSERT(data.size() == dataEnd-dataBegin, "Returned leaf data with wrong size"); - // If this leaf is created but only partly in the traversed region (i.e. dataBegin > leafBegin), we have to fill the data before the traversed region with zeroes. - if (dataBegin != 0) { - Data actualData(dataBegin + data.size()); - std::memset(actualData.data(), 0, dataBegin); - std::memcpy(actualData.dataOffset(dataBegin), data.data(), data.size()); - data = std::move(actualData); - } - return data; - }; - _datatree->traverseLeaves(firstLeaf, endLeaf, _onExistingLeaf, _onCreateLeaf); - if (blobIsGrowingFromThisTraversal) { - ASSERT(_datatree->numStoredBytes() == endByte, "Writing didn't grow by the correct number of bytes"); - _sizeCache = endByte; - } } Data BlobOnBlocks::readAll() const { - //TODO Querying size is inefficient. Is this possible without a call to size()? - uint64_t count = size(); - Data result(count); - _read(result.data(), 0, count); - return result; + return _datatree->readAllBytes(); } void BlobOnBlocks::read(void *target, uint64_t offset, uint64_t count) const { - uint64_t _size = size(); - ASSERT(offset <= _size && offset + count <= _size, "BlobOnBlocks::read() read outside blob. Use BlobOnBlocks::tryRead() if this should be allowed."); - uint64_t read = tryRead(target, offset, count); - ASSERT(read == count, "BlobOnBlocks::read() couldn't read all requested bytes. Use BlobOnBlocks::tryRead() if this should be allowed."); + return _datatree->readBytes(target, offset, count); } uint64_t BlobOnBlocks::tryRead(void *target, uint64_t offset, uint64_t count) const { - //TODO Quite inefficient to call size() here, because that has to traverse the tree - uint64_t realCount = std::max(INT64_C(0), std::min(static_cast(count), static_cast(size())-static_cast(offset))); - _read(target, offset, realCount); - return realCount; -} - -void BlobOnBlocks::_read(void *target, uint64_t offset, uint64_t count) const { - auto onExistingLeaf = [target, offset, count] (uint64_t indexOfFirstLeafByte, LeafHandle leaf, uint32_t leafDataOffset, uint32_t leafDataSize) { - ASSERT(indexOfFirstLeafByte+leafDataOffset>=offset && indexOfFirstLeafByte-offset+leafDataOffset <= count && indexOfFirstLeafByte-offset+leafDataOffset+leafDataSize <= count, "Writing to target out of bounds"); - //TODO Simplify formula, make it easier to understand - leaf.node()->read(static_cast(target) + indexOfFirstLeafByte - offset + leafDataOffset, leafDataOffset, leafDataSize); - }; - auto onCreateLeaf = [] (uint64_t /*beginByte*/, uint32_t /*count*/) -> Data { - ASSERT(false, "Reading shouldn't create new leaves."); - }; - _traverseLeaves(offset, count, onExistingLeaf, onCreateLeaf); + return _datatree->tryReadBytes(target, offset, count); } void BlobOnBlocks::write(const void *source, uint64_t offset, uint64_t count) { - auto onExistingLeaf = [source, offset, count] (uint64_t indexOfFirstLeafByte, LeafHandle leaf, uint32_t leafDataOffset, uint32_t leafDataSize) { - ASSERT(indexOfFirstLeafByte+leafDataOffset>=offset && indexOfFirstLeafByte-offset+leafDataOffset <= count && indexOfFirstLeafByte-offset+leafDataOffset+leafDataSize <= count, "Reading from source out of bounds"); - if (leafDataOffset == 0 && leafDataSize == leaf.nodeStore()->layout().maxBytesPerLeaf()) { - Data leafData(leafDataSize); - std::memcpy(leafData.data(), static_cast(source) + indexOfFirstLeafByte - offset, leafDataSize); - leaf.nodeStore()->overwriteLeaf(leaf.blockId(), std::move(leafData)); - } else { - //TODO Simplify formula, make it easier to understand - leaf.node()->write(static_cast(source) + indexOfFirstLeafByte - offset + leafDataOffset, leafDataOffset, - leafDataSize); - } - }; - auto onCreateLeaf = [source, offset, count] (uint64_t beginByte, uint32_t numBytes) -> Data { - ASSERT(beginByte >= offset && beginByte-offset <= count && beginByte-offset+numBytes <= count, "Reading from source out of bounds"); - Data result(numBytes); - //TODO Simplify formula, make it easier to understand - std::memcpy(result.data(), static_cast(source) + beginByte - offset, numBytes); - return result; - }; - _traverseLeaves(offset, count, onExistingLeaf, onCreateLeaf); + _datatree->writeBytes(source, offset, count); } void BlobOnBlocks::flush() { diff --git a/src/blobstore/implementations/onblocks/BlobOnBlocks.h b/src/blobstore/implementations/onblocks/BlobOnBlocks.h index 8941d7da..fe24e884 100644 --- a/src/blobstore/implementations/onblocks/BlobOnBlocks.h +++ b/src/blobstore/implementations/onblocks/BlobOnBlocks.h @@ -7,6 +7,7 @@ #include #include +#include namespace blobstore { namespace onblocks { @@ -38,12 +39,11 @@ public: private: + uint64_t _tryRead(void *target, uint64_t offset, uint64_t size) const; void _read(void *target, uint64_t offset, uint64_t count) const; void _traverseLeaves(uint64_t offsetBytes, uint64_t sizeBytes, std::function onExistingLeaf, std::function onCreateLeaf) const; cpputils::unique_ref _datatree; - mutable boost::optional _sizeCache; - mutable std::mutex _mutex; DISALLOW_COPY_AND_ASSIGN(BlobOnBlocks); }; diff --git a/src/blobstore/implementations/onblocks/datatreestore/DataTree.cpp b/src/blobstore/implementations/onblocks/datatreestore/DataTree.cpp index 4e5bd4cf..e2e39251 100644 --- a/src/blobstore/implementations/onblocks/datatreestore/DataTree.cpp +++ b/src/blobstore/implementations/onblocks/datatreestore/DataTree.cpp @@ -12,6 +12,7 @@ #include #include #include "impl/LeafTraverser.h" +#include using blockstore::BlockId; using blobstore::onblocks::datanodestore::DataNodeStore; @@ -24,17 +25,21 @@ using boost::shared_mutex; using boost::shared_lock; using boost::unique_lock; using boost::none; +using boost::optional; using cpputils::optional_ownership_ptr; using cpputils::unique_ref; using cpputils::Data; +using namespace cpputils::logging; + +//TODO shared_lock currently not enough for traverse because of root replacement. Can be fixed while keeping shared? namespace blobstore { namespace onblocks { namespace datatreestore { DataTree::DataTree(DataNodeStore *nodeStore, unique_ref rootNode) - : _mutex(), _nodeStore(nodeStore), _rootNode(std::move(rootNode)), _blockId(_rootNode->blockId()), _numLeavesCache(none) { + : _treeStructureMutex(), _nodeStore(nodeStore), _rootNode(std::move(rootNode)), _blockId(_rootNode->blockId()), _sizeCache() { } DataTree::~DataTree() { @@ -45,102 +50,143 @@ const BlockId &DataTree::blockId() const { } void DataTree::flush() const { - // By grabbing a lock, we ensure that all modifying functions don't run currently and are therefore flushed - unique_lock lock(_mutex); + // By grabbing a lock, we ensure that all modifying functions don't run currently and are therefore flushed. + // It's only a shared lock, because this doesn't modify the tree structure. + shared_lock lock(_treeStructureMutex); // We also have to flush the root node _rootNode->flush(); } unique_ref DataTree::releaseRootNode() { - unique_lock lock(_mutex); // Lock ensures that the root node is currently set (traversing unsets it temporarily) + // Lock also ensures that the root node is currently set (traversing unsets it temporarily) + // It's a unique lock because this "modifies" tree structure by changing _rootNode. + unique_lock lock(_treeStructureMutex); return std::move(_rootNode); } //TODO Test numLeaves(), for example also two configurations with same number of bytes but different number of leaves (last leaf has 0 bytes) uint32_t DataTree::numLeaves() const { - shared_lock lock(_mutex); - return _numLeaves(); + shared_lock lock(_treeStructureMutex); + + return _getOrComputeSizeCache().numLeaves; } -uint32_t DataTree::_numLeaves() const { - if (_numLeavesCache == none) { - _numLeavesCache = _computeNumLeaves(*_rootNode); - } - return *_numLeavesCache; +uint64_t DataTree::numBytes() const { + shared_lock lock(_treeStructureMutex); + return _numBytes(); } -uint32_t DataTree::_forceComputeNumLeaves() const { - unique_lock lock(_mutex); // Lock ensures that the root node is currently set (traversing unsets it temporarily) - _numLeavesCache = _computeNumLeaves(*_rootNode); - return *_numLeavesCache; +uint64_t DataTree::_numBytes() const { + return _getOrComputeSizeCache().numBytes; } -uint32_t DataTree::_computeNumLeaves(const DataNode &node) const { +DataTree::SizeCache DataTree::_getOrComputeSizeCache() const { + return _sizeCache.getOrCompute([this] () { + return _computeSizeCache(*_rootNode); + }); +} + +uint32_t DataTree::forceComputeNumLeaves() const { + _sizeCache.clear(); + return numLeaves(); +} + +DataTree::SizeCache DataTree::_computeSizeCache(const DataNode &node) const { const DataLeafNode *leaf = dynamic_cast(&node); if (leaf != nullptr) { - return 1; + return {1, leaf->numBytes()}; } const DataInnerNode &inner = dynamic_cast(node); - uint64_t numLeavesInLeftChildren = static_cast(inner.numChildren()-1) * leavesPerFullChild(inner); + uint32_t numLeavesInLeftChildren = static_cast(inner.numChildren()-1) * _leavesPerFullChild(inner); + uint64_t numBytesInLeftChildren = numLeavesInLeftChildren * _nodeStore->layout().maxBytesPerLeaf(); auto lastChild = _nodeStore->load(inner.readLastChild().blockId()); ASSERT(lastChild != none, "Couldn't load last child"); - uint64_t numLeavesInRightChild = _computeNumLeaves(**lastChild); + SizeCache sizeInRightChild = _computeSizeCache(**lastChild); - return numLeavesInLeftChildren + numLeavesInRightChild; + return SizeCache { + numLeavesInLeftChildren + sizeInRightChild.numLeaves, + numBytesInLeftChildren + sizeInRightChild.numBytes + }; } -void DataTree::traverseLeaves(uint32_t beginIndex, uint32_t endIndex, function onExistingLeaf, function onCreateLeaf) { - //TODO Can we allow multiple runs of traverseLeaves() in parallel? Also in parallel with resizeNumBytes()? - std::unique_lock lock(_mutex); - ASSERT(beginIndex <= endIndex, "Invalid parameters"); +void DataTree::_traverseLeavesByLeafIndices(uint32_t beginIndex, uint32_t endIndex, bool readOnlyTraversal, + function onExistingLeaf, + function onCreateLeaf, + function onBacktrackFromSubtree) const { + if(endIndex <= beginIndex) { + return; + } - auto onBacktrackFromSubtree = [] (DataInnerNode* /*node*/) {}; + // TODO no const cast + LeafTraverser(_nodeStore, readOnlyTraversal).traverseAndUpdateRoot(&const_cast(this)->_rootNode, beginIndex, endIndex, onExistingLeaf, onCreateLeaf, onBacktrackFromSubtree); +} - _traverseLeaves(beginIndex, endIndex, onExistingLeaf, onCreateLeaf, onBacktrackFromSubtree); +void DataTree::_traverseLeavesByByteIndices(uint64_t beginByte, uint64_t sizeBytes, bool readOnlyTraversal, function onExistingLeaf, function onCreateLeaf) const { + if (sizeBytes == 0) { + return; + } - if (_numLeavesCache != none && *_numLeavesCache < endIndex) { - _numLeavesCache = endIndex; + uint64_t endByte = beginByte + sizeBytes; + uint64_t _maxBytesPerLeaf = maxBytesPerLeaf(); + uint32_t firstLeaf = beginByte / _maxBytesPerLeaf; + uint32_t endLeaf = utils::ceilDivision(endByte, _maxBytesPerLeaf); + bool blobIsGrowingFromThisTraversal = false; + auto _onExistingLeaf = [&onExistingLeaf, beginByte, endByte, endLeaf, _maxBytesPerLeaf, &blobIsGrowingFromThisTraversal] (uint32_t leafIndex, bool isRightBorderLeaf, LeafHandle leafHandle) { + uint64_t indexOfFirstLeafByte = leafIndex * _maxBytesPerLeaf; + ASSERT(endByte > indexOfFirstLeafByte, "Traversal went too far right"); + uint32_t dataBegin = utils::maxZeroSubtraction(beginByte, indexOfFirstLeafByte); + uint32_t dataEnd = std::min(_maxBytesPerLeaf, endByte - indexOfFirstLeafByte); + // If we are traversing exactly until the last leaf, then the last leaf wasn't resized by the traversal and might have a wrong size. We have to fix it. + if (isRightBorderLeaf) { + ASSERT(leafIndex == endLeaf-1, "If we traversed further right, this wouldn't be the right border leaf."); + auto leaf = leafHandle.node(); + if (leaf->numBytes() < dataEnd) { + leaf->resize(dataEnd); + blobIsGrowingFromThisTraversal = true; + } + } + onExistingLeaf(indexOfFirstLeafByte, std::move(leafHandle), dataBegin, dataEnd-dataBegin); + }; + auto _onCreateLeaf = [&onCreateLeaf, _maxBytesPerLeaf, beginByte, firstLeaf, endByte, endLeaf, &blobIsGrowingFromThisTraversal, readOnlyTraversal] (uint32_t leafIndex) -> Data { + ASSERT(!readOnlyTraversal, "Cannot create leaves in a read-only traversal"); + blobIsGrowingFromThisTraversal = true; + uint64_t indexOfFirstLeafByte = leafIndex * _maxBytesPerLeaf; + ASSERT(endByte > indexOfFirstLeafByte, "Traversal went too far right"); + uint32_t dataBegin = utils::maxZeroSubtraction(beginByte, indexOfFirstLeafByte); + uint32_t dataEnd = std::min(_maxBytesPerLeaf, endByte - indexOfFirstLeafByte); + ASSERT(leafIndex == firstLeaf || dataBegin == 0, "Only the leftmost leaf can have a gap on the left."); + ASSERT(leafIndex == endLeaf-1 || dataEnd == _maxBytesPerLeaf, "Only the rightmost leaf can have a gap on the right"); + Data data = onCreateLeaf(indexOfFirstLeafByte + dataBegin, dataEnd-dataBegin); + ASSERT(data.size() == dataEnd-dataBegin, "Returned leaf data with wrong size"); + // If this leaf is created but only partly in the traversed region (i.e. dataBegin > leafBegin), we have to fill the data before the traversed region with zeroes. + if (dataBegin != 0) { + Data actualData(dataBegin + data.size()); + std::memset(actualData.data(), 0, dataBegin); + std::memcpy(actualData.dataOffset(dataBegin), data.data(), data.size()); + data = std::move(actualData); + } + return data; + }; + auto _onBacktrackFromSubtree = [] (DataInnerNode* /*node*/) {}; + + _traverseLeavesByLeafIndices(firstLeaf, endLeaf, readOnlyTraversal, _onExistingLeaf, _onCreateLeaf, _onBacktrackFromSubtree); + + ASSERT(!readOnlyTraversal || !blobIsGrowingFromThisTraversal, "Blob grew from traversal that didn't allow growing (i.e. reading)"); + + if (blobIsGrowingFromThisTraversal) { + _sizeCache.update([endLeaf, endByte] (optional* cache) { + *cache = SizeCache{endLeaf, endByte}; + }); } } -void DataTree::_traverseLeaves(uint32_t beginIndex, uint32_t endIndex, - function onExistingLeaf, - function onCreateLeaf, - function onBacktrackFromSubtree) { - _rootNode = LeafTraverser(_nodeStore).traverseAndReturnRoot(std::move(_rootNode), beginIndex, endIndex, onExistingLeaf, onCreateLeaf, onBacktrackFromSubtree); -} - -uint32_t DataTree::leavesPerFullChild(const DataInnerNode &root) const { +uint32_t DataTree::_leavesPerFullChild(const DataInnerNode &root) const { return utils::intPow(_nodeStore->layout().maxChildrenPerInnerNode(), static_cast(root.depth())-1); } -uint64_t DataTree::numStoredBytes() const { - shared_lock lock(_mutex); - return _numStoredBytes(); -} - -uint64_t DataTree::_numStoredBytes() const { - return _numStoredBytes(*_rootNode); -} - -uint64_t DataTree::_numStoredBytes(const DataNode &root) const { - const DataLeafNode *leaf = dynamic_cast(&root); - if (leaf != nullptr) { - return leaf->numBytes(); - } - - const DataInnerNode &inner = dynamic_cast(root); - uint64_t numBytesInLeftChildren = (inner.numChildren()-1) * leavesPerFullChild(inner) * _nodeStore->layout().maxBytesPerLeaf(); - auto lastChild = _nodeStore->load(inner.readLastChild().blockId()); - ASSERT(lastChild != none, "Couldn't load last child"); - uint64_t numBytesInRightChild = _numStoredBytes(**lastChild); - - return numBytesInLeftChildren + numBytesInRightChild; -} - void DataTree::resizeNumBytes(uint64_t newNumBytes) { - std::unique_lock lock(_mutex); // TODO Multiple ones in parallel? Also in parallel with traverseLeaves()? + std::unique_lock lock(_treeStructureMutex); uint32_t newNumLeaves = std::max(UINT64_C(1), utils::ceilDivision(newNumBytes, _nodeStore->layout().maxBytesPerLeaf())); uint32_t newLastLeafSize = newNumBytes - (newNumLeaves-1) * _nodeStore->layout().maxBytesPerLeaf(); @@ -171,8 +217,11 @@ void DataTree::resizeNumBytes(uint64_t newNumBytes) { } }; - _traverseLeaves(newNumLeaves - 1, newNumLeaves, onExistingLeaf, onCreateLeaf, onBacktrackFromSubtree); - _numLeavesCache = newNumLeaves; + _traverseLeavesByLeafIndices(newNumLeaves - 1, newNumLeaves, false, onExistingLeaf, onCreateLeaf, onBacktrackFromSubtree); + _sizeCache.update([newNumLeaves, newNumBytes] (boost::optional* cache) { + *cache = SizeCache{newNumLeaves, newNumBytes}; + }); + } uint64_t DataTree::maxBytesPerLeaf() const { @@ -180,9 +229,87 @@ uint64_t DataTree::maxBytesPerLeaf() const { } uint8_t DataTree::depth() const { + shared_lock lock(_treeStructureMutex); return _rootNode->depth(); } +void DataTree::readBytes(void *target, uint64_t offset, uint64_t count) const { + shared_lock lock(_treeStructureMutex); + + const uint64_t _size = _numBytes(); + if(offset > _size || offset + count > _size) { + throw std::runtime_error("BlobOnBlocks::read() read outside blob. Use BlobOnBlocks::tryRead() if this should be allowed."); + } + const uint64_t read = _tryReadBytes(target, offset, count); + if (read != count) { + throw std::runtime_error("BlobOnBlocks::read() couldn't read all requested bytes. Use BlobOnBlocks::tryRead() if this should be allowed."); + } +} + +Data DataTree::readAllBytes() const { + shared_lock lock(_treeStructureMutex); + + //TODO Querying numBytes can be inefficient. Is this possible without a call to size()? + uint64_t count = _numBytes(); + Data result(count); + _doReadBytes(result.data(), 0, count); + + return result; +} + +uint64_t DataTree::tryReadBytes(void *target, uint64_t offset, uint64_t count) const { + shared_lock lock(_treeStructureMutex); + auto result = _tryReadBytes(target, offset, count); + return result; +} + +uint64_t DataTree::_tryReadBytes(void *target, uint64_t offset, uint64_t count) const { + //TODO Quite inefficient to call size() here, because that has to traverse the tree + const uint64_t _size = _numBytes(); + const uint64_t realCount = std::max(INT64_C(0), std::min(static_cast(count), static_cast(_size)-static_cast(offset))); + _doReadBytes(target, offset, realCount); + return realCount; +} + +void DataTree::_doReadBytes(void *target, uint64_t offset, uint64_t count) const { + auto onExistingLeaf = [target, offset, count] (uint64_t indexOfFirstLeafByte, LeafHandle leaf, uint32_t leafDataOffset, uint32_t leafDataSize) { + ASSERT(indexOfFirstLeafByte+leafDataOffset>=offset && indexOfFirstLeafByte-offset+leafDataOffset <= count && indexOfFirstLeafByte-offset+leafDataOffset+leafDataSize <= count, "Writing to target out of bounds"); + //TODO Simplify formula, make it easier to understand + leaf.node()->read(static_cast(target) + indexOfFirstLeafByte - offset + leafDataOffset, leafDataOffset, leafDataSize); + }; + auto onCreateLeaf = [] (uint64_t /*beginByte*/, uint32_t /*count*/) -> Data { + ASSERT(false, "Reading shouldn't create new leaves."); + }; + + _traverseLeavesByByteIndices(offset, count, true, onExistingLeaf, onCreateLeaf); +} + +void DataTree::writeBytes(const void *source, uint64_t offset, uint64_t count) { + unique_lock lock(_treeStructureMutex); + + auto onExistingLeaf = [source, offset, count] (uint64_t indexOfFirstLeafByte, LeafHandle leaf, uint32_t leafDataOffset, uint32_t leafDataSize) { + ASSERT(indexOfFirstLeafByte+leafDataOffset>=offset && indexOfFirstLeafByte-offset+leafDataOffset <= count && indexOfFirstLeafByte-offset+leafDataOffset+leafDataSize <= count, "Reading from source out of bounds"); + if (leafDataOffset == 0 && leafDataSize == leaf.nodeStore()->layout().maxBytesPerLeaf()) { + Data leafData(leafDataSize); + std::memcpy(leafData.data(), static_cast(source) + indexOfFirstLeafByte - offset, leafDataSize); + leaf.nodeStore()->overwriteLeaf(leaf.blockId(), std::move(leafData)); + } else { + //TODO Simplify formula, make it easier to understand + leaf.node()->write(static_cast(source) + indexOfFirstLeafByte - offset + leafDataOffset, leafDataOffset, + leafDataSize); + } + }; + auto onCreateLeaf = [source, offset, count] (uint64_t beginByte, uint32_t numBytes) -> Data { + ASSERT(beginByte >= offset && beginByte-offset <= count && beginByte-offset+numBytes <= count, "Reading from source out of bounds"); + Data result(numBytes); + //TODO Simplify formula, make it easier to understand + std::memcpy(result.data(), static_cast(source) + beginByte - offset, numBytes); + return result; + }; + + _traverseLeavesByByteIndices(offset, count, false, onExistingLeaf, onCreateLeaf); +} + } } } diff --git a/src/blobstore/implementations/onblocks/datatreestore/DataTree.h b/src/blobstore/implementations/onblocks/datatreestore/DataTree.h index d3339504..6154ca87 100644 --- a/src/blobstore/implementations/onblocks/datatreestore/DataTree.h +++ b/src/blobstore/implementations/onblocks/datatreestore/DataTree.h @@ -10,6 +10,7 @@ #include #include #include "LeafHandle.h" +#include "impl/CachedValue.h" namespace blobstore { namespace onblocks { @@ -31,39 +32,57 @@ public: //Returning uint64_t, because calculations handling this probably need to be done in 64bit to support >4GB blobs. uint64_t maxBytesPerLeaf() const; - void traverseLeaves(uint32_t beginIndex, uint32_t endIndex, std::function onExistingLeaf, std::function onCreateLeaf); + uint64_t tryReadBytes(void *target, uint64_t offset, uint64_t count) const; + void readBytes(void *target, uint64_t offset, uint64_t count) const; + cpputils::Data readAllBytes() const; + + void writeBytes(const void *source, uint64_t offset, uint64_t count); + void resizeNumBytes(uint64_t newNumBytes); uint32_t numLeaves() const; - uint64_t numStoredBytes() const; + uint64_t numBytes() const; uint8_t depth() const; // only used by test cases - uint32_t _forceComputeNumLeaves() const; + uint32_t forceComputeNumLeaves() const; void flush() const; private: - mutable boost::shared_mutex _mutex; + // This mutex must protect the tree structure, i.e. which nodes exist and how they're connected. + // Also protects total number of bytes (i.e. number of leaves + size of last leaf). + // It also protects the data in leaf nodes, because writing bytes might grow the blob and change the structure. + mutable boost::shared_mutex _treeStructureMutex; + datanodestore::DataNodeStore *_nodeStore; cpputils::unique_ref _rootNode; blockstore::BlockId _blockId; // BlockId is stored in a member variable, since _rootNode is nullptr while traversing, but we still want to be able to return the blockId. - mutable boost::optional _numLeavesCache; + + struct SizeCache final { + uint32_t numLeaves; + uint64_t numBytes; + }; + mutable CachedValue _sizeCache; cpputils::unique_ref releaseRootNode(); friend class DataTreeStore; - //TODO Use underscore for private methods - void _traverseLeaves(uint32_t beginIndex, uint32_t endIndex, - std::function onExistingLeaf, - std::function onCreateLeaf, - std::function onBacktrackFromSubtree); - uint32_t leavesPerFullChild(const datanodestore::DataInnerNode &root) const; - uint64_t _numStoredBytes() const; - uint64_t _numStoredBytes(const datanodestore::DataNode &root) const; - uint32_t _numLeaves() const; - uint32_t _computeNumLeaves(const datanodestore::DataNode &node) const; + void _traverseLeavesByLeafIndices(uint32_t beginIndex, uint32_t endIndex, bool readOnlyTraversal, + std::function onExistingLeaf, + std::function onCreateLeaf, + std::function onBacktrackFromSubtree) const; + void _traverseLeavesByByteIndices(uint64_t beginByte, uint64_t sizeBytes, bool readOnlyTraversal, std::function onExistingLeaf, std::function onCreateLeaf) const; + + uint32_t _leavesPerFullChild(const datanodestore::DataInnerNode &root) const; + + SizeCache _getOrComputeSizeCache() const; + SizeCache _computeSizeCache(const datanodestore::DataNode &node) const; + + uint64_t _tryReadBytes(void *target, uint64_t offset, uint64_t count) const; + void _doReadBytes(void *target, uint64_t offset, uint64_t count) const; + uint64_t _numBytes() const; DISALLOW_COPY_AND_ASSIGN(DataTree); }; diff --git a/src/blobstore/implementations/onblocks/datatreestore/impl/CachedValue.cpp b/src/blobstore/implementations/onblocks/datatreestore/impl/CachedValue.cpp new file mode 100644 index 00000000..dfe27f0e --- /dev/null +++ b/src/blobstore/implementations/onblocks/datatreestore/impl/CachedValue.cpp @@ -0,0 +1,2 @@ +#include "CachedValue.h" + diff --git a/src/blobstore/implementations/onblocks/datatreestore/impl/CachedValue.h b/src/blobstore/implementations/onblocks/datatreestore/impl/CachedValue.h new file mode 100644 index 00000000..323db3e2 --- /dev/null +++ b/src/blobstore/implementations/onblocks/datatreestore/impl/CachedValue.h @@ -0,0 +1,46 @@ +#pragma once +#ifndef MESSMER_BLOBSTORE_IMPLEMENTATIONS_ONBLOCKS_IMPL_CACHEDVALUE_H_ +#define MESSMER_BLOBSTORE_IMPLEMENTATIONS_ONBLOCKS_IMPL_CACHEDVALUE_H_ + +#include +#include +#include + +namespace blobstore { +namespace onblocks { + +// TODO Test +template +class CachedValue final { +public: + CachedValue() :_cache(boost::none), _mutex() {} + + T getOrCompute(std::function compute) { + boost::upgrade_lock readLock(_mutex); + if (_cache == boost::none) { + boost::upgrade_to_unique_lock writeLock(readLock); + _cache = compute(); + } + return *_cache; + } + + void update(std::function*)> func) { + boost::unique_lock writeLock(_mutex); + func(&_cache); + } + + void clear() { + update([] (boost::optional* cache) { + *cache = boost::none; + }); + } + +private: + boost::optional _cache; + boost::shared_mutex _mutex; +}; + +} +} + +#endif diff --git a/src/blobstore/implementations/onblocks/datatreestore/impl/LeafTraverser.cpp b/src/blobstore/implementations/onblocks/datatreestore/impl/LeafTraverser.cpp index 8447a4e8..12d0b499 100644 --- a/src/blobstore/implementations/onblocks/datatreestore/impl/LeafTraverser.cpp +++ b/src/blobstore/implementations/onblocks/datatreestore/impl/LeafTraverser.cpp @@ -20,15 +20,15 @@ namespace blobstore { namespace onblocks { namespace datatreestore { - LeafTraverser::LeafTraverser(DataNodeStore *nodeStore) - : _nodeStore(nodeStore) { + LeafTraverser::LeafTraverser(DataNodeStore *nodeStore, bool readOnlyTraversal) + : _nodeStore(nodeStore), _readOnlyTraversal(readOnlyTraversal) { } - unique_ref LeafTraverser::traverseAndReturnRoot(unique_ref root, uint32_t beginIndex, uint32_t endIndex, function onExistingLeaf, function onCreateLeaf, function onBacktrackFromSubtree) { - return _traverseAndReturnRoot(std::move(root), beginIndex, endIndex, true, onExistingLeaf, onCreateLeaf, onBacktrackFromSubtree); + void LeafTraverser::traverseAndUpdateRoot(unique_ref* root, uint32_t beginIndex, uint32_t endIndex, function onExistingLeaf, function onCreateLeaf, function onBacktrackFromSubtree) { + _traverseAndUpdateRoot(root, beginIndex, endIndex, true, onExistingLeaf, onCreateLeaf, onBacktrackFromSubtree); } - unique_ref LeafTraverser::_traverseAndReturnRoot(unique_ref root, uint32_t beginIndex, uint32_t endIndex, bool isLeftBorderOfTraversal, function onExistingLeaf, function onCreateLeaf, function onBacktrackFromSubtree) { + void LeafTraverser::_traverseAndUpdateRoot(unique_ref* root, uint32_t beginIndex, uint32_t endIndex, bool isLeftBorderOfTraversal, function onExistingLeaf, function onCreateLeaf, function onBacktrackFromSubtree) { ASSERT(beginIndex <= endIndex, "Invalid parameters"); //TODO Test cases with numLeaves < / >= beginIndex, ideally test all configurations: @@ -36,11 +36,12 @@ namespace blobstore { // beginIndexdepth()); + uint32_t maxLeavesForDepth = _maxLeavesForTreeDepth((*root)->depth()); bool increaseTreeDepth = endIndex > maxLeavesForDepth; + ASSERT(!_readOnlyTraversal || !increaseTreeDepth, "Tried to grow a tree on a read only traversal"); - if (root->depth() == 0) { - DataLeafNode *leaf = dynamic_cast(root.get()); + if ((*root)->depth() == 0) { + DataLeafNode *leaf = dynamic_cast(root->get()); ASSERT(leaf != nullptr, "Depth 0 has to be leaf node"); if (increaseTreeDepth && leaf->numBytes() != _nodeStore->layout().maxBytesPerLeaf()) { @@ -51,7 +52,7 @@ namespace blobstore { onExistingLeaf(0, isRightBorderLeaf, LeafHandle(_nodeStore, leaf)); } } else { - DataInnerNode *inner = dynamic_cast(root.get()); + DataInnerNode *inner = dynamic_cast(root->get()); ASSERT(inner != nullptr, "Depth != 0 has to be leaf node"); _traverseExistingSubtree(inner, std::min(beginIndex, maxLeavesForDepth), std::min(endIndex, maxLeavesForDepth), 0, isLeftBorderOfTraversal, !increaseTreeDepth, @@ -63,17 +64,21 @@ namespace blobstore { // We don't increase to the full needed tree depth in one step, because we want the traversal to go as far as possible // and only then increase the depth - this causes the tree to be in consistent shape (balanced) for longer. if (increaseTreeDepth) { + ASSERT(!_readOnlyTraversal, "Can't increase tree depth in a read-only traversal"); + // TODO Test cases that increase tree depth by 0, 1, 2, ... levels - auto newRoot = _increaseTreeDepth(std::move(root)); - return _traverseAndReturnRoot(std::move(newRoot), std::max(beginIndex, maxLeavesForDepth), endIndex, false, onExistingLeaf, onCreateLeaf, onBacktrackFromSubtree); + *root = _increaseTreeDepth(std::move(*root)); + _traverseAndUpdateRoot(root, std::max(beginIndex, maxLeavesForDepth), endIndex, false, onExistingLeaf, onCreateLeaf, onBacktrackFromSubtree); } else { // Once we're done growing the tree and done with the traversal, we might have to decrease tree depth, // because the callbacks could have deleted nodes (this happens for example when shrinking the tree using a traversal). - return _whileRootHasOnlyOneChildReplaceRootWithItsChild(std::move(root)); + _whileRootHasOnlyOneChildReplaceRootWithItsChild(root); } } unique_ref LeafTraverser::_increaseTreeDepth(unique_ref root) { + ASSERT(!_readOnlyTraversal, "Can't increase tree depth in a read-only traversal"); + auto copyOfOldRoot = _nodeStore->createNewNodeAsCopyFrom(*root); return DataNode::convertToNewInnerNode(std::move(root), _nodeStore->layout(), *copyOfOldRoot); } @@ -85,6 +90,7 @@ namespace blobstore { LeafHandle leafHandle(_nodeStore, blockId); if (growLastLeaf) { if (leafHandle.node()->numBytes() != _nodeStore->layout().maxBytesPerLeaf()) { + ASSERT(!_readOnlyTraversal, "Can't grow the last leaf in a read-only traversal"); leafHandle.node()->resize(_nodeStore->layout().maxBytesPerLeaf()); } } @@ -116,6 +122,7 @@ namespace blobstore { ASSERT(endChild <= _nodeStore->layout().maxChildrenPerInnerNode(), "Traversal region would need increasing the tree depth. This should have happened before calling this function."); uint32_t numChildren = root->numChildren(); ASSERT(!growLastLeaf || endChild >= numChildren, "Can only grow last leaf if it exists"); + ASSERT(!_readOnlyTraversal || endChild <= numChildren, "Can only traverse out of bounds in a read-only traversal"); bool shouldGrowLastExistingLeaf = growLastLeaf || endChild > numChildren; // If we traverse outside of the valid region (i.e. usually would only traverse to new leaves and not to the last leaf), @@ -146,6 +153,8 @@ namespace blobstore { // Traverse new children (including gap children, i.e. children that are created but not traversed because they're to the right of the current size, but to the left of the traversal region) for (uint32_t childIndex = numChildren; childIndex < endChild; ++childIndex) { + ASSERT(!_readOnlyTraversal, "Can't create new children in a read-only traversal"); + uint32_t childOffset = childIndex * leavesPerChild; uint32_t localBeginIndex = std::min(leavesPerChild, utils::maxZeroSubtraction(beginIndex, childOffset)); uint32_t localEndIndex = std::min(leavesPerChild, endIndex - childOffset); @@ -161,6 +170,8 @@ namespace blobstore { } unique_ref LeafTraverser::_createNewSubtree(uint32_t beginIndex, uint32_t endIndex, uint32_t leafOffset, uint8_t depth, function onCreateLeaf, function onBacktrackFromSubtree) { + ASSERT(!_readOnlyTraversal, "Can't create a new subtree in a read-only traversal"); + ASSERT(beginIndex <= endIndex, "Invalid parameters"); if (0 == depth) { ASSERT(beginIndex <= 1 && endIndex == 1, "With depth 0, we can only traverse one or zero leaves (i.e. traverse one leaf or traverse a gap leaf)."); @@ -212,25 +223,28 @@ namespace blobstore { } function LeafTraverser::_createMaxSizeLeaf() const { + ASSERT(!_readOnlyTraversal, "Can't create a new leaf in a read-only traversal"); + uint64_t maxBytesPerLeaf = _nodeStore->layout().maxBytesPerLeaf(); return [maxBytesPerLeaf] (uint32_t /*index*/) -> Data { return Data(maxBytesPerLeaf).FillWithZeroes(); }; } - unique_ref LeafTraverser::_whileRootHasOnlyOneChildReplaceRootWithItsChild(unique_ref root) { - DataInnerNode *inner = dynamic_cast(root.get()); + void LeafTraverser::_whileRootHasOnlyOneChildReplaceRootWithItsChild(unique_ref* root) { + DataInnerNode *inner = dynamic_cast(root->get()); if (inner != nullptr && inner->numChildren() == 1) { + ASSERT(!_readOnlyTraversal, "Can't decrease tree depth in a read-only traversal"); + auto newRoot = _whileRootHasOnlyOneChildRemoveRootReturnChild(inner->readChild(0).blockId()); - auto result = _nodeStore->overwriteNodeWith(std::move(root), *newRoot); + *root = _nodeStore->overwriteNodeWith(std::move(*root), *newRoot); _nodeStore->remove(std::move(newRoot)); - return result; - } else { - return root; } } unique_ref LeafTraverser::_whileRootHasOnlyOneChildRemoveRootReturnChild(const blockstore::BlockId &blockId) { + ASSERT(!_readOnlyTraversal, "Can't decrease tree depth in a read-only traversal"); + auto current = _nodeStore->load(blockId); ASSERT(current != none, "Node not found"); auto inner = dynamic_pointer_move(*current); diff --git a/src/blobstore/implementations/onblocks/datatreestore/impl/LeafTraverser.h b/src/blobstore/implementations/onblocks/datatreestore/impl/LeafTraverser.h index 4eb42864..1039c00e 100644 --- a/src/blobstore/implementations/onblocks/datatreestore/impl/LeafTraverser.h +++ b/src/blobstore/implementations/onblocks/datatreestore/impl/LeafTraverser.h @@ -25,19 +25,20 @@ namespace blobstore { */ class LeafTraverser final { public: - LeafTraverser(datanodestore::DataNodeStore *nodeStore); + LeafTraverser(datanodestore::DataNodeStore *nodeStore, bool readOnlyTraversal); - cpputils::unique_ref traverseAndReturnRoot( - cpputils::unique_ref root, uint32_t beginIndex, uint32_t endIndex, + void traverseAndUpdateRoot( + cpputils::unique_ref* root, uint32_t beginIndex, uint32_t endIndex, std::function onExistingLeaf, std::function onCreateLeaf, std::function onBacktrackFromSubtree); private: datanodestore::DataNodeStore *_nodeStore; + const bool _readOnlyTraversal; - cpputils::unique_ref _traverseAndReturnRoot( - cpputils::unique_ref root, uint32_t beginIndex, uint32_t endIndex, bool isLeftBorderOfTraversal, + void _traverseAndUpdateRoot( + cpputils::unique_ref* root, uint32_t beginIndex, uint32_t endIndex, bool isLeftBorderOfTraversal, std::function onExistingLeaf, std::function onCreateLeaf, std::function onBacktrackFromSubtree); @@ -55,7 +56,7 @@ namespace blobstore { std::function onBacktrackFromSubtree); uint32_t _maxLeavesForTreeDepth(uint8_t depth) const; std::function _createMaxSizeLeaf() const; - cpputils::unique_ref _whileRootHasOnlyOneChildReplaceRootWithItsChild(cpputils::unique_ref root); + void _whileRootHasOnlyOneChildReplaceRootWithItsChild(cpputils::unique_ref* root); cpputils::unique_ref _whileRootHasOnlyOneChildRemoveRootReturnChild(const blockstore::BlockId &blockId); DISALLOW_COPY_AND_ASSIGN(LeafTraverser); diff --git a/src/blobstore/implementations/onblocks/parallelaccessdatatreestore/DataTreeRef.h b/src/blobstore/implementations/onblocks/parallelaccessdatatreestore/DataTreeRef.h index aedb209a..b6e8b1ea 100644 --- a/src/blobstore/implementations/onblocks/parallelaccessdatatreestore/DataTreeRef.h +++ b/src/blobstore/implementations/onblocks/parallelaccessdatatreestore/DataTreeRef.h @@ -22,10 +22,6 @@ public: return _baseTree->maxBytesPerLeaf(); } - void traverseLeaves(uint32_t beginIndex, uint32_t endIndex, std::function onExistingLeaf, std::function onCreateLeaf) { - return _baseTree->traverseLeaves(beginIndex, endIndex, onExistingLeaf, onCreateLeaf); - } - uint32_t numLeaves() const { return _baseTree->numLeaves(); } @@ -34,8 +30,24 @@ public: return _baseTree->resizeNumBytes(newNumBytes); } - uint64_t numStoredBytes() const { - return _baseTree->numStoredBytes(); + uint64_t numBytes() const { + return _baseTree->numBytes(); + } + + uint64_t tryReadBytes(void *target, uint64_t offset, uint64_t count) const { + return _baseTree->tryReadBytes(target, offset, count); + } + + void readBytes(void *target, uint64_t offset, uint64_t count) const { + return _baseTree->readBytes(target, offset, count); + } + + cpputils::Data readAllBytes() const { + return _baseTree->readAllBytes(); + } + + void writeBytes(const void *source, uint64_t offset, uint64_t count) { + return _baseTree->writeBytes(source, offset, count); } void flush() { diff --git a/src/blockstore/implementations/caching/CachingBlockStore2.cpp b/src/blockstore/implementations/caching/CachingBlockStore2.cpp index e9e9733c..b7437364 100644 --- a/src/blockstore/implementations/caching/CachingBlockStore2.cpp +++ b/src/blockstore/implementations/caching/CachingBlockStore2.cpp @@ -45,7 +45,7 @@ void CachingBlockStore2::CachedBlock::write(Data data) { } CachingBlockStore2::CachingBlockStore2(cpputils::unique_ref baseBlockStore) -: _baseBlockStore(std::move(baseBlockStore)), _cachedBlocksNotInBaseStoreMutex(), _cachedBlocksNotInBaseStore(), _cache() { +: _baseBlockStore(std::move(baseBlockStore)), _cachedBlocksNotInBaseStoreMutex(), _cachedBlocksNotInBaseStore(), _cache("blockstore") { } bool CachingBlockStore2::tryCreate(const BlockId &blockId, const Data &data) { diff --git a/src/blockstore/implementations/caching/cache/Cache.h b/src/blockstore/implementations/caching/cache/Cache.h index 588aa3b4..eb00dfa3 100644 --- a/src/blockstore/implementations/caching/cache/Cache.h +++ b/src/blockstore/implementations/caching/cache/Cache.h @@ -24,7 +24,7 @@ public: static constexpr double PURGE_INTERVAL = 0.5; // With this interval, we check for entries to purge static constexpr double MAX_LIFETIME_SEC = PURGE_LIFETIME_SEC + PURGE_INTERVAL; // This is the oldest age an entry can reach (given purging works in an ideal world, i.e. with the ideal interval and in zero time) - Cache(); + Cache(const std::string& cacheName); ~Cache(); uint32_t size() const; @@ -56,10 +56,10 @@ template constexpr double Cache constexpr double Cache::MAX_LIFETIME_SEC; template -Cache::Cache(): _mutex(), _currentlyFlushingEntries(), _cachedBlocks(), _timeoutFlusher(nullptr) { +Cache::Cache(const std::string& cacheName): _mutex(), _currentlyFlushingEntries(), _cachedBlocks(), _timeoutFlusher(nullptr) { //Don't initialize timeoutFlusher in the initializer list, //because it then might already call Cache::popOldEntries() before Cache is done constructing. - _timeoutFlusher = std::make_unique(std::bind(&Cache::_deleteOldEntriesParallel, this), PURGE_INTERVAL); + _timeoutFlusher = std::make_unique(std::bind(&Cache::_deleteOldEntriesParallel, this), PURGE_INTERVAL, "flush_" + cacheName); } template diff --git a/src/blockstore/implementations/caching/cache/PeriodicTask.cpp b/src/blockstore/implementations/caching/cache/PeriodicTask.cpp index 9145111f..ce4d68a9 100644 --- a/src/blockstore/implementations/caching/cache/PeriodicTask.cpp +++ b/src/blockstore/implementations/caching/cache/PeriodicTask.cpp @@ -7,10 +7,10 @@ using namespace cpputils::logging; namespace blockstore { namespace caching { -PeriodicTask::PeriodicTask(function task, double intervalSec) : +PeriodicTask::PeriodicTask(function task, double intervalSec, std::string threadName) : _task(task), _interval(static_cast(UINT64_C(1000000000) * intervalSec)), - _thread(std::bind(&PeriodicTask::_loopIteration, this)) { + _thread(std::bind(&PeriodicTask::_loopIteration, this), std::move(threadName)) { _thread.start(); } diff --git a/src/blockstore/implementations/caching/cache/PeriodicTask.h b/src/blockstore/implementations/caching/cache/PeriodicTask.h index 7663e293..eecdefce 100644 --- a/src/blockstore/implementations/caching/cache/PeriodicTask.h +++ b/src/blockstore/implementations/caching/cache/PeriodicTask.h @@ -11,7 +11,7 @@ namespace caching { class PeriodicTask final { public: - PeriodicTask(std::function task, double intervalSec); + PeriodicTask(std::function task, double intervalSec, std::string threadName); private: bool _loopIteration(); diff --git a/src/cpp-utils/CMakeLists.txt b/src/cpp-utils/CMakeLists.txt index 07ca7416..2d5db214 100644 --- a/src/cpp-utils/CMakeLists.txt +++ b/src/cpp-utils/CMakeLists.txt @@ -24,6 +24,8 @@ set(SOURCES io/pipestream.cpp thread/LoopThread.cpp thread/ThreadSystem.cpp + thread/debugging_nonwindows.cpp + thread/debugging_windows.cpp random/Random.cpp random/RandomGeneratorThread.cpp random/OSRandomGenerator.cpp diff --git a/src/cpp-utils/random/RandomGeneratorThread.cpp b/src/cpp-utils/random/RandomGeneratorThread.cpp index 418f7124..8d436dd5 100644 --- a/src/cpp-utils/random/RandomGeneratorThread.cpp +++ b/src/cpp-utils/random/RandomGeneratorThread.cpp @@ -8,7 +8,7 @@ namespace cpputils { _buffer(buffer), _minSize(minSize), _maxSize(maxSize), - _thread(std::bind(&RandomGeneratorThread::_loopIteration, this)) { + _thread(std::bind(&RandomGeneratorThread::_loopIteration, this), "RandomGeneratorThread") { ASSERT(_maxSize >= _minSize, "Invalid parameters"); } diff --git a/src/cpp-utils/system/path.h b/src/cpp-utils/system/path.h new file mode 100644 index 00000000..bac7692b --- /dev/null +++ b/src/cpp-utils/system/path.h @@ -0,0 +1,26 @@ +#pragma once +#ifndef MESSMER_CPPUTILS_SYSTEM_PATH_H +#define MESSMER_CPPUTILS_SYSTEM_PATH_H + +#include +#include + +namespace cpputils { + +#if defined(_MSC_VER) + +inline bool path_is_just_drive_letter(const boost::filesystem::path& path) { + return path.has_root_path() && !path.has_root_directory() && !path.has_parent_path(); +} + +#else + +inline constexpr bool path_is_just_drive_letter(const boost::filesystem::path& /*path*/) { + return false; +} + +#endif + +} + +#endif diff --git a/src/cpp-utils/thread/LoopThread.cpp b/src/cpp-utils/thread/LoopThread.cpp index 12489433..31227938 100644 --- a/src/cpp-utils/thread/LoopThread.cpp +++ b/src/cpp-utils/thread/LoopThread.cpp @@ -6,7 +6,8 @@ using boost::none; namespace cpputils { - LoopThread::LoopThread(function loopIteration): _loopIteration(std::move(loopIteration)), _runningHandle(none) { + LoopThread::LoopThread(function loopIteration, std::string threadName) + : _loopIteration(std::move(loopIteration)), _runningHandle(none), _threadName(std::move(threadName)) { } LoopThread::~LoopThread() { @@ -16,7 +17,7 @@ namespace cpputils { } void LoopThread::start() { - _runningHandle = ThreadSystem::singleton().start(_loopIteration); + _runningHandle = ThreadSystem::singleton().start(_loopIteration, _threadName); } void LoopThread::stop() { diff --git a/src/cpp-utils/thread/LoopThread.h b/src/cpp-utils/thread/LoopThread.h index a0cad1a9..ca4cefe1 100644 --- a/src/cpp-utils/thread/LoopThread.h +++ b/src/cpp-utils/thread/LoopThread.h @@ -14,7 +14,7 @@ namespace cpputils { class LoopThread final { public: // The loopIteration callback returns true, if more iterations should be run, and false, if the thread should be terminated. - LoopThread(std::function loopIteration); + LoopThread(std::function loopIteration, std::string threadName); ~LoopThread(); void start(); void stop(); @@ -22,6 +22,7 @@ namespace cpputils { private: std::function _loopIteration; boost::optional _runningHandle; + std::string _threadName; DISALLOW_COPY_AND_ASSIGN(LoopThread); }; diff --git a/src/cpp-utils/thread/ThreadSystem.cpp b/src/cpp-utils/thread/ThreadSystem.cpp index 4451a668..dc5a62a6 100644 --- a/src/cpp-utils/thread/ThreadSystem.cpp +++ b/src/cpp-utils/thread/ThreadSystem.cpp @@ -1,7 +1,9 @@ #include "ThreadSystem.h" #include "../logging/logging.h" +#include "debugging.h" using std::function; +using std::string; using namespace cpputils::logging; namespace cpputils { @@ -21,10 +23,10 @@ namespace cpputils { #endif } - ThreadSystem::Handle ThreadSystem::start(function loopIteration) { + ThreadSystem::Handle ThreadSystem::start(function loopIteration, string threadName) { boost::unique_lock lock(_mutex); - auto thread = _startThread(loopIteration); - _runningThreads.push_back(RunningThread{std::move(loopIteration), std::move(thread)}); + auto thread = _startThread(loopIteration, threadName); + _runningThreads.push_back(RunningThread{std::move(threadName), std::move(loopIteration), std::move(thread)}); return std::prev(_runningThreads.end()); } @@ -59,13 +61,14 @@ namespace cpputils { void ThreadSystem::_restartAllThreads() { for (RunningThread &thread : _runningThreads) { - thread.thread = _startThread(thread.loopIteration); + thread.thread = _startThread(thread.loopIteration, thread.threadName); } _mutex.unlock(); // Was locked in the before-fork handler } - boost::thread ThreadSystem::_startThread(function loopIteration) { - return boost::thread([loopIteration = std::move(loopIteration)] { + boost::thread ThreadSystem::_startThread(function loopIteration, const string& threadName) { + return boost::thread([loopIteration = std::move(loopIteration), threadName] { + cpputils::set_thread_name(threadName.c_str()); ThreadSystem::_runThread(loopIteration); }); } diff --git a/src/cpp-utils/thread/ThreadSystem.h b/src/cpp-utils/thread/ThreadSystem.h index b9a7b419..796a84d6 100644 --- a/src/cpp-utils/thread/ThreadSystem.h +++ b/src/cpp-utils/thread/ThreadSystem.h @@ -13,6 +13,7 @@ namespace cpputils { class ThreadSystem final { private: struct RunningThread { + std::string threadName; std::function loopIteration; // The loopIteration callback returns true, if more iterations should be run, and false, if the thread should be terminated. boost::thread thread; // boost::thread because we need it to be interruptible. }; @@ -21,7 +22,7 @@ namespace cpputils { static ThreadSystem &singleton(); - Handle start(std::function loopIteration); + Handle start(std::function loopIteration, std::string threadName); void stop(Handle handle); private: @@ -34,7 +35,7 @@ namespace cpputils { //TODO Rename to _doOnBeforeFork and _doAfterFork or similar, because they also handle locking _mutex for fork(). void _stopAllThreadsForRestart(); void _restartAllThreads(); - boost::thread _startThread(std::function loopIteration); + boost::thread _startThread(std::function loopIteration, const std::string& threadName); std::list _runningThreads; // std::list, because we give out iterators as handles boost::mutex _mutex; diff --git a/src/cpp-utils/thread/debugging.h b/src/cpp-utils/thread/debugging.h new file mode 100644 index 00000000..9965649c --- /dev/null +++ b/src/cpp-utils/thread/debugging.h @@ -0,0 +1,16 @@ +#pragma once +#ifndef MESSMER_CPPUTILS_DEBUGGING_H +#define MESSMER_CPPUTILS_DEBUGGING_H + +#include +#include + +namespace cpputils { + +void set_thread_name(const char* name); +std::string get_thread_name(); +std::string get_thread_name(std::thread* thread); + +} + +#endif diff --git a/src/cpp-utils/thread/debugging_nonwindows.cpp b/src/cpp-utils/thread/debugging_nonwindows.cpp new file mode 100644 index 00000000..3ed543ff --- /dev/null +++ b/src/cpp-utils/thread/debugging_nonwindows.cpp @@ -0,0 +1,55 @@ +#if !defined(_MSC_VER) + +#include "debugging.h" +#include +#include +#include +#include + +namespace cpputils { + +namespace { +constexpr size_t MAX_NAME_LEN = 16; // this length includes the terminating null character at the end +} + +void set_thread_name(const char* name) { + std::string name_(name); + if (name_.size() > MAX_NAME_LEN - 1) { + name_.resize(MAX_NAME_LEN - 1); + } +#if defined(__APPLE__) + int result = pthread_setname_np(name_.c_str()); +#else + int result = pthread_setname_np(pthread_self(), name_.c_str()); +#endif + if (0 != result) { + throw std::runtime_error("Error setting thread name with pthread_setname_np. Code: " + std::to_string(result)); + } +} + +namespace { +std::string get_thread_name(pthread_t thread) { + char name[MAX_NAME_LEN]; + int result = pthread_getname_np(thread, name, MAX_NAME_LEN); + if (0 != result) { + throw std::runtime_error("Error getting thread name with pthread_getname_np. Code: " + std::to_string(result)); + } + // pthread_getname_np returns a null terminated string with maximum 16 bytes. + // but just to be safe against a buggy implementation, let's set the last byte to zero. + name[MAX_NAME_LEN - 1] = '\0'; + return name; +} +} + +std::string get_thread_name() { + return get_thread_name(pthread_self()); +} + +std::string get_thread_name(std::thread* thread) { + ASSERT(thread->joinable(), "Thread not running"); + return get_thread_name(thread->native_handle()); +} + +} + +#endif diff --git a/src/cpp-utils/thread/debugging_windows.cpp b/src/cpp-utils/thread/debugging_windows.cpp new file mode 100644 index 00000000..4033b638 --- /dev/null +++ b/src/cpp-utils/thread/debugging_windows.cpp @@ -0,0 +1,111 @@ +#if defined(_MSC_VER) + +#include +#include "debugging.h" +#include +#include + +using std::string; +using std::wstring; +using std::wstring_convert; + +namespace cpputils { + +namespace { +struct NameData final { + wchar_t *name = nullptr; + + ~NameData() { + if (nullptr != LocalFree(name)) { + throw std::runtime_error("Error releasing thread description memory. Error code: " + std::to_string(GetLastError())); + } + } +}; + +struct ModuleHandle final { + HMODULE module; + + ModuleHandle(const char* dll) { + bool success = GetModuleHandleExA(0, dll, &module); + if (!success) { + throw std::runtime_error(string() + "Error loading dll: " + dll + ". Error code: " + std::to_string(GetLastError())); + } + } + + ~ModuleHandle() { + bool success = FreeLibrary(module); + if (!success) { + throw std::runtime_error("Error unloading dll. Error code: " + std::to_string(GetLastError())); + } + } +}; +template +class APIFunction final { +private: + ModuleHandle module_; + Fn func_; + +public: + APIFunction(const char* dll, const char* function) + : module_(dll), func_(reinterpret_cast(GetProcAddress(module_.module, function))) { + } + + bool valid() const { + return func_ != nullptr; + } + + Fn func() const { + return func_; + } +}; + +std::string get_thread_name(HANDLE thread) { + // The GetThreadDescription API was brought in version 1607 of Windows 10. + typedef HRESULT(WINAPI* GetThreadDescriptionFn)(HANDLE hThread, PWSTR* ppszThreadDescription); + static APIFunction get_thread_description_func("Kernel32.dll", "GetThreadDescription"); + + if (get_thread_description_func.valid()) { + NameData name_data; + + HRESULT status = get_thread_description_func.func()(thread, &name_data.name); + if (FAILED(status)) { + throw std::runtime_error("Error getting thread description. Error code: " + std::to_string(status)); + } + return wstring_convert>().to_bytes(name_data.name); + } + else { + // GetThreadDescription API is not available. + return ""; + } +} +} + +void set_thread_name(const char* name) { + // The GetThreadDescription API was brought in version 1607 of Windows 10. + typedef HRESULT(WINAPI* SetThreadDescriptionFn)(HANDLE hThread, PCWSTR lpThreadDescription); + static APIFunction set_thread_description_func("Kernel32.dll", "SetThreadDescription"); + + if (set_thread_description_func.valid()) { + wstring wname = wstring_convert>().from_bytes(name); + HRESULT status = set_thread_description_func.func()(GetCurrentThread(), wname.c_str()); + if (FAILED(status)) { + throw std::runtime_error("Error setting thread description. Error code: " + std::to_string(status)); + } + } + else { + // intentionally empty. SetThreadDescription API is not available. + } +} + +std::string get_thread_name() { + return get_thread_name(GetCurrentThread()); +} + +std::string get_thread_name(std::thread* thread) { + ASSERT(thread->joinable(), "Thread not running"); + return get_thread_name(static_cast(thread->native_handle())); +} + +} + +#endif diff --git a/src/cryfs-cli/CallAfterTimeout.h b/src/cryfs-cli/CallAfterTimeout.h index afab392e..6052a38c 100644 --- a/src/cryfs-cli/CallAfterTimeout.h +++ b/src/cryfs-cli/CallAfterTimeout.h @@ -1,15 +1,15 @@ #pragma once -#ifndef MESSMER_CRYFS_SRC_CLI_CALLAFTERTIMEOUT_H -#define MESSMER_CRYFS_SRC_CLI_CALLAFTERTIMEOUT_H +#ifndef MESSMER_CRYFSCLI_CALLAFTERTIMEOUT_H +#define MESSMER_CRYFSCLI_CALLAFTERTIMEOUT_H #include #include #include -namespace cryfs { +namespace cryfs_cli { class CallAfterTimeout final { public: - CallAfterTimeout(boost::chrono::milliseconds timeout, std::function callback); + CallAfterTimeout(boost::chrono::milliseconds timeout, std::function callback, const std::string& timeoutName); void resetTimer(); private: bool _checkTimeoutThreadIteration(); @@ -25,8 +25,8 @@ namespace cryfs { DISALLOW_COPY_AND_ASSIGN(CallAfterTimeout); }; - inline CallAfterTimeout::CallAfterTimeout(boost::chrono::milliseconds timeout, std::function callback) - :_callback(std::move(callback)), _timeout(timeout), _start(), _checkTimeoutThread(std::bind(&CallAfterTimeout::_checkTimeoutThreadIteration, this)) { + inline CallAfterTimeout::CallAfterTimeout(boost::chrono::milliseconds timeout, std::function callback, const std::string& timeoutName) + :_callback(std::move(callback)), _timeout(timeout), _start(), _checkTimeoutThread(std::bind(&CallAfterTimeout::_checkTimeoutThreadIteration, this), "timeout_" + timeoutName) { resetTimer(); _checkTimeoutThread.start(); } diff --git a/src/cryfs-cli/Cli.cpp b/src/cryfs-cli/Cli.cpp index be5733bf..73e5642b 100644 --- a/src/cryfs-cli/Cli.cpp +++ b/src/cryfs-cli/Cli.cpp @@ -26,10 +26,12 @@ #include #include "Environment.h" #include +#include //TODO Many functions accessing the ProgramOptions object. Factor out into class that stores it as a member. //TODO Factor out class handling askPassword +using namespace cryfs_cli; using namespace cryfs; namespace bf = boost::filesystem; using namespace cpputils::logging; @@ -66,7 +68,7 @@ using gitversion::VersionCompare; //TODO Replace ASSERTs with other error handling when it is not a programming error but an environment influence (e.g. a block is missing) //TODO Can we improve performance by setting compiler parameter -maes for scrypt? -namespace cryfs { +namespace cryfs_cli { Cli::Cli(RandomGenerator &keyGenerator, const SCryptSettings &scryptSettings, shared_ptr console): _keyGenerator(keyGenerator), _scryptSettings(scryptSettings), _console(), _noninteractive(false), _idleUnmounter(none), _device(none) { @@ -262,12 +264,9 @@ namespace cryfs { _initLogfile(options); -#ifdef __APPLE__ - std::cout << "\nMounting filesystem. To unmount, call:\n$ umount " << options.mountDir() << "\n" << std::endl; -#else - std::cout << "\nMounting filesystem. To unmount, call:\n$ fusermount -u " << options.mountDir() << "\n" - << std::endl; -#endif + std::cout << "\nMounting filesystem. To unmount, call:\n$ cryfs-unmount " << options.mountDir() << "\n" + << std::endl; + if (options.foreground()) { fuse->runInForeground(options.mountDir(), options.fuseOptions()); } else { @@ -304,7 +303,7 @@ namespace cryfs { return none; } uint64_t millis = std::llround(60000 * (*minutes)); - return make_unique_ref(milliseconds(millis), callback); + return make_unique_ref(milliseconds(millis), callback, "idlecallback"); } void Cli::_initLogfile(const ProgramOptions &options) { @@ -320,10 +319,17 @@ namespace cryfs { } } - void Cli::_sanityChecks(const ProgramOptions &options) { - _checkDirAccessible(options.baseDir(), "base directory", ErrorCode::InaccessibleBaseDir); - _checkDirAccessible(options.mountDir(), "mount directory", ErrorCode::InaccessibleMountDir); - _checkMountdirDoesntContainBasedir(options); + void Cli::_sanityChecks(const ProgramOptions &options) { + _checkDirAccessible(bf::absolute(options.baseDir()), "base directory", ErrorCode::InaccessibleBaseDir); + + if (!options.mountDirIsDriveLetter()) { + _checkDirAccessible(options.mountDir(), "mount directory", ErrorCode::InaccessibleMountDir); + _checkMountdirDoesntContainBasedir(options); + } else { + if (bf::exists(options.mountDir())) { + throw CryfsException("Drive " + options.mountDir().string() + " already exists.", ErrorCode::InaccessibleMountDir); + } + } } void Cli::_checkDirAccessible(const bf::path &dir, const std::string &name, ErrorCode errorCode) { @@ -396,6 +402,7 @@ namespace cryfs { int Cli::main(int argc, const char *argv[], unique_ref httpClient, std::function onMounted) { cpputils::showBacktraceOnCrash(); + cpputils::set_thread_name("cryfs"); try { _showVersion(std::move(httpClient)); diff --git a/src/cryfs-cli/Cli.h b/src/cryfs-cli/Cli.h index 0195a967..bdffaa54 100644 --- a/src/cryfs-cli/Cli.h +++ b/src/cryfs-cli/Cli.h @@ -1,6 +1,6 @@ #pragma once -#ifndef MESSMER_CRYFS_CLI_H -#define MESSMER_CRYFS_CLI_H +#ifndef MESSMER_CRYFSCLI_CLI_H +#define MESSMER_CRYFSCLI_CLI_H #include "program_options/ProgramOptions.h" #include @@ -14,7 +14,7 @@ #include #include -namespace cryfs { +namespace cryfs_cli { class Cli final { public: Cli(cpputils::RandomGenerator &keyGenerator, const cpputils::SCryptSettings& scryptSettings, std::shared_ptr console); @@ -23,9 +23,9 @@ namespace cryfs { private: void _checkForUpdates(cpputils::unique_ref httpClient); void _runFilesystem(const program_options::ProgramOptions &options, std::function onMounted); - CryConfigLoader::ConfigLoadResult _loadOrCreateConfig(const program_options::ProgramOptions &options, const LocalStateDir& localStateDir); - void _checkConfigIntegrity(const boost::filesystem::path& basedir, const LocalStateDir& localStateDir, const CryConfigFile& config, bool allowReplacedFilesystem); - boost::optional _loadOrCreateConfigFile(boost::filesystem::path configFilePath, LocalStateDir localStateDir, const boost::optional &cipher, const boost::optional &blocksizeBytes, bool allowFilesystemUpgrade, const boost::optional &missingBlockIsIntegrityViolation, bool allowReplacedFilesystem); + cryfs::CryConfigLoader::ConfigLoadResult _loadOrCreateConfig(const program_options::ProgramOptions &options, const cryfs::LocalStateDir& localStateDir); + void _checkConfigIntegrity(const boost::filesystem::path& basedir, const cryfs::LocalStateDir& localStateDir, const cryfs::CryConfigFile& config, bool allowReplacedFilesystem); + boost::optional _loadOrCreateConfigFile(boost::filesystem::path configFilePath, cryfs::LocalStateDir localStateDir, const boost::optional &cipher, const boost::optional &blocksizeBytes, bool allowFilesystemUpgrade, const boost::optional &missingBlockIsIntegrityViolation, bool allowReplacedFilesystem); boost::filesystem::path _determineConfigFile(const program_options::ProgramOptions &options); static std::function _askPasswordForExistingFilesystem(std::shared_ptr console); static std::function _askPasswordForNewFilesystem(std::shared_ptr console); @@ -37,11 +37,11 @@ namespace cryfs { void _sanityChecks(const program_options::ProgramOptions &options); void _checkMountdirDoesntContainBasedir(const program_options::ProgramOptions &options); bool _pathContains(const boost::filesystem::path &parent, const boost::filesystem::path &child); - void _checkDirAccessible(const boost::filesystem::path &dir, const std::string &name, ErrorCode errorCode); - std::shared_ptr _checkDirWriteable(const boost::filesystem::path &dir, const std::string &name, ErrorCode errorCode); - void _checkDirReadable(const boost::filesystem::path &dir, std::shared_ptr tempfile, const std::string &name, ErrorCode errorCode); + void _checkDirAccessible(const boost::filesystem::path &dir, const std::string &name, cryfs::ErrorCode errorCode); + std::shared_ptr _checkDirWriteable(const boost::filesystem::path &dir, const std::string &name, cryfs::ErrorCode errorCode); + void _checkDirReadable(const boost::filesystem::path &dir, std::shared_ptr tempfile, const std::string &name, cryfs::ErrorCode errorCode); boost::optional> _createIdleCallback(boost::optional minutes, std::function callback); - void _sanityCheckFilesystem(CryDevice *device); + void _sanityCheckFilesystem(cryfs::CryDevice *device); cpputils::RandomGenerator &_keyGenerator; @@ -49,7 +49,7 @@ namespace cryfs { std::shared_ptr _console; bool _noninteractive; boost::optional> _idleUnmounter; - boost::optional> _device; + boost::optional> _device; DISALLOW_COPY_AND_ASSIGN(Cli); }; diff --git a/src/cryfs-cli/Environment.cpp b/src/cryfs-cli/Environment.cpp index 7a41079b..e3d3d33a 100644 --- a/src/cryfs-cli/Environment.cpp +++ b/src/cryfs-cli/Environment.cpp @@ -6,7 +6,7 @@ using std::string; namespace bf = boost::filesystem; -namespace cryfs { +namespace cryfs_cli { const string Environment::FRONTEND_KEY = "CRYFS_FRONTEND"; const string Environment::FRONTEND_NONINTERACTIVE = "noninteractive"; const string Environment::NOUPDATECHECK_KEY = "CRYFS_NO_UPDATE_CHECK"; diff --git a/src/cryfs-cli/Environment.h b/src/cryfs-cli/Environment.h index 506d9877..47ec79e8 100644 --- a/src/cryfs-cli/Environment.h +++ b/src/cryfs-cli/Environment.h @@ -1,11 +1,11 @@ #pragma once -#ifndef MESSMER_CRYFS_CLI_ENVIRONMENT_H -#define MESSMER_CRYFS_CLI_ENVIRONMENT_H +#ifndef MESSMER_CRYFSCLI_ENVIRONMENT_H +#define MESSMER_CRYFSCLI_ENVIRONMENT_H #include #include -namespace cryfs { +namespace cryfs_cli { class Environment { public: diff --git a/src/cryfs-cli/VersionChecker.cpp b/src/cryfs-cli/VersionChecker.cpp index f51d1101..ddfbc2d8 100644 --- a/src/cryfs-cli/VersionChecker.cpp +++ b/src/cryfs-cli/VersionChecker.cpp @@ -13,7 +13,7 @@ using boost::property_tree::ptree; using boost::property_tree::json_parser_error; using namespace cpputils::logging; -namespace cryfs { +namespace cryfs_cli { VersionChecker::VersionChecker(HttpClient* httpClient) : _versionInfo(_getVersionInfo(httpClient)) {} diff --git a/src/cryfs-cli/VersionChecker.h b/src/cryfs-cli/VersionChecker.h index bc1e54a9..32950714 100644 --- a/src/cryfs-cli/VersionChecker.h +++ b/src/cryfs-cli/VersionChecker.h @@ -1,5 +1,5 @@ -#ifndef MESSMER_CRYFS_SRC_CLI_VERSIONCHECKER_H -#define MESSMER_CRYFS_SRC_CLI_VERSIONCHECKER_H +#ifndef MESSMER_CRYFSCLI_VERSIONCHECKER_H +#define MESSMER_CRYFSCLI_VERSIONCHECKER_H #include #include @@ -8,7 +8,7 @@ #include #include -namespace cryfs { +namespace cryfs_cli { class VersionChecker final { public: //TODO Write a cpputils::shared_ref and use it diff --git a/src/cryfs-cli/main.cpp b/src/cryfs-cli/main.cpp index d5831aea..6c22adfa 100644 --- a/src/cryfs-cli/main.cpp +++ b/src/cryfs-cli/main.cpp @@ -10,7 +10,7 @@ #include #endif -using namespace cryfs; +using namespace cryfs_cli; using cpputils::Random; using cpputils::SCrypt; using cpputils::IOStreamConsole; @@ -35,13 +35,13 @@ int main(int argc, const char *argv[]) { #endif return Cli(keyGenerator, SCrypt::DefaultSettings, make_shared()) .main(argc, argv, std::move(httpClient), []{}); - } catch (const CryfsException &e) { + } catch (const cryfs::CryfsException &e) { if (e.what() != string()) { std::cerr << "Error: " << e.what() << std::endl; } return exitCode(e.errorCode()); } catch (const std::exception &e) { cerr << "Error: " << e.what(); - return exitCode(ErrorCode::UnspecifiedError); + return exitCode(cryfs::ErrorCode::UnspecifiedError); } } diff --git a/src/cryfs-cli/program_options/Parser.cpp b/src/cryfs-cli/program_options/Parser.cpp index a7298393..019245d7 100644 --- a/src/cryfs-cli/program_options/Parser.cpp +++ b/src/cryfs-cli/program_options/Parser.cpp @@ -8,7 +8,7 @@ namespace po = boost::program_options; namespace bf = boost::filesystem; -using namespace cryfs::program_options; +using namespace cryfs_cli::program_options; using cryfs::CryConfigConsole; using cryfs::CryfsException; using cryfs::ErrorCode; @@ -49,8 +49,8 @@ ProgramOptions Parser::parse(const vector &supportedCiphers) const { if (!vm.count("mount-dir")) { _showHelpAndExit("Please specify a mount directory.", ErrorCode::InvalidArguments); } - bf::path baseDir = bf::absolute(vm["base-dir"].as()); - bf::path mountDir = bf::absolute(vm["mount-dir"].as()); + bf::path baseDir = vm["base-dir"].as(); + bf::path mountDir = vm["mount-dir"].as(); optional configfile = none; if (vm.count("config")) { configfile = bf::absolute(vm["config"].as()); diff --git a/src/cryfs-cli/program_options/Parser.h b/src/cryfs-cli/program_options/Parser.h index 4ecec05c..735c2b8d 100644 --- a/src/cryfs-cli/program_options/Parser.h +++ b/src/cryfs-cli/program_options/Parser.h @@ -1,12 +1,12 @@ #pragma once -#ifndef MESSMER_CRYFS_PROGRAMOPTIONS_PARSER_H -#define MESSMER_CRYFS_PROGRAMOPTIONS_PARSER_H +#ifndef MESSMER_CRYFSCLI_PROGRAMOPTIONS_PARSER_H +#define MESSMER_CRYFSCLI_PROGRAMOPTIONS_PARSER_H #include "ProgramOptions.h" #include #include -namespace cryfs { +namespace cryfs_cli { namespace program_options { class Parser final { public: @@ -21,7 +21,7 @@ namespace cryfs { static void _addPositionalOptionForBaseDir(boost::program_options::options_description *desc, boost::program_options::positional_options_description *positional); static void _showHelp(); - [[noreturn]] static void _showHelpAndExit(const std::string& message, ErrorCode errorCode); + [[noreturn]] static void _showHelpAndExit(const std::string& message, cryfs::ErrorCode errorCode); [[noreturn]] static void _showCiphersAndExit(const std::vector &supportedCiphers); [[noreturn]] static void _showVersionAndExit(); static boost::program_options::variables_map _parseOptionsOrShowHelp(const std::vector &options, const std::vector &supportedCiphers); diff --git a/src/cryfs-cli/program_options/ProgramOptions.cpp b/src/cryfs-cli/program_options/ProgramOptions.cpp index 94ba6fc8..fe0d3a80 100644 --- a/src/cryfs-cli/program_options/ProgramOptions.cpp +++ b/src/cryfs-cli/program_options/ProgramOptions.cpp @@ -1,8 +1,9 @@ #include "ProgramOptions.h" #include #include +#include -using namespace cryfs::program_options; +using namespace cryfs_cli::program_options; using std::string; using std::vector; using boost::optional; @@ -15,9 +16,15 @@ ProgramOptions::ProgramOptions(bf::path baseDir, bf::path mountDir, optional missingBlockIsIntegrityViolation, vector fuseOptions) - :_baseDir(std::move(baseDir)), _mountDir(std::move(mountDir)), _configFile(std::move(configFile)), _foreground(foreground), _allowFilesystemUpgrade(allowFilesystemUpgrade), _allowReplacedFilesystem(allowReplacedFilesystem), _allowIntegrityViolations(allowIntegrityViolations), - _cipher(std::move(cipher)), _blocksizeBytes(std::move(blocksizeBytes)), _unmountAfterIdleMinutes(std::move(unmountAfterIdleMinutes)), - _missingBlockIsIntegrityViolation(std::move(missingBlockIsIntegrityViolation)), _logFile(std::move(logFile)), _fuseOptions(std::move(fuseOptions)) { + : _configFile(std::move(configFile)), _baseDir(bf::absolute(std::move(baseDir))), _mountDir(std::move(mountDir)), + _mountDirIsDriveLetter(cpputils::path_is_just_drive_letter(_mountDir)), + _foreground(foreground), + _allowFilesystemUpgrade(allowFilesystemUpgrade), _allowReplacedFilesystem(allowReplacedFilesystem), _allowIntegrityViolations(allowIntegrityViolations), + _cipher(std::move(cipher)), _blocksizeBytes(std::move(blocksizeBytes)), _unmountAfterIdleMinutes(std::move(unmountAfterIdleMinutes)), + _missingBlockIsIntegrityViolation(std::move(missingBlockIsIntegrityViolation)), _logFile(std::move(logFile)), _fuseOptions(std::move(fuseOptions)) { + if (!_mountDirIsDriveLetter) { + _mountDir = bf::absolute(std::move(_mountDir)); + } } const bf::path &ProgramOptions::baseDir() const { @@ -28,6 +35,10 @@ const bf::path &ProgramOptions::mountDir() const { return _mountDir; } +bool ProgramOptions::mountDirIsDriveLetter() const { + return _mountDirIsDriveLetter; +} + const optional &ProgramOptions::configFile() const { return _configFile; } diff --git a/src/cryfs-cli/program_options/ProgramOptions.h b/src/cryfs-cli/program_options/ProgramOptions.h index f592db63..60ee0200 100644 --- a/src/cryfs-cli/program_options/ProgramOptions.h +++ b/src/cryfs-cli/program_options/ProgramOptions.h @@ -1,6 +1,6 @@ #pragma once -#ifndef MESSMER_CRYFS_PROGRAMOPTIONS_PROGRAMOPTIONS_H -#define MESSMER_CRYFS_PROGRAMOPTIONS_PROGRAMOPTIONS_H +#ifndef MESSMER_CRYFSCLI_PROGRAMOPTIONS_PROGRAMOPTIONS_H +#define MESSMER_CRYFSCLI_PROGRAMOPTIONS_PROGRAMOPTIONS_H #include #include @@ -8,7 +8,7 @@ #include #include -namespace cryfs { +namespace cryfs_cli { namespace program_options { class ProgramOptions final { public: @@ -25,6 +25,7 @@ namespace cryfs { const boost::filesystem::path &baseDir() const; const boost::filesystem::path &mountDir() const; + bool mountDirIsDriveLetter() const; const boost::optional &configFile() const; bool foreground() const; bool allowFilesystemUpgrade() const; @@ -38,9 +39,10 @@ namespace cryfs { const std::vector &fuseOptions() const; private: - boost::filesystem::path _baseDir; - boost::filesystem::path _mountDir; - boost::optional _configFile; + boost::optional _configFile; + boost::filesystem::path _baseDir; // this is always absolute + boost::filesystem::path _mountDir; // this is absolute iff !_mountDirIsDriveLetter + bool _mountDirIsDriveLetter; bool _foreground; bool _allowFilesystemUpgrade; bool _allowReplacedFilesystem; diff --git a/src/cryfs-cli/program_options/utils.cpp b/src/cryfs-cli/program_options/utils.cpp index f3f65a9a..f207370c 100644 --- a/src/cryfs-cli/program_options/utils.cpp +++ b/src/cryfs-cli/program_options/utils.cpp @@ -7,7 +7,7 @@ using std::make_pair; using std::vector; using std::string; -namespace cryfs { +namespace cryfs_cli { namespace program_options { pair, vector> splitAtDoubleDash(const vector &options) { auto doubleDashIterator = std::find(options.begin(), options.end(), string("--")); diff --git a/src/cryfs-cli/program_options/utils.h b/src/cryfs-cli/program_options/utils.h index b78369b9..2b4a7955 100644 --- a/src/cryfs-cli/program_options/utils.h +++ b/src/cryfs-cli/program_options/utils.h @@ -1,12 +1,12 @@ #pragma once -#ifndef MESSMER_CRYFS_PROGRAMOPTIONS_UTILS_H -#define MESSMER_CRYFS_PROGRAMOPTIONS_UTILS_H +#ifndef MESSMER_CRYFSCLI_PROGRAMOPTIONS_UTILS_H +#define MESSMER_CRYFSCLI_PROGRAMOPTIONS_UTILS_H #include #include #include -namespace cryfs { +namespace cryfs_cli { namespace program_options { /** * Splits an array of program options into two arrays of program options, split at a double dash '--' option. diff --git a/src/cryfs-unmount/CMakeLists.txt b/src/cryfs-unmount/CMakeLists.txt new file mode 100644 index 00000000..0a246a7f --- /dev/null +++ b/src/cryfs-unmount/CMakeLists.txt @@ -0,0 +1,24 @@ +project (cryfs-unmount) +INCLUDE(GNUInstallDirs) + +set(SOURCES + program_options/ProgramOptions.cpp + program_options/Parser.cpp + Cli.cpp +) + +add_library(${PROJECT_NAME} ${SOURCES}) +target_link_libraries(${PROJECT_NAME} PUBLIC cpp-utils cryfs fspp-fuse) +target_enable_style_warnings(${PROJECT_NAME}) +target_activate_cpp14(${PROJECT_NAME}) + +add_executable(${PROJECT_NAME}_bin main_unmount.cpp) +set_target_properties(${PROJECT_NAME}_bin PROPERTIES OUTPUT_NAME cryfs-unmount) +target_link_libraries(${PROJECT_NAME}_bin PUBLIC ${PROJECT_NAME}) +target_enable_style_warnings(${PROJECT_NAME}_bin) +target_activate_cpp14(${PROJECT_NAME}_bin) + +install(TARGETS ${PROJECT_NAME}_bin + CONFIGURATIONS Debug Release RelWithDebInfo + DESTINATION ${CMAKE_INSTALL_BINDIR} +) diff --git a/src/cryfs-unmount/Cli.cpp b/src/cryfs-unmount/Cli.cpp new file mode 100644 index 00000000..aa5c06f2 --- /dev/null +++ b/src/cryfs-unmount/Cli.cpp @@ -0,0 +1,36 @@ +#include "Cli.h" +#include +#include +#include +#include + +#include + +using fspp::fuse::Fuse; +using cryfs_unmount::program_options::Parser; +using cryfs_unmount::program_options::ProgramOptions; + +namespace cryfs_unmount { + +namespace { +void _showVersion() { + std::cout << "CryFS Version " << gitversion::VersionString() << std::endl; +} +} + +void Cli::main(int argc, const char* argv[]) { + _showVersion(); + ProgramOptions options = Parser(argc, argv).parse(); + + if (!boost::filesystem::exists(options.mountDir())) { + throw cryfs::CryfsException("Given mountdir doesn't exist", cryfs::ErrorCode::InaccessibleMountDir); + } + // TODO This doesn't seem to work with relative paths + std::cout << "Unmounting CryFS filesystem at " << options.mountDir() << "." << std::endl; + Fuse::unmount(options.mountDir()); + + // TODO Wait until it is actually unmounted and then show a better success message? + std::cout << "Filesystem is unmounting now." << std::endl; +} + +} diff --git a/src/cryfs-unmount/Cli.h b/src/cryfs-unmount/Cli.h new file mode 100644 index 00000000..d69b6f3e --- /dev/null +++ b/src/cryfs-unmount/Cli.h @@ -0,0 +1,14 @@ +#pragma once +#ifndef MESSMER_CRYFSUNMOUNT_CLI_H +#define MESSMER_CRYFSUNMOUNT_CLI_H + +namespace cryfs_unmount { + +class Cli final { +public: + void main(int argc, const char* argv[]); +}; + +} + +#endif diff --git a/src/cryfs-unmount/main_unmount.cpp b/src/cryfs-unmount/main_unmount.cpp new file mode 100644 index 00000000..b3e2637c --- /dev/null +++ b/src/cryfs-unmount/main_unmount.cpp @@ -0,0 +1,38 @@ +#if defined(_MSC_VER) +#include +#include +#endif + +#include +#include +#include +#include "Cli.h" + +using std::cerr; +using cryfs::ErrorCode; + +int main(int argc, const char *argv[]) { +#if defined(_MSC_VER) + if (!IsWindows7SP1OrGreater()) { + std::cerr << "CryFS is currently only supported on Windows 7 SP1 (or later)." << std::endl; + exit(1); + } +#endif + + cpputils::showBacktraceOnCrash(); + + try { + cryfs_unmount::Cli().main(argc, argv); + } + catch (const cryfs::CryfsException &e) { + if (e.what() != std::string()) { + std::cerr << "Error " << static_cast(e.errorCode()) << ": " << e.what() << std::endl; + } + return exitCode(e.errorCode()); + } + catch (const std::runtime_error &e) { + std::cerr << "Error: " << e.what() << std::endl; + return exitCode(ErrorCode::UnspecifiedError); + } + return exitCode(ErrorCode::Success); +} diff --git a/src/cryfs-unmount/program_options/Parser.cpp b/src/cryfs-unmount/program_options/Parser.cpp new file mode 100644 index 00000000..25e27951 --- /dev/null +++ b/src/cryfs-unmount/program_options/Parser.cpp @@ -0,0 +1,128 @@ +#include "Parser.h" +#include +#include +#include +#include +#include + +namespace po = boost::program_options; +namespace bf = boost::filesystem; +using namespace cryfs_unmount::program_options; +using cryfs::CryConfigConsole; +using cryfs::CryfsException; +using cryfs::ErrorCode; +using std::vector; +using std::cerr; +using std::endl; +using std::string; +using namespace cpputils::logging; + +Parser::Parser(int argc, const char *argv[]) + :_options(_argsToVector(argc, argv)) { +} + +vector Parser::_argsToVector(int argc, const char *argv[]) { + vector result; + for (int i = 0; i < argc; ++i) { + result.push_back(argv[i]); + } + return result; +} + +ProgramOptions Parser::parse() const { + po::variables_map vm = _parseOptionsOrShowHelp(_options); + + if (!vm.count("mount-dir")) { + _showHelpAndExit("Please specify a mount directory.", ErrorCode::InvalidArguments); + } + bf::path mountDir = vm["mount-dir"].as(); + + return ProgramOptions(std::move(mountDir)); +} + +po::variables_map Parser::_parseOptionsOrShowHelp(const vector &options) { + try { + return _parseOptions(options); + } + catch (const CryfsException& e) { + // If CryfsException is thrown, we already know what's wrong. + // Show usage information and pass through the exception, don't catch it. + if (e.errorCode() != ErrorCode::Success) { + _showHelp(); + } + throw; + } + catch (const std::exception &e) { + std::cerr << e.what() << std::endl; + _showHelpAndExit("Invalid arguments", ErrorCode::InvalidArguments); + } +} + +po::variables_map Parser::_parseOptions(const vector &options) { + po::options_description desc; + po::positional_options_description positional_desc; + _addAllowedOptions(&desc); + _addPositionalOptionForBaseDir(&desc, &positional_desc); + + po::variables_map vm; + vector _options = _to_const_char_vector(options); + po::store(po::command_line_parser(_options.size(), _options.data()) + .options(desc).positional(positional_desc).run(), vm); + if (vm.count("help")) { + _showHelpAndExit("", ErrorCode::Success); + } + if (vm.count("version")) { + _showVersionAndExit(); + } + po::notify(vm); + + return vm; +} + +vector Parser::_to_const_char_vector(const vector &options) { + vector result; + result.reserve(options.size()); + for (const string &option : options) { + result.push_back(option.c_str()); + } + return result; +} + +void Parser::_addAllowedOptions(po::options_description *desc) { + po::options_description options("Allowed options"); + string cipher_description = "Cipher to use for encryption. See possible values by calling cryfs with --show-ciphers. Default: "; + cipher_description += CryConfigConsole::DEFAULT_CIPHER; + string blocksize_description = "The block size used when storing ciphertext blocks (in bytes). Default: "; + blocksize_description += std::to_string(CryConfigConsole::DEFAULT_BLOCKSIZE_BYTES); + options.add_options() + ("help,h", "show help message") + ("version", "Show CryFS version number") + ; + desc->add(options); +} + +void Parser::_addPositionalOptionForBaseDir(po::options_description *desc, po::positional_options_description *positional) { + positional->add("mount-dir", 1); + po::options_description hidden("Hidden options"); + hidden.add_options() + ("mount-dir", po::value(), "Mount directory") + ; + desc->add(hidden); +} + +void Parser::_showHelp() { + cerr << "Usage: cryfs-unmount [mountPoint]\n"; + po::options_description desc; + _addAllowedOptions(&desc); + cerr << desc << endl; +} + +[[noreturn]] void Parser::_showHelpAndExit(const std::string& message, ErrorCode errorCode) { + _showHelp(); + throw CryfsException(message, errorCode); +} + +[[noreturn]] void Parser::_showVersionAndExit() { + // no need to show version because it was already shown in the CryFS header before parsing program options + throw CryfsException("", ErrorCode::Success); +} diff --git a/src/cryfs-unmount/program_options/Parser.h b/src/cryfs-unmount/program_options/Parser.h new file mode 100644 index 00000000..6f98eb1f --- /dev/null +++ b/src/cryfs-unmount/program_options/Parser.h @@ -0,0 +1,37 @@ +#pragma once +#ifndef MESSMER_CRYFSUNMOUNT_PROGRAMOPTIONS_PARSER_H +#define MESSMER_CRYFSUNMOUNT_PROGRAMOPTIONS_PARSER_H + +#include "ProgramOptions.h" +#include +#include + +namespace cryfs_unmount { + namespace program_options { + class Parser final { + public: + Parser(int argc, const char *argv[]); + + ProgramOptions parse() const; + + private: + static std::vector _argsToVector(int argc, const char *argv[]); + static std::vector _to_const_char_vector(const std::vector &options); + static void _addAllowedOptions(boost::program_options::options_description *desc); + static void _addPositionalOptionForBaseDir(boost::program_options::options_description *desc, + boost::program_options::positional_options_description *positional); + static void _showHelp(); + [[noreturn]] static void _showHelpAndExit(const std::string& message, cryfs::ErrorCode errorCode); + [[noreturn]] static void _showCiphersAndExit(const std::vector &supportedCiphers); + [[noreturn]] static void _showVersionAndExit(); + static boost::program_options::variables_map _parseOptionsOrShowHelp(const std::vector &options); + static boost::program_options::variables_map _parseOptions(const std::vector &options); + + std::vector _options; + + DISALLOW_COPY_AND_ASSIGN(Parser); + }; + } +} + +#endif diff --git a/src/cryfs-unmount/program_options/ProgramOptions.cpp b/src/cryfs-unmount/program_options/ProgramOptions.cpp new file mode 100644 index 00000000..4fa22740 --- /dev/null +++ b/src/cryfs-unmount/program_options/ProgramOptions.cpp @@ -0,0 +1,25 @@ +#include "ProgramOptions.h" +#include +#include +#include + +using namespace cryfs_unmount::program_options; +using std::string; +namespace bf = boost::filesystem; + +ProgramOptions::ProgramOptions(bf::path mountDir) + :_mountDir(std::move(mountDir)), + _mountDirIsDriveLetter(cpputils::path_is_just_drive_letter(_mountDir)) +{ + if (!_mountDirIsDriveLetter) { + _mountDir = bf::absolute(std::move(_mountDir)); + } +} + +const bf::path &ProgramOptions::mountDir() const { + return _mountDir; +} + +bool ProgramOptions::mountDirIsDriveLetter() const { + return _mountDirIsDriveLetter; +} diff --git a/src/cryfs-unmount/program_options/ProgramOptions.h b/src/cryfs-unmount/program_options/ProgramOptions.h new file mode 100644 index 00000000..08f83ab2 --- /dev/null +++ b/src/cryfs-unmount/program_options/ProgramOptions.h @@ -0,0 +1,30 @@ +#pragma once +#ifndef MESSMER_CRYFSUNMOUNT_PROGRAMOPTIONS_PROGRAMOPTIONS_H +#define MESSMER_CRYFSUNMOUNT_PROGRAMOPTIONS_PROGRAMOPTIONS_H + +#include +#include +#include +#include +#include + +namespace cryfs_unmount { + namespace program_options { + class ProgramOptions final { + public: + ProgramOptions(boost::filesystem::path mountDir); + ProgramOptions(ProgramOptions &&rhs) = default; + + const boost::filesystem::path &mountDir() const; + bool mountDirIsDriveLetter() const; + + private: + boost::filesystem::path _mountDir; + bool _mountDirIsDriveLetter; + + DISALLOW_COPY_AND_ASSIGN(ProgramOptions); + }; + } +} + +#endif diff --git a/src/cryfs/config/CryConfigLoader.cpp b/src/cryfs/config/CryConfigLoader.cpp index 64115338..78e0cc86 100644 --- a/src/cryfs/config/CryConfigLoader.cpp +++ b/src/cryfs/config/CryConfigLoader.cpp @@ -71,7 +71,7 @@ void CryConfigLoader::_checkVersion(const CryConfig &config, bool allowFilesyste } } if (!allowFilesystemUpgrade && gitversion::VersionCompare::isOlderThan(config.Version(), CryConfig::FilesystemFormatVersion)) { - if (!_console->askYesNo("This filesystem is for CryFS " + config.Version() + " (or a later version with the same storage format). You're running a CryFS version using storage format " + CryConfig::FilesystemFormatVersion + ". It can be migrated, but afterwards couldn't be opened anymore with older versions. Do you want to migrate it?", false)) { + if (!_console->askYesNo("This filesystem is for CryFS " + config.Version() + " (or a later version with the same storage format). You're running a CryFS version using storage format " + CryConfig::FilesystemFormatVersion + ". It can be migrated, but afterwards couldn't be opened anymore with older versions. Please make a backup of your data before attempting a migration. Do you want to migrate it now?", false)) { throw CryfsException("This filesystem is for CryFS " + config.Version() + " (or a later version with the same storage format). It has to be migrated.", ErrorCode::TooOldFilesystemFormat); } } diff --git a/src/cryfs/filesystem/cachingfsblobstore/CachingFsBlobStore.h b/src/cryfs/filesystem/cachingfsblobstore/CachingFsBlobStore.h index 6bba337a..5e75131f 100644 --- a/src/cryfs/filesystem/cachingfsblobstore/CachingFsBlobStore.h +++ b/src/cryfs/filesystem/cachingfsblobstore/CachingFsBlobStore.h @@ -50,7 +50,7 @@ namespace cryfs { inline CachingFsBlobStore::CachingFsBlobStore(cpputils::unique_ref baseBlobStore) - : _baseBlobStore(std::move(baseBlobStore)), _cache() { + : _baseBlobStore(std::move(baseBlobStore)), _cache("fsblobstore") { } inline CachingFsBlobStore::~CachingFsBlobStore() { diff --git a/src/fspp/fuse/Fuse.cpp b/src/fspp/fuse/Fuse.cpp index e2108580..7115aeb2 100644 --- a/src/fspp/fuse/Fuse.cpp +++ b/src/fspp/fuse/Fuse.cpp @@ -7,9 +7,16 @@ #include #include #include +#include +#include #include #include "InvalidFilesystem.h" +#if defined(_MSC_VER) +#include +#include +#endif + using std::vector; using std::string; @@ -17,7 +24,9 @@ namespace bf = boost::filesystem; using namespace cpputils::logging; using std::make_shared; using std::shared_ptr; +using std::string; using namespace fspp::fuse; +using cpputils::set_thread_name; namespace { bool is_valid_fspp_path(const bf::path& path) { @@ -26,6 +35,18 @@ bool is_valid_fspp_path(const bf::path& path) { && !path.has_root_name() // on Windows, it shouldn't have a device specifier (i.e. no "C:") && (path.string() == path.generic_string()); // must use portable '/' as directory separator } + +class ThreadNameForDebugging final { +public: + ThreadNameForDebugging(const string& threadName) { + std::string name = "fspp_" + threadName; + set_thread_name(name.c_str()); + } + + ~ThreadNameForDebugging() { + set_thread_name("fspp_idle"); + } +}; } #define FUSE_OBJ (static_cast(fuse_get_context()->private_data)) @@ -333,18 +354,29 @@ bool Fuse::running() const { } void Fuse::stop() { + unmount(_mountdir, false); +} + +void Fuse::unmount(const bf::path& mountdir, bool force) { //TODO Find better way to unmount (i.e. don't use external fusermount). Unmounting by kill(getpid(), SIGINT) worked, but left the mount directory transport endpoint as not connected. -#ifdef __APPLE__ - int ret = system(("umount " + _mountdir.string()).c_str()); +#if defined(__APPLE__) + int returncode = cpputils::Subprocess::call(std::string("umount ") + mountdir.string()).exitcode; +#elif defined(_MSC_VER) + std::wstring mountdir_ = std::wstring_convert>().from_bytes(mountdir.string()); + BOOL success = DokanRemoveMountPoint(mountdir_.c_str()); + int returncode = success ? 0 : -1; #else - int ret = system(("fusermount -z -u " + _mountdir.string()).c_str()); // "-z" takes care that if the filesystem can't be unmounted right now because something is opened, it will be unmounted as soon as it can be. + std::string command = force ? "fusermount -u" : "fusermount -z -u"; // "-z" takes care that if the filesystem can't be unmounted right now because something is opened, it will be unmounted as soon as it can be. + int returncode = cpputils::Subprocess::call( + command + " " + mountdir.string()).exitcode; #endif - if (ret != 0) { - LOG(ERR, "Could not unmount filesystem"); + if (returncode != 0) { + throw std::runtime_error("Could not unmount filesystem"); } } int Fuse::getattr(const bf::path &path, fspp::fuse::STAT *stbuf) { + ThreadNameForDebugging _threadName("getattr"); #ifdef FSPP_LOG LOG(DEBUG, "getattr({}, _, _)", path); #endif @@ -367,6 +399,7 @@ int Fuse::getattr(const bf::path &path, fspp::fuse::STAT *stbuf) { } int Fuse::fgetattr(const bf::path &path, fspp::fuse::STAT *stbuf, fuse_file_info *fileinfo) { + ThreadNameForDebugging _threadName("fgetattr"); #ifdef FSPP_LOG LOG(DEBUG, "fgetattr({}, _, _)\n", path); #endif @@ -399,6 +432,7 @@ int Fuse::fgetattr(const bf::path &path, fspp::fuse::STAT *stbuf, fuse_file_info } int Fuse::readlink(const bf::path &path, char *buf, size_t size) { + ThreadNameForDebugging _threadName("readlink"); #ifdef FSPP_LOG LOG(DEBUG, "readlink({}, _, {})", path, size); #endif @@ -424,11 +458,13 @@ int Fuse::mknod(const bf::path &path, ::mode_t mode, dev_t rdev) { UNUSED(rdev); UNUSED(mode); UNUSED(path); + ThreadNameForDebugging _threadName("mknod"); LOG(WARN, "Called non-implemented mknod({}, {}, _)", path, mode); return ENOSYS; } int Fuse::mkdir(const bf::path &path, ::mode_t mode) { + ThreadNameForDebugging _threadName("mkdir"); #ifdef FSPP_LOG LOG(DEBUG, "mkdir({}, {})", path, mode); #endif @@ -452,6 +488,7 @@ int Fuse::mkdir(const bf::path &path, ::mode_t mode) { } int Fuse::unlink(const bf::path &path) { + ThreadNameForDebugging _threadName("unlink"); #ifdef FSPP_LOG LOG(DEBUG, "unlink({})", path); #endif @@ -474,6 +511,7 @@ int Fuse::unlink(const bf::path &path) { } int Fuse::rmdir(const bf::path &path) { + ThreadNameForDebugging _threadName("rmdir"); #ifdef FSPP_LOG LOG(DEBUG, "rmdir({})", path); #endif @@ -495,14 +533,15 @@ int Fuse::rmdir(const bf::path &path) { } } -int Fuse::symlink(const bf::path &from, const bf::path &to) { +int Fuse::symlink(const bf::path &to, const bf::path &from) { + ThreadNameForDebugging _threadName("symlink"); #ifdef FSPP_LOG - LOG(DEBUG, "symlink({}, {})", from, to); + LOG(DEBUG, "symlink({}, {})", to, from); #endif try { ASSERT(is_valid_fspp_path(from), "has to be an absolute path"); auto context = fuse_get_context(); - _fs->createSymlink(from, to, context->uid, context->gid); + _fs->createSymlink(to, from, context->uid, context->gid); return 0; } catch(const cpputils::AssertFailed &e) { LOG(ERR, "AssertFailed in Fuse::symlink: {}", e.what()); @@ -519,6 +558,7 @@ int Fuse::symlink(const bf::path &from, const bf::path &to) { } int Fuse::rename(const bf::path &from, const bf::path &to) { + ThreadNameForDebugging _threadName("rename"); #ifdef FSPP_LOG LOG(DEBUG, "rename({}, {})", from, to); #endif @@ -543,6 +583,7 @@ int Fuse::rename(const bf::path &from, const bf::path &to) { //TODO int Fuse::link(const bf::path &from, const bf::path &to) { + ThreadNameForDebugging _threadName("link"); LOG(WARN, "NOT IMPLEMENTED: link({}, {})", from, to); //auto real_from = _impl->RootDir() / from; //auto real_to = _impl->RootDir() / to; @@ -552,6 +593,7 @@ int Fuse::link(const bf::path &from, const bf::path &to) { } int Fuse::chmod(const bf::path &path, ::mode_t mode) { + ThreadNameForDebugging _threadName("chmod"); #ifdef FSPP_LOG LOG(DEBUG, "chmod({}, {})", path, mode); #endif @@ -574,6 +616,7 @@ int Fuse::chmod(const bf::path &path, ::mode_t mode) { } int Fuse::chown(const bf::path &path, ::uid_t uid, ::gid_t gid) { + ThreadNameForDebugging _threadName("chown"); #ifdef FSPP_LOG LOG(DEBUG, "chown({}, {}, {})", path, uid, gid); #endif @@ -596,6 +639,7 @@ int Fuse::chown(const bf::path &path, ::uid_t uid, ::gid_t gid) { } int Fuse::truncate(const bf::path &path, int64_t size) { + ThreadNameForDebugging _threadName("truncate"); #ifdef FSPP_LOG LOG(DEBUG, "truncate({}, {})", path, size); #endif @@ -618,6 +662,7 @@ int Fuse::truncate(const bf::path &path, int64_t size) { } int Fuse::ftruncate(const bf::path &path, int64_t size, fuse_file_info *fileinfo) { + ThreadNameForDebugging _threadName("ftruncate"); #ifdef FSPP_LOG LOG(DEBUG, "ftruncate({}, {})", path, size); #endif @@ -640,6 +685,7 @@ int Fuse::ftruncate(const bf::path &path, int64_t size, fuse_file_info *fileinfo } int Fuse::utimens(const bf::path &path, const timespec times[2]) { + ThreadNameForDebugging _threadName("utimens"); #ifdef FSPP_LOG LOG(DEBUG, "utimens({}, _)", path); #endif @@ -662,6 +708,7 @@ int Fuse::utimens(const bf::path &path, const timespec times[2]) { } int Fuse::open(const bf::path &path, fuse_file_info *fileinfo) { + ThreadNameForDebugging _threadName("open"); #ifdef FSPP_LOG LOG(DEBUG, "open({}, _)", path); #endif @@ -684,6 +731,7 @@ int Fuse::open(const bf::path &path, fuse_file_info *fileinfo) { } int Fuse::release(const bf::path &path, fuse_file_info *fileinfo) { + ThreadNameForDebugging _threadName("release"); #ifdef FSPP_LOG LOG(DEBUG, "release({}, _)", path); #endif @@ -706,6 +754,7 @@ int Fuse::release(const bf::path &path, fuse_file_info *fileinfo) { } int Fuse::read(const bf::path &path, char *buf, size_t size, int64_t offset, fuse_file_info *fileinfo) { + ThreadNameForDebugging _threadName("read"); #ifdef FSPP_LOG LOG(DEBUG, "read({}, _, {}, {}, _)", path, size, offset); #endif @@ -727,6 +776,7 @@ int Fuse::read(const bf::path &path, char *buf, size_t size, int64_t offset, fus } int Fuse::write(const bf::path &path, const char *buf, size_t size, int64_t offset, fuse_file_info *fileinfo) { + ThreadNameForDebugging _threadName("write"); #ifdef FSPP_LOG LOG(DEBUG, "write({}, _, {}, {}, _)", path, size, offsset); #endif @@ -749,6 +799,7 @@ int Fuse::write(const bf::path &path, const char *buf, size_t size, int64_t offs } int Fuse::statfs(const bf::path &path, struct ::statvfs *fsstat) { + ThreadNameForDebugging _threadName("statfs"); #ifdef FSPP_LOG LOG(DEBUG, "statfs({}, _)", path); #endif @@ -772,6 +823,7 @@ int Fuse::statfs(const bf::path &path, struct ::statvfs *fsstat) { } int Fuse::flush(const bf::path &path, fuse_file_info *fileinfo) { + ThreadNameForDebugging _threadName("flush"); #ifdef FSPP_LOG LOG(WARN, "flush({}, _)", path); #endif @@ -794,6 +846,7 @@ int Fuse::flush(const bf::path &path, fuse_file_info *fileinfo) { } int Fuse::fsync(const bf::path &path, int datasync, fuse_file_info *fileinfo) { + ThreadNameForDebugging _threadName("fsync"); #ifdef FSPP_LOG LOG(DEBUG, "fsync({}, {}, _)", path, datasync); #endif @@ -822,12 +875,14 @@ int Fuse::fsync(const bf::path &path, int datasync, fuse_file_info *fileinfo) { int Fuse::opendir(const bf::path &path, fuse_file_info *fileinfo) { UNUSED(path); UNUSED(fileinfo); + ThreadNameForDebugging _threadName("opendir"); //LOG(DEBUG, "opendir({}, _)", path); //We don't need opendir, because readdir works directly on the path return 0; } int Fuse::readdir(const bf::path &path, void *buf, fuse_fill_dir_t filler, int64_t offset, fuse_file_info *fileinfo) { + ThreadNameForDebugging _threadName("readdir"); #ifdef FSPP_LOG LOG(DEBUG, "readdir({}, _, _, {}, _)", path, offest); #endif @@ -873,6 +928,7 @@ int Fuse::readdir(const bf::path &path, void *buf, fuse_fill_dir_t filler, int64 int Fuse::releasedir(const bf::path &path, fuse_file_info *fileinfo) { UNUSED(path); UNUSED(fileinfo); + ThreadNameForDebugging _threadName("releasedir"); //LOG(DEBUG, "releasedir({}, _)", path); //We don't need releasedir, because readdir works directly on the path return 0; @@ -883,12 +939,14 @@ int Fuse::fsyncdir(const bf::path &path, int datasync, fuse_file_info *fileinfo) UNUSED(fileinfo); UNUSED(datasync); UNUSED(path); + ThreadNameForDebugging _threadName("fsyncdir"); //LOG(WARN, "Called non-implemented fsyncdir({}, {}, _)", path, datasync); return 0; } void Fuse::init(fuse_conn_info *conn) { UNUSED(conn); + ThreadNameForDebugging _threadName("init"); _fs = _init(this); LOG(INFO, "Filesystem started."); @@ -902,6 +960,7 @@ void Fuse::init(fuse_conn_info *conn) { } void Fuse::destroy() { + ThreadNameForDebugging _threadName("destroy"); _fs = make_shared(); LOG(INFO, "Filesystem stopped."); _running = false; @@ -909,6 +968,7 @@ void Fuse::destroy() { } int Fuse::access(const bf::path &path, int mask) { + ThreadNameForDebugging _threadName("access"); #ifdef FSPP_LOG LOG(DEBUG, "access({}, {})", path, mask); #endif @@ -931,6 +991,7 @@ int Fuse::access(const bf::path &path, int mask) { } int Fuse::create(const bf::path &path, ::mode_t mode, fuse_file_info *fileinfo) { + ThreadNameForDebugging _threadName("create"); #ifdef FSPP_LOG LOG(DEBUG, "create({}, {}, _)", path, mode); #endif diff --git a/src/fspp/fuse/Fuse.h b/src/fspp/fuse/Fuse.h index a9cead1c..c0e58659 100644 --- a/src/fspp/fuse/Fuse.h +++ b/src/fspp/fuse/Fuse.h @@ -29,6 +29,8 @@ public: bool running() const; void stop(); + static void unmount(const boost::filesystem::path &mountdir, bool force = false); + int getattr(const boost::filesystem::path &path, fspp::fuse::STAT *stbuf); int fgetattr(const boost::filesystem::path &path, fspp::fuse::STAT *stbuf, fuse_file_info *fileinfo); int readlink(const boost::filesystem::path &path, char *buf, size_t size); diff --git a/test/blobstore/CMakeLists.txt b/test/blobstore/CMakeLists.txt index d69290bd..f9eeb8d7 100644 --- a/test/blobstore/CMakeLists.txt +++ b/test/blobstore/CMakeLists.txt @@ -19,7 +19,7 @@ set(SOURCES implementations/onblocks/datatreestore/DataTreeTest_NumStoredBytes.cpp implementations/onblocks/datatreestore/DataTreeTest_ResizeNumBytes.cpp implementations/onblocks/datatreestore/DataTreeStoreTest.cpp - implementations/onblocks/datatreestore/DataTreeTest_TraverseLeaves.cpp + implementations/onblocks/datatreestore/LeafTraverserTest.cpp implementations/onblocks/BlobSizeTest.cpp implementations/onblocks/BlobReadWriteTest.cpp implementations/onblocks/BigBlobsTest.cpp diff --git a/test/blobstore/implementations/onblocks/BlobReadWriteTest.cpp b/test/blobstore/implementations/onblocks/BlobReadWriteTest.cpp index 4b66fc8d..8539f845 100644 --- a/test/blobstore/implementations/onblocks/BlobReadWriteTest.cpp +++ b/test/blobstore/implementations/onblocks/BlobReadWriteTest.cpp @@ -63,6 +63,92 @@ TEST_F(BlobReadWriteTest, WritingCloseTo16ByteLimitDoesntDestroySize) { EXPECT_EQ(32780u, blob->size()); } +TEST_F(BlobReadWriteTest, givenEmptyBlob_whenTryReadInFirstLeaf_thenFails) { + Data data(5); + size_t read = blob->tryRead(data.data(), 3, 5); + EXPECT_EQ(0, read); +} + +TEST_F(BlobReadWriteTest, givenEmptyBlob_whenTryReadInLaterLeaf_thenFails) { + Data data(5); + size_t read = blob->tryRead(data.data(), 2*LAYOUT.maxBytesPerLeaf(), 5); + EXPECT_EQ(0, read); +} + +TEST_F(BlobReadWriteTest, givenEmptyBlob_whenReadInFirstLeaf_thenFails) { + Data data(5); + EXPECT_ANY_THROW( + blob->read(data.data(), 3, 5) + ); +} + +TEST_F(BlobReadWriteTest, givenEmptyBlob_whenReadInLaterLeaf_thenFails) { + Data data(5); + EXPECT_ANY_THROW( + blob->read(data.data(), 2*LAYOUT.maxBytesPerLeaf(), 5) + ); +} + +TEST_F(BlobReadWriteTest, givenEmptyBlob_whenReadAll_thenReturnsZeroSizedData) { + Data data = blob->readAll(); + EXPECT_EQ(0, data.size()); +} + +TEST_F(BlobReadWriteTest, givenEmptyBlob_whenWrite_thenGrows) { + Data data(5); + blob->write(data.data(), 4, 5); + EXPECT_EQ(9, blob->size()); +} + +TEST_F(BlobReadWriteTest, givenEmptyBlob_whenWriteZeroBytes_thenDoesntGrow) { + Data data(5); + blob->write(data.data(), 4, 0); + EXPECT_EQ(0, blob->size());; +} + +TEST_F(BlobReadWriteTest, givenBlobResizedToZero_whenTryReadInFirstLeaf_thenFails) { + Data data(5); + size_t read = blob->tryRead(data.data(), 3, 5); + EXPECT_EQ(0, read); +} + +TEST_F(BlobReadWriteTest, givenBlobResizedToZero_whenTryReadInLaterLeaf_thenFails) { + Data data(5); + size_t read = blob->tryRead(data.data(), 2*LAYOUT.maxBytesPerLeaf(), 5); + EXPECT_EQ(0, read); +} + +TEST_F(BlobReadWriteTest, givenBlobResizedToZero_whenReadInFirstLeaf_thenFails) { + Data data(5); + EXPECT_ANY_THROW( + blob->read(data.data(), 3, 5) + ); +} + +TEST_F(BlobReadWriteTest, givenBlobResizedToZero_whenReadInLaterLeaf_thenFails) { + Data data(5); + EXPECT_ANY_THROW( + blob->read(data.data(), 2*LAYOUT.maxBytesPerLeaf(), 5) + ); +} + +TEST_F(BlobReadWriteTest, givenBlobResizedToZero_whenReadAll_thenReturnsZeroSizedData) { + Data data = blob->readAll(); + EXPECT_EQ(0, data.size()); +} + +TEST_F(BlobReadWriteTest, givenBlobResizedToZero_whenWrite_thenGrows) { + Data data(5); + blob->write(data.data(), 4, 5); + EXPECT_EQ(9, blob->size()); +} + +TEST_F(BlobReadWriteTest, givenBlobResizedToZero_whenWriteZeroBytes_thenDoesntGrow) { + Data data(5); + blob->write(data.data(), 4, 0); + EXPECT_EQ(0, blob->size()); +} + struct DataRange { uint64_t blobsize; uint64_t offset; diff --git a/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_NumStoredBytes.cpp b/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_NumStoredBytes.cpp index 12859550..dc3bedbd 100644 --- a/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_NumStoredBytes.cpp +++ b/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_NumStoredBytes.cpp @@ -13,7 +13,7 @@ public: TEST_F(DataTreeTest_NumStoredBytes, CreatedTreeIsEmpty) { auto tree = treeStore.createNewTree(); - EXPECT_EQ(0u, tree->numStoredBytes()); + EXPECT_EQ(0u, tree->numBytes()); } class DataTreeTest_NumStoredBytes_P: public DataTreeTest_NumStoredBytes, public WithParamInterface {}; @@ -24,47 +24,47 @@ INSTANTIATE_TEST_CASE_P(FullLastLeaf, DataTreeTest_NumStoredBytes_P, Values(stat TEST_P(DataTreeTest_NumStoredBytes_P, SingleLeaf) { BlockId blockId = CreateLeafWithSize(GetParam())->blockId(); auto tree = treeStore.load(blockId).value(); - EXPECT_EQ(GetParam(), tree->numStoredBytes()); + EXPECT_EQ(GetParam(), tree->numBytes()); } TEST_P(DataTreeTest_NumStoredBytes_P, TwoLeafTree) { BlockId blockId = CreateTwoLeafWithSecondLeafSize(GetParam())->blockId(); auto tree = treeStore.load(blockId).value(); - EXPECT_EQ(nodeStore->layout().maxBytesPerLeaf() + GetParam(), tree->numStoredBytes()); + EXPECT_EQ(nodeStore->layout().maxBytesPerLeaf() + GetParam(), tree->numBytes()); } TEST_P(DataTreeTest_NumStoredBytes_P, FullTwolevelTree) { BlockId blockId = CreateFullTwoLevelWithLastLeafSize(GetParam())->blockId(); auto tree = treeStore.load(blockId).value(); - EXPECT_EQ(nodeStore->layout().maxBytesPerLeaf()*(nodeStore->layout().maxChildrenPerInnerNode()-1) + GetParam(), tree->numStoredBytes()); + EXPECT_EQ(nodeStore->layout().maxBytesPerLeaf()*(nodeStore->layout().maxChildrenPerInnerNode()-1) + GetParam(), tree->numBytes()); } TEST_P(DataTreeTest_NumStoredBytes_P, ThreeLevelTreeWithOneChild) { BlockId blockId = CreateThreeLevelWithOneChildAndLastLeafSize(GetParam())->blockId(); auto tree = treeStore.load(blockId).value(); - EXPECT_EQ(nodeStore->layout().maxBytesPerLeaf() + GetParam(), tree->numStoredBytes()); + EXPECT_EQ(nodeStore->layout().maxBytesPerLeaf() + GetParam(), tree->numBytes()); } TEST_P(DataTreeTest_NumStoredBytes_P, ThreeLevelTreeWithTwoChildren) { BlockId blockId = CreateThreeLevelWithTwoChildrenAndLastLeafSize(GetParam())->blockId(); auto tree = treeStore.load(blockId).value(); - EXPECT_EQ(nodeStore->layout().maxBytesPerLeaf()*nodeStore->layout().maxChildrenPerInnerNode() + nodeStore->layout().maxBytesPerLeaf() + GetParam(), tree->numStoredBytes()); + EXPECT_EQ(nodeStore->layout().maxBytesPerLeaf()*nodeStore->layout().maxChildrenPerInnerNode() + nodeStore->layout().maxBytesPerLeaf() + GetParam(), tree->numBytes()); } TEST_P(DataTreeTest_NumStoredBytes_P, ThreeLevelTreeWithThreeChildren) { BlockId blockId = CreateThreeLevelWithThreeChildrenAndLastLeafSize(GetParam())->blockId(); auto tree = treeStore.load(blockId).value(); - EXPECT_EQ(2*nodeStore->layout().maxBytesPerLeaf()*nodeStore->layout().maxChildrenPerInnerNode() + nodeStore->layout().maxBytesPerLeaf() + GetParam(), tree->numStoredBytes()); + EXPECT_EQ(2*nodeStore->layout().maxBytesPerLeaf()*nodeStore->layout().maxChildrenPerInnerNode() + nodeStore->layout().maxBytesPerLeaf() + GetParam(), tree->numBytes()); } TEST_P(DataTreeTest_NumStoredBytes_P, FullThreeLevelTree) { BlockId blockId = CreateFullThreeLevelWithLastLeafSize(GetParam())->blockId(); auto tree = treeStore.load(blockId).value(); - EXPECT_EQ(nodeStore->layout().maxBytesPerLeaf()*nodeStore->layout().maxChildrenPerInnerNode()*(nodeStore->layout().maxChildrenPerInnerNode()-1) + nodeStore->layout().maxBytesPerLeaf()*(nodeStore->layout().maxChildrenPerInnerNode()-1) + GetParam(), tree->numStoredBytes()); + EXPECT_EQ(nodeStore->layout().maxBytesPerLeaf()*nodeStore->layout().maxChildrenPerInnerNode()*(nodeStore->layout().maxChildrenPerInnerNode()-1) + nodeStore->layout().maxBytesPerLeaf()*(nodeStore->layout().maxChildrenPerInnerNode()-1) + GetParam(), tree->numBytes()); } TEST_P(DataTreeTest_NumStoredBytes_P, FourLevelMinDataTree) { BlockId blockId = CreateFourLevelMinDataWithLastLeafSize(GetParam())->blockId(); auto tree = treeStore.load(blockId).value(); - EXPECT_EQ(nodeStore->layout().maxBytesPerLeaf()*nodeStore->layout().maxChildrenPerInnerNode()*nodeStore->layout().maxChildrenPerInnerNode() + GetParam(), tree->numStoredBytes()); + EXPECT_EQ(nodeStore->layout().maxBytesPerLeaf()*nodeStore->layout().maxChildrenPerInnerNode()*nodeStore->layout().maxChildrenPerInnerNode() + GetParam(), tree->numBytes()); } diff --git a/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_Performance.cpp b/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_Performance.cpp index bb0f98ef..c400917f 100644 --- a/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_Performance.cpp +++ b/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_Performance.cpp @@ -3,14 +3,24 @@ #include using blobstore::onblocks::datatreestore::DataTree; -using blobstore::onblocks::datatreestore::LeafHandle; using blockstore::BlockId; using cpputils::Data; class DataTreeTest_Performance: public DataTreeTest { public: - void Traverse(DataTree *tree, uint64_t beginIndex, uint64_t endIndex) { - tree->traverseLeaves(beginIndex, endIndex, [] (uint32_t /*index*/, bool /*isRightBorderNode*/, LeafHandle /*leaf*/) {}, [this] (uint32_t /*index*/) -> Data {return Data(maxChildrenPerInnerNode).FillWithZeroes();}); + void TraverseByWriting(DataTree *tree, uint64_t beginIndex, uint64_t endIndex) { + uint64_t offset = beginIndex * maxBytesPerLeaf; + uint64_t count = endIndex * maxBytesPerLeaf - offset; + Data data(count); + data.FillWithZeroes(); + tree->writeBytes(data.data(), offset, count); + } + + void TraverseByReading(DataTree *tree, uint64_t beginIndex, uint64_t endIndex) { + uint64_t offset = beginIndex * maxBytesPerLeaf; + uint64_t count = endIndex * maxBytesPerLeaf - offset; + Data data(count); + tree->readBytes(data.data(), offset, count); } uint64_t maxChildrenPerInnerNode = nodeStore->layout().maxChildrenPerInnerNode(); @@ -71,84 +81,168 @@ TEST_F(DataTreeTest_Performance, DeletingDoesntLoadLeaves_Threelevel_DeleteByKey EXPECT_EQ(0u, blockStore->resizedBlocks().size()); } -TEST_F(DataTreeTest_Performance, TraverseLeaves_Twolevel_All) { +TEST_F(DataTreeTest_Performance, TraverseLeaves_Twolevel_All_ByWriting) { auto blockId = CreateFullTwoLevel()->blockId(); auto tree = treeStore.load(blockId).value(); blockStore->resetCounters(); - Traverse(tree.get(), 0, maxChildrenPerInnerNode); + TraverseByWriting(tree.get(), 0, maxChildrenPerInnerNode); - EXPECT_EQ(0u, blockStore->loadedBlocks().size()); // Doesn't actually load the leaves, but returns the keys of the leaves to the callback + EXPECT_EQ(1u, blockStore->loadedBlocks().size()); // Has to load the rightmost leaf once to adapt its size, rest of the leaves aren't loaded but just overwritten EXPECT_EQ(0u, blockStore->createdBlocks()); EXPECT_EQ(0u, blockStore->removedBlocks().size()); - EXPECT_EQ(0u, blockStore->distinctWrittenBlocks().size()); + EXPECT_EQ(maxChildrenPerInnerNode, blockStore->distinctWrittenBlocks().size()); EXPECT_EQ(0u, blockStore->resizedBlocks().size()); } -TEST_F(DataTreeTest_Performance, TraverseLeaves_Twolevel_Some) { +TEST_F(DataTreeTest_Performance, TraverseLeaves_Twolevel_All_ByReading) { auto blockId = CreateFullTwoLevel()->blockId(); auto tree = treeStore.load(blockId).value(); blockStore->resetCounters(); - Traverse(tree.get(), 3, 5); + TraverseByReading(tree.get(), 0, maxChildrenPerInnerNode); - EXPECT_EQ(0u, blockStore->loadedBlocks().size()); // Doesn't actually load the leaves, but returns the keys of the leaves to the callback + EXPECT_EQ(1u + maxChildrenPerInnerNode, blockStore->loadedBlocks().size()); // Has to read the rightmost leaf an additional time in the beginning to determine size. EXPECT_EQ(0u, blockStore->createdBlocks()); EXPECT_EQ(0u, blockStore->removedBlocks().size()); EXPECT_EQ(0u, blockStore->distinctWrittenBlocks().size()); EXPECT_EQ(0u, blockStore->resizedBlocks().size()); } -TEST_F(DataTreeTest_Performance, TraverseLeaves_Threelevel_All) { - auto blockId = CreateFullThreeLevel()->blockId(); +TEST_F(DataTreeTest_Performance, TraverseLeaves_Twolevel_Some_ByWriting) { + auto blockId = CreateFullTwoLevel()->blockId(); auto tree = treeStore.load(blockId).value(); blockStore->resetCounters(); - Traverse(tree.get(), 0, maxChildrenPerInnerNode * maxChildrenPerInnerNode); + TraverseByWriting(tree.get(), 3, 5); - EXPECT_EQ(maxChildrenPerInnerNode, blockStore->loadedBlocks().size()); // Loads inner nodes. Doesn't load the leaves, but returns the keys of the leaves to the callback + EXPECT_EQ(0u, blockStore->loadedBlocks().size()); + EXPECT_EQ(0u, blockStore->createdBlocks()); + EXPECT_EQ(0u, blockStore->removedBlocks().size()); + EXPECT_EQ(2u, blockStore->distinctWrittenBlocks().size()); + EXPECT_EQ(0u, blockStore->resizedBlocks().size()); +} + +TEST_F(DataTreeTest_Performance, TraverseLeaves_Twolevel_Some_ByReading) { + auto blockId = CreateFullTwoLevel()->blockId(); + auto tree = treeStore.load(blockId).value(); + blockStore->resetCounters(); + + TraverseByReading(tree.get(), 3, 5); + + EXPECT_EQ(3u, blockStore->loadedBlocks().size()); // reads 2 leaves and the rightmost leaf to determine size EXPECT_EQ(0u, blockStore->createdBlocks()); EXPECT_EQ(0u, blockStore->removedBlocks().size()); EXPECT_EQ(0u, blockStore->distinctWrittenBlocks().size()); EXPECT_EQ(0u, blockStore->resizedBlocks().size()); } -TEST_F(DataTreeTest_Performance, TraverseLeaves_Threelevel_InOneInner) { +TEST_F(DataTreeTest_Performance, TraverseLeaves_Threelevel_All_ByWriting) { auto blockId = CreateFullThreeLevel()->blockId(); auto tree = treeStore.load(blockId).value(); blockStore->resetCounters(); - Traverse(tree.get(), 3, 5); + TraverseByWriting(tree.get(), 0, maxChildrenPerInnerNode * maxChildrenPerInnerNode); - EXPECT_EQ(1u, blockStore->loadedBlocks().size()); // Loads inner node. Doesn't load the leaves, but returns the keys of the leaves to the callback + EXPECT_EQ(maxChildrenPerInnerNode + 1, blockStore->loadedBlocks().size()); // Loads inner nodes and has to load the rightmost leaf once to adapt its size, rest of the leaves aren't loaded but just overwritten. + EXPECT_EQ(0u, blockStore->createdBlocks()); + EXPECT_EQ(0u, blockStore->removedBlocks().size()); + EXPECT_EQ(maxChildrenPerInnerNode*maxChildrenPerInnerNode, blockStore->distinctWrittenBlocks().size()); + EXPECT_EQ(0u, blockStore->resizedBlocks().size()); +} + +TEST_F(DataTreeTest_Performance, TraverseLeaves_Threelevel_All_ByReading) { + auto blockId = CreateFullThreeLevel()->blockId(); + auto tree = treeStore.load(blockId).value(); + blockStore->resetCounters(); + + TraverseByReading(tree.get(), 0, maxChildrenPerInnerNode * maxChildrenPerInnerNode); + + EXPECT_EQ(maxChildrenPerInnerNode*maxChildrenPerInnerNode + maxChildrenPerInnerNode + 2, blockStore->loadedBlocks().size()); // Loads inner nodes and leaves. Has to load the rightmost inner node and leaf an additional time at the beginning to compute size EXPECT_EQ(0u, blockStore->createdBlocks()); EXPECT_EQ(0u, blockStore->removedBlocks().size()); EXPECT_EQ(0u, blockStore->distinctWrittenBlocks().size()); EXPECT_EQ(0u, blockStore->resizedBlocks().size()); } -TEST_F(DataTreeTest_Performance, TraverseLeaves_Threelevel_InTwoInner) { +TEST_F(DataTreeTest_Performance, TraverseLeaves_Threelevel_InOneInner_ByWriting) { auto blockId = CreateFullThreeLevel()->blockId(); auto tree = treeStore.load(blockId).value(); blockStore->resetCounters(); - Traverse(tree.get(), 3, 3 + maxChildrenPerInnerNode); + TraverseByWriting(tree.get(), 3, 5); + + EXPECT_EQ(1u, blockStore->loadedBlocks().size()); // Loads inner node. Doesn't load the leaves, they're just overwritten. + EXPECT_EQ(0u, blockStore->createdBlocks()); + EXPECT_EQ(0u, blockStore->removedBlocks().size()); + EXPECT_EQ(2u, blockStore->distinctWrittenBlocks().size()); + EXPECT_EQ(0u, blockStore->resizedBlocks().size()); +} + +TEST_F(DataTreeTest_Performance, TraverseLeaves_Threelevel_InOneInner_ByReading) { + auto blockId = CreateFullThreeLevel()->blockId(); + auto tree = treeStore.load(blockId).value(); + blockStore->resetCounters(); + + TraverseByReading(tree.get(), 3, 5); + + EXPECT_EQ(5u, blockStore->loadedBlocks().size()); // reads 2 leaves and the inner node, also has to read the rightmost inner node and leaf additionally at the beginning to determine size + EXPECT_EQ(0u, blockStore->createdBlocks()); + EXPECT_EQ(0u, blockStore->removedBlocks().size()); + EXPECT_EQ(0u, blockStore->distinctWrittenBlocks().size()); + EXPECT_EQ(0u, blockStore->resizedBlocks().size()); +} + +TEST_F(DataTreeTest_Performance, TraverseLeaves_Threelevel_InTwoInner_ByWriting) { + auto blockId = CreateFullThreeLevel()->blockId(); + auto tree = treeStore.load(blockId).value(); + blockStore->resetCounters(); + + TraverseByWriting(tree.get(), 3, 3 + maxChildrenPerInnerNode); EXPECT_EQ(2u, blockStore->loadedBlocks().size()); // Loads both inner node EXPECT_EQ(0u, blockStore->createdBlocks()); EXPECT_EQ(0u, blockStore->removedBlocks().size()); - EXPECT_EQ(0u, blockStore->distinctWrittenBlocks().size()); + EXPECT_EQ(maxChildrenPerInnerNode, blockStore->distinctWrittenBlocks().size()); EXPECT_EQ(0u, blockStore->resizedBlocks().size()); } -TEST_F(DataTreeTest_Performance, TraverseLeaves_Threelevel_WholeInner) { +TEST_F(DataTreeTest_Performance, TraverseLeaves_Threelevel_InTwoInner_ByReading) { auto blockId = CreateFullThreeLevel()->blockId(); auto tree = treeStore.load(blockId).value(); blockStore->resetCounters(); - Traverse(tree.get(), maxChildrenPerInnerNode, 2*maxChildrenPerInnerNode); + TraverseByReading(tree.get(), 3, 3 + maxChildrenPerInnerNode); - EXPECT_EQ(1u, blockStore->loadedBlocks().size()); // Loads inner node. Doesn't load the leaves, but returns the keys of the leaves to the callback + EXPECT_EQ(4u + maxChildrenPerInnerNode, blockStore->loadedBlocks().size()); // Loads both inner nodes and the requested leaves. Also has to load rightmost inner node and leaf additionally in the beginning to determine size. + EXPECT_EQ(0u, blockStore->createdBlocks()); + EXPECT_EQ(0u, blockStore->removedBlocks().size()); + EXPECT_EQ(0u, blockStore->distinctWrittenBlocks().size()); + EXPECT_EQ(0u, blockStore->resizedBlocks().size()); +} + +TEST_F(DataTreeTest_Performance, TraverseLeaves_Threelevel_WholeInner_ByWriting) { + auto blockId = CreateFullThreeLevel()->blockId(); + auto tree = treeStore.load(blockId).value(); + blockStore->resetCounters(); + + TraverseByWriting(tree.get(), maxChildrenPerInnerNode, 2*maxChildrenPerInnerNode); + + EXPECT_EQ(1u, blockStore->loadedBlocks().size()); // Loads inner node. Doesn't load the leaves, they're just overwritten. + EXPECT_EQ(0u, blockStore->createdBlocks()); + EXPECT_EQ(0u, blockStore->removedBlocks().size()); + EXPECT_EQ(maxChildrenPerInnerNode, blockStore->distinctWrittenBlocks().size()); + EXPECT_EQ(0u, blockStore->resizedBlocks().size()); +} + +TEST_F(DataTreeTest_Performance, TraverseLeaves_Threelevel_WholeInner_ByReading) { + auto blockId = CreateFullThreeLevel()->blockId(); + auto tree = treeStore.load(blockId).value(); + blockStore->resetCounters(); + + TraverseByReading(tree.get(), maxChildrenPerInnerNode, 2*maxChildrenPerInnerNode); + + EXPECT_EQ(3u + maxChildrenPerInnerNode, blockStore->loadedBlocks().size()); // Loads inner node and all requested leaves. Also has to load rightmost inner node and leaf additionally in the beginning to determine size. EXPECT_EQ(0u, blockStore->createdBlocks()); EXPECT_EQ(0u, blockStore->removedBlocks().size()); EXPECT_EQ(0u, blockStore->distinctWrittenBlocks().size()); @@ -160,12 +254,12 @@ TEST_F(DataTreeTest_Performance, TraverseLeaves_GrowingTree_StartingInside) { auto tree = treeStore.load(blockId).value(); blockStore->resetCounters(); - Traverse(tree.get(), 1, 4); + TraverseByWriting(tree.get(), 1, 4); EXPECT_EQ(1u, blockStore->loadedBlocks().size()); // Loads last old child (for growing it) EXPECT_EQ(2u, blockStore->createdBlocks()); EXPECT_EQ(0u, blockStore->removedBlocks().size()); - EXPECT_EQ(1u, blockStore->distinctWrittenBlocks().size()); // add children to inner node + EXPECT_EQ(2u, blockStore->distinctWrittenBlocks().size()); // write the data and add children to inner node EXPECT_EQ(0u, blockStore->resizedBlocks().size()); } @@ -174,7 +268,7 @@ TEST_F(DataTreeTest_Performance, TraverseLeaves_GrowingTree_StartingOutside_TwoL auto tree = treeStore.load(blockId).value(); blockStore->resetCounters(); - Traverse(tree.get(), 4, 5); + TraverseByWriting(tree.get(), 4, 5); EXPECT_EQ(1u, blockStore->loadedBlocks().size()); // Loads last old leaf for growing it EXPECT_EQ(3u, blockStore->createdBlocks()); @@ -188,7 +282,7 @@ TEST_F(DataTreeTest_Performance, TraverseLeaves_GrowingTree_StartingOutside_Thre auto tree = treeStore.load(blockId).value(); blockStore->resetCounters(); - Traverse(tree.get(), 2*maxChildrenPerInnerNode+1, 2*maxChildrenPerInnerNode+2); + TraverseByWriting(tree.get(), 2*maxChildrenPerInnerNode+1, 2*maxChildrenPerInnerNode+2); EXPECT_EQ(2u, blockStore->loadedBlocks().size()); // Loads last old leaf (and its inner node) for growing it EXPECT_EQ(3u, blockStore->createdBlocks()); // inner node and two leaves @@ -202,12 +296,12 @@ TEST_F(DataTreeTest_Performance, TraverseLeaves_GrowingTree_StartingAtBeginOfChi auto tree = treeStore.load(blockId).value(); blockStore->resetCounters(); - Traverse(tree.get(), maxChildrenPerInnerNode, 3*maxChildrenPerInnerNode); + TraverseByWriting(tree.get(), maxChildrenPerInnerNode, 3*maxChildrenPerInnerNode); EXPECT_EQ(2u, blockStore->loadedBlocks().size()); // Loads inner node and one leaf to check whether we have to grow it. Doesn't load the leaves, but returns the keys of the leaves to the callback. EXPECT_EQ(1u + maxChildrenPerInnerNode, blockStore->createdBlocks()); // Creates an inner node and its leaves EXPECT_EQ(0u, blockStore->removedBlocks().size()); - EXPECT_EQ(1u, blockStore->distinctWrittenBlocks().size()); // add children to existing inner node + EXPECT_EQ(maxChildrenPerInnerNode + 1u, blockStore->distinctWrittenBlocks().size()); // write data and add children to existing inner node EXPECT_EQ(0u, blockStore->resizedBlocks().size()); } @@ -216,7 +310,7 @@ TEST_F(DataTreeTest_Performance, TraverseLeaves_GrowingTreeDepth_StartingInOldDe auto tree = treeStore.load(blockId).value(); blockStore->resetCounters(); - Traverse(tree.get(), 4, maxChildrenPerInnerNode+2); + TraverseByWriting(tree.get(), 4, maxChildrenPerInnerNode+2); EXPECT_EQ(1u, blockStore->loadedBlocks().size()); // Loads last old leaf for growing it EXPECT_EQ(2u + maxChildrenPerInnerNode, blockStore->createdBlocks()); // 2x new inner node + leaves @@ -230,7 +324,7 @@ TEST_F(DataTreeTest_Performance, TraverseLeaves_GrowingTreeDepth_StartingInOldDe auto tree = treeStore.load(blockId).value(); blockStore->resetCounters(); - Traverse(tree.get(), 4, maxChildrenPerInnerNode+2); + TraverseByWriting(tree.get(), 4, maxChildrenPerInnerNode+2); EXPECT_EQ(1u, blockStore->loadedBlocks().size()); // Loads last old leaf for growing it EXPECT_EQ(2u + maxChildrenPerInnerNode, blockStore->createdBlocks()); // 2x new inner node + leaves @@ -244,7 +338,7 @@ TEST_F(DataTreeTest_Performance, TraverseLeaves_GrowingTreeDepth_StartingInNewDe auto tree = treeStore.load(blockId).value(); blockStore->resetCounters(); - Traverse(tree.get(), maxChildrenPerInnerNode, maxChildrenPerInnerNode+2); + TraverseByWriting(tree.get(), maxChildrenPerInnerNode, maxChildrenPerInnerNode+2); EXPECT_EQ(1u, blockStore->loadedBlocks().size()); // Loads last old leaf for growing it EXPECT_EQ(2u + maxChildrenPerInnerNode, blockStore->createdBlocks()); // 2x new inner node + leaves @@ -258,7 +352,7 @@ TEST_F(DataTreeTest_Performance, TraverseLeaves_GrowingTreeDepth_StartingInNewDe auto tree = treeStore.load(blockId).value(); blockStore->resetCounters(); - Traverse(tree.get(), maxChildrenPerInnerNode, maxChildrenPerInnerNode+2); + TraverseByWriting(tree.get(), maxChildrenPerInnerNode, maxChildrenPerInnerNode+2); EXPECT_EQ(1u, blockStore->loadedBlocks().size()); // Loads last old leaf for growing it EXPECT_EQ(2u + maxChildrenPerInnerNode, blockStore->createdBlocks()); // 2x new inner node + leaves diff --git a/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_ResizeByTraversing.cpp b/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_ResizeByTraversing.cpp index 70357975..b113fdb8 100644 --- a/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_ResizeByTraversing.cpp +++ b/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_ResizeByTraversing.cpp @@ -19,7 +19,6 @@ using blobstore::onblocks::datanodestore::DataInnerNode; using blobstore::onblocks::datanodestore::DataNode; using blobstore::onblocks::datanodestore::DataNodeLayout; using blobstore::onblocks::datatreestore::DataTree; -using blobstore::onblocks::datatreestore::LeafHandle; using blobstore::onblocks::utils::ceilDivision; using blockstore::BlockId; using cpputils::Data; @@ -109,9 +108,13 @@ public: GrowTree(tree.get().get()); } - void GrowTree(DataTree *tree, std::function traverse = [] (uint32_t){}) { + void GrowTree(DataTree *tree) { uint64_t maxBytesPerLeaf = tree->maxBytesPerLeaf(); - tree->traverseLeaves(traversalBeginIndex, newNumberOfLeaves, [&traverse] (uint32_t index, bool, LeafHandle){traverse(index);}, [maxBytesPerLeaf, &traverse] (uint32_t index) -> Data { traverse(index); return Data(maxBytesPerLeaf).FillWithZeroes();}); + uint64_t offset = traversalBeginIndex * maxBytesPerLeaf; + uint64_t count = newNumberOfLeaves * maxBytesPerLeaf - offset; + Data data(count); + data.FillWithZeroes(); + tree->writeBytes(data.data(), offset, count); tree->flush(); } @@ -163,7 +166,6 @@ INSTANTIATE_TEST_CASE_P(DataTreeTest_ResizeByTraversing_P, DataTreeTest_ResizeBy ), //Decide the traversal begin index Values( - [] (uint32_t /*oldNumberOfLeaves*/, uint32_t newNumberOfLeaves) {return newNumberOfLeaves;}, // Don't traverse any leaves, just resize (begin==end) [] (uint32_t /*oldNumberOfLeaves*/, uint32_t newNumberOfLeaves) {return newNumberOfLeaves-1;}, // Traverse last leaf (begin==end-1) [] (uint32_t oldNumberOfLeaves, uint32_t newNumberOfLeaves) {return (oldNumberOfLeaves+newNumberOfLeaves)/2;}, // Start traversal in middle of new leaves [] (uint32_t oldNumberOfLeaves, uint32_t /*newNumberOfLeaves*/) {return oldNumberOfLeaves-1;}, // Start traversal with last old leaf @@ -189,9 +191,9 @@ TEST_P(DataTreeTest_ResizeByTraversing_P, NumLeavesIsCorrect_FromCache) { TEST_P(DataTreeTest_ResizeByTraversing_P, NumLeavesIsCorrect) { GrowTree(tree.get()); - // tree->_forceComputeNumLeaves() only goes down the right border nodes and expects the tree to be a left max data tree. + // tree->forceComputeNumLeaves() only goes down the right border nodes and expects the tree to be a left max data tree. // This is what the StructureIsValid test case is for. - EXPECT_EQ(newNumberOfLeaves, tree->_forceComputeNumLeaves()); + EXPECT_EQ(newNumberOfLeaves, tree->forceComputeNumLeaves()); } TEST_P(DataTreeTest_ResizeByTraversing_P, DepthFlagsAreCorrect) { @@ -208,7 +210,8 @@ TEST_P(DataTreeTest_ResizeByTraversing_P, KeyDoesntChange) { } TEST_P(DataTreeTest_ResizeByTraversing_P, DataStaysIntact) { - uint32_t oldNumberOfLeaves = std::max(UINT64_C(1), ceilDivision(tree->numStoredBytes(), static_cast(nodeStore->layout().maxBytesPerLeaf()))); + uint32_t oldNumberOfLeaves = std::max(UINT64_C(1), ceilDivision(tree->numBytes(), static_cast(nodeStore->layout().maxBytesPerLeaf()))); + TwoLevelDataFixture data(nodeStore, TwoLevelDataFixture::SizePolicy::Unchanged); BlockId blockId = tree->blockId(); cpputils::destruct(std::move(tree)); @@ -216,15 +219,13 @@ TEST_P(DataTreeTest_ResizeByTraversing_P, DataStaysIntact) { GrowTree(blockId); - data.EXPECT_DATA_CORRECT(nodeStore->load(blockId).get().get(), oldNumberOfLeaves, oldLastLeafSize); -} - -TEST_P(DataTreeTest_ResizeByTraversing_P, AllLeavesAreTraversed) { - std::vector traversedLeaves; - GrowTree(tree.get(), [&traversedLeaves] (uint32_t index) {traversedLeaves.push_back(index);}); - - EXPECT_EQ(newNumberOfLeaves-traversalBeginIndex, traversedLeaves.size()); - for (uint32_t i = traversalBeginIndex; i < newNumberOfLeaves; ++i) { - EXPECT_NE(traversedLeaves.end(), std::find(traversedLeaves.begin(), traversedLeaves.end(), i)); + if (traversalBeginIndex < oldNumberOfLeaves) { + // Traversal wrote over part of the pre-existing data, we can only check the data before it. + if (traversalBeginIndex != 0) { + data.EXPECT_DATA_CORRECT(nodeStore->load(blockId).get().get(), traversalBeginIndex - 1); + } + } else { + // Here, traversal was entirely outside the preexisting data, we can check all preexisting data. + data.EXPECT_DATA_CORRECT(nodeStore->load(blockId).get().get(), oldNumberOfLeaves, oldLastLeafSize); } } diff --git a/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_ResizeNumBytes.cpp b/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_ResizeNumBytes.cpp index bf076b77..bd74fe7f 100644 --- a/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_ResizeNumBytes.cpp +++ b/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_ResizeNumBytes.cpp @@ -171,9 +171,9 @@ TEST_P(DataTreeTest_ResizeNumBytes_P, StructureIsValid) { TEST_P(DataTreeTest_ResizeNumBytes_P, NumBytesIsCorrect) { tree->resizeNumBytes(newSize); tree->flush(); - // tree->numStoredBytes() only goes down the right border nodes and expects the tree to be a left max data tree. + // tree->numBytes() only goes down the right border nodes and expects the tree to be a left max data tree. // This is what the StructureIsValid test case is for. - EXPECT_EQ(newSize, tree->numStoredBytes()); + EXPECT_EQ(newSize, tree->numBytes()); } TEST_P(DataTreeTest_ResizeNumBytes_P, NumLeavesIsCorrect) { @@ -181,7 +181,7 @@ TEST_P(DataTreeTest_ResizeNumBytes_P, NumLeavesIsCorrect) { tree->flush(); // tree->numLeaves() only goes down the right border nodes and expects the tree to be a left max data tree. // This is what the StructureIsValid test case is for. - EXPECT_EQ(newNumberOfLeaves, tree->_forceComputeNumLeaves()); + EXPECT_EQ(newNumberOfLeaves, tree->forceComputeNumLeaves()); } TEST_P(DataTreeTest_ResizeNumBytes_P, NumLeavesIsCorrect_FromCache) { @@ -208,7 +208,7 @@ TEST_P(DataTreeTest_ResizeNumBytes_P, KeyDoesntChange) { } TEST_P(DataTreeTest_ResizeNumBytes_P, DataStaysIntact) { - uint32_t oldNumberOfLeaves = std::max(UINT64_C(1), ceilDivision(tree->numStoredBytes(), static_cast(nodeStore->layout().maxBytesPerLeaf()))); + uint32_t oldNumberOfLeaves = std::max(UINT64_C(1), ceilDivision(tree->numBytes(), static_cast(nodeStore->layout().maxBytesPerLeaf()))); TwoLevelDataFixture data(nodeStore, TwoLevelDataFixture::SizePolicy::Unchanged); BlockId blockId = tree->blockId(); cpputils::destruct(std::move(tree)); diff --git a/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_TraverseLeaves.cpp b/test/blobstore/implementations/onblocks/datatreestore/LeafTraverserTest.cpp similarity index 68% rename from test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_TraverseLeaves.cpp rename to test/blobstore/implementations/onblocks/datatreestore/LeafTraverserTest.cpp index 91119f95..d104f571 100644 --- a/test/blobstore/implementations/onblocks/datatreestore/DataTreeTest_TraverseLeaves.cpp +++ b/test/blobstore/implementations/onblocks/datatreestore/LeafTraverserTest.cpp @@ -1,4 +1,5 @@ #include "testutils/DataTreeTest.h" +#include #include using ::testing::_; @@ -9,6 +10,7 @@ using blobstore::onblocks::datanodestore::DataLeafNode; using blobstore::onblocks::datanodestore::DataInnerNode; using blobstore::onblocks::datanodestore::DataNode; using blobstore::onblocks::datatreestore::LeafHandle; +using blobstore::onblocks::datatreestore::LeafTraverser; using blockstore::BlockId; using cpputils::unique_ref; @@ -26,9 +28,9 @@ MATCHER_P(KeyEq, expected, "node blockId equals") { return arg->blockId() == expected; } -class DataTreeTest_TraverseLeaves: public DataTreeTest { +class LeafTraverserTest: public DataTreeTest { public: - DataTreeTest_TraverseLeaves() :traversor() {} + LeafTraverserTest() :traversor() {} unique_ref CreateThreeLevel() { return CreateInner({ @@ -70,166 +72,172 @@ public: EXPECT_CALL(traversor, calledCreateLeaf(_)).Times(0); } - void TraverseLeaves(DataNode *root, uint32_t beginIndex, uint32_t endIndex) { + void TraverseLeaves(unique_ref root, uint32_t beginIndex, uint32_t endIndex, bool expectReadOnly) { root->flush(); auto tree = treeStore.load(root->blockId()).value(); - tree->traverseLeaves(beginIndex, endIndex, [this] (uint32_t nodeIndex, bool isRightBorderNode,LeafHandle leaf) { + auto* old_root = root.get(); + LeafTraverser(nodeStore, expectReadOnly).traverseAndUpdateRoot(&root, beginIndex, endIndex, [this] (uint32_t nodeIndex, bool isRightBorderNode,LeafHandle leaf) { traversor.calledExistingLeaf(leaf.node(), isRightBorderNode, nodeIndex); }, [this] (uint32_t nodeIndex) -> Data { return traversor.calledCreateLeaf(nodeIndex)->copy(); - }); + }, [] (auto) {}); + if (expectReadOnly) { + EXPECT_EQ(old_root, root.get()); + } else { + EXPECT_NE(old_root, root.get()); + } } TraversorMock traversor; }; -TEST_F(DataTreeTest_TraverseLeaves, TraverseSingleLeafTree) { - auto root = CreateLeaf(); +TEST_F(LeafTraverserTest, TraverseSingleLeafTree) { + unique_ref root = CreateLeaf(); EXPECT_TRAVERSE_LEAF(root->blockId(), true, 0); - TraverseLeaves(root.get(), 0, 1); + TraverseLeaves(std::move(root), 0, 1, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseNothingInSingleLeafTree1) { - auto root = CreateLeaf(); +TEST_F(LeafTraverserTest, TraverseNothingInSingleLeafTree1) { + unique_ref root = CreateLeaf(); EXPECT_DONT_TRAVERSE_ANY_LEAVES(); - TraverseLeaves(root.get(), 0, 0); + TraverseLeaves(std::move(root), 0, 0, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseNothingInSingleLeafTree2) { - auto root = CreateLeaf(); +TEST_F(LeafTraverserTest, TraverseNothingInSingleLeafTree2) { + unique_ref root = CreateLeaf(); EXPECT_DONT_TRAVERSE_ANY_LEAVES(); - TraverseLeaves(root.get(), 1, 1); + TraverseLeaves(std::move(root), 1, 1, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseFirstLeafOfFullTwolevelTree) { +TEST_F(LeafTraverserTest, TraverseFirstLeafOfFullTwolevelTree) { auto root = CreateFullTwoLevel(); EXPECT_TRAVERSE_LEAF(root->readChild(0).blockId(), false, 0); - TraverseLeaves(root.get(), 0, 1); + TraverseLeaves(std::move(root), 0, 1, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseMiddleLeafOfFullTwolevelTree) { +TEST_F(LeafTraverserTest, TraverseMiddleLeafOfFullTwolevelTree) { auto root = CreateFullTwoLevel(); EXPECT_TRAVERSE_LEAF(root->readChild(5).blockId(), false, 5); - TraverseLeaves(root.get(), 5, 6); + TraverseLeaves(std::move(root), 5, 6, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseLastLeafOfFullTwolevelTree) { +TEST_F(LeafTraverserTest, TraverseLastLeafOfFullTwolevelTree) { auto root = CreateFullTwoLevel(); EXPECT_TRAVERSE_LEAF(root->readChild(nodeStore->layout().maxChildrenPerInnerNode()-1).blockId(), true, nodeStore->layout().maxChildrenPerInnerNode()-1); - TraverseLeaves(root.get(), nodeStore->layout().maxChildrenPerInnerNode()-1, nodeStore->layout().maxChildrenPerInnerNode()); + TraverseLeaves(std::move(root), nodeStore->layout().maxChildrenPerInnerNode()-1, nodeStore->layout().maxChildrenPerInnerNode(), true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseNothingInFullTwolevelTree1) { +TEST_F(LeafTraverserTest, TraverseNothingInFullTwolevelTree1) { auto root = CreateFullTwoLevel(); EXPECT_DONT_TRAVERSE_ANY_LEAVES(); - TraverseLeaves(root.get(), 0, 0); + TraverseLeaves(std::move(root), 0, 0, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseNothingInFullTwolevelTree2) { +TEST_F(LeafTraverserTest, TraverseNothingInFullTwolevelTree2) { auto root = CreateFullTwoLevel(); EXPECT_DONT_TRAVERSE_ANY_LEAVES(); - TraverseLeaves(root.get(), nodeStore->layout().maxChildrenPerInnerNode(), nodeStore->layout().maxChildrenPerInnerNode()); + TraverseLeaves(std::move(root), nodeStore->layout().maxChildrenPerInnerNode(), nodeStore->layout().maxChildrenPerInnerNode(), true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseFirstLeafOfThreeLevelMinDataTree) { +TEST_F(LeafTraverserTest, TraverseFirstLeafOfThreeLevelMinDataTree) { auto root = CreateThreeLevelMinData(); EXPECT_TRAVERSE_LEAF(LoadInnerNode(root->readChild(0).blockId())->readChild(0).blockId(), false, 0); - TraverseLeaves(root.get(), 0, 1); + TraverseLeaves(std::move(root), 0, 1, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseMiddleLeafOfThreeLevelMinDataTree) { +TEST_F(LeafTraverserTest, TraverseMiddleLeafOfThreeLevelMinDataTree) { auto root = CreateThreeLevelMinData(); EXPECT_TRAVERSE_LEAF(LoadInnerNode(root->readChild(0).blockId())->readChild(5).blockId(), false, 5); - TraverseLeaves(root.get(), 5, 6); + TraverseLeaves(std::move(root), 5, 6, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseLastLeafOfThreeLevelMinDataTree) { +TEST_F(LeafTraverserTest, TraverseLastLeafOfThreeLevelMinDataTree) { auto root = CreateThreeLevelMinData(); EXPECT_TRAVERSE_LEAF(LoadInnerNode(root->readChild(1).blockId())->readChild(0).blockId(), true, nodeStore->layout().maxChildrenPerInnerNode()); - TraverseLeaves(root.get(), nodeStore->layout().maxChildrenPerInnerNode(), nodeStore->layout().maxChildrenPerInnerNode()+1); + TraverseLeaves(std::move(root), nodeStore->layout().maxChildrenPerInnerNode(), nodeStore->layout().maxChildrenPerInnerNode()+1, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseAllLeavesOfFullTwolevelTree) { +TEST_F(LeafTraverserTest, TraverseAllLeavesOfFullTwolevelTree) { auto root = CreateFullTwoLevel(); EXPECT_TRAVERSE_ALL_CHILDREN_OF(*root, true, 0); - TraverseLeaves(root.get(), 0, nodeStore->layout().maxChildrenPerInnerNode()); + TraverseLeaves(std::move(root), 0, nodeStore->layout().maxChildrenPerInnerNode(), true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseAllLeavesOfThreelevelMinDataTree) { +TEST_F(LeafTraverserTest, TraverseAllLeavesOfThreelevelMinDataTree) { auto root = CreateThreeLevelMinData(); EXPECT_TRAVERSE_ALL_CHILDREN_OF(*LoadInnerNode(root->readChild(0).blockId()), false, 0); EXPECT_TRAVERSE_LEAF(LoadInnerNode(root->readChild(1).blockId())->readChild(0).blockId(), true, nodeStore->layout().maxChildrenPerInnerNode()); - TraverseLeaves(root.get(), 0, nodeStore->layout().maxChildrenPerInnerNode()+1); + TraverseLeaves(std::move(root), 0, nodeStore->layout().maxChildrenPerInnerNode()+1, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseFirstChildOfThreelevelMinDataTree) { +TEST_F(LeafTraverserTest, TraverseFirstChildOfThreelevelMinDataTree) { auto root = CreateThreeLevelMinData(); EXPECT_TRAVERSE_ALL_CHILDREN_OF(*LoadInnerNode(root->readChild(0).blockId()), false, 0); - TraverseLeaves(root.get(), 0, nodeStore->layout().maxChildrenPerInnerNode()); + TraverseLeaves(std::move(root), 0, nodeStore->layout().maxChildrenPerInnerNode(), true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseFirstPartOfFullTwolevelTree) { +TEST_F(LeafTraverserTest, TraverseFirstPartOfFullTwolevelTree) { auto root = CreateFullTwoLevel(); for (unsigned int i = 0; i < 5; ++i) { EXPECT_TRAVERSE_LEAF(root->readChild(i).blockId(), false, i); } - TraverseLeaves(root.get(), 0, 5); + TraverseLeaves(std::move(root), 0, 5, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseInnerPartOfFullTwolevelTree) { +TEST_F(LeafTraverserTest, TraverseInnerPartOfFullTwolevelTree) { auto root = CreateFullTwoLevel(); for (unsigned int i = 5; i < 10; ++i) { EXPECT_TRAVERSE_LEAF(root->readChild(i).blockId(), false, i); } - TraverseLeaves(root.get(), 5, 10); + TraverseLeaves(std::move(root), 5, 10, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseLastPartOfFullTwolevelTree) { +TEST_F(LeafTraverserTest, TraverseLastPartOfFullTwolevelTree) { auto root = CreateFullTwoLevel(); for (unsigned int i = 5; i < nodeStore->layout().maxChildrenPerInnerNode(); ++i) { EXPECT_TRAVERSE_LEAF(root->readChild(i).blockId(), i==nodeStore->layout().maxChildrenPerInnerNode()-1, i); } - TraverseLeaves(root.get(), 5, nodeStore->layout().maxChildrenPerInnerNode()); + TraverseLeaves(std::move(root), 5, nodeStore->layout().maxChildrenPerInnerNode(), true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseFirstPartOfThreelevelMinDataTree) { +TEST_F(LeafTraverserTest, TraverseFirstPartOfThreelevelMinDataTree) { auto root = CreateThreeLevelMinData(); auto node = LoadInnerNode(root->readChild(0).blockId()); for (unsigned int i = 0; i < 5; ++i) { EXPECT_TRAVERSE_LEAF(node->readChild(i).blockId(), false, i); } - TraverseLeaves(root.get(), 0, 5); + TraverseLeaves(std::move(root), 0, 5, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseInnerPartOfThreelevelMinDataTree) { +TEST_F(LeafTraverserTest, TraverseInnerPartOfThreelevelMinDataTree) { auto root = CreateThreeLevelMinData(); auto node = LoadInnerNode(root->readChild(0).blockId()); for (unsigned int i = 5; i < 10; ++i) { EXPECT_TRAVERSE_LEAF(node->readChild(i).blockId(), false, i); } - TraverseLeaves(root.get(), 5, 10); + TraverseLeaves(std::move(root), 5, 10, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseLastPartOfThreelevelMinDataTree) { +TEST_F(LeafTraverserTest, TraverseLastPartOfThreelevelMinDataTree) { auto root = CreateThreeLevelMinData(); auto node = LoadInnerNode(root->readChild(0).blockId()); for (unsigned int i = 5; i < nodeStore->layout().maxChildrenPerInnerNode(); ++i) { @@ -237,33 +245,33 @@ TEST_F(DataTreeTest_TraverseLeaves, TraverseLastPartOfThreelevelMinDataTree) { } EXPECT_TRAVERSE_LEAF(LoadInnerNode(root->readChild(1).blockId())->readChild(0).blockId(), true, nodeStore->layout().maxChildrenPerInnerNode()); - TraverseLeaves(root.get(), 5, nodeStore->layout().maxChildrenPerInnerNode()+1); + TraverseLeaves(std::move(root), 5, nodeStore->layout().maxChildrenPerInnerNode()+1, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseFirstLeafOfThreelevelTree) { +TEST_F(LeafTraverserTest, TraverseFirstLeafOfThreelevelTree) { auto root = CreateThreeLevel(); EXPECT_TRAVERSE_LEAF(LoadInnerNode(root->readChild(0).blockId())->readChild(0).blockId(), false, 0); - TraverseLeaves(root.get(), 0, 1); + TraverseLeaves(std::move(root), 0, 1, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseLastLeafOfThreelevelTree) { +TEST_F(LeafTraverserTest, TraverseLastLeafOfThreelevelTree) { auto root = CreateThreeLevel(); uint32_t numLeaves = nodeStore->layout().maxChildrenPerInnerNode() * 5 + 3; EXPECT_TRAVERSE_LEAF(LoadInnerNode(root->readLastChild().blockId())->readLastChild().blockId(), true, numLeaves-1); - TraverseLeaves(root.get(), numLeaves-1, numLeaves); + TraverseLeaves(std::move(root), numLeaves-1, numLeaves, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseMiddleLeafOfThreelevelTree) { +TEST_F(LeafTraverserTest, TraverseMiddleLeafOfThreelevelTree) { auto root = CreateThreeLevel(); uint32_t wantedLeafIndex = nodeStore->layout().maxChildrenPerInnerNode() * 2 + 5; EXPECT_TRAVERSE_LEAF(LoadInnerNode(root->readChild(2).blockId())->readChild(5).blockId(), false, wantedLeafIndex); - TraverseLeaves(root.get(), wantedLeafIndex, wantedLeafIndex+1); + TraverseLeaves(std::move(root), wantedLeafIndex, wantedLeafIndex+1, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseFirstPartOfThreelevelTree) { +TEST_F(LeafTraverserTest, TraverseFirstPartOfThreelevelTree) { auto root = CreateThreeLevel(); //Traverse all leaves in the first two children of the root for(unsigned int i = 0; i < 2; ++i) { @@ -275,10 +283,10 @@ TEST_F(DataTreeTest_TraverseLeaves, TraverseFirstPartOfThreelevelTree) { EXPECT_TRAVERSE_LEAF(child->readChild(i).blockId(), false, 2 * nodeStore->layout().maxChildrenPerInnerNode() + i); } - TraverseLeaves(root.get(), 0, 2 * nodeStore->layout().maxChildrenPerInnerNode() + 5); + TraverseLeaves(std::move(root), 0, 2 * nodeStore->layout().maxChildrenPerInnerNode() + 5, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseMiddlePartOfThreelevelTree_OnlyFullChildren) { +TEST_F(LeafTraverserTest, TraverseMiddlePartOfThreelevelTree_OnlyFullChildren) { auto root = CreateThreeLevel(); //Traverse some of the leaves in the second child of the root auto child = LoadInnerNode(root->readChild(1).blockId()); @@ -295,10 +303,10 @@ TEST_F(DataTreeTest_TraverseLeaves, TraverseMiddlePartOfThreelevelTree_OnlyFullC EXPECT_TRAVERSE_LEAF(child->readChild(i).blockId(), false, 4 * nodeStore->layout().maxChildrenPerInnerNode() + i); } - TraverseLeaves(root.get(), nodeStore->layout().maxChildrenPerInnerNode() + 5, 4 * nodeStore->layout().maxChildrenPerInnerNode() + 5); + TraverseLeaves(std::move(root), nodeStore->layout().maxChildrenPerInnerNode() + 5, 4 * nodeStore->layout().maxChildrenPerInnerNode() + 5, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseMiddlePartOfThreelevelTree_AlsoLastNonfullChild) { +TEST_F(LeafTraverserTest, TraverseMiddlePartOfThreelevelTree_AlsoLastNonfullChild) { auto root = CreateThreeLevel(); //Traverse some of the leaves in the second child of the root auto child = LoadInnerNode(root->readChild(1).blockId()); @@ -315,10 +323,10 @@ TEST_F(DataTreeTest_TraverseLeaves, TraverseMiddlePartOfThreelevelTree_AlsoLastN EXPECT_TRAVERSE_LEAF(child->readChild(i).blockId(), false, 5 * nodeStore->layout().maxChildrenPerInnerNode() + i); } - TraverseLeaves(root.get(), nodeStore->layout().maxChildrenPerInnerNode() + 5, 5 * nodeStore->layout().maxChildrenPerInnerNode() + 2); + TraverseLeaves(std::move(root), nodeStore->layout().maxChildrenPerInnerNode() + 5, 5 * nodeStore->layout().maxChildrenPerInnerNode() + 2, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseLastPartOfThreelevelTree) { +TEST_F(LeafTraverserTest, TraverseLastPartOfThreelevelTree) { auto root = CreateThreeLevel(); //Traverse some of the leaves in the second child of the root auto child = LoadInnerNode(root->readChild(1).blockId()); @@ -335,10 +343,10 @@ TEST_F(DataTreeTest_TraverseLeaves, TraverseLastPartOfThreelevelTree) { EXPECT_TRAVERSE_LEAF(child->readChild(i).blockId(), i == child->numChildren()-1, 5 * nodeStore->layout().maxChildrenPerInnerNode() + i); } - TraverseLeaves(root.get(), nodeStore->layout().maxChildrenPerInnerNode() + 5, 5 * nodeStore->layout().maxChildrenPerInnerNode() + child->numChildren()); + TraverseLeaves(std::move(root), nodeStore->layout().maxChildrenPerInnerNode() + 5, 5 * nodeStore->layout().maxChildrenPerInnerNode() + child->numChildren(), true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseAllLeavesOfThreelevelTree) { +TEST_F(LeafTraverserTest, TraverseAllLeavesOfThreelevelTree) { auto root = CreateThreeLevel(); //Traverse all leaves in the third, fourth and fifth child of the root for(unsigned int i = 0; i < 5; ++i) { @@ -350,10 +358,10 @@ TEST_F(DataTreeTest_TraverseLeaves, TraverseAllLeavesOfThreelevelTree) { EXPECT_TRAVERSE_LEAF(child->readChild(i).blockId(), i==child->numChildren()-1, 5 * nodeStore->layout().maxChildrenPerInnerNode() + i); } - TraverseLeaves(root.get(), 0, 5 * nodeStore->layout().maxChildrenPerInnerNode() + child->numChildren()); + TraverseLeaves(std::move(root), 0, 5 * nodeStore->layout().maxChildrenPerInnerNode() + child->numChildren(), true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseAllLeavesOfFourLevelTree) { +TEST_F(LeafTraverserTest, TraverseAllLeavesOfFourLevelTree) { auto root = CreateFourLevel(); //Traverse all leaves of the full threelevel tree in the first child auto firstChild = LoadInnerNode(root->readChild(0).blockId()); @@ -370,10 +378,10 @@ TEST_F(DataTreeTest_TraverseLeaves, TraverseAllLeavesOfFourLevelTree) { EXPECT_TRAVERSE_ALL_CHILDREN_OF(*LoadInnerNode(thirdChild->readChild(0).blockId()), false, 2 * nodeStore->layout().maxChildrenPerInnerNode() * nodeStore->layout().maxChildrenPerInnerNode()); EXPECT_TRAVERSE_LEAF(LoadInnerNode(thirdChild->readChild(1).blockId())->readChild(0).blockId(), true, 2 * nodeStore->layout().maxChildrenPerInnerNode() * nodeStore->layout().maxChildrenPerInnerNode() + nodeStore->layout().maxChildrenPerInnerNode()); - TraverseLeaves(root.get(), 0, 2*nodeStore->layout().maxChildrenPerInnerNode()*nodeStore->layout().maxChildrenPerInnerNode() + nodeStore->layout().maxChildrenPerInnerNode() + 1); + TraverseLeaves(std::move(root), 0, 2*nodeStore->layout().maxChildrenPerInnerNode()*nodeStore->layout().maxChildrenPerInnerNode() + nodeStore->layout().maxChildrenPerInnerNode() + 1, true); } -TEST_F(DataTreeTest_TraverseLeaves, TraverseMiddlePartOfFourLevelTree) { +TEST_F(LeafTraverserTest, TraverseMiddlePartOfFourLevelTree) { auto root = CreateFourLevel(); //Traverse some leaves of the full threelevel tree in the first child auto firstChild = LoadInnerNode(root->readChild(0).blockId()); @@ -396,14 +404,15 @@ TEST_F(DataTreeTest_TraverseLeaves, TraverseMiddlePartOfFourLevelTree) { EXPECT_TRAVERSE_LEAF(firstChildOfThirdChild->readChild(i).blockId(), false, 2 * nodeStore->layout().maxChildrenPerInnerNode()*nodeStore->layout().maxChildrenPerInnerNode()+i); } - TraverseLeaves(root.get(), nodeStore->layout().maxChildrenPerInnerNode()+5, 2*nodeStore->layout().maxChildrenPerInnerNode()*nodeStore->layout().maxChildrenPerInnerNode() + nodeStore->layout().maxChildrenPerInnerNode() -1); + TraverseLeaves(std::move(root), nodeStore->layout().maxChildrenPerInnerNode()+5, 2*nodeStore->layout().maxChildrenPerInnerNode()*nodeStore->layout().maxChildrenPerInnerNode() + nodeStore->layout().maxChildrenPerInnerNode() -1, true); } -TEST_F(DataTreeTest_TraverseLeaves, LastLeafIsAlreadyResizedInCallback) { - auto root = CreateLeaf(); +TEST_F(LeafTraverserTest, LastLeafIsAlreadyResizedInCallback) { + unique_ref root = CreateLeaf(); root->flush(); + auto* old_root = root.get(); auto tree = treeStore.load(root->blockId()).value(); - tree->traverseLeaves(0, 2, [this] (uint32_t leafIndex, bool /*isRightBorderNode*/, LeafHandle leaf) { + LeafTraverser(nodeStore, false).traverseAndUpdateRoot(&root, 0, 2, [this] (uint32_t leafIndex, bool /*isRightBorderNode*/, LeafHandle leaf) { if (leafIndex == 0) { EXPECT_EQ(nodeStore->layout().maxBytesPerLeaf(), leaf.node()->numBytes()); } else { @@ -411,28 +420,31 @@ TEST_F(DataTreeTest_TraverseLeaves, LastLeafIsAlreadyResizedInCallback) { } }, [] (uint32_t /*nodeIndex*/) -> Data { return Data(1); - }); + }, [] (auto) {}); + EXPECT_NE(old_root, root.get()); // expect that we grew the tree } -TEST_F(DataTreeTest_TraverseLeaves, LastLeafIsAlreadyResizedInCallback_TwoLevel) { - auto root = CreateFullTwoLevelWithLastLeafSize(5); +TEST_F(LeafTraverserTest, LastLeafIsAlreadyResizedInCallback_TwoLevel) { + unique_ref root = CreateFullTwoLevelWithLastLeafSize(5); root->flush(); + auto* old_root = root.get(); auto tree = treeStore.load(root->blockId()).value(); - tree->traverseLeaves(0, nodeStore->layout().maxChildrenPerInnerNode()+1, [this] (uint32_t /*leafIndex*/, bool /*isRightBorderNode*/, LeafHandle leaf) { + LeafTraverser(nodeStore, false).traverseAndUpdateRoot(&root, 0, nodeStore->layout().maxChildrenPerInnerNode()+1, [this] (uint32_t /*leafIndex*/, bool /*isRightBorderNode*/, LeafHandle leaf) { EXPECT_EQ(nodeStore->layout().maxBytesPerLeaf(), leaf.node()->numBytes()); }, [] (uint32_t /*nodeIndex*/) -> Data { return Data(1); - }); + }, [] (auto) {}); + EXPECT_NE(old_root, root.get()); // expect that we grew the tree } -TEST_F(DataTreeTest_TraverseLeaves, ResizeFromOneLeafToMultipleLeaves) { +TEST_F(LeafTraverserTest, ResizeFromOneLeafToMultipleLeaves) { auto root = CreateLeaf(); EXPECT_TRAVERSE_LEAF(root->blockId(), false, 0); //EXPECT_CALL(traversor, calledExistingLeaf(_, false, 0)).Times(1); for (uint32_t i = 1; i < 10; ++i) { EXPECT_CREATE_LEAF(i); } - TraverseLeaves(root.get(), 0, 10); + TraverseLeaves(std::move(root), 0, 10, false); } -//TODO Refactor the test cases that are too long +////TODO Refactor the test cases that are too long diff --git a/test/blockstore/implementations/caching/cache/CacheTest_MoveConstructor.cpp b/test/blockstore/implementations/caching/cache/CacheTest_MoveConstructor.cpp index e69a278b..c4377ab0 100644 --- a/test/blockstore/implementations/caching/cache/CacheTest_MoveConstructor.cpp +++ b/test/blockstore/implementations/caching/cache/CacheTest_MoveConstructor.cpp @@ -13,7 +13,7 @@ using ::testing::Test; //Test that Cache uses a move constructor for Value if possible class CacheTest_MoveConstructor: public Test { public: - CacheTest_MoveConstructor(): cache(make_unique_ref>()) { + CacheTest_MoveConstructor(): cache(make_unique_ref>("test")) { CopyableMovableValueType::numCopyConstructorCalled = 0; } unique_ref> cache; diff --git a/test/blockstore/implementations/caching/cache/CacheTest_RaceCondition.cpp b/test/blockstore/implementations/caching/cache/CacheTest_RaceCondition.cpp index 7bc76c3b..d41fd3cc 100644 --- a/test/blockstore/implementations/caching/cache/CacheTest_RaceCondition.cpp +++ b/test/blockstore/implementations/caching/cache/CacheTest_RaceCondition.cpp @@ -36,7 +36,7 @@ private: class CacheTest_RaceCondition: public ::testing::Test { public: - CacheTest_RaceCondition(): cache(), destructorStarted(), destructorFinished(false) {} + CacheTest_RaceCondition(): cache("test"), destructorStarted(), destructorFinished(false) {} static constexpr unsigned int MAX_ENTRIES = 100; diff --git a/test/blockstore/implementations/caching/cache/PeriodicTaskTest.cpp b/test/blockstore/implementations/caching/cache/PeriodicTaskTest.cpp index 46843015..5dc7c739 100644 --- a/test/blockstore/implementations/caching/cache/PeriodicTaskTest.cpp +++ b/test/blockstore/implementations/caching/cache/PeriodicTaskTest.cpp @@ -37,7 +37,7 @@ class PeriodicTaskTest: public Test { }; TEST_F(PeriodicTaskTest, DoesntDeadlockInDestructorWhenDestructedImmediately) { - PeriodicTask task([](){}, 1); + PeriodicTask task([](){}, 1, "test"); } TEST_F(PeriodicTaskTest, CallsCallbackAtLeast10Times) { @@ -45,7 +45,7 @@ TEST_F(PeriodicTaskTest, CallsCallbackAtLeast10Times) { PeriodicTask task([&counter](){ counter.decrease(); - }, 0.001); + }, 0.001, "test"); counter.waitForZero(); } @@ -55,7 +55,7 @@ TEST_F(PeriodicTaskTest, DoesntCallCallbackAfterDestruction) { { PeriodicTask task([&callCount](){ callCount += 1; - }, 0.001); + }, 0.001, "test"); } int callCountDirectlyAfterDestruction = callCount; boost::this_thread::sleep_for(boost::chrono::seconds(1)); diff --git a/test/blockstore/implementations/caching/cache/testutils/CacheTest.h b/test/blockstore/implementations/caching/cache/testutils/CacheTest.h index f4c520b1..937609c9 100644 --- a/test/blockstore/implementations/caching/cache/testutils/CacheTest.h +++ b/test/blockstore/implementations/caching/cache/testutils/CacheTest.h @@ -13,7 +13,7 @@ // Furthermore, the class checks that there are no memory leaks left after destructing the QueueMap (by counting leftover instances of Keys/Values). class CacheTest: public ::testing::Test { public: - CacheTest(): _cache() {} + CacheTest(): _cache("test") {} void push(int key, int value); boost::optional pop(int key); diff --git a/test/cpp-utils/CMakeLists.txt b/test/cpp-utils/CMakeLists.txt index e3a3bb89..5c027588 100644 --- a/test/cpp-utils/CMakeLists.txt +++ b/test/cpp-utils/CMakeLists.txt @@ -49,10 +49,12 @@ set(SOURCES assert/assert_debug_test.cpp system/GetTotalMemoryTest.cpp system/TimeTest.cpp + system/PathTest.cpp system/FiletimeTest.cpp system/MemoryTest.cpp system/HomedirTest.cpp system/EnvTest.cpp + thread/debugging_test.cpp value_type/ValueTypeTest.cpp either_test.cpp ) diff --git a/test/cpp-utils/system/PathTest.cpp b/test/cpp-utils/system/PathTest.cpp new file mode 100644 index 00000000..75275b5e --- /dev/null +++ b/test/cpp-utils/system/PathTest.cpp @@ -0,0 +1,32 @@ +#include +#include + +using cpputils::path_is_just_drive_letter; + +#if defined(_MSC_VER) + +TEST(PathTest, pathIsJustDriveLetter) { + EXPECT_FALSE(path_is_just_drive_letter("C")); + EXPECT_TRUE(path_is_just_drive_letter("C:")); + EXPECT_FALSE(path_is_just_drive_letter("C:\\")); + EXPECT_FALSE(path_is_just_drive_letter("C:/")); + EXPECT_FALSE(path_is_just_drive_letter("C:\\test")); + EXPECT_FALSE(path_is_just_drive_letter("C:\\test\\")); + EXPECT_FALSE(path_is_just_drive_letter("/")); + EXPECT_FALSE(path_is_just_drive_letter("")); +} + +#else + +TEST(PathTest, onNonWindowsWeDontHaveDriveLetterPaths) { + EXPECT_FALSE(path_is_just_drive_letter("C")); + EXPECT_FALSE(path_is_just_drive_letter("C:")); + EXPECT_FALSE(path_is_just_drive_letter("C:\\")); + EXPECT_FALSE(path_is_just_drive_letter("C:/")); + EXPECT_FALSE(path_is_just_drive_letter("C:\\test")); + EXPECT_FALSE(path_is_just_drive_letter("C:\\test\\")); + EXPECT_FALSE(path_is_just_drive_letter("/")); + EXPECT_FALSE(path_is_just_drive_letter("")); +} + +#endif diff --git a/test/cpp-utils/thread/debugging_test.cpp b/test/cpp-utils/thread/debugging_test.cpp new file mode 100644 index 00000000..7df169ef --- /dev/null +++ b/test/cpp-utils/thread/debugging_test.cpp @@ -0,0 +1,62 @@ +#include +#include +#include +#include + +using namespace cpputils; +using std::string; + +TEST(ThreadDebuggingTest_ThreadName, givenMainThread_whenSettingAndGetting_thenDoesntCrash) { + set_thread_name("my_thread_name"); + get_thread_name(); +} + +TEST(ThreadDebuggingTest_ThreadName, givenChildThread_whenSettingAndGetting_thenDoesntCrash) { + ConditionBarrier nameIsChecked; + + bool child_didnt_crash = false; + std::thread child([&] { + set_thread_name("my_thread_name"); + get_thread_name(); + child_didnt_crash = true; + nameIsChecked.wait(); + }); + get_thread_name(&child); + nameIsChecked.release(); // getting the name of a not-running thread would cause errors, so let's make sure we only exit after getting the name + child.join(); + EXPECT_TRUE(child_didnt_crash); +} + +TEST(ThreadDebuggingTest_ThreadName, givenMainThread_whenGettingFromInside_thenIsCorrect) { + set_thread_name("my_thread_name"); + string name = get_thread_name(); + EXPECT_EQ("my_thread_name", name); +} + +TEST(ThreadDebuggingTest_ThreadName, givenChildThread_whenGettingFromInside_thenIsCorrect) { + std::thread child([] { + set_thread_name("my_thread_name"); + string name = get_thread_name(); + EXPECT_EQ("my_thread_name", name); + }); + child.join(); +} + +TEST(ThreadDebuggingTest_ThreadName, givenChildThread_whenGettingFromOutside_thenIsCorrect) { + ConditionBarrier nameIsSet; + ConditionBarrier nameIsChecked; + + std::thread child([&] { + set_thread_name("my_thread_name"); + nameIsSet.release(); + nameIsChecked.wait(); + }); + + nameIsSet.wait(); + string name = get_thread_name(&child); + EXPECT_EQ("my_thread_name", name); + + nameIsChecked.release(); + child.join(); +} + diff --git a/test/cryfs-cli/CMakeLists.txt b/test/cryfs-cli/CMakeLists.txt index a122ae97..b120419a 100644 --- a/test/cryfs-cli/CMakeLists.txt +++ b/test/cryfs-cli/CMakeLists.txt @@ -12,12 +12,12 @@ set(SOURCES EnvironmentTest.cpp VersionCheckerTest.cpp CliTest_IntegrityCheck.cpp + CryfsUnmountTest.cpp ) add_executable(${PROJECT_NAME} ${SOURCES}) -target_link_libraries(${PROJECT_NAME} googletest cryfs-cli) +target_link_libraries(${PROJECT_NAME} googletest cryfs-cli cryfs-unmount fspp-fuse) add_test(${PROJECT_NAME} ${PROJECT_NAME}) target_enable_style_warnings(${PROJECT_NAME}) target_activate_cpp14(${PROJECT_NAME}) - diff --git a/test/cryfs-cli/CallAfterTimeoutTest.cpp b/test/cryfs-cli/CallAfterTimeoutTest.cpp index 0b65d05e..5d11ed0c 100644 --- a/test/cryfs-cli/CallAfterTimeoutTest.cpp +++ b/test/cryfs-cli/CallAfterTimeoutTest.cpp @@ -8,14 +8,14 @@ using cpputils::make_unique_ref; using boost::chrono::milliseconds; using boost::chrono::minutes; using boost::this_thread::sleep_for; -using namespace cryfs; +using namespace cryfs_cli; class CallAfterTimeoutTest : public ::testing::Test { public: CallAfterTimeoutTest(): called(false) {} unique_ref callAfterTimeout(milliseconds timeout) { - return make_unique_ref(timeout, [this] {called = true;}); + return make_unique_ref(timeout, [this] {called = true;}, "test"); } std::atomic called; diff --git a/test/cryfs-cli/CryfsUnmountTest.cpp b/test/cryfs-cli/CryfsUnmountTest.cpp new file mode 100644 index 00000000..0857ec85 --- /dev/null +++ b/test/cryfs-cli/CryfsUnmountTest.cpp @@ -0,0 +1,25 @@ +#include "testutils/CliTest.h" +#include +#include + +using CliTest_Unmount = CliTest; +namespace bf = boost::filesystem; + +namespace { +void unmount(const bf::path& mountdir) { + std::vector _args = {"cryfs-unmount", mountdir.string().c_str()}; + cryfs_unmount::Cli().main(2, _args.data()); +} + +TEST_F(CliTest_Unmount, givenMountedFilesystem_whenUnmounting_thenSucceeds) { + // we're passing in boost::none as mountdir so EXPECT_RUN_SUCCESS doesn't unmount itself. + // if the unmount we're calling here in the onMounted callback wouldn't work, EXPECT_RUN_SUCCESS + // would never return and this would be a deadlock. + EXPECT_RUN_SUCCESS({basedir.string().c_str(), mountdir.string().c_str(), "-f"}, boost::none, [this] () { + unmount(mountdir); + }); +} + +// TODO Test calling with invalid args, valid '--version' or '--help' args, with a non-mounted mountdir and a nonexisting mountdir. + +} diff --git a/test/cryfs-cli/EnvironmentTest.cpp b/test/cryfs-cli/EnvironmentTest.cpp index 0a3485c5..017ce21e 100644 --- a/test/cryfs-cli/EnvironmentTest.cpp +++ b/test/cryfs-cli/EnvironmentTest.cpp @@ -4,7 +4,7 @@ #include #include -using namespace cryfs; +using namespace cryfs_cli; using std::string; using boost::optional; using boost::none; diff --git a/test/cryfs-cli/VersionCheckerTest.cpp b/test/cryfs-cli/VersionCheckerTest.cpp index 9008510d..90bb9190 100644 --- a/test/cryfs-cli/VersionCheckerTest.cpp +++ b/test/cryfs-cli/VersionCheckerTest.cpp @@ -8,7 +8,7 @@ using cpputils::FakeHttpClient; using cpputils::unique_ref; using cpputils::make_unique_ref; using boost::none; -using namespace cryfs; +using namespace cryfs_cli; class VersionCheckerTest: public ::testing::Test { public: diff --git a/test/cryfs-cli/program_options/ParserTest.cpp b/test/cryfs-cli/program_options/ParserTest.cpp index 7e129a0e..dd03d359 100644 --- a/test/cryfs-cli/program_options/ParserTest.cpp +++ b/test/cryfs-cli/program_options/ParserTest.cpp @@ -7,7 +7,7 @@ #include using namespace cryfs; -using namespace cryfs::program_options; +using namespace cryfs_cli::program_options; using std::vector; using std::string; using boost::none; diff --git a/test/cryfs-cli/program_options/ProgramOptionsTest.cpp b/test/cryfs-cli/program_options/ProgramOptionsTest.cpp index a6eec70c..d556aa00 100644 --- a/test/cryfs-cli/program_options/ProgramOptionsTest.cpp +++ b/test/cryfs-cli/program_options/ProgramOptionsTest.cpp @@ -2,7 +2,7 @@ #include #include -using namespace cryfs::program_options; +using namespace cryfs_cli::program_options; using boost::none; using boost::optional; using std::ostream; diff --git a/test/cryfs-cli/program_options/UtilsTest.cpp b/test/cryfs-cli/program_options/UtilsTest.cpp index 38e6cbb3..b6fe53ed 100644 --- a/test/cryfs-cli/program_options/UtilsTest.cpp +++ b/test/cryfs-cli/program_options/UtilsTest.cpp @@ -1,7 +1,7 @@ #include "testutils/ProgramOptionsTestBase.h" #include -using namespace cryfs::program_options; +using namespace cryfs_cli::program_options; using std::pair; using std::vector; using std::string; diff --git a/test/cryfs-cli/testutils/CliTest.h b/test/cryfs-cli/testutils/CliTest.h index dcfb1cff..872953a8 100644 --- a/test/cryfs-cli/testutils/CliTest.h +++ b/test/cryfs-cli/testutils/CliTest.h @@ -19,6 +19,7 @@ #include #include "../../cryfs/testutils/MockConsole.h" #include "../../cryfs/testutils/TestWithFakeHomeDirectory.h" +#include #include #include #include @@ -45,7 +46,7 @@ public: int run(const std::vector& args, std::function onMounted) { std::vector _args; _args.reserve(args.size() + 1); - _args.emplace_back("cryfs"); + _args.emplace_back("cryfs"); for (const std::string& arg : args) { _args.emplace_back(arg.c_str()); } @@ -53,7 +54,7 @@ public: ON_CALL(*console, askPassword(testing::StrEq("Password: "))).WillByDefault(testing::Return("pass")); ON_CALL(*console, askPassword(testing::StrEq("Confirm Password: "))).WillByDefault(testing::Return("pass")); // Run Cryfs - return cryfs::Cli(keyGenerator, cpputils::SCrypt::TestSettings, console).main(_args.size(), _args.data(), _httpClient(), std::move(onMounted)); + return cryfs_cli::Cli(keyGenerator, cpputils::SCrypt::TestSettings, console).main(_args.size(), _args.data(), _httpClient(), std::move(onMounted)); } void EXPECT_EXIT_WITH_HELP_MESSAGE(const std::vector& args, const std::string &message, cryfs::ErrorCode errorCode) { @@ -90,18 +91,7 @@ public: }; static void _unmount(const boost::filesystem::path &mountDir) { - int returncode = -1; -#if defined(__APPLE__) - returncode = cpputils::Subprocess::call(std::string("umount ") + mountDir.string().c_str() + " 2>/dev/null").exitcode; -#elif defined(_MSC_VER) - std::wstring mountDir_ = std::wstring_convert>().from_bytes(mountDir.string()); - BOOL success = DokanRemoveMountPoint(mountDir_.c_str()); - returncode = success ? 0 : -1; -#else - returncode = cpputils::Subprocess::call( - std::string("fusermount -u ") + mountDir.string().c_str() + " 2>/dev/null").exitcode; -#endif - EXPECT_EQ(0, returncode); + fspp::fuse::Fuse::unmount(mountDir, true); } FilesystemOutput run_filesystem(const std::vector& args, boost::optional mountDirForUnmounting, std::function onMounted) { diff --git a/test/cryfs/config/CryConfigLoaderTest.cpp b/test/cryfs/config/CryConfigLoaderTest.cpp index 8f5f727f..67ce3c6f 100644 --- a/test/cryfs/config/CryConfigLoaderTest.cpp +++ b/test/cryfs/config/CryConfigLoaderTest.cpp @@ -310,7 +310,7 @@ TEST_F(CryConfigLoaderTest, AsksWhenLoadingNewerFilesystem_AnswerNo) { } TEST_F(CryConfigLoaderTest, AsksWhenMigratingOlderFilesystem) { - EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to migrate it?"), false)).Times(1).WillOnce(Return(true)); + EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to migrate it now?"), false)).Times(1).WillOnce(Return(true)); string version = olderVersion(); CreateWithVersion(version, version); @@ -318,14 +318,14 @@ TEST_F(CryConfigLoaderTest, AsksWhenMigratingOlderFilesystem) { } TEST_F(CryConfigLoaderTest, DoesNotAskForMigrationWhenCorrectVersion) { - EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to migrate it?"), _)).Times(0); + EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to migrate it now?"), _)).Times(0); CreateWithVersion(gitversion::VersionString(), CryConfig::FilesystemFormatVersion); EXPECT_NE(boost::none, Load()); } TEST_F(CryConfigLoaderTest, DontMigrateWhenAnsweredNo) { - EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to migrate it?"), false)).Times(1).WillOnce(Return(false)); + EXPECT_CALL(*console, askYesNo(HasSubstr("Do you want to migrate it now?"), false)).Times(1).WillOnce(Return(false)); string version = olderVersion(); CreateWithVersion(version, version); diff --git a/vendor/README b/vendor/README index e833b9ef..771c571b 100644 --- a/vendor/README +++ b/vendor/README @@ -2,6 +2,6 @@ This directory contains external projects, taken from the following locations: googletest: https://github.com/google/googletest/tree/4e4df226fc197c0dda6e37f5c8c3845ca1e73a49 - changed: added NOLINT comment as workaround for clang-tidy warning https://github.com/google/googletest/issues/853 spdlog: https://github.com/gabime/spdlog/tree/v0.16.3/include/spdlog -cryptopp: https://github.com/weidai11/cryptopp/tree/CRYPTOPP_7_0_0 - - changed: added CMakeLists.txt and cryptopp-config.cmake from https://github.com/noloader/cryptopp-cmake/tree/7f3b3540740b365bed673936852d70795c0104f3 - - changed: removed cmake warning from CMakeLists.txt +cryptopp: https://github.com/weidai11/cryptopp/tree/CRYPTOPP_8_0_0 + - changed: added CMakeLists.txt and cryptopp-config.cmake from https://github.com/noloader/cryptopp-cmake/tree/CRYPTOPP_8_0_0 + - changed: commented out line including winapifamily.h in CMakeLists.txt diff --git a/vendor/cryptopp/CMakeLists.txt b/vendor/cryptopp/CMakeLists.txt index cbe7ed60..9316493a 100644 --- a/vendor/cryptopp/CMakeLists.txt +++ b/vendor/cryptopp/CMakeLists.txt @@ -88,6 +88,7 @@ set(BUILD_TESTING OFF CACHE BOOL "") set(BUILD_DOCUMENTATION OFF CACHE BOOL "") set(BUILD_SHARED OFF CACHE BOOL "") set(BUILD_STATIC ON CACHE BOOL "") +set(cryptocpp_DISPLAY_CMAKE_SUPPORT_WARNING OFF CACHE BOOL "") add_subdirectory(vendor_cryptopp EXCLUDE_FROM_ALL) target_link_libraries(cryptopp PRIVATE cryptopp-static) diff --git a/vendor/cryptopp/vendor_cryptopp/CMakeLists.txt b/vendor/cryptopp/vendor_cryptopp/CMakeLists.txt index c5d4e18f..bc942fc6 100644 --- a/vendor/cryptopp/vendor_cryptopp/CMakeLists.txt +++ b/vendor/cryptopp/vendor_cryptopp/CMakeLists.txt @@ -1,22 +1,50 @@ # Please ensure your changes or patch meets minimum requirements. -# The minimum requirements are 2.8.5. They roughly equate to Ubuntu 12.04 LTS -# Please do not check in something for 2.8.12 or 3.5.0. To test your changes, -# please set up a Ubuntu 12.04 LTS system. Then, manually install Cmake 2.8.5 -# from http://cmake.org/Wiki/CMake_Released_Versions. -# TODO: Decide if this still applies. +# The minimum requirements are 2.8.6. It roughly equates to +# Ubuntu 14.05 LTS or Solaris 11.3. Please do not check in something +# for 3.5.0 or higher because it will break LTS operating systems +# and a number of developer boards used for testing. To test your +# changes, please set up a Ubuntu 14.05 LTS system. -#MESSAGE( STATUS -#"*************************************************************************\n\ -#The Crypto++ library does not officially support CMake. CMake support is a\n\ -#community effort, and the library works with the folks using CMake to help\n\ -#improve it. If you find an issue then please fix it or report it at\n\ -#https://github.com/noloader/cryptopp-cmake.\n\ -#-- *************************************************************************" -#) +# Should we be setting things like this? We are not a C project +# so nothing should be done with the C compiler. But there is +# no reliable way to tell CMake we are C++. +# Cannot set this... Breaks Linux PowerPC with Clang: +# SET(CMAKE_C_COMPILER ${CMAKE_CXX_COMPILER}) +# # error "The CMAKE_C_COMPILER is set to a C++ compiler" -cmake_minimum_required(VERSION 2.8.5 FATAL_ERROR) +if(NOT DEFINED cryptocpp_DISPLAY_CMAKE_SUPPORT_WARNING) + set(cryptocpp_DISPLAY_CMAKE_SUPPORT_WARNING 1) +endif() +if(cryptocpp_DISPLAY_CMAKE_SUPPORT_WARNING) + message( STATUS +"*************************************************************************\n" +"The Crypto++ library does not officially support CMake. CMake support is a\n" +"community effort, and the library works with the folks using CMake to help\n" +"improve it. If you find an issue then please fix it or report it at\n" +"https://github.com/noloader/cryptopp-cmake.\n" +"-- *************************************************************************" +) +endif() -project(cryptopp) +# Print useful information +message( STATUS "CMake version ${CMAKE_VERSION}" ) + +cmake_minimum_required(VERSION 2.8.6) +if (${CMAKE_VERSION} VERSION_LESS "3.0.0") + project(cryptopp) + set(cryptopp_VERSION_MAJOR 7) + set(cryptopp_VERSION_MINOR 0) + set(cryptopp_VERSION_PATCH 0) +else () + cmake_policy(SET CMP0048 NEW) + project(cryptopp VERSION 7.0.0) + if (NOT ${CMAKE_VERSION} VERSION_LESS "3.1.0") + cmake_policy(SET CMP0054 NEW) + endif () +endif () + +# Need to set SRC_DIR manually after removing the Python library code. +set(SRC_DIR ${CMAKE_CURRENT_SOURCE_DIR}) # Make RelWithDebInfo the default (it does e.g. add '-O2 -g -DNDEBUG' for GNU) # If not in multi-configuration environments, no explicit build type or CXX @@ -26,16 +54,17 @@ if (NOT CMAKE_CONFIGURATION_TYPES AND NOT CMAKE_BUILD_TYPE AND NOT CMAKE_CXX_FLAGS AND CMAKE_SOURCE_DIR STREQUAL CMAKE_CURRENT_SOURCE_DIR) - set(CMAKE_BUILD_TYPE RelWithDebInfo) + set(CMAKE_BUILD_TYPE RelWithDebInfo) endif () -set(cryptopp_VERSION_MAJOR 7) -set(cryptopp_VERSION_MINOR 0) -set(cryptopp_VERSION_PATCH 0) - include(GNUInstallDirs) include(CheckCXXCompilerFlag) +# We now carry around test programs. test_cxx.cxx is the default C++ one. +# Also see https://github.com/weidai11/cryptopp/issues/741. +set(TEST_PROG_DIR ${SRC_DIR}/TestPrograms) +set(TEST_CXX_FILE ${TEST_PROG_DIR}/test_cxx.cxx) + #============================================================================ # Settable options #============================================================================ @@ -46,24 +75,24 @@ option(BUILD_TESTING "Build library tests" ON) option(BUILD_DOCUMENTATION "Use Doxygen to create the HTML based API documentation" OFF) option(USE_INTERMEDIATE_OBJECTS_TARGET "Use a common intermediate objects target for the static and shared library targets" ON) -if (CMAKE_VERSION VERSION_LESS 2.8.8 AND USE_INTERMEDIATE_OBJECTS_TARGET) - message(STATUS "Forcing USE_INTERMEDIATE_OBJECTS_TARGET to OFF - requires CMake >= 2.8.8") - set(USE_INTERMEDIATE_OBJECTS_TARGET OFF CACHE BOOL "Use a common intermediate objects target for the static and shared library targets" FORCE) -endif () - # These are IA-32 options. TODO: Add ARM A-32, Aarch64 and Power8 options. option(DISABLE_ASM "Disable ASM" OFF) option(DISABLE_SSSE3 "Disable SSSE3" OFF) option(DISABLE_SSE4 "Disable SSE4" OFF) option(DISABLE_AESNI "Disable AES-NI" OFF) option(DISABLE_SHA "Disable SHA" OFF) +option(DISABLE_AVX "Disable AVX" OFF) +option(DISABLE_AVX2 "Disable AVX2" OFF) option(CRYPTOPP_NATIVE_ARCH "Enable native architecture" OFF) set(CRYPTOPP_DATA_DIR "" CACHE PATH "Crypto++ test data directory") #============================================================================ -# Internal compiler options +# Compiler options #============================================================================ +set(CRYPTOPP_COMPILE_DEFINITIONS) +set(CRYPTOPP_COMPILE_OPTIONS) + # Stop hiding the damn output... # set(CMAKE_VERBOSE_MAKEFILE on) @@ -71,106 +100,193 @@ set(CRYPTOPP_DATA_DIR "" CACHE PATH "Crypto++ test data directory") set(LIB_VER ${cryptopp_VERSION_MAJOR}${cryptopp_VERSION_MINOR}${cryptopp_VERSION_PATCH}) # Don't use RPATH's. The resulting binary could fail a security audit. -if (NOT CMAKE_VERSION VERSION_LESS 2.8.12) - set(CMAKE_MACOSX_RPATH 0) -endif () +set(CMAKE_MACOSX_RPATH 0) if (CMAKE_CXX_COMPILER_ID STREQUAL "Intel") - add_definitions(-wd68 -wd186 -wd279 -wd327 -wd161 -wd3180) + list(APPEND CRYPTOPP_COMPILE_OPTIONS -wd68 -wd186 -wd279 -wd327 -wd161 -wd3180) endif () # Also see http://github.com/weidai11/cryptopp/issues/395 if (DISABLE_ASM) - add_definitions(-DCRYPTOPP_DISABLE_ASM) + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS CRYPTOPP_DISABLE_ASM) endif () if (DISABLE_SSSE3) - add_definitions(-DCRYPTOPP_DISABLE_SSSE3) + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS CRYPTOPP_DISABLE_SSSE3) endif () if (DISABLE_SSE4) - add_definitions(-DCRYPTOPP_DISABLE_SSE4) + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS CRYPTOPP_DISABLE_SSSE4) endif () if (DISABLE_AESNI) - add_definitions(-DCRYPTOPP_DISABLE_AESNI) + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS CRYPTOPP_DISABLE_AESNI) endif () if (DISABLE_SHA) - add_definitions(-DCRYPTOPP_DISABLE_SHA) + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS CRYPTOPP_DISABLE_SHA) +endif () +if (DISABLE_ALTIVEC) + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS CRYPTOPP_DISABLE_ALTIVEC) +endif () +if (DISABLE_POWER7) + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS CRYPTOPP_DISABLE_POWER7) +endif () +if (DISABLE_POWER8) + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS CRYPTOPP_DISABLE_POWER8) +endif () +if (DISABLE_POWER9) + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS CRYPTOPP_DISABLE_POWER9) endif () if (NOT CRYPTOPP_DATA_DIR STREQUAL "") - add_definitions(-DCRYPTOPP_DATA_DIR="${CRYPTOPP_DATA_DIR}") + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS "CRYPTOPP_DATA_DIR=${CRYPTOPP_DATA_DIR}") endif () -# CRYPTOPP_NATIVE_ARCH is set below once we know what it means to be "native" - ############################################################################### # Try to find a Posix compatible grep and sed. Solaris, Digital Unix, # Tru64, HP-UX and a few others need tweaking -if (${CMAKE_SYSTEM_NAME} STREQUAL "SunOS") - set(GREP_CMD /usr/xpg4/bin/grep) - set(SED_CMD /usr/xpg4/bin/sed) -else() - set(GREP_CMD grep) - set(SED_CMD sed) +if (EXISTS /usr/xpg4/bin/grep) + set(GREP_CMD /usr/xpg4/bin/grep) +elseif (EXISTS /usr/gnu/bin/grep) + set(GREP_CMD /usr/gnu/bin/grep) +elseif (EXISTS /usr/linux/bin/grep) + set(GREP_CMD /usr/linux/bin/grep) +else () + set(GREP_CMD grep) +endif () + +if (EXISTS /usr/xpg4/bin/sed) + set(SED_CMD /usr/xpg4/bin/sed) +elseif (EXISTS /usr/gnu/bin/sed) + set(SED_CMD /usr/gnu/bin/sed) +elseif (EXISTS /usr/linux/bin/sed) + set(SED_CMD /usr/linux/bin/sed) +else () + set(SED_CMD sed) endif () ############################################################################### -function(CheckCompilerOption opt var) +function(CheckCompileOption opt var) - if (CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") + if (MSVC) - # CMake does not provide a generic shell/terminal mechanism - # and Microsoft environments don't know what 'sh' is. - set(${var} 0 PARENT_SCOPE) + # TODO: improve this... + CHECK_CXX_COMPILER_FLAG(${opt} ${var}) - elseif (CMAKE_CXX_COMPILER_ID STREQUAL "SunPro") + elseif (CMAKE_CXX_COMPILER_ID MATCHES "SunPro") - message(STATUS "Performing Test ${var}") - execute_process( - COMMAND sh -c "${CMAKE_CXX_COMPILER} ${CMAKE_CXX_FLAGS} ${opt} -E -xdumpmacros /dev/null 2>&1" - COMMAND ${GREP_CMD} -i -c -E "illegal value ignored" - RESULT_VARIABLE COMMAND_RESULT - OUTPUT_VARIABLE COMMAND_OUTPUT - OUTPUT_STRIP_TRAILING_WHITESPACE) + message(STATUS "Performing Test ${var}") + execute_process( + COMMAND sh -c "${CMAKE_CXX_COMPILER} ${CMAKE_CXX_FLAGS} ${opt} -c ${TEST_CXX_FILE} 2>&1" + COMMAND ${GREP_CMD} -i -c -E "illegal value ignored" + RESULT_VARIABLE COMMAND_RESULT + OUTPUT_VARIABLE COMMAND_OUTPUT + OUTPUT_STRIP_TRAILING_WHITESPACE) - # No dereference below. Thanks for the warning, CMake (not!). - if (COMMAND_RESULT AND NOT COMMAND_OUTPUT) - set(${var} 1 PARENT_SCOPE) - message(STATUS "Performing Test ${var} - Success") - else () - set(${var} 0 PARENT_SCOPE) - message(STATUS "Performing Test ${var} - Failed") - endif () + # No dereference below. Thanks for the warning, CMake (not!). + if (COMMAND_RESULT AND NOT COMMAND_OUTPUT) + set(${var} 1 PARENT_SCOPE) + message(STATUS "Performing Test ${var} - Success") + else () + set(${var} 0 PARENT_SCOPE) + message(STATUS "Performing Test ${var} - Failed") + endif () - else () + # Must use CMAKE_CXX_COMPILER here due to XLC 13.1 and LLVM front-end. + elseif (CMAKE_CXX_COMPILER MATCHES "xlC") - CHECK_CXX_COMPILER_FLAG(${opt} ${var}) + message(STATUS "Performing Test ${var}") + execute_process( + COMMAND sh -c "${CMAKE_CXX_COMPILER} ${CMAKE_CXX_FLAGS} ${opt} -c ${TEST_CXX_FILE} 2>&1" + COMMAND ${GREP_CMD} -i -c -E "Unrecognized value" + RESULT_VARIABLE COMMAND_RESULT + OUTPUT_VARIABLE COMMAND_OUTPUT + OUTPUT_STRIP_TRAILING_WHITESPACE) - endif () + # No dereference below. Thanks for the warning, CMake (not!). + if (COMMAND_RESULT AND NOT COMMAND_OUTPUT) + set(${var} 1 PARENT_SCOPE) + message(STATUS "Performing Test ${var} - Success") + else () + set(${var} 0 PARENT_SCOPE) + message(STATUS "Performing Test ${var} - Failed") + endif () -endfunction(CheckCompilerOption) + else () + + CHECK_CXX_COMPILER_FLAG(${opt} ${var}) + + endif () + +endfunction(CheckCompileOption) + +function(CheckCompileLinkOption opt var prog) + + if (MSVC) + + # TODO: improve this... + CHECK_CXX_COMPILER_FLAG(${opt} ${var}) + + else () + + message(STATUS "Performing Test ${var}") + execute_process( + COMMAND sh -c "${CMAKE_CXX_COMPILER} ${CMAKE_CXX_FLAGS} ${opt} ${prog} 2>&1" + RESULT_VARIABLE COMMAND_RESULT + OUTPUT_VARIABLE COMMAND_OUTPUT + OUTPUT_STRIP_TRAILING_WHITESPACE) + + # message(STATUS "RESULT_VARIABLE ${RESULT_VARIABLE}") + # message(STATUS "COMMAND_RESULT ${COMMAND_RESULT}") + # message(STATUS "OUTPUT_VARIABLE ${OUTPUT_VARIABLE}") + # message(STATUS "COMMAND_OUTPUT ${COMMAND_OUTPUT}") + + # This test is strict. We require two things. First, the invocation + # of the compile command must return 0. Second, there must be no + # messages on the console. We are interested in diagnostics like + # warnings to decide when to reject an option. But we will probably + # capture chatty compiler that want to say, "Hooray, success". For + # chatty compilers we will need to find a quiet option and use it + # for the test. Microsoft compilers come to mind. + if ("${COMMAND_RESULT}" EQUAL 0 AND "${COMMAND_OUTPUT}" STREQUAL "") + set(${var} 1 PARENT_SCOPE) + message(STATUS "Performing Test ${var} - Success") + else () + set(${var} 0 PARENT_SCOPE) + message(STATUS "Performing Test ${var} - Failed") + endif () + + endif () + +endfunction(CheckCompileLinkOption) + +function(AddCompileOption opt) + + if ("${COMMAND_OUTPUT}" NOT STREQUAL "") + list(APPEND CRYPTOPP_COMPILE_OPTIONS "${opt}") + endif () + +endfunction(AddCompileOption) ############################################################################### function(DumpMachine output pattern) - if (CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") + if (MSVC) - # CMake does not provide a generic shell/terminal mechanism - # and Microsoft environments don't know what 'sh' is. - set(${output} 0 PARENT_SCOPE) + # CMake does not provide a generic shell/terminal mechanism + # and Microsoft environments don't know what 'sh' is. + set(${output} 0 PARENT_SCOPE) - else () + else () - execute_process( - COMMAND sh -c "${CMAKE_CXX_COMPILER} -dumpmachine 2>&1" - COMMAND ${GREP_CMD} -i -c -E "${pattern}" - OUTPUT_VARIABLE ${output} - OUTPUT_STRIP_TRAILING_WHITESPACE) - set(${output} "${${output}}" PARENT_SCOPE) + execute_process( + COMMAND sh -c "${CMAKE_CXX_COMPILER} -dumpmachine 2>&1" + COMMAND ${GREP_CMD} -i -c -E "${pattern}" + OUTPUT_VARIABLE ${output} + OUTPUT_STRIP_TRAILING_WHITESPACE) + set(${output} "${${output}}" PARENT_SCOPE) - endif() + endif() endfunction(DumpMachine) @@ -185,241 +301,288 @@ DumpMachine(CRYPTOPP_AARCH64 "Aarch64") DumpMachine(CRYPTOPP_ARMHF "armhf|arm7l|eabihf") DumpMachine(CRYPTOPP_ARM "\\") +# Detecting PowerPC is only good with GCC. IBM XLC compiler is +# a little different and I don't know how to ask to the triplet +# XLC is targeting. Below we punt by setting CRYPTOPP_POWERPC64 +# if we detect the compiler is XLC. +DumpMachine(CRYPTOPP_POWERPC "ppc|powerpc") +DumpMachine(CRYPTOPP_POWERPC64 "ppc64") + ############################################################################### # Test SunCC for a string like 'CC: Sun C++ 5.13 SunOS_i386' if (NOT CRYPTOPP_SOLARIS) - execute_process(COMMAND sh -c "${CMAKE_CXX_COMPILER} -V 2>&1" - COMMAND ${GREP_CMD} -i -c "SunOS" - OUTPUT_VARIABLE CRYPTOPP_SOLARIS - OUTPUT_STRIP_TRAILING_WHITESPACE) + execute_process(COMMAND sh -c "${CMAKE_CXX_COMPILER} -V 2>&1" + COMMAND ${GREP_CMD} -i -c "SunOS" + OUTPUT_VARIABLE CRYPTOPP_SOLARIS + OUTPUT_STRIP_TRAILING_WHITESPACE) endif () # Test GCC for a string like 'i386-pc-solaris2.11' if (NOT CRYPTOPP_SOLARIS) - execute_process(COMMAND sh -c "${CMAKE_CXX_COMPILER} -dumpmachine 2>&1" - COMMAND ${GREP_CMD} -i -c "Solaris" - OUTPUT_VARIABLE CRYPTOPP_SOLARIS - OUTPUT_STRIP_TRAILING_WHITESPACE) + execute_process(COMMAND sh -c "${CMAKE_CXX_COMPILER} -dumpmachine 2>&1" + COMMAND ${GREP_CMD} -i -c "Solaris" + OUTPUT_VARIABLE CRYPTOPP_SOLARIS + OUTPUT_STRIP_TRAILING_WHITESPACE) +endif () + +# Fixup PowerPC. If both 32-bit and 64-bit use 64-bit. +if (CRYPTOPP_POWERPC AND CRYPTOPP_POWERPC64) + unset(CRYPTOPP_POWERPC) +endif () + +# Fixup for xlC compiler. -dumpmachine fails so we miss PowerPC +# TODO: something better than proxying the platform via compiler +# Must use CMAKE_CXX_COMPILER here due to XLC 13.1 and LLVM front-end. +if (CMAKE_CXX_COMPILER MATCHES "xlC") + message ("-- Fixing platform due to IBM xlC") + set(CRYPTOPP_POWERPC64 1) endif () # DumpMachine SunCC style if (CMAKE_CXX_COMPILER_ID STREQUAL "SunPro") - # SunCC is 32-bit, but it builds both 32 and 64 bit. Use - execute_process(COMMAND sh -c "${CMAKE_CXX_COMPILER} -V 2>&1" - COMMAND ${GREP_CMD} -i -c "Sparc" - OUTPUT_VARIABLE CRYPTOPP_SPARC - OUTPUT_STRIP_TRAILING_WHITESPACE) + # SunCC is 32-bit, but it builds both 32 and 64 bit. Use + execute_process(COMMAND sh -c "${CMAKE_CXX_COMPILER} -V 2>&1" + COMMAND ${GREP_CMD} -i -c "Sparc" + OUTPUT_VARIABLE CRYPTOPP_SPARC + OUTPUT_STRIP_TRAILING_WHITESPACE) - execute_process(COMMAND sh -c "${CMAKE_CXX_COMPILER} -V 2>&1" - COMMAND ${GREP_CMD} -i -c -E "i386|i86" - OUTPUT_VARIABLE CRYPTOPP_I386 - OUTPUT_STRIP_TRAILING_WHITESPACE) + execute_process(COMMAND sh -c "${CMAKE_CXX_COMPILER} -V 2>&1" + COMMAND ${GREP_CMD} -i -c -E "i386|i86" + OUTPUT_VARIABLE CRYPTOPP_I386 + OUTPUT_STRIP_TRAILING_WHITESPACE) - execute_process(COMMAND isainfo -k - COMMAND ${GREP_CMD} -i -c "i386" - OUTPUT_VARIABLE KERNEL_I386 - OUTPUT_STRIP_TRAILING_WHITESPACE) + execute_process(COMMAND isainfo -k + COMMAND ${GREP_CMD} -i -c "i386" + OUTPUT_VARIABLE KERNEL_I386 + OUTPUT_STRIP_TRAILING_WHITESPACE) - execute_process(COMMAND isainfo -k - COMMAND ${GREP_CMD} -i -c "amd64" - OUTPUT_VARIABLE KERNEL_AMD64 - OUTPUT_STRIP_TRAILING_WHITESPACE) + execute_process(COMMAND isainfo -k + COMMAND ${GREP_CMD} -i -c "amd64" + OUTPUT_VARIABLE KERNEL_AMD64 + OUTPUT_STRIP_TRAILING_WHITESPACE) - execute_process(COMMAND isainfo -k - COMMAND ${GREP_CMD} -i -c "Sparc" - OUTPUT_VARIABLE KERNEL_SPARC - OUTPUT_STRIP_TRAILING_WHITESPACE) + execute_process(COMMAND isainfo -k + COMMAND ${GREP_CMD} -i -c "Sparc" + OUTPUT_VARIABLE KERNEL_SPARC + OUTPUT_STRIP_TRAILING_WHITESPACE) - execute_process(COMMAND isainfo -k - COMMAND ${GREP_CMD} -i -c -E "UltraSarc|Sparc64|SparcV9" - OUTPUT_VARIABLE KERNEL_SPARC64 - OUTPUT_STRIP_TRAILING_WHITESPACE) + execute_process(COMMAND isainfo -k + COMMAND ${GREP_CMD} -i -c -E "UltraSarc|Sparc64|SparcV9" + OUTPUT_VARIABLE KERNEL_SPARC64 + OUTPUT_STRIP_TRAILING_WHITESPACE) - # Build for 32-bit on 64-bit kernels unless Native Arch is - # specified. Note that this is a policy provided by Sun. - if (CRYPTOPP_NATIVE_ARCH AND KERNEL_I386) - unset(CRYPTOPP_AMD64) - set(CRYPTOPP_I386 1) - elseif (CRYPTOPP_NATIVE_ARCH AND KERNEL_AMD64) - unset(CRYPTOPP_I386) - set(CRYPTOPP_AMD64 1) - elseif (CRYPTOPP_NATIVE_ARCH AND KERNEL_SPARC) - unset(KERNEL_SPARC64) - set(KERNEL_SPARC 1) - elseif (CRYPTOPP_NATIVE_ARCH AND KERNEL_SPARC64) - unset(KERNEL_SPARC) - set(KERNEL_SPARC64 1) - endif () endif () ############################################################################### if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU") - execute_process(COMMAND sh -c "${CMAKE_CXX_COMPILER} --version 2>&1" - COMMAND ${GREP_CMD} -i -c "macports" - OUTPUT_VARIABLE MACPORTS - OUTPUT_STRIP_TRAILING_WHITESPACE) + execute_process(COMMAND sh -c "${CMAKE_CXX_COMPILER} --version 2>&1" + COMMAND ${GREP_CMD} -i -c "macports" + OUTPUT_VARIABLE MACPORTS + OUTPUT_STRIP_TRAILING_WHITESPACE) - if (MACPORTS EQUAL 0) - # Get GAS version, add defs + set as appropriate - set(GAS_CMD sh -c "${CMAKE_CXX_COMPILER} -xc -c /dev/null -Wa,-v -o/dev/null 2>&1") + if (MACPORTS EQUAL 0) + # Get GAS version, add defs + set as appropriate + set(GAS_CMD sh -c "${CMAKE_CXX_COMPILER} -xc -c /dev/null -Wa,-v -o/dev/null 2>&1") - execute_process(COMMAND ${GAS_CMD} - OUTPUT_VARIABLE GAS_STRING - OUTPUT_STRIP_TRAILING_WHITESPACE) - string(FIND ${GAS_STRING} "GNU assembler" GAS_OUTPUT) + execute_process(COMMAND ${GAS_CMD} + OUTPUT_VARIABLE GAS_STRING + OUTPUT_STRIP_TRAILING_WHITESPACE) + string(FIND "${GAS_STRING}" "GNU assembler" GAS_OUTPUT) - if (NOT GAS_OUTPUT EQUAL -1) - #.intel_syntax wasn't supported until GNU assembler 2.10 + if (NOT GAS_OUTPUT EQUAL -1) + #.intel_syntax wasn't supported until GNU assembler 2.10 - # TODO(unassigned): string() REGEX was not cooperating at time of writing. Re-implement as needed. - execute_process(COMMAND echo ${GAS_STRING} - COMMAND ${GREP_CMD} -i -c -E "GNU.[Aa]ssembler.*(2\\.[1-9][0-9]|[3-9])" - OUTPUT_VARIABLE GAS210_OR_LATER) - if (GAS210_OR_LATER EQUAL 0) - add_definitions(-DCRYPTOPP_DISABLE_ASM) - set(DISABLE_ASM 1) - endif () + # TODO(unassigned): string() REGEX was not cooperating at time of writing. Re-implement as needed. + execute_process(COMMAND echo ${GAS_STRING} + COMMAND ${GREP_CMD} -i -c -E "GNU.[Aa]ssembler.*(2\\.[1-9][0-9]|[3-9])" + OUTPUT_VARIABLE GAS210_OR_LATER) + if (GAS210_OR_LATER EQUAL 0) + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS CRYPTOPP_DISABLE_ASM) + set(DISABLE_ASM 1) + endif () - execute_process(COMMAND echo ${GAS_STRING} - COMMAND ${GREP_CMD} -i -c -E "GNU.[Aa]ssembler.*(2\\.1[7-9]|2\\.[2-9]|[3-9])" - OUTPUT_VARIABLE GAS217_OR_LATER) - if (GAS217_OR_LATER EQUAL 0) - add_definitions(-DCRYPTOPP_DISABLE_SSSE3) - set(DISABLE_SSSE3 1) - endif () + execute_process(COMMAND echo ${GAS_STRING} + COMMAND ${GREP_CMD} -i -c -E "GNU.[Aa]ssembler.*(2\\.1[7-9]|2\\.[2-9]|[3-9])" + OUTPUT_VARIABLE GAS217_OR_LATER) + if (GAS217_OR_LATER EQUAL 0) + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS CRYPTOPP_DISABLE_SSSE3) + set(DISABLE_SSSE3 1) + endif () - # OpenBSD and CentOS 5 needed this one due to ARIA and BLAKE2 - execute_process(COMMAND echo ${GAS_STRING} - COMMAND ${GREP_CMD} -i -c -E "GNU.[Aa]ssembler.*(2\\.1[8-9]|2\\.[2-9]|[3-9])" - OUTPUT_VARIABLE GAS218_OR_LATER) - if (GAS218_OR_LATER EQUAL 0) - add_definitions(-DCRYPTOPP_DISABLE_SSE4) - set(DISABLE_SSE4 1) - endif () + # OpenBSD and CentOS 5 needed this one due to ARIA and BLAKE2 + execute_process(COMMAND echo ${GAS_STRING} + COMMAND ${GREP_CMD} -i -c -E "GNU.[Aa]ssembler.*(2\\.1[8-9]|2\\.[2-9]|[3-9])" + OUTPUT_VARIABLE GAS218_OR_LATER) + if (GAS218_OR_LATER EQUAL 0) + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS CRYPTOPP_DISABLE_SSSE4) + set(DISABLE_SSE4 1) + endif () - execute_process(COMMAND echo ${GAS_STRING} - COMMAND ${GREP_CMD} -i -c -E "GNU.[Aa]ssembler.*(2\\.19|2\\.[2-9]|[3-9])" - OUTPUT_VARIABLE GAS219_OR_LATER) - if (GAS219_OR_LATER EQUAL 0) - add_definitions(-DCRYPTOPP_DISABLE_AESNI) - set(DISABLE_AESNI 1) - endif () + execute_process(COMMAND echo ${GAS_STRING} + COMMAND ${GREP_CMD} -i -c -E "GNU.[Aa]ssembler.*(2\\.19|2\\.[2-9]|[3-9])" + OUTPUT_VARIABLE GAS219_OR_LATER) + if (GAS219_OR_LATER EQUAL 0) + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS CRYPTOPP_DISABLE_AESNI) + set(DISABLE_AESNI 1) + endif () - # Ubuntu 10 and Ubuntu 12 needed this one - execute_process(COMMAND echo ${GAS_STRING} - COMMAND ${GREP_CMD} -i -c -E "GNU.[Aa]ssembler.*(2\\.2[3-9]|2\\.[3-9]|[3-9])" - OUTPUT_VARIABLE GAS223_OR_LATER) - if (GAS223_OR_LATER EQUAL 0) - add_definitions(-DCRYPTOPP_DISABLE_SHA) - set(DISABLE_SHA 1) - endif () - endif () - endif () + # Ubuntu 10 and Ubuntu 12 needed this one + execute_process(COMMAND echo ${GAS_STRING} + COMMAND ${GREP_CMD} -i -c -E "GNU.[Aa]ssembler.*(2\\.2[3-9]|2\\.[3-9]|[3-9])" + OUTPUT_VARIABLE GAS223_OR_LATER) + if (GAS223_OR_LATER EQUAL 0) + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS CRYPTOPP_DISABLE_SHA) + set(DISABLE_SHA 1) + endif () + endif () + endif () endif () # TODO: what about ICC and LLVM on Windows? -if (CMAKE_CXX_COMPILER_ID STREQUAL "MSVC") - if (CMAKE_SYSTEM_VERSION MATCHES "10\\.0.*") - SET( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /D\"_WIN32_WINNT=0x0A00\"" ) - endif () - SET( CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} /FI\"winapifamily.h\"" ) +if (MSVC) + if (CMAKE_SYSTEM_VERSION MATCHES "10\\.0.*") + list(APPEND CRYPTOPP_COMPILE_DEFINITIONS "_WIN32_WINNT=0x0A00") + endif () + #list(APPEND CRYPTOPP_COMPILE_OPTIONS "/FI\"winapifamily.h\"") endif () # Enable PIC for all target machines except 32-bit i386 due to register pressures. if (NOT CRYPTOPP_I386) - SET(CMAKE_POSITION_INDEPENDENT_CODE 1) + SET(CMAKE_POSITION_INDEPENDENT_CODE 1) +endif () + +# IBM XLC compiler options for AIX and Linux. +# Must use CMAKE_CXX_COMPILER here due to XLC 13.1 and LLVM front-end. +if (CMAKE_CXX_COMPILER MATCHES "xlC") + + #CheckCompileLinkOption("-qxlcompatmacros" CRYPTOPP_XLC_COMPAT "${TEST_CXX_FILE}") + #if (CRYPTOPP_XLC_COMPAT) + # list(APPEND CRYPTOPP_COMPILE_OPTIONS "-qxlcompatmacros") + #endif () + + CheckCompileLinkOption("-qrtti" CRYPTOPP_PPC_RTTI "${TEST_CXX_FILE}") + if (CRYPTOPP_PPC_RTTI) + list(APPEND CRYPTOPP_COMPILE_OPTIONS "-qrtti") + endif () + + CheckCompileLinkOption("-qmaxmem=-1" CRYPTOPP_PPC_MAXMEM "${TEST_CXX_FILE}") + if (CRYPTOPP_PPC_MAXMEM) + list(APPEND CRYPTOPP_COMPILE_OPTIONS "-qmaxmem=-1") + endif () + + CheckCompileLinkOption("-qthreaded" CRYPTOPP_PPC_THREADED "${TEST_CXX_FILE}") + if (CRYPTOPP_PPC_THREADED) + list(APPEND CRYPTOPP_COMPILE_OPTIONS "-qthreaded") + endif () endif () # Solaris specific if (CRYPTOPP_SOLARIS) - # Determine 32-bit vs 64-bit - if (CRYPTOPP_AMD64 OR CRYPTOPP_SPARC64) - SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m64") - else () - SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -m32") - endif () + # SunCC needs -template=no%extdef + if (CMAKE_CXX_COMPILER_ID STREQUAL "SunPro") + list(APPEND CRYPTOPP_COMPILE_OPTIONS "-template=no%extdef") + endif () - # SunCC needs -template=no%extdef - if (CMAKE_CXX_COMPILER_ID STREQUAL "SunPro") - SET(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -template=no%extdef") - endif () + # SunCC needs -xregs=no%appl on Sparc (not x86) for libraries (not test program) + # TODO: wire this up properly + if (CMAKE_CXX_COMPILER_ID STREQUAL "SunPro" AND (CRYPTOPP_SPARC OR CRYPTOPP_SPARC64)) + list(APPEND CRYPTOPP_COMPILE_OPTIONS "-xregs=no%appl") + endif () - # GCC needs to enable use of '/' - if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU") - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -Wa,--divide") - endif () + # GCC needs to enable use of '/' for division in the assembler + if (CMAKE_CXX_COMPILER_ID STREQUAL "GNU") + list(APPEND CRYPTOPP_COMPILE_OPTIONS "-Wa,--divide") + endif () endif () -# Link is driven through the compiler, but CXXFLAGS are not used. Also see -# http://public.kitware.com/pipermail/cmake/2003-June/003967.html -if (NOT (WINDOWS OR WINDOWS_STORE OR WINDOWS_PHONE)) - SET(CMAKE_CXX_LINK_FLAGS "${CMAKE_CXX_FLAGS}") -endif () - #============================================================================ # Sources & headers #============================================================================ # Library headers -file(GLOB cryptopp_HEADERS *.h) +file(GLOB cryptopp_HEADERS ${SRC_DIR}/*.h) + # Remove headers used to build test suite list(REMOVE_ITEM cryptopp_HEADERS - ${CMAKE_CURRENT_SOURCE_DIR}/bench.h - ${CMAKE_CURRENT_SOURCE_DIR}/validate.h - ) + ${SRC_DIR}/bench.h + ${SRC_DIR}/validate.h + ) # Test sources. You can use the GNUmakefile to generate the list: `make sources`. -file(GLOB cryptopp_SOURCES_TEST test.cpp bench1.cpp bench2.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp validat4.cpp adhoc.cpp datatest.cpp regtest1.cpp regtest2.cpp regtest3.cpp fipsalgt.cpp dlltest.cpp fipstest.cpp) +set(cryptopp_SOURCES_TEST + ${SRC_DIR}/test.cpp + ${SRC_DIR}/bench1.cpp + ${SRC_DIR}/bench2.cpp + ${SRC_DIR}/bench3.cpp + ${SRC_DIR}/validat0.cpp + ${SRC_DIR}/validat1.cpp + ${SRC_DIR}/validat2.cpp + ${SRC_DIR}/validat3.cpp + ${SRC_DIR}/validat4.cpp + ${SRC_DIR}/validat5.cpp + ${SRC_DIR}/validat6.cpp + ${SRC_DIR}/validat7.cpp + ${SRC_DIR}/validat8.cpp + ${SRC_DIR}/validat9.cpp + ${SRC_DIR}/validat10.cpp + ${SRC_DIR}/regtest1.cpp + ${SRC_DIR}/regtest2.cpp + ${SRC_DIR}/regtest3.cpp + ${SRC_DIR}/regtest4.cpp + ${SRC_DIR}/datatest.cpp + ${SRC_DIR}/fipsalgt.cpp + ${SRC_DIR}/fipstest.cpp + ${SRC_DIR}/dlltest.cpp + #${SRC_DIR}/adhoc.cpp + ) # Library sources. You can use the GNUmakefile to generate the list: `make sources`. # Makefile sorted them at http://github.com/weidai11/cryptopp/pull/426. -file(GLOB cryptopp_SOURCES *.cpp) +file(GLOB cryptopp_SOURCES ${SRC_DIR}/*.cpp) list(SORT cryptopp_SOURCES) list(REMOVE_ITEM cryptopp_SOURCES - ${CMAKE_CURRENT_SOURCE_DIR}/cryptlib.cpp - ${CMAKE_CURRENT_SOURCE_DIR}/cpu.cpp - ${CMAKE_CURRENT_SOURCE_DIR}/integer.cpp - ${CMAKE_CURRENT_SOURCE_DIR}/pch.cpp - ${CMAKE_CURRENT_SOURCE_DIR}/simple.cpp - ${CMAKE_CURRENT_SOURCE_DIR}/winpipes.cpp - ${CMAKE_CURRENT_SOURCE_DIR}/cryptlib_bds.cpp - ${cryptopp_SOURCES_TEST} - ) + ${SRC_DIR}/cryptlib.cpp + ${SRC_DIR}/cpu.cpp + ${SRC_DIR}/integer.cpp + ${SRC_DIR}/pch.cpp + ${SRC_DIR}/simple.cpp + ${SRC_DIR}/adhoc.cpp + ${cryptopp_SOURCES_TEST} + ) set(cryptopp_SOURCES - ${CMAKE_CURRENT_SOURCE_DIR}/cryptlib.cpp - ${CMAKE_CURRENT_SOURCE_DIR}/cpu.cpp - ${CMAKE_CURRENT_SOURCE_DIR}/integer.cpp - ${cryptopp_SOURCES} - ) + ${SRC_DIR}/cryptlib.cpp + ${SRC_DIR}/cpu.cpp + ${SRC_DIR}/integer.cpp + ${cryptopp_SOURCES} + ) -if (MINGW OR WIN32) - list(APPEND cryptopp_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/winpipes.cpp) -endif () +set(cryptopp_SOURCES_ASM) if (MSVC AND NOT DISABLE_ASM) - if (${CMAKE_GENERATOR} MATCHES ".*ARM") - message(STATUS "Disabling ASM because ARM is specified as target platform.") - else () - if (CMAKE_SIZEOF_VOID_P EQUAL 8) - list(APPEND cryptopp_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/x64dll.asm) - list(APPEND cryptopp_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/x64masm.asm) - set_source_files_properties(${CMAKE_CURRENT_SOURCE_DIR}/x64dll.asm PROPERTIES COMPILE_FLAGS "/D_M_X64") - set_source_files_properties(${CMAKE_CURRENT_SOURCE_DIR}/x64masm.asm PROPERTIES COMPILE_FLAGS "/D_M_X64") - set_source_files_properties(${CMAKE_CURRENT_SOURCE_DIR}/rdrand.asm PROPERTIES COMPILE_FLAGS "/D_M_X64") - else () - set_source_files_properties(${CMAKE_CURRENT_SOURCE_DIR}/x64dll.asm PROPERTIES COMPILE_FLAGS "/D_M_X86 /safeseh") - set_source_files_properties(${CMAKE_CURRENT_SOURCE_DIR}/x64masm.asm PROPERTIES COMPILE_FLAGS "/D_M_X86 /safeseh") - set_source_files_properties(${CMAKE_CURRENT_SOURCE_DIR}/rdrand.asm PROPERTIES COMPILE_FLAGS "/D_M_X86 /safeseh") - endif () - list(APPEND cryptopp_SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/rdrand.asm) - enable_language(ASM_MASM) - endif () + if (${CMAKE_GENERATOR} MATCHES ".*ARM") + message(STATUS "Disabling ASM because ARM is specified as target platform.") + else () + enable_language(ASM_MASM) + list(APPEND cryptopp_SOURCES_ASM + ${SRC_DIR}/rdrand.asm + ) + if (CMAKE_SIZEOF_VOID_P EQUAL 8) + list(APPEND cryptopp_SOURCES_ASM + ${SRC_DIR}/x64dll.asm + ${SRC_DIR}/x64masm.asm + ) + set_source_files_properties(${cryptopp_SOURCES_ASM} PROPERTIES COMPILE_DEFINITIONS "_M_X64") + else () + set_source_files_properties(${cryptopp_SOURCES_ASM} PROPERTIES COMPILE_DEFINITIONS "_M_X86" COMPILE_FLAGS "/safeseh") + endif () + set_source_files_properties(${cryptopp_SOURCES_ASM} PROPERTIES LANGUAGE ASM_MASM) + endif () endif () #============================================================================ @@ -429,250 +592,458 @@ endif () # TODO: Android, AIX, IBM xlC, iOS and a few other profiles are missing. # New as of Pull Request 461, http://github.com/weidai11/cryptopp/pull/461. -if (CMAKE_CXX_COMPILER_ID MATCHES "Clang" OR CMAKE_CXX_COMPILER_ID STREQUAL "GNU") +# Must use CMAKE_CXX_COMPILER here due to XLC 13.1 and LLVM front-end. +if (CMAKE_CXX_COMPILER_ID MATCHES "Clang" OR CMAKE_CXX_COMPILER_ID STREQUAL "GNU" OR CMAKE_CXX_COMPILER_ID STREQUAL "Intel" OR CMAKE_CXX_COMPILER MATCHES "xlC") - if (CRYPTOPP_AMD64 OR CRYPTOPP_I386 OR CRYPTOPP_X32) + if (CRYPTOPP_AMD64 OR CRYPTOPP_I386 OR CRYPTOPP_X32) - CheckCompilerOption("-msse2" CRYPTOPP_IA32_SSE2) - CheckCompilerOption("-mssse3" CRYPTOPP_IA32_SSSE3) - CheckCompilerOption("-msse4.1" CRYPTOPP_IA32_SSE41) - CheckCompilerOption("-msse4.2" CRYPTOPP_IA32_SSE42) - CheckCompilerOption("-mssse3 -mpclmul" CRYPTOPP_IA32_CLMUL) - CheckCompilerOption("-msse4.1 -maes" CRYPTOPP_IA32_AES) - CheckCompilerOption("-msse4.2 -msha" CRYPTOPP_IA32_SHA) - CheckCompilerOption("-march=native" CRYPTOPP_IA32_NATIVE) + CheckCompileLinkOption("-msse2" CRYPTOPP_IA32_SSE2 + "${TEST_PROG_DIR}/test_x86_sse2.cxx") + CheckCompileLinkOption("-mssse3" CRYPTOPP_IA32_SSSE3 + "${TEST_PROG_DIR}/test_x86_ssse3.cxx") + CheckCompileLinkOption("-msse4.1" CRYPTOPP_IA32_SSE41 + "${TEST_PROG_DIR}/test_x86_sse41.cxx") + CheckCompileLinkOption("-msse4.2" CRYPTOPP_IA32_SSE42 + "${TEST_PROG_DIR}/test_x86_sse42.cxx") + CheckCompileLinkOption("-mssse3 -mpclmul" CRYPTOPP_IA32_CLMUL + "${TEST_PROG_DIR}/test_x86_clmul.cxx") + CheckCompileLinkOption("-msse4.1 -maes" CRYPTOPP_IA32_AES + "${TEST_PROG_DIR}/test_x86_aes.cxx") + CheckCompileLinkOption("-mavx" CRYPTOPP_IA32_AVX + "${TEST_PROG_DIR}/test_x86_avx.cxx") + CheckCompileLinkOption("-mavx2" CRYPTOPP_IA32_AVX2 + "${TEST_PROG_DIR}/test_x86_avx2.cxx") + CheckCompileLinkOption("-msse4.2 -msha" CRYPTOPP_IA32_SHA + "${TEST_PROG_DIR}/test_x86_sha.cxx") + CheckCompileLinkOption("" CRYPTOPP_MIXED_ASM + "${TEST_PROG_DIR}/test_mixed_asm.cxx") - # Deferred native arch; added to all CXXFLAGS - if (CRYPTOPP_NATIVE_ARCH AND CRYPTOPP_IA32_NATIVE) - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -march=native") - elseif (CRYPTOPP_NATIVE_ARCH) - message(WARNING "CRYPTOPP_NATIVE_ARCH enabled, but failed to detect native architecture") - endif () + # https://github.com/weidai11/cryptopp/issues/756 + if (NOT CRYPTOPP_MIXED_ASM) + list(APPEND CRYPTOPP_COMPILE_OPTIONS "-DCRYPTOPP_DISABLE_MIXED_ASM") + endif () - if (CRYPTOPP_IA32_SSE2 AND NOT DISABLE_ASM) - set_source_files_properties(sse-simd.cpp PROPERTIES COMPILE_FLAGS "-msse2") - endif () - if (CRYPTOPP_IA32_SSSE3 AND NOT DISABLE_SSSE3) - set_source_files_properties(aria-simd.cpp PROPERTIES COMPILE_FLAGS "-mssse3") - set_source_files_properties(simon-simd.cpp PROPERTIES COMPILE_FLAGS "-mssse3") - set_source_files_properties(speck-simd.cpp PROPERTIES COMPILE_FLAGS "-mssse3") - if (CRYPTOPP_IA32_SSE41 AND NOT DISABLE_SSE4) - set_source_files_properties(blake2-simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.1") - set_source_files_properties(simon-simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.1") - set_source_files_properties(speck-simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.1") - endif () - if (CRYPTOPP_IA32_SSE42 AND NOT DISABLE_SSE4) - set_source_files_properties(crc-simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.2") - set_source_files_properties(simon-simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.2") - set_source_files_properties(speck-simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.2") - if (CRYPTOPP_IA32_CLMUL AND NOT DISABLE_AES) - set_source_files_properties(gcm-simd.cpp PROPERTIES COMPILE_FLAGS "-mssse3 -mpclmul") - endif () - if (CRYPTOPP_IA32_AES AND NOT DISABLE_AES) - set_source_files_properties(rijndael-simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.1 -maes") - endif () - if (CRYPTOPP_IA32_SHA AND NOT DISABLE_SHA) - set_source_files_properties(sha-simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.2 -msha") - set_source_files_properties(shacal2-simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.2 -msha") - endif () - endif () - endif () + if (CRYPTOPP_IA32_SSE2 AND NOT DISABLE_ASM) + set_source_files_properties(${SRC_DIR}/sse_simd.cpp PROPERTIES COMPILE_FLAGS "-msse2") + set_source_files_properties(${SRC_DIR}/chacha_simd.cpp PROPERTIES COMPILE_FLAGS "-msse2") + set_source_files_properties(${SRC_DIR}/donna_sse.cpp PROPERTIES COMPILE_FLAGS "-msse2") + endif () + if (CRYPTOPP_IA32_SSSE3 AND NOT DISABLE_SSSE3) + set_source_files_properties(${SRC_DIR}/aria_simd.cpp PROPERTIES COMPILE_FLAGS "-mssse3") + set_source_files_properties(${SRC_DIR}/cham_simd.cpp PROPERTIES COMPILE_FLAGS "-mssse3") + set_source_files_properties(${SRC_DIR}/lea_simd.cpp PROPERTIES COMPILE_FLAGS "-mssse3") + set_source_files_properties(${SRC_DIR}/simeck_simd.cpp PROPERTIES COMPILE_FLAGS "-mssse3") + set_source_files_properties(${SRC_DIR}/simon128_simd.cpp PROPERTIES COMPILE_FLAGS "-mssse3") + set_source_files_properties(${SRC_DIR}/speck128_simd.cpp PROPERTIES COMPILE_FLAGS "-mssse3") + if (CRYPTOPP_IA32_SSE41 AND NOT DISABLE_SSE4) + set_source_files_properties(${SRC_DIR}/blake2s_simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.1") + set_source_files_properties(${SRC_DIR}/blake2b_simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.1") + set_source_files_properties(${SRC_DIR}/simon64_simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.1") + set_source_files_properties(${SRC_DIR}/speck64_simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.1") + endif () + if (CRYPTOPP_IA32_SSE42 AND NOT DISABLE_SSE4) + set_source_files_properties(${SRC_DIR}/crc_simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.2") + if (CRYPTOPP_IA32_CLMUL AND NOT DISABLE_AES) + set_source_files_properties(${SRC_DIR}/gcm_simd.cpp PROPERTIES COMPILE_FLAGS "-mssse3 -mpclmul") + endif () + if (CRYPTOPP_IA32_AES AND NOT DISABLE_AES) + set_source_files_properties(${SRC_DIR}/rijndael_simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.1 -maes") + set_source_files_properties(${SRC_DIR}/sm4_simd.cpp PROPERTIES COMPILE_FLAGS "-mssse3 -maes") + endif () + #if (CRYPTOPP_IA32_AVX AND NOT DISABLE_AVX) + # set_source_files_properties(${SRC_DIR}/XXX_avx.cpp PROPERTIES COMPILE_FLAGS "-mavx") + #endif () + if (CRYPTOPP_IA32_AVX2 AND NOT DISABLE_AVX2) + set_source_files_properties(${SRC_DIR}/chacha_avx.cpp PROPERTIES COMPILE_FLAGS "-mavx2") + endif () + if (CRYPTOPP_IA32_SHA AND NOT DISABLE_SHA) + set_source_files_properties(${SRC_DIR}/sha_simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.2 -msha") + set_source_files_properties(${SRC_DIR}/shacal2_simd.cpp PROPERTIES COMPILE_FLAGS "-msse4.2 -msha") + endif () + endif () + endif () - elseif (CRYPTOPP_AARCH32 OR CRYPTOPP_AARCH64) + elseif (CRYPTOPP_AARCH32 OR CRYPTOPP_AARCH64) - CheckCompilerOption("-march=armv8-a" CRYPTOPP_ARMV8A_BASE) - CheckCompilerOption("-march=armv8-a+crc" CRYPTOPP_ARMV8A_CRC) - CheckCompilerOption("-march=armv8-a+crypto" CRYPTOPP_ARMV8A_CRYPTO) - CheckCompilerOption("-march=armv8-a" CRYPTOPP_ARMV8A_NATIVE) + CheckCompileOption("-march=armv8-a" CRYPTOPP_ARMV8A_ASIMD) + CheckCompileOption("-march=armv8-a+crc" CRYPTOPP_ARMV8A_CRC) + CheckCompileOption("-march=armv8-a+crypto" CRYPTOPP_ARMV8A_CRYPTO) + CheckCompileOption("-march=armv8-a" CRYPTOPP_ARMV8A_NATIVE) - # Deferred native arch; added to all CXXFLAGS - if (CRYPTOPP_NATIVE_ARCH AND CRYPTOPP_ARMV8A_NATIVE) - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -march=armv8-a") - elseif (CRYPTOPP_NATIVE_ARCH) - message(WARNING "CRYPTOPP_NATIVE_ARCH enabled, but failed to detect native architecture") - endif () + if (CRYPTOPP_ARMV8A_ASIMD) + set_source_files_properties(${SRC_DIR}/aria_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") + set_source_files_properties(${SRC_DIR}/blake2s_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") + set_source_files_properties(${SRC_DIR}/blake2b_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") + set_source_files_properties(${SRC_DIR}/chacha_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") + set_source_files_properties(${SRC_DIR}/cham_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") + set_source_files_properties(${SRC_DIR}/lea_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") + set_source_files_properties(${SRC_DIR}/neon_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") + set_source_files_properties(${SRC_DIR}/simeck_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") + set_source_files_properties(${SRC_DIR}/simon64_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") + set_source_files_properties(${SRC_DIR}/simon128_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") + set_source_files_properties(${SRC_DIR}/speck64_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") + set_source_files_properties(${SRC_DIR}/speck128_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") + endif () + if (CRYPTOPP_ARMV8A_CRC) + set_source_files_properties(${SRC_DIR}/crc_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a+crc") + endif () + if (CRYPTOPP_ARMV8A_CRYPTO) + set_source_files_properties(${SRC_DIR}/gcm_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a+crypto") + set_source_files_properties(${SRC_DIR}/rijndael_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a+crypto") + set_source_files_properties(${SRC_DIR}/sha_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a+crypto") + set_source_files_properties(${SRC_DIR}/shacal2_simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a+crypto") + endif () - if (CRYPTOPP_ARMV8A_BASE) - set_source_files_properties(aria-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") - set_source_files_properties(blake2-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") - set_source_files_properties(neon-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") - set_source_files_properties(simon-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") - set_source_files_properties(speck-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a") - endif () - if (CRYPTOPP_ARMV8A_CRC) - set_source_files_properties(crc-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a+crc") - endif () - if (CRYPTOPP_ARMV8A_CRYPTO) - set_source_files_properties(gcm-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a+crypto") - set_source_files_properties(rijndael-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a+crypto") - set_source_files_properties(sha-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a+crypto") - set_source_files_properties(shacal2-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv8-a+crypto") - endif () + elseif (CRYPTOPP_ARM OR CRYPTOPP_ARMHF) - elseif (CRYPTOPP_ARM OR CRYPTOPP_ARMHF) + # Need to set floating point ABI to something, like "hard" of "softfp". + # Most Linux use hard floats. + CheckCompileLinkOption("-march=armv7-a -mfpu=neon" CRYPTOPP_ARMV7A_NEON + "${TEST_PROG_DIR}/test_arm_neon.cxx") + CheckCompileLinkOption("-march=armv7-a -mfloat-abi=hard -mfpu=neon" CRYPTOPP_ARMV7A_HARD + "${TEST_PROG_DIR}/test_arm_neon.cxx") + CheckCompileLinkOption("-march=armv7-a -mfloat-abi=softfp -mfpu=neon" CRYPTOPP_ARMV7A_SOFTFP + "${TEST_PROG_DIR}/test_arm_neon.cxx") - CheckCompilerOption("-march=armv7-a -mfpu=neon" CRYPTOPP_ARMV7A_NEON) - CheckCompilerOption("-march=armv7-a -mfloat-abi=hard" CRYPTOPP_ARMV7A_HARD) - CheckCompilerOption("-march=armv7-a -mfloat-abi=softfp" CRYPTOPP_ARMV7A_SOFTFP) + if (CRYPTOPP_ARMV7A_HARD) + set(CRYPTOPP_ARMV7A_FLAGS "-march=armv7-a -mfloat-abi=hard -mfpu=neon") + elseif (CRYPTOPP_ARMV7A_SOFTFP) + set(CRYPTOPP_ARMV7A_FLAGS "-march=armv7-a -mfloat-abi=softfp -mfpu=neon") + else () + AddCompileOption("-DCRYPTOPP_DISABLE_NEON") + endif() - # Deferred native arch; added to all CXXFLAGS - if (CRYPTOPP_NATIVE_ARCH AND CRYPTOPP_ARMV7A_HARD) - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -march=armv7-a -mfloat-abi=hard -mfpu=neon") - elseif (CRYPTOPP_NATIVE_ARCH AND CRYPTOPP_ARMV7A_SOFTFP) - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -march=armv7-a -mfloat-abi=softfp -mfpu=neon") - elseif (CRYPTOPP_NATIVE_ARCH) - message(WARNING "CRYPTOPP_NATIVE_ARCH enabled, but failed to detect native architecture") - endif () + if (CRYPTOPP_ARMV7A_HARD OR CRYPTOPP_ARMV7A_SOFTFP) + # Add ASM files for ARM + if (NOT MSVC) + list(APPEND cryptopp_SOURCES ${SRC_DIR}/aes_armv4.S) + set_source_files_properties(${SRC_DIR}/aes_armv4.S PROPERTIES LANGUAGE C) + endif () - if (CRYPTOPP_ARMV7A_HARD AND CRYPTOPP_ARMV7A_NEON) - # Need to set floating point ABI to something, like "hard" of "softfp". Most Linux use hard floats ("hard"). - set_source_files_properties(aria-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv7-a -mfloat-abi=hard -mfpu=neon") - set_source_files_properties(blake2-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv7-a -mfloat-abi=hard -mfpu=neon") - set_source_files_properties(gcm-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv7-a -mfloat-abi=hard -mfpu=neon") - set_source_files_properties(neon-simd.cpp PROPERTIES COMPILE_FLAGS "-mfloat-abi=hard -mfpu=neon") - set_source_files_properties(simon-simd.cpp PROPERTIES COMPILE_FLAGS "-mfloat-abi=hard -mfpu=neon") - set_source_files_properties(speck-simd.cpp PROPERTIES COMPILE_FLAGS "-mfloat-abi=hard -mfpu=neon") - elseif (CRYPTOPP_ARMV7A_SOFTFP AND CRYPTOPP_ARMV7A_NEON) - # Need to set floating point ABI to something, like "hard" of "softfp". Most Linux use hard floats ("hard"). - set_source_files_properties(aria-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv7-a -mfloat-abi=softfp -mfpu=neon") - set_source_files_properties(blake2-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv7-a -mfloat-abi=softfp -mfpu=neon") - set_source_files_properties(gcm-simd.cpp PROPERTIES COMPILE_FLAGS "-march=armv7-a -mfloat-abi=softfp -mfpu=neon") - set_source_files_properties(neon-simd.cpp PROPERTIES COMPILE_FLAGS "-mfloat-abi=softfp -mfpu=neon") - set_source_files_properties(simon-simd.cpp PROPERTIES COMPILE_FLAGS "-mfloat-abi=softfp -mfpu=neon") - set_source_files_properties(speck-simd.cpp PROPERTIES COMPILE_FLAGS "-mfloat-abi=softfp -mfpu=neon") - endif () - endif () + set_source_files_properties(${SRC_DIR}/aes_armv4.S PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/aria_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/blake2s_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/blake2b_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/chacha_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/cham_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/crc_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/lea_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/gcm_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/rijndael_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/neon_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/sha_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/simeck_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/simon64_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/simon128_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/speck64_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/speck128_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + set_source_files_properties(${SRC_DIR}/sm4_simd.cpp PROPERTIES COMPILE_FLAGS "${CRYPTOPP_ARMV7A_FLAGS}") + endif () + + elseif (CRYPTOPP_POWERPC OR CRYPTOPP_POWERPC64) + + if (CMAKE_CXX_COMPILER MATCHES "xlC") + set(CRYPTOPP_ALTIVEC_FLAGS "-qaltivec") + set(CRYPTOPP_POWER4_FLAGS "-qarch=pwr4 -qaltivec") + set(CRYPTOPP_POWER5_FLAGS "-qarch=pwr5 -qaltivec") + set(CRYPTOPP_POWER6_FLAGS "-qarch=pwr6 -qaltivec") + set(CRYPTOPP_POWER7_FLAGS "-qarch=pwr7 -qaltivec") + set(CRYPTOPP_POWER8_FLAGS "-qarch=pwr8 -qaltivec") + set(CRYPTOPP_POWER9_FLAGS "-qarch=pwr9 -qaltivec") + else () + set(CRYPTOPP_ALTIVEC_FLAGS "-maltivec") + set(CRYPTOPP_POWER7_FLAGS "-mcpu=power7 -maltivec") + set(CRYPTOPP_POWER8_FLAGS "-mcpu=power8 -maltivec") + set(CRYPTOPP_POWER9_FLAGS "-mcpu=power9 -maltivec") + endif () + + CheckCompileLinkOption("${CRYPTOPP_ALTIVEC_FLAGS}" PPC_ALTIVEC_FLAG + "${TEST_PROG_DIR}/test_ppc_altivec.cxx") + + # Hack for XLC + if (CMAKE_CXX_COMPILER MATCHES "xlC") + if (NOT PPC_ALTIVEC_FLAG) + CheckCompileLinkOption("${CRYPTOPP_POWER4_FLAGS}" PPC_POWER4_FLAG + "${TEST_PROG_DIR}/test_ppc_altivec.cxx") + if (PPC_POWER4_FLAG) + set(PPC_ALTIVEC_FLAG 1) + set(CRYPTOPP_ALTIVEC_FLAGS "${CRYPTOPP_POWER4_FLAGS}") + endif () + endif () + if (NOT PPC_ALTIVEC_FLAG) + CheckCompileLinkOption("${CRYPTOPP_POWER5_FLAGS}" PPC_POWER5_FLAG + "${TEST_PROG_DIR}/test_ppc_altivec.cxx") + if (PPC_POWER5_FLAG) + set(PPC_ALTIVEC_FLAG 1) + set(CRYPTOPP_ALTIVEC_FLAGS "${CRYPTOPP_POWER5_FLAGS}") + endif () + endif () + if (NOT PPC_ALTIVEC_FLAG) + CheckCompileLinkOption("${CRYPTOPP_POWER6_FLAGS}" PPC_POWER6_FLAG + "${TEST_PROG_DIR}/test_ppc_altivec.cxx") + if (PPC_POWER6_FLAG) + set(PPC_ALTIVEC_FLAG 1) + set(CRYPTOPP_ALTIVEC_FLAGS "${CRYPTOPP_POWER6_FLAGS}") + endif () + endif () + endif () + + CheckCompileLinkOption("${CRYPTOPP_POWER7_FLAGS}" PPC_POWER7_FLAG + "${TEST_PROG_DIR}/test_ppc_power7.cxx") + + CheckCompileLinkOption("${CRYPTOPP_POWER8_FLAGS}" PPC_POWER8_FLAG + "${TEST_PROG_DIR}/test_ppc_power8.cxx") + + CheckCompileLinkOption("${CRYPTOPP_POWER9_FLAGS}" PPC_POWER9_FLAG + "${TEST_PROG_DIR}/test_ppc_power9.cxx") + + if (PPC_POWER9_FLAG AND NOT DISABLE_POWER9) + set_source_files_properties(${SRC_DIR}/ppc_power9.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER9_FLAGS}) + endif () + + if (PPC_POWER8_FLAG AND NOT DISABLE_POWER8) + set_source_files_properties(${SRC_DIR}/ppc_power8.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER8_FLAGS}) + set_source_files_properties(${SRC_DIR}/blake2b_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER8_FLAGS}) + #set_source_files_properties(${SRC_DIR}/crc_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER8_FLAGS}) + set_source_files_properties(${SRC_DIR}/gcm_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER8_FLAGS}) + set_source_files_properties(${SRC_DIR}/rijndael_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER8_FLAGS}) + set_source_files_properties(${SRC_DIR}/sha_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER8_FLAGS}) + set_source_files_properties(${SRC_DIR}/shacal2_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER8_FLAGS}) + set_source_files_properties(${SRC_DIR}/simon128_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER8_FLAGS}) + set_source_files_properties(${SRC_DIR}/speck128_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER8_FLAGS}) + endif () + + if (PPC_POWER7_FLAG AND NOT DISABLE_POWER7) + set_source_files_properties(${SRC_DIR}/ppc_power7.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER7_FLAGS}) + set_source_files_properties(${SRC_DIR}/aria_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER7_FLAGS}) + set_source_files_properties(${SRC_DIR}/blake2s_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER7_FLAGS}) + set_source_files_properties(${SRC_DIR}/chacha_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER7_FLAGS}) + set_source_files_properties(${SRC_DIR}/cham_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER7_FLAGS}) + set_source_files_properties(${SRC_DIR}/lea_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER7_FLAGS}) + set_source_files_properties(${SRC_DIR}/simeck_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER7_FLAGS}) + set_source_files_properties(${SRC_DIR}/simon64_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER7_FLAGS}) + set_source_files_properties(${SRC_DIR}/speck64_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER7_FLAGS}) + endif () + + if (PPC_ALTIVEC_FLAG AND NOT DISABLE_ALTIVEC) + set_source_files_properties(${SRC_DIR}/ppc_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_ALTIVEC_FLAGS}) + endif () + + # Drop to Power7 if Power8 unavailable + if (NOT PPC_POWER8_FLAG) + if (PPC_POWER7_FLAG) + set_source_files_properties(${SRC_DIR}/gcm_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_POWER7_FLAGS}) + endif () + endif () + + # Drop to Altivec if Power7 unavailable + if (NOT PPC_POWER7_FLAG) + if (PPC_ALTIVEC_FLAG) + set_source_files_properties(${SRC_DIR}/blake2s_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_ALTIVEC_FLAGS}) + set_source_files_properties(${SRC_DIR}/chacha_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_ALTIVEC_FLAGS}) + set_source_files_properties(${SRC_DIR}/simon64_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_ALTIVEC_FLAGS}) + set_source_files_properties(${SRC_DIR}/speck64_simd.cpp PROPERTIES COMPILE_FLAGS ${CRYPTOPP_ALTIVEC_FLAGS}) + endif () + endif () + + if (NOT PPC_ALTIVEC_FLAG) + list(APPEND CRYPTOPP_COMPILE_OPTIONS "-DCRYPTOPP_DISABLE_ALTIVEC") + elseif (NOT PPC_POWER7_FLAG) + list(APPEND CRYPTOPP_COMPILE_OPTIONS "-DCRYPTOPP_DISABLE_POWER7") + elseif (NOT PPC_POWER8_FLAG) + list(APPEND CRYPTOPP_COMPILE_OPTIONS "-DCRYPTOPP_DISABLE_POWER8") + elseif (NOT PPC_POWER9_FLAG) + list(APPEND CRYPTOPP_COMPILE_OPTIONS "-DCRYPTOPP_DISABLE_POWER9") + endif () + + endif () endif () # New as of Pull Request 461, http://github.com/weidai11/cryptopp/pull/461. if (CMAKE_CXX_COMPILER_ID STREQUAL "SunPro") - if (CRYPTOPP_AMD64 OR CRYPTOPP_I386 OR CRYPTOPP_X32) + if (CRYPTOPP_AMD64 OR CRYPTOPP_I386 OR CRYPTOPP_X32) - CheckCompilerOption("-xarch=sse2" CRYPTOPP_IA32_SSE2) - CheckCompilerOption("-xarch=ssse3" CRYPTOPP_IA32_SSSE3) - CheckCompilerOption("-xarch=sse4_1" CRYPTOPP_IA32_SSE41) - CheckCompilerOption("-xarch=sse4_2" CRYPTOPP_IA32_SSE42) - CheckCompilerOption("-xarch=aes" CRYPTOPP_IA32_CLMUL) - CheckCompilerOption("-xarch=aes" CRYPTOPP_IA32_AES) - CheckCompilerOption("-xarch=sha" CRYPTOPP_IA32_SHA) - CheckCompilerOption("-native" CRYPTOPP_IA32_NATIVE) + CheckCompileLinkOption("-xarch=sse2" CRYPTOPP_IA32_SSE2 + "${TEST_PROG_DIR}/test_x86_sse2.cxx") + CheckCompileLinkOption("-xarch=ssse3" CRYPTOPP_IA32_SSSE3 + "${TEST_PROG_DIR}/test_x86_ssse3.cxx") + CheckCompileLinkOption("-xarch=sse4_1" CRYPTOPP_IA32_SSE41 + "${TEST_PROG_DIR}/test_x86_sse41.cxx") + CheckCompileLinkOption("-xarch=sse4_2" CRYPTOPP_IA32_SSE42 + "${TEST_PROG_DIR}/test_x86_sse42.cxx") + CheckCompileLinkOption("-xarch=aes" CRYPTOPP_IA32_CLMUL + "${TEST_PROG_DIR}/test_x86_clmul.cxx") + CheckCompileLinkOption("-xarch=aes" CRYPTOPP_IA32_AES + "${TEST_PROG_DIR}/test_x86_aes.cxx") + CheckCompileLinkOption("-xarch=avx" CRYPTOPP_IA32_AVX + "${TEST_PROG_DIR}/test_x86_avx.cxx") + CheckCompileLinkOption("-xarch=avx2" CRYPTOPP_IA32_AVX2 + "${TEST_PROG_DIR}/test_x86_avx2.cxx") + CheckCompileLinkOption("-xarch=sha" CRYPTOPP_IA32_SHA + "${TEST_PROG_DIR}/test_x86_sha.cxx") - # Deferred native arch; added to all CXXFLAGS - if (CRYPTOPP_NATIVE_ARCH AND CRYPTOPP_IA32_NATIVE) - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -native") - elseif (CRYPTOPP_NATIVE_ARCH) - message(WARNING "CRYPTOPP_NATIVE_ARCH enabled, but failed to detect native architecture") - endif () + # Each -xarch=XXX options must be added to LDFLAGS if the option is used during a compile. + set(XARCH_LDFLAGS "") - # TODO: each of these -xarch=XXX options must be added to LDFLAGS - # if the option is used during a compile. - if (CRYPTOPP_IA32_SSE2 AND NOT DISABLE_ASM) - set_source_files_properties(sse-simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=sse2") - endif () - if (CRYPTOPP_IA32_SSSE3 AND NOT DISABLE_SSSE3) - set_source_files_properties(aria-simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=ssse3") - set_source_files_properties(simon-simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=ssse3") - set_source_files_properties(speck-simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=ssse3") - if (CRYPTOPP_IA32_SSE41 AND NOT DISABLE_SSE4) - set_source_files_properties(blake2-simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=sse4_1") - endif () - if (CRYPTOPP_IA32_SSE42 AND NOT DISABLE_SSE4) - set_source_files_properties(crc-simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=sse4_2") - if (CRYPTOPP_IA32_CLMUL AND NOT DISABLE_AES) - set_source_files_properties(gcm-simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=aes") - endif () - if (CRYPTOPP_IA32_AES AND NOT DISABLE_AES) - set_source_files_properties(rijndael-simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=aes") - endif () - if (CRYPTOPP_IA32_SHA AND NOT DISABLE_SHA) - set_source_files_properties(sha-simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=sha") - set_source_files_properties(shacal2-simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=sha") - endif () - endif () - endif () + if (CRYPTOPP_IA32_SSE2 AND NOT DISABLE_ASM) + set_source_files_properties(${SRC_DIR}/sse_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=sse2") + set_source_files_properties(${SRC_DIR}/chacha_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=sse2") + set(XARCH_LDFLAGS "-xarch=sse2") + endif () + if (CRYPTOPP_IA32_SSSE3 AND NOT DISABLE_SSSE3) + set_source_files_properties(${SRC_DIR}/aria_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=ssse3") + set_source_files_properties(${SRC_DIR}/cham_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=ssse3") + set_source_files_properties(${SRC_DIR}/lea_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=ssse3") + set_source_files_properties(${SRC_DIR}/simeck_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=ssse3") + set_source_files_properties(${SRC_DIR}/simon128_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=ssse3") + set_source_files_properties(${SRC_DIR}/speck128_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=ssse3") + set(XARCH_LDFLAGS "${XARCH_LDFLAGS} -xarch=ssse3") + if (CRYPTOPP_IA32_SSE41 AND NOT DISABLE_SSE4) + set_source_files_properties(${SRC_DIR}/blake2s_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=sse4_1") + set_source_files_properties(${SRC_DIR}/blake2b_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=sse4_1") + set_source_files_properties(${SRC_DIR}/simon64_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=sse4_1") + set_source_files_properties(${SRC_DIR}/speck64_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=sse4_1") + set(XARCH_LDFLAGS "${XARCH_LDFLAGS} -xarch=sse4_1") + endif () + if (CRYPTOPP_IA32_SSE42 AND NOT DISABLE_SSE4) + set_source_files_properties(${SRC_DIR}/crc_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=sse4_2") + set(XARCH_LDFLAGS "${XARCH_LDFLAGS} -xarch=sse4_2") + if (CRYPTOPP_IA32_CLMUL AND NOT DISABLE_CLMUL) + set_source_files_properties(${SRC_DIR}/gcm_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=aes") + endif () + if (CRYPTOPP_IA32_AES AND NOT DISABLE_AES) + set_source_files_properties(${SRC_DIR}/rijndael_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=aes") + set_source_files_properties(${SRC_DIR}/sm4_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=aes") + set(XARCH_LDFLAGS "${XARCH_LDFLAGS} -xarch=aes") + endif () + #if (CRYPTOPP_IA32_AVX AND NOT DISABLE_AVX) + # set_source_files_properties(${SRC_DIR}/XXX_avx.cpp PROPERTIES COMPILE_FLAGS "-xarch=avx2") + # set(XARCH_LDFLAGS "${XARCH_LDFLAGS} -xarch=avx") + #endif () + if (CRYPTOPP_IA32_AVX2 AND NOT DISABLE_AVX2) + set_source_files_properties(${SRC_DIR}/chacha_avx.cpp PROPERTIES COMPILE_FLAGS "-xarch=avx2") + set(XARCH_LDFLAGS "${XARCH_LDFLAGS} -xarch=avx2") + endif () + if (CRYPTOPP_IA32_SHA AND NOT DISABLE_SHA) + set_source_files_properties(${SRC_DIR}/sha_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=sha") + set_source_files_properties(${SRC_DIR}/shacal2_simd.cpp PROPERTIES COMPILE_FLAGS "-xarch=sha") + set(XARCH_LDFLAGS "${XARCH_LDFLAGS} -xarch=sha") + endif () + endif () + endif () - elseif (CRYPTOPP_SPARC OR CRYPTOPP_SPARC64) + # https://stackoverflow.com/a/6088646/608639 + set(CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} ${XARCH_LDFLAGS} -M${SRC_DIR}/cryptopp.mapfile") + set(CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} ${XARCH_LDFLAGS} -M${SRC_DIR}/cryptopp.mapfile") + set(CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} ${XARCH_LDFLAGS} -M${SRC_DIR}/cryptopp.mapfile") - # Sparc's need -xmemalign=4i - CheckCompilerOption("-xmemalign=4i" CRYPTOPP_SUN_MEMALIGN) + # elseif (CRYPTOPP_SPARC OR CRYPTOPP_SPARC64) - if (CRYPTOPP_SUN_MEMALIGN STREQUAL "1") - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -xmemalign=4i") - endif () - - # Deferred native arch; added to all CXXFLAGS - if (CRYPTOPP_NATIVE_ARCH AND CRYPTOPP_SPARC_NATIVE) - set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -native") - elseif (CRYPTOPP_NATIVE_ARCH) - message(WARNING "CRYPTOPP_NATIVE_ARCH enabled, but failed to detect native architecture") - endif () - - endif () + endif () endif () +# Attempt to determine a suitable native option +if (CRYPTOPP_NATIVE_ARCH) + + CheckCompileOption("-march=native" NATIVE_ARCH) + if (NATIVE_ARCH) + list(APPEND CRYPTOPP_COMPILE_OPTIONS "-march=native") + else () + CheckCompileOption("-native" NATIVE_ARCH) + if (NATIVE_ARCH) + list(APPEND CRYPTOPP_COMPILE_OPTIONS "-native") + endif () + endif () + + if (NOT NATIVE_ARCH) + message(WARNING "CRYPTOPP_NATIVE_ARCH enabled, but failed to detect native architecture option") + endif () + +endif() + #============================================================================ # Compile targets #============================================================================ -# Set global includes BEFORE adding any targets for legacy CMake versions -if (CMAKE_VERSION VERSION_LESS 2.8.12) - include_directories("${CMAKE_CURRENT_SOURCE_DIR}") -endif () +# Work around the archaic versions of cmake that do not support +# target_compile_xxxx commands +# !!! DO NOT try to use the old way for newer version - it does not work !!! +function(cryptopp_target_compile_properties target) + if (NOT ${CMAKE_VERSION} VERSION_LESS "2.8.11") + target_compile_definitions(${target} PUBLIC ${CRYPTOPP_COMPILE_DEFINITIONS}) + else() + string (REPLACE ";" " " PROP_STR "${CRYPTOPP_COMPILE_DEFINITIONS}") + set_target_properties(${target} PROPERTIES COMPILE_DEFINITIONS "${CRYPTOPP_COMPILE_DEFINITIONS}") + endif() + if (NOT ${CMAKE_VERSION} VERSION_LESS "2.8.12") + target_compile_options(${target} PUBLIC ${CRYPTOPP_COMPILE_OPTIONS}) + else() + string (REPLACE ";" " " PROP_STR "${CRYPTOPP_COMPILE_OPTIONS}") + set_target_properties(${target} PROPERTIES COMPILE_FLAGS "${PROP_STR}") + endif() +endfunction() -if (USE_INTERMEDIATE_OBJECTS_TARGET) - add_library(cryptopp-object OBJECT ${cryptopp_SOURCES}) +set(cryptopp_LIBRARY_SOURCES ${cryptopp_SOURCES_ASM}) +if (USE_INTERMEDIATE_OBJECTS_TARGET AND NOT ${CMAKE_VERSION} VERSION_LESS "2.8.8") + add_library(cryptopp-object OBJECT ${cryptopp_SOURCES}) + cryptopp_target_compile_properties(cryptopp-object) + + list(APPEND cryptopp_LIBRARY_SOURCES + $ + ) +else () + list(APPEND cryptopp_LIBRARY_SOURCES + ${cryptopp_SOURCES} + ) endif () if (BUILD_STATIC) - if (USE_INTERMEDIATE_OBJECTS_TARGET) - add_library(cryptopp-static STATIC $) - else () - add_library(cryptopp-static STATIC ${cryptopp_SOURCES}) - endif () - - if (NOT CMAKE_VERSION VERSION_LESS 2.8.12) - target_include_directories(cryptopp-static PUBLIC $ $) - endif () + add_library(cryptopp-static STATIC ${cryptopp_LIBRARY_SOURCES}) + cryptopp_target_compile_properties(cryptopp-static) + if (NOT ${CMAKE_VERSION} VERSION_LESS "2.8.11") + target_include_directories(cryptopp-static PUBLIC $ $) + else () + set_target_properties(cryptopp-static PROPERTIES INCLUDE_DIRECTORIES "$ $") + endif () endif () if (BUILD_SHARED) - if (USE_INTERMEDIATE_OBJECTS_TARGET) - add_library(cryptopp-shared SHARED $) - else () - add_library(cryptopp-shared SHARED ${cryptopp_SOURCES}) - endif () - - if (NOT CMAKE_VERSION VERSION_LESS 2.8.12) - target_include_directories(cryptopp-shared PUBLIC $ $) - endif () + add_library(cryptopp-shared SHARED ${cryptopp_LIBRARY_SOURCES}) + cryptopp_target_compile_properties(cryptopp-shared) + if (NOT ${CMAKE_VERSION} VERSION_LESS "2.8.11") + target_include_directories(cryptopp-shared PUBLIC $ $) + else () + set_target_properties(cryptopp-shared PROPERTIES INCLUDE_DIRECTORIES "$ $") + endif () endif () # Set filenames for targets to be "cryptopp" if (NOT MSVC) - set(COMPAT_VERSION ${cryptopp_VERSION_MAJOR}.${cryptopp_VERSION_MINOR}) + set(COMPAT_VERSION ${cryptopp_VERSION_MAJOR}.${cryptopp_VERSION_MINOR}) - if (BUILD_STATIC) - set_target_properties(cryptopp-static - PROPERTIES - OUTPUT_NAME cryptopp) - endif () - if (BUILD_SHARED) - set_target_properties(cryptopp-shared - PROPERTIES - SOVERSION ${COMPAT_VERSION} - OUTPUT_NAME cryptopp) - endif () + if (BUILD_STATIC) + set_target_properties(cryptopp-static + PROPERTIES + OUTPUT_NAME cryptopp) + endif () + if (BUILD_SHARED) + set_target_properties(cryptopp-shared + PROPERTIES + SOVERSION ${COMPAT_VERSION} + OUTPUT_NAME cryptopp) + endif () endif () -# Targets, compatible with Crypto++ GNUMakefile +# Add alternate ways to invoke the build for the shared library that are +# similar to how the crypto++ 'make' tool works. +# see https://github.com/noloader/cryptopp-cmake/issues/32 if (BUILD_STATIC) - add_custom_target(static) - add_dependencies(static cryptopp-static) + add_custom_target(static DEPENDS cryptopp-static) endif () if (BUILD_SHARED) - add_custom_target(dynamic) - add_dependencies(dynamic cryptopp-shared) + add_custom_target(shared DEPENDS cryptopp-shared) + add_custom_target(dynamic DEPENDS cryptopp-shared) endif () #============================================================================ @@ -680,30 +1051,30 @@ endif () #============================================================================ if (WIN32) - if (BUILD_STATIC) - target_link_libraries(cryptopp-static ws2_32) - endif () - if (BUILD_SHARED) - target_link_libraries(cryptopp-shared ws2_32) - endif () + if (BUILD_STATIC) + target_link_libraries(cryptopp-static ws2_32) + endif () + if (BUILD_SHARED) + target_link_libraries(cryptopp-shared ws2_32) + endif () endif () # This may need to be expanded to "Solaris" if (CRYPTOPP_SOLARIS) - if (BUILD_STATIC) - target_link_libraries(cryptopp-static nsl socket) - endif () - if (BUILD_SHARED) - target_link_libraries(cryptopp-shared nsl socket) - endif () + if (BUILD_STATIC) + target_link_libraries(cryptopp-static nsl socket) + endif () + if (BUILD_SHARED) + target_link_libraries(cryptopp-shared nsl socket) + endif () endif () find_package(Threads) if (BUILD_STATIC) - target_link_libraries(cryptopp-static ${CMAKE_THREAD_LIBS_INIT}) + target_link_libraries(cryptopp-static ${CMAKE_THREAD_LIBS_INIT}) endif () if (BUILD_SHARED) - target_link_libraries(cryptopp-shared ${CMAKE_THREAD_LIBS_INIT}) + target_link_libraries(cryptopp-shared ${CMAKE_THREAD_LIBS_INIT}) endif () #============================================================================ @@ -712,24 +1083,24 @@ endif () enable_testing() if (BUILD_TESTING) - add_executable(cryptest ${cryptopp_SOURCES_TEST}) - target_link_libraries(cryptest cryptopp-static) + add_executable(cryptest ${cryptopp_SOURCES_TEST}) + target_link_libraries(cryptest cryptopp-static) - # Setting "cryptest" binary name to "cryptest.exe" - if (NOT (WIN32 OR CYGWIN)) - set_target_properties(cryptest PROPERTIES OUTPUT_NAME cryptest.exe) - endif () - if (NOT TARGET cryptest.exe) - add_custom_target(cryptest.exe) - add_dependencies(cryptest.exe cryptest) - endif () + # Setting "cryptest" binary name to "cryptest.exe" + if (NOT (WIN32 OR CYGWIN)) + set_target_properties(cryptest PROPERTIES OUTPUT_NAME cryptest.exe) + endif () + if (NOT TARGET cryptest.exe) + add_custom_target(cryptest.exe) + add_dependencies(cryptest.exe cryptest) + endif () - file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/TestData DESTINATION ${PROJECT_BINARY_DIR}) - file(COPY ${CMAKE_CURRENT_SOURCE_DIR}/TestVectors DESTINATION ${PROJECT_BINARY_DIR}) + file(COPY ${SRC_DIR}/TestData DESTINATION ${PROJECT_BINARY_DIR}) + file(COPY ${SRC_DIR}/TestVectors DESTINATION ${PROJECT_BINARY_DIR}) - add_test(NAME build_cryptest COMMAND "${CMAKE_COMMAND}" --build ${CMAKE_BINARY_DIR} --target cryptest) - add_test(NAME cryptest COMMAND $ v) - set_tests_properties(cryptest PROPERTIES DEPENDS build_cryptest) + add_test(NAME build_cryptest COMMAND "${CMAKE_COMMAND}" --build ${CMAKE_BINARY_DIR} --target cryptest) + add_test(NAME cryptest COMMAND $ v) + set_tests_properties(cryptest PROPERTIES DEPENDS build_cryptest) endif () #============================================================================ @@ -737,24 +1108,24 @@ endif () #============================================================================ if (BUILD_DOCUMENTATION) - find_package(Doxygen REQUIRED) + find_package(Doxygen REQUIRED) - set(in_source_DOCS_DIR "${CMAKE_CURRENT_SOURCE_DIR}/html-docs") - set(out_source_DOCS_DIR "${PROJECT_BINARY_DIR}/html-docs") + set(in_source_DOCS_DIR "${SRC_DIR}/html-docs") + set(out_source_DOCS_DIR "${PROJECT_BINARY_DIR}/html-docs") - add_custom_target(docs ALL - COMMAND ${DOXYGEN_EXECUTABLE} Doxyfile -d CRYPTOPP_DOXYGEN_PROCESSING - WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} - SOURCES ${CMAKE_CURRENT_SOURCE_DIR}/Doxyfile - ) + add_custom_target(docs ALL + COMMAND ${DOXYGEN_EXECUTABLE} Doxyfile -d CRYPTOPP_DOXYGEN_PROCESSING + WORKING_DIRECTORY ${SRC_DIR} + SOURCES ${SRC_DIR}/Doxyfile + ) - if (NOT ${in_source_DOCS_DIR} STREQUAL ${out_source_DOCS_DIR}) - add_custom_command( - TARGET docs POST_BUILD - COMMAND ${CMAKE_COMMAND} -E copy_directory "${in_source_DOCS_DIR}" "${out_source_DOCS_DIR}" - COMMAND ${CMAKE_COMMAND} -E remove_directory "${in_source_DOCS_DIR}" - ) - endif () + if (NOT ${in_source_DOCS_DIR} STREQUAL ${out_source_DOCS_DIR}) + add_custom_command( + TARGET docs POST_BUILD + COMMAND ${CMAKE_COMMAND} -E copy_directory "${in_source_DOCS_DIR}" "${out_source_DOCS_DIR}" + COMMAND ${CMAKE_COMMAND} -E remove_directory "${in_source_DOCS_DIR}" + ) + endif () endif () #============================================================================ @@ -765,80 +1136,81 @@ set(export_name "cryptopp-targets") # Runtime package if (BUILD_SHARED) - install( - TARGETS cryptopp-shared - EXPORT ${export_name} - DESTINATION ${CMAKE_INSTALL_LIBDIR} - RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} - LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} - ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} - ) + export(TARGETS cryptopp-shared FILE ${export_name}.cmake ) + install( + TARGETS cryptopp-shared + EXPORT ${export_name} + DESTINATION ${CMAKE_INSTALL_LIBDIR} + RUNTIME DESTINATION ${CMAKE_INSTALL_BINDIR} + LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} + ARCHIVE DESTINATION ${CMAKE_INSTALL_LIBDIR} + ) endif () # Development package if (BUILD_STATIC) - install(TARGETS cryptopp-static EXPORT ${export_name} DESTINATION ${CMAKE_INSTALL_LIBDIR}) + export(TARGETS cryptopp-static FILE ${export_name}.cmake ) + install(TARGETS cryptopp-static EXPORT ${export_name} DESTINATION ${CMAKE_INSTALL_LIBDIR}) endif () install(FILES ${cryptopp_HEADERS} DESTINATION include/cryptopp) # CMake Package -if (NOT CMAKE_VERSION VERSION_LESS 2.8.8) # CMakePackageConfigHelpers is supported from 2.8.8 - include(CMakePackageConfigHelpers) - write_basic_package_version_file("${PROJECT_BINARY_DIR}/cryptopp-config-version.cmake" VERSION ${cryptopp_VERSION_MAJOR}.${cryptopp_VERSION_MINOR}.${cryptopp_VERSION_PATCH} COMPATIBILITY SameMajorVersion) - install(FILES cryptopp-config.cmake ${PROJECT_BINARY_DIR}/cryptopp-config-version.cmake DESTINATION "lib/cmake/cryptopp") - install(EXPORT ${export_name} DESTINATION "lib/cmake/cryptopp") +if (NOT CMAKE_VERSION VERSION_LESS 2.8.8) + include(CMakePackageConfigHelpers) + write_basic_package_version_file("${PROJECT_BINARY_DIR}/cryptopp-config-version.cmake" VERSION ${cryptopp_VERSION_MAJOR}.${cryptopp_VERSION_MINOR}.${cryptopp_VERSION_PATCH} COMPATIBILITY SameMajorVersion) + install(FILES cryptopp-config.cmake ${PROJECT_BINARY_DIR}/cryptopp-config-version.cmake DESTINATION "lib/cmake/cryptopp") + install(EXPORT ${export_name} DESTINATION "lib/cmake/cryptopp") endif () # Tests if (BUILD_TESTING) - install(TARGETS cryptest DESTINATION ${CMAKE_INSTALL_BINDIR}) - install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/TestData DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/cryptopp) - install(DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/TestVectors DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/cryptopp) + install(TARGETS cryptest DESTINATION ${CMAKE_INSTALL_BINDIR}) + install(DIRECTORY ${SRC_DIR}/TestData DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/cryptopp) + install(DIRECTORY ${SRC_DIR}/TestVectors DESTINATION ${CMAKE_INSTALL_DATAROOTDIR}/cryptopp) endif () # Documentation if (BUILD_DOCUMENTATION) - install(DIRECTORY "${out_source_DOCS_DIR}" DESTINATION ${CMAKE_INSTALL_DOCDIR}) + install(DIRECTORY "${out_source_DOCS_DIR}" DESTINATION ${CMAKE_INSTALL_DOCDIR}) endif () # Print a configuration summary. We want CXX and CXXFLAGS, but they are not includd in ALL. -if (NOT CMAKE_VERSION VERSION_LESS 3.0.2) - if (CRYPTOPP_I386) - message(STATUS "Platform: i386/i686") - elseif (CRYPTOPP_AMD64) - message(STATUS "Platform: x86_64") - elseif (CRYPTOPP_X32) - message(STATUS "Platform: x86_64-x32") - elseif (CRYPTOPP_ARMHF) - message(STATUS "Platform: armhf") - elseif (CRYPTOPP_ARM) - message(STATUS "Platform: arm") - elseif (CRYPTOPP_AARCH32) - message(STATUS "Platform: Aarch32") - elseif (CRYPTOPP_AARCH64) - message(STATUS "Platform: Aarch64") - elseif (CRYPTOPP_SPARC) - message(STATUS "Platform: Sparc") - elseif (CRYPTOPP_SPARC64) - message(STATUS "Platform: Sparc64") - elseif (CRYPTOPP_POWERPC) - message(STATUS "Platform: PowerPC") - elseif (CRYPTOPP_POWERPC64) - message(STATUS "Platform: PowerPC64") - elseif (CRYPTOPP_MINGW32) - message(STATUS "Platform: MinGW-32") - elseif (CRYPTOPP_MINGW32) - message(STATUS "Platform: MinGW-64") - endif () - if (CRYPTOPP_ARMV7A_NEON) - message(STATUS "NEON: TRUE") - endif () - if (CRYPTOPP_NATIVE_ARCH) - message(STATUS "Native arch: TRUE") - else () - message(STATUS "Native arch: FALSE") - endif () - message(STATUS "Compiler: ${CMAKE_CXX_COMPILER}") - message(STATUS "Flags: ${CMAKE_CXX_FLAGS}") - message(STATUS "Build type: ${CMAKE_BUILD_TYPE}") +if (CRYPTOPP_I386) + message(STATUS "Platform: i386/i686") +elseif (CRYPTOPP_AMD64) + message(STATUS "Platform: x86_64") +elseif (CRYPTOPP_X32) + message(STATUS "Platform: x86_64-x32") +elseif (CRYPTOPP_ARMHF) + message(STATUS "Platform: armhf") +elseif (CRYPTOPP_ARM) + message(STATUS "Platform: arm") +elseif (CRYPTOPP_AARCH32) + message(STATUS "Platform: Aarch32") +elseif (CRYPTOPP_AARCH64) + message(STATUS "Platform: Aarch64") +elseif (CRYPTOPP_SPARC) + message(STATUS "Platform: Sparc") +elseif (CRYPTOPP_SPARC64) + message(STATUS "Platform: Sparc64") +elseif (CRYPTOPP_POWERPC) + message(STATUS "Platform: PowerPC") +elseif (CRYPTOPP_POWERPC64) + message(STATUS "Platform: PowerPC-64") +elseif (CRYPTOPP_MINGW32) + message(STATUS "Platform: MinGW-32") +elseif (CRYPTOPP_MINGW32) + message(STATUS "Platform: MinGW-64") endif () +if (CRYPTOPP_ARMV7A_NEON) + message(STATUS "NEON: TRUE") +endif () +if (CRYPTOPP_NATIVE_ARCH) + message(STATUS "Native arch: TRUE") +else () + message(STATUS "Native arch: FALSE") +endif () +message(STATUS "Compiler: ${CMAKE_CXX_COMPILER}") +message(STATUS "Compiler options: ${CMAKE_CXX_FLAGS} ${CRYPTOPP_COMPILE_OPTIONS}") +message(STATUS "Compiler definitions: ${CRYPTOPP_COMPILE_DEFINITIONS}") +message(STATUS "Build type: ${CMAKE_BUILD_TYPE}") diff --git a/vendor/cryptopp/vendor_cryptopp/Doxyfile b/vendor/cryptopp/vendor_cryptopp/Doxyfile index afc05177..2d26653f 100644 --- a/vendor/cryptopp/vendor_cryptopp/Doxyfile +++ b/vendor/cryptopp/vendor_cryptopp/Doxyfile @@ -41,7 +41,7 @@ PROJECT_NAME = Crypto++ # could be handy for archiving the generated documentation or if some version # control system is used. -PROJECT_NUMBER = 7.0 +PROJECT_NUMBER = 8.0 # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a @@ -1225,8 +1225,7 @@ DOCSET_PUBLISHER_NAME = Crypto++ # compressed HTML files. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. - -GENERATE_HTMLHELP = YES +GENERATE_HTMLHELP = NO # The CHM_FILE tag can be used to specify the file name of the resulting .chm # file. You can add a path in front of the file if the result should not be @@ -1494,7 +1493,10 @@ MATHJAX_CODEFILE = # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. -SEARCHENGINE = NO +# JW: Do _not_ enable server-side search. It consumes too many resources +# and results in OOM Kills on MySQL, which corrupts the database. +# https://github.com/weidai11/cryptopp/issues/720 +SEARCHENGINE = NO # When the SERVER_BASED_SEARCH tag is enabled the search engine will be # implemented using a web server instead of a web client using Javascript. There @@ -1506,7 +1508,10 @@ SEARCHENGINE = NO # The default value is: NO. # This tag requires that the tag SEARCHENGINE is set to YES. -SERVER_BASED_SEARCH = NO +# JW: Do _not_ enable server-side search. It consumes too many resources +# and results in OOM Kills on MySQL, which corrupts the database. +# https://github.com/weidai11/cryptopp/issues/720 +SERVER_BASED_SEARCH = NO # When EXTERNAL_SEARCH tag is enabled doxygen will no longer generate the PHP # script for searching. Instead the search results are written to an XML file diff --git a/vendor/cryptopp/vendor_cryptopp/Filelist.txt b/vendor/cryptopp/vendor_cryptopp/Filelist.txt index 50882710..7c34dc16 100644 --- a/vendor/cryptopp/vendor_cryptopp/Filelist.txt +++ b/vendor/cryptopp/vendor_cryptopp/Filelist.txt @@ -1,10 +1,12 @@ 3way.cpp 3way.h adhoc.cpp.proto -adv-simd.h +adv_simd.h adler32.cpp adler32.h aes.h +aes_armv4.h +aes_armv4.S algebra.cpp algebra.h algparam.cpp @@ -13,7 +15,7 @@ arc4.cpp arc4.h ariatab.cpp aria.cpp -aria-simd.cpp +aria_simd.cpp aria.h argnames.h asn.cpp @@ -30,9 +32,11 @@ bench.h bds10.zip bench1.cpp bench2.cpp +bench3.cpp bfinit.cpp blake2.cpp -blake2-simd.cpp +blake2s_simd.cpp +blake2b_simd.cpp blake2.h blowfish.cpp blowfish.h @@ -48,7 +52,12 @@ cbcmac.h ccm.cpp ccm.h chacha.cpp +chacha_avx.cpp +chacha_simd.cpp chacha.h +cham.cpp +cham_simd.cpp +cham.h channels.cpp channels.h cmac.cpp @@ -57,7 +66,7 @@ config.h cpu.cpp cpu.h crc.cpp -crc-simd.cpp +crc_simd.cpp crc.h cryptdll.vcxproj cryptdll.vcxproj.filters @@ -73,6 +82,8 @@ cryptlib.h cryptlib.vcxproj cryptlib.vcxproj.filters cryptopp.rc +darn.cpp +darn.h datatest.cpp default.cpp default.h @@ -90,6 +101,13 @@ dlltest.vcxproj dlltest.vcxproj.filters dmac.h drbg.h +donna.h +donna_32.h +donna_64.h +donna_sse.h +donna_32.cpp +donna_64.cpp +donna_sse.cpp dsa.cpp dsa.h eax.cpp @@ -121,7 +139,7 @@ fips140.h fipsalgt.cpp fipstest.cpp fltrimpl.h -gcm-simd.cpp +gcm_simd.cpp gcm.cpp gcm.h gf256.cpp @@ -137,8 +155,14 @@ gost.h gzip.cpp gzip.h hashfwd.h +hc128.cpp +hc128.h +hc256.cpp +hc256.h hex.cpp hex.h +hight.h +hight.cpp hkdf.h hmac.cpp hmac.h @@ -159,7 +183,12 @@ kalyna.cpp kalyna.h keccak.cpp keccak.h +keccakc.cpp +keccakc.h lubyrack.h +lea.cpp +lea_simd.cpp +lea.h luc.cpp luc.h mars.cpp @@ -186,9 +215,7 @@ mqv.h naclite.h nbtheory.cpp nbtheory.h -neon-simd.cpp -network.cpp -network.h +neon_simd.cpp nr.h oaep.cpp oaep.h @@ -208,8 +235,11 @@ poly1305.cpp poly1305.h polynomi.cpp polynomi.h -ppc-simd.h -ppc-simd.cpp +ppc_power7.cpp +ppc_power8.cpp +ppc_power9.cpp +ppc_simd.cpp +ppc_simd.h pssr.cpp pssr.h pubkey.cpp @@ -221,6 +251,8 @@ rabin.cpp rabin.h randpool.cpp randpool.h +rabbit.cpp +rabbit.h rc2.cpp rc2.h rc5.cpp @@ -237,9 +269,10 @@ rdtables.cpp regtest1.cpp regtest2.cpp regtest3.cpp +regtest4.cpp resource.h rijndael.cpp -rijndael-simd.cpp +rijndael_simd.cpp rijndael.h ripemd.cpp ripemd.h @@ -265,12 +298,12 @@ serpent.cpp serpent.h serpentp.h sha.cpp -sha-simd.cpp +sha_simd.cpp sha.h sha3.cpp sha3.h shacal2.cpp -shacal2-simd.cpp +shacal2_simd.cpp shacal2.h shark.cpp shark.h @@ -278,27 +311,31 @@ sharkbox.cpp simple.cpp simple.h siphash.h +simeck.cpp +simeck_simd.cpp +simeck.h simon.cpp -simon-simd.cpp +simon64_simd.cpp +simon128_simd.cpp simon.h skipjack.cpp skipjack.h sm3.cpp sm3.h sm4.cpp +sm4_simd.cpp sm4.h smartptr.h -socketft.cpp -socketft.h sosemanuk.cpp sosemanuk.h speck.cpp -speck-simd.cpp +speck64_simd.cpp +speck128_simd.cpp speck.h square.cpp square.h squaretb.cpp -sse-simd.cpp +sse_simd.cpp stdcpp.h strciphr.cpp strciphr.h @@ -312,8 +349,6 @@ threefish.h tiger.cpp tiger.h tigertab.cpp -trdlocal.cpp -trdlocal.h trunhash.h ttmac.cpp ttmac.h @@ -326,21 +361,25 @@ validat1.cpp validat2.cpp validat3.cpp validat4.cpp +validat5.cpp +validat6.cpp +validat7.cpp +validat8.cpp +validat9.cpp +validat10.cpp validate.h vmac.cpp vmac.h vs2005.zip -wait.cpp -wait.h wake.cpp wake.h whrlpool.cpp whrlpool.h -winpipes.cpp -winpipes.h words.h x64dll.asm x64masm.asm +xed25519.h +xed25519.cpp xtr.cpp xtr.h xtrcrypt.cpp @@ -366,6 +405,8 @@ TestData/aria.dat TestData/camellia.dat TestData/cast128v.dat TestData/cast256v.dat +TestData/defdmac1.bin +TestData/defdmac2.bin TestData/descert.dat TestData/dh1024.dat TestData/dh2048.dat @@ -374,6 +415,10 @@ TestData/dlie2048.dat TestData/dsa1024.dat TestData/dsa1024b.dat TestData/dsa512.dat +TestData/ed25519.dat +TestData/ed25519_ver.dat +TestData/ed25519v0.dat +TestData/ed25519v1.dat TestData/elgc1024.dat TestData/esig1023.dat TestData/esig1536.dat @@ -409,10 +454,10 @@ TestData/rc6val.dat TestData/rijndael.dat TestData/rsa1024.dat TestData/rsa2048.dat +TestData/rsa2048a.dat TestData/rsa400pb.dat TestData/rsa400pv.dat TestData/rsa512a.dat -TestData/rsa2048a.dat TestData/rw1024.dat TestData/rw2048.dat TestData/saferval.dat @@ -423,57 +468,68 @@ TestData/skipjack.dat TestData/squareva.dat TestData/twofishv.dat TestData/usage.dat +TestData/x25519.dat +TestData/x25519v0.dat +TestData/x25519v1.dat TestData/xtrdh171.dat TestData/xtrdh342.dat -TestVectors/Readme.txt TestVectors/aes.txt TestVectors/all.txt TestVectors/aria.txt TestVectors/blake2.txt TestVectors/blake2b.txt TestVectors/blake2s.txt -TestVectors/aria.txt TestVectors/camellia.txt TestVectors/ccm.txt TestVectors/chacha.txt +TestVectors/chacha_tls.txt +TestVectors/cham.txt TestVectors/cmac.txt TestVectors/dlies.txt TestVectors/dsa.txt TestVectors/dsa_1363.txt +TestVectors/dsa_rfc6979.txt TestVectors/eax.txt TestVectors/esign.txt TestVectors/gcm.txt +TestVectors/hc128.txt +TestVectors/hc256.txt +TestVectors/hight.txt TestVectors/hkdf.txt TestVectors/hmac.txt TestVectors/kalyna.txt TestVectors/keccak.txt +TestVectors/lea.txt TestVectors/mars.txt TestVectors/nr.txt +TestVectors/ocb.txt TestVectors/panama.txt +TestVectors/rabbit.txt +TestVectors/Readme.txt TestVectors/rsa_oaep.txt TestVectors/rsa_pkcs1_1_5.txt TestVectors/rsa_pss.txt -TestVectors/dsa_rfc6979.txt TestVectors/rw.txt TestVectors/salsa.txt TestVectors/seal.txt TestVectors/seed.txt TestVectors/sha.txt -TestVectors/sha2.txt -TestVectors/sha3.txt -TestVectors/sha1_fips_180.txt TestVectors/sha1_160_fips_180.txt -TestVectors/sha2_fips_180.txt +TestVectors/sha1_fips_180.txt +TestVectors/sha2.txt TestVectors/sha2_224_fips_180.txt TestVectors/sha2_256_fips_180.txt TestVectors/sha2_384_fips_180.txt TestVectors/sha2_512_fips_180.txt -TestVectors/sha3_fips_202.txt +TestVectors/sha2_fips_180.txt +TestVectors/sha3.txt TestVectors/sha3_224_fips_202.txt TestVectors/sha3_256_fips_202.txt TestVectors/sha3_384_fips_202.txt TestVectors/sha3_512_fips_202.txt +TestVectors/sha3_fips_202.txt TestVectors/shacal2.txt +TestVectors/simeck.txt TestVectors/simon.txt TestVectors/siphash.txt TestVectors/sm3.txt @@ -486,3 +542,39 @@ TestVectors/ttmac.txt TestVectors/vmac.txt TestVectors/wake.txt TestVectors/whrlpool.txt +TestPrograms/test_32bit.cxx +TestPrograms/test_64bit.cxx +TestPrograms/test_arm_acle.cxx +TestPrograms/test_arm_aes.cxx +TestPrograms/test_arm_asimd.cxx +TestPrograms/test_arm_crc.cxx +TestPrograms/test_arm_neon.cxx +TestPrograms/test_arm_pmull.cxx +TestPrograms/test_arm_sha.cxx +TestPrograms/test_arm_sha3.cxx +TestPrograms/test_arm_sha512.cxx +TestPrograms/test_arm_sm3.cxx +TestPrograms/test_arm_sm4.cxx +TestPrograms/test_cxx.cxx +TestPrograms/test_mixed_asm.cxx +TestPrograms/test_newlib.cxx +TestPrograms/test_ppc_aes.cxx +TestPrograms/test_ppc_altivec.cxx +TestPrograms/test_ppc_power7.cxx +TestPrograms/test_ppc_power8.cxx +TestPrograms/test_ppc_power9.cxx +TestPrograms/test_ppc_sha.cxx +TestPrograms/test_ppc_vmull.cxx +TestPrograms/test_pthreads.cxx +TestPrograms/test_x86_aes.cxx +TestPrograms/test_x86_avx.cxx +TestPrograms/test_x86_avx2.cxx +TestPrograms/test_x86_avx512.cxx +TestPrograms/test_x86_clmul.cxx +TestPrograms/test_x86_cpuid.cxx +TestPrograms/test_x86_sha.cxx +TestPrograms/test_x86_sse2.cxx +TestPrograms/test_x86_sse3.cxx +TestPrograms/test_x86_sse41.cxx +TestPrograms/test_x86_sse42.cxx +TestPrograms/test_x86_ssse3.cxx diff --git a/vendor/cryptopp/vendor_cryptopp/GNUmakefile b/vendor/cryptopp/vendor_cryptopp/GNUmakefile index 6d696359..5633115f 100755 --- a/vendor/cryptopp/vendor_cryptopp/GNUmakefile +++ b/vendor/cryptopp/vendor_cryptopp/GNUmakefile @@ -1,3 +1,4 @@ + ########################################################### ##### System Attributes and Programs ##### ########################################################### @@ -11,6 +12,9 @@ SHELL = /bin/sh TMPDIR ?= /tmp # Used for ARMv7 and NEON. FP_ABI ?= hard +# Used for feature tests +TOUT ?= a.out +TOUT := $(strip $(TOUT)) # Command and arguments AR ?= ar @@ -30,15 +34,15 @@ INSTALL = install INSTALL_PROGRAM = $(INSTALL) INSTALL_DATA = $(INSTALL) -m 644 -# Solaris provides a non-Posix shell at /usr/bin -ifneq ($(wildcard /usr/xpg4/bin),) +# Solaris provides a non-Posix grep at /usr/bin +ifneq ($(wildcard /usr/xpg4/bin/grep),) GREP ?= /usr/xpg4/bin/grep else GREP ?= grep endif -# Attempt to determine host machine, fallback to "this" machine. -# The host machine is the one the package runs on. Most people +# Attempt to determine target machine, fallback to "this" machine. +# The target machine is the one the package runs on. Most people # call this the "target", but not Autotools. HOSTX := $(shell $(CXX) $(CXXFLAGS) -dumpmachine 2>/dev/null | cut -f 1 -d '-') ifeq ($(HOSTX),) @@ -48,24 +52,27 @@ endif IS_X86 := $(shell echo "$(HOSTX)" | $(GREP) -v "64" | $(GREP) -i -c -E 'i.86|x86|i86') IS_X64 := $(shell echo "$(HOSTX)" | $(GREP) -i -c -E '_64|d64') IS_PPC32 := $(shell echo "$(HOSTX)" | $(GREP) -v "64" | $(GREP) -i -c -E 'ppc|power') -IS_PPC64 := $(shell echo "$(HOSTX)" | $(GREP) -i -c -E 'ppc64|power64') +IS_PPC64 := $(shell echo "$(HOSTX)" | $(GREP) -i -c -E 'ppc64|powerpc64|power64') +IS_SPARC32 := $(shell echo "$(HOSTX)" | $(GREP) -v "64" | $(GREP) -i -c -E 'sun|sparc') +IS_SPARC64 := $(shell echo "$(HOSTX)" | $(GREP) -i -c -E 'sun|sparc64') IS_ARM32 := $(shell echo "$(HOSTX)" | $(GREP) -i -c -E 'arm|armhf|arm7l|eabihf') -IS_ARMV8 := $(shell echo "$(HOSTX)" | $(GREP) -i -c -E 'aarch32|aarch64') -IS_SPARC32 := $(shell echo "$(HOSTX)" | $(GREP) -v "64" | $(GREP) -i -c 'sparc') -IS_SPARC64 := $(shell echo "$(HOSTX)" | $(GREP) -i -c 'sparc64') +IS_ARMV8 := $(shell echo "$(HOSTX)" | $(GREP) -i -c -E 'aarch32|aarch64|arm64|armv8') IS_NEON := $(shell $(CXX) $(CXXFLAGS) -dumpmachine 2>/dev/null | $(GREP) -i -c -E 'armv7|armhf|arm7l|eabihf|armv8|aarch32|aarch64') +# Attempt to determine platform SYSTEMX := $(shell $(CXX) $(CXXFLAGS) -dumpmachine 2>/dev/null) +ifeq ($(SYSTEMX),) + SYSTEMX := $(shell uname -s 2>/dev/null) +endif + IS_LINUX := $(shell echo "$(SYSTEMX)" | $(GREP) -i -c "Linux") IS_MINGW := $(shell echo "$(SYSTEMX)" | $(GREP) -i -c "MinGW") IS_CYGWIN := $(shell echo "$(SYSTEMX)" | $(GREP) -i -c "Cygwin") IS_DARWIN := $(shell echo "$(SYSTEMX)" | $(GREP) -i -c "Darwin") IS_NETBSD := $(shell echo "$(SYSTEMX)" | $(GREP) -i -c "NetBSD") - -UNAMEX := $(shell uname -s 2>&1) -IS_AIX := $(shell echo "$(UNAMEX)" | $(GREP) -i -c "aix") -IS_SUN := $(shell echo "$(UNAMEX)" | $(GREP) -i -c "SunOS") +IS_AIX := $(shell echo "$(SYSTEMX)" | $(GREP) -i -c "aix") +IS_SUN := $(shell echo "$(SYSTEMX)" | $(GREP) -i -c -E "SunOS|Solaris") SUN_COMPILER := $(shell $(CXX) -V 2>&1 | $(GREP) -i -c -E 'CC: (Sun|Studio)') GCC_COMPILER := $(shell $(CXX) --version 2>/dev/null | $(GREP) -v -E '(llvm|clang)' | $(GREP) -i -c -E '(gcc|g\+\+)') @@ -82,37 +89,65 @@ ifeq ($(IS_DARWIN),1) endif endif -# Sun Studio 12.0 provides SunCC 0x0510; and Sun Studio 12.3 provides SunCC 0x0512 -SUNCC_VERSION := $(subst `,',$(shell $(CXX) -V 2>&1)) -SUNCC_510_OR_LATER := $(shell echo "$(SUNCC_VERSION)" | $(GREP) -i -c -E "CC: (Sun|Studio) .* (5\.1[0-9]|5\.[2-9]|6\.)") -SUNCC_511_OR_LATER := $(shell echo "$(SUNCC_VERSION)" | $(GREP) -i -c -E "CC: (Sun|Studio) .* (5\.1[1-9]|5\.[2-9]|6\.)") -SUNCC_512_OR_LATER := $(shell echo "$(SUNCC_VERSION)" | $(GREP) -i -c -E "CC: (Sun|Studio) .* (5\.1[2-9]|5\.[2-9]|6\.)") -SUNCC_513_OR_LATER := $(shell echo "$(SUNCC_VERSION)" | $(GREP) -i -c -E "CC: (Sun|Studio) .* (5\.1[3-9]|5\.[2-9]|6\.)") +# Enable shared object versioning for Linux and Solaris +HAS_SOLIB_VERSION ?= 0 +ifneq ($(IS_LINUX)$(IS_SUN),00) + HAS_SOLIB_VERSION := 1 +endif -# Enable shared object versioning for Linux -HAS_SOLIB_VERSION := $(IS_LINUX) +# Formely adhoc.cpp was created from adhoc.cpp.proto when needed. +ifeq ($(wildcard adhoc.cpp),) +$(shell cp adhoc.cpp.proto adhoc.cpp) +endif -# Fixup SunOS -ifeq ($(IS_SUN),1) -IS_X86 := $(shell isainfo -k 2>/dev/null | $(GREP) -i -c "i386") -IS_X64 := $(shell isainfo -k 2>/dev/null | $(GREP) -i -c "amd64") +# Tell MacPorts and Homebrew GCC to use Clang integrated assembler +# http://github.com/weidai11/cryptopp/issues/190 +ifeq ($(GCC_COMPILER)$(OSXPORT_COMPILER),11) + ifeq ($(findstring -Wa,-q,$(CXXFLAGS)),) + CXXFLAGS += -Wa,-q + endif +endif + +# Hack to skip CPU feature tests for some recipes +DETECT_FEATURES ?= 1 +ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),-DCRYPTOPP_DISABLE_ASM) + DETECT_FEATURES := 0 +else ifeq ($(findstring clean,$(MAKECMDGOALS)),clean) + DETECT_FEATURES := 0 +else ifeq ($(findstring distclean,$(MAKECMDGOALS)),distclean) + DETECT_FEATURES := 0 +else ifeq ($(findstring distclean,$(MAKECMDGOALS)),trim) + DETECT_FEATURES := 0 +endif + +# Strip out -Wall, -Wextra and friends for feature testing +ifeq ($(DETECT_FEATURES),1) + TCXXFLAGS := $(filter-out -Wall -Wextra -Werror% -Wunused -Wconversion -Wp%, $(CXXFLAGS)) + ifneq ($(strip $(TCXXFLAGS)),) + $(info Using testing flags: $(TCXXFLAGS)) + endif endif # Fixup AIX ifeq ($(IS_AIX),1) - # https://www-01.ibm.com/support/docview.wss?uid=swg21256116 - IS_64BIT := $(shell getconf KERNEL_BITMODE | $(GREP) -i -c "64") - ifeq ($(IS_64BIT),1) - IS_PPC32 := 0 - IS_PPC64 := 1 + TPROG = TestPrograms/test_64bit.cxx + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + IS_PPC64=1 else - IS_PPC32 := 1 - IS_PPC64 := 0 + IS_PPC32=1 endif endif -# Newlib needs _XOPEN_SOURCE=600 for signals -HAS_NEWLIB := $(shell $(CXX) -x c++ $(CXXFLAGS) -dM -E adhoc.cpp.proto 2>&1 | $(GREP) -i -c "__NEWLIB__") +# libc++ is LLVM's standard C++ library. If we add libc++ +# here then all user programs must use it too. The open +# question is, which choice is easier on users? +ifneq ($(IS_DARWIN),0) + CXX ?= c++ + # CXXFLAGS += -stdlib=libc++ + AR = libtool + ARFLAGS = -static -o +endif ########################################################### ##### General Variables ##### @@ -120,13 +155,18 @@ HAS_NEWLIB := $(shell $(CXX) -x c++ $(CXXFLAGS) -dM -E adhoc.cpp.proto 2>&1 | $( # Base CXXFLAGS used if the user did not specify them ifeq ($(SUN_COMPILER),1) - ifeq ($(SUNCC_512_OR_LATER),1) - CXXFLAGS ?= -DNDEBUG -g3 -xO3 - else - CXXFLAGS ?= -DNDEBUG -g -xO3 - endif + CXXFLAGS ?= -DNDEBUG -g -xO3 + ZOPT = -xO0 else CXXFLAGS ?= -DNDEBUG -g2 -O3 + ZOPT = -O0 +endif + +# On ARM we may compile aes_armv4.S though the CC compiler +ifeq ($(GCC_COMPILER),1) + CC=gcc +else ifeq ($(CLANG_COMPILER),1) + CC=clang endif # Default prefix for make install @@ -158,16 +198,10 @@ ifeq ($(ARFLAGS),rv) ARFLAGS = r endif -ifneq ($(HAS_NEWLIB),0) - ifeq ($(findstring -D_XOPEN_SOURCE,$(CXXFLAGS)),) - CXXFLAGS += -D_XOPEN_SOURCE=600 - endif -endif - # Clang integrated assembler will be used with -Wa,-q CLANG_INTEGRATED_ASSEMBLER ?= 0 -# original MinGW targets Win2k by default, but lacks proper Win2k support +# Original MinGW targets Win2k by default, but lacks proper Win2k support # if target Windows version is not specified, use Windows XP instead ifeq ($(IS_MINGW),1) ifeq ($(findstring -D_WIN32_WINNT,$(CXXFLAGS)),) @@ -181,301 +215,578 @@ endif # _WIN32_WINDOWS endif # _WIN32_WINNT endif # IS_MINGW +# Newlib needs _XOPEN_SOURCE=600 for signals +TPROG = TestPrograms/test_newlib.cxx +HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) +ifeq ($(strip $(HAVE_OPT)),0) + ifeq ($(findstring -D_XOPEN_SOURCE,$(CXXFLAGS)),) + CXXFLAGS += -D_XOPEN_SOURCE=600 + endif +endif + ########################################################### ##### X86/X32/X64 Options ##### ########################################################### ifneq ($(IS_X86)$(IS_X64),00) +ifeq ($(DETECT_FEATURES),1) -# Fixup. Clang reports an error rather than "LLVM assembler" or similar. -ifneq ($(OSXPORT_COMPILER),1) - HAVE_GAS := $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(GREP) -c "GNU assembler") -endif - -ifneq ($(GCC_COMPILER),0) - IS_GCC_29 := $(shell $(CXX) -v 2>&1 | $(GREP) -i -c -E gcc-9[0-9][0-9]) - GCC42_OR_LATER := $(shell $(CXX) -v 2>&1 | $(GREP) -i -c -E "gcc version (4\.[2-9]|[5-9]\.)") - GCC46_OR_LATER := $(shell $(CXX) -v 2>&1 | $(GREP) -i -c -E "gcc version (4\.[6-9]|[5-9]\.)") -endif - -ifneq ($(HAVE_GAS),0) - GAS210_OR_LATER := $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(GREP) -c -E "GNU assembler version (2\.[1-9][0-9]|[3-9])") - GAS217_OR_LATER := $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(GREP) -c -E "GNU assembler version (2\.1[7-9]|2\.[2-9]|[3-9])") - GAS218_OR_LATER := $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(GREP) -c -E "GNU assembler version (2\.1[8-9]|2\.[2-9]|[3-9])") - GAS219_OR_LATER := $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(GREP) -c -E "GNU assembler version (2\.19|2\.[2-9]|[3-9])") - GAS224_OR_LATER := $(shell $(CXX) -xc -c /dev/null -Wa,-v -o/dev/null 2>&1 | $(GREP) -c -E "GNU assembler version (2\.2[4-9]|2\.[3-9]|[3-9])") -endif - -ICC111_OR_LATER := $(shell $(CXX) --version 2>&1 | $(GREP) -c -E "\(ICC\) ([2-9][0-9]|1[2-9]|11\.[1-9])") - -# Add -fPIC for targets *except* X86, X32, Cygwin or MinGW -ifeq ($(IS_X86)$(IS_CYGWIN)$(IS_MINGW)$(SUN_COMPILER),0000) - ifeq ($(findstring -fPIC,$(CXXFLAGS)),) - CXXFLAGS += -fPIC - endif -endif - -# .intel_syntax wasn't supported until GNU assembler 2.10 -ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),) -ifeq ($(HAVE_GAS)$(GAS210_OR_LATER),10) -CXXFLAGS += -DCRYPTOPP_DISABLE_ASM -else -ifeq ($(HAVE_GAS)$(GAS217_OR_LATER),10) -CXXFLAGS += -DCRYPTOPP_DISABLE_SSSE3 -else -ifeq ($(HAVE_GAS)$(GAS218_OR_LATER),10) -CXXFLAGS += -DCRYPTOPP_DISABLE_SSE4 -else -ifeq ($(HAVE_GAS)$(GAS219_OR_LATER),10) -CXXFLAGS += -DCRYPTOPP_DISABLE_AESNI -else -ifeq ($(HAVE_GAS)$(GAS224_OR_LATER),10) -CXXFLAGS += -DCRYPTOPP_DISABLE_SHA - -endif # -DCRYPTOPP_DISABLE_SHA -endif # -DCRYPTOPP_DISABLE_AESNI -endif # -DCRYPTOPP_DISABLE_SSE4 -endif # -DCRYPTOPP_DISABLE_SSSE3 -endif # -DCRYPTOPP_DISABLE_ASM -endif # CXXFLAGS - -# SSE2 is a core feature of x86_64 -ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),) - ifeq ($(IS_X86),1) - SSE_FLAG = -msse2 - endif -endif -ifeq ($(findstring -DCRYPTOPP_DISABLE_SSSE3,$(CXXFLAGS)),) - HAVE_SSSE3 = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -mssse3 -dM -E - 2>/dev/null | $(GREP) -i -c __SSSE3__) - ifeq ($(HAVE_SSSE3),1) - ARIA_FLAG = -mssse3 + ifeq ($(SUN_COMPILER),1) + SSE2_FLAG = -xarch=sse2 + SSE3_FLAG = -xarch=sse3 + SSSE3_FLAG = -xarch=ssse3 + SSE41_FLAG = -xarch=sse4_1 + SSE42_FLAG = -xarch=sse4_2 + CLMUL_FLAG = -xarch=aes + AESNI_FLAG = -xarch=aes + AVX_FLAG = -xarch=avx + AVX2_FLAG = -xarch=avx2 + SHANI_FLAG = -xarch=sha + else + SSE2_FLAG = -msse2 + SSE3_FLAG = -msse3 SSSE3_FLAG = -mssse3 - SIMON_FLAG = -mssse3 - SPECK_FLAG = -mssse3 + SSE41_FLAG = -msse4.1 + SSE42_FLAG = -msse4.2 + CLMUL_FLAG = -mpclmul + AESNI_FLAG = -maes + AVX_FLAG = -mavx + AVX2_FLAG = -mavx2 + SHANI_FLAG = -msha endif -ifeq ($(findstring -DCRYPTOPP_DISABLE_SSE4,$(CXXFLAGS)),) - HAVE_SSE4 = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -msse4.1 -dM -E - 2>/dev/null | $(GREP) -i -c __SSE4_1__) - ifeq ($(HAVE_SSE4),1) - BLAKE2_FLAG = -msse4.1 - SIMON_FLAG = -msse4.1 - SPECK_FLAG = -msse4.1 - endif - HAVE_SSE4 = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -msse4.2 -dM -E - 2>/dev/null | $(GREP) -i -c __SSE4_2__) - ifeq ($(HAVE_SSE4),1) - CRC_FLAG = -msse4.2 - endif -ifeq ($(findstring -DCRYPTOPP_DISABLE_AESNI,$(CXXFLAGS)),) - HAVE_CLMUL = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -mssse3 -mpclmul -dM -E - 2>/dev/null | $(GREP) -i -c __PCLMUL__ ) - ifeq ($(HAVE_CLMUL),1) - GCM_FLAG = -mssse3 -mpclmul - endif - HAVE_AES = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -msse4.1 -maes -dM -E - 2>/dev/null | $(GREP) -i -c __AES__) - ifeq ($(HAVE_AES),1) - AES_FLAG = -msse4.1 -maes - endif -ifeq ($(findstring -DCRYPTOPP_DISABLE_SHA,$(CXXFLAGS)),) - HAVE_SHA = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -msse4.2 -msha -dM -E - 2>/dev/null | $(GREP) -i -c __SHA__) - ifeq ($(HAVE_SHA),1) - SHA_FLAG = -msse4.2 -msha - endif -endif # -DCRYPTOPP_DISABLE_SHA -endif # -DCRYPTOPP_DISABLE_AESNI -endif # -DCRYPTOPP_DISABLE_SSE4 -endif # -DCRYPTOPP_DISABLE_SSSE3 -# Begin SunCC -ifeq ($(SUN_COMPILER),1) - COUNT := $(shell $(CXX) $(CXXFLAGS) -E -xarch=ssse3 -xdumpmacros /dev/null 2>&1 | $(GREP) -i -c "illegal") - ifeq ($(COUNT),0) - SSSE3_FLAG = -xarch=ssse3 -D__SSSE3__=1 - ARIA_FLAG = -xarch=ssse3 -D__SSSE3__=1 - SIMON_FLAG = -xarch=ssse3 -D__SSSE3__=1 - SPECK_FLAG = -xarch=ssse3 -D__SSSE3__=1 - LDFLAGS += -xarch=ssse3 + TPROG = TestPrograms/test_x86_sse2.cxx + TOPT = $(SSE2_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + CHACHA_FLAG = $(SSE2_FLAG) + SUN_LDFLAGS += $(SSE2_FLAG) + else + SSE2_FLAG = endif - COUNT := $(shell $(CXX) $(CXXFLAGS) -E -xarch=sse4_1 -xdumpmacros /dev/null 2>&1 | $(GREP) -i -c "illegal") - ifeq ($(COUNT),0) - BLAKE2_FLAG = -xarch=sse4_1 -D__SSE4_1__=1 - SIMON_FLAG = -xarch=sse4_1 -D__SSE4_1__=1 - SPECK_FLAG = -xarch=sse4_1 -D__SSE4_1__=1 - LDFLAGS += -xarch=sse4_1 + + TPROG = TestPrograms/test_x86_ssse3.cxx + TOPT = $(SSSE3_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + ARIA_FLAG = $(SSSE3_FLAG) + CHAM_FLAG = $(SSSE3_FLAG) + LEA_FLAG = $(SSSE3_FLAG) + SIMECK_FLAG = $(SSSE3_FLAG) + SIMON64_FLAG = $(SSSE3_FLAG) + SIMON128_FLAG = $(SSSE3_FLAG) + SPECK64_FLAG = $(SSSE3_FLAG) + SPECK128_FLAG = $(SSSE3_FLAG) + SUN_LDFLAGS += $(SSSE3_FLAG) + else + SSSE3_FLAG = endif - COUNT := $(shell $(CXX) $(CXXFLAGS) -E -xarch=sse4_2 -xdumpmacros /dev/null 2>&1 | $(GREP) -i -c "illegal") - ifeq ($(COUNT),0) - CRC_FLAG = -xarch=sse4_2 -D__SSE4_2__=1 - LDFLAGS += -xarch=sse4_2 + + TPROG = TestPrograms/test_x86_sse41.cxx + TOPT = $(SSE41_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + BLAKE2B_FLAG = $(SSE41_FLAG) + BLAKE2S_FLAG = $(SSE41_FLAG) + SIMON64_FLAG = $(SSE41_FLAG) + SPECK64_FLAG = $(SSE41_FLAG) + SUN_LDFLAGS += $(SSE41_FLAG) + else + SSE41_FLAG = endif - COUNT := $(shell $(CXX) $(CXXFLAGS) -E -xarch=aes -xdumpmacros /dev/null 2>&1 | $(GREP) -i -c "illegal") - ifeq ($(COUNT),0) - GCM_FLAG = -xarch=aes -D__PCLMUL__=1 - AES_FLAG = -xarch=aes -D__AES__=1 - LDFLAGS += -xarch=aes + + TPROG = TestPrograms/test_x86_sse42.cxx + TOPT = $(SSE42_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + CRC_FLAG = $(SSE42_FLAG) + SUN_LDFLAGS += $(SSE42_FLAG) + else + SSE42_FLAG = endif - COUNT := $(shell $(CXX) $(CXXFLAGS) -E -xarch=sha -xdumpmacros /dev/null 2>&1 | $(GREP) -i -c "illegal") - ifeq ($(COUNT),0) - SHA_FLAG = -xarch=sha -D__SHA__=1 - LDFLAGS += -xarch=sha + + TPROG = TestPrograms/test_x86_clmul.cxx + TOPT = $(CLMUL_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + GCM_FLAG = $(SSSE3_FLAG) $(CLMUL_FLAG) + SUN_LDFLAGS += $(CLMUL_FLAG) + else + CLMUL_FLAG = endif + + TPROG = TestPrograms/test_x86_aes.cxx + TOPT = $(AESNI_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + AES_FLAG = $(SSE41_FLAG) $(AESNI_FLAG) + SM4_FLAG = $(SSSE3_FLAG) $(AESNI_FLAG) + SUN_LDFLAGS += $(AESNI_FLAG) + else + AESNI_FLAG = + endif + + TPROG = TestPrograms/test_x86_avx.cxx + TOPT = $(AVX_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + # XXX_FLAG = $(AVX_FLAG) + SUN_LDFLAGS += $(AVX_FLAG) + else + AVX_FLAG = + endif + + TPROG = TestPrograms/test_x86_avx2.cxx + TOPT = $(AVX2_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + CHACHA_AVX2_FLAG = $(AVX2_FLAG) + SUN_LDFLAGS += $(AVX2_FLAG) + else + AVX2_FLAG = + endif + + TPROG = TestPrograms/test_x86_sha.cxx + TOPT = $(SHANI_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + SHA_FLAG = $(SSE42_FLAG) $(SHANI_FLAG) + SUN_LDFLAGS += $(SHANI_FLAG) + else + SHANI_FLAG = + endif + + ifeq ($(SUN_COMPILER),1) + LDFLAGS += $(SUN_LDFLAGS) + endif + + ifeq ($(SSE2_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_ASM + else ifeq ($(SSE3_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_SSE3 + else ifeq ($(SSSE3_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_SSSE3 + else ifeq ($(SSE41_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_SSE4 + else ifeq ($(SSE42_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_SSE4 + endif + + ifneq ($(SSE42_FLAG),) + + # Unusual GCC/Clang on Macports. It assembles AES, but not CLMUL. + # test_x86_clmul.s:15: no such instruction: 'pclmulqdq $0, %xmm1,%xmm0' + ifeq ($(CLMUL_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_CLMUL + endif + ifeq ($(AESNI_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_AESNI + endif + + ifeq ($(AVX_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_AVX + else ifeq ($(AVX2_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_AVX2 + else ifeq ($(SHANI_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_SHANI + endif + endif + +# DETECT_FEATURES endif -# End SunCC ifneq ($(INTEL_COMPILER),0) CXXFLAGS += -wd68 -wd186 -wd279 -wd327 -wd161 -wd3180 + + ICC111_OR_LATER := $(shell $(CXX) --version 2>&1 | $(GREP) -c -E "\(ICC\) ([2-9][0-9]|1[2-9]|11\.[1-9])") ifeq ($(ICC111_OR_LATER),0) - # "internal error: backend signals" occurs on some x86 inline assembly with ICC 9 and some x64 inline assembly with ICC 11.0 - # if you want to use Crypto++'s assembly code with ICC, try enabling it on individual files + # "internal error: backend signals" occurs on some x86 inline assembly with ICC 9 and + # some x64 inline assembly with ICC 11.0. If you want to use Crypto++'s assembly code + # with ICC, try enabling it on individual files CXXFLAGS += -DCRYPTOPP_DISABLE_ASM endif endif -# Tell MacPorts and Homebrew GCC to use Clang integrated assembler -# http://github.com/weidai11/cryptopp/issues/190 -ifeq ($(GCC_COMPILER)$(OSXPORT_COMPILER),11) - ifeq ($(findstring -Wa,-q,$(CXXFLAGS)),) - CXXFLAGS += -Wa,-q - endif - ifeq ($(findstring -DCRYPTOPP_CLANG_INTEGRATED_ASSEMBLER,$(CXXFLAGS)),) - CLANG_INTEGRATED_ASSEMBLER := 1 - CXXFLAGS += -DCRYPTOPP_CLANG_INTEGRATED_ASSEMBLER=1 - endif -endif - -# GCC on Solaris needs -m64. Otherwise, i386 is default -# http://github.com/weidai11/cryptopp/issues/230 -HAVE_BITS=$(shell echo $(CXXFLAGS) | $(GREP) -i -c -E '\-m32|\-m64') -ifeq ($(IS_SUN)$(GCC_COMPILER)$(IS_X64)$(HAVE_BITS),1110) - CXXFLAGS += -m64 -endif - # Allow use of "/" operator for GNU Assembler. # http://sourceware.org/bugzilla/show_bug.cgi?id=4572 ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),) -ifeq ($(IS_SUN)$(GCC_COMPILER),11) -CXXFLAGS += -Wa,--divide -endif -endif - -else - -########################################################### -##### Not X86/X32/X64 ##### -########################################################### - -# Add PIC -ifeq ($(findstring -fPIC,$(CXXFLAGS)),) - CXXFLAGS += -fPIC -endif - -ifeq ($(IS_NEON),1) - HAVE_NEON = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon -dM -E - 2>/dev/null | $(GREP) -i -c -E '\<__ARM_NEON\>') - ifeq ($(HAVE_NEON),1) - NEON_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon - AES_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon - GCM_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon - ARIA_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon - BLAKE2_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon - SIMON_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon - SPECK_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + ifeq ($(IS_SUN)$(GCC_COMPILER),11) + CXXFLAGS += -Wa,--divide endif endif +# Most Clang cannot handle mixed asm with positional arguments, where the +# body is Intel style with no prefix and the templates are AT&T style. +# Also see https://bugs.llvm.org/show_bug.cgi?id=39895 . +TPROG = TestPrograms/test_mixed_asm.cxx +HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) +ifneq ($(strip $(HAVE_OPT)),0) + CXXFLAGS += -DCRYPTOPP_DISABLE_MIXED_ASM +endif + +# IS_X86, IS_X32 and IS_X64 +endif + +########################################################### +##### ARM A-32, Aach64 and NEON ##### +########################################################### + +ifneq ($(IS_ARM32)$(IS_ARMV8)$(IS_NEON),000) +ifeq ($(DETECT_FEATURES),1) + +ifeq ($(IS_ARM32)$(IS_NEON),11) + + TPROG = TestPrograms/test_arm_neon.cxx + TOPT = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + NEON_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + ARIA_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + AES_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + CRC_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + GCM_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + BLAKE2B_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + BLAKE2S_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + CHACHA_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + CHAM_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + LEA_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + SHA_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + SIMECK_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + SIMON64_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + SIMON128_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + SPECK64_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + SPECK128_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + SM4_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + else + CXXFLAGS += -DCRYPTOPP_DISABLE_ASM + endif + +# IS_NEON +endif + ifeq ($(IS_ARMV8),1) - HAVE_NEON = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -march=armv8-a -dM -E - 2>/dev/null | $(GREP) -i -c __ARM_NEON) - ifeq ($(HAVE_NEON),1) + + TPROG = TestPrograms/test_arm_acle.cxx + TOPT = -march=armv8-a + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + ACLE_FLAG += -DCRYPTOPP_ARM_ACLE_AVAILABLE=1 + else + CXXFLAGS += -DCRYPTOPP_ARM_ACLE_AVAILABLE=0 + endif + + TPROG = TestPrograms/test_arm_asimd.cxx + TOPT = -march=armv8-a + HAVE_OPT = $(shell $(CXX) $(CXXFLAGS) $(ACLE_FLAG) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + ASIMD_FLAG = -march=armv8-a ARIA_FLAG = -march=armv8-a - BLAKE2_FLAG = -march=armv8-a + BLAKE2B_FLAG = -march=armv8-a + BLAKE2S_FLAG = -march=armv8-a + CHACHA_FLAG = -march=armv8-a + CHAM_FLAG = -march=armv8-a + LEA_FLAG = -march=armv8-a NEON_FLAG = -march=armv8-a - SIMON_FLAG = -march=armv8-a - SPECK_FLAG = -march=armv8-a + SIMECK_FLAG = -march=armv8-a + SIMON64_FLAG = -march=armv8-a + SIMON128_FLAG = -march=armv8-a + SPECK64_FLAG = -march=armv8-a + SPECK128_FLAG = -march=armv8-a + SM4_FLAG = -march=armv8-a + else + CXXFLAGS += -DCRYPTOPP_DISABLE_ASM endif - HAVE_CRC = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -march=armv8-a+crc -dM -E - 2>/dev/null | $(GREP) -i -c __ARM_FEATURE_CRC32) - ifeq ($(HAVE_CRC),1) - CRC_FLAG = -march=armv8-a+crc - endif - HAVE_CRYPTO = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -march=armv8-a+crypto -dM -E - 2>/dev/null | $(GREP) -i -c __ARM_FEATURE_CRYPTO) - ifeq ($(HAVE_CRYPTO),1) - AES_FLAG = -march=armv8-a+crypto - GCM_FLAG = -march=armv8-a+crypto - SHA_FLAG = -march=armv8-a+crypto + + ifneq ($(ASIMD_FLAG),) + TPROG = TestPrograms/test_arm_crc.cxx + TOPT = -march=armv8-a+crc + HAVE_OPT = $(shell $(CXX) $(CXXFLAGS) $(ACLE_FLAG) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + CRC_FLAG = -march=armv8-a+crc + else + CXXFLAGS += -DCRYPTOPP_ARM_CRC32_AVAILABLE=0 + endif + + TPROG = TestPrograms/test_arm_aes.cxx + TOPT = -march=armv8-a+crypto + HAVE_OPT = $(shell $(CXX) $(CXXFLAGS) $(ACLE_FLAG) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + AES_FLAG = -march=armv8-a+crypto + else + CXXFLAGS += -DCRYPTOPP_ARM_AES_AVAILABLE=0 + endif + + TPROG = TestPrograms/test_arm_pmull.cxx + TOPT = -march=armv8-a+crypto + HAVE_OPT = $(shell $(CXX) $(CXXFLAGS) $(ACLE_FLAG) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + GCM_FLAG = -march=armv8-a+crypto + else + CXXFLAGS += -DCRYPTOPP_ARM_PMULL_AVAILABLE=0 + endif + + TPROG = TestPrograms/test_arm_sha.cxx + TOPT = -march=armv8-a+crypto + HAVE_OPT = $(shell $(CXX) $(CXXFLAGS) $(ACLE_FLAG) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + SHA_FLAG = -march=armv8-a+crypto + else + CXXFLAGS += -DCRYPTOPP_ARM_SHA_AVAILABLE=0 + endif + + TPROG = TestPrograms/test_arm_sm3.cxx + TOPT = -march=armv8.4-a+crypto + HAVE_OPT = $(shell $(CXX) $(CXXFLAGS) $(ACLE_FLAG) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + SM3_FLAG = -march=armv8.4-a+crypto + SM4_FLAG = -march=armv8.4-a+crypto + endif + + TPROG = TestPrograms/test_arm_sha3.cxx + TOPT = -march=armv8.4-a+crypto + HAVE_OPT = $(shell $(CXX) $(CXXFLAGS) $(ACLE_FLAG) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + SHA3_FLAG = -march=armv8.4-a+crypto + endif + + # ASIMD_FLAG endif + +# IS_ARMV8 endif -# PowerPC and PowerPC-64 -# Altivec is available with Power4 -ifneq ($(IS_PPC32)$(IS_PPC64)$(IS_AIX),000) - # GCC and some compatibles - HAVE_ALTIVEC = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -mcpu=power4 -maltivec -dM -E - 2>/dev/null | $(GREP) -i -c '__ALTIVEC__') - ifneq ($(HAVE_ALTIVEC),0) - ALTIVEC_FLAG = -mcpu=power4 -maltivec - ARIA_FLAG = -mcpu=power4 -maltivec - BLAKE2_FLAG = -mcpu=power4 -maltivec - SIMON_FLAG = -mcpu=power4 -maltivec - SPECK_FLAG = -mcpu=power4 -maltivec +# DETECT_FEATURES +endif + +# IS_ARM32, IS_ARMV8, IS_NEON +endif + +########################################################### +##### PowerPC ##### +########################################################### + +# PowerPC and PowerPC-64. Altivec is available with POWER4 with GCC and +# POWER6 with XLC. The tests below are crafted for IBM XLC and the LLVM +# front-end. XLC/LLVM only supplies POWER8 so we have to set the flags for +# XLC/LLVM to POWER8. I've got a feeling LLVM is going to cause trouble. +ifneq ($(IS_PPC32)$(IS_PPC64),00) +ifeq ($(DETECT_FEATURES),1) + + ifeq ($(XLC_COMPILER),1) + POWER9_FLAG = -qarch=pwr9 -qaltivec + POWER8_FLAG = -qarch=pwr8 -qaltivec + POWER7_FLAG = -qarch=pwr7 -qaltivec + POWER6_FLAG = -qarch=pwr6 -qaltivec + POWER5_FLAG = -qarch=pwr5 -qaltivec + POWER4_FLAG = -qarch=pwr4 -qaltivec + ALTIVEC_FLAG = -qaltivec + else + POWER9_FLAG = -mcpu=power9 -maltivec + POWER8_FLAG = -mcpu=power8 -maltivec + POWER7_FLAG = -mcpu=power7 -maltivec + ALTIVEC_FLAG = -maltivec endif - # GCC and some compatibles - HAVE_CRYPTO = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -mcpu=power8 -maltivec -dM -E - 2>/dev/null | $(GREP) -i -c -E '_ARCH_PWR8|_ARCH_PWR9|__CRYPTO') - ifneq ($(HAVE_CRYPTO),0) - ALTIVEC_FLAG = -mcpu=power8 -maltivec - AES_FLAG = -mcpu=power8 -maltivec - GCM_FLAG = -mcpu=power8 -maltivec - SHA_FLAG = -mcpu=power8 -maltivec - SIMON_FLAG = -mcpu=power8 -maltivec - SPECK_FLAG = -mcpu=power8 -maltivec + + # XLC with LLVM front-ends failed to define XLC defines. + #ifeq ($(findstring -qxlcompatmacros,$(CXXFLAGS)),) + # TPROG = TestPrograms/test_ppc_altivec.cxx + # TOPT = -qxlcompatmacros + # HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + # ifeq ($(strip $(HAVE_OPT)),0) + # CXXFLAGS += -qxlcompatmacros + # endif + #endif + + ##################################################################### + # Looking for a POWER8 option + + TPROG = TestPrograms/test_ppc_power9.cxx + TOPT = $(POWER9_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + # DARN_FLAG = $(POWER9_FLAG) + else + POWER9_FLAG = endif - # IBM XL C/C++ - HAVE_ALTIVEC = $(shell $(CXX) $(CXXFLAGS) -qshowmacros -qarch=pwr7 -qaltivec -E adhoc.cpp.proto 2>/dev/null | $(GREP) -i -c '__ALTIVEC__') - ifneq ($(HAVE_ALTIVEC),0) - ALTIVEC_FLAG = -qarch=pwr7 -qaltivec - ARIA_FLAG = -qarch=pwr7 -qaltivec - BLAKE2_FLAG = -qarch=pwr7 -qaltivec - SIMON_FLAG = -qarch=pwr7 -qaltivec - SPECK_FLAG = -qarch=pwr7 -qaltivec + + TPROG = TestPrograms/test_ppc_power8.cxx + TOPT = $(POWER8_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + BLAKE2B_FLAG = $(POWER8_FLAG) + CRC_FLAG = $(POWER8_FLAG) + GCM_FLAG = $(POWER8_FLAG) + AES_FLAG = $(POWER8_FLAG) + SHA_FLAG = $(POWER8_FLAG) + SHACAL2_FLAG = $(POWER8_FLAG) + SIMON128_FLAG = $(POWER8_FLAG) + SPECK128_FLAG = $(POWER8_FLAG) + else + POWER8_FLAG = endif - # IBM XL C/C++ - HAVE_CRYPTO = $(shell $(CXX) $(CXXFLAGS) -qshowmacros -qarch=pwr8 -qaltivec -E adhoc.cpp.proto 2>/dev/null | $(GREP) -i -c -E '_ARCH_PWR8|_ARCH_PWR9|__CRYPTO') - ifneq ($(HAVE_CRYPTO),0) - ALTIVEC_FLAG = -qarch=pwr8 -qaltivec - AES_FLAG = -qarch=pwr8 -qaltivec - GCM_FLAG = -qarch=pwr8 -qaltivec - SHA_FLAG = -qarch=pwr8 -qaltivec - ARIA_FLAG = -qarch=pwr8 -qaltivec - BLAKE2_FLAG = -qarch=pwr8 -qaltivec - SIMON_FLAG = -qarch=pwr8 -qaltivec - SPECK_FLAG = -qarch=pwr8 -qaltivec + + ##################################################################### + # Looking for a POWER7 option + + TPROG = TestPrograms/test_ppc_power7.cxx + TOPT = $(POWER7_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + ARIA_FLAG = $(POWER7_FLAG) + BLAKE2S_FLAG = $(POWER7_FLAG) + CHACHA_FLAG = $(POWER7_FLAG) + CHAM_FLAG = $(POWER7_FLAG) + LEA_FLAG = $(POWER7_FLAG) + SIMECK_FLAG = $(POWER7_FLAG) + SIMON64_FLAG = $(POWER7_FLAG) + SPECK64_FLAG = $(POWER7_FLAG) + else + POWER7_FLAG = endif + + ##################################################################### + # Looking for an Altivec option + + TPROG = TestPrograms/test_ppc_altivec.cxx + TOPT = $(ALTIVEC_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifneq ($(strip $(HAVE_OPT)),0) + ALTIVEC_FLAG = + endif + + # XLC fixup + ifeq ($(XLC_COMPILER)$(ALTIVEC_FLAG),1) + TPROG = TestPrograms/test_ppc_altivec.cxx + TOPT = $(POWER4_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + ALTIVEC_FLAG = $(POWER4_FLAG) + else + TPROG = TestPrograms/test_ppc_altivec.cxx + TOPT = $(POWER5_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + ALTIVEC_FLAG = $(POWER5_FLAG) + else + TPROG = TestPrograms/test_ppc_altivec.cxx + TOPT = $(POWER6_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + ALTIVEC_FLAG = $(POWER6_FLAG) + else + ALTIVEC_FLAG = + endif + endif + endif + endif + + ##################################################################### + # Fixups for algorithms that can drop to a lower ISA, if needed + + # Drop to Power7 if Power8 is not available. + ifeq ($(POWER8_FLAG),) + ifneq ($(POWER7_FLAG),) + GCM_FLAG = $(POWER7_FLAG) + endif + endif + + # Drop to Power4 if Power7 not available + ifeq ($(POWER7_FLAG),) + ifneq ($(ALTIVEC_FLAG),) + BLAKE2S_FLAG = $(ALTIVEC_FLAG) + CHACHA_FLAG = $(ALTIVEC_FLAG) + SIMON64_FLAG = $(ALTIVEC_FLAG) + SPECK64_FLAG = $(ALTIVEC_FLAG) + endif + endif + + ##################################################################### + # Fixups for missing ISAs + + ifeq ($(ALTIVEC_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_ALTIVEC + else ifeq ($(POWER8_FLAG)$(POWER7_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_POWER7 + else ifeq ($(POWER8_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_POWER8 + else ifeq ($(POWER9_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_POWER9 + endif + +# DETECT_FEATURES endif # IBM XL C/C++ compiler ifeq ($(XLC_COMPILER),1) + ifeq ($(findstring -qmaxmem,$(CXXFLAGS)),) + CXXFLAGS += -qmaxmem=-1 + endif # http://www-01.ibm.com/support/docview.wss?uid=swg21007500 ifeq ($(findstring -qrtti,$(CXXFLAGS)),) CXXFLAGS += -qrtti endif - # -fPIC causes link errors dues to unknown option - ifneq ($(findstring -fPIC,$(CXXFLAGS)),) - CXXFLAGS := $(CXXFLAGS:-fPIC=-qpic) - endif - HAVE_BITS=$(shell echo $(CXXFLAGS) | $(GREP) -i -c -E '\-q32|\-q64') - ifeq ($(IS_PPC64)$(XLC_COMPILER)$(HAVE_BITS),110) - CXXFLAGS += -q64 - else - ifeq ($(IS_PPC32)$(XLC_COMPILER)$(HAVE_BITS),110) - CXXFLAGS += -q32 - endif - endif endif -endif # X86, X64, ARM32, ARM64, PPC32, PPC64, etc +# IS_PPC32, IS_PPC64 +endif ########################################################### ##### Common ##### ########################################################### +# Add -fPIC for targets *except* X86, X32, Cygwin or MinGW +ifeq ($(IS_X86)$(IS_CYGWIN)$(IS_MINGW),000) + ifeq ($(findstring -fpic,$(CXXFLAGS))$(findstring -fPIC,$(CXXFLAGS)),) + CXXFLAGS += -fPIC + endif +endif + # Use -pthread whenever it is available. See http://www.hpl.hp.com/techreports/2004/HPL-2004-209.pdf # http://stackoverflow.com/questions/2127797/gcc-significance-of-pthread-flag-when-compiling -ifneq ($(IS_LINUX)$(GCC_COMPILER)$(CLANG_COMPILER)$(INTEL_COMPILER),0000) - CXXFLAGS += -pthread -endif # CXXFLAGS +ifeq ($(DETECT_FEATURES),1) + ifeq ($(XLC_COMPILER),1) + ifeq ($(findstring -qthreaded,$(CXXFLAGS)),) + TPROG = TestPrograms/test_pthreads.cxx + TOPT = -qthreaded + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + CXXFLAGS += -qthreaded + endif # CXXFLAGS + endif # qthreaded + else + ifeq ($(findstring -pthread,$(CXXFLAGS)),) + TPROG = TestPrograms/test_pthreads.cxx + TOPT = -pthread + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + CXXFLAGS += -pthread + endif # CXXFLAGS + endif # pthread + endif # XLC/GCC and friends +endif # DETECT_FEATURES + +# Remove -fPIC if present. SunCC use -KPIC, and needs the larger GOT table +# https://docs.oracle.com/cd/E19205-01/819-5267/bkbaq/index.html +ifeq ($(SUN_COMPILER),1) + CXXFLAGS := $(subst -fPIC,-KPIC,$(CXXFLAGS)) + CXXFLAGS := $(subst -fpic,-KPIC,$(CXXFLAGS)) +endif + +# Remove -fPIC if present. IBM XL C/C++ use -qpic +ifeq ($(XLC_COMPILER),1) + CXXFLAGS := $(subst -fPIC,-qpic,$(CXXFLAGS)) + CXXFLAGS := $(subst -fpic,-qpic,$(CXXFLAGS)) +endif + +# Add -xregs=no%appl SPARC. SunCC should not use certain registers in library code. +# https://docs.oracle.com/cd/E18659_01/html/821-1383/bkamt.html +ifeq ($(IS_SUN)$(SUN_COMPILER),11) + ifneq ($(IS_SPARC32)$(IS_SPARC64),00) + ifeq ($(findstring -xregs=no%appl,$(CXXFLAGS)),) + CXXFLAGS += -xregs=no%appl + endif # -xregs + endif # Sparc +endif # SunOS # Add -pipe for everything except IBM XL C/C++, SunCC and ARM. # Allow ARM-64 because they seems to have >1 GB of memory @@ -496,10 +807,12 @@ ifeq ($(IS_SUN)$(SUN_COMPILER),11) endif # X86/X32/X64 endif # SunOS +# TODO: can we remove this since removing sockets? ifneq ($(IS_MINGW),0) LDLIBS += -lws2_32 endif +# TODO: can we remove this since removing sockets? ifneq ($(IS_SUN),0) LDLIBS += -lnsl -lsocket endif @@ -512,35 +825,14 @@ ifeq ($(IS_LINUX),1) endif # OpenMP endif # IS_LINUX -ifneq ($(IS_DARWIN),0) - AR = libtool - ARFLAGS = -static -o - CXX ?= c++ -endif - # Add -errtags=yes to get the name for a warning suppression ifneq ($(SUN_COMPILER),0) # override flags for CC Sun C++ compiler -IS_64 := $(shell isainfo -b 2>/dev/null | $(GREP) -i -c "64") -HAVE_BITS=$(shell echo $(CXXFLAGS) | $(GREP) -i -c -E '\-m32|\-m64') -ifeq ($(IS_64)$(HAVE_BITS),10) -CXXFLAGS += -m64 -else ifeq ($(IS_64)$(HAVE_BITS),00) -CXXFLAGS += -m32 -endif -# Add for non-i386 -ifneq ($(IS_X86),1) -CXXFLAGS += -KPIC -endif # Add to all Solaris CXXFLAGS += -template=no%extdef -# http://github.com/weidai11/cryptopp/issues/403 -ifneq ($(IS_SPARC32)$(IS_SPARC64),00) -CXXFLAGS += -xmemalign=4i -endif SUN_CC10_BUGGY := $(shell $(CXX) -V 2>&1 | $(GREP) -c -E "CC: Sun .* 5\.10 .* (2009|2010/0[1-4])") ifneq ($(SUN_CC10_BUGGY),0) -# -DCRYPTOPP_INCLUDE_VECTOR_CC is needed for Sun Studio 12u1 Sun C++ 5.10 SunOS_i386 128229-02 2009/09/21 and was fixed in May 2010 -# remove it if you get "already had a body defined" errors in vector.cc +# -DCRYPTOPP_INCLUDE_VECTOR_CC is needed for Sun Studio 12u1 Sun C++ 5.10 SunOS_i386 128229-02 2009/09/21 +# and was fixed in May 2010. Remove it if you get "already had a body defined" errors in vector.cc CXXFLAGS += -DCRYPTOPP_INCLUDE_VECTOR_CC endif AR = $(CXX) @@ -550,20 +842,36 @@ endif # No ASM for Travis testing ifeq ($(findstring no-asm,$(MAKECMDGOALS)),no-asm) -ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),) -CXXFLAGS += -DCRYPTOPP_DISABLE_ASM -endif # CXXFLAGS + ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),) + CXXFLAGS += -DCRYPTOPP_DISABLE_ASM + endif # CXXFLAGS endif # No ASM # Native build testing. Issue 'make native'. ifeq ($(findstring native,$(MAKECMDGOALS)),native) - ifeq ($(findstring -march=native,$(CXXFLAGS)),) - ifeq ($(IS_SUN)$(SUN_COMPILER),11) - CXXFLAGS += -native - else - CXXFLAGS += -march=native - endif # CXXFLAGS - endif # Sun + NATIVE_OPT = + + # Try GCC and compatibles first + TPROG = TestPrograms/test_cxx.cxx + TOPT = -march=native + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + NATIVE_OPT = -march=native + endif # NATIVE_OPT + + # Try SunCC next + ifeq ($(NATIVE_OPT),) + TOPT = -native + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + NATIVE_OPT = -native + endif # NATIVE_OPT + endif + + ifneq ($(NATIVE_OPT),) + CXXFLAGS += $(NATIVE_OPT) + endif + endif # Native # Undefined Behavior Sanitizer (UBsan) testing. Issue 'make ubsan'. @@ -646,7 +954,8 @@ endif # Valgrind # Debug testing on GNU systems. Triggered by -DDEBUG. # Newlib test due to http://sourceware.org/bugzilla/show_bug.cgi?id=20268 ifneq ($(filter -DDEBUG -DDEBUG=1,$(CXXFLAGS)),) - USING_GLIBCXX := $(shell $(CXX) -x c++ $(CXXFLAGS) -E adhoc.cpp.proto 2>&1 | $(GREP) -i -c "__GLIBCXX__") + TPROG = TestPrograms/test_cxx.cxx + USING_GLIBCXX := $(shell $(CXX) $(CXXFLAGS) -E $(TPROG) -o $(TOUT) 2>&1 | $(GREP) -i -c "__GLIBCXX__") ifneq ($(USING_GLIBCXX),0) ifeq ($(HAS_NEWLIB),0) ifeq ($(findstring -D_GLIBCXX_DEBUG,$(CXXFLAGS)),) @@ -654,7 +963,16 @@ ifneq ($(filter -DDEBUG -DDEBUG=1,$(CXXFLAGS)),) endif # CXXFLAGS endif # HAS_NEWLIB endif # USING_GLIBCXX -endif # GNU Debug build + + ifeq ($(XLC_COMPILER),1) + TPROG = TestPrograms/test_cxx.cxx + TOPT = -qheapdebug -qro + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + CXXFLAGS += -qheapdebug -qro + endif # CXXFLAGS + endif # XLC_COMPILER +endif # Debug build # Dead code stripping. Issue 'make lean'. ifeq ($(findstring lean,$(MAKECMDGOALS)),lean) @@ -686,13 +1004,40 @@ ifeq ($(strip $(LIB_PATCH)),) endif ifeq ($(HAS_SOLIB_VERSION),1) -# Full version suffix for shared library -SOLIB_VERSION_SUFFIX=.$(LIB_MAJOR).$(LIB_MINOR).$(LIB_PATCH) # Different patchlevels and minors are compatible since 6.1 SOLIB_COMPAT_SUFFIX=.$(LIB_MAJOR) +# Linux uses -Wl,-soname +ifeq ($(IS_LINUX),1) +# Linux uses full version suffix for shared library +SOLIB_VERSION_SUFFIX=.$(LIB_MAJOR).$(LIB_MINOR).$(LIB_PATCH) SOLIB_FLAGS=-Wl,-soname,libcryptopp.so$(SOLIB_COMPAT_SUFFIX) +endif +# Solaris uses -Wl,-h +ifeq ($(IS_SUN),1) +# Solaris uses major version suffix for shared library, but we use major.minor +# The minor version allows previous version to remain and not overwritten. +# https://blogs.oracle.com/solaris/how-to-name-a-solaris-shared-object-v2 +SOLIB_VERSION_SUFFIX=.$(LIB_MAJOR).$(LIB_MINOR) +SOLIB_FLAGS=-Wl,-h,libcryptopp.so$(SOLIB_COMPAT_SUFFIX) +endif endif # HAS_SOLIB_VERSION +########################################################### +##### Temp file cleanup ##### +########################################################### + +# After this point no more test programs should be run. +# https://github.com/weidai11/cryptopp/issues/738 +ifeq ($(findstring /dev/null,$(TOUT)),) + # $(info TOUT is not /dev/null, cleaning $(TOUT)) + ifeq ($(wildcard $(TOUT)),$(TOUT)) + UNUSED := $(shell $(RM) $(TOUT) 2>/dev/null) + endif + ifeq ($(wildcard $(TOUT).dSYM/),$(TOUT).dSYM/) + UNUSED := $(shell $(RM) -r $(TOUT).dSYM/ 2>/dev/null) + endif +endif + ########################################################### ##### Source and object files ##### ########################################################### @@ -703,24 +1048,35 @@ SRCS := cryptlib.cpp cpu.cpp integer.cpp $(filter-out cryptlib.cpp cpu.cpp integ INCL := $(filter-out resource.h,$(sort $(wildcard *.h))) ifneq ($(IS_MINGW),0) -SRCS += winpipes.cpp INCL += resource.h endif +# Cryptogams AES for ARMv4 and above. We couple to ARMv7. +# Avoid iOS. It cannot consume the assembly. +ifeq ($(IS_ARM32),1) + CRYPTOGAMS_AES_FLAG = -march=armv7-a + CRYPTOGAMS_AES_FLAG += -Wa,--noexecstack + SRCS += aes_armv4.S +endif + # List cryptlib.cpp first, then cpu.cpp, then integer.cpp to tame C++ static initialization problems. OBJS := $(SRCS:.cpp=.o) +OBJS := $(OBJS:.S=.o) # List test.cpp first to tame C++ static initialization problems. -TESTSRCS := adhoc.cpp test.cpp bench1.cpp bench2.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp validat4.cpp datatest.cpp regtest1.cpp regtest2.cpp regtest3.cpp dlltest.cpp fipsalgt.cpp +TESTSRCS := adhoc.cpp test.cpp bench1.cpp bench2.cpp bench3.cpp datatest.cpp dlltest.cpp fipsalgt.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp validat4.cpp validat5.cpp validat6.cpp validat7.cpp validat8.cpp validat9.cpp validat10.cpp regtest1.cpp regtest2.cpp regtest3.cpp regtest4.cpp TESTINCL := bench.h factory.h validate.h + # Test objects TESTOBJS := $(TESTSRCS:.cpp=.o) LIBOBJS := $(filter-out $(TESTOBJS),$(OBJS)) -# List cryptlib.cpp first, then cpu.cpp, then integer.cpp to tame C++ static initialization problems. -DLLSRCS := cryptlib.cpp cpu.cpp integer.cpp 3way.cpp adler32.cpp algebra.cpp algparam.cpp arc4.cpp aria-simd.cpp aria.cpp ariatab.cpp asn.cpp authenc.cpp base32.cpp base64.cpp basecode.cpp bfinit.cpp blake2-simd.cpp blake2.cpp blowfish.cpp blumshub.cpp camellia.cpp cast.cpp casts.cpp cbcmac.cpp ccm.cpp chacha.cpp channels.cpp cmac.cpp crc-simd.cpp crc.cpp default.cpp des.cpp dessp.cpp dh.cpp dh2.cpp dll.cpp dsa.cpp eax.cpp ec2n.cpp eccrypto.cpp ecp.cpp elgamal.cpp emsa2.cpp eprecomp.cpp esign.cpp files.cpp filters.cpp fips140.cpp fipstest.cpp gcm-simd.cpp gcm.cpp gf256.cpp gf2_32.cpp gf2n.cpp gfpcrypt.cpp gost.cpp gzip.cpp hex.cpp hmac.cpp hrtimer.cpp ida.cpp idea.cpp iterhash.cpp kalyna.cpp kalynatab.cpp keccak.cpp luc.cpp mars.cpp marss.cpp md2.cpp md4.cpp md5.cpp misc.cpp modes.cpp mqueue.cpp mqv.cpp nbtheory.cpp neon-simd.cpp network.cpp oaep.cpp ospstore.cpp osrng.cpp panama.cpp pkcspad.cpp poly1305.cpp polynomi.cpp pssr.cpp pubkey.cpp queue.cpp rabin.cpp randpool.cpp rc2.cpp rc5.cpp rc6.cpp rdrand.cpp rdtables.cpp rijndael.cpp ripemd.cpp rng.cpp rsa.cpp rw.cpp safer.cpp salsa.cpp seal.cpp seed.cpp serpent.cpp sha-simd.cpp sha.cpp sha3.cpp shacal2-simd.cpp shacal2.cpp shark.cpp sharkbox.cpp skipjack.cpp socketft.cpp sosemanuk.cpp square.cpp squaretb.cpp strciphr.cpp tea.cpp tftables.cpp threefish.cpp tiger.cpp tigertab.cpp trdlocal.cpp ttmac.cpp twofish.cpp vmac.cpp wait.cpp wake.cpp whrlpool.cpp xtr.cpp xtrcrypt.cpp zdeflate.cpp zinflate.cpp zlib.cpp - +# In Crypto++ 5.6.2 these were the source and object files for the FIPS DLL. +# Since the library is on the Historical Validation List we add all files. +# The 5.6.2 list is at https://github.com/weidai11/cryptopp/blob/789f81f048c9. +DLLSRCS := $(SRCS) DLLOBJS := $(DLLSRCS:.cpp=.export.o) +DLLOBJS := $(DLLOBJS:.S=.export.o) # Import lib testing LIBIMPORTOBJS := $(LIBOBJS:.o=.import.o) @@ -735,7 +1091,7 @@ DLLTESTOBJS := dlltest.dllonly.o .PHONY: default default: cryptest.exe -.PHONY: all +.PHONY: all static dynamic all: static dynamic cryptest.exe ifneq ($(IS_DARWIN),0) @@ -748,7 +1104,7 @@ endif .PHONY: dep deps depend dep deps depend GNUmakefile.deps: - $(CXX) $(strip $(CXXFLAGS)) -MM *.cpp > GNUmakefile.deps + $(CXX) $(strip $(CXXFLAGS) -DCRYPTOPP_DISABLE_ASM) -MM *.cpp > GNUmakefile.deps # CXXFLAGS are tuned earlier. .PHONY: native no-asm asan ubsan @@ -790,13 +1146,17 @@ test check: cryptest.exe # Used to generate list of source files for Autotools, CMakeList, Android.mk, etc .PHONY: sources sources: adhoc.cpp - $(info Library sources: $(filter-out $(TESTSRCS),$(SRCS))) + $(info ***** Library sources *****) + $(info $(filter-out $(TESTSRCS),$(SRCS))) $(info ) - $(info Library headers: $(filter-out $(TESTINCL),$(INCL))) + $(info ***** Library headers *****) + $(info $(filter-out $(TESTINCL),$(INCL))) $(info ) - $(info Test sources: $(TESTSRCS)) + $(info ***** Test sources *****) + $(info $(TESTSRCS)) $(info ) - $(info Test headers: $(TESTINCL)) + $(info ***** Test headers *****) + $(info $(TESTINCL)) # Directory we want (can't specify on Doygen command line) DOCUMENT_DIRECTORY := ref$(LIB_VER) @@ -827,41 +1187,54 @@ clean: @-$(RM) *.la *.lo *.gcov *.gcno *.gcda *.stackdump core core-* @-$(RM) /tmp/adhoc.exe @-$(RM) -r /tmp/cryptopp_test/ - @-$(RM) -r *.exe.dSYM/ - @-$(RM) -r *.dylib.dSYM/ + @-$(RM) -r *.exe.dSYM/ *.dylib.dSYM/ @-$(RM) -r cov-int/ -.PHONY: distclean -distclean: clean - -$(RM) adhoc.cpp adhoc.cpp.copied GNUmakefile.deps benchmarks.html cryptest.txt cryptest-*.txt - @-$(RM) libcryptopp.pc cryptopp.tgz *.o *.bc *.ii *~ - @-$(RM) -r $(SRCS:.cpp=.obj) cryptlib.lib cryptest.exe *.suo *.sdf *.pdb Win32/ x64/ ipch/ - @-$(RM) -r $(DOCUMENT_DIRECTORY)/ +.PHONY: autotools-clean +autotools-clean: @-$(RM) -f configure.ac configure configure.in Makefile.am Makefile.in Makefile - @-$(RM) -f config.guess config.status config.sub depcomp install-sh compile - @-$(RM) -f stamp-h1 ar-lib *.m4 local.* lt*.sh missing libtool* libcryptopp.pc* + @-$(RM) -f config.guess config.status config.sub config.h.in compile depcomp + @-$(RM) -f install-sh stamp-h1 ar-lib *.lo *.la *.m4 local.* lt*.sh missing + @-$(RM) -f cryptest cryptestcwd libtool* libcryptopp.la libcryptopp.pc* @-$(RM) -rf m4/ auto*.cache/ .deps/ .libs/ - @-$(RM) -r TestCoverage/ - @-$(RM) cryptopp$(LIB_VER)\.* - @-$(RM) CryptoPPRef.zip -# Some users already have a libcryptopp.pc. We install it if the file -# is present. If you want one, then issue 'make libcryptopp.pc'. +.PHONY: cmake-clean +cmake-clean: + @-$(RM) -f cryptopp-config.cmake CMakeLists.txt + @-$(RM) -rf cmake_build/ + +.PHONY: distclean +distclean: clean autotools-clean cmake-clean + -$(RM) adhoc.cpp adhoc.cpp.copied GNUmakefile.deps benchmarks.html cryptest.txt + @-$(RM) cryptest-*.txt cryptopp.tgz libcryptopp.pc *.o *.bc *.ii *~ + @-$(RM) -r cryptlib.lib cryptest.exe *.suo *.sdf *.pdb Win32/ x64/ ipch/ + @-$(RM) -r $(LIBOBJS:.o=.obj) $(TESTOBJS:.o=.obj) + @-$(RM) -r $(LIBOBJS:.o=.lst) $(TESTOBJS:.o=.lst) + @-$(RM) -r TestCoverage/ ref*/ + @-$(RM) cryptopp$(LIB_VER)\.* CryptoPPRef.zip + +# Install cryptest.exe, libcryptopp.a, libcryptopp.so and libcryptopp.pc. +# The library install was broken-out into its own recipe at GH #653. .PHONY: install -install: - @-$(MKDIR) $(DESTDIR)$(INCLUDEDIR)/cryptopp - $(INSTALL_DATA) *.h $(DESTDIR)$(INCLUDEDIR)/cryptopp -ifneq ($(wildcard libcryptopp.a),) - @-$(MKDIR) $(DESTDIR)$(LIBDIR) - $(INSTALL_DATA) libcryptopp.a $(DESTDIR)$(LIBDIR) -endif -ifneq ($(wildcard cryptest.exe),) +install: cryptest.exe install-lib @-$(MKDIR) $(DESTDIR)$(BINDIR) $(INSTALL_PROGRAM) cryptest.exe $(DESTDIR)$(BINDIR) @-$(MKDIR) $(DESTDIR)$(DATADIR)/cryptopp/TestData @-$(MKDIR) $(DESTDIR)$(DATADIR)/cryptopp/TestVectors $(INSTALL_DATA) TestData/*.dat $(DESTDIR)$(DATADIR)/cryptopp/TestData $(INSTALL_DATA) TestVectors/*.txt $(DESTDIR)$(DATADIR)/cryptopp/TestVectors + +# A recipe to install only the library, and not cryptest.exe. Also +# see https://github.com/weidai11/cryptopp/issues/653. Some users +# already have a libcryptopp.pc. Install the *.pc file if the file +# is present. If you want one, then issue 'make libcryptopp.pc'. +.PHONY: install-lib +install-lib: + @-$(MKDIR) $(DESTDIR)$(INCLUDEDIR)/cryptopp + $(INSTALL_DATA) *.h $(DESTDIR)$(INCLUDEDIR)/cryptopp +ifneq ($(wildcard libcryptopp.a),) + @-$(MKDIR) $(DESTDIR)$(LIBDIR) + $(INSTALL_DATA) libcryptopp.a $(DESTDIR)$(LIBDIR) endif ifneq ($(wildcard libcryptopp.dylib),) @-$(MKDIR) $(DESTDIR)$(LIBDIR) @@ -918,7 +1291,7 @@ endif libcryptopp.dylib: $(LIBOBJS) $(CXX) -dynamiclib -o $@ $(strip $(CXXFLAGS)) -install_name "$@" -current_version "$(LIB_MAJOR).$(LIB_MINOR).$(LIB_PATCH)" -compatibility_version "$(LIB_MAJOR).$(LIB_MINOR)" -headerpad_max_install_names $(LDFLAGS) $(LIBOBJS) -cryptest.exe: libcryptopp.a $(TESTOBJS) +cryptest.exe:libcryptopp.a $(TESTOBJS) $(CXX) -o $@ $(strip $(CXXFLAGS)) $(TESTOBJS) ./libcryptopp.a $(LDFLAGS) $(LDLIBS) # Makes it faster to test changes @@ -954,15 +1327,15 @@ libcryptopp.pc: @echo '' >> libcryptopp.pc @echo 'Name: Crypto++' >> libcryptopp.pc @echo 'Description: Crypto++ cryptographic library' >> libcryptopp.pc - @echo 'Version: 7.0' >> libcryptopp.pc + @echo 'Version: 8.0' >> libcryptopp.pc @echo 'URL: https://cryptopp.com/' >> libcryptopp.pc @echo '' >> libcryptopp.pc @echo 'Cflags: -I$${includedir}' >> libcryptopp.pc @echo 'Libs: -L$${libdir} -lcryptopp' >> libcryptopp.pc # This recipe prepares the distro files -TEXT_FILES := *.h *.cpp adhoc.cpp.proto License.txt Readme.txt Install.txt Filelist.txt Doxyfile cryptest* cryptlib* dlltest* cryptdll* *.sln *.vcxproj *.filters cryptopp.rc TestVectors/*.txt TestData/*.dat TestScripts/*.sh TestScripts/*.cmd -EXEC_FILES := GNUmakefile GNUmakefile-cross TestData/ TestVectors/ TestScripts/ +TEXT_FILES := *.h *.cpp adhoc.cpp License.txt Readme.txt Install.txt Filelist.txt Doxyfile cryptest* cryptlib* dlltest* cryptdll* *.sln *.s *.S *.vcxproj *.filters cryptopp.rc TestVectors/*.txt TestData/*.dat TestPrograms/*.cxx TestScripts/*.sh TestScripts/*.cmd +EXEC_FILES := GNUmakefile GNUmakefile-cross TestData/ TestVectors/ TestScripts/ TestPrograms/ ifeq ($(wildcard Filelist.txt),Filelist.txt) DIST_FILES := $(shell cat Filelist.txt) @@ -971,23 +1344,25 @@ endif .PHONY: trim trim: ifneq ($(IS_DARWIN),0) - sed -i '' -e's/[[:space:]]*$$//' *.supp *.txt *.sh .*.yml *.h *.cpp *.asm *.s *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross - sed -i '' -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestScripts/*.* + sed -i '' -e's/[[:space:]]*$$//' *.supp *.txt *.sh .*.yml *.h *.cpp *.asm *.s *.S + sed -i '' -e's/[[:space:]]*$$//' *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross + sed -i '' -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestPrograms/*.cxx TestScripts/*.* make convert else - sed -i -e's/[[:space:]]*$$//' *.supp *.txt *.sh .*.yml *.h *.cpp *.asm *.s *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross - sed -i -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestScripts/*.* + sed -i -e's/[[:space:]]*$$//' *.supp *.txt *.sh .*.yml *.h *.cpp *.asm *.s *.S + sed -i -e's/[[:space:]]*$$//' *.sln *.vcxproj *.filters GNUmakefile GNUmakefile-cross + sed -i -e's/[[:space:]]*$$//' TestData/*.dat TestVectors/*.txt TestPrograms/*.cxx TestScripts/*.* make convert endif .PHONY: convert convert: - @-$(CHMOD) 0700 TestVectors/ TestData/ TestScripts/ - @-$(CHMOD) 0600 $(TEXT_FILES) *.supp .*.yml *.asm *.s *.zip TestVectors/*.txt TestData/*.dat TestScripts/*.* + @-$(CHMOD) 0700 TestVectors/ TestData/ TestPrograms/ TestScripts/ + @-$(CHMOD) 0600 $(TEXT_FILES) *.supp .*.yml *.asm *.s *.zip TestVectors/*.txt TestData/*.dat TestPrograms/*.cxx TestScripts/*.* @-$(CHMOD) 0700 $(EXEC_FILES) *.sh *.cmd TestScripts/*.sh TestScripts/*.cmd @-$(CHMOD) 0700 *.cmd *.sh GNUmakefile GNUmakefile-cross TestScripts/*.sh -unix2dos --keepdate --quiet $(TEXT_FILES) .*.yml *.asm *.cmd TestScripts/*.* - -dos2unix --keepdate --quiet GNUmakefile GNUmakefile-cross *.supp *.s *.sh *.mapfile TestScripts/*.sh TestScripts/*.patch + -dos2unix --keepdate --quiet GNUmakefile* *.supp *.s *.S *.sh *.mapfile TestScripts/*.sh ifneq ($(IS_DARWIN),0) @-xattr -c * endif @@ -1031,72 +1406,133 @@ ifeq ($(wildcard GNUmakefile.deps),GNUmakefile.deps) -include GNUmakefile.deps endif # Dependencies +# Cryptogams ARM asm implementation. +aes_armv4.o : aes_armv4.S + $(CC) $(strip $(CXXFLAGS) $(CRYPTOGAMS_AES_FLAG) -mfloat-abi=$(FP_ABI) -c) $< + +# SSSE3 or NEON available +aria_simd.o : aria_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(ARIA_FLAG) -c) $< + +# SSE, NEON or POWER7 available +blake2s_simd.o : blake2s_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(BLAKE2S_FLAG) -c) $< + +# SSE, NEON or POWER8 available +blake2b_simd.o : blake2b_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(BLAKE2B_FLAG) -c) $< + +# SSE2 or NEON available +chacha_simd.o : chacha_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(CHACHA_FLAG) -c) $< + +# AVX2 available +chacha_avx.o : chacha_avx.cpp + $(CXX) $(strip $(CXXFLAGS) $(CHACHA_AVX2_FLAG) -c) $< + +# SSSE3 available +cham_simd.o : cham_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(CHAM_FLAG) -c) $< + +# Power9 available +darn.o : darn.cpp + $(CXX) $(strip $(CXXFLAGS) $(DARN_FLAG) -c) $< + +# SSE2 on i686 +donna_sse.o : donna_sse.cpp + $(CXX) $(strip $(CXXFLAGS) $(SSE2_FLAG) -c) $< + +# SSE2 on i686 +sse_simd.o : sse_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SSE2_FLAG) -c) $< + +# SSE4.2 or ARMv8a available +crc_simd.o : crc_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(CRC_FLAG) -c) $< + +# PCLMUL or ARMv7a/ARMv8a available +gcm_simd.o : gcm_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(GCM_FLAG) -c) $< + +# SSSE3 available +lea_simd.o : lea_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(LEA_FLAG) -c) $< + +# NEON available +neon_simd.o : neon_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(NEON_FLAG) -c) $< + +# AltiVec available +ppc_simd.o : ppc_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(ALTIVEC_FLAG) -c) $< + +# Power7 available +ppc_power7.o : ppc_power7.cpp + $(CXX) $(strip $(CXXFLAGS) $(POWER7_FLAG) -c) $< + +# Power8 available +ppc_power8.o : ppc_power8.cpp + $(CXX) $(strip $(CXXFLAGS) $(POWER8_FLAG) -c) $< + +# Power9 available +ppc_power9.o : ppc_power9.cpp + $(CXX) $(strip $(CXXFLAGS) $(POWER9_FLAG) -c) $< + +# AESNI or ARMv7a/ARMv8a available +rijndael_simd.o : rijndael_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(AES_FLAG) -c) $< + +# SSE4.2/SHA-NI or ARMv8a available +sha_simd.o : sha_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SHA_FLAG) -c) $< + +sha3_simd.o : sha3_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SHA3_FLAG) -c) $< + +# SSE4.2/SHA-NI or ARMv8a available +shacal2_simd.o : shacal2_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SHA_FLAG) -c) $< + +# SSSE3 or NEON available +simeck_simd.o : simeck_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SIMECK_FLAG) -c) $< + +# SSE4.1, NEON or POWER7 available +simon64_simd.o : simon64_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SIMON64_FLAG) -c) $< + +# SSSE3, NEON or POWER8 available +simon128_simd.o : simon128_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SIMON128_FLAG) -c) $< + +# SSE4.1, NEON or POWER7 available +speck64_simd.o : speck64_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SPECK64_FLAG) -c) $< + +# SSSE3, NEON or POWER8 available +speck128_simd.o : speck128_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SPECK128_FLAG) -c) $< + +# ARMv8.4 available +sm3_simd.o : sm3_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SM3_FLAG) -c) $< + +# AESNI available +sm4_simd.o : sm4_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SM4_FLAG) -c) $< + # IBM XLC -O3 optimization bug ifeq ($(XLC_COMPILER),1) sm3.o : sm3.cpp $(CXX) $(strip $(subst -O3,-O2,$(CXXFLAGS)) -c) $< endif -# SSSE3 or NEON available -aria-simd.o : aria-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(ARIA_FLAG) -c) $< - -# SSE4.1 or ARMv8a available -blake2-simd.o : blake2-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(BLAKE2_FLAG) -c) $< - -# SSE2 on i586 -sse-simd.o : sse-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(SSE_FLAG) -c) $< - -# SSE4.2 or ARMv8a available -crc-simd.o : crc-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(CRC_FLAG) -c) $< - -# PCLMUL or ARMv7a/ARMv8a available -gcm-simd.o : gcm-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(GCM_FLAG) -c) $< - -# NEON available -neon-simd.o : neon-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(NEON_FLAG) -c) $< - -# AltiVec, Power7, Power8 available -ppc-simd.o : ppc-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(ALTIVEC_FLAG) -c) $< - -# AESNI or ARMv7a/ARMv8a available -rijndael-simd.o : rijndael-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(AES_FLAG) -c) $< - -# SSE4.2/SHA-NI or ARMv8a available -sha-simd.o : sha-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(SHA_FLAG) -c) $< - -# SSE4.2/SHA-NI or ARMv8a available -shacal2-simd.o : shacal2-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(SHA_FLAG) -c) $< - -# SSSE3 or NEON available -simon-simd.o : simon-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(SIMON_FLAG) -c) $< - -# SSSE3 or NEON available -speck-simd.o : speck-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(SPECK_FLAG) -c) $< - # Don't build Rijndael with UBsan. Too much noise due to unaligned data accesses. ifneq ($(findstring -fsanitize=undefined,$(CXXFLAGS)),) rijndael.o : rijndael.cpp $(CXX) $(strip $(subst -fsanitize=undefined,,$(CXXFLAGS)) -c) $< endif -# Don't build VMAC and friends with Asan. Too many false positives. -ifneq ($(findstring -fsanitize=address,$(CXXFLAGS)),) -vmac.o : vmac.cpp - $(CXX) $(strip $(subst -fsanitize=address,,$(CXXFLAGS)) -c) $< -endif - # Only use CRYPTOPP_DATA_DIR if its not set in CXXFLAGS ifeq ($(findstring -DCRYPTOPP_DATA_DIR, $(strip $(CXXFLAGS))),) ifneq ($(strip $(CRYPTOPP_DATA_DIR)),) @@ -1111,6 +1547,9 @@ test.o : test.cpp endif endif +validat1.o : validat1.cpp + $(CXX) $(strip $(CXXFLAGS) $(ALTIVEC_FLAG) -c) $< + %.dllonly.o : %.cpp $(CXX) $(strip $(CXXFLAGS) -DCRYPTOPP_DLL_ONLY -c) $< -o $@ diff --git a/vendor/cryptopp/vendor_cryptopp/GNUmakefile-cross b/vendor/cryptopp/vendor_cryptopp/GNUmakefile-cross index 6789c55f..0ba83142 100755 --- a/vendor/cryptopp/vendor_cryptopp/GNUmakefile-cross +++ b/vendor/cryptopp/vendor_cryptopp/GNUmakefile-cross @@ -3,6 +3,14 @@ SHELL = /bin/sh +# If needed +TMPDIR ?= /tmp +# Used for ARMv7 and NEON. +FP_ABI ?= hard +# Used for feature tests +TOUT ?= a.out +TOUT := $(strip $(TOUT)) + # Default CXXFLAGS if none were provided CXXFLAGS ?= -DNDEBUG -g2 -O3 -fPIC -pipe @@ -22,35 +30,25 @@ INSTALL = install INSTALL_PROGRAM = $(INSTALL) INSTALL_DATA = $(INSTALL) -m 644 -# Attempt to determine host machine, fallback to "this" machine. -# The host machine is the one the package runs on. Most people -# call this the "target", but not Autotools. -HOSTX := $(shell $(CXX) $(CXXFLAGS) -dumpmachine 2>/dev/null | cut -f 1 -d '-') -ifeq ($(HOSTX),) - HOSTX := $(shell uname -m 2>/dev/null) -endif - -IS_i686 := $(shell echo "$HOSTX" | $(EGREP) -v 64 | $(EGREP) -i -c 'i.86') -IS_x86_64 := $(shell echo "$HOSTX" | $(EGREP) -i -c 'x86_64|amd64') -IS_ARM := $(shell echo "$HOSTX" | $(EGREP) -i -c 'arm') -IS_ARMv8 := $(shell echo "$HOSTX" | $(EGREP) -i -c 'aarch32|aarch64') - -CLANG_COMPILER := $(shell $(CXX) --version 2>&1 | $(EGREP) -i -c "clang") - IS_IOS ?= 0 IS_ANDROID ?= 0 IS_ARM_EMBEDDED ?= 0 IS_NEON ?= 0 -# Fixup ARM -ifeq ($(IS_ARMv8),1) - IS_ARM := 0 -endif - # Can be used by Android and Embeeded cross-compiles. Disable by default because # Android and embedded users typically don't run this configuration. HAS_SOLIB_VERSION ?= 0 +# Formely adhoc.cpp was created from adhoc.cpp.proto when needed. +# This is now needed because ISA tests are performed using adhoc.cpp. +ifeq ($(wildcard adhoc.cpp),) +$(shell cp adhoc.cpp.proto adhoc.cpp) +endif + +########################################################### +##### General Variables ##### +########################################################### + # Default prefix for make install ifeq ($(PREFIX),) PREFIX = /usr/local @@ -72,29 +70,37 @@ endif # We honor ARFLAGS, but the "v" option used by default causes a noisy make ifeq ($(ARFLAGS),rv) -ARFLAGS = r + ARFLAGS = r endif # Sadly, we can't actually use GCC_PRAGMA_AWARE because of GCC bug 53431. # Its a shame because GCC has so much to offer by the way of analysis. # https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53431 ifneq ($(CLANG_COMPILER),0) -CXXFLAGS += -Wall + CXXFLAGS += -Wall endif +########################################################### +##### iOS ##### +########################################################### + # iOS cross-compile configuration. # See http://www.cryptopp.com/wiki/iOS_(Command_Line). ifeq ($(IS_IOS),1) CXX = clang++ CXXFLAGS += $(IOS_FLAGS) -arch $(IOS_ARCH) - CXXFLAGS += -isysroot $(IOS_SYSROOT) -stdlib=libc++ + CXXFLAGS += -isysroot "$(IOS_SYSROOT)" -stdlib=libc++ AR = libtool ARFLAGS = -static -o RANLIB = ranlib endif +########################################################### +##### Android ##### +########################################################### + # Android cross-compile configuration. # See http://www.cryptopp.com/wiki/Android_(Command_Line). ifeq ($(IS_ANDROID),1) @@ -116,6 +122,10 @@ ifeq ($(IS_ANDROID),1) AOSP_CPU_OBJ = cpu-features.o endif +########################################################### +##### Embedded ##### +########################################################### + # ARM embedded cross-compile configuration. # See http://www.cryptopp.com/wiki/ARM_Embedded_(Command_Line) # and http://www.cryptopp.com/wiki/ARM_Embedded_(Bare Metal). @@ -124,6 +134,364 @@ ifeq ($(IS_ARM_EMBEDDED),1) CXXFLAGS += $(ARM_EMBEDDED_FLAGS) --sysroot=$(ARM_EMBEDDED_SYSROOT) endif +########################################################### +##### Compiler and Platform ##### +########################################################### + +# Wait until CXXFLAGS have been set by setenv scripts. + +GCC_COMPILER := $(shell $(CXX) --version 2>/dev/null | $(EGREP) -v -E 'llvm|clang' | $(EGREP) -i -c -E '(gcc|g\+\+)') +CLANG_COMPILER := $(shell $(CXX) --version 2>/dev/null | $(EGREP) -i -c -E 'llvm|clang') + +HOSTX := $(shell $(CXX) $(CXXFLAGS) -dumpmachine 2>/dev/null | cut -f 1 -d '-') +ifeq ($(HOSTX),) + HOSTX := $(shell uname -m 2>/dev/null) +endif + +# This dance is because Clang reports the host architecture instead +# of the target architecture. Running Clang on an x86_64 machine with +# -arch arm64 yields x86_64 instead of aarch64 or arm64. + +ifeq ($(CLANG_COMPILER),1) + IS_X86 := $(shell echo $(CXXFLAGS) | $(EGREP) -v 64 | $(EGREP) -i -c -E 'i.86') + IS_X64 := $(shell echo $(CXXFLAGS) | $(EGREP) -i -c -E 'x86_64|amd64') + IS_ARM32 := $(shell echo $(CXXFLAGS) | $(EGREP) -v 64 | $(EGREP) -i -c -E 'arm|armhf|arm7l|eabihf') + IS_ARMV8 := $(shell echo $(CXXFLAGS) | $(EGREP) -i -c -E 'aarch32|aarch64|arm64|armv8') +else + IS_X86 := $(shell echo $(HOSTX) | $(EGREP) -v 64 | $(EGREP) -i -c -E 'i.86') + IS_X64 := $(shell echo $(HOSTX) | $(EGREP) -i -c -E 'x86_64|amd64') + IS_ARM32 := $(shell echo $(HOSTX) | $(EGREP) -v 64 | $(EGREP) -i -c -E 'arm|armhf|arm7l|eabihf') + IS_ARMV8 := $(shell echo $(HOSTX) | $(EGREP) -i -c -E 'aarch32|aarch64|arm64|armv8') +endif + +$(info Here's what we found... IS_X86: $(IS_X86), IS_X64: $(IS_X64), IS_ARM32: $(IS_ARM32), IS_ARMV8: $(IS_ARMV8)) + +########################################################### +##### Test Program ##### +########################################################### + +# Hack to skip CPU feature tests for some recipes +DETECT_FEATURES ?= 1 +ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),-DCRYPTOPP_DISABLE_ASM) + DETECT_FEATURES := 0 +else ifeq ($(findstring clean,$(MAKECMDGOALS)),clean) + DETECT_FEATURES := 0 +else ifeq ($(findstring distclean,$(MAKECMDGOALS)),distclean) + DETECT_FEATURES := 0 +else ifeq ($(findstring distclean,$(MAKECMDGOALS)),trim) + DETECT_FEATURES := 0 +endif + +# Strip out -Wall, -Wextra and friends for feature testing +ifeq ($(DETECT_FEATURES),1) + TCXXFLAGS := $(filter-out -Wall -Wextra -Werror% -Wunused -Wconversion -Wp%, $(CXXFLAGS)) + ifneq ($(strip $(TCXXFLAGS)),) + $(info Using testing flags: $(TCXXFLAGS)) + endif +endif + +# For the previous messages +$(info ) + +########################################################### +##### X86/X32/X64 Options ##### +########################################################### + +ifneq ($(IS_X86)$(IS_X64),00) +ifeq ($(DETECT_FEATURES),1) + + SSE2_FLAG = -msse2 + SSE3_FLAG = -msse3 + SSSE3_FLAG = -mssse3 + SSE41_FLAG = -msse4.1 + SSE42_FLAG = -msse4.2 + CLMUL_FLAG = -mpclmul + AESNI_FLAG = -maes + AVX_FLAG = -mavx + AVX2_FLAG = -mavx2 + SHANI_FLAG = -msha + + TPROG = TestPrograms/test_x86_sse2.cxx + TOPT = $(SSE2_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + CHACHA_FLAG = $(SSE2_FLAG) + else + SSE2_FLAG = + endif + + TPROG = TestPrograms/test_x86_ssse3.cxx + TOPT = $(SSSE3_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + ARIA_FLAG = $(SSSE3_FLAG) + CHAM_FLAG = $(SSSE3_FLAG) + LEA_FLAG = $(SSSE3_FLAG) + SIMECK_FLAG = $(SSSE3_FLAG) + SIMON64_FLAG = $(SSSE3_FLAG) + SIMON128_FLAG = $(SSSE3_FLAG) + SPECK64_FLAG = $(SSSE3_FLAG) + SPECK128_FLAG = $(SSSE3_FLAG) + else + SSSE3_FLAG = + endif + + TPROG = TestPrograms/test_x86_sse41.cxx + TOPT = $(SSE41_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + BLAKE2B_FLAG = $(SSE41_FLAG) + BLAKE2S_FLAG = $(SSE41_FLAG) + SIMON64_FLAG = $(SSE41_FLAG) + SPECK64_FLAG = $(SSE41_FLAG) + else + SSE41_FLAG = + endif + + TPROG = TestPrograms/test_x86_sse42.cxx + TOPT = $(SSE42_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + CRC_FLAG = $(SSE42_FLAG) + else + SSE42_FLAG = + endif + + TPROG = TestPrograms/test_x86_clmul.cxx + TOPT = $(CLMUL_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + GCM_FLAG = $(SSSE3_FLAG) $(CLMUL_FLAG) + else + CLMUL_FLAG = + endif + + TPROG = TestPrograms/test_x86_aes.cxx + TOPT = $(AESNI_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + AES_FLAG = $(SSE41_FLAG) $(AESNI_FLAG) + SM4_FLAG = $(SSSE3_FLAG) $(AESNI_FLAG) + else + AESNI_FLAG = + endif + + TPROG = TestPrograms/test_x86_avx.cxx + TOPT = $(AVX_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + # XXX_FLAG = $(AVX_FLAG) + else + AVX_FLAG = + endif + + TPROG = TestPrograms/test_x86_avx2.cxx + TOPT = $(AVX2_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + CHACHA_AVX2_FLAG = $(AVX2_FLAG) + else + AVX2_FLAG = + endif + + TPROG = TestPrograms/test_x86_sha.cxx + TOPT = $(SHANI_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + SHA_FLAG = $(SSE42_FLAG) $(SHANI_FLAG) + else + SHANI_FLAG = + endif + + ifeq ($(SSE2_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_ASM + else ifeq ($(SSE3_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_SSE3 + else ifeq ($(SSSE3_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_SSSE3 + else ifeq ($(SSE41_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_SSE4 + else ifeq ($(SSE42_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_SSE4 + endif + + ifneq ($(SSE42_FLAG),) + + # Unusual GCC/Clang on Macports. It assembles AES, but not CLMUL. + # test_x86_clmul.s:15: no such instruction: 'pclmulqdq $0, %xmm1,%xmm0' + ifeq ($(CLMUL_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_CLMUL + endif + ifeq ($(AESNI_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_AESNI + endif + + ifeq ($(AVX_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_AVX + else ifeq ($(AVX2_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_AVX2 + else ifeq ($(SHANI_FLAG),) + CXXFLAGS += -DCRYPTOPP_DISABLE_SHANI + endif + endif + +# DETECT_FEATURES +endif + +# IS_X86, IS_X32 and IS_X64 +endif + +########################################################### +##### ARM A-32, Aach64 and NEON ##### +########################################################### + +ifneq ($(IS_ARM32)$(IS_ARMV8),00) +ifeq ($(DETECT_FEATURES),1) + +ifeq ($(IS_ARM32),1) + + ifneq ($(IS_IOS)$(IS_ANDROID),00) + NEON_FLAG = + else + NEON_FLAG = -march=armv7-a -mfloat-abi=$(FP_ABI) -mfpu=neon + endif + + TPROG = TestPrograms/test_arm_neon.cxx + TOPT = $(NEON_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + ARIA_FLAG = $(NEON_FLAG) + AES_FLAG = $(NEON_FLAG) + CRC_FLAG = $(NEON_FLAG) + GCM_FLAG = $(NEON_FLAG) + BLAKE2B_FLAG = $(NEON_FLAG) + BLAKE2S_FLAG = $(NEON_FLAG) + CHACHA_FLAG = $(NEON_FLAG) + CHAM_FLAG = $(NEON_FLAG) + LEA_FLAG = $(NEON_FLAG) + SHA_FLAG = $(NEON_FLAG) + SIMECK_FLAG = $(NEON_FLAG) + SIMON64_FLAG = $(NEON_FLAG) + SIMON128_FLAG = $(NEON_FLAG) + SPECK64_FLAG = $(NEON_FLAG) + SPECK128_FLAG = $(NEON_FLAG) + SM4_FLAG = $(NEON_FLAG) + else + NEON_FLAG = + CXXFLAGS += -DCRYPTOPP_DISABLE_NEON + endif + +# IS_NEON +endif + +ifeq ($(IS_ARMV8),1) + + ifeq ($(IS_IOS),1) + ASIMD_FLAG = + CRC_FLAG = + AES_FLAG = + PMUL_FLAG = + SHA_FLAG = + else + ASIMD_FLAG = -march=armv8-a + CRC_FLAG = -march=armv8-a+crc + AES_FLAG = -march=armv8-a+crypto + PMULL_FLAG = -march=armv8-a+crypto + SHA_FLAG = -march=armv8-a+crypto + endif + + TPROG = TestPrograms/test_arm_acle.cxx + TOPT = $(ASIMD_FLAG) + HAVE_OPT = $(shell $(CXX) $(TCXXFLAGS) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + ACLE_FLAG += -DCRYPTOPP_ARM_ACLE_AVAILABLE=1 + else + CXXFLAGS += -DCRYPTOPP_ARM_ACLE_AVAILABLE=0 + endif + + TPROG = TestPrograms/test_arm_asimd.cxx + TOPT = $(ASIMD_FLAG) + HAVE_OPT = $(shell $(CXX) $(CXXFLAGS) $(ACLE_FLAG) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + ARIA_FLAG = $(ASIMD_FLAG) + BLAKE2B_FLAG = $(ASIMD_FLAG) + BLAKE2S_FLAG = $(ASIMD_FLAG) + CHACHA_FLAG = $(ASIMD_FLAG) + CHAM_FLAG = $(ASIMD_FLAG) + LEA_FLAG = $(ASIMD_FLAG) + NEON_FLAG = $(ASIMD_FLAG) + SIMECK_FLAG = $(ASIMD_FLAG) + SIMON64_FLAG = $(ASIMD_FLAG) + SIMON128_FLAG = $(ASIMD_FLAG) + SPECK64_FLAG = $(ASIMD_FLAG) + SPECK128_FLAG = $(ASIMD_FLAG) + SM4_FLAG = $(ASIMD_FLAG) + else + ASIMD_FLAG = + CXXFLAGS += -DCRYPTOPP_DISABLE_ASM + endif + + TPROG = TestPrograms/test_arm_crc.cxx + TOPT = $(CRC_FLAG) + HAVE_OPT = $(shell $(CXX) $(CXXFLAGS) $(ACLE_FLAG) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifneq ($(strip $(HAVE_OPT)),0) + CRC_FLAG = + CXXFLAGS += -DCRYPTOPP_ARM_CRC32_AVAILABLE=0 + endif + + TPROG = TestPrograms/test_arm_aes.cxx + TOPT = $(AES_FLAG) + HAVE_OPT = $(shell $(CXX) $(CXXFLAGS) $(ACLE_FLAG) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifneq ($(strip $(HAVE_OPT)),0) + AES_FLAG = + CXXFLAGS += -DCRYPTOPP_ARM_AES_AVAILABLE=0 + endif + + TPROG = TestPrograms/test_arm_pmull.cxx + TOPT = $(PMULL_FLAG) + HAVE_OPT = $(shell $(CXX) $(CXXFLAGS) $(ACLE_FLAG) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifneq ($(strip $(HAVE_OPT)),0) + PMULL_FLAG = + CXXFLAGS += -DCRYPTOPP_ARM_PMULL_AVAILABLE=0 + endif + + TPROG = TestPrograms/test_arm_sha.cxx + TOPT = $(SHA_FLAG) + HAVE_OPT = $(shell $(CXX) $(CXXFLAGS) $(ACLE_FLAG) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifneq ($(strip $(HAVE_OPT)),0) + SHA_FLAG = + CXXFLAGS += -DCRYPTOPP_ARM_SHA_AVAILABLE=0 + endif + + TPROG = TestPrograms/test_arm_sm3.cxx + TOPT = -march=armv8.4-a+crypto + HAVE_OPT = $(shell $(CXX) $(CXXFLAGS) $(ACLE_FLAG) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + SM3_FLAG = -march=armv8.4-a+crypto + SM4_FLAG = -march=armv8.4-a+crypto + endif + + TPROG = TestPrograms/test_arm_sha3.cxx + TOPT = -march=armv8.4-a+crypto + HAVE_OPT = $(shell $(CXX) $(CXXFLAGS) $(ACLE_FLAG) $(ZOPT) $(TOPT) $(TPROG) -o $(TOUT) 2>&1 | tr ' ' '\n' | wc -l) + ifeq ($(strip $(HAVE_OPT)),0) + SHA3_FLAG = -march=armv8.4-a+crypto + SHA512_FLAG = -march=armv8.4-a+crypto + endif + +# IS_ARMV8 +endif + +# DETECT_FEATURES +endif + +# IS_ARM32, IS_ARMV8, IS_NEON +endif + +########################################################### +##### Common ##### +########################################################### + # No ASM for Travis testing ifeq ($(findstring no-asm,$(MAKECMDGOALS)),no-asm) ifeq ($(findstring -DCRYPTOPP_DISABLE_ASM,$(CXXFLAGS)),) @@ -178,7 +546,7 @@ endif # Valgrind # Debug testing on GNU systems. Triggered by -DDEBUG. # Newlib test due to http://sourceware.org/bugzilla/show_bug.cgi?id=20268 ifneq ($(filter -DDEBUG -DDEBUG=1,$(CXXFLAGS)),) - USING_GLIBCXX := $(shell $(CXX) -x c++ $(CXXFLAGS) -E adhoc.cpp.proto 2>&1 | $(EGREP) -i -c "__GLIBCXX__") + USING_GLIBCXX := $(shell $(CXX) $(CXXFLAGS) -E pch.cpp 2>&1 | $(EGREP) -i -c "__GLIBCXX__") ifneq ($(USING_GLIBCXX),0) ifeq ($(HAS_NEWLIB),0) ifeq ($(findstring -D_GLIBCXX_DEBUG,$(CXXFLAGS)),) @@ -207,115 +575,34 @@ ifeq ($(findstring lean,$(MAKECMDGOALS)),lean) endif # MAKECMDGOALS endif # Dead code stripping -# Pickup ARMv7 and NEON. Do it after Android, iOS and Embedded flags have been set. -ifeq ($(IS_ARM),1) - IS_ARMv7 := $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -dM -E - 2>/dev/null | $(EGREP) -i -c '__ARM_ARCH 7') - ifeq ($(IS_ARMv7),1) - IS_NEON := 1 - else - IS_NEON := $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -dM -E - 2>/dev/null | $(EGREP) -i -c -E '\<__ARM_NEON\>') - endif -endif - -# ARMv7-a -ifeq ($(IS_ARMv7),1) - ifeq ($(findstring -march=armv7-a,$(CXXFLAGS)),) - NEON_FLAG = -march=armv7-a - GCM_FLAG = -march=armv7-a - ARIA_FLAG = -march=armv7-a - BLAKE2_FLAG = -march=armv7-a - endif -endif - -# NEON -ifeq ($(IS_NEON),1) - ifeq ($(findstring -mfpu=neon,$(CXXFLAGS)),) - NEON_FLAG += -mfpu=neon - GCM_FLAG += -mfpu=neon - ARIA_FLAG += -mfpu=neon - BLAKE2_FLAG += -mfpu=neon - SIMON_FLAG += -mfpu=neon - SPECK_FLAG += -mfpu=neon - ifeq ($(IS_ANDROID),1) - ifeq ($(findstring -mfloat-abi=softfp,$(CXXFLAGS)),) - NEON_FLAG += -mfloat-abi=softfp - GCM_FLAG += -mfloat-abi=softfp - ARIA_FLAG += -mfloat-abi=softfp - BLAKE2_FLAG += -mfloat-abi=softfp - SIMON_FLAG += -mfloat-abi=softfp - SPECK_FLAG += -mfloat-abi=softfp - endif - endif - endif -endif - -# ARMv8-a -ifneq ($(IS_ARMv8),0) - IS_NEON := $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -march=armv8-a -dM -E - 2>/dev/null | $(EGREP) -i -c __ARM_NEON) - ifeq ($(IS_NEON),1) - ARIA_FLAG = -march=armv8-a - BLAKE2_FLAG = -march=armv8-a - NEON_FLAG = -march=armv8-a - SIMON_FLAG = -march=armv8-a - SPECK_FLAG = -march=armv8-a - endif - HAVE_CRC := $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -march=armv8-a+crc -dM -E - 2>/dev/null | $(EGREP) -i -c __ARM_FEATURE_CRC32) - ifeq ($(HAVE_CRC),1) - CRC_FLAG = -march=armv8-a+crc - endif - HAVE_CRYPTO := $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -march=armv8-a+crypto -dM -E - 2>/dev/null | $(EGREP) -i -c __ARM_FEATURE_CRYPTO) - ifeq ($(HAVE_CRYPTO),1) - AES_FLAG = -march=armv8-a+crypto - GCM_FLAG = -march=armv8-a+crypto - SHA_FLAG = -march=armv8-a+crypto - endif -endif - -# i686 and x86_64 -ifneq ($(IS_i686)$(IS_x86_64),00) - HAVE_SSSE3 = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -mssse3 -dM -E - 2>/dev/null | $(EGREP) -i -c __SSSE3__) - ifeq ($(HAVE_SSSE3),1) - ARIA_FLAG = -mssse3 - SSSE3_FLAG = -mssse3 - SIMON_FLAG = -mssse3 - SPECK_FLAG = -mssse3 - endif - HAVE_SSE4 = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -msse4.1 -dM -E - 2>/dev/null | $(EGREP) -i -c __SSE4_1__) - ifeq ($(HAVE_SSE4),1) - SIMON_FLAG = -msse4.1 - SPECK_FLAG = -msse4.1 - endif - HAVE_SSE4 = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -msse4.2 -dM -E - 2>/dev/null | $(EGREP) -i -c __SSE4_2__) - ifeq ($(HAVE_SSE4),1) - BLAKE2_FLAG = -msse4.2 - CRC_FLAG = -msse4.2 - endif - HAVE_CLMUL = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -mssse3 -mpclmul -dM -E - 2>/dev/null | $(EGREP) -i -c __PCLMUL__ ) - ifeq ($(HAVE_CLMUL),1) - GCM_FLAG = -mssse3 -mpclmul - endif - HAVE_AES = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -msse4.1 -maes -dM -E - 2>/dev/null | $(EGREP) -i -c __AES__) - ifeq ($(HAVE_AES),1) - AES_FLAG = -msse4.1 -maes - endif - HAVE_SHA = $(shell echo | $(CXX) -x c++ $(CXXFLAGS) -msse4.2 -msha -dM -E - 2>/dev/null | $(EGREP) -i -c __SHA__) - ifeq ($(HAVE_SHA),1) - SHA_FLAG = -msse4.2 -msha - endif -endif +########################################################### +##### Source and object files ##### +########################################################### # List cryptlib.cpp first, then cpu.cpp, then integer.cpp to tame C++ static initialization problems. -SRCS := cryptlib.cpp cpu.cpp integer.cpp $(filter-out cryptlib.cpp cpu.cpp integer.cpp pch.cpp simple.cpp winpipes.cpp cryptlib_bds.cpp,$(sort $(wildcard *.cpp))) - +SRCS := cryptlib.cpp cpu.cpp integer.cpp $(filter-out cryptlib.cpp cpu.cpp integer.cpp pch.cpp simple.cpp cryptlib_bds.cpp,$(sort $(wildcard *.cpp))) # For Makefile.am; resource.h is Windows INCL := $(filter-out resource.h,$(sort $(wildcard *.h))) +# Cryptogams AES for ARMv4 and above. We couple to ARMv7. +# Avoid iOS. It cannot consume the assembly. +ifeq ($(IS_ARM32),1) + ifneq ($(IS_IOS),1) + CRYPTOGAMS_AES_FLAG = -march=armv7-a + CRYPTOGAMS_AES_FLAG += -Wa,--noexecstack + SRCS += aes_armv4.S + endif +endif + # List cryptlib.cpp first, then cpu.cpp, then integer.cpp to tame C++ static initialization problems. OBJS := $(SRCS:.cpp=.o) +OBJS := $(OBJS:.S=.o) # List test.cpp first to tame C++ static initialization problems. -TESTSRCS := adhoc.cpp test.cpp bench1.cpp bench2.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp validat4.cpp datatest.cpp regtest1.cpp regtest2.cpp regtest3.cpp fipsalgt.cpp dlltest.cpp +TESTSRCS := adhoc.cpp test.cpp bench1.cpp bench2.cpp bench3.cpp datatest.cpp dlltest.cpp fipsalgt.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp validat4.cpp validat5.cpp validat6.cpp validat7.cpp validat8.cpp validat9.cpp validat10.cpp regtest1.cpp regtest2.cpp regtest3.cpp regtest4.cpp TESTINCL := bench.h factory.h validate.h + +# Test objects TESTOBJS := $(TESTSRCS:.cpp=.o) LIBOBJS := $(filter-out $(TESTOBJS),$(OBJS)) @@ -337,11 +624,15 @@ SOLIB_COMPAT_SUFFIX=.$(LIB_MAJOR) SOLIB_FLAGS=-Wl,-soname,libcryptopp.so$(SOLIB_COMPAT_SUFFIX) endif # HAS_SOLIB_VERSION +########################################################### +##### Targets and Recipes ##### +########################################################### + # Default builds program with static library only .PHONY: default default: cryptest.exe -.PHONY: all +.PHONY: all static dynamic all: static dynamic cryptest.exe ifneq ($(IS_IOS),0) @@ -363,10 +654,10 @@ lean: static dynamic cryptest.exe .PHONY: clean clean: - -$(RM) adhoc.cpp.o adhoc.cpp.proto.o $(LIBOBJS) $(AOSP_CPU_OBJ) $(TESTOBJS) $(DLLOBJS) $(LIBIMPORTOBJS) $(TESTIMPORTOBJS) $(DLLTESTOBJS) + -$(RM) adhoc.cpp.o adhoc.cpp.proto.o $(LIBOBJS) $(AOSP_CPU_OBJ) rdrand-*.o $(TESTOBJS) $(DLLOBJS) $(LIBIMPORTOBJS) $(TESTIMPORTOBJS) $(DLLTESTOBJS) @-$(RM) libcryptopp.a libcryptopp.dylib cryptopp.dll libcryptopp.dll.a libcryptopp.import.a @-$(RM) libcryptopp.so libcryptopp.so$(SOLIB_COMPAT_SUFFIX) libcryptopp.so$(SOLIB_VERSION_SUFFIX) - @-$(RM) cryptest.exe dlltest.exe cryptest.import.exe cryptest.info ct rdrand-???.o + @-$(RM) cryptest.exe dlltest.exe cryptest.import.exe cryptest.info ct et @-$(RM) *.la *.lo *.gcov *.gcno *.gcda *.stackdump core core-* @-$(RM) /tmp/adhoc.exe @-$(RM) -r /tmp/cryptopp_test/ @@ -374,31 +665,46 @@ clean: @-$(RM) -r *.dylib.dSYM/ @-$(RM) -r cov-int/ -.PHONY: distclean -distclean: clean - -$(RM) adhoc.cpp adhoc.cpp.copied GNUmakefile.deps benchmarks.html cryptest.txt cryptest-*.txt - @-$(RM) cryptopp.tgz *.o *.bc *.ii *~ - @-$(RM) -r $(SRCS:.cpp=.obj) cryptlib.lib cryptest.exe *.suo *.sdf *.pdb Win32/ x64/ ipch/ +.PHONY: autotools-clean +autotools-clean: @-$(RM) -f configure.ac configure configure.in Makefile.am Makefile.in Makefile - @-$(RM) -f config.guess config.status config.sub depcomp install-sh compile - @-$(RM) -f stamp-h1 ar-lib *.m4 local.* lt*.sh missing libtool* libcryptopp.pc* + @-$(RM) -f config.guess config.status config.sub config.h.in compile depcomp + @-$(RM) -f install-sh stamp-h1 ar-lib *.lo *.la *.m4 local.* lt*.sh missing + @-$(RM) -f cryptest cryptestcwd libtool* libcryptopp.la libcryptopp.pc* @-$(RM) -rf m4/ auto*.cache/ .deps/ .libs/ - @-$(RM) -r TestCoverage/ - @-$(RM) cryptopp$(LIB_VER)\.* - @-$(RM) CryptoPPRef.zip +.PHONY: cmake-clean +cmake-clean: + @-$(RM) -f cryptopp-config.cmake CMakeLists.txt + @-$(RM) -rf cmake_build/ + +.PHONY: distclean +distclean: clean autotools-clean cmake-clean + -$(RM) adhoc.cpp adhoc.cpp.copied GNUmakefile.deps benchmarks.html cryptest.txt + @-$(RM) cryptest-*.txt cryptopp.tgz libcryptopp.pc *.o *.bc *.ii *~ + @-$(RM) -r cryptlib.lib cryptest.exe *.suo *.sdf *.pdb Win32/ x64/ ipch/ + @-$(RM) -r $(LIBOBJS:.o=.obj) $(TESTOBJS:.o=.obj) + @-$(RM) -r $(LIBOBJS:.o=.lst) $(TESTOBJS:.o=.lst) + @-$(RM) -r TestCoverage/ ref*/ + @-$(RM) cryptopp$(LIB_VER)\.* CryptoPPRef.zip + +# Install cryptest.exe, libcryptopp.a and libcryptopp.so. +# The library install was broken-out into its own recipe at GH #653. .PHONY: install -install: - @-$(MKDIR) $(DESTDIR)$(INCLUDEDIR)/cryptopp - $(INSTALL_DATA) *.h $(DESTDIR)$(INCLUDEDIR)/cryptopp -ifneq ($(wildcard cryptest.exe),) +install: cryptest.exe install-lib @-$(MKDIR) $(DESTDIR)$(BINDIR) $(INSTALL_PROGRAM) cryptest.exe $(DESTDIR)$(BINDIR) @-$(MKDIR) $(DESTDIR)$(DATADIR)/cryptopp/TestData @-$(MKDIR) $(DESTDIR)$(DATADIR)/cryptopp/TestVectors $(INSTALL_DATA) TestData/*.dat $(DESTDIR)$(DATADIR)/cryptopp/TestData $(INSTALL_DATA) TestVectors/*.txt $(DESTDIR)$(DATADIR)/cryptopp/TestVectors -endif + +# A recipe to install only the library, and not cryptest.exe. Also +# see https://github.com/weidai11/cryptopp/issues/653. +.PHONY: install-lib +install-lib: + @-$(MKDIR) $(DESTDIR)$(INCLUDEDIR)/cryptopp + $(INSTALL_DATA) *.h $(DESTDIR)$(INCLUDEDIR)/cryptopp ifneq ($(wildcard libcryptopp.a),) @-$(MKDIR) $(DESTDIR)$(LIBDIR) $(INSTALL_DATA) libcryptopp.a $(DESTDIR)$(LIBDIR) @@ -435,15 +741,15 @@ ifeq ($(HAS_SOLIB_VERSION),1) libcryptopp.so: libcryptopp.so$(SOLIB_VERSION_SUFFIX) endif -libcryptopp.so$(SOLIB_VERSION_SUFFIX): $(LIBOBJS) - $(CXX) -shared $(SOLIB_FLAGS) -o $@ $(strip $(CXXFLAGS)) -Wl,--exclude-libs,ALL $(LIBOBJS) $(LDFLAGS) $(LDLIBS) +libcryptopp.so$(SOLIB_VERSION_SUFFIX): $(LIBOBJS) $(AOSP_CPU_OBJ) + $(CXX) -shared $(SOLIB_FLAGS) -o $@ $(strip $(CXXFLAGS)) -Wl,--exclude-libs,ALL $(LIBOBJS) $(AOSP_CPU_OBJ) $(LDFLAGS) $(LDLIBS) ifeq ($(HAS_SOLIB_VERSION),1) -$(LN) libcryptopp.so$(SOLIB_VERSION_SUFFIX) libcryptopp.so -$(LN) libcryptopp.so$(SOLIB_VERSION_SUFFIX) libcryptopp.so$(SOLIB_COMPAT_SUFFIX) endif -libcryptopp.dylib: $(LIBOBJS) - $(CXX) -dynamiclib -o $@ $(strip $(CXXFLAGS)) -install_name "$@" -current_version "$(LIB_MAJOR).$(LIB_MINOR).$(LIB_PATCH)" -compatibility_version "$(LIB_MAJOR).$(LIB_MINOR)" -headerpad_max_install_names $(LDFLAGS) $(LIBOBJS) +libcryptopp.dylib: $(LIBOBJS) $(AOSP_CPU_OBJ) + $(CXX) -dynamiclib -o $@ $(strip $(CXXFLAGS)) -install_name "$@" -current_version "$(LIB_MAJOR).$(LIB_MINOR).$(LIB_PATCH)" -compatibility_version "$(LIB_MAJOR).$(LIB_MINOR)" -headerpad_max_install_names $(LDFLAGS) $(LIBOBJS) $(AOSP_CPU_OBJ) cryptest.exe: libcryptopp.a $(TESTOBJS) $(CXX) -o $@ $(strip $(CXXFLAGS)) $(TESTOBJS) ./libcryptopp.a $(LDFLAGS) $(LDLIBS) @@ -451,13 +757,17 @@ cryptest.exe: libcryptopp.a $(TESTOBJS) # Used to generate list of source files for Autotools, CMakeList and Android.mk .PHONY: sources sources: - $(info Library sources: $(filter-out $(TESTSRCS),$(SRCS))) + $(info ***** Library sources *****) + $(info $(filter-out $(TESTSRCS),$(SRCS))) $(info ) - $(info Library headers: $(filter-out $(TESTINCL),$(INCL))) + $(info ***** Library headers *****) + $(info $(filter-out $(TESTINCL),$(INCL))) $(info ) - $(info Test sources: $(TESTSRCS)) + $(info ***** Test sources *****) + $(info $(TESTSRCS)) $(info ) - $(info Test headers: $(TESTINCL)) + $(info ***** Test headers *****) + $(info $(TESTINCL)) adhoc.cpp: adhoc.cpp.proto ifeq ($(wildcard adhoc.cpp),) @@ -471,55 +781,108 @@ ifeq ($(wildcard GNUmakefile.deps),GNUmakefile.deps) -include GNUmakefile.deps endif # Dependencies +# Cryptogams ARM asm implementation. +aes_armv4.o : aes_armv4.S + $(CXX) $(strip $(CXXFLAGS) -fpermissive $(CRYPTOGAMS_AES_FLAG) -c) $< + cpu-features.o: cpu-features.h cpu-features.c $(CXX) $(strip $(CXXFLAGS) -fpermissive -c) cpu-features.c -# SSE4.2 or NEON available -aria-simd.o : aria-simd.cpp +# SSSE3 or NEON available +aria_simd.o : aria_simd.cpp $(CXX) $(strip $(CXXFLAGS) $(ARIA_FLAG) -c) $< -# SSE4.2 or ARMv8a available -blake2-simd.o : blake2-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(BLAKE2_FLAG) -c) $< +# SSE, NEON or POWER7 available +blake2s_simd.o : blake2s_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(BLAKE2S_FLAG) -c) $< -# SSE2 on i586 -cpu.o : cpu.cpp - $(CXX) $(strip $(CXXFLAGS) $(CPU_FLAG) -c) $< +# SSE, NEON or POWER8 available +blake2b_simd.o : blake2b_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(BLAKE2B_FLAG) -c) $< + +# SSE2 or NEON available +chacha_simd.o : chacha_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(CHACHA_FLAG) -c) $< + +# AVX2 available +chacha_avx.o : chacha_avx.cpp + $(CXX) $(strip $(CXXFLAGS) $(CHACHA_AVX2_FLAG) -c) $< + +# SSSE3 available +cham_simd.o : cham_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(CHAM_FLAG) -c) $< + +# Power9 available +darn.o : darn.cpp + $(CXX) $(strip $(CXXFLAGS) $(DARN_FLAG) -c) $< + +# SSE2 on i686 +donna_sse.o : donna_sse.cpp + $(CXX) $(strip $(CXXFLAGS) $(SSE2_FLAG) -c) $< + +# SSE2 on i686 +sse_simd.o : sse_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SSE2_FLAG) -c) $< # SSE4.2 or ARMv8a available -crc-simd.o : crc-simd.cpp +crc_simd.o : crc_simd.cpp $(CXX) $(strip $(CXXFLAGS) $(CRC_FLAG) -c) $< # PCLMUL or ARMv7a/ARMv8a available -gcm-simd.o : gcm-simd.cpp +gcm_simd.o : gcm_simd.cpp $(CXX) $(strip $(CXXFLAGS) $(GCM_FLAG) -c) $< +# SSSE3 available +lea_simd.o : lea_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(LEA_FLAG) -c) $< + # NEON available -neon-simd.o : neon-simd.cpp +neon_simd.o : neon_simd.cpp $(CXX) $(strip $(CXXFLAGS) $(NEON_FLAG) -c) $< # AESNI or ARMv7a/ARMv8a available -rijndael-simd.o : rijndael-simd.cpp +rijndael_simd.o : rijndael_simd.cpp $(CXX) $(strip $(CXXFLAGS) $(AES_FLAG) -c) $< # SSE4.2/SHA-NI or ARMv8a available -sha-simd.o : sha-simd.cpp +sha_simd.o : sha_simd.cpp $(CXX) $(strip $(CXXFLAGS) $(SHA_FLAG) -c) $< # SSE4.2/SHA-NI or ARMv8a available -shacal2-simd.o : shacal2-simd.cpp +shacal2_simd.o : shacal2_simd.cpp $(CXX) $(strip $(CXXFLAGS) $(SHA_FLAG) -c) $< # SSSE3 or NEON available -simon-simd.o : simon-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(SIMON_FLAG) -c) $< +simeck_simd.o : simeck_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SIMECK_FLAG) -c) $< -# SSSE3 or NEON available -speck-simd.o : speck-simd.cpp - $(CXX) $(strip $(CXXFLAGS) $(SPECK_FLAG) -c) $< +# SSE4.1, NEON or POWER7 available +simon64_simd.o : simon64_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SIMON64_FLAG) -c) $< + +# SSSE3, NEON or POWER8 available +simon128_simd.o : simon128_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SIMON128_FLAG) -c) $< + +# SSE4.1, NEON or POWER7 available +speck64_simd.o : speck64_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SPECK64_FLAG) -c) $< + +# SSSE3, NEON or POWER8 available +speck128_simd.o : speck128_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SPECK128_FLAG) -c) $< + +# ARMv8.4 available +sm3_simd.o : sm3_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SM3_FLAG) -c) $< + +# AESNI available +sm4_simd.o : sm4_simd.cpp + $(CXX) $(strip $(CXXFLAGS) $(SM4_FLAG) -c) $< %.o : %.cpp $(CXX) $(strip $(CXXFLAGS) -c) $< -GNUmakefile.deps: - $(CXX) $(strip $(CXXFLAGS) -MM) *.cpp > GNUmakefile.deps +.PHONY: dep deps depend +dep deps depend GNUmakefile.deps: + $(CXX) $(strip $(CXXFLAGS) -DCRYPTOPP_DISABLE_ASM) -MM *.cpp > GNUmakefile.deps diff --git a/vendor/cryptopp/vendor_cryptopp/History.txt b/vendor/cryptopp/vendor_cryptopp/History.txt index 19efda11..c61da6cb 100644 --- a/vendor/cryptopp/vendor_cryptopp/History.txt +++ b/vendor/cryptopp/vendor_cryptopp/History.txt @@ -4,7 +4,8 @@ The History file contains the items that comprise the release notes. The items in the list below used to be in Readme.txt. Readme.txt now contans the last several releases. -1.0 - First public release. Withdrawn at the request of RSA DSI. +1.0 - First public release + - Withdrawn at the request of RSA DSI over patent claims - included Blowfish, BBS, DES, DH, Diamond, DSA, ElGamal, IDEA, MD5, RC4, RC5, RSA, SHA, WAKE, secret sharing, DEFLATE compression - had a serious bug in the RSA key generation code. @@ -432,3 +433,22 @@ last several releases. - remove s_nullNameValuePairs from unnamed namespace - ported to MSVC 2017, Xcode 9.3, Sun Studio 12.5, GCC 8.0.1, MacPorts GCC 7.0, Clang 4.0, Intel C++ 17.00, IBM XL C/C++ 13.1 + +8.0.0 - December 28, 2018 + + - major release, recompile of programs required + - expanded community input and support + * 54 unique contributors as of this release + - add x25519 key exchange and ed25519 signature scheme + - add limited Asymmetric Key Package support from RFC 5958 + - add Power9 DARN random number generator support + - add CHAM, HC-128, HC-256, Hight, LEA, Rabbit, Simeck + - fix FixedSizeAllocatorWithCleanup may be unaligned on some platforms + - cutover to GNU Make-based cpu feature tests + - rename files with dashes to underscores + - fix LegacyDecryptor and LegacyDecryptorWithMAC use wrong MAC + - fix incorrect AES/CBC decryption on Windows + - avoid Singleton when possible, avoid std::call_once completely + - fix SPARC alignment problems due to GetAlignmentOf() on word64 + - add ARM AES asm implementation from Cryptogams + - remove CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS support \ No newline at end of file diff --git a/vendor/cryptopp/vendor_cryptopp/Readme.txt b/vendor/cryptopp/vendor_cryptopp/Readme.txt index 8967f568..372419d6 100644 --- a/vendor/cryptopp/vendor_cryptopp/Readme.txt +++ b/vendor/cryptopp/vendor_cryptopp/Readme.txt @@ -1,5 +1,5 @@ Crypto++: free C++ Class Library of Cryptographic Schemes -Version 7.0 - APR/08/2018 +Version 8.0 - DEC/28/2018 Crypto++ Library is a free C++ class library of cryptographic schemes. Currently the library contains the following algorithms: @@ -39,11 +39,12 @@ Currently the library contains the following algorithms: padding schemes for public-key PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363 systems EMSA2 and EMSA5 - Diffie-Hellman (DH), Unified Diffie-Hellman - key agreement schemes (DH2), Menezes-Qu-Vanstone (MQV), Hashed MQV (HMQV), + Diffie-Hellman (DH), Unified Diffie-Hellman (DH2), + key agreement schemes Menezes-Qu-Vanstone (MQV), Hashed MQV (HMQV), Fully Hashed MQV (FHMQV), LUCDIF, XTR-DH - elliptic curve cryptography ECDSA, Determinsitic ECDSA, ECNR, ECIES, ECDH, ECMQV + elliptic curve cryptography ECDSA, Determinsitic ECDSA, ed25519, ECNR, ECIES, + ECDH, ECMQV, x25519 insecure or obsolescent MD2, MD4, MD5, Panama Hash, DES, ARC4, SEAL algorithms retained for backwards 3.0, WAKE-OFB, DESX (DES-XEX3), RC2, @@ -53,7 +54,7 @@ algorithms retained for backwards 3.0, WAKE-OFB, DESX (DES-XEX3), RC2, Other features include: * pseudo random number generators (PRNG): ANSI X9.17 appendix C, RandomPool, - VIA Padlock, RDRAND, RDSEED, NIST Hash and HMAC DRBGs + DARN, VIA Padlock, RDRAND, RDSEED, NIST Hash and HMAC DRBGs * password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5, PBKDF from PKCS #12 appendix B, HKDF from RFC 5869, Scrypt from RFC 7914 * Shamir's secret sharing scheme and Rabin's information dispersal algorithm @@ -91,13 +92,13 @@ The following compilers are supported for this release. Please visit http://www.cryptopp.com the most up to date build instructions and porting notes. * Visual Studio 2003 - 2017 - * GCC 3.3 - 8.0 + * GCC 3.3 - 9.0 * Apple Clang 4.3 - 9.3 - * LLVM Clang 2.9 - 4.0 - * C++Builder 2010 + * LLVM Clang 2.9 - 7.0 + * C++Builder 2015 * Intel C++ Compiler 9 - 16.0 - * Sun Studio 12u1 - 12.5 - * IBM XL C/C++ 10.0 - 13.1 + * Sun Studio 12u1 - 12.6 + * IBM XL C/C++ 10.0 - 13.3 *** Important Usage Notes *** @@ -282,6 +283,25 @@ documentation is one of the highest returns on investment. The items in this section comprise the most recent history. Please see History.txt for the record back to Crypto++ 1.0. +8.0.0 - December 28, 2018 + + - major release, recompile of programs required + - expanded community input and support + * 54 unique contributors as of this release + - add x25519 key exchange and ed25519 signature scheme + - add limited Asymmetric Key Package support from RFC 5958 + - add Power9 DARN random number generator support + - add CHAM, HC-128, HC-256, Hight, LEA, Rabbit, Simeck + - fix FixedSizeAllocatorWithCleanup may be unaligned on some platforms + - cutover to GNU Make-based cpu feature tests + - rename files with dashes to underscores + - fix LegacyDecryptor and LegacyDecryptorWithMAC use wrong MAC + - fix incorrect AES/CBC decryption on Windows + - avoid Singleton when possible, avoid std::call_once completely + - fix SPARC alignment problems due to GetAlignmentOf() on word64 + - add ARM AES asm implementation from Cryptogams + - remove CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS support + 7.0.0 - April 8, 2018 - major release, recompile of programs required - expanded community input and support @@ -340,67 +360,6 @@ for the record back to Crypto++ 1.0. - ported to MSVC 2017, Xcode 8.1, Sun Studio 12.5, GCC 7.3, MacPorts GCC 7.0, Clang 4.0, Intel C++ 17.00, IBM XL C/C++ 13.1 -5.6.5 - October 11, 2016 - - maintenance release, recompile of programs recommended - - expanded community input and support - * 25 unique contributors as of this release - - fixed CVE-2016-7420 (Issue 277, document NDEBUG for production/release) - - fixed CVE-2016-7544 (Issue 302, avoid _malloca and _freea) - - shipped library in recommended state - * backwards compatibility achieved with - - Visual Studio project file cleanup - * improved X86 and X64 MSBuild support - * added ARM-based MSBuild awareness - - improved Testing and QA - * expanded platforms and compilers - * expanded Coverity into OS X and Windows platforms - * added Windows test scripts using Strawberry Perl - - ported to MSVC 2015 SP3, Xcode 7.3, Sun Studio 12.5, GCC 7.0, - MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00 - -5.6.4 - September 11, 2016 - - maintenance release, honored API/ABI/Versioning requirements - - expanded community input and support - * 22 unique contributors for this release - - fixed CVE-2016-3995 - - changed SHA3 to FIPS 202 (F1600, XOF d=0x06) - - added Keccak (F1600, XOF d=0x01) - - added ChaCha (ChaCha8/12/20) - - added HMQV and FHMQV - * Hashed and Fully Hashed MQV - - added BLAKE2 (BLAKE2s and BLAKE2b) - * C++, SSE2, SSE4, ARM NEON and ARMv8 ASIMD - - added CRC32-C - * C/C++, Amd64 CRC, and ARMv8 CRC - - improved Rabin-William signatures - * Tweaked roots e and f - - improved C++11 support - * atomics, threads and fences - * alginof, alignas - * constexpr - * noexcept - - improved GCM mode - * ARM NEON and ARMv8 ASIMD - * ARMv8 carry-less multiply - - improved Windows 8 and 10 support - * Windows Phone, Universal Windows Platform, Windows Store - - improved MIPS, ARMv7 and ARMv8 support - * added scripts setenv-{android|embedded|ios}.sh for GNUmakefile-cross - * aggressive use of -march= and -mfpu= in cryptest.sh - - improved build systems - * Visual Studio 2010 default - * added CMake support (lacks FindCryptopp.cmake) - * archived VC++ 5/0/6.0 project files (vc60.zip) - * archived VS2005 project files (vs2005.zip) - * archived Borland project files (bds10.zip) - - improved Testing and QA - * expanded platforms and compilers - * added code generation tests based on CPU features - * added C++03, C++11, C++14, C++17 testing - * added -O3, -O5, -Ofast and -Os testing - - ported to MSVC 2015 SP3, Xcode 9.0, Sun Studio 12.5, GCC 7.0, - MacPorts GCC 7.0, Clang 3.8, Intel C++ 17.00 - June 2015 - Changing of the guard. Wei Dai turned the library over to the community. The first community release was Crypto++ 5.6.3. Wei is no longer involved with the daily operations of the project. Wei diff --git a/vendor/cryptopp/vendor_cryptopp/TestData/defdmac1.bin b/vendor/cryptopp/vendor_cryptopp/TestData/defdmac1.bin new file mode 100644 index 00000000..b02ac428 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestData/defdmac1.bin @@ -0,0 +1 @@ +nCBþ pIbŸ_¤_å|Ÿâ+"wÿ¶¶†Ž½í#Aýí¿‡„nÞmÖéŠÈ‡û%±––kXø¹Rò³üw`Zã‘^s.+ÚÚµ˜ø„Š`ŠÝBf]zó•}¦R`}\ØdiœbfttÉ^ø² \ No newline at end of file diff --git a/vendor/cryptopp/vendor_cryptopp/TestData/defdmac2.bin b/vendor/cryptopp/vendor_cryptopp/TestData/defdmac2.bin new file mode 100644 index 00000000..6efc49c7 Binary files /dev/null and b/vendor/cryptopp/vendor_cryptopp/TestData/defdmac2.bin differ diff --git a/vendor/cryptopp/vendor_cryptopp/TestData/ed25519.dat b/vendor/cryptopp/vendor_cryptopp/TestData/ed25519.dat new file mode 100644 index 00000000..28f0c2d6 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestData/ed25519.dat @@ -0,0 +1 @@ +302E020100300506032B65700422042098C59D3F097FB23D44BA90791281B453258D691A55AF5CE4F1EE712FDF91AE6D \ No newline at end of file diff --git a/vendor/cryptopp/vendor_cryptopp/TestData/ed25519v0.dat b/vendor/cryptopp/vendor_cryptopp/TestData/ed25519v0.dat new file mode 100644 index 00000000..c5bbffa0 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestData/ed25519v0.dat @@ -0,0 +1 @@ +302E020100300506032B65700422042030BF776A497D7F1E0E26AC4FB03F5BE7E187DDFEFB914CD292A6FEDB7F70CE6B \ No newline at end of file diff --git a/vendor/cryptopp/vendor_cryptopp/TestData/ed25519v1.dat b/vendor/cryptopp/vendor_cryptopp/TestData/ed25519v1.dat new file mode 100644 index 00000000..73789634 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestData/ed25519v1.dat @@ -0,0 +1 @@ +3053020101300506032B6570042204206861FD53C7643DABDCDF4C3969CE44A156BAC261242A5AAEC140EDE510071C6CA12303210029CF90E6C1CF1ADC7105720303B2EE303412D2B682C6FEEF3D8736A286B2E27F \ No newline at end of file diff --git a/vendor/cryptopp/vendor_cryptopp/TestData/x25519.dat b/vendor/cryptopp/vendor_cryptopp/TestData/x25519.dat new file mode 100644 index 00000000..9a0f3d15 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestData/x25519.dat @@ -0,0 +1 @@ +302E020100300506032B656E0422042030D407BB0CC97D0EC493BDB00A4A8EFA06A50D2388F5BA62947030E7D9873F49 \ No newline at end of file diff --git a/vendor/cryptopp/vendor_cryptopp/TestData/x25519v0.dat b/vendor/cryptopp/vendor_cryptopp/TestData/x25519v0.dat new file mode 100644 index 00000000..1dc31212 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestData/x25519v0.dat @@ -0,0 +1 @@ +302E020100300506032B656E042204202818E54DE6B88EEF3E99E25042CB98E69373B222E4C1E8B3FB10AC9B26C1007B \ No newline at end of file diff --git a/vendor/cryptopp/vendor_cryptopp/TestData/x25519v1.dat b/vendor/cryptopp/vendor_cryptopp/TestData/x25519v1.dat new file mode 100644 index 00000000..4e26508d --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestData/x25519v1.dat @@ -0,0 +1 @@ +3053020101300506032B656E04220420A00FADD6D29BE764B851F64F7620E80B700DF65914BED31E486362281BB5D061A123032100E9AD4CC54DAA36F312D98B253854F0076E2BC26FCE5802B3AC79A5B59B3D2C4F \ No newline at end of file diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_32bit.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_32bit.cxx new file mode 100644 index 00000000..a8783394 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_32bit.cxx @@ -0,0 +1,7 @@ +#include +int main(int argc, char* argv[]) +{ + enum {N = (sizeof(std::size_t) == 4 ? 4 : -1)}; + int x[N]; + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_64bit.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_64bit.cxx new file mode 100644 index 00000000..e55e2fd1 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_64bit.cxx @@ -0,0 +1,7 @@ +#include +int main(int argc, char* argv[]) +{ + enum {N = (sizeof(std::size_t) == 8 ? 8 : -1)}; + int x[N]; + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_acle.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_acle.cxx new file mode 100644 index 00000000..63073be3 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_acle.cxx @@ -0,0 +1,5 @@ +#include +int main(int argc, char* argv[]) +{ + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_aes.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_aes.cxx new file mode 100644 index 00000000..66cfd0c3 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_aes.cxx @@ -0,0 +1,19 @@ +#include +#include + +// test_acle.h determines if this is available. Then, +// -DCRYPTOPP_ARM_ACLE_AVAILABLE=0 is added to CXXFLAGS +// if the ACLE header is not available. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +#endif + +int main(int argc, char* argv[]) +{ + uint8x16_t x={0}; + x=vaeseq_u8(x,x); + x=vaesmcq_u8(x); + x=vaesdq_u8(x,x); + x=vaesimcq_u8(x); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_asimd.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_asimd.cxx new file mode 100644 index 00000000..1d4ff3d1 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_asimd.cxx @@ -0,0 +1,16 @@ +#include +#include + +// test_acle.h determines if this is available. Then, +// -DCRYPTOPP_ARM_ACLE_AVAILABLE=0 is added to CXXFLAGS +// if the ACLE header is not available. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +#endif + +int main(int argc, char* argv[]) +{ + uint32x4_t x={0}; + x=veorq_u32(x,x); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_crc.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_crc.cxx new file mode 100644 index 00000000..3f1539fc --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_crc.cxx @@ -0,0 +1,23 @@ +#include +#include + +// test_acle.h determines if this is available. Then, +// -DCRYPTOPP_ARM_ACLE_AVAILABLE=0 is added to CXXFLAGS +// if the ACLE header is not available. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +#endif + +int main(int argc, char* argv[]) +{ + uint32_t w=0xffffffff; + + w = __crc32w(w,w); + w = __crc32h(w,w); + w = __crc32b(w,w); + w = __crc32cw(w,w); + w = __crc32ch(w,w); + w = __crc32cb(w,w); + + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_neon.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_neon.cxx new file mode 100644 index 00000000..e123d6c6 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_neon.cxx @@ -0,0 +1,9 @@ +#include +#include + +int main(int argc, char* argv[]) +{ + uint32x4_t x={0}; + x=veorq_u32(x,x); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_pmull.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_pmull.cxx new file mode 100644 index 00000000..2d345e39 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_pmull.cxx @@ -0,0 +1,22 @@ +#include +#include + +// test_acle.h determines if this is available. Then, +// -DCRYPTOPP_ARM_ACLE_AVAILABLE=0 is added to CXXFLAGS +// if the ACLE header is not available. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +#endif + +int main(int argc, char* argv[]) +{ + const poly64_t a=0x60606060, b=0x90909090, c=0xb0b0b0b0; + const poly64x2_t d={0x60606060,0x90909090}; + const poly8x16_t e={0x80,0x80,0x80,0x80,0x80,0x80,0x80,0x80, + 0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0}; + + const poly128_t r1 = vmull_p64(a, b); + const poly128_t r2 = vmull_high_p64(d, d); + + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sha.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sha.cxx new file mode 100644 index 00000000..be437077 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sha.cxx @@ -0,0 +1,21 @@ +#include +#include + +// test_acle.h determines if this is available. Then, +// -DCRYPTOPP_ARM_ACLE_AVAILABLE=0 is added to CXXFLAGS +// if the ACLE header is not available. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +#endif + +int main(int argc, char* argv[]) +{ + uint32x4_t y = {0}; + y=vsha1cq_u32(y,0,y); + y=vsha1mq_u32(y,1,y); + y=vsha1pq_u32(y,2,y); + y=vsha256hq_u32(y, y, y); + y=vsha256h2q_u32(y, y, y); + y=vsha256su1q_u32(y, y, y); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sha3.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sha3.cxx new file mode 100644 index 00000000..a71721f9 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sha3.cxx @@ -0,0 +1,29 @@ +#include +#include + +// test_acle.h determines if this is available. Then, +// -DCRYPTOPP_ARM_ACLE_AVAILABLE=0 is added to CXXFLAGS +// if the ACLE header is not available. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +#endif + +int main(int argc, char* argv[]) +{ + // SM4 block cipher + uint32x4_t x; + x=vsm4ekeyq_u32(x,x); + x=vsm4eq_u32(x,x); + + // SM3 hash + uint32x4_t y; + y=vsm3ss1q_u32(x,y,y); + y=vsm3tt1aq_u32(x,y,y,3); + y=vsm3tt1bq_u32(x,y,y,1); + y=vsm3tt2aq_u32(x,y,y,2); + y=vsm3tt2bq_u32(x,y,y,3); + y=vsm3partw1q_u32(x,y,y); + y=vsm3partw2q_u32(x,y,y); + + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sha512.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sha512.cxx new file mode 100644 index 00000000..a71721f9 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sha512.cxx @@ -0,0 +1,29 @@ +#include +#include + +// test_acle.h determines if this is available. Then, +// -DCRYPTOPP_ARM_ACLE_AVAILABLE=0 is added to CXXFLAGS +// if the ACLE header is not available. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +#endif + +int main(int argc, char* argv[]) +{ + // SM4 block cipher + uint32x4_t x; + x=vsm4ekeyq_u32(x,x); + x=vsm4eq_u32(x,x); + + // SM3 hash + uint32x4_t y; + y=vsm3ss1q_u32(x,y,y); + y=vsm3tt1aq_u32(x,y,y,3); + y=vsm3tt1bq_u32(x,y,y,1); + y=vsm3tt2aq_u32(x,y,y,2); + y=vsm3tt2bq_u32(x,y,y,3); + y=vsm3partw1q_u32(x,y,y); + y=vsm3partw2q_u32(x,y,y); + + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sm3.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sm3.cxx new file mode 100644 index 00000000..d00d1b46 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sm3.cxx @@ -0,0 +1,23 @@ +#include +#include + +// test_acle.h determines if this is available. Then, +// -DCRYPTOPP_ARM_ACLE_AVAILABLE=0 is added to CXXFLAGS +// if the ACLE header is not available. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +#endif + +int main(int argc, char* argv[]) +{ + // SM3 hash + uint32x4_t y; + y=vsm3ss1q_u32(x,y,y); + y=vsm3tt1aq_u32(x,y,y,3); + y=vsm3tt1bq_u32(x,y,y,1); + y=vsm3tt2aq_u32(x,y,y,2); + y=vsm3tt2bq_u32(x,y,y,3); + y=vsm3partw1q_u32(x,y,y); + y=vsm3partw2q_u32(x,y,y); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sm4.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sm4.cxx new file mode 100644 index 00000000..3dbfd902 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_arm_sm4.cxx @@ -0,0 +1,18 @@ +#include +#include + +// test_acle.h determines if this is available. Then, +// -DCRYPTOPP_ARM_ACLE_AVAILABLE=0 is added to CXXFLAGS +// if the ACLE header is not available. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +#endif + +int main(int argc, char* argv[]) +{ + // SM4 block cipher + uint32x4_t x; + x=vsm4ekeyq_u32(x,x); + x=vsm4eq_u32(x,x); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_cxx.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_cxx.cxx new file mode 100644 index 00000000..90f24b2d --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_cxx.cxx @@ -0,0 +1,6 @@ +#include +int main(int argc, char* argv[]) +{ + unsigned int x=0; + return x; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_mixed_asm.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_mixed_asm.cxx new file mode 100644 index 00000000..ada17e61 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_mixed_asm.cxx @@ -0,0 +1,31 @@ +// Most Clang cannot handle mixed asm with positional arguments, where the +// body is Intel style with no prefix and the templates are AT&T style. +// Also see https://bugs.llvm.org/show_bug.cgi?id=39895 . +#include +int main(int argc, char* argv[]) +{ + size_t ret = 1, N = 1; + asm __volatile__ + ( +#if defined(__amd64__) || defined(__x86_64__) + ".intel_syntax noprefix ;\n" + "xor rsi, rsi ;\n" + "neg %1 ;\n" + "inc %1 ;\n" + "push %1 ;\n" + "pop rax ;\n" + ".att_syntax prefix ;\n" + : "=a" (ret) : "c" (N) : "%rsi" +#else + ".intel_syntax noprefix ;\n" + "xor esi, esi ;\n" + "neg %1 ;\n" + "inc %1 ;\n" + "push %1 ;\n" + "pop eax ;\n" + ".att_syntax prefix ;\n" + : "=a" (ret) : "c" (N) : "%esi" +#endif + ); + return (int)ret; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_newlib.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_newlib.cxx new file mode 100644 index 00000000..08d23408 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_newlib.cxx @@ -0,0 +1,8 @@ +#include +int main(int argc, char* argv[]) +{ +#ifndef __NEWLIB__ + XXX +#endif + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_aes.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_aes.cxx new file mode 100644 index 00000000..cb999fb8 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_aes.cxx @@ -0,0 +1,26 @@ +#include +int main(int argc, char* argv[]) +{ +#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__)) + __vector unsigned char x = {1,2,3,4,5,6,7,8}; + x=__vcipher(x,x); + x=__vcipherlast(x,x); + x=__vncipher(x,x); + x=__vncipherlast(x,x); +#elif defined(__clang__) + __vector unsigned long long x = {1,2}; + x=__builtin_altivec_crypto_vcipher(x,x); + x=__builtin_altivec_crypto_vcipherlast(x,x); + x=__builtin_altivec_crypto_vncipher(x,x); + x=__builtin_altivec_crypto_vncipherlast(x,x); +#elif defined(__GNUC__) + __vector unsigned long long x = {1,2}; + x=__builtin_crypto_vcipher(x,x); + x=__builtin_crypto_vcipherlast(x,x); + x=__builtin_crypto_vncipher(x,x); + x=__builtin_crypto_vncipherlast(x,x); +#else + int XXX[-1]; +#endif + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_altivec.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_altivec.cxx new file mode 100644 index 00000000..64784256 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_altivec.cxx @@ -0,0 +1,8 @@ +#include +int main(int argc, char* argv[]) +{ + __vector unsigned char x; + x=vec_ld(0, (unsigned char*)argv[0]); + x=vec_add(x,x); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_power7.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_power7.cxx new file mode 100644 index 00000000..103034ea --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_power7.cxx @@ -0,0 +1,41 @@ +#include + +// This follows ppc_simd.h. XLC compilers for POWER7 use vec_xlw4 and +// vec_xstw4. Some XLC compilers for POWER7 and above use vec_xl and +// vec_xst. The way to tell the difference is, XLC compilers version +// 13.0 and earlier use use vec_xlw4 and vec_xstw4 XLC compilers 13.1 +// and later are use vec_xl and vec_xst. The open question is, how to +// handle early Clang compilers for POWER7. We know the latest Clang +// compilers support vec_xl and vec_xst. Also see +// https://www-01.ibm.com/support/docview.wss?uid=swg21683541 + +#if defined(__xlc__) && (__xlc__ < 0x0d01) +# define __early_xlc__ 1 +#endif + +#if defined(__xlC__) && (__xlC__ < 0x0d01) +# define __early_xlC__ 1 +#endif + +int main(int argc, char* argv[]) +{ + __vector unsigned char x; + unsigned char res[16]; + +#if defined(_ARCH_PWR7) && (defined(__early_xlc__) || defined(__early_xlC__)) + x=vec_xlw4(0, (unsigned char*)argv[0]); + x=vec_add(x,x); + vec_xstw4(x, 0, res); +#elif defined(_ARCH_PWR7) && (defined(__xlc__) || defined(__xlC__) || defined(__clang__)) + x=vec_xl(0, (unsigned char*)argv[0]); + x=vec_add(x,x); + vec_xst(x, 0, res); +#elif defined(_ARCH_PWR7) && defined(__GNUC__) + x=vec_vsx_ld(0, (unsigned char*)argv[0]); + x=vec_add(x,x); + vec_vsx_st(x, 0, res); +#else + int XXX[-1]; +#endif + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_power8.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_power8.cxx new file mode 100644 index 00000000..808cb907 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_power8.cxx @@ -0,0 +1,7 @@ +#include +int main(int argc, char* argv[]) +{ + __vector unsigned long long z = {1, 2}; + z=vec_add(z,z); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_power9.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_power9.cxx new file mode 100644 index 00000000..38e87398 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_power9.cxx @@ -0,0 +1,36 @@ +// The problem we have here is, it appears only GCC 7.0 and above +// support Power9 builtins. Clang 7.0 has support for some (all?) +// assembly instructions but we don't see builtin support. We can't +// determine the state of XLC. Searching IBM's website for +// terms like 'darn' 'random number' is returning irrelevant hits. +// Searching with Google from the outside returns 0 hits. +// +// The support disconnect means we may report Power9 as unavailable +// and support DARN at the same time. We get into that state because +// we use inline asm to detect DARN availablity in the compiler. +// Also see cpu.cpp and the two query functions; and ppc_power9.cpp +// and the two probe functions. + +#include +int main(int argc, char* argv[]) +{ +#if 0 + const unsigned char b = (unsigned char)argc; + const unsigned int r = (0xf << 24) | (0x3 << 16) | (0xf << 8) | (0x3 << 0); +#if defined(__clang__) + bool x = __builtin_altivec_byte_in_range(b, r); +#elif defined(__GNUC__) + bool x = __builtin_byte_in_range(b, r); +#else + int XXX[-1]; +#endif +#endif + +#if defined(__GNUC__) || defined(__IBM_GCC_ASM) + unsigned int y = __builtin_darn_32(); +#else + int XXX[-1]; +#endif + + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_sha.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_sha.cxx new file mode 100644 index 00000000..8fb23336 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_sha.cxx @@ -0,0 +1,23 @@ +#include +int main(int argc, char* argv[]) +{ +#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__)) + __vector unsigned int x = {1,2,3,4}; + x=__vshasigmaw(x, 0, 0); + __vector unsigned long long y = {1,2}; + y=__vshasigmad(y, 0, 0); +#elif defined(__clang__) + __vector unsigned int x = {1,2,3,4}; + x=__builtin_altivec_crypto_vshasigmaw(x, 0, 0); + __vector unsigned long long y = {1,2}; + y=__builtin_altivec_crypto_vshasigmad(y, 0, 0); +#elif defined(__GNUC__) + __vector unsigned int x = {1,2,3,4}; + x=__builtin_crypto_vshasigmaw(x, 0, 0); + __vector unsigned long long y = {1,2}; + y=__builtin_crypto_vshasigmad(y, 0, 0); +#else + int XXX[-1]; +#endif + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_vmull.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_vmull.cxx new file mode 100644 index 00000000..e2ef6dae --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_ppc_vmull.cxx @@ -0,0 +1,17 @@ +#include +int main(int argc, char* argv[]) +{ + __vector unsigned long long x = {1,2}; + __vector unsigned long long y = {3,4}; + +#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__)) + __vector unsigned long long z=__vpmsumd(x,y); +#elif defined(__clang__) + __vector unsigned long long z=__builtin_altivec_crypto_vpmsumd(x,y); +#elif defined(__GNUC__) + __vector unsigned long long z=__builtin_crypto_vpmsumd(x,y); +#else + int XXX[-1]; +#endif + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_pthreads.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_pthreads.cxx new file mode 100644 index 00000000..f14b8a0e --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_pthreads.cxx @@ -0,0 +1,15 @@ +#include +#include + +void* function(void *ptr) +{ + return 0; +} + +int main(int argc, char* argv[]) +{ + pthread_t thread; + int ret = pthread_create(&thread, NULL, function, (void*)0); + pthread_join(thread, NULL); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_aes.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_aes.cxx new file mode 100644 index 00000000..b4d31f90 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_aes.cxx @@ -0,0 +1,11 @@ +#include +#include +int main(int argc, char* argv[]) +{ + __m128i x = _mm_setzero_si128(); + x=_mm_aesenc_si128(x,x); + x=_mm_aesenclast_si128(x,x); + x=_mm_aesdec_si128(x,x); + x=_mm_aesdeclast_si128(x,x); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_avx.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_avx.cxx new file mode 100644 index 00000000..ec17fb71 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_avx.cxx @@ -0,0 +1,7 @@ +#include +int main(int argc, char* argv[]) +{ + __m256d x = _mm256_setzero_pd(); + x=_mm256_addsub_pd(x,x); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_avx2.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_avx2.cxx new file mode 100644 index 00000000..073e9c6f --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_avx2.cxx @@ -0,0 +1,7 @@ +#include +int main(int argc, char* argv[]) +{ + __m256i x = _mm256_setzero_si256(); + x=_mm256_add_epi64 (x,x); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_avx512.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_avx512.cxx new file mode 100644 index 00000000..686e2395 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_avx512.cxx @@ -0,0 +1,8 @@ +#include +#include +int main(int argc, char* argv[]) +{ + uint64_t x[8] = {0}; + __m512i y = _mm512_loadu_si512((__m512i*)x); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_clmul.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_clmul.cxx new file mode 100644 index 00000000..84ee9595 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_clmul.cxx @@ -0,0 +1,8 @@ +#include +#include +int main(int argc, char* argv[]) +{ + __m128i x = _mm_setzero_si128(); + x=_mm_clmulepi64_si128(x,x,0x11); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_cpuid.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_cpuid.cxx new file mode 100644 index 00000000..2fa58f25 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_cpuid.cxx @@ -0,0 +1,7 @@ +int main(int argc, char* argv[]) +{ + unsigned int a, b, c, d; + asm volatile ( "cpuid" : "+a"(a), "=b"(b), "+c"(c), "=d"(d) ); + + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sha.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sha.cxx new file mode 100644 index 00000000..8dff4702 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sha.cxx @@ -0,0 +1,14 @@ +#include +#include +int main(int argc, char* argv[]) +{ + __m128i x = _mm_setzero_si128(); + x=_mm_sha1msg1_epu32(x,x); + x=_mm_sha1msg2_epu32(x,x); + x=_mm_sha1nexte_epu32(x,x); + x=_mm_sha1rnds4_epu32(x,x,0); + x=_mm_sha256msg1_epu32(x,x); + x=_mm_sha256msg2_epu32(x,x); + x=_mm_sha256rnds2_epu32(x,x,x); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sse2.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sse2.cxx new file mode 100644 index 00000000..641ec2fa --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sse2.cxx @@ -0,0 +1,7 @@ +#include +int main(int argc, char* argv[]) +{ + __m128i x = _mm_setzero_si128(); + x=_mm_add_epi64(x,x); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sse3.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sse3.cxx new file mode 100644 index 00000000..8dcbfb97 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sse3.cxx @@ -0,0 +1,8 @@ +#include +#include +int main(int argc, char* argv[]) +{ + __m128d x = _mm_setzero_pd(); + x=_mm_addsub_pd(x,x); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sse41.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sse41.cxx new file mode 100644 index 00000000..e3aee077 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sse41.cxx @@ -0,0 +1,10 @@ +#include +#include +int main(int argc, char* argv[]) +{ + __m128i x = _mm_setzero_si128(); + __m128i a = _mm_setzero_si128(); + __m128i b = _mm_setzero_si128(); + x=_mm_blend_epi16(a,b,4); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sse42.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sse42.cxx new file mode 100644 index 00000000..9a55010b --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_sse42.cxx @@ -0,0 +1,7 @@ +#include +int main(int argc, char* argv[]) +{ + unsigned int x=32; + x=_mm_crc32_u8(x,4); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_ssse3.cxx b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_ssse3.cxx new file mode 100644 index 00000000..43bfc28e --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestPrograms/test_x86_ssse3.cxx @@ -0,0 +1,8 @@ +#include +#include +int main(int argc, char* argv[]) +{ + __m128i x = _mm_setzero_si128(); + x=_mm_alignr_epi8(x,x,2); + return 0; +} diff --git a/vendor/cryptopp/vendor_cryptopp/TestScripts/change-version.sh b/vendor/cryptopp/vendor_cryptopp/TestScripts/change-version.sh index 42d1aff4..f3226b8d 100755 --- a/vendor/cryptopp/vendor_cryptopp/TestScripts/change-version.sh +++ b/vendor/cryptopp/vendor_cryptopp/TestScripts/change-version.sh @@ -4,6 +4,11 @@ # building the docs. Before running the script, copy it to the root # directory. After running this script, you can 'make docs' -sed -i 's|Library 6.2 API|Library 6.1 API|g' cryptlib.h -sed -i 's|= 6.2|= 6.1|g' Doxyfile -sed -i 's|CRYPTOPP_VERSION 620|CRYPTOPP_VERSION 610|g' config.h +sed 's|Library 8.1 API|Library 8.0 API|g' cryptlib.h > cryptlib.h.new +mv cryptlib.h.new cryptlib.h + +sed 's|= 8.1|= 8.0|g' Doxyfile > Doxyfile.new +mv Doxyfile.new Doxyfile + +sed 's|CRYPTOPP_VERSION 810|CRYPTOPP_VERSION 800|g' config.h > config.h.new +mv config.h.new config.h diff --git a/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-android.sh b/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-android.sh index 1bf35e44..b7440f51 100755 --- a/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-android.sh +++ b/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-android.sh @@ -11,12 +11,19 @@ # ==================================================================== set +e +if [ -z $(command -v ./setenv-android-gcc.sh) ]; then + echo "Failed to locate setenv-android-gcc.sh" + ls -Al *.sh + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + if [ -z "${PLATFORM-}" ]; then PLATFORMS=(armeabi armeabi-v7a armv7a-neon aarch64 mipsel mipsel64 x86 x86_64) else PLATFORMS=(${PLATFORM}) fi RUNTIMES=(gnu-static gnu-shared stlport-static stlport-shared) #llvm-static llvm-shared + for platform in ${PLATFORMS[@]} do for runtime in ${RUNTIMES[@]} @@ -28,30 +35,33 @@ do echo "Testing for Android support of $platform using $runtime" # Test if we can set the environment for the platform - ./setenv-android.sh "$platform" "$runtime" + ./setenv-android-gcc.sh "$platform" "$runtime" - if [ "$?" -eq "0" ]; then + if [ "$?" -ne "0" ]; + then echo - echo "Building for $platform using $runtime..." - echo - - # run in subshell to not keep any env vars - ( - . ./setenv-android.sh "$platform" "$runtime" > /dev/null 2>&1 - make -f GNUmakefile-cross static dynamic cryptest.exe - if [ "$?" -eq "0" ]; then - echo "$platform:$runtime ==> SUCCESS" >> /tmp/build.log - else - echo "$platform:$runtime ==> FAILURE" >> /tmp/build.log - touch /tmp/build.failed - fi - ) - else - echo - echo "$platform with $runtime not supported by Android" + echo "There were problems testing $platform with $runtime" echo "$platform:$runtime ==> FAILURE" >> /tmp/build.log + touch /tmp/build.failed + continue fi + + echo + echo "Building for $platform using $runtime..." + echo + + # run in subshell to not keep any env vars + ( + source ./setenv-android-gcc.sh "$platform" "$runtime" > /dev/null 2>&1 + make -f GNUmakefile-cross static dynamic cryptest.exe + if [ "$?" -eq "0" ]; then + echo "$platform:$runtime ==> SUCCESS" >> /tmp/build.log + else + echo "$platform:$runtime ==> FAILURE" >> /tmp/build.log + touch /tmp/build.failed + fi + ) done done diff --git a/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-autotools.sh b/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-autotools.sh new file mode 100755 index 00000000..d0ce2379 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-autotools.sh @@ -0,0 +1,155 @@ +#!/usr/bin/env bash + +PWD_DIR=$(pwd) +function cleanup { + cd "$PWD_DIR" +} +trap cleanup EXIT + +GREP=grep +SED=sed +AWK=awk +MAKE=make + +# Fixup ancient Bash +# https://unix.stackexchange.com/q/468579/56041 +if [[ -z "$BASH_SOURCE" ]]; then + BASH_SOURCE="$0" +fi + +# Fixup, Solaris and friends +if [[ (-d /usr/xpg4/bin) ]]; then + SED=/usr/xpg4/bin/sed + AWK=/usr/xpg4/bin/awk + GREP=/usr/xpg4/bin/grep +elif [[ (-d /usr/bin/posix) ]]; then + SED=/usr/bin/posix/sed + AWK=/usr/bin/posix/awk + GREP=/usr/bin/posix/grep +fi + +# Fixup for sed and "illegal byte sequence" +IS_DARWIN=$(uname -s | "$GREP" -i -c darwin) +if [[ "$IS_DARWIN" -ne 0 ]]; then + export LC_ALL=C +fi + +# Fixup for Solaris and BSDs +# Fixup for Solaris and BSDs +if [[ ! -z $(command -v gmake) ]]; then + MAKE=gmake +else + MAKE=make +fi + +# Fixup for missing libtool +if [[ ! -z $(command -v libtoolize) ]]; then + LIBTOOLIZE=$(command -v libtoolize) +elif [[ ! -z $(command -v glibtoolize) ]]; then + LIBTOOLIZE=$(command -v glibtoolize) +elif [[ ! -z $(command -v libtool) ]]; then + LIBTOOLIZE=$(command -v libtool) +elif [[ ! -z $(command -v glibtool) ]]; then + LIBTOOLIZE=$(command -v glibtool) +fi + +# Fecth the three required files +if ! wget --no-check-certificate 'https://raw.githubusercontent.com/noloader/cryptopp-autotools/master/Makefile.am' -O Makefile.am; then + echo "Makefile.am download failed" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +if ! wget --no-check-certificate 'https://raw.githubusercontent.com/noloader/cryptopp-autotools/master/configure.ac' -O configure.ac; then + echo "configure.ac download failed" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +if ! wget --no-check-certificate 'https://raw.githubusercontent.com/noloader/cryptopp-autotools/master/libcryptopp.pc.in' -O libcryptopp.pc.in; then + echo "libcryptopp.pc.in download failed" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +mkdir -p m4/ + +if [[ -z $(command -v autoupdate) ]]; then + echo "Cannot find autoupdate. Things may fail." +fi + +if [[ -z "$LIBTOOLIZE" ]]; then + echo "Cannot find libtoolize. Things may fail." +fi + +if [[ -z $(command -v autoreconf) ]]; then + echo "Cannot find autoreconf. Things may fail." +fi + +echo "Running autoupdate" +if ! autoupdate 2>/dev/null; then + echo "autoupdate failed." + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +echo "Running libtoolize" +if ! "$LIBTOOLIZE" 2>/dev/null; then + echo "libtoolize failed." + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +# Run autoreconf twice on failure. Also see +# https://github.com/tracebox/tracebox/issues/57 +echo "Running autoreconf" +if ! autoreconf 2>/dev/null; then + echo "autoreconf failed, running again." + if ! autoreconf -fi; then + echo "autoreconf failed, again." + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 + fi +fi + +# Sparc need +w +if [[ -e config.sub ]]; then + chmod +w config.sub +fi +if [[ -e config.guess ]]; then + chmod +w config.guess +fi + +# Update config.sub config.guess. GNU recommends using the latest for all projects. +echo "Updating config.sub" +wget --no-check-certificate 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.sub' -O config.sub + +if [[ -e config.sub ]]; then + chmod +x config.sub +fi + +echo "Updating config.guess" +wget --no-check-certificate 'https://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess' -O config.guess + +if [[ -e config.guess ]]; then + chmod +x config.guess +fi + +if ! ./configure; then + echo "configure failed." + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +"$MAKE" clean 2>/dev/null + +if ! "$MAKE" -j2 -f Makefile; then + echo "make failed." + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +if ! ./cryptestcwd v; then + echo "cryptestcwd v failed." + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +if ! ./cryptestcwd tv all; then + echo "cryptestcwd tv all failed." + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +# Return success +[[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 0 || return 0 diff --git a/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-cmake.sh b/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-cmake.sh new file mode 100755 index 00000000..e51c9c39 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-cmake.sh @@ -0,0 +1,73 @@ +#!/usr/bin/env bash + +PWD_DIR=$(pwd) +function cleanup { + cd "$PWD_DIR" +} +trap cleanup EXIT + +# Fixup ancient Bash +# https://unix.stackexchange.com/q/468579/56041 +if [[ -z "$BASH_SOURCE" ]]; then + BASH_SOURCE="$0" +fi + +# Fixup for Solaris and BSDs +if [[ ! -z $(command -v gmake) ]]; then + MAKE=gmake +else + MAKE=make +fi + +# Fixup for AIX +if [[ -z "$CMAKE" ]]; then + CMAKE=cmake +fi + +# Feth the three required files +if ! wget --no-check-certificate https://raw.githubusercontent.com/noloader/cryptopp-cmake/master/CMakeLists.txt -O CMakeLists.txt; then + echo "CMakeLists.txt download failed" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +if ! wget --no-check-certificate https://github.com/noloader/cryptopp-cmake/blob/master/cryptopp-config.cmake -O cryptopp-config.cmake; then + echo "cryptopp-config.cmake download failed" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +rm -rf "$PWD_DIR/cmake_build" +mkdir -p "$PWD_DIR/cmake_build" +cd "$PWD_DIR/cmake_build" + +if [[ ! -z "$CXX" ]]; +then + if ! CXX="$CXX" "$CMAKE" -DCMAKE_CXX_COMPILER="$CXX" ../; then + echo "cmake failed" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 + fi +else + if ! "$CMAKE" ../; then + echo "cmake failed" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 + fi +fi + +"$MAKE" clean 2>/dev/null + +if ! "$MAKE" -j2 -f Makefile VERBOSE=1; then + echo "make failed" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +if ! ./cryptest.exe v; then + echo "cryptest.exe v failed" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +if ! ./cryptest.exe tv all; then + echo "cryptest.exe v failed" + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + +# Return success +[[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 0 || return 0 diff --git a/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-ios.sh b/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-ios.sh index a7cf00dc..48e0f82b 100755 --- a/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-ios.sh +++ b/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-ios.sh @@ -10,8 +10,14 @@ # See http://www.cryptopp.com/wiki/iOS_(Command_Line) for more details # ==================================================================== +if [ -z $(command -v ./setenv-ios.sh) ]; then + echo "Failed to locate setenv-ios.sh" + ls -Al *.sh + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 +fi + if [ -z "${PLATFORM-}" ]; then - PLATFORMS=(iPhoneOS iPhoneSimulator WatchOS WatchSimulator AppleTVOS AppleTVSimulator) + PLATFORMS=(iPhoneOS iPhoneSimulator Arm64 WatchOS WatchSimulator AppleTVOS AppleTVSimulator) else PLATFORMS=(${PLATFORM}) fi @@ -27,28 +33,31 @@ do # Test if we can set the environment for the platform ./setenv-ios.sh "$platform" - if [ "$?" -eq "0" ]; then - echo - echo "Building for $platform using $runtime..." - echo - - # run in subshell to not keep any env vars - ( - . ./setenv-ios.sh "$platform" > /dev/null 2>&1 - make -f GNUmakefile-cross static dynamic cryptest.exe - if [ "$?" -eq "0" ]; then - echo "$platform ==> SUCCESS" >> /tmp/build.log - else - echo "$platform ==> FAILURE" >> /tmp/build.log - touch /tmp/build.failed - fi - ) - else + if [ "$?" -ne "0" ]; + then echo echo "$platform not supported by Xcode" echo "$platform ==> FAILURE" >> /tmp/build.log + touch /tmp/build.failed + continue fi + + echo + echo "Building for $platform using $runtime..." + echo + + # run in subshell to not keep any env vars + ( + source ./setenv-ios.sh "$platform" > /dev/null 2>&1 + make -f GNUmakefile-cross static dynamic cryptest.exe + if [ "$?" -eq "0" ]; then + echo "$platform ==> SUCCESS" >> /tmp/build.log + else + echo "$platform ==> FAILURE" >> /tmp/build.log + touch /tmp/build.failed + fi + ) done cat /tmp/build.log diff --git a/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-symbols.sh b/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-symbols.sh index 0455187d..c4d0154c 100755 --- a/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-symbols.sh +++ b/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest-symbols.sh @@ -6,10 +6,16 @@ # This is a test script that can be used on some Linux/Unix/Apple machines to automate testing # of the shared object to ensure linking and symbols don't go missing from release to release. +# Fixup ancient Bash +# https://unix.stackexchange.com/q/468579/56041 +if [[ -z "$BASH_SOURCE" ]]; then + BASH_SOURCE="$0" +fi + ############################################ # Tags to test -OLD_VERSION_TAG=CRYPTOPP_6_1_0 +OLD_VERSION_TAG=CRYPTOPP_7_0_0 NEW_VERSION_TAG=master ############################################ @@ -34,11 +40,8 @@ fi echo echo "****************************************************************" -echo "****************************************************************" echo "Testing '$NEW_VERSION_TAG' against '$OLD_VERSION_TAG'" echo "****************************************************************" -echo "****************************************************************" -echo ############################################ # Setup tools and platforms @@ -224,7 +227,6 @@ echo echo "****************************************************************" echo "Patching makefile for dynamic linking by cryptest.exe" echo "****************************************************************" -echo if [[ "$IS_DARWIN" -ne "0" ]]; then "$SED" "$SED_OPTS" -e 's|libcryptopp.a $(TESTOBJS)|libcryptopp.dylib $(TESTOBJS)|g' GNUmakefile-symbols @@ -282,11 +284,10 @@ fi echo echo "****************************************************************" -echo "Removing dynamic library for $OLD_VERSION_TAG" +echo "Removing dynamic library and artifacts for $OLD_VERSION_TAG" echo "****************************************************************" -echo -rm -f adhoc.cpp *.o *.so *.dylib +rm -f adhoc.cpp *.a *.o *.so *.dylib git checkout "$NEW_VERSION_TAG" -f &>/dev/null diff --git a/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest.sh b/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest.sh index c59cef86..f1a714dc 100755 --- a/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest.sh +++ b/vendor/cryptopp/vendor_cryptopp/TestScripts/cryptest.sh @@ -81,6 +81,12 @@ MAKE=make DISASS=objdump DISASSARGS=("--disassemble") +# Fixup ancient Bash +# https://unix.stackexchange.com/q/468579/56041 +if [[ -z "$BASH_SOURCE" ]]; then + BASH_SOURCE="$0" +fi + # Fixup, Solaris and friends if [[ (-d /usr/xpg4/bin) ]]; then SED=/usr/xpg4/bin/sed @@ -1009,6 +1015,12 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0") ]]; then WARNING_CXXFLAGS+=("-Wcast-align" "-Wwrite-strings" "-Wformat=2" "-Wformat-security") fi +# On PowerPC we test the original Altivec load and store with unaligned data. +# Modern compilers generate a warning and recommend the new loads and stores. +if [[ ("$GCC_COMPILER" -ne "0" && ("$IS_PPC32" -ne "0" || "$IS_PPC64" -ne "0") ) ]]; then + WARNING_CXXFLAGS+=("-Wno-deprecated") +fi + echo | tee -a "$TEST_RESULTS" echo "DEBUG_CXXFLAGS: $DEBUG_CXXFLAGS" | tee -a "$TEST_RESULTS" echo "RELEASE_CXXFLAGS: $RELEASE_CXXFLAGS" | tee -a "$TEST_RESULTS" @@ -1161,7 +1173,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t TEST_LIST+=("X86 CRC32 code generation") - OBJFILE=crc-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=crc_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1201,7 +1213,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t TEST_LIST+=("X86 AES-NI code generation") - OBJFILE=rijndael-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=rijndael_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1265,7 +1277,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t TEST_LIST+=("X86 carryless multiply code generation") - OBJFILE=gcm-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=gcm_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1353,7 +1365,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t TEST_LIST+=("X86 SHA code generation") - OBJFILE=sha-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=sha_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1424,7 +1436,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ] TEST_LIST+=("ARM NEON code generation") - OBJFILE=aria-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=aria_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1532,7 +1544,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ] TEST_LIST+=("ARM CRC32 code generation") - OBJFILE=crc-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=crc_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1584,7 +1596,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ] TEST_LIST+=("ARM carryless multiply code generation") - OBJFILE=gcm-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=gcm_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1624,7 +1636,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ] TEST_LIST+=("ARM AES generation") - OBJFILE=rijndael-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=rijndael_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1676,7 +1688,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ] TEST_LIST+=("ARM SHA generation") - OBJFILE=sha-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=sha_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1780,7 +1792,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_PPC32" -ne "0" || "$IS_PPC64" -ne "0")) ] TEST_LIST+=("Power8 AES generation") - OBJFILE=rijndael-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=rijndael_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS $PPC_AES_FLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1843,7 +1855,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_PPC32" -ne "0" || "$IS_PPC64" -ne "0")) ] TEST_LIST+=("Power8 SHA generation") - OBJFILE=sha-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=sha_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS $PPC_SHA_FLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1866,6 +1878,51 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_PPC32" -ne "0" || "$IS_PPC64" -ne "0")) ] echo "Verified vshasigmaw and vshasigmad machine instructions" | tee -a "$TEST_RESULTS" fi fi + + ############################################ + # Power8 VMULL + + PPC_VMULL=0 + if [[ ("$PPC_VMULL" -eq "0") ]]; then + "$CXX" -DCRYPTOPP_ADHOC_MAIN -mcpu=power8 adhoc.cpp -o "$TMPDIR/adhoc.exe" > /dev/null 2>&1 + if [[ "$?" -eq "0" ]]; then + PPC_VMULL=1 + PPC_VMULL_FLAGS="-mcpu=power8" + fi + fi + if [[ ("$PPC_VMULL" -eq "0") ]]; then + "$CXX" -DCRYPTOPP_ADHOC_MAIN -qarch=pwr8 adhoc.cpp -o "$TMPDIR/adhoc.exe" > /dev/null 2>&1 + if [[ "$?" -eq "0" ]]; then + PPC_VMULL=1 + PPC_VMULL_FLAGS="-qarch=pwr8" + fi + fi + + if [[ ("$PPC_VMULL" -ne "0") ]]; then + echo + echo "************************************" | tee -a "$TEST_RESULTS" + echo "Testing: Power8 carryless multiply generation" | tee -a "$TEST_RESULTS" + echo + + TEST_LIST+=("Power8 carryless multiply generation") + + OBJFILE=gcm_simd.o; rm -f "$OBJFILE" 2>/dev/null + CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS $PPC_VMULL_FLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" + + COUNT=0 + FAILED=0 + DISASS_TEXT=$("$DISASS" "${DISASSARGS[@]}" "$OBJFILE" 2>/dev/null) + + COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c vpmsum) + if [[ ("$COUNT" -eq "0") ]]; then + FAILED=1 + echo "ERROR: failed to generate vpmsum instruction" | tee -a "$TEST_RESULTS" + fi + + if [[ ("$FAILED" -eq "0") ]]; then + echo "Verified vpmsum machine instruction" | tee -a "$TEST_RESULTS" + fi + fi fi ############################################ @@ -1888,14 +1945,20 @@ if true; then if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS" + # Stop now if things are broke + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 else ./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS" if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS" + # Stop now if things are broke + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 fi ./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS" if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS" + # Stop now if things are broke + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 fi fi @@ -1916,14 +1979,20 @@ if true; then if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS" + # Stop now if things are broke + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 else ./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS" if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS" + # Stop now if things are broke + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 fi ./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS" if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS" + # Stop now if things are broke + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 fi echo fi diff --git a/vendor/cryptopp/vendor_cryptopp/TestScripts/governor.sh b/vendor/cryptopp/vendor_cryptopp/TestScripts/governor.sh index 8271e3bf..a1f571d0 100755 --- a/vendor/cryptopp/vendor_cryptopp/TestScripts/governor.sh +++ b/vendor/cryptopp/vendor_cryptopp/TestScripts/governor.sh @@ -6,6 +6,17 @@ # run 'governor.sh powersave' or reboot. The script is based on code by # Andy Polyakov, http://www.openssl.org/~appro/cryptogams/. +# Fixup ancient Bash +# https://unix.stackexchange.com/q/468579/56041 +if [[ -z "$BASH_SOURCE" ]]; then + BASH_SOURCE="$0" +fi + +if [[ "$EUID" -ne 0 ]]; then + echo "This script must be run as root" + [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1 +fi + if [ "x$1" = "x" ]; then echo "usage: $0 on[demand]|pe[rformance]|po[wersave]|us[erspace]?" [[ "$0" = "$BASH_SOURCE" ]] && exit 1 || return 1 diff --git a/vendor/cryptopp/vendor_cryptopp/TestScripts/install-android.sh b/vendor/cryptopp/vendor_cryptopp/TestScripts/install-android.sh index 09a56c17..43919e3d 100755 --- a/vendor/cryptopp/vendor_cryptopp/TestScripts/install-android.sh +++ b/vendor/cryptopp/vendor_cryptopp/TestScripts/install-android.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env bash set -e # install android deps @@ -7,11 +7,10 @@ sudo apt-get -qq install --no-install-recommends openjdk-8-jdk unzip # android skd/ndk curl -Lo /tmp/android-sdk.zip https://dl.google.com/android/repository/sdk-tools-linux-3859397.zip -mkdir $HOME/android -unzip -qq /tmp/android-sdk.zip -d $HOME/android/sdk/ +unzip -qq /tmp/android-sdk.zip -d "$ANDROID_SDK" rm -f /tmp/android-sdk.zip -echo y | $HOME/android/sdk/tools/bin/sdkmanager --update > /dev/null +echo y | "$ANDROID_SDK/tools/bin/sdkmanager" --update > /dev/null for package in "ndk-bundle"; do echo install android $package - echo y | $HOME/android/sdk/tools/bin/sdkmanager "$package" > /dev/null + echo y | "$ANDROID_SDK/tools/bin/sdkmanager" "$package" > /dev/null done diff --git a/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-android.sh b/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-android-gcc.sh similarity index 97% rename from vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-android.sh rename to vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-android-gcc.sh index c66ed236..69fb2f72 100755 --- a/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-android.sh +++ b/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-android-gcc.sh @@ -71,7 +71,7 @@ if [ -z "${AOSP_API-}" ]; then else echo "WARNING: Using AOSP_API has been deprecated. Please use AOSP_API_VERSION instead." echo "If you set for example AOSP_API=android-23 then now instead set AOSP_API_VERSION=23" - exit 1 + [ "$0" = "$BASH_SOURCE" ] && exit 1 || return 1 fi ##################################################################### @@ -126,8 +126,8 @@ case "$THE_ARCH" in AOSP_FLAGS="-march=armv7-a -mthumb -mfpu=vfpv3-d16 -mfloat-abi=softfp -DCRYPTOPP_DISABLE_ASM -Wl,--fix-cortex-a8 -funwind-tables -fexceptions -frtti" ;; hard|armv7a-hard|armeabi-v7a-hard) - echo hard, armv7a-hard and armeabi-v7a-hard are not supported, as android uses softfloats - exit 1 + echo hard, armv7a-hard and armeabi-v7a-hard are not supported, as android uses softfloats + [ "$0" = "$BASH_SOURCE" ] && exit 1 || return 1 #TOOLCHAIN_ARCH="arm-linux-androideabi" #TOOLCHAIN_NAME="arm-linux-androideabi" #AOSP_ABI="armeabi-v7a" @@ -167,14 +167,14 @@ case "$THE_ARCH" in TOOLCHAIN_NAME="i686-linux-android" AOSP_ABI="x86" AOSP_ARCH="arch-x86" - AOSP_FLAGS="-mtune=intel -mssse3 -mfpmath=sse -DCRYPTOPP_DISABLE_SSE4 -funwind-tables -fexceptions -frtti" + AOSP_FLAGS="-mtune=intel -mssse3 -mfpmath=sse -funwind-tables -fexceptions -frtti" ;; x86_64|x64) TOOLCHAIN_ARCH="x86_64" TOOLCHAIN_NAME="x86_64-linux-android" AOSP_ABI="x86_64" AOSP_ARCH="arch-x86_64" - AOSP_FLAGS="-march=x86-64 -msse4.2 -mpopcnt -mtune=intel -DCRYPTOPP_DISABLE_CLMUL -DCRYPTOPP_DISABLE_AES -DCRYPTOPP_DISABLE_SHA -funwind-tables -fexceptions -frtti" + AOSP_FLAGS="-march=x86-64 -msse4.2 -mpopcnt -mtune=intel -funwind-tables -fexceptions -frtti" ;; *) echo "ERROR: Unknown architecture $1" diff --git a/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-android-old.sh b/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-android-old.sh index b8a6f1fb..d93b568d 100755 --- a/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-android-old.sh +++ b/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-android-old.sh @@ -157,14 +157,14 @@ case "$THE_ARCH" in TOOLCHAIN_NAME="i686-linux-android" AOSP_ABI="x86" AOSP_ARCH="arch-x86" - AOSP_FLAGS="-mtune=intel -mssse3 -mfpmath=sse -DCRYPTOPP_DISABLE_SSE4 -DCRYPTOPP_DISABLE_CLMUL -DCRYPTOPP_DISABLE_AES -DCRYPTOPP_DISABLE_SHA -funwind-tables -fexceptions -frtti" + AOSP_FLAGS="-mtune=intel -mssse3 -mfpmath=sse -funwind-tables -fexceptions -frtti" ;; x86_64|x64) TOOLCHAIN_ARCH="x86_64" TOOLCHAIN_NAME="x86_64-linux-android" AOSP_ABI="x86_64" AOSP_ARCH="arch-x86_64" - AOSP_FLAGS="-march=x86-64 -msse4.2 -mpopcnt -mtune=intel -DCRYPTOPP_DISABLE_CLMUL -DCRYPTOPP_DISABLE_AES -DCRYPTOPP_DISABLE_SHA -funwind-tables -fexceptions -frtti" + AOSP_FLAGS="-march=x86-64 -msse4.2 -mpopcnt -mtune=intel -funwind-tables -fexceptions -frtti" ;; *) echo "ERROR: Unknown architecture $1" diff --git a/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-ios.sh b/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-ios.sh index 596ec7e4..d9f86940 100755 --- a/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-ios.sh +++ b/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-ios.sh @@ -42,6 +42,7 @@ SETENV_VERBOSE=1 APPLE_SDK= IOS_ARCH= +BACK_ARCH= for ARG in "$@" do @@ -49,66 +50,74 @@ do # i386 (simulator) if [ "$CL" == "i386" ]; then - IOS_ARCH=i386 + BACK_ARCH=i386 + APPLE_SDK=iPhoneSimulator fi # x86_64 (simulator) if [ "$CL" == "x86_64" ]; then - IOS_ARCH=x86_64 + BACK_ARCH=x86_64 + APPLE_SDK=iPhoneSimulator fi # ARMv5 if [ "$CL" == "armv5" ]; then - IOS_ARCH=armv5 + BACK_ARCH=armv5 fi # ARMv6 if [ "$CL" == "armv6" ]; then - IOS_ARCH=armv6 + BACK_ARCH=armv6 fi # ARMv7 if [ "$CL" == "armv7" ]; then - IOS_ARCH=armv7 + BACK_ARCH=armv7 fi # ARMv7s if [ "$CL" == "armv7s" ]; then - IOS_ARCH=armv7s + BACK_ARCH=armv7s fi # ARM64 if [[ ("$CL" == "arm64" || "$CL" == "armv8" || "$CL" == "aarch64") ]]; then - IOS_ARCH=arm64 + BACK_ARCH=arm64 fi # iPhone if [[ ("$CL" == "iphone" || "$CL" == "iphoneos") ]]; then + BACK_ARCH=armv7 APPLE_SDK=iPhoneOS fi # iPhone Simulator if [[ ("$CL" == "simulator" || "$CL" == "iphonesimulator") ]]; then + BACK_ARCH=i386 APPLE_SDK=iPhoneSimulator fi # Watch if [[ ("$CL" == "watch" || "$CL" == "watchos" || "$CL" == "applewatch") ]]; then + BACK_ARCH=armv7 APPLE_SDK=WatchOS fi # Watch Simulator if [ "$CL" == "watchsimulator" ]; then + BACK_ARCH=i386 APPLE_SDK=WatchSimulator fi # Apple TV if [[ ("$CL" == "tv" || "$CL" == "appletv" || "$CL" == "appletvos") ]]; then + BACK_ARCH=arm64 APPLE_SDK=AppleTVOS fi # Apple TV Simulator if [[ ("$CL" == "tvsimulator" || "$CL" == "appletvsimulator") ]]; then + BACK_ARCH=x86_64 APPLE_SDK=AppleTVSimulator fi @@ -116,21 +125,13 @@ done # Defaults if not set if [ -z "$APPLE_SDK" ]; then + BACK_ARCH=armv7 APPLE_SDK=iPhoneOS fi +# Defaults if not set if [ -z "$IOS_ARCH" ]; then - if [ "$APPLE_SDK" == "iPhoneOS" ]; then - IOS_ARCH=armv7 - elif [ "$APPLE_SDK" == "iPhoneSimulator" ]; then - IOS_ARCH=i386 - elif [ "$APPLE_SDK" == "AppleTVOS" ]; then - IOS_ARCH=arm64 - elif [ "$APPLE_SDK" == "WatchOS" ]; then - IOS_ARCH=armv7 - fi - - # TODO: fill in missing simulator architectures + IOS_ARCH="$BACK_ARCH" fi # Allow a user override? I think we should be doing this. The use case is: @@ -195,12 +196,12 @@ fi # https://github.com/weidai11/cryptopp/issues/635 if [ "$APPLE_SDK" == "iPhoneSimulator" ]; then - IOS_FLAGS="$IOS_FLAGS -DCRYPTOPP_DISABLE_SSSE3" + IOS_FLAGS="$IOS_FLAGS -DCRYPTOPP_DISABLE_ASM" fi # Simulator fixup. LD fails to link dylib. if [ "$APPLE_SDK" == "iPhoneSimulator" ] && [ "$IOS_ARCH" == "i386" ]; then - IOS_FLAGS="$IOS_FLAGS -miphoneos-version-min=5" + IOS_FLAGS="$IOS_FLAGS -miphoneos-version-min=5 -DCRYPTOPP_DISABLE_ASM" fi # ARMv7s fixup. Xcode 4/iOS 6 @@ -219,8 +220,25 @@ if [ "$APPLE_SDK" == "AppleTVOS" ]; then fi # ARM64 Simulator fixup. Under Xcode 6/iOS 8, it uses x86_64 and not i386 +# -ios_simulator_version_min does not work though it is in LLVM sources. if [ "$IOS_ARCH" == "x86_64" ]; then - IOS_FLAGS="$IOS_FLAGS -miphoneos-version-min=8" + IOS_FLAGS="$IOS_FLAGS -DCRYPTOPP_DISABLE_ASM" +fi + +# Disable ASM for simulator. We are failing on Travis due to missing _start. +# We may need to link against crt1.o for simulator builds. Also see +# https://stackoverflow.com/q/24841283/608639 +# -watchos_simulator_version_min does not work though it is in LLVM sources. +if [ "$APPLE_SDK" == "WatchSimulator" ]; then + IOS_FLAGS="$IOS_FLAGS -DCRYPTOPP_DISABLE_ASM" +fi + +# Disable ASM for simulator. We are failing on Travis due to missing _start. +# We may need to link against crt1.o for simulator builds. Also see +# https://stackoverflow.com/q/24841283/608639 +# -tvos_simulator_version_min does not work though it is in LLVM sources. +if [ "$APPLE_SDK" == "AppleTVSimulator" ]; then + IOS_FLAGS="$IOS_FLAGS -tvos_simulator_version_min -DCRYPTOPP_DISABLE_ASM" fi # Simulator uses i386 or x86_64, Device uses ARMv5, ARMv6, ARMv7, ARMv7s or ARMv8 diff --git a/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-travis.sh b/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-travis.sh new file mode 100755 index 00000000..43920fb6 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestScripts/setenv-travis.sh @@ -0,0 +1,18 @@ +#/usr/bin/env bash + +# This file should be source'd when required. + +export ANDROID_HOME="$HOME/.android" +export ANDROID_SDK="$HOME/android/sdk/" +export ANDROID_NDK="$HOME/android/sdk/ndk-bundle" +export ANDROID_SDK_ROOT="$ANDROID_SDK" +export ANDROID_NDK_ROOT="$ANDROID_NDK" + +mkdir -p "$ANDROID_HOME" +mkdir -p "$ANDROID_SDK_ROOT" +mkdir -p "$ANDROID_NDK_ROOT" + +# https://stackoverflow.com/a/47028911/608639 +touch "$ANDROID_HOME/repositories.cfg" + +[[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 0 || return 0 diff --git a/vendor/cryptopp/vendor_cryptopp/TestVectors/Readme.txt b/vendor/cryptopp/vendor_cryptopp/TestVectors/Readme.txt index 0c8e45cc..5a27c99f 100644 --- a/vendor/cryptopp/vendor_cryptopp/TestVectors/Readme.txt +++ b/vendor/cryptopp/vendor_cryptopp/TestVectors/Readme.txt @@ -24,7 +24,8 @@ before the Test field. Data Types ========== -int - small integer (less than 2^32) in decimal representation +signed int - small integer (less than 2^32) in decimal representation +unsigned long - large integer (less than 2^64) convertible by strtoul or strtoull string - human readable string encoded string - can be one of the following - quoted string: "message" means "message" without the quotes @@ -68,6 +69,7 @@ DerivedLength - encoded string Digest - encoded string TruncatedSize - int, size of truncated digest in bytes Seek - int, seek location for random access ciphers +Seek64 - unsigned long, seek location for random access ciphers (more to come here) Possible Tests diff --git a/vendor/cryptopp/vendor_cryptopp/TestVectors/all.txt b/vendor/cryptopp/vendor_cryptopp/TestVectors/all.txt index 23000342..757dd464 100644 --- a/vendor/cryptopp/vendor_cryptopp/TestVectors/all.txt +++ b/vendor/cryptopp/vendor_cryptopp/TestVectors/all.txt @@ -30,13 +30,20 @@ Test: TestVectors/aria.txt Test: TestVectors/kalyna.txt Test: TestVectors/threefish.txt Test: TestVectors/sm4.txt +Test: TestVectors/hight.txt +Test: TestVectors/cham.txt +Test: TestVectors/lea.txt +Test: TestVectors/simeck.txt Test: TestVectors/simon.txt Test: TestVectors/speck.txt Test: TestVectors/salsa.txt Test: TestVectors/chacha.txt #Test: TestVectors/tls_chacha.txt -Test: TestVectors/vmac.txt Test: TestVectors/sosemanuk.txt +Test: TestVectors/rabbit.txt +Test: TestVectors/hc128.txt +Test: TestVectors/hc256.txt +Test: TestVectors/vmac.txt Test: TestVectors/ccm.txt Test: TestVectors/gcm.txt Test: TestVectors/cmac.txt diff --git a/vendor/cryptopp/vendor_cryptopp/TestVectors/chacha.txt b/vendor/cryptopp/vendor_cryptopp/TestVectors/chacha.txt index 18ed115d..71abe2ec 100644 --- a/vendor/cryptopp/vendor_cryptopp/TestVectors/chacha.txt +++ b/vendor/cryptopp/vendor_cryptopp/TestVectors/chacha.txt @@ -1,36 +1,43 @@ AlgorithmType: SymmetricCipher -Name: ChaCha8 +Name: ChaCha Source: http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors +# Comment: TC1 - All zero key and IV (16-byte key). Key: r16 00 IV: r8 00 +Rounds: 8 Plaintext: r64 00 Ciphertext: e28a5fa4a67f8c5defed3e6fb7303486aa8427d31419a729572d777953491120b64ab8e72b8deb85cd6aea7cb6089a101824beeb08814a428aab1fa2c816081b Test: Encrypt +# Comment: TC1 - All zero key and IV (32-byte key). Key: r32 00 IV: r8 00 Plaintext: r64 00 Ciphertext: 3e00ef2f895f40d67f5bb8e81f09a5a12c840ec3ce9a7f3b181be188ef711a1e984ce172b9216f419f445367456d5619314a42a3da86b001387bfdb80e0cfe42 Test: Encrypt +# Comment: TC2 - Single bit in key set. All zero IV (16-byte key). Key: 0x01000000000000000000000000000000 IV: r8 00 Plaintext: r64 00 Ciphertext: 03a7669888605a0765e8357475e58673f94fc8161da76c2a3aa2f3caf9fe5449e0fcf38eb882656af83d430d410927d55c972ac4c92ab9da3713e19f761eaa14 Test: Encrypt +# Comment: TC2 - Single bit in key set. All zero IV (32-byte key). Key: 0x0100000000000000000000000000000000000000000000000000000000000000 IV: r8 00 Plaintext: r64 00 Ciphertext: cf5ee9a0494aa9613e05d5ed725b804b12f4a465ee635acc3a311de8740489ea289d04f43c7518db56eb4433e498a1238cd8464d3763ddbb9222ee3bd8fae3c8 Test: Encrypt +# Comment: TC3 - Single bit in IV set. All zero key (16-byte key). Key: r16 00 IV: 0x0100000000000000 Plaintext: r64 00 Ciphertext: 25f5bec6683916ff44bccd12d102e692176663f4cac53e719509ca74b6b2eec85da4236fb29902012adc8f0d86c8187d25cd1c486966930d0204c4ee88a6ab35 Test: Encrypt +# Comment: TC3 - Single bit in IV set. All zero key (32-byte key). Key: r32 00 IV: 0x0100000000000000 @@ -39,31 +46,236 @@ Ciphertext: 2b8f4bb3798306ca5130d47c4f8d4ed13aa0edccc1be6942090faeeca0d7599b7ff0 Test: Encrypt AlgorithmType: SymmetricCipher -Name: ChaCha12 +Name: ChaCha +Source: https://cr.yp.to/streamciphers/timings/estreambench/submissions/salsa20/chacha8/ref/chacha.c +# +Comment: All one's key and IV (16-byte key). +Key: r16 ff +IV: r8 ff +Rounds: 8 +Plaintext: r512 00 +Ciphertext: \ + 2204D5B81CE662193E00966034F91302F14A3FB047F58B6E6EF0D72113230416 \ + 3E0FB640D76FF9C3B9CD99996E6E38FAD13F0E31C82244D33ABBC1B11E8BF12D \ + 9A81D78E9E56604DDFAE136921F51C9D81AE15119DB8E756DD28024493EE571D \ + 363AE4BBCD6E7D300F99D2673AEB92CCFC6E43A38DC31BACD66B28F17B22B28A \ + B9A347AC756CF16B39683DFE4907D76E9318C53E3B892B4C4D477E3649A412DF \ + 641722732D6B4B4E73541FEEA26F36163B860A6FFEFF2BD736DCB9E40BB49DFB \ + 18E5060462F7EC41EF61C8EAED8F68987F4BBA84FF37DF645677AA26D59D1608 \ + 201932E2F91565FC50BCCAE19370BEA3F4F6C9B40C69E1E7EF4993FB5C543246 \ + 8AD37BDFA57F8C0A27AFABA186B20E08D08009C9AAAEC5BE1DB6A5FFD0F6D122 \ + F000015BB76329B170CBE114A17C0CBC8A721C3075EEDF5F131944F3BEA2E84C \ + 009BF03FC47FAD2A7BA01573FA67FE859AD950A3E40190AA2FA3834D2FB604E0 \ + 51F919D4C93CBC6272156BE543785691F698304071BA0D8722CD2694F711E4A2 \ + 6E511837F4C46CDF9EB2A4573E2FBFF7F4320ACCD35DD64F9B2A40C7F017B971 \ + 0CD9BC404FD17DC6E474B7EBFE03F5526409160760FB7915DACED8358B8B78C4 \ + FA9F0C53D408593CBE63FB1C86D34ACF2B412CD114A542A09BA915D091125542 \ + A72DBCA31889D0FC5CCC5F07FA227694100EE57E97C6C2B601273AA438F72693 +Test: Encrypt +# +Comment: All one's key and IV (32-byte key). +Key: r32 ff +IV: r8 ff +Rounds: 8 +Plaintext: r512 00 +Ciphertext: \ + E163BBF8C9A739D18925EE8362DAD2CDC973DF05225AFB2AA26396F2A9849A4A \ + 445E0547D31C1623C537DF4BA85C70A9884A35BCBF3DFAB077E98B0F68135F54 \ + 81D4933F8B322AC0CD762C27235CE2B31534E0244A9A2F1FD5E94498D47FF108 \ + 790C009CF9E1A348032A7694CB28024CD96D3498361EDB1785AF752D187AB54B \ + 4194B9407D743285217760B19D0548294855D4C1620CDFF381657E106CA539E3 \ + E41CC0EAAFCB1C502BCE537275567F72CAE2C076B7DE295233132517E140ECF1 \ + B7B4F9DE5E87123D72AE0FA8672BBE5B73C5382DDD779A963C91E40B6B9EAF39 \ + F53B3982D9E4AC76DFAC3D5070373CF9E54036C9F0E9DBB327371D2E69308699 \ + 8991D340F91458804B2445641E24189956674BAEC8120AC451F9BDDD14B65E99 \ + 2C526CABF185EA53FD0ABD2DB88DE9FE88E19D3F26DC6BA4B9014924064D15E6 \ + 7901B9BF0F4EB76C3E06BE3D1CA73289FF819A9DBF456F73686C5CF9207510F3 \ + 7D95A24249E11E779D301237AF5A2BD3E6F34D7123811E26BB016C73D54A6D39 \ + 8B4E9BBCD2EE4C31CBD3326148004684F27847CEAC28C341A894A670A0818324 \ + 446468D08CA1C72BCBD1CE7EFD73D67D53C671C35EA57700D8B581E52E238A7E \ + 25DDA3E1C1E35D96BDB9CAD13546971B1E5FDB2E83216FEF93E5457DE48A5ED8 \ + 1F7E4B95484834A58B6AF8CCE9545BBBDC58929A1DEB2F6AEBF0DC2079F644E3 +Test: Encrypt +# +Comment: All one's key and IV (16-byte key). +Key: r16 ff +IV: r8 ff +Rounds: 8 +Seek: 32 +Plaintext: r64 00 +Ciphertext: \ + 3E0FB640D76FF9C3B9CD99996E6E38FAD13F0E31C82244D33ABBC1B11E8BF12D \ + 9A81D78E9E56604DDFAE136921F51C9D81AE15119DB8E756DD28024493EE571D +Test: Encrypt +# +Comment: All one's key and IV (32-byte key). +Key: r32 ff +IV: r8 ff +Rounds: 8 +Seek: 32 +Plaintext: r64 00 +Ciphertext: \ + 445E0547D31C1623C537DF4BA85C70A9884A35BCBF3DFAB077E98B0F68135F54 \ + 81D4933F8B322AC0CD762C27235CE2B31534E0244A9A2F1FD5E94498D47FF108 +Test: Encrypt +# +Comment: Counter crosses 32-bit boundary (0xfffffffe*64) +Key: r32 00 +IV: r8 00 +Rounds: 8 +Seek64: 0x3FFFFFFF80 +Plaintext: r1024 00 +Ciphertext: \ + AC22DD35E273D76E47D60D19AD753F578C38D4A8E28BA9F6055E8E0A1D7A6E53 \ + CDC46EDD57430E0EB14CF19CC107EE6DFF4836500383CD683CA2E8F11BA754DD \ + 34A2B737751D19ECE0256B2BB87237F68188C02B10A6DC31939D4E5D319BD3BB \ + EE280B968AD567C1F103089F4F7346D1FEA5DEC60DAF906C3C4E889BC49E0049 \ + 1CCC59A06308E05BE9D29E7288F166C58F2EE06003047710CBFDB7359DA916E8 \ + 43980F2C3BF39DF2A3E1F451BA18C37F986FF783075484265819602305557DCD \ + B7BD167BDFD87E6E4DF89B2F110C9022F16325E2EC113E806A50774673CDB6AF \ + B5BD48D1E66C7631EDB52D0941452DDBD67BC790A20CFE24213194AE75B2EE47 \ + FE3B0698DD4E8DFA56E1841BC6F549097583143CB3A0D791C230D9C438EADCC9 \ + F233969591EDF6EA904FF86C7A541AFE0905D18E62867028E15AEC0B2CD46BF1 \ + E939F5026DD82A60AA06B99A3726EA6D76C2D48DDB8B1DCB365249859EDDC8C0 \ + CF23BDB1CA6203201206BDDC4844A36D52A10828D0AB77CAACAF7FA680E4ED5D \ + 5D325C265A49436A691A54BC3D068A80D33187B17FBC4923879760C34DFFDA8F \ + BDBEF388A3B86E839E2A83DED9FE816238EEE22B2120BC39D7B26D3ECE4D5FA3 \ + 8B6808FC587DF4D1E0C579FC6DBF10A0CF4C6696CD5501336EC05C45927565CB \ + 9CB7626BF510D1EAAD21B208E76D55C15CBDCD36F4CA84A6939DE0C29539DE25 \ + E8D17BC489CB723682BE518CC695B127922C88BF8DC99245DBC146512735687F \ + 079F458CDA31CAA064A3D5AD1020A849B4A587BC60BDDCAEE9517936D30FF11E \ + 362D524675648DA360224DF3719D6AD569AF9E6B309119E3262FD3189891A140 \ + 971350EB320109802A664216635F400A1086F8197841457126E2AF7A8AA46924 \ + FDD717270BB3A0C4F1723C507B143830E80D691300A1B477E4383D975BCAC73A \ + 0C33BE5330C83247E330184F7C5E613227FD321A29AC50B75B93FC0B8FD51184 \ + 648F3305432FC0177C319508D1025C1331EF78ED56D3405DF70980C07756F4F3 \ + 686B0B0F110BCE4F9CD07463964B67AD7CFC05A6182A3B88F5E7C408C3A4E4E0 \ + 1B446212735D2F31F53EE1DEEDEBDD353534CF69179DBB87E1C689C3C688CF6C \ + C94217963B796CC7CC47C37027B909C9E2C88D55458B838A87953CD0974CE348 \ + 651E6126416AE7A81C855B1C856F542D76F9252D3EE78AE37C9B6C576E72E2C2 \ + 71AD7542F22C2B106E3FAFB399864AB1F8B8263CA8D3311951AD0F4463964B68 \ + 1E96FEBD06E4857986E7146981484DC6DF3692397B68CF953876FD1C2F6E5A80 \ + 1FBD636D2912A833EA9024450A3ED43ED5D5298BB451578FB279B5ACBE47E35F \ + 0B1D1094DCEA8272DF55897BEE2440B6B90D0B15F259D0BD2B402D434FFFF2E6 \ + 79DA0921D748D31B963618DE2D8036D9F54F75BC61A26A9DA0F10E81E075CF5C +Test: Encrypt +# +Comment: Counter crosses 32-bit boundary (0xffffffff*64) +Key: r32 00 +IV: r8 00 +Rounds: 8 +Seek64: 0x3FFFFFFFC0 +Plaintext: r1024 00 +Ciphertext: \ + 34A2B737751D19ECE0256B2BB87237F68188C02B10A6DC31939D4E5D319BD3BB \ + EE280B968AD567C1F103089F4F7346D1FEA5DEC60DAF906C3C4E889BC49E0049 \ + 1CCC59A06308E05BE9D29E7288F166C58F2EE06003047710CBFDB7359DA916E8 \ + 43980F2C3BF39DF2A3E1F451BA18C37F986FF783075484265819602305557DCD \ + B7BD167BDFD87E6E4DF89B2F110C9022F16325E2EC113E806A50774673CDB6AF \ + B5BD48D1E66C7631EDB52D0941452DDBD67BC790A20CFE24213194AE75B2EE47 \ + FE3B0698DD4E8DFA56E1841BC6F549097583143CB3A0D791C230D9C438EADCC9 \ + F233969591EDF6EA904FF86C7A541AFE0905D18E62867028E15AEC0B2CD46BF1 \ + E939F5026DD82A60AA06B99A3726EA6D76C2D48DDB8B1DCB365249859EDDC8C0 \ + CF23BDB1CA6203201206BDDC4844A36D52A10828D0AB77CAACAF7FA680E4ED5D \ + 5D325C265A49436A691A54BC3D068A80D33187B17FBC4923879760C34DFFDA8F \ + BDBEF388A3B86E839E2A83DED9FE816238EEE22B2120BC39D7B26D3ECE4D5FA3 \ + 8B6808FC587DF4D1E0C579FC6DBF10A0CF4C6696CD5501336EC05C45927565CB \ + 9CB7626BF510D1EAAD21B208E76D55C15CBDCD36F4CA84A6939DE0C29539DE25 \ + E8D17BC489CB723682BE518CC695B127922C88BF8DC99245DBC146512735687F \ + 079F458CDA31CAA064A3D5AD1020A849B4A587BC60BDDCAEE9517936D30FF11E \ + 362D524675648DA360224DF3719D6AD569AF9E6B309119E3262FD3189891A140 \ + 971350EB320109802A664216635F400A1086F8197841457126E2AF7A8AA46924 \ + FDD717270BB3A0C4F1723C507B143830E80D691300A1B477E4383D975BCAC73A \ + 0C33BE5330C83247E330184F7C5E613227FD321A29AC50B75B93FC0B8FD51184 \ + 648F3305432FC0177C319508D1025C1331EF78ED56D3405DF70980C07756F4F3 \ + 686B0B0F110BCE4F9CD07463964B67AD7CFC05A6182A3B88F5E7C408C3A4E4E0 \ + 1B446212735D2F31F53EE1DEEDEBDD353534CF69179DBB87E1C689C3C688CF6C \ + C94217963B796CC7CC47C37027B909C9E2C88D55458B838A87953CD0974CE348 \ + 651E6126416AE7A81C855B1C856F542D76F9252D3EE78AE37C9B6C576E72E2C2 \ + 71AD7542F22C2B106E3FAFB399864AB1F8B8263CA8D3311951AD0F4463964B68 \ + 1E96FEBD06E4857986E7146981484DC6DF3692397B68CF953876FD1C2F6E5A80 \ + 1FBD636D2912A833EA9024450A3ED43ED5D5298BB451578FB279B5ACBE47E35F \ + 0B1D1094DCEA8272DF55897BEE2440B6B90D0B15F259D0BD2B402D434FFFF2E6 \ + 79DA0921D748D31B963618DE2D8036D9F54F75BC61A26A9DA0F10E81E075CF5C \ + BEDB7A4CB8F33DDC71A836FE332D8DB08CF2833FD582E786CA57B1F5599B0FA8 \ + 887E279E3863471FA282308B542EDE7741069929FF92B7A12884C074C1FEC48F +Test: Encrypt +# +Comment: Counter crosses 32-bit boundary (0xfffffffc*64) +Key: r32 00 +IV: r8 00 +Rounds: 8 +Seek64: 0x3FFFFFFF00 +Plaintext: r1024 00 +Ciphertext: \ + F75FC0AFC5A56D8F38FDFDD96233B42F926F5A21007D3412C7A28FEEED2B5401 \ + 07BCC1A5F8AE49260A63E2A5A7F547A56B4807DDCD63BAF082A40F57B3A36A6D \ + B7B5E36ACFB9D060F2830903343264C1C3EC582110898C2650B559EE29B7411E \ + 87EE094887D1D8188563FF64F0755F1361381A6A1EF22D6B8732B2C9B7DE669D \ + AC22DD35E273D76E47D60D19AD753F578C38D4A8E28BA9F6055E8E0A1D7A6E53 \ + CDC46EDD57430E0EB14CF19CC107EE6DFF4836500383CD683CA2E8F11BA754DD \ + 34A2B737751D19ECE0256B2BB87237F68188C02B10A6DC31939D4E5D319BD3BB \ + EE280B968AD567C1F103089F4F7346D1FEA5DEC60DAF906C3C4E889BC49E0049 \ + 1CCC59A06308E05BE9D29E7288F166C58F2EE06003047710CBFDB7359DA916E8 \ + 43980F2C3BF39DF2A3E1F451BA18C37F986FF783075484265819602305557DCD \ + B7BD167BDFD87E6E4DF89B2F110C9022F16325E2EC113E806A50774673CDB6AF \ + B5BD48D1E66C7631EDB52D0941452DDBD67BC790A20CFE24213194AE75B2EE47 \ + FE3B0698DD4E8DFA56E1841BC6F549097583143CB3A0D791C230D9C438EADCC9 \ + F233969591EDF6EA904FF86C7A541AFE0905D18E62867028E15AEC0B2CD46BF1 \ + E939F5026DD82A60AA06B99A3726EA6D76C2D48DDB8B1DCB365249859EDDC8C0 \ + CF23BDB1CA6203201206BDDC4844A36D52A10828D0AB77CAACAF7FA680E4ED5D \ + 5D325C265A49436A691A54BC3D068A80D33187B17FBC4923879760C34DFFDA8F \ + BDBEF388A3B86E839E2A83DED9FE816238EEE22B2120BC39D7B26D3ECE4D5FA3 \ + 8B6808FC587DF4D1E0C579FC6DBF10A0CF4C6696CD5501336EC05C45927565CB \ + 9CB7626BF510D1EAAD21B208E76D55C15CBDCD36F4CA84A6939DE0C29539DE25 \ + E8D17BC489CB723682BE518CC695B127922C88BF8DC99245DBC146512735687F \ + 079F458CDA31CAA064A3D5AD1020A849B4A587BC60BDDCAEE9517936D30FF11E \ + 362D524675648DA360224DF3719D6AD569AF9E6B309119E3262FD3189891A140 \ + 971350EB320109802A664216635F400A1086F8197841457126E2AF7A8AA46924 \ + FDD717270BB3A0C4F1723C507B143830E80D691300A1B477E4383D975BCAC73A \ + 0C33BE5330C83247E330184F7C5E613227FD321A29AC50B75B93FC0B8FD51184 \ + 648F3305432FC0177C319508D1025C1331EF78ED56D3405DF70980C07756F4F3 \ + 686B0B0F110BCE4F9CD07463964B67AD7CFC05A6182A3B88F5E7C408C3A4E4E0 \ + 1B446212735D2F31F53EE1DEEDEBDD353534CF69179DBB87E1C689C3C688CF6C \ + C94217963B796CC7CC47C37027B909C9E2C88D55458B838A87953CD0974CE348 \ + 651E6126416AE7A81C855B1C856F542D76F9252D3EE78AE37C9B6C576E72E2C2 \ + 71AD7542F22C2B106E3FAFB399864AB1F8B8263CA8D3311951AD0F4463964B68 +Test: Encrypt + +################################################# + +AlgorithmType: SymmetricCipher +Name: ChaCha Source: http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors +# Comment: TC1 - All zero key and IV (16-byte key). Key: r16 00 IV: r8 00 +Rounds: 12 Plaintext: r64 00 Ciphertext: e1047ba9476bf8ff312c01b4345a7d8ca5792b0ad467313f1dc412b5fdce32410dea8b68bd774c36a920f092a04d3f95274fbeff97bc8491fcef37f85970b450 Test: Encrypt +# Comment: TC1 - All zero key and IV (32-byte key). Key: r32 00 IV: r8 00 Plaintext: r64 00 Ciphertext: 9bf49a6a0755f953811fce125f2683d50429c3bb49e074147e0089a52eae155f0564f879d27ae3c02ce82834acfa8c793a629f2ca0de6919610be82f411326be Test: Encrypt +# Comment: TC2 - Single bit in key set. All zero IV (16-byte key). Key: 0x01000000000000000000000000000000 IV: r8 00 Plaintext: r64 00 Ciphertext: 2a865a3b8999fa83ae8aacf33fc6be4f32c8aa9762738d26963270052f4eef8b86af758f7867560af6d0eeb973b5542bb24c8abceac8b1f36d026963d6c8a9b2 Test: Encrypt +# Comment: TC2 - Single bit in key set. All zero IV (32-byte key). Key: 0x0100000000000000000000000000000000000000000000000000000000000000 IV: r8 00 Plaintext: r64 00 Ciphertext: 12056e595d56b0f6eef090f0cd25a20949248c2790525d0f930218ff0b4ddd10a6002239d9a454e29e107a7d06fefdfef0210feba044f9f29b1772c960dc29c0 +# Test: Encrypt Comment: TC3 - Single bit in IV set. All zero key (16-byte key). Key: r16 00 @@ -71,6 +283,7 @@ IV: 0x0100000000000000 Plaintext: r64 00 Ciphertext: 91cdb2f180bc89cfe86b8b6871cd6b3af61abf6eba01635db619c40a0b2e19edfa8ce5a9bd7f53cc2c9bcfea181e9754a9e245731f658cc282c2ae1cab1ae02c Test: Encrypt +# Comment: TC3 - Single bit in IV set. All zero key (32-byte key). Key: r32 00 IV: 0x0100000000000000 @@ -79,38 +292,244 @@ Ciphertext: 64b8bdf87b828c4b6dbaf7ef698de03df8b33f635714418f9836ade59be1296946c9 Test: Encrypt AlgorithmType: SymmetricCipher -Name: ChaCha20 +Name: ChaCha +Source: https://cr.yp.to/streamciphers/timings/estreambench/submissions/salsa20/chacha8/ref/chacha.c +# +Comment: All one's key and IV (16-byte key). +Key: r16 ff +IV: r8 ff +Rounds: 12 +Plaintext: r512 00 +Ciphertext: \ + 60E349E60C38B328C4BAAB90D44A7C727662770D36350D65A1433BD92B00ECF4 \ + 83D5597D7A616258EC3C5D5B30E1C5C85C5DFE2F92423B8E36870F3185B6ADD9 \ + F34DAB6C2BC551898FBDCDFC783F09171CC8B59A8B2852983C3A9B91D29B5761 \ + 12464A9D8E050263E989906F42C7EFCAC8A70A85BB7FF2211273FBD4CAD96142 \ + DB89BA6820D565E1DBA19B70DD2CEB8A9ECA55CA48B92B1B27D4676BE4985508 \ + 9AA6202B811799D95EA5A239C39861D7E4B56E0847C2CCF8FAAA3768268F80D6 \ + 87E6DA5D95C303A3A29D2AB10B392F223F426A1E5400D272083DE05B7BEAB22C \ + 46C667513885DE4EAB9A18660D1247ECFAC6EE049180A4E780158A29D4914F0C \ + B87860D4C30C5F2BFADA2615D09907F7059BD6EA7278BAD8CAF57145B6C431CE \ + E4EB781A9ADDB1CBDB0ADED70CDA2F195FF311888C9A23409A00529B654332BB \ + 0E566990895D96E264D56438619F515E29E023D0C434D56142A1916ED6529476 \ + 7DA1D97911C069FCBF711AA8682A9EA19A41F400BCDF6D9ABFDC518063F5F75D \ + 0060D6F03B9B78577B89C577643E69590518CEEA869665458E027EA27D002767 \ + C22241E8E12C421623B86C667341E0C2E7E3F2FDCC058C26F9A64626CEDFDE08 \ + 35F6A77CF8BF99FB7ABCD3874366E3B8FDAEDF83B58701C08B1F39027A913868 \ + CF84F5C9001701A6ACE8C05C05578E47CA7691F9058C8B7298B756B900BC535A +Test: Encrypt +# +Comment: All one's key and IV (32-byte key). +Key: r32 ff +IV: r8 ff +Rounds: 12 +Plaintext: r512 00 +Ciphertext: \ + 04BF88DAE8E47A228FA47B7E6379434BA664A7D28F4DAB84E5F8B464ADD20C3A \ + CAA69C5AB221A23A57EB5F345C96F4D1322D0A2FF7A9CD43401CD536639A615A \ + 5C9429B55CA3C1B55354559669A154ACA46CD761C41AB8ACE385363B95675F06 \ + 8E18DB5A673C11291BD4187892A9A3A33514F3712B26C13026103298ED76BC9A \ + 19E1C370231E9F3351C2E71C5D0635D8E9908EBEBFBAA1F493C1ACCD015F7D50 \ + 4582C1B3D52449D7A707F5D136BF83E019643902FE052AD8577A037343E128F4 \ + 3514FED8B5B612EBDF26851DE269E2E2398358383CD0067864BFB4E835613E2F \ + AA2B4759C7A615614176A133F6F30D063A64A8274A558773E537DCC0753A1208 \ + 9C90E1574D00E2E444EFC18F1CCFA8EC328163A909C45DFCDB1B92049B2D01D5 \ + DEC0F6F102EB3E63B724B7B0ACD038962CA2A153E6B4756BFBB870D20D30C970 \ + 1EC3FA344E26B02D4CE834630D2A1889DF42F07D48EA08609FAC95DF29BAEF9B \ + 89BC66265947A35085F7C19BF30CA6019E48A736FDBB1E49236B3538F2F9FE98 \ + 2882B0524FD01F213F016326ADCD8503DCD928EFC1A02F824B9E9D998CD73EF2 \ + 5D52E6E6BB2FF8B0284C7565E26868EFD6C1A86DAD733417FB80606EB5BB3A9F \ + 5E16F52D6857A1A602A7FC6DDD578CA868F1E51AADD3209034A4740036DE08A7 \ + A906067C997F01E4E334CBA913407C7A462A968B272834D2D66DF24922F4302C +Test: Encrypt +# +Comment: All one's key and IV (16-byte key). +Key: r16 ff +IV: r8 ff +Rounds: 12 +Seek: 32 +Plaintext: r64 00 +Ciphertext: \ + 83D5597D7A616258EC3C5D5B30E1C5C85C5DFE2F92423B8E36870F3185B6ADD9 \ + F34DAB6C2BC551898FBDCDFC783F09171CC8B59A8B2852983C3A9B91D29B5761 +Test: Encrypt +# +Comment: All one's key and IV (32-byte key). +Key: r32 ff +IV: r8 ff +Rounds: 12 +Seek: 32 +Plaintext: r64 00 +Ciphertext: \ + CAA69C5AB221A23A57EB5F345C96F4D1322D0A2FF7A9CD43401CD536639A615A \ + 5C9429B55CA3C1B55354559669A154ACA46CD761C41AB8ACE385363B95675F06 +Test: Encrypt +# +Comment: Counter crosses 32-bit boundary (0xffffffff*64) +Key: r32 00 +IV: r8 00 +Rounds: 12 +Seek64: 0x3FFFFFFFC0 +Plaintext: r1024 00 +Ciphertext: \ + D7A6AF50F1C92A29484252BBFCE206F17D01DD139530A3830AB583C1F62E0312 \ + 829361A19A8A956CEDEA380430FF932CD052DB5E9477835058B80A272406FC74 \ + CC7B53DC11894D26240581B8A8F4F4E5AF406705801223B13F821FDCCBA6A618 \ + 8A63F8D3DC83CCBCED451F4BA4E0DAAB228ABB0D7439CC67E50DF7129F646BAD \ + A0F5387AF3FAEC30DC25783285275137394EB539AF19DDC286C20DDFD252F85A \ + 5D1B9D76F6A4F4C97A49275C18DC040B77432865988C49D2EC9C4366BE926481 \ + 7F146661C007B7558ABB6C0B5EE94F722913A34AB3AB248031B5929DA1CDE7E3 \ + B33DBF441151CD1770073C28D794351A4C42E6DC3B418ED7118BF314CF26AB99 \ + E855F6C00854E00D63BFD389EDEA3D557C5016EEF3DFC00D8FF1FE76566AC486 \ + 51AF4F61CEE3290B007BE9ADF56C3DD30CD4403C78C5AF2603C60F8CC4DC625B \ + 44A2EB21492D383DF430D07E77DCEE44BA9DD8E806C7170D4AE3AD93586AD6A2 \ + FD12501335D0AB7CE42675A0F3D129D25250537E544569EA4D659B052207AEEF \ + F458FB1C81B45276B5A7A9BD1FA682FA4CBA0B9284291F11FBBAA363E7F4D1B6 \ + 9F6BB7FB3D7BBCF4E4C8F5722FE26DD5DE12E9A2722C71A075EBD5AE3BEDF296 \ + 1CD31D059EDB1E58DE97C9BD64A8C06F91F2699C47B950B3E4742E5423D6FA12 \ + 0F085C504E4A89F82C5ECAA2459C9F54057DEEE5CD201BF5B96BF1F7CC0A246C \ + 01EC149DCC8A5A59FCC7B38CE4EA15692CB65587D584414A8BC7EC9A982E92ED \ + 9275377792A06C5B8E594FFEFC630BA11209AEF8763531255E522B078CC8B4EC \ + 74BD3AFA9BC4A6C39B3B7A00A706BDD8FC24E97335BB22270BECDDB3E3580812 \ + A414586C361D58A9F63836B3D458F2AC43A6099C4031F185E5FA7ACF6946D47A \ + 47CBA42630D0F39B741FBE29E105DF2DF833B790DE6E825DBF38123DE2C44521 \ + A555300EA7FF7949DD19B09FFE192C109A3C132337B6ED69C50F552D658AB83C \ + 5A6966CAA246168FF5443B305CF53E1B601C44C7D402BEDB8BFFB066C9EC3B1B \ + D886235BDFD5CD426323CCDF8E48A1EC39BCF51081683E54E68E7C680CA026DA \ + 7DC1AD922D2B8B28A815974A7D25FA363AF164A3359F88324E547EF36BE98247 \ + E4A4698CAF902D5926EE148D0ED957AB34FE1BFAA82791B7BEB42E358611DF0F \ + 95FDA7D00918DC1CFA14AD34139DE2C14DB762F54BB5A475891C33BF4259B8CF \ + DE0D19DA0CA374F40A48E32685C94795E085813D3DD3771C5B3B1EDF242897E5 \ + DA6044325924559C49CC1F88957CEBB2E935772A831578604C898968F331B8D3 \ + 8B9CDE84C404515402C6A1D5E68C4115D86A571E1DD983CD56E8BF78A3C3C870 \ + 55674CAF12B50AD4A318899C62F0E549D24EB2FC2D63A57B1B9FA5474B7627A7 \ + 0DA5BD3D1899134E5546AF682E97517DD9C4FE5374C640DFCC134C5A4762FB1E +Test: Encrypt +# +Comment: Counter crosses 32-bit boundary (0xfffffffe*64) +Key: r32 00 +IV: r8 00 +Rounds: 12 +Seek64: 0x3FFFFFFF80 +Plaintext: r1024 00 +Ciphertext: \ + 0502A68D6D5350892D5EE33F1286AEA1897CE4EF1DFE002C49C3D27A497994EB \ + 7DBE6CA85D5E0C80814D4BA29D57FA8AF838DCC5CD3E62D0D62331D8DAB0B50F \ + D7A6AF50F1C92A29484252BBFCE206F17D01DD139530A3830AB583C1F62E0312 \ + 829361A19A8A956CEDEA380430FF932CD052DB5E9477835058B80A272406FC74 \ + CC7B53DC11894D26240581B8A8F4F4E5AF406705801223B13F821FDCCBA6A618 \ + 8A63F8D3DC83CCBCED451F4BA4E0DAAB228ABB0D7439CC67E50DF7129F646BAD \ + A0F5387AF3FAEC30DC25783285275137394EB539AF19DDC286C20DDFD252F85A \ + 5D1B9D76F6A4F4C97A49275C18DC040B77432865988C49D2EC9C4366BE926481 \ + 7F146661C007B7558ABB6C0B5EE94F722913A34AB3AB248031B5929DA1CDE7E3 \ + B33DBF441151CD1770073C28D794351A4C42E6DC3B418ED7118BF314CF26AB99 \ + E855F6C00854E00D63BFD389EDEA3D557C5016EEF3DFC00D8FF1FE76566AC486 \ + 51AF4F61CEE3290B007BE9ADF56C3DD30CD4403C78C5AF2603C60F8CC4DC625B \ + 44A2EB21492D383DF430D07E77DCEE44BA9DD8E806C7170D4AE3AD93586AD6A2 \ + FD12501335D0AB7CE42675A0F3D129D25250537E544569EA4D659B052207AEEF \ + F458FB1C81B45276B5A7A9BD1FA682FA4CBA0B9284291F11FBBAA363E7F4D1B6 \ + 9F6BB7FB3D7BBCF4E4C8F5722FE26DD5DE12E9A2722C71A075EBD5AE3BEDF296 \ + 1CD31D059EDB1E58DE97C9BD64A8C06F91F2699C47B950B3E4742E5423D6FA12 \ + 0F085C504E4A89F82C5ECAA2459C9F54057DEEE5CD201BF5B96BF1F7CC0A246C \ + 01EC149DCC8A5A59FCC7B38CE4EA15692CB65587D584414A8BC7EC9A982E92ED \ + 9275377792A06C5B8E594FFEFC630BA11209AEF8763531255E522B078CC8B4EC \ + 74BD3AFA9BC4A6C39B3B7A00A706BDD8FC24E97335BB22270BECDDB3E3580812 \ + A414586C361D58A9F63836B3D458F2AC43A6099C4031F185E5FA7ACF6946D47A \ + 47CBA42630D0F39B741FBE29E105DF2DF833B790DE6E825DBF38123DE2C44521 \ + A555300EA7FF7949DD19B09FFE192C109A3C132337B6ED69C50F552D658AB83C \ + 5A6966CAA246168FF5443B305CF53E1B601C44C7D402BEDB8BFFB066C9EC3B1B \ + D886235BDFD5CD426323CCDF8E48A1EC39BCF51081683E54E68E7C680CA026DA \ + 7DC1AD922D2B8B28A815974A7D25FA363AF164A3359F88324E547EF36BE98247 \ + E4A4698CAF902D5926EE148D0ED957AB34FE1BFAA82791B7BEB42E358611DF0F \ + 95FDA7D00918DC1CFA14AD34139DE2C14DB762F54BB5A475891C33BF4259B8CF \ + DE0D19DA0CA374F40A48E32685C94795E085813D3DD3771C5B3B1EDF242897E5 \ + DA6044325924559C49CC1F88957CEBB2E935772A831578604C898968F331B8D3 \ + 8B9CDE84C404515402C6A1D5E68C4115D86A571E1DD983CD56E8BF78A3C3C870 +Test: Encrypt +# +Comment: Counter crosses 32-bit boundary (0xfffffffc*64) +Key: r32 00 +IV: r8 00 +Rounds: 12 +Seek64: 0x3FFFFFFF00 +Plaintext: r1024 00 +Ciphertext: \ + 5892C27AFFC04BFF6D877D6958F973D7918E9423C8E92696658A8D47B7231F8E \ + FEEC34D15E07621D51EE87D4FB3368483B3722B0CED3580C792C3988F781AF0D \ + 3460198B28EAB8115D4E75F4AD994CE2619B7942CFF8F862D77655A80F539097 \ + 4DB43CC4CFC895FECAD6465E81AF7174140D9D4F54A288A343EB1321207D4ADD \ + 0502A68D6D5350892D5EE33F1286AEA1897CE4EF1DFE002C49C3D27A497994EB \ + 7DBE6CA85D5E0C80814D4BA29D57FA8AF838DCC5CD3E62D0D62331D8DAB0B50F \ + D7A6AF50F1C92A29484252BBFCE206F17D01DD139530A3830AB583C1F62E0312 \ + 829361A19A8A956CEDEA380430FF932CD052DB5E9477835058B80A272406FC74 \ + CC7B53DC11894D26240581B8A8F4F4E5AF406705801223B13F821FDCCBA6A618 \ + 8A63F8D3DC83CCBCED451F4BA4E0DAAB228ABB0D7439CC67E50DF7129F646BAD \ + A0F5387AF3FAEC30DC25783285275137394EB539AF19DDC286C20DDFD252F85A \ + 5D1B9D76F6A4F4C97A49275C18DC040B77432865988C49D2EC9C4366BE926481 \ + 7F146661C007B7558ABB6C0B5EE94F722913A34AB3AB248031B5929DA1CDE7E3 \ + B33DBF441151CD1770073C28D794351A4C42E6DC3B418ED7118BF314CF26AB99 \ + E855F6C00854E00D63BFD389EDEA3D557C5016EEF3DFC00D8FF1FE76566AC486 \ + 51AF4F61CEE3290B007BE9ADF56C3DD30CD4403C78C5AF2603C60F8CC4DC625B \ + 44A2EB21492D383DF430D07E77DCEE44BA9DD8E806C7170D4AE3AD93586AD6A2 \ + FD12501335D0AB7CE42675A0F3D129D25250537E544569EA4D659B052207AEEF \ + F458FB1C81B45276B5A7A9BD1FA682FA4CBA0B9284291F11FBBAA363E7F4D1B6 \ + 9F6BB7FB3D7BBCF4E4C8F5722FE26DD5DE12E9A2722C71A075EBD5AE3BEDF296 \ + 1CD31D059EDB1E58DE97C9BD64A8C06F91F2699C47B950B3E4742E5423D6FA12 \ + 0F085C504E4A89F82C5ECAA2459C9F54057DEEE5CD201BF5B96BF1F7CC0A246C \ + 01EC149DCC8A5A59FCC7B38CE4EA15692CB65587D584414A8BC7EC9A982E92ED \ + 9275377792A06C5B8E594FFEFC630BA11209AEF8763531255E522B078CC8B4EC \ + 74BD3AFA9BC4A6C39B3B7A00A706BDD8FC24E97335BB22270BECDDB3E3580812 \ + A414586C361D58A9F63836B3D458F2AC43A6099C4031F185E5FA7ACF6946D47A \ + 47CBA42630D0F39B741FBE29E105DF2DF833B790DE6E825DBF38123DE2C44521 \ + A555300EA7FF7949DD19B09FFE192C109A3C132337B6ED69C50F552D658AB83C \ + 5A6966CAA246168FF5443B305CF53E1B601C44C7D402BEDB8BFFB066C9EC3B1B \ + D886235BDFD5CD426323CCDF8E48A1EC39BCF51081683E54E68E7C680CA026DA \ + 7DC1AD922D2B8B28A815974A7D25FA363AF164A3359F88324E547EF36BE98247 \ + E4A4698CAF902D5926EE148D0ED957AB34FE1BFAA82791B7BEB42E358611DF0F +Test: Encrypt + +################################################# + +AlgorithmType: SymmetricCipher +Name: ChaCha Source: http://tools.ietf.org/html/draft-strombergson-chacha-test-vectors +# Comment: TC1 - All zero key and IV (16-byte key). Key: r16 00 IV: r8 00 +Rounds: 20 Plaintext: r64 00 Ciphertext: 89670952608364fd00b2f90936f031c8e756e15dba04b8493d00429259b20f46cc04f111246b6c2ce066be3bfb32d9aa0fddfbc12123d4b9e44f34dca05a103f Test: Encrypt +# Comment: TC1 - All zero key and IV (32-byte key). Key: r32 00 IV: r8 00 Plaintext: r64 00 Ciphertext: 76b8e0ada0f13d90405d6ae55386bd28bdd219b8a08ded1aa836efcc8b770dc7da41597c5157488d7724e03fb8d84a376a43b8f41518a11cc387b669b2ee6586 Test: Encrypt +# Comment: TC2 - Single bit in key set. All zero IV (16-byte key). Key: 0x01000000000000000000000000000000 IV: r8 00 Plaintext: r64 00 Ciphertext: ae56060d04f5b597897ff2af1388dbceff5a2a4920335dc17a3cb1b1b10fbe70ece8f4864d8c7cdf0076453a8291c7dbeb3aa9c9d10e8ca36be4449376ed7c42 Test: Encrypt +# Comment: TC2 - Single bit in key set. All zero IV (32-byte key). Key: 0x0100000000000000000000000000000000000000000000000000000000000000 IV: r8 00 Plaintext: r64 00 Ciphertext: c5d30a7ce1ec119378c84f487d775a8542f13ece238a9455e8229e888de85bbd29eb63d0a17a5b999b52da22be4023eb07620a54f6fa6ad8737b71eb0464dac0 Test: Encrypt +# Comment: TC3 - Single bit in IV set. All zero key (16-byte key). Key: r16 00 IV: 0x0100000000000000 Plaintext: r64 00 Ciphertext: 1663879eb3f2c9949e2388caa343d361bb132771245ae6d027ca9cb010dc1fa7178dc41f8278bc1f64b3f12769a24097f40d63a86366bdb36ac08abe60c07fe8 Test: Encrypt +# Comment: TC3 - Single bit in IV set. All zero key (32-byte key). Key: r32 00 IV: 0x0100000000000000 @@ -118,3 +537,240 @@ Plaintext: r64 00 Ciphertext: ef3fdfd6c61578fbf5cf35bd3dd33b8009631634d21e42ac33960bd138e50d32111e4caf237ee53ca8ad6426194a88545ddc497a0b466e7d6bbdb0041b2f586b Test: Encrypt +AlgorithmType: SymmetricCipher +Name: ChaCha +Source: https://cr.yp.to/streamciphers/timings/estreambench/submissions/salsa20/chacha8/ref/chacha.c +# +Comment: All one's key and IV (16-byte key). +Key: r16 ff +IV: r8 ff +Rounds: 20 +Plaintext: r512 00 +Ciphertext: \ + 992947C3966126A0E660A3E95DB048DE091FB9E0185B1E41E41015BB7EE50150 \ + 399E4760B262F9D53F26D8DD19E56F5C506AE0C3619FA67FB0C408106D0203EE \ + 40EA3CFA61FA32A2FDA8D1238A2135D9D4178775240F99007064A6A7F0C731B6 \ + 7C227C52EF796B6BED9F9059BA0614BCF6DD6E38917F3B150E576375BE50ED67 \ + B0EDE573FD64189655C22A452CA343A3F63DE7A2BF75DB4BC5EC87AE6B3818E0 \ + E4FB1DE2CC047982D6A9FEF37B9D3A11D6329AB81A9ED9FDAB565EE99DDEA1FE \ + D207921A4169C3F1B212A886E6AE48FB19E9AF414915B087F9AF7F74EEA49732 \ + ED08500D8EEBD8083F9101984E30D4162D3C0A8BE4F18B22491A61DF53A7E629 \ + 3406AF356940F23C66A4E2A4CE7284C30DCAC3C58B4491D755B02BC91F864E24 \ + 9097953A8D81737B8CFA80407571E3CC6BA716D1FAAD50209B737665563684B0 \ + 201D668B79D23D68BA41C92EDB2C66119C662E19B3A317FE1D7F4B7E52211FC2 \ + 16EE14FB9E7B063D8010036C5C18F73084448A514A4EA32A8FB74E40ADBDBAEE \ + 14F371872A3864D80695049098ED1B69E425E55BE5B27DD41255E24A27484CDB \ + EBD332BCCFE8CC4FFC4669E2EAC7B6202BF1D966AA24C0110DFB80E68A12973B \ + 5A9793643E862A891DBCF2321F362B9977306405EACD5BB0CB09316803F70F0D \ + 2CE2AF1C267EB944314DDC515412600FCB7D0A3EC16FDD105F5A4C8507DB36AA +Test: Encrypt +# +Comment: All one's key and IV (32-byte key). +Key: r32 ff +IV: r8 ff +Rounds: 20 +Plaintext: r512 00 +Ciphertext: \ + D9BF3F6BCE6ED0B54254557767FB57443DD4778911B606055C39CC25E674B836 \ + 3FEABC57FDE54F790C52C8AE43240B79D49042B777BFD6CB80E931270B7F50EB \ + 5BAC2ACD86A836C5DC98C116C1217EC31D3A63A9451319F097F3B4D6DAB07787 \ + 19477D24D24B403A12241D7CCA064F790F1D51CCAFF6B1667D4BBCA1958C4306 \ + 2D83C32143F7D743A87F710C3202AF7D30046775865F3934958597BB38FFE32C \ + 7C5B456E3E5457D203BB45D304D014D46709EA4DB71A935EFC388CEFA5B894E5 \ + D1076A95EC7791AB0AD55C2A2FAC3C61E35BAE153036763326D632C9E004BC6D \ + A45D5FC9486C29F002E40A7AB619DDCA1A660765F853C77E1FF44C2A4F49344F \ + 7530DC05190BD9A256FE38CEDE7DAA540904135BEC993088E712276467166A63 \ + 04F1FC26C9DDA89CEE93D15441C88FC15E143DB941BBB42424A36E5C8F5AAA49 \ + 2BFEED0BA93348AA786F40114F4895A6B21A11DB8937A510B2A099F75C1E03E7 \ + A6E3E281EC9C66D400F36C232798C6496048028C8D7320F43E97A56D6C4D1183 \ + 8FD5DD8F45DF7DE235225B5F1C41C3AFED4EC0526AB38DCB8597770803F1261C \ + D22CFEAEC86612E53DEFC29848C055053C6B1D462A3CF09B228E47211AFBA0AF \ + 4E4C2B336E6EE2F471823808523F073C1BC8785D258AC2BD580209A82A875273 \ + 93DF828B6A6728ABD7AAD0485BFF5CE92C8DB78B1E63929FC76A905E8C7AF310 +Test: Encrypt +# +Comment: All one's key and IV (16-byte key). +Key: r16 ff +IV: r8 ff +Rounds: 20 +Seek: 32 +Plaintext: r64 00 +Ciphertext: \ + 399E4760B262F9D53F26D8DD19E56F5C506AE0C3619FA67FB0C408106D0203EE \ + 40EA3CFA61FA32A2FDA8D1238A2135D9D4178775240F99007064A6A7F0C731B6 +Test: Encrypt +# +Comment: All one's key and IV (32-byte key). +Key: r32 ff +IV: r8 ff +Rounds: 20 +Seek: 32 +Plaintext: r64 00 +Ciphertext: \ + 3FEABC57FDE54F790C52C8AE43240B79D49042B777BFD6CB80E931270B7F50EB \ + 5BAC2ACD86A836C5DC98C116C1217EC31D3A63A9451319F097F3B4D6DAB07787 +Test: Encrypt +# +Comment: Counter crosses 32-bit boundary (0xffffffff*64) +Key: r32 00 +IV: r8 00 +Rounds: 20 +Seek64: 0x3FFFFFFFC0 +Plaintext: r1024 00 +Ciphertext: \ + ACE4CD09E294D1912D4AD205D06F95D9C2F2BFCF453E8753F128765B62215F4D \ + 92C74F2F626C6A640C0B1284D839EC81F1696281DAFC3E684593937023B58B1D \ + 3DB41D3AA0D329285DE6F225E6E24BD59C9A17006943D5C9B680E3873BDC683A \ + 5819469899989690C281CD17C96159AF0682B5B903468A61F50228CF09622B5A \ + 46F0F6EFEE15C8F1B198CB49D92B990867905159440CC723916DC00128269810 \ + 39CE1766AA2542B05DB3BD809AB142489D5DBFE1273E7399637B4B3213768AAA \ + 89B1889375E99FE2442C4F68ADF54158F4B8135713D00999B92B38E3AAFE5FF4 \ + 959B1834BE3DC54FC36AA9D32EB121E0F688B90E7C7E2649F4AAEF407BDD2B94 \ + 09EFEC03114CB5D4FFD1788E0FE1897BD176C1311E368368C657A5EE55C9CA03 \ + CC71744F030822D53A0486A97B9D98240274FADEAF262BD81B58BCE3DFA98414 \ + C24B5BC517FD91993A6B2E6232B0502125C6F48A6921E2DDA8EB6B3C4ECF2AAE \ + 889602AD90B5D2537FF45DF525C67B983B51DBD23E1280AA656EAE85B63CC42D \ + E8C70E7C19C1D66E3F902BEA9D1ACFD3326B5985AD7C8CABD431ACBC62976CE5 \ + 23C938EA447D4AF0F560DC52B0AB1D7D66A42AB8272E2C40BD66470FE6F68846 \ + 12A11D899A0B7EB54907BBEDD6483EFCED1F15621D4673FF928C5AAB5F465257 \ + 123679EF17C39648C537E150108E0F6608732E9F5B240689EEB5402FA04CCB89 \ + B7CA9649A361C526B41ED110402D9497715B03441118BC4953FCBEF395267570 \ + BD43EC0EEF7B6167F14FED205EB812907D0C134DC49FA5B18F5A3A3A9BD0A71B \ + 2FFE445EE4FABEB4054CC922BA360E4589B681F01E2A43B5A0C0F0C39A5ADB94 \ + B3BC2D20FF7F287FDF17F53B7CB5E3A1ABD46FC0819A3559C03C6B4106603066 \ + 359A4A09B468B6DFEF8A363C7B31D9E88ABB85914F4A27C30E9915C66AAC3576 \ + 9E481C87AEE4C3138CF40F288ED3C172FFC17D3D78F8D32C3C756C13CFBFB95F \ + 3ECCE6D8B54344D78998F58148C4B43B1A6201ABFF3D4FB4B76E3BBA104CFAA5 \ + 5D8DA4319A9E0606644B07DC204E9635502186C1EF9E43322EFD69F86D4DA1F6 \ + A98BF0B800BA04BD9FBA5C5BE8EC49D48D9EECBADEE669EF69C9522C730110BB \ + 8339AF0E45185262C9183307C5EEA59DE5095CAC26E8428D4CA9E44DCF8FC7B4 \ + 1F9624A2DBA36F44415BAC489BF46CB6BB1BD2B70D719772FDABB3B166EA615A \ + BDF208C39BA8A708D933CBC8A3236D4A15629FCAA35E00C2B361527326E7AB51 \ + 409A7DE42C9093346E41D3A3C4529D9557BBC01EEFF927F1052B5E02F74542B0 \ + 4E78F1E933C67DBC2C9187527C86DA77F045D4B07CF646BA9547646905F1F117 \ + 0C503C0AEC51EC93F303D61756318EF5999B4B8EFE1C7D74B8FF0E9FD0BAEB55 \ + 585F41AADA7A83ED42153BF9D87349AD100D40D25B1B05423E56761A32DD01A9 +Test: Encrypt +# +Comment: Counter crosses 32-bit boundary (0xfffffffe*64) +Key: r32 00 +IV: r8 00 +Rounds: 20 +Seek64: 0x3FFFFFFF80 +Plaintext: r1024 00 +Ciphertext: \ + 032CC123482C31711F94C941AF5AB1F4155784332ED5348FE79AEC5EAD4C06C3 \ + F13C280D8CC49925E4A6A5922EC80E13A4CDFA840C70A1427A3CB699166991A5 \ + ACE4CD09E294D1912D4AD205D06F95D9C2F2BFCF453E8753F128765B62215F4D \ + 92C74F2F626C6A640C0B1284D839EC81F1696281DAFC3E684593937023B58B1D \ + 3DB41D3AA0D329285DE6F225E6E24BD59C9A17006943D5C9B680E3873BDC683A \ + 5819469899989690C281CD17C96159AF0682B5B903468A61F50228CF09622B5A \ + 46F0F6EFEE15C8F1B198CB49D92B990867905159440CC723916DC00128269810 \ + 39CE1766AA2542B05DB3BD809AB142489D5DBFE1273E7399637B4B3213768AAA \ + 89B1889375E99FE2442C4F68ADF54158F4B8135713D00999B92B38E3AAFE5FF4 \ + 959B1834BE3DC54FC36AA9D32EB121E0F688B90E7C7E2649F4AAEF407BDD2B94 \ + 09EFEC03114CB5D4FFD1788E0FE1897BD176C1311E368368C657A5EE55C9CA03 \ + CC71744F030822D53A0486A97B9D98240274FADEAF262BD81B58BCE3DFA98414 \ + C24B5BC517FD91993A6B2E6232B0502125C6F48A6921E2DDA8EB6B3C4ECF2AAE \ + 889602AD90B5D2537FF45DF525C67B983B51DBD23E1280AA656EAE85B63CC42D \ + E8C70E7C19C1D66E3F902BEA9D1ACFD3326B5985AD7C8CABD431ACBC62976CE5 \ + 23C938EA447D4AF0F560DC52B0AB1D7D66A42AB8272E2C40BD66470FE6F68846 \ + 12A11D899A0B7EB54907BBEDD6483EFCED1F15621D4673FF928C5AAB5F465257 \ + 123679EF17C39648C537E150108E0F6608732E9F5B240689EEB5402FA04CCB89 \ + B7CA9649A361C526B41ED110402D9497715B03441118BC4953FCBEF395267570 \ + BD43EC0EEF7B6167F14FED205EB812907D0C134DC49FA5B18F5A3A3A9BD0A71B \ + 2FFE445EE4FABEB4054CC922BA360E4589B681F01E2A43B5A0C0F0C39A5ADB94 \ + B3BC2D20FF7F287FDF17F53B7CB5E3A1ABD46FC0819A3559C03C6B4106603066 \ + 359A4A09B468B6DFEF8A363C7B31D9E88ABB85914F4A27C30E9915C66AAC3576 \ + 9E481C87AEE4C3138CF40F288ED3C172FFC17D3D78F8D32C3C756C13CFBFB95F \ + 3ECCE6D8B54344D78998F58148C4B43B1A6201ABFF3D4FB4B76E3BBA104CFAA5 \ + 5D8DA4319A9E0606644B07DC204E9635502186C1EF9E43322EFD69F86D4DA1F6 \ + A98BF0B800BA04BD9FBA5C5BE8EC49D48D9EECBADEE669EF69C9522C730110BB \ + 8339AF0E45185262C9183307C5EEA59DE5095CAC26E8428D4CA9E44DCF8FC7B4 \ + 1F9624A2DBA36F44415BAC489BF46CB6BB1BD2B70D719772FDABB3B166EA615A \ + BDF208C39BA8A708D933CBC8A3236D4A15629FCAA35E00C2B361527326E7AB51 \ + 409A7DE42C9093346E41D3A3C4529D9557BBC01EEFF927F1052B5E02F74542B0 \ + 4E78F1E933C67DBC2C9187527C86DA77F045D4B07CF646BA9547646905F1F117 +Test: Encrypt +# +Comment: Counter crosses 32-bit boundary (0xfffffffc*64) +Key: r32 00 +IV: r8 00 +Rounds: 20 +Seek64: 0x3FFFFFFF00 +Plaintext: r1024 00 +Ciphertext: \ + 98E5E54215C14F994E957FD3DD6A0309DFC3512CF12937F859A58725F16E9D4C \ + 3BFBA511BE065C2AE7452DA187096671731A9954137BA780B808F9E93C919871 \ + 582CB23E8F29E3B966B29D19E01A01DEBB32A8635CF49A1B178C3CD53CBF3EC5 \ + 12DD6174690DA38FDA7C125351035F99E61042C5DCFA0C312E002F0DC99962DC \ + 032CC123482C31711F94C941AF5AB1F4155784332ED5348FE79AEC5EAD4C06C3 \ + F13C280D8CC49925E4A6A5922EC80E13A4CDFA840C70A1427A3CB699166991A5 \ + ACE4CD09E294D1912D4AD205D06F95D9C2F2BFCF453E8753F128765B62215F4D \ + 92C74F2F626C6A640C0B1284D839EC81F1696281DAFC3E684593937023B58B1D \ + 3DB41D3AA0D329285DE6F225E6E24BD59C9A17006943D5C9B680E3873BDC683A \ + 5819469899989690C281CD17C96159AF0682B5B903468A61F50228CF09622B5A \ + 46F0F6EFEE15C8F1B198CB49D92B990867905159440CC723916DC00128269810 \ + 39CE1766AA2542B05DB3BD809AB142489D5DBFE1273E7399637B4B3213768AAA \ + 89B1889375E99FE2442C4F68ADF54158F4B8135713D00999B92B38E3AAFE5FF4 \ + 959B1834BE3DC54FC36AA9D32EB121E0F688B90E7C7E2649F4AAEF407BDD2B94 \ + 09EFEC03114CB5D4FFD1788E0FE1897BD176C1311E368368C657A5EE55C9CA03 \ + CC71744F030822D53A0486A97B9D98240274FADEAF262BD81B58BCE3DFA98414 \ + C24B5BC517FD91993A6B2E6232B0502125C6F48A6921E2DDA8EB6B3C4ECF2AAE \ + 889602AD90B5D2537FF45DF525C67B983B51DBD23E1280AA656EAE85B63CC42D \ + E8C70E7C19C1D66E3F902BEA9D1ACFD3326B5985AD7C8CABD431ACBC62976CE5 \ + 23C938EA447D4AF0F560DC52B0AB1D7D66A42AB8272E2C40BD66470FE6F68846 \ + 12A11D899A0B7EB54907BBEDD6483EFCED1F15621D4673FF928C5AAB5F465257 \ + 123679EF17C39648C537E150108E0F6608732E9F5B240689EEB5402FA04CCB89 \ + B7CA9649A361C526B41ED110402D9497715B03441118BC4953FCBEF395267570 \ + BD43EC0EEF7B6167F14FED205EB812907D0C134DC49FA5B18F5A3A3A9BD0A71B \ + 2FFE445EE4FABEB4054CC922BA360E4589B681F01E2A43B5A0C0F0C39A5ADB94 \ + B3BC2D20FF7F287FDF17F53B7CB5E3A1ABD46FC0819A3559C03C6B4106603066 \ + 359A4A09B468B6DFEF8A363C7B31D9E88ABB85914F4A27C30E9915C66AAC3576 \ + 9E481C87AEE4C3138CF40F288ED3C172FFC17D3D78F8D32C3C756C13CFBFB95F \ + 3ECCE6D8B54344D78998F58148C4B43B1A6201ABFF3D4FB4B76E3BBA104CFAA5 \ + 5D8DA4319A9E0606644B07DC204E9635502186C1EF9E43322EFD69F86D4DA1F6 \ + A98BF0B800BA04BD9FBA5C5BE8EC49D48D9EECBADEE669EF69C9522C730110BB \ + 8339AF0E45185262C9183307C5EEA59DE5095CAC26E8428D4CA9E44DCF8FC7B4 +Test: Encrypt +# +Comment: Counter crosses 32-bit boundary (0xfffffff0*64) +Key: r32 00 +IV: r8 00 +Rounds: 20 +Seek64: 0x3FFFFFFC00 +Plaintext: r1024 00 +Ciphertext: \ + 35C5DDFAD2617B5A6BEDDCE1AF0C115DBD221D7E6760D5520A74EEA6EB1F9C70 \ + 3307014CCC1AF56B7B72266E087C4193B4230DE3023D86CFAE19A9B71591E2C0 \ + 8513AFB2CD7D939B5703E6883D460489FF00E3CE6EB5E1ECA5E31B2A895BDB85 \ + 6B3DE177489BDFDD97AB26141F94C771EBB94D187F2BF64172D3DC5F6FEB7123 \ + 4C0715DCF16BA0EDD15E8505FA3A97DA766C9348030A4BBA5734617027FC9E47 \ + 1125AA19C74296AC9CEA414955EBF0F6781E447978F287C1201A481A07BB0F92 \ + D7865365B38F87A915FC08A8925DB1124A6477F01B88EB0687606A8C53155E6F \ + 128FB6FFD03F83BFF2C719A94438CEF64219E1DEE94AD2371985B45BB8544335 \ + BCF1CBBA01AAD69D86140AD06553B30817AC31AD88CCE6DC45E493BCF7903955 \ + B4B4EB4EFD1537B6BC772AD80CCBC2721A5359A143B999FFFB5F85F9C46A1938 \ + 73554FD4FD66962C08D661323BD13E367EE6E64B0F7843BE9B91BD285184350C \ + F9FF7710208FEFFB7B7F75E46504BC4EB1DB05021EAF656528F5D04C60D71152 \ + 7C307A8EDA4DE7F391B9924BC18EF13E4ACEF8622C724A2CDA344214415E0613 \ + 9C057CA6FD78417F38D7C86B53D3484F085397A21594409ECA7C5D193802D33C \ + FD1C44E7C93185B3D8101E4A0C184B13F221BF40097A9C0DBBD5932D90BD342F \ + A6F56654A7507E902AD9416EC69D692E19372707F530B4998BE876CD772B3933 \ + 7035102B0F813905C4339FF8F0DC621CA2BC76F6A99163E0751BE6F7968D9C22 \ + 863A2161DE3126ABB102FCA8AD47A035EA71358F1C418D2BA8AF1AFCB8CEB20D \ + FE012D699B31D5F22828772A13A076F789B4B582E9736CDFA48E317AB1FF5443 \ + 60745F9EFF11847EB86365DC0AB980231B0ACCD8DA22E33867A6C2314D56688E \ + 17F6EC119B6AD7FE0A639F07EE6F7C0B5B88E8D0C97EC901636A7B62202D40D9 \ + 176CF64365065EE642430787DB981190A249B7771759157BA8AA3A253C48338C \ + 9E01BE363682292BB181A75A51C2EEB3069951075DC92CFE58E695AB35364667 \ + 1336BE145FE90B8C75982D565762F7C48B505B19868F36A6C3633450CB9E165E \ + 98E5E54215C14F994E957FD3DD6A0309DFC3512CF12937F859A58725F16E9D4C \ + 3BFBA511BE065C2AE7452DA187096671731A9954137BA780B808F9E93C919871 \ + 582CB23E8F29E3B966B29D19E01A01DEBB32A8635CF49A1B178C3CD53CBF3EC5 \ + 12DD6174690DA38FDA7C125351035F99E61042C5DCFA0C312E002F0DC99962DC \ + 032CC123482C31711F94C941AF5AB1F4155784332ED5348FE79AEC5EAD4C06C3 \ + F13C280D8CC49925E4A6A5922EC80E13A4CDFA840C70A1427A3CB699166991A5 \ + ACE4CD09E294D1912D4AD205D06F95D9C2F2BFCF453E8753F128765B62215F4D \ + 92C74F2F626C6A640C0B1284D839EC81F1696281DAFC3E684593937023B58B1D +Test: Encrypt \ No newline at end of file diff --git a/vendor/cryptopp/vendor_cryptopp/TestVectors/tls_chacha.txt b/vendor/cryptopp/vendor_cryptopp/TestVectors/chacha_tls.txt similarity index 100% rename from vendor/cryptopp/vendor_cryptopp/TestVectors/tls_chacha.txt rename to vendor/cryptopp/vendor_cryptopp/TestVectors/chacha_tls.txt diff --git a/vendor/cryptopp/vendor_cryptopp/TestVectors/cham.txt b/vendor/cryptopp/vendor_cryptopp/TestVectors/cham.txt new file mode 100644 index 00000000..1b45e809 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestVectors/cham.txt @@ -0,0 +1,471 @@ +AlgorithmType: SymmetricCipher +Name: CHAM-64/ECB +# +Source: CHAM paper, Appendix A, test vector 1 +Comment: CHAM-64/ECB, 128-bit key +Key: 0100 0302 0504 0706 0908 0b0a 0d0c 0f0e +Plaintext: 1100 3322 5544 7766 +Ciphertext: 453c 63bc dcfa bf4e +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-64/ECB, 128-bit key +Key: 0277 0a9e a270 1fed 460c c269 9163 e519 +Plaintext: 704a 4e91 eb9b 688d +Ciphertext: ceda d4dc 00e3 800d +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-64/ECB, 128-bit key +Key: 24cd a3e2 c167 92f3 40b6 0017 cabc 07c4 +Plaintext: 115a 31e5 ee65 87f7 +Ciphertext: e1af b96f 3079 4233 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-64/ECB, 128-bit key +Key: 0914 eef6 827c 21b9 c697 05ce b28b 7dd5 +Plaintext: e722 2e2b 0f2c ee49 +Ciphertext: 280d 763b 931b da81 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-64/ECB, 128-bit key +Key: 2fa2 fb02 1cd5 9124 ee27 1ec9 7307 6a13 +Plaintext: 9fc0 8c64 f9f9 8163 +Ciphertext: 0277 8604 1b15 8cb9 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-64/ECB, 128-bit key +Key: 6035 af8d 6d97 6a47 1bc9 cb88 1a4a f2aa +Plaintext: 657b 5980 aad8 468b +Ciphertext: 5684 2bf7 606d 67f8 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-64/ECB, 128-bit key +Key: be3a cf23 eda6 9014 023e 098b 37c3 9b9e +Plaintext: ff83 911e 2f35 84a5 +Ciphertext: 9263 2bf9 9819 783a +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-64/ECB, 128-bit key +Key: ffde 8a15 21c5 fb5e b6b1 1ec9 05aa c629 +Plaintext: 7802 c7a5 d52f 1868 +Ciphertext: f810 fad0 80f0 19bd +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-64/ECB, 128-bit key +Key: fc25 b83f 5058 9cb6 fe7a 5d6c 1635 5cfd +Plaintext: 1ab2 1791 a5d3 05aa +Ciphertext: e733 fd94 c357 d36c +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-64/ECB, 128-bit key +Key: fae3 5e23 e357 3e33 4468 c725 80e5 4a6e +Plaintext: 5dc5 c55f 6b8d 31e2 +Ciphertext: 5bc2 2475 f93f 6cc8 +Test: Encrypt + + + +AlgorithmType: SymmetricCipher +Name: CHAM-128/ECB +# +Source: CHAM paper, Appendix A, test vector 2 +Comment: CHAM-128/ECB, 128-bit key +Key: 03020100 07060504 0b0a0908 0f0e0d0c +Plaintext: 33221100 77665544 bbaa9988 ffeeddcc +Ciphertext: c3746034 b55700c5 8d64ec32 489332f7 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 128-bit key +Key: a37beb01 15c49898 906f6f1c 73f68cf3 +Plaintext: 463e4b34 efe3faa8 d8b74450 967f34d1 +Ciphertext: 30269e99 4d70c5de 7b0bc631 a96a1458 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 128-bit key +Key: ad97ae34 49a65961 46872c23 08a85a00 +Plaintext: 7c241f66 85111245 83d76a6f 8498946b +Ciphertext: 633b6cb9 00b390d8 d1bb84cb d84b9ccf +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 128-bit key +Key: 012ddb51 d216a550 3b1632f3 69930aac +Plaintext: 440a7ce0 23b8499f 991482fd e6069cbe +Ciphertext: b2b21944 81c5becf 091d3c08 ee6d1749 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 128-bit key +Key: dfd8192b cab7764c 12632c23 95c96b55 +Plaintext: a72c2040 1e652249 6ceb83be d90a2816 +Ciphertext: 0416aae7 302a5219 cd20a3b8 6d879c22 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 128-bit key +Key: c3fe465e dff5a38c 308bcf68 a6d45ba7 +Plaintext: 91167a4b b9641eb2 15195841 f3301521 +Ciphertext: 36d1dd06 e42c583d 9aea8e58 08ee2f3b +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 128-bit key +Key: e7365921 729a2e4b 5e9e2d42 6b53c079 +Plaintext: 9fd5fb98 d2de3459 42cf3edb 2104e849 +Ciphertext: 60f3dd59 406e579e e45a2191 526c5693 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 128-bit key +Key: b880a315 e410aa2d 9d8686e4 ac033a6e +Plaintext: 05251c25 354ded83 67d50c4c 4a73b66f +Ciphertext: e3f879f5 8b41baf8 8b458da7 04343a03 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 128-bit key +Key: f0cb7d27 58d7ac44 937b882d 526fb9f8 +Plaintext: 088ede84 315ef415 2e2e22b1 8b45e765 +Ciphertext: 4ff2532c 66a12b2e 869f476e aab2d53f +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 128-bit key +Key: 28b841b2 9a5e552c e02170c8 fee72a87 +Plaintext: 0fc61c4c fa1db413 9d007659 39df2ba9 +Ciphertext: 6fd504e7 091aca2e 32c88718 3e40b4a4 +Test: Encrypt +# +# +# +Source: CHAM paper, Appendix A, test vector 3 +Comment: CHAM-128/ECB, 256-bit key +Key: 03020100 07060504 0b0a0908 0f0e0d0c f3f2f1f0 f7f6f5f4 fbfaf9f8 fffefdfc +Plaintext: 33221100 77665544 bbaa9988 ffeeddcc +Ciphertext: a899c8a0 c929d55c ab670d38 0c4f7ac8 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 256-bit key +Key: 4031c291 53a38799 8e0a6bad 6098a6c4 e4a852f8 7daf676e 873c3524 e1527db8 +Plaintext: aac76bc0 ec99e00e 9648a939 1a37c8db +Ciphertext: c993c682 1545b60c 456af36c b97628e7 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 256-bit key +Key: 0c7be271 0ee365ff 061b8e43 5dbc63e3 52a08866 634223c9 8f4bcc4f a1223aee +Plaintext: 49eec4dd eb938769 a359a6bf f69353a9 +Ciphertext: 6252cf6f 6524f0ed 0b3a272a 33827bb4 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 256-bit key +Key: 90c69c18 8fcac90f 7c061078 036f3279 5676641c 40358d9f d74867ca 5debd8fa +Plaintext: c27e5d18 985bd57e 25b7164e 5acb6ceb +Ciphertext: c7c15e12 2287fd3d 45875c14 629a042c +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 256-bit key +Key: f7bae93e 170bbccd 42a1d993 a6247a9c ae609194 075045fc 95b22ad9 59e16c9c +Plaintext: 87cc88e7 9f159afe b2e8967b ff1ddd8b +Ciphertext: 0887e541 4b68e67f a46d19ff 948290b6 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 256-bit key +Key: 15747f3e 359c8462 151d0e6d f06abade 06f246e1 c817332b 1fa9102a 52263db4 +Plaintext: 5c11eab6 3fa257df 7da90d0e 1bf46991 +Ciphertext: 3cabb22e 79c7ad8e d502abf8 74e7d3bf +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 256-bit key +Key: 4c70d578 34042fbd 8f4b7c40 89ac864e 1dee8bac 4093f375 308aa073 655098f1 +Plaintext: 68c7097e ab6c6043 87d2bc67 41dece87 +Ciphertext: 362a9742 dd8238a8 d916409a 4a3c11a1 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 256-bit key +Key: 073359a0 5e54c5f8 882ef21f 01be08d5 7d5c5b87 533059a5 204e2bcd 5652dfc5 +Plaintext: ef94e8fb 7bf2aa7c ac73ef0a 294ad1f8 +Ciphertext: 5914594d db44ba25 ac0bfc05 1b92a9fe +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 256-bit key +Key: dc359e46 f5516d84 89885aee 191494fe 25350de0 69275496 1531e563 59f9e0ee +Plaintext: d1c5fbd0 7d1e85fc 7922d741 6a5a44dc +Ciphertext: bbe95a67 06b38ff2 898dfda8 41fe29c7 +Test: Encrypt +# +Source: CHAM reference implementation +Comment: CHAM-128/ECB, 256-bit key +Key: faf3682d cf6e656c 53bd8c06 de0f7f71 678c5a2d 34624762 d88daf37 21d5ad6c +Plaintext: 55b32441 7a787fbc 41b91ab2 9a5bf734 +Ciphertext: 2a7dab0b 6769e989 61578998 7e4be9a7 +Test: Encrypt + + + +AlgorithmType: SymmetricCipher +Name: CHAM-64/CTR +# +Source: Crypto++ 7.0 generated +Comment: CHAM-64/CTR, 128-bit key, 12x blocks +Key: e6b1 552b 7d53 c0d9 8c7b 18a1 b2ef 03bc +IV: cc03 c902 5780 5f72 +Plaintext: 83d2 797e 69c6 ecd4 8fce 53fa c686 6389 d3dd e2b7 1f4d dee0 5cbe b3b2 2064 f8e8 226a 5f52 08ea b683 bfc9 ce0f d268 036f 94f3 60d4 8426 8d2e f8f6 c70c f4a1 95d8 5a4a e07f 1bc8 c339 4420 ee04 1460 9995 727f 284f cad1 ad41 9c48 9c8d 8bf4 9ef3 +Ciphertext: 0fee 544d 6d11 f5c6 44b4 42b6 9513 1617 ca6d 4036 7ffc 5ee0 6312 5896 3012 6b3e 67c3 031a 0c57 1dce 4be8 7888 cbf5 b12e 4b9c 503e 1cfb 76c1 31ba 5b4e 3673 5e1a bd0f d733 4736 1668 f040 f74f a9c7 bdbc 1fda 5e1a bdec 952b 3f64 9750 c7e8 f11c +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-64/CTR, 128-bit key, 12x blocks +Key: 780e 51d6 3741 ca88 8419 7f61 8062 2904 +IV: a7e8 db3a 9264 ec0a +Plaintext: e7ef e7b0 66df b955 580f 6575 881a 06a2 98c2 9f13 40a7 0121 df40 567b d4ae ba67 0446 944e 1cf8 1efd ce4b a7fd 139e 35fd ffa3 ed21 52db 5bb1 0332 4843 6903 5c28 a1c4 70db f7f2 81b0 6d7e e754 448c a220 3a38 6f30 d6df b5dd 9db4 9426 1c15 7aa4 +Ciphertext: 0b95 d934 ea2e 9a67 d37b 8f0f 2d91 7c3f e1bc f6d9 7ef8 a7fd 1ee8 34c3 2cec 7a6e 502a 840e d48e 1f9d 4795 c57c 4ec2 e762 50ce 8e25 e5c5 1b5a 00d7 a203 f453 63b5 d5a1 1c81 4a7a 21f9 0e1e 82ef e41e 4bb7 5b7a a273 164a d8bb 6a9c 76e7 0206 6131 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-64/CTR, 128-bit key, 12x blocks +Key: def3 7285 6fb2 9ca8 37a2 15d2 4190 c3dd +IV: 2d70 2927 e2e5 6b90 +Plaintext: fa0c 3a8c c423 cf46 d8ea 9fb2 2b06 bf16 76ce 84c1 96d9 0795 c09b ecd0 085b 584b 3885 1684 8346 d510 7ad8 d7a9 519c 3b3a d681 3ca3 4e98 61c4 8ff1 142e 2064 33d3 5e61 dd63 206b c4e6 9008 1db5 0abc 249e 4e96 77a4 2764 bce7 dc93 e291 a058 d54e +Ciphertext: dd2f 6c48 f2f0 3915 1be6 9c0e c0f9 510d 1640 de08 152a be0f 4a07 abf1 01ee 5bda ffa3 a59e e22e 1953 8c3e 6cc2 b9ea dfe3 d721 9a32 c4e6 49c0 cfb0 7f1e ad69 9c99 03be f145 c958 d917 d0ea 2503 ec08 ab39 4390 1afa 2e5c 3c13 557c 243b ca75 a703 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-64/CTR, 128-bit key, 12x blocks +Key: 646f b394 917e 6f3e 03f3 f14a 4bea 460d +IV: f92d 20d9 bc67 75f6 +Plaintext: 83db 8ccc cc49 6c58 55fc 79fb d0d0 52b5 5b7a 9378 9d40 e281 777c 0ecc 3c82 99ca f513 ed1a 7740 d0ea 535a 76b6 2f43 0dfe a5dc 937f 878d 95ef f07f 7900 fff7 7c00 e24f 9477 e173 486c 26ef a74b 228e 0f28 2dea feb0 069b e877 ea11 017d b47d 5a79 +Ciphertext: a28b d8d4 e2b6 f076 716d 5769 46de 6fad d74a 3438 dd55 c72b 282a c910 0808 c0dc a421 9991 6f45 a3d0 8d85 864f dfc7 8b4c 69e0 ebbc af39 1a7b d620 5a85 ce9b dee6 4cc1 b88a 742e 5907 ad01 fac0 31f7 01bc 0213 3c40 b2cb ab50 00b5 6ae3 b7c1 3fce +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-64/CTR, 128-bit key, 12x blocks +Key: 9698 a9eb 7003 b35e 47c6 0c0d cd55 fd4d +IV: 96c3 a41c 421c 955d +Plaintext: e7a4 ccd0 0c2d 1f30 e329 1182 dc55 7f92 5e1e 4df1 a77b 4626 09ba 7541 d1f7 6b64 48fd 4cc9 4539 736e 4066 a6db aa62 9617 d3b5 2d14 e414 3981 a911 85c6 93f7 cba4 2976 3ca8 d3be f5bb 6437 ece5 68b9 294f 2ea0 dd4c 3054 b6d0 947a 75d8 9d11 cc78 +Ciphertext: 28c8 d228 36f6 0e5a d9cd 7a8a 8375 3bd6 66e8 beb0 5d64 7d9a d309 d89e eaee b4fb 41e5 d199 c70c 7e33 271e a1ba 8160 e4f5 b720 33ef 96b4 0467 e52d 791a 1983 c2c5 88c3 50ef 9b1f a465 75c8 92c5 9f1f 4715 8c7e d6c9 ee9e d073 8c00 cc9c ce0e 77f5 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-64/CTR, 128-bit key, 12x blocks +Key: 86fa 2b6b d8fc 8486 0c11 f1c2 5b75 ed8a +IV: b318 e5c2 5583 338e +Plaintext: 7860 ba79 52cf e4a4 cc26 4aa5 71d9 7b2e 9273 9a86 38ba 2bec 3ced ddf8 01ed edd9 2786 6e13 e1a6 0a89 92ae 2a09 eb91 c0c4 0006 0a38 3b7a 3ab5 ec0c 9f1a 33f3 e10a 2b75 6f52 8393 31fd 89fb 9697 cd7d d6d3 c33b 988d 9889 dc01 53cd 2f20 be29 811b +Ciphertext: d7a1 f7aa 05cd ce1e 2fcb af67 20eb 1c10 0cb1 45ad 7873 5e7d 0798 4efe fa17 cf54 cc7d 7df1 ec9b 992a f396 50ca 444e 7c98 0608 53a3 6114 d3b0 ec1b c375 6eef 246f e1c4 905d fedd 4df8 c3b1 f177 b948 822d 2243 7311 0d4f 3e8d 95ae 32e3 4457 1edd +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-64/CTR, 128-bit key, 12x blocks +Key: 5ea8 a98f 6f23 329d 6a36 d40e af1d 2d07 +IV: ff5f 72e2 b9f0 5565 +Plaintext: c4c3 1942 dcc1 40a7 00a4 41fc 4be9 d17a 1e6a 3a9f 7bb7 7d3b 7a94 a9c0 5dd7 4608 c98d da75 d556 8642 fc98 a0b7 9482 8849 7c0b 80f1 bea8 fdd4 fc73 aa52 3edb e09d 4414 4952 6831 fa9a 5b48 45ac 0e36 0ce3 a403 3089 b7f8 99c0 394e c429 c945 98b4 +Ciphertext: f93b ed37 941f ece2 1a89 d7dd a11e 8c51 e239 e5fe 70f9 15c8 ac4f c647 60a4 144c 5bd7 4598 822b f4de 3c5c 089f 503d 06c5 bcdf 258a bfa6 c53b eb6b 373c e03b 7438 e626 138a fc4e 3962 352f 33be 7e05 8357 1268 d621 4bc8 5926 737a 056a 8417 5504 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-64/CTR, 128-bit key, 12x blocks +Key: e764 1ae3 84bc ca20 88ab 0eb1 8cc5 cc7f +IV: e1ee 11cb b0de 4400 +Plaintext: 0a44 7fdb 4dba 1167 c521 1521 5637 d376 3bae cab2 ac86 b087 1cf1 44df 4a43 e77f fd74 7687 ee78 d418 60c4 20ef 9ee9 0fda f972 a4c8 3012 56db e159 75cb fc8f 5d16 8f37 749e bed7 b321 5357 998c d35c c3d3 00f3 7038 2aae 386e bcf8 bc0d e2bc d331 +Ciphertext: 9597 b5be 01f8 6981 098a 3f39 9b4f cfc3 27c4 4b89 778f f2f5 2327 c822 b0fd c49d 84ca 1bec ec16 03f8 5031 39ee 9276 41b0 f086 f2fd cbd8 0d09 a6d7 bec3 5112 6f2b 153b 0ab9 92da 8b4f ad6a 3555 7a59 9b65 311f 5277 b50d 4280 7c04 f663 eea5 9d17 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-64/CTR, 128-bit key, 12x blocks +Key: ba7d 1f51 ccd2 1431 e906 310f 981b 66c5 +IV: e41c 02a2 0889 1101 +Plaintext: 28d4 c1d4 ccaf aab1 da91 785a 4b78 a976 6468 b2b9 7422 94c1 aed5 793a 85f3 559a 3720 9197 319b 6756 c8bf 782c c0e4 5297 421e b1d3 8837 6a44 32fb dadd 3a0c cccc 2007 d464 17ed 1743 32c4 771b 27c5 afa5 804b feb9 5e58 cb91 137b b931 bc5d ecc7 +Ciphertext: f22c d112 f7f8 ef29 c47c 45ad 10a4 d781 1138 110a f9ef e229 10aa 1067 2bdd b937 c904 79df 776b 49c3 e52d 6e6a 1cdd 8e1e afb9 f3d5 7278 2083 777e 931e 028a 27c0 fa73 4bec 8114 0dad 4e8c 2490 223c e557 67bc 07d1 f135 9677 da11 05e7 e09c 4473 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-64/CTR, 128-bit key, 12x blocks +Key: 9b58 14a8 d670 c7ce efbb 5e8b d970 9858 +IV: f410 81e9 16d4 704d +Plaintext: 032a 730c 0ba7 1b1e 295e aa2b e229 1bcb ac2d 647b dde3 b1d6 e928 8416 68dd a420 0721 4f46 ab83 0841 68cf 27b8 170f 840b 999d b682 e602 9ce8 b325 caeb 5147 8864 cf38 8a04 56ae 5bf7 f9ce fc82 eb4d 0c03 623c 9870 c5c1 c633 e2ef 4c74 b38f fb67 +Ciphertext: 9a4e e2d4 e282 8196 ef45 9e91 60c7 9c1c 2bc3 b165 090b 9fe4 b128 dff1 404f aaca ad6f af95 c545 b574 65d2 6170 9e49 315c 494e 1f62 7090 993a 84c2 be20 f269 450c 9c2f d490 97db 6b72 0bd6 2eb8 271a 8588 f59d 6b7b aa20 25b1 ad39 8997 a7b4 9639 +Test: Encrypt + + + +AlgorithmType: SymmetricCipher +Name: CHAM-128/CTR +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 128-bit key, 12x blocks +Key: 23dec910 8674de3b 42d4febc ebac3ce1 +IV: 434d3806 61578dab 9b8aaa69 2c242a3f +Plaintext: c0933ebb 71c2d940 5f791cda 6c89ff00 9a85507e d696c654 184c5df1 55836873 026b8e7b 5a2497ab 0f67805f 00700588 53840541 b59e0ea6 d16c5798 7458b715 6dc1c5f1 38d2f6d2 02652957 edd26b64 c711733c b772c1cb dfe376c0 4e37d724 4699ee4f f66152b3 76eb3fd3 8f094e03 fb47286b c775073a 9907361c 8c517c10 959a867c 20b11002 34485076 5bf8bb83 9fdd016e b7221cc4 32533042 612a39fa edebeecd 20b14ec1 6c0b9075 03496693 010c146d ea7c7f80 92b1d4bd 4d209707 +Ciphertext: 75a7c6a7 6b72d94a b083627b 0d5cb98f fee0e34c adf15e52 6348f350 4e1ab4a2 a9de3226 2f4beb61 01f544ab 3ad609cf f65c1ffc 24d7f132 0d43aeb2 7ff715cf 26c78de4 6d6c3c9c dccab249 cec4858e b1e27ce1 2b4f455f 5c5bf433 c4010664 b0b9f2d0 b3d765c3 fc9b914d f463ddfa 8941880c c728841c e18cb64f ac9a5018 2ac7920a ddc0b973 98fa8428 8a4d19aa 7eebcb4a 0470c8a0 ef10edeb 68191a86 c39c48be 929c00ba fdb2d807 89d6beb7 9037bcd1 0eead8c4 5df80281 d4275481 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 128-bit key, 12x blocks +Key: fc461d9f b81c669a 2dcd9b60 dd0dc803 +IV: 3a03a72a dd47db7e 371ffb90 1ecd7ef4 +Plaintext: 1df4d2e8 e9b59fbd c710ea90 7ea88dfa 1a05307e 8d883c92 f5eff3cf d8eb3dac b4e1fffd be4bb41d 2ad2851a 21f80ea6 e52a3c36 68eb5ba2 6be06596 ef25d7a1 f6b422f1 ce996156 2623e690 f54b2163 ee5b49f1 cf5afebd 88bea2d2 619d8861 3ed4c062 bb1dadf4 28ca3301 735cecd9 ea77113b 31ac1736 8ac8dd46 b1d6d677 312e5318 e84f0036 83133f06 82114d09 448bedcc b134c209 2f5ec84b 6019563e 524f00ed 22a33d84 2976d662 9a46cdec 1911acec d029089e 0c552e22 6ce69283 +Ciphertext: 34d5eb84 1a736580 030345f0 dbcb1347 05f02931 954c6fdc 0678019e 2dbad83d 4811b8ab 29595196 9e533b24 278ed0f1 df7d7578 efe356b1 e813abef 148c2560 38fcbee3 6cbcef7f fc0df407 867e7031 9e0b1dda f5501321 a67c22ed c43ecd72 6f6e6c2c 604c3516 bd1e726a 442eb1bf ffaa884b 2742b064 56f7b3b2 36cf6fbf 777b3ce3 f253c05c c882ce7d f4be285f de75d1f6 e0c336da 4bf90ce9 0f2ac558 fc0308c0 3c82176e 2a34b65b bea97726 05ad2e86 58e47259 e1e45834 6947fd40 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 128-bit key, 12x blocks +Key: 82e9a10d 1275c400 ef4b1b7a 09c9a74f +IV: c8af984c b4c6c76f 17a2bdce 755d304e +Plaintext: 0b68525d b1bca784 3ef3e525 53c26903 48ddd25b e57587d2 7eaa1ae3 961a006d f3a86cad 0efae3b1 06986845 820b3ee6 4a2bfd22 ab0785ad 923a5c17 551dcc0d 95ca064b d6735935 26a46210 3e3ae41e aeb4b483 d096b043 4d5a7641 5d1bad27 2d211a24 6b862534 aaab034e c4da88c7 5fca22f1 d535c1a5 73f58b5c 083b6720 a50bfa9d 900fdf55 43bb9e36 a0134bd2 42257406 11c4ec3d 88e75774 4a418cc4 1fca2198 814ed5fb cddcc438 0e9438d0 cd421f15 7295de50 72dfc2da e8f5ff6d +Ciphertext: 376d284c 6c3c8b99 67a2d66f 61a9f51c db6f06e2 a4cbda9f 6f48e1fa 695df3cb 7c0563da b6810ba0 291cc0fc 48d337da cbaf9363 9bce9399 7635dc4c 3ad49fd5 f2388208 da515f23 af4177b9 2be7106d d7cf8b5a bd5bbaef b2c8b5da 6610dbe4 65ef3e7b dda5425b c1fd36eb 98f9924e a1fddd39 c9390a3b c8886349 58a66f72 71162967 e9eac4d0 1f0212a2 32ff7b07 643839f2 dd87e6f8 410b4bbe 2afc5d5d 93f040e0 f4f74ad8 c498a1e1 6567520a 8ee926ed da431740 a4c7e2e6 e8f6408a +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 128-bit key, 12x blocks +Key: f6c062fc 108d2c2f d5a50b83 c7c7982f +IV: d0c429d8 fcd33338 6c702644 fcfe6f6d +Plaintext: 4bdd5fc1 c43f4c91 ea72162b f57a4ce1 58a599d6 c1dce0b8 6d2d853a 870e62d6 e173e45a a6f6b83b aeff7994 271b14ba 8e7b9d3c 792a3cf5 c86cafab d85e126d 7b5eb348 f6e56c92 f56c87bf 8daf9b83 2239af83 55693192 6f7571b1 e9788d2f e8ed3a51 3ec51868 4651cef3 406c460b 1c53a133 32a34441 4429fb6f 0955ae2c 59905104 5d5c32b8 381d0383 22065578 34e9e5d4 7450f0ba 30ae8b2c 8543699c 3e470912 dcd2c277 e1360e61 ba6b54e9 3d1a04e0 223f1e97 bcce2ca9 fd519ead +Ciphertext: f7d445cd 34467e43 64ca1cc6 d0f24671 91653b80 af0088cc eaaf9813 dc78fd96 6e66484f 02e2e364 ecca13a6 bda61d73 41ada198 97ac9657 fb928e06 95938089 2ce965e7 2c61620c 07b5753e dbd7fce6 81eee3fa f9b06db3 62a8b4f5 1ef865ac 8f7a7459 f74511a6 31a8e6b9 b8fb7628 5d1a1877 40a49e26 4fd3431c e9bbc8ed 2eee705a 8754b6ee 1ca2bec7 89956c0b ee263189 27edfa9e 4b833f84 156e849c 667516ec 079ec133 a95e6796 24f038b0 99b85ae9 c62790e9 9aef8174 ea4279bc +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 128-bit key, 12x blocks +Key: 14fb7484 293745d9 0f08dfdd 7d3f3859 +IV: 3e75b2dd c7b6535b 7112f3a3 74ac168a +Plaintext: 89c9ab04 33889947 d884a83b aec53b6c 8edb3252 f22cc855 41568a29 85e74315 f74ff239 26ea2257 1a238f6b e9d1ec9b aed292bc 90461768 c0366887 37cf993e 6342586c f354649a 6788e975 d5101a3b 2bdd15bb 1979a4a5 f2feb25d c15e733c f2f1ba8a f7c588fb 8180b2b7 4e82e594 f24079af 95723dc0 e432b5ae 4aafca0e 681fa34d 5f528f82 65471ab1 c1a693cd 329e3e8f 44a7d6a7 3c79d8e1 a5fcc265 660094ad ce7dbc2e 90e3cd1b 31a81a0a 0a32863e 802ca77f 37eb3df4 504faeaa +Ciphertext: 2fac7901 5eed4454 9ed10dee 3bc54894 9d4142e9 368e7ef8 65150306 0ec2f565 d076825e 99812af3 faa153f1 a91153f8 6879b930 7bfd1694 f2836807 5ac59a32 ef1cbac9 138bfb52 1162d688 80184e88 8e40c68c c09e64d8 db1abe25 ca7f42cd 928f2b72 e8334753 86cc940c 54cfd1af be19b2db ee127925 96bc2620 03586adc 6f9d4ab7 662ae5cd 8c565b58 734baff1 6571b94d c92e450e 3bbbdfd1 d0a343a5 9e3ac0cf c2337f70 79ef31ad b7e73450 0aa7a275 765b7e88 130fea0e 0dc2f215 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 128-bit key, 12x blocks +Key: 31b86567 c7302957 b4160c07 bcb5aa6b +IV: da46754d 902b8ce0 3fd9bbd7 2ce9ece3 +Plaintext: 4802c9c1 94442001 f92c4c3e 6ddcfdce d963854b 1d424dd0 f1ce0349 22d46530 df08dd73 203cc894 340195c9 d296b29c 40a3332f af9371f4 fd92e705 c595390c d97c492b 07ae6363 905fda00 27ef73de 473c1da4 02f22a7a dc97286b 31ba51b0 57eed375 31721843 b6fe0b51 e5e70e49 cd4f6c32 1744a0e8 839aad8d bbfce47d 6c989ed7 52a9f0f0 5572ba21 4c87c4f5 43cddb10 682bd7bc d751ce6d 460deb21 d8d95b84 ff0ebf8a 393f4637 87964588 f0425c77 fc695a60 d8109f72 0f3c619f +Ciphertext: 77e302cc 9b055d22 ebde92e4 edd8511a 8683b658 06bf04fb f15f12ba 12b21aae 2f22dfef 7fe19470 1e969e50 f9e90757 a9f111a3 a0861ae9 193210af 18f1db92 b4690808 2ec1dd37 cf301380 541a9688 659bbb3c d3a4e5b2 95531c1d 33a1501e 0a0ac3a8 36de3795 854dd9ed d0068afe 4887eda5 1779d286 8372b759 7b00eb1c 257ff5ff c44d3012 1bd0be21 849643a5 3273ab9c 51d537d8 ba776686 f16ea201 8dbfd9ed 781308c8 906899e6 bf611041 f1658671 b417b66c b77da2eb 5f10dfd6 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 128-bit key, 12x blocks +Key: 963980d9 d4bb79d7 94e66a4d 27659caa +IV: fac948a9 72c9affe dededa37 f2f69bef +Plaintext: ad764329 59837a88 cbf55791 337318d7 5f5cc7c3 0fb7af70 7b1df4b3 f9f38326 bdbd79ec 003ae0f7 65cd816a 619ae4c2 ffbb67bd 41a24d9b 1487944d 0a89e96b 521e3d79 b61c8d7d c8a93f06 a00f3609 904dddae 5272bf38 80049dde cea06df0 f613b773 89447b6e 5cfe6aae 7cbec61e 14ea4b06 b1e1b6ba a03f9daa 11aed9fa 7bb2c9a8 95848b7c 17bf51a8 90a2ce57 7e07028e 479b2b0d e1270007 e6f92685 91d41a7f e7eb0e3d eed1f982 ec79a60c 45da14ac d54bb210 86d608a3 20d220f3 +Ciphertext: aa250d3e 670e123e 22ffea33 dfb2905d 1400f11c 2585cf16 4c7670c3 eb6cdf20 d2f93bf9 e4744080 6065ed66 64e0363a 9b822bae 31de646f c21a6a05 7141a997 bd224629 589cb2c4 808425f4 66a79039 81d74426 e58c2c31 a277130c 4fb7ee55 ec4530ff a2d34348 321f9047 c6206faf 5fea5d5e 4e78424a 344de9b4 783f774a 27f8114d 8ca54374 ed21066d 9dfdd20c 95adbd17 6924e06c 48b70fcd 91e4bc41 c2fa2c13 974db72e 5c0f6ed7 a07edfb3 c9e510ca d27327df 828306b8 950887df +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 128-bit key, 12x blocks +Key: fcfd68be 11b1b06d 39a46c27 44fe777c +IV: f5ed9c88 eafcef72 53fe7636 a04f31e1 +Plaintext: 64ca825c fd30e627 2837c74b c9a9d02f f6de22c0 0681fca5 713be64c 476d3dd6 e30210ff c079fc02 f2610286 8ca6c5f6 f5ffc546 4efdc057 3190aa37 397cfa62 f5ca85d6 af3dbc58 506b22d4 983e4446 79df845d 63341937 48d6aa92 dc337df7 fea769f2 46f1e6b0 2cceee82 40665179 180f2dc8 b2acb95d 1fbbc53c d7aef559 a23d6a77 7344a813 95947e71 2b76b01d 762e917f b0123a4b 35974b7d c9480923 926328e1 dc907e48 7139fb74 ed7d3b01 1bf1027a 765fc81a 63ee2759 174c5011 +Ciphertext: 71a98d2e 4a989593 a313eca3 3d057761 b8fc9d2d f304d929 290c1aba 10784032 ff4faee1 f72a66a4 bdfc6f31 6999a4ed 7bafcd1f ece025cd 170b8ea4 d3d78d46 f76ea5fd f2f75f11 c9caf788 776ef9f2 4a2467bf 49e09a47 81da4f6d db289359 50924cf5 f330421f 22f24e9a ec31a088 ddbf42df 6e88e77c 3fd6ce2b 808ebd5f 41627425 883351c4 62bb3e03 31efe098 b11c4a9a 66f1edd5 3f56aab0 3a12b342 442def57 c1a6981b c803cbb8 e743d1c2 bfc531a4 0e799205 dc00a1a3 c01eb932 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 128-bit key, 12x blocks +Key: 56ff616d 24483b2f 9a7b074c 704e5dce +IV: 397bdaf8 42c68f71 4f748876 bda823c4 +Plaintext: bc6a122d cdc241ce 10262936 92903f3f d005e306 6ed3a8b1 be7aeaf4 786916e7 9f765b2f e070c7d2 232120df e062b6d9 976c6b12 4a3c7f32 5c7f5e27 82d17721 f33d639d a9888a1f a54d2965 2ddcd529 30a660b0 5e66ff66 2eae222e c9e00bb2 9a32715e cbf9ea31 8e05e645 54d41c5d 95525f3f 70810220 19e178b3 e58a0518 cb0ae62f bab3fc4c 74b80709 77d12bfe 33382286 d11222a5 235a8394 0dc4fc02 5225313d 198eb9e9 f88cdf47 95c1142e f5360baf 36d504a8 c6d703cd c1b7f9f6 +Ciphertext: 6d17568a d59cb53f d7fb7df2 1e321883 a64639fa 47bccaac 40f1ed03 19b83c45 94b2b509 694c8cd0 738ae112 727731bf e12a820a d9b7fe3c a70178ce fda1aa95 39d415aa a5c13573 0371bc98 d2d79380 59ea46fa 7b18fc14 8eb64552 bda9e32d 086acb5e 1af710ec 2242cdad d46d5154 f540a599 5ff208a0 bf3f8050 dadc74fa b4895f26 936f0c49 16deaaeb 057cd67b 87f0e969 e8a49621 334556de 790ce837 6bd86975 2a61e34e 56bdcfd6 4e0ab34b 6c58ec41 8b0f171a a90fe529 26c65f66 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 128-bit key, 12x blocks +Key: a251ec29 0a9ff830 87dadded 8dfc0744 +IV: bedeec77 f8cc7338 3bd8ac73 b0a18d36 +Plaintext: c7281e86 9b410cd8 24a4fc6f 940a4ed1 c77c8bc2 e059f3fe 03b5a764 59344464 8d14fd94 13d98caf 750fbaaa 4f3929e8 d871ee00 4300d34f e8eb370e 6e9fef00 93d7d49e 8a713a6b ee8a73a3 556c5de8 1e1285d4 58b726ce 243cbbd5 9bee5f12 58aaa7ab 3edf1a89 05c85883 57ac2a9a 7efb5c55 df38f6d4 1401415c 3b94c741 c829a1c4 67d05b5d 9484ec12 484278a5 0219d02f 6a29f9c9 bcf1cf85 b1a81812 b358059c ec54e04d 775112ab 020d8679 fb6eb18a c12c8a0e 60a5cc72 994d528e +Ciphertext: ff5ee3bb 18191e20 874804bc 5ea7b114 b0f86e2c 0621de5a 0d230028 fe6bf86d 914a1502 27c1d905 db521d60 4f80ed6b 448c6b69 94e95227 b05e18fc 03c09c64 079259f6 e7bc579a ba6e6cfb cbdc007d 3200b369 98c50dfc 8294f8bb f8d374d5 fe975f2a 42296603 c81b5144 89dd15c2 e2402725 dc3e3f14 866dd2e0 a335b17d 68a97880 7af4a63c 996a6328 057ebfb2 3d0c21f2 7c31adbf 2ec6db04 77835d08 dd152e20 ad99957a d6cf8d32 61b391e6 a74955a9 4ee12d70 2540108c 8a13ed26 +Test: Encrypt +# +# +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 256-bit key, 12x blocks +Key: 5c2c26ac 7db54247 df0cbba7 996adacb 96832104 eaedf84f 149f410f f412301a +IV: 873daa9a f2d54617 f6061954 06bfbc72 +Plaintext: 5657319b 388d8acb 0cde35fe f2d98570 d34eec3c 8c70be95 708d6688 9722887b 1167d228 d68d6fb8 4d0a488d 3724615e 93939b35 8788783f 6803176d 9f035b5e 4f9f8ac5 d17c15ce afd7c3f1 6b2427bb 4c9e3c98 d240d7a8 831335ba 2ecce959 0c2943b8 1c71a5a6 ed6a727b f28d15d8 cea83589 67f481af 0c531451 86f20c48 57a30027 7af11465 e95226cd d20ea7cf f7c59f0f 0c622d2b 75399583 5cfe785b 28964af8 fa257b51 19300a99 769efdfa 6a106d7c ce4ce6bc 562b85ed 59d05f70 +Ciphertext: fc529b45 ad5ee616 ced8872b eb92d95c 938d270c dd462ce8 694f9141 e1671fc2 5629e135 678f286f 7a723b4e 91b396a6 cc2460d6 471ed63f b871209e 56ec6e6a 322b9467 0ed89b48 28b4354c 3b41aba9 172973be 53d0e77c 79ef2cc8 06a1caa2 747e5d93 74b6ec6b e65ce20a 68246733 9ea48eea 91d8ce14 c31341a7 d9dd3653 b85b8326 b8e59576 95824d1f 4ec9d42c 16f88fb4 31ea0b43 a4675c88 b47cff33 908adf9a 6a873418 c9da9a22 23287cdd 1afbab66 a733867d 859249af 1d9ff223 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 256-bit key, 12x blocks +Key: df4081ed 165eb7b4 5a8e3d60 af20220c 8f9c3ba3 2c0fa75a ecbfea08 79f95d9b +IV: 135b7449 136e9813 e115ce75 1eeaeaba +Plaintext: 67f8955a 57cdd284 0a461844 7989696a af9961d7 9be62de3 83d7c0b3 527e5980 a28786f4 90010d68 c601d536 7292d001 950c44ad 83276c16 0e181861 7e13a51f a1661fbf 9f7405e1 bbb76759 ab58bf90 21eefa49 8171e655 adbb5df1 6c795180 c211053a 5dbc1b3a f84c8863 a9d48e3c 96267c9b 2ccc02f5 d6d8895d dcbb547c facb1103 7f635792 63b702e1 a2eb3033 c2894258 7947b443 301c9db1 8d7e988f 315ae93e d1d6caa7 b676fde5 423c7955 80750cdc 1d51f35a f83e78bc d37aa4bf +Ciphertext: 16370609 1169208a 5143b810 3f21e266 3cc08245 5de5a2ef 1d41e2e3 4e602172 9653d1a6 c244f48d 67dcb98a 2a99c958 8697a067 1eff8ce5 4ac33551 5a1ce849 e846bba4 4009201c a1f4583a abde5cce 54f90060 47f3cb82 c6505650 126ead67 713cf104 27ac6fbd f652a6eb 41dea62d 3886b001 2a465bad 3e6d652c 61566cbb 53680ad5 04d32d06 90c5dff0 af9fc039 fbdafc1f 27b43141 0ea64e09 3d9788e5 185b2049 57c0453b c130693a fc6e4dc8 f8beabc2 85e6793e e8318eb1 8580cc49 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 256-bit key, 12x blocks +Key: d57edf2e 40360311 9d8bb2f0 4ae82012 e81ef354 4b655221 d6e80df6 174ed556 +IV: 17ff5622 e16675a8 72cd4ab9 dd1c5a4b +Plaintext: 6e7e860b 8fa45f7b 8899f31e 8ec23040 73376aff bb6384e5 38eb4144 3118e104 31d21ed9 3763b55e 7da3f8b4 23f69cda 4cbfff7b c16c9d2d aea72bc5 36d2f01a 12de0007 231ff9a7 a9d13b86 85381436 5a06878f 0a88fb4c a0b14ea6 2609154e beeea9b5 c847e4e4 019d45b5 6fcb6d3f 73c9d3b0 d50943d1 a5f573d3 c268b5d3 e7de88a6 92b1d95d f35cce90 4052066c 3c526201 602fda97 1fafc915 b3ff6138 b25f1ae2 fb7fcf1b 38c806b2 76160dbd eeeb8f38 18901c4d efa884d3 d74115d0 +Ciphertext: 278ec7a5 d4e70656 71427c67 8966a01d 5ca231b0 43a86f5e 8c9804a7 24a68037 a166eab5 b56c1ca3 22d2f43b e3d4474b aa96382b bfdd4256 25db6839 70999746 a6494781 7db0dcfc 5ce14662 63f6f80a 5300081a 8d59bbb3 73c826a8 839467d5 5ea95450 8b6c3c30 95e0efc6 ffa56c55 1db19303 527c76b6 3963e978 fa658cd2 0ac98768 190ce717 7079ee6a 1a838919 c67d5d0f f42e58fa ca44dc45 6eebede6 eb3c5e0a d11222c7 36cbbe00 bff26ed4 a0ec26c4 188e2d8e c59ddf50 4b9f8ccf +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 256-bit key, 12x blocks +Key: 5c647fbe 6c1b1844 e30f4d18 f80880ee 41e478ff 92cafd10 8b034ae4 1d1e3663 +IV: 7569ae27 8065743d 2580fd55 50c1c762 +Plaintext: 0166edf3 84a042cd 83eed0ec be8d934d f1d3e640 028a8d71 500826bc 70d54b68 5e56ca08 fa811879 1edb8624 9df223fc b4ce8ab8 b4d0f6a7 bc8f2204 7f7e98cd 73c5eb37 137fe5a2 9413ee5b baeda402 a314378c 64eae015 0b7b6a63 1248df6b 70251730 e72c5683 a59d9019 6f4892b6 6adb55a8 27a92ca2 4a1febdf 88b49a8a 38eee994 261daf07 fd832735 5dd4fc76 97de3346 41aa7f24 27ffdef4 ab37befb 2b5f8dd7 12053488 c8e6a7f6 396b4dd7 d8f9f627 5a33bb35 67ad4138 9fe18563 +Ciphertext: 546f0fc1 ac7fe610 fb313716 8cf7d6b2 b43fdab8 2aa4383b 8d9cc4f0 2ea50d13 ab9da632 36ddb6f6 53b6b33d 779836f2 fce817a3 4d5cadce 67180b95 cd3cac1e 121b85a0 265a3df1 19991ba8 4a7f0b7f 65bdeba1 33729ea9 15d1b6da e5df511c b5d2df33 e0f1fa92 1f43d1c8 508c1a0d c974dc6e 6d75804a 04477345 0daad6d9 80fbed04 fa060698 0db5a2bf 14026b0b e40b2829 d0485c3a f5240794 5915196a ab20d328 bfac23d7 33aaaefe 7d7ca616 a8e0c76b 66206957 226f4d67 571e57c1 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 256-bit key, 12x blocks +Key: 3917caa2 5249c230 12023540 48f49e37 e945b2a9 f83de8df eb9a0780 555d57b6 +IV: 8c767f28 e36cd83b 26c2475b 019ed7cd +Plaintext: 97ea851e 3c027751 4f88db02 4007eced f399405f 8c8fa6ca 539092f0 6d2058d3 e17c0929 19785628 f6b45849 3ad36cca 27159ca6 bf54f206 0c1a79f1 58ee3fb8 8c6b3d34 c377cd8d ae6f4bfa f10839c5 77e73123 a33ec7f3 31077bf5 5dc7e23d 37adfecb c53cb4e1 9846a560 31ed786b cff75a71 66239bba 5de00c7b fd67b01b 79d0d2a3 d1cb771e 7dd0e624 d40366c9 31d89060 30692eed 2901e318 ee6f0270 a078a103 d819ec34 6d21034c 7bf7208d e1aba0ac b39065ad d2a4d5f2 8aed7faf +Ciphertext: f8dc6354 1de8d139 d96e4eaf 6f90eeb5 a22a5c7e 305bd2ff acf98aee bfa04159 3c3a4b15 179f7cc5 d47361a2 7f946a56 f0e27f8c dfeefa20 68338010 cceb4c1a bcf6b096 0bd5b867 ce9695d2 dc5eb9cf c0a0749a f3babc37 de777986 9f32c8b1 06704188 d611b337 e12f120a 3ff9bb94 f7d68fbd e910e4db 9d12ef41 4f06d35e 02ac6968 ed6f6ad7 cb7b6041 ffc78563 da4ba3f6 b260a5ab 5e90f716 ca124a83 a266d7de ae77aede 2416e931 feee402a c81e80b8 f6c9853a 6764f37a dc67f93d +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 256-bit key, 12x blocks +Key: 2bfc50e6 04f53f8b 6f86edd6 ea1f9a2d 13b515ab 48756872 66769762 c8a971e9 +IV: 0b4302b5 c5e7f81c ee8d0eb5 e6cf27e0 +Plaintext: 2897b693 f5a9e0c0 5e1e65f4 b5b17ec5 09919463 1906b445 58097739 f91c7f47 551424b6 ac4d2427 84dbe409 c00eac8c c52f7fcd f3e07d44 29fdfcb7 d8790d1f 1b6ffc46 0e2941fe be2c17c7 53b71188 149d88dd 17c0e10c 08a75bd5 eadcc5fe 8087b574 518e8900 e3b11446 e85ef7f7 db909b92 97bf0e95 62f94808 62af252b 031271d1 57f62068 5d50d4ea a84704a9 427642df 1902e4f1 fe5afdad c979a385 dde11816 dc6f2a80 aba575a0 4324c92c 6a9a4509 423224ca 32948c23 56d085c8 +Ciphertext: e1b89230 abcbee13 2c5e79f8 892a250f 31e400c2 7d4fc1c8 33a83f8a 4e117b06 15d90bf3 9034e303 930d2289 d1408351 f30a409b 9800ca6a f2a196db ecd845af 85519cff 879b529b 345ee957 8da5af95 be1560d9 79104f12 bebb39f2 82bfde4d 3fbe8ea1 2ec0a1d7 abb32d52 a4cbae5e c19e9796 e92a206e fb9a97e6 0c8d69fe 2290c4bd a09bca3c 8bc9576d 770d8b68 95c104da 688e7702 4b183042 343e0a70 047c0e93 1a93db77 9fe7af71 95f5139f b1cb961e f94db18d 7c53b059 da4b4ade +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 256-bit key, 12x blocks +Key: 919e0958 e4eca268 a70465b6 2dd627cd 08608737 fcb98480 c4908e56 7cffa4eb +IV: 2005f870 b27d437a 1fa6e0a3 d714baf5 +Plaintext: cdb55ee2 86d6347e 484c3b03 a57deb15 34464cdb a8cfefbf 12242431 17c96cb2 0a3ef9d9 02a1766c 364c7e80 61c32b19 c7d91e73 5008e147 49c5ff1a c7d19ab1 013fa114 998d19ac e6d24f1d f0d7b733 4cb6de9c 44b369fb bc087b76 720855f7 706651ff 9e3e5ed6 2f4b0fe9 3823c836 bd828469 da93886f 7eb5c44c 63efdb46 a68f0a59 87528843 74b09104 bc1a1b42 8d9bccb1 1ed83f2c 02c2fd03 3c0f6fd3 bb021232 d4f8f2fc 674a2322 748d4aba d053c252 a4345c43 48b0f90f 3f92e3a7 +Ciphertext: 4f7696c7 c3aa9d35 51a7b6d7 ae244626 b1a94e08 62ab3ec4 52aa1a32 6ca89cda 6458600f 8da97df7 2da943ac 99f60e19 1598a8b4 8e542460 3580d2d1 3a4cc59d e9627617 5368ee26 932ce289 4a8984a9 778f2833 ec43064c 412830d1 b996daec aa72694c 89fefe8a 8e26e279 08958e02 2e218c51 27e880f6 8a5d6f24 44e66236 de9e5606 b554d185 e08949c2 1996dda8 8cef3dcf 84b8afe9 24acc1cf 16afe884 9729f18b ad608f72 9d764e74 40830899 962ba5b6 e39ae5ff 93abf2f3 dba7ecfd +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 256-bit key, 12x blocks +Key: 9bfd812b 2bbf83cf 10b8c4ca bfe7b164 6904a8ac 486a44e2 b3e387f7 96ecc103 +IV: 60183921 2a5380bf bef34ae8 d05b3b96 +Plaintext: f605bbd3 4e870576 39dfb6cd 264ee372 1692ebe6 d3a19181 99809ae9 104b37bc 4f3686e3 ee81a09a a7dc4aef 9f7f537f 8125d120 3855c97c da73f13e 02ce1e6e b0d6548e 44980963 54eb80cd 44fbaee8 c99af4c7 d2b1b458 10e45ab4 0b1a0991 392b86a5 a8b5c844 6c91b02a 4d30d8e8 879932c1 8108daff 2489e886 a0451756 7aed996b 7a2fb5ff 9873e89f 1c02c9a6 a558c0f2 9160de7d 9ab1b2c5 ff7708c5 89302017 d14675e1 3a879c73 fd74e84c 4cbf5446 014082b7 1c0ab69d 93fc94a8 +Ciphertext: 71aa7079 728664c1 673b8154 cd75ec1f 8de77adb 583ccf03 bdf7fd33 c4050619 c5bfbc1a 60a61836 386eff52 6d79ef96 c15404be e96b1109 7cec738a 7ebefcbc 73b4ea15 4227c1d5 7cb44094 f1622606 a5121b54 73201417 49b7ef19 0e6964ec 6177ac92 722587e6 8b7a798e 896dd1ef b1ebca39 01cd6a3d ed227d75 85a2a854 9d492f3b f562ae3c 37e45e63 4f05053e 3701064e 4ea56a27 cc6437bd af10b0b8 0d158016 68c1074e e4f7dd5b 7d47566e aa5bce70 0bb8ae45 b65703e2 8a480274 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 256-bit key, 12x blocks +Key: 6b64714a e8de07ba 7378f9c4 2f66aa3f 5d3e225b 586ed68b a8389fe8 d32f7d64 +IV: 1736d879 39ab2d79 e9361049 2c05f78f +Plaintext: 48985b47 97bb2e88 fe3d056f 1896a028 e2519c2d 396d8d6f c1f7eb24 1ffbbdd0 d1f31a40 f9d38015 acb74d44 4c5ed2fc b6d743c6 93ebd262 fe65095c 512f7c47 a19d2cf6 8ea1bb16 305670ac 559c1db9 bc5d0311 624c6d54 5fc5dbc4 02ec794d 565f646f ee991350 648607e7 f10559ee 66f5cda8 57ff310e e1b0ca94 f7ae54c5 051ae163 f32b3e12 9db94c90 fefdd1a1 b8af57dc 801ddba1 ff167095 c873e642 3d55d7ba d76764b7 73bc3cea f4fb6e01 09a44256 894c9e07 cb98df92 707927d9 +Ciphertext: 955f9253 40764fb4 a3d25bb6 f9d06a47 25a32f00 90e67e59 390c3ed3 6b943fbb 2bebdddb dbbfa05e 663d3371 88385851 1cbe4c04 44400ad0 a7dd52bb 0d50ba82 f1c49402 3cbbf7c7 240a8353 1139801e 5b0a9471 f085f388 1608f87e 85a8abdc ebb9861c 081984c3 0e234a02 7ac597ca 4fb0bca2 10ca121d e780219c eb5e7d3e bfee2db5 c7ac9a74 a04371ad 4c5aca82 b71ebe2d 5f94ae97 df7e159b 7a00355e d19d09fa 1b8072ed 31f4e388 46b77795 778c8d53 aa16d840 85b9929a 3f9197d7 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: CHAM-128/CTR, 256-bit key, 12x blocks +Key: 1815445c a3d10bee ec6d8662 a3cee6f9 30aea2b6 3030d1ca a9146b12 c0d345ab +IV: ebb1f304 56195ba3 20c5f1ab 0823e481 +Plaintext: 61031ca2 c50d2e19 255b222d 317fa27f 003712fa c6dd0403 42e2e49e 32a7ad4f 5f2b0a09 309a7d3c 41b44285 d3ceaca1 2fdbab58 3b9c297b 9f5bd3fd 741fae58 d7d22101 2fb62bb6 d1f95de0 eb81d253 97b54dc6 0f2bdd06 f7760a3d b8dba50f 631fef58 f0ef81ed a4f57787 61b303fd b3161fba 33a307c4 a1a31f40 081fab1d 709e898a 14e6d630 e02445dc 6f48df92 44ca4146 2c29bed1 af735f76 a99cc71a 8d717d3a ff83b049 20df5319 006bd14f 8810cfd8 8a2addb3 2b834695 d8f717e6 +Ciphertext: 218e2d8b 53f4b38f 864f2c7a 9f0b3e0a 8042b185 d7452861 aebc2662 cf4aeb92 5b703728 9097c455 63fe424f 8fbc7941 f16f42f5 2bb99888 7f0465a7 5f05760e 82dfabe3 4cc729f6 3704da1d 949032ad a8d4fddd 26aff516 161bc3e9 41eac4c0 12d43f48 36f1e058 94dd2b40 966c6503 b44ff734 7cdb928e ff9b7e06 479a9b42 19f665a6 521a975d 11636959 abb66d82 b8781340 b05f2d6d 5ec6bafa ae435f47 fe2f8a70 e01b914a 853cdeee dfc9bb9b 61ec78a4 84134c41 473cc9fb ce163f1e +Test: Encrypt diff --git a/vendor/cryptopp/vendor_cryptopp/TestVectors/hc128.txt b/vendor/cryptopp/vendor_cryptopp/TestVectors/hc128.txt new file mode 100644 index 00000000..95dffcdb --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestVectors/hc128.txt @@ -0,0 +1,645 @@ +# These test vectors were generated using the eSTREAM reference +# implementation for HC-128 using the file hc-128.c. + +AlgorithmType: SymmetricCipher +Name: HC-128 +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 1-byte msg +Key: 2923be84e16cd6ae 529049f1f1bbe9eb +IV: b3a6db3c870c3e99 245e0d1c06b747de +Plaintext: b3 +Ciphertext: 1f +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 2-byte msg +Key: 124dc843bb8ba61f 035a7d0938251f5d +IV: d4cbfc96f5453b13 0d890a1cdbae3220 +Plaintext: 9a50 +Ciphertext: 3a27 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 3-byte msg +Key: ee407836fd124932 f69e7d49dcad4f14 +IV: f2444066d06bc430 b7323ba122f62291 +Plaintext: 9de18b +Ciphertext: cd261d +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 4-byte msg +Key: 1fdab0ca9902b972 9d492c807ec599d5 +IV: e980b2eac9cc53bf 67d6bf14d67e2ddc +Plaintext: 8e6683ef +Ciphertext: 60f109d3 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 5-byte msg +Key: 574961ff698f61cd d11e9d9c167272e6 +IV: 1df0844f4a7702d7 e8392c53cbc9121e +Plaintext: 33749e0cf4 +Ciphertext: 7b9108bf48 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 6-byte msg +Key: d5d49fd4a4597e35 cf3222f4cccfd390 +IV: 2d48d38f75e6d91d 2ae5c0f72b788187 +Plaintext: 440e5f5000d4 +Ciphertext: 8702c8d49067 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 7-byte msg +Key: 618dbe7b0515073b 33821f187092da64 +IV: 54ceb1853e6915f8 466a0496730ed916 +Plaintext: 2f6768d4f74a4a +Ciphertext: 21bec3a785c54d +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 8-byte msg +Key: d0576876fa16bb11 adae248879fe52db +IV: 2543e53cf445d3d8 28ce0bf5c560593d +Plaintext: 97278a59762dd0c2 +Ciphertext: ab56d21fc9ba82d2 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 9-byte msg +Key: c9cd68d4496a7925 08614014b13b6aa5 +IV: 1128c18cd6a90b87 978c2ff1151d9a95 +Plaintext: c1 9be1c07ee9a89aa7 +Ciphertext: 63 bf12a1533269e0ea +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 10-byte msg +Key: 86c2b554bf9ae7d9 23d155903828d1d9 +IV: 6ca1665e4ee1309c fed9719fe2a5e20c +Plaintext: 9bb4 4765382a4689a982 +Ciphertext: f67f 9f1b78ad1839c4c6 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 11-byte msg +Key: 797a7678c263b126 dfda296d3e62e096 +IV: 1234bf39a63f895e f16d0ee36c28a11e +Plaintext: 201dcb c2033f4107840f14 +Ciphertext: e0136b 3d43448daadfa8c0 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 12-byte msg +Key: 05651b2861c9c5e7 2c8e463608dcf3a8 +IV: 8dfebef2eb71ffa0 d03b75068c7e8778 +Plaintext: 734dd0be 82bedbc246412b8c +Ciphertext: cce4b159 5e271971a4656bdc +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 13-byte msg +Key: fa307f70f0a75486 3295aa5b68130be6 +IV: fcf5cabe7d9f898a 411bfdb84f68f672 +Plaintext: 7b1499cdd3 0df0443ab4a66653 +Ciphertext: baeff9b617 946cbaa662e5403c +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 14-byte msg +Key: 330bcba1105e4cec 034c73e605b4310e +IV: aaadcfd5b0ca27ff d89d144df4792759 +Plaintext: 427c9cc1f8cd 8c87202364b8a687 +Ciphertext: d559e24c692d 7ae8507f9ca6c590 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 15-byte msg +Key: 954cb05a8d4e2d99 e73db160deb180ad +IV: 0841e96741a5d59f e4189f15420026fe +Plaintext: 4cd12104932fb3 8f735340438aaf7e +Ciphertext: 05f0d610ecd79f b76805e8309bc909 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 16-byte msg +Key: ca6fd5cfd3a195ce 5abe65272af607ad +IV: a1be65a6b4c9c069 3234092c4d018f17 +Plaintext: 56c6db9dc8a6d80b 888138616b681262 +Ciphertext: 9e450e2055249807 a66a569666c30c8d +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 17-byte msg +Key: f954d0e771174878 0d92291d86299972 +IV: db741cfa4f37b8b5 b09557f5df806c6d +Plaintext: 8d 74d98b43651108a5 f679bdf7eb15b8e0 +Ciphertext: 68 209f9b599f668c3e a5b0d25ce23c74c1 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 18-byte msg +Key: e1608f6e3c7bf45b 628a8a8f275cf7e5 +IV: 874a3b329b614084 c6c3b1a7304a10ee +Plaintext: 756f 032f9e6aef10509b c8814329288af6e9 +Ciphertext: fd43 8d47ebe7e226673b 19a3ae87f6d025b4 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 19-byte msg +Key: 9e47a18148316ccd a49ede81a38c9810 +IV: ff9a43cdcf57c750 59bfbd1c2703287f +Plaintext: 5d895f b949344e603ce5de 029842b20d2bb614 +Ciphertext: efbde1 ecb739af688af049 ee86a2f1fd625b46 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 20-byte msg +Key: ecbbb82f73e2517e 7d1dd884d31f01be +IV: 506b16d643218319 1518982b2c2e8bf9 +Plaintext: 0edcbcf0 ca0e3d6d94319274 af8db5a490d55e6a +Ciphertext: c89eface 1d6774d310836c85 67796d789d4b7b9e +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 21-byte msg +Key: 40fc8076024b176b 36b121db7d5aea72 +IV: 1e828d71a88cb85e d94eaffabfb09474 +Plaintext: 1d75e5dc10 5846daf25b81a07f 5ccb1d36e9497402 +Ciphertext: dbe8350457 21aaf867a97622d7 48a2c71835313e55 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 22-byte msg +Key: 55d2ac1a0bf7a926 23405ba333b93588 +IV: 68ade12ad5b2325d 0ae55adce9775deb +Plaintext: b569c53a6c93 980d57eb879adf04 68b2a2d5e6a4c6bc +Ciphertext: 36b85abf397f d6915731982cf8e9 3102f4029f4d17b0 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 23-byte msg +Key: 775f8dc38fd62a21 14a9d4041101188d +IV: aebb731c60ca20cf 5dd62f455329d7a8 +Plaintext: 59cc0dea26ed55 4e8084d92bf837b8 edd57aa05c4efa9f +Ciphertext: f257546c1380fb 5ba138ec36766597 1cb5688814092614 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 24-byte msg +Key: 21fc3c36858e81b0 7dbfeeb1e485e912 +IV: 078bc6ec66e2a3f3 b9f4900632b9f404 +Plaintext: 022d2ce01e0174f8 43900ba237169208 531cb5373e370e72 +Ciphertext: 41e720935d60a608 18330bb264fed7fe 76b47d68828c82b0 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 25-byte msg +Key: fbf246cc26097ef6 7ad8ed559712ca57 +IV: 02b66c086e3fb0e0 3a1c9bdf3a5f40dd +Plaintext: ba b9e41bc0a6611d92 e5c8bc782b4a77c3 18590a0e6a0a42c4 +Ciphertext: a0 ce582b4f50fc2530 6164b7a190785e8b 446b495df81babfa +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 26-byte msg +Key: 71be0fe3c301dbff 30b21a89f8652251 +IV: 3c053d4ab3befd8d 9e19d0a1fe69d4fa +Plaintext: 0467 edbfc91914d13ff8 f2086851adc0c5ec 029412ec946930f6 +Ciphertext: 51dd 18b8c89eabfd3a9a 5c15ab62947a1004 2c2529ad0e1f5d87 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 27-byte msg +Key: 83af639541e3bddd a158da4f3138cefd +IV: cac55cef65e569c4 30deaf9ce25eb636 +Plaintext: 4bbe00 562f87846a54365f 6cda3cc50acb493d 05f3ca0ed7f2b1f4 +Ciphertext: 7ed3b5 3b0ba0f76eca6785 2d67b581ebee0e0f ec7e8c248e1e391f +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 28-byte msg +Key: 988f7418224f583f 7447ef42542edfbe +IV: 39b6e60c671c1b74 5cfe779d6b6e9348 +Plaintext: a744b33e 02b80487b63022dd e456dd617b6e3d8c 5ce7c467bc2ff2ff +Ciphertext: d1fff5db 9438dd40263d0344 d15e55b5d21d767d 2c591d4b8ab9b30a +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 29-byte msg +Key: c9cc0f1390a92411 1ead4b41e592283f +IV: 62f5b8aefda9492b 3151ca80ec2e451a +Plaintext: 3935aabe1c 65ce77bd57b3d3c9 170a4e1632f60f86 1013d22d84b726b6 +Ciphertext: f50c60e896 0d63fc1b7b4df87f eb66194a115f6147 62925c92cd8f766a +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 30-byte msg +Key: a278d802d1eeaf13 21ba5929dec6a62a +IV: 65cff4473621ebdd 4ba26a99a812c0e0 +Plaintext: 3491206ec762 4f3d84eea0a8690c 22d0247f183f28c0 a9cb01ffd9bde464 +Ciphertext: 5185f4acb30f 28fdb528bd1d9e62 9fc5e97ffafaec59 9cc64559b2787dd1 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 31-byte msg +Key: b8338b9ad9c3408e 066137743283200c +IV: af83fd23a244315c b318da3009e16134 +Plaintext: 7577509aed4a63 fb3d49e154f9022c 4eb60a97c2799f79 7c708c803fe04d47 +Ciphertext: b856d160d7b03a cb557a8b10a56bd3 93c323e9b93cccf8 a0f24b3e6605eaf5 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 32-byte msg +Key: 0a5f742a9a434b59 305abb2b94dc6cb5 +IV: 5a9d2e9c64879827 a848ee98334848bd +Plaintext: 6edef1c2a1c30e49 b5c780bc3ec20be2 b9ceb7b111b37664 69a308cd15281ceb +Ciphertext: c6cc294c71d45ba4 8ae582467d3bea93 0106a4e81452ec93 e77f7536810f6b1a +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 33-byte msg +Key: e95ab8bfb755da5c 13ea603e599525dc +IV: f2af6d80d2e58357 45e9a0c4ec670ffa +Plaintext: 02 3b8fcae4e1f9b9d1 2d2256ee3c03cb8d aa17b1ae050529c6 827f28c0ef6a1242 +Ciphertext: d2 9a5a508af59fd703 b59f4da6f6392210 7de9772ac202569b ecfaf8dbb6bd7efa +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 34-byte msg +Key: e93f8b314fb18a77 f790ae049fedd612 +IV: 267fecaefc450174 d76d9f9aa7755a30 +Plaintext: cd90 a9a5874bf48eaf70 eea3a62a250a8b6b d8d9b08b08d64e32 d1817777fb544d49 +Ciphertext: 09b0 3af5818faf384564 19eb39c41b2dbf7c 87b376ea77bf104e 304ae8b7f57f1d08 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 35-byte msg +Key: cd49720e219dbf8b bed33904e1fd40a4 +IV: 1d370a1f65745095 687d47ba1d36d234 +Plaintext: 9e23f6 44392c8ea9c49d40 c13271aff264d0f2 4841d6465f0996ff 84e65fc517c53efc +Ciphertext: d97bc5 583c737f9078e5a8 6979ebc3654cbe96 23e9642c962ca8ef a3e6fda7f277dd18 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 36-byte msg +Key: 3363c38492ab08a3 aa3ff03f1c55ad51 +IV: 4fc48596585ed588 1e81568cbbe99f6d +Plaintext: 25c8eb09 0d191d4a07310158 ec97d50d7c1508aa 480f41c8d014a391 e8b3502f60902b85 +Ciphertext: 47ea5dd4 03590c336d6c2d4b be122bf90c195d03 e463a190e0a6e904 25119659f3a79beb +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 37-byte msg +Key: e3b7e31d202f2d62 28d35010175de7e8 +IV: f7c4e2a8e1c8cf3a 65ca582c2de20c60 +Plaintext: dc2c62053c 62fac599b0274068 c3abba2d24c1109b c461f1fcd8bf4ad3 e61502c020a2e8a5 +Ciphertext: 5de3881f6e b719f089e7702010 b1ed0f6f4f563184 c285f2ad13a6a518 40258e14a3951ba5 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 38-byte msg +Key: f2f2ea07d76187b7 70db87b1d7e5e944 +IV: 31e11d73828d739c c6ced4573dacb0a1 +Plaintext: 069d373aef06 cc4b8cffb64c8657 192536d7259372cb 8ecea7bf3c692887 4379c68215f9a11f +Ciphertext: f199ed956da0 d082cc5763493475 e5f2dbc563db339f 702c4099c54fecff 64653948645ddca5 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 39-byte msg +Key: f76d3e9fb1c6d91d 8a86fccc73245081 +IV: 83b2b471a3bd8c3b 8b755b29ed0d95b2 +Plaintext: ef65ae44dfe777 4122afaa486eeec3 b53a90126b721c0f d16edced1a253f72 ca9e7b0575a87609 +Ciphertext: eb23c2dc0d4ff5 962a652227be862c 9630396eb03cbe81 45e629c417892f4d 43b9b9ef09eb49fc +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 40-byte msg +Key: cacbe769d17eb874 719ab0ec350f4e59 +IV: 50d6f8a3de2755e0 6cebf76bbb743d36 +Plaintext: c16c7761f10b4c0b bc8d596858e41b13 c0aa0fa6fc591789 a2be20079dab02a7 2deda7b92f7d702f +Ciphertext: 73c35063376c3b44 6af3a249ffb42c0b b947a5db9626518c cacb9bffdc1904c5 076342c5bf283b69 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 41-byte msg +Key: 9ffbd4ae5b574be5 29d26a1efc254f12 +IV: 73ff3f02a3b58e03 1635bf9a133ded88 +Plaintext: 20 ca6ae7c6d2a57694 35513267f2c326e8 969c8355fba9f385 2e072b26b18bbf4a e3603b22bcf26f08 +Ciphertext: be dd969b8adeceab48 0c929588d211188d afed1154b94b4234 a2ea422c392b9506 98979230ef426bb1 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 42-byte msg +Key: bd0b0ac3273c6b07 6c7fb33ce31a1f80 +IV: bfc795ef42117c22 2e01d1f57dfa778e +Plaintext: 51e2 cf9b2e8289da6730 badfd6ab2e12d046 fff7584966b29394 d2ca7d85372dd91c a9746e5d296970f6 +Ciphertext: cc15 22261b465379c39c 808fc77a818c35ff 4218ad5fd24770dc 64f1f486a4508b6f d6390765773d1fdf +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 43-byte msg +Key: bfc63d22c9404acd 92c45cf92601fb60 +IV: 6526235b57ed3e02 bfd84f95f3ba701b +Plaintext: ea7a7e 48971413a475e0b4 ea64174caeb393d9 437ed666dc3a4e39 f18ed84de5648203 e541951413d1d3ca +Ciphertext: e8d35d 3a9126ef55077e22 97ce1086b6e99611 1cb891bdf7d4c3e0 c8205a91f0d406b6 485577a6fc4b8a49 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 44-byte msg +Key: e4c7fd70c6e49807 0754f13af2415f94 +IV: 3ba3c8f19d556632 c16ecb3562ce2305 +Plaintext: aff7ba4d f01fbe136d8345a2 8bfd91c839d99342 8ae5af75a3c7bf5f d8935acc129d56cd 748c8b663eb0da87 +Ciphertext: e3850ee3 02e426ea014b7449 fc3acdda8df56a92 a1f875cdad056158 e0fec7057b01044b 92670fe59756885b +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 45-byte msg +Key: f1966f3db4d9422a f63ae43355f37878 +IV: be49ff89d661dad7 995489684185b9cf +Plaintext: 6a337e5c73 4add90277f8dd39d 9bfe695c179ba3c3 ea4d52a99f408140 aae9643ffc488b40 d56a5b66da33bf44 +Ciphertext: 8898d30d20 da4602af61e54edc e71fd08f8847aee0 18d11186dc531d00 77cad53293d2cd1f e081483abb1e889d +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 46-byte msg +Key: 675a1bfa26b582a1 e1b728ea94371a01 +IV: c7722cb81a5433e1 22f375fb735d5e12 +Plaintext: fe9375e09ed5 8e38ed2040a55cf6 994e835d111cb52a bd1fd87fc52e7393 18ce09b15e56a684 2f50b79182211e05 +Ciphertext: f25a43b550ac 23640ba97bd8b417 fcd1b086bc09b587 8bacb13ee5cf4f0c cc7378da6bc3725a c38a9ac995fabb92 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 47-byte msg +Key: 68ed86b1fab5f453 8fc29f173347025d +IV: 55422fbdc0a36648 cdb0e611d6a803ed +Plaintext: eda67976cec900 56139221c2a78d47 447d3419be821007 acd02123a9248033 35924304b577a101 bbb057038809496b +Ciphertext: 346697b39b85a8 120b9ee5d5526a6f 88dd026c7a03479a 0eb329bf88a8e976 62d02b9a74bd02b8 ddabe7f77068de85 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 48-byte msg +Key: cff86d6fbc8ce5b1 35a06b166054f2d5 +IV: 65be8ace75dc851e 0bcdd8f07141c495 +Plaintext: 872fb5d8c0c66a8b 6da556663e4e4612 05d84580bee5bc7f cdd4de8e863843ee f288d3fcd018e6be db47aabc4bfac411 +Ciphertext: a2380d5b6f8c4954 1059ef1a037ecc43 1d8a6ad404cf37dd 9c4e818d6504ab99 39c4fb0cf1aa4fe0 6dcbe5b403fb1c1b +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 49-byte msg +Key: 9e4a3ac1987a904d 892c3185ced4119e +IV: 9a6c9184f76aa371 07ef2ebf9041b4fb +Plaintext: b7 7b323a0c8347b0c7 3d997e51fe75cc07 44b5183aa4e7cd7a 03ab1814095df7d9 d3f49321e82acf10 6fde21189fb6a1bf +Ciphertext: d1 6209941df3b38ac2 0d5ee6f9ad56b2fe 27b69fc4f23c5c0c f47b94e5a1f51818 9029034452bf9387 5749b0188070f12e +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 50-byte msg +Key: 76085fa3aefbfabb ede96edf3c082e8b +IV: ba4a73e09181d3eb 2ac7152a9d1d444c +Plaintext: 6c52 023970271f5213b0 6afac0fdc75598fa 824f6794e3e1d61d 0390e2f2dd368c5b a804d2b265c8dfc8 b46c7f84ebbfd5cd +Ciphertext: 5902 a5f41050309e0e51 71d0028ef3fc3cfd 83d34425c61de8fc 64fd5e16d6209d19 fe9820a56d7958b7 7a13f4075bcea4d9 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 51-byte msg +Key: 697950aa2879dba8 9250547d960340ea +IV: fa0dbde6f3a4b7f8 f33d5fe5c252d98b +Plaintext: d06335 0dca3ba1306b74dd 05953defc9a05b17 09f26e0509cf764a 6773950dfc5e17ff 03f0af917d350364 d4026b00be41f6ca +Ciphertext: 8f2d75 204b5d033310f56e 4e31e3970097fa58 0121beb727c562e2 adff066e28e4279d 358378a805110edf ea58ab545fa94437 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 52-byte msg +Key: 6489af30c4f21e27 532711d7e7bc9c94 +IV: d5c25e11569906d0 300616dd9285e7bc +Plaintext: 3fe1eda0 ee013ddef1054ca0 1692fadecb69cf8a 853f840b62c9c5ed 0d1635d7e221b3bd 52a7dc568936d0d1 4f8739c42c0d8a65 +Ciphertext: e7559d26 10fcca7f254deca1 39ae06323de3632d e5b1d28f7ba512b1 9edb023754783029 aee725a2dcc1f6ab 14024b20da4a0de0 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 53-byte msg +Key: d0ce85fcb1720098 f699e801947286ef +IV: b78a017963e125d0 5b43622d42d51808 +Plaintext: 00ef128b67 29504617b909249e fcf09ee452b72ec7 2fd107026f7d0353 ea00dddd4931a0cb 183b5f361c9f2748 e67832a2a8035dfc +Ciphertext: 944818774e 9ad427376a900781 390507e57684ea9c 26013997d6b39c34 b502514b79c71ce2 f76e44fc2aa73978 fa18a2fe6d5a5780 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 54-byte msg +Key: 485edc0bb3902da8 74ca4a2e85ed2324 +IV: 644b4b1c6ab2f2da 59a713b934efee4b +Plaintext: 5354b940b6a5 93899affb9bd4a4b fcbb380873914c4b 6d9c7c03a9f19d82 cafc7839056721c3 1d3d842691504155 14d8baf93d5c6970 +Ciphertext: 4394d5f1bf96 348e53b011e12c1a b24f502a7c1c9cfb 625eb57581a26004 00645d04bdda58f8 ccd60c9168e75ea3 f567d36b65b151cb +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 55-byte msg +Key: 80d678165d128bc4 d757e19728499bf3 +IV: b30e5bc73ab01112 51c212a612476b2c +Plaintext: 13cf746895e3a8 befea3b3f58aaecd 3c3d42476a1ca563 8a9cc369975b18f7 840ed0997fba2d99 77282a19dc935e5e a6a3226f989ff6df +Ciphertext: 467cfa39230b3d 5eb7a9b5a707d545 eb56f79b1beb9f52 18176a85d25458cc 5300c4a74250e95b 70b764c7423aff9f 17a42a198de23b5f +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 56-byte msg +Key: c6de21e7557e98b8 8259210ee535b809 +IV: f73b3239d3ab20f7 39cdf6fcd82b6d2c +Plaintext: cdfd25b367e58f53 2ddc0afc226c4c9e 4721043b623abd40 fea30615b328d0f3 a7e317f655f6c573 8d80d38bbcc9b100 6ec0e84811a8fee0 +Ciphertext: 70172c2c768e0845 f9674683244326b1 810e93c982863768 ae8ae20c6f70135c de78935c8d3f7ab7 0b475b19f4ad5460 54c17a00d2b15192 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 57-byte msg +Key: fc0e99e3b0fee8db 5d763fd7a81b01be +IV: ab2bc3e23db3aed8 74022588695da880 +Plaintext: 3b f4f98e57157d8df6 a0e47fe7bb0ddc8e c6232a2d920dce62 cd0522f1c186c7c4 3f6c3d30d557b07a 4750159a3daf763e 3a3b8a12cd94893f +Ciphertext: c0 eb5dcfec09484f10 6616a822347a8be9 a042dff58efa407e 5d18d7974518b42d 6fd54e75fe2644e4 0c7971717ed927ef 377ead21bf36e652 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 58-byte msg +Key: 0bce3e313c5f5e9e d53b18c4a73dedf2 +IV: 55c9c2490bb034c4 6d532b76ce0cb213 +Plaintext: a3c9 06b237faecd1a0ae 489af1f8ec65b198 ae7d8cd7bd2749b3 35e0fc3cf0e77d3e a0fb18201a66860c f53a1c5154db4305 00bd28eeba6fb5a3 +Ciphertext: 1eb0 775770c7dbbe36f3 20a543b5e52c2c5d 11b593d25acbb922 2ba480829759d788 04dbdddb9d532bb2 0158ca161c0a5516 36afc416b527d7b9 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 59-byte msg +Key: cfd9bfeeecc28175 349549999064719f +IV: 462d910dce5cf357 e19247bbd2a5986a +Plaintext: 21e87f e84eac97b5eb0630 2df5d348ad64fab7 f701f1a9d8788351 08aed0dc515495a4 f3bdada748ecd837 a4f2bcf37f7729f5 d696a14dceee18ae +Ciphertext: 3dbbfb 7da64d579e22b833 b4d65379d5e2391a fbb81f50666d60d5 b5cc7b396d3b0ccf 9a3bfd8e4daf0de4 c882fbf83af44cdb b9ad9ec85c4f302f +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 60-byte msg +Key: 9bf5f868a0906896 d7e1ce99746092c5 +IV: c52e26595da643b5 713475c7826ad9c7 +Plaintext: 3c502524 9ffceabe5c631655 826fbd4159521964 8e19cf5e918473ff 3c154f02b56760f8 95c1a2824aeb8ec3 ba40e01528059dfb 5cf95558fe2da5de +Ciphertext: a476b404 32eb8bfc632649be ca2e3f61512d7b63 f7c5dc297c07a1a5 b8c6d11a17a972ed dfe59c4e2a260d2c 0e0f7cdd808f66b0 2e27a956b31e569e +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 61-byte msg +Key: 441601c8cde1b0cc cc06184b68203ccc +IV: 63fc83a8faf0bb06 0d6e5d0a80d8134a +Plaintext: e19677824b 671e888af4d5827f ab2a56c6ca2f6297 ba7a6eea9f70dedf 2dc42c5cbd3a96f8 a0b11418b3608d57 33604a2cd36aabc7 0ce3193bb5153be2 +Ciphertext: 601a232e76 1236c291d6ec8e36 093352b5cb728188 67d417a0201c203e 717ea340c38de0e1 563a7380a82204bd adea1c275aceca3e b920bb2a508a653e +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 62-byte msg +Key: d3c06dfdb2d16e9c 357158be6a41d6b8 +IV: 61e491db3fbfeb51 8efcf048d7d58953 +Plaintext: 730ff30c9ec4 70ffcd663dc34201 c36addc0111c35b3 8afee7cfdb582e37 31f8b4baa8d1a89c 06e81199a9716227 be344efcb436ddd0 f096c064c3b5e2c3 +Ciphertext: 59c2afded2ee 41fda6e5133e3a6e ca4695dd1355f1b6 f9a7287d6528b01f 40af3ea2c43b864c 277fa7f197807bb9 ec54ff36b9ee3035 8da9957c99551e35 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 63-byte msg +Key: 99993fc77394f9e0 9720a811850ef23b +IV: 2ee05d9e6173609d 86e1c0c18ea51a01 +Plaintext: 2a00bb413b9cb8 188a703cd6bae31c c67b34b1b00019e6 a2b2a690f02671fe 7a4cf4d12dea320e cd499e72f12f3806 4f0cf9f339787196 68ddafd7f97161b7 +Ciphertext: 8b96f5e3964d5a 7ede97c65316ff59 0bbc3350f08d3ce6 94b604acc4f802a3 d5bcecd7b96a056f d2f443bcaa41ef0f 4a75237ebdfe785d a9802b7d475094dc +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 64-byte msg +Key: b5683c2995679e23 853b72f469cb55d8 +IV: 5e4bf6ca42b3c399 7670c23ee259bc6d +Plaintext: 3ae4a16a809a281e cbc8b66a467881bb 7b9ff5dfd2985717 54d1a86db5c5cc47 922aeb3df76b1828 2458307b911d05d7 2f70bcd9f10f7437 8b6a290b7a9cd76e +Ciphertext: d113b9739f49c0d4 e4f2ebcdfa50fc8c 120915d3a8d281bf 8db2d84cde0e135d b519ec5731714db2 677569ffa0ea23d1 b1c067662dc1beb5 fecef91cbe94752b +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 65-byte msg +Key: 44a0e24901c2b568 1a53a9d051a12953 +IV: 01271561a7006321 a2a20cc037c8260a +Plaintext: d8 b04d37a687480734 22ea118eee35577a 2ac61ffd536dfe21 e01b36f6300142d7 c1f6aeeea2192cfb 2bb8e550eb710d20 e297bafaf0d8f691 8e1c12bebcaf3ec8 +Ciphertext: 00 a66964d05879645d 1f6e05a201bc1fd6 d9dc2ad519cd1705 0474f3786d856fef 2492792d700d7b1f 3a3dff30c5c9878a a2e8040aac1d4677 3a95c22c67cb0968 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 67-byte msg +Key: a357e2fb7000f5d7 def4a080259b7eb7 +IV: 52dba7c0ec307913 d8ff98547a273385 +Plaintext: 1dda89 7b95abac8e22e785 9598291912bd290a a9f3d561d717a38a e0a825a0092cdeec 08cf54a8b94e6608 1213e07b59a24d2e 94330cd142a0a69f 48825f982e970b11 +Ciphertext: ccdf22 5e093f83a33e2b57 47f5cda6bdea9522 a81c32868ce51b46 cd43ac1104a0a487 c0298bdae5175e15 b4d5e681931e9687 30388defb5f76245 8d324cc1605abc19 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 70-byte msg +Key: 68236fbe281830df dee72bf6c7ee186a +IV: f5fe52bc3db1dc74 50fea25c280a02ed +Plaintext: a6418b0779a6 05e54167b14ff4b5 d21181d26badb46c 4b4d5a2947fba583 c714d2d684fa08b7 8f0a848896cef349 63731fb1a57dce7e f3b9e7090e73d71d 66ea3309e0019ff4 +Ciphertext: 124aa4be95be 83022a7f9661f984 25f83f611f104a44 d97ac6a4d02c0283 05388b60339a665f 786587c16c5240a6 db005090f8d9caec 7a7b93535ed8ad2f c4223ec08cd42773 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 77-byte msg +Key: 37ee7161d98b54d3 7717c387945390dc +IV: a141c67f2d8681e9 56130329830405e4 +Plaintext: 55c84b9ada 837b2a04b02f995a 0b490feeae87228f 7a57573fb8ece6e8 0091be4a5a3dc938 a4687104341e6338 be52938677748002 7a46b98f6beba097 5b406e00ec70775b b6c3b05ee9b76e94 +Ciphertext: 7ef1651d1e 8eeb54a8c425df73 a6f28ec68a870c5a 0d8e0ceb914df641 3d941152b4774a6d 594b23ba47ff419a 6727766515085dd5 54479dcea4d9613f 8c2f79d5dca36134 83acf7f8fcb44fc2 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 80-byte msg +Key: 527053e4b620ef50 f6162d7428defadd +IV: bcfb5dc60c2bab81 33edfa182341d733 +Plaintext: f2af3c3c758abcc2 1076011bcc28784e aa6d4b30386e90cc 6132c00889646a86 da5728c9d847d399 3ce2f3a8ff067975 b5cdb1711cc77261 f58698031260b3f4 b17001d108de9a9c 2160eb62e801651b +Ciphertext: f6d60dd789ba58ad 61980248c3fe228a 822ed656059b5021 9c57768160766031 cdf1f40577f08351 e4dc830ddf88b7b0 6269172788b7a947 a24d3496541b03f0 678453dd25a72dfa 68b463705e2c5632 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 83-byte msg +Key: 2276d2e1beb90696 f26a4fe6bc1c451f +IV: 03ae9d2dd77b9568 fbd193b0a0a508bc +Plaintext: 74849b afdbcd84ec7c1e35 2c000c40ce161775 6ebbdc4ab8b88d81 7e6c9f0409cbc214 ada716a2a02f9cfd 0db5ebae63b424a0 f3112785baa10774 7becbcd712301884 04a9fd2a5a10ccef b062205789e2bd68 +Ciphertext: dc3e0d ea41fe9e930ecc42 d4f87f9938412934 b109139dc3a2ce44 ed8f6f2a0338d686 632b44b90bb96a9a c289bd8ba49d38e1 2aa8c98fdaf3c502 b5a03c0cc4e30806 58d656f2a6323f02 1f78bb5fd67294bf +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 88-byte msg +Key: 61c30c16bd28b6cf a864487eaa6e35db +IV: 69e8e2c12996533e 8f1503e6aaca136c +Plaintext: 3418a77314d68ea1 280021f542ac6d5b 7040947e81e370de c4317a221333eaaf 108e2079affa4319 f5f62821ffbb75ac 456e063920998fb9 8adc83e625e035d7 808d3ed1957d1e61 96b026a7e98195f5 71d801990fa2f8f6 +Ciphertext: f3344b1d6e28e2c8 fe3945e92b8c5b56 be73fc0e89007b49 b0c657c7bd5648e3 b2cbe0ce529ae947 99113f4f837fa2d5 c7b3be07e8788041 d2fa769c434ff0f4 5a36995531cbc95a 7f79c507bdbe527f 7e2551f0f9f1b32b +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 94-byte msg +Key: e8dae9b93c0b097d c823ce45679e9394 +IV: e23208e7145f7ae8 4c4655e4f3bee77f +Plaintext: 6fa566a74674 35c68716633c66fb 750c266865d53c11 ea05b1e9fa49c839 8d48e1efa5909d39 8bd043535b49629e c27fb8f107345333 4896f62a07b8be8e e53f0562ac5e8784 9304c382be53a5af 05556176f6eaa2ef 1d05e4b083181ee6 +Ciphertext: 2e8d0162f582 d2e003be7ec75cd2 f8784708e5d0e710 55bebbf4d2460fbd bcb35b0d85d11e1b 47b3a853cc51aae2 9dd84e17d0d69bb7 6b45db9af9fb6e78 047fd8ed1fd810cd 259c559a25a06b1a db68976f23f3d012 f4ecbdbb3af48dc2 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 98-byte msg +Key: cda5a485f74d7ad6 c8d14a95447557c3 +IV: f5e99f3be1716bf0 b9432476533068c4 +Plaintext: 5a87 5d38453745db8533 53e7031bbd86c918 13ddff08cf491adb 2de8503c3d5c4f74 36cb2e8c0d2aa4b2 46bc78df0bd538b6 7be42eae44b09073 74e2f78a8cc41234 d6489c96f94c8b16 cb1c8b086639aa8a 7e5955acf2ae83d5 a06b30627e850d8f +Ciphertext: 3067 05cbcf7382aa0014 ec33923d24694a5b 1511a5afdccad134 a0c7533298229a53 568e4c57100093a0 82a99b4d2eec36d7 00fe2391cc354bc4 ff29d1cfec587b9f 4cb48b3c2a825bbf 310b9fe3f37bae17 50060b4682149f96 9e42f9120143a289 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 105-byte msg +Key: b6769b32c8a42789 1024e0f839875dc5 +IV: 435c4a00ca5bc75a 8ce30b3b26a74d0e +Plaintext: 1e a4e4e02656ad299f 2bade95d38f7f7aa 2ad0968d80124a4c f8ceea2f4735f587 0db929ef086f52d2 88b8612d2320bd96 a986de7e5b7e17b3 57f3b328571144f9 9b6138aa2436adb0 23498732b1a0bf10 c0b4fd2552d26ac9 e9c2bf9a3ea7a37d 352633df11cae241 +Ciphertext: f0 eba22b797cf2cdea f1cea9b6de373607 8ff9bfa9c544061f 3dc7b2d645908c3e b078b0c66a777fe9 63df1a9962660516 781c1b5f378cc941 ff9827d829aff0ca c8921fece7dce996 12f2c3ef61d4fd7e c50ec028e9b84f91 7e192aeb58912774 f715719f0884f070 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 109-byte msg +Key: a783f34a3ea41f57 a11e0aced8ea9794 +IV: 82360d64bfb819c3 4e431737f3988db4 +Plaintext: 1c7ef857c3 15cc579667b63856 4024417d40073123 2ed72e228fd8fe79 779d79eea0ca3ef8 b91ea6db00b0f615 1378d9f903120d9a abbf5cea40adce23 29781d6610f069a2 391d2db8128072dd 0c9c423faab560eb d7d836ee7d1b0fba 532686ccf7f23e8c 3cd1d475c5af1275 +Ciphertext: c547268321 5370e09ace2e69d6 f3512d7a12d88d8d 16de1e4360ff3201 b8b886ee6f1a182b a9920a8f0a38b5b9 d495121b600833b3 212ba68f48720fb8 3cf75bf50448dc1c 868c7471eb048b77 291a0c2d5c4ca5aa 840eeed108b0162f 72063f94ff3b693f 89a2c3e27529ffb0 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 112-byte msg +Key: 9766975b7992df5c 2aa4756fac2907a0 +IV: b09e687c59277d6b 43845940c440a70f +Plaintext: 712b483ee40b3edf bd8fc93de784cfb5 1d4b81c8ac8b3c6e 7a23adac47633968 337b9c7d8033d00b 9add30105488dd3d 7577610273d292ec 7e9ab930c0e2f488 e43dd93dd5735c85 c878f3107c9ef8de c0094e533763478d 58d2c5f5b827a014 8c5948a96931acf8 4f465a64e62ce740 +Ciphertext: d1069b3c7420e0c6 2248219beac74cdf e984605e2904e2a9 0c4f2ad5b204738f 0383c5b4afdfd11a 51d99f2d8e74871d 19d46891931b16e1 0f031185df52cc42 c7eec87dcb6cc43e ee5b7d99e9c49f5e 76fb99888955a7d6 2ee63de8f12dd283 036f4e98359a5388 79abc5c01e5696e6 +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 119-byte msg +Key: e991e37ea823fa0f b21923b79905b733 +IV: b631e6c7d6860a38 31ac351a9c730c52 +Plaintext: ff72d9d308eedb ab21fde143a0ea17 e23edc1f74cbb363 8a2033aaa15464ea a733385dbbeb6fd7 3509b857e6a419dc a1d8907af977fbac 4dfa35ec02be8281 106d2d99c0b96f97 b45193ae270d58af 766c971fdf41258d 89a9fb22c540947a 949597b269dbb6c3 30e1d60e8e447038 6be33737ae93fbad +Ciphertext: bb906cbd47ab23 921dcd447a0993a7 4b54f78ce5b143c1 3ecedf17f012b68d 4823b6aaf15d1315 da749399ff95b6c6 ff54bbc74590686d 0e00e834b8c85d4c 47179e5793bab2aa f0da289249d419cc 27f4527781e50102 b1ba66aa5fc77da8 fd5b85e90c4eae05 fc9d095db85f6ea6 03a499cb7573dd2b +Test: Encrypt +# +Source: hc-128.c reference implementation +Comment: HC-128, 128-bit key, 128-bit iv, 133-byte msg +Key: 6f392a1fd910aacd 7f4f9a32ef5aa1e9 +IV: acc0e01b891079f3 56ee5251be6516c3 +Plaintext: 707f7db17d 13ced701dfa2f806 d6ead1a5bb334d6e ef29f70b885ab41f a23db274fa739c56 b94c103a8d8d52a4 fe71424700ed8b6d c4381e99d48bdf6b 5f269dc5d193482c a72e5e7182e5a790 7a3d22d8b4953f4c 37af4e4afb6c386a 43d76da92d651dc7 887cabede5315f93 f1565ba102b4d0d4 ef957164258628e4 f75a0869367284ee +Ciphertext: 033c9cd9b5 04efda94627f0344 a27e496419efd42e 40b5aa7c6e1602b3 1d222676a1219183 69e0807d77368e49 b4e802e1b0879f76 ccbba06e7403e005 c0c8557c3efa64eb 8fe093f2b01cfcc8 30e0cbeb60b82d79 b7d29752924b6d6d bd206ba3a23e9b22 8440fa4cb8eea924 e9cb192a33c9e2b8 2fd090aa5504c663 3210751efe8136e1 +Test: Encrypt +# +Source: HC-128 verified test vectors +Comment: HC-128, 128-bit key, 128-bit iv, 512-byte msg +Key: 0000000000000000 0000000000000000 +IV: 0000000000000000 0000000000000000 +Plaintext: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +Ciphertext: 82001573a003fd3b 7fd72ffb0eaf63aa c62f12deb629dca7 2785a66268ec758b 1edb369005608981 78e0ad009abf1f49 1330dc1c246e3d6c b264f6900271d59c fb1c12c1efcb64c5 603ca15ac896d1ab c1082b17b096c917 6547992eaa0eb646 f9e1b4bd35cff88f 047043aebedfbd31 0bb6ca762040ac51 c28203fb1873e539 7afea3aa16bf4a9c 6471aeaa6fc3e042 7d311503a31fe37f 0245e30addf14e93 e8df7d746043aa71 d45397b001787347 bcbf5f23b6fae5a9 b83203cfaefc46be 76f5e28163a6f72f 4ab72fcd90c69eed ef6d5c73539f14e7 ca0bf6a9f229f12d 1492efcfdad11ee2 6de44f0e843178d2 c989d4f21fe9b53c 03c12874e83a7026 3cdc1d88eda83676 7090fb77dae5ecc0 0f5bf5ca8879733f ac19e8de5c725636 7e39e8c9c4efcdd7 5dfa9660bbbeb584 b5593dff4566eac3 7e857d9b9e21ff06 395253c287ab3de3 48e133d87509e1f1 678beb1dfa278ade 7d766ae5863307de 2bb04f975864ebab 903123d6ba517ddd 4b145efb28f72896 8e0d7437fc750977 48e1937162416e5c 98dac486bafef1cc 017df9ce8db87b17 eadcdcfc5e6812a2 7f2fb2d97ced2c9e 0b729527b9b93817 facc1adb7c205063 2575c0a3bd7955ce 713b389bd7e1651a 450c051b77f83a96 da277a370fcebc43 03a18ab1c5ff5342 b319f0593a67f2be 6de7d256cec89f65 61ff60b8ab8621b6 720206975269023f +Test: Encrypt +# +Source: HC-128 verified test vectors +Comment: HC-128, 128-bit key, 128-bit iv, 512-byte msg +Key: 8000000000000000 0000000000000000 +IV: 0000000000000000 0000000000000000 +Plaintext: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +Ciphertext: 378602b98f32a748 47515654ae0de7ed 8f72bc34776a0651 03e51595521ffe47 f9af0a4cb47999cf a26d33bf80954598 9d53debfe7a9efd8 b9109ca6efaddf83 2fe82100ecd66118 d73686bdf879cfcb f35bba32db097fea 1015ff9767b8ec40 a0f85f68bfe6cf5e 2da802d7c08ee9e9 c47510dc03d8fa2d 019a26eaeab7d658 38bac93ff6ac2b28 8c53142696c984f1 cdb28811c1587671 5524f5dd1c3a66b8 47565521adcc6caf aa6ee49fe8e03f13 276a1e8b6c4bed16 4812323da40b37bd e7f8dcc6a1d42ecf 6a49651f7c610657 b1df6e58fbef6a24 6d6d4caa83858839 86325be2b4185b4d 63d4bf766c5f4b73 0b89c3cd66018155 dfe9d37b6f5c1251 6d21763b2febadb2 12ac71388ff93586 48aa1a0e874d3b69 32d7f80a5657f88d a44bdc16aa21e531 e3e473cfe6fca9ee 20739339ce4f2dac 793210c8cc20897f bc468056d084995b 46d396dec7e1b8e0 f90a03be7b6804e6 7abd01162e7d9a1a b9df064ff3b775de be9212c7a5b86658 97be1dc3d112ca8f 5b17b8e803a57d30 530469fde4882f2c 8abadeb718ef4c48 303cf20e6453d735 8dd52e67c721381d 8bdc1dadf206f10c 7900453dfb59e3ed ab05d8816b74a79e 05a77945dd27a2f9 5bb39df39c64bfa1 3f2aae924d3df4fa 22899838adb60980 6c022c36180a3e46 a547cff7f4de1151 a81aed3646b2d86e 1f0f3c22c92d3459 593ed599d1a535df +Test: Encrypt diff --git a/vendor/cryptopp/vendor_cryptopp/TestVectors/hc256.txt b/vendor/cryptopp/vendor_cryptopp/TestVectors/hc256.txt new file mode 100644 index 00000000..5e3e73e4 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestVectors/hc256.txt @@ -0,0 +1,2330 @@ +# These test vectors were generated using the eSTREAM reference +# implementation for HC-256 using the file ecrypt-sync.h. + +AlgorithmType: SymmetricCipher +Name: HC-256 +# +Source: HC-256 testvectors.txt +Comment: HC-256, 256-bit key, 256-bit iv, 1st vector +Key: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +IV: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +Plaintext: \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +Ciphertext: \ + 5b 07 89 85 d8 f6 f3 0d 42 c5 c0 2f a6 b6 79 51 \ + 53 f0 65 34 80 1f 89 f2 4e 74 24 8b 72 0b 48 18 +Test: Encrypt +# +Source: HC-256 testvectors.txt +Comment: HC-256, 256-bit key, 256-bit iv, 2nd vector +Key: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +IV: 0100000000000000 0000000000000000 0000000000000000 0000000000000000 +Plaintext: \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +Ciphertext: \ + af e2 a2 bf 4f 17 ce e9 fe c2 05 8b d1 b1 8b b1 \ + 5f c0 42 ee 71 2b 31 01 dd 50 1f c6 0b 08 2a 50 +Test: Encrypt +# +Source: HC-256 testvectors.txt +Comment: HC-256, 256-bit key, 256-bit iv, 3rd vector +Key: 5500000000000000 0000000000000000 0000000000000000 0000000000000000 +IV: 0000000000000000 0000000000000000 0000000000000000 0000000000000000 +Plaintext: \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +Ciphertext: \ + 1c 40 4a fe 4f e2 5f ed 95 8f 9a d1 ae 36 c0 6f \ + 88 a6 5a 3c c0 ab e2 23 ae b3 90 2f 42 0e d3 a8 +Test: Encrypt +# +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 1-byte msg +Key: 2923be84e16cd6ae 529049f1f1bbe9eb b3a6db3c870c3e99 245e0d1c06b747de +IV: b3124dc843bb8ba6 1f035a7d0938251f 5dd4cbfc96f5453b 130d890a1cdbae32 +Plaintext: 20 +Ciphertext: a3 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 3-byte msg +Key: 9a50ee407836fd12 4932f69e7d49dcad 4f14f2444066d06b c430b7323ba122f6 +IV: 22919de18b1fdab0 ca9902b9729d492c 807ec599d5e980b2 eac9cc53bf67d6bf +Plaintext: 14d67e +Ciphertext: 47a9cb +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 5-byte msg +Key: 2ddc8e6683ef5749 61ff698f61cdd11e 9d9c167272e61df0 844f4a7702d7e839 +IV: 2c53cbc9121e3374 9e0cf4d5d49fd4a4 597e35cf3222f4cc cfd3902d48d38f75 +Plaintext: e6d91d2ae5 +Ciphertext: 06bf1584d9 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 7-byte msg +Key: c0f72b788187440e 5f5000d4618dbe7b 0515073b33821f18 7092da6454ceb185 +IV: 3e6915f8466a0496 730ed9162f6768d4 f74a4ad0576876fa 16bb11adae248879 +Plaintext: fe52db2543e53c +Ciphertext: 145c26f755a7e3 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 9-byte msg +Key: f445d3d828ce0bf5 c560593d97278a59 762dd0c2c9cd68d4 496a792508614014 +IV: b13b6aa51128c18c d6a90b87978c2ff1 151d9a95c19be1c0 7ee9a89aa786c2b5 +Plaintext: 54 bf9ae7d923d15590 +Ciphertext: 00 4d64730ba1000f46 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 11-byte msg +Key: 3828d1d96ca1665e 4ee1309cfed9719f e2a5e20c9bb44765 382a4689a982797a +IV: 7678c263b126dfda 296d3e62e0961234 bf39a63f895ef16d 0ee36c28a11e201d +Plaintext: cbc203 3f4107840f140565 +Ciphertext: e72442 7edc10a273261107 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 13-byte msg +Key: 1b2861c9c5e72c8e 463608dcf3a88dfe bef2eb71ffa0d03b 75068c7e8778734d +IV: d0be82bedbc24641 2b8cfa307f70f0a7 54863295aa5b6813 0be6fcf5cabe7d9f +Plaintext: 898a411bfd b84f68f6727b1499 +Ciphertext: af27098eee 93d7565bdee0ece7 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 15-byte msg +Key: cdd30df0443ab4a6 6653330bcba1105e 4cec034c73e605b4 310eaaadcfd5b0ca +IV: 27ffd89d144df479 2759427c9cc1f8cd 8c87202364b8a687 954cb05a8d4e2d99 +Plaintext: e73db160deb180 ad0841e96741a5d5 +Ciphertext: 82d9af5e3bf1ad 9a7dc44a0fb81917 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 17-byte msg +Key: 9fe4189f15420026 fe4cd12104932fb3 8f735340438aaf7e ca6fd5cfd3a195ce +IV: 5abe65272af607ad a1be65a6b4c9c069 3234092c4d018f17 56c6db9dc8a6d80b +Plaintext: 88 8138616b681262f9 54d0e7711748780d +Ciphertext: f7 fee773b376453e49 53caf4a0846ec1ba +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 19-byte msg +Key: 92291d86299972db 741cfa4f37b8b5b0 9557f5df806c6d8d 74d98b43651108a5 +IV: f679bdf7eb15b8e0 e1608f6e3c7bf45b 628a8a8f275cf7e5 874a3b329b614084 +Plaintext: c6c3b1 a7304a10ee756f03 2f9e6aef10509bc8 +Ciphertext: 79aef9 8a07f43d6bfad050 1fc59bf58b90c0c2 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 21-byte msg +Key: 814329288af6e99e 47a18148316ccda4 9ede81a38c9810ff 9a43cdcf57c75059 +IV: bfbd1c2703287f5d 895fb949344e603c e5de029842b20d2b b614ecbbb82f73e2 +Plaintext: 517e7d1dd8 84d31f01be506b16 d643218319151898 +Ciphertext: a0abbbfb8c 633da5a850763dc9 2ba9ced937e41b3d +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 23-byte msg +Key: 2b2c2e8bf90edcbc f0ca0e3d6d943192 74af8db5a490d55e 6a40fc8076024b17 +IV: 6b36b121db7d5aea 721e828d71a88cb8 5ed94eaffabfb094 741d75e5dc105846 +Plaintext: daf25b81a07f5c cb1d36e949740255 d2ac1a0bf7a92623 +Ciphertext: 50f51455955ed0 9f30cc2a14da3bd5 0ba181ce70e088a3 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 25-byte msg +Key: 405ba333b9358868 ade12ad5b2325d0a e55adce9775debb5 69c53a6c93980d57 +IV: eb879adf0468b2a2 d5e6a4c6bc775f8d c38fd62a2114a9d4 041101188daebb73 +Plaintext: 1c 60ca20cf5dd62f45 5329d7a859cc0dea 26ed554e8084d92b +Ciphertext: 96 3e6411ba4ff27e6e bcf4f4e872f8665b a8b8a1de4a5aaea4 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 27-byte msg +Key: f837b8edd57aa05c 4efa9f21fc3c3685 8e81b07dbfeeb1e4 85e912078bc6ec66 +IV: e2a3f3b9f4900632 b9f404022d2ce01e 0174f843900ba237 169208531cb5373e +Plaintext: 370e72 fbf246cc26097ef6 7ad8ed559712ca57 02b66c086e3fb0e0 +Ciphertext: fe24ca 13a251a874d1f99b 6cbf124b324860ce 4a09a01fa874f570 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 29-byte msg +Key: 3a1c9bdf3a5f40dd bab9e41bc0a6611d 92e5c8bc782b4a77 c318590a0e6a0a42 +IV: c471be0fe3c301db ff30b21a89f86522 513c053d4ab3befd 8d9e19d0a1fe69d4 +Plaintext: fa0467edbf c91914d13ff8f208 6851adc0c5ec0294 12ec946930f683af +Ciphertext: c0f0c86cd0 df85849a18b179fc 8e34ec5177b08050 11d8e46b3be6cc75 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 31-byte msg +Key: 639541e3bddda158 da4f3138cefdcac5 5cef65e569c430de af9ce25eb6364bbe +IV: 00562f87846a5436 5f6cda3cc50acb49 3d05f3ca0ed7f2b1 f4988f7418224f58 +Plaintext: 3f7447ef42542e dfbe39b6e60c671c 1b745cfe779d6b6e 9348a744b33e02b8 +Ciphertext: 575ab8949c41e6 d4606b39687a3092 3cd5d5bcf1f2578b 1000f3d507706077 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 33-byte msg +Key: 0487b63022dde456 dd617b6e3d8c5ce7 c467bc2ff2ffc9cc 0f1390a924111ead +IV: 4b41e592283f62f5 b8aefda9492b3151 ca80ec2e451a3935 aabe1c65ce77bd57 +Plaintext: b3 d3c9170a4e1632f6 0f861013d22d84b7 26b6a278d802d1ee af1321ba5929dec6 +Ciphertext: 6e a5126cac5819eb8a 04a07612961265b5 bd9b3e155401947c 67bf1732cdb14785 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 35-byte msg +Key: a62a65cff4473621 ebdd4ba26a99a812 c0e03491206ec762 4f3d84eea0a8690c +IV: 22d0247f183f28c0 a9cb01ffd9bde464 b8338b9ad9c3408e 066137743283200c +Plaintext: af83fd 23a244315cb318da 3009e16134757750 9aed4a63fb3d49e1 54f9022c4eb60a97 +Ciphertext: 9f6df8 f6cff8da4cf23532 ee64c49a1acab3a9 fa406bbd79d12c1a 63230ce2d3812008 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 37-byte msg +Key: c2799f797c708c80 3fe04d470a5f742a 9a434b59305abb2b 94dc6cb55a9d2e9c +IV: 64879827a848ee98 334848bd6edef1c2 a1c30e49b5c780bc 3ec20be2b9ceb7b1 +Plaintext: 11b3766469 a308cd15281cebe9 5ab8bfb755da5c13 ea603e599525dcf2 af6d80d2e5835745 +Ciphertext: adeb11bbb2 afaef7d5df393a9e 88b71aeb530d7069 455f4d1f0c22f87c 15b052168eb93191 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 39-byte msg +Key: e9a0c4ec670ffa02 3b8fcae4e1f9b9d1 2d2256ee3c03cb8d aa17b1ae050529c6 +IV: 827f28c0ef6a1242 e93f8b314fb18a77 f790ae049fedd612 267fecaefc450174 +Plaintext: d76d9f9aa7755a 30cd90a9a5874bf4 8eaf70eea3a62a25 0a8b6bd8d9b08b08 d64e32d1817777fb +Ciphertext: 2ec52469a27774 d9f3bbc37de99397 a9cfaedbb405d30d 453640fa06aecbed a465a6036532395f +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 41-byte msg +Key: 544d49cd49720e21 9dbf8bbed33904e1 fd40a41d370a1f65 745095687d47ba1d +IV: 36d2349e23f64439 2c8ea9c49d40c132 71aff264d0f24841 d6465f0996ff84e6 +Plaintext: 5f c517c53efc3363c3 8492ab08a3aa3ff0 3f1c55ad514fc485 96585ed5881e8156 8cbbe99f6d25c8eb +Ciphertext: bf 5021938cf2092a95 5e648f116da2ebb4 58f23c7db7c6f400 d6155a962c8c9b9b 768b09a1391107c1 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 43-byte msg +Key: 090d191d4a073101 58ec97d50d7c1508 aa480f41c8d014a3 91e8b3502f60902b +IV: 85e3b7e31d202f2d 6228d35010175de7 e8f7c4e2a8e1c8cf 3a65ca582c2de20c +Plaintext: 60dc2c 62053c62fac599b0 274068c3abba2d24 c1109bc461f1fcd8 bf4ad3e61502c020 a2e8a5f2f2ea07d7 +Ciphertext: 590469 6390409951a14e9b 32174a886ff30970 7bae21f77921cd58 adc6bd90df961fce d1e7f0737883353e +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 45-byte msg +Key: 6187b770db87b1d7 e5e94431e11d7382 8d739cc6ced4573d acb0a1069d373aef +IV: 06cc4b8cffb64c86 57192536d7259372 cb8ecea7bf3c6928 874379c68215f9a1 +Plaintext: 1ff76d3e9f b1c6d91d8a86fccc 7324508183b2b471 a3bd8c3b8b755b29 ed0d95b2ef65ae44 dfe7774122afaa48 +Ciphertext: 6d74b6088a 08811a01035501a8 d434902493efbb52 b9910c682b2b7f8e 1d974f2df7567c71 edb42f6aade11cf9 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 47-byte msg +Key: 6eeec3b53a90126b 721c0fd16edced1a 253f72ca9e7b0575 a87609cacbe769d1 +IV: 7eb874719ab0ec35 0f4e5950d6f8a3de 2755e06cebf76bbb 743d36c16c7761f1 +Plaintext: 0b4c0bbc8d5968 58e41b13c0aa0fa6 fc591789a2be2007 9dab02a72deda7b9 2f7d702f9ffbd4ae 5b574be529d26a1e +Ciphertext: 43c5ca534a926e 0dafbf3848d4102e 37a7161af9a62da9 1e71249d2de303a1 8148ecc7b7f496da 879a54deef31856b +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 49-byte msg +Key: fc254f1273ff3f02 a3b58e031635bf9a 133ded8820ca6ae7 c6d2a57694355132 +IV: 67f2c326e8969c83 55fba9f3852e072b 26b18bbf4ae3603b 22bcf26f08bd0b0a +Plaintext: c3 273c6b076c7fb33c e31a1f80bfc795ef 42117c222e01d1f5 7dfa778e51e2cf9b 2e8289da6730badf d6ab2e12d046fff7 +Ciphertext: a0 1afae824df6eb6ec 5c87959af9cbc978 f02e1d09e5e0ddb8 01491eee5e126977 ca8abf3d17089c87 1560ca1689828f8d +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 51-byte msg +Key: 584966b29394d2ca 7d85372dd91ca974 6e5d296970f6bfc6 3d22c9404acd92c4 +IV: 5cf92601fb606526 235b57ed3e02bfd8 4f95f3ba701bea7a 7e48971413a475e0 +Plaintext: b4ea64 174caeb393d9437e d666dc3a4e39f18e d84de5648203e541 951413d1d3cae4c7 fd70c6e498070754 f13af2415f943ba3 +Ciphertext: b98942 b61759b6d817f9e6 da6f8d16eb342e5d 890b153df7615264 a6c4b7548e494786 875c2607e5328ecf 414e2d4565c29d0e +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 53-byte msg +Key: c8f19d556632c16e cb3562ce2305aff7 ba4df01fbe136d83 45a28bfd91c839d9 +IV: 93428ae5af75a3c7 bf5fd8935acc129d 56cd748c8b663eb0 da87f1966f3db4d9 +Plaintext: 422af63ae4 3355f37878be49ff 89d661dad7995489 684185b9cf6a337e 5c734add90277f8d d39d9bfe695c179b a3c3ea4d52a99f40 +Ciphertext: 7d41283f8f 3d4899e19687bcf0 724626455b0b7e97 badfd9eb3485e735 50caa5f5034e4927 18add57d1c6f9c15 17d194a992f29f09 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 55-byte msg +Key: 8140aae9643ffc48 8b40d56a5b66da33 bf44675a1bfa26b5 82a1e1b728ea9437 +IV: 1a01c7722cb81a54 33e122f375fb735d 5e12fe9375e09ed5 8e38ed2040a55cf6 +Plaintext: 994e835d111cb5 2abd1fd87fc52e73 9318ce09b15e56a6 842f50b79182211e 0568ed86b1fab5f4 538fc29f17334702 5d55422fbdc0a366 +Ciphertext: d677fa7423492f ccde1917b384076b 32880c8949119167 e734514e9e92ce4d 0ee342bc9d43a4ff 414582b03170c86c 1470608aca2aea9a +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 57-byte msg +Key: 48cdb0e611d6a803 ededa67976cec900 56139221c2a78d47 447d3419be821007 +IV: acd02123a9248033 35924304b577a101 bbb057038809496b cff86d6fbc8ce5b1 +Plaintext: 35 a06b166054f2d565 be8ace75dc851e0b cdd8f07141c49587 2fb5d8c0c66a8b6d a556663e4e461205 d84580bee5bc7fcd d4de8e863843eef2 +Ciphertext: da 47b6cf31db348410 34fe48a67f575233 ead0a891d4a95620 f861fa6f7674f139 d1645769d9b51956 9c5d6987c9d4fbe9 006f07d5e3fcf7b7 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 59-byte msg +Key: 88d3fcd018e6bedb 47aabc4bfac4119e 4a3ac1987a904d89 2c3185ced4119e9a +IV: 6c9184f76aa37107 ef2ebf9041b4fbb7 7b323a0c8347b0c7 3d997e51fe75cc07 +Plaintext: 44b518 3aa4e7cd7a03ab18 14095df7d9d3f493 21e82acf106fde21 189fb6a1bf76085f a3aefbfabbede96e df3c082e8bba4a73 e09181d3eb2ac715 +Ciphertext: 670efb c6c47f639d0c932c 76d6fe2fcabc1005 7a7ce446fb89268d 29fb33f84b8140f3 94d42d757243a81f 6780189f55654498 d2fe5bb34c01d9ae +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 61-byte msg +Key: 2a9d1d444c6c5202 3970271f5213b06a fac0fdc75598fa82 4f6794e3e1d61d03 +IV: 90e2f2dd368c5ba8 04d2b265c8dfc8b4 6c7f84ebbfd5cd69 7950aa2879dba892 +Plaintext: 50547d9603 40eafa0dbde6f3a4 b7f8f33d5fe5c252 d98bd063350dca3b a1306b74dd05953d efc9a05b1709f26e 0509cf764a677395 0dfc5e17ff03f0af +Ciphertext: 3015cee8dd 559fa4d91f6a4873 675e1147143050b9 f52700b7cc3940f7 ff632ee9e0d5209e e4f120fbc7fe44dc d2e6417092fc23dc 8ec057b8a04b822f +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 63-byte msg +Key: 917d350364d4026b 00be41f6ca6489af 30c4f21e27532711 d7e7bc9c94d5c25e +IV: 11569906d0300616 dd9285e7bc3fe1ed a0ee013ddef1054c a01692fadecb69cf +Plaintext: 8a853f840b62c9 c5ed0d1635d7e221 b3bd52a7dc568936 d0d14f8739c42c0d 8a65d0ce85fcb172 0098f699e8019472 86efb78a017963e1 25d05b43622d42d5 +Ciphertext: 13f02e0329eb38 b901765ca89d4f1c fa26b65e460228f5 b77ce51de8f44ca6 1b4f3d1854141991 c341df34975d7cff 95a41bac9691a897 93df6706e2d5e644 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 65-byte msg +Key: 180800ef128b6729 504617b909249efc f09ee452b72ec72f d107026f7d0353ea +IV: 00dddd4931a0cb18 3b5f361c9f2748e6 7832a2a8035dfc48 5edc0bb3902da874 +Plaintext: ca 4a2e85ed2324644b 4b1c6ab2f2da59a7 13b934efee4b5354 b940b6a593899aff b9bd4a4bfcbb3808 73914c4b6d9c7c03 a9f19d82cafc7839 056721c31d3d8426 +Ciphertext: f7 5cb0a9dcf5771425 a57e4d1296b2c117 ec6bd7aa2a4eae9d eceac6f7ee73fe74 121b421117654fcf 86435a6b3feafb6b 0f1b01030c85dee2 c1d5f1d30c534ec3 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 67-byte msg +Key: 9150415514d8baf9 3d5c697080d67816 5d128bc4d757e197 28499bf3b30e5bc7 +IV: 3ab0111251c212a6 12476b2c13cf7468 95e3a8befea3b3f5 8aaecd3c3d42476a +Plaintext: 1ca563 8a9cc369975b18f7 840ed0997fba2d99 77282a19dc935e5e a6a3226f989ff6df c6de21e7557e98b8 8259210ee535b809 f73b3239d3ab20f7 39cdf6fcd82b6d2c +Ciphertext: 238f34 89abdfe8e043da53 9fe3b474a7356f83 282460a8a0f80cba 89e282b82e693be0 6d1575849f4201f3 9904fdb51e33b8ae 7294e67376c2b266 b5b80e8291f7a2fe +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 69-byte msg +Key: cdfd25b367e58f53 2ddc0afc226c4c9e 4721043b623abd40 fea30615b328d0f3 +IV: a7e317f655f6c573 8d80d38bbcc9b100 6ec0e84811a8fee0 fc0e99e3b0fee8db +Plaintext: 5d763fd7a8 1b01beab2bc3e23d b3aed87402258869 5da8803bf4f98e57 157d8df6a0e47fe7 bb0ddc8ec6232a2d 920dce62cd0522f1 c186c7c43f6c3d30 d557b07a4750159a +Ciphertext: 9cfa2205e5 95a3e5c893558025 88406fd6a30750ac 222a6b4454ce457c 6777ac293e04e671 bb5e13c4eeced199 4ac63bc06b02006a 4d063488fb7f1a4c 8e651f34a0b3b109 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 71-byte msg +Key: 3daf763e3a3b8a12 cd94893f0bce3e31 3c5f5e9ed53b18c4 a73dedf255c9c249 +IV: 0bb034c46d532b76 ce0cb213a3c906b2 37faecd1a0ae489a f1f8ec65b198ae7d +Plaintext: 8cd7bd2749b335 e0fc3cf0e77d3ea0 fb18201a66860cf5 3a1c5154db430500 bd28eeba6fb5a3cf d9bfeeecc2817534 9549999064719f46 2d910dce5cf357e1 9247bbd2a5986a21 +Ciphertext: 96cf22ec98df69 515120cf4ab21062 bfc59531a32e97da 14efdbd5c6123958 5f8e60c7c2ffd8ed cf8de8d3c85080bc 34dab90b9aabf560 e0ab2913b61d69d7 3c30e25871172ade +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 73-byte msg +Key: e87fe84eac97b5eb 06302df5d348ad64 fab7f701f1a9d878 835108aed0dc5154 +IV: 95a4f3bdada748ec d837a4f2bcf37f77 29f5d696a14dceee 18ae9bf5f868a090 +Plaintext: 68 96d7e1ce99746092 c5c52e26595da643 b5713475c7826ad9 c73c5025249ffcea be5c631655826fbd 41595219648e19cf 5e918473ff3c154f 02b56760f895c1a2 824aeb8ec3ba40e0 +Ciphertext: 14 5d131928d226fc7c 72cec5f638d94194 8d7fad6cc8bd10c9 15e1d94841f99b2f 82abab19669e9345 161dec0ac80d3aef 7c1337c95523dd13 dc76c4f2aa22606a 30ce4681a4af50d2 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 75-byte msg +Key: 1528059dfb5cf955 58fe2da5de441601 c8cde1b0cccc0618 4b68203ccc63fc83 +IV: a8faf0bb060d6e5d 0a80d8134ae19677 824b671e888af4d5 827fab2a56c6ca2f +Plaintext: 6297ba 7a6eea9f70dedf2d c42c5cbd3a96f8a0 b11418b3608d5733 604a2cd36aabc70c e3193bb5153be2d3 c06dfdb2d16e9c35 7158be6a41d6b861 e491db3fbfeb518e fcf048d7d5895373 +Ciphertext: 535759 cf6906976463ad1f eb60802c1a4513a8 4f96f43b108adc40 a79683d0a636c201 ff1d469487c39270 1772958b47272bf7 dfeeecb34ce8fed6 1aeb988123f7d025 f5f1fab79176d03a +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 77-byte msg +Key: 0ff30c9ec470ffcd 663dc34201c36add c0111c35b38afee7 cfdb582e3731f8b4 +IV: baa8d1a89c06e811 99a9716227be344e fcb436ddd0f096c0 64c3b5e2c399993f +Plaintext: c77394f9e0 9720a811850ef23b 2ee05d9e6173609d 86e1c0c18ea51a01 2a00bb413b9cb818 8a703cd6bae31cc6 7b34b1b00019e6a2 b2a690f02671fe7a 4cf4d12dea320ecd 499e72f12f38064f +Ciphertext: c16a0c620c 7fc25ee48f1e6a36 cfe4f0cbc1ac55b1 5b010b43a7206739 94d8bdd0bf46bb21 05d0f5dde32b81f9 ded1ad1031e58f8f 744f95479fb8bc90 425ee196b2177009 3f7fbd56486bb71b +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 79-byte msg +Key: 0cf9f33978719668 ddafd7f97161b7b5 683c2995679e2385 3b72f469cb55d85e +IV: 4bf6ca42b3c39976 70c23ee259bc6d3a e4a16a809a281ecb c8b66a467881bb7b +Plaintext: 9ff5dfd2985717 54d1a86db5c5cc47 922aeb3df76b1828 2458307b911d05d7 2f70bcd9f10f7437 8b6a290b7a9cd76e 44a0e24901c2b568 1a53a9d051a12953 01271561a7006321 a2a20cc037c8260a +Ciphertext: 3e525343524595 33f849d3408ddd53 b06ed4600bcd8267 5e9a736e4c58dfa8 62eebb23b3b012a6 606c63dbb7aa0d3c c59342b001982a8e eba6468a76d67076 1adc096b3ffda480 d0342d3af3b778bc +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 81-byte msg +Key: d8b04d37a6874807 3422ea118eee3557 7a2ac61ffd536dfe 21e01b36f6300142 +IV: d7c1f6aeeea2192c fb2bb8e550eb710d 20e297bafaf0d8f6 918e1c12bebcaf3e +Plaintext: c8 3aa357e2fb7000f5 d7def4a080259b7e b752dba7c0ec3079 13d8ff98547a2733 851dda897b95abac 8e22e78595982919 12bd290aa9f3d561 d717a38ae0a825a0 092cdeec08cf54a8 b94e66081213e07b +Ciphertext: 57 3d093a824a6f0c36 33d18739ea23fcbf d9028bc242c99b41 40f16a8d0bc4355e eca4b81b7b1460b4 42497214e16babb1 68c1ae3bd259fdaf 93a40d3c63e22d49 03de6c4ea2eda2d8 75129f731883da4a +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 83-byte msg +Key: 59a24d2e94330cd1 42a0a69f48825f98 2e970b118b68236f be281830dfdee72b +IV: f6c7ee186af5fe52 bc3db1dc7450fea2 5c280a02eda6418b 0779a605e54167b1 +Plaintext: 4ff4b5 d21181d26badb46c 4b4d5a2947fba583 c714d2d684fa08b7 8f0a848896cef349 63731fb1a57dce7e f3b9e7090e73d71d 66ea3309e0019ff4 d737ee7161d98b54 d37717c387945390 dca141c67f2d8681 +Ciphertext: 530fee 88047b998fa0b375 c689aaa25e89e038 dfe4bf42f915210b a9809b03fc4ec550 6c05b3a0fbefe06d bf9c84ddfbcafd15 761a5beaf11ecddb 120d906e0a69c250 b8866b8626cc7fff b7a2491d8cb2c078 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 85-byte msg +Key: e956130329830405 e455c84b9ada837b 2a04b02f995a0b49 0feeae87228f7a57 +IV: 573fb8ece6e80091 be4a5a3dc938a468 7104341e6338be52 9386777480027a46 +Plaintext: b98f6beba0 975b406e00ec7077 5bb6c3b05ee9b76e 9433527053e4b620 ef50f6162d7428de faddbcfb5dc60c2b ab8133edfa182341 d733f2af3c3c758a bcc21076011bcc28 784eaa6d4b30386e 90cc6132c0088964 +Ciphertext: 6e0f5dc06a be86b7e70fd697c0 bfb1f78e0042300c c105f9123e96c393 197cc27c8ad98ea1 304adb3c69893487 0a1a233729f6292f b5cab85d9acb2ef4 92c30df2675877b0 a262183a48d68594 dab1d7a5aba29e59 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 87-byte msg +Key: 6a86da5728c9d847 d3993ce2f3a8ff06 7975b5cdb1711cc7 7261f58698031260 +IV: b3f4b17001d108de 9a9c2160eb62e801 651b832276d2e1be b90696f26a4fe6bc +Plaintext: 1c451f03ae9d2d d77b9568fbd193b0 a0a508bc74849baf dbcd84ec7c1e352c 000c40ce1617756e bbdc4ab8b88d817e 6c9f0409cbc214ad a716a2a02f9cfd0d b5ebae63b424a0f3 112785baa107747b ecbcd71230188404 +Ciphertext: 45d2549448167f ddad96f4faf16992 60ccb48221e0ff39 9a4abbe7051e32c3 cce8ddb9946f3d54 c49e8140ec792a18 8d186eccdb143540 d5b0f3e60e9aada5 f6e6a633dcf059f2 a7c5be485651cff2 7f9ec3bb45069ff7 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 89-byte msg +Key: a9fd2a5a10ccefb0 62205789e2bd68e5 61c30c16bd28b6cf a864487eaa6e35db +IV: 69e8e2c12996533e 8f1503e6aaca136c 3418a77314d68ea1 280021f542ac6d5b +Plaintext: 70 40947e81e370dec4 317a221333eaaf10 8e2079affa4319f5 f62821ffbb75ac45 6e063920998fb98a dc83e625e035d780 8d3ed1957d1e6196 b026a7e98195f571 d801990fa2f8f668 7ee8dae9b93c0b09 7dc823ce45679e93 +Ciphertext: c7 0c9707963bf85e83 4e8b69625987a09a 48f5b95a2cb3dc63 9c26b6b9a5e6d84b 5464b2d09e785c38 ecc4c13a7c1e2a1c f60032946ce49e90 c1e58a862513115a bf58746a110513c5 58ecb0e54368a3a5 a0575322a8001199 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 91-byte msg +Key: 94e23208e7145f7a e84c4655e4f3bee7 7f6fa566a7467435 c68716633c66fb75 +IV: 0c266865d53c11ea 05b1e9fa49c8398d 48e1efa5909d398b d043535b49629ec2 +Plaintext: 7fb8f1 073453334896f62a 07b8be8ee53f0562 ac5e87849304c382 be53a5af05556176 f6eaa2ef1d05e4b0 83181ee674cda5a4 85f74d7ad6c8d14a 95447557c3f5e99f 3be1716bf0b94324 76533068c45a875d 38453745db853353 +Ciphertext: 0ccacf dde9029fb1ed7c67 b5d443f4e6ebd716 5c4ae35578d35f42 5e5cb42500b2daf6 ed28e9f67cc82caa bb507d766d58c814 8da228cbe776dad6 a78094136deb02d7 489a22e0f5b16ea6 f2b92cfed3529dcf 89491b868404d018 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 93-byte msg +Key: e7031bbd86c91813 ddff08cf491adb2d e8503c3d5c4f7436 cb2e8c0d2aa4b246 +IV: bc78df0bd538b67b e42eae44b0907374 e2f78a8cc41234d6 489c96f94c8b16cb +Plaintext: 1c8b086639 aa8a7e5955acf2ae 83d5a06b30627e85 0d8fe7b6769b32c8 a427891024e0f839 875dc5435c4a00ca 5bc75a8ce30b3b26 a74d0e1ea4e4e026 56ad299f2bade95d 38f7f7aa2ad0968d 80124a4cf8ceea2f 4735f5870db929ef +Ciphertext: f985e649ef e2434b8f8eb4e81c cc12a8b57c6d2748 f8c83b96fd9c7645 accccd6dfd13a867 ca159a5863e594aa c2b2b77d72217b25 6616dd01d9c21a26 913d0c90586dc6fb 89f3315c3d68ec0d 17a3af3b9758fffb 5b8387d39cc57c1a +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 95-byte msg +Key: 086f52d288b8612d 2320bd96a986de7e 5b7e17b357f3b328 571144f99b6138aa +IV: 2436adb023498732 b1a0bf10c0b4fd25 52d26ac9e9c2bf9a 3ea7a37d352633df +Plaintext: 11cae241e4a783 f34a3ea41f57a11e 0aced8ea97948236 0d64bfb819c34e43 1737f3988db41c7e f857c315cc579667 b638564024417d40 0731232ed72e228f d8fe79779d79eea0 ca3ef8b91ea6db00 b0f6151378d9f903 120d9aabbf5cea40 +Ciphertext: fae15e1e1aec54 d27943f74f3e7441 e54b6da3cdb0fb01 0af0a68455249920 101094e922d447a4 56caa2fd35a6b51e b433a2457f37fd2a 0a906fec45bf4f68 b7e1c3b74ffc8713 76dababfd998a10a 1d585d0e64a228fc fa6b718d9ca5e6b0 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 97-byte msg +Key: adce2329781d6610 f069a2391d2db812 8072dd0c9c423faa b560ebd7d836ee7d +IV: 1b0fba532686ccf7 f23e8c3cd1d475c5 af1275d39766975b 7992df5c2aa4756f +Plaintext: ac 2907a0b09e687c59 277d6b43845940c4 40a70f712b483ee4 0b3edfbd8fc93de7 84cfb51d4b81c8ac 8b3c6e7a23adac47 633968337b9c7d80 33d00b9add301054 88dd3d7577610273 d292ec7e9ab930c0 e2f488e43dd93dd5 735c85c878f3107c +Ciphertext: b2 99ab0e8c328077ee 1171c03b4813d9d0 dd00d4234a1a5036 4b5b8edb79d56a94 3715c63841ec9112 88f57831fc708b6d e8059cdbf56ec1e1 957811b1906acebd 461738fefaeef4d3 79ae65bfdda06281 99a652086b0e582a 0ef094a2ed63f7ea +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 99-byte msg +Key: 9ef8dec0094e5337 63478d58d2c5f5b8 27a0148c5948a969 31acf84f465a64e6 +IV: 2ce74007e991e37e a823fa0fb21923b7 9905b733b631e6c7 d6860a3831ac351a +Plaintext: 9c730c 52ff72d9d308eedb ab21fde143a0ea17 e23edc1f74cbb363 8a2033aaa15464ea a733385dbbeb6fd7 3509b857e6a419dc a1d8907af977fbac 4dfa35ec02be8281 106d2d99c0b96f97 b45193ae270d58af 766c971fdf41258d 89a9fb22c540947a +Ciphertext: 6201aa 41853c69bfe7509c 4497e03e5331894e bdefa0076cde2951 c94eefa668d375f8 85b74d55a547721c bb987bb975095a69 23772bd97acaba3c 3543195502c1629f e176af42b0db64c2 dd5c1378ce027d01 6d0143b548117f33 9c372f6b501d7559 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 101-byte msg +Key: 949597b269dbb6c3 30e1d60e8e447038 6be33737ae93fbad 4714cd757344647c +IV: 3b93bfd33eb70c02 b1a1c99ea4af291e 8723b9eaecd443b5 8f23f20d9331b830 +Plaintext: 0e4fed22c8 b639fc4079b387f0 b74a09d215655f23 6bc64c67beb411ad 6f593e14b169c78e 40045ae451def0fb c49da355a182bfda c24c1bd9cd59aa4a 660f4d56a27aeb19 be36c4a61190024b 3fe89117b05a319a 409dcaec382afff1 7ea105da0869b6ef +Ciphertext: 9db9e0c733 7b586e8e3007fcd7 27802f4c7f5af7e7 e8f57045485b5a06 318ae24b66f91668 b852732ae22df6d9 be3f12c3a130979f 6136cdfd5b3ee0ec 85cd03e58e9dbdac 55d1b72519a3f0dd a772656b2119a27c f246dfa62a4f275e 7a07958f50455c1e +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 103-byte msg +Key: 9697e18ca112e56a 8ef47e202833deea 4d8000a8e76f392a 1fd910aacd7f4f9a +IV: 32ef5aa1e9acc0e0 1b891079f356ee52 51be6516c3707f7d b17d13ced701dfa2 +Plaintext: f806d6ead1a5bb 334d6eef29f70b88 5ab41fa23db274fa 739c56b94c103a8d 8d52a4fe71424700 ed8b6dc4381e99d4 8bdf6b5f269dc5d1 93482ca72e5e7182 e5a7907a3d22d8b4 953f4c37af4e4afb 6c386a43d76da92d 651dc7887cabede5 315f93f1565ba102 +Ciphertext: 8d76651bd2cd0d f1d198d79006391b d1abe428062d68c4 fa50f42fe525d029 5a43a1d41b25f8de 9a197236f73acca9 461b54847dc77cfd 66a04a0379397fb4 e3e697530a7f71cb 737a5f973a3a44f8 35bb4cba36c6d32c 64003c7004ec88d4 2dadeb47673499f2 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 105-byte msg +Key: b4d0d4ef95716425 8628e4f75a086936 7284ee023cdef7df fae2750cc5d3ea10 +IV: d1a6cd95f26e3079 5f18a023b7584d13 41e36bbd78dfd798 c797fe729174fb06 +Plaintext: 74 29ffd0cf2df62081 6e676ef4449ced5b a304623796d53720 e8f5cbc2241b0d26 c132493396fe4274 9401801bb3a0eb46 2d829982eb39e58d 3c24c161cd934d6d d62da826918f05be f03602338f9f368c e8ac0960c64ac997 fc51fa7456acedd4 d0b994b006f294e9 +Ciphertext: 58 11a047afb24feeaa 320993ca90c9d327 9a9895a0ddb2ebff 15a4cec388f4ee8c 370fd8f48e288618 c2153e5383f5c2e1 ef82d702a35022ca f6038da50d6c65db 6b9ef3d6bc657361 ddc5ab771465b203 4a4df574dff44e1f 69eb8bcc941134fe cf2a0359c1724773 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 107-byte msg +Key: ecce9c45bfe2f5b4 3b4c5bd90f510cc5 8e451e06a7ab15e0 179eb5dadd70157d +IV: ee90f5582bb15147 902837f5ae96d5a0 5bc8d61ca8dbef1b 13a4b4abfe4fb100 +Plaintext: 6045b6 74bb5472cc4e0a43 bd8b614dafcba2ca c04183a00c2c9239 2c51d78ffca9b586 a157127fcbdcb82a 388efa9b7a479aa1 f95aea533bcb32eb 63bf52d8f831a80e e8e734a1cda4fa92 6ea0a8e989357903 d0db592e31564a73 5a2e06b37d60e6f6 505302ff590d9a24 +Ciphertext: 10f5db be947ea5523fd718 d42ba581b884e27a 011b158d0f57849b e00d28006278375a 4fb9586677478040 518d5d5e2bf73b92 7e16292a606bc70f a10faa1f99c44605 888464e535b447b3 fe8338d472834f36 7584cfe075c114bc 6c99fd7f30431a72 824ad367e7433ef7 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 109-byte msg +Key: 68a7b55c65fe079a 4bac18597537a378 19873c49129e36e5 e283c4c2f77f5e87 +IV: 2d8c671e950b0c0b 75b56ffd8fd405a3 a6b33cc13f536283 a55fc2112f621063 +Plaintext: c5380757a1 c3500153dfa64208 97389c0b994e448c e73079a1d044158a 1f76623992dc2e12 8d9a22ef10044f67 e7030a5020bafa82 c2696fdebc91f58f 1c592a908130cc6e d3b4165031d24d34 2b2f967b32c70aa8 4cd50c650df2dac7 c28063d2ef495940 fc64867e2b5963f8 +Ciphertext: 0b4df311f4 8e259d4bfdafe02a 1bdcc49bddf33b58 cd12fbffa5ea2725 5d8363eb938b903d f04bcbc8295a4626 e96c7fd2cff9991a f8c0042e3a2d4b5a 76cb43aab97734f8 ba19af82acfcce4c 16e42a60238197fe d6b153bba801c9ea 00582e11fc63df9a 1954e43a114f68c8 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 111-byte msg +Key: cd84e796b6bf9d86 ee3bf93da9afecb8 79b5b608c370fc0d 70731a82e4deba39 +IV: 34caa6a893e8daa5 0e64de6e7a1052ec aabeca39e5eddd5f 96a9796346ac7982 +Plaintext: c8c97abab38bea 8c16196101665c35 ebbb64496d3c0825 bdd8cd4c29380ac9 58f1490cd3fdeff4 c36c202dfd57ddbc 3b166fd8acb209fc b09da93adca13fd2 45171103fb595e21 d37a41e86a34d910 6621a721ff2e3789 bf4e03ec856b94bb d0a2ea083aaf1e99 43a6463b50e59958 +Ciphertext: f4ae8442db65bc 6dc4398d23f71f02 7b7a5e3146ef12db 7c9d06d36dc74751 5050857afc89520d 6fb6591ce1ef2bff 28a1988e6fc2c578 f4eb3f012feec097 eecccded558f6ec0 f3285d04f6724d30 292dfcb1e2aeca26 aab17e28375a1b72 6c314c19e4fefc28 942ef2898992d0b1 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 113-byte msg +Key: f446d4cc6d99dcf5 7251a4092c7d51ad 82fa9cc399e77883 9b5af5cdb85165bd +IV: 6becbd81ffd93e67 510f543ad7bfbecf e187efdb1feab407 64fd1847a9628567 +Plaintext: 55 7a2be7bcd7a508e5 f0da279019224a77 b2abf9d59e1a4f25 f775502cff407d39 5ae6a6ac7b5b00b5 5d00775e73c745cc e197c4c1ecf28066 afd5914810df28a0 f3b667d7aea77649 bc8cd34ab5f3e966 7d7ce5edbc83c5b0 8fffb1057eaa8f11 ad63d24656d0922a 7647e25ac7ef5ecf +Ciphertext: 91 14c10e1f6c8e3dcc 21ee8fb80ccc71c7 0f90ca188867c5f6 be8a4d3d69c311ee d7f37aca54ab9a84 02b81808acef02c2 c2c8c4a3cd48c61d 752b1fe06f22f0ba 483a56da00d29dd2 3b0ee08c4bcd76c8 ca24af467b585056 ca930782dbd32175 2faa4bf1fbb21f33 d56a41e4127eb5c5 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 115-byte msg +Key: ef220361f7164489 febd596b2fe9db14 f0b48e005c1f7edf f4f94d989103cb8f +IV: 9e51c72483f3257c 64d531830ce43331 2472440da9dc5ff0 9d6abb0cfc76582c +Plaintext: f1d1d8 3d4a62910e2a10e0 54fde3c0f1b1659b 76244f60e6d861d5 bdee922f305269e0 b733abb0c9b6360f e6eb2da9db00553c 42b4bfa6480fa843 b3509d752328e384 972515a934710f65 42bc0b1778770ace 7943765c9ea905ac f60be0558bda056e e70ae9a5d7c3628b 6f5ac5324e7f4bfa +Ciphertext: c10fc7 8d08db8d55183837 9aa03a7fc6d27216 fee0bbee64e02ea6 bdea7d865e6d182b 50a836722b61ce8a 61f768fbf1191336 a09472f1f42ce411 5eba66f9c2da4f61 981256c872a87f64 6e2c315d6f112627 d67839a926444e89 940d28b0c6c690a0 cbbb6d39764e0bba 71ba8e7c34db123e +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 117-byte msg +Key: 24b8baa8710e41b8 8f05a3f5f2d29846 afc970cb3b15f928 75aba321e781e268 +IV: 49fad4b247a52410 85282e7ddf7763b3 f54aef44e7cd9ae5 5d99ec0dcbe395bf +Plaintext: f3f30ca3ab d8755ce05bc816db 31305ec375b13763 550e6a2e0bea1d80 0f2da7278aa9a322 0efe43a885bae86d 68c5ef2032fdcd38 131d5ef0e8e37a90 6b72caefa7f5d936 b0856ee6904d1a1d 84eb0d15691a2ded 718e6aac1a204b83 612bcd5232366e6e 24d385a263c6d473 ed6a60a80251810a +Ciphertext: b161d14248 34d24b5a271351ef 5a5f7424bcdee9bb 4960aa822cf2f018 19f4b94422a427ff 1991690ec2c88fa7 db37badc3b64662f 93cd2ba55a738c80 3118a56f4d70ae18 9111c089c1b38d32 b814bb3619b662db 5f8d0dcf3edb8df5 f5267692712280e3 35ea366382f181f6 f0c0f26546daa7b9 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 119-byte msg +Key: d52b356988e9b9df 57225b5914b58a52 d3b02fe2e67040f8 0c0a91e3e5eaee18 +IV: a9ba682f1a86ec2e b71d1a0a33ba536b 25e314b001928333 479348cefa2d9e9e +Plaintext: 5404aa06b83e0b f7e8e5b26f788cf4 408336dd139c73c8 ac07cc2c702a61b9 243ed1a4f74a5a3f c35242cc90cb7593 5a536f32149f5c35 ecb57ee6d15bd066 32cfe9fd09b822af 195dfb107315bb59 3ffe57bab9f295f2 7ab7711ef976c0ce 516f135e45eade84 8171da25223ca76d 79edb61e0c7e6628 +Ciphertext: ca7e8d795ebd78 0732c717398f2b07 f046b0176e5c17f1 7c68e3e0cf292221 7f0529f89d96ac7f 6b936ef6618c10d2 8f46804aecde2cee 8b9eb79cb19b5b94 b48f1338edc90c97 5e0014fc209085d3 fc63a73867d46358 8565d22e29d5d37e 09f20a05778ad7c1 d8ab4706c8a3340e 933dd8270f4c1fdd +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 121-byte msg +Key: de776d7bf1647a19 0886196fb1c9d6e5 83f6a5b4a52a81f7 90875406152917ff +IV: a15b3aa5c00b466e e07cc1d7583b52fb a854256402c59121 0a33f818dbdcef9e +Plaintext: 4a cd9f456e556bf560 b9d43f3f2999ed77 f322de43f71e1171 5b6cff6680372e61 346603042933d810 a5194e707cf4e479 3c64c970a772ef4c 667661befb38d66f f85586896ee43c78 a95aadf21aab0834 95b2ce8fbdd3e424 bcdfe7ec3737bffb 803577050ec74b21 2b5d03cded068032 67d595aa208a1880 +Ciphertext: 04 6623e9a6c276089f 44aeb479b1938f68 96339ddf779712d7 d27f7cc2dbf2b286 0f1c8224fb5c1a3a d8f0f4e9c993b224 ad01329c00817c13 30f67a143d39f0e8 ca76a8e424936e65 0b31d9d9d5dd0f36 81f53f104742c746 828f10a8f779b9e9 0fdc717b7b81706f f99d3c8e2554a2aa f40888b0160effe8 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 123-byte msg +Key: c56e38f71a7f108d 36cd7d80f0242d92 95ebf909dc4c75fb 1b96c5c8badfb2e8 +IV: e8edfde78e57f2ad 81e74103fc430a53 4dcc37afcec70e15 17bb06f27219dae4 +Plaintext: 9022dd c47a068de4c9496a 951a6b09edbdc864 c7adbd740ac50c02 2f3082bafd22d781 97c5d508b977bca1 3f32e652e74ba728 576077ce628c535e 87dc6077ba07d290 68590c8cb5f1088e 082cfa0ec961302d 69cf3d45a3d356c5 025ffc3ca4a7dcb3 3d1df3405ea0f5d8 f8f0f0651c662c18 04e257015704dedd +Ciphertext: 1cdbe9 9d2ca7739e156925 0afd826ac6b5e857 b531e76c589f7088 c7f8ab2987a9a288 c73d6cdfa55babd6 1e4a3e9a403476da 2414cdae05b0c935 d933635d0c22aff9 cae3a346f9d4823e 2660f1b3925997a3 11d963dbb00d9ed9 82846e787541034b 93c4515180b3920c ed9b994c52cb2fb6 9fde0f692df59f82 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 125-byte msg +Key: a99f9e2f416abc92 20f9d14d3fec4b28 1767107e66c26494 31810c290586b34e +IV: 83858e781cb93cd4 18d5f0dadd3ed125 6e77a18232dc9d47 f794a5e636c19dc1 +Plaintext: 98f91340ba fa22212d999610c2 fc50780409ed9805 1ea2d95e036a5f71 1d64def1e476afa5 973723682e0c1775 9091c8e1063ae969 ef3af36eb6a3bd3e 02cf4c952c00ec64 f6437fd07a9a167e 6059be0e54d19de5 b72c3d3095982725 d8a8b48cbbf6207f 810ee06e66873566 d6730292ddfadb02 df415eab8991c6af +Ciphertext: fe5e55bf92 1d1d821e2b57fc81 0d8725d1eadbf584 f778c827fcad802d 6de1145d12fbb3a8 e1715943b6561e53 3863de812b2246df e7d010ad219e0768 8171b82cffbec5e1 53dd1c5a383a2827 c42dbdde68182dd9 dd347bd11c4ac972 115ec99fafd8d2bd 3266a71c44930757 ad1666436f670469 8328836f5735da4c +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 127-byte msg +Key: 07b5bddf77a3727e 9e5fec48da1d9eb3 58a63b7587fccb46 cd41ffe778d5c163 +IV: f7bf10954a4e0bea b7ff4b69bfa276f0 50b911c03c21963b eaf4c7ed4cad41ca +Plaintext: 108d54b61b3e12 4b33b7a6d6fb5fe8 a225752e7ae3af64 699e215fc4eb616e 6abbe9324bd1bcb0 277a4da598789c19 533fa237ab64ef5c 5752926e743f396f ce5e99525b56100d 08f489efb81ca134 8a0608d75ba729a7 8d6c0d9d062e7c6d 7b63665bee918250 7509352d3ed1b55f d0e26eb49393a56c 93565b9481a2748f +Ciphertext: 039d8ac1fda893 9e893a842538884d d821480c72a3b88d 29877053cd98b5e1 d9c97f6db0ba4aa1 85f53dafef24cbce f2e9f7a25f7a4dd2 7220c96fcff7692d b7ffe5dc3b40636c d3d81e465224c850 cc10c9ac8283e9ff 617efe5551422059 0220d43bd83bd4cb 90dc642efcefc042 d24d5021899283d7 27ea10c104c9c93f +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 129-byte msg +Key: fb3018f60c6a5aa2 f7211706307e21c2 ac3b9d765a12aad4 f27644faed8267fe +IV: d42f77cabec9df2a 15a4f923980b2e87 a6795ec6b90c8107 31368f7753b69ee1 +Plaintext: 91 c64a800b965a1157 faa12b7d5f21d346 04774cb767732cd8 fd06b5ba256161b7 5f5bbffcb9137e45 8bd7c7e86445d115 44b0af5c0cc66c6f 326f592ab9f8a6d0 617030981b529a68 bf659fe001e1a69a a2d397b0e3c2ee7f 3f930eab59aad764 34527ae7a25f8c47 ff125a6d1e3c7d5d 84a6aebcd4b1db8f 8b3a7a46edc01df9 +Ciphertext: c1 14ed74894867d102 24f733f8c09fbaf8 eb47cb58a3b9a8c3 08e1d4a1292c5c41 bd9cbe2d20716db4 93710f79af4582bb 76a228846b81e338 6f1810ccfecc0937 e609592676d7a762 1b4a9f4b78ec8cd7 00daf61a2015a2af 98b0c4457e4319bf 2db0ed085fb61716 d3e7b54ab1a30b2a 9a7c0a64ebb12e2f 96a979f11ab063a8 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 130-byte msg +Key: 46f137817d6ab1a5 a197a49f7ce753f3 9987c8d95a287e2b 45025e829f19ec9d +IV: 3cbfc302955a3fe7 1b677952cbbf7880 0319a58494d18030 18e89238864ba295 +Plaintext: 0358 2c28fb9e0fa071e4 869d936d5915927b 55f8b012f90f9bfe 722af918ca7a44c4 5c3cd8be8b974a17 b3c8fc7a607ceeb4 be7dd7735191754e e6a02106ca14a60c 3985534319964f06 e91a2d6df47cc0cc ca5d317df07e4ee0 d7e1259f0b2bd237 ad4d95b4236328bb 0edc4fce7cdcb0cc 60dee5b73f9ed0ba 2b362e6bf5876f4d +Ciphertext: e4f9 f7f06a80f4ff5e8f eaa33ca468ac01af bcc52127ef41f6e1 41f3572a2e135043 d01bd2c420ca9059 f465d16900f3ed8a 06d8da7ffe42cbc2 adba44d886a4ddf5 20cad634d54e00b8 ac1c1872f30b1b46 5ac595b7f99ce55d a59bee3c28f8a7ec 35c0bf83f0ada205 44f35a380dd4c9c7 56824d439ba179d0 602e3001b1b23d19 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 137-byte msg +Key: dac69910c77c3e0b 578926626565bb67 4a1caaa4b9a1e6cc e764f1f1ef2657f6 +IV: 760c7b488af395c9 d004fc0ddf88a1c9 e7fddc8896696ca0 3ceeb9652d9f5b9c +Plaintext: 67 92e0337436ca2f92 e7d8e512c0876dfe b1d754fed152917c f54bba07816478f5 7e53394dede524e4 5b4252c5b6743bd6 5f236eb980a286f1 a03059467577726a f959c2dcc0ec920d 88c3bcc212701bb9 3046408f206466e1 18efa8b2229e720c 2a7c36ea55e96056 95e28bcf7b83f5ed 4cca3048569e1b95 8410111231e06025 3a43fd3f57e37607 +Ciphertext: eb d17999e6ba9af11d 34aec941c45e6bd5 20e0e16df30aa6de 2ed1580118cf7b23 c28b1a11bd4e1310 74daaf7ad92ce90f cb63b08fd2db0e69 db328c0e0d3ea548 22c68753485f3ee8 5525016c4a3b38c0 87a20f85008dae4c ff3345ea1eb4de5c 1cce7a4f6090a432 f7d9250333bc253f c0f33b835323ef3e 15997892218b6b26 3dd91c3457074eb5 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 140-byte msg +Key: 2827b599b6b1bbda 37a8abcc5a8c550d 1bfb2f494624fb50 367fa36ce3bc68f1 +IV: 1cf93b1510376b02 130f812a9fa169db 99ced213d6a7d695 de24de3cf01ac090 +Plaintext: 46672b97 996f45eee8cd9217 7642181512f1c136 9acf0031c255b770 127859af2eda4cc6 5a4291c33d4aa63c e557abe40ccec55b 9a85c04b6b78f8b0 51be79775dbb654b 5a9696ac9bed8541 f7c86a6f11cca52a ddb25d0b5ff767a3 b6d469105a703fcd a2559dcf8920f6cd b17d9ddfa8532b4a 6b3c209a2838cdf2 48a271a1ad63a2f5 3865ee548f4bc388 +Ciphertext: c8c71a96 4631cf126707a31b b987a47670f38cc0 8e197c5076af21c7 0367238396081d7d 68745b91a48f8f1d b4a6aa60295009b1 0c29ae0f761828e1 99126ff92eaabd1f 499648bb08a3b7ae 6b587a1717da3e44 b9b83421335b5d43 3d7c7ebaf48f2d08 ae50738056339e9e 638689c2d2bbed92 f18250e70ecd096d 73e0716fa895d8ff 8ba38f7fb6df802c +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 145-byte msg +Key: 5f8c5b5acb1d644c 0d51204ea5f14510 10d852dffa556b26 b0d16435d4b21c42 +IV: 547f0cad9c441f89 0b38c457a49d4214 07e84d779f22d674 1c8e2704248c2e28 +Plaintext: 45 bd192b2f68242820 1cafcd9f97945e6d e7b7fdb9cfdf2893 6cc483a31869d81b 8fab5cea511a3433 470937fda8e1f62c 1ebbf9b0252d4cfc b4633bb9207259bc 3deac736c6aab22b fff91e2698d2e22a d57ef4ebec69e73e af2eb2cf6af4b312 0ffdf47c907cacf2 8da709822f0e2c51 542b76d4ec3a0243 a24b724bc095ef04 4c0d6b227737296f 393c8079353edc87 +Ciphertext: 13 e899d09b19a9c847 c56214ce120248f2 dd87d1a13459c4de 916c25cf3aed0442 d8c773ddfa18fc81 43010625a44b4c7c a74f6113936bde14 23ef0fa1dd25303f f8e23ed5880af801 b74d7031b616743d df7d73d481916c88 f9d5a2cc27563e18 07df7cc98fc57fbd 3a8d6db059bedb6e f1eaea20d0e46dea 7d4d3f3c053037fc 18b2103212ae2015 87f1721a7e627fd9 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 147-byte msg +Key: e805d2ec49a4f2d8 e20397e8fd14793e 41b5924384328a4a e00b737109f8b6c8 +IV: dd2b4db63dd53398 1ceb19aad52a5b2b c25932bc0ace2b0a ba33d8ac188ac54f +Plaintext: 346fad 10bf9dee2920b43b d0c53a915cb7df6c aa72053abff37f10 ae12999cbc12595b c377050bd417e564 20744a031949d0a7 d463df9fb2b27883 3fa02e235aa172bd 970c1473e12907fb 648b6599aaa0b24a 038665422b20a499 276a50427009413c 5327d30c987da16a 62b1903b56e310bf ff839e0c71658dbb 2d1707e145724f41 c16f48bf403c3b18 e38fd5d1663b6f6d +Ciphertext: da771b 36697022b2778860 e9d006128c8b4da9 daeca573d39d1637 eb15c98edb4764cd 24bc938cca2aa37c aebb1985bbb4ab18 81579c4878484f9f 4f1716979f50e406 c79cd5906b9b5529 6cca65b0ebb46c68 2780aa1d5fac076b 78c631f7758abfa0 85e37256cb5f8c3d 85f4516276d3e106 11cb082431cf46e3 ffcfba26aa5b46ef 644f600617470358 68c4c77b5ed138c1 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 148-byte msg +Key: 93e3cea8bb4f1b4f 5be822032232a78d 7d75238d5e6daecd 3b4322cf59bc7ea8 +IV: 4ab18811b5bfb7bc 553f4fe44478ce28 7a14879990d18d12 ca79d2c855149021 +Plaintext: cd5ce8ca 0371ca04fcce143e 3d7cfee94585b588 5cac46068b5bbe4d ecdd8f1424cd36f8 2dcf1bcf597eb939 93a5fe77e8b1f581 4766a25285d22e87 a47f442855edbac6 bb3f74c6723585fc d05a987c6b7f8fac db67699ec1c4699d 086274066aa3bc5a 362b9b9051dcc1b0 7b05929dd4d6ca32 9f186391451bb8b8 9defea566ad683dc 26fa59d6fe5cb67c 1d0db5842da0ef3b +Ciphertext: e26216b7 facb2cdcf492816c 315a4d8bc720a2b6 00b4d53afb7eeafa 9bc2472c7bf3d403 6b6d76d09d8cd3e4 7c4157635876cdad 8780304dd29dfa18 e292c5ab816868ab 7b52abb2d95fa6c4 928b4e123ea37332 63d7ccaf77d27a24 3babc174d9ebd78a 95d6dc3e86d42bea 0a8c87e6dbf0f925 2cd3131e51d9a649 cfbb19d4b530d954 570b18aba98a6d03 77d2eeed91e48ef6 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 151-byte msg +Key: df57d41bbd6300ed 8c6dbf5e70587511 1476407f9ba9893d dac9d97ec446eed8 +IV: 250f0f4b94b29c7f a2c4e94d58834c81 e1ba75de83e5fe63 d49643cd2a17745d +Plaintext: 5351e9db86ecb5 db9ab87d3f764c8b fdc9ed1e23fbb104 1863e36b24baaaf5 32cfe60ad57d5b72 8ada11233db2fa57 0e34d6e254ea54c3 e2ef7af98a5c4698 e003961b406045fc 13cc97824df4d7db 3a8a3e6a7b3a1762 4ce0219408f83585 ee5528c42517f37a fed711437a24293c 0c33ed5e9fd2420a db9ea1e4a476bde5 e42f66ac8b89ad15 d462490dc92a39a5 0997ab65c99a1de2 +Ciphertext: c111e6c74720e6 7b6b6170a14aa58b abb3dc22cf8a7fde d1459c744b5f0ed4 e9f2bb7ed787e328 2af51bab40b93dc3 f9d7dac0f4227611 7616007365aa5e51 332873df1fea8dc5 b245d401886af22e e6cd0e78eed7185b 5c0338baa0ed5b86 cf8db42379a752a8 49a65f4233ac9af4 77058a67fc08440c 5bb4183d1dde70b4 ca1b3b0769c13828 03ed0dc0c186d387 0db988efc829faf5 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 152-byte msg +Key: 91c29268be27e04b f8167c7aa0bbf51b d7058944ee4f3cbb 1e4027007aef138d +IV: 214b465cb8bb9daa 1801dbfb4364415e 9d0e5ff259b329a9 31734d4c5a02c4bf +Plaintext: b706a7874dc04589 f7ef72145af12222 1c2c36db51ac955b 360d7fb5229c1e38 b9b95ef16380ff70 fda8e9cfceaabff1 bc26b608bf83a85a 97d76444ba06497f 912d13a2e341f4e8 92f3e73485d74152 e5c688808c81892d ba96a5000a886c1c a52a6da3b64c4b78 1e99144a68c0cfce ffd2544b9eeb615c 0915e9f2fb69af98 5f7814fbc2e92da9 096319195fad92ec 7213c172df0c5770 +Ciphertext: 04f547dc5588423b ffeff22429b1da59 001ee7d8e215bf0d 2b2b5c14505cb8fb b49476addd7dd786 be2ef91edf78455b 4748a7c2934c6c91 5db6e480e60b1d27 8e310946b84077d2 d1d65146d74a7cd1 4ffd15ddf34738e6 ab8d2fcc8bf2dbfd 7cf52ab9863a9c1d b350fd29b542c396 070c23d368a57ddb 1f6c3a09aa6faa56 1909b0796f2d475c f9f616dd5c5a6a51 63f7e66353c7224e +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 154-byte msg +Key: 1bd92073f33b7a26 deb1b2f15fc202bb 169ea953e5b134a6 5178fc362b94f0c7 +IV: 6f1d945b6c384a61 25ecd12af8310b9c 7d4a032ab1552e04 5421f18a8f3f6407 +Plaintext: da5c 569c1dce917a156c 5e54faa34c155fc6 2ece59a663f2e363 5ac581815412243e 6c1c4e23d5d876da 6459ae3f4e8c83b9 322525cb5ad9c8e6 3ece49824950156d e0c54762a1e310dd e8205c2e986ab2cc 18195ced9b22c953 a58d2f69cb29748e ba7e4fb17a03ab1e f4914c97b218b4a7 e7914833af33af52 97ea7b5f60050b4c 002eaf38eaa00e44 8f94c5a325fc51f1 a7742fc61d76418a +Ciphertext: 11bf 22a6ffea3cf65005 0aa9a03160b2f347 c5601ebeee97ae8e 3998c2afd6472113 2a33bc027b599a64 b4435ab6ad31c5b8 05ed8a74f420f075 cc3f4feef60d7f30 b4189748982729fb fea8786932f865e7 8fcab93dff6078a1 a35eb5b1137a9623 494bd792fc395971 2ec4201074275aa8 f92568c1438ecc67 c36b8f795edd46a0 cdeaee5c6fdcb570 3ecdfaf121982188 43bb6c279c15d9d2 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 159-byte msg +Key: cd748b924ca04cbc bfb021782202f8c2 11117a7880515360 ac5acd6d5149a43e +IV: 1e6316e866fc39f5 189891adf14fe294 f07643330b7b741b 201171282e8d4703 +Plaintext: c59027eabbe7b9 b421afb20f75bda9 0d193d27df0498fd e0b89cdad574d71c 72aa43e721b32974 00c23fac281713f6 3575ad4d03d57095 b55c422ffc8bedcb 96b6c47d14b78914 e1e38ea7803d1b70 15ea10dd27e5cbe5 a4f44c9925db97fb 74cf5a124c2dd03e 5f6ce5ca9d519bc0 b461ac01d39c7194 b468023fd9cc9f54 16de4fce4f7fc69c 83458c3d09b95c8d 1ac3cbdf90622a4b eda0ac4a9fc6cc80 +Ciphertext: fe51f232ae930d 9412f5f9a8297b79 6dce76d3ad42eccf 78f620f5a200da51 aa7627a91c0a4d49 3f43bbe5e8d37e0b a7c954f517edeb1e 03ec4bccc090a0df 30ff69ca466e2998 52a9d6ccb1020653 44b08debe832aff5 97226449f9e6b14c 9332cdc19c5515d7 3b69370f86ce226d 5971381b0125112d a227b97bba650e1f 9cef49d799bf7722 0da7c9d54c9fa37a 425cbe0c9f682648 db80d47395886647 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 162-byte msg +Key: cce9d8a71333d654 57cb294cdf268050 f6b39fe59fbdb258 8592e10031e524c3 +IV: 7f7159db53df94da 88eab6ec29c1415d e4ac6a5bbbf370fc fdfc2d8375b3ebdf +Plaintext: e12e 7874a6927d1ec130 0b7301f477497300 68791e942ee2f131 55b0fafe7aded96a 5ef973133927ebe7 5169ce88ca1d8df5 c0c7316893104a7a 820f288d7cc84e6b 32f2242b71feec55 af54f746e4e019d5 9bcd5a364890ee1f dc29682a97a52a7b 1de820a2cda9aec2 4ebee6f36a9affe6 201402c8f46ac768 8a85209b737e54e0 4762cf40f4321778 552e025a07532771 782392e440a4bc9c b5abbaa9b95ab4e2 +Ciphertext: c650 78b5aaed06b0f112 acbb6331bea547f4 59593eb3df40698e 86225469367f6bc1 b59bffe9229dec6d 77083f43f493c7a6 df5b972482b5d896 2c982d683fdbb8a5 ecea41b4ab55d49d 4e466808ede0aef4 2401ab3f9083cd16 79fd9f4c81c019fb 73d4c8993bb4664a c6bdfb92bb7bb191 ca224df35fb5ba50 23e12186d22594bd 5c59e2564703a538 925a08fd47f089a8 5d3fe0ec410dcd78 6ab88b6ba9bff8b7 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 169-byte msg +Key: e899cc8fa011beed 2db342611479bdca 827053d448b40584 249c1c114232cbf6 +IV: 02e61045fc83db3e 42617220e4dd143f ba06dc575d99e920 7730bc223db6e1cb +Plaintext: 39 1ed2bf4d54186ff5 74b3edcc3bbcff52 bb4972ec5291b02c dc519553286e7f14 a9dba49b6ebda9ce 54cd70d37bfe31d2 f661ccfcc7455dcc 0aa2118c70b8391c eff39defb8121356 6a8850018522fdc2 21eb0e95e04d4fde 21783ff1760822d7 59e152501a5ed614 1cac355e41708cab a3b0dfbf85f0adea 899bc78923a562cf 4d6f6ac67ceb1990 d300c9f397300615 e478e8839e779f78 a9d3505d5dd9208c 34638e59c6ff0553 +Ciphertext: 7a 70adc1506ee7f300 8272f581e65d7571 ed33c29f304c21f1 83469f0c66971196 cce7f6136661032c 886901ba45e8c13f e939ee5cf01c064d 6d6079565fdf33b1 1f1b84672e626ad0 cf886aec746d4669 a17501f766aa8a41 2f588ff669171a5b e1cff93741891c85 fa37da83937eeef3 759ace91a4f6991b 0a35379d0eb2556e 1b4a6db84428476f 6bfcaa3195ee9522 79445741a3231af0 8e23f1ce4d22a483 f15b84f7b049afda +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 174-byte msg +Key: b1c770a993864c0a d0e8132a4f11ebe8 82730dea84947786 6512e0e3c2e4f15b +IV: 98e2b22459884330 40f7cc51e23cb6a1 07d51c21b7717ca0 98f8b3df77cb28f2 +Plaintext: 244d47e983a2 31b0e0b7b1348382 73c7848b70c6e1ab ad79ce13253a4c91 03dafd0f1540375d 7e535730ab1b586a 8822a49bf32129c8 71d8b06c1f3e6abd ecdacc3006719d3f 92e14e6aa04d897c 5e7a0c0f8b79b852 2f87e50a8a31f9d7 4abc39b901c3dfd2 d5226c6e7a133f40 5d9767ee2218b6d1 514c16f64c5c2068 8546ebb1ed80229e b0de5a431fb5a23f ed415b419f444acb 3ef0eb364f0708f7 05418b20b4ee912a 89dcbff1797bd900 +Ciphertext: 92180e41f442 af088c0f904d2254 af69417c9f421973 c8036bc419776af7 cfe0ee424492ff72 16e8222e3727f614 b69464e0c7d824ae 7a3021c3e80f89b9 410a1eb08bfc9520 2b41a1f77736e7d9 755a761e45834c04 2da23aa8f19f318c 1aee9b053abaf409 a460f9188f5db69d d61a0ce8f2d4a9f4 9ef2dca62fb725d6 22b0c05e128d202f 64a69a27d50b72d5 38c4b226ec2cc87d 9da3300844e7a1ae 98763e6962f75ede 0b7ebac9a773ac5c +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 181-byte msg +Key: 3f900fea469cca5e 3b0bd4797ad90c31 74c00f3d5551fec9 e544816eac0d0b61 +IV: 5ab060eb66d55519 f41fd7b4fcba2f73 a9338470ff8da2d9 c191fae89265e915 +Plaintext: 5a603d8aeb 1df5d7e5ce48e7d6 d3e932a68c8a3533 6b9f1f384d64ce73 0a21f9074aacaf1f 9b3000d4c12efa51 4dc1d73472267438 137b051120c70898 233b772816b84248 7891fc8aa091d4b3 5040c81b8d621557 aec1f216b42c7d49 d9c0f6876c662baf db9d33cf127a5f44 03ec6e23864500d8 64f64e0dae9a17ce 5437deeaf2c0529c edde0e6abfef824e 8f50311405d71e03 5ca480bfb91abd6e bb28961a53cd9f56 d6dbf32550fb2517 1cf17ab5b121551f +Ciphertext: abcaebe169 bf4974f20835ac06 54d44d1cfb76b043 a14df87028029d62 1f0b75612a771952 7857f8f5cb3d0bf5 c726548115c1e06b 5fc87f9f55f3b8da 246c5aa41079a2d4 42c21e63cd9766b7 255b5514386f4cd1 2ce626439f279b3a 94d83552708f07dd b882c5633dc85edf f584557551af83b7 4cbe558747d0e033 018f13121cbc6dc5 464db0a4246524d4 7cb5602b4a8bbfe0 872bcab66432ca87 e276a3d9b1103bcd 6d05123bdaf71634 38e6fb12199d73c2 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 188-byte msg +Key: 52f2f47bb3577236 1b88df3595fb27bd 1c4bc66da330e8d1 59afcf332a8e76b4 +IV: 890b749c6dce22ef 991b0041214c55ca 2a7f16bdf18c09d6 0f3a2a32fbb24e64 +Plaintext: d03306c5 5008c60b29b7471e 787c29278cf5dde9 ec1fc2549b818e57 9aa7f0f7afd2749e 65eea6b554c47a74 a271ebf9ca17e398 9cd25b7386eec34a 1157a494ae5084ce b3680a13a1aa62ed a815e36b6d4cef73 0a8e1b5a56e790b2 68a8b2635616fffe 425f394d98d2c72f 914e59a2fcfbcb22 3d394c3296d6bf38 a584618d2e8aacd5 1bb97c8cc1a271e2 650694c9ff8e3d4c 3dbc3422cb221683 d2d2fa3abf1555fc 45601bf8a58327af 2d24dd06fe6c0e99 13001b537f335e3c +Ciphertext: dc7b4e9a c21c37565fccd851 9c7bb95aa82d4860 d598e4feab1fd1b1 2bc0fa08fe117ef6 8dd77ab1d48744f5 2a23a85d5d6670d4 08824e2c476613bb c4b7a5717628d50e 7df0e902ccd3c21e 73cd47d4eab621df 560cb318951a9040 7fe38cdfb13610a4 38d75a00e033f68a 21dc3d01836b9d28 098d5dd9380eada9 2accfcc6a600b4d1 08d5bda41fc13831 1569e59aa3d833b8 56682eb7b7e46d64 8234e156b2442b5e 9b3359b1d6a5aefa 630d99d736c35e80 ae15642446ff4795 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 194-byte msg +Key: 7ac5918f20c01ac8 3a5eb8cbdeb33ef0 907c8182fd06b3c6 ec4bec39715e0a1a +IV: 630abb2811b6d8ad 318cf5bb19db36b6 32b96412a9ec3f5e 670b168244e09645 +Plaintext: 7711 e01251ffdefb2cef d6fe9e683f87f2db d437d88ae8e45ba2 f9e114aa877f9d21 26d34963d3ba12cd 841bd321036cb82c fb78f2a6535faf59 bcde498686d0bd84 b8f560aa5ff3cd6f 269a22d0276c6cf2 015d5f092bd74b78 88014b3a3b41c080 bc00fd9b2bad441d e504f23b5690f676 0e6e877b16551747 84d3828e4dd98c5e 5b7a8a00dff05f1f e9e0aa2b36df3e00 4834d3c3bcdffb0d d9db574c65a10a66 bced6e9f23c406bc 59b6b4686f612cd8 da36a9abc780df14 aea1303a2a9f22df +Ciphertext: 090a ac778fdca2730c59 a2e43efb43de656a 6848a06bac357919 27a961f8ccb48e37 851814483ad3da0d e146a416f2f5ba65 b1eb8848d34d3406 652b7eb572440f8a f9a19a76d4d9718c 106d5f4c134ac1a1 d91c3533327e56ca 2407707b7118dc9c 2e206d76fef0e613 76f7686d88e106f4 1ace1ef5e4dbb7ca 99aee747616935db c3ce11d75ff56587 f9f479e92022ea4f 70a1ec7b699893f7 79b1faf735d1e1c3 96ddee455baa2890 ea27e6a7135c4166 13384b72a99ab21d 4b9c518ebc85ddfb +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 195-byte msg +Key: 409d32213d5d0f77 baaa1ea945eafc72 f9dc3daba22cae76 2245ddbd1366dcdb +IV: adf84198ea1f715b e98f1f9b90a10f97 76a52047007a8992 ca5d63c148ff6834 +Plaintext: addafa 530bc467c8bcc56b ec0226f67eeaca30 9b76c2baeafa1b37 18c7fa0c8407ec63 3be8777626fdf50a 82e1a239911df375 8f4b29cae87c2763 a8d880503384d587 36c95e28dd72c605 47753c6137d6c7f8 0cc9d940f31728ef 5bc2b9bda9ec3d6b 2df5a10455e4e163 21081df5d7dfeec0 f836faa47292c6e1 17cfccda4e07ce19 09b56992f71aed2c fae06c7ddbfe11d5 3ddbb37fcfb6aa43 c645e22f8b9c2e98 b051de5b29de9368 b9465282aafcd840 c1002d58714b7c1c 4f6d2245c67505f0 +Ciphertext: bf4f55 56590d1217d2689d 6533a258c3784394 e4f2b88e78e2ff95 a427dff778ee3839 f55a938dea3be9ed 78604e50e5ec4aad ffdcf007b4a44eaa aead155679191ce2 dc798ea390df9b3a 0a181623962dbfc3 d294d8ca854831d6 8de5a751e5ed863f 2c9b8a98d298f920 48f3cabc0c91576c b1538c5c3bf998d9 5cc4ebba8e537721 1183835c3b72230e 5ebf88f633944235 466e940b19f3e968 bf236d5a7dd36153 9d100bb66242f4ba f2019726b1f7432f cb72348b73681959 24a4c2764256c1cf +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 199-byte msg +Key: 1127e654f67b2046 82f78baca0ea086e ed90b7c019e3759a 8fb5a36858fc2a04 +IV: 3c6dbbe12b4c5c89 dc822049b4f0352a e9032424e788558f f3c2d2da0eba4c7f +Plaintext: 1cd7633645ae22 6a9c1bc9e9fe91d0 df3dae28057e13c4 16e07258835fe861 67f78e65bd0c4b7c d109ec0ff44876e0 7432ba4acba72bcb 17a0edbfca122e6e a316b949dd48c871 a66c1a79d258466d d10e4f13de287870 7a795a8e19f1337d 1bc18198fdc0d009 d10dd090ebf6aa80 de19940aa7c9a4bd 27b4e14ed7c2a095 b7400ed9873d094d 3a3434daa8ec4a1f 839db2b78c5454ba 0698ac866b4e1cbf 5fda8794e2871b44 c9296ee16f01cd55 a8e0d1a2f68f326e 006fe0be3f5d5002 fbd814527666aff7 +Ciphertext: 2abd9e45876aad 4978821d13c31a45 852d7653b4f5a371 ac3733a8df9f9bbf 2a0d7c42621c8499 1fce24ac1f180c0d 2ea99312a2640bb9 1b848b633e333f09 8ea4f9bddd154873 16f60cb4d5c1e938 88fe8db2767485fb 0e4861cf59f1ab2e d02f8521a6ece659 04b2c9187caa5a61 114c5ea135afcf49 61006345c48a1837 be4fcb52e6c8d90d b08761c55124990b 6260e585ef7239cd 72bccc3ba8e3e6aa 481363588c689abc bfbb3359aa106cb4 d88787bc8b3265bc c57dd8fee0ff1968 551f910e49d40d20 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 206-byte msg +Key: 33a72da9fcdc2735 2b17544e44e6e1fb 7fa87fbab7e46673 82df99aba26d6cfa +IV: 9c0744bfa61e9f12 c6af54fa39181be0 122a4f44237ff3af 200df4e902fcad6b +Plaintext: aab5b017c73c c427f9bf2a64376f 25986e8eb9456ac9 b297fac9e8984f05 c2a3a6daf91b27dd 9e5c0c705ff20593 060adbfd4225546c aa145839ff20512f b189d89da5328daa 369a46e97a0e6d2d c61da39f744da90d e30c8185c0e9d023 840487273ec3c24a 93c7f153031f35e5 6ebb0d9bd6233157 6669bed6b35b9488 43fefc9f4c388f66 bdcd53d5828d2662 04cb6019f010b4ef 3a11575461df6407 f45e802e55f8baa6 bd92b49880bf084d 9334e5434b7df980 67ee942651db0a48 a10c59fce36b0bb1 9a005ec3851fa34d +Ciphertext: aee133156a0f 8bea05b14887e8ad 22edf688a41089bb df9e3ded1b872c49 000e0695ecbc5773 8332a6aed8f40bb9 ee27e1c362d31b53 6a70ffb520c805d3 8dfcda41f77488fa ff6f4f79e6c9ada8 146c45d2fbb7465a f5e043404b8fa8bb c1082a175cb3de49 709435764348701f 2de87ffea000c5ff d7beebf20fc59b14 d03e95883c68cefc 712b7d1b6f5e1a40 a9cae56877e3e894 9ecca3a1d58432bb be04dbd793039661 de1aedb668fcfe42 b5e40f8f563f127d 079b0cc921a6fcd1 570c04dac65c44d1 435a60d8cfea6b7b +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 210-byte msg +Key: 3f6ed0c9b0f6e6bc 750bb94cf251efcf 307df94c305cfe98 7f1714be0bb5b6a4 +IV: 35e173ec27eee319 6818dff3ad0df12c f3ac0a43ca0c73a9 f4c006232e599e6f +Plaintext: 4e2d cc2a8e57ccf128ff b7c723dcf9b66cf6 06b928b149da4907 5d985f15808bb1d9 454b8d3a898ddc48 a78ff9c6f0b7c4e6 5577f2536773a774 82e646f04441886d 4416cb9e0135ad7c 1915dad3bc752201 5f42cffab5bc3590 dbd58af2d3d9f872 3354f18b1e31c322 741f6c0c4639afd1 8de567af1bfc1ce2 d12cd423139b2b6f 79cda609c7c845c2 20765778764a92dd 45266379817d83f3 cdb5cb8cedcf49ec 7e499321e4435be5 85e2441f35f2f4ad f0cf6b61cf859349 3536183449bc7971 aa9060da5eea2f12 0b2adb0a6977fdca +Ciphertext: d5bc a4957f38beda9f1e 04cc6466e2a4c533 5948ee77231fa431 4d4ff93dccced7eb b787fd5b268b9d98 b32349750f0c3832 3fb1cba9b90f88e9 24815a70e94a8dae 55c4cb7de9eb3121 b89260764bfc8c0d dece8df74702e7fe 7ef5c9816ae71316 010a2548e2add4e9 60d939df13abc2d7 62673dde8210c26d cdafdf88b74af206 c756fd00176c3911 40360f5986e61c0a 7487af3de81538b4 2264882ee77eeb4b c2a14ebbdc3f60e6 92bd669cc6c1b88c b790f02979efdbb9 8ae3348fc128d42a 114c646fecc4669d 103e3b6d91181b6c +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 217-byte msg +Key: a6266eed5d736e72 78622310abe48765 69b43d1b05e6d11a 18c340fb22d4bbc0 +IV: 743da8c34d4deaed 43526228e4b2b517 9e375004dcabaa1a 72a5c9d43ba208b5 +Plaintext: 00 57173a9c46430d5e 90f87baf0a8428f5 921d01b7a4267301 28aeda0a8e3a3d14 1dc4389488033993 c3edf054147b0037 6dacfbddf9cc8d8d f5f6f7d6c1d8bf76 37b6a67b3bb1dba8 934a6e1afa22072c 6f03d897d324d0de b3a912e9636aa5ef 4cf56d9a86d65a66 aa16df4be101a69b 412c822d5ab7a5bb 0bd013899b785647 048a733992f91e95 ad592a2df3a1434d 8b2fdfe7b50c72ed a572e1ff918b3a46 097ca2a087a28ffd 471b37095889480b f412d90c0daca03d 289766936e2ab9b4 00d3e1168c5a1565 1e65ee2638411b9b 24df57e6891d9870 +Ciphertext: 88 5ee9e87c0da401a0 de4fb87e17b9b831 80716e3ebd9786e2 c902f7ad6d0e3d23 1f5c54f79156ee5b 55e9b2a07d06a8b5 7fd64931f752c8ef 9e7d14535e4faf1d b4a087c9977ee9e5 977676123c4b9dcf 88465adc9b7a4f64 11092b882d0ffa03 4553f05a49dc1e0c c717965ed64838a4 9adb309f33b99e10 ee6bb55abc3d683a adee4f6c58c32ec7 ea62525551fbf425 09f2808befb6a0a2 4ecdc5f73581c45e 7685696175caa139 90b235e506556e87 ef7aa32fc08e3889 f91ac7a436923b9d cf9d3e7f315dd057 708c6c49071a325b c60ace721bc46ba3 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 222-byte msg +Key: 47898c5ade3b5894 9817e4c9a71897da 3e37ceba5226c5c4 9e40bb52e9c1518b +IV: 8b32347c2e28fb6b d22e536714005924 affa470643cf537c 557ed48f9782a7bb +Plaintext: 6a49d1fda2e8 652d890da98e2635 74a4bf1fda459c80 0bf30ef87969b045 3974edb7ac04c2e3 5e83c59c2e65671f b001768ecf9fe6a0 b7d2d096f208bb71 d05f1b620dba1782 ae158fc32c155e26 d4e3dc2f6e3ba797 1dc0a4408693406e 3423fc333b47282b 1c8aee6ae9c593b3 aaf4faeafe426acc 066690de7e32c8a3 2d69981280d27d47 728aeb79ae9e8f2c f8d9d7a8c9dbb4a9 396b9f58220fda7a 83d9f8e822839f3f 76bf8dd8c3c8d9fb 873d7b4f152f0f95 8079d696ba4ffe5a fd1a239b6a831579 f1cedc70706af986 1fc6efc92b6602f8 a1353f818e1dbcab +Ciphertext: 285cbee16ca6 8e24b38c8946e981 d795c358cecc6db5 782155c1bb03f780 f5b73700a01ba3a6 555497226fcccb3f 71e9e9086683ff71 eb36af0173263633 daef490ed59b9f64 31cd1cd958661d34 367d8977aca59a5a 4f59f607c1902056 9b5fac05c2ef7ae2 2a63d9d91c6ddba6 789f76b8ce67782f 0d2b1e4e1a4585ee 7ed2d93db8e1d513 d5b4009ea83e8b7d e06c5bc01ac7e661 7987acbd1dfc6ef5 84505e8fe59d2161 709bf2dd858c801e 9967744846ebb0f9 730cab854da66cac 021deb59dada3522 6ac1cd4e7376256c 5c1c322cf1912292 403199a07ff8fa1e +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 227-byte msg +Key: d52115a0fa675faa 62e027fdad783787 1c3afc53a7163b65 49e1ffe69f9dd681 +IV: b1fb3c0c101e586b 21a2e6b1b8dd7589 e864d2d51ad1c494 5dc4f909fd28411a +Plaintext: 57b8fa f6ebc1cbfab32996 d6b4b0a7ebd27632 f8e8befcf618f158 4060e655f76e6036 a5b6d82220c17d1d b2c87a3776817703 0539624b52236f02 d3f05d7ae29ffcd8 6297ecc4a5f3a765 8d1dc18cf29e6f2f 4434471a722546e1 0ad41719a19292c7 75b6841951f0ae54 b1da100e27d0679d fd02f4cf1cc77fdc 2c359c98fdee2ded 263c2889ec619ad4 6528ec25ddc06535 78caf1d419b121da 833a7261be5cd231 bd51607c3ded74cc f02fdf39db1674df fcb5c78f318a34c5 550c23daac838b7b 811cb55a0d3d4323 9b1670b2ea799983 d3ebfd6a2bfbc184 ebd2376d8e0c5fb3 +Ciphertext: 89678f adbbf9ab258acd8a d8d1b9a56001a2f0 38af20c9decdb7c2 0318b6c6f74b9898 51068c973a306d69 a593448e673221fb 1735f8cd80fffc34 4470913092567306 79c09b728943b923 05ec676b2f70d4da c63e69eb8ea47f6f 6cb5cf329d9022a1 3a923c05aabfcc1e 0f6576ca2b127c29 e9e3fd8486c0e842 78a6586b9de4341b 2a5bcbe16e5a88fb 7202e7d4e207793e b3b2f7e0e95039ff aa6e8fc94332fc38 013b0d842292d9c8 795afdae10aaef61 030736a05b3dd03b ffc85250af85604f a8e9ba2010a06d25 1cc2e2cd09992581 0d8c2a914cc5999f b8d0f375fcc4f009 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 230-byte msg +Key: c6ae8b24f80fc3ae 0628f8d291de0943 931bcbd1abceff8d b534812e9e57c2b3 +IV: 76d4774ac7e09371 268d735b074a5995 d6a91ce943661e83 dda47d52e2798eb1 +Plaintext: 55ad874752bf 7b2b9f298c4c83e5 5c11db30c43c6a8e c914710ecbc37fcf 00fd8bc321e240b3 63269884a96facb8 f8fecb382b92c950 e88999fbd2491e61 00de3f9eafe43ac5 33a83a24348a2bca 16a6cd47b9b307b3 632a7ff2faab6735 779e9ac49716e7fc d3faac939366a724 9f4f0ae7d666cdbf 223f487babb30155 4b83c3bf433df060 2c64175930cbc9cc 7942a99fea74c37d 0d101f1e4d2795c9 66d6e2171924fcf9 242da3fc718139cc 8ec7d3f75da690f4 0de52a6448d0ca97 aede21528392b4d0 a49f7706c04f9e2c c425b07897c2dd2d 080591d4057649c9 0de5a6fae74ebfec +Ciphertext: 2ca6969c52ce 8f796309856bfc5f 47f732756765d31a c4da7df29d79bace ecbfce249686d15c 8139e9f0cf06bf58 57071c0eb366d902 e411fc7d3446b5c6 9578883f33f7edb4 c1f2a4fa13df5b76 1cf7b82286a725f2 3eed35e67de8eea3 9044f85108237eb9 a7a81a70c4e14c97 195e93ae424ba13c 3b71bf5444700131 c3878ba277e03400 aa7bad24bea432e6 588ba24f737e20d7 a585b62e47153382 35fdada0a4b9d9e0 468c316ba95c74d4 a26dceace3d68a39 6ace2052b95e8d0f b17cadf33c260226 137d216c8c6697a6 058261477424f3d4 acaef7bc8ad75c6b cf4c70cb3355fb74 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 235-byte msg +Key: 00bcff84fea1f205 a667a90190512ee7 b97df7eae1ba676a 319996af21c755dd +IV: 99996d2456e92838 90211301da950193 49165360d8c377ac 0b23af42d3711466 +Plaintext: b237da 0a1f1fd5452c053c 006650aef3fd8372 d0250f03bdbb6ccc 082c67301693becd 9d21ea0213c23cae 67fd2b3bee1ceddc a08e441284899b75 69f451b1d78355cf 4524f3b68c9aedf1 9c67ceb26ef07b17 3adc0bade9bdd833 cdf2d6a090cc2467 6aefe1f997fb418b 096ce01a5abf56ad 04d70bdbd49e4d8c 9cef9f0429b4541d 744b5dd31c2f6006 14d40a7c99d2a526 6846eda42d751f0a 3eb354e589840d79 cc000f4d047c71ea 2766f3df15719108 ccf25810dc8a7935 1c069c4b9a837604 d8d69e6e352b9cbd a9eb434bb5e442dd 9aa4f528ca258194 9cb01f3f43fbb845 0195b33f98830b09 +Ciphertext: a6dded 06e73b2c8a9d61b3 eddc8b46e569b75e 80184a1246fb806a 5c1544ab82c37cea e6b6003af94c2e23 2c3a029f6b6133a1 7725fad66d0af115 aac14559bd5fdc40 f6e82177a7437c6d 2b5c5a3a7bf81c2d 37c65aa3dd345dc1 5d9c5324d7ce9bb6 a96c16b715a56cb8 80668afcaef453d8 fd67adbc420c286e c30474feb3289728 6e4ae078be10ed7c 1b2998d2f6635272 34f885a50f37348e 0046e89ea6083606 8ce2c9359f49378c b3fb6feca2278262 afaaae1f9aa7c06f 1e1dbfe9677e087c 8defbd3d57f2f8d3 c85e2c1da2228312 eface13dfc38d7f2 81cb0817318bc6b5 63b7666607b25145 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 237-byte msg +Key: 2ca4c96172df2c39 226cf3dd8e5faf27 7886c86c32fac4af 04f5c615cee35599 +IV: eebc5f0164907e11 346479fe0c3c0e26 2779effd71650a4b ec0d0d95524f2ad8 +Plaintext: fc33187e02 7f5a8aa485c316e9 403aff859fbbdf00 219e3b15a21cfe59 750f261db2f9be94 d1480c3978d80b6b 92ba1c5aa134f827 5508e9475df93a29 7d8ceb18e10caa62 b1d0ffbae5c1c7db 5b16e36e2662312e 2ad1bb4ae6ae2f0a 902990b667582ab4 457bcbf073843081 c2d7be89d74e735c c7801be5e443c746 d66f7bbfede527d1 b5d0d8a3cb2b30a4 f08414725cffa4fb 549d70e2ffbee824 76e515fb1abc8702 2a588f9a95bdae8d 0ca54cf25c7dad51 fbb12207e0297ceb 9814c63197e4348f cc99569f78439185 3fc2d0d180d177a7 e243991d2f8b6ae4 6682f72b0b6514c0 c21d96781cc4c3d2 +Ciphertext: 033b230194 d3bdab10d19f8d4e ddd8869c1f1b88b8 39313c96717d09b5 e0743988fce3a6b8 9980d3b2893c7fb2 31f4b7de1f9b8a5e d1c9c832307028da 04b0d09f9fc94b08 b5e53c597a93c5ff b0068ec10de179e0 ccc4be441e6573a9 9b0feacd61341c8c d3c8fcf5ffadb587 b8bb1b373472be95 465c766096455aab a47ada6ab66535bf 921f47ec3b530c16 10926370d7c55060 08b971bed55e4e68 d8a139cc6f6cc015 df87e135038e433a ad28aedefc2c92ce 39c16ce33de9e418 4fc615964a83d7a8 df5e9998c2eed4a5 fec2c5edf44befa7 1cde0b1b733b840e 4b490a73b252606f 96596e07523c33cc +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 238-byte msg +Key: 6407d76f02e94431 db3ceb93ed9a5705 b90eaf1f4811dc35 6cb8ee2a482bbc89 +IV: 1259cbd118ea7211 01753bb556f48ba0 4175867b94122d4c 0c22c94ad8b18df0 +Plaintext: 552e77501c64 77aa3eacd33dce60 ca5da09278c651fe f930873ed1237a3d 8b0db4eea192153e 9c2319477cd25ec6 5a6460cf4ca887bf 89086573ce5e38b7 0009b701123f0b60 29a41baffe1c0c0e 84de0893cccb3f3c 25fd2c2887a21a07 320be6d0920006b2 6657ca4c21c5e220 90f32145bed4815d 153766c7c5982716 6a3ccac1e97d0f1b 9a62b186ad72e8e4 c6ca324feb6e530a a0dd9ab750e867ca efc3ea3dde5d2d86 0fed55c669cd2543 6e8cc3181b3fbf2b 0f175160f039e20c 0bc9cead3a4869d8 0b2140721e7ea123 cf605d0815efcca8 aa0f122a6d33a1c5 0476ff77c5e8cafa d725f9f4942d646e +Ciphertext: b6e324687f25 5055cd75de9df61d 9f630d20daf3874d 799573154970bcba 8b0121b776063fdb 079aa9716324d4d5 2919d3753c02e52a 01071bdbcd067b9c d475fac2ad086a8a 559c50cc60d8b6a0 6bd5cc3293785fb8 3d5725ce9dd21a4a 1480a3a2aa9f85af ff3874907d85c7d8 69a72e506459d3a5 64b99bcc194a6a2d 6b539ae084c0f98b 61f6ff4cb2067fe2 383e05c19a20c5d2 673eef578e77886e 094f0459961396d3 7e8d58565563173e 49ee98be0f6fa75c 2452ef4c7ab4ba8e 37dbd917611aa5bc 523f2fd27c2cd08f a79c932904dab390 9274cbf9688fd349 3739ecde568ae267 f0191eae5f5b90d1 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 240-byte msg +Key: 6f8787a3278269b9 ea657d8e7fabdb23 f1040547e258d4bb 2208b29381770adf +IV: e1c9fd8b8fea5784 d3d2c11cc50838b0 6365bd88e11b4efe 40f616e322e1e11e +Plaintext: ddabd296ce0b5853 f0e25ee0acc1c2f3 f3ab094f8b1c51ea a649864bb9aad937 8bb66e8c8dee556d 691cbc9fdddd6333 ca5d50668862c3c5 7d8c6c95eedbdc71 14713a357399371b 67094324006402ba 0f03f99381f58ed8 ec442f87687ad116 a0649c592916e4a5 122f5c36bc5f86ce eb266e9f1ede986b 1cfb37ead0929f6c 5618fdbf566d4653 91186d9cb9d5d9b8 864d16520624cbc6 3538ec85cd2830bc 5f14c630a3a4446c 0d4ce01fa0cee2c0 07005973e2cf0d30 5e84b62208466b4d e3e05d74b7c5c53a ad511b871952892d 97c79fcc59e848f3 bf66fd8728f33869 09052c533cd7b303 9ab1889ccb6ab649 +Ciphertext: 64a0cfe7847230fb 3dbf10a8ee3dcb0c 2ecdfdcd3b722474 9b38619329043082 1e4103ae6a1d4043 fdf6b1f6ab0614cc 070d65690e4d2384 689bd04de7ea553b 14a45c3adf5a636d b1cf2d859e9e4a01 2c8aec68ee81ba47 83582578b3e5c478 51a90fbed52b0f33 f51ad5165b2df3d6 4f522fd6eeb80670 87aedaf4c839e62c e53fddb309939e5b c3270f6744601d62 c04f2c48eb13e024 50f96b30b555b5d2 7f61f3893b7b9589 25de5f275aafd30b 0388dbd49f2408cd e519aef7e1412768 a82d3814bb649fac 278b3a943cac9cfe a2282f96e545a472 f140cb571d99e79f 6b4e1d337698db7a 0b2be19be64803e4 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 245-byte msg +Key: 2b50231475635581 66297dd6387f56f9 0a9995d7e3f510fb f48d255f1d515a82 +IV: b3d441ba81469fcc 0ca2ccba1c285ddc 770e0132f073a9f9 a094ec7c7442a92d +Plaintext: e894eef411 d918c7e1d03c7ba7 1cc6dad5f260f506 1516bc3f04b7cb75 717e8750f6f16a2f 040a9b6c1c95c2e1 41d91aabad7ac82d c39e6b58454ff42a c721b8756314c3e2 afbb6f35ec9e36d3 80dec581a717516e 658a2e74bf7c9e9b 2ad9e7df441da833 c2746cc5a9208084 c21c02e047ff3bd0 e3222f1ada0571cf 83ef3c14ffd5c028 257dbaa3bce447fc eddcfa4ef7f92c5c 25ae93d2feb417ce bbabe09efe04b4cc c01e80578baf3444 ea66d4551fcfcc19 13768525934f35a0 b855fb05a7722b24 7b9fe76a804cef63 a202b97d2547c50f 96c22b99019f764e 6435b4cf64e6ce3a 3f47166302811f61 fcf8d14d722abc46 +Ciphertext: be0c8b63ac e98563ce1d839a54 7860740c6d963e82 abb64f54751327b2 b89b2b55a6ade928 da675a4fb35d7d30 a255e4d32a2ff3be f29768e549b83aa7 17c540bcd85b6ca1 dcbb68011ee98a86 56460db89284e706 3f07c50290990878 936235cc1126a2b0 c84eb16194915e33 ffd5260f06b6510a aaba560c6c945868 128f4b13bec0f2a6 86480857c35bf4c8 b3b1b6f56e6ebf47 322040ba1094ce33 d4baf44de9723533 42e624c7f2dfcf46 9106773004410310 29262bd37853ff4f c046c2b1509802b6 b6325192a36970e8 cbc0baaf3850b8a9 4be0eb17e4cf08eb 273c3daadc26e907 c28081da8fa9d523 d5ed73a5c551417f +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 249-byte msg +Key: d9adb8b06c7fdea6 9334869c2a4515f2 6035ca78186c47df 8f434d6e3f5cc7f6 +IV: 04340a087efb5b65 b6a3b1b60437bd7e 306e284cd7801c35 10380581504a99a5 +Plaintext: 8b e816729c90ca8be7 28d91c3d4c3bc900 e704e58700e8e5c3 d7fe142331c488b6 f0645490e635ff6e eb85359d2d96bd17 c8e6abf097b3d7f0 49bf8d82b75186cc 747c1720a6a3a993 153d69eb82d641bf 3a5606d9eb86f3df b5d0563384478917 9ee72415781d719e ce8a20f1f2043c3e 65dd5e0ba46821d8 44bad5fe41ae78dd 942ce23603aa3fd6 3df2c275262698dd 70021b4f6b624922 1e0474ad968e3a67 7ed3b84df052fb84 8bffb740c6473ce4 834ea56be87b5306 6a369a062af0b9fd 85641020e61d8df0 df39681a796c109b c8486527c2bb27cc 51d9aed3a6dbdce7 d16851798e14dd62 62273bcae79ffc49 6478c14da12aadbc +Ciphertext: 2f b6741ca5f61e3ce7 5602a9a219fb7437 9f725682019fe654 c6977ad620828bb2 acfc48ba257bc5bf dff53cb5d91707a1 234b77e2ad028ebc c662c3c46ef51879 f26cf8a2f60f8bea 869dff1d6a566668 d6bcfe4973f7c825 9bdc25f77224fa3e 175b97eb7f343f5d fac5c1def88b0945 995201386bf8df05 5277bafce992ffac ca10effb99fd94e4 9af1eee8db691582 a24c60200b8d1a2c 96a21bc1dd3e3704 59d81df70af7a161 217bbd3e7f85713c 4a0d157589cb1076 8ae1b082c34f3274 071d824c4610c612 79a7b80abdd0b532 e9f2a98e02950c2b 634244d69f37b1f1 059c8c4f1c86f45d 06013eaa3a747b3e 2e483c177de89081 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 251-byte msg +Key: 741adab1588b6c89 67e21e903ed4223c 51991ab9e7e83882 6622a32fd1ce1d8d +IV: 8f45e4f46eaed5d5 e72dd793a4587794 3febd0974dbcae48 9bf1f311b7703934 +Plaintext: b297b8 17252e6ade72996e 3f4c52ab927a97b5 28d760f4de9e9403 f2e47c5615667820 c185f173cc8f8ea9 3e40ab0460890791 158fbc526df7759b 7861dbbd583250e2 9a97e038c7c77452 358849cb23f4a12c 057db90f1d2ffa85 4b3573b6269f87c7 4b62e301f6a0b42f cf2a16470644cf4d a1a83d7515cd8d88 14682e88a7348597 7ceee31581a4b409 b230f9c22e00f8be 911831ca7e59956b 7b03f37d0279b31a d444c6bd915bdda7 86a1d982c6b08345 7cd57e577f5b7af7 270da9db60f67717 fc6b76414e4c97d3 f486a0d0f4dcdaab 0be80a64415ca3f4 c18e3aebe8343a58 9c6bd9e9dfff4b53 a3e635f4e00d64b7 e558bf39ece47a2a +Ciphertext: d0a937 f0572b90a9583d10 368320528e66f831 597ef7aacab91bf6 866c1e168f5e911c c8a7a2d27e92b650 cb6db9b336c8927f f13bc967cd9f10b9 e2cadc5e18eb1620 87456dae3fa39f35 ee37018e315df09e ba29243acb2adaa5 7ed1f7524f5f5b92 4401677aa4d87638 f4dca61fd943f375 e940d220729ef837 4eb6e91d7de7db56 a0b29204b98ab58e 61049a3e33043ee6 4ca8051ae6ebce4e 7bd15d21b7b2329c 77970ff1a7769742 dc724851d6b0820c 1547a08fd7adc9f8 b1cc9c020ddf2817 62288e4626b38395 e6ffee8fe4c2f697 3011826f07213055 23530c5874f3f458 a8fe1c96534fbbce 6a380dd467408977 1696476b5c372335 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 258-byte msg +Key: 8df5c3ba65a35b4d d9fc6cfc5ff03dc9 8036b4ca8933b22d 841da77966605d16 +IV: 8a4118105ec1e118 5dc41fcc3d726738 69de959cb1e51c6f 405a9aa5cf60b02e +Plaintext: 1916 10bf8f7ad7d44c87 1ef64ba1cb39d833 ad0a4497c927dd36 eeef1df090dc22be d34e5e95e58a908e 9102f34511d7b57e 249caa0f615d42fa cbdfb9d9a52a8d7f 884535dcb2411021 a1789c25e117e807 22da4c168d1757ed 58fe09e2981f42a2 572d7b15e701b488 75e1ad0ae1035916 ce4d9073f55f0459 bed376d511c32a6e 698c98092bd2640a 37c590bcbca2f1f3 507cdff0403c3184 24e76979b71f2b2d e6edf48027bd08f0 0caaac0318fc96e6 d1efa25316b7c6b7 b3c04895333a2e25 f6d5f74283c98883 1e1a69a79e1a3136 792f3f6521d6ab3a 93e87cf22c1d1ca0 bfce0916e6ffcc08 959c2f6ff503ab2c 6fc320ee06a3c955 ebe76e584bcedbe4 +Ciphertext: c446 3b8bd2e21b91c5f5 5af44be287fdea42 322fb5f452fb6e3e 3513add7f305b158 3dcaa64b1ac59581 aff19d101807aca2 dbe78f620dcdb06a 262016aba1077fb2 a4fc2e0c05543331 2f824f4648c93454 5cafa2d0dd1d050a 1b5c395e1fa9b9db a1019ba7711ade13 0f93e6e3c25ab4a7 bba6179d4e26d0f2 6860dbafe4ae87cb 6f6e5840c3d548d4 013d7827c47be3c3 75dc32f7ed6b2762 f3ea11478227804d 3cc5c910054391f3 eb654ffb764024a3 c046beb4cbdbc93b 249587b62580da97 4b0a377fecd6a2ba fc909ac0f724fc1e b41665a6b83c6d61 6074b27b8d625057 1080fd71f6c58175 89de8aa080b28cca feac5f84fabc5333 5450839a5e0ddc73 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 262-byte msg +Key: 5f92c5f865bdca99 b96624c5bfea10dc 33abb670260650e3 43858e3857553923 +IV: 11fa186206411050 f7768eb857d82ae7 084a8405664b72a5 86285e9abf70e90c +Plaintext: 6aa9d4cce741 21e5e1c87574d25c c1b9c964216d6b81 055637c18e1a0f16 3b51f407c4dd12a6 467efcc2a1a1385d 1e79fe6056513d8e 4f21dfb7e75f4e2e 7617377daf3e8e56 c744d2cddae892c5 8a5030a8e959e55c 992c0572311284a0 e389ba715c97633b ec5eea52e7f1e77b 4b66e6a3a22c6ad1 2a9f315a34daba54 cacc054c948f9a3c fdf4ccb791633f67 a9e2a8b94b73d4d7 4ca3ecd7b760f731 730ba0771fce3940 41300166a0e6a271 eeecfe52aad52b55 4560bc51844b4321 256c1458c5fd4b31 013810c5dc241981 60ae71d689fb7832 5efd2c306144a60c 2917e7594ec4d5f6 8534813e0cc2ab7f 494d88adae8cc358 dfa2c1dc17f329d8 c835a4e181cae177 +Ciphertext: 1a570b381017 5f7aac91acac2313 e2bcee12735fcd3d a9c293873127b195 bad9b357638cf4b2 948736f48c579e2c c9e425a44c6fe64c a7e8073598c68bf3 bff9200cc70f2035 a25cf8922296f774 a1dcff3142990012 2e67e227644a0521 a215e532e17cd09d cbaf427bff2d3939 bfe104d6c3489d73 71e339dea5670a3f 4278efc2f1417a84 ed4d5645d25905de 4837bdb4b3a1e7b0 2c7ad20d65fd3379 d3ab4d0cc6ec9ef1 0e0710e9e2200eb1 bd0cb6b1ffb4d4a9 36346472f978a88b 01740aedf0360191 3709de1bf26f3f37 b4daee2e7620ee07 491c3a09aa98e483 e866457f52435e4a e88737ab7c6e84b5 88caa1da08f06144 1dc61aa6dc10f3e0 a00ce263d90aa6c8 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 267-byte msg +Key: 4ddd37fa6b6153ef f4cc40e13112ae10 7905bd6effd36e47 eed05727b8769cf9 +IV: aaaa1a6cc541e59b c9c3f5ec926f1c38 a77f3b2d11adb6f1 69f52508359d4d78 +Plaintext: 75734e 2b78561d94f4f735 9656e18aa157b7bf 1ed0bd980dcf9ab2 ecea5d72dbd3bd3b ff2da5e4249ef069 a62671e091af36af 07e50dfde2474866 9b7ebef36bee1249 af8c382091ef34f7 e5a9250651d78375 b1f7a5cbb9fa86a9 dc9ac8b86deef9e0 053c16bb240e4d49 1b8807e529f82677 e4af8becda10dce3 79e684a92cfbfb68 c7e6479b2524c3c5 0f6a1f63603aa81f 67b5c9468db0d27c 3809f9afef3b9f49 be31d4aadc581cd5 8bf8736940c490d4 04b067c31a02f1dc e2ac2fb0fdd96deb b2c6c4ce90d3e2e0 55da0ee00fbf66fd 81486b4ac82fc06c 3f762f959ffbedb7 6b4c1ff18bbc9c4e 36b7f5ae1652b304 a726dfc2e15fc892 161000471dcaa813 b06cedfa133cd386 +Ciphertext: 7f32fd 13e05d3b8c549684 289b3820f61bc3d5 ff30eda67c7ef55c 5677b3c38f05980d 5256281c2320b32a 24d2077986704179 67fa59ffe06e3bd0 b62ba9aecaebc8c8 146baa81399b2ef1 8d23d30a49645227 6ad723c81fe7027b 1752e111b7aaa629 16b2470a8a2e398a a8b47ea276e8e580 3b09b205046614f7 1a69ed60d49a67ce f8ac32b509c92280 9da92d5160f34a5f adac7fdbfae46ef6 4aeb4d5cd3447b30 25b8115c0b800e44 5fda8d8943456c0a 03d7cab0608648b0 71e8bf554f08d4d7 c63e5aecdf48a521 139ddd55c71cc5fa 4d3981255dfb96d8 0c0bdc19b580c8b5 b5129a58cc4d67ae d36c63d3065bc17e 8a50ca31df0a7502 bbea8b0e02fa915d 93ba5ac7d3668557 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 273-byte msg +Key: 3732bd9da6fd503e f2ca15abb98fb730 21aaadbf6d25684a ce37d1717b0ef25d +IV: 03cbf3ece2cf490e 53352a6f669f4456 5236aecd0cec1f02 19055eeda0d5f933 +Plaintext: c3 cb3a4a2fae57def2 27e9748e809f4e4b ab348ed1869e9ef5 5d89ced4b0033f1e 377901b524e27877 a83a0457b832e0b3 11264be27a4fe60c 493a5e3e28784abd 1998579bb852a289 c00565ecd164d633 716b4c675099a403 d059e307c4c11c48 787e950af30f25d0 7832e073539cf772 d2edd98991e39e85 facea6560d447d66 5d1502295b81c9f6 d7a9bd15c4440a19 3c933a6fc4979d38 d081ef548a6a35bf cf44e8217a1155a0 e65344f9aec3d8cf b745b643711c69c4 595a0628c39b0bfc d6f38d19d8259378 ac16bd489881293d 4ceb962a20dacad2 9e4232fc4040c9c5 7a0a3a3afb274926 31db6f290be6c40a 026e234e5a39880a a51fbcf58abf35c1 c47237ac6d7d4052 7d8ba3c58e5a73df +Ciphertext: ba fd3fe3d3026031d5 e073f672cc1d490b 6160641b77b066fe b448ef35a686943d 1272788d36443817 40bb48be1c57b5d2 06d31016ba4e2d43 ffb649c78ae8acfd 22d6a3a5749fc6ef c73997a8fd0807f6 3bd46c96034378d7 1331fd546106d024 0a3147fd88ea25bc 2d07bee086f2450d 87dcf37807e145be 72695c1b1b8f5ca8 4903e3157afa1e6d 9d02cc0bdd606bf0 182623ce538dfa8b c2d2441dc3d43355 eb2fc47202e2c3f6 cb45609e5b57abcb 3095b5795bd83b6e 8b4380e7a6b0f637 929e12ee6632cdd8 2d730d53b32c55fd 1e76fa13570774d4 8433ae4f5e5e78db a55c3cca6913d940 211a644d6c21c500 6d0f3bec517b9820 da3bfd017dcce15c 4666d77817c17e21 10e8781d42c1f095 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 275-byte msg +Key: b4a2d7a6a16a1378 dbec3d28821899bb 11cc96b69140a399 0ca143a945fc64f2 +IV: a65eed8d7a3a961f 5c0afca2ef39f568 d041205cc911c18c 48b1cce40f28403c +Plaintext: 2c9eb6 962cbe3aa08c5e59 8170627bd197dd74 e98f7a555e251b88 c820bf1cc82fa95d 491fbfa80551307d 4b6c59d6004feab7 e54a4407178d269e dce0899f9c95c808 2ebb04875695c790 8b4be7acfddeae14 d661377ec0671b37 a8b84e72c24843e0 ce695780993f6cb9 c674d4a6ce2e72b1 463e1b63619b427a b50ed53c422e620c b08f7e3bd8376720 8651e86b7d267db6 bc48b85d0010e390 8a4be7a622316db4 5c97425f1a6500ee 5249eba412ad194c c1e7d615a7b046a0 b0d84c586c38ab02 5be76b9468b17f4b b3c4a4f893ad8c9b dc833c325d62b3d3 ad1bccf9282a651c 34e9c184c9032b5e 302adc100a0d1fca 9584b35d2b0e7151 0b7e2e315cf1e32a 6f030cd545434d50 51e45b937eb51a01 +Ciphertext: 23fa0a 39c734a69a16d8bf 40522ee8e77b442a 33ca6a048b83e104 c2b2f4e531cfa91f 549bd785d82aec76 3788fb57f9cc7f5e 1371d95e91d4ed2b 525ff66e7c858d26 bfd9906ce3712a21 99b6cabcb8f6cb45 ec4d5fbefc044e35 1fde495717e76d77 0be946814fcd1354 8888286aa0992df1 bbc0876e7c6abba5 87a4a458817dc0d3 bd8664dab0e6901c 7d01bb7535913371 c5567b43d4eba189 bd2544638ca58afd 2b27106314d9aafe 43712f4710d15894 a35900735205bbcc 9a07e9a79866e024 715c1780ce1e60d6 1f8080e036adc178 3d52d106194131a6 cb5f14e24f96fb92 3958004e59c02e72 6c97ef22fb60b598 69b3c3bb2debcc8c 8f8ae14bf43fc516 cdfd909b6aca62b4 c2728b140cfa0aa6 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 279-byte msg +Key: 53033e179cc94151 683caa12746d5595 9f132fe4592d489e 58e92af88cc56a02 +IV: 56f47c2cf503cb08 41bc09519b4bc42d 249f3baf2d136fa0 ef4e7d7f7c672ac6 +Plaintext: f64dc06fff6719 b77077f9224ec4a1 bffa78a0ada747ed de1151331b6d4a6c 489bd8b1eaa33c50 e65f35208b752111 d3896607e6b010e9 e027bcf4d445b456 11ae5bf8a4cacc9b 1e75be2697f8ab3e f2383118632eb88b 2f97556ab3edee10 a8959f3ca55a5d20 e51ad9b44bbfa750 a371a07a2b0b85fd 52cbe53bbf4d40c3 95ba6c26f63d3807 c6b65072b1b3606f 6f9c7cd6462dc064 d129330f014df197 61838a5e9e59a579 46b1e907d0ba1dc1 dd1f8dd3bd7eb0eb 351b098f7fd64bb3 935ac08ba598eb9e ef746d1cb0bd2571 75639b1a97e49fb7 05082d6243ce9440 b3a6d75514e0549d 4865a3585aa5c1a5 bfd06e52dc49d3f3 c9586831551f1565 4acf9866f21b269e d9ed5564d5583986 44cfcd24959495c5 +Ciphertext: 956d3ffed59ae3 429a27c72f86c178 10a4b5f7c38bc631 51f97a3c5dcdf9e0 42079e9fd8ef57b4 2ef22e160009d91c 3dbc4ed0aa83b88c 0d3a4efac9b0363c cb79b3a565eb8d82 bc795bb92487c1a1 2cf5e771118b243b 35adb1a71d4c076d 2df48789a8fd2359 685acb5dcb3f3640 18811ef9311be3c5 712f054437ff5ca3 62241ba14f8ece9b 9c9eb418bf79547b a582b0c82bae8942 93782c8042a40b86 b3bc411194c613f1 683ec5f04aa4e4ba 5ffe21443622a602 8fbf6f40a2c41643 efbeb28158c66a92 f07496e0d377ce83 0c442b32a484a355 a29c577816740cb5 a09f9095f86c362b 9e89ad6a12c4467a 437e6087764d4a71 ebbd51857cea3a3e 087204ab5bb5758a 680ba29e1728addd e8510bc2bfadf1f2 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 281-byte msg +Key: 7282a4bbaf164bdf 3dc8634730aacb2b 7549e729c0d53b8b c68238c9ad2d554e +IV: c043627f68df19fa 5732f71b07284ac5 63488a5fc4ddec1c 1e5335807ce3cc20 +Plaintext: a9 7314a930b7f82387 9dc87788e8432f20 1af57e4b98c38040 09c4c2e8ff520595 d9613ff1e810e335 d07e629b31dff215 87cf8e3f4fe53e92 6c8c98dbc80e87ec 3ef24b92b888c1c7 94c2e5284d4595a9 57c098874a7dde7e 4336093d87292d17 6a6ed4fb708946a6 b13c0717829fa043 5172a20bd1b1e96b 58691ef485cb7f7c 257ee314573af83a ef93d05019129c4d 3f8ab7b32ca9e6c1 71cedee9071a0684 37ca7fc5b7c462eb 166f48bb59c8102e e7b3dc67a28e5de7 570c510458414997 67f9b0f6d64e0922 ed7a78418ce9844e 11931b0f7c88d647 d2cc7f2ebf66d11e 7eb47e8ffe017745 3d5967c8f89c8015 87d27b9303beda48 a9b6714d83b2247f 45a2f278750533be ceb71d39e70a8deb 101905db7c59f052 +Ciphertext: 1a 682c3cca90dc4d20 ceb76149d5a9391f a1095aa8b33f110a d0d4f5a7948a02da c9584e1353553f12 835edbdd24e16308 6091158718d21e38 10c43bc26c782d84 d8f4c9d6aa79e3ee e019edd6d664d804 c7c4fa4aa3e4d17d 22c24aa3e39c53e8 ab4b68e67333f993 6f98791c97119c03 12ff3b8a590eed52 e640b8c6edb7b5b5 f798cfec0a4c0bc7 c5cab30dc209f636 170f885c903fc755 727407b3704e891c 9e4c7b0cba630a90 a522dc5f296eb5ad 5a85c95d6d3509ce a3b7035a9e688ac8 0a09e7be95fb2723 42b24a8f6c440f01 4f3d9dd9944f26a2 b0dd1150850cf71f 2510199d8aa61778 08f55fedbb938abd 403f585abdbf691a 88755c29b7282b7a 583d1c8b45483c1e f6f5a264ad205b9e afd6fb672234ca11 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 287-byte msg +Key: 712e4aed4ccc2481 6c13998381c5f368 3aa37d9f5b323873 10bfcf3280a1cd8f +IV: a6be0e455c5173fd b9eada729db64ed3 8a007a69b6f86479 5eb3586c5c74212d +Plaintext: fc2a80d30c39d6 80327d2488838c35 d6503c1a8c4366d7 eaabe95c7115f1b7 481c7987de820eb4 d17fd65d0f58d212 3b346044522c04f9 8ea167c48ad2a0f5 a8adb30db0e65775 b947fd6f4d470d4c c8dd73e001965a33 2ce63779ffbb0a44 1458e1f98f619d80 0032f8408b75c74b 46f47dd5e2abf1eb 8e22616218fab60d 55c50933c41b673f 6eead1ba100d8777 7c20870d3d93508a 7afeeb661db42cb6 339b36a2963b3d19 ca1490c42635d638 340a976f5a76ff79 b921df6f5514f5a9 76836d304fe9a776 de5b3b4513153bf6 345ab8e3807b871f 13354464093f984c e624b8c4364f2ebe 7064dc2720d73e19 45b7ef51f8ca6fe3 4fdf232c81609d09 4b271e469292595a 49da7a5195a06709 2fc946a10b8c3f2f 37c983b1059d8d47 +Ciphertext: a9b611ae425f0f ad108d5bfdde688a e06257d5d242a1a3 eae77f5ef3d4e3a1 438e3ea6cd040fbf 220bf6636e0f2267 1b2ee1d8751c9ea8 5bba88efd69f4742 4943701e013248d8 0d872cdaabab4ff2 18229de2535d7beb 5e88b0cb32f642fb 33372319ff0b3b22 6f2dbb64099a2f52 f9c057562eb68bfa 855e2d2c56831ebc 10164d4387055f88 f8736accc889353d 22d34743a650d5f2 e11d205a41830504 29cce6230e75ef3f 7b167b629695b0d5 f06041b45287e4a8 f065ddb1f2749b38 bd4eb901ff08c9bb 998c49f484351d78 e1a5bc86d0010003 994b7ee693e06768 fbcdb2e4f750db19 b52b47e5fab572a1 1b51d718469f7776 d8270e6f009ef4ac 640860ca37c1576e 3811d69e115ee335 88c21eab4c648cdc c1d19cc7dddabb1a +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 291-byte msg +Key: 33a89facddb1b031 631eabba9b3f2eba 39c4bbfee9806a91 9b6cdadd1eef6d12 +IV: f15cb5cc56bd29f0 a7cf1dd6ed4df1ae af71881c08b9fb26 fce78f500c4be505 +Plaintext: 084471 3925052d4d50958f 33c119b8d2d256ee ac12724cbe95fab8 a78f2a160d2168bb 3d731125110378e9 173d2cecef4b7ad6 f52e33c4210eb03e 2bce1268f2e4ce7c 1e686a77046a8113 cb890df6cdc1e629 408585cb160e0e07 21f28e437bf8809a 252b978dee2db7f5 97ce443c34dda0cd d53fefc9663d1efc d422230f720686ff 9ae520ce97f42378 c2345a28ec47b2ac fc83fa26d945e705 8b875b349db5e691 c5bd8ea1c766cb82 96e2d621bca623ad fd792c4b37cb710b 8d49bd1ac4aeaa3a eddc6770452bb9fc 5901408e6ea3fcb7 1f4a109e487ac5f4 238fd12ab199dae1 5c6936a2daecf5cf 54b821d9c8e544b4 ac1e2b88d4f7eaaa 958120ca2b1d7c6e 588d809f4e5185e1 cf3000699315038b ea1c0772a2ede813 2b493163f9e29ac8 +Ciphertext: 5e03f4 d2cee4891bf41bc2 25f2da127d4bcc27 1e64b573bf22344d ac8e2d9447e85a70 b389826cc775ffd4 b24041d800dc9e2c 2900f52c10d8a861 04d497087cf95158 8f673ee05bcb4f46 80c5dd04dab67c81 bd7c2f2cab3a6a4f 929b3814cbe5dcbd aba02f2ae02c624c fa52f3d9027c5a65 234212f4605ca06e 0fbafcb4fbe38103 abb853c0bb4c6078 75983e7c8779485f 7c466529a293e468 a7e49f612872daba 27b4ecfe9976566c 10e7aa3db5657128 e9fc10b2c327976b 8627e4101151f60e 8705cd4063343529 3c743704d4a80916 d43f400e15995d1b 8cdfce01b7f687ec efa4da0dd31c494c 38a0c4b215827ee8 9c455033cc5e3c46 093e044d94ca3f5d 8e9cf04f83033eba eee273156b693bba 7a46171e26878ddd ea3358ab9e24f8fd +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 293-byte msg +Key: 70cfce6901731c12 9065a696da422422 6d2bc27b02c8192d 0c8c5ee4913bd91a +IV: 39aa99f2a5c76764 01d8f89bdd08679b 381fe227de91a3e2 f5ba21b4d268886f +Plaintext: 119a67b3e4 87a90fabe2c768c5 5d3c9fa66c386e2a 4b9893294216314c 28bd731f26a17267 bdcc59b50a7bc73b 498b74df992e188e fee288d3aca422a8 83606c8cd6adf8d5 70b78b48d97c7de7 d53c630a2e2aecb1 b36809198132518d 815aa37f32f40dd7 a952ec8bd6335570 0837b450b396b33c 72125e23482a84a4 2b916021c3de7815 6f85c6a78906167f eb64afd8b1d935d6 41c8ce1a89f38495 88eeeb9910d40336 ca385fc37a5e87bb 84ab9ccbb05b3a28 2a72a226cdf51907 a0598b10a13c74e3 c253010832a472cd ddf5c25036848ada 34f8236e9a980aa2 7cbb89aeff7f94c3 60bef29e383e9d5c fe286a90cdbcec93 6742961b7b44210f 23fa2d9ab1062b7f ab627aac1496d011 ed2edcb2fc6b2afb cc394654f56124f6 9d00bffd3f3801be +Ciphertext: 6cdd8bd2ee 2fb8180d6fe6044c adc69ae577d77f43 e332695dcb7590a5 3eebbe41574b5f4d 9d1b61b781a912e1 790fb1ca684c5227 626874637bb352ce b289a209a124f171 ef67f76546e0a69e ebfcdbfcde8fecec 973eaa15d209d880 b72fa941f9aed062 d54784af36abac41 253954f8bef92df3 e3d9fa6a8dae54cb b80824e2a71f572d 19f852c433d69ded de023014be32e16a a38aecb9c45d61a1 498cdd5c0ad3cd0c cbdfa4e1d013e124 a3ac01b4af468e30 b911e84bf1f19fc5 100cfd0b6469436f 99e5bc4a3f8ef805 90203352a348418a 4e470258d1262352 fb3ccdb628016117 08bc7ac07654f4df e5c23e7ad73502d6 cefb4947eaf96d77 09ade5d08604f55e 891128a2b3c3008f a4439669b229b36f ef93598183396ec9 978b435d5afc5cc6 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 297-byte msg +Key: 25e35a4f12d594b4 ed60df4cf90abb6a c37a429257dcfef3 b387fe327cdd2969 +IV: f073d2701c738c5b 4f3e3f43ce557b4a c9790dd98e11d02c fdcdc6113c8967ec +Plaintext: ac 7439ff1b71a1e83b bdf96b52d2e27234 8cdc526f8b1450c5 d87c64dfcb213d3f 2cba8477987c6598 26364cee4b99ecea fbd78660117168f3 f149b4cd6cff6293 e47a8897b0c5d950 c11d6c088648c0d5 0e28fcca6d8f7b6e 6055876d34a8658e e3a493e581234d4a d6d7550a4d96f4dc 0df43c1665179120 6dc76829eac54d1a 735e2bc8d23fc86e ad8b8f5a662b92e6 3f66cfaac2b1b2f0 60c8dc6858fd231e dad0daa86cc152a4 8e62a06299b0a1dd eda33cf04b04e7c6 807f6d9344f9ee81 612427ee1850f3d4 c0841288b0cd2aa8 5fd60b4ecab9378a 1615a2107761b62d 507f9a009c94b4e6 8c186d367129342f dd25c52e0577ab24 6ab10348b9dc8409 ef0bbc47c0379cc2 3a4637d3a66dc75a afb8f1f7c6e74a7d c47c19a3d1125ffd 85f0142b4edeb451 +Ciphertext: 7f 445a72d0e7ec59c3 767c68023e1045e8 7f00f2d631d745fc f6c4bd65169c0551 d1a5ec56054602b1 7f656bcfdf0ad11c 0db4a2d36333b0e4 5b8d3fc4e078a2eb dff982865a907d26 d70fae6f10e8804d 63454c8c3dca9356 db4cb03ba40840cc 088a30c7f987553b c2e8f0f7d8aa2636 c29754ba885543ab 999f1de90416e11f 13bf4bf7fe9bcc62 a7bbd81ffbfc522a 6ce78d69d5379c39 5511e6f72a2d5703 cd9651f79405d6fc 640f06ebe2eddaec 6f88d32d9edd1dd8 acf319b994ceaf19 d65ef5002ced1bc9 bd37f92e1324e972 2cec1ffc170875b1 82ed5fc7ebd948f7 9e6a3a645ff4ef55 9a95fe22b9330fd9 e95bda592741143a 7901c30bac0a86ff bb666097d3e8978e ea98583b9058400a dc67fba3acc137c4 348a3552949ad5a1 c353ef75bdf6cf54 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 299-byte msg +Key: 38fac71540eb111c b81711d3b11c7b6c 9e6b8a89ac4ff15c 562b150c3303795b +IV: 133d79874ba93c6d 4dc0e4f47c2907a9 3e8263a7525ccdba 64876bc4de91235f +Plaintext: 028953 c33608c3eb9e73d8 f3f07a0ac584e497 f4ab8f79e842b296 3c876638642b65bc 93a8118edbd4b855 97b6166a06991b8f 3860efde2e1934ff 3dd58b9eb3b6591c bd49cb85881617c3 a7760511b5a5afb2 3b1884e2d311930d 8e70073f94cceddc 0ac23e91398d198a ecd750e519cf2667 c47c576e21515927 f901e2014e95aa62 42bb729835614512 2e82fed07c400a18 9d346f6b5e020db7 443024ce2b381717 2ddb7083c5b923c3 341f17b92420e22c 8ce7d5bfd34b3824 38a4d68d71ddbd63 92cb3f3b31bd3c06 c855a4875a96370b 5a3d8f54c85561d6 9d06002669ae22af 3b33e7a7c1971741 b0ccab2466ca901d cfe0a71085471035 3bfda8805bd0d061 eeb971aebd6c3dde b52d377790e575c9 b27524dd514acea9 d932d8858f6e4fe3 7408e43a6c673443 +Ciphertext: e288c9 8ccd5a728aff8229 e8b21eb217ecad53 843cc2cf7d3bbfc0 0c7a2aab211061ba 209948c401b8034b f2935a40856c0b39 70ef0f8ed4d59a6f 096acbcdd3878550 38049bf3c509e5bc 07b0190e6e5bca85 b908fd7b7f89ebea 3d548e8953a605dc 7eb9742c10a76005 9e62ab78f0c2f08d 73b0f59a1a86f7df 0af09593444a38df 2056f5a722477b96 f8f047b4fbd6ab63 ca388d85bec954d1 5fd5b219830673ae 38ebad6a01d376b4 8fad8eefb29f7ea9 0be5e42a359b2f64 00e1183c9ec9a263 71dac1e6a28de2d3 f841be47b06e8ec7 52b6eaeb191f3f91 93e44b37e2877a2c 9cc03967e1e566fa d5ed129f88a6f537 6dab0e316ac85be0 58152f05e88bf778 986f886950a99306 bc9ec4fa987b9441 bcee3775e1471efb 31d9ecda74ad58ec 91fc2398bce1368d +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 306-byte msg +Key: 204d68200f6e7acd a70fa27686219a41 4c971c4cae259b95 c6483217ad86da36 +IV: 4cf7df5d6f0495e6 1b6f473a22947039 f4ee2ddcb8dcf318 9ca57d0669ba0942 +Plaintext: 5a3c c4912ebe83c67c4c b3e647ac938ad2e3 a185b5fc51c73104 0581c1593a8af125 ff027325ac3570af d0c11cf36bfc8d81 5e90cd0b1f682e6c b1d0ddead4d7bab8 79f867bf78fa9f9f 8515caf06156cecd 4d452793c4c43ae6 693ae6f53ff15dff 18bd321750dfb324 ba28782bdb623cd1 56ebec1ba8a3fe79 15080403e2a08102 c598fbb29aaa5146 57444f2d42e68094 62cb432c33cd212d 9e835e9b27accec8 69d0ea1abf24230e 45af777dffab411e 572e554dcd094c0a eaf01d4575dcee59 eaae29d62815d183 6ab117a378792878 1f5a4a06de202719 e29a688935f986bd 327add6e3c4503ad af9457281717dda9 a09849dfcedb5961 6ec868f0cdcb41fc 277c316a627b6095 fc9e6093434f07b9 c42f7a6105008bea 77c14501a61ac41f b3fb4b5304819042 3a195a6c63e74eb1 +Ciphertext: 9366 acc43aab2761427c 87230ba0c36ec406 b6e9022bedf9b690 8b67976194e4b049 9183876f6f0ba6ff 00db4ccce6794b89 d55d2bf3051b3a55 ae4f91c29bd00922 f47368f63fdf3038 7d039b93136b4c7f e30af59bbd8baadb 5bd873e1a77f03a9 4801e68c1c620f25 3c457f8081e56d9b e6d61ed8961cbc59 dddf318e94886018 be71bfbba1b7b68b 4a2369edf54dc7ad 21dce3af24dd3c45 1f1fdd5cbe853d63 25ba0d318a6cb5b4 d7c462db217fb3ea 4dbf520320343449 a60e2c56bcf69061 c6a4ff418a067dc1 5906e7b7fcdf3503 0a9462e80dfa52be 0099ed58ab0eeca9 ef270d29e949dc27 9a61dd89ac9e4680 1b82f60be8de9ae8 26a5f63e328ccb59 e9d5446f3eec4166 c71ee744c554c798 c13a69cf35a94800 5f88726b7afa50e8 70dec864694b941b 7301a1500556c280 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 307-byte msg +Key: 690613ec5764bde3 ce264528aeba2ebd 4153b1891d3cbc4f 4b6d3ce1a85c9891 +IV: 8c157de9aa8de19c 373342bb4fc92f2c 94720a59180c0c25 7dbf89245ad6760b +Plaintext: e1ce28 65bfad5e88449682 c8c4992cea3dcfe8 dc39a739a3f67bde 94c56753c7b05a9b c95f6d3d913d748d b5d6d32cde8394d2 7a4ab64bb000c7c0 99b0b538ad41e15e 7b5275859e69f8e9 ec4d1f38f0b0e651 9b11e04b36e1cbb9 9be5682ca5db8afa e5606c3e96114720 d3f12457080befec a758ce401ce2b150 022a293897c77df6 6d51fb71637d8cba d4898b910edbd72b 06e527324a4b9e0e 3648a0636b4ee3da 7decc925ecf5ed3d 56dffbeeea69c696 2080942aa764bc79 9f0774b509b6e42f 7cfa7f6219c19233 c1b91d7785fde3b6 5df3bd2e1d74331b a62e4d365947a77c d243c430d228a423 7ce09933c5de5612 2605494993c52b7c b187d5ef444b5549 e68f4198ff734b96 f11c162b93564832 e17de180f29dcb22 2ad8b1e7b008151f 22a69da188ebae13 87343c65d8abe19f +Ciphertext: 1faabe 52159bf997771ed1 cb8acf8014df7e70 383e898d82a143c7 9010a06b4c7ba816 f12117d449fb5c5c 4ef938554b85de77 7bdc6f43afcc929b 9ed8dce89c527427 81bcf4f20d31f21c 05ee04507a8db512 a57863b81da389ee 1fc9072dd923c960 a4489e23980e0c27 6b53674e4d8e735b 1ffeefd6940dfcb2 6a2163393c1cb6c9 103747ffe8972837 755cf7570fcbb7f2 82c9f8efeca27359 f0d77f6489d5298f cdc32498cfd7a6f1 dec97ebf35b76687 e6c4d9a602078541 cf152f7b8cb8d6f1 a4ccb12babf36fac a7e775a97fb58c52 efb93d55dc1e5aec 83c27d44a0d45e3b e31b449cad30996c 073367334daee947 bc2ab10f9d0ca1b3 4684dde298f5f94a 0094a37eb88890cd 4c77c98f4bc97bab c03585e6b20901fb 683bbe3d27323344 21b3676dda4e6229 302445023595c48c +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 311-byte msg +Key: 2cdd20453b9777ea 8c2687c71084ed50 815455d5f622a6f2 b5eb7a2648e0d1c2 +IV: d3670605a4630285 0cb5afd06d03af54 95b74f7c4a4bb61c 26c5630fa67dd61f +Plaintext: 7d268c242e0c31 70d99b126b5521d1 7b80d55c27d3171f 7b3af979ae22ff6d 02d3239bec001c6e 759ce096e0f068b9 8debb3651db90d4a d79791a64ae5ed00 347c6519a3431b20 5afd8d2576655fd0 527d5b53a723b69d f8e594d02d16cff6 7e21f4f0921e8fae e8a3a9a677dd8e7e 91dfd40c0d399881 a5cd0be19dde2eb7 a66ad90601ba0282 e7373c00297f7e2c 14b8267a97253d5f a8f6fdc0e36590ab 74fe1b45383efb03 1f604f1dd574b640 a1b15a848d0c2d9d c70a725547d2803a b286c2937ed30399 58c7e8e4c2e3be24 017276113619eea5 cbae7388104d83cc 26a9d7da1da1a1ac 5914123d3af51f3e fca2850bdb710add 7b8c0641880023c9 991061015bcf5da4 ebeed21083d260f8 59e98c59c43f09af a14c3668f511e799 d46368f08186bfea d6fd3245e6a109b9 e2f195e339a97182 +Ciphertext: a0aea0182489c1 603fbd75ca07785a 825e1b658377dd96 e7567c7048893f43 480aded7ceaf7b49 ccc186b0978205c2 6b635bf19b175f10 45a92e9c637664db d217102e0e353842 809ed6116acee6bc 49cf6363fe0a0c6a ff0e82d6fb0b3f15 c4ea340e9ea8ff33 d9932e5eac50c827 04711bdc584dab5c 33f310d592064417 de788692e585be2a 7c83464fae19da7e 547a45615b871745 198bcc0f08dcba7d d68a8998ed6e0dc1 2b38bcdf862a81f1 f2f7937c0a56bf34 b111752adbc89012 e09945858c9ee17b 56edcb69af958f51 dbb66b3f29d1615c b5f66ef6743af9d3 0341d09046909e57 a121550df717323c a02521e8241ebaee 59a370a6e421334f 32b304498425d936 c4daceedff75a600 d6cea5098c217aa5 32e88945244392d8 6bc10c90e5687eaa 2b88d230ac877031 c4750eb5f107b48b +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 314-byte msg +Key: 9608e5a0a857a49c 49f58fd6ed50e4e2 ea39c5ab8ba3e85d 5fa79182d7ccbd6b +IV: 1086a0d1eefc52bc 6a0ec6a42d97fbd6 5def761ab7b5ef93 decb4be6f2a1ca9f +Plaintext: 65b7 82d00a5d0cfa6fbe 7d316d1c977cfd5d 417b4dc7354c1408 f9ae227910673ba3 71e425033820000a 9cc7d668219a738a 0e157761224fa966 83238edbf78d3b53 5656677440f4c4fc 0bac9002fff9667f c6315b0c1e6646ed d18a5f4fe7d70cce 1a6ef73a8a3f649b b228c2729b617f42 4f17214f915793a6 cb2ebc5d480f561c a374fedd80c887ef 798594415c9a66dd 930ff2b3e3eb3798 5a56ce8e82fbc346 dbb0a3e38859d601 49092ff6a96bc257 7961f6bf7ceadbcb 6449bd69fd64f953 a96a0fd60cb8f9d8 08febb19ec9d3cb9 e85454fbc51c2648 d250b0772211a04b f4e9693d73ae977c a0aa5f338cf87b0a ca3135ef2449c116 8db3cf3e57cc6137 a676daa1250358f6 f75644cbf1442852 0640c0240238533d 7cba4348055be41e a6598a898a7fe64d f74992698349ea9a 84c91e21c8b285c6 +Ciphertext: 1c9a c4cf07053561a7ee 8eaf49f736e61547 dab9958013ab9fb7 c9bc16246322b548 fb0c30ba4463830c 1915d7bcf95d7203 ced74e0d9be08ecb 9fc81543f7eef999 15c882a4d156d1a6 979fb835df4c2e50 d4f29cb91bfe205a c6d0413eaf7e4012 13e7ed2c1bb0e1b2 b2c0016e5996e3cd 16a32a28a014fe2f 95122a4cef4acd71 ddb3219999998700 33794f74cc77f423 3f73951dc2275674 0dc7609c206bb1b7 d5cf3aa164f2d842 6ad7f3d6f0526724 cb8e31064f40da1e 9491595c7013491b 0df19f4d3981c5a0 a29b9daebea37160 37951f4a7065ec5d 781c3e8a08556aa5 6381b35c97c2f4d6 f9b1d108ed92eb68 dcb3d48650b092cf 240f53bbd1ef9363 59cddcbea0e8d018 24f89d68fccf2896 dfa2592fc6532441 fcc312b1b339f434 68685f20eacafed9 00eed999e6dea0f6 6354b388a17855a4 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 320-byte msg +Key: ad341d9587d008dc daa07d0aeae68987 cd7095aacf6ae92c 14766edc7fffb895 +IV: d3c9436d18cdfd30 4145050d0b03b38e 2806d8ce9d4f47e6 69f194a867681b90 +Plaintext: 752b44f7d685068a d5a0aafbabe3d2f6 a37db9577c42bc9a 0fb71a923268f85e db82a89a899d2ad2 dfdaf33c922eeea6 86fdc1ad34eb5130 4fef8804a7a956e9 4df5f5bdf8c072f0 a71a6938888d1086 19ad76388df10d90 71c167658fd03d18 13acb5caec94e4cc 7589925755a73e7e a4b662604ffdf9a2 bd563d1db288b5d3 74d06f282dc18b4f 914ff902c0268276 6e400d8e41b61b4f 7ad69594d877c702 b989ac3f83f06c5f 4293239f93afe456 c072fe282cc57d7d f269f431c9457a8e 2bfef377b6c991e5 d27d9a9894ed6b06 e274bd98d8d12715 6b35e45e4c9bd75d 0f58cc388df301ca 8736e5538c851f6e 1c6fd2440d831f00 2e65ec832b21e458 b0bebfead117c4f4 aae68c3a42220877 b68bc69693836f24 831f95062c7eab67 555955f54adce34d 82b417b3806a2f07 f7ef1ff431781f6b b18b6550185a3473 +Ciphertext: f29d854bac5af98d 68c503902063554f 211e2a8d33071313 90bceed4169a0286 1e1cb2e230a1eee3 8b3af30e3aceb191 ab22265b4852a3c1 b112203367ba11d4 ef7af296aa82fe04 d5b2830cc73479b9 4b5c1fe7fb96d176 ac3670da6ff9aab9 0b6b4889537a11ef 4e804b06f3f5857c 535cf43d855bc5db 86278fb7ba617f3b 42de2d7bb20adea4 16e176165bb526a8 73ff4cf3654c0978 d6835abe9cb20c67 f32ac3e2d66f8a68 ebc744c36ce20c8b c1b373c49553bdfc f2ea12307858f8e5 179d49442f1ff54d f4d543c6d5997389 945d4ba08cec18ca 22dec4da826f5dcd 7c4ccd99a2d23795 88daa0eeeb425046 98b0ae71c11d8e07 cf2ff7fcbb3573f7 5914efe290edbbc7 dfeb6d92e184b8dc bd53c1a15ef82ef3 5943303b6b9baaf8 0099c39bcd07756c 776ce8920a8b8ceb dd05314e9c7051b1 fb2f7e541d2617a9 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 325-byte msg +Key: 5115c1c0eb65bc59 c90f280c059b0728 c468c8b10a35bc02 d3e6c9b65f8562c9 +IV: cd88b6fbeb522875 4dfc00af9c546091 312679d9e2bbfebc 1ca0d9d033a81e29 +Plaintext: f5343dc285 b27b1f6764a331d7 63f87a5fe36f72a8 b81b28911ae92c7e a58dadf2a3bcdf61 8e9c9f3fd1795a5d cfb92b7526124304 35fa8e57dc5f94e9 82999dec5d9d1826 ed733dfecaeaf2d7 a08aeb9c78ca169c 398336996ea5cd1b 4929400ae846367c d8e841ccd85ec0ec df5204fc60ffb11b cc9e677d5921a2bd 0224df75ce21010d 56e3f2d0813d8d45 93fbbcbc6619dd27 f6336b2b243dda77 b374c2559794407e 6f4c9a3350ef2189 c46c5c0512806268 c02a88cc57603cf0 660031d1c909bd7a 2b0b7f1ccadc4461 7a8d2bfeed9c0888 316b07887af192d1 22b07411eee73ea7 9308e9b4796cbe75 be4673d07ed6972c 52df3086165aa2c1 f06cd23e8d968cad ae2c2223e408566c 977f7aa24d94d6fe 296c4aefb2023569 d71c95802f7e6f35 855d71909316d6ef 0e208a9de33f8ea6 c1fb9fead7511271 dfa803fe5b07aee7 +Ciphertext: 82dd91af44 afabde0e47dc8cc1 544584b2eff995f8 9a8d106f1d9ec03c a781822e5043a88a 5b4c402b2b896cb8 4e7853b55cf908ec 3657e68812be8908 36322b064ce2283b acc731b161bdf1d7 1613959512271743 defc724354321b7e 7bc13710c44fbc29 528ba6d509ffbe25 7da3117f4ea72600 d9d19808758e8874 224ceaafa6be2537 9623b91ccea01fcb 613f5d6c65ff83fe 9d16deb31cbf41c5 85083677b6bc1a85 4cfce869878587ea c67bc0c1654b5560 f4e50127f6900315 de8776ac761bb9be 809c891b7a7750ae 11b0dbc997352fbf d03d6af615f9b109 50676ab58b05d513 48b079698330ded0 905a75b0297b6e93 ffaa0fc76068b40e f4836c81583f9225 b57b1f7047886e5d 6e2fee3f1710e5e9 081e118fcbfc121f 89151eeb3ad91897 522a5c1f5c44a89a 3669dc70d28fbf0e 5081ff11cc321420 ac143be4a94e9d12 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 331-byte msg +Key: 841d230f0004a52a 11e9e8c74087cc1f 7575a00caf038010 f865e19999136a83 +IV: 8a6f06df2ca837f3 3adfad81fd89174d c01539d984ce3e73 f50250719c6467bc +Plaintext: 55af5e 8b048c4c7184b611 9ae05c2f52c6c7dc c6383c550f852474 6c786a85cfcf2556 9cee778dadd5b43e 9950c7bd366dd2b1 5c33156aec911175 1195ed6dc6df1813 995430a1ae17235c 06b59469019f80e1 22de21281302127a e95bb5c6a86cd2c0 0a9d80327c304992 6a7689dabc431794 a19f27348bbe6fab 7b3389397e609983 77312fe5200a6f09 4cfd6fb96f41e0f1 5fdff1395caf7031 4f83326e4fa2b684 69780564a18bdce9 34b10dad20812321 e60745dd8fbc5d34 edb4790c231a71ec 68daca57079dda59 aafa2d5fd9ea284c be7decc82bcc7ddb de2f24bc03b011e3 fabf45655b27af81 37409576a1663698 6dabaea338c9194f a95bfb25f54ce090 a98f3f37a410a48a 62eb0e9b81dd9630 7df75216bf9a79b8 d69fc8f004d6241c fcb28075ea42019c b46360767f35913a 76cba2c8c627e53d ed6551c4353626af 7b90d0c635a40ede +Ciphertext: 5840ad 254c90010affe167 d04d2ccce89ffd7a ca41038e8cf3fafe f64a7afcc9b18a09 b327504eebe878cf 7bdfbd34098f292c 950b293a1708e192 acd75a8c1acce00e 810126ef1a7264f9 c4980d0c579ff5f9 30e30cb3b6448609 c870dfa1821e6f05 98e177abe16cbb32 558e2b910e70df2c d0c2d0e0d9c1962b 761961464f93e78d ec7a550d9451e15a 220aaa31337d74c2 26243fd951742b57 f6caa41346fd8f89 e1accb9112b1d7b7 42798b650e675ed1 5b8e4a2002528b6f 7e755da7048acd08 770208f6e69c0e71 529a9750a49f78b0 a06eba64670fb48b 4faa3dd39dbfdce3 5fff4f2a30586eaa d72d15f5bc13e12f c7dbf43b33e64d2f 6432259a23587e15 96769c1fa15e0ae5 b0a34637574077b3 d75c4e096373c550 28031ff35f864fa0 ec6f5406e99b6390 d74d0c6d9da58d81 1c66178737aa48f7 722de682207ae783 8077667526367cb0 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 335-byte msg +Key: 1153aea6576ddfde 8e64625858a50677 145f4a92542e6faf 91f7d28e1e1379ea +IV: 5bafecfb2b72463f a8618b7a15003cfc 13ba29221883871f 1ebc42fc985795de +Plaintext: aa3bd78899ea98 208161ec36464007 02cc2a0aed6b6f1d 549de8be88fa2358 1967c018548a1bfc 0a812c2d93d3ab8e 13a67795fc33385a d47843ed392cbfed 22f8065667e44e9b 841089f59aa48afa b6096871565a2765 291595781717737a 81c7d53aca91cc9c 169641ec51a12472 745dc74703c68467 dadea6062aa18728 bf3af56c8477da28 487b1cbbc2b3c31f d30b5abe0c619787 70393e407bb3421e 63bb2d939d80c367 a327e20af5c0ad29 5d79ea7f7811a7ee 729024ce1136ed85 f5b147571e93cd80 ae025b80f0b12bb7 9a103e314fc0fec3 684a2157f410d084 fd8409620e97429c f1754fc6bd6f85f1 1138207d9a55e22f dbcffd832d2b3344 049b3c59757668e2 f5e6858464e10300 4a5a560b60b89c5a 528780fcc36d5eec 9160a8e75b17887b 41bec661ebeeed0c cddca982a9d1746b 55da7167bec098a5 2d3a14b2c962e98e 5e66da055c808a3c +Ciphertext: 9ec1c3a1891294 75fe94e20b9eece7 7285622d04aa8af2 0eab66d4a060caff 6197d96e23ecaf77 fc3046c05272453b 3d9f001bd6160ec2 4ea3161152a56590 fbac84d8144bc315 8d34afeb18c133c3 b44cc9a7e481a998 bc6b1314e243cc7f 82343158a0a3bde8 0580c99c89ad959a faaa7f4c5eae9010 28ac89b6dee7d55f d22169e659c2e13d a9271b578e0dc096 4aa0e2375cec0316 331ecad4b8f405ff 51a4c3a73e8690f3 36599a07e31c2931 08a2bccc20d3925f 4e42e0eda3154972 1af94266322c52fe 90c80e8f8f5f9be2 51f3ce1a400efb12 7dd6b9a8c87bc5b9 ee7f4ddee0804e83 d0422e9e5ad1a188 9d01eea704ee4bbe 95a6def0da4f173c 9af4a7ea1fe71fc7 e7239484f51a4099 4e3ab22ecf9abd6c 2466ee072d14ce1e 8de45146092db2bb aac064949169f944 c6c43b7abc13af98 9a311d49cafcb3c3 e4daa00d9765536b 4a8fa47ddfbcfb5e +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 338-byte msg +Key: 28e18b7d88b18a6c 309a6f270b2b975f 914962c63fd544d2 448919be7e23b9d3 +IV: a4c6cde5c59de120 f1c1ba05365de9af ce10a05b9692c527 c29b451acf00ab65 +Plaintext: ba1f f1e8707e95f885af f0602877c4a5572f 148f4f6938e447d7 30775d693961d1b6 9e8f719dd17d542c ba40cbc04fca956e 656a52a2c5923a06 83dd0fa68b505051 7de1b042bb35c700 c0ae0682b3a5f097 3bf4878596b805f0 e555cdfecabaa1b9 35e615b57baa44f2 a9b1c10317bfd170 4036d75ad0de0f5d ffe57fbb1e252bb6 6fa6893d3a6434cb 1d52e48da49e9ec3 1a3728689e8dc015 79980d23ae1b5610 d32af22320ea0053 c698586681ccc156 71ff64f8264b80df fa73607fa3238a8e 08793ab054c30e52 498b03d6d8d1a0f1 ee97715290a3b785 2a805e1624c62ff9 b79b4729ff7ac890 5133ce27ce33a55e 380639be051acdcd b2c6f0325a8aad19 879903d9489495d4 8499a19f8d7c3664 f854a284ad3a2a80 3a4dff196dfa6db6 217a5407589bdce8 8ac465883d33bdca d68a96ebaf8a3766 691e7114849bd598 2c4624fa56170792 0cbc002805e1a159 +Ciphertext: 64d1 42cf88f51b059787 6ca6b349a058d79b 4920c328456619e6 1dda6adcb4e964d6 28259102681f3563 f140df7c72d9a0cc 405b174448e836c2 ed444c0962dfa02c ae3b1a2b2f9cb47c 9a60a3f949b75baa 58ef76751fb0deb5 2713fe6d1dc1249b af166680a0de33d7 1dc735edf4ec7621 366f2b953439acea 06ff554ebd4541da 4217f8e322121cf6 77f5b1b1afc628c2 487d3c1246fcd69c 9a621af23c2eeae4 5f00b30b934916b5 bb9440f2484c68c0 973065ade519c396 bcb309dc226ef79f bc39bd51d1c3a8f0 93b5743c1f335116 88135136e9e48eef 6f1498f9b8d6343d 88b6d6682d0e81be 59bc2ccbdfea94d5 a222162dfe884ff7 383a09b7c8a3acee 92ff86cb2bbb9752 dd417d9e4ffc780f 9421088341508623 6fdf46192ff2cfd0 b99ddcc59ff78bdc 90e5f4de84941aa6 0a213a45dbbe01e2 5d35f144da8acb05 fbbf84a21e50eeb4 1732b1f54a62b197 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 339-byte msg +Key: affc3c33925a46e8 40306bc7f74e8651 055afb6b8e7d9bb2 8a5cc80e0d4ad98a +IV: cbbbc063dbfce95e bb22665f95414a38 c0de52bf8aa6cb23 3560af803f2012b0 +Plaintext: e7bdbc 65ec86187498314d 74fd14aa887f9847 7992eae908c5f327 82008bcb9409e97b 614d5e99d2de4467 2db8316fea487022 c22fb1bf0843ff76 3cd6f3cede3c2744 8087ee341f9542fd b34dfe6105254e2a c1e76313ccb66be5 d74cc0e135855f5e e9219db304c51557 2e44e547821d1aa8 9f4568aefb261fbc 7be75acd41ee7912 c6a3d2dc2877a4bd c5264cea0838bce4 83ce28583e9b0243 4f312959ab7e5ea8 3c96f77934b3d777 a0799d13407f1c26 960c0cd83d1efec2 7cb1964f1b3df468 75817350cf7f96cc e8c83f88d1f922b6 ff867af89fb6fa80 29ef077538342499 99ecae2aa2e5c906 c5989a1265afb7db e7c4db7e0d6cdfc6 7f74e595ab6ad785 cf5f10ce54ec586b 5e731678a1a7c1df 764f98332e4793dc a6c799751be7f372 406301068e9c2b44 dce01b842feb2908 d3ae17dfab4fff0a c57089de31b461a9 147fe998f8fe2bd8 666811fcb783d89f +Ciphertext: 29ad58 a58e993892a061a6 9a3d478f6dd8b16d 9aa969af79701ece a93c8cf6c6a66fe2 cf64e96e6487e568 938026abc0ef8190 b1e428df2902e9e3 430efcd894bd75da 94c67c6a6c092e53 dc1974ad4a3d6793 3f2106c4add802cc 361ec4789b20098e 03cba51ba4aefaac f1821cd0e6781a68 e15008d9d68a4bcf 9a0ac3c0f972305f 6e0b1ff6d934d116 0a07e5ea43583a23 f0404fda9e1671a7 632ddcb62fedee0f 3dd1eccfb81c78f0 5d4c2da702d298de a6f4c74df42bb880 548e1bc1c0b63962 8788cc6bfe9f17d7 184c3e12ad467129 af4892caabee46b5 382c0379a2d77913 d019b77570197f19 40fb4b3f75126b51 5e776100f50e998d 46153781f1dc417b aae1d7a965cfd69a fcb114144a01eda8 03f324216aed879b eb2e538cb1d38317 301943689f8e88a4 3aff276500f10ec6 d19d2af523ba7464 369647d66f2ea3dc 5b0fc406c67c880b 7747da10d42ab600 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 346-byte msg +Key: 69c24a2b8c0b9805 f81f9795d80a7272 3c304d39193e7125 9160a9e075b5eb99 +IV: 09003b5707a0cd8d e6c26aee5bd51482 213eedfaf64d5541 e6705353cba73652 +Plaintext: 1538 7cd7c7a4f286c2d9 1de546a9d96eb67b 40e29b41cde1ecaa c1b88d98c67a15d4 d352d4014f1715ce 7921a070075b8350 0d9a1200212d2d74 bdb6c16fe538913b 0970379d2c696508 464b7111e7731123 1ec96374994e3037 0df57114d9b412d5 e6daf762d1a33def 4c0ac274c1dee75d 391894837d6c7d5c 7a1ea46eea171f0a 31381c3685ee22eb 52079a81ddc48d67 272faf1714ae9d49 ccd9636762894142 b431af0392729e64 22e90120824c8ca7 b0b5bb17a73d1768 cbcdb5e68731ffe5 356eb6b03e5638c2 8259ff39fa9e6b87 9b53c16b7e417320 3fa3a2d4a338e15b 7d973c25d2c3796d 3bff9db48be3b26e b2b0c8fbe1e13ad8 ef023217fcc56f0c 5453464a95e0e7ce 1582e2797e43eac4 bb75d8af1845f3fa a4936e98da013261 814ade07d1d60c4b d78bd7701be59af0 7f49f96f6a9626ed 26fe5d3f8714b1c0 ce250b44cccc704d 4bc18282a9f24a5c c6d5342321fc5b19 +Ciphertext: a68a 78d2338a5f417e91 e7d983f09404e408 dcad8cc440ef94c6 b85e4b3661132d05 fcc34af867ac6c03 47e828787a999f73 e233ecf5a87d13aa 67d10d4a52aac4f2 fd1766e5947e77ee 0ef285ced9c94bac 3ac9bf8d29631fcd fccf3f5bbd763751 9917776f597e054e f2f3da3f30f2d783 54fe2d4c440d3112 93ad040629fda020 408993ed097577fe 67d37e139be71a37 4893b97b8800a696 fc44901f438e83c1 f81df2dd7acb40f2 62a1d472e1888db0 4206dbb57ab000ea 989d32d7985f53a6 a5440d24f9ef20f4 29996296bcb80a8c f13f44a7dc1fc50f 01d48c0c98e3708e 8a43880d7ce416cc 41f0830f58b2ab59 185e34e3ff01d572 9cd871125f38ee6e 8a27482158f89b88 ce10f93b734481ff 0933a0b0215cd13f ca6225904b508650 1bbd34a6daaafb15 6207e1709de5c36e dd8c216f1cb0aca4 bcdfd9fad719de2e c7ebd8d6e2be692e 0117080d2a9563fa 6470f9c45f72d1e9 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 351-byte msg +Key: ea07f54a25749201 8cd6e9d0eb993d37 cded957291826f58 c090b3839e1be6b1 +IV: ff75a06a5c0440e3 2645de235a118164 562092bcebcb91fc b31607d9a5edbc49 +Plaintext: e6ae2930e2e830 3c9c630b0d426083 9a052162d028ac2a 7c56cd076a385a03 ce47ba79e4dfa8cc d4953558d8cb0ca9 a082faebf66faea2 9e50bd9c8080e923 09c9a277ce7acd7b 72bac5aeca1c9f5d 4074b31775e85762 2b4aeeac61a52284 bf156d0a35dcdea4 e0b31af32d5ea106 408352cd97bc32d0 eaeb692056ce8d8e bbd3231c632d63b1 e4273c1147b8980b 6958e1f5a213c455 a5dc35e1a723b3aa c4aacd949e94e509 47bf34ee61530ed6 839b6776df14975a 22c45ad69ccd1b3e a14272592f39eb14 d0220974c2578ace 56f4ed3a96e83245 2a4ce1e67df44db4 1b441a555e45fd3a 49f8c389b4eb955b a9097a280fb61d7f 851cd1fb91bfd272 fa58cd6f72e0a3e3 78eb6b177d37b6e5 4685162891a7e171 fbdb32fc215731e2 0625948fb5316677 27a10705666475d4 f30ec92265e30582 54310cd075e4f26a 0654769d6d61cd5e 1cc2a23bb79a5a91 794c9cfed4911119 57c86861d58d9e74 +Ciphertext: 4abec971c2edab 70a911ff98405c55 099138cd031b8930 ee3f3dd723e9bd2f 8a5a2ba4d6c9d235 53062b6343b7527a 1895c1706c045a65 44be74dc7c7b806a 0da8b02c2f479961 bd564b6131a90014 0442085ebf2980c0 dd41059bcb7e5821 196da13b167c0055 0664f8fb8cf24976 05a7449e76408b63 2e7ef81319044252 5d5fc62d878f7192 b36c9a2d72c62780 67151ae483557ab4 2a0eaebcfe85ef6c dc04a85b6d626847 206d66318aa10d1b b8f8fd046c3fcb5f 7caff218f258b4b0 3d77de5f478ec1f6 240a397c50c49960 e82a3a91cf2656f3 62e1ebd7bfeaf307 92d1106e2bb4dfeb 973b4a73d5280bbd 80c3e36fb9563193 2431925125e0f06a e567e6d976c7d4a7 7167572e0d3bac16 b1e18f76d7490881 9307132f97fdf040 04e1f6f715e1eeb1 7e7f20057509f941 7682382ef4f7f8fd 27124b3aeb8ab05f 1d4742f613b87e94 a1b3bc0bea014f03 14b7f2b9c80555a6 9ddd4bc06071c1fd +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 355-byte msg +Key: 8c7c82e397610020 f741a1b800ee82a0 e996a424da8da0ce 454d96897abc6706 +IV: 76ad245ffca8c6fa e8ee1fb1bfb8102f 8ac0fd9de5027e7f 53c457d8d4d4ab95 +Plaintext: ba116c 28b82c16743cb09d e9fe40a3f0d920ef 89dbf81b3298d48c 0cc36ea839ffb042 88f27559549b9003 a9e60fa4a97ec163 2ee3f5dfb1bc851d 6b6e13c6b9ed938f c5d309f863af9439 399fac792321a842 d6268332c368dff3 3efe4a6ddf2dc139 28827259691dc627 e1509f8c2669df72 c7cb297c2f44ebf4 cc9a9c057167422a f92738e62e902eb6 e92271447afe6ddd 49fb7025bef7b009 5f6b90f638421f48 80ece10679aed3cc 983ca908e6895a69 a6dede95382a361b 3d99aea8fc675f7d 05f7f720131fbd52 37c6cf4233b2ae00 249bfd3465848610 af4b7e83857e0ab0 cf70029ec58cf431 0eea6c5929207289 0d5b556b0caea7d2 fda989f09a2e29c9 278088e7559d814f 65ce07b5907caeec a7456ca0f74fa147 6fdc5655051fc2af 554f13638bf96b96 849a28be306d6811 3b82cc3cec107d59 4d0c6d1b8cfae04c a1042a7a3149baed b27757dcd19caae0 1039fda8b49942ef de6057abf8678887 +Ciphertext: 502a3b e8c2ab70b65c8aa2 313b3c45d4eb28fb 2fd39916cfeca8cc 16ddc18711ce965c 7c204495b2363018 4889d784ea86a1fb a0c5f71322c7d88c 0636a27c016d7341 dd980481f0638be7 3859718ccc523253 10a27bc010eb29d3 d096200f85beecf6 07c9bf6c02c53034 37f793fec20211ff 081cba62b79b26be 84a9a8328aef0459 7358dfd83fd9da9b b8668abf5fb7d32b ef70d8cbe55fc3a8 6bb076f932b972db 5776110dee54141d 1993f27ec5d6a315 d1ca69d0e4d8a63c fce727ac79eef4af f0167acd95beaf8c 62fe75c35f11b309 5b25926e0bf365b5 5eea4fa24f7355a9 e31d01b515826d67 466ad7202a1d17df 44bebbc3d9577c0f a5bfca1817391178 5757915b4d28bcc0 ecf924a9908cefb2 88518ef2661f2137 522317a73ff3014c 669b743fdec7569d 0dc0ae4e8c68d928 bf74718412c75ec4 dc4952fae17ddad6 a88012fb944462b6 afde328238aa784c dab4b195dfd28b26 f678e656fb84a2a9 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 357-byte msg +Key: c756940d34763b39 8d1d773ab07b4170 93854b1791f8f06b 019b6b100dc448b2 +IV: c21d19e963a86a5f 0301f73452e41ca1 b8ee8cdca0a8463c 17c1c59e959b7707 +Plaintext: 1a0a718b7d 58616d018cc4872a eb59eccfc0d5cd6f 59d899c9522068a6 16fd9afaa204bb2b 8c08aab14446fbdf 9be09900818db0a6 138eca3fd5e438e9 3bc0b3886f3b4315 4e476039b3e5571a f999f075bb1b4eed de5016a2d278d406 14a99aecf87ceae2 a506d5c1610a6582 0f6c3953f5e96fea c306c71ad14604a4 a9a0964fc530773b 9a2d5372d51bebc0 e442bbc5b85eda48 c99823ce5bb5926b 008ef0d95fc0b3c7 33a420739782b27b 8001bff18be259ad f9ee73e7f72d4405 2359f1b14d92662f 7a5384ed2fa5825c ec938dfff6ddb2c2 59f1fe8c2e16e417 1aebde001710571a 7723c90826ee230b 2fde6d1881b7ae2e f4870ee687d9384c eb2a02ed46a15031 31fa35eb02c45c2f 51cca764b5d91599 cf99e91d8adc0949 a000a4a161ac171c b0c212bf4e8ef670 5b44820a19a9afad f410d858bf881eb9 41540b43f09b7682 fc61a6ab8fb6ba78 542d47323690440f 6ad223bfaf454142 d40d80fc7bd5320b +Ciphertext: e066ecf383 d65a344b81987dc4 35767e464bdeb37e 3efad7434be324c2 a3e05cc8b6c15076 0fb2a3142ba9419a bc42cce56e599bf9 285df7f6117ea3a9 d6a97ce7e8438756 23d7849bee30733e 18ec6be383af060c 13cd2f2247897b2b 469888eed17f7c68 8f85108e5ea56420 a4c5f87e4b352fc8 7dc3e1077b38c888 5804508162611839 ed09aa363a036e3b e6c3b26d90aa0f87 a13c6c33102bfd9d ef3c572777278378 c6f6c0ca591c6dc8 7c66aa39e1455b7e 5f5196051d649d29 298aa023fccaefce eefaf3fc9f179292 574fc52c72a43d5e 075667905489da6a 18aee201e4038bb0 2d1a154ddb68e2fb 8ad0b1e76aa5e691 81934d42d09ca89b bc63c5fdc9ccc1a6 5ae57a5bca628e23 bb6178a748e2d62a a9ffd6f26b29de12 83cbbcac0e2430d6 3b33d233243d8d35 9b4af61cfe773dc1 98f92e4a2f5fd3cc 87027c17faf0f354 aee55a4a594d692e 6f51d42070c5d687 4305034e6653a34e 612314974be1bea5 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 363-byte msg +Key: c13ad84fa36dec44 713f0692f79b6a39 c9127be17c388c63 154bf48bc216601d +IV: c8156e15bdda7733 f7afabb7447d646a dbedb4dd93cc40f5 53b452a7cae92901 +Plaintext: 608194 6a6cc8bf2aa7e24c 2de1b2a503f2fb91 2cf4c50693af033f 5855720dd270c472 d518fe6c30691f0f 7a3402d60ff5853b 5505eb8544117fe2 25cb7ab599df2731 de2945274e25ad1c 28a7359f93ccd3da e030066610617164 9694c9c95e97f2f9 0d0765988bc3d59c bfa012a7995f2d95 56dcdd50ff8721ec 331827f0277f6df1 eb1a2666ef2bdfb7 c58962972896db94 3e7039ec1a6cd7a3 85c05cd2fe7fe042 ffcb503982461394 c4c9ed1649592400 2056e2e268f6dbb0 13f22f18ea7f9213 d180aabb4dfab85c 43c87bcd03905201 84f5a0d9f10e743c 65176a6af467cc8d eaa2fd9257301836 cbeed4645e23abbe f3b53b7abe9dec6f 0498d36f221fd6d8 d19a1166a8d1794b e3a3bf8262fa7860 f5fe7a6cd6898970 77db33d07e90f81b 0ecfaee049c324c3 134f06cf18fd000e 1038265742bc9468 464a513510a07a7f 2aa89ca741f061c5 e35a6ff587158df1 cecb07e5081c547e fa4cf744df38a32b ac8fa264983e7879 +Ciphertext: f6eae5 8deb11cfd7f19204 503c701be70a8f04 45f3bdd4d28b01ee d285f7c2760c941a 1abf4abd34901b82 1255bc425f3bc090 efd25e99d93e07a4 14cfc57c44ad1dfa ac26b1e4cb2c5493 f5269e9691dab794 cc93287be4936ce3 9b419147973bb2df e24c092e1c279c27 5116a6ee15ab4803 381072e19af79663 9927b993bdcc23b4 f19fa72151c8216f 9a485eded82cde91 ebcd29bd1b28f3ba e3651865e92738f7 cef94019e78f5f10 b2e3463b9342d431 b2d724f52861c78c 0d3f6f08375f10c8 5170d36036eec83c 851c0294b97fb50e eada529d1af41789 af535567138fa3d0 d281b799a868bb86 c34a58fee9165cda 17885384e805561c 79f36ff4a8eb4d6d 87f224fd6dd9bda4 ebfc03110931eec7 067deac96ea9b544 62d626efd037cf08 00d987e717fb0d9f f7d923df5b1bdec2 4b628a518e5a2347 d1e4d4e8fa271d19 b043b85216f16bbf e46309321ad37a85 f145e879b536a56a d1dd2fa260a6ed87 2c4e2922806ccf93 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 367-byte msg +Key: 2cc399b7286531b6 20e5bc329313db1a 48eba8f341bc471c eb8abf5797b00885 +IV: 2dc966b11fd1f550 9d8884c70817a62e a8f60754a10dfd03 231a5f85e2529a66 +Plaintext: c64b017ce31965 25abb8e6d062aa08 bfd3e00a0b42de73 e8a11bed2a07a656 085d0f15205b85aa bcb33c89548b1229 543171581e0a77d1 53cc54104fedf465 f25cdf48a66e5dec 9d1bdd175b6a9730 752a719a98e31f40 cc0c8f71fa7e84ef ac2981421506e852 514c6335eee78346 aa26a7777eb420e8 dcc992b836a19d1b bf2ebdac750a6f05 5faf968d13ea1c92 7c8ddc98da65c0f0 0a6b268c083e8911 b2d15d2ecf613a2d 4fab3dc7d45bac3d 72c7d8a4b3dd4880 df5a13957a3e8efa 0d7c276f2af591f0 aaa7228b3922796e 153c6344120600c2 e2ff217c9387f5fe 5996e5188eadbc79 f70d0b7f4928cc4e eb554520fec72fdc 9bc018e95b020644 1d875dd0037102ee be44c14e0c53ec05 7e7845df7f081ef6 9206bf83db9708f5 e1b658409229ad78 88b40c9e8a8c23ba 560e2d299db11639 503adff31a2f4538 2e8d9d1042bd033e dbc5b318ccbcb795 f980c3a861ab5dcc 5cc240e020b00336 8a73f6e71c164d69 42df8063d9c9f1bf +Ciphertext: 7a29e68aefb7f0 d0be438ac14cf6dc b936d52230b2c267 7b2fed2081d3832b 44604b88989e4e14 f13f432f47a1e121 b6e4525d3c881c46 94a07c88a70e13c4 d0d7efbe7d50aaeb 66734d50833e3726 31f2c32a93511952 805e004a795368e3 e8992a49540d4bd1 07b6d12208655c8f 9db62e3b7004b074 84a5bf1b8e645784 58ae373953256b87 5ce1f312acc285a1 742e45385570ea50 67dcc91df7fa6238 137a7a9c029815ce 6e92b52f512a6c38 e2076b0d7c034139 c23a00ce34feb624 3fbebae5e99f62ac 1c5080134313f1d4 e64afae4daa9f429 eb6589246548c299 3603988050784d1d 7805882215028880 5552dbdf89dc4368 c89a0530c00a60c1 a682b6a77ab31fee 79f7937b299d62d2 74f55b2c5321fea2 191abb7427298ff4 f6c19237b2e07ad7 5359f342f4c27bbb ac31ef83c1f93caf 7cf992a98248a607 bb1fca788d8ce599 1ef8aa2a949cec67 3f25ec852ed90387 a3b9ff1997ebe059 2efcfb6529340ebc 64f0cf13bb7c5d72 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 368-byte msg +Key: 34d001d2dc3bd83e 08aaf3f6048b1680 d0296d261ad22042 6a3927b99d1960c6 +IV: 941bdff92dfa857f 72e5d4a311250195 0dff4b6ab2dc8c65 cea70e751e779ffe +Plaintext: 076ee8dc86e1faa6 6ab82a2fc1181f53 904029f0c7b1d432 7392be143652a523 f48fc485d037603b 57ed9ea3faae9741 c2b4aebe3f9a2231 c2c2df9eccf49abc c5471cfcf145dec6 a14ad706a62d92e7 0b2283de04df9beb 21fe1a1cc7a3a552 e15e9847d3539dd0 af987e60acde37ce d4545058fcc869e7 f90f179511a8ee6c b09cdf705ca8c5e0 eb9e3abaf409af7d 8310bc32119db4ad b3be7d11914b9e92 9ac99a7f768e7d7f bc26b41b66f6217c 821f6f762aa5a3c6 b5d1f4982fd3dd4d 07ac707a084bed34 8af6938beaecb654 3749122c2e295fb9 69102633d38ad223 5f0e0a6bfa283e87 bed880126835968c 0c554d5a0771100e 3645b8e965b6a69e 0ab70f59346d9800 be9123b9c817e8ac 670dc70a9cc5dc4e 833655c3cda08046 706f284d9d622228 f3ec2387f2dbd53d b2372943d56dee00 baaca3c7f39089a2 fafefd4e1f4f0586 c5b02985cec884c6 549c1a0e9ab06cac 426f4affc0cde93a 0e2b3564a17b68a3 9da4dcb945281dcf +Ciphertext: 57f5c63507929683 1cd8b4138ec99fb1 d35eca43705c6558 80b5adf7c491fd44 e89faa9bcec536fe 2885ee6539dcc322 e9ff79b96a36b2b1 97705436e6bd19d9 56b4d3b7e041b900 c2364779a669c3f5 e0bf895f7203d11c 60986e0cd4b81437 3adeab9c06708b4e e8e9b0004ed07002 47c85866d6d666b1 f1c81fe6727621ec f7b889dd76b9f717 afb685ae26989535 82aa934fb49fd14e c2047d305c2a9d2b ea003a63922a593d a9800f81523b03ca 0ff603c3c8ac9944 73ca64dbd2da841a 26fb454ab19c57ab 48111a4325674d3d e20f4e8c894275f8 0c047a827f716832 30295bf871d1e2f0 855501b1426c6b42 b26d510d84efd0b3 bcfcb3d1cc608f42 e4bcb8a562373a5c 992cf9855e752f92 b02df89eeec24584 e03794b74e6203c3 7b772c2bc592d940 4b0bb4381e042b96 4d656995d2b998fe da444ccf1b688982 5190256052712cbf c48c3f41138c890f 36be9e3d0cd50860 3f620b5a446f288c 49e42d02854aa04a b68740df0c0c631e +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 373-byte msg +Key: 044372d3d87fdb83 47f3731aa1c79616 bf79970c2f7405e1 92e52d3d41cae03d +IV: 374b77682b4e13e5 fc462aeb524b3f78 8370f046b35136fb 40ebe99f5db18254 +Plaintext: fcdc2541f2 02dfd055ea2c1929 9fbc9e3cc376384f 26be517697f354c2 fa3c621c9b854774 c2c4ac1c88818d6e e895eeb51932ca4b 1b234dfe915543b8 ce97cf60329e60fb b74ce117c7323069 5153d2b51b2ae5ee 5aef559f80175389 551a038d497875cd 08fed70f5045e962 ff7db10371686f81 08a9d3200c3f6e7b b64d676e871c6f33 de62f6cbcac59fa0 1d9bf268c2f4524c 50da2e4aded77bd8 1ab861ca95913475 6101a715deb73c6c d135ffacb6d47497 5809cee59ee661e6 a8e45a681adfaedb b86250b33425a70e 43d43f97f612bfaa 48be1bb9f4750aee 8958bb11bf0fc3ad 0c0e5b6e7316c8ce 9dff1af02ab619cc 49827d8d868b5d37 e49cea8d2c285d32 848b2e0e439387f3 043ff881fac66c47 83db5c2aff30420b e23951a4083263b3 4963335b4ea3ccc7 a21b41100c4c9f61 1d542059056ca1b0 abb6561efc36bd78 821dd01d394e7f90 9f1b5d660b4f9a63 3f7231e04048626f 669b63c2af3a53c9 58426f1baf9c8897 23c7b54b9dd84595 +Ciphertext: 48ea1bbd9b 2a87852632e42e0e b1c0c70589c6ea91 c8b680a1ffa3f67e c8acab96233f553d f49e82433f32f798 c27c49ef842229a0 5eb6ac2cadaa7780 6974596c3356bfbb 5ea86b0efa05026d 1341193c855ebc71 6e622f9c07409fc0 838119326ac4da36 04979a772ae7ad36 05f6c6979b9101da cf7c83d400075945 4677eed187cf90e5 0ebf96bc0ccb7db4 9f66527433540ac7 c6fde87571659ec7 c8f1f898aff59535 8878988ee02004a0 096525ff7d6c5dc7 4515407827e7fa64 13834adf794f7282 b570024d38d78338 71f5694d1eb994f8 f27d53bc55a437a5 5da85e811a7b7092 3ed2df8324e7ffd5 cb44773e72b2961b 59ec30b208f4a7cb 17cea3f967420ad3 1dd2ae35af0e40ae e718ecf1216044a7 02fefced19aafbaf 7909c1278a986496 77b567aacdfd66e3 99d231d3a74c77bb 747df5e7436c5202 6de4510695280f10 cc749331034b35ca 62236e22435cc588 b0231dc140f43c3d bda5ed91e4128177 93af5a33bd188236 0688010fd8942f57 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 376-byte msg +Key: bff7875acb6e903b 71df59ca490deef3 59771e5696cf2455 a8af876aee883ebe +IV: c2db18f8feab5b53 be32abf468d32e7a ea50eed6433d7f5d 45b4e11b994ba76b +Plaintext: 034359c5e70218d6 0dc380d6a18dd316 7e6153d8acb8ef64 262d2258e1761940 0b981466905b0eec e3fca017fb2323ee 9c141504d729bd92 d48012c8cff1da65 61430f86019f86bb ca44d3607f7d672b ccd0fb01ce79320e d61779146aa43203 8daa13cb41b4c86e 4903e0593383e6f4 96fece78998e9401 b4581fe4bb776b42 1837e7dd57841c2b e9a290a9211eea72 830456103e522b92 f7adccdec853cc49 895155654ef6ca1a 3087abf95134b9cc 1a4b5b72c7ac41ea 267d47ad9b1e9c41 685f230b2bf11965 a81bf9f0c9ae9c2b e33ba5453b831c30 c92f59f73cc22451 3ecb1a76f85f5331 d9c641379375dbb7 673cfb32a3c1058d 692dca65b125aca2 91fc024fbd27bea9 4af14d75b770be97 2db727e1064d4429 8dde629e04317b5c ec5aa33d8031a2f2 8302e3533b868df4 be12eff96c0f212b bdaae84b3dccdba6 d44dc4e94b654937 0c63cc7929a18ff5 a0b71c23deefe4bb 81f9261362e012a8 d33d2ffa25abfa9e 6e7ad08e88a80dc3 5d0c760662d5d403 +Ciphertext: ff9e0a35e04ae8bd ac63236739f73550 e9872977aa0ad044 56b964cfbf064128 171af80fb8dc921f 714ca687e171b0b9 9b54174c154a0b04 e0c22ed999f68c31 67902d0acf843263 f4825c0e3fab640f b4097580a7a468f5 6a5f8a9ddc04122b 19f0c71d35fa7c11 8d69f29934cc6f45 4550edba5245bcde a69919a6e3fe6261 ba091a0820ce7582 fca6762613f3e57f 77e34ede091e0135 93a9a8e55e900ad2 9e578df54313abb7 1c0bb82521fc37ee 45bce781c1086b45 f2ff86a11ec0228e 0c424f2af0791c09 3d2a8aa3b22dd424 7539cb7e599a94ff 693777d6fbc5af86 4e27823a4c853b12 945d13931c848e33 cad4c90fec91075c a5ad5c4dd089b666 40541d28dc9e1408 178aadc94c7fdcbf 964b880d2de49515 0d3bdac0123667bf 6b3b16545d21d2b9 44285cea0c9335e9 a45efd56856bf2d5 8cd4d8b898d8d510 f63731131b3ef71d fa586f2c0f6c038d ef501e1b38e703b6 b582a8de885d6203 8d458ef19acbb295 47d75597587206a7 718c66fd79626beb +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 378-byte msg +Key: 33e29f7d54698b70 92aa1917ebfc4f30 b1b63b61824f857d 7bc44b03a93a28e7 +IV: c0e5969510287734 b4feee270d9873da 6f4827bb199d6486 6bd099c6535e5599 +Plaintext: 09f7 a1b3fc9793a50cf3 205ff91632f41b4c fa9e543f88024460 99b5bb88b0fe74df 68de00fe084d0050 58c797beb3071f8b 5e131b7c18786d3d f2d7ca0061a06a67 921e04a4fdb4f9df 3d66d0d71f9ae2cd f920569e3d71502f 4d34660d91075455 c87bf0d29b606066 78448aab9d36ccd9 73d0edeb1e7454fd 52d578f968b99872 b1feacd00adb9bae b069ae8056624579 7528c9ace409e171 a8c1e90a0d40a086 f6ae20e671ad147f 8ede259f72a6b573 a732d028b6b85f51 f8009f89a924d259 3e94355cf85c31a0 baaad550188a8490 b0f5eba9bd0a3666 e99b84be63eb98b2 32b6d179c9725cdb dbd5a8db70971a98 397903752086cf78 24997ff0641f595b 791edd860977fcf6 99688587a354e053 e9c7fed508b5904f 50027768d3477c1a bcd442cbe3f178ba 9e6a539dd94a3c89 69e6c6119d1de2b2 16df566fd9ec6bb8 a3dee6907d6a3aef 8fe3fc6539ff9701 60de417106482e6a 1e37034b9e958dfd d546b31dff69a95d 17db6727ecfd5a84 77b8593d6cbeda40 +Ciphertext: 3d94 a201f440ea4b67c9 5bca0e50c8ec841f 9a6b48a45f9858ba c147f933f09e305d d7e4a2ae542f8acc 544a11890dc2127a 6ebebf07d0b45204 7affba5f757626f8 85fe98bea909246a 95e39f3b93a87283 bd0d729b048aaf66 020662f1526de701 71c32c18d428a2ee de508bf8d0afab1f 1af2f1710cfee696 51b693e8057119c0 6cbd02eaf629a099 a207268317b5a512 df8529df2bcce517 5127ebc0886bd80b da818f18e70723bd 8b67d0d045b96126 10906d6dcd9487d3 5957c8832728525a 244b4d9994e108b6 e1dd36de03bad8ea 9d3671720d1a9b2b d325dcf91efc7599 d3a43811888b2183 46ba799e2519df59 4e719dc6ec5f5748 6c17bf41bf5910d2 3eba4f2639e6424e 38159b7b35b4b314 4ed3b747eb365692 67c8e48c0eaf1435 5449e22d8bb5b5f0 d027c42b745244c6 1e0e7674dbd6f93f bb41010401d749db 1a3e2c227ee13c15 8a3cbbaad783f596 6862723e7e4e6f07 f1419f26e88589b6 c4e490e7126fb28d 1557fb027e8084d4 c9967c55c635f2bd +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 385-byte msg +Key: 12664449ca4ab0fb 1490b992772dcbdc 5b7c2b1accebda56 7bf5bcf60550f992 +IV: 7867a403140a9bbc 4e64ae5e1b2e0386 6a23b8e9f2b4cba4 2ffc37cda7f6604e +Plaintext: 72 eeb1f3f93584c1fe 19428add14cbbe11 441884f91b1f09dc 58f6182c363cec07 e3b542033334b22b 96be3e4548ec2c57 c79111698a9d2f8b f041001a77541340 2ef617ba6d7336de c36aa4dc302e7744 946cb9c8680ebb44 ac60adfb20716c23 b7bd9ba54908f51e 888de129355847e0 94f1a3a01d3a580d 749a46569b5b9ebb 6751f54c30bd98f3 cd7020b4bf344634 ad67f87811e9acf0 3039f4b44fda520d 24fc4e378b58c765 7a5c870637881a47 c818dfd9ace35ff4 c883de9ca4b63023 d704ceefc0a2297d 77973ea6031d6b21 ce4a814a56ef1a21 24c12d9602b6df04 69b29cfb39636742 ac696e1c8dbbe2cb a546055377d78580 2d3a082ad1a408b8 c04ee1e35c6328bd 021c3ff13c29264c 3754947c77614718 c93898e179465248 c620c430936915f4 5ff7d8ac7731e0ac 6abb564ebe5608f2 e1010442626466bb 616f6e69453fd6f1 ad4162d5a899b8f4 28c57250b47d7214 5ede75d6f5c8eb19 7b850716d9ab12bc d24304f5362a552b 58b8110bc1a02b88 2617132398398a6a +Ciphertext: 67 4944144a641b38a4 b576ed9d87a57ec5 eb347e9e23088005 eb182a7222b81854 6a59da321adf72eb e4312987857874df f1e18970be8ef3cc 31c32b1eaa120f59 9a9953323aa3ab8f cd7b1c8a55eb8747 fac9bf50e0d4349a ef8c226ea62b9bbb 5e817edea89e1b66 2ef3db369c839628 6cd3bc8b964a5858 acfb6bd3cd319638 8f585755f5a57f15 851d0ef5922fe03d 6af2c10ac3289315 f18c544fcc587630 c19935f27a96f67d a22460a43c1092e5 78120886f6a28b17 0e6babcc36535e0c 38ccab14645739be bc2f8499b7aa380b c1a749a21002a79b 81486aef9f0d2dc4 d28b815d3a135fa7 fe342715b46e12c5 74ecb344d813ef72 e2485e17b8ac6945 7c0fa6e54ad7119d 68cba956d29e999e 1b824770d1a1bcb5 28d58e4c47b40a5f 802b84bf3318084c b737dc291e6ce19d 8d9625d9aa28ca9d 33a64c173ef0c96a 7a228a1830548ba6 e192fea1892cd56b fed4361b4b80925f afb1b2b8a7ccff6c 885167d12cbb5f33 3c872c8b8a60f665 ec5aa09842afc4f1 ac9c52361e55ba51 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 388-byte msg +Key: a8b6bfb976715bb8 45e79389ac6059e2 dd5a054e85db5623 f405b3b47eebb7c9 +IV: 21a3ed4c689dd845 8e323709e78086ad 7c76c8c1f52b843b bd740eb260b507cd +Plaintext: 38f727fa 483b3a63680e691e a35ebba3dd8cdc84 b8c21c58b987baf8 a79163ef34daf62b e0f68af919a3b230 a7a200ab47c5c7fd 964a2561316741f0 1b26d2175f73e147 f673cfeeea1899a7 bcf35bad04491396 5768a83e6d3b2b01 831d5c2dffeb70b6 535d112c2396a7eb aaf9d6925a3f47b6 c2c6acd7b52cfe92 a91d09195d692be1 bf5a599a0c446264 395d784092cfecc4 a10c39145162440d 53cfe2c3c1169b2e 0112ae20ed4b547a 30c749a0f323892a bae257dd880484d9 4adaee13721a4706 e32f18a60dd20596 59de529ac760a64f d5ee0f1aa43b475e 56e836f2ba9cb7d2 2b569f14b502fc1e 7a4b9a1754b1cc9b bcdb68b3eb2e1404 3e9ec046dfc474f8 a2314c522d03c17c 5cb629fde43c8176 364f6b90a6067333 cca696f92abb05e2 10682649bdfcdc16 c7c50836bd295048 0af21f991ceaec53 c6a8c0f1e3a9f2f6 3da335dfad15d656 83233ea827a1be79 016e8cb7970308cc f54b441852b6c49e f08982fd447835a3 5776d33d6ccc5571 e368bad05d784e06 21382c54bf080241 +Ciphertext: 783123cd 8490c161ac3b7caf 4bfd19c58a28f8c7 dce5462af2d10e8d e652b792a9943f96 b1e1c9ea3a6c6b08 300faeced6f6fb42 6d42507261b19e20 f28d5ff2c6460a9c ce0dcdfa062b314c 382975a17b792f9d 8533d0df8a8d7eea 79903fdde6f2dfb2 e4060b2b6a62eabf c16316e95de22d9d 9cdca022f07f5592 b0fc7a35ca1af3e8 69734144855d5796 e885d13ce5a5b438 2240b6e39aa53efb a6e775448d3906af 92420bd2fe1e64de 92ce3e64e247f050 5fd94786c2996afa 33b0f73ae1bc0a0f e20cb2e7d21facad 9060111225ec4f52 3181271e2bc6f6bb 7245c6be37fed18b 91cccfa1e5621f75 6f40dd92f9bca67a b7524b2c8bd621ee ede55f2da23ca7b9 2e79e8f275efc497 e8422c7d23fb6a8b 17e3b5f906457258 7e61fd5df46df4b7 4d61e199b0dc9baf 58ebacb73d0036ac 9cfbbaf7dec942dd cb3da0b971de9965 3d5469c02d00f91a b158c36e115a1bb8 b371fdb6e30cbd8e f9b8a6e955ef5559 2e0fecc9748f0ddb a98f52f8dd9ec169 481c1b86a44d799f d89b5778f8ebe18d +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 391-byte msg +Key: c2148ccb4a84640c 67d0dbd3d19c9978 8bb2cdb772476a12 17808f71ca34460c +IV: f7f4728ab648036a 9d3c6ca3d81b5787 7c7b97ed19795e8f 8f46b0b122e31704 +Plaintext: d02899c9e10be7 39c11fd7250b5b14 dae61d1447946e4b 6248889fc738961b a2f4bae7d0f65478 417a8204a190e339 376fa12e0d0cae9a 51eb4d44fb35d5ba b00cb146e61bac1e 4a716cdb5e8f3b2c 67bf0ecc86a8bfb1 25209e879441285c f4bf169d55789a41 1b4de544a631ec57 327f6cd6fb912bfa a58e8250dc831869 38b6f0d36337a649 7db7f527bf9d7d21 5f57c333b4ee7adb 9bde018719242c49 429847d2597d589e 3857a56cf2fc76f1 b8ee1ccdf9e832be cdb72314944bed65 da0e24817f7539a8 14d4fcfb87766031 03ed7e8b12a7dd0a 05c2f1df9521e123 cac08ec81c44d0d0 d9d702bcc632c248 09fbf25546520227 09a772d064ce92ec d9558d8f7915a57c 4e07c098f759249e 92c17f13df122a7d a10daed048798829 ce7629bedf0e4115 3c0d3d7561120e9b 66e72dad230edc74 979caec58b4b4940 72ca6b3e94572b04 6b90823d4d8609a7 4c14040c5b6fa074 b2fd7999736b5f9b 8dfa5af5e019ebb0 a33995d603dd9c2a 0df00d16ce5cfee5 b9d81732490152a0 e7adfecc0d7c0a80 +Ciphertext: c68c22e03362ed ee261e34ded2795b 927c881363dbffd8 ebdc90bbb6f7cd53 61ed14e4172877d2 e128b889542ee58e b6f57fd909fca1f7 bc8d38bb525b9e5f d983ee1904658a47 f089ea245d83d67c cf653cc282e2155a fba36cf1d0dd63ee d52fd67f156dce51 fc89a8a831650027 fee7d328eaaee767 c1eeffb2794d380b e24a7a053d55b6bd 40a7a414c49cad2e 9bd93c5e3e47fff1 f9b2f67b1852954f e84cbd6c22cc9b11 23c9355b14edf1f3 facb0d6232f2d4b3 f05cae0dbee2b603 27408397cc43debb c8e81a34616d370a 7a162630658e5ef9 71e30aa974709d52 c46c2c1dd6479bbf 55f314fb31cb2267 49871bc7ef8ef7d6 e359a03b14432550 8a3a6a8c357f5c8c 3959c8c9dc717087 9ec49c7a1dba3c11 c1cca1955eb9b714 ffe2c2114d6e5ec9 9b5ffbdd0460f72e 1189bc34cba46853 f4d46bfe7b928a57 c827bc427b4c4f31 50ff266d871ccfaa 5e9ef5edb807b646 74abedd9a4a0436e 26907eca69731105 632835ad47b45fa5 8492d2b9178be2c7 1e4c14597c866d82 0afbd7f9d3353e9c +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 395-byte msg +Key: b0802acb3e508c71 244fb4c6fe7f2f75 d4917a5437a8b947 8c60ab62a70fde4d +IV: 9c4b1fedd1ac3540 58d2cf897caabaae 9aee57de33eb4d76 3e877b26c3823150 +Plaintext: a5fc9f b0c0388d42339f4d 60ff08ee2bd236b3 2d1da2c33d6c7b22 a2f7ece07b749d91 5e307cfd3f5ebd18 93af1f34b6237275 8a1e568562be458a 1e6cd45597b135dc 3d4b01ebfe813416 6ab37af21535a985 3d5e8efaaddbec99 e149c2f76b04cd6a 96394ec048430d31 2d349e9111b1e3cb 8e04d28ae86c7839 35b73e2ec1136c22 b022ebe5e54c4f4f 2359157a723f282e c538aa9dd918f251 60ded1625f891aec d52d61c09d45025a 954b661400868199 29249f9b4a8861c9 abe502fb0e0cdfb0 4b8237bb38d62f39 cb3119c6832ff5f1 03ed38ed0164cd89 5ef55a619644c456 5b4af53d7da6ddd4 0d34b6fac2e18d1f 9bbefef9c6533f78 c13560fdbfdbd0c7 4dad24ad355e1413 a37cc6178645500b 39bd782863fdbd80 1cce9c3551760ce9 69d24b7528a5dcde d430d1859703469d 25122ee29e0b5288 b6e7967213c07ea5 f7e2f2fc1e243e1d ea795dabbdc277be a6e6a89041250379 d8a9d71dce5e30e4 3e04a1aadf8341b8 2b7ef4f3c02aec54 06616f9812f2da39 ca3ce69c4afb2a8c 8761e1e73269ee97 +Ciphertext: 2014ca cfa6d575f9cb5c51 4ede245284ebc63e 7d7f98bd3dab881d 46b80b9eb4f6dffe ebe33a287b15eb3f 1b5dd350ad06f76c 17e4c46d21ee30d8 c808d3256c51dc7c 5d63b4e159879047 bfa1088940540305 0ab78ecb4a89fbfd 01430c3ba95fa26e 1e3fce1dd62d2aa8 2fc1ab05042ae3d0 56d652f3afccb4d8 fc32182422bc8392 c10ad429057d4adb d59fe114fa2c526c 179cda81c22b04ed dbe6f07a2e00084e 498cdaccf67e05b1 0d3221b00895fba6 502945901c35ae64 fc595b785da15e3c d1bedc5bbabc8353 9a474c155c300878 c5ab7f69691d55cc 4f2f7a405fa1f86a 3654864fe3bb0d77 c201cb1b82ea381a 726ea5eddfae3188 c5a596d68ea42071 dfd68ef3d372210c 8f79f8c22d787db3 bd0ff2f5f90aac99 bbee1795f479e0fa a1bc1d51f8e0d541 cfdcc1be0ad96f0b bd9a8d1bcc9bc238 ebb04300ad926d97 080e8ff973805dde 5195ac9e25577258 4aa860f2be2d6d74 52915b0b64375960 a455b924670a5f43 35f4c43e331ba2ad 89dc51beb864efee 714f562dd35de948 b81e61337e180bfc +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 400-byte msg +Key: c467e4ac488baa0a 64da1bdeb1d4c74b 594f3d72861a2039 1be17e4ba3505e61 +IV: 867b98bf837eea01 5a604717c93e728f baa5cc12bb3f6b32 aeb26b63c2c58946 +Plaintext: a2c5ed2eec2748dd e46e1f8e6a4f6739 29135112123e6752 096ed83bdd851056 7e0a8c006acded24 69ca4b4a7a50cbd1 0d637478725e3e24 92dd6cddddd91c19 83151d3de7b90061 513d7253e289c9df ce5bdc4ec5e8182d b2c6d050a809d516 19ad47ed4a34aa19 038f3cb28b4286ec d4c4329cf2241cf7 d1f2ac9c285d62d5 a999b2197b8413d6 e988536e5cc32d7f 86651d68e15a7309 582aa7ca431decde 99a207c961f1621f 6af05c8f3c53e421 4e0846bc7ad244eb ad3469e0e3909aba 5390ee03e6c5c07d ee8e021e153cd359 9373549fa5d3b826 3ad89be9efff95f0 3d2b0ed1f1465477 dd2bea22cec424af be6ff01a4aa7f741 66e0e5ea4fb20408 c13a103a6bbe4795 a08fbfa34f34fcab 35c4c233519428c4 9812eeedebf1108a 46879b473a73c05f 9d8227aa80d486d6 613a71f4a2e37437 3a385ff9ab04e1ff 34d858fe47aee85e 3dccca3d49ebe7b7 aa99a66525dc0223 b318df1777329eef f2f6ef697ab6e619 e834526792c34ad7 79a8088dc3c6fb10 6b7b174e37c570e0 eaa90790bbd5e318 0784642d43a2d5bc +Ciphertext: 0802b24a9740ab49 0576a09e4a3bafab b5ecde6b7531cee4 55855bff8d5c6815 57c950c782518a16 b30209e7b81e3036 19c4f26890f10b38 f8c759a2339d0b41 295fc0bb84f6f9b3 b81556dd1ce0269b 01d9972ea04eae6c 5aec99a254e3d463 2223223e6baa5f5f cb000f65c5b3dee4 f32ccee50dded4f9 7dd75fcc84eeec79 d6216c2121a9ccd8 39d2c7ba02c5b6a0 cf93dc2e54bbba79 9dc60a5c4ded8ebf 7bbef7eec5541a31 9be05a4924155ade 00469fa9d8da063e a437270302ea2794 65da1e77ab428e72 d219a7af0c45e8fa 26f5ff16466a04e1 98993b5895dbe621 887c64b4d2305f6a 6ba0c56f131cf9da 7e33b02b1edad159 580ef8623fbbe121 10bb4e18a4522763 f11027224c0788bb 6707dbbceb64960a ca87c80ff22a6ea2 fa45e441be166c79 029035d59698ed34 378398eda935f265 88ed02157c1d51e7 0dae4c5c07b53f3f 443bda356bca5e7b faef4320d51feabe 25a1e7e99f4a9947 ef7cf9053e4639bc bea8535887975e4c a1933f6c4fe2d95e fcd45cbe7a90c482 762dc476987d5167 9e66bc7b46b0c647 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 404-byte msg +Key: 30407462eb8684ca 28aea6d3037e5c83 b84879f35107e400 82ab9944d1b0f045 +IV: f9f522eb91cc0938 e94d273335f1ea25 ed5c2e087379043d f7ccb27d9804fb12 +Plaintext: cbd0a047 01f4261d849cda3f a2f013380ee8b7e4 83620024aa7280d6 3ef963056e79f55c 832764e1c242c6e0 94a45d24e4971a6d c9e9611f65430c38 0db6b284a9972914 5e8d49ec6be8f3fc 51345252370e618d 8c37ae95eee75d89 4b646ff946d24556 dc4d5fa647356a7c 22c97a28cff8942b 16736fee0e077bb3 412a23cb0bd44f09 43902e781dd23249 4f8b5c0f73fbb92f adc62d918d4b6f9c 37315562c1425217 dc7d3dc8b7665349 20a18070edbfda80 9a586ee8335a402e 74a08d2630c75367 ef3d14ffdb9ad666 dd346eb103edfe08 2550bd5ac8ddf64f 42a0547f1f095ce1 c4f73b865216c287 cd6baf3c7e2d2eae 95d79f4f137b9ae9 e75930d557b0746d a2d43bc3e4811f94 396fca772526715a 34149e2fdddd33e3 acf2ac90a165a4f3 d3fc9a205884f674 696747ccc281cff4 48304163eeaac925 d9944d18c3d0f35b 9d96e30478c64e11 a57cafa21be55065 1a5210510e8b6597 b6669dd58598698d 49ca9bd70af02f52 35d68860fafbfd93 f2a3946205280d21 8b912330b1650e72 1ec24c00d7a9a11f 609c5d70256bdd67 +Ciphertext: 0ed6ccc5 2a21ebb169e2aa88 cfb645f0afeef52e b65ad75084641d15 69bde0aa8666b822 68f00cd5ad229d1d c69118d5e9814b05 5c9cfed1d45e4363 1169c025e73c8aba 03d51a487d865bd1 18809bfdd05967b5 924c934ca8df180d dccca350aede4840 2994e65c04dca72c 3bc9e99c2961a50d db4c79f29f5e221f 680ed219c8fcf3ba 9b800b469711d0e5 dc2c7428391a2929 984e2a4ea07a0214 ad4eff9d0709d91b e2c7c2a3b4e8122e 878b0ccc4b986818 5c20485569462e51 1f769659f3e6101c 14b79933d797a43b 3fff9345f2563fad 80846f49a50cc4b6 51cccf6538689b2c d92afefec18095ee fc747daccc8074fb 13a6c82f996ffdba 9a975186cffa32a1 d62e8a0481fdca08 830a91f4b1e6feb6 d86c83b5d8726a12 a1b4a4d35ff6a9c7 2b81618684ed0209 5bb86af0b44350dd 98f1db1fab951c52 6972d44229001283 edb7de9520c71f1f 3c5968d725d1fe79 225425a51b4bf2a2 27a3a2cd597d7fc4 063810a1c6e11154 6d150516658d75f8 f3564095c5717830 8ff880b4f89206c8 42a6c8b828dc9693 91154b81c07f8b3d +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 407-byte msg +Key: 54fe9a28ccab9f3c 678f0de1ebf066a3 7de9a79aad6070f7 b33964dcf8c9d371 +IV: d98e9734a71d3b90 f25b63b207f06798 b7f9426a5afdab0e 142381f757a26c3d +Plaintext: a978c2f3a85fa7 b54bfd79806a5b6b c681986fc2b1df5a 0a0796426301d82b d84e26e30ed6592b d2fadb17f41d17b8 58632ef84ab8ecc4 1215fa71c8fe5558 6a50fec42c39f40f 0f885f07b5270e96 74e523a3a9790d33 4fc4b7d4d057ff3b 1a356a2cf6da169a 957cf0106c90264f 4390e03988fc2bed e89f35342113c01c 1187d1e213c0a815 8c5ef5f9c161492a ecebcb818e472c3b 062bdd58633a7f42 77cd9baf2cf393c8 1cb7d88b5ba15e6e 977f4d456464fa65 d1f2150a3fd524f6 73902f5be97cbdfb 6b0d008ee3584d64 6ed2cf4bb15b7bb3 707b46105ceb9680 2d57f7aef16210f6 a4ebd5ca008efe54 966eb75c1e32996d 0c4ed9336484bf28 ceaa5a70edad7300 edd6bf065b4c5885 3adb6e4053f33ada ccf4343bfca88636 7e11c0688466cd63 6e58260c9c994541 809f5dbff7a64843 d9f4c1f0ce60d3f1 6415915f5f940865 51f872a26a7eadce 9044eba1b251aaf0 5ad6e71a82b38ea2 a93d361d263f0b4f bb3f0b916d027675 93527fad2efe4829 78230d80c0aaa091 7412156a806fbe69 d6b35aa04e2d897e b14f83ac10b40a36 +Ciphertext: 7f7c9f00be722f 07b50ecbf35504dd 42c1f0b222823099 95780b82af9569ae fe6aab1790258394 55c29c798e56d5cf ea35d27e95907864 c49dedb8c5731542 442806749b92201e 96b926b058369aed ea82acfb90976ac6 8d3d44a7de9062da 64eafee42c9d4035 e37ed2b8343d86a2 58c7262efca63426 0a96a42778a47592 9700e93a214a949a 08e445b430a7387f e6cf3e6a781cc51e b2c32968ac5af1c0 6903ceedc2b23f49 de482b8f3abbf619 702002a74ba893e8 5ab074925219671f 40d6818c7aa76d54 aa7e934bf11e6083 2ad0b5644470f652 1631823bb4ac3c93 11bb52ce0759b340 67ed29a7e4478c27 fbe196f3f4e2028d beb6c3513790c688 90d8eb444d95133c 32ece91e6fe5f215 14dd87c5f1151a23 8525ff65fd89f3bf f7ba2b4fac3417d9 ab380c6095c83162 42f0af8fb8f334f9 717a6985815b8b05 4357f06a205c1826 8b030779c09e786a a36b08b22c686467 71bea73c3a25056d f13a87297cec4563 fc50ea6a1c33fa39 516ad2639d44f4b4 d7a720211e09e2e0 11afc1ef807e0349 b7ed085d9b552359 daf4075ee11cfeb6 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 410-byte msg +Key: 629deb2f4cef06ee 1b970e152d09faca dec599b507ce3111 c55e67037cd85e2a +IV: 1bfe2377a164493f e024d08e80d44cbf 48b54249992dd6dc 3b78a3ad5d9aeb0e +Plaintext: d698 f041b1e7a18ee925 79937107a5dc7793 65b3ea8fb4393a39 2bb65f38232e1cd3 1a3585615803bf00 d1cb078a4e49f5c5 c89b02da14514909 c6c78a9a4fb37417 68fa24b8b4c8e91f a0df4a458f2f4ab5 34a7eaf83e4cf050 3b88e7a9b6c467cc a33996d6fe02efe8 ae764221afb6fcc9 7082a9cf7a51b776 53a07d4ba28a7c5a 9399e4a17ddc5ac5 c339f804f805956b 46d24749108827e3 d6b85469592c3b29 00c315037b7cb01d a6d073d8b0459d02 7c40cd4d471ac7ff 8c7775ec24d32ca1 b25e31e33e0a7c58 20e2bb83209d9af6 db7342c2692f1f33 3c86e7ba4ba7d82b 701341280faf43dd f917d9ef903616ae 2b14ae92bceeb8e5 b08cb2bd16cfc62d 048a4bbc36928f16 f919d40247379894 34ca1aa48980197f ae32dfdbcd747e11 346a5a86fbdde76a e78db4a68fc9a90f bd3e8de0170dca67 ff2075feb7bd893d c95b736ea6b5d441 8d1e82c2ae14d087 90170f2eb0bc5407 6bfd7c0d1dd36e1b 8b07a05c7e44dd04 b172453ded3f9564 73fea8769ab53ec5 b971fdf047ddb511 4113e838ccb28a19 1c3105019473800f 2f9b61a01e21100b +Ciphertext: a0b7 51641511caff91e5 168887418cb21bc4 1ae7bc38b614e493 da74a7a566f82870 cdb87965a84a7fbe e98c20ad9d288db2 ff285ad922a08afb 4638f5532daaa774 1f4d57cc6a65c337 cd2d32cb1747d900 57ae24bd6bf7fa4e a5167951a69b5f8e fcecdcad57fa7922 e6d546fcf33d81be d5348a30b8971a2e 0e89da359c949861 68bd55f982988cff f428b52183480a85 d5e97e5e93885ae5 951b65c3453af3d6 5f46558a1fadfafa 7d317efd69699c85 c3823555ce5465a8 3c9afe4b913138c1 ad81b779563717a7 27295d7947d69d61 683cfd86d275c468 2b91768802c11141 0f7f2be8f3dea070 5dc2eab594acf12b 43be6076d697badf 71ee6b3fed434fb7 e424418c8b35a3ed 5865e3a2caf117e6 f46d35a47ece3219 87cc1e0122329586 fc4fd5cb2e1b3c4f 9a0476001af1f715 ee552f78e92ef72d c093dc71ce37129f fa098f837f50bc8d bb4048d4fc8899b0 b64af08055f28574 c388991661efcfad 09e4ab8bbe293faa ed5fb3fd10cea6eb 41b9df6ddf0377af ffcdb908120fbcde 864344647ffbce02 7fba403c3e4be16d e8bf6e4f4fee5ab9 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 413-byte msg +Key: 26fe8f7d04e789b5 2a54ead82763e996 04caf5ebd71aee8c 954194842853401f +IV: c18ad207708beaad f2ea5beacaf1dce7 939d013a94ea6a51 95503b14f18ecbc6 +Plaintext: eda6a12c48 299cf213b4714ac3 bb5bd685850dc8d1 78ec4842977b16a5 491670505ce436b5 49074c36ba15403b 49cc2c828b01deb7 4dda37451d3dd16b 0d88e492b3836bde 749382030330135a 2498b134b6c5c46e f09de745eb6a8e6c 6089ec5cb46614ec 31a85e2197a80c47 d3282d400e42c21d e99e20eb07e895cf cd814e5665757806 09aea6397e67732b dee368519b5e20ec c144a9df7ba12ebd d9d8d327d099e155 830d23f2c053902d ce30290d66022504 fff64cc84f7ba15e 0ef74377fdb89500 272d9df56656aa76 2a793a1c76171a8d 2b1ecf4e896035d9 f34466f0f2bbdd30 7d76dce978570a2d 7a256127d38347ae ce23fb1a33373357 10280438b98b010d 0e51a777fc3df97b 479c67d68630f490 6f6d98d454e8e3ff ee0ce4f75a0e49be 6124c747fcf2bd88 174514d09604695b 96646e24f55a8dfa 1456cfd6db2efd6c fe5805007f5d9e7b 758a2fbe0be9ed36 cb7044b01d77796f 0a708d7c46d2643e 6e56274a8e66e67c e6d28247eec6ca49 97f9e423d426ef87 59c0e693a2e2c75d 3885f5cf30f5dbb5 f486d314468246bd 81671423224f366a +Ciphertext: 1f4888b74a 9110960db5db0ee4 84d5425f55ec1952 64920abf39e4630b 22d82e16addc7137 f56598cf8b9d22af 7ece647760209b5a e309faa3aaffa0d7 69d2456df905e96c fb08344e4ee58936 ca7aefb65b20f4cb a4856d6af5e8a4c2 e50b050fb9c6afe3 249990d1979b896e 26108637ed34616d 20ffbd3f759b82f9 65c9b82a1560bd98 d11faabdfb825f87 8b671df9b391bb57 a060514f8a051689 93077f33079d2b0c faf2410d6a45c26d 7973c6e63bf44c07 b5549f7057523f38 b85589b0f81a5ae7 a8e921b6ae2a462b d34022d5363c22e3 65a2ba03a193671c 32e572e41100c537 9619ee8d49e0c2a0 6a43f4d52e6a99ff 6b1cbafaa9fdc976 0cf82e781fa3b4a5 8e8d30c12aa76f03 a33421626a9cf664 24fd77044740843a 4976d96347ef80fd 95463bf885f98def b2fbc40881157eb6 b97e60f5d55ab2bb 83b91ddae23ad04c da24d514e378549e dd5f4031fbc3b9b0 418c6db0e29af25c 1f14826409c2433b e0042140a4927732 72d1e3f7b0658765 ed35c8663c0658fb c5d0c8c9a6b269c4 29a1a75efa3cdd97 bb6b5f473ba20c6c c186ace8deeca92d +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 415-byte msg +Key: c0f8456ef0e44c39 346df2c74b260ceb cc1b07aaba12229d 5810da973f1fa688 +IV: ad4fe5a120fb15b9 244d45f06904cd92 18753c3e67d09247 6ca5b05a2ea70c61 +Plaintext: 02afa9a8150447 3e45d9d79f351731 8fa05d0949ed451f d904eab7c761a749 f5662179caf68749 903f188e1bd7e6a1 ac0bda561574f932 1dcbe5d825fda7c5 0c82ab3d51eb0c85 77bb1353ae78fa83 af02f50be8237331 d966a0fcbe2d2fe8 6efe58dd831e1c62 bb61d00f9e40d940 612cb5110b223b86 d6802309d817c81a e2812d42a9b43e48 23d859a834560d41 8a32224ec69ad997 dcbf74e9bce3f9c3 32b334520ad8fb9f 79c9b608b8e31eed f2bb44ab60b3d5ce b3cb9d82b2ba4b4b 243e74f6f0b0dad0 83dbed15720e92ab 607024102394b892 224da6be01c4451a 81c7f517a1646341 0ab708b9a900f3e5 9ef8c96655660a4a f2ed9583f3286f98 10f9c09b661d1e5b d5040edaa7e0c802 72fd3b933f505160 eb5274bbce0f512e 9b79dc6c87039486 ae6b0862b2d79a6a a5248381297b173b d5254a4ddba07442 e8f251704c3d4c2b 5b94fd38130df084 ff17a8165a0ee343 780d202162045f3e c10a2891fdf4ceb0 a526f54412a952ba 477eb23c1c323ee0 9cb3fd1fab629a88 ec6968b5e14fa37f 54caf96ef6d44873 4700aadab50faf7a 08bee92ffde3ae8a +Ciphertext: e52f3fe7b11ebd efe8a6efa95ed84e 567933930d002448 ec7555c5d0f0998e 4c726274fc597c56 89df6cdeaa6e2857 2a6273d7c338a4e7 920a322eeb19ca6e 9e46fd360c0ce504 908410ed3d8c8243 df485f6e871b4dd8 7f89aef6f7c95b6c 82d6669f49d3078f a9c96ab3463acc40 98894d4156a6f5f8 d5083cee5afa54ea dfe3703fdfb25144 f8b4d28dd36182a4 b4616459d67aaaa6 9059fb90e8def690 0f2e783401c3bef0 fdef81653e59c356 d21a806f8bdb5e98 f20264a25686f4a3 302173a22e58ceb1 07bf08ebb8a4e9df ca8ef556ea708bd4 19e3fe47c3b3563f e77bfc7c13d6a0fd 032f61f8390c8c17 599fabfc58eb751d 6b523792e503a3d9 fc1a718b633c1f62 1f744a9002afc61a 6edf8b549e5eda1e 24d269c8d3199f65 f34fb431dccb2565 1ef42b6c15eda550 442a383a944f0a61 8f207c994b1f4232 fa07d6a66007ae21 5f4ec461f27e4fec c5ab0c6825179629 105ec7ed6f9bc346 f4533b83f8aac0c5 445830c703f20a61 77b3f9364769d0b1 5ec102ba7a2670cc 5e68f08eabfc12c8 bbd10f3a7347b314 e7f18d7566fed1e3 738fa18844ff828a +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 416-byte msg +Key: b819c6417752fe30 270f9e09b55b18c5 4697d86eccbe7985 d7ed39a2af22aa5a +IV: 9f43ab6593639700 e642bc9175120f8a f8811d8f92f345db a60f25e0ed7e522d +Plaintext: c5ef4c95cc5fb18e ae97b0d73bf6c15e bd70936088d746d2 d259db00c54be974 d32591194acdb3a0 28186223308e9608 3d6d2129d7f1e531 04d34349600fd7f5 70eb6238343507ff fbccbbbd7b62f752 217faf31a6c988c2 e3844605e6558379 454ba73cb21f1473 d0bba1ec46fa4a02 11af26c11ee8994b 1874ca7a7fa257c7 fa4c486bee1442c4 4feefdf9b6dff8e1 b4046c2167d57e95 4aabb8f25180baa9 36f62d0e0d9bf9b9 1f6cb82cf5986ab7 b3866a99a818a168 2232f9b3877614e5 a1523f6c3a3da11b e93db8cd2bad074c b53d0871093a688c 48107305470dce44 e46764cf9b81a2b2 546ae7247fa63667 63322ff0b3c23dc8 634d1032b9cb4e8e a73e857d58ef6546 09fa2c791a0c61d2 656cc55fce3887e5 1bf2b781073bfd8b 91dd8bbf9a0f509f aff56e132467ef53 62f3b3068125adac 1a05503956e24302 4b4e5cdd896acc84 ef64973bc43d48b3 03d0e22df51019e2 0591c2a3d14a89bd 7d99e21f4c8742bf 714e8e392218d4b9 ef0a391c52813252 879bf7079dfa3582 cec403cd0cee1816 dcbb3b55677ffa2f cea99f1abf0060c3 462dd6ade57ab11a +Ciphertext: f2106dc0372da4bd 9c0bebe3667f2a85 2ae48c68576d5147 8122f996c341e983 5d982d2bd674405e f27f43b3a6e00ac0 f9752f68a16d5fdf fd127b0d46352e84 410fb63fabd0149a 17c100f56aa6bd20 357e4b416c11341f 3fa54aad403cc8f1 61d8943f43c10f03 f69dbf3cdce5da89 8bc814f87494cbdc 295e1041473e2eda 2981f4a04caa7452 da5a682b2b0e5f48 19b989b412eeb7f1 ef05170355a13f8f ae98638a0e53691d 49b6f82442465cb4 e94a47824f27c3c5 68e619dc54ba0039 c3193e5f9901b8b4 c2e0e5f429ad821c 442e210d49764737 143a77a490b6d1d9 e9ade1e4f27dec1f 2451b0f9ba4abaee 88da4c668a86d5e9 707dbd032bac1c16 00560312fbbf2e84 54d84b78cf3592a9 b4272fc3ada8790c c278dfbd98915bda ff1f2255d6c984c8 d68928cd6c4cc0c7 707ff10fea65bb6f aebeedd6bb2335f9 f76002b4ca27c46b 74eafe61e19e97fd 755e8baec49e9198 3d6a01f4a99aee21 7c53b6d9875bea50 c88c7055b3a149bb 416c6e0b70be7102 1db724b151324936 ceb0f8d0ddf1b996 8c03737084de6a41 21afc4bc8033280a 86dcf55fcaee8ae0 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 422-byte msg +Key: d9a92ef028b852d9 b386d7bbfb25db4a b6fe7164160bfcea 4e47dccf53634d6e +IV: dfbb8b21bc883b0f 3f57064513ba8709 373d676a4a9bc61c 0732dd830cb5e20e +Plaintext: df212cc632f2 982766962b2e4f22 f9b3374445f92578 e9845f7ff92a2d0e a36de0c35908135c 33c8312b8e9d37c5 faf1bbfb53382e0b 2dc95e1775ec3ed5 5634ea895a0fe630 d29ba6fe77bb540b 516bcd4ad850edba 5a930ce09cf0c874 c40a055b760233d5 3e47d0f82eb02d5d c8c874191e69eaee 378c72c3b55f5352 b5983a21f70983b3 3f75b4fffaa34a21 25b0b9506ba9ae10 8d5a97a8076065d7 f18690c3234e5c32 9ccd5cfc25bc34c1 31cda2d7083bc086 24a58378db1c886b 3f7b102943f649ba 1ff6cfd8f52572a3 b4c43a963d45a8ba c4163f1979bb4376 681fc13b9e2ccfb3 8e991579b3038c31 7640867551f0ef12 3554d27529641e60 351babe27e167885 b25d37c9a6810bd1 3ee7905d8e631cf8 3e084473333fa291 6b17d60429dccb98 53eb3caf18c476ed d5615f343ac7b7d3 a9da9efade755672 d5ba4b8ae8a75055 39ea2c124ff755ec 0457fbe49e43480b 3c71e7f4742ec369 3aad115d039f9022 2b030fdc94403136 91716d5302005808 c07627483b916fdf 61983063c2eb1268 f2deeef42fc79033 4456bc6bad256e31 fc9066de7cc7e43d 1321b1866db45e90 +Ciphertext: f65ccaa58cf7 31acd77fb273f168 286286fe24889de1 a2ebe4a23bb27b76 34303029941c71b0 c027b17f462dd9b6 62c57304bab44400 ed822b47e74065f5 f0433ec42eee6d53 e47c6cb3532ab56e 3f2d1205fbac7fdf 0ad0752b35c2f3f4 d71772fc33aef27e bf607617a511a922 01d68fe9d3621ba8 d2f2292dcd70bfe4 4050bc1b8f7852dc 1f65fb66fd2c8002 90694d9115321f1b b7afb2accee677fe 4533c8d01c9ab6e6 559b2017813cedc5 594c89ef23054e9c fd2165f7563de694 054f989e9883970b 2c013771cf542dfb 0ccee0eac9d16f44 f1bf40efd737ec68 2b026df81053fb7b 3a61ca3f12fa8380 a1fe798e38f380b0 00dae0de171783cd 348850c81fa9f979 d322c0d72dc0c988 f14fb1e0c943d7a4 7315e32907ab8980 c74d618337a77cb3 4d1067bbedf5f2b6 1bf206ea7e8365f3 e3cb1f70fcf3d083 2d97c9b9c5d26781 7232ab21409096e6 7ba700ace9bf48f2 fb2f3b532a714798 c2244832f5e560f6 4f38fa4bd8b5eaeb d4a6d95c69857fa9 415aa3b15348c3af 9f554ad5f30fe29f fb66d5d51a59b61f d6d23506213f7770 a9aa6d9c58c42d16 73651c18b8b3d851 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 428-byte msg +Key: 22d04268b5fd4be7 aff012e9db13f0ba 68ad9e7ef7aae918 f39bad4b21fd001f +IV: 78beae8732fde640 231232fc4aceacc0 a603708b4a474d38 b4f6c0a55b762215 +Plaintext: 87bf20d3 651a6c195b28b22f 9927ced7f1713ce9 e845cf3b0dcaa6c3 89515d00f8db8095 77db4538fe3d7aca f1a6bcc7f1feeae1 f82cd9e8a52049ed d41718a7721ab616 90c8d965b5567215 79d4df584fb262bb a382d20825ff906b 644fbdd39e85aa9b d66a906a287d8258 5a389f52b3958cbf 10d1226334706384 6081b34c2323456f 7448d30efeb992da bb5b657cc4b05035 68a030c17b7aaa82 f03662daabfd6dd9 90eb0818e0138ae4 c5c3979f2b0a9764 d27866eaa1254dab 3ef43245db190b20 53d99951759152be 9ffa9f8390ab4795 77e02ba54f793548 6f468b545d81088d e49cec81663ed2b0 7388e3f0999c4a10 7e60e7bc2d7f48a0 aeb1d5d1d93d4a68 6bbc6b705a1ff302 66f3cdaef1e4861d 108003f5e23e6ffd 21bf7882f653bbf9 12bf7ce5fa3e9bfb a2c5c3843e8be504 55c9e51917be93a5 f0f7dc2f5dcd4287 ff2f89a9eea2b3e4 4f852f3c299a4e0c 74c2f6f073089ae1 44e169a2b6b2c65c 5a93f985dd532405 94bc789c5918a87e 96f49e419f236ef9 450688a2a80b31be 4c74343e6f5ad4a6 9af1066d770ddda2 e2e546d64217f535 1aed9ff6dbdf6af6 fd59a29f4dbead0f +Ciphertext: bd8add05 9f9021ad8c83d54b 30939599d33ccb8e 935d5954561114ab 2012f72c763d8a21 2c4d2d25721ce5af 5e4e2c724714025e 4b31b3960ac6f328 092d06d4fb864fac 10643aa2a5e48932 22138fd5c94c1c42 c589726a7ee2dbcf 0e291e75458578d8 57007c1be0f7a3bc 54133d9db658447a bf118a84bd42af25 ce3190f06f95db23 5ac6f327cd782860 3d0dd020388119b8 6d2775927cd2f78f ea2e08d52220e67a b5e30e1e8748182a da286706b5d702b4 7d8c027192c627a3 3a4af2c214578090 1fd8e29bb9027fc7 cd660f0f4147dbda 8b6388bcd9384aa6 1528d1a2c930063d e3ffc8a7b0195dec 94effe192b6bd6f9 3107248379eb628c 4452cf5d019c4994 0fc651ad49bfdcdb 45e73910c314e21b c18a8072a7efde54 2e600d7a926e5eb4 e21e2b77a1924ffa d9e0df9aa46093c5 f5af416a64965cd0 13e1251500561135 23d832d35d8029a6 76164209d1e62df4 77a54a31cade67b6 be8b9b2ced59e5e8 94bab4705bba9f8f 1b8e9f78383bea08 605c4da117b2d9f9 9cdc7f19e5c7d1e5 f77c155dab248b4f d13dbd6b1d1a4be5 fbba3bc7cccac755 da86755662d6cd9e e4f58ce00537cad8 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 429-byte msg +Key: ac41762a82d4c081 1f547505ed19ddec 1f1867f836594b94 caab6f1f87968888 +IV: 7691811b7d75209a 2a32e790acc038e2 2259bda719e60739 4fb7758cbd7658bf +Plaintext: d55e54f109 a80a568c46f38a5c d48f2580ccc08f8e f97016712e7a3d69 37c8575310b9552b 55c5ddcffa639c06 3c2adcc0d73759a0 7ad050b77846da93 c02078780f75efed 649a567ab5fe6db1 e051306be4ecac54 516d12aafda10a41 f9a849cbc3536656 bdd1e916de8ba665 a84c49085aa531b4 669082d02553757d caa7f3d4951a636e 49b2c02adfd3ee2a 7c624e1fa12b90c7 a180c8b45923c44e 1b679d1beb918d3e ee84003e1f9eee09 44dd673921467095 eb870ddbffdb9fbd d42e70292e828dcd 9591d4db06b34d09 e803bedd41bd7927 2aeb79cf8141add0 dd459485c7b30a24 271f6288fcdcb433 501d78936c5a5484 48f53317451e9791 1ef430b71cecad49 8a77d2cd69dfcb8d 6572c0e307e3a9b4 2bed643bb5390408 80826d4897f71e46 a8e14d32b5853922 0d4cbc567b211fc0 bd1b33c3375c9d3c e93972bf9f9b0423 67a4fb404896a7f7 31f1947330dc5faf e4c6c938354d0a35 425f68a49b9f07e6 b10a037e8bdabc16 baaa71c28edc1189 8a384d2216d5f2fb 743d7680f5ccd099 6d598d74e4192186 8ebf7bccfee8dc57 96b7e80742bcfe97 661bc5d914ea0743 83dac3abbc1a7d4f +Ciphertext: 411e8d19f1 72aa1e0e97702cb1 b2fa3ea3f24a41de 8fe88ba8ce5d6bcb 46ace4ef423ab242 406a6c029fea4d7b 4541cb06f4bbe035 3c9c83e022eab7b4 be17e32c2c0fe2d5 aca910a66ebf5856 2c3a3a01736aa7e6 22b882edd930b32a 629fda962284d11c 57750545fde5e31b 5a7d80f347a888e9 807638f3f84bc7ea 985b49ccae216602 44b30397a05456a5 e2233c9e1a8550df 05ce3a9d97c95037 644eaa7cf7975344 021fff8a97d01aff 078c74e1bec5b134 71c9df430405da09 08bac49714113f1b 15e2aca0939b91b6 40262d6e1fb8e68f 3b1ab41e498cb58a 2b0e332bae3c5540 d9a422ee62e18ae5 6b4be30161c7f0ab d92b12b73e56b099 adc4edcdd9a0c49e c1145ee169145946 d2257f7e9e6732c2 1a5563cd66b72002 8e09c14bd75a025f bc666ceea7619f93 9036b41641a5bb8d 0a0ab8f6e36b0454 32aca88e03d48458 9a8111a63b1e34f9 4c1bc0984b12d710 746a7c9417973dbd 54a96c2de7e84ec9 ce6b941dcdddaf5e 21346ea5b6721df4 01762eec3b694e84 74efd91d6953a3b4 0bc3e3e58c600de6 84a516b0aed7ba80 52ba49e8022e0507 bedd642de5041f05 d3570539f5b00d03 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 436-byte msg +Key: 78d918e6ca6820f0 8cc27121cad510ff 417c3a60c154edda d5cbaa7ca6797abb +IV: 1db42faf485eec80 ff02e71bc71f6e29 f6c42841185d9e5c 92cdf98a85bd0de4 +Plaintext: f53397c2 2b66c32e57d1f298 7a86b9cb83c52d1f b8cd5ef058f22150 7ff013f9497fda85 3a27aee2de561900 acb0facc30a6d062 6a4a357e7161a934 5bba91e261bf7f62 3f4ab484dabae4bb 2545391645909a72 f47c2cef234319a0 e3c59187851c0fc0 0076defc9424db31 adee7c900aaa11b8 1e0d4a29b7c0fafb ddb61ad0fdbe1107 4754333254bd87ca 0c53cd22c71dbf9a b2a2981575ffd3ad 123835a510cc0d9e da8cbb0e62ac6fef 091b33b4c3102c81 76e61c9ba4292c1e 4af1e9ee086e8cef 81c57e79051a1b06 6eeeb72e47acded6 347ee0a48d658db6 4d893e932bce1561 06a78559862f1479 01765f789b185fff b215ec1679dc7fdd e2a93c7cc211305c 30dcd7982d12e1ae 8b58357b077d3766 b95146dbaeb689fb d3f9ec9114626548 c6097c1c42ec0a0f d33f411dd303ec71 10daf8d9751a3478 e62055bb6be73d8e 91d97dcf0de41802 a3d18a4746d1088a 81590afa153007bc e4c77fe00dc83f94 59f1e197d62392f1 c1b618e2a9101318 d2768224d8218a2f 949573e9432ef4c3 e5fcb05ee4d10043 f697f3d444e79383 ccd86a4104154539 c03338bf5541e283 ffa0f20b8015ea60 0a1c24075f7f1232 +Ciphertext: 742707d4 7fa9e95288bf30b4 67e5abef8bb9bc7a 87324eb8978f3809 266f3b0ffdc85f05 30939b675a58a833 c3d48b73bffb59e4 6547922a8fd54148 0de0444c3d9e3410 677945060ae96951 668dc84f0bd2f10b 1389bb551fe30010 f536a07f522c0438 97a748e423266ec2 f9f7fc6492272a80 b1fdffde7bbbd707 f1697982da1986fe 49fa9a2635645b9d 11ad54b723f654e2 2900fb3b9cd41beb ad4c025896a27ce9 95bdccabe7e82157 5525fc8d2e05583a 756493bfb4217b02 fd89a5d0165517ab 93e68790d420c98d 74dd082fbda68a89 95b8031fd48d0535 6b9e9495e076f76c c7e51d6fb9e7372b 1b1999f8bac24950 aeb7f09716dda225 c428bf5b0ec80ab7 b427efd2a0c3444f 8e85dc59509b827c f14cc21ae275c12c 11a561f9c5915e94 bf448ae128378743 41194f8ae2869f48 1fb77baf4f55cb6c 1a354a06e5c8d323 c3238afcbe7c566c ebce64f1b7a07e94 b5fc4c3f5663220f 717de476c88f4db8 22e26871781e3de3 cea32b0e9e1254ce 1394f8a222280038 06a9d4709b00d03f 270410597f2f48cf 2ad67a8a9a9f3429 7b3abb4de048b6b3 898a0466dd6f9709 286f98da96ac3d51 296947e57f775df0 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 443-byte msg +Key: 28c938e233c1432e 48d6488b28933d6d 85b086f217d9b0c5 ecb2614200178fdb +IV: 0da8f1baa485b3a7 7d566e2d0c8f57f8 54f2b78200559bef b0a5cc35912b017f +Plaintext: 300e54 d49019f3f37abf18 82145c3b68b5be86 78f8e4894f0f052f 7f5ad5f0ed380349 771e0669dae6192e d369844f854f1edb 1b2610e2aeb2db71 69849dc4ebce90b8 ec76d37f24696d97 68328ffd17cb199e b4b3600ed4402e7c 3b370be6429abb89 7cc1089c98acc23d 899803ace5d0b7b7 8bc65c7589620737 3d9aa8bcba438ea4 6c272e2700572007 7ec36ac3b807010e e8888d7f95c06d8a b6d6fbaf1a7211f1 07cfcc8a22128fdd 8eda4bac5818fe8b 13217a95bf01685d f0128c282cce4b59 94e26a2cc68318a7 03052fce8daab717 53b8ac1dd0ce0098 3177e48db60044c2 5a879075b655c24d 236e9d911f653298 f275a98191ce3e24 c22d8a4781af0416 a2e7c7cdb92e96b8 373a1d5dd5f379f8 3681fb27c7aa29e7 eb5b06bf5584943b b429969c96b79ace 8694379a78f9941d 680429793d09caca f32ae15cf927fb1b d877864a1697d878 5aa274b0d02289f1 cf25bcddba9427b5 24c1a285373f419c 56f61e3f0176589f f98c5b08a513625a b50d3bbd05f34a91 c449d1a4d5746fa8 75d0e6e41ffe2129 ac7b7508bf772742 60e42e80e7cd3b44 1ce9f7209c708b26 7f2d669f37d53a00 bb974819e6f4de90 19d11e8e28ca00b8 +Ciphertext: b87a77 03983145d6733a64 36a58448eb25dbb5 6a9efeb4c1605a0c dba90f65acdfc80f e963d06a75274f8c 9fa12234491be1e2 f8c805beff884ae7 c89f977df198204b 7dfb157d84b71d77 216647141c14ed38 f787ab9acca83a4f 282e0ec1002d9e99 970c0c69bedd5d76 72c3c6d0c9c138df 06aed97accb24e6e d6eaa02fbf6abe4b fca6892ca33866b9 057d3d31a9b9a8f5 3d22d91654b60112 2a7aa1c3224e6e15 cf92766a90cb907f 7a8eb9b7da06be26 5639bcaaba208f2f 1e0c6ec6ccb7e55a 263ab26b7f44548d 888f101880b5e941 e7ace090fb2abcfb 2bb7ddd7241af22b da48747812489b9c 6fd2d61bb612ec36 a6499133e8721548 e3053081b1a42009 ccd576c315bc2159 4f229cb6a51522d4 a4ba50b7b9297c33 c88e5eca98929e8a cfc8d5fa002ea182 0d48bc4a290f5f96 8c9d9fe720d48153 04df3433ae52200f 0ec9dab584574b5d 8c1ae49883224719 a9624db1c4e8671e 115e643afece8e35 533f1a250deff3c0 67194e6cbc60b542 0072c7e92f069d1f 73d3f5f2693c4ee3 9ed13c4ae7f06789 db76613b208cf968 664ead4b77eef5de 7e4023711410054f b2ce1ccb6138fc65 0275f2f5c91a7d98 8003d1986e021318 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 447-byte msg +Key: ca9b6154d8a0fdba 3427d913a3ae0a6e 075ea4e132912c28 fc924f9093a3d314 +IV: 1345cfc557b3176f 0eb0fb791182310d f43f0f79da47fdd5 8e122be6d02c7f43 +Plaintext: ed7dd2b693ce5b e5e2896b32c6c05b df8571c3769409ed 68af268af428a1a3 4a80ccd2f134f8b1 66d93b93066b7072 2de37e29a007dee3 288657d480440c27 71f3b9373ce33a01 381b4ddabca8985d 3f35eea8bedccec8 5f3c2c7153cc74f2 006ecd6960489b33 a4cf47a71e244204 5da447a79abbe182 53f82ec93567e2ee 3f1b8ed0250a2330 f21eb264f288754f cf581390fa4a20fa 4ce3e344eebd5d02 762086d452d1dade 6a2f1478017b3a26 dc78d9caa7349218 9425d54b4577ed16 eca53ddeb147c926 542bf84b13a69871 ce2c22bd691f3fc5 72e58c44033d9a13 ead33a540812f7f0 f739e345f0b19718 eb9e75d107b430e7 2d4b8f99f0b66ddf b8d105a020da6c25 9c825fce5f433f03 7cf35a6e4b9a6c67 0e8166b0d48b6d63 9ec82628c14831ab 8b2df34e2904991b c85659fcfb79fb2e 5dac99f37764a387 e4e02556b2034d6c 0c63282d169eac46 19edfbe3e0fbe623 62f7b0c8a1e71534 d1408b91bdb4c84f 674c84d3eeb6806d b5e0c78bc2c6342d 6488349919bfcd50 ae11e040a803ab3b e30f91a879f71e79 e558465d6982ed36 ad87adcda892d3c4 c37aaacd3c97fd1a c9d5d7157f068d50 f17dfebf9cd81a25 831da1cc16092d79 +Ciphertext: fdafbb8b4e628d 114033b28283fbfc 66acbbc5c035c054 58e9ee435cdb16ad 22d42607f805a46f 35b2703d278e741a e7fe6c2884a7abeb cb12fa692961e8c6 d174e97cb804e5b0 7c1fdb032889c605 aeb2a9325d259522 13eb91feeae58f95 bbe59687b1c5247a ba9b784e83f6b6e1 2ba9a5d5d08d8584 e241f7f051b24854 11f55cb37ad61ed3 deb6dde22bda67be cbc32a6d33156ed6 9e01c317a9a0bab9 6bb3d764b158a11f 04c75c72645e6ea9 9a958bf5ce441c30 d6116fca36c4828c df38748c2bac3238 daae12d6bf27cbb0 4d08dc1c866c0099 612bb1185d36d115 93334fe2937bada5 749c230e90437ce6 98ab02f174359f6d 4b592c632de6d412 cbc3b53e913fb20a da1a4c6bd442b481 70c98efef9169f31 e2d3d832b710bbbf a3bc431734eb14da a29885d7e820a4c5 d75059cab61ee91e 408d6a76f9a34b0f ee9b6291ebd5b351 8738c6d881e1b344 375f3e423a4ba6d3 d530222af75592ff 989f1a2e303a0dce f82d54266c220700 3f544825b81706e7 55398ae611a3f1ca 7286b2e914881971 5d7100aa0d3afd4a 8806c716074f5886 af8357b36c2af8c6 c8b1ff2943f6e53c 1571061ca4955dd8 92a0c5dd78fa861e 4850f36a4c15b237 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 451-byte msg +Key: 739f4119c6d361c5 dd80c78ed5dc2176 791a256fc2e22f72 9afe2bcbe556b5b7 +IV: c21e7f300e4ef308 2b521a35ff03bd6c 3fd7caf1ed54f8ad 1fcbae81034222da +Plaintext: 20b2be 85de73c7c549f440 a312af0c86d65c54 03a36528f6b99b69 d28d27e63514c3c5 c03d2a2525c0cc01 8116c757edc8138a 4fedfc0677eed622 678dec4af126b95d 88345b5450164425 771433e6c89d6236 7dd201d95549e4a2 e70a799636defc4e 85caee9d6dd6c373 2c12db0140dbb31e 355b5deabb4f2db1 fb0db6122bc5f460 6007cb48a485b0b4 491ba7f07d0c6d0b 1e8ff681cf8a1a16 4b9d8b05f9620a5a c1f3da9d1fad75b0 75347ffaa6b7f8c6 e076b5e5b981119b 7ec2e0b9c73da406 4f9704e303d5792f 59674b69e365bc14 24188260a2bc7b06 3c849d74bedf2c2a b3fa2f647b8624f9 9dbbf3835e9d21c0 927e4638b2c4c120 2fecaa7f06cf088f 95244466ac47ded5 e8395f913ce78f90 d1afe7b6102049b1 fd01ef22c695a2fd 9b1e2c32c1a00f8d e2e777daa8cb6e4e 8ab34f22e5587d81 4ecc54a427ba603c 70efcd10e0191fe7 34cf24a8c8d226c0 649364c458f5c457 cb53c24f50c5ac13 ba9f1147323b77ac 86f94c41c4831faf 085610e3927e85fd 1ba01f69693eed4b 2237df21de8d7da4 7f6bd8eec567c1e2 1d043ac9ba7b2a39 e7bb553b9cae8aac 4fbe1ee40c989a96 c82fb1f7f3047523 4ca6cabcf9741ad4 d7aa4a0d0f9cedfe +Ciphertext: 17b411 138b76f156b77aa7 df49770787ccc220 27f46e49a7ff41b9 bdd714b1495d2c19 c80582cbc93aba42 4722f4f2232aae16 d6b468bb8c57b2a2 85422c9fee2228c2 b125bce2552a3e3f e1a75e37fc40e854 69ef0864414ebab4 dcc677d465b3a225 b389510a8d77eb81 079d73d3c8ef89db ea8d067d89d3e686 1823105d09ebe0a1 be6d3100d1e9d433 4578d0e67b16da5c a5c74b8b1356953a 1e94f0af4ff388b4 8a5fc7a5779cb34a ef967cc6d8fee5e5 2d8ca5a75dff9a43 9c679ce900a2ff1f bdd8048d2dea855a b98b4e8714e9c79f 371a6b196bb332ce dec75478fb93a0bb 1e2727578b9694a7 1096c1be21d80380 f9870ddad4cccd4c 752bf718090f987b bff4264a6574d86e 0dda765bc2d09f0c 5c102f6ef4b230a5 ed26a3cf0211d7e1 1e2760757465e8b0 1ebf3acbbcf549e4 856857f0fc80247a e88e0f836af7c63f 41eb5636584da6ec c94b55674ebc9bf9 d35ce0b8e941c511 ba372d16a5d9d33d 09621618d393af54 6b3618ec23eed3c5 7098c79a600a3eaa 46e373679ce4d542 ec77b151ac9fda39 f850a2f62084bcb1 95525ddd7d207712 14044a4f3956d8c2 2f0af24672bc176b c978e96a8c87d8a0 075f3d86ea0c1054 ced48ac9dc75e149 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 453-byte msg +Key: 3cb8d9e6e2364b09 4dbda475e5a1383d 42a70577f2bd9692 77e827ea907d099a +IV: ba944891f5ba8ce9 cbe63d748fafea97 e3bbec5b7c7b46c1 2a15d05612a29508 +Plaintext: 3e9a793859 8c1f10b31309178c 0501028eedb8ce9b bcae0bc9bb517bab c469dbd3b2b30194 16cc270d2c518762 0d45284d25b3f7d6 e894195ec1f280e2 4b4ebc7ec4401430 bf5dd6df185deb9c 2d7eae274b23ffb5 67c192f00ffb8d40 a00c5349b8669ab5 ee98c433c1756cbf cf733f2548510dc0 a1fd1f888db4cc4c 296b473b766ebba9 0d479a100ee13255 5aed814d02854a80 ff0f682d2365638e 4f33415ce7a09e96 8330ff7fe7e864e6 36b41ca96207dd7c e7c114e7b9557a8e 7a2be8b5f1436c03 b81c9c8634d42af8 ca90b941501eef3c c2d9ccbe37cd3ad5 131ce54d7da14c79 14d21930ddebad15 8049001bb513a849 f92037bb8515caea 80cedf2d7400677f ff1c1d82cb7615c4 bfa69841772e2f2a f25efee58b755355 2b097f5bbca9e59d e1c05086e4bc8a8e f0702abb80b7ad67 175bc8453235fd9f 7a956de13fe4ed5b 22875b43110733f9 796f5d8fb6f64989 cfde3ee1609cef4f d73950c7e3f8a742 2a39e6c13b9d388f c36bdac703332c17 81b108c3fef352ed a9bed013922f3cd9 619e980948c7c2d8 362c486b4eb57d99 979acdf3f5824d01 58ed96cf33cfd4a8 307d1a2222cdf95b 3a7950817fc56598 786235772b910914 4c8c4a02ae219638 +Ciphertext: fb9ec53554 14da97f8c22b5c4e afa784cb09393ff3 7c41e8a8afc5995a 59dd2cadffeffbc4 5ba20a4588be8fdf 0d82acc0030c7eb0 ae249495e8e670e8 6fcaae4e855a0109 cb26c55e2374f11b fcc825faddb766c4 885914370296fc17 87caf85086766366 1a2730202762f600 7a0d89d8300d47d8 4664bbe7dd509f26 28411a3df1bbcf70 81b456ce7048fb48 5e98d561a8c68094 e41562fd8c9d8c9d b4b6f2a584d0f4f7 567529a4a4b07f09 72900716844dbd57 39900074a51e9b7e de0bd90a05eebefc 715ccc34dabb0e1b cbac5e845a76a988 bdba543198e4f992 3483eab5381fcb48 fb9cabcfd6261925 af3b02d3cbfbe576 6feaa27d5e485638 6d2edcf396a3aa53 873a39c575abaa98 d5fbc7078e1203aa 5d693f9fb1f12d60 0d72eb24e0582612 22373b346f2d1656 3985c0ce8fe1335c 3d51d4c386e25b25 92958748ea4610f5 8d86f017462b4091 65a9ce664c15a77b 84d77c7fa15dd9dd 7d8d11cf60f5dc4c 4f76b27c33b33403 4139e6ffb6fd48cf aa1861921d325980 064f39dbe40c938b edfc8c402848e505 6df85f24247c6049 e301fecb513d4b68 34cabfb48ee97062 b5f98b3f48075813 772f5ba9b36daa3b 5025508a75170663 45ecaf4021484f55 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 458-byte msg +Key: a01314aff704a038 1c9a137dab0c9b8c d1ea598a68aeadec 6394b5eb6dab1031 +IV: cd2ce8d98d0b2f96 dbcd2832af992a3b ae91a1f94f6355a2 3c1aefd1fb3bb935 +Plaintext: cd0d a586d63891be7f91 c9851935cdedc3d5 555f8d5093d6dd87 b84a126db970685d 53a01bb14d16d090 fd5e30070d0ad65b 7fa66b9eefee0f81 183efb699a4965c5 fb0ea49eeb08956f cca53d3871fab0ce 26b53175f1539ab0 1893ff58e32a8eec a3b8b928f3fb98d9 3e4288ef822519d4 537427fc226d46be bf3264621d7aa97b 5686a277ee579f74 5c1e5955c6f4d815 0dcb945c09a4db50 160372aecfa07f19 1960a6b2648373e8 2d1ff892c7cdb73b 5ca2c2bc2f612011 23ee73658106d86f f62e0f01dbe9dcde b92eaccd0d197ceb 48e1f7451a0adea6 f0dcadaebc137c24 f4d8238dddf0a1fe 0934bf2e1e41f0cf da707c1f5409ddba 85b369b2062f32e1 1b462b7ef1008cef 241777de84abdb8f 1937997165c4e5f3 e85def98eac2c34e 74616efca081635a 12c11d05c7c105d3 0e1f9563d3a5bef9 23c08789ed34f812 060f362e70dbefe6 dc18f8ca6dea3542 bf0eba1f28122f75 3ec679ad99ee97d6 da39c93ceb77f83c 89065256008d3584 36ed4ecaeb75020f 3f560c2b75566841 f6c8704f99bb4603 217271d10814cb42 7ba59a8fa535fd6e 30578a2c09d535fc 64a2738f0110a0e4 ad439e620be6c024 941ce694ddbae93b 18b339d7ded4c4ae 2cb11a23abdfcf87 +Ciphertext: ae5c 6b7f52898980f4c6 7db1db0631c95ddf 7b8aa57aa7664ac8 b67b6b1cd1aaae97 73064e82b8129656 95ad8906a3c917e4 0a71ee14625278cd a217ac31ec7958d7 dffbb5a4595caf5d da6d2f01170edcc9 b11705dec3782259 b297653a20373bab 1bf8beea96587433 432ee10f45f97dd4 17757b7154533285 464bdc63a2ad3e6c e59f8dbf9914fcb3 0570a45ecd38f740 e989c8c5d42d4c27 40c27977bf09b257 232bb143301b1bd5 782719a7d05617cc 8b70c996faa768c8 4f5288c9bf34228b 9b02da0742dcbdf4 a5ae66b14f4f04d6 c40d6083ef69e910 b753c05477cb18b4 5de78a22bbe685db 050e18d41cc25b16 8ffdc92b923ea54d 51d3369eaea2651a 0ae708dd708e3910 90d9b984d9a13d7a 579d35c806d82202 344dbef0a04a0c4d 0a48d1ba4eaa8279 3fe87ce05d3058d0 2864243a367d79f0 3ceaba38ecf7f5b2 aa13d50ed711040a 0e2498a9183fdcda fb04ea6d6cfb0b5e 4ff68e5e14ecac48 7a0e8ee42d93b602 b96ff3e51b40460a d2aa9fa0f8baef44 e4b7dadcc96c8b85 15442dcb76022689 10988c4a715f7323 a2e205133333d6f4 37b0d055f3fe6454 e06540279299033d c04ea02e3ec855e7 fff77326871b389c 2a9fb5241a2d8d12 f086d03f3b60fb4c +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 462-byte msg +Key: 632131936bdbd18b 3c7a011b6c8d1d00 5162557bb9de0054 dbad331f8e9c93be +IV: b94267270be6f268 ec9dffe8b3b3bdef 194ccd68ed4b9ae6 0a73e9e687ccb154 +Plaintext: 2d492c502ea7 2e311398b6caf721 c2edf341682ed9d3 23e925b56b87302a 88fca77da7943ce8 2ef09bb34d4ba0a0 d503c7874e54e43e 446614bbe18af37d c1c00f28017e9d6f 99ac6b36ecf316f8 9e377d67a6627553 a464bfcd7478378c 03a84d906193b904 186e6b69bd49c1f1 c493fd2998e1f6db eceb0e334bd76320 f7bb4afdf05df971 533d8394e5d50a53 f01f2f154e58ce9f c304e9349032e101 4401ecb9d663c37d f1219bfe8f1f57e5 c9e2fc73ed4f6564 d2b5381a680e18f7 93821c0b3a2d80ef 9b229bf0e1b01170 f8e44a8aa04e23f5 c008e32bfdf570ca 8c47c33a44449990 f8496bb2030fa1bc 242d03a38dde7019 3605d2b0776e5141 d657c78f1e2f7428 b19df48c1ec46d91 f6c60d06dc86b497 dcb3edf0fe022326 1aba1252ed767b7f 6d261cc65a58dfb7 16b652fbb6cf5738 591a1d35b8374e3f ff798acbdca2155c d5edcca7de525ef5 2b05b8ca4340c1c4 564248c5d0983a55 2e9b1941103aa988 90f9ed78d33a5115 ddbb29baaa615a03 7a3457e96caa502f 4e28a6feb4c6a1cc 47536582609922dd d6e18c1414ba8bbc 6ef733e9b5f7f697 08291848eece64ee a2011e0aaef53816 bb7fc821a8d4bab9 d993c20dd2069553 04a55968e6db5ab6 480dfe5be5d9fb88 +Ciphertext: 3add7fe604a4 1f137521f8616873 5eaaef1eb1a7edbc bf4c2e57c7f4a8c3 10123402cbaaa851 4d2fb11d7cc7a6d3 b66f4d04b5b46d17 46c7f437f67ac66c cc0cc6ca7040895b ba811421ab71754e 0a7bef716e51a802 a354ac18da9271d9 0c4fe8954fe11089 656316539072e7a5 190f1c7ad9678a04 f43c5e74eaf25359 793a53548b1d153b 9ad64e4156c9d792 f76a20685fbc26e7 0e44851e37cabe76 30a4a5a910ec9d67 bbc5ce20283277b6 aa93096a2d3e69d6 c66f0b878dcd2c20 80d5652c22b6e14a 0234b915c26bf10a 17949c379fa1a61b f6d111ea1a0c6168 3dceadf372d6410b aa15097dc2bd817a eee947a134574241 bfc46157c200703f 6392fca5aaefc173 73540bbab69121dd bab9ba31a18bfdd5 1f2ab5025cac7765 116976f7a0052824 4d0f9b367beb1328 f43360fd36484237 815bdf3d8fc4e2bc 8cc659dcf40b5866 1554bc71e3f0930d 90e3c0c9489d9904 a3c4b25ec8ade8fd 4350db390aa8ff6d 03955a4ec4c9ff81 f64fab8c19c37844 6d6323c4773f887e cdb4bfa4f71dc7a9 78c7e2dc3cabddce 70c369f6f499e644 8e15719697216c73 25ede53e21abe4be 350b3007b9e787b2 b7c83da772ddb04d fe976ce8a7242613 060a78085a8b36c2 ec5c0974128b983a +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 469-byte msg +Key: 9bc7268f3651c064 11ee9deb5f962ce9 a450a6c674ebeee2 7eefbc2ccad3faf0 +IV: 3f706ef068b69ab7 789ee02a8b5fea60 2ee549b3227f5c17 5dd874ab5228358e +Plaintext: 72ab40f4f3 530f79d0ba1fb511 5a55104c009bd76c 7eca90b1a0cc8bf8 6202ba3d60e3c25e 8ee6522129a2b479 ee34a20589e25ada 50fef582310cf444 e9271ca677a08431 d1e9ec74d5b1504c 8251bd62686764f4 5dc0edd9727c0dbf 266c5bb8d9bf5ff5 83deecd0a594b010 80720a6986721b43 0eda20bd4b63fff0 7f9b1f786c887d31 0b8efd3e8192fe50 4f603024c94aaa4e c9123736a40bf160 5d7a12f01942066d d3c1c5c551f55f91 57e3d89b1a39379d f732da4c65ba0c95 29d3da27c9372231 423eec6dfd03fd5d 00c2aad56285ebb9 0100b00877b97819 496c1f2562adf706 c0cf1b3e6e05003b b2c74dda8777ed29 4d456271c0505c74 270d8af3cdedb073 b53afa418a4290b4 d5b86ab273576675 45c8978f29c6e02c 2980c298f33f7301 8948307d3a04d34f d15ea8660c6d7d26 5053f86b9a652ecb b98c701cbbea6836 a5c166fa6791f494 0e81b0fc3c005bc3 d5ac2d0cfc736bd9 3ef83c880c38b99d 6f6d43c1f733190b f5e9297fe95a27d4 3e9cdd7b3539c2dc 208dcde3d06f8bbb 501470d9d42f6b3d ec5dbcf4fdc10ae2 f2ebb0be2fff595e c613cc35eed8091a b17d944ae4d011b1 5ca711655f7e2c74 596150dfd00d58e6 9a52e0864ebb5841 f871581d115d33ef ae8dcfd9f7d9b412 +Ciphertext: e6ba06a3b5 60fe97d47df4711d 5b6fb7e08c002cbe bbff9ecde2a47977 cad093225f3e61d3 5e26d046b33817e7 16ad5298b3c240f2 3c492c3c7bf53a17 e0e7160b529a4638 3d93fa1b06db8035 f578d8f61339524f cdb464d36fec695a 8fae99dfbc3afb07 7f0189bf5fbae451 19758ef2670c3fc5 4ab0496474b63e1c cd7d54902d4fd9f4 c7ee61ea3c40864b 3342d2357f35f691 9f72d51d66d54eab a320e16c2a11d97d c13f291cf71a7bf3 21bf329a548431f4 6515b793ee2f2db0 90e762b1ecec9f9b 07fee32e14ee3ccc 34d769309b317f9d bef8d6e2ec22df7a 28fd3e3ebc153084 e05a02b941899889 50c07b569ccc852a f8ae1bad85f6d1f3 ba2709f87a016dd3 65c96e2babbd69ee ac086864c14edf0d 06e8d5b7c4e24818 d750d7d3d1e69cf4 af1ac3875a7d0c49 3e029ebd928c6a72 135422ac4a717030 24764ea2d7be11ae 802cd5ae500e134e e1cc071ca8e44816 5cd1a6f8fa23fbc5 df940687da742fb3 5c10aa4af4d0b5de 5695ee398e8dfdb1 9fe1200fe8ab05da 0f94f3060f2c0bf5 2e45c39d314fca7a 8087092fb486d1a8 c38f1770ea697126 ba4baf70d07ec8b4 794ae18cc2d6fa74 62b1e6d464378121 e2a66bb896b1ab54 12ff03ac99db683e 4c7adafef0585bed 63a5c87924b2ecf5 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 472-byte msg +Key: c662e502aae8fd03 11b2dfd860a3b88f b86459411dfb8048 d89f59ad19ca44e0 +IV: e191d9ac1f312969 1aea47740e1008dc 1a5f065e598feb94 5028ec69889893d0 +Plaintext: 7b82c2b6b55af534 332fc70a0fc7b849 5ff12d4f5a17b8f8 bc139a136c438613 5ce0a807b18be6cd 25296682a9f1503c 4ec3d5fc65bc70de e5076b930ef6a611 4c5194895eee869a b7812cc425b6581f b07d064dc5a59aad 94ad68d1b6d77933 137d8c2303a85c04 b3df21b8cb3d5959 4dc7c82ac0fcbecd 8fad98b6ac0e89df 780e9bbde7e4f074 dfea4e47e2afdb52 ed47247ba0e664a6 9eae042837c45e7e 45a9c64053c8cb50 054bba57b4336472 58a82128ab8d15a0 8b58b210a0217e79 40f817928f7c7401 ebaa6dd187f27e21 5590c8192a195823 1d54ac57304c7336 32a3959ce32973f0 5aad709ea414b0c7 aea8203764b2b697 1b4afae32c6ec51f e252484697f75184 19ffcaa453c082cc 29973168a37eb664 4ee1a29edfaefa9b 1aac3979f20d9524 f24683cddb1e7d98 8f0503952da8e0f2 7ec2ae6f90359c11 a0596f1b3d94c73a ab2ba40086572893 a79c9fa74c56bca9 7295253d862a33eb 3d02f215c1b3702d 0d5534259a930c26 3b010c8445b1d3f2 f40110f20ab64590 b94fcb50c3931765 e06d3b2360f9afb7 11df521663e0ac33 caae767564015c68 dce701b38e5b444a ec1ac2e420b29bb0 f3dc7a43ed0bcfd5 bd455faedc32ffdb 6e739c2569347f44 f805cf4f22e55877 a7a08af52a5cc541 +Ciphertext: 74d4246185931884 0ee1b19201fe2caa fd957d6b6ec5fd4f 5b1be865ddc65557 25d2f3d5454710b9 f6608b772e01a1f9 f25650953509b5c8 c29f92100db2850f f9c9c4e54c661874 6b164c253c3dc1fd 872c4aa9019b7b10 5dcaae1c20369271 f9e78b7ca40abf58 b1589d55fe125143 a0138c34523ed1db 904abc42443a3d62 98952f60720c9f86 9e8a01fca6ebe8de 2b5451c97f20e940 8142fb4f1fa081ae ed297b0aaf9ed7dc 94c7f1acdc4710de 3a0de646e49395b3 440950fe9faa5c4d 42b08810a8cba413 f719634539b2d86e 8e1fa6140f8c94c0 89055c1fa5f8f707 93de14cbc49ddbae 352874df87bdc1d0 5689b3c4e599d39f ab7d0142c15002a1 808f002d1546ec34 7954f9952db8d973 f8d88fe8dd98efab bb1f6a31950937a7 cff1909202384a00 bb6f388b7201f2c1 bf90d3bcc065fb26 9cffcc6a87da1458 ab5d619ca68efb43 88d85532308e7177 4fcdb6a29315f692 2f7c444a182740ae 3899aa81c66a831c c8881253f345617a 4f39f7967a6311d5 7752c5c7668697a3 396a39315abb49ee a3f0e1d7285d4485 e36ceb128dc760b9 e675a4de30ea1293 466c2f3ae55933f3 781365098a28ca7e b4c1a67b4b0a05e6 9389009c6c93ace1 01c4ec9fda707863 4187f3f7b53a44f9 628f7bb5895058a2 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 477-byte msg +Key: 6ed485ba72b75136 9aa5909b4651bbce d56d4cadbb6c76f5 d48d1363f915de1a +IV: d0dbe245e80a32fd 0523db6db8411734 33a1c30a5c6113a7 208885e10a471314 +Plaintext: 147fadc6bd 82e68b5b1eee27b3 d8c0f3c7759c82ef bfb8832b8533e9b8 e44a4ae1c5ce8518 a7d5a8459fb1115e 9c1ed338f0bf5b9d 0ccc539e8b05c62a 73ea85e0b72dca22 00681c6bac0c72e2 17999b2f1a15dd8d d2b7dd20a3e3be8a 7c5b8db95cb3dd02 1505ae7450e79466 d19a1553fc8452e8 98e0ea5ad4b51bfd 87042a13bc4605e1 6e162809902abd13 5187074d9df500d5 e7b141f4266323ad 1d4f2496e0cf8ce7 940150d176bd3611 1fca3ac40651307d 4691ac95a1d51fc2 c5a342ebcf37b83b 0e30ef7509884787 c3c976613d7e2b07 3de8f1e54ef35664 08684dba9164d206 6409cc9c5173379d c5ee82cc4c66369c 541fd98e34a612b9 6d070eaa2f40216f 1ff6b1ef5767507d aea028ac3aef9c64 149c2c355bd499ec 7ce64a64b0b2ef9f c65d6415224ad84c 06462ea91003a386 04c8b285cc663523 bd6ecc901ca182be e1a8aeb7ba061835 534a5d6cd589952b ad0b32238e452b86 b9075bd57cf724f3 f83e577d2881585e 1f137d9d9169b87a 95ce76baa957c63f f71abedbd79b1a66 9487270e73a5e0ef f10956e44d8b559c 467744f026864d73 ff0dbe4b3575af40 3cebe613a358f711 5294afe710d7b3b8 4870656d0cb9074d 5a4a23cd9e6d2aa9 79d25b33c184e6eb c91c5251e2351cf7 211fa1da63d83df2 +Ciphertext: 1a20e56d07 2f3fa086a4612eab 29692a3f5e073452 0b3301a44e6a378b d1bfba8f22ac027f 60466f034c229ebd e7c82ad96a0cef87 1eb0bb8a469cf4dc 601f16382ed16914 1d7585972ec05a00 32152af7f0d5b625 1e22648cb7fdd88a f008f012c09c17f4 396f70a22c3a0426 2a591223e116c8ef f501647470ff1f53 b0536d036bc06ed3 252a30c6bec038b5 72bc8ed6c9a3ed79 b36cb0241e3157e8 a2c7fc899443c4d0 e8f1543ce10f101f 60d724d9e5324655 78f283b2b77b9b5e 39a0bc2dfd2e6128 dd617e6d9cde0fa4 0545263da29ddd7e 4a889e5812a3d786 b12cbe8c980b96d1 1655ae8c178379e6 3ae9df1dadcdc25e bfcd0bf29ce7dba7 e8201d0cb56021aa 8f8bf60717c67bbd c85199ca8e594d57 0ac71fb9ffe94af1 81477193b6409aa9 ef3c6707652338e7 53fce560ca1f10af 8a9dcfe8f1b56254 a1930b11b2154c6e 0ff4dd110810dd1b 4bb52ab7da69e52d e9acaf619fda596b c6791939d9402927 5f36b578734753ea e054df3da202a2ad 957de8c3e0d64b93 2f84197e8a071077 7dfd0f0adf74aba6 faa4e7e796841ae0 554377c878748fd6 141ae4f34454988f 33d38fe7e4350262 96a9a2ec9094ac10 ec5090867c664bc6 865a2eaf89a11aa4 f21d0eef17597083 69232ec8cacc46af 8a9a4a4eedab8f0f +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 484-byte msg +Key: 37b5081b6bd2c8d2 a44f17d410f6a7de 0905c8cb8dd6815b eebfdf34ca388d26 +IV: 3e3ba5b357f1c6cf c98a67e4e46c6a19 c391f4d4c72a7d7d 44892386793d44a8 +Plaintext: c67f4b6f 19cdcaf8aad4cafa e8935f03b2be7f04 cb60131088c54f61 cc973f9c3647a355 99aefdd6adf5e81c 04b2ab233f530e64 81c06d9b243c0acd ab8ca78af85c5570 c0de87f03bb46a55 20107901d01a4cfa d192b0a67fb6fdd3 fe66a4fa738608c5 74a48fcebddaf8aa 24f6ef26cfd9ded0 a41d07ba01fbd07a ad6b5d750f8c645e 9e473df9992f3925 f8ac3519a2596fee e0aa985e12d22acb a1e4fb8234381342 2710baf8397bd6cd 847a7462b362a55a 6f818b1a1a04b3cc c018a5aa4a50ba79 f5472e53038676aa b1a8d48a68bc281e 37ea0976815a1487 f3518474b99d040c f234c1936118c2c5 657d7c182b2ea142 222d3afbaf99f504 23d5c068eae79602 041e993fbaf86225 894295946381b8cc 179145300d8cfd4a 36ee800e43f61b63 154fe1df75effdd2 06404687777d14c6 fd5f529d01fad561 16e1ecef2d913937 0c0dbffcfcc53bd5 c2bcb878d1ea5e37 bee08bcbf4aa2551 a9f92e9211829887 d1a15b1db642c635 a70112efd8903d28 415916414f659422 d97d6b7f558fe15a 4c53deca0b2d43fa 9c567d74f4375aa0 6e151b8778f3cadd 8cb4ce3f6381bcb9 656a708b63505d2d 880221908da65ca7 2d5bc326d91c708a ace77c59a11fd0ab 043038e92671bad5 554e25ca0ba6ec45 667235a5d8a82e2f 205fa0557933c638 +Ciphertext: aa2add8e de8856fbdbab81e7 41b7e18f1fac20c6 5d9076d1b6316d05 507d8b15d817d9c2 2d4536f37def6af8 2ed3fc3e27de0c6f e98587f0fdaed68f a79be968fa69df9c 40836b199232b955 ddddf6593ba7070b 76216ac1e25eec57 a1e0d824b460a8cb 1cf044b6786c990f 44fd6847d71d807c fc945fc5bb95aa2a 0f698ab66113f041 e4bea050edd538dc 664a2888d5b77cc3 567ebaba02e48767 8fa021e7fadff6ad 0206d1f1985b4a23 4c22c27587206e0a 47615b2f01e1728c eb3cadc49a345b21 95ccf4ad0e337448 0048c6dd093c2ebf b279343ae89bd8c0 59e214a026ffc1b8 7094e3ea4883c3b3 1affce89fffecb76 d5f2af340472e5cb 31ec44c2b44b18d9 973a42a3414ff497 7de0b7d60ddf9b87 6cab0400d15dd238 580a71a024074f99 fee0117bd11f4a03 3dae4893a3006d56 8579a7b778a4a7a9 94080858607ce2c0 65719a170a39fcad 2f4fc9ea6e1d9230 bdee44194ce063e2 b7affdb033c87d60 49620c7d3a5a0390 1efed29aeef4c2dd 3e865bb0142736f9 78e21a90a819c856 d793b203e95ace7c cb8c3186e74d0311 2aa129557a54e8e1 0f17008c57ecafc6 7dcacff0a7326cf8 eb2c90d610e3520c b7259b481f2645ff 80ada097b725375c 8e9d44f26795485f 1d5c0df2f1b90836 5c6b17c2780532a2 9ab53f76488180e1 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 485-byte msg +Key: eb5f6bbc5902faea 82b2abd7ffb28301 a39a8cdf5eabd6d0 6160bc5283456874 +IV: e40c9a8ed0dea42f e6efba57795568e6 361a6455079086a4 38e41593d9f64415 +Plaintext: 6368fc029e f6dc0cc1057ff4db 7efdfe73dcb4a26b 8448842b55e8a6fb 81d3dcaf9b1b818a f1a9695d1b8216ef d4492fa109042d52 30235881dbbef2b1 8d1eb212cc7f745d 77142e005a4c267b 0054620ac8dd6084 3b1f08839d1ddfc5 c22b7dd224ae41df 322443f3ea648a48 a92680f442c5a2c8 4e447c79c490d5fd ca042738ca3252d8 c7e1907ef252ac1e 78c86fa89f465ce8 119b9dab779c3c23 4ab1968ce6930d10 e153fee89a9ff3c5 1541196e06e8f4aa 2b2b5160dfcb7cfd ed38b416a257dc4f 2683737b0cd2c604 2799648d9f32d3d7 45fc81e124a4fd54 58a3671d2408265c 3e78d87d6d738fa4 56d83a4f93ac6137 061716776daf28ef 36fa99eb942d5200 d23a1637e80ab56e 4c0782fa0ade0691 1783f668e2756398 2d4331c61b4fca03 8ad213f1a220a027 ae2e24d72b512bae 1f480bfcad7d1715 e58817f7e1f5f52d 0d47b9f3c63cb79a 2753072e1f8c3657 c76f3b7df34fad2f 08d033c60da73b45 04a1ef847ae7648e 5d8015470e179152 b7ff7031df748bae 3b246d7ac7ee0415 16e99cede6a80fca f8bc35691f7ba267 9600916296731b5a 288bad5d3950b863 ec26aa7734071e17 a1104fde7a3fd360 0d7b865643d4c4fb 770ddbb58857bff8 2d600067898cfa3d 00824cec48eb8b04 c37637550c20ed58 d0b2dfcbdf8b829c +Ciphertext: 87cc4548fc a6328f99e8ab6c5c 8cc50836ec6e11fd 527d26030dfbfb41 4312d0880dd75bca af006a9de4d7d9cf f5bf23eca0c4d9e4 887aadb4c142a107 d660fff107e0282c 9b5faf35e6792359 78090bb7c948d0ea 49005364665d1025 8a4d1962be36ad99 1eed87dc833fc943 40cabbc33a178d04 0d76b13ff7f576b9 c4f59ecc40559856 411ea3fd89f73df2 8a8615b1b4cb31f7 99365b2372c851ca c8b748de29d92ff6 c0ef69ed46634f58 68ab10d0316805bd a8ab68c3db17dd3f a1917f9290c1b840 cf6680feb6fbfbaa b3b7ea7ee6c1e91a 83f97fb9beb908fe 8e242ce9148a5029 6807ec5939b540f3 5561376f6d829341 ea071b02f84f8cca 307a167d9e438201 d4c5b3360410c34c 4774a80182a336e8 1b9b915fede92b3c 7303fcc0a91cfabb 35707276d4309106 19e0903a0a57c463 213dd52fca562abe 1768fd36b278a4a0 cd3354205f90cf72 a1c8d523396c88e5 0af529527627d6b3 f2f986f22197fd7e ad4ebc4399928d06 af5e65b705403444 99eb8959827e52e3 41549235b863a5a3 8a6db0d382f01d0d 9410d654d2439468 15bccdb64220cab4 602fa53696141330 6fb280318bb5464c 3c32521a986feeca 91a895493d1a82ef 73b7d463595c2ba7 aedcb09dab05e4a1 0599c022dd853b6c 6b4fceafe1dadaa6 3087d630db921e35 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 487-byte msg +Key: 9f860810c00b04bc 1d12dcb108311a61 fc8ca919de003ad9 83a1e76473671693 +IV: ec24a1ee2ab9347d e68af6dc1d2f6b8e 126d99939664693d 8709513f97d73007 +Plaintext: 4ec2794e536d94 ede79c81f2b2ecbf f3c2c26ca2d181ad a2c60050997f3bb0 87ce48d956c18ded b22731c71a4fd0dd 3713736b6d15bfce b1496c2d9ab4f95f ba739e092efe8307 74ae2f0e7d7d438f 030e68de1ded8693 1117373169bd7b05 4945ad51ff92b5aa dc85809f42c3ad9b ffb9890dd9de3ec5 6a3847a12f22276a db4c5bf9f1038d9e 91b30ac292aa76ca d21ebf3fca724f2c 66b586c8136c6755 199191482bdb71aa 3c40b7be95b906e4 2545f0bd18302190 ab95daed3e22a290 aa1b3887d6a1cb98 85356ddd7278c6b1 9f3405d0eaa01cb9 e1e02d57d7cc3fe1 38f236ff19de022e 13991665526f1cf9 e9f5e7be684ba96f b19f664f07f2a811 681f75f51d197e35 8f74999f5c277183 aa907ccfbcb82e79 c3d96d1df61d44e8 e4a9dbb409daa774 a0ceded3b9272e18 8b0bae4d0b6f15a0 be962a09cbd47b2d 5498528306aae5b5 efb0cd4990f7b980 3470647e80f9c4ac 4ade855bafa0b5aa 5ff5c1a93c0fa0be 24214e480a207c83 4cc786ac40dda565 10ba665ac9085a25 aec70f6fd2934058 e62a49194f29dde8 7c16fb1d76a31e92 b831b54f4294d267 e916261df1be2d4b ddd2a605869a4679 6b67ad1948d499fd ea4c5a8241cc8638 b7eaedfbc017cf5f b2214d52d8fc1efc c1c183eadef77d6c 4d123d3bef39dc5f c04c4c5068268f5c +Ciphertext: 57a303e7701dcc 85f9be74c9eab9ea d3e4fee6252634fa 4a4edf68635e6785 2948d350c61f1848 1963080e0cbf8cdc 11a9641c032ea94e 07d7efbb5d53b8ef 9bde47d64118574a 75174cb724af5784 030243efd3984d42 6c9981e9519751c5 3a6401358ef5ec77 eaf4c890d021350a d5de64171e21d1cb 1c034c16a1bc61f4 72abf9718c2f9c3d ab1acbbf4f3e37e0 553a1b8b466364a2 8aa293220ae4af64 0514fb259e2f7265 7c46786ee8a36d4b 420e3582dd445941 f845843a612cfd37 a1abfa39dd7a9e1f 5bad0ff44e8a5fea 6cda2c36be3fb0f4 fc81e78b2ad4a0fc ac5290296b54e93c c4a91d8b8dda1bbd 5cde85f85a5a1695 05aeaf83dbb1a58f ce9c7504babba1dd 0070b82ea2924042 df2a53680915ca5a 9c948f62708d6e0c ab8aaba229059ea9 3444ef797ef94e25 9a8cd74323b5da73 1edd414869260cb6 88667d7c694ccab8 e9f448cc4164f915 f58d28c77b408f1a e567577bcc98b872 756f7121c60c9735 cc5e4785bc5d75a1 05a14225277d0d21 0483b8b9fc033f51 8af1c5444239afc2 8c77926cbde8ab48 2261bd42d8aacfca db061232149740b0 73e1d8512b69c990 e39564a03ab8e94a 9ca758f1f90e1975 16df22ebd9188e15 0323d31b8a442d0e 4e9ee4daddc4589f 27dafe1c8b662557 520564a4204e837a 7788358eeaabe005 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 492-byte msg +Key: 1f26486cd5cd3a28 2d65d7619432a889 8b46c273623da6ad 432b661073d30995 +IV: d51a316bb0bbfb46 b13b27f934207947 bf5e5ef6cf12d326 d87283e187042ff3 +Plaintext: 4a0f53fc 125007c358ed23cd 5eafa62fb76b59a0 09c1afd21209f003 e98b96cf86eef848 85f4254827641306 9a47f9e87a56f998 97b4025af9d9f59d 21ce06cf92a06676 900f1f7d28863fcb 7050381b10088707 0151946595c8d9d7 b837479e750ce5af bc09bb09623cee45 69322c6f82684a14 d0022c9cefbfe6da 352d20e23719bf1b 8f4ac295dd6f699c 0c559d8dd75d8ce8 8b2e94a70ea762ce 20175b44e1b13ae1 933afbc8a205f9f7 e121531c17d193aa ba3c922dfa6696db 025fbe6b7abba02a 5041304bb8e8e47e 71ff15c54aaba983 e696efd6bce6ca27 616c12000a1e371d 4dc827c527fe725b 4355ac3079d3149b 96a3724c5b0d46dd c8a61eaa9ac448e3 1235a9dff831edb3 e08ce104ac301c19 52cbe534dfc55123 bc75ac1230941aa3 27f27e4132679bb1 ce0d7ae9e9ac0b26 a2760e3951f53421 c74182dfd776f786 15656e92dd8ac67a 973f3f893a2e27e9 0f0cb701b8853801 707269ba945225b4 63f8417a0281b439 c289fa89a69fba8b 20f5a6341c5ca2e8 3f70294b7110ed54 9912bea3a734ad14 d855719435e50a33 5e9aa47b8564bd00 bda48a397599978e 3f1aafb2d78bfb33 600a6d50f0e9600a 4f61787efc84d071 7174542da8d36b8c de7ada52976ee5bf e20fb665de930338 7db3ece488a42263 e4494ece13a7b173 fd990729f1c5b2e0 +Ciphertext: 92c92e11 3844a4e3afe29ee7 398dfe9e2596a6eb 544236af5a88e399 e48c43e34aa63342 845e6ac470696634 1b646389dc5c367f 0776e4d33e83d0f1 9b33bb5dcdc5df6e 6b7a8ae138b2fc8a 468826cc42487bf2 57e3acf9a6409350 f8b02cb0107a871a e91504605e5d3032 7f66ef2772023691 c77375c3ec21048e a12fe3ac6aefa74e ae8706ecc32e41ab fef0b5c45c8ec107 81bc9e1fcf96aaa9 065cecfa85bc15a7 db7896b0141df1c8 58901a45620651e6 b24abe7fc98f97a7 4e752253ea9ea9da 1980341c103bca41 4b36fc829a8358de dbde96886a7d1968 32d1ba9b658698eb 50ae20ea608c2474 6da30893206cd32c d7943791f6077f54 6064459c10a60c4b 5e247b947d1f2a16 cd5c0da1be68a9b6 416d75c8d6520981 a46c30eff6d742e9 25b62d8e21583762 52dffc2d366d270a b42a2ccfe66d2207 e6fa9e136a1ff4fb 62bcea08241ca086 79d471534b3dd6fe 79b70e0a77f69d9b 2f79463c79a095eb 8b1b592279667bc1 81c13f82d62c8782 ad01623a712ac0ca f6ce2158919f1a7b 0c66f5b8be255222 dd6d69824e763f46 7d7b8a74675356a1 a9bf66a2a5eb6989 00f1044eecc9c505 ee88789abd6860ee 3036ac5260be1254 a07903004465076c fb2b8f5bc2e21d64 0051933bc75bcc88 838682f647dca28d 19e25a1377809b9e 5b434baa51c89704 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 499-byte msg +Key: ce147c08cc3de470 f9c65532acfcfd9c 8c42c5bdfdb06e25 df00dfec78abbdf6 +IV: ae4f3d747a5436ae 99cf7b0185a66723 a3f6b9afbeb1a2dd b48c1d906f187f97 +Plaintext: 172e4f 2c869157c1fdcffb fd1568ca01f83253 efd0fc3aad80728b e693414d52717b5b 38d93c6f318b8e80 2e458a4ebcf1c03b 871dd95c1dab7bd0 f5ca6d50b025fc08 9e5a9da584add3b0 9dfe531adef86718 7e8c9031b69d6f94 c6fde5b038997aff 68f0fb2244ca6733 51260d57ef74ee92 dd0468e0ffbf1681 5f15f2947336bce7 9e85a00ef84913b2 52a6fe2c75cd1e52 ab6faa918177373d caf8da24e7648c69 4600d29029949dd5 a9676ec2fa6abf00 f0b49f6ec22e9c70 0f90e58a1e8cb02d 6a48dad05e12cd43 5d50a74005b59944 b5bb8c9c4c4d0bc3 34c35deba014f1da 114700f71f2b6da5 7648f0cf1f1573c4 016cbc46a73a4ddd 437b8872f3661718 44e48b2df54743a2 fd399097cef2162b dcaf7692595f2a68 439fb044a1e8ea91 0a07c59966ce19e3 f90ad0bf9db54b1f 4e6c01a8ec236909 3d171b8c320432ea 6b98f464fc28b50f 72a3f87011c4d848 608ba6b1e8edd46a 38cb11702c21b6ce 6f8061b53fbedfcf 70ec50d1b4888550 19f4add5d3273133 3ca3dc1819a63fe3 1fa554b5b6f661cb fccd1f0b0d691cdc 828f5e3b3738490c 5287c3ad80fd95d1 82f0148ce93902aa 1d2eaf45a4d06397 a145000c9b88e49b 805f0d57ea8d8041 a049eb6160f08915 dcf746a802232426 80fcdd6f887fca8b d013033ddebec8db 82991f5ca481bfb3 3f102d5caecb2534 +Ciphertext: 5469eb 58ba49f523930ce9 9802954d7a499cd0 c7d19e7ba0f4bd32 2317441f1b6e92ec 3f4818c4708556dd 36f3ff330e62eebf 0027cbaf6bf28493 3a4ec5bdc30daa9a 7bcabb35d613a820 d428b25542c224ce 4fd9a786345defc1 a3cf288b06ef9983 0eb0731210088bdd b593692ab956b7d4 4ade4c0e93fe7668 c0c5a523fbfd538c 5be16764a0447741 32fec6ff9f6188ea b8c1e690de5e9832 60c18c16e8f0eb11 5f2f4b0b5dbe54e0 609fcd1f9f5e3ac3 8382394fef3d5595 34d248fc3ca3db7e 6f29abbc20a96698 19a31c4e9d655ccc f811a2f9c8c1248b 6f8976bdc15bf122 f98b8247b135a218 a94a13d04a884a27 d8db7227e06b92df ef1b154896fcc57f b0af7c2610ce4652 59649872e7beb539 6fd5639a88bae65a 2bc6555b88c75a3e 063e5ffef8d2a07c 01efca716c472a2c 5a5471258ec214e3 7ab928e1bdde9132 a49850243a287b95 500a0633e598ecd4 982c688eab6c69e2 730a761b113ce438 483351d3a7679e95 3b8b34275b32e062 b0037e29baf25ae2 5e30fd6ca37cd45f 99d65cacefa61e80 286cf5f7ca64d7aa 7208eec8b2f4fe6c 19b1c61ef24b09a9 5d3558accd368d9c 86e1f578366ddcff a59047883b8154c1 ada28f8310afffb1 d676585e68a1b8a3 496ce6808dc82098 541cfecc9f149b46 ae6501accd11e49f ae0c1c23fd87200e 87fd1a019fe3114d +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 506-byte msg +Key: 9d3b8d8585c2824a 8bed88e4f834462f c6f9a73c566c2d51 61ac8830312f679c +IV: 11638e1a029528f5 af135f84a38d2baf bac167b0d5582a17 d20a5411bc0967e9 +Plaintext: 3e9d 99cf5e0b27d968bc eb47279b310b5bbf c789684a539b4c91 e9d8d37ddd160e31 d62d01ec24fe9c31 54b4ed26014a933b ed4e760b50e4b587 6f0de05171296866 6ebb5300ca6d34bb c1545bf64274497c 01876764c8faf735 0d394a4eca2c3385 8901bd0fbe2d19a0 5aaddad29d9265cb 2cbca21a63e6f8e3 ece3793c912659d6 4e88a5e0ab463128 4949d384baabce70 957691f8caafa2d9 3493d5e36d20c1a1 e6d7743c37c1669d b3b0acd240c76eb3 663c9bc5a55ddb5e 0cd1c60a0721532e 797793eb0aa59f45 c368cf85d8ee2cdb c49728489bf98dbb 9c26b47b0631f7c4 2eee68b5cdfac46a 9efba2652929f032 d90ea04a55899f39 0d1907fc135895ad 2dc65d6228c8bc52 6ff18f39dc7fa2fe cd296c937b18f91e 87332756d69f152f 9f86d9b9c2187145 5cd0fccb98f92b88 c870f2ebb4ab83b2 31fa7c51f60d5f93 acb7448344f1ca8d 8d2253e1069e7118 f16c9b1aa84c253f 34f86fb41cab5c21 7be00588555caf71 2b6efb44cd765df6 70a4cfe70002c70b b8b56649ef80f220 358986909e600838 5e3d5cbc9689d769 6ea0f71c64d6515f e4b8cad618940ada 013b2e63c705bd2b 4d16de1009e0c8ba 13e9797f7bceab83 e08904243eef8d95 087c65c87753b792 2181e90acd821632 8606bfd9eef5bdbf d5b07afb0a9a619a 71d793895653dcb5 0106e5708b77ab17 f07f2ff16450705b +Ciphertext: bf56 3e91ad07e6829129 a3c13697f1782930 628a773b70f52164 0593aa99e9c55483 2e9dd2a275d67177 6dd6d1798815f4af 3b5c07e1a1fde2cd 976a694865fa1b58 a6cd8dcc7141b9d8 d71990b5c9d03326 da37de49695871a3 c4148d37ee9f338b 3b744f245954e83f 3a18a4f6a00de86c b6c1982e51a26f99 b51917ac7a413a40 5cdff937dbfb35bb c6e2d542eee20026 94b111161254438c cd24c70e23bf5d25 3ecbf5fd7240cc87 258e76abcc688b1e 007c950f5bc8b544 6a2536d22613bb07 e46dca58c0bc854b f6d8a3b8e23e8b08 b736ef63be688015 321323bc31fc6bfa 1e5d2965be610d3b 2ccf13b6e6e99f1a 75eea76df22be57b 187c3a170da7d198 572b3e27511956dc 9ac892626ebfae8f 3c78e3d73de0740b 1a49b3778d12b155 84f41a737278616c b4d0903674aa1720 0c77cb6f3553c0cc 96543699cd521b50 7e5763220da6a439 c7662555fce6cb38 89c3dd25b82f7f38 b5acb4bac9b8b8bf 1b77dd7a5edf3e72 c246a963fe50328b 0610ba088c40b327 f9d6c679b9c3e8d3 7a0060b3a37dcd3f 0fb558348a558455 3452d7393f05d749 d45b39dfd1ab0452 92ccc0b100af9c62 6acffe9cf301b771 8f666b0123054bc2 9d459757523824bd fcb1e31ff531610c 09cd5773af10f125 60bbb2cda6b00f9b 2907a269e45a04a1 24655893efa62e17 3b4946abca593031 c33a1e38860b0835 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 509-byte msg +Key: b59622249c703165 d1206c0d0c15db16 2e3a0beac86db178 dd339186e9aa9e49 +IV: 21bf6333fda0a10c f4753a44864b4d88 8050a3937c464a47 a7327ffcc754d218 +Plaintext: 7c5c84dfc5 db348dc7f8baa2ca 64547e8590002d9b 1d28846594846df2 573d7f4cd74ed2fd 083011d212b6d0df 4a3620c360e9612e d99458a0c0688273 9927a71b9789b1ad 0fdebf9e2bf476cd e33b97c42927d73b 64d6ebde20f3e251 04dab77004fd27db d886c0b2ac3e3b9d 19ad0b10548336cd a53664aa1bed3594 7f9dd8d48671da91 4a703b96fb5ac756 d2d2a32d47c227e9 84fceb89191d2545 f1b732ce85af72d6 4fe359d38210c300 f8f488a56caf5199 e96faa05824c586a 4471ece6697d98b3 ce2942f0a82ad7a4 7259e2002a115de4 bcd8c6a5bf42760e 5f132fa49aa4f42e b0881d75d46eaa49 2849d8c4e8aff2d3 e57f6af136c72836 2ae5229181ec2d52 db4912eb70a6e5f7 020e927b1052b96c 4dacbc7250a316ec 8d2eee34841ceb24 38b34bd9e3982fb6 e8ef39ac09c259b9 daa7e4af759de737 7038ba150cfed8ae af10edc7950d318f c233f5e03bc77bc2 75b70b310e7f4320 bb49afbd82589af7 29a6233deecc9389 7823ed9e0e29c78e 0726597e810fd4ad 56aaf5b34cf3d907 8cbf13c4569ffcad f2074a6eeaafe425 763af52038163fe8 29a3b37fd4973ee7 c2a1e5e3354c1402 192733d837237b8f ac3c089f995b2fd9 1d7b11aa800b709e b194c223f39c8490 d3cad1655d4b33d4 8f73b9810ea84a87 187c38bbba191834 43e2d20bf857f45f 09394c9cc4efb5fd 09293150fec338fa +Ciphertext: 463e88b98b 94ae6996b2d60023 986d1c99442470de 8562ce5480ce3aa4 91941cd3639e8b9f d35be9e36427ba02 8a245565039df9a4 3519f4f6e324ffe5 cad7b380a1deca86 b1027cf33bfe32f5 b3fbc2ef5cef03c9 9e862b3aac406aae 1790137f63ebcf16 9ba4f5ebabb4089b 3573a96734d1db69 cf46873903ead757 89c1652ee0a9cf90 84a0b53d215e45ba 379810e011257a55 920b1ba4c0e48c13 e3f9f36247a518f7 25c7fd664391e32f 74fc74199bb1583f e7162c699f01968c a402182da878b124 16a9b8292a796c12 47ade0077d55e3ce a067dc4b236cf19d c8dfd654ae693ab0 d51c18aa9690180a cde0f393ad83d2e7 6259d8e885cbb7af dfed51f679630f47 4b0039370edb3ca6 4c2e7ea28d5b6569 688e1d43aadfb083 92f324bd9c1441ec a1d2d72b343a441d b7a72fb1fdc18572 8e1ef2fe9b0bf2bc 56b05af8445cd3e0 d0f9a1e6b2f15d8a dbe5b2bd2a5d4cb1 f9a3df68299306ff 3d40f8c3ce70c41d 7abb8d692c5e7f1a 4d39d9db4fafe16e 4bfd26b9ab5a154d e5c0eb23ec937de6 56fd3e64681713a4 0429ad25347daa08 406d1802d02956a4 fa441cf659211838 1066760627f56cd6 ef87964040b5ec06 61c9193c55fcbf8a 436b4fecad5368b5 538d5e2248bf42df 7c658b0a642c88dd 554932dc5f1ae636 90bb3221a18b86d0 527fa1cffe6b911c 2d8294d3d1623d94 b53de5b9e2f7c237 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 512-byte msg +Key: ec503ae987deb25e d13c23ac450b78a4 bdcb06d4d9a91201 a49793d175a23ac7 +IV: 1480b0741e691fec ab29f3782d72e28a 9c7629f6d0b5195e 2e14d3ee8630504a +Plaintext: 3cf1a4c5a66283d4 b6c004c2d9d1a5a5 1e768f909b841c0a 0dd097bfbe894376 accb9e43e770e6fe 3b2addf30fcfcadb 8df3c00c03bc22ec 89f267abe5561b32 ab352656a93c5152 818e067498145716 2f1443d0d00634ec eca3cb1ac23ee065 8257c566b36ecbb8 d21508ac3c49573d 4e029f46ca0959f2 7c0a4c741eea9bf9 7a5a02dbcead5d18 74e66a02c216cf38 30e55fd4b86e99e6 83507122c10154d5 d966661ec2a10e5a b02bb4e0f422c9ef 1de408e464dcfcb0 479cc38a732c11e1 e7a2789557f3e666 ce096fad98164c4a 5f2724dd94fc8b39 1117c915fc13dc05 ee37c0a9544bed24 16aa22d077996131 3dd73a2711764d67 28e80b2b235dbc29 344dc6c283502c7d d03655b359540f8c fe1cd32aa3f14b23 d6391135b1b3ba35 020a1349aaabaa57 43d490bd06ee5e43 eb1d764d11158b56 612f64996fbcdc11 a0992ea492046f9c b8ad5c564510563e 4c03abfb258b17e6 12f48bc122212ca6 56209f3d03018432 77e940e6df620065 69f5fb99a5fbf7bd 31b00e139589b2da 6cc8ef7bc54df003 c8afc5d59d8b63a1 891cec905a0c31c1 068a76f98f9d7596 29b8a5c59f8ebbf5 f327718c453487d8 f5a008480c67cfdc d8ab49dad7057dc3 d71949855a6deef2 3f7bcf719f0475f3 f6a8d72983b4d8f5 f13b121e3668d247 bc126322be9190e1 f6d064ed75a434db d25ce09c869a55f3 9761562c746e7d0c +Ciphertext: dc906f80857806bf de6c16107a8917ac 5201ba7d85bd21fd dcb33adaee20e73c 66e830ce3447b495 5e4cf1aaa3a268ec fac4f7fcc13ca510 650180dcafd32661 acbf0ede166a4427 bd513847df8885a1 e586133a314d6058 d4719c09b2db4da7 273daf046a2214fa cecd80d0811416ac 9b6cefc80bcbcea7 72bdb989a4f71c24 623964ca5e343ee5 d782dbb688e48c25 7b415730dd028d29 ed565f11b5ae4603 8728b2c595c572ed de2bddadc3b5705b a2a2ee63bee05f91 8e42c162f8046ff4 4ed03347fc0e0e68 3377ae3d313c805e b6c3669ec8d1da61 52eb5921501ff3cb 674a7bff0c48a881 349ac2629986d88d c7b7facad1ac73b5 a46168f020b193fa d990eb6a5e4d98d2 b94e6b705e2c3ea8 ee7b15cc1b33cfff b5c2c4f0a80e2b09 fb8bad151e968cdc 6a408612e8e08853 66af9c06805d2b49 310daa27bb2dc7ff 87676d39a265fb8d 1b0f7ad168e06308 297d5f7e5d9e7c7e 0e3ae6b49284919d 5a9080fff7a6961d 0e21bbf71adc6e22 4c3cc658470f699c a80ffec035daa113 d67914dcb622f734 d6659fae4ea98779 31c94c7d4faf9434 b6abfc2c60b5893b 066d2e3e60403a1a c6160229b0e89458 de0e388d6c645623 a041b51ed1802eb2 069951fa80ea8ffa 7ab7f64f1956345a c36ed1412ea0422f 244816e08e2b7c2b 2d5928385e91f476 535df8b578a4be23 6f41d07357f10eb1 135319deac197d41 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 516-byte msg +Key: 7c0493a3a9a95e51 ba698dbbcc76d1e5 ab07dfc14dc01345 9f6e59c085f84d6e +IV: 1b93a14a4234bf23 584bb0f246ae3d6b c0d354d2c843ad10 744bac06f2f58a21 +Plaintext: c937b02f 61696371c6fca6f1 a96a5c15a869ae75 cf64acea5e2b37e7 ccea1e0d0d5887f9 113091618de5375f fd92780cea2fb451 680b5afae476c00c 1cbe52596f5eef51 5771901b346d2be5 4b0dd7780e8f300f 9e20fd698e95101d ea5b6e2e77b1b0df 3d14a9c843fb492a 9ac5c1809cf0e856 768bde5ee4eeefc1 3ca8bab3aeb9924a ca02249042f95ad7 f2a1804c1dbaa6cf fa3445026fea25a0 1c8d7d119bde5d3b 0621499abace2693 5b895b0519543022 3104797db6f17963 91f2016fc789d859 fa5a5f0f33e27507 de6599d316284ef6 23e1c4f6416cb4b2 a3bf8cf6b820cc4d ad96b016339d0fda 821d83dd9e9dcaf3 d9b46c9599c19e34 5bdc67cdf80d01be 27bb82d84467bcb5 509a614c381b6bc2 5a66ba84455aff92 c032da1e0fb63f55 71b21e7deda84340 4ec27b476d0af80b aeddf6e8cd9d9f74 dba72c0e83854eba 9264cc2cb7c86d22 867e18f7c3d33a75 de0368ecbaf44680 b224a7c7dee0f594 92b8d40d282f0204 00b78184c4dcf9a9 f1bf58b593c6bb61 50929171a731fd8b 7a957d49ca45ca8d c353ff15f88efc4f eff80d6ee07bc7bd bad7333367df2f48 51e5100825738c66 d73cd8d2e6510d0e e198d03d2a7b323d faddd536a5525173 1f8fd571bf1f1236 445854e4168ef28e ce86e94af72dc488 168abfa2e9f22bb4 ed7b14ad22b322a6 1291bd7310ab7478 beaaa0bed2fb4447 19c8389ebc2787b1 +Ciphertext: 2c86c8cf b572153ebc9f9b67 2418c8697d930cb8 34a2161eabff7776 ab33d822cd96603e a2ef521040794e6b b3a45ce812c530e4 aa4fb9389acf00f3 3e3f8159f4132c67 69616fb496774e17 dfc8cc0db8d2a726 ba13d77b8d0b0e73 35ed81530fb90598 6d8735c2c2440628 50b661e83f29d5cd bc0ec9afebd44b26 78797b1601fa7806 e4f67929e17eb89d b2ca68c73d6e9e31 2a84433a60a83544 a79191e455828620 31be06d01d3bf2fa dcd50d0465c57d0a 3cb2aa1ae7c75e33 8a8032802aa59c6b 0d4e570749f7d7e3 be7db7e437321435 80d59655928323ae c67353df99597dcd b6d5dd417f2677fd ddb060934fdd7278 afb3f5b3196df520 000c57a0ebbca1a0 514b468e9598d8f6 5abc334c1a32dac8 2246f58a09e323d3 615aaafa7342947e 9af6ab72f2526be0 7ea4e7c1f0e0c944 cfeec05ac30f022a 0a8ce7047f24e5c5 b008c50d46888a27 f8693d9679983fe1 4472a25f8fc494e2 ec099dd5e76e6790 ea9480866a52a8f9 af400a973cdea754 76128ca162531ddc 357e0e719644ae73 481adbe49fd3255d d09fece556d5d969 20e2952c7db8a224 cbec1294633f97b4 ca25e4d517984965 0d675304789d59e2 b416eae46defd46f f33680dc20cb332b 3452b2c113b1bb7a a4fbf1b6f1e4f5cf 931ce864c843e369 f44bb89bb10b2d9e 9559c2d72c0be89c 8a9ce58f959cd9c5 c4df2c9e1c2a102e e6e57e9ac01da102 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 518-byte msg +Key: 9115e3d695855e4a cd59a65d125b74b9 ec3cc1404c7c2108 7e8952a4592b15a6 +IV: b91f3c612f0305f4 f672a684296f29c8 34077acb8932bfed 94fbe72bf0e086a1 +Plaintext: db7ce04de763 4316f34e9b0d5a78 40f26a4712fa182f c8cff1d485d9546e acbcdf72f622276f c2baac35ac810c3d 60407645b155623b e5b77f5c5335ed9d 31fead4aa76656ed 27e709710166a687 32b840497d65cf1d beac25dd7ac72435 ba702d4c1aa3dba6 1da6f249c347921e 5e65b19ba1b1c89f fab6cb9d22175ffd f21848bf78602062 4afe4f041aa937ca 8b4caf8243c2b387 41dd59e571ae07be 7e00e4ede8268ce8 56f708eb2d16fd53 617723488c1ef99e 3d2ab8fd92138540 0930ea1c937c8702 ea99054625154c80 8aedf633a34f03ac 94a4ce2dabce3f4b 39ae4395a0ea7976 aeed2f5d292f8c1a abb60e8cb0dd3879 ee5484bde5689fa7 b684d5a038f8ca0d 49fa6c7762ea25e9 6fdb559add4effcc f440c3f467680c1b 29ba8a84832fe38f 64c8a5ddf8d180b5 7b63b2a7502cc26f 4d72711c5a56ee71 3a56498ba8162ac4 a660c3d812690346 7a560cf931fee828 a2f2777be5bbac6f 9062f9fbd0360874 b8c9acaed83c1764 12bc4dd9a94dd9c0 9bc6be59311db0de d4e5841d2215e666 410b4aa773d125d6 eb9e5c8fe0a0fcff dff82d0065076185 ade8d139c73d2a63 ea2f830d0bb09365 ae032163fd7fbbac 1790abb7aafe272e c472c897e6363e33 5b3c4126c762cad9 03f4849d28727d91 ea9422c5288c6a9f c08b517ea886889e 3b3a6b3cd06e33fa 91786d848b02ab74 010e7973063892a1 4b3b543835b7726c +Ciphertext: ec6e202969a6 d18e503c4e7a19ea 3c7695378e58127d b16eadb76c879278 17356da266ec8ed6 360e96546c546aa5 cd27420fee00a2c2 47da5de643e6e8da ab639f04707d1429 b5cb41e3d8e91a69 705aea70e8b8f084 d4a2856450b96ea0 9ad4d420edfdf2e3 b500898e4615589c 6ad6d73fc2366979 810b353dc03877dd b9498ff0bc814c85 1c971fcc64e05975 417ac4828399da9f fdf0be98e711b296 22ef469197e7169e 2db8baf4ed7cd6d4 96b2ee9eac52cf58 0cda3187d1600c04 e22fc23db067b57c a21a2aed3b354644 35f25d8e317a0d51 c4623cd65d141c96 a212fa65b0ef2099 f4db6fae51cb877f 8c58a35c54588d4d 4cde63cc004c26bb 6c523b577ff46c07 2405795e95b9d3ec 9ecfb5364b98fc45 3f94cee7b169090e 7f394914f281c4b3 bc6da3cc64337526 b93c1828097147dd 19bad22b2ff4121f 4454415f0b89be72 092ee944ec8290ec c15466c0e8d04fb5 4679c4cd6d341b45 884e29ecf068b4cf 8308ff82d9692972 0ecc1db04b8c9708 072e2ad11aabecec 793ce73aa69851de 62157856a4b5e773 286640c2403fe19c aa2f56e4fdb0a87e 69e93de29db6d3f6 43e097a983a7c17b 055ffa29e4ad5073 2fdc536157d9743b e5fedf3fbf99b987 34db1ba9fa7a7d16 e193bd3e23176f2f e72446e7344e01d2 c2de846ad792118a 69dd0d0c34cdfd9d 85570311ce442dd7 8859de43d11cbb7c e507f7cb93b25833 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 520-byte msg +Key: 32e9954e5c358f01 97c4614bb6ab1e03 0598096d8a07fc0a 8bb90bb4516264ea +IV: 2ba37968b53762fa 59717c9317e65799 8267cf840b3278a7 8268404ddac24f08 +Plaintext: 2d803246ffa33925 c75c1d89acc4e66b 8ccd0c744279ddca 294a1e2adcf9f537 406b0711c5e0dd2a e86e8c55fdae9520 2bb50a64b845f21a 8645ef70de6f1e1d 6d493ff18c5616b0 c58d1020920a2a61 67040f7df3ff8040 a442f94a698c9262 bb03230dde6dab5f 64a2f312f4416ed5 49a364e67d0d4fe3 882a86de04b818af 3381fb8e428d66e1 cf967b52aabc2925 d87a51c8ded927ac 3ce3dc54375b7aac dbab0f9b411e0ddb 0e4ff1093ce223f8 1d711d4b9cc9d043 c75743d58add7e00 bd69a65d628869f8 27b79d5e331a23f7 1e7112964147114f 316c058986a6ed53 e1a409fc2d3342dd 24b5c67a15cef3ca e56076d255bab479 820c6997b21e8e4f 4d42819f2a886035 0c30b5846d655918 7a2892265e8a7f68 c31eb62796ae2b9a 0b2d546ee2ed8aa6 e812b3a5c0471e89 e3afaebbe61e3bc4 fc8a3563bbbc8adc 234bca92dccb8ad8 bf42060598db0ac6 2adf12b974e0b037 33382e71a8b274be 9b862d33a08b2675 99a8f6cb7c8be477 579e05479137a567 7210e879e5f6b1e7 7dc5c378b7932722 7f2ccd20f5bf7644 70d6d08dc38be3fc c0f9ada4fbf20901 d1f0d68aa84d5489 77b6d12b8add86d3 7f6ebcb49545339f 26dec319710c44b1 9deeac91fb1f7752 8c2e4c15c34eddcf 8b4e0fe48ccb5bf8 aaa47301cfae29a1 eba98db439735625 c37c8405287a43de 9d5e1144328623ae 573405849e3f8279 c208c31be9b0bba8 +Ciphertext: 9c9268b60fb0a821 4765ad506917172e e9cca87da834b3cf 9d70d44e3107124f 51a5c93b5bfacef9 7702348875a5de71 7dc97c89c274314a 051a94a518c5ee37 a69118f3bca84201 faa121925a1f7dbf 9e88650488e31d5a 95b300c588a65cf0 632865998aa2bd34 abc197a7034d17b5 cc951f4a6fd97a89 c225daf698db5c37 f3de2c81bdbfd379 193dcbaf3709d26d 133a4671439001fe 9acbbfb429ca35a3 e9f0cbeb1bd743ec 796b9e4ea185413e 4547fc7822d47d2a 3618e0fe49612ee3 d380a36fc2f2018b 40bc2fac3f886bee 835365c6b2231161 3449f5c7b1475611 0b33cb059b4cd050 f223aa67980f8172 ad373781fdf70ab4 ed558a43beda75c3 20e5b59188c57669 9557d33234b31e3a 47a66ba48c6b849a bcfe1da1253051d8 697c081596b3dcdd 7dc5de78faf5fec7 2dfc449dff6cf8e0 0c4a485ee254b5f8 b1f3874d84c74da6 6b537500d7634cd2 d0efa19998930f59 b4f151257a37adda 68d369f2707a87a6 496fa04316f52179 ce7ddaecf902a5dd 4df851978912576b 2d2992747f83da52 435c780a857dde8b d1baa946a58759b6 b3e5d05f0227b315 11133453c5e5b229 42e6cdf2ef7536c3 d96a649aa0ad2807 a74627a729648efc 73decb475daf598c 6bd70beeb14b40c7 63ea07795108751c b7a52682067c4b22 ea2ceebeeb4898a7 305c895e96155f22 2df60ecb71fcdba3 158610a34103c8c5 40905085c7c3519a +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 526-byte msg +Key: 88c22442c97fa8bc 860cfd0ede556a32 76c1c9652715e02b f395ef933e6c86bc +IV: 3a4d9998a45bd6f0 ae4636a83cb7d345 52eff9accdab7f2c 524a58bf8531658d +Plaintext: 7b6f8db2719d 1041be0818890613 9297b1d63bfc9b0b fed00d2b7df6edd4 eea2316e2819990e fdb89e9acb38a62f 4e3079bfb8dbf8ff 041c0d8087bfde1b c802469391548576 465c3644763d82d3 b01994f298d44c4d 391a38919da3c0d0 9bb5a026f1eb9c9d 93366e4e422104c9 5f59e8b7026c00be 47d177a5e829fbb9 11c4296f6f67454a 8b4c2fff566b92d8 04f85f561e2d7a1a d349b30590d9f79f d036c7b5344fea47 d6a85fa1dba396c7 47ffe016159e2329 888bd2fabc3b1c49 80136442682bf25a 1d52e87af852775f cf7552410f4763b2 0b9ebeca94d8d381 ca64e75c3184c54c 0850b0d3d6ff9d68 45629f1d33b1a37f 078a5dbd4137820d 5630384cbae0cbe4 3eaca1f39c3270aa 50ceaef3aa634956 2258991debe093b6 cb7f3f5a29ca6cec 686ea224737358ec 99c2670a9ce5bf00 040f5830b95c6c44 d159e4cda7c7102a 2d9c9aac834bbdf8 c845b2ac30c06b45 56b78440d432777f 12c70fef5b611f68 364073d4f3410794 8460771f8e7bb7ec c059049364ea1a2f 33d0a8066e1f016c 2a6114e4ecde9e89 751a9eacdf9e0abf e9fbc071900dbf1b df7d975b07891efe b208652495a8ea9e 447b0f9b4bb2cb84 7aa8a0248022cd0c bcd5c4364f28dee8 763c4edb1729549d 998bb334f93e6404 1a658cf35db1acca 72e017de6e83aaf1 1d05b75399e9424c 1b5370bf12ca3c07 723c6c254f42c31d aaa6799d8b23e8e0 506b88d2446f1d75 +Ciphertext: 68c1a68a8dbc 17d6fe70cb8634d8 5e7f4bb3ecbe40f3 3aa67f17cddf153b 07fbca4638507484 de5b1f2cbe649d26 9b1e2ce50e13e0de 7c95f0f4068a4ba8 188967c8e4730a66 25f2e71707472d24 63487ea7bbe4affa eaca7720eeeef16d 2d854f7cbd5d6caa 2483f71c19e6fa67 47aae0d3099886d6 335222594124e114 5ac2dd5e0c7b109e 843844aa999a3b58 502b3bca4020bcb4 58d04d9563a63dc4 b4381267d64a431f 4797fb3b93a19731 97ae97c6ef4bb665 412f36e595ea0ad1 74f48fe1023e974a c186eda58aed3917 4370bb24c7731a73 fe13e2450456cf8b a55b43477c83f1ed 7369375649039668 68ed92fc95647990 bf59f33f8fd277f0 bd720b7774b3484a be793080b6f5d628 869e2fb5ae98c199 ca9c098ca59ff50b 1a97be8b10e8d34f ce17522bc8bdb129 1e614519f4cfd96e 2f70812f6a0ce40b 758a9cae839d64a2 a9c91e41e9924a20 fb09a66d782715e7 3329f2a0876227b2 de581da93ecb15b7 940150c0a5cea73c 889cefe96c6b285e 6088cf99ffef304f 7f96979ca4a4cf3b 830cb5682513ea06 be2f12022adf2ded 094434c183b7e828 4267f9a873c2eb21 cb68d8687bf36b36 786e62637ac9453c fcf3b7ff3e5e59c1 7401f1cf4204ffc7 95223ea870f7fa76 efd3702b7f357845 900c372dc16b3a20 5b3a458d9eff95f6 06f606abc9481dad 05104ea5d2041019 64a7983120f37305 2161d38fa1054e58 55bec30a50359a68 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 529-byte msg +Key: da2f83bddebb552a 3428037d5e7ccd0c 30d0b9ce8e027eb6 77a9a13f434ede49 +IV: 28d9c9230349b5e9 55a8d5108c3ea13f 85067b604e5e93f8 300208b3ed3b5044 +Plaintext: 46 54d96bc04ef057a8 d5e32f557262ecad 012b69eb66e7bd9f 7c4ec8f54e920c3b 8afbbe9e32ce1d34 957403407ed8bab1 ab1110eb8041aeca fdbda5e4ee6e4a0f 617744245d17e302 d1d1b4d5cbcb5298 ea757ed8166a72bb 6e9b734282aaa6cb c39424da38935018 7243699cc1035b6a a89edb398f2bb27a b8315995740fc776 979b8748290a0d80 5e104a1ec8477e2f ccd54e97534a160d c1c780672b655618 c5d494f79943c242 7f8080e2496163f0 3e62ff79ca8f457e 73a5103f0f74faba 3487746ef1071664 bbdd3370aa17b1b5 e68d17675cc4e8d5 b51230a688035c62 cefc4e35971eb1f0 fc6d8a5155321084 ac9ebee971afa618 6e580823fedc231b 7a7b4bd5f5503ced 297aae0cb07a2a67 78dc1b88711a2851 88bdc13ed9c5f8ea 204b93d571655f64 2a4ac72925b6a465 329057cbc4cb1687 ea8a837f818783d9 a9b54dbd7524c15c e725fc311bb02986 c202993bd28a17c3 7c06756f5fea6bef fb01a21668560bdd 475575abfa2e5fd3 107a0a5e0321d30c 267bc095d9b55934 ff77b966b2c3e4f0 35215b1f29f9ee53 0440d2bfc056f36a d02f8b7958b2f4b1 9d5ebb38bb33f59b 96d0d61512d97f0f 879b18e36ff31fe5 626bffa445a7e56d be00cf11ea6ee6e8 53ab0d161c95ba0d 7fd504547abefe86 c477449d065dd370 48a31e7ba93b5edf 54fa29a9aff74657 d634c09947803954 df9b81ec059c67c3 2590cffd60640587 8105515733c5ccf5 +Ciphertext: fa cf60e6d305443c62 b4a0d47b0ae574ab 6b61520fab168ad4 4798072d1496d2ba 17088dc85a7f1e48 38d7ea96560616e8 0d80cac133e88a2c 6d422e3f6f64f149 187c3538552aec0f 895271bb4c42321a 29421d47c00fae4a 31c07b9f21bd1fda 93edf5307f064116 ba8156c1639353ce ae9f9385f9371091 b7bb16e2b010a3e2 df195ded30d4ab88 b02df5e5f3840601 278e09f137875691 5a3dff763b8d788f 9118f355143c4758 493d58e686f1590c f8e31abe07f50528 7864f19a38aae673 8b52a767c17cc5ef f9d93eb2a004cc4a 3b049d8e32f55e51 e4233bcc3efbdc06 a2f0702634e8e43a cb191b1a8e624c78 851b2f55f6646e41 329b80c813e3bac5 a12b028ada28785c 453b21d07c68aaa9 c37b090a3b1c05c1 d92cdb16faeda50f 69edd7be38c346d4 f2af9eddab4220dc 4a1905c556c96c75 0f984b5f0e659fde 15225e701d3244c4 626eb061a5c28684 34980a1f46d6b0df 965f6aa481c50804 37172dc8d48b1f32 4169379d4556e6c6 c53f5c1fe0e21164 1f023c6913adc689 02f6d0389e9ff368 738ba59c5fd71415 03b5b37bf0b67254 f69eb841e6c05925 db8eef86907ac89c ea1332b6051c4759 6e5cf83bf24b6858 5a7ad7bd7f31f152 c5a1c98cf9d1cf6e 0e9c68ae9b88af98 1a2c6911f49b07b8 c356b25fb195b4e6 211bced885c54f5c 07d791dab78d0cfc 03b2228dd7d3293b 0ca4c477126c693a 3ed351daccce132f 8146e6fec04a4736 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 531-byte msg +Key: 01713a4000775799 1fdf1aa82b496d3b 0f0b2075af84e8c2 13aea710c8f3ed3d +IV: 8342bfcb086198db 4a85ae59d4207674 67fa6a51e5830a00 6d6821afc864491d +Plaintext: 0459b1 525e9f1e8e669b30 7f5d94e7b6e2c365 5ccea9f6215ca64d 768dc611fccade98 3ccbd8f298b94b29 818f4fc7ebc68f99 fe319fb30f2690b4 cedec24bc11efafa f117b41ae38cbb20 c932f61efa5c858d a0d70d49b0134fdd 208400015448d461 d90adda05526139d be0e34f5cbeccec9 a88999c1ee6d0b50 d248273a9d909654 5c6cf88bd8d17c28 c8eaae5346be91d5 800dee22b07aeb96 4ef0dfff833e655c e204b0e453d31e4a 4f900f405319f73a 8e2bb274dd841836 fa44d257f1996c00 d39baab2ad75208a bbc6fdc4da47287f 3cad8ebf5fd1bab8 400ea64accead0c8 97f991fdd0ffaa71 755520e8c38e4b2c f159290c1da9f8a5 871403e0fd79bc3c 96e60bcea3b9e686 e30522b3f63788c9 14f92c62ff56fa84 361f92226c8e56e5 382ac02c0eeafa51 6e9da82e5b8908df 0f533ecaed1fe9dd b7f7fa170171c64a e68c5a1ff9dc0e5a 7ee75d5fdbcef3f5 4930084bcf4bed39 7164e4c7a56935f3 06d67eaf4cd54b2a 7ca9e6505c4c7194 2a5731ed8d232d1e cc2ef83b3ec0cb69 02ced6e5ef1ed848 ceacee09c74da843 1a9262b810efd217 301cdd7ab5bcaf33 403d0ac8cbffde3c deb81b900517c38a 81a743b53ef703a9 05f83c8cf3a60ad9 2aeac260c6bf858f 139515effdf2e8f1 c75f7beb0082e95e b388bc7adfc603e4 269fa5b6c9a8f4c8 d40a852e96284001 5482b3633fd9abbd a295064b6063c3db 9e225bd1bd00546f 8be01353ba00f241 +Ciphertext: 11f126 a2cba1b870ce2b6d 9ded9dfe3ba46395 6ed98eea61647b55 474073c2dc0b277a 194a9464483321cf 2a916f13b1aeb6e0 0ce35e502decb6fd da43f4b2b1a646b3 666291d29591a59f 887f55424ac5e12a cdb71c344f71d449 c27f25018176fd4b e4845a777c767f6f c476606e8bb8cce9 f92ac94c758f0d06 3540a17d1c2f062d 73d83944dd644d5b 73faa9cd4dce4371 72b0943b99dbb4e7 92714840d0c1bcc0 eb1900aadb39c277 018fad5e988ee99d 64cce0ff2f6138b7 8b0fe5d918367b6a 7e0f4e777a3dd20a 874d158f7d8b965a 353486f663663fc0 5366d076940f3ec7 b03dbe43efbf9ebe 9b4f8deb5102e946 455f6161bdf3916b f0161b1c7a4f8218 d10fa0d8c60b13b3 5da4764c946cb31d 69024017e9e1013b 60975f2a9e2d75c0 e35e4dee5e1c8ee2 61995c4404b26138 e5d2a51977897c35 40c74a6ce488c153 7f57ce0c75963427 da1b0b34c059e1f5 a0d35433b5195bae b71bced39c0b8238 5fa485d96e5361e6 44e432c1bf254eea 3f97995813345ee7 ed40691dabdaee44 942d91f431396544 009891437abe732f 2750cd0a9d4631fc 5df0d35596d8d48d 685655816e92b7b6 2f79500834dc8c0a 9f0303a91e4540e9 77de9954418608db 53200dbbbbaea695 653415457e921553 7df3d5701404496f 90236f2eb9672d16 b796746ba8036ce8 6e2c3df330b6d129 76124f7cb0622ec8 4ac0cd0b64e90813 006b282cc1594d8f e0168982b5ce3fac +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 532-byte msg +Key: d89223e145734e3b e6c10760c67146f9 3c8dba8810cc0c9f df666850c1263ae4 +IV: 28c135cf0c669ae4 4596b7c63836ae9f b5e3771420852878 cf27743fb40672b6 +Plaintext: 3ce7a0f2 76ae2806782d627a ff3a99f855041247 78a74a7e78fd8071 21b77370daad6d31 cd73800a482d1063 63a4926ce499920b 5f59fb19a29193cd 5064c578cbbba373 57dc2b567d3fc96b ae9c1e6329490047 1fc3c2b1148bb53b 8833ee38d7b84aa2 5e12b054df0a9679 264cc745edbd63e3 fe0e27ae9792eea3 124c7816c54d6ba5 283d976b35377e76 15da147af89cc3c6 4562b278f34e47ed 36d8eb7c5f210d64 fd836902496d8a48 c16e8d6a128f29da 3be6ec77f068c702 3cffcdd16bdd38c7 270fad83e155c1d8 7331bb7d033e9b06 2ac35c13558877c8 6ce8a87db228f4b6 ed07eb55c6962b0e 724a251c92502432 58208bb5ec555d28 0ebc03e8fcab4a19 9694ace0c0d9d0d2 08e254ad896ec946 0e26ffc37b78830a 69a2677a110d41d8 6bdd768c97c6b90d 7b21ce9aae3f942b 94fd42a7cb98f157 c6c35b9bb8f7e2db b40bd4c11204eda5 142e1d49ca6c8cc7 32ccdcc7a45eaef5 6d4767b3bb11340a b9454be7fa3c7484 1b32c824a49cb903 30bb538dce72c2ce a655132ae0023f4e c1b4656617155790 d8545891067824c8 d5f43160107b35c9 b915e868f0730b8d 157fa9a631389db3 92bd54fab6a7d4fc 6b9cfda733220fcd edb06dd5b20ba1b1 fed09f10104c4ed4 939444c67dd2d188 38de40cc000e59c4 8c4e2bd9f07308a0 c2ccd00a7bfa73db 2102b15d23a12455 85e081363ce71b95 dc16a8dd70524844 a99dc3fd3cea12af 852f222770bbd44a +Ciphertext: 7ea2d4be c5e6b4762a7a0b76 5534ae929cef7ce5 ae1ec982a3aa1250 41174f866f3eddd6 c104b2008c771e6f e480b88b660225bf 2d55840b24cd2101 571c75fab85c98ea 9ecde0c5471ccb8f 79d0cb3f4e25c75d a7d4df7b05ba69d9 ff27e44849c9bac6 38c060eb62efde7a 97dbe8cff71dd576 4a2b7a5da49a77c5 9607b2781e662585 80dfe04a60896d3f 8ee08ce0405ea8b1 e5231ee8c743ccd1 3049dc2ac96987c4 b142284662ba6ddf 4e47bebbee515743 d86701221023fc10 070ec8762aed7844 00c6e4c83143792c 4116c925c952d3ed b08fecc7c7df6a21 c8e658447978a561 1186a368b035a760 e8f7c818ae5b42e0 d7aca170b4b34c21 2d10d773dec99427 c0d00c0970b5c0cc 1ec7275d685337b7 20f0bc5c8f1be5f2 05674fd0b1f684e9 a4fd6f9be3701394 3a1157b33c963711 03f5c7f5c0180f63 6b17a08d49a265da a6501ee6205ffc97 bd399e70702df3b7 d172738be76c88f6 b01ba4469fdd34e2 a70a91ff527f3a3c e93b521e9ad11ad4 6b8e2d60168aa548 5213e5a9effa05fd 12bea5217779e4f1 c61d14ff6f295e8f 089aaf7a94236df1 8210271ac140d0fe e5b4df98d1bdb45e 0d07d49758dfa85a 861711e69e334795 f367da36c7a10475 2b11ad7d92d6cfbe dc865b36ca4314ab f7336722c537b056 31905b888840a64d d0110612717a61e2 e5de208d9b4b354d 30132a26b65a3d4a f4147132b80c296c bca8969853db0ffb 1cca6919117c9876 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 533-byte msg +Key: ca484db2575b2826 316e47fb516a83fd 6b005219c3363a07 421f8c2cc9e94ebe +IV: c51e7929042365b1 c705815918744704 5d106fdb2ee463ee 6430f41e726c4b3a +Plaintext: f989226896 7a34c7fff3f1524e 7177089c7abe4ad2 261284bcdec70f5f 6428568d13b038b6 697dae01c201ae9b 66fb4f4fc6a52d58 032f0f73b06dc738 d9cd5aa9448b610c f628aff6f91834a9 5dbb219f7d8e4d67 84a3d8b02f4e0ea4 d4228e77a31bab3f 2c1d1206219dad1d 5d9ec8b426e073a8 af54279ce1d2ac4b 5b0e391cb8c9def8 10441f58c1fae2a2 6f8e8bb5490365c2 8e2b445f506268d6 797ca5c30bfbc1de ac851e15619698de 9a73b1cb6f5fec5e 2910762004640bed 33511892251a1d9a 07c956648ad99a79 e633831d1f5ccf24 86ec060784425d37 9376dbb18d8fbad3 29f6106ec22baf1c 5bb749d4e162d8bb afa53c3d5862265d a0d33649cbc16032 1bf6945a94f49e6f 02e74b173dd9cdcc ac2560ea082e2e06 625070826817d75e e4af2a51859c3019 e2abd00fbc2977fe 8352ba351c0c3ddb e2d6d383ebfbe600 8c0b1a7b1f8b2dc3 03ec22e3e5ba9efa 3e1692471d661a84 274ba575dcd457c0 1cf1abffe92a5d14 6e9087bc40f40a68 e5582f4893a38ea8 39992f7fc409f045 9b4826066bdf87b5 2a8148c2564082ee 7e00da5f042b61ef 21a6b9ca29047a38 11fad3b72e13754d 3fa5ac1cae04cf37 13f5dbb4fa665b03 e65c8b7e962cbc40 86eefa3bb92fed85 b6e6fdf3d1a9b9e9 ab217a70fcbc4389 90a1ecc290e98006 030ce3b99499b805 962b816e459808ad 4f6bffbb9395e32c 285f26bea1a38c32 8f3cd65a48bb9e74 e75b82b69438842a +Ciphertext: c828a31146 5a56df1ebf323b0c 06950e35322a1edf 1dd73c0af2f73c51 374a775bf15c2728 f898a6a826e85ddb 0d1e1cbe56235d33 7240d906083e99d7 cc77c88eba18ca25 fb617a17c954e791 3a92470cad250a46 a71a20f3252e3ee9 45fdaf003e9e89aa d5faed9432a32e40 68b468f9476d5034 dab6d0ae51523674 16e09eb9c86af371 eab3f836359c58c9 eb104521a961f1f0 dcdbe1c82666dc68 5250eea2f4cedbb7 caca4f4e2b17adac 5ca24d343fe32ce0 3f72e785f44e6290 966d2c3fb94fd85a e83cbb026b9e23d2 4ccc2e29b298c4d9 0ed6814e76d20540 a1c8b0d2eaa382a6 1e8cf77587cf373e 125e6c21ace969f7 b9d6bc0b20603ca6 62de549da815758e d7bbccda2c4ad8ec 1eac1f1c86b60e9f 3f64d90c523faeee 757ef56232c72c02 bca49de32e093974 40d068507fd999f5 b423121c07908ccf 71bdcd2a301a80d7 5b1d624ba614148c 82baa6f8b5a09529 ab400e6deaa91eea d7f8e44e178872e7 19396c95775f2116 675ef5646c49a350 0e7f47ec2a8db009 c0edb65375571d20 36f9196d0811a097 676e752604bad941 208eee426239a15d 8b9885a44b279c28 f8ddf1237bef7305 b368741a54bf108f 0b10382da7241d21 dd579d168ab2f311 fe8c425bfde0616c a1199bef8a1d1790 4e24556ed441ae42 99deda1276d47e7e 786bf1c6c1a8b147 e476000a27457e14 760f2eae3a6b29da f3b4cea6a218d78a 3999e8beb3cf6155 a5b1f9a151071634 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 539-byte msg +Key: bbb1bc45590192b5 7d7f9b50c2a96b33 661a465cfc667ab2 6046f245f0f509d8 +IV: f9d99c9d7066633f e3408125ae9f59f6 72f8a458c3dac0fe 21164be12a22f1cd +Plaintext: 0dbf82 2042da48cf79b097 a9d036a5e048b89c c57ac0eed38639e9 ef4dd48beee0ab97 583725e86b271906 638e36f7f9d1a258 2a88e1ac3977f9f3 f7c1d37f4258e503 ccb80eed1ed5c1f5 dc5166f64af3fdfd 0f5505a039dc9c92 82ede774d15eb4ed 042b5efced6bf18d 9a828f4bda9713b6 fc49f375da9d6bed 173bd812a4db627d 89faddc0e2d1f1f6 2787799eb1a62aa9 7acc75d125a3ae2d 3e126d02c2b535dd e28b53de04ef0957 0bcaec96d8068bfe 1046515d20d4ad79 7fda6fec33d67632 974888015bad81d8 ccb1b0db56a17ede 471f50c0d519affa 63fca77700246ca7 319844cff0f4a0a3 f4a68c16335d4a71 a6bf3aa24c5bfed7 71deda4c30896161 37e24ef0caaab0dd 0b104aef782439de b58ed7ad8c80e039 32e9d313cbec9b8b 31906f0df1b9f7b1 9757b00d2cdd914e fcf5ef879d719e48 2c855973da34634b a7096fce6e07be45 22e2871957709be8 045a49d887177f2b e91b3314644b01c9 22b516da487e4cc1 331b96ba01c49fd5 5426ae495259cd0b f1112a9f7118bd2f 2afc2bda8705eb4e 5369a79933c3e53c 74c2e681071ece0f cad106bc0a83dfa2 454678753483e114 0834805df554b446 ed94b929ae50cc60 fec18f123574ae4c fdfbc35456e2773a dde5eaaf4d5f561a 4606efe94dd60d25 154b8c4afcd37355 d983d51ef509f5e8 57e2ad3745cd11e2 077f4f68ee98da87 95d6c70b678877e5 6146767c19e0a348 0094919ce4842ec3 b967a24f987e7aae +Ciphertext: 3473cd c4f1956797ec0220 68fc5a32bfa9b005 375503020db478b2 49eff8a731813c99 d14a16dbec6b7415 923440b05317a44e 56da1a7422ed8621 8318afde080555d0 e59522dff9d05f74 a46d94e303e770e8 301543e017da3ef6 864a2bb1121f55d5 1781999001900811 8e84a8b0c16a13f9 f80bdac61209ef8a ddbc52d8d7e78b6d b51533eeb8b4d2ca effe7b3bf02d988c 2af780f687eeef60 c026bbe3b9d63a5d 0ecc4762631678d0 7ec78335da2aa938 058e1aca6a9a352b 4099ab7928737723 594bdd2555b78508 2eaa8a7f9e5f13c5 b534af72675b9d70 f40130939650d9e9 f671e318c64b2829 f1c073b742f8af1e 21c8993a54adbfb3 1c6855a651419cea b58d0755f98a4e2f 0288c4d578649e61 a282758e6573215b 4405ca976a499a90 39a042d22902e5c8 52489fd9dc7b5349 6c5789138396f93d c85b6c83e778b3d3 81de38eec9ce114a b0df157260fa97c9 d68e5ca5b3af0080 623172aac5242ce2 b7e8020b5b72964a d55c2bdf7fe6526d 6a5c7dd48f907b4c 11b3e4b0db83037e 87521531ec3c0081 2125ef7b0c18eeeb 05c659bab0159bf8 e6dc64c110832b8e bd17255eab023166 59957e1aa10bda2c 491320cc0d9bae18 911a6a461a54f161 19bc80031dfaaf27 3d91f3cb5e150249 8810a256d049cc8e 345def18eafd8553 7c744e8bc9ead676 23f19b559dcfd8ad 84f6253a7089227f c82cc369544b389a 960a976ce4394dee ad916b00ea01cf81 8368d079e4e7dfbc +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 540-byte msg +Key: 06fe7d7cff221ead 6d16cb4fc87f5f63 5e87326df4e7e325 b045547037c1f58e +IV: 12cb46955637971e 8493123eaeb8fcb8 db9f3870ad760d23 41f3295657e9e58c +Plaintext: b319cabc c34a5402819cf795 9b1960f9d18dfd76 9f97bfc81d011f18 234d5f2bb09012da 8d84dec22dd8813c d8ca129009f88965 1473827c0b163e9e e316ebd3d3d925d5 fd0cbcc450f0b81b adf49ae34889e527 5232dda7d5da8fd0 df6b11ece29c0b97 5b0b7672b28ba41b 61bf815c59e818a2 a1fb59b141f71997 5e755adea680cd06 efa895331a524e22 3e524e6103bc2ac0 4bf67c031812e4d9 aa5b4d12e72e720c 000ca06e52ecbd19 8ad6895c0dad2467 974dd10321d6f980 094673ee6d4e0290 d75e1f8d2003f9e9 8e72bbb440650d81 cc25dd1a26e85f72 c45e52dbff878679 bdc79bf74d3c0b78 924f6bd16489edf5 33a92ab0edf31e99 22ca7442678104b1 f86f9b14a141fab0 de94211b41c4cdab 14fe3f2e409d3fdb 6db361896be5871f d07da74ce3bace78 b96a65fa9ebbb48b b74fa4fae58ec922 eb409f1ad45b14ab 8f194707dd4e90b7 6df9c0d64419aa7d 63c2e27ea46fc455 e69ab85b698ab53d 7b6d04ad55a64757 4068b917fc84b769 617f802147e8395c a4e834b6f41b71bd de9e65a6146afb3f 7be0d9258ca4e437 faaf064a94a02f1f 6e5399923bb55113 fed7f35ae241b457 6588a668bc2338cf 737afc635540ae85 8b03715608015b28 243e343286d37b87 4889aa4956a6bc19 1707ebd3506fbe78 451f436c21a799e2 97fbb294cac957b7 6a0a6d2e20d876fe 2d7f5b024ed668e0 e2d0983b4e4e132a a137f5e974cb51cf 15347680e45e7064 fc09d258161db3a3 +Ciphertext: 72dca0e6 8a046f3144750b67 ce996004474d98db 2b6a5105ad27b998 024d1dfa0e9bafae ca23458ccd9b501a 595efe9331a7b814 f6b57ec2c1e976a9 956feec415c6d1e9 f8c73ae9c400b2f0 8c5d934208afe53e c972df704f24f91c 120fb48b4cf6c82b 6863598cdbf272b4 453a0b7433f292ea 41e9b26954b44293 3208ab0bb4189641 1eecdca06e2dc545 c8078b64902cc474 99c89e5100949f46 efb686a1ba090263 af63f1bebc6f2f69 88d7cf7f0bf2d4c1 27487d32d9cf7a01 c2456efa27b5902b b09991b9204fe6fb 66580f19d8cae747 b1b71ece73ff1d16 cb65996e28ddc046 5c6bb5dbf5157590 2caf168886300042 3cee2aa74fc5e212 cd69f5e869ca1931 ebacec8be2c5f955 1b33d78549518955 59b7f79dac431343 ca44f7fa1ab65f35 bbf028ea7bc53ea1 ab669f694697c886 2d0eedf5300c458f 88a6afc4c8f95788 6d4b7c9c3cd6cf26 dc5b86346975bcee 226efc48b1d9ad73 43e5c13bdfe83c5e 0343ba7be07d8e2c 76a803c7e2a7b380 76ceb234c1570e4e 633f19726d91234a ba6266ca76caaf81 0feb3f7c901497cc 5feb7ce89781a708 ef457de212fbd780 0fb0e409202b754a 7a4d6627c38f4ba9 4a0ed92da16f11ae bfbdc290752d0abc 53dd6ea3ab15d877 5fb0ad5167d5df21 e0756a5a100f2045 07c64e00f8f15ac1 96ccfa2f35f006b7 66487e6a296ea850 f8213eb99e0a9a88 dc00fc24c8fb271e eba8698050a9e81f 217d12f51145efd2 dd70282cf185ba31 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 543-byte msg +Key: 3df72b599ed0e988 1a839a4d8070b78f 2f4da868e3b235cd ceda3d72eba8aae8 +IV: 8fe8a40841d80595 cbe60d1d91bc5820 227a0c750d4257e8 f6fa1928e84ddde1 +Plaintext: edf30e25dc3368 1073a6acaca53d98 12358516d2842ab4 95a8bb5401bdac24 dd80a1d1761aeaf8 413949dec165fc60 ab92f72d49f17232 1c0ca356c512cd68 266f7955c4a0039f 6f46590a26790099 355e58b8a0fc20bb c44b3c873c8eb68f 02e30403d6198943 e4c15e9aa1885129 f6c42e21a04c3e36 d78d0e502dda7183 ba04c841762b81ce e6d3def5fb3af8fa 37ea03cf118ad38a 9bf99f17629e062a 95f94f786a7ef527 bea46383fc39fcf2 3ff85e2abb5de8a1 59b87a45a1817b6e ddeb21117bbbec36 b45b74ac6b2a65fb 5817c89a656e8462 58f12443b32bda36 d801c472718a6fe3 0f219ad811b83cfc c86fc887d965afb5 e2cd267860452b69 d064c20514928516 191d5b6fb78988dc d827e659dde97182 3d74094b6f7774f1 0b3ba3312c7c36b7 187842d923455185 d067aa783aa2d3b1 b20d5526aa68bfb5 d2afed5d80ef8aae 5559d47e1e959fde f8599d4db839dc2b 89c19070d7c1139d 6ce82af3d9948ae3 18e99bc76f217bcf 9722463e1e5695d6 0ab74490bf297991 230de15aff133d3f a94f1e1ae090ec40 f7ed2db436a0049b 7d18f8f02a49f779 3d479bfaba13aca8 4fb4e5e0378afb19 5ee0db18c6c03363 290b35f7e0c9983d 03bddf3bd23cdd07 534079823db9af42 1523d7d0975d2a14 57b9820da85061c6 bd9835850e38da45 fd1a6166bac210a4 64dfa9467120f097 4f49679a4b865cfa b3ff254037acab48 956b25f676502625 923cdae01bb18cd5 59e46c06921490c2 +Ciphertext: 4b72104c0d6f75 cd169ccba81a771b 3cd4b0e151167969 d48614485ee519d7 9c9f3542770207f9 1f3d53e96eff4888 0c5003f3f6f5d4e7 59ef2f5991669d33 dcd41b2647a6f254 304b431f237a9f49 1ad285c9bde2c323 f02388a0dc472c46 4a33778b08ade87c fe369a11a6c63a8c 467cb168568fcdad 787a9af45910de54 a015c5a1113fda34 ffcf62511936059a a3c15e048c674be9 6e255f087fa36511 bdfb5a76f6fc3951 b2ee0a3afbe35ac0 8cd5c737345a17fd 53d7f051484bcee8 c9d43429ec0cf5ce ce15994eb2283af3 7d7886dba3d4f608 12889d035504b66a b2de9a36d872c764 7139dd83779ead45 13e46085785df4e8 9a1029db303169e4 189c9787f3f50448 1c4126db97f0b1cb 517e0c27a1b3e6e0 b5e038ff7a2bc1f0 585093c19450cc49 d73c795587c28e23 5b351275d15c50ce d6a3b32f2b6c447e 8aa5cf1487b9abf3 39183e596d05cc21 f80b659f49ff19a0 c9070d7fa21b4337 0c32858d16499a68 a663ab9e3a8b6eaa 5e08e8564bbea563 201dae9d1f7005ec c5e9f78296ea3a0f 474a4c66f4b0105f d044acfa0a49876b 4d2b11074240f405 c40da84a34647442 1fd219f37f2438f3 3a4ff4f0405cd2f8 86115a5528fc2804 6c1b796856b9a03f e88e395e9e3145c6 ea840dacfeac7a43 43d518c30e18656c 2ddd2ae97c140b34 3934d4ec3662f41a 8b8c53711a6ea187 47488099ddeb7400 959f387bcaacf1aa d9e321fe8b4f7826 373f1486fc8879e5 dc6f50f5d2f945bc +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 547-byte msg +Key: 1b38d4154356fa63 5a4e993809faaee9 61f1085fb709b5bd b21aba42a2050772 +IV: 13f5a970a3e542af 1063b6c9959328af 77762503db6c1ec2 daf81c26d7c4afcb +Plaintext: 10e527 10745f07c0b5ecb7 f29df9792da5f29e d0c4bffab1858f95 055cd4a3803a8eb7 bd5fcd33df707103 79c9358bab14ecdd 8e1a0a30d2da658e a6d83dccd8b87abf 3e0b36ad54697b02 26c04e4471ebec49 058753a86d02046d d2f408111db331a9 5c22a25d67c9911c c32b4c8ec6537a4a fcb1a44aca24f49b 51583c59955239db df491a2b60b83cb9 16b13850f4741f48 3d4004fe3169bb81 ebabe18e8abe1cbf 8f2aa4ff865d0341 e9fb1972417562ab 8edd7cace9f9e386 68960097421e62bb 336d4bc122e16e1c 02b0f7dbf67fccdc b830123c3bfbf411 8fc09f5c069b9139 95ba14597c6b05b2 2979da755ab9e441 83e0d0966f97748c 29d2c9c51d5d33a0 7bb709afdc24516c 28fecb27b74c3243 b696bea2cdf7ed5e fe7383bad18bcf58 ae0f31ac8a34d9b0 c6e6d1d9535f3e4a 1bf9e3499c40e6ef d64cd723684eeec9 f6689436cdc225e7 cadaf573781b91bf 78b24771269de8a7 7904cce82bcd175b 1a6b3b36eff6be7a fd813ede6ca8b208 9668f203b1347aee af446af16231d276 e4bf2d9536f92bcf 2784b400772d298f 3dc4ede8862d242c 3fb4ba2655a1a782 1a0c7239ebf3f450 108a5fc2e3d27fbb 346d3f06edb16ec9 f2fbc3704b461fe7 85fc130c550ba264 7f3c480cf6c13bf3 450cf0472de8e12d 90c28eb58e47c10d ed3517f5be6abc72 3d4276c7fa1fe5a1 3649099290f904c0 e1b021df64cd165c 1a5f86db6c38cae4 1343f1d93517052c d0cb90ce5c0c5feb ac6e86d41600a53d +Ciphertext: 8357d6 f5fdcd38fdbdd2e0 fb73d69bd5eaabf7 cef5ed56ad4a996f e4e776562424958f a4f3cd70fd3a8dab 1639606a642ca2e0 33313bd95768c4b8 77a887610b54d211 cd4e723a2ca21d94 8611ba12810c8e7c 11da1319dc7e9fef 889e253665d395f9 237011d687f7116f f0131189c40c5cbb 0616733e628a6f40 a2be67e5bad464f5 8835b515a2a12172 9684f8aed6b34b89 41e4b7991b1a5bb7 a81cebcfcbb49f44 fa6233c99768623e 627291b2b3bf95c6 01fc20dd906cbf88 f4f96881eb3c32c2 6bb61b6cdeb5e238 9bdcd00310e1143f 75c50ea84346eace 8b79d8c84bc84f34 f35e659451d80ecb 6744101e8020599b c83c28e092b01bdf efcf92f2cfb73f06 7b4bf687c7991193 3f36b6a1162ceb34 0be51be449927723 723159e72a639093 fb0691500b1430e9 fc871e3c1dc2691c d062a7bc21be831a 74c9ed09a58b0386 210664e106c2d4cc ca0453812ed2b50d 87912ef83dd90811 0b36b294e23d7e81 48eb82ca282199ff 933d33616d091ecb cf78252787969753 2f62be55ebeb38f3 54eef085897353e3 2fca186d37683712 17eed205eeeed709 da59044f2aac6187 a0a1baa8d7322c41 b0b4bf3cc56dffb5 145f4a581a6cc882 61816a7ca05c3417 0bb7db94df7d5216 e4a8de735888a726 06988a2433b390c3 7e69a696ef906548 f850afd8dfe9e787 8bdbb74ed9ed2c16 272671fd2a9bdbb5 b90eb85a2e1a7213 1ea09fe54fa6c48f c218076bb61607e2 5227fdbe3185e84d f5b154eaa999e8b4 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 550-byte msg +Key: 2369a8a89c5521c6 e7c22cf0ce24fcdb 3b90e5da4b7b14bb a3c57eeb07f616e1 +IV: 29c743babee49121 d7f0a7726fc9791f 400ebe52dcdfa5d4 f8e4c32d0b91500d +Plaintext: 18a894eac7ff 9cebbb833105207d 0b648314410ce713 04c015ed8d2233ff 541d98148380df2e aaeb3a84b4ef09c7 1a71aca9564f95a0 9b47a1e7c314a8c7 89d95314f8c32dfa 23eafdfa1779542f 0e0f62d6e5650d0d d03045db4d499171 560beeafdbfcdaea 6fb0aced42eb263d 4f064da2d69478e2 0d45a8d0130a1785 257914ee14740d87 f605ee651c8daa7a 451e16151125fea8 b94c73cefc9e628c 5dec6bd78b70ef57 21b16b6b8fa6056d 581e65377f60c6e6 3b0e4ddef24f990e 652c9b75293ba8e4 567bcc068380629f f1d0e111068cf924 fd53df06dd63e591 a7014dcdd41c5fb6 fe2db93fde61e796 76fa33aa8ff2beeb 66e2d050a3236d9f 8a3329e9755a3d53 828dd91d8992bcdc 5165030a03db3ec1 de85c9c42dd75abf 7689d6d0f53e6945 4864d5a86c5b0af9 e8d9f83a488da131 cd02726963c7d37a d3cdfd8a3a100b14 ba7954e86f03f973 a51eba4148510ec0 9b2272472d3a0156 0ac545202e184d46 3f96ffe67bd4b0d4 effbf227e96eadf8 b1ad7266747a0bdd 813a5799b89d5565 3e817ea9761458a3 2d3948f5152ea760 756b19cf1ecd1a97 a1f3dafdbfe94bf9 210378394a0c1869 c9a063b2b3d72480 50241089157c560b d2ba77542d425888 4fe4969fdd0419ad 2af8ec66abb24be1 ab9ffe9c3fcee6c1 7d55d6a7e9f1a49c 30ec7fe2194482f7 b8098a19e507450a eca58c11860df341 088d9efddb3d56bc 2ce3db0ae4137cd0 db9be6d4481e3a83 7dfe62efd17fa414 dd2a775feb709671 +Ciphertext: fff6adfa1456 4b27924e45142d72 fce2419cb181ff82 e9c676d3b36cb0a5 b9087276be9591bb 5621de1f4e72ae0e 15794b0ea40e4950 699a8f0a78e02681 0f39b385ea10475a fa861de7b1922575 48bfd178782fc1f6 a10cfd9b1e7a784f 0a72f22418487c6d 3d107488ae2a3d1d 67b2ca119a9f40b5 5e98acc1e3b42674 a69e8a0928aa76d1 feee28d4e9c85e4a 7d2bf7e35515ce6a dc9c19dff050bca4 b61ddfdf8f21bad6 0d96baf60433d683 f93da9eb243be2f6 5b812a9ae9ad6a1e 07ea800abf85a4dc e27df672aba14559 1a1010fb5b63a27b 6f4deb779c611a17 e0f393d60a927b02 a6f0e24bcfa5de43 79cf0205437593b7 eee25a885532e6e2 03b16616b19bbb7a ae0bd4badb3a9736 3b15f510604affc5 b07ed323e82982b7 0d0b463cd76c5d96 ddbf83d96259fc82 844b0c5f96c0831e a8b6037c852e9547 69ac68aaf290f26d 77d9974a4625cf90 e5047d79b0d644a4 c5d1371ed6af9905 ce2500ddb202de79 83d9503f255ae580 f764e4e2dec73a0d 13d7a298bb0aa6b1 8e2b0384dc62c20a 7c3592ace43efadb 6929fdfc876d9b8b 4decbac3a43f8ee5 8b6f010ba599e772 1f859157c8171d0f 046f64784b5d074d b9b10d9d44f2c479 223d4763cabb10c1 0a4cd53be3736285 0fdfe67757c83544 a435f3362c1123e1 6cec795e56ca66cc bc7caccc3afdc7ca 1317b0fb09f4a571 f45d833d4b949614 14d73f3c2da82389 1a1c040e2c134916 00d0628b713bfeff 2d16d569337c94f3 ce18b917d87d29f1 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 553-byte msg +Key: 90542028bb2fbefb 75a79ebe3e51d5c4 72273e076e22c162 f40bd401d18e4115 +IV: bc902acc82c24b80 6076802fb0b2872b c98306122094d001 b3ff6405a763b7d2 +Plaintext: 2f 3733b8b15effd224 fb8181bd862118ca 2050d9de23c9212e fe17df3b40584ab1 f240d48f2a615989 dda99dabf52cf53e a32344eff735292e aef677d54baee60a 695b08664ff97e57 c5006bc2262f29ed b7883b9d379c837b b708b5bcac400c01 438b3c7cf44fa755 5a8fd34c42b21c9f 0286a62e0c8496dd c256823a8c962560 28d9581b42ec3e4c 455dbe8f703d361c 2c256deb9d77ca1c 77e6c49513399aed c24b44896157a904 2d7212d4d959df2b de6d791c13fc87ff 7dc2651668b0d171 b6ece80e78185245 bbd7b963a48d7f96 c067b009959c354f 7df24b05b48334b3 afc12cf4afb89fd7 97939984fa627e23 791afbf94cdd3cd4 1e7c60aa1e3b2a7d 53d4f9812fbefa81 68ae9c7f035f449b b28f43365f4a0556 096a8a4ccf5f1a95 4a2c35ff20b2ca0c d631a99be60c39c5 12cc6e06f768f69d e5c4b335ee776ec4 3dd1cab4aa1d7641 8b23a722ccf1c66b 42db65b23cc17870 5b90c2aba40b8dd2 d4cc9ee9f38568e5 2c8c805adc975153 e9c4118155dcf499 13d89ff719a4df87 b6249be5267507c3 64751b8c3f854446 b08d59bd6b41d0de b4a3326174c9ccab 8ce1a8f26972bba2 d8e560ff1c43050c 3f4024aca5797608 e7fa6330de03bc05 fd0cac56e406ec49 33e437fd9c5afe6d 3de45c982c0b4cdf 53e41aae7ed9175e b2ab915ac1b80281 1b7a88cce7519531 5282e8c7277fbc2a a1693f217dd3457e 52c93e4625106512 38b03bb524b0341f 2721b082bf5e2cb3 7891bad20279ae2d 866b9b623a977ec4 +Ciphertext: 79 b00126068e9b4125 e2572d959e182d61 303f20b34db2aa42 fc2e3d586664017c c434d8da9f05e88e afa407a609623f5e f7db9505a7f5cc44 c0b39ca381b154a0 caf684c264560129 898146324777395a e9be976a425136fe d752a62e7f7a49c6 0b4547a9f8191869 30b1b494073c3bf9 01a5def4931a6dde 0b236f561e4680e4 543d55a69a1c95e6 5b9b44bf0369fb5c 95462300cb9d6957 4c86afa8baa54b0a 348ff1592fc90195 c89528507d51b02f 7a40d15d4460988b 02fcb8ba3c770eb7 ddfc2750e85dd45e 4a2217b9cdef1250 a071dff1a17d46d8 5d75acab36af8660 43a85f3b4f2bf68c 8c8bddba0bdbed68 ded449f8295b58c6 a34fd0b576acd00d 4b13ddd3c84269a8 49bf6cff07018c84 71a87e61b689a2e8 3ebf86be147bb2ac 3a500894a8da65fc 25c22b3a5b203aea 0cbc38d412bd951e 9ef11d6ddfb1d2f0 b281cdf5b468ca4c 6f4479de8e8a28fb 47aa9fb22ac9db47 0265437c2628f694 01de8960f08b846f 18d5e16565e734a3 66d1aa0a5759d1cc 4c5c0605056b503d b793bc28b07526da f182112b433173e6 7c9a7480846a0b8c 17d355398899ffc4 5d882be52da182aa 922e0cf296032820 bfb30c7cabb7e54a a5a8fb39e12b0ab8 17535949b196053d b6d1d389153b3168 cdb98b7617920d98 f2ab6534990a0519 3ac38f3bb70f6321 3a32732b20bcecd8 7cfe20fc6fb1c74c dcd8b9c1117c144e 4383ed8107076ae0 e56771988750bdeb df7d23a1c66efaad 4f5af6e7239c9ce4 d02aa36c3d81bc46 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 557-byte msg +Key: 8d38007c00420164 c99c101c2e064081 6573093654bb33f6 9b90f528d4b35fb4 +IV: 1967f516c7279db1 8294bb657ab19a63 ec520e40ebd25749 60054917506daa63 +Plaintext: 5db1dc1b90 4abbb45580c9c3c7 9589c72e402849c6 5d6228c3e2a42e91 156ee660fcfcb2e0 1525184948835d9f 1ad4553423a0796e c21d3aca0f4f9521 1173e82b329e0441 efa28367d4315c89 a845b405e5bef76a 6b4d287f74927588 cb810fc4390a383a 40f99eb60c1be70e a7a28da96ccaec42 bebd99eafab4f64c a9600335fb887754 71f3103ed98827b4 7fb48729a20c7f7f 2534361287ff3ff7 15d76d865e60e915 e858810721c24306 98434b8c6dccd9a8 0779a7ff04b97911 76b0f5bd4cd9b507 0ef09b1ace0f6489 5b1780dab7512145 cb5593b95a2bcb20 34b142e4ac3c04b2 4b82037ec6b8b2c7 2ef7cf1c67e480df db90a2496f9d5eae b7a3fd0265d1fd9d 08d8643bf3045447 7aace05965cd1efd 9ef27db62d575942 664dcd2061e0c950 abb8645a3b3d7391 a8ff5a9999542227 7c43cc087ba0e565 ab795b4587b18f53 9eebabe288a9362e 1eb5e6e4ebc1b5e5 dd4a364740c22a9d eded4f79bf8c782f 4739e2dbc192c6a5 46992b43435bfec0 29d0647c66034f75 957250c4f1b8ac6b 1069b14dce3e4a7e 8772d2bd896b263f c89dfeafd4ac7d72 09d0062f057e528f 6045bf4197f6eb42 4807825ba53954eb 2379abe67204db1e b2cf1ac1e4269223 9e93b5be0301d178 f321e4247f0db14a a02c132b28559200 f837348374f895b0 341c3acdfca923a8 ef889f20ff2f65e6 a87ddf85dee5c9a0 44cffb7b9e3b83be 89a8f7756a340a5a a4045c570ee69747 a435b7fd7cfea987 fc6018b34b3984d3 05ff94be33ebad17 +Ciphertext: cfacd2e95b 15634894153c3427 ea9ce05c1b7257db 5f529e964b9a93bd 0ecbc373eb3da311 11820a30f3ed79d4 b979e6f213ce1c79 470b4efe7be2be7f 85ac1e18a5e6dfc4 28a620ed94d66b16 6467695bc415fcec ec1986249d5bddb3 9534659bf5dc4df6 d3bd2fb24301b0e7 b688373b342f43c8 59f4a96ffece9589 16b100f9a0f27dfb 077ecf6dece239bb 50222cc183e5b549 a8bf2b55294f0946 321a44c3c01d1603 8f9c8b12a71b53bf 759492c66c1658cd b9a8086f9e7de00c ab0d872268f81a8b faa843cc416fed41 df17aa8165827830 a2894d377d737797 4300fe86e950d15d c8325b31f37383bb b47084eecb02db20 c3ccf0bfe37b7b8f b5579ee0f8ff3a26 5dc2301d7d04839a d976276496f6f9a3 9552e45bdb932af1 fe458936cf81de6e 9e34b8753c4156c0 767ca91810445320 dfe9d410ac0a4575 ba8a5a6ae60c0979 7dd3d78feb08d215 62265685cdc2df52 37377e412fdd85de ae926e934ada1b3e 8f9dde19571b750b e0241c8a6486f2cc ecf02aafd087566f f07cdc52843b9ae2 428f9ffe79b7d326 985606cce7c63a27 abca68174a6d2d32 4a3d9260f8152007 8983cd896310a58e c1c70aa296cb3584 e1fe9abcda0d5e64 af84ab5068efeb2a a8fc9200effa0505 e3de64103fa2280f 44ec0f16266625dd da3377a6ba64a4b2 e5af643e8877b73b 3696ac6156e14f0f fe4c3bf9a72c4483 842048c605538884 6a078da6dea4f241 ea7b9171f72371c1 1f48e114fa2c3040 1cb78db09d9ea6ff 72f67cad01b41f30 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 559-byte msg +Key: 5dc3d2927c6ff3fa 1c4299eae65a3c8a b232336138be7910 e8b8b040163566d9 +IV: 5a7b987437167414 fa296310e5034754 8df201ca815c3712 2c0b5479fdc9d029 +Plaintext: c52db19d60b452 58971363d745cc31 c4b900276c5c8495 739337b1c6e792dc d2648026f43e7013 30bba9a0254cde81 40fd03ad31105f1c 9be5e1cf101eb712 3c001dfe601b7341 032d9322e44461bf 3223a499ffe71453 f3eab3b73de861fa cf60ab41cb3de563 38b678f1fa737c74 01f18af5c027cbc3 e16a5570378eb81d f44ed3f71ceded02 391e011651225827 15305dc95b19aef2 ce2c6f02e457e302 11903d293b73b3a5 6d2dd598cf981d60 d6a7c71bb805e26a 23f9a8762e8d0b31 90ef90df0f1760d4 3caa9d7f5e1ff2a7 ac206ef5bf3392b3 4699a8d3fc765733 d733751f82211c18 0e5f00d3e5fdff85 ff61fa5e58eae453 a1d41821355cf08f 502493f37bd80ef7 4b12a79d4b7b6d81 3734145f6b7400d4 9a72a069c385fdcd 61899362e3865ffb 5b8c39e57ae16424 bc5f64fee0170fbe 9b3ae7b28d3aa776 742c1c74a07136ac a7955fb159770bf4 f6aa91459f1c3997 0bf596047bc21611 f0d3d7329be1bc91 95f5c10bd0848b7b 4edf443c90cba5e9 526b546775677126 3d476ba3bc201932 8e7306fac7520c41 2ac424ea9c6b7c3b d864cae4636fe13d c35081d0ec757417 fbd8d6872627b5cd f323da57a946e516 04a8a0822d238ddf e9b5c1bf1127f5c9 42ecdbb8d54caea7 12c20d8ba0a20901 40fe7d4abccb9e93 1940d27a147fc6cf cd77ba97bd092057 ed69668f6ac81084 f4300942f6af3be2 bbb75d09dec50cb1 02411e2cc4a53365 eee28c6aed002127 8604ed74c4168d53 35e309725641f2f8 4b11ad7ed36a0e5a +Ciphertext: f2d81790601d73 dacf88a667162ab0 0ff49b0b7ae59f96 70c1e09b8fe459b3 357ccac5f61cdf76 a5db8f1bdf4a3eae 2b25cf8795e8a23d f7af15af5964f854 175f483783fdccf2 56fe64367ad89dfd 6d625b7baba30ae0 cc11d03aa5a0763f 539d3a737397dd2f 433d19d395423c5d 2d652aff9d23d66a b94017b82df73a23 53e1d657e7e58d95 6b58e5d5c871ded5 ad7a820515b5d5e5 403cfd85449f249a 6c854e1063db0ea2 5e8cdc0ad1545332 e8af9b71d71a22ab 36e492c1a56b038c a81ea2c7ab6c2e25 5cf669c59e51f01f 563f799e9d7f7981 495f37541d5a15fc be41e0838f80d764 6e59ab1f5607d488 3289092719cf5c01 dbc37e64f5a30dd8 348ccf2609ceb20a 49d93ce5e4a3342e 6e7b77503f7ba1fc 773e44eecb823f39 937ab439b64884bd e61304bb8ab0dda4 454025c79610462a 07e7c8876593cc09 a00456742ae1df61 3b325b30b25fc242 490357311bd3e927 90aa3598cda13731 db4442aee87b90c8 67683bee2d7ed706 145fb95c9676cd32 7d89191ab2340db2 7de179d0508c541f 830b46c6198668a6 ccbe0cde12fb98ee 16bd71cf299c248b 8abdf74f20911733 168e031d80f3a67a 16e9a88e8df5e32b 2cb08ff00d6d160b 434e1cec16693a34 0157605496fec627 622e34dec4a65fb9 3e1eeac4d8593074 18486b4dd4fcc425 192843062b535209 db9d8cfa5282b437 da821432441c4d71 13b4fd173311b754 4ef6cdd88221a462 c2a65235a4f37e11 bdceed255d5d4c2e 46596f268eecde97 0abc4433c7d2de94 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 563-byte msg +Key: f42924139164735f 43d1e80f4abb6ef0 8c7fbf633a9d2b0f b10f95d39edabefe +IV: 66e2c6c3c502efe7 b55ca5bd91eebb54 7a67f8effa38d2b5 e7ed79aa8abe17de +Plaintext: 016156 e5e22324862137b3 b7344ec3ca746823 e1c7e975a77cef33 4276e3ef838d4edf 6031ee98a5500a1a e67a020db8442a4a 21ead89d4c38bcc9 81aa70cd55d25066 1efa8cd5aa0b7ce2 31ad332187b05674 96ab2fd10ce2fd46 516d8e3abc9710f5 06852563ff183514 7f130888a08194aa 2a51139a4f4459af 990965bd20a63693 0019e0c80a3fdeb8 baf6aac9697e8bf3 c426ae7f7d24790e 41c41cdee9c56949 f4ffe58e354a1fd4 c99c406c4c71e457 4c702808fe4b046a 30e7dc257fbd511e ca805d3ce7ff9f72 944ef3fab02046de ab78a9bd3b81a3cc 50b9cc1b4b55971a 6ae2705b87280799 0353ebfafd555a91 c78658279a8dfe3b 88841547b357e345 bd6d45727f8bfe52 fef54ff49ad6c877 89e15dcd8439bcbf c08ede312089dca8 a96b050936f12da4 6d7a4770f16b3798 d9d3e137624b8660 e0215062fbb52b4a 1722d7a914213b97 382bfdf769de4ffd a0a20cee9a8c0327 d1839361aaa17833 f0dbe4d881e5d133 475096106af6b9ad c497057996c4dc1b 79fcceb697166a6c 1ade5321e5039781 82313d445c7a1db0 2ffaf560bcbbb845 c1d629ea28dba9fc 7f734d09a8443488 d215181aa833220f c713032c763840ab 9157cd84c7badeeb 06e2fa1a32705150 1d464f1ab4e971d1 762958642b051c57 d2c9e20cdb79b142 967281dbec4f95e2 4d0a0bcce963b2fe 23861b9042e8f351 6a728f0bcce1c908 196d0bd43ca8a945 48aa74b9af6b8c9f b670753925aa6d9f 439bfd0801bacf45 7619bf8e8b453481 f86db1686fc7a7bb +Ciphertext: 594a7c 17dd073ee1b42e45 6306bd4dae44a0e9 7005a2f0079defc4 8da04bcaaf5e6de1 c6225719d2e2d4ca 2a9d0d7ec2336c79 251a0d6a50a25c7a ac086940d3f8eae1 076cc579a7f9091e 67a0ef6d9ade2419 683a351a325c3cc3 cfe191c1c5d84272 7d7b6f8aa639a8ff dee271dd6ebbd6b2 380f3ec051d9f10a aea542d8375aca73 5cc683c7adead839 310e5db7c3080e64 e0114011614f260f 6c2e009c6d5a3c5b e33365aaf008a4e6 0049eed1a6ebcba9 1965fb6df4beca2c 8f95d4dffd151b41 a752bd2d277a2cb7 65397534cf8aad4c a7ceafb7afaddc1a 420336380333ab1a c16a5710cbacd58a 5372d0ed2af46d1b 97a44c171529409a 565af5201678db68 d9419884b2f048ba bb3ccd25167a9739 622513e75a8f7aad 7fc44e4f507dfbd8 7fffd0a59e14cac5 eca961c3424082a4 f7fe630c28e05b67 ba48f42912cb16d8 6f83f9de594c5ac5 fd1246bb97e7544b 2a1a2a2cd0f0540c 4a8d344a6095f37e 57540f4904d8b9dc 56ec24ca67ce0be3 e0423654320d3fc7 5c204926d4a97346 7d69135b32ff1b97 cf0a4c04c4bd95c6 06461def7d3482a3 c901e30407fdaf3f 96b351999a95283c 2453623654e8faa8 4239e98aa56e81a7 562134a399f76e63 f762427c0824bb40 e604dc34b3c8b05b 2998f72382cb6397 f112048eaa2f0f61 601b53007ae49205 48dd2a038ffa511b 24a2fdb676f48edb e1f29a4e74d341e0 eb0a5dd32153f605 02a878504221e9fa afcfee591b32ec6c c3757a216d0d0137 7204742fd7b5945c 3aa802fbb449ace5 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 569-byte msg +Key: 308ee63b13334b44 8b548be4cc6a0195 bfc69042ecdf9f43 9deb618f40ac5a2d +IV: 0e8d1feceaed5d54 8cbb1cdcde43455e a64762c76652a613 80492d799e4384e2 +Plaintext: 51 9a6ca0f943db5de4 5a4451ba0118b918 6b8d847b349e4f60 f45393a913421d43 df56bf06dbcf46dc 5a8aab264d838e5b 5a98dff22e90df83 135b4729c59bc62a 8164b1da6040f7bc e37753ebcf8dc5b8 3b0b4295e783ab32 cfcefce50098c64f ab1fdf3d783757cc 1c92afd12e3e4677 366f142a087f9ab4 503319a66d4003fa 830daff6cbbb5054 2e63289f139ef9e0 754bbd7a388c9653 bd120834b49b6673 31b88acf02d4c99b 4172271f25b6c63b 1d27a54d20b38755 3ef430577cb1d701 dea8d98ec58aabea 7b4812170d8d96cf 598b346b67fb5303 fd5ff9d76d8b3fed b26302fcbbe6dc89 076c5250722b4fe5 4f00d29bb66de3a5 1fdecb7b30308480 d4736fe18def45c0 0b665092fd99dbc5 270de7a6b50f1f83 cff60e0c6da890ff 6d608605e3aeced7 b0bf73a456de20b7 0a3bdb550bebefe4 33312a53cbfc49b5 a4b0b12f63296015 1dfe225024020803 2011166e61093c12 73168815f33399e9 a2ed5729b86ae1c3 7babc75c0f0e7af0 901700b95e6fec53 b82d8e1d8d5567e2 8e9edfb988793b29 f14ec991c1095dc7 83d50100ab27e9f0 2affa532406b9ae9 914cb3a87c5c548f a87090b7dffb9bd1 20d48209ef391931 f013351bb47b1c46 d37e3abd3b1d163d c798849614ed1b53 909be99dd3ab665d 33f1a7a19290d441 7bbcdcc26ec4677a 774f0df505e5c598 fab2a084ff87b7be 1a22618c82afaa22 b28f017dbc573190 e01c939e5dee81e7 87a20d861ad5f39a ce2dcda42be28630 9f7d11b8cee05bc5 29877e57c20d3787 5ef29a6bcc9b043a +Ciphertext: cf 00433e994735ce22 8c89dd4f9949f5c8 65187e07e21d1149 0b42e310b23c850e dbac1065caf8a3c4 81fc4862dafd65bd 7c027cd6a7bfa5e5 23a492b7a9fcd431 e9ae1d3ffaf9f3f5 0364e64eff8de0db 0d5577b47e2a12b0 60e4b268e50e4ce4 77872f1941345db6 76fc10b15a60ee8e ed4b173089df666f 19aa2399d2759843 495ac8877ffec67d 7de49c497a15f461 721f8108ec9777b7 c9a9f7e51a981f6b 3525b6a9c0829ce0 0350d2e5227681ca 4d5402c4920456b8 206dd44322604fd8 b16f9efc492882b0 3093e44fabc1a701 70e879b9f04b135b 1f3284fc74dac50f c44f2849b2452c0c 392057c1520a4a2d c5e88a6bb261a95b 4dfdd7fae7e7983f b9a6ae5bd5bd177f 549d00b8998acffd 063d5c275dd97fe6 477df9bd7a9eb0b7 2afea5c686af78fd 17c8ea1439515855 357a88c53234f325 598610d82b09d248 c13ce808ac80ff4a fdad05d3e5f1df9c 0384ef105dff5328 100149d042cbfd31 d7d56f01ae77639e f06468eecfa15d94 27014bd36dded6ac d7ff882cf28892b2 76bbab8edb4217f5 999005e7898dc081 b54cf0684d69d619 e984828fceb2b2eb 91cec3e4c05a8df6 465b0016c35e57c0 48606f79fdd60d50 9bd82414111c0468 30b2e4e35b593368 7d117f487dcc527c 4bfd5194f1456b19 1c9c0e44d0f0315e a34a6fbeda7efe85 90fe0a92c058c2e8 3f275b20a2982ae7 c7992aa4d86f6695 5fff1faaff380274 c0fd3d98b13682be 112e05c1105879f0 204bb70aa7777e5c 2b7313e8ea331f22 92bb83971d07ccbd c199cdd9c1db7245 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 575-byte msg +Key: 9a52b0363050b46b 1074394b66cd627b 1836e9dd4ccfc1a9 2aaefabfe3d1e63b +IV: f2577a4aa2f0f63d d093c9dcf26faefd 58231c55b231dd8d d3b0fc98b442e545 +Plaintext: bc46c8103e4f3e 3e44d42f298b29f3 d8ceadb7d2474623 34740a3a02173f81 bb808663300e53d4 95f4a035d939e377 33033d84fe14f4da c6952379a312b000 c5c77f13511ae5ff 6c6860a194048584 377d39497e20244c 6abe638423b07dab 8d17999f1b68ee09 e8297a3c04f5f760 0bc60bcffd74bfbf 497832222bf68fca 38fb3cd138035438 33be58cecf132153 d96619de2116ab7c 8b4af81a63eecca5 f1f8d06f4df001d5 75af601f9d67eba7 c6e3cd3e9210d2cb 57bd1d35729f1d83 de98bd420538db27 d585fcf617f73ea2 fcc78eb6f96a1af3 d558093b01116aae 27626b1205e4cc78 7cc7931ce4cd008e a399c30ffe2a6d3e 2fa325f4b74d9c6c f5de43a7f8fcbb0e 92fd8c5aadf11bb1 e2e2d611485ab2f2 8a26d7273d5a9906 7095abc884868f33 3eaf51761a697554 e2292e848001d158 116a889e3a404bc4 bf0e0c3f518c322c a8664938d23ff8be cbf633304d28b1b8 e9f6a11f570899ed 0bd1cfd208158b44 f9a9dc6a7e7b8b39 c4d24ddd58d63c5a 3d5288733cb96acb 7b675a4a512a82c2 590172d2c523150b f543e45249135985 3307a762905ba8a4 3857176ed3d2ffed eff5733a5041807d 87d36058c7e7f083 f39c65b3fbf73ac1 69296c083715ea0f e40d4768c7dcb3d7 a20a29b77a5bea9a a69929302793086a 3766c3de24fb2b6e 5fd15724d0fd9661 6d6fa7370b762d13 74875d9fb93afae6 ca9583ba438dab52 89ca093816ab1163 118a439f2241a236 84ec68c95cf1f87f 493e14623cd25005 8a7fc66a3fee0c24 b6e363b966c2314a ff53b276b6c2ea7b +Ciphertext: 219f42bd665113 54a00e0b33a7a128 e1b427738aaabd80 5aa718e1a8d1264d 6eb713c68641f506 09660334a3b49978 9fd813e53715c4d6 6e2c42faff102358 bfd0e5bd73bf05bb 0c79231279b5c7f4 92877df451e0c98c 3b0956123bf76b4c 3a3f1a4856a7bfe6 0eb6a0e36f98ceb5 b9d5e068161ee1d6 c721b8b8ee46caf5 ca3a2d6b629e458e 8bec223ea5b1a257 ff1eda23c3ff09c3 c521e9dcac0b9dbc f4f0b21054bc1810 cae4b8c300c5a6d1 10a6b4db68da086a 8e64b41f0cc878b1 b4ad55e96b905f1c 3ed6623daa829690 0adf9cee24a6ecc1 dff88ef45e379986 634824899e60ef18 350483cc67974801 007b43c411d7b527 d2418da92926e3aa 82ae660d57e61f7e 52bb5b8f7bbf7423 8bc0735eac5105d7 baffe2daee9d8e3b c54e22b91a77924c 388c08a546a3d81b 6c02ac45c4bd488e a752effe41d320c8 53da1b653d13ac9f e2fe07ee66e9e9ad 7c565a2170704e6f 2d682cd30edabf34 32a2b88cbcdd5d73 9678e9f6e27c4125 02ad0d062d065ee0 1adf32ab027b27f0 17969b61af66bc6e 42c6257baaa07a93 5acfbae35e7dff72 672f97f6d3735ece b9b0058e308ca8ba 5bb30def54f79259 c92fffb0ef625960 04adcd5fac11db18 bce63a9631b821d5 4fa9c4955775ee4c 7c57ebfdd7212bac 37cfe36ead0804f5 a16d805807a343b8 1e25e35f3f7a6ee6 42a9919acd628cbf ab084a2063d23aad 0751e087599af85f e59a687f13889211 8fd6c6fccf50c015 459b12b864ddb17d ba7945f71ff8d426 a8d3a270a5c39332 099ec54dd0be70a9 5e6ce9133c7cf1ae +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 579-byte msg +Key: eade9eb6d203ce89 78f784f4ce6fed82 03714b8003c3990c 41a36d6fb4b823ad +IV: 1f49385a96adf4ae 3e024cdc542206a0 71d31e170c3e69d4 40a37830cf4abfe1 +Plaintext: 68bdf6 cf2534c02358518b a0870db736b5f3fa d4e38c037fd71a5d a11c8897a34aa2a2 bd88827a0d4e4a08 e77019486d5837a7 5f9293af348f70e5 69a25bf2194f6002 cec57d6a97a9578d 5a152c006ce109ec 5f213db41bee0dd8 306aa91a6bfe5fdf a8e60fd7e6f0dfe0 a1802f285cd8d092 7d96705c5d7e59fe a07a5c55c2df0700 f3f21f0b25ab4aca 63b90b0864c5f362 60fb16ed22c7bd1f 5fdc5aec467bc12f 58f2944c7a63ff13 48c6a6e8ad31dc21 b05716b091509f02 15988d271e59f332 7eed58e30d9e6883 fab1ea105ea4f29a 17b358edd3a16870 6bb4db4d730207d2 0feb521807e7ece2 1e82bec7a0a49d94 3b16c4ec0f428131 083a2ea86cfc63d7 b0f56a3290c3f3f7 5f3f09579bbb45d6 c48842f46ebc500d 96316d7e32d17109 0b11887bcfbce58b 62f2b50676705229 5b12ba4e18953fcc baa28018ec089730 c84a9439ed592b66 d2a2a91d5a4b2c55 a8ba14433458b535 1e944ebec32a3f13 8fa576b512222b50 5558cde36ed53c22 528a3819eb8a1a11 6a0fc1b7dfbed07b 062c173764a04e11 931b09a2db95e858 028a0e1864b5d528 461cc04d674cb230 d8e65d060e5afc70 36f345a0c81499be 5fc17f8ac8605042 58c134c6835d4cfa abdb316c36d99e37 e3e869275ed8b81d 123771b53e14f227 4b08036b5d7808a1 28147caf05a39a2c 44035d7dc46bab3d c2f4cde3ef58239e c5f916841a254dec f6982418a2425a18 014b09ea2355dce6 18017c5a02b44b71 6e9b5559e5ec84a4 bd6f13ef353e44c2 c2c956b8a31cb1e0 bb656562a0b0d266 f0f6a831e4561391 +Ciphertext: ab8181 dfdbc4fafbee2f78 ad9540ab7e205a07 cdb5bdda9ae31bb4 dc4d6e48c57df7f8 1b05249486183d08 abbf38c0f25fdbc6 7eb22387ee9d455c a59f2e0dc3460ff8 966908caf46c231c d6ecc4366d340e72 bb0f6cf86e7cee8e dc7f7d360ff79036 310540e239df76c9 9a6789c67e39581d 88ce1491b14e574b 05603578f53db501 154f5d14ea62c192 03ef41bdc0ef4129 afa09771a5232226 79f27e2abf3470e3 67831a2b798d6acf c6ff1f8727cbc2de 5f36d6d3bfa49b83 362e94ec58c6b05d 82e8b0b9d9a9acf1 3b0906983b17fc64 131c0473796d7a86 1b6dcf79f4c8c8ce 19e3b10ee4a8b098 af99f0aef9e3a957 453416dda377f5a4 bb23a50fd64e980b 2342365e7ce0589e 68372dd5694107b9 76055b95709b94c8 95e35eb29a9e01ae 9ab9ed0991573bab 572acc2788263422 d83a16b55da1018e 3994990ee1a6e71c 6d195a46bc340aa8 578bd868dd7247fe ac79d99b2c03e6e9 31e84cfec0e32087 b66904bcc25c0c65 49de913c8046a3a1 bc12072719776a9a 0f983f30831f0ccd 981629c00ec4e8f2 4c3942e0ed74ec7e 06912757a0817e5d 65702968f77e4b4b 70581c384c58c551 f885ddf642d9b5e0 014152455acb0ea7 e3faeefb77a99bf9 68ffe3031ecd80da c0b8346ef8a55f45 6a9ec76232c0b6e4 cd34dbddb2e3c751 34fb3aa0bef7eb66 a2aaa36e36499c57 42380151861126b3 0b3b755c7eba1ec5 e3ee0122875b176a 5bdbb1c5902a5bd1 a095205776e0076b f6b61cfe7f195051 ba675d3182fd12fe e26cdba47abee8b1 1e96480ef47fc4a1 d0d9fdcf959a546e +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 586-byte msg +Key: a22f7ce81dc2f42e 832a2d6b4a94f255 286f45f1d52146f0 12f8563fea637bda +IV: 386206e1693b74ed 836f93a466ece68b 5384491caa9ed819 f82b0e1f30dc2a7e +Plaintext: 3992 d748a9170ba8d10b 3075f9218207ec8b b84ab8b2e610af2b a2acb1e666bcaea9 354666bd810773e8 4d078a9b8f71fe6b d8a285c536803fde 5a0df4eaf63c9e8e 690327979eb173ec 3182a1c1d4708e0e f24d9b40920fb12e 7d6b824ea3a51129 bba6740c2a4fd801 260dc7fd1bada65b 4d728289c0650c02 55ede17c359f0f62 7257d584ec88ab0e 72d082b62ad04d3a 333ac00a882b5841 28bc9bda74d4a121 d840d367ad05f3fa 5ef45d55ca808c93 eacddf2ab4099dd5 3fff38d227e9ce4e 3386f51e356db8af 32a1dd40c3656a4e bb5267500aa6e4a5 e2df3ecb18899fd1 cc54c40f4c690314 36fe8ce0dd28ef54 eef1dee654ab3499 5884372d0d5a1a92 ebd0c7a3baa1db11 b234f19de071238b cbd4ce5358bf9699 eb15aa5fcf04497a d822864246bc488e ed6a94e093e70fdc 9a20beffdf8b118d e1ba20cb2630346f da738955ba635273 30c9fe0fbf33ba2f a2003752b0b7ad5d 839d20d8d986e25a 3aeb5942dc3d02a8 c379b6942cfd2c6d 2c9ac0b495ea72f2 19e332eeb2ad5b24 41b17d7375f35f16 eea144d5a2ec6e7c 8016e18d54cc6932 ebb7de75774ea7b3 34ee7d4e4c2c71a3 f96a313ce9a88746 e69d2245b6069906 403fadd5f110cff1 5ec9e23d2b914138 2bfb042fc8da7fb2 a6570c4483400b56 62a32677e89cdac5 066b32a7d8c9d6be cd7d4518092a5fa7 076b26f28321c50b 970cd2c12499d016 73fbf8f41c7d391b 27177d5e723f2e0f 5201f8b87d52d10b 28a2371c6cb0b9ce eea2b98bbf557039 81f23369ccc2f4d1 d0430bfc3b7b3740 5d8cdff189899ed4 bf88ffd689f885fe +Ciphertext: 5315 1c1b4240e244695d 3316a5e5a63b5117 482b87cb9447f0d3 cdf56b42ed50c86c 45a9f99bba722cc0 a574d9de8b416ca2 8aad90ccef345e45 7436d730252e98cb 9d26fbc80730f49e a23c09d154bcee29 ac1ad856aa63cecf d5f221868b77e913 edcfcc745c6faaa8 47fccd28802e4dfa 42bac0b19032707a 08c40cd3de9a3e3f 951bd025ffde957c ab5fcdf4bc2156f0 233e2d198aa6403e 0093809c554ab4aa eb3f85d2a00692a4 335b8e97f2a7d692 e572b3ec0380d21b c6abd11ed55c94d1 206c25eb67ef4694 9c7d2d39c60f27c1 41eba5be6473f973 58021f2b4b6a9cbd 16a9eb628f158d3e 40bb13e569db2efa 3c42c41c847dec03 a5ad19babf151c75 a298d328fd6f1865 aa310ad7eb1eefd5 86e865b8c89cd4cf 1918753bf1002b46 3095be5a519f57a7 3b09867da55c56cc 7b62b58105cdda28 13abc6a48908fad0 4dbf4fe875637337 694a36d310e1575c 8cadc56a80a8656a 14519bfe415a0e94 a820416b2d1c0737 5f54ce7b0978bc6e dc688c4fed48162f 7e88c0bc9beeb385 a40d5c96d55dec35 c0ab1edc930ac067 82a3e1a01b1aaf67 5a584023ea9a7854 16dd065a6f0d9ead b1878dcc5b71c843 e29f29d1cefce9b6 6b5e72111dbcd997 dcece45345d3fab1 c1455163e87db1b5 53e4917e565454b5 95e925e823b1d2bf d2b082075c20528f 7e056adbf13e3089 41fd1ad3d70485d6 fd23579bb4b79c0d b5abe94f9913130d ba457adb6051ef6e d5e5cf2ff4bf90a9 d625b5ab25dbbd4e 4cc72610374f37aa 71016352572c4a73 7d1dc663c956bf0b d4a26c08bfe8e8b2 9a40f348f9b58b04 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 589-byte msg +Key: 35efa1de5ab9d5c6 57e6278343fd917d f352a644cb86102e d4513c420f7f5454 +IV: 09396e72b086037f 6512a21e522de5d2 fe16a5631e7a6a83 af3825b14167225e +Plaintext: 969a384e6b 6243429615d4d451 ce26a2d6b554ae2c 81ca05403bf99f37 4450870399673b34 567d561179246ce8 e93b36a2b71def9a a318fdb0e221d499 1ec51879bf6301b3 699904ffc5fcb0be 850cd68ba267ec13 e83cb326b503180e fe6b581f9294688f a37f948882c3667c aa81c9b900996e3d 591e6fcb3d08333e eb29911e9c633871 0c174ed337e057c9 60825953581d3dc0 fda779c60198ecd2 ede7099d65363800 ad4a79096cbd4b4e b0f7cc81335a2145 ddbd1840891c0c72 0c8d0ac5737631e5 8dfe5f51aac10ab3 a1c86b6d18b8e274 ff4996615efa5cc5 5104dabd508cecc7 b41c46d477545b9f 3cdd7e3c8f9f47f4 6d343950079ca174 c332c1ae84de2e4f 2b8d77ba5ede07ba 881e4d1920771a6e 2f644a360c68a626 6a0009c095d6c225 f9373a2ae4c7d7ad 8d741f2a54a82189 4bc3103af6c83284 4f56f81a0ddb6ff0 2604d74c93789020 53c53e97b29a25ee cb38d5854c230c36 791dd8e57454fc58 bbdb9549f257fdba e3fbf089c3b6ed44 b6aadf3e96e1fde3 f03bef4850ab3207 bfa3bd4989cde524 44fc7e280d624334 1503788e5d69cd33 bd9a866c2b47d9a2 3a469773e1430f06 7eb2309b1a07ed66 ef2ae69d272544d0 e720e4798c90b9d4 35ab6bf0811f4406 9a034d0b720eb481 4c0771927f7c295f 76b75396fcee9942 b6ba81e8f1ca4ccf 9fd91f9f9bdd602e 35826396ead6468b 734619eb02c94297 c85b2082baadef07 951bec801fdeb914 b08302d0f29b61f9 e5b57fa126897d79 707692e6632ff557 84b1fdd5867886dc c8f298691e344354 d4eccde0f0961091 b8f31d3d74b72566 +Ciphertext: 22b7d4fded f2f01c4e5dcb23d6 8dadfe4f78f5022e 67df91665ddc2f56 115a91c731eae43e 8cc6dfb70402032f d9dbfbb9257641d6 9717e18e9b949614 e526704350c510d2 4d780ff831d3c920 347540767fe13827 7953405ed368d4d4 f92c0c32df85f5d3 11b67ca76f7fbe8d 3d86b024ccc6c203 a735d9e37b2528aa 9ec01da6bcc0e5fe c1296e8c6376c242 8bffb94d342e0751 07482785cc3a4d20 2b09d0b2db079457 88ae99c69f87566b 51ed907b71079326 dbe134bcecba2d74 66298dc7b7f713fa dc492c8880c9b3d3 1a095725efa10777 36322c0ad87fcbb1 dedb91109818ddea fae411fef50bb0f4 fad803f1b4624340 4c7b7a1b1e448239 078b4d8c5e11b4b3 d3e6bed61404f0e2 3dfac9209f9323f5 ba979d109359a3cd 8e3530d6a3fb08fc cf60e0c94aebc463 a490d76802c9ef29 4c1a1d7728bf4b8c f24271c6d12a87b1 d8e68ada7ed78f2a 23a07455aa5851ee 0f40ce07537ae512 f38e43faa8cf77a1 63bf3ed99641f288 cc59e52ee3243547 15533afd045f51c0 fd36c28ec6e1fc51 cec8bad2fbfb3839 931f4087c02977b5 c9a0315e1392bc6c 76c7e3e50bebd257 ed131b8b22301a71 1ae5386e1bc960a5 dbc3db3f84a1eb9b 1c4af5f1e9e6d323 b8cd1ea552066ed1 f2b9ccb822051cc0 b1bcbdcdde5bf85d 82922493c3067b11 4451c9d106856920 f39c9c776618ce19 94d17b1420231a80 66a9e6d4cd95e67f 7d3e32273e94759f 98715a3d3804c339 2a4d8190f2458ced d85448a087e1c40a 428b6500eaefd43b 9c8990415434344f 015e7a0a8954181a 874869a4716d82f8 525fb81e73ff58e2 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 594-byte msg +Key: 829ac75612912d82 b76b88f607b44249 d24bcfe959c386a7 ba0aaf76af48dd6f +IV: 780a7e1916a0b0e8 bac356037d7c6b4a 5141979838600045 b4a163f07e26637b +Plaintext: 7a97 2156eb7c0c01e4ea fbccff6279e250f6 5f859cada99bc729 826a8c87a1a07187 d896f9edead51b27 9edaf32f1116b8b3 5039ee7426b0dcec 336c41333ee64323 cd60a8bbf26d48c1 67b3c2abddf06fc0 923b947b228ddc30 9f7f05f1e355d9b3 253c60adcbd05401 7fe1d59e85775e65 4c13f88b4338ad3e ed2a408b38f61b7f 0bb2898c1e06252f 0eec93d0b1b36dea a74a806b31bb395e 46f65ac7e4d0f1ce a54b8b209218a593 3b5a630908ad8596 ca6796e5951e66d7 d26abb6e90eb44ea 1b8ece31d00dba74 2fb5af10326c8cb2 ddf2a1bf17671ef3 b80ecb48e350fa19 9604bb877fed4e1c 1284deaed8f86c86 0a7409c25ea048f8 216af31c8606fda4 3e33b8e948c148d1 0b5058aba25a0b5a 777435b613d0cc2f 340799b4201533d3 3aa52e21d39090dc 42a084cf37995376 4c7a8f63dd0092e0 1a6c27d65a8686ed b3e286f5c7620e85 e0fccce140bd2a21 b20e7e9065378153 fa21034bdc60dd3c d070262ecd3faa13 0dec97ab64cf7aa5 d1b96a07537d83cf fdaf97da4dab1f06 bad978948c304cd0 f0f94ef34cd62a48 d002bb8e4eda7f9e 4b9d494d56703694 98a5e2eead3cdc02 b2aa57829fda2253 d772daeefe575e06 0b73836b9eb6092e 935ace06d76c42f2 7a881b2006e44a0e 108f2def0cfb0650 66baacfbce85801b d382a3a2b3c766e8 711a029429fa8ac0 a1e41d5820cf60c3 83f92bc68de583a5 7fa4c98be855302b bfe875a8af27cab2 b2f613f3e1d954a9 8bb86a9484dffa12 bf49a8891f1e8905 8b7ada224170f22d 6c4f7586f823cb48 a57fd02c5a7acdab bdf8a863002b57bc fd599acb86dfea77 +Ciphertext: 8304 ee4defd58f4e80c4 c0660dab69cc7c0a d64b4ef464664f5c c8880ba52190998c 50de7fc75b16cb84 0542e2284d7a9dae bfd6b5a1791e057f 1a8d935a1599cf1e f85ed99f575e2e1d 83f8639801c46b59 c7d7f001aebfc1fe feb8bef20e6a4ebe eb78f8b84c6bcdab 8167df69557dec20 1dd4b3bdb211f30e 3bacd26727de737d f81686188f2a8761 7362e2f4750e690e 20381c1985047c92 e6849199a9ed8817 61764988e6012951 74403a7bd9e7805a 953c742d5fe2930c 4ee3bded2236f538 e5e35c639ca57934 0955138ad3d065db 0a0c7d670a52206c b8c9276ea2380b20 bb98f3d57f00a7ff 58fb763ec1b014de 3116cca1a241111f 762dc091d466e57d 6c344c3d5895f51e 14e042655421de41 2678b7d4044372d2 ab21de255f909442 87e7b38afe30f9d7 f222e3cfb72f6cc3 90495e24efe5c492 0ec2b7b9bec70cd6 b705e68b0521f27b 553d5e0f64f74028 ca49fb799e81dbc2 cdec7a8e77a29ac1 2d4a828ade364de7 cf2df56fb39cd014 3b010595cf302f9b 0e0645b601d4013e 2df2af0d49fa6e9f 3cf3d6d9d474dcd7 457f496f9bb97018 39c9d8f062589175 f0f9ceba8f44b73b 6b3f94df81e0ff64 0a535c9d65bbd634 2bedb166db6dfae8 c0ea4ea4af4caded 119912eb25dd069b 003106bafc8c303c 9ffe1b31176e9021 bbde4d1e7c9cf4e4 5c6ef07cff6933f9 6cd4849b01698b88 1e1c66665b4bbd68 7dd4567d7f89f3d2 5c10936add588ebf 6aece40fcc85abf4 abb371147202ba2e f8b4f2929bd77371 5e103cb262485e35 a68854e1f77c259e 32c95310cf356885 a4558b0becc72507 ff7a45ad7a209be7 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 600-byte msg +Key: 76acda0cb5abeafa d7c558b8bfe5b89e 3931e3328384993f 0c1e6b277b9ad879 +IV: f321b7c695ded5b1 47b1de46b428818d 94abcf5e2ef6e476 1bcdcacb4cea9a1d +Plaintext: 4f3be4cecd4a51f3 58fd87ab637f4db0 927ef02b3597e5cd 0f0eaf1b5bc30409 11612bcb65d9a8e8 900f1b90d4d2662f ba120e429f4de46a 6e4be4beaf0b5d66 c1fd5266637220b7 7a50629c0e0a1233 95cff14a74022875 c3eb2f5d50acee5b e7762246d1fc0389 9b282478190d9ae4 a91e60ecbc9dfa17 935659a0478cff11 0c346313b6619785 7d0028cbfdc54669 816524d08006a277 68f32a2e9b95d7b0 b79fdd771b8825d4 a73e373ec2195deb a20d059dc82568bf c92c69b054adc05f 711f57180759f49d a14c197971f02991 967fcbfc9ae29314 3f68e0cd7bbe0046 c11c9b9e82bc4e09 f49096231234f084 e4223e9400256da0 5110552e17afe08e 2ffe6fb295997940 277475e4abccfbeb 145d260e01d63c8b 878a917b3068a85f 432d9cfc46d8be69 c25e806646a092ef ae9a4a11a5dd49fd 693f5c5bcfd1a0e0 8611ea239f6165ac 4db87d4eea98fcb8 3b407346f522dc1d 80977d76fad2103a 7f1220d0a81cb632 51e93547a09c836d 43b76954f88d3d13 53fbbe75bc533f94 b79908aa68f2f923 565970f76f946d36 4c66f4e5b707b308 6ad1e5001a3c7617 b40c685ae7c975a7 e270f6065f68033c e0b7dc9e38768724 4e82bbbe1e75fdeb 00d509872d8b73e4 7f968e1d78008da7 8611e82985c4028e 86770858cfe61c37 235ab3da431e3b05 b43302e4c344539f c7dce22ea6d7696f 9a17947535781b23 a3052dfa306c1530 09af1802471d9c4b 29819054a19907ee 13c926be591141d9 0a3d4191fc5b498e 077299200c71b2d3 3666ba4480f02334 78f788db429ad77e df69b544b0d51e46 35e44ce51b2adb60 76f42aa64bc60468 +Ciphertext: 9cd4f2282633034e c0d3abcc2086f7f1 ab58fe58f6c5d0ae 70f173b3da7067ed 49183188c42ba52a cd3ccb8ff9cc57c5 51f8d49eb582c693 0613832bd2fe8faf 51e520c8a20de7dd e1b93a67070365f1 58a7c70933f30582 afd4f438ff664a0a 35a7a76b866de4c4 23bc45701be2645e 791619c1e45c3f08 bdb8f351749d52b4 3d85a5681836bd7c 5fc0c0cc93f2aec2 b49941249e0639e7 8c673afa1aecb8f6 87aed54c747c9425 54934900fd8fb690 22bc782e988e8b94 9ecc3b21c99915a5 02b12a0cd165d872 70d742a6bbd354b2 817a1cbf563ff9e7 4adb1f0de4560a93 64997fe4ab519e9d bc37964ed0b15dc4 3c9579403587bba4 729323e363a787da f1a29fb097dc5f6f dfc1fb8c69a38868 4231a6a0beb36033 6db923bc8d95c138 71b2c2b829772ab0 0e0ab8710e605fab 5a3c2f33b98def99 3accaf002f86b0c9 e6f1cc114eb64475 c214ac82cfc4ef93 fba17b532e3f7540 c2e823afa5ee6397 f4cd248d61235ca5 31a31f36c7a037e6 b6bdf9e708d963a3 e125be86e0531a1f b3d652969cf2ec93 eda509ba2eb051aa 9c42fa486b26530c 528460671c437366 a6d11bbaaf0520e9 415236f5d520f1af e23323131f4f287b d50171d83213ef20 cffd89704f8cfc4b 27d5538d02b09831 4a820746dc3657ea a17dfd2a078b6846 ae9a9e6abe3c18c8 e3ae7b02d11205b0 a2210c42bfed2b2a 818ffd1717a30b1f 786fdd4d26415f6c 2454fa7b90d2b661 4f3e0c1048200918 a5766b14587ff87f bec9a834bc631230 14bfbf89e5d62b68 1ae005703e70ccc6 e36e44411857e58e 395895fc9992b118 f6a739c2c7cda2b0 99c57251cd8dd4b2 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 601-byte msg +Key: 088073f8fc253dab f352bd52c1dd801c 6efbfa7b2e601a70 93a7210802f3b327 +IV: 64d72e841d733cf5 42e0a4ed06cf6642 766c0634678928ac acf85dc18c383d80 +Plaintext: 73 55b6ede709a345be 27a0868e391d3166 68b24fbb9db2b2a5 e6037d4c1b2de79c c1b03b412e9b23cf ee5a274066d071a4 b7a6d314e6e20be8 39bb452ae4abe14a e4c777122c4c18dd ff7ad7049da5889a 2189c859aade3edb b92c200edae1f8e2 87a1a84449ddab50 20a79fc225c400ae 6e03377232ced3e8 2dff16e046f5b3cd 70e6d6bece766590 1a8985624756614a 65be2746c6db5276 5fdb2f88700f9a73 683f09680341cd05 b5c994cd4b8331d5 d05fa0bfad2d44ec 156974eea058363c 36544a2a2f636b18 b80fd1e97972fab7 7591aac431eb31b4 1851ecfa1ef70e91 a4cca0ec9b07c72f ed02469f184c4357 1cfa4e3e983d9f35 303a9f953115abd8 784f149690536ab4 1a4bfad87238951f 8f4293132b4c18d7 24cc96a523da937b 7b87ad10546fdb0d 0892f57acd5f7776 9512822c32402302 beb0d8133a6d50e0 751973422f84a2a4 7f7e406e72e971c4 f5122171f541491e c48e6dc8bff76a71 2eb06e156bba48df 47b7e29da9fd0b72 78e97acabb751093 ff0d5eabf99f6794 6df2a76f4f385428 27e6e3eebac3cee6 e63f9520ce0703ca 37d6b2a3328ed1b3 fc87253a22274ee6 e8b34c48ec644189 07be7859741da729 3491719ab0eb2f35 a118f05c2daebe80 52c524958808edc3 a20c2d5ff6e08619 bde5a477bddf0a82 254d11bfb8f62d60 2dc573bcd6d658fd 81d1bc189c772703 9c7a52229f92e902 4fcd8f490a2723ed 415a41a51ef70c9d 6ab62b6ead0a124d 97f983829e2b541d e94172e46d68268f 562d9738a893910d 2662844873c3d061 770a3f8104d3d33b b950c37727e1c0ae 33e57c5dbbd16db3 7d7fcf8d34c8e8a5 +Ciphertext: fd f8b2de3f3b4e044a e5aa514f24dcb96e 95f0d86f1bf94548 29bc9fe222c1a1f5 23246f83a25240ba ff9a38a0ee7edd42 9a151388d9974508 6a895b922ca6feb8 760867692a9ea7ff ddd40f7266c9c42c 30e8a233723aca72 bfe68bf76ad79032 c4bc6231cf961d20 99506834bcceb18d 3cced73ac9aac122 952d3a2a406b8aa6 3e86683eaa1ac81c eab449fe8e5e4fdf dc7ca14a499c8b75 98af3d8de2093115 7f3135bd71731ecd 0499f90ee0f55d42 7d20aafd88fa5378 e15d1f7e1a0864f1 1247fc8b0b701e44 2afb16d5701a220d 6341d89e81753bb7 520781eb670e7ac1 ae88af5083530337 e87986e4c45a45c6 a3a518ea42262f8b 0ff706c6c246748b a0bb89b9cd5c1e0e 2ba0b418c7a5b5e8 afea5f2d4db9c2c9 3cc9d7ec02f45e95 ea6ce829bbc4e03e f7dc7cd4275f5f9c 5c5ddd68c26193d6 76f384d5ad4eabed ff6e5a6c680ff302 95c2730e464c1772 e48777a902c102e9 7767d9016adb5320 ddac1126ae4aa5ec ce8a71bea9e9e760 9941c6e7e10fdd49 e23b197a5cd13f7d f2f47ed82efc63eb e58ce367dbb3117b 57928d56704ae445 b2d351e3905b277f edbe6cb4ccc8a55b 30e3542f183ffc1f b28a16db371e70f0 b2a321236d5e248d 251861e38e9b0ec8 644328fda5a6ca35 524721b89084c34f 2efa7c53a07a7ec7 2b68e64577e41f8e 68cef8604fc812ef 72664194fefbf7df 1bf39dec6e856d58 748f0b52519b33d9 b56fbdadc8b047b9 af7d45621678cc59 a8e2e87f2a82328e a522488ce200208e 96325ff4ff400291 bf1443184aed16f6 b030b77adf035775 8354b90972996d3e 680f326bb56157e2 91b935fdc2eb27e0 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 604-byte msg +Key: 548f0617b1efc489 a389e981bb78b2a1 2bf9fca1d92af936 b212273941e28305 +IV: 807afa21ee2f201f e1cc24c31ed60468 a715fda0d44f461b a557fdca57476243 +Plaintext: 35094368 b11cb743b3940f35 31630a5000d84801 ea6501f200a5f72e 319da9871c43ca35 233cf1bfc1ea921f 1da62d21df4ac50c 42f394846a05fdaf f96fc297dd3077cf 6b1a375ab2d595c8 0928d5a2eb745d08 058166998c7df793 d442143b1fd83380 b33befdb2f5e0079 1e6f6b9ccd5df63f 5a98dff90e18cd23 eca0073d8a44e48e 2029830bdf8cbb7a 840555d72c0d79f7 6abf676b97db68a7 69100364c77b7342 dc6b59b26b67af13 6272fd1bb18dcf79 5c7e66b8cfd0ae67 731b70777e85c9e4 0f89db987af7c28c e03cc93004e4de0d 595d44a860fe88aa 3047b63f566bccbc e00b6f84b545dd2c 28ed23ddcc1a90fa 89e56903ef6ddeba cb1f3d84f8346611 787a7f3fc358e93c 5f0c72ebb138cc8a 139d3e91272699dd 6a286e0d0ce87e2d ff5e72924e38cc04 b0221e235d457903 200d291aad309f5c 36ecafa43990fc56 9c3db042fbee70cc 41b68f4a754981ae d7be93652c93da7f 56f2690f2732c7d5 77a1a11a7481bbdc 3a502c2ba44dcbd3 6137e53b4a58318d f2c205177fd9c9f2 b911ade161f9977b c4795f8d90573fba e5008564af868bd0 34e5e984e98ae9f4 8a163c5e695febf3 07b79037e172c5aa 8ca2dda80425d28e 42e27f1e0c4f0f25 1137b65a35ba9f8a 2a9525f240a345ed 7ea453cff13eed10 44412ead912f23cb 77fc839d6d129a89 5598878655f4a7c9 e28e51a01dd7c49e 638b5df81f330e2f e3ed0befb86fc638 b24a1ebbc76cd387 e0e93ee431fb3f7f c64776c85f61b699 7e93b618beda0ade 663252593e13b26e a23c8263d4af46fd 97fde0e5f9c30450 7075eddf285a4ec4 9cd88c2764f22ac8 4d0f85e5affdc15e +Ciphertext: c6824205 1b509af72d6956b7 dcaaa141978cedbc 806ac63e53170940 37699df8998d8d82 e70d59d0eceb8a16 8678268069459d19 c71d6924ade69b3e 747dcb1c0e414ae1 b05509a259d2c580 b5ab817a2f519a29 eb5766bf4ccb2663 49356897959eba7d 720abda960f8cc08 3686adaf1f9919c1 11d3a111336dc607 78214443916dff4a 69a47e50eaf6d095 d81f7e62f19b7a30 fe9535185b474366 927f7f615ddff0ab 77344682677b932a e588e068c0bf567a 3d4086d916969328 2e14bd243ce9cf28 aff67c4758fc3f96 5b176011a08b1701 2d0b843c2d7249c7 be3d993bbd6e1712 dbea7c13b184ba69 96d8d97703b39724 da701957ecd54b95 3510d82d9335b7a5 9066771f25b2798a d98ed3f3d9b773be c9f3f9bb3b7493e7 2a0d83826b90b6f6 4d2fdf2e50ae3d41 869216e070f47f51 d08817b850908d13 0375dbf355337108 91b9eaf1f80c10bc a79eac67cf8824d8 6a2cee2377c9681b e5ee120578f9db60 1416cd5b52c13f3f c05a54f4e6ab7e59 180434ff9b199c26 ea7983b0263dc1f0 3ee233c200360424 6ec1f60905c89d81 55453fb9f2a37a76 b4e7d93dde5c4f7d eb050174c52515a7 f773f0d421cfa2d5 25224d45994d99df 6fd4f33bacba575c 4b0a22b0993e6f04 f1aca388fb578ad8 f97b9af5a3e7eab3 852e05a682965e9e 3148e83f8bd8d96a c73574d3eea86e9d 574620b12def9020 f21db47f4e575da3 7b48747c48816875 9d59d00b21a5f5e6 0f5585222b7ce4fa fce74227cd8670ec fcd8dceb1a5106b8 d6588a4a7bbb97c9 674831ec472b49e5 9306fd3ec18438e3 2c4414efc3b8843c eb6fcfa135f4b795 3ad06e70f6f8c176 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 607-byte msg +Key: 3503179461e09ee0 1b160e9ef87a337a c532eede1024db0c ebae326aec98eb1c +IV: 784726d84133c9f6 0e9b6bc7bb777128 80ae76577689f105 566711ac84b3ec22 +Plaintext: 4d14d96f6de31a dcd5e2bf4cab2bc6 cf916687752a3f50 60da184c1dcefaa9 353dd2f9feeddad9 b7f855d1d4d07f7c 9781c4e9e0363040 46ff27a966d15669 7bcfe94e30c7fe4e b2005a6b08335bda a7d72e6341a1420b df4cfdf12f96ad76 1f8bc1a0aa0539c1 f2745b5390dba827 281b0ebf40745ff8 524902eb1f23e916 47f9c2b717af7279 a2dcbf5213d04cac 41d6cbc384b66e4e c87e9e61df82f092 1ca2555b1dcb91bf e8c1ee303a1b31b1 1b8fcd38b66f5756 68743a1917bbac32 c50de05364637ddb eca950b5acc33d7d ddce7ce57da80258 5bb23cdd6ed4033d 6ac2cd68957e2015 d71f4da911d05a5a b01b40948268579b c8c00e738cd7dffd 354a8262582561b4 d1a84dd3134b6f8e bcff810b6db73e69 d82716a31acb27b8 4c2c6909545f2802 01ceb8fc583b6462 2801a713e59d9f08 b26ebe37c0b9c3b7 d7f0e82432345d45 9018f6ec88a8211e 1daa1a74922362c1 801d6df525a89a42 ff1f697d99ace9c6 a60e6f6b4c9a8d0a c28042f61d506fdc 67bd8aa7f2a096a0 eb4053da32d0b2cd 69398b414c1a926e 400d88612e2daea1 91d57f13ceaa9e1b c5db0e04a5a7a1a2 0420b3352f2f1791 bed9527c6cc00758 26edb30262cc9bf9 b27802c399399e8c 9d4c4d119de205bc 656a091080136348 4d8d8e3b56107383 dca097deb78f92d4 5d43c39b403a4237 5d4a16e5112ea8ba 2f3e7888517e0f01 6bda351fa6b063c3 6b8f7b9cbd3fb74a cd01dfc3c817c0f6 f487d9affb1d57bb 87af444c0ea4fb9f f0b7dfdbbff94c3d dd15ce724dd89144 c3f11979fdf533f8 56a62c2e997440b0 13445522ec71ea57 b7104ab9477905ec c403a0aeff0e8c02 +Ciphertext: 044317a2efb631 e29154099e74a4c0 1fc27e1957f5d7f7 5d362a95133cf871 883696fc90b6f481 1da610b44089e601 c88c0186d1c08e7c 7b21a9f9c8097cbd 66b4b8721de893da ebbf8f82613b8e50 b4fae0563a5d5dfa 3de629e0e843f7ad b96ec3cf5a21a39c 965101bd64973b06 f0c68faef34e82e2 8ac5eaa14f8b7978 7b36f8cd45d0ece6 c01c591eb87e8c24 a20e7dc8d1d7848c 3cde7538ccfac4e4 76787ed709d08512 daea1ba49a6c3043 60d31e16965c497d 22ecfc20a38db49f 357824a8ccbccde1 faa0073a9e9d847b 0b3dddd65046dc87 3a2f60f9e017a059 81d7a995f34a19cd 8632192e62daff06 77a7323f0c5cb6b3 da92a6de30e0d95d d9664fd844964df8 973b894e8005eec9 e0b6c9bb727b3c73 773ab6b3f1635a32 a7b02a82ab2c5687 651e3df7d5fc9da9 5a1a71737832fa0e 0d3a3ba194688b9b ec926ff968052c19 f9e1da23e327ac11 34b11bc7b17e6128 fd73ca43120e5d58 d1747b8ef42f00ee a93efac3923c8aba 0cdbd6843d4a3408 9c66296518d63f5f a30852d0be28a5c7 9cc831f18b528beb 614d7eb0c1587a60 dee87ea478dfc6c7 9544c5b16435397e 8bf2abf9c50c6546 a81af23f869b4259 32ceef7416bf8961 ab9571b58dffbdcb ee425bb12e03ba55 80976f665c75d5a5 1a71116370b9f5c0 e7f37c33f7c3bfb2 ad679b304a355672 44c98b096e19c76b ac7713ef1ef6e53a 4ae930a31eb2149c 4ea24000e31f95a2 b27f70ce9eb96960 0c69b2d3d18922f7 205c4936200af729 bdcfd79a0df76129 2129416d639a4686 a344da18db8b7158 18c9e0cc33d2e54b 2529eec1e5c4caee 560eee5198100a7b 6cf789c1b58fd925 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 610-byte msg +Key: 47558ded271c40fd bd4737ecae77e180 7aba625f00033521 45d716a871481fb4 +IV: 1a2731b2c57695d5 aa1ce368b8dc2363 d988333c777269ff 3f2478a125519892 +Plaintext: a80b e1915735f8c4943c ee0898026586b71b f587e53cce897af0 9e91328db5c47867 6731e443b1f2020f 207355d0ef119bdb 6fe75348ace47da4 4e21a1e6bd7212a4 893c748708867cfd 4152f72d082d0e30 6b05c87e4d3bd0a6 51f97943fac6ff2b 105710e945a88a6e 184c8703fa029782 af884cc6f8b4fc60 6fc0c28bb2e6c663 c32cbe51af82b5ca 6e0a0b390bb7be39 0519e708f4778838 6f1f84a82efaefb3 6c6388a78f398479 0b338eb784740bbd 3360a22c8aadfc98 1bbdc881b62b0385 d1a476d32df880e3 b7701565ad630777 0104841a027ee1e7 394395fe91a08940 bc968fbed1e52f70 3a69aa2bcda939cd 39ae96bba411bd8d 9258f4070983094b f3e1db4ec3281b89 5bc554f12d712928 a105dff5b78f1bf2 eea5ec8464f90b10 3e2e626c4aeacc94 e32d1c9f16e160f1 03b267b1851f807e 15d1855deb2c18f6 67252d01b053c9fb 9b48081dce21658e 255c36d854ea7699 ce85c77be644b765 346d43f33b8a9a24 48bf23539d5ac069 cfac55506d1884ab e269bbc49d6871c5 6fafac2c34b8c779 b5397229cdb4fae8 cb49cb0318d0331c 1a24682157c1cd7f de927192e304d860 a95fff88a5569a75 e0dda0d79d3a0954 3c5fd77a5e7753f9 4abf990f8f975643 ebd9d1566c692877 d50ddcb6437f90bb 10c10eb8f8b18b9c 7add2c8a8198c989 444ef07d6b142d56 7383888753c750b9 60f317c16e97fed0 389533ea0230b79a 7c6665e3ea803079 82e7ac321539d0b7 f29cfa7f085333fe 4a8fb4195887aade 5bca377230d4b94a cae04e9ed1fe981b 8f65bdd90d0ab28c 7972bafecbc429bd a9226e1087395030 121778b5cf3d304f fff66ab6c7e704e4 +Ciphertext: 2f68 ea5de77bb9ac68cd 74b281368e02d949 f6b7e61a595d03fd 8e652e1116ef2f7c e493c6cd45525cd5 366f406d2c674a88 9fde692b8067ce0e 7ee5df73f490cda3 efc207237034641f 6c16e393a6fb6d22 a43c2cd3871e40b4 a00e3dd5fdc6e025 cec579f4158284d2 696f06578341c1e6 b3b0b33e7d0fb428 6faa7e4cf805dcf8 b1e0260077767002 a620f059b3ab85d3 f444b1c65aa48ac1 6bb138a52b9c7d56 c7c217e41a648352 ec8305ed9fd26e99 6ab10e22a8acad2a bf39b53a9a6e2f36 d50daf66b61fe853 f0efe348c8c0140a 386b3579508b75e4 7055c5b0ea17046b 932a6aa82d17dfcc 15c4499130221f70 428d33f2c4c611e3 1358dd10645f6fdb 7b7d6ca8af40ecdc 7d63406ac4b6b491 822a5403105141e4 966fc23d10a4cde1 5fd4b5d277fbfa58 811a85db1f24b777 27f092855786b1f7 be2425f7d1413822 a52196f8a9813fdc 07136d9d07aa5291 1b19b8d2f5dfb0b6 cc744f43d8bb08d8 e48a54535a518d81 3488af994e078d42 2b1b643b67ba9c77 f2e2884b3bfede20 e628019dd245318e 9b7c35893af66563 5241fe8003fab751 a6ac89a71322810a 937c4b10a6de0af7 0f71a3e2f73d2ee4 52b16e4477601d06 7902ac5023c567fa 506ece4ca5ba6728 163a8c506aab7ece 30edaa779acbcf93 ce6219eab1b81779 6d17a748b24be3eb ee8afd9ab93a0344 45958a8e95a10612 94a934b42630495d 2713688c43966415 caa379bd4da58b93 ca9b11ad7a3caccf 4ad70f3720c8fbd9 020380e1ab49c2a2 c74e213e3f02cf94 2e1501e35cdd19c2 2400e27cd5e05ebe aa763282400594a9 9e0338f1986e8185 28523be122ccd58c 107904eab983429d +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 615-byte msg +Key: e64a81a510bd9f2d 1513a735d77e9324 34315e561f21b90a f608007c0fb06c4e +IV: 956e8a2c92ececb0 4c2c1e83d5cadbc6 de8281b0ccf1c378 0ea09e75ad3e8e84 +Plaintext: 242d01aa73410c fa6fc45db95cbd71 c1bd7107236b2bd4 10e53978fae737b1 f63e90ce65da4167 d325e04c1f93ddbb dc7a09d6f8255453 9b24db7652e5223c 6d899ddaa6f07665 03168ad3fda3b522 e1bd4fd77721f6aa e2728e80c7d08799 b1ad5e0bb4dc676f 51ebc9da9ab3ca0f 962d4df2e7889840 aa785b7e9fd0ee2f 8a53db4ad9c79ceb 864ca6493feca6e8 c5730a109281c37d bedd4958230ce066 c0231b805bd99e43 6ae027083476d016 34378e17be35fec9 e54a61f69bade4a6 1ac426938339f4dd c55057ffc178d002 ac20e2f1b4cbd18c e667aa404fda8357 61df046d99102623 5f433b172e1a2f13 f4d60d84bc6cc42e 8adb2c1f86bc44e1 5d1bbef4e585bd7b 0062dd36c28674b0 d60217ba1d406017 994fef798a7bafad d6215a12aec1404f 6f554445c6e12743 184c0979216e2cb0 db6afc38a13e4c21 9498e3ae3eec3706 75c3782d8256d033 835beaab0e1fb15f 17d55a42142da4a6 5e295eafdb2d2a08 da5582d43e0af8e8 dfd8c2372d7a758d 173711812b723ea5 fe7cd5ffceaca2bd 66b26924422826ca f46a9905c6a802a3 a1392adb2d32a284 3a384f855f92278d e0823504d5d6e341 89ba78fd21d0e007 7e83ac3a649859ad db05d529d5073fe0 126fee5b413cb6b5 686f6607851b9523 76bc9f8516c9ea86 a98d6ed37a32741e c21f9d13cc84278e 57326c0b3cb1ab5e 508c0ba48cf0dd79 6b75226b943c4daf b93a4a13bfd3be34 1fab91f18cb9aa1f d69df97e0e33bbec eb68f9d96c4c52fb bf69fb436254040f 8881dda1be5b18d0 ce9470fde3ba0b49 ef0cfc054a8b0c6b 9c54ba8bfc2c8087 595d580319c17fd8 011c790855ae55f7 400932d875210265 +Ciphertext: cd784d57c8ec56 9e66739e592df8d4 ae0806d6c47c4820 966ce7fbcbe04ab2 dee3ef36f75774c8 fa2be76fb83f6302 8001d8b5890a249d 5197a140b6768b26 68fb037714473cf8 0b8df0355609fff6 797f6c421a2c50a5 a56573206e6cfcda 7e5d8cb18162a685 2fcf11d0f41706d9 c10bd361565f80d0 3383b583017305fb 0aaf8b65c5725776 79ac2c4602145ffa e13f9cb07d0861ab ba1b6134e99636ed c7d9d181ef9fee3f fca6b20a023233cc e8d9ccb78b7c2863 660c21954d2e0eb2 cd833f4a02205e2d cc3b657fd0b95755 772bbe59dd04977f 2fa646613d2d834c f9edf005896cd78d 176507965e33f1ce 2fb9dd71233e9c66 a37d773e114f3c0f 795344e3da88c3f2 3fff8eddae2dd850 138ffdcf68f138f2 dd40ebaff29d0f8d 49cb2fd07b6e1fc0 7bcd8d912f988542 448a3922fc635059 edc1ecafe8341cb6 3c11eb4f06d38513 0b99dd2bc204c5af 435d0bef99494d64 f90a59f56d1c2983 d47373d455bf8c06 973d5240724d448d 36b064a77f509c1d 913e18a0e0742322 d930671798d5a5b9 5e9d032e0c303ee9 cf3af9f34cb6a7cf 75cd72f142826fbf 03afabdeac25cb61 71fdbaba02774fbc 5eeb7cf881ad99f1 a54ede36e5d50d6a b343b42d6bfa6f50 34e9bed0d7fffa80 f333be0019b609ee 5a41589bab211822 26cd001fedcc88bc 3a8aa66f76d8dd6d 548c9f8688d15d63 3f725e9d7c2c6cba ebeb07cbfb9b775b c3b6532911d8fbf2 b2d4a1fbca5f054b 38b81e673d4d15bb 06b325a3bd3da10d 61e46f2ddd288938 166fb673b1461e9b af1ec3f790fa39fe b48afbbbd971407c d2a6ca08eb09d784 e0aac4ade60c9a15 a7161d0c62033766 61428768d1065f4a +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 622-byte msg +Key: a28ed3d786bb055c e60b00e710669f37 db1b87aa37225ea6 08a4383735bc52f9 +IV: fb800339883bef57 c5fd7e6e73568d37 795e632b7cf8e6e8 b1580ed6efc39b0a +Plaintext: 0996036b5a8a af13a13666f810d6 0acb9f4a8220a662 f7d0ab58439b789e a61271dabbb52530 ab5823bfa1cb0f6e 7eb9f5e8cdd1dce5 f9249facbdcef8d5 ddd9de54145e11b3 4dedf39f162f99a6 51ca223f2c85470b 54ad345a66b796f1 a726f60bf4b0459d fc9cb8deac6ed607 ebc6cf5788860f5b 7033136c259e7b79 6bc3610745f1ea75 1f2b1a854dcfed18 b475a339c71a5b5d b67ee3e9e1cacff5 9376c850ed6a27c4 2063c39be0990661 159f47ecd38a539a 8c554dda8484b9ee 8608d3efd6632511 660c58284c154b6b 740b6278921e2199 5b81f946f51461eb ac4129ebe6230be4 59ee84357b8be2bd 3a829de6ee1deae2 8ccb8e351cc2f074 6de8734c07f402c5 61d0edc85442f3e0 d0cca03dced1d9fe 85f8b5b0e1d68e11 31c7581a201c323d e67c3becbf84a75a 9cb1128519801374 b0d315bd2c97624b 60a4815e18e4c2d3 50b817a6a49725b5 08f99bc7b973c3cc 74235767e54e95a9 62489520d994db10 074d2900ebc49678 7b6be40a95f20f8f 38af22b3f4434eb4 9f7b3d664a74a47b 730318017d53222c 5dd0955695441f44 66401fab41beb6f2 8004213a53cc469c fda18cb1408cf058 15f056b3a1b31c73 659ef556b507f5ed 6bade8a3dce3e8fb 0bf12f191db72984 0d93cd2aa1852ea5 9d914dbc3665322d c93c3baacd02b321 07b9a640fc1bf439 ac81a5c27d037c60 76e1cfe6ad229638 037ac1550e71cf95 57c29c2fc6017afd 5a8184841d752f2f 585522db03844898 7f2f23ae887863df 65d4b7ec61b1e35b 7f5d13766a236e97 abb7efa31ed470d5 a72308bd215f9788 97b79f81b77356d8 83dbf9a24a546222 d7cddd47e8593875 e21d1989c26d9417 5732fdf5af8ffbfe +Ciphertext: 9da7ec1816c1 cb5d4b3e3a04e6a8 88daf91f8f773f8e 6e5c61cd5866f58d c7696954e9ab3b2b 4dfbecce46b4b3ef 969ba52f22019023 a53917edd838902c 85f75c466e489db2 8a456695e6c26868 ad4fb507ea4f1259 bf2f576d26f76399 0e4dc921245c5c10 f7940915342d56c7 9963d3bf7ba65e9c a7d0c3018e8dea1b 6677c1d5090a3e65 0db38c26ec12271d 6a9a2b5e90dcb4c3 70c4ee2cd5b9c353 5edaaaa53162173f 21f13d702e399132 9ae75b2e8bbc8a08 1649bd8a5d73199b 7c53c342142ae2e6 22c2ee315650c629 4b962677692df43e d5c0f8add667c29f a3cab15cc23667d6 42ef886e8b67efa4 c88be4495b139b16 759ed613a4a81d76 e946806abb001fef 7d47f25a526c9d31 819a8fa47ab8aa1b b02f313dedb91662 d39b8689776f58d0 fb1a1d806dfcfb98 98f9e93ff5b0043d 2488624d537f6bae f5bb2f9b2811264e e917e0de61a909bb 0cdbfac97522dced fc7b7eb11a4aeb52 172f9a8c5975333f dae093e3e93a2e22 a6da25734b26e29e 44a2085e3372a2c5 754c9723b46f520d ea3f3914347dc9ff 44f862ca12e9c688 81d747e16f9af2fb 707a7c9f94fb58f4 dec49f63b2861956 213cb067e8558253 43df3c4a9d982b55 9a10b1a19162ce38 53b5916feae1ac9f d6e6d03e345c4bfd c8ed9f000f28a1e5 566a9180faf6f3de 986e9a0e5339375c 8685f2694b15a341 91f1f748233408fb acca3699791622de d74ba016411465bc 808a17165d2642c5 ef4f04b969ce381e 16746a3d02cb56cd 197728fb35b956ed 6867b21c84d7dbc5 f0a73e917c12879f 742d5834301a7e0b 77f70055b2586ef4 bb486048fef2ad97 e7bad51e44025ab7 b69c028241d1e893 d9825b4999038e05 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 629-byte msg +Key: c4de10a652335744 6095ce485dc60297 e7fe1a54eb82140c 0e7951304cfb54c9 +IV: df6cc7676308be5a 37be402526420430 475e78bd2189071d 13ba9c24f47e62da +Plaintext: f649cf73d0 09e0821c01a669fd d5011406e1ace757 cf79f40969de72cd abb16acf1d30b4e1 604422d50607fb2a a783abec30bdb8d5 7ff2f8b82d200220 abc8e23491f211dd 3273a42b746bc3f5 df115dc0f3b31ae2 bff891e8af69bc34 a62fa8eb4c1e710e aaf36ee6f4daa9a6 a534924cd196f4c8 b715276097c18853 c36f26bcf7bcbeba ed4eeace2d5d9584 2372b256736f2dcd 91d022e98c304ec3 2a0fc3713ad2df2a 260b7eaac8fb6fd8 7e5625a78145af3a 72b1eb4b36bff6cd 0497e6d0bc6abca6 7bb394446cbd1fea e1655307a2216157 8441e84e3e7568b9 7990f9a3268b3d75 14cd9362c2a98d02 7229a53d7e0a2b6b ef0782b94c5b8ccf b08163b01f3e4ae1 1ae1e3cd71caa268 59298113be08f5c0 db8c215607774a57 d2f28cc0508acb30 b578ec4d22254463 bfed504f0a23a79c 6f562eeb18d38b98 066bdc9a6177a8ab 0c1915aa7dc45c3d ccfe7bba09642a48 d3ef0f41267735db 7575bb08f90dc99a 484cc8ab29aed33c a7e3681c64d2640c 30df2e20da693268 469791d0c0551645 90996d19cfeb8fa9 7924813dc3763e2f aeacf250dcb36887 a25ac6bb605678f3 0d896abc16847acc 694a2de4cc56a0fb 74e0c298d35dc180 b145c2917e18d5ee e7a3285ca7807bec a0dcd3db2a7c73b6 ab0208c1686d249a 9ae0ed1ac5a4177c 456f0fc129e77952 4562dde883f09da9 7a9b2b9442ed781e 86b3b01dda0124e6 4f7688b245c15e47 8164b2d480b8081c 0a3293d60ae4a754 9c4771646837e674 2f3ff9f9a3171111 7c6bba66c8de9a56 824fa852675b9884 052399b5154f436d 0a53cb5ceaf07af8 5dfe5d68046a3da1 0b7bd1cf025933f6 e8cf91d98950251b 0b3867a4c3558146 4da603a0db62d843 +Ciphertext: e214d25ad5 bbd5e91104bdc883 f042061fa0920af7 34f11a1f389667aa 07b459ca8b6f4683 87fa3800638d7c33 efcdcbb5a75aa940 30e81d97ff4eb4cb 2463d55b467efeff 94821e1166afee91 884af6c88a3c60c6 d34e49f6a7385610 ce4c71cda47b3be4 e5b44e878e41dfac d1c8630b614f2531 0e41673048d3c2ae 7e100966355d946e af7a86d611b2ed11 bf86c9cf5c8bd412 2d0284db373be83e d5af9578b05bcde3 baca9d0c0acf300f c3ae82554baca084 f35c00c87b9c7efe f5b926fd42fa1518 649a75d9f2adbc71 eb1a5a40e6342161 55490eb012fd85da 3841866b87627412 a7fb6732c20ab83b 1188015b5caf8f94 aa82042719591df2 fd42aca031afda5c 5ab1c3c0328a4249 2c532e46494be45d edf71011b5affbb9 e11e76bf20f8ba63 a1f5ce7d22ab17c8 d2020dcd327a85a4 1ba4ca65106e0182 b07680e251109bbb 004711455bac92d0 b022bbc1b733648b 3006170b82d850c5 ba77fad3035804dd 9286c52634beffb6 808aa10b1774b9a2 23fe4fd1f942f3d6 0e2fd7e11c08bc46 7a98c41d63898dad bd0483a5f1d8024b c02469a234f7dcb8 91b1f914925a1341 f58bc79689b29bae 144246dc1a11300e 1a646a1f8a89a14c 7b5c5956eea21e53 b016c86fcc8d5f33 c0005f5a04a4a68f 2f6db1d74bb8731a fa893babbe4c343e 3ea6dd2ac7cde082 81f5420a41d92128 32d20300109b79e2 1bae3097aaea7789 1b66666ae32f3850 da8c9c6f28d306d4 94d927964b05afc1 17210db37d90c811 72b9468118353526 2afdbfa72ac56ba6 ade6b4ff0f8f7896 52de34d0b29ce8bb 14bb9e0f51dcebe8 b5cd8b7e2ffbcd66 628eaf6cf86b4b5d 4e5077a99c001011 bc7bf38b642634a9 1bb0b2b2cf97cee5 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 634-byte msg +Key: 3c791482e660f26e d4c0986d4273c457 783399d54d0e4173 ea14d8f6d05385ef +IV: 1d05ea900a07bfbf b98db9692e15b119 9b9902c9e00933f8 52f8d6fcbb96af9a +Plaintext: a3de 19d4ce10a6020662 06241bf22a772700 a846165a62036617 63962c8809f5586c 69f53963ef6044a6 454711f47699a6d0 54f5f8e917bdafda 466c2a13db29c317 a29c54e9e200fac0 3f791802dfa89f70 cc7d8d9e994db4a7 4925bd1e6c5d6c48 8b702688c60bb01a bc633904abcc9b4a d888de6232dcfde7 3269ed9205badc65 ed1ab729e5a8ee1b 84ad7be3232c21c5 42bbf11b28921303 cae2c355ee689ad8 90410fb585003d2b 5efee7858ff1b949 d1c0d0b3c4967d61 d93646506f8e2e07 3c8e3712ef3a24b2 13fe83d33742eb3e 4c3f83104e11c36b 270d7f6bd054215c b9a8362a6b7f2c18 6c5659b56248400d 7cdf101c0e2a6e88 7b10748f58e3fa3d ce3914e340f7dbc6 2eae71145a2b3f1c 294981bd4b0a051f 9ee62fa250634114 45e6d927b8c9bc22 24add1d6651271d4 1a25dedd4fd8109a 5938b88d00fc7f48 e4598edd191e5495 15fc83e5cc255c9d 191a2d6360bd1860 72ae1539b0d43a41 743a3bedac1d2d88 c8438f27d78e8ae0 ecd07837c7e1a4d9 b1ef508da816fd67 bc30e63eb9efce61 0629fb86cd728303 5cf0c641cc6b3c6d e0a471702fe84d22 86e499ba88bbbf8a 9756d1e9f8fccd70 31222069b6846884 c5747ecc8f72b4da 98fe5b4860aa8969 437319379e51f28d 330d8d97cf53b186 2a0881880eddb9f7 bb2535d08be4b368 d228d95a089c7ac4 2a5a15b35d019edb d507818cf551e5e1 b7012d3b4f90c5ed 0b1c1b397e03eb7c ddb0c0a5a9b5b8eb 8e1a87c08cf5be00 543b4e6ff5d64762 b7f8e6bc47aecf1c 15b89755fb98851f 1fe99a0c1af2cebd 5a7b9d55c4dfc22e 9e6343cbadc6ad0e 9a1aa1ab9bd28fdd 4f1bc258e9709d7e 906824d506d3beb9 8806384ef6730eb9 347de690d08a5e8e +Ciphertext: 6314 347249a7edee7ca6 eb56a2763715029a 57c51436343128b8 43a461fa4d363282 6b9b5fa7f42fdf7e 903a96f43da3aba8 27e3f8dfb7c38e51 c3cafbfce9066dd7 8024ec9bf3f447ff e458b629c23c5a66 a66f7432b4f2e00b d35fe0b12f0dd16f 909fdfdc7dd4f1c0 212d49e25e3dc26f 47b0b5fc0f9fd5dc cc85a820dce560d2 f5724b5e46191213 f0018656c98d93fa 9b4d3d9e8783159f a0a030f2d7ea444c 8e1d800d786021d4 989e60e98bf36ab3 92404280fef783cf 08e910cea082dfc2 f983619fe2ab6e19 77b49033a7efb9b6 c5afac93b1ea2494 da1de5a0ebd09c32 c87a606b88aacb76 51e5230e6b19de3c 3856b99d21754f09 6277f4f9004baa1a b241b8f320d43781 74f8221d792a1e4b 00d524e556945344 a6b3d8e46dfbcad5 75fcb8f0d852de77 670f5e0399301c71 8787bdf2cc61b2a6 554616fc5934ea4b d297a1cdae098d4c 7d0816c3b09fcf89 abe7a5a46824bfbe 8232b950aef78cbc fc64e70d585aa58e 3d11af95f610cbab f1d2e92a4965a832 8900b26493e28f97 b63e7111dcdd724b d7df3e89dc573c70 b468aba74bb9572b ded0ebb937f90b17 e582ad74191c4b4b 008e0b3f6dcb9739 52cd34c055a204ef b09a6b0078543501 19bd55a518bc9794 93b434242b926b61 7c98693dd63cbae5 9ef809067cae8ef3 b1a2396c0213b1e6 c0e75551d6b16f38 57d1120f2a21b1ff 2b45c3c063f02128 b381be8f3e3c4143 9646867ae2e6b4d8 146d1223fecbdcd5 970d30c7876820c7 a5df81c33296b5a7 a79e9fb3a7c3ef3d a24a435f151b9536 ed7dc2f3e98f3363 8f0dd76ee26ab36b 42ebfb56bd06db17 42cff6c8c43480cc 3da5c9ee80b32c54 96c6b87616e07d55 f028b52a28602ce8 936431dad1a2b3ef +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 639-byte msg +Key: 59078c3f96b1acbf abead801dac16b3d 88d02d6bdc7985ab 896feae3e8789baa +IV: 4a7290658c94b0af ecf744ff1a55ac84 931050542a76dac6 e743a31c15676a66 +Plaintext: 970a4ca37bcef0 28d2540346be01e4 27cc02a0f9848d20 4e3f6aa1c339b365 e0e7d8a8408be5d6 f20508fb1eec4e7b ecddad03a11347bf 0c38edce207be2f3 e2e3e28d86e363c9 d42e1b16d1ccc2d9 9c6e196296ff2b1f c57bd3107b047e7b 323332e1bbacd030 98f5963aa688e766 ff264fa61e6fc2a9 44b024511bfc0f67 997ed08e280db275 04018051e445458b dcae56b5828b92c3 507ee978498a1b1e df6cc27a152f93ff e1fbe142d42e62ae fcad36790a7d25d6 b08d296d4dd62c08 cca6128fc939fa36 f68ac1f5be68c839 28ccf8d9fd6a034b 2d86ec186f09c98d 28d4c8b38e547082 0d572952ea1eff92 26b3a3bca57db288 8f113a61f74b7b15 ba9eead0aaa87c4b ec0920419f768d23 be093f0c48dbbcf7 9ed51c302cc3c808 4baa82cd665ca6f9 5c49afaa2698fc52 ba77d5b02fafa9ff 217b996d579a3bce a3a397920a9976f4 25bfdd75c7add489 e1a46b90a21fff07 e2aaba00c0f759cf 8a2f3207de8675a5 0f12b28acadd9b2f fa390c94e8534879 a70b86d1af03ac74 c8f65a142a4c2a72 e2eb36d1774fdbab ceddbda44b740bbc 394605c86ce6bb23 24a117a135121dc4 65f17233162c1b67 253988a811aad138 60023fce3ec70e45 68d871964801d704 61cd6d96ee9be4ca c6f47488831c2155 e3e73dc96fce2e43 5a4271dbab41df98 9f262fe448c5bd3c 7bb7892ce9f3837b 8c9e06a34525a283 c3881e58a6f9bdea e4a5c1036cd22e25 0a2ad07c8b567f12 21cfa24209f1f26f 6a5281f68151fa60 fbf22adda2e9bfee 3cf45061b06e9e82 6b221a90025da76e 1947a09b83721d64 abb472583232f9fd d9be12c1a2636733 323d75737a8e48e7 960f8530f584ae5d bb93a25e63d663bb a92f1c86a75c638e 3ecbbbd5b7af5d44 +Ciphertext: 9d4702451bbd78 889c069b9195ee94 fd73c8117647de71 316a8088675e3f22 afbe78346b717036 a1571055bc8b079b 09035a2a7b9135c4 8e662cd410dc44f7 34f26cfe1e1089c6 747715b8b64a378e fd22813ba3b1cc1f 4c85b255d5aa001a 35988bf1092afd01 74fd8247c941b123 d264ac15f64b529e 2c73ffc4f7b38fd9 6d9c437b3d9affdc 36bfc9ad6912b2cc 9b71576312c3208f c0225e3599628cce db6f13cfe330cc7f 7f248d98cb9f410d e4fd449dcafa5a74 5a151be8f9d93f3c 23726ea9f382c5b1 a91192fd42f6db28 d9e3c16f0dae7d34 5a38851e3e3ff8d4 93a74d088adb057b 2fe01527e2110c8a 1e006f99bdc3946c dc4fe3d59d7dbb76 c492ccef2c4d5222 36551845a880b9d0 ce815f3eca607144 149dc597d370caea cfc1c0ea776bf7df f63d65ddf0d5bd3f 5c715305e0bc6e49 cf9f8cea19b7ce5f 55d8178a86a9ddb2 0b62a76734453865 56f3d084344ff15c 76b29ae4c70087a6 2540d8f7fc869690 1d8f6d2d014ecf03 3923dd062c8fc994 e996633c7974e289 c00acee406dc16af ba17f1887e180fcf f7372e67151b729a 8a7070d12a381c9d 0d9b07026476be71 60c28189f1dc6b0f 2ea1157277dfeff5 d21f1e876d34530b 27b0f3083d49e9ea 148cec51b99e147e 9222fa5a92034bc8 ac1b6d66ad784828 d8a93046e46a45e5 c76181b163f16e11 4496d2a6540e3d0d 95172386232317cb aee4e5f2d08d0f3d 4bd5e3579229c460 261e0e205349dab3 8bb39e7fe56fa208 8be8127a96034a85 a7942176b189204a 5de48947fd294922 276cb581b214b51e a2141762367d947d 5489902a872e67d3 a104606ff5420300 8b895eac94b97e25 76b5269464d306e3 9b67d2ffb3fc1ca5 3bc528d0dae4eb13 e69ed26284d78f91 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 641-byte msg +Key: 53389e1fae36b3f4 39c1d67ffd869073 f07896088118f956 72f49d02e66eec1d +IV: bbbfcb49193ccd1e 4bd7a7cccee8e501 a82edb0dfb10dd44 da29b3a35b0447b7 +Plaintext: ee 24a1bbed48150174 edbb937213201900 443bfdf2d3a3ceac 62ffe238a6bd4095 6f07bc51e2f2645a 09f91b118fab84a0 c4a0228de7b1bd90 a56807a2ddb67f57 a6e4966d93cc10a5 3649aed1e2ec0a2f b5f1c2f5d671d82d fcd959c3309a3ddd d3228f6ae20ccefe 799392dd964d7256 201626522849e92c 6e3721c327d142ce fda8f0705818640d dcbf105b333486bc 0cf696cb63a3b634 036ba8ca4ac356d3 2d5e01a67b599a79 66b670743f0b0c0a 817b598811e609ee c45d33ff22d94194 6a2c0935d6373aea 1f5efa4f4439cde7 888cb9b2b97aa802 b8f50d8a3679cab8 bcfa5245ee1b0a0a 10a0f615c92691fc 2711fc71e4c75b17 e81c7d940e0cbbe8 2bb022fd4d6bd47e 4065abed573a20f0 68f36bec1935ecd5 5ab8ca4533fbdacb c036c2857a915ef1 b793620075dd416c 53184e4ce02c21e6 18b23dc42cadf00a 82747a06fdf37109 7e136375ab77be18 ef69edb8c114c4ef 2af31e3a8189c44c 7a5391a85ffbd46e 9ccef67581705d9b 44ce8f5945559b9b 9662b5cebbf9203a aeb95192270f51c9 19ab63288030e79e 5a307e57f3576f8f 66e649a96163ca7b 288f00eddd99aec2 fe91f1b52f1f23c8 3a7500d954820776 a26923f2fb318bb8 f0bee7e00900b400 526ae94516a6dbc2 eb875e07ee3f2df6 50d28cd212ca2b99 0c2d4e9434ac2b2c 1d1d93ffbe2bd533 754ce00a4cf4a7b7 7a09ca712d9672c5 86c37c30e505dbed 6892370cae18dac4 e1aecd0af30b3e62 27f525f6d4fd28e5 666abbdda5738bec 3ab11d936ed3b21d 36946f2e6deaba9f 6080e7898f6714a0 b20951c3fb5e05d1 9b628dbd87c625e5 7ce50c9f40fbe315 2c915654e73cff9f 748787096f2e0f43 938dceb28057fbc4 bb8bed85f7a4816d 9311bc7c63e4b18a +Ciphertext: 0f 9aa49a4b3fbd0f14 1d7ff581bbd3ad3e 2e706e396f362c07 e4e6986203e91cd5 9a8e54529373da27 baf26e0ecf7f7f75 bad29851d3f6c837 608fbb3372f842d1 cf718fbefbeb07ae 042d4d21bc98f1d7 93d1ba5c62cb5905 26e6c21627844cf0 1f2a1fc07f33e48c 283dce1116da5424 f296acadfe2d70ec e4d76f1e27387426 163d636868a03d8b ed854df629c15abd 2cbc2f9867a2cfb1 d7fc0b2f61f4588a faa7acf4a80cd474 70142ae679d72f05 1267ddb87cf9a629 116ef8b6b9953d7d 9ed4e505c7293301 90ae73c259bd6cec f800c52574d5e38c 9e29fe213cd779a3 185f07c991cbd72b 4d61c6a9f22c3920 01189095d236baa7 cdf31e9778898b96 80dfd5cbc369f4ad 143eebc6db3323f3 8ed80085dae3aaa4 2737cebbd2fe1c0c 81ba54bb6b42eb54 22e8ca43c4928c8d f02c62104d1f4d4b 6876c06aa5165fa2 706c23806227a6d2 662c46d6563cd7ad 15276d14f0ebc3c8 1ef19ebf8abbd18f c24f01cdf427697f ff5507e7463fc8d8 a4e525f8f9fd1d77 e16b15e4f5c4b0d0 0c01f37555e95657 8d3a5ac7a78b803c cd3e7e05009d9f46 f7dc0d2720ef43db 503f3495c7d454dd 9b41e9cbaabc6616 ebea711ff8202c88 5137ebe0f036ed91 a19edf4cd46e632e e7acc05137e6e1bc 23e78cf14b40deae 7943e2af853da79e 1d343632d70f8bd0 fc880fdd3d0bb769 a18a9a39b6f61807 3442a1ed792fba27 0fd435c14f41c7c3 c961ec51c568b46e a67ecca31f7eee36 077c283a97b633b7 0b46d039c6d67c7a 3fc000ec161fc2fc c906ffe5dc4f4521 5fd16d968f369bb4 a5daa187b6eca209 2f414256cdfe892c 72919f2ac28292fc e7fd984166c3b4a1 1a5774b5f4c1ab29 12e8c11ef60db483 435a61407937ccf1 1480fc815906216d +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 644-byte msg +Key: cea5d8894b72ea2b 1a2999e1f0fb64fc 6d5a07174f5b4f9d e65f2c8cc8f20878 +IV: c5f357d21df66f6a f1e69a33f8ef6a46 739a4d2a633a6153 f9888ae84e8ac1ca +Plaintext: 54b9afd1 0d627a59fa4ddffd d79d81a285f780b8 48e64ebc327ebe01 df405eb1633e070e 8180b2fe1ea58dc7 f4cd4f178bb7c847 6527bce0798bf15f e4dd8735dacb8812 e216c0634338cf1a b9497cad6d234c61 24c554c8b7f54b88 c32ae35fa1a85964 99ed4b90524ccb7c 8dd8b16c1383358d ec87bd7bd205f306 e6ec1b36a11da48d 0ccdfc8b342aa978 d841965d661faa54 26369f01b4031261 b3eed6c2c0728e13 a57d7b5ecf1a9293 034dd2874c3ed43c 389aa4634337cf1f 94f7bd0ce7ee4180 cbc76f110d63ae57 74c40ef3ae2adbcf 8b7b72a869e853ca f0ce781bffdae55b e57181aad54f244b 946ef1a77529e695 87a1b1d80d60c5e9 2e3caef8ee7ea12d 5d4458330e241df7 cb1224ad87841d15 94d40afc17e54e05 b80907a99e229e7d 9a089db3a22bc0e4 827a4e0dce83a9d7 1bdb241b6ec016a5 f5fd2d38f50e04d3 0485f73378ac3699 1f6c18cd316db263 827fa93dfc394451 4ddfc5acdd89fab7 03820fba78efa69e 0cb129f7978c5f42 33883e6aa8970192 28797a0e3ddda8b2 ffc98c508a3b397c af112b92ea26d9fb 94be8dab5a2474ee ee91f165fc50374b 602017fd96da16ba 7253c3a711844816 0fe83e07fa26c6ef 07f0d5b9042bcf0b 8e5058ca841267e0 bc419b3df4eed31b 0bd0f98771e61e1d dc5ecc133cb69779 f221f6be3c2c5177 f4a15b5c7baba293 f03c6532a5aca5ff d3a37e7a8c38b81d f25a9ae2a76ffe06 843cab0c8e05de06 25f52a107fc0821d 558695f6dcfb5a7f f7c5eb3cab259615 d3da31561542affa 14c3f129e769deff cbd0b68f1445a328 6a2892d73194402c 49439841f8ab3cf9 246d6286c6f0e12e 9b498b4e1d5fbe9f b14c36b8220625d4 4e3e86d61f88ae8a bdbd242e029db231 2fb9bc3add91d16c +Ciphertext: 33765f2c 850a8b51461f8010 8e33c10595a8ba3a 279c09f392c694da 54075ee227df0a2d 182d67543eaf60e6 7e71b2d53aa7d0c3 aae530e017088a5e c2d398215d898320 d2f9f2f4ab041b2f 85d9ae61432830a6 8de33e47f6073515 8459d5585ab406b2 e676ee973e7e4f1a f03777e963f4b30e 68a6b41d03f6bb20 889e6f276fe2797a bcde9a5ede7c87e2 9b5f761e896c8b27 d44754bcf4d643eb e37f72a4d57767ec 542aab330e6a47b4 457a0e696042bd18 32587e7cf7137b23 c70ca85aed65d86f baf2c2c8c85b80ee 29e476aa9152134e 41368285adcd4195 041c1fc74a5bba79 c17eaa2bfa2f7867 ac07aef5137e5fa3 2c04f7a984502901 e904108e51911f5b e17b3bf0f41d4eea 7444797abb192040 07562be9be09683b 0166ce219d4c1742 6fa8e0f02c834b22 128582232b82ef4d a9cac0d20a1c1117 48195d417e202b2f 0a715f69dde875cf c4ae77549803e8ef 1876ea8b285ed303 5ea58ea91c932a31 75f501bad0366de6 67ca5dbc50c4d73b 2d026a491426f17f a670d3fe15c5dbae 94e88bd3b306dcf7 1ea09924a9b56e23 e98c554fdb865f9f 1bbcba13988aa62f 2f9d0a7d4c5d37ee 957cf9b27844e642 528dc18db2198af4 4dcd5f703e8ca8cc 2069347f5e51fb53 fcab05fdb86c7785 310fdf461859542a 689df0d1fbe1c808 2d6ad0a5b926efe2 1728c8c10a84c5d6 b4f0158f64478799 fb768e2e6dc1f598 13e2ff1250902268 6d8ff699bf39a864 69dea74b4a4ee739 9517a0ee4417e3bb d516daae4ca637b6 cf36f45655bea13e 54335f53556edc41 67088784e5e6cebf af89346193626746 c3bc919767fffefc c75e3b5a8ea3e7ce 55e4ea21163fcfe2 c8e404c5e137d9e1 b0dddca96fd10514 a642accb46ab2652 5d6b297d59194fdb +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 650-byte msg +Key: f980e964c16d944a 94a41c72212c3647 79e02985b87a90ed e8f15b3d2205185f +IV: f61771e10e3ff5a5 0d991bdabddf832a 6a3d80358960d43f 9ed1ba255c812a96 +Plaintext: 0da5 587f34c37ec7710d db3da6effbcf58e4 3afc588d848ca204 5e7e856e2a4204cf a6287d23b71988aa 65852283269c0b7c 5fc16c29283bbd33 502ee6f3a0caa43f 64c32f8428011a15 c0987ac38bfa4aae f86c0e5b48b6b706 961fc7391598b59d 9a3893115ae8eef9 f460f6d8b252de22 0be4864b6d645824 3a3770671113ff90 4e6ff1efd437cdfc 0ac3ddea230a907f a3131c221ead6736 436028a61aa349c1 8a4f91491e547fc6 09ab7920678c266d c5e01808e4f9aee3 ba81381ebab05dd8 55c2ba45c1a9cc00 f9ff10a3053e6896 7b33c12446b0f3d4 a682e8f678a2017c b8b0b50b449c7c52 e2a7eb9b858a209f ccf4609fcc3affb0 0f4a8057dce2fe55 b9ffcbc42f975663 cd8a522f70d71433 c10b3da0fe009a20 fec348686fd61c0c 639841980b0123dc c1928c874c8c0df8 6061a05065688bcc 79d48852b8e72249 bb6362ae5e42ab64 c7a6e3cca413d396 b3dcd1d788db9c5b 8b65873c407ddab3 cb48752fb3c2b6a4 e6ae9d26fdd32eb6 c265175cefc29376 395f8e4f8d010af3 9a30c1428fe80c44 269303bce134e600 93e5bc07238339c4 8da8e5b229d97bb1 30018f107c1e74eb 8f3b5db7d79ec21b 31420601ab8856ee 8e29d48e9c6ff594 96a527c101ccb841 2a8ff33e68798cb0 a1663e720f37b29b 44caa30b6c2a4044 d302d17ca7589ef0 fe770c7a1a2d0a66 ec37ab82d8fa1474 b87499502371236a ef02d569f42bef9d 13dcf293782205e6 1b9f97578d384620 f10dff8648ae67ae f38c7ab172ad72f2 72a4ebb007c144d7 3685481cb6580e48 f77e1dd46448d4b7 e6870a7ca946f197 22b940f9517091e2 43d007f7dcc43594 d3b03b63fea7322e d0ddcbf1205f3234 2b013997dd98b2af 4c6a1c1086e383ab 8c8aa15b9e3349ba b97506395f5eff70 +Ciphertext: 6533 c6cdb31c81ef9439 d2b8742c539bb3d7 c4862cd4edaa9cf5 b11160b65acbbda6 415950174340a178 49f69f8d805f98af df4a7d093dcda6b6 5d050f70c0499d74 ce55ddc7e2752bb9 a5b9ae3c9a14805d f697041e422f8669 5856afc18ebd6c57 1ee7a2c5a9e52c6d cabf3491aa884e12 7987a7b674b5be09 a0c8f8eb2eda3df5 20c17a88328aabec c6356f432db98239 2156edf82099d43b 78c01de47442996d f7f40a973b6df9f1 e1b82bbe6d6a1ada 1644f7a5fc93f509 f4ea7e140eb00a91 86ce4a658523e593 c20d15e563ea3523 8055c8d2832238f7 8d50252df47049c7 255283f9cd7cc21c c57d93ae0ca4fbf3 2d54aab588c5430e f66f9eb162d8394d fe29ff251e05420e 36a8a80f17ad8a56 d5b4e7a58f41fdb2 606c9d85e100c1ff fee4ebd291c97f38 8355788afe4fe76b 3e14d18c45f752e7 3de9d2aa32b9b31e 9880a502b0f40035 d68f16d0319c6b5b 14c9a710a7047fd0 d5759c8dd03b47b0 af4742ff7c63643c 059bea559550797d e89abb9ab49903f7 be08cb1b8d355b69 2088c6ed5c4c4841 49c55f0b58f7f58b 4b001003627fc5c2 271115679f0a3c26 2e94afb0755ef156 f46917d58790c947 4f814c9390f45abc 758ae919cfb5177c d6265a97e745e295 620458c3b21148eb c120e033d691e7e8 50963e6447dd99c0 b04b5cea93f8daea db99123ef4f91122 76789cc811a4a7d6 967100c21661ab44 ac1a2fb494cab248 bbb180899663617b 305b8918f1fde47d 1f2daa2a1feb5e85 894681aa959be5bf bb491f2f830c4a79 da47ccd98e77c6c0 0a76b2a796f9ffa1 304beebe171f6c81 7123db56625abad0 6e80767b1424c9f3 9226e0dd6a0a7057 46b30536ba0dbdeb ce68779526b58788 0de456b8b44070f2 926280881ae6773c c1b9878ddd0ad8e5 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 656-byte msg +Key: 661db233a270e558 3acf903c1dbf362a f397e3cd54e104aa 37027beead1ef36a +IV: cf3671dcf4932c70 28689f86dab3dcb6 d564231172c1b3aa 0b09e056b25766af +Plaintext: 23cafd5ff8e32e9b 1c2e64ed82254637 175144f5f5b270c2 d961901ed774716e 4c227e44152890e1 fe6a08f87dde1cb5 a1a66efe457ce3f9 8953b2ce833bbbae 31861b14b229fd4a b665b23034a60539 5babc8b6cae7b357 03276fee1d76ed77 ba3dfc5639af1bdf 2d648b1b0d44a9c9 2da77ba4ecbb89e4 2f25ee070febaed1 cf914a92118292a7 49b2bb437182b170 ffe4ae5014bf0ca9 f69558a0c063a7c5 58c82d50a26a0baa f3966930c926c533 b9a88a43a8bce5ad 3ebed44298a5805a 3d2bcc19542f2ef1 1457be687bf98c1c 433c3704127abbf8 f1e98b74ff7be099 660250748f98a283 923ee175f1c3af32 85e8dc1bb8c13793 f55ea4be5dab6f88 bc95e0eabb6e1069 5793fadf914cd57d 67f3a21104590185 346548a81afed632 252ba50240791fa9 499e332cc55ba706 d2a7b06d5c09c0d6 94469fbb9e3cbd9c 8a0ec7448681784d 52a6b2e6f4bacdd4 ac4a2fb72a9a1c8f ff48d07e522dcbd0 d4846d38f64ec25c 59f59f94852feeef df254678d5d5bfb7 5cb4047a9c98a9d5 e9d6bf67f6a7a6df 45d123bfe283b260 51801e36c57f4e56 93d26235e547ffb3 b34ce658ef56ccdd 008366ee727ec32e eca3de7c62637475 8bea133996007472 192d0a934a21db5e 71528fa99de7c661 96d5afcf1448d71a 2e443e0e158cb01b 02c352a16dd17c6b 8088c679cb886602 395fb9b943f51f50 63280c3accb35cb6 5854e709c22e560a 156c35e464274918 bc8923c15733f51c 12dda547213c2049 0229f153afff1246 18450174d08d17ab 079b1670b8ca0188 23ac30bd7ef1a3de e88a97089e0e5724 715c55b1788279c4 02ddb94cce82ea9b 7fddd5224a988e7c f2be01aff621ceae 09f95722c2cd1669 959735df0223585d 0cb8be00edfa882c 080f58d01f011eeb c6632f4f173898a5 +Ciphertext: 74213564a5266fe9 5bb90b59002f1915 82f6d0d806044299 8d113ad1e6ed63b7 04d41bcb33915195 f895b62fba46c271 02276957e5e57ffa eaf9ea620ea02125 fd8fbc3ba6397b98 6b6d92aa0f362e5e 85253bc3516c4e4b 81072ca8366f15da 87eda549b19eb6ca f2d5ac4caddc896f 1288d4bc0a6be93c d5e36a35adb36f48 53390635fbc8d444 04eee3f612ffa29b 0ac1af27acf0ac26 da400f724cd7c0c5 646aba36b9c62da9 bfa4ec43eb81443f 65979c5f8722a76b fb517ae851650a5f 583b5a0a56937cc9 7d7579bf560a03cf b68eb46bc8d18dd7 b3441d02320b15d0 659da2a05f7c63fd fd47e4c4154e0f93 7dce874af29a08f6 c909441007b56fa0 0b87f33c4f7d3f17 29a80835f0f943da 1ae5bfd0014824c2 f8c3c48fa5fcf4a3 e61f159c93579644 9b5e560b126e172e 17ef239f9c4a9b16 aaf755198397bb39 b0fdb6bdc227dc17 1a81474cca83b75e 361cf8a6db2f1bb5 8774f55607bf16a0 bceb28474ca6976a fa292416fcd1ed8d b878a8e90b5da831 9ad1064dfd5a4600 52026e932a1420f3 94a345180ad1cda7 15891ca9dfd86308 bdfeed1ee521b022 c46dab66d43544ed 78bee584075405a7 30b5aac0145d49d7 4ce6dce617dc391e 5815fb73cebce42d e59933ad3c4291ca e97c13d540ea20e3 4a0ce1e23f2528d5 e4e76b1f22d159df 9c88acc5aed36256 45ff7025db406bdd 97ace1bdafcd987b fcc39b106b501488 dd7a1f2ea4370455 f2bc1602a1dd73bd 74dbb9771b7a7b8e 1dd583afdd87c8e9 bba3e8052b88d003 ccba54061feacec9 05820b2097b9eb69 96f0aaabf124d094 e1c2ad5967e2ceef a1c5ea57df1f2cd1 d64d2596d92618c2 cb214070ebab17dd 40868186fd9817b6 7cdcd85d5fda6d05 c8ebf9b5aac135bd c20ffc4114b659a8 514ce65a68f4e80b +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 657-byte msg +Key: b1ba74f5d7b38410 decfdf3af512c3c4 f38176f0e391e406 c0e089a47d239156 +IV: 485f3e66105d8bf6 45580f4bdff8236c a18447ec9f53c204 fe8389e5fbee624b +Plaintext: 2e 5a495610f01396bc f05164f2a2777961 903eb926f2465090 6a000026f1cbb9eb 115d6be0566518cb ff6e2d37f80712bc 0d21008058b813fe fbb6a0061514c805 ee424d8775c9a5fa ed2f4db5e31a6039 63b968b66b6074d1 a0726ba440849f06 58bfa50d378665d2 22596d7449fa8b60 face9acf15859c90 c0fe09075b646776 b79e1b7b82e67fda 06b7347d14edbab9 3a283dd33c71b2c3 c22023374ffc47db 72a556d8402f1b9a 01104bd72a3c15cd 8c8efacbca6adff2 10a1613d029468bf f39dff2c58aa639b 7c2b598a752fc523 56c979bea6b94ba6 11486a205e74f2a9 a14dbd80b29f7d64 ddd1079fdb0df243 01a261b4b8a61d66 2ddfe7e84ae40c22 e47f39db3656917e 8ecafd1d4620c3b6 f6de5bb5e8787ebb cc2c7f9ead2bdeb1 24f91b45cc16c86f f5dee20c9dae6103 9c480eca1e79952c 56f9db49719291de c9840ac65c2949c1 7cd55f75c800f4b2 5aa723fa42ef8b41 330ca2f17d614d31 3be8ae67ced53dfb 8a761b5fae5ea34c 9ac2414e3c238782 cc2d7d9eb9e03933 e3edb02f0a63cca6 868abfd2390f9658 c36211ccf45db278 872614590d567e6b 275bb827f81b1d49 dad9f2d6505df65e 3d4f3a7e53e533aa cdbe0e29610d4361 70f96d558144596c ed2b5d74db8eebe6 6f51656c3f0233a0 07bc14179d4bb19e 279078c38b27a798 2748a7b3c3eb9c79 c3303a9da1fddae3 9be9cd2aa959f0a9 b2e88079ff0d3053 f0f8799ceebc329e a0b36019621e4ffa f30de26a6d7f270a 7bc92e7dc63c1c28 b0027b354549d4de 6ea480e868adbb6d 75f0fadfd2047f4a e8fb2ad9c6fd929c cf2f5488b0d9abc0 96c941139df245c5 8b59be92be321ff0 63451b95e997ba39 b547ad9d18b6dfcc 7eea4ca0e8351689 9c11d58a1a4f2f84 5371aab71654bd86 cb122d7a6326978a +Ciphertext: d2 bf704ac69405b421 2e6920a6f6ba5ca0 31c734fe24471a81 a760cb1af7ce00ba 8541938b74dfb4b0 7681dece4855ef22 0006854fe9bd4620 de1d8699b5fc9b83 f0339fd0ad30e0c4 01c4e7adb59a9f04 9a9ea821fbeff6d7 a6ba438960138a95 7b9bc84907e9a631 fd41dc5cddee7aa9 604fff90bf08247b 18c5633799bc6b04 b6c08275b2e3c44c db80839c7938960d 50dcd4b46d9ecf35 7a36e388a24da1f8 88636b3a4a328fd7 16f57c94d766f5eb e62abb4edc9a1bcc df398a3939dbc058 7398b3ea5869b410 62b05be9e86de389 9a306441c57665a2 f03161659ab787c3 9d8f7e0a7a8d1626 9316d85912ce5f35 a106a35a8959a163 1acb1c2a2f89245d 0eaa39da53935e38 03e497030ad1fb20 b167ef92e52e4d34 4a50eeb1a87907e9 fb9a8416ed6cc73c 0606548b15cbfc2f d63b5d15d3bd015d 10e91827401887e9 916da92479bb0d09 217f7af4f9c5c74f 2a02569b76cd10b6 3b282533398f98bd f5af842a2cf29dec fbaf00c95e256ecc 1798aca284f10b1e ff6b9eb0049c619c b22255e46b00651a dce59d9a88c93979 f0dbfb5437262584 dd241018f129d2ed e331701e52b1a994 f2875307953a72ad 1c32563e99d2cb89 344d7866522dca11 9d74ffe2fbc0307d db1bdf2309e91276 3280f70174ecd0de 0a984dca5c1a64c1 3ca24fef1a43deb9 4607e9313cc1eb79 defb9ae4159971c0 afd4c11f2a93f6d2 0da5feafca1e31ef 8ab4c23eb87d947a 712f8d6c1ab49167 2f0223361312eaa3 96c0a1e5ff9d2713 b0f776761e0dd3b0 0f03570e3de888b6 8f4448242d7f9cd9 44836fcc512bccd3 50a9bd49d7ea5aa2 ed5df5925ca01281 8ef3937e8bc604a9 0e986c6dcac92d65 e546b0f5df1337ac 8bd82999ea6de13d 4df12e9536782b08 3e15c34b492844f7 af7b352b0f395613 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 664-byte msg +Key: d1489a30bd55410f e1e9cfcfa4d98f20 457e49357ac30b77 577d297b72fb8331 +IV: 45de065fd32b764e 8f9f6ac479439831 8a40522d52f35122 e044b246e2343ecd +Plaintext: 0db6ee5cbfc0aec0 e3a162e0169527f0 0797dbe82476df35 732b1baebd6a43c9 f277590fc93b74cd a797bf0dc2f8c4c4 862ceb4d38743d16 d9da6e9a4dc41b8f bcca506039c54ddd a1288a32c694f815 cda68a44d514f42f daf8b3f1d86b4d85 3356da375685c358 9afdca366a904a4c a6aec0b5447e8be7 3d2df09da7876115 1ec4ff7c69a45da7 5bbe8703f61443cf d7ec9688cedb8aa5 cc232f85023fe0a6 47bbc717ba49a430 a912c980b24a6907 280713a5b9537ad3 4d7f779130bb519f 74e43bf0919d1e5c 4fa19995e658475c 63a840f54d0de2d8 89ecd1a97b243c6a 6ee762f036c85593 1314fe2ad9666237 4e76235ed4324a1c 481043b529a2296e fd6b45fdf0f1d13e bf130127d49d44fe b31ac7c994e93a07 5193d89d835ca113 e818ea00094018c3 1945a9741f24741b 583b311fd65b3b01 6e1e9549d17b2bc1 f9975be2c7deb48c ea53fefa02247af4 05826b46e2afd472 655984a25b2650e0 f690a08973f32dff f9e4089fc5c5dff3 84967c28000e8ec2 ffebac8e688697d8 a8aabfdf54a60986 10a1d04caf2e2a7e 9c216cac78a0f059 047d15f642c38812 d78ec2cbb420d288 f5325dea0988e3ff 14c843b9918c829f 3cb6c8c32f04abf4 4be4b034d9890f6d 713eb75f1bfa92dd b5350a3995fbccfd 6f3fccdb787189e7 cb5392040c08499c 4c6de7952dadc080 4710c913ca1457d9 64bf29286533a954 21836f2295c5077f 4e69f47287c9f450 9200862f7900aa9c e4dfe8913d7293a1 131d4f76bce9d17d 3fd7e6e07175b7b5 5dae4b75e9e64daf b74710fd4a55d038 6ac93be8c99c2ffe e662c6c632d99017 72c21fcd64efc978 a59ea956d205e77f ed2e39600305aa6a 0cb09b0b131e07de 97e30b1f3043a561 768cbc831eaa60e0 66f554c6b44dc92a 79696d995c6ca472 95b91553960969d1 +Ciphertext: 3499f5f5c1359676 cd9b1f0cd1c91dff be71ee5acebad39f f0ed281ef1c658da a9c25301bacf65f2 240a311bb48c4b26 1cf66393daef9bb2 078ff866a70ca71e 79d2a08799dbacfc e05208253637f0fd 4a63fa7222599566 e367b6f07e1a5b03 faab7ec629fc0bd0 155dcc1eed462f79 31913ae5c2a66ae6 d4cfd35becc79f0b 02d4a74ad0f77459 398d85ef9532ea1a 673aef81fdaa52e9 43af87e6c6d6dc36 67b90eff3d9b0af7 fe2814553c3d029d bda3b540248668b8 5facc58ff415b997 d35dad5c8efb9ea2 5b7c7ad47759eed2 8c103ae0ae245326 5a02230e915794c2 f127246cfb2c8e5a f76435f3fd161b9d 4664da1750ea440b 4b493e0d86eb1e1c 46b70e5e8e36b859 528ec6acdb844305 de104868806a1a45 fc6c8169a1b037fd 1bf745bc88ccca40 820a3243e6e63105 e047c61ee23761a9 9fb67e9ecc0002f0 ea1254bfcb816ac1 29de86dfeb1f64b3 590dfd96f89fc3aa 499c7b4c5ddf4883 37babe02e5fe6433 7e9e1e6b7b433d08 e66331ace41067e8 e6e6bccc226eec6d 0e96da59341ab2a0 679313e1bc012ade d337add550feeca2 83ca99ed8600ba72 5556fe61015fc3d6 57ae6be30409447e 089ccf22c104eb1d 5260c1c26d75d269 bb9cb0505eb07c9d 7142ba19fc5e3f1a 64a1ecc7f458db15 74ce74ec4c4a0e94 a575ba40c4be88d7 001638eaf18cb894 457b083ecfcbfc19 6001f0dc3a6ac2e0 79fe50cb8fa852be 641f5c2a6972d6fc c5766adc3b55d67a b8e25b0c88de5263 9153e1946d0750ed 128e04d04b12715c 247e286c920265f2 61550d623b1d41ea 617ccc839d83262a 4b719de71f982240 14406809a49f9804 1bdcb5efd10e58c8 2296d72dac6df544 bb9978653294b2fd f9b218e633860346 fd174ec59a8587ec 0fac58f0fd7b029d 5a9d8345d9bdf708 c8d0f568fa13667e +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 665-byte msg +Key: bb4f6c766bc4c19b c59102229b15a4f5 36445755eaf03b33 ed4851de6a9e30df +IV: d06df921709a8c56 47fafc9518154148 bf292d45c172a23b 27a901508dcbe508 +Plaintext: 76 1b1269e26aa85d23 969d57ec516939ab 23037618b20d730e 424b349b785a3453 639f94e9bd7d7800 6dcbaf3e518592a2 3bc12e1839e5a54b 1a18d1bb2df62b0f 4c88ebac19737186 886fe4369efb194e 7850b6e98e939786 394e70167321b453 deb5b65409f20f5e ee723ffebf359754 e29656b23a7d1266 a8d759d3d14399c7 220e3d0812621930 a7ba08bb3c99d35f 817c559cc30ddd93 6e99d41bd0c4a012 1f7cc7f1be2b58a3 bc3187989e919715 5eeafdceb3aac2b6 937e2916f60d92dc dee59e3694b59460 34be03bb6b84a91e 80c9947091bb8777 206d9febce8436cf 653308011c69940f 1748c64c2edad223 efff63ace6aaf57d 1c4d7fc3dd925691 be4c4e77dfad2257 6eb916746cfadacc b476b2a839ded471 8f0811c5ad9fb8ca f11ab8c264ea04e0 40f83c5aaf4e89c0 d614c98c12bfecfa 81859d1ac5142523 04838d0a33890353 95ed80287e3da7a8 5dc3ef81f9b504c1 fbac6be9ad576543 01711776d5f0e758 75802903622ffb2b 526a6daf7728e66d 0465c35beed240d4 efcb9c2fd1897896 e9998115e28c4ef2 bcf18b3d138058a7 a598ec980fec7e7b d779655dafbb7eb6 f820ce8686bd68a4 a33f915356252317 e52d2fc7980ce6e2 c062ba26f8edc05f abfd597ed62811ea 0f3ec71bc7800f64 cc0cd410119c42b1 b270e2b53389073a 09186a245b36116c 09d575baeef7e337 621e239c03035890 b68a2730e8f61bef 1a5948a09c4f2fd1 98ece25b53f36937 b0496393f6a9f025 d298cfc0a09cc425 e6a93d1b21dc34c2 c56c57247fdd670d bd76de1d70f6d41b 1083238ce1e3ca84 76ee8fbd7343e9e6 973b1c3df91ba660 918eda60fb52cb18 78316bbd3633f4b6 d11287ad19ee13e6 164279cf4917eed9 3577a0871e259cc4 118bef7a24f40b60 fffb6d149b437d69 4a69b602f8370620 +Ciphertext: 57 7ecd7ecc2176b04d 9670eec04b51927d f73867d9e7a57916 acdfbba2c4a5eb18 47c894dd296e1ce4 04f2d9dbe1e9d095 6b47a194e387eff8 ee426c2499f414c7 9c4928cdb44c1e9e fac605c80fd7de30 978e7ac65c493c36 f25e35b832a034fc ed8c6637af5b19b7 03a785de9a5b25a3 b6ffbb0b122f574a f5769b722df0af01 76a8faf834790bb8 ecd37344da618efe 66f8c49f2257b8a6 7cf636ad8b4369b6 2ea9477b4bac88df be5376d2097d80ee 2ab6e43c34d78994 dbc31e6924f86a71 10231f4e901e4cd3 a67b80870f9575ae 51755d9b896a5e42 e5cbb158a8da548b fe6c0a5b20979c7c 6593dc61fa81cdd4 6a4964547127cfe5 8ca8edb7b106ac35 103e793d20c64bf0 fe0b093fb5bfcaa7 686c94f269911466 07dd51c1383d1fa8 a820b42abc4189d3 b10fb2786d21b760 8417bed0c6ee8992 5129393dcc2b01a9 cbe62bfdab36c4b3 4c4e3f5b124394f2 3c897d23431e60a7 e58f428e63d1aab4 bbba746707f9d5fc f0aeba53192a423f 97708e94f5813a9b 9423c81b19214b98 6e1a4a028bbf7b2b c90a5c5b0edb794e 6b87f47952a4b29d 2ad88a0b0f53d524 dd2c7f2a8d42b221 77cd73878f970e24 760e67dc2898dc32 62786fc3726ca133 5a6765b340ba81a2 3389f8d2693adad1 c942b3ca0f1ea320 474cc2249fe9d430 839c7ff7e973ed7f 5fcbcd42927e9be5 4c2c91384cd8b9a9 fb8af187e15a9971 832315af42ad3067 f7d9e4783a7ffd4c d7d0693627c36a23 3a092472c38439a3 2720abea18fdc15c 343129569a57b33f c7db80c6d9e7f071 2d2b48dc84afc717 af10653512328cbb 913c38b3b48709fa 3546e2ecc93699ab c0ece2a85eb79175 e204ff84a1abefe8 9ccabe1b66f6d3ed a4698a0598fc7cea e9b83532eb161d0d 4c8456c842120390 5040c541b43f139b 503ef9a49c7f45eb +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 668-byte msg +Key: 78b862d710c9e379 f6ec358ed82d0993 891982acee183c99 1afd8de5b8dc0a60 +IV: a91b4dd0efccf6e4 ca3af06920c2f6c0 22e555902d9bf3b8 eee99088cab54c30 +Plaintext: 7dda6978 017853b2b18ddded aecace6c829f9c57 039977af7aed8987 05557d723a1a3e38 0d7201cdf40d8583 49eb997eef70e068 38bad1670632014c 3161a50e29065276 dd65081bdbe16f91 b8cd60deb280a72d 94a708c7dae0803e 1684cceb92c3309b 37f77186ad322381 c4192b7413f67c0d df0824b63e1e8cc5 7b64fbf3bd7c5d10 e4d043f5b4272ab9 3577002859fae470 e0842e1e7914af49 2aa93a0df157623c ac99864f36e90ba3 d38ee9e2ceb669be 60c42de6d4eb7032 e9fc8f21787cc886 56fa427e7c9f4ea5 6507ed8ab84f9260 277029f697cb57e9 8105041898141758 ac9a8069ce727c29 b589140860f0e7bc fd2f2a360adbedd4 ba6ba0d89a47d519 742248f8738a1c96 89bd67440ebff13b aaa9398e7444b95c 5bd66b4ac63c8c30 7739a013b50eb654 aa4bed260ae43745 f5875de61f2d44e9 2ef06e56631cc307 7d8892a2da27d3cb e0daaf979b884243 a7719f2651bf14e4 f95eb0e5bb0e0305 4eb7258d2bfcfa63 f212b37d0ad3989b 880e05365322b3b3 85cb39dd143bd392 b16d61bcf0b6b384 aa9d03c2a0ecc3b7 60079afe6d7da9c0 9add1228b7cbbb16 6f524f18717c8696 ce20a74ca2fc4bfd f7036366e6f87c72 ff3c42acece543f9 500ff687f577fc01 2746a5055b2ab6d7 15ab6a5708bdb630 7e91d153fab1f4a4 1c4c5ff2c6ce9c2d 7db407d3129f8eac 81a7b6b719f1de64 dd84c8032b58557d 9bb090422aaaee82 9815d5a00e825ae4 049e4f7062bf7d75 e5bc2ea6c502efed 95e4935d6a337b69 3f0f155398fca3e7 66393e682b4d1acb 5ee20b2311d6485d d190702dce90ca48 3c4ad1d4f835f01c 6f1f8a89bcc33dce 109d686257fdea33 185b2d999dea6488 556f100b7654c9ed e6f83bb95c4a6fe6 c3964c4bdf9f5dd9 32edd4882168cf92 5326dbe05a82b6c1 956e5ae2540a367b +Ciphertext: 7636e9b9 1a951c7fc0fd5d2f 997f4cdc575b738b f92f1cacc4bece39 c7524aeabfbd5318 2fcbaffe7feab0fa 14f9290ecb6c45ce 2e7166925fb14bc0 610d3bd3d8e36110 b62808cde97d17e2 53af8ba18b122c41 93cfa92104037a5c 934030471c8e9eb1 9915143bd2286951 e8873867a23e0248 285792809b1472a4 b864f5b6373a6d7e a8cbe162ea5d87df 77a2b84f73e7c9f8 70be9c7775ae3679 846099cd1d634282 ae9c579f37224f66 28a5983657ca026b 2375b6c847088764 14bc70787d6718c9 e120562ff7affc04 0cfc37af3415909c 3c6ea285fb023662 08e635332b4000b9 f4564457340d8e0f 6c3393c082fb53fe 6f7d81e6cdfa689b b90df632070eec87 add9fe0f8e6d3d77 bf3df708e13d412f e86f85ccf0696b22 4938517f349273bc bcb76ee07e919063 ec8a436ada28d106 1e706d722385296d 509b7abba7e5b47e cafa109185ee0cd2 362fbef28a13427d 76a7621bc45b2c64 770afa721c1886d0 f18c5a76ed26f705 2e557dc9697cfbae 3c900cd204ff7626 a46ba6f6f5bd477f 690fc628f4453d33 7d6c8badc2b03bb9 23a427f5afd51496 c1666ee767281df1 821f953e719094cc 1dbbca75ac2556ff 0572c9e125654c3b ba59c6e8f7790137 ec4913e9412adacc 5bf8df6c53d25729 4a3ddd4e5e84016b 6eb03e760ef3f858 bf0d6dad2287f292 dffbf34bd7a90ed1 33a6744af14c4ea9 b182231775d4c795 4f0fc33a940aef61 3b3bf006d5ed8220 832c8f83b2589df5 ae78ad9f702318f9 254453dec1e41803 7905141f85501697 d24ec443a00f680f 15892667ee5a4199 2165a827e739da5d 3ed95a1f15d53212 fd2040f3eaf28c15 7f4553f4a9eb0490 e7003f3babbab5cd 7390e6eca9228b2b b083db448d7e347b 4d86f9e9eae5259d 532bb2fd23f70b1c cfffd0c350f87ae5 c27c64dc92b40b32 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 674-byte msg +Key: 75bfc6f0e227b5e7 ef6ce4a03395cdfd 16393bebe6400142 27edebed2a1df54a +IV: e1c9bbd3f1d231ff 09fe9463723da01d e8320472a9ee13b6 cbffbc6cd2a9bcaf +Plaintext: 8273 12d1f2e6b341e291 80b24e50757944ce 2337f24960b90395 3d1c2c64383501c4 b3300ee9a576232d 90d5ef55b3dbd016 8082ead8501377b9 56445dd5d1a306c5 86386c656e6673da ac137cd4c1093711 039bb8234c8bce72 ef2b9084f0c3387c 743335e176d97ba1 bcb51e5609cb1fc7 95c986b2baeab0c9 f01aebfafb5b40f3 636790e62597e389 a803fc62f2eb3141 1c56790e03f8c7c4 415996be5c34c532 3c1da6fbe367529b 58453f80e42f1486 8188bbbe907db86e ca30ba587916703f e89d9ea8181370de b4c30e384761709e ada8744ac8412ecc 74e77f51bcc9e924 4e2fa1752c61e65a a5c592138447ef92 87fdcb3b120bcfe8 25c50c308c14d7e9 551bd7eb871a5c17 1192f29801aa3769 f6d1e917d8a543c9 c6138a7d50c0e394 e7a867919106791e e27357502751f02b e46af66981d53377 401a20c17295b42f eb207aefb3ece676 feb0e9c15e06c3e1 381119b6756447fb 791ff782595bf3c1 48c9378e53954b27 4f91cf750f8f5792 da0e7a881b1a265c 5b6d364b6dda4753 e8ecc7f5dbca4e3a bb5d32f4a0b55646 b1a94266ddbe79a2 cd4b06a116da59ec b2d051acb1519ab6 2c5e39c47b406505 a72a99d9221ae7d5 b6008f0ebc22d094 8ebffe3c3ff2d5a3 89da0d6f06f82ed8 a3d8a66853f419fe 00d5f819c77b5553 64fff62ceb77a809 ba1ad57daba559c6 8efd929bd615b625 92126a4b9fad9032 1cd960041fa6baf1 a666ba74d10e8ed8 4edf84fa14456750 54ff0c2aac802838 9f95644d4249b462 3706e4dedffc7415 ccc6a50e754bd489 2ee3074057bcc66e d37b2c8ebc263d65 54417a423f37b385 f0fc1d5e62f1a4d7 08088215062811da a1d3dd4ff406fe01 e560a5295887f430 a3c8137241fd8043 cab4a62f228db286 f1e4a21954b09e3e d3ab8c1a92b4df1f cb71afd37b380fd3 5c309b1814b3507a +Ciphertext: b339 6c039031154cd3b3 a49ef773003f6a15 4477c015d690b239 6d1c1ed4fd01c4cc eae57b6eb65d8f82 4805d25cadff37e1 6b0a06008436ba7e 075dec9a99824a88 8f2e8948d31e3d6d aab16a1718e2a4d1 e2abd4a4e531f9d9 8eef5c79f84e07ae 2f757a3cfe87ac6f b63ca9ff1a0776eb 09f6f2a0f9e386f3 f8c6f1f545f885b3 ec9eca66f64c7643 ad8349b7e376e761 cb8c02b7b639ad59 79ca382bc89c0017 69bc96b68bc198f3 ee4ff0f1241776a3 61f60b705ad5e9d8 585e21a4a744667f b94fa0996cb8115e 41c858d1a309da20 515e5c5c33c1d8d2 7eef6428e8268bff 84c997e0be44ff40 c149813ade9e86c4 70cadeb4c6700c6b d2a53b9a8bf88f61 21240a4a2d1dc621 f6a3862dbce90412 37ac4a6a3596d2cb 835bdb3968b1d007 af05f857214d1f61 130deb34ce90bb59 b0644c849f133c83 4bf21e9d074d8dfc f59b0a13c9b2cc5b fb63ef1166ccd7aa db129e9a7553c77f 4b4bf116bec29a3d 7870e45c8f9196c4 2fec8ac932451ce8 5f0a59d53bd4fa3b bfb230cffb924799 15ed213287fae579 9ff1872ee930ec40 d1d174b864e4cc9c 76224379a968ab3c 7b7e0c6731c8cc28 d15fe252d7b73b17 ead7f706d791f76c af5453fb820e4542 94fbc68c6c0b7a89 dfec7df565ee9bdd c92ec71016e739ff 77e0d3ae8de55573 0ffdd6cf1a84fe6f 959ecb7583dd5ae8 758d161abad21fc6 92249136f910e3f3 4e516072cd79b63d 227bd778b16e382b 64f6e42b043d4c57 d07565b61293c5d0 1d908fea69bded56 0bdae67734608e92 2ce353b0d1d5f64e 1d65667211343f1f c116f7967a666190 a4a1ee8d8940af90 068a2a7e499e07de b15785dc0fa67eb6 ce2e45f6f463cb2b 40576d864538978f d65a496f063bbeda f76cf40d5681ac57 ba8cede8a6d13ed5 6f9754d741e3cb72 ced9893dc3024b51 7ee810a2db2c741d +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 678-byte msg +Key: f7a17243eec62404 6a589d55851b5951 401b08796afa91a6 c48858436294bdb8 +IV: 5402e529861ebc61 e5303a09c351e61e 7d7c99a25be88591 b7957516622556ff +Plaintext: 43eef76f414d 0dd2643d7a163628 cf1970fd0f5dd282 b60353ecf9f77aad 50680c8d327be7fc 1f402ea6e4e5a649 1b2960c3f1149970 2ce5deb26c4d74d1 b0daf6061db640d2 fb918c9401dcdb5b d23897f9c72e7659 ef20a112547f163b 803f4a8240881378 a8afc62f57649c07 fd2d5bc51a1332e5 089ae4323bf72993 c87e5128245a2a95 2e80249e70e6b3f5 a2eff54f702a95bd 7e3def3aa81c7480 8e7f502150924bd2 96eeed0ad4c8e6cc cc68adc054dd6689 59f009532456c1ab dc2a92944c9a3fd7 e7e06b9a0974fe34 807fca404b936ff0 a19a7ba5360dd6bc b9675eaaa1d8ce4b 293de4779950c3d7 c81c96f6dfb5769b 5f258e5766a97c5a 2e1efb8ad6b6bfd7 65efa1c80cc6fc5a ab27570b97a94432 9b7887913c927b2d 4137b25e739adc22 a2ddeab6e83c7368 328956a7fbd8a15c 5b7bb17d41319bde fc9acb4b01eeebd5 e8ef0769b71ceea7 6328dbf094aa54c1 a9165340fceca415 672f8e7b0719b597 3f0d3f0800cd36bf 48ed2d11e988270a 8c31b405f52c5d79 89df42160d830211 b01fdbbc4cb71359 e9c0963083d8e0df 0db41df2b55a8fb3 6a9031439b949aea 420d23ac22424c1d 4c8a5c76e80348e7 3287d62fc3dc026b 122ba12b3ab444cb febf5f010ad6abb2 7b31c80aa27227cb 059327e5a71c7e48 8a99dbf6714bca5c ea1ed7e28cdbf6c1 7e9f2214398c4533 8ebe583cea80cbf2 d9c027cbc9c1f244 1110d37831b9f6f1 5bbab2be33b869c5 d4f1b05b1372b012 078accd2c97e852c 787e9aea80d873eb 1c6cbf2e1a605d2c df15786baa59f750 1dde1435f9ea4abb 2951756102a13556 c99c938c75ebe70e b710f993389d6653 22a34519e16e0b9a 2b6fac053d7a03db 68327401cdc1d014 65cc78fc44a5c6c4 1ec3a8a80a708e70 86c287fdbbcca622 0315abb5a94adfe5 f02f40cd56dbde4a 1925850afb5a9ce6 +Ciphertext: f6fa3b0c6f75 5a2faf459eed86a7 118a490f3c651648 0c56b24670f750e3 698f8a4297241c4f 969135673991f8bb a09dafc26c1b0d5f cad3f2df26be603b 136cf55c827c86ea 5b50447e41215c07 e44e3b8e8693aa85 6d68e3b79bb63cd9 37a25d93011ed0e2 2e369f33059113cb b6ba75e0696e2fb5 8f9004d7cb5aa0d4 77237a276e91240a c04f7af3114f742a 4c0707ed58b67a99 cf3a0c21bb38333b 48c90950e5784050 8045b1737d50e101 f161ad13728e9baa 8ea520a40329f9f2 9b1da72dd2731a66 ba8ef75936b0569c fecf92e83583aeda 2fcb9020492c5329 8b84bce5409ad143 2a670a05f23fb110 884a67eceb0dbe0a 73eb363fe8dbbcae 419240cea94a652d d7b709cd2a1e2c76 2b1d09db9598513b 6a0f31f516cf8e71 7d7b650ec462cff4 9f7a19faa731d24d 939cf7f0a7987743 bebc8c7cd20d4b18 7e58f834edf3b977 948332a49d44ae8a 7fd926c6f9836432 2910f891f1cd1b2b 187740beb726cf65 03875c5f9134b812 03f32a09fa341b25 512556a18fbbf775 95e298fb8c3182bc a8e1c7d977235a10 c6f26edbf3c28289 5ad82fe1c25a2686 b1aafe6b38a3c62a 2c32de3cc53679db 4105894140a5ba0e 167341a01f75569c f5c9dd0267f50fc2 78fc1b121b2ee68b e52242cea567a104 a1ca8056d5ce7f93 896f10c0163a9435 ec7fdda470ce07f7 52211d84628adef4 43618ff202e18e27 4eb8e726ab90f476 1fb37adeaacd5a3e 8f0fd3875d205356 487f9f885d59a75e 67c78491f428b607 eb876953d785ed5c 99c503beff3651e7 683725ac51cab242 d3e4b8e4829ab350 a4d42724ddfef60b 5f41ed01d7d33bf1 dbe01a7ac33ce02e 8b7f5906b5e92fda eb06eb139fe1d954 e7cf9f3befafd2d7 0edbb13ea6ec2bb2 59f8f887584be4bc cb6cbb439ca0887b 74392c6382d6e96d ab544858668e613e 1ff492897e5995fa +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 680-byte msg +Key: 314d720400e7d2a1 2f80cf91edde2a60 23982ff6a6788e1c b124673c92fda468 +IV: a3488b9e7c8c934b 673a770d15938abd 8fc74aad6e5a372e 4fcce65682795100 +Plaintext: 02be7113aa5d0f08 a523d7a627c8ae10 5a1645029c4dee58 e7c7afd090d89510 35f84bebf124ebe0 d18114e38c433d61 6ecd497e96195ba1 615beb3226e11aa2 243e42acb8a7d2db d49d594daccde0b6 b2347da7c5862511 a5d1c205ab5d85bd b7d87ee069af6a02 94bfcc6aef2d3f19 0e920a08915cf5b0 9c715bcf8715816a d60d260e6b045b5c fa2f95c5be2d0191 6a31172663627287 2c82df1b21ceb4b0 692663bf266e4ef1 ee34dde37f93ce26 ae57cd8ba161459d 3e4e756ee353c697 586b5c7a02b5ebca 5917cc4e9c2850e1 c34d54beb52215fa bb1b4652346b6027 8b243ac767a0d9ee 2121898d7bb42cc9 8f5bd347056a8ba7 89327a4e7cdd2a69 ea99242ebdf9c165 30973d2886ff0de7 fbc872affb044fab 92db38eb2472cb64 5e1243386c864a38 6cc40fa723d09941 efde5b7cfdb7080e bc5da8af92f2ec20 cdd6be6cdc101d6e bfef2893bcf078e2 54e3b339754a5ed9 f102f3242f2534a6 212ebe53755ee10f 105faf74b82853cf 1020a56bca86fb13 181041d263d24cfd 40626b73a03a3f24 465dcdd07f3ed211 0ddd569c643384c4 19d0b94097c3db2d 14baec57c36adfb4 4b31aa3179fa9cb1 3162f153ab19a4f4 dc8a84f631be8a3f 837d6a8448b768c7 06236d1e0e265ab7 66f69c1907ff01ac 4886c97c9b8c013a 77f50c8495e98365 5f7b3f20a688b329 93e27f75e0ae43f3 470bb15b3bf5e726 d768fbdd14c8d797 3e8047bea9ea5011 a06fc4ef9eef13d2 c162641a7bc0e40c 8b1f5e1a2b1b0d64 8b7bae807f12d876 74e2900fa9881950 9cd40941c2b7a2f3 7a625ec044acccd5 2eb49bee90c8f461 f9860e5e6941fc75 c1a7c95877a0c6e3 8e792359c641bdf1 1073379144d64cd9 16a2636347e46449 1823cbe80444fbe4 aeabd46d19a387c0 1700a9f0040387e6 b37dbaa6a937fbd5 89923878d06be7ff c2419a82a59ad34a +Ciphertext: 1f2210938f8c2cf8 1265d8410710fbff 4a7b6adabaf8549c fc33af6864ef487d 0d47e5ce11b4a250 b86cec6c42606100 11d1c4e909c021f3 a3bea63d46eff546 65d5d8260abda494 73c88d86d51ab469 beb8fcb623d27bc6 2bf7f4411cd78c20 79ff62282383ef98 3adb85b71437ad7c 23606cd7307c22e0 67a77ab235db0ec1 a51ce8ae5c89498e 646be06b0a4c0251 a8ada59585d76499 27b16fdd1b45eb40 225831f1359232e4 038978b0be3b552f a74dca2b5d224dcc 52c9db5af5e301b3 ffd9117b071fcc26 43e8c0cfc2a3bf08 4cd6dc1f69875ea2 f6aa01e4f4ec1196 c5ac23659cc871ad 75fa8123f0e0c902 8065313dccde8889 b16835eabf0b3d00 ed4b8dee467d1725 e889eef5e1fe325e aef0af0697a1fc64 20360e468a3966a7 691e1af4a06000af b71768f73abb8c8c be4385eb08948302 9891becc090d9fdf 0ef632bbb1ac84ea b549e4d3bd02ae4a ba0793dbfa7d9dda 0829ff49a10a02d5 9858f1a64c66f7b9 329dfffcc7b46b5c 83069fa22f04ee8c dbe821914b040e46 95869a9dad3587d5 cb3375f971acc3d1 d5f8424419cb8986 7ca9ec5ab5092794 3843af97a3000cf0 d43013775b860246 022558f74c979b12 600b440ed34d1db1 db9bacc23c4e3d4d c8c0ad2abedb2e16 33f0101ea3ed1fac 76c7ad99ad38f776 37f9a36ff90a1c1e d14b23d603523e24 e7613beca3e692c5 26f950ef6e8cef3b e5e625bf5e621f05 a84d562fa8b3e25d 3a348c2fdbbfb4fd 48f3241a35c59575 79e3398a88555886 ea089acc494f1783 296b3084420bc2f6 852f10703b60c971 3ffaac88199c5bea befee4eb676a19a2 2e8eb16c7671cafb 3b13017693ac093e 27b42872ad3ba4e9 6b0e7f928f7b362b b7a308ea7464aa0d 13947b4d10e4a197 6bcbcfbc8cd71bd1 aa82b7471938fa58 8bba2443dc67ce48 a4165fdf244630d8 43293a0402d9b6b5 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 684-byte msg +Key: a21a9336164e90b9 6039b0f8046620fd 3a379143dc323bb3 839c22d1ee499838 +IV: a3b20344d848e00e 9308089d1150325a 65f1bac56185a167 b903d4076690b121 +Plaintext: 4998c794 111edd9b5e5036fe 265f148a598d7bbe c08837c72bf621af cb519dd1ddf56790 887790480939c385 0d3bcd735e345c96 c2e207bb219e8f2f e533652ea6f06c9e 07fcfffedbea3699 8d8d65ffbe0ee6b5 2f3b192ce222a8f0 7cdf1022eeb25d28 545534a31d8c17a1 6dfde515bf42a084 cf3d7300b7abf45a 58fca694fb63c295 382937201846ef07 7632549cabf91369 6a8e1f21e861fad6 4033306b1729244d 7b200e5e11414532 70d5ba7ec85ac5cd c7d62575bd6b42ca fe2cb491882f09b8 e5e3c34453a4a18a 238d20a25f8e4019 afbe8be67df2549f 588e3ded969bfc3e 3e1a5eb925988b77 56038df0b7bc0cb3 eaed5b5b721db9be 1702d0678b968247 4d6de5a7ce458c61 d3df09501a0daf05 400d9dbbe215f88d 032f77e7ad47253b db8262f597d22bb0 60c89caacea9b375 79c357f016019976 e3be395546d76c82 b004dc8bc868f1cc c6664fe61cb7a06d 5cb993e1560a24e0 80561f999c6ddf84 94995c51a92e651e cc6229ec4c5ffc54 b2975876ea582233 a3a02f9cf73207a9 4fe9e92f814d0f0c 3c6432a4a6cb5192 4304af9719121bd6 12437344a14e6b5a a89d8b0d9aec77ff dd1373f77220268f d7a99e2c2c619533 96e8f37ae1e894fd 695d4ad33a342660 7618f3cbf78904b2 362e301d6b6c1ab1 f637b627fe2808fc 58d02f69aa4da395 d01abb0a7e2c7265 273a6a521e5c31b8 fcd7c431413751bd 3e9f41b7325e7608 b3c2d19a4f31f810 747556b48d5863b0 6e712582f23df7aa e27289a5198f281f e6b83f65b2c11e19 e389fb2900893601 15ace20059618029 0eef0d1ca90a4044 33a30d51ef046de9 3d1b619abe163414 b9310195bdcc76a4 88c1d70228f446de 602c41484d216ce8 49d691f01028e54f 22a78d2868a66082 198eef41df78c255 36fae5311540a47e d15f92113ee7d01b 17b78ba0a016c72b 89ff5bbf16bb3d10 +Ciphertext: c325c5e1 95ff30fdccffcf3e c9a7541422619a3b 9a6ad237c31fab0a 7456f4e4d6b5ace4 f4354446bad32736 941df142e6227a77 8857ca417f9d95f9 e3860232d5decda0 3221ee6907117cf6 bebad05405ce6cb6 43c68686d12751e8 5426a10a3cce20b6 104919f881687e8c 5a36372da318efe1 e01f3e6298c275be e9d41a47c4bbc707 a1f57a1396ae5045 a865c44468da588f 722d440babebf545 6ca96d1783fd6755 23ec731ff0391a80 c6087cd369d9c1b4 e4a31bffec53ad36 7999ef1595977b06 fb831acf21b1d712 cac5c840ebac4db2 df5e748ec4aab4bb 1262fa829986f2f9 861dd5b0a6946f5b 36babbf0b02c36fc a414ef0419092898 58f38eee4fefbbe7 c371f204eb1ea67c a5defb7e68d52675 c6bebda9282e3eba 54f869d226994507 21bc168be1e31a5c 330b4111e43d412d 349ba2feb6e51091 2fc98bce6fd9aab9 c9e9e181586928a3 3c27ac66f431abbe d5c5fdad7507fbd5 65573608b2133661 25e318be326e5fbf 88d1209deaf208cb 7ee104a28e50156a b891803092d44da4 858eed6cf8cd4fc4 66295f846d51ff9a 2dd99e63144b2601 0f4c1013390eef52 d949858c29060587 4aba9f67da9b4e4e 926c18cb7549524a 59b6eb5422279221 4b7c9df383f5daed fa1bf49152c117ff fd144e2f0ecb166e b26ed65db795f18f a7e09bf2c2d7bba0 421a25833e3167b1 b74775909c70ab87 e2323b2113e18e41 4699293c2e18a5f6 3ba344babc0992b8 7325dcbdf2b767db 6a383f1bbb3b1d59 ac65b0af1206b4b6 97e18a14f437b99a 0c802285c41d97c0 d872f2cd67e8197b 2163ff5fe58ae21e 87db6f3d16038ffc 241b17c869ae6c92 b71c5d5ae76f6b9e a0d6e8f9c806e3ba 79b2c05ad1d75fe0 afb389a0bbed1e47 a65d072b9f8bd97d 00f667fb2c6865e0 92743346a3888171 42a44b38bc54ea03 50c383d53c8fac99 8c45e3256a3bdcff +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 689-byte msg +Key: b600f3908b9b149b 616ce7907a7de161 0905e7ae443207a0 bb256615e83f79fd +IV: 079b780328db1071 8228594d0a7407c8 4402e4da59297e26 6b551c23254ef77d +Plaintext: 96 bda7b93fecdc196a cd4ebfbe3ef71411 8b7f6b7d34f8e2b6 f1cb899af4f2c70a 6e68f9f954de5bc2 63b02cbf62170d17 a7a0abd7dcdd9d45 035a9071b8d2a10c b6a30a7d9d800132 f366dd3468d17bff 5e2fe090a8951fbf 92b17dcf2200d444 9e4035f44e29d161 83581a46d98c2570 b81453cf218830cd a7b89bdebbe22859 2d28c286f04095f8 1e6e2b1d3bafd413 be374cbdcd1e9817 495731c60ae164f4 6c41f95a0a2f139e c99057e019a45090 7781128236c01e44 807686af986652bc 61742199245d14fc 8ea6e7b8f8d2618e ecd8ef45e4d48cfc 54fde3c0ebd7b85a 16aa846ac7325fba 749823cc62a1cfb5 2326292e5ec4a8e9 ced490218d9d5f75 93c968f67916be7f 834e5345de7961ae 265109672cf63bb1 f5e3d5fb06210fb6 deba1665c571f7f3 c4b0bf4af5c2e021 fd42d715d6d40cfc d213fa76dcca8fc4 0166d6de30abd3bf 3ea7af042de415b5 aee2db63e4c4e573 6b4a46b999ffa949 04b4f089442c1a8b fa196a9a1147c513 43185d77df308cbd ca7102edc42a23ea ed8bab8f885d94fe fef039352654bbe3 c3cba4794f7fca83 f7717739e6b2c651 c6d5501884a408c1 541264fdf671becc 37e5f992ba19676d f830eac686ff5a26 9779274bc16a407c 0469331908079576 a64da4e9aa662b22 d798a6bb2c79a710 665f7851c61802d6 14dbedb2e47f098a 18ebeda8a6cede4b 9c90f241618874b8 3d6f8b521b141777 8e52dcef133fe2b0 96a71bf437b9478f 4dff1580ab948bc6 2391a77549c84708 79b546f91cb1e88f 266978f8e38f2f97 f4cf589f9505b2e1 21ad16e2d79a5931 deec74f7873ce2d0 d3194ad935b85e0b 98e703c7a443b2b1 3dab1ec24df41799 c4deae12dd479a1a a29fdac2b29c9c92 422f5e1f62b653df 8173083d343d47e9 33753c72a43cd616 9de370d9e4a3b1d4 f98fb0d056c65c13 f5ed1c7a13ddb2c8 3498653e67825f6c +Ciphertext: 4c 07e63b7bae1fb85e 3d37196369e6b6f7 92c8b8c6c1c0ec8f 3331a4b6d947bbc3 8901d89bf073b4ef 51dde2dd39e9dc55 bbbb3cfabbc1f3d0 7850ce38be07b169 b4575470957ca61f a032fc77286dc895 9348384bddb7fb1d df54dcdb4420f14f 9aafce514aa1a0d2 9a011d641f411170 8b19e91d283b85ed 6d229ed87f49eec1 ec8e35c66e495248 cfc2b428c2285433 b3f7aae9cb46aabc 22181759dc67a293 5d2a59c034f51af6 9bb7a004e7e34ccf 84785209222fcb7e debbf1d4b59822b4 0e381296ba11daf2 0da65753c541ecdd d8eb8b530ab5082f acce730475e45d4a 3822fc9f35251fc1 e1def31ccf63cb36 40f0eefb434a9814 643e81bac4f1388f e8bc00812f1e3723 6c333e22ee2c05dc a01edec62b677150 372370724a3ab004 3b23ee2281781f8f bed715939271b403 d71294809600a914 2a274596e5fd1fa8 bf962f640a1dfa5f 133ff37e4c31a5ba ae2de0b05aeabcdb a9207bf257b8e1c9 400ff43375311d72 df9798e1c6903cf5 901eeb03d08bd8a0 e8d87a647af12655 a4e315220b8a47fb e384eeaf5ff8f120 6a313af7514616fa 9f5d46e3c2e38713 e9ed7d31f29fc072 afb4efa2134f3a0a d17e6991683cefc4 00372ecfa504c55d be40afcd8c52767c 71025801a1c1214b a6a8812f49091c80 e863c0d04f873dcf 00c2b32139019f22 ee146a6f1c6331ce 8d87a0fcf2a972df 4f1c60225ee6cce7 87baf3748717be52 bb8ff10142dfaf36 e3cf711ca86aca3b 6a8ec38514c87137 4b257e1bce9fbad0 87184e9a9960c973 8b24e238db65b538 7e0e8337fd5001d5 8edeefdbab201d39 319c5592563dd0c5 7c37228be4848adf 19236a5e100176e7 abbc7783b38a3d0f 6b45152b155f344c 678ad266d8469f2e 03abecda5045b291 d0f14a707e69f757 38ccaf03439f65d2 20d0322575868ed4 a63aac6608690506 46c2ed2b204b2ca2 b205bace546a4907 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 692-byte msg +Key: ce54465236647ac5 ef430108dc97f4a0 02a1a2723c20dfcd 2f729fab81fdc334 +IV: 46cd3284bb7e2cae 375ddb015eca2b8a 98e1dcd9c259d608 23abbcfaa177c3e1 +Plaintext: 3424c503 9cc891bd4f4786c8 b6be60bb982251d1 d72454ed5a58bedb 4a9715d981a22656 3f0752f91f4929e5 4a3b3a3cebad28e1 e34a0183bdc1ccd7 e4236124138c7e05 0e06166b90aaece1 8409611477ca8a92 4e9486d2342e0f75 d7e44ecbd42df499 6f8c861988b4f843 cbef7e4b26c09f6b 80c78be2a8e6ae3d 8ba285d5abccb199 cc604a0df0ad7593 86b639eadfd98ef4 e1aeb7bcff32d2b7 6925ae4a7fb0dc8d 8c4b094fb1de8b5a 1f2639f7895b80b5 da10b367235aa36c d73470333a229efd 17156be5b18f601e fd07277d0e8f9c37 d1b426ebfaa648e3 3e997397c36a1f72 d5861ad9da081f6a 8821aa8155bd0b01 2f63b9516e5deaa4 071a607e02d08674 2e65bb331390eec3 283c6b0d462df49b 5de514a066c9b038 9880dff0df9cfc89 8a7cf9f94370f5b3 451f1128c926808e c102dee0c930c326 5b9297f64215a83b 5191793554f15ec1 479345dbc6f2d761 c582c01981db4af6 b61a31971384b311 eb6de6ee2d594e76 9660af2d25d7209c d02c615475126e31 13de54dc3a314493 c0d8e62db6f0ef58 9a4ef626ce1e84c8 49c96a998d1d575e d9a8a9cb9f64844a 389a21f9d70069f1 bc24c3ceaa0e2a6c 9a2182eeb1432c05 703ed86f2b659abd bc7a415a78cfe4c9 62acbd2e9ff13a10 2afc525dc9cd16ae 406888cdc47baf75 b241eb5881a68766 f6ac8d4d960dde3c 612281edbd033ce2 b1f061ef53f0ebf8 84b7c9fcdacd7a52 deedda3378ac3c79 a75bb8a6752dc728 2b9d0ddcc10a75d0 98a4834d6c8ce615 84374de92b147c4e 646e9f91da93de09 1636319cf4127684 58d0c1531d2bf335 4e528e76998dc744 0024ddb5d27daa0c da847838d64f159d 2b032a17d6f1c83c a60544e2a86145e2 e3451b1b463252b9 df4f87b74e0b7ba2 780466a080288eb2 f319173642d61db0 769900c91ffbff98 8d5e0921438ccf1b a99c1ef701166c1d 9c57b1794e367836 +Ciphertext: 13313153 61a9c31b19dfa4f4 86bbbc7ff7a90bcd 9c7eca5b85a28542 2c6476d103649e3d 7a24fd260c382c3a da50171f81d34524 6df8543aa49c5d30 8374d06c09333488 48ea22dca1adc279 9d0c1b7d075a5385 5d6c85bec2c7bfb6 c07e57bd49c56c37 dbb513056d3693af 9bdc3f547ca09611 19acdf25b5a78cfb 90aaad1bf381cef9 ed57959adf09e4a2 55f105b9acc0bc82 473b087709e0cb04 991225b3b721d024 232cb0fb2bdebbcc 106d8f7dda10c6d9 944d60457dad7f74 54140aa91c6aa977 0d6796079575f78e 40666b575b4c7bb8 72b3986ebc28b3e3 9b415bd6c5749848 d0dd5bbad2c1c3f0 92c3d09440db0885 f2013f32c6c62780 06bf4051a32f5fe6 b7680350b87de49e e8195ecaafbb9b4d 7ca6ad79af52ce63 19e757dfe2312221 41ea097d6f48dde6 037250c0f4dbd3ea 82f76a4bc24c2a5b ce1a67bc6d3b9f58 91e90233ca0c9d89 de2f2ed6f6ba7594 c0c74f1ba85b0f48 61e1475af80d6558 86273a0993ce063a c37a230b02c74a35 3a120c076219f4c7 fe7dedfdc8d96877 fab423f72540a7ba f50ce7bc7e0e22e9 a9dfec9fb8137d01 49e08b1f7a890531 aeeceb72a1603129 34c028bbd7d3ad58 b777694e8cd5e4a6 70e6c3818cf75758 87adbea5485537df 96343fb8b4d36b35 94facd796cab5083 dac8799a1dc416e9 1c8769259afed730 541c1dea107487a1 c5ec13e9ad1ff837 d9feef3f7425833b a0e0e3bc92c5493c ad27f16e3aafaea1 c27d4b1c8d60431c 05442207c91a2e75 692006d07709f525 78d09865438cb9c6 4a9a70c219962e07 178491f228f88f2d f69623f8cefebd5b 35901631505e750e 00c385a7faa38cbe 1bc6f91a1fef1a59 23a22a715ed248dc 9303a751745a732a 2cc015b40896ed48 a3dcd885d7f688d7 cf1cf68ca5e0a46f b035526bf96b0961 1d357359ac295bbd ea04a38e84cbede0 ad6cf972b6036276 bedadb4808c13f2f +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 699-byte msg +Key: e735c94320d9324d 7ba47e9f1c3a9125 93fa2243038b070b 84b7b3b4c77dfd47 +IV: f961239ce9070e85 6c00d74901e48b54 b1a12b2c3912f7a7 6bd4ec5cd2558c57 +Plaintext: 952ddd 119db2b49ffac633 2983f4919ebdbc19 a6ff2a76d8d3ae2d 2e9e276bb5844101 898601ad01ed9e9b 27ec932b6b81f2f5 989cfb0b0683ed7d 12751c23cb8d4496 eeea1d80150d2f16 2b82e8e223c3ecc6 e959ac3e99443ae5 f09d5c3b007adfa5 27122db5412222ac 1d8f1c3d2e4c5194 837e6697f9de3d6c b05f0e3bbb12b935 1c465ad5eff31e65 e55956c5f4e4ca68 4d53509f8f199d1a 3a035aab661c7b4e b5cecc678649cc4a 6b29bf00de52ff49 2f1f93ddc1bd02f7 76d169146861ccf8 daf1aaf36eecd462 98467f785260973f 112c56d9f891160c 4c1163fe29a9553c 73f81c010ea4ddb6 52fabdb5b9d43b52 dbc0c21c9d5e7e60 a50a70ef11bbbd21 682b4c1ad0398f4c 828ba13d7c77928b 7524ff2d16ece5fb 6705b6718861adb0 a1d25fc51b72942e 1142549a011145f1 c8a03494cd03f1e6 7c4a600bf661cdf0 0635808b58189164 e567fe54b26afb8c ba7b89da286b4a28 ca219446c384c4e9 809cd5f3edf331f4 e842c6f1f6495d65 34ff278691eb99c9 3bd27aa857923ba3 f54e868543cb19e8 001ad5fb34781283 1f7236206f4d86d2 b6a43cbb1a53d927 4f94bcc9c268f447 173953fad6bdc3ef 611ddd312a57b84a 22e1ff07758f477c 74b69f48d292681a 14e5677443e118af e44845402ad2d839 69cfee13ce0d2caa 4efc5689dc101d68 df6739f3e3acb8cd 8e3b96d5d6858da8 72b62e678e9631ba c3ad0a1446abbd39 6007f2fe1ee54c50 493df778983a809d 25e0ea8b1ef2feb3 bd13e2727a2bed96 7f0cba1e5c567b41 fc9790b2d7b75923 6a944808e4e93a9d 2374072ade585785 24c0b8d905c5eea7 8f928a0afcc5bf3f 291970644a428d80 dd19a0c4dcf9a311 376915ba81fb4d8a e9740d096d2c5afb 4ab88b2ab7c7a165 d24ad6c9dbd8793f a050f84638c03ff3 f485403593b4d35e b5b9c1df933e1b53 ec4fd1c043bb7f19 47bd8a0793db6ce8 970f4c19d625d270 +Ciphertext: eb815f 3d3d79d94fbbd749 3b3ac1609cc993b9 faf1ce3d2b9021ab a1f23b9898f575ca 652883c5e86fea6f d1f1a662034b6462 f7f073f56126e52e ba68dab4c73633dc a9729d6a2ef72518 72a8f0f1e942df29 890373f359247c5f 560e30dbfad2b0af c05766297707f80f fad127e40b8665e4 18d75609844b6e58 e0fbf2d858646941 9a1c9998f3c64273 d05f315974385362 e0cebb9c90cee2ec a2f642f9f5741d9f b298904d5629bbd6 9e398ab02a7abb2f f7bad0ff3fc15b29 86036b7c288630de 1d85e0f3f6ef55bb 9a227bad90fece5b 0607295c99dddbe6 619f9a7e88dd9f13 f3b16cc182c25293 c9bb613fd9d4b5ea 54f4ea1841168c19 661d0649309f5b05 f6a79a6f165f3634 319cc15aee650560 c776970139bb2e30 8147208532db83cb 94f7ab49df7159ec 2acb6ab577eaac72 4953b0509183ba5c 1c66b4b23740890b f3ca70132d0f52b1 c2bde562162a6b19 22c74b3e15dbdb22 81f7cd1936b30a5e b0986d4cca745afa ce3d31e0b1897fd0 f8f2fba2df9b0039 5430c5c73c80a415 fa76391442945036 bd1f3d622acc3f1c 68d999fd2b81c892 4aded0a75decbd94 dc8497b6bea07525 a5f2dab73982e3c9 efd19258ec90df96 b971b14f07882bce 223a1cea595d66ab 00a5b8173ba7c358 eb73fe6d8ca67df0 dba582c089beda0f bfeaa064824410df 46343c59f544821b 0853dd03b65ec6c4 a3a2f4d3741dca39 2b4514762b62930a 8fcd717784c208d4 0f1002656fddca08 e1d41af60da9c816 5be4fd8818961e42 a9fe543791bc004d b974f04ffffc32c0 acbcb9cae9e38420 5badf14dae6e0973 a9b455c354c19916 68b53f4e024435d3 5c1326c83b7ca22a 857f6e53ab3f99e6 7b055f2bc23aa03c 882846ad56b959c7 9e574d015b999b2c 54149a49f6ac47df ed0899056e52a6a4 d9920ec077e98979 67bf3b5ff2d8ea4d 3ecca5a0c33f271f 6d2cb8d2d0fbe9b4 f37eeebad4d6bbc4 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 702-byte msg +Key: 64390d4570a65312 6fb8317b6b60a614 f7f384f8167d74ba 58593a9f46fe3a0a +IV: 001c3b3725e86c2c f3b3a4edb0c2eef0 485a45d0371a9c45 a98e2254e000c3c3 +Plaintext: d791f2d02589 a62323eca200514e fac1f6e7d38407ea 6a214a13585fbb7f 14672fc1b9783732 09dd4788b21c18ab d1714ac4b57a4e96 e534831164269f24 33dc51d41897258b 9e43a7b25da9cb81 7be68c16731cd4c5 15679cb0cf135497 2a0c85f19795b53b 6c3d8b902a0f337a 010a040896d16020 03a3dc171f8ca17f 01dd1340bfdbb0eb 7bb43a4aa1b7183c 6ac3fabfa500bc4f b6ce8d6fdffb5085 be3942ea17cfdd42 d48efd094a07426f befbb5662813aef9 36d1f5df94c72750 6b075b1728da06e9 7eb51cf5ae6878bc 06997e23a771ffc6 8c955c90c858ef89 0f2fa6ee7865f187 810fdf35544384cb 49859d1eab827760 bf010ca902166fd7 b3986b9891d667c5 e6868df2c4fe2c43 8fa75a81bbaedd6c d7fc4c53cb6971e3 5e2cf23dfb96304b b4017053870339cc e0e7fc71605dfb95 dd7063b6aab9bb54 18d282033c0e14c0 f367ce8124b87210 452dcd1821f79780 d8449af9276e17d3 e9726515dea5dbcc aca2f0a32387a1b4 c561139e86e47ad8 d0603945caf04b08 daf5e19969c24c18 e6991ee20dd78c63 696b172b178c6c43 ceac88c11ca71f9a f2413fb863cf314c a934a066690ffcc3 383321e55d583469 d810ce96a4fc5d32 3a3fc79956335010 fd5bbd56bf99b97c 3aa179f7dfae9cf4 f97455ebea55cb77 b8d7c065c956710a ebf6beda98dc8b37 779e668725f76a89 36c063e9771b3312 76f2744345a05ee5 7aedeb1c7a403a9c f81031beb89c67d2 99dc41b7d2b75baa 7c76295c5179de47 b3288c41f02d8d52 c4e123c31f035b77 29b0377f838f0be8 d04d28d77549b8d9 9c90e9747f0b4e02 e3f782bfe2960e20 ee248c66130d0d74 7c5db9dd3978b542 400b4adbb1424353 5e3c96d98abc4774 f1218a96099828f5 88902396266e9d2a a482f69e0d3a35ee 3c96a93a9edcd01b 398d7737ed972313 faccb029c393383b d2de36e61b5ceb7a 85ef0109a6606fbe ce529c704874c777 +Ciphertext: df93a57ffdd0 626ffbdbee52593d 7ac6395ef76c21b7 36ab02a101fb9c29 04f807942f24577c 71fad1b9b8e03a17 65a1677ec88e1356 30caf3300d521637 8bca5a91535eb26f e2343041ba92367a 19da95e028fe50b4 b005124164d5a064 937f625668708ab6 e7b46619c11c8af5 da25db4e495ffc6d 81a305ef6a9aae63 d24440b01f038d1e 2503a468b8c737a4 bcca6a8e22f69895 967476ca41ac1bb1 28c41143465de929 b464b0bc8984f406 f757d5434ff3c2a8 379ea8b3dd35f4ea b7f616fa082c87f5 f99512cc8cbdb2f4 bd2b7e957c19f09b 918d77e968d3d596 bf8e4e5b6e414317 aea5defbdaf7f907 1b57ac9617dcd723 284391f5c48b22d4 59d5c6640c97ae19 9656be8ed5dec6a2 e57bf58c868ec51a 1ffa98408478b170 e28e6a772074c211 4679026cac4398a5 93b6b0ec00192967 9d41c9f4e6c5ad10 a9ea343f1de2a5bb 27092c9c2510ac71 f820cc5bde6f43b6 f619fb0707a0a245 b3d45c10c0584a72 3f47088281776cfe 76e163bfeba4339a 29a92d93eee88c8f c9347bcc56a80b5e e9c44d5af1da1617 8ce3b1c7b24a0ae6 318113512f19ea67 7f52d95e803db2a1 b2be78a261665939 2126db8fee5d9615 dbfbaf01c21c5607 50a548e8cf836f0b d75acc5bd339f58d 7dc90e0b1c2bf06c 08fbb0c0b80e35b2 dadd6a0eada05550 cd21fc04f5bfd2c5 6b1cc3c62ea197a7 bf4a0d3d8760f15f b76e3f7f5b0468d9 7e6c196ddbdf28b5 85582569ad803eab afb924f80433aa36 86748ca2a0b13b81 10c776b3d2a15d12 fed6272163b2492e 46455b7aaa83ab8f ae432c5a862f2919 94ef7c1074e47a66 5fce1acfcea844b0 3f3b343724224991 43e466a42eb8ea8c dcfe5393abcedfac 27fa0f80ef547474 02fddc0ecc8e5920 475ad3c56e9fcae8 d275dd5b008579ac fca12fea2bd9150c 7bbbf4ca87ebb0ba 2128031113586a07 175c766edcb97fef 539e78a336a1be1d 412e6f2eddc46063 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 706-byte msg +Key: fba6bf98504d1bd1 0552db640e2fa041 2ee76f2bafed05b9 56416aa196dcc935 +IV: 044e7f2e0ba672a9 e192a46fb9c70879 3ba394b431119701 83ae4d80652ab00e +Plaintext: cff0 920c2d09e963593d 6ac4c67c5935fe7d 9fc94ea51daebf2a 406d4978d56e44d4 1fbb1f3f2705549d 54ec9b163b7b5fbd b8f26e6f3ec9f4fe 6bf1aa8fe05d4b41 4fc14810d59abcf8 8b6ea25d585546aa 09b8f939a3590973 f793f03878e4cc81 4aa80f439b277897 36d2421955ca9b8d b7a257c9f366e6cf 0cdc83394509afda 37f7dea220b670c2 7ea1e211dde246ae ed39f0e7d7f9735a d153cc5af1d6dc95 3e371cf30d4e8cc1 8b62ec0e96a62f55 d1032d5df718985e 6f80316521533bf9 89ef30ff09f8b4db 849dc7d8281d3eca 8b8a74f2face3d21 0eeb1b207f87b550 3da7848ebdbbd059 91dbdb373c505c54 44562e6d89204aec d41df355b37a30e0 85e87f68d19fc883 dca290f37a456f3d 24edc4974b18a707 ec9d1fca653495f3 87388954ecac84a1 8a7d4ed3890660cb 52d99c38e9bd3cba 7cf309483cbecdcf 6b220a1bb6ebecfb c6f17da0129b1847 f7a220180a17f14d ada81796e01fbfbc 5a2b6a85d963e9d9 b6888522bc0a7ef9 3aceb7fe572faf07 a643b37efa5f5204 7cdd125afa1c6182 82c9ce21305d7928 44e7c8b3770c5c32 904c44c6328770ee f8bf6862c41f3e3f 533cc065159cf31d 3c75bd0013b6e214 924b32372f9d00c1 f659d565dc736658 516ac4b514cdd321 4bfefdabd33627f5 d5c9e4999aace9c6 a034c22aed20c315 a3da40dbd5fa017a 990cf07c5e93151f 804ec4b41ab91545 1cd7957a9d2f3bbd 72149e9dff2a6470 4d26fe3d5dd593d9 bc60394f58ce6b85 92cab81d94a7b89a e5a144c43a66e64d 90d58fb47705886a b189ab34fbf2d3d0 2b9691db7b9021f2 25089c1830b56e57 899f0baa552ade1b 86508229ac2e356c 0ec28a7cfaf35e0e 59d10c60861fe5d8 610fdae89f4c7c34 643d27f7138979a2 65d609c7b8d75636 aa85fe66e7ac3116 3faa6433fc734afd 72d90066d70b88ba 555b78855e44f3b2 40abd9f0f9653b5a 4cfa125614a830bd d9ab763da1bc48fc +Ciphertext: 4d73 aa72939e97be39f2 4aba45d9604a6556 d199720a86e497d9 b2dc59850b72afb8 538cf5833286ad55 7759aaf5ebab1328 2bd306088bc4bc5b 70d3b4e4ad770c02 f8e9b1016a65da9d bb0d9911cac9814e 3473dbc632d8e252 6a56a1c0559e5a4b 9dbbc35dab66b86f 63b25e0270b3f03f 8e3c8b5233f8bbba 8d0391c45ca8103a a6794b52a83c7e0d 20e71c8cbd7a0463 29ef7087982a477b 513b882a4b323818 8b60eb02e71a6fac 8ec66293ea64aaf1 e45b289ff9917c2b 5836711424787414 372b1ac3c77ee397 1728337b6692b7a7 e92d91e76168c5a3 de4be0311ec9a2b8 bf90795c8ca49a41 fa6cf02e46ff7aea 04fbdf483078ba5d f1bc0e058a4d1cce e4ade96eb42343ae a6527d148dff73a5 80d017cb47f5300b 573178eb274b0063 930bed06cccf18d5 3fe8fec3963e6379 98237d0323d3ab4a 9cee86dc10bac06e 27fd78a8b9c1203c c51bf8ad118bd391 897c9788b0519bfe 02c91030da637062 0a926b01d64c9029 86edacbac1bbd853 c66248e342688fa7 be00bf8643e77032 45ab06977c2b4c2f 9e6c37aeac2e8930 9065fe237e2c3b3a 67780fde8cda26af cd568ef6aa7d99be 54cbd7ccb73201dd 8a9fc5100f2b12b1 4ab77b9731552ea4 29d0231b606781a2 4967b1fdbcb4bb64 74446bd6adbfb978 fdc37dab61655367 acfa80c4bfafa51a 44ddd4abb927ddbb cdc2bd275164c59f 454d8225d007b8f1 ab4862ce26dcd95b 0fba40bc901d0f3f 866a6390c7e1714a db82ace3f013994d a5e1c050fd65e9ef b2cbdabf6c8022e2 e2a4bb25301532be 70a17be920d5b959 1df3c285f91cda79 43464762deaedb9b db81f3ebe38adcc4 5401fb3512babd05 45aa0deadaf896ce d09fd4d64212313c 05930acc08c797f2 e9ecce5b77f992a0 ee28480f4c3386ec c14217f1fed84f92 1aeb26f6690729ce c69bcca5c7956a9d f20b96f256d64377 9662cf0f65803611 c18fb3b79a5595a3 61018a3549a7666e +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 712-byte msg +Key: 7e93421cc942cb05 c76451ebebaf864a 1790f216bec03cf2 4618a5a2b0a6d5c3 +IV: 7a00dab9c4d86eea b3d1782a1391d675 40185ae4465012da 47e5cd7e1d56da6f +Plaintext: 414d13b3eb2c1bf0 7be8e3de181a73fc 9753e7829eb0b797 09af3cc58c4170aa 9a21f6f086635a7f e95099f04371e445 e5eaa1d80e0ab392 541ffb5d458f1edc 4f248959dda8b3ff c3b2a249dcbfb1ba f18490cfdd838c32 efdd113090676d6d 26ffd6d63821afd8 d2b507cf2b2b63c2 85cabd4d5545ccde a4908625b5f1e4c5 e85ae550def6d572 de02cf6c77de81c4 67642f3bbc78fa00 39e06323fb570b4c 5ddcbcad1850ad35 af4002070a00932a 60f9ee825b439fff 7777af14acbe6a6b 4c2e65d72e57c08a 0c18a9882ab8215b 383103087acf4243 26fa72df0e508a88 7ef8e8b4683295d7 be32cbd6202eb4bf b7b675b761446b34 0e14b46c6a35f20d bce14b2e0d0ab585 8e3570db348bd3be a52d4c7657c9a33a f66b7ea307952a60 cc91982c6706a6fd 41caa07eadf707c0 c941912ca58670bd a8a7d76c2f97bbeb 76b1d795bc4ff2a6 a29864a7d599d72d ec984bc394a45d25 ea71c8af28632c14 84e90e53550c20e7 7848c33ef29acb6d d6da82226a4befda 857158543b220545 bce0474d7a66b92a 8a81c62c4d216be8 4fb03e316fa2b044 414e8f43b0fccfe5 e83f896b738544d6 a1ec74572e574007 1fc288d8edd227cb e5b07564cf18105c ceaddd9587904953 8530d5a8dc64d130 0db767ff2a02dcd8 3b41139fdf9f5311 37d349b3ffaf5108 fef6f107a16fa6cc e337e48e6f5b58d1 09a670dd2ab81d6e ea58d8ad230ce35f d4e6d15dc3a04844 67ec066d04052220 188a9404f68cf8da b1e68f6b3bcc87bf cea77c908b203efe 627bd5853127c22b 309388fe8c436bbd 522278d68f1ac590 b6e2fa8a41171064 9b8f59bc3eeac15c 186953b13404ff80 96b69ad4671c263b 523e54312dad47dd dcce9bfb7275a61a 9ab5fd0736f73a89 454afd4e0afa3126 6b64916f97086ad0 ebe0a22b17f1f9cc 7c1f8fe7d945a741 2785aa2dc1dd6fba c8fbb92bc65301a7 916e7632738543dc 874e10386616cb10 0310a857d4ed665f +Ciphertext: 03958e3c686395b3 241005ae70cf583e 81938a600a6d88f6 1fb9a26713b0e302 46f2cd788d2135b9 d3859863d0962304 77511810a9a3576d fb6852bf50ebddb3 ce3ebee0a2d32261 5b29160d33c3587d b0be2a5fb77f2b77 1082699784e522f2 35a18a430327621c 981a05855b4a6c49 a8187e10d97d3d46 f5c2e184a1a11984 03e8fe77995eaf23 a41792a0ab00f151 7ea052602f95ba44 d70d6db9b1b7ed5a e6abf3ffa7c56eee cdc9f494d56a7a7c f0a857ff090a00f6 a269e25447707871 4a9b3099916274ae a6348c220b4a7668 464ba5ee95fe868c 1fae04f15e7e9442 ba02d60aefb29577 38ee126d7e6d13c6 1398f566e95c06cc 4f109b6a6ab1f4ca 8d59235828661dbc 8213f5e8a6a2d29e 09a5bef0c4fc2c18 f562dc4466b2ae48 3e6bdabe45f06e53 19230f86cc7f8f54 e6f88fe45be349ea 6c1977d785e7e89d 028c3422c53b16bb 5a419d8171c107f5 acde196644c983a5 82cc57c3971c505d d7541bd4145a6042 d2afe903eae2d257 444622409ea069f1 01a482c47ebb5235 b738eec11591201f a5907d414b01cbb1 c24319cb6f21c556 eca5447ff97f8cce 113f8e531ed45ff5 78c257edc4dd6f91 1f7c6796b2c44bb4 b84392c48f6a2a6f 120732380b888dad 84a19f475cdd0c0d 26223e35d0adccee 5af4d34b5d80b948 af728269ebd85104 63ff0643a0a39b1c c65e7fc15a2ba43c 3b100bb06a3681d0 69422eac454864cc d2735118234eca36 7ea070125651dbe8 e92b2cf2872c1494 a1cdb3338d7f9838 d097b65d787145e5 c8ccd73c0e710ba7 65d1b7f418917440 b13084a17f1c6f63 ccf19eb3f61fabc0 79e09f36e59776e9 7016be3494c497fe 6b93fe7e78e37375 cb579cf0e7bcb64e d62f334b97eb86c6 145ef0f814e77929 9411e98d7c69edc3 a9100bc9ad145596 2ce7736a1d915316 f5c56c05f370e206 9f0842e21f9609c8 ed0bb2da7d1d8aa6 e9c2234437afd5a5 45eb8f6e1664cf23 0b3af891ddfa8077 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 715-byte msg +Key: acd54d03b495c996 2020face5a0ab183 eb88e42591305fa3 92ffb68b51a07e72 +IV: 1febbc9653ad9ec2 9da7697297d9b338 9d00d25edf5d94cd b4b8312d32a57d4e +Plaintext: fb0662 c759d18edd8e1369 a665354a6e0d7eea 5927da194a1edaaf 04b7fbc68fe92b26 deee8901ae9a6de1 b1eca8deece30d14 5d923054e2776d1a 56092cbffd9064f0 22395e5ffe6abcb8 dc53b9d77bc6b238 b448e6af5c687a59 6c4fc0d25f99b8a8 dc63d71095a508d8 6fc3f19de35e773e a470849082980754 8eb23d667fab3037 54937d7c3bf45928 b263d698ec54630e 763392611ab01ff3 045a2de2236fd283 d2f2d60cb8ffb890 ec5cf2315d507e91 72b89989ed57c71e 156e17b0148ca875 9ea86c26d36d2cf8 67d5cdce00f9d1ad df282170c33609bd 0a1684371aabbaf5 ffdcc73455e7be48 69f7edd99bf8634b 07aab07e64f4ecb8 2b7cfbdffc740eec 3fb76d9c07147568 3be9dcb8f7f43d54 3067d01b973a78f7 c0c50410848eae40 a460e8c8ae9d5941 25d422d5dc9665ae a38608af25b0b662 111c273278a2a2db 77ffc01e152972b9 6ee045961286e543 a830e0a2d7fdade2 66a7edada157f0a3 ffbe7b080361c9b9 6034cf65606bc5f9 868de15c73ca665d 068eddeac756a282 86c3a3ec3fec652a 41f948a98fee0bba 87c49246c1bee7bc 3afa804fb247c05f 5236bf3492744ef2 5a5636c967b6c16d f1fe7cc68b823ae8 4a135c4529d05021 ac405847c49e8dfb f374232fb06ceefa 0d62254597bd67c8 7e00fb35f69c5cb2 dc09f58d9d14292b 547b964232b79b48 2319172cae187443 1deae585df51ebf9 2ab81e6ee57e2a6c c492186ab540cf41 7b4adae1983b6b43 71f8a09fad9806de de755c52638399a5 8de1300f00ae92cc 5c1ef4ce1dcd53af c053b6e92818b449 3f6a35a1e0cc7dbe f5916699dcaaecd1 10bdef590577356e 5322afcd177afd22 96bc33c32401de9e 45ca427111dce639 dd4e53ec17e0186a 728e11b14365e951 2b96de21f7c9c42f c4b34dfd67eb87ea 0cf9a6ee1cb0048a 65bf66ff758281bf 461ebd2121cc3858 bc750ea6a680d8cd e4e872c7dd9102b6 73dc351e7379cc52 2f7c582c69b34101 +Ciphertext: dd0bd2 bc023cf5edb9c959 3dc29f61c1c513b4 aaf3f48696b965f0 17498e59c73aca82 583e487f660a4a43 43772bfd0d8917a7 23f5b829b6d9a0c9 f10a8575eb3c51c2 69b4989edac62410 8aa3ac7cbdab353f cb1136cdb4ab6b58 fb5d85bfcad353c6 dbdb1e9a60831d15 79b3ad5b3d23f171 c874839108e1765a a06f072d9dd00157 d6dda92609bdf490 f6bbe1386006e415 3255b68e58be6660 37a2dd3565fc8a4a a8bf16a819d82e38 58c6eb55543aeaa0 72bd74367cb36672 e59d5ace9463fafb e8ea989b9c6f28c1 75b5bc8e0f901e0a 5b2802e9762d541a 1501715ff06c7dc6 8fd72d048bbbc662 6b35eb7c224b232b 30b1a9a897716aa9 090c70577d9ac468 c2e289a802d8e5a3 d43d42bf201ca546 cbe7f35b3c376e9a 596d6b9551fe999d 18a56d867c30e411 ca2f0a266b474b11 72421f41152db389 aefdc854809f27ed 02e4ee2863d5e6aa f13530377826a864 62bfbbcefadc425d 9e5743139b8072bb cf16a68486eb3f5b beebcfe3d865a881 13fd8172eb9b4328 1fc0a195df8f3ad7 54a771cc98f51309 50e6a465fff35a54 8b1f21683e4ea18a a11a3b5cea94e76b 3cb67959dd484a1f 72c7af83e3156b6e ce9885119a73815c e8b10ec49b522308 896881a93f2d83e2 0259aa365a119ab9 71cdf3ff77295f15 02b8516506699364 746133ad2370c2a3 209e479a5ea58e2e b29d2fdf95a999c9 5891ae9010fdd82e a8b03f9c3d0b7265 ae8eef30d03dd935 5870fafb4beb53b2 3deba77f24c2811a f68b3496581b073f cc089e6f675232eb 47b895a8ad3e2ab4 e673bd5ad8cf00f2 1c4fea9db2bbb3b0 0b398cbdef044b13 709934aaa50e76bc c97fc1f90a2e25d2 ba9cf48bbe7f9fe2 8b5ae5364dcf4dcd 2a35d784451c4961 e0116e4c609da285 b14017c11d787818 d931ea3f3872958e 93d141847edde5bc 007bc6e7487b49b2 b8a73453d20fc5f1 d288e4b6f94a3518 a7da74a83bbcce0d f5ab7b0f4fbaacd6 a84d4b1efa85c362 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 718-byte msg +Key: 370dd49542dfcaaf 403ede1f2918d6e5 0d077605f1d2f32d d937ab9826e81232 +IV: 22d3f0fddaa6cab3 2c939dad2051d303 7c636ff5929c8b8a 5de30476cc347441 +Plaintext: 5ee760a6ef35 b33ad2f86b4e1fb2 93154ed1710a0531 008c2fe3a1cb4e2d 0de812d18e582a92 6f8a5af5b0c9ce45 ff63aed9e40bf29a 3c7c78bfe85f53db c66f671ae0db33c7 e4ebed12d5e7d411 ff35c20430c100dd 25a25f0043fa8447 881d8449c0f6b1dc fca7b3d84070da1e 7cd2b2d9bdf4d804 a5450d2d19638978 393c91e695734cd7 9d05d3ce5a2c8775 5c83a7e1f46b2216 a3aea9ced1630976 c212b87ac718adc2 b14c757d8be2841d 8990c9a23bf0851c 06265c6bd5c2ad4a 0ce81f8cbeae7ca4 1fc5c36b3c5c781e e9413fa6fb49a91d b8f34e8d8c481cfb fe05eea4e1fc6086 cfb8e222d3600c81 66dd32759d3f3721 a05da6bb5ebcfe91 7fb34e4a9acc026f a96cfd2abab7e84d e7aec995879ad731 a6ae8d7eb3e8fd15 7938670751e40a67 952b3a095729b38a 53fa2d9023223053 b22c2a5df392bf8e d3dd60626c0d1f77 7b3bc149147d1540 940a85eed89feb91 ac21a6e08683ec04 75ea61e4540fe9a5 43e5bb71587db878 9126fa350dd8aff3 7cd3288fd5832d7f 47a7941371b212fb d571500a8aef413a 3296b4ef2c962580 0b8bd9f3465a2a08 305b1f7a2bbe3f81 1927a79b149c5b8c 5fa1daa39ca1f540 3f90e09342cf8aa6 1b502a9eebfa1a3e f84fe9ac5d4cac78 009094dac5c1c63b 012c66f732abf562 edccde09172f4b3a 58303dc6cdc6dc05 fdab0c1b0fbe407a 3aa593a87cb61543 8f18624219257a7d 2313cc70ccd4943b 3e3a67eee25f0c04 d0448e2d8ab88f51 e97cdfd157a44e10 3f40be32c23c7c23 ac85d0dba66dd2e1 ad51800ec2790e94 e33f7d3f3b746ffa 96ff3a9417c73bc4 2dd46d6bc3b1391a b71490d48ec03815 66ab63122b5c8643 0e98681f333d7a27 aa6e6625a1f0eab6 d8d4e7065557b5db 5806bad591263bf4 9152715a7f66e052 0c9ce492a8f58dbd f7dbac2c7e042eee a399a90dd4983513 06777dcd610a164f 39a60f384187c938 fb6f08cf73904b57 2dac59445c7b1dab 544db30142f0c326 +Ciphertext: e7c579ad7ab2 9bf9c04aeb896b53 39cd8b75ddf2662a 2dd4b29348ba1887 a75891c4356d8ce9 f83fe742156f6030 655e53897e9f92f0 444d47163f03ff44 fdcf9ec83bbde0ab 706b9aa2fe0e535a 6daf379f880761b2 8ca23de8a71e2f6d 9b45078ca85a5822 66688029f627ded0 e83adca309eb72c3 a5886777b4f827c0 d9f004d893785ac3 68366c5987314593 427e65312c9d338c a4b1a3da5565b89f 5449eac9ef197c50 e347ab2e03420f05 da1cd4eecc9d14a0 a5ceb35b1607c564 f677e13679539178 9d3756239e0a5332 f8214f8cb9c5d4d0 0f24ab25cf2c3eec cfa496be1d67ebc0 fcca9faba7d29e51 8609b2ad8efe04f0 17b009d8e546574d c0febabea1e175a3 f21db0b4470fc0a7 856c512750cd4fc1 9427a2d57c1605c1 b83888ab5a5caf52 4e75a653ab401307 f3d6aa90ee1cc83a 0bd39c8d48801902 456087368bcac61c 9daa433ab15c6a95 65e0bfd8eee42f3b 122a97cf00172d1f cc914c4674769f76 04ecf49ee0bf0a04 3232d84fd7939daf 5c1ffd538b1b57e8 aff291e09391e53a 4b1f50b2185b2baf f0f1bb71bc07e350 4df34d3460c20d70 dd27499ee72abf1c bb7e18d76191bb11 2ae5ee51e207d6f9 d92e74312ef249c3 02d918055c11b502 64f050d4f8562222 c06d534eca4d4806 bcb391852960ac28 b1e8cc35979fd893 0773454596c2bf4d dd72d2d803db7697 d291b5ff9945ee4c 8e9841c2eedc4de0 1dc137f7f33774fc b8e01acb1bf80f7d 39c55f445f43de50 a24256c85e2f0650 b7f04d9e38ff8247 e323a606d083cf2e 22dc340debe73b80 ea33d0709ff25bcc fbc248a18d8c6618 fa7b82da8de7b13d 1b9d9c8e51cdcfb3 43fd54982543c3f8 c56401ed56b5726c bcf5bb77281f0b56 46bf3134861016fb 34d7010dbc2dce66 391d94be1bf2fcc3 a2dfa1f3f7dbb671 3c4c9934b850aff0 43da1420d0ae27d2 dc345cb0cfeb7948 9938a55f0b019e77 f8b750c80c85c6b9 84184763741341bf d0adc909ed8d2bfb +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 721-byte msg +Key: d40ea1d26d462ece d923769bc3b31de0 87f20191969ac165 1d3c7d8be190dd99 +IV: 6d0a55c570ada757 6124a95e640f48a2 719bcddbb3555f20 2e40c9a2a5247e9a +Plaintext: bb 2ada8058a6ab7e4e 34f0243d06e15db4 7c2fa298f58c6dca e66ef10429100804 97ba6dedd8432bea 7ad4551441eef896 beaf4e0e23513437 56f3dec6449cca91 787df2f6ec76467b 1fdc59b2677a5b60 89d547dd87b55dbe b9e0d3b21f29c8aa f6a9793d894db74a 4a9199df218a6e59 042af5cdc8c0d1a7 37be379162bfea97 39c8698858ce669f 24797b62172819cb 5835c1a68f7a763a f714722bb566189f 68612aa001033cc2 d51e6805f05b44fc ac7e112f83ec35bf 226aec48be273a0b abfd244d2bf41ffa 8408c98e552cd735 298e4e314d1df77d df490cb028093823 2c23bf567ea8f890 59bd04c6eda1babe f7ece1759415a2bd 57373c2a9915fa2f 105b6385a427b0cc 7dc7837561c5d5df 3d2030c001dd1fc7 b1bee480b9526877 822e78a042792df6 18aeac63589d10e0 24b3a5dd3c7c57e3 16666a7832c86b43 a822667003a75956 51f8e9577b335408 d32ca792ecfa3159 aeb637dba97fe9da aac195bd8cb71b34 512fa11b728e87a1 72139da9b9609470 a036b370c980cb85 b1936d4f88b45ad7 40da3b75e4b693f1 2bf1f1e84db56a71 156e460137d2fa8c e51f57ed9da30088 4582212e79b45e41 244d0a184d019aa4 34e759549e7d5d37 6dedb961738ef48f 88aeba0eda8fd2d8 85af5001644c0c51 26285233a48adbcd 7185fc71b37c1e34 32e66edcaf4fd600 779f2b6a389fa8c0 12b99b64f1005e98 1b7089e6057666bf 6bb3a5629ffd51ff 22a6031c71015639 21239aaf2ee7cdde 9135c7871083b477 5a9bc766539f2d1e ad4b40e0b87bfe03 7bedb9de03470fe8 fb5c1d1e7dabf0a5 28283cb1734051a5 40174a7cb5148867 479f5fb717290efe 826df571f3f60291 fce26d0ba6e5a5dc 05918ab80fd4dcad aec2f3041394b168 4ef1b64a1b6dd283 ff50c03b9498110a 2141665e6ec3e21d d7dddf8b9e91e06d 8670c76f9d1749c3 59fa9e0be6607d79 bfaf47347cea83fe ea788a1561278356 527092a820fd4d98 316870414446d16f +Ciphertext: 88 86e85b6c414cbcf7 7f3fceff50c455ed d67179c31615e573 4d28f76c69667a7b c0f6f0ddd31a0330 9ad7f4b7251caea2 09e74f5e76e3df76 c5f8d9af4e8f0f19 9e4f77f79f4f1e26 bce51b2084070982 594edccc3bec37e5 03b64dc55b293677 d5dea9f6c50f68ce 026a49be0c785a86 1168aae329039c4c fd8a0a58116a1eec 0a6218ab7e6b4489 75b8c6183a4a5541 42045be16a96876c 8b3bbcc400c61733 5d1a6fa3bb9c1f6b dd4065c62615a44d 5323fb9d1fcdd22c 0b78b601af655d0b 38e72797a5c698f8 76cb76d875b02ced fc292c6c131f6922 65eedeb9a6f51414 84b6fc3b3bac3903 cebd8b7dbe388514 0364543387b15a85 c7a93d27e5525c76 2c222ddb3ca72a84 fa21a16bdd0f5f59 41628a719e48a451 0ed3dd207793131c 64ece08633c16876 e3765b70e08aea39 9195346b05cb8711 fc93afa649a97063 d3fbadcff912faa0 85df01dd4a2352cc cd6bd831f0d989a9 a8605d3a96003466 86683fa34f56d46d 030e41f116a9dac9 67368b9399052a04 96c9cc43abff147b 40fd0ea7ef650d2f 19135c92837550e5 1aee35f997360c91 597e5408767b7958 21237b70e004ff9e 5e8f33c1bfba5309 3a83669e66f662ed 729ff8f7822ba837 0d54dfbf13a875f5 bfb6e472e5b732c3 04045beebf94e2f6 53596b093656b880 caad5076d2d41926 78cda39de74e1f29 214ea927a2493414 5f3f0f95bcdcb4b4 36567f529fd63119 2b714191b166dd3c 42e0b9112b3b6cc5 7dc2953ed629883d e10ad2cb6f3f3463 3436967efdd193f5 8764dca1a17c4f13 2f6fbbe8d22210df adb3365ea07ae5b4 f1bb628c0641ca3a 46bcd027dfd1cb4a d0cfe59e760364e4 517c84d8e54b9e74 494e13124da68850 5cfd9a81fc61ed28 dafbfbe1df0066ef d5022c909e258653 10959a63ad59e795 8923e042a7d19219 b621bfeb3f8dcf49 0f80c47dc588add3 b02cfde6145bd1cc 1e2e22f000c8aabb 0821907d75ef167e 0c5d54fcf2ecb7c9 7f76a35c00e61062 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 726-byte msg +Key: 649604de50a59a11 1b5c69045e836bdb 7b7ebf4c25c74caf 239ca65550f5351b +IV: e7b9943ffd313772 4fbd512e3ec6f449 18f37acb99a025fd b28c02c288d1132a +Plaintext: c01aac45fa10 1e359b159387d035 39c4d059a34261be 6c409da61d32f64e 505a781f16984e28 978388ccf8b81bb8 82732919005c830b 68a36d54be4ea152 36d2963299e10163 e9849d4a48692738 167ead995abf096e 634ba9fdafbe91c6 0bbba2bafcc81ca8 5e5f62f84b41fd9b 3e0ee4427813face a363d908b629ce93 183c241f08f4a6de 3c3d5f3cc8e9a4cb 424b557c24015f15 711185df9c38619f a57ea5c8850ea7ef cc451d7f890924ae 6a5c88b024303f2a 157d36e9289251d4 faa9ad1f3bbd28c2 56a0232a5448862e fd690544414aa2f5 d7d1738e24dfa619 5ee4c28bf1aa2f3f 2275f9a3f24ed132 459c55a243f4915e ff32c53656c96855 1b576e74717dc74e 77ed28542bc40da1 881bff30f2d8124d d4cab34988f6a072 772b384281ddf5d7 9f3037a3c6524365 0f0e8b58169e30aa 9fc1c52f800e5657 bb88a85eea72c3c2 e065aefa8d9f7a65 229e818176eef05d a83f835107ba90ec 2e95472e73e538f7 83b416c04654ba89 09f26a12db6e5c4e 376b7615e4a25819 1a7b9c1be6de5c5f cf46f55dba180bb9 0b34ce750dc97b66 946d25e4e16db5c6 c561308e0a0438e0 0e43d639b19476dd 71893311d4a5558b 076e1827c4c3b0db 787089eda600d363 86d33ebcf37002dd 841b234ef8abf3a6 d796d844564e4f40 7bd031a1837936d1 811cb74e4753b8a1 8912259440825ca0 4d0ceca55fb39cde 16a8b01369186710 4549c85776e59e12 cb96c24b75d2985f b1f9dcb0a79d9f9b 91208caa1f85700a 1a80fa3f49cfbf16 91cd80db5f45b0cd 4b8431cff5b25f60 33624fcd6f6758a5 4ae9d36e85b92096 22e2eaadc681abd1 62d67269129ae416 469380e61f6728cb 1caedd4cf54acb7b c7fb8527722e9152 3f1627e5c7fe36a3 10dea85cf82ce763 d7f4a042602bc7ab c841dbb22bf56b3a 2b6dd9adda865ef1 da694e97c25f9d55 c4e6a3b68d041c10 6ddb73b7b87e4070 6c030f2813d963e6 eb5cfaff45a75389 2ba96e11457cd391 fef1d59ce27018dc +Ciphertext: ee8b95e519b6 a369205f310a3a4b 5702f42606a7a5a2 5927ebc3db12c67f 583b6b1ce5137ddc c15de1c8263bedff 868d310391d215c2 27343cfb93fe3a74 444e43aa358e7da8 90cd71429785ac27 cc23c55060a22b05 d2c1799348cab650 8aed1a916e046231 d0deb3279f305a56 f3003825ee681521 7884111c9bf6328d 21cc62a998a111ce a0ef11eb0d3fc298 f3d550f8ef60ec4d 420617df62465e99 bc52ca58bb7c3ce2 9bf9281d1b7c55b9 4235c538ccf39e7d 4da22a278bcb5826 002ace0bc61b4463 b662f31a3943daf9 9e4d985ead819484 4af02fa92399305f 7c338064939d92ff 9a5dfee7018c6d8d d267546d34209c35 4458e8bfe2cf3cf7 c46920efd29a063a 7501461e30b95f05 8271d301e3fe2ad0 b35c8c6ad51d4c9f cc082b1c649a46f5 3ccbcc6a16598f7b 3d8f733b8b2e95f7 959d1ed9878ee5dc 3aab25f5a9be4f9d 55ab652605c0c712 11c114afed704e8f 07695a8fc524efdf 578ad81fbbb9928e a76595f19a556c25 b76790a324e2f335 f970552c20122be2 6a49d7dcca273c8a 1fbfbf443aad958e 9760f3ec00fd2919 d53cea3e0a38e9da 34f6067e66372c00 170600a3044ea12b 28e8f2fd23887ee9 6e292ec2dd76ad36 16b0918357ec32bd ff019e8e7f1224a1 1d813044a32260a5 70c7ebae00fb4399 35b2df40ccc858f8 01e356ead8152536 0f8d7ef15006af18 8ee0c892ae9a5939 d432c688d28841d6 cd80833e43882dec 75085471f09452cb 1f22d697f93d0b83 2d1e7477554c9742 0850288a58976143 65e8008c4efea1ee 109bd6571ee7204c f6e41ff5fe38d909 17834fa7d03e5dbd c53c0d59b535ae93 c16838755bc31e84 a877c12e62787515 6d63227ca1843223 2c2ad84aa9003f56 fedddd8d83862055 5e1c7af795fa29e8 d14e391fba2d6180 a68fe251e6b9d7ee 3dc681b0a9e7fd5d 03e4432a57c0fee9 880a60fca187c9bc 6cdd7c2ea699560c 6d4145b1326421ad 3719779b4a9050e4 b6c03b1bb539df18 81636b6543325341 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 728-byte msg +Key: ff51be3ca04d6c8d e035fc48ad10e654 6889bc503bf215c2 ad8acb7173fb660f +IV: 8927d71b82246a06 1d85f69518dc5686 497d1d76ea848602 3519aa2d31f2f601 +Plaintext: cb1adb7a28f1c79f 3a7555f291bfc10a 74d09e7f318ecb06 b10aa3dd4f04746a eab1321f39bc6da0 5f8a8128c0c20d29 120da632b71acc16 4ae61c4b783ac890 117545d25e8b4351 b64ee2ff4cec2328 4bb99c58252f717a 27337f3d529adabc 66ec7a5d3f6831f9 6448e03ede46eb52 465eeab922d6a279 727c337c852f9235 11a03a87835a1fe2 9400e4af1dd64dee 2c83f71d5716475c 5046a0d0bafed945 3b19ee17d36af552 6cff5418b2a63243 24b12b4c6bf7486c eb1b2e0099119532 0cddfcd6d69e9b92 14cc9a4244be809a 576fee0d07818dee 6b8245d6c96fb045 ab76ce8c3500faea b5ef1cf57c24213b ed45a82ad3bdfe2d f8044d18f32010c6 416cca009798f8a1 77f144f802e2fb6e 0dbbc16976b28470 b828ae8fbe2d9ffd f5455afca56c7e01 815979157d00f87b df5aa193996805fe d676d003d39d4331 f08be54607877550 fcaf22129584ffa9 8ca9b170e3e86a20 78761c3cd978e6ac 59c5d3a764eec3d7 0f7ca9b8f378f742 3c3157c7fd399c1e c7b1f80179c66fb4 597c8be764ab52de e34675cf3fe3ca8c 1678fc618e638240 eaaecd1b5b90c692 183777ceb0c408ad 9f98ee1f20ce5fd0 430809073f6f03ce 09f5045326ded38e bd7efe24f044cf8b 6cf77c6f3f409e55 eb69e47fb864090f 4e0f036f82b67eef 71d988b0cb308ec2 72ed878944416f65 3421f791a04a7b4c df8334371922afff 5bd17d3bea922d98 d8017733d6d9ba46 49baa907a02a40cd e4d9fe7590294e04 a4ed468df5719356 c7bcb4369d116741 50bc61a85f0b42da 869ac8ef92d34347 73b6496e93d6aa43 66a4a65a43f05e9e 72ad893b86f568bb ec4dfc6ec5297610 f1b3efa66cc859a9 de43b6666d7f88a5 d6178889bcf09ab7 407a01bad132cfa7 456ca0fc294f88ce 56214a24c5c5cb9e a581c65aaa05c017 a7a93f9b5ff73753 9969c53a72731ffb f7c4cc5af3ca10d0 0674ab75f73bc324 4b631ed9177e945d 1233c426ee3d0778 e9b6a2d19f964084 22779fa44c9b8923 +Ciphertext: ecb08da6e4cca8a1 4d4ab8c808b96f9b fe6b0d52a7f8966b e9814f1f33317e60 c8fea1d128c118a4 88fe6c525fa9ee55 40df9a6a403fe415 fd51923ff944568c cd118e8fcdb37a02 61a6d33d49fc4d81 a4f522618aaabbd0 3d8edbb46a0a432b b997812f56405e4e 69d771fb5bf8a93d d8bb2ed39e12f9b5 f3b5dd0ba928a913 9a553984e886f5d9 e49e5f34e959beca 3c3228cb12ded5d0 b78c4bea99b8a009 8bef1c9356c97794 62d264eab27edfac 2e72b65c40a7930d 2ed2ff6b4c1b417d ae2b826d542c25b5 bfd2104f66b7848b fb648c9da7033e19 67e175056b562bff c6e41088f78e3591 606d74bcf33382fb 085e068a970e0777 7dde92d84c9f5fd5 9fe7275798dfd5fc 9fb724b76707affb ca54caac2ebe099d cc9ddbafb2368cac ada3793f16cba61f a8a4dd7f6939869e 7db2541026870753 3fe85287f316d348 a3154361d8cc7465 be1b22be5e733b3d 96d7ba48229453c8 d0c0a36040b742ca df7b3bdb7be12b8a 199f423493524ec6 b806a0417fe43a1f 6e3a769964ec8513 2d0698be5ac7f748 ebec29adb48af41d 39e5b93bed486464 aaba0a27eb75081b 46404be3e63872a9 d5b5dbdc171c3f62 dc9bf628f6c9e6ea 0ee87e962b6c7218 5f6d0fa9922568b1 c8ac471e5fd3f70a d197a16077cd0032 b091a560492ce041 82967b459b32cfbf b35794a3e89d4a0e 1cb093944b1bb537 8cbde0622b511e9f 09434823662cf54d d2a59eaa1ee182cf 31c2ec1e15bd6802 4821f84fc7f079dd 5395474fd6adcca8 93b397c0304c6e4b af539353e5993f82 933e84f19399470f 3ce66df4f54d51a8 99c541415849ecc0 1ffad1432928d0e3 328e559849322746 b2782a30d7e65c8d c2c9184c16c29285 579512b4c71dad83 926d655feede9e90 8e434e7ad5d47867 16de57221ca2f5c1 9c28249f130e5b28 c253115055065494 356ec45d8ae8b6c7 7b61f60ab2136f76 4374245cffed4181 75a400db9cfd6546 cd76478b7ed9ec96 aa81f0542b518ae0 e3d61b5a79484e7c +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 732-byte msg +Key: 2f063ba0d1d00dda 51078946b4268d53 7f36517032410220 120aad512bfb5fea +IV: 965f8ba3f8d1ab19 4bf42a22e165825d a5eea20ea5fd9229 cd5459adf5011f33 +Plaintext: 1f918fc7 f9817ff6aaf5d328 caac9e31b2348b22 f75a7c6531e57009 0184aa5a520410b5 dec6d19af4714a03 79e42bf42e6fd554 304207fbc525ba0c 556a4985b720d514 af8ae82db4d05859 f6f36fd19f06484b 599c7c14117dff5f fb9d44ddd74ea88d 72b40dd66f79c5d3 47c3b3ee8f63acb0 7a5023d79e5306a9 fb03e38939f44fc8 312c88bdafd65918 763b3e7385edc92a 9945446df3109893 5b866eb1657c936c f3daa10bfb4edcd1 8b425a890a0c6762 c06527fd991d7dc5 250d2c7fe44c3c21 c1a6a0e8dc4915a5 8cc24d58a5284dff f69714b016e07de6 617f66193dce1291 a278cc7bd92fcd3d 83a26007dea944aa 44c352aef4c35f9e 15c664a7f868dd62 9e386eed7a69cc40 77cadbbe3df8140b b0d12a1eba2ded97 4bc96e529e84643c bdcece65475dda57 712106a74b7b85c9 45aae428f186ed76 0a70cc41b68970c8 0822340cc974bf2a 789128e78f9b5e8d 0834c8f6203528e6 5ba3c59ec8dfc9ad 861ce80a87164260 94028ba991c069fe 03581dadcfa4668d 444aa28e5cee3794 3fa5318609ac2da1 cd5a7513da536cc5 3dff2d78873a6f13 d04dac3bfb1d8225 3ca359a8d89c4697 2c822f4df1ba3089 be0f3e7dce5f0a21 049428cd2cd67107 8400a69a7b5056e8 b86201805e5f7df3 8f7299e42f7b015f ea08616c7881cde3 1fa261817a2e243c 7ae232d4aaa81bab b70e86d62ff61a74 898f9e3e66845e60 1673d1885ea07a3c 78eb0c705cffd158 3ecd4c7b58391e09 e912266e7e48ec27 705940d4ae0d1e8f bc63d57dfccb68a2 2d9535fa31aad4c5 137a422248353fdf 353ef490f2ddd9de 4e34d6221374a933 8b50877b42b20651 0ead3a834db41e31 6e0936e2b37773d1 34445788286259b0 60e58b2814ba7a54 e29556b8142b53c5 22a24ef27745b40f 787da0d6c3fc43c4 b43c89272e28f977 9819dee92503a442 59f184e9c9ae6441 22c5f8356cac2e15 903dc9a018654b62 3720194009a5da51 1bdd20ef2e1a4a0e 3806a9cdacdae14b fbd092bc5bda38bc +Ciphertext: 455ed5b2 a31c8b21ac269f4d 0e11c503419e82c3 4360e2fb89904ae7 db5016b9ad6419ec 2c74b5f9388f8e8d d12781dfcdf24e85 e78e3f31c3373dac 22792001604041a0 d0d311f00db535db 32abbe410feab18e 16e6dc2232038a50 35709378556d3527 e537f5e55583a780 157d5d588d961522 8cc7f0bf320240ab d254447f0074ff66 36583a1343d63d9b ccac4d6d7058eb42 8e97e0546bb5c375 955b1723c63783b3 b46fba86d54e5586 f7533653156d7eff 32d4e1fc2406c26c 2a7b2294e45fc9d2 2744f318ad64fa15 0b2268c3bb026b15 07428229b47a5cfb 7e82f6c1bd1af69d 911a89a36e02a314 83587254e5f64e2e d05e625d360a62ca a639bea73206e087 591b9e0cba0200d6 db497c512f9378fb 628fc8740a49c069 83c40f07b0decc14 9dd857fb1980e6b3 8d09d361925c29e8 bb9233493ed43f2e 8a66065e5aa9dac3 2c7cf1f90de9fdaf 14d13d5a0e48fb5f d0492ec675d47703 96268a4b9bb60f9b eec9bc1f8b735c5c 273396d8ad683295 fa0c2c702e25f2d5 f84fb34900562944 f66a0a1f07a64d97 424e2ee509a13c58 4266ea85aeaf9798 3c7074f70f6a9fa3 62f850132ebe829e 5272977a58852ee6 23e14c1eb38a28b8 54a921505037fd0c e0587e73c9e5b3b6 fe52ea31f4da716b 0625a5f9f34a526f 73e8e5e10dace73c 301da0c4d7f7db47 825c30cf7e6b1d72 3730d088c98efaeb aeb5a8258027d9fb c77189966d2cba29 8cf37317d3dda38f 341b9028b4381f87 4609c324badf1980 e4951923ff162836 5d308040ab2a938b 1e48d8dadd032068 2be46456218e988f dc158950d5457416 15d89219ddb4162c 59ce40d636315867 bd4eedf0b99336eb 6765050b64575a75 926271b9f7790011 fa1858d3cf0474e7 13e9a5052ca65f04 2e864d6c4d5ed232 8961a0be946e94c1 5379cc33ba772bdf c9576eca58379a22 69e98012a9589caa d04636b16faf2d94 f65916e9d939416b c9df06a370b1ad67 4418c3ff0310e817 1f085edde9a4e190 4fe91b05c4af3240 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 739-byte msg +Key: 9450e24777bd9971 50692b30f12f1fc4 27f9c50aec250ffe dd2ea27eee882d51 +IV: 5ccbfa67e314c362 32a8c6569cdb1bcd 1031460f4bc209a0 4ce37c0908025fdb +Plaintext: 60d2ae f250a976f76926e8 288116ab5ca99877 415f80e0e905fa6f 859270f77088ad26 6f26425b37de28b7 2f09a87778da7881 2b90273ce1f0baa5 79f398a015bca38b 66cca8192a79f95e f29c5826298b178b 52477ec791f66d46 6d934200d4e4fd05 5faca359d823e003 faa3ef6177a4bfbe 40ea4e2600fd5979 e9da38bfb4e804bb e32dfac34ac224cf cd8436cf6b0db642 7ce35f0436eec867 76304186beb0fdd6 79b777fe873f0ee9 f5a9f2190cae443e 8e9879073cb20038 9bfd24fdf824337d aab2e0b39783e679 fa78eee6636fb3da ff7364d7192f4a13 e1a9aacb6c2dedd9 fd86fe898375f4a9 625bf1df76394940 55dae71dd54fed20 cf9c9b9822b17212 fa9c992952fc7f9f b7b9c2ac4ff25095 1b37cc8179f93389 ed3ebf0e20990b4f 295a793a0c02d183 80fa2af4f6840e04 d6f1d9aa0c156273 c3f8ddd370ce00b8 13296565ba6e307e 4685f15f71d5ccb2 1070d741968ac308 da30bf8f1a379977 3f7226526228e5b8 90c4df97cacfd1ca 501c8ded20429e70 b94f2beb24bb1eb1 359b84a80f173758 e61ebb4109596772 1f5dc557b0243bd3 e8beea8e9844d691 7e0e4710c6257086 d0fb4f08345ad4d2 049b45275118e158 f0e4c4227db90a3c a13137319139d76c d7c3619155bc6114 873ed6040806d927 5828804cdc0102dd 266e1cb4773bb32f 82dfba877366565d 30ae4096dfd66c69 a8f4e8b6bc06069a 962cbd4081144dfa 5ab522909740fbd8 88534b86dd70df46 69afc20825af5e9b 78d2e37eb5aaedf3 e6ae6154c83297aa 1696bf7c0abd7de5 22c0d7e920e45109 54ca56151de6da42 ae323e7d0e2474fe 62dd631f6fa38d6f 5b91ef02b38d280c b37bdeaec1b05e10 3aaa82b071fed8fa f5910018130b560b 9c89d2fbe9932ccb 1b4d43f1a7f1bf85 137cf597faa80cc6 561b5e0effde21e2 6e10477bc7dca26f 17a84c85d98f46c8 c0125fdab00a588b 0de145aa3902361c 588e172a5751d51f 2cf4c3135f743b02 c9d388219c0d0371 a34d7d94cb61dde0 e36b0ab2a0da0c04 +Ciphertext: bbfd0b f2bbcdc9d6dea3dd cadc83854a546872 38cb19ced6888b34 8189a96a72e272fa e90414b8acb3239a 4cf6644d90ce257b 8812b8aa857df7f6 4ee9592a81001497 ebb2f802bbc2ce81 2cfaee9eafe59598 d9950cf7652155af f0c04a32de8de808 bd3d3e64273abbf1 26a4a41711c0e552 61f24579cae4ef72 a8942c6a68507911 4ae81cf10a28af28 25f3d1b08a6a82f8 9309fb83ac3c45cf ad1eaff3cb13d59a a48207352d2a1c36 5af576af20ac6423 01aabdd8bea30fa7 f5123dc485220366 6c7aa9f91e83b888 54bba9ffe6cba5fc bb5875a41a882ba4 e15efeb07f98ab0f 368d069350293542 23cd71d7ad41d3c9 957dc18f0be389b8 a79044a9aa6864d4 e659b1120cee2071 584c61d107f4e6bd 5d645e50daef81b7 d2cc145f30a488ac a0351bd7a63ab57d 0aba518d048f3b13 295c31f5ac78ec61 87099a918053d50d 11bbee4fbbe4d789 fad986a659e9c842 7aaeaba7bd53fb44 7bf24e4372212d2a 3eb5f4520198a5fc deb002dcf69e8a7b f4aae353c6c1689e de0afad2e7e9b436 6528d665800e9f4e 4cb3419468972af1 e705f740b1525f23 25a058861ea261f8 f623cf58058613cd 2ef3f1b0d8aec000 58cc9c60b243c312 8143de9c67c80f41 830d9663fed1ed44 9fe530c39429d41d 916c10b08ad6abc3 3dd4c42d69b4f01b 90c6630065879dcc 3c52ba58d8dbac19 95aacb6bd154e8dc 7cf43c7c4de227d0 7a722de0c6561a73 93d3e71a772d802b ac7242065d5a68f5 7f1b26644e62ad20 12d15117df360fbf ad3e6cfb9d5cab11 85d16068dcf360d9 f4e9a87f79d5d9d4 f2de94b49fc4b435 c2f0caeb180a4a48 631f366c5a650471 dd3326d59c8dc6e5 7abcf675a9a314bf db3cc0a9ba076a71 d953180ee253c438 8178c38b6f0aaa0a dc867af4c8d90620 f2459e5e56563763 f9922ddf24c33051 53791b34358f123b 88b2677d4eb4de14 69f4256b813f776e 4feaa68f0205a4ef 51c50a0d18342f11 807468416d99990c c710657640d66d31 4b9975de50304138 2e36a77c8379b076 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 743-byte msg +Key: 996e423f86e65ab7 263813c497579f9f c6cd73bce25e5695 10e8b8aa608e46c6 +IV: ff15bb83af8ef910 75365832919a3e89 b3fff0156c00a7f9 e379e77ec9a40c5a +Plaintext: 8f822633d67d06 5f274b99eee41575 ea7ed9b2dde90dfb 944d85e423ff967e 29af7c2a55e3f9aa 29a43f7efe76106d 498e24621c40cb79 f0b7d35aa1e8acc6 bac8ca6ff3bd4b0d f853daae6c31d34d 2e4ba7a7db59834a 94872cef016e2e09 9543359e144ebb56 539ee3d240fca53e 211d2c2a211c7c95 0827584b4a786372 4386855fc17d90ae c3ec249180bed068 ab6c7992f6710083 d5fd1f1784ed9426 4bfb82590132143c cfa6639436619af2 53a058886240553c 827349fbb7b70950 3509f335dc558d29 ff32698269cc4c05 a2218eb46e71c4e7 97ef9d9eecbd0a16 8a17a29a5acf449c dbf9fe0422e72dc8 1f58e6bd21ec95ad 9cdbe4a92be7dfa0 d18f5531848681be ec63e9c2689a8764 52ab274c849910b5 1a9ee6c37a1dcf17 92d8d5a261638cb6 b9d9f46343cda000 c38318089d607d28 99a06b95e34723a3 565aea94f94eacad cac1e590bb68c2c5 fb49839a762a232d 9f493bc76d4d246b a37d5baf55302acb a88485f0d95333db 81632ea917dd4bed b6011d0020171798 04a9f29c7cef4e37 da8b9c2ca4773b69 dd3be1de86633d8f 6530dbe8058e4751 fe4675037675601a e83df2eb25ba2497 983766e1cda2413c 353e3b282398fbbf 1bbcad8b4ca8a89b 5b014ed66205348f 39c18459f4849f1c ac930668831e7a0a e27362dd05726ee3 ba417a946541b576 484002ee01f09e56 5497034f2b090d59 dbd45ca1a9baf919 8d643cce3654ed77 4d1ca949fecd8713 b5b3fc86253ffcd4 8f45627e41689266 5dd25d2cdb2825b7 d1bc4112f205a27a 554db7b579aa8fa5 852f3e1cd46381f2 b0f2a5555ea3a461 5c8a92f0e67f37b4 becffe832d310ef1 45fbb6246a950ee4 112edbf2c6afb49b 74ed638ce1238ee8 789f97984bbbc0e3 580f933e0be58165 05edc9aa1c339b8d a34d7d8eebd9ef3f 09274a9dda32eea0 45d59c11c03b219c 169835266716a261 7013a99d0c89a1e1 fbcde13ae37de053 94b39b46907f37b2 cb95e80eaf42113c 63a5ad614d1bedf5 d6fb22166d84de22 ce13568484990bce +Ciphertext: fe13cbb07bdbe5 7f85602791a2494c 0ed6796357bfef87 b2f214448399f463 8fa32f3016d88d63 6add3276b96ddb03 53c1eb53581661b8 b46ba57b35ca76ac 194f68a64b6f8bf5 f7eb02c05b820ab2 1e49eae08675e17c 20c04e6a8f72e96c 1cd737e315c06d79 b61106dcca4284b5 811a346e1d7a7ce2 423a74bcf1dc24a7 86657b97dfaac941 f720cafffe9db6f0 59432b9b9257e92c 6f669a5866868ace fba238687a3b9045 2a2085ee26750599 0b3b22b65bc36bf6 13a5360a664088ce b4139eff25ab0d35 41dc2c65fd5c04b8 52d4969470b6a66e 7e64d36993be48e3 6e8be2d42d324c30 6a22bf04fda74693 7ecfeed6786b33ac 21a17cd750172ce7 eab8bf9dda8b5107 7e4405c38441c13b 44b56b6014c17095 5cf709f3fc5859ac 0474e11b15d93e18 95670af4ea95a228 191c2c73d30aa8d8 59ce79cd6227db65 cb8b8ccec1ed2f40 d58276fd107478d1 1dd4ed12b218df4b 59ebb8ff1a0af2b4 228252a074c3e809 44c579451eeb5bd5 8ea4f5e8eb75a443 2ebfbbd3b7d8d672 d5d62080d4e1b3a3 6426dcabd098b5dd ead45a623afed1c7 3f1e4c8b3302699f 1107c77f02db013f 3b3e934ab72bf855 7637f12e60c874ea 897997a09104bc16 fd75152c63a20e83 8a403a2aeb237b4a a4cb17fdae10471e c7727b0dc32980f8 64bb2d7a819542c2 1601c7f59fd1be3e 2eb419555a589c33 2dc87c7da21ee963 854d6dcb65c313e3 6dc07e4695933419 7d84937f783578fd ad5a2721d584898c 8b03ee359ce4ab31 7ff1d1299ca97f66 56d17dd178383f60 ae964fd19c00b48c 16f97e47439d944a 1792782dac76022b cc21a26ea9c67adb dcdc993101d334c3 f5c78924c8a4298a ba9e28ab5261c077 496f1fb9e6a6d286 2bbfcb94548bcc6a a1331a154e76c334 7c9d0844b55e2eed e8ad123173e5931c 32aecb5a564c1857 d2accdd21e131df4 fa4f03cd3f397228 c4b61cf5c5fc2fa7 c8dbda52e9b6ba1a 67cc8393faf7b4cd 1a169be928a870cd 193b258e46d000a6 e3ab85f317d41ed2 bcb23216acf2b24e +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 747-byte msg +Key: 4daa09fd9e304805 6c5184b5771ba320 18d7da802f30357a 5c9774a372e51942 +IV: 2842bf581246addd d05fab4d86731563 8cc62d24661db520 f624bef5f00dbb14 +Plaintext: 8f7ad9 c8869d93743a9d80 1c2e3c7026beb8b8 6211eeca4949c509 82fccadbabe818ff 55e27b215010d5ab 2a58c0dff2187423 4118ec9b7cbd44fd 537f66a18d9ce5d8 080e297ffbbbcdd4 7fed45884e01c415 ca635c5141ba6843 6f5f27364414a90d e8f3efd6fda44ea2 24d31493c2e16e36 04da891320a8f883 de8656c258b72c45 fd77144edc321fbd 20f47529d6213b2f f766ba0aa2efbd64 a9da3a6c4fec3529 5083e20e22cc0ace 7b36af721327f3a8 abed365e4ef77f8f d7451d5db31d8e61 e8009f3f56dcd57d 3d830c95005c5e48 29584636ac2805ac 70ae45bd0bb1fd94 ced4940801c94971 6fc2d2ba262843b8 789032ba45eb1962 7dfcfbb3e0104b6a 08e90992aafb2e53 19db4a0b0bf46ca0 a07c4214a0a68159 04198767b9a2408d a0254604d9da4cca 41b5bcad39269fa6 aa03be6946c3063a 10ec31021ecea3a2 9d72928717ce6a7f f13a70cb3828a575 9d0fede4bda870ad a65d41ac97ff3e54 08b73743ea3f5219 3051ad8b8e6046b3 818718aa8fbf8759 d054fe8cad9ad748 e8dc7b5fdd95ca41 07e2bd15c5384909 5e5287e6436e13e7 95b9b2cbe7083729 45c8a70475389b9f 7cd6e6926516781e 3d5a82be621fdbfe fe74a390ceb1269d 286502593c908dda 9a13712af464999b 2586515a7339a847 116e1904e8fd6b4c 989ad687b906679b 6682a604fc897527 1fbe3be3fe24426a d88d5e4fc055d0e0 9d4f69b57400f389 ea0bcc4904edd46b 32ea89818c47710e 5bbab998db1f1bfe 3f6c050cf6e7f74d 2d972c2095f87e0e 66f3845ba40cfddb a1de7107c3c41550 87daf0b4c6243c8e 370c0fb236123ab9 c3bf719acedaad7b b2dfcfc6ffad867e 7c7f72d46c1d8af5 1154bb276fa3d114 52379b65921a4a93 96a71bfa17413630 2644d594713ca82a c25579a6c8130cc6 1a4349e579329cce 551c9dce93e7ec0d 8e115f1d5ce860d4 52f99057cacab178 23ccc2420a8b6bd1 f8289c68fc0972bd bbcf5a97b588789b ca264a63fc3188d1 76b84fa3ce8d7f47 87b262f0da0e8ee9 b5640c2a0586b929 +Ciphertext: 95190a a77735b2bb6377e0 0bee275a4cba3dca 6d5a3e62c5da43e2 86c80d97791c0138 35e976a508eb6703 d8638c867511b33e 787227c3098177e6 16f0ba9f9f9bf395 7cac99c08c1db244 ef558119f6b352cd c94ad34df699e976 b492465806ff7744 287b52f950673c50 f8a212743eed567c 169524667b2cde57 5702d8123173d555 c1ca040440cb4d4b c7daaa455d077073 5f84e48a8c802eff bc73c8c9d8ca0b82 02efb22e247b21ea f8f9b3d405f5a006 15cd29f34afbd32f 6601b90300318e34 03779cdd494acf52 06e9e90ffc33e63c 36e06ce853880d98 d5704f8425b04f37 1cf76c1452753d83 9451046efb43005e b956e718b02c9ffb 7eb97ebf054a8aa4 fa7a6ce9b8911bb8 8e91d2da3428ed5f 2f236cbf3502ac1f 3c323095c8560c5a 8047dcfd6fa40c83 af4d56c1781deba5 3ba17f61248fceeb 14898df8f0a89a46 30956b9f37c447ce ecb52a82fdb106ba 3a0afcfab34c2a24 9b639884bcd19efc be21d86c0ea3f716 94f11808ffb277c1 514c0dfcc6683659 a5a19e219f005a5a 5a116983e1390e22 d760970b9aa00f69 9d849e861a32cf4e 98aca817d619834a 69f1af1794a0823b cc727aa78c0df854 423bb79429ea3357 008b922f9a5d3d86 43b6c79e679dd8b0 3739529f3804073f a292a002af35310b 256012d68b720a44 888d366e347be82c 509a7c8beb0da79c f68d5ac139bf6364 2194bdaa572b4cc2 23e21e7286712854 25da793faedb250c 145c9f442a8cdb75 71771899a5b0674b 9ab27e8da8005843 a02fa1e1327c8248 7782a8d7e0d4cb6e 571351924123f925 555dac91ef764fda 42c3a9e22d02d39b c711f1859c6721fb 4a1926763ed2ef31 83119441afe009d9 00aec14bf666120b a428aa6612c5c0c3 a4f6e5675023c26f b5f7f7f19021d9c9 57855571aa985e40 c1005f0cc719750d 7b3543ff86829763 e2ca48adfcc7b5f0 d16df44df8a677ee f53b16ca14162077 a11efa7689c723a2 646a97c950b61f37 c2c335e984e6a695 5ab032e5caafeef0 410c6d7fdec89c92 98d7e5b725a6d531 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 748-byte msg +Key: c6edf2e6ae5b7a1a f138304ba0a0d608 a1358fb35e093985 babefcd249eb238f +IV: c0c22b11aaf01a17 5dc5130b2d952685 df5e6c1161aa5432 b8b738a739d634ec +Plaintext: fc113704 8e105a76e63e7196 9a27e0055324b17b 7f3be3c445410409 be41025162223e47 c083e23e73ea7572 511eac91e5d1837a 20828d444ba28882 40f635c5da3c6763 aa115977eb124429 b84231307dac0c95 ac49fbb9b123ee99 27bb76514ca8dadf b282682a38fe0943 395a18ea03fc7454 8b56d42b5f0c5bd7 db596dfca0afc043 429db65e41f6ea46 3b3008c75f0ae33f 2571c1a33ca5f9c2 c498c1cebe974118 c12bec1bee420fbc 268aaad07a1e80df e2646a273235f0e4 4b3f1acf8ea884e5 97f4b1692729a12c 6131a60c3a7f73bb 2bf676c2280668c5 d6182208f92cb232 2bc0ae51d4f4c81f 56eda3848877e55b 66ee8e79075e88eb cfe97e80e569f288 e7578adaddecab1c 6c85493e4d4cfe48 fd155956b58678e0 9c7bd93f3ca86d6d 3281ee0d2a5673ab 0bc342446f47e509 563380601bc6612c a796d94ee4314a6c 740582f0a47d4754 9b6d339ed8b0c326 db10aa9f21656b55 560126b4c74cb20a 16aced8e31a850a0 844cc7526ecfbf28 f273801cb0adbde5 13866979cb41cdd1 7e3ed8ecba1eb616 2f28a46a1beb0296 0525a9deaee48064 45eb4aa6da57c248 1583ea142828a03f 02c972edc54eb3f8 7befceed0553db58 53f97042dbd8baf7 4342cc0d610e36a1 66f6dae4563efbd7 bc9797529b42f74b a7788455b50adc67 714525df4f18a2c6 c4798356b50402b9 30e5ab145af9fbc4 a8302de85236511f 05529e93d98e0936 8218174bcae8ef29 3fa3b33b28bf104c bee9140199a340a7 6932df2fe6b79677 0a9c3bcc7d31eaac 519756d0efde5e6a 516ae1ab729bd288 03ad8fbe60dc6e13 c2cc99dfb6291dcc ce8a3dda969c0ca6 c97c3bebc5642f49 3d8a56452e45bc92 1472d98f5d16ae10 1e45106105424388 8fe7cacb7a477e72 7e93dece383aa67a 6754a3e15a41c500 a98d766e24172a99 097337527a8ce88c 2d8ecc6066035455 223c9ddf95f28b25 d72d1707db65ea60 a0e72a88ab7b941e b444cb04a0e7efaa aff07290f7712706 11eb9c371272aa65 bc0d4a76f65caab0 7a7d81c1ce2f9f02 +Ciphertext: 87226f14 49c442cb1f24153f 66afad4dd4be1f2a b5f94c19f2fdbe43 0a81d19886c0ac7c bcd93b8c504b8b46 0c8ecc39e9bd6df3 97afcddc6eca1f0b 22e770d21fbe02be 033f724714d07d4e bbaab5ec4773effc ce0978aa47f641cb 879127baf1fe8b72 c4851eccfc7ca9af f90b976f5b16d120 7c87bf37db0d1014 ac9fcd390196d2b6 a7d0a53ebb6c5e18 f06b45d97261c318 3d93e2ae59d845e9 d6d182e4c48d98bc 1d5a3de66a723449 b99bf411509d0990 0d95cae65074827e c72d5082d33d6834 dee8a0694f58d5eb 2af3c2f9e300d2f0 a8e0431efb227a3c ff4cb9fbe5883b7b 1721db547c3982cd d58ecaa2d106eaac f8ef004dd673ad28 d407f2659586fdd7 d6bf35456fcaa5b2 4edf04fb788cc097 e5a21c82f48156e0 39da0d1ad9fad7cf fc5c52fe36d23a78 f1ced1c7c05b7496 f236c123a40963d5 909bcf486690a46f fa90540791490a63 baab11c8192f151a 55133cc7f283d30a fe7511fe1d9c1184 348fdf0bdaa605bf e5d4d4c814ec625d 6d8bd3237eebc5f8 22d60e4e85859e34 dd211c86520ff5e2 36c21ea62c70f13e 714a13591186b811 9378a0c6744b433f 909c9ff51be77da4 57ed5f4ffd6b49df 0df4634634a70dbc 5c4e29ce88b68134 3923d73bc978b121 a49f99ba7470c014 59f38e340e6b4992 bd321628f451ebdf 79e4f9ee6df27c99 5bd98da2a674ca1f 4173d24541e0f020 9fbf5378c2cf6765 644facd3635f506a bf1c74e654d9ec21 c4ce04b06085b1e8 5c54e72a6340ac02 a2b11b6e08d71224 8860e664456b0405 859237d62c8d6024 6ad8d1dc06ec13b7 2356145a4260a3a8 44375213cdc93b61 de07271206bfa613 1414b4f398d82f93 dc6994ae28d8dc4b e5572006c539de91 bd493c324b8da6be 7589887a6f4b7720 40b6d1447c4d6ffd e26bbde676629dc6 40432c25aaa9479e a4d79e1d02de052c 817eb2730a8f5acb 51f9ac5839c2c712 9ee0b169a1e39db9 cc1efa1cc06d644b c03f753ead3a2599 018da004cd960910 1bdb1ae93e85ac54 7c0f1524a7a95ae8 c8882cb2a1c084b1 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 753-byte msg +Key: 38c8fc6605c22cbd 91ad03b1889331c6 ab4023437654cae7 00969fd8248be4dc +IV: de482ccbf7841d45 e5f175a0edcd4b24 8ab3987b12b8f563 97b3a6a60bdcd84c +Plaintext: a8 99270f8f94630fb0 1194c7e97f3b4072 4cdb8478feb85608 80df202fb9662d60 63f518151b8685b9 b4680ec6d18a812b b3f648f04f9c281c a4512fd74b17e7cc 509fd0d1400c0dca 83fa5ecaecbf4e7c 8ff0aec2d328419b c804b94aba72e2b5 062c1e0b2c7f11a9 26519d3ff862112e 89d29d35b1e40a4d 9301a7d12d0087e2 2da4e90a0666f81f 4475b56b1cfc3109 48a3ff921258e9fa ae4fe2b4cc473c1d 6e101b17f74a2af4 856f8c97811416d5 756bbb211d0d4769 c0f6513bc0d16a2c 71779b7a27b20ff0 93460c0a4f32285a b733b92afb8a8d63 72ffdbae31267ad8 dde1517bbd260fdb 13021c0eaddecf60 b702e1f5d35721b0 6c716a5446ccd2e9 5a562562e22e927c b0aca3e9c3a173ae 1ce01bcacefd6d18 5554e576284ddc27 92dfff76bd53009c 104b8be4ba027c0d 8fd54ff01403d763 d5b1335cff31ff5a 2a83c700771cc103 dbe7bb47ba8a5245 b8ea65b0ccf1c958 968f3e4ef2fea249 cd4b654837123d79 ba891b5aeabf5d1e 3e2645521e50aac0 3df6ed94293e2fbd 213dc19626bbdcc6 54379365732b0560 ca92d71e33a6e263 75ee2875cd780d7e ce64c4326ca207b1 53fb0baf7d56b3d2 0334045b337ed909 e480d73a0635a454 7dc55463304c2404 5cdd6b812fc7cd3d 9216b253465df67a 32b3e32cfbfc5c07 d66a5a739a439d85 1ae49b23b106bd69 1e40ca4c92cda37d 08903290d5559d5e 805abfa8d30ed8fd 321883dd2c9be91e 50b8358f425548dc 0e1dadb1bbc8cf22 249d694b03353f33 4f810cf7c80fbb24 d088d9647c7e4b5d eb643cd6d6de5a1b 693c42a3514038f1 17281cb8ace89942 45b8a01268ce15c9 476dc8464e1ea611 f83e31fae6b82dfd 32149c6901b1ed42 574e71e330cf0ee7 cc3e374a4a111bcc 78ab1d96ea258520 494d7552eeef1eea af54331df9099e81 20e1732af23d2213 928bf0c0840da822 04dc8dbb9c2c9403 f5d1d009ee032e5d eb5e622e6f2c21b0 eee791c0dcfafecb 0ac8ceec32efb754 d1ce2fef34452445 d6bbee9ee9668269 33c6e8de1b73efe3 04191f2cd9c1efa7 +Ciphertext: 85 ebfec04cd9f70685 4a4d1bf176b1792d 0e76b7a57946ed1a f34e534086a40bbd f9b0ff67d65a9c7e 09687e6de055d731 1a4048a2889a211f 99ace31fc927235c 2667358ba62e7f2e dd63c1759c1f470b 9e6077ba316d532b e21ced5282bdc49d c73035ce78e3bd37 d83dd347f0a16ffc cc8fd4f72ee75906 078a62ff5d597ac4 a1bbb98af9fc46e9 96af06584a5a50d1 e909811e574c929b 835aa84c9abe5205 65a142eb5568ef66 557be684bc60d519 07c0a1957f32c101 e83b3f4c01e50218 472a0c5653d825c7 bdb7339459a45266 66876a06466b617f 39895edd31b69002 40510d3528b54ce4 4eba2f28e20277c5 3761d5a12735dc2b 1879fdec63153a98 b715b50559e0f4b2 d425d1b592935acd 03095f73b5b3fbb2 7ad0b305272743cd 14b823bbd0d46f45 6774295006c97931 195be5e2d16bfbdc 6f5ede980791906b 49589fb1617d5f8c f10b735081d63461 464d65c7aaa93939 0911485b47b21e5d 8d23729cb5045bf4 ec6abb4f26f979a1 a54092a30e015269 6f8fefc2acccd4ef f2fbbb4d0c195b9b 8c0738749df12804 de0384bad169f8e3 740ba1b6b21471a8 95159c931501795a 364d0bb99375549c c6d32678ffd4b6bb 9ce8e9bb28fd0708 d69d1e81823b60aa 42784faaa79deb9a 804a1edd125d5e74 79da99648f98dc08 d011032c4366ca3a 6bad69f370ec8131 32e1601d09b7f5df e0f3892c0e177795 e43adc780cfd0585 575eb300ea4836bd 9ab7a3f1f508fce0 52011ac3200c6b5f 3cf94a06640ddebd ab65d1acadec3a08 3e9fb993596bb385 3648f699f95ec726 8e4e0f2f2407d85a 03a52b7e3b15abff 6b7b8be9b32141ca 37ea689e46c976f8 c270c770f163b92e 7983173cc8c7ea4f 9d45092c01649ca1 ca50d573d439e8ed dd562e4de6dc353b db6625b20f87256a e2b8b6c05c23fba4 396224869c5d9f00 67b3ced2aed34f14 3af62b877745530b a7bbbbab527f7faa 9e6adea65713c2f4 eb98ca01cdbfee10 20cfe1fbb2e33011 efd1d4012cc156e3 a2f9f2f5e010d2d6 47bc1edc4879ec6a 74a7ee6b71060647 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 754-byte msg +Key: 523817f657eafe88 02fec18771ab0709 31dd626901e33199 d867c5b929a4c2e8 +IV: 65d3c85ac2e653aa 3b79e072d706521a 2f5893ed2a427e72 0c90fdf9af3e6e74 +Plaintext: 0fe8 4c880d820be46c49 43d220f9110bc841 bbd079749236bd81 1dc2db257335595f e9a9c025eddd9f55 32ced2ee0e870480 203973e1358ef322 6c3b36c199d54a20 e8e56336c33edb85 f58e774c0f34ecfd 0a51a2f12f22b75b 348d477ba8f9eb14 91637f1f53ae29c1 d33b967bddba87a1 c3408d0d47991014 bbdf96b9674b4221 2b4c9b4766d690f1 16fdb8e340c2de52 922dbc9b479c0735 4b5aace49f735a30 00c74016c35e18fd 04fb64ecfff4f7f9 be40b805f5d2a3a6 2a2510651819382a 56fdf5f434edc9cd e65e22fee4f7dc7f 90a308b119e4ec4f a06a4aa29ae4e6f5 761642497f2bac4a 034d7a81b57495ca 507b34097d79ea19 f74ee305ed7c6b7b a839af7d6dc2c85a a5f1f5dd3b1228c4 46f3c573e83aa6ea 75fb62f5d88acfa2 338ec5f8c65725e6 12721a7a3e7a9f54 b930425921ce27ac 64994fda25b61a54 613e0b235295ccd7 93f772c086530161 f35d3322f1df7545 0a4f331b9aa75578 78710a64d821c413 70a88418da4657d5 3aa020362012999f b0469522000688f6 c14e482422a61584 f1aed8e803fba897 d72192fd76119aa0 9da6fd561e7ab9b6 84fe4fccf6cac811 5e31f699ca19fc8f 120911dfbb848032 1b96f31fbeacf29f 09a9a7c21d35e4a1 fe586794f5495ca5 32802344b612543c 703e00e5a6433a9b 9775d6705f90711e 1a4cb2404c32cec1 81ad529430641da5 e5c7ab109fe89a92 778d663c8383786f fa355f04997d5dcb 45b92537f122e357 c2597d087143186a f217df9053b5ff7c e63af64aa2d10eab c7cc2495c1f3ae39 4f1bfd36e4fbbf0c 4e3cc7d395cf112d 2683007930d7eb49 4f0cd816687f8733 d436b300c0b99460 d323a86d1278b36a 013905f80b36fb8d 24a4c823ad6f752d 98d227cfcc24a14e cbf509c69259ef1b c1848b31fb974660 90ba7d22596b810f e415e20cd1e5edbf 7cd97346dd1acc28 ac8b1c8bc8a2d5a8 d9777d7d341ab2c1 002a6b1d97a38099 2ff86d55ba625379 0b773f6e39feaf4f 4802529a0625102c 34374a6ce60763c6 2d797f5bf2d98af6 256f7d421854dc3b +Ciphertext: 82b2 c32588127e3c6ed0 cc2e3f9595318034 d8e4418fc05a4cc9 94f2a5eaf3f78e7b 015e5b5bff3074ca 0e01562880fd1617 5b169ecdfce8d18f 65073424ad06b7ef 0219e4b66b234d74 16db8541b23891dd 6a389508b1a59d70 21cdae24afe42851 152667525dffac21 01ed38b7b292a75e 9fe19b1d2e9f7797 3d8598b8fae0e65f b311a3e9d1679453 54d09e631aeeee46 0a15b5a9639dc4f1 c55cb8a05469c8a6 024cdd70db59bcac a659840d62bc5d5b 8a6529dfc30c8eff edbb37b670fbbb33 14e8aaa7c6f74a9c 3174ad7d5d1a8129 64a3de1828f36650 22a41419db116077 77e92f295e5c9eee 03a087e320fcc858 a977a2b3fc838037 71c6e93aa5135a4e a95aafd6ebc19f3c 096bcd57bcc98820 7eef8244727fbf78 6ab8830d45f88e98 9b19d3326cf6ce2c 257007bd30f7c7c4 e0df84dd4cdb8e3d 3c515f1eb38bf1f2 231d7ebe47a73366 6b0ba87294b710aa 2b1a7d3f6d6e0b1f 02c49a84458da234 02c19fff8b226243 c2f0259acfa786b4 88f0b761f93a64ad f7c07741eed4ad3d 2ebe0e9e76761ff0 868e2bd2ed06f709 18286d358dfabc90 4bd032283efa5436 a3c68f2881eaa2e9 99dca2624ddf13da fccaaf2aef1c713d 9c2e8b2f986ad487 7a1b896a59b95d8b 9ba790507271fc6f 950e00560a8968c0 d7b991a078bd8ced 8aa8a4df5d3ef177 41e75fa4d09e6ff4 15e0dcb1e1ceff84 02014f147c04c3a9 1aee187a12c21abf 94e277a3eee2cd25 edd75af7bf138708 579a8d1c9a294746 5f31e9417b7a1da6 78da3436f8d710a7 97ba2633b469617b 3c308711b9a8dfa1 5fbdcf0849df1b6f f8a9609c0f5e8f5e 24fd0ab94e0414b0 e433379099bf6bdf 84cbf1d4604b946c f9adaf9403e7d4a1 a106eb9cb1b62eba 23e83ece9bbe590d 66e7c8306915041a e2c19c52f6950bb3 4bda58d023ec33e6 5118f130513253b4 ee794cc7da94f40b aeddf534630f1c71 36036fabd46f75cd e6d6761dc61a7e96 c53d4877d930282d be0b52d6582060ff ae68f35c13009481 c5bf3d50317fc452 835e8fe1e4eb12ee ac34c82f591ef853 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 759-byte msg +Key: 8483e39733a336c8 65085f86b99d2cbb 8531c04d287b8844 9c5c702b4b6556b8 +IV: 2499beafed74c803 db2c603e6036b524 440cec93f72e15ae 26665e3b8c518648 +Plaintext: 0b1b9515fb8acb 2ec23ed6d8a43748 aedd97478ceda986 ac3423750fbea8b5 1f6091cf9204ed25 9141c6291a2fa7cc a3795a3a00b3f6c4 86ee1a1d718a73ca 834c84d4eeb0a6c0 74814dc0cda68e2b 493fde2bb6f11db6 847dd3bf2798b9ad bdf77b0cf1a9bc82 1fa95a05b9b4f44c e958aa83774e2443 ee09d6c1fa8f8246 1588fedf62943755 d9e2765fa5ffe217 caeb47ab0b721555 0bb9ac8db218d67d d22795b50b1c2020 ec5428365a2f5f74 36213b093a06f7d3 24b6dc8917dabe3a 3efec9f6b2e77ecb 9e26f8f3a1ed744b 73221007ccb2d3a4 8128ee1ff07e4165 9f32210a209d593d 38816efc40e12884 ca154d0c881db0b2 6a366ab607ab68e6 3eee26591de7b960 018c13baffb28307 83227b7f37f096e4 2708d9b5220a3aa5 63585e4c716da71b 43706e95a8088dbc e67321caa1d28e22 ffc7c3860a42bf8a 56985349e3d62a56 445408f6018d4f8c 3b2dc7548e6c9e54 3c9bae9087fcff7e 5ed78db93cca4bf9 4e616743d4e7d05d c97bf685c666d162 24ab243b61e00367 c43d930544f311ed a7be15e6e7be1819 d98334c510672c35 0020acef5f95d22f d1f1ec93c3f68418 97959a4502bb30a6 b36d0c7c3617b9b3 1721cf144ac474bc ca1c23cd817eac63 680b7ccaef851fee 9f620312fe1f7fc5 b3d71312ea14f2f8 fae5bd1a453192b6 604a45db75c5edd7 e58aa3ef31278654 1a6a0352072e53c9 a87544e1d9b73dfa c97a7ce25b23a34b cc0c737c97d6d746 9501243a69b99f19 1bf3408c03b9b515 e9c2aa466a464831 9d10fb1ff7d57985 6cc40033d75edecf 9c8837828cdf03f1 094b566f6ad7e470 a1c0c4411acb74f7 e7dc1ea61bc519d3 735cb32b3cd02e75 703d08c5237d80f2 1d42554bc961d186 4e7106f9fb95580d e8963befda353e88 68bf49b05ce1229e 5cbe36a3ca3f9719 e8aa41964077a165 435f583630b53c14 37f99f98dfabd55c a55df0b3e50cce97 feb056e3b212fec3 cbde906804f92f00 261495e572829e14 3f460ae2e4717eea d8abcd4a180f760f c93c6eed1fa81f34 7d38b0ffde0e87ae 73a30c978d15b0f9 +Ciphertext: e84e8b4294e93d 51182b8267cba387 337f68981bea2d2c 6928cd3fd8c3368a d0ac2a173d622b01 8a098f24b32bde2f 2759cb633bc1d22b c9d0a4a9bf071fdf 8aa3f906811723bb f833f7b30bada007 154635198a49df35 6b502aa32257c0a3 e58982e022265b97 cae4a31f0d3e4fb6 c4946f5a7b6e55b4 25ebebf1055aedf7 75450d64528e52a5 f5600fbaa059cf2f f560fa77102efcfb f1429c14b8e5f161 3ede1244c73e4c01 8800e9ba08e7efa9 b4f7dce3e324cc36 df3eccd04fb4be9a ff75426e77389fd6 5339895398b91615 fc3c2ed37eee075e 31f5182429a0d9e6 dd6a49fec27509de 2fd26199f6d22a29 97844ce235a1aa61 0cb58d0d4df14978 55a6b2155f57588d 6e4a5be282266a4e f94287e3f7104a26 d63dbbcf4a001171 93f738254b0d0fac 516104f1ab6457d2 950b077844353f8b 6f1c1f694722f85d b53c1d5efb69359a a24c3268f3de12c5 ca18fd17d2874775 6a095756008b608b 156a442da995d97a 3ab8108c3d0ee703 a46892975a783d60 65b32aa27e475bec eb86a9d142391909 71519bb568a47db6 45c76ad53d8acd7c 9d55e0e7d83cbd71 5a80b3652819663e 1fc483b1bc00f12c 8d242298ed8beb39 e661140f702b0363 4f2d1fde1093ace9 9698952c00c5a198 14dd35dc2ba0721a c1282721e5a828cc 19c7f1c821274d1c 975b560760d43004 b34d87ce910477d3 fd1a4459d1ba34db 9980fc7ef55e21b4 52191b73a2e51fc7 dfa66aa51562d6d4 ff04c05f3b50d1c6 3297eeb781799841 ffc69a0eb114e7d5 26fd8cfd0922255b 73b73998775763be f2199244280f4dca a01e3f5937715abf dae418ba763292d1 5ccefcec98f6f90b 4d87d362a3d3be20 9bfb9a8264df2fee 474848304b2720cd 96a57a8118de1e76 4f3adf3afa096eec 3b41d539f161bb42 a138e5aee62ed9b2 6b3bd62b53ace4f4 02dc100d409dd592 b68061ed36a03227 8d321f45469e7166 65cc056bbe60db9b 86c8873127ad7369 47482d68225d0e8f 60be3cc28359abd3 48de2c1d8d3dd30b 2972a868842b595c fe74e0b808063158 7156b2c8f9c9c4dd +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 765-byte msg +Key: c22f313b15113185 a0772d496b149784 8c7a4eeaf8971389 997f3caaa16cacf8 +IV: 1d0202e4cdd81147 33359149ea171383 397a3b60e8d629c9 52ea3801bcb8ebcd +Plaintext: e5d124d9de d297571c2f7fe9cc 2f8fc166382c0685 4dd97af6d5f35b0f 9e9e874221ffe3f2 08acfc84ed60efba 65f4873c3d8aa678 030ce6acc8d57f41 25ad6c5b7cfbc9ae 80368093f89d245b c0281de310be0668 00a8539d4c4637fb 5500c559698055bc 441e2970d79c5058 4814cb82392eeffe 4d960af1e8ae49e5 3780d96371f64dc4 5c4d404412c73b58 05a0d942414428e2 f1bf53cf25757ea6 d213f2a21ac57a6d ceaa0c363285ac04 00b58e4aaf677bbb f40a755f8a039ee7 2fa2563eef55a460 a41cd76fbe3d6d04 403933c30bfeae32 5f5ebacb9fc0714f 54164e5e750f9245 e68de7173e5944ff cd1610d4de738aee 39a56838ec15be87 4b55222a36590ec3 9ae486553a40fa9d b0326da6ae2dd798 8ac6c8d0fa684f36 1c491acbb99cde82 ca09fa513b5a5787 f077926006945dd7 5ba922bb5022ea05 cdd87e698641cb2b 7de38b34c80f2265 95cbc62b6b10e354 b336be2176ac589c 68ec952b26ae9d66 bc5c83266ac725de a818532f670933b6 9a55e329f56c61a2 f46ca83a204d1cda 8e5b284ea8ea269b 2f457f9381e713a6 18eedbfb54ccccc0 7a40ffbefc851030 fbc9c4d50ae0ee44 353a938042124ccc 36e9ecc01b33639d 0150e2de43bd400f 0b8c9de218114580 bfdfd61d30f3a6cf fb2e5fa0d309ece2 918499c27c5f7520 c78dfb9e5be6f2f7 d71c9293d5f0e858 70a57cc203b53036 32c46b932fd2770b 36b428315ac5bf52 84d90d09b972dc0e 9b378a4f33a1f742 edf8a279e47e0e77 60ea6bc29d177239 cffe91a862e2489a 86cad36eeb3409ad c908849b24cb020c 4e150b79ad45d453 be7364975aa6f5a3 39479d48b4d62d20 cfdc5a2276211a73 071e517f11b5ad49 5c20ceff2928abd2 ba97310515ef2d43 065c6b3563e81f54 93ee85fc51d1c5c2 aeed190855ce31cf 13a0d7cc97e7cfbd 767101fd7288da56 fb6cef17f600e367 bec38bd968025141 4c4cd6c5c027dc37 270162a22b691022 467fd6f987a9d1e0 93886e9bea2bd1d0 6b8278191b151b58 22f5d74b16f38c60 7c1184ca8c3655d4 3526087561b07a25 7a2a03f02d1a56c9 +Ciphertext: f068d8092c cc459ca01dd66a5f 2b0b67c152fbfb1a ca98568aa3425509 2391fce8de29aba4 e30bdacdb7bbc70a 17078902dc0b549c fa294f1fcb264dd7 f3fcc91ad3191870 41e26277201e5f28 8b8c6412b9583796 50c96d5d8f173217 c41a0c862aba58c6 27766e33699d183f 48d57fd9f4c5255a c721e26172f52057 17e3ca9f6c4848f1 06b03bb5d4211d6b 72755ffc4fead1c6 506b35b349f556c4 c88896c3ea78e229 73448540ea5b9a9e 0e3065ca935e63c1 8a3ce513c622ff27 10e0d4ca120f9901 a74a7785d481ef62 0805dc3b4a2dc868 4f80fc14c51566a5 68673bae71644548 f77af4d613cb391c 158fa229c6dc31c2 8608fcbb0110efdf 791c59fdf5540f73 372ec102d3340e49 61e3704fcf56b170 c6d969e10da087a5 9405afb701e69646 7074822f90459cf0 d19bcebcb32a2663 f16f090af382525d 3c22ec29a471c0b6 6c083e8b22563157 2af798b91327861f e1f76b52ce714a86 4b2d6e0bffc7e70b fbbdfa17f146e4ea 791c4dacda748318 4553e046589b248b 24aabb9a7023e1c8 f822f000fb217ac7 4a10e5fe64240fdd cc50dd06e495e02c e96556f75b47d674 6ff2802d0629e792 662230cf0832fda5 03d766fdd9ed4fa4 ca50b8f2cfd27ccc 075c5db5b4167d36 4c379d13f4e1a972 36ffb99cfdf032f3 071606a5a29422cd 236edc28b589e8a5 2e511068d82285de 1e6dbd7752d3a74c f0b2af19bdb46ea2 e57b40151c74eb4d 4d0251dc35a66d11 43aacf3b49f52c41 896d21bd9bc937ed e6da7c39dbc72782 ffcac48177c3b50d 4ffb4b4c20d82412 7b05d8a7d5d60dbc e5308eb09a059b5f 74abbbe314cf9b79 138dea47eae85b77 3385394e21b7abaa 7ecbe9d13cb605ce 92efd6d3177bc8d2 1ac85baa34fd8f54 bf4e546ca7664bc7 f80ca9f984ca8527 f4082137668e9309 75fbb0aaca72ebf5 421ae2c8de903b12 74965dc54192a24c 0ef7d6c06469632f 0e5974dd028b583f f1dd4602dc05f8ad ae6d38daf91d5408 359b1c69bd7be430 b6df0ce5e230b635 799e7db096217fb0 132ac45d9152c340 ead6ce665988de5f 510c256fb7076520 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 771-byte msg +Key: 36a820bc8f15b7a6 093fb18e0e38ecad 83a29057fb14e880 2bc071809f533113 +IV: ab1d4aa4a372cfcb 4e50d6149941cf02 898314537367c186 6ff7c59b0adb391a +Plaintext: 3b7ef1 56996c51f3caff62 a63f3a253c1ef528 de803a5693ddf013 06c4b6898ad0123c 5bd7cbe52664937d cc68e998642c3ef4 7f8a5752af5df284 4a36acc86b512254 3ac757326d04564e 0f7c18ce809aa7a1 bef9845be2d74640 eec7859ec5a5f661 7bcfd7e1cf928efe f6e38d6f9b507857 23368a193533356e 7ade08b5a1b6d68a a759159955f784b4 0a051124ba36f93d 37a73136af590537 76e5ffb2066b0af7 45ccd70306198099 d14b6b95e734727c 81b540575932fec2 6b433040fdacd9d1 dd90e6c7eae1c9d5 d51b656929322a3b 89c8812639a46a38 e16063058d618d40 f70d0a8c0937a98f 9edec54889186aa3 d849ba4b5a988fc0 5ea462a9be726c6b 1cab0afa6c0466f0 b2fd54dc0dce7adc f59eb46ec1f7b783 6c77f4d598c8bf7b d3d2b0ba1a2e491f 9bdedacabf3ca20d 6831373678a728a8 9241e0312449cd97 a5eac2741b9f9a44 e1eb1fbda74b2a5f ba690b4b86922a58 596aef6469dee0e8 195b09cf783da189 0a8bea5bcce159f9 72adf756f39e07bb 475ae9176f703e96 b78d4d7438f2a614 a025044c36e77803 1867c4ffc7b505f8 e67996f13fe530c8 07e8560b63a5f00d 2b233639ed46cfa7 35fe3aed0bbe6e38 be30bd9be027fea6 92d5eb3b023ec89d 31ec46cafae4a60b 50da21c9c7a188a2 55e528bc5a1cf059 dfbad6ac1ba476ec 3ce8fca664ab4557 f163413a01469c5f 35019dfdb6ae4e09 7600dd07b9c14221 d37f22763382f3b4 a00162e9c395f196 e6ede506fbc45fdd e010c9f4e17c7364 7f197ee16f50fa4a e61c4b7d1476d170 ee10c87e31456cfe a450611a9dbd53df c61eda9021ffa040 4a1cc59ffdd18215 d7d10d0d611bbd94 4a2a6f22f46c28b7 33f6fc2a51762ebe 556998f7848e4dac 299a7e5c922d9ac6 5b05b9b3ef723b17 4b09ac58059debee 8d6b8c2cb4957a5d 6ad2e113cc634bbc 5e49097694b5d425 98c0b4c2475c21f6 7c8a68e792ce5152 24e0ffda17a5179f db5d2513ed1e3b09 a181db0f1e9b16fe aa2ff6cf28211ab0 de2ea0577cdb4897 5aabd5310295b7ec eeb5e8e89342142f 9ec0fc8d7d771ca2 21238b3502ed24cb +Ciphertext: 8ddee4 1468bd34938a813c cb72905ca1054751 b01e592ad6505c7e 59ba48864f2cedce 524ff638df51af12 30460f2db00f4832 f49c4d183e05737b f8b1971b8fc1df2b 2442eb52c6831100 34015a79f94feda4 d63a77ea91309068 700628bc99d3c2c6 f7a5b8ec7cf88ffe b5cd6b0507fdfb05 b81400e46d22f104 49e87a795c0c3946 b99e7c174546c34f 1fc1dcdc07bc1696 83a80ac13af3c46f 268bf89ca73f883a d882d624f426b534 6743f66095556d43 9edb180f5093e451 3f581d00c21e0b5d f01d30f4fa67c2ae 890ac60b0bbcf37d 56072c70321bbc02 5bd4cb50b0c88f7c 0adbf27af783ef39 781c71ccf0f0bc3f aa80908bb0e5b766 bc3c21b098dedbad d52955486893cccb 64e1005b95a6c83b 17fd26bb0ed0a1ed 480e52804aa8165e a03a6fcc3101449e 8cc44de2fe5a3ba6 083241049b538ba3 990868f13f765d88 8ee55943c5aba8f2 968d19e314cac699 094afaa2426a8084 16b6f50da9a88be8 fdc4873ae1e46902 3f0111777da3a3ce 872e8f19d57edbc6 ee7d8387f1258504 33bc13ddd0b1460f 60e3c1fb1b88dd3c f0da893a362cf422 accf9190984ada02 c930e0e2fd980230 56d2f64d8aac8dc3 c1caae81003a3b7a d03869e7662b9f05 535f7c3635d97b06 d0ac8cb17cb8a972 4ff8ffd75d58738f 91fee3284b88eacc 839255eb9f536753 cbcd0bc159dba026 44588228f30fdaee a101c049d123162d 098e40891c98ce87 0e4a2f35029d0856 7ab77d6e149792f8 4c8b6d585f6e7724 8e5e6e14a4bff20a 0d7bf41718a69245 43d339de07a6a5bf 145a5f0fd03477a7 071ffbe7e33baaa1 da61fe2a78a4d27b eefa9ca8a2b12a3c 35edadd9429c0dce fc76a309d8b6b80b 43ef1ec2b0bd2892 0402e6c711266ae3 d69143b8379440f1 4a14144a58835fc5 0f4ed20913ecfeeb 3e860439f0bfd568 3152495a7307b173 81e74896f98aa2e4 1e838b82ffdb317b 429d6e41a25d79db e8dda919a07f1554 4dea799463ea42fe 228dbdb532c4acb2 3ba3cc1ac0ea525e 6b0beb32996216df f107b66816ad9790 36565de917e995f4 1e61ec3f8c85d552 bafdf2af647930af +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 775-byte msg +Key: 9ae378d90391f608 c5a4f4ac3961b0e0 a743c899b6a04e74 278a1ab2c3f46480 +IV: 9215927c4e124e76 17d7dc736845aaf8 4a932985c8eedc5f a263af9246ff8937 +Plaintext: fb3524f3607f1d c0154847f0b80a45 6f13b45848934e75 6afcdf9bad5c8f63 103e09d9441f238a 6f26c1de2a0ff6a8 cb696dfcea010841 1e9ec68608eeea1a 93c15a56797545be 0ab10849295753fc 97b387bd74f96367 02eee01aade559d5 48edef469a492ce0 1920e72ff5766768 585bcb45ed62a80f 9f55f5fca32724bc b82a924fad822119 24da233897567b15 98c8fe395d262063 7b3cccd7f29e93f8 6ae10919bc0a6c91 b447870d16ddd62b de62eb44cc2c1088 20092e51a330eeb1 e6781d4dcec8556f 50cfda567af5c2d1 b391590c435cc3a9 1626e312bcc77c0e b5599693eca424dc 81dae3bacb85852f 9ebd0f39c99e80ec e3f9b3c3484a8638 5eea3c921d8620ff ced06be21274686e 274ed67467da8e79 11ec660c4ca15457 6995d7f369569201 bf193a7657acb3b6 d6ac766524f83679 2865c394d2b42e92 5fc12e5dd8fcc209 dc1d181da014ae2e 343fb7b308e0c014 aece9304e16b5c11 c7d50a797361f840 ae45cd7ff794a1ff c87061061b7b7471 2d8e9e0382ae25fd 293b33ef416b7ccd bcf720456314d350 1aa53b0866af99b9 2c0dac3abc65d37e 0d5a71664a0395d9 8e9cdb17ed7c8d4a b3470e5ff0657913 34b385519778acbb fc9a8c8797128d8c ad9dc49c9bb41715 1abfa2b3c1865aa8 cce8f0ef1bcff9dd 7e634bf92f7eaa0d a060a47d77a5b9d8 d774bfade2f885a0 7c14b7bc5152010b 191d77641b313585 ef4f42628935bbbc 73cd2df45aa54222 cc9fa06240ea0e6e 5730d8726111751b 23d168f1d84d64e8 7534b3313173d956 45f17486f07d662e bf0536c90b08b4f8 c34ddcd56cd6fd84 65101b0c704c9165 6e72fad36af45272 d902591120fd3843 572d67b44db6ceba ccc82b2c1e17b377 cf8bfceeb5381a62 2e9009f3a9d74b25 68d8d13784d71fb0 31c6ac3a43bc87b3 f1a24082d9300627 45180d16ad8033c6 7db6e205171f388e 1c7165dde8225542 5b219035dfc35ee9 a6002e2434df384d 1e2f62c71178607d 153120be1333654c 956eb2afcedb69cf dab134c247dca4e3 d3ab182477c9e1a5 a56ea385cfd6fef8 28f36e99ae5f7002 6894e79aec5fbdaf +Ciphertext: fd34320440f7dc ea45f57db978262a 5310846977589ae3 e0ce98ffb68917be 10ef81f4ba50c14a 410aa2ea6fc13efa 2d3aa33b37f77f4c a01b3cd3227402e4 a503af4193a51c60 a68a13b0b33eea5f 2d1a77aeb94465f1 b0ddfa76d152a4c7 45f13c1e086ebd24 366c6e1277cb3c59 8f034da14268b0fb b918a019b12ab1c4 16f0fc284d9fdf63 89a455cf3fe0214f 4070c9d840157dcd abd6ee69edbca25b 3618e8b9b58020d1 16fdb37da84b2fef 40c1977d6885582f cc17ddcc25cd8784 0af55e38c539736a c942acc56eec9dcf 92455061e2e115db 3aec871e8c7fce6f 4cd495bfc05eb17b fc164b613ed5d858 e20845e7f6772240 90c89621a395171d 79fcff5ca09d7d7b fdb14cf56cc5c1d4 e36060359e78eb15 03e438f8b3c18338 15139f5c7d4e93fa 24099b1930c37635 2c32145f77115da7 d5f86fe1042a89f8 ce5778a263e8513d 0846cdfc75321c5c 3a09f399fdf7820e 032f470b4972fa79 a9cb301810e7a580 7a785bbcc816715b 5d921790cfc3662a 5f3dc3fff7870f8f e43ccba140d0209c ea9818b4fc281c76 bbfaa580f68287d2 b75666df76b659f5 84b564b1663e0589 41d5d091380fab38 b212faae79d18f5e fdd215d007deeeb1 ce4d6fd4eec96844 9c499a99fbeffc58 bea6e085353dce59 c319e3c969022ad2 473d233da511e419 43cedb9ab674d673 6a94aa16e2c0679e a1db519ee8392dff 2e56a773b63447ef 6f5fac0007e4aac0 5e9dcb06473f0b19 d4487d695a617fdf 8e8139980cc7bc29 b45b427bf8b72fe9 bd284a73545e6514 f741bd121d221fb3 a945bf14561df55e 119b36c983cf6a4e 35aaa38d51bd7b41 08c652209157fe7d c8627de00d9069f5 b2ba2fdf36043e23 7dfaf052cc446175 3d66076ae7c3012a e6a63ae448275549 0df056811b0c8b3c 93598b1c863654bf 259f6b5968956b1d 1a072f4ab9e6d974 65684cba0c5c8569 f2849670f74ea78c ddc9ac0d5c0b0738 3131ae2488c27db1 f53b45c2e6a04a73 e210f6fe576ee146 9df3a1ba77ffff11 e7fefb7019541c51 f24d228f680de09c 6c7cf031ba94128c 776d1f94bb215c1b 9843597af3d11dfc +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 780-byte msg +Key: 92cdc553fa012d53 90b7d921f36a6e9b 168e9b8836bbaad8 100e542d50cdda9b +IV: 4c4951acf2093da8 ff24621373efd776 41d85c634a92edb3 8c739812971a8bbe +Plaintext: 4154718b 9b41ff2b24b2c9ac 3cd65b42db168547 823df68072dc0ca2 1dedeb14dab6cdf7 dcf099646529b6f4 376721864c0ebd3c c603ebc729125be5 c88d22277d360cf8 9d5f33db2b50d0f4 4ce952cafb89ad4b fe2ef51119dd2be3 8144577f939ed696 c6d7f619dff0c0b3 64a61597524efd7b 12043be4aa0425a5 3158b2a285b4d5da 409e09a5e7d12d39 65e49373b82754d5 ebcee6cb4451f032 be125c1ab941aecb f1fc9507adbbc08f 39ecf3e995da5a5f 6fd31d4b4f8a3492 12ba7d6f990c0c72 c23bc2c8977621bc c6065e7e5230b823 875d09ee33789bce 13983c278cdf95d5 9ba2b76f0fc9f7c8 f679fcbc55f11629 1cb2d13b58e3cbed abf3c2ccf980f1fe 65789d847c7eebbc af8ff42a07e51b77 141b9fba27936cf7 c11537e54ab8c9f5 06069b8f465ba49f db8e6f50d0d37017 59e098f4064f27f5 3c44c2fbe64fc5c0 6894da19d429cb79 61bf94b71985bd11 d149e6705ee0a4ee 06c98b95350d8c69 716982a990af0753 296a8ce648c1a96b 669eb1b6980f8aea 06ecbb3b9fbac7f8 0bcfbac8e1b70134 1bd77e65c750dc2f ff26204f1aa281f1 24f47a768c1d1d73 1d0caafd2f076024 1f4d93bdfcfaff65 832a5cc24e61330c 482befcc64ff37e4 8f697bd0e369cd2b 1d16f3755186ba13 dcf28d979b164542 5ad743c78f28bc52 492e55c963a2f052 fd78c5152cbeb443 f1c6d9576887629c 42419def756055c6 32a35f71187d70a0 a7bc3226f76896fc aaee6b891f7d3020 e8b126cb7f6faa47 3410c24f6ac1f61e 0329612f194d0747 efb169b527c057d8 356e06e3131c62dd 36bca5ecc23529d2 fa097ab8fa35b02b a859fc64e81880cc 0fc264bf9b302690 21f031ce86a3b2c6 72a2a74902e838b0 bd2c4b1cca4d5303 60f368e87d749d69 dbf48e7f20d13802 543e0e6b992d49de 16737f6835267785 0e4a3ce523ad706f 4d10e387f687648c 8923d7a527cd88be 9c75bfcd916d955a 020f053ef3a646ab 5f8c586c728fde6e f8992b8014919f57 357c34d546e8548b 258aee7c5726c823 faaf17b8fab04db0 88ea3283c83e36b1 cace0507bc605d1e 5e031c26b6f49ee1 04c245f2f8b15958 +Ciphertext: c6c2cd00 93443c43853e8e0e 1653c837a34a8d7a 5c7505383dec870b f43bd009c6698802 6abd4b5e10b14bae 6ac9efb2a9cd92da 6c505a4d7fa5ca6e 075bc2d1c47c492e c418a294992edba6 1190f8bc6b1844dc 6049d0b1ff2d3ab0 d3465096f1ad8d98 7c15db36fa37d7dd 678db79818ac3cc6 fdb367ec31510a68 1b84da32c86ab752 1641ddf1669e4ab6 68b54c7c56897cb4 9ae14c9eb39c206f bce2e0a3bd445442 b5f525dc584003fe a77161e7dba41214 f1461fce8c5bf514 07cd1ff7aa46b0b3 31e2ad49b5c9a23d c37c35c7ec71120e 252236eb32d7d032 103b5560c9594050 b648bed719665e95 d43497f06ffb9f0f ed0871d492f6b19b 851c8996f2caf9e1 aa31bd52c5ca4780 6533815bd8a8e6d7 f93b45257b41d1da 29eeae9fce2bdab2 df709b55cd225ef0 0f9407c7337c8fb7 b1238d1cb3c59fb3 52a63aec56a24a9b 5d482aedb62f099c 324bb41d8db97930 1856cbcb0861e587 a4793b00986e9b40 1a91529bd8f8a753 d5cded59c578eac5 ccd053edce43e0ec 901c55e538d373ea 1328b1677c215b45 ab14154e6605cb58 919ca3c25c7759bf 5768840486e8ddca 368fc686aba5006f 73d5f74bf67bed1f 80f7685fb32a5a8f 2d188642fbf8df11 0e26b6cabdc29b82 171347ca74c0f8b6 4cabe4ef615fa77c 73636aff9b329e63 3b3de88d826f5ca2 84d6f82500c53f15 eefa6e276deb8179 2f2571f0a4f0b8d4 b9ff9a6a6afe08ca 205e7c4666e94e51 590e0888f526f160 5719923207aae8f0 59aaf3ffeb742170 baddb9258284cd2d 570bc5577c3c0460 a0c229cafab1bd00 736849b22a3608da 40f593b083d0dcc3 c667c76413ffd486 1ec3daf543bc372f b77d8946ec49ca27 77288a6af71c157a 3b58408b51a7484a 12583dcb9612fc6a 4521ab0a355e98df 00d90d015e0d9f15 1d1f53694e54cae6 377fa5b597039e89 24161a7b332d3ee1 1fd42f36066dccd3 4434797d350729fd 79281fde5b2721ec f872d8ff350895d9 85ffc079f10daf5e 376139ad6f26d583 4265f1815beb7d95 57e4a099d2affe76 7b3be05bbbb29ab7 6cc04811fa819eb9 7f98f6bd11309493 7d81ecb8c988c099 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 783-byte msg +Key: 5c1336ac9ff4d544 b45beb5b9c571e94 c1bac477d96fed67 0d0da3d35bab70b0 +IV: 39f721267b82ca89 765e0a8c66eb90b1 0deede049de34d09 d89552f376ebff16 +Plaintext: c705cd9f998798 835c35ebb584c17e 9c2fe0fdc408a30b d46b0587c0cac10e 3f4f66c180c2ac48 18ae091740bf80ef 3d6fbaa81fe1572f ae0d86cba21ed3a4 121841852fbe99e1 32b3011493dfd0ec 7c14a1687df2a7bf 810840a4013bccc9 776cbfa21655f56b b8b4466c18ac5b7c 4168bfc4460139c5 34a25a9d45ea5285 5691089f9b4f69ef 92f9ffa635eec6a7 74b13c44e2d7b848 af24fc3bd6f10de1 97d0430428739c73 a8ca554b546cbc75 fd384070ba3cca51 dad650081c18a7e4 2371985a248a3702 e26f70e2dcefe3ef c445f2d134f817e7 9dff7b8b8029c597 e0bc3027f75ce1a1 282f77f3353fe31c b2207aeeb9d24812 e0e8a84c68ea1200 b7f933f608b1435a 62549307c6246505 ad10014fb29305da 8bdafdd43d253329 906fc94cc1510434 7824eba5f96611b0 9e5eaf7d8503f548 861ba2aa68a0d31a 546718b38904cd38 52e8a85535cc8e27 6e53abff9ceac163 b9f3c0564f2498da e9294bb2c891466c d8e7f19fe31f8572 03351e5d5d101134 0cac7f615c782a70 39fd88d2e7c116da f36bef0c69279d97 474c2f20323d8bc1 688d0652f66632e7 2b2bf7994c5ce68a 89bac92330ac7fa0 21e207cf8238da14 b3dd7eb184b45844 a6fac291602a5d82 831da86ca076d294 783dcdf2b4caa435 d7e50e07702b4391 94b40e428bf224cc cadcb470214c3f7c 36a6aa1232bb922a baeddfda21939cd6 dc9f0633367ee270 453f14b61cf86e5f 4265c6b663d34bfd 463c19b5ffb40a19 6603cfecc7944074 db8ef1c7f7400645 84c24866afd978b6 611ce31d72553664 1a2a94f5a8fde6e2 761072291cedb037 e40558aa7e97c05b f5d3659ce240c7be e05b7bd73f817bc1 fd0ec066f1c7133b 4a75200b38d3ccf6 e9aac8b9b73b6630 a0ddac19f6e7a81a 57d00206e095d85c 9e5bc5104556438e 25e934fd590fbbc0 42f9504334f914f4 6e9e618f5021a69f c8ff72420ee8ce2c 91d8d0ee31846d78 aef78fdd607d6757 29c0058ba931260e b0a94d27f95015d7 15bfc516a5612560 cc1f9070e43c4b4c 707d1581528effb0 3fa17e496f58bf97 99e53afd1e708a7f 85b87c8327fe66d9 2b1fbafab500da8d +Ciphertext: 8d2ac931cd92c3 ff1f07819e53b79f 6ee280e90848cc04 fd0acb9cc6c3e52c 7000be7cd3612ff8 5d1085deff045229 081840814beb36e1 2b4d07dbc9c9dac8 e4d853d236818843 c147338c86a683c8 f5f5ebd02a6b0d9d f28eb59078dd2899 8646e98ee7bbee63 8c7ac8bac910aead e83ecf9ee31cf3cd 217b63723a831396 92996501accaafb0 6ab1c684a3418aa2 2744bfbcb79ae70e 84306fa1ba1ceead eaf984d454aa17ee 3da5e28b4bcbd386 0bb2f944b1d48e06 22962e1c3297df30 b4ad9ceae1b465d0 bdc6de252f1370a2 6205bf2713826513 03af7dc4cc8ee6dc 75bb6a0dbbb9b48a 191dbf424c005f0a ef3adeab0ad99b9e c682f199f136ee54 e18a34ab599fc893 88faa129a639fe40 eaea7fa5868b7b36 932bea986b3bb539 a1a3f48ca713fb58 d1da912a121406f5 edf6dcec050e344d 202d18e0cc2cfcf7 ba375f329424ba2e 45ff1f9e01714cf2 2d3015e53474c338 1d94fb2177b78187 1a111a4131f80623 2f3c772e5ac5c4f1 46a9756139c71717 74cb533626a9aace e62284a2773d34f0 bb2df4d590dddf10 6280361049e74952 8706cbcaaef63426 a74f95d6e407e5a7 8c73d8d7bb1a8d76 0c568db4612eefd4 b72f5d69447f25eb d7912d59995ed1ef 5f56f47959d514e0 4ce0060e1d0e17aa 6f5573dc65eabd69 ee3c01d3fdac60be 6df6ea18463fcdb7 17b529157faa7733 276f07d0b2f8307e ec5769aa58f10b22 34a8b69e9e616e72 30061c91f514833e af950fc48e3011d9 030d504f07e88612 b93e78737cc1a405 0d6053b3c251d733 1a85cc5891e98bcb 7cef86a78f3ba5c9 9f750666c72604d2 f910dc77a78c6f42 92f8a83fb5b1736e 14ba79724de8bce4 e38a168680cbe85a 574897a935a293b3 d9035a4306035645 a94b679f21105cf4 6aa766a74ffcafe9 b09b7895c7fa78c2 ec9978b3320e30a9 da73c0ced92324cc db17b71a10082ed0 f89a5e9553966929 068d1cf9b42a29eb 418791dc34eba93b a12183602fd855b9 9ab0d6c3de5939d5 455cf180c4220fad f69c72c38af07d13 cafdcb62ada645fe 113e3dbc4cdf2c6b 10cbdf597a87a6c3 cbcdffef2973c518 31d8a78083ed6b92 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 786-byte msg +Key: 2e2e30d9c6757405 935829057745ddbf 0c7a9f918a600942 ec1b7d394e5faeed +IV: 9a85629d63de7741 114724c03ffd8263 61b34b8aaae2e19e 2d61924642351ade +Plaintext: 2baa 6925f7a3a735a72e 76b9905b775a004f 0f7a24946b2529b3 c144a205d9142ac6 cdd74a6b0dca9d35 a5563107c38a3175 73c9c11daec02a3a 939b3776f479df00 141d23dfafe63a86 3b01eca86edd3c4d 00df4926b258761d 8fb4c93172f49181 c85e4ca69772c746 c02187e6813a6800 3d25845680d35685 3ef520dd5b6c8970 70018b69cd578ca0 ba1dcb6b0388feb6 b3013a561f1b129a 26c70323b8cb10f6 9570a9d0577bd1ba b35f80dcfcb14696 e8dc32cd9716f283 d1933bab90f86c3b be126e823fc8debc 324e6ee4749c88c9 661f3564f1ae3e69 c7bf911cebdbe566 734fa1288d25facf c0525c2974310c77 b5300bc334ca3d73 8eb5ca1fd15cc5a0 3d8f0c6947796f1b e4d31453035819c6 5b797c91685138ca b0dbb15b4b635210 a23a75ee77ae83c7 26395c0b2af9f9e1 e2605076952d7795 b59b0d7960d8d6df 2cb8a55f24ab7ffb 0eedfdf9f0fcf2ee d24f4e1cc44542fd 235ca52019a39734 637264635758abe1 2555bfc45d494d16 b1ad3f28fd81e12a 848542f97cacde38 cece79a2179d4e9e f2da691479c95280 09e2eb4546c99b43 5f80acab94dcf212 f535aec56c62b15d fde4c5934d624855 61561a19a905ba71 3db4abdf66191deb 6010c9745e8f1d44 cfdc99e7e0fd79bc 4271944c2d1d84db a589073dfc4ca5eb 98c59356f60cd87b ef28aeb83a832bde 339b2087daf942aa 1f67876c5d5ed339 24bed4143bc12a2b e532ccaf64daa7e2 bc3c8872b9823b05 33b6f5159135effe 8c61545536975d7c 3a61ba7365ec35f1 65bc92b4d19eb915 6ade17dfa1bb4161 5918dac2ed74b895 751c42ad459f1c33 b78307f52b360201 4b47b57394d6108b 124a30036a42829f 1ecd2a050ddda6cf 39f9aedfcd335ff2 5f5a99787270a6a4 3f5e1cbfb5e704c1 bedb3b22c48d19ee 74865118c17b1810 2c7d8a97437049d3 68be679ed44d8624 dcae3dad7297beb7 ee93b6480ff87582 3c194f7810be4240 16d1d94ad15a4fef 00aef84d1fe2dd53 3186a618bd90be71 1797b1c2e042d914 d0ff3968b3f8a94b b24334abd458bee9 c5c9e92fd52d3a04 435d781ebce45577 1fb051a3830eda60 7bd5b86f99e0a8a2 +Ciphertext: 96e5 d898e725615010fc 9175c5dc5cbb1ffb a0bb9a9f6076acea c2a57519d9755928 a19a56dd34335a7e f914b987a81d1161 d9ddfe11d9b1f29e 159f1360c64e7f4c 49e330911b7551f1 5dd74b9f0be52a55 e2293d96f944c818 e90b567c46c0ea13 c6a873397ee49f72 9a302c6992606189 ef3a168f72c8801e b08a669a21a55dd8 aca019f7ad40aff9 e617a83789ae4a51 464aeac9ce8b7ca2 6bb685479502ccd1 f1865ab17b88d881 577a52bcbe3c4af8 0be907c4ffa1a52d d8e7693ea43d33f7 5bd1f71ab633fedb bfd717a572a8f0d0 f999132efe46df70 b2cec3958358b7e2 56fd62961ccaac0c f47b8e9df15d21f1 14ee0072b487fa7c e45c6ad345c9ed73 3d3df4d6a7daf8a5 5dcd722fc72fe57b c72b3a5a62372586 b4a69541228fda13 f8c109f0f1be754f 20906db446fcb6c0 2d751d4f26720e2d 3e47ac8e516fd0c3 083eb1e61b10ad7c 09d2fa0f1a4ac0df 503f01572d7e0482 06f83cef48be4ec4 12197741faa17b3c f9ead062738ce782 55f7be84da031439 7dfbccd9a3afdebd 034c2d8a9376d4a1 24450133c706998b 77bb9aea2005901c 9570e2c3014dddf9 36c2cf6021ca7597 309365fd4a3b7364 54813da784d5ad4c fcc3c00d3503c9dd 93379a4fc77f0848 5b6f77576ed63e8b fecf2774be4af19a f3ce91c84f5aa7da e2c9924d1ef239f1 33f467034d055364 f51774c4d29f7a04 4f7b0d4ba40658d0 f509185be4bac2d5 3a28254c5301d82d 7af17563fd48cdf9 1bb2f3e8c96f148a 7568189e7b62a83d d3b69d7d27d958e9 d0024781a8e65850 152f46120f7319dc 20d4f7b02e742ddd 852043c45431e8de b2362f0e6f3ca07b 1b3df30dc5296bf4 e31e2e6d3d8c4411 e73f2ea97966072f 73bf7f29c64e5f45 02a6ac6ae9fa9d41 2d13c3991d7774ad ca1a07c28d5ef176 8fe1fc0f16a7e147 30d47367ad74ee6f 988551c24e80f6e9 798e4585b1e944c6 9c9fd6415be8f594 0638edca6c1eb8cf b585496d50714468 734d3c9c45981cb1 9d7d8dd8d1609137 f650a427783f8ce3 7c0753062a2b451f aa44f6c3d34fc860 78e77f7d9abcacf8 3a2cfc524cdfc4c1 703baa45d10474a1 59d414da576d7ac8 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 788-byte msg +Key: 47375eb632644ad5 6c33ab8c00908a4c e7a048832b55e2cc 4d407462e5a6fcdb +IV: 88d56113eeb8b466 54aab5222088993b c40a0a41e4537090 bbc66fc7bb1cb07b +Plaintext: 73b3e52c b6290777fa2ae28e fe86d4e6b087d22f 4d81ab89caaa91f5 732cd509d279f2e9 d2dfcd72245c3bb8 e2b3c4b372bfa735 ae081d1f4194e2d5 5400f2ef6bcf9032 89018dbe9be7c788 1337f00bd45c913b 4e0f4ebbea2b6b4f a8bd8f94065bc8ef 25b8d0c327758fe7 db39e0579c039829 76bfc5c38b18334c b58e35606dc8a108 ec2b1de98fab99bb 80e11dfd935ec5e7 6e400aa1ed0342b2 c5996abb67bc2465 2783fc989d33efee 4b582e6781151f5e 7eb9a5bbd892a16b 1e06b90dbbdf58ee 1de7f53817b59966 84c69bfb2ed0ae74 ee521f7b1470575d 08fea7be32db458c 18809131c6d89d0d 7353ed2361367b12 0535fe4868436c72 cda9be369455f325 5e7557eb724505c9 6025ab46e4ef8d21 0c87cd899db4e990 b42e85dea9f86ba2 38efd0cfe3a4d984 92675dcb7da4ed87 4b7311a87b6ad5a1 04b5841c3869b4ec ee168243e09c1f25 523f8c1cf5fda12e 0a1e540cca0e388c 066844590b53d6e9 c811f7b033d5e194 e8d5bfa013a1b3fc 91b31d1d52471b39 026d4cfee85cda83 0e09b77fa2f826b9 9c527ebfa1392adb 2758f543dbbe8590 3fec2471982cc7a1 07254816f6adf77c b5de51e1656c0fb2 163563e62c1a7e79 070e551ce36ca52b fc8e34dff69b5bc5 7da0c16e29e36968 a474ef6e0e040edc a0fa666690c47c08 356b03406c6b5a7c 3ac155ceb34540e7 1a3a214349243ea1 53d9dfb669db5522 fae53ba31ec4fc89 3568966acb3b9d16 c0b282cda52115b0 68d34976345a3760 9324666fd64f4ad4 b6be0aa83b6d87dd dd019975eaa49bf1 270f2b0dbae82baa 474f0b0c5ab44b45 05eb3bf1ca820624 ba52eea1df54d94d d8b60de3c32e38e8 608fb3e2729a07c5 6916b1ae3f2322d3 a0cb0aba4ddad6aa c2ef776017d46602 240be559e8a9873a 2c68f24563f7e4d3 d5947429fcdd9bf2 2ee3f2ec7d81bde1 dcec29d9838ad28e 94088820fea7530a a1d6b455b4062e0b 64ba05efbedd466b cf5907ca0ae5f0a7 ea1efba5d8da7761 4eb953a53dfd99df ac9b39d1a2910889 477b08944661ea6f 75d4d13eb83959c0 2364d8835e69e454 4eae15faf1450b24 8a79b39fffa7c7cc 7f509452676b0010 +Ciphertext: 4b06a8a2 b63e76c9195a956d 2d1c975f45134810 23c75d8503471d6b 5b06021af1514075 f93edabc09f57832 340802f1d9776c9a 3dd23cd7907e30bb be692dfcb5b79685 648b48b1a96c397f a700d94a4ea2734d 83fe6eaf811147eb a1064e30f5305d44 bf7e69d9a5d489d7 30459b8a1bc84a1c 1e0308af11d9721c c0f4b389bccc5258 e77b36d8d196dcd0 a81b8601d5d9af59 3baba7ddf5fff99b 76ccf2fd9e3a2d79 036f3e8c029ad918 075bcafb847c31e2 9b941d36e2eacd97 44557b867d54723b 9ab39815fa918df8 7a4e2571daf10b7e 69eed26d98d142f3 baded12dad338b6b 1f35b998ec3519ef d4b0ff663d9aee26 d0b2ee73de7858fc 2e9ed1b89d2d99fb 48a0ebf33ffc7f5a 443630b44c4ef787 cefe002b567e786c 2fa718e0d66c367f 3def9a04b4ecf03a 2a913a70e0475ec1 08ae2a5120e833b2 8c98ea95cb4bb39c 6f12cf6e08285c23 698ed53c613cf7f5 676d0ee17915352d be2bcfd5a311189e f8723cb4a60b8ec5 3912f4cd200b2870 6ba09de623110d7c 2d78f1cab2f16cc4 15c61aefaaa37e11 8671483404b87b46 2bbdbf495dda1b0d 26c28a45fed565ba c560256d20eb4ff7 406cfa408e426315 5f127efcbb3250b2 c22ad9aff080dcbf 902141e84e6a8dbc 691b725793ad92b8 d18b67ab2f227ab8 cf2e78c5606a20b0 941bf3bbf425b2c1 81a0d3d77e6a4d18 024fdc2ec52d9864 9b8e0e16008465e3 df63abb2b39f4ca0 804f71705e9363ba 996c89adfc460749 7b2e4690ff35d0a5 dda4674ba0ffc0e5 eede5e640812409d f2b5b9bec36a074d 7acf8d84e0bb0416 2d8321fd87cfb104 3523d96800d9d104 437874cc9e241f1d c534b2790f7ded85 36e4b687518d6b67 6f84f01d75056f71 36a748587c4be111 0c154f26b3427b7b 3cdca0507a8551a4 0884e230385173cc 6472c881b91927aa c52e1c8892524dee 91b35e0613073c61 684a147382d75c9a 7c4c9a453e0bca46 51a13b1e4d374475 68beb2e1d5c184f8 5b92849ee423d68c 7f0422078f357376 12c93fa253d288dc 83bfdf8624e6ea36 9fadde794869ac89 841abd2ab4c8fbc1 7d5d3d8fc3fd0fb2 88be3948f2e1dbd0 c7583d79c7326d1c +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 795-byte msg +Key: 00cb56e1f2155491 1d21d273a05822e1 7c9153fc5f8fa84e bacb48ae19743763 +IV: b4b5858c4136c6bf 0de5c2f04bf66d94 ac281907304bea2b 3bff8a53ebbe1f5f +Plaintext: a91d7a 28fe4e911ea8ea30 2feeedebeb300357 e6c2027a5efbb77f 1e88e5aea2068b9c 7cd1669ff716b785 f93046862e31a776 62bebc402f217b8f d999f1ce76f48753 526085d7917fd42a 16b90824a4d69edf 43cc8123e6d5d322 4ac5eb66219b9a07 7056b321360aca85 4e323baf96486ff9 51935a0eca4148a0 3bb5da5eec224b20 9f59f8652cdf2000 6943e80e4caea22b 54bc4ee6248a6172 7211c69e1fb22306 a7115d8bbc275e02 2e9316290e31bfdf 13ee66943cdba7fe b780b80d0272a922 5028e97c2e0a0df2 66cbcde824f94f7c 57d2a9005a5aa1ad d4aab695dd8b65da 6243a51ecaafb43a d9921533d52dda6a e8101f12c62fd7e7 8f38cb1df724df97 a40d975ad83fdb41 4f91f7f26bf6e610 8e4fd0b3c783d115 b2d2fc8e9966a0c2 df2bc9199fe10a6f 90707a0d2c7bfdd8 1137c5c9a77e189d 031f53ce0b792fc1 db48434168beca2c 63d6a76c61e5a629 3871053dac4733e9 4bc8d7c6958414fe 600a0bbb7bfda2e0 926b84f8515b6a6b cca598f81f07aa5f 5174905e7fafd8df 36192b7020c81bf3 e3d81c974606cf07 967a87e148e50669 dfcc877f102402ce 241eab479f44bbce 1fc57432860d5f63 5b99d9df6e0acd6e bb78c30f91081a32 f4c191273f9b0dd7 0ed996b25a99a2e8 e6aa96dcda9d8ad6 ae1f4cf74a86a873 6ca9e7fa49f59677 77bd89fd0ad21ffe fe54c6bfd5c7c208 80692b2083c335f9 557fb5a70579e016 231955fddedf5e0e 6a3f7270a5b0ff6e f900677184ea482b 76ea0116bb50721d db9403981ee9e77e f314a2d6927fc86f e18908d194216a73 9993d52fb3a1d4f2 65d699b8111743b8 617b5cdbe65da673 ffaf172afd902238 842138da34958fff 898822440092f922 7c1baa66e77120e2 1c179b630561f8e3 003d33ff88542aab 1152a32433819126 0b9d9360dfe4be25 006c9c64f5b974da d58fcc86f5052d5d c3db2640f20d932b d8a820af14dd08a2 7354231515c31f86 cbbe0d57c4d1207f 69ccb280855e8899 a9e5573ccf8587c2 3d77365eaca4804f aa73fe5a3ddf8c78 c9cc50cc339bf8d7 47fc42ef5703c2ed 257fe0270487209e 3955a678a758f9b0 ac84070c46ed694f 7a94e9b0f680418c +Ciphertext: 9e2e93 ad1eb2747937d8d4 a8fa35570d3dfc65 9b4d6be4f5bccf33 ca7fdb0dc981763e ef77e33ceaf70c26 bbef71a6b6b353ee e69a428fa92ee475 9392ced44df7c87e 7b0126c707ea9bcb 59ad352fd17a8fed fca72e9b9c17b90c d66a31ad1c7a9540 df440614e8c3ddc6 e07efee4cdb00e2e baee5c4aada30db8 50187775f675a46e f04a12c15f65893a 3e7ab6823fc57e07 34397759de656857 8f46464f4c16caab 251a8c12fe0c8a18 9d111a39168d1a5b 992d1f2545347b16 807c6c13751126ea ac63653d37885609 1cdfc20bb94c3912 4f6a16a054123741 25b11da82da0152a c43d5f5e75719347 9898044abf2b52ca 2ebf9870c8dba60e 9ca3e5d03f9c1835 9aca4007af5a7e6e 75ca492254bfdf26 7bcd08316876f2c0 880cacfb889e0151 0d7b7a813804c59f 51bb1fd9e3625daa bff3d55bf218dce4 51d59b3c995c68d9 fee97b69c3dfdadb bc26e92513199cad f1a12175a6c010a1 5f78ee8320b9dc68 cd20ef31e314c110 d32898611c3f3a93 7b3efebbc6961da1 70d7a71767e7dbae ba2b2e04d8524989 27568b96bd3fc1ba 886721890435f28b 0bfba11b1d1ceda9 611cdc46c91aab8b 87e8c6c0c3222b2e 801f2987021e9353 2ee15b40326a6086 b6297f3fd5bf5627 a3d59f6ed6773df8 96aad8255d8126e4 32627da7538911e9 6a0ffdb5b41f59dd 56967f86fa08c392 58b101baff95fca5 68694c910febebe6 b8e287e865e6a5d5 a91b6ba067cc752e 4c4cc0b263d0b74e faaf0f0837af4095 c651dafbdc55741c fe89dd5e52706c54 29ad2794500ee7f5 10d8d8813c8714e8 3a5803d260510132 1e0cd2f72d8652ac 1032f94e597fea03 11cd995cbabcc667 072923fe74bd7e33 a1a79d02b9a87bcf b76bd0b4e599dbbc c2974b3b12a4e48d 4e7a02bde19486fa 6f6fe0ffa6083fe1 d462dccba55b9d84 27ff81f9b52622bf 5b6322b024abb5a0 fb8a5fb4c30a247c 268bca7af9523db9 f9e58a25b5d706aa cfd76f3b14ce723b 356dab160bcd49ee f31150a88fb944e4 b9dd6ba44aecddf1 889a1a8760fd0409 88b93e8455dbea6b bb98663158ac2700 a82b92ec6e49dce2 00e235f9b7940fc4 80a43998d93f6714 03f67400f829b329 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 800-byte msg +Key: 112658639285d941 0d0d974c63ed8fd9 9bdf28047b656809 555268f2248d0573 +IV: d812d912ed396a8a 423ba07229f27d1a bae008b66e738abe e987fd94162dc268 +Plaintext: 79ab9259c1c4b7dc 9d397c62d18fe235 891394a3ed1c1d5f f59059247fa9299b 9ff96b7f36ac2aff c60e1164844d26f3 af7fb51521e689b5 247362ea868aa4d6 f0054dce737b29ba 64c249bf6ab2b11c d52c5152315b3788 1b3a022d54579adf 14d61e8ca1b81ed7 1f5e0bbdaa48eb78 a22351a346038da0 85ed20371098737f b474c802e7ec701c a1e83ea46d973dce bf6b9e508865f4c4 0892a44ee3d6967e 78e831786e9e8752 8f6bccbdda260de8 d30c1ea11e09d5be 4c3375bbf5976da4 073943355d56cb41 94ec9c501a7dc48c 870fbbde31779654 fad77dc66d665fb9 0a6fe483dd9da4b0 567596a55424cb83 837b5c4ee838a14f ba87a3b674c8d484 2893fea816f97a68 7d0da203b1a48895 6e58e93a6cd35c76 334acfd5314734ce 0aac78ed2ff5b532 b2bda8b459836589 f1af49eae4d03193 0e28e969cd6ae85f 57c23a9a5116bdd4 9d8c90fe734cc929 b38766a679b8876c f229dabb6fb956ff b8de2cf7a3e6fa16 e582422a27841c3b 5de827b65311c5cb 8856881340bde776 d506364c4eecd5c2 32a7a77f9fb5c588 96da746199665576 78b6dcb968fd038b 554540e079b0b49e 2e04a54700662ed8 076635f1743c9e35 6951bef40e021308 e1a032fc4dbb0074 7fa025c87520bef3 579352ac0b1d08d2 0430170d5a527db3 2021f4e8f294220a cd83104c236adda0 2f6ab4db8790fb13 f05acd4c7577ab54 bbcf6eec8fc38028 c1b64c1935ccf3a9 37f141c50f1edfc2 d5d7caf987f903b5 59b289504cd18498 0240c377d1ce68d4 1632e2b4cc4d1ca5 5db0f45cb75eef9d a3d32b5b52459521 39295bb020f9a5ea 753580eee5a81a85 2eec35bd2e30d6d3 40393d56c9a71a8a 0e7afe0b49d410b2 fb0001bc83b44229 f093746314f62020 d9eca889d9807d9c 283a93cf74e812f6 519d4f66cefbfa5b 4cae99979039344c 16f5523ca856251f 30710245cbbb147c 1e145034ed04abe1 e9448ba1ca807c1f 9e5b25b761b47adb cd2733b573d77c0d 0b6bee6e0957be84 715d34c9eb535f61 1a2608412a1fe497 a8650d6697c4b371 c0ac0f5b497d990c 89017b571b3a45d9 315fe2242b21cb1d 69327aa25d082270 e4df9d44d6fda641 db39489281be9650 +Ciphertext: a61e21b28b9d3ecd ac4917fb8f5fc2e8 9274fa833647fe94 68222b9250975278 c985bc9310520c73 0f80630124d23d48 21745ba171738445 8845189832157a0f 67faab1734158a33 1a1bcb3501abec7d 21590681c50b2728 76a83465e9ef2fa6 2206af6fb20977fd 805b45f40359fc2a 70b32943169cf972 614c7b4a2d879ae0 9a31b87752866c70 8523dca1064adaf1 4e4b9906b0d197cc 647a79e741de9a4f 6fca0cb20fce6c9e bd6006e37b8911e6 fcb9c00405fa1929 61a425aee369c154 c7085fbb48392d96 cc5ed526d4275afb 9e0f5bc4d1656210 919b0c446649e33d 4fa53a0da1c09416 4ae188e51d2870e5 c0f558a657726925 12d9aeae6b2c6ab7 565eebc12dbefe82 c0401283b867ade0 095397bcf4728167 5e06399446b99cc7 e84bd38dfee8366b 6ed482740b8781c9 3994b79e1d9d2984 6a8fa1c567c68bf9 7ff2a88a9909dfa7 167ee35644688205 c8ef4704fff4702a 00b878f37ea1c977 7ac822156ce9c380 ace03c734f44eac6 b4499f5949dbb5be a2645a67482644a3 a567b1522c7d2119 3450906f79259f5c f30ad49bed522479 ae30fbb4599a0b96 2ec38a57ccb0b8d1 121a243e435d24d0 8b495d1fedf1e88d 08a1e1b55065d735 67be836627696a5f 744a0e6b51379b88 bfea7c43731b2905 d0785285a4218530 08a8d90d03c9982e 047049096dc19ed2 fca0ba2d13996843 4b174c7a06d66880 e47aeda8cc983b02 840931550fa0951a afdbedba7b010f63 e9f425e7f9da9c21 b829a36a8e9e5b84 4113778a23cb7ff3 5358d6232b14d796 34bf012650d4aacf 2a669726dd899d6c fec29963326190d4 46a09d1975620556 d825c1901e9eaeae a3bb1a0166bbdd5e 7af6cf22c01bdc27 60c8f7d968e667ca 15650b2964b2356d dfebca6455cb807a 68d026c922b07c1d 7ce827837dd0e9fb 391b211a450ccb32 2540c99cd48ff183 6f7a6c79cc6b1e9a 4589bfe1cdf1806b 6664ae9ae0b542b6 f90ece5219d85b05 4e4953284263e048 e29aeeb52ff9b47b 86647afa02a6afb6 aa55c62201c147b5 4366d243f0ada981 561eb7355353dfcc 5dbc05b111fd90cf 3aa3fbc65cc74c59 d6217ba4f00421e3 2d2235a2d0418de1 34215d5abae0e6e0 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 804-byte msg +Key: 0d9da68e419733b7 9762afed2d30d21f 0a7f71d75f4ceb0f 0c83c34666bb8ed3 +IV: 3820107808b0a23a 9babd670bb445e1b 379d2a752cf2d1cd 83153291bb1a5bad +Plaintext: e853aa13 fc7f319b463e5f0e 38c8dd7d6ddfb7d8 eb02bcbca5e4278b 441c7fc2261ebb87 a76aaa82a00392ee 2e2318f0b52d5f27 24e374847ad9ea5c 8929c1bbf9698dfc 91dad396b2e2b739 24bdd41a166f6c8b 5ffdc1ce0adcc22b 12aaea406a1c6699 4038768083c41516 a3fedca3988d242b 25b86b425ed6f920 6805c2f8801f8f86 3eea59e81b8ff5ae 324ef734436fd030 fd7c39877dadd565 12a4118c435a50ec 135a4574832d9f29 5915ec7520feb7c1 70b1f4466f4b9f1f 98ed9fa3bbb6f0f3 45ee01cfc2845bae a0bb840d36202307 05bf64263d969e79 834a34e6f119b9c2 5e10579fe07e7165 90a887a58dbe5a29 440e51d0ee781c99 592297fdec6df182 e6270d8de6022877 b044bde42ec1a550 b50683eb8ad85fa7 a5dd918fb498e15a 639bec40dbf7ca0c 88f8ed73200f4ca4 e110c1201a9db0cc ece2ea445284d173 5fd3bc61c7479d4b a12ae1f96b92974c 4f92d517a4b1572f b89b6ac6cd1708f4 61394597b3d9ea5d 82445f1f1830ce71 87f6857733fb9cfa 906fd8ba2d3bd006 f2344e8ba695f86a b3ac308d2ed3383a 12a29ae8cc63c752 fdc6fecb7bd76fd1 992ca1e4a8631199 bdcc1ceab5621ed0 7700dc1479d11f61 8609a29fbed22e7c de89044bc12b7b12 270aeadeb6c5c85a 3e7612a0412ded4f b39e8ddefe165530 49b44068fad57ffe 79d0641337e47e01 f06e06372d5f7944 0cee8731438a2c14 63131de25a496585 3c85502e43a788ed 144f7e7f43500b67 1a6158409616fb51 b30f6262e97075ce f79077dadff62d45 328143208de6ebe0 6460c7b2fea2090e c111d98fb030f702 325ba1bd15b9b732 d26c1dc3130a61d8 72519d2f84169f74 167f4812b6723248 764d957fecd86cdb 7d78d310dca5b477 cd9da2612f5a05ab 39c27892041f6fc9 49ce1dc96d3b9569 ba0d2faef09d2de4 fcad9eed075783da b24331b8a01df6ac 3646ff439eca7903 1293f74657dc1448 87e8597e14f36129 0a693a2c94560f1a c21d0494896e62d2 0c72f47f1948b1ca f7b59aba5f17e6c1 c89b5d95e8b0023b 77bcf464360d96fd 3012ee023fcb4b93 d37e2b49efac5bca 7443609ba2151636 dc89975dab905ead 06dbad76d14c2bca a3aad2d4cc98086b +Ciphertext: 98ff6cb7 a99a4ad1cb4fd178 a5d481ed9808deb9 0403dc67b67e1211 9d9adde8319803e8 db05388d07b9c916 53813a77de116229 2964ba1638c718b7 dda46f2484d7732c b03814ab2e1ed9d0 aed7c83694b426ac 66fb31fd300a5d13 9afb64007916de45 e33c07c328165f8c 0e8f483fc9f72ba9 dae52d8aaa44c74a 0121c4f48d7511d0 782bf5835815b5da 995c519ced292c11 91d29d368fd1d80a df0d2456b3223ce6 9eebd9f8044dd155 6e3e27e182fadb4a d4c4a53357937cb8 6cf15bbbbe87c77e 7d49d845fb9032d4 44e6f2f9383a1f92 dc4af393a4f24342 5b5a8d24d17d7914 81da482baeb3bf12 a574c50e2a7b2b45 d9e5c47bbde7fd64 8e55f2ada6e6dff7 8074ff2fb6c56b3d 7f841dc343baec3b e0161459d3edc160 22bdae9457945788 8317e3b2bc7b664b 76f91e6c8aecf107 fa5e6f3fc176229e 47e818cfd4667363 5fc5ebbbb6c34237 4dfb3e31f1145ade 0c1cd7a241fc85e5 920f526aa7387ebd b61ccef315852d7f 19837d92d787a796 2eccaf17af6111a5 488595165cbd4396 969429630b1d4f53 1d31780a5b83799f 13fca5af3fddb828 e9c395065180bd69 a02f9a10a39de145 fc2a5e14007d7117 6f4a851b1523f32f ab4ae5deb0dfbffc 23501a48c54bd332 8fae9b8f6f43b658 fc3f99fc94157cc0 a2f6e685b88a7e84 f8f5ed0d762cf22c 75b431b5fa64c4ac 0c4b9594f43f83ca f4e17fc13a2cc568 1f56d1d5288b2b45 568e0ab11e80c976 76d648cd143e5b47 fd66a52df7700f01 f9020633279c6f4f 8f658f5d0f88a0e8 bde89d5f9e70b159 cf5393d0d597377d 06e1f9344a0d0268 152227a520cd3e8f 9afc160ccf597f03 6ab862c5a6d7aaf6 7cee3b2627eba10b 2d1d77210b74333e 260adbf5e85f6c52 3ca47ff10a445c5b 0ac70494c66a8111 0f7e4e1694005df0 f01890839726decf f81c4716c99d1287 d494561528c63816 ecd8a38eb9f691cf 516a88badd78bf1b aae14d640d03905d 0cb77472215a3696 e39528256d174954 0cd7e534412f7175 b9407e0bafba2ad0 bce4acd2d0c85478 3acdb44b8b2ade30 f3d87c091068d550 0c326786289d1985 fe9264b0f2a8639e b3e38955c373dfae 7122abb8d8984bfa 87c9fc6541dc3208 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 811-byte msg +Key: c80ce7cc6c943479 edb525f2e0020a17 36f884d5b29a98f0 a15803ffc535cdb8 +IV: 9229216d9dc45cd7 51156413e3ca3bea 8998d455e7de2540 ca857d8f192a185f +Plaintext: 097ff1 8e8feed77d1b80c3 1483fe69073d560d 58d23f981e8f20eb 847e2e731495d5fd 362c5accf3b5bee9 ffa7e5bbf7bbf8d7 e75b07190f57f3f4 e7db8b06609ef5f0 6d5b5064c2859780 db37c85a416a46dc 096a7cd29d8bc441 bf1787faca8ca570 3b0417c771f5d32d b11aef6d6db10ac1 c6e7e8e84f915c79 141c6b77dbc7ae25 a90ff81c886b399a 883aa21d04fa0a31 26ba9186add28345 eed17fa419b7d8b9 be653b8b9051926f 687e29928dac0fd2 32ccc0d240b6004d 561e0aaa0ec4ead1 83ec283e100ea653 5acecbf3902ee14c f103bcf48fa69d38 53eb56b14257ae18 fe8d065a900a3def 6412d26895ea4848 6c48cf15230820af ee20a9e03cd6ea33 39311f0a98ad1feb 9132841b25470c6e a9843f5d82455259 2ea64c5f84ab67cd 3cbeb974b15f13ee e6172a31c7adf465 b29d55f336c6fbdf 1b638757a23ced8c 0d1e1dc06288e3a0 6da70bd50484cad6 8f7d5900c7f2e3e8 bd40a1f01ef34418 b6379317349055ab 2dcb712d63355468 460a93abbb30d11d 1d25e4518137331a 3ff362a1aedf32b4 2e6ca2616c265bc4 e12e4a1d9cea8f25 42fb96a3536f833a ae38d48558dd4166 7970e79aa7c0a691 67cfc87df187e3aa 34a8000d1a05fc1f 0df02fecbaf34c66 15c188009d6bff78 e1d753f4436f9651 fc166ab860606672 6302bcfd5d87195f 0a45cdbad5902c21 562d34aa190970c4 a12b1bcbace889da b956c3e1c80372f7 61e6fef1d795f633 ceb9b3c6fbbf38ab 2bd15d6f87052d00 16d48cbf83cd1dd6 218a62cc2ce42557 5263177171f8b8ad a3ef76cc781f198b 82645ec0174fe2a5 521b42745be38134 e813aad2041db673 106daf09079e1624 06ee830c0bef8b0c fc80e610ecfcd173 9bb1b2123b94fba5 7a32504fbceaec73 a85a41cae717deb2 28a196c96896dfbb 702578589fc64fea e928a1c5206b631f 7290e122342ea540 de669ac7561871b5 715744cdb71b79ea 6636ea94ba8a42d1 6c78aa3d789ca65d 24b739313eec5008 a5305e980bfc434e f84472e312ad5330 9dfbe6433ec8aab2 047cbd2fa879445d 14960de323cf73be a83b82dbb13e5ce5 0dffdb5c0b1c78e7 859d6ceb1d27155c c7729ad388fdd2e1 7d0162a41ea32697 c46dd3ae69ffdaa3 +Ciphertext: e510ea 375ad8359e31fce8 c41957076434898f 387d56170fc1d57a f3071175e7b8d609 d4c3d5103eb6c761 d3b2f4d108541054 ff0b06e98b9d04e4 10ca983e4c424371 8456ecfbc1b526a9 a6fc30314ba3f151 fda9f652b16cf8a6 e0f0790ecfc57ba3 493dfe8d61ff2534 c1a81960bb83d047 730605b8073c4e77 46bf1617297c2754 6bf6495053401fff fac6280a9432cc7f 4f4da26a055137e9 5c38a9d36e0f41c4 ed9bdb1db5af899d adbe462b60cd5c70 5ef538ccf561ec0e 3d16899b7f1e32cc 7b06218868390414 eb4899df291a698d 1077b899c2830fc4 1a7ef4d7ba5dc89c f0f4060bb87f5196 66666639f1df5b22 20972d7a7a9ee420 932a7821d8d4e893 1d98f411acba4c40 b381d2f4999a3428 ec009a258c473c23 6e5eaf9372a23f14 9b63527211870931 1f2021e4bec8ccea c2a4f50d0856f3f1 e77ac3d85b97a36e 1058fd3b7085a71a a20bde6fd0230792 caa4d99a1e01a95a d89a030bb1f18eb0 35845bbf8be724c2 1322276496956e85 e376e1af824b1c17 94df4d5b5fa7f0d0 86d270acbf128cb9 e25d3633b9a9c347 d42d51416bb26bbe 8ae903101c7c1064 4136451cd55dd6c7 b065842863178c05 4442d193a594833a 67a2f9c6fd715377 e790da67811a923e 7fc9a3b6dc82e532 31179864d62cd2dd 5d7311f1e2939cb5 98e141d73a89adf8 b09f53bb85753f92 c57bd3b0cd05874a f2cfbf88466866d2 7429af30410f51a0 a50196bf06b96700 78ae6a13a3459c72 98635055313f89be 34b6a48d3317943f c2a4c7620356180a edfddca43f9b7a12 3b1eaec2e31efe47 b45f295ed1e80d74 738cb2b682a40dbc 24c5f2029e4274ef f023a2b162fb5fa0 93016a760fa3788e 6c1e9a1436cc61bf f4417a905aacd46d a0b30f2ac4c6b318 eefb33da4cb94d98 484b61ec4a555dff ff6e36881d325d1e 9e88dfa0ba04895c de3aeeff295f7551 920bd97c1d462f43 3a313ffa0e4a7076 009e9127b6f07dcd f37345d3b0ff3e22 31a415aa3ffcdc08 40b2dfcbd5232911 e5706fddcd63ea48 d8c5d11852204609 496f3bb6c4505cab b8626e9d5eadd7e4 ab2edb76a24b0ad3 588e36527fd7ad05 627254eb3c25c2af f4e10a75a2e4b671 f7c5d6755cbcf57f 53661a7e036fc547 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 818-byte msg +Key: 028f8a245e8aacc5 ad4d92c1ef28607f 7f5a65e14679efcb 2e1464dfd9968e8b +IV: 946d3746866cf616 2d6e48560c3de2b6 9db246838d1d9529 28e6a4f613755120 +Plaintext: 3950 180a0783e1c3dc45 1ccfbbd8102b44b1 708be2d930e64593 9634133f9477da7e 55f84a9716d3a11a 37b566c392e55aa0 0b81ac76680b6c62 642442bcfe966040 1798b5703c4e6334 c19074c40fecc8c7 3eee52bde79e859a 334b08b33887b1de 8673b1d5fc3d0cdc e1e64da43049776e 32593e7352aa7784 2e33ceeeea52b7a0 c910a790fea7835a bf41592a9c034edd 0f4ad76354342c68 7a63fa33bbfd58ce 09f7fd67e994b0f6 8428ff20fb22345b fc49855493468b8e 4263f64b53927eaf 6db11d23660c7bf8 5824aa4cf7af1332 21dfb00db7e77c3d acbc28fe5b18108c 1ec56d8c1c18cca7 62bcbf7836b0d2a8 a793c0576920e7be e0f5fa137b98f6ad 43bb5769b4bf8b4c cb78a76a60305906 b6ee1dfa51f8b45a 0796d3545a19185a 051c4184d50aa02f bae0caeb1e349094 757730be1677cc56 49271a87a1a35edb 8c6f95a328fff398 587d90c218c65f99 0db65f6b60a515fd cd313975f73eb077 ff3cba8f54a96dcf cdd662b9f5edae5f a63313c8d98b7896 bc3c97e605f3f678 860c1810020df41b 4073a6965db2652c 6677b59e2730dd68 3dce9ca273c91824 4b6517edda3571c6 d9ddc622fa1b6c49 7809abb5f29c2dbc 7971b070e8c9fec4 73d21ff08328cd16 c29b28257133abfe 02715fd5e3d84eda 98ac3b190cfa909f 29d898dfa6eeee54 203536676dff0a92 2d3837c6a1eb2a0a c107a5668864b7ff 9301ea83ea90bec7 1e3456af9489724f 20e59d4fd5dda894 1c0b561c040f592a d9d47da4f81524b9 e11ff2c68ed8c97b 0400f83a27b7afbf d23fb70627045f69 24d9ba0a77850770 947e717504f4f95f 0011b04d3e8029d5 0b2c2eeb9a4ab204 9c99077c10e85135 5dda3b829ee6e843 3da12d51c340fd1c ee58249205e93843 689bcdc36b47e950 64b9b8b503b5806e e237d60d5dff13dd a44d02c40eeadb6e b16775a72fa9b709 d2a650d8dc69a72a 185c154bb5c6535f 54932e49605482cc 9e8665f00517a3a8 cf266bb1d00b47bd 079751d1739ca5ec 27b012e9a12f15a6 587f076694989574 82c3710a88a14770 d670f3683e8af1ca 452e146c7a837b44 06dac2d1853475b6 1404caa9ab368f8b ae6f61d8be971f42 d5959e9992599eee d120fdf87ff32bb7 ad71de56e2cf0756 +Ciphertext: 2b07 6be12a126f6fc8f8 924ccf9333022fb7 f2d60c2d93b282db bdba195a4ea177fb 54fee7e0687400cf 9594e53f20c83317 96397cf6eb63610a d4fc49805b283a5b ba5def0cccd293dd 0ea54bf81a7ea442 c4403764b542d5b9 8d2b8726ce769a79 2aed2949f86afea9 c335078b97cd539d 2f9b48a5c08f2141 ceb68d960954761d 20e89f82375b733e 9dfb5ba8c7205d8e debc30d485c8d741 925a7dc038bd72f1 b745984730454196 cfd650702c9e32d8 1dabdb0c87cc0c3d 62b93087a9d9171a 9ad78bbf5fd4e4d0 2bb2350fee275266 1c952d0c79e81d1d 413c7ec13e5c7ad1 aa53636622c7c0ef f7f95b3a505c29d3 dbd573f592b02604 c4667961edbd8b22 b6bb7b9e9822faf7 de21f7872dc7a5ae 56451208c7f17006 dbdff44f484cb553 750e407e205a379d bba7295553d4ae87 414e267a9d797499 2677a634de15e055 9dd2dbb9493f6ff0 d68ccee5fc270639 b8c3884fe1b79c2c 70d98647cef43141 d24f29bcb1b21cb9 91bfd1b33e773efe 8bacf036ff6a2397 2bbbc802b986d4f9 36260c1b14064aec 445c2e3d9cfb4fe5 f45493d5f520cfea 73544d03ac794764 a7b11c1260afb21e 49bb08331148df42 9e1ce05931f6e793 f378f09971e512eb 7a609de599db1ed4 0d89f1a994f29a70 48cc80b4d406e30f 18dc5bbb9d00cfb2 aac51ade83998897 6c3854814c598041 9a936101c52cb562 d5fa5f380e575bfb 48a46fb25ffcb29f 306a529b4d8756bb 5ab4ad0c8c784fc7 8d12398642f85272 4a1575135883fc32 49ccf93f9d66fa73 585cfd3adb640225 bfd3640d6c38c23a 587e09cd13295fce 997ed8c57b218f74 cf76c6f806cb91e9 f3f8ba8a26a3a1d5 3b5ddd4e423274bc 6e65af423bf22860 0ef1839a0dbd5975 b2349710061b31da e0fffd3238c60582 64b37f437a5547cc e23ba1bce22f4b78 d4488bc4f89428d7 0f211f8de3c1a7ed ed36a4a96c97c32f ed0ffb962c4e3122 d5003f27e18cd73f c9a0414bd92afed5 0706eda18c313d43 72fe7f2a088bdbbb d826ff9a5b3a8e2e 8d7562a75df1c017 48ed4b659ee334c0 db1d87f85b56d26b 3756d3e9642d712a a7222ad94b39702c 1471d19c08b0ecdd 10a3c10299eecf81 4f2898716f7141c7 d62ad4bd0dc97bbc e5a4c01f8d28e356 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 824-byte msg +Key: 1d04e99ccb179c00 6b173992b865ece1 d822a42bde9fbc73 9315dbd576971917 +IV: 014463802ec120ed 3ae71421a9b8855d 8a989d30fcba1091 f1d8ff2b32271bf8 +Plaintext: a48a0d11c90516c5 8975f2e8337f036d bfc7ab385662fa2d 148d898d0c9fa582 8c3cb0f8a3ccc5af e12b9b8e5ea2ac3b fd1796e8f280c170 829e42a20ae7ffdc 43c414ddc4fc76d4 c970d6bc320ac9ec cff025eadafdae81 c571f21337e77130 51880166357f715b c9ac6d1ab89da1ab baba22e616bf0988 65706187988843a3 3cf23f3efd3bfe6d 6948264ff7447e9e 48dd5383acb01aaf e80156a737b0bc5f 8e68950b241a6532 32aaca04f7e8a6ed 00c1806aa6b7281c d88e9a1b1b48258c ce54cd76b303edd1 ab3b21e0c16f62c1 6ace73430bbb7df7 bc7ef68a4c39c651 851dad26b1dddf73 5d63f28c5cc3fa42 0f6df3b5e4a65f69 1d392f9cd369e7d7 3a2bfec42692833f ce8b07afd0cab697 7604c768385f179a 822710fab7c2d046 75e687f71b09215e 881926f2266edee9 28fdb8050fceecb1 73b0604c002bc9c5 bfb61268962a01f7 137718fd6595b95f abbe8e3472db28d6 783ce639b68b197c 9e0365bea2dd6b33 f50ba47795299022 89b1119c676e1133 1a336b6ae2cc0994 9c354aa2440aa63a b83f9409bf11ab59 493c08e6f96ff1ed e0fdb7878cd5e135 41b486bc8699fb33 e37aaf5aea35522d 74c93db92dc60e2f 53029237ba8ee986 14e8e4b36f72b246 ff23bc131e7dcdc6 91bf76be0d5bb11f f9aac42276df68b0 9d3a2b30077e139d 93a484db63d1634b 28867c9da01621e5 5d5e14f1c7b0a8da 641022da57a3655d 2764cf5bc2195ee4 c28617fdeee0a8aa 04844c4cb6e9ef2d f2d3935a66caf2b1 44cb643a423d04bb e6260e86009f8c96 788632da497286d1 ceec44573ddc00bf 71410d21ec259ef5 1cd12be1dd3d16d0 40ca8f448a33b5ed 80c1fd7ae2bfd8af 362e90b8c6ba73bd ecec34b68da08e81 e4ba2a318115c3aa 91bc886b5f5dc2aa 1bfab6a6dbe2cd39 dfe0f2ac19b23cd0 ecbccd4a35fefa2f 8844acd1bc9c05d8 a90d47943086f291 7c152d6c885967e6 e13a3e37aed7a0a5 edc03054ff66eb60 67d00b29cf8f2bee 4bf3ad9ee27f59ea 4b9b469ff489fe33 499add9d32a2ba6a dda9ca0ebfe3c078 d5e339e9300b5805 b047ad2b10fb5c02 22397b545c38bb20 94014bea086cf956 a14b9bf579e5ad5f 9aa63b8209140239 0305d221860f36a8 13415766b3101eb1 3894996bc5f5a01f +Ciphertext: 07e8bad2a74de2bd 742a59cd9e21813e a486bb0d808e712b 8a956ddac5b17bed e921908c38ba9d92 62108b6321cd5584 e9037f35e0d4d70e b8a6dd292801a8a2 55877394cb4ef7ef b00fcfb21c030c62 cd9c0b70a1502a89 a8162965029612d2 bbcaf09b4b9d013e b86b11ce5455d5fb 1bd6ea4c58f45ed9 b64dd823119deb03 0f51439be2891d57 c47e3a717147efad 127b2f9b331a7499 3162e8adf25c6a24 e6404a448f4717bb e2d82d9cfe59cbe5 d0566003fcdcb8d6 689f46f150f9bf4b 6729894069585963 d6cf0a375a8c03fb 014573acfa8948c2 c7c30098e962832f 160428e67c538ba4 24436067519d4342 ee9bb84f18024701 7bb6172784c09b07 8d6ac5a762f40648 212cf5a7f096b3f0 bcfc383e87a775ec a7b61715f70e14fb 67a2b33da91174c0 bf71c458af877c4d 5d59679a8208f33e 59e124d01e9ca760 5d8176c41ca216ee 994f8144ac170d07 bcaf2e9bdfbbfc1d ea0c901bc8342a36 c9957eb8aaa4c59a 0bccacba5b9d111f e1ee07011a45d50c a2a38630415f80fc 0d3d6e679405df8a b3186e44e36b85b4 7fb8f596e033369a 96a4f118a41ac8dd ac84f2b357079c9c 75da17e388827f8d 70f900a64f655a3b 0fb0c1b102e8029c 172ed8050e22ed62 d1d28d78cd68d76a 5f0df525cc441ef6 7d2ffbd9dadd07e4 98fddd6d5a39641b bb784511212ee3eb df3b635c78c52ff6 49d84ad4aab8cea1 26a75e4c0d35f0df d9bf539d31e706c2 3cca50f15fb49782 b1c1a4b2e01f5dff 4ea08804b5cffaf6 183cd243d9969de7 936c3fb0236c2591 eae4b37df2eb6ca0 491dee981be65417 1cf7925e0387f32a a51652389aa56524 2a8cbfd4d7500bfd bd61f8eaf78d758d 55779aff075fbce1 65d9575830dbaf60 2d9696a246e66298 2477d2b5d1298879 ade9d4d4bfa9f77e 78bc0809f72eb1f5 bc76a934c2372374 760e499200a0471a e1ab81ab8930527e 04b0eeed6a5e335b 261456152fd91e77 e37c0386e9040296 82e864982eadcdfc 90d91f259413f0bf 7aed5a5d3c7b7e0e 71cba24d4375cc76 fe0cafcc8b296bee 7237017bdfb7429d 834803c5b52215af 3e40b7ac28caf315 e592439ee75dcebe e90fb29afeb30a13 bf4db5d584108b21 83508a3af67a8008 d2b89ad80b9b8d9c 222c6afb8ee3502a +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 828-byte msg +Key: e7be37017166a9aa b711732ae2cfb62a c6b976b02027fcf3 1c23786e1b1deb33 +IV: b2e04482f6c4c99a f725b9cf8a1530dd 4c4e4a7ce36a8b34 87577f73c2059ddd +Plaintext: 736171e3 1987fb974e3352be 92798c274ab7e23c 08c710d70d79fb57 0d4096f2322b064d 63170549c5248420 826594b2cadc8619 18a55183b7713541 84369e1bf5254be7 5addaf5a63de981d e3400e23d3a57e3b 9a6c18e18c27755a b04f7d00c63788da 883fc36f314ad6dc 3c72c3256efa11c9 16832b99948303c9 18f4fa48ac49044d 75a6073335508586 15637b5ea2c389eb 15545252d76e26b7 448bdf9bb0430869 a77b454b79d9ee42 f67bfe7677e82ccb 1e4657b45ece274c bd7ef2a3d80ddc55 a824436205cb5a39 68221316f551438e b9c10169308d4eaf 0a33fc052e90c83a 000bca1edf100f93 f2c084e625e6155f 6e2d17165591e309 b314c46cbab21440 3596a127118e5677 1dbd178d0e90ec64 c6f36266d6c42e81 4187147e835c078e d12f9226a32f760d 708195b4b8350ec5 4879aafeba0c7740 3bf6b2e39177ea4d 5c3d63c39bd9b97e 7374c5022cbec4ab 7d28b6890953056e 29c86744ece905a4 5c28dda5037665f2 aefe71207114563e eb6850adcb802132 9365fb499d9ca0bc 5b57c875e2edc390 aa885fb58f1d0ca5 1ca23e12097b13b4 02353699ab7603bd e034ecda41261b81 ee78586a8fc32e09 983c4961cb2c231d fea0e0dd1e6176ce 7426107d2709b5ed 023824e778ed0391 e5a03942177b9995 0d0ec0bcfe444017 9e95fe059c7ed8fb 6f2e8bd35283d466 8d34d65cf750bc43 b9e79fdf5406aac1 e6e97c1ba96dcdd3 bcc455d6266ce9af 1862e8587293d550 899345ed2791fcf4 d48b536754bedd9e 71614999fb928a95 0c9136dd902c2ce3 057a7a8f80cc7ed7 f1e14b90a7594d84 176c31c4d9dcff40 f32889945a030925 b604066d669f7793 c4542b3faa2668ac 354fd3ffc8328fd7 5491a925d700b43e 239ab02ee1f2314f d54dbd1b640e753f 5371f7f0d17c8482 b8335e37100c7455 d5a2417bf9adf234 ad32c7cdddf7bb64 f93a6742fba2246b a67670720b0d9392 528682fbb7b9036a d36c12fc1dcb8344 b012ea9b4f8db8b7 a6c2a680d2ed571e 24ac385722fcac18 cf6466512d701506 ff6147a4d3238791 407fc9066d920921 d27e2e36435f3467 2a818a7414d0b9d4 6f8f4704914ddb1f fd15a1afe2e6f0c2 e5622b4120cae57e 6b2a480cdad1b7d3 8704b26391f4fa89 64edf6203bcf562a +Ciphertext: d5eca31f c92cd2c23bf94fb2 10fd249d5393682e f53aab312d920c7d 6e7691a885def392 b90160cf15cb1433 92e2c4001738e633 7d1d65eeaa877cb8 019b152784b4db08 c6c27ca57b5659e9 4e07c76aed13029c 3062672e66f463b1 68db1cfc62c970d9 979dcc32b18ff660 36c126b3381efef3 09994470fa4c46e0 20c9757dffdfc818 a6e17f953afeaa18 86cf272a1e8d50f4 4e49ef794a612078 3bf844acb5b786cf 73dc201fb7b9a208 78920192e007a445 3f04e4b168a191d3 d8cabd79e552a0e3 c9a34dc76a887c26 21f0802028c8d7cb 231b15b73a7b5bd9 9cd5990e59b66806 a0d688ab5b2e85f2 a2e8431bc395c98e 7748f392d517765b 2a96cc33dc952319 982ce31ba45c8ef9 2ba876c8cae49bb6 f7640d2bc5815da3 0b645d75f3d5e164 7fcb1eae2b413fbc 1e6051ea52e09e3c 11b685732ac2c58a 056176bbbd5ac24c fb07a04abae580f8 29d33c9ac5e8c40e 35596030b6a75506 454c21100acfe5e5 f59eb66ac6e36c2c b300a3e44d78b2c7 e4983634a19cdcc5 849126407b3268f2 36b41592c696db52 b91312e9c5187182 1f5bd5176a9674bf df9eeede95ae3e8f ae710f21525fc375 5b26057da20e4ff0 80568e1580c46ed1 0de6457e913ec620 4db4fda5ce08ea28 61855b2b28b5ffcb 3dd6d13fc95f9810 5a4546485dbbd140 c91e6df1d6ed0461 f6572bf0ce7329f6 fc03af0e17731524 c92da7c66e1eea60 0b2bcca8df612f8b 3da910428ab18db5 0f1eef907b30be37 8922daf2ef46844a 8747050c12bee357 d789cb2716728831 7000037345754524 7a39201d67801e01 084a7123185bccb9 fbe2611e9fe96b07 39cbbbb0a370c0a6 5e00ae25cedbe630 eefa22779b42430f e3bf18dce20ab592 90eeff63fef1298a d2d052777481b820 2df6f930376eb293 471d279ce5637903 15bc591755bfe38d f1ae066d3532cb95 b0c380c9da5eb296 e69d16f06a406cf6 20b4e26a2dd6f319 830590fdbda5ffcf 568ca31c050af18d 509ed85374619b16 d5873a99ab6c5bb4 c775365485fac380 334e22358850e018 dbc9deb72f7f00b8 e7bb1f47046456d2 af8382168a4a85f3 c554dd7bf557baa4 d870221ac32ba465 318edb39f9b2f511 ce10737ac351eacf db88abce39f70835 fa3a5ad4ceebe856 501871e9b1e186d8 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 832-byte msg +Key: c2f620c32605861a c966c1885d562dcf 29506bdafe2df8fe 6d90048037818157 +IV: 05587a3459dda6c0 c5ad3d245be00acf 64e8c27355bc9451 fe3701b705baeec7 +Plaintext: 9319f7794db507e4 86e525b9b29b9110 1e441067dfef84e7 09b2bfea214999bb d401409ce8d5d00e 74d6244c4cd0eb19 c02afebb860ef148 f4cae7207276abbb 30d7fda514842ac6 f747e0e710c63f72 b0633379306002fa 28472162e2894c4f 0f65d59ab80b3d95 77020191e6c7b6a4 58b758a9c72ee087 0ef114b758c9a300 d9717185bcb23002 5ccd3053b6197836 1fed155132c0b277 0d8f6927bd80d955 f6c4796d07c12b96 0e7115346805acb0 6ccf117b595ea150 8cebc8baf7f415d7 ce26945b838058d7 f5b6573ce5d37b9b a923f52e2450d59c f5cbd779ef6d800c c95f6a561737dd4f 79639e7313cb0c7d 3db268737bdd75e2 aff8416b8d35427e 5036a466ab2de286 034294e2db3588e1 90441351464fa9ab 223aac98ba9382b5 c974ea9328ab9003 f919df902558164c 0aa19ed06dec9b7e b658c1095cce6838 9ee1e3e674f90e4e c5b12785da7ddf48 1390b0f8d8fd70e3 d31c27c55c2f1e8f 35453866785f85ef cdd215cae0ec0a5c 13daf1d270c95362 e14c86d4a3fec942 f868911c1c251d6e 7b43506621edc011 72470b651b9a6a84 48b1883f188394d9 4d12940e4992fd54 36ce816184c829ed 989fa3b9c2b6ddd0 7013d30da205a5dd 9e0aec46e5ef4e29 653950c4f0c46c7a edaa64d74e66d5cf c23a0f462bce24d6 52193fccd9843773 724d64964f2ab240 da30f3c6a5f27a07 a4ede5f39a243a4a d10736a60e99e1bc c4d266df884222c6 c5f8fb8eb1a2f302 7ff6fc1bd7500fc3 839c78de6b76748b c390fda78354e594 17cb223858be6948 bc1bfec6c999cac8 d09fae7cd7631769 d74fd2f728a82232 397110cb848d035f c12590fc5a4993e2 20da7f863ca7f2dd 68d68dd65f860229 91b26e4f1c58ead1 f8db5cc671a79497 db139406818b2e6f deeed54d1035adff 8956e4cd08674526 c7070a2bf6faf272 691394038e57f3a7 a15f526323fe4a3f 8824194b30023de4 986f4234d28bd8f8 32a228864b53680e 19f1ad208029016e f5e5b6d47c71fa95 d2dcabe8eba26cb3 9f87f896a0c6b62b af6b8e8c0ffefc16 3a61626dd4fba3c0 dd17ed4f2a86d62a 168cab3b75fa0486 c9979cb0b9c460be be60c62020ea60ee 21e5b17177813fe5 0077e97db2357ba8 d13b809364c558ef e9aa8af448845ba6 06119f57bbd9cf6d +Ciphertext: 60cfb08f512cddfe f7467b0163778aec b0bd1e8e19a28ba1 1240c34938b9a1b7 92ccf5957e8c6315 9e32236787378f4f c2dbdf6ef4aaea6d a9ba4dbac083d627 2a130473508ffe9b f741bca404aebbd9 a79cd9a5cb575aa0 1a0b6383e37456e5 c52c3719046ef250 9d4ddc8547b873c2 9299c7cd3da66fd4 fb1b61ba94d98af7 7dbce0e063a9f4c5 057e16d7ad4423f7 86d976f58aadc250 a2d256c85ec52c77 1efb6c81c0ff958c 88dd4f0d55be60c6 c7fa63617e50d43f 7e0dcef38726b0ca 8cbe65b7d7db3263 abec086390ca1f5a 4080fdf78b86ba54 118b9a84e43131e5 002b2225dcbf7e4e 93b9895e9782d11f 5204b5a3c51a70ac e19d928f1155511c e218f4a8e9b1191e 746c9fb9a4e2fb34 9a9a864f8859d079 8ab313c7a36a147c 74466ecd8b0b8f32 2f25c966900f81f3 0e835bf555c9c31e 24a16950fe4abb3d 2aa438b26b1d47e7 46850ffa45595786 0b65fca2b34439b0 03008d1b9abb0e05 88159db4d25014d9 984ece8f52900c1d 8446c2920a734849 eecb90bba67b8e88 cb8eba7fa6f148ab d03254e14e38798a eac023605ae85fe2 53b50bd51fe95236 f640189146e1a0fc ef9b8458bbddc287 d8fba7238a7b6f28 38c67f1f8023bda4 4973814386eee828 61b07960da242fd8 80616503292f2a40 b35685a612d129fa 7a6750d14f177b0a e0a30db4e0780d03 33acd108ca83ba82 f03ffe71ced75cba 54cbb2677a25ac50 2eb7e35a47e914c6 acd261373491f1f8 ecf40d69ff6171b5 f993626f2d82a813 3dd834b73395cc59 9569dab5229b32db a0d9d1ff58213069 225bfb27446f760d 16c36ee7dc6657aa 685cab936de67fc4 1f6bf8a1b5e733a4 39d4270f6df661d4 dc18a7295c652fa8 fde7c0dd7bdca80f 1b48ffb09f3911c9 8200d706bf95bc24 67003864e7e94fb7 7858b0456e2016c5 7387b4858440f4f0 bc1bdbb99512bb14 13d4962df2d886bd cd05778261e761ca 8b0ec8559e065a3c dcfc9108285c13e7 32229f47ccdc4e4d 0dd48e833f15941f 91910a63031dcb14 42d8a77f61a712f6 9cc991e5e92d2509 3120660e42386eb0 3465615f2be5df01 923d8e2664014014 56e2d7b79c8a5b09 e4e211b9039113a7 602b2cd7f150e567 439ed41b0078d982 2a6755f2a3102a57 aacf149ca06c3b9a da487f8108404b18 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 838-byte msg +Key: 115c653fc043182d 20e23df947093023 0655f23412b970f4 615e08dcd7ad49ce +IV: 22aafa04e3835e47 0e68b761939e09d4 3ecf20ccdba5d453 9f978cc4c3020182 +Plaintext: 727b45e9e564 0385cdbd0882f13d 026418a188f92945 5b8b91f1ec59e5f5 1e49c8784cd7100d 8e5124873846a80f a43c5d7332a142c1 8c0400152f8584af 278aee4819b4aaa6 8712dc6f5094023b 76c2d5ec24ad6f42 f026b3aa5d2fea57 a4afaa94b46afc59 772fbd1c575345e9 015f47b56806f8f0 0d5a74597f3f5d16 1d1fc50423df4e4c e5128f37556dba43 cb7b7c76069225f2 6e0609ca9b9c2614 1b42073f70fde8a7 59221a6753c9a96e 5e7f3dd6043b3e71 98943ba4bc308d78 258037eea3aa1193 5bc72655574f5a95 42d1507d6ce88a94 156ad28fe7e2d96b c4411fb8c2d01238 74697aa86ce714de fddb7d1446815284 6bf29635269a5414 7fed8546d75633bd 2b70df0997792171 19048e4398edde68 25924f3b8040449c deec323fe924bc4a 09451d20e2edc777 1eb349b16c167669 c8b4c44cfebdf22a 69a6ee4c0122f509 954efc94542b4f18 92527807c9e362af debfbe0ea6f7a6e7 a984801526382620 57f4440ef51c017b ff48e1ecb83ce961 ef1b052982d7a8fa 25ecb241604e96b7 d79fbc35cea624c9 ecfd4d093f0955a7 812f61469a453f8c 65474a79b74c8ef7 9eb82db2e6b20229 e2d983066932ecaa 1e659a0df42ab4c5 f2fe1164341a5607 33a55f2c4629e1c4 68444d8a3ba0f792 4d2477259a6c4fcc 5377cfabdea03610 1ed01a4cf4f10ac2 06a6713dbf39bd87 97d5c13794f558ca 101c4cf5bec7763a e89f26bafaf4c54a 4467b8c8fce688b0 82de40eae8ab17e6 b2544febda755dac 187c4a1d60185984 abefead3fa909e35 98a8bce7a078d449 c086a2353c93348f 36ce4f1d2c471099 c2a6cf05c21d483f 619bfdd5c443d61a c21c0b7aec0a430a cafdfe63686830b1 11f52e075b77cef6 641fca5d5af46682 417d5362f0c0d246 5d711d971b6302f3 2142d180cd847881 299ded276c72cca9 c4114297529f296b 769174614e20ce88 79f67e19212e8e08 387b2cda01a750b6 d3409fbe1a8e90a0 9ec7cd670886dc98 a27afe7a5e5b57b5 1a23501e227a3ad2 f67234824e744e0d 5c7bee54517f734a 2235194a8cf51cae 56fb219dd6d3d124 b60fc788f83bacdb 3813a0ce31f3dcc6 838e9632b4e3251b 746d66fc259a5ed5 9a7f217b1fcaf232 baf8ab7db1c86035 4cef3fd9dc0dba25 fce0e9e617b7290c 2b2a0a01cc096839 +Ciphertext: 14f47050d145 2588946df7b6c27d ffa76dfc7446d455 0c5f33c2a261359b a4bebd7ec335dd4b 5b514dc3a5a9107d 4e06008d47ba079b 34266368237f6891 e527ac6589b37b93 4f1af48c5ff67210 ae4fb01570a39bef 7855a98715419b5c 193d6f11e0c021f1 5f2528b91ba5db37 dbd37fd152f92eb5 81172874920835ea c566fa62e5e1e1df 418413a59d78fe64 daa7f9156bfae550 ec76f9df7189dc66 c29f073231fd2248 638a8ab2e84389d8 87742c0f6ff538a9 468dbe1668cf5aaf 8c6e2e59993ee2c0 e26799423de2057f ae3045ecf355008d 8f9742ac14e8670e 99c0d7b4a895bebd 0df4e7383f7768d9 2a768bf145f5b575 33daa548cd226579 20553108d399499f 774dc4a8afc90bac 59f1c9d55642a4d0 1b5f079ec2ecaae6 cf6a525332c34b62 217dd2e8c595764c 3c7e6cf4db630359 b96b04ea064c7d27 a27965d2c91a7122 1a30df0848c74691 be65b8981b515869 a0bfb04cb520dc87 b676466c80079443 be634b55da50a1d5 f5c889d655f22c67 2545ba0714af9c57 63c1bf44f2e67e9e 137d940e332d57dc 52f66b756a747424 cd4146534fcdf706 f6e2a2472d43dbf2 bebcd0c3f513a823 1131371739c5449b 7824648a008249db 60701bcd414a91e1 062a488b322f49fe 9d1ba5ccd0f3cc4a e1f40d31ff708f18 0c00172d5475cb81 19e2eb7deb4a59d3 099040594d936438 10c3dfe6080ca719 2029d9bea7f7f69c 4a847991bde94303 0b214d714b32ebf0 b2c37400e3e37e1b 7496b553130848b2 0cf5111239875a10 1d140445a4b72218 2e9c512a835a1b9b f54b8ac9aebac7f1 503fbc23f6fe1e45 41e1e7a3bf8289fa 0cb0a932bdb1443f 8da40bea2c319f2a f0b541d626c781a9 d684ccfae38047b8 f8c013cb33f3bb14 0d00ffafc60a6c0d 752bee80391f6eb6 d5d4b3cb5ab69438 8f97120844ac1409 64f2f3554e071e64 cfa330b5400438ee 2bff50fb07a89adb 5de00931f77eaf1c 975aa0c0b9e2b970 81790f44f45109be 550c88422c3bcbe0 f56602020c9ed4c3 95791edeaae3be8e 2ed5b1745278cf01 700250f29989dc04 4514afcc106043ea 16022425c3ab64fc 3c50f9ba097138c6 115651d88e572378 60bc43b67b7fd916 c902508ee3f7b90c 25ad6f503cc318bc f7cf97722836d62b 85843aa4b4fb0f79 e6e28f2107c390ac +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 841-byte msg +Key: 92d70bd8e745bf06 bfdae80f5b23f477 bc7001b5137af2ef 7949c206e05519d2 +IV: 49ec1daf38d38b38 65300652b5a7af6d 68c4f5069499af70 d2a868d53703f978 +Plaintext: 86 b15e3ca354c26a4b 09dcaf03907e644e ad6b1223cd6a369e ed9841f6b802e3af ef7389110e8b25d8 2d112d2d248ae6d5 f20be2a9604bc746 e1fc5305bd5c9d2e 6e079e684a0fef74 634ed41bacfb7a65 5d7c7d0c987bad30 4c3c124c5a2e2e69 f6c0819250755387 743badb66ff9a966 b467eb36be2270c6 f60087b4d6a01cca 4f463c7568e6d679 297fbfe4b7abf940 c073350d1967966f a6efb8237bdcf1b7 4042d7fbda8a02b3 48c3138eca39f45c 4949627bf373a992 26b1af828f07349a 935c580bed885e9b 99aeaf9df1cc2220 17907a67926e3199 3cef74ba5b4c6eda 0e3bc98ceb09729a e6e99df7748c0af5 f1f186b83f7fb4eb b1510db127d126df 7a8831681a34c719 f51be5869ba03444 a0148d5842cebcf0 4c7e84513bbee411 9eea9986c332e47e 8fed8d30ae302873 eda0972ee384d010 d71fe181de3c31d8 440a08ce2d2a5132 7c079fdff4666fec 9d3ead226ac979b3 18db2a285973939c 328f8628a245979e 8410227ab6689015 7b95d51c1ec43d41 d95b6930f48a94c5 31221c7c68ab3d29 6fb11fe93c5e1358 4e4e1904499ea722 e046a580f7a9bcbb 096bd0b2c883cb3a 04919d14ce71811c dd1081c2317e3cbe f545e700aafa92e6 8211acb20af5ca3b 0c59a4e3b4c860c8 f184143f1e8d867e e200369855a29eaf 64bdb864762bc193 50b03d3e358d3bc6 5251da615af30cc8 6e1e9a303fcc687c 7616fbb1544a38aa 953f6e0d9be5977d c820db112cd75605 60481bb0b19e79b6 81c57d7feb7db7e8 a6ad41382cfafe55 1b992038db61ed9e 8125c200f34058c6 4d7146b884eac7b5 4aa3bea731f4f7b6 1263b0bcb0bb58f9 995e96094ddb8d12 a2c35f4267b9ef79 48c9ec42f1fb0b08 77279387f30a1f80 709a9fb10797a104 4863cf07dc13b89c 69c6d3f2b635c0b3 108cd27fec79cb9a cd82e6e1689b1b03 06f89eed2b20a986 75437b9dc6cda11f a63b748ee22de3ae 79bd7282b9108376 a62ad4de9b074a9f 34e7ed2c6ae933b5 00db819b1f51ef26 3df44c7a431d62c7 eea37ac175f12350 6d5b3088eab200db e815028de90b7769 dfcf7ab34beb3e5d a708987d0205bdff ea464c978e4f8ffa 2491fe4e898304df 27f506131ca2a2a0 990434fc876c9f16 71514a439ee8687b 7df67dc547e31df0 df0ff784fd6913f8 8b3d58254f4d51fb +Ciphertext: 0c 76e44d95317422c3 d3405dbc310f0f99 9a30b30ba5eb579e 40aa4fbb94a3ccf3 a3caa1eff46474f5 f294a6e6ae32ebd4 8e6367d5c5ff5a88 4644985d370d3601 80d39e346b31cd71 4333ce5f5dad902f 86f818b3135da6ec 5f73fa7a8199dff4 a2521e1e03996513 51287faa70733d9f 2a502f2de42d0d4e ea396078504dcbd2 aa91f5dc209e1b98 5750dfc3e2765e3d dab46589c31c4049 11d335c6cbbf17b0 ef6395eb20792c54 a52d7a53382241b5 a7a67fe81cf47db8 3fb7d2968c9e7c26 62486e3cbb68ea31 440132137d042064 fd59a3e12990bf02 495b4ba206aed21e e3d892b98fa48200 4ed32d49019645f5 2af62b7daafb144a df171b879648dca6 54beaa18c0576c1d b0964f4e483e1907 1ea9409646016f73 9e20043228daa1bc 6eb4ad5abda11cd2 e0e88b7291feaaf7 9e5e02933ed14563 392ff4f4479a6140 8cf837765f585d0c 52dfb221fb663c40 d3a6e32bec7c4e73 cce2906216e04dff 0bdc12bf4af73404 472564f9f5746208 f71e41d43b466345 61dcffe3d9fafcd1 2e093aee39f40ecc 547f61b02e36719f 813023790eff2ad8 4fbbcd89743ff90f ae3bb27ba718f7ce 44b44eb235e7c621 fbc11800fe9f1858 0c820a17aeaab0f7 5b6951380ff835c2 6d6e881c5fe8bce0 15bc92a8b6da0505 b89fcb01b40c9ab1 0393927c5282c4e4 5461fd924d47cde9 5c7dc9de290b747c 6d7ff4550650851c 9712f7c99d191475 a24df445efa76f71 ff057e42c64d7056 8a253c8c8a387ba6 dbda12da8d82ae7c 2e2ab6343426ded9 1ea412589a592661 3c4a07f797d6f316 b50f03cc0a9bcb21 7eda4ed984b1fb6f 814ba2603c1f2bf7 078489ea51642733 a9fe76b2203a345c dce52da034f7c75b 2be7abf639c00dfa 49664cb5c6596550 7ef02e31923a7e6a 8af03579a03d276f afc51b77187e9389 8439035be0790db1 316079cd88b8991d 85b5044c5be2833a 69f0dc4ddd1f7529 32c3b1615d2258f2 7ee3b71366eb73d3 5b345a8de53e6a3a ec6be338c7a2a97e 0f838310a37e94a5 5c388683bd6a84cd f2709f01c1050a6e 98830507dad29ce9 660718aeeb2cddfa 48f271679757ac25 546806e744c98554 043f74b841d331ee ed807c86e652eee6 f3c26c31fb80b6a0 6c2faa28cbff897c 0f43d332edcb6757 c812134acceb7b60 76f27c944c7e5c80 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 844-byte msg +Key: 24317361a714c4bb ed87da6a504b04cd c456ed35681bcd46 5b0be0a1d15c18c0 +IV: 66090f20b21a3fa6 1d25753cf41583bb bd2a350dc8418793 075615c41f47d317 +Plaintext: bfdafe23 310253052f5e7e03 f703d56fa27b46cd b10d8e38e93fac01 619a969ad9ad2ab2 4d5567a2ca3bdd08 819d62b11a5207bd 4a084bfda8d18ea0 bcdec80f59897a15 2d99e54397c27b93 b86c934bcdb66024 bcb924acec11a1e9 5a9ad03fea77d693 fb5934b13dfd3eeb c7f7ce0364af394c 2ea9820b5f09ce23 635618f2327e2676 dc1abcb465f40f5a d4c67ca387457a7b c95ecee4a7c0fe98 ff9a07efd9a65204 fa66e513b7aed726 086206f1dd810cfa b5626efd6c3e178e 54ef050088f74386 7dc41798da337c98 8a52d2b60f6ad511 193dcc1e578c024e 8ddc7aebe77adf43 8dbdba09778be8f8 831e4ab9c408be07 1d754e110fb1a820 d0eace799d360f85 50d8362f35bf018e 1a4fd5c4a564af26 eb945e9d3db5f04b 459f6a725333bc92 f19df3d2bdd5b1a1 786cda9d5a8591b4 a822638989a1c119 1686b49eb07accb4 96945abab6d8de7b c4fdc30d8a744afa 7fa5c59e9a7c05d0 682415c55d122930 6846d1aec9cd7262 278bf7dcdd37c440 96a7eba4194ea3b9 6603f6ae0103b951 8e3ac1789ebe549f c99dded2fdd8e5ce 15af3f63ad1f831c 35aabd224556665e 30f893dedcb26c7a d1bbe0b78f5e97eb 254628a2fff88d41 00a1d4e9d112169e 7809ada92cb2a23a 676d65523ed2c1e0 eef20e2bb7e0a96f ed71a1cb4c3fb35a 8cf479a135c5de29 b53cd56caf3b4bf6 973e59c47ce0bff0 24a18e905ee624db 94415d8da0f3088d e0af98cd8da11c72 48af7236f6ffb70a ceb901ffb00e5166 b979c336144408af 134f163d7e0d1e9f 2bcfbf48ce457906 134164e1eabf2246 222312653ac1c6d7 74a2b8842a8538c4 6525a9c4acbaed2c 1ac21efeb4017fc1 f9c7b2e0ba712b4d 2b32e4693b145228 213999703767fcc3 0cc4971eb4dd5021 63ed0b6f3b5d1d58 618703b656bf5514 8594f51618538c15 10cd3709955a7dac 8a1e85dc658b8541 3e277e31259027d0 b9bd267cf7868668 4f676686fd81eeab 96e188eee1054c51 e99cbba3508eb1a4 e63c956b7a09d305 f1198c5f95598c65 afbf7c6c57d358cd 8b6e24d37fc1dbd8 349aa9aa4ce35934 1d6b115a04ea3d24 fb3fc91f6efb9300 4b23208b59328eb3 ca5ec903131c023c fbe65d40f23cea2e a5e9d7cfcf87e431 5245169186e8b07e d1105f3c78bdb567 b411d8d809587ccd d3450e43227e32a7 +Ciphertext: 617edfb3 7282afe44edecc44 58815d4ea76137b4 661cb23b3b5094b1 accdc88b0d616d26 f88a84584a40733b adfe82e81e2c8fe2 0acb3adf0060a538 222216ba67c30bad 8fff73bb29e302b1 3bd3cd5d7b93b8a9 643886b83cd0ca12 170231ab42793acf 0f62e436ba0c2adb 8f5382d83c3c9ceb 23f7e4f60c8d9939 5a36015587dab265 23074ac579f225ce 8eea7b274ccbcd39 b353a98311bd3919 bf1d602747e74372 80c2f0aeb950ac12 f85dcc8110fa5086 5751d81274ba7c4a ed80fcce1f80920e 0d2578caa8b10b79 898e2dc9cd02fc92 6919de2a4ee42c94 7e07cfaee9e82dd7 a8f8d57d664aff8b 1f53e43438665c70 e36a11c81543efb4 866448ead843b91c b920c3ef681ae7c1 f3d5aca9d2bcebc4 cca7078fd59a70a0 1891726b0b888035 83dc9291b6ef3026 68d93aedd7a456fb 9ef627ef9308992f af0654d41cc43d96 93067f2d24a96421 085e844f0b56b78e bed97eb31c33d9c9 3d452549a1caca23 7d068d37253f08e0 df5094aaae0a23e9 bdaeab7c5dea9e95 7884ddf3a6aae620 c6472d33ce929dce 17ae25459422a4a1 26353dbccfd08233 e6f1688ccf5af2ed 038fce88f9941e53 975fe8ccdff0440d c804a660b0c5eb35 8f5c36002e29c82b fefc2849c5f5e26d 4e2261c3aeb957a9 94fb032258eed866 eaf4f7134ebbeeb7 6eb7022f95db3dff 1a78959c5c23072b 8b8841007e1cdec4 81e0f08e764ebbcc 25156e8a65703c01 a21760616af262d6 b3a871fd4f7ec763 fd7e8cf0d6dbbac2 d3264c110e1bcfb0 8ecab6a78e207534 012fe5b8f32c6d17 6be401ead527029e 5e5001f0c955fd5a df8552a4b7908d49 a333be31c0ff5842 100269f9082d9bf2 4e7b52de87d0d38c 52e76442950bd40d 151416abc39fc600 e7afd77e3bec62ed 53589133bf6255b7 a058b04a1b519456 c270d958055a3251 16071e42dae0f5f3 00dd7532c4f5fcea 1d34f8f8dcc49d94 39bf794b5116d2cd 5e75cd1fa1c4eba3 e9783235cbba18d2 5765c9670b836904 c985fcdce7731ad7 cc72f41d01f15252 251e34601ccf4cde 5ea812823db3c985 b120465c7bba0052 d3405e98522c9c29 8387bdd12c139fc1 346adea03c24f121 cf6105feda9cbdbd 8f9a4511065973d8 8a224ddd47e5d822 5ed3e14e4ca7bae7 9a74c4c20589f760 08b4c63159276d0d c3e9997591657d65 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 851-byte msg +Key: 5c70aeafeb2a8270 39d21e22cd5afb70 75ebecee45d946ae dcd7450ee967abd3 +IV: ee95aa7c44e504d0 608a71ba54d84156 98fc424c0bebe45d 35989b3bcf6a859e +Plaintext: 85ed4d 94fac84f180deffd e75b19818f0475a4 c9b398ee08d8ba0e 5238237d4fa8e05f a015baaa71c86989 52e804034241bcd8 0d43caabd94ea666 fb2d7adb0fe0d6a7 479ea55c031a60df a206810e98d53ba6 c1c66864f61ec36b ddb457e605b337ee 329c70aef58a3cc5 80ba78ebb94a58d8 8d415a6287d078e5 a1d8a2e75aab6bfc 081703e870a16504 940ed1e3cc287d34 18be88eab5ed2f9b ee9e43263550da99 721846529be54364 8509743cfaf51184 0b44da47a7fc4f56 6d1022ebbf29ed8d 18a521339fe03eac fcb34a3e6a3b7c8e 0ddc38bf878540de c635287e1fbe0a9f a1c97cd5a31abfa6 a01539334581251b c78d8a9c7a1069fb a0153b267e979b99 b6893f7ed01a2c18 1a362a61b25076f2 e15fb824aa263475 a3b9442d043d0641 feef52774e68efcb 111f0611da2fd6dd 025aaaa03f4e0813 78282cd9d837b560 22029d08448c6e87 2ed6b38ce4a6ada2 d287485761114d9e c76ad973230d0ebd c9ca0878da0e1313 19651b17f93d640a fbed7b9336f66cdf 378835420c487b22 9c507c113a774539 79d324fd417d61dd 2294299ae985cb9b 71892790bc6f6255 429bdf19894f6bbf f629b884e3ed0de3 f2853bb6a046d39d 1d7596a35b0a2d1f 64b31bd9f21cef6e 396ebef60816d0e3 10c79a2c83c2ecac e2556cc510a14348 aaa116999b68380e eaaa1e99d77e13a7 27622c47bc807f8f 6830903b03bd0c98 bb6cbaa1acbaae67 b1e6c0b679af3cf5 dd5fdb4e7008f20f 580eea505de5f0d7 401ced384e9bb940 34298c941531b596 dac58e88cae3aff4 5af7624b46a257cc e0ba99a7a892c163 1e7b6a7dd48ae452 c79c2d3eef981c06 15f4e073e57ba940 444da537e4272e96 15e442b7de4433f0 4ced9fb90aafa30c 320c4c1263f84efb 14ddf92d27e268a2 c16dfc8b5ae6093a 10bfce3e41b1abd0 58488e6ee7a1afc5 f7737dd49c4cd74f cc1d804170f9cdf6 bc1aa118bc259b18 30ae8ecf9aff3266 9515197368ece464 dbfdb6214a04e9ed f706008da493ddad 6249357fa49940a5 97ceb551b64af5ab 991386730d8fc4e7 6a8cd3e72183d857 951e69c52cf7424b a5a339b7acef74ea ab69d97ee423c6ac bdb3026c5a7ef4dd 713713e85aa29e20 669e8ded7262c7ea bc07958bf5475703 97847665780b9909 a09b1c315721beec 83c6993b312b5873 72f3a4e26883dfb5 +Ciphertext: 686f2c 2101808a7ab032f8 a6cd2a78341cc22b b347c33d626a4af4 222d87530f63ac41 68ae7ccc1175f11c 817d7655531e3257 7992cf1bc7bdec63 f97b2550e27eacf9 33327d8580a9c213 56daf255960beabd af99fe87c4889d81 50e1b4a2f9302e92 61f8a32e38c36efd cf9e9400392188fd 8c7dc8b183b87eae f5e41b75fecdb811 1f0f188575e25132 a59b48ebe8d85f34 93aa3e90329ec651 23cb83d689efe8d0 29472488df7f5eb2 090074ddc98e656a 289edcaf1b6b5b20 cd4d038bd0bdef0e f5b6170b97f172e7 ad6b4603f8eadaa4 078e22d3075db4b6 1867c0f73ce8d656 d3f588d06183c64a 9717e0a52092e95e 5b48fca1feda3464 109b3eb5652ad62e 23d3e9aec0921971 08c8f71bfc1541a0 0470a309695d6fca 6d2b45288edab9a0 5b30d4923a5e559d 87d3a227603f265f 2c3f6c350ccedadc 9d003ce0cce836a3 57e1a2fc2c999bb5 daa2c41737c3b9e5 742b5515822e6c0e 1766ecf7392a5937 bfef6aa7e28cefd3 23a9b9387300e852 adca18ff971eb95e 1ba7daede699c0d8 aa41c5b6ffca6edc f9e803c6e9de5fd0 ea067ab797bfa6d8 c34df9061ce87c2e 6f1ae1c17e231fdb 9a22e4d36afac487 a3793b9cc9b07840 5b8f2afb38c15801 b82250de7416cfbc 399d5e1fd6c59116 e1e6626e3125d933 ced6d90377651970 7adfef745705e4a7 899bdb7c96448ad8 b9425d85db1615d6 eaa52083003c01b7 fbaa754b8ba77218 7463e8451ba8cdbe 06c3cf79b726b419 3b195841156c85a3 8e28b49c13d65e00 26a3c39881d487d2 4bc9858ecea96f7f 654572392d437f1f be583bf768b886ff 3272eafa1b65b669 fec74fc60926fe5e 4fdbbd4070f12b0c bab81ce6e7573d85 b1470a52c1d143cc 1c942fa9c83492da d726891e8e5981ef 1e438b25ae6f6d17 9509984372d7801f a8bb0b21b20bf11e 8b6bea2d22f09d69 05b4c7fda20bd5b7 d009e008b43bff37 3bdbceb989c7e3d3 ff4ee995ad837780 d5700cbe528b6ad9 d3ceb6fd4fae34cc 361ca759698f59f6 5044fb103b5abb5a da043bdb14c953d1 6198cd59ff9c9060 c89cbfc588e9f4e0 2b75b01d0eb3bbf3 d893c9639a26e857 06128375c7c7adaa 5db5eee7b2c1439a bc7f04c68b655ee6 96a1f0a95181d1d9 2b83459722daf4ac d94d960f130c5b89 57bed29820e1810f bb83fcaa9524af20 b7aa5c14b387aab9 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 856-byte msg +Key: 1519a2b32fa1c752 6ae84bfc0877a323 46e911d38d4d7537 eccb665fc68b8140 +IV: c8d201fd1e6e9165 e7555ebce6896fbe 7a3e39e1d03f6edb 578e1764744ae23d +Plaintext: 78d6bd71cf38a3db 79bfb6e8bfe98f9e 1e83d2dd881205e5 cc72a21952bd6a03 0b6ffd97a8c7a8bc 0a707e08fa60aacb 1b0103501c8ee15f 32c02f06c6abc29a 6be2e9f812e24610 81aedca501b6684e 57fdf5c1f67bab50 73c1e8b439db920a 7e7aab1b765325e0 c6c2f8463bb3732e bcc2cfb87da10ac1 76baf3aa1416815b 2e7e68883ae0ee33 c1f4fb73101e7073 3197babd19c8a7b9 23f67870bd243796 61354bc8c8524912 5a8b0db4e8c10a26 9dc3de5932b72940 62bca08f9ecd5dc3 01e879628670dd84 79d155922b62e74e ea8f62133037395e 1b53928e1dd99be8 f5e01ddede045391 060cfc9441caaff3 ff436f747c107f1c 360477f5a40f980f 25625dc537d45241 e985294393c10b1d c4272c037c0aa281 9b17774d9a38fd3f 79b9619ef8aa839d 0a840525870fa3d5 2182c24899ec4b96 33d4b91d671c7181 d92c52f18b4c8eac 5150b8c4867b1e22 fe9e58cb3b802162 e48266ed72839ddc 2d02584757821a77 a73369a8f9ce240d 43c11715cb8ccded 976ba54625352858 5d849a26c416cf04 f273415746d05f9d d83427adafd9f63f 35d59faee7f9bbfd 51fa41193ace575d 1c59675bd74974da a53faf1b512f4561 a4097caf2199fed4 f2ac74a52174578a 0b2d033c12010ecc 9329d7e81856625a ce4f63d139db98e4 26e15c54e1ce7a91 a9373f8061c0d37c 883cc99b6b15f432 99ee7c9b98883235 d6e221ade2a5657c dcbe41b12b4d6bf1 6dbeaabcb435a3f1 ef30f095a66873d0 ebf8ea388dc0c353 8e0c3156d7717f33 2bf8a5d35a7f19a0 b75be747cb4204bc 4b69df7e48e93a1c a66738f8cff4b74b a832df69c5b8fb47 d9b8883a70df8c01 e07d2a067ce672e1 0c187e1e7a9eba40 ceb483055cabf4ec 3c8ffcf5fb08b4a8 907ef058928015a9 a8672a504036311a 84c5b730891faa99 ca286b00d68324b8 45b25cfdf07fc87d 629b64178986c3e2 b1aea371b4dbc555 6acafce467188339 e663937c00ab3564 22fe56f9bd54199f 3fb8715043a8ee29 04bfd72818917a34 5bd7c05d29cc0466 d0d625804469da59 152846559f4ecd1b 814d255450b5b0af 8c560929d2a9dd8b 546cfc34878daf18 1b494d0930950936 c7bd0ef1764bceb5 612a9667650b66dc 9608019cec8740e5 3962abf35e454a7f bf57b986f41c7b4b c29a909f49ba4a60 7ef25c40dc2134c7 57ba8b9c92253a00 +Ciphertext: 562c40216dd33ae0 b78827128c46125f 2b9dfc9e82597dec 3c8ff5763a090085 5ab24dbd42265d97 28be502aa5384dc9 16f7495d774f22bd 2a9dee605d94255f 724de577cbf56493 3dacf996187ae615 07a848c38bc3341b 6fe6ee2054c19698 3746933508961056 675f71b5a5f52581 6d484d0b855b5bd1 4d7fd72866adccba 984321c0354891b3 64ca7fda54d6cb80 e05bc87b8699dff5 ec2cd7ce7bd7fb38 43d86390c0db9389 e41346f70427d338 12bca96f683945a6 d02b10881c672f5f a9b65277435f216e bb0a8311f9070796 bb82fb2580e51f1f c343e0157264bd40 b596dc930d32e2be bbc7b164d9bda314 ae63763508eb1535 2e3802c9d88891e2 bc2280876a3fd171 fd0b68c613597c54 17c648df268ef2b8 735b6cf1599bb241 8654c79f64e28b57 92a14ef3043795f6 972de971c39c99e5 6e283ea7cd7f6aac 8d6828119c5fbbeb f56c997573e76bfd 3fdf91e126ec77bc 2d7719e3c26462bf d0886fbe2a173de0 939d7f8bcd0400d0 7155adac0fa758ff 3d7e0bbd7761cfc2 092a3db224086085 228bfa02fa6c03c4 6231ba31e9ac3329 9712b523cdb39e49 219d2f8c03cb4fbc e05520bb4305900f d2fc800b87fff47a b22de6542a9e39fa 63e062ce07c9c0d2 565114d72c8ad131 2918ad97e736bcce 8ede07a5b85856b9 51bf1e314e90eca2 6c722a81865d670d e0ce0469a64d829d ddcef62885da689f d610254abdc68d6b 6e708ea2510687ca b1aaf2a1a6493313 8f082d4ef6a5d15e 42a388c1d836561a fda74e1310a882ff 4aad73da113e15d7 8d8c2a97e37b63cc 07138e84be5d132b 71afbe818c773eda 9b450e99ba099a28 c21f60f63e2b14fa af11e783345e5607 1dab033d820cdd14 dc1f53cf80143134 9c391c05c13e88bb 8e872fed4061daa9 8763e4ee7428ab41 fd4325cce12339f1 3d08f35ba2cb1271 5f2b5ae3e6a379ad afecbd86d45794e5 c220d3876e26e418 2ee9fe45adf9da1f 793f4ddd2efdde1c d143133ae4f53ddc 4b89b428be2c41a0 68ec677bebb1f9b2 d9b26d48086499e8 e656cae75a1816d9 5266ea67fad828dd a31f3332e554e149 13a862965d278c25 a581cb8eb4132dfb bd2d4d2eacb7eebf 28e26b84d1255ee5 b807ae91b2fe994e c5edd976c364b485 34cd2b1692104e9b 7aa19acbbd0f9ada 8090536181028b53 b7873daa40826b86 7dff1649d418fb23 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 857-byte msg +Key: 624f9b31f0607b97 ed1f5ae67e2f1ff5 7136a8c02134c75d 9a138a32fe7fc066 +IV: 28f7b8958e244cc8 6c6a1ea41fbe22e1 ceb75dfe50e7ec33 4a6b47a898c1c7e4 +Plaintext: ef da6688c070c73d5f 9a76eb649e702c52 06e60076f63ec212 bc5b5abba91eb500 1f2c724cecf2de0e d6e723167711bc42 4ccb2c5b08c5f03a 2e4cb22fdeccbfa3 ef93bbfb3fd794c0 47fbb4fdf30e7be9 b095ecc6c68aa609 e8a416bb09d9ec1f 7222cb95127e45be 153906e1b86e4f8e 5bcba781d794cdc8 13eaf029d24e22be cf610be20cedda51 6729818a6e392278 74f5c452e5eb4bc0 d6a7a73fe0324bc6 2fd8e1aad62e3cbf 65548ec0be78dbf0 249bad0295980a36 5a62a3c6dc8d4e80 b910b6b417495150 3941934a5032623e 9346c95991a2f075 c6a34c856d671334 9690f3c97844034e 0878faf1cb6f9faa e87d801e8111e7c4 43f30a463cc9822a ede0feb1a12939ff fd82297dd7377a7c 4cc93a1b0ceed66a f9d845cff1ba83a9 e78941343900dbad 3de68ab61d93dbfb e6b15f16db40a4b0 0fdc65e93343fefa ac122219e9cfd09e f32c8363458aaa70 dfbd57d8960f3bde ae87d25caa6bdb66 63030b2a58a0021a 45dd7e4ef725cf23 5e758b29e463823c fd60f4f0ff3a0233 35e5632d2e7a586b 5b80e23dda6b325c 8c6261d06d456111 25ef346ddab85ba9 493e92eb1566bad8 5e9d17f99664bb63 900b4297dabcc0a7 4dbcf89ae2eecf12 c899002cb36a10a8 76bd854ad418537f 93f89744d3d18744 9e50a940c0e344b4 d97b15b8b0914224 ca6794f73c90e0fa bdb2c6a0ff8b9e31 4032b0271c9fa3d9 a56e3956b5e03994 8323acca75d34b1a 35c0397307f2eeb6 5aea73179c2bd5c7 53f9d4d06a61db40 c879358928e97d28 24aa5685920e5d1a 14015cd8eb8ec1c6 0ca54eec761b116f c2f297fdfcdb5d6b b1f9879d49e8d4a7 97fed231afd04e20 f8f80f738216c46a 99153aee9ab0d22d 05343385d4873ca3 0b693cec91fa661b 3e7c7f2c355bda7a 746a8624a970c6b4 47e3c103daf37b57 98cb04cf3813f001 07b906e138f13de5 7b7ae466d223204a a08f9be003357b0b 64aa91a34d23d318 7a360d5832e0d3f3 d8ccba7dbdd2c835 38bf28e3f9542207 9a914b2f7733f9a9 c07bfa5acc3186ee b0e971321185a5bd 36fbd0d661585a92 60059a3d5f4949fb 001037afaeeb3c1c 2e57724b7642a12c c3cbfb7fe64a0af5 de90e693ac70ab58 637e2a1f7f16dfc7 77a024909613a3c8 06b811a82e311a79 3eb997fa07ad0706 114c3d72e7bb5635 b64beecb16ff94db 28497a17e1157163 +Ciphertext: 71 e8d517909d8f40a5 6eab660bfc86b47e 180f7bfad47f61b4 5ab5a47f7eaa4ed1 a276a30ea23dc297 e7fb65d0cd50ba36 57e6805939040aab 7792ea0d16105414 5c809124cf518670 b489e3ffee5f7071 50339f64d74496a8 17f4671609ea4f38 7363455088bfcba4 1381ce126cd963f7 e28c2e237c47a045 8343905ee7ec8a74 86a6412b37c5fac1 a19022a1961514d2 4982270d1299c9d8 dd28e5af9b8b5d28 c1edfaf526de8663 ecf92d4876ed8ebf afb54131abf6b9cd 648b3142246b46e7 f070fcb9fa98d8f6 f19d9e3431ca94c3 6a2de01038ce896c 3d6cbba1b5d60b73 e8d49cb923a15b54 366eb832eac9f945 6ff7cae5303a0101 246c7226f7f9c422 00603660d9ca7d9f efc948f60b2afbcb ffa4aef4c0996576 a539dca6d086d526 90b9106c7e7b047e fdf3b79e1af0eca8 cafd31f0bbf34ae1 0fe4b7e266e91f98 dc1f2f1b9eeacccc 688dd5d6a8af1b6f 7a735fc91170a5f6 f84f6b5f249848dd 4bc7439de2334baf 787d913065aeffa9 b62e75ee9ad97a27 7f58396077f7a57e 77a0df5460a2608a 9ddeb0f7293ec1bb 980488308b84f9ea 12b23030f7e74a90 1a50ae20c7cc9296 ba8a061c61a3a18b 9bc967ea24c9f45d d159fecd80c5e885 e97d058a9ac3cd63 6f23140f6065b789 38b561bff1d32c00 3eb90785f3188bad e1d45664218dca76 6bccbdd2ac5675ae a047d01e0dc7a250 14bb76bd61809b4a 86801634041242d5 39048d5447396424 a09e3a4e58ab9b07 d9cf63f4eb67cf52 cc627f7b698ebe5e 8c60607d33f1c39d 00b71f40489016e2 8498ecf86f5b969e 5330285af29ac5df bb3f6eefcdf2e924 ca185d8fdb3fc214 eb0dc45dfcf3fdc9 4cdad722558682f5 7765a983dfec296a 0ceafd05e8c921dd c0f791b74ca0d27f 025fd2d6676c1ede 46a257241bd13b25 35adb22e6402a629 b5b95aae003b234d 991015ae044d6e94 6f2f5329df1edc5b 9da4293106b58fb8 39b600bbe525a737 ef6ce5844b079315 61c63c6c1a565c17 a4553e0a637017a7 aaeeb0f98a61bb94 a85a3527a96f7abe 1ea912c74922b198 8ed1f34ccbcda15f ce4fadfc2fda47f7 f083a071262bc95f b7e3634e652d67a1 8e987754ca0750ab 72d8fc8d7c6af33f dc781b153a9e49b1 f851478112331b95 5c09253d06471a54 7a89108235e34bd5 997b8304cfab2a03 f5fa267cc3326413 be090a79dec1fee6 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 862-byte msg +Key: 08153a180a454e31 02d76f90e089ae11 e13ac2a10e5aab50 079f95a8fef9fe3d +IV: 06c91b868e4e78eb 285fe01f90607cb0 e96f3edd49de81a7 78e6e92bf599912e +Plaintext: 3a1965fa4108 cc69473f8b3fd0c3 e6bcebf40772b708 a45526b8dd110139 63a02d6edf1b2c5c 92d0e6de3896aa9a 335d7033e50961c1 5e81997e37022bc1 bdba653153925632 114b8ea4b1cc25cd acbaff93a04a4def f553579ec0a87a1a e7a46cc88706c873 92ffc6f9bd8a4944 99fc207cffdc857b b2f4ea8240a8f62a 2987ca9d43208805 5d17164523781fe8 424a5b56cc68114e dd8cda907fada7da cb8b05165188a0d2 bab906f0ac3dae9f eecd398acd95f74f be42ad32445d9613 14d7a79d78e517c1 f10e1f622081ff52 e6ad417ecb0c4165 9c3fedcf5860cabb 4e9438997fdff6b9 493de80447ee18ea 7311fc9b8d74f77a c1ab21ce845f4bbb bfe93e722f1f44a4 0b6eea3ce82a034d db21f049dd761f75 73add2998e0222fc afff438f504d0969 80cbab73cdddc865 6607a7f181bac33d fb6d87973ef05665 68fdce5aaa114ef0 ed79b512bcb06d18 5ee8a9f942e7eabc a114c8305ed2efdd 310c683a04111a21 9da3907f7e4afc50 09ef7ccbe8a59dd9 acca1eccb44ff64e 5154979727f875e4 d76fc224db557cf4 b141aacd3b9ee37c 66b60fd30a10729f 11fce6dadc6c6721 e205d5689a76f6ec 9c09bb690377c48d 150125ad26bc6bb8 b92dda69e915f9c0 078e51b285577120 126d350607db48f5 02d2e8c3d0fce981 910efdad169d32a9 8e32bc6c62a0f578 5d95a20b1070789a 7552df7bd278f5e2 e0c8d60e2da91bc4 bf18a0fdfaf98bdc c4aa89e2e6de5b65 b5a9923ef3d796c3 f082edf5f4e4bafa e16984cd15083934 8ed473f251cef93e 0cfe8975fac2d50c 0765cbc835f31931 3e4cf1447b780968 043ae7a319e85b0e c0794d86b0e0b8a5 6e99f7f0b6814052 1cea6ecaf3ef0360 6e056d5d05d388bb 1a4465dbddda4a76 6d45f9d640343546 c46b83c746152e04 145c8d88de38882f 628459da49579067 4b915ae19ab402f3 7ef6b8a33c94923d 3d68d08c6cbe6450 e064b2edbb009461 52a6a1788eaaaf43 92b396c69d1137f1 3251bdd2770e2308 dc0af77bfc7d5d4a c8ac5605e2be421d 47cba49831372609 3c3eddc0c7cfcd3e 9d9eb0ecd575f30c f6ca02ef5f97c568 e6666a82c0ab666e a157b6bf23aa6bda 6c4965a70b905f8d 24292c9ecdde3f0e b7ab71ea1118ff06 a9c6d238554704c3 91329f166977a8b7 9af15c7af43ab9f6 02c34039ed24fabb 9eb0b991234da0e3 5483e5a0b6d2d670 +Ciphertext: a62f48cd65f7 11b4c6f8114a0a79 36c1fe53566c2918 8a1f4b18ab691259 9f44f0e2aef95aea b83ed2ec55c25f49 b889ae806b382138 b9ee95f385bbd98d 2cefabd235b76d06 ee4a1665c2ce32ff 5a45b62a4dee0400 fe726024323e9dce aebfa69156825ef1 31c26923f208c29a 6923a68b3359d387 30f62efa486f2ecc 743ec5b2712c4669 6abe7e5b35b0ef88 b490552b811c2e27 d821c51467c7cc39 b6fdc0a8a625c21e 53584d11aca2e839 b7b8bb715d4b0608 2332747b459f5b1b 5438359bf37be4d2 d51868550d67caba 5ee34ac4717afe27 04a8ad2b06f17961 9de904389fac05be c9a1fdb21422d55f 28ab513a9a86059d 0c6480052e9c5a64 228375116660035c 1c52511257d4265d 9f4230515a5da4d2 2b54d0ae8909cbfb ea5810287b232131 05ac9a05d30744ff 9a0c0082b2a35b77 1c659ca0b4948386 97a09f823fa8f50e 89bb77349ffff831 d3866fa2900f9038 5446e7a3657c5fe6 5fbbbd03eb7008ed f859331daf47c70f 73a03af654944583 bdd1dce1350e21bb 0b52879186664f2d 5e54c1df6dd5e9d4 fd3aa722cd2922b3 aee59817cd7c07ae 42500e36ea698d11 20910dc93ee15b0d 57132af5117e854d 0fa7a4f0a4ba3f24 8280044531e4aa36 0e35c22d12a29ee0 9e99ce4c2dd532e3 3e6fcb8d7cddcb16 cd375bc20a78074d 4f7a554e7a54c5c6 ba9aaaf243c2553f fd2cb4d81cd8745d 446014bd0ad2e71c f9aaccbeb190a85a f00ab78a957151fa 955186f4afbd2ec9 d43e5cc852d68186 bca621f52207a24f a4e8d55e95dee3d6 c37a1286d57af984 24619853ebfe5232 f8c145ab96bf5dec 93bdcceb6010db3b 00de83b7956cf60d 7dba685d18cf7ad4 11fa7f3c58ee4058 72389cb48f7d1f4b 869267ffeff90a37 028501531e059b3d 16f8cc7473bf8b0e 2bd0ae189595c080 eb416353c6893dc4 c6f9c7c096e2713d d16562cc5648257c d226b2663cc6d3c8 b6f24b5e1252cf99 73cfed5a13785059 83ef552e2b0cb329 3d54d4d03bfdf489 67b43e9b89183fd4 e699f7ba318201d9 dce0e6f2ea66d02e e22176f0143fe7be 626ca415ae2f54f4 5851a9b1fecb0605 6570796ba9699d88 22a1fc83ea5cf5b8 1acc7daf22c097f0 7a7e9baf1eac0e08 c42f232c04a84cf3 6b03482648777d85 96456f696b04d809 41b2ad994869f142 355b33c93eb54849 b38d32798dd7920d 3cfb83218ac1313a +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 869-byte msg +Key: 491aeb9b543a080f d660d81c775e74c6 40f13456654721fc 61c0adb948f2a27c +IV: 59ef598cd3ca2c25 0b572d66ba33196b 9b0487b6360265d3 f6b7a53b8202347a +Plaintext: 4a622c8d60 714a8e8aafa29395 8191d3ec7af40a69 d8971f6a52f10428 110edf44fccc67a3 384a907cef9e6aaf 51c64659d9e11ca5 d2a029e519f7dce1 2418f36e43a1e243 26147409a089b4b1 aa9f0e0aabb8b293 f766398e95208b55 453a00f1c114c5e9 4491825849ca3942 9504722877e095da 4fd2978d4dd4d82d 7b5c4cf5fe8bda3c 99a7019272cbc10b 19ddb9dbc6c18d23 e2cc8a0bc97c8d11 cf6620a1816fe7e5 2d3f3bdea4f314b4 3e122c4a1fc36116 b93d5b30927e70a8 4740c41dd229b58b 0842766565aaf9e4 0c8c139e0a4edb5a db0b53232f444a9b eed28092791f0cd7 3396fb4e40583a43 8c31b6fe0fcac198 5020b80d2834e291 c9059c28febbb371 b52512c2ba659d7a c5ea5c93b79fdc77 2162d21506b80233 e2bf5f06ea647400 96d502e95d3aeb31 bfa04e858935f4a0 55bbeb6450377029 40e91355c581152c de9015eab03deb0f 8339d5fb0ef5d1ba f41249218e19f51a eb6cfe3c157c5f9f 963d91ee3bd767bd 189f371dcc453a6e 074e357549c559af ec2e68e464bc1afe c6c4bf1c877025e3 86b8bc144d8ef864 9459f78807a5648f 4a199b7439a90ef4 740de79d1b71ef28 d66eae081939d443 a61ad7815320de62 0d14de151dab0227 aaff51987f408b34 0fa75320b6ac93b4 42791d88b29e8ed2 3e0678ef972ac03f 6f8444363c47c1b0 394df585ae51005e 725e10c7ae873d85 e3d9b2292f8e0ee5 cc830a9fd9ed5b44 5d47da5f898fe2ea 3db1f963ce44b323 0774d4ec6d3fb5c1 c7e5e9fade991f97 827d4ad5cdcd00ff ac5a20879a3bb855 afbf265fdaa67d7a 6b902a6fd4b5d752 b0d78f0f04752346 c542cd599bd514c3 e5a2efabfd292db8 bd6d142842a8491c ef3df036b5ee1366 924f4801587a8e14 b00579f75e318f25 c764f14ab0da3e9e 4897b47269a09808 1b6ad8a85a93f0f0 19d00a6c86276967 905e0700a6b37d80 c2cd24eaa7f37ad4 677cc77627860001 26ebeb32fc718426 2041a070ad9bd069 66c788c7f74f8071 7e6b5b9249bd87ec e13e64704879a80b 80f702c24cfafd01 3b6e2830e11c7488 6821dd25489e4c5c 52b2bc4ef3a59cbd b766751f0c38cdf1 49a84b4eeec21cc0 2d849456aa9319f7 802d3df5845f2ae5 cd7843af74bd08e1 985e3a49a5a940c2 d67eca4ef903b465 73982d8d830e182b cb13b2990cf17678 31793e488f39aa36 6bf6c534bc56e64f 33dcd53d79192f36 +Ciphertext: 6cb54dc028 9f442af6dbfb4d17 aece61b269acd11f a307b4d328c227da 73cd89e4d9fe4dbf 552a81d6f0443cb8 e26f24cff4eab824 af58299aaaf8dbde 618c827a5401aad4 ee35568d9566f16f b3a2c21971679864 d61e95ebe0b28934 fc392e94e03c1799 d3bfc82033369008 60673dc7e01c9241 3795e591e1e88dab fba990665dc2ad0e 5b2988ff21b55ec4 ca7bed216c39d2bb 3bf542e41a390505 3dd1afe32d7ee6bd 4b56ff02715d6e27 b4b2f8ea87e71329 0c1c5be4e2b2d504 1a280c320bf6a885 01f259bc624fe519 fb2ae6503ed98c05 0389e638e62b2157 20d9b3b358ae11ab 1e9273f414efcfab af06b642d35f759c be4f44b1029e7171 5d022411c8d610ba 7048d8eed4dc0fd8 3caf2a3ce3260c6b 6b2262e04459e5b0 d766cfd20e525988 4d5d09277d778b5e c80370b69f02cf4b ff3e40cbb23ec270 e2cb5fd59b60feb7 cc98b4b556e601b9 d3f8811f9c369c09 529c6426c9ba890e be91be99f74c1791 b694c3681ca0e162 6078781a47085794 df7d332375d2d42d 429663359875e6e4 6a72d76564c61e67 4fcc6e7b39871aa9 da74a012cfd99967 31630feb9e0d4f86 204d13556b31d411 b673e7970b474a24 17a6c76977d9a92b 55d98358ec51793c 6e02cf344d10976e 71972040789904db 9502d8cebe529761 d400dcc09a234232 21c13f17279b2267 93b06657cdac5a68 949215b6fc3e9b18 7c1e3c2c6e404439 2221c2b428a444f6 d52a4fd692e71a27 23227354a95d2d94 e634820d58dbf68a 9023ae2402018bdd c7a5c00412045ef1 0a3a347130ce4c9b 79d8f82a3553ef68 ab0e9c62ac85369d 6775a97c62a9291e 19970c86635c282b 51fe81975a7a6b36 7248910595c63aa9 b4d1513acc007645 658d299e2274042b 90bb5d5a066f2e51 446a7abc86651f20 fc1a790d7f745be9 4cd770025e624712 271ae1ce0acac532 b2a86cba96a8297d 5458c62ec1920253 0ed712babfaf5591 57ef5d0f4cb5bbdb b3106517987eeff8 22c86629832753ea b8102a87d7ab30e9 7083d3c66018f997 5156442868939b9a 112f2c2ed9b3d078 91f74302889d143a 286e3325afb5be38 f3c637878158e869 3afd83175ee9810f 0cbfaf062113a3db 9ce1551bdb35501d d1ec10081a20aa38 76e7390f4861971d b47e11c7d143702d cf511180e2a533a0 50cc821316346f64 8550edf65a2f1d23 64e542831d4b7617 2f7900c810106eac +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 870-byte msg +Key: 0c065c3dde5f1bdf 9d7332db21c2f2d3 cf317cf3775dc9df 7d2eedea37af9c89 +IV: 971ded070a3e5e7a 9ff318f56c1175ff 2e6dc0442f363c8b 6d8867e8f83d7f33 +Plaintext: 9c0746b8c0bc 03308ef0c9f154c9 fb612a0f10b0d683 94c7ec726f7b3a89 6a0762ebefb9c981 10ebb091cc35a193 8de10d40f49f33eb d97a43148e0bc43b 64ed33f27171ed36 90924fffa82b1b16 32671d27f5790f17 148ebb974b005ffa 76cd55435347f383 880db162e83989fb f2dba4ed9aa732ae 4dea9a232fc3d36e a78f11081da5a50f 02441ee111c9b5e9 d525e8b96c8f6459 8a7628dfc1bae840 ff1baf6658f2c983 051fe0a4ad426589 e42e32b4f29a6dc0 d51aaff4894e6518 865977878b952886 9a863ed4430c6283 26dcc905b430148a 35be758a0fe7149d 4532b1933ef88ac1 c8617f995c8f747e a418f7d63aba2260 b34ac3c7dceebb78 438ca4b1f982b7db 9798ec1a7f326222 64cb024c0d9e60e9 55a6e1d677c92351 8851990a459b767d 0f13cd803460f618 70db3391b44693ce 25bb17dd68e214ce 1d67d8c6a9ab904f 39ba6af2047ef608 d032d2cdb71886b6 2b6fad0538a0569a 09b8a90cae1acef8 1c760a9975f52b99 8ab627279f7e004a 6eabea756e6ab05b 542a5404da51f621 c02df69d112d5d74 a85179c8f2dfc832 f658185692aaebba 07a720d8b8b6d071 2ec87725608e5441 31ea12d83ba3a715 cb5c7dcf2cc7cf5e 291657adcdb22691 6d30d359e981d7a7 2e68387eff31659b f6a16109c52924f0 c25e3faea3aebe28 854b5262346cb04e a6b534e2c8f3ca6d 7e0d0e2be438b217 db692000c11061df 7f033e68c9b8a5df a1b84e2d1d509d33 6b8acb5e125c417c 7a1e44ceaf41d75e 623fdd9231ce7f02 2859cd8787b0a894 c5ffdfcad6fd98c6 aa65f23ef6aae84c 36e77909f314055e 4180fb178d7bb139 95539396b883809e 702671781db25c52 04e258f597f4019c f7151e06b71a81ca e3702feb4056c1ac d6490aa5acc0fa17 d31ac27da5d53963 4f007f7b8df3e0ee b53dfbf0f7de2397 e3b705ed2b3e8b44 ab7601c9a61f775c 5329669f986f964d 15a23ece64836e08 9f56aa772393d780 94de5c022239812f 0a791a9a5ff66a90 0a8742ac10ae69a6 130f406c1c27a674 973a1a509f8d1f83 7cd6e5936af1255f 9cd44db381c5dd1a 46cb11f39c62c0c7 bb7284daa7821b00 b2290db242c68f61 d471a80a4132920b 407063352daced22 096fe2c9c1803c4f b35bdb216edf703f b9479bdbd85b5022 0ae77f5a566df42d 87177c4476ef4918 8752970576a290a1 543c6d4bccaadf07 ab19ad89a00d9e8f +Ciphertext: 3fbf76e20a6a ac7f0d88e0e97666 32128cedf5e6f36f ccce7107fa043688 62115ccca3d53a80 26c73b7173706341 c7cecee0a8d72ee0 ade9b9078b43b832 90801f04d93ea623 2247a6cea4fc88d6 5116d31b33984e40 b292c90ce6729db3 79048f4beb73b9b3 a6da43f981b89a43 2a5a9677d6471033 6706c9ad1261853c 5975088be4c74c95 ef945f8806b78264 baac48012d7f3373 75639a77b5f7dfa2 ff5e3dd0663959fd 99b1878c037e26c5 83523fdcfe648f78 1f638f1a0f80800b 19db935cb860c5f7 9641bd90f905b85a 61c910180d951d73 8d0a629c5e6618a5 cbd38e1c8ff508f1 65d5a8ee8d1ff53d 3a2eb2f128656095 dd26c76fd93ee1e4 08786ca441027177 6fca605c1248d518 6bf18ee37290d49a bf2c913ca98b6aff 2c95f8c6e1c68385 9758f479f6f00907 9a9bf8cab63ed1dd 39b0b09b08ef2ce6 7ffe4bb4612846c0 66f31a7818626e30 e113a47b477c3cf5 b145fb48c15da586 b55b83c50cb44479 f89aaf2c8556c117 1b44274185eafa0a 7bc9ad5bbbc988a0 c00e9001d5e76a94 eafdd8ab40fe9d77 82f8256d99a1e244 21c0a86788adfb58 219f3af34ebd899b d7dfcad051c6076d cf1cd7c3c6809e6e 842fb09111ff137d eaa33f5d9b3048f1 40d7399e0d95a1f7 999d4492ea753ed6 4a80b93ebf25d07e d5eeb4c4812a7691 cade8173bbc422b6 fb63d4313ef4e80a cf600c49c0b3f3c8 d08324ba59307173 3ed6d2ad6fa2ff5d 28bbe6e20f970647 e82f91d4099cd792 1f7792d9fdf0fbd3 e7ee96c7162337bd ebcba8c518de7b7e f0b261a3905eb5f7 ff5e34105d97dd7e cea14019eeafc1b2 f0e621f59dbba2b7 e565ae0aa5bcb782 025575f4493cdca8 82e0220f45af3b1f b16441ae334815f8 61b425b0886922a1 629f401cc6b43412 19208985b08b37b7 0e82bfce2825b61c a071ed26d4327814 879578567f4eb3ff 07299d8a2610c0d8 3f7a8a34ea9cd95c ccffd10ce931645d 47450f1975775dc0 b71fbe662e8945c6 b402d03b5137feaa 984163d6e299349e bb61cea603f70576 c72e6c8619374dcb d81b2b8275064aaf 19be906e286246b3 256ad99a64a70ee6 08e7fddbfcda1042 59fe5a24e63eab6b d65298672629a6d2 1abc2c7f40330d03 8322d25e2f5d5903 6d1c803233247b34 f943d7c8f36b225d dea0254c11cf98f2 aff318ff823be1e6 6a44c0d3f0661fba 62645071bda71a14 212e357843eafe7b +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 877-byte msg +Key: 5399744c380b0237 f88989e379b72dab 396884a78506612b ed35ea91f4b3f139 +IV: 0c8281cdc14ab6ca 34f9d23ccbac8ec9 27d2aef0568ed893 4a5ea6b38afbfa7c +Plaintext: 28809281f3 cddc48ed2e0b0900 386ab3ecf4f03084 4015ea1a71e58e38 3d531091d9cfef36 5e1bba0d715ad380 236a73721673ee77 e2c03844b6cea864 43a3fd2dd5619ff3 c31b277b0ae720b2 35350f9f805fb297 3c8186b0758a8b78 d3934be6be701990 c585971f41db7b00 3574925d79db054c 18fedb46f640bfda b6cb03a2da23e677 2c0112e15d5e69d1 edce01934a0f6dfe 3ce23fee8019caf4 b4f22d4b73a38d0e c036a1a9a897748e 23ec66293c247415 71d3ba905d3d362c 94b0cfc8cf1896bf 49cd4b5f68af239d a075c8069542a2f9 7f795514d3d38bec 20aff30136a98af1 8e6d19ebe6cefe67 2c1230149d907e12 2e7e17622b044f9b 1e94a0def27eef0b 58bf11356a1a8e54 8e6ba53a9e3790c9 46870962adf70ca0 570adf474ac05077 6f6b3e263cbe5acd 90272f60de5f6084 8e3f31fda0d54965 93b7b7248597329c 9b18a5a4a3e0eb38 f8eed66ea62e77ac cf4b99194ec58f51 9943305dec2a1fe2 a46e5098e9a9c7fe 8f6aa34d3ecf5caa d156499ffdf065cc 335752dac7a29eb1 511746eb54407888 1d419de3ee6897e4 5c064778f67d533e 279b26845e263871 6bb88f832dcd863d 6a1bcd19fe22b1c4 38039d8a8195e10f 3eb6b341f8df738a bafc344abb7a7784 3da139d8b52431b1 2cf653bfe56098a8 405101fadef5da65 06883c27486dd5c7 607aeb065d979f13 02876ffe6c05ff6f f5131998598ff268 1707af011ace276d 994feb8c3ca28451 805dfb2e5cad9fcd 25a50201afd545fc b51f95c27ac6f6de b1c83f539a6e66d5 6f21fe39fe7ffe2b 97aec41f28f05a8a a778f751b07dc981 708cf142c122d006 967a81069aa4a6ef 14d768d80e08b978 b6bbdc96041a28c0 9d440940f8e7474c bf118b7d78431f83 64c8f516a744eb2f aa904d79bec59b02 02978d3786e5550f b08d2486df85ef4d 4f2873c03dcd7718 4b9e51e225a8abb0 652e870eb44381b7 329854091992a0b7 9d9febbe16cbe59a 608ef0b982e8df30 8fb0feadca2a53ac 0dd724ee6c91ba27 15d764f87a65be1c b30732e61db0c0eb 48c6fbfc10c15457 09f49b1d21aac307 8075e655b3c38808 0ab220513e26d549 571885e2cd310b1e ee97c27f7f0745be a62479c0080ecec5 2e37c1e32d72a6b3 864da44a4ba1016a 83679ffad0cdc7b4 4f8a261ec06e15bb e73d1e8231bdbb8f 9b0e6019d03abca4 910d3d775a27d251 434ff458240ae752 fc6c3d17942f9d46 +Ciphertext: 8426b4c6d9 67e1b1a1b0d1766d faf203d166fe30a1 5338f57817b635ab d8c05ead974756ef 802f4953b236b18b 6650fe078474061e 0ee532637075f1b0 804c1e3a5156ed8a 4ca6f2f95ac8cc4b 522d500086df26fc 0f3b90d83beb9deb c47cc0af66e95779 c6f2fb10fd03fddd cb315bf7e6cbc548 597e455d9f84a33f 48ff70531b008056 0c16a558d90b4969 5059dfaebfdcaf06 449bde936671d253 3dc2b33a9d7b6b38 3b0c29a81e3e0057 ac8363e6e6c2d6f8 ebc97f991332a91a a4aa1754397442b9 64b6d233ee9ae3fc b106ebab15296264 417434bfd966bef2 247587b81931767d 2c86dc46add42378 4a9d520f6def7032 76872bb69ef93734 1dc2b2520653aced d3e3df9cdc3fc998 50e52c7ddde36041 82dba1538ad15847 6d6f62c0bd3ce171 ccf73f435065c1fe f3ae877b014916e6 29f3a75c5621b16f 65e5694c29bfa3ea 4acf26df0ebbd2af a242df9a05a53bb0 d8265b96988e060f 4cf9cc2fab2a8b77 8c9b85fef4a76eb7 e30b4698f277eacd f871f10524414325 f799b617ea7e18b2 4ede8774ff56756c 5ddd2889ba7da6f9 9f82cc9fcf8f1859 ba6cef0f9c2597f0 7f84dd2c1d8463d3 aad24c65cd28d95d 370cc72639292f67 ed8aab0dc96953e5 57c11235867163e7 8c84dc679b58d714 b51499bac33d5a10 5607bc1f010e55b4 5cff81b8b525a0d2 169a516627ca3304 f2268a554b41037c 55c2b65d4d4f6909 fab27c67a1b7cbf3 3be172f2d8a73907 c26f18f2386e8809 ed493c6deda32da5 5ece7877a8a8b59e 8675806812e91d04 c61bcc80a04e87d0 ee03ebed00bc2876 167f1b51627c760e b50549ad7ab09e2c ec5cd8170f902e9b 8590ecaf1fd8c218 33dec2d7792ef219 f950288f513a297e 086707809397a4e0 430357e72f3b81a3 52b6ac82966b23d0 0a06ef0cd98fefb9 f14460f498452c03 3a0f101b8f752d37 c28472d0e905e2fb 062a4b237a796dd4 b23cd91816f064c9 68b3224cef16cf3d aaf29199acdfcfba 601f237c69fbec9b cd9901c6cc313f2d cea00630ef5a588b 5c3d4f9e5fa842c6 686e6c2ae6c90b1b 5ccdfa544cf7cda9 af3dcd8606be0b97 b6706aa2a90f69fc b2eb8eb89252d10e 8bfeefd2c73ed73a 9383eb6b8107ab7c c3c3bb3b459aa9bf 65353505d5f8db1a 805fdc9190034ff3 8414a01e58dedb9a 1f125ad4ae22e58d 5f1922733466858c ff2f0516c86578b8 8f40aee0c899e921 964d315896125c25 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 884-byte msg +Key: 02c238a523c632e0 30a1df673bedfd49 1cec567c0bcbf237 6e288b9cefd3419a +IV: d2d18f1285a77e38 79d5183d31a0202b 99140010984a035e e8e7c49226e5e714 +Plaintext: 2596065e 88e5ee6190e00c24 327322af6d763e27 daebed3a8580acbe fb5c9f94a41786d3 530aec221ccaa166 66ef6b9e401af90a f9361893eafd2a67 97bed3e4f75ef5b7 0f9edf45c69bc14a f49b63bfbc061702 1cb3ed31c26525d6 2196eacac5733d53 e3272f90355c5317 04ff73dc87448255 6bebd2dbb3c18754 c2694c0fb65c44ef f82f43cc11153f16 c0a401bb49dc204b 0f65305b65183727 a2c1607b7323f4d3 763d85c104cc6d8f 4e117725abd4db2e 30a9707782721d97 e82590d5a4d03346 84da5c36b48bc5c9 d6ce3be254369a44 f540f8f8afd821ee bd1e44e7f169eb91 4a8c30f4c9592e0e 8164b7baee0a45d7 87b132a596502b72 4833e27700f803fd f1de6ac4ec3f93a4 765a51751e56c32d 0e848448dfe5236d b2ecd34e7c8463d0 a155706cc543d9d4 de3873da8e24fe8e b14258a7329cf125 22d17f340b16f352 817babb4fb70e9e6 e18784b3e67bdd44 9872158c357f7de3 c16b4ef055b59bcd bad7836637cbab22 a6ceecc6cd644896 ec9c23bd9395afee b641a94c03694387 73f16148205e07d0 569512dcece527cb d548ea02f2e67090 2adbf60ebd3ad3c9 d552ab245f30e637 186560bceb09622c 7affd225fb7ba60f 45c29eff2a3133db 0881cbc09b492ea0 15c43d3071d5e201 044843ec555b3bb4 2e7d0ae7f3554b05 330627e47db2c953 753d11fe26538d92 9aaca521a88e15c7 0e94a18ec0af038f 7f6a295aac729d98 5f5545efb48a4c26 65b2608a9e1d1e90 0c90cabb384544c0 133437e9d19194b7 fb963fcbc0820806 8de2dcf0dd0f3c56 51f8ef380321f4e2 18ecbb58941895f7 7287685af544a77b 39c4811a0d6c5963 055477cbca4bfd3b b51b1c709c0e87a2 ecb02863f8d713cb 91e1b8d2d73d5cfd 4e2dca3d35c94514 1348c2f9927b54fe 909ae8b07443323e bec0e7dee3892d6d 57095055eba5b6b4 59fb15bb1d67e354 87cc0e070f91ee1e e8e97807d858b4fb 467371dd95e73765 b0bc7d7de6db1ceb f9ce043171c82db1 36e5d1155eb2d9ee 44f0959bda95af6d 4014620995dee70d 0d2930f643f0d941 d13b5cd01fa08490 780a245963b90815 308a2c25d1792c00 eb64fc1d2d12d914 e1737f00c0299d27 0b4886ddd75a29a5 a9a7439a42b3d30d bc07cf70d6341572 8d16a46cec560cfc 243223efdf81fa65 d2f10f2f9194c47c a89b10b5e76175a5 fdab32dd492eb957 ec5163592335639c d4f2f9ae6624e895 d6a729b5079ee1f4 +Ciphertext: d2cd3e0a d71447d4a21784c9 b80e956b771f3424 6de4f5170c566afe e5f649bf30ef1083 319b9613f3867bd5 b74c8fe9cf84ddb8 eb6f49fdcba364aa 75d620f46f2542e2 df620662534c2233 532af476962355c7 86601e3c487037a8 c0435b3ac42fc4f3 d9ffb38b1b39f53c 7b9b2362a08fca65 1a1f782315ddde91 4d628108732578b2 f40cbcbe927ea1d8 ecf4c83c18f01cfd 2eb666aacf89e5cf d206681ab120fe1e 89c5c036c8805275 c54150f9e76b4fd2 6df43f187fed2f3f 029af24a64102447 561f3a89d01eea83 7f01d6398e610cea ea8db8d841039389 0f1fe567fd741b98 133e2c17803b12da df1f1087c3e0617d b9b04f47dd3f6970 78959d1358113b6c f43fbf2a97b10f3c 6829fbd66fe89a34 887fa26b4201254a a8236ee9a8e588f9 9d108d6dd7ff9aa8 81faebea5230d581 75aa5d3af0fb159b 993b484f7053f5c0 4710bc8ac2244fa2 00febc066553b73c 747bf11e654adcc0 5dca0890207e079d c1179983349fe302 d27730bf060750f8 88fa861a072a23dd c824df4c8481690e 93f655888098b1d0 fc5a3cd5354acac5 5ddf9dcff76ec217 4e83c382937c725a 4897d12ca5b78dc3 8f70578919dcf232 775268ea390c5ed5 cb55718a410d2a76 991e15f917f783c5 262c66ab5087cc55 0bcd453bcbd5568e ed43c350debc0f15 f1c6b537e2b873dc b04f707f23834207 7ff77a892ec4b0ac ca9b82ad63c0cf54 6784cebcf6f7e3c0 ee99ccd1b02bf93f 8e8df2d5d7810b2b e2b3c655013513a4 4d55d8a23d76f0e2 f9b7ea496ca933d3 59bd8b3c6ed77a2c 9568548d45973687 906b2de475c3c2ef 01e3193ed3cea268 7f528eb58fc88fd7 76b70acece2d5582 c65b47dc6bcc6c07 110648521755ac93 d44630d3f17ea429 f45fcc9ed52f56aa 69b0d2d595807f36 f238048153f3fa94 8f2a0b8ed0efbbe4 553bfd551d8eb5ae fa976f137d307f5f 62d907539ade28cd fa687f3cf0a1a74f d95a545389097b05 f16bf8dc8351931c 7e92a69430fe4c5d c238cc38b4955c4e e0d15cdfcf7b0bae 155e0a37ff1616b9 91067cd0e6a9c911 43dcc8a9c9a51ae0 60d78aaa4903e833 69d3f6b1c0c245b9 64b82c177d0fe576 fdcaab733b6e9124 e9bf25da7d25609b 4174929a86317429 88b0f6480e03b6b4 bd02136efd7d4183 2dc679dc7cce1ae6 900707dd613924b3 08eb5da371da993a 2f593e3d8ce97d9a 348a479e9025dd28 412d5c30a0050e2b 54df7d25df2cadfa +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 886-byte msg +Key: ba911b7fb98c7f8b 2cafe24a7e4c94d6 3267dd686c25a06f b38138dff541a6cc +IV: cb28ee37ff6ebe28 4c6d51fd649d9301 38c286407364e49a 478006176d7d047a +Plaintext: 67611e190945 5aeb37076fe3f03e e27c8c736f96418e aa80ec8ee6560e7d 568d15a372ccdefb 9cfd77e304a52917 c970b6e06111df89 3a482913a144e12a e42c5e57b3f98676 cc86946bd8ea1811 8f053e732359543f dc1b8777ff8aed6a f580c9e3a9470aa0 32ad1405b25bc312 7e62ad937f17a896 d8218d22c8d03b26 d2b1deb01c5f715f 169b811b5b9f3403 dcb08ba73bf3e478 7581c37dc4bdd147 c4e62526d4e8c39d bf7862149c5f73cd f2165e1920940fcc fc64b1eebbfab9b3 114727ad988b0841 766b40583b438656 08bdb050f6a3317a b5f1e0de742ffb54 01fd6bae32f04933 839ca24f00f27788 66cd08b485c75369 e851d7b6b8039d10 de30798f68be8e5b 2e341061b5154e4a 536defad94a97b83 ddab1edc4f1ea9d1 ee07daba039ddda1 bf5b12f620531183 19c5eca3edf0b4af dc283eba0129267e 7bab1595cb3740ed 7d3831760b55ca1d fefe87fe564503d5 2cf0beb696cc1dff cb44b28a8731be27 b1f4f4493cc380ff 4b404826985072de 162a263ad5ae953c 26f93a0001365f37 a3b6e4d77b443c11 47b2b8847bb808b0 e2ffffad8778961c d6f2345fffec2c05 9ba787889280053b 3c7d5e7ec626cd34 d896cf7774d1298a 2258280e4afb2c79 e1ef68c54720e365 70c8c27d4341ca52 3f1821006462546b 51539e77aa0c687c bcb50cf464ccde77 2cbc6deab8b206f3 61ac7aaf1fd321a8 ac0a1f01e6c7e6f4 7621fd7faf2bff59 b881e62bee2089fd 847b64ee6ccb9829 7ba63214c8d3b0cb 555dc2ccf1e64df4 5c3eb5aaad345c5a f1ac662515f2c0d6 064e601816d9cee7 a28ee345f1a4d02e 601c63cdbc9686f0 f06809bae0f1a197 942b307599804632 a4dfe850790e91f0 0b4277fee5ed0fa9 c8d7d31696704355 6e652a9419712292 a5765a574fcc9723 a7d879a4eee1006b c3204ea1ff16aff6 dd23d6db5e536af1 eb7bc1c13c85ebad 7a08f226a01c6020 276c02c3e28cec64 278dbdb32fcf2436 bf17a3f608e19378 cdf869eec34337af 3de276e5087a0285 94cc6685558d5a49 69718a5e7b8a996a e7d066631f018e00 4dab326d3a86fa43 6e0859b799341312 31b3fd615d25046d 12b971ed7bfb6cfb 9feebec53e5bdb85 fb681fb3c16c5878 5f028567755ddd68 94db13f4a1dcd988 7ad4a353dc9fad32 85153fdf95df3066 3a89a9d88cd72b42 b65dd3e0574add8f 28856881defb7834 523741a5df33a3c1 0b6df11c6a3ef6e5 c0673a1a66ed81f8 +Ciphertext: 7ff7d9c1e41d cea920f78f1273eb ed075cb307545c66 0741bb96de397c61 a08683db0c1f7093 ded26cd4ccc9d633 2d43c927fc0f0dae e2d3b8244b4be6a8 0392788860be3dc5 2d37a664019abb31 cd8af44b97a19b12 b6e210be33bb026d 56b0111e818838fa 5c6698637cb72173 67120c126a9a2693 2cdd9e97b3a263a9 195e76b5ed4cdf20 3ca47b7490f58665 769438ceda684994 85818afde53d66c3 27963f1597596d85 c9d3eb197b0c2b85 42b8b8b0cef653ed 9f6bf9322de5baea 377b2d60ac5ec58d 10cd90c747463922 5b61ad4ffc873a2f 44156fd9d638d1e3 2c62681a97d41eeb 892ed7c79291b5b9 61653aed89509a80 05f56222b556577f a27cdf481539007f 355a418d3787d131 a66d96689e6713ff a5d1f4246430a959 89fb066f44d683c0 41b68b5e2c5e84c0 517e4cff1d999041 af5d6dc451e53c73 195af7d8a6479dd9 b58ac9adf2f10b74 4d42cd484ff34143 6742f841a0ebaa83 8ebb3ebc4e07dc72 9494783b6bbf7404 8a0fe081ec52f3d1 f95c9e54f75c59ef 2587cfa6a622ecb7 3116f70041ccefe7 c6bb644495a21f0f 7257b8b22ac097e8 94a6d97053083137 5aeb57ceb07c4a50 afa6de5c6808972d dd363cf22e9daf64 d84a6b84123d01e1 f80b5cbdd13c06dc a7846845f853dc21 7f419bdaac682295 082da9c2ae0ac3cb 6f278dac8c9225e0 8a4467ef8f7649aa 72d72bb0c6ff381f 76fa345ed8b60614 68d02ab2782edf3c a4807ccb55bfc7ee 2c2f0a590b4fc8de ca2dfd6ef73134cd 6a56d3393cf452de 84ee098971dfe882 8c07eb8582321309 c590630349efea62 558a08ab5719bf1a 07a3925ff3445b32 0fa21d28cd7cf1fa 58ba93a97155561d dde666d5181776f8 d8c78783835662c7 592126fd5481ca4a 57ef04b1006c4f65 877ee2ec5639e14d 8ec5bd475a34456f 5c19d70a5b3e20b8 f4109888112255f5 06e0b3c003b63d25 00eae4128c0a70d3 1470cbcb1c9ab66b 334468193216e84f 6c8153ef0804f9d4 3c765d7fd14dc6fa 13e80e400df7105c 2f7c911113de8d10 cbea6a4e22263241 24665c6939b184ed c760efbab931e2e3 2530c738a6f0c8d4 be51cb13b4e3cabd bbef39dc59cd077a 3bd150aa62fea02b 7c23e0da5b1fc615 7710d63b98837607 e89370572378f065 0fb605b96737d94b cba036d71282ba92 f960920358b0431e 21543ec53a26b7c5 fcfe63f95c4f8ead 46d0a438643bb5b1 7d80bd5a9293cf23 1cd7c7d09268f191 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 893-byte msg +Key: 2895b60a164572aa f5ae6c6510b9721a d9e59bd7384738fa 23cf08966fccab18 +IV: e5b2592a991bd4d7 770d9bf01f7b61af f30ebd9b6d2523ab b71a13ae75c790ea +Plaintext: e548d4042b 034220e6e69c4807 f07612e3f3eb7d87 988e1d4ba3a378aa 7890af50de8e6175 04a4cc6ac2d63571 209a8ad21c8b472b a8619608f321bab3 e991ad4efdef081e 26e2242a27b17f05 14b361e81207bf03 5e845f1591f33d3b 227c2e052c5fc3cf 71e5704fa095ed6a d3aadd4c5cc5aeb7 c1e0c09b0583c9e8 293a78a0f3465830 ee93f800b2ea4949 65684727822fdbef d95b00c2d8382662 08b2d345da0c90e8 a4d50366e7185949 d3d4e7a00dab1052 afde69b191791b52 c7cb891d6a1933a0 9c94daa8c687e613 24d504e084a31388 4a524191b8b07160 6c6fe14f2ad609ff dcb6c6f0d7a0b74e 6055e70e6f7ead3a b39dd189d544f033 01852203a3a9d9ae 6e240d63a3c996a3 903bd95357a4a610 f0a961c2719d6074 8df495635bfb6d54 59c7f72bb16b49ba bb6f20d7c27dc6b1 0b5c3964132389ca 19a68294dc358b9a a686ce7089ef993a e9d804c13b71d5c6 0ba0a096443e33de ac8231c1aebdfc28 5c48d859b4bb4ecc 2260cf3947e89af6 f95ce0808b562558 4e70e91057fd88a5 83f75f0fb9393017 6feec769704adeea dc783f4b70d328df 0758f3a9615bf6ba 247aa9ba20d006c4 d76b36773dff6949 bcdb061f7b1d041b e02297b55441100e 46b9fe8072e79a7a 63bd628b366f03bc a26f7c23359c81b5 e0b71d5cb6169c4a f19ca88c36e8b2e2 1acd94cee40274eb 941beb8025b86655 10fdcdc511426315 2d0bee04f43a17a3 04831367ce21837d 9dc7995dd4da7da2 76ddef19ec2d2d18 03ee171135459166 29c7297f7d32fa1b c25bcfe3c8688c45 1c3fca7fd03fc2fa 7a2d6cda7f71e8d3 92821c3e779f9f6c 0dc0d53a8bcc5ce5 0a0ca72044e0e964 9bb035885d26e391 469a35cb46ce3b19 85dcf389a56cb52b 472ace24d0786cfe 6d5fba4254cc4b49 4df9bc4f712995c9 329871f89cb25fbf db8387b2fc6f116f f8234231eecbe8a2 b085f9f181167725 1ddd96b1fa052148 cefe1af2512da160 44e2167cb28b8245 762833dafdffa7d4 4d91acd946ccc46f 2882ce0d561ae378 5a867f4d2875e1d9 a7c9b4316d4bee7f ca9df99b097111db f2f9ed2b949ea160 41f5c3c9d9efcc07 4c50c21f5a6214ce 9deac61dca5bcd34 344abd739122a1bf 01192a1a4c620d77 6ba4a6cc4bace168 cd5f5a8711f2c324 f45d870ed70cac3e a3d8fe6809376ad0 0fafa85fc8911df6 62e3ff02679eba51 3c1a9224eec68a85 2d1c85da99d4acbb 3d580f0159798f1f 6560fbb652c77963 +Ciphertext: 0d2ce7a383 5c36bd9e713b7b3c aba2e99463268d87 f1a1fcefb0ef2736 d72f508e8d01b3e1 29136db72e937fca e4a5325564b1e454 590d123d95cbcb2d 04826a254c21b583 2f8311ae2c997103 e70637bebada6ea2 a200028f7fc381cd 3487701d310f61ab 5d7d665cd5a5ae70 7afc4e9d30db1bf8 78ddf60f0b49c178 9e001f97c2ac2454 36a7e5225c86c020 3250eeae74dc060e c6565b4ae87c3688 62df3fe51b86bc9a ca8c36b357dc947a 04f48924e7a1ff1b 7aab22eb3bc77483 0cd1e670297a98c1 02d6454ddbf64a83 ec8a5f117c7c7f64 2afd482bffbb6f4e 9b2a5256ddea4a08 415d0000f32de303 7fec949b1d43fef4 fe1fce7468009f6a 6b6756955e32d6b9 d639cf3603932ca3 ed36b8878b1d0852 ea99b03b5f331a75 33d2ce740e8a8e27 773c11090e234a6f 2d18b4e48e6ef491 0591fb9cb94df92c d773357b57706b1e e6e6779bd7e35367 339e14fcb0795fad ea7da8ed8f4df67c 93da284e098c882e c35d99d994fae423 1782da64e16f77a1 f38112ce197df9ed 49c0e61ca405456e e36dea9ab19d0017 44fc473546535989 8f720b67a7d60d8d fd71a48747b9edfc 6033b32e72f32ad9 07a243c23de4e4b8 0b28897772ca5d6c 1118995acc798bf0 06a742298adff9d5 7904bac25e07b055 9bfcd73aaf1aa721 16f75225749549d4 920f362cc7c50c81 5f07acfe21be7157 0e3b45f167a374e1 fef97b3e1b9eefa9 f120ede464e2022d 01745f64e99df28f 5b7bc1407f70ca89 da74a4a4bc04bd9d 41fee23c172a3cb5 349ad1834032cdf6 a116faa45cdfb73b 48c25a6c9221fc67 dda7f64485f8cf6e 43bb4ab4b51d0b65 30d940a7a6c37d38 fab1fb6f311a1138 1b14e90ea08bcb09 1652eddafea7c8d9 13db41a9f6e40180 34175ea4b4df65bc c0a7460b36c39d72 0b829716133e7af0 ec650d5260f60657 9166b930db5cd632 bea499effa39d42c d3d0538e27ffb1e0 77ee178ffebc80e3 87fa3b7bfa5cc6cd e86c806f4cb53a2f b61c01fd2ffec65c 0a77fce38ebed2d4 07fe6a38ff343431 fdcf437a6b7f506f 8425b5df1d06a207 182b9e439cf88bf5 6c4aca115e3a1301 c6100e7a67b7dca0 ffce12108c8aab13 e4ea1833a55a605f ceb76a6b82a6a291 5f7b7293277559f1 cf24f20aad505106 fd31623ca9c1eadc 8c73069a872de947 ef06ba2dc1472b36 771bc635559ce251 c3bcd8eab996bd06 3e99dd5501444370 b870086eaf2de17f 71f2a1acb95d2692 3d8ca7e1ced9eedb +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 896-byte msg +Key: 6928dc5cb6033baa cc099983a39bdfff 8725d987cc008cdd bd97ca5cd5c90382 +IV: 328f5eab46df081f d0d0cc4f0afee55c 243010d9f238e5d2 e21b660d3072d98f +Plaintext: 5d10d362dde59696 10229c86739e745d 1879cdd853ffd14d b7cfb4ec403c8c45 d2f3630ae2de8a16 734931af45443508 4948390a571df854 23fad9816eefc5a9 7980352abf938fa8 e38cb252e8b6cf67 a0e57cf9675903f2 11e6005420522bc5 3aff724adbc94b53 483248f8c4bdeb82 0597bd2de97c9a2c 66d94feebf2e67a0 feb741f39e4b661f 88841a284120315f 61a7242d474e640c 0b1ceed6b44b2042 abf1cbab70e08914 8cca516ac7a94808 9a5dda81e7970a99 e8f706946671ffb4 2bf537fdb94f5c3b 3c4c1446be1ed985 9a0107b1331f33db e5b1bfb13c68abfd 640bae6ee161869b 80518c458e488bdc 47dbd24591ae88db eb9440b4a0f7cd25 407b588850deb03c 4123e0ee9fef0717 8b3364c66b0bb1a0 e0e6b225f9e80d35 a68c5cd26f8e8127 650839c959dbf53e 4d50e5bc28ff5532 aef03c8dae011234 7d87e3d4a438a263 d649bf5f25d3fb57 757b7cad30521c9a 3bfa0772290b852a afb4141758a6baf8 7a2d993769a0c46c eafc5123ebccb0df 714c3b5fd1cd0d1f 235b1822f49e72ef 3bfef0da8e0af684 961b8da5c134b609 362dffd90e11531c c1c4167ddee9724f 0002ebcefdd93aa8 602058bc1a54d921 74e77b6a489dff28 713737b1804f6120 b083b39d1dd537df 3052d9ee5ef2bf2e 12c0d899e73ab84c 1bfba3454197e76b 35c76fce55c69631 eefa39c6f5d71038 f8013eee53b0268f a75981c1888bad37 761748ea0f73fea6 82609fc947cb7548 0ef1d4f2f5c7f2f9 fd99f9aebff15b8c 5bba6678b2a51847 d5cc3481bc969564 3cdac32c3347c492 060335934d929972 ccfaf000a6248c1b cd862075bdff1a97 6a02322576f74363 a8de5af89a360df2 b11d0f0b52b8012a 53d58a2db0cfa9e6 80b24a6327a01873 cc7493650ea46213 f26cea2020291f7d 50039a32ffceed5b 66323370ac0aebca 5b0b066311a63ede 782faac7773e8f1b aa567a0b10c48bfd 04ca14d46ffd6371 3becdb790b024a59 29ae7688bfc0f90c 4b174f404d792ed4 42c21515d641286f 565f3b3064812d8e ee3077ec61780459 198d445a1db57ce9 096160bd4b9de3cc 92ab4e0f84eb8f85 b0ffd47ac32b5909 fe027ee0e73f1d43 3ff11a5435db3c91 d91a3b9ed3081a45 5561b6bb4ea4a024 e1bc285a15e0baea ceb86e60fcc1dac5 12f22b65baa074d6 c69f45356aaa80b3 a90468500e60fbe7 9cff826b07186670 257c45ed9f7a4540 ec00a8728004a1bd 4022664b3a878741 930d7efcc0a7879a +Ciphertext: 40fed13c8e29e667 8ff5ba3a9c639301 4300bc160df34839 09aa9c0279c91000 c4c89f986f0f5b8b 7e9b2914b41a9f76 533e00cc7209a468 3c5c2a411bd29034 7b705e3fa4f9fc7f f2a1f9e0a8e582d1 dcc7e641124e1b61 65a142a08c9d0a62 9d7b052568f37d16 a6975447c529ae26 dda1de522b0bc947 08193dc38e5df792 af2c4326e59efbab 2abd185b5011bf10 e01b22b9481df2da 141354ac3fcad84c dbc4f7b5c8b35b77 17cc9491e178df5c 76ce944175860b27 6f0e25e04791a5be 60b972bd7d3f6717 a6ae542a916d32f4 bb85bf9b865153cb 47fe7a2ee7a23096 af752b3d98218f4a 7404ca432181839c 23396e9fb01b0c7a 76f536b901568c1b 19637e146e176b3f 77b7d46284b44c42 16bb55d9739ecb98 4ad174d0d96da99a c2ccce9d9fde2088 5a6bfbc12156a225 1ce0767b23847fc5 27b57fea4062462e d86eaa473ba9acc9 f852ccbfd08672b8 bcd318218a3687b0 1ec6050b341bf799 09f9bb6476e0fd68 6996b2889179baf4 960ca9fe92303ea2 5594dcf22a6a0557 29630c7a44c1b3fc 4d28f827748ac770 29dc1b84294b9ebf 85cb598f7c39e15b 7cde0333aec60240 2117ffbe00017a78 e069f0e2464763b1 9828cf9205c7a2ec 44684d63e4034053 965f4cb2a7255191 242a16687cd35316 a8b7e8cd1979b2dd a05abcd3736ddeb6 4d5b0ffbedfe8a6e 7b713e2e53bd19eb b711338edab20625 7d15968a1b5dd1a0 596c08c650535cae 248d08d266231e16 6d9256a2aa2a4e6e 7d631b13df444272 20cbc441ae281392 3f7d9172b31a03e7 ac05208b924391db 93ed372de722a36d a74d9f72086e85bf f842ecab587313c1 f0e13771fd075adb c0625758caac20aa 54a0b08db3415e1f 2d721db3c7eb921d 06c3f053c95cdff3 efa0ec8ff83aa6c4 6fe1ec11ce8af9ab fd65bee8bf55e40a 5c7d191779a2c9ee 8d8617f708948d3f 97b9627bad69d739 386e6ec8f37dfd00 c89fe1049fc055e6 d6f6dcc5dced8a75 3ec45ff178639af9 a2b90dde1efdd9c1 bbb8f331e2cb2991 d53f6e2b55ae7243 25fe11fc4e2c04cc 4635f14973a85be6 3905c2e066ca242a b0adda1f922a4a63 688d8b5fb621caef 421a0442d5178a35 99c8c598b6f8a497 d5807d1811d35778 9f877d30974ad999 883ae0e4ea829cba a275ceccb8abfcfb 7e878699ec819c1f d0037b7585345557 72489a3235df96e8 c6a7b0b6e33f6ebc f02b350fd48c34d9 24a4874be5dce8b0 f7db17929cc1d6dc c49f27e7a765b1fe +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 897-byte msg +Key: 00b2bdeb5f368bae ce08faf67bac4a8d 5e4cd3011c07009a 2c8b9c8e38e64c78 +IV: c6995d0717eec0f3 4f8c5336d7496378 003f6ecbe9222d98 a2d1d1d9912a8e89 +Plaintext: 15 2356596a16e7a5cd 5d07a6e01f0ee94f 69a600b481cf77b8 77260a7bfc661437 772f4b205606ab8e a29eb05dd755c894 f2020846cbee1eb6 a52087be04de0272 bf7044005527eddb 849ebb181840fd18 020a4b67a99275e4 8549b922e9fd390f 20a2acd3bc5153fb 2b912ed78bd67120 bf4732dec3c46489 3c28086f54cba255 c44cea61328dc538 befe7363d81f0af7 54402375c08bd3ef f545dd6cec51258e d3f6687260e22bd8 666ef184a623b1e4 e77d87f249f0aa5c d6299ee25a96ab00 74288dceee586d24 4a6810019deb4f2e a187c71e05fad119 075bb59a45a21af5 d06bc13c83f77364 937438a4667eca1e a9e549c19db1306e b1638859567e5cb3 0f466c86c7c825e0 681ad133a9e40cfc 281f77a3b81db0a2 fcca81ea35315782 5842f67264d26cdf f2e343770d26fb10 45beb88bff4737ff 0f17061489c3f5ac d3e5c8c9ff1d2eab 5856f7383b4b81a1 294973431936aecb 13d2819efa3d1c78 aaba485243b2558a c3fc533edb5b85f8 fb481291b0f2fe4f 2f84595132a6b62d 0246dfd7d598c7c5 5b5bc050945fee5e e444fc3e69840dd3 8cb4f6f5d606aa14 0613f51e60d76ea3 47fda7380e5da619 0cc49912eef3c59f 51eac0529166e075 dba8f3f18a78306e b06a6ebcf2609471 9a5051d4e7470dfa a7ae1f2f08cd4098 ac8d3f16fb82f76c bd287fa5e86da0b0 b6708c4efb89cc2e b6897b55e643b2c4 9f4b43555cfdaae7 97c140ba978eb21c 8aadb246d3c0ec81 a5023c8dd1d01e42 dc69667855f23125 65bd1bc5a8cab2ff 3b8e2b8517f4543c 9da2ca9d717d6c5b 8c6f0f458d68746f 50a2778cc22a889f f49c5fd36e2deca6 c5ef8d4d70518454 d7e5a886ad675a0c 80fabbd98eb41d45 db5db7f780749c09 4673ee6773554e78 e45498015cf7cd46 1c4c5172b4725738 185b99bbf6d04cab 47b653b1258fb30e dc44477f4321b563 4d21a01fdb6c1fc2 d41e6ee5784ae4d6 f13f25f52b09995d e63b1dc70aecf8ac 3a0010aaaba95e29 372c9f3eade94cd0 6c96cdf930cbeaae 2bc382a358617f69 0c7109d9ce31fab6 680f928e3eb56de1 df43b186dadb8c49 d363ded9d58632e2 eafcf376e90cddb1 904fb19dd2b62d53 72ce3b63d1436976 05a499322a65f95e fd2a3647a743ed62 d672633212f5756c 4fc0d25abe0b677d e90c1b76ff06bd27 6c823a15addc1410 63020f17a6792e76 9ba1dd31493970a5 a825cc6dfb6f6483 608d68a7a6e23805 5e871f12354a3eb7 81f7c6b119d76b38 +Ciphertext: b9 3d926c2c25387dcc ee43e3b35bf89c01 4c771366f204b2f2 1c65bd0c6c77011f cbf13ecce17bcb67 7247a4eb99ac02d4 76920c4d91007726 18f961f47635599d 53ea47c1b983ae90 b2770801191b0d40 2b9fdde9f207ccdf 0551781ab3a5a212 478face8e2b3c8d5 4ba89532daf6156c 49a00fd7066988dd a690d9668e515a9a f86c3862e6212eba 66d58a3978577dd4 7f43c927481837a7 ffaa22afe613b4f7 eb7ae3ea457d95cb 3ab413e2ac3b1002 dbdc3b6f9a375656 c2284bdfaa0b18b5 eca8cc851c5ec898 b1901c88005a5859 d0dc056dd7d5093e 966a4044fc89d7cc 8c38fa9c79507e79 1914208b4adbe312 ca01a505dbd443e1 50bf82d23cc4ce2d 9836e026639f00a8 4ba1cc647dbea2e9 c2494e17976eed7a b805c31b05ad1a64 f2aae08db6de09c7 d45d82efa70d7aa5 fbf479d64b31fac7 eb19487853f3d7c0 76127e9f6023bee1 425bb133c9b9d689 a1e03a32e0e6496b f59257380409ad2f 2fce786465c2e0c5 5990d7e54c3b8649 f1e9aabac2b2cd52 93297736929d4176 fcdd4dc40f9668dc ac49717868e9b8ff 480f7b155b3358cc e407e8928d3774e8 f0dfe10207c80e67 eb78e8241a5dc68c c9794722a698cf23 3e75dfa01ff93393 260e78c7a2b53fa9 87655b9307f4b9d1 017e4119c199e9e4 f22cfae5741c7b3d c752f5e7c026fdc4 6d1ae3f6c90d4e6b aae4502659ef7fd6 80cdcced972802ac 7c1c1190478d006b 85d1211ae9b854c9 cf862ff16bba0444 7afe8efce6675f25 9ba6efc6b3bbfd3c a7970d5125521393 cfdeef55f9891fc4 d25a4177b7c7594d bc770f27855c2a34 16e5b18505ce22c7 52f708a7c4563786 7d28f9510228bc82 d7a88ffbfb5a2e9f ce6938f88fb176c4 15daba77c8c0687f 110b381e698bae1f e5c45d950eae5cc5 5a1e0ea06072785d 57d2cb769da6ffcf dda06eae4e71c48a d62e2791d48ac47b 682e9d55f1375d23 fd1b7c5b3489d902 268edd639ce8b0db e82f3702b27e685c 436e75c145678a8c 1dce204e339b2b31 0d00841ac241e125 c6f6c0d72685985d fe9420f3d695ff09 2fec132c46bd2f11 5b1cc46f137c3a7a 8699c97ac6dfd4df 2b1a600277313785 e24cb1615f507706 a9c5665b0571ce75 0a134b3940e32662 14458c99a06f73ef cd83a0f2280eaa5d fb10166fc8d97930 f7a5995cfbc866b7 b2b1faac1f68d10d e82aabd40a8f5181 c4310fb1b3e650dc ff90a8a189d0b493 a2a1c2eebe58c00f a3f76bf66751b2b1 4a70134ef26324dd +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 899-byte msg +Key: 7715dec7aad8bb01 d126c7385a4387f0 87faec67718f7827 4cf4a2d7ec3f7c56 +IV: 885c930bbfff1676 d8dd3b0b4e1cdf41 8c086de6f50700b5 27cfcc2a81d6ba95 +Plaintext: e30a52 6eb4c3dee82af6cc c8c5ab55781db15c 57de90995411bff6 bb9d17394e0d88e4 98930b597e4dd742 17c8d830bec35d82 653511892c912cea 3248ea43aa8f3d11 3264bed161cbea65 9f5e8bba3a0474a8 b6017119642f7e6e 368a371ed1f290a0 e42dc68cb82c96fd 098fac39156b5e94 f24a9a9124731d4b 6f6ce613eabeeb5b 55f80ad3acf642d1 fc6323f6767d830f c218733996e67249 86f5e06a1e79b508 2ecc72ed65b358aa 21e3d83986c44ce0 ce74e458df0fe32f 232e0b6b94ad5570 16b2e6240aea3f50 2016b44a6cc71fd1 bd65d5382a76d9c7 ed1d505e75e1355b b6b04ebec4245f8b a0059d70510e65a8 37f42e1f9da4bdd7 8dcc988ae89ebc91 b6d19204bae82023 49b67cf45d22872e e628d7566020f528 aa43c938166b52d9 bd1a9b3e15beeadf c5333a1eb78aeb2b 6f09b9259c72eb82 ed89ccb026d05ffc 73954fb4fc2e2588 b984bd3688cefb67 7d9fbad3792305ac fea58a3a41554bc3 814997ad98c139e6 d0afef84f7771ea9 b6f3c3aa1ebaad70 84a2ea1e8f837ff3 8f3e5c7310fe8ec1 b0beb7502d0cbbba c20cbdf0b4bf4a94 2885d3a337e16157 447d844c8d6e8ce1 01b8fce152153c63 4af28eee62bb43e1 91582f1262f85ab6 490df88137979c0e 6ca6a8808d1a086a f6ae20ec5135021f 6723e5b3374ed3d7 45f6a1593503240f 988fa27506a48797 6d475932a8b5ee16 54ecddcedf6d3283 e141661eb03a8ead 2f7bd208e63a21b4 58c5230790c36f8d febdffab81dde082 c5f52e16cfc240b0 d673208155653e87 5e3165b531e8ed4e 0d9d33924624469c 981ae38bbb25a4e0 377d74277aac46da 28920782b2abd01f 2a9561ca56cccb99 03b96cc39beb2004 faa4b6437e97a173 5df0f0b73c9581c9 fdab719cd85dd640 add8b107989a1ee6 c7edce1d88aeb71a a6530a9bf62d6614 2de94b50f45dd15a 3f829a9edabc054c 4462a4fdc17af199 abc43c7809fbe8c7 6357d72ed45623af 60bc0fd288d83dff 1c0a212b5182b5b7 134a6e949c876fac 46fcfe7d9dcf3407 b990f8e9cb772ec7 f5ed2bee5f4e6c3b 87ee8839d85a6489 7fe0a6877a516c2a f1053d2cca20406b 7814ab9013677fee aeb773ade5fb2d27 b50bb892916333e0 b123c6e3ae5bdbb5 4c868a5796545498 31ad1538eaf2344e 91861de70a8df1f0 a1f37b569eb0676b 194bae8c109d5501 b7d857240fc8e0c5 ba58bbce0e570e23 687c45ccc3a84c56 896c0176a8cbe9f0 e94121b77e049856 d9897c8ec54af241 +Ciphertext: a43f9d c8da3d049fc3f167 84d2f20882997087 51b07dd7671735a9 717b03b481f39c6d 0decbba7b4288365 7be87aa3f3fb264b 3180e07dcfba1eef 73167279a95e2539 9fb9a9ce4145fdb4 c69c6066b95fa1ae 7d2c333b08fea8bb 41c1c9f870582e89 c425489271d38c22 6f2d751907423fcd d77fcea557da901b 8f896359569968cc ec2a156424a08dc7 c1bd96051eb3fc74 1e8146af0bced344 3b00d1942e2f4efe b229fe6948905304 3c1d379c781a467d e6cdd375e3aebb33 0fee66ec6b289856 c5f45e0d5ea36943 4082e84794b880c4 29cafdc3bda6158b 30ea4751ece62fd0 240dfdf46bb6c599 bb442f7b21e560e9 72b96d48fa295b5b 692f0d063e71551a 0e1c8284a41ff564 defe5fd975199ad2 ceb93894c0f737d1 cb383a7e1cd1dac6 c2c9a326dbca5526 dbb82d18ebbef166 74fdd205f9eae830 d6687849c0593a1b 9285583daba97ebd 91b7a21a12c01311 84095481539f4fb9 0f9b6c3a99a34cd8 7c25b59c654a4637 b4aaca98834ef674 06ee735a635c989a 640268af9ccdc8f6 aa7e3e325316ab8c 7613e8b5c74b9a65 72b323ec8deb5027 6481f8ddb8f29da6 d24efef2183438fc 00e97e9992325bfc 7ed190bc308455d3 8d5a24c5298d27cf bc0ad8bbac79dbb1 b9d921feed5aa139 ccf0370713fb79f2 197e02cf0df882da d0dcd2a69a06713f cd22c0d2b2a4693b 339db0c25b7c68d2 61175e729898aee5 8cad0ae9241b0384 9da656626bb6faea 704269a06aa299ca 68e80f70b5e4be43 e35a4c2a5be03a7b 00bc6d010fdfb7c1 b3c223511595e6fc e3eb7362f26b81f1 4def745f52b5147a 8d900ecd980dad0a f0960127822a0eee ec3416f28ae2c5f0 8263ebbc81ace0c3 f70a8a0ae59dcf37 13cdf5e4bd2b09f1 4d6c8c94393732b1 e14df191bfa02fe0 cd367b88b6d431ac dcc16f38bdca7fb1 1caba82c74e41f35 35772d16d3f9ffc5 899435169e15b9c0 4f229dcc7b3c6569 8ee857789cfce60b bbe37e5efecde3be cd870fa658b2df5d 566156193b7fa584 e7e41538c01d6ed4 6786b19b4ad59065 abfda07eb84ce7ae c8ad8e6fc817e0bf feeddf59e221bd5e 551bf07c392d7ed2 8d098064153f0ebd f01274d5ef1317d0 1dc5b4deb435cf07 f4ebfa156da1c747 9828b3d916f7aaed ad11723f5ff7cfa7 4ef7aee1355d8b68 5eded923a5c4510f c25944e44dd2c2ec 1e7374e567af4451 e8f4be4b12445c6e 81833324eb91c3c0 6e80c03653ec09c7 7e74431a7a6efbc7 ce043ffe20ac48ee +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 906-byte msg +Key: c70a8f44caf23e42 f06a5f8765772e6f ef5c3b5c2ec6c796 22477156ed05121d +IV: dab4e54a9fc1ebec dfd08dd5f36984f0 eaeef6d4ced1e198 2903bde9c8b05d5b +Plaintext: bf29 17fdae222430421d 49b9fe26b7143bc1 310b6d216c88a99a bba86459ec107e53 6c847f7bb2b62038 db5b0d169284e9bc 332c921e300da7f3 b3b9486a85e51d18 2e089a355e258109 8be4a8a1dce8fcc6 465dc630f5d02df6 ed44fc49f182a662 a3b088b9ee256d78 a17c572f5ce77dc9 b0c690bf8279428b b0720960f88e2018 15a5d06e2a60ed6d 644aa328db2a73ac ba917833a0afef9a 466af61561b29422 ca0efabbdc7b08d0 1d7713f42159e657 ace306f4171a3b0b f5554bd2f6950968 0b148e0aca21c789 152a30fbf61bdeb1 cee7c36aaf632ec6 065b91fe7de087d1 1fdf15c2bdf83080 918c80a6221864a4 67c236fd2f32d0b4 c1a34f00bf3a1747 5096174a7da84e9e dcc58d5b6cf97f18 c19fe816612e2abb 6d560d42844cbfb2 e4621a0cd2da26c9 3dfcdf839e6638f3 22a45f1b0b0043c4 539b542b93bd89f8 246aa86f8436c2ea fb5afc877e06961e d3f92576f65023b8 bc9baa23b6367d02 58d748db5a6329ea 5f066ecdd582a181 1cc7c28deac5d37d ee7e9a92b35fa2b8 c8d083b81e0a63af b128bdbf6a816104 4436bccaaf075afd 326ba9e053df0002 bb7edf6f96d27923 39ea6fc407acdf90 956d9d940cbfc01e cf8a61765e5f9fc9 7b08e6668b64722d 3e720e4372ab220b 5595ec52ca950eca 0f0449ba9c8688f3 4e972006c46756b4 0ae822a67425325f cdd5326eb1304be8 3801e915d5fdc26a 7d5314b70b842da2 e3753154d5c31872 4556f64f89397f60 93a8caf0d06b5514 4f634ae2266300de 1241c5b55d2cdb2e 053fc05d1a57b21a 682273b156794adb 0ef04aeddeabd650 de736531d4088379 54b919002c33edfd ff976cc22fcfa8a6 00219d42fb04b8e0 91339a300101193d 7cec87a0867437f3 9f2e3e892314775c 6f1fca474518ad76 72abea1aadbda361 c3ff94a5f1c399e4 910f7070faf0bfe7 a1115966848cbdfa c800e057a0e42ccd 721bc87735c81ab6 1e638add7b0d892e df20d2067f0bf054 dc5d014fa21fb969 d067aa7e1a2ac252 8c52153a6f10dc19 7074be8eff3b4f6c f6e8d76b7b16541d 270cc223689299a0 230398ee9ea4c190 9e34a568ccc4e12a 5dc9e911f27004d1 bd3198cce6a7a888 2d9f9b61d06f3f7b af890dfbae4faf77 5b29bfaad1d5d26d dcffb5e35d12f6f3 f04da6fbcd195ec2 ec9a80af6d84bf39 3630e29fdeefc4d9 ca9ea0ce957a8bc7 b53642245c4b264e 9d9085ecd00a1b5a 3705d956e263e5fd cf35e1f7568870ee c481f64447ada005 0a92a51aa08acbc0 +Ciphertext: 8928 c08552f25773f212 c76d360f13cff7a8 48c54467d848d285 b70acaeb9fab8f05 4a74ba9c3d0b1123 baea3701e6619569 4a47ef1c86b5c8ff a6f7a56a3d96826c 5609e3e2c5f14758 e481402edfde2910 aff4f9e09e43cac2 5bade3322456413f f7b95f508abe1131 37485f406f326e01 60dfff61b7cf720a 9b8bb00e6703cf33 35947fafac8ec309 82f485871d962abc 4adf9ff618b2771a 3e5d9095a17f313c 2e9661ec94123cb1 f9c6c9f357d21f97 5807403aa21c51c0 875733f88ee54fe9 b3b96d459c3c5eea 1ecfe56345ef339b 1b63bba5ace22bb2 8f70ed60ab9e47a0 3df564b2e4d2a537 31733b016b219a96 ac43378d105204f6 5a805a3cb65d01ca 7b0b898687d1ab15 5946a4d580ce67c2 18f1c3b0572d740e 31c5193919e280a7 f08fe5c7881dd2ae 0c58299b59f5b716 9da553d9fd64d92e 90a6e5f52069aa1a 1a4589208ff765da b67e1bc7c5ad1cd3 cc354206978340da 7ce0898be0c3af84 38bcf38a8d7c13ce 74bde0eae572ea48 01f6507d950b9771 8faee9c25db2bb86 6a7784d4b7f613c2 23a1318a2f75e5ea 50ac36b96da082ac 76d67a758c763ffd abaf94f54f93e662 4cc4ceb9745205d7 e205f87543f87a31 0b3770c5a0e7a98d 6c2d12c6c1140fe7 013fe45384b4d69e 544f4c86c19d8bdb 9f857514a40eec18 fbdd1b3cf127c054 0179ac879bcfb2bd aae59fe32c7dee8a 3d654aadf1b22c7f 3fbaefff8e1e2d06 12a9099efdf052fd 51470d47ce37a275 16c7e852ea3e664a 49d0fc07e860631c 85e27ba7b9f532d3 5c07d6b0135ba879 1c05ba77996392b4 8bd27e3ad5cc3498 303804f5fb2f28db df3ffd3bf62bad94 2ac5cbbb5a0e6e81 1f1b0b6e654ca2e8 7250f9a3e1cd4dfd f77dba984240904a 87765bbad104530c bd563ae5350936e1 f025cd2d03c89156 ae8cbca8745fcff4 c7c23b36cf5c12d5 4f6f82fde6d68c0e ff4a2bb8b70e3ac6 f583f1b4a10329e0 8dc90e56602b3e2f af33e21d40bc50ca 19f68aaeab59848f 6ebefd3009bc8d9b a6367e347fa69bc7 c58661b09c89b841 8faaf11b88211cc9 15680f46243496e0 4d37ca1510d8f067 36aba92fa92cbcbd 99aff1932452d94d d62bf8aac6d6b3f3 e49bf549bf225462 d3eb83a9c04dcc19 02cc7c5323533eff 2d2eb4fd35949e32 72b5977449b5ba68 b42d7d3f96bb5b97 4d0992d8b03588dd 8d82b7515852202b 4eaf7888390e3698 e7adf204aae42df7 beb89b14c425c6a3 b37efa32dd619978 7e90141d3d4fb631 a1f5ff3617ebacd3 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 912-byte msg +Key: d12c39a4dc3ac135 ec01c468e4ac4e65 574bc354e6d3d07a c966a1a5abd555cb +IV: bb64afee00cd0e42 ec879f923547d1e0 e0c8094c9fc89837 5c53eaa71643ffed +Plaintext: ec081f8677a5ca40 5dfbef9d234a5e7c 43f57ef67f854387 74f15b6e721da856 8ba0f335eacadf75 67e61b5258bcdc83 a95a8b1c2f14bab3 39ca5dc16869374c c1b492c30145332a 30ce8d7679a5353b 39809684567de602 d265596aa0319418 b6cd64f8631db0a6 e33eacd4310e50ed 1cee09f79dc6aebe 684ab52fc17ca702 9172d19cb95a3d33 a6bbe03325fe15e0 792c4a3dacf9f92d 2202dbd974535851 7b2c4176aa05c117 a1cf915a007d6c5e 79c3c31e2a1db199 2914313060bd8f4f 9b821c4fdf24269b fe01271268933dad 443ada62bf3bbd48 a40821fb2ec23442 1afccaefffc25307 e2d90a2305497016 0119f9d0145a0583 bc671104856a2f73 1f22b31eb3e430a3 77e0a35581a6ede1 d9e98732d1827191 99b76b110ebe682a d37d40a4a394a5b6 e59d587081b29c56 f330ec4e9ebbe9bc 628396eb70c5c7af 5d94d74876d99a8a 5499923bb07666bd 78798fec210e554a 4050fa5a54873549 e6efe2d3d5bcf765 eb5aba7fb3f9315d 8f49dad605829d84 5aa8ff25620d9841 9617c70e6743a490 d26a36043544e77f 612a34d3f020a9b2 d9120d16415edadf 9493f0bed5788953 32517092dc5d6e6b 15a305aa8bef611c e4178cf39a82e16b 09ebc3aec6638ff5 3395cef1504eb069 d43db6247df7ae09 a43de4851482972d 1ca8aaa5e30b9cc0 fcc0bae83a1f93c1 c67ead096e4076c3 400f7d945865e26d f6510c6ad47899fa b65a9b4142d601ba 12f0532108d3a390 e112c0e80d33ac72 be6e50c640b26fec 88e9d9c20f7de19d e11b1033f0b71bb9 afd01348dcf5dc85 9d88e081cfc204de 9bf7dc344a1b1ab2 5a864d09d1f4c885 d1d0df7d6db25aee bb2623632aaf4218 160b0b5e9ab99641 a6b970695193903e 709a8d5067720ef5 3fd08134f98110e1 22aed00aa85e3c92 ec3ce31c189b5d2a b3b78386733de0e2 520e62bbe3405583 e76692fe1c12f4ed 55980ceacf141693 c3ae2bea381cb8fc 1b692ec191f5fb44 8cbeba039ddda699 0954559a1e06a3bf c707ec435f167e8c c3684d0eaba8e96d 3a3baee1d3c83adf 2ff825f6ac7aecf7 e84b2d588f341ada 7194286ad85f0745 1867d76067da9907 ef0ce3c42277d882 4e0158f2717d742e 4e73259dc0243d16 4fc99d48011ca959 7219f9cd270651aa 20b1d4d9acf974d0 828fad6e0cfe7326 06e969604894531c e0a7ced9642e3fb5 87e309d5e9b00307 347029a664f691bf 6650a171e54c809a 613ccab081f788ec aa205faed0ab071d 8c9cff0d6f127f27 9785af437f4c1619 +Ciphertext: 185e0d1a6abefd48 c783c28f2673dbc9 8d7ebe3fef7ccdf9 f674e4a97508fdcd 8c5548ad03615634 d4071d36a383ab3e 8e6924a230441bb1 c6eb1b66341c876c c7c1a06d2d575fa4 f9c923e7623f9815 231416c96075534c 3e83a63bf533b944 cf7c3803d04779d2 0080b3d8e430f530 2ca5bbf1e7fce06b cb4852e753d38573 afa51e44c1a20900 6aa599aca5fea317 018ed560a0262133 05c05cbbffe5c0e5 fa21dffb29739d10 5a3784773f6f4fa8 a523ec8624371038 7016eeb0bbe0a35d 047ce981a3438138 2c8169696a6970ec 7ecc129648dfec9a bcb5ea3127da915e 282fd88a0a560a1b d18e0cfef20fae6d 65c182265e090acc 478ccdfe68bd895a d7f6f242b057e925 e5eacc0b2ef8545c adcc94888a349eb7 6cb7bdfee2168a0a 8db7829c35b67a36 a03e9c4b7a5d94a8 e0cae6a9f4331439 3904ea02ea21d5eb a6c3c9213b4d894b 0980b01277101e68 0713e6d7e16e2ff0 031d25de75f2cc17 a84b49c484e3b44d c950971941421fb9 a4d097a45ed28b51 5f2847e21dcd3faf 50eb46d6616ceea4 e9dbd4607f2117f9 f33edfdd59ff45b2 78c9538befe8c323 833e095fb0b6aee9 de05dd6b5c6f4718 bce22abaf24a79de 27746eaf3e8b2169 87cc4932391ebbb0 9330912a0efed021 bf3f3a3a18986b68 1f7f80e7fec36262 3983d09064a800ff 089bd7beb6e7213c 64c17399867923d4 a6b4977b360ebae8 25dc5adbf4749be2 b2989bfd3c6a7369 1147aa7103e3e57d 83d87460922bab6c 876783ecfb314c12 cc764690b9c130ca bd1a2f013482c969 f2df871cc07eb366 137689ee50be2e21 9c3fb05ed76b0b75 b5b79598a4524ac2 a5c74212efdb76dd fde9b124805dcc1a ee7aae1f02836e41 9af7c4fd904056ce 593d4d7ad516abf8 6056f8c33fef3398 58e4586c8e57d3e0 dec16136ed82a277 2b4bafc9937512d2 080b78120c03a41b 3818fd9aa58080a5 d34d4b8b7748679d 42debbed10935157 5ba0a89f20b7ed14 c8d1817b58d42df6 046daac3192d5638 9aac350d86bb1623 e5c6212b5c671a46 367f2febb686b5d5 223b047c744d18e9 09e08f94f44f9160 672946b8b8c2778a d9f478f9f55396f5 99c4ef07de4b352c 47f8bb9758c34450 8ecd50714a3846e6 3478ba5560b77631 59c363bf073a26e8 2e3ede3634b9fda0 f7e36c9466e4f041 8735c908d7bce1c4 3e6f17d7f685467e 8d4078fa33bd567a b2b039dcec26986e 6da03500df0f0d2f f0fc168ede56eb53 2732db40db7cdf31 cbe4ade3dbda4a28 64b37d2f06c8c68b +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 915-byte msg +Key: 62551925691597b2 ef3e2b08f16958b3 9d996bd65c25a6c0 10f99ebf9affe239 +IV: a0d7ddf88dcefec6 d90e163a8a1201d1 fb5d8840dc6c8609 7ae94a4d40213de1 +Plaintext: 7eb8c4 a46a9b680f653735 0d7fe95f0d3cb52c 56993a0d9b4ae50e d04666713c856096 ce08651fb41b2151 2ad7d5bc90ea081e c09b79859e0857b4 f1b2b4c8713c381b 20701269de833431 389ac05e828cbd27 25ea0f34393da602 578ef588a82ca61b 42a98c8fb526d99f e0d0918e0aab3e0f 2e8fe66395703ac1 aae210fa0bdb135d dcbbb9d8608b7661 ca82309450cef29e 8291e459da297bb8 94b4ed66bfd3e8aa 95af838e083a7540 9db884b87d7d419b caf8f3602ff0d1b1 bb0e7414ef9c8bca 158cd1f7d4bc3c04 02787742b94193d0 adccfabebc4ea472 c7f78d4bc1bc6685 055a8a5ded983575 a0ccf0792ba05003 d416e0bcaaca5cc5 617820555dbddfa3 0d2298067a56c65a 20bbd8a7fc24e0fd e6de8fa221ed6170 31971578ec2760eb d4ebe23ba47f597d 294d15125355ac86 8c2aeeb8483d1b3b de5e54fd96805026 03bd5043939a55a4 648b900259ba1a66 6e04e5454844f3f0 11d5c52c8252171c 41a0ca686e2f2298 787c31c136db9364 33735c93498a4f55 7103514cd9241d95 379d38f05ec62821 0e29e19611408049 83803be872969834 a7f0dea7c27fc959 8dbb82248ae8ce06 ce9886c8127247dd 08316a8debf03753 5aa4558366ea852f ea03914c1b1c7e11 5fd309a063f852e8 6790d2cadd20927a 33289f29ededb9e1 f67b4bb038eba008 6ae25366295a0732 4ba559e670ae1373 d983a2e17e10cb35 5a2d99970adc9ab4 96cb4b628f21d082 5a77e82bcb232105 f6bd48f241dc24f4 be21644bb877d5dd 8c98d8dbbad414a2 3c0e68df170723f7 2fdf78a65fd82ce6 c95e92126b44b94b f451e41bd5fb3a58 9a72bf4b7be08312 2eef1a43008d4bd2 24ec0c354bccafc5 75fc5668061eac6d 1cacd7b72038a81e 9bf815124b81ea81 77d3bbfb7f961d15 b7a3160b75c6d1a9 69c2966b2d96fae3 1dff535b693e6fbc 691b86ae302a6c01 634d0b4c4c7a11d3 2abfe6aecb83e128 5d0ebb66824c4449 a2cd549485110552 21031f72b0c3d4b5 06a8aeca2286c5b7 032c357abd31cff0 cbf10ff7a7d24ecf 98cc39c7cb288215 a687d60559270e56 b662a9e042777a7b 8c8d9e1dbdf5b142 71b04191c53183bc b16345a899ee24ce 1eb7ffe13aa5acb0 8cabe94ff0039571 53b72019c6664072 d045e5fa096470e6 e4331fc3cd44cc59 7452d8d468836226 e7eabca7f5501ffe ab349d45d2105868 b0def2ce22db443c eb8b53f64cfd7f27 d550fe827a76892a e93855cf1b7a451a 29c15e4c62f27b22 9a5d42fbc4f9563c c4f1cef47e60e7bc +Ciphertext: e6a577 6c8f62f9c98dc4d5 034ce127e145a7ca 79855fe3bcb07832 7c18c452631afbe1 99cd8f148ad86b60 b362538991e2e42a dc7e5581c21f8e94 1c0401b24b770924 f2fdb437e9bc2260 8ab7b50473804c52 c3f962e03679c022 5dd9f0cf62052647 93b0216842fc2425 f6c85a05436483b0 f6b01c94bcb6e0f4 92b8c7b2fcf26dfa 5a723cf6d8b68471 5f422863aa0bb62c 3eb26e76e6b66934 5ac7f29375ef2203 75048d7c3b3468e8 6c521f7bc130de68 813956b71c4d8110 aa4e5f5b123c377d b9f5c800b818589e b2176c8cde1912df e18950a6aac9350c 6273116a5d29ddf5 6d9714a98553df41 1c27ba69c4027cff 685e42c1e8a7b8b2 e81bf32f2337bc18 09c1c263905a823e 2a30c23b88768489 83a0c3acbe8e507f 79c6af3474d1a9f7 4bdad2d0d7df85d0 239438464b782adc 215ed752a5a0951f 0fd302bf12024978 e5fe2ef9445a4c29 9f6e4ae99c05ea63 a1c40495334adf6c e403df6a8084d6e7 6f9e018b02730fbe 2e8ac5e6872ae966 40dec36d250c60e1 ccc680f5daf27774 a5a0080d1863f91e b4ac7707a39651d2 1eb4955e9079b188 4c32ef2a947aeb0a d4e1fe3d1feac11b b4e423d4a6c68996 135f3e49e1e3b2cc ca21d2b58965378e 0c24a84346f8a17e b3da6eb2bf3cef44 c6ec324844899cca 5b3f7413125a5772 e87dafaf38a3a699 cdbed0a1669c7ae4 1da24eecac1839a4 eb330c26fed1718a f0b60f2aa5eeeac2 230e1aac3c92f489 a4141fa5b08cd07d a14daf816146c146 6744fcf0b7a23010 05c551d8fb91b51b 719c6748fbd554f3 a3c77678f5c3b5e1 4704dc54fe339f85 f59b89f07967596b bf8b283e166f1e78 4ab4d170f2ee9cb8 c682bf371d8520d4 e348f3b58bcd9192 3974541845bbe452 39a4e49bebb652d6 5d0dc0ae29f585ed c441e458bdc1b663 ee827c2efa7707e2 741fb34773701a23 1cddcbe7617b2d72 a0c0c661e613235f 151f5ac1e00b494e 0d26318e09002766 47196a1dc4ccf9b0 ecb02654018f96b5 ce802fe965420dfc 25c6c0262356ca4e 5da09e91b56734c2 787f20832f241ce7 49fc25fac1373076 444d031cd8cd0a80 4d66e0b0c378d7fd 35a7b1061f2e3eda 5f10e4cccf8fa4ea 09ec9efa65b01ff6 18c82edf87a7fedb 80c7f7a0a3c99808 edb36994643ca358 52fc0317dece924d 58837a47a4c2eef1 c7e5325236360c2b 11d896068ecdc92f 2ed4b150f8ba3d80 4b5c2243895c923e 286db484d7c81a07 088e034fede27549 d09b38863819e2dc 46a824116fd8162a 9bce2a4fab363ca0 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 918-byte msg +Key: 59f5e20d2ba0c6f8 e34c83b412d9d228 d08d2cfa004e2f5c d6154329979f7d30 +IV: a066c4d0aacf32c5 4ca5bc41c1c6163e ec1cd11399cfc746 06b9b8a2a21b3589 +Plaintext: 148ebd8b7f3c 2737054f3f308aaa b484bad7323a4d41 cb2a89a49b1209c1 ace5be561766334d 6cf6153454aaf2ed 75a141a79695a30d 04af68bc34a055fb a9eda4a6188a4d6c cbab843b43d783f7 213e8972474c2399 3a7eaaebca750d30 f649d0670a1f5500 0afe5b4b53dec431 80029b228b88554e 343f5718a7b8b9c7 59a04a7f334cd471 f296a14ecee83d01 59967e9dab71c294 bc99782b1192e22a 9b9a18d8dc3a5126 4b1c5e2bfa1c77d0 76a13acdee2ef1d4 9834140b512b0fc0 84e044594c115489 dd379aca20a3f907 9dccd8989ee86a74 91b933a2afaac8f1 db1ad6e9cdf86501 6f905e1387a44b0c 97bf5fe801c6b6de 6fd0ddd772379525 6af0d472a5170df6 cbceb1ee7948f649 2c21d7a461f15c78 fa201b92e4fcffc4 f70848db1d97d3d0 b79a9c433cb78124 239b49b40490e4ac fa52f4bb4b1e8d36 4b0d390c7da040f8 fc9c26fa19187407 46d4bc0033ccd7e1 360d713bf0c8c8e4 2ea5b0ec0d59dbd4 627b57fb58935859 5b75386f35cdbc7e 77fa99f81b203634 6778b46515eb2ccd b0e0372e4152b482 2b25c5eb54ba1bed 85c174db144e618f c02f4d5edc7ebb4c b072cf7b1c7a10ea 7e8d6c5cd6bb7d95 28090acc227bd15e ff7283c0ab3811b7 28da26cb3036f4f9 1c5434a804fa68de 287a64b48ecf0c07 ede85f71ca44b577 e1bf4404c6ace917 cc2326b8269c6730 4cbd8979a1719cf4 523ae85a81c82ff5 a3ca3210260476ac 57a2487484ccfff3 5d7a8105a08a098b f610276318ed0898 35a3f7d598672420 8678a4c465b0ba8f 2458553ed641d936 a0102275d6dac7c7 61f19b3d64fd7adb 1f4e429113701f6d 66000c0e8abf965c 1ae5e37604b8f4ec ed5c272fd1ed0045 eacb28c1d435b6f3 ee1aae5c032bc764 2a357250eaae176e a28ea29228603ec6 b198603ef127088a 834d440f8aaef5b8 99a9d5e9d0e5b9b5 482c1450b27dbdc7 3a5cf2eeb26d9c9a ec41d4116770a7bf 2ee8162bfe846129 a7e18650b46d04ae 4ec0e4bb5e30fa8c f29f6949e29865e1 b39b3dfcbbb49832 8652fe7a79579be5 b56c408c3f97abc6 5d0f089f434fb886 ee695046519de538 af2a87b648640bd2 37070e489bcb36b2 f538bbfbd1bc2616 a9fb59f00666d0a3 e80f26ec68bbdbdf 9c3954d9bbf323b7 81c38945d50839f9 aaf85fe22338e1db faaae50422869373 abac1c26e738fb3c cb577b65975a7998 ba096b04ef3aa148 ada2cbe6beeabcf5 2d056d1766c245ab 999d97445fdb6d59 a0d6843eb4959752 c89fe07b8411ddcf ebef509482b8896b +Ciphertext: 71608eadf1ce 6bc2a693b93d9409 b75722afeb270b9f 404ab82d863d68db acc7ce4196b1d2c2 472efc46da9cf532 583cb3aae8f4b2ab e34a01357743667b f168d678053653a6 ff4ba70e37846898 c2e54790464e1d1c 578762f7ee598799 463d6fa5f25f8b78 60a48003e6bc8b45 cf0fe9b72d0a6247 00dad47d0bbd421b 3c64daa4b2cc3d55 40607e96c9ea4f19 c50861ef3936c513 d92c15ad39b17b77 89848570712aabf0 bbad78473cd90acd 23adff114b74f718 dabdb0422e097033 8c1236d38108b319 ffd94e4effc4acbd 7d024e8c82776922 114373575837d4cf a56b869d088df9c7 cdb272236d9bb4b3 dfa00834b75a7e39 f9ff2b47af6103de 9e4199f696045fcd 1cd7ca55fe36eedf 40e77de9218b6c47 7e69483b792b1e83 772d95be40da4e3b 3852f475dd8e2c9f f8cb225952ecec29 bd996a4610ce71a6 1ee90eb3f7e18fc7 370842a16303e0cc 379f05f748a628ce b3bd1ffed9e7ae84 92c312de510b234e 4313a658d8fffac3 83c041808a23d867 2242a6351a169053 6ef2789fd2488fca 91cc989732b6057b 7cd6acc7215c019e 5206320a83abd06b a7ab39e56b214cca 49ee86af3cef7778 651c3f7e52d0f3e6 17c3fd9a33401605 3e63867208881e20 c129fbbc58d065d0 8d0e8c43ec4aea78 f02036f6edeb276d a559fc92270750fd 429c380b6737ad64 abc0cf75121918e1 5c6cb28099e2cd38 a6681c494e85578b c3000ae8e838745b 51dbb716346dff9c 5f308d8aea76f47c 0c1afddea3df4144 af5002793ed90e64 8dcfee10ffe4d553 8f1ead4e240988d6 d7644d2b1ba339c6 cfc33255e50b582f a330a91abacad1ea 6be3cd316297771a da8259bc6879eb33 072fa3dc98e78a84 b1218ce4325645c4 9172c9a7a115ded8 27f9c3c2011c7e33 4bbd7d09f2e6bba8 791770167aa36a0e 762d635e03ba0416 c314abd46be6fda6 3cdf09b2fd1e4bd2 292c747b16ed94a1 5ed4fcf399a5dfe2 cd2711c063d4a454 23aab66f5a1f30eb 0d4e632a2f43e0a1 583db4df4897ece3 8567a1f145cdfe49 c0c13b09b1c26570 b4d1229cd95f0536 c74158966dc7701e 764ab36f510f414d 155e7b1005c6f8fb 7384a4b165c2fb45 88c0fab6ff0bb5ed 69f4de20f7f0633a 809536614a07af18 a3d0e0e552722eb8 837bb75781a4c80f a2dfa8ec341ddda9 1227e69ab55c0bbe 95bf3001a179ec65 b707937c17511467 77ff2debdf92a387 26c9214f89f14104 7ac0406754eb8717 28a75e1b022c2008 bc0d1dc51d71453f 5a4bd9366e52a2da 05b0746fb693e01c +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 922-byte msg +Key: 3de7c875b29da526 06b278b8704c6215 4b2da9bb237e68aa 10cb85814250e4e4 +IV: de73da200991e512 41fd9a45f446de5a 4bb959ad47272835 10e9d2ac8a207ef0 +Plaintext: 2841 63aa05d27f2d316e 8ca1480f30604a8d 74a0a661775398af 644bb584a1a2c55c 4959d0e7dd3f7c0c 3614962fbeefeeaf e0dd68b3bdcb5027 21a6ee01b5c05ac9 767692586510cae0 80e8032cf2cfdf29 87acb4a66266df58 f2045b2122139291 d04872ae8167c4f0 5363b99033c7c603 4f54b2c1ceecee4a bfaf246b506312bd 41199970980d1146 95cfe0e2e8a04b43 221f8c8c6a252406 71ed7267a8788555 b02f2f2611cb5aea 30729fab7b2215f3 e753678f9cd82a93 ee076d9e9019915f 04d45b58566747e2 0a951f725315cd1a 86396e53cdcfa7f9 20453c977110dee5 274d458fcea97f38 0d7f88bfd8411ac1 e619c65f66d04441 eeee08dab42315ee 00e51652e15babf4 207a011b726ea5ef f13b9a3bcda4a972 3f4cf8f0bf1bde83 77e3f62af743721c 2accb20c896316ac 8ee610706c137d94 fda53560fcbfe0ab 748e0c9e782b7dba 15bec41c85e91400 a5645085aae468b0 0f42e6b2d1d9c46e df308136ccd974d5 c8985fd3cec847f4 1ffb8302eee114cc 5d6b346fa82f31d4 a00f7c7a5c15fd76 2ba2aab8ccc8588f e2f4d170a2d026f3 cf67471ee88bd0e6 a07326f38ea9c3a4 2624ce53e8b0efda d79761552d7a492a 4d804647f9b349ab c5a6a728cb5b6c67 a165f32c884ab3db e62b5c3cf7a7237b bffc5973436f432b f8ef26a17cf5a1c7 84ae3fcc165c4d9c f8fae9aa681e5ced 0d24aa282e89676f 2295cbe7073d09cd b747ddbaf8af6425 f34a3129e8a99d88 1f405ef122c75c7e 29e1c081d6fc4d80 2278f37e980ba17c c1645c40df0e8e55 dd98a05387f3ca61 f71b2af74ff914e9 ae89aaa15c38acab 48909178b516d65b 307396d8c5d35b1e 728b34d2dcfe070e 41c129aaaefd2cba 7215f857d2891da3 fe1b68074430b5bf 84780399e4d1cef9 c4699921f523caaf 253dba679e2f0d33 31d63f686cd1804b 142cc2d4cf3b10b2 20c9218e98732d94 4b4eff3082d04c15 afed4384a68065cb 09ed970c0404753f 3b29ea7a01b2fd70 cb91ee39e4338251 62a89be258030b46 4d04aac7edf4a7aa ffd11b6d97abe44c 8d4eb00a2d2158ed 304e700bec231cc4 c7b92490f1d34bfb 5308ddedc225882f 79cd6c2bc66275f3 0329e985c8a83d4e 5f532dec78680c38 1e185884eae79121 77554b2515be836a c27f2fda565a18ea fd1cec65ea7c8f6b 4a47b3b977baa82b 6f2f757e84fd275b 55996991fc0155a3 895a8a82b0d77f9b bede1714d1667553 49a411c17ae60bcd a3bfc03324649c7e eb562fcb304182d1 6224ab1e61b39fa3 edfa48735f42d7c8 +Ciphertext: 64e3 822c16053c81a29f 09df6a9a658bf0ec 6486ab8a3b8b9d68 f93cb2c3bb7da5ce 10fe5f6d337cfaa1 01b506b1f5616ab3 99025f739f5be94d 577358a620c5efae 4eccde0fd8d4efdf e8e381b830e45be4 02a9a3b37c51576c 8149e212623f58c6 65331c29b4801d81 d89404d7f6abcd44 bd06b01daf035094 68fbf37f0276d475 37ba8518ce97e559 212432e2943f0659 2a2af5957df5c591 2a86b60c19a667f4 579e9cfe2f7f41c5 784a53a42c3043ea 9eb5261c902ecb35 5a12d4961214a9b1 180c14878dba99ec 790d69eddeaf468e 7d543563ceb7ecdd 9976c95e47164940 977333ae85780757 f317a92dc02dbb24 95a39611add46c90 389c1c8d58e95a65 6b32f74e8cf9653b 11670d44be913e1f 71bb874dca7246f8 14e1335971c14231 0e6298f93835e181 e85e67bd78889cf3 bb9b0e9fc4e56f66 700cfa69adcb9dd6 2e125a308f6c0967 727232c57efc1e28 1b4633c057d52e3f 1a8a2dcb9b7ad1ee a950bf62491b3312 090c3d66f3b900fb e5345ec34c3f1788 c64018c9c1c49adf c69a072cdacaf961 f2ea84fd8a2512de dbdd4f30b952e63d d89f767ba6c8d830 27bcc96346f1edb9 da6cc03eae88f878 d1a589e3e293ad92 36e9990f4a29835e 37aef6933a4b4fbd b686ee5cccca5c4d 8cf7374c3c873208 ff2fb28dfebe4350 5fe3a21af3f36965 16fc9acf001bab65 aba6d5cfdbfd7562 dd683faf1fd1e1d5 637c2b5d3f54bf11 af2fdc500cd94f0c 38a9c4d7e01c8979 8ccfc9da679d8341 da9ac7aa97e680c3 d2c83cb6c1c3040a 1e61a8826c87e814 969f1a25e7434296 37a401643ddac794 793cb68029bee0c0 ef0b3653055e99d1 516aaebf06bf38cf afe93f84647882aa a6915f6d10ed777f f73ccff4d1b5c062 a9f330d70a943ad7 7a83026cb882eb97 c7f6f66ac09aa52f e5b6e9e50a2849ab d851ee79ea878f69 9668962b621d4a95 610e5549786088fe cc53ab83a62183fb 319d9b071eb13d73 bd074cba8191cf68 b3382a10e154feeb d65ef21770cbb529 5a31ee77675ab1a8 040f887abb3be9e9 21a46b3148f52873 c5f652ee5469d155 64f1766c61a99173 b8c300c2aace71c1 6ab8c00cdca8dc0b 964376f4d178a08b b39cf1643f913f68 23719a8efbb4b33c 89f23f29ca475787 b0b4eb7f484f2e63 fc53e80878d0b2b0 fb8b01a3ff8e02c3 31cd9ee725d85d42 5a9e4cfa750471c3 d1c5e973510217b4 520d64bf65348f35 6ce6e5386a552eb0 09ea495725357190 6cabcbce66972ebd 83c4f9a811a6ebfb 4ef1c324acc4ece0 9d1fdc479aa6881e +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 928-byte msg +Key: 385c47354c93850c 5801c9d38240141e 63985e8d69cf2343 79411e9ad9335515 +IV: 4e64559781e5bfd2 a72b030161636cda e1055dbe4facda34 6b25499573c57a09 +Plaintext: 4700e6b1cb383426 8dd30223a890e17e e81ba15d2edfd0a6 161b7db7d8384158 6c5a81edf235edf1 50224c9f1d717cf2 be01b4d0ce0f0d82 c44c4168cf32b2eb 0597aeb2bd83f119 393f6bdf89ae441e abe01e81f7e59ab1 bbdf1d10225bd4aa 5ae2f569f5ca4888 9052e749b3ef42eb f9e065d671087e1a 43fd9917975daf7d b261df7862b4fb24 9d85464765db7c3f ee2813390322c1a4 a6ce3ee6f7dd4b4d 573cf348cce711d7 a7fe1240651afc04 d4e1af1177d86c39 2a7993e30986b100 8f9cb941fb0b9287 f8e5d29c7c55ca20 f132c2c693d485c0 1927217797fde880 a3a9bacbb7c9871e d6630fc27234ec7d 8e44d3c020be1720 b9ff6e0a67edf8b3 db8a7d4fc7c9f783 8aa0501c0f5e6c01 f23f6a66e53d2743 532a040543fcea83 7e688b33f4b2ea9e 5cc31d111b7c5196 674a1022acfabf10 2ecf6bcef1d2c5d7 d66a6ae1062c6857 93f4fe095d35a423 338d4b5b3b9de66f 941729cf39189196 29b9a4bfc5e17a96 795d7c6c9e326c8f 9f31a67a5bcda548 cb2ac86fe57656aa c07cc137f8762743 54231ea3a61ab1c4 f35ea6e5d4320383 1c2fd015bb931dfa e3dc47b069967846 6d716d143d967ca9 773bd5056e750809 cf4ec72b8518ed6e d901c092dee77387 0c6df0282b4ed426 73f1ba42f13ebcc0 2cb1371809accfee ec12b344201122ef 793f2f4737e9c123 2ea7dd0524342891 7b7da74410f8ca62 6237a930f7bd8d64 fb10b2da2b104b88 f186c7b4d0005364 03dda01761a4e6b2 849a29bd2a93bbcf db080247cd6a7b3d 04b6ffb9bd4a4522 0df7a9f9c6572bc7 9a60bb53833ab419 624ea6f8e6a0582b af5e0d7ab3b907b1 e1f34a5205b9a287 ecb4e75ac85b8028 d50b26533d59ea38 3aa77a617af5a0fb c7fa0b8ae77352db c1bc363ac29d28e6 7f660bc29c3e3a4d ecb8cdd4d9a718e7 07347509342d44ab 63a02f5c39a9b33a a788dbacc9f64f53 0eba8e3d9a77785c e8c80f37b48e7ee0 18895b26f526290b 949821798d2a3230 e8d44603830cc744 b3de617d2e3f0a60 299f4001bdbd9243 8fbf6290b082e9ce c22f7c8e5d0f0d86 b1a0f4416ce8f015 de0968565a16f7c9 e025285bfaa57e13 e4f2b846ef27520a 27344fec343036e6 7ef05b8b95d85f85 cff1fa41333cf8e9 9546829303fd9fb8 60c2fbe74fbfe6ba 537b9f0a34abd35f a44c61aa22ee6037 1f5363dd5f38fb78 a3737e99853e077b a3d3be39ff395a3f a65de4fe9064bde5 c840e28ccc816f32 376e62699d55a210 b71f4082c027fc0d 1e4d0ba6454617da d9368808128002ce 65dc2ec161abbe61 +Ciphertext: d6554523b38a3691 b684ff197a66172a f10ccecb40212154 c17d7d47a23e71fb a99f95a43d7ee80c 74c1001adfe99b0f b24bf7095807dc49 a975a06fdb282509 a96d3090be3c5741 befc532a5a34835c a6dfe664c4af1e36 9ef3c4578bf63287 83c6d525ab97bc24 99b32c27005aebbb cbd72ca3f2b9769f 6b9eaf24c6967ad5 7b955e90644e88c7 ec5f49bbdb10c5f2 0f411ab212127b41 8a9b8e1fca18c34c 698d29a2d53b8387 10cad5edb611635f 8499eb05cb222445 05a102179417c958 c2fefe589a6b3923 f1e79a7c3db13b6e ba6f1ce8c7dfadc6 495d0b1596ea736c 8abbec73e6bd39a5 c1f550e52a9809cc a8ac40c19addee64 c263be8440fa2ad9 635d739719b853ad 439c1fb9b183517d fb827b7970cd5894 de4de0cd8774d372 d990d8dc3b48a7e3 6b1a52fc308c4ed0 4c36312a06812f67 48d20ecace63f78e c91e49947bf7cc9e 644dd85eab41dcac 96fb6b02e2753bb4 d01c1a908e118a1c c9ec0dcef343697f 1ffc7bb55e66b2f5 7aabe2d59c84cb54 8eb83aa5a9f14f7c 7001bfe024861dc2 57e1e9c8eca5ebf9 37f3ae71eb0e9f56 10714deae0a8c3ab cb1e54f57dda10e5 95621b980a9cc9fc 612eaf463ede951a 53c38a80b297f6ac 693c9845ff2ed21e 5c6b79cf2d683e1a 8543018cc61fcebb 928c5d2b68df152b 420d7272952a80ef b9ceac3349752514 b2d62b461ece19d6 aba3dc3f15b3a57d c37a1d963a3b8bd1 403960e8e43775af b880780f06e75474 68e8c710cd3729d8 a45b976aa9e11ee7 a11177035a95bb7e 65aa065cde3ad38e 8f9d47db4e637201 2ed2733354f1cb77 184c2626d7638228 48948b1e28745089 de02ec57f8eb32e1 373da795aaf1d4a3 e3a987dee21d3b40 491501886134ff7d 8ac8d89b4b2cc750 37f39a0817f20230 402f17f86c9a1501 c3b02e74beeb0a63 68c606666ecdb418 991a6da804636da4 23990cf77a8dc34a e8e1b38ce528d49d c2b52fd669779b4a 673378c42f4299b8 e8e6d7f435f026b4 4cdc69dca7a85181 4ef25048d6fe1424 67a3f957a73e454d 70812a20260fd02d 579449c0b8b38ff3 9919bf1af7121ea0 d2e09fa7acf4eaf3 093c05584a7789c2 09f60d1752650879 e35575ca94cffbf4 afc5c5e961320b82 bfa2e3854a6191f4 cddfa029b9d5c6da 5598e08d69562017 ff88bba814d3de02 c7af6860fcbaf7e1 1739e84136151950 3a3cbfc35f21abb8 935f03ecd76d1b33 47d42e15b40965b7 b24f43f984427a03 f84619eb600b6920 9f59150b5bb5d823 ecdf9278d839895b 3c4479333f16bfca 64e321f39cc41ec8 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 935-byte msg +Key: 88ab4c3d20c1b154 435e08093b770099 5cdbb9f9dcbc3475 e56b0897e963564a +IV: 3689fe3fcab21390 68668da4ebe43e52 db6508493ea54caf b0a0a508b699d75a +Plaintext: 5061028ecdd61c 1ae3aa9dddff667c 4adaae5bc94dc6ff 5a6655027cbb69cc 4dfebcbff2d236b2 39ddb2a17d1f05a2 cb823c1b42b22633 c02e1386bba0da1d 6c6a219d3381d8be 377e07ff4df2ca99 1bfa99b17d14cdd1 273160998c0cf5b2 ffb918041881c629 5aed30211221bc47 826b4d833f1cc4c2 d897c7a3b8a7c173 4e16295c6b7b08d9 eb53b56d9753e395 4afddefb537212ec 1b87cd0c081a4649 a0a7dd0df216a4b8 31d71f4da331486b b9d7d68080bdbf39 3829fc3d410d8c1a 3f94bb7f76fba4ad 76a2f528fd63f2b2 1922bd798da5d490 76a6db9c2e279cd0 71064c1bbed10f9f 00dbbf666e90e950 b005195043d458d8 1e26f29296117d51 7f2516479441ee78 19ab066ebe60362f c7a9746c6aef53fb 78d0ca8840733787 b118a36cbef3481f 073a50aab57de035 a5365535caa1cee0 cccdeae4f5f3d358 4e087bf3058e257c 12af28811a8cef4c 94d345132a8fcf6f 6245da0f7d3c58ae a01c244231bb8e77 8433135bb7386c5b daa8cb6e53646190 815f2372a0f4ce70 ed7d28c30a2189f8 a3ed9ba052265e4a c0de6fae0ec6892b 73434c7426c43d86 7e520fdd576921e7 b90647b9b401cd01 8e9db93b215e5128 7e1add7cd653aed7 9bc45ff7e23a5b2c 0ca59f0ca56fc267 8c0c327e54d3c06f eb0c5ff4794a284d 8bfba27b713d41af e4f32c02ed184366 025461dd71cddee9 02405943d750b4cf 981e5fd0cd19da59 8b18750453a65be5 379ccec13ef6b47c 0adf53d1b80e5946 08551f5ebe772e10 483b0378a0be0fcd 740d029385f34911 4d10d506e42b1f98 24ca698d0cff46bd 62845cc79c0a6904 01cf84b90c6fa691 11fc684a22500eae 34a2c5c57e582949 221c0a5a0f327073 2609dc9d9c10d1e2 9fca93053c252f70 8008bb6edd2bdf9a d02b9598c1de2c02 2be493a5fc7ed4ee 3fa3df9ff85189c6 4f22d4f0f11f719a b4d883e87ab5a69a 5787303bf662b79b 38afd3801f7d2499 eb1897b382dde62f 154c5eb4015fe521 f31a3bc6506480d3 d415f710795009cf 9a138d20580c4643 3dafad631f85f181 47c73daed32b397d 59fed3b8cd733f52 a53b3c9d3a559abd 7228f95d9ccfd3a0 9bb4bd5a4760e981 1091f0dee58dce08 54b72e93f260e985 fddfc90940e49268 3709433474aa99c7 41f7d5ec8747bfdb eeb0eb6b46d43b83 26fda5d1d26d36bf 62ef57a321b25036 34570a487c4919b2 bd4df98bff5a989f 34aa151c1c11c88f 668e820f182016b8 30da185c8b3ae474 07b7e25de59909c1 710da253e4794fbf 890d4be01f9bf334 7fa8868e7ec3290b 15152e47bf3a95d1 +Ciphertext: 5a45b74af376d6 d51c6bf73d3c2a4e 7ed651ed1770fb63 0b2dac37bfb591d4 92e413abd70e5761 1c2c794597a83791 7bafda3439b8e4d3 6214f0ef106874ad b609159f0cda84f3 491ec3a6790e5623 d414d269b18648d2 e1212015081165bd 5b3aa32709de01bb f86a1fb5ca71ec89 c4423c3e836dc9fd 4abdc84f51bce8a6 fbb19437f5b34ca0 1e9b9083318cebbe 9e1c866ff0a8a4f1 fae0d5aab71d32ff a5473febd483587d f4c3f272f285a5d3 9507e0622d6b5344 c51f905f7ee24972 10fe13a62d20dde6 2838947ea3039b2e 65b6930c2ecd4f12 c7d5854fcdae2d2a a97d7c12c4eedbc7 2774e921d2b718b2 cb5152186e599e53 b6d1ef199bfb546b 1549685b9aa723bf 2712c29c206ae448 37d6db874c6cd738 65ae35606439c971 0663e47e670c354a 35127a5520af2596 d28e3f323785b886 fc374d56e7ae8da1 1a54e376b5b67f3a ee578353fab37082 95b56f9e0e9efe52 a281582a3a49cf69 32327171e64418b2 8101126e823bc77f 51fb72b9fd22579d 6f231bc26f9e91ef 49f01eb189299427 960a660677f6a1d7 fe64c5597d5f3a15 713f86b33d21d231 d5f98a26079a8991 581665d15881ed23 04463405b3022d72 cdd941f3b7a7ccc4 241dd4d02fef519d b101754f9bc90c21 1d521dcfd84f80ce 007bf4a79117b2bd 4b88d0e67709d667 e0439385668ae16d 7fe79c3f8ee63823 64e444cb04bff62d cc6e0ea8d5c34f90 e43a5b1dcc406926 9487ec77e2c84395 b093930764f8389d 9b86a697b209ef51 6464e1059e0e9769 52b38ea7f780ce80 1ec4677eebacdb1c 521838af48bd34e9 b3f2f445a44e026a 917f5d6693a76533 ac33a9d395d8241b af04cc7a57c8646a 71f41dade801da49 c9308005040ab8f0 ca98474297f26f46 37753c68a5e66fae 0cd09adf94ea5fda f36f9be60e073ef0 872bede52c43f94c 7252b1ef8b2b0111 6f03d0f418640c08 63f75eec6c240f42 989d41b773bb2c6a 659e4a45812514de 117704c70ef75343 ed78ce06a24f8c32 bda781972bbbd59e 528c23467e86e28a 44c100a4b66c52d2 5d8bdfe139b954b8 35c9c65117e3ea39 bfe25b7bcf141378 66822898d325ceb6 cb052663d8a0e626 224da77729b7c85a 8791a92c49fb44dc 8b23850c85b7c39f e1dc1946bce10953 61294fd6f1f240bc 543b86ba4f451236 c35cb8a5bc04a815 ce328a1d83874183 fe5dc6e1fc0fb3a6 22bbaa1452b74c7c 4e7c2276c8793795 9f0ae1352d343d7a 5dacf20f006f1fcd 3a0874b5cd471d52 3ab3f2e49f4035d7 232372e6456fc0c1 d9c4c5491c716206 64c0b31dda1a9fc6 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 938-byte msg +Key: 4fd3dcf34cd33714 943b7fffcbf09367 e8dc481c8bef5e2f 9063b357e445b793 +IV: 97312011335ddf4f 4dd852805914bb31 c3a3f12c3b3e559c 500b087340205b09 +Plaintext: 0e43 8705d6f39f815ead c269ed6895246062 f0777a1ed8a67cad aedcf52ea5ccdc91 7a99dca05ff3ef3f 38842ef2098ae8a1 afc5f198cf933cd2 0d5aac777e2628a3 5f93ee6907ee2918 1a97c5bc00a982e8 95dd47b322acba01 8db40d04cc5d1a02 9fbcb3587fb833bf d16b59ce60cb57c0 0a892578ba391bc2 96b4bfdc79badc35 a3dcd474af9936bc c6c8932e13368eb0 768f33ed7d828a9d 90206b076b8593c4 d2bbf8c57fdb5a98 60751be6ff325041 42b8181c54ce2d1b e3c1b88e8c066a38 9320c854d8c5c6da 063c98fe0e09c5f9 d4cc7d0d27672cc3 f75f4f78c2858717 50d5eb28a09ea30a 22e3b37c27011463 959309c7df93b01e 34c2d7cdf74912ec 70a00a49c1af18b0 1b33136a31646604 edd56552629be1b2 03b1f995129b343c 5b4acdc021404e55 59f460cf1678e266 455938b69ac7e60a caf55dd9fbc31491 789bdb94aa986d80 44ee44b4bd86b110 03e82bfb6e5ee8ab f256aaa19a09dc72 315addcd42019cba 44e865200ed5fa8a 914ae62ac5aa0e1f e49c89f3d7b4b168 ed517a74d3c1038a c1ac6b1bf1afe65d 5547104b89f181ed 078fa1d99a0ebdfa 15465b904421cb78 2300ffae4e5a9d10 b9a65164a17c689d c2f79b5acb5d28b0 0f0228297d691c0c d2adc9df0d1f462b 2331537ff593ecb7 7f9b1e7e52ea1a12 444d884866e11dcf 367b70b816460936 fdaebba36d7d35c4 a544d34e17fdbaa9 1cee23f3e7d1f748 b7319d4151170fba aee634d9f1846a4c 9cba61d102de30fc 00afa235e880d100 be99f781a7da803f 9ea1642869eeb3d5 cbc57210fcd4a593 5656ad135137d47d b1792780fed6844b 35a7f398bd0439e9 9c2dab11eb2841f7 87aceb970a3e2849 fa9ad44640544168 dbbf8a31d50e240f 76b9b6deb9232baf fc7905c8fbddf4ec ffc4a7dc539ce21d f8b3d1fc99549cd0 c1333b7f4c0a8c43 1c85a2ae0d5c60ec 2abe474921f68df2 f4496f00f21dc8b2 e661e1fa8e288b3c 4e976b52260296d3 e2525e9590aa6b70 374a0d45c6b3d03f 4b0b515965c45121 fc7908bb2f18bb28 8e4691c98affa31e 297d52d4ff5cddff 59fb33a4bb25057a 8df120f111e6fa74 98638aebf63e5d85 33ace7b483611779 78f82ee17794d0d0 69c85bfdb2b4793e 6771f106bbb0c32b bb9d73ed3c0aa535 11c9ea1a8159daa9 f8c663e6fcca600e 63386d1fc39afa9a 2b199f88109eafbb 8a371056c1bc4a90 a1b2ddb4d66fd86c f47fa740f5472d5a e9e8138ce9675f94 4d0a489e1f05480a cf55747027ed09e1 8210477039fe82f1 5fd27601aeabdb47 c00a39f9837bfea1 e778ce21d98a1af4 +Ciphertext: c4ec 5981c7794444a61a 8ab12edc8da129c2 8508516075ad12f2 bb3903057bf15076 ec67faae6fa81cd3 d0a348f7370fa749 35571326307b08ae cc651dfcda59b8f6 ed7904b3a93db2c9 399b60241dec4842 778e8d7c516d12ac 0227f7e0968e8ab9 8b399c6ec445e9f5 aa51342f09c716a0 49e0a97101c2aaeb 4eafd0e6c0df07d1 fe76834166431a21 c000dd337fce17f8 f5c630ed9dfe2e94 75b6327768138fa6 e98ff40714a019a6 b20ccacc169ff018 533bfd21e936cda8 da87057e41621bb0 fc3814ca3845234d 7525d17332c5ae89 58c54cf580d936b0 bdc716ffd5c94371 95ba485989b1de1a d494ce8131eb978e 66b6ca7fd16bec4e 0741e5592fd6d41f 4354fec1566fd5b0 17d9dcf72b344fbc 690734b3bd6b4dd7 7eb8389adb8712d0 bd2786222ea503d5 4026a7f5bbbb4f5a d047368890bb0119 5beee3f557febce3 617c1d3dd37a34a3 e1f99c1d50876cb3 a40235f9b363a6a8 36f861a2c6ad653f 9f13f59780fd3f9f 03dee19395f288c3 d823d9226f910a0b 7b9902f4f8e2d05b 427314ec47509c8d 540c3669e19c3d90 1ea4fbbc594fc6f2 5b9e1625f6789f0b 62e3fec6526018c9 dffb0e7aa7be23a8 0ff83ee52e76b4a6 e81247edb7c780ae 7843a6f55169ffe3 68bdf225708bec7f 2bf18f8789b244c9 b19121c3072f06bd d5dbdd6cdfc2330a da62855e1dadf5c0 9c5c534c6593f402 9cd8675266658036 e2eb46d9cd3948a8 ec20ffc433e3ec3d 67c191d7c3b742ad 000c1ca04b1b3490 41b957f1e596da25 a5e22ee49ea698bf d0affd6763d066e4 19475df15360f5ef 2fe8f24781d94d0d 9f3f46dd182a35e4 6af8c47e3d649e5a 1ddc359f5b2803d0 a9fad9891dc2f935 38923069feeb02c1 2da3f6474a9ebd6f 88d919c41b1786ef e93279ed33a067da d7dcdb8cbe1b1d7f f08047481ec61c66 a4cfa041402f903d 2ce5ff3c07c85bc8 742a4daedff0b66d 7e3b58ae6a97e196 277170f0ec45f21a cca495ca685480c3 2a6128744fd0220c c547b814a3d43637 c958d0cbd88df00e 8b8c6637b3e89a0f 8e9d809a7fa28152 7f539dfcfd480e41 810e228cec87659b bb195eaa4c0fca59 67228273dcc2e1b0 e26febcc2b7b5dca 81452d7748d0239b 988671dbb67a5e0f b9c7258d3bed8640 a1b403eebce7eab0 b2844f7b7debc18b 1ef58d7c2efb7ff9 989fcc1494ce34cc e223262b5a9ec3de 8e6a52f5fe70fcfa b124e8555f7ace3b cb6e6980151d548c dfd21b65bd72c965 0112f20762c23008 584574e27c82e8d8 0dceba2a574eda57 ac210cab009d3000 8b857fe4d24b3543 b2d26011a2aeaee4 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 943-byte msg +Key: b1f4b8770621e9f3 9f70f047b34b5c4d fe8c6fd56792dc52 e193cfd38f332e35 +IV: 2b561e97a833ca0f 16ab609bc7d85b5b b0e808fd112c4378 596c82fd447e162a +Plaintext: 4616ad822ce01a 1a01cc59942eaacd 51e6f6cde3c1f55f c1a701433ff02034 bdc9dc6a1eda4f63 7c267ee31932e83a 99695ec56fbf14b7 9695f91981dc4410 547e4f5f54f9a92c 9c4d67071319ba28 9a01c7f88a52b2d4 5de9fc0dab511033 592b18930dd315fe e4402fcc682c4921 bc75d96f1ac4f73c 806cb426a595ac24 3299df0e2faebc60 bbc67f3b01b3bdac 678f3d31085b0a79 65e6c66c57f0416b 49904bd9a3d3c6da 89a6ff5ac6f63e52 03159b463d601413 761fdde7aaacf791 04d804fb528a5af4 b7a956339f3cf299 f8d09ab7a01a3c90 19de9fa08410f51d cd38b37c231ba037 ab972cce75cf040c af88e38b18d3ab7a b8edb49ecf636497 0b790065fdcdc12a ce382b312ef59a30 8e051eca8fd18858 ba12c5e971ee6b87 256392bdcae9e556 8853f966b4f7dd8f fe0ef27dec5efcb3 87167a8a54f93376 85be128c71b73341 42b23e75ed1df4b0 686d07ab17c02f12 87c07a885ecbe4ec 925227dada7fd475 621ba364c3ae071b 32e8065cf73f48fd 22da6eeb79aea56f b4e77ab0ed89f07a 5257cf3d1df44059 c6489798762570fc c02afdbc8ce89e89 5344b215921caed6 782e6c08e235c5f1 8a5461687bb8ce98 c97ad0027ec2f8c1 d7327812b1823613 3e671fcbfcbabe6b e8d60dd3ef428b58 a5908ec53984db9f a97974ae3201b1b8 0bcc929052cb5450 479442e2b809cec5 bc34e00da4766eac 2fe14df1fde2474e 46236d5eccafae26 0e58a99cbf56c065 76306ee3a7e0da6f d232ace3fa6d1f5c 5935573e52b0f678 a7e8ea09ec7088c3 3c4bdf4e2a094671 fa33388d12e9626a abcaf936cc1451cb 790cac3128a15064 744cdc57153adb38 10ad9af62ba03701 a4aafb512224e9a9 ec8e971d592f3dd2 88fc0c0550bbc14e 7a6879262ed8c7a8 ac9c04943d28e699 683554d468637994 de231860c4d41f3b a22c7e2604da39e7 2b69bc0903687024 55c88b5e3e852c32 e089a77057cd1d85 eec151fd93eeb646 89d9cdb75d2badd0 1b10e3c4c1dd7d34 f4f5623ef2ede5b6 c8ee99b3c55b664e 2eb4dca633bbc828 22d5050ddbb29523 8430f0d17e7d9c55 977cfe51816b7086 83c294df6e5ee7b1 d3de9941734e9c87 f703fb31e1c56deb c3342adeae64fd76 eecb9a69f45d33f5 94f5466971f7b9e6 b5332867050d7eff b4dbc262368f34a7 d896994caf00d37b cee0b48bbcf614ca 268b217ad09df719 d13c71e600343ea0 aaec3791868eefcb ea688cb23e93d6ba b2d28e722cbc01c2 841edd70f49b42e9 ca951c3f6051b16e 4e5576e3de15273f c1cf165800b4c480 3548ae0bfa0b690b a259f15e278f3feb +Ciphertext: 77e63e35c9962d d471a3af09037a2e f2376f6d187a401f dac9e6645945da71 c49b38ab97857b70 28a748e1a8eea87e 2e20b932f97db9e5 9944bf711f7c6ac6 7720b52df1980465 8c75d5f4168eec9f 339d3970d1d184a1 fa0b406cb62bb087 1c8063d166852ff8 b2a510ed96d770c4 26443f0e9b946266 c491da9c1daa2077 bb86682edeaa65e1 2ec8908cd0b77c8d f25a9be8d095229d 5c022495a6305985 0c0c7d703db46757 16571e08287ebdcc 109d6bb48cd549b4 14a825681ef23fea 6c57ee04e2a7c245 cbb69cff565a9233 54c3490f03ec06ba 99d079628b37e7f0 5a494797bd5c0fb3 181cf6f3f0da1460 6a60c81f3931c36a d80d2e176dae2c3f 0ea44f338ca438ac ea7d78c5b6f7e226 3ec32efd6095a016 f718ce3b5343a672 f104014048ab6423 af33e3ef11c787bc e3cacfc5e18e3b13 6ffe28df6e4222e4 5661b4e528f521b6 1fa1ff04b21412a8 2f71eb906845b9a6 9dce5ab6777df8ec 1e47010cc9909019 e22f981119230ec4 a28609f22440e3ab eb479f5d1c2fd02d 32095e53e55391fb 406df92f70c03749 1ed32f61add37d7d 38123e03bec49501 4868ecf650aea3e6 09f58ceeb325a5b0 aa16dc6b932b3d88 b71b4d33d80283a7 26eadbc342854f45 571900f433c59fe1 c944cb9753a897d7 a1ed64af3ca80479 20fb5a09b0690a3b aa9bb4c144f426d2 e19be222d7f47fac 2e75b28db21a820f c52077748d0cec21 735c105b20f2ab8f e39cb96c757dc385 e1b0be7aefe0a7af bee1e3cb10374580 801644278777cc6d 2642f7791c67113e 8dfe3c0f51f877b6 2d90cf328d663e8e 29f2db7488a96c18 f73e898240440774 42a9a79b6f44261c c354c90def3124c7 b847e16c5f480424 329726fa856b0497 c4f5b96eb19fe0a9 1e84eca7ead54e29 1b27618df49f1ed0 51de8e564356d039 d9052e7f82725ee8 7358223bb943c5c9 b3666a3f1754e471 02db3c58cc9d6f53 8a1f8d0479951c36 2bfd6311064e86ba 10b2851d556fff8f a627ce1bcb27c23e 0df11063ef8db396 1329484d105cdf0e 68219161fe639d2b 935f4068d7f2ad2c b144758341fee251 435584fc10599fd3 a00808f2fbafcaa8 2f483215df6b078d 00f5e3d855cbca6b 483377484052b1fe a2855bfa9b0cda58 4e5ed45855f2a4bf cc1241812c1908de daf0ef57452f17ff e58e9ce4b2936035 a4784e6a94da054a 6ac7f2f18266bf39 b44f394453b1d724 0d364cc56351cf57 aaddab41b505459e c13acd5426dfa201 fe477103837f9b7a ef949943def0153e a73707f827173f1e 814d4802643f043a 5d9fd25c961f0505 2063b8d83bd185f9 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 947-byte msg +Key: 6f192884c62ee0bb 4b623334cb67de4a 838dbcfacedb8d98 005ef7c291c1ca93 +IV: 7e1e8818ec142508 0e1a0baf4a12612c 97228ddc2abff716 510a10199f609442 +Plaintext: 492c0c 83d0009610e0e5e8 5b79ef93434c1485 88683dd283159eb4 140043d0db99ecba abba1bbc3b896bd3 1f9f23fbf76a0bac e7cf7fa54714c1e8 9bfe9406c536069c 79f18d1ef2d055d3 e305d921b1b8b10b dfa9aaf8ca161cb6 96df78be68e821ba d5bf7d449b7f4bf1 8ff4378ed7ffaba9 593ce95473e35725 edec19812c77e51a a86a13b7a05cf434 0cb265c9d307a48f 3ed2623fac42193d 886d9fd679aafcc6 d83b79fe6730f9a4 40878c5a0b9842c3 74b13d43ddfd0a07 4faa3246b74a0bc6 4f7ad4a15ac20149 14bdd4cae97a2d4f e521a3e86cdad38a 2beaf8584e1fbd20 f36f4f29dfdcb52c 709b64a0d3740e3a 776cbcb5c2a21ccf 02771c94a6f1b7de ae620f1d6044bd54 3d68656433508d8d 14d9af32471c8cdc be97c4822788a408 679a3f0544c3c0c9 616dfe9f70d4514f a3afa5e76312ccbb 459319ab3aac2aa4 0660056af3216794 c6f258d8f2c90388 0c37c55d7f4a8474 81b342964524f1bc 72fc89d2d52659bc 523e9a9721f64a41 37b9381b018e5b0d 583e67cbb2b9a257 95b6f4c8529a3e49 ef9bed646525cf81 0c7c25a953a4f990 b47eb2d3e733e57e 56d56ed1d244c044 844f79c8261c3a50 73cab590db540704 7cb949354e5a6138 9da31e77bded85b4 f9a3654acca432b6 54e90f5703682d72 983854794df5bf8d 52662d417b5d35a1 36dfda73bf855fbc 97225d8632a612e1 ef43fc284ecea685 5e67c3b7745c7913 224bffc967876a69 24bdc4a6cfd85f59 6b2168c9b8abbf29 a7ee066210b2f913 a72ffdd62d72fbc6 e3026e3e44c4bbe3 f31cc2e4f355b280 164321c9b8265ca8 acd2fb22770db9d9 bc3983d6f833cf85 707a2f0167942692 93ad3a75d2824adb 1a7d2233ae214dac 98a92af653ec4349 c884d9a97c2fc468 07757aecc88c6db3 d7789a933b765e47 5d9b8c27bdb9be37 e482e8639af03309 58e408b8000d6a38 cc0b8aca84d495b0 f557d1f09e60e856 acbc84b8299d1b7d 70400d60e4ccec72 e17e1a5ef3039af1 462520da5eaa6aae 0879d32f91ff26cd 35d1b06dda93996a ff1874d9efca1412 3a4da16c655fec47 e10300503adefa00 91e11a664c281927 0c22bdc3dff3ac19 b8167e2e1c47152a 1da031a38c023f1e 6bb672d3a15415b1 f1e420a22d440910 a7cadca8e9298e5e a6998fb1f0329e30 aa99e13d41df3511 97a6c3004086d4fe f1afe66335cffeeb 62364101cc38be3d 38d28f2b9491204e e5b0ce648080b4ec 7d0dc1e669ff0eda 3bbe6f1b89da494d fca9a32502327f70 c2496a5755fc52e1 332e98b9eb826632 187b438890e1e469 de6645b3f389f980 18bbbf6027c055e5 +Ciphertext: 3a0407 4e6b2650496243d9 37540e2c9e42fa19 3afed4a351c2720a 931cabab3b878300 432ea7c6a808a2a2 0639a758d9ac836e 7072aa826b30c32f 6320a2a0241f6341 7c44bb3913f4a186 e85a7273e66b00a4 02f864637cfcc5ac bb4d47d0ab32a0aa 9ca730cbd01b82a2 d02e3a061b08ba81 9fa07f60601bd13c 7f13ea52df600e2e fb8f18f52685874f 44d1315f7a2e2116 7a5913c3d61cb414 a8ce5464195d0fb3 3bd8ff240127f4ff 3707849ccc7e4961 0f225d88946b6776 8284226ed944aa96 5f0c472fb9ea0a71 6b6deeb3c7ea18f4 90337dd0261d9157 05cb0df128d3246f 1af2c155e1ec99be 64a4d30be8931bc6 39114571749f518c 8e105ed2d2355cbc 4a9b0f6cf72553e1 a5ed2a50f77de901 d742766c4cbbf3c3 f02df91624f5acf6 a1d61d0a84367540 4cddf81a12ae87d6 d4242c4b6ddee08e 07916c30d8d84d69 ed17d6b1aedc6cac cddcf7b360a87f57 32072abb2f5fb855 3e4ab7cc5ca1a67c 42b34fd1c1c053e5 ba61b5bd47d567ea af100345568a163f 5da8c80db52a5731 a53f6e31318b83fd 4c7badfc8cbf1dc6 7db4576ae9b1dd32 fca069104c3495e3 5f2dc45f9107fd09 21a4fd827f454a77 885e830d3d1752ef b24ad6dfa5f6ff27 aa8cb7a8d5d3bee8 527475fe3ec9f0c6 a26a35a1719609b5 2dce27e2b60ea8a0 8bd4ec6e1d5f4ac3 0fe8d276cd577601 2ef8d746dc5ce066 3a5fe52636760c32 4f3c945375d8a6ec 1b55d428ac4b87c4 a964dad90c7bb394 01dd3c6584477960 263e36827e0f33a3 d682bbf44ae58849 80c5db928fa6a623 d6ae2c994929dcf4 1adc4798899313f0 3a85f66605da7fad 55ba1f6a5cd8ecb0 8ac491a0e446314d e394f379da197f07 0f3985bdb8372966 7ab9ac05df3aec6b fe7d894d25e35471 dd4e78e4a309be57 a442ebff124309b1 edaedf177c1e94fb e7e66e4b3cd3cc5b 719b628236fd507b 4a63591793c122e2 ea30b48b26544444 5d191f4a41912086 a06f76e51ffb0db5 2323ebf22383952e e33c956b48cdd6c1 1ad5a33226286df1 71491795a0e7caf4 4cb7dc62549fcdee 26bc6a43fe0490db 516ed47cd38b29c9 7d574d5faef158ae 5c765b7fef1e136a 48517672c2ed4741 155e175d404d895d 12729b9b62c12b79 6b8a3a60f7556071 ebba8e5d3660627f 942898f3f5389a0d 0a993a9a6b2b9370 65ff38c1fee4b1a2 7c3e3748704b55cc d589961d767a4fe9 a2cf7eb9a2d16b07 dec27922e5337992 8e0bff4b727242a2 c21b23cef27cb035 c3508e97d7c1c448 d2c5750ff937346b 16e582e5c152a6c4 15c697b4ab59a176 a9914ad0e04240d6 1f899f42b1ea40d9 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 950-byte msg +Key: 5991652520adfbe0 b3e3cf48143997c6 509f5ecf5f3784ce 4cf4075e966600bd +IV: d5d4717da08c3d7d af7778183df0e19c b0d6adfe7ce087cc 4531d462442d3b61 +Plaintext: eb8a655dccaa 01d6b7280c6a22b1 4f48ce1529e8a89d 8efaeea0509c9251 9dcfe3dbca2c6ab0 4ed3121d12a58d23 e8b3f28258f5ab16 a3408e6602724a7b 2ff005ee26524345 2d5c0a80123044ee b4c36445c48e4cf2 cd866eae724d3252 f8aa98ec04371f12 a559e57694750fbb bb616b87f51954da 15b4d79e2996147f 00e6e6fce943c6be beb2ec2921dbb832 0676517072008c75 81b20f5eaeb3b6a9 4f8d35475fdefff2 805067c140ca05fa 9ce85c27c3a9b96c 1c685e17890ee079 ee85cef5ed709356 f4199e657aaac0bc 85a1d5d5707ea666 ebbe0ef1430d5c96 e4b8f92d1c614b91 21f6d83e56e4af1f ca8704a101e51a0c f89d6613631af1aa 390cfe177219ed4c 10cf5f745cde9bcc 728430b4ff48dc06 4aebada6719c665a f56b24dc7900412e c78d792e14014b6a 857fa235f20eb5fb e9922cd1f6fb8450 21bcb4a4b97e11e0 50166f9407b589a2 0c5fa34d609f6d93 de782bbd799e1334 c5e7f696b9fc2309 b35489d0bc631b1c 0d0e7924d363cc77 3087f19182efdbad e7d332db01e04052 f62e0e07bb71ca7f 93736ce1d2c29a4f e7a5c8769955a364 916ab09a19943063 238b48648d495e73 a376c6ade6249ec2 0cbcf69447383501 ca93b7fc8a7ebbe3 41557d0cb9519fa2 47ffcdaf95f1a179 a5b3c4121300572b 9b369129da08a97b 5973f62ac7f355b1 86f6cb106a916b1c bd727a198616d28a 0a3c84489499c1d2 72cdfbe44096474b 694306f7ea6cc452 59e160d026e06dc7 228bd9823d98cc91 944bd362aba13e16 f6cfc78d9fea74c3 83e8be607ec7f28a e80cd8fe5f6f935f c7d5c8cd907e02ba 378055f910744218 426fdbf01334277a 66a7c8e58185dbe5 1453204d77945be0 343ffa64c570f7f9 9f5e00a96f8dd640 a345f35e2c426fca 82ad2409e94b1130 f4f5fcf647485b0d a09d75b3193bc584 a7cc9f92e70e16b7 1acb1c2a6d0beb51 7f88a4d61d6236fd 5014823599a7bded 7b2615a83a519754 e39550d78c3cb2ec dde23a2dcf285070 b4ac6f5778388523 26399dc9ad73bb48 e5f40739cd462ea8 17e90622e600710f d64b83433d55e7cf b0ef7e1dc9dc4a3c 28ce8b78b892272e 33874fdee9546082 bdda071e7068a999 222e02cb15f50cd7 b50d22bbd5866525 3ca35f89608be670 7142431399d89428 83e06ffc1a24c8c2 9397152aad8baf36 37247c4ad30dcb82 fb697f47410d7025 dbec0ed75ed248a4 ca56acefc70acf09 2ef4ef49cb42d75f 623903e5ef6f0537 323a27856b685226 63302e2fab698b45 28fa00afd092d1af ae9916132c661a07 91b2022dc94caff0 650fe515e212ac92 2e1ef6a46865831c +Ciphertext: 3cde92d44989 88e9709eabbafa8c d5171a6dbb5be9b3 4a5ce1c6c669c0b8 b10d3061d701ceec fe52050acccb4b7f de9a80b952f80835 9e7b553dc9612932 f323f59a02007bad a06ab780544ccf0c 9f40d83381aade66 e57589a20d340240 af811fed10d37052 b4f4208daef767cf b535041684cd2115 ddff5539d8970776 f24ea01816bffe4c 1c9c5db879e11d80 8da38b52615075ec 40432d7fbd0eeae4 90de48fff3c77b79 860fda7831f618fc d8d88c8dc89d3e11 eb98e98418851057 c056dce696c46635 70448e1a507a5aa5 43f733df63c73b8e e59ba488d9a12687 cba612bbaa29a550 b112885f8aee2528 77ba62566daa22b0 c494ff5b4bcbc1e5 7bd329b351d93ea4 f5a0b3b5c2c8572e 65fdddbd0ccb72a4 7fffc66c2fdc578c 3e13fc88544045b7 dd86442f45c7ab95 3d001ba6a886684d e620140119e1c9c1 a73abbc968a83b8b 0fe2e68e1ecabdd1 479a032d67aa7b20 2ef537fbf678a08c 8dc963d4eb58cf42 f3bd2334f12429af e297245c48cfcfda 1b70d61aec006f53 57675058c41df3f0 94196078086eaea1 5cc3c9abd2bd1e3b 5c981f3b719d543b 9faf20ea29737c57 87bdc8c6c17f5e25 ee16d8cf13fb0232 9cf86bbc70de6d9f 443003512808e580 da2028774f2e3607 f44baac0db08b20f 72e7188ba094edbd d2054b76f452556b f958a42dd5313b27 d55ab2e8fa3f3b1b 2e5db6302a509c12 bd0e83be69c72747 110b5dfaaf98709a c84ff34f0b84f1f1 f60d5ac8b94db352 311f7a877a559f78 c41f2a039a6bcac2 67b708e6a70f231d 48e05acbb6032b71 af1119830032719c 742e7a1eafc0606c 9ddf6e9d74fb8bdc e818ee8f1dccc7c8 5ec5241bcde797c7 403614678ca454bd 7a3e7fe9bf6d0ef9 f88692d5bdf5aaed dde3c62dc1d5b507 09af1822e24bf586 395d3b3e308a7219 77b2d745d7592c53 5d43310cb11a27a8 489f26a042c92520 793e4e520ae8b24a ac7f8e30f2949d2f dbfed2407afde2e9 3130b25068a938b1 48e4c41e334ca524 e9a062947e8e6cb9 bfb95f06ffb619b6 8da5ce5f51cbfc0a e37e8145602ea8d3 7be2552e7ad00180 95dfaa5f00db7f51 1c289c5b48cd9e55 39627f3d45a8e6c1 4149a627a02c004b 3564562104d71c11 f0616e5e9cbe3c8e 493fcce81797351a 7d45c38f9362abb6 d756d66b443d832a 4758a883fccedfce 0d0e00aa81b9343e 681cb8236ecb209f 4d1e9232f8f0a771 c0bc0d4f7d701e0a a476683f2e72cd0f cb178862caa62573 79b6b4d67cee6ae6 d68803f5965edc37 bc8d6726f5bbb01e bddc17ce05114e84 1a9196ec2ebca832 30b26ab90b111a52 a55b5e537ea13997 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 957-byte msg +Key: 7002f97f5a793cff 3ce6f8fee827a9d8 da17c6f36bfa9a47 481b4f1d23b34c16 +IV: a80dc170b3e87f85 c01d0e94a381f9c4 790d6d66de3c027b 60b5d976342ae743 +Plaintext: 28809087d9 30782a26ed9613e4 878a32d30f30c4d1 3c75d24e0d69fb00 b09674d8a3914d34 19cef6569fb80115 ff0129d2643794ae c09955fa6b2835f0 0d01b3a0bde9492c 6a2af1387a9ee89d b209b25d56ab5edc 91160b4d163eab6a 08cf076818c3042a ed3324b5c86d4fe4 6848d45c2bb4abc3 7795fd2d58d2e5d7 6aa87918fa450494 689296b3cf50bf52 e86697b82c7901cb 39be3183770c6ca0 fb360f98ac97d3d4 a4ee4f1bd96dbf4f fc0c0357a123eb5c a138b138bc15c72b 831ed3d076e2f950 69f058d62cecd743 6ae22122d2d9eede 75ac85326f157ee2 ca0bcda99f4efc72 7e40b8cb10f68f96 fb8ff80106c494b9 7ec1b35bd8331a2c 97a30409710266a1 ad8577e1cfb370b0 77bc90dd870c6455 8420459a3f982270 b48e80da3227be44 bc679e02b04a01f9 a610f29c9bd8e61b 4f7042d6eb6c1e18 e77549022be48dc5 74903415fae3cada 503425288b50a371 a65ab3f925d6978b f900686ba4625a8b 9da54101f6a854b9 3ccf31679f9e22c0 52869fea35fe1431 b2d6e4fbe4c8adfe ff51ceb0ecbf26ff 338a1f431ee7eb71 1c9b0e91630d1d72 d9a0c59c353f0e86 613ae1092350c915 fd0df6a3525687ea c94209d6f72b3ab6 38051335ddef068b 8d0885f4e584c361 62ffbe6e81107d95 242296a1387ff465 95aed7ad25ff1c75 4964bf5978829e4d 2a08808ef44055d9 f4e4c0da6f32d2e7 b94219ee5598d9ac 5ef699202573e140 1cd143eaf30c981d 002f8c69e46b5da4 6c6adfdfb5e1c498 94651a32347f15a2 01020f6ac59ccdcb 11ac0436df531b05 75ce33688d0365a2 b2594a75edcdc1da a143ecf6b4197c4a ef022f2aa8129670 9e151c7124254430 827c32d298866d52 c43ae37606ab2e02 62da152b86cf564e ade8a3e2c370eaac ca73d9317cd1a271 3292fbd20479695b 32dcbf22c3b3e108 6beecea3b20cde7c 53e9487be2d7e69f b2f13df2f6acb8bd 26af34f8a5e5c104 a0d0a79d3920a80a e584859612c0c444 0e00afbf246ba090 08fc7c93758d7eac 143536b6a0d4d1bc 48ec9a6c54b3c1c8 0c665b1fd5dfab3c 9e6aa0dd7ad59e67 8ec682d72e51e0fc 43ca8ee4f0d86794 75cb49fb53306029 b1a2a7bdfee3ab9c d82b93e92cbf5d31 9fc66ae52d583d0e 10d9803ce48547bf 084b991a47df2db5 b80b71d2e246d0c2 24873559555bcb9f a73608c8d106e967 6d0e7fde9ef2aa19 f70e257c980cc219 9ab6f727ae089aaf 008ae98962ddcd87 a69360f04b44ac30 5dddb6cd963cbb9d c9fab937818831a7 e57e2b66de2f7c89 7c81443896fcba62 b1202caf23fc41b6 79fc8271150318ed 1cb9d7468f277cd3 b781339ec7425d17 +Ciphertext: 45a3b146f4 22d41ee21e6803c0 8ed0839e8cfa6427 123b62c9c5467b4c 9cce05958f2558e5 52b48b8309bbefb3 1339bd8c0dcbc317 5d178228035c3350 5484cb0eb2cf15fd c46a7901881f9cf0 2bf45687667e1eaf b2ecb94754583722 6d5eda362ddb83d4 f754f5cc4ff1d271 4fdbce3c2ee57754 373405460c4e33d8 1c7ad57f756eabb4 8a1369aae0ed6d8b 82f6bacc15f4b2e1 ea4302ceba6d597b 7104ca5230bf71b7 297f5cc468823761 bfe909300a8c6685 94a4d1008e5bdb0a 6dac900a28b97247 770d223fcced1708 d4992757f3fa9230 706bc4e7dc04439a d46aae1e00d83626 2f5e63d780cd25d4 c7aa3cac5e4ed83c 03831b6247d9964e d4a6b9235a34c235 ee7f5ad1f11494f2 98d75dd925be7dae 760577a76a0c7f81 9340309458515ada 989f98d5ed64b39d 73459f788db9d7f9 48bf2919c617a501 8eae7d3927bb4d67 24c6071bbe0b01e0 b725a749cdf8814e 3a30b917d42b4b04 3a73ff2fe1775ab9 82613ae0c7970668 c425abbbffb41635 dba06b948c0b4d6f a9801b95081982a1 8017bf90b1592a6a abdbd4aa6c333bd9 9fccaac98b16a32f 397d9ed285869584 8b664ef60c4a4444 e40164008bb46b67 feabe8ebda1af798 4351a586a4abacb9 bce1e40f7692f38f 2f14ef9f74ae2003 74b1ae386b66c221 8cf0a583cd482161 90980fd39175cb8e 97f7db367bd46fd6 65912c780ceaa053 927ceb58d248afff 90049cc55826c9c9 b884748276a664ed 90a0ee9c70a38585 42a1269cb5b620ac b30a02ae3e180ed3 473264be4cc8f26c f7aff124ec9a57f5 efd9200746a64851 cabdeba3854670d2 2b4b2af781509dd3 9d319410dfa5d6c9 10d867b59e866b2d c03de149fdf36a2a 24c96f08e9f7b087 cd97518839ad98e0 0e122d7084ece02c b6530fdea9f9b36a 929ce47e114b4ca4 0cb94bdfc3c4097f 2cab51e4a7e78599 f0323b2283f40edb e7ca9e4de926b3b4 7db4be197f55f465 c9b1d6b967a808b8 fe4bd4425121860b d48da28537dd95b8 1a3bc4a23c3cb2ff 04fd96c7646a6c8f 03e08e5702b5e134 49ef7d594bba7e1b 3688849a4190d925 12f917425cdca1b0 9e8b8f2ce233ff15 52598f93e42c0eb6 1fa0cf018ec04220 0fa8712455da9ff8 5265db0fb347dd6d 4e85619d05c1a6d3 5e0b32fa5984dc9b 1f9be8cd931cb0c0 7a1e2a1febdaf73a 16c90aebad85a075 f9593d7789ce3c3c 63164c61bf958d4e 57ea664f5911f82d 725655c27311bbec 9c4b3d4ee66a931d 0ac84b617c3198d4 6848d4b4e0bb2e75 bec89782378b24d9 ef6ff623e4594637 cb687bb3cb8f43b6 4a5bb12b83e758ee e0e959fb36e1e407 694b374be4bd0cfc +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 962-byte msg +Key: 7e8f098974decc71 645abdb4a0d8eb6d e4f513bbea57cf1f 3a360a25401bb747 +IV: a0e8c20ece19477a d94903a487f808a2 a78bb4aba394e37b 555464f91b7faa18 +Plaintext: 2e3e c4fb2f7a905c0358 2b2ee100ab81a9a3 11a778bc79957996 948bfe0e58f8cf9a f698c18a0ddf8b8e 1d9ad6793ed49344 12f69156f8334f02 82230f522aae2b03 402cacd027ca19f4 c1308dea28610c77 9fe217eac81e7ea3 170976d28604eb81 8a0118d546e75490 ff382fdbd1f1bd43 a0b13201511eaf7e 39845c16d5c0b71c bc5d2c1fd3fce56c c0f9e3d4a14b4eb0 fdac0922fafb8a9d d1dee9a780ab36dd bf89103834d27390 eabcd25e003966c6 9e1bc5d52d7cb607 c85d440ced8d11cb 79cdeda8d331a702 67c923005681ad8e 6b468da2526adcc4 044a96cd862ef0ef d370ebf517e129cc 1d68ff430beccd0f 4d748a12cf8da3dd 6fed0673b255794f b5bc31a967a9a0f6 f6e18eae87426b51 2aefe4ac0dadb459 f08dbd85d8cc57f5 08f7e84b2d52b586 d97bf7c9324b325d ecfdc2f87492b640 6e73e28b625930e9 b26a3764d0a50f86 ad7f631c75cec73a 79e74c7f6d03529a d3e89e0db7c5ad31 9d5d477bb86757fd 5c35f930b695d5f0 bbf5acc85eca3070 063219943fd775d7 af173f184d6334f4 cde5e28c5e660288 986e075cb0adf7c9 ef997aa7625931e3 d2e248c4f6604f72 e8d745b8d60af609 fa9c88c1cc7550ae 7667eacf8811885b ed048a051e254f7f 95534b3d85495a7b c8c5548118eae226 83e2909319c92349 e8c62c662a7bdd23 bca01ca2d2ead6e7 ea329624fed35639 fe54957b7d47a9b4 ab70576c832aa167 4507df6f27b71154 472b7430e5f953ef cf03200f1c54c3a5 1d4a32a191fa4252 18d0bd2deb76b4ca c9f7162f35258251 de385ad85fb71923 289ce68cbcb369ed 1e43dd6385f06651 57e0a5a8551d8a66 133a6a5dac3a5236 b3ad9ab56d1cbd3f 3da768995fedd0f2 d92c4924afa91537 575379266ca316e6 a7c677a50afee750 5e468557e0359ab4 3824292aaa93c8ca 90c9afbc08bb0f3c ea2fa5e3fd218e28 6a665d26708f6ba0 5a106e42aea24d29 a8e533a6e64ae33f 65304bf7ac4d5bd0 4750178d77c4ebbc 28383ff4239d4c5c 85ef2e6c70183af8 0011916a814af54f df4cdc155d9dc312 8ae3c5c9724d6c69 112fc7970decbd6d a419a0c3e2df06ad 18a1d4448bdf9baa 695b2848017a565a 32ec27ae248f13a8 3791a08a39d633f2 dc9926a567551a8a abe68ffa39ebb237 d27075391fcae5b1 a2c1b948edf52627 127afbbd5ac6e9bc 3acd2265826a2706 d801dac16563db8e cef1118366058754 a28d7a16cdf9b048 fc580b1345bd5dd1 2ce87ecd5e229c49 a269d3c60ccdfd7f 731acc3726b71634 dbce6f8ce8adfd9f b66d88e572d1d1ea 05702596471731b2 6f6918a8cfc8c38a be797956d502af79 5ed7219109362177 +Ciphertext: af38 f8af9dee54817a94 e160438097f4401b a176fbe0da9820a3 07142172c232286d 37319a622111d341 94d2542059806eea 2036376f9508b4ca 1b21453acd8c5f91 7bac772aadb654b4 805ee57a5ef6c392 10e07d30a0c4e96b 4a9f30b297d09720 b9be74672983be86 8d14b209427a789a 76961f61f93a6750 b6faa1a81e303a31 15d8261c0c604554 114c4efaf0f74b05 fcface11b1cd9cda 364f2d4133afeb01 7bda9d8c690c2156 130bcf316db8f2a5 50f611c458fea4be c0ca936f54921813 53a13679146c6dd2 d2a29bc0e7a0362c 2954205aa08e9d85 4387d4cca5729ea9 27466c54e8c29fd8 bd7bc343259e4889 4c72243fabee24bc 7874325d566f0756 f60bd68ca8554e10 2d2d714d68b8c77c a3a9532df53e4970 91b462c39e6da54b 7d6c747face71bb7 406644c10f6ebed2 3110cd0ba5d77ca2 c440d857014441ef ef27e9ca8b2f2bda 30a7a7d9351e1ea0 cce3bcac9eed1d78 7fd6936c05d38cd4 36d3d5105cd6e7ba e92a57d0b9977add f917e83dca6f7e99 6d764d8c13d50c00 01b77580e5e94f6d a4952e05ccf6a1b8 12f69865eababf34 66f3c6cfe2cf1c1e 1b0e9a493c5a462f abd93b36039a5a77 e58d3f8e700cfb9e 852c38bcdcd1f4bb 7a0d928b2155831b f2af566c125b0d62 4adb6e1b8f7764c0 05930aaa51f1d24f 080a64e8ea063d11 9eacbe9a1db0d47b 66cfb556b53fdea4 2c8386b7b69d01b9 89ac8ec810c6e22e 9a82df3fab3ad0e2 c8d848398eb238bb 1979eb956ae95e26 7e71359d906e7015 e94ad886eb6df9c2 2efde0f929456cf6 958c36a985dd35af 24d2037a16884bf1 30f2f48d2e75dc60 33c702d861b8754c c3f5b1af18d1fb4e 3c058d1952afe67f 9e27563ff7e80025 52a2a165028bb6f6 ce1ba8ea6ad976ca 841290939756cd22 6ea69fbf4dadd0fa 1dadfb096fd4d598 601b7707eae4f711 63796c638b9b68d1 9248274e095f2739 5517ccbdae78fa5e c259dbaaad032a29 48cdd3329ae72bab 420a7a151b11e995 3e8973a4af828ef8 b82478f8b49f23d7 e8b04f8ce26aa28b 164b531e0002db2c fd46aacf34c8768d 27717a8c170e6fab f51d85f0bc58b830 1e6ecb3c69ada7f0 7595dc321aa16375 a9a8785b0444a55e 93423748ad3fd436 268ae16fce41caab 3c3da46360193e9f faee57a3644b5dcb c996685a0c3d0fe7 bdba94be39e920c5 f9e2ff06b1c5fb6f 945994af5a0c25a1 b16bcd3faae7b6c0 dda3f8f588e14486 bc23c0b7989d43c6 b36a15ab59956c69 ea55ecca47ef96ef 21e5ea1a02b19d51 2471638e9e9406d5 0737fbff3100476a 12ee4f4d46c153fc a4bee0e3f1cb44ff 949776c6fcc2a039 ef94c7d1ce1ec5b1 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 963-byte msg +Key: 502f7d7fa9cbf47d c187f22ef460528c 9f4efb72841a660c 70705a8b1b35fa1d +IV: 4f1a021c4c724e85 6c419cad0395922f 89190329fbe76ea8 7e9ec76046b47aa1 +Plaintext: b60eae 86c8cec670b06d2e b2bc09548e7f00f4 612ebd991a4ad261 f07f470055cd3207 25e5886724d63330 a7e8659f91c82b58 81e645f04a1c35ae a490969321dbaf97 626b48368a25bc2b f34f507c20aec3b6 f3eb277a203cef38 e240483bed2aade6 a321b53d8ae730a7 feb973f12377f097 1e050a3f85f12787 13560600a100537a 51d078830d62b72a 30ee7509826cd982 6afc96485f840521 a09b77eb25a6c9dd d5403910f9e0773e f1b500c925d5a7ff 3f97749c983db290 efd7440361643897 95399fed38a79b6a a9d8b93bf5fa8196 059f4c431664565c 6ad114513d81c82e fb835221b0ff4937 c01d4a66d82290d0 24ddc546c341180b 785390dba247a02c 6ee5fbb44b32a92b 9e4d5b52b797fc34 041688ac851c2127 802360ab76fce919 552942afef87e5d0 ab3093087b9fec4b 0e153d7d463c9938 ec0a2bc9a3e9ca7b 1a15ce19864522ae 508d9b8f0a83889b a8a18bc2edeaa7c4 23d0993b0f566cdc 247248faf7b58b4b f32d1aef4e8bfaae 3b811a82626e7355 8d3d530ba48af6c3 db07575a2a1f4531 fed9b9312efe670c 307e93c58d102672 9219014148cf91b9 a79ea44207cb7be8 d757205c9126fa3b ed609e935618e8a4 9a2b4be3e56b6545 f0fdd6b9760053f6 e86ff6786149d8c5 dcefe2f5a5cde071 0d3cd7fb62a799ef 1eed96c85f07f5e5 97ebe48e85b02c32 64f208f262783764 53145090a7cb563f 99368c76aa288a3d 4e9291a4e5a31c08 ec33b79375611402 d47b5cab9c1fc3be caa05fcb3fab3a84 742ba6c56969d0d1 de7898dfc6d0a0d5 f939a35329eb09f3 17f3b8cf06d82c44 707fcaf6f94c7114 a18a53de3d0d0364 2815ce9036764f66 e9f63e8be8f78904 ac56a6417d92275a 9d318f98c35f6437 cad9856aab09bea0 a9729a06cb4f784d 8f77e1addd84192a 3a34f4163e10ebd7 484b6fea70ec7e28 bd307348992922a6 81ac2442016a700c e05d2b5f9866c2cb 083435176d67b686 8ff5725a38cdaf97 eabb1709d18c5388 f772dc7bb7aa0e9b 745b7ffa8bc28e43 858c3f43928346a8 336d61093631eb27 e73caf738523fad0 f38af499b0442fe6 09bc810b8d930f62 c28aab4b16a36070 18834a4ee81babf1 ec873cfec536c1f7 824ce0bb1344334c 00da9cd55b28d9ec f30f5814cad84c86 c91b0031b3e06bff 5805065a0be0daef 5524ddb1eb097e21 dea77fcd12a30317 f10ee838608a5685 f2af98f05cad2bd1 2a3215e7b08e7899 42156782a8c4f82d cc289b1db67caa11 ba124186f0f44f7c e5caed7d90feefdc 881fb93b7483554f c231c2e89cfd8e2b 17f5a722aefc6e78 f0b50d7d75a30a70 168e1dfe5d283f06 3bf0049ff9572a5c +Ciphertext: d96b1a 70cff02d9a69bd3e 86c284f5bbd2bb6d c39564deb6b52f9b af7ef53b674fa1af 39df6be97c93e369 f7baff913a1ac7cc d5f70ec99dc328da a37bb2f9b698c9f1 213a5f1390737fcc 4abefd727d0f9afc 18520970a3c6cfe2 bf8a179732775207 a380f27789312902 812ea69c3d6a2f20 810802aec242070b f5829a67c98bf5f6 620ebd3727aa8c08 346f589027608cea 3bc3834b16feafe6 404c75e2f538c9e2 41e3e028ba1369a7 e18d5af9107ca920 f05c1b8cec6ad456 71e5a40d30cfc8b5 8586821b393ce856 be0d7ccd034cd80e 091f47b517424395 9ea859820c45ea21 a477af7dbd99b3d5 1896ef4fbb8d2976 e5e063b277381493 81d68057a62a345e 172fbc28b2c7aa3e c057b8e00e29511f c410fcdecca29ad2 24bb9079e5429e1d 0f5ed65f031f9b69 76419ece0a383812 0276aaa67b09c7db 71f307540f29bc77 e72dd5be64f15613 8d9f12f370949103 1942bd0efb67ca0e ee0567cd1cc972d8 825ad49f984699f2 8ef9d5d0421286b8 1786db9f3932ccb6 51320928ecde9969 2ed815b05325befb 3fa7872f5235a5f8 89455c0cefeed573 43b4080cc3d8fbf6 29824ce503ad593d 073e25c1c5ca7649 7b2fc04c55c2b80f 069aa970eab0a5c4 c9f7ac7f7a57bd1d 72de7471f7556cd4 717e5e52f6920a8b 82a23edd507f40ed 7f97dbcd508afcbb 4e5e775d1522cd36 111c0b2406f9021d 36f3dfddce08b767 8862adf1ea0b2b93 43c333ea977d9b00 1a4c35843ff52441 34c72ffbe9702d53 19eb16194ee10e1d eb1bf5aa38d29bee cd6a1b387a7989e7 b8b67a347e76c016 26efa6e5ac7785b1 65d8f272f0ccbea3 c6790e321b84a08b f7363076ced05847 ef8965810e8e9ca7 edf047cfa6f5fa2e 36f0ec44f928bc1c b52564e8ccf2a14c 77a15e414d84f38e 3d462966cd91ace6 a12ae2fe5e124f7e 7587f99e8b45e089 313c019b470259f9 bc4d14bf40c3f46e 43a181c884a36125 bf23a245ddaaf9fb c1a1eb8bbb205838 922a825da2eadb77 1eb697da4e5546d2 21670c0688485db9 14b56b6b47ec448a 2e53821ccdf3bd8d e4d4cd2a56dbae81 a6c54f9055f0d98e 75178c50a3e78563 04fb0f5502460ea6 bd6893e468884b72 36e1a40a156fd4e0 b4411d8c83c136d3 d999099e8377078a 8592f44f18d2dbd7 02e2aefc216b9135 ef7a40663f8785f0 ccfcc7cebf2fba1f d27433e68725f814 5c4803b4453cfade a2da24ba55c159f3 ad3c5661e57c970a 49b8d6f7b07692a4 0dcf979fbd14de0b 33c9bbb3908a8d26 8091b06e8bb0f06d 692a60fb1f3fd9ef febcc5e9d9e0997e f2f7e72b2f1033fc a0984dfcb8666b5a 5fefc3117ff69ddb 72769bd57d796012 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 964-byte msg +Key: 2172cf7e0fae4bb1 bb1cee46c3f2df56 293ad54efae0d99f 2e0a4cb7d0a72b31 +IV: 5f4b9248733a7f92 a3c3d9eba7cfb1ae bab9c72c42605056 b37bf6bdb12d21bd +Plaintext: 75da75f4 71389cf937a9454b 97c86c880741dce0 49e7f3c84700a6f3 42e3c47e2bc67f6b 51d128503d773a50 da059a4bda7b1d52 549c4b5eb2416341 caf29fdc4bb7b893 5b2cadfe7ed4c1e1 baafc25ff90f916a aea7df7ebbe5358f 938237409b572955 d772b26bc269e0e6 7dee6d2c2ca44111 9e3137912c9524c5 e3ba1610e54bd99a 0ccac0ffd1dda148 6ce9221a3de2332d 6b62dc00cbf839cb 03c2c3b6ef3ed048 435d5e2272d90ced cfc96991f27371a7 5e61553261b77b89 3bc3c69882d61748 c452143c6f0528be eeb5caf915fc0368 bf572a8eb579f3e8 d2e5a82065bbb583 d7d26ab58e08fda3 10d6ceba6c28ef57 d66be47e91e7a7ce 124ff0b46296b2e0 c405e9f5988b9385 7f54fc3cc09c3f5b eac60a68bba8a124 412a26be3f0f1746 d21218645435f34a 8156dde7d803fb5e 448f24b6fc65e9d3 a89dd2a5c5cdeb9f 4a227f6b8caf24dc 5f04f7247e032947 2defbbcf1cc685c2 8fd17dd1bc7936d2 745ca77006a02e21 6187d5597844d3fe eb0e561be3727fd8 3dedaeaaecba01c7 98e917dd8bb11a03 ce07fcf08f6f006a c6137d021912dfff fc1aee981c395366 fef05718e38aef69 f0abf64f8b2cb975 0826b8ec854dab1e 1280c403169e3497 ee9af08bd6d2b53a 0d9c49e034220506 f7719041f0cced1c c846b853a090ac42 af0f699c2c317460 6e02800952faec06 dd198c692237ace3 669552f083b7c44f 8a764ab5ac5135c2 5b042034ac5c765b 004935cde335f15a 34941b4287bc83a6 c7f71c3d20d7ff48 1bcab3c80beeacee a92711d3fb6ec369 7a6c9ab27347f22f aebc669c4e6edbda f87dc12d375b95a7 1fdbaae4318b2af8 7f4457a611ff17d3 86eab039febcd060 3845d0caf849396e ac8e88694e342eef 8c45db87278dfc78 99ac837efa69e6c2 24496a091661a12c 966831c81b10d836 e996adbe7e98a907 2d2865d2091e25e8 04b21651584ad4c7 26902f6b5dc82fb6 de6156b1dec92469 8b86e19df28396bb 20a75d0b87acda29 a42f0ab8df033b55 b3cb5cca0ec87784 fbef7c487e3f4021 bf51c59d6b31bc38 586c4819686a05fc affe4970d83caa42 c48bc03975fb2c03 2bd8d870cc7f81de 897073f5bfa59494 1b22a40a02cec38a 308134d99f5e604a aa631eec723e3102 816212b3ad5bf103 3f5ef6025525cc43 85fa6090c311e6dc 851a1e792517d58c 866baebdfa342233 63dbc6bf99eacc57 0c1dcdc7abbbc6a3 04266080acb17463 e1b3ce7a6eda310a cfc19ca996c4ccad 0d1302e41d050686 6eaf6c67d0b61671 da61fa52d0f22572 ca370028135cd32d d0038751e296b06c 0ddccb9859cbc39d b89ebbadea270752 9e657ba4da59e9bf +Ciphertext: 4d476266 515dd36cca57c3dc b53aef8f8c38eeea 08dc58fefb564f38 cd7b17ee61703ad5 80cf2607c8fada46 e15cbca30fd7a5d1 cdb35fac32fce3ab c6647cf12fae4302 15910da670b3e5a1 47ab8d94232a6a78 e91da73673532f0b 70b19169e904a3f2 26613a95a6e87195 e83d90aff21d1ee3 5825be7a1783d658 d87c18656c7368ed 8679b5645cb7b9f8 8aff6eb29457932c 8326bbde5d3b53e4 8e5ba8f71a49bcd5 c23f477df4f8becb b8018801e603e6e4 156b196cab796b1f c2279d3da0e6a6db db76a39a97771ab9 4a5e6b45728ef600 5c4f1d433e0aacef 414f316ade491a0e 11a1409e53129b4f b96c35846944b332 304c65a5d1013bb4 a6d66475dc635a4d c17ab76c6b5d4c83 72dd249f750f379e 7882e1d4c1f1d77c de72436a825f9bc4 5656af8f79cb17ab 31dc4c4442923106 33863af28cb0e01a 8ab77305698f2d06 54ef63f7d03543ab 7c68e93f6863738b cb583d17a0a80fa1 a387c5b67fc25448 3579634281292085 cd9775dc1bc4feec 74dd5ab0d87d4f34 528f7f7df26b4f54 f5798cf42e950378 5e64b410a75a31a1 59f4d91334a35a5c be851ab457720307 6efdafea1e5b51ad 57f6b8b312ea8205 13885c427db7885c 46546502217a526a d752188d1b2a643e f2c5f082d00fb09f 7cd7600378258387 72a1fcaa6d1821ed 3f9d83f0cfcbd683 5d045baf0d0728f5 f1d5699ccce4e767 fc66034d86efad90 9a5fe110d28ee573 a43db4d7dcf7981b 3c6b7a2840041053 afcde58a4a57b37c c091387c5abcb716 4234d6e316dd61fb e6c5011c18e9101b 7c01ce4c138c5e3e d64cdeb6b69fed09 9a3303d9458a452f 4d40537a37d93cbc 4a949a8a98fa878e 6d75cd2f523f3073 8d6b88867131577f 816ec7b3927412ca 69dc0231f8372ce7 981f915cbad2acbc d3e68093ea9d3707 82eefc4a9aa62833 0a0a16047b153ac4 af547dfe7d32310e c755153bd3b89ced db0e2c243fb3db0b f3ad66508f3dc478 34ede533b9d1fb07 840f0770cb319c86 addb4019e8cb8543 64c97dee858b1725 1858f54937ccdbc1 915ca9ab8279beb5 f9ce2daa058fbaf0 1b88a64835f82ca7 4c96023c5e2a762a 4433bc0e60126abc c88b6c3e83458538 13349551329dbae0 bd59173d2bd6bc12 5167f8a8b5b9cd7f c10a04830f5d6877 6b50721d94beb5dd a1745454f789fd01 92e109d2c8904716 5b57e613ebe4b9a6 4f94ed38fd26f423 2c6ef1e9b305d7bd 0d6845c4e66c1a98 a954529a2ec0da0b 27b6e5e3ca2e5955 ae37ad6ab9713477 1207b7b0b3406e96 6a5da8a078951557 1df4299b73dafe65 e4a4bf51e72074b8 cacf9ef4cfcb8db8 b13de504f5417b9c 86c4a4a3b29b1fd3 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 968-byte msg +Key: 16e574c218cb3f27 d604790f9a84cfc5 9197f3821ede9191 749485b164164bbb +IV: 73a3b7843060e605 c59f74b9cb60ef47 63188c6182b219ec 8cd433612563b973 +Plaintext: 444981f2887649ef d024f0210660e687 3bc6e14ff98cd1f7 d4c217b243d7f10d ae6039d2c815502c 1f1c550df28b9acd 422858142b73a1f9 75e6976b677bdcd0 db6f49ed9845e306 db0f0a4637e9f461 9fc65a77c26f713c 97c81c5638556006 f3fe180b9e0feac3 2c8379947e82dc8a 7b28504163882906 60f10f395f7066f5 1d950ef4857a4dac 390209be6f5f3b91 fed7a03ab8c7b2a0 fbe8d6dd83d1d7e7 82bd936ff38ff409 2b13228eb187f7be 4f5ab42a6933f252 8e35db0a4d829922 4afd0f459155c722 293f2ccaed02fa59 9739f2d91ed4d263 42618487648a96ef 9cdeea3e06d4af3e 5c0c8f3bcad92aaa fdfdc40f7eb33a1d 3ef33b1e72f1b495 a0e78c22fa1492a7 ec04b4a9f11371f9 aa2d919331d713c6 ab7367951cbfdd5e 80a05eb9171e5aa3 00af01dc09b8b68d c651c02ee04943a7 b0696fb50cfdf890 6191c6cb02f9ed7b c094df9bbbd1e1af 78f1bba8330fb408 765ebd46eab3ed74 6e432d1f66ad3577 553bb7afaf64d9a7 e896e9c9d1334c31 24dab8105de7a452 cc3dfc7ee94318de e72cefe18c7c88bd 3fc7b25863bcf569 e363c8da0ea30472 a60799b033c280fa 9df0f1f7fa1ed539 a50d7e1f90b396f9 db83556ea5eef71b 222a6e7ded325411 a00e23b9a354a862 41efb5e4011f1729 33c1c792c9d16596 682de1adbf9b7c6c 180eeff12c25e981 3cf5bf705d085f41 14a5870f2252342c a1985c075006df53 2c79bc65409a80de bda7058b4d775889 a5b8fbad597c4d22 f5f44654497a670d 04d5f1de85b956c1 ed8eedfc7972e949 0f818c33165498c3 8bc7075c5100fbe4 c9adf824a38c5172 f431e08d8804fac8 7989a26b00e4fd56 8c9c07e7119f831e a38638ff431b5a38 f91847042332744f 0c56a61bc0336522 1ff8adbd315fe804 b9ea19370d6c5a5d 24cc882af1063d26 ef72fe0cfe49b670 6d6563a5584810de 34600393a88a3727 9ed40dc79b873e95 4b651406612fda88 9e6a91692e63e4f4 3b715eddbd7adbdf 8fb83ca3c8bd5fe4 48b54fd191ecb7b2 d9909dcf5db74c8d f7a392dbf3452ccc 1f017f8521b1895a 0dec163437883736 465df0a08a4c31f3 90810756f3f41438 74363d374d6aa240 c391d3f8fb0c415b 0e5bf2a35f2b796c 2d902615648f7a69 b9dfdd7ff5f093de 912dede5847fbc6b 59120ba2845b0e41 f65a55e2ef1c45a8 1485c926c14c457c a047ccc37be992ac 4e09a463a1e4d6ba 1466fd833ca55f3d adaf68f458859f62 1867d85a8752aa67 16c823b05dcfbb1e af3c87c1f231af70 ade522b063a388d8 2016797251c3ece3 d8d7f24f6023a4b7 ee655964b9c91d89 3caf5f2489afea25 e0da17d28043406a bdbf770853e878cb +Ciphertext: 45b2a13b726f8406 e1445a40b7e68500 61a3f1089ced90b6 81e8ab0d9c5892ed be821b8bcef16a96 ceb7bea29fb52d18 eeadbc1cde643d6d 1e94a20cc00fb458 53213069f9a9ee84 6572408c17a859bf 4f092d9eeba06690 2c05459a3cd80ee8 64d9300dd5c208a2 1220a376f979d152 de69c230f30a64fe 2d66b052e841428b 09428fa9307b2105 96ab753609c0f492 b543a831f2e88fce 1957c98f0c8c2804 9a29e26363830946 de89f40ad4facb3c 25847dcf78889332 d0c336732d4027a8 164228350ee22873 819f67211fb28bdd 24ca8dd3092b2f82 a70c3cc2abf70722 483e1045351762c2 086de9e978a06040 c8aa7e0e737911bb c9d7df1a5543b3dd 4f0a23fa6f733d05 1cf3e683cf78eda1 7a598ecee02958db b748bac0cfac146b 2f026b45d69d3255 6714eb36e509327e cf3ea9d790fb177e 9ecd117493bb6362 364970682919877e bc7eda6a205497c4 e5c3c328dc4a60cd f145d89af2bc702b 6c29eb66eb3c43ac 310d17f56a8b1217 b0fb196125db7dcc a51a818f425f99c1 17a14761a514fa9f 47f8039813f9de02 c278462fff3eccdf 1087a8f182423d29 a93d6d38504cbc81 6cd97128fbc58e6f 1dbf4651f6247d13 3f55ec9e60435511 87bbff3efa471f05 8bc30899ceb1fcbe 820fb24b3d24cc7e 2b762004ca24ecd3 b675110f2b42e6d0 51d88ace94543558 e55f769e811ac57a 4d1d824cee458002 19a5477e97ee885f 6abee90b808cef33 8ff03df12c5bd363 1efc62c5abd4e454 c26ef45283b714b2 86f28bccacf678a7 5331d7874d73e1b9 1d03307cce7987f4 9658b83a665f0580 d5569b7bf47eaa5f e22e32e94aace313 2df4f22803cbbb59 b2f58616a6636113 6d7292c8f51c4347 9e3c94b4c146eaa0 26317aacf444c79d 4bdf6a49d748ec78 2b8dfa6e6dab348f 81ce97583a5bb5f7 79817263b2ea19b5 7c3c597871f4c01e e926fb2f8c077163 7f104bebbff1dc7b 0f57d51b04029d1d 54c40335bcb0879d 9f3ab76e7ad3ba18 84d5ec6c9f650623 f9836a68cd238a64 0ab57f5660c88a25 a7bbe93d8d521245 89eb987b11382451 45ccdefcbb8d1cc5 5747272e3d405f17 7fce08d09cde13da 10956bce2c12b80e 229019c720b74a1d 26c65b0fa3c940ae 8b66a5eb4291780b fc270a9922dfc221 d79e8254fc6f0355 f72c3bb9c0548646 9d10a4b0dab82c5a abeebd1c6739eace 73b3c0a83651e88e e7ca90dd172845c7 784c6a06583da3c4 889e9629d24540a8 12ab3c630d4dce06 acbc2af47c536f55 e9f3b6bdbd519762 d53fb82300fce469 2a318073cfcfe0db 432465103d4dd65a bb03251845396397 975129d09b274a4a be0d4176e14d3a02 7410252257e844e2 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 970-byte msg +Key: 68dd343b7491cf81 96871673b0ac9281 3e1a43bddb8e42ed 071ca5de2721a3fb +IV: cd7af91d3af38ba5 21024fc9aeb6672b c7ea8db092beb48f 3748eca8e7868718 +Plaintext: 1d97 7a0a232b06cfd939 9732b2f0ec05ffef 780070b808ccd762 a75a308fbe79df9e 80a8382285284492 b556c24268386d91 cc567d6486cb70d4 9c9b0a2492479bf6 d39f80be53d8ec76 73dee99425eb9939 5059c2ab76b58905 94147e2d49aad907 3b9803e8b706594e 97722cce69470c4d cdb246731fb1ab5d 566d93922cc92239 803bca89f8db1180 eab995d87d744d37 0b0811a6cae85d44 ac4d523b83cdfdf4 692fdc875f7e9e76 345c2b9aa999e45d d2042c2abf812722 5c5cc11196ddf3a0 bf1d42cc34178896 3d02f6fc34df5a29 ea4e9ee946a5915f 2f43ebfaac228ba5 4aac023ebfd0554a cc54ffe7686d3601 1a8d6fc9a77c2463 edaad5df0fc44d6b d28526c747cf8ff9 abfa4d418b6c004f 2b69a8b4292d6797 5e3889a905eac15b 1f4fb54e163cbd0a a09be8f4e603417a e68c509115e1e361 49960e3ed7bc70db f8b3b8ba724068e7 74dfd9e6c15b7fea 109b6f48b3bf1e2a 786c6c88cd63e154 275936f5a40317f7 ef702701649b4507 74410ec04bf0a25b b161ab6e2e079c2f 72e837e6f3ac52a2 d8f3da2b16ec1839 d92433e3259bf75a bd1dd4d744cf2ad2 a209c475a963a250 f913fb4e207682e8 06ece99889e9a391 6449efad55e412a7 7f63e38a0d528d69 18769151ca600a7c c44235c7be023066 6d8d02d7aa6edc14 d09f9f0d669e9d55 fec4a41c5cd3395d dbce21580d0d2643 a290173d8b941183 5f64fde6fd725a7d 73a63d971ef695f3 1337b434be320b8f c9fb35c73f7e385b f25b07fe1af44b47 3ec362aa58f2a8a7 3425f641199b69b2 ab75655d1055d904 522bc43b044cf81c 29c51e3d51eefadf 0542f068656dc714 10a7aee744417ce6 477d3c8605a3e965 fa51763852131104 4f33a992ecd3ae1d c038184d2469aa69 98f978c86321a788 7a127483a388777f daa329a5f4f3a535 82d1ab77f8f6eaf5 0f467fe767edb9ef 71ad1f068c76b4b6 6e38798bc6f534c4 1f1a704d080fc5f2 720d59cd5930a700 a7cd7faa55054e13 d39aa02aaa02e332 60ba6eb89bddc2c8 8af50f608111fa25 e3189d55455ccffd d072a66ce7423be7 0a5aad9efb8869df 1fa7a88a26b939c5 ef3680f0a5a4bfdc 2f689437c7dcc34b e8a136e96e37429f f9ca2c31924fec47 91d03064bd04a417 b623717590f803c6 c138107f3d12d671 df07a43f0bfc9b15 928eb697d5a50818 2e4c450d8bc084c1 5cc6434ab042acbb 9a06179bdae8cf96 b917197335af7246 5e8a19e7005acda2 82f4d8300eef4ce6 f36e8d2d473a0f32 d01461df25496b09 1086f4eb37ee67d3 fb6ad61ba1403f5b afe80edd991be451 9d2c97c2ec9b7ac9 0ae8de0177a5d8ba 8fcf45f2af5e0c81 991ba3931ab2d55b +Ciphertext: 57f9 664e412c9854311a 3179010bba54975c d127adf9127c06cc 1a18ce8940f23e0c 3fdbb13b12ad6494 9efd729b816de8a3 c543b0ac6903e61f 253a510fd6bac193 5de645cc48113b2e 9f61dfa41f0b9944 9bf66999864b9803 ab2353525feb76d7 719982bb5cc0fe50 801bcbc5f29775ff 1781d526bc068474 38f6d40796d2c8d9 6898c7d3886b88d9 0e63811273f4a049 d81180bce703d9a5 108d790c26ac7334 efe17f6b1853cd1f ecc3a0fe870f7889 e84b3198bbeac16b f05a8033c5e5af1d e369dc3cb1775026 dfab5ae89503fcee 8aa017933dbecac6 f302c1a037e527f0 627deb0aa90bd970 b3ee69d3d3141b43 968cb5f62263519c 213611f1798cceb2 e6a5cfff22563d3e 21215308b6c794de 456629fb9bb00251 a0238ca2bb4f5214 ded003d62533b102 a54a71d57dfc9534 693ac4c5b058e608 751b6546ea3c8784 2d7f64bfe5799449 8d518f34a634c43d 0383bb4fd1689374 71407b1408917088 9745ce4d9965407f 5e15dfa2f23c55b0 5f8c8d8bfa56e485 a29c0aa2722cb301 1f6e5f038140d63a de6682a0c8feefe0 3d1093f2e7598369 fb9f4d91c1da1e30 bc462e38d184ada8 a0b0fdad6855c30f e28abd9c870c5087 f84bd2b7f8f1c5d2 07963b538db2d632 fbae8b532e8eb2d6 6911e2652121ca9d 3f8e8938349e9692 992c9423eeaae349 f38cba9098719bd9 77ec66d62d869250 fb0679b0fbbbad26 6cec322a54f16daf 18eb6b1aa82bd9fa 70b9123188ebbb70 126cd51d1b3092a2 f22068455ebdbed9 f77fc1ac06e341dc 2cf43d0f12ac0c46 8f3f30257aa3a7ae d4a2d55f2e338c70 2117f17686afb74b 801383ada7388bf2 c832e15cfa89a0bd e606f82119ab94d4 9258aede94d4733a b8abeec25ce7be52 5f5dfffc371ce8bf 58adc8fcdb1a7192 84eb5360275855d3 ac13c10475299bef a0a27aa078e5f603 680dfe76eb72003f c6dc25de87846441 5eb16c5c407b2c97 9c338f9fa4a0e6c8 6c65c8682a888977 6632928dfc4c6f46 7fbd5bdb270762cf 056b1355a878bdfe 613db76ce80850f6 48773a306d121f32 40b6a0128e2d8121 07af352596390093 0774b1a4c9260eb1 ef88f40c1f96e7e7 6dc35515947050a8 458f9e2a816eccb1 99f9d37204943d69 76ac8554bf0ddf43 dbb72813c0d6dd7d 9d9bce801f9248ce df166b5c1aa85364 cad54c3c3ac73bc2 e8a68d5f338670e5 4d47537b506a8b10 826fb2833c602a8e 12905dbeccd51dfa 15b214c952a5e05f 4b44d7c12d89ded5 a75acb3e70b220fe 818c47bbce1ca14b dcf1575384d3934f 7c3857edb44d623a 3d21d42efc686cd0 6fe18f8480bd023b 181f68c8ed29e194 79bd925edc67c068 6d552a3ddb94149f +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 972-byte msg +Key: 08c206d3ce27ee15 57df110aa6aac106 cc2e9d81713bbf78 b0533710286ab87d +IV: 4fea92220afae0f9 7b0003361a644f27 0898035fa0557f13 4e27b1c4a42bd11e +Plaintext: aa174e21 767c087efd48bf44 298fcbbb2c8b0e90 13e128339e25e97e 4fa10c97c1522217 3b34cc6c85c02d7c fab29f8adf0fa55e f36722a04757c886 5053d2af3ba2f64e 80aa958aba6e3625 b655325cca2db00f 686fd422f2c53423 d0c98c2dc110b20c 6e67cca1455cc088 8401ecf994ec18ec 9982a8814776169e f78ca0dafaa33e9a 2df2d779cd92b4ee 8d3c3529e655c33d af270584ed72573f ec23787e8f638240 e4d320dafb16fb9d f99175b3686e9a4a d1e753f58dc1dd4e d8167ae127586745 bc930d8c77f27bde ef851460c141855a 2849fb9ace6c9213 e2ee10ca6b8bd3f3 dcb90856e82e1ef8 97a27af89ad66db7 dcd5633b59795dd6 3332a1020203af90 6ccd7802f7d0cb35 1a6f10439a3338a7 1413f4a2d5f325de f26a945296c8e465 9658c5564be26adb a0743c086a62d073 f88c1696ebdfd474 481f5380cce359ba 80e1561b8d6be233 503a6711b16b1b63 b1c732de434751e0 5dd745544e5bf5d7 52f0951864741d85 5348fa24185403be 674cae438432846a 581dd298c438a203 350de91779040219 d1265b0a47276fce 41a4f48d57a9555a 62766212d5834787 51c1bade73237936 f15df48be5ec46d9 68566a8463b3acf7 a26c5d8b2a43cbab cd937137fbd96a25 db742c6e9aa97228 04ea7aef5158718a 41862ccc6b8018b7 d10c74e8b92fbd2f b8f36a7d1068da03 3ce98b98c8a08c5b 664d359a3f4215f3 87b22cb9542c5a9a b063187eec3066b1 38da04457194e5b2 3a47e1c04e92aaa7 1510017475d92aae ea4b9d3ad90afe7c 21454fbff43b65d7 e5fe98044177bf1a a3ab5cdfc33c13b5 8f3361797dfc8aaa 1fb2d3cef89ef211 8efac330c0fa3c95 5a0da3c4e760fef5 c6a3cc028011f284 59aaf83925c375aa 5dc1c80a72220960 61bd40e9884ad4b7 b824469f8b4e1e52 f8b426ca24b4d7e8 7bdd115b00f70fc3 e14399164f047b43 8c3d371646bdf75c 2359c5479d79fe14 10d604ea11813406 02281815e395dde1 6b770730586563e9 03203d793718d475 43320b814ec96170 ebf323adee05e1d9 7d591eb56a4e4b43 c091f7289b9b4055 3d7b8de65fd67f4a c52c24a5155c6e72 e96be46d238198b0 8134591c710929fa 2638f2e2ebb074dc b75b82c602a36ef6 d835c2202c053079 6e92cc1c606b79ad 25f2a13d9a602a6e ea09a5d85de2c8ab 71401e952ce2fde6 b032b9f210c817b6 623004bf16ed8748 86bdf5a3cd1f64da dd136195cc21e63e 6f9c86642a28eb5d 067a8230045f75b2 b200daeefb642aca 4336f4e8b4c9d2cb d2599d3b5694ddea 395883570fbfdbf3 9659bc838fb802c5 cc323d568be2abd3 02f0643e3b12d5a4 22536ffddd14a054 5b5003283024d411 +Ciphertext: c4b11d3e 095902246b69bfa7 260d82c4878341d5 45629f5b4e29dd57 9a163bc8227732f9 018b220f3882a584 3d6d4b0056b07e99 03da96adeadfab8d ae6e54f93d6a7ea3 36ba21cfbce3b0a6 90af8f77698d287f 4be0e7e83171ccc7 eacf9175050d3a7f 06a00cc560f58427 aa0dda9cff93632e 2b9cb7a64c48f019 bee84eb26739006e f14b41e9fe1ff459 a6d729795be98ab3 56aeaad29f45a87a 2ca56999663f9f70 6776def131668908 8937acbe5126afdb c73843d65cd17816 b73ada6b2643196f c751f00000c18188 3ceb13bc15dcb46a a65a306d51fc4bf0 7c612d266214aa36 b19298f03494c0a3 b15ab4ad9e61befd e0c991de960b4cdd 26adde038398ec1e 4d6c6fb8055705af 990ff960fef28085 2ddc0aeb62e3d7d1 6cb5abf54c285e5b 0a35ea94343af368 cf05a4500b504b28 5f79060559151df4 955784508b862260 55bce0a8b56d08b9 6674a25cbc9c9898 74633c086aa7e429 0c274f00a59b8a5e e8a080c8e8527fe1 c21731de6a0adbde 1d6840df19a1192f bc6995bc0188cf0e 2810b225c2e0f6c1 e694fc231629f040 a892f74b555091fd 3d92a8e7b8a68e6a 0c7f81132b8ee6ca b5a7a194c6150975 247dd400d66a0630 8c9612ee0bab5457 2f31b7ddbc1d9d2b fc993402f4250006 b226e03d527bff96 50297056c257cf8a 6ec6d9aae2e5c2da 4e5663d9a47ac930 e006887c1e90c260 62d5203011d8be53 873eb0e1b20b0d68 242631b5bc7677a6 ee46a18050ab185a a91014194dbcef71 d984f336842a7963 c0e83505fe7c1093 3564a31c54ab1a5b 7bbd700209d45952 bee5d99c02eebf3f cf7e1be58742e115 49e0c5fed24c1eeb 67a5d0374f6d350a e47833e07601b23c b6e26f354256f9ee d8163e6716d05e5b c847fc082605d93e 08ca525a6265453c 699cbbe4609b9dd9 06d5114c27879daf 72c5dc596053fdb6 fd708078ea03aa9c ce265467192d8102 55388e9f4ea67368 20fbc0ce7ed3af4a 6fcf8e13fa64d1d1 73d617214064007e 4d099375a082894f 54f41c533291d727 9d312f04f6a0bc4c 8d958cfb56ff031f ab3667b875a342be 4fc4f276f60b6554 c787e0a28a8cb43f 39efb82ff8dfbd15 dee649566047fa8d 342c3077454c2fbf de366be8ab7d09bd cd6bea19200f06de 9203aec3102d9854 d928f8dc6c0a2ef7 e8537c2f134073ed 66286e53d2ede666 81b971dcc23512a5 62319bb693218024 44685994d861e448 2e74ac4bc27c5925 9ae58a425854e15a 3e338deab86fa880 a636012191726fbb 383856955cdc6da8 de9e72a1f291eb8a c4247bbbcc984790 9eaf2455229d6bbb a32e52761d50485a 6a0ac7eba027d445 c62b37f91438ec2e ac43b024e5d6c45c +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 978-byte msg +Key: a6a7f975589f27e9 453782adbbd5eaf2 afea1666ae1d296d 17a686ae88f7e6d2 +IV: 96a2a888c17768cd a6ecd26a77c3b8be a9e663bdec962739 60c43a6106bfc787 +Plaintext: 7510 3d26cea2ed23f127 d453f1b6b53ec6b9 6c2242067e3b474c f44236b16a34aab9 6354676adf738dae 306f12f809fa6e2a d89c98b755fb3204 5b5b0015f8619f65 c01c74156646e249 8dc6c0d0db7a0a03 4f34d6efd5028ab6 18b34d329896bbdc fc85ddeca92258c2 9361e4855347000a 7bf1e5f726d7b828 d3520351735c66e5 c0978a37d19257e0 eb4767609be8ba08 01dbab176f032223 33410cbab03a084a b45b633e051b476a 3d802fa9d8e59ec4 8cfa1196d90c326e e0874eb578b909d1 7fd851486e479029 301526a835c71608 c257ffbe8b7c4fd3 832cb38af35fd243 c9173a9f339d9ae5 6d0d33a4d814899a 4bf95ed5addae018 c439228048b7c967 3c1e08897ea5ce65 9c703de7e9575f43 d0e8142469af4f06 4ab582e0a0465707 7ef7a14f74e89273 64472eb79115ffcb f92d0bf3e5820365 bea8bdf22296e4e9 37aaef393fed4fd5 6d99ed5df7d8d3fa 6dcf298a49db64fd c71abafef72ed9d6 103dd88e073c6e54 606e622145274298 d5d65830be42da95 0e14614c46969c96 b0ba4698f35e55b8 e5ce754aa08bb46c d84b7f2e6c40cdf7 3a9d9a24385797f1 c128209d2cda6ec9 a3c20e22328b913f 1f3586cc7a5ca5e9 f4be4dcdf5f831af e8904ee6da38204f 435115ef23af42d9 519c5452101fca34 e47e6290a401d197 cff9b7bb2301d211 6c8472fa9b7f2d02 1788d3085810a5a0 b1e5c1b56dfae173 1e6b456332bceed8 c7620d8bc184bb82 1902ea3677b79cf4 04fb5384796cc809 7defdf282df1db6c fcf3cee9bd455420 fe118123989c18fa 84c9fe44f0dfee21 928b6d503d290195 b23f9e5eb84a61a5 6fbe8118e1488278 da56ab3ffad9bb85 0849d82489eac81b 914f6330da1c48da 1310d05d7a424037 adaa43bbbde497fc 853106ec3abf98c5 432a07a84a427384 930f573a8c12bcff a6ceac016487ea4d b14ae0f0772dd95c 6dd8700e3144486e 96c3fef73f415c97 6dc9d059154b1c41 369c4e7769bef3a9 ba6288aab6ab315f c535aedbba568ac9 a9a3950af8b695a0 b92f39cb37f94e71 cfcf35c302fe951e c86c4d2f26d9ad5b 0265e55e3752bd32 e50c87320a66527f 572761a33cc5dc74 4670c43baa522c16 2216a79bf7a7fdbe 5f3a22f50a8e689a f872f3908d896d29 e74afc476f4a71c2 aebec30a633bbb0e d2c1f05c5ef8f689 5ab9d3d31dd0b205 5401dc9b9d49e327 516520f3a09960e8 e4aadbae2f2c6615 2604e9b4132512d0 359d4b7f5bd5ea0c b114a89ed9465515 3dfcca35a4b31e06 04591d7a970df551 3127333ad178ee3b 76d3425234cb015d 86bfa437e6148824 9bc2576fd312c351 f1a67b1528b9577a 49a8d659d9b1cb87 67fb53fd1cd70a36 94467fd9ecbbe598 +Ciphertext: 608d e65dda33a5b9b509 415ce62776659c7c 313501cd7309cc22 cedd93679f706b9d 7ced4bba9c73e78f 0d41f00259040ccd c484e1f2237d43ef 7795b68009264311 5b6bfee52837d04e 94127be04212ddc1 f77954a11e5a13a5 edce1cba3ef8b4f5 609d94aad7cd4e7f d1de29271bddc0e1 882a1e2197a69596 a58fe1cd7b3dade3 77b310e0a2bd8baf 238f2d2cf400fcc3 0ca0a960f917ffa9 2e27d0d9eec854f1 457d3ec654b0de32 43864c294f1de87c 5d22c36256cf0712 65b0047504edfa97 d4d4ae82bdba94d1 ea3dff6517090a1f 55812596bf9cd1d4 b61e3f26636a461e 8b63fef374ac2198 b056dcf332477c76 9d76afcf5b29258f 2b46c705a03ebea5 e726276df618bac0 288c51ee304f36ce ca9b304999257f41 d80a4ababdb5c726 6b2198de1000380a c2a9eefd6dc597c5 46bbeceb74c129a7 ad91fbda2c28ea35 67c88f30ffb876d1 a77e74a4c6f277fd 61228cda7fa28322 8b80b0bbeadfa8fb cea760c9034b5b9b 8240bf226e7c877d 005b4c7f5048a83c 6d7e9826eb6d1390 ea3725dafac990f3 3dc80125e34987f3 0e64529501d7563f b9188603562c6be7 3aca50bffebf3778 6145492a3403bf26 412c1a52188d849a 2ee452b2a6cf8fcd f6b213ac6f094d60 f451e882e4dcba6b 2174b5d57b0157e9 b85c44bd94feca70 835ed96f97e10075 5a8af578218d23ea 79c80f9837a50924 d4781a3299d4ecf3 b7be9fa35a25cae6 afe2c6ff23b13dd5 cac9d8563e235f1c 3f069ca224607756 0bf70edfe7bb56cf 4dd94df15ff69740 f4cebe9eb8c6fdef d32c08e964d0f088 829bffeca914285c e090f4b1bd48ef14 012d94d58ebbb161 d887560de5cca970 4f87e84e5d8b4f33 1f6a3ee01b263880 4eeeed302f33200d f490eb93332e411f ee138d694c070b65 831d4ef2463206c6 54164b999baf84b3 415b861df5b51d15 f2759401c1323919 59dc47cbe011adda 8cf5a1754d946798 93ff99742d995d44 448da85b1755516e 34f35f054cbc3ac6 b9cc2a40410dcede 889a3a98bfa7791d 5482fe3369f53422 90652cc267f210a4 19131b41454c7f23 9c4bd82ee52cfbba 06e92ccf51beb761 c264be17b3aa5f9a 27a6a6cb3f343eb4 21f0bf035e3092f9 ab7cf76bf6cb9283 b728aeaddb9bd4f0 7d7d401c0c7f0795 65e00eafcbb7454d e66247d29dd00bb8 d4387e21bec7d3d1 82c93594d2160fae f1e62fe629c141c4 f838f91e5134b34e 4b3fde585b9834ff ac879bb400125baa 0669347879daf183 648056f53045d04c 5da0a4ddf0c21d12 3b83682b07d85e9e f8df3ada8dac5773 c37df3ed0b94f65d 24d567d92eca1ffe c6cd44542ab73213 125f7faae422da2a 82d683899e112f05 78168997c0868c52 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 983-byte msg +Key: 220b5888208e92d2 9d4df9f1801d5d87 b9becf6f850e0696 ed7d010d90c1ee5c +IV: a3cb4b1836f94bb8 b98d7ba4be5ea58f 01cdf407a5fb5a4a c0392f5c1ac01b56 +Plaintext: 32a3350182016c a3047f2719f5f528 26d968b60bbf39fb 58c69bab01e04ae6 b4d67b606a8d0ebf 3d870b4479ac4cae f54b775ba45c30b1 67088cbc256bc818 1e983b127cdd890a 2b491a1ceb6ccaff a45ee22cf9034843 1f8cf2abf041a079 3b7ecb945ffcd816 185292f598bcd7e2 da1a9171333ce97b 2a5cb7c189ec3cd1 b493132e3a7265ab aaab5d18a824db20 3f886d72798f7b1f 2d80c14319f402e8 30dcfb2735c59790 895b61cd422c3e81 7caf5c76f48566f8 d3fefa7cc7df5c86 58636cc97a7fd58f 5e6a885b8e5d69cd 399847c7cba512ce c1e048b3bc37b172 d42f4c5a2e27896e d1e1b80cb53ec2cc 1d4917ab2777e769 a22e952f1f836975 4b4885237c461af6 89c7db26df58b246 d1ccb26b30844e90 1ceec839194cec57 66b7fd6c8a63f0ef 2f24d8f23331a202 fd29024f0d53ad0d d72ac919d219a1e0 cc839e7d80067321 6a0197b8da53f8c9 4866ee9ee76d6da6 7ce980177172f2d7 25b44e9d87b80b54 e36500c0fc461e63 5a8d5da2e558f724 b334d57b1fdf4606 1b53f715c7ff204f 4258fb51bf907a98 dca539a1309eb24e 2312b08c03e90633 5466802e67661adb 2ee270b44ebb7630 76b769e4efc605ee 758bf99346179827 78f8d12d8f7261c0 4f0c4732cf4f78f2 cfcad5b34b595aca 51a798d80ff265aa 300ed25d69ad5dc6 4edd68116bd2eaa7 90e665566cde18ac 5d6f75a38701d584 24b26b051a9e76b4 d35ebb9949ce3317 6013011479dda65a 44ea783cd5cc517c fbeb846ccdcd1554 8595291492cabb0a e85a91369bdf6e9c ac208aea23db3f5b 5dc205dba8c3a06c 0d8c98c86d4fea48 d0c2fd04f96bd73c 3e1a91f796b708e9 f43dd69ad30781c5 124bf1fe03e42898 bf542dc6bc094900 a1df76a958e715ee 6567dff177211e27 3dd81dfe7b11ddc4 5d1709c40b412cb2 7d77224991f3cd32 5b450928bc9ae15a 363d0310fe5e7192 53137a460f9ce918 7ceb7c1e6864977c 7ce13a86c9f93125 a4828a7cb4544ccb 49506693efa1e6fb 44426b7206c0dd96 70425b54c7c67551 30ad9c89c47ad637 e6d7b7f4d4d98c22 7d84d98b93920646 e07055dbdd8a17a6 81c820815758789d d3af53b1e6ca4357 d0baadb2365f7a55 74740e6034cb7eec 40dafdaa947798c6 b8e024124cfe7460 e4ebcf2f17b1a08b d355702ef31412eb 14ec1d4da45ea07b 3b73105e2ffd8506 631f264a5f0fe2af a61b628c43ea3b6b a60567b1ae95f682 076f01dfb64de011 f25e9c4b3602a78b 94cecbc14cd76133 9d2dc320dba504a3 c2dcdedb0a78eb49 3bb11879c31158e5 467795163562ec0c a26c19e0531530a8 15c28f9b52061076 e61f831e2fc45b86 631ea7d3271444be 5dcb513a3d6de457 a72afb67b77db65f +Ciphertext: 66605c633848a4 41e5fde269117227 fe3a9779dc5b0ad8 cd46f91d9d149458 26597c790a758caf 818da6c4619d13c7 9246fd463d33c765 b0f4fed3f3c2b9e4 21a049fd167fbea5 a536ed34b756767e 9a2d40650ed5f4a1 03fa3fd816aba3d0 31db2780ea6eae2f 1f45c1213ec551d7 94ba7e7f8c3d71d4 9e16a7786316cccc 76fec8715869606f e37ef1c250864349 7887145469dd9112 a8d801ef6bcfe794 2711089ffb128580 510385988a9324cf 7b9781b96025781f 3a9080ff0ffbfec6 147ba87be2794276 c0efa4544b1b49d4 bf904a28e4d0b356 501bbaad8ccd5d2f 8b658ed9037d1c88 f8f6e7571d41666a 86620f384c9d4a7f 0c88abc7802f071e 0ccd9ccb69cfff7f 66a4543b51d7c717 1ec0c8f093783b78 1e2f485b88f366b1 52a883e2cad399bc d6633461a3c36998 7dcc1188d1f08b8d 22716f60e7479099 89a238c5b440e92f d3b9c8fcd7fad1e3 84e7b6a75a7d9484 a6643f2043ed580b 0598372ab3b5b6be ee6b3131f86e6031 f9ca7ad3552ced7e 810a84351754c1c9 dd102e902abc6f30 3cfeefbcc11893aa ad5fbfb70ec991b5 1ba29efd4d693417 1efdaccffd93adbb 1e4b03d4eb57ebf7 3e1abd20e4586ec4 3b73eeee5cfbac44 2266b5b6d822b0b5 4bae8b6e3c527344 d0e67c5849616a3b b6534afd683cd5ea 481be8ed9fce0f77 5120188a1a016060 b309be581e0891b1 62d3d77984f66df7 494dfd65e2c7e4b2 9661282f73b4f409 ba39f1d76e980e50 05c2ffca77aba66c 1a4f2aad10c7ec65 ed0c7243ec944fe8 e4afc6f20c984738 c83e99eaf31397b3 f19ddb23a5337d30 5e615012256a0179 d733349e905be117 8ca9f725f85b9153 2e998a80de42d22b 1f05510d1769808d 0f712d9c0c692ed9 d71519ab0428afab 4f689bec72d72655 4a0f5c66e8418055 54ac01d3d5fdf11e 7ef877e05cd5d062 9dcfa557064eb510 1e8668c13aa54cb9 d35a3eb101572e6a 31a0a2d185c536fb 81c033ace68b563b 8c575b256dc95a36 7e1a350be03a3072 9cb509daa2485ff6 b08319fa82eff4f8 280b4a9d6f3fc444 9bb653aeb444e9ce 7265441442ce8bf6 bcd35c541f62ba0b 1286f14d40f00d01 d2a16482a0e78c77 fa34739ee555743c efe83114261510f7 efbf39092eb7ae36 9f57c15398a2bf46 289ae6300fcba4dd 1303603ae454232e 2629148c91bcd578 7829713e49aa3ffc 17e3161c6b418857 1024f2737e3ec12e 4107d0a75fe8bd9a f2c8e0e437a98d5f c58905339a8e7411 4a689d236f8e7305 9bc0f0a3fcf3bc04 85ab38a1111cb7d3 a2343bc4b80ec4d1 6d394fac9df3c9bc d47516ffd21006f6 5410051d0457f86a 0111542c1abf59b1 1478a1ccd4441978 abf5524f60e89a13 b7bbc2996ddd72ac +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 986-byte msg +Key: b1c380a1a3193694 c9e9404973d11175 515476c136877a21 1b0c87616744cd01 +IV: 6ec1e74237fabc81 8243a4c409fccd93 0708dc09f781d72a 9ea942774b2488c0 +Plaintext: 5e65 9d3a0767e2d1509d 49bf5e2bb95ef356 b43a3839376bbaba e122b2bd58818998 e9b09bc66e2d3cdf 7563f8c79e7f1f26 457f8219618b7728 ac89237705ecf840 12cc7c80293c4cf1 71d86139449d9361 d8fe5b881f33ddd9 ebd526ba56a8b246 61b831fedba78abb 854521e8736156ed b5df4eee370bf5b6 e62d43ee145ebf93 1e9942a74c15fe26 f8d2be3bf3726fb4 244be0b472bac6a7 e5ba037b07b5280e 919a38e2432faf18 14a9c29c8b7ae99d 6d6a9b4098e95895 2fa3edcaf756f49e 01e09a198a9da57a 1fefb572051ec98f d76306fb713fb466 0d118a41ace82b2d b896f0b3e706e835 62cf1d2427081974 ab5fa94dc465e104 c72c6049ed14d6a2 fce2c3182312812f 256f841cbae0e133 32850d9f5b02e755 a51bf94b8482fbe4 16ec99af066a7752 b0f771c1854d27b4 b1feb957fcbfcf43 ee07ddad37d9a5dd 4eddfde257b6d285 4a906d7b52f8f5df 73f135df7044a0b5 ec1792d9cfc1d974 ebdd7418e09d9aaf 3c62ffb2e789529c bf870a9d7f386292 e574a23514e4a191 371388ba67c8d8ba cf94afce0da747d3 dce7bffbf0441ec4 2245952bcde7041c 78a8c02eb5df948d 484e05378cfada6c 133bdc5f8d0fdb32 ebb3f121c4750bfe f7c4a4dd9289d410 f2ba8a562c2b154f aca8ea331c42a1c4 88e64081bf34bc1d fc8dbd2fc56ea22b 14fdc591b5e20064 ef5870de66847862 400509b287cc2162 ce2e928d183705c6 f5423e51eec6a294 2373f6c8337e69f4 5c39d51ce4e642b5 b7cdac5d518c06c9 deaf7effa08003c5 922004594bd77b62 24a92b279d2a25ff fd9391083914ab1c 176c0c0193b82be0 828823f97538b794 e07e933b7c3fd426 e9a7cbf79878fea8 e8a270c18f1523ce 3cd3da107b492373 d8df95c047ce5714 c331e29136600753 997933a55c3ff275 0828b20623b1cae5 54f5ba1ec77eb4af d35b5c3dda72cd06 7118dc17c1dfa0bf 2daf32433619b1d3 9be789bdc4f8f5e1 604bc3654e5958aa b9a8f37e889d3693 f592e22f7b28e226 f6de8b0606e32291 b4299e7058bbb025 ba5001427720bbd8 a6f64a33bc8764c4 ad02465f54e841a7 151e76c6c141de61 b9398dca57113778 8905f3b5bfdd3f97 087a443177af5c0a cc52d2cf5092e944 018a1f80ef17b25a e6e7641f4dd37b86 4e6f0de538df7aa4 21ec3af2cf57d9b8 d96c3fcb09db3566 05c425d72e112178 c90827e15d20a45c 5b14369a0437b6a4 880776136b04c784 2dc3bf472a3e3957 bf6e1c8fae1ce11a c4f44f2cb9db89ef 57824bc1de3b719c a80cb9d50902c90a 79c87456f57839c6 a2b10c11b4ea5a83 8e06473b2a283a96 bcc89beb9207db79 3f3fb59df8dfb449 3e76f6b1be0d2f47 75baf0ea17722a5a b21feef08ef2768c +Ciphertext: 50fc 0c707341ecbb032a dc303586e33cbbe9 633e8a50a0e2ae42 f4bbe920aeb6d368 914e5f9c3befba36 88a81e2e124afb08 ca2ee6f9458ce4ab a92e27ca5678b431 60c4f3521cc8c9ba 15741554cc8268e7 09d075b0d8b36e76 5f71e1034c9e3077 75b19a1d8085393e 320c3c1cb8abb7bd 48c357f9a526f349 a483be2165692036 d69bd4cb34c64e90 2108882952fb8257 63b5c089cb7ff9e3 04376ab1dfe61c56 7cedf6ee72bf46ad b15e055ee511174c aa5ee0f61386423f 17d463dd3fe2a159 a935c80f8d7a313c 980f41a22fbb2299 03160d666140b58a fe4b14aa6c3e899c 73acd0bb6f1e6e13 52f6481e27c76679 4c79287cc1e34038 8dd6b84a2f89c878 1b26883681a92be4 90fcc91d00b6e165 dc74b52c28488319 c3ca7bbd8796a8b0 50dab35cccfe2958 8d736cdaef135db3 e108727803fe05d0 644a652984f8cd05 2a8ad150d45a1840 b29cff0aab403c99 a0d7b5fe2b0a8c7b d7c5705b924038df 89567f0481ba9400 db9efffcd5ab898a b4053ff05d43b7ad 6ac23b7c80ef0094 4e022856b4d0de0d 3175f5d32224fc98 2d739086cc062503 0252aff6fc1f0077 5d696acec4d56735 613bdf7690e5686a db0f260aae2a92f0 b66180bf984c0da3 f997b0fd92569a82 b4ddbf933bf45cbf d8e0544e0b90fdb9 34d4783fcd40eeeb 0a4237793415ba20 2f2b1ff8c43052d9 bcb993974635bdd5 4bc7ea244e7e32fb 67365f84c2fcee27 7f242a9e5d22f421 d66ed66dde4620ce be9a69a3c7904fd1 addb5d52f8dc5849 12d3dbe44559fc7a c942387f9e1bf828 6b3cd77ef585af0d 3861e1f48b62f6f8 c9753f1a8ceddce0 199d65fa86f9b4c5 87bcc6e420598863 a48e1bb625db26b5 09c3dcb17f58831a 45d1ffe8dbe1fa31 ed18d374e98b6438 8a8c014138ae2a39 c654efa9ec336d4a efd9a94937d80471 9da0da51c991cc1a 6a5a7d1d62b8a31f ea3a05e120832606 8ffe586fd9f179ba a8223d644a27a044 33802808491d5bbd 319adc2dbaae50ab 6968a643ce50f98f 9472599a2d557838 aa34d4e29d64494d 1d9fec73f2e5a99f c32179aff25772c4 9fa6a0b44faa6921 fcad45813ecd67ed a0439735e1f5c23d e604811fb71ea9d1 4716defa8c3f012d 6a50926739e45d9c 71c38cee042b16b1 9247e5a35a93179c 0bfea25aa839eebe 89fd69134db9c238 027fa49f376032d2 9133aeb895b8c1f8 b45fa3229646d1da 79723ea4c1214331 92982e3cee04c37c 89ba03baebc5380a fb18183d8b724728 f16a764ccd01d4d1 62d1c3bef7a40788 1fa9f0516247fa1c 022795541cffadb7 3219f9722eaf80f8 4f630cc04f255e44 306a1718ebc5feca b2af7fc94af95754 8b46123b9ee7b5f0 305ffe61fbfb887a d3f6a8cb3be379c9 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 987-byte msg +Key: fb69ce80f75b89e0 6993749eec122353 c7d1366dc249d1d2 38384cc66ea32b0e +IV: 2317505568356fd0 b26ec31e2e0aff72 546f88f3bfa0e163 3c0466ff21693ea7 +Plaintext: e0488b 3fdb4ae3557a0c04 047b1fc3188a5446 72123673af52d7a8 04b3d0ad6c5983e7 06f8a3ceb8e9f7a1 197d5a588e9107da b3621370fca33b79 9ccde060a5b750cc 716647164226b600 25d9c2a41c9010aa 7b5840be9357b741 8e17a23f9a2137a2 4ace3ea5385ad18b f03a609009aff820 959cc447bc95d469 a3381d3393c0c1d1 57d79161e5acd0a8 41463a049f1845a2 c8d5a7f1be851857 a3d95922d7bb75c1 612a473490453cc1 e1a55be924f0829a dbabf2a6e3500d74 56a15ff6af3bdcda 2f6e6805804c9d3d 9900c825e162346f 97c8ac4d711e3b28 8339369563687c85 8b4cfdbbfeea7984 2fff8aa21e93e589 c4d1ddceb11629dc f448e6e93b69e028 3b6c0d4052475afe 6b49aa4623ae1c50 2a718d11eb615ff6 6f7778d87e678d2d 0875a07bc48ac713 178730fb37d9622c 904ec5fd672665e0 bd6ef34c76890dfa ba10be549cdc492b f96022a8a33c3e85 bf108c7c6c8ec400 a6d45f2c69f8e6f9 19e470b3216467ae db7d8a35b00138c3 8060eb7643c103c0 f151c560a0dba390 ec9abd809c4ba904 83856f89a34dd84e 99e6e9d135e6aa87 688f2ccf635bc929 fdd9aea355b89795 b921da8ec74ba78e d2498e76882641bc d1339c63faa0e22b 124a4a0594d4bac9 47f9d22b63202cec f531e24d84a851c9 f5e81d03acd176fe f494998ca1c69909 f4b45f48bef7efce c848ee3e73956115 9c54b897c2170b0a 6b60a321c3b7bcbb 87fb89ce21f6799d 1533b9329b14fa08 8d1f740884992bb6 3f5671ad44cfac49 c97559a3d44551c2 a29d4b0f464ea30a 92f25a3c3a805d6c 371d0a166a35f019 82cbd6b01f0dffa3 372cadbfba6ae483 7175701c2cf32a94 1c5e76467e121095 79a409dd4a760caa 9e88e6283f9145db f34fc090a21b1894 b6c0be23c78d9523 78a9f8139ca7ff3e 9e5afe341feb4f7a e0285281e31fb1d5 cdece9978fcf062d 4582ad385ec960c6 fe4afecaa09f89c9 00aa2cd538287dbf 2989ff891c00eb1a a9d63035d903b8ac 87ffedd10cd67c2e 1b7b5876e95e03bb 914009e0b846cd52 6c4d87f3527e8e57 0122d333a9b7ae12 f843de4a3ee8cb2f cfb90d86a9cc323d 5690bc5914616a2f 345ab9d7c06ba9de 60abc43b7eef5d84 a99b166237b8a543 2f47d74e66d5d49c e750a6a59819f5f8 1b5a1430f39a4223 e88f295cac33abcc be1adebc8f025506 e4aca2857bea18ca f1fad610e3120172 543c505c4e64ce40 ccafdb8ad80f74d5 f115b55faf069cba aa3010c5977e22db b44b924a67749507 21b1d5a08925ba71 d733e81b7d940932 0da6cc3657072dc5 d163f80e3d8a8889 85c6d5e6ea6bae43 5daf42a12dbce599 e304114b6bd5ab98 742d889118cf302e c096e244420ad8b1 4d31cbd907a8ba57 +Ciphertext: b969ff 92db70236fc9b889 b1d1c4e91861ffae f6542577378eaec9 d260b4580b290a47 03f9e144b9c922b6 af2e6b6bacd9bd83 8dd49423a63f7f74 b9befc3404dbaa6a 4bf6aed814f6c4de 0e724d673cdb410f 13a81e829d2188aa 7ffb505a7d1641c5 9dfdd6757a4467b2 0522c7a257d7b093 a385aa47d62c0393 2e6c0080723f5ead fc8a3421d01d5534 edb8923f088533ec 093fef23d21664a8 2d218b9758652097 0f1dcdac219947ac 47a11ca4d48048f1 d9ed4dd0b89110c8 3f0c819ec46ea463 f245777d3f07db7d 415656f4012c3904 d796ac90e783664b 5e28c8e787d49cb6 9e9eaa2360f13c63 4fd969731894bff2 14cf5149a427fd98 c361565703c4251b 5823c489af6e277a 25278c9ef93b775e 36fac4b0769041dc 771130140555d18a f6b893af5174c526 6b654d358f8a9304 742e08cc45bfded3 3ee0e44573dc521c e5bcc8fbdbda235f 37006db7e4c34719 e93edc845e7df11f c1f2a71c97305893 cb6d9e84fa1a0256 f39e0d1f6c486e93 06cb8a1c0ca4412f 5925be48bb75e1fa d04e80d300d21891 11fcec6b57359739 721a84ce7d8b617a 81a4c49f7f0d7506 908924d88247ba94 ba1bea196d0191f6 3fcfc1a54ce2150e 36cffb3df031dcab 2ba5f22d0060af73 ef5a481acbdf8222 9895b3b3fec27b9c 7f8660f3c75ca1c6 57c245bf296dde43 67332ab19fa75e2d 8f02bd3707e2722d 7fed16f6baecfcf0 2a95766039891490 858c82331d3aacea f2f9607d158e48b1 b356bb97c8a7c831 c8109b2dcf0b18cf 0706fdb01ffd75a9 deb59c648f82ca0b 174af512aa23a79d f9fb9eefb420d844 9762c9807c720fa2 ffea025d6eda56ae c8f7e21faa20eae6 767ef7ef8fa332b7 ef880eefc42367e7 11dcc0c1b01a5614 7dce066c0f1bfe12 125002c729a5d313 3cca6db801370f76 5d0cca1c2d8554b5 03820aeb1ed60d4e 42e42f0e8281c928 6ca86795c4b634d8 69e70cbf1a1a6ec3 3770116f138a1022 10c0d7916c604b65 1a19d4fbc7b77625 583675b86a9e0ebd 1c7053daf2ff0990 451415f25373dbfd 0d52e722ae835e38 ab709f0684d0315e 34a5416bf42b87fc 41cc36d7f38f7091 2f4c9336a26b9adb 598aa6cf9c7a7f63 fde0e2a5884e90db 7319551b08d8d356 fe46ad233c8c8689 048da56cb4a53315 6e00138c3ca4fc21 ac6cc333e43438fe 138367b44b4be51e f3ae10138b87df39 e34db994911d35cc 1a5d22383d665cd4 cbacc68ccf85d302 f00fdbdb3a69a2a7 8fe8ff1252d75065 988e87229d892261 e9f0b69d9c7cea84 8ec67204c2da18f8 c5e4ab8fff7b68fa 15b8a52a6adbbf8c 463254a4279bfc03 b083061358164b14 abd29ada6b9a0234 1b5fb4a343249755 b345c4f66d6ccc5e 19d9b8ef2d3b5020 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 991-byte msg +Key: f1e8ec1a0f24bb63 504cb9426b145f99 ca04a2db29c0246e 608cac537d0fd408 +IV: 165701adde1e9867 754c6f0285bd82da 0a43e8fbf1ef0587 e58c0058666d77e7 +Plaintext: 1b69726c692396 47448f9c9f45b101 49fda8feeb8aecba 6167d4bf5f895baa 58a723279fd9ba1d cd641d2662d47a42 af4c3accf31b3fad c48f6acfb00e61d5 25628f098e556c95 bf7efef7935aa0af d39f023a5acc7144 7705581a931e075e 14f6b4fe8106bf66 e6393bf57afea9ae 7f9c06316ac709e9 4470a68650e1d6ae ee089aefbf133df9 0a3eda0a5ee91fa9 79ee509769318f03 f1795afd2e7e552d 7a434ac591a56eb4 f334e61d89438907 8a3be856a0358bfa 47c77e66761d0d43 824ccb663fe4d900 68c4641541337030 7a2cd45457f88635 0e0319a871e88459 ccce25bc11f70646 32965edccfe15b8c 11681e7bd6a5081e 0ed434ad640544d5 226f61ae4e077dec 1951db597b76d283 1798ceb16462971c 0ee3d65c9a9cd521 4ad78623403bc75c e59ee4748c1a5d7d 5363eae04a57bd97 d8d7079d5ad6bda3 0caf9c052dbc6bfc 5e2480154cf485e2 8e727cefd1ae01f7 3259cf58ebda86c5 329fac3b5eb1f136 4c8cb724012dd11a 906c8bc63e8ceba5 e511377596d1b7ee 824ebcad1b43e271 767d9189f4ecca8d 21fa204ddc1b0407 b9a646dda3e3d985 c665d743ac9ac414 a5a0172c6d5af6a3 09c4426cf283d386 75c105765a3773f4 c48b02e558dd2289 a19d50f6b39fdfc5 0f71f90bc7ece18b e3097a2902f60da2 4569477b68358137 321b45cd10e20d59 fda94d12a47db47c c927afdfe54730f7 10a7aded24c96b86 20c2fc9bca4b07c9 99164769d15ed6c2 f0c2ac7e4953625b efec3c23d4c267de 323b7f462a04557b ac5eeef896b8cfc6 208377ef77422e36 a8e0fd05c047fea7 312ed6b778327fd9 fd294ba83bb325ef 20111a1bb73b19f0 042cf77c3081b649 e64207d7fc000d49 5620645f077662a4 ba169de95166adf1 cb78336e6b971a2c 16201c8dfe948835 7dea4306432a0d4f b43706408cec71a2 c56bb7c5bab2afb9 8c701cc0c5167804 3b30f08638f6af57 d71e5f0ab1f5ed69 b9ae8d6765faff56 0fd9105a9aaf631e 589a71c52b03cf24 eb73b02e08a8aaaf 71e9bd3eb496916c 6603ff42c586d3eb 9ccfd0ad6778f51e b8ddff94d92e2fdd b3c34d30eeafed64 5a97f1608ec54fd3 cf781525337eaaad 050556246caf0459 48e447275d6c9ca4 b33def9c3c91603e b83c4614d63d7439 9c93bcc60852b28d f8f5b20a47f62596 399cffde19158c94 20c46d6499dcde2a 432e3a62f73fc0df 8a9e97c1f57410a1 b35d2c0e6b765e3d cfb891fcc4846de8 c37ed6e07f9fb6b9 c886fd33af0fe62c eb277b147bdf5ba1 8dbfbbc49f5cabdb e42c9a28e99a1d82 7856ec4abdef2da1 a7a3f6d891760d28 2281f2a4718d1f6b 6de08e227d577ca2 63b56ded663b7067 b079a443f563fb3b 55a73e84843e5101 2841b9b782ff5b81 +Ciphertext: 9a972d718c435e 9e8f14754c4444a5 5a074ae059bdc997 53806133ab5f0185 8f29c00256ff645f 167aa70b3005d23b 09f75e46dac854da 66e75f79d35c6a76 929f4cb1cba9934e f1ec64b44e076b84 a5d0c823a667a203 a232d329a11afa36 adbe2aae6224bf26 bd1372aca95d2306 f13b88811d5dbe99 ac11752be784b70a 05a71dd6a67af815 cdd0c05ccc8f5656 c9efa54f82a6da3e ff6df3bfe37c9a47 ec3485a0e414d5d5 091c8510be5ecd8b 555591596b6f0ad8 ee76f7cecd18ad03 7dcd7c941822483c 0d363ffe65b8f8fa 1bb3071f3782c73d 5c3683b5a7ad1e21 b86b0972f4029cab 2f680dd86968aac2 77b37bb9f067b569 de9b3ba1db4fe870 36659e2459572d12 35b2741c15b16286 eaaa279c056a972f 309ee3f4077611ca 365ad7e1447b2a9b beb60870e4212fd5 87c89eaaa5af6f1b 915342043b129288 142be5373230bcdc f9db660e99b52928 257b2abad9cff1b8 b17f2925616deaee 9a3622d6bde720d1 624ee0a6347a0de3 ca43fcb19bf1ed57 919bb33b3da0111d 8289d5202850d288 b9b759f5f9d0abe0 0560bc9f2ac75c91 f7b7dab981bfff2f 290909633c57f55d d6a18ce9c4ee7bff f5897d12496f0843 0241946ffd51bb24 eb384a3e8fb6ea2a f57bb93fdd77e3df 29dcef97658450d5 84f1e9afac640adb ac22c666f894ee43 14739751a148538c abdd4bb19d8c0ded 4f770e95a07e4f27 6871e012bbe542d2 f31248a1191a57b4 7efad054541eb077 1ab98a6e02deb99f cc23504ff2dbff64 875f263e62b18224 861b1b4950c68ffa 8167a12e205a2d4d a0fdcb357a0b803a 81f492da684c2dd0 381d736a5e89fa38 451979b6ca22c23b 8f3daf1ddb18d3d1 615a84054ea4f342 452a1c9a10719e1d 97c0a7170437f430 8fd454c815372d4c ed0041131c6b2d21 de9f34708de2d371 22cffe7586399700 9753e48ee951a518 def65bc0b669473a 7396f1e8846cbce5 63368c645a600b5d 32169a58de184fe5 d4fe11887a8de50a 3f2cac4d47321cbb 5666d41aa9e5fbfa 36f2bd0609f211bb ca2a9ad5b5301942 950f5e1999603a21 14ae709f9c2bf572 709c121042951985 7188e21ba08484db 48eec0fafa45c2dd a50161ad7e63fdf6 b9c3fea398a7337b b11399e23eb152fe ff0b9af93a9de01d e6d2ecc042e15836 f9e729366127b120 817bafdc080e98f8 c34ad3a01ed6fe92 852ec050b771d372 5080fd63a2a33461 f60d9312a2f14bd2 0de89478324cf86e 8f1eaf8ff3785e45 33a93fe6f8b2bbc4 4c262769a9ac5e79 ce860bb36e223487 6c9d443f7a5aaded bf7aad07d690efaa 2b880f7c428a3cd0 16b13571e8fb0239 f30f3337fa1764f3 f6de7d889af9d1cf b1b08fdcd7d80471 493d85c99edfcd84 d1521d1b1fec666f +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 992-byte msg +Key: 4c8604f31c34e6ce 508d3beecfad40ef d9a74c1e98ca03db f823cd42b942870a +IV: c34178acb90386c8 d0baa9c5e2aca1b9 be36e488c311db4f add44d03aeba1c55 +Plaintext: c1a62fd93b64af68 a23276c3c37fc478 fff2340ae6aeef4c 07d5200e054aa8fb eebc12c2c9e0c974 6efd882d9bae13f7 43e425eb292aa99a ae2d2cabe77b93c5 f38b09af8cfe3cb5 db24c94e91c2f4fd 33129d75b50c7000 4be45b217cd44578 781bfde7ab4670f3 92ae206dce42d151 778685eeb2dcab47 860394baebdd26df 2475d4b34f40cef6 3ba374d179b611bc b648c69f4823c437 0690bebc5d1e9fc1 a0a0785ba075bc85 7d0cafc3bba61c06 985e46d09d672298 7496c370f92016e5 93a4cf27c56ca36a 00f0b88bbc9b5af7 c7d2efc9dc332d32 771a8a1ee86af414 a68ac35ee7adec6b 6d577771a31d3356 e8aca8d12b0c4dcd b826fb0e5184a216 81593b4a2dc1fd51 6c49d4bd99b20fed a6f25831b27cea30 dec1fe875df786b3 cb191e31c02f40e3 a4cfb7b6c5e45682 a6aee9329b0a6c24 92f47bd3344a0ab3 2dd2565cc77f1beb bef008a5503a70de 93e7421a0b3f3b71 7cc65a38fd0595dd 4e8dca136b3af82f 61b5afd2613cc5c9 13a64b312ca1bfdf 433f83ffe1b18efa d752629ed4e73e79 362494852173bd0b cef2ecc126ba6135 9067df6f07d55fd2 6f270644290e558f e548a006b766c16b 6ed30d102112873d 0a4754d297f96f2d bf169e4e9337a539 1526b99c4c9e37b2 98519667442f9bbd 5ae6cb6ebba526d3 6e26120439eb9641 6ec8c89108a189a8 f6756f0eb79b037e 274c2d8d9962ec8c 255f4aae44b1906e 9a35b62b12f91d15 3046814da3de2948 1a82607559b7291f 8cca2f94db12fb87 3e7569b3932d5dc1 eeccb26c307e73e3 db8f4e6e242d4555 4a6ea7fe27953f55 0591cb70b2c6b074 d710ebb285054b16 117bddc2224ba8f6 08549b334fc2c4a0 9490c3ac984b7df5 93191569cbfb18aa 644ff7b77a99bbca 6d82f47c7c21f22f 967a38ad6c442e0d cbf016d729e64168 7e128397559fe498 22029821d63b32cc b15714bd573a2a84 279bd844c8503015 04cc69a8dae68c2a cedc716a8497ea3d 8d303e2281b4d922 4e2441facfc04c7c a185913332f51c46 1a16669eafbd844b d30c9e24113aa3ae e9923b4067bffd64 fb46e37f8454fab5 aeba5e077e3666be 2bf41c0d3054f0f2 9feead5db8d4ab94 ba1647d6f98c903e 31cf43eb1a89fa5e 3cefa023058b28b4 193f7e9ae987bed5 87fea57eb92445ab 4c5efc93aa3ea6f3 af0512b0b966b3bd fe8d983f23609eef 0a05e5c0eba480c3 a66e714757ded444 2b3e5afa736ef9d5 f7e1e2948de8b4aa ea33efe4b794ab4d e8078a4f49f0eb1a 59a3604a5c2963c3 ac4244e050a666ce cf90ab32467d2d12 b9312ff2a7fc533d e13b0de79c215751 c4b8a66d93221d22 632501f2c0e76eda c2f54879998a7375 6a0f471b5ade3e45 e84bf0817fe5426f 4bf9da6b4d58d66c +Ciphertext: bf5d3cd00a5fdc86 8e23bcd47f0ee2fb d18e7c7802a82d74 a9e539f9653376d9 0ac43425d20fe6ba af72501828b5456d 2d2a49664a65f322 432c2d7be686363c 7ef6599b90ec620a 6af3a0523d6e732d 8aa1964db4b19d1b dc8fc36fff4e2e40 30b582a5123bb488 2aaa34dc5547fc81 06beffe254a54c7d 6c75b4689e564f78 03be61263112fe55 01e9c4f50433317d 01f4a3c324b230d2 8103943e0de4cfce 4b0419a18b8afe98 75760f0aba795e11 7fa23225412f1edd 97548b47d090ffe5 79c1312be63c33cb b6cc21f70648c9f4 4bf7a730199e2c1d c8eacee84f8b4158 f769c204289786af d3ff11cc988588e3 5761a9839eeb79af 78a1d4720c028775 6225baf9e1c04f02 8386b8f52f43aa69 c6c8a7b3279e7c98 d643eb7b9a074cc7 139a8070118e33d1 956fe998f8051a6c f16251996730d5bd 68e77e8009f4708b cf56dfc1890417df 4ab9c930ddd06959 6e98ab4bc7a2a096 cbbc420fb7887fd0 e127a6856cd29349 6068ecaad908274a 53d1a51e73af78f6 7a2b8e297f3bac2b 36ef73edb29bfd76 33e19a82dd7f1145 3f0b36cee44a9aa4 94f536bc054e02b1 b8336ff8dfa4edb4 dbfdb291156897f6 4a1e66a8f2ce121e 8739e6f3beee13b9 b160be0299385dc9 5e11862a55e59750 50b19c76c4606b0e b93197dd049457dd 46ccca6821ad0710 1d7904e8f67eea71 97bfc32440cdce75 2ee0bb7383385ee4 efbabec4eac0c8ea 518604f691dc38a8 0a01b38b0ebb1b3d e478b9f1b95df1fe 0e67bb0b22905c84 cfd9ce4806304dda fc6e0992eced11d1 ee2a361a7390b726 d751fe3513903dfe 41c3a7fb6f79c41f 756c31e382c85f4f 1634ff635a32311c 4c85fd904683e4cf 80f5d237f5de0db4 84404c8701ec6daf b07e4e6c279e90a2 da76c041b4b3ccf3 34d16e98b3c117b2 fdb1efb3360d351f 71fdb2ca041b32c8 5261f7ad4760b333 dedf4c8ae924cd12 51260e0a57222187 0b0c3a8aabe6a81c 1d5e9d949b5a5e60 61304ff1ccd3780f 0d164f791eeec984 df17ef9ee7c62e55 51bb064c22ec40df b241d544c17c5b7d 26889d7e0b0910ea afde3256aa94907d ba5f40b10508e455 b53348cb4c70ac84 cda2115b57f82368 b55ff5ba18d38f2d e5ebc8fdb92cf32b 1206d81983f99b42 d2e76bd88c37a846 6936c4490953d248 4ff5d75f7db06c0a 1a8d237eabca1f93 103936cd00742a0e 291287154f2d68d6 6ce100dcf1ac7c4d 0d6643629f1a1335 d9eac28cf83b71e0 ac1b84003112d1af 303b88b5af7c142f 1a6c0dbab6601018 9751c5b5b7eb1665 e750cff7c5a68a53 a51dd913c10a37d0 805ddccbcd498378 d5ced21df42ff62a d8f16ad1214d319d d453af3f3d6f0d35 57d2bcf24ed6b1da 09748a58571b56c0 de6ad2d36b18b24a +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 994-byte msg +Key: 5abd2c4923b58a9c 25f72cbee68168bf 040a653c763b7d32 141ce6135acd921a +IV: 697653dc4e804321 870663f1c38682f2 eadd61f15d7214be 7fb1ab3d74bb12ba +Plaintext: 295b 367d943d699e3d5a 081bfdb75b28054f bcc6234dfc97417f 02f12f08b531a255 1d527c52c4be4ddd 63631a7bba0a5e49 c0e44f36fc666270 3357111c4328dc4a 4f838e281c26c175 bbf2a439693ffcb4 b3736994ded3eb6b 8599a45f8446e024 153952273981a00c 5af0235b2e70e876 de9afacf6885e357 42dc703a4034b5c9 b79c51b7e375f389 86841d48d2452879 8982894f6325521e b04bfc133e996323 7dd31241e1aac1d4 88d61c681d65c6a3 fc539e7b965a41a7 170bd053471ef318 ae071d2bfcca12d5 a80fa723d679c9de 7e34c1bdcbcdb6da c1477463236b6c92 945ffbdffc7aef74 2d5747e1c7283a11 584d7b7cc826bc9f f52571a99a27d678 750433c3a9645e99 61d5820ab61b2024 d3c75321560c58de facd4d8f73fa39b2 9a1d4d41ca306a2c 8ab2e3066cfa83fe 35cad2123d27947f 1968937c788e9e27 4bd3d2c029861815 f115ef3db16c6c89 c67d7eb84520776a 9a1ec8d86f880cc1 d04e49a88c0c723c de2730184c19e1ac d009e27b369f0988 c516760a21938c67 70b53a60bc6d7f89 98102dfd07aaed4f 999683c4d74b53bf e179247c56552501 74302d52814f47e5 69f76e55a8c7955a 6a4bebf9f1cd5cf8 386e5b95d676df78 24e9abe5a25bd336 97047c89f817e3b6 8b50a1844ccc2d1c 101ea2bd689fc2b2 c8053b81e9382a66 6b61deffbf43de49 44ce2dcbb0f1cc11 b2b1815cd678d798 a8af668e1c8e545b 2d331c21c5f28efc dded1838e5e443c1 664e80dae6a82512 0c0db37404075aff 25a5bf56d1cdfcb8 9dd4e831b24c9a12 741d28a061d8b409 3b47aa9c69494338 9bdc4e05ad7c2f63 ceac2820e1d2d7ee 234700140eaf8d63 7e86d36c13fc17f0 d60351981fa62fe6 b69c5d6c381d043c bcf4919fb7d6b70a 1df2b74dc9c9df0e 1f405076f0f3052a 9dcd117d80d628e4 874b61aa22f43ae4 60b2dda85558a27a bebbd407e80db816 cd66cbbb80a44ccd cc75fa9b18b21fdb 8eefcde37d50681c fb9e64b3ce995091 8d90148e023077e1 d39ae4db61b86dd6 f1d010680a5939dc 1d0e89e26c42d685 2473735ecc21b107 e3e0a5d3c5ad2cbc cf7e2d9dc31d1ea2 6e35cafc88ad51d9 db367093a8200227 4672c7ea0c396577 7120acec72411e56 343baf69eb85c975 fa0293955cd5732a 4276d287fd051fee 1fdf16bcdd7042e0 b848c0915d704741 c9fe65ccb0e70bf6 20154c1462b96209 21e3f274cd509128 428286dda516d125 8f536da16effd374 2876bff801fd36b0 be53c87e0a891316 1a1488b38d217209 9628337a5cc4d18c a1c2b29ba277a4cb 3f5721415cc4d093 87244e7cdb362fd5 24a640c044df0f27 d520ae650fd2b342 ec1983258ba9d185 d2db61a158ff1271 82f41bdcecf7952b 0ab93abe0fb46cfd +Ciphertext: c4aa 379ca0e978ddad7a 7cf2fbaa533f3101 ce7d5b5b0928f5e8 26b6c2920292d572 7bf871c4e9ebea2a d520b0347768e5d7 90b532c7c5fc3d2f 42265ffa1f88500f c167c78b57ff44a5 7b30f340fe49237f 48c0d1973b8179a6 67b2a403cd9a818e 3a5247b3e4a427e2 02f997b2e7cf039c 339c7aebb0386eaf 485fedee15b8e593 b44308ccfdc0e682 9c037605ae60044c f39c5d0cbf4e08d9 540ec03bea8aa664 436b6cab3dcab57c 29868dea5365bdb6 73771ec6c7d6798c 5917b0dcdfda6d5f 8b842cfb2f416d44 5bafbd0127164bec ccdbd4b033aa4156 216b11d6a725f8ec 3864f37318d11ff3 815ff1498ab1e10b ed5392b4cb66dc75 9e392cdaac4a98e1 0b8bc89bd254cac6 1a51dabc2c35eb8d 806120cb35e0a277 02a0017681b98c17 f22e594c13f5dfa1 97c739fa36b4b411 61eff9ad39af0ad1 d3c7c30efbd9d1f4 ccff03bfda9c7a83 5a5bf67f08674013 c0befc66800ed0af dd4b3acc6ae3b5ea b559323292135ada 1ec2851935a68839 c7fcecfd487da789 feb3b4bb3cae3d0b 58f80ed50c44cae5 82b49883755e5772 4ae708cfb365ebcd 41fd066b3c40eb16 e9a673102495f2e8 9301e2157c7b30c7 680dd224e8ba452e 5da5469c6e6102f2 fef36849dc7b9158 53a9dfeb88385852 550b5470c64178fb 7a9e0ff8584c0a99 59f795d41d8a4a28 132edf2964c5a7c4 899a822af4ff9586 f75eeddb9950e4b5 5dfe2ea93d628196 4312a448e01d4c3b 5edfaf1785c4d8ed 635314083ed31b68 e1951d5b453cf4c8 3fc987e5ccd0fc75 77b000bb92a1081a eaa586cf1217785d d449ebfc7ab31b3f 8639eaea43316557 2b822c9377bdeaf3 d2388e57eb5be388 5623ec5acd87aaf5 edbc0bc51e4f80eb 57ccf6a5f42a40ad 0228d33819231a9b 51e8787b1991ea75 a05dfc8cd6797373 96888f9523106ac3 bc999c123bbe7a10 e5162e74ea7d091f 8c037ed0b8f9d421 13fa40711be08322 7fb433d4975bb40f aad5b9aaf1387184 4ad3624d83c63671 7fdca930717dfaa3 2b94c5e2fcacf15d 2a19040793a50bf1 480f4470ca2ba1e4 57c9c20069073d73 662c5848a37a2669 d8b94de60cac4d31 2ad8c387330503e4 5d3d072680edc998 9126ea29c0c3f1e3 543991cfc94056b2 efab259e88886a91 fd0b9f3a44b4614e 8560cbbd32e61d9d b492370cd6ee3f4f 1bf62761360c1ebd 305cc68fd23831b8 5e57276398f1d828 d4ad9e03cb30affb 9637efa360385fa7 522f0a5ab6a3db8f 9efb89878e9adc2e 0604068bf17bc66f 488fd5e89f43f808 e2a15594039427b5 109c88fe5ab3f8ae a8361391687104b1 02ed144155b22d4e 4fee52844d5e2ac6 72abb8504ea7f716 239bfcde709f843c 29deb4561f962f7c 86f7c3cf6b45c845 d0fe7845b112f2ed +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 999-byte msg +Key: be79925edf1dd644 604888cc2422c5f8 3c4c341cb5698289 b4de0e69c6d5e5ea +IV: 7188f09f0fbc6c23 dc8b9bff4d67b9cd a35c329ec195129a 3a22bde6aff9e0cb +Plaintext: 583aa714e0b731 b776b341b821ea36 4b53d23d39c221c5 84738f334e17ddd7 f79b161f86fb150b 4a5747e1c148b222 b87436bcb4601381 9186acd869a88bb3 b763a4c1bc07dee4 22a6cfe5e06bc767 5d2d1119d8447530 079c0115fe080a5a 53d86df380ad1aa3 888cd4b4de3232eb 82a7eabb6d164eb9 2fdc1750d7df62b6 1321f81e9895d230 c431ddb68244fa98 6f0a490a3b7da704 516f75f2bad69cae 3e67cdabcd660e73 1ebc7253964a2754 6b7db66e092287f9 b57ca4647094be29 1ed17500e7c8d454 de551bf3e0ebc209 bf28ba4fa0adf680 a22c2a0dc1c2d311 f9887787ae652ebb 4b2661fe2ad0d29e b434dc15c9c5fd81 62a791547408e04d 18b35ba7eae22390 ae54cbdc3aa05ffb 90c9a5284a12a2e4 3b1460a3530defc5 c37baac762eabbbb 4f0ae2f5d8047208 9b0e9cf1eb3eef91 769b2061247a0761 4208eb51df23ff24 766e2cb2cea411ad 1f2c49d676eeec70 5a6658f5b0f63109 dc81a6ac2935f6b3 6ba83379e32747d2 624b3440b1cca06a 319a90c9bf2a74a5 da0e644008c9a951 75e17fb3de36195f ad91e69866801365 4162514419bed81d 84d9ab7544871ee4 de4196c98878913c 4829e6445bb24d4a d4e421ce85596559 220706b3a4165f55 ecef0221a996b651 7b39bcae59095702 30488bcfcca32441 fcc3fa62f11f748d e8144b2509379086 8eeaf13c272d3874 9db714afb6461cbe 5a3311eaf3496373 1ad7f73c6f0428c4 c8630c588fc7f887 655946d70be755b6 837fd2b3723d36ee c96190cda4a485f1 73cd9569577fa025 cf55a8ad9331d813 c0d0c52536a2f5e8 3ed99e4271c0aff7 d54f14d748fc3635 22d3c29a16c9acbb 594e73a90621a648 c268a7029c00afbc 361212092ae7c59e a7fd1d075b5ad998 962063a5ac6253f6 9b363575ed0b8c2a e03d1769c5e7524a a6f9405a2b8a6890 be6f1d83ee0c03d9 116acf032e8a4e28 1af9a95ee0a5e720 66efb3fd4e01608d 1b622aa995c7bfdb 6e2dfe142524fe9d 2b6e525045c88b08 3108ff568c68c976 f3221181693d8ee3 f8a648109b82a373 5cc399a7baf947ea 4d6babcfad67ac33 8fd65a71311378da f9fe385f594c4591 f52106cc08e022ae 03423fce78a510ab 37a78ee3b7f485a6 b75c53692429ecdf 3eaf2225f724243d 9bb244bdb6cbfdc8 33bd343ec186be30 7be92397c7c1a145 7e96741b4e6e557d 5de541032f807b71 ca3fd4ea18712a60 8ccc2f4f08bd6bab fffd8517d765be57 9103be08ab6d938e 4555f74f845ed11f 342efffab1c553f9 070ddb7f58b266b3 7e334334f23a4c08 ec2924d5ccf5bc53 b9371c0188806017 dfed00bc9afc557a 6d9e59efcb8eafc5 07e0e3e4baddf2e5 640e0dca56979aed cfc77c3765ec9492 a66c87a10011c2ae dea5bce414bf7bbe +Ciphertext: 11eeb0e58e13df bf86118c237d9c38 77ed84067912ef3d 4b5db6e24c678849 bde52bbf515708f2 fbd48748ed92ffd7 f14af09ae89f9e6d 6d80c40020c331ef 18b45f15feae9a51 6d22b9935e576a02 0d98aa0d8a62112f 2806ca124ab6ff45 f6814587901b1f9f c6068096932e91b6 14059b453ab7ad44 a14b5bf7f4a1ebc1 8bf9240b8a0dd220 49bf25de640f43a8 a8c2abea99f8375e 88bab997adbc7c6b 833b1e098d1fb52a eefc2886dfeb1134 b7491bd9ebeca894 edb58b2b1cc500e6 9e2d7414259e37f3 5488d2198a766aa3 1f9c1133b3970b28 46acf3741f6836eb 473e91a46223694f d66a8b03fd656dbd 880302752c83f864 3e0533f868379b47 791309204cf7412a 7baac35dc45cda62 6a1ba34d02268593 8db6b022ad9014f9 d53d733af59511fa ecb67c6c323e2259 2220454a9e122ea8 0bc47a298c992920 32a3401ba25be19b 02480ea8f23a56dd 9a4a412cf876da5b 54d0f484bb5ce4f2 5e293a66a8ea9396 ca2deb0e99be4199 9e6e599565fa63d2 634003271772eec5 b2fccfcdc9961a50 bb2d9c36ebe3154e 75552c1b0cb526b0 aceb126f7c531988 d1fe2fe2371b7402 28ffd111c95dce03 69f89dcd98138990 901c64446dc36a57 9730b6c6e43f88e1 9a56c4ee9dbc7328 314fbdf458c2481c 2fa35fcb4047921d f8d22fa56c67c7dc 3cd1b28b718f2445 8deacdd9c2c909eb 794cf24b02cec7fb 7555aab4c77c7b9b a7b81291ac7c00d4 de54c014cc202115 bc6149f914ff5e2d bfcf40ed9686decb 7d1e01e7cb2c54c2 b9a1bbeb1bd8a0fe db508a2d54077957 16be96e596f75194 83c0206e4869d1b1 09aadf7d879656e7 5e288bc1bd0b1902 8a1c65f6e9cca254 20eb5acb65dc810b 01189a64bf4a2111 c8d01c51bdff2049 f466912fe96a86ed 8b48ba673768c6c3 ba3cfd99395387ae e34dbece6c64305a e761648131fb566f 1ac0ba3e8445973d 44f5c8b6e07e6041 39310325574ccf6f 1e8e3cc6549ee954 4feb8af05b3e4144 5310a35ddfbd962d a831a0414e58b775 35b7d76fd44ebd90 4e2ab56afcf7e58a eb1273ce3aa633f1 3aa8a9ce37cca29b dbe0aa4514ca7465 da37664acf766369 c356960ba3f421ff 54798395024119d9 a02e774ee4b98680 ee55fcd923aaf5cc e1dd6df77a9b8d57 f10a3ae4bfdecdb7 cccaca841aa2c6cc f05e13e84a2a8148 051b47cd64487626 9da6c0bb75ab807a 90c3f8533be30c80 3718d4e56d8118e0 d9fad5bee52c4c61 d70984afdf96e225 b34af95f62a099b6 141a7da21abe6ea3 0c7e54660fafe13d ae1b3a6c6d20a104 d4cd345bc8578b53 97179dc35a514c4e a46cf872057e3ddb 1dc3d6213bede30e e1468ac3a6035382 622ffecc6565a841 c499a0ae8a9f34fb 0c76389853ad8ffc 5c14005da452d8a1 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 1004-byte msg +Key: dc5abfe2b109641e c0d557802a2ae571 c456b2576c8fabb9 9e383da34260c44c +IV: c88c47f677b66216 029583b55d1f5a16 ce4d8a99471ea5df f3de572f0fa8e118 +Plaintext: fb2ac958 91a8d0fdb54325ca 2d7cd8dcb4f4918e 49758299cd369a80 cd5bfc2b9dbcafd1 a6e7971c0068a488 4448490d9bd330fd 1b9e2c2f54c96f5d 2582fdcbd5ca6029 5e7c9dbb0c8b68b7 478b94efad73cdaf 65a189e9af1e3c8f bf24cb41cbdd4428 636ecc220134d91f e14da1cb125bd26d ce84830e07be6adf 424950d5a87cc396 5ac50b9806ec5f87 b89758e8f213a5fd fe5101e8832f6212 57f973ce9430453a ee8a4166433962b9 7470a1907424b027 9e10eabd4cfb8bf3 a53d1c76b68032dd c5c458d5e1a64a7b bee16409c01559b5 56c728d689a94c49 d51c331337f4f247 877b372b08b87f96 3ef1899cff6e0a6d cd80a27b63c20fdb 8e9fa1ee3e14ed40 ddb7c6b0dff969d2 9ba8f89159b82a19 ac4240f402cd3b72 79cd4c4ff4698c90 6f81edae8ff070f6 7d0e9930f579217f 9a16ea888d5238d6 3dae1d7d817a35fe e4e0946b3f25fdcc 8e2c54c0fc3c5668 400288802cda6dcf 834afcc20ccf5154 e4dda3301821761a 7309128b9586339b 4511022409ec4425 f3aad264bdf14958 197f0245426b45a9 d7adb9d7e9e11fe2 534840bc4910249f 34d585acbd6783d3 28ce9af2e48bd041 602133ed20d48203 0fb12b9017ce7507 efd3ffe234b9698c bcd2517f270a81a9 b66c661561e8c5c7 2353a9e899afa023 cbad264e4a70624d 7b941033326fbfab 82963c97d4a34ef6 3736a30bf73a0bbc 716ae4382513d5dc 0d1bc0582e42f10d 6ca89cbaa2908658 f26302425af81f99 881220e7f02a2c02 1b6f4734420c8198 1ba96dc7f334d5b4 fde1acd5ea6f4484 b9aec2a4d13ece87 4d998f0f9753d614 38a19906ee19a4d4 ffb88b0cce29e343 ac44b1b7f0d62333 4aa07e3354a25849 6a9907bfbcc6597e a1f1862e2fae629f 08dfd768767a93ce bb8cfee7a27e6fff 5a979f3a84c35e7b 8b93848534842b60 76841bff8bb2861f 4766f672a97183fd b0a649be6f991993 64a66f570635a44e 9d3d65c3560764ef 97354d1d9002fc0c 13cbed95a5cff48d d5332eedcc493730 26119dfd00009506 5201ed3080ba42f4 2b1073054ded5533 8540a98faf464bd0 b809acf5b026812c 21d2bdf3a01fbd7d a17cc357907ba64b 1dd8c885d7b647f4 fc2b78f38fff9129 acb1a5ad19bbd66e 1d17c6d395024e9e 440073166b209565 9981ea3fc5152bc4 9aa58da81216f391 46ea62c0850ab5f4 a3c2928b930d9ceb 3813ea2079f0b9c6 94b75d2ab4b67eac c5fc806887194315 e1250d2c7904c44d 81e761e0d416a1f8 41eefd7c2625dd88 41560911c4b960c8 a731cc41428d7555 1b0735c5fd114d1f 4a5256e691eb7aed 63fee304637174d6 9defb712193017c9 af7b50181c692306 56eb4eaf1d8ebba3 d3fef8898dc9e708 6a66b7e724761272 e44998205ba48d74 0ec2ce21f1980a71 +Ciphertext: e545dbe5 e46b79ea26318fdf b91ffd5e8ff50ebe a536a47f607af84f fc8987e3f255ea6a dac0ead81c5c3d7b a16c3d72e4419a19 be830f5b7c2e0522 6e5e7ccddf42a1d8 5eebb6fe372996b6 1c5b1de0e90cf5ab 8037a1d1af43f357 1d22b665325ac1d9 6c3cb04a4ee6b265 8995417e80e1a5bf 01f46e9364516dde 1e14f0490aacf080 1669e69b162332eb 915d0f2143a2f5ad 2e5f772f6ef3476b 4a984e97568ff802 6a104f681d3f2efd d6b0f580a8e33922 72c976fa46f72521 537b4f36c6e23165 436c92d8dbc05c5b f8ed451101b09e37 c9a24b12e15849a3 d677cfe02d7e46e8 c77d0185d5b1a50b 28435310ee0ca060 07dc488ac50bcfd1 d8573087bdd90a53 b82bffa631248a37 e616d46097568f2e 994a96ba10e3d01e 3a37f854b9993023 26be40c1d0f03413 4f5975e4281a185c 48eae861320ea8ea 676d7ed1b09e2fb4 8f8bfed5b617c35e 8a6fe21cf497f844 9f2382f5534ea98b ad0339ba40abcf7e 6938418372212ff0 88553c84bd1b37ec 4cba9bd6eb82c7f0 fe76f3d970568577 cd2c9acb93d5267d ca7dbea81e5f4ab9 4dc61bbeb702d469 c5d4b68fb73f6492 31904051c96e7116 40c608032b069e1f 8f2dc626f3ab6e40 81d8e06ae7ae1350 0f9c18d6a17f7477 f020618b6f1fa5cf 260c53e2efee5dc6 d04dc398a4067471 c4632d11e685c1f8 ac3e110c466ec022 38acc9c9f84a9464 aca50556aa39789c f5688a504a4e3ca9 c0c859946e18a1f8 5dcb845fa88090b2 5689163d8a7833f5 6f7fe8632040a733 223f5c372159e605 0f8835efe7107e8a aa6cfd0dbe6e0da4 0c2cdb7ac52be156 e4b29f35f43ca5b5 5669af3016772e19 d8380ce27d73b209 bbd057ceacc7c5f4 bb26254f6a4b90fa d74cc1980522777d 00eec8410ca3e89b 2758cd360591ecd4 0b586bea745858a5 a0a17cde0e33b72f 370b1d23885bcd61 c92e1654dbbf1a35 01516a6128ef0dcf 25cdbc88436ec4c4 619982852021496f 12296a1cbc02e80c 3427ac258af54780 bd8626f0f2ad7f6b 9ebcbb835a391d1f 55daad0633cdaeb5 90b90127bd1058ac a528d91237cacaf9 b91a6f0a602817ce d43930c449f8fa58 c9694fd3e675d479 82486be53872fd5c 93155fe7bdfc544b 7353d309e73fe648 6b4c17afda7fb35a 593e7110420b2378 2999a774cb107f79 d3492d0035ae6acb 05306b9b34f5b6aa b00078acdc25db06 87a982103cda34a8 cb9b201690cf28e7 327bc28ed4706153 51dec21ba4ca4aeb 02fccab1077ccbc5 c3fda4e1e8dbbb3e 35fc5b04d0cbb96a ca8f7eb9ccc438e8 bcce5643ea902542 a99141e14f8c8c23 d754b38bc5107aad 8a34faac69c60057 0826b2ce44939cbc d8c5cb6ab1650720 3959fce16c9d3d90 69c075bd638ca7d0 11085e5341d6deaa 74abbf3cd8f36d7a +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 1010-byte msg +Key: 2ee76a4a2124b79f b2078be6cf18637b f727e04cf13019de bf823691ce203b24 +IV: 6f68217b8bf22ba0 91bb7709b483d419 5473d3e8b9032147 071b13ff6e78835a +Plaintext: a252 dbe58b3c6f733d4b 10652a7add29964d 5d014cb5cb069034 b16c5441b907afee bf0e8ac82a209dff 7d849ac729b5a7fd a61e120ec1224015 385fe74384347d84 f680f15f05ad981e e7ee6a305ec46ecb d5c773d6aba30105 cf618f468de8f65c a7c326c9a82418f2 7529047e255fd3ff 1285d7d43092ba4e 9ef9b4117b2b01bd fb5d93ceba8c04c1 50bfce79258dbee0 87dea6d1f9f65336 ceafbe6df70586f1 1ad89e36e4ee43d4 9f3832e8075617b7 595c4895aed7b306 870b1622a97f6e3e 2bbcb1c8cd51bf73 8b1a969472c2c6cc b38726e8f63dc405 f09622f838a09fed 568f334d1dbd5fe6 3cef64460fdab467 bbe6a69279316d7d 32d74bb74d710245 c5db8c8e7e3b0b74 d93e03c486a5c7d0 9901315ae0ba96b4 7456f9268ff87f90 9d27235096d1ab66 8a90dbd67e2be84e 76603009d3e127f3 df9c950ea73fff14 09fc625e0d8a2804 796c54469f75002b 7a8c0967f9ad0982 9b3085373c4e681b 2fe1b07f8c6b6896 cb5ad6db928af5ad cc0c263cfb2622a9 cf9a3369f72ba4eb 375e757abb7e5464 abe2c95cff73b11d 9568ed5080545bb0 a463056c80e099cc 4afb1a1841cad4b6 3f8d95928d361ac3 fc29c86b31409dde 411265077e753108 90410521c757d1d3 afe2a245e5dd1ae6 2ad61e54b6f1ce7d ce2fba0499f052e6 30b79f5df42e3104 246a593caf6f98cf 46f756d4b66fd7d3 75436c297a5be6ad 52e650937156de91 c6ab204192f57bc7 7914dab3dac3a129 5cd5e33fc9bdd4a6 2054818de5d7bec2 bc2f601a3676ad14 ebb611b9c9f413c6 ab6d860d2d1f0419 bf8b9811f9babbde 2f7e829044fa15fe c36463ad2b0a14f4 8b93bf5d4f885e4d 5a13ffe85506bc2f 461eec6b648a9bcf 2aa73859aa0e8ef9 24d0f6f5d700ca8c 17721cdaa0c3a8fb 2a9908733d2c27cd 4706f883ec07681e 9dab919e6c90301c 1e3259ae82f9698b 02773d7078eaa142 43090bf499fd8aab 1eadf920b63e7846 98da1d2ea5b1e627 f73ef229bcccf174 4538da745af8dce8 d15c96435f148a52 adf3cf20aef30717 31789167b2d900ac 761ccbcbd701451c dc43d0cf0c1a4e88 8404d94d48c5b4a2 d7ac81f20219b431 fd3c47c0b71fb091 67e7108b6757ad30 4695a27d1931d511 11632a925394f64d 0320b71ca25b028d 9bd2bc4018d38d91 1a2f9277c93e52ac 0924f40f4d53af46 b05181a742bc2459 9f8b3eb6c796d8f4 2959110501f413bb e4774730995dc565 2b560f293c4afe3d 9c9afcb51ba974a1 9b9b87ed695c0186 cde48bbedfba22f2 9db7c76a3b0d7880 ba886005bc134be0 977d5cf8a87d0255 eaf42882c673ac35 2dfd1331e50e7b6c 20dbd06d53dc43f9 4588f8ee6760ff6f 632e8641f78f4d75 04af5a48e254ed47 f71eb6b7880d4633 ce43c4974d0be11d 611b0dc61a16ecfc +Ciphertext: 718c 46a4f593c72e103f 3af390c5dcbb1bd8 35c3bde4bcf6aede 50d8ef629c5ecca2 2e3789dd6ab76c23 5dcce1fac0a226a4 7b192f950772d2f2 e3a660791b7f630f f0116ee1a2addcba b5e5cdbc77ad5242 7f35a448d06edfba 63edb7d39fe136cb 0c483c2b1e2e8893 85f06b640355a805 e91e0a3de8143b0c d842ecff0a402d57 805a2893f56ddd48 0ff0d32523498ebe b2255c051a191c32 e8e623f4657ad7fc dcacc11bff98f689 cfb3525d08b29872 087b504ce720502c 6f98e64877a7ca94 394b5841d9eb6fb7 226b851858eef05b a2f04d01914ef14a 8ae622f7be8ef965 1f7f6bd0924926cb 12dbaab1b6b8872c 1e634788b3682b57 5ada3cf7f02308dd 41f6e4f70d9fa25a 22261c856a43faa9 283656757d5d1539 ed84bc8e47fe1da1 b1a9cc4d786de598 ae57b6e2ba20ce41 6b00d3193c422a8c c4ef190f51ade445 ca40afdd799378b9 9cb5937ae78b0500 4466ba7a55cc9d35 8cb928b53a56fcd1 7da4ab9e04cba3e0 8520e26fe8d36629 49837d704d84abd2 4a1742e908cbc6d7 9acab7cfd2deb8f4 73af8a5d026d8fa3 806d4f84b3f4bf20 66599339d9ed7aab 4e9483bc8c10b2cd cb4831db217f84c6 999edd3ae0c7e66c b094c6281b5adf59 e38c36c2b0ac136c bd8c5fe20870903a b1f6d5b1290601fa 8c23b6f923ecc0bb 43119e60e2486435 80edcff399c3562d 1dda639074733d52 fa038b6702c55fdb eb63eb7ec20df2f2 f4556c1404d2124e 152e83d2a4c5f0b7 404719f45b7dcc42 88ec419f33734d5f e7f880271e8615f4 facac1fac0dd6c61 816b789025851dcf dc766e313d9727a2 165fbea1a3724cda 129e54dea44604b3 bcabb95853b35950 924df80f5369bc5f aa0cee3d3df2d638 115a79658827a160 a7e9ed6c5dac58ba 43ee5fab4e25a4de 12b82fc100d677db 74f7e678b045579c b2a4910d28de926f 09adee329b58cb8e c8d2570684578d62 efe4061c683da6e5 3418e59c260b4d0d 6ef8e0e2deb56aba 8b82dbd5619f420e d6782e6d60cf0b0e 36e98784871e6afd 93ce1977dbc5cdb4 d910d632a699f9ef 9e59df4132550aa2 9339580bbbdc5163 8a534ba57936e744 30b2ff8974a7d5f8 79ecf7244e8115b8 9573373e81bc8bd3 dd5aa8befe909f9a 016d0c68386aa9ff 6d5c98870060ee0c 06fd062d46f3c36c aa7153ff50607ca5 b0c88526ee5cebeb bff77109b0f4b887 0748b1b9120c731a e38cb8b44223059b 0886cb798ace9b00 d6a58e0ffe6562f2 73234d14dd5fb793 f581d560a6fdb994 7d0ddc3532294554 5505ef35430cebc9 59117e385a8bf66d 11b2c04136522c1d f31bf931f03e70f4 3f08c5914dc6bf34 a2a3d736456b4ac9 92c28622308a3f1d 74a00caab423e022 daa4ed11b20b8009 f2dced6e192ce89d 8b473034afaf014d e6fa5e8ce81be81f +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 1011-byte msg +Key: 550375dbe7b85a66 d679a902ac3bd85a 3626bb03888ea70c 4126d8d611701025 +IV: 78788178d0c2ed96 8d810c6ac4092e10 ea872130dff0558b 2a373ed387c3fac0 +Plaintext: 9f2034 6016f548afca36a7 675a9a7e19e65092 7d16ee6e075eaac1 ba80cc0241526355 3cc137b2d8160044 a278d50f9db2e7d6 91376f3ca763e529 3304736fd119a9ae b3da727539f847a9 c225a22bc3d7b6b5 16495d0594c3523e e51ca08b977d5a05 6e678dd7fbf8739f 706ae918b3dc23f7 b1559f12f50657c7 79cf3b9cbc05de23 14737021469eecee 544e921f96499863 0c621dabf3b25e8e 96262ceb673a9ed0 4e03039a41731a5e 15d9868894a77cc2 cf78bf18b651ce59 e5275bc0c1a200d3 c4212e8c15fe66b7 5c13ab9bd47d37dc a29f6da0656a0ff1 0edcb163f2c76df6 1dd4d93de9c736c0 d005eaa07f533179 2be00f8c2886891e b84d141b21314eff 0225ecf6e657f342 1ab62cdebcb2d161 15428d24292ca4a7 8b816d31766609b7 1a1a4fff34350606 e12e579eb420815b 06cecfb08de4c856 3180a5ed1af008e6 0ebeeaa0fae9d5d1 ce7654288e27a931 a68bbd787f375df1 4f52a2973557b154 8516a52161fcca6e 89950cc4734fafa9 9f8140c425abcb41 90004e77ee216ec8 282c69c990f54ca3 b99366ba8b1ffc8c 96b83edba7ca7a0e 999090d56ed8a60c 9f071ce2af5cc23a 06794951fd1ff8a1 3639a0062e1cd220 150d4ff8dd03c0e6 91afa8b2e8ba96f9 1a4e9fd2f2d70bb2 240b4f8de2283c3e aa7c7529622b261f a62df38261962fa9 9a1a4f8591d09e85 0b3632b8ea761e32 00e7e9b025d73f7f 8788e7994278f512 31e541b2039117e4 91c330ce6e8ee1c2 c05593d54f8f73cd dcc86b41b4e850fb 85b85da16fa2e095 5eb9331998f9eeb7 92cf5be008dc2ad3 4cf666c0df6fa82d 3e9a8b9afe8c5f60 1b2022df8e3eacd8 1d5c29187744cc57 8018c25fea946571 0594b3e4d8d6fe0f 7000e46978e582ef 0a04e5c6c551c122 20396666fde0ef8d 82adbdc824082468 046263ff7f76dac2 00cf7732198b72fc d35e3a1d42daaf49 5ced918e0bab3835 804d86e9cb7a1b1b a8c6c7a49c7945ac 419126cbde0a0b6f 3b5c177eb446a43c 8bca356e8379acc0 aaf0be6476a3a3fc 13d912bafcf86cc5 c90338df4761cf46 cee058d7cff9f779 ad5642b9ce91f5b2 f13fe630c22d3b15 abe9dafbee84211a f197d86cd8846310 59fe3cedcccca197 82c98a765830de25 8c16e618cf380282 9bf79b75c6a1584b 58f295469adb1173 6f81e6d4e789bfbd 1293457f1204da44 74098a3ac1d93ef4 4f3a330d5d46ab0e 5f6fe39197c144a7 e567dd78e0711129 25d48d03f0b27ed1 e9dc00894096d92f fb9a67f78f5fd7aa ae9a984a61060ff9 56608d177bb67eab cce2e304685202a0 eb0a5b4cf8ebdf8d 15355d3fbc4b3d7c aeb670bf8b6da749 a053c3c400028d27 d6c7a8d9f9edc419 c13f139d1ac80179 d6dd2043485e6175 0e388a122e2ee48d 65da34e6bbeeed16 5bc0a4ada206c4ba +Ciphertext: ee0c21 716ce3eb2297a75e 34beaf30a04c40b6 999b8c138215380c 00213c9eb7214b76 4259d55f2ec9f50e 69e6cc9468d948fa 9f980f1f914ac065 e7b8c54428017e08 0b6dc5fb20351c87 af00d322a5b38173 13219cb487f42ffd d2646980dfd38274 344c7827e2eb0132 7da8d577811c7a26 bb227677dca41366 90361462d8849def 558ecb74ba9af2bf 3f2dccfa576b7227 71e27c6c5b36a45e 13987bcb41fd3f73 d038b38514840a8b cbb00a4c9602b746 6f8e6120623da3ce a9363fa9f986e34d b6dc130444667ece 2c2f424564adf8b2 ffad967f96c514a7 e69d00f8966da74e 9e86f9e002071e00 c2750ebbc716eb89 3d24c275098b3823 a0697a5247c7e00c e1e992fbea6b4bb0 96995ec1bb274294 7dc52f5039713904 073399d2e37f4b03 d47265e48ace2041 4762f81fdccf2b3c 784b661b53496ea8 a311a7cc80be32e0 14d337dea5a4befd 657473dd3a80da62 807a5e49b6561634 f4a6ddb99c75568f a7cb8ae1afdb6b92 0dcc934d81b4ec05 efe6bba31e90e4a2 e13f9b6e7af0a76c 50854b1aa9962e8b 08705a408fef9e6c dc7a9c99c8ac8f00 0ac101d5c3ebd5c9 6b5193c312999aa3 8a6c558be88ceaf2 703f8ff308fc409b cb150007c5ed47a6 a7093d3a19ac502b 5f150ac22b14d8f0 7b217db825becc00 4069ddd950250c2d 604c456bccb50b6d 30238d50eabf9761 c48bb0864929f838 2463bd7813f712a4 9f0348f3c6a1ee09 53efae6a17533d0c 01ae52077c991bc9 c07663917dad36ac f782d9488a4272b1 ab24768788c18fd1 4226a2a80cca862b f63b72116e457de0 f905e1467747a4ef 6a3f2f20eb44bd88 2f4c7ae4147b79a0 b8e39c647391659a 50ee531e71499c56 0610b39d341531e1 585ccb52918fcece e3a30b4a3232812f 289e2d55970afffe c5eeef2d361d13bf 2040108666d45664 62d710f7225a411b 7a9d809c9cb720a7 1e21f852d8a25aa7 2739eba53cc01485 0b3868b824ba1d8b 1628a54767cdd973 0f2344e24cd00d74 c51c8fe0cec2f63e 2a83cb8fab9ff697 f64cc5dd2ddcff4d 3dd746104b03d787 7b2f38d7776a7ceb da3aaf384e491f8e 7826be08909381c9 d19cf9983f969333 68ac7cf23d3486e8 06345b6204516ffb 84e75753fb2917b1 e94144f9ebe873cf 37f13f355f8b9b99 c5b5b29d5df1db98 a963d5c72b35dfd6 c8ea43982b2cd3e8 9160fd53dcdcf36d 6f75e286a6e0c4d5 8e3d41e10ab35ec3 3a0519c927d12d9d d1bbb90716ebfc54 4fc59ca4381f1598 4851c6e7ad691e15 a421cc280ebc4b01 8556d7de13366cc9 f65a4980ebd7aa6b f28d0eec12151734 8539a5229bb9c846 753ff3d23d8b807a a8946b67403717f1 f0b34559ac9cde39 535adc28ad487d3f eb2bda7758cb1c32 0bfa057a8fa326eb 356d16113093108c 194dc1d0241be49a +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 1017-byte msg +Key: dd83ebd91115f5bd 981f361a5f6e993f 4ae9bb6676c44c8a c1f7b77d8cef0535 +IV: bf83fe660e299257 7b6a78ee1c93150c 1fae9f210bb082f7 48f403d2e2e823bb +Plaintext: 8a 07c619de071481ea 5320cfeebbc77661 6adc143719824a60 83d8ca9119dcb146 f68918081543e5eb c275e75c4e792319 07b8688167122a0e 8c808d20e8f7bffc 3a908b14bde72b89 9fc05eeeb4f1bb4f 6c7c457103fb3f5c f7414217bf3e8cb3 ba239b8a66c7fbc9 d2495c2c56f8e709 816fd29053043251 ac6411ff0577c173 5e8a6ff377acfbb5 4358089f9a554f51 2edb3865c0f7abf5 9430235e226b0544 0e0c31d75a5ed654 db358acee9d29a2e 5b069e79b39b5151 95efa0bf7ee2012f b2f206bc76a532ae 80280b41ac3570a9 f0392d5292b7cd6c 98e7b0a781a45d3b 3285182c3349b8cc 1b78b38149477bc8 d5bc0d7ac614c64f 866279a09378c071 760a8faef9110fb5 956ea9152ad06095 f3d76579b87ae500 45a626311c27d2d7 67cc93cb30c6df71 d4521685b598ca18 30d25dd5cfb0d289 bffbdde3847a3c78 eb124a094030d209 c26c215a54665f58 75f41f18728034f1 daabc63c3336a659 eb23dff392178e84 4603f31b6e03c75d ab87d0c90bb0b441 80fd0bc69126b784 5048780e8c43bbea 4760b3506a38ab2f b8d19b710109f980 9838d10907111800 00c93ee4977c0244 afcc8a82b2cbb3d7 861ba697bc53acb6 0aa5438cfbbe71d5 e5ee58fc1c890b99 658da038ad84865c fbac19c3a45674ec be8c86d7d6f6690c e6ffeede81337df1 51eb1cfac32dcdc6 01ce1d7e21d9fa29 9b35c5720181a8ab ea432a1330420054 5b3026505c8c2f1d 7fc7da4e9ba6e575 8be726e6e227d7bd db0332228f7e3ecb 6ba2e8c3e06b556a 5ce077be7a83ded8 76ebd1b9e3b09e47 a0872e9308aedc5d 698b87dab790e6b5 82611c5326398d5b 428aef766be3a453 211747ef019c8513 3d312e1e4ac38b04 d892f39707909905 d809a8a2e18992e8 46fba4bce40edff3 cfdd0315ffceec61 46ba2111854fabdf 20b323c7af6a0f0f f77a6f8518cd9208 07d62e493f78b0d3 b423d14909406aef 02cf896c3c4ec4cf 1cddcdcf05a14757 ce66d84273888063 0a1329c8f9297f3f 67a4011af0fd5830 9d6de8241351a6ea 0ad3298601c70317 30d35115bfd391d7 357bb458333e743a 626fe80baaa756c8 a566489f53fde2f9 0fab72b8c10649bd 569ccaae6ddbc0f6 532ef50d326900f9 85675e15cff1c411 8de2b43a69894ffb b04f6aa4069ae36b 59f135b113604b86 941e926edf6d5265 93c23e221e264a99 2ddcbcc3664486a1 5affd37fb554e076 b8d20d34ea373400 0a9139f847a3e29d b48ae992f6a150a1 3fa1f5ff810d66d1 dbcdf6ee581811e7 d898cc454ec9c011 2ca3199a1c78ea72 f11fc4badd52869f e455762590d89124 e71f208f9a608cfc 7f6d73614192fb1c 57c1673732ece8e9 bbb3b560fc3f5dbd 1d6e5c619330ed67 94312071ceb82ca8 58cf06fee9a433b7 482fda2703151dbd 64cca940a1008c59 +Ciphertext: e4 12709a8196f7c647 44dd5952e74d6765 fbee95005d1e1a13 de072184e79c8a6d 07c4dc4ef62ae5a4 03157f1e3b0cd8b7 734049fca7092607 fa9c4a9f2ecc02e2 798a3852bee71440 3f98e526394cd8b0 f0321089e1036e81 d535a2fe48598723 2be220daf6d6d34c 67cfcd8b19e4b7a8 9aaaed5975d8fc83 f14066c35b4357a7 14becbbe6a29ec38 51ad6594bb3f506b 3b0f7bfc603f821d 53fefe697e99ab4e ed79272702b58839 d45e42f9caa6a486 fff0b96052911ae0 33de1640faaa9a55 7c723ea7b2ee293b ce148ccb0d2c5015 4e8d9b6d36e8f0b2 7e8e9c20863b1798 ae19e1e96ddf9876 18c18a060c05caed de202d49d3bdb7c1 8d3c4092c275ea04 f0d9f4ece1702cb7 b7d55bb1c6a04894 063b6af9c100e231 dc06688503b5cb26 ff8b1ae999a2b4ee 95d07120df03232d 4e15548a61388bca e86301986c6a7340 6eba27eb26ab8fb9 c198c62eab3e130c ca04e5ba503af7ea 1720da0bab5715af e8e82be61ee79628 c32cc7d4443dc70b 26000c14a53c39d2 9388f22a5712d9c9 0c861d5a8e3abaa7 cfe331fd61bd6843 019589b0d08e929f 3e7e27f26f98a042 982bba36cf8933c6 fabe5400c36ed27e 0b7c8967c0cccc43 b617b4e3855ac0ea bb7e35572b7d09a5 b1a6008b39527770 3a6e9fa9477ba6f2 cf80c1032b1c0e8f a13063412191a360 9b4faaa9cda13e71 21dc08c791ed9e79 f7497b4323887d74 46edf1c35739a18d 2f224d4c08c8a52b eaf73ef4de1dabf5 4e2db436d83838cb 107ecc4eeef314f7 6018da38d5da9727 e425e88b9f818445 bfa4920cedff8507 142b16274d42f939 cb21bc86371b4ad7 d29cd8b97c7f2273 3b1a568fe9a4a662 33173e1cca730536 87a988603ad65755 e6cbb10c7878712b 27d6ffff0aece822 43e171edf2fd06b7 e660e1155d5750f4 fc7f53552780e4bc 9221478a6198e8e8 1b9931120179a188 1edd7e93db55c404 d0524fd0402c6aff c792e23692eee503 153ea2c06c302352 3114718d998af8e9 c1ef2ef479df27d0 6165fe846364ae11 e26f6e544cccafa4 bd30b5be23f4deff e623842516ec4845 b5a869c5e8534034 fcdc38227b88a5f2 befbcc8d96dce238 6144e0207ae95e75 866ed3e7ea03e74e 2deadc9824d3fd79 effae4bda8acdb3d 458f3d2e7dc42b16 9d353c5e5fb41e61 66ba61d89f422715 70e593e756200fc1 16c4fa5acac091d9 3bca47f061bcd2b0 3e6ad66db061b8b7 98046b9eca3a69aa 3dd8c4083f4c5f17 d6d5568f1afb2bb7 dedbdcbfd91dd85e 3da0acf43e49f7fd 9f4a7bb1a62e59ee a2864c1477c12816 11a9ea329e1573f3 258a2b629113fb5d d2b9f956724d96a9 a63e26e331a420a4 3bf7d1a5446e244e c457609f907b7c2a 5cf89581f311531f 46ef45d57269e9f2 af0d005277ddcc11 e6ec49e4ebbdf538 b95d28118dc510d1 +Test: Encrypt +# +Source: hc-256.c reference implementation +Comment: HC-256, 256-bit key, 256-bit iv, 1020-byte msg +Key: 36485229b0251dde 90cb9868400f0f73 100e020d217829a3 832fb62c9a11daa4 +IV: c6118abc428d83d0 4ddc8c198826fb24 a0787a822c170bc2 d9154a9cc423f26f +Plaintext: 27a6a3ee 380de3154e616263 461d8243254116cb fea26aa817848559 476aaa9ca22d2526 594c4497db83a3ad 409facb8e8905f4e 5fc04f3f84a3edcb eb9009137fcf96ce 6cf3ae3d3c69d661 3f52826b318edc74 1719c16e6a9b0c5b 773a18bd06b3804d 3aa929efb83d83e6 0bde0b44486215a5 ed56c81d0f936a6f b512de807f026a0b 8b17be95982432a4 6cec502c7436924a ab1f6c34bcb48d71 6bc0634531e3dd70 26e4741825486c03 2a245709fe2fdcc9 171bb69cb926ffc7 62ecaff5657f60e4 d5b9545ea4d1b86b 0c2d2ac52e777a8c faf3ad3b4e1048db 623dcb7663fd7bcf 5e3e645060e79f44 dcb0d1464c36f4f9 1b4f5afac39aee13 335bbeb27386b699 8a1aaed6a0b0a8f6 60545276a093d37a 44d5c3c15fee7bd9 9cef908fdd429aaa 21f63ad9ab575be9 61c2b73b72b79d76 3b30f2796c317794 66a149f7e858ae6a eb790e3fca024085 a6a1087f09cadd55 c906ef08308e68ab 5918f2d1ddf17a42 b04c34f245dae033 f99a4b29aef3187e b600c058f42bd888 3dfd930504348798 3716b4d86406c259 20558a21a95ad85b cac56f50ff304e92 daf7327aa54a5cd5 498094db6fae6e61 e479cc4f4228a453 cdfe04d79bc65331 f8afd91a085a8262 ae32dee2adfc6db1 0dae1a9bc18505ce 865285d70e156ecd 5ecc8fcc758d7fa5 2ed39ad4671646b3 639e7bed6d988234 be6afc37a14427ce d5f75d78330bdd08 900bce9be52481cd aeeff72d8f8aa3ee 3ded70df9c7b069d 25d849068bfb23f2 9e84841e6f4fa769 b54996436f82f062 cb84eab647e494a0 16165e5fc585dacb 1ee3c3454dbe3fee 4155611755a9f2f9 30d771a6e9a45840 6f5aa16929d389fa d9d394f8c69bd1c4 1aba5f918927301b 338d0d97cce6dae5 fa4b1c0dfe0ab8e9 97fafd1f230be553 0821989a52233231 9e4ec66f36d0a3f8 7d92d6348e55f0ff 200009a2ad380402 d3321518fac581a1 37c4a517708a3adf c1d6d7c41fdab7a4 3b8ebd69a94ab53b 4294ddf5c737a4d5 c795b177c23d2704 8ec028a7fac19840 b24c235d62698166 1ef0f817029e2333 1569f3777311f3cd acf8d0c36733183b 4be142641fbbefe9 2fed6f68f2258725 ebe97100cd2d25a4 e225d702ad58c1fe cff62267276b872d 3d3449cee1f15712 0fbc35f816ba45f0 f9ef464a16571aef 0532cc4fc39fd19a 106c8e33152d1b62 4a8b474997dfdc19 ba002485e858ab77 b73e47023b805699 6f3e477ed7ff5c7c 64feadd998c57187 eafd799a6c85fdff abc19b6ad7359d90 24527b976f8fa0ca 25bc719261938ca1 54914d71ea0497ed aa64d16edfe62ee8 f54f3266250672b3 556e9b5a3972b5d1 bf62a9f2aafd01aa 7ccff0f59abd920a abde74d2418c579f bbbb311b6a8a757f f2189405f399c49f e9a900e951df505c 0ea64ac50a48d9f6 204c3dbc3a025311 +Ciphertext: 7747235a 433798d0dc9db325 711acfb96ba9c5f6 21a679bdc89e751e af373f3b551cc717 62d9558f9e656a51 626266b8dbd651f5 de6cd62d10f9d5cc 23ee0e30468307c2 eb8255102555d503 97507a5dca37a771 5e7f692e806bc182 fb1463f88840842e 2ad773e2c3a7a379 880cf77a56d7c79c f8bedf75c1349323 98f23d9d39337a4f f9aa338053f1afec ad8dc709ad6c00e0 f955244d8714ec8b a33359003786cf72 0740d388424b2314 097e8ad9f8370f26 012b99ae056f5891 f845e9b8578822b6 0607c2c5d34ed92f 66846e3f3067e22f bc562f63d75892c8 8d5ac38a66bbe84b f183654c6f8b0c51 bced8cdf69660338 e4b97ea9b68cbc59 394298382967c6f9 e665ca36ed3d9af5 3037bb1b316c4ae7 d411a55ea1f4ea92 97839f4ecfb23146 56c76f8b80ad8139 bebfda7833e22f82 1510b107eff0ab32 def744cb0686d344 8c3248107ae7446a 2be5561b7c293e09 d9340b75c3a38032 7cc57590b1b832bc 784b2a8e79b2f4ab 0f2ed89cdd8a9700 49155e8369a7206e 07e5a4e0e2b30001 3365557a65f942ea c2b77cfb42ec3e08 62312b2d8e8e3dcc 7c8cb992aa5437e1 43f87af6e741c4ed 4fa4f647d07ada03 ee369de5992d9076 5774f2804347bb1f 7f168d6827639f02 11b6e0d5fd2b865c 5a1c4ecd6141d7f8 1275498bfcf08f95 50c29333c896cf4c 7a48261dd6255c39 866b8163b5b3c477 a5792073cdeee2f2 692c155cd5262555 7c235e759abfff89 345d5e4c8b24e124 ff2d683f551d112c 82c7f45b592fc175 160d4b8922f8553b af4a7f1ecc85797e 7b19a7f5c1efb044 7ff43bfc4ccb0660 01ff24dfee015f49 f3ced01817a0702c ab1fc03450af887b 908a97a9115e4c06 91fa74946a650ee5 8d18b8f39e1f900b 3db078f80061bc37 9fe4ebaf3306a314 67f969e645397ada b47fcfb35f0b2c98 a7d2f357cc76b7d6 2af3ee483193d447 422d2bd1d069a91b 1fceb41eac063877 e1023c3bb5624519 9e15e8343a9ac373 8acb36902e3c28c7 98f482a2fcb4ecda c2514ba0fc38912e 7dcd70aa59c892a6 9f49d5abcdb957d0 31221e2492c6e9d8 033da5e6b9248bda 0b2b5d46e80d069b 41b05d5548392dc8 7ba93e66b8793695 47f605b1c11ac648 44547a01cdbc56b7 eabb69e994e75650 37b0008ca5b0d001 e4e3c7c59a48efac 193095bab8b68bc6 4d961ec2cdc8ce37 f69365c07764b3c4 a5055d36c146f6b7 f7b11925058e7707 72d430d3f1bd2b60 675f5b7a83af5d33 9de9aebe0d122f33 af832eaaa89dab18 9cf98f384161d825 2bb368e992cf88e0 f39496cecff36493 820703d8b841ca16 2a05cf77499ee932 b3cd1970b9ad49d5 be146d5191d8c269 bc276fdab2438653 e7604365817d283e ea05058146ec63e8 9b030f8c98607fde e4f288f084e4f9eb 38d96aecbaf17fb2 d8489afeccf64998 +Test: Encrypt diff --git a/vendor/cryptopp/vendor_cryptopp/TestVectors/hight.txt b/vendor/cryptopp/vendor_cryptopp/TestVectors/hight.txt new file mode 100644 index 00000000..d9505e15 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestVectors/hight.txt @@ -0,0 +1,107 @@ +AlgorithmType: SymmetricCipher +Name: HIGHT/ECB +# +Source: HIGHT reference zip file, file KISA_HIGHT_ECB.c +Comment: HIGHT/ECB, 128-bit key +Key: 88 E3 4F 8F 08 17 79 F1 E9 F3 94 37 0A D4 05 89 +Plaintext: D7 6D 0D 18 32 7E C5 62 +Ciphertext: E4 BC 2E 31 22 77 E4 DD +Test: Encrypt +# +Source: HIGHT reference implementation +Comment: HIGHT/ECB, 128-bit key +Key: 29 23 BE 84 E1 6C D6 AE 52 90 49 F1 F1 BB E9 EB +Plaintext: B3 A6 DB 3C 87 0C 3E 99 +Ciphertext: 23 CA D1 A3 CD DF 7E AB +Test: Encrypt +# +Source: HIGHT reference implementation +Comment: HIGHT/ECB, 128-bit key +Key: 24 5E 0D 1C 06 B7 47 DE B3 12 4D C8 43 BB 8B A6 +Plaintext: 1F 03 5A 7D 09 38 25 1F +Ciphertext: 52 BD 91 BB 26 F8 ED 99 +Test: Encrypt +# +Source: HIGHT reference implementation +Comment: HIGHT/ECB, 128-bit key +Key: 5D D4 CB FC 96 F5 45 3B 13 0D 89 0A 1C DB AE 32 +Plaintext: 20 9A 50 EE 40 78 36 FD +Ciphertext: 95 02 B4 6D 87 B4 41 67 +Test: Encrypt +# +Source: HIGHT reference implementation +Comment: HIGHT/ECB, 128-bit key +Key: 12 49 32 F6 9E 7D 49 DC AD 4F 14 F2 44 40 66 D0 +Plaintext: 6B C4 30 B7 32 3B A1 22 +Ciphertext: 20 CB CF 41 65 24 E5 A6 +Test: Encrypt +# +Source: HIGHT reference implementation +Comment: HIGHT/ECB, 128-bit key +Key: F6 22 91 9D E1 8B 1F DA B0 CA 99 02 B9 72 9D 49 +Plaintext: 2C 80 7E C5 99 D5 E9 80 +Ciphertext: F3 1C 89 E6 6C 4F 5A 6F +Test: Encrypt +# +Source: HIGHT reference implementation +Comment: HIGHT/ECB, 128-bit key +Key: B2 EA C9 CC 53 BF 67 D6 BF 14 D6 7E 2D DC 8E 66 +Plaintext: 83 EF 57 49 61 FF 69 8F +Ciphertext: 39 21 C8 3B FE 5E 59 6E +Test: Encrypt +# +Source: HIGHT reference implementation +Comment: HIGHT/ECB, 128-bit key +Key: 61 CD D1 1E 9D 9C 16 72 72 E6 1D F0 84 4F 4A 77 +Plaintext: 02 D7 E8 39 2C 53 CB C9 +Ciphertext: 98 2F D7 56 17 44 97 BF +Test: Encrypt +# +Source: HIGHT reference implementation +Comment: HIGHT/ECB, 128-bit key +Key: 12 1E 33 74 9E 0C F4 D5 D4 9F D4 A4 59 7E 35 CF +Plaintext: 32 22 F4 CC CF D3 90 2D +Ciphertext: BB 80 F5 0B 35 11 5B A8 +Test: Encrypt +# +Source: HIGHT reference implementation +Comment: HIGHT/ECB, 128-bit key +Key: 5D D4 CB FC 96 F5 45 3B 13 0D 89 0A 1C DB AE 32 +Plaintext : 20 9A 50 EE 40 78 36 FD +Ciphertext : 95 02 B4 6D 87 B4 41 67 +Test: Encrypt +# +Source: HIGHT reference implementation +Comment: HIGHT/ECB, 128-bit key +Key: 12 49 32 F6 9E 7D 49 DC AD 4F 14 F2 44 40 66 D0 +Plaintext : 6B C4 30 B7 32 3B A1 22 +Ciphertext : 20 CB CF 41 65 24 E5 A6 +Test: Encrypt +# +Source: HIGHT reference implementation +Comment: HIGHT/ECB, 128-bit key +Key: F6 22 91 9D E1 8B 1F DA B0 CA 99 02 B9 72 9D 49 +Plaintext : 2C 80 7E C5 99 D5 E9 80 +Ciphertext : F3 1C 89 E6 6C 4F 5A 6F +Test: Encrypt +# +Source: HIGHT reference implementation +Comment: HIGHT/ECB, 128-bit key +Key: B2 EA C9 CC 53 BF 67 D6 BF 14 D6 7E 2D DC 8E 66 +Plaintext : 83 EF 57 49 61 FF 69 8F +Ciphertext : 39 21 C8 3B FE 5E 59 6E +Test: Encrypt +# +Source: HIGHT reference implementation +Comment: HIGHT/ECB, 128-bit key +Key: 61 CD D1 1E 9D 9C 16 72 72 E6 1D F0 84 4F 4A 77 +Plaintext : 02 D7 E8 39 2C 53 CB C9 +Ciphertext : 98 2F D7 56 17 44 97 BF +Test: Encrypt +# +Source: HIGHT reference implementation +Comment: HIGHT/ECB, 128-bit key +Key: 12 1E 33 74 9E 0C F4 D5 D4 9F D4 A4 59 7E 35 CF +Plaintext : 32 22 F4 CC CF D3 90 2D +Ciphertext : BB 80 F5 0B 35 11 5B A8 +Test: Encrypt diff --git a/vendor/cryptopp/vendor_cryptopp/TestVectors/lea.txt b/vendor/cryptopp/vendor_cryptopp/TestVectors/lea.txt new file mode 100644 index 00000000..1ab7cd85 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestVectors/lea.txt @@ -0,0 +1,713 @@ +AlgorithmType: SymmetricCipher +Name: LEA-128/ECB +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 128-bit key +Key: 07AB6305B025D83F79ADDAA63AC8AD00 +Plaintext: F28AE3256AAD23B415E028063B610C60 +Ciphertext: 64D908FCB7EBFEF90FD670106DE7C7C5 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 128-bit key +Key: 56CEC76DBD39F3EB7F7AD2A492C991A0 +Plaintext: 2D8CCE99726D59AF50B0375DA8C3EDACAE17FBA6932FA60E61F7FA4E265610B1 +Ciphertext: 381D0BDBC808C408D1BD0C791FB08469F19F6319329F9ECD5CD6CFD0C3892BEC +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 128-bit key +Key: 54068DD268A46B55CA03FCD4F4C62B1C +Plaintext: D72E069A7A307910E5CB5C8C3D98B19B30A326BA9479E20D4A827D546991501A98BAF02FBC64F559D49E004720B7FCC6 +Ciphertext: 6C83D52A769B4146F77EFB6F64193D9AB4763140CB560574792788D8D051A6F842A3C6A731A9D88AD0AAF959F82309C3 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 128-bit key +Key: 8908A3383D1544419AD5C4C34D4DE40D +Plaintext: BB64C14FA0F2A151F51AEC6518DA799B27E00B33AC9F1C5880A3D90BE9216D5D06D382E16D02056112E52AD06B29B180D1D167952A40EFBAC594C21285367571 +Ciphertext: 1BB3EB3EEFB15CB8B846714332DEE0579AD3E047D1EFA108A996D3F2F0E6532C6E7449E1286B714356525BA48B8A061476B0517FD563499B4145FA62DEAFCDD4 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 128-bit key +Key: 42AF3BCD6CBEAAEFF1A7C26E61CD2BDE +Plaintext: 5183BE45FD2047CE315189C269B483B337A2F2FBE54C17655B09BA2944EE6F1E6DA0182B6D66ABFE8B823601DCC2208AAC52B1531FD4D42918B21CE85AB306A6EECD7E2FC43BA4B29DCFCFB92788D25E +Ciphertext: F3B6BF4AFBA7103E32B2AC2E7B46FF91E872BCBB93CF52E294ED5539871C4893D14C54088646E2FD0B7C62D583F3AF6718B0BA83C7A29E2F962DF06062121C521BB9E76D7035070719EDFB409C5B83C2 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 128-bit key +Key: 6A677FBC647F6AA5F04CF093ED4577E0 +Plaintext: 9BB4F63948C6B9502DDE5ED1932F24983A8A6521FA74603FAB7C3C1143CC4A323EFD8B3143307241045AEA3166DF9B9EE26369672ADC3E6110EC0A4CA46F08069D5042FFFBA057EDEAE97CC1E8BFC1D92A9996773CDF8D72E944612B5A5638C3 +Ciphertext: 5C1F5BE78BE59B992EBBC2C049FDEF3E46EAA59934589643468FC5B8BF96377CEC45441D00A380BB71D544D759867D7906EAC58B455292D33590D915F8722253AA2AA3D1CD26D6E5DFC4D2BFC4297BB2E74EF0592886162A17C6BC409999FE85 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 128-bit key +Key: 8253258BB93FF1BCA6331B6963F81DB1 +Plaintext: DCD5F13978A4D4DAFC2B4A96ACAA62D1B3B13BBDC434C71702E1CF111DB1378FBEBE849526549B00124ACB75E1930E98F8108C7E66A86164C49BA0A15F1398D99AFD56748D166B4EF249EFB04238C5801B1921B4E5C3480CB50897017146C7F936396FBCF613CA2B66CFBB3017C20EF1 +Ciphertext: C59436538731DFF170276D0C2B4CB36820D738B8560AAC289DBB3FA55309DAB2783A51395F1CCCB7BDA561DEE95A0389B0FE78FAA1D4202B193F3773816EF020C0011163563ECBE2A8B020BA4603DD60A6C43C5A9EAB7A540AD1DAC2C1C3646C899936D33984E7A8E8C979ED67C6FE47 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 128-bit key +Key: E27301498AAC03789DD1BB199B714C55 +Plaintext: 5A1BD857A97343FF348439DBA858725317C634239D8C1A0F449E15D125BDB057D04A982BEE5D5B332512709A3C23780E80BCC32C668A16387116AB1256517A655F6FB7220DF99C2D011E68561C4BA88AE6FBB54A2CCF7E5DEEE187C2785632E9CE323E234D708D5690532AF591F78A2F102B12673983DAE581A8B1CBD1F3614A +Ciphertext: 131F71B1FF2593741530236C37ECC1771C9F5B51DC1F975105C9EB9D50349EBA432DEB097D5E6239423F774CC62FCFFA364D7F82037BB0B5EB3E985705482B89948C1C1EBFC7634B80EEBA8BDE49C33931CCBEF5BD64AB808C0579D66620771A72971820D52862CEC61C2A05493EA89B8A0A3429041DCE4583E78CCD14AEEA5A +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 128-bit key +Key: E63A3415F8EAB6169956BD61E14FA766 +Plaintext: C8F5E36AD3CCB338F3132F13AA518EF06F30A1E2548EA0D6E6D22980547C8695D4012F3B43D58FBE0BC90B844A97414331BB8D71AA85D2FC3D6D773C34A6AF26FDF6FEC2D1C4F9DF93734D05FBEE02ABF38401AA41F7D4F267CFAE7BC7F4AB7F0B7C58E7C4C2760351B8FB7D037E5A907F330475630B2F1E2CA1D627578F010AC63D469266F690920F411FD6AB6ED05A +Ciphertext: F4E15BCF683501B1D3432CD57D246D89CCFCE6714295A16170067981F4BBEBDA8C6B144FA12E3A58FF7113B8C9453379F104F394DBC416BB35ACB036479A260958B20A97A17BC353CFC92E62139114DCE81DD50FB89A178C2F020D3A6AFDC2037AEA91CE323802E1A1EC5C70EF177EB6AB5921EE94151F37A48976992E09B9FD7544F34642B05B7E580F1A9AC6A3D9C1 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 128-bit key +Key: 9B6F9FBA56E96AEA538BF8272A9F392D +Plaintext: F6DECFABFD89CEF493B5C0F73BE7ED7110E0D96163BA0DBDA6341A63884BDC52620AFC1AD2A2B891A5BDE7C8FB10373DA52FBA52D2A6A1FEEB4547C3BBBB71E0D367D4C72D6AD7D10F019B313212382724044A76EBD4AD17EB65842F0A18803F119D5F9A5509B21D9828E41A2A147895530692B3F66DB96F6E3DDB8FBC8A91D6E455A57C94A6D2DB07DBCA6B293F7EF0FCDE99F23A984D6E3C7553CB1A382D0F +Ciphertext: 98D85D7D0D136A80CE74864469D77A03EF56EC9B24A7119DE09508A04D6F437E670B54B36E2CBDE51CDBD01E2CEA53332C2A14879FF77E02000A00F159FB1865E7DBED543357917D783F18B06FD8EFA6686D2E362BCEDE94BB7687ECFD7501B79F912740840683722466440D240EF0355604BFCFBC30F16F03D00543582A52718526079355164E6B8CEC36E346B9092D9706C48946C497629C9C9055D9D89777 +Test: Encrypt +# +# +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 192-bit key +Key: 1437AF533069BD7525C1560C78BAD2A1E534671C007EF27C +Plaintext: 1CB4F4CB6C4BDB5168EA8409727BFD51 +Ciphertext: 69725C6DF912F8B70EB511E6663C5870 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 192-bit key +Key: BA838FE55FAEFC0ED7AF051790462F01D7A2C778FAEA2405 +Plaintext: A9172C84A2041AD98EC87EDF254384A199F77ACD32198D6535E8D3B80B3E8F91 +Ciphertext: C6C5F98E4C633E7463518815BF9087C0289DEB0A1B16A9AF31FEE64455A1D025 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 192-bit key +Key: 9F65B0AE082B9A73683929E014A0F3C1F5B5CE242E1F9310 +Plaintext: FE2E2174E86FA45E127D176DEC190789117D9AD172EED1D5B1910A06CB7FC96BFA1BB795DAA4EBD4CA0669AB95F6E882 +Ciphertext: B465597F4DD76E342F8FCA5D0D095CA9479F6AB6EC86AC51F9F372448AB3CAB73F051704FBD350B2D2EB2B270B416A4D +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 192-bit key +Key: 523DD99B8854A4479632355A5262B7DCF1589F012705ED5B +Plaintext: 8EA9AE4F4CE9C6C6F121EC249EFBF67E6C4157080BEFE6CCAA8DE1A217BB315C280EEF41591A28BDB6D0DD56FC0B4EE2FB6579F73E4FDDA4EE61835EF4EE3F3D +Ciphertext: 104D15C2618A9DA9AF8C563A4CB1E14ED869C864CC1EB190731042183F46C9A4FB09472B8485345F94AF5A55257DC1D7A4FA3A8CD46161C74387360061770C5E +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 192-bit key +Key: 5EDC346904B296CF6BF3B418E9AB35DB0A47A11133A924CA +Plaintext: 857C8F1F04C5A068F9BB83AF95D99864D6317751AF0332D1638EDA3D322644A837870CCC9169DB43C155E6FB53B6B7E4C13330EB943CCD2CCCE3296382EEC4A4CC2A034DE10278387D4F643587727AB7 +Ciphertext: 72223A93942F7359FE5E516A05C8E841C59BB74714809B13A9757B8293F9B0B420D1C5A4F440F365D08F9425E347B5DD23A9ED05F2CE1618CCB09E712C59B97B7674517FC875AE9F6F188BFA5A42BAC9 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 192-bit key +Key: F2A1E6CDE17E8E540EEE986C6C282C280B0C7B8A3CB700AE +Plaintext: F754054579346A453122A2DFDDF0FEB2F1562E3E38FD059BBDD67C6AECB0FA0DF50AD21371250DF6485E6B09D2BBA4AC3CC4F3C22E94D565AA2F0FD83816EEBC4019D287B76DEE33FDFE4933060608ABB9DFF0E0951627EE9AC03AB967116425 +Ciphertext: 3ED82167994A687B8B4F5FF8DBCB0F15CD3FFB743C126522577491B04FD9308EDC92ED3CD4F103A3ECC8503DD2128DCE772AEB821A518A023EAA9853D01E473EE45F979048ACFD7F832DD3A69A7B77996BB16B1D1CEBDB33AD4EBE4D24489D02 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 192-bit key +Key: A02A0E8A923392621AAA4445C2FAB3182E502C81B7AA809D +Plaintext: 553107F6C2C8E5AFDCE58C024C9F83ED650965274EBF2C5964BEAF8BDA796ADCA2297E779164F8C2BEF156D92BDB483AA7C4B3C2F27CFBD823D282E847AA6C134B50A6241C0C26C60CF774F5780C69B3A78236FCF65AA9FB3234AC7E46660FA8164F87E5AAE9F6238F9EEC407A5D6EBE +Ciphertext: 5277CF7E992F5BDC4EAEBA7DC00BFE36DB3292A73DA86B230ADC91E94C021679A68C6B65FCDC370C0CF443EE945F4748FCEFB8DD1241EF6A2D2036967E9EBCAAFE636DFEBF0BB23792A0F22C9873B54726C7157666B4A331C79C709D29B2D598B86D1CED7725175E882F92AF04DDBCC8 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 192-bit key +Key: 2FECF7BEA180BD2C5B8B35371ED5D904CCCE29A38423F042 +Plaintext: 0F8FC8A07BF4E0C505AAFDF13D16BFD2647F26F9191E548F35749544F3E19C89547110FFC1F9472FF263517B1046385416BA86AE7D6A08B118EAD2B23D4B836125EDCA4495952964BEBFF9466336AF1C39E15D3D93E07CD33ED8E8D3AA8A2C334BAB00573FEF10CC3168FF387D0EAC91959FB48EA3A9385B70E4E09184C61F65 +Ciphertext: 1EAB3C4E6B81F928D93389D808EAAB91A8B90862E63E2018E9CB50082DD172A094B6ABE3031D6DD282AD79B1AC45A9C7B9368C719EB75665D53342737C924221DB2C709723BFA91CF2070A3FE2A19262608937A23D84EF2E8089C6BD8254BF71C9263E8221609EDE733E33857C37E6A79079654715340D48FF335C133FFB03EA +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 192-bit key +Key: 8F52B920073183CF13036A3BA8F7B71BF1999289F5ECC4B3 +Plaintext: 74B9C1D31126E561B78AFE8635800BD52B3B43362A195922177AFF16D0D2A94112FD93809BD3058D8BFDD67410072F4642B591104C9B190ECDE8031D7E836E6F14595E8268F50753D55149CFE1EB778A201C5CB356A58048DC8BA78645269BA440742BC0C0B3741A5B2E5F80F0576B098D16AD06906115360C0DF2396EE3B84760F70122ED35D349E63D216F8571942B +Ciphertext: A466C6A0E7D3E3A3756B591C8F5302E235B0EE64F5188B4DCB51A9204B54094D4A1CC3FC34E22401C618AB8ADB28D41531762A576EBCADC956BF19E5B29701B2A77030EE100B65BCF8397853EB2074402089FF697046D538C560D10172EA8DE81299011E3FF0A0FBD87499FF50A0B3E7E59FA06753FC1BC4171046380323875C24350A9E98DDF69F6D7E37E363DDE1BA +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 192-bit key +Key: 514B8BF141F560412413ED1E40E34EC23A89E99036A4AC4A +Plaintext: 3E259684E86179593365FE5CB389E9D1EE489E1E054EE47C97D3EAF2E22888842B8FC6A86050A2F9FD090E2F2C46394F30510F1F034C03DD3E7C0C303AE8ED5F7523BAC13766987575E1C452F553D721B3D9480A8403324DF92D5733860D6643E38879B8B3CAE233649527AE56D94BB13F864FC8CE9EF9348E8ED4E10EBE78983F670B761DA5089D91CD3F2996001E669C002E402943E0FAC6468A231924ADC6 +Ciphertext: 6239867F34D57B91729410F93797C69E45526F13405EC222EDFAE682B6C2D75B332430D30BC2479735ECCD3BD985657EC965EB93394BD88CDCE7A76BE81255AB3418D57082770129C3482A2B1E51F14E2C69A24E6405944487B08554D75A35043D713BAD5643F6C4FC1C5CF22B3C72479DD060AB92B4DA51B76DCA855769143608A92AE8DED684A8A6D093765F4149CF1A3753B849368E99D066D2F711C27F75 +Test: Encrypt +# +# +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 256-bit key +Key: 4F6779E2BD1E9319C63015ACFFEFD7A791F0ED59DF1B700769FE82E2F0668C35 +Plaintext: DC31CAE3DA5E0A11C966B020D7CFFEDE +Ciphertext: EDA2042098F667E857A02DB8CAA7DFF2 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 256-bit key +Key: E7FE92FD374D30C43F5DC204DCAE9D4EAD6C0663BD8CF5EC6318196B67C71B72 +Plaintext: 66D127137801A9970F0C5472232169778CC13649AFD1DD125CEE5677F700B7CB +Ciphertext: 16BFF149DFA234BF7FBE2C59AE88A1E99A1BF8D91910A7F67D088432E1C6D790 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 256-bit key +Key: D612B382EB6161E9A3B23F150DE977193FD8617DF65548EB7C8F712ACFA25951 +Plaintext: FF683F34D892E223C1F88CD4E42E4F9D8F588FE6DA3FC1DF8BA4716E36D48A6CA97CD21087BFB4AB32864296EE177A69 +Ciphertext: 7BC5E4E4D9C4B5C4694F5580896671B5F58324B62005C8F8A52A65AA8E1A9B01DC90BAC0817013AD6C9DD0F216403D6B +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 256-bit key +Key: 44EAC86EA5B7CD5650D45F2A76BED1849BF674FE3F0E5DEBBE03694575CD7FE7 +Plaintext: 263515FC9DE7F6B894C84246D589B6019E7D2DE649A767492C180AC8BF78E67EFCE27D790CF5C36D1F2722A99C5DC14B7AB906B0EDB35A2F466C2C07143E3895 +Ciphertext: AB395086E9238A16012DB04844028340C21C557AAD92C0ACA2D261EF3A0F89F9F060462F79879B10C6A9A1C168DCBFE8731E5176604EEB14CA1442D15173C5CF +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 256-bit key +Key: 909809CB3809BCDDB99A083D12617BCAF7530645735ABC04D2A8D7EABE4AFC96 +Plaintext: A800C0DB6A4C6A702AC9FAE981BE6BE6DCF3368B23C317309973135904C2BAE80DC1AA91E9E5548F395B03952F9B1A08F3409C6B4517F21B6376E93C2DCFFBF38784CFD5FFFD03A0B0F9282965210E96 +Ciphertext: 2A50FA90ED00EBFA1188CC9113DD4337B380D5F8C1582C8077EC6728EC318AB45DE5EFD1D0A62E4E870352832BEC223D8D5DCD397209C824E4A957F65D785BA5D7F9A4CC5D0B353528DBCCA63548668A +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 256-bit key +Key: 02E342CD207DD62DF858607B8298451FDEF13890F2BCFD0D554A738E6B78D1FA +Plaintext: D283309AFD1E4ACE1FC281FE4B4623D4D9AFECA80B49CC3CF1F7EBAA89C7EB9A2BC96DB82422D666A25C53ADD0001A7A4167F30792CDF7974BA798660736E2E0D55D0111DDB0025D47CDDE7158EFB479DEC05693CF6F07842D0383AB2CEF4033 +Ciphertext: 247F64E04D91ECA484BE9D60F678EFE6975CAE82D72EAD270F6DD2EA6D63361EB88F6FA6F58FAEBC1A16ABE6E5D92939B669E0C55EB667E9AE0052D747C0B1D5A5F71AD659C297B0D0A45EA2A5088852198FC88DBBAB1A9AB83C67F737769B60 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 256-bit key +Key: 97E6F48C70F0571BD7BE2A302C3A783978631C360958836D5DB2B35F42178CFA +Plaintext: 3A0D4E10240B5C0819D640D4950BEE23D7F74DD78AAFF3B9A45D306B8FD94F9F8779188743299A8CD7BE2743D9879F9DC225F25E989DE0D0CAAC03B85C5B108943D25AD813719710D71DE76740D81210039511B27C4AD11A9746332DF0C5572039C21AEBDD0CDDFAE29C89261426CFE5 +Ciphertext: BEABF62347C9DDC68D33015757F5309CC11E9CADBAE3E0BCCD25CF01FC31F68987C5055A41347C4E0D054603D3FF329CC9065923D01A11E7D95DFD5208FEF65122102F9D50B4459839F3720CE24310FDB2124C4E7CEB6D7548C6841852B7A64019D2CAC995F6B84A00BED386FCDCD96A +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 256-bit key +Key: 60EEB5BD7EDD4EFFD3D4C8B19540ADCC30EF62A8E822F4B4C0E3136A9B985F82 +Plaintext: A2D9E366E57FDFE745FDCB2E91F498F5EF0139F77EDA62A43999901A1F57495191FDA595FB570D3AB66A438B2D08A2033FA1A8C0E55CB1341566051EE68A15B8F4030232068E5F60EEC338B0B1A4535EE877B5EB66D168CB1BF47C5E385A4C21949203264F4B5EC1B5AFB38565F2326EB22A6B60496110D014E8FCC15FEF75F3 +Ciphertext: B97E56C7BED6B27CAD1F79EEFB1B4C04559B8632BC5767734E66C402B406B6682C4DC198F0D640982789B87DBC6EDA1914A9E21AAFFDFC360CA77EA34CE73DCB1E42A61E5A3D01A9D5CB1A8D8CAEC8ADAA2317287E48F450C933EF3BF938A060929307E082D06E6061D3EEFEBBA69FCC43FEC4BA75E77F1F6331B993BB5E58D6 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 256-bit key +Key: 3A53AE571EB790C5D3D6BAF19017C79C6563CF07D63330ADC9ED8E31A2701896 +Plaintext: ACED0DAEBBFA7FD50FE158DF7C3E9A4EC8C9EBC8557050C9FFA939964806BE72B30928136D3BB357327892346F8D34EDA405C68C0D3FF98C81C405D69AD8EEEF164F056F7DA2B3B5044272D9B22C1CE2C1BE683947C9B15E16E7FADAE00F30759F66AEA8335807554DE8FFB68D44DA94E79DDAB94B3503A785BA218A62D20C6C14F72BA8D78537A1D51141B347FDF76A +Ciphertext: D0F21340B914957E0E5C180376F4A2B3EB50EA171514246209FF259A32EDDF71EF819AEEED2936B1E8FB5B90FB399468A498B501DEDA9280770D903CD81898ECFFD15C3F27AC0FC2C8586B7E0059E5E4FAFF0E2FEE1DA1CCB145CDFDF3CA9E12BFC5F642DFCF73F0D7146969F8C4E050F83C9FBD71CDD39EF74540BBE9FDF94EB2BA543E556202EDE13C7108A9FD50B1 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/ECB, 256-bit key +Key: DE4923F261AC74CF97E481CE674A0B3C3EA98255B150CBFF646641B92A7EFACE +Plaintext: 6D6B4BCED1568E3E140E228F399EB44DE525BD9909E24CD9C18F06AE7CF06B275EAB5B34E25AD85DC4DF0DB31EF78F07D113E45B26634296B533987C867AD3DC77B05A0BDDE1DA926E0049245F7D25D3C919FD8351FA339E08FA00099045B8578123503D0A121D46DC18DEC84357FD1796E212F8D2CFA959828E453FE279A5FF43AB45B1B11628E2D4D0D58914AEA03C00142AA4F10B2B2FEA946F04C33D1F3C +Ciphertext: B73A0064A429EBE6A7CF35D7ADB94F24A2A0FF7A1D835522453A67EB8FB4FED63DA51D9634FF4C70A764DF3F6F3763E0D3845630774219A819C26EADFD3B93199935A95BD4A951D4467723E12FBA1CA4E8B135FA1FB9ED9FAA7FDC79D2857F78AC8D8C39C11D33D0AE58B6E5E0EF78195C0C8214AB7D3A82B91F9A7BBE89D6A0796E9DEBC69AEE8811011B9D48EECD8DB7BF71566EA6D8A0858E596432E1803D +Test: Encrypt + + +AlgorithmType: SymmetricCipher +Name: LEA-128/CTR +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 128-bit key +Key: 0x7A, 0xD3, 0x6A, 0x75, 0xD5, 0x5F, 0x30, 0x22, 0x09, 0x4E, 0x06, 0xF7, 0xC8, 0x97, 0xD8, 0xBB +IV: 0x0C, 0x5F, 0x04, 0xE8, 0xB5, 0x12, 0x19, 0x5E, 0x74, 0xB3, 0xDE, 0x57, 0xE9, 0x70, 0x97, 0x9E +Plaintext: 0x08, 0x7A, 0x83, 0xFC, 0xC1, 0x13, 0xA9, 0xF3, 0xE0, 0xE9, 0xD5, 0xAF, 0x32, 0xA2, 0xDD, 0x3A +Ciphertext: 0x2B, 0x73, 0x49, 0x7C, 0x4F, 0xC9, 0xEF, 0x38, 0xBE, 0x7A, 0x0B, 0xCB, 0x1A, 0xAB, 0x87, 0xA4 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 128-bit key +Key: 0xE9, 0xB8, 0x28, 0xEF, 0x41, 0x87, 0x71, 0x31, 0x64, 0xA4, 0xC9, 0x5D, 0x8B, 0x71, 0xDB, 0xFC +IV: 0x67, 0xEE, 0x74, 0x3E, 0xBF, 0xD2, 0x43, 0xA4, 0x5A, 0xDB, 0xDD, 0xFC, 0x1F, 0x62, 0x03, 0x92 +Plaintext: 0x7B, 0x32, 0x28, 0xA5, 0x03, 0x9A, 0x2E, 0x18, 0x5B, 0xC1, 0x71, 0x6A, 0x56, 0x3A, 0x06, 0xE8, 0x5E, 0xD8, 0x45, 0x21, 0x17, 0xC4, 0x84, 0x9B, 0x3F, 0xCC, 0x26, 0xC4, 0xD9, 0xFE, 0xD5, 0x2B +Ciphertext: 0xFF, 0x94, 0xA7, 0x09, 0xF1, 0xD6, 0xC6, 0x83, 0x32, 0xC6, 0x61, 0xCC, 0x8B, 0x6E, 0xE7, 0x5A, 0xF1, 0x8F, 0x0F, 0x87, 0x88, 0x90, 0xD1, 0xBE, 0x5E, 0xD7, 0x93, 0xCC, 0xE5, 0x07, 0x1E, 0xCC +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 128-bit key +Key: 0x8A, 0x76, 0x0B, 0xF0, 0x43, 0x74, 0xD7, 0x7A, 0x20, 0xB2, 0xDE, 0x67, 0x90, 0xF4, 0xA0, 0xC9 +IV: 0xB7, 0xE0, 0xFC, 0x8F, 0x10, 0x10, 0xF6, 0x41, 0x57, 0x66, 0xB9, 0xF1, 0xA6, 0x9F, 0xD8, 0x6E +Plaintext: 0xDE, 0x2B, 0xD9, 0xBA, 0x48, 0x3C, 0xF4, 0xBE, 0x7C, 0x1E, 0x18, 0x3D, 0x82, 0xC6, 0x2F, 0x07, 0x38, 0xAD, 0xA3, 0x6F, 0xF3, 0xDF, 0x21, 0xFE, 0x69, 0x4E, 0x9D, 0x69, 0xCF, 0x6D, 0x96, 0xC1, 0x3E, 0xFA, 0x9B, 0xEA, 0x5B, 0x1B, 0x0E, 0x4E, 0x37, 0xAD, 0x28, 0xD2, 0x74, 0xD9, 0x3D, 0x0A +Ciphertext: 0xFD, 0x38, 0xDB, 0xF9, 0x13, 0xFD, 0x39, 0xD2, 0x6E, 0x13, 0x87, 0x01, 0x89, 0x35, 0x4A, 0x6D, 0xDC, 0x90, 0xFA, 0x49, 0x44, 0xBD, 0x20, 0x40, 0xC2, 0x24, 0xEF, 0x2D, 0x4F, 0x52, 0x65, 0xB9, 0xD7, 0xEA, 0x18, 0x8A, 0x08, 0xAA, 0x90, 0xC8, 0x36, 0xCD, 0x21, 0x77, 0xB5, 0x69, 0x04, 0x7B +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 128-bit key +Key: 0xAA, 0xE8, 0x41, 0xA8, 0x08, 0x58, 0x8C, 0x3B, 0x3F, 0x2F, 0xDA, 0x16, 0x9B, 0x8F, 0x96, 0x8D +IV: 0x73, 0x8B, 0x58, 0x68, 0xC4, 0x39, 0xAC, 0x91, 0x19, 0x08, 0x15, 0x10, 0xAE, 0x54, 0x51, 0x39 +Plaintext: 0xD4, 0x38, 0xDF, 0x24, 0x97, 0xA4, 0xBF, 0x5E, 0x9F, 0xAF, 0x79, 0xDE, 0x54, 0x2E, 0x60, 0x3B, 0x46, 0x85, 0x18, 0x1C, 0xCB, 0xBD, 0x56, 0xEF, 0xEA, 0xD7, 0xE7, 0xDE, 0x77, 0x60, 0xF4, 0xFE, 0x80, 0x46, 0x84, 0xCA, 0xE8, 0xEA, 0x42, 0xD1, 0x52, 0x76, 0x81, 0xAB, 0x40, 0x71, 0x7D, 0x31, 0x7C, 0x91, 0xE3, 0xEE, 0xB8, 0xD0, 0x94, 0xD0, 0x71, 0xC1, 0xA6, 0x23, 0x19, 0x25, 0xAC, 0xC0 +Ciphertext: 0x65, 0xAC, 0x04, 0x22, 0x41, 0x45, 0xF8, 0xD5, 0x26, 0xB9, 0xAA, 0x88, 0xA7, 0xBF, 0x4A, 0xCF, 0x3B, 0x47, 0x33, 0x5B, 0x5E, 0x12, 0xCE, 0x11, 0x1F, 0x1B, 0xC1, 0xF8, 0x07, 0xF4, 0x15, 0x5A, 0x97, 0xCE, 0x73, 0xEB, 0x2F, 0x5F, 0x75, 0x10, 0x4B, 0x74, 0xC2, 0xF8, 0xDF, 0xDF, 0x9A, 0xF8, 0xD6, 0x5C, 0xAF, 0x69, 0x39, 0xD9, 0xFC, 0x75, 0x33, 0xF7, 0x0F, 0xE3, 0x6F, 0xE7, 0x44, 0x78 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 128-bit key +Key: 0x74, 0xBA, 0x38, 0x82, 0x43, 0x53, 0x9E, 0xFA, 0x20, 0x2D, 0xFA, 0x64, 0xA9, 0x81, 0x74, 0xD9 +IV: 0xE0, 0x56, 0xC2, 0xC6, 0xD2, 0x99, 0xEF, 0x9C, 0x77, 0x6F, 0x5B, 0xC9, 0xDA, 0xCA, 0x04, 0xE8 +Plaintext: 0x79, 0x3B, 0x03, 0x34, 0xEF, 0x07, 0x5A, 0x43, 0xD0, 0x7C, 0xEC, 0xF1, 0xD5, 0x85, 0xCD, 0x9A, 0x39, 0x7D, 0xBC, 0x8C, 0x62, 0x41, 0xEE, 0xBB, 0xC4, 0x89, 0x0E, 0xB7, 0x03, 0x78, 0x81, 0xDC, 0x57, 0x71, 0xEE, 0xC8, 0x35, 0x2D, 0xFE, 0x13, 0x2C, 0x0A, 0x60, 0x3A, 0x0D, 0xA6, 0x11, 0xDB, 0x4E, 0xAD, 0xDA, 0x28, 0xB0, 0xEF, 0x1A, 0x96, 0x20, 0xB6, 0xC5, 0xD5, 0xDB, 0x56, 0xAD, 0x05, 0xD6, 0x05, 0x00, 0x27, 0x5D, 0xED, 0x12, 0xD1, 0xFA, 0x80, 0x5D, 0x26, 0x98, 0x0C, 0xC7, 0x06 +Ciphertext: 0xAF, 0x18, 0x50, 0x91, 0xA0, 0xA4, 0xF1, 0xE2, 0x5B, 0xC2, 0xFC, 0xB0, 0x5C, 0xB6, 0xDD, 0x1B, 0x46, 0xCB, 0x01, 0xD5, 0x8F, 0x90, 0x55, 0xC6, 0x1B, 0x9A, 0xB5, 0x49, 0xD4, 0x6D, 0x1C, 0x55, 0x9A, 0xDC, 0x51, 0x36, 0xE0, 0x6E, 0xB6, 0xCC, 0xD9, 0xF7, 0xC8, 0x5A, 0x2D, 0x6D, 0x3B, 0x5B, 0x22, 0x18, 0x08, 0x1C, 0xFA, 0x76, 0x75, 0x98, 0x60, 0x36, 0x8B, 0x52, 0x3A, 0xD9, 0xF2, 0x26, 0xA3, 0xA7, 0x72, 0x55, 0x3B, 0x67, 0x35, 0xAC, 0xA4, 0x75, 0x6E, 0x9D, 0xA2, 0x0F, 0x91, 0xA5 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 128-bit key +Key: 0xE8, 0x8F, 0x23, 0x82, 0x04, 0xCC, 0xF9, 0x93, 0x53, 0x9E, 0x8A, 0x0B, 0xAC, 0x8D, 0x0F, 0xCB +IV: 0xBE, 0x9F, 0x42, 0x37, 0xAF, 0x70, 0x1F, 0xE7, 0x03, 0x85, 0xEC, 0x9F, 0xC0, 0xDE, 0x77, 0x82 +Plaintext: 0xCF, 0xCA, 0x9F, 0x82, 0xA6, 0x00, 0x15, 0x1B, 0x24, 0xEA, 0x64, 0x41, 0xBC, 0x44, 0x2F, 0x97, 0xD6, 0xE6, 0xBA, 0xE1, 0x72, 0xDE, 0xAD, 0xBC, 0x0F, 0xC2, 0x14, 0x8D, 0xCB, 0x45, 0xA9, 0xB7, 0xCB, 0x07, 0x56, 0x11, 0xDD, 0xB2, 0xF6, 0x97, 0x5C, 0x42, 0x5C, 0x5F, 0x55, 0xA4, 0x96, 0xCF, 0xE7, 0x83, 0x72, 0x0E, 0xF0, 0x5F, 0x42, 0xB8, 0xE6, 0xDF, 0xDD, 0xD6, 0x02, 0x68, 0xE6, 0x0D, 0xA4, 0xEE, 0x51, 0x15, 0xF3, 0x0A, 0x22, 0x6D, 0xC3, 0x4D, 0x78, 0x4D, 0xBD, 0xD5, 0xCB, 0xDD, 0xB9, 0x1D, 0x72, 0xA4, 0x6F, 0x19, 0x68, 0x43, 0x4F, 0x83, 0x4F, 0x63, 0xAD, 0x70, 0xB5, 0xEC +Ciphertext: 0xAE, 0x4E, 0xAF, 0x6D, 0x12, 0xBB, 0xE2, 0x0A, 0x5F, 0x81, 0xF1, 0x0E, 0x21, 0x28, 0xCE, 0x02, 0xAE, 0x1F, 0xC6, 0x32, 0x58, 0xD4, 0x59, 0x90, 0x64, 0xEE, 0xDD, 0x81, 0x20, 0xD5, 0x4E, 0x36, 0x1E, 0x35, 0x45, 0xC0, 0x8E, 0x76, 0xC9, 0xCD, 0xCB, 0x54, 0xE5, 0x94, 0x76, 0xB3, 0xF1, 0x7D, 0x33, 0xF1, 0xEE, 0x45, 0x1A, 0x0B, 0x0F, 0x42, 0x98, 0xE6, 0xDF, 0x14, 0xF9, 0x58, 0xCA, 0xCB, 0x13, 0x3A, 0xA6, 0x5B, 0x42, 0x81, 0xBA, 0x63, 0x0B, 0xDB, 0x29, 0x96, 0x5C, 0x0A, 0xB8, 0x36, 0x3D, 0x10, 0x8A, 0x5F, 0x4A, 0x57, 0x4E, 0xB9, 0xC7, 0xAE, 0x0D, 0x8E, 0x52, 0x39, 0x32, 0x5B +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 128-bit key +Key: 0x21, 0x26, 0x97, 0x77, 0x2E, 0x31, 0x23, 0x07, 0x21, 0xB4, 0xC2, 0xF3, 0x3C, 0xFE, 0x56, 0x27 +IV: 0x14, 0x5D, 0xC0, 0x8D, 0x38, 0x37, 0xA6, 0xC5, 0x13, 0x56, 0x73, 0x1C, 0x14, 0x84, 0x9F, 0xBC +Plaintext: 0x0C, 0x58, 0x30, 0x20, 0xD7, 0x4F, 0x81, 0xCB, 0x3E, 0x1E, 0x42, 0x3A, 0x1C, 0x47, 0xC0, 0x17, 0xC0, 0xEB, 0x66, 0xAF, 0x93, 0xDF, 0x84, 0xA6, 0xFA, 0x02, 0x50, 0xE9, 0x7E, 0xCD, 0x2B, 0xE5, 0x2B, 0x2B, 0x25, 0xF7, 0x35, 0x8B, 0xC2, 0x23, 0xE2, 0x34, 0xFF, 0x08, 0xA3, 0xD9, 0x90, 0x13, 0x84, 0x6E, 0x6C, 0xF4, 0xC7, 0x3A, 0x8B, 0x4E, 0xCC, 0x2C, 0xEE, 0xB3, 0x35, 0x72, 0xE1, 0xCF, 0x47, 0x48, 0x7D, 0xE3, 0x92, 0x0E, 0x70, 0x76, 0xD4, 0x9E, 0x01, 0x47, 0x1B, 0xDC, 0x4E, 0x85, 0x2A, 0x8F, 0xD8, 0x42, 0x1E, 0x6F, 0x42, 0x26, 0x51, 0x7E, 0x56, 0x60, 0x7F, 0x9C, 0x49, 0xE2, 0x27, 0x56, 0x40, 0xCE, 0x34, 0x00, 0x12, 0x2B, 0xDD, 0x03, 0x50, 0xDD, 0xCA, 0x77, 0x83, 0xD4 +Ciphertext: 0xC1, 0xCF, 0xF6, 0xC9, 0xF2, 0xBE, 0x60, 0x94, 0xA2, 0x62, 0x54, 0x65, 0xF8, 0x9C, 0x88, 0x92, 0x16, 0x52, 0xF3, 0x67, 0x04, 0xD1, 0x7C, 0x50, 0x11, 0x88, 0x06, 0x6F, 0x4D, 0xE1, 0x73, 0xF3, 0x37, 0x16, 0x7D, 0x6C, 0xE3, 0x0F, 0xD3, 0xF5, 0x74, 0x0B, 0x1E, 0xE7, 0x32, 0xB1, 0x07, 0xAF, 0x0C, 0xFB, 0xD5, 0xA0, 0x23, 0xFA, 0x44, 0x9F, 0x61, 0x25, 0xDB, 0xBD, 0x7E, 0xCA, 0x65, 0x1E, 0xE5, 0x11, 0x59, 0x48, 0xAE, 0x98, 0x64, 0x96, 0xFC, 0xF3, 0xF7, 0xF7, 0xBB, 0x4A, 0x61, 0xF1, 0x42, 0xEF, 0x9A, 0xFA, 0x92, 0xE0, 0xC4, 0x3A, 0x8D, 0x92, 0x07, 0xBB, 0xB3, 0xCD, 0xB7, 0xB4, 0x49, 0x10, 0xB4, 0x4A, 0x41, 0xE4, 0xDD, 0x6D, 0xF3, 0xF4, 0x6B, 0x70, 0x0E, 0x05, 0x65, 0xEB +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 128-bit key +Key: 0x78, 0xF5, 0xB4, 0x83, 0xDE, 0xA6, 0x32, 0x94, 0x51, 0xA0, 0x8F, 0xDA, 0xA5, 0x73, 0xEC, 0x87 +IV: 0x95, 0xFE, 0x76, 0x9F, 0x64, 0x88, 0x31, 0xAC, 0xC5, 0x0C, 0xF5, 0xB4, 0xF9, 0xD3, 0xB6, 0x68 +Plaintext: 0x37, 0x48, 0x08, 0x9E, 0x50, 0x09, 0xE1, 0x01, 0x93, 0x3A, 0xA1, 0x07, 0xEE, 0x1E, 0x51, 0x24, 0x57, 0xE8, 0x28, 0x3E, 0x6A, 0xCE, 0x54, 0x60, 0x54, 0x60, 0xF7, 0xB2, 0xEF, 0x18, 0x6F, 0xA9, 0x2E, 0x32, 0xDA, 0x7B, 0xBC, 0xBD, 0xD9, 0xD6, 0xE0, 0xF3, 0x95, 0xD1, 0xA4, 0xC6, 0x00, 0x23, 0x36, 0xBB, 0x5E, 0x92, 0x8E, 0xFB, 0x03, 0xAF, 0x51, 0xA8, 0x5E, 0xC1, 0xF6, 0x6D, 0x36, 0xFF, 0x27, 0x59, 0x34, 0x02, 0x6A, 0xED, 0xA2, 0x79, 0x00, 0x73, 0x72, 0x1F, 0x0D, 0x92, 0x82, 0xEA, 0xFA, 0x20, 0x1E, 0x85, 0x18, 0x37, 0xC7, 0x01, 0x86, 0x8B, 0x32, 0xC8, 0x54, 0xFA, 0x94, 0xD2, 0xE8, 0x65, 0x1D, 0x1B, 0xA1, 0xBF, 0xC2, 0x54, 0xBB, 0x63, 0x40, 0xD8, 0x73, 0xAB, 0x5E, 0xE3, 0x6B, 0xBE, 0x72, 0xFE, 0x4F, 0xA9, 0x26, 0xBE, 0xB9, 0xB2, 0x7C, 0xAE, 0x52, 0xE8, 0x10, 0x8A +Ciphertext: 0xBB, 0x74, 0x55, 0x66, 0xA7, 0xA2, 0xBB, 0x23, 0x59, 0xE5, 0xEC, 0x70, 0xD8, 0x0C, 0xD5, 0xFD, 0x79, 0xCF, 0xC8, 0xDA, 0x27, 0x98, 0xF3, 0x8B, 0x02, 0x88, 0xB2, 0x86, 0x32, 0xCE, 0x9F, 0x72, 0xC6, 0x18, 0x30, 0xDE, 0x6B, 0x31, 0xB7, 0xEE, 0xF0, 0x07, 0x77, 0x78, 0x4D, 0x5E, 0xF7, 0xD5, 0x79, 0x71, 0x19, 0xBD, 0x28, 0x1D, 0xFA, 0x61, 0x3A, 0x36, 0xA8, 0x8D, 0x5D, 0xCD, 0x17, 0x1B, 0xCB, 0x9F, 0xBF, 0xBE, 0x67, 0x10, 0x06, 0xD8, 0x84, 0xB2, 0xD3, 0x30, 0x50, 0x44, 0x4B, 0xAF, 0x34, 0xD4, 0x0D, 0x06, 0xB2, 0x90, 0xC6, 0x6D, 0xB0, 0x90, 0x25, 0x9E, 0x02, 0x45, 0x7B, 0xF3, 0xCE, 0x94, 0x32, 0xC8, 0x53, 0xBD, 0x16, 0xD5, 0x63, 0xA3, 0xA7, 0xFC, 0x7F, 0x07, 0xD9, 0x1A, 0x30, 0xE4, 0xD5, 0x92, 0x78, 0x11, 0x70, 0x4B, 0x21, 0xDF, 0x16, 0x79, 0x42, 0x13, 0xBC, 0x9C +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 128-bit key +Key: 0x3B, 0xFF, 0x9E, 0xAE, 0xAB, 0x5B, 0xC3, 0xCD, 0xD9, 0x6B, 0x08, 0xE6, 0x1C, 0x38, 0x1C, 0x74 +IV: 0x50, 0x3E, 0x61, 0xE6, 0x7D, 0x7A, 0xAA, 0x4E, 0xB3, 0xC4, 0x44, 0x5D, 0x38, 0x5F, 0x33, 0x8F +Plaintext: 0xE6, 0xCF, 0xBD, 0xA3, 0xCE, 0xEA, 0x2D, 0x4E, 0x21, 0x32, 0xD1, 0x30, 0x51, 0x62, 0x45, 0x07, 0x73, 0x47, 0xF3, 0x23, 0xE8, 0xD1, 0xDB, 0x1A, 0x3C, 0x6A, 0x90, 0xBC, 0x4E, 0x86, 0x83, 0x49, 0xB1, 0x7C, 0x84, 0xE2, 0x53, 0x94, 0x86, 0x3E, 0x5C, 0x61, 0xA3, 0x9E, 0x59, 0x51, 0x60, 0x03, 0x9A, 0x82, 0x31, 0x9E, 0xD8, 0xD7, 0x40, 0x88, 0x1C, 0x4C, 0x6A, 0xB3, 0xDB, 0x86, 0x8A, 0x21, 0x66, 0xAF, 0xFB, 0x53, 0x82, 0x80, 0x58, 0x05, 0x52, 0x9F, 0x86, 0x18, 0x7E, 0x2C, 0xF5, 0xD0, 0x8E, 0x96, 0x22, 0x3F, 0x97, 0xB4, 0x61, 0x01, 0x1A, 0x11, 0xD9, 0x2A, 0x29, 0x87, 0xD0, 0x7D, 0xCB, 0x0F, 0x29, 0xDF, 0xA2, 0xD7, 0x2A, 0x0B, 0xCB, 0x95, 0x83, 0x86, 0x06, 0x1C, 0x8C, 0xD6, 0x17, 0x2C, 0xCF, 0xEF, 0x6C, 0x8F, 0xC6, 0xEE, 0xFF, 0x61, 0xE6, 0x09, 0x7E, 0xB0, 0xDC, 0xC6, 0xAA, 0x45, 0x16, 0x6C, 0xFD, 0xC0, 0x85, 0xB7, 0x8F, 0xEB, 0xA1, 0xD0, 0x3A, 0x48, 0xAE, 0x7C +Ciphertext: 0xA4, 0xA9, 0x76, 0xF9, 0xB9, 0xAA, 0x1D, 0x1F, 0x16, 0x23, 0xDF, 0xFF, 0xFC, 0xD1, 0xAA, 0xD9, 0x8F, 0x5E, 0xEE, 0xA0, 0x1E, 0xFB, 0xDE, 0x91, 0xAD, 0x62, 0xD2, 0x2A, 0x8F, 0x99, 0x40, 0xE5, 0xD4, 0x9F, 0xD3, 0x18, 0x41, 0x1D, 0x0F, 0xB5, 0x05, 0xC7, 0xF8, 0x83, 0xE2, 0x5E, 0x2C, 0xB8, 0x06, 0x3D, 0xDA, 0xAB, 0x8D, 0x86, 0x46, 0x0D, 0x3E, 0x9F, 0xFB, 0x86, 0x23, 0x69, 0xBE, 0xAD, 0xBE, 0xB6, 0x2B, 0x3A, 0xD3, 0x9C, 0x72, 0x81, 0xD1, 0xD2, 0x59, 0x46, 0xA0, 0x5F, 0x2B, 0xA4, 0xDD, 0xB8, 0x71, 0xDB, 0xB4, 0xAB, 0x7F, 0x3F, 0xD2, 0xEC, 0x87, 0x0B, 0x7D, 0x43, 0xDA, 0x39, 0x57, 0x70, 0x74, 0xCE, 0xCF, 0x19, 0x2B, 0x3F, 0x78, 0x5A, 0xBA, 0xD5, 0x1B, 0xA1, 0x43, 0xF9, 0xB6, 0x65, 0x09, 0x4E, 0x02, 0xB1, 0xEF, 0x41, 0x86, 0xAA, 0x16, 0xD3, 0xB1, 0x8D, 0xFC, 0xDC, 0x37, 0x5B, 0xC0, 0xC4, 0x28, 0x05, 0xB6, 0x57, 0x43, 0x02, 0xE4, 0x14, 0x5B, 0x24, 0xCE, 0xEB +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 128-bit key +Key: 0xFC, 0xEC, 0x3E, 0x94, 0x9E, 0x90, 0xF8, 0xB5, 0x93, 0xE6, 0x97, 0x38, 0x23, 0x29, 0x36, 0x65 +IV: 0xC9, 0xF8, 0xCA, 0xE3, 0xD9, 0x64, 0xF0, 0x73, 0x65, 0x48, 0xE9, 0xDF, 0x62, 0xD9, 0xE2, 0x2C +Plaintext: 0x07, 0x7D, 0x79, 0x17, 0x76, 0xE1, 0x7E, 0xC0, 0x9E, 0x45, 0xF6, 0xA0, 0x60, 0x1B, 0x66, 0xC0, 0xF0, 0xD1, 0x4E, 0x2D, 0x7F, 0xEB, 0xF3, 0xA7, 0x17, 0x54, 0x61, 0x99, 0xC6, 0xF6, 0xB1, 0x4E, 0xFE, 0x88, 0x88, 0x61, 0x3C, 0xA7, 0xE0, 0x75, 0xE8, 0x29, 0x0B, 0x27, 0x7C, 0xAE, 0xF4, 0x41, 0xE9, 0x77, 0xA9, 0x30, 0x37, 0x7C, 0x16, 0xB9, 0x6B, 0xB8, 0x13, 0xE7, 0xAD, 0xC8, 0xA2, 0x48, 0xAA, 0xB4, 0x71, 0x59, 0x38, 0x0D, 0xA7, 0x3E, 0x38, 0x38, 0xDD, 0xB6, 0xC1, 0x09, 0x69, 0x4F, 0x7B, 0x94, 0xE3, 0xD6, 0x48, 0x3F, 0xE2, 0x12, 0x2A, 0x1C, 0x07, 0xB2, 0x61, 0x76, 0x3D, 0x83, 0xD3, 0xAA, 0x3E, 0xE6, 0xB1, 0x38, 0x5A, 0x82, 0x58, 0x1A, 0x74, 0x36, 0x75, 0x55, 0x4D, 0x51, 0x6D, 0xCD, 0x05, 0x06, 0xFC, 0x5D, 0xDE, 0x1A, 0x1C, 0x27, 0x44, 0xE0, 0x28, 0x29, 0x0A, 0x67, 0x41, 0x12, 0xF7, 0xF2, 0xF1, 0x53, 0x81, 0xA8, 0x0E, 0x78, 0xD8, 0x8D, 0xE1, 0xB9, 0x26, 0xB1, 0x88, 0xCC, 0x15, 0xA8, 0x99, 0xFE, 0x93, 0x39, 0x08, 0x82, 0xD2, 0x5A, 0x4B, 0x09, 0x92, 0x5D +Ciphertext: 0xF8, 0x67, 0x10, 0x0F, 0x73, 0x13, 0x15, 0x94, 0xF5, 0x7F, 0x40, 0x3F, 0x5D, 0x60, 0x1A, 0x2F, 0x79, 0xCE, 0xC0, 0x86, 0x27, 0x96, 0x0D, 0xFD, 0x83, 0x01, 0x05, 0xF8, 0x13, 0x47, 0xE9, 0x9E, 0x9D, 0xE2, 0x14, 0x90, 0x75, 0xED, 0xD0, 0x92, 0x6C, 0xC8, 0x74, 0x6E, 0x2B, 0xBD, 0xAF, 0xB8, 0x7F, 0x60, 0x52, 0x75, 0x39, 0xCC, 0x24, 0xA7, 0x15, 0xEC, 0x79, 0x2F, 0x67, 0x5A, 0xCE, 0xC4, 0x13, 0x0A, 0x3F, 0x38, 0x4A, 0xE3, 0x99, 0x14, 0xC8, 0x4E, 0x14, 0xBE, 0xD7, 0x16, 0x17, 0xC1, 0xC9, 0xF4, 0xA8, 0x4A, 0x19, 0x04, 0x90, 0x48, 0x81, 0x6D, 0x3C, 0x84, 0xCE, 0x17, 0xDD, 0x27, 0xE5, 0x1C, 0x0E, 0xD0, 0x51, 0x95, 0xEA, 0x6F, 0xB5, 0xC6, 0x28, 0x18, 0x0B, 0xE9, 0xE2, 0x5D, 0xA8, 0x35, 0xDE, 0x16, 0x7A, 0x4B, 0x26, 0x59, 0x57, 0x38, 0xC8, 0xDE, 0xA6, 0x9A, 0x0A, 0x63, 0xCF, 0x92, 0x2F, 0x49, 0xB3, 0x68, 0xB3, 0x25, 0xA4, 0x16, 0x61, 0xAF, 0xB4, 0xFD, 0x9E, 0xB3, 0xF0, 0xB6, 0x7B, 0x53, 0xD1, 0x86, 0xCA, 0x6A, 0x1E, 0xF5, 0x92, 0x5D, 0x22, 0x0D, 0x0F, 0x70 +Test: Encrypt +# +# +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 192-bit key +Key: 0xBB, 0x93, 0xA2, 0x64, 0x3E, 0x84, 0xA4, 0x1A, 0x23, 0xFA, 0x12, 0xA5, 0x4D, 0x5E, 0x7E, 0xD6, 0x94, 0x39, 0x1E, 0xA3, 0x68, 0x49, 0x87, 0xD8 +IV: 0xB7, 0xD5, 0xB9, 0x09, 0x11, 0x3D, 0x5C, 0xCB, 0x0B, 0xD5, 0x49, 0x24, 0xE1, 0xF3, 0x4C, 0x3F +Plaintext: 0x5F, 0x47, 0x28, 0x64, 0x01, 0x6B, 0xDC, 0x28, 0x59, 0xBB, 0x25, 0xE1, 0xB1, 0x67, 0x44, 0x5D +Ciphertext: 0xC6, 0x35, 0x7A, 0xBD, 0x1D, 0x38, 0x24, 0xF2, 0xC7, 0x2E, 0xD6, 0xEF, 0x4B, 0x76, 0xD8, 0x97 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 192-bit key +Key: 0xF2, 0xC7, 0x01, 0xD4, 0xC4, 0xEE, 0xF0, 0x1A, 0xF7, 0x81, 0xF3, 0x19, 0x22, 0xCA, 0x00, 0x7F, 0x89, 0x08, 0x25, 0xB4, 0x44, 0x09, 0xC9, 0x0F +IV: 0x9E, 0xFB, 0x34, 0x49, 0xBC, 0x80, 0x52, 0x32, 0x7F, 0x00, 0xB3, 0xA2, 0xAA, 0x43, 0xD7, 0xB3 +Plaintext: 0x48, 0x3F, 0xA9, 0x2D, 0x48, 0x2E, 0x49, 0x42, 0x6B, 0xE4, 0x0E, 0x7C, 0x60, 0x60, 0xCC, 0xF3, 0x2D, 0xA1, 0x52, 0xC3, 0xD0, 0xBB, 0x37, 0xBD, 0x26, 0x29, 0xD7, 0x5D, 0x0D, 0x65, 0x98, 0xFC +Ciphertext: 0xE7, 0x0C, 0xF1, 0x56, 0xA4, 0x6A, 0x88, 0x6A, 0xF2, 0xF6, 0x40, 0xEF, 0x0A, 0x78, 0x42, 0xA0, 0x90, 0x60, 0xD3, 0x3E, 0x6F, 0x10, 0xCE, 0xD1, 0xA7, 0x9F, 0x3D, 0xD3, 0x3C, 0xE6, 0xDB, 0x99 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 192-bit key +Key: 0xC5, 0xB6, 0x72, 0x47, 0x9D, 0x49, 0xAE, 0xF0, 0xCB, 0x84, 0xED, 0xA4, 0x9B, 0x97, 0x6D, 0x3C, 0xCC, 0x54, 0x88, 0x37, 0x36, 0x40, 0x7D, 0x68 +IV: 0xB1, 0xEA, 0x73, 0xEC, 0x33, 0x7B, 0xBB, 0x5F, 0x38, 0x8F, 0x56, 0x4F, 0x67, 0x43, 0xB7, 0xF1 +Plaintext: 0x72, 0x8F, 0xC9, 0x13, 0x3E, 0xD7, 0x34, 0x52, 0x44, 0xBC, 0xDD, 0x8D, 0x37, 0x38, 0xAB, 0x9A, 0xE6, 0xEA, 0x91, 0x37, 0x65, 0xAE, 0xC9, 0x43, 0x67, 0x71, 0x5D, 0x2E, 0xEF, 0x44, 0xEC, 0xAE, 0x28, 0xAE, 0xAB, 0xB3, 0x90, 0x47, 0xAA, 0x9E, 0x5C, 0x82, 0x59, 0xAD, 0x19, 0xCB, 0x4A, 0xBA +Ciphertext: 0x58, 0x77, 0x4D, 0x0A, 0x11, 0x36, 0x57, 0xDB, 0xDC, 0x24, 0xCB, 0x92, 0x8D, 0x20, 0x17, 0x17, 0xB3, 0x0C, 0x5B, 0xDC, 0x5F, 0xCB, 0x04, 0x1B, 0xD6, 0xC8, 0x35, 0x1D, 0x2E, 0x84, 0xE3, 0xDB, 0x2D, 0x17, 0x46, 0x0C, 0x9E, 0xE7, 0x5B, 0x78, 0xC9, 0x75, 0xB4, 0x07, 0x94, 0xDB, 0xDC, 0x50 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 192-bit key +Key: 0x8F, 0xD2, 0x38, 0x26, 0xEA, 0x26, 0x49, 0x10, 0x1C, 0x05, 0x90, 0xCA, 0x7D, 0x73, 0xD6, 0x8D, 0xB4, 0x89, 0x9A, 0x6B, 0xDB, 0x10, 0x56, 0x86 +IV: 0xDE, 0x4E, 0x04, 0x80, 0x24, 0x20, 0xE1, 0x32, 0x72, 0x49, 0x71, 0xA1, 0x0C, 0x0A, 0xC3, 0x2D +Plaintext: 0x1D, 0xF3, 0xF6, 0x0C, 0x58, 0xF8, 0xFC, 0xF7, 0xE0, 0xC7, 0x9E, 0x23, 0x65, 0x59, 0xC0, 0x73, 0x90, 0xC7, 0xE7, 0xEC, 0xA2, 0x60, 0xF8, 0x69, 0x58, 0xF8, 0x43, 0x90, 0x11, 0x82, 0xBF, 0x04, 0x32, 0xE2, 0x97, 0xDC, 0xCA, 0xFC, 0xE6, 0x55, 0x72, 0x11, 0xBF, 0xC3, 0x78, 0x4B, 0x71, 0xCE, 0x3C, 0x96, 0x09, 0xDA, 0xD9, 0xB2, 0x18, 0xC7, 0x08, 0x86, 0xB6, 0xDB, 0x42, 0xB8, 0xC6, 0xFC +Ciphertext: 0x43, 0xA1, 0x5C, 0x83, 0x7A, 0x18, 0x06, 0x35, 0xCE, 0xA9, 0x49, 0x45, 0xC5, 0xA5, 0x9D, 0x44, 0xA0, 0xFC, 0x0D, 0x3B, 0xB7, 0xC1, 0x4E, 0xF0, 0x07, 0xCC, 0x40, 0x42, 0xC5, 0x76, 0x4A, 0x90, 0xA5, 0x68, 0xBD, 0xAC, 0x6D, 0xD8, 0x60, 0x1E, 0xD4, 0x37, 0xFA, 0x1A, 0x45, 0x7E, 0x85, 0x86, 0xF9, 0x3C, 0x5E, 0x4E, 0x03, 0x54, 0xC7, 0x8C, 0x2E, 0x98, 0xDA, 0x31, 0x17, 0xF4, 0x8F, 0x0A +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 192-bit key +Key: 0x25, 0x7A, 0x7C, 0x23, 0x19, 0xA7, 0x1D, 0x0D, 0x33, 0x0E, 0x06, 0x34, 0x5A, 0x0E, 0xF0, 0xFD, 0xA8, 0x63, 0x72, 0x33, 0x12, 0x3F, 0xC7, 0xB4 +IV: 0x4C, 0x9C, 0xD2, 0x6A, 0xE7, 0xD1, 0x5F, 0x7D, 0xBD, 0x64, 0xAC, 0xC7, 0x8E, 0x20, 0x28, 0x89 +Plaintext: 0xEB, 0x67, 0x7A, 0x5C, 0x53, 0xC9, 0xC5, 0x6A, 0x9D, 0xD5, 0x2B, 0xDD, 0x95, 0x2E, 0x90, 0x98, 0xEA, 0xE2, 0xA0, 0x25, 0x48, 0xF8, 0x13, 0xEF, 0xC1, 0x48, 0x2F, 0xB2, 0x71, 0x90, 0x8F, 0x2F, 0x62, 0xC3, 0x24, 0x24, 0xAD, 0xA4, 0x79, 0x7B, 0xE2, 0x94, 0x3B, 0xC2, 0xAA, 0xA8, 0xF8, 0xDB, 0xAB, 0xFF, 0x27, 0xF5, 0xAC, 0x53, 0x69, 0xBB, 0xFA, 0xCD, 0x0E, 0xCA, 0x0A, 0x1E, 0xDB, 0x69, 0x5F, 0xCB, 0x0A, 0x74, 0xAE, 0xC8, 0x93, 0x9A, 0x41, 0x49, 0xAA, 0xC9, 0x99, 0xD5, 0x89, 0xE5 +Ciphertext: 0xF7, 0xC2, 0xDE, 0x82, 0xDB, 0x28, 0xF7, 0xB7, 0xE6, 0x25, 0x8B, 0xB5, 0x31, 0xB9, 0x22, 0x15, 0x69, 0xE6, 0xDB, 0x58, 0x97, 0x29, 0x02, 0x50, 0xC2, 0xF4, 0x73, 0x80, 0x9D, 0x43, 0x49, 0xCD, 0x48, 0xBE, 0x5C, 0x54, 0x7F, 0x5F, 0x60, 0xFF, 0xFD, 0x42, 0xBE, 0x92, 0xB0, 0x91, 0xBC, 0x96, 0x3F, 0x0D, 0x57, 0x58, 0x39, 0x7D, 0x3C, 0x33, 0xCA, 0x5D, 0x32, 0x83, 0x4E, 0xC1, 0x7F, 0x47, 0x35, 0x12, 0x5C, 0x32, 0xAC, 0xFC, 0xE6, 0x45, 0xB6, 0xDC, 0xB7, 0x16, 0x87, 0x4F, 0x19, 0x00 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 192-bit key +Key: 0x57, 0x9C, 0x6F, 0xC0, 0x5D, 0x0A, 0xE9, 0x47, 0x30, 0x9C, 0x50, 0xF9, 0xA0, 0xF3, 0x93, 0x9E, 0xAC, 0x27, 0x36, 0x35, 0xA0, 0x5D, 0x9B, 0x2E +IV: 0x80, 0x9C, 0x81, 0xD9, 0xA9, 0xDC, 0xCA, 0x1F, 0xB6, 0x60, 0x81, 0x70, 0xA1, 0x46, 0x1B, 0xFC +Plaintext: 0x2A, 0x5D, 0xFD, 0x26, 0x7D, 0x36, 0x3F, 0x35, 0x0F, 0x7E, 0xB0, 0x4D, 0xC9, 0x8A, 0x1A, 0x9F, 0x68, 0x34, 0xC7, 0xDC, 0x24, 0xE6, 0x43, 0xEF, 0x8F, 0xF4, 0x64, 0xEB, 0xC1, 0x2F, 0x88, 0x42, 0xB2, 0xB7, 0x1E, 0x39, 0xE7, 0x10, 0x68, 0x98, 0x51, 0x78, 0x7E, 0xA6, 0x72, 0x78, 0x97, 0x54, 0xC1, 0xBA, 0x84, 0xB9, 0x50, 0x1A, 0x7D, 0xBE, 0xAC, 0xFF, 0x20, 0x1B, 0x04, 0xEC, 0xB7, 0x82, 0x8E, 0x52, 0xBA, 0x19, 0x27, 0xA9, 0x95, 0x2E, 0x3A, 0xBE, 0xAA, 0x27, 0xE2, 0x4F, 0x9A, 0xB7, 0x53, 0xD5, 0xC0, 0x58, 0x76, 0xA1, 0xFF, 0xF5, 0xD3, 0x2A, 0xBE, 0xE6, 0xB4, 0xA6, 0x30, 0x22 +Ciphertext: 0xF7, 0x67, 0x2A, 0x36, 0x32, 0x99, 0xCA, 0xAB, 0xE0, 0x42, 0x51, 0xFC, 0x42, 0x70, 0x07, 0x74, 0xF1, 0x6A, 0x96, 0x3D, 0xC6, 0x8C, 0x14, 0xE9, 0xAF, 0x10, 0x76, 0x19, 0xC3, 0x4A, 0x46, 0x68, 0x57, 0x94, 0x4C, 0x55, 0xCF, 0x8C, 0xFC, 0xD7, 0x48, 0xFF, 0xEB, 0xA6, 0xB0, 0x88, 0x2B, 0x2F, 0x67, 0xBC, 0xF3, 0x09, 0x4F, 0x0A, 0x92, 0x74, 0x55, 0x83, 0xDC, 0x50, 0x00, 0xD9, 0xA0, 0x7B, 0x62, 0xE3, 0x21, 0xB6, 0xC1, 0xBB, 0xC5, 0xE0, 0xAC, 0x41, 0x43, 0x20, 0x41, 0x52, 0x69, 0x7F, 0xD2, 0x76, 0x9E, 0x15, 0x66, 0x76, 0xC2, 0x3E, 0x9C, 0x78, 0x9D, 0xD8, 0x0A, 0x3B, 0xED, 0x11 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 192-bit key +Key: 0x87, 0xD7, 0xD9, 0xB0, 0x85, 0x28, 0x4E, 0x5F, 0x91, 0xF8, 0x3C, 0xB7, 0x63, 0x36, 0xAB, 0x2F, 0xE5, 0x2E, 0x84, 0xA1, 0xDD, 0xA2, 0x51, 0xFA +IV: 0xCD, 0x1D, 0x45, 0x36, 0x17, 0x84, 0x7C, 0x8C, 0x65, 0xEE, 0x83, 0xE5, 0x48, 0xB5, 0x1B, 0x93 +Plaintext: 0x20, 0xCE, 0x3A, 0x40, 0x3B, 0x55, 0x53, 0x24, 0x41, 0x6C, 0xD7, 0x7C, 0xCF, 0x46, 0xFC, 0x37, 0x62, 0x7F, 0xBD, 0xF2, 0x77, 0xAF, 0x22, 0x26, 0xF0, 0x3E, 0xC1, 0xA0, 0xBA, 0x7A, 0x85, 0x32, 0xAD, 0xE6, 0xAE, 0xA9, 0xB3, 0xD5, 0x19, 0xFE, 0x2D, 0x38, 0xC2, 0xD1, 0x92, 0xB5, 0x87, 0x12, 0x59, 0xF9, 0x2F, 0x02, 0x1A, 0x4E, 0xAA, 0x5A, 0xF0, 0x70, 0x9A, 0xC9, 0x21, 0x9C, 0x13, 0xA4, 0x01, 0xEB, 0x9F, 0xDA, 0x13, 0xDE, 0x86, 0x26, 0x72, 0x3A, 0x4C, 0x88, 0x6F, 0x16, 0x7A, 0xF5, 0x7C, 0x32, 0xA2, 0x4E, 0x49, 0x8A, 0x9D, 0x8F, 0x2C, 0x2B, 0x17, 0x49, 0xC6, 0x46, 0x4E, 0x52, 0xE4, 0x83, 0x16, 0xBA, 0xA3, 0x97, 0x21, 0x02, 0xD8, 0x19, 0x7D, 0x89, 0xAE, 0x91, 0x5E, 0x47 +Ciphertext: 0xBE, 0x76, 0x4F, 0xEB, 0x48, 0x8B, 0x16, 0x28, 0xF4, 0xC5, 0xFE, 0xFA, 0x71, 0x98, 0x23, 0xFA, 0x64, 0xD7, 0xA7, 0xC6, 0x00, 0x52, 0x18, 0xCC, 0xE0, 0x70, 0xB5, 0x15, 0x31, 0x4E, 0x2C, 0x66, 0xDA, 0x1B, 0xB1, 0xA7, 0x6B, 0x87, 0x87, 0x90, 0x7B, 0x10, 0xB7, 0xB6, 0xAA, 0x00, 0xA5, 0x54, 0x85, 0x54, 0xC9, 0xA1, 0x47, 0x1C, 0x78, 0x2D, 0x92, 0x69, 0xC8, 0x86, 0x78, 0x4E, 0xF4, 0x1F, 0xB6, 0x50, 0x3B, 0x90, 0x08, 0x7A, 0xC5, 0x23, 0xD8, 0x14, 0xB9, 0xDA, 0x4E, 0xDD, 0x47, 0x30, 0x55, 0xF4, 0x90, 0x48, 0x5F, 0x60, 0xD0, 0x66, 0x6B, 0xB2, 0xC5, 0x64, 0xB0, 0x90, 0x98, 0x66, 0xBB, 0x36, 0x9B, 0xB5, 0x25, 0xE8, 0x1F, 0x46, 0x67, 0xBE, 0xB5, 0x55, 0x4A, 0x11, 0x77, 0xE0 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 192-bit key +Key: 0x91, 0xD3, 0x1E, 0xBD, 0x4B, 0x8B, 0x82, 0x2C, 0x6D, 0x18, 0x3F, 0x06, 0xF1, 0x9E, 0xBC, 0xA2, 0x1D, 0x56, 0x1A, 0x33, 0xAB, 0x29, 0x72, 0xFB +IV: 0x26, 0x7E, 0x5D, 0xBC, 0x97, 0x50, 0xBA, 0x70, 0x61, 0x83, 0xAB, 0x39, 0x6A, 0x78, 0xE1, 0x9B +Plaintext: 0x7B, 0xDF, 0x1A, 0xE9, 0xEA, 0xCC, 0xE7, 0xFD, 0x76, 0x0D, 0xB3, 0x2C, 0x72, 0xBC, 0x01, 0x7A, 0x26, 0x10, 0xF5, 0x09, 0x72, 0x78, 0x16, 0xD8, 0xB4, 0xEB, 0x52, 0xAA, 0xEC, 0x79, 0x43, 0x43, 0x1E, 0x27, 0xB0, 0xDA, 0xF8, 0xF9, 0x57, 0xCC, 0xB5, 0x50, 0xE9, 0x8E, 0x41, 0x76, 0x57, 0xE5, 0x9E, 0x78, 0x4C, 0x59, 0x86, 0x34, 0xFA, 0xE7, 0x52, 0xB2, 0x1A, 0xF6, 0x1A, 0xB8, 0x2E, 0x8C, 0x1E, 0x98, 0x0A, 0xC2, 0x64, 0x4D, 0x92, 0x75, 0xA3, 0xC6, 0xC5, 0x3F, 0x60, 0x82, 0xFB, 0xA5, 0x57, 0x5D, 0x6A, 0x92, 0x1C, 0xAA, 0xEF, 0x05, 0x02, 0x81, 0x0C, 0x06, 0x3C, 0x5A, 0x2D, 0xDE, 0x42, 0xDB, 0x2F, 0x87, 0x77, 0xEF, 0x22, 0x62, 0x08, 0x18, 0x4E, 0x28, 0x17, 0x06, 0x75, 0x23, 0x19, 0x68, 0x58, 0x9E, 0x7C, 0x02, 0x7C, 0x9A, 0x8D, 0x00, 0x2E, 0xC2, 0x9A, 0x8A, 0xC5, 0xA1 +Ciphertext: 0x2E, 0x75, 0x27, 0x7C, 0x65, 0xEA, 0xA2, 0xB9, 0x64, 0xE5, 0x60, 0xB1, 0xCC, 0xE3, 0x79, 0xE6, 0x2C, 0xC4, 0x10, 0x1B, 0x28, 0xC0, 0x84, 0x32, 0x73, 0x2B, 0xBE, 0xB3, 0x10, 0x12, 0x30, 0x4E, 0xAB, 0xEC, 0x6F, 0x86, 0x92, 0x12, 0xE6, 0x3C, 0x10, 0x53, 0x41, 0xB2, 0x08, 0x0D, 0x80, 0x85, 0x62, 0x84, 0x47, 0xCB, 0x44, 0x52, 0xD4, 0x9C, 0xF6, 0x22, 0xA3, 0x00, 0x6D, 0x32, 0x79, 0x44, 0xA2, 0x5A, 0x24, 0x91, 0x1B, 0xEA, 0x9F, 0x8B, 0x46, 0x5D, 0xAC, 0xB9, 0x11, 0x40, 0xAD, 0x55, 0x50, 0x0F, 0xA4, 0xA8, 0xD5, 0xC6, 0xFB, 0xD4, 0x00, 0xD2, 0x2A, 0x9C, 0x44, 0x8E, 0xF6, 0x2E, 0x97, 0xD0, 0xDF, 0x94, 0xF5, 0x78, 0xBF, 0x6E, 0xFB, 0x0B, 0x5A, 0xA4, 0x29, 0xA8, 0xD9, 0xB5, 0xAE, 0x07, 0xF4, 0x55, 0x74, 0x03, 0x0D, 0x65, 0x2D, 0xC4, 0x29, 0x76, 0xDA, 0x3A, 0xED, 0x4F +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 192-bit key +Key: 0x53, 0x98, 0x27, 0x13, 0x76, 0x08, 0x8F, 0xF9, 0xAC, 0xEE, 0x8D, 0x31, 0xAE, 0x2B, 0x4E, 0xC6, 0xAB, 0x41, 0x1D, 0x63, 0xEE, 0x65, 0x2A, 0x0E +IV: 0xBC, 0xD6, 0x8A, 0x12, 0x7B, 0x6E, 0x80, 0x3D, 0x1A, 0x76, 0xFB, 0x4C, 0xAC, 0xBF, 0x5F, 0xA4 +Plaintext: 0x56, 0xEE, 0x88, 0x43, 0x6C, 0x18, 0x0D, 0xF5, 0xD7, 0x8F, 0xC1, 0xCB, 0xBA, 0xFB, 0x80, 0xC9, 0x55, 0xAC, 0x28, 0xDF, 0x29, 0x2E, 0xE5, 0x1B, 0x5C, 0x1E, 0xB2, 0x1C, 0x60, 0x3D, 0x1C, 0xCA, 0xD0, 0xC3, 0x49, 0x44, 0x9A, 0xF6, 0x3A, 0x1A, 0x63, 0xFA, 0x4D, 0xBD, 0x27, 0xEB, 0x06, 0x33, 0x20, 0x29, 0x0E, 0x0F, 0xEA, 0xF3, 0x7C, 0xA1, 0xE4, 0x38, 0x54, 0x6A, 0xD9, 0xA9, 0x4D, 0xD2, 0xE0, 0x13, 0xD8, 0x1E, 0x80, 0xEC, 0x5D, 0x9C, 0x18, 0x2C, 0xC8, 0x20, 0x7E, 0x5E, 0x44, 0xB4, 0xE7, 0xF6, 0x46, 0x8C, 0x07, 0xE5, 0xCE, 0x38, 0x79, 0x6B, 0xEA, 0x1D, 0x60, 0x2C, 0x7B, 0x26, 0x4F, 0x87, 0x3B, 0xB7, 0x66, 0x23, 0xFF, 0xE3, 0xBE, 0xCA, 0x3A, 0xDE, 0x08, 0x7B, 0xC3, 0xB5, 0x70, 0xBA, 0xD8, 0x3C, 0xC8, 0x2B, 0x62, 0x48, 0xE2, 0x5F, 0x7A, 0x1F, 0x3D, 0xEE, 0x2D, 0x2D, 0xE4, 0xC6, 0x7C, 0xF9, 0x94, 0xC2, 0xA7, 0x57, 0x1D, 0x7F, 0xAC, 0xDE, 0x0A, 0x6B, 0x0A, 0x9C +Ciphertext: 0x0C, 0xC6, 0x7F, 0xA3, 0x77, 0x1B, 0x23, 0x28, 0x9F, 0xAF, 0xFF, 0xFC, 0xF8, 0x30, 0x90, 0xE9, 0xFB, 0xB2, 0x64, 0xA3, 0xF3, 0xBC, 0x40, 0xB7, 0x1E, 0x53, 0xE4, 0xE7, 0x0A, 0xFE, 0x99, 0x6F, 0xD8, 0xEA, 0x7A, 0x10, 0x38, 0x80, 0x5D, 0x89, 0x89, 0x10, 0x31, 0x41, 0x2C, 0xAD, 0x7F, 0x6F, 0x08, 0x67, 0xB8, 0x31, 0x0B, 0x28, 0xE3, 0x7F, 0x8A, 0x42, 0x25, 0xC4, 0x11, 0x6D, 0x48, 0x89, 0xEE, 0x47, 0x20, 0x1E, 0x5E, 0x97, 0x44, 0x0A, 0x45, 0xAB, 0x24, 0x79, 0xDA, 0xE3, 0xB0, 0x05, 0xF7, 0x6E, 0xDC, 0x28, 0x89, 0xAB, 0xD0, 0x62, 0xEC, 0x65, 0x5E, 0x81, 0xB2, 0x5E, 0xFD, 0x32, 0x81, 0x5F, 0xB0, 0xAF, 0xF6, 0x4C, 0x51, 0x4B, 0xC1, 0x2D, 0x26, 0xC5, 0x2E, 0xB2, 0xF7, 0x27, 0x3E, 0x1E, 0xE5, 0x47, 0x98, 0xF6, 0xEA, 0xD2, 0x03, 0xFF, 0xCB, 0xDC, 0xAA, 0xF6, 0x14, 0x51, 0xF8, 0xB9, 0x20, 0xF2, 0x2C, 0x64, 0x5F, 0x3A, 0x7E, 0x23, 0x5C, 0x12, 0xD7, 0x6D, 0xFF, 0xFA +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 192-bit key +Key: 0x84, 0x1E, 0xCA, 0x09, 0x74, 0xEE, 0xC0, 0x3A, 0xE8, 0xBD, 0x0F, 0x57, 0xB8, 0x16, 0xEB, 0x4F, 0x69, 0x79, 0xA3, 0xCA, 0x51, 0xF2, 0xDE, 0x60 +IV: 0xFC, 0xF0, 0x24, 0x08, 0xCF, 0x55, 0xA1, 0xD3, 0xEB, 0xCA, 0x26, 0xDA, 0x55, 0x55, 0x71, 0x74 +Plaintext: 0x53, 0x2D, 0xAE, 0xAD, 0x19, 0xCD, 0x3E, 0xF4, 0xA4, 0x47, 0xB6, 0x14, 0xE7, 0xDB, 0x2B, 0x66, 0x25, 0xC8, 0xAD, 0x44, 0x9E, 0x62, 0x11, 0xC0, 0x6D, 0x65, 0xF4, 0x96, 0xB1, 0x89, 0xFC, 0x60, 0xEB, 0x56, 0x61, 0x09, 0xA7, 0x3A, 0xAC, 0x84, 0x5F, 0xD9, 0xBF, 0xBE, 0x9C, 0xA4, 0x16, 0xD1, 0x5E, 0xAD, 0x4C, 0x7A, 0xBE, 0xB9, 0xE1, 0xCD, 0xD2, 0x97, 0x3A, 0x27, 0xD1, 0xB1, 0xE9, 0x65, 0x77, 0xE1, 0x2F, 0x53, 0xAB, 0x86, 0xBF, 0x67, 0x60, 0xD6, 0xC5, 0xB0, 0xB9, 0x76, 0x27, 0x09, 0x70, 0x48, 0x0B, 0x92, 0x78, 0x84, 0x99, 0x61, 0xE1, 0x0A, 0x02, 0x74, 0xFD, 0xF6, 0xC1, 0xEA, 0xC1, 0x75, 0x21, 0x73, 0x6D, 0xD8, 0xFF, 0x06, 0x70, 0xE7, 0xD1, 0xD2, 0x85, 0x78, 0xE7, 0x76, 0x23, 0x40, 0xF1, 0x74, 0x14, 0xE8, 0xC2, 0xE3, 0x63, 0x63, 0x53, 0x65, 0x7C, 0x80, 0x0B, 0x59, 0x8F, 0xBB, 0x3D, 0x52, 0x35, 0x59, 0xF3, 0xC7, 0x56, 0xB4, 0xEA, 0x0C, 0x4A, 0xD3, 0xDD, 0x80, 0x3E, 0x3D, 0x06, 0x09, 0xDA, 0x0F, 0xE3, 0xBD, 0x21, 0x4D, 0x36, 0xE2, 0x98, 0x76, 0x4F, 0x19 +Ciphertext: 0x3E, 0x23, 0xF2, 0x14, 0x9F, 0x53, 0xE8, 0x64, 0xD3, 0x4E, 0x6A, 0xBD, 0xA7, 0xAD, 0xF9, 0xA3, 0x80, 0x5F, 0x27, 0x75, 0x2E, 0xEE, 0xCC, 0xDA, 0x72, 0x07, 0x41, 0x99, 0x1D, 0x37, 0x34, 0x3B, 0x00, 0xFD, 0x35, 0x03, 0x06, 0xF3, 0xBA, 0xD8, 0xA8, 0xC0, 0x31, 0x0C, 0x7F, 0x96, 0x1F, 0xCF, 0x46, 0x96, 0x4E, 0x38, 0x93, 0x90, 0xD0, 0xFC, 0xCA, 0x59, 0x1F, 0xE0, 0x5D, 0xC4, 0x9B, 0x48, 0x8D, 0xD2, 0xB4, 0x29, 0x18, 0xFD, 0xAD, 0x89, 0x3A, 0xCF, 0x2F, 0xA2, 0x29, 0x59, 0xC6, 0xC5, 0x91, 0x0C, 0xB7, 0xE5, 0x7A, 0x1E, 0xC7, 0xC1, 0x07, 0x88, 0x90, 0xA1, 0xB3, 0xA3, 0x94, 0x41, 0x56, 0x7E, 0x03, 0x6D, 0x3B, 0x90, 0x0A, 0x83, 0xED, 0x40, 0xB4, 0xD7, 0x83, 0x61, 0xCD, 0xB5, 0xF2, 0xB7, 0x83, 0xBC, 0x1A, 0x0A, 0x41, 0x6D, 0xAB, 0xCA, 0xDB, 0xD8, 0xDE, 0xD4, 0x4A, 0x76, 0xF7, 0x3A, 0xE2, 0x35, 0x76, 0x3B, 0x6E, 0x8C, 0xED, 0xC2, 0x37, 0xB4, 0x32, 0x9F, 0x71, 0x62, 0x4E, 0x55, 0xDC, 0x42, 0xAE, 0xC5, 0xB3, 0x80, 0xD8, 0x04, 0x20, 0xF2, 0x85, 0x94, 0xE6, 0xB3 +Test: Encrypt +# +# +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 256-bit key +Key: 0xAA, 0x5B, 0x8D, 0xD6, 0x4B, 0x30, 0x23, 0x13, 0xDC, 0xE4, 0x18, 0x46, 0x4E, 0xAE, 0x92, 0x90, 0x8B, 0xE9, 0x53, 0x37, 0x11, 0x21, 0x84, 0x56, 0xE0, 0x6E, 0xB1, 0xD3, 0x97, 0x00, 0x16, 0x92 +IV: 0xDA, 0xFC, 0x19, 0xE8, 0xF6, 0x87, 0x17, 0x53, 0xC8, 0x1F, 0x63, 0x68, 0xDB, 0x32, 0x8C, 0x0C +Plaintext: 0xD0, 0xE9, 0xDF, 0xE7, 0x03, 0x45, 0x2D, 0x16, 0x6B, 0x6E, 0xCF, 0x20, 0xC2, 0x48, 0xE6, 0x2C +Ciphertext: 0xFC, 0x9A, 0x78, 0xBA, 0x8F, 0x08, 0xAE, 0xA8, 0x2F, 0x9A, 0x37, 0xE5, 0xBD, 0x2C, 0x04, 0xD8 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 256-bit key +Key: 0xE6, 0x46, 0xE7, 0x71, 0x80, 0x83, 0x58, 0xED, 0xE3, 0x0F, 0xD4, 0x5A, 0x37, 0x86, 0x55, 0x5E, 0xD6, 0xE8, 0xB3, 0x02, 0xF6, 0xA4, 0x67, 0x65, 0x89, 0xF6, 0x95, 0xB2, 0x61, 0x73, 0x4A, 0x4F +IV: 0x98, 0xE3, 0x02, 0x57, 0x2F, 0x4E, 0x6D, 0x4B, 0xF5, 0x5A, 0x72, 0x04, 0xAA, 0xD4, 0x75, 0xEC +Plaintext: 0x65, 0x8C, 0xD5, 0x6E, 0x33, 0x66, 0xB9, 0xAB, 0x01, 0xAE, 0x0D, 0x6F, 0xBC, 0xAC, 0xC7, 0x63, 0xB6, 0x78, 0x6F, 0x84, 0x4C, 0x10, 0xDE, 0xD3, 0xC6, 0xA8, 0x46, 0x4E, 0x7E, 0x41, 0x72, 0x20 +Ciphertext: 0x14, 0x93, 0x4B, 0xE0, 0x0D, 0x58, 0x76, 0x42, 0x70, 0x5F, 0x1C, 0x34, 0xAA, 0x10, 0xD1, 0x8E, 0x34, 0x53, 0x44, 0x4F, 0x73, 0x13, 0xF5, 0x6B, 0x42, 0xCD, 0x7C, 0xBE, 0x22, 0x9E, 0xBB, 0x9E +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 256-bit key +Key: 0x45, 0x7D, 0x4F, 0x15, 0x02, 0xB2, 0xAC, 0x50, 0x9C, 0x3D, 0x3E, 0x40, 0x1A, 0x19, 0xE7, 0xD0, 0x09, 0xB0, 0x37, 0xDE, 0x1E, 0xF0, 0x34, 0xEF, 0x1D, 0xA2, 0x56, 0x21, 0xF9, 0xF7, 0xD6, 0x61 +IV: 0x3D, 0x64, 0x29, 0xDD, 0xAA, 0xB0, 0xC7, 0xBC, 0x22, 0x4C, 0x30, 0x0D, 0xC5, 0xE2, 0x31, 0xFE +Plaintext: 0x59, 0x30, 0x63, 0x4F, 0xEF, 0x17, 0xF6, 0x06, 0xC3, 0xEF, 0xAC, 0x63, 0x65, 0x1E, 0x28, 0x16, 0x16, 0xE9, 0x69, 0xB0, 0x75, 0x8A, 0x92, 0x58, 0x5B, 0x82, 0xEC, 0xBF, 0x03, 0x30, 0x2D, 0x56, 0x6E, 0xA3, 0xFB, 0xBE, 0x05, 0xAD, 0xAC, 0x7F, 0x81, 0x38, 0x50, 0xFE, 0x08, 0xDD, 0xF1, 0xA9 +Ciphertext: 0x41, 0x89, 0xCE, 0x26, 0xE8, 0xC1, 0xDD, 0x4E, 0xE0, 0xED, 0xE9, 0xE9, 0x5A, 0x21, 0xC2, 0x42, 0x50, 0xE9, 0x16, 0x15, 0x32, 0x54, 0xB5, 0xC8, 0xEC, 0x62, 0x45, 0x32, 0x2D, 0x52, 0x93, 0xEA, 0xC5, 0xFE, 0xE4, 0x44, 0x58, 0xC6, 0x04, 0x65, 0x9E, 0x01, 0xD3, 0x03, 0x9D, 0x8C, 0xF3, 0x78 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 256-bit key +Key: 0x98, 0xB3, 0x19, 0x75, 0xA9, 0x65, 0x95, 0x8A, 0x0E, 0x88, 0x79, 0x3C, 0x1D, 0x2B, 0x64, 0x3E, 0x0F, 0xAF, 0x05, 0x12, 0xAA, 0xD9, 0xDE, 0xC4, 0x1D, 0x25, 0x48, 0xD8, 0x2B, 0x5D, 0xB8, 0x81 +IV: 0x8B, 0x6B, 0x40, 0x14, 0x8F, 0x6C, 0x59, 0xBB, 0x05, 0x05, 0xDF, 0x6E, 0x5B, 0xFA, 0x5D, 0x1F +Plaintext: 0x06, 0xFC, 0x8B, 0x35, 0x23, 0xC3, 0x15, 0x3C, 0x5F, 0x5D, 0x9E, 0xDB, 0x15, 0xC6, 0x05, 0x06, 0xB7, 0xB8, 0xE7, 0x74, 0x6F, 0xC4, 0x65, 0x54, 0x06, 0xA2, 0x27, 0x3C, 0x04, 0xC6, 0xA0, 0x62, 0x19, 0x33, 0x94, 0x0E, 0xBB, 0x94, 0xD8, 0x4F, 0x11, 0x89, 0x5A, 0xEE, 0x10, 0x3F, 0x61, 0xA0, 0xE4, 0x43, 0x15, 0x7F, 0x91, 0x98, 0x41, 0xBB, 0xDA, 0x07, 0x58, 0x8D, 0x62, 0xB6, 0xB6, 0x6D +Ciphertext: 0x8F, 0x7F, 0x09, 0x50, 0x8A, 0xA0, 0xC2, 0x64, 0x0E, 0xEB, 0xC8, 0x1A, 0x87, 0x53, 0xBC, 0xBB, 0xDA, 0xAB, 0x75, 0x1E, 0xD7, 0x04, 0x0B, 0x20, 0x7A, 0x64, 0x0F, 0xC9, 0x6C, 0xDE, 0xB9, 0xB4, 0x15, 0xBC, 0x1E, 0x60, 0x3B, 0xFC, 0x40, 0x50, 0xDE, 0x8A, 0xAD, 0x14, 0xDE, 0x8F, 0x82, 0x4F, 0x3C, 0xBB, 0xC6, 0x5A, 0x51, 0x69, 0x2F, 0x13, 0xAA, 0x4B, 0xBA, 0x5D, 0xB5, 0x57, 0xBD, 0xF0 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 256-bit key +Key: 0x11, 0xFC, 0x29, 0x85, 0xB9, 0x74, 0xB0, 0x65, 0xF9, 0x50, 0x82, 0xF8, 0x62, 0xF0, 0x52, 0xB7, 0xD9, 0xB4, 0xD2, 0x1C, 0x3C, 0x0E, 0x76, 0x5A, 0x49, 0xDB, 0x7A, 0x4B, 0xBB, 0xF3, 0x26, 0xAA +IV: 0xB5, 0xFE, 0x51, 0x82, 0x64, 0x8A, 0x24, 0xE6, 0xE1, 0x5B, 0x20, 0xE3, 0x54, 0x02, 0x62, 0xB3 +Plaintext: 0x5F, 0xB2, 0x26, 0x33, 0xBA, 0x4E, 0x8B, 0x98, 0x1A, 0xC6, 0x96, 0x5D, 0x58, 0xA4, 0x78, 0x7F, 0xCF, 0xE2, 0x14, 0xED, 0x06, 0xFF, 0xBC, 0x3A, 0x8F, 0x52, 0x3B, 0x96, 0x2E, 0x9D, 0x19, 0xFC, 0x3E, 0xE5, 0x1A, 0xAD, 0x51, 0x81, 0x08, 0xDC, 0x17, 0x72, 0xB2, 0xAB, 0x81, 0xF2, 0x35, 0x56, 0x25, 0x4F, 0x7A, 0xAE, 0xE5, 0xFA, 0x00, 0xCA, 0xCB, 0xDB, 0xDC, 0xF9, 0x38, 0xE8, 0xFE, 0xFA, 0x3E, 0xF6, 0xB5, 0x70, 0x4A, 0xCF, 0x76, 0x90, 0x06, 0x84, 0xD9, 0x1D, 0x7D, 0x05, 0xE4, 0x96 +Ciphertext: 0xA0, 0x03, 0x29, 0xCC, 0xFD, 0x82, 0xBD, 0x62, 0x39, 0x1C, 0xC9, 0xE0, 0xC8, 0x69, 0x46, 0x45, 0x31, 0xC8, 0x1E, 0x6B, 0x5F, 0x37, 0x97, 0xA2, 0xCB, 0x93, 0x19, 0x4A, 0x02, 0x42, 0x09, 0x2A, 0x85, 0x5C, 0x78, 0x43, 0xB5, 0xE1, 0x1B, 0x69, 0x67, 0x08, 0x79, 0xA3, 0xD5, 0x2D, 0xCB, 0xD5, 0x30, 0x3E, 0x9B, 0xF2, 0x1B, 0xA7, 0x0B, 0x72, 0x5F, 0xE5, 0xF8, 0xD8, 0x40, 0x45, 0xAB, 0x8E, 0x8E, 0x14, 0xF6, 0x0A, 0x85, 0xC1, 0x41, 0x3C, 0x88, 0x56, 0xF0, 0x7D, 0x4D, 0xFD, 0x7E, 0x0E +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 256-bit key +Key: 0x81, 0xEE, 0x8C, 0xAE, 0x49, 0xA4, 0x79, 0xFC, 0x5F, 0xA1, 0x0A, 0xF4, 0xBA, 0x0C, 0x99, 0x16, 0x26, 0x8D, 0x00, 0x65, 0xED, 0x5F, 0x5B, 0x1B, 0xB0, 0xA7, 0x10, 0x9B, 0x96, 0x04, 0x0D, 0xA7 +IV: 0xA9, 0x67, 0x51, 0xD3, 0x7C, 0x25, 0xAE, 0x39, 0x11, 0x4A, 0xCD, 0x6F, 0xFB, 0x31, 0x72, 0xB6 +Plaintext: 0xC0, 0x51, 0x01, 0x74, 0x81, 0x5A, 0x42, 0xE5, 0xDD, 0x81, 0x61, 0x0D, 0x12, 0x17, 0x39, 0xF1, 0x65, 0x61, 0xD1, 0x06, 0xC5, 0xA4, 0x27, 0xEA, 0xAB, 0x7F, 0x2D, 0x52, 0x44, 0x7D, 0x12, 0x44, 0xD2, 0xEB, 0xC2, 0x86, 0x50, 0xE7, 0xB0, 0x56, 0x54, 0xBA, 0xD3, 0x5B, 0x3A, 0x68, 0xEE, 0xDC, 0x7F, 0x85, 0x15, 0x30, 0x6B, 0x49, 0x6D, 0x75, 0xF3, 0xE7, 0x33, 0x85, 0xDD, 0x1B, 0x00, 0x26, 0x25, 0x02, 0x4B, 0x81, 0xA0, 0x2F, 0x2F, 0xD6, 0xDF, 0xFB, 0x6E, 0x6D, 0x56, 0x1C, 0xB7, 0xD0, 0xBD, 0x7A, 0x24, 0x37, 0xB7, 0x3E, 0x07, 0x44, 0xB2, 0x2B, 0xE6, 0xF0, 0x0E, 0x31, 0xC4, 0xC6 +Ciphertext: 0x8B, 0xF4, 0xA9, 0x42, 0x36, 0x2B, 0x70, 0xF4, 0xCC, 0x06, 0x6C, 0x6E, 0x3D, 0x87, 0xA5, 0xF1, 0x85, 0xAA, 0x16, 0x96, 0x3B, 0x1C, 0x24, 0x31, 0x3C, 0x33, 0x0B, 0x2F, 0x86, 0xD3, 0x70, 0x69, 0xC5, 0x6C, 0x15, 0x69, 0xA0, 0x9B, 0x7F, 0x02, 0x94, 0x68, 0x9D, 0x1D, 0x3F, 0x16, 0x27, 0xE6, 0xFF, 0x9E, 0xCB, 0x37, 0x18, 0xE8, 0xAD, 0x34, 0x95, 0x58, 0xB5, 0x8C, 0x22, 0xBB, 0xA6, 0x9B, 0x1D, 0x7A, 0x28, 0x6F, 0xEB, 0x0C, 0xD8, 0x0E, 0xB6, 0x4E, 0xDC, 0x08, 0x4D, 0x90, 0x9C, 0xEF, 0x69, 0x42, 0x4E, 0xAC, 0x5D, 0xFB, 0xD4, 0xEF, 0x8B, 0x26, 0x47, 0x20, 0xF4, 0xEF, 0x48, 0x65 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 256-bit key +Key: 0x81, 0x3F, 0xA2, 0x4F, 0xBA, 0x5A, 0x46, 0xCD, 0x44, 0xEC, 0x3B, 0x2B, 0xAE, 0x5E, 0x19, 0x35, 0xE9, 0xE8, 0x07, 0x05, 0xF1, 0xA8, 0x7D, 0xBD, 0xAF, 0xF2, 0x4F, 0x7C, 0x1F, 0xE8, 0xE7, 0x8A +IV: 0xAE, 0x4A, 0xD1, 0xD6, 0xE6, 0x8F, 0x7E, 0xA3, 0x4C, 0x34, 0x41, 0x7E, 0x89, 0x54, 0x9E, 0x73 +Plaintext: 0xC9, 0x79, 0xC4, 0x80, 0x61, 0xB2, 0x58, 0x4A, 0xB4, 0xE5, 0x74, 0x0F, 0x57, 0x67, 0xF0, 0xDC, 0x73, 0xCA, 0xE0, 0x00, 0x6B, 0xF6, 0x5D, 0xC0, 0xBF, 0x7B, 0x89, 0x4C, 0x31, 0x26, 0xCD, 0xF2, 0x26, 0xD3, 0x65, 0x92, 0x4E, 0x81, 0x1F, 0x52, 0x87, 0xAC, 0x5F, 0x92, 0xFF, 0xD7, 0x67, 0x23, 0x99, 0x68, 0xD5, 0xB3, 0x93, 0xB8, 0x6D, 0x8C, 0x65, 0x6B, 0x19, 0x7F, 0xEC, 0xFD, 0x2E, 0x1A, 0xC7, 0x9E, 0xF1, 0x22, 0x02, 0x40, 0x5A, 0x3D, 0xF1, 0xEE, 0x18, 0xEE, 0x5F, 0x5F, 0xD4, 0xC6, 0xE9, 0xCB, 0xBA, 0xD9, 0xA4, 0xFD, 0x36, 0x70, 0x06, 0xAA, 0xFB, 0xFD, 0x03, 0x01, 0x4A, 0x54, 0x76, 0x83, 0x71, 0x17, 0xC3, 0x15, 0x92, 0x72, 0xBA, 0x53, 0xA5, 0x09, 0xBF, 0x28, 0xC0, 0x2F +Ciphertext: 0xC9, 0xF7, 0xBA, 0x69, 0xDA, 0xAA, 0xF8, 0xBA, 0x4C, 0x4A, 0xAF, 0xA9, 0x17, 0x87, 0xE1, 0x5F, 0xA0, 0x3F, 0x17, 0x64, 0x07, 0xA2, 0x64, 0x04, 0x5D, 0xD6, 0x55, 0xF2, 0x72, 0x3B, 0x26, 0x0D, 0x42, 0xBD, 0xAC, 0xE6, 0xD2, 0x26, 0xC3, 0x78, 0x34, 0xF2, 0xA3, 0xAE, 0x2A, 0x1D, 0x3B, 0xF5, 0x07, 0x1F, 0x72, 0xDD, 0x67, 0x70, 0xA4, 0x4C, 0x40, 0x92, 0x73, 0x5D, 0x35, 0x05, 0xED, 0x44, 0x05, 0xDE, 0xB9, 0xD4, 0x51, 0x92, 0xC6, 0xF8, 0x3D, 0x83, 0xE3, 0xE2, 0x46, 0x3C, 0x1C, 0x63, 0xD8, 0xB8, 0x35, 0xBE, 0x81, 0x0A, 0x6D, 0x8E, 0xA9, 0x2F, 0x5C, 0xAC, 0x71, 0x99, 0x01, 0x68, 0xF3, 0x94, 0x8D, 0x1C, 0x95, 0x6C, 0x86, 0x51, 0xCD, 0xA0, 0xD9, 0x2E, 0x46, 0x3C, 0x81, 0xFF +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 256-bit key +Key: 0x28, 0x9B, 0x96, 0x59, 0xE7, 0xEC, 0x3F, 0xD2, 0x69, 0xE0, 0x37, 0xB0, 0xBE, 0x59, 0xA8, 0x06, 0xF9, 0x29, 0xEC, 0x5B, 0xDA, 0x28, 0x4D, 0x5B, 0xAA, 0x85, 0x10, 0xCD, 0x67, 0x59, 0xB3, 0xC5 +IV: 0x21, 0x82, 0x72, 0x1B, 0xA4, 0xAE, 0x10, 0x1B, 0x57, 0xB6, 0xD3, 0x7E, 0x64, 0x2E, 0xD1, 0x9A +Plaintext: 0x19, 0x3A, 0x6A, 0xD5, 0x8F, 0xA2, 0x16, 0x5F, 0x89, 0x29, 0x61, 0x21, 0x9E, 0x1B, 0x33, 0xF0, 0x9B, 0x26, 0x55, 0x07, 0x23, 0x6A, 0x31, 0xB4, 0x98, 0xD3, 0xD9, 0x51, 0x3F, 0xA7, 0x4B, 0x76, 0x9E, 0x5B, 0xF4, 0x6D, 0x29, 0xAB, 0x72, 0xE6, 0x1E, 0xEA, 0x9E, 0xEC, 0xAE, 0x96, 0xCA, 0x18, 0x5D, 0x2F, 0x47, 0x05, 0xAB, 0x49, 0x2B, 0x03, 0xF4, 0xE1, 0x50, 0x10, 0x95, 0xED, 0xA0, 0x04, 0x50, 0x36, 0x90, 0x0B, 0xF2, 0x6A, 0xEB, 0x58, 0x32, 0x6D, 0xD1, 0x18, 0xDD, 0xF1, 0xFF, 0xA5, 0x30, 0x46, 0x51, 0xFD, 0x85, 0x73, 0x84, 0x72, 0x33, 0x85, 0x41, 0xA3, 0xAF, 0x27, 0x57, 0xAA, 0xF7, 0x73, 0x49, 0x97, 0x30, 0x08, 0x08, 0x1E, 0x8D, 0x5D, 0x01, 0x8C, 0x74, 0x55, 0x5A, 0xFF, 0xDC, 0x13, 0x79, 0xD7, 0xFA, 0x0F, 0xC7, 0x68, 0x1C, 0x69, 0xB3, 0xF1, 0xD5, 0x7E, 0xF9, 0xD2 +Ciphertext: 0x0A, 0x4C, 0x7D, 0xAF, 0xCB, 0x8A, 0x92, 0x8B, 0x0C, 0xEC, 0x6B, 0x08, 0x45, 0x0C, 0x1B, 0xCF, 0x01, 0xA5, 0x6C, 0x3E, 0x71, 0xB6, 0x37, 0x58, 0xE9, 0x10, 0xD3, 0x4F, 0x53, 0x0B, 0x79, 0x05, 0x1D, 0x29, 0xFE, 0xD5, 0xB1, 0x46, 0x04, 0x67, 0x21, 0xA4, 0x09, 0x1B, 0x6D, 0x2C, 0x55, 0x8B, 0x59, 0x6C, 0x7E, 0x06, 0x50, 0x00, 0x78, 0x2C, 0xE0, 0x75, 0x73, 0x6F, 0x39, 0xA2, 0x68, 0xD6, 0x02, 0x4F, 0xD1, 0xF7, 0xAD, 0x7F, 0x8B, 0x17, 0xF3, 0x4B, 0x8D, 0x0F, 0xE1, 0x58, 0x3E, 0x4E, 0x69, 0x62, 0x1B, 0x29, 0x89, 0x59, 0xFD, 0xBC, 0x23, 0xD0, 0xCF, 0xE4, 0x04, 0xD8, 0x3F, 0x7C, 0x22, 0xAF, 0x3F, 0x88, 0x1E, 0x6F, 0xC5, 0x4B, 0x3B, 0x76, 0x13, 0x97, 0x4E, 0x62, 0xA2, 0xFA, 0xB0, 0x6B, 0x01, 0x8B, 0x28, 0xFB, 0x62, 0x13, 0xD5, 0x46, 0x0C, 0xB1, 0x91, 0xF0, 0x33, 0x53 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 256-bit key +Key: 0x5A, 0xBA, 0x24, 0xF9, 0x2C, 0xAD, 0x51, 0x9E, 0xF7, 0x60, 0x37, 0x30, 0xBA, 0xE9, 0x64, 0x8F, 0x29, 0x3D, 0xC9, 0x7B, 0x50, 0x46, 0x79, 0x4D, 0x78, 0x35, 0xAE, 0xE4, 0x4E, 0x1A, 0x0D, 0xE3 +IV: 0x42, 0xB1, 0x2B, 0x1A, 0x2E, 0x7F, 0x4F, 0x41, 0x38, 0x1E, 0x7A, 0xEC, 0xF9, 0xD6, 0xA4, 0xBB +Plaintext: 0xDF, 0x6D, 0x49, 0xD1, 0xCF, 0x3F, 0x24, 0x88, 0x0F, 0x91, 0x3B, 0x63, 0x64, 0x22, 0x1B, 0x45, 0x77, 0x03, 0x65, 0xE0, 0x7D, 0xA9, 0x89, 0x6F, 0x17, 0x41, 0xD2, 0xA8, 0x77, 0x43, 0xA3, 0xEC, 0xC5, 0x4A, 0x00, 0xC2, 0xC1, 0x23, 0x4F, 0x83, 0xA9, 0x23, 0x60, 0x57, 0x5D, 0xBE, 0xAC, 0x5F, 0xC1, 0x56, 0xDA, 0x34, 0x63, 0x51, 0x88, 0x91, 0x5E, 0x6E, 0x47, 0x4C, 0x7E, 0x59, 0xE7, 0x8B, 0xA4, 0x7D, 0xF6, 0x34, 0x6C, 0x19, 0x83, 0xA5, 0x0E, 0x96, 0x27, 0xA6, 0x82, 0x18, 0x47, 0x9B, 0xE8, 0x53, 0x93, 0xFF, 0x26, 0xA0, 0xD2, 0x0D, 0xD3, 0x4F, 0xE2, 0xC0, 0x54, 0x3F, 0xFA, 0xFE, 0x44, 0xAD, 0x33, 0x10, 0x1A, 0x4A, 0x47, 0x56, 0x05, 0x90, 0x98, 0x39, 0x1B, 0x55, 0x74, 0x60, 0xB3, 0xA1, 0x97, 0x27, 0x0F, 0xBD, 0xF1, 0x4D, 0x3F, 0x8C, 0xAA, 0xEC, 0x41, 0x1E, 0x64, 0xAF, 0x6D, 0x83, 0xC0, 0x3F, 0x11, 0xDD, 0x23, 0xFE, 0x58, 0xB9, 0xBA, 0xF8, 0x70, 0xA0, 0xBB, 0x17 +Ciphertext: 0x0E, 0xBF, 0x3B, 0x20, 0x1C, 0x7D, 0x30, 0xA8, 0x76, 0xA2, 0xA7, 0xF4, 0x2F, 0x95, 0x0A, 0x43, 0xF7, 0x88, 0x70, 0xFC, 0x8C, 0x1F, 0xC6, 0xAA, 0x6F, 0x7A, 0xF7, 0x32, 0x25, 0x10, 0x73, 0x5D, 0xFE, 0x2F, 0xE6, 0xDD, 0x9C, 0x4E, 0x25, 0xF2, 0xE3, 0x8B, 0xED, 0x55, 0x74, 0xF4, 0x1C, 0x49, 0xCB, 0xC1, 0x88, 0x74, 0xDA, 0x51, 0xEE, 0x17, 0xD7, 0x5F, 0xC7, 0x1C, 0x9E, 0xB9, 0xB6, 0xCC, 0x3B, 0xA1, 0x04, 0xE4, 0x29, 0x85, 0x1F, 0x86, 0x04, 0x7B, 0x34, 0x85, 0xCB, 0xF3, 0xE7, 0x50, 0xD1, 0xE6, 0x1A, 0xE6, 0xF4, 0xBB, 0x7C, 0x48, 0x53, 0x2B, 0x7F, 0xAF, 0x27, 0x20, 0x5E, 0xF1, 0xA5, 0xE1, 0xBA, 0xFB, 0x33, 0x8A, 0xAD, 0xD7, 0x22, 0xB5, 0x38, 0xF3, 0x18, 0x8F, 0xBB, 0xE9, 0x17, 0xF7, 0x81, 0x2B, 0x1E, 0xED, 0xD7, 0x15, 0x1D, 0xA3, 0x76, 0xD5, 0x26, 0x7B, 0xD9, 0xD3, 0x3B, 0xDC, 0xCB, 0x34, 0x69, 0xD0, 0x6B, 0x77, 0xAC, 0xFA, 0x62, 0x90, 0xC5, 0x54, 0xB2, 0xEF +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CTR, 256-bit key +Key: 0xEB, 0xE8, 0xEE, 0x96, 0x66, 0xD0, 0x6D, 0xB7, 0x69, 0xCD, 0xA8, 0xB9, 0x8F, 0x1E, 0xAB, 0x04, 0xE7, 0xA6, 0xA4, 0xA8, 0x99, 0xFB, 0x9F, 0x05, 0xCD, 0xBB, 0x95, 0xCB, 0xC8, 0x1F, 0xA5, 0x26 +IV: 0x58, 0xD2, 0xA1, 0x32, 0x73, 0x03, 0xCC, 0xB5, 0x1B, 0xB9, 0xE2, 0x0D, 0x84, 0x66, 0x59, 0x67 +Plaintext: 0x79, 0xC0, 0xE7, 0x32, 0xFC, 0xCC, 0x44, 0xD4, 0x2D, 0x3B, 0x31, 0x9B, 0x6D, 0xFA, 0xB9, 0xF6, 0xC2, 0x05, 0xB7, 0xE5, 0x7D, 0x7C, 0x98, 0xAE, 0x1B, 0xF8, 0x62, 0xD2, 0x6A, 0x1F, 0xF5, 0x3F, 0xED, 0x76, 0x92, 0xC7, 0x80, 0x77, 0x99, 0xD1, 0x3F, 0xE4, 0x97, 0x4E, 0xA5, 0x5A, 0x7F, 0xEF, 0xF1, 0x29, 0x38, 0x95, 0xCE, 0x63, 0x58, 0x0A, 0x32, 0x33, 0x30, 0xEE, 0x87, 0x70, 0x08, 0xF4, 0x09, 0x72, 0xAB, 0x4E, 0x6F, 0x25, 0x27, 0x65, 0xCD, 0x5B, 0xCE, 0xCE, 0xB9, 0x67, 0x80, 0x79, 0xAD, 0xE7, 0x2D, 0x2C, 0xAC, 0xE1, 0x95, 0x30, 0x28, 0x12, 0x52, 0x4B, 0x24, 0x82, 0x19, 0xEE, 0x96, 0x5C, 0x3D, 0xAE, 0x0F, 0xFD, 0x74, 0xF8, 0x9D, 0x4B, 0xDE, 0x01, 0xF1, 0x48, 0x43, 0xFD, 0xBD, 0xE7, 0x9D, 0x91, 0x60, 0x1E, 0xD6, 0x8A, 0xC5, 0x3C, 0xD2, 0xCF, 0x88, 0x7D, 0xB0, 0x94, 0x5B, 0xDB, 0x4D, 0xD1, 0xA9, 0x28, 0x0A, 0xF3, 0x79, 0x5A, 0xD0, 0xD1, 0x94, 0x26, 0x51, 0xE1, 0xEA, 0xD0, 0x90, 0xAC, 0x32, 0x41, 0xA3, 0x7F, 0xD1, 0x5A, 0xB7, 0x64, 0xFD, 0x88, 0x56, 0x50 +Ciphertext: 0xCA, 0xDD, 0x51, 0xE5, 0xBF, 0x4A, 0x97, 0x8F, 0x79, 0x7A, 0x1C, 0x0A, 0x63, 0x0B, 0x2F, 0xC4, 0x67, 0x40, 0x0D, 0x77, 0x44, 0x30, 0x3C, 0x87, 0x3D, 0xBE, 0x2B, 0x52, 0xB1, 0xE3, 0x13, 0x7C, 0xD3, 0x6B, 0xA5, 0x23, 0x2A, 0x5E, 0xD3, 0x32, 0xB0, 0x2F, 0x20, 0xAD, 0x25, 0x76, 0xBA, 0x76, 0x2E, 0xC1, 0x66, 0x18, 0xEC, 0x4E, 0xC8, 0x1A, 0x33, 0x4B, 0x20, 0x1A, 0x0A, 0x24, 0x41, 0x38, 0x5C, 0xB9, 0xA9, 0x33, 0x5E, 0x91, 0x4F, 0xCD, 0x1E, 0x00, 0x0B, 0x8C, 0x61, 0x04, 0x07, 0x7F, 0x57, 0x4C, 0x21, 0xC0, 0x61, 0x82, 0x57, 0x1D, 0x69, 0x34, 0xA4, 0x7B, 0x93, 0xF2, 0x7A, 0x86, 0xD2, 0x0B, 0x0B, 0x7B, 0xA6, 0xAC, 0xBB, 0x7B, 0x0D, 0x56, 0x24, 0x31, 0x0A, 0x82, 0x81, 0x58, 0xC1, 0xF3, 0x36, 0xCA, 0x04, 0xA0, 0xFA, 0x01, 0xA6, 0x45, 0x1F, 0x0E, 0x87, 0x69, 0x33, 0xE5, 0x4C, 0xDC, 0x32, 0x89, 0x4A, 0xB2, 0xD3, 0x9B, 0x23, 0x2C, 0x30, 0x16, 0x38, 0xAB, 0xE0, 0xBF, 0x50, 0xCE, 0x33, 0x34, 0x45, 0x88, 0xD0, 0xA7, 0x31, 0xBF, 0x31, 0xDB, 0x42, 0x7F, 0xE2, 0x76 +Test: Encrypt + + + +AlgorithmType: SymmetricCipher +Name: LEA-128/CBC +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 128-bit key +Key: 0x87, 0xF1, 0x42, 0x4F, 0x1A, 0x14, 0x83, 0xCC, 0x1F, 0xD0, 0x35, 0x4E, 0x18, 0xA9, 0x94, 0xAB +IV: 0xCF, 0x58, 0x4E, 0x6E, 0xF6, 0xD6, 0x42, 0x88, 0x0A, 0xB7, 0x87, 0x42, 0x7D, 0xB9, 0xB0, 0x76 +Plaintext: 0x13, 0x9D, 0x4E, 0xFF, 0x8D, 0x35, 0xB7, 0x6E, 0x85, 0xBF, 0x06, 0xFE, 0x99, 0x71, 0x63, 0xCB +Ciphertext: 0x49, 0xB9, 0xF3, 0x22, 0x6D, 0xA5, 0x4B, 0x4A, 0x0D, 0x38, 0x5A, 0x9C, 0x48, 0x70, 0x52, 0x4B +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 128-bit key +Key: 0xCB, 0x55, 0x85, 0x3E, 0x28, 0x57, 0x74, 0xCC, 0xA8, 0x9D, 0x94, 0xE0, 0x56, 0x16, 0xDF, 0x15 +IV: 0xB0, 0x56, 0x72, 0xA9, 0x51, 0xA1, 0x4B, 0x2F, 0xCD, 0x45, 0x51, 0x83, 0xDD, 0x2D, 0x94, 0x03 +Plaintext: 0xBC, 0xB4, 0xD7, 0xFC, 0xD0, 0xB7, 0x4C, 0x63, 0x8D, 0xEE, 0x9E, 0xC6, 0x97, 0x7C, 0x34, 0x81, 0x26, 0xC4, 0xB5, 0x35, 0xAF, 0x7F, 0xC7, 0x76, 0xC1, 0x0B, 0x1D, 0xC4, 0x2D, 0x06, 0xB0, 0xBD +Ciphertext: 0x49, 0x01, 0xFA, 0x73, 0xAC, 0xE6, 0x0A, 0x89, 0xE3, 0xFE, 0x12, 0x81, 0x01, 0xA1, 0x9B, 0x8D, 0x67, 0x08, 0x23, 0x52, 0x01, 0xC0, 0x7B, 0xD9, 0x48, 0x15, 0x76, 0xAA, 0x61, 0xAE, 0x59, 0x90 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 128-bit key +Key: 0x69, 0x1C, 0x4C, 0x90, 0x36, 0x1D, 0x4F, 0xB5, 0x81, 0x53, 0xAE, 0xDC, 0x87, 0x12, 0x38, 0x23 +IV: 0x3D, 0x90, 0x1F, 0x8B, 0xEF, 0xF7, 0xB4, 0xAD, 0x27, 0xB9, 0x72, 0xA9, 0xD0, 0x24, 0x3E, 0x60 +Plaintext: 0x9B, 0x36, 0xED, 0xE3, 0xA2, 0xB2, 0x07, 0x2A, 0x4C, 0x73, 0xCA, 0x0A, 0x70, 0x01, 0x72, 0x61, 0xBD, 0x62, 0xB8, 0x94, 0x59, 0x33, 0x99, 0x3B, 0xC8, 0xF7, 0x58, 0x1A, 0x10, 0xAE, 0xC6, 0x54, 0x1A, 0xAA, 0xC1, 0xDB, 0x5C, 0x9E, 0xFB, 0x2B, 0xB5, 0xF8, 0xFD, 0x38, 0x98, 0x70, 0x6B, 0xA4 +Ciphertext: 0xA7, 0xF2, 0xAE, 0x1E, 0x83, 0x0A, 0x33, 0x02, 0xC0, 0x62, 0xCF, 0x51, 0x64, 0x6C, 0xE7, 0x60, 0x56, 0xE6, 0xB0, 0x56, 0x15, 0xEB, 0xA8, 0xDE, 0x9E, 0x53, 0x31, 0xAC, 0x65, 0x37, 0x18, 0xB3, 0x1C, 0x6F, 0x65, 0xA6, 0x26, 0xC0, 0x99, 0x25, 0x28, 0x35, 0x4F, 0x65, 0x1A, 0x98, 0x75, 0x1C +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 128-bit key +Key: 0x6D, 0xE1, 0x89, 0x36, 0x34, 0x58, 0xFE, 0x88, 0x6C, 0x6B, 0xD8, 0xFF, 0x33, 0xCD, 0xD1, 0x00 +IV: 0xAE, 0x1F, 0xD0, 0x61, 0xAB, 0x08, 0xB3, 0x1E, 0x85, 0x87, 0x4C, 0x4E, 0x48, 0x88, 0xA9, 0x55 +Plaintext: 0x16, 0xB6, 0x99, 0x5A, 0xCA, 0x91, 0x6B, 0xFC, 0xDA, 0xC0, 0xF9, 0x40, 0x82, 0xA8, 0xE6, 0xCE, 0x1F, 0x3D, 0x23, 0x5E, 0xD9, 0x18, 0xB8, 0x6D, 0x84, 0xCB, 0xC1, 0x34, 0xC8, 0x71, 0xB6, 0xDA, 0x80, 0x89, 0xF0, 0xE9, 0x61, 0x04, 0x69, 0xFF, 0xDC, 0x9C, 0xC4, 0xC6, 0x45, 0x68, 0x8D, 0x25, 0x34, 0xAD, 0xC1, 0xB8, 0x2C, 0xF8, 0x91, 0x7E, 0x7A, 0x69, 0x63, 0xD2, 0x60, 0x52, 0x1A, 0x9D +Ciphertext: 0x5C, 0xEE, 0xB0, 0x3D, 0xEF, 0x2A, 0x0E, 0x10, 0xF5, 0xBF, 0xFF, 0x50, 0x5E, 0xA9, 0xC1, 0x10, 0xB0, 0x2E, 0x4A, 0x55, 0x67, 0xA5, 0x72, 0xFB, 0x74, 0xB3, 0x63, 0x4A, 0x3D, 0xC7, 0xD3, 0xD2, 0xA7, 0x00, 0xD2, 0x54, 0x41, 0x3A, 0x9C, 0xCD, 0x41, 0x0B, 0x70, 0x73, 0xB2, 0x26, 0x19, 0xF4, 0x52, 0x0E, 0x45, 0xEB, 0x25, 0x96, 0x75, 0x82, 0xB8, 0xD5, 0x12, 0xC0, 0x3E, 0x36, 0x81, 0x4D +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 128-bit key +Key: 0x73, 0x01, 0x97, 0xC9, 0x42, 0xD9, 0x7F, 0xF9, 0x38, 0xA8, 0x3F, 0x77, 0xC4, 0x34, 0x4E, 0x6D +IV: 0xB6, 0x17, 0xB2, 0x59, 0xED, 0xCD, 0xC6, 0xBB, 0x2F, 0x0C, 0x3A, 0x10, 0x58, 0x53, 0x5B, 0x04 +Plaintext: 0xB7, 0xC6, 0x95, 0xE4, 0xB5, 0x39, 0x36, 0x52, 0xB7, 0x8B, 0x74, 0x3C, 0x46, 0x35, 0xB2, 0x0F, 0x6E, 0x22, 0xFF, 0x27, 0x63, 0xC2, 0xE0, 0x8B, 0x6B, 0x5A, 0x4F, 0xD7, 0xF7, 0x9E, 0x03, 0x79, 0x13, 0x81, 0xF2, 0x20, 0x01, 0x4C, 0x15, 0x72, 0x21, 0xED, 0x6B, 0xFE, 0x15, 0x92, 0x40, 0x71, 0x21, 0x77, 0xAF, 0x0C, 0xD8, 0xFC, 0x66, 0x55, 0xF5, 0xFB, 0xA9, 0x0D, 0x87, 0x58, 0x9A, 0x63, 0x51, 0xDA, 0xB7, 0x67, 0x70, 0x39, 0xA4, 0xC1, 0x3E, 0x78, 0x2B, 0xA3, 0x77, 0x74, 0x81, 0xFC +Ciphertext: 0x7C, 0x96, 0xF9, 0x67, 0x5B, 0xE0, 0x38, 0x54, 0x70, 0x0D, 0xEA, 0xE5, 0x10, 0x06, 0xF4, 0xFC, 0xFC, 0x3A, 0xDA, 0x33, 0xBA, 0xE2, 0x0D, 0x4F, 0xF6, 0x13, 0xFA, 0x6B, 0xA8, 0x74, 0xB1, 0x75, 0xB7, 0xDE, 0x71, 0xDC, 0xF8, 0x7A, 0x18, 0x26, 0x7B, 0x57, 0x74, 0x10, 0xF0, 0xE8, 0xB9, 0xDF, 0x1E, 0x05, 0x37, 0xA5, 0x60, 0xE5, 0xD1, 0xEF, 0xFE, 0xC1, 0x10, 0x22, 0xCE, 0x60, 0x23, 0xB4, 0x98, 0x5C, 0x9D, 0x8D, 0xA2, 0x07, 0x33, 0x70, 0x7C, 0xE7, 0x6A, 0x42, 0x35, 0x82, 0xAF, 0x23 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 128-bit key +Key: 0x9A, 0xBE, 0xCA, 0xEF, 0x92, 0xA6, 0xE0, 0x83, 0x96, 0x98, 0x50, 0x9C, 0x4E, 0xAC, 0xA6, 0x2A +IV: 0x37, 0x78, 0xEB, 0xA0, 0x48, 0x29, 0x6B, 0xA8, 0xD6, 0xD2, 0xBC, 0x14, 0xB5, 0x03, 0xFB, 0x18 +Plaintext: 0xA0, 0x9E, 0x59, 0xB7, 0xDA, 0xE6, 0xD6, 0x7C, 0x16, 0xD9, 0x4D, 0x6A, 0x95, 0xC0, 0xB1, 0x35, 0x8E, 0x04, 0x96, 0xB3, 0xD2, 0x43, 0xF3, 0x8D, 0xB0, 0xA3, 0x26, 0x3A, 0x16, 0x66, 0x38, 0x2E, 0xFA, 0xBF, 0x63, 0x4E, 0xF8, 0xE4, 0xD1, 0xA8, 0x3D, 0x65, 0xA7, 0x61, 0xA3, 0xBC, 0x42, 0xEE, 0x1D, 0x25, 0xC0, 0x87, 0x56, 0xB0, 0xC3, 0xD9, 0x95, 0x94, 0x71, 0xFC, 0xE4, 0xC6, 0xC0, 0xA4, 0x71, 0xCA, 0xF0, 0x9B, 0x34, 0xCA, 0x59, 0x6F, 0xD2, 0xE5, 0x66, 0x68, 0xC2, 0xC9, 0xE2, 0xBC, 0xAE, 0x84, 0x72, 0x06, 0x1C, 0x97, 0x63, 0xF5, 0x4D, 0x4C, 0xA6, 0x41, 0x65, 0x4A, 0x19, 0xE4 +Ciphertext: 0xB4, 0x9F, 0xF2, 0xE4, 0xFD, 0x72, 0x45, 0xF8, 0xF1, 0x5A, 0xA3, 0x3C, 0xBB, 0x49, 0xA6, 0x2A, 0x26, 0x02, 0xB8, 0x44, 0xB8, 0xED, 0x56, 0x8D, 0x82, 0x1B, 0x30, 0xA1, 0xD4, 0xA0, 0x10, 0x63, 0x66, 0xA2, 0x72, 0xB7, 0xCF, 0x19, 0xD6, 0x35, 0x13, 0x39, 0x66, 0x35, 0x77, 0x61, 0x29, 0x86, 0x06, 0x5F, 0x13, 0xB1, 0x4A, 0x30, 0x97, 0x3E, 0x9B, 0xA1, 0xAD, 0xB9, 0x57, 0x8D, 0x18, 0x1D, 0xC8, 0x4E, 0x59, 0xBC, 0x45, 0xC9, 0xD9, 0x15, 0x81, 0x1B, 0xDF, 0x9E, 0x08, 0x5C, 0xF8, 0x16, 0x1C, 0xA7, 0x6F, 0x1D, 0x66, 0x19, 0x51, 0x2C, 0xD8, 0x99, 0xD3, 0x9B, 0xC3, 0x7E, 0x43, 0xF4 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 128-bit key +Key: 0xCD, 0x67, 0x09, 0x86, 0xD6, 0xBD, 0xF4, 0x39, 0x9F, 0x00, 0x93, 0x66, 0x38, 0x0F, 0x17, 0x07 +IV: 0x07, 0xC8, 0xB4, 0x17, 0x6B, 0x21, 0x5C, 0x47, 0xA0, 0x74, 0xCD, 0xF3, 0xE3, 0x1B, 0xCD, 0x54 +Plaintext: 0xD6, 0x3D, 0xB4, 0xF7, 0x25, 0xE7, 0x2C, 0x6E, 0x6A, 0x5F, 0x35, 0x45, 0x4E, 0xB5, 0x6C, 0x38, 0xF1, 0x9A, 0x8C, 0xA2, 0x8D, 0x75, 0x35, 0x39, 0x56, 0xB4, 0xEC, 0xF9, 0xA4, 0x60, 0x64, 0x5E, 0x53, 0xF5, 0xFB, 0xD6, 0x6A, 0x70, 0x88, 0x76, 0xFC, 0xA9, 0x54, 0xEC, 0x4C, 0xE3, 0x66, 0xB5, 0x34, 0xA2, 0x04, 0x90, 0xC8, 0xBD, 0x76, 0x32, 0x36, 0xB3, 0x0D, 0x3B, 0xF1, 0x42, 0x64, 0x69, 0x0E, 0x36, 0xE6, 0x0B, 0xEE, 0x80, 0x90, 0xB9, 0x1D, 0x87, 0xF8, 0x43, 0x7A, 0xC3, 0x8F, 0xE7, 0x98, 0x87, 0x23, 0xC7, 0x65, 0x1E, 0xA8, 0x9A, 0x09, 0x1A, 0x37, 0xA1, 0x11, 0xE9, 0x57, 0xDC, 0xCD, 0xA9, 0x7C, 0x7F, 0xF6, 0x3D, 0xCD, 0xA0, 0x94, 0xA1, 0x2A, 0x32, 0x1F, 0x7A, 0x6E, 0x36 +Ciphertext: 0x27, 0xEF, 0xDD, 0xE7, 0xCD, 0xE3, 0xCA, 0xAD, 0xFB, 0xFF, 0xC7, 0x47, 0x3F, 0x7A, 0x47, 0x3C, 0x84, 0x4C, 0xAA, 0xF6, 0x8B, 0x66, 0x71, 0xBF, 0x91, 0xB8, 0x40, 0xB7, 0x31, 0x6D, 0x4C, 0xBF, 0x80, 0x88, 0xBB, 0x83, 0x4C, 0xE0, 0xCF, 0x9B, 0x02, 0xF5, 0x9E, 0xFC, 0x78, 0xD2, 0xCD, 0xE5, 0xEE, 0xEA, 0x45, 0x52, 0x39, 0x8E, 0x0B, 0xF0, 0xA8, 0x63, 0x0B, 0xF5, 0xC6, 0xEB, 0x0A, 0xCC, 0xF8, 0x61, 0x72, 0xBA, 0x0C, 0x40, 0xBF, 0x59, 0xD5, 0x3E, 0x9D, 0xA3, 0xEA, 0xD5, 0x6D, 0xE2, 0xC0, 0x6C, 0x4D, 0xC8, 0x3F, 0xC4, 0xE1, 0x99, 0x28, 0x3A, 0xC0, 0x83, 0x57, 0xFB, 0xD9, 0xB1, 0x3A, 0x5B, 0x1F, 0x96, 0x16, 0x4D, 0xA1, 0x3A, 0x18, 0x47, 0x90, 0x9D, 0xED, 0x86, 0x19, 0xB5 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 128-bit key +Key: 0xE5, 0xF2, 0xF1, 0x30, 0xAB, 0xC2, 0x52, 0xD8, 0x97, 0x90, 0x73, 0x13, 0x4E, 0x7C, 0xC4, 0x21 +IV: 0x59, 0xF6, 0xC5, 0x18, 0xCD, 0xD2, 0xC6, 0x91, 0x2B, 0x9E, 0xF1, 0xA1, 0x85, 0x33, 0x8B, 0x0B +Plaintext: 0xE2, 0x8A, 0x77, 0xB3, 0xE4, 0xD1, 0xFC, 0x56, 0xA8, 0xBE, 0xC8, 0x79, 0xEE, 0x24, 0x34, 0x9F, 0x7A, 0xC4, 0xC9, 0xBF, 0xBA, 0x65, 0x03, 0xF5, 0xA8, 0x27, 0x56, 0x78, 0xF2, 0x14, 0x6F, 0xCC, 0x58, 0xF8, 0xBC, 0x39, 0x56, 0x72, 0x2E, 0x7B, 0x04, 0x4C, 0x3E, 0xBB, 0x3A, 0x08, 0x2E, 0xBE, 0xF7, 0xBB, 0x91, 0x5D, 0x04, 0x1F, 0x0D, 0x35, 0xD4, 0xE3, 0x60, 0x9F, 0xAF, 0x45, 0xA1, 0xE3, 0x10, 0xE3, 0xC8, 0xA8, 0x4B, 0xCE, 0x71, 0xAF, 0x72, 0xE1, 0xDD, 0xC1, 0x7A, 0x51, 0x3A, 0xE6, 0x9A, 0x84, 0x24, 0xD8, 0xF4, 0x27, 0x6B, 0xB7, 0x77, 0x7B, 0x17, 0xFE, 0x04, 0xEF, 0xA9, 0xB6, 0xCF, 0xF4, 0xA4, 0xEA, 0x09, 0x0D, 0x4C, 0x5A, 0xBC, 0x25, 0xAE, 0x73, 0xF6, 0x26, 0xE0, 0x7F, 0x29, 0xC7, 0x8A, 0x1A, 0xD2, 0xA6, 0xA5, 0xE5, 0x59, 0x96, 0x83, 0x7E, 0x38, 0x3A, 0x10, 0xAF +Ciphertext: 0x4D, 0x60, 0x9C, 0xA3, 0x53, 0xB7, 0xD3, 0x4F, 0x19, 0xAF, 0xB6, 0x80, 0xD6, 0x58, 0xFF, 0x89, 0x49, 0x04, 0xCD, 0x88, 0x17, 0x3B, 0x96, 0xB3, 0xFA, 0x29, 0xA8, 0x99, 0x76, 0x6B, 0x80, 0x47, 0x19, 0x01, 0xCD, 0x80, 0x3E, 0xF3, 0xF2, 0xAB, 0x92, 0x4B, 0x97, 0x2E, 0xFC, 0xB3, 0x4D, 0xBF, 0x82, 0x7C, 0xD7, 0x3D, 0xF5, 0x8F, 0x10, 0x2F, 0x91, 0x6A, 0x13, 0xE0, 0xD4, 0xBE, 0x0D, 0x76, 0x48, 0x50, 0xE2, 0x5C, 0xDF, 0x3A, 0xC7, 0xFF, 0x7D, 0xBF, 0xED, 0x0B, 0xFA, 0xA9, 0xF7, 0x1D, 0x99, 0x45, 0xFA, 0x66, 0xA1, 0x4F, 0x99, 0x76, 0x71, 0x7E, 0x45, 0xB5, 0x24, 0x8D, 0xF3, 0x77, 0xC0, 0xD9, 0x8B, 0xFD, 0xC6, 0x3A, 0xBE, 0x28, 0x59, 0xBA, 0x40, 0xFA, 0x91, 0x9C, 0x59, 0xCD, 0xD5, 0x12, 0x73, 0xF8, 0x85, 0x78, 0xA3, 0xD9, 0x76, 0x4D, 0xE2, 0x18, 0xED, 0xE3, 0x3E, 0xD8 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 128-bit key +Key: 0x60, 0xD3, 0x57, 0xE5, 0xD8, 0x56, 0x48, 0xE4, 0xA8, 0xC2, 0xB8, 0xBA, 0xF5, 0xB0, 0xA9, 0xF1 +IV: 0x6D, 0x2B, 0xCC, 0x09, 0xE6, 0xC3, 0x44, 0x26, 0x41, 0xDD, 0xAD, 0x05, 0x95, 0x4D, 0x5D, 0x34 +Plaintext: 0x8A, 0x27, 0xE9, 0x83, 0x02, 0xD1, 0xEB, 0xB6, 0xFF, 0x5D, 0x03, 0x7C, 0xC1, 0x16, 0x1C, 0xA5, 0x2E, 0x59, 0xF1, 0x8F, 0x77, 0xA7, 0xCF, 0xE1, 0xF9, 0xF7, 0x9C, 0x7C, 0x61, 0x51, 0x18, 0xAF, 0x14, 0x98, 0x63, 0xAA, 0xCE, 0xA8, 0xC0, 0x36, 0x88, 0xA1, 0x98, 0xA3, 0xA0, 0x81, 0xC2, 0x01, 0x34, 0xF9, 0x01, 0x93, 0xCE, 0x79, 0xCE, 0x80, 0x47, 0x8E, 0x58, 0xCC, 0xE5, 0x6D, 0xCA, 0x87, 0xC7, 0xD0, 0xCC, 0x44, 0x83, 0x00, 0x4C, 0xCD, 0x0D, 0x33, 0x7E, 0x15, 0xDB, 0x19, 0x21, 0x6E, 0x46, 0xB2, 0x05, 0xFC, 0x34, 0x62, 0xCA, 0x6A, 0xF4, 0x47, 0xEA, 0xDB, 0x69, 0xCA, 0xFA, 0x24, 0x6B, 0x74, 0x2C, 0x38, 0x6A, 0x04, 0x19, 0xE3, 0x54, 0xBE, 0xBD, 0xBC, 0xB9, 0x05, 0xC3, 0x55, 0x2E, 0x2C, 0x03, 0xB4, 0xEF, 0x8A, 0x4A, 0x07, 0xC8, 0xCC, 0x59, 0x93, 0x35, 0x8F, 0x30, 0xEE, 0xC8, 0x2F, 0x8C, 0x6E, 0xCB, 0xD9, 0xAE, 0xE1, 0x27, 0xE8, 0x5E, 0x7E, 0x84, 0x6E, 0x30, 0x1C +Ciphertext: 0xCB, 0x12, 0xCF, 0x19, 0xB5, 0xD4, 0x34, 0xDA, 0x62, 0xFB, 0x58, 0x6B, 0xF8, 0x92, 0x52, 0x2B, 0xE8, 0xEB, 0xBA, 0x69, 0xAE, 0xA2, 0x20, 0x9B, 0xBC, 0xA8, 0x72, 0x09, 0xA8, 0x48, 0x73, 0x67, 0xAC, 0x52, 0x6B, 0xEC, 0x97, 0xA8, 0x37, 0x7A, 0xBB, 0x0E, 0x5F, 0x35, 0x0A, 0x57, 0x8D, 0x29, 0x2B, 0xF5, 0xCD, 0x3A, 0x17, 0x28, 0x16, 0xF5, 0x57, 0x8B, 0x71, 0xB0, 0xCE, 0x1E, 0xCD, 0xEB, 0x19, 0xDA, 0x2E, 0x13, 0xCD, 0xC4, 0xBC, 0x79, 0x05, 0xF5, 0x37, 0xD2, 0xEB, 0x04, 0x6A, 0x1B, 0xCC, 0x76, 0x31, 0x44, 0xF2, 0xD9, 0xFC, 0xAA, 0xF5, 0x9F, 0x4A, 0x74, 0xE7, 0xA1, 0x35, 0x81, 0x0D, 0x32, 0xB5, 0xD7, 0x21, 0x9B, 0xC8, 0x01, 0xB1, 0x9F, 0xBD, 0x90, 0xC0, 0xEC, 0x55, 0xA1, 0x84, 0x4A, 0x5A, 0x7C, 0xB3, 0xDD, 0xE2, 0xCF, 0x9A, 0x25, 0x96, 0x9A, 0xBC, 0x4A, 0xCC, 0x63, 0x06, 0x78, 0x9D, 0xAE, 0x2A, 0xD2, 0x6E, 0x9C, 0x93, 0x46, 0xB1, 0x1E, 0x85, 0x9F, 0x6C, 0x44 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 128-bit key +Key: 0xB2, 0x10, 0x06, 0xA2, 0x47, 0x18, 0xD6, 0xBF, 0x8A, 0xC5, 0xAD, 0xDB, 0x90, 0xE5, 0xF4, 0x4D +IV: 0xA5, 0xA6, 0xF3, 0xCE, 0xEE, 0xAA, 0x93, 0x2D, 0x4C, 0x59, 0x68, 0x45, 0x82, 0x7B, 0xEE, 0x2D +Plaintext: 0x9B, 0x06, 0x13, 0xAE, 0x86, 0x34, 0xF6, 0xFA, 0x04, 0xD9, 0xEF, 0x9A, 0xC4, 0xF4, 0xCF, 0xA9, 0xCB, 0x84, 0x69, 0x40, 0x1A, 0x9D, 0x51, 0x31, 0x8B, 0xBA, 0xE3, 0xF8, 0xFD, 0x55, 0x87, 0xEE, 0xB0, 0xB5, 0x34, 0xC0, 0xF2, 0x08, 0x33, 0x20, 0xFC, 0xB1, 0x26, 0xBA, 0x17, 0xE3, 0x48, 0x6A, 0x03, 0x6F, 0xF6, 0xAC, 0x98, 0xDA, 0x6F, 0x54, 0xAE, 0xB3, 0xD8, 0x7F, 0x3B, 0x23, 0x83, 0xC9, 0xBB, 0xC6, 0x70, 0xC0, 0xD5, 0xB9, 0x14, 0x99, 0x3B, 0xF5, 0x5A, 0x22, 0xD2, 0xDB, 0xE8, 0xF8, 0x13, 0x0F, 0xA3, 0xFA, 0xB1, 0x8A, 0x75, 0xFD, 0x7B, 0xEB, 0x4E, 0xC2, 0x85, 0x0E, 0x68, 0x25, 0x82, 0xE0, 0xD0, 0x96, 0x75, 0x72, 0x22, 0xCD, 0x89, 0x4C, 0x93, 0xBA, 0x3C, 0x03, 0x35, 0xBB, 0xC3, 0x0E, 0x77, 0x12, 0xAA, 0xD5, 0xEB, 0x96, 0xBC, 0x0B, 0x4D, 0xA8, 0x22, 0x3E, 0xC0, 0x69, 0xCF, 0xAC, 0x5A, 0x2B, 0x1B, 0x59, 0xE3, 0x25, 0xAD, 0x5E, 0xDA, 0x6A, 0x9F, 0x84, 0xB9, 0x1C, 0xDD, 0x11, 0x7B, 0xDC, 0xCE, 0xE2, 0x5A, 0x86, 0x37, 0xBA, 0xDD, 0x1B, 0x5C, 0xDA, 0x12, 0xFF +Ciphertext: 0xB2, 0x25, 0x29, 0xEC, 0xC4, 0x7D, 0x73, 0xCA, 0x8C, 0xF2, 0x05, 0xBE, 0x8E, 0x88, 0x94, 0x77, 0xD0, 0x2F, 0xB6, 0x5C, 0x99, 0x23, 0x64, 0x2F, 0x67, 0x4F, 0xAF, 0x76, 0x69, 0x82, 0x6C, 0x97, 0x8F, 0xB4, 0x8A, 0xC7, 0xDD, 0x1B, 0xBE, 0x01, 0x35, 0x07, 0xDF, 0xB9, 0x0F, 0x0D, 0x6B, 0xAB, 0x59, 0x8F, 0xDD, 0x34, 0xC6, 0x93, 0xB1, 0x66, 0x13, 0xF2, 0xB4, 0x78, 0xC0, 0x1D, 0xFF, 0xC4, 0xB7, 0x0B, 0x44, 0x85, 0xBB, 0x93, 0x43, 0x0E, 0x40, 0xE6, 0xBC, 0x0E, 0xBB, 0xF3, 0x53, 0xCE, 0xE5, 0x1B, 0x92, 0xD6, 0xB4, 0xA0, 0x10, 0xF0, 0x4B, 0x1F, 0xBE, 0x7C, 0x2F, 0x4F, 0x6F, 0x24, 0x69, 0xA2, 0xE4, 0x4B, 0xAD, 0x79, 0x68, 0xF7, 0xF9, 0x23, 0xB8, 0x31, 0x6C, 0x21, 0xFD, 0xF8, 0x47, 0xE5, 0x34, 0x0E, 0x10, 0x95, 0x20, 0x9B, 0xFA, 0xA9, 0x1E, 0xA7, 0x0A, 0x5A, 0xC6, 0x3A, 0x39, 0x39, 0xF9, 0x92, 0xED, 0xE2, 0x4E, 0x8D, 0xBA, 0x21, 0x24, 0x50, 0x88, 0x80, 0x89, 0x8A, 0xD3, 0x20, 0x87, 0x0F, 0x74, 0x7D, 0x5C, 0xE6, 0xC7, 0x75, 0xE5, 0xCF, 0xF7, 0xC4, 0x2D, 0xCA}} +Test: Encrypt +# +# +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 192-bit key +Key: 0x68, 0xD2, 0x18, 0x65, 0x0E, 0x96, 0xE1, 0x07, 0x71, 0xD4, 0x36, 0x1A, 0x41, 0x85, 0xFC, 0x81, 0x27, 0xC3, 0xB5, 0x41, 0x64, 0xDA, 0x4A, 0x35 +IV: 0xB5, 0xA1, 0x07, 0x03, 0x79, 0x0B, 0xE7, 0x4E, 0x15, 0xF9, 0x12, 0x2D, 0x98, 0x52, 0xA4, 0xDC +Plaintext: 0x9B, 0x56, 0xB0, 0xB2, 0x6C, 0x2F, 0x85, 0x53, 0x6B, 0xC9, 0x2F, 0x27, 0xB3, 0xE4, 0x41, 0x0B +Ciphertext: 0x72, 0x86, 0x6A, 0xA8, 0xE3, 0xF1, 0xA4, 0x44, 0x96, 0x18, 0xC8, 0xCF, 0x62, 0x3D, 0x9B, 0xBE +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 192-bit key +Key: 0xFD, 0x68, 0xD2, 0x46, 0xC2, 0xF8, 0xC6, 0xBE, 0xA0, 0xC9, 0x4F, 0x6C, 0xFF, 0xB5, 0xB2, 0x0D, 0xF4, 0x8B, 0x4F, 0x1A, 0x66, 0xAA, 0xDC, 0xFB +IV: 0x6F, 0xCE, 0xF1, 0x78, 0x04, 0x29, 0xC9, 0x70, 0xD9, 0xB6, 0x47, 0xCD, 0x7F, 0xCA, 0x37, 0xB7 +Plaintext: 0xCF, 0xEC, 0xD7, 0x08, 0x8C, 0xE6, 0x95, 0x00, 0x44, 0x1C, 0x1B, 0x3B, 0x77, 0x1D, 0x89, 0xDF, 0xFC, 0x78, 0x01, 0x1A, 0x9F, 0xD1, 0x69, 0xCC, 0x0F, 0x33, 0x6C, 0x80, 0xF8, 0xA8, 0xC2, 0xA1 +Ciphertext: 0x35, 0x8F, 0xF4, 0x28, 0x33, 0x52, 0x60, 0x81, 0xBB, 0xAC, 0x7C, 0x5A, 0x84, 0xD1, 0xE2, 0x07, 0x2F, 0xEE, 0x96, 0xD5, 0x4A, 0xEE, 0x31, 0x1F, 0xC5, 0xB2, 0x51, 0xA8, 0xC8, 0xE6, 0x4C, 0xED +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 192-bit key +Key: 0x6C, 0x07, 0xB2, 0xEB, 0x87, 0x0E, 0xD5, 0x1F, 0x53, 0xB0, 0x1C, 0xFB, 0xE9, 0xB0, 0x14, 0x69, 0xD9, 0x6F, 0x69, 0xF7, 0xCC, 0x03, 0xAA, 0x87 +IV: 0x68, 0x88, 0x4B, 0x47, 0x74, 0xBB, 0xF0, 0xE4, 0x3D, 0xC5, 0xE9, 0xFB, 0x38, 0x54, 0xF8, 0xD1 +Plaintext: 0xE8, 0xF0, 0x5B, 0x43, 0x02, 0x8D, 0x06, 0x00, 0xD0, 0x5C, 0x31, 0xF5, 0xD3, 0xE7, 0x12, 0x09, 0xAC, 0x5D, 0xEC, 0x0B, 0x3D, 0x2A, 0x48, 0xE8, 0x0B, 0xCB, 0x82, 0x22, 0xE6, 0xE1, 0x88, 0x7D, 0xCD, 0x84, 0xDF, 0xFC, 0x0C, 0xD9, 0xE7, 0x0B, 0xA7, 0xE7, 0x5F, 0xFE, 0xFB, 0xA6, 0x2B, 0xBA +Ciphertext: 0x3E, 0x7B, 0x2C, 0x78, 0x61, 0x84, 0x84, 0xA7, 0x25, 0x82, 0x70, 0x87, 0xBE, 0x67, 0x79, 0x46, 0x99, 0x17, 0x9E, 0xD0, 0xA9, 0xB1, 0xDC, 0x80, 0xA9, 0xCB, 0x42, 0x5C, 0x15, 0xD5, 0x94, 0xBA, 0xC3, 0xB3, 0xF4, 0x1F, 0xEC, 0x94, 0x73, 0x60, 0x63, 0x6E, 0x4A, 0xA9, 0xEC, 0xFB, 0xA1, 0x7B +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 192-bit key +Key: 0xA3, 0x59, 0x55, 0xB2, 0x99, 0x1E, 0x53, 0x16, 0x9D, 0xC4, 0x88, 0x46, 0xDB, 0xDC, 0x0D, 0x8D, 0xC8, 0x13, 0xB0, 0x0C, 0x4D, 0xBF, 0x3D, 0xF4 +IV: 0x27, 0xB7, 0xFD, 0xF9, 0x8E, 0x68, 0x7D, 0x03, 0x14, 0x25, 0x90, 0x26, 0xD1, 0xBF, 0x97, 0xD4 +Plaintext: 0xBD, 0x56, 0x00, 0x51, 0x5D, 0x6E, 0x0D, 0x68, 0xA2, 0x45, 0xD7, 0x5D, 0x0E, 0x65, 0x92, 0x22, 0x18, 0x75, 0x12, 0xCD, 0xD2, 0x54, 0x8E, 0x4A, 0xC9, 0x69, 0xA5, 0x4D, 0x2C, 0x34, 0x9E, 0x8B, 0x31, 0x29, 0xF4, 0x2A, 0xB5, 0xBF, 0x12, 0x76, 0x23, 0xC4, 0x5B, 0xD5, 0x96, 0xF3, 0x6D, 0xFD, 0x42, 0xC8, 0xA7, 0x64, 0x10, 0x93, 0xE9, 0xF8, 0x88, 0xCC, 0x9A, 0x11, 0xF4, 0xA6, 0xF0, 0xA4 +Ciphertext: 0xC5, 0x7D, 0x22, 0x65, 0xAB, 0x4E, 0xE3, 0xE2, 0x31, 0x71, 0x63, 0x1D, 0x19, 0x39, 0x62, 0xDB, 0x25, 0x62, 0x8A, 0xA9, 0x77, 0xD4, 0x86, 0x92, 0xA5, 0xCA, 0x54, 0x8F, 0x47, 0x84, 0x39, 0x04, 0x43, 0x44, 0xE8, 0xAC, 0x01, 0xD2, 0x36, 0x08, 0x0F, 0x22, 0x10, 0x0F, 0x2E, 0xAC, 0x41, 0x9C, 0x84, 0xEE, 0xA1, 0x0F, 0xAA, 0x42, 0x08, 0xEA, 0x2B, 0xD0, 0x21, 0x22, 0x6B, 0xBA, 0xEC, 0xDF +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 192-bit key +Key: 0xC2, 0xE6, 0x6B, 0xB9, 0x2B, 0xF6, 0xA3, 0x1F, 0x12, 0x35, 0x44, 0x5E, 0x2F, 0x92, 0x57, 0xED, 0x6C, 0x59, 0xC3, 0xA5, 0x8F, 0x4C, 0x13, 0x76 +IV: 0x1A, 0xF6, 0x79, 0x59, 0x6F, 0x3C, 0x13, 0x85, 0x38, 0x35, 0x6E, 0xE6, 0x06, 0x3C, 0x49, 0xCB +Plaintext: 0x38, 0x43, 0x9B, 0xDF, 0x1F, 0x6A, 0xD7, 0x5A, 0x60, 0xD0, 0x6E, 0x78, 0x99, 0xA8, 0x95, 0x2B, 0x47, 0x90, 0x4A, 0x0C, 0xE7, 0x1F, 0x91, 0x98, 0x5B, 0xBD, 0x04, 0x99, 0x90, 0xB8, 0x8A, 0xE2, 0x5E, 0x94, 0x67, 0x3F, 0xAF, 0xA2, 0x75, 0xAC, 0xE4, 0xD4, 0xB0, 0xC5, 0x74, 0xCF, 0xF8, 0x7E, 0xD6, 0x42, 0x13, 0x14, 0xA2, 0x76, 0xF2, 0x44, 0xF3, 0x27, 0x35, 0xBA, 0x0F, 0x93, 0xF1, 0xCC, 0x4A, 0xD0, 0xB0, 0x68, 0x27, 0x62, 0xB9, 0x4B, 0xC1, 0x0D, 0x92, 0x74, 0x69, 0xE8, 0xC4, 0xD9 +Ciphertext: 0x96, 0xBE, 0x15, 0xC3, 0xB8, 0xD1, 0x47, 0x3B, 0x4A, 0x3C, 0xB8, 0xF5, 0x25, 0x83, 0xB1, 0xAD, 0x80, 0x4F, 0xE4, 0x6D, 0xC1, 0x43, 0xFD, 0x26, 0xC3, 0x8C, 0x4B, 0x01, 0x9C, 0x10, 0xD6, 0x0F, 0x68, 0x15, 0x82, 0x50, 0x95, 0x32, 0xE5, 0x86, 0xCC, 0x23, 0x71, 0x8B, 0x7B, 0xD7, 0x50, 0x45, 0xD5, 0x77, 0xF8, 0xE7, 0x78, 0xCA, 0x4B, 0xF0, 0x27, 0x8E, 0xB2, 0x5A, 0xB7, 0xCD, 0x67, 0x08, 0x00, 0xC5, 0xEC, 0x88, 0x32, 0xFE, 0x91, 0xB8, 0x4E, 0x56, 0xAB, 0x58, 0xDE, 0xE8, 0x49, 0xA8 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 192-bit key +Key: 0x91, 0xB3, 0xDE, 0x58, 0xE9, 0x6A, 0xBC, 0xF0, 0xC7, 0x1A, 0x09, 0x31, 0xCC, 0xF4, 0x03, 0xF1, 0xC5, 0xA0, 0x7E, 0x41, 0xCF, 0xD4, 0x2C, 0xA0 +IV: 0xBF, 0x24, 0x1B, 0x6E, 0xC0, 0x1C, 0x7F, 0xA3, 0x3E, 0x8C, 0xB2, 0xC0, 0x03, 0x23, 0x79, 0x06 +Plaintext: 0xA0, 0x3F, 0x89, 0xE6, 0x0F, 0x04, 0x4A, 0xBA, 0x96, 0xAC, 0xDA, 0xB2, 0xEE, 0x1D, 0x55, 0x11, 0xA5, 0xC1, 0x54, 0x99, 0xC1, 0x92, 0xB3, 0x43, 0xA6, 0x74, 0x98, 0x34, 0x3A, 0xC8, 0xB0, 0xED, 0x46, 0x3E, 0xBC, 0xC2, 0x20, 0xEA, 0x4D, 0x8D, 0x87, 0x9B, 0xCB, 0xA3, 0xCE, 0x68, 0xBC, 0x07, 0x3D, 0x8B, 0x43, 0xDE, 0xB4, 0x73, 0xE7, 0x23, 0x91, 0x14, 0x96, 0x9C, 0xD4, 0x82, 0xEA, 0x0D, 0x81, 0xBE, 0xAB, 0xAB, 0x46, 0xCF, 0x94, 0xD3, 0x5E, 0x15, 0x5A, 0xFC, 0xB5, 0xDB, 0xEA, 0xEB, 0x4D, 0x2B, 0xF2, 0x26, 0xE0, 0xE6, 0xA4, 0xAA, 0xC7, 0x14, 0xB7, 0xE0, 0x1A, 0x78, 0xAE, 0xCE +Ciphertext: 0xD1, 0x38, 0x58, 0xA3, 0xE9, 0x6A, 0xF4, 0xB8, 0x40, 0xB7, 0x46, 0x41, 0x87, 0x30, 0x5F, 0x6B, 0x41, 0x32, 0xE1, 0xCE, 0x76, 0x22, 0x39, 0xC0, 0x04, 0xA8, 0x9D, 0xBE, 0xA6, 0xD4, 0xB0, 0x72, 0x0D, 0x8F, 0x4B, 0xF4, 0x52, 0xFF, 0x3C, 0x87, 0xFC, 0xD2, 0xCA, 0x93, 0x2A, 0xC5, 0x75, 0xD7, 0x66, 0x3B, 0xF9, 0x2D, 0x73, 0x54, 0x14, 0x43, 0xE7, 0x7B, 0x08, 0xDC, 0x05, 0x77, 0xFC, 0x8C, 0x2A, 0xE6, 0x23, 0x61, 0x38, 0x96, 0x9F, 0x6F, 0xF0, 0xC2, 0x5A, 0x90, 0xC5, 0x35, 0xF6, 0x01, 0x3E, 0x94, 0xD9, 0x7A, 0xC3, 0xD5, 0x53, 0x75, 0x95, 0x7C, 0x9F, 0xB9, 0x86, 0x94, 0x7F, 0x45 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 192-bit key +Key: 0x19, 0x67, 0x5C, 0x8A, 0xCA, 0xDB, 0xA8, 0xF5, 0xE4, 0xC4, 0x8E, 0xA5, 0xEC, 0x9E, 0x66, 0x23, 0x9E, 0x48, 0x69, 0x57, 0x8E, 0x14, 0x71, 0x40 +IV: 0x0F, 0x1B, 0x00, 0xE9, 0x54, 0xD3, 0x84, 0x98, 0xD5, 0xE3, 0xD9, 0x48, 0xF4, 0x35, 0x10, 0x59 +Plaintext: 0xE1, 0x4D, 0x6F, 0x87, 0xBB, 0xDA, 0xB8, 0x19, 0xF8, 0x8B, 0xAF, 0x5A, 0x06, 0x24, 0xD6, 0x4D, 0x32, 0xD1, 0x7B, 0x9D, 0xCA, 0xBA, 0xF4, 0xD3, 0x7E, 0xD7, 0x2A, 0xCB, 0x0C, 0x06, 0x54, 0x69, 0x1D, 0x5B, 0x05, 0x88, 0x69, 0xB7, 0x69, 0x33, 0x22, 0x9C, 0xCB, 0x18, 0x90, 0x3F, 0x5B, 0x39, 0xF9, 0xDF, 0x2F, 0xE5, 0xC3, 0x56, 0x87, 0xE7, 0xDC, 0xEE, 0x55, 0xFD, 0x5A, 0x75, 0xFD, 0x8C, 0x5F, 0x94, 0x59, 0x91, 0x40, 0x5C, 0x00, 0xDB, 0xE6, 0x22, 0xC8, 0x78, 0x74, 0x8D, 0x89, 0x6D, 0x29, 0xED, 0x24, 0xAA, 0x89, 0xCE, 0xC4, 0x3C, 0xB7, 0xCE, 0x64, 0xC5, 0x26, 0xAB, 0x92, 0x29, 0x70, 0xA0, 0x72, 0x8B, 0x86, 0xF2, 0x05, 0x78, 0x0A, 0xC6, 0xAB, 0x61, 0xF9, 0x35, 0xE7, 0x4F +Ciphertext: 0xB3, 0xC1, 0xD0, 0xD9, 0xAB, 0x14, 0xDA, 0xF5, 0xC4, 0x80, 0x52, 0xD1, 0x1A, 0x44, 0xEF, 0xB2, 0x52, 0x63, 0xE8, 0xA9, 0xEE, 0xCB, 0x9D, 0x40, 0x63, 0xBE, 0x44, 0x9D, 0x24, 0xDF, 0x26, 0x62, 0x78, 0x4E, 0x07, 0x34, 0x6D, 0x2D, 0xD7, 0x7D, 0x58, 0x15, 0xB2, 0xE1, 0x50, 0xEA, 0x90, 0xD5, 0xBB, 0x08, 0x10, 0x1F, 0x77, 0x31, 0xCC, 0xE1, 0xEC, 0xB1, 0xBE, 0x39, 0x92, 0x8D, 0x4B, 0xB6, 0x52, 0x11, 0x3D, 0x91, 0x07, 0x7A, 0x64, 0xC2, 0xE5, 0x8F, 0x58, 0x3B, 0x98, 0xBB, 0x7B, 0xF4, 0x3F, 0x38, 0xE2, 0xAA, 0x1B, 0x88, 0x69, 0x34, 0xCC, 0x61, 0x80, 0xB9, 0xF5, 0xB1, 0xBE, 0x8F, 0x20, 0x26, 0x62, 0x4F, 0x1F, 0xEE, 0x2D, 0x6E, 0x57, 0x6E, 0x33, 0xCB, 0x9F, 0xE3, 0xF9, 0x43 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 192-bit key +Key: 0x8D, 0xA2, 0x63, 0xD2, 0x62, 0x4B, 0x34, 0x3A, 0xD7, 0x1F, 0x5E, 0x0A, 0xB7, 0xD0, 0x9B, 0xAA, 0x19, 0x28, 0x58, 0x5C, 0x84, 0xA0, 0x01, 0x71 +IV: 0x57, 0x2F, 0x7E, 0xBD, 0x68, 0x60, 0xFE, 0x48, 0xEC, 0xA7, 0xF3, 0x46, 0x97, 0xF5, 0x5D, 0x4A +Plaintext: 0x04, 0x8A, 0x4C, 0xB6, 0x56, 0x0B, 0xA0, 0x76, 0x20, 0xD4, 0x14, 0xEE, 0x82, 0x8F, 0x7B, 0x30, 0x95, 0x05, 0x49, 0x73, 0x09, 0x35, 0x54, 0xC1, 0x0D, 0xA3, 0xDC, 0xEF, 0x6F, 0xF3, 0xC9, 0xD2, 0x05, 0xB6, 0x35, 0xB0, 0x4B, 0x84, 0x2A, 0xF5, 0x4D, 0x4B, 0xAD, 0x27, 0xC8, 0xE6, 0xFB, 0x1C, 0x8C, 0xF2, 0x12, 0x6B, 0x24, 0xDD, 0x73, 0x20, 0xB9, 0x3F, 0x27, 0xB4, 0x34, 0x6E, 0x00, 0x3C, 0xA3, 0x4D, 0x21, 0xE0, 0xDE, 0x64, 0xC0, 0x8F, 0x6A, 0x36, 0x2B, 0xF1, 0x9D, 0xCE, 0x09, 0x9D, 0x03, 0x9C, 0xE3, 0x8D, 0x01, 0x7F, 0xE3, 0xCE, 0xB8, 0x23, 0xDB, 0x7C, 0x2C, 0x8D, 0x88, 0xEE, 0xA6, 0xF4, 0x19, 0x2E, 0x57, 0xD3, 0xEB, 0xAC, 0x3D, 0x3C, 0x97, 0x33, 0x4B, 0x6F, 0x2E, 0x1B, 0xC4, 0xAB, 0xC3, 0xC1, 0xE8, 0x44, 0x2A, 0x34, 0xD2, 0xF6, 0x00, 0x31, 0xA1, 0x79, 0xEB, 0x52 +Ciphertext: 0x69, 0x29, 0xF6, 0x37, 0xDA, 0xC4, 0x24, 0x68, 0x11, 0x49, 0xEC, 0xDD, 0x87, 0x8F, 0xF8, 0x29, 0xF1, 0xEC, 0xEC, 0x64, 0xC1, 0x91, 0x80, 0x2A, 0x29, 0xF0, 0x5C, 0x8B, 0xA1, 0x90, 0xA5, 0x1F, 0x64, 0x30, 0xF2, 0xC8, 0xEE, 0xB7, 0x07, 0x39, 0xE7, 0x59, 0x05, 0x3F, 0x65, 0x15, 0x63, 0x93, 0xD9, 0x64, 0xAB, 0xAF, 0xAF, 0x55, 0x90, 0xA9, 0x40, 0x64, 0x6D, 0x5F, 0xF4, 0xEF, 0x9D, 0x9E, 0x60, 0x5F, 0x36, 0x82, 0xDF, 0x2E, 0xCF, 0x80, 0xA9, 0xF1, 0xC3, 0x7D, 0x7F, 0xC0, 0x30, 0xBF, 0x0D, 0xF2, 0xA0, 0x2E, 0x17, 0xE5, 0x05, 0x51, 0xE4, 0xA8, 0x81, 0x33, 0xCA, 0x63, 0x04, 0x44, 0xDA, 0xBD, 0x7D, 0x50, 0x05, 0xC0, 0x9F, 0xDA, 0x0D, 0x35, 0x20, 0x19, 0x57, 0x29, 0x0A, 0x78, 0x4A, 0x95, 0x80, 0x31, 0xBC, 0x83, 0xA7, 0x1D, 0x3F, 0xCB, 0x4F, 0xD8, 0x51, 0x20, 0xE0, 0xA7 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 192-bit key +Key: 0xD6, 0x55, 0x23, 0x82, 0xFD, 0xF8, 0x32, 0xB4, 0x90, 0x06, 0xF8, 0xD5, 0x18, 0xF0, 0xF1, 0xFE, 0x95, 0xC8, 0xBB, 0xEF, 0x20, 0x54, 0xD2, 0xB9 +IV: 0xCF, 0x61, 0x9F, 0xBA, 0xD9, 0x59, 0xB1, 0xCE, 0xFA, 0x18, 0x4A, 0xC4, 0x19, 0xFC, 0x1D, 0x0F +Plaintext: 0x29, 0x3B, 0x56, 0xBE, 0x4D, 0x7A, 0xDB, 0xAF, 0x3F, 0x9B, 0xD1, 0xFF, 0xF2, 0xD6, 0x63, 0xC4, 0x76, 0x0B, 0xBE, 0xFF, 0x1D, 0x56, 0x60, 0xCC, 0xDC, 0xE5, 0x93, 0xDC, 0xF3, 0x06, 0x34, 0x25, 0xD0, 0x84, 0xB9, 0xD8, 0x31, 0x34, 0x73, 0x94, 0x8A, 0xCB, 0x0F, 0xD9, 0xA6, 0xF2, 0x63, 0xBF, 0x90, 0x9D, 0x68, 0xE8, 0xB4, 0x98, 0x82, 0xB3, 0x42, 0x62, 0x08, 0xB2, 0xD3, 0x3F, 0x00, 0x5F, 0x4F, 0x89, 0x2A, 0x0A, 0x0E, 0x47, 0x41, 0x16, 0x3D, 0x01, 0x7D, 0x65, 0x84, 0xD2, 0x5C, 0x11, 0xE5, 0xBE, 0xA2, 0x5D, 0xE8, 0x46, 0x9E, 0xEB, 0xF5, 0x3A, 0xB0, 0x2F, 0x01, 0xCF, 0x08, 0x23, 0x6D, 0xF1, 0xB0, 0x3C, 0x2A, 0xDA, 0xCD, 0x9D, 0x22, 0xE4, 0x22, 0x8C, 0xD3, 0x9B, 0xD5, 0x22, 0x3D, 0x17, 0x76, 0x46, 0xFF, 0x89, 0x3D, 0xDC, 0xBD, 0x13, 0x93, 0x39, 0xC4, 0xDD, 0xD4, 0xDA, 0xF1, 0x65, 0x54, 0x56, 0xCF, 0x16, 0xA0, 0x92, 0xFF, 0x1D, 0x06, 0x34, 0xDD, 0x78, 0x57, 0x5A +Ciphertext: 0xC8, 0x30, 0x92, 0x15, 0x8B, 0xDE, 0x25, 0x1F, 0x59, 0xC8, 0x20, 0x7B, 0x8D, 0xC3, 0xFC, 0xDE, 0x34, 0xB1, 0x54, 0x6E, 0x20, 0xFE, 0x3E, 0x94, 0x2F, 0x9F, 0x0B, 0xAE, 0x74, 0x5F, 0x54, 0xB1, 0x42, 0x6F, 0x0F, 0xEE, 0xD7, 0x60, 0x5A, 0x78, 0xA2, 0xF1, 0x19, 0xF4, 0x59, 0xAD, 0x0A, 0x79, 0x4F, 0x5F, 0x58, 0x59, 0x23, 0xFE, 0xB8, 0xE6, 0xAF, 0xA5, 0xB5, 0x6D, 0xC2, 0xA7, 0x96, 0x20, 0x13, 0xA5, 0xEA, 0x7D, 0x98, 0xBD, 0x97, 0x6C, 0x68, 0x65, 0x6D, 0x38, 0x0C, 0x1E, 0x3A, 0x30, 0xD0, 0xCB, 0x9C, 0xFA, 0x97, 0x94, 0x0B, 0x65, 0x1B, 0xD8, 0x34, 0x5C, 0x33, 0x60, 0x4B, 0xDD, 0xCC, 0xFC, 0x20, 0x72, 0x8E, 0x5A, 0x28, 0x5D, 0x2C, 0x5C, 0x8F, 0xE0, 0x87, 0xF4, 0x57, 0xC8, 0x94, 0x9F, 0xDC, 0x24, 0x8B, 0xC8, 0xF9, 0xFA, 0xEA, 0xB6, 0x39, 0x9B, 0x9D, 0x25, 0x07, 0xC5, 0x18, 0xB4, 0xD0, 0x6F, 0xFD, 0x9F, 0xC5, 0x96, 0xBD, 0x1C, 0x3C, 0x60, 0x34, 0x74, 0xE5, 0x0E +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 192-bit key +Key: 0x60, 0x4F, 0xEB, 0x8B, 0x42, 0x88, 0xE6, 0xEE, 0x61, 0x96, 0xBA, 0xB9, 0x66, 0x91, 0xED, 0xED, 0xA4, 0x8C, 0x1D, 0x41, 0x43, 0x23, 0x41, 0x5B +IV: 0x9D, 0x53, 0x31, 0x46, 0xE8, 0x8F, 0x69, 0x21, 0x16, 0x0F, 0x09, 0x14, 0xF9, 0x6C, 0x21, 0x89 +Plaintext: 0xAB, 0x6A, 0x2C, 0x98, 0x2D, 0x14, 0xDA, 0xC2, 0x4E, 0x0F, 0x13, 0xE3, 0xCE, 0x28, 0x38, 0x62, 0xC4, 0x2F, 0xAC, 0xAB, 0x3D, 0x08, 0x93, 0xDF, 0x26, 0xFF, 0xD9, 0xC9, 0x6C, 0x5C, 0x76, 0x15, 0x61, 0x37, 0xF1, 0xBC, 0x62, 0x8E, 0x23, 0xC3, 0xB7, 0x95, 0x3E, 0x25, 0xBA, 0x4D, 0x0E, 0x0E, 0x3B, 0x58, 0x7E, 0x49, 0x24, 0x0C, 0x5D, 0xFC, 0x59, 0xC6, 0x62, 0x93, 0xE2, 0x81, 0x6E, 0xFA, 0x4C, 0xA7, 0x12, 0x0F, 0x4C, 0x26, 0x51, 0x57, 0xA6, 0xC7, 0xA7, 0xEF, 0x4D, 0xBC, 0x4A, 0xC6, 0xCC, 0x77, 0xAF, 0x0A, 0xE4, 0xC3, 0x50, 0xE0, 0x77, 0x0D, 0xAD, 0x58, 0xA5, 0x02, 0x90, 0xA0, 0x34, 0x60, 0x96, 0x78, 0x35, 0x05, 0xEB, 0xE5, 0xE4, 0x4D, 0x55, 0x2A, 0xD1, 0x9A, 0x74, 0xF4, 0x3D, 0x34, 0x48, 0xD5, 0xC7, 0x54, 0xF3, 0xF3, 0x48, 0x7B, 0xC0, 0x02, 0xFB, 0x08, 0x65, 0x6F, 0xE1, 0x0A, 0x85, 0xDE, 0x63, 0x53, 0x79, 0xD7, 0x3A, 0xCE, 0x50, 0xBC, 0x8C, 0x12, 0x14, 0xFF, 0x57, 0x36, 0x4F, 0x91, 0x13, 0xE7, 0xCE, 0x9E, 0x93, 0xB9, 0xA5, 0x77, 0x2D, 0xBB, 0x74, 0xD0 +Ciphertext: 0x55, 0x6B, 0xDA, 0xDC, 0x75, 0x31, 0xEE, 0xE8, 0x88, 0xF6, 0xDE, 0x47, 0x8F, 0xB3, 0x74, 0x0F, 0xA2, 0xBD, 0x15, 0x22, 0x08, 0x76, 0x74, 0xF2, 0xC6, 0xE1, 0x64, 0xDC, 0x6F, 0xB6, 0x08, 0x7C, 0x41, 0x6B, 0xCC, 0x7C, 0x25, 0x29, 0x54, 0x78, 0x25, 0x9D, 0x4E, 0xBB, 0xEC, 0xFD, 0x42, 0xD3, 0x2B, 0x97, 0x23, 0x9E, 0x45, 0x91, 0x02, 0x68, 0x0A, 0x19, 0x79, 0x82, 0xAB, 0x3E, 0xD6, 0xD7, 0x32, 0xD2, 0xBC, 0x8A, 0x2E, 0x37, 0x35, 0x58, 0xB4, 0xC5, 0xE1, 0xC9, 0x12, 0x30, 0xB7, 0x76, 0xCB, 0x1F, 0x02, 0x60, 0x78, 0xBC, 0xA9, 0x10, 0x4C, 0xF2, 0x19, 0xBC, 0x96, 0x06, 0x5E, 0xEF, 0x44, 0xDA, 0x86, 0xA4, 0xA3, 0xAA, 0x99, 0xF2, 0xEC, 0xB9, 0xA6, 0x09, 0xD8, 0x5C, 0x6F, 0x4F, 0x19, 0x07, 0xB7, 0x1D, 0x49, 0xDF, 0x55, 0x2B, 0xD1, 0x43, 0x43, 0xB2, 0xC6, 0x79, 0x75, 0x19, 0x6A, 0x25, 0xD8, 0xA2, 0xAF, 0xDC, 0x96, 0xD3, 0x78, 0x9E, 0xEB, 0x38, 0x3F, 0x4D, 0x5C, 0xCE, 0x42, 0x02, 0x7A, 0xDB, 0xCD, 0xC3, 0x42, 0xA3, 0x41, 0xC0, 0x19, 0x45, 0xC0, 0xB3, 0x89, 0x95}} +Test: Encrypt +# +# +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 256-bit key +Key: 0x1A, 0x4E, 0xE8, 0x2B, 0x1F, 0x37, 0x84, 0x94, 0x6D, 0xF2, 0xA1, 0x8F, 0xC7, 0x49, 0xB3, 0x4F, 0xE2, 0x26, 0xCF, 0x28, 0x11, 0xA6, 0x6A, 0x47, 0x22, 0x6E, 0x64, 0xA1, 0x82, 0x42, 0x45, 0x29 +IV: 0xA8, 0xD4, 0xC6, 0x46, 0xB1, 0xD9, 0x93, 0x84, 0x48, 0x62, 0x4F, 0x8A, 0xC9, 0x6A, 0xD8, 0x4C +Plaintext: 0xA6, 0xAB, 0xCD, 0x81, 0x09, 0xB7, 0x4E, 0x58, 0xBB, 0x43, 0x03, 0x66, 0x44, 0xC6, 0x60, 0xE3 +Ciphertext: 0x91, 0xEE, 0x72, 0xE8, 0xE2, 0x6F, 0xA4, 0x23, 0x49, 0x77, 0xE4, 0x64, 0xCA, 0x48, 0x72, 0xCA +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 256-bit key +Key: 0x54, 0x43, 0x27, 0x17, 0x61, 0x62, 0x2E, 0x0F, 0x92, 0xC6, 0x62, 0x94, 0xDC, 0x9B, 0x0C, 0x5E, 0x6B, 0x6E, 0x53, 0x84, 0x43, 0x42, 0x02, 0x37, 0x27, 0xE0, 0x8C, 0xB0, 0xB9, 0x6E, 0x4E, 0x67 +IV: 0xE4, 0x43, 0x13, 0x86, 0x77, 0xFA, 0xDD, 0x9D, 0x12, 0xC5, 0xE3, 0x97, 0x46, 0x04, 0xD6, 0xED +Plaintext: 0xF8, 0x17, 0x68, 0x19, 0x06, 0x70, 0x0F, 0x4E, 0x2E, 0xEC, 0x06, 0x66, 0x2B, 0x63, 0x96, 0x1C, 0x20, 0x7E, 0x93, 0x7B, 0x3A, 0xC8, 0x29, 0x96, 0x91, 0x08, 0xD9, 0x7A, 0x50, 0xCF, 0xBE, 0x61 +Ciphertext: 0xE9, 0xD5, 0x2E, 0xE1, 0x8C, 0xFC, 0x74, 0xD8, 0x24, 0xB4, 0x02, 0x57, 0x66, 0x49, 0x92, 0x66, 0xF3, 0x2D, 0x9F, 0xCA, 0xFA, 0x46, 0x98, 0x9F, 0x51, 0x51, 0xC5, 0xE9, 0x70, 0x83, 0x86, 0x90 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 256-bit key +Key: 0x16, 0x4D, 0x15, 0x28, 0x9C, 0x68, 0xFC, 0x03, 0x97, 0x10, 0x7A, 0x70, 0xE0, 0xCC, 0xC0, 0x69, 0xD2, 0x99, 0xAE, 0xDE, 0xF3, 0xF5, 0x99, 0x62, 0xD7, 0x37, 0x4C, 0x25, 0x42, 0x21, 0x4C, 0x22 +IV: 0x8D, 0xB8, 0x61, 0x99, 0x4B, 0x53, 0x51, 0xC0, 0x2C, 0xF3, 0xEF, 0xB6, 0x21, 0xD2, 0x54, 0xB8 +Plaintext: 0xC0, 0x3F, 0x6D, 0x97, 0xEB, 0xA8, 0xB6, 0x69, 0xAC, 0xF9, 0x44, 0x7F, 0x64, 0x25, 0x09, 0x98, 0x25, 0x01, 0x54, 0x54, 0x5C, 0x59, 0x97, 0xEC, 0xB3, 0x3E, 0x6D, 0x1F, 0x35, 0x9D, 0xDB, 0x70, 0xB3, 0x16, 0xD6, 0x8E, 0x67, 0x0A, 0x06, 0x14, 0xD8, 0xF6, 0xCA, 0x72, 0xFD, 0x00, 0x7C, 0x2B +Ciphertext: 0xE5, 0xCF, 0xFB, 0x9A, 0xF3, 0x5F, 0x2E, 0xF4, 0x09, 0x9A, 0x05, 0x87, 0xA3, 0x88, 0x51, 0xC3, 0x7E, 0xBE, 0xB3, 0xDD, 0x3F, 0x24, 0xA5, 0x8C, 0xF5, 0x52, 0x24, 0x65, 0xDE, 0x01, 0xC5, 0x98, 0x08, 0xC4, 0xE9, 0xEB, 0x40, 0xC1, 0x32, 0x19, 0xD6, 0x18, 0xC8, 0x4B, 0x33, 0x48, 0xDF, 0xA9 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 256-bit key +Key: 0xA5, 0xD0, 0xF6, 0x42, 0x17, 0xA1, 0x55, 0xEE, 0xF5, 0x98, 0xFD, 0x95, 0x66, 0x54, 0xDD, 0xF8, 0x73, 0xC6, 0xF4, 0xAC, 0xB2, 0x43, 0x13, 0xC9, 0x22, 0xD7, 0xE5, 0xE6, 0x57, 0xDD, 0x2E, 0x44 +IV: 0xD7, 0xCC, 0x50, 0x49, 0xC3, 0x54, 0x13, 0x30, 0xBA, 0xAA, 0xA5, 0x00, 0xFA, 0x20, 0xE0, 0xBA +Plaintext: 0xC8, 0xF8, 0xCC, 0xD7, 0x13, 0x7A, 0x65, 0xF1, 0x54, 0x44, 0x9E, 0xC1, 0xB8, 0xE2, 0xA5, 0x49, 0x81, 0x9E, 0x69, 0x52, 0xA9, 0x99, 0x5A, 0x19, 0xC9, 0x1B, 0x6F, 0x46, 0x3A, 0x28, 0x6E, 0x1D, 0x7A, 0x54, 0x68, 0xF8, 0xD1, 0xD8, 0x82, 0xF5, 0x34, 0xE4, 0xFC, 0xEC, 0x69, 0x37, 0x6B, 0xA4, 0x6C, 0xEE, 0x49, 0x46, 0x12, 0x99, 0xB0, 0x11, 0xEC, 0x94, 0x63, 0x50, 0x6E, 0x95, 0x0E, 0x89 +Ciphertext: 0x32, 0xFC, 0x06, 0x46, 0xF1, 0x71, 0x1F, 0xD6, 0x83, 0x59, 0x7D, 0x18, 0xE9, 0xDE, 0x0D, 0x60, 0x9C, 0x42, 0xED, 0x3C, 0x71, 0xA5, 0x35, 0x43, 0x5E, 0x84, 0xE3, 0x43, 0x85, 0x78, 0x72, 0x5A, 0xB5, 0xED, 0x86, 0x5D, 0x4A, 0x87, 0xE1, 0xFC, 0xE8, 0xE1, 0x3B, 0x4C, 0x73, 0xB0, 0xE2, 0xE7, 0x2B, 0x83, 0xC6, 0x08, 0xED, 0xC0, 0x36, 0xB5, 0x64, 0x86, 0x78, 0x82, 0x8A, 0xA4, 0x56, 0x5D +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 256-bit key +Key: 0x50, 0x81, 0xCF, 0xF8, 0x35, 0x84, 0xF4, 0x3B, 0x8B, 0x60, 0x07, 0x4F, 0xB2, 0x05, 0x08, 0xBB, 0x60, 0x63, 0xF9, 0x0B, 0x44, 0x7C, 0xA0, 0x80, 0xE9, 0xBD, 0x88, 0x06, 0xDE, 0x8E, 0x49, 0x66 +IV: 0x14, 0x28, 0x09, 0xBD, 0x87, 0xA6, 0x43, 0x2D, 0x20, 0x5F, 0xC7, 0xD2, 0xDA, 0x74, 0x02, 0xF8 +Plaintext: 0x25, 0xA5, 0x80, 0x8B, 0x88, 0x69, 0xAF, 0xCE, 0x89, 0x3D, 0xE6, 0x50, 0xD1, 0x3C, 0xA5, 0x1D, 0x8C, 0xF0, 0x1F, 0x31, 0x0F, 0x68, 0xF5, 0x32, 0xBD, 0x8A, 0x45, 0x5E, 0x2B, 0xAB, 0xE3, 0xC2, 0x82, 0x5D, 0xE6, 0xAC, 0x25, 0x88, 0x67, 0x64, 0x94, 0xBD, 0x85, 0x17, 0x91, 0xC6, 0xAC, 0x14, 0x81, 0x82, 0x18, 0x3B, 0x14, 0xF0, 0x94, 0xB1, 0x28, 0x89, 0x88, 0xD9, 0xEB, 0xD3, 0x32, 0x80, 0x40, 0x33, 0x34, 0x58, 0x65, 0x02, 0x4F, 0xA8, 0xD2, 0xE4, 0x6E, 0x41, 0x64, 0x55, 0xE6, 0xB4 +Ciphertext: 0xEE, 0x57, 0xD3, 0x98, 0x7E, 0x62, 0xCF, 0x04, 0xBB, 0x11, 0x21, 0x91, 0x20, 0xB4, 0xA3, 0x92, 0x16, 0x86, 0xAF, 0xA1, 0x86, 0x9B, 0x8A, 0x4C, 0x43, 0x7F, 0xAF, 0xCC, 0x87, 0x99, 0x6A, 0x04, 0xC0, 0x06, 0xB0, 0xC0, 0x4D, 0xE4, 0x98, 0xB2, 0x4B, 0x24, 0x34, 0x87, 0x3D, 0x70, 0xDB, 0x57, 0xE3, 0x71, 0x8C, 0x09, 0x16, 0x9E, 0x56, 0xD0, 0x9A, 0xC4, 0xB7, 0x25, 0x40, 0xCC, 0xC3, 0xED, 0x6D, 0x23, 0x11, 0x29, 0x39, 0x8A, 0x71, 0x75, 0x0C, 0x8F, 0x0C, 0xE4, 0xE4, 0x2B, 0x93, 0x59 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 256-bit key +Key: 0xBA, 0x85, 0xFC, 0xC2, 0xE0, 0x66, 0xA8, 0x14, 0x2A, 0x03, 0x98, 0x2D, 0x63, 0x13, 0x78, 0x9C, 0x27, 0xCE, 0x71, 0x76, 0x8E, 0xFF, 0xEF, 0x03, 0x0B, 0x5B, 0xA8, 0xB8, 0x93, 0x11, 0xDA, 0x65 +IV: 0x01, 0xA2, 0xD3, 0xB0, 0xB9, 0xF3, 0xB7, 0xC2, 0x8B, 0xA1, 0x7E, 0x40, 0xDB, 0x94, 0x3C, 0x7D +Plaintext: 0xFF, 0xD7, 0xA5, 0xEE, 0xE9, 0xA6, 0xD0, 0xDE, 0x06, 0xC9, 0x3B, 0x62, 0x65, 0x21, 0x10, 0x90, 0x1C, 0x81, 0xA6, 0xEC, 0xE8, 0xBF, 0x4B, 0x23, 0x13, 0x0A, 0x41, 0xFC, 0x9B, 0x7D, 0x06, 0x8B, 0x90, 0xF5, 0xD8, 0xA8, 0xBE, 0x20, 0x79, 0x9F, 0x8C, 0xD7, 0x30, 0x29, 0x24, 0xAE, 0x10, 0x9B, 0xD4, 0xC9, 0x7C, 0x5E, 0xB4, 0xF1, 0xEB, 0x9F, 0x8A, 0xE6, 0xE9, 0x47, 0xEA, 0xF7, 0x5F, 0x2E, 0xA2, 0xD1, 0x13, 0x8B, 0x55, 0x95, 0x72, 0xB0, 0x65, 0x2D, 0x8E, 0xF4, 0x16, 0xDF, 0x63, 0xF0, 0xF1, 0x22, 0x5E, 0xEE, 0x67, 0xB1, 0x20, 0x9E, 0xB7, 0xDF, 0x7F, 0x0B, 0x12, 0x2A, 0xCD, 0xCE +Ciphertext: 0xCF, 0x3A, 0x57, 0xE7, 0xC3, 0xFB, 0x96, 0x0D, 0x47, 0x39, 0x0E, 0xDF, 0x47, 0x35, 0xF6, 0x06, 0xCF, 0x21, 0x1A, 0x3A, 0x67, 0x14, 0xE5, 0x0F, 0x2D, 0x5E, 0xA8, 0xFC, 0xC8, 0x7F, 0x89, 0x04, 0x3E, 0x93, 0x51, 0x14, 0xFF, 0x93, 0xAC, 0xD1, 0x97, 0x80, 0x03, 0x13, 0xA9, 0x1F, 0x3E, 0xDF, 0x28, 0x92, 0x43, 0x94, 0xDC, 0x59, 0x6D, 0x0D, 0x64, 0xA8, 0x63, 0x32, 0x38, 0xB6, 0xB3, 0x07, 0x7E, 0x36, 0x73, 0x50, 0xD8, 0xAB, 0x65, 0x79, 0x09, 0xEA, 0x6A, 0x90, 0x6F, 0x57, 0x55, 0x6B, 0x3C, 0x99, 0xC1, 0xF7, 0x96, 0x48, 0x85, 0x60, 0x1C, 0xF4, 0xAF, 0x4F, 0x5F, 0xEB, 0x64, 0x79 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 256-bit key +Key: 0xFC, 0x12, 0x5D, 0x81, 0xF5, 0x2C, 0x44, 0x77, 0x59, 0x72, 0x5D, 0xAA, 0x85, 0xDD, 0x90, 0xF5, 0x3B, 0x36, 0x53, 0x84, 0x48, 0x29, 0x70, 0x88, 0x63, 0x9B, 0x09, 0x2F, 0x59, 0x3D, 0xDA, 0xD3 +IV: 0x67, 0x61, 0xBF, 0x72, 0xE7, 0x0D, 0x76, 0x5E, 0x30, 0x4E, 0xA5, 0x35, 0xB7, 0xCF, 0x1F, 0x14 +Plaintext: 0x7A, 0xAA, 0x63, 0x08, 0x9E, 0x7E, 0x66, 0xC5, 0x56, 0xC2, 0x92, 0x9B, 0x08, 0x59, 0x0E, 0xA5, 0xAB, 0x66, 0x40, 0x44, 0x74, 0x61, 0x90, 0xCB, 0xB1, 0x6B, 0x6F, 0x7C, 0xF5, 0xDE, 0x98, 0xB4, 0x75, 0x29, 0x96, 0x62, 0xB2, 0xDB, 0x87, 0xBD, 0x58, 0xFD, 0x1F, 0x37, 0x66, 0xA5, 0xF0, 0xAC, 0x90, 0xC8, 0xE8, 0xE0, 0xE2, 0x50, 0x1B, 0x28, 0xA5, 0x6E, 0xC2, 0x67, 0x86, 0x32, 0x84, 0x3C, 0xF5, 0x59, 0xF5, 0x7A, 0xCC, 0x66, 0x5D, 0xD9, 0x31, 0xF4, 0xBA, 0xEB, 0xBD, 0x4A, 0x08, 0x51, 0xDE, 0x30, 0xBF, 0x2E, 0x79, 0x01, 0x9E, 0xDC, 0xD4, 0x02, 0xA7, 0xDE, 0xB4, 0xF2, 0x6B, 0x16, 0xC2, 0xE2, 0x87, 0x38, 0x33, 0x47, 0x6F, 0x7F, 0xA8, 0x4E, 0x6A, 0x9F, 0x53, 0x6F, 0xDE, 0xFA +Ciphertext: 0xFA, 0x65, 0xC8, 0x62, 0x66, 0xA2, 0xAC, 0x16, 0x99, 0x95, 0x43, 0x3D, 0x7E, 0xA3, 0xAF, 0x9A, 0x9D, 0x24, 0x7E, 0x5E, 0x0D, 0x3B, 0xB9, 0x81, 0x64, 0x9E, 0x15, 0x3C, 0xBE, 0xB8, 0x04, 0x4F, 0xE6, 0x51, 0xD5, 0xE2, 0x48, 0x7F, 0x01, 0x7E, 0x52, 0x32, 0xB7, 0x1B, 0xD1, 0x45, 0x70, 0x12, 0xEE, 0xA1, 0x40, 0x87, 0x8C, 0x0A, 0x0C, 0xEE, 0x68, 0xF6, 0xD0, 0x2A, 0x87, 0x00, 0xDC, 0x61, 0x3E, 0x2F, 0x1C, 0x04, 0x97, 0x94, 0x9A, 0xBF, 0xE7, 0x8B, 0x30, 0xB4, 0x48, 0x55, 0x52, 0xE2, 0x89, 0xBA, 0x21, 0x67, 0x3F, 0x5A, 0xCB, 0x87, 0x93, 0xCC, 0xE6, 0x5A, 0xE3, 0xC6, 0xCC, 0x46, 0x8D, 0xDE, 0x4E, 0xA5, 0x2E, 0x00, 0xE6, 0x0A, 0x06, 0xCF, 0x95, 0xE5, 0x4D, 0xD1, 0x09, 0x66 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 256-bit key +Key: 0x5C, 0x45, 0xCE, 0x16, 0x83, 0x9D, 0xA1, 0x4F, 0x06, 0xCD, 0x25, 0xC9, 0xC5, 0x47, 0xD3, 0xA9, 0xA4, 0x6D, 0x55, 0x85, 0x31, 0xA7, 0x45, 0x18, 0x87, 0xB3, 0x38, 0x3B, 0x72, 0x3D, 0xFB, 0x11 +IV: 0xD3, 0xB0, 0x1C, 0x81, 0x46, 0x4B, 0xAC, 0xE9, 0x03, 0x77, 0x44, 0x10, 0x02, 0x58, 0x46, 0x5D +Plaintext: 0x63, 0xA2, 0x65, 0x47, 0x0C, 0xAE, 0x68, 0x0D, 0x94, 0xCD, 0x2A, 0xA7, 0x60, 0xDC, 0xE6, 0xFC, 0x0B, 0x18, 0xB1, 0x55, 0x0B, 0x34, 0x48, 0x12, 0x92, 0xA9, 0x0C, 0x9C, 0xB3, 0x4E, 0x4B, 0x9A, 0xC6, 0x28, 0xC1, 0x68, 0x0D, 0x83, 0x5F, 0xC4, 0x98, 0x41, 0x4B, 0xCB, 0x65, 0x73, 0x27, 0x25, 0xCC, 0x26, 0x96, 0x7C, 0x1A, 0x7F, 0xFC, 0x32, 0x7D, 0x0B, 0x86, 0x53, 0x20, 0x50, 0x6B, 0xC8, 0x96, 0xA8, 0x71, 0xCE, 0x7C, 0x4F, 0xB2, 0xA7, 0x5A, 0xBA, 0xA0, 0x8F, 0xCB, 0x2A, 0x47, 0xF2, 0xDE, 0x82, 0xD2, 0xDC, 0xBB, 0x55, 0x51, 0xB1, 0x8A, 0x44, 0xB9, 0x1E, 0x90, 0x87, 0x2C, 0x4F, 0x9B, 0xC9, 0x7B, 0x63, 0xA1, 0x39, 0xEA, 0x1D, 0xA4, 0xDE, 0x33, 0xDC, 0xD8, 0x2A, 0xCD, 0xCD, 0x08, 0xD3, 0x6D, 0x5F, 0x36, 0xDE, 0xCE, 0xF7, 0x82, 0xFD, 0xAE, 0xE6, 0x4D, 0x1A, 0x19, 0x98 +Ciphertext: 0x33, 0xAA, 0x7E, 0x19, 0xFE, 0x25, 0xAD, 0xA5, 0x67, 0xB5, 0xC9, 0xE2, 0x9E, 0x81, 0x5E, 0xC9, 0x80, 0xF0, 0xFF, 0x9A, 0x7D, 0xE2, 0x97, 0xDF, 0x6E, 0x93, 0x84, 0x36, 0x72, 0x54, 0x64, 0x20, 0x5C, 0x4F, 0x62, 0x60, 0x13, 0xF0, 0x9E, 0x14, 0xAC, 0x3A, 0x6E, 0x08, 0x20, 0x27, 0x71, 0xFF, 0xAB, 0x05, 0x15, 0x74, 0xF6, 0x2E, 0x9B, 0x4C, 0xAF, 0x10, 0x8C, 0xC6, 0x18, 0x88, 0x82, 0x08, 0x60, 0xC6, 0x34, 0x33, 0xA2, 0xD8, 0xB4, 0xEF, 0x0E, 0xD7, 0xA4, 0xFF, 0x5E, 0x81, 0x09, 0x82, 0x02, 0x87, 0x67, 0x3A, 0x3F, 0x43, 0x37, 0x1D, 0x4C, 0x3A, 0xD7, 0x4C, 0x98, 0xD4, 0x94, 0xDE, 0xEC, 0xBB, 0x9F, 0xBB, 0x99, 0x5A, 0x41, 0x14, 0x1E, 0x3A, 0x96, 0xD6, 0x12, 0x9E, 0x0E, 0x04, 0xDC, 0xB9, 0x0C, 0x4F, 0x63, 0xEA, 0x0F, 0xFF, 0xE3, 0xD8, 0xE3, 0x77, 0xD9, 0xF3, 0xC7, 0x63 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 256-bit key +Key: 0x9D, 0x34, 0xE9, 0x0D, 0xC3, 0x6A, 0x8E, 0x8D, 0x3C, 0x55, 0x0B, 0x98, 0xD6, 0x9B, 0x41, 0x1D, 0x13, 0xC1, 0x70, 0xEC, 0xD2, 0x41, 0xFB, 0x6C, 0x2C, 0xDD, 0x6B, 0x91, 0x9D, 0x32, 0xB7, 0x09 +IV: 0x64, 0x90, 0xC3, 0xB6, 0x2C, 0x09, 0x26, 0x61, 0xEB, 0xC8, 0x30, 0xAD, 0x0B, 0xA5, 0x2C, 0x49 +Plaintext: 0xC8, 0xF6, 0xE2, 0x6A, 0xD9, 0xA7, 0x60, 0x79, 0x52, 0x8D, 0xFA, 0x08, 0xC9, 0xF7, 0x90, 0x0B, 0xB7, 0x86, 0x0F, 0x45, 0x22, 0x3F, 0x3A, 0x00, 0x79, 0xDF, 0xAB, 0x01, 0xC0, 0x6E, 0x14, 0xBB, 0xEC, 0x17, 0xCB, 0xC3, 0x91, 0x37, 0x86, 0x84, 0xBA, 0xB4, 0x63, 0x34, 0x18, 0x90, 0x2B, 0x07, 0x60, 0xBE, 0xD7, 0xA2, 0xEE, 0x34, 0x53, 0xD2, 0xAE, 0x41, 0x83, 0x7E, 0x3C, 0x21, 0x84, 0xDA, 0x4A, 0xCF, 0x34, 0xDE, 0x43, 0x1A, 0xF4, 0xF7, 0x2D, 0xFB, 0xAC, 0xFC, 0xD4, 0x26, 0x10, 0x63, 0x25, 0xDF, 0x22, 0xB5, 0xD8, 0x0F, 0xF8, 0x3F, 0x52, 0x97, 0xC0, 0x0B, 0xC9, 0xE4, 0x01, 0x0E, 0xA9, 0xC3, 0x24, 0xA3, 0x36, 0x77, 0x32, 0x38, 0x73, 0x0A, 0xDF, 0x47, 0x43, 0xE0, 0xC8, 0x89, 0xCF, 0x92, 0xF9, 0x66, 0x27, 0xF9, 0xB2, 0xAF, 0x2C, 0x88, 0x6B, 0x8F, 0xAD, 0xDF, 0x15, 0xBF, 0xD0, 0x9E, 0xA3, 0xFA, 0xB4, 0x77, 0xC9, 0xB1, 0x54, 0x88, 0x03, 0xFF, 0xAF, 0xE7, 0xDA, 0xDF +Ciphertext: 0x2F, 0xD9, 0xBE, 0x44, 0xEB, 0x6D, 0x21, 0xEA, 0x50, 0xB9, 0x15, 0x33, 0xF4, 0xFD, 0xD3, 0x40, 0x43, 0xB2, 0xA7, 0x55, 0xD8, 0x82, 0x4F, 0x3E, 0xC4, 0xB0, 0x88, 0x23, 0xBC, 0xBD, 0x20, 0xE3, 0x22, 0x4F, 0xC0, 0xD9, 0x90, 0xBA, 0xE3, 0x09, 0xF7, 0xB8, 0x87, 0xF5, 0xAE, 0x60, 0x6A, 0xF5, 0x97, 0x54, 0x79, 0x39, 0x0D, 0xFE, 0xAD, 0x5F, 0xA8, 0x64, 0xE8, 0xC8, 0x5C, 0x41, 0x2F, 0x85, 0x41, 0x2D, 0xFB, 0xEC, 0xA2, 0x9E, 0x4D, 0x3F, 0xD9, 0x1D, 0xF2, 0x69, 0x33, 0x48, 0xCB, 0x0F, 0xD2, 0x81, 0x19, 0x4D, 0x3A, 0xF5, 0x1F, 0x07, 0xD5, 0xB1, 0x58, 0x34, 0x91, 0x1D, 0x5B, 0xCA, 0x01, 0x1C, 0x0B, 0xE1, 0x77, 0x5F, 0xD7, 0xD1, 0xF7, 0x84, 0xF6, 0xF7, 0xE7, 0xE4, 0xEF, 0x3C, 0x55, 0x68, 0xF0, 0x9F, 0xB2, 0x94, 0x2B, 0x8E, 0xB9, 0x73, 0x80, 0xA2, 0x50, 0xA4, 0x5A, 0xF7, 0x68, 0x22, 0x4F, 0xF5, 0x0D, 0x80, 0x05, 0xFB, 0x92, 0xAC, 0xC7, 0x25, 0x62, 0xB9, 0x3C, 0x10 +Test: Encrypt +# +Source: LEA reference test vectors, file lea_vs.c +Comment: LEA-128/CBC, 256-bit key +Key: 0x26, 0x7E, 0x63, 0x9D, 0x25, 0x19, 0x08, 0x8A, 0x05, 0xBD, 0x8A, 0xF4, 0x31, 0x3C, 0x47, 0x55, 0x88, 0x06, 0xB9, 0xCB, 0x03, 0x42, 0x40, 0xC8, 0x98, 0x1D, 0x21, 0x0B, 0x5E, 0x62, 0xCE, 0xCF +IV: 0xF1, 0x4C, 0x68, 0x42, 0x18, 0x98, 0x82, 0x38, 0xA5, 0xDD, 0x28, 0x21, 0x9D, 0x20, 0x1F, 0x38 +Plaintext: 0x99, 0xA3, 0x6F, 0xFE, 0x6C, 0xFF, 0x1F, 0xE7, 0x06, 0x72, 0x40, 0x53, 0x99, 0x7A, 0x2D, 0xBF, 0xFA, 0xA3, 0x10, 0x3D, 0x49, 0x9D, 0xA8, 0x21, 0xD4, 0x91, 0x4A, 0xFE, 0x39, 0xB5, 0x26, 0xD1, 0xCB, 0x1F, 0xCC, 0x7B, 0x37, 0xD7, 0xEF, 0x75, 0x68, 0x2F, 0x68, 0xBF, 0xA7, 0x57, 0x7D, 0x19, 0x07, 0x2C, 0x64, 0x76, 0x00, 0x51, 0x03, 0xAE, 0x5A, 0x81, 0xFA, 0x73, 0x4C, 0x23, 0xE3, 0x86, 0xE6, 0x1F, 0xD8, 0x2A, 0xAC, 0xF1, 0x36, 0xDA, 0x84, 0xFC, 0xA1, 0x37, 0xD2, 0x20, 0x49, 0x44, 0xE1, 0x8E, 0x6B, 0xD5, 0x85, 0xDB, 0x1A, 0x45, 0xFE, 0x54, 0x3F, 0x68, 0x20, 0x92, 0xDF, 0xC0, 0xB1, 0x4E, 0x9C, 0xF4, 0x13, 0x76, 0x7F, 0x7D, 0x22, 0x7F, 0xF4, 0xA3, 0x60, 0xFE, 0x16, 0xA8, 0x50, 0x72, 0x2D, 0x43, 0x1F, 0x64, 0x75, 0x50, 0x89, 0xB3, 0x22, 0xC5, 0xFB, 0x29, 0xA0, 0xE8, 0xF5, 0x51, 0x1F, 0xBF, 0xB3, 0x8D, 0x4F, 0xC8, 0x0C, 0x63, 0x68, 0xEB, 0x9A, 0x18, 0x6E, 0xAD, 0x1B, 0x80, 0xB3, 0xA6, 0x17, 0x14, 0x9D, 0x35, 0xC4, 0x45, 0xA9, 0x72, 0x26, 0x10, 0xB0, 0x64 +Ciphertext: 0xB5, 0x35, 0x2D, 0x1B, 0x32, 0x1D, 0x11, 0x00, 0x7A, 0x50, 0xAA, 0x50, 0x0B, 0x7D, 0x7D, 0xD4, 0x3C, 0x59, 0x89, 0xBF, 0x12, 0xE7, 0x20, 0x9D, 0x96, 0xE4, 0xE3, 0x04, 0xC7, 0x2A, 0x53, 0x44, 0xE4, 0x39, 0x1E, 0xD4, 0x25, 0x89, 0x2C, 0x6A, 0xD4, 0x05, 0xDA, 0x1D, 0x0A, 0xCE, 0xCC, 0x67, 0x7B, 0x80, 0x76, 0xF3, 0x28, 0x0C, 0xB7, 0x85, 0xB1, 0x18, 0x07, 0x7B, 0x78, 0xBE, 0x2D, 0xEC, 0xBE, 0xF6, 0x77, 0x22, 0x74, 0x22, 0xC1, 0x88, 0x00, 0xEF, 0x25, 0xAF, 0x03, 0xCD, 0x69, 0x3C, 0xC1, 0x31, 0x17, 0xAB, 0x92, 0x5C, 0xF7, 0xC3, 0x90, 0x0B, 0xFA, 0xDF, 0xF7, 0xDF, 0x0A, 0x6E, 0x1E, 0x82, 0x39, 0x16, 0x35, 0x3B, 0xA6, 0x2B, 0x96, 0x8D, 0x9D, 0xD3, 0xAA, 0x56, 0xAE, 0x7A, 0xBA, 0x4B, 0xCB, 0x46, 0x8E, 0xAF, 0x37, 0x04, 0xCC, 0x06, 0x21, 0x72, 0x52, 0x0E, 0x94, 0x6F, 0x9B, 0x6C, 0x0C, 0x18, 0x01, 0x97, 0x6D, 0x31, 0x85, 0xB6, 0xBD, 0xFD, 0x50, 0x4D, 0x99, 0x2B, 0x74, 0x23, 0x57, 0x80, 0x15, 0x3F, 0x69, 0xA5, 0xF3, 0x2C, 0xCF, 0xF1, 0x1E, 0xC7, 0xE0, 0x04 +Test: Encrypt diff --git a/vendor/cryptopp/vendor_cryptopp/TestVectors/rabbit.txt b/vendor/cryptopp/vendor_cryptopp/TestVectors/rabbit.txt new file mode 100644 index 00000000..f869113e --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestVectors/rabbit.txt @@ -0,0 +1,1980 @@ +# These test vectors were generated using the eSTREAM reference +# implementation for Rabbit using the file rabbit.c. We could +# not use the published test vectors because they arrived at +# the incorrect result when plugged back into the reference +# implementation. Sigh... + +AlgorithmType: SymmetricCipher +Name: Rabbit +# +Source: Rabbit test vectors, Test 1 +Key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +Plaintext: \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +Ciphertext: \ + 02 F7 4A 1C 26 45 6B F5 EC D6 A5 36 F0 54 57 B1 \ + A7 8A C6 89 47 6C 69 7B 39 0C 9C C5 15 D8 E8 88 +Test: Encrypt +# +Source: Rabbit test vectors, Test 2 +Key: C2 1F CF 38 81 CD 5E E8 62 8A CC B0 A9 89 0D F8 +Plaintext: \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +Ciphertext: \ + 3D 02 E0 C7 30 55 91 12 B4 73 B7 90 DE E0 18 DF \ + CD 6D 73 0C E5 4E 19 F0 C3 5E C4 79 0E B6 C7 4A +Test: Encrypt +# +Source: Rabbit test vectors, Test 3 +Key: 1D 27 2C 6A 2D 8E 3D FC AC 14 05 6B 78 D6 33 A0 +Plaintext: \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +Ciphertext: \ + A3 A9 7A BB 80 39 38 20 B7 E5 0C 4A BB 53 82 3D \ + C4 42 37 99 C2 EF C9 FF B3 A4 12 5F 1F 4C 99 A8 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 2923be84 e16cd6ae 529049f1 f1bbe9eb +Plaintext: b3 +Ciphertext: 53 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: a6db3c87 0c3e9924 5e0d1c06 b747deb3 +Plaintext: 124d +Ciphertext: 1c4d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: c843bb8b a61f035a 7d093825 1f5dd4cb +Plaintext: fc96f5 +Ciphertext: 0f58c9 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 453b130d 890a1cdb ae32209a 50ee4078 +Plaintext: 36fd1249 +Ciphertext: 73a3d9af +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 32f69e7d 49dcad4f 14f24440 66d06bc4 +Plaintext: 30 b7323ba1 +Ciphertext: f7 637a4c47 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 22f62291 9de18b1f dab0ca99 02b9729d +Plaintext: 492c 807ec599 +Ciphertext: 0eaf 24a6f381 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: d5e980b2 eac9cc53 bf67d6bf 14d67e2d +Plaintext: dc8e66 83ef5749 +Ciphertext: 2d7d53 84c6280d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 61ff698f 61cdd11e 9d9c1672 72e61df0 +Plaintext: 844f4a77 02d7e839 +Ciphertext: bf871830 9a22b082 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 2c53cbc9 121e3374 9e0cf4d5 d49fd4a4 +Plaintext: 59 7e35cf32 22f4cccf +Ciphertext: 0e c5b64a95 b505e3d1 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: d3902d48 d38f75e6 d91d2ae5 c0f72b78 +Plaintext: 8187 440e5f50 00d4618d +Ciphertext: b0ff a090f3c5 766e39bc +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: be7b0515 073b3382 1f187092 da6454ce +Plaintext: b1853e 6915f846 6a049673 +Ciphertext: 73f9f4 72f686d1 acaeae01 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 0ed9162f 6768d4f7 4a4ad057 6876fa16 +Plaintext: bb11adae 248879fe 52db2543 +Ciphertext: 68d150d0 e4f8fe83 1f575d49 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: e53cf445 d3d828ce 0bf5c560 593d9727 +Plaintext: 8a 59762dd0 c2c9cd68 d4496a79 +Ciphertext: cb b1e77bf3 0d73f7dd 4e66ecae +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 25086140 14b13b6a a51128c1 8cd6a90b +Plaintext: 8797 8c2ff115 1d9a95c1 9be1c07e +Ciphertext: 7637 98d8e5fd c6d70ff4 9b33624f +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: e9a89aa7 86c2b554 bf9ae7d9 23d15590 +Plaintext: 3828d1 d96ca166 5e4ee130 9cfed971 +Ciphertext: b5bcbb 979ea7d1 87f939f7 c0dacf7c +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 9fe2a5e2 0c9bb447 65382a46 89a98279 +Plaintext: 7a7678c2 63b126df da296d3e 62e09612 +Ciphertext: 7d599714 3264097e b6a9ffe3 a75655c4 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 34bf39a6 3f895ef1 6d0ee36c 28a11e20 +Plaintext: 1d cbc2033f 4107840f 1405651b 2861c9c5 +Ciphertext: 2a e080516f 904e7621 592e241a 7778c18b +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: e72c8e46 3608dcf3 a88dfebe f2eb71ff +Plaintext: a0d0 3b75068c 7e877873 4dd0be82 bedbc246 +Ciphertext: 9c05 bf8b968a f9ec1cdc 38f5c387 c4d458a4 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 412b8cfa 307f70f0 a7548632 95aa5b68 +Plaintext: 130be6 fcf5cabe 7d9f898a 411bfdb8 4f68f672 +Ciphertext: 049038 dc24afc9 45720df0 5416956c bfccd17d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 7b1499cd d30df044 3ab4a666 53330bcb +Plaintext: a1105e4c ec034c73 e605b431 0eaaadcf d5b0ca27 +Ciphertext: ba73d8da 066cd03d 40c4e809 3c5afc8b b8a7d082 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: ffd89d14 4df47927 59427c9c c1f8cd8c +Plaintext: 87 202364b8 a687954c b05a8d4e 2d99e73d b160deb1 +Ciphertext: ba b80e78cc 5c658f5c cb16872a fa7c0594 468c4164 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 80ad0841 e96741a5 d59fe418 9f154200 +Plaintext: 26fe 4cd12104 932fb38f 73534043 8aaf7eca 6fd5cfd3 +Ciphertext: fbca 394bf78f 00389fb4 1e9595c9 fc894c1b e8c38bf9 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: a195ce5a be65272a f607ada1 be65a6b4 +Plaintext: c9c069 3234092c 4d018f17 56c6db9d c8a6d80b 88813861 +Ciphertext: 1e86f1 2de06345 2ab19954 2b9fae14 3ed55989 87b83245 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 6b681262 f954d0e7 71174878 0d92291d +Plaintext: 86299972 db741cfa 4f37b8b5 b09557f5 df806c6d 8d74d98b +Ciphertext: 4d72dce6 3a55c2ce b8ab7c00 99a24370 689f7bf9 36cafd97 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 43651108 a5f679bd f7eb15b8 e0e1608f +Plaintext: 6e 3c7bf45b 628a8a8f 275cf7e5 874a3b32 9b614084 c6c3b1a7 +Ciphertext: db 0b8fe73e b4f22ca1 944a31b6 1fbdede6 f3723df5 adb58ff4 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 304a10ee 756f032f 9e6aef10 509bc881 +Plaintext: 4329 288af6e9 9e47a181 48316ccd a49ede81 a38c9810 ff9a43cd +Ciphertext: 4126 c8f25d6b 20009282 1c588d40 50c57ebb 335eb017 d08a18c2 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: cf57c750 59bfbd1c 2703287f 5d895fb9 +Plaintext: 49344e 603ce5de 029842b2 0d2bb614 ecbbb82f 73e2517e 7d1dd884 +Ciphertext: 6ec97a 57ed5430 60f2fc57 9172d908 bf7bf88d 6bef3f88 02d04bc0 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: d31f01be 506b16d6 43218319 1518982b +Plaintext: 2c2e8bf9 0edcbcf0 ca0e3d6d 94319274 af8db5a4 90d55e6a 40fc8076 +Ciphertext: c041adfd 2cc319ac 08155c02 519932b4 2e625c47 3e6d4e14 9c938822 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 024b176b 36b121db 7d5aea72 1e828d71 +Plaintext: a8 8cb85ed9 4eaffabf b094741d 75e5dc10 5846daf2 5b81a07f 5ccb1d36 +Ciphertext: 2a 37c5563a 740d6b14 34f570ee 9f8e761f 0bdaf98d 8ec7a98e f66064f0 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: e9497402 55d2ac1a 0bf7a926 23405ba3 +Plaintext: 33b9 358868ad e12ad5b2 325d0ae5 5adce977 5debb569 c53a6c93 980d57eb +Ciphertext: 96da ae3c6584 1bf3ecb8 904d1207 d0d15cbb 84dcb687 9202e0d8 b8ea0982 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 879adf04 68b2a2d5 e6a4c6bc 775f8dc3 +Plaintext: 8fd62a 2114a9d4 04110118 8daebb73 1c60ca20 cf5dd62f 455329d7 a859cc0d +Ciphertext: ab578b b0f1c58b 03469713 d291338b 1de32a49 6d3f9039 7476321a 78e15d8d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: ea26ed55 4e8084d9 2bf837b8 edd57aa0 +Plaintext: 5c4efa9f 21fc3c36 858e81b0 7dbfeeb1 e485e912 078bc6ec 66e2a3f3 b9f49006 +Ciphertext: 6d98a1c2 e641f2ee 7c0852f1 89ff7687 5d08bec2 33d0fc22 2457811b aa6fc5f6 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 32b9f404 022d2ce0 1e0174f8 43900ba2 +Plaintext: 37 16920853 1cb5373e 370e72fb f246cc26 097ef67a d8ed5597 12ca5702 b66c086e +Ciphertext: d2 59cd8f31 877545b2 6dcdc837 5c22fef6 427b689d 5816a43e 15408d64 84fea1f3 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 3fb0e03a 1c9bdf3a 5f40ddba b9e41bc0 +Plaintext: a661 1d92e5c8 bc782b4a 77c31859 0a0e6a0a 42c471be 0fe3c301 dbff30b2 1a89f865 +Ciphertext: 260d c51eea6b 1e2cbc1a 2ae66948 5cee1931 441254ee 1db732a1 973af017 e0c9efd1 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 22513c05 3d4ab3be fd8d9e19 d0a1fe69 +Plaintext: d4fa04 67edbfc9 1914d13f f8f20868 51adc0c5 ec029412 ec946930 f683af63 9541e3bd +Ciphertext: adf8a1 2b9e3a5e 7cede9cc c2314212 d90d36e8 65fb01d2 f07d96df 7497716f 2d2268dc +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: dda158da 4f3138ce fdcac55c ef65e569 +Plaintext: c430deaf 9ce25eb6 364bbe00 562f8784 6a54365f 6cda3cc5 0acb493d 05f3ca0e d7f2b1f4 +Ciphertext: 9e41672d e053d75c b2914227 a077abbc 0de0be1e 454e628a f20934d5 264f4f84 edeb5be7 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 988f7418 224f583f 7447ef42 542edfbe +Plaintext: 39 b6e60c67 1c1b745c fe779d6b 6e9348a7 44b33e02 b80487b6 3022dde4 56dd617b 6e3d8c5c +Ciphertext: 9d 8e7e68fd 38d73a4f 78a6d039 d099caf8 3cca1058 098d1968 965f3060 3ad07993 484a1349 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: e7c467bc 2ff2ffc9 cc0f1390 a924111e +Plaintext: ad4b 41e59228 3f62f5b8 aefda949 2b3151ca 80ec2e45 1a3935aa be1c65ce 77bd57b3 d3c9170a +Ciphertext: b6e8 01ecfe93 5aea03c2 d02b8285 38fba73d bd6475e5 6a4e690e cee3ea56 8bce53d8 bac0d48f +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 4e1632f6 0f861013 d22d84b7 26b6a278 +Plaintext: d802d1 eeaf1321 ba5929de c6a62a65 cff44736 21ebdd4b a26a99a8 12c0e034 91206ec7 624f3d84 +Ciphertext: 32d9dc d1483728 7694fc3a c29ec60b 63cbe201 2fc31467 97b76327 6809c949 d5611920 ec5a7b9d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: eea0a869 0c22d024 7f183f28 c0a9cb01 +Plaintext: ffd9bde4 64b8338b 9ad9c340 8e066137 74328320 0caf83fd 23a24431 5cb318da 3009e161 34757750 +Ciphertext: 22921371 e938bf8d 2946bf63 e7db2d79 fb3c80d2 d2492780 08a7fb47 373ca4e9 1a9cc9a7 dabc4895 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 9aed4a63 fb3d49e1 54f9022c 4eb60a97 +Plaintext: c2 799f797c 708c803f e04d470a 5f742a9a 434b5930 5abb2b94 dc6cb55a 9d2e9c64 879827a8 48ee9833 +Ciphertext: fa bf27e190 ebf9798a 5115fc0f d91a1433 1c8c6d27 81c9ac22 1ba226af c5907d20 2058c898 175b3b22 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 4848bd6e def1c2a1 c30e49b5 c780bc3e +Plaintext: c20b e2b9ceb7 b111b376 6469a308 cd15281c ebe95ab8 bfb755da 5c13ea60 3e599525 dcf2af6d 80d2e583 +Ciphertext: 2837 066b4440 f8bdd8a2 f8c50d38 09f81fbf b5a32401 9ca8f06d 1449929d 968dac01 082e3b3d c0b97bdb +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 5745e9a0 c4ec670f fa023b8f cae4e1f9 +Plaintext: b9d12d 2256ee3c 03cb8daa 17b1ae05 0529c682 7f28c0ef 6a1242e9 3f8b314f b18a77f7 90ae049f edd61226 +Ciphertext: fbdfb3 ef78de01 4091bb32 47d0de45 53bbd1a1 52316051 2ac3bf5b 30d0bbd7 ec5cb4b2 9c96dbee 3bd00cbd +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 7fecaefc 450174d7 6d9f9aa7 755a30cd +Plaintext: 90a9a587 4bf48eaf 70eea3a6 2a250a8b 6bd8d9b0 8b08d64e 32d18177 77fb544d 49cd4972 0e219dbf 8bbed339 +Ciphertext: aebe41c5 f63189ac 92bfecac 0a9cc7af c74c478e 138eef17 e88752ea a83aecb6 3932eca8 009f3bf1 4829ffbe +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 04e1fd40 a41d370a 1f657450 95687d47 +Plaintext: ba 1d36d234 9e23f644 392c8ea9 c49d40c1 3271aff2 64d0f248 41d6465f 0996ff84 e65fc517 c53efc33 63c38492 +Ciphertext: 86 a5710059 48b3f6a1 91b46021 6c51caf3 fdd2159e bde0aef6 c92a5909 e25b9fd3 95d34119 2fdfdadc 29d0bf08 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: ab08a3aa 3ff03f1c 55ad514f c4859658 +Plaintext: 5ed5 881e8156 8cbbe99f 6d25c8eb 090d191d 4a073101 58ec97d5 0d7c1508 aa480f41 c8d014a3 91e8b350 2f60902b +Ciphertext: 16bc 445fe2a3 fa75538f f035cce6 bec00b35 cb34fe45 d8ce7119 3ace7af8 ec43280f a2847046 f62e4476 02b3277b +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 85e3b7e3 1d202f2d 6228d350 10175de7 +Plaintext: e8f7c4 e2a8e1c8 cf3a65ca 582c2de2 0c60dc2c 62053c62 fac599b0 274068c3 abba2d24 c1109bc4 61f1fcd8 bf4ad3e6 +Ciphertext: eae42b ddab6a11 b6a983ab f7ce3d14 191c827a 172bf1a1 613ca62f c2a1f755 cfdbd3f2 63f649e1 290dcc25 c6696078 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 1502c020 a2e8a5f2 f2ea07d7 6187b770 +Plaintext: db87b1d7 e5e94431 e11d7382 8d739cc6 ced4573d acb0a106 9d373aef 06cc4b8c ffb64c86 57192536 d7259372 cb8ecea7 +Ciphertext: 9e59fbbd 961a29d8 2133a6ac accdc14e 725adc0c eddd97d5 cecb918b 93f6b22d 13ff1907 c67e6990 4f17cdcc c8b11232 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: bf3c6928 874379c6 8215f9a1 1ff76d3e +Plaintext: 9f b1c6d91d 8a86fccc 73245081 83b2b471 a3bd8c3b 8b755b29 ed0d95b2 ef65ae44 dfe77741 22afaa48 6eeec3b5 3a90126b +Ciphertext: 8e 8f169860 6bf2ae32 009451eb d2646bd0 1610bf45 16f80a87 30f68b85 d68db6a1 0fba9f3b a5770af3 9acccd6c 1e3aae72 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 721c0fd1 6edced1a 253f72ca 9e7b0575 +Plaintext: a876 09cacbe7 69d17eb8 74719ab0 ec350f4e 5950d6f8 a3de2755 e06cebf7 6bbb743d 36c16c77 61f10b4c 0bbc8d59 6858e41b +Ciphertext: 3733 0e8a3224 4c47e5aa a7350303 0f588d54 72dec674 6e93f213 5acb2bc6 fad06f4e 70a0c413 764198ab bdd819c6 dce83c32 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 13c0aa0f a6fc5917 89a2be20 079dab02 +Plaintext: a72ded a7b92f7d 702f9ffb d4ae5b57 4be529d2 6a1efc25 4f1273ff 3f02a3b5 8e031635 bf9a133d ed8820ca 6ae7c6d2 a5769435 +Ciphertext: b5bac7 39bde524 a4f87ce6 8b620243 a0815abf 326cd393 37ef67d8 7b0ad1b2 c47408dc cefa6b89 aa5b9e59 ecc25381 4203cfa0 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 513267f2 c326e896 9c8355fb a9f3852e +Plaintext: 072b26b1 8bbf4ae3 603b22bc f26f08bd 0b0ac327 3c6b076c 7fb33ce3 1a1f80bf c795ef42 117c222e 01d1f57d fa778e51 e2cf9b2e +Ciphertext: 1eac44d9 3383d1a7 c3b5dd5a 820875b4 2531203a ef40cf81 aab3300f ffb02cad 1bcd52bd 6a4489a6 9803a221 205022a4 e4fd6c14 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 8289da67 30badfd6 ab2e12d0 46fff758 +Plaintext: 49 66b29394 d2ca7d85 372dd91c a9746e5d 296970f6 bfc63d22 c9404acd 92c45cf9 2601fb60 6526235b 57ed3e02 bfd84f95 f3ba701b +Ciphertext: 25 e7d80807 458af8ca 1e522765 52ec6c86 e6ef4228 17733bb6 443e4b2f 4b261b04 363fb10d 9bce2cbb 65a4f6da 45911e70 d982ba06 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: ea7a7e48 971413a4 75e0b4ea 64174cae +Plaintext: b393 d9437ed6 66dc3a4e 39f18ed8 4de56482 03e54195 1413d1d3 cae4c7fd 70c6e498 070754f1 3af2415f 943ba3c8 f19d5566 32c16ecb +Ciphertext: 1109 68960fef 096fbfd3 ad58e0b0 f7d9a48d 5ebfe40e b56aa064 f5b895b0 0a4c3ec5 a2528f53 e94de68a 06b127d2 da71692c 8bcc7f7b +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 3562ce23 05aff7ba 4df01fbe 136d8345 +Plaintext: a28bfd 91c839d9 93428ae5 af75a3c7 bf5fd893 5acc129d 56cd748c 8b663eb0 da87f196 6f3db4d9 422af63a e43355f3 7878be49 ff89d661 +Ciphertext: bc3558 4a9c7227 4f1eb510 62045134 f0988af6 8d0bed9f 300ecd59 54d4aa5d 6196e16e dd9a0a77 13511e7e 56579ad7 d6ef1b34 8cc1694d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: dad79954 89684185 b9cf6a33 7e5c734a +Plaintext: dd90277f 8dd39d9b fe695c17 9ba3c3ea 4d52a99f 408140aa e9643ffc 488b40d5 6a5b66da 33bf4467 5a1bfa26 b582a1e1 b728ea94 371a01c7 +Ciphertext: aef4599e 04f97f7f e979b02e e16a0c1a cb5cadb5 24698087 6cda711e 2af261b4 dd25e683 da8f19e9 b164a65f c6229470 f71bb5f3 f808a148 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 722cb81a 5433e122 f375fb73 5d5e12fe +Plaintext: 93 75e09ed5 8e38ed20 40a55cf6 994e835d 111cb52a bd1fd87f c52e7393 18ce09b1 5e56a684 2f50b791 82211e05 68ed86b1 fab5f453 8fc29f17 +Ciphertext: 4d c36406c2 142b91d9 0a9fcb74 e89cdfc0 987cdeae 770420da 8f2bfe48 242b6062 1cab7975 076ac3f8 7309ea86 c7085b35 3b4de0f7 976a7328 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 3347025d 55422fbd c0a36648 cdb0e611 +Plaintext: d6a8 03ededa6 7976cec9 00561392 21c2a78d 47447d34 19be8210 07acd021 23a92480 33359243 04b577a1 01bbb057 03880949 6bcff86d 6fbc8ce5 +Ciphertext: 6b78 e4ddf79a 47f92f13 1e1f7435 596842e1 3ebdef03 27b62e40 3f840ff4 57c41dcf 8eca39e4 4144c185 bbd7ed81 248161dc 47b4020b 15742ffe +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: b135a06b 166054f2 d565be8a ce75dc85 +Plaintext: 1e0bcd d8f07141 c495872f b5d8c0c6 6a8b6da5 56663e4e 461205d8 4580bee5 bc7fcdd4 de8e8638 43eef288 d3fcd018 e6bedb47 aabc4bfa c4119e4a +Ciphertext: 3d86c5 cd40a586 ba79c5be 52ef8ba5 8c172f32 b917c42c a5243738 dac0349b e93247ec 3baf9322 6f73c0e4 4fe514c8 d7707ddc a332d257 7e297daa +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 3ac1987a 904d892c 3185ced4 119e9a6c +Plaintext: 9184f76a a37107ef 2ebf9041 b4fbb77b 323a0c83 47b0c73d 997e51fe 75cc0744 b5183aa4 e7cd7a03 ab181409 5df7d9d3 f49321e8 2acf106f de21189f +Ciphertext: b1718536 916226a1 fb57ff93 4e254ea3 78eb833a 25952ad9 672c7306 191aa1cf fda4de5c 5d66d209 f980d601 ab6a6a51 139506df c6e25204 45e358d8 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: b6a1bf76 085fa3ae fbfabbed e96edf3c +Plaintext: 08 2e8bba4a 73e09181 d3eb2ac7 152a9d1d 444c6c52 02397027 1f5213b0 6afac0fd c75598fa 824f6794 e3e1d61d 0390e2f2 dd368c5b a804d2b2 65c8dfc8 +Ciphertext: ce 4dbf6b0f de532234 597c8af3 f753c3e6 80e9e77b 999eeed9 c1cb43ab d0411ee8 bcaa43ea c94a8f88 c2a3383a 2a8e8544 1835f84f 3b794855 efe7ef6f +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: b46c7f84 ebbfd5cd 697950aa 2879dba8 +Plaintext: 9250 547d9603 40eafa0d bde6f3a4 b7f8f33d 5fe5c252 d98bd063 350dca3b a1306b74 dd05953d efc9a05b 1709f26e 0509cf76 4a677395 0dfc5e17 ff03f0af +Ciphertext: 4135 c1b67614 2d3bc58c fd933f04 14afd4a6 89b9b311 c8e07921 7806ec7c ff9e5877 38e0596f 9ae79197 0aa2a62d fd7e5e5e 4b3de482 40423843 0a6aa923 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 917d3503 64d4026b 00be41f6 ca6489af +Plaintext: 30c4f2 1e275327 11d7e7bc 9c94d5c2 5e115699 06d03006 16dd9285 e7bc3fe1 eda0ee01 3ddef105 4ca01692 fadecb69 cf8a853f 840b62c9 c5ed0d16 35d7e221 +Ciphertext: 83c9cf 2244157f b16d75f6 ed3e8194 05d8b47c 3afe377b a2760933 ad496022 39ab1f7b 6c5c9ed1 5d8f77b3 c7748653 0599fc78 c2fb2fce cb6553b3 2283dc57 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: b3bd52a7 dc568936 d0d14f87 39c42c0d +Plaintext: 8a65d0ce 85fcb172 0098f699 e8019472 86efb78a 017963e1 25d05b43 622d42d5 180800ef 128b6729 504617b9 09249efc f09ee452 b72ec72f d107026f 7d0353ea +Ciphertext: 399b2ab3 72ab2e01 de18fdb5 7e1f1778 2ecdc5b7 a5029d54 c05106c3 d795f2f0 421b4179 1acb59dc e5db095c 69563311 4a75a3ba 919c8a42 65eb3289 04ab0607 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 00dddd49 31a0cb18 3b5f361c 9f2748e6 +Plaintext: 78 32a2a803 5dfc485e dc0bb390 2da874ca 4a2e85ed 2324644b 4b1c6ab2 f2da59a7 13b934ef ee4b5354 b940b6a5 93899aff b9bd4a4b fcbb3808 73914c4b 6d9c7c03 +Ciphertext: 8b 75a7d8e8 0ce475a6 3e557871 575e4126 f2271375 025fb029 eb9782fb 38f03275 bbfdb123 59645f3b 6b65dcb8 ade275c3 92022abe 22befdcf fcebfdcd 4396003c +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: a9f19d82 cafc7839 056721c3 1d3d8426 +Plaintext: 9150 415514d8 baf93d5c 697080d6 78165d12 8bc4d757 e1972849 9bf3b30e 5bc73ab0 111251c2 12a61247 6b2c13cf 746895e3 a8befea3 b3f58aae cd3c3d42 476a1ca5 +Ciphertext: e2bc 5845d716 d362b19e 1fee23f4 9d7b2106 79857156 b3a41b58 a26c5b81 8859451d 289ec249 16d12f24 56dc2dec 0e995a3c dc746750 9122a342 a520d49f 010d77c1 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 638a9cc3 69975b18 f7840ed0 997fba2d +Plaintext: 997728 2a19dc93 5e5ea6a3 226f989f f6dfc6de 21e7557e 98b88259 210ee535 b809f73b 3239d3ab 20f739cd f6fcd82b 6d2ccdfd 25b367e5 8f532ddc 0afc226c 4c9e4721 +Ciphertext: 0b8fa9 3d3ac68a 0bd6292f 063b49f7 201b9f52 0d2e082e d1dccea0 bd6d8bb8 90ba7763 e1838529 18346856 95846317 571b9caa a0350313 c10b1bc0 ce8fab3f 715b82fb +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 043b623a bd40fea3 0615b328 d0f3a7e3 +Plaintext: 17f655f6 c5738d80 d38bbcc9 b1006ec0 e84811a8 fee0fc0e 99e3b0fe e8db5d76 3fd7a81b 01beab2b c3e23db3 aed87402 2588695d a8803bf4 f98e5715 7d8df6a0 e47fe7bb +Ciphertext: 6b362010 e85bfb8e ac04969c e306c167 1d99d18c 19580931 bfe60222 1e50a412 60808e39 7ec7c913 efd1d4ce 32740cb5 85e68370 e3c4a6a3 ac0bfece f654528e 256d492a +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 0ddc8ec6 232a2d92 0dce62cd 0522f1c1 +Plaintext: 86 c7c43f6c 3d30d557 b07a4750 159a3daf 763e3a3b 8a12cd94 893f0bce 3e313c5f 5e9ed53b 18c4a73d edf255c9 c2490bb0 34c46d53 2b76ce0c b213a3c9 06b237fa ecd1a0ae +Ciphertext: b2 6de05b59 80bdc46f 8f438494 e7ef5ee3 2739fc86 219976f5 bc8cd6d1 da3fb907 df15fcfd 1cf8996c 60ff37e2 72bb5098 be883fde 106175f1 0d5330fa 46a92c13 b8dcfacb +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 489af1f8 ec65b198 ae7d8cd7 bd2749b3 +Plaintext: 35e0 fc3cf0e7 7d3ea0fb 18201a66 860cf53a 1c5154db 430500bd 28eeba6f b5a3cfd9 bfeeecc2 81753495 49999064 719f462d 910dce5c f357e192 47bbd2a5 986a21e8 7fe84eac +Ciphertext: 2986 36855ebf 21eeb1c1 368ea4fb d1cdb07f d23e5662 daae5ac5 db97c2d1 a3317890 4f3727fc 6919e2b1 74fc2758 5a4876e1 7ffde1c0 5ffb1ca0 636a9f6e 1ef91883 e20e5145 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 97b5eb06 302df5d3 48ad64fa b7f701f1 +Plaintext: a9d878 835108ae d0dc5154 95a4f3bd ada748ec d837a4f2 bcf37f77 29f5d696 a14dceee 18ae9bf5 f868a090 6896d7e1 ce997460 92c5c52e 26595da6 43b57134 75c7826a d9c73c50 +Ciphertext: e52b4c ea70b704 cfabf478 4e38872e a63a4751 49bbbdde e150307e b39e4b34 60326338 190099cd c060a5f8 4e6a9ff9 ad7a3b35 51040bc3 07b5ffbd 0dcad56b e68c4820 402d9821 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 25249ffc eabe5c63 1655826f bd415952 +Plaintext: 19648e19 cf5e9184 73ff3c15 4f02b567 60f895c1 a2824aeb 8ec3ba40 e0152805 9dfb5cf9 5558fe2d a5de4416 01c8cde1 b0cccc06 184b6820 3ccc63fc 83a8faf0 bb060d6e 5d0a80d8 +Ciphertext: 79084d09 5961a99b 017cefba 3030918a 2fceb80e 6a7b2aee d01f67c9 3e781107 f16924a2 87af0f38 79d00c80 d019dc63 307af2bc b7f92cf6 0d7bddc3 fe1a0cc9 a4f4786b 0542c142 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 134ae196 77824b67 1e888af4 d5827fab +Plaintext: 2a 56c6ca2f 6297ba7a 6eea9f70 dedf2dc4 2c5cbd3a 96f8a0b1 1418b360 8d573360 4a2cd36a abc70ce3 193bb515 3be2d3c0 6dfdb2d1 6e9c3571 58be6a41 d6b861e4 91db3fbf eb518efc +Ciphertext: b2 de1f55ae 28261f19 a08677f1 0a7e3333 8b7694a8 a6cafca6 34b6ee1e a877b07d dcbd465c 0fd09d24 afb5b861 6fb5a1b3 75766492 08e1a732 c25886ca 30530992 4cd24e66 461eb4d3 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: f048d7d5 8953730f f30c9ec4 70ffcd66 +Plaintext: 3dc3 4201c36a ddc0111c 35b38afe e7cfdb58 2e3731f8 b4baa8d1 a89c06e8 1199a971 6227be34 4efcb436 ddd0f096 c064c3b5 e2c39999 3fc77394 f9e09720 a811850e f23b2ee0 5d9e6173 +Ciphertext: 3b25 af234a15 4de427cb 3f331898 45fa8617 c05b2969 445916ee 80a9472b b8d1ba60 31f93a6d de8d68d6 9f254e98 dba953ca 68c9b95a 94c30e21 6d2ba14d 9b912e31 a68ec98f ec58da83 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 609d86e1 c0c18ea5 1a012a00 bb413b9c +Plaintext: b8188a 703cd6ba e31cc67b 34b1b000 19e6a2b2 a690f026 71fe7a4c f4d12dea 320ecd49 9e72f12f 38064f0c f9f33978 719668dd afd7f971 61b7b568 3c299567 9e23853b 72f469cb 55d85e4b +Ciphertext: 4d00f8 9e1fe3b8 5467ceab 06ef8eb9 8bc04ae5 301e3be9 98f71fcb caf4963d 58a56dfb 49969a31 13632966 b2fbe616 20485fe5 838e0468 ac639b88 a39ae0bf 5d1f5858 24556e93 7161a990 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: f6ca42b3 c3997670 c23ee259 bc6d3ae4 +Plaintext: a16a809a 281ecbc8 b66a4678 81bb7b9f f5dfd298 571754d1 a86db5c5 cc47922a eb3df76b 18282458 307b911d 05d72f70 bcd9f10f 74378b6a 290b7a9c d76e44a0 e24901c2 b5681a53 a9d051a1 +Ciphertext: 3de16118 dde34f9c accd3990 a73cbfb6 632d3232 76cb533b c360954f 32169fe2 ae6014ed 9eb9dfef c1b605f1 8de08de3 75e3b2f3 eef7669c c433d32b c47895aa 8120bfa5 aa94ac6c 1d2fda55 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 29530127 1561a700 6321a2a2 0cc037c8 +Plaintext: 26 0ad8b04d 37a68748 073422ea 118eee35 577a2ac6 1ffd536d fe21e01b 36f63001 42d7c1f6 aeeea219 2cfb2bb8 e550eb71 0d20e297 bafaf0d8 f6918e1c 12bebcaf 3ec83aa3 57e2fb70 00f5d7de +Ciphertext: 30 bb40ec04 629a230a 9c9d7a67 65200e68 c10769cc ace911ec 07d832ad f9fca251 497ef101 cc5a4131 e65bec6e 5626b829 dbfc16a1 352295ec b8a3e00f 26bc3bfe e224a721 971e7ea6 741663dc +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: f4a08025 9b7eb752 dba7c0ec 307913d8 +Plaintext: ff98 547a2733 851dda89 7b95abac 8e22e785 95982919 12bd290a a9f3d561 d717a38a e0a825a0 092cdeec 08cf54a8 b94e6608 1213e07b 59a24d2e 94330cd1 42a0a69f 48825f98 2e970b11 8b68236f +Ciphertext: c036 21a02ecb 27acbb97 9401f9c6 ce80f18e 5ded30da 997db1aa 991272ed 70a939b6 23d64ab6 0bd5bd40 72442a18 30c0cf93 b89759c8 1a41834f 5bfb9f4c 35d363c1 69db5c30 b9bfa283 fe2f77ca +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: be281830 dfdee72b f6c7ee18 6af5fe52 +Plaintext: bc3db1 dc7450fe a25c280a 02eda641 8b0779a6 05e54167 b14ff4b5 d21181d2 6badb46c 4b4d5a29 47fba583 c714d2d6 84fa08b7 8f0a8488 96cef349 63731fb1 a57dce7e f3b9e709 0e73d71d 66ea3309 +Ciphertext: edd622 8e84e9a0 b31779a6 76a4fd27 96efb1b0 93529773 edafbb65 9ef64cc7 401946a2 7fe0e5ba 00ed79e8 0e6d72c2 6cb0f0dd 6176dc13 50462b6b d220a701 269f64d2 37e3c2cd c3f91c4b a3c5100f +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: e0019ff4 d737ee71 61d98b54 d37717c3 +Plaintext: 87945390 dca141c6 7f2d8681 e9561303 29830405 e455c84b 9ada837b 2a04b02f 995a0b49 0feeae87 228f7a57 573fb8ec e6e80091 be4a5a3d c938a468 7104341e 6338be52 93867774 80027a46 b98f6beb +Ciphertext: eb33ff82 ed40b76d 3e90a902 4727599f 13feff53 c8d97532 f1357cbb 084f493d 3867708e d709beb5 9b54c0cb d39ea49f dabe1753 0d1ffc22 9340378b 621fe9f5 39ca98c2 45edd19e daff19ac 90481236 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: a0975b40 6e00ec70 775bb6c3 b05ee9b7 +Plaintext: 6e 94335270 53e4b620 ef50f616 2d7428de faddbcfb 5dc60c2b ab8133ed fa182341 d733f2af 3c3c758a bcc21076 011bcc28 784eaa6d 4b30386e 90cc6132 c0088964 6a86da57 28c9d847 d3993ce2 f3a8ff06 +Ciphertext: ce c534558f 800cd7ab 24c16d7d 20ac7d26 e15810e4 a8aadfa1 d3ff8eb6 a1a92139 9458727f 1ff4fab0 f3a044aa 09349e7f 16e99804 6ad983d9 611d1aaa fb21b2e9 b35a8dff 3a75526b e834ddb4 4b4529ab +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 7975b5cd b1711cc7 7261f586 98031260 +Plaintext: b3f4 b17001d1 08de9a9c 2160eb62 e801651b 832276d2 e1beb906 96f26a4f e6bc1c45 1f03ae9d 2dd77b95 68fbd193 b0a0a508 bc74849b afdbcd84 ec7c1e35 2c000c40 ce161775 6ebbdc4a b8b88d81 7e6c9f04 +Ciphertext: 160f da78b5ab 7ac7f749 449ba8b8 02929908 775aad61 7dab0672 21d11684 56d10f31 ae32de82 cc822dab 6a12f6df b3bab92f f6c4fb2b e4606c30 505e37bb 76610ffb b2341549 ae9103c7 f345d8cf 92df626c +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 09cbc214 ada716a2 a02f9cfd 0db5ebae +Plaintext: 63b424 a0f31127 85baa107 747becbc d7123018 8404a9fd 2a5a10cc efb06220 5789e2bd 68e561c3 0c16bd28 b6cfa864 487eaa6e 35db69e8 e2c12996 533e8f15 03e6aaca 136c3418 a77314d6 8ea12800 21f542ac +Ciphertext: 07354b 8b183f3d 5975c579 b3d3b861 fe358df1 dcd0dd81 6b3ff5f0 ddcedced 96536155 5e858085 1e458f25 fda08c98 31b1fb7f f7a5c01c e794231f 6481aefe e0082370 19ccfeba 995432f9 461a1e69 09c4c766 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 6d5b7040 947e81e3 70dec431 7a221333 +Plaintext: eaaf108e 2079affa 4319f5f6 2821ffbb 75ac456e 06392099 8fb98adc 83e625e0 35d7808d 3ed1957d 1e6196b0 26a7e981 95f571d8 01990fa2 f8f6687e e8dae9b9 3c0b097d c823ce45 679e9394 e23208e7 145f7ae8 +Ciphertext: 3429d8ce e4bba7f0 09d18b20 bc36aeb0 aadb7219 5e2f2bf3 41948052 a59063b0 89db0914 e0befdaf 8f8fbd65 1eeab579 b08a2c75 b3579b50 381f75ed ee5f2446 63ad4ac7 f12e7220 f585e775 3a89a2ca 192a6ea5 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 4c4655e4 f3bee77f 6fa566a7 467435c6 +Plaintext: 87 16633c66 fb750c26 6865d53c 11ea05b1 e9fa49c8 398d48e1 efa5909d 398bd043 535b4962 9ec27fb8 f1073453 334896f6 2a07b8be 8ee53f05 62ac5e87 849304c3 82be53a5 af055561 76f6eaa2 ef1d05e4 b083181e +Ciphertext: f5 ce14ad16 9daff3b4 1c00aa96 425140fc 88ad6ee8 7116e397 3ae0c786 b851b188 fa75067c 5d2fea59 fe8b6a80 102451fd 5f0cd0f5 15913af6 94812331 bbe695e9 f2896068 aa159166 3ee86b9f 61a14637 a7d61b97 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: e674cda5 a485f74d 7ad6c8d1 4a954475 +Plaintext: 57c3 f5e99f3b e1716bf0 b9432476 533068c4 5a875d38 453745db 853353e7 031bbd86 c91813dd ff08cf49 1adb2de8 503c3d5c 4f7436cb 2e8c0d2a a4b246bc 78df0bd5 38b67be4 2eae44b0 907374e2 f78a8cc4 1234d648 +Ciphertext: c005 74c21fd2 68fd682b b1e252ec a6648edb 7bc17657 0d6b42df dcabc298 0698cb64 a191749b 692987cc 1badc080 fa9f3ea8 2b68dfee 3ea27a4b ab640e80 16aada09 74cfdda4 5313d57d a6b727a1 3123027f 3b52fe4a +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 9c96f94c 8b16cb1c 8b086639 aa8a7e59 +Plaintext: 55acf2 ae83d5a0 6b30627e 850d8fe7 b6769b32 c8a42789 1024e0f8 39875dc5 435c4a00 ca5bc75a 8ce30b3b 26a74d0e 1ea4e4e0 2656ad29 9f2bade9 5d38f7f7 aa2ad096 8d80124a 4cf8ceea 2f4735f5 870db929 ef086f52 +Ciphertext: 025763 3717de4d 446fc3bb a941485b 54b34f4e 8d9f8e9d cdb91f65 0100f408 85ef58ef 898442b9 ea92872d fb2d8801 78e0649b 78550f9e e97239d2 c63274c3 c93f8565 6a1242d3 e81a14f4 44d18b68 212ef363 a7aa8ec9 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: d288b861 2d2320bd 96a986de 7e5b7e17 +Plaintext: b357f3b3 28571144 f99b6138 aa2436ad b0234987 32b1a0bf 10c0b4fd 2552d26a c9e9c2bf 9a3ea7a3 7d352633 df11cae2 41e4a783 f34a3ea4 1f57a11e 0aced8ea 97948236 0d64bfb8 19c34e43 1737f398 8db41c7e f857c315 +Ciphertext: bf2bbb1c 0f068d8e 3ea41268 e4c6715a c19f29ac d16f9bf2 3fb5128b 62ce2695 c5c9eea9 07d45587 c285151b e7ce8575 ac5c73dd 01066d94 e5dfc303 7f469dd9 9829f60a 1c98f15b f941aa11 7019aa45 01c04ced 39f876e0 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: cc579667 b6385640 24417d40 0731232e +Plaintext: d7 2e228fd8 fe79779d 79eea0ca 3ef8b91e a6db00b0 f6151378 d9f90312 0d9aabbf 5cea40ad ce232978 1d6610f0 69a2391d 2db81280 72dd0c9c 423faab5 60ebd7d8 36ee7d1b 0fba5326 86ccf7f2 3e8c3cd1 d475c5af 1275d397 +Ciphertext: fc 21f1de98 af8f39b0 c1c09ea4 05c25c1c 31230be7 d03b4b18 048655da f4bc01a3 3524ae0e 5482e481 7a3dd107 b1b5d9d6 e33beb58 b3a51dd3 80479f86 779cf21e 7dc19192 27579db5 48e829c0 437c3b08 0b43a5f8 32676d6f +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 66975b79 92df5c2a a4756fac 2907a0b0 +Plaintext: 9e68 7c59277d 6b438459 40c440a7 0f712b48 3ee40b3e dfbd8fc9 3de784cf b51d4b81 c8ac8b3c 6e7a23ad ac476339 68337b9c 7d8033d0 0b9add30 105488dd 3d757761 0273d292 ec7e9ab9 30c0e2f4 88e43dd9 3dd5735c 85c878f3 +Ciphertext: e844 08ffaaef be156cda ba545f5f a8a6acc3 ec11d071 dbb4b42b 632cd1fc 095f103e d66aaf31 425f7295 7167b701 eb1884cc 0b788b3f 59257fc6 49c65141 b1acf925 6d590893 9114d3d2 5fb4e17c 4f033a52 c2f52d56 b2acf1e2 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 107c9ef8 dec0094e 53376347 8d58d2c5 +Plaintext: f5b827 a0148c59 48a96931 acf84f46 5a64e62c e74007e9 91e37ea8 23fa0fb2 1923b799 05b733b6 31e6c7d6 860a3831 ac351a9c 730c52ff 72d9d308 eedbab21 fde143a0 ea17e23e dc1f74cb b3638a20 33aaa154 64eaa733 385dbbeb +Ciphertext: fdbdf2 1fc3452b 0c746bc8 3b190cc4 62f36529 5935e39c 161f78e9 c9d76027 6f64e9c9 7fbe1fb4 1fe63786 4be7e1e7 4e5aa916 069c5b88 3f25439c 3ae69826 0e5a8d35 6a58065e 0e7b4087 da9f6375 96d10674 0e9e0379 644d5786 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 6fd73509 b857e6a4 19dca1d8 907af977 +Plaintext: fbac4dfa 35ec02be 8281106d 2d99c0b9 6f97b451 93ae270d 58af766c 971fdf41 258d89a9 fb22c540 947a9495 97b269db b6c330e1 d60e8e44 70386be3 3737ae93 fbad4714 cd757344 647c3b93 bfd33eb7 0c02b1a1 c99ea4af 291e8723 +Ciphertext: 60946808 7fe3ad61 a18fc6ba 8b4aa3ac 4d443796 fc83125c ee3eccc6 99ae22ac bd655d11 945ffa6b e112efd6 95997349 24521e4b dcdbc6ba c39059a1 64e11647 b38bc98d 78c481a4 889361af b3ee51e0 a7bfdd9a e23751a8 8bc926b3 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: b9eaecd4 43b58f23 f20d9331 b8300e4f +Plaintext: ed 22c8b639 fc4079b3 87f0b74a 09d21565 5f236bc6 4c67beb4 11ad6f59 3e14b169 c78e4004 5ae451de f0fbc49d a355a182 bfdac24c 1bd9cd59 aa4a660f 4d56a27a eb19be36 c4a61190 024b3fe8 9117b05a 319a409d caec382a fff17ea1 +Ciphertext: f3 68ed3e1b 9d55f61d 603a9a57 9e983e21 0fd713c7 83d30eb7 2d0f10e0 16059c85 770dcd0c 7deae7c3 382520b9 c3d02022 21eba459 c02d5186 a60c1354 35d8012d 35ade8b3 6573c38f 455b70bb e7a2b511 7fc6b768 686673be 533b116e +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 05da0869 b6ef9697 e18ca112 e56a8ef4 +Plaintext: 7e20 2833deea 4d8000a8 e76f392a 1fd910aa cd7f4f9a 32ef5aa1 e9acc0e0 1b891079 f356ee52 51be6516 c3707f7d b17d13ce d701dfa2 f806d6ea d1a5bb33 4d6eef29 f70b885a b41fa23d b274fa73 9c56b94c 103a8d8d 52a4fe71 424700ed +Ciphertext: 8229 29bb1586 b4e7219d 8bb03a01 8aeaa757 bd6adbc9 f99ecf0e c932395e 100d9de7 5297b822 1b9a059e a004e9a4 7e49016f 95bad78c 7a0cf640 948bd250 39471bb3 93e76cce 1aa78e7c 45f69fd2 c56b2165 1070ea94 7691237e 365f4e0d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 8b6dc438 1e99d48b df6b5f26 9dc5d193 +Plaintext: 482ca7 2e5e7182 e5a7907a 3d22d8b4 953f4c37 af4e4afb 6c386a43 d76da92d 651dc788 7cabede5 315f93f1 565ba102 b4d0d4ef 95716425 8628e4f7 5a086936 7284ee02 3cdef7df fae2750c c5d3ea10 d1a6cd95 f26e3079 5f18a023 b7584d13 +Ciphertext: f39f93 ad4ea9ef 576d06fc 987ab96a e60fc32b be80ce76 37a4822a f01a16f9 68237922 1ebc1fe4 29e11ecf 3e0ee74a 8fd7697f f81427f3 1a95061c e3111640 5600edec 3b2be98e 1ade32c8 edc4a7b6 f6fcd8a8 1bdabfdd a40f6c8f f9805e47 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 41e36bbd 78dfd798 c797fe72 9174fb06 +Plaintext: 7429ffd0 cf2df620 816e676e f4449ced 5ba30462 3796d537 20e8f5cb c2241b0d 26c13249 3396fe42 74940180 1bb3a0eb 462d8299 82eb39e5 8d3c24c1 61cd934d 6dd62da8 26918f05 bef03602 338f9f36 8ce8ac09 60c64ac9 97fc51fa 7456aced +Ciphertext: d6fc1ad9 83dd30a5 ea369450 f7be4b3c dc1c3237 d7d40316 a161cf84 01272227 e39f1ba4 31ed2ab4 be10be9a e313b864 fbdd1465 e7fc3510 027d8089 2547695f 4ac9e3e5 287bcbed 12418f79 c6ae5eff 37a0b3ac 0985f00a d5cd8fa1 7ac197e5 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: d4d0b994 b006f294 e9ecce9c 45bfe2f5 +Plaintext: b4 3b4c5bd9 0f510cc5 8e451e06 a7ab15e0 179eb5da dd70157d ee90f558 2bb15147 902837f5 ae96d5a0 5bc8d61c a8dbef1b 13a4b4ab fe4fb100 6045b674 bb5472cc 4e0a43bd 8b614daf cba2cac0 4183a00c 2c92392c 51d78ffc a9b586a1 57127fcb +Ciphertext: 94 b690a006 675bd626 87d88bfa c325c444 eea20914 c7504894 a4aa166b 56bd8a17 bc412f25 57fce187 5e99dac7 55e472b4 a0eb3ba2 2e9206c6 e5951185 5ec27365 4ecf5cc9 854f2a67 3c093027 19b0c1fa d8c7b96b 11bd1b5e 2eaf2b3e 7fbce09d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: dcb82a38 8efa9b7a 479aa1f9 5aea533b +Plaintext: cb32 eb63bf52 d8f831a8 0ee8e734 a1cda4fa 926ea0a8 e9893579 03d0db59 2e31564a 735a2e06 b37d60e6 f6505302 ff590d9a 2468a7b5 5c65fe07 9a4bac18 597537a3 7819873c 49129e36 e5e283c4 c2f77f5e 872d8c67 1e950b0c 0b75b56f fd8fd405 +Ciphertext: 0592 be6a8e72 8b494009 3cecbad2 302a12fd 278aa402 18716a82 b40d8e48 24da8178 f0e9b2d9 56ffc8ec 7f1ddd94 a028f785 3bcde6bc dfe21bf2 dfa22f27 95a4a997 4458b625 d0c94fa5 c2c1d769 7c689ec7 1a66db2f 261254ee 3ea364f3 d5cc9808 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: a3a6b33c c13f5362 83a55fc2 112f6210 +Plaintext: 63c538 0757a1c3 500153df a6420897 389c0b99 4e448ce7 3079a1d0 44158a1f 76623992 dc2e128d 9a22ef10 044f67e7 030a5020 bafa82c2 696fdebc 91f58f1c 592a9081 30cc6ed3 b4165031 d24d342b 2f967b32 c70aa84c d50c650d f2dac7c2 8063d2ef +Ciphertext: f507c5 5a552386 3e19bd06 8859bf2a 3e5b0016 4bd4bf28 4cecbbdb f02e2038 8d54e622 121ec203 b676abb0 07bc512d 204aef98 3528a426 dd4182c0 d356f738 cd675b8a a2c21fe5 1b85744a 45809cd3 0e9008a0 45ceff53 04f83817 084faed7 958fd33d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 495940fc 64867e2b 5963f8cd 84e796b6 +Plaintext: bf9d86ee 3bf93da9 afecb879 b5b608c3 70fc0d70 731a82e4 deba3934 caa6a893 e8daa50e 64de6e7a 1052ecaa beca39e5 eddd5f96 a9796346 ac7982c8 c97abab3 8bea8c16 19610166 5c35ebbb 64496d3c 0825bdd8 cd4c2938 0ac958f1 490cd3fd eff4c36c +Ciphertext: 004a2087 62d5e8c0 fb095db5 8c87ded6 26585daa a8541b3b 02a8d84a 1d341806 5d8ed204 3432574d 8c7a6293 7d6efe06 d176cedd ee9c22f5 72fa55b6 9ac7f8a3 22131ee7 0e7c3b24 10f3a19f 7e0b3721 f7bb16c2 352a31c9 01426883 032dd375 5f187622 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 202dfd57 ddbc3b16 6fd8acb2 09fcb09d +Plaintext: a9 3adca13f d2451711 03fb595e 21d37a41 e86a34d9 106621a7 21ff2e37 89bf4e03 ec856b94 bbd0a2ea 083aaf1e 9943a646 3b50e599 58f446d4 cc6d99dc f57251a4 092c7d51 ad82fa9c c399e778 839b5af5 cdb85165 bd6becbd 81ffd93e 67510f54 3ad7bfbe +Ciphertext: 09 bc7b08b9 f0ff327b 06567d95 663c5dcb 1cdf06f2 edb4dbc5 db6d5300 e8bb55f9 873ef27a de8abfaa 50895185 e460d90c 62b23432 417a78fd ae167ed1 19df40f7 399337e9 49b3a8e9 a1b8830e 7003983a 3d0ebf7c 5faef6c0 7de054fb a390bfd8 ab3ce9a9 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: cfe187ef db1feab4 0764fd18 47a96285 +Plaintext: 6755 7a2be7bc d7a508e5 f0da2790 19224a77 b2abf9d5 9e1a4f25 f775502c ff407d39 5ae6a6ac 7b5b00b5 5d00775e 73c745cc e197c4c1 ecf28066 afd59148 10df28a0 f3b667d7 aea77649 bc8cd34a b5f3e966 7d7ce5ed bc83c5b0 8fffb105 7eaa8f11 ad63d246 +Ciphertext: 535c 168959a4 451cb4c6 57e433ca ec77d3e4 857b95e1 45b8f901 688d6cbc bf9e1613 0ec239b5 1c49a4e1 aa671bcf cb447d3e 87be615a 489bb02b eef0f4b1 cfc1f07e f6927eff 774955a4 59b9da75 000c81bc f72f7593 618c05d6 26236196 87ecc5ea 868f3143 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 56d0922a 7647e25a c7ef5ecf ef220361 +Plaintext: f71644 89febd59 6b2fe9db 14f0b48e 005c1f7e dff4f94d 989103cb 8f9e51c7 2483f325 7c64d531 830ce433 31247244 0da9dc5f f09d6abb 0cfc7658 2cf1d1d8 3d4a6291 0e2a10e0 54fde3c0 f1b1659b 76244f60 e6d861d5 bdee922f 305269e0 b733abb0 c9b6360f +Ciphertext: afce46 7c1c2f46 58e96ff8 4889b3f8 278a64f9 fd6a4759 40ba601c b10212b2 d86cf058 61ec3115 6c0c48ad 690e8fa2 2ef09a8c b28d0755 18220ebb ce5b1875 e73dc224 5d6b8407 5a1bf131 af0a4983 ce17d6f2 cc5adccd 1680db36 ca8df508 6eff25f8 75c52651 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: e6eb2da9 db00553c 42b4bfa6 480fa843 +Plaintext: b3509d75 2328e384 972515a9 34710f65 42bc0b17 78770ace 7943765c 9ea905ac f60be055 8bda056e e70ae9a5 d7c3628b 6f5ac532 4e7f4bfa 24b8baa8 710e41b8 8f05a3f5 f2d29846 afc970cb 3b15f928 75aba321 e781e268 49fad4b2 47a52410 85282e7d df7763b3 +Ciphertext: 7d329916 437e949d c3c98df3 8f9066d2 4dbd1830 8b0dad31 af49a583 b36bcdb8 c3920f2e 5e6c92ac 26aa2d6d f50c7f2a 063120e3 2b714c3d 741571af 984966cf 071843db 80ac3cc4 45f0b7ee 0e659e0b e1fdf8cd 1f739915 2a7537ac 2f2c63f4 5093d998 48b9c16a +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: f54aef44 e7cd9ae5 5d99ec0d cbe395bf +Plaintext: f3 f30ca3ab d8755ce0 5bc816db 31305ec3 75b13763 550e6a2e 0bea1d80 0f2da727 8aa9a322 0efe43a8 85bae86d 68c5ef20 32fdcd38 131d5ef0 e8e37a90 6b72caef a7f5d936 b0856ee6 904d1a1d 84eb0d15 691a2ded 718e6aac 1a204b83 612bcd52 32366e6e 24d385a2 +Ciphertext: 93 6ce309f9 352bcda1 dfcec30c e9bbc3fb 8585778b aaef9eb0 8d78d384 6f5094d3 0386b8e2 ed90a1b8 d26b09b2 fb523e5f edfb19c5 c0d767a9 d42c9cc2 3194ca04 5101d88f 641f3595 59cc92ad 7a5f5f8e 1da3bd15 a9b6b253 03094655 897f5751 9e42e107 5c2035e7 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 63c6d473 ed6a60a8 0251810a d52b3569 +Plaintext: 88e9 b9df5722 5b5914b5 8a52d3b0 2fe2e670 40f80c0a 91e3e5ea ee18a9ba 682f1a86 ec2eb71d 1a0a33ba 536b25e3 14b00192 83334793 48cefa2d 9e9e5404 aa06b83e 0bf7e8e5 b26f788c f4408336 dd139c73 c8ac07cc 2c702a61 b9243ed1 a4f74a5a 3fc35242 cc90cb75 +Ciphertext: eb01 8988b020 578ccdcb bb9ab7c5 8e36cd63 54449592 d6068003 c300a301 673f496c 87d5afdc 939d5e20 6b5c7d37 ce62dd55 f2a0d3dc 23cfc65d 60c69444 897e956c 635e6b23 74921911 e53b0096 38ff25a8 8db5b7de 2cdbb30b 43d0263c a041e194 a8f6b339 af868e76 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 935a536f 32149f5c 35ecb57e e6d15bd0 +Plaintext: 6632cf e9fd09b8 22af195d fb107315 bb593ffe 57bab9f2 95f27ab7 711ef976 c0ce516f 135e45ea de848171 da25223c a76d79ed b61e0c7e 6628de77 6d7bf164 7a190886 196fb1c9 d6e583f6 a5b4a52a 81f79087 54061529 17ffa15b 3aa5c00b 466ee07c c1d7583b 52fba854 +Ciphertext: ca11f2 646b1b64 d2fd219f d3eeb201 a5b77ebd eb784cca e27ee4a6 f761f9bb a4710f26 371d9a47 09d52877 4177cb78 8684ac1f ec9e04b4 509af086 9b4e1df3 8f49e9f9 2e34bf8a 3ff0f695 dfdd36a4 e09436fc bcaeb305 093c02d9 69e02350 1ae2f5fb bb342b7b cbf9d45c +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 256402c5 91210a33 f818dbdc ef9e4acd +Plaintext: 9f456e55 6bf560b9 d43f3f29 99ed77f3 22de43f7 1e11715b 6cff6680 372e6134 66030429 33d810a5 194e707c f4e4793c 64c970a7 72ef4c66 7661befb 38d66ff8 5586896e e43c78a9 5aadf21a ab083495 b2ce8fbd d3e424bc dfe7ec37 37bffb80 3577050e c74b212b 5d03cded +Ciphertext: 8b615976 c58688d0 4a0a2be2 78c6b64f 3ffac400 645c4c57 e043aa47 e36bc352 cf7753b5 25d9a7f1 9ea87b5e 54f08bb7 81b37e0a f2b25b3d 1ab16b65 2efedbda 81be8040 1b33eb5b 6b9d6b7d b0a1b1d3 97594288 6869282f 7d5a9933 405ec88e 2ec68b25 b164e214 4040e0a8 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 06803267 d595aa20 8a1880c5 6e38f71a +Plaintext: 7f 108d36cd 7d80f024 2d9295eb f909dc4c 75fb1b96 c5c8badf b2e8e8ed fde78e57 f2ad81e7 4103fc43 0a534dcc 37afcec7 0e1517bb 06f27219 dae49022 ddc47a06 8de4c949 6a951a6b 09edbdc8 64c7adbd 740ac50c 022f3082 bafd22d7 8197c5d5 08b977bc a13f32e6 52e74ba7 +Ciphertext: c1 22be5492 700b52c1 2752cabd 52d4bfb0 e7618ad8 8597393e 10a17ed3 300abab0 5fdd6037 0904c4ab bca60a90 256251c7 61cd65b4 b6b04556 61cc5c22 1d3ab93c 2619bc6b 69580894 46e80f57 082ddbb3 8cee459e aed5689f 623fad3b d594126c 4c96841d aa4ed045 efb88ec8 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 28576077 ce628c53 5e87dc60 77ba07d2 +Plaintext: 9068 590c8cb5 f1088e08 2cfa0ec9 61302d69 cf3d45a3 d356c502 5ffc3ca4 a7dcb33d 1df3405e a0f5d8f8 f0f0651c 662c1804 e2570157 04dedda9 9f9e2f41 6abc9220 f9d14d3f ec4b2817 67107e66 c2649431 810c2905 86b34e83 858e781c b93cd418 d5f0dadd 3ed1256e 77a18232 +Ciphertext: f32f 26eb8e85 0f3b1916 fec2a30b 00c9a5e4 005bceac 88090343 f90506c8 3cf61719 e32e887b 365627a7 e05d6573 a2a89585 3cef3295 2e619683 078a21e3 992a0c2e bbf24744 f1d4cd4c 2d8d3c6d 3a56557c 1fc1fd8c 303868b6 7ed3578f 64ab099a 40982224 ee681622 6280045e +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: dc9d47f7 94a5e636 c19dc198 f91340ba +Plaintext: fa2221 2d999610 c2fc5078 0409ed98 051ea2d9 5e036a5f 711d64de f1e476af a5973723 682e0c17 759091c8 e1063ae9 69ef3af3 6eb6a3bd 3e02cf4c 952c00ec 64f6437f d07a9a16 7e6059be 0e54d19d e5b72c3d 30959827 25d8a8b4 8cbbf620 7f810ee0 6e668735 66d67302 92ddfadb +Ciphertext: 46e102 e2903169 f901665b 5b1315c7 73757ab3 7e7d5f2d b690ce4a 676c5271 2555b85e 05a3c2a4 56fb55be 9c35d1e3 62f146dd 4641c0db e211a9ad 8b4bd341 2a04067b a2a69a08 d62390ba e9b7c771 c86237eb b7d1458d 18cec994 688bce95 9c76036f cc40c057 b6580933 93bb3c11 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 02df415e ab8991c6 af07b5bd df77a372 +Plaintext: 7e9e5fec 48da1d9e b358a63b 7587fccb 46cd41ff e778d5c1 63f7bf10 954a4e0b eab7ff4b 69bfa276 f050b911 c03c2196 3beaf4c7 ed4cad41 ca108d54 b61b3e12 4b33b7a6 d6fb5fe8 a225752e 7ae3af64 699e215f c4eb616e 6abbe932 4bd1bcb0 277a4da5 98789c19 533fa237 ab64ef5c +Ciphertext: 04a7ecd1 9e0e0fa1 c6e75010 38e51afe 0d38ae06 153ce7d8 58413b96 7d63131c d0c15a6c 46d7fda6 48cc8ec8 65865dde 89235e1f 1272b078 c4742499 79554652 e8e2a6d5 9189f7ef 8c28fabb c22f23cc b1358c0d 99e6ee35 d1d5a578 6108ab17 8f28d0a4 88ffad99 74f0eec8 594a9a8d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 5752926e 743f396f ce5e9952 5b56100d +Plaintext: 08 f489efb8 1ca1348a 0608d75b a729a78d 6c0d9d06 2e7c6d7b 63665bee 91825075 09352d3e d1b55fd0 e26eb493 93a56c93 565b9481 a2748ffb 3018f60c 6a5aa2f7 21170630 7e21c2ac 3b9d765a 12aad4f2 7644faed 8267fed4 2f77cabe c9df2a15 a4f92398 0b2e87a6 795ec6b9 0c810731 +Ciphertext: e5 20bc2001 27a55107 0ea82029 f3454ee8 c7e6102b 878e0707 b1501546 55b916a8 ce3598c8 4aca6381 ac832cea 88b3159c 54466f54 34c42fbf afacd2cf da9b6a09 f74c0570 ca1dcf6e 9c801254 673d0380 d02a8cc0 b66de581 a10a9f62 19919eb4 e73fbe21 1170630b 73c18e11 e8ff31ac +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 368f7753 b69ee191 c64a800b 965a1157 +Plaintext: faa1 2b7d5f21 d3460477 4cb76773 2cd8fd06 b5ba2561 61b75f5b bffcb913 7e458bd7 c7e86445 d11544b0 af5c0cc6 6c6f326f 592ab9f8 a6d06170 30981b52 9a68bf65 9fe001e1 a69aa2d3 97b0e3c2 ee7f3f93 0eab59aa d7643452 7ae7a25f 8c47ff12 5a6d1e3c 7d5d84a6 aebcd4b1 db8f8b3a +Ciphertext: cdd1 5064548e c525d843 b90ccf60 3c857e7d 354fc235 3f5fe733 393c3608 a030a06c 47134d98 802b0186 14f7c5d9 d301710a cad1c348 898ec3ee 2b509d57 e6a8fdee e5c39a3f 304650da 99e03dd1 b5d3df0f e1df06f2 9e744a72 219b02ac 653c7002 7239be56 9d13a18b a284bb4e 4d56a096 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 7a46edc0 1df940c9 46f13781 7d6ab1a5 +Plaintext: a197a4 9f7ce753 f39987c8 d95a287e 2b45025e 829f19ec 9d3cbfc3 02955a3f e71b6779 52cbbf78 800319a5 8494d180 3018e892 38864ba2 9503582c 28fb9e0f a071e486 9d936d59 15927b55 f8b012f9 0f9bfe72 2af918ca 7a44c45c 3cd8be8b 974a17b3 c8fc7a60 7ceeb4be 7dd77351 91754ee6 +Ciphertext: 42d77b 223d45c2 cdeaeacc 71b16b83 bfb6c1d4 2f3af859 4401ed38 b43ba1a2 f6e4f0ce bfe79640 a0a48f7c 680207c2 d5710877 0bfedf12 f631c684 c2090760 7852ce68 dd8b7a1d 9bcc3d57 33de085b 47c2c8ce f3221f21 756a0bff c0e13c17 bbc1ddc0 55b31f5b 45a57fca d5dba08a 5d4d0da3 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: a02106ca 14a60c39 85534319 964f06e9 +Plaintext: 1a2d6df4 7cc0ccca 5d317df0 7e4ee0d7 e1259f0b 2bd237ad 4d95b423 6328bb0e dc4fce7c dcb0cc60 dee5b73f 9ed0ba2b 362e6bf5 876f4d9f dac69910 c77c3e0b 57892662 6565bb67 4a1caaa4 b9a1e6cc e764f1f1 ef2657f6 760c7b48 8af395c9 d004fc0d df88a1c9 e7fddc88 96696ca0 3ceeb965 +Ciphertext: e3996570 9c597437 2671d7e4 4477b37f 3ed7867c 7af595ac 8c1eafbb c5672fc4 7f7dfbd6 77a90dfd 8b00126f 632bb198 d5f69ef2 f04ea916 d607e2e6 c4269947 0c5cc341 749ac58c bc2a921d 1ce5af78 f6ffd19d 6f9048a6 f1064968 98813f8e e285c816 c2348173 7c9ae039 612177ec a5b4037f +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 2d9f5b9c 6792e033 7436ca2f 92e7d8e5 +Plaintext: 12 c0876dfe b1d754fe d152917c f54bba07 816478f5 7e53394d ede524e4 5b4252c5 b6743bd6 5f236eb9 80a286f1 a0305946 7577726a f959c2dc c0ec920d 88c3bcc2 12701bb9 3046408f 206466e1 18efa8b2 229e720c 2a7c36ea 55e96056 95e28bcf 7b83f5ed 4cca3048 569e1b95 84101112 31e06025 +Ciphertext: 19 e19fb1e5 36737969 b68932b7 fb6aad91 83e827bc 68e0d32b 2310f7f1 28c4619a 405b32eb a06e1b21 643e6cd2 c6c4de26 8d15d7d1 e7ab67e7 05776b57 3424419b f21b9f63 e5360543 41203a6e fd0989c3 ed24e330 de49ca7a fc102e28 86350051 5e739057 ff91aad6 7199d477 1b3177de fe3461ee +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 3a43fd3f 57e37607 ab2827b5 99b6b1bb +Plaintext: da37 a8abcc5a 8c550d1b fb2f4946 24fb5036 7fa36ce3 bc68f11c f93b1510 376b0213 0f812a9f a169db99 ced213d6 a7d695de 24de3cf0 1ac09046 672b9799 6f45eee8 cd921776 42181512 f1c1369a cf0031c2 55b77012 7859af2e da4cc65a 4291c33d 4aa63ce5 57abe40c cec55b9a 85c04b6b 78f8b051 +Ciphertext: 13ed 295d1ff3 eefd8f25 d1dab5bf ec3fc924 9341ae23 2ac4c748 a30ddca7 06f0e55f 9b5c9da0 8454ab2a f520bbe0 2a9abc9e c6af45b5 33473c35 92235f1d c076e6fa dd4afe4c a732be5d dd283038 46bfb58b 8c7c1ce4 7849f15a 35db2a9a bcbf5f44 ce43bbeb c10a3323 8f8fb353 be04902c ca7a30ca +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: be79775d bb654b5a 9696ac9b ed8541f7 +Plaintext: c86a6f 11cca52a ddb25d0b 5ff767a3 b6d46910 5a703fcd a2559dcf 8920f6cd b17d9ddf a8532b4a 6b3c209a 2838cdf2 48a271a1 ad63a2f5 3865ee54 8f4bc388 1d5f8c5b 5acb1d64 4c0d5120 4ea5f145 1010d852 dffa556b 26b0d164 35d4b21c 42547f0c ad9c441f 890b38c4 57a49d42 1407e84d 779f22d6 +Ciphertext: 031f2e e34db7c3 6d716885 ce60cada dbd62986 5313c2d9 1afcb86d fb957194 31d20ff4 6cb0b764 88490602 13becfb6 942d1b1f e0d50690 1467a037 259ad205 840dec88 cba7bb78 415c50a6 84210038 087d5a2b c41659fe f18df2d3 37eaaf2a fc60f772 7e0416f0 aabc4a26 6c5139d7 c56a4ae5 f1966a4a +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 741c8e27 04248c2e 2845bd19 2b2f6824 +Plaintext: 28201caf cd9f9794 5e6de7b7 fdb9cfdf 28936cc4 83a31869 d81b8fab 5cea511a 34334709 37fda8e1 f62c1ebb f9b0252d 4cfcb463 3bb92072 59bc3dea c736c6aa b22bfff9 1e2698d2 e22ad57e f4ebec69 e73eaf2e b2cf6af4 b3120ffd f47c907c acf28da7 09822f0e 2c51542b 76d4ec3a 0243a24b 724bc095 +Ciphertext: 58d58c3f 8836da78 1e934d38 b534c71b 29556527 43107df2 564581c9 5e06099b 7586315f a7ab3bd1 c7580539 4f6748d5 85487454 6dad6154 edd8c85e 52b07736 15ec827b 87224692 617c3dc3 61c665ed 4a48428f cc2548f0 e53ec118 0c5be26c 3773b170 cf74c434 9ecbc8e3 0bc02069 35e08e68 c8bc92c6 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: ef044c0d 6b227737 296f393c 8079353e +Plaintext: dc 87e2e805 d2ec49a4 f2d8e203 97e8fd14 793e41b5 92438432 8a4ae00b 737109f8 b6c8dd2b 4db63dd5 33981ceb 19aad52a 5b2bc259 32bc0ace 2b0aba33 d8ac188a c54f346f ad10bf9d ee2920b4 3bd0c53a 915cb7df 6caa7205 3abff37f 10ae1299 9cbc1259 5bc37705 0bd417e5 6420744a 031949d0 a7d463df +Ciphertext: 21 59ca8146 99f33512 2ddcb057 ab7c36b8 0fa96489 7f76e1c6 7fcd0d2f a856e2d8 da5efbf3 e09a165e f19747df 0670899b 33f00cc2 864a3a22 73d9513d ee448c42 b83a0930 9c0b7b11 21286050 30aae9d1 b31d690f cb8caf62 da6dd304 3d534b71 0c57b878 8b9683a5 c7a5ef84 29e5b4fd 51e932ca ccd5b07c +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 9fb2b278 833fa02e 235aa172 bd970c14 +Plaintext: 73e1 2907fb64 8b6599aa a0b24a03 8665422b 20a49927 6a504270 09413c53 27d30c98 7da16a62 b1903b56 e310bfff 839e0c71 658dbb2d 1707e145 724f41c1 6f48bf40 3c3b18e3 8fd5d166 3b6f6d90 0193e3ce a8bb4f1b 4f5be822 032232a7 8d7d7523 8d5e6dae cd3b4322 cf59bc7e a84ab188 11b5bfb7 bc553f4f +Ciphertext: ee8b e6c48ab6 df716038 de7271a6 b81b67a0 4b1effe8 6840deaa 0cab9c31 176b84c6 5af94653 da3386f6 56bba377 829ccc2a d68535b1 a5e89985 2c110167 97769932 b7c76925 9799b773 527e3b3c 68e5adb9 abb161e0 b44b1ac0 f66e7aa6 5f869d65 4e6c8da5 fd822cbf 63c5ea23 8e745178 516a09d4 c41d23e2 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: e44478ce 287a1487 9990d18d 12ca79d2 +Plaintext: c85514 9021cd5c e8ca0371 ca04fcce 143e3d7c fee94585 b5885cac 46068b5b be4decdd 8f1424cd 36f82dcf 1bcf597e b93993a5 fe77e8b1 f5814766 a25285d2 2e87a47f 442855ed bac6bb3f 74c67235 85fcd05a 987c6b7f 8facdb67 699ec1c4 699d0862 74066aa3 bc5a362b 9b9051dc c1b07b05 929dd4d6 ca329f18 +Ciphertext: 1598ab b308f9a2 9453a92d 97d6f8cf 86f6b99c 85dd5847 1363faac 9a3b7672 7a75a8f6 226b3da9 f4c19314 dd1f3d65 455239c0 8860966b c3f257cd ce070bf1 6e1147df bc997ab4 fbe7ced5 30660b29 9fc3c13e 28fe6e89 cf16428e 6973a137 9f0d189d 27bf218a d01fe56b 8fec9a9f daf73e4d 3147b8c7 17cbe40b +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 6391451b b8b89def ea566ad6 83dc26fa +Plaintext: 59d6fe5c b67c1d0d b5842da0 ef3b1bdf 57d41bbd 6300ed8c 6dbf5e70 58751114 76407f9b a9893dda c9d97ec4 46eed825 0f0f4b94 b29c7fa2 c4e94d58 834c81e1 ba75de83 e5fe63d4 9643cd2a 17745d53 51e9db86 ecb5db9a b87d3f76 4c8bfdc9 ed1e23fb b1041863 e36b24ba aaf532cf e60ad57d 5b728ada 11233db2 +Ciphertext: 40bf4569 83d09573 36a6118d 4c7e7331 2281af26 11411197 7c8bf6a9 48a6f0ca d7eaf16e 8a78528f a91d313f 856d001c b2832e82 fb3d9c9d cbe010c5 47aae2c3 6d337fb3 aa4fb248 a2b2e11f b7a6a14f 8c48087d 4240f97e 013fc33d f1d89e48 1e292fc4 e85f8f66 0b50fd82 d495f051 345b0a86 45504ae5 cf90d864 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: fa570e34 d6e254ea 54c3e2ef 7af98a5c +Plaintext: 46 98e00396 1b406045 fc13cc97 824df4d7 db3a8a3e 6a7b3a17 624ce021 9408f835 85ee5528 c42517f3 7afed711 437a2429 3c0c33ed 5e9fd242 0adb9ea1 e4a476bd e5e42f66 ac8b89ad 15d46249 0dc92a39 a50997ab 65c99a1d e21991c2 9268be27 e04bf816 7c7aa0bb f51bd705 8944ee4f 3cbb1e40 27007aef 138d214b +Ciphertext: 83 3517aee3 3540a6b5 5c0f91bb 8414cb2f ca43b3c1 320c2af4 70db3aa5 6504c9f8 80860d34 30dbb529 d153ab35 faf3eea3 f03aa6e9 b7a51591 10a57718 00a0e319 33a88ca9 e0ed3ec1 ad9cba06 fbfe8e05 d5e67731 11651118 55e498d2 4d351005 6ef93f3a b9859a93 fcfb10a3 92298181 575bf700 dc871827 18c59011 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: 465cb8bb 9daa1801 dbfb4364 415e9d0e +Plaintext: 5ff2 59b329a9 31734d4c 5a02c4bf b706a787 4dc04589 f7ef7214 5af12222 1c2c36db 51ac955b 360d7fb5 229c1e38 b9b95ef1 6380ff70 fda8e9cf ceaabff1 bc26b608 bf83a85a 97d76444 ba06497f 912d13a2 e341f4e8 92f3e734 85d74152 e5c68880 8c81892d ba96a500 0a886c1c a52a6da3 b64c4b78 1e99144a 68c0cfce +Ciphertext: ae06 ac107832 5919227a c6cbaa71 2830942b d0292312 fedd5852 d39b5ec1 c40848b5 746b6c99 58660eae a8121d76 275e5033 a0781833 f82e7441 81d8d6fd 1f565723 5430ccc8 2f9d5a9c dea029ac b249f3fa 76abd507 5ecda67a 3512ee6c b30aa0fe 09618513 fff05b49 f2dc829f 0d07f63b 407d4436 ac78d7eb 02a85936 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, no IV +Key: ffd2544b 9eeb615c 0915e9f2 fb69af98 +Plaintext: 5f7814 fbc2e92d a9096319 195fad92 ec7213c1 72df0c57 70ea1bd9 2073f33b 7a26deb1 b2f15fc2 02bb169e a953e5b1 34a65178 fc362b94 f0c76f1d 945b6c38 4a6125ec d12af831 0b9c7d4a 032ab155 2e045421 f18a8f3f 6407da5c 569c1dce 917a156c 5e54faa3 4c155fc6 2ece59a6 63f2e363 5ac58181 5412243e 6c1c4e23 +Ciphertext: da95a4 e132a094 75635ce1 89e10a44 87a1af15 f7a99328 4aa3adf0 b756c9ce 76467f9c ed84d92c a27578e6 8540afa4 838c7c85 7619ff44 3ed4174a f46044d6 5713c51d f6aca4c2 9c8be737 a01ff0e7 35961fb4 66f42a7c 67639f88 5674a378 9e31cdd8 0d463004 710deff2 a39ba3d3 2f2503bd 08bba0c7 9b44f212 0bee67cd +Test: Encrypt + + +AlgorithmType: SymmetricCipher +Name: RabbitWithIV +# +Source: Rabbit test vectors, Test 4 +Key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +IV: 00 00 00 00 00 00 00 00 +Plaintext: \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +Ciphertext: \ + ED B7 05 67 37 5D CD 7C D8 95 54 F8 5E 27 A7 C6 \ + 8D 4A DC 70 32 29 8F 7B D4 EF F5 04 AC A6 29 5F +Test: Encrypt +# +Source: Rabbit test vectors, Test 5 +Key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +IV: 59 7E 26 C1 75 F5 73 C3 +Plaintext: \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +Ciphertext: \ + 6D 7D 01 22 92 CC DC E0 E2 12 00 58 B9 4E CD 1F \ + 2E 6F 93 ED FF 99 24 7B 01 25 21 D1 10 4E 5F A7 +Test: Encrypt +# +Source: Rabbit test vectors, Test 6 +Key: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +IV: 27 17 F4 D2 1A 56 EB A6 +Plaintext: \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 \ + 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 +Ciphertext: \ + 4D 10 51 A1 23 AF B6 70 BF 8D 85 05 C8 D8 5A 44 \ + 03 5B C3 AC C6 67 AE AE 5B 2C F4 47 79 F2 C8 96 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 2923be84 e16cd6ae 529049f1 f1bbe9eb +IV: b3a6db3c 870c3e99 +Plaintext: 24 +Ciphertext: 66 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 5e0d1c06 b747deb3 124dc843 bb8ba61f +IV: 035a7d09 38251f5d +Plaintext: d4cb +Ciphertext: a3f2 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: fc96f545 3b130d89 0a1cdbae 32209a50 +IV: ee407836 fd124932 +Plaintext: f69e7d +Ciphertext: 14b713 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 49dcad4f 14f24440 66d06bc4 30b7323b +IV: a122f622 919de18b +Plaintext: 1fdab0ca +Ciphertext: 030a9955 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 9902b972 9d492c80 7ec599d5 e980b2ea +IV: c9cc53bf 67d6bf14 +Plaintext: d6 7e2ddc8e +Ciphertext: b2 82d6e087 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 6683ef57 4961ff69 8f61cdd1 1e9d9c16 +IV: 7272e61d f0844f4a +Plaintext: 7702 d7e8392c +Ciphertext: 0f0a 45cedd90 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 53cbc912 1e33749e 0cf4d5d4 9fd4a459 +IV: 7e35cf32 22f4cccf +Plaintext: d3902d 48d38f75 +Ciphertext: 93d14b 059019b7 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: e6d91d2a e5c0f72b 78818744 0e5f5000 +IV: d4618dbe 7b051507 +Plaintext: 3b33821f 187092da +Ciphertext: ce4997f1 256ac8c8 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 6454ceb1 853e6915 f8466a04 96730ed9 +IV: 162f6768 d4f74a4a +Plaintext: d0 576876fa 16bb11ad +Ciphertext: 1c eb134457 8bbbc8e3 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: ae248879 fe52db25 43e53cf4 45d3d828 +IV: ce0bf5c5 60593d97 +Plaintext: 278a 59762dd0 c2c9cd68 +Ciphertext: 5f05 202ba2cd c8a29e76 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: d4496a79 25086140 14b13b6a a51128c1 +IV: 8cd6a90b 87978c2f +Plaintext: f1151d 9a95c19b e1c07ee9 +Ciphertext: 1505b5 06ecf6dc fb9b564d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: a89aa786 c2b554bf 9ae7d923 d1559038 +IV: 28d1d96c a1665e4e +Plaintext: e1309cfe d9719fe2 a5e20c9b +Ciphertext: 87d03913 a7d356bc 6963fa06 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: b4476538 2a4689a9 82797a76 78c263b1 +IV: 26dfda29 6d3e62e0 +Plaintext: 96 1234bf39 a63f895e f16d0ee3 +Ciphertext: 20 a9a8f3c4 dfb965cf 5a879c4a +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 6c28a11e 201dcbc2 033f4107 840f1405 +IV: 651b2861 c9c5e72c +Plaintext: 8e46 3608dcf3 a88dfebe f2eb71ff +Ciphertext: de51 85b5e39a 03e83143 9a699647 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: a0d03b75 068c7e87 78734dd0 be82bedb +IV: c246412b 8cfa307f +Plaintext: 70f0a7 54863295 aa5b6813 0be6fcf5 +Ciphertext: 938ace 26391bd7 17f6c4f4 33b0480d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: cabe7d9f 898a411b fdb84f68 f6727b14 +IV: 99cdd30d f0443ab4 +Plaintext: a6665333 0bcba110 5e4cec03 4c73e605 +Ciphertext: 7411d203 21205547 820651c0 1cb810cb +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: b4310eaa adcfd5b0 ca27ffd8 9d144df4 +IV: 79275942 7c9cc1f8 +Plaintext: cd 8c872023 64b8a687 954cb05a 8d4e2d99 +Ciphertext: 5c 9098ccdd c1b7604a febc7abf ebb9d4f7 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: e73db160 deb180ad 0841e967 41a5d59f +IV: e4189f15 420026fe +Plaintext: 4cd1 2104932f b38f7353 40438aaf 7eca6fd5 +Ciphertext: 0b67 80a34950 fdd7716a 09d62c3d 5647405a +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: cfd3a195 ce5abe65 272af607 ada1be65 +IV: a6b4c9c0 69323409 +Plaintext: 2c4d01 8f1756c6 db9dc8a6 d80b8881 38616b68 +Ciphertext: 3d2580 25848d24 a7249621 808c183b e9147cdb +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 1262f954 d0e77117 48780d92 291d8629 +IV: 9972db74 1cfa4f37 +Plaintext: b8b5b095 57f5df80 6c6d8d74 d98b4365 1108a5f6 +Ciphertext: 76cb349c d903e0f1 7f5821d7 b26690b7 333f8f4f +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 79bdf7eb 15b8e0e1 608f6e3c 7bf45b62 +IV: 8a8a8f27 5cf7e587 +Plaintext: 4a 3b329b61 4084c6c3 b1a7304a 10ee756f 032f9e6a +Ciphertext: 88 25c72483 51e5a340 d8c87d01 219ed2bb 07cbeeeb +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: ef10509b c8814329 288af6e9 9e47a181 +IV: 48316ccd a49ede81 +Plaintext: a38c 9810ff9a 43cdcf57 c75059bf bd1c2703 287f5d89 +Ciphertext: 13ce 66d80f03 ff43c89d 7b0a94c4 82694b22 f4167299 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 5fb94934 4e603ce5 de029842 b20d2bb6 +IV: 14ecbbb8 2f73e251 +Plaintext: 7e7d1d d884d31f 01be506b 16d64321 83191518 982b2c2e +Ciphertext: 0c9f2b 7e27422d 12c73cac 677f60c0 e579d844 5b18c17d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 8bf90edc bcf0ca0e 3d6d9431 9274af8d +IV: b5a490d5 5e6a40fc +Plaintext: 8076024b 176b36b1 21db7d5a ea721e82 8d71a88c b85ed94e +Ciphertext: 6ff36061 76490fd5 0081c3f9 fee05c42 7aebf31c 09a4b14a +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: affabfb0 94741d75 e5dc1058 46daf25b +IV: 81a07f5c cb1d36e9 +Plaintext: 49 740255d2 ac1a0bf7 a9262340 5ba333b9 358868ad e12ad5b2 +Ciphertext: 35 e5df4b2b 593ea327 9c11f40f 585b4ac3 05535efc 09d687b3 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 325d0ae5 5adce977 5debb569 c53a6c93 +IV: 980d57eb 879adf04 +Plaintext: 68b2 a2d5e6a4 c6bc775f 8dc38fd6 2a2114a9 d4041101 188daebb +Ciphertext: e9cf ea093866 7b82c9c2 e1d15653 18badc8e f12b9721 7c1767ef +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 731c60ca 20cf5dd6 2f455329 d7a859cc +IV: 0dea26ed 554e8084 +Plaintext: d92bf8 37b8edd5 7aa05c4e fa9f21fc 3c36858e 81b07dbf eeb1e485 +Ciphertext: edebc7 af917999 4a147f82 23afa965 4fae9b1b e74bb709 c77008d7 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: e912078b c6ec66e2 a3f3b9f4 900632b9 +IV: f404022d 2ce01e01 +Plaintext: 74f84390 0ba23716 9208531c b5373e37 0e72fbf2 46cc2609 7ef67ad8 +Ciphertext: 105edbcb c23364ed 6a314f73 9b47bd87 378fe71d 0430d39e f0a3e8db +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: ed559712 ca5702b6 6c086e3f b0e03a1c +IV: 9bdf3a5f 40ddbab9 +Plaintext: e4 1bc0a661 1d92e5c8 bc782b4a 77c31859 0a0e6a0a 42c471be 0fe3c301 +Ciphertext: 96 f028826e 484c2bda 8695bdf1 99515418 5b9e1c91 a74c128d bca7b508 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: dbff30b2 1a89f865 22513c05 3d4ab3be +IV: fd8d9e19 d0a1fe69 +Plaintext: d4fa 0467edbf c91914d1 3ff8f208 6851adc0 c5ec0294 12ec9469 30f683af +Ciphertext: b89d 187f28d1 a8201701 62833600 e84db203 4b24d7c2 d21b0ae9 6741c666 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 639541e3 bddda158 da4f3138 cefdcac5 +IV: 5cef65e5 69c430de +Plaintext: af9ce2 5eb6364b be00562f 87846a54 365f6cda 3cc50acb 493d05f3 ca0ed7f2 +Ciphertext: 2e6021 9fbff315 e44483eb 0a97e2bf 8548a9f0 ddb488cf 6541fe1f 2dce3683 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: b1f4988f 7418224f 583f7447 ef42542e +IV: dfbe39b6 e60c671c +Plaintext: 1b745cfe 779d6b6e 9348a744 b33e02b8 0487b630 22dde456 dd617b6e 3d8c5ce7 +Ciphertext: 4cf7078f 128ce834 9c9f0122 757dfa22 33a54aec 66fd1aa1 7b0d1928 74a1bfe6 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: c467bc2f f2ffc9cc 0f1390a9 24111ead +IV: 4b41e592 283f62f5 +Plaintext: b8 aefda949 2b3151ca 80ec2e45 1a3935aa be1c65ce 77bd57b3 d3c9170a 4e1632f6 +Ciphertext: bf 167fced9 0f847f76 81533a31 9bbb23b5 0045b57d cfffdb41 c39ba415 164b0604 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 0f861013 d22d84b7 26b6a278 d802d1ee +IV: af1321ba 5929dec6 +Plaintext: a62a 65cff447 3621ebdd 4ba26a99 a812c0e0 3491206e c7624f3d 84eea0a8 690c22d0 +Ciphertext: ffc9 3b845a0b 52d350a1 143b1b3d 2faa7a93 65dfe69b 381fbad8 c9a9120f 482b6cce +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 247f183f 28c0a9cb 01ffd9bd e464b833 +IV: 8b9ad9c3 408e0661 +Plaintext: 377432 83200caf 83fd23a2 44315cb3 18da3009 e1613475 77509aed 4a63fb3d 49e154f9 +Ciphertext: cde337 bbdf3cda 57ddc959 0efd5834 2f652e11 35821a1d 7e603fcb 0ca343db fb8eb68a +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 022c4eb6 0a97c279 9f797c70 8c803fe0 +IV: 4d470a5f 742a9a43 +Plaintext: 4b59305a bb2b94dc 6cb55a9d 2e9c6487 9827a848 ee983348 48bd6ede f1c2a1c3 0e49b5c7 +Ciphertext: 65da1008 0b64e735 b3fe4023 b0e1802a bf08e7ea 9b96a1fc ef075bc8 bf868862 dd27f862 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 80bc3ec2 0be2b9ce b7b111b3 766469a3 +IV: 08cd1528 1cebe95a +Plaintext: b8 bfb755da 5c13ea60 3e599525 dcf2af6d 80d2e583 5745e9a0 c4ec670f fa023b8f cae4e1f9 +Ciphertext: 0f 55c0f715 b859fe48 2c4fe882 23006f06 9ed87435 c98c9f03 817df16d 38aaec17 e86ee781 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: b9d12d22 56ee3c03 cb8daa17 b1ae0505 +IV: 29c6827f 28c0ef6a +Plaintext: 1242 e93f8b31 4fb18a77 f790ae04 9fedd612 267fecae fc450174 d76d9f9a a7755a30 cd90a9a5 +Ciphertext: de08 7ff55648 ca0abddb 0b9ae06d 5b992ab9 c31c10c9 3cd06e11 668ec1f0 2dd8b369 494406af +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 874bf48e af70eea3 a62a250a 8b6bd8d9 +IV: b08b08d6 4e32d181 +Plaintext: 7777fb 544d49cd 49720e21 9dbf8bbe d33904e1 fd40a41d 370a1f65 74509568 7d47ba1d 36d2349e +Ciphertext: 6982e3 2ada40bc cab62d97 13caf99f 00f711b1 6fbbc07c 56d5fa17 b23274ea 9003f4ab 7a2e996b +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 23f64439 2c8ea9c4 9d40c132 71aff264 +IV: d0f24841 d6465f09 +Plaintext: 96ff84e6 5fc517c5 3efc3363 c38492ab 08a3aa3f f03f1c55 ad514fc4 8596585e d5881e81 568cbbe9 +Ciphertext: ad2b36bb 66b9e151 bc1d9a42 73fa860a d1c6d5ff 8cea88bd 842d9154 a251d39c f430b1af 5852a3c4 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 9f6d25c8 eb090d19 1d4a0731 0158ec97 +IV: d50d7c15 08aa480f +Plaintext: 41 c8d014a3 91e8b350 2f60902b 85e3b7e3 1d202f2d 6228d350 10175de7 e8f7c4e2 a8e1c8cf 3a65ca58 +Ciphertext: 45 9de2df5c 876a8fc6 2bcee924 2f67a7e7 c56f9dbc 06d24967 ad70a659 18c87d7c 33a5c73e 2db3ab78 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 2c2de20c 60dc2c62 053c62fa c599b027 +IV: 4068c3ab ba2d24c1 +Plaintext: 109b c461f1fc d8bf4ad3 e61502c0 20a2e8a5 f2f2ea07 d76187b7 70db87b1 d7e5e944 31e11d73 828d739c +Ciphertext: 2766 bcab2086 29c5c87b 9780fdd6 b5278a82 bc965a83 17c843fc 127224bf 51321bf5 fdd737cb 55b3dcb2 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: c6ced457 3dacb0a1 069d373a ef06cc4b +IV: 8cffb64c 86571925 +Plaintext: 36d725 9372cb8e cea7bf3c 69288743 79c68215 f9a11ff7 6d3e9fb1 c6d91d8a 86fccc73 24508183 b2b471a3 +Ciphertext: b515d7 d6a833e2 7bcf05ce 543263b6 8603f2e2 6b3587d9 db78441d da08c3cc 45590015 d64c1735 97c9d0aa +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: bd8c3b8b 755b29ed 0d95b2ef 65ae44df +IV: e7774122 afaa486e +Plaintext: eec3b53a 90126b72 1c0fd16e dced1a25 3f72ca9e 7b0575a8 7609cacb e769d17e b874719a b0ec350f 4e5950d6 +Ciphertext: 15ec36e6 23d1f8d6 44600e06 ff4844c5 5b17d682 16e93165 0c9f9928 e613168e f1f7ab50 59538e13 139cfde0 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: f8a3de27 55e06ceb f76bbb74 3d36c16c +IV: 7761f10b 4c0bbc8d +Plaintext: 59 6858e41b 13c0aa0f a6fc5917 89a2be20 079dab02 a72deda7 b92f7d70 2f9ffbd4 ae5b574b e529d26a 1efc254f +Ciphertext: f9 30e1328a d1539583 d2f2a4b9 ff575863 09df2d0d c7de9dd7 b3d9d07f 59abfcc9 8ecc63f8 7b1d48b8 39729626 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 1273ff3f 02a3b58e 031635bf 9a133ded +IV: 8820ca6a e7c6d2a5 +Plaintext: 7694 35513267 f2c326e8 969c8355 fba9f385 2e072b26 b18bbf4a e3603b22 bcf26f08 bd0b0ac3 273c6b07 6c7fb33c +Ciphertext: 0ca5 f658719e 29b22305 b4319308 98ac239a 707e77a6 e1eda34d 897e7d50 cdfc8f57 a0779967 4a0dc69f dddbbc02 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: e31a1f80 bfc795ef 42117c22 2e01d1f5 +IV: 7dfa778e 51e2cf9b +Plaintext: 2e8289 da6730ba dfd6ab2e 12d046ff f7584966 b29394d2 ca7d8537 2dd91ca9 746e5d29 6970f6bf c63d22c9 404acd92 +Ciphertext: 67468f 8860fb09 91aa6d05 18350ba7 dc44847d 4332f071 43852cdf c97406a0 25154b8f 92ca68d1 960b987d 18821fb0 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: c45cf926 01fb6065 26235b57 ed3e02bf +IV: d84f95f3 ba701bea +Plaintext: 7a7e4897 1413a475 e0b4ea64 174caeb3 93d9437e d666dc3a 4e39f18e d84de564 8203e541 951413d1 d3cae4c7 fd70c6e4 +Ciphertext: e7ef38de 187a778c ab035e3a fdc7c490 2c9e8842 ad57d8dd d8c74909 6bcf475f 1241784e d33a5150 24f6f627 7dbc1cce +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 98070754 f13af241 5f943ba3 c8f19d55 +IV: 6632c16e cb3562ce +Plaintext: 23 05aff7ba 4df01fbe 136d8345 a28bfd91 c839d993 428ae5af 75a3c7bf 5fd8935a cc129d56 cd748c8b 663eb0da 87f1966f +Ciphertext: e9 b1cf08e1 2317557a 8f9b71c3 58c1863a f0d7f47a 31a4420e e30e2faf 6213ba6c 749817e0 3007f1ac a87853ce 63173482 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 3db4d942 2af63ae4 3355f378 78be49ff +IV: 89d661da d7995489 +Plaintext: 6841 85b9cf6a 337e5c73 4add9027 7f8dd39d 9bfe695c 179ba3c3 ea4d52a9 9f408140 aae9643f fc488b40 d56a5b66 da33bf44 +Ciphertext: e608 05787d02 8da2d71c 9bfc098d 37d01942 b1f81abc 5db99ab5 15f543ce 04e95a6e ef6527e9 640959e7 a9d1680a c2a289a2 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 675a1bfa 26b582a1 e1b728ea 94371a01 +IV: c7722cb8 1a5433e1 +Plaintext: 22f375 fb735d5e 12fe9375 e09ed58e 38ed2040 a55cf699 4e835d11 1cb52abd 1fd87fc5 2e739318 ce09b15e 56a6842f 50b79182 +Ciphertext: e2e8e2 2592e74a 801af451 c70f3d5f a10c73e2 20ea6a4a 13922a0a fc0a9ee2 553acaa7 b4d6ed3a 00ffc54a 66f15b4c bbfff111 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 211e0568 ed86b1fa b5f4538f c29f1733 +IV: 47025d55 422fbdc0 +Plaintext: a36648cd b0e611d6 a803eded a67976ce c9005613 9221c2a7 8d47447d 3419be82 1007acd0 2123a924 80333592 4304b577 a101bbb0 +Ciphertext: 9c8d1850 6eba0f73 a25a369c 6aa082cb eeaf21d1 2429bf0b dc2ac5ce 94ef21a9 3307d985 4f18483b eb958798 034fd9ad 65d16f65 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 57038809 496bcff8 6d6fbc8c e5b135a0 +IV: 6b166054 f2d565be +Plaintext: 8a ce75dc85 1e0bcdd8 f07141c4 95872fb5 d8c0c66a 8b6da556 663e4e46 1205d845 80bee5bc 7fcdd4de 8e863843 eef288d3 fcd018e6 +Ciphertext: 1e b9d55c95 43d67c90 ba9dbea2 de592c71 bd7877c9 539d89d6 e1b9fa6a 81505510 0f15ec7e b6ab05c0 7f678ece 0adf9da7 343fe892 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: bedb47aa bc4bfac4 119e4a3a c1987a90 +IV: 4d892c31 85ced411 +Plaintext: 9e9a 6c9184f7 6aa37107 ef2ebf90 41b4fbb7 7b323a0c 8347b0c7 3d997e51 fe75cc07 44b5183a a4e7cd7a 03ab1814 095df7d9 d3f49321 +Ciphertext: 80fc 70bb24d7 883f396c 7c35e793 633ffcc4 bb513004 28f73bbc ec543d6a fc0734f6 d7cdc204 cfcb5402 86bfa496 3a821f8b f529321d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: e82acf10 6fde2118 9fb6a1bf 76085fa3 +IV: aefbfabb ede96edf +Plaintext: 3c082e 8bba4a73 e09181d3 eb2ac715 2a9d1d44 4c6c5202 3970271f 5213b06a fac0fdc7 5598fa82 4f6794e3 e1d61d03 90e2f2dd 368c5ba8 +Ciphertext: 10fcc1 d1f9b528 6dab56c2 c3a0db0a 8de674a6 958b9897 16b0bf2f 71572fd2 55dbefe5 dbbfa056 06ac0c6e 20269507 f8b7433b b00bbb14 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 04d2b265 c8dfc8b4 6c7f84eb bfd5cd69 +IV: 7950aa28 79dba892 +Plaintext: 50547d96 0340eafa 0dbde6f3 a4b7f8f3 3d5fe5c2 52d98bd0 63350dca 3ba1306b 74dd0595 3defc9a0 5b1709f2 6e0509cf 764a6773 950dfc5e +Ciphertext: b751b5c4 7e0b6f02 f5621ee0 b37519a7 2e8d1e3e 499f0bac 2aca90e1 142f1629 b2fa87f0 85651529 034c7f98 36804fed d73e3172 e6bb1975 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 17ff03f0 af917d35 0364d402 6b00be41 +IV: f6ca6489 af30c4f2 +Plaintext: 1e 27532711 d7e7bc9c 94d5c25e 11569906 d0300616 dd9285e7 bc3fe1ed a0ee013d def1054c a01692fa decb69cf 8a853f84 0b62c9c5 ed0d1635 +Ciphertext: c8 b63f54a0 9191ff6f 7eaa9321 0d0fa163 242faf37 44cc69dd d38b4977 9409da5e e17f9e12 50a2d3b7 d9ee730f 7bd07b28 533876f0 9b46ecd7 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: d7e221b3 bd52a7dc 568936d0 d14f8739 +IV: c42c0d8a 65d0ce85 +Plaintext: fcb1 720098f6 99e80194 7286efb7 8a017963 e125d05b 43622d42 d5180800 ef128b67 29504617 b909249e fcf09ee4 52b72ec7 2fd10702 6f7d0353 +Ciphertext: 0813 ac6c9d39 53b69b74 6eccddec eab5dac9 bd55d553 c9cba18b 10bf7b17 48af0bf1 6608109a df859f99 5e2a1027 d1c0889e 244919a3 acaa7846 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: ea00dddd 4931a0cb 183b5f36 1c9f2748 +IV: e67832a2 a8035dfc +Plaintext: 485edc 0bb3902d a874ca4a 2e85ed23 24644b4b 1c6ab2f2 da59a713 b934efee 4b5354b9 40b6a593 899affb9 bd4a4bfc bb380873 914c4b6d 9c7c03a9 +Ciphertext: d49ac0 74b11273 f406cbae 9b80e047 8ea1fb11 93a93bbc 31c7d969 81c9a573 762a940c 75bc695c d0131c24 0b2e8bb8 c6272d68 4caa357d c82108d5 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: f19d82ca fc783905 6721c31d 3d842691 +IV: 50415514 d8baf93d +Plaintext: 5c697080 d678165d 128bc4d7 57e19728 499bf3b3 0e5bc73a b0111251 c212a612 476b2c13 cf746895 e3a8befe a3b3f58a aecd3c3d 42476a1c a5638a9c +Ciphertext: add82de3 7ced25b6 6ad1e86b 5ad315e9 1f7a5d32 e5078a8a 27527daf ddf1fb04 e35cd9db 6f15b110 648b9f4e 75a986dd 793cc49c 7a24751b 6093b7aa +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: c369975b 18f7840e d0997fba 2d997728 +IV: 2a19dc93 5e5ea6a3 +Plaintext: 22 6f989ff6 dfc6de21 e7557e98 b8825921 0ee535b8 09f73b32 39d3ab20 f739cdf6 fcd82b6d 2ccdfd25 b367e58f 532ddc0a fc226c4c 9e472104 3b623abd +Ciphertext: 3a c314227a 3d3b299d 70dd5f0b 8777ebcd b7629dc0 94b025c2 949624d1 4f6c6a84 5ed609f3 829cb1ac b50be8eb 53876ecb b0c540ff 805f9bdc 3214781c +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 40fea306 15b328d0 f3a7e317 f655f6c5 +IV: 738d80d3 8bbcc9b1 +Plaintext: 006e c0e84811 a8fee0fc 0e99e3b0 fee8db5d 763fd7a8 1b01beab 2bc3e23d b3aed874 02258869 5da8803b f4f98e57 157d8df6 a0e47fe7 bb0ddc8e c6232a2d +Ciphertext: e5b3 035c3bf3 8ca36eff 42f9cf59 9b288567 3dc9be4c ccfc2121 d7e8f5aa 77b07c11 1a23094a 148e0b6c b7857824 c9922e17 31ef8778 61a27d0a 07d0b57d +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 920dce62 cd0522f1 c186c7c4 3f6c3d30 +IV: d557b07a 4750159a +Plaintext: 3daf76 3e3a3b8a 12cd9489 3f0bce3e 313c5f5e 9ed53b18 c4a73ded f255c9c2 490bb034 c46d532b 76ce0cb2 13a3c906 b237faec d1a0ae48 9af1f8ec 65b198ae +Ciphertext: 77e2a7 75943882 50b68fa2 940c7360 f19d7442 80b1ffa4 a4ad7e5e 9a58c0f4 fc7a9bec d4147201 3d141a33 eb74d272 c6d2fcec 84c8adbb 813c054b 6b21dd22 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 7d8cd7bd 2749b335 e0fc3cf0 e77d3ea0 +IV: fb18201a 66860cf5 +Plaintext: 3a1c5154 db430500 bd28eeba 6fb5a3cf d9bfeeec c2817534 95499990 64719f46 2d910dce 5cf357e1 9247bbd2 a5986a21 e87fe84e ac97b5eb 06302df5 d348ad64 +Ciphertext: 35ea99c5 195fc91a d13a20d2 d93b23fd a488702e 6dc6a61c cd599714 9b0aaab6 6acd4967 8384cd3b 6dbe64c4 dd050f08 f68f0fcf d7bb1649 4aec22ab 1ef1c105 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: fab7f701 f1a9d878 835108ae d0dc5154 +IV: 95a4f3bd ada748ec +Plaintext: d8 37a4f2bc f37f7729 f5d696a1 4dceee18 ae9bf5f8 68a09068 96d7e1ce 99746092 c5c52e26 595da643 b5713475 c7826ad9 c73c5025 249ffcea be5c6316 55826fbd +Ciphertext: 71 d19eb25d 11853f65 8bef1092 94f14d07 dbc89855 f064a050 8f2bd502 fbecd156 e6138da8 e97bf249 494f22e3 53eadacd 2b805240 333832be 24c73747 4e7e432c +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 41595219 648e19cf 5e918473 ff3c154f +IV: 02b56760 f895c1a2 +Plaintext: 824a eb8ec3ba 40e01528 059dfb5c f95558fe 2da5de44 1601c8cd e1b0cccc 06184b68 203ccc63 fc83a8fa f0bb060d 6e5d0a80 d8134ae1 9677824b 671e888a f4d5827f +Ciphertext: 9b60 d1175e2c 34f87b53 3ee3c209 61f01c18 7688f4ae 1080da32 58344c63 05fb1edb 7c3d6a62 696842cc 196b0c10 abd447ce 42ac1534 444a44ec 4631d903 1db79705 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: ab2a56c6 ca2f6297 ba7a6eea 9f70dedf +IV: 2dc42c5c bd3a96f8 +Plaintext: a0b114 18b3608d 5733604a 2cd36aab c70ce319 3bb5153b e2d3c06d fdb2d16e 9c357158 be6a41d6 b861e491 db3fbfeb 518efcf0 48d7d589 53730ff3 0c9ec470 ffcd663d +Ciphertext: 221293 e066c9d4 19d1b83c 75c8dfb6 da9370e1 8d6fd689 c36af45f 9e440937 7044aec2 ade1def3 9f62e7df bed54326 6d0adff7 77c9a9f0 39022255 0c08b831 cec2394c +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: c34201c3 6addc011 1c35b38a fee7cfdb +IV: 582e3731 f8b4baa8 +Plaintext: d1a89c06 e81199a9 716227be 344efcb4 36ddd0f0 96c064c3 b5e2c399 993fc773 94f9e097 20a81185 0ef23b2e e05d9e61 73609d86 e1c0c18e a51a012a 00bb413b 9cb8188a +Ciphertext: f24a515b fa75d8b6 fe2b158a 0d123721 290173bb 43aeada6 dc1d68c1 73fdf584 61aba5bc 8d3d6b19 6eaa5111 bb0cc699 8c91e41b 775c59ec 5c07a733 bf5e0429 40c1695e +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 703cd6ba e31cc67b 34b1b000 19e6a2b2 +IV: a690f026 71fe7a4c +Plaintext: f4 d12dea32 0ecd499e 72f12f38 064f0cf9 f3397871 9668ddaf d7f97161 b7b5683c 2995679e 23853b72 f469cb55 d85e4bf6 ca42b3c3 997670c2 3ee259bc 6d3ae4a1 6a809a28 +Ciphertext: 77 e89ff1c1 a6024c33 271685a2 15945f2c cfbedfed f5eb83da bb5f9963 7b2d2dc8 2842374a 44854245 1cbc732c fafb1b71 dd5dbdb7 3d1564fa eb41ce3e 3dee048c 1077828b +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 1ecbc8b6 6a467881 bb7b9ff5 dfd29857 +IV: 1754d1a8 6db5c5cc +Plaintext: 4792 2aeb3df7 6b182824 58307b91 1d05d72f 70bcd9f1 0f74378b 6a290b7a 9cd76e44 a0e24901 c2b5681a 53a9d051 a1295301 271561a7 006321a2 a20cc037 c8260ad8 b04d37a6 +Ciphertext: ef2e 17675a39 3890f968 44079e4c 42aed5f0 0a160be1 63b89e27 ed8a54de 9ea4d3b4 68cfb074 338d8721 e77199f1 e0762b0b c1a67d78 e5a02eab 14591b44 5bfe9e07 f8bbdd66 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 87480734 22ea118e ee35577a 2ac61ffd +IV: 536dfe21 e01b36f6 +Plaintext: 300142 d7c1f6ae eea2192c fb2bb8e5 50eb710d 20e297ba faf0d8f6 918e1c12 bebcaf3e c83aa357 e2fb7000 f5d7def4 a080259b 7eb752db a7c0ec30 7913d8ff 98547a27 33851dda +Ciphertext: d0919f 4ebea40d be450a2b 64838670 61ebcd05 df5de865 58a9a1ce 3fb494e7 5e20b16f 9c65c8ce 7c81a700 7a415cfb 7b98f0d6 47e7ecac 6837effd 98e383c8 9fc83227 3e60eec2 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 897b95ab ac8e22e7 85959829 1912bd29 +IV: 0aa9f3d5 61d717a3 +Plaintext: 8ae0a825 a0092cde ec08cf54 a8b94e66 081213e0 7b59a24d 2e94330c d142a0a6 9f48825f 982e970b 118b6823 6fbe2818 30dfdee7 2bf6c7ee 186af5fe 52bc3db1 dc7450fe a25c280a +Ciphertext: 8f3385e5 1d7a2f76 2adf83ba 7778dfcd ba5aaa59 19072572 c4204fb1 546c0019 9b721db3 acac4f77 e4f048b0 3b68385c 6ec40fdc 08025e2e 9075eb94 c2ae0992 94315c34 f1e15b81 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 02eda641 8b0779a6 05e54167 b14ff4b5 +IV: d21181d2 6badb46c +Plaintext: 4b 4d5a2947 fba583c7 14d2d684 fa08b78f 0a848896 cef34963 731fb1a5 7dce7ef3 b9e7090e 73d71d66 ea3309e0 019ff4d7 37ee7161 d98b54d3 7717c387 945390dc a141c67f 2d8681e9 +Ciphertext: 9c 8c36190d a49a5dea 5a5bb26f a1945ac6 e60c5381 a8c4d24f 59de84bc 7dbe539a 2b2e2afc f55ee4b7 e96433b6 73bb56e8 ef8db39a a4a45fc1 21fbd311 2dd7a8cf 17942d5e 9701cb29 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 56130329 830405e4 55c84b9a da837b2a +IV: 04b02f99 5a0b490f +Plaintext: eeae 87228f7a 57573fb8 ece6e800 91be4a5a 3dc938a4 68710434 1e6338be 52938677 7480027a 46b98f6b eba0975b 406e00ec 70775bb6 c3b05ee9 b76e9433 527053e4 b620ef50 f6162d74 +Ciphertext: 2e57 ac6f4863 c5cfd696 eb24bb06 7dc0e9e4 9e3aaff2 2a2276f1 1d7c20e7 9fd68725 4622e3e3 a98f3759 54a0aeab 76dac8ee 5e8eb6d0 ad79b7c5 1b9d74b9 14855379 21e17c75 cb564838 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 28defadd bcfb5dc6 0c2bab81 33edfa18 +IV: 2341d733 f2af3c3c +Plaintext: 758abc c2107601 1bcc2878 4eaa6d4b 30386e90 cc6132c0 0889646a 86da5728 c9d847d3 993ce2f3 a8ff0679 75b5cdb1 711cc772 61f58698 031260b3 f4b17001 d108de9a 9c2160eb 62e80165 +Ciphertext: 6b06f2 156ff9de 1884441b f1031ddc 0e6c61d7 f6ea4044 24c1c602 07b4cff9 b5fd8582 79914ee9 3c44305c a12938c3 24d44955 f30cb4c5 1c5a847c 47ac441c e07b1e0f 6e31440b c436e254 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 1b832276 d2e1beb9 0696f26a 4fe6bc1c +IV: 451f03ae 9d2dd77b +Plaintext: 9568fbd1 93b0a0a5 08bc7484 9bafdbcd 84ec7c1e 352c000c 40ce1617 756ebbdc 4ab8b88d 817e6c9f 0409cbc2 14ada716 a2a02f9c fd0db5eb ae63b424 a0f31127 85baa107 747becbc d7123018 +Ciphertext: 84c7f08d ab3c74fc 8e6a86ef b14fa101 2cdc11d0 213ce756 49be0e74 142dd15c 2e206c6f 024852de 8837b99c c5af8a46 d4f6f6b8 11dcb833 2de760d5 60a23234 6fc27f80 3089bc9f c062b602 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 8404a9fd 2a5a10cc efb06220 5789e2bd +IV: 68e561c3 0c16bd28 +Plaintext: b6 cfa86448 7eaa6e35 db69e8e2 c1299653 3e8f1503 e6aaca13 6c3418a7 7314d68e a1280021 f542ac6d 5b704094 7e81e370 dec4317a 221333ea af108e20 79affa43 19f5f628 21ffbb75 ac456e06 +Ciphertext: 67 7b68967c a8a4ea6a a3884756 f09846d2 9b9ffc50 1ce11f97 498dc1f2 fd822db0 bd985680 b2b0892a c4026fdc 65c1258c e6fa8f07 5ed2c441 e8e7875d 013a1872 061f7409 8003795f 1d2bb530 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 3920998f b98adc83 e625e035 d7808d3e +IV: d1957d1e 6196b026 +Plaintext: a7e9 8195f571 d801990f a2f8f668 7ee8dae9 b93c0b09 7dc823ce 45679e93 94e23208 e7145f7a e84c4655 e4f3bee7 7f6fa566 a7467435 c6871663 3c66fb75 0c266865 d53c11ea 05b1e9fa 49c8398d +Ciphertext: d716 5a37a952 c4b12bd7 23de0b81 9f597086 279b322d 7a99ef54 3610b762 2f54e605 75f8061f ca4bb721 ed09a046 f0b06205 07c8df31 58595c05 238e365c af0f9e73 b238b1c6 42b639b4 1c13d270 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 48e1efa5 909d398b d043535b 49629ec2 +IV: 7fb8f107 34533348 +Plaintext: 96f62a 07b8be8e e53f0562 ac5e8784 9304c382 be53a5af 05556176 f6eaa2ef 1d05e4b0 83181ee6 74cda5a4 85f74d7a d6c8d14a 95447557 c3f5e99f 3be1716b f0b94324 76533068 c45a875d 38453745 +Ciphertext: d14903 0dcd5087 0b45110c e4af057d c31fda27 69ab2bb7 9f955252 32a59940 f1450e21 c310a0d3 055e444d f02f0796 a277e6e6 f51ff4e9 2939579f 074bd907 16b4f598 5d556002 a19bc340 e90095ad +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: db853353 e7031bbd 86c91813 ddff08cf +IV: 491adb2d e8503c3d +Plaintext: 5c4f7436 cb2e8c0d 2aa4b246 bc78df0b d538b67b e42eae44 b0907374 e2f78a8c c41234d6 489c96f9 4c8b16cb 1c8b0866 39aa8a7e 5955acf2 ae83d5a0 6b30627e 850d8fe7 b6769b32 c8a42789 1024e0f8 +Ciphertext: d4ba5638 ef9aa740 9a48df52 7ce35a97 704109c8 194840bc 3370c850 543ba738 4cbdb549 82a9baed fb5e7f56 4886220b 76cb1a09 6364622c 6ce19923 53ea2d66 a70b2c33 ed3dc95f 4a547005 9a2e92d9 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 39875dc5 435c4a00 ca5bc75a 8ce30b3b +IV: 26a74d0e 1ea4e4e0 +Plaintext: 26 56ad299f 2bade95d 38f7f7aa 2ad0968d 80124a4c f8ceea2f 4735f587 0db929ef 086f52d2 88b8612d 2320bd96 a986de7e 5b7e17b3 57f3b328 571144f9 9b6138aa 2436adb0 23498732 b1a0bf10 c0b4fd25 +Ciphertext: b7 27d3cec5 293c1642 1d3d56dc 47129fff 461269f1 3357f7c9 f798601f 815047d0 75e18f91 1e9e211f 3b289350 065a9054 d9aebb4b d34153e6 bc395467 56325a4e ced2073a 9179cc40 9f462800 d9f64f59 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 52d26ac9 e9c2bf9a 3ea7a37d 352633df +IV: 11cae241 e4a783f3 +Plaintext: 4a3e a41f57a1 1e0aced8 ea979482 360d64bf b819c34e 431737f3 988db41c 7ef857c3 15cc5796 67b63856 4024417d 40073123 2ed72e22 8fd8fe79 779d79ee a0ca3ef8 b91ea6db 00b0f615 1378d9f9 03120d9a +Ciphertext: c8bb c022f144 0d6c051e 82007269 4549aab0 0f9fa6db 051bdf5e af260be3 b61b783d db470f1d 7ea97664 301f1b22 2d416739 217b1f02 1c707587 74f11dfd 50aea606 999a97b0 7b0aa9c7 a2b76424 b3924dd1 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: abbf5cea 40adce23 29781d66 10f069a2 +IV: 391d2db8 128072dd +Plaintext: 0c9c42 3faab560 ebd7d836 ee7d1b0f ba532686 ccf7f23e 8c3cd1d4 75c5af12 75d39766 975b7992 df5c2aa4 756fac29 07a0b09e 687c5927 7d6b4384 5940c440 a70f712b 483ee40b 3edfbd8f c93de784 cfb51d4b +Ciphertext: 2e4ca0 f14596c7 b1108704 7ecaf701 9737b12f 31f0e547 d6460273 c4aef54d 32c71077 fe9bb1fe 44552dfa 23c1b479 2672df71 5984bbb2 1c9aede3 52718130 729e2f32 dfac71fc 9b029929 ad161477 5a9b9e93 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 81c8ac8b 3c6e7a23 adac4763 3968337b +IV: 9c7d8033 d00b9add +Plaintext: 30105488 dd3d7577 610273d2 92ec7e9a b930c0e2 f488e43d d93dd573 5c85c878 f3107c9e f8dec009 4e533763 478d58d2 c5f5b827 a0148c59 48a96931 acf84f46 5a64e62c e74007e9 91e37ea8 23fa0fb2 1923b799 +Ciphertext: fbfa9be0 ef9a1f14 0027be10 022d2eb8 19260feb beb100d5 c7929974 6a7b977d 4f878445 c7b89b3f 4f088ba8 f7ccf612 b34a5e8e 89a87a66 85b9eb80 7915b109 2cb82f3d 6b2b1676 aade57ac 254369fc 2c6bcc23 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 05b733b6 31e6c7d6 860a3831 ac351a9c +IV: 730c52ff 72d9d308 +Plaintext: ee dbab21fd e143a0ea 17e23edc 1f74cbb3 638a2033 aaa15464 eaa73338 5dbbeb6f d73509b8 57e6a419 dca1d890 7af977fb ac4dfa35 ec02be82 81106d2d 99c0b96f 97b45193 ae270d58 af766c97 1fdf4125 8d89a9fb +Ciphertext: 7d 10109077 bd90d09e 6a1f867d 418d8479 4c77d079 a3a1424d 1d3902b3 19a092ab 47a8431a bad65696 c74a6099 332fde3e c6a5ebfe 5f883fc2 d60d4de3 58e8c5f5 00a19271 b2cf7e12 904bb526 0917d692 803af14a +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 22c54094 7a949597 b269dbb6 c330e1d6 +IV: 0e8e4470 386be337 +Plaintext: 37ae 93fbad47 14cd7573 44647c3b 93bfd33e b70c02b1 a1c99ea4 af291e87 23b9eaec d443b58f 23f20d93 31b8300e 4fed22c8 b639fc40 79b387f0 b74a09d2 15655f23 6bc64c67 beb411ad 6f593e14 b169c78e 40045ae4 +Ciphertext: d576 bccb17cb 4d556e1f 5512f461 8966140e 118ef83c 75d9cfca 66db247a f015dae7 9184496a 3c161dd8 65ed2191 03cc3482 cdc19cd4 2e3dd3f4 0e44e57b 1021ec90 9a00d9a5 8fc0c6c3 794e9a06 809dfffe e46a8686 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 51def0fb c49da355 a182bfda c24c1bd9 +IV: cd59aa4a 660f4d56 +Plaintext: a27aeb 19be36c4 a6119002 4b3fe891 17b05a31 9a409dca ec382aff f17ea105 da0869b6 ef9697e1 8ca112e5 6a8ef47e 202833de ea4d8000 a8e76f39 2a1fd910 aacd7f4f 9a32ef5a a1e9acc0 e01b8910 79f356ee 5251be65 +Ciphertext: 186200 8b98a850 e668be46 273e11bb eb7f5e84 201792b3 3aafb4ab b99d9959 d16d6299 060d385b 79224221 1d8a4287 2a11c2b0 6c8dff1a 3e8998ec 532093be 6e73e27c 43f10509 f0cdfde4 5c965cdd 644092a7 f047d5fa +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 16c3707f 7db17d13 ced701df a2f806d6 +IV: ead1a5bb 334d6eef +Plaintext: 29f70b88 5ab41fa2 3db274fa 739c56b9 4c103a8d 8d52a4fe 71424700 ed8b6dc4 381e99d4 8bdf6b5f 269dc5d1 93482ca7 2e5e7182 e5a7907a 3d22d8b4 953f4c37 af4e4afb 6c386a43 d76da92d 651dc788 7cabede5 315f93f1 +Ciphertext: c6d44002 b23f3545 6fe65586 86912923 61334d3b b99414c2 e57cb2f7 20a556ef 81018ffc f7f48d39 18916504 3f4d65ac 2e353750 f15a9fb4 0b8ad963 d6d5b19a ad1f2f1d 27e83125 a673ba60 6ed40740 cf2c80ee d01250dc +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 565ba102 b4d0d4ef 95716425 8628e4f7 +IV: 5a086936 7284ee02 +Plaintext: 3c def7dffa e2750cc5 d3ea10d1 a6cd95f2 6e30795f 18a023b7 584d1341 e36bbd78 dfd798c7 97fe7291 74fb0674 29ffd0cf 2df62081 6e676ef4 449ced5b a3046237 96d53720 e8f5cbc2 241b0d26 c1324933 96fe4274 9401801b +Ciphertext: ee 1f7e8f4b 3f890c4d 5ed40874 fe1823ee 36e7d4ac 0a1c0dc2 33f38847 b5c8a194 54e3aaea 2d780465 8e3aa6a5 14a2d3ce 587e83ad 2a432380 0eac4773 90a8cd08 dbd5821c c8256e07 a9419b91 78cbe52c 5dc87fa8 ff8c3ed0 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: b3a0eb46 2d829982 eb39e58d 3c24c161 +IV: cd934d6d d62da826 +Plaintext: 918f 05bef036 02338f9f 368ce8ac 0960c64a c997fc51 fa7456ac edd4d0b9 94b006f2 94e9ecce 9c45bfe2 f5b43b4c 5bd90f51 0cc58e45 1e06a7ab 15e0179e b5dadd70 157dee90 f5582bb1 51479028 37f5ae96 d5a05bc8 d61ca8db +Ciphertext: 3dcb 0d08d541 59bf1ecf df646032 25208817 198adb74 633f5204 e7a15784 44ad9162 a837ae31 a7fb12a2 b5ed1894 4b3554d0 3edbcbea 889f41c8 5c68193e ed6f070e 92d3b091 b9741919 f14ad119 cb710733 c2be4269 fd9ea6bb +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: ef1b13a4 b4abfe4f b1006045 b674bb54 +IV: 72cc4e0a 43bd8b61 +Plaintext: 4dafcb a2cac041 83a00c2c 92392c51 d78ffca9 b586a157 127fcbdc b82a388e fa9b7a47 9aa1f95a ea533bcb 32eb63bf 52d8f831 a80ee8e7 34a1cda4 fa926ea0 a8e98935 7903d0db 592e3156 4a735a2e 06b37d60 e6f65053 02ff590d +Ciphertext: 427195 9a2d92ff 71bc2eb8 dc85822f 09c7c63c 20d687b0 af0d1849 a5a45401 a5c3f4be c2bac83a 73a597e1 d2ece33f 3f811789 5e0941d1 22051d24 b31fd966 ba36fac3 52dcd7ee 9c26b57a 9e4f08bb 7f8c6cbc 28623a31 6622cad6 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 9a2468a7 b55c65fe 079a4bac 18597537 +IV: a3781987 3c49129e +Plaintext: 36e5e283 c4c2f77f 5e872d8c 671e950b 0c0b75b5 6ffd8fd4 05a3a6b3 3cc13f53 6283a55f c2112f62 1063c538 0757a1c3 500153df a6420897 389c0b99 4e448ce7 3079a1d0 44158a1f 76623992 dc2e128d 9a22ef10 044f67e7 030a5020 +Ciphertext: 4a697f51 07b8888f c5aabf49 0a9fdf3b 9e9b2ef0 d9c171fe 71244298 085c20c5 709f9265 b61e655a a940e08e c73ff421 6ad7d4ba 3e72052d e9b65714 7920efdc 152a8f85 053217bb 5dbbd5c8 ed118c82 f2f81a96 49bed8c9 9822affc +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: bafa82c2 696fdebc 91f58f1c 592a9081 +IV: 30cc6ed3 b4165031 +Plaintext: d2 4d342b2f 967b32c7 0aa84cd5 0c650df2 dac7c280 63d2ef49 5940fc64 867e2b59 63f8cd84 e796b6bf 9d86ee3b f93da9af ecb879b5 b608c370 fc0d7073 1a82e4de ba3934ca a6a893e8 daa50e64 de6e7a10 52ecaabe ca39e5ed dd5f96a9 +Ciphertext: 47 4230dc2d f3ca5a59 9f16e793 e5fa4797 cb5fd877 63ab7364 100a32a9 41960acb 20325bb2 d114a606 57a13913 3f0012d1 79427534 ce802383 c06edf4a 720b3b39 e64cf894 d7f60629 bf6c9373 7ddf6dd9 127d3a74 390bb428 7a0413f4 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 796346ac 7982c8c9 7abab38b ea8c1619 +IV: 6101665c 35ebbb64 +Plaintext: 496d 3c0825bd d8cd4c29 380ac958 f1490cd3 fdeff4c3 6c202dfd 57ddbc3b 166fd8ac b209fcb0 9da93adc a13fd245 171103fb 595e21d3 7a41e86a 34d91066 21a721ff 2e3789bf 4e03ec85 6b94bbd0 a2ea083a af1e9943 a6463b50 e59958f4 +Ciphertext: b4f3 c25c39e8 b6f4ed30 4f93f704 b83d32f4 b7d72cfa 54d690a7 329f9698 75e14eb7 811c9871 58a242d3 14e919c5 9fbd37d5 fde47b34 279417af 02c96fed 89a997bc b1d24020 1cf84404 0bcdca1a 1de7f17a f5b3478d 49012f6f 3410cc94 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 46d4cc6d 99dcf572 51a4092c 7d51ad82 +IV: fa9cc399 e778839b +Plaintext: 5af5cd b85165bd 6becbd81 ffd93e67 510f543a d7bfbecf e187efdb 1feab407 64fd1847 a9628567 557a2be7 bcd7a508 e5f0da27 9019224a 77b2abf9 d59e1a4f 25f77550 2cff407d 395ae6a6 ac7b5b00 b55d0077 5e73c745 cce197c4 c1ecf280 +Ciphertext: 0c9b93 5e17ff53 b9f58642 55113dfa 46f2e3cb 615948d1 4dc9abb2 15f8bf82 17e2999d 488fe894 30b4192b 3352fe77 5d3192bc 021568d0 2281a126 68856cad 415be6fd 26314afd d83e5ae9 d6a161ab 9e419839 d9a412ec d361673e 040ea09f +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 66afd591 4810df28 a0f3b667 d7aea776 +IV: 49bc8cd3 4ab5f3e9 +Plaintext: 667d7ce5 edbc83c5 b08fffb1 057eaa8f 11ad63d2 4656d092 2a7647e2 5ac7ef5e cfef2203 61f71644 89febd59 6b2fe9db 14f0b48e 005c1f7e dff4f94d 989103cb 8f9e51c7 2483f325 7c64d531 830ce433 31247244 0da9dc5f f09d6abb 0cfc7658 +Ciphertext: 3761d71b 53aa8822 8a35e0c7 2e622d02 d32e0a3c 2a37eaf4 629f347c 9a7d2696 e6fa8fdf 83132dbf 802f9fa8 6646c070 9eef933c 7dfadaac 310052a1 f1c50a77 6d0850ca 4982072f 81a1cbc6 041b7549 99ba06c9 39f69e5f 1ab81d88 84e3dd33 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 2cf1d1d8 3d4a6291 0e2a10e0 54fde3c0 +IV: f1b1659b 76244f60 +Plaintext: e6 d861d5bd ee922f30 5269e0b7 33abb0c9 b6360fe6 eb2da9db 00553c42 b4bfa648 0fa843b3 509d7523 28e38497 2515a934 710f6542 bc0b1778 770ace79 43765c9e a905acf6 0be0558b da056ee7 0ae9a5d7 c3628b6f 5ac5324e 7f4bfa24 b8baa871 +Ciphertext: eb 6ce7c68b 00739d15 a06572dc c4c3c7df 8d613542 ed3a6a23 2bdf74f7 4acb7968 d7e8d5e5 b68d9590 4a567825 25a55390 4b0ee9e3 0ea5e512 e9b64ee5 6d7a189e 3c76a4c0 620d2552 14ef0707 d31c8cc4 06cfc9f6 7e86852e 757f42b8 a6336309 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 0e41b88f 05a3f5f2 d29846af c970cb3b +IV: 15f92875 aba321e7 +Plaintext: 81e2 6849fad4 b247a524 1085282e 7ddf7763 b3f54aef 44e7cd9a e55d99ec 0dcbe395 bff3f30c a3abd875 5ce05bc8 16db3130 5ec375b1 3763550e 6a2e0bea 1d800f2d a7278aa9 a3220efe 43a885ba e86d68c5 ef2032fd cd38131d 5ef0e8e3 7a906b72 +Ciphertext: bb30 441cd3c5 f66fe2de 01403716 9d52599d c736481c dd8afee9 8475c9ff 4aec16eb 14463b91 14a90a02 70e403db 45abf55d a21d93a4 34804bfe fc74a823 83788869 c605ebd5 1f8a6a9e f05ff4cf abb12fa7 fcfae5c1 72affe0c 2805dcfa 2ff78970 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: caefa7f5 d936b085 6ee6904d 1a1d84eb +IV: 0d15691a 2ded718e +Plaintext: 6aac1a 204b8361 2bcd5232 366e6e24 d385a263 c6d473ed 6a60a802 51810ad5 2b356988 e9b9df57 225b5914 b58a52d3 b02fe2e6 7040f80c 0a91e3e5 eaee18a9 ba682f1a 86ec2eb7 1d1a0a33 ba536b25 e314b001 92833347 9348cefa 2d9e9e54 04aa06b8 +Ciphertext: 20a583 e42b6a8c 7fc85171 08ce800e 07cd1510 6f5ce93b 2555e669 ad0d6cc0 56d52e82 153fa934 b823d602 56fb3363 88fcd410 1f52cf9c d0ca0f38 f9956283 7d3383b8 18fa1289 7716712f 700d1190 f0122bc7 f1b99c39 2af5f8e7 0968163b 927e9dec +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 3e0bf7e8 e5b26f78 8cf44083 36dd139c +IV: 73c8ac07 cc2c702a +Plaintext: 61b9243e d1a4f74a 5a3fc352 42cc90cb 75935a53 6f32149f 5c35ecb5 7ee6d15b d06632cf e9fd09b8 22af195d fb107315 bb593ffe 57bab9f2 95f27ab7 711ef976 c0ce516f 135e45ea de848171 da25223c a76d79ed b61e0c7e 6628de77 6d7bf164 7a190886 +Ciphertext: f563df9d 80d01de6 9980d8ab d19ec57d 1f47b41c 89411af1 5cee4bd8 2b8cd843 c84e73da 609afee8 baa31061 7fe10787 52171f79 80f528ee b2c60b55 0e596b4d 06dd7865 524e8ba0 13649669 dbccae4b 7fb21af7 0ba9760e e00358fa 47fc4750 203592f0 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 196fb1c9 d6e583f6 a5b4a52a 81f79087 +IV: 54061529 17ffa15b +Plaintext: 3a a5c00b46 6ee07cc1 d7583b52 fba85425 6402c591 210a33f8 18dbdcef 9e4acd9f 456e556b f560b9d4 3f3f2999 ed77f322 de43f71e 11715b6c ff668037 2e613466 03042933 d810a519 4e707cf4 e4793c64 c970a772 ef4c6676 61befb38 d66ff855 86896ee4 +Ciphertext: 02 64a904a6 a8e198d1 417c7b0b 951a0b44 053a5e65 d0456b21 2b039a41 6fccf6ce 608be402 2329a699 4604f7e2 69030d14 6fa859d4 66a0072c 81a92735 a94f6faa 74353281 f63eb646 483f8725 a78978d5 fe248da8 e4a46100 9ea21818 a7f78d8a 4b45fe71 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 3c78a95a adf21aab 083495b2 ce8fbdd3 +IV: e424bcdf e7ec3737 +Plaintext: bffb 80357705 0ec74b21 2b5d03cd ed068032 67d595aa 208a1880 c56e38f7 1a7f108d 36cd7d80 f0242d92 95ebf909 dc4c75fb 1b96c5c8 badfb2e8 e8edfde7 8e57f2ad 81e74103 fc430a53 4dcc37af cec70e15 17bb06f2 7219dae4 9022ddc4 7a068de4 c9496a95 +Ciphertext: 2ec9 30a95ba7 bcc72493 d5e6b3d5 db94de02 2febc6c9 5d1dddca 875987ee 124431a8 b6353bc0 a8689c2a 9405f311 cdd02c7b 70380924 0e657c25 d9623bb2 363c720f f716b8b7 6a812eb3 3d2b6061 88d68ca0 fd22d4dc 6586e0c4 bbd18bf9 db83d798 cd436c6a +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 1a6b09ed bdc864c7 adbd740a c50c022f +IV: 3082bafd 22d78197 +Plaintext: c5d508 b977bca1 3f32e652 e74ba728 576077ce 628c535e 87dc6077 ba07d290 68590c8c b5f1088e 082cfa0e c961302d 69cf3d45 a3d356c5 025ffc3c a4a7dcb3 3d1df340 5ea0f5d8 f8f0f065 1c662c18 04e25701 5704dedd a99f9e2f 416abc92 20f9d14d 3fec4b28 +Ciphertext: 5dbf8b 207c9181 b4650a38 050980e9 370c8053 5726ae46 f3fe7d8f c48a0a5c b7715ff5 1b14eb02 3aa83479 784fe877 9e3202cf 7a53f157 e41cac1c 64d957d3 b21b874f fce0301e 5555123e 38d183e7 d999e642 23d1faf2 3295aa64 9eef2e26 54f39d33 7d045238 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 1767107e 66c26494 31810c29 0586b34e +IV: 83858e78 1cb93cd4 +Plaintext: 18d5f0da dd3ed125 6e77a182 32dc9d47 f794a5e6 36c19dc1 98f91340 bafa2221 2d999610 c2fc5078 0409ed98 051ea2d9 5e036a5f 711d64de f1e476af a5973723 682e0c17 759091c8 e1063ae9 69ef3af3 6eb6a3bd 3e02cf4c 952c00ec 64f6437f d07a9a16 7e6059be +Ciphertext: 9bc526e3 c377a31d 72a16a88 67654975 f2cce828 628c12f6 ee907162 5b305e16 a249918b 20a5462a b5da0c51 f9f2ecda ef4ab092 2e993582 114be781 5c6ee7c6 52a1bfe0 1ee621cb db2b823e 30895b90 1f92faaa 31b77812 4c95ed2b a9916aaa 48d9af10 0b2218fa +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 0e54d19d e5b72c3d 30959827 25d8a8b4 +IV: 8cbbf620 7f810ee0 +Plaintext: 6e 66873566 d6730292 ddfadb02 df415eab 8991c6af 07b5bddf 77a3727e 9e5fec48 da1d9eb3 58a63b75 87fccb46 cd41ffe7 78d5c163 f7bf1095 4a4e0bea b7ff4b69 bfa276f0 50b911c0 3c21963b eaf4c7ed 4cad41ca 108d54b6 1b3e124b 33b7a6d6 fb5fe8a2 25752e7a +Ciphertext: 00 f1350b82 c3b9bbe9 730ce474 e623d597 a4a9b1fa 23125856 775fb2f7 2def92fb c0a1fb3a c1d246c2 365d5745 ea2d5959 c8a5f2c9 a6015695 a2b3a5f9 877ebae3 56b46eb4 df4b9383 1e50db5d 28fe69a0 98da2525 551860e0 24446e7a c9dab4a8 20042668 fbe1025e +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: e3af6469 9e215fc4 eb616e6a bbe9324b +IV: d1bcb027 7a4da598 +Plaintext: 789c 19533fa2 37ab64ef 5c575292 6e743f39 6fce5e99 525b5610 0d08f489 efb81ca1 348a0608 d75ba729 a78d6c0d 9d062e7c 6d7b6366 5bee9182 50750935 2d3ed1b5 5fd0e26e b49393a5 6c93565b 9481a274 8ffb3018 f60c6a5a a2f72117 06307e21 c2ac3b9d 765a12aa +Ciphertext: 767c 1e555778 fcef3c03 7d6e166f d60ff9d5 f082de6c cd9e2b24 0c540a1b 7c3c1abb 0f522325 c02de6c1 a128ee66 06c926e8 27fb6d10 c2a78afa 560367a6 998e0ffa 2f23542e da90c99d a69ec7d7 ae9b003f 2a34abbc 5bd42224 c3402f74 bc91b52d 1bed3f51 f9cb4ec9 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: d4f27644 faed8267 fed42f77 cabec9df +IV: 2a15a4f9 23980b2e +Plaintext: 87a679 5ec6b90c 81073136 8f7753b6 9ee191c6 4a800b96 5a1157fa a12b7d5f 21d34604 774cb767 732cd8fd 06b5ba25 6161b75f 5bbffcb9 137e458b d7c7e864 45d11544 b0af5c0c c66c6f32 6f592ab9 f8a6d061 7030981b 529a68bf 659fe001 e1a69aa2 d397b0e3 c2ee7f3f +Ciphertext: 05095f b9cbf9c5 eb7eed71 f8a06d3c 72348e4e 3f97484c 50a1441b 50eab35f 739d2f6d a732f095 63cb36fe aba0ce91 61ca2ad0 56106fff 1a511ffc 4ba552d5 8a37a0c8 63ec4d7e da8e0cf1 068763ea 3ca5e2b1 82b071c9 c92d7511 12ebb4f0 6ae3c66e b1f7da74 35974448 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 930eab59 aad76434 527ae7a2 5f8c47ff +IV: 125a6d1e 3c7d5d84 +Plaintext: a6aebcd4 b1db8f8b 3a7a46ed c01df940 c946f137 817d6ab1 a5a197a4 9f7ce753 f39987c8 d95a287e 2b45025e 829f19ec 9d3cbfc3 02955a3f e71b6779 52cbbf78 800319a5 8494d180 3018e892 38864ba2 9503582c 28fb9e0f a071e486 9d936d59 15927b55 f8b012f9 0f9bfe72 +Ciphertext: 3f15f7c9 a841e832 f1ff59e8 8b692bb5 cc83b38e 6d34629d 6eb28a85 959e82a8 869a374a a3dd2f4e 02aaae30 3a06e9fe 5de21e6e ee047f61 419aa744 a9c45b64 36e503fe 5f5963a9 2c731f51 7b1db9bb d72d560a 6c9e930d 4dfa45c8 1ca8bf9f 774aa6ae 95430231 9b4d1d5b +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 2af918ca 7a44c45c 3cd8be8b 974a17b3 +IV: c8fc7a60 7ceeb4be +Plaintext: 7d d7735191 754ee6a0 2106ca14 a60c3985 53431996 4f06e91a 2d6df47c c0ccca5d 317df07e 4ee0d7e1 259f0b2b d237ad4d 95b42363 28bb0edc 4fce7cdc b0cc60de e5b73f9e d0ba2b36 2e6bf587 6f4d9fda c69910c7 7c3e0b57 89266265 65bb674a 1caaa4b9 a1e6cce7 64f1f1ef +Ciphertext: 34 c6ec26dc 07ea3b61 9e52f6a6 4fb65974 24f3346f 11d8b284 b37d405e b03efc35 65ec61c5 1ca7f278 132a7a7b 68ffa934 43d44866 fdaf572f f7a5ec2b 98ee25a1 97fd5a5e 2fc15701 5de182ed a0b58414 9da292ff f7b24607 4e8ed3aa b5e86020 bcb68a06 24c602bf e0ce0162 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 2657f676 0c7b488a f395c9d0 04fc0ddf +IV: 88a1c9e7 fddc8896 +Plaintext: 696c a03ceeb9 652d9f5b 9c6792e0 337436ca 2f92e7d8 e512c087 6dfeb1d7 54fed152 917cf54b ba078164 78f57e53 394dede5 24e45b42 52c5b674 3bd65f23 6eb980a2 86f1a030 59467577 726af959 c2dcc0ec 920d88c3 bcc21270 1bb93046 408f2064 66e118ef a8b2229e 720c2a7c +Ciphertext: d0dd 740295d1 06c6da8c 60b76529 a90d14e2 fc1ea279 7e95481b 63858863 ecc90250 93f64504 090de1ee c37dba51 aaf70894 c7127ab9 39847d8f be9b895f 98d0b86c 72865f8f ed7718eb be0d9d54 1b261589 1bec45c9 ec391842 ad88ffb8 f1507ca1 98149480 549b6ee6 99629281 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 36ea55e9 605695e2 8bcf7b83 f5ed4cca +IV: 3048569e 1b958410 +Plaintext: 111231 e060253a 43fd3f57 e37607ab 2827b599 b6b1bbda 37a8abcc 5a8c550d 1bfb2f49 4624fb50 367fa36c e3bc68f1 1cf93b15 10376b02 130f812a 9fa169db 99ced213 d6a7d695 de24de3c f01ac090 46672b97 996f45ee e8cd9217 76421815 12f1c136 9acf0031 c255b770 127859af +Ciphertext: 1de6fb d0fc2eff 5bf3acce 6f8412dd 2ae8c857 489fc36e 266bfdf7 078c300e 09fd48d7 c4db414c bb855b43 bf5ea106 550fe19a 17a76fb1 e3400c19 444d1a5a 31802661 6d06bbaa e7291272 5b34cdad a725202e f7b6a6c1 40e32cf6 2cb9f6c9 fb1cb3df d4fe5b9b b00e57e1 fa089710 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 2eda4cc6 5a4291c3 3d4aa63c e557abe4 +IV: 0ccec55b 9a85c04b +Plaintext: 6b78f8b0 51be7977 5dbb654b 5a9696ac 9bed8541 f7c86a6f 11cca52a ddb25d0b 5ff767a3 b6d46910 5a703fcd a2559dcf 8920f6cd b17d9ddf a8532b4a 6b3c209a 2838cdf2 48a271a1 ad63a2f5 3865ee54 8f4bc388 1d5f8c5b 5acb1d64 4c0d5120 4ea5f145 1010d852 dffa556b 26b0d164 +Ciphertext: d5df1ff1 035f673b 8ab64941 3388159e ca71a3c7 531ddb85 839c039d 9d365882 d7efad65 d462c6f1 e7d13085 68525938 d18a052f e74a098b 904bc32d af993b4e e2cf60c3 5aea123b f640ae56 d1d330cb bc0443cb 53f0d3d4 dd14b25c 7ea7f72c 05c13761 8ee8b3a9 051bf4d9 8e391359 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 35d4b21c 42547f0c ad9c441f 890b38c4 +IV: 57a49d42 1407e84d +Plaintext: 77 9f22d674 1c8e2704 248c2e28 45bd192b 2f682428 201cafcd 9f97945e 6de7b7fd b9cfdf28 936cc483 a31869d8 1b8fab5c ea511a34 33470937 fda8e1f6 2c1ebbf9 b0252d4c fcb4633b b9207259 bc3deac7 36c6aab2 2bfff91e 2698d2e2 2ad57ef4 ebec69e7 3eaf2eb2 cf6af4b3 120ffdf4 +Ciphertext: 57 4ac883ad 58249d22 a43b6517 b8af5e4b 345dc67d 9da0419a 730d54c1 7221600b f10de64c 0338d7a9 652d8d62 7de7e0b2 e44c1646 76a2aba0 a961abc1 c85d74e9 f71426c6 22fe50d1 48998c19 cfab350f a3611ab2 db395785 dfa7ff54 7e61c06b 87a2d3af 6d64244c a5037730 d88b030c +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 7c907cac f28da709 822f0e2c 51542b76 +IV: d4ec3a02 43a24b72 +Plaintext: 4bc0 95ef044c 0d6b2277 37296f39 3c807935 3edc87e2 e805d2ec 49a4f2d8 e20397e8 fd14793e 41b59243 84328a4a e00b7371 09f8b6c8 dd2b4db6 3dd53398 1ceb19aa d52a5b2b c25932bc 0ace2b0a ba33d8ac 188ac54f 346fad10 bf9dee29 20b43bd0 c53a915c b7df6caa 72053abf f37f10ae +Ciphertext: 6e42 7614403e 9eaba1d7 f27bc276 54928f0e ab5baf3d 89253489 e34f12cc 9e306815 455721e4 206f2406 6813636e 336345ba fa6289c4 786a84c6 50d2fb06 ffd19005 0cab0273 1cb735b7 64f5ada4 b22e38c3 5f4754a7 066bac9e 7c690ae3 1574208b 1484481a 1fc4f98b 795af2fe f970e957 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 12999cbc 12595bc3 77050bd4 17e56420 +IV: 744a0319 49d0a7d4 +Plaintext: 63df9f b2b27883 3fa02e23 5aa172bd 970c1473 e12907fb 648b6599 aaa0b24a 03866542 2b20a499 276a5042 7009413c 5327d30c 987da16a 62b1903b 56e310bf ff839e0c 71658dbb 2d1707e1 45724f41 c16f48bf 403c3b18 e38fd5d1 663b6f6d 900193e3 cea8bb4f 1b4f5be8 22032232 a78d7d75 +Ciphertext: bc26c1 23eae682 04846d01 a5d7c0a3 87922a37 4c6b113d 3c5f0f88 c3f8af27 5ba73b66 5a494055 a364c573 eed134d2 e68bcb87 a7612481 1a382f9a 2852deb5 b9366d80 22f9d008 4ae8abe1 52380294 b7854935 97d75c96 357e2dd6 ebd85d37 6758ef10 1ea502d8 4608c1ce 71491999 9a0c07df +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 238d5e6d aecd3b43 22cf59bc 7ea84ab1 +IV: 8811b5bf b7bc553f +Plaintext: 4fe44478 ce287a14 879990d1 8d12ca79 d2c85514 9021cd5c e8ca0371 ca04fcce 143e3d7c fee94585 b5885cac 46068b5b be4decdd 8f1424cd 36f82dcf 1bcf597e b93993a5 fe77e8b1 f5814766 a25285d2 2e87a47f 442855ed bac6bb3f 74c67235 85fcd05a 987c6b7f 8facdb67 699ec1c4 699d0862 +Ciphertext: f53ff045 10788406 6720f826 3a99fba1 faafdd0f dafa5eb7 ab8ce23c 45c5d8ab 979c2d89 21208356 1d5404ea ada8d0e3 853329fe 6997fd57 b034d2ef 9b1ad83b fb745743 eb9c8018 377cfaf7 80358757 a0fd6a40 20608bf4 d470e51e a1b64f5d 834a8601 d8aff4d8 e68a24fb 2732dac0 af4d7ac0 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 74066aa3 bc5a362b 9b9051dc c1b07b05 +IV: 929dd4d6 ca329f18 +Plaintext: 63 91451bb8 b89defea 566ad683 dc26fa59 d6fe5cb6 7c1d0db5 842da0ef 3b1bdf57 d41bbd63 00ed8c6d bf5e7058 75111476 407f9ba9 893ddac9 d97ec446 eed8250f 0f4b94b2 9c7fa2c4 e94d5883 4c81e1ba 75de83e5 fe63d496 43cd2a17 745d5351 e9db86ec b5db9ab8 7d3f764c 8bfdc9ed 1e23fbb1 +Ciphertext: e8 8b50da9d 09a87d62 f9f29c23 be46a508 6ec33f58 4aafd4af 051e10da 35be3f31 25c344bb 32eaed95 4b6208ad a7cf9d6e 669c2389 aebfdf91 bfa19a31 a64a3f9a 169c2621 cc0754d6 2450ec3f 42e24cd6 332a8e93 d1398ba7 17496d0d 5c66f5fb e1cb6100 9a3c53a6 26abe229 363f3b1d e5f59a06 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 041863e3 6b24baaa f532cfe6 0ad57d5b +IV: 728ada11 233db2fa +Plaintext: 570e 34d6e254 ea54c3e2 ef7af98a 5c4698e0 03961b40 6045fc13 cc97824d f4d7db3a 8a3e6a7b 3a17624c e0219408 f83585ee 5528c425 17f37afe d711437a 24293c0c 33ed5e9f d2420adb 9ea1e4a4 76bde5e4 2f66ac8b 89ad15d4 62490dc9 2a39a509 97ab65c9 9a1de219 91c29268 be27e04b f8167c7a +Ciphertext: 4888 cbaee64b f8fc69be e46cf946 559c8fe3 4a447031 e2bc6438 d0fadc0e f60b14ce dc9a18ed 693560b1 e4aaaf80 afccbcf2 26aa6508 f521cbbc 78d7177d d8b4e4dc 45058fb6 3f86d617 e68a8fbc 046535bb f4b7acb3 6a0959ea 711c0641 32adc621 ffb504bf 264e7f23 999c2748 9309b72e a22d99d2 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: a0bbf51b d7058944 ee4f3cbb 1e402700 +IV: 7aef138d 214b465c +Plaintext: b8bb9d aa1801db fb436441 5e9d0e5f f259b329 a931734d 4c5a02c4 bfb706a7 874dc045 89f7ef72 145af122 221c2c36 db51ac95 5b360d7f b5229c1e 38b9b95e f16380ff 70fda8e9 cfceaabf f1bc26b6 08bf83a8 5a97d764 44ba0649 7f912d13 a2e341f4 e892f3e7 3485d741 52e5c688 808c8189 2dba96a5 +Ciphertext: 6656ec 6004b588 23ccba41 8b4835b6 655b035a 1f4c4071 40fe2075 1c64d1da f26dc933 182f47fa a7088046 86bd993e 30ac90c4 4c12d123 4647fdc8 bc1d7787 d02cdbd8 b292bba4 4d1b5433 32adf148 ac0fe69f ad5730ce 92be7c4d 3cb8e2cf f28ab93a d133aa8a 48cdd2e2 0631bbc0 b571c77e 727f6bc6 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 000a886c 1ca52a6d a3b64c4b 781e9914 +IV: 4a68c0cf ceffd254 +Plaintext: 4b9eeb61 5c0915e9 f2fb69af 985f7814 fbc2e92d a9096319 195fad92 ec7213c1 72df0c57 70ea1bd9 2073f33b 7a26deb1 b2f15fc2 02bb169e a953e5b1 34a65178 fc362b94 f0c76f1d 945b6c38 4a6125ec d12af831 0b9c7d4a 032ab155 2e045421 f18a8f3f 6407da5c 569c1dce 917a156c 5e54faa3 4c155fc6 +Ciphertext: e1ddb43e b0686a83 b8b74214 53f50d05 fe0b7183 617c9e3b f11e8e15 5f863745 867b4023 e18bb3b1 b6d960a2 846d7289 b402de99 793d58db 81fc6b36 9f4f8e1f e591f353 1ecd5c55 67605d77 e8d192dd 72bcc43f 825e80cd 9f396401 d44817e8 f4e143d4 90ee2c92 0d032528 0522aa9f 0a8a051e a9c26661 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 2ece59a6 63f2e363 5ac58181 5412243e +IV: 6c1c4e23 d5d876da +Plaintext: 64 59ae3f4e 8c83b932 2525cb5a d9c8e63e ce498249 50156de0 c54762a1 e310dde8 205c2e98 6ab2cc18 195ced9b 22c953a5 8d2f69cb 29748eba 7e4fb17a 03ab1ef4 914c97b2 18b4a7e7 914833af 33af5297 ea7b5f60 050b4c00 2eaf38ea a00e448f 94c5a325 fc51f1a7 742fc61d 76418a1d cd748b92 4ca04cbc +Ciphertext: fa b2ccef05 920cf681 ca567045 25d2c959 8f280264 26c14f91 a407f745 646bb0ed 0ec3b3f2 f3d6bf13 d31dc0f3 283179b8 63882751 24202614 bc8daf76 538ec6b4 d0853768 99685916 2ea8da19 d826136b 61310677 62088b15 8347401f ba78a1ca 95cf3ea4 4ca1a788 a1f4303a 8be807a9 87a7a3d8 448fe576 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: bfb02178 2202f8c2 11117a78 80515360 +IV: ac5acd6d 5149a43e +Plaintext: 1e63 16e866fc 39f51898 91adf14f e294f076 43330b7b 741b2011 71282e8d 4703c590 27eabbe7 b9b421af b20f75bd a90d193d 27df0498 fde0b89c dad574d7 1c72aa43 e721b329 7400c23f ac281713 f63575ad 4d03d570 95b55c42 2ffc8bed cb96b6c4 7d14b789 14e1e38e a7803d1b 7015ea10 dd27e5cb e5a4f44c +Ciphertext: 9e63 9f51e8e4 012ad938 c453aae1 94216fe7 c24e17b1 60d60989 5cb4a5e4 ebb70d1f 10306756 aa93e79c 3ebcd0b2 44ad5629 53980904 1d4c56cf 80844beb a394f8ea c33c0483 7ddf0ecf ed4ef7b0 7fdd7d13 d4991ddb 6150904b 5df76d98 29899d36 df24f5be 533342a4 982c5cc9 3056fc7e dfe1c698 c01bb0ba +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 9925db97 fb74cf5a 124c2dd0 3e5f6ce5 +IV: ca9d519b c0b461ac +Plaintext: 01d39c 7194b468 023fd9cc 9f5416de 4fce4f7f c69c8345 8c3d09b9 5c8d1ac3 cbdf9062 2a4beda0 ac4a9fc6 cc8083cc e9d8a713 33d65457 cb294cdf 268050f6 b39fe59f bdb25885 92e10031 e524c37f 7159db53 df94da88 eab6ec29 c1415de4 ac6a5bbb f370fcfd fc2d8375 b3ebdfe1 2e7874a6 927d1ec1 300b7301 +Ciphertext: 6609bf f2faa2c0 24f3673c 198169a0 7deea7b0 cbf55f41 26c1a9ef fd925d8f 3efe41f7 77d6b2c3 3a60e78e 71d5929c 43d51531 3cba271c 96cd7cc0 875fd931 7db96591 f8c6c69f 5ce46bdc 974fa95c b6591f25 7abf8712 718a4e3f c743287a 5acb655e 6dc0348a b453d1c3 810a6b71 87abe950 7bc3d52b f9409687 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: f4774973 0068791e 942ee2f1 3155b0fa +IV: fe7aded9 6a5ef973 +Plaintext: 133927eb e75169ce 88ca1d8d f5c0c731 6893104a 7a820f28 8d7cc84e 6b32f224 2b71feec 55af54f7 46e4e019 d59bcd5a 364890ee 1fdc2968 2a97a52a 7b1de820 a2cda9ae c24ebee6 f36a9aff e6201402 c8f46ac7 688a8520 9b737e54 e04762cf 40f43217 78552e02 5a075327 71782392 e440a4bc 9cb5abba a9b95ab4 +Ciphertext: e78c58df 373c9e47 548e9d3c 99d737cf e69594ba 4aebebf3 f58a5941 09f268a4 3f6b50a2 f6238823 58b0e019 fdfc626e 403ff438 7466f2d7 08039c3f 5860cfe8 d4c7fc2c 19d6c767 a4aea8d8 944e53d5 04f6d09c 20964435 0d01c836 b871276a 696b4f33 849b3bea e6ea9dba bc4d3ddf 75922421 edb970d7 b68404a4 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: e2d7e899 cc8fa011 beed2db3 42611479 +IV: bdca8270 53d448b4 +Plaintext: 05 84249c1c 114232cb f602e610 45fc83db 3e426172 20e4dd14 3fba06dc 575d99e9 207730bc 223db6e1 cb391ed2 bf4d5418 6ff574b3 edcc3bbc ff52bb49 72ec5291 b02cdc51 9553286e 7f14a9db a49b6ebd a9ce54cd 70d37bfe 31d2f661 ccfcc745 5dcc0aa2 118c70b8 391ceff3 9defb812 13566a88 50018522 fdc221eb +Ciphertext: e5 dee167b1 d72df2fd 618862bb 7e5cfa83 b429d483 5e7269a2 4aa73f29 8b04e902 faffb48a cc13b01b ebad127d 7cc2a091 6e665a95 76f8366a ad4d015f cd250221 3ded6048 590ab7e9 e5eac803 48831f6d 039d457d 80a537ff bdfd6b67 12b5e632 18376e87 6e5115c6 7ac28251 63de55a7 356262b2 08cc3a77 c14d6110 +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 0e95e04d 4fde2178 3ff17608 22d759e1 +IV: 52501a5e d6141cac +Plaintext: 355e 41708cab a3b0dfbf 85f0adea 899bc789 23a562cf 4d6f6ac6 7ceb1990 d300c9f3 97300615 e478e883 9e779f78 a9d3505d 5dd9208c 34638e59 c6ff0553 f84db1c7 70a99386 4c0ad0e8 132a4f11 ebe88273 0dea8494 77866512 e0e3c2e4 f15b98e2 b2245988 433040f7 cc51e23c b6a107d5 1c21b771 7ca098f8 b3df77cb +Ciphertext: d949 58578eb1 26517275 2bafbb97 391983c5 944c0e21 dd6a72b1 997275ca 44f4d10a 731b21ff c077f7fe 70e3a88b 8080dbe9 c4f2115f 4a6c8685 db66566c 5bd27d2e a3e8998f a7969f6c 34e1ee21 a03e41c3 842541fa 87c2759d 63129df2 97ce7603 725bc226 ccdb4cb1 cd651171 bc69dd62 eabad456 1c7ec672 ba4648fa +Test: Encrypt +# +Source: rabbit.c reference implementation +Comment: Rabbit, 128-bit key, 64-bit IV +Key: 28f2244d 47e983a2 31b0e0b7 b1348382 +IV: 73c7848b 70c6e1ab +Plaintext: ad79ce 13253a4c 9103dafd 0f154037 5d7e5357 30ab1b58 6a8822a4 9bf32129 c871d8b0 6c1f3e6a bdecdacc 3006719d 3f92e14e 6aa04d89 7c5e7a0c 0f8b79b8 522f87e5 0a8a31f9 d74abc39 b901c3df d2d5226c 6e7a133f 405d9767 ee2218b6 d1514c16 f64c5c20 688546eb b1ed8022 9eb0de5a 431fb5a2 3fed415b 419f444a +Ciphertext: 81ca77 234c55f5 9414f0a5 8e25a4b5 09c444f4 8487fefe cc9ad3d6 5a439638 7fad9fb7 41627f3e 653e1d11 4199269a e7c14f63 548d3ac6 ba173e98 28b8f2f6 bc077823 c77e142b c272e403 210b74b3 a99660db 52a2a290 436f4748 78bd5956 9c31a957 86e18fea 73600c5a b9a2a750 be7cc553 13701f5d 842ee470 87661a22 +Test: Encrypt diff --git a/vendor/cryptopp/vendor_cryptopp/TestVectors/salsa.txt b/vendor/cryptopp/vendor_cryptopp/TestVectors/salsa.txt index 8f185842..5aaf86db 100644 --- a/vendor/cryptopp/vendor_cryptopp/TestVectors/salsa.txt +++ b/vendor/cryptopp/vendor_cryptopp/TestVectors/salsa.txt @@ -65,6 +65,139 @@ Seek: 192 Ciphertext: BB5B6BB2CC8B8A0222DCCC1753ED4AEB23377ACCBD5D4C0B69A8A03BB115EF71871BC10559080ACA7C68F0DEF32A80DDBAF497259BB76A3853A7183B51CC4B9F Test: Encrypt +############################################################################# +# These test vectors were created using ECRYPT Salsa20.c +# We modified the ref impl to seek to just before crossing the 32-bit block +# counter boundary, and then we generated 16 blocks (1024 bytes). The large +# number of blocks is due to parallel processing of data in SIMD units. + +AlgorithmType: SymmetricCipher +Name: Salsa20 +Source: http://www.ecrypt.eu.org/stream/svn/viewcvs.cgi/ecrypt/trunk/submissions/salsa20/full/ref/ +# +Comment: Counter crosses 32-bit boundary (0xffffffff*64) +Key: r32 00 +IV: r8 00 +Rounds: 20 +Seek64: 0x3fffffffc0 +Plaintext: r1024 00 +Ciphertext: \ + 59FC4DD73F4B7B28CE1B0EF562BAB604824076898A800797B59902A99F312254 \ + 5231E85B887FFA19F71F24AAF352DC6AFE47281D8F546C9D419194479A369392 \ + B65FC777C4F950EC0274FF0FFBB0A6E3EDEDF78477E94945E87F26E3162BF6A1 \ + 050933421833F249DA1162DB6E92A7678505190C80DC46350B81E831F974B28C \ + 13A4A90B48300DEB77CDFC5378E32B30E9DD3DDA3B8B090AB4D87EF9C7C2D197 \ + 6B21DB54289C482083B82083E45E874A54308CE43EC450FAD96A5AEE5D383736 \ + 542EF270B565257B286F3206D1B52A9A869D0F468DB5527630F2A6CE97625A2C \ + A2981C12026168A88B88A7D6461F1896E459A9BA831CECE0B0DCE57BE99E9C84 \ + DB5ABE2B64A1581BC10F769E329179DA30F4B4FC919E0766D089D04785EF0435 \ + B408E1226F6CFED789CA5C3B9C74E930E07D1153163F4C62062D446602BD3FE7 \ + 208E7EBB8EF4D00139FF2D12F683B6857D59ECD88511A53A85742D4775C17606 \ + D762B03B75BC6C7E479E47851AF596BC2E245B8B5627318F8BAF8C3BD6BDD1D4 \ + 03AA566FFBF79A28B28620D5A4BB4119D2AD0348098246099BD3301891770B56 \ + 4F284CF7A7D845BC3339002F02DCFE5C8FA625C28EFA509DA1421E4A35D784E4 \ + 59BA140F78E5A775B4EE23DF036CF10EB4672081E11EC5ACAC57338A38F5F5D6 \ + 1858736BC11898E0AE6CB1F6240FE6C2D9695F99A66EFC08BAB06F1BEE38C218 \ + 62DDE7156E9D384F3C4A2E095BF41D22B189EDF545482A9810069D647217B5CF \ + E7743ABCAD72B8CF93B28164D01CAB144C40E79723D942F692392FDDAA367AFF \ + B75A171AD4E81DD0320434B93B3AD34333B7670146B60E73C5012CF7DE82F2B6 \ + 5684D7BCE0C0DE9349AF87864B2328B1ACC053D8BC2E3476B052B14126C5ED4C \ + ABFF00F449DCFCD5659ACD10B74C15A7C85B1445D0965CBD1A383FD0C5B44289 \ + 3E8B30D1B450B12C3FE05132E906BDFBB2A096313949B6A0B944E909FBB17D3F \ + 45F072F1D1E361F5AC8A785335DBC8E322595F2E0B5457E4BC780780BD18560F \ + 2C6C60802D2C1D3625508461FB67143C38C981A27F91F73999091F27E24A0371 \ + 06872E84B33605572552F46B381D56E07AB785F689905AF33DD3BCC6CEB0FD41 \ + 754552FA59C555B16500DB4D9C81DD933201A2B0E60F3E477D08ECBAD7DBD44D \ + BA7F2A3299D6DF3AE4AE198E5F2AFC78DDDF3E87180ED1CE031D91595DDCF411 \ + 36FA9031ACDDDB3E219C500770E6D98E6B2FC5FFDF85B798368A9211FCEC807D \ + 9CECD894A4A47D55E5ECBE994809DBB6C8F8A3B797F811B32AFB611EAFFCD153 \ + AD240BCE0FA95B2756CC14056870AAD283F6D15408DB26F1FC9A961356D38335 \ + DDCEE60FEE213A6872BE4C897F5F276B0C13410CD3FEAA72CD32DD55BED76D7B \ + 26E821965EBC3A93AF8984490721B08EA797F0FCCCBA9144BB77A6910CAD0450 +Test: Encrypt +# +Comment: Counter crosses 32-bit boundary (0xfffffffe*64) +Key: r32 00 +IV: r8 00 +Rounds: 20 +Seek64: 0x3fffffff80 +Plaintext: r1024 00 +Ciphertext: \ + 4EA79D03BB6DAB09FB849BDDF6534E8465015F966CB46DD891ECA04B997570E4 \ + 4E2A9A72DC128CB98865CA9C64319484070D4F85E5B13524B5480B453877869B \ + 59FC4DD73F4B7B28CE1B0EF562BAB604824076898A800797B59902A99F312254 \ + 5231E85B887FFA19F71F24AAF352DC6AFE47281D8F546C9D419194479A369392 \ + B65FC777C4F950EC0274FF0FFBB0A6E3EDEDF78477E94945E87F26E3162BF6A1 \ + 050933421833F249DA1162DB6E92A7678505190C80DC46350B81E831F974B28C \ + 13A4A90B48300DEB77CDFC5378E32B30E9DD3DDA3B8B090AB4D87EF9C7C2D197 \ + 6B21DB54289C482083B82083E45E874A54308CE43EC450FAD96A5AEE5D383736 \ + 542EF270B565257B286F3206D1B52A9A869D0F468DB5527630F2A6CE97625A2C \ + A2981C12026168A88B88A7D6461F1896E459A9BA831CECE0B0DCE57BE99E9C84 \ + DB5ABE2B64A1581BC10F769E329179DA30F4B4FC919E0766D089D04785EF0435 \ + B408E1226F6CFED789CA5C3B9C74E930E07D1153163F4C62062D446602BD3FE7 \ + 208E7EBB8EF4D00139FF2D12F683B6857D59ECD88511A53A85742D4775C17606 \ + D762B03B75BC6C7E479E47851AF596BC2E245B8B5627318F8BAF8C3BD6BDD1D4 \ + 03AA566FFBF79A28B28620D5A4BB4119D2AD0348098246099BD3301891770B56 \ + 4F284CF7A7D845BC3339002F02DCFE5C8FA625C28EFA509DA1421E4A35D784E4 \ + 59BA140F78E5A775B4EE23DF036CF10EB4672081E11EC5ACAC57338A38F5F5D6 \ + 1858736BC11898E0AE6CB1F6240FE6C2D9695F99A66EFC08BAB06F1BEE38C218 \ + 62DDE7156E9D384F3C4A2E095BF41D22B189EDF545482A9810069D647217B5CF \ + E7743ABCAD72B8CF93B28164D01CAB144C40E79723D942F692392FDDAA367AFF \ + B75A171AD4E81DD0320434B93B3AD34333B7670146B60E73C5012CF7DE82F2B6 \ + 5684D7BCE0C0DE9349AF87864B2328B1ACC053D8BC2E3476B052B14126C5ED4C \ + ABFF00F449DCFCD5659ACD10B74C15A7C85B1445D0965CBD1A383FD0C5B44289 \ + 3E8B30D1B450B12C3FE05132E906BDFBB2A096313949B6A0B944E909FBB17D3F \ + 45F072F1D1E361F5AC8A785335DBC8E322595F2E0B5457E4BC780780BD18560F \ + 2C6C60802D2C1D3625508461FB67143C38C981A27F91F73999091F27E24A0371 \ + 06872E84B33605572552F46B381D56E07AB785F689905AF33DD3BCC6CEB0FD41 \ + 754552FA59C555B16500DB4D9C81DD933201A2B0E60F3E477D08ECBAD7DBD44D \ + BA7F2A3299D6DF3AE4AE198E5F2AFC78DDDF3E87180ED1CE031D91595DDCF411 \ + 36FA9031ACDDDB3E219C500770E6D98E6B2FC5FFDF85B798368A9211FCEC807D \ + 9CECD894A4A47D55E5ECBE994809DBB6C8F8A3B797F811B32AFB611EAFFCD153 \ + AD240BCE0FA95B2756CC14056870AAD283F6D15408DB26F1FC9A961356D38335 +Test: Encrypt +# +Comment: Counter crosses 32-bit boundary (0xfffffff2*64) +Key: r32 00 +IV: r8 00 +Rounds: 20 +Seek64: 0x3ffffffc80 +Plaintext: r1024 00 +Ciphertext: \ + DA196754A8E7E3816F1125E5869FB10D138C07A07B9C0C10B1EF6D8408B59DB1 \ + 8D25812F19AF0E1C1BA020AE4B1C19022776CE998E6B9ECDA6E2D8B946ECF987 \ + A448A793D6AF0FA41ED1B31F574A0CD55FC2352D53F6CC5F04C2765DD94A858F \ + 49E649770E5BDF470CFC879C05B0C2BA3BDFE040EA258DEDF8C047A6564723ED \ + 60245A40CD404492B2F23717852DB15CCCCC4DFA01E20F6C2D22A4A0BCAD6429 \ + 4ABBD2F829F023EC8A9110DEFCBD6252B3D81D2BFAA18D222DBDCE519CC6ED49 \ + 9DF23E480EA415B5B1DF880697B7A7BB76E95BA1C71F36C8489B89D791EF9DC7 \ + AF25F0DD23179CC473462FF4B7166A3267F7E538FDA9BEC0E894EF420ACEB25C \ + 2BCCB1BB4E3E72FF7575EC76D2F9EEFE2B4A22ABFEA5E27F9BC958467D151544 \ + C485888676ED238BCD536F579F5451BECE583181DB529488A8F44916842178B6 \ + E8D83460F152D9F6D995B4DC5D8FF48DBD66DD46863D1C9EE068E6903C737AAA \ + D33A82F3B349897AC9B97F705F7B431A6438B0D2336CCBAE9A00C03A9086A5E8 \ + F559134C4337D27A600445FBA2FEAB937483680E0327FAFEFF8F1CD02EF7A7AC \ + 2E76748F04203A7AD1F3263CA1B17E244CF0BBDAC799BC4E822658427150242A \ + FFC1F8BE91475CC5F02CA6E2488CE0913FC191A8F1E49403C783CA06B1DE7DBF \ + B25C4E6CB6932DD0CC6F9BC748BDD85EC80EFF37B50432EFFDEDCF7ED4D43673 \ + 0BCB581D4C0A9CD46F10D05C254902CC1896006FC3B65D1EEB2E333CB808B45F \ + F0F51FD264937F74FBA7EC21C1FD347F78220CFC50AA03BEA9A0EEC62D3D833D \ + 3048618A5983B6191948921EEC72F0C52DC1621F2B7E82AB9940948374014B33 \ + 8EF906C38A13A5ED3B392777EA1CBDFE50605F995CABE83C2157B48AA273710C \ + 908F37E7C4A76DDF87DE31A0209323487A1A122582C24CC2D283B32AE96AD0DB \ + 0C12D2332B36FB54DDB6A9FA776F6A2F38BB0456CD29D208EE19BFD1D0F787B5 \ + FBFC3CD1EC25BBE32258C0373E3738F613B4867AB4CE042BFF8D0FC44857E664 \ + 54E29790B9D72780D0089C06B5C0F12868797F9918F7C0C347AFFED02DAD9AA5 \ + 4EA79D03BB6DAB09FB849BDDF6534E8465015F966CB46DD891ECA04B997570E4 \ + 4E2A9A72DC128CB98865CA9C64319484070D4F85E5B13524B5480B453877869B \ + 59FC4DD73F4B7B28CE1B0EF562BAB604824076898A800797B59902A99F312254 \ + 5231E85B887FFA19F71F24AAF352DC6AFE47281D8F546C9D419194479A369392 \ + B65FC777C4F950EC0274FF0FFBB0A6E3EDEDF78477E94945E87F26E3162BF6A1 \ + 050933421833F249DA1162DB6E92A7678505190C80DC46350B81E831F974B28C \ + 13A4A90B48300DEB77CDFC5378E32B30E9DD3DDA3B8B090AB4D87EF9C7C2D197 \ + 6B21DB54289C482083B82083E45E874A54308CE43EC450FAD96A5AEE5D383736 +Test: Encrypt + AlgorithmType: SymmetricCipher Name: XSalsa20 Source: created by Wei Dai using naclcrypto-20090308 diff --git a/vendor/cryptopp/vendor_cryptopp/TestVectors/simeck.txt b/vendor/cryptopp/vendor_cryptopp/TestVectors/simeck.txt new file mode 100644 index 00000000..edf8640d --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/TestVectors/simeck.txt @@ -0,0 +1,317 @@ +AlgorithmType: SymmetricCipher +Name: SIMECK-32/ECB +# +Source: SIMECK test vector +Comment: SIMECK-32/ECB, 64-bit key +Key: 1918 1110 0908 0100 +Plaintext: 6565 6877 +Ciphertext: 770d 2c76 +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-32/ECB, 64-bit key +Key: 3d6c 4ae1 6784 18be +Plaintext: 4823 0029 +Ciphertext: 6535 9de9 +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-32/ECB, 64-bit key +Key: 6df1 1649 5f90 6952 +Plaintext: 72ae 2cd6 +Ciphertext: 0ab0 73ca +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-32/ECB, 64-bit key +Key: 2ea6 0bb3 01eb 26e9 +Plaintext: 41bb 5af1 +Ciphertext: 6ed0 bc2e +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-32/ECB, 64-bit key +Key: 0099 0f3e 390c 7e87 +Plaintext: 153c 12db +Ciphertext: 7637 4119 +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-32/ECB, 64-bit key +Key: 4db7 4d06 491c 440d +Plaintext: 305e 0124 +Ciphertext: 8252 aa91 +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-32/ECB, 64-bit key +Key: 4dc8 074d 2d12 39b3 +Plaintext: 54de 1547 +Ciphertext: e288 e7ea +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-32/ECB, 64-bit key +Key: 5d03 701f 26a6 428b +Plaintext: 66bb 6443 +Ciphertext: b730 99ae +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-32/ECB, 64-bit key +Key: 1e1f 3b25 1238 4509 +Plaintext: 767d 7a5a +Ciphertext: 058a 62df +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-32/ECB, 64-bit key +Key: 7ff5 7f96 6bfc 63cb +Plaintext: 1ad4 6e5d +Ciphertext: 60c4 43f2 +Test: Encrypt + + + +AlgorithmType: SymmetricCipher +Name: SIMECK-32/CTR +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-32/CTR, 64-bit key, 12x blocks +Key: 454D6DFB E3006317 +IV: 94B0A755 +Plaintext: 3D249C64 7F8BBFFC 875E70E0 A9859626 6E3B7C01 0BE82C43 6A7A3624 55487CD9 66858665 EFA6C05C 96CFACBD B0D37578 +Ciphertext: F4533FF5 74659BB0 2ECADB3F 8FF6BB87 3C193D5F 63AC840C 3A844701 7D50D51B 6818F59D 3D87CAE4 A63B8CE2 DAE80C56 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-32/CTR, 64-bit key, 12x blocks +Key: ACC7C073 CD410D18 +IV: B66742BE +Plaintext: 7B5BAAF2 D13A41AE E146BFEA A00F3032 086F56FB F85C3917 571B41D9 1F2C3B9E 0E9BEB3F 631DCBAB A0ECE6B7 751C2884 +Ciphertext: BA3429C8 BA44FDC5 123A1191 4EE3E44A A644DB17 4390B079 97342989 CEDE461F DC5E2885 00A55A45 DB875F37 537DF372 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-32/CTR, 64-bit key, 12x blocks +Key: 25AD7CCF D13FC20B +IV: 7BFCFF1D +Plaintext: B14E2879 95CFC795 50230736 956FBD15 A5AF5134 3496E3B7 ED82F016 158FD754 679B7BF9 D43379BF 9613783B 695341DA +Ciphertext: 2D63B5A2 8A371B1E 8A10D1DC A1C0B15B 16401077 1871358A A97624A9 3C6121EE 13AF4F0C 8B09E6B4 B2CB0B09 B84BD827 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-32/CTR, 64-bit key, 12x blocks +Key: 176F8071 C245E3A5 +IV: 3201EDC5 +Plaintext: 9CA6EE4C 23732374 4BE61C83 10804C20 8DCDED53 85B7AA86 B5881F73 D80A8FCE 77E02A3C 028711F8 F4C902A8 B7CC3804 +Ciphertext: 5A98E287 3479F1EC 96F68777 25FC0804 D8FB53BE 4BCDE9C7 AE17DE00 31106C20 18C75DB3 CEBF10A5 FCB5C50A C911B844 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-32/CTR, 64-bit key, 12x blocks +Key: A3DC9A6E B905B998 +IV: DC8785AA +Plaintext: D5E32BAE 12E97583 BFCB8813 B780AC4D E82E1823 0EBB7391 EE78D254 4EDFAE3B A46B2666 57BA4A0A 7CE1BF19 03AD2420 +Ciphertext: 8F2F68DE 17F43639 22A49A09 6DF3EAFF 6D536F06 B5C5FC45 F3605347 B5E62E03 8BEBCF43 507EF8D0 8A0CCF11 7E97A2EB +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-32/CTR, 64-bit key, 12x blocks +Key: 9F6CD0D0 394CA176 +IV: C2D22BC1 +Plaintext: CAC79890 B6A7C6C1 A5CF6ED6 A04205FC CE2B9AB9 55F2ADC5 D3212FFE 80D57778 74F934E2 6BD2BD15 053BC32D E56B297D +Ciphertext: D34796DD 4F21DA51 0EC90D0E AB3D7166 AD6CC217 FF7E1D52 3D165331 B742C3C2 6303E6B7 D5335015 F2A65CD1 A2069533 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-32/CTR, 64-bit key, 12x blocks +Key: 72529FE3 6D38A7A2 +IV: 08BE1944 +Plaintext: 28EEE9F6 534077DE E86E4B09 D438D7AB 903CD574 1F139D08 7D7C5638 79C0A1EA 3A7D8F9B 37B207D2 62B62F7B F71BDE68 +Ciphertext: 97647E73 D5EDEAB9 C3B45EDF 35B9C03B 4815C5EE 9E941FF3 EF2BDAA9 7CF984F1 DF3442D0 8E8F9F57 EC4CF4FC 8CA76D99 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-32/CTR, 64-bit key, 12x blocks +Key: F2E2DB05 59DA448A +IV: 8BCD257F +Plaintext: 9245E0A7 09C2F1FC 0401B9EE 877F6B05 F87D8C82 A5FEA18F 425B8D6D B4AC4E8C 0EFC4FF1 FDFA95E6 24EE87BC C154F0D1 +Ciphertext: 33DA4B15 F7778355 5CF86EAF 23618EAC 4C8F95CD 3EE992A6 86AFBB76 104ECA85 1C83FA51 C0A2FD3A 00120437 9E50300B +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-32/CTR, 64-bit key, 12x blocks +Key: 431F2171 797815BB +IV: 7EFDF0EC +Plaintext: 556149DD 54E5CE05 7113CC87 2645922D 54F21A91 A887A351 25A99554 D29CA58E AC85A62A 498284A9 0FD2710B 47CE9397 +Ciphertext: 035EA886 B516D83A A37A72B4 1FB140B4 36630971 E4668E29 531BE247 EF8B6359 22207189 ABFC7D58 A33B3EE3 A77ACF88 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-32/CTR, 64-bit key, 12x blocks +Key: BAB568AE DFE7A74D +IV: F11B48C1 +Plaintext: E6198EF2 6A5C7C96 5D689C44 64F71E41 C9D103BC 26B15962 36E4CF0E 5D2957FC AC3C444A 1B2D83A2 854F8A9F BC127E1A +Ciphertext: 19F7BBFF BC29C7E9 49D167E5 EC544B77 0BB973C9 90CAA422 5BD42DF4 0B5DE4C1 F4E61E45 0173760F 49CC325C A139E71F +Test: Encrypt + + + +AlgorithmType: SymmetricCipher +Name: SIMECK-64/ECB +# +Source: SIMECK test vector +Comment: SIMECK-64/ECB, 128-bit key +Key: 1b1a1918 13121110 0b0a0908 03020100 +Plaintext: 656b696c 20646e75 +Ciphertext: 45ce6902 5f7ab7ed +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-64/ECB, 128-bit key +Key: 0938251f 43bb8ba6 06b747de 870c3e99 +Plaintext: f1bbe9eb e16cd6ae +Ciphertext: 4d11c6b9 da2f7e28 +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-64/ECB, 128-bit key +Key: 323ba122 444066d0 9e7d49dc 407836fd +Plaintext: 1cdbae32 96f5453b +Ciphertext: 1e6a0792 f5a717c5 +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-64/ECB, 128-bit key +Key: 61ff698f 2ddc8e66 53bf67d6 99d5e980 +Plaintext: b9729d49 e18b1fda +Ciphertext: fca0fa81 94bda9c7 +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-64/ECB, 128-bit key +Key: cfd3902d 597e35cf 9e0cf4d5 2c53cbc9 +Plaintext: 844f4a77 9d9c1672 +Ciphertext: 562b1caa 75266241 +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-64/ECB, 128-bit key +Key: f8466a04 6454ceb1 3b33821f d4618dbe +Plaintext: 78818744 e6d91d2a +Ciphertext: d946fa49 41516d8e +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-64/ECB, 128-bit key +Key: 97278a59 28ce0bf5 2543e53c adae2488 +Plaintext: d0576876 162f6768 +Ciphertext: ca3e5050 126fa61b +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-64/ECB, 128-bit key +Key: a786c2b5 c19be1c0 978c2ff1 1128c18c +Plaintext: 08614014 c9cd68d4 +Ciphertext: a307ab5a a10f5c29 +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-64/ECB, 128-bit key +Key: 63b126df 89a98279 0c9bb447 9cfed971 +Plaintext: d96ca166 d923d155 +Ciphertext: 5e47b40d 9854418a +Test: Encrypt +# +Source: SIMECK reference implementation +Comment: SIMECK-64/ECB, 128-bit key +Key: 463608dc 1b2861c9 3f410784 28a11e20 +Plaintext: 3f895ef1 62e09612 +Ciphertext: c5fd5a6c 32056800 +Test: Encrypt + + + +AlgorithmType: SymmetricCipher +Name: SIMECK-64/CTR +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-64/CTR, 128-bit key, 12x blocks +Key: FE3B1C0B2B47784A 3CA99857BC6C65B6 +IV: BA8359D201AF6F9B +Plaintext: A3E44524EF89F6CC 3D93BEA482CE919E B35E02217B98F33F 46B271932F1DC1C4 71EB2C4AD5ED8B0D 4CE50A418EA8EBA1 A5981963C0866A09 C485E20643B68604 744577746075BF96 A17E5A14C348D67A 69E7D4AC4B89E625 300D8F744B54BCF2 +Ciphertext: DEA57DA44B3C39D5 B948B580F62A1F9C 0E697278C767AAF4 F95CFDE865B035F3 661CD2E287EF22D4 C00901D8DABA4540 DE473A0F3D6A50DA 852F4AE41DBDD96A E19BA5490C60D3EA BEE6C61BFF06F62A 05D49E323AF4A7FC B4AFED218C8BF69D +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-64/CTR, 128-bit key, 12x blocks +Key: 0D39ADD4C84F9F43 24D5A9BAA86F0208 +IV: 297F67F1CE145ED5 +Plaintext: D923EBF8B58A8F02 BE0D704DDF1BCF5F B826BF172E810701 905453A966FC0BBD 8176CCEFB905377A AAB66249660192B2 33054EEC37FFCE6E 441AD8A7C4686E7A 04F859C0F1BCD900 D37648DD09CF0A38 BFFCFBE0E1154F39 BCB8B67B29CB355B +Ciphertext: AF113C3645186BB2 97A16F83E2C3517D 9781CE170F6A18D4 B0D15010F5936EF7 B40E474952250568 8309BC50F89D91BE 8D45F337B2E0CDB5 1B04AED774E98443 D0C3A135703D5FAC B8456DB76A25BB29 F90E0D29A6A9DC4B 7327D0E5464BAE72 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-64/CTR, 128-bit key, 12x blocks +Key: AE0E79D509DFDD03 269AC29D54AF8E90 +IV: 07410095B82AB1A7 +Plaintext: 8BFBAEC9CFB0BA59 F87C94D2FB3DA211 99AEAD16D8FCEA16 F531A47863BF23C3 ACE36F0E1844A818 C9178830279A4E49 431B7C0DAB7FEE44 55C5DA81DC83ED2C 23EF2788092A50D4 E2F479ED762BA545 CF313AE7EF255EBA 9D1E8A82337ACCEC +Ciphertext: B3004EED0560BD39 ACED314341F6951B D0F7E330E6B3710F 9D89CA1406F0A9B3 7FAE750DDDDB80F7 FA9778BF813729EA E485F07DECBADA48 DFF85CFA38EB04D3 75BF6654BAB44ED4 89A403DB7D336D9A 738E4B46E58AA7DA BC340ED1F0280C72 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-64/CTR, 128-bit key, 12x blocks +Key: 907999AA2CD157DA 5333ECED531E2AAE +IV: 4565D6B399D67290 +Plaintext: 8FE5147A42741524 EF5EDE3B8B9E31C6 5EA131C8693926BD C1B1DBC5F2A8F27D 8683E948037FC06D C1F09AF877A18973 FC58131487A3F18A 34CB23BFA3D4DDF2 7A7BF04313491C50 7CAA9DED424C1ACE F8AE0C79321A9657 FB01CF1FC55ED0E2 +Ciphertext: 2E05D7D2D097D40E B2C91486938CA714 0693B7E8441385F5 3DFB681D4F077029 632FD9119020B98E 31CF01712DBC6F5F AAE4DDDD92098012 9F88CAE7E8D87321 27383D3EDC65B72A D1F4D0222B2892C7 E6456323CDB3D5A9 06C64D1C9DAEF874 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-64/CTR, 128-bit key, 12x blocks +Key: B8500E1606DB42AD 590328F22ACAEE8E +IV: 5E35D1BAE6E79A13 +Plaintext: 2FC764B2FA42B248 0C89BCD0C6E6EA4B 6C84F5F5F4FDA446 EFC724C4B8512356 0DCD36B655CB0727 0C1E0D47967F9204 464E1EF85CF331C2 29066907B47B2671 8F92F714171A7D03 374FA8B9893D4896 394904399A8316A8 2108C94C4034C3EF +Ciphertext: 5CADD8F76250E68E 1B4EA84EE2E8294B FB3FB4A57664FE6A 2B1FF710A16292AF A3282479D26C3310 EB53DBE28FB5187D 4768D6D17B9A0AFC 608EC92F9D6964E9 A00E1A5B65E2249C 5CFB54EED9FE5F72 98EA1FD0F0286CE5 881957C91941CE63 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-64/CTR, 128-bit key, 12x blocks +Key: 3519FD95A81BA076 25A114B9365A029E +IV: EC8B3B7776DCE2D4 +Plaintext: 8E16B47439476091 5D80CCC01CC4BB37 9996688C090966C0 8F63021D04DB15AD 7ABF16AD21483FF5 5B329FD33AD3B5D1 29F5AD6DF9CDF286 05E9898433AC08A5 25428F80BA47B4E9 570EE88EFED20D44 F47692BC98726F87 2DC0AA075E835645 +Ciphertext: A5452F97199991A9 2B3E35695E9711D2 B8C06700FB56D062 102A0682FACD93E8 796B738DF5A1BBB4 1AD2033621A8687E B3E49EE829F8F146 6D125E8019FD4212 5FE69045F5F702D3 75D50FF1ED313880 FCD9EC200CD07FD9 2BEC661D6D3C3A9E +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-64/CTR, 128-bit key, 12x blocks +Key: 8B7F582B831BD6E6 A6977D0EEE93BA4A +IV: 989EC701CD85E583 +Plaintext: F66303684B09816B 32BA846BF5941339 7E15EB2F58527B17 6297A028A76E1E94 73E154B586B345CB FF10908BE0CC42BD 36D8EB7D5E944AC7 8B0871B1C35721D9 3BF6DF1E54F76358 5F51534A74B27F76 6D8282DED5552054 70005375C17FD71E +Ciphertext: 2D62B730D0EB04D6 EED9FABB2910A247 F149D8577CBA6A95 6D7EA8CE26C56E61 566BDA2EA4D238BD F82D84655D7251A3 ABF23B50729FF8A6 2651BC01A5B412D6 D7E4ECAFB36621AB C041C15A73AE4379 50ADB118875BA47C ECB6D0DD38357A24 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-64/CTR, 128-bit key, 12x blocks +Key: 9F5C4B54620D1241 7E731CE58D6D5605 +IV: 1492E297870E057C +Plaintext: 7BFF26CDE3A245E7 9DBE4A06DD016036 DE886A58DC8A578A 011645E4F300B014 35D1BBD0BBEEAD79 FAD68AC25E8EA44C 494CD8ABD8E11BDC B3E1E470D5161104 DAD371A5F9AEB35C 59A14D74DE252ED9 96A3514482703891 336AF0BA06EA7307 +Ciphertext: E78FE71E34BCB41E D5F085B8DCCA6202 E592CF744AF61833 38621EFFD44ADC5E 3279366AC7401292 4A388D671905B402 FD594EEEE328F2D4 92FAD61580FD41AE 28117CE88787F9A8 0AC59316A91D1887 07F1E2FD7EE92AE9 6B905FBF32DA71EC +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-64/CTR, 128-bit key, 12x blocks +Key: 452B87D54115ECA3 93B3A28899B45774 +IV: 933EB7BD1C3A053E +Plaintext: 3CBB780F1A508745 B9541A930060A28A BA82F5B225EC4D5A 92F57FC12E69BDC6 104DCFCA6A94B690 87B5152A1B70CF97 072E0441639C1D97 52F385E8F48B5C8D 714D0EBC1D3F6C6A 2B0BF18687966E1C A168B004376E23DB 33B3287D9C4A343A +Ciphertext: F6F7045A4E6E629B E43B643B49C2199A 5B1000CDA2405AAC 3BA4430B909C907A D8DB91A9DC5D8B37 CAE211881B9DC187 488550C922006519 D57155DDD40778F4 5EBCF51C0186FA04 229CF0F39A0149F8 0C32B52758087545 88303C3C81D6A352 +Test: Encrypt +# +Source: Crypto++ 7.0 generated +Comment: SIMECK-64/CTR, 128-bit key, 12x blocks +Key: E8DA7CF058E34A07 3CF875CC87323068 +IV: 0DAE4378246B98F0 +Plaintext: 37BB881051D17A02 6EE1A19975C7CDDD 8C6D6BAA6E56B3E5 211C8E46E37609D6 2E8EF4F05E083AD4 C7353C4D29B58FDF 8015F9D51E9FE508 1A6A55BBAC6609B5 0AA9E7A076CAC9FC 057F87B1C8E6CE3A 5D40088E1607535D 16319FA8F59CEA6B +Ciphertext: F9A0CA6ED5F24463 39EC8410CE66844E 818956DCF5D4A996 D25F4E2A3588B730 3A26D0FD05AE674C C5DA5071ED3FDA60 CEA4422C2673C088 C0CE6B1EA956FEBF AEACC1FB6BF9CA0F 6B302E73A5562935 19520DF956307C45 828CA8E68EB1B3E9 +Test: Encrypt diff --git a/vendor/cryptopp/vendor_cryptopp/adhoc.cpp.proto b/vendor/cryptopp/vendor_cryptopp/adhoc.cpp.proto index f150126f..1fc8c301 100644 --- a/vendor/cryptopp/vendor_cryptopp/adhoc.cpp.proto +++ b/vendor/cryptopp/vendor_cryptopp/adhoc.cpp.proto @@ -18,7 +18,7 @@ USING_NAMESPACE(std) #endif // Used for testing the compiler and linker in cryptest.sh -#if defined(CRYPTOPP_ADHOC_MAIN) +#if defined(CRYPTOPP_ADHOC_MAIN) || defined(ADHOC_MAIN) int main(int argc, char *argv[]) { diff --git a/vendor/cryptopp/vendor_cryptopp/adv-simd.h b/vendor/cryptopp/vendor_cryptopp/adv-simd.h deleted file mode 100644 index 36e5015d..00000000 --- a/vendor/cryptopp/vendor_cryptopp/adv-simd.h +++ /dev/null @@ -1,1410 +0,0 @@ -// adv-simd.h - written and placed in the public domain by Jeffrey Walton -// -// The SIMD based implementations for ciphers that use SSE, NEON and Power7 -// have a commom pattern. Namely, they have a specialized implementation of -// AdvancedProcessBlocks which processes multiple block using hardware -// acceleration. After several implementations we noticed a lot of copy and -// paste occuring. adv-simd.h provides a template to avoid the copy and paste. -// -// There are 8 templates provided in this file. The number following the -// function name is the block size of the cipher. The name following that -// is the acceleration and arrangement. For example 4x1_SSE means Intel SSE -// using two encrypt (or decrypt) functions: one that operates on 4 blocks, -// and one that operates on 1 block. -// -// * AdvancedProcessBlocks64_4x1_SSE -// * AdvancedProcessBlocks128_4x1_SSE -// * AdvancedProcessBlocks64_6x2_SSE -// * AdvancedProcessBlocks128_6x2_SSE -// * AdvancedProcessBlocks64_6x2_NEON -// * AdvancedProcessBlocks128_6x2_NEON -// * AdvancedProcessBlocks64_6x2_ALTIVEC -// * AdvancedProcessBlocks128_6x2_ALTIVEC -// - -#ifndef CRYPTOPP_ADVANCED_SIMD_TEMPLATES -#define CRYPTOPP_ADVANCED_SIMD_TEMPLATES - -#include "config.h" -#include "misc.h" -#include "stdcpp.h" - -#if (CRYPTOPP_ARM_NEON_AVAILABLE) -# include -#endif - -#if (CRYPTOPP_SSSE3_AVAILABLE) -# include -# include -# include -#endif - -#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) -# include "ppc-simd.h" -#endif - -// https://www.spinics.net/lists/gcchelp/msg47735.html and -// https://www.spinics.net/lists/gcchelp/msg47749.html -#if (CRYPTOPP_GCC_VERSION >= 40900) -# define GCC_NO_UBSAN __attribute__ ((no_sanitize_undefined)) -#else -# define GCC_NO_UBSAN -#endif - -// ************************ All block ciphers *********************** // - -ANONYMOUS_NAMESPACE_BEGIN - -using CryptoPP::BlockTransformation; - -CRYPTOPP_CONSTANT(BT_XorInput = BlockTransformation::BT_XorInput) -CRYPTOPP_CONSTANT(BT_AllowParallel = BlockTransformation::BT_AllowParallel) -CRYPTOPP_CONSTANT(BT_InBlockIsCounter = BlockTransformation::BT_InBlockIsCounter) -CRYPTOPP_CONSTANT(BT_ReverseDirection = BlockTransformation::BT_ReverseDirection) -CRYPTOPP_CONSTANT(BT_DontIncrementInOutPointers = BlockTransformation::BT_DontIncrementInOutPointers) - -ANONYMOUS_NAMESPACE_END - -// *************************** ARM NEON ************************** // - -#if (CRYPTOPP_ARM_NEON_AVAILABLE) - -NAMESPACE_BEGIN(CryptoPP) - -template -inline size_t AdvancedProcessBlocks64_6x2_NEON(F2 func2, F6 func6, - const word32 *subKeys, size_t rounds, const byte *inBlocks, - const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - CRYPTOPP_ASSERT(subKeys); - CRYPTOPP_ASSERT(inBlocks); - CRYPTOPP_ASSERT(outBlocks); - CRYPTOPP_ASSERT(length >= 8); - -#if defined(CRYPTOPP_LITTLE_ENDIAN) - const word32 s_zero32x4[] = {0, 0, 0, 0}; - const word32 s_one32x4_1b[] = {0, 0, 0, 1<<24}; - const word32 s_one32x4_2b[] = {0, 2<<24, 0, 2<<24}; -#else - const word32 s_zero32x4[] = {0, 0, 0, 0}; - const word32 s_one32x4_1b[] = {0, 0, 0, 1}; - const word32 s_one32x4_2b[] = {0, 2, 0, 2}; -#endif - - const ptrdiff_t blockSize = 8; - const ptrdiff_t neonBlockSize = 16; - - ptrdiff_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : neonBlockSize; - ptrdiff_t xorIncrement = (xorBlocks != NULLPTR) ? neonBlockSize : 0; - ptrdiff_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : neonBlockSize; - - // Clang and Coverity are generating findings using xorBlocks as a flag. - const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); - const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); - - if (flags & BT_ReverseDirection) - { - inBlocks += static_cast(length) - neonBlockSize; - xorBlocks += static_cast(length) - neonBlockSize; - outBlocks += static_cast(length) - neonBlockSize; - inIncrement = 0-inIncrement; - xorIncrement = 0-xorIncrement; - outIncrement = 0-outIncrement; - } - - if (flags & BT_AllowParallel) - { - while (length >= 6*neonBlockSize) - { - uint32x4_t block0, block1, block2, block3, block4, block5; - if (flags & BT_InBlockIsCounter) - { - // For 64-bit block ciphers we need to load the CTR block, which is 8 bytes. - // After the dup load we have two counters in the NEON word. Then we need - // to increment the low ctr by 0 and the high ctr by 1. - const uint8x8_t ctr = vld1_u8(inBlocks); - block0 = vaddq_u32(vld1q_u32(s_one32x4_1b), - vreinterpretq_u32_u8(vcombine_u8(ctr,ctr))); - - // After initial increment of {0,1} remaining counters increment by {2,2}. - const uint32x4_t be2 = vld1q_u32(s_one32x4_2b); - block1 = vaddq_u32(be2, block0); - block2 = vaddq_u32(be2, block1); - block3 = vaddq_u32(be2, block2); - block4 = vaddq_u32(be2, block3); - block5 = vaddq_u32(be2, block4); - - vst1_u8(const_cast(inBlocks), vget_low_u8( - vreinterpretq_u8_u32(vaddq_u32(be2, block5)))); - } - else - { - block0 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block1 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block2 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block3 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block4 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block5 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - } - - if (xorInput) - { - block0 = veorq_u32(block0, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block1 = veorq_u32(block1, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block2 = veorq_u32(block2, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block3 = veorq_u32(block3, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block4 = veorq_u32(block4, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block5 = veorq_u32(block5, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - } - - func6(block0, block1, block2, block3, block4, block5, subKeys, static_cast(rounds)); - - if (xorOutput) - { - block0 = veorq_u32(block0, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block1 = veorq_u32(block1, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block2 = veorq_u32(block2, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block3 = veorq_u32(block3, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block4 = veorq_u32(block4, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block5 = veorq_u32(block5, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - } - - vst1q_u8(outBlocks, vreinterpretq_u8_u32(block0)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u32(block1)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u32(block2)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u32(block3)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u32(block4)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u32(block5)); - outBlocks += outIncrement; - - length -= 6*neonBlockSize; - } - - while (length >= 2*neonBlockSize) - { - uint32x4_t block0, block1; - if (flags & BT_InBlockIsCounter) - { - // For 64-bit block ciphers we need to load the CTR block, which is 8 bytes. - // After the dup load we have two counters in the NEON word. Then we need - // to increment the low ctr by 0 and the high ctr by 1. - const uint8x8_t ctr = vld1_u8(inBlocks); - block0 = vaddq_u32(vld1q_u32(s_one32x4_1b), - vreinterpretq_u32_u8(vcombine_u8(ctr,ctr))); - - // After initial increment of {0,1} remaining counters increment by {2,2}. - const uint32x4_t be2 = vld1q_u32(s_one32x4_2b); - block1 = vaddq_u32(be2, block0); - - vst1_u8(const_cast(inBlocks), vget_low_u8( - vreinterpretq_u8_u32(vaddq_u32(be2, block1)))); - } - else - { - block0 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block1 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - } - - if (xorInput) - { - block0 = veorq_u32(block0, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block1 = veorq_u32(block1, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - } - - func2(block0, block1, subKeys, static_cast(rounds)); - - if (xorOutput) - { - block0 = veorq_u32(block0, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block1 = veorq_u32(block1, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - } - - vst1q_u8(outBlocks, vreinterpretq_u8_u32(block0)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u32(block1)); - outBlocks += outIncrement; - - length -= 2*neonBlockSize; - } - } - - if (length) - { - // Adjust to real block size - if (flags & BT_ReverseDirection) - { - inIncrement += inIncrement ? blockSize : 0; - xorIncrement += xorIncrement ? blockSize : 0; - outIncrement += outIncrement ? blockSize : 0; - inBlocks -= inIncrement; - xorBlocks -= xorIncrement; - outBlocks -= outIncrement; - } - else - { - inIncrement -= inIncrement ? blockSize : 0; - xorIncrement -= xorIncrement ? blockSize : 0; - outIncrement -= outIncrement ? blockSize : 0; - } - - while (length >= blockSize) - { - uint32x4_t block, zero = vld1q_u32(s_zero32x4); - - const uint8x8_t v = vld1_u8(inBlocks); - block = vreinterpretq_u32_u8(vcombine_u8(v,v)); - - if (xorInput) - { - const uint8x8_t x = vld1_u8(xorBlocks); - block = veorq_u32(block, vreinterpretq_u32_u8(vcombine_u8(x,x))); - } - - if (flags & BT_InBlockIsCounter) - const_cast(inBlocks)[7]++; - - func2(block, zero, subKeys, static_cast(rounds)); - - if (xorOutput) - { - const uint8x8_t x = vld1_u8(xorBlocks); - block = veorq_u32(block, vreinterpretq_u32_u8(vcombine_u8(x,x))); - } - - vst1_u8(const_cast(outBlocks), - vget_low_u8(vreinterpretq_u8_u32(block))); - - inBlocks += inIncrement; - outBlocks += outIncrement; - xorBlocks += xorIncrement; - length -= blockSize; - } - } - - return length; -} - -template -inline size_t AdvancedProcessBlocks128_NEON1x6(F1 func1, F6 func6, - const word32 *subKeys, size_t rounds, const byte *inBlocks, - const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - CRYPTOPP_ASSERT(subKeys); - CRYPTOPP_ASSERT(inBlocks); - CRYPTOPP_ASSERT(outBlocks); - CRYPTOPP_ASSERT(length >= 16); - -#if defined(CRYPTOPP_LITTLE_ENDIAN) - const word32 s_zero32x4[] = {0, 0, 0, 0}; - const word32 s_one32x4[] = {0, 0, 0, 1<<24}; -#else - const word32 s_zero32x4[] = {0, 0, 0, 0}; - const word32 s_one32x4[] = {0, 0, 0, 1}; -#endif - - const ptrdiff_t blockSize = 16; - // const ptrdiff_t neonBlockSize = 16; - - ptrdiff_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; - ptrdiff_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; - ptrdiff_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; - - // Clang and Coverity are generating findings using xorBlocks as a flag. - const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); - const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); - - if (flags & BT_ReverseDirection) - { - inBlocks += static_cast(length) - blockSize; - xorBlocks += static_cast(length) - blockSize; - outBlocks += static_cast(length) - blockSize; - inIncrement = 0-inIncrement; - xorIncrement = 0-xorIncrement; - outIncrement = 0-outIncrement; - } - - if (flags & BT_AllowParallel) - { - while (length >= 6*blockSize) - { - uint64x2_t block0, block1, block2, block3, block4, block5; - if (flags & BT_InBlockIsCounter) - { - const uint64x2_t be = vreinterpretq_u64_u32(vld1q_u32(s_one32x4)); - block0 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - - block1 = vaddq_u64(block0, be); - block2 = vaddq_u64(block1, be); - block3 = vaddq_u64(block2, be); - block4 = vaddq_u64(block3, be); - block5 = vaddq_u64(block4, be); - vst1q_u8(const_cast(inBlocks), - vreinterpretq_u8_u64(vaddq_u64(block5, be))); - } - else - { - block0 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block1 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block2 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block3 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block4 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block5 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - } - - if (xorInput) - { - block0 = veorq_u64(block0, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block1 = veorq_u64(block1, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block2 = veorq_u64(block2, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block3 = veorq_u64(block3, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block4 = veorq_u64(block4, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block5 = veorq_u64(block5, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - } - - func6(block0, block1, block2, block3, block4, block5, subKeys, static_cast(rounds)); - - if (xorOutput) - { - block0 = veorq_u64(block0, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block1 = veorq_u64(block1, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block2 = veorq_u64(block2, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block3 = veorq_u64(block3, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block4 = veorq_u64(block4, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block5 = veorq_u64(block5, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - } - - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block0)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block1)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block2)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block3)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block4)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block5)); - outBlocks += outIncrement; - - length -= 6*blockSize; - } - } - - while (length >= blockSize) - { - uint64x2_t block; - block = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - - if (xorInput) - block = veorq_u64(block, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - - if (flags & BT_InBlockIsCounter) - const_cast(inBlocks)[15]++; - - func1(block, subKeys, static_cast(rounds)); - - if (xorOutput) - block = veorq_u64(block, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block)); - - inBlocks += inIncrement; - outBlocks += outIncrement; - xorBlocks += xorIncrement; - length -= blockSize; - } - - return length; -} - -template -inline size_t AdvancedProcessBlocks128_6x2_NEON(F2 func2, F6 func6, - const word64 *subKeys, size_t rounds, const byte *inBlocks, - const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - CRYPTOPP_ASSERT(subKeys); - CRYPTOPP_ASSERT(inBlocks); - CRYPTOPP_ASSERT(outBlocks); - CRYPTOPP_ASSERT(length >= 16); - -#if defined(CRYPTOPP_LITTLE_ENDIAN) - const word32 s_one32x4[] = {0, 0, 0, 1<<24}; -#else - const word32 s_one32x4[] = {0, 0, 0, 1}; -#endif - - const ptrdiff_t blockSize = 16; - // const ptrdiff_t neonBlockSize = 16; - - ptrdiff_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; - ptrdiff_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; - ptrdiff_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; - - // Clang and Coverity are generating findings using xorBlocks as a flag. - const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); - const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); - - if (flags & BT_ReverseDirection) - { - inBlocks += static_cast(length) - blockSize; - xorBlocks += static_cast(length) - blockSize; - outBlocks += static_cast(length) - blockSize; - inIncrement = 0-inIncrement; - xorIncrement = 0-xorIncrement; - outIncrement = 0-outIncrement; - } - - if (flags & BT_AllowParallel) - { - while (length >= 6*blockSize) - { - uint64x2_t block0, block1, block2, block3, block4, block5; - if (flags & BT_InBlockIsCounter) - { - const uint64x2_t be = vreinterpretq_u64_u32(vld1q_u32(s_one32x4)); - block0 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - - block1 = vaddq_u64(block0, be); - block2 = vaddq_u64(block1, be); - block3 = vaddq_u64(block2, be); - block4 = vaddq_u64(block3, be); - block5 = vaddq_u64(block4, be); - vst1q_u8(const_cast(inBlocks), - vreinterpretq_u8_u64(vaddq_u64(block5, be))); - } - else - { - block0 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block1 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block2 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block3 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block4 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block5 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - } - - if (xorInput) - { - block0 = veorq_u64(block0, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block1 = veorq_u64(block1, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block2 = veorq_u64(block2, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block3 = veorq_u64(block3, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block4 = veorq_u64(block4, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block5 = veorq_u64(block5, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - } - - func6(block0, block1, block2, block3, block4, block5, subKeys, static_cast(rounds)); - - if (xorOutput) - { - block0 = veorq_u64(block0, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block1 = veorq_u64(block1, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block2 = veorq_u64(block2, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block3 = veorq_u64(block3, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block4 = veorq_u64(block4, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block5 = veorq_u64(block5, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - } - - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block0)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block1)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block2)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block3)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block4)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block5)); - outBlocks += outIncrement; - - length -= 6*blockSize; - } - - while (length >= 2*blockSize) - { - uint64x2_t block0, block1; - if (flags & BT_InBlockIsCounter) - { - const uint64x2_t be = vreinterpretq_u64_u32(vld1q_u32(s_one32x4)); - block0 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - block1 = vaddq_u64(block0, be); - - vst1q_u8(const_cast(inBlocks), - vreinterpretq_u8_u64(vaddq_u64(block1, be))); - } - else - { - block0 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - block1 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - inBlocks += inIncrement; - } - - if (xorInput) - { - block0 = veorq_u64(block0, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block1 = veorq_u64(block1, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - } - - func2(block0, block1, subKeys, static_cast(rounds)); - - if (xorOutput) - { - block0 = veorq_u64(block0, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - block1 = veorq_u64(block1, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - xorBlocks += xorIncrement; - } - - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block0)); - outBlocks += outIncrement; - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block1)); - outBlocks += outIncrement; - - length -= 2*blockSize; - } - } - - while (length >= blockSize) - { - uint64x2_t block, zero = {0,0}; - block = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); - - if (xorInput) - block = veorq_u64(block, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - - if (flags & BT_InBlockIsCounter) - const_cast(inBlocks)[15]++; - - func2(block, zero, subKeys, static_cast(rounds)); - - if (xorOutput) - block = veorq_u64(block, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); - - vst1q_u8(outBlocks, vreinterpretq_u8_u64(block)); - - inBlocks += inIncrement; - outBlocks += outIncrement; - xorBlocks += xorIncrement; - length -= blockSize; - } - - return length; -} - -NAMESPACE_END // CryptoPP - -#endif // CRYPTOPP_ARM_NEON_AVAILABLE - -// *************************** Intel SSE ************************** // - -#if defined(CRYPTOPP_SSSE3_AVAILABLE) - -// Hack for SunCC, http://github.com/weidai11/cryptopp/issues/224 -#if (__SUNPRO_CC >= 0x5130) -# define MAYBE_CONST -# define MAYBE_UNCONST_CAST(T, x) const_cast(x) -#else -# define MAYBE_CONST const -# define MAYBE_UNCONST_CAST(T, x) (x) -#endif - -// Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670 -#ifndef M128_CAST -# define M128_CAST(x) ((__m128i *)(void *)(x)) -#endif -#ifndef CONST_M128_CAST -# define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) -#endif - -// GCC double casts, https://www.spinics.net/lists/gcchelp/msg47735.html -#ifndef DOUBLE_CAST -# define DOUBLE_CAST(x) ((double *)(void *)(x)) -#endif -#ifndef CONST_DOUBLE_CAST -# define CONST_DOUBLE_CAST(x) ((const double *)(const void *)(x)) -#endif - -NAMESPACE_BEGIN(CryptoPP) - -template -inline size_t GCC_NO_UBSAN AdvancedProcessBlocks64_6x2_SSE(F2 func2, F6 func6, - const word32 *subKeys, size_t rounds, const byte *inBlocks, - const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - CRYPTOPP_ASSERT(subKeys); - CRYPTOPP_ASSERT(inBlocks); - CRYPTOPP_ASSERT(outBlocks); - CRYPTOPP_ASSERT(length >= 8); - - CRYPTOPP_ALIGN_DATA(16) - const word32 s_one32x4_1b[] = {0, 0, 0, 1<<24}; - CRYPTOPP_ALIGN_DATA(16) - const word32 s_one32x4_2b[] = {0, 2<<24, 0, 2<<24}; - - const ptrdiff_t blockSize = 8; - const ptrdiff_t xmmBlockSize = 16; - - ptrdiff_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : xmmBlockSize; - ptrdiff_t xorIncrement = (xorBlocks != NULLPTR) ? xmmBlockSize : 0; - ptrdiff_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : xmmBlockSize; - - // Clang and Coverity are generating findings using xorBlocks as a flag. - const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); - const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); - - if (flags & BT_ReverseDirection) - { - inBlocks += static_cast(length) - xmmBlockSize; - xorBlocks += static_cast(length) - xmmBlockSize; - outBlocks += static_cast(length) - xmmBlockSize; - inIncrement = 0-inIncrement; - xorIncrement = 0-xorIncrement; - outIncrement = 0-outIncrement; - } - - if (flags & BT_AllowParallel) - { - while (length >= 6*xmmBlockSize) - { - __m128i block0, block1, block2, block3, block4, block5; - if (flags & BT_InBlockIsCounter) - { - // For 64-bit block ciphers we need to load the CTR block, which is 8 bytes. - // After the dup load we have two counters in the XMM word. Then we need - // to increment the low ctr by 0 and the high ctr by 1. - block0 = _mm_add_epi32(*CONST_M128_CAST(s_one32x4_1b), _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(inBlocks)))); - - // After initial increment of {0,1} remaining counters increment by {2,2}. - const __m128i be2 = *CONST_M128_CAST(s_one32x4_2b); - block1 = _mm_add_epi32(be2, block0); - block2 = _mm_add_epi32(be2, block1); - block3 = _mm_add_epi32(be2, block2); - block4 = _mm_add_epi32(be2, block3); - block5 = _mm_add_epi32(be2, block4); - - // Store the next counter. UBsan false positive; mem_addr can be unaligned. - _mm_store_sd(DOUBLE_CAST(inBlocks), - _mm_castsi128_pd(_mm_add_epi32(be2, block5))); - } - else - { - block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block1 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block2 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block3 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block4 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block5 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - } - - if (xorInput) - { - block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block2 = _mm_xor_si128(block2, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block3 = _mm_xor_si128(block3, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block4 = _mm_xor_si128(block4, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block5 = _mm_xor_si128(block5, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - } - - func6(block0, block1, block2, block3, block4, block5, subKeys, static_cast(rounds)); - - if (xorOutput) - { - block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block2 = _mm_xor_si128(block2, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block3 = _mm_xor_si128(block3, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block4 = _mm_xor_si128(block4, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block5 = _mm_xor_si128(block5, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - } - - _mm_storeu_si128(M128_CAST(outBlocks), block0); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block1); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block2); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block3); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block4); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block5); - outBlocks += outIncrement; - - length -= 6*xmmBlockSize; - } - - while (length >= 2*xmmBlockSize) - { - __m128i block0, block1; - if (flags & BT_InBlockIsCounter) - { - // For 64-bit block ciphers we need to load the CTR block, which is 8 bytes. - // After the dup load we have two counters in the XMM word. Then we need - // to increment the low ctr by 0 and the high ctr by 1. - block0 = _mm_add_epi32(*CONST_M128_CAST(s_one32x4_1b), _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(inBlocks)))); - - // After initial increment of {0,1} remaining counters increment by {2,2}. - const __m128i be2 = *CONST_M128_CAST(s_one32x4_2b); - block1 = _mm_add_epi32(be2, block0); - - // Store the next counter. UBsan false positive; mem_addr can be unaligned. - _mm_store_sd(DOUBLE_CAST(inBlocks), - _mm_castsi128_pd(_mm_add_epi64(be2, block1))); - } - else - { - block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block1 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - } - - if (xorInput) - { - block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - } - - func2(block0, block1, subKeys, static_cast(rounds)); - - if (xorOutput) - { - block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - } - - _mm_storeu_si128(M128_CAST(outBlocks), block0); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block1); - outBlocks += outIncrement; - - length -= 2*xmmBlockSize; - } - } - - if (length) - { - // Adjust to real block size - if (flags & BT_ReverseDirection) - { - inIncrement += inIncrement ? blockSize : 0; - xorIncrement += xorIncrement ? blockSize : 0; - outIncrement += outIncrement ? blockSize : 0; - inBlocks -= inIncrement; - xorBlocks -= xorIncrement; - outBlocks -= outIncrement; - } - else - { - inIncrement -= inIncrement ? blockSize : 0; - xorIncrement -= xorIncrement ? blockSize : 0; - outIncrement -= outIncrement ? blockSize : 0; - } - - while (length >= blockSize) - { - __m128i block, zero = _mm_setzero_si128(); - block = _mm_castpd_si128( - // UBsan false positive; mem_addr can be unaligned. - _mm_load_sd(CONST_DOUBLE_CAST(inBlocks))); - - if (xorInput) - { - block = _mm_xor_si128(block, _mm_castpd_si128( - // UBsan false positive; mem_addr can be unaligned. - _mm_load_sd(CONST_DOUBLE_CAST(xorBlocks)))); - } - - if (flags & BT_InBlockIsCounter) - const_cast(inBlocks)[7]++; - - func2(block, zero, subKeys, static_cast(rounds)); - - if (xorOutput) - { - block = _mm_xor_si128(block, _mm_castpd_si128( - // UBsan false positive; mem_addr can be unaligned. - _mm_load_sd(CONST_DOUBLE_CAST(xorBlocks)))); - } - - // UBsan false positive; mem_addr can be unaligned. - _mm_store_sd(DOUBLE_CAST(outBlocks), _mm_castsi128_pd(block)); - - inBlocks += inIncrement; - outBlocks += outIncrement; - xorBlocks += xorIncrement; - length -= blockSize; - } - } - - return length; -} - -template -inline size_t AdvancedProcessBlocks128_6x2_SSE(F2 func2, F6 func6, - const word64 *subKeys, size_t rounds, const byte *inBlocks, - const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - CRYPTOPP_ASSERT(subKeys); - CRYPTOPP_ASSERT(inBlocks); - CRYPTOPP_ASSERT(outBlocks); - CRYPTOPP_ASSERT(length >= 16); - - CRYPTOPP_ALIGN_DATA(16) - const word32 s_one32x4[] = {0, 0, 0, 1<<24}; - - const ptrdiff_t blockSize = 16; - // const ptrdiff_t xmmBlockSize = 16; - - ptrdiff_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; - ptrdiff_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; - ptrdiff_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; - - // Clang and Coverity are generating findings using xorBlocks as a flag. - const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); - const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); - - if (flags & BT_ReverseDirection) - { - inBlocks += static_cast(length) - blockSize; - xorBlocks += static_cast(length) - blockSize; - outBlocks += static_cast(length) - blockSize; - inIncrement = 0-inIncrement; - xorIncrement = 0-xorIncrement; - outIncrement = 0-outIncrement; - } - - if (flags & BT_AllowParallel) - { - while (length >= 6*blockSize) - { - __m128i block0, block1, block2, block3, block4, block5; - if (flags & BT_InBlockIsCounter) - { - const __m128i be1 = *CONST_M128_CAST(s_one32x4); - block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - block1 = _mm_add_epi32(block0, be1); - block2 = _mm_add_epi32(block1, be1); - block3 = _mm_add_epi32(block2, be1); - block4 = _mm_add_epi32(block3, be1); - block5 = _mm_add_epi32(block4, be1); - _mm_storeu_si128(M128_CAST(inBlocks), _mm_add_epi32(block5, be1)); - } - else - { - block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block1 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block2 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block3 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block4 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block5 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - } - - if (xorInput) - { - block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block2 = _mm_xor_si128(block2, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block3 = _mm_xor_si128(block3, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block4 = _mm_xor_si128(block4, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block5 = _mm_xor_si128(block5, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - } - - func6(block0, block1, block2, block3, block4, block5, subKeys, static_cast(rounds)); - - if (xorOutput) - { - block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block2 = _mm_xor_si128(block2, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block3 = _mm_xor_si128(block3, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block4 = _mm_xor_si128(block4, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block5 = _mm_xor_si128(block5, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - } - - _mm_storeu_si128(M128_CAST(outBlocks), block0); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block1); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block2); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block3); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block4); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block5); - outBlocks += outIncrement; - - length -= 6*blockSize; - } - - while (length >= 2*blockSize) - { - __m128i block0, block1; - if (flags & BT_InBlockIsCounter) - { - const __m128i be1 = *CONST_M128_CAST(s_one32x4); - block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - block1 = _mm_add_epi32(block0, be1); - _mm_storeu_si128(M128_CAST(inBlocks), _mm_add_epi32(block1, be1)); - } - else - { - block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block1 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - } - - if (xorInput) - { - block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - } - - func2(block0, block1, subKeys, static_cast(rounds)); - - if (xorOutput) - { - block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - } - - _mm_storeu_si128(M128_CAST(outBlocks), block0); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block1); - outBlocks += outIncrement; - - length -= 2*blockSize; - } - } - - while (length >= blockSize) - { - __m128i block, zero = _mm_setzero_si128(); - block = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - - if (xorInput) - block = _mm_xor_si128(block, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - - if (flags & BT_InBlockIsCounter) - const_cast(inBlocks)[15]++; - - func2(block, zero, subKeys, static_cast(rounds)); - - if (xorOutput) - block = _mm_xor_si128(block, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - - _mm_storeu_si128(M128_CAST(outBlocks), block); - - inBlocks += inIncrement; - outBlocks += outIncrement; - xorBlocks += xorIncrement; - length -= blockSize; - } - - return length; -} - -template -inline size_t AdvancedProcessBlocks128_4x1_SSE(F1 func1, F4 func4, - MAYBE_CONST word32 *subKeys, size_t rounds, const byte *inBlocks, - const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - CRYPTOPP_ASSERT(subKeys); - CRYPTOPP_ASSERT(inBlocks); - CRYPTOPP_ASSERT(outBlocks); - CRYPTOPP_ASSERT(length >= 16); - - CRYPTOPP_ALIGN_DATA(16) - const word32 s_one32x4[] = {0, 0, 0, 1<<24}; - - const ptrdiff_t blockSize = 16; - // const ptrdiff_t xmmBlockSize = 16; - - ptrdiff_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; - ptrdiff_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; - ptrdiff_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; - - // Clang and Coverity are generating findings using xorBlocks as a flag. - const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); - const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); - - if (flags & BT_ReverseDirection) - { - inBlocks += static_cast(length) - blockSize; - xorBlocks += static_cast(length) - blockSize; - outBlocks += static_cast(length) - blockSize; - inIncrement = 0-inIncrement; - xorIncrement = 0-xorIncrement; - outIncrement = 0-outIncrement; - } - - if (flags & BT_AllowParallel) - { - while (length >= 4*blockSize) - { - __m128i block0, block1, block2, block3; - if (flags & BT_InBlockIsCounter) - { - const __m128i be1 = *CONST_M128_CAST(s_one32x4); - block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - block1 = _mm_add_epi32(block0, be1); - block2 = _mm_add_epi32(block1, be1); - block3 = _mm_add_epi32(block2, be1); - _mm_storeu_si128(M128_CAST(inBlocks), _mm_add_epi32(block3, be1)); - } - else - { - block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block1 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block2 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - block3 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - inBlocks += inIncrement; - } - - if (xorInput) - { - block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block2 = _mm_xor_si128(block2, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block3 = _mm_xor_si128(block3, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - } - - func4(block0, block1, block2, block3, subKeys, static_cast(rounds)); - - if (xorOutput) - { - block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block2 = _mm_xor_si128(block2, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - block3 = _mm_xor_si128(block3, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - xorBlocks += xorIncrement; - } - - _mm_storeu_si128(M128_CAST(outBlocks), block0); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block1); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block2); - outBlocks += outIncrement; - _mm_storeu_si128(M128_CAST(outBlocks), block3); - outBlocks += outIncrement; - - length -= 4*blockSize; - } - } - - while (length >= blockSize) - { - __m128i block = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); - - if (xorInput) - block = _mm_xor_si128(block, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - - if (flags & BT_InBlockIsCounter) - const_cast(inBlocks)[15]++; - - func1(block, subKeys, static_cast(rounds)); - - if (xorOutput) - block = _mm_xor_si128(block, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); - - _mm_storeu_si128(M128_CAST(outBlocks), block); - - inBlocks += inIncrement; - outBlocks += outIncrement; - xorBlocks += xorIncrement; - length -= blockSize; - } - - return length; -} - -NAMESPACE_END // CryptoPP - -#endif // CRYPTOPP_SSSE3_AVAILABLE - -// *********************** Altivec/Power 4 ********************** // - -#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) - -NAMESPACE_BEGIN(CryptoPP) - -template -inline size_t AdvancedProcessBlocks128_6x1_ALTIVEC(F1 func1, F6 func6, - const word32 *subKeys, size_t rounds, const byte *inBlocks, - const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - CRYPTOPP_ASSERT(subKeys); - CRYPTOPP_ASSERT(inBlocks); - CRYPTOPP_ASSERT(outBlocks); - CRYPTOPP_ASSERT(length >= 16); - -#if defined(CRYPTOPP_LITTLE_ENDIAN) - const uint32x4_p s_one = {1,0,0,0}; -#else - const uint32x4_p s_one = {0,0,0,1}; -#endif - - const ptrdiff_t blockSize = 16; - // const ptrdiff_t vexBlockSize = 16; - - ptrdiff_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; - ptrdiff_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; - ptrdiff_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; - - // Clang and Coverity are generating findings using xorBlocks as a flag. - const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); - const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); - - if (flags & BT_ReverseDirection) - { - inBlocks += static_cast(length) - blockSize; - xorBlocks += static_cast(length) - blockSize; - outBlocks += static_cast(length) - blockSize; - inIncrement = 0-inIncrement; - xorIncrement = 0-xorIncrement; - outIncrement = 0-outIncrement; - } - - if (flags & BT_AllowParallel) - { - while (length >= 6*blockSize) - { - uint32x4_p block0, block1, block2, block3, block4, block5, temp; - - if (flags & BT_InBlockIsCounter) - { - block0 = VectorLoad(inBlocks); - block1 = VectorAdd(block0, s_one); - block2 = VectorAdd(block1, s_one); - block3 = VectorAdd(block2, s_one); - block4 = VectorAdd(block3, s_one); - block5 = VectorAdd(block4, s_one); - temp = VectorAdd(block5, s_one); - VectorStore(temp, const_cast(inBlocks)); - } - else - { - block0 = VectorLoad(inBlocks); - inBlocks += inIncrement; - block1 = VectorLoad(inBlocks); - inBlocks += inIncrement; - block2 = VectorLoad(inBlocks); - inBlocks += inIncrement; - block3 = VectorLoad(inBlocks); - inBlocks += inIncrement; - block4 = VectorLoad(inBlocks); - inBlocks += inIncrement; - block5 = VectorLoad(inBlocks); - inBlocks += inIncrement; - } - - if (xorInput) - { - block0 = VectorXor(block0, VectorLoad(xorBlocks)); - xorBlocks += xorIncrement; - block1 = VectorXor(block1, VectorLoad(xorBlocks)); - xorBlocks += xorIncrement; - block2 = VectorXor(block2, VectorLoad(xorBlocks)); - xorBlocks += xorIncrement; - block3 = VectorXor(block3, VectorLoad(xorBlocks)); - xorBlocks += xorIncrement; - block4 = VectorXor(block4, VectorLoad(xorBlocks)); - xorBlocks += xorIncrement; - block5 = VectorXor(block5, VectorLoad(xorBlocks)); - xorBlocks += xorIncrement; - } - - func6(block0, block1, block2, block3, block4, block5, subKeys, rounds); - - if (xorOutput) - { - block0 = VectorXor(block0, VectorLoad(xorBlocks)); - xorBlocks += xorIncrement; - block1 = VectorXor(block1, VectorLoad(xorBlocks)); - xorBlocks += xorIncrement; - block2 = VectorXor(block2, VectorLoad(xorBlocks)); - xorBlocks += xorIncrement; - block3 = VectorXor(block3, VectorLoad(xorBlocks)); - xorBlocks += xorIncrement; - block4 = VectorXor(block4, VectorLoad(xorBlocks)); - xorBlocks += xorIncrement; - block5 = VectorXor(block5, VectorLoad(xorBlocks)); - xorBlocks += xorIncrement; - } - - VectorStore(block0, outBlocks); - outBlocks += outIncrement; - VectorStore(block1, outBlocks); - outBlocks += outIncrement; - VectorStore(block2, outBlocks); - outBlocks += outIncrement; - VectorStore(block3, outBlocks); - outBlocks += outIncrement; - VectorStore(block4, outBlocks); - outBlocks += outIncrement; - VectorStore(block5, outBlocks); - outBlocks += outIncrement; - - length -= 6*blockSize; - } - } - - while (length >= blockSize) - { - uint32x4_p block = VectorLoad(inBlocks); - - if (xorInput) - block = VectorXor(block, VectorLoad(xorBlocks)); - - if (flags & BT_InBlockIsCounter) - const_cast(inBlocks)[15]++; - - func1(block, subKeys, rounds); - - if (xorOutput) - block = VectorXor(block, VectorLoad(xorBlocks)); - - VectorStore(block, outBlocks); - - inBlocks += inIncrement; - outBlocks += outIncrement; - xorBlocks += xorIncrement; - length -= blockSize; - } - - return length; -} - -NAMESPACE_END // CryptoPP - -#endif // CRYPTOPP_ALTIVEC_AVAILABLE - -#endif // CRYPTOPP_ADVANCED_SIMD_TEMPLATES diff --git a/vendor/cryptopp/vendor_cryptopp/adv_simd.h b/vendor/cryptopp/vendor_cryptopp/adv_simd.h new file mode 100644 index 00000000..41d68ff1 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/adv_simd.h @@ -0,0 +1,2381 @@ +// adv_simd.h - written and placed in the public domain by Jeffrey Walton + +/// \file adv_simd.h +/// \brief Template for AdvancedProcessBlocks and SIMD processing + +// The SIMD based implementations for ciphers that use SSE, NEON and Power7 +// have a commom pattern. Namely, they have a specialized implementation of +// AdvancedProcessBlocks which processes multiple block using hardware +// acceleration. After several implementations we noticed a lot of copy and +// paste occuring. adv_simd.h provides a template to avoid the copy and paste. +// +// There are 11 templates provided in this file. The number following the +// function name, 64 or 128, is the block size. The name following the block +// size is the arrangement and acceleration. For example 4x1_SSE means Intel +// SSE using two encrypt (or decrypt) functions: one that operates on 4 SIMD +// words, and one that operates on 1 SIMD words. +// +// The distinction between SIMD words versus cipher blocks is important +// because 64-bit ciphers use one SIMD word for two cipher blocks. For +// example, AdvancedProcessBlocks64_6x2_ALTIVEC operates on 6 and 2 SIMD +// words, which is 12 and 4 cipher blocks. The function will do the right +// thing even if there is only one 64-bit block to encrypt. +// +// * AdvancedProcessBlocks64_2x1_SSE +// * AdvancedProcessBlocks64_4x1_SSE +// * AdvancedProcessBlocks128_4x1_SSE +// * AdvancedProcessBlocks64_6x2_SSE +// * AdvancedProcessBlocks128_6x2_SSE +// * AdvancedProcessBlocks64_6x2_NEON +// * AdvancedProcessBlocks128_4x1_NEON +// * AdvancedProcessBlocks128_6x2_NEON +// * AdvancedProcessBlocks64_6x2_ALTIVEC +// * AdvancedProcessBlocks128_4x1_ALTIVEC +// * AdvancedProcessBlocks128_6x1_ALTIVEC +// +// If an arrangement ends in 2, like 6x2, then the template will handle the +// single block case by padding with 0's and using the two SIMD word +// function. This happens at most one time when processing multiple blocks. +// The extra processing of a zero block is trivial and worth the tradeoff. +// +// The MAYBE_CONST macro present on x86 is a SunCC workaround. Some versions +// of SunCC lose/drop the const-ness in the F1 and F4 functions. It eventually +// results in a failed link due to the const/non-const mismatch. + +#ifndef CRYPTOPP_ADVANCED_SIMD_TEMPLATES +#define CRYPTOPP_ADVANCED_SIMD_TEMPLATES + +#include "config.h" +#include "misc.h" +#include "stdcpp.h" + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +# include +#endif + +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +# include +#endif + +#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE) +# include +# include +#endif + +// SunCC needs CRYPTOPP_SSSE3_AVAILABLE, too +#if (CRYPTOPP_SSSE3_AVAILABLE) +# include +# include +# include +#endif + +#if defined(__ALTIVEC__) +# include "ppc_simd.h" +#endif + +// ************************ All block ciphers *********************** // + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::BlockTransformation; + +CRYPTOPP_CONSTANT(BT_XorInput = BlockTransformation::BT_XorInput) +CRYPTOPP_CONSTANT(BT_AllowParallel = BlockTransformation::BT_AllowParallel) +CRYPTOPP_CONSTANT(BT_InBlockIsCounter = BlockTransformation::BT_InBlockIsCounter) +CRYPTOPP_CONSTANT(BT_ReverseDirection = BlockTransformation::BT_ReverseDirection) +CRYPTOPP_CONSTANT(BT_DontIncrementInOutPointers = BlockTransformation::BT_DontIncrementInOutPointers) + +ANONYMOUS_NAMESPACE_END + +// *************************** ARM NEON ************************** // + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + +NAMESPACE_BEGIN(CryptoPP) + +/// \brief AdvancedProcessBlocks for 2 and 6 blocks +/// \tparam F2 function to process 2 64-bit blocks +/// \tparam F6 function to process 6 64-bit blocks +/// \tparam W word type of the subkey table +/// \details AdvancedProcessBlocks64_6x2_NEON processes 6 and 2 NEON SIMD words +/// at a time. For a single block the template uses F2 with a zero block. +/// \details The subkey type is usually word32 or word64. F2 and F6 must use the +/// same word type. +template +inline size_t AdvancedProcessBlocks64_6x2_NEON(F2 func2, F6 func6, + const W *subKeys, size_t rounds, const byte *inBlocks, + const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + CRYPTOPP_ASSERT(subKeys); + CRYPTOPP_ASSERT(inBlocks); + CRYPTOPP_ASSERT(outBlocks); + CRYPTOPP_ASSERT(length >= 8); + +#if (CRYPTOPP_LITTLE_ENDIAN) + const uint32x4_t s_one = {0, 0, 0, 1<<24}; + const uint32x4_t s_two = {0, 2<<24, 0, 2<<24}; +#else + // TODO: verify these constants on ARM-BE + const uint32x4_t s_one = {0, 0, 0, 1}; + const uint32x4_t s_two = {0, 2, 0, 2}; +#endif + + const size_t blockSize = 8; + const size_t neonBlockSize = 16; + + size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : neonBlockSize; + size_t xorIncrement = (xorBlocks != NULLPTR) ? neonBlockSize : 0; + size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : neonBlockSize; + + // Clang and Coverity are generating findings using xorBlocks as a flag. + const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + + if (flags & BT_ReverseDirection) + { + inBlocks = PtrAdd(inBlocks, length - neonBlockSize); + xorBlocks = PtrAdd(xorBlocks, length - neonBlockSize); + outBlocks = PtrAdd(outBlocks, length - neonBlockSize); + inIncrement = 0-inIncrement; + xorIncrement = 0-xorIncrement; + outIncrement = 0-outIncrement; + } + + if (flags & BT_AllowParallel) + { + while (length >= 6*neonBlockSize) + { + uint32x4_t block0, block1, block2, block3, block4, block5; + if (flags & BT_InBlockIsCounter) + { + // For 64-bit block ciphers we need to load the CTR block, which is 8 bytes. + // After the dup load we have two counters in the NEON word. Then we need + // to increment the low ctr by 0 and the high ctr by 1. + const uint8x8_t ctr = vld1_u8(inBlocks); + block0 = vaddq_u32(s_one, vreinterpretq_u32_u8(vcombine_u8(ctr,ctr))); + + // After initial increment of {0,1} remaining counters increment by {2,2}. + block1 = vaddq_u32(s_two, block0); + block2 = vaddq_u32(s_two, block1); + block3 = vaddq_u32(s_two, block2); + block4 = vaddq_u32(s_two, block3); + block5 = vaddq_u32(s_two, block4); + + vst1_u8(const_cast(inBlocks), vget_low_u8( + vreinterpretq_u8_u32(vaddq_u32(s_two, block5)))); + } + else + { + block0 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block2 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block3 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block4 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block5 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = veorq_u32(block0, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = veorq_u32(block1, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = veorq_u32(block2, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = veorq_u32(block3, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block4 = veorq_u32(block4, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block5 = veorq_u32(block5, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func6(block0, block1, block2, block3, block4, block5, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = veorq_u32(block0, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = veorq_u32(block1, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = veorq_u32(block2, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = veorq_u32(block3, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block4 = veorq_u32(block4, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block5 = veorq_u32(block5, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + vst1q_u8(outBlocks, vreinterpretq_u8_u32(block0)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u32(block1)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u32(block2)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u32(block3)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u32(block4)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u32(block5)); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 6*neonBlockSize; + } + + while (length >= 2*neonBlockSize) + { + uint32x4_t block0, block1; + if (flags & BT_InBlockIsCounter) + { + // For 64-bit block ciphers we need to load the CTR block, which is 8 bytes. + // After the dup load we have two counters in the NEON word. Then we need + // to increment the low ctr by 0 and the high ctr by 1. + const uint8x8_t ctr = vld1_u8(inBlocks); + block0 = vaddq_u32(s_one, vreinterpretq_u32_u8(vcombine_u8(ctr,ctr))); + + // After initial increment of {0,1} remaining counters increment by {2,2}. + block1 = vaddq_u32(s_two, block0); + + vst1_u8(const_cast(inBlocks), vget_low_u8( + vreinterpretq_u8_u32(vaddq_u32(s_two, block1)))); + } + else + { + block0 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = vreinterpretq_u32_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = veorq_u32(block0, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = veorq_u32(block1, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func2(block0, block1, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = veorq_u32(block0, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = veorq_u32(block1, vreinterpretq_u32_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + vst1q_u8(outBlocks, vreinterpretq_u8_u32(block0)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u32(block1)); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 2*neonBlockSize; + } + } + + if (length) + { + // Adjust to real block size + if (flags & BT_ReverseDirection) + { + inIncrement += inIncrement ? blockSize : 0; + xorIncrement += xorIncrement ? blockSize : 0; + outIncrement += outIncrement ? blockSize : 0; + inBlocks = PtrSub(inBlocks, inIncrement); + xorBlocks = PtrSub(xorBlocks, xorIncrement); + outBlocks = PtrSub(outBlocks, outIncrement); + } + else + { + inIncrement -= inIncrement ? blockSize : 0; + xorIncrement -= xorIncrement ? blockSize : 0; + outIncrement -= outIncrement ? blockSize : 0; + } + + while (length >= blockSize) + { + uint32x4_t block, zero = {0}; + + const uint8x8_t v = vld1_u8(inBlocks); + block = vreinterpretq_u32_u8(vcombine_u8(v,v)); + + if (xorInput) + { + const uint8x8_t x = vld1_u8(xorBlocks); + block = veorq_u32(block, vreinterpretq_u32_u8(vcombine_u8(x,x))); + } + + if (flags & BT_InBlockIsCounter) + const_cast(inBlocks)[7]++; + + func2(block, zero, subKeys, static_cast(rounds)); + + if (xorOutput) + { + const uint8x8_t x = vld1_u8(xorBlocks); + block = veorq_u32(block, vreinterpretq_u32_u8(vcombine_u8(x,x))); + } + + vst1_u8(const_cast(outBlocks), + vget_low_u8(vreinterpretq_u8_u32(block))); + + inBlocks = PtrAdd(inBlocks, inIncrement); + outBlocks = PtrAdd(outBlocks, outIncrement); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + length -= blockSize; + } + } + + return length; +} + +/// \brief AdvancedProcessBlocks for 1 and 6 blocks +/// \tparam F1 function to process 1 128-bit block +/// \tparam F6 function to process 6 128-bit blocks +/// \tparam W word type of the subkey table +/// \details AdvancedProcessBlocks128_6x1_NEON processes 6 and 2 NEON SIMD words +/// at a time. +/// \details The subkey type is usually word32 or word64. F1 and F6 must use the +/// same word type. +template +inline size_t AdvancedProcessBlocks128_6x1_NEON(F1 func1, F6 func6, + const W *subKeys, size_t rounds, const byte *inBlocks, + const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + CRYPTOPP_ASSERT(subKeys); + CRYPTOPP_ASSERT(inBlocks); + CRYPTOPP_ASSERT(outBlocks); + CRYPTOPP_ASSERT(length >= 16); + +#if (CRYPTOPP_LITTLE_ENDIAN) + const uint32x4_t s_one = {0, 0, 0, 1<<24}; + //const uint32x4_t s_two = {0, 2<<24, 0, 2<<24}; +#else + // TODO: verify these constants on ARM-BE + const uint32x4_t s_one = {0, 0, 0, 1}; + //const uint32x4_t s_two = {0, 2, 0, 2}; +#endif + + const size_t blockSize = 16; + // const size_t neonBlockSize = 16; + + size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; + size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + + // Clang and Coverity are generating findings using xorBlocks as a flag. + const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + + if (flags & BT_ReverseDirection) + { + inBlocks = PtrAdd(inBlocks, length - blockSize); + xorBlocks = PtrAdd(xorBlocks, length - blockSize); + outBlocks = PtrAdd(outBlocks, length - blockSize); + inIncrement = 0-inIncrement; + xorIncrement = 0-xorIncrement; + outIncrement = 0-outIncrement; + } + + if (flags & BT_AllowParallel) + { + while (length >= 6*blockSize) + { + uint64x2_t block0, block1, block2, block3, block4, block5; + if (flags & BT_InBlockIsCounter) + { + const uint64x2_t one = vreinterpretq_u64_u32(s_one); + block0 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + block1 = vaddq_u64(block0, one); + block2 = vaddq_u64(block1, one); + block3 = vaddq_u64(block2, one); + block4 = vaddq_u64(block3, one); + block5 = vaddq_u64(block4, one); + vst1q_u8(const_cast(inBlocks), + vreinterpretq_u8_u64(vaddq_u64(block5, one))); + } + else + { + block0 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block2 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block3 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block4 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block5 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = veorq_u64(block0, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = veorq_u64(block1, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = veorq_u64(block2, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = veorq_u64(block3, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block4 = veorq_u64(block4, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block5 = veorq_u64(block5, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func6(block0, block1, block2, block3, block4, block5, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = veorq_u64(block0, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = veorq_u64(block1, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = veorq_u64(block2, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = veorq_u64(block3, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block4 = veorq_u64(block4, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block5 = veorq_u64(block5, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block0)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block1)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block2)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block3)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block4)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block5)); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 6*blockSize; + } + } + + while (length >= blockSize) + { + uint64x2_t block; + block = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + + if (xorInput) + block = veorq_u64(block, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + + if (flags & BT_InBlockIsCounter) + const_cast(inBlocks)[15]++; + + func1(block, subKeys, static_cast(rounds)); + + if (xorOutput) + block = veorq_u64(block, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block)); + + inBlocks = PtrAdd(inBlocks, inIncrement); + outBlocks = PtrAdd(outBlocks, outIncrement); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + length -= blockSize; + } + + return length; +} + +/// \brief AdvancedProcessBlocks for 1 and 4 blocks +/// \tparam F1 function to process 1 128-bit block +/// \tparam F4 function to process 4 128-bit blocks +/// \tparam W word type of the subkey table +/// \tparam V vector type of the NEON datatype +/// \details AdvancedProcessBlocks128_4x1_NEON processes 4 and 1 NEON SIMD words +/// at a time. +/// \details The subkey type is usually word32 or word64. V is the vector type and it is +/// usually uint32x4_t or uint64x2_t. F1, F4, W and V must use the same word and +/// vector type. The V parameter is used to avoid template argument +/// deduction/substitution failures. +template +inline size_t AdvancedProcessBlocks128_4x1_NEON(F1 func1, F4 func4, + const V& unused, const W *subKeys, size_t rounds, const byte *inBlocks, + const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + CRYPTOPP_ASSERT(subKeys); + CRYPTOPP_ASSERT(inBlocks); + CRYPTOPP_ASSERT(outBlocks); + CRYPTOPP_ASSERT(length >= 16); + CRYPTOPP_UNUSED(unused); + +#if (CRYPTOPP_LITTLE_ENDIAN) + const uint32x4_t s_one = {0, 0, 0, 1<<24}; + //const uint32x4_t s_two = {0, 2<<24, 0, 2<<24}; +#else + // TODO: verify these constants on ARM-BE + const uint32x4_t s_one = {0, 0, 0, 1}; + //const uint32x4_t s_two = {0, 2, 0, 2}; +#endif + + const size_t blockSize = 16; + // const size_t neonBlockSize = 16; + + size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; + size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + + // Clang and Coverity are generating findings using xorBlocks as a flag. + const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + + if (flags & BT_ReverseDirection) + { + inBlocks = PtrAdd(inBlocks, length - blockSize); + xorBlocks = PtrAdd(xorBlocks, length - blockSize); + outBlocks = PtrAdd(outBlocks, length - blockSize); + inIncrement = 0-inIncrement; + xorIncrement = 0-xorIncrement; + outIncrement = 0-outIncrement; + } + + if (flags & BT_AllowParallel) + { + while (length >= 4*blockSize) + { + uint64x2_t block0, block1, block2, block3; + if (flags & BT_InBlockIsCounter) + { + const uint64x2_t one = vreinterpretq_u64_u32(s_one); + block0 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + block1 = vaddq_u64(block0, one); + block2 = vaddq_u64(block1, one); + block3 = vaddq_u64(block2, one); + vst1q_u8(const_cast(inBlocks), + vreinterpretq_u8_u64(vaddq_u64(block3, one))); + } + else + { + block0 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block2 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block3 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = veorq_u64(block0, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = veorq_u64(block1, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = veorq_u64(block2, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = veorq_u64(block3, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func4((V&)block0, (V&)block1, (V&)block2, (V&)block3, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = veorq_u64(block0, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = veorq_u64(block1, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = veorq_u64(block2, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = veorq_u64(block3, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block0)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block1)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block2)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block3)); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 4*blockSize; + } + } + + while (length >= blockSize) + { + uint64x2_t block = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + + if (xorInput) + block = veorq_u64(block, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + + if (flags & BT_InBlockIsCounter) + const_cast(inBlocks)[15]++; + + func1( (V&)block, subKeys, static_cast(rounds)); + + if (xorOutput) + block = veorq_u64(block, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block)); + + inBlocks = PtrAdd(inBlocks, inIncrement); + outBlocks = PtrAdd(outBlocks, outIncrement); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + length -= blockSize; + } + + return length; +} + +/// \brief AdvancedProcessBlocks for 2 and 6 blocks +/// \tparam F2 function to process 2 128-bit blocks +/// \tparam F6 function to process 6 128-bit blocks +/// \tparam W word type of the subkey table +/// \details AdvancedProcessBlocks128_6x2_NEON processes 6 and 2 NEON SIMD words +/// at a time. For a single block the template uses F2 with a zero block. +/// \details The subkey type is usually word32 or word64. F2 and F6 must use the +/// same word type. +template +inline size_t AdvancedProcessBlocks128_6x2_NEON(F2 func2, F6 func6, + const W *subKeys, size_t rounds, const byte *inBlocks, + const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + CRYPTOPP_ASSERT(subKeys); + CRYPTOPP_ASSERT(inBlocks); + CRYPTOPP_ASSERT(outBlocks); + CRYPTOPP_ASSERT(length >= 16); + +#if (CRYPTOPP_LITTLE_ENDIAN) + const uint32x4_t s_one = {0, 0, 0, 1<<24}; + //const uint32x4_t s_two = {0, 2<<24, 0, 2<<24}; +#else + // TODO: verify these constants on ARM-BE + const uint32x4_t s_one = {0, 0, 0, 1}; + //const uint32x4_t s_two = {0, 2, 0, 2}; +#endif + + const size_t blockSize = 16; + // const size_t neonBlockSize = 16; + + size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; + size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + + // Clang and Coverity are generating findings using xorBlocks as a flag. + const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + + if (flags & BT_ReverseDirection) + { + inBlocks = PtrAdd(inBlocks, length - blockSize); + xorBlocks = PtrAdd(xorBlocks, length - blockSize); + outBlocks = PtrAdd(outBlocks, length - blockSize); + inIncrement = 0-inIncrement; + xorIncrement = 0-xorIncrement; + outIncrement = 0-outIncrement; + } + + if (flags & BT_AllowParallel) + { + while (length >= 6*blockSize) + { + uint64x2_t block0, block1, block2, block3, block4, block5; + if (flags & BT_InBlockIsCounter) + { + const uint64x2_t one = vreinterpretq_u64_u32(s_one); + block0 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + block1 = vaddq_u64(block0, one); + block2 = vaddq_u64(block1, one); + block3 = vaddq_u64(block2, one); + block4 = vaddq_u64(block3, one); + block5 = vaddq_u64(block4, one); + vst1q_u8(const_cast(inBlocks), + vreinterpretq_u8_u64(vaddq_u64(block5, one))); + } + else + { + block0 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block2 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block3 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block4 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block5 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = veorq_u64(block0, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = veorq_u64(block1, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = veorq_u64(block2, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = veorq_u64(block3, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block4 = veorq_u64(block4, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block5 = veorq_u64(block5, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func6(block0, block1, block2, block3, block4, block5, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = veorq_u64(block0, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = veorq_u64(block1, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = veorq_u64(block2, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = veorq_u64(block3, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block4 = veorq_u64(block4, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block5 = veorq_u64(block5, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block0)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block1)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block2)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block3)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block4)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block5)); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 6*blockSize; + } + + while (length >= 2*blockSize) + { + uint64x2_t block0, block1; + if (flags & BT_InBlockIsCounter) + { + const uint64x2_t one = vreinterpretq_u64_u32(s_one); + block0 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + block1 = vaddq_u64(block0, one); + vst1q_u8(const_cast(inBlocks), + vreinterpretq_u8_u64(vaddq_u64(block1, one))); + } + else + { + block0 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = veorq_u64(block0, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = veorq_u64(block1, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func2(block0, block1, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = veorq_u64(block0, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = veorq_u64(block1, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block0)); + outBlocks = PtrAdd(outBlocks, outIncrement); + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block1)); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 2*blockSize; + } + } + + while (length >= blockSize) + { + uint64x2_t block, zero = {0,0}; + block = vreinterpretq_u64_u8(vld1q_u8(inBlocks)); + + if (xorInput) + block = veorq_u64(block, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + + if (flags & BT_InBlockIsCounter) + const_cast(inBlocks)[15]++; + + func2(block, zero, subKeys, static_cast(rounds)); + + if (xorOutput) + block = veorq_u64(block, vreinterpretq_u64_u8(vld1q_u8(xorBlocks))); + + vst1q_u8(outBlocks, vreinterpretq_u8_u64(block)); + + inBlocks = PtrAdd(inBlocks, inIncrement); + outBlocks = PtrAdd(outBlocks, outIncrement); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + length -= blockSize; + } + + return length; +} + +NAMESPACE_END // CryptoPP + +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +// *************************** Intel SSE ************************** // + +#if defined(CRYPTOPP_SSSE3_AVAILABLE) + +// Hack for SunCC, http://github.com/weidai11/cryptopp/issues/224 +#if (__SUNPRO_CC >= 0x5130) +# define MAYBE_CONST +# define MAYBE_UNCONST_CAST(T, x) const_cast(x) +#else +# define MAYBE_CONST const +# define MAYBE_UNCONST_CAST(T, x) (x) +#endif + +// Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670 +#ifndef M128_CAST +# define M128_CAST(x) ((__m128i *)(void *)(x)) +#endif +#ifndef CONST_M128_CAST +# define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) +#endif + +NAMESPACE_BEGIN(CryptoPP) + +/// \brief AdvancedProcessBlocks for 1 and 2 blocks +/// \tparam F1 function to process 1 64-bit block +/// \tparam F2 function to process 2 64-bit blocks +/// \tparam W word type of the subkey table +/// \details AdvancedProcessBlocks64_2x1_SSE processes 2 and 1 SSE SIMD words +/// at a time. +/// \details The subkey type is usually word32 or word64. F1 and F2 must use the +/// same word type. +template +inline size_t AdvancedProcessBlocks64_2x1_SSE(F1 func1, F2 func2, + MAYBE_CONST W *subKeys, size_t rounds, const byte *inBlocks, + const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + CRYPTOPP_ASSERT(subKeys); + CRYPTOPP_ASSERT(inBlocks); + CRYPTOPP_ASSERT(outBlocks); + CRYPTOPP_ASSERT(length >= 8); + + const size_t blockSize = 8; + const size_t xmmBlockSize = 16; + + size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : xmmBlockSize; + size_t xorIncrement = (xorBlocks != NULLPTR) ? xmmBlockSize : 0; + size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : xmmBlockSize; + + // Clang and Coverity are generating findings using xorBlocks as a flag. + const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + + if (flags & BT_ReverseDirection) + { + inBlocks = PtrAdd(inBlocks, length - xmmBlockSize); + xorBlocks = PtrAdd(xorBlocks, length - xmmBlockSize); + outBlocks = PtrAdd(outBlocks, length - xmmBlockSize); + inIncrement = 0-inIncrement; + xorIncrement = 0-xorIncrement; + outIncrement = 0-outIncrement; + } + + if (flags & BT_AllowParallel) + { + double temp[2]; + while (length >= 2*xmmBlockSize) + { + __m128i block0, block1; + if (flags & BT_InBlockIsCounter) + { + // Increment of 1 and 2 in big-endian compatible with the ctr byte array. + const __m128i s_one = _mm_set_epi32(1<<24, 0, 0, 0); + const __m128i s_two = _mm_set_epi32(2<<24, 0, 2<<24, 0); + + // For 64-bit block ciphers we need to load the CTR block, which is 8 bytes. + // After the dup load we have two counters in the XMM word. Then we need + // to increment the low ctr by 0 and the high ctr by 1. + std::memcpy(temp, inBlocks, blockSize); + block0 = _mm_add_epi32(s_one, _mm_castpd_si128(_mm_loaddup_pd(temp))); + + // After initial increment of {0,1} remaining counters increment by {2,2}. + block1 = _mm_add_epi32(s_two, block0); + + // Store the next counter. When BT_InBlockIsCounter is set then + // inBlocks is backed by m_counterArray which is non-const. + _mm_store_sd(temp, _mm_castsi128_pd(_mm_add_epi64(s_two, block1))); + std::memcpy(const_cast(inBlocks), temp, blockSize); + } + else + { + block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func2(block0, block1, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + _mm_storeu_si128(M128_CAST(outBlocks), block0); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block1); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 2*xmmBlockSize; + } + } + + if (length) + { + // Adjust to real block size + if (flags & BT_ReverseDirection) + { + inIncrement += inIncrement ? blockSize : 0; + xorIncrement += xorIncrement ? blockSize : 0; + outIncrement += outIncrement ? blockSize : 0; + inBlocks = PtrSub(inBlocks, inIncrement); + xorBlocks = PtrSub(xorBlocks, xorIncrement); + outBlocks = PtrSub(outBlocks, outIncrement); + } + else + { + inIncrement -= inIncrement ? blockSize : 0; + xorIncrement -= xorIncrement ? blockSize : 0; + outIncrement -= outIncrement ? blockSize : 0; + } + + while (length >= blockSize) + { + double temp[2]; + std::memcpy(temp, inBlocks, blockSize); + __m128i block = _mm_castpd_si128(_mm_load_sd(temp)); + + if (xorInput) + { + std::memcpy(temp, xorBlocks, blockSize); + block = _mm_xor_si128(block, _mm_castpd_si128(_mm_load_sd(temp))); + } + + if (flags & BT_InBlockIsCounter) + const_cast(inBlocks)[7]++; + + func1(block, subKeys, static_cast(rounds)); + + if (xorOutput) + { + std::memcpy(temp, xorBlocks, blockSize); + block = _mm_xor_si128(block, _mm_castpd_si128(_mm_load_sd(temp))); + } + + _mm_store_sd(temp, _mm_castsi128_pd(block)); + std::memcpy(outBlocks, temp, blockSize); + + inBlocks = PtrAdd(inBlocks, inIncrement); + outBlocks = PtrAdd(outBlocks, outIncrement); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + length -= blockSize; + } + } + + return length; +} + +/// \brief AdvancedProcessBlocks for 2 and 6 blocks +/// \tparam F2 function to process 2 64-bit blocks +/// \tparam F6 function to process 6 64-bit blocks +/// \tparam W word type of the subkey table +/// \details AdvancedProcessBlocks64_6x2_SSE processes 6 and 2 SSE SIMD words +/// at a time. For a single block the template uses F2 with a zero block. +/// \details The subkey type is usually word32 or word64. F2 and F6 must use the +/// same word type. +template +inline size_t AdvancedProcessBlocks64_6x2_SSE(F2 func2, F6 func6, + MAYBE_CONST W *subKeys, size_t rounds, const byte *inBlocks, + const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + CRYPTOPP_ASSERT(subKeys); + CRYPTOPP_ASSERT(inBlocks); + CRYPTOPP_ASSERT(outBlocks); + CRYPTOPP_ASSERT(length >= 8); + + const size_t blockSize = 8; + const size_t xmmBlockSize = 16; + + size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : xmmBlockSize; + size_t xorIncrement = (xorBlocks != NULLPTR) ? xmmBlockSize : 0; + size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : xmmBlockSize; + + // Clang and Coverity are generating findings using xorBlocks as a flag. + const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + + if (flags & BT_ReverseDirection) + { + inBlocks = PtrAdd(inBlocks, length - xmmBlockSize); + xorBlocks = PtrAdd(xorBlocks, length - xmmBlockSize); + outBlocks = PtrAdd(outBlocks, length - xmmBlockSize); + inIncrement = 0-inIncrement; + xorIncrement = 0-xorIncrement; + outIncrement = 0-outIncrement; + } + + if (flags & BT_AllowParallel) + { + double temp[2]; + while (length >= 6*xmmBlockSize) + { + __m128i block0, block1, block2, block3, block4, block5; + if (flags & BT_InBlockIsCounter) + { + // Increment of 1 and 2 in big-endian compatible with the ctr byte array. + const __m128i s_one = _mm_set_epi32(1<<24, 0, 0, 0); + const __m128i s_two = _mm_set_epi32(2<<24, 0, 2<<24, 0); + + // For 64-bit block ciphers we need to load the CTR block, which is 8 bytes. + // After the dup load we have two counters in the XMM word. Then we need + // to increment the low ctr by 0 and the high ctr by 1. + std::memcpy(temp, inBlocks, blockSize); + block0 = _mm_add_epi32(s_one, _mm_castpd_si128(_mm_loaddup_pd(temp))); + + // After initial increment of {0,1} remaining counters increment by {2,2}. + block1 = _mm_add_epi32(s_two, block0); + block2 = _mm_add_epi32(s_two, block1); + block3 = _mm_add_epi32(s_two, block2); + block4 = _mm_add_epi32(s_two, block3); + block5 = _mm_add_epi32(s_two, block4); + + // Store the next counter. When BT_InBlockIsCounter is set then + // inBlocks is backed by m_counterArray which is non-const. + _mm_store_sd(temp, _mm_castsi128_pd(_mm_add_epi32(s_two, block5))); + std::memcpy(const_cast(inBlocks), temp, blockSize); + } + else + { + block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block2 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block3 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block4 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block5 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = _mm_xor_si128(block2, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = _mm_xor_si128(block3, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block4 = _mm_xor_si128(block4, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block5 = _mm_xor_si128(block5, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func6(block0, block1, block2, block3, block4, block5, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = _mm_xor_si128(block2, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = _mm_xor_si128(block3, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block4 = _mm_xor_si128(block4, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block5 = _mm_xor_si128(block5, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + _mm_storeu_si128(M128_CAST(outBlocks), block0); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block1); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block2); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block3); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block4); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block5); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 6*xmmBlockSize; + } + + while (length >= 2*xmmBlockSize) + { + __m128i block0, block1; + if (flags & BT_InBlockIsCounter) + { + // Increment of 1 and 2 in big-endian compatible with the ctr byte array. + const __m128i s_one = _mm_set_epi32(1<<24, 0, 0, 0); + const __m128i s_two = _mm_set_epi32(2<<24, 0, 2<<24, 0); + + // For 64-bit block ciphers we need to load the CTR block, which is 8 bytes. + // After the dup load we have two counters in the XMM word. Then we need + // to increment the low ctr by 0 and the high ctr by 1. + std::memcpy(temp, inBlocks, blockSize); + block0 = _mm_add_epi32(s_one, _mm_castpd_si128(_mm_loaddup_pd(temp))); + + // After initial increment of {0,1} remaining counters increment by {2,2}. + block1 = _mm_add_epi32(s_two, block0); + + // Store the next counter. When BT_InBlockIsCounter is set then + // inBlocks is backed by m_counterArray which is non-const. + _mm_store_sd(temp, _mm_castsi128_pd(_mm_add_epi64(s_two, block1))); + std::memcpy(const_cast(inBlocks), temp, blockSize); + } + else + { + block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func2(block0, block1, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + _mm_storeu_si128(M128_CAST(outBlocks), block0); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block1); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 2*xmmBlockSize; + } + } + + if (length) + { + // Adjust to real block size + if (flags & BT_ReverseDirection) + { + inIncrement += inIncrement ? blockSize : 0; + xorIncrement += xorIncrement ? blockSize : 0; + outIncrement += outIncrement ? blockSize : 0; + inBlocks = PtrSub(inBlocks, inIncrement); + xorBlocks = PtrSub(xorBlocks, xorIncrement); + outBlocks = PtrSub(outBlocks, outIncrement); + } + else + { + inIncrement -= inIncrement ? blockSize : 0; + xorIncrement -= xorIncrement ? blockSize : 0; + outIncrement -= outIncrement ? blockSize : 0; + } + + while (length >= blockSize) + { + double temp[2]; + __m128i block, zero = _mm_setzero_si128(); + std::memcpy(temp, inBlocks, blockSize); + block = _mm_castpd_si128(_mm_load_sd(temp)); + + if (xorInput) + { + std::memcpy(temp, xorBlocks, blockSize); + block = _mm_xor_si128(block, + _mm_castpd_si128(_mm_load_sd(temp))); + } + + if (flags & BT_InBlockIsCounter) + const_cast(inBlocks)[7]++; + + func2(block, zero, subKeys, static_cast(rounds)); + + if (xorOutput) + { + std::memcpy(temp, xorBlocks, blockSize); + block = _mm_xor_si128(block, + _mm_castpd_si128(_mm_load_sd(temp))); + } + + _mm_store_sd(temp, _mm_castsi128_pd(block)); + std::memcpy(outBlocks, temp, blockSize); + + inBlocks = PtrAdd(inBlocks, inIncrement); + outBlocks = PtrAdd(outBlocks, outIncrement); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + length -= blockSize; + } + } + + return length; +} + +/// \brief AdvancedProcessBlocks for 2 and 6 blocks +/// \tparam F2 function to process 2 128-bit blocks +/// \tparam F6 function to process 6 128-bit blocks +/// \tparam W word type of the subkey table +/// \details AdvancedProcessBlocks128_6x2_SSE processes 6 and 2 SSE SIMD words +/// at a time. For a single block the template uses F2 with a zero block. +/// \details The subkey type is usually word32 or word64. F2 and F6 must use the +/// same word type. +template +inline size_t AdvancedProcessBlocks128_6x2_SSE(F2 func2, F6 func6, + MAYBE_CONST W *subKeys, size_t rounds, const byte *inBlocks, + const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + CRYPTOPP_ASSERT(subKeys); + CRYPTOPP_ASSERT(inBlocks); + CRYPTOPP_ASSERT(outBlocks); + CRYPTOPP_ASSERT(length >= 16); + + const size_t blockSize = 16; + // const size_t xmmBlockSize = 16; + + size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; + size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + + // Clang and Coverity are generating findings using xorBlocks as a flag. + const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + + if (flags & BT_ReverseDirection) + { + inBlocks = PtrAdd(inBlocks, length - blockSize); + xorBlocks = PtrAdd(xorBlocks, length - blockSize); + outBlocks = PtrAdd(outBlocks, length - blockSize); + inIncrement = 0-inIncrement; + xorIncrement = 0-xorIncrement; + outIncrement = 0-outIncrement; + } + + if (flags & BT_AllowParallel) + { + while (length >= 6*blockSize) + { + __m128i block0, block1, block2, block3, block4, block5; + if (flags & BT_InBlockIsCounter) + { + // Increment of 1 in big-endian compatible with the ctr byte array. + const __m128i s_one = _mm_set_epi32(1<<24, 0, 0, 0); + block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + block1 = _mm_add_epi32(block0, s_one); + block2 = _mm_add_epi32(block1, s_one); + block3 = _mm_add_epi32(block2, s_one); + block4 = _mm_add_epi32(block3, s_one); + block5 = _mm_add_epi32(block4, s_one); + _mm_storeu_si128(M128_CAST(inBlocks), _mm_add_epi32(block5, s_one)); + } + else + { + block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block2 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block3 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block4 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block5 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = _mm_xor_si128(block2, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = _mm_xor_si128(block3, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block4 = _mm_xor_si128(block4, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block5 = _mm_xor_si128(block5, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func6(block0, block1, block2, block3, block4, block5, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = _mm_xor_si128(block2, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = _mm_xor_si128(block3, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block4 = _mm_xor_si128(block4, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block5 = _mm_xor_si128(block5, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + _mm_storeu_si128(M128_CAST(outBlocks), block0); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block1); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block2); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block3); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block4); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block5); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 6*blockSize; + } + + while (length >= 2*blockSize) + { + __m128i block0, block1; + if (flags & BT_InBlockIsCounter) + { + // Increment of 1 in big-endian compatible with the ctr byte array. + const __m128i s_one = _mm_set_epi32(1<<24, 0, 0, 0); + block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + block1 = _mm_add_epi32(block0, s_one); + _mm_storeu_si128(M128_CAST(inBlocks), _mm_add_epi32(block1, s_one)); + } + else + { + block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func2(block0, block1, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + _mm_storeu_si128(M128_CAST(outBlocks), block0); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block1); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 2*blockSize; + } + } + + while (length >= blockSize) + { + __m128i block, zero = _mm_setzero_si128(); + block = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + + if (xorInput) + block = _mm_xor_si128(block, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + + if (flags & BT_InBlockIsCounter) + const_cast(inBlocks)[15]++; + + func2(block, zero, subKeys, static_cast(rounds)); + + if (xorOutput) + block = _mm_xor_si128(block, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + + _mm_storeu_si128(M128_CAST(outBlocks), block); + + inBlocks = PtrAdd(inBlocks, inIncrement); + outBlocks = PtrAdd(outBlocks, outIncrement); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + length -= blockSize; + } + + return length; +} + +/// \brief AdvancedProcessBlocks for 1 and 4 blocks +/// \tparam F1 function to process 1 128-bit block +/// \tparam F4 function to process 4 128-bit blocks +/// \tparam W word type of the subkey table +/// \details AdvancedProcessBlocks128_4x1_SSE processes 4 and 1 SSE SIMD words +/// at a time. +/// \details The subkey type is usually word32 or word64. F1 and F4 must use the +/// same word type. +template +inline size_t AdvancedProcessBlocks128_4x1_SSE(F1 func1, F4 func4, + MAYBE_CONST W *subKeys, size_t rounds, const byte *inBlocks, + const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + CRYPTOPP_ASSERT(subKeys); + CRYPTOPP_ASSERT(inBlocks); + CRYPTOPP_ASSERT(outBlocks); + CRYPTOPP_ASSERT(length >= 16); + + const size_t blockSize = 16; + // const size_t xmmBlockSize = 16; + + size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; + size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + + // Clang and Coverity are generating findings using xorBlocks as a flag. + const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + + if (flags & BT_ReverseDirection) + { + inBlocks = PtrAdd(inBlocks, length - blockSize); + xorBlocks = PtrAdd(xorBlocks, length - blockSize); + outBlocks = PtrAdd(outBlocks, length - blockSize); + inIncrement = 0-inIncrement; + xorIncrement = 0-xorIncrement; + outIncrement = 0-outIncrement; + } + + if (flags & BT_AllowParallel) + { + while (length >= 4*blockSize) + { + __m128i block0, block1, block2, block3; + if (flags & BT_InBlockIsCounter) + { + // Increment of 1 in big-endian compatible with the ctr byte array. + const __m128i s_one = _mm_set_epi32(1<<24, 0, 0, 0); + block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + block1 = _mm_add_epi32(block0, s_one); + block2 = _mm_add_epi32(block1, s_one); + block3 = _mm_add_epi32(block2, s_one); + _mm_storeu_si128(M128_CAST(inBlocks), _mm_add_epi32(block3, s_one)); + } + else + { + block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block2 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block3 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = _mm_xor_si128(block2, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = _mm_xor_si128(block3, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func4(block0, block1, block2, block3, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = _mm_xor_si128(block2, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = _mm_xor_si128(block3, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + _mm_storeu_si128(M128_CAST(outBlocks), block0); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block1); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block2); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block3); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 4*blockSize; + } + } + + while (length >= blockSize) + { + __m128i block = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + + if (xorInput) + block = _mm_xor_si128(block, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + + if (flags & BT_InBlockIsCounter) + const_cast(inBlocks)[15]++; + + func1(block, subKeys, static_cast(rounds)); + + if (xorOutput) + block = _mm_xor_si128(block, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + + _mm_storeu_si128(M128_CAST(outBlocks), block); + + inBlocks = PtrAdd(inBlocks, inIncrement); + outBlocks = PtrAdd(outBlocks, outIncrement); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + length -= blockSize; + } + + return length; +} + +/// \brief AdvancedProcessBlocks for 1 and 4 blocks +/// \tparam F1 function to process 1 64-bit block +/// \tparam F4 function to process 6 64-bit blocks +/// \tparam W word type of the subkey table +/// \details AdvancedProcessBlocks64_4x1_SSE processes 4 and 1 SSE SIMD words +/// at a time. +/// \details The subkey type is usually word32 or word64. F1 and F4 must use the +/// same word type. +template +inline size_t AdvancedProcessBlocks64_4x1_SSE(F1 func1, F4 func4, + MAYBE_CONST W *subKeys, size_t rounds, const byte *inBlocks, + const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + CRYPTOPP_ASSERT(subKeys); + CRYPTOPP_ASSERT(inBlocks); + CRYPTOPP_ASSERT(outBlocks); + CRYPTOPP_ASSERT(length >= 8); + + const size_t blockSize = 8; + const size_t xmmBlockSize = 16; + + size_t inIncrement = (flags & (BT_InBlockIsCounter | BT_DontIncrementInOutPointers)) ? 0 : xmmBlockSize; + size_t xorIncrement = (xorBlocks != NULLPTR) ? xmmBlockSize : 0; + size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : xmmBlockSize; + + // Clang and Coverity are generating findings using xorBlocks as a flag. + const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + + if (flags & BT_ReverseDirection) + { + inBlocks = PtrAdd(inBlocks, length - xmmBlockSize); + xorBlocks = PtrAdd(xorBlocks, length - xmmBlockSize); + outBlocks = PtrAdd(outBlocks, length - xmmBlockSize); + inIncrement = 0 - inIncrement; + xorIncrement = 0 - xorIncrement; + outIncrement = 0 - outIncrement; + } + + if (flags & BT_AllowParallel) + { + while (length >= 4*xmmBlockSize) + { + __m128i block0, block1, block2, block3; + if (flags & BT_InBlockIsCounter) + { + // Increment of 1 and 2 in big-endian compatible with the ctr byte array. + const __m128i s_one = _mm_set_epi32(1<<24, 0, 0, 0); + const __m128i s_two = _mm_set_epi32(2<<24, 0, 2<<24, 0); + double temp[2]; + + // For 64-bit block ciphers we need to load the CTR block, which is 8 bytes. + // After the dup load we have two counters in the XMM word. Then we need + // to increment the low ctr by 0 and the high ctr by 1. + std::memcpy(temp, inBlocks, blockSize); + block0 = _mm_add_epi32(s_one, _mm_castpd_si128(_mm_loaddup_pd(temp))); + + // After initial increment of {0,1} remaining counters increment by {2,2}. + block1 = _mm_add_epi32(s_two, block0); + block2 = _mm_add_epi32(s_two, block1); + block3 = _mm_add_epi32(s_two, block2); + + // Store the next counter. When BT_InBlockIsCounter is set then + // inBlocks is backed by m_counterArray which is non-const. + _mm_store_sd(temp, _mm_castsi128_pd(_mm_add_epi64(s_two, block3))); + std::memcpy(const_cast(inBlocks), temp, blockSize); + } + else + { + block0 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block2 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + block3 = _mm_loadu_si128(CONST_M128_CAST(inBlocks)); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = _mm_xor_si128(block2, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = _mm_xor_si128(block3, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func4(block0, block1, block2, block3, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = _mm_xor_si128(block0, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = _mm_xor_si128(block1, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = _mm_xor_si128(block2, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = _mm_xor_si128(block3, _mm_loadu_si128(CONST_M128_CAST(xorBlocks))); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + _mm_storeu_si128(M128_CAST(outBlocks), block0); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block1); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block2); + outBlocks = PtrAdd(outBlocks, outIncrement); + _mm_storeu_si128(M128_CAST(outBlocks), block3); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 4*xmmBlockSize; + } + } + + if (length) + { + // Adjust to real block size + if (flags & BT_ReverseDirection) + { + inIncrement += inIncrement ? blockSize : 0; + xorIncrement += xorIncrement ? blockSize : 0; + outIncrement += outIncrement ? blockSize : 0; + inBlocks = PtrSub(inBlocks, inIncrement); + xorBlocks = PtrSub(xorBlocks, xorIncrement); + outBlocks = PtrSub(outBlocks, outIncrement); + } + else + { + inIncrement -= inIncrement ? blockSize : 0; + xorIncrement -= xorIncrement ? blockSize : 0; + outIncrement -= outIncrement ? blockSize : 0; + } + + while (length >= blockSize) + { + double temp[2]; + std::memcpy(temp, inBlocks, blockSize); + __m128i block = _mm_castpd_si128(_mm_load_sd(temp)); + + if (xorInput) + { + std::memcpy(temp, xorBlocks, blockSize); + block = _mm_xor_si128(block, _mm_castpd_si128(_mm_load_sd(temp))); + } + + if (flags & BT_InBlockIsCounter) + const_cast(inBlocks)[7]++; + + func1(block, subKeys, static_cast(rounds)); + + if (xorOutput) + { + std::memcpy(temp, xorBlocks, blockSize); + block = _mm_xor_si128(block, _mm_castpd_si128(_mm_load_sd(temp))); + } + + _mm_store_sd(temp, _mm_castsi128_pd(block)); + std::memcpy(outBlocks, temp, blockSize); + + inBlocks = PtrAdd(inBlocks, inIncrement); + outBlocks = PtrAdd(outBlocks, outIncrement); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + length -= blockSize; + } + } + + return length; +} + +NAMESPACE_END // CryptoPP + +#endif // CRYPTOPP_SSSE3_AVAILABLE + +// *********************** Altivec/Power 4 ********************** // + +#if defined(__ALTIVEC__) + +NAMESPACE_BEGIN(CryptoPP) + +/// \brief AdvancedProcessBlocks for 2 and 6 blocks +/// \tparam F2 function to process 2 128-bit blocks +/// \tparam F6 function to process 6 128-bit blocks +/// \tparam W word type of the subkey table +/// \details AdvancedProcessBlocks64_6x2_Altivec processes 6 and 2 Altivec SIMD words +/// at a time. For a single block the template uses F2 with a zero block. +/// \details The subkey type is usually word32 or word64. F2 and F6 must use the +/// same word type. +template +inline size_t AdvancedProcessBlocks64_6x2_ALTIVEC(F2 func2, F6 func6, + const W *subKeys, size_t rounds, const byte *inBlocks, + const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + CRYPTOPP_ASSERT(subKeys); + CRYPTOPP_ASSERT(inBlocks); + CRYPTOPP_ASSERT(outBlocks); + CRYPTOPP_ASSERT(length >= 8); + +#if (CRYPTOPP_LITTLE_ENDIAN) + enum {LowOffset=8, HighOffset=0}; + const uint32x4_p s_one = {1,0,0,0}; + const uint32x4_p s_two = {2,0,2,0}; +#else + enum {LowOffset=8, HighOffset=0}; + const uint32x4_p s_one = {0,0,0,1}; + const uint32x4_p s_two = {0,2,0,2}; +#endif + + const size_t blockSize = 8; + const size_t vsxBlockSize = 16; + CRYPTOPP_ALIGN_DATA(16) uint8_t temp[16]; + + size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : vsxBlockSize; + size_t xorIncrement = (xorBlocks != NULLPTR) ? vsxBlockSize : 0; + size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : vsxBlockSize; + + // Clang and Coverity are generating findings using xorBlocks as a flag. + const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + + if (flags & BT_ReverseDirection) + { + inBlocks = PtrAdd(inBlocks, length - vsxBlockSize); + xorBlocks = PtrAdd(xorBlocks, length - vsxBlockSize); + outBlocks = PtrAdd(outBlocks, length - vsxBlockSize); + inIncrement = 0-inIncrement; + xorIncrement = 0-xorIncrement; + outIncrement = 0-outIncrement; + } + + if (flags & BT_AllowParallel) + { + while (length >= 6*vsxBlockSize) + { + uint32x4_p block0, block1, block2, block3, block4, block5; + if (flags & BT_InBlockIsCounter) + { + // There is no easy way to load 8-bytes into a vector. It is + // even harder without POWER8 due to lack of 64-bit elements. + std::memcpy(temp+LowOffset, inBlocks, 8); + std::memcpy(temp+HighOffset, inBlocks, 8); + uint32x4_p ctr = (uint32x4_p)VecLoadBE(temp); + + // For 64-bit block ciphers we need to load the CTR block, + // which is 8 bytes. After the dup load we have two counters + // in the Altivec word. Then we need to increment the low ctr + // by 0 and the high ctr by 1. + block0 = VecAdd(s_one, ctr); + + // After initial increment of {0,1} remaining counters + // increment by {2,2}. + block1 = VecAdd(s_two, block0); + block2 = VecAdd(s_two, block1); + block3 = VecAdd(s_two, block2); + block4 = VecAdd(s_two, block3); + block5 = VecAdd(s_two, block4); + + // Update the counter in the caller. + const_cast(inBlocks)[7] += 12; + } + else + { + block0 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + block2 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + block3 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + block4 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + block5 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = VecXor(block0, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = VecXor(block1, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = VecXor(block2, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = VecXor(block3, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block4 = VecXor(block4, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block5 = VecXor(block5, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func6(block0, block1, block2, block3, block4, block5, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = VecXor(block0, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = VecXor(block1, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = VecXor(block2, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = VecXor(block3, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block4 = VecXor(block4, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block5 = VecXor(block5, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + VecStoreBE(block0, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + VecStoreBE(block1, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + VecStoreBE(block2, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + VecStoreBE(block3, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + VecStoreBE(block4, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + VecStoreBE(block5, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 6*vsxBlockSize; + } + + while (length >= 2*vsxBlockSize) + { + uint32x4_p block0, block1; + if (flags & BT_InBlockIsCounter) + { + // There is no easy way to load 8-bytes into a vector. It is + // even harder without POWER8 due to lack of 64-bit elements. + std::memcpy(temp+LowOffset, inBlocks, 8); + std::memcpy(temp+HighOffset, inBlocks, 8); + uint32x4_p ctr = (uint32x4_p)VecLoadBE(temp); + + // For 64-bit block ciphers we need to load the CTR block, + // which is 8 bytes. After the dup load we have two counters + // in the Altivec word. Then we need to increment the low ctr + // by 0 and the high ctr by 1. + block0 = VecAdd(s_one, ctr); + + // After initial increment of {0,1} remaining counters + // increment by {2,2}. + block1 = VecAdd(s_two, block0); + + // Update the counter in the caller. + const_cast(inBlocks)[7] += 4; + } + else + { + block0 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = VecXor(block0, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = VecXor(block1, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func2(block0, block1, subKeys, static_cast(rounds)); + + if (xorOutput) + { + block0 = VecXor(block0, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = VecXor(block1, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + VecStoreBE(block0, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + VecStoreBE(block1, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 2*vsxBlockSize; + } + } + + if (length) + { + // Adjust to real block size + if (flags & BT_ReverseDirection) + { + inIncrement += inIncrement ? blockSize : 0; + xorIncrement += xorIncrement ? blockSize : 0; + outIncrement += outIncrement ? blockSize : 0; + inBlocks = PtrSub(inBlocks, inIncrement); + xorBlocks = PtrSub(xorBlocks, xorIncrement); + outBlocks = PtrSub(outBlocks, outIncrement); + } + else + { + inIncrement -= inIncrement ? blockSize : 0; + xorIncrement -= xorIncrement ? blockSize : 0; + outIncrement -= outIncrement ? blockSize : 0; + } + + while (length >= blockSize) + { + uint32x4_p block, zero = {0}; + + // There is no easy way to load 8-bytes into a vector. It is + // even harder without POWER8 due to lack of 64-bit elements. + // The high 8 bytes are "don't care" but it if we don't + // initialize the block then it generates warnings. + std::memcpy(temp+LowOffset, inBlocks, 8); + std::memcpy(temp+HighOffset, inBlocks, 8); // don't care + block = (uint32x4_p)VecLoadBE(temp); + + if (xorInput) + { + std::memcpy(temp+LowOffset, xorBlocks, 8); + std::memcpy(temp+HighOffset, xorBlocks, 8); // don't care + uint32x4_p x = (uint32x4_p)VecLoadBE(temp); + block = VecXor(block, x); + } + + // Update the counter in the caller. + if (flags & BT_InBlockIsCounter) + const_cast(inBlocks)[7]++; + + func2(block, zero, subKeys, static_cast(rounds)); + + if (xorOutput) + { + std::memcpy(temp+LowOffset, xorBlocks, 8); + std::memcpy(temp+HighOffset, xorBlocks, 8); // don't care + uint32x4_p x = (uint32x4_p)VecLoadBE(temp); + block = VecXor(block, x); + } + + VecStoreBE(block, temp); + std::memcpy(outBlocks, temp+LowOffset, 8); + + inBlocks = PtrAdd(inBlocks, inIncrement); + outBlocks = PtrAdd(outBlocks, outIncrement); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + length -= blockSize; + } + } + + return length; +} + +/// \brief AdvancedProcessBlocks for 1 and 4 blocks +/// \tparam F1 function to process 1 128-bit block +/// \tparam F4 function to process 4 128-bit blocks +/// \tparam W word type of the subkey table +/// \details AdvancedProcessBlocks128_4x1_ALTIVEC processes 4 and 1 Altivec SIMD words +/// at a time. +/// \details The subkey type is usually word32 or word64. F1 and F4 must use the +/// same word type. +template +inline size_t AdvancedProcessBlocks128_4x1_ALTIVEC(F1 func1, F4 func4, + const W *subKeys, size_t rounds, const byte *inBlocks, + const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + CRYPTOPP_ASSERT(subKeys); + CRYPTOPP_ASSERT(inBlocks); + CRYPTOPP_ASSERT(outBlocks); + CRYPTOPP_ASSERT(length >= 16); + +#if (CRYPTOPP_LITTLE_ENDIAN) + const uint32x4_p s_one = {1,0,0,0}; +#else + const uint32x4_p s_one = {0,0,0,1}; +#endif + + const size_t blockSize = 16; + // const size_t vsxBlockSize = 16; + + size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; + size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + + // Clang and Coverity are generating findings using xorBlocks as a flag. + const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + + if (flags & BT_ReverseDirection) + { + inBlocks = PtrAdd(inBlocks, length - blockSize); + xorBlocks = PtrAdd(xorBlocks, length - blockSize); + outBlocks = PtrAdd(outBlocks, length - blockSize); + inIncrement = 0-inIncrement; + xorIncrement = 0-xorIncrement; + outIncrement = 0-outIncrement; + } + + if (flags & BT_AllowParallel) + { + while (length >= 4*blockSize) + { + uint32x4_p block0, block1, block2, block3; + + if (flags & BT_InBlockIsCounter) + { + block0 = VecLoadBE(inBlocks); + block1 = VecAdd(block0, s_one); + block2 = VecAdd(block1, s_one); + block3 = VecAdd(block2, s_one); + + // Hack due to big-endian loads used by POWER8 (and maybe ARM-BE). + // CTR_ModePolicy::OperateKeystream is wired such that after + // returning from this function CTR_ModePolicy will detect wrap on + // on the last counter byte and increment the next to last byte. + // The problem is, with a big-endian load, inBlocks[15] is really + // located at index 15. The vector addition using a 32-bit element + // generates a carry into inBlocks[14] and then CTR_ModePolicy + // increments inBlocks[14] too. + const_cast(inBlocks)[15] += 6; + } + else + { + block0 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + block2 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + block3 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = VecXor(block0, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = VecXor(block1, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = VecXor(block2, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = VecXor(block3, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func4(block0, block1, block2, block3, subKeys, rounds); + + if (xorOutput) + { + block0 = VecXor(block0, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = VecXor(block1, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = VecXor(block2, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = VecXor(block3, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + VecStoreBE(block0, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + VecStoreBE(block1, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + VecStoreBE(block2, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + VecStoreBE(block3, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 4*blockSize; + } + } + + while (length >= blockSize) + { + uint32x4_p block = VecLoadBE(inBlocks); + + if (xorInput) + block = VecXor(block, VecLoadBE(xorBlocks)); + + if (flags & BT_InBlockIsCounter) + const_cast(inBlocks)[15]++; + + func1(block, subKeys, rounds); + + if (xorOutput) + block = VecXor(block, VecLoadBE(xorBlocks)); + + VecStoreBE(block, outBlocks); + + inBlocks = PtrAdd(inBlocks, inIncrement); + outBlocks = PtrAdd(outBlocks, outIncrement); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + length -= blockSize; + } + + return length; +} + +/// \brief AdvancedProcessBlocks for 1 and 6 blocks +/// \tparam F1 function to process 1 128-bit block +/// \tparam F6 function to process 6 128-bit blocks +/// \tparam W word type of the subkey table +/// \details AdvancedProcessBlocks128_6x1_ALTIVEC processes 6 and 1 Altivec SIMD words +/// at a time. +/// \details The subkey type is usually word32 or word64. F1 and F6 must use the +/// same word type. +template +inline size_t AdvancedProcessBlocks128_6x1_ALTIVEC(F1 func1, F6 func6, + const W *subKeys, size_t rounds, const byte *inBlocks, + const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + CRYPTOPP_ASSERT(subKeys); + CRYPTOPP_ASSERT(inBlocks); + CRYPTOPP_ASSERT(outBlocks); + CRYPTOPP_ASSERT(length >= 16); + +#if (CRYPTOPP_LITTLE_ENDIAN) + const uint32x4_p s_one = {1,0,0,0}; +#else + const uint32x4_p s_one = {0,0,0,1}; +#endif + + const size_t blockSize = 16; + // const size_t vsxBlockSize = 16; + + size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t xorIncrement = (xorBlocks != NULLPTR) ? blockSize : 0; + size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + + // Clang and Coverity are generating findings using xorBlocks as a flag. + const bool xorInput = (xorBlocks != NULLPTR) && (flags & BT_XorInput); + const bool xorOutput = (xorBlocks != NULLPTR) && !(flags & BT_XorInput); + + if (flags & BT_ReverseDirection) + { + inBlocks = PtrAdd(inBlocks, length - blockSize); + xorBlocks = PtrAdd(xorBlocks, length - blockSize); + outBlocks = PtrAdd(outBlocks, length - blockSize); + inIncrement = 0-inIncrement; + xorIncrement = 0-xorIncrement; + outIncrement = 0-outIncrement; + } + + if (flags & BT_AllowParallel) + { + while (length >= 6*blockSize) + { + uint32x4_p block0, block1, block2, block3, block4, block5; + + if (flags & BT_InBlockIsCounter) + { + block0 = VecLoadBE(inBlocks); + block1 = VecAdd(block0, s_one); + block2 = VecAdd(block1, s_one); + block3 = VecAdd(block2, s_one); + block4 = VecAdd(block3, s_one); + block5 = VecAdd(block4, s_one); + + // Hack due to big-endian loads used by POWER8 (and maybe ARM-BE). + // CTR_ModePolicy::OperateKeystream is wired such that after + // returning from this function CTR_ModePolicy will detect wrap on + // on the last counter byte and increment the next to last byte. + // The problem is, with a big-endian load, inBlocks[15] is really + // located at index 15. The vector addition using a 32-bit element + // generates a carry into inBlocks[14] and then CTR_ModePolicy + // increments inBlocks[14] too. + // + // To find this bug we needed a test case with a ctr of 0xNN...FA. + // The last octet is 0xFA and adding 6 creates the wrap to trigger + // the issue. If the last octet was 0xFC then 4 would trigger it. + // We dumb-lucked into the test with SPECK-128. The test case of + // interest is the one with IV 348ECA9766C09F04 826520DE47A212FA. + uint8x16_p temp = VecAdd((uint8x16_p)block5, (uint8x16_p)s_one); + VecStoreBE(temp, const_cast(inBlocks)); + } + else + { + block0 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + block1 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + block2 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + block3 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + block4 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + block5 = VecLoadBE(inBlocks); + inBlocks = PtrAdd(inBlocks, inIncrement); + } + + if (xorInput) + { + block0 = VecXor(block0, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = VecXor(block1, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = VecXor(block2, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = VecXor(block3, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block4 = VecXor(block4, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block5 = VecXor(block5, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + func6(block0, block1, block2, block3, block4, block5, subKeys, rounds); + + if (xorOutput) + { + block0 = VecXor(block0, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block1 = VecXor(block1, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block2 = VecXor(block2, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block3 = VecXor(block3, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block4 = VecXor(block4, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + block5 = VecXor(block5, VecLoadBE(xorBlocks)); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + } + + VecStoreBE(block0, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + VecStoreBE(block1, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + VecStoreBE(block2, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + VecStoreBE(block3, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + VecStoreBE(block4, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + VecStoreBE(block5, outBlocks); + outBlocks = PtrAdd(outBlocks, outIncrement); + + length -= 6*blockSize; + } + } + + while (length >= blockSize) + { + uint32x4_p block = VecLoadBE(inBlocks); + + if (xorInput) + block = VecXor(block, VecLoadBE(xorBlocks)); + + if (flags & BT_InBlockIsCounter) + const_cast(inBlocks)[15]++; + + func1(block, subKeys, rounds); + + if (xorOutput) + block = VecXor(block, VecLoadBE(xorBlocks)); + + VecStoreBE(block, outBlocks); + + inBlocks = PtrAdd(inBlocks, inIncrement); + outBlocks = PtrAdd(outBlocks, outIncrement); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); + length -= blockSize; + } + + return length; +} + +NAMESPACE_END // CryptoPP + +#endif // __ALTIVEC__ + +#endif // CRYPTOPP_ADVANCED_SIMD_TEMPLATES diff --git a/vendor/cryptopp/vendor_cryptopp/aes_armv4.S b/vendor/cryptopp/vendor_cryptopp/aes_armv4.S new file mode 100644 index 00000000..fb4ec468 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/aes_armv4.S @@ -0,0 +1,1242 @@ +@ Copyright 2007-2018 The OpenSSL Project Authors. All Rights Reserved. +@ +@ ==================================================================== +@ Written by Andy Polyakov for the OpenSSL +@ project. The module is, however, dual licensed under OpenSSL and +@ CRYPTOGAMS licenses depending on where you obtain it. For further +@ details see http://www.openssl.org/~appro/cryptogams/. +@ ==================================================================== + +@ AES for ARMv4 + +@ January 2007. +@ +@ Code uses single 1K S-box and is >2 times faster than code generated +@ by gcc-3.4.1. This is thanks to unique feature of ARMv4 ISA, which +@ allows to merge logical or arithmetic operation with shift or rotate +@ in one instruction and emit combined result every cycle. The module +@ is endian-neutral. The performance is ~42 cycles/byte for 128-bit +@ key [on single-issue Xscale PXA250 core]. + +@ May 2007. +@ +@ AES_set_[en|de]crypt_key is added. + +@ July 2010. +@ +@ Rescheduling for dual-issue pipeline resulted in 12% improvement on +@ Cortex A8 core and ~25 cycles per byte processed with 128-bit key. + +@ February 2011. +@ +@ Profiler-assisted and platform-specific optimization resulted in 16% +@ improvement on Cortex A8 core and ~21.5 cycles per byte. + +@ JW, JUL 2018: Begin defines from taken from arm_arch.h +@ The defines were included through the header. + +# if !defined(__ARM_ARCH__) +# if defined(__CC_ARM) +# define __ARM_ARCH__ __TARGET_ARCH_ARM +# if defined(__BIG_ENDIAN) +# define __ARMEB__ +# else +# define __ARMEL__ +# endif +# elif defined(__GNUC__) +# if defined(__aarch64__) +# define __ARM_ARCH__ 8 +# if __BYTE_ORDER__==__ORDER_BIG_ENDIAN__ +# define __ARMEB__ +# else +# define __ARMEL__ +# endif + +# elif defined(__ARM_ARCH) +# define __ARM_ARCH__ __ARM_ARCH +# elif defined(__ARM_ARCH_8A__) +# define __ARM_ARCH__ 8 +# elif defined(__ARM_ARCH_7__) || defined(__ARM_ARCH_7A__) || \ + defined(__ARM_ARCH_7R__)|| defined(__ARM_ARCH_7M__) || \ + defined(__ARM_ARCH_7EM__) +# define __ARM_ARCH__ 7 +# elif defined(__ARM_ARCH_6__) || defined(__ARM_ARCH_6J__) || \ + defined(__ARM_ARCH_6K__)|| defined(__ARM_ARCH_6M__) || \ + defined(__ARM_ARCH_6Z__)|| defined(__ARM_ARCH_6ZK__) || \ + defined(__ARM_ARCH_6T2__) +# define __ARM_ARCH__ 6 +# elif defined(__ARM_ARCH_5__) || defined(__ARM_ARCH_5T__) || \ + defined(__ARM_ARCH_5E__)|| defined(__ARM_ARCH_5TE__) || \ + defined(__ARM_ARCH_5TEJ__) +# define __ARM_ARCH__ 5 +# elif defined(__ARM_ARCH_4__) || defined(__ARM_ARCH_4T__) +# define __ARM_ARCH__ 4 +# else +# error "unsupported ARM architecture" +# endif +# endif +# endif + +# if !defined(__ARM_MAX_ARCH__) +# define __ARM_MAX_ARCH__ __ARM_ARCH__ +# endif + +# if __ARM_MAX_ARCH__<__ARM_ARCH__ +# error "__ARM_MAX_ARCH__ can't be less than __ARM_ARCH__" +# elif __ARM_MAX_ARCH__!=__ARM_ARCH__ +# if __ARM_ARCH__<7 && __ARM_MAX_ARCH__>=7 && defined(__ARMEB__) +# error "can't build universal big-endian binary" +# endif +# endif + +@ JW, JUL 2018: End defines from taken from arm_arch.h +@ Back to original Cryptogams code + +.text +#if defined(__thumb2__) && !defined(__APPLE__) +.syntax unified +.thumb +#else +.code 32 +#undef __thumb2__ +#endif + +.type AES_Te,%object +.align 5 +AES_Te: +.word 0xc66363a5, 0xf87c7c84, 0xee777799, 0xf67b7b8d +.word 0xfff2f20d, 0xd66b6bbd, 0xde6f6fb1, 0x91c5c554 +.word 0x60303050, 0x02010103, 0xce6767a9, 0x562b2b7d +.word 0xe7fefe19, 0xb5d7d762, 0x4dababe6, 0xec76769a +.word 0x8fcaca45, 0x1f82829d, 0x89c9c940, 0xfa7d7d87 +.word 0xeffafa15, 0xb25959eb, 0x8e4747c9, 0xfbf0f00b +.word 0x41adadec, 0xb3d4d467, 0x5fa2a2fd, 0x45afafea +.word 0x239c9cbf, 0x53a4a4f7, 0xe4727296, 0x9bc0c05b +.word 0x75b7b7c2, 0xe1fdfd1c, 0x3d9393ae, 0x4c26266a +.word 0x6c36365a, 0x7e3f3f41, 0xf5f7f702, 0x83cccc4f +.word 0x6834345c, 0x51a5a5f4, 0xd1e5e534, 0xf9f1f108 +.word 0xe2717193, 0xabd8d873, 0x62313153, 0x2a15153f +.word 0x0804040c, 0x95c7c752, 0x46232365, 0x9dc3c35e +.word 0x30181828, 0x379696a1, 0x0a05050f, 0x2f9a9ab5 +.word 0x0e070709, 0x24121236, 0x1b80809b, 0xdfe2e23d +.word 0xcdebeb26, 0x4e272769, 0x7fb2b2cd, 0xea75759f +.word 0x1209091b, 0x1d83839e, 0x582c2c74, 0x341a1a2e +.word 0x361b1b2d, 0xdc6e6eb2, 0xb45a5aee, 0x5ba0a0fb +.word 0xa45252f6, 0x763b3b4d, 0xb7d6d661, 0x7db3b3ce +.word 0x5229297b, 0xdde3e33e, 0x5e2f2f71, 0x13848497 +.word 0xa65353f5, 0xb9d1d168, 0x00000000, 0xc1eded2c +.word 0x40202060, 0xe3fcfc1f, 0x79b1b1c8, 0xb65b5bed +.word 0xd46a6abe, 0x8dcbcb46, 0x67bebed9, 0x7239394b +.word 0x944a4ade, 0x984c4cd4, 0xb05858e8, 0x85cfcf4a +.word 0xbbd0d06b, 0xc5efef2a, 0x4faaaae5, 0xedfbfb16 +.word 0x864343c5, 0x9a4d4dd7, 0x66333355, 0x11858594 +.word 0x8a4545cf, 0xe9f9f910, 0x04020206, 0xfe7f7f81 +.word 0xa05050f0, 0x783c3c44, 0x259f9fba, 0x4ba8a8e3 +.word 0xa25151f3, 0x5da3a3fe, 0x804040c0, 0x058f8f8a +.word 0x3f9292ad, 0x219d9dbc, 0x70383848, 0xf1f5f504 +.word 0x63bcbcdf, 0x77b6b6c1, 0xafdada75, 0x42212163 +.word 0x20101030, 0xe5ffff1a, 0xfdf3f30e, 0xbfd2d26d +.word 0x81cdcd4c, 0x180c0c14, 0x26131335, 0xc3ecec2f +.word 0xbe5f5fe1, 0x359797a2, 0x884444cc, 0x2e171739 +.word 0x93c4c457, 0x55a7a7f2, 0xfc7e7e82, 0x7a3d3d47 +.word 0xc86464ac, 0xba5d5de7, 0x3219192b, 0xe6737395 +.word 0xc06060a0, 0x19818198, 0x9e4f4fd1, 0xa3dcdc7f +.word 0x44222266, 0x542a2a7e, 0x3b9090ab, 0x0b888883 +.word 0x8c4646ca, 0xc7eeee29, 0x6bb8b8d3, 0x2814143c +.word 0xa7dede79, 0xbc5e5ee2, 0x160b0b1d, 0xaddbdb76 +.word 0xdbe0e03b, 0x64323256, 0x743a3a4e, 0x140a0a1e +.word 0x924949db, 0x0c06060a, 0x4824246c, 0xb85c5ce4 +.word 0x9fc2c25d, 0xbdd3d36e, 0x43acacef, 0xc46262a6 +.word 0x399191a8, 0x319595a4, 0xd3e4e437, 0xf279798b +.word 0xd5e7e732, 0x8bc8c843, 0x6e373759, 0xda6d6db7 +.word 0x018d8d8c, 0xb1d5d564, 0x9c4e4ed2, 0x49a9a9e0 +.word 0xd86c6cb4, 0xac5656fa, 0xf3f4f407, 0xcfeaea25 +.word 0xca6565af, 0xf47a7a8e, 0x47aeaee9, 0x10080818 +.word 0x6fbabad5, 0xf0787888, 0x4a25256f, 0x5c2e2e72 +.word 0x381c1c24, 0x57a6a6f1, 0x73b4b4c7, 0x97c6c651 +.word 0xcbe8e823, 0xa1dddd7c, 0xe874749c, 0x3e1f1f21 +.word 0x964b4bdd, 0x61bdbddc, 0x0d8b8b86, 0x0f8a8a85 +.word 0xe0707090, 0x7c3e3e42, 0x71b5b5c4, 0xcc6666aa +.word 0x904848d8, 0x06030305, 0xf7f6f601, 0x1c0e0e12 +.word 0xc26161a3, 0x6a35355f, 0xae5757f9, 0x69b9b9d0 +.word 0x17868691, 0x99c1c158, 0x3a1d1d27, 0x279e9eb9 +.word 0xd9e1e138, 0xebf8f813, 0x2b9898b3, 0x22111133 +.word 0xd26969bb, 0xa9d9d970, 0x078e8e89, 0x339494a7 +.word 0x2d9b9bb6, 0x3c1e1e22, 0x15878792, 0xc9e9e920 +.word 0x87cece49, 0xaa5555ff, 0x50282878, 0xa5dfdf7a +.word 0x038c8c8f, 0x59a1a1f8, 0x09898980, 0x1a0d0d17 +.word 0x65bfbfda, 0xd7e6e631, 0x844242c6, 0xd06868b8 +.word 0x824141c3, 0x299999b0, 0x5a2d2d77, 0x1e0f0f11 +.word 0x7bb0b0cb, 0xa85454fc, 0x6dbbbbd6, 0x2c16163a +@ Te4[256] +.byte 0x63, 0x7c, 0x77, 0x7b, 0xf2, 0x6b, 0x6f, 0xc5 +.byte 0x30, 0x01, 0x67, 0x2b, 0xfe, 0xd7, 0xab, 0x76 +.byte 0xca, 0x82, 0xc9, 0x7d, 0xfa, 0x59, 0x47, 0xf0 +.byte 0xad, 0xd4, 0xa2, 0xaf, 0x9c, 0xa4, 0x72, 0xc0 +.byte 0xb7, 0xfd, 0x93, 0x26, 0x36, 0x3f, 0xf7, 0xcc +.byte 0x34, 0xa5, 0xe5, 0xf1, 0x71, 0xd8, 0x31, 0x15 +.byte 0x04, 0xc7, 0x23, 0xc3, 0x18, 0x96, 0x05, 0x9a +.byte 0x07, 0x12, 0x80, 0xe2, 0xeb, 0x27, 0xb2, 0x75 +.byte 0x09, 0x83, 0x2c, 0x1a, 0x1b, 0x6e, 0x5a, 0xa0 +.byte 0x52, 0x3b, 0xd6, 0xb3, 0x29, 0xe3, 0x2f, 0x84 +.byte 0x53, 0xd1, 0x00, 0xed, 0x20, 0xfc, 0xb1, 0x5b +.byte 0x6a, 0xcb, 0xbe, 0x39, 0x4a, 0x4c, 0x58, 0xcf +.byte 0xd0, 0xef, 0xaa, 0xfb, 0x43, 0x4d, 0x33, 0x85 +.byte 0x45, 0xf9, 0x02, 0x7f, 0x50, 0x3c, 0x9f, 0xa8 +.byte 0x51, 0xa3, 0x40, 0x8f, 0x92, 0x9d, 0x38, 0xf5 +.byte 0xbc, 0xb6, 0xda, 0x21, 0x10, 0xff, 0xf3, 0xd2 +.byte 0xcd, 0x0c, 0x13, 0xec, 0x5f, 0x97, 0x44, 0x17 +.byte 0xc4, 0xa7, 0x7e, 0x3d, 0x64, 0x5d, 0x19, 0x73 +.byte 0x60, 0x81, 0x4f, 0xdc, 0x22, 0x2a, 0x90, 0x88 +.byte 0x46, 0xee, 0xb8, 0x14, 0xde, 0x5e, 0x0b, 0xdb +.byte 0xe0, 0x32, 0x3a, 0x0a, 0x49, 0x06, 0x24, 0x5c +.byte 0xc2, 0xd3, 0xac, 0x62, 0x91, 0x95, 0xe4, 0x79 +.byte 0xe7, 0xc8, 0x37, 0x6d, 0x8d, 0xd5, 0x4e, 0xa9 +.byte 0x6c, 0x56, 0xf4, 0xea, 0x65, 0x7a, 0xae, 0x08 +.byte 0xba, 0x78, 0x25, 0x2e, 0x1c, 0xa6, 0xb4, 0xc6 +.byte 0xe8, 0xdd, 0x74, 0x1f, 0x4b, 0xbd, 0x8b, 0x8a +.byte 0x70, 0x3e, 0xb5, 0x66, 0x48, 0x03, 0xf6, 0x0e +.byte 0x61, 0x35, 0x57, 0xb9, 0x86, 0xc1, 0x1d, 0x9e +.byte 0xe1, 0xf8, 0x98, 0x11, 0x69, 0xd9, 0x8e, 0x94 +.byte 0x9b, 0x1e, 0x87, 0xe9, 0xce, 0x55, 0x28, 0xdf +.byte 0x8c, 0xa1, 0x89, 0x0d, 0xbf, 0xe6, 0x42, 0x68 +.byte 0x41, 0x99, 0x2d, 0x0f, 0xb0, 0x54, 0xbb, 0x16 +@ rcon[] +.word 0x01000000, 0x02000000, 0x04000000, 0x08000000 +.word 0x10000000, 0x20000000, 0x40000000, 0x80000000 +.word 0x1B000000, 0x36000000, 0, 0, 0, 0, 0, 0 +.size AES_Te,.-AES_Te + +@ void AES_encrypt(const unsigned char *in, unsigned char *out, +@ const AES_KEY *key) { +.globl AES_encrypt +.type AES_encrypt,%function +.align 5 +AES_encrypt: +#ifndef __thumb2__ + sub r3,pc,#8 @ AES_encrypt +#else + adr r3,. +#endif + stmdb sp!,{r1,r4-r12,lr} +#if defined(__thumb2__) || defined(__APPLE__) + adr r10,AES_Te +#else + sub r10,r3,#AES_encrypt-AES_Te @ Te +#endif + mov r12,r0 @ inp + mov r11,r2 +#if __ARM_ARCH__<7 + ldrb r0,[r12,#3] @ load input data in endian-neutral + ldrb r4,[r12,#2] @ manner... + ldrb r5,[r12,#1] + ldrb r6,[r12,#0] + orr r0,r0,r4,lsl#8 + ldrb r1,[r12,#7] + orr r0,r0,r5,lsl#16 + ldrb r4,[r12,#6] + orr r0,r0,r6,lsl#24 + ldrb r5,[r12,#5] + ldrb r6,[r12,#4] + orr r1,r1,r4,lsl#8 + ldrb r2,[r12,#11] + orr r1,r1,r5,lsl#16 + ldrb r4,[r12,#10] + orr r1,r1,r6,lsl#24 + ldrb r5,[r12,#9] + ldrb r6,[r12,#8] + orr r2,r2,r4,lsl#8 + ldrb r3,[r12,#15] + orr r2,r2,r5,lsl#16 + ldrb r4,[r12,#14] + orr r2,r2,r6,lsl#24 + ldrb r5,[r12,#13] + ldrb r6,[r12,#12] + orr r3,r3,r4,lsl#8 + orr r3,r3,r5,lsl#16 + orr r3,r3,r6,lsl#24 +#else + ldr r0,[r12,#0] + ldr r1,[r12,#4] + ldr r2,[r12,#8] + ldr r3,[r12,#12] +#ifdef __ARMEL__ + rev r0,r0 + rev r1,r1 + rev r2,r2 + rev r3,r3 +#endif +#endif + bl _armv4_AES_encrypt + + ldr r12,[sp],#4 @ pop out +#if __ARM_ARCH__>=7 +#ifdef __ARMEL__ + rev r0,r0 + rev r1,r1 + rev r2,r2 + rev r3,r3 +#endif + str r0,[r12,#0] + str r1,[r12,#4] + str r2,[r12,#8] + str r3,[r12,#12] +#else + mov r4,r0,lsr#24 @ write output in endian-neutral + mov r5,r0,lsr#16 @ manner... + mov r6,r0,lsr#8 + strb r4,[r12,#0] + strb r5,[r12,#1] + mov r4,r1,lsr#24 + strb r6,[r12,#2] + mov r5,r1,lsr#16 + strb r0,[r12,#3] + mov r6,r1,lsr#8 + strb r4,[r12,#4] + strb r5,[r12,#5] + mov r4,r2,lsr#24 + strb r6,[r12,#6] + mov r5,r2,lsr#16 + strb r1,[r12,#7] + mov r6,r2,lsr#8 + strb r4,[r12,#8] + strb r5,[r12,#9] + mov r4,r3,lsr#24 + strb r6,[r12,#10] + mov r5,r3,lsr#16 + strb r2,[r12,#11] + mov r6,r3,lsr#8 + strb r4,[r12,#12] + strb r5,[r12,#13] + strb r6,[r12,#14] + strb r3,[r12,#15] +#endif +#if __ARM_ARCH__>=5 + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} +#else + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet +.word 0xe12fff1e @ interoperable with Thumb ISA:-) +#endif +.size AES_encrypt,.-AES_encrypt + +.type _armv4_AES_encrypt,%function +.align 2 +_armv4_AES_encrypt: + str lr,[sp,#-4]! @ push lr + ldmia r11!,{r4,r5,r6,r7} + eor r0,r0,r4 + ldr r12,[r11,#240-16] + eor r1,r1,r5 + eor r2,r2,r6 + eor r3,r3,r7 + sub r12,r12,#1 + mov lr,#255 + + and r7,lr,r0 + and r8,lr,r0,lsr#8 + and r9,lr,r0,lsr#16 + mov r0,r0,lsr#24 +.Lenc_loop: + ldr r4,[r10,r7,lsl#2] @ Te3[s0>>0] + and r7,lr,r1,lsr#16 @ i0 + ldr r5,[r10,r8,lsl#2] @ Te2[s0>>8] + and r8,lr,r1 + ldr r6,[r10,r9,lsl#2] @ Te1[s0>>16] + and r9,lr,r1,lsr#8 + ldr r0,[r10,r0,lsl#2] @ Te0[s0>>24] + mov r1,r1,lsr#24 + + ldr r7,[r10,r7,lsl#2] @ Te1[s1>>16] + ldr r8,[r10,r8,lsl#2] @ Te3[s1>>0] + ldr r9,[r10,r9,lsl#2] @ Te2[s1>>8] + eor r0,r0,r7,ror#8 + ldr r1,[r10,r1,lsl#2] @ Te0[s1>>24] + and r7,lr,r2,lsr#8 @ i0 + eor r5,r5,r8,ror#8 + and r8,lr,r2,lsr#16 @ i1 + eor r6,r6,r9,ror#8 + and r9,lr,r2 + ldr r7,[r10,r7,lsl#2] @ Te2[s2>>8] + eor r1,r1,r4,ror#24 + ldr r8,[r10,r8,lsl#2] @ Te1[s2>>16] + mov r2,r2,lsr#24 + + ldr r9,[r10,r9,lsl#2] @ Te3[s2>>0] + eor r0,r0,r7,ror#16 + ldr r2,[r10,r2,lsl#2] @ Te0[s2>>24] + and r7,lr,r3 @ i0 + eor r1,r1,r8,ror#8 + and r8,lr,r3,lsr#8 @ i1 + eor r6,r6,r9,ror#16 + and r9,lr,r3,lsr#16 @ i2 + ldr r7,[r10,r7,lsl#2] @ Te3[s3>>0] + eor r2,r2,r5,ror#16 + ldr r8,[r10,r8,lsl#2] @ Te2[s3>>8] + mov r3,r3,lsr#24 + + ldr r9,[r10,r9,lsl#2] @ Te1[s3>>16] + eor r0,r0,r7,ror#24 + ldr r7,[r11],#16 + eor r1,r1,r8,ror#16 + ldr r3,[r10,r3,lsl#2] @ Te0[s3>>24] + eor r2,r2,r9,ror#8 + ldr r4,[r11,#-12] + eor r3,r3,r6,ror#8 + + ldr r5,[r11,#-8] + eor r0,r0,r7 + ldr r6,[r11,#-4] + and r7,lr,r0 + eor r1,r1,r4 + and r8,lr,r0,lsr#8 + eor r2,r2,r5 + and r9,lr,r0,lsr#16 + eor r3,r3,r6 + mov r0,r0,lsr#24 + + subs r12,r12,#1 + bne .Lenc_loop + + add r10,r10,#2 + + ldrb r4,[r10,r7,lsl#2] @ Te4[s0>>0] + and r7,lr,r1,lsr#16 @ i0 + ldrb r5,[r10,r8,lsl#2] @ Te4[s0>>8] + and r8,lr,r1 + ldrb r6,[r10,r9,lsl#2] @ Te4[s0>>16] + and r9,lr,r1,lsr#8 + ldrb r0,[r10,r0,lsl#2] @ Te4[s0>>24] + mov r1,r1,lsr#24 + + ldrb r7,[r10,r7,lsl#2] @ Te4[s1>>16] + ldrb r8,[r10,r8,lsl#2] @ Te4[s1>>0] + ldrb r9,[r10,r9,lsl#2] @ Te4[s1>>8] + eor r0,r7,r0,lsl#8 + ldrb r1,[r10,r1,lsl#2] @ Te4[s1>>24] + and r7,lr,r2,lsr#8 @ i0 + eor r5,r8,r5,lsl#8 + and r8,lr,r2,lsr#16 @ i1 + eor r6,r9,r6,lsl#8 + and r9,lr,r2 + ldrb r7,[r10,r7,lsl#2] @ Te4[s2>>8] + eor r1,r4,r1,lsl#24 + ldrb r8,[r10,r8,lsl#2] @ Te4[s2>>16] + mov r2,r2,lsr#24 + + ldrb r9,[r10,r9,lsl#2] @ Te4[s2>>0] + eor r0,r7,r0,lsl#8 + ldrb r2,[r10,r2,lsl#2] @ Te4[s2>>24] + and r7,lr,r3 @ i0 + eor r1,r1,r8,lsl#16 + and r8,lr,r3,lsr#8 @ i1 + eor r6,r9,r6,lsl#8 + and r9,lr,r3,lsr#16 @ i2 + ldrb r7,[r10,r7,lsl#2] @ Te4[s3>>0] + eor r2,r5,r2,lsl#24 + ldrb r8,[r10,r8,lsl#2] @ Te4[s3>>8] + mov r3,r3,lsr#24 + + ldrb r9,[r10,r9,lsl#2] @ Te4[s3>>16] + eor r0,r7,r0,lsl#8 + ldr r7,[r11,#0] + ldrb r3,[r10,r3,lsl#2] @ Te4[s3>>24] + eor r1,r1,r8,lsl#8 + ldr r4,[r11,#4] + eor r2,r2,r9,lsl#16 + ldr r5,[r11,#8] + eor r3,r6,r3,lsl#24 + ldr r6,[r11,#12] + + eor r0,r0,r7 + eor r1,r1,r4 + eor r2,r2,r5 + eor r3,r3,r6 + + sub r10,r10,#2 + ldr pc,[sp],#4 @ pop and return +.size _armv4_AES_encrypt,.-_armv4_AES_encrypt + +.globl AES_set_encrypt_key +.type AES_set_encrypt_key,%function +.align 5 +AES_set_encrypt_key: +_armv4_AES_set_encrypt_key: +#ifndef __thumb2__ + sub r3,pc,#8 @ AES_set_encrypt_key +#else + adr r3,. +#endif + teq r0,#0 +#ifdef __thumb2__ + itt eq @ Thumb2 thing, sanity check in ARM +#endif + moveq r0,#-1 + beq .Labrt + teq r2,#0 +#ifdef __thumb2__ + itt eq @ Thumb2 thing, sanity check in ARM +#endif + moveq r0,#-1 + beq .Labrt + + teq r1,#128 + beq .Lok + teq r1,#192 + beq .Lok + teq r1,#256 +#ifdef __thumb2__ + itt ne @ Thumb2 thing, sanity check in ARM +#endif + movne r0,#-1 + bne .Labrt + +.Lok: stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} + mov r12,r0 @ inp + mov lr,r1 @ bits + mov r11,r2 @ key + +#if defined(__thumb2__) || defined(__APPLE__) + adr r10,AES_Te+1024 @ Te4 +#else + sub r10,r3,#_armv4_AES_set_encrypt_key-AES_Te-1024 @ Te4 +#endif + +#if __ARM_ARCH__<7 + ldrb r0,[r12,#3] @ load input data in endian-neutral + ldrb r4,[r12,#2] @ manner... + ldrb r5,[r12,#1] + ldrb r6,[r12,#0] + orr r0,r0,r4,lsl#8 + ldrb r1,[r12,#7] + orr r0,r0,r5,lsl#16 + ldrb r4,[r12,#6] + orr r0,r0,r6,lsl#24 + ldrb r5,[r12,#5] + ldrb r6,[r12,#4] + orr r1,r1,r4,lsl#8 + ldrb r2,[r12,#11] + orr r1,r1,r5,lsl#16 + ldrb r4,[r12,#10] + orr r1,r1,r6,lsl#24 + ldrb r5,[r12,#9] + ldrb r6,[r12,#8] + orr r2,r2,r4,lsl#8 + ldrb r3,[r12,#15] + orr r2,r2,r5,lsl#16 + ldrb r4,[r12,#14] + orr r2,r2,r6,lsl#24 + ldrb r5,[r12,#13] + ldrb r6,[r12,#12] + orr r3,r3,r4,lsl#8 + str r0,[r11],#16 + orr r3,r3,r5,lsl#16 + str r1,[r11,#-12] + orr r3,r3,r6,lsl#24 + str r2,[r11,#-8] + str r3,[r11,#-4] +#else + ldr r0,[r12,#0] + ldr r1,[r12,#4] + ldr r2,[r12,#8] + ldr r3,[r12,#12] +#ifdef __ARMEL__ + rev r0,r0 + rev r1,r1 + rev r2,r2 + rev r3,r3 +#endif + str r0,[r11],#16 + str r1,[r11,#-12] + str r2,[r11,#-8] + str r3,[r11,#-4] +#endif + + teq lr,#128 + bne .Lnot128 + mov r12,#10 + str r12,[r11,#240-16] + add r6,r10,#256 @ rcon + mov lr,#255 + +.L128_loop: + and r5,lr,r3,lsr#24 + and r7,lr,r3,lsr#16 + ldrb r5,[r10,r5] + and r8,lr,r3,lsr#8 + ldrb r7,[r10,r7] + and r9,lr,r3 + ldrb r8,[r10,r8] + orr r5,r5,r7,lsl#24 + ldrb r9,[r10,r9] + orr r5,r5,r8,lsl#16 + ldr r4,[r6],#4 @ rcon[i++] + orr r5,r5,r9,lsl#8 + eor r5,r5,r4 + eor r0,r0,r5 @ rk[4]=rk[0]^... + eor r1,r1,r0 @ rk[5]=rk[1]^rk[4] + str r0,[r11],#16 + eor r2,r2,r1 @ rk[6]=rk[2]^rk[5] + str r1,[r11,#-12] + eor r3,r3,r2 @ rk[7]=rk[3]^rk[6] + str r2,[r11,#-8] + subs r12,r12,#1 + str r3,[r11,#-4] + bne .L128_loop + sub r2,r11,#176 + b .Ldone + +.Lnot128: +#if __ARM_ARCH__<7 + ldrb r8,[r12,#19] + ldrb r4,[r12,#18] + ldrb r5,[r12,#17] + ldrb r6,[r12,#16] + orr r8,r8,r4,lsl#8 + ldrb r9,[r12,#23] + orr r8,r8,r5,lsl#16 + ldrb r4,[r12,#22] + orr r8,r8,r6,lsl#24 + ldrb r5,[r12,#21] + ldrb r6,[r12,#20] + orr r9,r9,r4,lsl#8 + orr r9,r9,r5,lsl#16 + str r8,[r11],#8 + orr r9,r9,r6,lsl#24 + str r9,[r11,#-4] +#else + ldr r8,[r12,#16] + ldr r9,[r12,#20] +#ifdef __ARMEL__ + rev r8,r8 + rev r9,r9 +#endif + str r8,[r11],#8 + str r9,[r11,#-4] +#endif + + teq lr,#192 + bne .Lnot192 + mov r12,#12 + str r12,[r11,#240-24] + add r6,r10,#256 @ rcon + mov lr,#255 + mov r12,#8 + +.L192_loop: + and r5,lr,r9,lsr#24 + and r7,lr,r9,lsr#16 + ldrb r5,[r10,r5] + and r8,lr,r9,lsr#8 + ldrb r7,[r10,r7] + and r9,lr,r9 + ldrb r8,[r10,r8] + orr r5,r5,r7,lsl#24 + ldrb r9,[r10,r9] + orr r5,r5,r8,lsl#16 + ldr r4,[r6],#4 @ rcon[i++] + orr r5,r5,r9,lsl#8 + eor r9,r5,r4 + eor r0,r0,r9 @ rk[6]=rk[0]^... + eor r1,r1,r0 @ rk[7]=rk[1]^rk[6] + str r0,[r11],#24 + eor r2,r2,r1 @ rk[8]=rk[2]^rk[7] + str r1,[r11,#-20] + eor r3,r3,r2 @ rk[9]=rk[3]^rk[8] + str r2,[r11,#-16] + subs r12,r12,#1 + str r3,[r11,#-12] +#ifdef __thumb2__ + itt eq @ Thumb2 thing, sanity check in ARM +#endif + subeq r2,r11,#216 + beq .Ldone + + ldr r7,[r11,#-32] + ldr r8,[r11,#-28] + eor r7,r7,r3 @ rk[10]=rk[4]^rk[9] + eor r9,r8,r7 @ rk[11]=rk[5]^rk[10] + str r7,[r11,#-8] + str r9,[r11,#-4] + b .L192_loop + +.Lnot192: +#if __ARM_ARCH__<7 + ldrb r8,[r12,#27] + ldrb r4,[r12,#26] + ldrb r5,[r12,#25] + ldrb r6,[r12,#24] + orr r8,r8,r4,lsl#8 + ldrb r9,[r12,#31] + orr r8,r8,r5,lsl#16 + ldrb r4,[r12,#30] + orr r8,r8,r6,lsl#24 + ldrb r5,[r12,#29] + ldrb r6,[r12,#28] + orr r9,r9,r4,lsl#8 + orr r9,r9,r5,lsl#16 + str r8,[r11],#8 + orr r9,r9,r6,lsl#24 + str r9,[r11,#-4] +#else + ldr r8,[r12,#24] + ldr r9,[r12,#28] +#ifdef __ARMEL__ + rev r8,r8 + rev r9,r9 +#endif + str r8,[r11],#8 + str r9,[r11,#-4] +#endif + + mov r12,#14 + str r12,[r11,#240-32] + add r6,r10,#256 @ rcon + mov lr,#255 + mov r12,#7 + +.L256_loop: + and r5,lr,r9,lsr#24 + and r7,lr,r9,lsr#16 + ldrb r5,[r10,r5] + and r8,lr,r9,lsr#8 + ldrb r7,[r10,r7] + and r9,lr,r9 + ldrb r8,[r10,r8] + orr r5,r5,r7,lsl#24 + ldrb r9,[r10,r9] + orr r5,r5,r8,lsl#16 + ldr r4,[r6],#4 @ rcon[i++] + orr r5,r5,r9,lsl#8 + eor r9,r5,r4 + eor r0,r0,r9 @ rk[8]=rk[0]^... + eor r1,r1,r0 @ rk[9]=rk[1]^rk[8] + str r0,[r11],#32 + eor r2,r2,r1 @ rk[10]=rk[2]^rk[9] + str r1,[r11,#-28] + eor r3,r3,r2 @ rk[11]=rk[3]^rk[10] + str r2,[r11,#-24] + subs r12,r12,#1 + str r3,[r11,#-20] +#ifdef __thumb2__ + itt eq @ Thumb2 thing, sanity check in ARM +#endif + subeq r2,r11,#256 + beq .Ldone + + and r5,lr,r3 + and r7,lr,r3,lsr#8 + ldrb r5,[r10,r5] + and r8,lr,r3,lsr#16 + ldrb r7,[r10,r7] + and r9,lr,r3,lsr#24 + ldrb r8,[r10,r8] + orr r5,r5,r7,lsl#8 + ldrb r9,[r10,r9] + orr r5,r5,r8,lsl#16 + ldr r4,[r11,#-48] + orr r5,r5,r9,lsl#24 + + ldr r7,[r11,#-44] + ldr r8,[r11,#-40] + eor r4,r4,r5 @ rk[12]=rk[4]^... + ldr r9,[r11,#-36] + eor r7,r7,r4 @ rk[13]=rk[5]^rk[12] + str r4,[r11,#-16] + eor r8,r8,r7 @ rk[14]=rk[6]^rk[13] + str r7,[r11,#-12] + eor r9,r9,r8 @ rk[15]=rk[7]^rk[14] + str r8,[r11,#-8] + str r9,[r11,#-4] + b .L256_loop + +.align 2 +.Ldone: mov r0,#0 + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} +.Labrt: +#if __ARM_ARCH__>=5 + bx lr @ .word 0xe12fff1e +#else + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet +.word 0xe12fff1e @ interoperable with Thumb ISA:-) +#endif +.size AES_set_encrypt_key,.-AES_set_encrypt_key + +.globl AES_set_decrypt_key +.type AES_set_decrypt_key,%function +.align 5 +AES_set_decrypt_key: + str lr,[sp,#-4]! @ push lr + bl _armv4_AES_set_encrypt_key + teq r0,#0 + ldr lr,[sp],#4 @ pop lr + bne .Labrt + + mov r0,r2 @ AES_set_encrypt_key preserves r2, + mov r1,r2 @ which is AES_KEY *key + b _armv4_AES_set_enc2dec_key +.size AES_set_decrypt_key,.-AES_set_decrypt_key + +@ void AES_set_enc2dec_key(const AES_KEY *inp,AES_KEY *out) +.globl AES_set_enc2dec_key +.type AES_set_enc2dec_key,%function +.align 5 +AES_set_enc2dec_key: +_armv4_AES_set_enc2dec_key: + stmdb sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} + + ldr r12,[r0,#240] + mov r7,r0 @ input + add r8,r0,r12,lsl#4 + mov r11,r1 @ output + add r10,r1,r12,lsl#4 + str r12,[r1,#240] + +.Linv: ldr r0,[r7],#16 + ldr r1,[r7,#-12] + ldr r2,[r7,#-8] + ldr r3,[r7,#-4] + ldr r4,[r8],#-16 + ldr r5,[r8,#16+4] + ldr r6,[r8,#16+8] + ldr r9,[r8,#16+12] + str r0,[r10],#-16 + str r1,[r10,#16+4] + str r2,[r10,#16+8] + str r3,[r10,#16+12] + str r4,[r11],#16 + str r5,[r11,#-12] + str r6,[r11,#-8] + str r9,[r11,#-4] + teq r7,r8 + bne .Linv + + ldr r0,[r7] + ldr r1,[r7,#4] + ldr r2,[r7,#8] + ldr r3,[r7,#12] + str r0,[r11] + str r1,[r11,#4] + str r2,[r11,#8] + str r3,[r11,#12] + sub r11,r11,r12,lsl#3 + ldr r0,[r11,#16]! @ prefetch tp1 + mov r7,#0x80 + mov r8,#0x1b + orr r7,r7,#0x8000 + orr r8,r8,#0x1b00 + orr r7,r7,r7,lsl#16 + orr r8,r8,r8,lsl#16 + sub r12,r12,#1 + mvn r9,r7 + mov r12,r12,lsl#2 @ (rounds-1)*4 + +.Lmix: and r4,r0,r7 + and r1,r0,r9 + sub r4,r4,r4,lsr#7 + and r4,r4,r8 + eor r1,r4,r1,lsl#1 @ tp2 + + and r4,r1,r7 + and r2,r1,r9 + sub r4,r4,r4,lsr#7 + and r4,r4,r8 + eor r2,r4,r2,lsl#1 @ tp4 + + and r4,r2,r7 + and r3,r2,r9 + sub r4,r4,r4,lsr#7 + and r4,r4,r8 + eor r3,r4,r3,lsl#1 @ tp8 + + eor r4,r1,r2 + eor r5,r0,r3 @ tp9 + eor r4,r4,r3 @ tpe + eor r4,r4,r1,ror#24 + eor r4,r4,r5,ror#24 @ ^= ROTATE(tpb=tp9^tp2,8) + eor r4,r4,r2,ror#16 + eor r4,r4,r5,ror#16 @ ^= ROTATE(tpd=tp9^tp4,16) + eor r4,r4,r5,ror#8 @ ^= ROTATE(tp9,24) + + ldr r0,[r11,#4] @ prefetch tp1 + str r4,[r11],#4 + subs r12,r12,#1 + bne .Lmix + + mov r0,#0 +#if __ARM_ARCH__>=5 + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} +#else + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet +.word 0xe12fff1e @ interoperable with Thumb ISA:-) +#endif +.size AES_set_enc2dec_key,.-AES_set_enc2dec_key + +.type AES_Td,%object +.align 5 +AES_Td: +.word 0x51f4a750, 0x7e416553, 0x1a17a4c3, 0x3a275e96 +.word 0x3bab6bcb, 0x1f9d45f1, 0xacfa58ab, 0x4be30393 +.word 0x2030fa55, 0xad766df6, 0x88cc7691, 0xf5024c25 +.word 0x4fe5d7fc, 0xc52acbd7, 0x26354480, 0xb562a38f +.word 0xdeb15a49, 0x25ba1b67, 0x45ea0e98, 0x5dfec0e1 +.word 0xc32f7502, 0x814cf012, 0x8d4697a3, 0x6bd3f9c6 +.word 0x038f5fe7, 0x15929c95, 0xbf6d7aeb, 0x955259da +.word 0xd4be832d, 0x587421d3, 0x49e06929, 0x8ec9c844 +.word 0x75c2896a, 0xf48e7978, 0x99583e6b, 0x27b971dd +.word 0xbee14fb6, 0xf088ad17, 0xc920ac66, 0x7dce3ab4 +.word 0x63df4a18, 0xe51a3182, 0x97513360, 0x62537f45 +.word 0xb16477e0, 0xbb6bae84, 0xfe81a01c, 0xf9082b94 +.word 0x70486858, 0x8f45fd19, 0x94de6c87, 0x527bf8b7 +.word 0xab73d323, 0x724b02e2, 0xe31f8f57, 0x6655ab2a +.word 0xb2eb2807, 0x2fb5c203, 0x86c57b9a, 0xd33708a5 +.word 0x302887f2, 0x23bfa5b2, 0x02036aba, 0xed16825c +.word 0x8acf1c2b, 0xa779b492, 0xf307f2f0, 0x4e69e2a1 +.word 0x65daf4cd, 0x0605bed5, 0xd134621f, 0xc4a6fe8a +.word 0x342e539d, 0xa2f355a0, 0x058ae132, 0xa4f6eb75 +.word 0x0b83ec39, 0x4060efaa, 0x5e719f06, 0xbd6e1051 +.word 0x3e218af9, 0x96dd063d, 0xdd3e05ae, 0x4de6bd46 +.word 0x91548db5, 0x71c45d05, 0x0406d46f, 0x605015ff +.word 0x1998fb24, 0xd6bde997, 0x894043cc, 0x67d99e77 +.word 0xb0e842bd, 0x07898b88, 0xe7195b38, 0x79c8eedb +.word 0xa17c0a47, 0x7c420fe9, 0xf8841ec9, 0x00000000 +.word 0x09808683, 0x322bed48, 0x1e1170ac, 0x6c5a724e +.word 0xfd0efffb, 0x0f853856, 0x3daed51e, 0x362d3927 +.word 0x0a0fd964, 0x685ca621, 0x9b5b54d1, 0x24362e3a +.word 0x0c0a67b1, 0x9357e70f, 0xb4ee96d2, 0x1b9b919e +.word 0x80c0c54f, 0x61dc20a2, 0x5a774b69, 0x1c121a16 +.word 0xe293ba0a, 0xc0a02ae5, 0x3c22e043, 0x121b171d +.word 0x0e090d0b, 0xf28bc7ad, 0x2db6a8b9, 0x141ea9c8 +.word 0x57f11985, 0xaf75074c, 0xee99ddbb, 0xa37f60fd +.word 0xf701269f, 0x5c72f5bc, 0x44663bc5, 0x5bfb7e34 +.word 0x8b432976, 0xcb23c6dc, 0xb6edfc68, 0xb8e4f163 +.word 0xd731dcca, 0x42638510, 0x13972240, 0x84c61120 +.word 0x854a247d, 0xd2bb3df8, 0xaef93211, 0xc729a16d +.word 0x1d9e2f4b, 0xdcb230f3, 0x0d8652ec, 0x77c1e3d0 +.word 0x2bb3166c, 0xa970b999, 0x119448fa, 0x47e96422 +.word 0xa8fc8cc4, 0xa0f03f1a, 0x567d2cd8, 0x223390ef +.word 0x87494ec7, 0xd938d1c1, 0x8ccaa2fe, 0x98d40b36 +.word 0xa6f581cf, 0xa57ade28, 0xdab78e26, 0x3fadbfa4 +.word 0x2c3a9de4, 0x5078920d, 0x6a5fcc9b, 0x547e4662 +.word 0xf68d13c2, 0x90d8b8e8, 0x2e39f75e, 0x82c3aff5 +.word 0x9f5d80be, 0x69d0937c, 0x6fd52da9, 0xcf2512b3 +.word 0xc8ac993b, 0x10187da7, 0xe89c636e, 0xdb3bbb7b +.word 0xcd267809, 0x6e5918f4, 0xec9ab701, 0x834f9aa8 +.word 0xe6956e65, 0xaaffe67e, 0x21bccf08, 0xef15e8e6 +.word 0xbae79bd9, 0x4a6f36ce, 0xea9f09d4, 0x29b07cd6 +.word 0x31a4b2af, 0x2a3f2331, 0xc6a59430, 0x35a266c0 +.word 0x744ebc37, 0xfc82caa6, 0xe090d0b0, 0x33a7d815 +.word 0xf104984a, 0x41ecdaf7, 0x7fcd500e, 0x1791f62f +.word 0x764dd68d, 0x43efb04d, 0xccaa4d54, 0xe49604df +.word 0x9ed1b5e3, 0x4c6a881b, 0xc12c1fb8, 0x4665517f +.word 0x9d5eea04, 0x018c355d, 0xfa877473, 0xfb0b412e +.word 0xb3671d5a, 0x92dbd252, 0xe9105633, 0x6dd64713 +.word 0x9ad7618c, 0x37a10c7a, 0x59f8148e, 0xeb133c89 +.word 0xcea927ee, 0xb761c935, 0xe11ce5ed, 0x7a47b13c +.word 0x9cd2df59, 0x55f2733f, 0x1814ce79, 0x73c737bf +.word 0x53f7cdea, 0x5ffdaa5b, 0xdf3d6f14, 0x7844db86 +.word 0xcaaff381, 0xb968c43e, 0x3824342c, 0xc2a3405f +.word 0x161dc372, 0xbce2250c, 0x283c498b, 0xff0d9541 +.word 0x39a80171, 0x080cb3de, 0xd8b4e49c, 0x6456c190 +.word 0x7bcb8461, 0xd532b670, 0x486c5c74, 0xd0b85742 +@ Td4[256] +.byte 0x52, 0x09, 0x6a, 0xd5, 0x30, 0x36, 0xa5, 0x38 +.byte 0xbf, 0x40, 0xa3, 0x9e, 0x81, 0xf3, 0xd7, 0xfb +.byte 0x7c, 0xe3, 0x39, 0x82, 0x9b, 0x2f, 0xff, 0x87 +.byte 0x34, 0x8e, 0x43, 0x44, 0xc4, 0xde, 0xe9, 0xcb +.byte 0x54, 0x7b, 0x94, 0x32, 0xa6, 0xc2, 0x23, 0x3d +.byte 0xee, 0x4c, 0x95, 0x0b, 0x42, 0xfa, 0xc3, 0x4e +.byte 0x08, 0x2e, 0xa1, 0x66, 0x28, 0xd9, 0x24, 0xb2 +.byte 0x76, 0x5b, 0xa2, 0x49, 0x6d, 0x8b, 0xd1, 0x25 +.byte 0x72, 0xf8, 0xf6, 0x64, 0x86, 0x68, 0x98, 0x16 +.byte 0xd4, 0xa4, 0x5c, 0xcc, 0x5d, 0x65, 0xb6, 0x92 +.byte 0x6c, 0x70, 0x48, 0x50, 0xfd, 0xed, 0xb9, 0xda +.byte 0x5e, 0x15, 0x46, 0x57, 0xa7, 0x8d, 0x9d, 0x84 +.byte 0x90, 0xd8, 0xab, 0x00, 0x8c, 0xbc, 0xd3, 0x0a +.byte 0xf7, 0xe4, 0x58, 0x05, 0xb8, 0xb3, 0x45, 0x06 +.byte 0xd0, 0x2c, 0x1e, 0x8f, 0xca, 0x3f, 0x0f, 0x02 +.byte 0xc1, 0xaf, 0xbd, 0x03, 0x01, 0x13, 0x8a, 0x6b +.byte 0x3a, 0x91, 0x11, 0x41, 0x4f, 0x67, 0xdc, 0xea +.byte 0x97, 0xf2, 0xcf, 0xce, 0xf0, 0xb4, 0xe6, 0x73 +.byte 0x96, 0xac, 0x74, 0x22, 0xe7, 0xad, 0x35, 0x85 +.byte 0xe2, 0xf9, 0x37, 0xe8, 0x1c, 0x75, 0xdf, 0x6e +.byte 0x47, 0xf1, 0x1a, 0x71, 0x1d, 0x29, 0xc5, 0x89 +.byte 0x6f, 0xb7, 0x62, 0x0e, 0xaa, 0x18, 0xbe, 0x1b +.byte 0xfc, 0x56, 0x3e, 0x4b, 0xc6, 0xd2, 0x79, 0x20 +.byte 0x9a, 0xdb, 0xc0, 0xfe, 0x78, 0xcd, 0x5a, 0xf4 +.byte 0x1f, 0xdd, 0xa8, 0x33, 0x88, 0x07, 0xc7, 0x31 +.byte 0xb1, 0x12, 0x10, 0x59, 0x27, 0x80, 0xec, 0x5f +.byte 0x60, 0x51, 0x7f, 0xa9, 0x19, 0xb5, 0x4a, 0x0d +.byte 0x2d, 0xe5, 0x7a, 0x9f, 0x93, 0xc9, 0x9c, 0xef +.byte 0xa0, 0xe0, 0x3b, 0x4d, 0xae, 0x2a, 0xf5, 0xb0 +.byte 0xc8, 0xeb, 0xbb, 0x3c, 0x83, 0x53, 0x99, 0x61 +.byte 0x17, 0x2b, 0x04, 0x7e, 0xba, 0x77, 0xd6, 0x26 +.byte 0xe1, 0x69, 0x14, 0x63, 0x55, 0x21, 0x0c, 0x7d +.size AES_Td,.-AES_Td + +@ void AES_decrypt(const unsigned char *in, unsigned char *out, +@ const AES_KEY *key) { +.globl AES_decrypt +.type AES_decrypt,%function +.align 5 +AES_decrypt: +#ifndef __thumb2__ + sub r3,pc,#8 @ AES_decrypt +#else + adr r3,. +#endif + stmdb sp!,{r1,r4-r12,lr} +#if defined(__thumb2__) || defined(__APPLE__) + adr r10,AES_Td +#else + sub r10,r3,#AES_decrypt-AES_Td @ Td +#endif + mov r12,r0 @ inp + mov r11,r2 +#if __ARM_ARCH__<7 + ldrb r0,[r12,#3] @ load input data in endian-neutral + ldrb r4,[r12,#2] @ manner... + ldrb r5,[r12,#1] + ldrb r6,[r12,#0] + orr r0,r0,r4,lsl#8 + ldrb r1,[r12,#7] + orr r0,r0,r5,lsl#16 + ldrb r4,[r12,#6] + orr r0,r0,r6,lsl#24 + ldrb r5,[r12,#5] + ldrb r6,[r12,#4] + orr r1,r1,r4,lsl#8 + ldrb r2,[r12,#11] + orr r1,r1,r5,lsl#16 + ldrb r4,[r12,#10] + orr r1,r1,r6,lsl#24 + ldrb r5,[r12,#9] + ldrb r6,[r12,#8] + orr r2,r2,r4,lsl#8 + ldrb r3,[r12,#15] + orr r2,r2,r5,lsl#16 + ldrb r4,[r12,#14] + orr r2,r2,r6,lsl#24 + ldrb r5,[r12,#13] + ldrb r6,[r12,#12] + orr r3,r3,r4,lsl#8 + orr r3,r3,r5,lsl#16 + orr r3,r3,r6,lsl#24 +#else + ldr r0,[r12,#0] + ldr r1,[r12,#4] + ldr r2,[r12,#8] + ldr r3,[r12,#12] +#ifdef __ARMEL__ + rev r0,r0 + rev r1,r1 + rev r2,r2 + rev r3,r3 +#endif +#endif + bl _armv4_AES_decrypt + + ldr r12,[sp],#4 @ pop out +#if __ARM_ARCH__>=7 +#ifdef __ARMEL__ + rev r0,r0 + rev r1,r1 + rev r2,r2 + rev r3,r3 +#endif + str r0,[r12,#0] + str r1,[r12,#4] + str r2,[r12,#8] + str r3,[r12,#12] +#else + mov r4,r0,lsr#24 @ write output in endian-neutral + mov r5,r0,lsr#16 @ manner... + mov r6,r0,lsr#8 + strb r4,[r12,#0] + strb r5,[r12,#1] + mov r4,r1,lsr#24 + strb r6,[r12,#2] + mov r5,r1,lsr#16 + strb r0,[r12,#3] + mov r6,r1,lsr#8 + strb r4,[r12,#4] + strb r5,[r12,#5] + mov r4,r2,lsr#24 + strb r6,[r12,#6] + mov r5,r2,lsr#16 + strb r1,[r12,#7] + mov r6,r2,lsr#8 + strb r4,[r12,#8] + strb r5,[r12,#9] + mov r4,r3,lsr#24 + strb r6,[r12,#10] + mov r5,r3,lsr#16 + strb r2,[r12,#11] + mov r6,r3,lsr#8 + strb r4,[r12,#12] + strb r5,[r12,#13] + strb r6,[r12,#14] + strb r3,[r12,#15] +#endif +#if __ARM_ARCH__>=5 + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,pc} +#else + ldmia sp!,{r4,r5,r6,r7,r8,r9,r10,r11,r12,lr} + tst lr,#1 + moveq pc,lr @ be binary compatible with V4, yet +.word 0xe12fff1e @ interoperable with Thumb ISA:-) +#endif +.size AES_decrypt,.-AES_decrypt + +.type _armv4_AES_decrypt,%function +.align 2 +_armv4_AES_decrypt: + str lr,[sp,#-4]! @ push lr + ldmia r11!,{r4,r5,r6,r7} + eor r0,r0,r4 + ldr r12,[r11,#240-16] + eor r1,r1,r5 + eor r2,r2,r6 + eor r3,r3,r7 + sub r12,r12,#1 + mov lr,#255 + + and r7,lr,r0,lsr#16 + and r8,lr,r0,lsr#8 + and r9,lr,r0 + mov r0,r0,lsr#24 +.Ldec_loop: + ldr r4,[r10,r7,lsl#2] @ Td1[s0>>16] + and r7,lr,r1 @ i0 + ldr r5,[r10,r8,lsl#2] @ Td2[s0>>8] + and r8,lr,r1,lsr#16 + ldr r6,[r10,r9,lsl#2] @ Td3[s0>>0] + and r9,lr,r1,lsr#8 + ldr r0,[r10,r0,lsl#2] @ Td0[s0>>24] + mov r1,r1,lsr#24 + + ldr r7,[r10,r7,lsl#2] @ Td3[s1>>0] + ldr r8,[r10,r8,lsl#2] @ Td1[s1>>16] + ldr r9,[r10,r9,lsl#2] @ Td2[s1>>8] + eor r0,r0,r7,ror#24 + ldr r1,[r10,r1,lsl#2] @ Td0[s1>>24] + and r7,lr,r2,lsr#8 @ i0 + eor r5,r8,r5,ror#8 + and r8,lr,r2 @ i1 + eor r6,r9,r6,ror#8 + and r9,lr,r2,lsr#16 + ldr r7,[r10,r7,lsl#2] @ Td2[s2>>8] + eor r1,r1,r4,ror#8 + ldr r8,[r10,r8,lsl#2] @ Td3[s2>>0] + mov r2,r2,lsr#24 + + ldr r9,[r10,r9,lsl#2] @ Td1[s2>>16] + eor r0,r0,r7,ror#16 + ldr r2,[r10,r2,lsl#2] @ Td0[s2>>24] + and r7,lr,r3,lsr#16 @ i0 + eor r1,r1,r8,ror#24 + and r8,lr,r3,lsr#8 @ i1 + eor r6,r9,r6,ror#8 + and r9,lr,r3 @ i2 + ldr r7,[r10,r7,lsl#2] @ Td1[s3>>16] + eor r2,r2,r5,ror#8 + ldr r8,[r10,r8,lsl#2] @ Td2[s3>>8] + mov r3,r3,lsr#24 + + ldr r9,[r10,r9,lsl#2] @ Td3[s3>>0] + eor r0,r0,r7,ror#8 + ldr r7,[r11],#16 + eor r1,r1,r8,ror#16 + ldr r3,[r10,r3,lsl#2] @ Td0[s3>>24] + eor r2,r2,r9,ror#24 + + ldr r4,[r11,#-12] + eor r0,r0,r7 + ldr r5,[r11,#-8] + eor r3,r3,r6,ror#8 + ldr r6,[r11,#-4] + and r7,lr,r0,lsr#16 + eor r1,r1,r4 + and r8,lr,r0,lsr#8 + eor r2,r2,r5 + and r9,lr,r0 + eor r3,r3,r6 + mov r0,r0,lsr#24 + + subs r12,r12,#1 + bne .Ldec_loop + + add r10,r10,#1024 + + ldr r5,[r10,#0] @ prefetch Td4 + ldr r6,[r10,#32] + ldr r4,[r10,#64] + ldr r5,[r10,#96] + ldr r6,[r10,#128] + ldr r4,[r10,#160] + ldr r5,[r10,#192] + ldr r6,[r10,#224] + + ldrb r0,[r10,r0] @ Td4[s0>>24] + ldrb r4,[r10,r7] @ Td4[s0>>16] + and r7,lr,r1 @ i0 + ldrb r5,[r10,r8] @ Td4[s0>>8] + and r8,lr,r1,lsr#16 + ldrb r6,[r10,r9] @ Td4[s0>>0] + and r9,lr,r1,lsr#8 + + add r1,r10,r1,lsr#24 + ldrb r7,[r10,r7] @ Td4[s1>>0] + ldrb r1,[r1] @ Td4[s1>>24] + ldrb r8,[r10,r8] @ Td4[s1>>16] + eor r0,r7,r0,lsl#24 + ldrb r9,[r10,r9] @ Td4[s1>>8] + eor r1,r4,r1,lsl#8 + and r7,lr,r2,lsr#8 @ i0 + eor r5,r5,r8,lsl#8 + and r8,lr,r2 @ i1 + ldrb r7,[r10,r7] @ Td4[s2>>8] + eor r6,r6,r9,lsl#8 + ldrb r8,[r10,r8] @ Td4[s2>>0] + and r9,lr,r2,lsr#16 + + add r2,r10,r2,lsr#24 + ldrb r2,[r2] @ Td4[s2>>24] + eor r0,r0,r7,lsl#8 + ldrb r9,[r10,r9] @ Td4[s2>>16] + eor r1,r8,r1,lsl#16 + and r7,lr,r3,lsr#16 @ i0 + eor r2,r5,r2,lsl#16 + and r8,lr,r3,lsr#8 @ i1 + ldrb r7,[r10,r7] @ Td4[s3>>16] + eor r6,r6,r9,lsl#16 + ldrb r8,[r10,r8] @ Td4[s3>>8] + and r9,lr,r3 @ i2 + + add r3,r10,r3,lsr#24 + ldrb r9,[r10,r9] @ Td4[s3>>0] + ldrb r3,[r3] @ Td4[s3>>24] + eor r0,r0,r7,lsl#16 + ldr r7,[r11,#0] + eor r1,r1,r8,lsl#8 + ldr r4,[r11,#4] + eor r2,r9,r2,lsl#8 + ldr r5,[r11,#8] + eor r3,r6,r3,lsl#24 + ldr r6,[r11,#12] + + eor r0,r0,r7 + eor r1,r1,r4 + eor r2,r2,r5 + eor r3,r3,r6 + + sub r10,r10,#1024 + ldr pc,[sp],#4 @ pop and return +.size _armv4_AES_decrypt,.-_armv4_AES_decrypt +.byte 65,69,83,32,102,111,114,32,65,82,77,118,52,44,32,67,82,89,80,84,79,71,65,77,83,32,98,121,32,60,97,112,112,114,111,64,111,112,101,110,115,115,108,46,111,114,103,62,0 +.align 2 +.align 2 diff --git a/vendor/cryptopp/vendor_cryptopp/aes_armv4.h b/vendor/cryptopp/vendor_cryptopp/aes_armv4.h new file mode 100644 index 00000000..93b2214d --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/aes_armv4.h @@ -0,0 +1,30 @@ +/* Header file for use with Cryptogam's ARMv4 AES. */ +/* Also see http://www.openssl.org/~appro/cryptogams/ and */ +/* https://wiki.openssl.org/index.php?title=Cryptogams_AES */ + +#ifndef CRYPTOGAMS_AES_ARMV4_H +#define CRYPTOGAMS_AES_ARMV4_H + +#ifdef __cplusplus +extern "C" { +#endif + +//#define AES_MAXNR 14 +//typedef struct AES_KEY_st { +// unsigned int rd_key[4 * (AES_MAXNR + 1)]; +// int rounds; +//} AES_KEY; + +// Instead of AES_KEY we use a 'word32 rkey[4*15+4]'. It has space for +// both the AES_MAXNR round keys and the number of rounds in the tail. + +int AES_set_encrypt_key(const unsigned char *userKey, const int bits, unsigned int *rkey); +int AES_set_decrypt_key(const unsigned char *userKey, const int bits, unsigned int *rkey); +void AES_encrypt(const unsigned char in[16], unsigned char out[16], const unsigned int *rkey); +void AES_decrypt(const unsigned char in[16], unsigned char out[16], const unsigned int *rkey); + +#ifdef __cplusplus +} +#endif + +#endif /* CRYPTOGAMS_AES_ARMV4_H */ diff --git a/vendor/cryptopp/vendor_cryptopp/algparam.h b/vendor/cryptopp/vendor_cryptopp/algparam.h index 4870f59e..1b125f02 100644 --- a/vendor/cryptopp/vendor_cryptopp/algparam.h +++ b/vendor/cryptopp/vendor_cryptopp/algparam.h @@ -28,7 +28,7 @@ public: ConstByteArrayParameter(const char *data = NULLPTR, bool deepCopy = false) : m_deepCopy(false), m_data(NULLPTR), m_size(0) { - Assign((const byte *)data, data ? strlen(data) : 0, deepCopy); + Assign(reinterpret_cast(data), data ? strlen(data) : 0, deepCopy); } /// \brief Construct a ConstByteArrayParameter @@ -44,8 +44,8 @@ public: } /// \brief Construct a ConstByteArrayParameter - /// \tparam T a std::basic_string class - /// \param string a std::basic_string class + /// \tparam T a std::basic_string or std::vector class + /// \param string a std::basic_string or std::vector object /// \param deepCopy flag indicating whether the data should be copied /// \details The deepCopy option is used when the NameValuePairs object can't /// keep a copy of the data available @@ -53,7 +53,7 @@ public: : m_deepCopy(false), m_data(NULLPTR), m_size(0) { CRYPTOPP_COMPILE_ASSERT(sizeof(typename T::value_type) == 1); - Assign((const byte *)string.data(), string.size(), deepCopy); + Assign(reinterpret_cast(&string[0]), string.size(), deepCopy); } /// \brief Assign contents from a memory buffer diff --git a/vendor/cryptopp/vendor_cryptopp/aria.cpp b/vendor/cryptopp/vendor_cryptopp/aria.cpp index 22c65099..bc7509fd 100644 --- a/vendor/cryptopp/vendor_cryptopp/aria.cpp +++ b/vendor/cryptopp/vendor_cryptopp/aria.cpp @@ -40,7 +40,7 @@ using CryptoPP::ARIATab::X2; using CryptoPP::ARIATab::KRK; inline byte ARIA_BRF(const word32 x, const int y) { - return GETBYTE(x, y); + return static_cast(GETBYTE(x, y)); } // Key XOR Layer @@ -85,11 +85,11 @@ inline byte ARIA_BRF(const word32 x, const int y) { #if (CRYPTOPP_ARM_NEON_AVAILABLE) extern void ARIA_UncheckedSetKey_Schedule_NEON(byte* rk, word32* ws, unsigned int keylen); -extern void ARIA_ProcessAndXorBlock_Xor_NEON(const byte* xorBlock, byte* outblock); +extern void ARIA_ProcessAndXorBlock_NEON(const byte* xorBlock, byte* outblock, const byte *rk, word32 *t); #endif #if (CRYPTOPP_SSSE3_AVAILABLE) -extern void ARIA_ProcessAndXorBlock_Xor_SSSE3(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t); +extern void ARIA_ProcessAndXorBlock_SSSE3(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t); #endif // n-bit right shift of Y XORed to X @@ -112,7 +112,6 @@ void ARIA::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const Nam m_rk.New(16*17); // round keys m_w.New(4*7); // w0, w1, w2, w3, t and u - const byte *mk = key; byte *rk = m_rk.data(); int Q, q, R, r; @@ -148,12 +147,10 @@ void ARIA::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const Nam if (keylen == 32) { - GetBlockblock(mk+16); block(w1[0])(w1[1])(w1[2])(w1[3]); } else if (keylen == 24) { - GetBlockblock(mk+16); block(w1[0])(w1[1]); w1[2] = w1[3] = 0; } else @@ -285,13 +282,20 @@ void ARIA::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, b #if CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS if (HasSSSE3()) { - ARIA_ProcessAndXorBlock_Xor_SSSE3(xorBlock, outBlock, rk, t); + ARIA_ProcessAndXorBlock_SSSE3(xorBlock, outBlock, rk, t); return; } else #endif // CRYPTOPP_ENABLE_ARIA_SSSE3_INTRINSICS - -#ifdef CRYPTOPP_LITTLE_ENDIAN +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + { + ARIA_ProcessAndXorBlock_NEON(xorBlock, outBlock, rk, t); + return; + } + else +#endif // CRYPTOPP_ARM_NEON_AVAILABLE +#if (CRYPTOPP_LITTLE_ENDIAN) { outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] ) ^ rk[ 3]; outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8) ^ rk[ 2]; @@ -331,19 +335,9 @@ void ARIA::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, b } #endif // CRYPTOPP_LITTLE_ENDIAN -#if CRYPTOPP_ARM_NEON_AVAILABLE - if (HasNEON()) - { - if (xorBlock != NULLPTR) - ARIA_ProcessAndXorBlock_Xor_NEON(xorBlock, outBlock); - } - else -#endif // CRYPTOPP_ARM_NEON_AVAILABLE - { - if (xorBlock != NULLPTR) - for (unsigned int n=0; n # include #endif @@ -29,10 +29,6 @@ #define M128_CAST(x) ((__m128i *)(void *)(x)) #define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) -// GCC cast warning -#define UINT32_CAST(x) ((uint32_t *)(void *)(x)) -#define CONST_UINT32_CAST(x) ((const uint32_t *)(const void *)(x)) - NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(ARIATab) @@ -45,6 +41,17 @@ extern const word32 KRK[3][4]; NAMESPACE_END NAMESPACE_END +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; + +inline byte ARIA_BRF(const word32 x, const int y) { + return GETBYTE(x, y); +} + +ANONYMOUS_NAMESPACE_END + NAMESPACE_BEGIN(CryptoPP) using CryptoPP::ARIATab::S1; @@ -58,22 +65,23 @@ using CryptoPP::ARIATab::KRK; template inline void ARIA_GSRK_NEON(const uint32x4_t X, const uint32x4_t Y, byte RK[16]) { - static const unsigned int Q1 = (4-(N/32)) % 4; - static const unsigned int Q2 = (3-(N/32)) % 4; - static const unsigned int R = N % 32; + enum { Q1 = (4-(N/32)) % 4, + Q2 = (3-(N/32)) % 4, + R = N % 32 + }; - vst1q_u32(UINT32_CAST(RK), + vst1q_u8(RK, vreinterpretq_u8_u32( veorq_u32(X, veorq_u32( vshrq_n_u32(vextq_u32(Y, Y, Q1), R), - vshlq_n_u32(vextq_u32(Y, Y, Q2), 32-R)))); + vshlq_n_u32(vextq_u32(Y, Y, Q2), 32-R))))); } void ARIA_UncheckedSetKey_Schedule_NEON(byte* rk, word32* ws, unsigned int keylen) { - const uint32x4_t w0 = vld1q_u32(CONST_UINT32_CAST(ws+ 0)); - const uint32x4_t w1 = vld1q_u32(CONST_UINT32_CAST(ws+ 8)); - const uint32x4_t w2 = vld1q_u32(CONST_UINT32_CAST(ws+12)); - const uint32x4_t w3 = vld1q_u32(CONST_UINT32_CAST(ws+16)); + const uint32x4_t w0 = vld1q_u32(ws+ 0); + const uint32x4_t w1 = vld1q_u32(ws+ 8); + const uint32x4_t w2 = vld1q_u32(ws+12); + const uint32x4_t w3 = vld1q_u32(ws+16); ARIA_GSRK_NEON<19>(w0, w1, rk + 0); ARIA_GSRK_NEON<19>(w1, w2, rk + 16); @@ -102,22 +110,49 @@ void ARIA_UncheckedSetKey_Schedule_NEON(byte* rk, word32* ws, unsigned int keyle } } -void ARIA_ProcessAndXorBlock_Xor_NEON(const byte* xorBlock, byte* outBlock) +void ARIA_ProcessAndXorBlock_NEON(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t) { - vst1q_u32(UINT32_CAST(outBlock), veorq_u32( - vld1q_u32(CONST_UINT32_CAST(outBlock)), - vld1q_u32(CONST_UINT32_CAST(xorBlock)))); + outBlock[ 0] = (byte)(X1[ARIA_BRF(t[0],3)] ); + outBlock[ 1] = (byte)(X2[ARIA_BRF(t[0],2)]>>8); + outBlock[ 2] = (byte)(S1[ARIA_BRF(t[0],1)] ); + outBlock[ 3] = (byte)(S2[ARIA_BRF(t[0],0)] ); + outBlock[ 4] = (byte)(X1[ARIA_BRF(t[1],3)] ); + outBlock[ 5] = (byte)(X2[ARIA_BRF(t[1],2)]>>8); + outBlock[ 6] = (byte)(S1[ARIA_BRF(t[1],1)] ); + outBlock[ 7] = (byte)(S2[ARIA_BRF(t[1],0)] ); + outBlock[ 8] = (byte)(X1[ARIA_BRF(t[2],3)] ); + outBlock[ 9] = (byte)(X2[ARIA_BRF(t[2],2)]>>8); + outBlock[10] = (byte)(S1[ARIA_BRF(t[2],1)] ); + outBlock[11] = (byte)(S2[ARIA_BRF(t[2],0)] ); + outBlock[12] = (byte)(X1[ARIA_BRF(t[3],3)] ); + outBlock[13] = (byte)(X2[ARIA_BRF(t[3],2)]>>8); + outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] ); + outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] ); + + // 'outBlock' and 'xorBlock' may be unaligned. + if (xorBlock != NULLPTR) + { + vst1q_u8(outBlock, + veorq_u8( + vld1q_u8(xorBlock), + veorq_u8( + vld1q_u8(outBlock), + vrev32q_u8(vld1q_u8((rk)))))); + } + else + { + vst1q_u8(outBlock, + veorq_u8( + vld1q_u8(outBlock), + vrev32q_u8(vld1q_u8(rk)))); + } } #endif // CRYPTOPP_ARM_NEON_AVAILABLE #if (CRYPTOPP_SSSE3_AVAILABLE) -inline byte ARIA_BRF(const word32 x, const int y) { - return GETBYTE(x, y); -} - -void ARIA_ProcessAndXorBlock_Xor_SSSE3(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t) +void ARIA_ProcessAndXorBlock_SSSE3(const byte* xorBlock, byte* outBlock, const byte *rk, word32 *t) { const __m128i MASK = _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3); @@ -138,18 +173,22 @@ void ARIA_ProcessAndXorBlock_Xor_SSSE3(const byte* xorBlock, byte* outBlock, con outBlock[14] = (byte)(S1[ARIA_BRF(t[3],1)] ); outBlock[15] = (byte)(S2[ARIA_BRF(t[3],0)] ); - // 'outBlock' may be unaligned. - _mm_storeu_si128(M128_CAST(outBlock), - _mm_xor_si128(_mm_loadu_si128(CONST_M128_CAST(outBlock)), - _mm_shuffle_epi8(_mm_load_si128(CONST_M128_CAST(rk)), MASK))); - // 'outBlock' and 'xorBlock' may be unaligned. if (xorBlock != NULLPTR) { _mm_storeu_si128(M128_CAST(outBlock), _mm_xor_si128( - _mm_loadu_si128(CONST_M128_CAST(outBlock)), - _mm_loadu_si128(CONST_M128_CAST(xorBlock)))); + _mm_loadu_si128(CONST_M128_CAST(xorBlock)), + _mm_xor_si128( + _mm_loadu_si128(CONST_M128_CAST(outBlock)), + _mm_shuffle_epi8(_mm_load_si128(CONST_M128_CAST(rk)), MASK))) + ); + } + else + { + _mm_storeu_si128(M128_CAST(outBlock), + _mm_xor_si128(_mm_loadu_si128(CONST_M128_CAST(outBlock)), + _mm_shuffle_epi8(_mm_load_si128(CONST_M128_CAST(rk)), MASK))); } } diff --git a/vendor/cryptopp/vendor_cryptopp/asn.h b/vendor/cryptopp/vendor_cryptopp/asn.h index 30620f5d..2eb6404d 100644 --- a/vendor/cryptopp/vendor_cryptopp/asn.h +++ b/vendor/cryptopp/vendor_cryptopp/asn.h @@ -201,6 +201,10 @@ public: /// void BERDecodeAndCheck(BufferedTransformation &bt) const; + bool Empty() const { + return m_values.empty(); + } + const std::vector& GetValues() const { return m_values; } @@ -413,7 +417,7 @@ public: virtual void DEREncodePublicKey(BufferedTransformation &bt) const =0; }; -/// \brief Encodes and decodesprivateKeyInfo +/// \brief Encodes and Decodes privateKeyInfo class CRYPTOPP_DLL PKCS8PrivateKey : public ASN1CryptoMaterial { public: diff --git a/vendor/cryptopp/vendor_cryptopp/basecode.h b/vendor/cryptopp/vendor_cryptopp/basecode.h index 1bfe68d1..f95e3e26 100644 --- a/vendor/cryptopp/vendor_cryptopp/basecode.h +++ b/vendor/cryptopp/vendor_cryptopp/basecode.h @@ -61,7 +61,7 @@ public: /// \details padding is set to -1, which means use default padding. If not /// required, then the value must be set via IsolatedInitialize(). BaseN_Decoder(BufferedTransformation *attachment=NULLPTR) - : m_lookup(NULLPTR), m_padding(0), m_bitsPerChar(0) + : m_lookup(NULLPTR), m_bitsPerChar(0) , m_outputBlockSize(0), m_bytePos(0), m_bitPos(0) {Detach(attachment);} @@ -74,7 +74,7 @@ public: /// \details padding is set to -1, which means use default padding. If not /// required, then the value must be set via IsolatedInitialize(). BaseN_Decoder(const int *lookup, int log2base, BufferedTransformation *attachment=NULLPTR) - : m_lookup(NULLPTR), m_padding(0), m_bitsPerChar(0) + : m_lookup(NULLPTR), m_bitsPerChar(0) , m_outputBlockSize(0), m_bytePos(0), m_bitPos(0) { Detach(attachment); @@ -98,7 +98,7 @@ public: private: const int *m_lookup; - int m_padding, m_bitsPerChar, m_outputBlockSize; + int m_bitsPerChar, m_outputBlockSize; int m_bytePos, m_bitPos; SecByteBlock m_outBuf; }; diff --git a/vendor/cryptopp/vendor_cryptopp/bench.h b/vendor/cryptopp/vendor_cryptopp/bench.h index 59bfbf2c..34c446ef 100644 --- a/vendor/cryptopp/vendor_cryptopp/bench.h +++ b/vendor/cryptopp/vendor_cryptopp/bench.h @@ -37,7 +37,7 @@ extern const byte defaultKey[]; extern time_t g_testBegin; extern time_t g_testEnd; -// Command handler +// Benchmark command handler void BenchmarkWithCommand(int argc, const char* const argv[]); // Top level, prints preamble and postamble void Benchmark(Test::TestClass suites, double t, double hertz); @@ -48,8 +48,20 @@ void Benchmark2(double t, double hertz); // Public key systems void Benchmark3(double t, double hertz); -void OutputResultBytes(const char *name, double length, double timeTaken); -void OutputResultOperations(const char *name, const char *operation, bool pc, unsigned long iterations, double timeTaken); +// These are defined in bench1.cpp +extern void OutputResultKeying(double iterations, double timeTaken); +extern void OutputResultBytes(const char *name, const char *provider, double length, double timeTaken); +extern void OutputResultOperations(const char *name, const char *provider, const char *operation, bool pc, unsigned long iterations, double timeTaken); + +// These are defined in bench1.cpp +extern void BenchMark(const char *name, BufferedTransformation &bt, double timeTotal); +extern void BenchMark(const char *name, StreamTransformation &cipher, double timeTotal); +extern void BenchMark(const char *name, HashTransformation &ht, double timeTotal); +extern void BenchMark(const char *name, RandomNumberGenerator &rng, double timeTotal); + +// These are defined in bench2.cpp +extern void BenchMarkKeying(SimpleKeyingInterface &c, size_t keyLength, const NameValuePairs ¶ms); +extern void BenchMark(const char *name, AuthenticatedSymmetricCipher &cipher, double timeTotal); NAMESPACE_END // Test NAMESPACE_END // CryptoPP diff --git a/vendor/cryptopp/vendor_cryptopp/bench1.cpp b/vendor/cryptopp/vendor_cryptopp/bench1.cpp index 153428ff..4398fa9f 100644 --- a/vendor/cryptopp/vendor_cryptopp/bench1.cpp +++ b/vendor/cryptopp/vendor_cryptopp/bench1.cpp @@ -5,21 +5,23 @@ #include "bench.h" #include "validate.h" -#include "aes.h" -#include "kalyna.h" -#include "threefish.h" -#include "blumshub.h" -#include "files.h" -#include "filters.h" -#include "hex.h" -#include "modes.h" -#include "factory.h" -#include "smartptr.h" #include "cpu.h" +#include "factory.h" +#include "algparam.h" +#include "argnames.h" +#include "smartptr.h" +#include "stdcpp.h" + +#include "osrng.h" #include "drbg.h" +#include "darn.h" +#include "mersenne.h" #include "rdrand.h" #include "padlkrng.h" -#include "stdcpp.h" + +#include +#include +#include #if CRYPTOPP_MSC_VERSION # pragma warning(disable: 4355) @@ -40,7 +42,7 @@ const double CLOCK_TICKS_PER_SECOND = (double)CLK_TCK; const double CLOCK_TICKS_PER_SECOND = 1000000.0; #endif -const byte defaultKey[] = "0123456789" // 168 + NULL +extern const byte defaultKey[] = "0123456789" // 168 + NULL "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ" "00000000000000000000000000000000000000000000000000000" "00000000000000000000000000000000000000000000000000000"; @@ -49,68 +51,90 @@ double g_allocatedTime = 0.0, g_hertz = 0.0, g_logTotal = 0.0; unsigned int g_logCount = 0; time_t g_testBegin, g_testEnd; -void OutputResultBytes(const char *name, double length, double timeTaken) +inline std::string HertzToString(double hertz) { - // Coverity finding, also see http://stackoverflow.com/a/34509163/608639. - StreamState ss(std::cout); + std::ostringstream oss; + oss.precision(3); + + if (hertz >= 0.999e+9) + oss << hertz / 1e+9 << " GHz"; + else if (hertz >= 0.999e+6) + oss << hertz / 1e+6 << " MHz"; + else if (hertz >= 0.999e+3) + oss << hertz / 1e+3 << " KHz"; + else + oss << hertz << " Hz"; + + return oss.str(); +} + +void OutputResultBytes(const char *name, const char *provider, double length, double timeTaken) +{ + std::ostringstream oss; // Coverity finding if (length < 0.000001f) length = 0.000001f; if (timeTaken < 0.000001f) timeTaken = 0.000001f; double mbs = length / timeTaken / (1024*1024); - std::cout << "\n" << name; - std::cout << std::setiosflags(std::ios::fixed); - std::cout << "" << std::setprecision(0) << std::setiosflags(std::ios::fixed) << mbs; + oss << "\n" << name << "" << provider; + oss << std::setiosflags(std::ios::fixed); + oss << "" << std::setprecision(0) << std::setiosflags(std::ios::fixed) << mbs; if (g_hertz > 1.0f) { const double cpb = timeTaken * g_hertz / length; if (cpb < 24.0f) - std::cout << "" << std::setprecision(2) << std::setiosflags(std::ios::fixed) << cpb; + oss << "" << std::setprecision(2) << std::setiosflags(std::ios::fixed) << cpb; else - std::cout << "" << std::setprecision(1) << std::setiosflags(std::ios::fixed) << cpb; + oss << "" << std::setprecision(1) << std::setiosflags(std::ios::fixed) << cpb; } g_logTotal += log(mbs); g_logCount++; + + std::cout << oss.str(); } void OutputResultKeying(double iterations, double timeTaken) { - // Coverity finding, also see http://stackoverflow.com/a/34509163/608639. - StreamState ss(std::cout); + std::ostringstream oss; // Coverity finding if (iterations < 0.000001f) iterations = 0.000001f; if (timeTaken < 0.000001f) timeTaken = 0.000001f; - std::cout << "" << std::setprecision(3) << std::setiosflags(std::ios::fixed) << (1000*1000*timeTaken/iterations); + oss << "" << std::setprecision(3) << std::setiosflags(std::ios::fixed) << (1000*1000*timeTaken/iterations); // Coverity finding if (g_hertz > 1.0f) - std::cout << "" << std::setprecision(0) << std::setiosflags(std::ios::fixed) << timeTaken * g_hertz / iterations; + oss << "" << std::setprecision(0) << std::setiosflags(std::ios::fixed) << timeTaken * g_hertz / iterations; + + std::cout << oss.str(); } -void OutputResultOperations(const char *name, const char *operation, bool pc, unsigned long iterations, double timeTaken) +void OutputResultOperations(const char *name, const char *provider, const char *operation, bool pc, unsigned long iterations, double timeTaken) { - // Coverity finding, also see http://stackoverflow.com/a/34509163/608639. - StreamState ss(std::cout); + CRYPTOPP_UNUSED(provider); + std::ostringstream oss; // Coverity finding if (!iterations) iterations++; if (timeTaken < 0.000001f) timeTaken = 0.000001f; - std::cout << "\n" << name << " " << operation << (pc ? " with precomputation" : ""); - std::cout << "" << std::setprecision(2) << std::setiosflags(std::ios::fixed) << (1000*timeTaken/iterations); + oss << "\n" << name << " " << operation << (pc ? " with precomputation" : ""); + //oss << "" << provider; + oss << "" << std::setprecision(3) << std::setiosflags(std::ios::fixed) << (1000*timeTaken/iterations); // Coverity finding if (g_hertz > 1.0f) { const double t = timeTaken * g_hertz / iterations / 1000000; - std::cout << "" << std::setprecision(2) << std::setiosflags(std::ios::fixed) << t; + oss << "" << std::setprecision(3) << std::setiosflags(std::ios::fixed) << t; } g_logTotal += log(iterations/timeTaken); g_logCount++; + + std::cout << oss.str(); } /* @@ -158,15 +182,8 @@ void BenchMark(const char *name, StreamTransformation &cipher, double timeTotal) } while (timeTaken < 2.0/3*timeTotal); - OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken); -} - -void BenchMark(const char *name, AuthenticatedSymmetricCipher &cipher, double timeTotal) -{ - if (cipher.NeedsPrespecifiedDataLengths()) - cipher.SpecifyDataLengths(0, cipher.MaxMessageLength(), 0); - - BenchMark(name, static_cast(cipher), timeTotal); + std::string provider = cipher.AlgorithmProvider(); + OutputResultBytes(name, provider.c_str(), double(blocks) * BUF_SIZE, timeTaken); } void BenchMark(const char *name, HashTransformation &ht, double timeTotal) @@ -189,7 +206,8 @@ void BenchMark(const char *name, HashTransformation &ht, double timeTotal) } while (timeTaken < 2.0/3*timeTotal); - OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken); + std::string provider = ht.AlgorithmProvider(); + OutputResultBytes(name, provider.c_str(), double(blocks) * BUF_SIZE, timeTaken); } void BenchMark(const char *name, BufferedTransformation &bt, double timeTotal) @@ -212,7 +230,8 @@ void BenchMark(const char *name, BufferedTransformation &bt, double timeTotal) } while (timeTaken < 2.0/3*timeTotal); - OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken); + std::string provider = bt.AlgorithmProvider(); + OutputResultBytes(name, provider.c_str(), double(blocks) * BUF_SIZE, timeTaken); } void BenchMark(const char *name, RandomNumberGenerator &rng, double timeTotal) @@ -243,7 +262,8 @@ void BenchMark(const char *name, RandomNumberGenerator &rng, double timeTotal) timeTaken = double(::clock() - start) / CLOCK_TICKS_PER_SECOND; } while (timeTaken < timeTotal); - OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken); + std::string provider = rng.AlgorithmProvider(); + OutputResultBytes(name, provider.c_str(), double(blocks) * BUF_SIZE, timeTaken); } // Hack, but we probably need a KeyedRandomNumberGenerator interface @@ -269,56 +289,12 @@ void BenchMark(const char *name, NIST_DRBG &rng, double timeTotal) timeTaken = double(::clock() - start) / CLOCK_TICKS_PER_SECOND; } while (timeTaken < timeTotal); - OutputResultBytes(name, double(blocks) * BUF_SIZE, timeTaken); -} - -void BenchMarkKeying(SimpleKeyingInterface &c, size_t keyLength, const NameValuePairs ¶ms) -{ - unsigned long iterations = 0; - double timeTaken; - - clock_t start = ::clock(); - do - { - for (unsigned int i=0; i<1024; i++) - c.SetKey(defaultKey, keyLength, params); - timeTaken = double(::clock() - start) / CLOCK_TICKS_PER_SECOND; - iterations += 1024; - } - while (timeTaken < g_allocatedTime); - - OutputResultKeying(iterations, timeTaken); -} - -template -void BenchMarkByName2(const char *factoryName, size_t keyLength = 0, const char *displayName=NULLPTR, const NameValuePairs ¶ms = g_nullNameValuePairs) -{ - std::string name(factoryName ? factoryName : ""); - member_ptr obj(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); - - if (!keyLength) - keyLength = obj->DefaultKeyLength(); - - if (displayName) - name = displayName; - else if (keyLength) - name += " (" + IntToString(keyLength * 8) + "-bit key)"; - - const int blockSize = params.GetIntValueWithDefault(Name::BlockSize(), 0); - obj->SetKey(defaultKey, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(defaultKey, blockSize ? blockSize : obj->IVSize()), false))); - BenchMark(name.c_str(), *static_cast(obj.get()), g_allocatedTime); - BenchMarkKeying(*obj, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(defaultKey, blockSize ? blockSize : obj->IVSize()), false))); -} - -template -void BenchMarkByName(const char *factoryName, size_t keyLength = 0, const char *displayName=NULLPTR, const NameValuePairs ¶ms = g_nullNameValuePairs) -{ - CRYPTOPP_UNUSED(params); - BenchMarkByName2(factoryName, keyLength, displayName, params); + std::string provider = rng.AlgorithmProvider(); + OutputResultBytes(name, provider.c_str(), double(blocks) * BUF_SIZE, timeTaken); } template -void BenchMarkByNameKeyLess(const char *factoryName, const char *displayName=NULLPTR, const NameValuePairs ¶ms = g_nullNameValuePairs) +void BenchMarkByNameKeyLess(const char *factoryName, const char *displayName = NULLPTR, const NameValuePairs ¶ms = g_nullNameValuePairs) { CRYPTOPP_UNUSED(params); std::string name = factoryName; @@ -331,34 +307,39 @@ void BenchMarkByNameKeyLess(const char *factoryName, const char *displayName=NUL void AddHtmlHeader() { + std::ostringstream oss; + // HTML5 - std::cout << ""; - std::cout << "\n"; + oss << ""; + oss << "\n"; - std::cout << "\n"; - std::cout << "\n"; - std::cout << "\nSpeed Comparison of Popular Crypto Algorithms"; - std::cout << "\n"; - std::cout << "\n"; + oss << "\n"; + oss << "\n"; + oss << "\nSpeed Comparison of Popular Crypto Algorithms"; + oss << "\n"; + oss << "\n"; - std::cout << "\n"; + oss << "\n"; - std::cout << "\n

Crypto++ " << CRYPTOPP_VERSION / 100; - std::cout << '.' << (CRYPTOPP_VERSION % 100) / 10 << '.' << CRYPTOPP_VERSION % 10 << " Benchmarks

"; + oss << "\n

Crypto++ " << CRYPTOPP_VERSION / 100; + oss << '.' << (CRYPTOPP_VERSION % 100) / 10 << '.' << CRYPTOPP_VERSION % 10 << " Benchmarks

"; - std::cout << "\n

Here are speed benchmarks for some commonly used cryptographic algorithms.

"; + oss << "\n

Here are speed benchmarks for some commonly used cryptographic algorithms.

"; if (g_hertz > 1.0f) - std::cout << "\n

CPU frequency of the test platform is " << g_hertz << " Hz.

"; + oss << "\n

CPU frequency of the test platform is " << HertzToString(g_hertz) << ".

"; else - std::cout << "\n

CPU frequency of the test platform was not provided.

" << std::endl; + oss << "\n

CPU frequency of the test platform was not provided.

" << std::endl; + + std::cout << oss.str(); } void AddHtmlFooter() { - std::cout << "\n"; - std::cout << "\n" << std::endl; + std::ostringstream oss; + oss << "\n\n\n"; + std::cout << oss.str(); } void BenchmarkWithCommand(int argc, const char* const argv[]) @@ -413,15 +394,14 @@ void Benchmark(Test::TestClass suites, double t, double hertz) g_testEnd = ::time(NULLPTR); - { - StreamState state(std::cout); - std::cout << "\n

Throughput Geometric Average: " << std::setiosflags(std::ios::fixed); - std::cout << std::exp(g_logTotal/(g_logCount > 0.0f ? g_logCount : 1.0f)) << std::endl; - } + std::ostringstream oss; + oss << "\n

Throughput Geometric Average: " << std::setiosflags(std::ios::fixed); + oss << std::exp(g_logTotal/(g_logCount > 0.0f ? g_logCount : 1.0f)) << std::endl; - std::cout << "\n

Test started at " << TimeToString(g_testBegin); - std::cout << "\n
Test ended at " << TimeToString(g_testEnd); - std::cout << std::endl; + oss << "\n

Test started at " << TimeToString(g_testBegin); + oss << "\n
Test ended at " << TimeToString(g_testEnd); + oss << "\n"; + std::cout << oss.str(); AddHtmlFooter(); } @@ -433,7 +413,7 @@ void Benchmark1(double t, double hertz) const char *cpb; if (g_hertz > 1.0f) - cpb = "Cycles Per Byte"; + cpb = "Cycles/Byte"; else cpb = ""; @@ -442,7 +422,7 @@ void Benchmark1(double t, double hertz) std::cout << "\n"; std::cout << ""; std::cout << "\n"; - std::cout << "\nAlgorithmMiB/Second" << cpb; + std::cout << "\nAlgorithmProviderMiB/Second" << cpb; std::cout << "\n"; { @@ -463,6 +443,10 @@ void Benchmark1(double t, double hertz) BenchMarkByNameKeyLess("RDRAND"); if (HasRDSEED()) BenchMarkByNameKeyLess("RDSEED"); +#endif +#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) + if (HasDARN()) + BenchMarkByNameKeyLess("DARN"); #endif BenchMarkByNameKeyLess("AES/OFB RNG"); BenchMarkByNameKeyLess("Hash_DRBG(SHA1)"); @@ -502,153 +486,5 @@ void Benchmark1(double t, double hertz) std::cout << "\n" << std::endl; } -void Benchmark2(double t, double hertz) -{ - g_allocatedTime = t; - g_hertz = hertz; - - const char *cpb, *cpk; - if (g_hertz > 1.0f) - { - cpb = "Cycles Per Byte"; - cpk = "Cycles to
Setup Key and IV"; - } - else - { - cpb = cpk = ""; - } - - std::cout << "\n"; - std::cout << "\n"; - std::cout << "\n"; - std::cout << "\n"; - { -#if CRYPTOPP_AESNI_AVAILABLE - if (HasCLMUL()) - BenchMarkByName2("AES/GCM", 0, "GMAC(AES)"); - else -#elif CRYPTOPP_ARM_PMULL_AVAILABLE - if (HasPMULL()) - BenchMarkByName2("AES/GCM", 0, "GMAC(AES)"); - else -#endif - { - BenchMarkByName2("AES/GCM", 0, "GMAC(AES) (2K tables)", MakeParameters(Name::TableSize(), 2048)); - BenchMarkByName2("AES/GCM", 0, "GMAC(AES) (64K tables)", MakeParameters(Name::TableSize(), 64 * 1024)); - } - - BenchMarkByName("VMAC(AES)-64"); - BenchMarkByName("VMAC(AES)-128"); - BenchMarkByName("HMAC(SHA-1)"); - BenchMarkByName("HMAC(SHA-256)"); - BenchMarkByName("Two-Track-MAC"); - BenchMarkByName("CMAC(AES)"); - BenchMarkByName("DMAC(AES)"); - BenchMarkByName("Poly1305(AES)"); - BenchMarkByName("BLAKE2s"); - BenchMarkByName("BLAKE2b"); - BenchMarkByName("SipHash-2-4"); - BenchMarkByName("SipHash-4-8"); - } - - std::cout << "\n"; - { - BenchMarkByName("Panama-LE"); - BenchMarkByName("Panama-BE"); - BenchMarkByName("Salsa20"); - BenchMarkByName("Salsa20", 0, "Salsa20/12", MakeParameters(Name::Rounds(), 12)); - BenchMarkByName("Salsa20", 0, "Salsa20/8", MakeParameters(Name::Rounds(), 8)); - BenchMarkByName("ChaCha20"); - BenchMarkByName("ChaCha12"); - BenchMarkByName("ChaCha8"); - BenchMarkByName("Sosemanuk"); - BenchMarkByName("MARC4"); - BenchMarkByName("SEAL-3.0-LE"); - BenchMarkByName("WAKE-OFB-LE"); - } - - std::cout << "\n"; - { - BenchMarkByName("AES/CTR", 16); - BenchMarkByName("AES/CTR", 24); - BenchMarkByName("AES/CTR", 32); - BenchMarkByName("AES/CBC", 16); - BenchMarkByName("AES/CBC", 24); - BenchMarkByName("AES/CBC", 32); - BenchMarkByName("AES/OFB", 16); - BenchMarkByName("AES/CFB", 16); - BenchMarkByName("AES/ECB", 16); - BenchMarkByName("ARIA/CTR", 16); - BenchMarkByName("ARIA/CTR", 32); - BenchMarkByName("Camellia/CTR", 16); - BenchMarkByName("Camellia/CTR", 32); - BenchMarkByName("Twofish/CTR"); - BenchMarkByName("Threefish-256(256)/CTR", 32); - BenchMarkByName("Threefish-512(512)/CTR", 64); - BenchMarkByName("Threefish-1024(1024)/CTR", 128); - BenchMarkByName("Serpent/CTR"); - BenchMarkByName("CAST-128/CTR"); - BenchMarkByName("CAST-256/CTR"); - BenchMarkByName("RC6/CTR"); - BenchMarkByName("MARS/CTR"); - BenchMarkByName("SHACAL-2/CTR", 16); - BenchMarkByName("SHACAL-2/CTR", 64); - BenchMarkByName("DES/CTR"); - BenchMarkByName("DES-XEX3/CTR"); - BenchMarkByName("DES-EDE3/CTR"); - BenchMarkByName("IDEA/CTR"); - BenchMarkByName("RC5/CTR", 0, "RC5 (r=16)"); - BenchMarkByName("Blowfish/CTR"); - BenchMarkByName("TEA/CTR"); - BenchMarkByName("XTEA/CTR"); - BenchMarkByName("SKIPJACK/CTR"); - BenchMarkByName("SEED/CTR", 0, "SEED/CTR (1/2 K table)"); - BenchMarkByName("SM4/CTR"); - - BenchMarkByName("Kalyna-128/CTR", 16, "Kalyna-128(128)/CTR (128-bit key)"); - BenchMarkByName("Kalyna-128/CTR", 32, "Kalyna-128(256)/CTR (256-bit key)"); - BenchMarkByName("Kalyna-256/CTR", 32, "Kalyna-256(256)/CTR (256-bit key)"); - BenchMarkByName("Kalyna-256/CTR", 64, "Kalyna-256(512)/CTR (512-bit key)"); - BenchMarkByName("Kalyna-512/CTR", 64, "Kalyna-512(512)/CTR (512-bit key)"); - - BenchMarkByName("SIMON-64/CTR", 12, "SIMON-64(96)/CTR (96-bit key)"); - BenchMarkByName("SIMON-64/CTR", 16, "SIMON-64(128)/CTR (128-bit key)"); - BenchMarkByName("SIMON-128/CTR", 16, "SIMON-128(128)/CTR (128-bit key)"); - BenchMarkByName("SIMON-128/CTR", 24, "SIMON-128(192)/CTR (192-bit key)"); - BenchMarkByName("SIMON-128/CTR", 32, "SIMON-128(256)/CTR (256-bit key)"); - - BenchMarkByName("SPECK-64/CTR", 12, "SPECK-64(96)/CTR (96-bit key)"); - BenchMarkByName("SPECK-64/CTR", 16, "SPECK-64(128)/CTR (128-bit key)"); - BenchMarkByName("SPECK-128/CTR", 16, "SPECK-128(128)/CTR (128-bit key)"); - BenchMarkByName("SPECK-128/CTR", 24, "SPECK-128(192)/CTR (192-bit key)"); - BenchMarkByName("SPECK-128/CTR", 32, "SPECK-128(256)/CTR (256-bit key)"); - } - - std::cout << "\n"; - { -#if CRYPTOPP_AESNI_AVAILABLE - if (HasCLMUL()) - BenchMarkByName2("AES/GCM", 0, "AES/GCM"); - else -#elif CRYPTOPP_ARM_PMULL_AVAILABLE - if (HasPMULL()) - BenchMarkByName2("AES/GCM", 0, "AES/GCM"); - else -#endif - { - BenchMarkByName2("AES/GCM", 0, "AES/GCM (2K tables)", MakeParameters(Name::TableSize(), 2048)); - BenchMarkByName2("AES/GCM", 0, "AES/GCM (64K tables)", MakeParameters(Name::TableSize(), 64 * 1024)); - } - BenchMarkByName2("AES/CCM"); - BenchMarkByName2("AES/EAX"); - } - - std::cout << "\n
AlgorithmMiB/Second" << cpb; - std::cout << "Microseconds to
Setup Key and IV" << cpk; - - std::cout << "\n
" << std::endl; -} - NAMESPACE_END // Test NAMESPACE_END // CryptoPP diff --git a/vendor/cryptopp/vendor_cryptopp/bench2.cpp b/vendor/cryptopp/vendor_cryptopp/bench2.cpp index d38391ea..38da6224 100644 --- a/vendor/cryptopp/vendor_cryptopp/bench2.cpp +++ b/vendor/cryptopp/vendor_cryptopp/bench2.cpp @@ -5,33 +5,16 @@ #include "bench.h" #include "validate.h" -#include "pubkey.h" -#include "gfpcrypt.h" -#include "eccrypto.h" -#include "pkcspad.h" - -#include "files.h" -#include "filters.h" -#include "hex.h" -#include "rsa.h" -#include "nr.h" -#include "dsa.h" -#include "luc.h" -#include "rw.h" -#include "ecp.h" -#include "ec2n.h" -#include "asn.h" -#include "dh.h" -#include "mqv.h" -#include "hmqv.h" -#include "fhmqv.h" -#include "xtrcrypt.h" -#include "esign.h" -#include "pssr.h" -#include "oids.h" -#include "randpool.h" +#include "cpu.h" +#include "factory.h" +#include "algparam.h" +#include "argnames.h" +#include "smartptr.h" #include "stdcpp.h" -#include "hrtimer.h" + +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4355) +#endif #if CRYPTOPP_MSC_VERSION # pragma warning(disable: 4505 4355) @@ -40,381 +23,228 @@ NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(Test) -void BenchMarkEncryption(const char *name, PK_Encryptor &key, double timeTotal, bool pc=false) +void BenchMarkKeying(SimpleKeyingInterface &c, size_t keyLength, const NameValuePairs ¶ms) { - unsigned int len = 16; - SecByteBlock plaintext(len), ciphertext(key.CiphertextLength(len)); - Test::GlobalRNG().GenerateBlock(plaintext, len); - - unsigned int i = 0; + unsigned long iterations = 0; double timeTaken; - ThreadUserTimer timer; - timer.StartTimer(); - + clock_t start = ::clock(); do { - key.Encrypt(Test::GlobalRNG(), plaintext, len, ciphertext); - ++i; timeTaken = timer.ElapsedTimeAsDouble(); + for (unsigned int i=0; i<1024; i++) + c.SetKey(defaultKey, keyLength, params); + timeTaken = double(::clock() - start) / CLOCK_TICKS_PER_SECOND; + iterations += 1024; } - while (timeTaken < timeTotal); + while (timeTaken < g_allocatedTime); - OutputResultOperations(name, "Encryption", pc, i, timeTaken); - - if (!pc && key.GetMaterial().SupportsPrecomputation()) - { - key.AccessMaterial().Precompute(16); - BenchMarkEncryption(name, key, timeTotal, true); - } + OutputResultKeying(iterations, timeTaken); } -void BenchMarkDecryption(const char *name, PK_Decryptor &priv, PK_Encryptor &pub, double timeTotal) +void BenchMark(const char *name, AuthenticatedSymmetricCipher &cipher, double timeTotal) { - unsigned int len = 16; - SecByteBlock ciphertext(pub.CiphertextLength(len)); - SecByteBlock plaintext(pub.MaxPlaintextLength(ciphertext.size())); - Test::GlobalRNG().GenerateBlock(plaintext, len); - pub.Encrypt(Test::GlobalRNG(), plaintext, len, ciphertext); + if (cipher.NeedsPrespecifiedDataLengths()) + cipher.SpecifyDataLengths(0, cipher.MaxMessageLength(), 0); - unsigned int i = 0; - double timeTaken; - - ThreadUserTimer timer; - timer.StartTimer(); - - do - { - priv.Decrypt(Test::GlobalRNG(), ciphertext, ciphertext.size(), plaintext); - ++i; timeTaken = timer.ElapsedTimeAsDouble(); - } - while (timeTaken < timeTotal); - - OutputResultOperations(name, "Decryption", false, i, timeTaken); + BenchMark(name, static_cast(cipher), timeTotal); } -void BenchMarkSigning(const char *name, PK_Signer &key, double timeTotal, bool pc=false) +template +void BenchMarkByName2(const char *factoryName, size_t keyLength=0, const char *displayName=NULLPTR, const NameValuePairs ¶ms = g_nullNameValuePairs) { - unsigned int len = 16; - AlignedSecByteBlock message(len), signature(key.SignatureLength()); - Test::GlobalRNG().GenerateBlock(message, len); + std::string name(factoryName ? factoryName : ""); + member_ptr obj(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); - unsigned int i = 0; - double timeTaken; + if (keyLength == 0) + keyLength = obj->DefaultKeyLength(); - ThreadUserTimer timer; - timer.StartTimer(); + if (displayName != NULLPTR) + name = displayName; + else if (keyLength != 0) + name += " (" + IntToString(keyLength * 8) + "-bit key)"; - do - { - (void)key.SignMessage(Test::GlobalRNG(), message, len, signature); - ++i; timeTaken = timer.ElapsedTimeAsDouble(); - } - while (timeTaken < timeTotal); - - OutputResultOperations(name, "Signature", pc, i, timeTaken); - - if (!pc && key.GetMaterial().SupportsPrecomputation()) - { - key.AccessMaterial().Precompute(16); - BenchMarkSigning(name, key, timeTotal, true); - } + obj->SetKey(defaultKey, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(defaultKey, obj->IVSize()), false))); + BenchMark(name.c_str(), *static_cast(obj.get()), g_allocatedTime); + BenchMarkKeying(*obj, keyLength, CombinedNameValuePairs(params, MakeParameters(Name::IV(), ConstByteArrayParameter(defaultKey, obj->IVSize()), false))); } -void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false) +template +void BenchMarkByName(const char *factoryName, size_t keyLength=0, const char *displayName=NULLPTR, const NameValuePairs ¶ms = g_nullNameValuePairs) { - unsigned int len = 16; - AlignedSecByteBlock message(len), signature(pub.SignatureLength()); - Test::GlobalRNG().GenerateBlock(message, len); - priv.SignMessage(Test::GlobalRNG(), message, len, signature); - - unsigned int i = 0; - double timeTaken; - - ThreadUserTimer timer; - timer.StartTimer(); - - do - { - (void)pub.VerifyMessage(message, len, signature, signature.size()); - ++i; timeTaken = timer.ElapsedTimeAsDouble(); - } - while (timeTaken < timeTotal); - - OutputResultOperations(name, "Verification", pc, i, timeTaken); - - if (!pc && pub.GetMaterial().SupportsPrecomputation()) - { - pub.AccessMaterial().Precompute(16); - BenchMarkVerification(name, priv, pub, timeTotal, true); - } + BenchMarkByName2(factoryName, keyLength, displayName, params); } -void BenchMarkKeyGen(const char *name, SimpleKeyAgreementDomain &d, double timeTotal, bool pc=false) -{ - SecByteBlock priv(d.PrivateKeyLength()), pub(d.PublicKeyLength()); - - unsigned int i = 0; - double timeTaken; - - ThreadUserTimer timer; - timer.StartTimer(); - - do - { - d.GenerateKeyPair(Test::GlobalRNG(), priv, pub); - ++i; timeTaken = timer.ElapsedTimeAsDouble(); - } - while (timeTaken < timeTotal); - - OutputResultOperations(name, "Key-Pair Generation", pc, i, timeTaken); - - if (!pc && d.GetMaterial().SupportsPrecomputation()) - { - d.AccessMaterial().Precompute(16); - BenchMarkKeyGen(name, d, timeTotal, true); - } -} - -void BenchMarkKeyGen(const char *name, AuthenticatedKeyAgreementDomain &d, double timeTotal, bool pc=false) -{ - SecByteBlock priv(d.EphemeralPrivateKeyLength()), pub(d.EphemeralPublicKeyLength()); - - unsigned int i = 0; - double timeTaken; - - ThreadUserTimer timer; - timer.StartTimer(); - - do - { - d.GenerateEphemeralKeyPair(Test::GlobalRNG(), priv, pub); - ++i; timeTaken = timer.ElapsedTimeAsDouble(); - } - while (timeTaken < timeTotal); - - OutputResultOperations(name, "Key-Pair Generation", pc, i, timeTaken); - - if (!pc && d.GetMaterial().SupportsPrecomputation()) - { - d.AccessMaterial().Precompute(16); - BenchMarkKeyGen(name, d, timeTotal, true); - } -} - -void BenchMarkAgreement(const char *name, SimpleKeyAgreementDomain &d, double timeTotal, bool pc=false) -{ - SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength()); - SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength()); - d.GenerateKeyPair(Test::GlobalRNG(), priv1, pub1); - d.GenerateKeyPair(Test::GlobalRNG(), priv2, pub2); - SecByteBlock val(d.AgreedValueLength()); - - unsigned int i = 0; - double timeTaken; - - ThreadUserTimer timer; - timer.StartTimer(); - - do - { - d.Agree(val, priv1, pub2); - d.Agree(val, priv2, pub1); - i+=2; timeTaken = timer.ElapsedTimeAsDouble(); - } - while (timeTaken < timeTotal); - - OutputResultOperations(name, "Key Agreement", pc, i, timeTaken); -} - -void BenchMarkAgreement(const char *name, AuthenticatedKeyAgreementDomain &d, double timeTotal, bool pc=false) -{ - SecByteBlock spriv1(d.StaticPrivateKeyLength()), spriv2(d.StaticPrivateKeyLength()); - SecByteBlock epriv1(d.EphemeralPrivateKeyLength()), epriv2(d.EphemeralPrivateKeyLength()); - SecByteBlock spub1(d.StaticPublicKeyLength()), spub2(d.StaticPublicKeyLength()); - SecByteBlock epub1(d.EphemeralPublicKeyLength()), epub2(d.EphemeralPublicKeyLength()); - d.GenerateStaticKeyPair(Test::GlobalRNG(), spriv1, spub1); - d.GenerateStaticKeyPair(Test::GlobalRNG(), spriv2, spub2); - d.GenerateEphemeralKeyPair(Test::GlobalRNG(), epriv1, epub1); - d.GenerateEphemeralKeyPair(Test::GlobalRNG(), epriv2, epub2); - SecByteBlock val(d.AgreedValueLength()); - - unsigned int i = 0; - double timeTaken; - - ThreadUserTimer timer; - timer.StartTimer(); - - do - { - d.Agree(val, spriv1, epriv1, spub2, epub2); - d.Agree(val, spriv2, epriv2, spub1, epub1); - i+=2; timeTaken = timer.ElapsedTimeAsDouble(); - } - while (timeTaken < timeTotal); - - OutputResultOperations(name, "Key Agreement", pc, i, timeTaken); -} - -template -void BenchMarkCrypto(const char *filename, const char *name, double timeTotal) -{ - FileSource f(filename, true, new HexDecoder); - typename SCHEME::Decryptor priv(f); - typename SCHEME::Encryptor pub(priv); - BenchMarkEncryption(name, pub, timeTotal); - BenchMarkDecryption(name, priv, pub, timeTotal); -} - -template -void BenchMarkSignature(const char *filename, const char *name, double timeTotal) -{ - FileSource f(filename, true, new HexDecoder); - typename SCHEME::Signer priv(f); - typename SCHEME::Verifier pub(priv); - BenchMarkSigning(name, priv, timeTotal); - BenchMarkVerification(name, priv, pub, timeTotal); -} - -template -void BenchMarkKeyAgreement(const char *filename, const char *name, double timeTotal) -{ - FileSource f(filename, true, new HexDecoder); - D d(f); - BenchMarkKeyGen(name, d, timeTotal); - BenchMarkAgreement(name, d, timeTotal); -} - -void Benchmark3(double t, double hertz) +void Benchmark2(double t, double hertz) { g_allocatedTime = t; g_hertz = hertz; - const char *mco; + const char *cpb, *cpk; if (g_hertz > 1.0f) - mco = "Megacycles/Operation"; + { + cpb = "Cycles/Byte"; + cpk = "Cycles to
Setup Key and IV"; + } else - mco = ""; + { + cpb = cpk = ""; + } std::cout << "\n"; - std::cout << "\n"; + std::cout << "\n"; std::cout << "\n"; - std::cout << "\n"; { - BenchMarkCrypto > >(CRYPTOPP_DATA_DIR "TestData/rsa1024.dat", "RSA 1024", t); - BenchMarkCrypto > >(CRYPTOPP_DATA_DIR "TestData/luc1024.dat", "LUC 1024", t); - BenchMarkCrypto >(CRYPTOPP_DATA_DIR "TestData/dlie1024.dat", "DLIES 1024", t); - BenchMarkCrypto >(CRYPTOPP_DATA_DIR "TestData/lucc512.dat", "LUCELG 512", t); - } - - std::cout << "\n"; - { - BenchMarkCrypto > >(CRYPTOPP_DATA_DIR "TestData/rsa2048.dat", "RSA 2048", t); - BenchMarkCrypto > >(CRYPTOPP_DATA_DIR "TestData/luc2048.dat", "LUC 2048", t); - BenchMarkCrypto >(CRYPTOPP_DATA_DIR "TestData/dlie2048.dat", "DLIES 2048", t); - BenchMarkCrypto >(CRYPTOPP_DATA_DIR "TestData/lucc1024.dat", "LUCELG 1024", t); - } - - std::cout << "\n"; - { - BenchMarkSignature >(CRYPTOPP_DATA_DIR "TestData/rsa1024.dat", "RSA 1024", t); - BenchMarkSignature >(CRYPTOPP_DATA_DIR "TestData/rw1024.dat", "RW 1024", t); - BenchMarkSignature >(CRYPTOPP_DATA_DIR "TestData/luc1024.dat", "LUC 1024", t); - BenchMarkSignature >(CRYPTOPP_DATA_DIR "TestData/nr1024.dat", "NR 1024", t); - BenchMarkSignature(CRYPTOPP_DATA_DIR "TestData/dsa1024.dat", "DSA 1024", t); - BenchMarkSignature >(CRYPTOPP_DATA_DIR "TestData/lucs512.dat", "LUC-HMP 512", t); - BenchMarkSignature >(CRYPTOPP_DATA_DIR "TestData/esig1023.dat", "ESIGN 1023", t); - BenchMarkSignature >(CRYPTOPP_DATA_DIR "TestData/esig1536.dat", "ESIGN 1536", t); - } - - std::cout << "\n"; - { - BenchMarkSignature >(CRYPTOPP_DATA_DIR "TestData/rsa2048.dat", "RSA 2048", t); - BenchMarkSignature >(CRYPTOPP_DATA_DIR "TestData/rw2048.dat", "RW 2048", t); - BenchMarkSignature >(CRYPTOPP_DATA_DIR "TestData/luc2048.dat", "LUC 2048", t); - BenchMarkSignature >(CRYPTOPP_DATA_DIR "TestData/nr2048.dat", "NR 2048", t); - BenchMarkSignature >(CRYPTOPP_DATA_DIR "TestData/lucs1024.dat", "LUC-HMP 1024", t); - BenchMarkSignature >(CRYPTOPP_DATA_DIR "TestData/esig2046.dat", "ESIGN 2046", t); - } - - std::cout << "\n"; - { - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/xtrdh171.dat", "XTR-DH 171", t); - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/xtrdh342.dat", "XTR-DH 342", t); - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/dh1024.dat", "DH 1024", t); - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/dh2048.dat", "DH 2048", t); - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/lucd512.dat", "LUCDIF 512", t); - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/lucd1024.dat", "LUCDIF 1024", t); - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/mqv1024.dat", "MQV 1024", t); - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/mqv2048.dat", "MQV 2048", t); - -#if 0 - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/hmqv160.dat", "HMQV P-160", t); - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/hmqv256.dat", "HMQV P-256", t); - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/hmqv384.dat", "HMQV P-384", t); - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/hmqv512.dat", "HMQV P-512", t); - - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/fhmqv160.dat", "FHMQV P-160", t); - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/fhmqv256.dat", "FHMQV P-256", t); - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/fhmqv384.dat", "FHMQV P-384", t); - BenchMarkKeyAgreement(CRYPTOPP_DATA_DIR "TestData/fhmqv512.dat", "FHMQV P-512", t); +#if CRYPTOPP_AESNI_AVAILABLE + if (HasCLMUL()) + BenchMarkByName2("AES/GCM", 0, "GMAC(AES)"); + else +#elif CRYPTOPP_ARM_PMULL_AVAILABLE + if (HasPMULL()) + BenchMarkByName2("AES/GCM", 0, "GMAC(AES)"); + else +#elif CRYPTOPP_POWER8_VMULL_AVAILABLE + if (HasPMULL()) + BenchMarkByName2("AES/GCM", 0, "GMAC(AES)"); + else #endif + { + BenchMarkByName2("AES/GCM", 0, "GMAC(AES) (2K tables)", MakeParameters(Name::TableSize(), 2048)); + BenchMarkByName2("AES/GCM", 0, "GMAC(AES) (64K tables)", MakeParameters(Name::TableSize(), 64 * 1024)); + } + + BenchMarkByName("VMAC(AES)-64"); + BenchMarkByName("VMAC(AES)-128"); + BenchMarkByName("HMAC(SHA-1)"); + BenchMarkByName("HMAC(SHA-256)"); + BenchMarkByName("Two-Track-MAC"); + BenchMarkByName("CMAC(AES)"); + BenchMarkByName("DMAC(AES)"); + BenchMarkByName("Poly1305(AES)"); + BenchMarkByName("BLAKE2s"); + BenchMarkByName("BLAKE2b"); + BenchMarkByName("SipHash-2-4"); + BenchMarkByName("SipHash-4-8"); } std::cout << "\n"; { - ECIES::Decryptor cpriv(Test::GlobalRNG(), ASN1::secp256k1()); - ECIES::Encryptor cpub(cpriv); - ECDSA::Signer spriv(cpriv); - ECDSA::Verifier spub(spriv); - ECDSA_RFC6979::Signer spriv2(cpriv); - ECDSA_RFC6979::Verifier spub2(spriv); - ECGDSA::Signer spriv3(Test::GlobalRNG(), ASN1::secp256k1()); - ECGDSA::Verifier spub3(spriv3); - ECDH::Domain ecdhc(ASN1::secp256k1()); - ECMQV::Domain ecmqvc(ASN1::secp256k1()); - - BenchMarkEncryption("ECIES over GF(p) 256", cpub, t); - BenchMarkDecryption("ECIES over GF(p) 256", cpriv, cpub, t); - BenchMarkSigning("ECDSA over GF(p) 256", spriv, t); - BenchMarkVerification("ECDSA over GF(p) 256", spriv, spub, t); - BenchMarkSigning("ECDSA-RFC6979 over GF(p) 256", spriv2, t); - BenchMarkVerification("ECDSA-RFC6979 over GF(p) 256", spriv2, spub2, t); - BenchMarkSigning("ECGDSA over GF(p) 256", spriv3, t); - BenchMarkVerification("ECGDSA over GF(p) 256", spriv3, spub3, t); - BenchMarkKeyGen("ECDHC over GF(p) 256", ecdhc, t); - BenchMarkAgreement("ECDHC over GF(p) 256", ecdhc, t); - BenchMarkKeyGen("ECMQVC over GF(p) 256", ecmqvc, t); - BenchMarkAgreement("ECMQVC over GF(p) 256", ecmqvc, t); + BenchMarkByName("Panama-LE"); + BenchMarkByName("Panama-BE"); + BenchMarkByName("Salsa20", 0, "Salsa20"); + BenchMarkByName("Salsa20", 0, "Salsa20/12", MakeParameters(Name::Rounds(), 12)); + BenchMarkByName("Salsa20", 0, "Salsa20/8", MakeParameters(Name::Rounds(), 8)); + BenchMarkByName("ChaCha", 0, "ChaCha20"); + BenchMarkByName("ChaCha", 0, "ChaCha12", MakeParameters(Name::Rounds(), 12)); + BenchMarkByName("ChaCha", 0, "ChaCha8", MakeParameters(Name::Rounds(), 8)); + BenchMarkByName("Sosemanuk"); + BenchMarkByName("Rabbit"); + BenchMarkByName("RabbitWithIV"); + BenchMarkByName("HC-128"); + BenchMarkByName("HC-256"); + BenchMarkByName("MARC4"); + BenchMarkByName("SEAL-3.0-LE"); + BenchMarkByName("WAKE-OFB-LE"); } std::cout << "\n"; { - ECIES::Decryptor cpriv(Test::GlobalRNG(), ASN1::sect233r1()); - ECIES::Encryptor cpub(cpriv); - ECDSA::Signer spriv(cpriv); - ECDSA::Verifier spub(spriv); - ECDSA_RFC6979::Signer spriv2(cpriv); - ECDSA_RFC6979::Verifier spub2(spriv); - ECGDSA::Signer spriv3(Test::GlobalRNG(), ASN1::sect233r1()); - ECGDSA::Verifier spub3(spriv3); - ECDH::Domain ecdhc(ASN1::sect233r1()); - ECMQV::Domain ecmqvc(ASN1::sect233r1()); + BenchMarkByName("AES/CTR", 16); + BenchMarkByName("AES/CTR", 24); + BenchMarkByName("AES/CTR", 32); + BenchMarkByName("AES/CBC", 16); + BenchMarkByName("AES/CBC", 24); + BenchMarkByName("AES/CBC", 32); + BenchMarkByName("AES/OFB", 16); + BenchMarkByName("AES/CFB", 16); + BenchMarkByName("AES/ECB", 16); + BenchMarkByName("ARIA/CTR", 16); + BenchMarkByName("ARIA/CTR", 32); + BenchMarkByName("HIGHT/CTR"); + BenchMarkByName("Camellia/CTR", 16); + BenchMarkByName("Camellia/CTR", 32); + BenchMarkByName("Twofish/CTR"); + BenchMarkByName("Threefish-256(256)/CTR", 32); + BenchMarkByName("Threefish-512(512)/CTR", 64); + BenchMarkByName("Threefish-1024(1024)/CTR", 128); + BenchMarkByName("Serpent/CTR"); + BenchMarkByName("CAST-128/CTR"); + BenchMarkByName("CAST-256/CTR", 32); + BenchMarkByName("RC6/CTR"); + BenchMarkByName("MARS/CTR"); + BenchMarkByName("SHACAL-2/CTR", 16); + BenchMarkByName("SHACAL-2/CTR", 64); + BenchMarkByName("DES/CTR"); + BenchMarkByName("DES-XEX3/CTR"); + BenchMarkByName("DES-EDE3/CTR"); + BenchMarkByName("IDEA/CTR"); + BenchMarkByName("RC5/CTR", 0, "RC5 (r=16)"); + BenchMarkByName("Blowfish/CTR"); + BenchMarkByName("SKIPJACK/CTR"); + BenchMarkByName("SEED/CTR", 0, "SEED/CTR (1/2 K table)"); + BenchMarkByName("SM4/CTR"); - BenchMarkEncryption("ECIES over GF(2^n) 233", cpub, t); - BenchMarkDecryption("ECIES over GF(2^n) 233", cpriv, cpub, t); - BenchMarkSigning("ECDSA over GF(2^n) 233", spriv, t); - BenchMarkVerification("ECDSA over GF(2^n) 233", spriv, spub, t); - BenchMarkSigning("ECDSA-RFC6979 over GF(2^n) 233", spriv2, t); - BenchMarkVerification("ECDSA-RFC6979 over GF(2^n) 233", spriv2, spub2, t); - BenchMarkSigning("ECGDSA over GF(2^n) 233", spriv3, t); - BenchMarkVerification("ECGDSA over GF(2^n) 233", spriv3, spub3, t); - BenchMarkKeyGen("ECDHC over GF(2^n) 233", ecdhc, t); - BenchMarkAgreement("ECDHC over GF(2^n) 233", ecdhc, t); - BenchMarkKeyGen("ECMQVC over GF(2^n) 233", ecmqvc, t); - BenchMarkAgreement("ECMQVC over GF(2^n) 233", ecmqvc, t); + BenchMarkByName("Kalyna-128/CTR", 16, "Kalyna-128(128)/CTR (128-bit key)"); + BenchMarkByName("Kalyna-128/CTR", 32, "Kalyna-128(256)/CTR (256-bit key)"); + BenchMarkByName("Kalyna-256/CTR", 32, "Kalyna-256(256)/CTR (256-bit key)"); + BenchMarkByName("Kalyna-256/CTR", 64, "Kalyna-256(512)/CTR (512-bit key)"); + BenchMarkByName("Kalyna-512/CTR", 64, "Kalyna-512(512)/CTR (512-bit key)"); + } + + std::cout << "\n"; + { + BenchMarkByName("CHAM-64/CTR", 16, "CHAM-64(128)/CTR (128-bit key)"); + BenchMarkByName("CHAM-128/CTR", 16, "CHAM-128(128)/CTR (128-bit key)"); + BenchMarkByName("CHAM-128/CTR", 32, "CHAM-128(256)/CTR (256-bit key)"); + + BenchMarkByName("LEA-128/CTR", 16, "LEA-128(128)/CTR (128-bit key)"); + BenchMarkByName("LEA-128/CTR", 24, "LEA-128(192)/CTR (192-bit key)"); + BenchMarkByName("LEA-128/CTR", 32, "LEA-128(256)/CTR (256-bit key)"); + + BenchMarkByName("SIMECK-32/CTR", 8, "SIMECK-32(64)/CTR (64-bit key)"); + BenchMarkByName("SIMECK-64/CTR", 16, "SIMECK-64(128)/CTR (128-bit key)"); + + BenchMarkByName("SIMON-64/CTR", 12, "SIMON-64(96)/CTR (96-bit key)"); + BenchMarkByName("SIMON-64/CTR", 16, "SIMON-64(128)/CTR (128-bit key)"); + BenchMarkByName("SIMON-128/CTR", 16, "SIMON-128(128)/CTR (128-bit key)"); + BenchMarkByName("SIMON-128/CTR", 24, "SIMON-128(192)/CTR (192-bit key)"); + BenchMarkByName("SIMON-128/CTR", 32, "SIMON-128(256)/CTR (256-bit key)"); + + BenchMarkByName("SPECK-64/CTR", 12, "SPECK-64(96)/CTR (96-bit key)"); + BenchMarkByName("SPECK-64/CTR", 16, "SPECK-64(128)/CTR (128-bit key)"); + BenchMarkByName("SPECK-128/CTR", 16, "SPECK-128(128)/CTR (128-bit key)"); + BenchMarkByName("SPECK-128/CTR", 24, "SPECK-128(192)/CTR (192-bit key)"); + BenchMarkByName("SPECK-128/CTR", 32, "SPECK-128(256)/CTR (256-bit key)"); + + BenchMarkByName("TEA/CTR"); + BenchMarkByName("XTEA/CTR"); + } + + std::cout << "\n"; + { +#if CRYPTOPP_AESNI_AVAILABLE + if (HasCLMUL()) + BenchMarkByName2("AES/GCM", 0, "AES/GCM"); + else +#elif CRYPTOPP_ARM_PMULL_AVAILABLE + if (HasPMULL()) + BenchMarkByName2("AES/GCM", 0, "AES/GCM"); + else +#elif CRYPTOPP_POWER8_VMULL_AVAILABLE + if (HasPMULL()) + BenchMarkByName2("AES/GCM", 0, "AES/GCM"); + else +#endif + { + BenchMarkByName2("AES/GCM", 0, "AES/GCM (2K tables)", MakeParameters(Name::TableSize(), 2048)); + BenchMarkByName2("AES/GCM", 0, "AES/GCM (64K tables)", MakeParameters(Name::TableSize(), 64 * 1024)); + } + BenchMarkByName2("AES/CCM"); + BenchMarkByName2("AES/EAX"); } std::cout << "\n
OperationMilliseconds/Operation" << mco; + std::cout << "\n
AlgorithmProviderMiB/Second" << cpb; + std::cout << "Microseconds to
Setup Key and IV" << cpk; std::cout << "\n
" << std::endl; diff --git a/vendor/cryptopp/vendor_cryptopp/bench3.cpp b/vendor/cryptopp/vendor_cryptopp/bench3.cpp new file mode 100644 index 00000000..00c62eab --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/bench3.cpp @@ -0,0 +1,452 @@ +// bench3.cpp - originally written and placed in the public domain by Wei Dai +// CryptoPP::Test namespace added by JW in February 2017 + +#include "cryptlib.h" +#include "bench.h" +#include "validate.h" + +#include "cpu.h" +#include "factory.h" +#include "algparam.h" +#include "argnames.h" +#include "smartptr.h" +#include "stdcpp.h" + +#include "pubkey.h" +#include "gfpcrypt.h" +#include "eccrypto.h" +#include "pkcspad.h" + +#include "files.h" +#include "filters.h" +#include "hex.h" +#include "rsa.h" +#include "nr.h" +#include "dsa.h" +#include "luc.h" +#include "rw.h" +#include "ecp.h" +#include "ec2n.h" +#include "asn.h" +#include "dh.h" +#include "mqv.h" +#include "hmqv.h" +#include "fhmqv.h" +#include "xed25519.h" +#include "xtrcrypt.h" +#include "esign.h" +#include "pssr.h" +#include "oids.h" +#include "randpool.h" +#include "stdcpp.h" +#include "hrtimer.h" + +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) +#endif + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Test) + +void BenchMarkEncryption(const char *name, PK_Encryptor &key, double timeTotal, bool pc = false) +{ + unsigned int len = 16; + SecByteBlock plaintext(len), ciphertext(key.CiphertextLength(len)); + Test::GlobalRNG().GenerateBlock(plaintext, len); + + unsigned int i = 0; + double timeTaken; + + ThreadUserTimer timer; + timer.StartTimer(); + + do + { + key.Encrypt(Test::GlobalRNG(), plaintext, len, ciphertext); + ++i; timeTaken = timer.ElapsedTimeAsDouble(); + } + while (timeTaken < timeTotal); + + std::string provider = key.AlgorithmProvider(); + OutputResultOperations(name, provider.c_str(), "Encryption", pc, i, timeTaken); + + if (!pc && key.GetMaterial().SupportsPrecomputation()) + { + key.AccessMaterial().Precompute(16); + BenchMarkEncryption(name, key, timeTotal, true); + } +} + +void BenchMarkDecryption(const char *name, PK_Decryptor &priv, PK_Encryptor &pub, double timeTotal) +{ + unsigned int len = 16; + SecByteBlock ciphertext(pub.CiphertextLength(len)); + SecByteBlock plaintext(pub.MaxPlaintextLength(ciphertext.size())); + Test::GlobalRNG().GenerateBlock(plaintext, len); + pub.Encrypt(Test::GlobalRNG(), plaintext, len, ciphertext); + + unsigned int i = 0; + double timeTaken; + + ThreadUserTimer timer; + timer.StartTimer(); + + do + { + priv.Decrypt(Test::GlobalRNG(), ciphertext, ciphertext.size(), plaintext); + ++i; timeTaken = timer.ElapsedTimeAsDouble(); + } + while (timeTaken < timeTotal); + + std::string provider = priv.AlgorithmProvider(); + OutputResultOperations(name, provider.c_str(), "Decryption", false, i, timeTaken); +} + +void BenchMarkSigning(const char *name, PK_Signer &key, double timeTotal, bool pc=false) +{ + unsigned int len = 16; + AlignedSecByteBlock message(len), signature(key.SignatureLength()); + Test::GlobalRNG().GenerateBlock(message, len); + + unsigned int i = 0; + double timeTaken; + + ThreadUserTimer timer; + timer.StartTimer(); + + do + { + (void)key.SignMessage(Test::GlobalRNG(), message, len, signature); + ++i; timeTaken = timer.ElapsedTimeAsDouble(); + } + while (timeTaken < timeTotal); + + std::string provider = key.AlgorithmProvider(); + OutputResultOperations(name, provider.c_str(), "Signature", pc, i, timeTaken); + + if (!pc && key.GetMaterial().SupportsPrecomputation()) + { + key.AccessMaterial().Precompute(16); + BenchMarkSigning(name, key, timeTotal, true); + } +} + +void BenchMarkVerification(const char *name, const PK_Signer &priv, PK_Verifier &pub, double timeTotal, bool pc=false) +{ + unsigned int len = 16; + AlignedSecByteBlock message(len), signature(pub.SignatureLength()); + Test::GlobalRNG().GenerateBlock(message, len); + priv.SignMessage(Test::GlobalRNG(), message, len, signature); + + unsigned int i = 0; + double timeTaken; + + ThreadUserTimer timer; + timer.StartTimer(); + + do + { + (void)pub.VerifyMessage(message, len, signature, signature.size()); + ++i; timeTaken = timer.ElapsedTimeAsDouble(); + } + while (timeTaken < timeTotal); + + std::string provider = pub.AlgorithmProvider(); + OutputResultOperations(name, provider.c_str(), "Verification", pc, i, timeTaken); + + if (!pc && pub.GetMaterial().SupportsPrecomputation()) + { + pub.AccessMaterial().Precompute(16); + BenchMarkVerification(name, priv, pub, timeTotal, true); + } +} + +void BenchMarkKeyGen(const char *name, SimpleKeyAgreementDomain &d, double timeTotal, bool pc=false) +{ + SecByteBlock priv(d.PrivateKeyLength()), pub(d.PublicKeyLength()); + + unsigned int i = 0; + double timeTaken; + + ThreadUserTimer timer; + timer.StartTimer(); + + do + { + d.GenerateKeyPair(Test::GlobalRNG(), priv, pub); + ++i; timeTaken = timer.ElapsedTimeAsDouble(); + } + while (timeTaken < timeTotal); + + std::string provider = d.AlgorithmProvider(); + OutputResultOperations(name, provider.c_str(), "Key-Pair Generation", pc, i, timeTaken); + + if (!pc && d.GetMaterial().SupportsPrecomputation()) + { + d.AccessMaterial().Precompute(16); + BenchMarkKeyGen(name, d, timeTotal, true); + } +} + +void BenchMarkKeyGen(const char *name, AuthenticatedKeyAgreementDomain &d, double timeTotal, bool pc=false) +{ + SecByteBlock priv(d.EphemeralPrivateKeyLength()), pub(d.EphemeralPublicKeyLength()); + + unsigned int i = 0; + double timeTaken; + + ThreadUserTimer timer; + timer.StartTimer(); + + do + { + d.GenerateEphemeralKeyPair(Test::GlobalRNG(), priv, pub); + ++i; timeTaken = timer.ElapsedTimeAsDouble(); + } + while (timeTaken < timeTotal); + + std::string provider = d.AlgorithmProvider(); + OutputResultOperations(name, provider.c_str(), "Key-Pair Generation", pc, i, timeTaken); + + if (!pc && d.GetMaterial().SupportsPrecomputation()) + { + d.AccessMaterial().Precompute(16); + BenchMarkKeyGen(name, d, timeTotal, true); + } +} + +void BenchMarkAgreement(const char *name, SimpleKeyAgreementDomain &d, double timeTotal, bool pc=false) +{ + SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength()); + SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength()); + d.GenerateKeyPair(Test::GlobalRNG(), priv1, pub1); + d.GenerateKeyPair(Test::GlobalRNG(), priv2, pub2); + SecByteBlock val(d.AgreedValueLength()); + + unsigned int i = 0; + double timeTaken; + + ThreadUserTimer timer; + timer.StartTimer(); + + do + { + d.Agree(val, priv1, pub2); + d.Agree(val, priv2, pub1); + i+=2; timeTaken = timer.ElapsedTimeAsDouble(); + } + while (timeTaken < timeTotal); + + std::string provider = d.AlgorithmProvider(); + OutputResultOperations(name, provider.c_str(), "Key Agreement", pc, i, timeTaken); +} + +void BenchMarkAgreement(const char *name, AuthenticatedKeyAgreementDomain &d, double timeTotal, bool pc=false) +{ + SecByteBlock spriv1(d.StaticPrivateKeyLength()), spriv2(d.StaticPrivateKeyLength()); + SecByteBlock epriv1(d.EphemeralPrivateKeyLength()), epriv2(d.EphemeralPrivateKeyLength()); + SecByteBlock spub1(d.StaticPublicKeyLength()), spub2(d.StaticPublicKeyLength()); + SecByteBlock epub1(d.EphemeralPublicKeyLength()), epub2(d.EphemeralPublicKeyLength()); + d.GenerateStaticKeyPair(Test::GlobalRNG(), spriv1, spub1); + d.GenerateStaticKeyPair(Test::GlobalRNG(), spriv2, spub2); + d.GenerateEphemeralKeyPair(Test::GlobalRNG(), epriv1, epub1); + d.GenerateEphemeralKeyPair(Test::GlobalRNG(), epriv2, epub2); + SecByteBlock val(d.AgreedValueLength()); + + unsigned int i = 0; + double timeTaken; + + ThreadUserTimer timer; + timer.StartTimer(); + + do + { + d.Agree(val, spriv1, epriv1, spub2, epub2); + d.Agree(val, spriv2, epriv2, spub1, epub1); + i+=2; timeTaken = timer.ElapsedTimeAsDouble(); + } + while (timeTaken < timeTotal); + + std::string provider = d.AlgorithmProvider(); + OutputResultOperations(name, provider.c_str(), "Key Agreement", pc, i, timeTaken); +} + +template +void BenchMarkCrypto(const char *filename, const char *name, double timeTotal) +{ + FileSource f(DataDir(filename).c_str(), true, new HexDecoder); + typename SCHEME::Decryptor priv(f); + typename SCHEME::Encryptor pub(priv); + BenchMarkEncryption(name, pub, timeTotal); + BenchMarkDecryption(name, priv, pub, timeTotal); +} + +template +void BenchMarkSignature(const char *filename, const char *name, double timeTotal) +{ + FileSource f(DataDir(filename).c_str(), true, new HexDecoder); + typename SCHEME::Signer priv(f); + typename SCHEME::Verifier pub(priv); + BenchMarkSigning(name, priv, timeTotal); + BenchMarkVerification(name, priv, pub, timeTotal); +} + +template +void BenchMarkKeyAgreement(const char *filename, const char *name, double timeTotal) +{ + FileSource f(DataDir(filename).c_str(), true, new HexDecoder); + D d(f); + BenchMarkKeyGen(name, d, timeTotal); + BenchMarkAgreement(name, d, timeTotal); +} + +void Benchmark3(double t, double hertz) +{ + g_allocatedTime = t; + g_hertz = hertz; + + const char *mco; + if (g_hertz > 1.0f) + mco = "Megacycles/Operation"; + else + mco = ""; + + std::cout << "\n"; + std::cout << "\n"; + std::cout << "\n"; + std::cout << "\n"; + { + BenchMarkCrypto > >("TestData/rsa1024.dat", "RSA 1024", t); + BenchMarkCrypto > >("TestData/luc1024.dat", "LUC 1024", t); + BenchMarkCrypto >("TestData/dlie1024.dat", "DLIES 1024", t); + BenchMarkCrypto >("TestData/lucc512.dat", "LUCELG 512", t); + } + + std::cout << "\n"; + { + BenchMarkCrypto > >("TestData/rsa2048.dat", "RSA 2048", t); + BenchMarkCrypto > >("TestData/luc2048.dat", "LUC 2048", t); + BenchMarkCrypto >("TestData/dlie2048.dat", "DLIES 2048", t); + BenchMarkCrypto >("TestData/lucc1024.dat", "LUCELG 1024", t); + } + + std::cout << "\n"; + { + BenchMarkSignature >("TestData/rsa1024.dat", "RSA 1024", t); + BenchMarkSignature >("TestData/rw1024.dat", "RW 1024", t); + BenchMarkSignature >("TestData/luc1024.dat", "LUC 1024", t); + BenchMarkSignature >("TestData/nr1024.dat", "NR 1024", t); + BenchMarkSignature("TestData/dsa1024.dat", "DSA 1024", t); + BenchMarkSignature >("TestData/lucs512.dat", "LUC-HMP 512", t); + BenchMarkSignature >("TestData/esig1023.dat", "ESIGN 1023", t); + BenchMarkSignature >("TestData/esig1536.dat", "ESIGN 1536", t); + } + + std::cout << "\n"; + { + BenchMarkSignature >("TestData/rsa2048.dat", "RSA 2048", t); + BenchMarkSignature >("TestData/rw2048.dat", "RW 2048", t); + BenchMarkSignature >("TestData/luc2048.dat", "LUC 2048", t); + BenchMarkSignature >("TestData/nr2048.dat", "NR 2048", t); + BenchMarkSignature >("TestData/lucs1024.dat", "LUC-HMP 1024", t); + BenchMarkSignature >("TestData/esig2046.dat", "ESIGN 2046", t); + } + + std::cout << "\n"; + { + BenchMarkKeyAgreement("TestData/xtrdh171.dat", "XTR-DH 171", t); + BenchMarkKeyAgreement("TestData/xtrdh342.dat", "XTR-DH 342", t); + BenchMarkKeyAgreement("TestData/dh1024.dat", "DH 1024", t); + BenchMarkKeyAgreement("TestData/dh2048.dat", "DH 2048", t); + BenchMarkKeyAgreement("TestData/lucd512.dat", "LUCDIF 512", t); + BenchMarkKeyAgreement("TestData/lucd1024.dat", "LUCDIF 1024", t); + BenchMarkKeyAgreement("TestData/mqv1024.dat", "MQV 1024", t); + BenchMarkKeyAgreement("TestData/mqv2048.dat", "MQV 2048", t); + +#if 0 + BenchMarkKeyAgreement("TestData/hmqv160.dat", "HMQV P-160", t); + BenchMarkKeyAgreement("TestData/hmqv256.dat", "HMQV P-256", t); + BenchMarkKeyAgreement("TestData/hmqv384.dat", "HMQV P-384", t); + BenchMarkKeyAgreement("TestData/hmqv512.dat", "HMQV P-512", t); + + BenchMarkKeyAgreement("TestData/fhmqv160.dat", "FHMQV P-160", t); + BenchMarkKeyAgreement("TestData/fhmqv256.dat", "FHMQV P-256", t); + BenchMarkKeyAgreement("TestData/fhmqv384.dat", "FHMQV P-384", t); + BenchMarkKeyAgreement("TestData/fhmqv512.dat", "FHMQV P-512", t); +#endif + } + + std::cout << "\n"; + { + ed25519::Signer sign(Test::GlobalRNG()); + ed25519::Verifier verify(sign); + x25519 agree(Test::GlobalRNG()); + + BenchMarkSigning("ed25519", sign, t); + BenchMarkVerification("ed25519", sign, verify, t); + BenchMarkKeyGen("x25519", agree, t); + BenchMarkAgreement("x25519", agree, t); + } + + std::cout << "\n"; + { + ECIES::Decryptor cpriv(Test::GlobalRNG(), ASN1::secp256k1()); + ECIES::Encryptor cpub(cpriv); + ECDSA::Signer spriv(cpriv); + ECDSA::Verifier spub(spriv); + ECDSA_RFC6979::Signer spriv2(cpriv); + ECDSA_RFC6979::Verifier spub2(spriv); + ECGDSA::Signer spriv3(Test::GlobalRNG(), ASN1::secp256k1()); + ECGDSA::Verifier spub3(spriv3); + ECDH::Domain ecdhc(ASN1::secp256k1()); + ECMQV::Domain ecmqvc(ASN1::secp256k1()); + + BenchMarkEncryption("ECIES over GF(p) 256", cpub, t); + BenchMarkDecryption("ECIES over GF(p) 256", cpriv, cpub, t); + BenchMarkSigning("ECDSA over GF(p) 256", spriv, t); + BenchMarkVerification("ECDSA over GF(p) 256", spriv, spub, t); + BenchMarkSigning("ECDSA-RFC6979 over GF(p) 256", spriv2, t); + BenchMarkVerification("ECDSA-RFC6979 over GF(p) 256", spriv2, spub2, t); + BenchMarkSigning("ECGDSA over GF(p) 256", spriv3, t); + BenchMarkVerification("ECGDSA over GF(p) 256", spriv3, spub3, t); + BenchMarkKeyGen("ECDHC over GF(p) 256", ecdhc, t); + BenchMarkAgreement("ECDHC over GF(p) 256", ecdhc, t); + BenchMarkKeyGen("ECMQVC over GF(p) 256", ecmqvc, t); + BenchMarkAgreement("ECMQVC over GF(p) 256", ecmqvc, t); + } + + std::cout << "\n"; + { + ECIES::Decryptor cpriv(Test::GlobalRNG(), ASN1::sect233r1()); + ECIES::Encryptor cpub(cpriv); + ECDSA::Signer spriv(cpriv); + ECDSA::Verifier spub(spriv); + ECDSA_RFC6979::Signer spriv2(cpriv); + ECDSA_RFC6979::Verifier spub2(spriv); + ECGDSA::Signer spriv3(Test::GlobalRNG(), ASN1::sect233r1()); + ECGDSA::Verifier spub3(spriv3); + ECDH::Domain ecdhc(ASN1::sect233r1()); + ECMQV::Domain ecmqvc(ASN1::sect233r1()); + + BenchMarkEncryption("ECIES over GF(2^n) 233", cpub, t); + BenchMarkDecryption("ECIES over GF(2^n) 233", cpriv, cpub, t); + BenchMarkSigning("ECDSA over GF(2^n) 233", spriv, t); + BenchMarkVerification("ECDSA over GF(2^n) 233", spriv, spub, t); + BenchMarkSigning("ECDSA-RFC6979 over GF(2^n) 233", spriv2, t); + BenchMarkVerification("ECDSA-RFC6979 over GF(2^n) 233", spriv2, spub2, t); + BenchMarkSigning("ECGDSA over GF(2^n) 233", spriv3, t); + BenchMarkVerification("ECGDSA over GF(2^n) 233", spriv3, spub3, t); + BenchMarkKeyGen("ECDHC over GF(2^n) 233", ecdhc, t); + BenchMarkAgreement("ECDHC over GF(2^n) 233", ecdhc, t); + BenchMarkKeyGen("ECMQVC over GF(2^n) 233", ecmqvc, t); + BenchMarkAgreement("ECMQVC over GF(2^n) 233", ecmqvc, t); + } + + std::cout << "\n
OperationMilliseconds/Operation" << mco; + + std::cout << "\n
" << std::endl; +} + +NAMESPACE_END // Test +NAMESPACE_END // CryptoPP diff --git a/vendor/cryptopp/vendor_cryptopp/blake2-simd.cpp b/vendor/cryptopp/vendor_cryptopp/blake2-simd.cpp deleted file mode 100644 index 76e7c153..00000000 --- a/vendor/cryptopp/vendor_cryptopp/blake2-simd.cpp +++ /dev/null @@ -1,2192 +0,0 @@ -// blake2-simd.cpp - written and placed in the public domain by -// Jeffrey Walton, Uri Blumenthal and Marcel Raad. -// -// This source file uses intrinsics to gain access to ARMv7a/ARMv8a -// NEON and SSE4.2 instructions. A separate source file is needed -// because additional CXXFLAGS are required to enable the appropriate -// instructions sets in some build configurations. - -#include "pch.h" -#include "config.h" -#include "misc.h" -#include "blake2.h" - -// Uncomment for benchmarking C++ against SSE2 or NEON. -// Do so in both blake2.cpp and blake2-simd.cpp. -// #undef CRYPTOPP_SSE41_AVAILABLE -// #undef CRYPTOPP_ARM_NEON_AVAILABLE - -// Disable NEON/ASIMD for Cortex-A53 and A57. The shifts are too slow and C/C++ is about -// 3 cpb faster than NEON/ASIMD. Also see http://github.com/weidai11/cryptopp/issues/367. -#if (defined(__aarch32__) || defined(__aarch64__)) && defined(CRYPTOPP_SLOW_ARMV8_SHIFT) -# undef CRYPTOPP_ARM_NEON_AVAILABLE -#endif - -#if (CRYPTOPP_SSE41_AVAILABLE) -# include -# include -# include -#endif - -#if (CRYPTOPP_ARM_NEON_AVAILABLE) -# include -#endif - -// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many -// compilers don't follow ACLE conventions for the include. -#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE) -# include -# include -#endif - -// Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670 -#define M128_CAST(x) ((__m128i *)(void *)(x)) -#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) - -NAMESPACE_BEGIN(CryptoPP) - -// Sun Studio 12.3 and earlier lack SSE2's _mm_set_epi64x. Win32 lacks _mm_set_epi64x, -// Win64 supplies it except for VS2008. See http://stackoverflow.com/a/38547909/608639 -#if CRYPTOPP_SSE2_INTRIN_AVAILABLE && ((__SUNPRO_CC >= 0x5100 && __SUNPRO_CC < 0x5130) || \ - (defined(_MSC_VER) && _MSC_VER < 1600) || (defined(_M_IX86) && _MSC_VER >= 1600)) -inline __m128i MM_SET_EPI64X(const word64 a, const word64 b) -{ - const word64 t[2] = {b,a}; __m128i r; - std::memcpy(&r, t, sizeof(t)); - return r; -} -#else -# define MM_SET_EPI64X(a, b) _mm_set_epi64x(a, b) -#endif - -ANONYMOUS_NAMESPACE_BEGIN - -CRYPTOPP_ALIGN_DATA(16) -const word32 BLAKE2S_IV[8] = { - 0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL, - 0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL -}; - -CRYPTOPP_ALIGN_DATA(16) -const word64 BLAKE2B_IV[8] = { - W64LIT(0x6a09e667f3bcc908), W64LIT(0xbb67ae8584caa73b), - W64LIT(0x3c6ef372fe94f82b), W64LIT(0xa54ff53a5f1d36f1), - W64LIT(0x510e527fade682d1), W64LIT(0x9b05688c2b3e6c1f), - W64LIT(0x1f83d9abfb41bd6b), W64LIT(0x5be0cd19137e2179) -}; - -ANONYMOUS_NAMESPACE_END - -#if CRYPTOPP_SSE41_AVAILABLE -void BLAKE2_Compress32_SSE4(const byte* input, BLAKE2_State& state) -{ - __m128i row1, row2, row3, row4; - __m128i buf1, buf2, buf3, buf4; - - __m128i t0, t1, t2; - __m128i ff0, ff1; - - const __m128i r8 = _mm_set_epi8(12, 15, 14, 13, 8, 11, 10, 9, 4, 7, 6, 5, 0, 3, 2, 1); - const __m128i r16 = _mm_set_epi8(13, 12, 15, 14, 9, 8, 11, 10, 5, 4, 7, 6, 1, 0, 3, 2); - - const __m128i m0 = _mm_loadu_si128(CONST_M128_CAST(input + 00)); - const __m128i m1 = _mm_loadu_si128(CONST_M128_CAST(input + 16)); - const __m128i m2 = _mm_loadu_si128(CONST_M128_CAST(input + 32)); - const __m128i m3 = _mm_loadu_si128(CONST_M128_CAST(input + 48)); - - row1 = ff0 = _mm_loadu_si128(CONST_M128_CAST(&state.h[0])); - row2 = ff1 = _mm_loadu_si128(CONST_M128_CAST(&state.h[4])); - row3 = _mm_setr_epi32(BLAKE2S_IV[0], BLAKE2S_IV[1], BLAKE2S_IV[2], BLAKE2S_IV[3]); - row4 = _mm_xor_si128(_mm_setr_epi32(BLAKE2S_IV[4], BLAKE2S_IV[5], BLAKE2S_IV[6], BLAKE2S_IV[7]), _mm_loadu_si128(CONST_M128_CAST(&state.t[0]))); - buf1 = _mm_castps_si128((_mm_shuffle_ps(_mm_castsi128_ps((m0)), _mm_castsi128_ps((m1)), _MM_SHUFFLE(2,0,2,0)))); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf1), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - buf2 = _mm_castps_si128((_mm_shuffle_ps(_mm_castsi128_ps((m0)), _mm_castsi128_ps((m1)), _MM_SHUFFLE(3,1,3,1)))); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf2), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(2,1,0,3)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(0,3,2,1)); - - buf3 = _mm_castps_si128((_mm_shuffle_ps(_mm_castsi128_ps((m2)), _mm_castsi128_ps((m3)), _MM_SHUFFLE(2,0,2,0)))); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf3), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - buf4 = _mm_castps_si128((_mm_shuffle_ps(_mm_castsi128_ps((m2)), _mm_castsi128_ps((m3)), _MM_SHUFFLE(3,1,3,1)))); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf4), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(0,3,2,1)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(2,1,0,3)); - - t0 = _mm_blend_epi16(m1, m2, 0x0C); - t1 = _mm_slli_si128(m3, 4); - t2 = _mm_blend_epi16(t0, t1, 0xF0); - buf1 = _mm_shuffle_epi32(t2, _MM_SHUFFLE(2,1,0,3)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf1), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_shuffle_epi32(m2,_MM_SHUFFLE(0,0,2,0)); - t1 = _mm_blend_epi16(m1,m3,0xC0); - t2 = _mm_blend_epi16(t0, t1, 0xF0); - buf2 = _mm_shuffle_epi32(t2, _MM_SHUFFLE(2,3,0,1)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf2), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(2,1,0,3)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(0,3,2,1)); - - t0 = _mm_slli_si128(m1, 4); - t1 = _mm_blend_epi16(m2, t0, 0x30); - t2 = _mm_blend_epi16(m0, t1, 0xF0); - buf3 = _mm_shuffle_epi32(t2, _MM_SHUFFLE(2,3,0,1)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf3), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_unpackhi_epi32(m0,m1); - t1 = _mm_slli_si128(m3, 4); - t2 = _mm_blend_epi16(t0, t1, 0x0C); - buf4 = _mm_shuffle_epi32(t2, _MM_SHUFFLE(2,3,0,1)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf4), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(0,3,2,1)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(2,1,0,3)); - - t0 = _mm_unpackhi_epi32(m2,m3); - t1 = _mm_blend_epi16(m3,m1,0x0C); - t2 = _mm_blend_epi16(t0, t1, 0x0F); - buf1 = _mm_shuffle_epi32(t2, _MM_SHUFFLE(3,1,0,2)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf1), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_unpacklo_epi32(m2,m0); - t1 = _mm_blend_epi16(t0, m0, 0xF0); - t2 = _mm_slli_si128(m3, 8); - buf2 = _mm_blend_epi16(t1, t2, 0xC0); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf2), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(2,1,0,3)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(0,3,2,1)); - - t0 = _mm_blend_epi16(m0, m2, 0x3C); - t1 = _mm_srli_si128(m1, 12); - t2 = _mm_blend_epi16(t0,t1,0x03); - buf3 = _mm_shuffle_epi32(t2, _MM_SHUFFLE(1,0,3,2)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf3), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_slli_si128(m3, 4); - t1 = _mm_blend_epi16(m0, m1, 0x33); - t2 = _mm_blend_epi16(t1, t0, 0xC0); - buf4 = _mm_shuffle_epi32(t2, _MM_SHUFFLE(0,1,2,3)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf4), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(0,3,2,1)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(2,1,0,3)); - - t0 = _mm_unpackhi_epi32(m0,m1); - t1 = _mm_unpackhi_epi32(t0, m2); - t2 = _mm_blend_epi16(t1, m3, 0x0C); - buf1 = _mm_shuffle_epi32(t2, _MM_SHUFFLE(3,1,0,2)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf1), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_slli_si128(m2, 8); - t1 = _mm_blend_epi16(m3,m0,0x0C); - t2 = _mm_blend_epi16(t1, t0, 0xC0); - buf2 = _mm_shuffle_epi32(t2, _MM_SHUFFLE(2,0,1,3)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf2), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(2,1,0,3)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(0,3,2,1)); - - t0 = _mm_blend_epi16(m0,m1,0x0F); - t1 = _mm_blend_epi16(t0, m3, 0xC0); - buf3 = _mm_shuffle_epi32(t1, _MM_SHUFFLE(3,0,1,2)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf3), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_unpacklo_epi32(m0,m2); - t1 = _mm_unpackhi_epi32(m1,m2); - buf4 = _mm_unpacklo_epi64(t1,t0); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf4), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(0,3,2,1)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(2,1,0,3)); - - t0 = _mm_unpacklo_epi64(m1,m2); - t1 = _mm_unpackhi_epi64(m0,m2); - t2 = _mm_blend_epi16(t0,t1,0x33); - buf1 = _mm_shuffle_epi32(t2, _MM_SHUFFLE(2,0,1,3)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf1), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_unpackhi_epi64(m1,m3); - t1 = _mm_unpacklo_epi64(m0,m1); - buf2 = _mm_blend_epi16(t0,t1,0x33); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf2), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(2,1,0,3)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(0,3,2,1)); - - t0 = _mm_unpackhi_epi64(m3,m1); - t1 = _mm_unpackhi_epi64(m2,m0); - buf3 = _mm_blend_epi16(t1,t0,0x33); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf3), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_blend_epi16(m0,m2,0x03); - t1 = _mm_slli_si128(t0, 8); - t2 = _mm_blend_epi16(t1,m3,0x0F); - buf4 = _mm_shuffle_epi32(t2, _MM_SHUFFLE(1,2,0,3)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf4), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(0,3,2,1)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(2,1,0,3)); - - t0 = _mm_unpackhi_epi32(m0,m1); - t1 = _mm_unpacklo_epi32(m0,m2); - buf1 = _mm_unpacklo_epi64(t0,t1); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf1), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_srli_si128(m2, 4); - t1 = _mm_blend_epi16(m0,m3,0x03); - buf2 = _mm_blend_epi16(t1,t0,0x3C); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf2), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(2,1,0,3)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(0,3,2,1)); - - t0 = _mm_blend_epi16(m1,m0,0x0C); - t1 = _mm_srli_si128(m3, 4); - t2 = _mm_blend_epi16(t0,t1,0x30); - buf3 = _mm_shuffle_epi32(t2, _MM_SHUFFLE(1,2,3,0)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf3), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_unpacklo_epi64(m1,m2); - t1= _mm_shuffle_epi32(m3, _MM_SHUFFLE(0,2,0,1)); - buf4 = _mm_blend_epi16(t0,t1,0x33); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf4), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(0,3,2,1)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(2,1,0,3)); - - t0 = _mm_slli_si128(m1, 12); - t1 = _mm_blend_epi16(m0,m3,0x33); - buf1 = _mm_blend_epi16(t1,t0,0xC0); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf1), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_blend_epi16(m3,m2,0x30); - t1 = _mm_srli_si128(m1, 4); - t2 = _mm_blend_epi16(t0,t1,0x03); - buf2 = _mm_shuffle_epi32(t2, _MM_SHUFFLE(2,1,3,0)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf2), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(2,1,0,3)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(0,3,2,1)); - - t0 = _mm_unpacklo_epi64(m0,m2); - t1 = _mm_srli_si128(m1, 4); - buf3 = _mm_shuffle_epi32(_mm_blend_epi16(t0,t1,0x0C), _MM_SHUFFLE(2,3,1,0)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf3), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_unpackhi_epi32(m1,m2); - t1 = _mm_unpackhi_epi64(m0,t0); - buf4 = _mm_shuffle_epi32(t1, _MM_SHUFFLE(3,0,1,2)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf4), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(0,3,2,1)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(2,1,0,3)); - - t0 = _mm_unpackhi_epi32(m0,m1); - t1 = _mm_blend_epi16(t0,m3,0x0F); - buf1 = _mm_shuffle_epi32(t1,_MM_SHUFFLE(2,0,3,1)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf1), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_blend_epi16(m2,m3,0x30); - t1 = _mm_srli_si128(m0,4); - t2 = _mm_blend_epi16(t0,t1,0x03); - buf2 = _mm_shuffle_epi32(t2, _MM_SHUFFLE(1,0,2,3)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf2), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(2,1,0,3)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(0,3,2,1)); - - t0 = _mm_unpackhi_epi64(m0,m3); - t1 = _mm_unpacklo_epi64(m1,m2); - t2 = _mm_blend_epi16(t0,t1,0x3C); - buf3 = _mm_shuffle_epi32(t2,_MM_SHUFFLE(0,2,3,1)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf3), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_unpacklo_epi32(m0,m1); - t1 = _mm_unpackhi_epi32(m1,m2); - buf4 = _mm_unpacklo_epi64(t0,t1); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf4), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(0,3,2,1)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(2,1,0,3)); - - t0 = _mm_unpackhi_epi32(m1,m3); - t1 = _mm_unpacklo_epi64(t0,m0); - t2 = _mm_blend_epi16(t1,m2,0xC0); - buf1 = _mm_shufflehi_epi16(t2,_MM_SHUFFLE(1,0,3,2)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf1), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_unpackhi_epi32(m0,m3); - t1 = _mm_blend_epi16(m2,t0,0xF0); - buf2 = _mm_shuffle_epi32(t1,_MM_SHUFFLE(0,2,1,3)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf2), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(2,1,0,3)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(0,3,2,1)); - - t0 = _mm_blend_epi16(m2,m0,0x0C); - t1 = _mm_slli_si128(t0,4); - buf3 = _mm_blend_epi16(t1,m3,0x0F); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf3), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_blend_epi16(m1,m0,0x30); - buf4 = _mm_shuffle_epi32(t0,_MM_SHUFFLE(1,0,3,2)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf4), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(0,3,2,1)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(2,1,0,3)); - - t0 = _mm_blend_epi16(m0,m2,0x03); - t1 = _mm_blend_epi16(m1,m2,0x30); - t2 = _mm_blend_epi16(t1,t0,0x0F); - buf1 = _mm_shuffle_epi32(t2,_MM_SHUFFLE(1,3,0,2)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf1), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_slli_si128(m0,4); - t1 = _mm_blend_epi16(m1,t0,0xC0); - buf2 = _mm_shuffle_epi32(t1,_MM_SHUFFLE(1,2,0,3)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf2), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(2,1,0,3)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(0,3,2,1)); - - t0 = _mm_unpackhi_epi32(m0,m3); - t1 = _mm_unpacklo_epi32(m2,m3); - t2 = _mm_unpackhi_epi64(t0,t1); - buf3 = _mm_shuffle_epi32(t2,_MM_SHUFFLE(3,0,2,1)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf3), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r16); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 12),_mm_slli_epi32(row2, 20)); - - t0 = _mm_blend_epi16(m3,m2,0xC0); - t1 = _mm_unpacklo_epi32(m0,m3); - t2 = _mm_blend_epi16(t0,t1,0x0F); - buf4 = _mm_shuffle_epi32(t2,_MM_SHUFFLE(0,1,2,3)); - - row1 = _mm_add_epi32(_mm_add_epi32(row1, buf4), row2); - row4 = _mm_xor_si128(row4, row1); - row4 = _mm_shuffle_epi8(row4,r8); - row3 = _mm_add_epi32(row3, row4); - row2 = _mm_xor_si128(row2, row3); - row2 = _mm_xor_si128(_mm_srli_epi32(row2, 7),_mm_slli_epi32(row2, 25)); - - row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(0,3,2,1)); - row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); - row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(2,1,0,3)); - - _mm_storeu_si128(M128_CAST(&state.h[0]), _mm_xor_si128(ff0, _mm_xor_si128(row1, row3))); - _mm_storeu_si128(M128_CAST(&state.h[4]), _mm_xor_si128(ff1, _mm_xor_si128(row2, row4))); -} - -void BLAKE2_Compress64_SSE4(const byte* input, BLAKE2_State& state) -{ - __m128i row1l, row1h; - __m128i row2l, row2h; - __m128i row3l, row3h; - __m128i row4l, row4h; - __m128i b0, b1, t0, t1; - - const __m128i r16 = _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); - const __m128i r24 = _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); - - const __m128i m0 = _mm_loadu_si128(CONST_M128_CAST(input + 00)); - const __m128i m1 = _mm_loadu_si128(CONST_M128_CAST(input + 16)); - const __m128i m2 = _mm_loadu_si128(CONST_M128_CAST(input + 32)); - const __m128i m3 = _mm_loadu_si128(CONST_M128_CAST(input + 48)); - const __m128i m4 = _mm_loadu_si128(CONST_M128_CAST(input + 64)); - const __m128i m5 = _mm_loadu_si128(CONST_M128_CAST(input + 80)); - const __m128i m6 = _mm_loadu_si128(CONST_M128_CAST(input + 96)); - const __m128i m7 = _mm_loadu_si128(CONST_M128_CAST(input + 112)); - - row1l = _mm_loadu_si128(CONST_M128_CAST(&state.h[0])); - row1h = _mm_loadu_si128(CONST_M128_CAST(&state.h[2])); - row2l = _mm_loadu_si128(CONST_M128_CAST(&state.h[4])); - row2h = _mm_loadu_si128(CONST_M128_CAST(&state.h[6])); - row3l = _mm_loadu_si128(CONST_M128_CAST(&BLAKE2B_IV[0])); - row3h = _mm_loadu_si128(CONST_M128_CAST(&BLAKE2B_IV[2])); - row4l = _mm_xor_si128(_mm_loadu_si128(CONST_M128_CAST(&BLAKE2B_IV[4])), _mm_loadu_si128(CONST_M128_CAST(&state.t[0]))); - row4h = _mm_xor_si128(_mm_loadu_si128(CONST_M128_CAST(&BLAKE2B_IV[6])), _mm_loadu_si128(CONST_M128_CAST(&state.f[0]))); - - b0 = _mm_unpacklo_epi64(m0, m1); - b1 = _mm_unpacklo_epi64(m2, m3); - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpackhi_epi64(m0, m1); - b1 = _mm_unpackhi_epi64(m2, m3); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2h, row2l, 8); - t1 = _mm_alignr_epi8(row2l, row2h, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4h, row4l, 8); - t1 = _mm_alignr_epi8(row4l, row4h, 8); - row4l = t1, row4h = t0; - - b0 = _mm_unpacklo_epi64(m4, m5); - b1 = _mm_unpacklo_epi64(m6, m7); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpackhi_epi64(m4, m5); - b1 = _mm_unpackhi_epi64(m6, m7); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2l, row2h, 8); - t1 = _mm_alignr_epi8(row2h, row2l, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4l, row4h, 8); - t1 = _mm_alignr_epi8(row4h, row4l, 8); - row4l = t1, row4h = t0; - - b0 = _mm_unpacklo_epi64(m7, m2); - b1 = _mm_unpackhi_epi64(m4, m6); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpacklo_epi64(m5, m4); - b1 = _mm_alignr_epi8(m3, m7, 8); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2h, row2l, 8); - t1 = _mm_alignr_epi8(row2l, row2h, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4h, row4l, 8); - t1 = _mm_alignr_epi8(row4l, row4h, 8); - row4l = t1, row4h = t0; - - b0 = _mm_shuffle_epi32(m0, _MM_SHUFFLE(1,0,3,2)); - b1 = _mm_unpackhi_epi64(m5, m2); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpacklo_epi64(m6, m1); - b1 = _mm_unpackhi_epi64(m3, m1); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2l, row2h, 8); - t1 = _mm_alignr_epi8(row2h, row2l, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4l, row4h, 8); - t1 = _mm_alignr_epi8(row4h, row4l, 8); - row4l = t1, row4h = t0; - - b0 = _mm_alignr_epi8(m6, m5, 8); - b1 = _mm_unpackhi_epi64(m2, m7); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpacklo_epi64(m4, m0); - b1 = _mm_blend_epi16(m1, m6, 0xF0); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2h, row2l, 8); - t1 = _mm_alignr_epi8(row2l, row2h, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4h, row4l, 8); - t1 = _mm_alignr_epi8(row4l, row4h, 8); - row4l = t1, row4h = t0; - - b0 = _mm_blend_epi16(m5, m1, 0xF0); - b1 = _mm_unpackhi_epi64(m3, m4); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpacklo_epi64(m7, m3); - b1 = _mm_alignr_epi8(m2, m0, 8); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2l, row2h, 8); - t1 = _mm_alignr_epi8(row2h, row2l, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4l, row4h, 8); - t1 = _mm_alignr_epi8(row4h, row4l, 8); - row4l = t1, row4h = t0; - - b0 = _mm_unpackhi_epi64(m3, m1); - b1 = _mm_unpackhi_epi64(m6, m5); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpackhi_epi64(m4, m0); - b1 = _mm_unpacklo_epi64(m6, m7); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2h, row2l, 8); - t1 = _mm_alignr_epi8(row2l, row2h, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4h, row4l, 8); - t1 = _mm_alignr_epi8(row4l, row4h, 8); - row4l = t1, row4h = t0; - - b0 = _mm_blend_epi16(m1, m2, 0xF0); - b1 = _mm_blend_epi16(m2, m7, 0xF0); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpacklo_epi64(m3, m5); - b1 = _mm_unpacklo_epi64(m0, m4); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2l, row2h, 8); - t1 = _mm_alignr_epi8(row2h, row2l, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4l, row4h, 8); - t1 = _mm_alignr_epi8(row4h, row4l, 8); - row4l = t1, row4h = t0; - - b0 = _mm_unpackhi_epi64(m4, m2); - b1 = _mm_unpacklo_epi64(m1, m5); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_blend_epi16(m0, m3, 0xF0); - b1 = _mm_blend_epi16(m2, m7, 0xF0); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2h, row2l, 8); - t1 = _mm_alignr_epi8(row2l, row2h, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4h, row4l, 8); - t1 = _mm_alignr_epi8(row4l, row4h, 8); - row4l = t1, row4h = t0; - - b0 = _mm_blend_epi16(m7, m5, 0xF0); - b1 = _mm_blend_epi16(m3, m1, 0xF0); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_alignr_epi8(m6, m0, 8); - b1 = _mm_blend_epi16(m4, m6, 0xF0); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2l, row2h, 8); - t1 = _mm_alignr_epi8(row2h, row2l, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4l, row4h, 8); - t1 = _mm_alignr_epi8(row4h, row4l, 8); - row4l = t1, row4h = t0; - - b0 = _mm_unpacklo_epi64(m1, m3); - b1 = _mm_unpacklo_epi64(m0, m4); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpacklo_epi64(m6, m5); - b1 = _mm_unpackhi_epi64(m5, m1); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2h, row2l, 8); - t1 = _mm_alignr_epi8(row2l, row2h, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4h, row4l, 8); - t1 = _mm_alignr_epi8(row4l, row4h, 8); - row4l = t1, row4h = t0; - - b0 = _mm_blend_epi16(m2, m3, 0xF0); - b1 = _mm_unpackhi_epi64(m7, m0); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpackhi_epi64(m6, m2); - b1 = _mm_blend_epi16(m7, m4, 0xF0); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2l, row2h, 8); - t1 = _mm_alignr_epi8(row2h, row2l, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4l, row4h, 8); - t1 = _mm_alignr_epi8(row4h, row4l, 8); - row4l = t1, row4h = t0; - - b0 = _mm_blend_epi16(m6, m0, 0xF0); - b1 = _mm_unpacklo_epi64(m7, m2); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpackhi_epi64(m2, m7); - b1 = _mm_alignr_epi8(m5, m6, 8); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2h, row2l, 8); - t1 = _mm_alignr_epi8(row2l, row2h, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4h, row4l, 8); - t1 = _mm_alignr_epi8(row4l, row4h, 8); - row4l = t1, row4h = t0; - - b0 = _mm_unpacklo_epi64(m0, m3); - b1 = _mm_shuffle_epi32(m4, _MM_SHUFFLE(1,0,3,2)); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpackhi_epi64(m3, m1); - b1 = _mm_blend_epi16(m1, m5, 0xF0); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2l, row2h, 8); - t1 = _mm_alignr_epi8(row2h, row2l, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4l, row4h, 8); - t1 = _mm_alignr_epi8(row4h, row4l, 8); - row4l = t1, row4h = t0; - - b0 = _mm_unpackhi_epi64(m6, m3); - b1 = _mm_blend_epi16(m6, m1, 0xF0); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_alignr_epi8(m7, m5, 8); - b1 = _mm_unpackhi_epi64(m0, m4); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2h, row2l, 8); - t1 = _mm_alignr_epi8(row2l, row2h, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4h, row4l, 8); - t1 = _mm_alignr_epi8(row4l, row4h, 8); - row4l = t1, row4h = t0; - - b0 = _mm_unpackhi_epi64(m2, m7); - b1 = _mm_unpacklo_epi64(m4, m1); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpacklo_epi64(m0, m2); - b1 = _mm_unpacklo_epi64(m3, m5); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2l, row2h, 8); - t1 = _mm_alignr_epi8(row2h, row2l, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4l, row4h, 8); - t1 = _mm_alignr_epi8(row4h, row4l, 8); - row4l = t1, row4h = t0; - - b0 = _mm_unpacklo_epi64(m3, m7); - b1 = _mm_alignr_epi8(m0, m5, 8); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpackhi_epi64(m7, m4); - b1 = _mm_alignr_epi8(m4, m1, 8); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2h, row2l, 8); - t1 = _mm_alignr_epi8(row2l, row2h, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4h, row4l, 8); - t1 = _mm_alignr_epi8(row4l, row4h, 8); - row4l = t1, row4h = t0; - - b0 = m6; - b1 = _mm_alignr_epi8(m5, m0, 8); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_blend_epi16(m1, m3, 0xF0); - b1 = m2; - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2l, row2h, 8); - t1 = _mm_alignr_epi8(row2h, row2l, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4l, row4h, 8); - t1 = _mm_alignr_epi8(row4h, row4l, 8); - row4l = t1, row4h = t0; - - b0 = _mm_unpacklo_epi64(m5, m4); - b1 = _mm_unpackhi_epi64(m3, m0); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpacklo_epi64(m1, m2); - b1 = _mm_blend_epi16(m3, m2, 0xF0); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2h, row2l, 8); - t1 = _mm_alignr_epi8(row2l, row2h, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4h, row4l, 8); - t1 = _mm_alignr_epi8(row4l, row4h, 8); - row4l = t1, row4h = t0; - - b0 = _mm_unpackhi_epi64(m7, m4); - b1 = _mm_unpackhi_epi64(m1, m6); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_alignr_epi8(m7, m5, 8); - b1 = _mm_unpacklo_epi64(m6, m0); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2l, row2h, 8); - t1 = _mm_alignr_epi8(row2h, row2l, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4l, row4h, 8); - t1 = _mm_alignr_epi8(row4h, row4l, 8); - row4l = t1, row4h = t0; - - b0 = _mm_unpacklo_epi64(m0, m1); - b1 = _mm_unpacklo_epi64(m2, m3); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpackhi_epi64(m0, m1); - b1 = _mm_unpackhi_epi64(m2, m3); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2h, row2l, 8); - t1 = _mm_alignr_epi8(row2l, row2h, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4h, row4l, 8); - t1 = _mm_alignr_epi8(row4l, row4h, 8); - row4l = t1, row4h = t0; - - b0 = _mm_unpacklo_epi64(m4, m5); - b1 = _mm_unpacklo_epi64(m6, m7); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpackhi_epi64(m4, m5); - b1 = _mm_unpackhi_epi64(m6, m7); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2l, row2h, 8); - t1 = _mm_alignr_epi8(row2h, row2l, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4l, row4h, 8); - t1 = _mm_alignr_epi8(row4h, row4l, 8); - row4l = t1, row4h = t0; - - b0 = _mm_unpacklo_epi64(m7, m2); - b1 = _mm_unpackhi_epi64(m4, m6); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpacklo_epi64(m5, m4); - b1 = _mm_alignr_epi8(m3, m7, 8); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2h, row2l, 8); - t1 = _mm_alignr_epi8(row2l, row2h, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4h, row4l, 8); - t1 = _mm_alignr_epi8(row4l, row4h, 8); - row4l = t1, row4h = t0; - - b0 = _mm_shuffle_epi32(m0, _MM_SHUFFLE(1,0,3,2)); - b1 = _mm_unpackhi_epi64(m5, m2); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi32(row4l, _MM_SHUFFLE(2,3,0,1)); - row4h = _mm_shuffle_epi32(row4h, _MM_SHUFFLE(2,3,0,1)); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_shuffle_epi8(row2l, r24); - row2h = _mm_shuffle_epi8(row2h, r24); - - b0 = _mm_unpacklo_epi64(m6, m1); - b1 = _mm_unpackhi_epi64(m3, m1); - - row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); - row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); - row4l = _mm_xor_si128(row4l, row1l); - row4h = _mm_xor_si128(row4h, row1h); - row4l = _mm_shuffle_epi8(row4l, r16); - row4h = _mm_shuffle_epi8(row4h, r16); - row3l = _mm_add_epi64(row3l, row4l); - row3h = _mm_add_epi64(row3h, row4h); - row2l = _mm_xor_si128(row2l, row3l); - row2h = _mm_xor_si128(row2h, row3h); - row2l = _mm_xor_si128(_mm_srli_epi64(row2l, 63), _mm_add_epi64(row2l, row2l)); - row2h = _mm_xor_si128(_mm_srli_epi64(row2h, 63), _mm_add_epi64(row2h, row2h)); - - t0 = _mm_alignr_epi8(row2l, row2h, 8); - t1 = _mm_alignr_epi8(row2h, row2l, 8); - row2l = t0, row2h = t1, t0 = row3l, row3l = row3h, row3h = t0; - t0 = _mm_alignr_epi8(row4l, row4h, 8); - t1 = _mm_alignr_epi8(row4h, row4l, 8); - row4l = t1, row4h = t0; - - row1l = _mm_xor_si128(row3l, row1l); - row1h = _mm_xor_si128(row3h, row1h); - _mm_storeu_si128(M128_CAST(&state.h[0]), _mm_xor_si128(_mm_loadu_si128(CONST_M128_CAST(&state.h[0])), row1l)); - _mm_storeu_si128(M128_CAST(&state.h[2]), _mm_xor_si128(_mm_loadu_si128(CONST_M128_CAST(&state.h[2])), row1h)); - - row2l = _mm_xor_si128(row4l, row2l); - row2h = _mm_xor_si128(row4h, row2h); - _mm_storeu_si128(M128_CAST(&state.h[4]), _mm_xor_si128(_mm_loadu_si128(CONST_M128_CAST(&state.h[4])), row2l)); - _mm_storeu_si128(M128_CAST(&state.h[6]), _mm_xor_si128(_mm_loadu_si128(CONST_M128_CAST(&state.h[6])), row2h)); -} -#endif // CRYPTOPP_SSE41_AVAILABLE - -#if CRYPTOPP_ARM_NEON_AVAILABLE -void BLAKE2_Compress32_NEON(const byte* input, BLAKE2_State& state) -{ - #define BLAKE2S_LOAD_MSG_0_1(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m0), vget_high_u32(m0)).val[0]; \ - t1 = vzip_u32(vget_low_u32(m1), vget_high_u32(m1)).val[0]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_0_2(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m0), vget_high_u32(m0)).val[1]; \ - t1 = vzip_u32(vget_low_u32(m1), vget_high_u32(m1)).val[1]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_0_3(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m2), vget_high_u32(m2)).val[0]; \ - t1 = vzip_u32(vget_low_u32(m3), vget_high_u32(m3)).val[0]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_0_4(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m2), vget_high_u32(m2)).val[1]; \ - t1 = vzip_u32(vget_low_u32(m3), vget_high_u32(m3)).val[1]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_1_1(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_high_u32(m3), vget_low_u32(m1)).val[0]; \ - t1 = vzip_u32(vget_low_u32(m2), vget_low_u32(m3)).val[1]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_1_2(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_high_u32(m2), vget_low_u32(m2)).val[0]; \ - t1 = vext_u32(vget_high_u32(m3), vget_high_u32(m1), 1); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_1_3(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vext_u32(vget_low_u32(m0), vget_low_u32(m0), 1); \ - t1 = vzip_u32(vget_high_u32(m2), vget_low_u32(m1)).val[1]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_1_4(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m3), vget_high_u32(m0)).val[0]; \ - t1 = vzip_u32(vget_high_u32(m1), vget_high_u32(m0)).val[1]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_2_1(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vext_u32(vget_high_u32(m2), vget_low_u32(m3), 1); \ - t1 = vzip_u32(vget_low_u32(m1), vget_high_u32(m3)).val[1]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_2_2(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m2), vget_low_u32(m0)).val[0]; \ - t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m0), vget_low_u32(m3)); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_2_3(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m2), vget_high_u32(m0)); \ - t1 = vzip_u32(vget_high_u32(m1), vget_low_u32(m2)).val[1]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_2_4(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_high_u32(m3), vget_high_u32(m1)).val[0]; \ - t1 = vext_u32(vget_low_u32(m0), vget_low_u32(m1), 1); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_3_1(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_high_u32(m1), vget_high_u32(m0)).val[1]; \ - t1 = vzip_u32(vget_low_u32(m3), vget_high_u32(m2)).val[1]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_3_2(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m2), vget_low_u32(m0)).val[1]; \ - t1 = vzip_u32(vget_low_u32(m3), vget_high_u32(m3)).val[0]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_3_3(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m0), vget_low_u32(m1)); \ - t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m1), vget_high_u32(m3)); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_3_4(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_high_u32(m1), vget_high_u32(m2)).val[0]; \ - t1 = vzip_u32(vget_low_u32(m0), vget_low_u32(m2)).val[0]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_4_1(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m2), vget_low_u32(m1)).val[1]; \ - t1 = vzip_u32((vget_high_u32(m0)), vget_high_u32(m2)).val[0]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_4_2(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m0), vget_high_u32(m1)); \ - t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m1), vget_high_u32(m3)); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_4_3(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m3), vget_high_u32(m2)); \ - t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m1), vget_high_u32(m0)); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_4_4(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vext_u32(vget_low_u32(m0), vget_low_u32(m3), 1); \ - t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m2), vget_low_u32(m3)); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_5_1(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32((vget_high_u32(m0)), vget_high_u32(m1)).val[0]; \ - t1 = vzip_u32(vget_low_u32(m0), vget_low_u32(m2)).val[0]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_5_2(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m3), vget_high_u32(m2)).val[0]; \ - t1 = vzip_u32(vget_high_u32(m2), vget_high_u32(m0)).val[1]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_5_3(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m1), vget_high_u32(m1)); \ - t1 = vzip_u32(vget_high_u32(m3), vget_low_u32(m0)).val[1]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_5_4(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m3), vget_low_u32(m1)).val[1]; \ - t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m3), vget_low_u32(m2)); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_6_1(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m3), vget_low_u32(m0)); \ - t1 = vzip_u32(vget_high_u32(m3), vget_low_u32(m1)).val[0]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_6_2(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m1), vget_high_u32(m3)).val[1]; \ - t1 = vext_u32(vget_low_u32(m3), vget_high_u32(m2), 1); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_6_3(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m0), vget_high_u32(m1)).val[0]; \ - t1 = vext_u32(vget_low_u32(m2), vget_low_u32(m2), 1); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_6_4(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_high_u32(m1), vget_high_u32(m0)).val[1]; \ - t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m0), vget_high_u32(m2)); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_7_1(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m3), vget_high_u32(m1)).val[1]; \ - t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m3), vget_high_u32(m0)); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_7_2(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vext_u32(vget_high_u32(m2), vget_high_u32(m3), 1); \ - t1 = vzip_u32(vget_low_u32(m0), vget_low_u32(m2)).val[1]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_7_3(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m1), vget_high_u32(m3)).val[1]; \ - t1 = vzip_u32(vget_low_u32(m2), vget_high_u32(m0)).val[0]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_7_4(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_low_u32(m0), vget_low_u32(m1)).val[0]; \ - t1 = vzip_u32(vget_high_u32(m1), vget_high_u32(m2)).val[0]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_8_1(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_high_u32(m1), vget_high_u32(m3)).val[0]; \ - t1 = vext_u32(vget_high_u32(m2), vget_low_u32(m0), 1); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_8_2(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_high_u32(m3), vget_low_u32(m2)).val[1]; \ - t1 = vext_u32(vget_high_u32(m0), vget_low_u32(m2), 1); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_8_3(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m3), vget_low_u32(m3)); \ - t1 = vext_u32(vget_low_u32(m0), vget_high_u32(m2), 1); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_8_4(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m0), vget_high_u32(m1)); \ - t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m1), vget_low_u32(m1)); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_9_1(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_high_u32(m2), vget_low_u32(m2)).val[0]; \ - t1 = vzip_u32(vget_high_u32(m1), vget_low_u32(m0)).val[1]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_9_2(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32((vget_high_u32(m0)), vget_low_u32(m1)).val[0]; \ - t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m1), vget_low_u32(m1)); \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_9_3(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vzip_u32(vget_high_u32(m3), vget_low_u32(m2)).val[1]; \ - t1 = vzip_u32((vget_high_u32(m0)), vget_low_u32(m3)).val[1]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define BLAKE2S_LOAD_MSG_9_4(buf) \ - do { uint32x2_t t0, t1; \ - t0 = vext_u32(vget_high_u32(m2), vget_high_u32(m3), 1); \ - t1 = vzip_u32(vget_low_u32(m3), vget_low_u32(m0)).val[0]; \ - buf = vcombine_u32(t0, t1); } while(0) - - #define vrorq_n_u32_16(x) vreinterpretq_u32_u16(vrev32q_u16(vreinterpretq_u16_u32(x))) - - #define vrorq_n_u32_8(x) vsriq_n_u32(vshlq_n_u32((x), 24), (x), 8) - - #define vrorq_n_u32(x, c) vsriq_n_u32(vshlq_n_u32((x), 32-(c)), (x), (c)) - - #define BLAKE2S_G1(row1,row2,row3,row4,buf) \ - do { \ - row1 = vaddq_u32(vaddq_u32(row1, buf), row2); row4 = veorq_u32(row4, row1); \ - row4 = vrorq_n_u32_16(row4); row3 = vaddq_u32(row3, row4); \ - row2 = veorq_u32(row2, row3); row2 = vrorq_n_u32(row2, 12); \ - } while(0) - - #define BLAKE2S_G2(row1,row2,row3,row4,buf) \ - do { \ - row1 = vaddq_u32(vaddq_u32(row1, buf), row2); row4 = veorq_u32(row4, row1); \ - row4 = vrorq_n_u32_8(row4); row3 = vaddq_u32(row3, row4); \ - row2 = veorq_u32(row2, row3); row2 = vrorq_n_u32(row2, 7); \ - } while(0) - - #define BLAKE2S_DIAGONALIZE(row1,row2,row3,row4) \ - do { \ - row4 = vextq_u32(row4, row4, 3); row3 = vextq_u32(row3, row3, 2); row2 = vextq_u32(row2, row2, 1); \ - } while(0) - - #define BLAKE2S_UNDIAGONALIZE(row1,row2,row3,row4) \ - do { \ - row4 = vextq_u32(row4, row4, 1); \ - row3 = vextq_u32(row3, row3, 2); \ - row2 = vextq_u32(row2, row2, 3); \ - } while(0) - - #define BLAKE2S_ROUND(r) \ - do { \ - uint32x4_t buf1, buf2, buf3, buf4; \ - BLAKE2S_LOAD_MSG_ ##r ##_1(buf1); \ - BLAKE2S_G1(row1,row2,row3,row4,buf1); \ - BLAKE2S_LOAD_MSG_ ##r ##_2(buf2); \ - BLAKE2S_G2(row1,row2,row3,row4,buf2); \ - BLAKE2S_DIAGONALIZE(row1,row2,row3,row4); \ - BLAKE2S_LOAD_MSG_ ##r ##_3(buf3); \ - BLAKE2S_G1(row1,row2,row3,row4,buf3); \ - BLAKE2S_LOAD_MSG_ ##r ##_4(buf4); \ - BLAKE2S_G2(row1,row2,row3,row4,buf4); \ - BLAKE2S_UNDIAGONALIZE(row1,row2,row3,row4); \ - } while(0) - - CRYPTOPP_ASSERT(IsAlignedOn(&state.h[0],GetAlignmentOf())); - CRYPTOPP_ASSERT(IsAlignedOn(&state.t[0],GetAlignmentOf())); - CRYPTOPP_ASSERT(IsAlignedOn(&state.f[0],GetAlignmentOf())); - - const uint32x4_t m0 = vreinterpretq_u32_u8(vld1q_u8((input + 00))); - const uint32x4_t m1 = vreinterpretq_u32_u8(vld1q_u8((input + 16))); - const uint32x4_t m2 = vreinterpretq_u32_u8(vld1q_u8((input + 32))); - const uint32x4_t m3 = vreinterpretq_u32_u8(vld1q_u8((input + 48))); - - uint32x4_t row1, row2, row3, row4; - - const uint32x4_t f0 = row1 = vld1q_u32(&state.h[0]); - const uint32x4_t f1 = row2 = vld1q_u32(&state.h[4]); - row3 = vld1q_u32(&BLAKE2S_IV[0]); - row4 = veorq_u32(vld1q_u32(&BLAKE2S_IV[4]), vld1q_u32(&state.t[0])); - - BLAKE2S_ROUND(0); - BLAKE2S_ROUND(1); - BLAKE2S_ROUND(2); - BLAKE2S_ROUND(3); - BLAKE2S_ROUND(4); - BLAKE2S_ROUND(5); - BLAKE2S_ROUND(6); - BLAKE2S_ROUND(7); - BLAKE2S_ROUND(8); - BLAKE2S_ROUND(9); - - vst1q_u32(&state.h[0], veorq_u32(f0, veorq_u32(row1, row3))); - vst1q_u32(&state.h[4], veorq_u32(f1, veorq_u32(row2, row4))); -} - -void BLAKE2_Compress64_NEON(const byte* input, BLAKE2_State& state) -{ - #define BLAKE2B_LOAD_MSG_0_1(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m0), vget_low_u64(m1)); b1 = vcombine_u64(vget_low_u64(m2), vget_low_u64(m3)); } while(0) - - #define BLAKE2B_LOAD_MSG_0_2(b0, b1) \ - do { b0 = vcombine_u64(vget_high_u64(m0), vget_high_u64(m1)); b1 = vcombine_u64(vget_high_u64(m2), vget_high_u64(m3)); } while(0) - - #define BLAKE2B_LOAD_MSG_0_3(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m4), vget_low_u64(m5)); b1 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m7)); } while(0) - - #define BLAKE2B_LOAD_MSG_0_4(b0, b1) \ - do { b0 = vcombine_u64(vget_high_u64(m4), vget_high_u64(m5)); b1 = vcombine_u64(vget_high_u64(m6), vget_high_u64(m7)); } while(0) - - #define BLAKE2B_LOAD_MSG_1_1(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m7), vget_low_u64(m2)); b1 = vcombine_u64(vget_high_u64(m4), vget_high_u64(m6)); } while(0) - - #define BLAKE2B_LOAD_MSG_1_2(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m5), vget_low_u64(m4)); b1 = vextq_u64(m7, m3, 1); } while(0) - - #define BLAKE2B_LOAD_MSG_1_3(b0, b1) \ - do { b0 = vextq_u64(m0, m0, 1); b1 = vcombine_u64(vget_high_u64(m5), vget_high_u64(m2)); } while(0) - - #define BLAKE2B_LOAD_MSG_1_4(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m1)); b1 = vcombine_u64(vget_high_u64(m3), vget_high_u64(m1)); } while(0) - - #define BLAKE2B_LOAD_MSG_2_1(b0, b1) \ - do { b0 = vextq_u64(m5, m6, 1); b1 = vcombine_u64(vget_high_u64(m2), vget_high_u64(m7)); } while(0) - - #define BLAKE2B_LOAD_MSG_2_2(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m4), vget_low_u64(m0)); b1 = vcombine_u64(vget_low_u64(m1), vget_high_u64(m6)); } while(0) - - #define BLAKE2B_LOAD_MSG_2_3(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m5), vget_high_u64(m1)); b1 = vcombine_u64(vget_high_u64(m3), vget_high_u64(m4)); } while(0) - - #define BLAKE2B_LOAD_MSG_2_4(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m7), vget_low_u64(m3)); b1 = vextq_u64(m0, m2, 1); } while(0) - - #define BLAKE2B_LOAD_MSG_3_1(b0, b1) \ - do { b0 = vcombine_u64(vget_high_u64(m3), vget_high_u64(m1)); b1 = vcombine_u64(vget_high_u64(m6), vget_high_u64(m5)); } while(0) - - #define BLAKE2B_LOAD_MSG_3_2(b0, b1) \ - do { b0 = vcombine_u64(vget_high_u64(m4), vget_high_u64(m0)); b1 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m7)); } while(0) - - #define BLAKE2B_LOAD_MSG_3_3(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m1), vget_high_u64(m2)); b1 = vcombine_u64(vget_low_u64(m2), vget_high_u64(m7)); } while(0) - - #define BLAKE2B_LOAD_MSG_3_4(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m3), vget_low_u64(m5)); b1 = vcombine_u64(vget_low_u64(m0), vget_low_u64(m4)); } while(0) - - #define BLAKE2B_LOAD_MSG_4_1(b0, b1) \ - do { b0 = vcombine_u64(vget_high_u64(m4), vget_high_u64(m2)); b1 = vcombine_u64(vget_low_u64(m1), vget_low_u64(m5)); } while(0) - - #define BLAKE2B_LOAD_MSG_4_2(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m0), vget_high_u64(m3)); b1 = vcombine_u64(vget_low_u64(m2), vget_high_u64(m7)); } while(0) - - #define BLAKE2B_LOAD_MSG_4_3(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m7), vget_high_u64(m5)); b1 = vcombine_u64(vget_low_u64(m3), vget_high_u64(m1)); } while(0) - - #define BLAKE2B_LOAD_MSG_4_4(b0, b1) \ - do { b0 = vextq_u64(m0, m6, 1); b1 = vcombine_u64(vget_low_u64(m4), vget_high_u64(m6)); } while(0) - - #define BLAKE2B_LOAD_MSG_5_1(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m1), vget_low_u64(m3)); b1 = vcombine_u64(vget_low_u64(m0), vget_low_u64(m4)); } while(0) - - #define BLAKE2B_LOAD_MSG_5_2(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m5)); b1 = vcombine_u64(vget_high_u64(m5), vget_high_u64(m1)); } while(0) - - #define BLAKE2B_LOAD_MSG_5_3(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m2), vget_high_u64(m3)); b1 = vcombine_u64(vget_high_u64(m7), vget_high_u64(m0)); } while(0) - - #define BLAKE2B_LOAD_MSG_5_4(b0, b1) \ - do { b0 = vcombine_u64(vget_high_u64(m6), vget_high_u64(m2)); b1 = vcombine_u64(vget_low_u64(m7), vget_high_u64(m4)); } while(0) - - #define BLAKE2B_LOAD_MSG_6_1(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m6), vget_high_u64(m0)); b1 = vcombine_u64(vget_low_u64(m7), vget_low_u64(m2)); } while(0) - - #define BLAKE2B_LOAD_MSG_6_2(b0, b1) \ - do { b0 = vcombine_u64(vget_high_u64(m2), vget_high_u64(m7)); b1 = vextq_u64(m6, m5, 1); } while(0) - - #define BLAKE2B_LOAD_MSG_6_3(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m0), vget_low_u64(m3)); b1 = vextq_u64(m4, m4, 1); } while(0) - - #define BLAKE2B_LOAD_MSG_6_4(b0, b1) \ - do { b0 = vcombine_u64(vget_high_u64(m3), vget_high_u64(m1)); b1 = vcombine_u64(vget_low_u64(m1), vget_high_u64(m5)); } while(0) - - #define BLAKE2B_LOAD_MSG_7_1(b0, b1) \ - do { b0 = vcombine_u64(vget_high_u64(m6), vget_high_u64(m3)); b1 = vcombine_u64(vget_low_u64(m6), vget_high_u64(m1)); } while(0) - - #define BLAKE2B_LOAD_MSG_7_2(b0, b1) \ - do { b0 = vextq_u64(m5, m7, 1); b1 = vcombine_u64(vget_high_u64(m0), vget_high_u64(m4)); } while(0) - - #define BLAKE2B_LOAD_MSG_7_3(b0, b1) \ - do { b0 = vcombine_u64(vget_high_u64(m2), vget_high_u64(m7)); b1 = vcombine_u64(vget_low_u64(m4), vget_low_u64(m1)); } while(0) - - #define BLAKE2B_LOAD_MSG_7_4(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m0), vget_low_u64(m2)); b1 = vcombine_u64(vget_low_u64(m3), vget_low_u64(m5)); } while(0) - - #define BLAKE2B_LOAD_MSG_8_1(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m3), vget_low_u64(m7)); b1 = vextq_u64(m5, m0, 1); } while(0) - - #define BLAKE2B_LOAD_MSG_8_2(b0, b1) \ - do { b0 = vcombine_u64(vget_high_u64(m7), vget_high_u64(m4)); b1 = vextq_u64(m1, m4, 1); } while(0) - - #define BLAKE2B_LOAD_MSG_8_3(b0, b1) \ - do { b0 = m6; b1 = vextq_u64(m0, m5, 1); } while(0) - - #define BLAKE2B_LOAD_MSG_8_4(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m1), vget_high_u64(m3)); b1 = m2; } while(0) - - #define BLAKE2B_LOAD_MSG_9_1(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m5), vget_low_u64(m4)); b1 = vcombine_u64(vget_high_u64(m3), vget_high_u64(m0)); } while(0) - - #define BLAKE2B_LOAD_MSG_9_2(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m1), vget_low_u64(m2)); b1 = vcombine_u64(vget_low_u64(m3), vget_high_u64(m2)); } while(0) - - #define BLAKE2B_LOAD_MSG_9_3(b0, b1) \ - do { b0 = vcombine_u64(vget_high_u64(m7), vget_high_u64(m4)); b1 = vcombine_u64(vget_high_u64(m1), vget_high_u64(m6)); } while(0) - - #define BLAKE2B_LOAD_MSG_9_4(b0, b1) \ - do { b0 = vextq_u64(m5, m7, 1); b1 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m0)); } while(0) - - #define BLAKE2B_LOAD_MSG_10_1(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m0), vget_low_u64(m1)); b1 = vcombine_u64(vget_low_u64(m2), vget_low_u64(m3)); } while(0) - - #define BLAKE2B_LOAD_MSG_10_2(b0, b1) \ - do { b0 = vcombine_u64(vget_high_u64(m0), vget_high_u64(m1)); b1 = vcombine_u64(vget_high_u64(m2), vget_high_u64(m3)); } while(0) - - #define BLAKE2B_LOAD_MSG_10_3(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m4), vget_low_u64(m5)); b1 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m7)); } while(0) - - #define BLAKE2B_LOAD_MSG_10_4(b0, b1) \ - do { b0 = vcombine_u64(vget_high_u64(m4), vget_high_u64(m5)); b1 = vcombine_u64(vget_high_u64(m6), vget_high_u64(m7)); } while(0) - - #define BLAKE2B_LOAD_MSG_11_1(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m7), vget_low_u64(m2)); b1 = vcombine_u64(vget_high_u64(m4), vget_high_u64(m6)); } while(0) - - #define BLAKE2B_LOAD_MSG_11_2(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m5), vget_low_u64(m4)); b1 = vextq_u64(m7, m3, 1); } while(0) - - #define BLAKE2B_LOAD_MSG_11_3(b0, b1) \ - do { b0 = vextq_u64(m0, m0, 1); b1 = vcombine_u64(vget_high_u64(m5), vget_high_u64(m2)); } while(0) - - #define BLAKE2B_LOAD_MSG_11_4(b0, b1) \ - do { b0 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m1)); b1 = vcombine_u64(vget_high_u64(m3), vget_high_u64(m1)); } while(0) - - #define vrorq_n_u64_32(x) vreinterpretq_u64_u32(vrev64q_u32(vreinterpretq_u32_u64((x)))) - - #define vrorq_n_u64_24(x) vcombine_u64(\ - vreinterpret_u64_u8(vext_u8(vreinterpret_u8_u64(vget_low_u64(x)), vreinterpret_u8_u64(vget_low_u64(x)), 3)), \ - vreinterpret_u64_u8(vext_u8(vreinterpret_u8_u64(vget_high_u64(x)), vreinterpret_u8_u64(vget_high_u64(x)), 3))) - - #define vrorq_n_u64_16(x) vcombine_u64(\ - vreinterpret_u64_u8(vext_u8(vreinterpret_u8_u64(vget_low_u64(x)), vreinterpret_u8_u64(vget_low_u64(x)), 2)), \ - vreinterpret_u64_u8(vext_u8(vreinterpret_u8_u64(vget_high_u64(x)), vreinterpret_u8_u64(vget_high_u64(x)), 2))) - - #define vrorq_n_u64_63(x) veorq_u64(vaddq_u64(x, x), vshrq_n_u64(x, 63)) - - #define BLAKE2B_G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1) \ - do { \ - row1l = vaddq_u64(vaddq_u64(row1l, b0), row2l); \ - row1h = vaddq_u64(vaddq_u64(row1h, b1), row2h); \ - row4l = veorq_u64(row4l, row1l); row4h = veorq_u64(row4h, row1h); \ - row4l = vrorq_n_u64_32(row4l); row4h = vrorq_n_u64_32(row4h); \ - row3l = vaddq_u64(row3l, row4l); row3h = vaddq_u64(row3h, row4h); \ - row2l = veorq_u64(row2l, row3l); row2h = veorq_u64(row2h, row3h); \ - row2l = vrorq_n_u64_24(row2l); row2h = vrorq_n_u64_24(row2h); \ - } while(0) - - #define BLAKE2B_G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1) \ - do { \ - row1l = vaddq_u64(vaddq_u64(row1l, b0), row2l); \ - row1h = vaddq_u64(vaddq_u64(row1h, b1), row2h); \ - row4l = veorq_u64(row4l, row1l); row4h = veorq_u64(row4h, row1h); \ - row4l = vrorq_n_u64_16(row4l); row4h = vrorq_n_u64_16(row4h); \ - row3l = vaddq_u64(row3l, row4l); row3h = vaddq_u64(row3h, row4h); \ - row2l = veorq_u64(row2l, row3l); row2h = veorq_u64(row2h, row3h); \ - row2l = vrorq_n_u64_63(row2l); row2h = vrorq_n_u64_63(row2h); \ - } while(0) - - #define BLAKE2B_DIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h) \ - do { \ - uint64x2_t t0 = vextq_u64(row2l, row2h, 1); \ - uint64x2_t t1 = vextq_u64(row2h, row2l, 1); \ - row2l = t0; row2h = t1; t0 = row3l; row3l = row3h; row3h = t0; \ - t0 = vextq_u64(row4h, row4l, 1); t1 = vextq_u64(row4l, row4h, 1); \ - row4l = t0; row4h = t1; \ - } while(0) - - #define BLAKE2B_UNDIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h) \ - do { \ - uint64x2_t t0 = vextq_u64(row2h, row2l, 1); \ - uint64x2_t t1 = vextq_u64(row2l, row2h, 1); \ - row2l = t0; row2h = t1; t0 = row3l; row3l = row3h; row3h = t0; \ - t0 = vextq_u64(row4l, row4h, 1); t1 = vextq_u64(row4h, row4l, 1); \ - row4l = t0; row4h = t1; \ - } while(0) - - #define BLAKE2B_ROUND(r) \ - do { \ - uint64x2_t b0, b1; \ - BLAKE2B_LOAD_MSG_ ##r ##_1(b0, b1); \ - BLAKE2B_G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ - BLAKE2B_LOAD_MSG_ ##r ##_2(b0, b1); \ - BLAKE2B_G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ - BLAKE2B_DIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); \ - BLAKE2B_LOAD_MSG_ ##r ##_3(b0, b1); \ - BLAKE2B_G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ - BLAKE2B_LOAD_MSG_ ##r ##_4(b0, b1); \ - BLAKE2B_G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ - BLAKE2B_UNDIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); \ - } while(0) - - CRYPTOPP_ASSERT(IsAlignedOn(&state.h[0],GetAlignmentOf())); - CRYPTOPP_ASSERT(IsAlignedOn(&state.t[0],GetAlignmentOf())); - CRYPTOPP_ASSERT(IsAlignedOn(&state.f[0],GetAlignmentOf())); - - const uint64x2_t m0 = vreinterpretq_u64_u8(vld1q_u8(input + 00)); - const uint64x2_t m1 = vreinterpretq_u64_u8(vld1q_u8(input + 16)); - const uint64x2_t m2 = vreinterpretq_u64_u8(vld1q_u8(input + 32)); - const uint64x2_t m3 = vreinterpretq_u64_u8(vld1q_u8(input + 48)); - const uint64x2_t m4 = vreinterpretq_u64_u8(vld1q_u8(input + 64)); - const uint64x2_t m5 = vreinterpretq_u64_u8(vld1q_u8(input + 80)); - const uint64x2_t m6 = vreinterpretq_u64_u8(vld1q_u8(input + 96)); - const uint64x2_t m7 = vreinterpretq_u64_u8(vld1q_u8(input + 112)); - - uint64x2_t row1l, row1h, row2l, row2h; - uint64x2_t row3l, row3h, row4l, row4h; - - const uint64x2_t h0 = row1l = vld1q_u64(&state.h[0]); - const uint64x2_t h1 = row1h = vld1q_u64(&state.h[2]); - const uint64x2_t h2 = row2l = vld1q_u64(&state.h[4]); - const uint64x2_t h3 = row2h = vld1q_u64(&state.h[6]); - - row3l = vld1q_u64(&BLAKE2B_IV[0]); - row3h = vld1q_u64(&BLAKE2B_IV[2]); - row4l = veorq_u64(vld1q_u64(&BLAKE2B_IV[4]), vld1q_u64(&state.t[0])); - row4h = veorq_u64(vld1q_u64(&BLAKE2B_IV[6]), vld1q_u64(&state.f[0])); - - BLAKE2B_ROUND(0); - BLAKE2B_ROUND(1); - BLAKE2B_ROUND(2); - BLAKE2B_ROUND(3); - BLAKE2B_ROUND(4); - BLAKE2B_ROUND(5); - BLAKE2B_ROUND(6); - BLAKE2B_ROUND(7); - BLAKE2B_ROUND(8); - BLAKE2B_ROUND(9); - BLAKE2B_ROUND(10); - BLAKE2B_ROUND(11); - - vst1q_u64(&state.h[0], veorq_u64(h0, veorq_u64(row1l, row3l))); - vst1q_u64(&state.h[2], veorq_u64(h1, veorq_u64(row1h, row3h))); - vst1q_u64(&state.h[4], veorq_u64(h2, veorq_u64(row2l, row4l))); - vst1q_u64(&state.h[6], veorq_u64(h3, veorq_u64(row2h, row4h))); -} -#endif // CRYPTOPP_ARM_NEON_AVAILABLE - -NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/blake2.cpp b/vendor/cryptopp/vendor_cryptopp/blake2.cpp index 0500e7a0..7646eaa9 100644 --- a/vendor/cryptopp/vendor_cryptopp/blake2.cpp +++ b/vendor/cryptopp/vendor_cryptopp/blake2.cpp @@ -1,6 +1,17 @@ -// blake2.cpp - written and placed in the public domain by Jeffrey Walton and Zooko -// Wilcox-O'Hearn. Based on Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's -// reference BLAKE2 implementation at http://github.com/BLAKE2/BLAKE2. +// blake2.cpp - written and placed in the public domain by Jeffrey Walton +// and Zooko Wilcox-O'Hearn. Based on Aumasson, Neves, +// Wilcox-O'Hearn and Winnerlein's reference BLAKE2 +// implementation at http://github.com/BLAKE2/BLAKE2. +// +// The BLAKE2b and BLAKE2s numbers are consistent with the BLAKE2 team's +// numbers. However, we have an Altivec/POWER7 implementation of BLAKE2s, +// and a POWER8 implementation of BLAKE2b (BLAKE2 is missing them). The +// Altivec/POWER7 code is about 2x faster than C++ when using GCC 5.0 or +// above. The POWER8 code is about 2.5x faster than C++ when using GCC 5.0 +// or above. If you use GCC 4.0 (PowerMac) or GCC 4.8 (GCC Compile Farm) +// then the PowerPC code will be slower than C++. Be sure to use GCC 5.0 +// or above for PowerPC builds or disable Altivec for BLAKE2b and BLAKE2s +// if using the old compilers. #include "pch.h" #include "config.h" @@ -14,6 +25,8 @@ // Do so in both blake2.cpp and blake2-simd.cpp. // #undef CRYPTOPP_SSE41_AVAILABLE // #undef CRYPTOPP_ARM_NEON_AVAILABLE +// #undef CRYPTOPP_ALTIVEC_AVAILABLE +// #undef CRYPTOPP_POWER8_AVAILABLE // Disable NEON/ASIMD for Cortex-A53 and A57. The shifts are too slow and C/C++ is about // 3 cpb faster than NEON/ASIMD. Also see http://github.com/weidai11/cryptopp/issues/367. @@ -21,6 +34,37 @@ # undef CRYPTOPP_ARM_NEON_AVAILABLE #endif +// BLAKE2s bug on AIX 7.1 (POWER7) with XLC 12.01 +// https://github.com/weidai11/cryptopp/issues/743 +#if defined(__xlC__) && (__xlC__ < 0x0d01) +# define CRYPTOPP_DISABLE_ALTIVEC 1 +# define CRYPTOPP_POWER7_ALTIVEC 1 +# undef CRYPTOPP_POWER7_AVAILABLE +# undef CRYPTOPP_ALTIVEC_AVAILABLE +#endif + +NAMESPACE_BEGIN(CryptoPP) + +// Export the tables to the SIMD files +extern const word32 BLAKE2S_IV[8]; +extern const word64 BLAKE2B_IV[8]; + +CRYPTOPP_ALIGN_DATA(16) +const word32 BLAKE2S_IV[8] = { + 0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL, + 0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL +}; + +CRYPTOPP_ALIGN_DATA(16) +const word64 BLAKE2B_IV[8] = { + W64LIT(0x6a09e667f3bcc908), W64LIT(0xbb67ae8584caa73b), + W64LIT(0x3c6ef372fe94f82b), W64LIT(0xa54ff53a5f1d36f1), + W64LIT(0x510e527fade682d1), W64LIT(0x9b05688c2b3e6c1f), + W64LIT(0x1f83d9abfb41bd6b), W64LIT(0x5be0cd19137e2179) +}; + +NAMESPACE_END + ANONYMOUS_NAMESPACE_BEGIN using CryptoPP::byte; @@ -28,27 +72,6 @@ using CryptoPP::word32; using CryptoPP::word64; using CryptoPP::rotrConstant; -template -struct BLAKE2_IV -{ - CRYPTOPP_ALIGN_DATA(16) - static const W iv[8]; -}; - -template <> -const word32 BLAKE2_IV::iv[8] = { - 0x6A09E667UL, 0xBB67AE85UL, 0x3C6EF372UL, 0xA54FF53AUL, - 0x510E527FUL, 0x9B05688CUL, 0x1F83D9ABUL, 0x5BE0CD19UL -}; - -template <> -const word64 BLAKE2_IV::iv[8] = { - W64LIT(0x6a09e667f3bcc908), W64LIT(0xbb67ae8584caa73b), - W64LIT(0x3c6ef372fe94f82b), W64LIT(0xa54ff53a5f1d36f1), - W64LIT(0x510e527fade682d1), W64LIT(0x9b05688c2b3e6c1f), - W64LIT(0x1f83d9abfb41bd6b), W64LIT(0x5be0cd19137e2179) -}; - CRYPTOPP_ALIGN_DATA(16) const byte BLAKE2S_SIGMA[10][16] = { { 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 }, @@ -135,346 +158,575 @@ ANONYMOUS_NAMESPACE_END NAMESPACE_BEGIN(CryptoPP) -void BLAKE2_Compress32_CXX(const byte* input, BLAKE2_State& state); -void BLAKE2_Compress64_CXX(const byte* input, BLAKE2_State& state); +void BLAKE2_Compress32_CXX(const byte* input, BLAKE2s_State& state); +void BLAKE2_Compress64_CXX(const byte* input, BLAKE2b_State& state); #if CRYPTOPP_SSE41_AVAILABLE -extern void BLAKE2_Compress32_SSE4(const byte* input, BLAKE2_State& state); -extern void BLAKE2_Compress64_SSE4(const byte* input, BLAKE2_State& state); +extern void BLAKE2_Compress32_SSE4(const byte* input, BLAKE2s_State& state); +extern void BLAKE2_Compress64_SSE4(const byte* input, BLAKE2b_State& state); #endif #if CRYPTOPP_ARM_NEON_AVAILABLE -extern void BLAKE2_Compress32_NEON(const byte* input, BLAKE2_State& state); -extern void BLAKE2_Compress64_NEON(const byte* input, BLAKE2_State& state); +extern void BLAKE2_Compress32_NEON(const byte* input, BLAKE2s_State& state); +extern void BLAKE2_Compress64_NEON(const byte* input, BLAKE2b_State& state); #endif -BLAKE2_ParameterBlock::BLAKE2_ParameterBlock(size_t digestLen, size_t keyLen, +#if CRYPTOPP_POWER7_AVAILABLE +extern void BLAKE2_Compress32_POWER7(const byte* input, BLAKE2s_State& state); +#elif CRYPTOPP_ALTIVEC_AVAILABLE +extern void BLAKE2_Compress32_ALTIVEC(const byte* input, BLAKE2s_State& state); +#endif + +#if CRYPTOPP_POWER8_AVAILABLE +extern void BLAKE2_Compress64_POWER8(const byte* input, BLAKE2b_State& state); +#endif + +unsigned int BLAKE2b::OptimalDataAlignment() const +{ +#if defined(CRYPTOPP_SSE41_AVAILABLE) + if (HasSSE41()) + return 16; + else +#endif +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + return 4; + else +#endif +#if (CRYPTOPP_POWER8_AVAILABLE) + if (HasPower8()) + return 16; + else +#endif + return GetAlignmentOf(); +} + +std::string BLAKE2b::AlgorithmProvider() const +{ +#if defined(CRYPTOPP_SSE41_AVAILABLE) + if (HasSSE41()) + return "SSE4.1"; + else +#endif +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + return "NEON"; + else +#endif +#if (CRYPTOPP_POWER8_AVAILABLE) + if (HasPower8()) + return "Power8"; + else +#endif + return "C++"; +} + +unsigned int BLAKE2s::OptimalDataAlignment() const +{ +#if defined(CRYPTOPP_SSE41_AVAILABLE) + if (HasSSE41()) + return 16; + else +#endif +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + return 4; + else +#endif +#if (CRYPTOPP_POWER7_AVAILABLE) + if (HasPower7()) + return 16; + else +#elif (CRYPTOPP_ALTIVEC_AVAILABLE) + if (HasAltivec()) + return 16; + else +#endif + return GetAlignmentOf(); +} + +std::string BLAKE2s::AlgorithmProvider() const +{ +#if defined(CRYPTOPP_SSE41_AVAILABLE) + if (HasSSE41()) + return "SSE4.1"; + else +#endif +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + return "NEON"; + else +#endif +#if (CRYPTOPP_POWER7_AVAILABLE) + if (HasPower7()) + return "Power7"; + else +#elif (CRYPTOPP_ALTIVEC_AVAILABLE) + if (HasAltivec()) + return "Altivec"; + else +#endif + return "C++"; +} + +void BLAKE2s_State::Reset() +{ + std::memset(m_hft, 0x00, m_hft.SizeInBytes()); + m_len = 0; +} + +void BLAKE2b_State::Reset() +{ + std::memset(m_hft, 0x00, m_hft.SizeInBytes()); + m_len = 0; +} + +BLAKE2s_ParameterBlock::BLAKE2s_ParameterBlock(size_t digestLen, size_t keyLen, const byte* saltStr, size_t saltLen, const byte* personalizationStr, size_t personalizationLen) { - // Avoid Coverity finding SIZEOF_MISMATCH/suspicious_sizeof - digestLength = (byte)digestLen; - keyLength = (byte)keyLen; - fanout = depth = 1; - nodeDepth = innerLength = 0; - - memset(leafLength, 0x00, COUNTOF(leafLength)); - memset(nodeOffset, 0x00, COUNTOF(nodeOffset)); + Reset(digestLen, keyLen); if (saltStr && saltLen) - { - memcpy_s(salt, COUNTOF(salt), saltStr, saltLen); - const size_t rem = COUNTOF(salt) - saltLen; - const size_t off = COUNTOF(salt) - rem; - if (rem) - memset(salt+off, 0x00, rem); - } - else - { - memset(salt, 0x00, COUNTOF(salt)); - } + memcpy_s(salt(), SALTSIZE, saltStr, saltLen); if (personalizationStr && personalizationLen) - { - memcpy_s(personalization, COUNTOF(personalization), personalizationStr, personalizationLen); - const size_t rem = COUNTOF(personalization) - personalizationLen; - const size_t off = COUNTOF(personalization) - rem; - if (rem) - memset(personalization+off, 0x00, rem); - } - else - { - memset(personalization, 0x00, COUNTOF(personalization)); - } + memcpy_s(personalization(), PERSONALIZATIONSIZE, personalizationStr, personalizationLen); } -BLAKE2_ParameterBlock::BLAKE2_ParameterBlock(size_t digestLen, size_t keyLen, +BLAKE2b_ParameterBlock::BLAKE2b_ParameterBlock(size_t digestLen, size_t keyLen, const byte* saltStr, size_t saltLen, const byte* personalizationStr, size_t personalizationLen) { - // Avoid Coverity finding SIZEOF_MISMATCH/suspicious_sizeof - digestLength = (byte)digestLen; - keyLength = (byte)keyLen; - fanout = depth = 1; - nodeDepth = innerLength = 0; - - memset(rfu, 0x00, COUNTOF(rfu)); - memset(leafLength, 0x00, COUNTOF(leafLength)); - memset(nodeOffset, 0x00, COUNTOF(nodeOffset)); + Reset(digestLen, keyLen); if (saltStr && saltLen) - { - memcpy_s(salt, COUNTOF(salt), saltStr, saltLen); - const size_t rem = COUNTOF(salt) - saltLen; - const size_t off = COUNTOF(salt) - rem; - if (rem) - memset(salt+off, 0x00, rem); - } - else - { - memset(salt, 0x00, COUNTOF(salt)); - } + memcpy_s(salt(), SALTSIZE, saltStr, saltLen); if (personalizationStr && personalizationLen) - { - memcpy_s(personalization, COUNTOF(personalization), personalizationStr, personalizationLen); - const size_t rem = COUNTOF(personalization) - personalizationLen; - const size_t off = COUNTOF(personalization) - rem; - if (rem) - memset(personalization+off, 0x00, rem); - } - else - { - memset(personalization, 0x00, COUNTOF(personalization)); - } + memcpy_s(personalization(), PERSONALIZATIONSIZE, personalizationStr, personalizationLen); } -template -void BLAKE2_Base::UncheckedSetKey(const byte *key, unsigned int length, const CryptoPP::NameValuePairs& params) +void BLAKE2s_ParameterBlock::Reset(size_t digestLen, size_t keyLen) { - if (key && length) - { - AlignedSecByteBlock temp(BLOCKSIZE); - memcpy_s(temp, BLOCKSIZE, key, length); - - const size_t rem = BLOCKSIZE - length; - if (rem) - memset(temp+length, 0x00, rem); - - m_key.swap(temp); - } - else - { - m_key.resize(0); - } - - // Avoid Coverity finding SIZEOF_MISMATCH/suspicious_sizeof - ParameterBlock& block = *m_block.data(); - memset(m_block.data(), 0x00, sizeof(ParameterBlock)); - - block.keyLength = (byte)length; - block.digestLength = (byte)params.GetIntValueWithDefault(Name::DigestSize(), DIGESTSIZE); - block.fanout = block.depth = 1; - - ConstByteArrayParameter t; - if (params.GetValue(Name::Salt(), t) && t.begin() && t.size()) - { - memcpy_s(block.salt, COUNTOF(block.salt), t.begin(), t.size()); - const size_t rem = COUNTOF(block.salt) - t.size(); - const size_t off = COUNTOF(block.salt) - rem; - if (rem) - memset(block.salt+off, 0x00, rem); - } - else - { - memset(block.salt, 0x00, COUNTOF(block.salt)); - } - - if (params.GetValue(Name::Personalization(), t) && t.begin() && t.size()) - { - memcpy_s(block.personalization, COUNTOF(block.personalization), t.begin(), t.size()); - const size_t rem = COUNTOF(block.personalization) - t.size(); - const size_t off = COUNTOF(block.personalization) - rem; - if (rem) - memset(block.personalization+off, 0x00, rem); - } - else - { - memset(block.personalization, 0x00, COUNTOF(block.personalization)); - } + std::memset(m_data, 0x00, m_data.size()); + m_data[DigestOff] = static_cast(digestLen); + m_data[KeyOff] = static_cast(keyLen); + m_data[FanoutOff] = m_data[DepthOff] = 1; } -template -BLAKE2_Base::BLAKE2_Base() : m_state(1), m_block(1), m_digestSize(DIGESTSIZE), m_treeMode(false) +void BLAKE2b_ParameterBlock::Reset(size_t digestLen, size_t keyLen) { - UncheckedSetKey(NULLPTR, 0, g_nullNameValuePairs); - Restart(); + std::memset(m_data, 0x00, m_data.size()); + m_data[DigestOff] = static_cast(digestLen); + m_data[KeyOff] = static_cast(keyLen); + m_data[FanoutOff] = m_data[DepthOff] = 1; } -template -BLAKE2_Base::BLAKE2_Base(bool treeMode, unsigned int digestSize) : m_state(1), m_block(1), m_digestSize(digestSize), m_treeMode(treeMode) +BLAKE2s::BLAKE2s(bool treeMode, unsigned int digestSize) + : m_digestSize(digestSize), m_keyLength(0), m_treeMode(treeMode) { CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE); - UncheckedSetKey(NULLPTR, 0, MakeParameters(Name::DigestSize(), (int)digestSize)(Name::TreeMode(), treeMode, false)); - Restart(); + UncheckedSetKey(NULLPTR, 0, MakeParameters + (Name::DigestSize(), (int)digestSize) + (Name::TreeMode(), treeMode)); } -template -BLAKE2_Base::BLAKE2_Base(const byte *key, size_t keyLength, const byte* salt, size_t saltLength, +BLAKE2b::BLAKE2b(bool treeMode, unsigned int digestSize) + : m_digestSize(digestSize), m_keyLength(0), m_treeMode(treeMode) +{ + CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE); + + UncheckedSetKey(NULLPTR, 0, MakeParameters + (Name::DigestSize(), (int)digestSize) + (Name::TreeMode(), treeMode)); +} + +BLAKE2s::BLAKE2s(const byte *key, size_t keyLength, const byte* salt, size_t saltLength, const byte* personalization, size_t personalizationLength, bool treeMode, unsigned int digestSize) - : m_state(1), m_block(1), m_digestSize(digestSize), m_treeMode(treeMode) + : m_digestSize(digestSize), m_keyLength(static_cast(keyLength)), m_treeMode(treeMode) { CRYPTOPP_ASSERT(keyLength <= MAX_KEYLENGTH); CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE); CRYPTOPP_ASSERT(saltLength <= SALTSIZE); CRYPTOPP_ASSERT(personalizationLength <= PERSONALIZATIONSIZE); - UncheckedSetKey(key, static_cast(keyLength), MakeParameters(Name::DigestSize(),(int)digestSize)(Name::TreeMode(),treeMode, false) - (Name::Salt(), ConstByteArrayParameter(salt, saltLength))(Name::Personalization(), ConstByteArrayParameter(personalization, personalizationLength))); + UncheckedSetKey(key, static_cast(keyLength), MakeParameters + (Name::DigestSize(),(int)digestSize) + (Name::TreeMode(),treeMode) + (Name::Salt(), ConstByteArrayParameter(salt, saltLength)) + (Name::Personalization(), ConstByteArrayParameter(personalization, personalizationLength))); +} + +BLAKE2b::BLAKE2b(const byte *key, size_t keyLength, const byte* salt, size_t saltLength, + const byte* personalization, size_t personalizationLength, bool treeMode, unsigned int digestSize) + : m_digestSize(digestSize), m_keyLength(static_cast(keyLength)), m_treeMode(treeMode) +{ + CRYPTOPP_ASSERT(keyLength <= MAX_KEYLENGTH); + CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE); + CRYPTOPP_ASSERT(saltLength <= SALTSIZE); + CRYPTOPP_ASSERT(personalizationLength <= PERSONALIZATIONSIZE); + + UncheckedSetKey(key, static_cast(keyLength), MakeParameters + (Name::DigestSize(),(int)digestSize) + (Name::TreeMode(),treeMode) + (Name::Salt(), ConstByteArrayParameter(salt, saltLength)) + (Name::Personalization(), ConstByteArrayParameter(personalization, personalizationLength))); +} + +void BLAKE2s::UncheckedSetKey(const byte *key, unsigned int length, const CryptoPP::NameValuePairs& params) +{ + if (key && length) + { + m_key.New(BLOCKSIZE); + std::memcpy(m_key, key, length); + std::memset(m_key + length, 0x00, BLOCKSIZE - length); + m_keyLength = length; + } + else + { + m_key.resize(0); + m_keyLength = 0; + } + + m_digestSize = static_cast(params.GetIntValueWithDefault( + Name::DigestSize(), static_cast(m_digestSize))); + + m_state.Reset(); + m_block.Reset(m_digestSize, m_keyLength); + (void)params.GetValue(Name::TreeMode(), m_treeMode); + + ConstByteArrayParameter t; + if (params.GetValue(Name::Salt(), t) && t.begin() && t.size()) + memcpy_s(m_block.salt(), SALTSIZE, t.begin(), t.size()); + + if (params.GetValue(Name::Personalization(), t) && t.begin() && t.size()) + memcpy_s(m_block.personalization(), PERSONALIZATIONSIZE, t.begin(), t.size()); + Restart(); } -template -void BLAKE2_Base::Restart() +void BLAKE2b::UncheckedSetKey(const byte *key, unsigned int length, const CryptoPP::NameValuePairs& params) { - static const W zero[2] = {0,0}; - Restart(*m_block.data(), zero); -} - -template -void BLAKE2_Base::Restart(const BLAKE2_ParameterBlock& block, const W counter[2]) -{ - // We take a parameter block as a parameter to allow customized state. - // Avoid the copy of the parameter block when we are passing our own block. - if (&block != m_block.data()) + if (key && length) { - memcpy_s(m_block.data(), sizeof(ParameterBlock), &block, sizeof(ParameterBlock)); - m_block.data()->digestLength = (byte)m_digestSize; - m_block.data()->keyLength = (byte)m_key.size(); + m_key.New(BLOCKSIZE); + std::memcpy(m_key, key, length); + std::memset(m_key + length, 0x00, BLOCKSIZE - length); + m_keyLength = length; + } + else + { + m_key.resize(0); + m_keyLength = 0; } - State& state = *m_state.data(); - state.t[0] = state.t[1] = 0, state.f[0] = state.f[1] = 0, state.length = 0; + m_digestSize = static_cast(params.GetIntValueWithDefault( + Name::DigestSize(), static_cast(m_digestSize))); + m_state.Reset(); + m_block.Reset(m_digestSize, m_keyLength); + (void)params.GetValue(Name::TreeMode(), m_treeMode); + + ConstByteArrayParameter t; + if (params.GetValue(Name::Salt(), t) && t.begin() && t.size()) + memcpy_s(m_block.salt(), SALTSIZE, t.begin(), t.size()); + + if (params.GetValue(Name::Personalization(), t) && t.begin() && t.size()) + memcpy_s(m_block.personalization(), PERSONALIZATIONSIZE, t.begin(), t.size()); + + Restart(); +} + +void BLAKE2s::Restart() +{ + static const word32 zero[2] = {0,0}; + Restart(m_block, zero); +} + +void BLAKE2b::Restart() +{ + static const word64 zero[2] = {0,0}; + Restart(m_block, zero); +} + +void BLAKE2s::Restart(const BLAKE2s_ParameterBlock& block, const word32 counter[2]) +{ + // We take a counter as a parameter to allow customized state. + m_state.Reset(); if (counter != NULLPTR) { - state.t[0] = counter[0]; - state.t[1] = counter[1]; + word32* t = m_state.t(); + t[0] = counter[0]; + t[1] = counter[1]; } - const W* iv = BLAKE2_IV::iv; - PutBlock put(m_block.data(), &state.h[0]); + // We take a parameter block as a parameter to allow customized state. + // Avoid the copy of the parameter block when we are passing our own block. + if (block.data() == m_block.data()) + m_block.Reset(m_digestSize, m_keyLength); + else + { + std::memcpy(m_block.data(), block.data(), m_block.size()); + m_block.m_data[BLAKE2s_ParameterBlock::DigestOff] = (byte)m_digestSize; + m_block.m_data[BLAKE2s_ParameterBlock::KeyOff] = (byte)m_keyLength; + } + + const word32* iv = BLAKE2S_IV; + PutBlock put(m_block.data(), m_state.h()); put(iv[0])(iv[1])(iv[2])(iv[3])(iv[4])(iv[5])(iv[6])(iv[7]); - // When BLAKE2 is keyed, the input stream is simply {key||message}. Key it - // during Restart to avoid FirstPut and friends. Key size == 0 means no key. - if (m_key.size()) - Update(m_key, m_key.size()); + // When BLAKE2 is keyed, the input stream is simply {key || 0 || message}. + // The key is padded to a full Blocksize with 0. Key it during Restart to + // avoid FirstPut and friends. Key size == 0 means no key. + if (m_keyLength) + Update(m_key, BLOCKSIZE); } -template -void BLAKE2_Base::Update(const byte *input, size_t length) +void BLAKE2b::Restart(const BLAKE2b_ParameterBlock& block, const word64 counter[2]) { - State& state = *m_state.data(); - if (state.length + length > BLOCKSIZE) + // We take a counter as a parameter to allow customized state. + m_state.Reset(); + if (counter != NULLPTR) { - // Complete current block - const size_t fill = BLOCKSIZE - state.length; - memcpy_s(&state.buffer[state.length], fill, input, fill); + word64* t = m_state.t(); + t[0] = counter[0]; + t[1] = counter[1]; + } - IncrementCounter(); - Compress(state.buffer); - state.length = 0; + // We take a parameter block as a parameter to allow customized state. + // Avoid the copy of the parameter block when we are passing our own block. + if (block.data() == m_block.data()) + m_block.Reset(m_digestSize, m_keyLength); + else + { + std::memcpy(m_block.data(), block.data(), m_block.size()); + m_block.m_data[BLAKE2b_ParameterBlock::DigestOff] = (byte)m_digestSize; + m_block.m_data[BLAKE2b_ParameterBlock::KeyOff] = (byte)m_keyLength; + } - length -= fill, input += fill; + const word64* iv = BLAKE2B_IV; + PutBlock put(m_block.data(), m_state.h()); + put(iv[0])(iv[1])(iv[2])(iv[3])(iv[4])(iv[5])(iv[6])(iv[7]); + + // When BLAKE2 is keyed, the input stream is simply {key || 0 || message}. + // The key is padded to a full Blocksize with 0. Key it during Restart to + // avoid FirstPut and friends. Key size == 0 means no key. + if (m_keyLength) + Update(m_key, BLOCKSIZE); +} + +void BLAKE2s::Update(const byte *input, size_t length) +{ + CRYPTOPP_ASSERT(input != NULLPTR || length == 0); + + if (length > BLOCKSIZE - m_state.m_len) + { + if (m_state.m_len != 0) + { + // Complete current block + const size_t fill = BLOCKSIZE - m_state.m_len; + std::memcpy(m_state.m_buf+m_state.m_len, input, fill); + + IncrementCounter(BLOCKSIZE); + Compress(m_state.m_buf); + m_state.m_len = 0; + + length -= fill, input += fill; + } // Compress in-place to avoid copies while (length > BLOCKSIZE) { - IncrementCounter(); + IncrementCounter(BLOCKSIZE); Compress(input); length -= BLOCKSIZE, input += BLOCKSIZE; } } // Copy tail bytes - if (input && length) + if (length) { - CRYPTOPP_ASSERT(length <= BLOCKSIZE - state.length); - memcpy_s(&state.buffer[state.length], length, input, length); - state.length += static_cast(length); + CRYPTOPP_ASSERT(length <= BLOCKSIZE - m_state.m_len); + std::memcpy(m_state.m_buf+m_state.m_len, input, length); + m_state.m_len += static_cast(length); } } -template -void BLAKE2_Base::TruncatedFinal(byte *hash, size_t size) +void BLAKE2b::Update(const byte *input, size_t length) { + CRYPTOPP_ASSERT(input != NULLPTR || length == 0); + + if (length > BLOCKSIZE - m_state.m_len) + { + if (m_state.m_len != 0) + { + // Complete current block + const size_t fill = BLOCKSIZE - m_state.m_len; + std::memcpy(m_state.m_buf+m_state.m_len, input, fill); + + IncrementCounter(BLOCKSIZE); + Compress(m_state.m_buf); + m_state.m_len = 0; + + length -= fill, input += fill; + } + + // Compress in-place to avoid copies + while (length > BLOCKSIZE) + { + CRYPTOPP_ASSERT(m_state.m_len == 0); + IncrementCounter(BLOCKSIZE); + Compress(input); + length -= BLOCKSIZE, input += BLOCKSIZE; + } + } + + // Copy tail bytes + if (length) + { + CRYPTOPP_ASSERT(length <= BLOCKSIZE - m_state.m_len); + std::memcpy(m_state.m_buf + m_state.m_len, input, length); + m_state.m_len += static_cast(length); + } +} + +void BLAKE2s::TruncatedFinal(byte *hash, size_t size) +{ + CRYPTOPP_ASSERT(hash != NULLPTR); this->ThrowIfInvalidTruncatedSize(size); + word32* f = m_state.f(); // Set last block unconditionally - State& state = *m_state.data(); - state.f[0] = static_cast(-1); + f[0] = ~static_cast(0); // Set last node if tree mode if (m_treeMode) - state.f[1] = static_cast(-1); + f[1] = ~static_cast(0); // Increment counter for tail bytes only - IncrementCounter(state.length); + IncrementCounter(m_state.m_len); - memset(state.buffer + state.length, 0x00, BLOCKSIZE - state.length); - Compress(state.buffer); + std::memset(m_state.m_buf + m_state.m_len, 0x00, BLOCKSIZE - m_state.m_len); + Compress(m_state.m_buf); // Copy to caller buffer - memcpy_s(hash, size, &state.h[0], size); + std::memcpy(hash, m_state.h(), size); Restart(); } -template -void BLAKE2_Base::IncrementCounter(size_t count) +void BLAKE2b::TruncatedFinal(byte *hash, size_t size) { - State& state = *m_state.data(); - state.t[0] += static_cast(count); - state.t[1] += !!(state.t[0] < count); + CRYPTOPP_ASSERT(hash != NULLPTR); + this->ThrowIfInvalidTruncatedSize(size); + word64* f = m_state.f(); + + // Set last block unconditionally + f[0] = ~static_cast(0); + + // Set last node if tree mode + if (m_treeMode) + f[1] = ~static_cast(0); + + // Increment counter for tail bytes only + IncrementCounter(m_state.m_len); + + std::memset(m_state.m_buf + m_state.m_len, 0x00, BLOCKSIZE - m_state.m_len); + Compress(m_state.m_buf); + + // Copy to caller buffer + std::memcpy(hash, m_state.h(), size); + + Restart(); } -template <> -void BLAKE2_Base::Compress(const byte *input) +void BLAKE2s::IncrementCounter(size_t count) +{ + word32* t = m_state.t(); + t[0] += static_cast(count); + t[1] += !!(t[0] < count); +} + +void BLAKE2b::IncrementCounter(size_t count) +{ + word64* t = m_state.t(); + t[0] += static_cast(count); + t[1] += !!(t[0] < count); +} + +void BLAKE2s::Compress(const byte *input) { #if CRYPTOPP_SSE41_AVAILABLE if(HasSSE41()) { - return BLAKE2_Compress64_SSE4(input, *m_state.data()); + return BLAKE2_Compress32_SSE4(input, m_state); } #endif #if CRYPTOPP_ARM_NEON_AVAILABLE if(HasNEON()) { - return BLAKE2_Compress64_NEON(input, *m_state.data()); + return BLAKE2_Compress32_NEON(input, m_state); } #endif - return BLAKE2_Compress64_CXX(input, *m_state.data()); +#if CRYPTOPP_POWER7_AVAILABLE + if(HasPower7()) + { + return BLAKE2_Compress32_POWER7(input, m_state); + } +#elif CRYPTOPP_ALTIVEC_AVAILABLE + if(HasAltivec()) + { + return BLAKE2_Compress32_ALTIVEC(input, m_state); + } +#endif + return BLAKE2_Compress32_CXX(input, m_state); } -template <> -void BLAKE2_Base::Compress(const byte *input) +void BLAKE2b::Compress(const byte *input) { #if CRYPTOPP_SSE41_AVAILABLE if(HasSSE41()) { - return BLAKE2_Compress32_SSE4(input, *m_state.data()); + return BLAKE2_Compress64_SSE4(input, m_state); } #endif #if CRYPTOPP_ARM_NEON_AVAILABLE if(HasNEON()) { - return BLAKE2_Compress32_NEON(input, *m_state.data()); + return BLAKE2_Compress64_NEON(input, m_state); } #endif - return BLAKE2_Compress32_CXX(input, *m_state.data()); +#if CRYPTOPP_POWER8_AVAILABLE + if(HasPower8()) + { + return BLAKE2_Compress64_POWER8(input, m_state); + } +#endif + return BLAKE2_Compress64_CXX(input, m_state); } -void BLAKE2_Compress64_CXX(const byte* input, BLAKE2_State& state) +void BLAKE2_Compress64_CXX(const byte* input, BLAKE2b_State& state) { word64 m[16], v[16]; GetBlock get1(input); get1(m[0])(m[1])(m[2])(m[3])(m[4])(m[5])(m[6])(m[7])(m[8])(m[9])(m[10])(m[11])(m[12])(m[13])(m[14])(m[15]); - GetBlock get2(&state.h[0]); + GetBlock get2(state.h()); get2(v[0])(v[1])(v[2])(v[3])(v[4])(v[5])(v[6])(v[7]); - const word64* iv = BLAKE2_IV::iv; + const word64* iv = BLAKE2B_IV; + const word64* tf = state.t(); v[ 8] = iv[0]; v[ 9] = iv[1]; v[10] = iv[2]; v[11] = iv[3]; - v[12] = state.t[0] ^ iv[4]; - v[13] = state.t[1] ^ iv[5]; - v[14] = state.f[0] ^ iv[6]; - v[15] = state.f[1] ^ iv[7]; + v[12] = tf[0] ^ iv[4]; + v[13] = tf[1] ^ iv[5]; + v[14] = tf[2] ^ iv[6]; + v[15] = tf[3] ^ iv[7]; BLAKE2B_ROUND<0>(m, v); BLAKE2B_ROUND<1>(m, v); @@ -489,29 +741,31 @@ void BLAKE2_Compress64_CXX(const byte* input, BLAKE2_State& state) BLAKE2B_ROUND<10>(m, v); BLAKE2B_ROUND<11>(m, v); - for(unsigned int i = 0; i < 8; ++i) - state.h[i] = state.h[i] ^ ConditionalByteReverse(LittleEndian::ToEnum(), v[i] ^ v[i + 8]); + word64* h = state.h(); + for (unsigned int i = 0; i < 8; ++i) + h[i] = h[i] ^ ConditionalByteReverse(LITTLE_ENDIAN_ORDER, v[i] ^ v[i + 8]); } -void BLAKE2_Compress32_CXX(const byte* input, BLAKE2_State& state) +void BLAKE2_Compress32_CXX(const byte* input, BLAKE2s_State& state) { word32 m[16], v[16]; GetBlock get1(input); get1(m[0])(m[1])(m[2])(m[3])(m[4])(m[5])(m[6])(m[7])(m[8])(m[9])(m[10])(m[11])(m[12])(m[13])(m[14])(m[15]); - GetBlock get2(&state.h[0]); + GetBlock get2(state.h()); get2(v[0])(v[1])(v[2])(v[3])(v[4])(v[5])(v[6])(v[7]); - const word32* iv = BLAKE2_IV::iv; + const word32* iv = BLAKE2S_IV; + const word32* tf = state.t(); v[ 8] = iv[0]; v[ 9] = iv[1]; v[10] = iv[2]; v[11] = iv[3]; - v[12] = state.t[0] ^ iv[4]; - v[13] = state.t[1] ^ iv[5]; - v[14] = state.f[0] ^ iv[6]; - v[15] = state.f[1] ^ iv[7]; + v[12] = tf[0] ^ iv[4]; + v[13] = tf[1] ^ iv[5]; + v[14] = tf[2] ^ iv[6]; + v[15] = tf[3] ^ iv[7]; BLAKE2S_ROUND<0>(m, v); BLAKE2S_ROUND<1>(m, v); @@ -524,11 +778,9 @@ void BLAKE2_Compress32_CXX(const byte* input, BLAKE2_State& state BLAKE2S_ROUND<8>(m, v); BLAKE2S_ROUND<9>(m, v); - for(unsigned int i = 0; i < 8; ++i) - state.h[i] = state.h[i] ^ ConditionalByteReverse(LittleEndian::ToEnum(), v[i] ^ v[i + 8]); + word32* h = state.h(); + for (unsigned int i = 0; i < 8; ++i) + h[i] = h[i] ^ ConditionalByteReverse(LITTLE_ENDIAN_ORDER, v[i] ^ v[i + 8]); } -template class BLAKE2_Base; -template class BLAKE2_Base; - NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/blake2.h b/vendor/cryptopp/vendor_cryptopp/blake2.h index fe3c9695..1d977707 100644 --- a/vendor/cryptopp/vendor_cryptopp/blake2.h +++ b/vendor/cryptopp/vendor_cryptopp/blake2.h @@ -1,6 +1,7 @@ -// blake2.h - written and placed in the public domain by Jeffrey Walton and Zooko -// Wilcox-O'Hearn. Based on Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's -// reference BLAKE2 implementation at http://github.com/BLAKE2/BLAKE2. +// blake2.h - written and placed in the public domain by Jeffrey Walton +// and Zooko Wilcox-O'Hearn. Based on Aumasson, Neves, +// Wilcox-O'Hearn and Winnerlein's reference BLAKE2 +// implementation at http://github.com/BLAKE2/BLAKE2. /// \file blake2.h /// \brief Classes for BLAKE2b and BLAKE2s message digests and keyed message digests @@ -9,10 +10,8 @@ /// Static algorithm name return either "BLAKE2b" or "BLAKE2s". An object algorithm name follows /// the naming described in RFC 7693, The /// BLAKE2 Cryptographic Hash and Message Authentication Code (MAC). -/// \details The library provides specialized SSE2, SSE4 and NEON version of the BLAKE2 compression -/// function. For best results under ARM NEON, specify both an architecture and cpu. For example: -///

CXXFLAGS="-DNDEBUG -march=armv8-a+crc -mcpu=cortex-a53 ..."
-/// \since Crypto++ 5.6.4 +/// \since C++ since Crypto++ 5.6.4, SSE since Crypto++ 5.6.4, NEON since Crypto++ 6.0, +/// Power8 since Crypto++ 8.0 #ifndef CRYPTOPP_BLAKE2_H #define CRYPTOPP_BLAKE2_H @@ -23,249 +22,206 @@ NAMESPACE_BEGIN(CryptoPP) -/// \brief BLAKE2 hash information -/// \tparam T_64bit flag indicating 64-bit +/// \brief BLAKE2s hash information /// \since Crypto++ 5.6.4 -template -struct BLAKE2_Info : public VariableKeyLength<(T_64bit ? 64 : 32),0,(T_64bit ? 64 : 32),1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE> +struct BLAKE2s_Info : public VariableKeyLength<32,0,32,1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE> { - typedef VariableKeyLength<(T_64bit ? 64 : 32),0,(T_64bit ? 64 : 32),1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE> KeyBase; - CRYPTOPP_CONSTANT(MIN_KEYLENGTH = KeyBase::MIN_KEYLENGTH) - CRYPTOPP_CONSTANT(MAX_KEYLENGTH = KeyBase::MAX_KEYLENGTH) - CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = KeyBase::DEFAULT_KEYLENGTH) + typedef VariableKeyLength<32,0,32,1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE> KeyBase; + CRYPTOPP_CONSTANT(MIN_KEYLENGTH = KeyBase::MIN_KEYLENGTH) + CRYPTOPP_CONSTANT(MAX_KEYLENGTH = KeyBase::MAX_KEYLENGTH) + CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = KeyBase::DEFAULT_KEYLENGTH) - CRYPTOPP_CONSTANT(BLOCKSIZE = (T_64bit ? 128 : 64)) - CRYPTOPP_CONSTANT(DIGESTSIZE = (T_64bit ? 64 : 32)) - CRYPTOPP_CONSTANT(SALTSIZE = (T_64bit ? 16 : 8)) - CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = (T_64bit ? 16 : 8)) + CRYPTOPP_CONSTANT(BLOCKSIZE = 64) + CRYPTOPP_CONSTANT(DIGESTSIZE = 32) + CRYPTOPP_CONSTANT(SALTSIZE = 8) + CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = 8) - CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return (T_64bit ? "BLAKE2b" : "BLAKE2s");} + CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "BLAKE2s";} }; -/// \brief BLAKE2 parameter block -/// \tparam T_64bit flag indicating 64-bit -/// \details BLAKE2b uses BLAKE2_ParameterBlock, while BLAKE2s -/// uses BLAKE2_ParameterBlock. +/// \brief BLAKE2b hash information /// \since Crypto++ 5.6.4 -template -struct CRYPTOPP_NO_VTABLE BLAKE2_ParameterBlock +struct BLAKE2b_Info : public VariableKeyLength<64,0,64,1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE> { + typedef VariableKeyLength<64,0,64,1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE> KeyBase; + CRYPTOPP_CONSTANT(MIN_KEYLENGTH = KeyBase::MIN_KEYLENGTH) + CRYPTOPP_CONSTANT(MAX_KEYLENGTH = KeyBase::MAX_KEYLENGTH) + CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = KeyBase::DEFAULT_KEYLENGTH) + + CRYPTOPP_CONSTANT(BLOCKSIZE = 128) + CRYPTOPP_CONSTANT(DIGESTSIZE = 64) + CRYPTOPP_CONSTANT(SALTSIZE = 16) + CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = 16) + + CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "BLAKE2b";} }; -/// \brief BLAKE2b parameter block specialization -template<> -struct CRYPTOPP_NO_VTABLE BLAKE2_ParameterBlock +/// \brief BLAKE2s parameter block +struct CRYPTOPP_NO_VTABLE BLAKE2s_ParameterBlock { - CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2_Info::SALTSIZE) - CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2_Info::DIGESTSIZE) - CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2_Info::PERSONALIZATIONSIZE) + CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2s_Info::SALTSIZE) + CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2s_Info::DIGESTSIZE) + CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2s_Info::PERSONALIZATIONSIZE) - BLAKE2_ParameterBlock() - { - memset(this, 0x00, sizeof(*this)); - digestLength = DIGESTSIZE; - fanout = depth = 1; - } + BLAKE2s_ParameterBlock() + { + Reset(); + } - BLAKE2_ParameterBlock(size_t digestSize) - { - CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE); - memset(this, 0x00, sizeof(*this)); - digestLength = (byte)digestSize; - fanout = depth = 1; - } + BLAKE2s_ParameterBlock(size_t digestSize) + { + Reset(digestSize); + } - BLAKE2_ParameterBlock(size_t digestSize, size_t keyLength, const byte* salt, size_t saltLength, - const byte* personalization, size_t personalizationLength); + BLAKE2s_ParameterBlock(size_t digestSize, size_t keyLength, const byte* salt, size_t saltLength, + const byte* personalization, size_t personalizationLength); - byte digestLength; - byte keyLength, fanout, depth; - byte leafLength[4]; - byte nodeOffset[8]; - byte nodeDepth, innerLength, rfu[14]; - byte salt[SALTSIZE]; - byte personalization[PERSONALIZATIONSIZE]; + void Reset(size_t digestLength=DIGESTSIZE, size_t keyLength=0); + + byte* data() { + return m_data.data(); + } + + const byte* data() const { + return m_data.data(); + } + + size_t size() const { + return m_data.size(); + } + + byte* salt() { + return m_data + SaltOff; + } + + byte* personalization() { + return m_data + PersonalizationOff; + } + + // Offsets into the byte array + enum { + DigestOff = 0, KeyOff = 1, FanoutOff = 2, DepthOff = 3, LeafOff = 4, NodeOff = 8, + NodeDepthOff = 14, InnerOff = 15, SaltOff = 16, PersonalizationOff = 24 + }; + + FixedSizeAlignedSecBlock m_data; }; -/// \brief BLAKE2s parameter block specialization -template<> -struct CRYPTOPP_NO_VTABLE BLAKE2_ParameterBlock +/// \brief BLAKE2b parameter block +struct CRYPTOPP_NO_VTABLE BLAKE2b_ParameterBlock { - CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2_Info::SALTSIZE) - CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2_Info::DIGESTSIZE) - CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2_Info::PERSONALIZATIONSIZE) + CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2b_Info::SALTSIZE) + CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2b_Info::DIGESTSIZE) + CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2b_Info::PERSONALIZATIONSIZE) - BLAKE2_ParameterBlock() - { - memset(this, 0x00, sizeof(*this)); - digestLength = DIGESTSIZE; - fanout = depth = 1; - } + BLAKE2b_ParameterBlock() + { + Reset(); + } - BLAKE2_ParameterBlock(size_t digestSize) - { - CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE); - memset(this, 0x00, sizeof(*this)); - digestLength = (byte)digestSize; - fanout = depth = 1; - } + BLAKE2b_ParameterBlock(size_t digestSize) + { + Reset(digestSize); + } - BLAKE2_ParameterBlock(size_t digestSize, size_t keyLength, const byte* salt, size_t saltLength, - const byte* personalization, size_t personalizationLength); + BLAKE2b_ParameterBlock(size_t digestSize, size_t keyLength, const byte* salt, size_t saltLength, + const byte* personalization, size_t personalizationLength); - byte digestLength; - byte keyLength, fanout, depth; - byte leafLength[4]; - byte nodeOffset[6]; - byte nodeDepth, innerLength; - byte salt[SALTSIZE]; - byte personalization[PERSONALIZATIONSIZE]; + void Reset(size_t digestLength=DIGESTSIZE, size_t keyLength=0); + + byte* data() { + return m_data.data(); + } + + const byte* data() const { + return m_data.data(); + } + + size_t size() const { + return m_data.size(); + } + + byte* salt() { + return m_data + SaltOff; + } + + byte* personalization() { + return m_data + PersonalizationOff; + } + + // Offsets into the byte array + enum { + DigestOff = 0, KeyOff = 1, FanoutOff = 2, DepthOff = 3, LeafOff = 4, NodeOff = 8, + NodeDepthOff = 16, InnerOff = 17, RfuOff = 18, SaltOff = 32, PersonalizationOff = 48 + }; + + FixedSizeAlignedSecBlock m_data; }; -/// \brief BLAKE2 state information -/// \tparam W word type -/// \tparam T_64bit flag indicating 64-bit -/// \details BLAKE2b uses BLAKE2_State, while BLAKE2s -/// uses BLAKE2_State. +/// \brief BLAKE2s state information /// \since Crypto++ 5.6.4 -template -struct CRYPTOPP_NO_VTABLE BLAKE2_State +struct CRYPTOPP_NO_VTABLE BLAKE2s_State { - CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2_Info::BLOCKSIZE) + BLAKE2s_State() { + Reset(); + } - BLAKE2_State() - { - // Set all members except scratch buffer[] - h[0]=h[1]=h[2]=h[3]=h[4]=h[5]=h[6]=h[7] = 0; - t[0]=t[1]=f[0]=f[1] = 0; - length = 0; - } + void Reset(); - // SSE2, SSE4 and NEON depend upon t[] and f[] being side-by-side - W h[8], t[2], f[2]; - byte buffer[BLOCKSIZE]; - size_t length; + inline word32* h() { + return m_hft.data(); + } + + inline word32* t() { + return m_hft.data() + 8; + } + + inline word32* f() { + return m_hft.data() + 10; + } + + inline byte* data() { + return m_buf.data(); + } + + // SSE4, Power7 and NEON depend upon t[] and f[] being side-by-side + CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2s_Info::BLOCKSIZE) + FixedSizeAlignedSecBlock m_hft; + FixedSizeAlignedSecBlock m_buf; + size_t m_len; }; -/// \brief BLAKE2 hash implementation -/// \tparam W word type -/// \tparam T_64bit flag indicating 64-bit -/// \details BLAKE2b uses BLAKE2_Base, while BLAKE2s -/// uses BLAKE2_Base. +/// \brief BLAKE2b state information /// \since Crypto++ 5.6.4 -template -class BLAKE2_Base : public SimpleKeyingInterfaceImpl > +struct CRYPTOPP_NO_VTABLE BLAKE2b_State { -public: - CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = BLAKE2_Info::DEFAULT_KEYLENGTH) - CRYPTOPP_CONSTANT(MIN_KEYLENGTH = BLAKE2_Info::MIN_KEYLENGTH) - CRYPTOPP_CONSTANT(MAX_KEYLENGTH = BLAKE2_Info::MAX_KEYLENGTH) + BLAKE2b_State() { + Reset(); + } - CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2_Info::DIGESTSIZE) - CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2_Info::BLOCKSIZE) - CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2_Info::SALTSIZE) - CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2_Info::PERSONALIZATIONSIZE) + void Reset(); - typedef BLAKE2_State State; - typedef BLAKE2_ParameterBlock ParameterBlock; - typedef SecBlock > AlignedState; - typedef SecBlock > AlignedParameterBlock; + inline word64* h() { + return m_hft.data(); + } - virtual ~BLAKE2_Base() {} + inline word64* t() { + return m_hft.data() + 8; + } - /// \brief Retrieve the static algorithm name - /// \returns the algorithm name (BLAKE2s or BLAKE2b) - CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return BLAKE2_Info::StaticAlgorithmName();} + inline word64* f() { + return m_hft.data() + 10; + } - /// \brief Retrieve the object's name - /// \returns the object's algorithm name following RFC 7693 - /// \details Object algorithm name follows the naming described in - /// RFC 7693, The BLAKE2 Cryptographic Hash and - /// Message Authentication Code (MAC). For example, "BLAKE2b-512" and "BLAKE2s-256". - std::string AlgorithmName() const {return std::string(StaticAlgorithmName()) + "-" + IntToString(this->DigestSize()*8);} + inline byte* data() { + return m_buf.data(); + } - unsigned int DigestSize() const {return m_digestSize;} - unsigned int OptimalDataAlignment() const {return (CRYPTOPP_BOOL_ALIGN16 ? 16 : GetAlignmentOf());} - - void Update(const byte *input, size_t length); - void Restart(); - - /// \brief Restart a hash with parameter block and counter - /// \param block parameter block - /// \param counter counter array - /// \details Parameter block is persisted across calls to Restart(). - void Restart(const BLAKE2_ParameterBlock& block, const W counter[2]); - - /// \brief Set tree mode - /// \param mode the new tree mode - /// \details BLAKE2 has two finalization flags, called State::f[0] and State::f[1]. - /// If treeMode=false (default), then State::f[1] is never set. If - /// treeMode=true, then State::f[1] is set when State::f[0] is set. - /// Tree mode is persisted across calls to Restart(). - void SetTreeMode(bool mode) {m_treeMode=mode;} - - /// \brief Get tree mode - /// \returns the current tree mode - /// \details Tree mode is persisted across calls to Restart(). - bool GetTreeMode() const {return m_treeMode;} - - void TruncatedFinal(byte *hash, size_t size); - -protected: - BLAKE2_Base(); - BLAKE2_Base(bool treeMode, unsigned int digestSize); - BLAKE2_Base(const byte *key, size_t keyLength, const byte* salt, size_t saltLength, - const byte* personalization, size_t personalizationLength, - bool treeMode, unsigned int digestSize); - - // Operates on state buffer and/or input. Must be BLOCKSIZE, final block will pad with 0's. - void Compress(const byte *input); - inline void IncrementCounter(size_t count=BLOCKSIZE); - - void UncheckedSetKey(const byte* key, unsigned int length, const CryptoPP::NameValuePairs& params); - -private: - AlignedState m_state; - AlignedParameterBlock m_block; - AlignedSecByteBlock m_key; - word32 m_digestSize; - bool m_treeMode; -}; - -/// \brief The BLAKE2b cryptographic hash function -/// \details BLAKE2b can function as both a hash and keyed hash. If you want only the hash, -/// then use the BLAKE2b constructor that accepts no parameters or digest size. If you -/// want a keyed hash, then use the constructor that accpts the key as a parameter. -/// Once a key and digest size are selected, its effectively immutable. The Restart() -/// method that accepts a ParameterBlock does not allow you to change it. -/// \sa Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's -/// BLAKE2: simpler, smaller, fast as MD5 (2013.01.29). -/// \since Crypto++ 5.6.4 -class BLAKE2b : public BLAKE2_Base -{ -public: - typedef BLAKE2_Base ThisBase; // Early Visual Studio workaround - typedef BLAKE2_ParameterBlock ParameterBlock; - CRYPTOPP_COMPILE_ASSERT(sizeof(ParameterBlock) == 64); - - /// \brief Construct a BLAKE2b hash - /// \param digestSize the digest size, in bytes - /// \param treeMode flag indicating tree mode - BLAKE2b(bool treeMode=false, unsigned int digestSize = DIGESTSIZE) : ThisBase(treeMode, digestSize) {} - - /// \brief Construct a BLAKE2b hash - /// \param key a byte array used to key the cipher - /// \param keyLength the size of the byte array - /// \param salt a byte array used as salt - /// \param saltLength the size of the byte array - /// \param personalization a byte array used as prsonalization string - /// \param personalizationLength the size of the byte array - /// \param treeMode flag indicating tree mode - /// \param digestSize the digest size, in bytes - BLAKE2b(const byte *key, size_t keyLength, const byte* salt = NULLPTR, size_t saltLength = 0, - const byte* personalization = NULLPTR, size_t personalizationLength = 0, - bool treeMode=false, unsigned int digestSize = DIGESTSIZE) - : ThisBase(key, keyLength, salt, saltLength, personalization, personalizationLength, treeMode, digestSize) {} + // SSE4, Power8 and NEON depend upon t[] and f[] being side-by-side + CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2b_Info::BLOCKSIZE) + FixedSizeAlignedSecBlock m_hft; + FixedSizeAlignedSecBlock m_buf; + size_t m_len; }; /// \brief The BLAKE2s cryptographic hash function @@ -276,32 +232,193 @@ public: /// method that accepts a ParameterBlock does not allow you to change it. /// \sa Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's /// BLAKE2: simpler, smaller, fast as MD5 (2013.01.29). -/// \since Crypto++ 5.6.4 -class BLAKE2s : public BLAKE2_Base +/// \since C++ since Crypto++ 5.6.4, SSE since Crypto++ 5.6.4, NEON since Crypto++ 6.0, +/// Power8 since Crypto++ 8.0 +class BLAKE2s : public SimpleKeyingInterfaceImpl { public: - typedef BLAKE2_Base ThisBase; // Early Visual Studio workaround - typedef BLAKE2_ParameterBlock ParameterBlock; - CRYPTOPP_COMPILE_ASSERT(sizeof(ParameterBlock) == 32); + CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = BLAKE2s_Info::DEFAULT_KEYLENGTH) + CRYPTOPP_CONSTANT(MIN_KEYLENGTH = BLAKE2s_Info::MIN_KEYLENGTH) + CRYPTOPP_CONSTANT(MAX_KEYLENGTH = BLAKE2s_Info::MAX_KEYLENGTH) - /// \brief Construct a BLAKE2s hash - /// \param digestSize the digest size, in bytes - /// \param treeMode flag indicating tree mode - BLAKE2s(bool treeMode=false, unsigned int digestSize = DIGESTSIZE) : ThisBase(treeMode, digestSize) {} + CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2s_Info::DIGESTSIZE) + CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2s_Info::BLOCKSIZE) + CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2s_Info::SALTSIZE) + CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2s_Info::PERSONALIZATIONSIZE) - /// \brief Construct a BLAKE2s hash - /// \param key a byte array used to key the cipher - /// \param keyLength the size of the byte array - /// \param salt a byte array used as salt - /// \param saltLength the size of the byte array - /// \param personalization a byte array used as prsonalization string - /// \param personalizationLength the size of the byte array - /// \param treeMode flag indicating tree mode - /// \param digestSize the digest size, in bytes - BLAKE2s(const byte *key, size_t keyLength, const byte* salt = NULLPTR, size_t saltLength = 0, - const byte* personalization = NULLPTR, size_t personalizationLength = 0, - bool treeMode=false, unsigned int digestSize = DIGESTSIZE) - : ThisBase(key, keyLength, salt, saltLength, personalization, personalizationLength, treeMode, digestSize) {} + typedef BLAKE2s_State State; + typedef BLAKE2s_ParameterBlock ParameterBlock; + + CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "BLAKE2s";} + + virtual ~BLAKE2s() {} + + /// \brief Construct a BLAKE2s hash + /// \param digestSize the digest size, in bytes + /// \param treeMode flag indicating tree mode + BLAKE2s(bool treeMode=false, unsigned int digestSize = DIGESTSIZE); + + /// \brief Construct a BLAKE2s hash + /// \param key a byte array used to key the cipher + /// \param keyLength the size of the byte array + /// \param salt a byte array used as salt + /// \param saltLength the size of the byte array + /// \param personalization a byte array used as prsonalization string + /// \param personalizationLength the size of the byte array + /// \param treeMode flag indicating tree mode + /// \param digestSize the digest size, in bytes + BLAKE2s(const byte *key, size_t keyLength, const byte* salt = NULLPTR, size_t saltLength = 0, + const byte* personalization = NULLPTR, size_t personalizationLength = 0, + bool treeMode=false, unsigned int digestSize = DIGESTSIZE); + + /// \brief Retrieve the object's name + /// \returns the object's algorithm name following RFC 7693 + /// \details Object algorithm name follows the naming described in + /// RFC 7693, The BLAKE2 Cryptographic Hash and + /// Message Authentication Code (MAC). For example, "BLAKE2b-512" and "BLAKE2s-256". + std::string AlgorithmName() const {return std::string(BLAKE2s_Info::StaticAlgorithmName()) + "-" + IntToString(DigestSize()*8);} + + unsigned int DigestSize() const {return m_digestSize;} + unsigned int OptimalDataAlignment() const; + + void Update(const byte *input, size_t length); + void Restart(); + + /// \brief Restart a hash with parameter block and counter + /// \param block parameter block + /// \param counter counter array + /// \details Parameter block is persisted across calls to Restart(). + void Restart(const BLAKE2s_ParameterBlock& block, const word32 counter[2]); + + /// \brief Set tree mode + /// \param mode the new tree mode + /// \details BLAKE2 has two finalization flags, called State::f[0] and State::f[1]. + /// If treeMode=false (default), then State::f[1] is never set. If + /// treeMode=true, then State::f[1] is set when State::f[0] is set. + /// Tree mode is persisted across calls to Restart(). + void SetTreeMode(bool mode) {m_treeMode=mode;} + + /// \brief Get tree mode + /// \returns the current tree mode + /// \details Tree mode is persisted across calls to Restart(). + bool GetTreeMode() const {return m_treeMode;} + + void TruncatedFinal(byte *hash, size_t size); + + std::string AlgorithmProvider() const; + +protected: + // Operates on state buffer and/or input. Must be BLOCKSIZE, final block will pad with 0's. + void Compress(const byte *input); + inline void IncrementCounter(size_t count=BLOCKSIZE); + + void UncheckedSetKey(const byte* key, unsigned int length, const CryptoPP::NameValuePairs& params); + +private: + State m_state; + ParameterBlock m_block; + AlignedSecByteBlock m_key; + word32 m_digestSize, m_keyLength; + bool m_treeMode; +}; + +/// \brief The BLAKE2b cryptographic hash function +/// \details BLAKE2b can function as both a hash and keyed hash. If you want only the hash, +/// then use the BLAKE2b constructor that accepts no parameters or digest size. If you +/// want a keyed hash, then use the constructor that accpts the key as a parameter. +/// Once a key and digest size are selected, its effectively immutable. The Restart() +/// method that accepts a ParameterBlock does not allow you to change it. +/// \sa Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's +/// BLAKE2: simpler, smaller, fast as MD5 (2013.01.29). +/// \since C++ since Crypto++ 5.6.4, SSE since Crypto++ 5.6.4, NEON since Crypto++ 6.0, +/// Power8 since Crypto++ 8.0 +class BLAKE2b : public SimpleKeyingInterfaceImpl +{ +public: + CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = BLAKE2b_Info::DEFAULT_KEYLENGTH) + CRYPTOPP_CONSTANT(MIN_KEYLENGTH = BLAKE2b_Info::MIN_KEYLENGTH) + CRYPTOPP_CONSTANT(MAX_KEYLENGTH = BLAKE2b_Info::MAX_KEYLENGTH) + + CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2b_Info::DIGESTSIZE) + CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2b_Info::BLOCKSIZE) + CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2b_Info::SALTSIZE) + CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2b_Info::PERSONALIZATIONSIZE) + + typedef BLAKE2b_State State; + typedef BLAKE2b_ParameterBlock ParameterBlock; + + CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "BLAKE2b";} + + virtual ~BLAKE2b() {} + + /// \brief Construct a BLAKE2b hash + /// \param digestSize the digest size, in bytes + /// \param treeMode flag indicating tree mode + BLAKE2b(bool treeMode=false, unsigned int digestSize = DIGESTSIZE); + + /// \brief Construct a BLAKE2b hash + /// \param key a byte array used to key the cipher + /// \param keyLength the size of the byte array + /// \param salt a byte array used as salt + /// \param saltLength the size of the byte array + /// \param personalization a byte array used as prsonalization string + /// \param personalizationLength the size of the byte array + /// \param treeMode flag indicating tree mode + /// \param digestSize the digest size, in bytes + BLAKE2b(const byte *key, size_t keyLength, const byte* salt = NULLPTR, size_t saltLength = 0, + const byte* personalization = NULLPTR, size_t personalizationLength = 0, + bool treeMode=false, unsigned int digestSize = DIGESTSIZE); + + /// \brief Retrieve the object's name + /// \returns the object's algorithm name following RFC 7693 + /// \details Object algorithm name follows the naming described in + /// RFC 7693, The BLAKE2 Cryptographic Hash and + /// Message Authentication Code (MAC). For example, "BLAKE2b-512" and "BLAKE2s-256". + std::string AlgorithmName() const {return std::string(BLAKE2b_Info::StaticAlgorithmName()) + "-" + IntToString(DigestSize()*8);} + + unsigned int DigestSize() const {return m_digestSize;} + unsigned int OptimalDataAlignment() const; + + void Update(const byte *input, size_t length); + void Restart(); + + /// \brief Restart a hash with parameter block and counter + /// \param block parameter block + /// \param counter counter array + /// \details Parameter block is persisted across calls to Restart(). + void Restart(const BLAKE2b_ParameterBlock& block, const word64 counter[2]); + + /// \brief Set tree mode + /// \param mode the new tree mode + /// \details BLAKE2 has two finalization flags, called State::f[0] and State::f[1]. + /// If treeMode=false (default), then State::f[1] is never set. If + /// treeMode=true, then State::f[1] is set when State::f[0] is set. + /// Tree mode is persisted across calls to Restart(). + void SetTreeMode(bool mode) {m_treeMode=mode;} + + /// \brief Get tree mode + /// \returns the current tree mode + /// \details Tree mode is persisted across calls to Restart(). + bool GetTreeMode() const {return m_treeMode;} + + void TruncatedFinal(byte *hash, size_t size); + + std::string AlgorithmProvider() const; + +protected: + + // Operates on state buffer and/or input. Must be BLOCKSIZE, final block will pad with 0's. + void Compress(const byte *input); + inline void IncrementCounter(size_t count=BLOCKSIZE); + + void UncheckedSetKey(const byte* key, unsigned int length, const CryptoPP::NameValuePairs& params); + +private: + State m_state; + ParameterBlock m_block; + AlignedSecByteBlock m_key; + word32 m_digestSize, m_keyLength; + bool m_treeMode; }; NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/blake2b_simd.cpp b/vendor/cryptopp/vendor_cryptopp/blake2b_simd.cpp new file mode 100644 index 00000000..ca5aa054 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/blake2b_simd.cpp @@ -0,0 +1,1231 @@ +// blake2-simd.cpp - written and placed in the public domain by +// Samuel Neves, Jeffrey Walton, Uri Blumenthal +// and Marcel Raad. +// +// This source file uses intrinsics to gain access to ARMv7a/ARMv8a +// NEON, Power8 and SSE4.1 instructions. A separate source file is +// needed because additional CXXFLAGS are required to enable the +// appropriate instructions sets in some build configurations. + +#include "pch.h" +#include "config.h" +#include "misc.h" +#include "blake2.h" + +// Uncomment for benchmarking C++ against SSE2 or NEON. +// Do so in both blake2.cpp and blake2-simd.cpp. +// #undef CRYPTOPP_SSE41_AVAILABLE +// #undef CRYPTOPP_ARM_NEON_AVAILABLE +// #undef CRYPTOPP_ALTIVEC_AVAILABLE + +// Disable NEON/ASIMD for Cortex-A53 and A57. The shifts are too slow and C/C++ is about +// 3 cpb faster than NEON/ASIMD. Also see http://github.com/weidai11/cryptopp/issues/367. +#if (defined(__aarch32__) || defined(__aarch64__)) && defined(CRYPTOPP_SLOW_ARMV8_SHIFT) +# undef CRYPTOPP_ARM_NEON_AVAILABLE +#endif + +// BLAKE2s bug on AIX 7.1 (POWER7) with XLC 12.01 +// https://github.com/weidai11/cryptopp/issues/743 +#if defined(__xlC__) && (__xlC__ < 0x0d01) +# define CRYPTOPP_DISABLE_ALTIVEC 1 +# undef CRYPTOPP_POWER7_AVAILABLE +# undef CRYPTOPP_ALTIVEC_AVAILABLE +#endif + +#if (CRYPTOPP_SSE41_AVAILABLE) +# include +# include +# include +#endif + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +# include +#endif + +// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many +// compilers don't follow ACLE conventions for the include. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +# include +#endif + +#if (CRYPTOPP_POWER8_AVAILABLE) +# include "ppc_simd.h" +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char BLAKE2B_SIMD_FNAME[] = __FILE__; + +NAMESPACE_BEGIN(CryptoPP) + +// Exported by blake2.cpp +extern const word32 BLAKE2S_IV[8]; +extern const word64 BLAKE2B_IV[8]; + +#if CRYPTOPP_SSE41_AVAILABLE + +#define LOADU(p) _mm_loadu_si128((const __m128i *)(const void*)(p)) +#define STOREU(p,r) _mm_storeu_si128((__m128i *)(void*)(p), r) +#define TOF(reg) _mm_castsi128_ps((reg)) +#define TOI(reg) _mm_castps_si128((reg)) + +void BLAKE2_Compress64_SSE4(const byte* input, BLAKE2b_State& state) +{ + #define BLAKE2B_LOAD_MSG_0_1(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m0, m1); \ + b1 = _mm_unpacklo_epi64(m2, m3); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_0_2(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m0, m1); \ + b1 = _mm_unpackhi_epi64(m2, m3); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_0_3(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m4, m5); \ + b1 = _mm_unpacklo_epi64(m6, m7); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_0_4(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m4, m5); \ + b1 = _mm_unpackhi_epi64(m6, m7); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_1_1(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m7, m2); \ + b1 = _mm_unpackhi_epi64(m4, m6); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_1_2(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m5, m4); \ + b1 = _mm_alignr_epi8(m3, m7, 8); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_1_3(b0, b1) \ + do { \ + b0 = _mm_shuffle_epi32(m0, _MM_SHUFFLE(1,0,3,2)); \ + b1 = _mm_unpackhi_epi64(m5, m2); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_1_4(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m6, m1); \ + b1 = _mm_unpackhi_epi64(m3, m1); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_2_1(b0, b1) \ + do { \ + b0 = _mm_alignr_epi8(m6, m5, 8); \ + b1 = _mm_unpackhi_epi64(m2, m7); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_2_2(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m4, m0); \ + b1 = _mm_blend_epi16(m1, m6, 0xF0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_2_3(b0, b1) \ + do { \ + b0 = _mm_blend_epi16(m5, m1, 0xF0); \ + b1 = _mm_unpackhi_epi64(m3, m4); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_2_4(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m7, m3); \ + b1 = _mm_alignr_epi8(m2, m0, 8); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_3_1(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m3, m1); \ + b1 = _mm_unpackhi_epi64(m6, m5); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_3_2(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m4, m0); \ + b1 = _mm_unpacklo_epi64(m6, m7); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_3_3(b0, b1) \ + do { \ + b0 = _mm_blend_epi16(m1, m2, 0xF0); \ + b1 = _mm_blend_epi16(m2, m7, 0xF0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_3_4(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m3, m5); \ + b1 = _mm_unpacklo_epi64(m0, m4); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_4_1(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m4, m2); \ + b1 = _mm_unpacklo_epi64(m1, m5); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_4_2(b0, b1) \ + do { \ + b0 = _mm_blend_epi16(m0, m3, 0xF0); \ + b1 = _mm_blend_epi16(m2, m7, 0xF0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_4_3(b0, b1) \ + do { \ + b0 = _mm_blend_epi16(m7, m5, 0xF0); \ + b1 = _mm_blend_epi16(m3, m1, 0xF0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_4_4(b0, b1) \ + do { \ + b0 = _mm_alignr_epi8(m6, m0, 8); \ + b1 = _mm_blend_epi16(m4, m6, 0xF0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_5_1(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m1, m3); \ + b1 = _mm_unpacklo_epi64(m0, m4); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_5_2(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m6, m5); \ + b1 = _mm_unpackhi_epi64(m5, m1); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_5_3(b0, b1) \ + do { \ + b0 = _mm_blend_epi16(m2, m3, 0xF0); \ + b1 = _mm_unpackhi_epi64(m7, m0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_5_4(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m6, m2); \ + b1 = _mm_blend_epi16(m7, m4, 0xF0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_6_1(b0, b1) \ + do { \ + b0 = _mm_blend_epi16(m6, m0, 0xF0); \ + b1 = _mm_unpacklo_epi64(m7, m2); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_6_2(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m2, m7); \ + b1 = _mm_alignr_epi8(m5, m6, 8); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_6_3(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m0, m3); \ + b1 = _mm_shuffle_epi32(m4, _MM_SHUFFLE(1,0,3,2)); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_6_4(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m3, m1); \ + b1 = _mm_blend_epi16(m1, m5, 0xF0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_7_1(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m6, m3); \ + b1 = _mm_blend_epi16(m6, m1, 0xF0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_7_2(b0, b1) \ + do { \ + b0 = _mm_alignr_epi8(m7, m5, 8); \ + b1 = _mm_unpackhi_epi64(m0, m4); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_7_3(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m2, m7); \ + b1 = _mm_unpacklo_epi64(m4, m1); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_7_4(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m0, m2); \ + b1 = _mm_unpacklo_epi64(m3, m5); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_8_1(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m3, m7); \ + b1 = _mm_alignr_epi8(m0, m5, 8); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_8_2(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m7, m4); \ + b1 = _mm_alignr_epi8(m4, m1, 8); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_8_3(b0, b1) \ + do { \ + b0 = m6; \ + b1 = _mm_alignr_epi8(m5, m0, 8); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_8_4(b0, b1) \ + do { \ + b0 = _mm_blend_epi16(m1, m3, 0xF0); \ + b1 = m2; \ + } while(0) + + #define BLAKE2B_LOAD_MSG_9_1(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m5, m4); \ + b1 = _mm_unpackhi_epi64(m3, m0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_9_2(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m1, m2); \ + b1 = _mm_blend_epi16(m3, m2, 0xF0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_9_3(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m7, m4); \ + b1 = _mm_unpackhi_epi64(m1, m6); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_9_4(b0, b1) \ + do { \ + b0 = _mm_alignr_epi8(m7, m5, 8); \ + b1 = _mm_unpacklo_epi64(m6, m0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_10_1(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m0, m1); \ + b1 = _mm_unpacklo_epi64(m2, m3); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_10_2(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m0, m1); \ + b1 = _mm_unpackhi_epi64(m2, m3); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_10_3(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m4, m5); \ + b1 = _mm_unpacklo_epi64(m6, m7); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_10_4(b0, b1) \ + do { \ + b0 = _mm_unpackhi_epi64(m4, m5); \ + b1 = _mm_unpackhi_epi64(m6, m7); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_11_1(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m7, m2); \ + b1 = _mm_unpackhi_epi64(m4, m6); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_11_2(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m5, m4); \ + b1 = _mm_alignr_epi8(m3, m7, 8); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_11_3(b0, b1) \ + do { \ + b0 = _mm_shuffle_epi32(m0, _MM_SHUFFLE(1,0,3,2)); \ + b1 = _mm_unpackhi_epi64(m5, m2); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_11_4(b0, b1) \ + do { \ + b0 = _mm_unpacklo_epi64(m6, m1); \ + b1 = _mm_unpackhi_epi64(m3, m1); \ + } while(0) + +#ifdef __XOP__ +# define MM_ROTI_EPI64(r, c) \ + _mm_roti_epi64(r, c) +#else +# define MM_ROTI_EPI64(x, c) \ + (-(c) == 32) ? _mm_shuffle_epi32((x), _MM_SHUFFLE(2,3,0,1)) \ + : (-(c) == 24) ? _mm_shuffle_epi8((x), r24) \ + : (-(c) == 16) ? _mm_shuffle_epi8((x), r16) \ + : (-(c) == 63) ? _mm_xor_si128(_mm_srli_epi64((x), -(c)), _mm_add_epi64((x), (x))) \ + : _mm_xor_si128(_mm_srli_epi64((x), -(c)), _mm_slli_epi64((x), 64-(-(c)))) +#endif + +#define BLAKE2B_G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1) \ + row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); \ + row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); \ + \ + row4l = _mm_xor_si128(row4l, row1l); \ + row4h = _mm_xor_si128(row4h, row1h); \ + \ + row4l = MM_ROTI_EPI64(row4l, -32); \ + row4h = MM_ROTI_EPI64(row4h, -32); \ + \ + row3l = _mm_add_epi64(row3l, row4l); \ + row3h = _mm_add_epi64(row3h, row4h); \ + \ + row2l = _mm_xor_si128(row2l, row3l); \ + row2h = _mm_xor_si128(row2h, row3h); \ + \ + row2l = MM_ROTI_EPI64(row2l, -24); \ + row2h = MM_ROTI_EPI64(row2h, -24); + +#define BLAKE2B_G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1) \ + row1l = _mm_add_epi64(_mm_add_epi64(row1l, b0), row2l); \ + row1h = _mm_add_epi64(_mm_add_epi64(row1h, b1), row2h); \ + \ + row4l = _mm_xor_si128(row4l, row1l); \ + row4h = _mm_xor_si128(row4h, row1h); \ + \ + row4l = MM_ROTI_EPI64(row4l, -16); \ + row4h = MM_ROTI_EPI64(row4h, -16); \ + \ + row3l = _mm_add_epi64(row3l, row4l); \ + row3h = _mm_add_epi64(row3h, row4h); \ + \ + row2l = _mm_xor_si128(row2l, row3l); \ + row2h = _mm_xor_si128(row2h, row3h); \ + \ + row2l = MM_ROTI_EPI64(row2l, -63); \ + row2h = MM_ROTI_EPI64(row2h, -63); \ + +#define BLAKE2B_DIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h) \ + t0 = row4l;\ + t1 = row2l;\ + row4l = row3l;\ + row3l = row3h;\ + row3h = row4l;\ + row4l = _mm_unpackhi_epi64(row4h, _mm_unpacklo_epi64(t0, t0)); \ + row4h = _mm_unpackhi_epi64(t0, _mm_unpacklo_epi64(row4h, row4h)); \ + row2l = _mm_unpackhi_epi64(row2l, _mm_unpacklo_epi64(row2h, row2h)); \ + row2h = _mm_unpackhi_epi64(row2h, _mm_unpacklo_epi64(t1, t1)) + +#define BLAKE2B_UNDIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h) \ + t0 = row3l;\ + row3l = row3h;\ + row3h = t0;\ + t0 = row2l;\ + t1 = row4l;\ + row2l = _mm_unpackhi_epi64(row2h, _mm_unpacklo_epi64(row2l, row2l)); \ + row2h = _mm_unpackhi_epi64(t0, _mm_unpacklo_epi64(row2h, row2h)); \ + row4l = _mm_unpackhi_epi64(row4l, _mm_unpacklo_epi64(row4h, row4h)); \ + row4h = _mm_unpackhi_epi64(row4h, _mm_unpacklo_epi64(t1, t1)) + +#define BLAKE2B_ROUND(r) \ + BLAKE2B_LOAD_MSG_ ##r ##_1(b0, b1); \ + BLAKE2B_G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ + BLAKE2B_LOAD_MSG_ ##r ##_2(b0, b1); \ + BLAKE2B_G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ + BLAKE2B_DIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); \ + BLAKE2B_LOAD_MSG_ ##r ##_3(b0, b1); \ + BLAKE2B_G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ + BLAKE2B_LOAD_MSG_ ##r ##_4(b0, b1); \ + BLAKE2B_G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ + BLAKE2B_UNDIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); + + __m128i row1l, row1h; + __m128i row2l, row2h; + __m128i row3l, row3h; + __m128i row4l, row4h; + __m128i b0, b1; + __m128i t0, t1; + + const __m128i r16 = _mm_setr_epi8(2, 3, 4, 5, 6, 7, 0, 1, 10, 11, 12, 13, 14, 15, 8, 9); + const __m128i r24 = _mm_setr_epi8(3, 4, 5, 6, 7, 0, 1, 2, 11, 12, 13, 14, 15, 8, 9, 10); + + const __m128i m0 = LOADU(input + 00); + const __m128i m1 = LOADU(input + 16); + const __m128i m2 = LOADU(input + 32); + const __m128i m3 = LOADU(input + 48); + const __m128i m4 = LOADU(input + 64); + const __m128i m5 = LOADU(input + 80); + const __m128i m6 = LOADU(input + 96); + const __m128i m7 = LOADU(input + 112); + + row1l = LOADU(state.h()+0); + row1h = LOADU(state.h()+2); + row2l = LOADU(state.h()+4); + row2h = LOADU(state.h()+6); + row3l = LOADU(BLAKE2B_IV+0); + row3h = LOADU(BLAKE2B_IV+2); + row4l = _mm_xor_si128(LOADU(BLAKE2B_IV+4), LOADU(state.t()+0)); + row4h = _mm_xor_si128(LOADU(BLAKE2B_IV+6), LOADU(state.f()+0)); + + BLAKE2B_ROUND(0); + BLAKE2B_ROUND(1); + BLAKE2B_ROUND(2); + BLAKE2B_ROUND(3); + BLAKE2B_ROUND(4); + BLAKE2B_ROUND(5); + BLAKE2B_ROUND(6); + BLAKE2B_ROUND(7); + BLAKE2B_ROUND(8); + BLAKE2B_ROUND(9); + BLAKE2B_ROUND(10); + BLAKE2B_ROUND(11); + + row1l = _mm_xor_si128(row3l, row1l); + row1h = _mm_xor_si128(row3h, row1h); + STOREU(state.h()+0, _mm_xor_si128(LOADU(state.h()+0), row1l)); + STOREU(state.h()+2, _mm_xor_si128(LOADU(state.h()+2), row1h)); + row2l = _mm_xor_si128(row4l, row2l); + row2h = _mm_xor_si128(row4h, row2h); + STOREU(state.h()+4, _mm_xor_si128(LOADU(state.h()+4), row2l)); + STOREU(state.h()+6, _mm_xor_si128(LOADU(state.h()+6), row2h)); +} +#endif // CRYPTOPP_SSE41_AVAILABLE + +#if CRYPTOPP_ARM_NEON_AVAILABLE +void BLAKE2_Compress64_NEON(const byte* input, BLAKE2b_State& state) +{ + #define BLAKE2B_LOAD_MSG_0_1(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m0), vget_low_u64(m1)); b1 = vcombine_u64(vget_low_u64(m2), vget_low_u64(m3)); } while(0) + + #define BLAKE2B_LOAD_MSG_0_2(b0, b1) \ + do { b0 = vcombine_u64(vget_high_u64(m0), vget_high_u64(m1)); b1 = vcombine_u64(vget_high_u64(m2), vget_high_u64(m3)); } while(0) + + #define BLAKE2B_LOAD_MSG_0_3(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m4), vget_low_u64(m5)); b1 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m7)); } while(0) + + #define BLAKE2B_LOAD_MSG_0_4(b0, b1) \ + do { b0 = vcombine_u64(vget_high_u64(m4), vget_high_u64(m5)); b1 = vcombine_u64(vget_high_u64(m6), vget_high_u64(m7)); } while(0) + + #define BLAKE2B_LOAD_MSG_1_1(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m7), vget_low_u64(m2)); b1 = vcombine_u64(vget_high_u64(m4), vget_high_u64(m6)); } while(0) + + #define BLAKE2B_LOAD_MSG_1_2(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m5), vget_low_u64(m4)); b1 = vextq_u64(m7, m3, 1); } while(0) + + #define BLAKE2B_LOAD_MSG_1_3(b0, b1) \ + do { b0 = vextq_u64(m0, m0, 1); b1 = vcombine_u64(vget_high_u64(m5), vget_high_u64(m2)); } while(0) + + #define BLAKE2B_LOAD_MSG_1_4(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m1)); b1 = vcombine_u64(vget_high_u64(m3), vget_high_u64(m1)); } while(0) + + #define BLAKE2B_LOAD_MSG_2_1(b0, b1) \ + do { b0 = vextq_u64(m5, m6, 1); b1 = vcombine_u64(vget_high_u64(m2), vget_high_u64(m7)); } while(0) + + #define BLAKE2B_LOAD_MSG_2_2(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m4), vget_low_u64(m0)); b1 = vcombine_u64(vget_low_u64(m1), vget_high_u64(m6)); } while(0) + + #define BLAKE2B_LOAD_MSG_2_3(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m5), vget_high_u64(m1)); b1 = vcombine_u64(vget_high_u64(m3), vget_high_u64(m4)); } while(0) + + #define BLAKE2B_LOAD_MSG_2_4(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m7), vget_low_u64(m3)); b1 = vextq_u64(m0, m2, 1); } while(0) + + #define BLAKE2B_LOAD_MSG_3_1(b0, b1) \ + do { b0 = vcombine_u64(vget_high_u64(m3), vget_high_u64(m1)); b1 = vcombine_u64(vget_high_u64(m6), vget_high_u64(m5)); } while(0) + + #define BLAKE2B_LOAD_MSG_3_2(b0, b1) \ + do { b0 = vcombine_u64(vget_high_u64(m4), vget_high_u64(m0)); b1 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m7)); } while(0) + + #define BLAKE2B_LOAD_MSG_3_3(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m1), vget_high_u64(m2)); b1 = vcombine_u64(vget_low_u64(m2), vget_high_u64(m7)); } while(0) + + #define BLAKE2B_LOAD_MSG_3_4(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m3), vget_low_u64(m5)); b1 = vcombine_u64(vget_low_u64(m0), vget_low_u64(m4)); } while(0) + + #define BLAKE2B_LOAD_MSG_4_1(b0, b1) \ + do { b0 = vcombine_u64(vget_high_u64(m4), vget_high_u64(m2)); b1 = vcombine_u64(vget_low_u64(m1), vget_low_u64(m5)); } while(0) + + #define BLAKE2B_LOAD_MSG_4_2(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m0), vget_high_u64(m3)); b1 = vcombine_u64(vget_low_u64(m2), vget_high_u64(m7)); } while(0) + + #define BLAKE2B_LOAD_MSG_4_3(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m7), vget_high_u64(m5)); b1 = vcombine_u64(vget_low_u64(m3), vget_high_u64(m1)); } while(0) + + #define BLAKE2B_LOAD_MSG_4_4(b0, b1) \ + do { b0 = vextq_u64(m0, m6, 1); b1 = vcombine_u64(vget_low_u64(m4), vget_high_u64(m6)); } while(0) + + #define BLAKE2B_LOAD_MSG_5_1(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m1), vget_low_u64(m3)); b1 = vcombine_u64(vget_low_u64(m0), vget_low_u64(m4)); } while(0) + + #define BLAKE2B_LOAD_MSG_5_2(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m5)); b1 = vcombine_u64(vget_high_u64(m5), vget_high_u64(m1)); } while(0) + + #define BLAKE2B_LOAD_MSG_5_3(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m2), vget_high_u64(m3)); b1 = vcombine_u64(vget_high_u64(m7), vget_high_u64(m0)); } while(0) + + #define BLAKE2B_LOAD_MSG_5_4(b0, b1) \ + do { b0 = vcombine_u64(vget_high_u64(m6), vget_high_u64(m2)); b1 = vcombine_u64(vget_low_u64(m7), vget_high_u64(m4)); } while(0) + + #define BLAKE2B_LOAD_MSG_6_1(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m6), vget_high_u64(m0)); b1 = vcombine_u64(vget_low_u64(m7), vget_low_u64(m2)); } while(0) + + #define BLAKE2B_LOAD_MSG_6_2(b0, b1) \ + do { b0 = vcombine_u64(vget_high_u64(m2), vget_high_u64(m7)); b1 = vextq_u64(m6, m5, 1); } while(0) + + #define BLAKE2B_LOAD_MSG_6_3(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m0), vget_low_u64(m3)); b1 = vextq_u64(m4, m4, 1); } while(0) + + #define BLAKE2B_LOAD_MSG_6_4(b0, b1) \ + do { b0 = vcombine_u64(vget_high_u64(m3), vget_high_u64(m1)); b1 = vcombine_u64(vget_low_u64(m1), vget_high_u64(m5)); } while(0) + + #define BLAKE2B_LOAD_MSG_7_1(b0, b1) \ + do { b0 = vcombine_u64(vget_high_u64(m6), vget_high_u64(m3)); b1 = vcombine_u64(vget_low_u64(m6), vget_high_u64(m1)); } while(0) + + #define BLAKE2B_LOAD_MSG_7_2(b0, b1) \ + do { b0 = vextq_u64(m5, m7, 1); b1 = vcombine_u64(vget_high_u64(m0), vget_high_u64(m4)); } while(0) + + #define BLAKE2B_LOAD_MSG_7_3(b0, b1) \ + do { b0 = vcombine_u64(vget_high_u64(m2), vget_high_u64(m7)); b1 = vcombine_u64(vget_low_u64(m4), vget_low_u64(m1)); } while(0) + + #define BLAKE2B_LOAD_MSG_7_4(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m0), vget_low_u64(m2)); b1 = vcombine_u64(vget_low_u64(m3), vget_low_u64(m5)); } while(0) + + #define BLAKE2B_LOAD_MSG_8_1(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m3), vget_low_u64(m7)); b1 = vextq_u64(m5, m0, 1); } while(0) + + #define BLAKE2B_LOAD_MSG_8_2(b0, b1) \ + do { b0 = vcombine_u64(vget_high_u64(m7), vget_high_u64(m4)); b1 = vextq_u64(m1, m4, 1); } while(0) + + #define BLAKE2B_LOAD_MSG_8_3(b0, b1) \ + do { b0 = m6; b1 = vextq_u64(m0, m5, 1); } while(0) + + #define BLAKE2B_LOAD_MSG_8_4(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m1), vget_high_u64(m3)); b1 = m2; } while(0) + + #define BLAKE2B_LOAD_MSG_9_1(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m5), vget_low_u64(m4)); b1 = vcombine_u64(vget_high_u64(m3), vget_high_u64(m0)); } while(0) + + #define BLAKE2B_LOAD_MSG_9_2(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m1), vget_low_u64(m2)); b1 = vcombine_u64(vget_low_u64(m3), vget_high_u64(m2)); } while(0) + + #define BLAKE2B_LOAD_MSG_9_3(b0, b1) \ + do { b0 = vcombine_u64(vget_high_u64(m7), vget_high_u64(m4)); b1 = vcombine_u64(vget_high_u64(m1), vget_high_u64(m6)); } while(0) + + #define BLAKE2B_LOAD_MSG_9_4(b0, b1) \ + do { b0 = vextq_u64(m5, m7, 1); b1 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m0)); } while(0) + + #define BLAKE2B_LOAD_MSG_10_1(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m0), vget_low_u64(m1)); b1 = vcombine_u64(vget_low_u64(m2), vget_low_u64(m3)); } while(0) + + #define BLAKE2B_LOAD_MSG_10_2(b0, b1) \ + do { b0 = vcombine_u64(vget_high_u64(m0), vget_high_u64(m1)); b1 = vcombine_u64(vget_high_u64(m2), vget_high_u64(m3)); } while(0) + + #define BLAKE2B_LOAD_MSG_10_3(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m4), vget_low_u64(m5)); b1 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m7)); } while(0) + + #define BLAKE2B_LOAD_MSG_10_4(b0, b1) \ + do { b0 = vcombine_u64(vget_high_u64(m4), vget_high_u64(m5)); b1 = vcombine_u64(vget_high_u64(m6), vget_high_u64(m7)); } while(0) + + #define BLAKE2B_LOAD_MSG_11_1(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m7), vget_low_u64(m2)); b1 = vcombine_u64(vget_high_u64(m4), vget_high_u64(m6)); } while(0) + + #define BLAKE2B_LOAD_MSG_11_2(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m5), vget_low_u64(m4)); b1 = vextq_u64(m7, m3, 1); } while(0) + + #define BLAKE2B_LOAD_MSG_11_3(b0, b1) \ + do { b0 = vextq_u64(m0, m0, 1); b1 = vcombine_u64(vget_high_u64(m5), vget_high_u64(m2)); } while(0) + + #define BLAKE2B_LOAD_MSG_11_4(b0, b1) \ + do { b0 = vcombine_u64(vget_low_u64(m6), vget_low_u64(m1)); b1 = vcombine_u64(vget_high_u64(m3), vget_high_u64(m1)); } while(0) + + #define vrorq_n_u64_32(x) vreinterpretq_u64_u32(vrev64q_u32(vreinterpretq_u32_u64((x)))) + + #define vrorq_n_u64_24(x) vcombine_u64( \ + vreinterpret_u64_u8(vext_u8(vreinterpret_u8_u64(vget_low_u64(x)), vreinterpret_u8_u64(vget_low_u64(x)), 3)), \ + vreinterpret_u64_u8(vext_u8(vreinterpret_u8_u64(vget_high_u64(x)), vreinterpret_u8_u64(vget_high_u64(x)), 3))) + + #define vrorq_n_u64_16(x) vcombine_u64( \ + vreinterpret_u64_u8(vext_u8(vreinterpret_u8_u64(vget_low_u64(x)), vreinterpret_u8_u64(vget_low_u64(x)), 2)), \ + vreinterpret_u64_u8(vext_u8(vreinterpret_u8_u64(vget_high_u64(x)), vreinterpret_u8_u64(vget_high_u64(x)), 2))) + + #define vrorq_n_u64_63(x) veorq_u64(vaddq_u64(x, x), vshrq_n_u64(x, 63)) + + #define BLAKE2B_G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1) \ + do { \ + row1l = vaddq_u64(vaddq_u64(row1l, b0), row2l); \ + row1h = vaddq_u64(vaddq_u64(row1h, b1), row2h); \ + row4l = veorq_u64(row4l, row1l); row4h = veorq_u64(row4h, row1h); \ + row4l = vrorq_n_u64_32(row4l); row4h = vrorq_n_u64_32(row4h); \ + row3l = vaddq_u64(row3l, row4l); row3h = vaddq_u64(row3h, row4h); \ + row2l = veorq_u64(row2l, row3l); row2h = veorq_u64(row2h, row3h); \ + row2l = vrorq_n_u64_24(row2l); row2h = vrorq_n_u64_24(row2h); \ + } while(0) + + #define BLAKE2B_G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1) \ + do { \ + row1l = vaddq_u64(vaddq_u64(row1l, b0), row2l); \ + row1h = vaddq_u64(vaddq_u64(row1h, b1), row2h); \ + row4l = veorq_u64(row4l, row1l); row4h = veorq_u64(row4h, row1h); \ + row4l = vrorq_n_u64_16(row4l); row4h = vrorq_n_u64_16(row4h); \ + row3l = vaddq_u64(row3l, row4l); row3h = vaddq_u64(row3h, row4h); \ + row2l = veorq_u64(row2l, row3l); row2h = veorq_u64(row2h, row3h); \ + row2l = vrorq_n_u64_63(row2l); row2h = vrorq_n_u64_63(row2h); \ + } while(0) + + #define BLAKE2B_DIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h) \ + do { \ + uint64x2_t t0 = vextq_u64(row2l, row2h, 1); \ + uint64x2_t t1 = vextq_u64(row2h, row2l, 1); \ + row2l = t0; row2h = t1; t0 = row3l; row3l = row3h; row3h = t0; \ + t0 = vextq_u64(row4h, row4l, 1); t1 = vextq_u64(row4l, row4h, 1); \ + row4l = t0; row4h = t1; \ + } while(0) + + #define BLAKE2B_UNDIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h) \ + do { \ + uint64x2_t t0 = vextq_u64(row2h, row2l, 1); \ + uint64x2_t t1 = vextq_u64(row2l, row2h, 1); \ + row2l = t0; row2h = t1; t0 = row3l; row3l = row3h; row3h = t0; \ + t0 = vextq_u64(row4l, row4h, 1); t1 = vextq_u64(row4h, row4l, 1); \ + row4l = t0; row4h = t1; \ + } while(0) + + #define BLAKE2B_ROUND(r) \ + do { \ + uint64x2_t b0, b1; \ + BLAKE2B_LOAD_MSG_ ##r ##_1(b0, b1); \ + BLAKE2B_G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ + BLAKE2B_LOAD_MSG_ ##r ##_2(b0, b1); \ + BLAKE2B_G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ + BLAKE2B_DIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); \ + BLAKE2B_LOAD_MSG_ ##r ##_3(b0, b1); \ + BLAKE2B_G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ + BLAKE2B_LOAD_MSG_ ##r ##_4(b0, b1); \ + BLAKE2B_G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ + BLAKE2B_UNDIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); \ + } while(0) + + const uint64x2_t m0 = vreinterpretq_u64_u8(vld1q_u8(input + 00)); + const uint64x2_t m1 = vreinterpretq_u64_u8(vld1q_u8(input + 16)); + const uint64x2_t m2 = vreinterpretq_u64_u8(vld1q_u8(input + 32)); + const uint64x2_t m3 = vreinterpretq_u64_u8(vld1q_u8(input + 48)); + const uint64x2_t m4 = vreinterpretq_u64_u8(vld1q_u8(input + 64)); + const uint64x2_t m5 = vreinterpretq_u64_u8(vld1q_u8(input + 80)); + const uint64x2_t m6 = vreinterpretq_u64_u8(vld1q_u8(input + 96)); + const uint64x2_t m7 = vreinterpretq_u64_u8(vld1q_u8(input + 112)); + + uint64x2_t row1l, row1h, row2l, row2h; + uint64x2_t row3l, row3h, row4l, row4h; + + const uint64x2_t h0 = row1l = vld1q_u64(state.h()+0); + const uint64x2_t h1 = row1h = vld1q_u64(state.h()+2); + const uint64x2_t h2 = row2l = vld1q_u64(state.h()+4); + const uint64x2_t h3 = row2h = vld1q_u64(state.h()+6); + + row3l = vld1q_u64(BLAKE2B_IV+0); + row3h = vld1q_u64(BLAKE2B_IV+2); + row4l = veorq_u64(vld1q_u64(BLAKE2B_IV+4), vld1q_u64(state.t()+0)); + row4h = veorq_u64(vld1q_u64(BLAKE2B_IV+6), vld1q_u64(state.f()+0)); + + BLAKE2B_ROUND(0); + BLAKE2B_ROUND(1); + BLAKE2B_ROUND(2); + BLAKE2B_ROUND(3); + BLAKE2B_ROUND(4); + BLAKE2B_ROUND(5); + BLAKE2B_ROUND(6); + BLAKE2B_ROUND(7); + BLAKE2B_ROUND(8); + BLAKE2B_ROUND(9); + BLAKE2B_ROUND(10); + BLAKE2B_ROUND(11); + + vst1q_u64(state.h()+0, veorq_u64(h0, veorq_u64(row1l, row3l))); + vst1q_u64(state.h()+2, veorq_u64(h1, veorq_u64(row1h, row3h))); + vst1q_u64(state.h()+4, veorq_u64(h2, veorq_u64(row2l, row4l))); + vst1q_u64(state.h()+6, veorq_u64(h3, veorq_u64(row2h, row4h))); +} +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +#if (CRYPTOPP_POWER8_AVAILABLE) + +inline uint64x2_p VecLoad64(const void* p) +{ +#if defined(__xlc__) || defined(__xlC__) || defined(__clang__) + return (uint64x2_p)vec_xl(0, (uint8_t*)p); +#else + return (uint64x2_p)vec_vsx_ld(0, (uint8_t*)p); +#endif +} + +inline uint64x2_p VecLoad64LE(const void* p) +{ +#if __BIG_ENDIAN__ + const uint8x16_p m = {7,6,5,4, 3,2,1,0, 15,14,13,12, 11,10,9,8}; + const uint64x2_p v = VecLoad64(p); + return VecPermute(v, v, m); +#else + return VecLoad64(p); +#endif +} + +inline void VecStore64(void* p, const uint64x2_p x) +{ +#if defined(__xlc__) || defined(__xlC__) || defined(__clang__) + vec_xst((uint8x16_p)x,0,(uint8_t*)p); +#else + vec_vsx_st((uint8x16_p)x,0,(uint8_t*)p); +#endif +} + +inline void VecStore64LE(void* p, const uint64x2_p x) +{ +#if __BIG_ENDIAN__ + const uint8x16_p m = {7,6,5,4, 3,2,1,0, 15,14,13,12, 11,10,9,8}; + VecStore64(p, VecPermute(x, x, m)); +#else + VecStore64(p, x); +#endif +} + +template +inline uint64x2_p VecShiftLeftOctet(const uint64x2_p a, const uint64x2_p b) +{ +#if __BIG_ENDIAN__ + return (uint64x2_p)vec_sld((uint8x16_p)a, (uint8x16_p)b, C); +#else + return (uint64x2_p)vec_sld((uint8x16_p)b, (uint8x16_p)a, 16-C); +#endif +} + +#define vec_shl_octet(a,b,c) VecShiftLeftOctet(a, b) + +// vec_mergeh(a,b) is equivalent to VecPermute(a,b,HH_MASK); and +// vec_mergel(a,b) is equivalent VecPermute(a,b,LL_MASK). Benchmarks +// show vec_mergeh and vec_mergel is faster on little-endian +// machines by 0.4 cpb. Benchmarks show VecPermute is faster on +// big-endian machines by 1.5 cpb. The code that uses +// vec_mergeh and vec_mergel is about 880 bytes shorter. + +#if defined(__GNUC__) && (__BIG_ENDIAN__) +# define vec_merge_hi(a,b) VecPermute(a,b, HH_MASK) +# define vec_merge_lo(a,b) VecPermute(a,b, LL_MASK) +#else +# define vec_merge_hi(a,b) vec_mergeh(a,b) +# define vec_merge_lo(a,b) vec_mergel(a,b) +#endif + +void BLAKE2_Compress64_POWER8(const byte* input, BLAKE2b_State& state) +{ + // Permute masks. High is element 0 (most significant), + // low is element 1 (least significant). + +#if defined(__GNUC__) && (__BIG_ENDIAN__) + const uint8x16_p HH_MASK = { 0,1,2,3,4,5,6,7, 16,17,18,19,20,21,22,23 }; + const uint8x16_p LL_MASK = { 8,9,10,11,12,13,14,15, 24,25,26,27,28,29,30,31 }; +#endif + + const uint8x16_p HL_MASK = { 0,1,2,3,4,5,6,7, 24,25,26,27,28,29,30,31 }; + const uint8x16_p LH_MASK = { 8,9,10,11,12,13,14,15, 16,17,18,19,20,21,22,23 }; + + #define BLAKE2B_LOAD_MSG_0_1(b0, b1) \ + do { \ + b0 = vec_merge_hi(m0, m1); \ + b1 = vec_merge_hi(m2, m3); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_0_2(b0, b1) \ + do { \ + b0 = vec_merge_lo(m0, m1); \ + b1 = vec_merge_lo(m2, m3); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_0_3(b0, b1) \ + do { \ + b0 = vec_merge_hi(m4, m5); \ + b1 = vec_merge_hi(m6, m7); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_0_4(b0, b1) \ + do { \ + b0 = vec_merge_lo(m4, m5); \ + b1 = vec_merge_lo(m6, m7); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_1_1(b0, b1) \ + do { \ + b0 = vec_merge_hi(m7, m2); \ + b1 = vec_merge_lo(m4, m6); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_1_2(b0, b1) \ + do { \ + b0 = vec_merge_hi(m5, m4); \ + b1 = vec_shl_octet(m7, m3, 1); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_1_3(b0, b1) \ + do { \ + b0 = vec_shl_octet(m0, m0, 1); \ + b1 = vec_merge_lo(m5, m2); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_1_4(b0, b1) \ + do { \ + b0 = vec_merge_hi(m6, m1); \ + b1 = vec_merge_lo(m3, m1); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_2_1(b0, b1) \ + do { \ + b0 = vec_shl_octet(m5, m6, 1); \ + b1 = vec_merge_lo(m2, m7); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_2_2(b0, b1) \ + do { \ + b0 = vec_merge_hi(m4, m0); \ + b1 = VecPermute(m1, m6, HL_MASK); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_2_3(b0, b1) \ + do { \ + b0 = VecPermute(m5, m1, HL_MASK); \ + b1 = vec_merge_lo(m3, m4); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_2_4(b0, b1) \ + do { \ + b0 = vec_merge_hi(m7, m3); \ + b1 = vec_shl_octet(m0, m2, 1); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_3_1(b0, b1) \ + do { \ + b0 = vec_merge_lo(m3, m1); \ + b1 = vec_merge_lo(m6, m5); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_3_2(b0, b1) \ + do { \ + b0 = vec_merge_lo(m4, m0); \ + b1 = vec_merge_hi(m6, m7); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_3_3(b0, b1) \ + do { \ + b0 = VecPermute(m1, m2, HL_MASK); \ + b1 = VecPermute(m2, m7, HL_MASK); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_3_4(b0, b1) \ + do { \ + b0 = vec_merge_hi(m3, m5); \ + b1 = vec_merge_hi(m0, m4); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_4_1(b0, b1) \ + do { \ + b0 = vec_merge_lo(m4, m2); \ + b1 = vec_merge_hi(m1, m5); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_4_2(b0, b1) \ + do { \ + b0 = VecPermute(m0, m3, HL_MASK); \ + b1 = VecPermute(m2, m7, HL_MASK); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_4_3(b0, b1) \ + do { \ + b0 = VecPermute(m7, m5, HL_MASK); \ + b1 = VecPermute(m3, m1, HL_MASK); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_4_4(b0, b1) \ + do { \ + b0 = vec_shl_octet(m0, m6, 1); \ + b1 = VecPermute(m4, m6, HL_MASK); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_5_1(b0, b1) \ + do { \ + b0 = vec_merge_hi(m1, m3); \ + b1 = vec_merge_hi(m0, m4); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_5_2(b0, b1) \ + do { \ + b0 = vec_merge_hi(m6, m5); \ + b1 = vec_merge_lo(m5, m1); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_5_3(b0, b1) \ + do { \ + b0 = VecPermute(m2, m3, HL_MASK); \ + b1 = vec_merge_lo(m7, m0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_5_4(b0, b1) \ + do { \ + b0 = vec_merge_lo(m6, m2); \ + b1 = VecPermute(m7, m4, HL_MASK); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_6_1(b0, b1) \ + do { \ + b0 = VecPermute(m6, m0, HL_MASK); \ + b1 = vec_merge_hi(m7, m2); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_6_2(b0, b1) \ + do { \ + b0 = vec_merge_lo(m2, m7); \ + b1 = vec_shl_octet(m6, m5, 1); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_6_3(b0, b1) \ + do { \ + b0 = vec_merge_hi(m0, m3); \ + b1 = vec_shl_octet(m4, m4, 1); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_6_4(b0, b1) \ + do { \ + b0 = vec_merge_lo(m3, m1); \ + b1 = VecPermute(m1, m5, HL_MASK); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_7_1(b0, b1) \ + do { \ + b0 = vec_merge_lo(m6, m3); \ + b1 = VecPermute(m6, m1, HL_MASK); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_7_2(b0, b1) \ + do { \ + b0 = vec_shl_octet(m5, m7, 1); \ + b1 = vec_merge_lo(m0, m4); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_7_3(b0, b1) \ + do { \ + b0 = vec_merge_lo(m2, m7); \ + b1 = vec_merge_hi(m4, m1); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_7_4(b0, b1) \ + do { \ + b0 = vec_merge_hi(m0, m2); \ + b1 = vec_merge_hi(m3, m5); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_8_1(b0, b1) \ + do { \ + b0 = vec_merge_hi(m3, m7); \ + b1 = vec_shl_octet(m5, m0, 1); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_8_2(b0, b1) \ + do { \ + b0 = vec_merge_lo(m7, m4); \ + b1 = vec_shl_octet(m1, m4, 1); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_8_3(b0, b1) \ + do { \ + b0 = m6; \ + b1 = vec_shl_octet(m0, m5, 1); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_8_4(b0, b1) \ + do { \ + b0 = VecPermute(m1, m3, HL_MASK); \ + b1 = m2; \ + } while(0) + + #define BLAKE2B_LOAD_MSG_9_1(b0, b1) \ + do { \ + b0 = vec_merge_hi(m5, m4); \ + b1 = vec_merge_lo(m3, m0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_9_2(b0, b1) \ + do { \ + b0 = vec_merge_hi(m1, m2); \ + b1 = VecPermute(m3, m2, HL_MASK); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_9_3(b0, b1) \ + do { \ + b0 = vec_merge_lo(m7, m4); \ + b1 = vec_merge_lo(m1, m6); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_9_4(b0, b1) \ + do { \ + b0 = vec_shl_octet(m5, m7, 1); \ + b1 = vec_merge_hi(m6, m0); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_10_1(b0, b1) \ + do { \ + b0 = vec_merge_hi(m0, m1); \ + b1 = vec_merge_hi(m2, m3); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_10_2(b0, b1) \ + do { \ + b0 = vec_merge_lo(m0, m1); \ + b1 = vec_merge_lo(m2, m3); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_10_3(b0, b1) \ + do { \ + b0 = vec_merge_hi(m4, m5); \ + b1 = vec_merge_hi(m6, m7); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_10_4(b0, b1) \ + do { \ + b0 = vec_merge_lo(m4, m5); \ + b1 = vec_merge_lo(m6, m7); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_11_1(b0, b1) \ + do { \ + b0 = vec_merge_hi(m7, m2); \ + b1 = vec_merge_lo(m4, m6); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_11_2(b0, b1) \ + do { \ + b0 = vec_merge_hi(m5, m4); \ + b1 = vec_shl_octet(m7, m3, 1); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_11_3(b0, b1) \ + do { \ + b0 = vec_shl_octet(m0, m0, 1); \ + b1 = vec_merge_lo(m5, m2); \ + } while(0) + + #define BLAKE2B_LOAD_MSG_11_4(b0, b1) \ + do { \ + b0 = vec_merge_hi(m6, m1); \ + b1 = vec_merge_lo(m3, m1); \ + } while(0) + + // Power8 has packed 64-bit rotate, but in terms of left rotate + const uint64x2_p ROR16_MASK = { 64-16, 64-16 }; + const uint64x2_p ROR24_MASK = { 64-24, 64-24 }; + const uint64x2_p ROR32_MASK = { 64-32, 64-32 }; + const uint64x2_p ROR63_MASK = { 64-63, 64-63 }; + + #define vec_ror_32(x) vec_rl(x, ROR32_MASK) + #define vec_ror_24(x) vec_rl(x, ROR24_MASK) + #define vec_ror_16(x) vec_rl(x, ROR16_MASK) + #define vec_ror_63(x) vec_rl(x, ROR63_MASK) + + #define BLAKE2B_G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1) \ + do { \ + row1l = VecAdd(VecAdd(row1l, b0), row2l); \ + row1h = VecAdd(VecAdd(row1h, b1), row2h); \ + row4l = VecXor(row4l, row1l); row4h = VecXor(row4h, row1h); \ + row4l = vec_ror_32(row4l); row4h = vec_ror_32(row4h); \ + row3l = VecAdd(row3l, row4l); row3h = VecAdd(row3h, row4h); \ + row2l = VecXor(row2l, row3l); row2h = VecXor(row2h, row3h); \ + row2l = vec_ror_24(row2l); row2h = vec_ror_24(row2h); \ + } while(0) + + #define BLAKE2B_G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1) \ + do { \ + row1l = VecAdd(VecAdd(row1l, b0), row2l); \ + row1h = VecAdd(VecAdd(row1h, b1), row2h); \ + row4l = VecXor(row4l, row1l); row4h = VecXor(row4h, row1h); \ + row4l = vec_ror_16(row4l); row4h = vec_ror_16(row4h); \ + row3l = VecAdd(row3l, row4l); row3h = VecAdd(row3h, row4h); \ + row2l = VecXor(row2l, row3l); row2h = VecXor(row2h, row3h); \ + row2l = vec_ror_63(row2l); row2h = vec_ror_63(row2h); \ + } while(0) + + #define BLAKE2B_DIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h) \ + do { \ + uint64x2_p t0 = vec_shl_octet(row2l, row2h, 1); \ + uint64x2_p t1 = vec_shl_octet(row2h, row2l, 1); \ + row2l = t0; row2h = t1; t0 = row3l; row3l = row3h; row3h = t0; \ + t0 = vec_shl_octet(row4h, row4l, 1); t1 = vec_shl_octet(row4l, row4h, 1); \ + row4l = t0; row4h = t1; \ + } while(0) + + #define BLAKE2B_UNDIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h) \ + do { \ + uint64x2_p t0 = vec_shl_octet(row2h, row2l, 1); \ + uint64x2_p t1 = vec_shl_octet(row2l, row2h, 1); \ + row2l = t0; row2h = t1; t0 = row3l; row3l = row3h; row3h = t0; \ + t0 = vec_shl_octet(row4l, row4h, 1); t1 = vec_shl_octet(row4h, row4l, 1); \ + row4l = t0; row4h = t1; \ + } while(0) + + #define BLAKE2B_ROUND(r) \ + do { \ + uint64x2_p b0, b1; \ + BLAKE2B_LOAD_MSG_ ##r ##_1(b0, b1); \ + BLAKE2B_G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ + BLAKE2B_LOAD_MSG_ ##r ##_2(b0, b1); \ + BLAKE2B_G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ + BLAKE2B_DIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); \ + BLAKE2B_LOAD_MSG_ ##r ##_3(b0, b1); \ + BLAKE2B_G1(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ + BLAKE2B_LOAD_MSG_ ##r ##_4(b0, b1); \ + BLAKE2B_G2(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h,b0,b1); \ + BLAKE2B_UNDIAGONALIZE(row1l,row2l,row3l,row4l,row1h,row2h,row3h,row4h); \ + } while(0) + + const uint64x2_p m0 = VecLoad64LE(input + 00); + const uint64x2_p m1 = VecLoad64LE(input + 16); + const uint64x2_p m2 = VecLoad64LE(input + 32); + const uint64x2_p m3 = VecLoad64LE(input + 48); + const uint64x2_p m4 = VecLoad64LE(input + 64); + const uint64x2_p m5 = VecLoad64LE(input + 80); + const uint64x2_p m6 = VecLoad64LE(input + 96); + const uint64x2_p m7 = VecLoad64LE(input + 112); + + uint64x2_p row1l, row1h, row2l, row2h; + uint64x2_p row3l, row3h, row4l, row4h; + + const uint64x2_p h0 = row1l = VecLoad64LE(state.h()+0); + const uint64x2_p h1 = row1h = VecLoad64LE(state.h()+2); + const uint64x2_p h2 = row2l = VecLoad64LE(state.h()+4); + const uint64x2_p h3 = row2h = VecLoad64LE(state.h()+6); + + row3l = VecLoad64(BLAKE2B_IV+0); + row3h = VecLoad64(BLAKE2B_IV+2); + row4l = VecXor(VecLoad64(BLAKE2B_IV+4), VecLoad64(state.t()+0)); + row4h = VecXor(VecLoad64(BLAKE2B_IV+6), VecLoad64(state.f()+0)); + + BLAKE2B_ROUND(0); + BLAKE2B_ROUND(1); + BLAKE2B_ROUND(2); + BLAKE2B_ROUND(3); + BLAKE2B_ROUND(4); + BLAKE2B_ROUND(5); + BLAKE2B_ROUND(6); + BLAKE2B_ROUND(7); + BLAKE2B_ROUND(8); + BLAKE2B_ROUND(9); + BLAKE2B_ROUND(10); + BLAKE2B_ROUND(11); + + VecStore64LE(state.h()+0, VecXor(h0, VecXor(row1l, row3l))); + VecStore64LE(state.h()+2, VecXor(h1, VecXor(row1h, row3h))); + VecStore64LE(state.h()+4, VecXor(h2, VecXor(row2l, row4l))); + VecStore64LE(state.h()+6, VecXor(h3, VecXor(row2h, row4h))); +} +#endif // CRYPTOPP_POWER8_AVAILABLE + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/blake2s_simd.cpp b/vendor/cryptopp/vendor_cryptopp/blake2s_simd.cpp new file mode 100644 index 00000000..dece4ec5 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/blake2s_simd.cpp @@ -0,0 +1,1035 @@ +// blake2-simd.cpp - written and placed in the public domain by +// Samuel Neves, Jeffrey Walton, Uri Blumenthal +// and Marcel Raad. +// +// This source file uses intrinsics to gain access to ARMv7a/ARMv8a +// NEON, Power7 and SSE4.1 instructions. A separate source file is +// needed because additional CXXFLAGS are required to enable the +// appropriate instructions sets in some build configurations. + +// The BLAKE2b and BLAKE2s numbers are consistent with the BLAKE2 team's +// numbers. However, we have an Altivec/POWER7 implementation of BLAKE2s, +// and a POWER8 implementation of BLAKE2b (BLAKE2 is missing them). The +// Altivec/POWER7 code is about 2x faster than C++ when using GCC 5.0 or +// above. The POWER8 code is about 2.5x faster than C++ when using GCC 5.0 +// or above. If you use GCC 4.0 (PowerMac) or GCC 4.8 (GCC Compile Farm) +// then the PowerPC code will be slower than C++. Be sure to use GCC 5.0 +// or above for PowerPC builds or disable Altivec for BLAKE2b and BLAKE2s +// if using the old compilers. + +#include "pch.h" +#include "config.h" +#include "misc.h" +#include "blake2.h" + +// Uncomment for benchmarking C++ against SSE2 or NEON. +// Do so in both blake2.cpp and blake2-simd.cpp. +// #undef CRYPTOPP_SSE41_AVAILABLE +// #undef CRYPTOPP_ARM_NEON_AVAILABLE +// #undef CRYPTOPP_ALTIVEC_AVAILABLE + +// Disable NEON/ASIMD for Cortex-A53 and A57. The shifts are too slow and C/C++ is about +// 3 cpb faster than NEON/ASIMD. Also see http://github.com/weidai11/cryptopp/issues/367. +#if (defined(__aarch32__) || defined(__aarch64__)) && defined(CRYPTOPP_SLOW_ARMV8_SHIFT) +# undef CRYPTOPP_ARM_NEON_AVAILABLE +#endif + +// BLAKE2s bug on AIX 7.1 (POWER7) with XLC 12.01 +// https://github.com/weidai11/cryptopp/issues/743 +#if defined(__xlC__) && (__xlC__ < 0x0d01) +# define CRYPTOPP_DISABLE_ALTIVEC 1 +# define CRYPTOPP_POWER7_ALTIVEC 1 +# undef CRYPTOPP_POWER7_AVAILABLE +# undef CRYPTOPP_ALTIVEC_AVAILABLE +#endif + +#if (CRYPTOPP_SSE41_AVAILABLE) +# include +# include +# include +#endif + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +# include +#endif + +// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many +// compilers don't follow ACLE conventions for the include. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +# include +#endif + +#if (CRYPTOPP_ALTIVEC_AVAILABLE) +# include "ppc_simd.h" +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char BLAKE2S_SIMD_FNAME[] = __FILE__; + +NAMESPACE_BEGIN(CryptoPP) + +// Exported by blake2.cpp +extern const word32 BLAKE2S_IV[8]; +extern const word64 BLAKE2B_IV[8]; + +#if CRYPTOPP_SSE41_AVAILABLE + +#define LOADU(p) _mm_loadu_si128((const __m128i *)(const void*)(p)) +#define STOREU(p,r) _mm_storeu_si128((__m128i *)(void*)(p), r) +#define TOF(reg) _mm_castsi128_ps((reg)) +#define TOI(reg) _mm_castps_si128((reg)) + +void BLAKE2_Compress32_SSE4(const byte* input, BLAKE2s_State& state) +{ + #define BLAKE2S_LOAD_MSG_0_1(buf) \ + buf = TOI(_mm_shuffle_ps(TOF(m0), TOF(m1), _MM_SHUFFLE(2,0,2,0))); + + #define BLAKE2S_LOAD_MSG_0_2(buf) \ + buf = TOI(_mm_shuffle_ps(TOF(m0), TOF(m1), _MM_SHUFFLE(3,1,3,1))); + + #define BLAKE2S_LOAD_MSG_0_3(buf) \ + buf = TOI(_mm_shuffle_ps(TOF(m2), TOF(m3), _MM_SHUFFLE(2,0,2,0))); + + #define BLAKE2S_LOAD_MSG_0_4(buf) \ + buf = TOI(_mm_shuffle_ps(TOF(m2), TOF(m3), _MM_SHUFFLE(3,1,3,1))); + + #define BLAKE2S_LOAD_MSG_1_1(buf) \ + t0 = _mm_blend_epi16(m1, m2, 0x0C); \ + t1 = _mm_slli_si128(m3, 4); \ + t2 = _mm_blend_epi16(t0, t1, 0xF0); \ + buf = _mm_shuffle_epi32(t2, _MM_SHUFFLE(2,1,0,3)); + + #define BLAKE2S_LOAD_MSG_1_2(buf) \ + t0 = _mm_shuffle_epi32(m2,_MM_SHUFFLE(0,0,2,0)); \ + t1 = _mm_blend_epi16(m1,m3,0xC0); \ + t2 = _mm_blend_epi16(t0, t1, 0xF0); \ + buf = _mm_shuffle_epi32(t2, _MM_SHUFFLE(2,3,0,1)); + + #define BLAKE2S_LOAD_MSG_1_3(buf) \ + t0 = _mm_slli_si128(m1, 4); \ + t1 = _mm_blend_epi16(m2, t0, 0x30); \ + t2 = _mm_blend_epi16(m0, t1, 0xF0); \ + buf = _mm_shuffle_epi32(t2, _MM_SHUFFLE(2,3,0,1)); + + #define BLAKE2S_LOAD_MSG_1_4(buf) \ + t0 = _mm_unpackhi_epi32(m0,m1); \ + t1 = _mm_slli_si128(m3, 4); \ + t2 = _mm_blend_epi16(t0, t1, 0x0C); \ + buf = _mm_shuffle_epi32(t2, _MM_SHUFFLE(2,3,0,1)); + + #define BLAKE2S_LOAD_MSG_2_1(buf) \ + t0 = _mm_unpackhi_epi32(m2,m3); \ + t1 = _mm_blend_epi16(m3,m1,0x0C); \ + t2 = _mm_blend_epi16(t0, t1, 0x0F); \ + buf = _mm_shuffle_epi32(t2, _MM_SHUFFLE(3,1,0,2)); + + #define BLAKE2S_LOAD_MSG_2_2(buf) \ + t0 = _mm_unpacklo_epi32(m2,m0); \ + t1 = _mm_blend_epi16(t0, m0, 0xF0); \ + t2 = _mm_slli_si128(m3, 8); \ + buf = _mm_blend_epi16(t1, t2, 0xC0); + + #define BLAKE2S_LOAD_MSG_2_3(buf) \ + t0 = _mm_blend_epi16(m0, m2, 0x3C); \ + t1 = _mm_srli_si128(m1, 12); \ + t2 = _mm_blend_epi16(t0,t1,0x03); \ + buf = _mm_shuffle_epi32(t2, _MM_SHUFFLE(1,0,3,2)); + + #define BLAKE2S_LOAD_MSG_2_4(buf) \ + t0 = _mm_slli_si128(m3, 4); \ + t1 = _mm_blend_epi16(m0, m1, 0x33); \ + t2 = _mm_blend_epi16(t1, t0, 0xC0); \ + buf = _mm_shuffle_epi32(t2, _MM_SHUFFLE(0,1,2,3)); + + #define BLAKE2S_LOAD_MSG_3_1(buf) \ + t0 = _mm_unpackhi_epi32(m0,m1); \ + t1 = _mm_unpackhi_epi32(t0, m2); \ + t2 = _mm_blend_epi16(t1, m3, 0x0C); \ + buf = _mm_shuffle_epi32(t2, _MM_SHUFFLE(3,1,0,2)); + + #define BLAKE2S_LOAD_MSG_3_2(buf) \ + t0 = _mm_slli_si128(m2, 8); \ + t1 = _mm_blend_epi16(m3,m0,0x0C); \ + t2 = _mm_blend_epi16(t1, t0, 0xC0); \ + buf = _mm_shuffle_epi32(t2, _MM_SHUFFLE(2,0,1,3)); + + #define BLAKE2S_LOAD_MSG_3_3(buf) \ + t0 = _mm_blend_epi16(m0,m1,0x0F); \ + t1 = _mm_blend_epi16(t0, m3, 0xC0); \ + buf = _mm_shuffle_epi32(t1, _MM_SHUFFLE(3,0,1,2)); + + #define BLAKE2S_LOAD_MSG_3_4(buf) \ + t0 = _mm_unpacklo_epi32(m0,m2); \ + t1 = _mm_unpackhi_epi32(m1,m2); \ + buf = _mm_unpacklo_epi64(t1,t0); + + #define BLAKE2S_LOAD_MSG_4_1(buf) \ + t0 = _mm_unpacklo_epi64(m1,m2); \ + t1 = _mm_unpackhi_epi64(m0,m2); \ + t2 = _mm_blend_epi16(t0,t1,0x33); \ + buf = _mm_shuffle_epi32(t2, _MM_SHUFFLE(2,0,1,3)); + + #define BLAKE2S_LOAD_MSG_4_2(buf) \ + t0 = _mm_unpackhi_epi64(m1,m3); \ + t1 = _mm_unpacklo_epi64(m0,m1); \ + buf = _mm_blend_epi16(t0,t1,0x33); + + #define BLAKE2S_LOAD_MSG_4_3(buf) \ + t0 = _mm_unpackhi_epi64(m3,m1); \ + t1 = _mm_unpackhi_epi64(m2,m0); \ + buf = _mm_blend_epi16(t1,t0,0x33); + + #define BLAKE2S_LOAD_MSG_4_4(buf) \ + t0 = _mm_blend_epi16(m0,m2,0x03); \ + t1 = _mm_slli_si128(t0, 8); \ + t2 = _mm_blend_epi16(t1,m3,0x0F); \ + buf = _mm_shuffle_epi32(t2, _MM_SHUFFLE(1,2,0,3)); + + #define BLAKE2S_LOAD_MSG_5_1(buf) \ + t0 = _mm_unpackhi_epi32(m0,m1); \ + t1 = _mm_unpacklo_epi32(m0,m2); \ + buf = _mm_unpacklo_epi64(t0,t1); + + #define BLAKE2S_LOAD_MSG_5_2(buf) \ + t0 = _mm_srli_si128(m2, 4); \ + t1 = _mm_blend_epi16(m0,m3,0x03); \ + buf = _mm_blend_epi16(t1,t0,0x3C); + + #define BLAKE2S_LOAD_MSG_5_3(buf) \ + t0 = _mm_blend_epi16(m1,m0,0x0C); \ + t1 = _mm_srli_si128(m3, 4); \ + t2 = _mm_blend_epi16(t0,t1,0x30); \ + buf = _mm_shuffle_epi32(t2, _MM_SHUFFLE(1,2,3,0)); + + #define BLAKE2S_LOAD_MSG_5_4(buf) \ + t0 = _mm_unpacklo_epi64(m1,m2); \ + t1= _mm_shuffle_epi32(m3, _MM_SHUFFLE(0,2,0,1)); \ + buf = _mm_blend_epi16(t0,t1,0x33); + + #define BLAKE2S_LOAD_MSG_6_1(buf) \ + t0 = _mm_slli_si128(m1, 12); \ + t1 = _mm_blend_epi16(m0,m3,0x33); \ + buf = _mm_blend_epi16(t1,t0,0xC0); + + #define BLAKE2S_LOAD_MSG_6_2(buf) \ + t0 = _mm_blend_epi16(m3,m2,0x30); \ + t1 = _mm_srli_si128(m1, 4); \ + t2 = _mm_blend_epi16(t0,t1,0x03); \ + buf = _mm_shuffle_epi32(t2, _MM_SHUFFLE(2,1,3,0)); + + #define BLAKE2S_LOAD_MSG_6_3(buf) \ + t0 = _mm_unpacklo_epi64(m0,m2); \ + t1 = _mm_srli_si128(m1, 4); \ + buf = _mm_shuffle_epi32(_mm_blend_epi16(t0,t1,0x0C), _MM_SHUFFLE(2,3,1,0)); + + #define BLAKE2S_LOAD_MSG_6_4(buf) \ + t0 = _mm_unpackhi_epi32(m1,m2); \ + t1 = _mm_unpackhi_epi64(m0,t0); \ + buf = _mm_shuffle_epi32(t1, _MM_SHUFFLE(3,0,1,2)); + + #define BLAKE2S_LOAD_MSG_7_1(buf) \ + t0 = _mm_unpackhi_epi32(m0,m1); \ + t1 = _mm_blend_epi16(t0,m3,0x0F); \ + buf = _mm_shuffle_epi32(t1,_MM_SHUFFLE(2,0,3,1)); + + #define BLAKE2S_LOAD_MSG_7_2(buf) \ + t0 = _mm_blend_epi16(m2,m3,0x30); \ + t1 = _mm_srli_si128(m0,4); \ + t2 = _mm_blend_epi16(t0,t1,0x03); \ + buf = _mm_shuffle_epi32(t2, _MM_SHUFFLE(1,0,2,3)); + + #define BLAKE2S_LOAD_MSG_7_3(buf) \ + t0 = _mm_unpackhi_epi64(m0,m3); \ + t1 = _mm_unpacklo_epi64(m1,m2); \ + t2 = _mm_blend_epi16(t0,t1,0x3C); \ + buf = _mm_shuffle_epi32(t2,_MM_SHUFFLE(0,2,3,1)); + + #define BLAKE2S_LOAD_MSG_7_4(buf) \ + t0 = _mm_unpacklo_epi32(m0,m1); \ + t1 = _mm_unpackhi_epi32(m1,m2); \ + buf = _mm_unpacklo_epi64(t0,t1); + + #define BLAKE2S_LOAD_MSG_8_1(buf) \ + t0 = _mm_unpackhi_epi32(m1,m3); \ + t1 = _mm_unpacklo_epi64(t0,m0); \ + t2 = _mm_blend_epi16(t1,m2,0xC0); \ + buf = _mm_shufflehi_epi16(t2,_MM_SHUFFLE(1,0,3,2)); + + #define BLAKE2S_LOAD_MSG_8_2(buf) \ + t0 = _mm_unpackhi_epi32(m0,m3); \ + t1 = _mm_blend_epi16(m2,t0,0xF0); \ + buf = _mm_shuffle_epi32(t1,_MM_SHUFFLE(0,2,1,3)); + + #define BLAKE2S_LOAD_MSG_8_3(buf) \ + t0 = _mm_blend_epi16(m2,m0,0x0C); \ + t1 = _mm_slli_si128(t0,4); \ + buf = _mm_blend_epi16(t1,m3,0x0F); + + #define BLAKE2S_LOAD_MSG_8_4(buf) \ + t0 = _mm_blend_epi16(m1,m0,0x30); \ + buf = _mm_shuffle_epi32(t0,_MM_SHUFFLE(1,0,3,2)); + + #define BLAKE2S_LOAD_MSG_9_1(buf) \ + t0 = _mm_blend_epi16(m0,m2,0x03); \ + t1 = _mm_blend_epi16(m1,m2,0x30); \ + t2 = _mm_blend_epi16(t1,t0,0x0F); \ + buf = _mm_shuffle_epi32(t2,_MM_SHUFFLE(1,3,0,2)); + + #define BLAKE2S_LOAD_MSG_9_2(buf) \ + t0 = _mm_slli_si128(m0,4); \ + t1 = _mm_blend_epi16(m1,t0,0xC0); \ + buf = _mm_shuffle_epi32(t1,_MM_SHUFFLE(1,2,0,3)); + + #define BLAKE2S_LOAD_MSG_9_3(buf) \ + t0 = _mm_unpackhi_epi32(m0,m3); \ + t1 = _mm_unpacklo_epi32(m2,m3); \ + t2 = _mm_unpackhi_epi64(t0,t1); \ + buf = _mm_shuffle_epi32(t2,_MM_SHUFFLE(3,0,2,1)); + + #define BLAKE2S_LOAD_MSG_9_4(buf) \ + t0 = _mm_blend_epi16(m3,m2,0xC0); \ + t1 = _mm_unpacklo_epi32(m0,m3); \ + t2 = _mm_blend_epi16(t0,t1,0x0F); \ + buf = _mm_shuffle_epi32(t2,_MM_SHUFFLE(0,1,2,3)); + +#ifdef __XOP__ +# define MM_ROTI_EPI32(r, c) \ + _mm_roti_epi32(r, c) +#else +# define MM_ROTI_EPI32(r, c) ( \ + (8==-(c)) ? _mm_shuffle_epi8(r,r8) \ + : (16==-(c)) ? _mm_shuffle_epi8(r,r16) \ + : _mm_xor_si128(_mm_srli_epi32((r), -(c)), \ + _mm_slli_epi32((r), 32-(-(c))))) +#endif + +#define BLAKE2S_G1(row1,row2,row3,row4,buf) \ + row1 = _mm_add_epi32(_mm_add_epi32(row1, buf), row2); \ + row4 = _mm_xor_si128(row4, row1); \ + row4 = MM_ROTI_EPI32(row4, -16); \ + row3 = _mm_add_epi32(row3, row4); \ + row2 = _mm_xor_si128(row2, row3); \ + row2 = MM_ROTI_EPI32(row2, -12); + +#define BLAKE2S_G2(row1,row2,row3,row4,buf) \ + row1 = _mm_add_epi32(_mm_add_epi32(row1, buf), row2); \ + row4 = _mm_xor_si128(row4, row1); \ + row4 = MM_ROTI_EPI32(row4, -8); \ + row3 = _mm_add_epi32(row3, row4); \ + row2 = _mm_xor_si128(row2, row3); \ + row2 = MM_ROTI_EPI32(row2, -7); + +#define DIAGONALIZE(row1,row2,row3,row4) \ + row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(2,1,0,3)); \ + row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); \ + row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(0,3,2,1)); + +#define UNDIAGONALIZE(row1,row2,row3,row4) \ + row4 = _mm_shuffle_epi32(row4, _MM_SHUFFLE(0,3,2,1)); \ + row3 = _mm_shuffle_epi32(row3, _MM_SHUFFLE(1,0,3,2)); \ + row2 = _mm_shuffle_epi32(row2, _MM_SHUFFLE(2,1,0,3)); + +#define BLAKE2S_ROUND(r) \ + BLAKE2S_LOAD_MSG_ ##r ##_1(buf1); \ + BLAKE2S_G1(row1,row2,row3,row4,buf1); \ + BLAKE2S_LOAD_MSG_ ##r ##_2(buf2); \ + BLAKE2S_G2(row1,row2,row3,row4,buf2); \ + DIAGONALIZE(row1,row2,row3,row4); \ + BLAKE2S_LOAD_MSG_ ##r ##_3(buf3); \ + BLAKE2S_G1(row1,row2,row3,row4,buf3); \ + BLAKE2S_LOAD_MSG_ ##r ##_4(buf4); \ + BLAKE2S_G2(row1,row2,row3,row4,buf4); \ + UNDIAGONALIZE(row1,row2,row3,row4); + + __m128i row1, row2, row3, row4; + __m128i buf1, buf2, buf3, buf4; + __m128i t0, t1, t2, ff0, ff1; + + const __m128i r8 = _mm_set_epi8(12, 15, 14, 13, 8, 11, 10, 9, 4, 7, 6, 5, 0, 3, 2, 1); + const __m128i r16 = _mm_set_epi8(13, 12, 15, 14, 9, 8, 11, 10, 5, 4, 7, 6, 1, 0, 3, 2); + + const __m128i m0 = LOADU(input + 00); + const __m128i m1 = LOADU(input + 16); + const __m128i m2 = LOADU(input + 32); + const __m128i m3 = LOADU(input + 48); + + row1 = ff0 = LOADU(state.h()+0); + row2 = ff1 = LOADU(state.h()+4); + row3 = LOADU(BLAKE2S_IV+0); + row4 = _mm_xor_si128(LOADU(BLAKE2S_IV+4), LOADU(state.t()+0)); + + BLAKE2S_ROUND(0); + BLAKE2S_ROUND(1); + BLAKE2S_ROUND(2); + BLAKE2S_ROUND(3); + BLAKE2S_ROUND(4); + BLAKE2S_ROUND(5); + BLAKE2S_ROUND(6); + BLAKE2S_ROUND(7); + BLAKE2S_ROUND(8); + BLAKE2S_ROUND(9); + + STOREU(state.h()+0, _mm_xor_si128(ff0, _mm_xor_si128(row1, row3))); + STOREU(state.h()+4, _mm_xor_si128(ff1, _mm_xor_si128(row2, row4))); +} +#endif // CRYPTOPP_SSE41_AVAILABLE + +#if CRYPTOPP_ARM_NEON_AVAILABLE +void BLAKE2_Compress32_NEON(const byte* input, BLAKE2s_State& state) +{ + #define BLAKE2S_LOAD_MSG_0_1(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m0), vget_high_u32(m0)).val[0]; \ + t1 = vzip_u32(vget_low_u32(m1), vget_high_u32(m1)).val[0]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_0_2(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m0), vget_high_u32(m0)).val[1]; \ + t1 = vzip_u32(vget_low_u32(m1), vget_high_u32(m1)).val[1]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_0_3(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m2), vget_high_u32(m2)).val[0]; \ + t1 = vzip_u32(vget_low_u32(m3), vget_high_u32(m3)).val[0]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_0_4(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m2), vget_high_u32(m2)).val[1]; \ + t1 = vzip_u32(vget_low_u32(m3), vget_high_u32(m3)).val[1]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_1_1(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_high_u32(m3), vget_low_u32(m1)).val[0]; \ + t1 = vzip_u32(vget_low_u32(m2), vget_low_u32(m3)).val[1]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_1_2(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_high_u32(m2), vget_low_u32(m2)).val[0]; \ + t1 = vext_u32(vget_high_u32(m3), vget_high_u32(m1), 1); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_1_3(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vext_u32(vget_low_u32(m0), vget_low_u32(m0), 1); \ + t1 = vzip_u32(vget_high_u32(m2), vget_low_u32(m1)).val[1]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_1_4(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m3), vget_high_u32(m0)).val[0]; \ + t1 = vzip_u32(vget_high_u32(m1), vget_high_u32(m0)).val[1]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_2_1(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vext_u32(vget_high_u32(m2), vget_low_u32(m3), 1); \ + t1 = vzip_u32(vget_low_u32(m1), vget_high_u32(m3)).val[1]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_2_2(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m2), vget_low_u32(m0)).val[0]; \ + t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m0), vget_low_u32(m3)); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_2_3(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m2), vget_high_u32(m0)); \ + t1 = vzip_u32(vget_high_u32(m1), vget_low_u32(m2)).val[1]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_2_4(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_high_u32(m3), vget_high_u32(m1)).val[0]; \ + t1 = vext_u32(vget_low_u32(m0), vget_low_u32(m1), 1); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_3_1(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_high_u32(m1), vget_high_u32(m0)).val[1]; \ + t1 = vzip_u32(vget_low_u32(m3), vget_high_u32(m2)).val[1]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_3_2(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m2), vget_low_u32(m0)).val[1]; \ + t1 = vzip_u32(vget_low_u32(m3), vget_high_u32(m3)).val[0]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_3_3(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m0), vget_low_u32(m1)); \ + t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m1), vget_high_u32(m3)); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_3_4(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_high_u32(m1), vget_high_u32(m2)).val[0]; \ + t1 = vzip_u32(vget_low_u32(m0), vget_low_u32(m2)).val[0]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_4_1(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m2), vget_low_u32(m1)).val[1]; \ + t1 = vzip_u32((vget_high_u32(m0)), vget_high_u32(m2)).val[0]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_4_2(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m0), vget_high_u32(m1)); \ + t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m1), vget_high_u32(m3)); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_4_3(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m3), vget_high_u32(m2)); \ + t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m1), vget_high_u32(m0)); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_4_4(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vext_u32(vget_low_u32(m0), vget_low_u32(m3), 1); \ + t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m2), vget_low_u32(m3)); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_5_1(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32((vget_high_u32(m0)), vget_high_u32(m1)).val[0]; \ + t1 = vzip_u32(vget_low_u32(m0), vget_low_u32(m2)).val[0]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_5_2(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m3), vget_high_u32(m2)).val[0]; \ + t1 = vzip_u32(vget_high_u32(m2), vget_high_u32(m0)).val[1]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_5_3(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m1), vget_high_u32(m1)); \ + t1 = vzip_u32(vget_high_u32(m3), vget_low_u32(m0)).val[1]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_5_4(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m3), vget_low_u32(m1)).val[1]; \ + t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m3), vget_low_u32(m2)); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_6_1(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m3), vget_low_u32(m0)); \ + t1 = vzip_u32(vget_high_u32(m3), vget_low_u32(m1)).val[0]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_6_2(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m1), vget_high_u32(m3)).val[1]; \ + t1 = vext_u32(vget_low_u32(m3), vget_high_u32(m2), 1); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_6_3(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m0), vget_high_u32(m1)).val[0]; \ + t1 = vext_u32(vget_low_u32(m2), vget_low_u32(m2), 1); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_6_4(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_high_u32(m1), vget_high_u32(m0)).val[1]; \ + t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m0), vget_high_u32(m2)); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_7_1(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m3), vget_high_u32(m1)).val[1]; \ + t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m3), vget_high_u32(m0)); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_7_2(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vext_u32(vget_high_u32(m2), vget_high_u32(m3), 1); \ + t1 = vzip_u32(vget_low_u32(m0), vget_low_u32(m2)).val[1]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_7_3(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m1), vget_high_u32(m3)).val[1]; \ + t1 = vzip_u32(vget_low_u32(m2), vget_high_u32(m0)).val[0]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_7_4(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_low_u32(m0), vget_low_u32(m1)).val[0]; \ + t1 = vzip_u32(vget_high_u32(m1), vget_high_u32(m2)).val[0]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_8_1(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_high_u32(m1), vget_high_u32(m3)).val[0]; \ + t1 = vext_u32(vget_high_u32(m2), vget_low_u32(m0), 1); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_8_2(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_high_u32(m3), vget_low_u32(m2)).val[1]; \ + t1 = vext_u32(vget_high_u32(m0), vget_low_u32(m2), 1); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_8_3(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m3), vget_low_u32(m3)); \ + t1 = vext_u32(vget_low_u32(m0), vget_high_u32(m2), 1); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_8_4(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m0), vget_high_u32(m1)); \ + t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_low_u32(m1), vget_low_u32(m1)); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_9_1(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_high_u32(m2), vget_low_u32(m2)).val[0]; \ + t1 = vzip_u32(vget_high_u32(m1), vget_low_u32(m0)).val[1]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_9_2(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32((vget_high_u32(m0)), vget_low_u32(m1)).val[0]; \ + t1 = vbsl_u32(vcreate_u32(0xFFFFFFFF), vget_high_u32(m1), vget_low_u32(m1)); \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_9_3(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vzip_u32(vget_high_u32(m3), vget_low_u32(m2)).val[1]; \ + t1 = vzip_u32((vget_high_u32(m0)), vget_low_u32(m3)).val[1]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define BLAKE2S_LOAD_MSG_9_4(buf) \ + do { uint32x2_t t0, t1; \ + t0 = vext_u32(vget_high_u32(m2), vget_high_u32(m3), 1); \ + t1 = vzip_u32(vget_low_u32(m3), vget_low_u32(m0)).val[0]; \ + buf = vcombine_u32(t0, t1); } while(0) + + #define vrorq_n_u32_16(x) vreinterpretq_u32_u16(vrev32q_u16(vreinterpretq_u16_u32(x))) + + #define vrorq_n_u32_8(x) vsriq_n_u32(vshlq_n_u32((x), 24), (x), 8) + + #define vrorq_n_u32(x, c) vsriq_n_u32(vshlq_n_u32((x), 32-(c)), (x), (c)) + + #define BLAKE2S_G1(row1,row2,row3,row4,buf) \ + do { \ + row1 = vaddq_u32(vaddq_u32(row1, buf), row2); row4 = veorq_u32(row4, row1); \ + row4 = vrorq_n_u32_16(row4); row3 = vaddq_u32(row3, row4); \ + row2 = veorq_u32(row2, row3); row2 = vrorq_n_u32(row2, 12); \ + } while(0) + + #define BLAKE2S_G2(row1,row2,row3,row4,buf) \ + do { \ + row1 = vaddq_u32(vaddq_u32(row1, buf), row2); row4 = veorq_u32(row4, row1); \ + row4 = vrorq_n_u32_8(row4); row3 = vaddq_u32(row3, row4); \ + row2 = veorq_u32(row2, row3); row2 = vrorq_n_u32(row2, 7); \ + } while(0) + + #define BLAKE2S_DIAGONALIZE(row1,row2,row3,row4) \ + do { \ + row4 = vextq_u32(row4, row4, 3); row3 = vextq_u32(row3, row3, 2); row2 = vextq_u32(row2, row2, 1); \ + } while(0) + + #define BLAKE2S_UNDIAGONALIZE(row1,row2,row3,row4) \ + do { \ + row4 = vextq_u32(row4, row4, 1); \ + row3 = vextq_u32(row3, row3, 2); \ + row2 = vextq_u32(row2, row2, 3); \ + } while(0) + + #define BLAKE2S_ROUND(r) \ + do { \ + uint32x4_t buf1, buf2, buf3, buf4; \ + BLAKE2S_LOAD_MSG_ ##r ##_1(buf1); \ + BLAKE2S_G1(row1,row2,row3,row4,buf1); \ + BLAKE2S_LOAD_MSG_ ##r ##_2(buf2); \ + BLAKE2S_G2(row1,row2,row3,row4,buf2); \ + BLAKE2S_DIAGONALIZE(row1,row2,row3,row4); \ + BLAKE2S_LOAD_MSG_ ##r ##_3(buf3); \ + BLAKE2S_G1(row1,row2,row3,row4,buf3); \ + BLAKE2S_LOAD_MSG_ ##r ##_4(buf4); \ + BLAKE2S_G2(row1,row2,row3,row4,buf4); \ + BLAKE2S_UNDIAGONALIZE(row1,row2,row3,row4); \ + } while(0) + + const uint32x4_t m0 = vreinterpretq_u32_u8(vld1q_u8(input + 00)); + const uint32x4_t m1 = vreinterpretq_u32_u8(vld1q_u8(input + 16)); + const uint32x4_t m2 = vreinterpretq_u32_u8(vld1q_u8(input + 32)); + const uint32x4_t m3 = vreinterpretq_u32_u8(vld1q_u8(input + 48)); + + uint32x4_t row1, row2, row3, row4; + + const uint32x4_t f0 = row1 = vld1q_u32(state.h()+0); + const uint32x4_t f1 = row2 = vld1q_u32(state.h()+4); + row3 = vld1q_u32(BLAKE2S_IV+0); + row4 = veorq_u32(vld1q_u32(BLAKE2S_IV+4), vld1q_u32(state.t()+0)); + + BLAKE2S_ROUND(0); + BLAKE2S_ROUND(1); + BLAKE2S_ROUND(2); + BLAKE2S_ROUND(3); + BLAKE2S_ROUND(4); + BLAKE2S_ROUND(5); + BLAKE2S_ROUND(6); + BLAKE2S_ROUND(7); + BLAKE2S_ROUND(8); + BLAKE2S_ROUND(9); + + vst1q_u32(state.h()+0, veorq_u32(f0, veorq_u32(row1, row3))); + vst1q_u32(state.h()+4, veorq_u32(f1, veorq_u32(row2, row4))); +} +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +#if (CRYPTOPP_POWER7_AVAILABLE || CRYPTOPP_ALTIVEC_AVAILABLE) + +inline uint32x4_p VecLoad32(const void* p) +{ + return VecLoad((const word32*)p); +} + +inline uint32x4_p VecLoad32LE(const void* p) +{ +#if __BIG_ENDIAN__ + const uint8x16_p m = {3,2,1,0, 7,6,5,4, 11,10,9,8, 15,14,13,12}; + const uint32x4_p v = VecLoad((const word32*)p); + return VecPermute(v, v, m); +#else + return VecLoad((const word32*)p); +#endif +} + +inline void VecStore32(void* p, const uint32x4_p x) +{ + VecStore(x, (word32*)p); +} + +inline void VecStore32LE(void* p, const uint32x4_p x) +{ +#if __BIG_ENDIAN__ + const uint8x16_p m = {3,2,1,0, 7,6,5,4, 11,10,9,8, 15,14,13,12}; + VecStore(VecPermute(x, x, m), (word32*)p); +#else + VecStore(x, (word32*)p); +#endif +} + +template +inline uint32x4_p VectorSet32(const uint32x4_p a, const uint32x4_p b) +{ + // Re-index. I'd like to use something like Z=Y*4 and then + // VecShiftLeftOctet(b) but it crashes early Red Hat + // GCC compilers. + enum {X=E1&3, Y=E2&3}; + + // Don't care element + const unsigned int DC = 31; + + // Element 0 combinations + if (X == 0 && Y == 0) + { + const uint8x16_p mask = {0,1,2,3, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, b, mask); + } + else if (X == 0 && Y == 1) + { + const uint8x16_p mask = {0,1,2,3, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, VecShiftLeftOctet<4>(b), mask); + } + else if (X == 0 && Y == 2) + { + const uint8x16_p mask = {0,1,2,3, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, VecShiftLeftOctet<8>(b), mask); + } + else if (X == 0 && Y == 3) + { + const uint8x16_p mask = {0,1,2,3, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, VecShiftLeftOctet<12>(b), mask); + } + + // Element 1 combinations + else if (X == 1 && Y == 0) + { + const uint8x16_p mask = {4,5,6,7, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, b, mask); + } + else if (X == 1 && Y == 1) + { + const uint8x16_p mask = {4,5,6,7, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, VecShiftLeftOctet<4>(b), mask); + } + else if (X == 1 && Y == 2) + { + const uint8x16_p mask = {4,5,6,7, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, VecShiftLeftOctet<8>(b), mask); + } + else if (X == 1 && Y == 3) + { + const uint8x16_p mask = {4,5,6,7, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, VecShiftLeftOctet<12>(b), mask); + } + + // Element 2 combinations + else if (X == 2 && Y == 0) + { + const uint8x16_p mask = {8,9,10,11, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, b, mask); + } + else if (X == 2 && Y == 1) + { + const uint8x16_p mask = {8,9,10,11, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, VecShiftLeftOctet<4>(b), mask); + } + else if (X == 2 && Y == 2) + { + const uint8x16_p mask = {8,9,10,11, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, VecShiftLeftOctet<8>(b), mask); + } + else if (X == 2 && Y == 3) + { + const uint8x16_p mask = {8,9,10,11, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, VecShiftLeftOctet<12>(b), mask); + } + + // Element 3 combinations + else if (X == 3 && Y == 0) + { + const uint8x16_p mask = {12,13,14,15, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, b, mask); + } + else if (X == 3 && Y == 1) + { + const uint8x16_p mask = {12,13,14,15, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, VecShiftLeftOctet<4>(b), mask); + } + else if (X == 3 && Y == 2) + { + const uint8x16_p mask = {12,13,14,15, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, VecShiftLeftOctet<8>(b), mask); + } + else if (X == 3 && Y == 3) + { + const uint8x16_p mask = {12,13,14,15, 16,17,18,19, DC,DC,DC,DC, DC,DC,DC,DC}; + return VecPermute(a, VecShiftLeftOctet<12>(b), mask); + } + + // Quiet IBM XLC warning + return VecXor(a, a); +} + +template +inline uint32x4_p VectorSet32(const uint32x4_p a, const uint32x4_p b, + const uint32x4_p c, const uint32x4_p d) +{ + // Re-index + enum {W=E1&3, X=E2&3, Y=E3&3, Z=E4&3}; + + const uint32x4_p t0 = VectorSet32(a, b); + const uint32x4_p t1 = VectorSet32(c, d); + + // Power7 follows SSE2's implementation, and this is _mm_set_epi32. + const uint8x16_p mask = {20,21,22,23, 16,17,18,19, 4,5,6,7, 0,1,2,3}; + return VecPermute(t0, t1, mask); +} + +template<> +uint32x4_p VectorSet32<2,0,2,0>(const uint32x4_p a, const uint32x4_p b, + const uint32x4_p c, const uint32x4_p d) +{ + // a=b, c=d, mask is {2,0, 2,0} + const uint8x16_p mask = {16,17,18,19, 24,25,26,27, 0,1,2,3, 8,9,10,11}; + return VecPermute(a, c, mask); +} + +template<> +uint32x4_p VectorSet32<3,1,3,1>(const uint32x4_p a, const uint32x4_p b, + const uint32x4_p c, const uint32x4_p d) +{ + // a=b, c=d, mask is {3,1, 3,1} + const uint8x16_p mask = {20,21,22,23, 28,29,30,31, 4,5,6,7, 12,13,14,15}; + return VecPermute(a, c, mask); +} + +// BLAKE2_Compress32_CORE will use either POWER7 or ALTIVEC, +// depending on the flags used to compile this source file. The +// abstractions are handled in VecLoad, VecStore and friends. In +// the future we may to provide both POWER7 or ALTIVEC at the same +// time to better support distros. +void BLAKE2_Compress32_CORE(const byte* input, BLAKE2s_State& state) +{ + # define m1 m0 + # define m2 m0 + # define m3 m0 + + # define m5 m4 + # define m6 m4 + # define m7 m4 + + # define m9 m8 + # define m10 m8 + # define m11 m8 + + # define m13 m12 + # define m14 m12 + # define m15 m12 + + // #define BLAKE2S_LOAD_MSG_0_1(buf) buf = VectorSet32<6,4,2,0>(m6,m4,m2,m0); + #define BLAKE2S_LOAD_MSG_0_1(buf) buf = VectorSet32<2,0,2,0>(m6,m4,m2,m0); + // #define BLAKE2S_LOAD_MSG_0_2(buf) buf = VectorSet32<7,5,3,1>(m7,m5,m3,m1); + #define BLAKE2S_LOAD_MSG_0_2(buf) buf = VectorSet32<3,1,3,1>(m7,m5,m3,m1); + // #define BLAKE2S_LOAD_MSG_0_3(buf) buf = VectorSet32<14,12,10,8>(m14,m12,m10,m8); + #define BLAKE2S_LOAD_MSG_0_3(buf) buf = VectorSet32<2,0,2,0>(m14,m12,m10,m8); + // #define BLAKE2S_LOAD_MSG_0_4(buf) buf = VectorSet32<15,13,11,9>(m15,m13,m11,m9); + #define BLAKE2S_LOAD_MSG_0_4(buf) buf = VectorSet32<3,1,3,1>(m15,m13,m11,m9); + + #define BLAKE2S_LOAD_MSG_1_1(buf) buf = VectorSet32<13,9,4,14>(m13,m9,m4,m14); + #define BLAKE2S_LOAD_MSG_1_2(buf) buf = VectorSet32<6,15,8,10>(m6,m15,m8,m10) + #define BLAKE2S_LOAD_MSG_1_3(buf) buf = VectorSet32<5,11,0,1>(m5,m11,m0,m1) + #define BLAKE2S_LOAD_MSG_1_4(buf) buf = VectorSet32<3,7,2,12>(m3,m7,m2,m12) + + #define BLAKE2S_LOAD_MSG_2_1(buf) buf = VectorSet32<15,5,12,11>(m15,m5,m12,m11) + #define BLAKE2S_LOAD_MSG_2_2(buf) buf = VectorSet32<13,2,0,8>(m13,m2,m0,m8) + #define BLAKE2S_LOAD_MSG_2_3(buf) buf = VectorSet32<9,7,3,10>(m9,m7,m3,m10) + #define BLAKE2S_LOAD_MSG_2_4(buf) buf = VectorSet32<4,1,6,14>(m4,m1,m6,m14) + + #define BLAKE2S_LOAD_MSG_3_1(buf) buf = VectorSet32<11,13,3,7>(m11,m13,m3,m7) + #define BLAKE2S_LOAD_MSG_3_2(buf) buf = VectorSet32<14,12,1,9>(m14,m12,m1,m9) + #define BLAKE2S_LOAD_MSG_3_3(buf) buf = VectorSet32<15,4,5,2>(m15,m4,m5,m2) + #define BLAKE2S_LOAD_MSG_3_4(buf) buf = VectorSet32<8,0,10,6>(m8,m0,m10,m6) + + #define BLAKE2S_LOAD_MSG_4_1(buf) buf = VectorSet32<10,2,5,9>(m10,m2,m5,m9) + #define BLAKE2S_LOAD_MSG_4_2(buf) buf = VectorSet32<15,4,7,0>(m15,m4,m7,m0) + #define BLAKE2S_LOAD_MSG_4_3(buf) buf = VectorSet32<3,6,11,14>(m3,m6,m11,m14) + #define BLAKE2S_LOAD_MSG_4_4(buf) buf = VectorSet32<13,8,12,1>(m13,m8,m12,m1) + + #define BLAKE2S_LOAD_MSG_5_1(buf) buf = VectorSet32<8,0,6,2>(m8,m0,m6,m2) + #define BLAKE2S_LOAD_MSG_5_2(buf) buf = VectorSet32<3,11,10,12>(m3,m11,m10,m12) + #define BLAKE2S_LOAD_MSG_5_3(buf) buf = VectorSet32<1,15,7,4>(m1,m15,m7,m4) + #define BLAKE2S_LOAD_MSG_5_4(buf) buf = VectorSet32<9,14,5,13>(m9,m14,m5,m13) + + #define BLAKE2S_LOAD_MSG_6_1(buf) buf = VectorSet32<4,14,1,12>(m4,m14,m1,m12) + #define BLAKE2S_LOAD_MSG_6_2(buf) buf = VectorSet32<10,13,15,5>(m10,m13,m15,m5) + #define BLAKE2S_LOAD_MSG_6_3(buf) buf = VectorSet32<8,9,6,0>(m8,m9,m6,m0) + #define BLAKE2S_LOAD_MSG_6_4(buf) buf = VectorSet32<11,2,3,7>(m11,m2,m3,m7) + + #define BLAKE2S_LOAD_MSG_7_1(buf) buf = VectorSet32<3,12,7,13>(m3,m12,m7,m13) + #define BLAKE2S_LOAD_MSG_7_2(buf) buf = VectorSet32<9,1,14,11>(m9,m1,m14,m11) + #define BLAKE2S_LOAD_MSG_7_3(buf) buf = VectorSet32<2,8,15,5>(m2,m8,m15,m5) + #define BLAKE2S_LOAD_MSG_7_4(buf) buf = VectorSet32<10,6,4,0>(m10,m6,m4,m0) + + #define BLAKE2S_LOAD_MSG_8_1(buf) buf = VectorSet32<0,11,14,6>(m0,m11,m14,m6) + #define BLAKE2S_LOAD_MSG_8_2(buf) buf = VectorSet32<8,3,9,15>(m8,m3,m9,m15) + #define BLAKE2S_LOAD_MSG_8_3(buf) buf = VectorSet32<10,1,13,12>(m10,m1,m13,m12) + #define BLAKE2S_LOAD_MSG_8_4(buf) buf = VectorSet32<5,4,7,2>(m5,m4,m7,m2) + + #define BLAKE2S_LOAD_MSG_9_1(buf) buf = VectorSet32<1,7,8,10>(m1,m7,m8,m10) + #define BLAKE2S_LOAD_MSG_9_2(buf) buf = VectorSet32<5,6,4,2>(m5,m6,m4,m2) + #define BLAKE2S_LOAD_MSG_9_3(buf) buf = VectorSet32<13,3,9,15>(m13,m3,m9,m15) + #define BLAKE2S_LOAD_MSG_9_4(buf) buf = VectorSet32<0,12,14,11>(m0,m12,m14,m11) + + #define vec_ror_16(x) VecRotateRight<16>(x) + #define vec_ror_12(x) VecRotateRight<12>(x) + #define vec_ror_8(x) VecRotateRight<8>(x) + #define vec_ror_7(x) VecRotateRight<7>(x) + + #define BLAKE2S_G1(row1,row2,row3,row4,buf) \ + row1 = VecAdd(VecAdd(row1, buf), row2); \ + row4 = VecXor(row4, row1); \ + row4 = vec_ror_16(row4); \ + row3 = VecAdd(row3, row4); \ + row2 = VecXor(row2, row3); \ + row2 = vec_ror_12(row2); + + #define BLAKE2S_G2(row1,row2,row3,row4,buf) \ + row1 = VecAdd(VecAdd(row1, buf), row2); \ + row4 = VecXor(row4, row1); \ + row4 = vec_ror_8(row4); \ + row3 = VecAdd(row3, row4); \ + row2 = VecXor(row2, row3); \ + row2 = vec_ror_7(row2); + + const uint8x16_p D2103_MASK = {12,13,14,15, 0,1,2,3, 4,5,6,7, 8,9,10,11}; + const uint8x16_p D1032_MASK = {8,9,10,11, 12,13,14,15, 0,1,2,3, 4,5,6,7}; + const uint8x16_p D0321_MASK = {4,5,6,7, 8,9,10,11, 12,13,14,15, 0,1,2,3}; + + #define BLAKE2S_DIAGONALIZE(row1,row2,row3,row4) \ + row4 = VecPermute(row4, row4, D2103_MASK); \ + row3 = VecPermute(row3, row3, D1032_MASK); \ + row2 = VecPermute(row2, row2, D0321_MASK); + + #define BLAKE2S_UNDIAGONALIZE(row1,row2,row3,row4) \ + row4 = VecPermute(row4, row4, D0321_MASK); \ + row3 = VecPermute(row3, row3, D1032_MASK); \ + row2 = VecPermute(row2, row2, D2103_MASK); + + #define BLAKE2S_ROUND(r) \ + BLAKE2S_LOAD_MSG_ ##r ##_1(buf1); \ + BLAKE2S_G1(row1,row2,row3,row4,buf1); \ + BLAKE2S_LOAD_MSG_ ##r ##_2(buf2); \ + BLAKE2S_G2(row1,row2,row3,row4,buf2); \ + BLAKE2S_DIAGONALIZE(row1,row2,row3,row4); \ + BLAKE2S_LOAD_MSG_ ##r ##_3(buf3); \ + BLAKE2S_G1(row1,row2,row3,row4,buf3); \ + BLAKE2S_LOAD_MSG_ ##r ##_4(buf4); \ + BLAKE2S_G2(row1,row2,row3,row4,buf4); \ + BLAKE2S_UNDIAGONALIZE(row1,row2,row3,row4); + + uint32x4_p row1, row2, row3, row4; + uint32x4_p buf1, buf2, buf3, buf4; + uint32x4_p ff0, ff1; + + const uint32x4_p m0 = VecLoad32LE(input + 0); + const uint32x4_p m4 = VecLoad32LE(input + 16); + const uint32x4_p m8 = VecLoad32LE(input + 32); + const uint32x4_p m12 = VecLoad32LE(input + 48); + + row1 = ff0 = VecLoad32LE(state.h()+0); + row2 = ff1 = VecLoad32LE(state.h()+4); + row3 = VecLoad32(BLAKE2S_IV+0); + row4 = VecXor(VecLoad32(BLAKE2S_IV+4), VecLoad32(state.t()+0)); + + BLAKE2S_ROUND(0); + BLAKE2S_ROUND(1); + BLAKE2S_ROUND(2); + BLAKE2S_ROUND(3); + BLAKE2S_ROUND(4); + BLAKE2S_ROUND(5); + BLAKE2S_ROUND(6); + BLAKE2S_ROUND(7); + BLAKE2S_ROUND(8); + BLAKE2S_ROUND(9); + + VecStore32LE(state.h()+0, VecXor(ff0, VecXor(row1, row3))); + VecStore32LE(state.h()+4, VecXor(ff1, VecXor(row2, row4))); +} +#endif // CRYPTOPP_POWER7_AVAILABLE || CRYPTOPP_ALTIVEC_AVAILABLE + +#if (CRYPTOPP_POWER7_AVAILABLE) + +void BLAKE2_Compress32_POWER7(const byte* input, BLAKE2s_State& state) +{ + BLAKE2_Compress32_CORE(input, state); +} + +#elif (CRYPTOPP_ALTIVEC_AVAILABLE) + +void BLAKE2_Compress32_ALTIVEC(const byte* input, BLAKE2s_State& state) +{ + BLAKE2_Compress32_CORE(input, state); +} + +#endif + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/camellia.cpp b/vendor/cryptopp/vendor_cryptopp/camellia.cpp index 07bd38da..30b8bc99 100644 --- a/vendor/cryptopp/vendor_cryptopp/camellia.cpp +++ b/vendor/cryptopp/vendor_cryptopp/camellia.cpp @@ -60,7 +60,7 @@ NAMESPACE_BEGIN(CryptoPP) ROUND(lh, ll, rh, rl, k0, k1) \ ROUND(rh, rl, lh, ll, k2, k3) -#ifdef CRYPTOPP_LITTLE_ENDIAN +#if (CRYPTOPP_LITTLE_ENDIAN) #define EFI(i) (1-(i)) #else #define EFI(i) (i) diff --git a/vendor/cryptopp/vendor_cryptopp/ccm.h b/vendor/cryptopp/vendor_cryptopp/ccm.h index c381150e..c63c98b8 100644 --- a/vendor/cryptopp/vendor_cryptopp/ccm.h +++ b/vendor/cryptopp/vendor_cryptopp/ccm.h @@ -24,6 +24,8 @@ public: // AuthenticatedSymmetricCipher std::string AlgorithmName() const {return GetBlockCipher().AlgorithmName() + std::string("/CCM");} + std::string AlgorithmProvider() const + {return GetBlockCipher().AlgorithmProvider();} size_t MinKeyLength() const {return GetBlockCipher().MinKeyLength();} size_t MaxKeyLength() const diff --git a/vendor/cryptopp/vendor_cryptopp/chacha.cpp b/vendor/cryptopp/vendor_cryptopp/chacha.cpp index a63998be..43721b7b 100644 --- a/vendor/cryptopp/vendor_cryptopp/chacha.cpp +++ b/vendor/cryptopp/vendor_cryptopp/chacha.cpp @@ -1,6 +1,7 @@ // chacha.cpp - written and placed in the public domain by Jeffrey Walton. -// Based on Wei Dai's Salsa20 and Bernstein's reference ChaCha -// family implementation at http://cr.yp.to/chacha.html. +// Based on Wei Dai's Salsa20, Botan's SSE2 implementation, +// and Bernstein's reference ChaCha family implementation at +// http://cr.yp.to/chacha.html. #include "pch.h" #include "config.h" @@ -11,142 +12,313 @@ NAMESPACE_BEGIN(CryptoPP) +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +extern void ChaCha_OperateKeystream_NEON(const word32 *state, const byte* input, byte *output, unsigned int rounds); +#endif + +#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE || CRYPTOPP_SSE2_ASM_AVAILABLE) +extern void ChaCha_OperateKeystream_SSE2(const word32 *state, const byte* input, byte *output, unsigned int rounds); +#endif + +#if (CRYPTOPP_AVX2_AVAILABLE) +extern void ChaCha_OperateKeystream_AVX2(const word32 *state, const byte* input, byte *output, unsigned int rounds); +#endif + +#if (CRYPTOPP_POWER7_AVAILABLE) +extern void ChaCha_OperateKeystream_POWER7(const word32 *state, const byte* input, byte *output, unsigned int rounds); +#elif (CRYPTOPP_ALTIVEC_AVAILABLE) +extern void ChaCha_OperateKeystream_ALTIVEC(const word32 *state, const byte* input, byte *output, unsigned int rounds); +#endif + #define CHACHA_QUARTER_ROUND(a,b,c,d) \ a += b; d ^= a; d = rotlConstant<16,word32>(d); \ c += d; b ^= c; b = rotlConstant<12,word32>(b); \ a += b; d ^= a; d = rotlConstant<8,word32>(d); \ c += d; b ^= c; b = rotlConstant<7,word32>(b); +#define CHACHA_OUTPUT(x){\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 0, x0 + m_state[0]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 1, x1 + m_state[1]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 2, x2 + m_state[2]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 3, x3 + m_state[3]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 4, x4 + m_state[4]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 5, x5 + m_state[5]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 6, x6 + m_state[6]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 7, x7 + m_state[7]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 8, x8 + m_state[8]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 9, x9 + m_state[9]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 10, x10 + m_state[10]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 11, x11 + m_state[11]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 12, x12 + m_state[12]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 13, x13 + m_state[13]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 14, x14 + m_state[14]);\ + CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 15, x15 + m_state[15]);} + #if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void ChaCha_TestInstantiations() { - ChaCha8::Encryption x1; - ChaCha12::Encryption x2; - ChaCha20::Encryption x3; + ChaCha::Encryption x; } #endif -template -void ChaCha_Policy::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) +std::string ChaCha_Policy::AlgorithmName() const { - CRYPTOPP_UNUSED(params); - CRYPTOPP_ASSERT(length == 16 || length == 32); - - // "expand 16-byte k" or "expand 32-byte k" - m_state[0] = 0x61707865; - m_state[1] = (length == 16) ? 0x3120646e : 0x3320646e; - m_state[2] = (length == 16) ? 0x79622d36 : 0x79622d32; - m_state[3] = 0x6b206574; - - GetBlock get1(key); - get1(m_state[4])(m_state[5])(m_state[6])(m_state[7]); - - GetBlock get2(key + ((length == 32) ? 16 : 0)); - get2(m_state[8])(m_state[9])(m_state[10])(m_state[11]); + return std::string("ChaCha")+IntToString(m_rounds); } -template -void ChaCha_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length) +std::string ChaCha_Policy::AlgorithmProvider() const { - CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length); - CRYPTOPP_ASSERT(length==8); - - GetBlock get(IV); - m_state[12] = m_state[13] = 0; - get(m_state[14])(m_state[15]); -} - -template -void ChaCha_Policy::SeekToIteration(lword iterationCount) -{ - CRYPTOPP_UNUSED(iterationCount); - throw NotImplemented(std::string(ChaCha_Info::StaticAlgorithmName()) + ": SeekToIteration is not yet implemented"); - - // TODO: these were Salsa20, and Wei re-arranged the state array for SSE2 operations. - // If we can generate some out-of-band test vectors, then test and implement. Also - // see the test vectors in salsa.txt and the use of Seek test argument. - // m_state[8] = (word32)iterationCount; - // m_state[5] = (word32)SafeRightShift<32>(iterationCount); -} - -template -unsigned int ChaCha_Policy::GetAlignment() const -{ -#if CRYPTOPP_SSE2_ASM_AVAILABLE && 0 - if (HasSSE2()) - return 16; - else +#if (CRYPTOPP_AVX2_AVAILABLE) + if (HasAVX2()) + return "AVX2"; + else #endif - return GetAlignmentOf(); -} - -template -unsigned int ChaCha_Policy::GetOptimalBlockSize() const -{ -#if CRYPTOPP_SSE2_ASM_AVAILABLE && 0 - if (HasSSE2()) - return 4*BYTES_PER_ITERATION; - else +#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE || CRYPTOPP_SSE2_ASM_AVAILABLE) + if (HasSSE2()) + return "SSE2"; + else #endif - return BYTES_PER_ITERATION; +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + return "NEON"; + else +#endif +#if (CRYPTOPP_POWER7_AVAILABLE) + if (HasPower7()) + return "Power7"; + else +#elif (CRYPTOPP_ALTIVEC_AVAILABLE) + if (HasAltivec()) + return "Altivec"; + else +#endif + return "C++"; } -template -void ChaCha_Policy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) +void ChaCha_Policy::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) { - word32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + CRYPTOPP_UNUSED(params); + CRYPTOPP_ASSERT(length == 16 || length == 32); - while (iterationCount--) - { - x0 = m_state[0]; x1 = m_state[1]; x2 = m_state[2]; x3 = m_state[3]; - x4 = m_state[4]; x5 = m_state[5]; x6 = m_state[6]; x7 = m_state[7]; - x8 = m_state[8]; x9 = m_state[9]; x10 = m_state[10]; x11 = m_state[11]; - x12 = m_state[12]; x13 = m_state[13]; x14 = m_state[14]; x15 = m_state[15]; + m_rounds = params.GetIntValueWithDefault(Name::Rounds(), 20); + if (!(m_rounds == 8 || m_rounds == 12 || m_rounds == 20)) + throw InvalidRounds(ChaCha::StaticAlgorithmName(), m_rounds); - for (int i = static_cast(ROUNDS); i > 0; i -= 2) - { - CHACHA_QUARTER_ROUND(x0, x4, x8, x12); - CHACHA_QUARTER_ROUND(x1, x5, x9, x13); - CHACHA_QUARTER_ROUND(x2, x6, x10, x14); - CHACHA_QUARTER_ROUND(x3, x7, x11, x15); + // "expand 16-byte k" or "expand 32-byte k" + m_state[0] = 0x61707865; + m_state[1] = (length == 16) ? 0x3120646e : 0x3320646e; + m_state[2] = (length == 16) ? 0x79622d36 : 0x79622d32; + m_state[3] = 0x6b206574; - CHACHA_QUARTER_ROUND(x0, x5, x10, x15); - CHACHA_QUARTER_ROUND(x1, x6, x11, x12); - CHACHA_QUARTER_ROUND(x2, x7, x8, x13); - CHACHA_QUARTER_ROUND(x3, x4, x9, x14); - } + GetBlock get1(key); + get1(m_state[4])(m_state[5])(m_state[6])(m_state[7]); - #undef CHACHA_OUTPUT - #define CHACHA_OUTPUT(x){\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 0, x0 + m_state[0]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 1, x1 + m_state[1]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 2, x2 + m_state[2]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 3, x3 + m_state[3]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 4, x4 + m_state[4]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 5, x5 + m_state[5]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 6, x6 + m_state[6]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 7, x7 + m_state[7]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 8, x8 + m_state[8]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 9, x9 + m_state[9]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 10, x10 + m_state[10]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 11, x11 + m_state[11]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 12, x12 + m_state[12]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 13, x13 + m_state[13]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 14, x14 + m_state[14]);\ - CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, LITTLE_ENDIAN_ORDER, 15, x15 + m_state[15]);} + GetBlock get2(key + ((length == 32) ? 16 : 0)); + get2(m_state[8])(m_state[9])(m_state[10])(m_state[11]); +} -#ifndef CRYPTOPP_DOXYGEN_PROCESSING - CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(CHACHA_OUTPUT, BYTES_PER_ITERATION); +void ChaCha_Policy::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length) +{ + CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length); + CRYPTOPP_ASSERT(length==8); + + GetBlock get(IV); + m_state[12] = m_state[13] = 0; + get(m_state[14])(m_state[15]); +} + +void ChaCha_Policy::SeekToIteration(lword iterationCount) +{ + m_state[12] = (word32)iterationCount; // low word + m_state[13] = (word32)SafeRightShift<32>(iterationCount); +} + +unsigned int ChaCha_Policy::GetAlignment() const +{ +#if (CRYPTOPP_AVX2_AVAILABLE) + if (HasAVX2()) + return 16; + else +#endif +#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE || CRYPTOPP_SSE2_ASM_AVAILABLE) + if (HasSSE2()) + return 16; + else +#endif +#if (CRYPTOPP_ALTIVEC_AVAILABLE) + if (HasAltivec()) + return 16; + else +#endif + return GetAlignmentOf(); +} + +unsigned int ChaCha_Policy::GetOptimalBlockSize() const +{ +#if (CRYPTOPP_AVX2_AVAILABLE) + if (HasAVX2()) + return 8 * BYTES_PER_ITERATION; + else +#endif +#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE || CRYPTOPP_SSE2_ASM_AVAILABLE) + if (HasSSE2()) + return 4*BYTES_PER_ITERATION; + else +#endif +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + return 4*BYTES_PER_ITERATION; + else +#endif +#if (CRYPTOPP_ALTIVEC_AVAILABLE) + if (HasAltivec()) + return 4*BYTES_PER_ITERATION; + else +#endif + return BYTES_PER_ITERATION; +} + +bool ChaCha_Policy::MultiBlockSafe(unsigned int blocks) const +{ + return 0xffffffff - m_state[12] > blocks; +} + +// OperateKeystream always produces a key stream. The key stream is written +// to output. Optionally a message may be supplied to xor with the key stream. +// The message is input, and output = output ^ input. +void ChaCha_Policy::OperateKeystream(KeystreamOperation operation, + byte *output, const byte *input, size_t iterationCount) +{ + do + { +#if (CRYPTOPP_AVX2_AVAILABLE) + if (HasAVX2()) + { + while (iterationCount >= 8 && MultiBlockSafe(8)) + { + const bool xorInput = (operation & INPUT_NULL) != INPUT_NULL; + ChaCha_OperateKeystream_AVX2(m_state, xorInput ? input : NULLPTR, output, m_rounds); + + // MultiBlockSafe avoids overflow on the counter words + m_state[12] += 8; + //if (m_state[12] < 8) + // m_state[13]++; + + input += (!!xorInput) * 8 * BYTES_PER_ITERATION; + output += 8 * BYTES_PER_ITERATION; + iterationCount -= 8; + } + } #endif - ++m_state[12]; - m_state[13] += static_cast(m_state[12] == 0); - } -} +#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE || CRYPTOPP_SSE2_ASM_AVAILABLE) + if (HasSSE2()) + { + while (iterationCount >= 4 && MultiBlockSafe(4)) + { + const bool xorInput = (operation & INPUT_NULL) != INPUT_NULL; + ChaCha_OperateKeystream_SSE2(m_state, xorInput ? input : NULLPTR, output, m_rounds); -template class ChaCha_Policy<8>; -template class ChaCha_Policy<12>; -template class ChaCha_Policy<20>; + // MultiBlockSafe avoids overflow on the counter words + m_state[12] += 4; + //if (m_state[12] < 4) + // m_state[13]++; + + input += (!!xorInput)*4*BYTES_PER_ITERATION; + output += 4*BYTES_PER_ITERATION; + iterationCount -= 4; + } + } +#endif + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + { + while (iterationCount >= 4 && MultiBlockSafe(4)) + { + const bool xorInput = (operation & INPUT_NULL) != INPUT_NULL; + ChaCha_OperateKeystream_NEON(m_state, xorInput ? input : NULLPTR, output, m_rounds); + + // MultiBlockSafe avoids overflow on the counter words + m_state[12] += 4; + //if (m_state[12] < 4) + // m_state[13]++; + + input += (!!xorInput)*4*BYTES_PER_ITERATION; + output += 4*BYTES_PER_ITERATION; + iterationCount -= 4; + } + } +#endif + +#if (CRYPTOPP_POWER7_AVAILABLE) + if (HasPower7()) + { + while (iterationCount >= 4 && MultiBlockSafe(4)) + { + const bool xorInput = (operation & INPUT_NULL) != INPUT_NULL; + ChaCha_OperateKeystream_POWER7(m_state, xorInput ? input : NULLPTR, output, m_rounds); + + // MultiBlockSafe avoids overflow on the counter words + m_state[12] += 4; + //if (m_state[12] < 4) + // m_state[13]++; + + input += (!!xorInput)*4*BYTES_PER_ITERATION; + output += 4*BYTES_PER_ITERATION; + iterationCount -= 4; + } + } +#elif (CRYPTOPP_ALTIVEC_AVAILABLE) + if (HasAltivec()) + { + while (iterationCount >= 4 && MultiBlockSafe(4)) + { + const bool xorInput = (operation & INPUT_NULL) != INPUT_NULL; + ChaCha_OperateKeystream_ALTIVEC(m_state, xorInput ? input : NULLPTR, output, m_rounds); + + // MultiBlockSafe avoids overflow on the counter words + m_state[12] += 4; + //if (m_state[12] < 4) + // m_state[13]++; + + input += (!!xorInput)*4*BYTES_PER_ITERATION; + output += 4*BYTES_PER_ITERATION; + iterationCount -= 4; + } + } +#endif + + if (iterationCount) + { + word32 x0, x1, x2, x3, x4, x5, x6, x7, x8, x9, x10, x11, x12, x13, x14, x15; + + x0 = m_state[0]; x1 = m_state[1]; x2 = m_state[2]; x3 = m_state[3]; + x4 = m_state[4]; x5 = m_state[5]; x6 = m_state[6]; x7 = m_state[7]; + x8 = m_state[8]; x9 = m_state[9]; x10 = m_state[10]; x11 = m_state[11]; + x12 = m_state[12]; x13 = m_state[13]; x14 = m_state[14]; x15 = m_state[15]; + + for (int i = static_cast(m_rounds); i > 0; i -= 2) + { + CHACHA_QUARTER_ROUND(x0, x4, x8, x12); + CHACHA_QUARTER_ROUND(x1, x5, x9, x13); + CHACHA_QUARTER_ROUND(x2, x6, x10, x14); + CHACHA_QUARTER_ROUND(x3, x7, x11, x15); + + CHACHA_QUARTER_ROUND(x0, x5, x10, x15); + CHACHA_QUARTER_ROUND(x1, x6, x11, x12); + CHACHA_QUARTER_ROUND(x2, x7, x8, x13); + CHACHA_QUARTER_ROUND(x3, x4, x9, x14); + } + + CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(CHACHA_OUTPUT, BYTES_PER_ITERATION); + + if (++m_state[12] == 0) + m_state[13]++; + } + + // We may re-enter a SIMD keystream operation from here. + } while (iterationCount--); +} NAMESPACE_END - diff --git a/vendor/cryptopp/vendor_cryptopp/chacha.h b/vendor/cryptopp/vendor_cryptopp/chacha.h index 81c9f8ea..39246c0f 100644 --- a/vendor/cryptopp/vendor_cryptopp/chacha.h +++ b/vendor/cryptopp/vendor_cryptopp/chacha.h @@ -1,6 +1,7 @@ // chacha.h - written and placed in the public domain by Jeffrey Walton. -// Based on Wei Dai's Salsa20 and Bernstein's reference ChaCha -// family implementation at http://cr.yp.to/chacha.html. +// Based on Wei Dai's Salsa20, Botan's SSE2 implementation, +// and Bernstein's reference ChaCha family implementation at +// http://cr.yp.to/chacha.html. /// \file chacha.h /// \brief Classes for ChaCha8, ChaCha12 and ChaCha20 stream ciphers @@ -20,64 +21,63 @@ NAMESPACE_BEGIN(CryptoPP) /// \brief ChaCha stream cipher information /// \since Crypto++ 5.6.4 -template -struct ChaCha_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8>, public FixedRounds +struct ChaCha_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8> { - CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { - return (R==8?"ChaCha8":(R==12?"ChaCha12":(R==20?"ChaCha20":"ChaCha"))); - } + /// \brief The algorithm name + /// \returns the algorithm name + /// \details StaticAlgorithmName returns the algorithm's name as a static + /// member function. + /// \details Bernstein named the cipher variants ChaCha8, ChaCha12 and + /// ChaCha20. More generally, Bernstein called the family ChaCha{r}. + /// AlgorithmName() provides the exact name once rounds are set. + static const char* StaticAlgorithmName() { + return "ChaCha"; + } }; /// \brief ChaCha stream cipher implementation /// \since Crypto++ 5.6.4 -template class CRYPTOPP_NO_VTABLE ChaCha_Policy : public AdditiveCipherConcretePolicy { +public: + ~ChaCha_Policy() {} + ChaCha_Policy() : m_rounds(0) {} + protected: - CRYPTOPP_CONSTANT(ROUNDS=FixedRounds::ROUNDS) + void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); + void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); + void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); + bool CipherIsRandomAccess() const {return true;} + void SeekToIteration(lword iterationCount); + unsigned int GetAlignment() const; + unsigned int GetOptimalBlockSize() const; - void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); - void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); - void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); - bool CipherIsRandomAccess() const {return false;} // TODO - void SeekToIteration(lword iterationCount); - unsigned int GetAlignment() const; - unsigned int GetOptimalBlockSize() const; + std::string AlgorithmName() const; + std::string AlgorithmProvider() const; - FixedSizeAlignedSecBlock m_state; + // MultiBlockSafe detects a condition that can arise in the SIMD + // implementations where we overflow one of the 32-bit state words + // during addition in an intermediate result. Conditions to trigger + // issue include a user seeks to around 2^32 blocks (256 GB of data). + // https://github.com/weidai11/cryptopp/issues/732 + inline bool MultiBlockSafe(unsigned int blocks) const; + + FixedSizeAlignedSecBlock m_state; + unsigned int m_rounds; }; -/// \brief ChaCha8 stream cipher -/// \sa ChaCha, a variant of Salsa20 (2008.01.28). +/// \brief ChaCha stream cipher +/// \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working +/// group's implementation for cipher suites +/// TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +/// TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, and +/// TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256. +/// \sa ChaCha, a variant of Salsa20 (2008.01.28). /// \since Crypto++ 5.6.4 -struct ChaCha8 : public ChaCha_Info<8>, public SymmetricCipherDocumentation +struct ChaCha : public ChaCha_Info, public SymmetricCipherDocumentation { - typedef SymmetricCipherFinal, AdditiveCipherTemplate<> >, ChaCha_Info<8> > Encryption; - typedef Encryption Decryption; -}; - -/// \brief ChaCha12 stream cipher -/// \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working group's implementation for -/// cipher suites TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, -/// TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, and TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256. -/// \sa ChaCha, a variant of Salsa20 (2008.01.28). -/// \since Crypto++ 5.6.4 -struct ChaCha12 : public ChaCha_Info<12>, public SymmetricCipherDocumentation -{ - typedef SymmetricCipherFinal, AdditiveCipherTemplate<> >, ChaCha_Info<12> > Encryption; - typedef Encryption Decryption; -}; - -/// \brief ChaCha20 stream cipher -/// \sa ChaCha, a variant of Salsa20 (2008.01.28). -/// \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working group's implementation for -/// cipher suites TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, -/// TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, and TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256. -/// \since Crypto++ 5.6.4 -struct ChaCha20 : public ChaCha_Info<20>, public SymmetricCipherDocumentation -{ - typedef SymmetricCipherFinal, AdditiveCipherTemplate<> >, ChaCha_Info<20> > Encryption; - typedef Encryption Decryption; + typedef SymmetricCipherFinal >, ChaCha_Info > Encryption; + typedef Encryption Decryption; }; NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/chacha_avx.cpp b/vendor/cryptopp/vendor_cryptopp/chacha_avx.cpp new file mode 100644 index 00000000..20693488 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/chacha_avx.cpp @@ -0,0 +1,389 @@ +// chacha_avx.cpp - written and placed in the public domain by +// Jack Lloyd and Jeffrey Walton +// +// This source file uses intrinsics and built-ins to gain access to +// AVX2 instructions. A separate source file is needed because +// additional CXXFLAGS are required to enable the appropriate +// instructions sets in some build configurations. +// +// AVX2 implementation based on Botan's chacha_avx.cpp. Many thanks +// to Jack Lloyd and the Botan team for allowing us to use it. +// +// Here are some relative numbers for ChaCha8: +// * Intel Skylake, 3.0 GHz: AVX2 at 4411 MB/s; 0.57 cpb. +// * Intel Broadwell, 2.3 GHz: AVX2 at 3828 MB/s; 0.58 cpb. +// * AMD Bulldozer, 3.3 GHz: AVX2 at 1680 MB/s; 1.47 cpb. + +#include "pch.h" +#include "config.h" + +#include "chacha.h" +#include "misc.h" + +#if defined(CRYPTOPP_AVX2_AVAILABLE) +# include +# include +# include +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char CHACHA_AVX_FNAME[] = __FILE__; + +// Sun Studio 12.4 OK, 12.5 and 12.6 compile error. +#if (__SUNPRO_CC >= 0x5140) && (__SUNPRO_CC <= 0x5150) +# define MAYBE_CONST +#else +# define MAYBE_CONST const +#endif + +// VS2017 and global optimization bug. TODO, figure out when +// we can re-enable full optimizations for VS2017. Also see +// https://github.com/weidai11/cryptopp/issues/649 and +// https://github.com/weidai11/cryptopp/issues/735. The +// 649 issue affects AES but it is the same here. The 735 +// issue is ChaCha AVX2 cut-in where it surfaced again. +#if (_MSC_VER >= 1910) +# ifndef CRYPTOPP_DEBUG +# pragma optimize("", off) +# pragma optimize("ts", on) +# endif +#endif + +// The data is aligned, but Clang issues warning based on type +// and not the actual alignment of the variable and data. +#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE +# pragma GCC diagnostic ignored "-Wcast-align" +#endif + +ANONYMOUS_NAMESPACE_BEGIN + +#if (CRYPTOPP_AVX2_AVAILABLE) + +template +inline __m256i RotateLeft(const __m256i val) +{ + return _mm256_or_si256(_mm256_slli_epi32(val, R), _mm256_srli_epi32(val, 32-R)); +} + +template <> +inline __m256i RotateLeft<8>(const __m256i val) +{ + const __m256i mask = _mm256_set_epi8(14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3, + 14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3); + return _mm256_shuffle_epi8(val, mask); +} + +template <> +inline __m256i RotateLeft<16>(const __m256i val) +{ + const __m256i mask = _mm256_set_epi8(13,12,15,14, 9,8,11,10, 5,4,7,6, 1,0,3,2, + 13,12,15,14, 9,8,11,10, 5,4,7,6, 1,0,3,2); + return _mm256_shuffle_epi8(val, mask); +} + +#endif // CRYPTOPP_AVX2_AVAILABLE + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +#if (CRYPTOPP_AVX2_AVAILABLE) + +void ChaCha_OperateKeystream_AVX2(const word32 *state, const byte* input, byte *output, unsigned int rounds) +{ + MAYBE_CONST __m128i* state_mm = (MAYBE_CONST __m128i*)(state); + MAYBE_CONST __m256i* input_mm = (MAYBE_CONST __m256i*)(input); + __m256i* output_mm = reinterpret_cast<__m256i*>(output); + + const __m256i state0 = _mm256_broadcastsi128_si256(_mm_loadu_si128(state_mm + 0)); + const __m256i state1 = _mm256_broadcastsi128_si256(_mm_loadu_si128(state_mm + 1)); + const __m256i state2 = _mm256_broadcastsi128_si256(_mm_loadu_si128(state_mm + 2)); + const __m256i state3 = _mm256_broadcastsi128_si256(_mm_loadu_si128(state_mm + 3)); + + const __m256i CTR0 = _mm256_set_epi32(0, 0, 0, 0, 0, 0, 0, 4); + const __m256i CTR1 = _mm256_set_epi32(0, 0, 0, 1, 0, 0, 0, 5); + const __m256i CTR2 = _mm256_set_epi32(0, 0, 0, 2, 0, 0, 0, 6); + const __m256i CTR3 = _mm256_set_epi32(0, 0, 0, 3, 0, 0, 0, 7); + + __m256i X0_0 = state0; + __m256i X0_1 = state1; + __m256i X0_2 = state2; + __m256i X0_3 = _mm256_add_epi64(state3, CTR0); + + __m256i X1_0 = state0; + __m256i X1_1 = state1; + __m256i X1_2 = state2; + __m256i X1_3 = _mm256_add_epi64(state3, CTR1); + + __m256i X2_0 = state0; + __m256i X2_1 = state1; + __m256i X2_2 = state2; + __m256i X2_3 = _mm256_add_epi64(state3, CTR2); + + __m256i X3_0 = state0; + __m256i X3_1 = state1; + __m256i X3_2 = state2; + __m256i X3_3 = _mm256_add_epi64(state3, CTR3); + + for (int i = static_cast(rounds); i > 0; i -= 2) + { + X0_0 = _mm256_add_epi32(X0_0, X0_1); + X1_0 = _mm256_add_epi32(X1_0, X1_1); + X2_0 = _mm256_add_epi32(X2_0, X2_1); + X3_0 = _mm256_add_epi32(X3_0, X3_1); + + X0_3 = _mm256_xor_si256(X0_3, X0_0); + X1_3 = _mm256_xor_si256(X1_3, X1_0); + X2_3 = _mm256_xor_si256(X2_3, X2_0); + X3_3 = _mm256_xor_si256(X3_3, X3_0); + + X0_3 = RotateLeft<16>(X0_3); + X1_3 = RotateLeft<16>(X1_3); + X2_3 = RotateLeft<16>(X2_3); + X3_3 = RotateLeft<16>(X3_3); + + X0_2 = _mm256_add_epi32(X0_2, X0_3); + X1_2 = _mm256_add_epi32(X1_2, X1_3); + X2_2 = _mm256_add_epi32(X2_2, X2_3); + X3_2 = _mm256_add_epi32(X3_2, X3_3); + + X0_1 = _mm256_xor_si256(X0_1, X0_2); + X1_1 = _mm256_xor_si256(X1_1, X1_2); + X2_1 = _mm256_xor_si256(X2_1, X2_2); + X3_1 = _mm256_xor_si256(X3_1, X3_2); + + X0_1 = RotateLeft<12>(X0_1); + X1_1 = RotateLeft<12>(X1_1); + X2_1 = RotateLeft<12>(X2_1); + X3_1 = RotateLeft<12>(X3_1); + + X0_0 = _mm256_add_epi32(X0_0, X0_1); + X1_0 = _mm256_add_epi32(X1_0, X1_1); + X2_0 = _mm256_add_epi32(X2_0, X2_1); + X3_0 = _mm256_add_epi32(X3_0, X3_1); + + X0_3 = _mm256_xor_si256(X0_3, X0_0); + X1_3 = _mm256_xor_si256(X1_3, X1_0); + X2_3 = _mm256_xor_si256(X2_3, X2_0); + X3_3 = _mm256_xor_si256(X3_3, X3_0); + + X0_3 = RotateLeft<8>(X0_3); + X1_3 = RotateLeft<8>(X1_3); + X2_3 = RotateLeft<8>(X2_3); + X3_3 = RotateLeft<8>(X3_3); + + X0_2 = _mm256_add_epi32(X0_2, X0_3); + X1_2 = _mm256_add_epi32(X1_2, X1_3); + X2_2 = _mm256_add_epi32(X2_2, X2_3); + X3_2 = _mm256_add_epi32(X3_2, X3_3); + + X0_1 = _mm256_xor_si256(X0_1, X0_2); + X1_1 = _mm256_xor_si256(X1_1, X1_2); + X2_1 = _mm256_xor_si256(X2_1, X2_2); + X3_1 = _mm256_xor_si256(X3_1, X3_2); + + X0_1 = RotateLeft<7>(X0_1); + X1_1 = RotateLeft<7>(X1_1); + X2_1 = RotateLeft<7>(X2_1); + X3_1 = RotateLeft<7>(X3_1); + + X0_1 = _mm256_shuffle_epi32(X0_1, _MM_SHUFFLE(0, 3, 2, 1)); + X0_2 = _mm256_shuffle_epi32(X0_2, _MM_SHUFFLE(1, 0, 3, 2)); + X0_3 = _mm256_shuffle_epi32(X0_3, _MM_SHUFFLE(2, 1, 0, 3)); + + X1_1 = _mm256_shuffle_epi32(X1_1, _MM_SHUFFLE(0, 3, 2, 1)); + X1_2 = _mm256_shuffle_epi32(X1_2, _MM_SHUFFLE(1, 0, 3, 2)); + X1_3 = _mm256_shuffle_epi32(X1_3, _MM_SHUFFLE(2, 1, 0, 3)); + + X2_1 = _mm256_shuffle_epi32(X2_1, _MM_SHUFFLE(0, 3, 2, 1)); + X2_2 = _mm256_shuffle_epi32(X2_2, _MM_SHUFFLE(1, 0, 3, 2)); + X2_3 = _mm256_shuffle_epi32(X2_3, _MM_SHUFFLE(2, 1, 0, 3)); + + X3_1 = _mm256_shuffle_epi32(X3_1, _MM_SHUFFLE(0, 3, 2, 1)); + X3_2 = _mm256_shuffle_epi32(X3_2, _MM_SHUFFLE(1, 0, 3, 2)); + X3_3 = _mm256_shuffle_epi32(X3_3, _MM_SHUFFLE(2, 1, 0, 3)); + + X0_0 = _mm256_add_epi32(X0_0, X0_1); + X1_0 = _mm256_add_epi32(X1_0, X1_1); + X2_0 = _mm256_add_epi32(X2_0, X2_1); + X3_0 = _mm256_add_epi32(X3_0, X3_1); + + X0_3 = _mm256_xor_si256(X0_3, X0_0); + X1_3 = _mm256_xor_si256(X1_3, X1_0); + X2_3 = _mm256_xor_si256(X2_3, X2_0); + X3_3 = _mm256_xor_si256(X3_3, X3_0); + + X0_3 = RotateLeft<16>(X0_3); + X1_3 = RotateLeft<16>(X1_3); + X2_3 = RotateLeft<16>(X2_3); + X3_3 = RotateLeft<16>(X3_3); + + X0_2 = _mm256_add_epi32(X0_2, X0_3); + X1_2 = _mm256_add_epi32(X1_2, X1_3); + X2_2 = _mm256_add_epi32(X2_2, X2_3); + X3_2 = _mm256_add_epi32(X3_2, X3_3); + + X0_1 = _mm256_xor_si256(X0_1, X0_2); + X1_1 = _mm256_xor_si256(X1_1, X1_2); + X2_1 = _mm256_xor_si256(X2_1, X2_2); + X3_1 = _mm256_xor_si256(X3_1, X3_2); + + X0_1 = RotateLeft<12>(X0_1); + X1_1 = RotateLeft<12>(X1_1); + X2_1 = RotateLeft<12>(X2_1); + X3_1 = RotateLeft<12>(X3_1); + + X0_0 = _mm256_add_epi32(X0_0, X0_1); + X1_0 = _mm256_add_epi32(X1_0, X1_1); + X2_0 = _mm256_add_epi32(X2_0, X2_1); + X3_0 = _mm256_add_epi32(X3_0, X3_1); + + X0_3 = _mm256_xor_si256(X0_3, X0_0); + X1_3 = _mm256_xor_si256(X1_3, X1_0); + X2_3 = _mm256_xor_si256(X2_3, X2_0); + X3_3 = _mm256_xor_si256(X3_3, X3_0); + + X0_3 = RotateLeft<8>(X0_3); + X1_3 = RotateLeft<8>(X1_3); + X2_3 = RotateLeft<8>(X2_3); + X3_3 = RotateLeft<8>(X3_3); + + X0_2 = _mm256_add_epi32(X0_2, X0_3); + X1_2 = _mm256_add_epi32(X1_2, X1_3); + X2_2 = _mm256_add_epi32(X2_2, X2_3); + X3_2 = _mm256_add_epi32(X3_2, X3_3); + + X0_1 = _mm256_xor_si256(X0_1, X0_2); + X1_1 = _mm256_xor_si256(X1_1, X1_2); + X2_1 = _mm256_xor_si256(X2_1, X2_2); + X3_1 = _mm256_xor_si256(X3_1, X3_2); + + X0_1 = RotateLeft<7>(X0_1); + X1_1 = RotateLeft<7>(X1_1); + X2_1 = RotateLeft<7>(X2_1); + X3_1 = RotateLeft<7>(X3_1); + + X0_1 = _mm256_shuffle_epi32(X0_1, _MM_SHUFFLE(2, 1, 0, 3)); + X0_2 = _mm256_shuffle_epi32(X0_2, _MM_SHUFFLE(1, 0, 3, 2)); + X0_3 = _mm256_shuffle_epi32(X0_3, _MM_SHUFFLE(0, 3, 2, 1)); + + X1_1 = _mm256_shuffle_epi32(X1_1, _MM_SHUFFLE(2, 1, 0, 3)); + X1_2 = _mm256_shuffle_epi32(X1_2, _MM_SHUFFLE(1, 0, 3, 2)); + X1_3 = _mm256_shuffle_epi32(X1_3, _MM_SHUFFLE(0, 3, 2, 1)); + + X2_1 = _mm256_shuffle_epi32(X2_1, _MM_SHUFFLE(2, 1, 0, 3)); + X2_2 = _mm256_shuffle_epi32(X2_2, _MM_SHUFFLE(1, 0, 3, 2)); + X2_3 = _mm256_shuffle_epi32(X2_3, _MM_SHUFFLE(0, 3, 2, 1)); + + X3_1 = _mm256_shuffle_epi32(X3_1, _MM_SHUFFLE(2, 1, 0, 3)); + X3_2 = _mm256_shuffle_epi32(X3_2, _MM_SHUFFLE(1, 0, 3, 2)); + X3_3 = _mm256_shuffle_epi32(X3_3, _MM_SHUFFLE(0, 3, 2, 1)); + } + + X0_0 = _mm256_add_epi32(X0_0, state0); + X0_1 = _mm256_add_epi32(X0_1, state1); + X0_2 = _mm256_add_epi32(X0_2, state2); + X0_3 = _mm256_add_epi32(X0_3, state3); + X0_3 = _mm256_add_epi64(X0_3, CTR0); + + X1_0 = _mm256_add_epi32(X1_0, state0); + X1_1 = _mm256_add_epi32(X1_1, state1); + X1_2 = _mm256_add_epi32(X1_2, state2); + X1_3 = _mm256_add_epi32(X1_3, state3); + X1_3 = _mm256_add_epi64(X1_3, CTR1); + + X2_0 = _mm256_add_epi32(X2_0, state0); + X2_1 = _mm256_add_epi32(X2_1, state1); + X2_2 = _mm256_add_epi32(X2_2, state2); + X2_3 = _mm256_add_epi32(X2_3, state3); + X2_3 = _mm256_add_epi64(X2_3, CTR2); + + X3_0 = _mm256_add_epi32(X3_0, state0); + X3_1 = _mm256_add_epi32(X3_1, state1); + X3_2 = _mm256_add_epi32(X3_2, state2); + X3_3 = _mm256_add_epi32(X3_3, state3); + X3_3 = _mm256_add_epi64(X3_3, CTR3); + + if (input_mm) + { + _mm256_storeu_si256(output_mm + 0, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 0), + _mm256_permute2x128_si256(X0_0, X0_1, 1 + (3 << 4)))); + _mm256_storeu_si256(output_mm + 1, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 1), + _mm256_permute2x128_si256(X0_2, X0_3, 1 + (3 << 4)))); + _mm256_storeu_si256(output_mm + 2, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 2), + _mm256_permute2x128_si256(X1_0, X1_1, 1 + (3 << 4)))); + _mm256_storeu_si256(output_mm + 3, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 3), + _mm256_permute2x128_si256(X1_2, X1_3, 1 + (3 << 4)))); + } + else + { + _mm256_storeu_si256(output_mm + 0, _mm256_permute2x128_si256(X0_0, X0_1, 1 + (3 << 4))); + _mm256_storeu_si256(output_mm + 1, _mm256_permute2x128_si256(X0_2, X0_3, 1 + (3 << 4))); + _mm256_storeu_si256(output_mm + 2, _mm256_permute2x128_si256(X1_0, X1_1, 1 + (3 << 4))); + _mm256_storeu_si256(output_mm + 3, _mm256_permute2x128_si256(X1_2, X1_3, 1 + (3 << 4))); + } + + if (input_mm) + { + _mm256_storeu_si256(output_mm + 4, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 4), + _mm256_permute2x128_si256(X2_0, X2_1, 1 + (3 << 4)))); + _mm256_storeu_si256(output_mm + 5, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 5), + _mm256_permute2x128_si256(X2_2, X2_3, 1 + (3 << 4)))); + _mm256_storeu_si256(output_mm + 6, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 6), + _mm256_permute2x128_si256(X3_0, X3_1, 1 + (3 << 4)))); + _mm256_storeu_si256(output_mm + 7, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 7), + _mm256_permute2x128_si256(X3_2, X3_3, 1 + (3 << 4)))); + } + else + { + _mm256_storeu_si256(output_mm + 4, _mm256_permute2x128_si256(X2_0, X2_1, 1 + (3 << 4))); + _mm256_storeu_si256(output_mm + 5, _mm256_permute2x128_si256(X2_2, X2_3, 1 + (3 << 4))); + _mm256_storeu_si256(output_mm + 6, _mm256_permute2x128_si256(X3_0, X3_1, 1 + (3 << 4))); + _mm256_storeu_si256(output_mm + 7, _mm256_permute2x128_si256(X3_2, X3_3, 1 + (3 << 4))); + } + + if (input_mm) + { + _mm256_storeu_si256(output_mm + 8, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 8), + _mm256_permute2x128_si256(X0_0, X0_1, 0 + (2 << 4)))); + _mm256_storeu_si256(output_mm + 9, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 9), + _mm256_permute2x128_si256(X0_2, X0_3, 0 + (2 << 4)))); + _mm256_storeu_si256(output_mm + 10, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 10), + _mm256_permute2x128_si256(X1_0, X1_1, 0 + (2 << 4)))); + _mm256_storeu_si256(output_mm + 11, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 11), + _mm256_permute2x128_si256(X1_2, X1_3, 0 + (2 << 4)))); + } + else + { + _mm256_storeu_si256(output_mm + 8, _mm256_permute2x128_si256(X0_0, X0_1, 0 + (2 << 4))); + _mm256_storeu_si256(output_mm + 9, _mm256_permute2x128_si256(X0_2, X0_3, 0 + (2 << 4))); + _mm256_storeu_si256(output_mm + 10, _mm256_permute2x128_si256(X1_0, X1_1, 0 + (2 << 4))); + _mm256_storeu_si256(output_mm + 11, _mm256_permute2x128_si256(X1_2, X1_3, 0 + (2 << 4))); + } + + if (input_mm) + { + _mm256_storeu_si256(output_mm + 12, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 12), + _mm256_permute2x128_si256(X2_0, X2_1, 0 + (2 << 4)))); + _mm256_storeu_si256(output_mm + 13, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 13), + _mm256_permute2x128_si256(X2_2, X2_3, 0 + (2 << 4)))); + _mm256_storeu_si256(output_mm + 14, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 14), + _mm256_permute2x128_si256(X3_0, X3_1, 0 + (2 << 4)))); + _mm256_storeu_si256(output_mm + 15, _mm256_xor_si256(_mm256_loadu_si256(input_mm + 15), + _mm256_permute2x128_si256(X3_2, X3_3, 0 + (2 << 4)))); + } + else + { + _mm256_storeu_si256(output_mm + 12, _mm256_permute2x128_si256(X2_0, X2_1, 0 + (2 << 4))); + _mm256_storeu_si256(output_mm + 13, _mm256_permute2x128_si256(X2_2, X2_3, 0 + (2 << 4))); + _mm256_storeu_si256(output_mm + 14, _mm256_permute2x128_si256(X3_0, X3_1, 0 + (2 << 4))); + _mm256_storeu_si256(output_mm + 15, _mm256_permute2x128_si256(X3_2, X3_3, 0 + (2 << 4))); + } + + // https://software.intel.com/en-us/articles/avoiding-avx-sse-transition-penalties + _mm256_zeroupper(); +} + +#endif // CRYPTOPP_AVX2_AVAILABLE + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/chacha_simd.cpp b/vendor/cryptopp/vendor_cryptopp/chacha_simd.cpp new file mode 100644 index 00000000..307d4945 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/chacha_simd.cpp @@ -0,0 +1,1112 @@ +// chacha_simd.cpp - written and placed in the public domain by +// Jack Lloyd and Jeffrey Walton +// +// This source file uses intrinsics and built-ins to gain access to +// SSE2, ARM NEON and ARMv8a, Power7 and Altivec instructions. A separate +// source file is needed because additional CXXFLAGS are required to enable +// the appropriate instructions sets in some build configurations. +// +// SSE2 implementation based on Botan's chacha_sse2.cpp. Many thanks +// to Jack Lloyd and the Botan team for allowing us to use it. +// +// The SSE2 implementation is kind of unusual among Crypto++ algorithms. +// We guard on CRYTPOPP_SSE2_AVAILABLE and use HasSSE2() at runtime. However, +// if the compiler says a target machine has SSSE3 or XOP available (say, by +// way of -march=native), then we can pull another 150 to 800 MB/s out of +// ChaCha. To capture SSSE3 and XOP we use the compiler defines __SSSE3__ and +// __XOP__ and forgo runtime tests. +// +// Runtime tests for HasSSSE3() and HasXop() are too expensive to make a +// sub-case of SSE2. The rotates are on a critical path and the runtime tests +// crush performance. +// +// Here are some relative numbers for ChaCha8: +// * Intel Skylake, 3.0 GHz: SSE2 at 2160 MB/s; SSSE3 at 2310 MB/s. +// * AMD Bulldozer, 3.3 GHz: SSE2 at 1680 MB/s; XOP at 2510 MB/s. + +#include "pch.h" +#include "config.h" + +#include "chacha.h" +#include "misc.h" + +#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE || CRYPTOPP_SSE2_ASM_AVAILABLE) +# include +# include +#endif + +#if defined(__SSSE3__) +# include +#endif + +#if defined(__XOP__) +# include +#endif + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +# include +#endif + +// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many +// compilers don't follow ACLE conventions for the include. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +# include +#endif + +#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) +# include "ppc_simd.h" +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char CHACHA_SIMD_FNAME[] = __FILE__; + +ANONYMOUS_NAMESPACE_BEGIN + +// ***************************** NEON ***************************** // + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + +template +inline uint32x4_t RotateLeft(const uint32x4_t& val) +{ + return vorrq_u32(vshlq_n_u32(val, R), vshrq_n_u32(val, 32 - R)); +} + +template +inline uint32x4_t RotateRight(const uint32x4_t& val) +{ + return vorrq_u32(vshlq_n_u32(val, 32 - R), vshrq_n_u32(val, R)); +} + +template <> +inline uint32x4_t RotateLeft<8>(const uint32x4_t& val) +{ +#if defined(__aarch32__) || defined(__aarch64__) + const uint8_t maskb[16] = { 3,0,1,2, 7,4,5,6, 11,8,9,10, 15,12,13,14 }; + const uint8x16_t mask = vld1q_u8(maskb); + + return vreinterpretq_u32_u8( + vqtbl1q_u8(vreinterpretq_u8_u32(val), mask)); +#else + // fallback to slower C++ rotation. + return vorrq_u32(vshlq_n_u32(val, 8), + vshrq_n_u32(val, 32 - 8)); +#endif +} + +template <> +inline uint32x4_t RotateLeft<16>(const uint32x4_t& val) +{ +#if defined(__aarch32__) || defined(__aarch64__) + return vreinterpretq_u32_u16( + vrev32q_u16(vreinterpretq_u16_u32(val))); +#else + // fallback to slower C++ rotation. + return vorrq_u32(vshlq_n_u32(val, 16), + vshrq_n_u32(val, 32 - 16)); +#endif +} + +template <> +inline uint32x4_t RotateRight<8>(const uint32x4_t& val) +{ +#if defined(__aarch32__) || defined(__aarch64__) + const uint8_t maskb[16] = { 1,2,3,0, 5,6,7,4, 9,10,11,8, 13,14,15,12 }; + const uint8x16_t mask = vld1q_u8(maskb); + + return vreinterpretq_u32_u8( + vqtbl1q_u8(vreinterpretq_u8_u32(val), mask)); +#else + // fallback to slower C++ rotation. + return vorrq_u32(vshrq_n_u32(val, 8), + vshlq_n_u32(val, 32 - 8)); +#endif +} + +template <> +inline uint32x4_t RotateRight<16>(const uint32x4_t& val) +{ +#if defined(__aarch32__) || defined(__aarch64__) + return vreinterpretq_u32_u16( + vrev32q_u16(vreinterpretq_u16_u32(val))); +#else + // fallback to slower C++ rotation. + return vorrq_u32(vshrq_n_u32(val, 16), + vshlq_n_u32(val, 32 - 16)); +#endif +} + +// ChaCha's use of x86 shuffle is really a 4, 8, or 12 byte +// rotation on the 128-bit vector word: +// * [3,2,1,0] => [0,3,2,1] is Extract<1>(x) +// * [3,2,1,0] => [1,0,3,2] is Extract<2>(x) +// * [3,2,1,0] => [2,1,0,3] is Extract<3>(x) +template +inline uint32x4_t Extract(const uint32x4_t& val) +{ + return vextq_u32(val, val, S); +} + +// Helper to perform 64-bit addition across two elements of 32-bit vectors +inline uint32x4_t Add64(const uint32x4_t& a, const uint32x4_t& b) +{ + return vreinterpretq_u32_u64( + vaddq_u64( + vreinterpretq_u64_u32(a), + vreinterpretq_u64_u32(b))); +} + +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +// ***************************** SSE2 ***************************** // + +#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE || CRYPTOPP_SSE2_ASM_AVAILABLE) + +template +inline __m128i RotateLeft(const __m128i val) +{ +#ifdef __XOP__ + return _mm_roti_epi32(val, R); +#else + return _mm_or_si128(_mm_slli_epi32(val, R), _mm_srli_epi32(val, 32-R)); +#endif +} + +template <> +inline __m128i RotateLeft<8>(const __m128i val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 8); +#elif defined(__SSSE3__) + const __m128i mask = _mm_set_epi8(14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3); + return _mm_shuffle_epi8(val, mask); +#else + return _mm_or_si128(_mm_slli_epi32(val, 8), _mm_srli_epi32(val, 32-8)); +#endif +} + +template <> +inline __m128i RotateLeft<16>(const __m128i val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 16); +#elif defined(__SSSE3__) + const __m128i mask = _mm_set_epi8(13,12,15,14, 9,8,11,10, 5,4,7,6, 1,0,3,2); + return _mm_shuffle_epi8(val, mask); +#else + return _mm_or_si128(_mm_slli_epi32(val, 16), _mm_srli_epi32(val, 32-16)); +#endif +} + +#endif // CRYPTOPP_SSE2_INTRIN_AVAILABLE || CRYPTOPP_SSE2_ASM_AVAILABLE + +// **************************** Altivec **************************** // + +#if (CRYPTOPP_ALTIVEC_AVAILABLE) + +// ChaCha_OperateKeystream_POWER7 is optimized for POWER7. However, Altivec +// is supported by using vec_ld and vec_st, and using a composite VecAdd +// that supports 64-bit element adds. vec_ld and vec_st add significant +// overhead when memory is not aligned. Despite the drawbacks Altivec +// is profitable. The numbers for ChaCha8 are: +// +// PowerMac, C++, 2.0 GHz: 205 MB/s, 9.29 cpb +// PowerMac, Altivec, 2.0 GHz: 471 MB/s, 4.09 cpb + +using CryptoPP::uint8x16_p; +using CryptoPP::uint32x4_p; +using CryptoPP::VecLoad; +using CryptoPP::VecStore; +using CryptoPP::VecPermute; + +// Permutes bytes in packed 32-bit words to little endian. +// State is already in proper endian order. Input and +// output must be permuted during load and save. +inline uint32x4_p VecLoad32LE(const uint8_t src[16]) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p mask = {3,2,1,0, 7,6,5,4, 11,10,9,8, 15,14,13,12}; + const uint32x4_p val = VecLoad(src); + return VecPermute(val, val, mask); +#else + return VecLoad(src); +#endif +} + +// Permutes bytes in packed 32-bit words to little endian. +// State is already in proper endian order. Input and +// output must be permuted during load and save. +inline void VecStore32LE(uint8_t dest[16], const uint32x4_p& val) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p mask = {3,2,1,0, 7,6,5,4, 11,10,9,8, 15,14,13,12}; + VecStore(VecPermute(val, val, mask), dest); +#else + return VecStore(val, dest); +#endif +} + +// ChaCha's use of x86 shuffle is really a 4, 8, or 12 byte +// rotation on the 128-bit vector word: +// * [3,2,1,0] => [0,3,2,1] is Shuffle<1>(x) +// * [3,2,1,0] => [1,0,3,2] is Shuffle<2>(x) +// * [3,2,1,0] => [2,1,0,3] is Shuffle<3>(x) +template +inline uint32x4_p Shuffle(const uint32x4_p& val) +{ + CRYPTOPP_ASSERT(0); + return val; +} + +template <> +inline uint32x4_p Shuffle<1>(const uint32x4_p& val) +{ + const uint8x16_p mask = {4,5,6,7, 8,9,10,11, 12,13,14,15, 0,1,2,3}; + return VecPermute(val, val, mask); +} + +template <> +inline uint32x4_p Shuffle<2>(const uint32x4_p& val) +{ + const uint8x16_p mask = {8,9,10,11, 12,13,14,15, 0,1,2,3, 4,5,6,7}; + return VecPermute(val, val, mask); +} + +template <> +inline uint32x4_p Shuffle<3>(const uint32x4_p& val) +{ + const uint8x16_p mask = {12,13,14,15, 0,1,2,3, 4,5,6,7, 8,9,10,11}; + return VecPermute(val, val, mask); +} + +#endif // CRYPTOPP_ALTIVEC_AVAILABLE + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +// ***************************** NEON ***************************** // + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + +void ChaCha_OperateKeystream_NEON(const word32 *state, const byte* input, byte *output, unsigned int rounds) +{ + const uint32x4_t state0 = vld1q_u32(state + 0*4); + const uint32x4_t state1 = vld1q_u32(state + 1*4); + const uint32x4_t state2 = vld1q_u32(state + 2*4); + const uint32x4_t state3 = vld1q_u32(state + 3*4); + + const uint32x4_t CTRS[3] = { + {1,0,0,0}, {2,0,0,0}, {3,0,0,0} + }; + + uint32x4_t r0_0 = state0; + uint32x4_t r0_1 = state1; + uint32x4_t r0_2 = state2; + uint32x4_t r0_3 = state3; + + uint32x4_t r1_0 = state0; + uint32x4_t r1_1 = state1; + uint32x4_t r1_2 = state2; + uint32x4_t r1_3 = Add64(r0_3, CTRS[0]); + + uint32x4_t r2_0 = state0; + uint32x4_t r2_1 = state1; + uint32x4_t r2_2 = state2; + uint32x4_t r2_3 = Add64(r0_3, CTRS[1]); + + uint32x4_t r3_0 = state0; + uint32x4_t r3_1 = state1; + uint32x4_t r3_2 = state2; + uint32x4_t r3_3 = Add64(r0_3, CTRS[2]); + + for (int i = static_cast(rounds); i > 0; i -= 2) + { + r0_0 = vaddq_u32(r0_0, r0_1); + r1_0 = vaddq_u32(r1_0, r1_1); + r2_0 = vaddq_u32(r2_0, r2_1); + r3_0 = vaddq_u32(r3_0, r3_1); + + r0_3 = veorq_u32(r0_3, r0_0); + r1_3 = veorq_u32(r1_3, r1_0); + r2_3 = veorq_u32(r2_3, r2_0); + r3_3 = veorq_u32(r3_3, r3_0); + + r0_3 = RotateLeft<16>(r0_3); + r1_3 = RotateLeft<16>(r1_3); + r2_3 = RotateLeft<16>(r2_3); + r3_3 = RotateLeft<16>(r3_3); + + r0_2 = vaddq_u32(r0_2, r0_3); + r1_2 = vaddq_u32(r1_2, r1_3); + r2_2 = vaddq_u32(r2_2, r2_3); + r3_2 = vaddq_u32(r3_2, r3_3); + + r0_1 = veorq_u32(r0_1, r0_2); + r1_1 = veorq_u32(r1_1, r1_2); + r2_1 = veorq_u32(r2_1, r2_2); + r3_1 = veorq_u32(r3_1, r3_2); + + r0_1 = RotateLeft<12>(r0_1); + r1_1 = RotateLeft<12>(r1_1); + r2_1 = RotateLeft<12>(r2_1); + r3_1 = RotateLeft<12>(r3_1); + + r0_0 = vaddq_u32(r0_0, r0_1); + r1_0 = vaddq_u32(r1_0, r1_1); + r2_0 = vaddq_u32(r2_0, r2_1); + r3_0 = vaddq_u32(r3_0, r3_1); + + r0_3 = veorq_u32(r0_3, r0_0); + r1_3 = veorq_u32(r1_3, r1_0); + r2_3 = veorq_u32(r2_3, r2_0); + r3_3 = veorq_u32(r3_3, r3_0); + + r0_3 = RotateLeft<8>(r0_3); + r1_3 = RotateLeft<8>(r1_3); + r2_3 = RotateLeft<8>(r2_3); + r3_3 = RotateLeft<8>(r3_3); + + r0_2 = vaddq_u32(r0_2, r0_3); + r1_2 = vaddq_u32(r1_2, r1_3); + r2_2 = vaddq_u32(r2_2, r2_3); + r3_2 = vaddq_u32(r3_2, r3_3); + + r0_1 = veorq_u32(r0_1, r0_2); + r1_1 = veorq_u32(r1_1, r1_2); + r2_1 = veorq_u32(r2_1, r2_2); + r3_1 = veorq_u32(r3_1, r3_2); + + r0_1 = RotateLeft<7>(r0_1); + r1_1 = RotateLeft<7>(r1_1); + r2_1 = RotateLeft<7>(r2_1); + r3_1 = RotateLeft<7>(r3_1); + + r0_1 = Extract<1>(r0_1); + r0_2 = Extract<2>(r0_2); + r0_3 = Extract<3>(r0_3); + + r1_1 = Extract<1>(r1_1); + r1_2 = Extract<2>(r1_2); + r1_3 = Extract<3>(r1_3); + + r2_1 = Extract<1>(r2_1); + r2_2 = Extract<2>(r2_2); + r2_3 = Extract<3>(r2_3); + + r3_1 = Extract<1>(r3_1); + r3_2 = Extract<2>(r3_2); + r3_3 = Extract<3>(r3_3); + + r0_0 = vaddq_u32(r0_0, r0_1); + r1_0 = vaddq_u32(r1_0, r1_1); + r2_0 = vaddq_u32(r2_0, r2_1); + r3_0 = vaddq_u32(r3_0, r3_1); + + r0_3 = veorq_u32(r0_3, r0_0); + r1_3 = veorq_u32(r1_3, r1_0); + r2_3 = veorq_u32(r2_3, r2_0); + r3_3 = veorq_u32(r3_3, r3_0); + + r0_3 = RotateLeft<16>(r0_3); + r1_3 = RotateLeft<16>(r1_3); + r2_3 = RotateLeft<16>(r2_3); + r3_3 = RotateLeft<16>(r3_3); + + r0_2 = vaddq_u32(r0_2, r0_3); + r1_2 = vaddq_u32(r1_2, r1_3); + r2_2 = vaddq_u32(r2_2, r2_3); + r3_2 = vaddq_u32(r3_2, r3_3); + + r0_1 = veorq_u32(r0_1, r0_2); + r1_1 = veorq_u32(r1_1, r1_2); + r2_1 = veorq_u32(r2_1, r2_2); + r3_1 = veorq_u32(r3_1, r3_2); + + r0_1 = RotateLeft<12>(r0_1); + r1_1 = RotateLeft<12>(r1_1); + r2_1 = RotateLeft<12>(r2_1); + r3_1 = RotateLeft<12>(r3_1); + + r0_0 = vaddq_u32(r0_0, r0_1); + r1_0 = vaddq_u32(r1_0, r1_1); + r2_0 = vaddq_u32(r2_0, r2_1); + r3_0 = vaddq_u32(r3_0, r3_1); + + r0_3 = veorq_u32(r0_3, r0_0); + r1_3 = veorq_u32(r1_3, r1_0); + r2_3 = veorq_u32(r2_3, r2_0); + r3_3 = veorq_u32(r3_3, r3_0); + + r0_3 = RotateLeft<8>(r0_3); + r1_3 = RotateLeft<8>(r1_3); + r2_3 = RotateLeft<8>(r2_3); + r3_3 = RotateLeft<8>(r3_3); + + r0_2 = vaddq_u32(r0_2, r0_3); + r1_2 = vaddq_u32(r1_2, r1_3); + r2_2 = vaddq_u32(r2_2, r2_3); + r3_2 = vaddq_u32(r3_2, r3_3); + + r0_1 = veorq_u32(r0_1, r0_2); + r1_1 = veorq_u32(r1_1, r1_2); + r2_1 = veorq_u32(r2_1, r2_2); + r3_1 = veorq_u32(r3_1, r3_2); + + r0_1 = RotateLeft<7>(r0_1); + r1_1 = RotateLeft<7>(r1_1); + r2_1 = RotateLeft<7>(r2_1); + r3_1 = RotateLeft<7>(r3_1); + + r0_1 = Extract<3>(r0_1); + r0_2 = Extract<2>(r0_2); + r0_3 = Extract<1>(r0_3); + + r1_1 = Extract<3>(r1_1); + r1_2 = Extract<2>(r1_2); + r1_3 = Extract<1>(r1_3); + + r2_1 = Extract<3>(r2_1); + r2_2 = Extract<2>(r2_2); + r2_3 = Extract<1>(r2_3); + + r3_1 = Extract<3>(r3_1); + r3_2 = Extract<2>(r3_2); + r3_3 = Extract<1>(r3_3); + } + + r0_0 = vaddq_u32(r0_0, state0); + r0_1 = vaddq_u32(r0_1, state1); + r0_2 = vaddq_u32(r0_2, state2); + r0_3 = vaddq_u32(r0_3, state3); + + r1_0 = vaddq_u32(r1_0, state0); + r1_1 = vaddq_u32(r1_1, state1); + r1_2 = vaddq_u32(r1_2, state2); + r1_3 = vaddq_u32(r1_3, state3); + r1_3 = Add64(r1_3, CTRS[0]); + + r2_0 = vaddq_u32(r2_0, state0); + r2_1 = vaddq_u32(r2_1, state1); + r2_2 = vaddq_u32(r2_2, state2); + r2_3 = vaddq_u32(r2_3, state3); + r2_3 = Add64(r2_3, CTRS[1]); + + r3_0 = vaddq_u32(r3_0, state0); + r3_1 = vaddq_u32(r3_1, state1); + r3_2 = vaddq_u32(r3_2, state2); + r3_3 = vaddq_u32(r3_3, state3); + r3_3 = Add64(r3_3, CTRS[2]); + + if (input) + { + r0_0 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 0*16)), r0_0); + r0_1 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 1*16)), r0_1); + r0_2 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 2*16)), r0_2); + r0_3 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 3*16)), r0_3); + } + + vst1q_u8(output + 0*16, vreinterpretq_u8_u32(r0_0)); + vst1q_u8(output + 1*16, vreinterpretq_u8_u32(r0_1)); + vst1q_u8(output + 2*16, vreinterpretq_u8_u32(r0_2)); + vst1q_u8(output + 3*16, vreinterpretq_u8_u32(r0_3)); + + if (input) + { + r1_0 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 4*16)), r1_0); + r1_1 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 5*16)), r1_1); + r1_2 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 6*16)), r1_2); + r1_3 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 7*16)), r1_3); + } + + vst1q_u8(output + 4*16, vreinterpretq_u8_u32(r1_0)); + vst1q_u8(output + 5*16, vreinterpretq_u8_u32(r1_1)); + vst1q_u8(output + 6*16, vreinterpretq_u8_u32(r1_2)); + vst1q_u8(output + 7*16, vreinterpretq_u8_u32(r1_3)); + + if (input) + { + r2_0 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 8*16)), r2_0); + r2_1 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 9*16)), r2_1); + r2_2 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 10*16)), r2_2); + r2_3 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 11*16)), r2_3); + } + + vst1q_u8(output + 8*16, vreinterpretq_u8_u32(r2_0)); + vst1q_u8(output + 9*16, vreinterpretq_u8_u32(r2_1)); + vst1q_u8(output + 10*16, vreinterpretq_u8_u32(r2_2)); + vst1q_u8(output + 11*16, vreinterpretq_u8_u32(r2_3)); + + if (input) + { + r3_0 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 12*16)), r3_0); + r3_1 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 13*16)), r3_1); + r3_2 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 14*16)), r3_2); + r3_3 = veorq_u32(vreinterpretq_u32_u8(vld1q_u8(input + 15*16)), r3_3); + } + + vst1q_u8(output + 12*16, vreinterpretq_u8_u32(r3_0)); + vst1q_u8(output + 13*16, vreinterpretq_u8_u32(r3_1)); + vst1q_u8(output + 14*16, vreinterpretq_u8_u32(r3_2)); + vst1q_u8(output + 15*16, vreinterpretq_u8_u32(r3_3)); +} + +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +// ***************************** SSE2 ***************************** // + +#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE || CRYPTOPP_SSE2_ASM_AVAILABLE) + +void ChaCha_OperateKeystream_SSE2(const word32 *state, const byte* input, byte *output, unsigned int rounds) +{ + const __m128i* state_mm = reinterpret_cast(state); + const __m128i* input_mm = reinterpret_cast(input); + __m128i* output_mm = reinterpret_cast<__m128i*>(output); + + const __m128i state0 = _mm_load_si128(state_mm + 0); + const __m128i state1 = _mm_load_si128(state_mm + 1); + const __m128i state2 = _mm_load_si128(state_mm + 2); + const __m128i state3 = _mm_load_si128(state_mm + 3); + + __m128i r0_0 = state0; + __m128i r0_1 = state1; + __m128i r0_2 = state2; + __m128i r0_3 = state3; + + __m128i r1_0 = state0; + __m128i r1_1 = state1; + __m128i r1_2 = state2; + __m128i r1_3 = _mm_add_epi64(r0_3, _mm_set_epi32(0, 0, 0, 1)); + + __m128i r2_0 = state0; + __m128i r2_1 = state1; + __m128i r2_2 = state2; + __m128i r2_3 = _mm_add_epi64(r0_3, _mm_set_epi32(0, 0, 0, 2)); + + __m128i r3_0 = state0; + __m128i r3_1 = state1; + __m128i r3_2 = state2; + __m128i r3_3 = _mm_add_epi64(r0_3, _mm_set_epi32(0, 0, 0, 3)); + + for (int i = static_cast(rounds); i > 0; i -= 2) + { + r0_0 = _mm_add_epi32(r0_0, r0_1); + r1_0 = _mm_add_epi32(r1_0, r1_1); + r2_0 = _mm_add_epi32(r2_0, r2_1); + r3_0 = _mm_add_epi32(r3_0, r3_1); + + r0_3 = _mm_xor_si128(r0_3, r0_0); + r1_3 = _mm_xor_si128(r1_3, r1_0); + r2_3 = _mm_xor_si128(r2_3, r2_0); + r3_3 = _mm_xor_si128(r3_3, r3_0); + + r0_3 = RotateLeft<16>(r0_3); + r1_3 = RotateLeft<16>(r1_3); + r2_3 = RotateLeft<16>(r2_3); + r3_3 = RotateLeft<16>(r3_3); + + r0_2 = _mm_add_epi32(r0_2, r0_3); + r1_2 = _mm_add_epi32(r1_2, r1_3); + r2_2 = _mm_add_epi32(r2_2, r2_3); + r3_2 = _mm_add_epi32(r3_2, r3_3); + + r0_1 = _mm_xor_si128(r0_1, r0_2); + r1_1 = _mm_xor_si128(r1_1, r1_2); + r2_1 = _mm_xor_si128(r2_1, r2_2); + r3_1 = _mm_xor_si128(r3_1, r3_2); + + r0_1 = RotateLeft<12>(r0_1); + r1_1 = RotateLeft<12>(r1_1); + r2_1 = RotateLeft<12>(r2_1); + r3_1 = RotateLeft<12>(r3_1); + + r0_0 = _mm_add_epi32(r0_0, r0_1); + r1_0 = _mm_add_epi32(r1_0, r1_1); + r2_0 = _mm_add_epi32(r2_0, r2_1); + r3_0 = _mm_add_epi32(r3_0, r3_1); + + r0_3 = _mm_xor_si128(r0_3, r0_0); + r1_3 = _mm_xor_si128(r1_3, r1_0); + r2_3 = _mm_xor_si128(r2_3, r2_0); + r3_3 = _mm_xor_si128(r3_3, r3_0); + + r0_3 = RotateLeft<8>(r0_3); + r1_3 = RotateLeft<8>(r1_3); + r2_3 = RotateLeft<8>(r2_3); + r3_3 = RotateLeft<8>(r3_3); + + r0_2 = _mm_add_epi32(r0_2, r0_3); + r1_2 = _mm_add_epi32(r1_2, r1_3); + r2_2 = _mm_add_epi32(r2_2, r2_3); + r3_2 = _mm_add_epi32(r3_2, r3_3); + + r0_1 = _mm_xor_si128(r0_1, r0_2); + r1_1 = _mm_xor_si128(r1_1, r1_2); + r2_1 = _mm_xor_si128(r2_1, r2_2); + r3_1 = _mm_xor_si128(r3_1, r3_2); + + r0_1 = RotateLeft<7>(r0_1); + r1_1 = RotateLeft<7>(r1_1); + r2_1 = RotateLeft<7>(r2_1); + r3_1 = RotateLeft<7>(r3_1); + + r0_1 = _mm_shuffle_epi32(r0_1, _MM_SHUFFLE(0, 3, 2, 1)); + r0_2 = _mm_shuffle_epi32(r0_2, _MM_SHUFFLE(1, 0, 3, 2)); + r0_3 = _mm_shuffle_epi32(r0_3, _MM_SHUFFLE(2, 1, 0, 3)); + + r1_1 = _mm_shuffle_epi32(r1_1, _MM_SHUFFLE(0, 3, 2, 1)); + r1_2 = _mm_shuffle_epi32(r1_2, _MM_SHUFFLE(1, 0, 3, 2)); + r1_3 = _mm_shuffle_epi32(r1_3, _MM_SHUFFLE(2, 1, 0, 3)); + + r2_1 = _mm_shuffle_epi32(r2_1, _MM_SHUFFLE(0, 3, 2, 1)); + r2_2 = _mm_shuffle_epi32(r2_2, _MM_SHUFFLE(1, 0, 3, 2)); + r2_3 = _mm_shuffle_epi32(r2_3, _MM_SHUFFLE(2, 1, 0, 3)); + + r3_1 = _mm_shuffle_epi32(r3_1, _MM_SHUFFLE(0, 3, 2, 1)); + r3_2 = _mm_shuffle_epi32(r3_2, _MM_SHUFFLE(1, 0, 3, 2)); + r3_3 = _mm_shuffle_epi32(r3_3, _MM_SHUFFLE(2, 1, 0, 3)); + + r0_0 = _mm_add_epi32(r0_0, r0_1); + r1_0 = _mm_add_epi32(r1_0, r1_1); + r2_0 = _mm_add_epi32(r2_0, r2_1); + r3_0 = _mm_add_epi32(r3_0, r3_1); + + r0_3 = _mm_xor_si128(r0_3, r0_0); + r1_3 = _mm_xor_si128(r1_3, r1_0); + r2_3 = _mm_xor_si128(r2_3, r2_0); + r3_3 = _mm_xor_si128(r3_3, r3_0); + + r0_3 = RotateLeft<16>(r0_3); + r1_3 = RotateLeft<16>(r1_3); + r2_3 = RotateLeft<16>(r2_3); + r3_3 = RotateLeft<16>(r3_3); + + r0_2 = _mm_add_epi32(r0_2, r0_3); + r1_2 = _mm_add_epi32(r1_2, r1_3); + r2_2 = _mm_add_epi32(r2_2, r2_3); + r3_2 = _mm_add_epi32(r3_2, r3_3); + + r0_1 = _mm_xor_si128(r0_1, r0_2); + r1_1 = _mm_xor_si128(r1_1, r1_2); + r2_1 = _mm_xor_si128(r2_1, r2_2); + r3_1 = _mm_xor_si128(r3_1, r3_2); + + r0_1 = RotateLeft<12>(r0_1); + r1_1 = RotateLeft<12>(r1_1); + r2_1 = RotateLeft<12>(r2_1); + r3_1 = RotateLeft<12>(r3_1); + + r0_0 = _mm_add_epi32(r0_0, r0_1); + r1_0 = _mm_add_epi32(r1_0, r1_1); + r2_0 = _mm_add_epi32(r2_0, r2_1); + r3_0 = _mm_add_epi32(r3_0, r3_1); + + r0_3 = _mm_xor_si128(r0_3, r0_0); + r1_3 = _mm_xor_si128(r1_3, r1_0); + r2_3 = _mm_xor_si128(r2_3, r2_0); + r3_3 = _mm_xor_si128(r3_3, r3_0); + + r0_3 = RotateLeft<8>(r0_3); + r1_3 = RotateLeft<8>(r1_3); + r2_3 = RotateLeft<8>(r2_3); + r3_3 = RotateLeft<8>(r3_3); + + r0_2 = _mm_add_epi32(r0_2, r0_3); + r1_2 = _mm_add_epi32(r1_2, r1_3); + r2_2 = _mm_add_epi32(r2_2, r2_3); + r3_2 = _mm_add_epi32(r3_2, r3_3); + + r0_1 = _mm_xor_si128(r0_1, r0_2); + r1_1 = _mm_xor_si128(r1_1, r1_2); + r2_1 = _mm_xor_si128(r2_1, r2_2); + r3_1 = _mm_xor_si128(r3_1, r3_2); + + r0_1 = RotateLeft<7>(r0_1); + r1_1 = RotateLeft<7>(r1_1); + r2_1 = RotateLeft<7>(r2_1); + r3_1 = RotateLeft<7>(r3_1); + + r0_1 = _mm_shuffle_epi32(r0_1, _MM_SHUFFLE(2, 1, 0, 3)); + r0_2 = _mm_shuffle_epi32(r0_2, _MM_SHUFFLE(1, 0, 3, 2)); + r0_3 = _mm_shuffle_epi32(r0_3, _MM_SHUFFLE(0, 3, 2, 1)); + + r1_1 = _mm_shuffle_epi32(r1_1, _MM_SHUFFLE(2, 1, 0, 3)); + r1_2 = _mm_shuffle_epi32(r1_2, _MM_SHUFFLE(1, 0, 3, 2)); + r1_3 = _mm_shuffle_epi32(r1_3, _MM_SHUFFLE(0, 3, 2, 1)); + + r2_1 = _mm_shuffle_epi32(r2_1, _MM_SHUFFLE(2, 1, 0, 3)); + r2_2 = _mm_shuffle_epi32(r2_2, _MM_SHUFFLE(1, 0, 3, 2)); + r2_3 = _mm_shuffle_epi32(r2_3, _MM_SHUFFLE(0, 3, 2, 1)); + + r3_1 = _mm_shuffle_epi32(r3_1, _MM_SHUFFLE(2, 1, 0, 3)); + r3_2 = _mm_shuffle_epi32(r3_2, _MM_SHUFFLE(1, 0, 3, 2)); + r3_3 = _mm_shuffle_epi32(r3_3, _MM_SHUFFLE(0, 3, 2, 1)); + } + + r0_0 = _mm_add_epi32(r0_0, state0); + r0_1 = _mm_add_epi32(r0_1, state1); + r0_2 = _mm_add_epi32(r0_2, state2); + r0_3 = _mm_add_epi32(r0_3, state3); + + r1_0 = _mm_add_epi32(r1_0, state0); + r1_1 = _mm_add_epi32(r1_1, state1); + r1_2 = _mm_add_epi32(r1_2, state2); + r1_3 = _mm_add_epi32(r1_3, state3); + r1_3 = _mm_add_epi64(r1_3, _mm_set_epi32(0, 0, 0, 1)); + + r2_0 = _mm_add_epi32(r2_0, state0); + r2_1 = _mm_add_epi32(r2_1, state1); + r2_2 = _mm_add_epi32(r2_2, state2); + r2_3 = _mm_add_epi32(r2_3, state3); + r2_3 = _mm_add_epi64(r2_3, _mm_set_epi32(0, 0, 0, 2)); + + r3_0 = _mm_add_epi32(r3_0, state0); + r3_1 = _mm_add_epi32(r3_1, state1); + r3_2 = _mm_add_epi32(r3_2, state2); + r3_3 = _mm_add_epi32(r3_3, state3); + r3_3 = _mm_add_epi64(r3_3, _mm_set_epi32(0, 0, 0, 3)); + + if (input_mm) + { + r0_0 = _mm_xor_si128(_mm_loadu_si128(input_mm + 0), r0_0); + r0_1 = _mm_xor_si128(_mm_loadu_si128(input_mm + 1), r0_1); + r0_2 = _mm_xor_si128(_mm_loadu_si128(input_mm + 2), r0_2); + r0_3 = _mm_xor_si128(_mm_loadu_si128(input_mm + 3), r0_3); + } + + _mm_storeu_si128(output_mm + 0, r0_0); + _mm_storeu_si128(output_mm + 1, r0_1); + _mm_storeu_si128(output_mm + 2, r0_2); + _mm_storeu_si128(output_mm + 3, r0_3); + + if (input_mm) + { + r1_0 = _mm_xor_si128(_mm_loadu_si128(input_mm + 4), r1_0); + r1_1 = _mm_xor_si128(_mm_loadu_si128(input_mm + 5), r1_1); + r1_2 = _mm_xor_si128(_mm_loadu_si128(input_mm + 6), r1_2); + r1_3 = _mm_xor_si128(_mm_loadu_si128(input_mm + 7), r1_3); + } + + _mm_storeu_si128(output_mm + 4, r1_0); + _mm_storeu_si128(output_mm + 5, r1_1); + _mm_storeu_si128(output_mm + 6, r1_2); + _mm_storeu_si128(output_mm + 7, r1_3); + + if (input_mm) + { + r2_0 = _mm_xor_si128(_mm_loadu_si128(input_mm + 8), r2_0); + r2_1 = _mm_xor_si128(_mm_loadu_si128(input_mm + 9), r2_1); + r2_2 = _mm_xor_si128(_mm_loadu_si128(input_mm + 10), r2_2); + r2_3 = _mm_xor_si128(_mm_loadu_si128(input_mm + 11), r2_3); + } + + _mm_storeu_si128(output_mm + 8, r2_0); + _mm_storeu_si128(output_mm + 9, r2_1); + _mm_storeu_si128(output_mm + 10, r2_2); + _mm_storeu_si128(output_mm + 11, r2_3); + + if (input_mm) + { + r3_0 = _mm_xor_si128(_mm_loadu_si128(input_mm + 12), r3_0); + r3_1 = _mm_xor_si128(_mm_loadu_si128(input_mm + 13), r3_1); + r3_2 = _mm_xor_si128(_mm_loadu_si128(input_mm + 14), r3_2); + r3_3 = _mm_xor_si128(_mm_loadu_si128(input_mm + 15), r3_3); + } + + _mm_storeu_si128(output_mm + 12, r3_0); + _mm_storeu_si128(output_mm + 13, r3_1); + _mm_storeu_si128(output_mm + 14, r3_2); + _mm_storeu_si128(output_mm + 15, r3_3); +} + +#endif // CRYPTOPP_SSE2_INTRIN_AVAILABLE || CRYPTOPP_SSE2_ASM_AVAILABLE + +#if (CRYPTOPP_POWER7_AVAILABLE || CRYPTOPP_ALTIVEC_AVAILABLE) + +// ChaCha_OperateKeystream_CORE will use either POWER7 or ALTIVEC, +// depending on the flags used to compile this source file. The +// abstractions are handled in VecLoad, VecStore and friends. In +// the future we may to provide both POWER7 or ALTIVEC at the same +// time to better support distros. +inline void ChaCha_OperateKeystream_CORE(const word32 *state, const byte* input, byte *output, unsigned int rounds) +{ + const uint32x4_p state0 = VecLoad(state + 0*4); + const uint32x4_p state1 = VecLoad(state + 1*4); + const uint32x4_p state2 = VecLoad(state + 2*4); + const uint32x4_p state3 = VecLoad(state + 3*4); + + const uint32x4_p CTRS[3] = { + {1,0,0,0}, {2,0,0,0}, {3,0,0,0} + }; + + uint32x4_p r0_0 = state0; + uint32x4_p r0_1 = state1; + uint32x4_p r0_2 = state2; + uint32x4_p r0_3 = state3; + + uint32x4_p r1_0 = state0; + uint32x4_p r1_1 = state1; + uint32x4_p r1_2 = state2; + uint32x4_p r1_3 = VecAdd64(r0_3, CTRS[0]); + + uint32x4_p r2_0 = state0; + uint32x4_p r2_1 = state1; + uint32x4_p r2_2 = state2; + uint32x4_p r2_3 = VecAdd64(r0_3, CTRS[1]); + + uint32x4_p r3_0 = state0; + uint32x4_p r3_1 = state1; + uint32x4_p r3_2 = state2; + uint32x4_p r3_3 = VecAdd64(r0_3, CTRS[2]); + + for (int i = static_cast(rounds); i > 0; i -= 2) + { + r0_0 = VecAdd(r0_0, r0_1); + r1_0 = VecAdd(r1_0, r1_1); + r2_0 = VecAdd(r2_0, r2_1); + r3_0 = VecAdd(r3_0, r3_1); + + r0_3 = VecXor(r0_3, r0_0); + r1_3 = VecXor(r1_3, r1_0); + r2_3 = VecXor(r2_3, r2_0); + r3_3 = VecXor(r3_3, r3_0); + + r0_3 = VecRotateLeft<16>(r0_3); + r1_3 = VecRotateLeft<16>(r1_3); + r2_3 = VecRotateLeft<16>(r2_3); + r3_3 = VecRotateLeft<16>(r3_3); + + r0_2 = VecAdd(r0_2, r0_3); + r1_2 = VecAdd(r1_2, r1_3); + r2_2 = VecAdd(r2_2, r2_3); + r3_2 = VecAdd(r3_2, r3_3); + + r0_1 = VecXor(r0_1, r0_2); + r1_1 = VecXor(r1_1, r1_2); + r2_1 = VecXor(r2_1, r2_2); + r3_1 = VecXor(r3_1, r3_2); + + r0_1 = VecRotateLeft<12>(r0_1); + r1_1 = VecRotateLeft<12>(r1_1); + r2_1 = VecRotateLeft<12>(r2_1); + r3_1 = VecRotateLeft<12>(r3_1); + + r0_0 = VecAdd(r0_0, r0_1); + r1_0 = VecAdd(r1_0, r1_1); + r2_0 = VecAdd(r2_0, r2_1); + r3_0 = VecAdd(r3_0, r3_1); + + r0_3 = VecXor(r0_3, r0_0); + r1_3 = VecXor(r1_3, r1_0); + r2_3 = VecXor(r2_3, r2_0); + r3_3 = VecXor(r3_3, r3_0); + + r0_3 = VecRotateLeft<8>(r0_3); + r1_3 = VecRotateLeft<8>(r1_3); + r2_3 = VecRotateLeft<8>(r2_3); + r3_3 = VecRotateLeft<8>(r3_3); + + r0_2 = VecAdd(r0_2, r0_3); + r1_2 = VecAdd(r1_2, r1_3); + r2_2 = VecAdd(r2_2, r2_3); + r3_2 = VecAdd(r3_2, r3_3); + + r0_1 = VecXor(r0_1, r0_2); + r1_1 = VecXor(r1_1, r1_2); + r2_1 = VecXor(r2_1, r2_2); + r3_1 = VecXor(r3_1, r3_2); + + r0_1 = VecRotateLeft<7>(r0_1); + r1_1 = VecRotateLeft<7>(r1_1); + r2_1 = VecRotateLeft<7>(r2_1); + r3_1 = VecRotateLeft<7>(r3_1); + + r0_1 = Shuffle<1>(r0_1); + r0_2 = Shuffle<2>(r0_2); + r0_3 = Shuffle<3>(r0_3); + + r1_1 = Shuffle<1>(r1_1); + r1_2 = Shuffle<2>(r1_2); + r1_3 = Shuffle<3>(r1_3); + + r2_1 = Shuffle<1>(r2_1); + r2_2 = Shuffle<2>(r2_2); + r2_3 = Shuffle<3>(r2_3); + + r3_1 = Shuffle<1>(r3_1); + r3_2 = Shuffle<2>(r3_2); + r3_3 = Shuffle<3>(r3_3); + + r0_0 = VecAdd(r0_0, r0_1); + r1_0 = VecAdd(r1_0, r1_1); + r2_0 = VecAdd(r2_0, r2_1); + r3_0 = VecAdd(r3_0, r3_1); + + r0_3 = VecXor(r0_3, r0_0); + r1_3 = VecXor(r1_3, r1_0); + r2_3 = VecXor(r2_3, r2_0); + r3_3 = VecXor(r3_3, r3_0); + + r0_3 = VecRotateLeft<16>(r0_3); + r1_3 = VecRotateLeft<16>(r1_3); + r2_3 = VecRotateLeft<16>(r2_3); + r3_3 = VecRotateLeft<16>(r3_3); + + r0_2 = VecAdd(r0_2, r0_3); + r1_2 = VecAdd(r1_2, r1_3); + r2_2 = VecAdd(r2_2, r2_3); + r3_2 = VecAdd(r3_2, r3_3); + + r0_1 = VecXor(r0_1, r0_2); + r1_1 = VecXor(r1_1, r1_2); + r2_1 = VecXor(r2_1, r2_2); + r3_1 = VecXor(r3_1, r3_2); + + r0_1 = VecRotateLeft<12>(r0_1); + r1_1 = VecRotateLeft<12>(r1_1); + r2_1 = VecRotateLeft<12>(r2_1); + r3_1 = VecRotateLeft<12>(r3_1); + + r0_0 = VecAdd(r0_0, r0_1); + r1_0 = VecAdd(r1_0, r1_1); + r2_0 = VecAdd(r2_0, r2_1); + r3_0 = VecAdd(r3_0, r3_1); + + r0_3 = VecXor(r0_3, r0_0); + r1_3 = VecXor(r1_3, r1_0); + r2_3 = VecXor(r2_3, r2_0); + r3_3 = VecXor(r3_3, r3_0); + + r0_3 = VecRotateLeft<8>(r0_3); + r1_3 = VecRotateLeft<8>(r1_3); + r2_3 = VecRotateLeft<8>(r2_3); + r3_3 = VecRotateLeft<8>(r3_3); + + r0_2 = VecAdd(r0_2, r0_3); + r1_2 = VecAdd(r1_2, r1_3); + r2_2 = VecAdd(r2_2, r2_3); + r3_2 = VecAdd(r3_2, r3_3); + + r0_1 = VecXor(r0_1, r0_2); + r1_1 = VecXor(r1_1, r1_2); + r2_1 = VecXor(r2_1, r2_2); + r3_1 = VecXor(r3_1, r3_2); + + r0_1 = VecRotateLeft<7>(r0_1); + r1_1 = VecRotateLeft<7>(r1_1); + r2_1 = VecRotateLeft<7>(r2_1); + r3_1 = VecRotateLeft<7>(r3_1); + + r0_1 = Shuffle<3>(r0_1); + r0_2 = Shuffle<2>(r0_2); + r0_3 = Shuffle<1>(r0_3); + + r1_1 = Shuffle<3>(r1_1); + r1_2 = Shuffle<2>(r1_2); + r1_3 = Shuffle<1>(r1_3); + + r2_1 = Shuffle<3>(r2_1); + r2_2 = Shuffle<2>(r2_2); + r2_3 = Shuffle<1>(r2_3); + + r3_1 = Shuffle<3>(r3_1); + r3_2 = Shuffle<2>(r3_2); + r3_3 = Shuffle<1>(r3_3); + } + + r0_0 = VecAdd(r0_0, state0); + r0_1 = VecAdd(r0_1, state1); + r0_2 = VecAdd(r0_2, state2); + r0_3 = VecAdd(r0_3, state3); + + r1_0 = VecAdd(r1_0, state0); + r1_1 = VecAdd(r1_1, state1); + r1_2 = VecAdd(r1_2, state2); + r1_3 = VecAdd(r1_3, state3); + r1_3 = VecAdd64(r1_3, CTRS[0]); + + r2_0 = VecAdd(r2_0, state0); + r2_1 = VecAdd(r2_1, state1); + r2_2 = VecAdd(r2_2, state2); + r2_3 = VecAdd(r2_3, state3); + r2_3 = VecAdd64(r2_3, CTRS[1]); + + r3_0 = VecAdd(r3_0, state0); + r3_1 = VecAdd(r3_1, state1); + r3_2 = VecAdd(r3_2, state2); + r3_3 = VecAdd(r3_3, state3); + r3_3 = VecAdd64(r3_3, CTRS[2]); + + if (input) + { + r0_0 = VecXor(VecLoad32LE(input + 0*16), r0_0); + r0_1 = VecXor(VecLoad32LE(input + 1*16), r0_1); + r0_2 = VecXor(VecLoad32LE(input + 2*16), r0_2); + r0_3 = VecXor(VecLoad32LE(input + 3*16), r0_3); + } + + VecStore32LE(output + 0*16, r0_0); + VecStore32LE(output + 1*16, r0_1); + VecStore32LE(output + 2*16, r0_2); + VecStore32LE(output + 3*16, r0_3); + + if (input) + { + r1_0 = VecXor(VecLoad32LE(input + 4*16), r1_0); + r1_1 = VecXor(VecLoad32LE(input + 5*16), r1_1); + r1_2 = VecXor(VecLoad32LE(input + 6*16), r1_2); + r1_3 = VecXor(VecLoad32LE(input + 7*16), r1_3); + } + + VecStore32LE(output + 4*16, r1_0); + VecStore32LE(output + 5*16, r1_1); + VecStore32LE(output + 6*16, r1_2); + VecStore32LE(output + 7*16, r1_3); + + if (input) + { + r2_0 = VecXor(VecLoad32LE(input + 8*16), r2_0); + r2_1 = VecXor(VecLoad32LE(input + 9*16), r2_1); + r2_2 = VecXor(VecLoad32LE(input + 10*16), r2_2); + r2_3 = VecXor(VecLoad32LE(input + 11*16), r2_3); + } + + VecStore32LE(output + 8*16, r2_0); + VecStore32LE(output + 9*16, r2_1); + VecStore32LE(output + 10*16, r2_2); + VecStore32LE(output + 11*16, r2_3); + + if (input) + { + r3_0 = VecXor(VecLoad32LE(input + 12*16), r3_0); + r3_1 = VecXor(VecLoad32LE(input + 13*16), r3_1); + r3_2 = VecXor(VecLoad32LE(input + 14*16), r3_2); + r3_3 = VecXor(VecLoad32LE(input + 15*16), r3_3); + } + + VecStore32LE(output + 12*16, r3_0); + VecStore32LE(output + 13*16, r3_1); + VecStore32LE(output + 14*16, r3_2); + VecStore32LE(output + 15*16, r3_3); +} + +#endif // CRYPTOPP_POWER7_AVAILABLE || CRYPTOPP_ALTIVEC_AVAILABLE + +#if (CRYPTOPP_POWER7_AVAILABLE) + +void ChaCha_OperateKeystream_POWER7(const word32 *state, const byte* input, byte *output, unsigned int rounds) +{ + ChaCha_OperateKeystream_CORE(state, input, output, rounds); +} + +#elif (CRYPTOPP_ALTIVEC_AVAILABLE) + +void ChaCha_OperateKeystream_ALTIVEC(const word32 *state, const byte* input, byte *output, unsigned int rounds) +{ + ChaCha_OperateKeystream_CORE(state, input, output, rounds); +} + +#endif + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/cham.cpp b/vendor/cryptopp/vendor_cryptopp/cham.cpp new file mode 100644 index 00000000..65e1fada --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/cham.cpp @@ -0,0 +1,391 @@ +// cham.cpp - written and placed in the public domain by Kim Sung Hee and Jeffrey Walton +// Based on "CHAM: A Family of Lightweight Block Ciphers for +// Resource-Constrained Devices" by Bonwook Koo, Dongyoung Roh, +// Hyeonjin Kim, Younghoon Jung, Dong-Geon Lee, and Daesung Kwon + +#include "pch.h" +#include "config.h" + +#include "cham.h" +#include "misc.h" +#include "cpu.h" + +// CHAM table of parameters +// +------------------------------------------------- +// +cipher n k r w k/w +// +------------------------------------------------- +// +CHAM-64/128 64 128 80 16 8 +// +CHAM-128/128 128 128 80 32 4 +// +CHAM-128/256 128 256 96 32 8 +// +------------------------------------------------- + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::rotlConstant; +using CryptoPP::rotrConstant; + +/// \brief CHAM encryption round +/// \tparam RR the round number residue +/// \tparam KW the number of key words +/// \tparam T words type +/// \param x the state array +/// \param k the subkey table +/// \param i the round number +/// \details CHAM_EncRound applies the encryption round to the plain text. +/// RR is the "round residue" and it is used modulo 4. ProcessAndXorBlock +/// may provide a fully unrolled encryption transformation, or provide +/// a transformation that loops using multiples of 4 encryption rounds. +/// \details CHAM_EncRound calculates indexes into the x[] array based +/// on the round number residue. There is no need for the assignments +/// that shift values in preparations for the next round. +/// \details CHAM_EncRound depends on the round number. The actual round +/// being executed is passed through the parameter i. If +/// ProcessAndXorBlock fully unrolled the loop then the parameter +/// i would be unnecessary. +template +inline void CHAM_EncRound(T x[4], const T k[KW], unsigned int i) +{ + CRYPTOPP_CONSTANT(IDX0 = (RR+0) % 4) + CRYPTOPP_CONSTANT(IDX1 = (RR+1) % 4) + CRYPTOPP_CONSTANT(IDX3 = (RR+3+1) % 4) + CRYPTOPP_CONSTANT(R1 = (RR % 2 == 0) ? 1 : 8) + CRYPTOPP_CONSTANT(R2 = (RR % 2 == 0) ? 8 : 1) + + // Follows conventions in the ref impl + const T kk = k[i % KW]; + const T aa = x[IDX0] ^ static_cast(i); + const T bb = rotlConstant(x[IDX1]) ^ kk; + x[IDX3] = rotlConstant(static_cast(aa + bb)); +} + +/// \brief CHAM decryption round +/// \tparam RR the round number residue +/// \tparam KW the number of key words +/// \tparam T words type +/// \param x the state array +/// \param k the subkey table +/// \param i the round number +/// \details CHAM_DecRound applies the decryption round to the cipher text. +/// RR is the "round residue" and it is used modulo 4. ProcessAndXorBlock +/// may provide a fully unrolled decryption transformation, or provide +/// a transformation that loops using multiples of 4 decryption rounds. +/// \details CHAM_DecRound calculates indexes into the x[] array based +/// on the round number residue. There is no need for the assignments +/// that shift values in preparations for the next round. +/// \details CHAM_DecRound depends on the round number. The actual round +/// being executed is passed through the parameter i. If +/// ProcessAndXorBlock fully unrolled the loop then the parameter +/// i would be unnecessary. +template +inline void CHAM_DecRound(T x[4], const T k[KW], unsigned int i) +{ + CRYPTOPP_CONSTANT(IDX0 = (RR+0) % 4) + CRYPTOPP_CONSTANT(IDX1 = (RR+1) % 4) + CRYPTOPP_CONSTANT(IDX3 = (RR+3+1) % 4) + CRYPTOPP_CONSTANT(R1 = (RR % 2 == 0) ? 8 : 1) + CRYPTOPP_CONSTANT(R2 = (RR % 2 == 0) ? 1 : 8) + + // Follows conventions in the ref impl + const T kk = k[i % KW]; + const T aa = rotrConstant(x[IDX3]); + const T bb = rotlConstant(x[IDX1]) ^ kk; + x[IDX0] = static_cast(aa - bb) ^ static_cast(i); +} + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +#if CRYPTOPP_CHAM_ADVANCED_PROCESS_BLOCKS +# if (CRYPTOPP_SSSE3_AVAILABLE) +extern size_t CHAM64_Enc_AdvancedProcessBlocks_SSSE3(const word16* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); + +extern size_t CHAM64_Dec_AdvancedProcessBlocks_SSSE3(const word16* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); + +extern size_t CHAM128_Enc_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); + +extern size_t CHAM128_Dec_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); +# endif // CRYPTOPP_SSSE3_AVAILABLE +#endif // CRYPTOPP_CHAM_ADVANCED_PROCESS_BLOCKS + +std::string CHAM64::Base::AlgorithmProvider() const +{ +#if (CRYPTOPP_CHAM_ADVANCED_PROCESS_BLOCKS) +# if defined(CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) + return "SSSE3"; +# endif +#endif + return "C++"; +} + +void CHAM64::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms) +{ + CRYPTOPP_UNUSED(params); + m_kw = keyLength/sizeof(word16); + m_rk.New(2*m_kw); + + for (size_t i = 0; i < m_kw; ++i, userKey += sizeof(word16)) + { + // Do not cast the buffer. It will SIGBUS on some ARM and SPARC. + const word16 rk = GetWord(false, BIG_ENDIAN_ORDER, userKey); + m_rk[i] = rk ^ rotlConstant<1>(rk) ^ rotlConstant<8>(rk); + m_rk[(i + m_kw) ^ 1] = rk ^ rotlConstant<1>(rk) ^ rotlConstant<11>(rk); + } +} + +void CHAM64::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const +{ + // Do not cast the buffer. It will SIGBUS on some ARM and SPARC. + GetBlock iblock(inBlock); + iblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]); + + const int R = 80; + for (int i = 0; i < R; i+=16) + { + CHAM_EncRound< 0, 16>(m_x.begin(), m_rk.begin(), i+0); + CHAM_EncRound< 1, 16>(m_x.begin(), m_rk.begin(), i+1); + CHAM_EncRound< 2, 16>(m_x.begin(), m_rk.begin(), i+2); + CHAM_EncRound< 3, 16>(m_x.begin(), m_rk.begin(), i+3); + CHAM_EncRound< 4, 16>(m_x.begin(), m_rk.begin(), i+4); + CHAM_EncRound< 5, 16>(m_x.begin(), m_rk.begin(), i+5); + CHAM_EncRound< 6, 16>(m_x.begin(), m_rk.begin(), i+6); + CHAM_EncRound< 7, 16>(m_x.begin(), m_rk.begin(), i+7); + CHAM_EncRound< 8, 16>(m_x.begin(), m_rk.begin(), i+8); + CHAM_EncRound< 9, 16>(m_x.begin(), m_rk.begin(), i+9); + CHAM_EncRound<10, 16>(m_x.begin(), m_rk.begin(), i+10); + CHAM_EncRound<11, 16>(m_x.begin(), m_rk.begin(), i+11); + CHAM_EncRound<12, 16>(m_x.begin(), m_rk.begin(), i+12); + CHAM_EncRound<13, 16>(m_x.begin(), m_rk.begin(), i+13); + CHAM_EncRound<14, 16>(m_x.begin(), m_rk.begin(), i+14); + CHAM_EncRound<15, 16>(m_x.begin(), m_rk.begin(), i+15); + } + + PutBlock oblock(xorBlock, outBlock); + oblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]); +} + +void CHAM64::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const +{ + // Do not cast the buffer. It will SIGBUS on some ARM and SPARC. + GetBlock iblock(inBlock); + iblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]); + + const int R = 80; + for (int i = R-1; i >=0 ; i-=16) + { + CHAM_DecRound<15, 16>(m_x.begin(), m_rk.begin(), i-0); + CHAM_DecRound<14, 16>(m_x.begin(), m_rk.begin(), i-1); + CHAM_DecRound<13, 16>(m_x.begin(), m_rk.begin(), i-2); + CHAM_DecRound<12, 16>(m_x.begin(), m_rk.begin(), i-3); + CHAM_DecRound<11, 16>(m_x.begin(), m_rk.begin(), i-4); + CHAM_DecRound<10, 16>(m_x.begin(), m_rk.begin(), i-5); + CHAM_DecRound< 9, 16>(m_x.begin(), m_rk.begin(), i-6); + CHAM_DecRound< 8, 16>(m_x.begin(), m_rk.begin(), i-7); + CHAM_DecRound< 7, 16>(m_x.begin(), m_rk.begin(), i-8); + CHAM_DecRound< 6, 16>(m_x.begin(), m_rk.begin(), i-9); + CHAM_DecRound< 5, 16>(m_x.begin(), m_rk.begin(), i-10); + CHAM_DecRound< 4, 16>(m_x.begin(), m_rk.begin(), i-11); + CHAM_DecRound< 3, 16>(m_x.begin(), m_rk.begin(), i-12); + CHAM_DecRound< 2, 16>(m_x.begin(), m_rk.begin(), i-13); + CHAM_DecRound< 1, 16>(m_x.begin(), m_rk.begin(), i-14); + CHAM_DecRound< 0, 16>(m_x.begin(), m_rk.begin(), i-15); + } + + PutBlock oblock(xorBlock, outBlock); + oblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]); +} + +std::string CHAM128::Base::AlgorithmProvider() const +{ +#if defined(CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) + return "SSSE3"; +#endif + return "C++"; +} + +void CHAM128::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms) +{ + CRYPTOPP_UNUSED(params); + m_kw = keyLength/sizeof(word32); + m_rk.New(2*m_kw); + + for (size_t i = 0; i < m_kw; ++i, userKey += sizeof(word32)) + { + // Do not cast the buffer. It will SIGBUS on some ARM and SPARC. + const word32 rk = GetWord(false, BIG_ENDIAN_ORDER, userKey); + m_rk[i] = rk ^ rotlConstant<1>(rk) ^ rotlConstant<8>(rk); + m_rk[(i + m_kw) ^ 1] = rk ^ rotlConstant<1>(rk) ^ rotlConstant<11>(rk); + } +} + +void CHAM128::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const +{ + // Do not cast the buffer. It will SIGBUS on some ARM and SPARC. + GetBlock iblock(inBlock); + iblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]); + + switch (m_kw) + { + case 4: // 128-bit key + { + const int R = 80; + for (int i = 0; i < R; i+=8) + { + CHAM_EncRound<0, 8>(m_x.begin(), m_rk.begin(), i+0); + CHAM_EncRound<1, 8>(m_x.begin(), m_rk.begin(), i+1); + CHAM_EncRound<2, 8>(m_x.begin(), m_rk.begin(), i+2); + CHAM_EncRound<3, 8>(m_x.begin(), m_rk.begin(), i+3); + CHAM_EncRound<4, 8>(m_x.begin(), m_rk.begin(), i+4); + CHAM_EncRound<5, 8>(m_x.begin(), m_rk.begin(), i+5); + CHAM_EncRound<6, 8>(m_x.begin(), m_rk.begin(), i+6); + CHAM_EncRound<7, 8>(m_x.begin(), m_rk.begin(), i+7); + } + break; + } + case 8: // 256-bit key + { + const int R = 96; + for (int i = 0; i < R; i+=16) + { + CHAM_EncRound< 0, 16>(m_x.begin(), m_rk.begin(), i+0); + CHAM_EncRound< 1, 16>(m_x.begin(), m_rk.begin(), i+1); + CHAM_EncRound< 2, 16>(m_x.begin(), m_rk.begin(), i+2); + CHAM_EncRound< 3, 16>(m_x.begin(), m_rk.begin(), i+3); + CHAM_EncRound< 4, 16>(m_x.begin(), m_rk.begin(), i+4); + CHAM_EncRound< 5, 16>(m_x.begin(), m_rk.begin(), i+5); + CHAM_EncRound< 6, 16>(m_x.begin(), m_rk.begin(), i+6); + CHAM_EncRound< 7, 16>(m_x.begin(), m_rk.begin(), i+7); + CHAM_EncRound< 8, 16>(m_x.begin(), m_rk.begin(), i+8); + CHAM_EncRound< 9, 16>(m_x.begin(), m_rk.begin(), i+9); + CHAM_EncRound<10, 16>(m_x.begin(), m_rk.begin(), i+10); + CHAM_EncRound<11, 16>(m_x.begin(), m_rk.begin(), i+11); + CHAM_EncRound<12, 16>(m_x.begin(), m_rk.begin(), i+12); + CHAM_EncRound<13, 16>(m_x.begin(), m_rk.begin(), i+13); + CHAM_EncRound<14, 16>(m_x.begin(), m_rk.begin(), i+14); + CHAM_EncRound<15, 16>(m_x.begin(), m_rk.begin(), i+15); + } + break; + } + default: + CRYPTOPP_ASSERT(0);; + } + + PutBlock oblock(xorBlock, outBlock); + oblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]); +} + +void CHAM128::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const +{ + // Do not cast the buffer. It will SIGBUS on some ARM and SPARC. + GetBlock iblock(inBlock); + iblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]); + + switch (m_kw) + { + case 4: // 128-bit key + { + const int R = 80; + for (int i = R-1; i >= 0; i-=8) + { + CHAM_DecRound<7, 8>(m_x.begin(), m_rk.begin(), i-0); + CHAM_DecRound<6, 8>(m_x.begin(), m_rk.begin(), i-1); + CHAM_DecRound<5, 8>(m_x.begin(), m_rk.begin(), i-2); + CHAM_DecRound<4, 8>(m_x.begin(), m_rk.begin(), i-3); + CHAM_DecRound<3, 8>(m_x.begin(), m_rk.begin(), i-4); + CHAM_DecRound<2, 8>(m_x.begin(), m_rk.begin(), i-5); + CHAM_DecRound<1, 8>(m_x.begin(), m_rk.begin(), i-6); + CHAM_DecRound<0, 8>(m_x.begin(), m_rk.begin(), i-7); + } + break; + } + case 8: // 256-bit key + { + const int R = 96; + for (int i = R-1; i >= 0; i-=16) + { + CHAM_DecRound<15, 16>(m_x.begin(), m_rk.begin(), i-0); + CHAM_DecRound<14, 16>(m_x.begin(), m_rk.begin(), i-1); + CHAM_DecRound<13, 16>(m_x.begin(), m_rk.begin(), i-2); + CHAM_DecRound<12, 16>(m_x.begin(), m_rk.begin(), i-3); + CHAM_DecRound<11, 16>(m_x.begin(), m_rk.begin(), i-4); + CHAM_DecRound<10, 16>(m_x.begin(), m_rk.begin(), i-5); + CHAM_DecRound< 9, 16>(m_x.begin(), m_rk.begin(), i-6); + CHAM_DecRound< 8, 16>(m_x.begin(), m_rk.begin(), i-7); + CHAM_DecRound< 7, 16>(m_x.begin(), m_rk.begin(), i-8); + CHAM_DecRound< 6, 16>(m_x.begin(), m_rk.begin(), i-9); + CHAM_DecRound< 5, 16>(m_x.begin(), m_rk.begin(), i-10); + CHAM_DecRound< 4, 16>(m_x.begin(), m_rk.begin(), i-11); + CHAM_DecRound< 3, 16>(m_x.begin(), m_rk.begin(), i-12); + CHAM_DecRound< 2, 16>(m_x.begin(), m_rk.begin(), i-13); + CHAM_DecRound< 1, 16>(m_x.begin(), m_rk.begin(), i-14); + CHAM_DecRound< 0, 16>(m_x.begin(), m_rk.begin(), i-15); + } + break; + } + default: + CRYPTOPP_ASSERT(0);; + } + + PutBlock oblock(xorBlock, outBlock); + oblock(m_x[0])(m_x[1])(m_x[2])(m_x[3]); +} + +#if CRYPTOPP_CHAM_ADVANCED_PROCESS_BLOCKS +size_t CHAM64::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, + byte *outBlocks, size_t length, word32 flags) const +{ +# if (CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) { + return CHAM64_Enc_AdvancedProcessBlocks_SSSE3(m_rk, 80, + inBlocks, xorBlocks, outBlocks, length, flags); + } +# endif // CRYPTOPP_SSSE3_AVAILABLE + return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t CHAM64::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, + byte *outBlocks, size_t length, word32 flags) const +{ +# if (CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) { + return CHAM64_Dec_AdvancedProcessBlocks_SSSE3(m_rk, 80, + inBlocks, xorBlocks, outBlocks, length, flags); + } +# endif // CRYPTOPP_SSSE3_AVAILABLE + return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t CHAM128::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, + byte *outBlocks, size_t length, word32 flags) const +{ +# if (CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) { + const size_t rounds = (m_kw == 4 ? 80 : 96); + return CHAM128_Enc_AdvancedProcessBlocks_SSSE3(m_rk, rounds, + inBlocks, xorBlocks, outBlocks, length, flags); + } +# endif // CRYPTOPP_SSSE3_AVAILABLE + return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t CHAM128::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, + byte *outBlocks, size_t length, word32 flags) const +{ +# if (CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) { + const size_t rounds = (m_kw == 4 ? 80 : 96); + return CHAM128_Dec_AdvancedProcessBlocks_SSSE3(m_rk, rounds, + inBlocks, xorBlocks, outBlocks, length, flags); + } +# endif // CRYPTOPP_SSSE3_AVAILABLE + return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_CHAM_ADVANCED_PROCESS_BLOCKS + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/cham.h b/vendor/cryptopp/vendor_cryptopp/cham.h new file mode 100644 index 00000000..0d08c90e --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/cham.h @@ -0,0 +1,180 @@ +// cham.h - written and placed in the public domain by Kim Sung Hee and Jeffrey Walton +// Based on "CHAM: A Family of Lightweight Block Ciphers for +// Resource-Constrained Devices" by Bonwook Koo, Dongyoung Roh, +// Hyeonjin Kim, Younghoon Jung, Dong-Geon Lee, and Daesung Kwon + +/// \file cham.h +/// \brief Classes for the CHAM block cipher +/// \since Crypto++ 8.0 + +#ifndef CRYPTOPP_CHAM_H +#define CRYPTOPP_CHAM_H + +#include "config.h" +#include "seckey.h" +#include "secblock.h" +#include "algparam.h" + +#if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86) +# define CRYPTOPP_CHAM_ADVANCED_PROCESS_BLOCKS 1 +#endif + +// Yet another SunStudio/SunCC workaround. Failed self tests +// in SSE code paths on i386 for SunStudio 12.3 and below. +#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5120) +# undef CRYPTOPP_CHAM_ADVANCED_PROCESS_BLOCKS +#endif + +NAMESPACE_BEGIN(CryptoPP) + +/// \brief CHAM block cipher information +/// \since Crypto++ 8.0 +struct CHAM64_Info : public FixedBlockSize<8>, public FixedKeyLength<16> +{ + /// \brief The algorithm name + /// \returns the algorithm name + /// \details StaticAlgorithmName returns the algorithm's name as a static + /// member function. + static const std::string StaticAlgorithmName() + { + // Format is Cipher-Blocksize + return "CHAM-64"; + } +}; + +/// \brief CHAM block cipher information +/// \since Crypto++ 8.0 +struct CHAM128_Info : public FixedBlockSize<16>, public VariableKeyLength<16,16,32,16> +{ + /// \brief The algorithm name + /// \returns the algorithm name + /// \details StaticAlgorithmName returns the algorithm's name as a static + /// member function. + static const std::string StaticAlgorithmName() + { + // Format is Cipher-Blocksize + return "CHAM-128"; + } +}; + +/// \brief CHAM 64-bit block cipher +/// \details CHAM64 provides 64-bit block size. The valid key size is 128-bit. +/// \note Crypto++ provides a byte oriented implementation +/// \sa CHAM128, CHAM, +/// +/// CHAM: A Family of Lightweight Block Ciphers for Resource-Constrained Devices +/// \since Crypto++ 8.0 +class CRYPTOPP_NO_VTABLE CHAM64 : public CHAM64_Info, public BlockCipherDocumentation +{ +public: + /// \brief CHAM block cipher transformation functions + /// \details Provides implementation common to encryption and decryption + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + protected: + void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); + std::string AlgorithmProvider() const; + + SecBlock m_rk; + mutable FixedSizeSecBlock m_x; + unsigned int m_kw; + }; + + /// \brief Encryption transformation + /// \details Enc provides implementation for encryption transformation. All key and block + /// sizes are supported. + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + +#if CRYPTOPP_CHAM_ADVANCED_PROCESS_BLOCKS + size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; +#endif + }; + + /// \brief Encryption transformation + /// \details Dec provides implementation for decryption transformation. All key and block + /// sizes are supported. + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + +#if CRYPTOPP_CHAM_ADVANCED_PROCESS_BLOCKS + size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; +#endif + }; + + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef CHAM64::Encryption CHAM64Encryption; +typedef CHAM64::Decryption CHAM64Decryption; + +/// \brief CHAM 128-bit block cipher +/// \details CHAM128 provides 128-bit block size. The valid key size is 128-bit and 256-bit. +/// \note Crypto++ provides a byte oriented implementation +/// \sa CHAM64, CHAM, +/// +/// CHAM: A Family of Lightweight Block Ciphers for Resource-Constrained Devices +/// \since Crypto++ 8.0 +class CRYPTOPP_NO_VTABLE CHAM128 : public CHAM128_Info, public BlockCipherDocumentation +{ +public: + /// \brief CHAM block cipher transformation functions + /// \details Provides implementation common to encryption and decryption + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + protected: + void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); + std::string AlgorithmProvider() const; + + SecBlock m_rk; + mutable FixedSizeSecBlock m_x; + unsigned int m_kw; + }; + + /// \brief Encryption transformation + /// \details Enc provides implementation for encryption transformation. All key and block + /// sizes are supported. + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + +#if CRYPTOPP_CHAM_ADVANCED_PROCESS_BLOCKS + size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; +#endif + }; + + /// \brief Encryption transformation + /// \details Dec provides implementation for decryption transformation. All key and block + /// sizes are supported. + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + +#if CRYPTOPP_CHAM_ADVANCED_PROCESS_BLOCKS + size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; +#endif + }; + + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef CHAM128::Encryption CHAM128Encryption; +typedef CHAM128::Decryption CHAM128Decryption; + +NAMESPACE_END + +#endif // CRYPTOPP_CHAM_H diff --git a/vendor/cryptopp/vendor_cryptopp/cham_simd.cpp b/vendor/cryptopp/vendor_cryptopp/cham_simd.cpp new file mode 100644 index 00000000..b56e6d76 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/cham_simd.cpp @@ -0,0 +1,1092 @@ +// cham_simd.cpp - written and placed in the public domain by Jeffrey Walton +// +// This source file uses intrinsics and built-ins to gain access to +// SSSE3, ARM NEON and ARMv8a, and Power7 Altivec instructions. A separate +// source file is needed because additional CXXFLAGS are required to enable +// the appropriate instructions sets in some build configurations. + +#include "pch.h" +#include "config.h" + +#include "cham.h" +#include "misc.h" +#include "adv_simd.h" + +// Uncomment for benchmarking C++ against SSE or NEON. +// Do so in both simon.cpp and simon-simd.cpp. +// #undef CRYPTOPP_SSSE3_AVAILABLE +// #undef CRYPTOPP_ARM_NEON_AVAILABLE + +#if defined(CRYPTOPP_SSE2_AVAILABLE) +# define CRYPTOPP_AVX512_ROTATE 1 +# include +# include +#endif + +#if (CRYPTOPP_SSSE3_AVAILABLE) +# include +# include +#endif + +#if defined(__XOP__) +# include +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char CHAM_SIMD_FNAME[] = __FILE__; + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::word16; +using CryptoPP::word32; + +#if (CRYPTOPP_SSSE3_AVAILABLE) + +////////////////////////////////////////////////////////////////////////// + +NAMESPACE_BEGIN(W16) // CHAM64, 16-bit word size + +template +inline __m128i RotateLeft16(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi16(val, R); +#else + return _mm_or_si128( + _mm_slli_epi16(val, R), _mm_srli_epi16(val, 16-R)); +#endif +} + +template +inline __m128i RotateRight16(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi16(val, 16-R); +#else + return _mm_or_si128( + _mm_slli_epi16(val, 16-R), _mm_srli_epi16(val, R)); +#endif +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +inline __m128i RotateLeft16<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi16(val, 8); +#else + const __m128i mask = _mm_set_epi8(14,15, 12,13, 10,11, 8,9, 6,7, 4,5, 2,3, 0,1); + return _mm_shuffle_epi8(val, mask); +#endif +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +inline __m128i RotateRight16<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi16(val, 16-8); +#else + const __m128i mask = _mm_set_epi8(14,15, 12,13, 10,11, 8,9, 6,7, 4,5, 2,3, 0,1); + return _mm_shuffle_epi8(val, mask); +#endif +} + +template +inline __m128i UnpackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d, + const __m128i& e, const __m128i& f, const __m128i& g, const __m128i& h) +{ + // Should not be instantiated + CRYPTOPP_UNUSED(a); CRYPTOPP_UNUSED(b); + CRYPTOPP_UNUSED(c); CRYPTOPP_UNUSED(d); + CRYPTOPP_UNUSED(e); CRYPTOPP_UNUSED(f); + CRYPTOPP_UNUSED(g); CRYPTOPP_UNUSED(h); + CRYPTOPP_ASSERT(0); + return _mm_setzero_si128(); +} + +template <> +inline __m128i UnpackXMM<0>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d, + const __m128i& e, const __m128i& f, const __m128i& g, const __m128i& h) +{ + // The shuffle converts to and from little-endian for SSE. A specialized + // CHAM implementation can avoid the shuffle by framing the data for + // encryption, decryption and benchmarks. The library cannot take the + // speed-up because of the byte oriented API. + const __m128i r1 = _mm_unpacklo_epi16(a, b); + const __m128i r2 = _mm_unpacklo_epi16(c, d); + const __m128i r3 = _mm_unpacklo_epi16(e, f); + const __m128i r4 = _mm_unpacklo_epi16(g, h); + + const __m128i r5 = _mm_unpacklo_epi32(r1, r2); + const __m128i r6 = _mm_unpacklo_epi32(r3, r4); + return _mm_shuffle_epi8(_mm_unpacklo_epi64(r5, r6), + _mm_set_epi8(14,15,12,13, 10,11,8,9, 6,7,4,5, 2,3,0,1)); +} + +template <> +inline __m128i UnpackXMM<1>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d, + const __m128i& e, const __m128i& f, const __m128i& g, const __m128i& h) +{ + // The shuffle converts to and from little-endian for SSE. A specialized + // CHAM implementation can avoid the shuffle by framing the data for + // encryption, decryption and benchmarks. The library cannot take the + // speed-up because of the byte oriented API. + const __m128i r1 = _mm_unpacklo_epi16(a, b); + const __m128i r2 = _mm_unpacklo_epi16(c, d); + const __m128i r3 = _mm_unpacklo_epi16(e, f); + const __m128i r4 = _mm_unpacklo_epi16(g, h); + + const __m128i r5 = _mm_unpacklo_epi32(r1, r2); + const __m128i r6 = _mm_unpacklo_epi32(r3, r4); + return _mm_shuffle_epi8(_mm_unpackhi_epi64(r5, r6), + _mm_set_epi8(14,15,12,13, 10,11,8,9, 6,7,4,5, 2,3,0,1)); +} + +template <> +inline __m128i UnpackXMM<2>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d, + const __m128i& e, const __m128i& f, const __m128i& g, const __m128i& h) +{ + // The shuffle converts to and from little-endian for SSE. A specialized + // CHAM implementation can avoid the shuffle by framing the data for + // encryption, decryption and benchmarks. The library cannot take the + // speed-up because of the byte oriented API. + const __m128i r1 = _mm_unpacklo_epi16(a, b); + const __m128i r2 = _mm_unpacklo_epi16(c, d); + const __m128i r3 = _mm_unpacklo_epi16(e, f); + const __m128i r4 = _mm_unpacklo_epi16(g, h); + + const __m128i r5 = _mm_unpackhi_epi32(r1, r2); + const __m128i r6 = _mm_unpackhi_epi32(r3, r4); + return _mm_shuffle_epi8(_mm_unpacklo_epi64(r5, r6), + _mm_set_epi8(14,15,12,13, 10,11,8,9, 6,7,4,5, 2,3,0,1)); +} + +template <> +inline __m128i UnpackXMM<3>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d, + const __m128i& e, const __m128i& f, const __m128i& g, const __m128i& h) +{ + // The shuffle converts to and from little-endian for SSE. A specialized + // CHAM implementation can avoid the shuffle by framing the data for + // encryption, decryption and benchmarks. The library cannot take the + // speed-up because of the byte oriented API. + const __m128i r1 = _mm_unpacklo_epi16(a, b); + const __m128i r2 = _mm_unpacklo_epi16(c, d); + const __m128i r3 = _mm_unpacklo_epi16(e, f); + const __m128i r4 = _mm_unpacklo_epi16(g, h); + + const __m128i r5 = _mm_unpackhi_epi32(r1, r2); + const __m128i r6 = _mm_unpackhi_epi32(r3, r4); + return _mm_shuffle_epi8(_mm_unpackhi_epi64(r5, r6), + _mm_set_epi8(14,15,12,13, 10,11,8,9, 6,7,4,5, 2,3,0,1)); +} + +template <> +inline __m128i UnpackXMM<4>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d, + const __m128i& e, const __m128i& f, const __m128i& g, const __m128i& h) +{ + // The shuffle converts to and from little-endian for SSE. A specialized + // CHAM implementation can avoid the shuffle by framing the data for + // encryption, decryption and benchmarks. The library cannot take the + // speed-up because of the byte oriented API. + const __m128i r1 = _mm_unpackhi_epi16(a, b); + const __m128i r2 = _mm_unpackhi_epi16(c, d); + const __m128i r3 = _mm_unpackhi_epi16(e, f); + const __m128i r4 = _mm_unpackhi_epi16(g, h); + + const __m128i r5 = _mm_unpacklo_epi32(r1, r2); + const __m128i r6 = _mm_unpacklo_epi32(r3, r4); + return _mm_shuffle_epi8(_mm_unpacklo_epi64(r5, r6), + _mm_set_epi8(14,15,12,13, 10,11,8,9, 6,7,4,5, 2,3,0,1)); +} + +template <> +inline __m128i UnpackXMM<5>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d, + const __m128i& e, const __m128i& f, const __m128i& g, const __m128i& h) +{ + // The shuffle converts to and from little-endian for SSE. A specialized + // CHAM implementation can avoid the shuffle by framing the data for + // encryption, decryption and benchmarks. The library cannot take the + // speed-up because of the byte oriented API. + const __m128i r1 = _mm_unpackhi_epi16(a, b); + const __m128i r2 = _mm_unpackhi_epi16(c, d); + const __m128i r3 = _mm_unpackhi_epi16(e, f); + const __m128i r4 = _mm_unpackhi_epi16(g, h); + + const __m128i r5 = _mm_unpacklo_epi32(r1, r2); + const __m128i r6 = _mm_unpacklo_epi32(r3, r4); + return _mm_shuffle_epi8(_mm_unpackhi_epi64(r5, r6), + _mm_set_epi8(14,15,12,13, 10,11,8,9, 6,7,4,5, 2,3,0,1)); +} + +template <> +inline __m128i UnpackXMM<6>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d, + const __m128i& e, const __m128i& f, const __m128i& g, const __m128i& h) +{ + // The shuffle converts to and from little-endian for SSE. A specialized + // CHAM implementation can avoid the shuffle by framing the data for + // encryption, decryption and benchmarks. The library cannot take the + // speed-up because of the byte oriented API. + const __m128i r1 = _mm_unpackhi_epi16(a, b); + const __m128i r2 = _mm_unpackhi_epi16(c, d); + const __m128i r3 = _mm_unpackhi_epi16(e, f); + const __m128i r4 = _mm_unpackhi_epi16(g, h); + + const __m128i r5 = _mm_unpackhi_epi32(r1, r2); + const __m128i r6 = _mm_unpackhi_epi32(r3, r4); + return _mm_shuffle_epi8(_mm_unpacklo_epi64(r5, r6), + _mm_set_epi8(14,15,12,13, 10,11,8,9, 6,7,4,5, 2,3,0,1)); +} + +template <> +inline __m128i UnpackXMM<7>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d, + const __m128i& e, const __m128i& f, const __m128i& g, const __m128i& h) +{ + // The shuffle converts to and from little-endian for SSE. A specialized + // CHAM implementation can avoid the shuffle by framing the data for + // encryption, decryption and benchmarks. The library cannot take the + // speed-up because of the byte oriented API. + const __m128i r1 = _mm_unpackhi_epi16(a, b); + const __m128i r2 = _mm_unpackhi_epi16(c, d); + const __m128i r3 = _mm_unpackhi_epi16(e, f); + const __m128i r4 = _mm_unpackhi_epi16(g, h); + + const __m128i r5 = _mm_unpackhi_epi32(r1, r2); + const __m128i r6 = _mm_unpackhi_epi32(r3, r4); + return _mm_shuffle_epi8(_mm_unpackhi_epi64(r5, r6), + _mm_set_epi8(14,15,12,13, 10,11,8,9, 6,7,4,5, 2,3,0,1)); +} + +template +inline __m128i UnpackXMM(const __m128i& v) +{ + // Should not be instantiated + CRYPTOPP_UNUSED(v); CRYPTOPP_ASSERT(0); + + return _mm_setzero_si128(); +} + +template <> +inline __m128i UnpackXMM<0>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(0,1, 0,1, 0,1, 0,1, 0,1, 0,1, 0,1, 0,1)); +} + +template <> +inline __m128i UnpackXMM<1>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(2,3, 2,3, 2,3, 2,3, 2,3, 2,3, 2,3, 2,3)); +} + +template <> +inline __m128i UnpackXMM<2>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(4,5, 4,5, 4,5, 4,5, 4,5, 4,5, 4,5, 4,5)); +} + +template <> +inline __m128i UnpackXMM<3>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(6,7, 6,7, 6,7, 6,7, 6,7, 6,7, 6,7, 6,7)); +} + +template <> +inline __m128i UnpackXMM<4>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(8,9, 8,9, 8,9, 8,9, 8,9, 8,9, 8,9, 8,9)); +} + +template <> +inline __m128i UnpackXMM<5>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(10,11, 10,11, 10,11, 10,11, 10,11, 10,11, 10,11, 10,11)); +} + +template <> +inline __m128i UnpackXMM<6>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(12,13, 12,13, 12,13, 12,13, 12,13, 12,13, 12,13, 12,13)); +} + +template <> +inline __m128i UnpackXMM<7>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(14,15, 14,15, 14,15, 14,15, 14,15, 14,15, 14,15, 14,15)); +} + +template +inline __m128i UnpackXMM(const __m128i& a, const __m128i& b) +{ + const __m128i& z = _mm_setzero_si128(); + return UnpackXMM(a, b, z, z, z, z, z, z); +} + +template +inline __m128i RepackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d, + const __m128i& e, const __m128i& f, const __m128i& g, const __m128i& h) +{ + return UnpackXMM(a, b, c, d, e, f, g, h); +} + +template +inline __m128i RepackXMM(const __m128i& v) +{ + return UnpackXMM(v); +} + +inline void CHAM64_Enc_Block(__m128i &block0, + const word16 *subkeys, unsigned int /*rounds*/) +{ + // Rearrange the data for vectorization. UnpackXMM includes a + // little-endian swap for SSE. Thanks to Peter Cordes for help + // with packing and unpacking. + // [A1 A2 .. A6 A7][B1 B2 .. B6 B7] ... => [A1 B1 .. G1 H1][A2 B2 .. G2 H2] ... + __m128i a = UnpackXMM<0>(block0); + __m128i b = UnpackXMM<1>(block0); + __m128i c = UnpackXMM<2>(block0); + __m128i d = UnpackXMM<3>(block0); + __m128i e = UnpackXMM<4>(block0); + __m128i f = UnpackXMM<5>(block0); + __m128i g = UnpackXMM<6>(block0); + __m128i h = UnpackXMM<7>(block0); + + const unsigned int rounds = 80; + __m128i counter = _mm_set_epi16(0,0,0,0,0,0,0,0); + __m128i increment = _mm_set_epi16(1,1,1,1,1,1,1,1); + + const unsigned int MASK = 15; + for (int i=0; i(rounds); i+=4) + { + __m128i k, kr, t1, t2, t3, t4; + k = _mm_castpd_si128(_mm_load_sd((const double*)(&subkeys[(i+0) & MASK]))); + + // Shuffle out key + kr = _mm_shuffle_epi8(k, _mm_set_epi8(1,0,1,0, 1,0,1,0, 1,0,1,0, 1,0,1,0)); + + t1 = _mm_xor_si128(a, counter); + t3 = _mm_xor_si128(e, counter); + t2 = _mm_xor_si128(RotateLeft16<1>(b), kr); + t4 = _mm_xor_si128(RotateLeft16<1>(f), kr); + a = RotateLeft16<8>(_mm_add_epi16(t1, t2)); + e = RotateLeft16<8>(_mm_add_epi16(t3, t4)); + + counter = _mm_add_epi16(counter, increment); + kr = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,3,2, 3,2,3,2, 3,2,3,2, 3,2,3,2)); + + t1 = _mm_xor_si128(b, counter); + t3 = _mm_xor_si128(f, counter); + t2 = _mm_xor_si128(RotateLeft16<8>(c), kr); + t4 = _mm_xor_si128(RotateLeft16<8>(g), kr); + b = RotateLeft16<1>(_mm_add_epi16(t1, t2)); + f = RotateLeft16<1>(_mm_add_epi16(t3, t4)); + + counter = _mm_add_epi16(counter, increment); + kr = _mm_shuffle_epi8(k, _mm_set_epi8(5,4,5,4, 5,4,5,4, 5,4,5,4, 5,4,5,4)); + + t1 = _mm_xor_si128(c, counter); + t3 = _mm_xor_si128(g, counter); + t2 = _mm_xor_si128(RotateLeft16<1>(d), kr); + t4 = _mm_xor_si128(RotateLeft16<1>(h), kr); + c = RotateLeft16<8>(_mm_add_epi16(t1, t2)); + g = RotateLeft16<8>(_mm_add_epi16(t3, t4)); + + counter = _mm_add_epi16(counter, increment); + kr = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,7,6, 7,6,7,6, 7,6,7,6, 7,6,7,6)); + + t1 = _mm_xor_si128(d, counter); + t3 = _mm_xor_si128(h, counter); + t2 = _mm_xor_si128(RotateLeft16<8>(a), kr); + t4 = _mm_xor_si128(RotateLeft16<8>(e), kr); + d = RotateLeft16<1>(_mm_add_epi16(t1, t2)); + h = RotateLeft16<1>(_mm_add_epi16(t3, t4)); + + counter = _mm_add_epi16(counter, increment); + } + + // [A1 B1 .. G1 H1][A2 B2 .. G2 H2] ... => [A1 A2 .. A6 A7][B1 B2 .. B6 B7] ... + block0 = RepackXMM<0>(a,b,c,d,e,f,g,h); +} + +inline void CHAM64_Dec_Block(__m128i &block0, + const word16 *subkeys, unsigned int /*rounds*/) +{ + // Rearrange the data for vectorization. UnpackXMM includes a + // little-endian swap for SSE. Thanks to Peter Cordes for help + // with packing and unpacking. + // [A1 A2 .. A6 A7][B1 B2 .. B6 B7] ... => [A1 B1 .. G1 H1][A2 B2 .. G2 H2] ... + __m128i a = UnpackXMM<0>(block0); + __m128i b = UnpackXMM<1>(block0); + __m128i c = UnpackXMM<2>(block0); + __m128i d = UnpackXMM<3>(block0); + __m128i e = UnpackXMM<4>(block0); + __m128i f = UnpackXMM<5>(block0); + __m128i g = UnpackXMM<6>(block0); + __m128i h = UnpackXMM<7>(block0); + + const unsigned int rounds = 80; + __m128i counter = _mm_set_epi16(rounds-1,rounds-1,rounds-1,rounds-1, rounds-1,rounds-1,rounds-1,rounds-1); + __m128i decrement = _mm_set_epi16(1,1,1,1,1,1,1,1); + + const unsigned int MASK = 15; + for (int i = static_cast(rounds)-1; i >= 0; i-=4) + { + __m128i k, kr, t1, t2, t3, t4; + k = _mm_castpd_si128(_mm_load_sd((const double*)(&subkeys[(i-3) & MASK]))); + + // Shuffle out key + kr = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,7,6, 7,6,7,6, 7,6,7,6, 7,6,7,6)); + + // Odd round + t1 = RotateRight16<1>(d); + t3 = RotateRight16<1>(h); + t2 = _mm_xor_si128(RotateLeft16<8>(a), kr); + t4 = _mm_xor_si128(RotateLeft16<8>(e), kr); + d = _mm_xor_si128(_mm_sub_epi16(t1, t2), counter); + h = _mm_xor_si128(_mm_sub_epi16(t3, t4), counter); + + counter = _mm_sub_epi16(counter, decrement); + kr = _mm_shuffle_epi8(k, _mm_set_epi8(5,4,5,4, 5,4,5,4, 5,4,5,4, 5,4,5,4)); + + // Even round + t1 = RotateRight16<8>(c); + t3 = RotateRight16<8>(g); + t2 = _mm_xor_si128(RotateLeft16<1>(d), kr); + t4 = _mm_xor_si128(RotateLeft16<1>(h), kr); + c = _mm_xor_si128(_mm_sub_epi16(t1, t2), counter); + g = _mm_xor_si128(_mm_sub_epi16(t3, t4), counter); + + counter = _mm_sub_epi16(counter, decrement); + kr = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,3,2, 3,2,3,2, 3,2,3,2, 3,2,3,2)); + + // Odd round + t1 = RotateRight16<1>(b); + t3 = RotateRight16<1>(f); + t2 = _mm_xor_si128(RotateLeft16<8>(c), kr); + t4 = _mm_xor_si128(RotateLeft16<8>(g), kr); + b = _mm_xor_si128(_mm_sub_epi16(t1, t2), counter); + f = _mm_xor_si128(_mm_sub_epi16(t3, t4), counter); + + counter = _mm_sub_epi16(counter, decrement); + kr = _mm_shuffle_epi8(k, _mm_set_epi8(1,0,1,0, 1,0,1,0, 1,0,1,0, 1,0,1,0)); + + // Even round + t1 = RotateRight16<8>(a); + t3 = RotateRight16<8>(e); + t2 = _mm_xor_si128(RotateLeft16<1>(b), kr); + t4 = _mm_xor_si128(RotateLeft16<1>(f), kr); + a = _mm_xor_si128(_mm_sub_epi16(t1, t2), counter); + e = _mm_xor_si128(_mm_sub_epi16(t3, t4), counter); + + counter = _mm_sub_epi16(counter, decrement); + } + + // [A1 B1 .. G1 H1][A2 B2 .. G2 H2] ... => [A1 A2 .. A6 A7][B1 B2 .. B6 B7] ... + block0 = RepackXMM<0>(a,b,c,d,e,f,g,h); +} + +inline void CHAM64_Enc_2_Blocks(__m128i &block0, + __m128i &block1, const word16 *subkeys, unsigned int /*rounds*/) +{ + // Rearrange the data for vectorization. UnpackXMM includes a + // little-endian swap for SSE. Thanks to Peter Cordes for help + // with packing and unpacking. + // [A1 A2 .. A6 A7][B1 B2 .. B6 B7] ... => [A1 B1 .. G1 H1][A2 B2 .. G2 H2] ... + __m128i a = UnpackXMM<0>(block0, block1); + __m128i b = UnpackXMM<1>(block0, block1); + __m128i c = UnpackXMM<2>(block0, block1); + __m128i d = UnpackXMM<3>(block0, block1); + __m128i e = UnpackXMM<4>(block0, block1); + __m128i f = UnpackXMM<5>(block0, block1); + __m128i g = UnpackXMM<6>(block0, block1); + __m128i h = UnpackXMM<7>(block0, block1); + + const unsigned int rounds = 80; + __m128i counter = _mm_set_epi16(0,0,0,0,0,0,0,0); + __m128i increment = _mm_set_epi16(1,1,1,1,1,1,1,1); + + const unsigned int MASK = 15; + for (int i=0; i(rounds); i+=4) + { + __m128i k, kr, t1, t2, t3, t4; + k = _mm_castpd_si128(_mm_load_sd((const double*)(&subkeys[i & MASK]))); + + // Shuffle out key + kr = _mm_shuffle_epi8(k, _mm_set_epi8(1,0,1,0, 1,0,1,0, 1,0,1,0, 1,0,1,0)); + + t1 = _mm_xor_si128(a, counter); + t3 = _mm_xor_si128(e, counter); + t2 = _mm_xor_si128(RotateLeft16<1>(b), kr); + t4 = _mm_xor_si128(RotateLeft16<1>(f), kr); + a = RotateLeft16<8>(_mm_add_epi16(t1, t2)); + e = RotateLeft16<8>(_mm_add_epi16(t3, t4)); + + counter = _mm_add_epi16(counter, increment); + kr = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,3,2, 3,2,3,2, 3,2,3,2, 3,2,3,2)); + + t1 = _mm_xor_si128(b, counter); + t3 = _mm_xor_si128(f, counter); + t2 = _mm_xor_si128(RotateLeft16<8>(c), kr); + t4 = _mm_xor_si128(RotateLeft16<8>(g), kr); + b = RotateLeft16<1>(_mm_add_epi16(t1, t2)); + f = RotateLeft16<1>(_mm_add_epi16(t3, t4)); + + counter = _mm_add_epi16(counter, increment); + kr = _mm_shuffle_epi8(k, _mm_set_epi8(5,4,5,4, 5,4,5,4, 5,4,5,4, 5,4,5,4)); + + t1 = _mm_xor_si128(c, counter); + t3 = _mm_xor_si128(g, counter); + t2 = _mm_xor_si128(RotateLeft16<1>(d), kr); + t4 = _mm_xor_si128(RotateLeft16<1>(h), kr); + c = RotateLeft16<8>(_mm_add_epi16(t1, t2)); + g = RotateLeft16<8>(_mm_add_epi16(t3, t4)); + + counter = _mm_add_epi16(counter, increment); + kr = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,7,6, 7,6,7,6, 7,6,7,6, 7,6,7,6)); + + t1 = _mm_xor_si128(d, counter); + t3 = _mm_xor_si128(h, counter); + t2 = _mm_xor_si128(RotateLeft16<8>(a), kr); + t4 = _mm_xor_si128(RotateLeft16<8>(e), kr); + d = RotateLeft16<1>(_mm_add_epi16(t1, t2)); + h = RotateLeft16<1>(_mm_add_epi16(t3, t4)); + + counter = _mm_add_epi16(counter, increment); + } + + // [A1 B1 .. G1 H1][A2 B2 .. G2 H2] ... => [A1 A2 .. A6 A7][B1 B2 .. B6 B7] ... + block0 = RepackXMM<0>(a,b,c,d,e,f,g,h); + block1 = RepackXMM<1>(a,b,c,d,e,f,g,h); +} + +inline void CHAM64_Dec_2_Blocks(__m128i &block0, + __m128i &block1, const word16 *subkeys, unsigned int /*rounds*/) +{ + // Rearrange the data for vectorization. UnpackXMM includes a + // little-endian swap for SSE. Thanks to Peter Cordes for help + // with packing and unpacking. + // [A1 A2 .. A6 A7][B1 B2 .. B6 B7] ... => [A1 B1 .. G1 H1][A2 B2 .. G2 H2] ... + __m128i a = UnpackXMM<0>(block0, block1); + __m128i b = UnpackXMM<1>(block0, block1); + __m128i c = UnpackXMM<2>(block0, block1); + __m128i d = UnpackXMM<3>(block0, block1); + __m128i e = UnpackXMM<4>(block0, block1); + __m128i f = UnpackXMM<5>(block0, block1); + __m128i g = UnpackXMM<6>(block0, block1); + __m128i h = UnpackXMM<7>(block0, block1); + + const unsigned int rounds = 80; + __m128i counter = _mm_set_epi16(rounds-1,rounds-1,rounds-1,rounds-1, rounds-1,rounds-1,rounds-1,rounds-1); + __m128i decrement = _mm_set_epi16(1,1,1,1,1,1,1,1); + + const unsigned int MASK = 15; + for (int i = static_cast(rounds)-1; i >= 0; i-=4) + { + __m128i k, kr, t1, t2, t3, t4; + k = _mm_castpd_si128(_mm_load_sd((const double*)(&subkeys[(i-3) & MASK]))); + + // Shuffle out key + kr = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,7,6, 7,6,7,6, 7,6,7,6, 7,6,7,6)); + + // Odd round + t1 = RotateRight16<1>(d); + t3 = RotateRight16<1>(h); + t2 = _mm_xor_si128(RotateLeft16<8>(a), kr); + t4 = _mm_xor_si128(RotateLeft16<8>(e), kr); + d = _mm_xor_si128(_mm_sub_epi16(t1, t2), counter); + h = _mm_xor_si128(_mm_sub_epi16(t3, t4), counter); + + counter = _mm_sub_epi16(counter, decrement); + kr = _mm_shuffle_epi8(k, _mm_set_epi8(5,4,5,4, 5,4,5,4, 5,4,5,4, 5,4,5,4)); + + // Even round + t1 = RotateRight16<8>(c); + t3 = RotateRight16<8>(g); + t2 = _mm_xor_si128(RotateLeft16<1>(d), kr); + t4 = _mm_xor_si128(RotateLeft16<1>(h), kr); + c = _mm_xor_si128(_mm_sub_epi16(t1, t2), counter); + g = _mm_xor_si128(_mm_sub_epi16(t3, t4), counter); + + counter = _mm_sub_epi16(counter, decrement); + kr = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,3,2, 3,2,3,2, 3,2,3,2, 3,2,3,2)); + + // Odd round + t1 = RotateRight16<1>(b); + t3 = RotateRight16<1>(f); + t2 = _mm_xor_si128(RotateLeft16<8>(c), kr); + t4 = _mm_xor_si128(RotateLeft16<8>(g), kr); + b = _mm_xor_si128(_mm_sub_epi16(t1, t2), counter); + f = _mm_xor_si128(_mm_sub_epi16(t3, t4), counter); + + counter = _mm_sub_epi16(counter, decrement); + kr = _mm_shuffle_epi8(k, _mm_set_epi8(1,0,1,0, 1,0,1,0, 1,0,1,0, 1,0,1,0)); + + // Even round + t1 = RotateRight16<8>(a); + t3 = RotateRight16<8>(e); + t2 = _mm_xor_si128(RotateLeft16<1>(b), kr); + t4 = _mm_xor_si128(RotateLeft16<1>(f), kr); + a = _mm_xor_si128(_mm_sub_epi16(t1, t2), counter); + e = _mm_xor_si128(_mm_sub_epi16(t3, t4), counter); + + counter = _mm_sub_epi16(counter, decrement); + } + + // [A1 B1 .. G1 H1][A2 B2 .. G2 H2] ... => [A1 A2 .. A6 A7][B1 B2 .. B6 B7] ... + block0 = RepackXMM<0>(a,b,c,d,e,f,g,h); + block1 = RepackXMM<1>(a,b,c,d,e,f,g,h); +} + +NAMESPACE_END // W16 + +////////////////////////////////////////////////////////////////////////// + +NAMESPACE_BEGIN(W32) // CHAM128, 32-bit word size + +template +inline __m128i RotateLeft32(const __m128i& val) +{ +#if defined(CRYPTOPP_AVX512_ROTATE) + return _mm_rol_epi32(val, R); +#elif defined(__XOP__) + return _mm_roti_epi32(val, R); +#else + return _mm_or_si128( + _mm_slli_epi32(val, R), _mm_srli_epi32(val, 32-R)); +#endif +} + +template +inline __m128i RotateRight32(const __m128i& val) +{ +#if defined(CRYPTOPP_AVX512_ROTATE) + return _mm_ror_epi32(val, R); +#elif defined(__XOP__) + return _mm_roti_epi32(val, 32-R); +#else + return _mm_or_si128( + _mm_slli_epi32(val, 32-R), _mm_srli_epi32(val, R)); +#endif +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +inline __m128i RotateLeft32<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 8); +#else + const __m128i mask = _mm_set_epi8(14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3); + return _mm_shuffle_epi8(val, mask); +#endif +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +inline __m128i RotateRight32<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 32-8); +#else + const __m128i mask = _mm_set_epi8(12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1); + return _mm_shuffle_epi8(val, mask); +#endif +} + +template +inline __m128i UnpackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + // Should not be instantiated + CRYPTOPP_UNUSED(a); CRYPTOPP_UNUSED(b); + CRYPTOPP_UNUSED(c); CRYPTOPP_UNUSED(d); + CRYPTOPP_ASSERT(0); + return _mm_setzero_si128(); +} + +template <> +inline __m128i UnpackXMM<0>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + // The shuffle converts to and from little-endian for SSE. A specialized + // CHAM implementation can avoid the shuffle by framing the data for + // encryption, decryption and benchmarks. The library cannot take the + // speed-up because of the byte oriented API. + const __m128i r1 = _mm_unpacklo_epi32(a, b); + const __m128i r2 = _mm_unpacklo_epi32(c, d); + return _mm_shuffle_epi8(_mm_unpacklo_epi64(r1, r2), + _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3)); +} + +template <> +inline __m128i UnpackXMM<1>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + // The shuffle converts to and from little-endian for SSE. A specialized + // CHAM implementation can avoid the shuffle by framing the data for + // encryption, decryption and benchmarks. The library cannot take the + // speed-up because of the byte oriented API. + const __m128i r1 = _mm_unpacklo_epi32(a, b); + const __m128i r2 = _mm_unpacklo_epi32(c, d); + return _mm_shuffle_epi8(_mm_unpackhi_epi64(r1, r2), + _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3)); +} + +template <> +inline __m128i UnpackXMM<2>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + // The shuffle converts to and from little-endian for SSE. A specialized + // CHAM implementation can avoid the shuffle by framing the data for + // encryption, decryption and benchmarks. The library cannot take the + // speed-up because of the byte oriented API. + const __m128i r1 = _mm_unpackhi_epi32(a, b); + const __m128i r2 = _mm_unpackhi_epi32(c, d); + return _mm_shuffle_epi8(_mm_unpacklo_epi64(r1, r2), + _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3)); +} + +template <> +inline __m128i UnpackXMM<3>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + // The shuffle converts to and from little-endian for SSE. A specialized + // CHAM implementation can avoid the shuffle by framing the data for + // encryption, decryption and benchmarks. The library cannot take the + // speed-up because of the byte oriented API. + const __m128i r1 = _mm_unpackhi_epi32(a, b); + const __m128i r2 = _mm_unpackhi_epi32(c, d); + return _mm_shuffle_epi8(_mm_unpackhi_epi64(r1, r2), + _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3)); +} + +template +inline __m128i UnpackXMM(const __m128i& v) +{ + // Should not be instantiated + CRYPTOPP_UNUSED(v); CRYPTOPP_ASSERT(0); + return _mm_setzero_si128(); +} + +template <> +inline __m128i UnpackXMM<0>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3)); +} + +template <> +inline __m128i UnpackXMM<1>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(4,5,6,7, 4,5,6,7, 4,5,6,7, 4,5,6,7)); +} + +template <> +inline __m128i UnpackXMM<2>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(8,9,10,11, 8,9,10,11, 8,9,10,11, 8,9,10,11)); +} + +template <> +inline __m128i UnpackXMM<3>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(12,13,14,15, 12,13,14,15, 12,13,14,15, 12,13,14,15)); +} + +template +inline __m128i RepackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + return UnpackXMM(a, b, c, d); +} + +template +inline __m128i RepackXMM(const __m128i& v) +{ + return UnpackXMM(v); +} + +inline void CHAM128_Enc_Block(__m128i &block0, + const word32 *subkeys, unsigned int rounds) +{ + // Rearrange the data for vectorization. UnpackXMM includes a + // little-endian swap for SSE. Thanks to Peter Cordes for help + // with packing and unpacking. + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ... + __m128i a = UnpackXMM<0>(block0); + __m128i b = UnpackXMM<1>(block0); + __m128i c = UnpackXMM<2>(block0); + __m128i d = UnpackXMM<3>(block0); + + __m128i counter = _mm_set_epi32(0,0,0,0); + __m128i increment = _mm_set_epi32(1,1,1,1); + + const unsigned int MASK = (rounds == 80 ? 7 : 15); + for (int i=0; i(rounds); i+=4) + { + __m128i k, k1, k2, t1, t2; + k = _mm_castpd_si128(_mm_load_sd((const double*)(&subkeys[(i+0) & MASK]))); + + // Shuffle out two subkeys + k1 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0)); + k2 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4)); + + t1 = _mm_xor_si128(a, counter); + t2 = _mm_xor_si128(RotateLeft32<1>(b), k1); + a = RotateLeft32<8>(_mm_add_epi32(t1, t2)); + + counter = _mm_add_epi32(counter, increment); + + t1 = _mm_xor_si128(b, counter); + t2 = _mm_xor_si128(RotateLeft32<8>(c), k2); + b = RotateLeft32<1>(_mm_add_epi32(t1, t2)); + + counter = _mm_add_epi32(counter, increment); + + k = _mm_castpd_si128(_mm_load_sd((const double*)(&subkeys[(i+2) & MASK]))); + + // Shuffle out two subkeys + k1 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0)); + k2 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4)); + + t1 = _mm_xor_si128(c, counter); + t2 = _mm_xor_si128(RotateLeft32<1>(d), k1); + c = RotateLeft32<8>(_mm_add_epi32(t1, t2)); + + counter = _mm_add_epi32(counter, increment); + + t1 = _mm_xor_si128(d, counter); + t2 = _mm_xor_si128(RotateLeft32<8>(a), k2); + d = RotateLeft32<1>(_mm_add_epi32(t1, t2)); + + counter = _mm_add_epi32(counter, increment); + } + + // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ... + block0 = RepackXMM<0>(a,b,c,d); +} + +inline void CHAM128_Dec_Block(__m128i &block0, + const word32 *subkeys, unsigned int rounds) +{ + // Rearrange the data for vectorization. UnpackXMM includes a + // little-endian swap for SSE. Thanks to Peter Cordes for help + // with packing and unpacking. + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ... + __m128i a = UnpackXMM<0>(block0); + __m128i b = UnpackXMM<1>(block0); + __m128i c = UnpackXMM<2>(block0); + __m128i d = UnpackXMM<3>(block0); + + __m128i counter = _mm_set_epi32(rounds-1,rounds-1,rounds-1,rounds-1); + __m128i decrement = _mm_set_epi32(1,1,1,1); + + const unsigned int MASK = (rounds == 80 ? 7 : 15); + for (int i = static_cast(rounds)-1; i >= 0; i-=4) + { + __m128i k, k1, k2, t1, t2; + k = _mm_castpd_si128(_mm_load_sd((const double*)(&subkeys[(i-1) & MASK]))); + + // Shuffle out two subkeys + k1 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4)); + k2 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0)); + + // Odd round + t1 = RotateRight32<1>(d); + t2 = _mm_xor_si128(RotateLeft32<8>(a), k1); + d = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter); + + counter = _mm_sub_epi32(counter, decrement); + + // Even round + t1 = RotateRight32<8>(c); + t2 = _mm_xor_si128(RotateLeft32<1>(d), k2); + c = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter); + + counter = _mm_sub_epi32(counter, decrement); + k = _mm_castpd_si128(_mm_load_sd((const double*)(&subkeys[(i-3) & MASK]))); + + // Shuffle out two subkeys + k1 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4)); + k2 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0)); + + // Odd round + t1 = RotateRight32<1>(b); + t2 = _mm_xor_si128(RotateLeft32<8>(c), k1); + b = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter); + + counter = _mm_sub_epi32(counter, decrement); + + // Even round + t1 = RotateRight32<8>(a); + t2 = _mm_xor_si128(RotateLeft32<1>(b), k2); + a = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter); + + counter = _mm_sub_epi32(counter, decrement); + } + + // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ... + block0 = RepackXMM<0>(a,b,c,d); +} + +inline void CHAM128_Enc_4_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, const word32 *subkeys, unsigned int rounds) +{ + // Rearrange the data for vectorization. UnpackXMM includes a + // little-endian swap for SSE. Thanks to Peter Cordes for help + // with packing and unpacking. + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ... + __m128i a = UnpackXMM<0>(block0, block1, block2, block3); + __m128i b = UnpackXMM<1>(block0, block1, block2, block3); + __m128i c = UnpackXMM<2>(block0, block1, block2, block3); + __m128i d = UnpackXMM<3>(block0, block1, block2, block3); + + __m128i counter = _mm_set_epi32(0,0,0,0); + __m128i increment = _mm_set_epi32(1,1,1,1); + + const unsigned int MASK = (rounds == 80 ? 7 : 15); + for (int i=0; i(rounds); i+=4) + { + __m128i k, k1, k2, t1, t2; + k = _mm_castpd_si128(_mm_load_sd((const double*)(&subkeys[(i+0) & MASK]))); + + // Shuffle out two subkeys + k1 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0)); + k2 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4)); + + t1 = _mm_xor_si128(a, counter); + t2 = _mm_xor_si128(RotateLeft32<1>(b), k1); + a = RotateLeft32<8>(_mm_add_epi32(t1, t2)); + + counter = _mm_add_epi32(counter, increment); + + t1 = _mm_xor_si128(b, counter); + t2 = _mm_xor_si128(RotateLeft32<8>(c), k2); + b = RotateLeft32<1>(_mm_add_epi32(t1, t2)); + + counter = _mm_add_epi32(counter, increment); + k = _mm_castpd_si128(_mm_load_sd((const double*)(&subkeys[(i+2) & MASK]))); + + // Shuffle out two subkeys + k1 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0)); + k2 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4)); + + t1 = _mm_xor_si128(c, counter); + t2 = _mm_xor_si128(RotateLeft32<1>(d), k1); + c = RotateLeft32<8>(_mm_add_epi32(t1, t2)); + + counter = _mm_add_epi32(counter, increment); + + t1 = _mm_xor_si128(d, counter); + t2 = _mm_xor_si128(RotateLeft32<8>(a), k2); + d = RotateLeft32<1>(_mm_add_epi32(t1, t2)); + + counter = _mm_add_epi32(counter, increment); + } + + // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ... + block0 = RepackXMM<0>(a,b,c,d); + block1 = RepackXMM<1>(a,b,c,d); + block2 = RepackXMM<2>(a,b,c,d); + block3 = RepackXMM<3>(a,b,c,d); +} + +inline void CHAM128_Dec_4_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, const word32 *subkeys, unsigned int rounds) +{ + // Rearrange the data for vectorization. UnpackXMM includes a + // little-endian swap for SSE. Thanks to Peter Cordes for help + // with packing and unpacking. + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ... + __m128i a = UnpackXMM<0>(block0, block1, block2, block3); + __m128i b = UnpackXMM<1>(block0, block1, block2, block3); + __m128i c = UnpackXMM<2>(block0, block1, block2, block3); + __m128i d = UnpackXMM<3>(block0, block1, block2, block3); + + __m128i counter = _mm_set_epi32(rounds-1,rounds-1,rounds-1,rounds-1); + __m128i decrement = _mm_set_epi32(1,1,1,1); + + const unsigned int MASK = (rounds == 80 ? 7 : 15); + for (int i = static_cast(rounds)-1; i >= 0; i-=4) + { + __m128i k, k1, k2, t1, t2; + k = _mm_castpd_si128(_mm_load_sd((const double*)(&subkeys[(i-1) & MASK]))); + + // Shuffle out two subkeys + k1 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4)); + k2 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0)); + + // Odd round + t1 = RotateRight32<1>(d); + t2 = _mm_xor_si128(RotateLeft32<8>(a), k1); + d = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter); + + counter = _mm_sub_epi32(counter, decrement); + + // Even round + t1 = RotateRight32<8>(c); + t2 = _mm_xor_si128(RotateLeft32<1>(d), k2); + c = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter); + + counter = _mm_sub_epi32(counter, decrement); + k = _mm_castpd_si128(_mm_load_sd((const double*)(&subkeys[(i-3) & MASK]))); + + // Shuffle out two subkeys + k1 = _mm_shuffle_epi8(k, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4)); + k2 = _mm_shuffle_epi8(k, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0)); + + // Odd round + t1 = RotateRight32<1>(b); + t2 = _mm_xor_si128(RotateLeft32<8>(c), k1); + b = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter); + + counter = _mm_sub_epi32(counter, decrement); + + // Even round + t1 = RotateRight32<8>(a); + t2 = _mm_xor_si128(RotateLeft32<1>(b), k2); + a = _mm_xor_si128(_mm_sub_epi32(t1, t2), counter); + + counter = _mm_sub_epi32(counter, decrement); + } + + // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ... + block0 = RepackXMM<0>(a,b,c,d); + block1 = RepackXMM<1>(a,b,c,d); + block2 = RepackXMM<2>(a,b,c,d); + block3 = RepackXMM<3>(a,b,c,d); +} + +////////////////////////////////////////////////////////////////////////// + +NAMESPACE_END // W32 + +#endif // CRYPTOPP_SSSE3_AVAILABLE + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +#if defined(CRYPTOPP_SSSE3_AVAILABLE) +size_t CHAM64_Enc_AdvancedProcessBlocks_SSSE3(const word16* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_2x1_SSE(W16::CHAM64_Enc_Block, W16::CHAM64_Enc_2_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t CHAM64_Dec_AdvancedProcessBlocks_SSSE3(const word16* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_2x1_SSE(W16::CHAM64_Dec_Block, W16::CHAM64_Dec_2_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t CHAM128_Enc_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_4x1_SSE(W32::CHAM128_Enc_Block, W32::CHAM128_Enc_4_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t CHAM128_Dec_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_4x1_SSE(W32::CHAM128_Dec_Block, W32::CHAM128_Dec_4_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_SSSE3_AVAILABLE + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/cmac.h b/vendor/cryptopp/vendor_cryptopp/cmac.h index 98afd007..f3bcad48 100644 --- a/vendor/cryptopp/vendor_cryptopp/cmac.h +++ b/vendor/cryptopp/vendor_cryptopp/cmac.h @@ -17,6 +17,9 @@ NAMESPACE_BEGIN(CryptoPP) class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CMAC_Base : public MessageAuthenticationCode { public: + + virtual ~CMAC_Base() {} + CMAC_Base() : m_counter(0) {} void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); @@ -25,6 +28,7 @@ public: unsigned int DigestSize() const {return GetCipher().BlockSize();} unsigned int OptimalBlockSize() const {return GetCipher().BlockSize();} unsigned int OptimalDataAlignment() const {return GetCipher().OptimalDataAlignment();} + std::string AlgorithmProvider() const {return GetCipher().AlgorithmProvider();} protected: friend class EAX_Base; diff --git a/vendor/cryptopp/vendor_cryptopp/config.h b/vendor/cryptopp/vendor_cryptopp/config.h index f06992a2..8db32c65 100644 --- a/vendor/cryptopp/vendor_cryptopp/config.h +++ b/vendor/cryptopp/vendor_cryptopp/config.h @@ -9,23 +9,24 @@ // ***************** Important Settings ******************** // define this if running on a big-endian CPU +// big endian will be assumed if CRYPTOPP_LITTLE_ENDIAN is not non-0 #if !defined(CRYPTOPP_LITTLE_ENDIAN) && !defined(CRYPTOPP_BIG_ENDIAN) && (defined(__BIG_ENDIAN__) || (defined(__s390__) || defined(__s390x__) || defined(__zarch__)) || (defined(__m68k__) || defined(__MC68K__)) || defined(__sparc) || defined(__sparc__) || defined(__hppa__) || defined(__MIPSEB__) || defined(__ARMEB__) || (defined(__MWERKS__) && !defined(__INTEL__))) # define CRYPTOPP_BIG_ENDIAN 1 #endif // define this if running on a little-endian CPU -// big endian will be assumed if CRYPTOPP_LITTLE_ENDIAN is not defined +// big endian will be assumed if CRYPTOPP_LITTLE_ENDIAN is not non-0 #if !defined(CRYPTOPP_BIG_ENDIAN) && !defined(CRYPTOPP_LITTLE_ENDIAN) # define CRYPTOPP_LITTLE_ENDIAN 1 #endif // Sanity checks. Some processors have more than big, little and bi-endian modes. PDP mode, where order results in "4312", should // raise red flags immediately. Additionally, mis-classified machines, like (previosuly) S/390, should raise red flags immediately. -#if defined(CRYPTOPP_BIG_ENDIAN) && defined(__GNUC__) && defined(__BYTE_ORDER__) && (__BYTE_ORDER__ != __ORDER_BIG_ENDIAN__) -# error "CRYPTOPP_BIG_ENDIAN is set, but __BYTE_ORDER__ is not __ORDER_BIG_ENDIAN__" +#if (CRYPTOPP_BIG_ENDIAN) && defined(__GNUC__) && defined(__BYTE_ORDER__) && (__BYTE_ORDER__ != __ORDER_BIG_ENDIAN__) +# error "(CRYPTOPP_BIG_ENDIAN) is set, but __BYTE_ORDER__ is not __ORDER_BIG_ENDIAN__" #endif -#if defined(CRYPTOPP_LITTLE_ENDIAN) && defined(__GNUC__) && defined(__BYTE_ORDER__) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__) -# error "CRYPTOPP_LITTLE_ENDIAN is set, but __BYTE_ORDER__ is not __ORDER_LITTLE_ENDIAN__" +#if (CRYPTOPP_LITTLE_ENDIAN) && defined(__GNUC__) && defined(__BYTE_ORDER__) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__) +# error "(CRYPTOPP_LITTLE_ENDIAN) is set, but __BYTE_ORDER__ is not __ORDER_LITTLE_ENDIAN__" #endif // Define this if you want to disable all OS-dependent features, @@ -56,11 +57,17 @@ // Define this to disable ASM, intrinsics and built-ins. The library will be // compiled using C++ only. The library code will not include SSE2 (and -// above), NEON, Aarch32, Aarch64, Power4, Power7 or Power8. Note the compiler +// above), NEON, Aarch32, Aarch64, or Altivec (and above). Note the compiler // may use higher ISAs depending on compiler options, but the library will not -// explictly use the ISAs. +// explictly use the ISAs. When disabling ASM, it is best to do it from +// config.h to ensure the library and all programs share the setting. // #define CRYPTOPP_DISABLE_ASM 1 +// https://github.com/weidai11/cryptopp/issues/719 +#if defined(__native_client__) +# define CRYPTOPP_DISABLE_ASM 1 +#endif + // Define CRYPTOPP_NO_CXX11 to avoid C++11 related features shown at the // end of this file. Some compilers and standard C++ headers advertise C++11 // but they are really just C++03 with some additional C++11 headers and @@ -75,8 +82,8 @@ // this file. At the moment it should only affect std::uncaught_exceptions. // #define CRYPTOPP_NO_CXX17 1 -// Define this to allow unaligned data access. If you experience a break with -// GCC at -O3, you should immediately suspect unaligned data accesses. +// CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is no longer honored. It +// was removed at https://github.com/weidai11/cryptopp/issues/682 // #define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS 1 // ***************** Less Important Settings *************** @@ -85,15 +92,26 @@ // the version of the library the headers came from. It is not // necessarily the version of the library built as a shared object if // versions are inadvertently mixed and matched. -#define CRYPTOPP_VERSION 700 +#define CRYPTOPP_VERSION 800 // Define this if you want to set a prefix for TestData/ and TestVectors/ -// Be mindful of the trailing slash since its simple concatenation. -// g++ ... -DCRYPTOPP_DATA_DIR='"/tmp/cryptopp_test/share/"' +// Be sure to add the trailing slash since its simple concatenation. +// After https://github.com/weidai11/cryptopp/issues/760 the library +// should find the test vectors and data without much effort. It +// will search in "./" and "$ORIGIN/../share/cryptopp" automatically. #ifndef CRYPTOPP_DATA_DIR # define CRYPTOPP_DATA_DIR "" #endif +// Define this to disable the test suite from searching for test +// vectors and data in "./" and "$ORIGIN/../share/cryptopp". The +// library will still search in CRYPTOPP_DATA_DIR, regardless. +// Some distros may want to disable this feature. Also see +// https://github.com/weidai11/cryptopp/issues/760 +// #ifndef CRYPTOPP_DISABLE_DATA_DIR_SEARCH +// # define CRYPTOPP_DISABLE_DATA_DIR_SEARCH +// #endif + // Define this if you want or need the library's memcpy_s and memmove_s. // See http://github.com/weidai11/cryptopp/issues/28. // #if !defined(CRYPTOPP_WANT_SECURE_LIB) @@ -142,15 +160,6 @@ // see http://github.com/weidai11/cryptopp/issues/389. // #define CRYPTOPP_NO_ASSIGN_TO_INTEGER -// choose which style of sockets to wrap (mostly useful for MinGW which has both) -#if !defined(NO_BERKELEY_STYLE_SOCKETS) && !defined(PREFER_BERKELEY_STYLE_SOCKETS) -# define PREFER_BERKELEY_STYLE_SOCKETS -#endif - -// #if !defined(NO_WINDOWS_STYLE_SOCKETS) && !defined(PREFER_WINDOWS_STYLE_SOCKETS) -// # define PREFER_WINDOWS_STYLE_SOCKETS -// #endif - // set the name of Rijndael cipher, was "Rijndael" before version 5.3 #define CRYPTOPP_RIJNDAEL_NAME "AES" @@ -181,6 +190,7 @@ ///
    ///
  • Name - namespace for names used with \p NameValuePairs and documented in argnames.h ///
  • NaCl - namespace for NaCl library functions like crypto_box, crypto_box_open, crypto_sign, and crypto_sign_open +///
  • Donna - namespace for curve25519 library operations. The name was selected due to use of Adam Langley's curve25519-donna. ///
  • Test - namespace for testing and benchmarks classes ///
  • Weak - namespace for weak and wounded algorithms, like ARC4, MD5 and Pananma ///
@@ -207,22 +217,6 @@ namespace CryptoPP { } #define DOCUMENTED_NAMESPACE_BEGIN(x) namespace x { #define DOCUMENTED_NAMESPACE_END } -// What is the type of the third parameter to bind? -// For Unix, the new standard is ::socklen_t (typically unsigned int), and the old standard is int. -// Unfortunately there is no way to tell whether or not socklen_t is defined. -// To work around this, TYPE_OF_SOCKLEN_T is a macro so that you can change it from the makefile. -#ifndef TYPE_OF_SOCKLEN_T -# if defined(_WIN32) || defined(__CYGWIN__) -# define TYPE_OF_SOCKLEN_T int -# else -# define TYPE_OF_SOCKLEN_T ::socklen_t -# endif -#endif - -#if defined(__CYGWIN__) && defined(PREFER_WINDOWS_STYLE_SOCKETS) -# define __USE_W32_SOCKETS -#endif - // Originally in global namespace to avoid ambiguity with other byte typedefs. // Moved to Crypto++ namespace due to C++17, std::byte and potential compile problems. Also see // http://www.cryptopp.com/wiki/std::byte and http://github.com/weidai11/cryptopp/issues/442 @@ -263,9 +257,13 @@ typedef signed int sword32; typedef word64 lword; const lword LWORD_MAX = W64LIT(0xffffffffffffffff); -// Clang pretends to be VC++, too. -// See http://github.com/weidai11/cryptopp/issues/147 -#if defined(_MSC_VER) && defined(__clang__) +// It is OK to remove the hard stop below, but you are on your own. +// After building the library be sure to run self tests described +// https://www.cryptopp.com/wiki/Release_Process#Self_Tests +// Some relevant bug reports can be found at: +// * Clang: http://github.com/weidai11/cryptopp/issues/147 +// * Native Client: https://github.com/weidai11/cryptopp/issues/719 +#if (defined(_MSC_VER) && defined(__clang__)) # error: "Unsupported configuration" #endif @@ -280,10 +278,8 @@ const lword LWORD_MAX = W64LIT(0xffffffffffffffff); // Apple and LLVM's Clang. Apple Clang version 7.0 roughly equals LLVM Clang version 3.7 #if defined(__clang__) && defined(__apple_build_version__) #define CRYPTOPP_APPLE_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__) - #define CRYPTOPP_CLANG_INTEGRATED_ASSEMBLER 1 #elif defined(__clang__) #define CRYPTOPP_LLVM_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__) - #define CRYPTOPP_CLANG_INTEGRATED_ASSEMBLER 1 #endif #ifdef _MSC_VER @@ -295,13 +291,11 @@ const lword LWORD_MAX = W64LIT(0xffffffffffffffff); #define CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE 1 #endif -// Clang due to "Inline assembly operands don't work with .intel_syntax", http://llvm.org/bugs/show_bug.cgi?id=24232. Still broke as of Clang 3.9. -// TODO: supply the upper version when LLVM fixes it. We set it to 20.0 for compilation purposes. -#if (defined(CRYPTOPP_LLVM_CLANG_VERSION) && (CRYPTOPP_LLVM_CLANG_VERSION <= 200000)) || \ - (defined(CRYPTOPP_APPLE_CLANG_VERSION) && (CRYPTOPP_APPLE_CLANG_VERSION <= 200000)) || \ - defined(CRYPTOPP_CLANG_INTEGRATED_ASSEMBLER) - #define CRYPTOPP_DISABLE_INTEL_ASM 1 -#endif +// Some Clang cannot handle mixed asm with positional arguments, where the +// body is Intel style with no prefix and the templates are AT&T style. +// Define this is the Makefile misdetects the configuration. +// Also see https://bugs.llvm.org/show_bug.cgi?id=39895 . +// #define CRYPTOPP_DISABLE_MIXED_ASM 1 // define hword, word, and dword. these are used for multiprecision integer arithmetic // Intel compiler won't have _umul128 until version 10.0. See http://softwarecommunity.intel.com/isn/Community/en-US/forums/thread/30231625.aspx @@ -354,10 +348,16 @@ NAMESPACE_END #endif #endif +// Sun Studio Express 3 (December 2006) provides GCC-style attributes. +// IBM XL C/C++ alignment modifier per Optimization Guide, pp. 19-20. +// __IBM_ATTRIBUTES per XLC 12.1 AIX Compiler Manual, p. 473. +// CRYPTOPP_ALIGN_DATA may not be reliable on AIX. #ifndef CRYPTOPP_ALIGN_DATA #if defined(_MSC_VER) #define CRYPTOPP_ALIGN_DATA(x) __declspec(align(x)) - #elif defined(__GNUC__) + #elif defined(__GNUC__) || (__SUNPRO_CC >= 0x5100) + #define CRYPTOPP_ALIGN_DATA(x) __attribute__((aligned(x))) + #elif defined(__xlc__) || defined(__xlC__) #define CRYPTOPP_ALIGN_DATA(x) __attribute__((aligned(x))) #else #define CRYPTOPP_ALIGN_DATA(x) @@ -369,6 +369,8 @@ NAMESPACE_END #define CRYPTOPP_SECTION_INIT __attribute__((section ("__DATA,__data"))) #elif (defined(__ELF__) && (CRYPTOPP_GCC_VERSION >= 40300)) #define CRYPTOPP_SECTION_INIT __attribute__((section ("nocommon"))) +#elif defined(__ELF__) && (defined(__xlC__) || defined(__ibmxl__)) + #define CRYPTOPP_SECTION_INIT __attribute__((section ("nocommon"))) #else #define CRYPTOPP_SECTION_INIT #endif @@ -387,16 +389,8 @@ NAMESPACE_END #ifdef _MSC_VER // 4127: conditional expression is constant - // 4231: nonstandard extension used : 'extern' before template explicit instantiation - // 4250: dominance - // 4251: member needs to have dll-interface - // 4275: base needs to have dll-interface - // 4505: unreferenced local function // 4512: assignment operator not generated - // 4660: explicitly instantiating a class that's already implicitly instantiated // 4661: no suitable definition provided for explicit template instantiation request - // 4786: identifier was truncated in debug information - // 4355: 'this' : used in base member initializer list // 4910: '__declspec(dllexport)' and 'extern' are incompatible on an explicit instantiation # pragma warning(disable: 4127 4512 4661 4910) // Security related, possible defects @@ -428,9 +422,11 @@ NAMESPACE_END // ***************** Platform and CPU features ******************** -// Linux provides X32, which is 32-bit integers, longs and pointers on x86_64 using the full x86_64 register set. -// Detect via __ILP32__ (http://wiki.debian.org/X32Port). However, __ILP32__ shows up in more places than -// the System V ABI specs calls out, like on some Solaris installations and just about any 32-bit system with Clang. +// Linux provides X32, which is 32-bit integers, longs and pointers on x86_64 +// using the full x86_64 register set. Detect via __ILP32__ +// (http://wiki.debian.org/X32Port). However, __ILP32__ shows up in more places +// than the System V ABI specs calls out, like on some Solaris installations +// and just about any 32-bit system with Clang. #if (defined(__ILP32__) || defined(_ILP32)) && defined(__x86_64__) #define CRYPTOPP_BOOL_X32 1 #endif @@ -444,28 +440,34 @@ NAMESPACE_END #define CRYPTOPP_BOOL_X64 1 #endif -// Undo the ASM and Intrinsic related defines due to X32. +// Undo the ASM related defines due to X32. #if CRYPTOPP_BOOL_X32 # undef CRYPTOPP_BOOL_X64 # undef CRYPTOPP_X64_ASM_AVAILABLE # undef CRYPTOPP_X64_MASM_AVAILABLE #endif -// Microsoft plans to support ARM-64, but its not clear how to detect it. -// TODO: Add MSC_VER and ARM-64 platform define when available -#if defined(__arm64__) || defined(__aarch64__) || defined(_M_ARM64) - #define CRYPTOPP_BOOL_ARM64 1 -#elif defined(__arm__) || defined(__aarch32__) || defined(_M_ARM) +// Microsoft added ARM64 define December 2017. +#if defined(__arm64__) || defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64) + #define CRYPTOPP_BOOL_ARMV8 1 +#elif defined(__arm__) || defined(_M_ARM) #define CRYPTOPP_BOOL_ARM32 1 #endif // AltiVec and Power8 crypto -#if defined(__powerpc64__) || defined(_ARCH_PPC64) +#if defined(__ppc64__) || defined(__powerpc64__) || defined(_ARCH_PPC64) #define CRYPTOPP_BOOL_PPC64 1 #elif defined(__powerpc__) || defined(_ARCH_PPC) #define CRYPTOPP_BOOL_PPC32 1 #endif +// And MIPS. TODO: finish these defines +#if defined(__mips64__) + #define CRYPTOPP_BOOL_MIPS64 1 +#elif defined(__mips__) + #define CRYPTOPP_BOOL_MIPS32 1 +#endif + #if defined(_MSC_VER) || defined(__BORLANDC__) # define CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY 1 #else @@ -478,13 +480,13 @@ NAMESPACE_END // Apple Clang prior to 5.0 cannot handle SSE2 #if defined(CRYPTOPP_APPLE_CLANG_VERSION) && (CRYPTOPP_APPLE_CLANG_VERSION < 50000) -# define CRYPTOPP_DISABLE_ASM +# define CRYPTOPP_DISABLE_ASM 1 #endif -// Sun Studio 12 provides GCC inline assembly, http://blogs.oracle.com/x86be/entry/gcc_style_asm_inlining_support -// We can enable SSE2 for Sun Studio in the makefile with -D__SSE2__, but users may not compile with it. -#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(__SSE2__) && defined(__x86_64__) && (__SUNPRO_CC >= 0x5100) -# define __SSE2__ 1 +// Sun Studio 12.1 provides GCC inline assembly +// http://blogs.oracle.com/x86be/entry/gcc_style_asm_inlining_support +#if !defined(CRYPTOPP_DISABLE_ASM) && defined(__SUNPRO_CC) && (__SUNPRO_CC < 0x5100) +# define CRYPTOPP_DISABLE_ASM 1 #endif #if !defined(CRYPTOPP_DISABLE_ASM) && ((defined(_MSC_VER) && defined(_M_IX86)) || (defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)))) @@ -495,7 +497,7 @@ NAMESPACE_END #define CRYPTOPP_SSE2_ASM_AVAILABLE 1 #endif - #if !defined(CRYPTOPP_DISABLE_SSSE3) && (_MSC_VER >= 1500 || defined(__SSSE3__)) + #if !defined(CRYPTOPP_DISABLE_SSSE3) && (_MSC_VER >= 1500 || CRYPTOPP_GCC_VERSION >= 40300 || defined(__SSSE3__)) #define CRYPTOPP_SSSE3_ASM_AVAILABLE 1 #endif #endif @@ -509,7 +511,7 @@ NAMESPACE_END #endif // 32-bit SunCC does not enable SSE2 by default. -#if !defined(CRYPTOPP_DISABLE_ASM) && (defined(_MSC_VER) || defined(__SSE2__)) +#if !defined(CRYPTOPP_DISABLE_ASM) && (defined(_MSC_VER) || CRYPTOPP_GCC_VERSION >= 30300 || defined(__SSE2__) || (__SUNPRO_CC >= 0x5100)) #define CRYPTOPP_SSE2_INTRIN_AVAILABLE 1 #endif @@ -538,9 +540,9 @@ NAMESPACE_END #define CRYPTOPP_SSE42_AVAILABLE 1 #endif -// Couple to CRYPTOPP_DISABLE_AES, but use CRYPTOPP_CLMUL_AVAILABLE so we can selectively +// Couple to CRYPTOPP_DISABLE_AESNI, but use CRYPTOPP_CLMUL_AVAILABLE so we can selectively // disable for misbehaving platofrms and compilers, like Solaris or some Clang. -#if defined(CRYPTOPP_DISABLE_AES) +#if defined(CRYPTOPP_DISABLE_AESNI) #define CRYPTOPP_DISABLE_CLMUL 1 #endif @@ -553,102 +555,216 @@ NAMESPACE_END #endif // Requires Sun Studio 12.3 (SunCC 0x5120) -#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_AES) && defined(CRYPTOPP_SSE42_AVAILABLE) && \ +#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_AESNI) && defined(CRYPTOPP_SSE42_AVAILABLE) && \ (defined(__AES__) || (_MSC_FULL_VER >= 150030729) || (__SUNPRO_CC >= 0x5120) || \ (CRYPTOPP_GCC_VERSION >= 40300) || (__INTEL_COMPILER >= 1110) || \ (CRYPTOPP_LLVM_CLANG_VERSION >= 30200) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40300)) #define CRYPTOPP_AESNI_AVAILABLE 1 #endif +// Requires Binutils 2.24 +#if !defined(CRYPTOPP_DISABLE_AVX) && defined(CRYPTOPP_SSE42_AVAILABLE) && \ + (defined(__AVX2__) || (CRYPTOPP_MSC_VERSION >= 1800) || (__SUNPRO_CC >= 0x5130) || \ + (CRYPTOPP_GCC_VERSION >= 40700) || (__INTEL_COMPILER >= 1400) || \ + (CRYPTOPP_LLVM_CLANG_VERSION >= 30100) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40600)) +#define CRYPTOPP_AVX_AVAILABLE 1 +#endif + +// Requires Binutils 2.24 +#if !defined(CRYPTOPP_DISABLE_AVX2) && defined(CRYPTOPP_AVX_AVAILABLE) && \ + (defined(__AVX2__) || (CRYPTOPP_MSC_VERSION >= 1800) || (__SUNPRO_CC >= 0x5130) || \ + (CRYPTOPP_GCC_VERSION >= 40700) || (__INTEL_COMPILER >= 1400) || \ + (CRYPTOPP_LLVM_CLANG_VERSION >= 30100) || (CRYPTOPP_APPLE_CLANG_VERSION >= 40600)) +#define CRYPTOPP_AVX2_AVAILABLE 1 +#endif + // Guessing at SHA for SunCC. Its not in Sun Studio 12.6. Also see // http://stackoverflow.com/questions/45872180/which-xarch-for-sha-extensions-on-solaris -#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_SHA) && defined(CRYPTOPP_SSE42_AVAILABLE) && \ +#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_SHANI) && defined(CRYPTOPP_SSE42_AVAILABLE) && \ (defined(__SHA__) || (CRYPTOPP_MSC_VERSION >= 1900) || (__SUNPRO_CC >= 0x5160) || \ (CRYPTOPP_GCC_VERSION >= 40900) || (__INTEL_COMPILER >= 1300) || \ (CRYPTOPP_LLVM_CLANG_VERSION >= 30400) || (CRYPTOPP_APPLE_CLANG_VERSION >= 50100)) #define CRYPTOPP_SHANI_AVAILABLE 1 #endif +// Fixup Android and SSE, Crypto. It may be enabled based on compiler version. +#if (defined(__ANDROID__) || defined(ANDROID)) +# if (CRYPTOPP_BOOL_X86) +# undef CRYPTOPP_SSE41_AVAILABLE +# undef CRYPTOPP_SSE42_AVAILABLE +# undef CRYPTOPP_CLMUL_AVAILABLE +# undef CRYPTOPP_AESNI_AVAILABLE +# undef CRYPTOPP_SHANI_AVAILABLE +# endif +# if (CRYPTOPP_BOOL_X64) +# undef CRYPTOPP_CLMUL_AVAILABLE +# undef CRYPTOPP_AESNI_AVAILABLE +# undef CRYPTOPP_SHANI_AVAILABLE +# endif +#endif + +// Fixup for SunCC 12.1-12.4. Bad code generation in AES_Encrypt and friends. +#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5130) +# undef CRYPTOPP_AESNI_AVAILABLE +#endif + +// Fixup for SunCC 12.1-12.6. Compiler crash on GCM_Reduce_CLMUL and friends. +// http://github.com/weidai11/cryptopp/issues/226 +#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5150) +# undef CRYPTOPP_CLMUL_AVAILABLE +#endif + #endif // X86, X32, X64 // ***************** ARM CPU features ******************** -#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64) +#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8) -// Requires ARMv7 and ACLE 1.0. Testing shows ARMv7 is really ARMv7a under most toolchains. -// Android still uses ARMv5 and ARMv6 so we have to be conservative when enabling NEON. +// We don't have an ARM big endian test rig. Disable +// ARM-BE ASM and instrinsics until we can test it. +#if (CRYPTOPP_BIG_ENDIAN) +# define CRYPTOPP_DISABLE_ASM 1 +#endif + +// Requires ARMv7 and ACLE 1.0. -march=armv7-a or above must be present +// Requires GCC 4.3, Clang 2.8 or Visual Studio 2012 +// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. #if !defined(CRYPTOPP_ARM_NEON_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) -# if defined(__ARM_NEON) || defined(__ARM_NEON_FP) || defined(__ARM_FEATURE_NEON) || \ - (__ARM_ARCH >= 7) || (CRYPTOPP_MSC_VERSION >= 1700) -# define CRYPTOPP_ARM_NEON_AVAILABLE 1 -# endif +# if defined(__arm__) || defined(__ARM_NEON) || defined(__ARM_FEATURE_NEON) || defined(_M_ARM) +# if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800) || \ + (CRYPTOPP_MSC_VERSION >= 1700) +# define CRYPTOPP_ARM_NEON_AVAILABLE 1 +# endif // Compilers +# endif // Platforms #endif -// ARMv8 and ASIMD, which is NEON. It is part of ARMv8 core. -// TODO: Add MSC_VER and ARM-64 platform define when available +// ARMv8 and ASIMD. -march=armv8-a or above must be present +// Requires GCC 4.8, Clang 3.3 or Visual Studio 2017 +// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. #if !defined(CRYPTOPP_ARM_ASIMD_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) -# if defined(__aarch32__) || defined(__aarch64__) || (CRYPTOPP_MSC_VERSION >= 1910) -# define CRYPTOPP_ARM_ASIMD_AVAILABLE 1 -# endif +# if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64) +# if defined(__ARM_NEON) || defined(__ARM_FEATURE_NEON) || defined(__ARM_FEATURE_ASIMD) || \ + (CRYPTOPP_GCC_VERSION >= 40800) || (CRYPTOPP_CLANG_VERSION >= 30300) || \ + (CRYPTOPP_MSC_VERSION >= 1910) +# define CRYPTOPP_ARM_NEON_AVAILABLE 1 +# define CRYPTOPP_ARM_ASIMD_AVAILABLE 1 +# endif // Compilers +# endif // Platforms #endif -// Requires ARMv8 and ACLE 2.0. GCC requires 4.8 and above. -// LLVM Clang requires 3.5. Apple Clang is unknown at the moment. -// Microsoft plans to support ARM-64, but its not clear how to detect it. -// TODO: Add Android ARMv8 support for CRC32 -// TODO: Add MSC_VER and ARM-64 platform define when available -#if !defined(CRYPTOPP_ARM_CRC32_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) && !defined(__apple_build_version__) && !defined(__ANDROID__) -# if (defined(__ARM_FEATURE_CRC32) || (CRYPTOPP_MSC_VERSION >= 1910) || \ - defined(__aarch32__) || defined(__aarch64__)) -# define CRYPTOPP_ARM_CRC32_AVAILABLE 1 -# endif +// ARMv8 and ASIMD. -march=armv8-a+crc or above must be present +// Requires GCC 4.8, Clang 3.3 or Visual Studio 2017 +// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. +#if !defined(CRYPTOPP_ARM_CRC32_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) +# if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64) +# if defined(__ARM_FEATURE_CRC32) || (CRYPTOPP_GCC_VERSION >= 40800) || \ + (CRYPTOPP_CLANG_VERSION >= 30300) || (CRYPTOPP_MSC_VERSION >= 1910) +# define CRYPTOPP_ARM_CRC32_AVAILABLE 1 +# endif // Compilers +# endif // Platforms #endif -// Requires ARMv8 and ACLE 2.0. GCC requires 4.8 and above. -// LLVM Clang requires 3.5. Apple Clang is unknown at the moment. -// Microsoft plans to support ARM-64, but its not clear how to detect it. -// TODO: Add Android ARMv8 support for PMULL -// TODO: Add MSC_VER and ARM-64 platform define when available -#if !defined(CRYPTOPP_ARM_PMULL_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) && !defined(__apple_build_version__) && !defined(__ANDROID__) -# if defined(__ARM_FEATURE_CRYPTO) || (CRYPTOPP_MSC_VERSION >= 1910) || \ - defined(__aarch32__) || defined(__aarch64__) -# define CRYPTOPP_ARM_PMULL_AVAILABLE 1 -# endif +// ARMv8 and ASIMD. -march=armv8-a+crypto or above must be present +// Requires GCC 4.8, Clang 3.3 or Visual Studio 2017 +// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. +#if !defined(CRYPTOPP_ARM_PMULL_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) +# if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64) +# if defined(__ARM_FEATURE_CRYPTO) || (CRYPTOPP_GCC_VERSION >= 40800) || \ + (CRYPTOPP_CLANG_VERSION >= 30300) || (CRYPTOPP_MSC_VERSION >= 1910) +# define CRYPTOPP_ARM_PMULL_AVAILABLE 1 +# endif // Compilers +# endif // Platforms #endif -// Requires ARMv8 and ACLE 2.0. GCC requires 4.8 and above. -// LLVM Clang requires 3.5. Apple Clang is unknown at the moment. -// Microsoft plans to support ARM-64, but its not clear how to detect it. -// TODO: Add Android ARMv8 support for AES and SHA -// TODO: Add MSC_VER and ARM-64 platform define when available -#if !defined(CRYPTOPP_ARM_AES_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) && !defined(__ANDROID__) -# if defined(__ARM_FEATURE_CRYPTO) || (CRYPTOPP_MSC_VERSION >= 1910) || \ - defined(__aarch32__) || defined(__aarch64__) -# define CRYPTOPP_ARM_AES_AVAILABLE 1 -# endif +// ARMv8 and AES. -march=armv8-a+crypto or above must be present +// Requires GCC 4.8, Clang 3.3 or Visual Studio 2017 +// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. +#if !defined(CRYPTOPP_ARM_AES_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) +# if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64) +# if defined(__ARM_FEATURE_CRYPTO) || (CRYPTOPP_GCC_VERSION >= 40800) || \ + (CRYPTOPP_CLANG_VERSION >= 30300) || (CRYPTOPP_MSC_VERSION >= 1910) +# define CRYPTOPP_ARM_AES_AVAILABLE 1 +# endif // Compilers +# endif // Platforms #endif -// Requires ARMv8 and ACLE 2.0. GCC requires 4.8 and above. -// LLVM Clang requires 3.5. Apple Clang is unknown at the moment. -// Microsoft plans to support ARM-64, but its not clear how to detect it. -// TODO: Add Android ARMv8 support for AES and SHA -// TODO: Add MSC_VER and ARM-64 platform define when available -#if !defined(CRYPTOPP_ARM_SHA_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) && !defined(__ANDROID__) -# if defined(__ARM_FEATURE_CRYPTO) || (CRYPTOPP_MSC_VERSION >= 1910) || \ - defined(__aarch32__) || defined(__aarch64__) -# define CRYPTOPP_ARM_SHA_AVAILABLE 1 -# endif +// ARMv8 and SHA-1, SHA-256. -march=armv8-a+crypto or above must be present +// Requires GCC 4.8, Clang 3.3 or Visual Studio 2017 +// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. +#if !defined(CRYPTOPP_ARM_SHA_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) +# if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64) +# if defined(__ARM_FEATURE_CRYPTO) || (CRYPTOPP_GCC_VERSION >= 40800) || \ + (CRYPTOPP_CLANG_VERSION >= 30300) || (CRYPTOPP_MSC_VERSION >= 1910) +# define CRYPTOPP_ARM_SHA1_AVAILABLE 1 +# define CRYPTOPP_ARM_SHA2_AVAILABLE 1 +# endif // Compilers +# endif // Platforms +#endif + +// ARMv8 and SHA-512, SHA-3. -march=armv8.4-a+crypto or above must be present +// Requires GCC 8.0, Clang 6.0 or Visual Studio 2021??? +// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. +#if !defined(CRYPTOPP_ARM_SHA_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) +# if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64) +# if defined(__ARM_FEATURE_SHA3) || (CRYPTOPP_GCC_VERSION >= 80000) || \ + (CRYPTOPP_MSC_VERSION >= 2100) +# define CRYPTOPP_ARM_SHA512_AVAILABLE 1 +# define CRYPTOPP_ARM_SHA3_AVAILABLE 1 +# endif // Compilers +# endif // Platforms +#endif + +// ARMv8 and SM3, SM4. -march=armv8.4-a+crypto or above must be present +// Requires GCC 8.0, Clang 6.0 or Visual Studio 2021??? +// Do not use APPLE_CLANG_VERSION; use __ARM_FEATURE_XXX instead. +#if !defined(CRYPTOPP_ARM_SM3_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) +# if defined(__aarch32__) || defined(__aarch64__) || defined(_M_ARM64) +# if defined(__ARM_FEATURE_SM3) || (CRYPTOPP_GCC_VERSION >= 80000) || \ + (CRYPTOPP_MSC_VERSION >= 2100) +# define CRYPTOPP_ARM_SM3_AVAILABLE 1 +# define CRYPTOPP_ARM_SM4_AVAILABLE 1 +# endif // Compilers +# endif // Platforms #endif // Limit the include. -#if defined(__aarch32__) || defined(__aarch64__) || (__ARM_ARCH >= 8) || defined(__ARM_ACLE) -# define CRYPTOPP_ARM_ACLE_AVAILABLE 1 +#if !defined(CRYPTOPP_ARM_ACLE_AVAILABLE) +# if defined(__aarch32__) || defined(__aarch64__) || (__ARM_ARCH >= 8) || defined(__ARM_ACLE) +# if !defined(__ANDROID__) && !defined(ANDROID) && !defined(__APPLE__) +# define CRYPTOPP_ARM_ACLE_AVAILABLE 1 +# endif +# endif #endif -// Man, this is borked. Apple Clang defines __ARM_ACLE but then fails -// to compile with "fatal error: 'arm_acle.h' file not found" -#if defined(__ANDROID__) || defined(ANDROID) || defined(__APPLE__) -# undef CRYPTOPP_ARM_ACLE_AVAILABLE +// Fixup Apple Clang and PMULL. Apple defines __ARM_FEATURE_CRYPTO for Xcode 6 +// but does not provide PMULL. TODO: determine when PMULL is available. +#if defined(CRYPTOPP_APPLE_CLANG_VERSION) && (CRYPTOPP_APPLE_CLANG_VERSION < 70000) +# undef CRYPTOPP_ARM_PMULL_AVAILABLE +#endif + +// Fixup Android and CRC32. It may be enabled based on compiler version. +#if (defined(__ANDROID__) || defined(ANDROID)) && !defined(__ARM_FEATURE_CRC32) +# undef CRYPTOPP_ARM_CRC32_AVAILABLE +#endif + +// Fixup Android and Crypto. It may be enabled based on compiler version. +#if (defined(__ANDROID__) || defined(ANDROID)) && !defined(__ARM_FEATURE_CRYPTO) +# undef CRYPTOPP_ARM_PMULL_AVAILABLE +# undef CRYPTOPP_ARM_AES_AVAILABLE +# undef CRYPTOPP_ARM_SHA1_AVAILABLE +# undef CRYPTOPP_ARM_SHA2_AVAILABLE +#endif + +// Cryptogams offers an ARM asm AES implementation. Crypto++ does +// not provide an asm implementation. The Cryptogams implementation +// is about 2x faster than C/C++. Define this to use the Cryptogams +// AES implementation on GNU Linux systems. When defined, Crypto++ +// will use aes_armv4.S. LLVM miscompiles aes_armv4.S so disable +// under Clang. See https://bugs.llvm.org/show_bug.cgi?id=38133. +#if !defined(CRYPTOPP_DISABLE_ASM) && defined(__arm__) +# if defined(__GNUC__) && !defined(__clang__) +# define CRYPTOGAMS_ARM_AES 1 +# endif #endif #endif // ARM32, ARM64 @@ -661,49 +777,57 @@ NAMESPACE_END # undef CRYPTOPP_DISABLE_ALTIVEC # undef CRYPTOPP_DISABLE_POWER7 # undef CRYPTOPP_DISABLE_POWER8 +# undef CRYPTOPP_DISABLE_POWER9 # define CRYPTOPP_DISABLE_ALTIVEC 1 # define CRYPTOPP_DISABLE_POWER7 1 # define CRYPTOPP_DISABLE_POWER8 1 +# define CRYPTOPP_DISABLE_POWER9 1 #endif // An old Apple G5 with GCC 4.01 has AltiVec, but its only Power4 or so. #if !defined(CRYPTOPP_ALTIVEC_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ALTIVEC) # if defined(_ARCH_PWR4) || defined(__ALTIVEC__) || \ - (CRYPTOPP_XLC_VERSION >= 100000) || (CRYPTOPP_GCC_VERSION >= 40001) + (CRYPTOPP_XLC_VERSION >= 100000) || (CRYPTOPP_GCC_VERSION >= 40001) || \ + (CRYPTOPP_CLANG_VERSION >= 20900) # define CRYPTOPP_ALTIVEC_AVAILABLE 1 # endif #endif -// We need Power5 for 'vector unsigned long long' -#if !defined(CRYPTOPP_POWER5_AVAILABLE) && !defined(CRYPTOPP_DISABLE_POWER5) && defined(CRYPTOPP_ALTIVEC_AVAILABLE) -# if defined(_ARCH_PWR5) || (CRYPTOPP_XLC_VERSION >= 100000) || (CRYPTOPP_GCC_VERSION >= 40100) -# define CRYPTOPP_POWER5_AVAILABLE 1 -# endif -#endif - // We need Power7 for unaligned loads and stores #if !defined(CRYPTOPP_POWER7_AVAILABLE) && !defined(CRYPTOPP_DISABLE_POWER7) && defined(CRYPTOPP_ALTIVEC_AVAILABLE) -# if defined(_ARCH_PWR7) || (CRYPTOPP_XLC_VERSION >= 100000) || (CRYPTOPP_GCC_VERSION >= 40100) +# if defined(_ARCH_PWR7) || (CRYPTOPP_XLC_VERSION >= 100000) || \ + (CRYPTOPP_GCC_VERSION >= 40100) || (CRYPTOPP_CLANG_VERSION >= 30100) # define CRYPTOPP_POWER7_AVAILABLE 1 # endif #endif -// We need Power8 for in-core crypto +// We need Power8 for in-core crypto and 64-bit vector types #if !defined(CRYPTOPP_POWER8_AVAILABLE) && !defined(CRYPTOPP_DISABLE_POWER8) && defined(CRYPTOPP_POWER7_AVAILABLE) -# if defined(_ARCH_PWR8) || (CRYPTOPP_XLC_VERSION >= 130000) || (CRYPTOPP_GCC_VERSION >= 40800) +# if defined(_ARCH_PWR8) || (CRYPTOPP_XLC_VERSION >= 130000) || \ + (CRYPTOPP_GCC_VERSION >= 40800) || (CRYPTOPP_CLANG_VERSION >= 70000) # define CRYPTOPP_POWER8_AVAILABLE 1 # endif #endif -#if !defined(CRYPTOPP_POWER8_AES_AVAILABLE) && !defined(CRYPTOPP_DISABLE_POWER8_AES) && defined(CRYPTOPP_POWER8_AVAILABLE) -# if defined(__CRYPTO__) || defined(_ARCH_PWR8) || (CRYPTOPP_XLC_VERSION >= 130000) || (CRYPTOPP_GCC_VERSION >= 40800) -# define CRYPTOPP_POWER8_AES_AVAILABLE 1 -# define CRYPTOPP_POWER8_SHA_AVAILABLE 1 -//# define CRYPTOPP_POWER8_CRC_AVAILABLE 1 +// Power9 for random numbers +#if !defined(CRYPTOPP_POWER9_AVAILABLE) && !defined(CRYPTOPP_DISABLE_POWER9) && defined(CRYPTOPP_POWER8_AVAILABLE) +# if defined(_ARCH_PWR9) || (CRYPTOPP_XLC_VERSION >= 130200) || \ + (CRYPTOPP_GCC_VERSION >= 70000) || (CRYPTOPP_CLANG_VERSION >= 80000) +# define CRYPTOPP_POWER9_AVAILABLE 1 # endif #endif -#endif // PPC, PPC64 +#if !defined(CRYPTOPP_POWER8_AES_AVAILABLE) && !defined(CRYPTOPP_DISABLE_POWER8_AES) && defined(CRYPTOPP_POWER8_AVAILABLE) +# if defined(__CRYPTO__) || defined(_ARCH_PWR8) || (CRYPTOPP_XLC_VERSION >= 130000) || \ + (CRYPTOPP_GCC_VERSION >= 40800) || (CRYPTOPP_CLANG_VERSION >= 70000) +//# define CRYPTOPP_POWER8_CRC_AVAILABLE 1 +# define CRYPTOPP_POWER8_AES_AVAILABLE 1 +# define CRYPTOPP_POWER8_VMULL_AVAILABLE 1 +# define CRYPTOPP_POWER8_SHA_AVAILABLE 1 +# endif +#endif + +#endif // PPC32, PPC64 // ***************** Miscellaneous ******************** @@ -732,7 +856,7 @@ NAMESPACE_END #if defined(_MSC_VER) # define CRYPTOPP_NOINLINE_DOTDOTDOT # define CRYPTOPP_NOINLINE __declspec(noinline) -#elif defined(__xlc__) || defined(__xlC__) +#elif defined(__xlc__) || defined(__xlC__) || defined(__ibmxl__) # define CRYPTOPP_NOINLINE_DOTDOTDOT ... # define CRYPTOPP_NOINLINE __attribute__((noinline)) #elif defined(__GNUC__) @@ -778,10 +902,8 @@ NAMESPACE_END // CRYPTOPP_USER_PRIORITY is for other libraries and user code that is using Crypto++ // and managing C++ static object creation. It is guaranteed not to conflict with // values used by (or would be used by) the Crypto++ library. -#if defined(CRYPTOPP_INIT_PRIORITY) && (CRYPTOPP_INIT_PRIORITY > 0) -# define CRYPTOPP_USER_PRIORITY (CRYPTOPP_INIT_PRIORITY + 101) -#else -# define CRYPTOPP_USER_PRIORITY 350 +#ifndef CRYPTOPP_USER_PRIORITY +# define CRYPTOPP_USER_PRIORITY (CRYPTOPP_INIT_PRIORITY+101) #endif // Most platforms allow us to specify when to create C++ objects. Apple and Sun do not. @@ -790,6 +912,8 @@ NAMESPACE_END # define HAVE_GCC_INIT_PRIORITY 1 # elif (CRYPTOPP_MSC_VERSION >= 1310) # define HAVE_MSC_INIT_PRIORITY 1 +# elif defined(__xlc__) || defined(__xlC__) || defined(__ibmxl__) +# define HAVE_XLC_INIT_PRIORITY 1 # endif #endif // CRYPTOPP_INIT_PRIORITY, NO_OS_DEPENDENCE, Apple, Sun @@ -823,46 +947,10 @@ NAMESPACE_END # endif #endif -#ifdef CRYPTOPP_UNIX_AVAILABLE -# define HAS_BERKELEY_STYLE_SOCKETS -# define SOCKETS_AVAILABLE -#endif - -// Sockets are only available under Windows Runtime desktop partition apps (despite the MSDN literature) -#ifdef CRYPTOPP_WIN32_AVAILABLE -# define HAS_WINDOWS_STYLE_SOCKETS -# if !defined(WINAPI_FAMILY) -# define SOCKETS_AVAILABLE -# elif defined(WINAPI_FAMILY) -# if (WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)) -# define SOCKETS_AVAILABLE -# endif -# endif -#endif - -#if defined(HAS_WINDOWS_STYLE_SOCKETS) && (!defined(HAS_BERKELEY_STYLE_SOCKETS) || defined(PREFER_WINDOWS_STYLE_SOCKETS)) -# define USE_WINDOWS_STYLE_SOCKETS -#else -# define USE_BERKELEY_STYLE_SOCKETS -#endif - -#if defined(CRYPTOPP_WIN32_AVAILABLE) && defined(SOCKETS_AVAILABLE) && !defined(USE_BERKELEY_STYLE_SOCKETS) -# define WINDOWS_PIPES_AVAILABLE -#endif - - #if defined(CRYPTOPP_UNIX_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING) # define NONBLOCKING_RNG_AVAILABLE # define BLOCKING_RNG_AVAILABLE # define OS_RNG_AVAILABLE -# define HAS_PTHREADS -# define THREADS_AVAILABLE -#endif - -// Early IBM XL C on AIX fails to link due to missing pthread gear -#if defined(_AIX) && defined(__xlC__) -# undef HAS_PTHREADS -# undef THREADS_AVAILABLE #endif // Cygwin/Newlib requires _XOPEN_SOURCE=600 @@ -872,14 +960,10 @@ NAMESPACE_END #ifdef CRYPTOPP_WIN32_AVAILABLE # if !defined(WINAPI_FAMILY) -# define HAS_WINTHREADS -# define THREADS_AVAILABLE # define NONBLOCKING_RNG_AVAILABLE # define OS_RNG_AVAILABLE # elif defined(WINAPI_FAMILY) # if (WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)) -# define HAS_WINTHREADS -# define THREADS_AVAILABLE # define NONBLOCKING_RNG_AVAILABLE # define OS_RNG_AVAILABLE # elif !(WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)) @@ -964,15 +1048,6 @@ NAMESPACE_END # define CRYPTOPP_DEPRECATED(msg) #endif -// ************** Instrumentation *************** - -// GCC does not support; see http://gcc.gnu.org/bugzilla/show_bug.cgi?id=78204 -#if (CRYPTOPP_LLVM_CLANG_VERSION >= 30700) || (CRYPTOPP_APPLE_CLANG_VERSION >= 70000) -# define CRYPTOPP_NO_SANITIZE(x) __attribute__((no_sanitize(x))) -#else -# define CRYPTOPP_NO_SANITIZE(x) -#endif - // ***************** C++11 related ******************** // Visual Studio began at VS2010, http://msdn.microsoft.com/en-us/library/hh567368%28v=vs.110%29.aspx @@ -1084,7 +1159,8 @@ NAMESPACE_END // nullptr_t: MS at VS2010 (16.00); GCC at 4.6; Clang at 3.3; Intel 10.0; SunCC 5.13. #if (CRYPTOPP_MSC_VERSION >= 1600) || __has_feature(cxx_nullptr) || \ - (__INTEL_COMPILER >= 1000) || (CRYPTOPP_GCC_VERSION >= 40600) || (__SUNPRO_CC >= 0x5130) + (__INTEL_COMPILER >= 1000) || (CRYPTOPP_GCC_VERSION >= 40600) || \ + (__SUNPRO_CC >= 0x5130) || defined(__IBMCPP_NULLPTR) # define CRYPTOPP_CXX11_NULLPTR 1 #endif // nullptr_t compilers @@ -1106,9 +1182,11 @@ NAMESPACE_END // Clang and __EXCEPTIONS see http://releases.llvm.org/3.6.0/tools/clang/docs/ReleaseNotes.html #if defined(__clang__) # if __EXCEPTIONS && __has_feature(cxx_exceptions) -# define CRYPTOPP_CXX17_EXCEPTIONS 1 +# if __cpp_lib_uncaught_exceptions +# define CRYPTOPP_CXX17_EXCEPTIONS 1 +# endif # endif -#elif (CRYPTOPP_MSC_VERSION >= 1900) || (__INTEL_COMPILER >= 1800) || (CRYPTOPP_GCC_VERSION >= 60000) +#elif (CRYPTOPP_MSC_VERSION >= 1900) || (__INTEL_COMPILER >= 1800) || (CRYPTOPP_GCC_VERSION >= 60000) || (__cpp_lib_uncaught_exceptions) # define CRYPTOPP_CXX17_EXCEPTIONS 1 #endif // uncaught_exceptions compilers diff --git a/vendor/cryptopp/vendor_cryptopp/cpu.cpp b/vendor/cryptopp/vendor_cryptopp/cpu.cpp index ef0ddf69..6fa3fef3 100644 --- a/vendor/cryptopp/vendor_cryptopp/cpu.cpp +++ b/vendor/cryptopp/vendor_cryptopp/cpu.cpp @@ -39,12 +39,14 @@ unsigned long int getauxval(unsigned long int) { return 0; } #endif -#if defined(__APPLE__) && (defined(__aarch64__) || defined(__POWERPC__)) +#if defined(__APPLE__) # include #endif -// The cpu-features header and source file are located in $ANDROID_NDK_ROOT/sources/android/cpufeatures -// setenv-android.sh will copy the header and source file into PWD and the makefile will build it in place. +// The cpu-features header and source file are located in +// "$ANDROID_NDK_ROOT/sources/android/cpufeatures". +// setenv-android.sh will copy the header and source file +// into PWD and the makefile will build it in place. #if defined(__ANDROID__) # include "cpu-features.h" #endif @@ -54,6 +56,65 @@ unsigned long int getauxval(unsigned long int) { return 0; } # include #endif +// Visual Studio 2008 and below is missing _xgetbv. See x64dll.asm for the body. +#if defined(_MSC_VER) && _MSC_VER <= 1500 && defined(_M_X64) +extern "C" unsigned long long __fastcall ExtendedControlRegister(unsigned int); +#endif + +ANONYMOUS_NAMESPACE_BEGIN + +#if defined(__APPLE__) +enum {PowerMac=1, Mac, iPhone, iPod, iPad, AppleTV, AppleWatch}; +void GetAppleMachineInfo(unsigned int& device, unsigned int& version) +{ + device = version = 0; + + struct utsname systemInfo; + systemInfo.machine[0] = '\0'; + uname(&systemInfo); + + std::string machine(systemInfo.machine); + if (machine.find("PowerMac") != std::string::npos || + machine.find("Power Macintosh") != std::string::npos) + device = PowerMac; + else if (machine.find("Mac") != std::string::npos || + machine.find("Macintosh") != std::string::npos) + device = Mac; + else if (machine.find("iPhone") != std::string::npos) + device = iPhone; + else if (machine.find("iPod") != std::string::npos) + device = iPod; + else if (machine.find("iPad") != std::string::npos) + device = iPad; + else if (machine.find("AppleTV") != std::string::npos) + device = AppleTV; + else if (machine.find("AppleWatch") != std::string::npos) + device = AppleWatch; + + std::string::size_type pos = machine.find_first_of("0123456789"); + if (pos != std::string::npos) + version = std::atoi(machine.substr(pos).c_str()); +} + +// http://stackoverflow.com/questions/45637888/how-to-determine-armv8-features-at-runtime-on-ios +bool IsAppleMachineARMv8(unsigned int device, unsigned int version) +{ + if ((device == iPhone && version >= 6) || + (device == iPad && version >= 4)) + { + return true; + } + return false; +} + +bool IsAppleMachineARMv84(unsigned int device, unsigned int version) +{ + return false; +} +#endif // __APPLE__ + +ANONYMOUS_NAMESPACE_END + NAMESPACE_BEGIN(CryptoPP) #ifndef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY @@ -187,6 +248,8 @@ bool CRYPTOPP_SECTION_INIT g_hasSSE2 = false; bool CRYPTOPP_SECTION_INIT g_hasSSSE3 = false; bool CRYPTOPP_SECTION_INIT g_hasSSE41 = false; bool CRYPTOPP_SECTION_INIT g_hasSSE42 = false; +bool CRYPTOPP_SECTION_INIT g_hasAVX = false; +bool CRYPTOPP_SECTION_INIT g_hasAVX2 = false; bool CRYPTOPP_SECTION_INIT g_hasAESNI = false; bool CRYPTOPP_SECTION_INIT g_hasCLMUL = false; bool CRYPTOPP_SECTION_INIT g_hasADX = false; @@ -217,6 +280,14 @@ static inline bool IsAMD(const word32 output[4]) (output[3] /*EDX*/ == 0x69746E65); } +static inline bool IsHygon(const word32 output[4]) +{ + // This is the "HygonGenuine" string. + return (output[1] /*EBX*/ == 0x6f677948) && + (output[2] /*ECX*/ == 0x656e6975) && + (output[3] /*EDX*/ == 0x6e65476e); +} + static inline bool IsVIA(const word32 output[4]) { // This is the "CentaurHauls" string. Some non-PadLock's can return "VIA VIA VIA " @@ -245,12 +316,65 @@ void DetectX86Features() g_hasAESNI = g_hasSSE2 && ((cpuid1[2] & (1<<25)) != 0); g_hasCLMUL = g_hasSSE2 && ((cpuid1[2] & (1<< 1)) != 0); + // AVX is similar to SSE, but check both bits 27 (SSE) and 28 (AVX). + // https://software.intel.com/en-us/blogs/2011/04/14/is-avx-enabled + CRYPTOPP_CONSTANT(YMM_FLAG = (3 << 1)) + CRYPTOPP_CONSTANT(AVX_FLAG = (3 << 27)) + if ((cpuid1[2] & AVX_FLAG) == AVX_FLAG) + { +// GCC 4.1/Binutils 2.17 cannot consume xgetbv +#if defined(__GNUC__) || (__SUNPRO_CC >= 0x5100) || defined(__BORLANDC__) + // https://gcc.gnu.org/bugzilla/show_bug.cgi?id=71659 and + // http://www.agner.org/optimize/vectorclass/read.php?i=65 + word32 a=0, d=0; + __asm __volatile + ( + // "xgetbv" : "=a"(a), "=d"(d) : "c"(0) : + ".byte 0x0f, 0x01, 0xd0" "\n\t" + : "=a"(a), "=d"(d) : "c"(0) : + ); + word64 xcr0 = a | static_cast(d) << 32; + g_hasAVX = (xcr0 & YMM_FLAG) == YMM_FLAG; + +// Visual Studio 2008 and below lack xgetbv +#elif defined(_MSC_VER) && _MSC_VER <= 1500 && defined(_M_IX86) + word32 a=0, d=0; + __asm { + push eax + push edx + push ecx + mov ecx, 0 + _emit 0x0f + _emit 0x01 + _emit 0xd0 + mov a, eax + mov d, edx + pop ecx + pop edx + pop eax + } + word64 xcr0 = a | static_cast(d) << 32; + g_hasAVX = (xcr0 & YMM_FLAG) == YMM_FLAG; + +// Visual Studio 2008 and below lack xgetbv +#elif defined(_MSC_VER) && _MSC_VER <= 1500 && defined(_M_X64) + word64 xcr0 = ExtendedControlRegister(0); + g_hasAVX = (xcr0 & YMM_FLAG) == YMM_FLAG; +#elif defined(__SUNPRO_CC) // fall into + g_hasAVX = false; +#else + word64 xcr0 = _xgetbv(0); + g_hasAVX = (xcr0 & YMM_FLAG) == YMM_FLAG; +#endif + } + if (IsIntel(cpuid0)) { CRYPTOPP_CONSTANT(RDRAND_FLAG = (1 << 30)) CRYPTOPP_CONSTANT(RDSEED_FLAG = (1 << 18)) CRYPTOPP_CONSTANT( ADX_FLAG = (1 << 19)) CRYPTOPP_CONSTANT( SHA_FLAG = (1 << 29)) + CRYPTOPP_CONSTANT( AVX2_FLAG = (1 << 5)) g_isP4 = ((cpuid1[0] >> 8) & 0xf) == 0xf; g_cacheLineSize = 8 * GETBYTE(cpuid1[1], 1); @@ -263,15 +387,17 @@ void DetectX86Features() g_hasRDSEED = (cpuid2[1] /*EBX*/ & RDSEED_FLAG) != 0; g_hasADX = (cpuid2[1] /*EBX*/ & ADX_FLAG) != 0; g_hasSHA = (cpuid2[1] /*EBX*/ & SHA_FLAG) != 0; + g_hasAVX2 = (cpuid2[1] /*EBX*/ & AVX2_FLAG) != 0; } } } - else if (IsAMD(cpuid0)) + else if (IsAMD(cpuid0) || IsHygon(cpuid0)) { CRYPTOPP_CONSTANT(RDRAND_FLAG = (1 << 30)) CRYPTOPP_CONSTANT(RDSEED_FLAG = (1 << 18)) CRYPTOPP_CONSTANT( ADX_FLAG = (1 << 19)) CRYPTOPP_CONSTANT( SHA_FLAG = (1 << 29)) + CRYPTOPP_CONSTANT( AVX2_FLAG = (1 << 5)) CpuId(0x80000005, 0, cpuid2); g_cacheLineSize = GETBYTE(cpuid2[2], 0); @@ -284,6 +410,7 @@ void DetectX86Features() g_hasRDSEED = (cpuid2[1] /*EBX*/ & RDSEED_FLAG) != 0; g_hasADX = (cpuid2[1] /*EBX*/ & ADX_FLAG) != 0; g_hasSHA = (cpuid2[1] /*EBX*/ & SHA_FLAG) != 0; + g_hasAVX2 = (cpuid2[1] /*EBX*/ & AVX2_FLAG) != 0; } } } @@ -300,11 +427,11 @@ void DetectX86Features() { // Extended features available CpuId(0xC0000001, 0, cpuid2); - g_hasPadlockRNG = (cpuid2[3] /*EDX*/ & RNG_FLAGS) != 0; - g_hasPadlockACE = (cpuid2[3] /*EDX*/ & ACE_FLAGS) != 0; - g_hasPadlockACE2 = (cpuid2[3] /*EDX*/ & ACE2_FLAGS) != 0; - g_hasPadlockPHE = (cpuid2[3] /*EDX*/ & PHE_FLAGS) != 0; - g_hasPadlockPMM = (cpuid2[3] /*EDX*/ & PMM_FLAGS) != 0; + g_hasPadlockRNG = (cpuid2[3] /*EDX*/ & RNG_FLAGS) == RNG_FLAGS; + g_hasPadlockACE = (cpuid2[3] /*EDX*/ & ACE_FLAGS) == ACE_FLAGS; + g_hasPadlockACE2 = (cpuid2[3] /*EDX*/ & ACE2_FLAGS) == ACE2_FLAGS; + g_hasPadlockPHE = (cpuid2[3] /*EDX*/ & PHE_FLAGS) == PHE_FLAGS; + g_hasPadlockPMM = (cpuid2[3] /*EDX*/ & PMM_FLAGS) == PMM_FLAGS; } } @@ -316,15 +443,20 @@ void DetectX86Features() // *************************** ARM-32, Aarch32 and Aarch64 *************************** -#elif (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64) +#elif (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8) bool CRYPTOPP_SECTION_INIT g_ArmDetectionDone = false; +bool CRYPTOPP_SECTION_INIT g_hasARMv7 = false; bool CRYPTOPP_SECTION_INIT g_hasNEON = false; bool CRYPTOPP_SECTION_INIT g_hasPMULL = false; bool CRYPTOPP_SECTION_INIT g_hasCRC32 = false; bool CRYPTOPP_SECTION_INIT g_hasAES = false; bool CRYPTOPP_SECTION_INIT g_hasSHA1 = false; bool CRYPTOPP_SECTION_INIT g_hasSHA2 = false; +bool CRYPTOPP_SECTION_INIT g_hasSHA512 = false; +bool CRYPTOPP_SECTION_INIT g_hasSHA3 = false; +bool CRYPTOPP_SECTION_INIT g_hasSM3 = false; +bool CRYPTOPP_SECTION_INIT g_hasSM4 = false; word32 CRYPTOPP_SECTION_INIT g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE; // ARM does not have an unprivliged equivalent to CPUID on IA-32. We have to jump through some @@ -340,13 +472,22 @@ word32 CRYPTOPP_SECTION_INIT g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE; // http://stackoverflow.com/a/11197770/608639 and // http://gist.github.com/erkanyildiz/390a480f27e86f8cd6ba +extern bool CPU_ProbeARMv7(); extern bool CPU_ProbeNEON(); extern bool CPU_ProbeCRC32(); extern bool CPU_ProbeAES(); extern bool CPU_ProbeSHA1(); extern bool CPU_ProbeSHA2(); +extern bool CPU_ProbeSHA512(); +extern bool CPU_ProbeSHA3(); +extern bool CPU_ProbeSM3(); +extern bool CPU_ProbeSM4(); extern bool CPU_ProbePMULL(); +// https://github.com/torvalds/linux/blob/master/arch/arm64/include/uapi/asm/hwcap.h +#ifndef HWCAP_ARMv7 +# define HWCAP_ARMv7 (1 << 29) +#endif #ifndef HWCAP_ASIMD # define HWCAP_ASIMD (1 << 1) #endif @@ -383,6 +524,37 @@ extern bool CPU_ProbePMULL(); #ifndef HWCAP2_SHA2 # define HWCAP2_SHA2 (1 << 3) #endif +#ifndef HWCAP_SHA3 +# define HWCAP_SHA3 (1 << 17) +#endif +#ifndef HWCAP_SM3 +# define HWCAP_SM3 (1 << 18) +#endif +#ifndef HWCAP_SM4 +# define HWCAP_SM4 (1 << 19) +#endif +#ifndef HWCAP_SHA512 +# define HWCAP_SHA512 (1 << 21) +#endif + +inline bool CPU_QueryARMv7() +{ +#if defined(__aarch32__) || defined(__aarch64__) + // ARMv7 or above + return true; +#elif defined(__ANDROID__) && defined(__arm__) + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM) != 0) && + ((android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_ARMv7) != 0)) + return true; +#elif defined(__linux__) && defined(__arm__) + if ((getauxval(AT_HWCAP) & HWCAP_ARMv7) != 0) + return true; +#elif defined(__APPLE__) && defined(__arm__) + // Apple hardware is ARMv7 or above. + return true; +#endif + return false; +} inline bool CPU_QueryNEON() { @@ -391,7 +563,7 @@ inline bool CPU_QueryNEON() ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_ASIMD) != 0)) return true; #elif defined(__ANDROID__) && defined(__arm__) - if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM) != 0) && + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM) != 0) && ((android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_NEON) != 0)) return true; #elif defined(__linux__) && defined(__aarch64__) @@ -417,7 +589,7 @@ inline bool CPU_QueryCRC32() ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_CRC32) != 0)) return true; #elif defined(__ANDROID__) && defined(__aarch32__) - if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM) != 0) && + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM) != 0) && ((android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_CRC32) != 0)) return true; #elif defined(__linux__) && defined(__aarch64__) @@ -436,7 +608,7 @@ inline bool CPU_QueryCRC32() inline bool CPU_QueryPMULL() { #if defined(__ANDROID__) && defined(__aarch64__) - if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM64) != 0) && + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM64) != 0) && ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_PMULL) != 0)) return true; #elif defined(__ANDROID__) && defined(__aarch32__) @@ -459,11 +631,11 @@ inline bool CPU_QueryPMULL() inline bool CPU_QueryAES() { #if defined(__ANDROID__) && defined(__aarch64__) - if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM64) != 0) && + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM64) != 0) && ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_AES) != 0)) return true; #elif defined(__ANDROID__) && defined(__aarch32__) - if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM) != 0) && + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM) != 0) && ((android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_AES) != 0)) return true; #elif defined(__linux__) && defined(__aarch64__) @@ -473,20 +645,9 @@ inline bool CPU_QueryAES() if ((getauxval(AT_HWCAP2) & HWCAP2_AES) != 0) return true; #elif defined(__APPLE__) && defined(__aarch64__) - // http://stackoverflow.com/questions/45637888/how-to-determine-armv8-features-at-runtime-on-ios - struct utsname systemInfo; - systemInfo.machine[0] = '\0'; - uname(&systemInfo); - - // The machine strings below are known ARM8 devices - std::string machine(systemInfo.machine); - if (machine.substr(0, 7) == "iPhone6" || machine.substr(0, 7) == "iPhone7" || - machine.substr(0, 7) == "iPhone8" || machine.substr(0, 7) == "iPhone9" || - machine.substr(0, 5) == "iPad4" || machine.substr(0, 5) == "iPad5" || - machine.substr(0, 5) == "iPad6" || machine.substr(0, 5) == "iPad7") - { - return true; - } + unsigned int device, version; + GetAppleMachineInfo(device, version); + return IsAppleMachineARMv8(device, version); #endif return false; } @@ -508,20 +669,9 @@ inline bool CPU_QuerySHA1() if ((getauxval(AT_HWCAP2) & HWCAP2_SHA1) != 0) return true; #elif defined(__APPLE__) && defined(__aarch64__) - // http://stackoverflow.com/questions/45637888/how-to-determine-armv8-features-at-runtime-on-ios - struct utsname systemInfo; - systemInfo.machine[0] = '\0'; - uname(&systemInfo); - - // The machine strings below are known ARM8 devices - std::string machine(systemInfo.machine); - if (machine.substr(0, 7) == "iPhone6" || machine.substr(0, 7) == "iPhone7" || - machine.substr(0, 7) == "iPhone8" || machine.substr(0, 7) == "iPhone9" || - machine.substr(0, 5) == "iPad4" || machine.substr(0, 5) == "iPad5" || - machine.substr(0, 5) == "iPad6" || machine.substr(0, 5) == "iPad7") - { - return true; - } + unsigned int device, version; + GetAppleMachineInfo(device, version); + return IsAppleMachineARMv8(device, version); #endif return false; } @@ -529,7 +679,7 @@ inline bool CPU_QuerySHA1() inline bool CPU_QuerySHA2() { #if defined(__ANDROID__) && defined(__aarch64__) - if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM64) != 0) && + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM64) != 0) && ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_SHA2) != 0)) return true; #elif defined(__ANDROID__) && defined(__aarch32__) @@ -543,20 +693,109 @@ inline bool CPU_QuerySHA2() if ((getauxval(AT_HWCAP2) & HWCAP2_SHA2) != 0) return true; #elif defined(__APPLE__) && defined(__aarch64__) - // http://stackoverflow.com/questions/45637888/how-to-determine-armv8-features-at-runtime-on-ios - struct utsname systemInfo; - systemInfo.machine[0] = '\0'; - uname(&systemInfo); + unsigned int device, version; + GetAppleMachineInfo(device, version); + return IsAppleMachineARMv8(device, version); +#endif + return false; +} - // The machine strings below are known ARM8 devices - std::string machine(systemInfo.machine); - if (machine.substr(0, 7) == "iPhone6" || machine.substr(0, 7) == "iPhone7" || - machine.substr(0, 7) == "iPhone8" || machine.substr(0, 7) == "iPhone9" || - machine.substr(0, 5) == "iPad4" || machine.substr(0, 5) == "iPad5" || - machine.substr(0, 5) == "iPad6" || machine.substr(0, 5) == "iPad7") - { +inline bool CPU_QuerySHA512() +{ +// Some ARMv8.4 features are disabled at the moment +#if defined(__ANDROID__) && defined(__aarch64__) && 0 + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM64) != 0) && + ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_SHA512) != 0)) return true; - } +#elif defined(__ANDROID__) && defined(__aarch32__) && 0 + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM) != 0) && + ((android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_SHA512) != 0)) + return true; +#elif defined(__linux__) && defined(__aarch64__) + if ((getauxval(AT_HWCAP) & HWCAP_SHA512) != 0) + return true; +#elif defined(__linux__) && defined(__aarch32__) + if ((getauxval(AT_HWCAP2) & HWCAP2_SHA512) != 0) + return true; +#elif defined(__APPLE__) && defined(__aarch64__) && 0 + unsigned int device, version; + GetAppleMachineInfo(device, version); + return IsAppleMachineARMv84(device, version); +#endif + return false; +} + +inline bool CPU_QuerySHA3() +{ +// Some ARMv8.4 features are disabled at the moment +#if defined(__ANDROID__) && defined(__aarch64__) && 0 + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM64) != 0) && + ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_SHA3) != 0)) + return true; +#elif defined(__ANDROID__) && defined(__aarch32__) && 0 + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM) != 0) && + ((android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_SHA3) != 0)) + return true; +#elif defined(__linux__) && defined(__aarch64__) + if ((getauxval(AT_HWCAP) & HWCAP_SHA3) != 0) + return true; +#elif defined(__linux__) && defined(__aarch32__) + if ((getauxval(AT_HWCAP2) & HWCAP2_SHA3) != 0) + return true; +#elif defined(__APPLE__) && defined(__aarch64__) && 0 + unsigned int device, version; + GetAppleMachineInfo(device, version); + return IsAppleMachineARMv84(device, version); +#endif + return false; +} + +inline bool CPU_QuerySM3() +{ +// Some ARMv8.4 features are disabled at the moment +#if defined(__ANDROID__) && defined(__aarch64__) && 0 + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM64) != 0) && + ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_SM3) != 0)) + return true; +#elif defined(__ANDROID__) && defined(__aarch32__) && 0 + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM) != 0) && + ((android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_SM3) != 0)) + return true; +#elif defined(__linux__) && defined(__aarch64__) + if ((getauxval(AT_HWCAP) & HWCAP_SM3) != 0) + return true; +#elif defined(__linux__) && defined(__aarch32__) + if ((getauxval(AT_HWCAP2) & HWCAP2_SM3) != 0) + return true; +#elif defined(__APPLE__) && defined(__aarch64__) && 0 + unsigned int device, version; + GetAppleMachineInfo(device, version); + return IsAppleMachineARMv84(device, version); +#endif + return false; +} + +inline bool CPU_QuerySM4() +{ +// Some ARMv8.4 features are disabled at the moment +#if defined(__ANDROID__) && defined(__aarch64__) && 0 + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM64) != 0) && + ((android_getCpuFeatures() & ANDROID_CPU_ARM64_FEATURE_SM4) != 0)) + return true; +#elif defined(__ANDROID__) && defined(__aarch32__) && 0 + if (((android_getCpuFamily() & ANDROID_CPU_FAMILY_ARM) != 0) && + ((android_getCpuFeatures() & ANDROID_CPU_ARM_FEATURE_SM4) != 0)) + return true; +#elif defined(__linux__) && defined(__aarch64__) + if ((getauxval(AT_HWCAP) & HWCAP_SM4) != 0) + return true; +#elif defined(__linux__) && defined(__aarch32__) + if ((getauxval(AT_HWCAP2) & HWCAP2_SM4) != 0) + return true; +#elif defined(__APPLE__) && defined(__aarch64__) && 0 + unsigned int device, version; + GetAppleMachineInfo(device, version); + return IsAppleMachineARMv84(device, version); #endif return false; } @@ -565,12 +804,17 @@ void DetectArmFeatures() { // The CPU_ProbeXXX's return false for OSes which // can't tolerate SIGILL-based probes - g_hasNEON = CPU_QueryNEON() || CPU_ProbeNEON(); + g_hasARMv7 = CPU_QueryARMv7() || CPU_ProbeARMv7(); + g_hasNEON = CPU_QueryNEON() || CPU_ProbeNEON(); g_hasCRC32 = CPU_QueryCRC32() || CPU_ProbeCRC32(); g_hasPMULL = CPU_QueryPMULL() || CPU_ProbePMULL(); g_hasAES = CPU_QueryAES() || CPU_ProbeAES(); g_hasSHA1 = CPU_QuerySHA1() || CPU_ProbeSHA1(); g_hasSHA2 = CPU_QuerySHA2() || CPU_ProbeSHA2(); + g_hasSHA512 = CPU_QuerySHA512(); // || CPU_ProbeSHA512(); + g_hasSHA3 = CPU_QuerySHA3(); // || CPU_ProbeSHA3(); + g_hasSM3 = CPU_QuerySM3(); // || CPU_ProbeSM3(); + g_hasSM4 = CPU_QuerySM4(); // || CPU_ProbeSM4(); #if defined(__linux__) && defined(_SC_LEVEL1_DCACHE_LINESIZE) // Glibc does not implement on some platforms. The runtime returns 0 instead of error. @@ -591,18 +835,26 @@ bool CRYPTOPP_SECTION_INIT g_PowerpcDetectionDone = false; bool CRYPTOPP_SECTION_INIT g_hasAltivec = false; bool CRYPTOPP_SECTION_INIT g_hasPower7 = false; bool CRYPTOPP_SECTION_INIT g_hasPower8 = false; +bool CRYPTOPP_SECTION_INIT g_hasPower9 = false; bool CRYPTOPP_SECTION_INIT g_hasAES = false; +bool CRYPTOPP_SECTION_INIT g_hasPMULL = false; bool CRYPTOPP_SECTION_INIT g_hasSHA256 = false; bool CRYPTOPP_SECTION_INIT g_hasSHA512 = false; +bool CRYPTOPP_SECTION_INIT g_hasDARN = false; word32 CRYPTOPP_SECTION_INIT g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE; extern bool CPU_ProbeAltivec(); extern bool CPU_ProbePower7(); extern bool CPU_ProbePower8(); +extern bool CPU_ProbePower9(); extern bool CPU_ProbeAES(); +extern bool CPU_ProbePMULL(); extern bool CPU_ProbeSHA256(); extern bool CPU_ProbeSHA512(); +extern bool CPU_ProbeDARN(); +// Linux define values from 64-Bit ELF V2 ABI Specification. +// http://openpowerfoundation.org/wp-content/uploads/resources/leabi/content/ch_preface.html #ifndef PPC_FEATURE_HAS_ALTIVEC # define PPC_FEATURE_HAS_ALTIVEC 0x10000000 #endif @@ -612,30 +864,44 @@ extern bool CPU_ProbeSHA512(); #ifndef PPC_FEATURE2_ARCH_2_07 # define PPC_FEATURE2_ARCH_2_07 0x80000000 #endif +#ifndef PPC_FEATURE2_ARCH_3_00 +# define PPC_FEATURE2_ARCH_3_00 0x00800000 +#endif #ifndef PPC_FEATURE2_VEC_CRYPTO # define PPC_FEATURE2_VEC_CRYPTO 0x02000000 #endif +// AIX defines. We used to just call __power_7_andup() +// and friends but at Power9, too many compilers were +// missing __power_9_andup(). Instead we switched to +// a pattern similar to OpenSSL caps testing. +#ifndef __power_6_andup +# define __power_6_andup() __power_set(0xffffffffU<<14) +#endif +#ifndef __power_7_andup +# define __power_7_andup() __power_set(0xffffffffU<<15) +#endif +#ifndef __power_8_andup +# define __power_8_andup() __power_set(0xffffffffU<<16) +#endif +#ifndef __power_9_andup +# define __power_9_andup() __power_set(0xffffffffU<<17) +#endif + +// AIX first supported Altivec at Power6, though it +// was available much earlier for other vendors. inline bool CPU_QueryAltivec() { #if defined(__linux__) if ((getauxval(AT_HWCAP) & PPC_FEATURE_HAS_ALTIVEC) != 0) return true; #elif defined(_AIX) - if (__power_vmx() != 0) + if (__power_6_andup() != 0) return true; #elif defined(__APPLE__) && defined(__POWERPC__) - // http://stackoverflow.com/questions/45637888/how-to-determine-armv8-features-at-runtime-on-ios - struct utsname systemInfo; - systemInfo.machine[0] = '\0'; - uname(&systemInfo); - - // The machine strings below are known PPC machines - std::string machine(systemInfo.machine); - if (machine.substr(0, 15) == "Power Macintosh") - { - return true; - } + unsigned int device, version; + GetAppleMachineInfo(device, version); + return device == PowerMac; #endif return false; } @@ -666,6 +932,19 @@ inline bool CPU_QueryPower8() return false; } +inline bool CPU_QueryPower9() +{ + // Power9 and ISA 3.0. +#if defined(__linux__) + if ((getauxval(AT_HWCAP2) & PPC_FEATURE2_ARCH_3_00) != 0) + return true; +#elif defined(_AIX) + if (__power_9_andup() != 0) + return true; +#endif + return false; +} + inline bool CPU_QueryAES() { // Power8 and ISA 2.07 provide in-core crypto. Glibc @@ -680,6 +959,20 @@ inline bool CPU_QueryAES() return false; } +inline bool CPU_QueryPMULL() +{ + // Power8 and ISA 2.07 provide in-core crypto. Glibc + // 2.24 or higher is required for PPC_FEATURE2_VEC_CRYPTO. +#if defined(__linux__) + if ((getauxval(AT_HWCAP2) & PPC_FEATURE2_VEC_CRYPTO) != 0) + return true; +#elif defined(_AIX) + if (__power_8_andup() != 0) + return true; +#endif + return false; +} + inline bool CPU_QuerySHA256() { // Power8 and ISA 2.07 provide in-core crypto. Glibc @@ -707,6 +1000,20 @@ inline bool CPU_QuerySHA512() return false; } +// Power9 random number generator +inline bool CPU_QueryDARN() +{ + // Power9 and ISA 3.0 provide DARN. +#if defined(__linux__) + if ((getauxval(AT_HWCAP2) & PPC_FEATURE2_ARCH_3_00) != 0) + return true; +#elif defined(_AIX) + if (__power_9_andup() != 0) + return true; +#endif + return false; +} + void DetectPowerpcFeatures() { // The CPU_ProbeXXX's return false for OSes which @@ -714,10 +1021,12 @@ void DetectPowerpcFeatures() g_hasAltivec = CPU_QueryAltivec() || CPU_ProbeAltivec(); g_hasPower7 = CPU_QueryPower7() || CPU_ProbePower7(); g_hasPower8 = CPU_QueryPower8() || CPU_ProbePower8(); - //g_hasPMULL = CPU_QueryPMULL() || CPU_ProbePMULL(); + g_hasPower9 = CPU_QueryPower9() || CPU_ProbePower9(); + g_hasPMULL = CPU_QueryPMULL() || CPU_ProbePMULL(); g_hasAES = CPU_QueryAES() || CPU_ProbeAES(); g_hasSHA256 = CPU_QuerySHA256() || CPU_ProbeSHA256(); g_hasSHA512 = CPU_QuerySHA512() || CPU_ProbeSHA512(); + g_hasDARN = CPU_QueryDARN() || CPU_ProbeDARN(); #if defined(_AIX) && defined(SC_L1C_DLS) // /usr/include/sys/systemcfg.h @@ -749,7 +1058,7 @@ public: { #if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64 CryptoPP::DetectX86Features(); -#elif CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64 +#elif CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8 CryptoPP::DetectArmFeatures(); #elif CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64 CryptoPP::DetectPowerpcFeatures(); @@ -768,6 +1077,10 @@ public: #pragma init_seg(".CRT$XCU") const InitCpu s_init; #pragma warning(default: 4075) +#elif HAVE_XLC_INIT_PRIORITY + // XLC needs constant, not a define + #pragma priority(270) + const InitCpu s_init; #else const InitCpu s_init; #endif diff --git a/vendor/cryptopp/vendor_cryptopp/cpu.h b/vendor/cryptopp/vendor_cryptopp/cpu.h index fa0158be..cced64d6 100644 --- a/vendor/cryptopp/vendor_cryptopp/cpu.h +++ b/vendor/cryptopp/vendor_cryptopp/cpu.h @@ -18,8 +18,8 @@ /// /// \details Generally speaking, CPU_Query() is in the source file cpu.cpp because it /// does not require special architectural flags. CPU_Probe() is in a source file that recieves -/// architectural flags, like sse-simd.cpp, neon-simd.cpp and -/// ppc-simd.cpp. For example, compiling neon-simd.cpp on an ARM64 machine will +/// architectural flags, like sse_simd.cpp, neon_simd.cpp and +/// ppc_simd.cpp. For example, compiling neon_simd.cpp on an ARM64 machine will /// have -march=armv8-a applied during a compile to make the instruction set architecture /// (ISA) available. /// \details The cpu probes are expensive when compared to a standard OS feature query. The library @@ -40,7 +40,7 @@ #endif // Applies to both X86/X32/X64 and ARM32/ARM64 -#if defined(CRYPTOPP_LLVM_CLANG_VERSION) || defined(CRYPTOPP_APPLE_CLANG_VERSION) || defined(CRYPTOPP_CLANG_INTEGRATED_ASSEMBLER) +#if defined(CRYPTOPP_LLVM_CLANG_VERSION) || defined(CRYPTOPP_APPLE_CLANG_VERSION) #define NEW_LINE "\n" #define INTEL_PREFIX ".intel_syntax;" #define INTEL_NOPREFIX ".intel_syntax;" @@ -85,6 +85,8 @@ extern CRYPTOPP_DLL bool g_hasSSE2; extern CRYPTOPP_DLL bool g_hasSSSE3; extern CRYPTOPP_DLL bool g_hasSSE41; extern CRYPTOPP_DLL bool g_hasSSE42; +extern CRYPTOPP_DLL bool g_hasAVX; +extern CRYPTOPP_DLL bool g_hasAVX2; extern CRYPTOPP_DLL bool g_hasAESNI; extern CRYPTOPP_DLL bool g_hasCLMUL; extern CRYPTOPP_DLL bool g_hasSHA; @@ -158,6 +160,7 @@ inline bool HasSSE42() /// \brief Determines AES-NI availability /// \returns true if AES-NI is determined to be available, false otherwise /// \details HasAESNI() is a runtime check performed using CPUID +/// \since Crypto++ 5.6.1 /// \note This function is only available on Intel IA-32 platforms inline bool HasAESNI() { @@ -169,6 +172,7 @@ inline bool HasAESNI() /// \brief Determines Carryless Multiply availability /// \returns true if pclmulqdq is determined to be available, false otherwise /// \details HasCLMUL() is a runtime check performed using CPUID +/// \since Crypto++ 5.6.1 /// \note This function is only available on Intel IA-32 platforms inline bool HasCLMUL() { @@ -180,6 +184,7 @@ inline bool HasCLMUL() /// \brief Determines SHA availability /// \returns true if SHA is determined to be available, false otherwise /// \details HasSHA() is a runtime check performed using CPUID +/// \since Crypto++ 6.0 /// \note This function is only available on Intel IA-32 platforms inline bool HasSHA() { @@ -191,6 +196,7 @@ inline bool HasSHA() /// \brief Determines ADX availability /// \returns true if ADX is determined to be available, false otherwise /// \details HasADX() is a runtime check performed using CPUID +/// \since Crypto++ 7.0 /// \note This function is only available on Intel IA-32 platforms inline bool HasADX() { @@ -199,6 +205,30 @@ inline bool HasADX() return g_hasADX; } +/// \brief Determines AVX availability +/// \returns true if AVX is determined to be available, false otherwise +/// \details HasAVX() is a runtime check performed using CPUID +/// \since Crypto++ 8.0 +/// \note This function is only available on Intel IA-32 platforms +inline bool HasAVX() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasAVX; +} + +/// \brief Determines AVX2 availability +/// \returns true if AVX2 is determined to be available, false otherwise +/// \details HasAVX2() is a runtime check performed using CPUID +/// \since Crypto++ 8.0 +/// \note This function is only available on Intel IA-32 platforms +inline bool HasAVX2() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasAVX2; +} + /// \brief Determines if the CPU is an Intel P4 /// \returns true if the CPU is a P4, false otherwise /// \details IsP4() is a runtime check performed using CPUID @@ -307,24 +337,52 @@ inline int GetCacheLineSize() // ***************************** ARM-32, Aarch32 and Aarch64 ***************************** // -#if CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64 || CRYPTOPP_DOXYGEN_PROCESSING +#if CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8 || CRYPTOPP_DOXYGEN_PROCESSING // Hide from Doxygen #ifndef CRYPTOPP_DOXYGEN_PROCESSING extern bool g_ArmDetectionDone; -extern bool g_hasNEON, g_hasPMULL, g_hasCRC32, g_hasAES, g_hasSHA1, g_hasSHA2; +extern bool g_hasARMv7; +extern bool g_hasNEON; +extern bool g_hasPMULL; +extern bool g_hasCRC32; +extern bool g_hasAES; +extern bool g_hasSHA1; +extern bool g_hasSHA2; +extern bool g_hasSHA512; +extern bool g_hasSHA3; +extern bool g_hasSM3; +extern bool g_hasSM4; void CRYPTOPP_API DetectArmFeatures(); #endif // CRYPTOPP_DOXYGEN_PROCESSING /// \name ARM A-32, Aarch32 and AArch64 CPU FEATURES //@{ +/// \brief Determine if an ARM processor is ARMv7 or above +/// \returns true if the hardware is ARMv7 or above, false otherwise. +/// \details Some AES code requires ARMv7 or above +/// \since Crypto++ 8.0 +/// \note This function is only available on ARM-32, Aarch32 and Aarch64 platforms +inline bool HasARMv7() +{ + // ASIMD is a core feature on Aarch32 and Aarch64 like SSE2 is a core feature on x86_64 +#if defined(__aarch32__) || defined(__aarch64__) + return true; +#else + if (!g_ArmDetectionDone) + DetectArmFeatures(); + return g_hasARMv7; +#endif +} + /// \brief Determine if an ARM processor has Advanced SIMD available /// \returns true if the hardware is capable of Advanced SIMD at runtime, false otherwise. /// \details Advanced SIMD instructions are available under most ARMv7, Aarch32 and Aarch64. /// \details Runtime support requires compile time support. When compiling with GCC, you may /// need to compile with -mfpu=neon (32-bit) or -march=armv8-a /// (64-bit). Also see ARM's __ARM_NEON preprocessor macro. +/// \since Crypto++ 5.6.4 /// \note This function is only available on ARM-32, Aarch32 and Aarch64 platforms inline bool HasNEON() { @@ -339,12 +397,14 @@ inline bool HasNEON() } /// \brief Determine if an ARM processor provides Polynomial Multiplication -/// \returns true if the hardware is capable of polynomial multiplications at runtime, false otherwise. +/// \returns true if the hardware is capable of polynomial multiplications at runtime, +/// false otherwise. /// \details The multiplication instructions are available under Aarch32 and Aarch64. -/// \details Runtime support requires compile time support. When compiling with GCC, you may -/// need to compile with -march=armv8-a+crypto; while Apple requires +/// \details Runtime support requires compile time support. When compiling with GCC, +/// you may need to compile with -march=armv8-a+crypto; while Apple requires /// -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. -/// \note This function is only available on ARM-32, Aarch32 and Aarch64 platforms +/// \since Crypto++ 5.6.4 +/// \note This function is only available on Aarch32 and Aarch64 platforms inline bool HasPMULL() { #if defined(__aarch32__) || defined(__aarch64__) @@ -358,12 +418,14 @@ inline bool HasPMULL() /// \brief Determine if an ARM processor has CRC32 available /// \returns true if the hardware is capable of CRC32 at runtime, false otherwise. -/// \details CRC32 instructions provide access to the processor's CRC-32 and CRC-32C instructions. -/// They are provided by ARM C Language Extensions 2.0 (ACLE 2.0) and available under Aarch32 and Aarch64. -/// \details Runtime support requires compile time support. When compiling with GCC, you may -/// need to compile with -march=armv8-a+crc; while Apple requires +/// \details CRC32 instructions provide access to the processor's CRC-32 and CRC-32C +/// instructions. They are provided by ARM C Language Extensions 2.0 (ACLE 2.0) and +/// available under Aarch32 and Aarch64. +/// \details Runtime support requires compile time support. When compiling with GCC, +/// you may need to compile with -march=armv8-a+crc; while Apple requires /// -arch arm64. Also see ARM's __ARM_FEATURE_CRC32 preprocessor macro. -/// \note This function is only available on ARM-32, Aarch32 and Aarch64 platforms +/// \since Crypto++ 5.6.4 +/// \note This function is only available on Aarch32 and Aarch64 platforms inline bool HasCRC32() { #if defined(__aarch32__) || defined(__aarch64__) @@ -382,7 +444,8 @@ inline bool HasCRC32() /// \details Runtime support requires compile time support. When compiling with GCC, you may /// need to compile with -march=armv8-a+crypto; while Apple requires /// -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. -/// \note This function is only available on ARM-32, Aarch32 and Aarch64 platforms +/// \since Crypto++ 5.6.4 +/// \note This function is only available on Aarch32 and Aarch64 platforms inline bool HasAES() { #if defined(__aarch32__) || defined(__aarch64__) @@ -401,7 +464,8 @@ inline bool HasAES() /// \details Runtime support requires compile time support. When compiling with GCC, you may /// need to compile with -march=armv8-a+crypto; while Apple requires /// -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. -/// \note This function is only available on ARM-32, Aarch32 and Aarch64 platforms +/// \since Crypto++ 5.6.4 +/// \note This function is only available on Aarch32 and Aarch64 platforms inline bool HasSHA1() { #if defined(__aarch32__) || defined(__aarch64__) @@ -413,14 +477,15 @@ inline bool HasSHA1() #endif } -/// \brief Determine if an ARM processor has SHA2 available -/// \returns true if the hardware is capable of SHA2 at runtime, false otherwise. -/// \details SHA2 is part of the optional Crypto extensions on Aarch32 and Aarch64. They are +/// \brief Determine if an ARM processor has SHA256 available +/// \returns true if the hardware is capable of SHA256 at runtime, false otherwise. +/// \details SHA256 is part of the optional Crypto extensions on Aarch32 and Aarch64. They are /// accessed using ARM C Language Extensions 2.0 (ACLE 2.0). /// \details Runtime support requires compile time support. When compiling with GCC, you may /// need to compile with -march=armv8-a+crypto; while Apple requires /// -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. -/// \note This function is only available on ARM-32, Aarch32 and Aarch64 platforms +/// \since Crypto++ 5.6.4 +/// \note This function is only available on Aarch32 and Aarch64 platforms inline bool HasSHA2() { #if defined(__aarch32__) || defined(__aarch64__) @@ -432,9 +497,89 @@ inline bool HasSHA2() #endif } +/// \brief Determine if an ARM processor has SHA512 available +/// \returns true if the hardware is capable of SHA512 at runtime, false otherwise. +/// \details SHA512 is part of the ARMv8.4 Crypto extensions on Aarch32 and Aarch64. They +/// are accessed using ARM C Language Extensions 2.0 (ACLE 2.0). +/// \details Runtime support requires compile time support. When compiling with GCC, you +/// may need to compile with -march=armv8.4-a+crypto; while Apple requires +/// -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. +/// \since Crypto++ 8.0 +/// \note This function is only available on Aarch32 and Aarch64 platforms +inline bool HasSHA512() +{ +#if defined(__aarch32__) || defined(__aarch64__) + if (!g_ArmDetectionDone) + DetectArmFeatures(); + return g_hasSHA512; +#else + return false; +#endif +} + +/// \brief Determine if an ARM processor has SHA3 available +/// \returns true if the hardware is capable of SHA3 at runtime, false otherwise. +/// \details SHA3 is part of the ARMv8.4 Crypto extensions on Aarch32 and Aarch64. They +/// are accessed using ARM C Language Extensions 2.0 (ACLE 2.0). +/// \details Runtime support requires compile time support. When compiling with GCC, you +/// may need to compile with -march=armv8.4-a+crypto; while Apple requires +/// -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. +/// \since Crypto++ 8.0 +/// \note This function is only available on Aarch32 and Aarch64 platforms +inline bool HasSHA3() +{ +#if defined(__aarch32__) || defined(__aarch64__) + if (!g_ArmDetectionDone) + DetectArmFeatures(); + return g_hasSHA3; +#else + return false; +#endif +} + +/// \brief Determine if an ARM processor has SM3 available +/// \returns true if the hardware is capable of SM3 at runtime, false otherwise. +/// \details SM3 is part of the ARMv8.4 Crypto extensions on Aarch32 and Aarch64. They +/// are accessed using ARM C Language Extensions 2.0 (ACLE 2.0). +/// \details Runtime support requires compile time support. When compiling with GCC, you +/// may need to compile with -march=armv8.4-a+crypto; while Apple requires +/// -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. +/// \since Crypto++ 8.0 +/// \note This function is only available on Aarch32 and Aarch64 platforms +inline bool HasSM3() +{ +#if defined(__aarch32__) || defined(__aarch64__) + if (!g_ArmDetectionDone) + DetectArmFeatures(); + return g_hasSM3; +#else + return false; +#endif +} + +/// \brief Determine if an ARM processor has SM4 available +/// \returns true if the hardware is capable of SM4 at runtime, false otherwise. +/// \details SM4 is part of the ARMv8.4 Crypto extensions on Aarch32 and Aarch64. They +/// are accessed using ARM C Language Extensions 2.0 (ACLE 2.0). +/// \details Runtime support requires compile time support. When compiling with GCC, you +/// may need to compile with -march=armv8.4-a+crypto; while Apple requires +/// -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. +/// \since Crypto++ 8.0 +/// \note This function is only available on Aarch32 and Aarch64 platforms +inline bool HasSM4() +{ +#if defined(__aarch32__) || defined(__aarch64__) + if (!g_ArmDetectionDone) + DetectArmFeatures(); + return g_hasSM4; +#else + return false; +#endif +} + //@} -#endif // CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64 +#endif // CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8 // ***************************** PowerPC ***************************** // @@ -443,7 +588,15 @@ inline bool HasSHA2() // Hide from Doxygen #ifndef CRYPTOPP_DOXYGEN_PROCESSING extern bool g_PowerpcDetectionDone; -extern bool g_hasAltivec, g_hasPower7, g_hasPower8, g_hasAES, g_hasSHA256, g_hasSHA512; +extern bool g_hasAltivec; +extern bool g_hasPower7; +extern bool g_hasPower8; +extern bool g_hasPower9; +extern bool g_hasAES; +extern bool g_hasPMULL; +extern bool g_hasSHA256; +extern bool g_hasSHA512; +extern bool g_hasDARN; extern word32 g_cacheLineSize; void CRYPTOPP_API DetectPowerpcFeatures(); #endif // CRYPTOPP_DOXYGEN_PROCESSING @@ -453,13 +606,10 @@ void CRYPTOPP_API DetectPowerpcFeatures(); /// \brief Determine if a PowerPC processor has Altivec available /// \returns true if the hardware is capable of Altivec at runtime, false otherwise. -/// \details Altivec instructions are available under most modern PowerPCs. +/// \details Altivec instructions are available on modern PowerPCs. /// \details Runtime support requires compile time support. When compiling with GCC, you may -/// need to compile with -mcpu=power7; while IBM XL C/C++ compilers require -/// -qarch=pwr7 -qaltivec. Also see PowerPC's _ALTIVEC_ preprocessor macro. -/// \details Atilvec was first available on Power4 platforms. However Crypto++ releies on unaligned -/// loads and stores which is a Power7 feature. If the platform lacks Power7 extensions, then the -/// GNUmakefile sets -DCRYPTOPP_DISABLE_ALTIVEC. +/// need to compile with -mcpu=power4; while IBM XL C/C++ compilers require +/// -qarch=pwr6 -qaltivec. Also see PowerPC's _ALTIVEC_ preprocessor macro. /// \note This function is only available on PowerPC and PowerPC-64 platforms inline bool HasAltivec() { @@ -468,15 +618,11 @@ inline bool HasAltivec() return g_hasAltivec; } -/// \brief Determine if a PowerPC processor has Power8 available -/// \returns true if the hardware is capable of Power8 at runtime, false otherwise. -/// \details Altivec instructions are available under most modern PowerPCs. +/// \brief Determine if a PowerPC processor has Power7 available +/// \returns true if the hardware is capable of Power7 at runtime, false otherwise. /// \details Runtime support requires compile time support. When compiling with GCC, you may -/// need to compile with -mcpu=power8; while IBM XL C/C++ compilers require -/// -qarch=pwr8 -qaltivec. Also see PowerPC's _ALTIVEC_ preprocessor macro. -/// \details Atilvec was first available on Power4 platforms. However Crypto++ releies on unaligned -/// loads and stores which is a Power7 feature. If the platform lacks Power7 extensions, then the -/// GNUmakefile sets -DCRYPTOPP_DISABLE_ALTIVEC. +/// need to compile with -mcpu=power7; while IBM XL C/C++ compilers require +/// -qarch=pwr7 -qaltivec. Also see PowerPC's _ALTIVEC_ preprocessor macro. /// \note This function is only available on PowerPC and PowerPC-64 platforms inline bool HasPower7() { @@ -487,13 +633,9 @@ inline bool HasPower7() /// \brief Determine if a PowerPC processor has Power8 available /// \returns true if the hardware is capable of Power8 at runtime, false otherwise. -/// \details Altivec instructions are available under most modern PowerPCs. /// \details Runtime support requires compile time support. When compiling with GCC, you may /// need to compile with -mcpu=power8; while IBM XL C/C++ compilers require /// -qarch=pwr8 -qaltivec. Also see PowerPC's _ALTIVEC_ preprocessor macro. -/// \details Atilvec was first available on Power4 platforms. However Crypto++ releies on unaligned -/// loads and stores which is a Power7 feature. If the platform lacks Power7 extensions, then the -/// GNUmakefile sets -DCRYPTOPP_DISABLE_ALTIVEC. /// \note This function is only available on PowerPC and PowerPC-64 platforms inline bool HasPower8() { @@ -502,6 +644,19 @@ inline bool HasPower8() return g_hasPower8; } +/// \brief Determine if a PowerPC processor has Power9 available +/// \returns true if the hardware is capable of Power9 at runtime, false otherwise. +/// \details Runtime support requires compile time support. When compiling with GCC, you may +/// need to compile with -mcpu=power9; while IBM XL C/C++ compilers require +/// -qarch=pwr9 -qaltivec. Also see PowerPC's _ALTIVEC_ preprocessor macro. +/// \note This function is only available on PowerPC and PowerPC-64 platforms +inline bool HasPower9() +{ + if (!g_PowerpcDetectionDone) + DetectPowerpcFeatures(); + return g_hasPower9; +} + /// \brief Determine if a PowerPC processor has AES available /// \returns true if the hardware is capable of AES at runtime, false otherwise. /// \details AES is part of the in-crypto extensions on Power8 and Power9. @@ -516,6 +671,20 @@ inline bool HasAES() return g_hasAES; } +/// \brief Determine if a PowerPC processor has Polynomial Multiply available +/// \returns true if the hardware is capable of PMULL at runtime, false otherwise. +/// \details PMULL is part of the in-crypto extensions on Power8 and Power9. +/// \details Runtime support requires compile time support. When compiling with GCC, you may +/// need to compile with -mcpu=power8; while IBM XL C/C++ compilers require +/// -qarch=pwr8 -qaltivec. Also see PowerPC's __CRYPTO preprocessor macro. +/// \note This function is only available on PowerPC and PowerPC-64 platforms +inline bool HasPMULL() +{ + if (!g_PowerpcDetectionDone) + DetectPowerpcFeatures(); + return g_hasPMULL; +} + /// \brief Determine if a PowerPC processor has SHA256 available /// \returns true if the hardware is capable of SHA256 at runtime, false otherwise. /// \details SHA is part of the in-crypto extensions on Power8 and Power9. @@ -544,6 +713,25 @@ inline bool HasSHA512() return g_hasSHA512; } +/// \brief Determine if a PowerPC processor has DARN available +/// \returns true if the hardware is capable of DARN at runtime, false otherwise. +/// \details Runtime support requires compile time support. When compiling with GCC, you may +/// need to compile with -mcpu=power9; while IBM XL C/C++ compilers require +/// -qarch=pwr9 -qaltivec. Also see PowerPC's _ALTIVEC_ preprocessor macro. +/// \note This function is only available on PowerPC and PowerPC-64 platforms +inline bool HasDARN() +{ + if (!g_PowerpcDetectionDone) + DetectPowerpcFeatures(); + + // see comments in cpu.cpp +#if defined(__ibmxl__) && defined(__linux__) + return false; +#else + return g_hasDARN; +#endif +} + /// \brief Provides the cache line size /// \returns lower bound on the size of a cache line in bytes, if available /// \details GetCacheLineSize() returns the lower bound on the size of a cache line, if it @@ -614,7 +802,12 @@ inline int GetCacheLineSize() #define GNU_AS2(x, y) #x ", " #y ";" NEW_LINE #define GNU_AS3(x, y, z) #x ", " #y ", " #z ";" NEW_LINE #define GNU_ASL(x) "\n" #x ":" NEW_LINE +// clang 5.0.0 and apple clang 9.0.0 don't support numerical backward jumps +#if (CRYPTOPP_LLVM_CLANG_VERSION >= 50000) || (CRYPTOPP_APPLE_CLANG_VERSION >= 90000) + #define GNU_ASJ(x, y, z) ATT_PREFIX ";" NEW_LINE #x " " #y #z ";" NEW_LINE INTEL_PREFIX ";" NEW_LINE +#else #define GNU_ASJ(x, y, z) #x " " #y #z ";" NEW_LINE +#endif #define AS1(x) GNU_AS1(x) #define AS2(x, y) GNU_AS2(x, y) #define AS3(x, y, z) GNU_AS3(x, y, z) diff --git a/vendor/cryptopp/vendor_cryptopp/crc.cpp b/vendor/cryptopp/vendor_cryptopp/crc.cpp index c4a4664a..20addce6 100644 --- a/vendor/cryptopp/vendor_cryptopp/crc.cpp +++ b/vendor/cryptopp/vendor_cryptopp/crc.cpp @@ -8,20 +8,20 @@ NAMESPACE_BEGIN(CryptoPP) -// crc-simd.cpp +// crc_simd.cpp #if (CRYPTOPP_ARM_CRC32_AVAILABLE) extern void CRC32_Update_ARMV8(const byte *s, size_t n, word32& c); extern void CRC32C_Update_ARMV8(const byte *s, size_t n, word32& c); #endif -// crc-simd.cpp +// crc_simd.cpp #if (CRYPTOPP_SSE42_AVAILABLE) extern void CRC32C_Update_SSE42(const byte *s, size_t n, word32& c); #endif /* Table of CRC-32's of all single byte values (made by makecrc.c) */ const word32 CRC32::m_tab[] = { -#ifdef CRYPTOPP_LITTLE_ENDIAN +#if (CRYPTOPP_LITTLE_ENDIAN) 0x00000000L, 0x77073096L, 0xee0e612cL, 0x990951baL, 0x076dc419L, 0x706af48fL, 0xe963a535L, 0x9e6495a3L, 0x0edb8832L, 0x79dcb8a4L, 0xe0d5e91eL, 0x97d2d988L, 0x09b64c2bL, 0x7eb17cbdL, 0xe7b82d07L, @@ -130,6 +130,15 @@ const word32 CRC32::m_tab[] = { #endif }; +std::string CRC32::AlgorithmProvider() const +{ +#if (CRYPTOPP_ARM_CRC32_AVAILABLE) + if (HasCRC32()) + return "ARMv8"; +#endif + return "C++"; +} + CRC32::CRC32() { Reset(); @@ -180,7 +189,7 @@ void CRC32::TruncatedFinal(byte *hash, size_t size) // Castagnoli CRC32C (iSCSI) const word32 CRC32C::m_tab[] = { -#ifdef CRYPTOPP_LITTLE_ENDIAN +#if (CRYPTOPP_LITTLE_ENDIAN) 0x00000000L, 0xf26b8303L, 0xe13b70f7L, 0x1350f3f4L, 0xc79a971fL, 0x35f1141cL, 0x26a1e7e8L, 0xd4ca64ebL, 0x8ad958cfL, 0x78b2dbccL, 0x6be22838L, 0x9989ab3bL, 0x4d43cfd0L, 0xbf284cd3L, 0xac78bf27L, @@ -289,6 +298,19 @@ const word32 CRC32C::m_tab[] = { #endif }; +std::string CRC32C::AlgorithmProvider() const +{ +#if (CRYPTOPP_ARM_CRC32_AVAILABLE) + if (HasCRC32()) + return "ARMv8"; +#endif +#if (CRYPTOPP_SSE42_AVAILABLE) + if (HasSSE42()) + return "SSE4.2"; +#endif + return "C++"; +} + CRC32C::CRC32C() { Reset(); diff --git a/vendor/cryptopp/vendor_cryptopp/crc.h b/vendor/cryptopp/vendor_cryptopp/crc.h index f34715f6..02332e4b 100644 --- a/vendor/cryptopp/vendor_cryptopp/crc.h +++ b/vendor/cryptopp/vendor_cryptopp/crc.h @@ -12,7 +12,7 @@ NAMESPACE_BEGIN(CryptoPP) const word32 CRC32_NEGL = 0xffffffffL; -#ifdef CRYPTOPP_LITTLE_ENDIAN +#if (CRYPTOPP_LITTLE_ENDIAN) #define CRC32_INDEX(c) (c & 0xff) #define CRC32_SHIFTED(c) (c >> 8) #else @@ -34,7 +34,9 @@ public: std::string AlgorithmName() const {return StaticAlgorithmName();} void UpdateByte(byte b) {m_crc = m_tab[CRC32_INDEX(m_crc) ^ b] ^ CRC32_SHIFTED(m_crc);} - byte GetCrcByte(size_t i) const {return ((byte *)&(m_crc))[i];} + byte GetCrcByte(size_t i) const {return reinterpret_cast(&m_crc)[i];} + + std::string AlgorithmProvider() const; protected: void Reset() {m_crc = CRC32_NEGL;} @@ -59,7 +61,9 @@ public: std::string AlgorithmName() const {return StaticAlgorithmName();} void UpdateByte(byte b) {m_crc = m_tab[CRC32_INDEX(m_crc) ^ b] ^ CRC32_SHIFTED(m_crc);} - byte GetCrcByte(size_t i) const {return ((byte *)&(m_crc))[i];} + byte GetCrcByte(size_t i) const {return reinterpret_cast(&m_crc)[i];} + + std::string AlgorithmProvider() const; protected: void Reset() {m_crc = CRC32_NEGL;} diff --git a/vendor/cryptopp/vendor_cryptopp/crc-simd.cpp b/vendor/cryptopp/vendor_cryptopp/crc_simd.cpp similarity index 87% rename from vendor/cryptopp/vendor_cryptopp/crc-simd.cpp rename to vendor/cryptopp/vendor_cryptopp/crc_simd.cpp index a7a258ea..4699953a 100644 --- a/vendor/cryptopp/vendor_cryptopp/crc-simd.cpp +++ b/vendor/cryptopp/vendor_cryptopp/crc_simd.cpp @@ -1,4 +1,4 @@ -// crc-simd.cpp - written and placed in the public domain by +// crc_simd.cpp - written and placed in the public domain by // Jeffrey Walton, Uri Blumenthal and Marcel Raad. // // This source file uses intrinsics to gain access to SSE4.2 and @@ -14,14 +14,11 @@ # include #endif -// Use ARMv8 rather than NEON due to compiler inconsistencies -#if (CRYPTOPP_ARM_CRC32_AVAILABLE) +#if (CRYPTOPP_ARM_NEON_AVAILABLE) # include #endif -// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many -// compilers don't follow ACLE conventions for the include. -#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE) +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) # include # include #endif @@ -35,6 +32,9 @@ # define EXCEPTION_EXECUTE_HANDLER 1 #endif +// Squash MS LNK4221 and libtool warnings +extern const char CRC_SIMD_FNAME[] = __FILE__; + NAMESPACE_BEGIN(CryptoPP) #ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY @@ -49,7 +49,7 @@ extern "C" { } #endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY -#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64) +#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8) bool CPU_ProbeCRC32() { diff --git a/vendor/cryptopp/vendor_cryptopp/cryptdll.vcxproj b/vendor/cryptopp/vendor_cryptopp/cryptdll.vcxproj index 14b4d40f..88360ed5 100644 --- a/vendor/cryptopp/vendor_cryptopp/cryptdll.vcxproj +++ b/vendor/cryptopp/vendor_cryptopp/cryptdll.vcxproj @@ -65,6 +65,7 @@ 4231; 4251; 4275; 4355; 4505 Use pch.h + $(AdditionalOptions) NoErrorReport @@ -209,7 +210,7 @@ - + @@ -229,17 +230,16 @@ - + - + - + - @@ -308,7 +308,6 @@ - diff --git a/vendor/cryptopp/vendor_cryptopp/cryptdll.vcxproj.filters b/vendor/cryptopp/vendor_cryptopp/cryptdll.vcxproj.filters index 05608922..23bf3f49 100644 --- a/vendor/cryptopp/vendor_cryptopp/cryptdll.vcxproj.filters +++ b/vendor/cryptopp/vendor_cryptopp/cryptdll.vcxproj.filters @@ -44,6 +44,9 @@ Source Files + + Source Files + Source Files @@ -89,7 +92,7 @@ Source Files - + Source Files @@ -155,7 +158,7 @@ Source Files - + Source Files @@ -170,7 +173,7 @@ Source Files - + Source Files @@ -179,7 +182,7 @@ Source Files - + Source Files @@ -232,6 +235,9 @@ Header Files + + Header Files + Header Files diff --git a/vendor/cryptopp/vendor_cryptopp/cryptest.nmake b/vendor/cryptopp/vendor_cryptopp/cryptest.nmake index 34d2bd46..e2a5db72 100644 --- a/vendor/cryptopp/vendor_cryptopp/cryptest.nmake +++ b/vendor/cryptopp/vendor_cryptopp/cryptest.nmake @@ -1,28 +1,33 @@ # cryptest.nmake - written and placed in public domain by Jeffrey Walton. # Copyright assigned to the Crypto++ project. -# This makefile is used for testing and building cryptlib.lib and cryptest.exe under nmake. Open a -# Visual Studio Developer Prompt and then run "nmake /f cryptest.nmake". The build procedure will -# reveal not-so-readily-apparent problems under Microsoft ARM and Metro UI apps. +# This makefile is used for testing and building cryptlib.lib and cryptest.exe +# under nmake. Open a Visual Studio Developer Prompt and then run +# "nmake /f cryptest.nmake". The build procedure will reveal not so readily +# apparent problems under Microsoft ARM and Metro UI apps. -# The makefile is not intended for production use, though it may be used as a starting point. -# For example, you can add switches like /MT and /MTd for dynamic runtime linking against -# the Microsoft C++ Runtime libraries. If you are building for Windows Phone or Windows Store, then -# you probably want to remove /D_MBCS. The resulting cryptlib.lib may be suitable as a starting -# point for a DLL project using Crypto++. +# The makefile is not intended for production use, though it may be used as a +# starting point. For example, you can add switches like /MT and /MTd for +# dynamic runtime linking against the Microsoft C++ Runtime libraries. If you +# are building for Windows Phone or Windows Store, then you probably want to +# remove /D_MBCS. The resulting cryptlib.lib may be suitable as a starting +# point for a DLL project using Crypto++. -# You must also add /DCRYPTOPP_DEBUG or /DDEBUG if you want a debug build with the library's assert. -# The library moved from Posix NDEBUG and assert() to CRYPTOPP_ASSERT at 5.6.5 due to CVE-2016-7420. -# CRYPTOPP_ASSERT has the additional benefit of using DebugBreak(), and the program does not crash -# while you are debugging it like would happen with Posix assert(). +# You must also add /DCRYPTOPP_DEBUG or /DDEBUG if you want a debug build with +# the library's assert. The library moved from Posix NDEBUG and assert() to +# CRYPTOPP_ASSERT at 5.6.5 due to CVE-2016-7420. CRYPTOPP_ASSERT has the +# additional benefit of using DebugBreak(), and the program does not crash +# while you are debugging it like would happen with Posix assert(). -# The list of LIB_SRCS and TEST_SRCS was generated under Linux with "make sources". The list of -# LIB_OBJS and TEST_OBJS was generated under Linux with "make sources | sed 's|.cpp|.obj|g'". -# The order of the firt three object files are significant. See C++ Static Initialization Order -# Fisaco on the Crypto++ wiki for details. +# The list of LIB_SRCS and TEST_SRCS was generated under Linux with +# "make sources | fold -w74 -s". The list of LIB_OBJS and TEST_OBJS was +# generated with "make sources | fold -w74 -s | sed 's|.cpp|.obj|g'". The +# order of the first three object files are significant. See C++ Static +# Initialization Order Fisaco on the Crypto++ wiki for details. -# You are free to add and remove files to the list. For example, you can remove rdrand.asm -# build it using NASM, and then include the NASM object file rdrand_x86.obj or rdrand_x64.obj. +# You are free to add and remove files to the list. For example, you can remove +# rdrand.asm build it using NASM, and then include the NASM object file +# rdrand_x86.obj or rdrand_x64.obj. ########################################################################################### @@ -45,15 +50,79 @@ ########################################################################################### -# If you use 'make sources' from Linux makefile, then add 'winpipes.cpp' to the list below. +LIB_SRCS = \ + cryptlib.cpp cpu.cpp integer.cpp 3way.cpp adler32.cpp algebra.cpp \ + algparam.cpp arc4.cpp aria.cpp aria_simd.cpp ariatab.cpp asn.cpp \ + authenc.cpp base32.cpp base64.cpp basecode.cpp bfinit.cpp blake2.cpp \ + blake2b_simd.cpp blake2s_simd.cpp blowfish.cpp blumshub.cpp camellia.cpp \ + cast.cpp casts.cpp cbcmac.cpp ccm.cpp chacha.cpp chacha_avx.cpp \ + chacha_simd.cpp cham.cpp cham_simd.cpp channels.cpp cmac.cpp crc.cpp \ + crc_simd.cpp darn.cpp default.cpp des.cpp dessp.cpp dh.cpp dh2.cpp \ + dll.cpp donna_32.cpp donna_64.cpp donna_sse.cpp dsa.cpp eax.cpp ec2n.cpp \ + eccrypto.cpp ecp.cpp elgamal.cpp emsa2.cpp eprecomp.cpp esign.cpp files.cpp \ + filters.cpp fips140.cpp fipstest.cpp gcm.cpp gcm_simd.cpp gf256.cpp \ + gf2_32.cpp gf2n.cpp gfpcrypt.cpp gost.cpp gzip.cpp hc128.cpp hc256.cpp \ + hex.cpp hight.cpp hmac.cpp hrtimer.cpp ida.cpp idea.cpp iterhash.cpp \ + kalyna.cpp kalynatab.cpp keccak.cpp keccakc.cpp lea.cpp lea_simd.cpp \ + luc.cpp mars.cpp marss.cpp md2.cpp md4.cpp md5.cpp misc.cpp modes.cpp \ + mqueue.cpp mqv.cpp nbtheory.cpp neon_simd.cpp oaep.cpp osrng.cpp \ + padlkrng.cpp panama.cpp pkcspad.cpp poly1305.cpp polynomi.cpp \ + ppc_power7.cpp ppc_power8.cpp ppc_power9.cpp ppc_simd.cpp pssr.cpp \ + pubkey.cpp queue.cpp rabbit.cpp rabin.cpp randpool.cpp rc2.cpp rc5.cpp \ + rc6.cpp rdrand.cpp rdtables.cpp rijndael.cpp rijndael_simd.cpp ripemd.cpp \ + rng.cpp rsa.cpp rw.cpp safer.cpp salsa.cpp scrypt.cpp seal.cpp seed.cpp \ + serpent.cpp sha.cpp sha3.cpp sha_simd.cpp shacal2.cpp shacal2_simd.cpp \ + shark.cpp sharkbox.cpp simeck.cpp simeck_simd.cpp simon.cpp \ + simon128_simd.cpp simon64_simd.cpp skipjack.cpp sm3.cpp sm4.cpp \ + sm4_simd.cpp sosemanuk.cpp speck.cpp speck128_simd.cpp speck64_simd.cpp \ + square.cpp squaretb.cpp sse_simd.cpp strciphr.cpp tea.cpp tftables.cpp \ + threefish.cpp tiger.cpp tigertab.cpp ttmac.cpp tweetnacl.cpp twofish.cpp \ + vmac.cpp wake.cpp whrlpool.cpp xed25519.cpp xtr.cpp xtrcrypt.cpp \ + zdeflate.cpp zinflate.cpp zlib.cpp -LIB_SRCS = cryptlib.cpp cpu.cpp integer.cpp 3way.cpp adler32.cpp algebra.cpp algparam.cpp arc4.cpp aria-simd.cpp aria.cpp ariatab.cpp asn.cpp authenc.cpp base32.cpp base64.cpp basecode.cpp bfinit.cpp blake2-simd.cpp blake2.cpp blowfish.cpp blumshub.cpp camellia.cpp cast.cpp casts.cpp cbcmac.cpp ccm.cpp chacha.cpp channels.cpp cmac.cpp crc-simd.cpp crc.cpp default.cpp des.cpp dessp.cpp dh.cpp dh2.cpp dll.cpp dsa.cpp eax.cpp ec2n.cpp eccrypto.cpp ecp.cpp elgamal.cpp emsa2.cpp eprecomp.cpp esign.cpp files.cpp filters.cpp fips140.cpp fipstest.cpp gcm-simd.cpp gcm.cpp gf256.cpp gf2_32.cpp gf2n.cpp gfpcrypt.cpp gost.cpp gzip.cpp hex.cpp hmac.cpp hrtimer.cpp ida.cpp idea.cpp iterhash.cpp kalyna.cpp kalynatab.cpp keccak.cpp luc.cpp mars.cpp marss.cpp md2.cpp md4.cpp md5.cpp misc.cpp modes.cpp mqueue.cpp mqv.cpp nbtheory.cpp neon-simd.cpp network.cpp oaep.cpp osrng.cpp padlkrng.cpp panama.cpp pkcspad.cpp poly1305.cpp polynomi.cpp pssr.cpp pubkey.cpp queue.cpp rabin.cpp randpool.cpp rc2.cpp rc5.cpp rc6.cpp rdrand.cpp rdtables.cpp rijndael-simd.cpp rijndael.cpp ripemd.cpp rng.cpp rsa.cpp rw.cpp safer.cpp salsa.cpp scrypt.cpp seal.cpp seed.cpp serpent.cpp sha-simd.cpp sha.cpp sha3.cpp shacal2-simd.cpp shacal2.cpp shark.cpp sharkbox.cpp simon.cpp simon-simd.cpp skipjack.cpp sm3.cpp sm4.cpp socketft.cpp sosemanuk.cpp speck.cpp speck-simd.cpp square.cpp squaretb.cpp sse-simd.cpp strciphr.cpp tea.cpp tftables.cpp threefish.cpp tiger.cpp tigertab.cpp trdlocal.cpp ttmac.cpp tweetnacl.cpp twofish.cpp vmac.cpp wait.cpp wake.cpp whrlpool.cpp winpipes.cpp xtr.cpp xtrcrypt.cpp zdeflate.cpp zinflate.cpp zlib.cpp +LIB_OBJS = \ + cryptlib.obj cpu.obj integer.obj 3way.obj adler32.obj algebra.obj \ + algparam.obj arc4.obj aria.obj aria_simd.obj ariatab.obj asn.obj \ + authenc.obj base32.obj base64.obj basecode.obj bfinit.obj blake2.obj \ + blake2b_simd.obj blake2s_simd.obj blowfish.obj blumshub.obj camellia.obj \ + cast.obj casts.obj cbcmac.obj ccm.obj chacha.obj chacha_avx.obj \ + chacha_simd.obj cham.obj cham_simd.obj channels.obj cmac.obj crc.obj \ + crc_simd.obj darn.obj default.obj des.obj dessp.obj dh.obj dh2.obj \ + dll.obj donna_32.obj donna_64.obj donna_sse.obj dsa.obj eax.obj ec2n.obj \ + eccrypto.obj ecp.obj elgamal.obj emsa2.obj eprecomp.obj esign.obj files.obj \ + filters.obj fips140.obj fipstest.obj gcm.obj gcm_simd.obj gf256.obj \ + gf2_32.obj gf2n.obj gfpcrypt.obj gost.obj gzip.obj hc128.obj hc256.obj \ + hex.obj hight.obj hmac.obj hrtimer.obj ida.obj idea.obj iterhash.obj \ + kalyna.obj kalynatab.obj keccak.obj keccakc.obj lea.obj lea_simd.obj \ + luc.obj mars.obj marss.obj md2.obj md4.obj md5.obj misc.obj modes.obj \ + mqueue.obj mqv.obj nbtheory.obj neon_simd.obj oaep.obj osrng.obj \ + padlkrng.obj panama.obj pkcspad.obj poly1305.obj polynomi.obj \ + ppc_power7.obj ppc_power8.obj ppc_power9.obj ppc_simd.obj pssr.obj \ + pubkey.obj queue.obj rabbit.obj rabin.obj randpool.obj rc2.obj rc5.obj \ + rc6.obj rdrand.obj rdtables.obj rijndael.obj rijndael_simd.obj ripemd.obj \ + rng.obj rsa.obj rw.obj safer.obj salsa.obj scrypt.obj seal.obj seed.obj \ + serpent.obj sha.obj sha3.obj sha_simd.obj shacal2.obj shacal2_simd.obj \ + shark.obj sharkbox.obj simeck.obj simeck_simd.obj simon.obj \ + simon128_simd.obj simon64_simd.obj skipjack.obj sm3.obj sm4.obj \ + sm4_simd.obj sosemanuk.obj speck.obj speck128_simd.obj speck64_simd.obj \ + square.obj squaretb.obj sse_simd.obj strciphr.obj tea.obj tftables.obj \ + threefish.obj tiger.obj tigertab.obj ttmac.obj tweetnacl.obj twofish.obj \ + vmac.obj wake.obj whrlpool.obj xed25519.obj xtr.obj xtrcrypt.obj \ + zdeflate.obj zinflate.obj zlib.obj -LIB_OBJS = cryptlib.obj cpu.obj integer.obj 3way.obj adler32.obj algebra.obj algparam.obj arc4.obj aria-simd.obj aria.obj ariatab.obj asn.obj authenc.obj base32.obj base64.obj basecode.obj bfinit.obj blake2-simd.obj blake2.obj blowfish.obj blumshub.obj camellia.obj cast.obj casts.obj cbcmac.obj ccm.obj chacha.obj channels.obj cmac.obj crc-simd.obj crc.obj default.obj des.obj dessp.obj dh.obj dh2.obj dll.obj dsa.obj eax.obj ec2n.obj eccrypto.obj ecp.obj elgamal.obj emsa2.obj eprecomp.obj esign.obj files.obj filters.obj fips140.obj fipstest.obj gcm-simd.obj gcm.obj gf256.obj gf2_32.obj gf2n.obj gfpcrypt.obj gost.obj gzip.obj hex.obj hmac.obj hrtimer.obj ida.obj idea.obj iterhash.obj kalyna.obj kalynatab.obj keccak.obj luc.obj mars.obj marss.obj md2.obj md4.obj md5.obj misc.obj modes.obj mqueue.obj mqv.obj nbtheory.obj neon-simd.obj network.obj oaep.obj osrng.obj padlkrng.obj panama.obj pkcspad.obj poly1305.obj polynomi.obj pssr.obj pubkey.obj queue.obj rabin.obj randpool.obj rc2.obj rc5.obj rc6.obj rdrand.obj rdtables.obj rijndael-simd.obj rijndael.obj ripemd.obj rng.obj rsa.obj rw.obj safer.obj salsa.obj scrypt.obj seal.obj seed.obj serpent.obj sha-simd.obj sha.obj sha3.obj shacal2-simd.obj shacal2.obj shark.obj sharkbox.obj simon.obj simon-simd.obj skipjack.obj sm3.obj sm4.obj socketft.obj sosemanuk.obj speck.obj speck-simd.obj square.obj squaretb.obj sse-simd.obj strciphr.obj tea.obj tftables.obj threefish.obj tiger.obj tigertab.obj trdlocal.obj ttmac.obj tweetnacl.obj twofish.obj vmac.obj wait.obj wake.obj whrlpool.obj winpipes.obj xtr.obj xtrcrypt.obj zdeflate.obj zinflate.obj zlib.obj +TEST_SRCS = \ + test.cpp bench1.cpp bench2.cpp bench3.cpp datatest.cpp \ + dlltest.cpp fipsalgt.cpp validat0.cpp validat1.cpp validat2.cpp \ + validat3.cpp validat4.cpp validat5.cpp validat6.cpp validat7.cpp \ + validat8.cpp validat9.cpp validat10.cpp regtest1.cpp regtest2.cpp \ + regtest3.cpp regtest4.cpp -TEST_SRCS = bench1.cpp bench2.cpp test.cpp validat0.cpp validat1.cpp validat2.cpp validat3.cpp validat4.cpp datatest.cpp regtest1.cpp regtest2.cpp regtest3.cpp fipsalgt.cpp dlltest.cpp fipstest.cpp - -TEST_OBJS = bench1.obj bench2.obj test.obj validat0.obj validat1.obj validat2.obj validat3.obj validat4.obj datatest.obj regtest1.obj regtest2.obj regtest3.obj fipsalgt.obj dlltest.obj fipstest.obj +TEST_OBJS = \ + test.obj bench1.obj bench2.obj bench3.obj datatest.obj \ + dlltest.obj fipsalgt.obj validat0.obj validat1.obj validat2.obj \ + validat3.obj validat4.obj validat5.obj validat6.obj validat7.obj \ + validat8.obj validat9.obj validat10.obj regtest1.obj regtest2.obj \ + regtest3.obj regtest4.obj CXX = cl.exe LD = link.exe @@ -62,14 +131,15 @@ RM = del.exe # C4231 is needed for VS2008 and below. Lots of noise... CXXFLAGS = /nologo /W4 /wd4231 /wd4511 /wd4156 /D_MBCS /Zi /TP /GR /EHsc -LDFLAGS = /nologo /SUBSYSTEM:CONSOLE +LDFLAGS = /nologo /SUBSYSTEM:CONSOLE /DEBUG ARFLAGS = /nologo LDLIBS = -# Debug build +# Debug build. # CXXFLAGS = $(CXXFLAGS) /DDEBUG /D_DEBUG /Oi /Oy- /Od /MTd -# Release build +# Release build. Add /OPT:REF to linker CXXFLAGS = $(CXXFLAGS) /DNDEBUG /D_NDEBUG /Oi /Oy /O2 /MT +LDFLAGS = $(LDFLAGS) /OPT:REF # Attempt to detect when and are available # http://stackoverflow.com/q/40577415 ? @@ -106,9 +176,9 @@ PLATFORM = x64 AS = ml.exe ASFLAGS = /nologo /D_M_X86 /W3 /Cx /Zi /safeseh LIB_SRCS = $(LIB_SRCS) rdrand.cpp rdrand.asm -LIB_OBJS = $(LIB_OBJS) rdrand.obj rdrand-x86.obj +LIB_OBJS = $(LIB_OBJS) rdrand-x86.obj LDFLAGS = $(LDFLAGS) /MACHINE:X86 -LDLIBS = $(LDLIBS) ws2_32.lib kernel32.lib +LDLIBS = $(LDLIBS) kernel32.lib !ENDIF # May need $(VCINSTALLDIR)\bin\amd64\ml64.exe @@ -119,19 +189,19 @@ LDLIBS = $(LDLIBS) ws2_32.lib kernel32.lib AS = ml64.exe ASFLAGS = /nologo /D_M_X64 /W3 /Cx /Zi LIB_SRCS = $(LIB_SRCS) rdrand.cpp rdrand.asm -LIB_OBJS = $(LIB_OBJS) rdrand.obj rdrand-x64.obj x64masm.obj x64dll.obj +LIB_OBJS = $(LIB_OBJS) rdrand-x64.obj x64masm.obj x64dll.obj LDFLAGS = $(LDFLAGS) /MACHINE:X64 -LDLIBS = $(LDLIBS) ws2_32.lib kernel32.lib +LDLIBS = $(LDLIBS) kernel32.lib !ENDIF # We still don't know what we need for ARM64 on Windows. ARM64 and arm64 may be incorrect !IF "$(PLATFORM)" == "ARM" || "$(PLATFORM)" == "arm" || "$(PLATFORM)" == "ARM64" || "$(PLATFORM)" == "arm64" # CXXFLAGS = $(CXXFLAGS) /D_ARM_WINAPI_PARTITION_DESKTOP_SDK_AVAILABLE=1 /DWINAPI_FAMILY=WINAPI_FAMILY_DESKTOP_APP CXXFLAGS = $(CXXFLAGS) /DWINAPI_FAMILY=WINAPI_FAMILY_PHONE_APP -LIB_SRCS = $(LIB_SRCS) neon-simd.cpp -LIB_OBJS = $(LIB_OBJS) neon-simd.obj +LIB_SRCS = $(LIB_SRCS) neon_simd.cpp +LIB_OBJS = $(LIB_OBJS) neon_simd.obj # CXXFLAGS = $(CXXFLAGS) /DWINAPI_FAMILY=WINAPI_FAMILY_APP -# LDLIBS = $(LDLIBS) ws2_32.lib +# LDLIBS = $(LDLIBS) !ENDIF all: cryptest.exe @@ -167,6 +237,13 @@ x64masm.obj: x64dll.obj: $(AS) $(ASFLAGS) /Fo x64dll.obj /c x64dll.asm +# You may need to delete this on early versions of Visual Studio. +# Down-level compilers will simply see chacha_avx.cpp as an empty file. +!IF "$(PLATFORM)" == "x64" || "$(PLATFORM)" == "X64" || "$(PLATFORM)" == "amd64" || "$(PLATFORM)" == "x86" || "$(PLATFORM)" == "X86" +chacha_avx.obj: + $(CXX) $(CXXFLAGS) /arch:AVX /c chacha_avx.cpp +!endif + .cpp.obj: $(CXX) $(CXXFLAGS) /c $< diff --git a/vendor/cryptopp/vendor_cryptopp/cryptest.sh b/vendor/cryptopp/vendor_cryptopp/cryptest.sh index c59cef86..f1a714dc 100755 --- a/vendor/cryptopp/vendor_cryptopp/cryptest.sh +++ b/vendor/cryptopp/vendor_cryptopp/cryptest.sh @@ -81,6 +81,12 @@ MAKE=make DISASS=objdump DISASSARGS=("--disassemble") +# Fixup ancient Bash +# https://unix.stackexchange.com/q/468579/56041 +if [[ -z "$BASH_SOURCE" ]]; then + BASH_SOURCE="$0" +fi + # Fixup, Solaris and friends if [[ (-d /usr/xpg4/bin) ]]; then SED=/usr/xpg4/bin/sed @@ -1009,6 +1015,12 @@ if [[ ("$GCC_COMPILER" -ne "0" || "$CLANG_COMPILER" -ne "0") ]]; then WARNING_CXXFLAGS+=("-Wcast-align" "-Wwrite-strings" "-Wformat=2" "-Wformat-security") fi +# On PowerPC we test the original Altivec load and store with unaligned data. +# Modern compilers generate a warning and recommend the new loads and stores. +if [[ ("$GCC_COMPILER" -ne "0" && ("$IS_PPC32" -ne "0" || "$IS_PPC64" -ne "0") ) ]]; then + WARNING_CXXFLAGS+=("-Wno-deprecated") +fi + echo | tee -a "$TEST_RESULTS" echo "DEBUG_CXXFLAGS: $DEBUG_CXXFLAGS" | tee -a "$TEST_RESULTS" echo "RELEASE_CXXFLAGS: $RELEASE_CXXFLAGS" | tee -a "$TEST_RESULTS" @@ -1161,7 +1173,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t TEST_LIST+=("X86 CRC32 code generation") - OBJFILE=crc-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=crc_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1201,7 +1213,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t TEST_LIST+=("X86 AES-NI code generation") - OBJFILE=rijndael-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=rijndael_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1265,7 +1277,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t TEST_LIST+=("X86 carryless multiply code generation") - OBJFILE=gcm-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=gcm_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1353,7 +1365,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_X86" -ne "0" || "$IS_X64" -ne "0")) ]]; t TEST_LIST+=("X86 SHA code generation") - OBJFILE=sha-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=sha_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1424,7 +1436,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ] TEST_LIST+=("ARM NEON code generation") - OBJFILE=aria-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=aria_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1532,7 +1544,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ] TEST_LIST+=("ARM CRC32 code generation") - OBJFILE=crc-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=crc_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1584,7 +1596,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ] TEST_LIST+=("ARM carryless multiply code generation") - OBJFILE=gcm-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=gcm_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1624,7 +1636,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ] TEST_LIST+=("ARM AES generation") - OBJFILE=rijndael-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=rijndael_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1676,7 +1688,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_ARM32" -ne "0" || "$IS_ARM64" -ne "0")) ] TEST_LIST+=("ARM SHA generation") - OBJFILE=sha-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=sha_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1780,7 +1792,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_PPC32" -ne "0" || "$IS_PPC64" -ne "0")) ] TEST_LIST+=("Power8 AES generation") - OBJFILE=rijndael-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=rijndael_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS $PPC_AES_FLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1843,7 +1855,7 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_PPC32" -ne "0" || "$IS_PPC64" -ne "0")) ] TEST_LIST+=("Power8 SHA generation") - OBJFILE=sha-simd.o; rm -f "$OBJFILE" 2>/dev/null + OBJFILE=sha_simd.o; rm -f "$OBJFILE" 2>/dev/null CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS $PPC_SHA_FLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" COUNT=0 @@ -1866,6 +1878,51 @@ if [[ ("$HAVE_DISASS" -ne "0" && ("$IS_PPC32" -ne "0" || "$IS_PPC64" -ne "0")) ] echo "Verified vshasigmaw and vshasigmad machine instructions" | tee -a "$TEST_RESULTS" fi fi + + ############################################ + # Power8 VMULL + + PPC_VMULL=0 + if [[ ("$PPC_VMULL" -eq "0") ]]; then + "$CXX" -DCRYPTOPP_ADHOC_MAIN -mcpu=power8 adhoc.cpp -o "$TMPDIR/adhoc.exe" > /dev/null 2>&1 + if [[ "$?" -eq "0" ]]; then + PPC_VMULL=1 + PPC_VMULL_FLAGS="-mcpu=power8" + fi + fi + if [[ ("$PPC_VMULL" -eq "0") ]]; then + "$CXX" -DCRYPTOPP_ADHOC_MAIN -qarch=pwr8 adhoc.cpp -o "$TMPDIR/adhoc.exe" > /dev/null 2>&1 + if [[ "$?" -eq "0" ]]; then + PPC_VMULL=1 + PPC_VMULL_FLAGS="-qarch=pwr8" + fi + fi + + if [[ ("$PPC_VMULL" -ne "0") ]]; then + echo + echo "************************************" | tee -a "$TEST_RESULTS" + echo "Testing: Power8 carryless multiply generation" | tee -a "$TEST_RESULTS" + echo + + TEST_LIST+=("Power8 carryless multiply generation") + + OBJFILE=gcm_simd.o; rm -f "$OBJFILE" 2>/dev/null + CXX="$CXX" CXXFLAGS="$RELEASE_CXXFLAGS $PPC_VMULL_FLAGS" "$MAKE" "${MAKEARGS[@]}" $OBJFILE 2>&1 | tee -a "$TEST_RESULTS" + + COUNT=0 + FAILED=0 + DISASS_TEXT=$("$DISASS" "${DISASSARGS[@]}" "$OBJFILE" 2>/dev/null) + + COUNT=$(echo -n "$DISASS_TEXT" | "$GREP" -i -c vpmsum) + if [[ ("$COUNT" -eq "0") ]]; then + FAILED=1 + echo "ERROR: failed to generate vpmsum instruction" | tee -a "$TEST_RESULTS" + fi + + if [[ ("$FAILED" -eq "0") ]]; then + echo "Verified vpmsum machine instruction" | tee -a "$TEST_RESULTS" + fi + fi fi ############################################ @@ -1888,14 +1945,20 @@ if true; then if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS" + # Stop now if things are broke + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 else ./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS" if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS" + # Stop now if things are broke + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 fi ./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS" if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS" + # Stop now if things are broke + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 fi fi @@ -1916,14 +1979,20 @@ if true; then if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then echo "ERROR: failed to make cryptest.exe" | tee -a "$TEST_RESULTS" + # Stop now if things are broke + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 else ./cryptest.exe v 2>&1 | tee -a "$TEST_RESULTS" if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then echo "ERROR: failed to execute validation suite" | tee -a "$TEST_RESULTS" + # Stop now if things are broke + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 fi ./cryptest.exe tv all 2>&1 | tee -a "$TEST_RESULTS" if [[ ("${PIPESTATUS[0]}" -ne "0") ]]; then echo "ERROR: failed to execute test vectors" | tee -a "$TEST_RESULTS" + # Stop now if things are broke + [[ "$0" = "${BASH_SOURCE[0]}" ]] && exit 1 || return 1 fi echo fi diff --git a/vendor/cryptopp/vendor_cryptopp/cryptest.vcxproj b/vendor/cryptopp/vendor_cryptopp/cryptest.vcxproj index 72dfad26..2ac87d9a 100644 --- a/vendor/cryptopp/vendor_cryptopp/cryptest.vcxproj +++ b/vendor/cryptopp/vendor_cryptopp/cryptest.vcxproj @@ -95,10 +95,11 @@ 4231; 4251; 4275; 4355; 4505 + $(AdditionalOptions) NoErrorReport - cryptlib.lib;Ws2_32.lib + cryptlib.lib $(Platform)\Output\$(Configuration) true $(OutDir)\cryptlib.pdb @@ -149,7 +150,7 @@ $(Platform)\DLL_Output\Debug - cryptopp.lib;cryptlib.lib;Ws2_32.lib + cryptopp.lib;cryptlib.lib @@ -158,7 +159,7 @@ $(Platform)\DLL_Output\Release - cryptopp.lib;cryptlib.lib;Ws2_32.lib + cryptopp.lib;cryptlib.lib @@ -199,20 +200,28 @@ + + - + + + + + + + @@ -220,55 +229,79 @@ - + - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + - - - - - - - - - + + + + + + + + + + + + @@ -276,6 +309,8 @@ + + @@ -283,6 +318,7 @@ + @@ -318,6 +354,7 @@ + @@ -331,6 +368,7 @@ + diff --git a/vendor/cryptopp/vendor_cryptopp/cryptest.vcxproj.filters b/vendor/cryptopp/vendor_cryptopp/cryptest.vcxproj.filters index b9728bdf..2dffdb40 100644 --- a/vendor/cryptopp/vendor_cryptopp/cryptest.vcxproj.filters +++ b/vendor/cryptopp/vendor_cryptopp/cryptest.vcxproj.filters @@ -11,7 +11,7 @@ {a634d4f4-ddc0-44b4-9c37-d9ffdddc7b06} - .dat + .dat;.bin {2e247f14-f75a-4e15-9804-dccce165306f} @@ -23,147 +23,214 @@ - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + + + TestVectors + TestVectors - + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - - + + TestVectors - + + + + TestData @@ -182,6 +249,12 @@ TestData + + TestData + + + TestData + TestData @@ -206,6 +279,9 @@ TestData + + TestData + TestData @@ -311,6 +387,9 @@ TestData + + TestData + TestData @@ -350,6 +429,9 @@ TestData + + TestData + TestData @@ -361,12 +443,18 @@ Source Code + + Source Code + Source Code Source Code + + Source Code + Source Code @@ -382,7 +470,7 @@ Source Code - + Source Code @@ -400,6 +488,24 @@ Source Code + + Source Code + + + Source Code + + + Source Code + + + Source Code + + + Source Code + + + Source Code + Source Code diff --git a/vendor/cryptopp/vendor_cryptopp/cryptlib.cpp b/vendor/cryptopp/vendor_cryptopp/cryptlib.cpp index 2b232dcf..c4463b0c 100644 --- a/vendor/cryptopp/vendor_cryptopp/cryptlib.cpp +++ b/vendor/cryptopp/vendor_cryptopp/cryptlib.cpp @@ -22,17 +22,11 @@ #include "fips140.h" #include "argnames.h" #include "fltrimpl.h" -#include "trdlocal.h" #include "osrng.h" #include "secblock.h" #include "smartptr.h" #include "stdcpp.h" -// http://www.cygwin.com/faq.html#faq.api.winsock -#if (defined(__CYGWIN__) || defined(__CYGWIN32__)) && defined(PREFER_WINDOWS_STYLE_SOCKETS) -# error Cygwin does not support Windows style sockets. See http://www.cygwin.com/faq.html#faq.api.winsock -#endif - NAMESPACE_BEGIN(CryptoPP) CRYPTOPP_COMPILE_ASSERT(sizeof(byte) == 1); @@ -150,16 +144,16 @@ size_t BlockTransformation::AdvancedProcessBlocks(const byte *inBlocks, const by CRYPTOPP_ASSERT(outBlocks); CRYPTOPP_ASSERT(length); - const size_t blockSize = BlockSize(); - ptrdiff_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; - ptrdiff_t xorIncrement = xorBlocks ? blockSize : 0; - ptrdiff_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; + const unsigned int blockSize = BlockSize(); + size_t inIncrement = (flags & (BT_InBlockIsCounter|BT_DontIncrementInOutPointers)) ? 0 : blockSize; + size_t xorIncrement = xorBlocks ? blockSize : 0; + size_t outIncrement = (flags & BT_DontIncrementInOutPointers) ? 0 : blockSize; if (flags & BT_ReverseDirection) { - inBlocks += static_cast(length) - blockSize; - xorBlocks += static_cast(length) - blockSize; - outBlocks += static_cast(length) - blockSize; + inBlocks = PtrAdd(inBlocks, length - blockSize); + xorBlocks = PtrAdd(xorBlocks, length - blockSize); + outBlocks = PtrAdd(outBlocks, length - blockSize); inIncrement = 0-inIncrement; xorIncrement = 0-xorIncrement; outIncrement = 0-outIncrement; @@ -184,9 +178,9 @@ size_t BlockTransformation::AdvancedProcessBlocks(const byte *inBlocks, const by if (flags & BT_InBlockIsCounter) const_cast(inBlocks)[blockSize-1]++; - inBlocks += inIncrement; - outBlocks += outIncrement; - xorBlocks += xorIncrement; + inBlocks = PtrAdd(inBlocks, inIncrement); + outBlocks = PtrAdd(outBlocks, outIncrement); + xorBlocks = PtrAdd(xorBlocks, xorIncrement); length -= blockSize; } @@ -992,6 +986,40 @@ int LibraryVersion(CRYPTOPP_NOINLINE_DOTDOTDOT) return CRYPTOPP_BUILD_VERSION; } +class NullNameValuePairs : public NameValuePairs +{ +public: + NullNameValuePairs() {} // Clang complains a default ctor must be avilable + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const + {CRYPTOPP_UNUSED(name); CRYPTOPP_UNUSED(valueType); CRYPTOPP_UNUSED(pValue); return false;} +}; + +#if HAVE_GCC_INIT_PRIORITY + const std::string DEFAULT_CHANNEL __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 25))) = ""; + const std::string AAD_CHANNEL __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 26))) = "AAD"; + const NullNameValuePairs s_nullNameValuePairs __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 27))); + const NameValuePairs& g_nullNameValuePairs = s_nullNameValuePairs; +#elif HAVE_MSC_INIT_PRIORITY + #pragma warning(disable: 4073) + #pragma init_seg(lib) + const std::string DEFAULT_CHANNEL = ""; + const std::string AAD_CHANNEL = "AAD"; + const NullNameValuePairs s_nullNameValuePairs; + const NameValuePairs& g_nullNameValuePairs = s_nullNameValuePairs; + #pragma warning(default: 4073) +#elif HAVE_XLC_INIT_PRIORITY + #pragma priority(260) + const std::string DEFAULT_CHANNEL = ""; + const std::string AAD_CHANNEL = "AAD"; + const NullNameValuePairs s_nullNameValuePairs; + const NameValuePairs& g_nullNameValuePairs = s_nullNameValuePairs; +#else + const std::string DEFAULT_CHANNEL = ""; + const std::string AAD_CHANNEL = "AAD"; + const simple_ptr s_pNullNameValuePairs(new NullNameValuePairs); + const NameValuePairs &g_nullNameValuePairs = *s_pNullNameValuePairs.m_p; +#endif + NAMESPACE_END // CryptoPP #endif // CRYPTOPP_IMPORTS diff --git a/vendor/cryptopp/vendor_cryptopp/cryptlib.h b/vendor/cryptopp/vendor_cryptopp/cryptlib.h index 2167665b..34b98b03 100644 --- a/vendor/cryptopp/vendor_cryptopp/cryptlib.h +++ b/vendor/cryptopp/vendor_cryptopp/cryptlib.h @@ -3,42 +3,45 @@ /// \file cryptlib.h /// \brief Abstract base classes that provide a uniform interface to this library. -/*! \mainpage Crypto++ Library 7.0 API Reference +/*! \mainpage Crypto++ Library 8.0 API Reference
Abstract Base Classes
cryptlib.h
Authenticated Encryption Modes
CCM, EAX, \ref GCM "GCM (2K tables)", \ref GCM "GCM (64K tables)"
Block Ciphers
- \ref Rijndael "AES", ARIA, Weak::ARC4, Blowfish, BTEA, Camellia, CAST128, CAST256, DES, - \ref DES_EDE2 "2-key Triple-DES", \ref DES_EDE3 "3-key Triple-DES", \ref DES_XEX3 "DESX", - GOST, IDEA, \ref LR "Luby-Rackoff", Kalyna (128/256/512), MARS, RC2, RC5, RC6, \ref SAFER_K - "SAFER-K", \ref SAFER_SK "SAFER-SK", SEED, Serpent, \ref SHACAL2 "SHACAL-2", SHARK, SKIPJACK, - SM4, Square, TEA, \ref ThreeWay "3-Way", \ref Threefish256 "Threefish (256/512/1024)", Twofish, XTEA + \ref Rijndael "AES", ARIA, Weak::ARC4, Blowfish, BTEA, \ref CHAM128 "CHAM (64/128)", Camellia, + \ref CAST128 "CAST (128/256)", DES, \ref DES_EDE2 "2-key Triple-DES", \ref DES_EDE3 "3-key Triple-DES", + \ref DES_XEX3 "DESX", GOST, HIGHT, IDEA, LEA, \ref LR "Luby-Rackoff", \ref Kalyna128 "Kalyna (128/256/512)", + MARS, RC2, RC5, RC6, \ref SAFER_K "SAFER-K", \ref SAFER_SK "SAFER-SK", SEED, Serpent, + \ref SHACAL2 "SHACAL-2", SHARK, \ref SIMECK64 "SIMECK (32/64)" SKIPJACK, SM4, Square, TEA, + \ref ThreeWay "3-Way", \ref Threefish256 "Threefish (256/512/1024)", Twofish, XTEA
Stream Ciphers
- ChaCha (ChaCha-8/12/20), \ref Panama "Panama-LE", \ref Panama "Panama-BE", Salsa20, - \ref SEAL "SEAL-LE", \ref SEAL "SEAL-BE", WAKE, XSalsa20 + \ref ChaCha "ChaCha (8/12/20)", \ref HC128 "HC-128/256", \ref Panama "Panama-LE", \ref Panama "Panama-BE", + Rabbit, Salsa20, \ref SEAL "SEAL-LE", \ref SEAL "SEAL-BE", WAKE, XSalsa20
Hash Functions
BLAKE2s, BLAKE2b, \ref Keccak "Keccak (F1600)", SHA1, SHA224, SHA256, SHA384, SHA512, \ref SHA3 "SHA-3", SM3, Tiger, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, SipHash, Whirlpool, Weak::MD2, Weak::MD4, Weak::MD5
Non-Cryptographic Checksums
- CRC32, Adler32 + CRC32, CRC32C, Adler32
Message Authentication Codes
BLAKE2b, BLAKE2s, CBC_MAC, CMAC, DMAC, \ref GCM "GCM (GMAC)", HMAC, Poly1305, TTMAC, VMAC
Random Number Generators
- NullRNG(), LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG, - NIST Hash_DRBG and HMAC_DRBG, \ref MersenneTwister "MersenneTwister (MT19937 and MT19937-AR)", RDRAND, RDSEED + NullRNG, LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG, + NIST Hash_DRBG and HMAC_DRBG, \ref MersenneTwister "MersenneTwister (MT19937 and MT19937-AR)", + DARN, RDRAND, RDSEED
Key Derivation and Password-based Cryptography
HKDF, \ref PKCS12_PBKDF "PBKDF (PKCS #12)", \ref PKCS5_PBKDF1 "PBKDF-1 (PKCS #5)", \ref PKCS5_PBKDF2_HMAC "PBKDF-2/HMAC (PKCS #5)"
Public Key Cryptosystems
DLIES, ECIES, LUCES, RSAES, RabinES, LUC_IES
Public Key Signature Schemes
- DSA2, GDSA, ECDSA, NR, ECNR, LUCSS, RSASS, RSASS_ISO, RabinSS, RWSS, ESIGN + DSA, DSA2, \ref ed25519 "Ed25519", GDSA, ECDSA, NR, ECNR, LUCSS, RSASS, RSASS_ISO, + RabinSS, RWSS, ESIGN
Key Agreement
- DH, DH2, \ref MQV_Domain "MQV", \ref HMQV_Domain "HMQV", \ref FHMQV_Domain "FHMQV", ECDH, ECMQV, ECHMQV, - ECFHMQV, XTR_DH + DH, DH2, \ref x25519 "X25519", \ref MQV_Domain "MQV", \ref HMQV_Domain "HMQV", + \ref FHMQV_Domain "FHMQV", ECDH, x25519, ECMQV, ECHMQV, ECFHMQV, XTR_DH
Algebraic Structures
Integer, PolynomialMod2, PolynomialOver, RingOfPolynomialsOver, ModularArithmetic, MontgomeryRepresentation, GFP2_ONB, GF2NP, GF256, GF2_32, EC2N, ECP @@ -47,9 +50,9 @@
Compression
Deflator, Inflator, Gzip, Gunzip, ZlibCompressor, ZlibDecompressor
Input Source Classes
- StringSource, ArraySource, FileSource, SocketSource, WindowsPipeSource, RandomNumberSource + StringSource, ArraySource, VectorSource, FileSource, RandomNumberSource
Output Sink Classes
- StringSinkTemplate, StringSink, ArraySink, FileSink, SocketSink, WindowsPipeSink, RandomNumberSink + StringSinkTemplate, StringSink, VectorSink, ArraySink, FileSink, RandomNumberSink
Filter Wrappers
StreamTransformationFilter, AuthenticatedEncryptionFilter, AuthenticatedDecryptionFilter, HashFilter, HashVerificationFilter, SignerFilter, SignatureVerificationFilter @@ -57,7 +60,7 @@ HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base64URLEncoder, Base64URLDecoder, Base32Encoder, Base32Decoder
Wrappers for OS features
- Timer, Socket, WindowsHandle, ThreadLocalStorage, ThreadUserTimer + Timer, ThreadUserTimer
@@ -131,7 +134,7 @@ const unsigned long INFINITE_TIME = ULONG_MAX; template struct EnumToType { - static ENUM_TYPE ToEnum() {return (ENUM_TYPE)VALUE;} + static ENUM_TYPE ToEnum() {return static_cast(VALUE);} }; /// \brief Provides the byte ordering @@ -392,6 +395,24 @@ public: CRYPTOPP_DLL int GetIntValueWithDefault(const char *name, int defaultValue) const {return GetValueWithDefault(name, defaultValue);} + /// \brief Get a named value with type word64 + /// \param name the name of the value to retrieve + /// \param value the value retrieved upon success + /// \return true if an word64 value was retrieved, false otherwise + /// \sa GetValue(), GetValueWithDefault(), GetWord64ValueWithDefault(), GetIntValue(), + /// GetIntValueWithDefault(), GetRequiredParameter() and GetRequiredIntParameter() + CRYPTOPP_DLL bool GetWord64Value(const char *name, word64 &value) const + {return GetValue(name, value);} + + /// \brief Get a named value with type word64, with default + /// \param name the name of the value to retrieve + /// \param defaultValue the default value if the name does not exist + /// \return the value retrieved on success or the default value + /// \sa GetValue(), GetValueWithDefault(), GetWord64Value(), GetIntValue(), + /// GetIntValueWithDefault(), GetRequiredParameter() and GetRequiredWord64Parameter() + CRYPTOPP_DLL word64 GetWord64ValueWithDefault(const char *name, word64 defaultValue) const + {return GetValueWithDefault(name, defaultValue);} + /// \brief Ensures an expected name and type is present /// \param name the name of the value /// \param stored the type that was stored for the name @@ -449,63 +470,39 @@ public: CRYPTOPP_DLL virtual bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const =0; }; -/// \brief Interface for retrieving values given their names -/// \details This class is used when no names or values are present. Typically a program uses -/// g_nullNameValuePairs rather than creating its own NullNameValuePairs object. -/// \details NullNameValuePairs always existed in cryptlib.cpp. Crypto++ 6.0 moved NullNameValuePairs -/// into the header. This allowed the library to define g_nullNameValuePairs in the header rather -/// than declaring it as extern and placing the definition in the source file. As an external definition -/// the string g_nullNameValuePairs was subject to static initialization order fiasco problems. -/// \sa NameValuePairs, g_nullNameValuePairs, -/// NameValuePairs on the Crypto++ wiki -class NullNameValuePairs : public NameValuePairs -{ -public: - NullNameValuePairs() {} // Clang complains a default ctor must be avilable - bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const - {CRYPTOPP_UNUSED(name); CRYPTOPP_UNUSED(valueType); CRYPTOPP_UNUSED(pValue); return false;} -}; - -// More static initialization order fiasco workarounds. These definitions cannot be extern and -// cannot be static class members because they require a single definition in a source file. -// User programs should use g_nullNameValuePairs rather than s_nullNameValuePairs. -static const NullNameValuePairs s_nullNameValuePairs; - // Doxygen cannot handle initialization #if CRYPTOPP_DOXYGEN_PROCESSING /// \brief Default channel for BufferedTransformation /// \details DEFAULT_CHANNEL is equal to an empty string -/// \details Crypto++ 6.0 placed DEFAULT_CHANNEL in the header, rather than declaring it as extern and -/// placing the definition in the source file. As an external definition the string DEFAULT_CHANNEL -/// was subject to static initialization order fiasco problems. +/// \details The definition for DEFAULT_CHANNEL is in cryptlib.cpp. +/// It can be subject to Static +/// Initialization Order Fiasco. If you experience a crash in +/// DEFAULT_CHANNEL where the string object is NULL, then you probably have +/// a global object using DEFAULT_CHANNEL before it has been constructed. const std::string DEFAULT_CHANNEL; /// \brief Channel for additional authenticated data /// \details AAD_CHANNEL is equal to "AAD" -/// \details Crypto++ 6.0 placed AAD_CHANNEL in the header, rather than declaring it as extern and -/// placing the definition in the source file. As an external definition the string AAD_CHANNEL -/// was subject to static initialization order fiasco problems. +/// \details The definition for AAD_CHANNEL is in cryptlib.cpp. +/// It can be subject to Static +/// Initialization Order Fiasco. If you experience a crash in +/// AAD_CHANNEL where the string object is NULL, then you probably have a +/// global object using AAD_CHANNEL before it has been constructed. const std::string AAD_CHANNEL; /// \brief An empty set of name-value pairs -/// \details Crypto++ 6.0 placed g_nullNameValuePairs in the header, rather than declaring it as extern -/// and placing the definition in the source file. As an external definition the g_nullNameValuePairs -/// was subject to static initialization order fiasco problems. -const NameValuePairs g_nullNameValuePairs; +/// \details The definition for g_nullNameValuePairs is in cryptlib.cpp. +/// It can be subject to Static +/// Initialization Order Fiasco. If you experience a crash in +/// g_nullNameValuePairs where the string object is NULL, then you probably +/// have a global object using g_nullNameValuePairs before it has been +/// constructed. +const NameValuePairs& g_nullNameValuePairs; -// Sun Studio 12.3 and earlier can't handle NameValuePairs initialization -#elif defined(__SUNPRO_CC) && (__SUNPRO_CC < 0x5130) -static const std::string DEFAULT_CHANNEL; -static const std::string AAD_CHANNEL = "AAD"; -static const NameValuePairs& g_nullNameValuePairs = s_nullNameValuePairs; - -// We don't really want static here since it detracts from public symbol visibility, but the Windows -// DLL fails to compile when the symbols are only const. Apparently Microsoft compilers don't treat -// const the same as static in a translation unit for visibility under C++. #else -static const std::string DEFAULT_CHANNEL; -static const std::string AAD_CHANNEL("AAD"); -static const NameValuePairs& g_nullNameValuePairs(s_nullNameValuePairs); +extern const std::string DEFAULT_CHANNEL; +extern const std::string AAD_CHANNEL; +extern const NameValuePairs& g_nullNameValuePairs; #endif // Document additional name spaces which show up elsewhere in the sources. @@ -587,11 +584,28 @@ public: /// \brief Provides the name of this algorithm /// \return the standard algorithm name - /// \details The standard algorithm name can be a name like \a AES or \a AES/GCM. Some algorithms - /// do not have standard names yet. For example, there is no standard algorithm name for - /// Shoup's ECIES. - /// \note AlgorithmName is not universally implemented yet + /// \details The standard algorithm name can be a name like AES or AES/GCM. + /// Some algorithms do not have standard names yet. For example, there is no standard + /// algorithm name for Shoup's ECIES. + /// \note AlgorithmName is not universally implemented yet. virtual std::string AlgorithmName() const {return "unknown";} + + /// \brief Retrieve the provider of this algorithm + /// \return the algorithm provider + /// \details The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI", + /// "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE, + /// usually indicate a specialized implementation using instructions from a higher + /// instruction set architecture (ISA). Future labels may include external hardware + /// like a hardware security module (HSM). + /// \details Generally speaking Wei Dai's original IA-32 ASM code falls under "SSE2". + /// Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics + /// instead of ASM. + /// \details Algorithms which combine different instructions or ISAs provide the + /// dominant one. For example on x86 AES/GCM returns "AESNI" rather than + /// "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL". + /// \note Provider is not universally implemented yet. + /// \since Crypto++ 8.0 + virtual std::string AlgorithmProvider() const {return "C++";} }; /// \brief Interface for algorithms that take byte strings as keys @@ -604,11 +618,13 @@ public: /// \brief Returns smallest valid key length /// \returns the minimum key length, in bytes virtual size_t MinKeyLength() const =0; + /// \brief Returns largest valid key length /// \returns the maximum key length, in bytes virtual size_t MaxKeyLength() const =0; + /// \brief Returns default key length - /// \returns the default (recommended) key length, in bytes + /// \returns the default key length, in bytes virtual size_t DefaultKeyLength() const =0; /// \brief Returns a valid key length for the algorithm @@ -647,7 +663,7 @@ public: /// \brief Sets or reset the key of this object /// \param key the key to use when keying the object /// \param length the size of the key, in bytes - /// \param iv the intiialization vector to use when keying the object + /// \param iv the initialization vector to use when keying the object /// \param ivLength the size of the iv, in bytes /// \details SetKeyWithIV() calls SetKey() with a NameValuePairs /// that only specifies IV. The IV is a byte buffer with size ivLength. @@ -657,7 +673,7 @@ public: /// \brief Sets or reset the key of this object /// \param key the key to use when keying the object /// \param length the size of the key, in bytes - /// \param iv the intiialization vector to use when keying the object + /// \param iv the initialization vector to use when keying the object /// \details SetKeyWithIV() calls SetKey() with a NameValuePairs() object /// that only specifies iv. iv is a byte buffer, and it must have /// a size IVSize(). @@ -665,9 +681,12 @@ public: {SetKeyWithIV(key, length, iv, IVSize());} /// \brief Secure IVs requirements as enumerated values. - /// \details Provides secure IV requirements as a monotonically increasing enumerated values. Requirements can be - /// compared using less than (<) and greater than (>). For example, UNIQUE_IV < RANDOM_IV - /// and UNPREDICTABLE_RANDOM_IV > RANDOM_IV. + /// \details Provides secure IV requirements as a monotonically increasing enumerated values. + /// Requirements can be compared using less than (<) and greater than (>). For example, + /// UNIQUE_IV < RANDOM_IV and UNPREDICTABLE_RANDOM_IV > RANDOM_IV. + /// \details Objects that use SimpleKeyingInterface do not support an optional IV. That is, + /// an IV must be present or it must be absent. If you wish to support an optional IV then + /// provide two classes - one with an IV and one without an IV. /// \sa IsResynchronizable(), CanUseRandomIVs(), CanUsePredictableIVs(), CanUseStructuredIVs() enum IV_Requirement { /// \brief The IV must be unique @@ -1412,7 +1431,7 @@ public: }; /// \brief Interface for key derivation functions -/// \since Crypto++ 6.2 +/// \since Crypto++ 7.0 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE KeyDerivationFunction : public Algorithm { public: @@ -1476,7 +1495,7 @@ protected: }; /// \brief Interface for password based key derivation functions -/// \since Crypto++ 6.2 +/// \since Crypto++ 7.0 struct PasswordBasedKeyDerivationFunction : public KeyDerivationFunction { }; @@ -2333,8 +2352,11 @@ public: /// \details DoQuickSanityCheck() is for internal library use, and it should not be called by library users. void DoQuickSanityCheck() const {ThrowIfInvalid(NullRNG(), 0);} -#if (defined(__SUNPRO_CC) && __SUNPRO_CC < 0x590) - // Sun Studio 11/CC 5.8 workaround: it generates incorrect code when casting to an empty virtual base class +#if defined(__SUNPRO_CC) + // Sun Studio 11/CC 5.8 workaround: it generates incorrect code + // when casting to an empty virtual base class. JW, 2018: It is + // still a problem in Sun Studio 12.6/CC 5.15 on i386. Just enable + // it everywhere in case it affects SPARC (which we don't test). char m_sunCCworkaround; #endif }; diff --git a/vendor/cryptopp/vendor_cryptopp/cryptlib.vcxproj b/vendor/cryptopp/vendor_cryptopp/cryptlib.vcxproj index f57d8fe1..9bf9c1ad 100644 --- a/vendor/cryptopp/vendor_cryptopp/cryptlib.vcxproj +++ b/vendor/cryptopp/vendor_cryptopp/cryptlib.vcxproj @@ -95,6 +95,7 @@ 4231; 4251; 4275; 4355; 4505 Use pch.h + $(AdditionalOptions)
NoErrorReport @@ -172,7 +173,7 @@ - + @@ -181,7 +182,8 @@ - + + @@ -190,10 +192,19 @@ + + + + true + AdvancedVectorExtensions2 + + + - + + @@ -202,6 +213,9 @@ + + + @@ -220,14 +234,17 @@ - + + + + @@ -238,6 +255,9 @@ + + + @@ -249,7 +269,6 @@ - @@ -265,13 +284,14 @@ + - + @@ -283,40 +303,42 @@ - + - + + + - + + - + - + + - + - - - + @@ -361,7 +383,7 @@ - + @@ -381,18 +403,24 @@ + + + + + + @@ -415,7 +443,10 @@ + + + @@ -426,7 +457,9 @@ + + @@ -441,7 +474,6 @@ - @@ -458,6 +490,7 @@ + @@ -480,13 +513,13 @@ + - @@ -496,17 +529,15 @@ - - - + diff --git a/vendor/cryptopp/vendor_cryptopp/cryptlib.vcxproj.filters b/vendor/cryptopp/vendor_cryptopp/cryptlib.vcxproj.filters index e3060ef0..51fff69a 100644 --- a/vendor/cryptopp/vendor_cryptopp/cryptlib.vcxproj.filters +++ b/vendor/cryptopp/vendor_cryptopp/cryptlib.vcxproj.filters @@ -32,7 +32,7 @@ Source Files - + Source Files @@ -59,7 +59,10 @@ Source Files - + + Source Files + + Source Files @@ -86,6 +89,18 @@ Source Files + + Source Files + + + Source Files + + + Source Files + + + Source Files + Source Files @@ -98,12 +113,15 @@ Source Files - + Source Files Source Files + + Source Files + Source Files @@ -122,6 +140,15 @@ Source Files + + Source Files + + + Source Files + + + Source Files + Source Files @@ -164,7 +191,7 @@ Source Files - + Source Files @@ -185,9 +212,18 @@ Source Files + + Source Files + + + Source Files + Source Files + + Source Files + Source Files @@ -215,6 +251,15 @@ Source Files + + Source Files + + + Source Files + + + Source Files + Source Files @@ -248,9 +293,6 @@ Source Files - - Source Files - Source Files @@ -290,6 +332,9 @@ Source Files + + Source Files + Source Files @@ -308,7 +353,7 @@ Source Files - + Source Files @@ -344,7 +389,7 @@ Source Files - + Source Files @@ -353,7 +398,7 @@ Source Files - + Source Files @@ -362,10 +407,19 @@ Source Files + + Source Files + + + Source Files + Source Files - + + Source Files + + Source Files @@ -380,13 +434,16 @@ Source Files + + Source Files + Source Files - + Source Files - + Source Files @@ -398,7 +455,7 @@ Source Files - + Source Files @@ -419,9 +476,6 @@ Source Files - - Source Files - Source Files @@ -434,16 +488,13 @@ Source Files - - Source Files - Source Files Source Files - + Source Files @@ -483,7 +534,7 @@ Header Files - + Header Files @@ -540,6 +591,9 @@ Header Files + + Header Files + Header Files @@ -558,6 +612,9 @@ Header Files + + Header Files + Header Files @@ -579,6 +636,18 @@ Header Files + + Header Files + + + Header Files + + + Header Files + + + Header Files + Header Files @@ -642,9 +711,18 @@ Header Files + + Header Files + + + Header Files + Header Files + + Header Files + Header Files @@ -675,9 +753,15 @@ Header Files + + Header Files + Header Files + + Header Files + Header Files @@ -720,9 +804,6 @@ Header Files - - Header Files - Header Files @@ -771,6 +852,9 @@ Header Files + + Header Files + Header Files @@ -834,6 +918,9 @@ Header Files + + Header Files + Header Files @@ -858,9 +945,6 @@ Header Files - - Header Files - Header Files @@ -885,9 +969,6 @@ Header Files - - Header Files - Header Files @@ -903,19 +984,16 @@ Header Files - - Header Files - Header Files Header Files - + Header Files - + Header Files diff --git a/vendor/cryptopp/vendor_cryptopp/cryptopp.mapfile b/vendor/cryptopp/vendor_cryptopp/cryptopp.mapfile index 62a99171..a8f15303 100644 --- a/vendor/cryptopp/vendor_cryptopp/cryptopp.mapfile +++ b/vendor/cryptopp/vendor_cryptopp/cryptopp.mapfile @@ -1,3 +1,15 @@ -# Solaris mapfile to override hardware caps to avoid kills +# Solaris mapfile to override hardware caps to avoid load-time kills. Thanks to Andrew Henle +# for the mapfile version 1 syntax. Also see https://stackoverflow.com/q/53210019/608639 and +# https://www.oracle.com/technetwork/server-storage/solaris/hwcap-modification-139536.html -hwcap_1 = SSE SSE2 OVERRIDE; +# Use this if you need $mapfile_version 1. Unfortunately, it does +# not work. The linker does not remove hwcap_2 capabilities. +# hwcap_1 = SSE SSE2 OVERRIDE; +# hwcap_2 = V0x0; + +# This will clear all caps, but it does not work on Solaris 9 +$mapfile_version 2 +CAPABILITY { + HW_1 = ; + HW_2 = ; +}; diff --git a/vendor/cryptopp/vendor_cryptopp/cryptopp.rc b/vendor/cryptopp/vendor_cryptopp/cryptopp.rc index 58941a39..0ccf2390 100644 --- a/vendor/cryptopp/vendor_cryptopp/cryptopp.rc +++ b/vendor/cryptopp/vendor_cryptopp/cryptopp.rc @@ -27,8 +27,8 @@ LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US // VS_VERSION_INFO VERSIONINFO - FILEVERSION 7,0,0,0 - PRODUCTVERSION 7,0,0,0 + FILEVERSION 8,0,0,0 + PRODUCTVERSION 8,0,0,0 FILEFLAGSMASK 0x3fL #ifdef _DEBUG FILEFLAGS 0x1L @@ -46,13 +46,13 @@ BEGIN VALUE "Comments", "Free crypto library, more information available at www.cryptopp.com" VALUE "CompanyName", "Wei Dai" VALUE "FileDescription", "Crypto++® Library DLL" - VALUE "FileVersion", "7, 0, 0, 0" + VALUE "FileVersion", "8, 0, 0, 0" VALUE "InternalName", "cryptopp" VALUE "LegalCopyright", "Copyright© 1995-2018 by Wei Dai" VALUE "LegalTrademarks", "Crypto++®" VALUE "OriginalFilename", "cryptopp.dll" VALUE "ProductName", "Crypto++® Library" - VALUE "ProductVersion", "7, 0, 0, 0" + VALUE "ProductVersion", "8, 0, 0, 0" END END BLOCK "VarFileInfo" diff --git a/vendor/cryptopp/vendor_cryptopp/darn.cpp b/vendor/cryptopp/vendor_cryptopp/darn.cpp new file mode 100644 index 00000000..eedabc58 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/darn.cpp @@ -0,0 +1,235 @@ +// darn.cpp - written and placed in public domain by Jeffrey Walton + +#include "pch.h" +#include "config.h" +#include "cryptlib.h" +#include "secblock.h" +#include "darn.h" +#include "cpu.h" + +// At the moment only GCC 7.0 (and above) seems to support __builtin_darn() +// and __builtin_darn_32(). Clang 7.0 does not provide them, but it does +// support assembly instructions. XLC is unknown, but there are no hits when +// searching IBM's site. To cover more platforms we provide GCC inline +// assembly like we do with RDRAND and RDSEED. Platforms that don't support +// GCC inline assembly or the builtin will fail the compile. + +// Inline assembler available in GCC 3.2 or above. For practical +// purposes we check for GCC 4.0 or above. GCC imposters claim +// to be GCC 4.2.1 so it will capture them, too. We exclude the +// Apple machines because they are not Power9 and use a slightly +// different syntax in their assembler. +#if ((__GNUC__ >= 4) || defined(__IBM_GCC_ASM)) && !defined(__APPLE__) +# define GCC_DARN_ASM_AVAILABLE 1 +#endif + +// warning C4702: unreachable code +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4702) +#endif + +///////////////////////////////////////////////////////////////////// +///////////////////////////////////////////////////////////////////// + +NAMESPACE_BEGIN(CryptoPP) + +#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) + +// *************************** 32-bit *************************** // + +#if (CRYPTOPP_BOOL_PPC32) + +// Fills 4 bytes, buffer must be aligned +inline void DARN32(void* output) +{ + CRYPTOPP_ASSERT(IsAlignedOn(output, GetAlignmentOf())); + word32* ptr = reinterpret_cast(output); + +#if defined(GCC_DARN_ASM_AVAILABLE) + // This is "darn r3, 0". When L=0 a 32-bit conditioned word + // is returned. On failure 0xffffffffffffffff is returned. + // The Power manual recommends only checking the low 32-bit + // word for this case. See Power ISA 3.0 specification, p. 78. + do + { + __asm__ __volatile__ ( + #if (CRYPTOPP_BIG_ENDIAN) + ".byte 0x7c, 0x60, 0x05, 0xe6 \n\t" // r3 = darn 3, 0 + "mr %0, 3 \n\t" // val = r3 + #else + ".byte 0xe6, 0x05, 0x60, 0x7c \n\t" // r3 = darn 3, 0 + "mr %0, 3 \n\t" // val = r3 + #endif + : "=r" (*ptr) : : "r3" + ); + } while (*ptr == 0xFFFFFFFFu); +#elif defined(_ARCH_PWR9) + // This is probably going to break some platforms. + // We will deal with them as we encounter them. + *ptr = __builtin_darn_32(); +#elif defined(__APPLE__) + // Nop. Apple G4 and G5 machines are too old. They will + // avoid this code path because HasPower9() returns false. + CRYPTOPP_ASSERT(0); +#else + // Catch other compile breaks + int XXX[-1]; +#endif +} +#endif // PPC32 + +// *************************** 64-bit *************************** // + +#if (CRYPTOPP_BOOL_PPC64) + +// Fills 8 bytes, buffer must be aligned +inline void DARN64(void* output) +{ + CRYPTOPP_ASSERT(IsAlignedOn(output, GetAlignmentOf())); + word64* ptr = reinterpret_cast(output); + +#if defined(GCC_DARN_ASM_AVAILABLE) + // This is "darn r3, 1". When L=1 a 64-bit conditioned word + // is returned. On failure 0xffffffffffffffff is returned. + // See Power ISA 3.0 specification, p. 78. + do + { + __asm__ __volatile__ ( + #if (CRYPTOPP_BIG_ENDIAN) + ".byte 0x7c, 0x61, 0x05, 0xe6 \n\t" // r3 = darn 3, 1 + "mr %0, 3 \n\t" // val = r3 + #else + ".byte 0xe6, 0x05, 0x61, 0x7c \n\t" // r3 = darn 3, 1 + "mr %0, 3 \n\t" // val = r3 + #endif + : "=r" (*ptr) : : "r3" + ); + } while (*ptr == 0xFFFFFFFFFFFFFFFFull); +#elif defined(_ARCH_PWR9) + // This is probably going to break some platforms. + // We will deal with them as we encounter them. + *ptr = __builtin_darn(); +#elif defined(__APPLE__) + // Nop. Apple G4 and G5 machines are too old. They will + // avoid this code path because HasPower9() returns false. + CRYPTOPP_ASSERT(0); +#else + // Catch other compile breaks + int XXX[-1]; +#endif +} +#endif // PPC64 + +// ************************ Standard C++ ************************ // + +DARN::DARN() +{ + if (!HasDARN()) + throw DARN_Err("HasDARN"); + + // Scratch buffer in case user buffers are unaligned. + m_temp.New(8); +} + +void DARN::GenerateBlock(byte *output, size_t size) +{ + CRYPTOPP_ASSERT((output && size) || !(output || size)); + if (size == 0) return; + size_t i = 0; + +#if (CRYPTOPP_BOOL_PPC64) + + // Check alignment + i = reinterpret_cast(output) & 0x7; + if (i != 0) + { + DARN64(m_temp); + std::memcpy(output, m_temp, i); + + output += i; + size -= i; + } + + // Output is aligned + for (i = 0; i < size/8; i++) + DARN64(output+i*8); + + output += i*8; + size -= i*8; + + if (size) + { + DARN64(m_temp); + std::memcpy(output, m_temp, size); + } + +#elif (CRYPTOPP_BOOL_PPC32) + + // Check alignment + i = reinterpret_cast(output) & 0x3; + if (i != 0) + { + DARN32(m_temp); + std::memcpy(output, m_temp, i); + + output += i; + size -= i; + } + + for (i = 0; i < size/4; i++) + DARN32(output+i*4); + + output += 4; + size -= 4; + + if (size) + { + DARN32(m_temp); + std::memcpy(output, m_temp, size); + } + +#else + // No suitable compiler found + CRYPTOPP_UNUSED(output); + throw NotImplemented("DARN: failed to find a suitable implementation"); +#endif +} + +void DARN::DiscardBytes(size_t n) +{ + // RoundUpToMultipleOf is used because a full word is read, and its cheaper + // to discard full words. There's no sense in dealing with tail bytes. + FixedSizeSecBlock discard; + n = RoundUpToMultipleOf(n, sizeof(word64)); + + size_t count = STDMIN(n, discard.SizeInBytes()); + while (count) + { + GenerateBlock(discard.BytePtr(), count); + n -= count; + count = STDMIN(n, discard.SizeInBytes()); + } +} + +#else // not PPC32 or PPC64 + +DARN::DARN() +{ + throw DARN_Err("HasDARN"); +} + +void DARN::GenerateBlock(byte *output, size_t size) +{ + // Constructor will throw, should not get here + CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(size); +} + +void DARN::DiscardBytes(size_t n) +{ + // Constructor will throw, should not get here + CRYPTOPP_UNUSED(n); +} + +#endif // PPC32 or PPC64 + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/darn.h b/vendor/cryptopp/vendor_cryptopp/darn.h new file mode 100644 index 00000000..91a22d0e --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/darn.h @@ -0,0 +1,94 @@ +// darn.h - written and placed in public domain by Jeffrey Walton +// DARN requires POWER9/ISA 3.0. + +// At the moment only GCC 7.0 (and above) seems to support __builtin_darn() +// and __builtin_darn_32(). Clang 7.0 does not provide them, but it does +// support assembly instructions. XLC is unknown, but there are no hits when +// searching IBM's site. To cover more platforms we provide GCC inline +// assembly like we do with RDRAND and RDSEED. Platforms that don't support +// GCC inline assembly or the builtin will fail the compile. Also see +// https://gcc.gnu.org/onlinedocs/gcc/Basic-PowerPC-Built-in-Functions-Available-on-ISA-3_002e0.html + +/// \file darn.h +/// \brief Classes for DARN RNG +/// \sa Power +/// ISA Version 3.0B +/// \since Crypto++ 8.0 + +#ifndef CRYPTOPP_DARN_H +#define CRYPTOPP_DARN_H + +#include "cryptlib.h" + +NAMESPACE_BEGIN(CryptoPP) + +/// \brief Exception thrown when a DARN generator encounters +/// a generator related error. +/// \since Crypto++ 8.0 +class DARN_Err : public Exception +{ +public: + DARN_Err(const std::string &operation) + : Exception(OTHER_ERROR, "DARN: " + operation + " operation failed") {} +}; + +/// \brief Hardware generated random numbers using DARN instruction +/// \details DARN() provides access to Power9's random number generator. The +/// Crypto++ implementation provides conditioned random numbers from the +/// generator as opposed to raw random numbers. According to Power ISA 3.0B +/// manual, a conditioned random number has been processed by hardware to +/// reduce bias. A raw random number is unconditioned noise source output. +/// \details According to Power ISA 3.0B manual, the random number generator +/// provided by the darn instruction is NIST SP800-90B and SP800-90C +/// compliant to the extent possible given the completeness of the standards +/// at the time the hardware is designed. The random number generator provides +/// a minimum of 0.5 bits of entropy per bit. +/// \par Wraps +/// darn instruction +/// \sa Power +/// ISA Version 3.0B, MaurerRandomnessTest() for random bit generators +/// \since Crypto++ 8.0 +class DARN : public RandomNumberGenerator +{ +public: + CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "DARN"; } + + virtual ~DARN() {} + + /// \brief Construct a DARN generator + /// \throws DARN_Err if the random number generator is not available + DARN(); + + /// \brief Generate random array of bytes + /// \param output the byte buffer + /// \param size the length of the buffer, in bytes + virtual void GenerateBlock(byte *output, size_t size); + + /// \brief Generate and discard n bytes + /// \param n the number of bytes to generate and discard + /// \details the RDSEED generator discards words, not bytes. If n is + /// not a multiple of a machine word, then it is rounded up to + /// that size. + virtual void DiscardBytes(size_t n); + + /// \brief Update RNG state with additional unpredictable values + /// \param input unused + /// \param length unused + /// \details The operation is a nop for this generator. + virtual void IncorporateEntropy(const byte *input, size_t length) + { + // Override to avoid the base class' throw. + CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(length); + } + + std::string AlgorithmProvider() const { + return "Power9"; + } + +private: + SecBlock > m_temp; +}; + +NAMESPACE_END + +#endif // CRYPTOPP_DARN_H diff --git a/vendor/cryptopp/vendor_cryptopp/datatest.cpp b/vendor/cryptopp/vendor_cryptopp/datatest.cpp index 40eb7f86..6a15ecb2 100644 --- a/vendor/cryptopp/vendor_cryptopp/datatest.cpp +++ b/vendor/cryptopp/vendor_cryptopp/datatest.cpp @@ -16,8 +16,11 @@ #include "smartptr.h" #include "validate.h" #include "stdcpp.h" +#include "trap.h" + #include #include +#include // Aggressive stack checking with VS2005 SP1 and above. #if (_MSC_FULL_VER >= 140050727) @@ -28,6 +31,12 @@ # pragma warning(disable: 4505 4355) #endif +#ifdef _MSC_VER +# define STRTOUL64 _strtoui64 +#else +# define STRTOUL64 strtoull +#endif + NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(Test) @@ -42,8 +51,37 @@ public: static const TestData *s_currentTestData = NULLPTR; +std::string TrimSpace(std::string str) +{ + if (str.empty()) return ""; + + const std::string whitespace(" \r\t\n"); + std::string::size_type beg = str.find_first_not_of(whitespace); + std::string::size_type end = str.find_last_not_of(whitespace); + + if (beg != std::string::npos && end != std::string::npos) + return str.substr(beg, end+1); + else if (beg != std::string::npos) + return str.substr(beg); + else + return ""; +} + +std::string TrimComment(std::string str) +{ + if (str.empty()) return ""; + + std::string::size_type first = str.find("#"); + + if (first != std::string::npos) + return TrimSpace(str.substr(0, first)); + else + return TrimSpace(str); +} + static void OutputTestData(const TestData &v) { + std::cerr << "\n"; for (TestData::const_iterator i = v.begin(); i != v.end(); ++i) { std::cerr << i->first << ": " << i->second << std::endl; @@ -62,10 +100,14 @@ static void SignalUnknownAlgorithmError(const std::string& algType) throw Exception(Exception::OTHER_ERROR, "Unknown algorithm " + algType + " during validation test"); } -static void SignalTestError() +static void SignalTestError(const char* msg = NULLPTR) { OutputTestData(*s_currentTestData); - throw Exception(Exception::OTHER_ERROR, "Unexpected error during validation test"); + + if (msg) + throw Exception(Exception::OTHER_ERROR, msg); + else + throw Exception(Exception::OTHER_ERROR, "Unexpected error during validation test"); } bool DataExists(const TestData &data, const char *name) @@ -78,7 +120,10 @@ const std::string & GetRequiredDatum(const TestData &data, const char *name) { TestData::const_iterator i = data.find(name); if (i == data.end()) - SignalTestError(); + { + std::string msg("Required datum \"" + std::string(name) + "\" missing"); + SignalTestError(msg.c_str()); + } return i->second; } @@ -111,7 +156,8 @@ void PutDecodedDatumInto(const TestData &data, const char *name, BufferedTransfo int repeat = 1; if (s1[0] == 'r') { - repeat = ::atoi(s1.c_str()+1); + s1 = s1.erase(0, 1); + repeat = ::atoi(s1.c_str()); s1 = s1.substr(s1.find(' ')+1); } @@ -126,7 +172,7 @@ void PutDecodedDatumInto(const TestData &data, const char *name, BufferedTransfo while (iss >> std::skipws >> std::hex >> value) { value = ConditionalByteReverse(LITTLE_ENDIAN_ORDER, value); - q.Put((const byte *)&value, 8); + q.Put(reinterpret_cast(&value), 8); } } else @@ -135,7 +181,7 @@ void PutDecodedDatumInto(const TestData &data, const char *name, BufferedTransfo while (iss >> std::skipws >> std::hex >> value) { value = ConditionalByteReverse(LITTLE_ENDIAN_ORDER, value); - q.Put((const byte *)&value, 4); + q.Put(reinterpret_cast(&value), 4); } } goto end; @@ -162,7 +208,7 @@ void PutDecodedDatumInto(const TestData &data, const char *name, BufferedTransfo while (repeat--) { - q.Put((const byte *)s2.data(), s2.size()); + q.Put(reinterpret_cast(&s2[0]), s2.size()); RandomizedTransfer(q, target, false); } } @@ -217,13 +263,23 @@ public: if (valueType == typeid(int)) *reinterpret_cast(pValue) = atoi(value.c_str()); + else if (valueType == typeid(word64)) + { + std::string x(value); errno = 0; + const char* beg = &x[0]; + char* end = &x[0] + value.size(); + + *reinterpret_cast(pValue) = STRTOUL64(beg, &end, 0); + if (errno != 0) + return false; + } else if (valueType == typeid(Integer)) *reinterpret_cast(pValue) = Integer((std::string(value) + "h").c_str()); else if (valueType == typeid(ConstByteArrayParameter)) { m_temp.clear(); PutDecodedDatumInto(m_data, name, StringSink(m_temp).Ref()); - reinterpret_cast(pValue)->Assign((const byte *)&m_temp[0], m_temp.size(), false); + reinterpret_cast(pValue)->Assign(reinterpret_cast(&m_temp[0]), m_temp.size(), false); } else throw ValueTypeMismatch(name, typeid(std::string), valueType); @@ -262,6 +318,8 @@ void TestSignatureScheme(TestData &v) // Code coverage (void)signer->AlgorithmName(); (void)verifier->AlgorithmName(); + (void)signer->AlgorithmProvider(); + (void)verifier->AlgorithmProvider(); TestDataNameValuePairs pairs(v); @@ -306,8 +364,9 @@ void TestSignatureScheme(TestData &v) { TestKeyPairValidAndConsistent(verifier->AccessMaterial(), signer->GetMaterial()); SignatureVerificationFilter verifierFilter(*verifier, NULLPTR, SignatureVerificationFilter::THROW_EXCEPTION); - verifierFilter.Put((const byte *)"abc", 3); - StringSource ss("abc", true, new SignerFilter(Test::GlobalRNG(), *signer, new Redirector(verifierFilter))); + const byte msg[3] = {'a', 'b', 'c'}; + verifierFilter.Put(msg, sizeof(msg)); + StringSource ss(msg, sizeof(msg), true, new SignerFilter(Test::GlobalRNG(), *signer, new Redirector(verifierFilter))); } else if (test == "Sign") { @@ -332,7 +391,8 @@ void TestSignatureScheme(TestData &v) } else { - SignalTestError(); + std::string msg("Unknown signature test \"" + test + "\""); + SignalTestError(msg.c_str()); CRYPTOPP_ASSERT(false); } } @@ -348,6 +408,8 @@ void TestAsymmetricCipher(TestData &v) // Code coverage (void)encryptor->AlgorithmName(); (void)decryptor->AlgorithmName(); + (void)encryptor->AlgorithmProvider(); + (void)decryptor->AlgorithmProvider(); std::string keyFormat = GetRequiredDatum(v, "KeyFormat"); @@ -376,7 +438,8 @@ void TestAsymmetricCipher(TestData &v) } else { - SignalTestError(); + std::string msg("Unknown asymmetric cipher test \"" + test + "\""); + SignalTestError(msg.c_str()); CRYPTOPP_ASSERT(false); } } @@ -406,6 +469,8 @@ void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters) // Code coverage (void)encryptor->AlgorithmName(); (void)decryptor->AlgorithmName(); + (void)encryptor->AlgorithmProvider(); + (void)decryptor->AlgorithmProvider(); (void)encryptor->MinKeyLength(); (void)decryptor->MinKeyLength(); (void)encryptor->MaxKeyLength(); @@ -431,38 +496,50 @@ void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters) } else { - encryptor->SetKey((const byte *)key.data(), key.size(), pairs); - decryptor->SetKey((const byte *)key.data(), key.size(), pairs); + encryptor->SetKey(reinterpret_cast(&key[0]), key.size(), pairs); + decryptor->SetKey(reinterpret_cast(&key[0]), key.size(), pairs); } - int seek = pairs.GetIntValueWithDefault("Seek", 0); - if (seek) + word64 seek64 = pairs.GetWord64ValueWithDefault("Seek64", 0); + if (seek64) { - encryptor->Seek(seek); - decryptor->Seek(seek); + encryptor->Seek(seek64); + decryptor->Seek(seek64); + } + else + { + int seek = pairs.GetIntValueWithDefault("Seek", 0); + if (seek) + { + encryptor->Seek(seek); + decryptor->Seek(seek); + } } - // If a per-test vector parameter was set for a test, like BlockPadding, BlockSize or Tweak, - // then it becomes latched in testDataPairs. The old value is used in subsequent tests, and - // it could cause a self test failure in the next test. The behavior surfaced under Kalyna - // and Threefish. The Kalyna test vectors use NO_PADDING for all tests excpet one. For - // Threefish, using (and not using) a Tweak caused problems as we marched through test - // vectors. For BlockPadding, BlockSize or Tweak, unlatch them now, after the key has been - // set and NameValuePairs have been processed. Also note we only unlatch from testDataPairs. - // If overrideParameters are specified, the caller is responsible for managing the parameter. + // If a per-test vector parameter was set for a test, like BlockPadding, + // BlockSize or Tweak, then it becomes latched in testDataPairs. The old + // value is used in subsequent tests, and it could cause a self test + // failure in the next test. The behavior surfaced under Kalyna and + // Threefish. The Kalyna test vectors use NO_PADDING for all tests excpet + // one. For Threefish, using (and not using) a Tweak caused problems as + // we marched through test vectors. For BlockPadding, BlockSize or Tweak, + // unlatch them now, after the key has been set and NameValuePairs have + // been processed. Also note we only unlatch from testDataPairs. If + // overrideParameters are specified, the caller is responsible for + // managing the parameter. v.erase("Tweak"); v.erase("BlockSize"); v.erase("BlockPaddingScheme"); std::string encrypted, xorDigest, ciphertext, ciphertextXorDigest; if (test == "EncryptionMCT" || test == "DecryptionMCT") { SymmetricCipher *cipher = encryptor.get(); - SecByteBlock buf((byte *)plaintext.data(), plaintext.size()), keybuf((byte *)key.data(), key.size()); + std::string buf(plaintext), keybuf(key); if (test == "DecryptionMCT") { cipher = decryptor.get(); ciphertext = GetDecodedDatum(v, "Ciphertext"); - buf.Assign((byte *)ciphertext.data(), ciphertext.size()); + buf.assign(ciphertext.begin(), ciphertext.end()); } for (int i=0; i<400; i++) @@ -470,15 +547,16 @@ void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters) encrypted.reserve(10000 * plaintext.size()); for (int j=0; j<10000; j++) { - cipher->ProcessString(buf.begin(), buf.size()); - encrypted.append((char *)buf.begin(), buf.size()); + cipher->ProcessString(reinterpret_cast(&buf[0]), buf.size()); + encrypted.append(buf.begin(), buf.end()); } encrypted.erase(0, encrypted.size() - keybuf.size()); - xorbuf(keybuf.begin(), (const byte *)encrypted.data(), keybuf.size()); - cipher->SetKey(keybuf, keybuf.size()); + xorbuf(reinterpret_cast(&keybuf[0]), reinterpret_cast(&encrypted[0]), keybuf.size()); + cipher->SetKey(reinterpret_cast(&keybuf[0]), keybuf.size()); } - encrypted.assign((char *)buf.begin(), buf.size()); + + encrypted.assign(buf.begin(), buf.end()); ciphertext = GetDecodedDatum(v, test == "EncryptionMCT" ? "Ciphertext" : "Plaintext"); if (encrypted != ciphertext) { @@ -493,17 +571,21 @@ void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters) StreamTransformationFilter encFilter(*encryptor, new StringSink(encrypted), static_cast(paddingScheme)); - RandomizedTransfer(StringStore(plaintext).Ref(), encFilter, true); + + StringStore pstore(plaintext); + RandomizedTransfer(pstore, encFilter, true); encFilter.MessageEnd(); if (test != "EncryptXorDigest") + { ciphertext = GetDecodedDatum(v, "Ciphertext"); + } else { ciphertextXorDigest = GetDecodedDatum(v, "CiphertextXorDigest"); xorDigest.append(encrypted, 0, 64); for (size_t i=64; i(xorDigest[i%64] ^ encrypted[i]); } if (test != "EncryptXorDigest" ? encrypted != ciphertext : xorDigest != ciphertextXorDigest) { @@ -513,11 +595,15 @@ void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters) std::cout << "\n"; SignalTestFailure(); } + std::string decrypted; StreamTransformationFilter decFilter(*decryptor, new StringSink(decrypted), static_cast(paddingScheme)); - RandomizedTransfer(StringStore(encrypted).Ref(), decFilter, true); + + StringStore cstore(encrypted); + RandomizedTransfer(cstore, decFilter, true); decFilter.MessageEnd(); + if (decrypted != plaintext) { std::cout << "\nincorrectly decrypted: "; @@ -529,8 +615,8 @@ void TestSymmetricCipher(TestData &v, const NameValuePairs &overrideParameters) } else { - std::cout << "\nunexpected test name\n"; - SignalTestError(); + std::string msg("Unknown symmetric cipher test \"" + test + "\""); + SignalTestError(msg.c_str()); } } @@ -555,9 +641,10 @@ void TestAuthenticatedSymmetricCipher(TestData &v, const NameValuePairs &overrid member_ptr encryptor, decryptor; encryptor.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); decryptor.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); - encryptor->SetKey((const byte *)key.data(), key.size(), pairs); - decryptor->SetKey((const byte *)key.data(), key.size(), pairs); + encryptor->SetKey(reinterpret_cast(&key[0]), key.size(), pairs); + decryptor->SetKey(reinterpret_cast(&key[0]), key.size(), pairs); + // Code coverage (void)encryptor->AlgorithmName(); (void)decryptor->AlgorithmName(); @@ -618,8 +705,8 @@ void TestAuthenticatedSymmetricCipher(TestData &v, const NameValuePairs &overrid } else { - std::cout << "\nunexpected test name\n"; - SignalTestError(); + std::string msg("Unknown authenticated symmetric cipher test \"" + test + "\""); + SignalTestError(msg.c_str()); } } @@ -639,15 +726,21 @@ void TestDigestOrMAC(TestData &v, bool testDigest) { hash.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); pHash = hash.get(); + + // Code coverage (void)hash->AlgorithmName(); + (void)hash->AlgorithmProvider(); } else { mac.reset(ObjectFactoryRegistry::Registry().CreateObject(name.c_str())); pHash = mac.get(); std::string key = GetDecodedDatum(v, "Key"); - mac->SetKey((const byte *)key.c_str(), key.size(), pairs); + mac->SetKey(reinterpret_cast(&key[0]), key.size(), pairs); + + // Code coverage (void)mac->AlgorithmName(); + (void)mac->AlgorithmProvider(); } if (test == "Verify" || test == "VerifyTruncated" || test == "NotVerify") @@ -664,8 +757,8 @@ void TestDigestOrMAC(TestData &v, bool testDigest) } else { - SignalTestError(); - CRYPTOPP_ASSERT(false); + std::string msg("Unknown digest or mac test \"" + test + "\""); + SignalTestError(msg.c_str()); } } @@ -699,83 +792,90 @@ void TestKeyDerivationFunction(TestData &v) } } +inline char FirstChar(const std::string& str) { + if (str.empty()) return 0; + return str[0]; +} + +inline char LastChar(const std::string& str) { + if (str.empty()) return 0; + return str[str.length()-1]; +} + // GetField parses the name/value pairs. The tricky part is the insertion operator // because Unix&Linux uses LF, OS X uses CR, and Windows uses CRLF. If this function // is modified, then run 'cryptest.exe tv rsa_pkcs1_1_5' as a test. Its the parser // file from hell. If it can be parsed without error, then things are likely OK. +// For istream.fail() see https://stackoverflow.com/q/34395801/608639. bool GetField(std::istream &is, std::string &name, std::string &value) { + std::string line; + name.clear(); value.clear(); + // ***** Name ***** - name.clear(); - is >> name; - - if (name.empty()) - return false; - - if (name[name.size()-1] != ':') + while (is >> std::ws && std::getline(is, line)) { - char c; - is >> std::skipws >> c; - if (c != ':') - SignalTestError(); - } - else - name.erase(name.size()-1); + // Eat whitespace and comments gracefully + if (line.empty() || line[0] == '#') + continue; - while (is.peek() == ' ') - is.ignore(1); + std::string::size_type pos = line.find(':'); + if (pos == std::string::npos) + SignalTestError("Unable to parse name/value pair"); + + name = TrimSpace(line.substr(0, pos)); + line = TrimSpace(line.substr(pos + 1)); + + // Empty name is bad + if (name.empty()) + return false; + + // Empty value is ok + if (line.empty()) + return true; + + break; + } // ***** Value ***** - value.clear(); - std::string line; bool continueLine = true; - while (continueLine && std::getline(is, line)) + do { - // Unix and Linux may have a stray \r because of Windows - if (!line.empty() && (line[line.size() - 1] == '\r' || line[line.size() - 1] == '\n')) { - line.erase(line.size()-1); - } + // Trim leading and trailing whitespace, including OS X and Windows + // new lines. Don't parse comments here because there may be a line + // continuation at the end. + line = TrimSpace(line); continueLine = false; - if (!line.empty()) - { - // Early out for immediate line continuation - if (line[0] == '\\') { - continueLine = true; - continue; - } - // Check end of line. It must be last character - if (line[line.size() - 1] == '\\') { - continueLine = true; - } - // Check for comment. It can be first character - if (line[0] == '#') { - continue; - } + if (line.empty()) + continue; + + // Early out for immediate line continuation + if (line[0] == '\\') { + continueLine = true; + continue; + } + // Check end of line. It must be last character + if (LastChar(line) == '\\') { + continueLine = true; + line.erase(line.end()-1); + line = TrimSpace(line); } - // Leading and trailing position. The leading position moves right, and - // trailing position moves left. The sub-string in the middle is the value - // for the name. We leave one space when line continuation is in effect. - // The value can be an empty string. One Plaintext value is often empty - // for algorithm testing. - std::string::size_type l=0, t=std::string::npos; - const std::string whitespace = "\t \r\n"; + // Re-trim after parsing + line = TrimComment(line); - l = line.find_first_not_of(whitespace, l); - if (l == std::string::npos) { l = 0; } - t = line.find('#', l); - if (t != std::string::npos) { t--; } - t = line.find_last_not_of(whitespace+"\\", t); - if (t != std::string::npos) { t++; } + if (line.empty()) + continue; - CRYPTOPP_ASSERT(t >= l); - value += line.substr(l, t - l); + // Finally... the value + value += line; if (continueLine) value += ' '; } + while (continueLine && is >> std::ws && std::getline(is, line)); return true; } @@ -813,13 +913,7 @@ void OutputNameValuePairs(const NameValuePairs &v) void TestDataFile(std::string filename, const NameValuePairs &overrideParameters, unsigned int &totalTests, unsigned int &failedTests) { - static const std::string dataDirectory(CRYPTOPP_DATA_DIR); - if (!dataDirectory.empty()) - { - if(dataDirectory != filename.substr(0, dataDirectory.length())) - filename.insert(0, dataDirectory); - } - + filename = DataDir(filename); std::ifstream file(filename.c_str()); if (!file.good()) throw Exception(Exception::OTHER_ERROR, "Can not open file " + filename + " for reading"); @@ -830,15 +924,12 @@ void TestDataFile(std::string filename, const NameValuePairs &overrideParameters while (file) { - while (file.peek() == '#') - file.ignore((std::numeric_limits::max)(), '\n'); - - if (file.peek() == '\n' || file.peek() == '\r') - v.clear(); - if (!GetField(file, name, value)) break; + if (name == "AlgorithmType") + v.clear(); + // Can't assert value. Plaintext is sometimes empty. // CRYPTOPP_ASSERT(!value.empty()); v[name] = value; @@ -907,9 +998,12 @@ bool RunTestDataFile(const char *filename, const NameValuePairs &overrideParamet s_thorough = thorough; unsigned int totalTests = 0, failedTests = 0; TestDataFile((filename ? filename : ""), overrideParameters, totalTests, failedTests); + std::cout << std::dec << "\nTests complete. Total tests = " << totalTests << ". Failed tests = " << failedTests << "." << std::endl; if (failedTests != 0) std::cout << "SOME TESTS FAILED!\n"; + + CRYPTOPP_ASSERT(failedTests == 0); return failedTests == 0; } diff --git a/vendor/cryptopp/vendor_cryptopp/default.cpp b/vendor/cryptopp/vendor_cryptopp/default.cpp index eda6cb14..ab1890b5 100644 --- a/vendor/cryptopp/vendor_cryptopp/default.cpp +++ b/vendor/cryptopp/vendor_cryptopp/default.cpp @@ -299,8 +299,8 @@ template class DataEncryptor; template class DataEncryptor; template class DataDecryptor; -template class DataEncryptorWithMAC; -template class DataDecryptorWithMAC; +template class DataEncryptorWithMAC; +template class DataDecryptorWithMAC; template class DataEncryptorWithMAC; template class DataDecryptorWithMAC; diff --git a/vendor/cryptopp/vendor_cryptopp/default.h b/vendor/cryptopp/vendor_cryptopp/default.h index 2fb7982f..12360018 100644 --- a/vendor/cryptopp/vendor_cryptopp/default.h +++ b/vendor/cryptopp/vendor_cryptopp/default.h @@ -275,12 +275,12 @@ struct DefaultDecryptor : public DataDecryptorDefault* classes, and the old algorithms are available with the Legacy* classes. -struct LegacyEncryptorWithMAC : public DataEncryptorWithMAC {}; +struct LegacyEncryptorWithMAC : public DataEncryptorWithMAC {}; /// \brief Password-based decryptor with MAC (deprecated) /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1. /// Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the /// Default* classes, and the old algorithms are available with the Legacy* classes. -struct LegacyDecryptorWithMAC : public DataDecryptorWithMAC {}; +struct LegacyDecryptorWithMAC : public DataDecryptorWithMAC {}; /// \brief Password-based encryptor with MAC /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1. /// Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the @@ -298,8 +298,8 @@ typedef DataDecryptor L typedef DataEncryptor DefaultEncryptor; typedef DataDecryptor DefaultDecryptor; -typedef DataEncryptorWithMAC LegacyEncryptorWithMAC; -typedef DataDecryptorWithMAC LegacyDecryptorWithMAC; +typedef DataEncryptorWithMAC LegacyEncryptorWithMAC; +typedef DataDecryptorWithMAC LegacyDecryptorWithMAC; typedef DataEncryptorWithMAC DefaultEncryptorWithMAC; typedef DataDecryptorWithMAC DefaultDecryptorWithMAC; diff --git a/vendor/cryptopp/vendor_cryptopp/des.cpp b/vendor/cryptopp/vendor_cryptopp/des.cpp index 144897eb..2a130aa4 100644 --- a/vendor/cryptopp/vendor_cryptopp/des.cpp +++ b/vendor/cryptopp/vendor_cryptopp/des.cpp @@ -284,14 +284,16 @@ namespace { void RawDES::RawSetKey(CipherDir dir, const byte *key) { #if (_MSC_VER >= 1600) || (__cplusplus >= 201103L) -# define register /* Define to nothing for C++11 and above */ +# define REGISTER /* Define to nothing for C++11 and above */ +#else +# define REGISTER register #endif SecByteBlock buffer(56+56+8); byte *const pc1m=buffer; /* place to modify pc1 into */ byte *const pcr=pc1m+56; /* place to rotate pc1 into */ byte *const ks=pcr+56; - register int i,j,l; + REGISTER int i,j,l; int m; for (j=0; j<56; j++) { /* convert pc1 to bits of key */ diff --git a/vendor/cryptopp/vendor_cryptopp/dll.h b/vendor/cryptopp/vendor_cryptopp/dll.h index bbb2257a..f923026c 100644 --- a/vendor/cryptopp/vendor_cryptopp/dll.h +++ b/vendor/cryptopp/vendor_cryptopp/dll.h @@ -40,7 +40,6 @@ #include "rw.h" #include "sha.h" #include "skipjack.h" -#include "trdlocal.h" #ifdef CRYPTOPP_IMPORTS diff --git a/vendor/cryptopp/vendor_cryptopp/dlltest.vcxproj b/vendor/cryptopp/vendor_cryptopp/dlltest.vcxproj index b76d184a..9739e67b 100644 --- a/vendor/cryptopp/vendor_cryptopp/dlltest.vcxproj +++ b/vendor/cryptopp/vendor_cryptopp/dlltest.vcxproj @@ -63,10 +63,11 @@ 4231; 4251; 4275; 4355; 4505 StdCall + $(AdditionalOptions) NoErrorReport - cryptopp.lib;Ws2_32.lib + cryptopp.lib $(Platform)\DLL_Output\$(Configuration) true diff --git a/vendor/cryptopp/vendor_cryptopp/dmac.h b/vendor/cryptopp/vendor_cryptopp/dmac.h index 539f69fe..904b5506 100644 --- a/vendor/cryptopp/vendor_cryptopp/dmac.h +++ b/vendor/cryptopp/vendor_cryptopp/dmac.h @@ -28,6 +28,8 @@ public: void TruncatedFinal(byte *mac, size_t size); unsigned int DigestSize() const {return DIGESTSIZE;} + std::string AlgorithmProvider() const; + private: byte *GenerateSubKeys(const byte *key, size_t keylength); @@ -38,6 +40,12 @@ private: unsigned int m_counter; }; +template +std::string DMAC_Base::AlgorithmProvider() const +{ + return m_f2.AlgorithmProvider(); +} + /// \brief DMAC message authentication code /// \tparam T class derived from BlockCipherDocumentation /// \sa CBC MAC for Real-Time Data Sources (08.15.1997) diff --git a/vendor/cryptopp/vendor_cryptopp/donna.h b/vendor/cryptopp/vendor_cryptopp/donna.h new file mode 100644 index 00000000..68a0c04b --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/donna.h @@ -0,0 +1,146 @@ +// donna.h - written and placed in public domain by Jeffrey Walton +// Crypto++ specific implementation wrapped around Andrew +// Moon's public domain curve25519-donna and ed25519-donna, +// https://github.com/floodyberry/curve25519-donna and +// https://github.com/floodyberry/ed25519-donna. + +// The curve25519 and ed25519 source files multiplex different repos and +// architectures using namespaces. The repos are Andrew Moon's +// curve25519-donna and ed25519-donna. The architectures are 32-bit, 64-bit +// and SSE. For example, 32-bit x25519 uses symbols from Donna::X25519 and +// Donna::Arch32. + +// If needed, see Moon's commit "Go back to ignoring 256th bit [sic]", +// https://github.com/floodyberry/curve25519-donna/commit/57a683d18721a658 + +/// \file donna.h +/// \details Functions for curve25519 and ed25519 operations +/// \details This header provides the entry points into Andrew Moon's +/// curve25519 and ed25519 curve functions. The Crypto++ classes x25519 +/// and ed25519 use the functions. The functions are in the Donna +/// namespace and are curve25519_mult(), ed25519_publickey(), +/// ed25519_sign() and ed25519_sign_open(). +/// \details At the moment the hash function for signing is fixed at +/// SHA512. + +#ifndef CRYPTOPP_DONNA_H +#define CRYPTOPP_DONNA_H + +#include "cryptlib.h" +#include "stdcpp.h" + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Donna) + +//***************************** curve25519 *****************************// + +/// \brief Generate a public key +/// \param publicKey byte array for the public key +/// \param secretKey byte array with the private key +/// \returns 0 on success, non-0 otherwise +/// \details curve25519_mult() generates a public key from an existing +/// secret key. Internally curve25519_mult() performs a scalar +/// multiplication using the base point and writes the result to +/// pubkey. +int curve25519_mult(byte publicKey[32], const byte secretKey[32]); + +/// \brief Generate a shared key +/// \param sharedKey byte array for the shared secret +/// \param secretKey byte array with the private key +/// \param othersKey byte array with the peer's public key +/// \returns 0 on success, non-0 otherwise +/// \details curve25519_mult() generates a shared key from an existing +/// secret key and the other party's public key. Internally +/// curve25519_mult() performs a scalar multiplication using the two keys +/// and writes the result to sharedKey. +int curve25519_mult(byte sharedKey[32], const byte secretKey[32], const byte othersKey[32]); + +//******************************* ed25519 *******************************// + +/// \brief Creates a public key from a secret key +/// \param publicKey byte array for the public key +/// \param secretKey byte array with the private key +/// \returns 0 on success, non-0 otherwise +/// \details ed25519_publickey() generates a public key from a secret key. +/// Internally ed25519_publickey() performs a scalar multiplication +/// using the secret key and then writes the result to publicKey. +int ed25519_publickey(byte publicKey[32], const byte secretKey[32]); + +/// \brief Creates a signature on a message +/// \param message byte array with the message +/// \param messageLength size of the message, in bytes +/// \param publicKey byte array with the public key +/// \param secretKey byte array with the private key +/// \param signature byte array for the signature +/// \returns 0 on success, non-0 otherwise +/// \details ed25519_sign() generates a signature on a message using +/// the public and private keys. The various buffers can be exact +/// sizes, and do not require extra space like when using the +/// NaCl library functions. +/// \details At the moment the hash function for signing is fixed at +/// SHA512. +int ed25519_sign(const byte* message, size_t messageLength, const byte secretKey[32], const byte publicKey[32], byte signature[64]); + +/// \brief Verifies a signature on a message +/// \param message byte array with the message +/// \param messageLength size of the message, in bytes +/// \param publicKey byte array with the public key +/// \param signature byte array with the signature +/// \returns 0 on success, non-0 otherwise +/// \details ed25519_sign_open() verifies a signature on a message using +/// the public. The various buffers can be exact sizes, and do not +/// require extra space like when using the NaCl library functions. +/// \details At the moment the hash function for signing is fixed at +/// SHA512. +int +ed25519_sign_open(const byte *message, size_t messageLength, const byte publicKey[32], const byte signature[64]); + +//****************************** Internal ******************************// + +#ifndef CRYPTOPP_DOXYGEN_PROCESSING + +// CRYPTOPP_WORD128_AVAILABLE mostly depends upon GCC support for +// __SIZEOF_INT128__. If __SIZEOF_INT128__ is not available then Moon +// provides routines for MSC and GCC. It should cover most platforms, +// but there are gaps like MS ARM64 and XLC. We tried to enable the +// 64-bit path for SunCC from 12.5 but we got the dreaded compile +// error "The operand ___LCM cannot be assigned to". + +#if defined(CRYPTOPP_WORD128_AVAILABLE) || \ + (defined(_MSC_VER) && defined(_M_X64)) || \ + (defined(__GNUC__) && (defined(__amd64__) || defined(__x86_64__))) +# define CRYPTOPP_CURVE25519_64BIT 1 +#else +# define CRYPTOPP_CURVE25519_32BIT 1 +#endif + +// Benchmarking on a modern 64-bit Core i5-6400 @2.7 GHz shows SSE2 on Linux +// is not profitable. Here are the numbers in milliseconds/operation: +// +// * Langley, C++, 0.050 +// * Moon, C++: 0.040 +// * Moon, SSE2: 0.061 +// * Moon, native: 0.045 +// +// However, a modern 64-bit Core i5-3200 @2.5 GHz shows SSE2 is profitable +// for MS compilers. Here are the numbers in milliseconds/operation: +// +// * x86, no SSE2, 0.294 +// * x86, SSE2, 0.097 +// * x64, no SSE2, 0.081 +// * x64, SSE2, 0.071 + +#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE) && defined(_MSC_VER) +# define CRYPTOPP_CURVE25519_SSE2 1 +#endif + +#if (CRYPTOPP_CURVE25519_SSE2) + extern int curve25519_mult_SSE2(byte sharedKey[32], const byte secretKey[32], const byte othersKey[32]); +#endif + +#endif // CRYPTOPP_DOXYGEN_PROCESSING + +NAMESPACE_END // Donna +NAMESPACE_END // CryptoPP + +#endif // CRYPTOPP_DONNA_H diff --git a/vendor/cryptopp/vendor_cryptopp/donna_32.cpp b/vendor/cryptopp/vendor_cryptopp/donna_32.cpp new file mode 100644 index 00000000..9fe5d22b --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/donna_32.cpp @@ -0,0 +1,1939 @@ +// donna_32.cpp - written and placed in public domain by Jeffrey Walton +// Crypto++ specific implementation wrapped around Andrew +// Moon's public domain curve25519-donna and ed25519-donna, +// https://github.com/floodyberry/curve25519-donna and +// https://github.com/floodyberry/ed25519-donna. + +// The curve25519 and ed25519 source files multiplex different repos and +// architectures using namespaces. The repos are Andrew Moon's +// curve25519-donna and ed25519-donna. The architectures are 32-bit, 64-bit +// and SSE. For example, 32-bit x25519 uses symbols from Donna::X25519 and +// Donna::Arch32. + +// A fair amount of duplication happens below, but we could not directly +// use curve25519 for both x25519 and ed25519. A close examination reveals +// slight differences in the implementation. For example, look at the +// two curve25519_sub functions. + +// If needed, see Moon's commit "Go back to ignoring 256th bit [sic]", +// https://github.com/floodyberry/curve25519-donna/commit/57a683d18721a658 + +#include "pch.h" + +#include "config.h" +#include "donna.h" +#include "secblock.h" +#include "sha.h" +#include "misc.h" +#include "cpu.h" + +// Squash MS LNK4221 and libtool warnings +extern const char DONNA32_FNAME[] = __FILE__; + +#if defined(CRYPTOPP_CURVE25519_32BIT) + +#include "donna_32.h" + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::GetWord; +using CryptoPP::PutWord; +using CryptoPP::LITTLE_ENDIAN_ORDER; + +inline word32 U8TO32_LE(const byte* p) +{ + return GetWord(false, LITTLE_ENDIAN_ORDER, p); +} + +inline void U32TO8_LE(byte* p, word32 w) +{ + PutWord(false, LITTLE_ENDIAN_ORDER, p, w); +} + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Donna) +NAMESPACE_BEGIN(X25519) +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::sword32; +using CryptoPP::word64; +using CryptoPP::sword64; + +using CryptoPP::GetBlock; +using CryptoPP::LittleEndian; + +// Bring in all the symbols from the 32-bit header +using namespace CryptoPP::Donna::Arch32; + +/* out = in */ +inline void +curve25519_copy(bignum25519 out, const bignum25519 in) { + out[0] = in[0]; out[1] = in[1]; + out[2] = in[2]; out[3] = in[3]; + out[4] = in[4]; out[5] = in[5]; + out[6] = in[6]; out[7] = in[7]; + out[8] = in[8]; out[9] = in[9]; +} + +/* out = a + b */ +inline void +curve25519_add(bignum25519 out, const bignum25519 a, const bignum25519 b) { + out[0] = a[0] + b[0]; out[1] = a[1] + b[1]; + out[2] = a[2] + b[2]; out[3] = a[3] + b[3]; + out[4] = a[4] + b[4]; out[5] = a[5] + b[5]; + out[6] = a[6] + b[6]; out[7] = a[7] + b[7]; + out[8] = a[8] + b[8]; out[9] = a[9] + b[9]; +} + +/* out = a - b */ +inline void +curve25519_sub(bignum25519 out, const bignum25519 a, const bignum25519 b) { + word32 c; + out[0] = 0x7ffffda + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26; + out[1] = 0x3fffffe + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25; + out[2] = 0x7fffffe + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26; + out[3] = 0x3fffffe + a[3] - b[3] + c; c = (out[3] >> 25); out[3] &= reduce_mask_25; + out[4] = 0x7fffffe + a[4] - b[4] + c; c = (out[4] >> 26); out[4] &= reduce_mask_26; + out[5] = 0x3fffffe + a[5] - b[5] + c; c = (out[5] >> 25); out[5] &= reduce_mask_25; + out[6] = 0x7fffffe + a[6] - b[6] + c; c = (out[6] >> 26); out[6] &= reduce_mask_26; + out[7] = 0x3fffffe + a[7] - b[7] + c; c = (out[7] >> 25); out[7] &= reduce_mask_25; + out[8] = 0x7fffffe + a[8] - b[8] + c; c = (out[8] >> 26); out[8] &= reduce_mask_26; + out[9] = 0x3fffffe + a[9] - b[9] + c; c = (out[9] >> 25); out[9] &= reduce_mask_25; + out[0] += 19 * c; +} + +/* out = in * scalar */ +inline void +curve25519_scalar_product(bignum25519 out, const bignum25519 in, const word32 scalar) { + word64 a; + word32 c; + a = mul32x32_64(in[0], scalar); out[0] = (word32)a & reduce_mask_26; c = (word32)(a >> 26); + a = mul32x32_64(in[1], scalar) + c; out[1] = (word32)a & reduce_mask_25; c = (word32)(a >> 25); + a = mul32x32_64(in[2], scalar) + c; out[2] = (word32)a & reduce_mask_26; c = (word32)(a >> 26); + a = mul32x32_64(in[3], scalar) + c; out[3] = (word32)a & reduce_mask_25; c = (word32)(a >> 25); + a = mul32x32_64(in[4], scalar) + c; out[4] = (word32)a & reduce_mask_26; c = (word32)(a >> 26); + a = mul32x32_64(in[5], scalar) + c; out[5] = (word32)a & reduce_mask_25; c = (word32)(a >> 25); + a = mul32x32_64(in[6], scalar) + c; out[6] = (word32)a & reduce_mask_26; c = (word32)(a >> 26); + a = mul32x32_64(in[7], scalar) + c; out[7] = (word32)a & reduce_mask_25; c = (word32)(a >> 25); + a = mul32x32_64(in[8], scalar) + c; out[8] = (word32)a & reduce_mask_26; c = (word32)(a >> 26); + a = mul32x32_64(in[9], scalar) + c; out[9] = (word32)a & reduce_mask_25; c = (word32)(a >> 25); + out[0] += c * 19; +} + +/* out = a * b */ +inline void +curve25519_mul(bignum25519 out, const bignum25519 a, const bignum25519 b) { + word32 r0,r1,r2,r3,r4,r5,r6,r7,r8,r9; + word32 s0,s1,s2,s3,s4,s5,s6,s7,s8,s9; + word64 m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c; + word32 p; + + r0 = b[0]; r1 = b[1]; r2 = b[2]; r3 = b[3]; r4 = b[4]; + r5 = b[5]; r6 = b[6]; r7 = b[7]; r8 = b[8]; r9 = b[9]; + + s0 = a[0]; s1 = a[1]; s2 = a[2]; s3 = a[3]; s4 = a[4]; + s5 = a[5]; s6 = a[6]; s7 = a[7]; s8 = a[8]; s9 = a[9]; + + m1 = mul32x32_64(r0, s1) + mul32x32_64(r1, s0); + m3 = mul32x32_64(r0, s3) + mul32x32_64(r1, s2) + mul32x32_64(r2, s1) + mul32x32_64(r3, s0); + m5 = mul32x32_64(r0, s5) + mul32x32_64(r1, s4) + mul32x32_64(r2, s3) + mul32x32_64(r3, s2) + mul32x32_64(r4, s1) + mul32x32_64(r5, s0); + m7 = mul32x32_64(r0, s7) + mul32x32_64(r1, s6) + mul32x32_64(r2, s5) + mul32x32_64(r3, s4) + mul32x32_64(r4, s3) + mul32x32_64(r5, s2) + mul32x32_64(r6, s1) + mul32x32_64(r7, s0); + m9 = mul32x32_64(r0, s9) + mul32x32_64(r1, s8) + mul32x32_64(r2, s7) + mul32x32_64(r3, s6) + mul32x32_64(r4, s5) + mul32x32_64(r5, s4) + mul32x32_64(r6, s3) + mul32x32_64(r7, s2) + mul32x32_64(r8, s1) + mul32x32_64(r9, s0); + + r1 *= 2; r3 *= 2; r5 *= 2; r7 *= 2; + + m0 = mul32x32_64(r0, s0); + m2 = mul32x32_64(r0, s2) + mul32x32_64(r1, s1) + mul32x32_64(r2, s0); + m4 = mul32x32_64(r0, s4) + mul32x32_64(r1, s3) + mul32x32_64(r2, s2) + mul32x32_64(r3, s1) + mul32x32_64(r4, s0); + m6 = mul32x32_64(r0, s6) + mul32x32_64(r1, s5) + mul32x32_64(r2, s4) + mul32x32_64(r3, s3) + mul32x32_64(r4, s2) + mul32x32_64(r5, s1) + mul32x32_64(r6, s0); + m8 = mul32x32_64(r0, s8) + mul32x32_64(r1, s7) + mul32x32_64(r2, s6) + mul32x32_64(r3, s5) + mul32x32_64(r4, s4) + mul32x32_64(r5, s3) + mul32x32_64(r6, s2) + mul32x32_64(r7, s1) + mul32x32_64(r8, s0); + + r1 *= 19; r2 *= 19; + r3 = (r3 / 2) * 19; + r4 *= 19; + r5 = (r5 / 2) * 19; + r6 *= 19; + r7 = (r7 / 2) * 19; + r8 *= 19; r9 *= 19; + + m1 += (mul32x32_64(r9, s2) + mul32x32_64(r8, s3) + mul32x32_64(r7, s4) + mul32x32_64(r6, s5) + mul32x32_64(r5, s6) + mul32x32_64(r4, s7) + mul32x32_64(r3, s8) + mul32x32_64(r2, s9)); + m3 += (mul32x32_64(r9, s4) + mul32x32_64(r8, s5) + mul32x32_64(r7, s6) + mul32x32_64(r6, s7) + mul32x32_64(r5, s8) + mul32x32_64(r4, s9)); + m5 += (mul32x32_64(r9, s6) + mul32x32_64(r8, s7) + mul32x32_64(r7, s8) + mul32x32_64(r6, s9)); + m7 += (mul32x32_64(r9, s8) + mul32x32_64(r8, s9)); + + r3 *= 2; r5 *= 2; r7 *= 2; r9 *= 2; + + m0 += (mul32x32_64(r9, s1) + mul32x32_64(r8, s2) + mul32x32_64(r7, s3) + mul32x32_64(r6, s4) + mul32x32_64(r5, s5) + mul32x32_64(r4, s6) + mul32x32_64(r3, s7) + mul32x32_64(r2, s8) + mul32x32_64(r1, s9)); + m2 += (mul32x32_64(r9, s3) + mul32x32_64(r8, s4) + mul32x32_64(r7, s5) + mul32x32_64(r6, s6) + mul32x32_64(r5, s7) + mul32x32_64(r4, s8) + mul32x32_64(r3, s9)); + m4 += (mul32x32_64(r9, s5) + mul32x32_64(r8, s6) + mul32x32_64(r7, s7) + mul32x32_64(r6, s8) + mul32x32_64(r5, s9)); + m6 += (mul32x32_64(r9, s7) + mul32x32_64(r8, s8) + mul32x32_64(r7, s9)); + m8 += (mul32x32_64(r9, s9)); + + r0 = (word32)m0 & reduce_mask_26; c = (m0 >> 26); + m1 += c; r1 = (word32)m1 & reduce_mask_25; c = (m1 >> 25); + m2 += c; r2 = (word32)m2 & reduce_mask_26; c = (m2 >> 26); + m3 += c; r3 = (word32)m3 & reduce_mask_25; c = (m3 >> 25); + m4 += c; r4 = (word32)m4 & reduce_mask_26; c = (m4 >> 26); + m5 += c; r5 = (word32)m5 & reduce_mask_25; c = (m5 >> 25); + m6 += c; r6 = (word32)m6 & reduce_mask_26; c = (m6 >> 26); + m7 += c; r7 = (word32)m7 & reduce_mask_25; c = (m7 >> 25); + m8 += c; r8 = (word32)m8 & reduce_mask_26; c = (m8 >> 26); + m9 += c; r9 = (word32)m9 & reduce_mask_25; p = (word32)(m9 >> 25); + m0 = r0 + mul32x32_64(p,19); r0 = (word32)m0 & reduce_mask_26; p = (word32)(m0 >> 26); + r1 += p; + + out[0] = r0; out[1] = r1; out[2] = r2; out[3] = r3; out[4] = r4; + out[5] = r5; out[6] = r6; out[7] = r7; out[8] = r8; out[9] = r9; +} + +/* out = in * in */ +inline void +curve25519_square(bignum25519 out, const bignum25519 in) { + word32 r0,r1,r2,r3,r4,r5,r6,r7,r8,r9; + word32 d6,d7,d8,d9; + word64 m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c; + word32 p; + + r0 = in[0]; r1 = in[1]; r2 = in[2]; r3 = in[3]; r4 = in[4]; + r5 = in[5]; r6 = in[6]; r7 = in[7]; r8 = in[8]; r9 = in[9]; + + m0 = mul32x32_64(r0, r0); + r0 *= 2; + m1 = mul32x32_64(r0, r1); + m2 = mul32x32_64(r0, r2) + mul32x32_64(r1, r1 * 2); + r1 *= 2; + m3 = mul32x32_64(r0, r3) + mul32x32_64(r1, r2 ); + m4 = mul32x32_64(r0, r4) + mul32x32_64(r1, r3 * 2) + mul32x32_64(r2, r2); + r2 *= 2; + m5 = mul32x32_64(r0, r5) + mul32x32_64(r1, r4 ) + mul32x32_64(r2, r3); + m6 = mul32x32_64(r0, r6) + mul32x32_64(r1, r5 * 2) + mul32x32_64(r2, r4) + mul32x32_64(r3, r3 * 2); + r3 *= 2; + m7 = mul32x32_64(r0, r7) + mul32x32_64(r1, r6 ) + mul32x32_64(r2, r5) + mul32x32_64(r3, r4 ); + m8 = mul32x32_64(r0, r8) + mul32x32_64(r1, r7 * 2) + mul32x32_64(r2, r6) + mul32x32_64(r3, r5 * 2) + mul32x32_64(r4, r4 ); + m9 = mul32x32_64(r0, r9) + mul32x32_64(r1, r8 ) + mul32x32_64(r2, r7) + mul32x32_64(r3, r6 ) + mul32x32_64(r4, r5 * 2); + + d6 = r6 * 19; d7 = r7 * 2 * 19; + d8 = r8 * 19; d9 = r9 * 2 * 19; + + m0 += (mul32x32_64(d9, r1 ) + mul32x32_64(d8, r2 ) + mul32x32_64(d7, r3 ) + mul32x32_64(d6, r4 * 2) + mul32x32_64(r5, r5 * 2 * 19)); + m1 += (mul32x32_64(d9, r2 / 2) + mul32x32_64(d8, r3 ) + mul32x32_64(d7, r4 ) + mul32x32_64(d6, r5 * 2)); + m2 += (mul32x32_64(d9, r3 ) + mul32x32_64(d8, r4 * 2) + mul32x32_64(d7, r5 * 2) + mul32x32_64(d6, r6 )); + m3 += (mul32x32_64(d9, r4 ) + mul32x32_64(d8, r5 * 2) + mul32x32_64(d7, r6 )); + m4 += (mul32x32_64(d9, r5 * 2) + mul32x32_64(d8, r6 * 2) + mul32x32_64(d7, r7 )); + m5 += (mul32x32_64(d9, r6 ) + mul32x32_64(d8, r7 * 2)); + m6 += (mul32x32_64(d9, r7 * 2) + mul32x32_64(d8, r8 )); + m7 += (mul32x32_64(d9, r8 )); + m8 += (mul32x32_64(d9, r9 )); + + r0 = (word32)m0 & reduce_mask_26; c = (m0 >> 26); + m1 += c; r1 = (word32)m1 & reduce_mask_25; c = (m1 >> 25); + m2 += c; r2 = (word32)m2 & reduce_mask_26; c = (m2 >> 26); + m3 += c; r3 = (word32)m3 & reduce_mask_25; c = (m3 >> 25); + m4 += c; r4 = (word32)m4 & reduce_mask_26; c = (m4 >> 26); + m5 += c; r5 = (word32)m5 & reduce_mask_25; c = (m5 >> 25); + m6 += c; r6 = (word32)m6 & reduce_mask_26; c = (m6 >> 26); + m7 += c; r7 = (word32)m7 & reduce_mask_25; c = (m7 >> 25); + m8 += c; r8 = (word32)m8 & reduce_mask_26; c = (m8 >> 26); + m9 += c; r9 = (word32)m9 & reduce_mask_25; p = (word32)(m9 >> 25); + m0 = r0 + mul32x32_64(p,19); r0 = (word32)m0 & reduce_mask_26; p = (word32)(m0 >> 26); + r1 += p; + + out[0] = r0; out[1] = r1; out[2] = r2; out[3] = r3; out[4] = r4; + out[5] = r5; out[6] = r6; out[7] = r7; out[8] = r8; out[9] = r9; +} + +/* out = in^(2 * count) */ +void +curve25519_square_times(bignum25519 out, const bignum25519 in, int count) { + word32 r0,r1,r2,r3,r4,r5,r6,r7,r8,r9; + word32 d6,d7,d8,d9; + word64 m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c; + word32 p; + + r0 = in[0]; r1 = in[1]; r2 = in[2]; r3 = in[3]; r4 = in[4]; + r5 = in[5]; r6 = in[6]; r7 = in[7]; r8 = in[8]; r9 = in[9]; + + do { + m0 = mul32x32_64(r0, r0); + r0 *= 2; + m1 = mul32x32_64(r0, r1); + m2 = mul32x32_64(r0, r2) + mul32x32_64(r1, r1 * 2); + r1 *= 2; + m3 = mul32x32_64(r0, r3) + mul32x32_64(r1, r2 ); + m4 = mul32x32_64(r0, r4) + mul32x32_64(r1, r3 * 2) + mul32x32_64(r2, r2); + r2 *= 2; + m5 = mul32x32_64(r0, r5) + mul32x32_64(r1, r4 ) + mul32x32_64(r2, r3); + m6 = mul32x32_64(r0, r6) + mul32x32_64(r1, r5 * 2) + mul32x32_64(r2, r4) + mul32x32_64(r3, r3 * 2); + r3 *= 2; + m7 = mul32x32_64(r0, r7) + mul32x32_64(r1, r6 ) + mul32x32_64(r2, r5) + mul32x32_64(r3, r4 ); + m8 = mul32x32_64(r0, r8) + mul32x32_64(r1, r7 * 2) + mul32x32_64(r2, r6) + mul32x32_64(r3, r5 * 2) + mul32x32_64(r4, r4 ); + m9 = mul32x32_64(r0, r9) + mul32x32_64(r1, r8 ) + mul32x32_64(r2, r7) + mul32x32_64(r3, r6 ) + mul32x32_64(r4, r5 * 2); + + d6 = r6 * 19; d7 = r7 * 2 * 19; + d8 = r8 * 19; d9 = r9 * 2 * 19; + + m0 += (mul32x32_64(d9, r1 ) + mul32x32_64(d8, r2 ) + mul32x32_64(d7, r3 ) + mul32x32_64(d6, r4 * 2) + mul32x32_64(r5, r5 * 2 * 19)); + m1 += (mul32x32_64(d9, r2 / 2) + mul32x32_64(d8, r3 ) + mul32x32_64(d7, r4 ) + mul32x32_64(d6, r5 * 2)); + m2 += (mul32x32_64(d9, r3 ) + mul32x32_64(d8, r4 * 2) + mul32x32_64(d7, r5 * 2) + mul32x32_64(d6, r6 )); + m3 += (mul32x32_64(d9, r4 ) + mul32x32_64(d8, r5 * 2) + mul32x32_64(d7, r6 )); + m4 += (mul32x32_64(d9, r5 * 2) + mul32x32_64(d8, r6 * 2) + mul32x32_64(d7, r7 )); + m5 += (mul32x32_64(d9, r6 ) + mul32x32_64(d8, r7 * 2)); + m6 += (mul32x32_64(d9, r7 * 2) + mul32x32_64(d8, r8 )); + m7 += (mul32x32_64(d9, r8 )); + m8 += (mul32x32_64(d9, r9 )); + + r0 = (word32)m0 & reduce_mask_26; c = (m0 >> 26); + m1 += c; r1 = (word32)m1 & reduce_mask_25; c = (m1 >> 25); + m2 += c; r2 = (word32)m2 & reduce_mask_26; c = (m2 >> 26); + m3 += c; r3 = (word32)m3 & reduce_mask_25; c = (m3 >> 25); + m4 += c; r4 = (word32)m4 & reduce_mask_26; c = (m4 >> 26); + m5 += c; r5 = (word32)m5 & reduce_mask_25; c = (m5 >> 25); + m6 += c; r6 = (word32)m6 & reduce_mask_26; c = (m6 >> 26); + m7 += c; r7 = (word32)m7 & reduce_mask_25; c = (m7 >> 25); + m8 += c; r8 = (word32)m8 & reduce_mask_26; c = (m8 >> 26); + m9 += c; r9 = (word32)m9 & reduce_mask_25; p = (word32)(m9 >> 25); + m0 = r0 + mul32x32_64(p,19); r0 = (word32)m0 & reduce_mask_26; p = (word32)(m0 >> 26); + r1 += p; + } while (--count); + + out[0] = r0; out[1] = r1; out[2] = r2; out[3] = r3; out[4] = r4; + out[5] = r5; out[6] = r6; out[7] = r7; out[8] = r8; out[9] = r9; +} + +/* Take a little-endian, 32-byte number and expand it into polynomial form */ +void +curve25519_expand(bignum25519 out, const byte in[32]) { + word32 x0,x1,x2,x3,x4,x5,x6,x7; + GetBlock block(in); + block(x0)(x1)(x2)(x3)(x4)(x5)(x6)(x7); + + out[0] = ( x0 ) & reduce_mask_26; + out[1] = ((((word64)x1 << 32) | x0) >> 26) & reduce_mask_25; + out[2] = ((((word64)x2 << 32) | x1) >> 19) & reduce_mask_26; + out[3] = ((((word64)x3 << 32) | x2) >> 13) & reduce_mask_25; + out[4] = (( x3) >> 6) & reduce_mask_26; + out[5] = ( x4 ) & reduce_mask_25; + out[6] = ((((word64)x5 << 32) | x4) >> 25) & reduce_mask_26; + out[7] = ((((word64)x6 << 32) | x5) >> 19) & reduce_mask_25; + out[8] = ((((word64)x7 << 32) | x6) >> 12) & reduce_mask_26; + out[9] = (( x7) >> 6) & reduce_mask_25; /* ignore the top bit */ +} + +/* Take a fully reduced polynomial form number and contract it into a little-endian, 32-byte array */ +void +curve25519_contract(byte out[32], const bignum25519 in) { + bignum25519 f; + curve25519_copy(f, in); + + #define carry_pass() \ + f[1] += f[0] >> 26; f[0] &= reduce_mask_26; \ + f[2] += f[1] >> 25; f[1] &= reduce_mask_25; \ + f[3] += f[2] >> 26; f[2] &= reduce_mask_26; \ + f[4] += f[3] >> 25; f[3] &= reduce_mask_25; \ + f[5] += f[4] >> 26; f[4] &= reduce_mask_26; \ + f[6] += f[5] >> 25; f[5] &= reduce_mask_25; \ + f[7] += f[6] >> 26; f[6] &= reduce_mask_26; \ + f[8] += f[7] >> 25; f[7] &= reduce_mask_25; \ + f[9] += f[8] >> 26; f[8] &= reduce_mask_26; + + #define carry_pass_full() \ + carry_pass() \ + f[0] += 19 * (f[9] >> 25); f[9] &= reduce_mask_25; + + #define carry_pass_final() \ + carry_pass() \ + f[9] &= reduce_mask_25; + + carry_pass_full() + carry_pass_full() + + /* now t is between 0 and 2^255-1, properly carried. */ + /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ + f[0] += 19; + carry_pass_full() + + /* now between 19 and 2^255-1 in both cases, and offset by 19. */ + f[0] += (1 << 26) - 19; + f[1] += (1 << 25) - 1; + f[2] += (1 << 26) - 1; + f[3] += (1 << 25) - 1; + f[4] += (1 << 26) - 1; + f[5] += (1 << 25) - 1; + f[6] += (1 << 26) - 1; + f[7] += (1 << 25) - 1; + f[8] += (1 << 26) - 1; + f[9] += (1 << 25) - 1; + + /* now between 2^255 and 2^256-20, and offset by 2^255. */ + carry_pass_final() + + #undef carry_pass + #undef carry_full + #undef carry_final + + f[1] <<= 2; + f[2] <<= 3; + f[3] <<= 5; + f[4] <<= 6; + f[6] <<= 1; + f[7] <<= 3; + f[8] <<= 4; + f[9] <<= 6; + + #define F(i, s) \ + out[s+0] |= (byte)( f[i] & 0xff); \ + out[s+1] = (byte)((f[i] >> 8) & 0xff); \ + out[s+2] = (byte)((f[i] >> 16) & 0xff); \ + out[s+3] = (byte)((f[i] >> 24) & 0xff); + + out[0] = out[16] = 0; + F(0,0); F(1,3); + F(2,6); F(3,9); + F(4,12); F(5,16); + F(6,19); F(7,22); + F(8,25); F(9,28); + #undef F +} + +inline void +curve25519_swap_conditional(bignum25519 x, bignum25519 qpx, word32 iswap) { + const word32 swap = (word32)(-(sword32)iswap); + word32 x0,x1,x2,x3,x4,x5,x6,x7,x8,x9; + + x0 = swap & (x[0] ^ qpx[0]); x[0] ^= x0; qpx[0] ^= x0; + x1 = swap & (x[1] ^ qpx[1]); x[1] ^= x1; qpx[1] ^= x1; + x2 = swap & (x[2] ^ qpx[2]); x[2] ^= x2; qpx[2] ^= x2; + x3 = swap & (x[3] ^ qpx[3]); x[3] ^= x3; qpx[3] ^= x3; + x4 = swap & (x[4] ^ qpx[4]); x[4] ^= x4; qpx[4] ^= x4; + x5 = swap & (x[5] ^ qpx[5]); x[5] ^= x5; qpx[5] ^= x5; + x6 = swap & (x[6] ^ qpx[6]); x[6] ^= x6; qpx[6] ^= x6; + x7 = swap & (x[7] ^ qpx[7]); x[7] ^= x7; qpx[7] ^= x7; + x8 = swap & (x[8] ^ qpx[8]); x[8] ^= x8; qpx[8] ^= x8; + x9 = swap & (x[9] ^ qpx[9]); x[9] ^= x9; qpx[9] ^= x9; +} + +/* + * In: b = 2^5 - 2^0 + * Out: b = 2^250 - 2^0 + */ +void +curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) { + ALIGN(16) bignum25519 t0,c; + + /* 2^5 - 2^0 */ /* b */ + /* 2^10 - 2^5 */ curve25519_square_times(t0, b, 5); + /* 2^10 - 2^0 */ curve25519_mul(b, t0, b); + /* 2^20 - 2^10 */ curve25519_square_times(t0, b, 10); + /* 2^20 - 2^0 */ curve25519_mul(c, t0, b); + /* 2^40 - 2^20 */ curve25519_square_times(t0, c, 20); + /* 2^40 - 2^0 */ curve25519_mul(t0, t0, c); + /* 2^50 - 2^10 */ curve25519_square_times(t0, t0, 10); + /* 2^50 - 2^0 */ curve25519_mul(b, t0, b); + /* 2^100 - 2^50 */ curve25519_square_times(t0, b, 50); + /* 2^100 - 2^0 */ curve25519_mul(c, t0, b); + /* 2^200 - 2^100 */ curve25519_square_times(t0, c, 100); + /* 2^200 - 2^0 */ curve25519_mul(t0, t0, c); + /* 2^250 - 2^50 */ curve25519_square_times(t0, t0, 50); + /* 2^250 - 2^0 */ curve25519_mul(b, t0, b); +} + +/* + * z^(p - 2) = z(2^255 - 21) + */ +void +curve25519_recip(bignum25519 out, const bignum25519 z) { + ALIGN(16) bignum25519 a, t0, b; + + /* 2 */ curve25519_square(a, z); /* a = 2 */ + /* 8 */ curve25519_square_times(t0, a, 2); + /* 9 */ curve25519_mul(b, t0, z); /* b = 9 */ + /* 11 */ curve25519_mul(a, b, a); /* a = 11 */ + /* 22 */ curve25519_square(t0, a); + /* 2^5 - 2^0 = 31 */ curve25519_mul(b, t0, b); + /* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b); + /* 2^255 - 2^5 */ curve25519_square_times(b, b, 5); + /* 2^255 - 21 */ curve25519_mul(out, b, a); +} + +ANONYMOUS_NAMESPACE_END +NAMESPACE_END // X25519 +NAMESPACE_END // Donna +NAMESPACE_END // CryptoPP + +//******************************* ed25519 *******************************// + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Donna) +NAMESPACE_BEGIN(Ed25519) +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::sword32; +using CryptoPP::word64; +using CryptoPP::sword64; + +using CryptoPP::GetBlock; +using CryptoPP::LittleEndian; + +using CryptoPP::SHA512; + +// Bring in all the symbols from the 32-bit header +using namespace CryptoPP::Donna::Arch32; + +/* out = in */ +inline void +curve25519_copy(bignum25519 out, const bignum25519 in) { + out[0] = in[0]; out[1] = in[1]; + out[2] = in[2]; out[3] = in[3]; + out[4] = in[4]; out[5] = in[5]; + out[6] = in[6]; out[7] = in[7]; + out[8] = in[8]; out[9] = in[9]; +} + +/* out = a + b */ +inline void +curve25519_add(bignum25519 out, const bignum25519 a, const bignum25519 b) { + out[0] = a[0] + b[0]; out[1] = a[1] + b[1]; + out[2] = a[2] + b[2]; out[3] = a[3] + b[3]; + out[4] = a[4] + b[4]; out[5] = a[5] + b[5]; + out[6] = a[6] + b[6]; out[7] = a[7] + b[7]; + out[8] = a[8] + b[8]; out[9] = a[9] + b[9]; +} + +inline void +curve25519_add_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) { + word32 c; + out[0] = a[0] + b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26; + out[1] = a[1] + b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25; + out[2] = a[2] + b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26; + out[3] = a[3] + b[3] + c; c = (out[3] >> 25); out[3] &= reduce_mask_25; + out[4] = a[4] + b[4] + c; c = (out[4] >> 26); out[4] &= reduce_mask_26; + out[5] = a[5] + b[5] + c; c = (out[5] >> 25); out[5] &= reduce_mask_25; + out[6] = a[6] + b[6] + c; c = (out[6] >> 26); out[6] &= reduce_mask_26; + out[7] = a[7] + b[7] + c; c = (out[7] >> 25); out[7] &= reduce_mask_25; + out[8] = a[8] + b[8] + c; c = (out[8] >> 26); out[8] &= reduce_mask_26; + out[9] = a[9] + b[9] + c; c = (out[9] >> 25); out[9] &= reduce_mask_25; + out[0] += 19 * c; +} + +inline void +curve25519_add_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) { + word32 c; + out[0] = a[0] + b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26; + out[1] = a[1] + b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25; + out[2] = a[2] + b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26; + out[3] = a[3] + b[3] + c; c = (out[3] >> 25); out[3] &= reduce_mask_25; + out[4] = a[4] + b[4] + c; c = (out[4] >> 26); out[4] &= reduce_mask_26; + out[5] = a[5] + b[5] + c; c = (out[5] >> 25); out[5] &= reduce_mask_25; + out[6] = a[6] + b[6] + c; c = (out[6] >> 26); out[6] &= reduce_mask_26; + out[7] = a[7] + b[7] + c; c = (out[7] >> 25); out[7] &= reduce_mask_25; + out[8] = a[8] + b[8] + c; c = (out[8] >> 26); out[8] &= reduce_mask_26; + out[9] = a[9] + b[9] + c; c = (out[9] >> 25); out[9] &= reduce_mask_25; + out[0] += 19 * c; +} + +/* out = a - b */ +inline void +curve25519_sub(bignum25519 out, const bignum25519 a, const bignum25519 b) { + word32 c; + out[0] = twoP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26; + out[1] = twoP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25; + out[2] = twoP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26; + out[3] = twoP13579 + a[3] - b[3] + c; c = (out[3] >> 25); out[3] &= reduce_mask_25; + out[4] = twoP2468 + a[4] - b[4] + c; + out[5] = twoP13579 + a[5] - b[5] ; + out[6] = twoP2468 + a[6] - b[6] ; + out[7] = twoP13579 + a[7] - b[7] ; + out[8] = twoP2468 + a[8] - b[8] ; + out[9] = twoP13579 + a[9] - b[9] ; +} + +/* out = a - b, where a is the result of a basic op (add,sub) */ +inline void +curve25519_sub_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) { + word32 c; + out[0] = fourP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26; + out[1] = fourP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25; + out[2] = fourP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26; + out[3] = fourP13579 + a[3] - b[3] + c; c = (out[3] >> 25); out[3] &= reduce_mask_25; + out[4] = fourP2468 + a[4] - b[4] + c; c = (out[4] >> 26); out[4] &= reduce_mask_26; + out[5] = fourP13579 + a[5] - b[5] + c; c = (out[5] >> 25); out[5] &= reduce_mask_25; + out[6] = fourP2468 + a[6] - b[6] + c; c = (out[6] >> 26); out[6] &= reduce_mask_26; + out[7] = fourP13579 + a[7] - b[7] + c; c = (out[7] >> 25); out[7] &= reduce_mask_25; + out[8] = fourP2468 + a[8] - b[8] + c; c = (out[8] >> 26); out[8] &= reduce_mask_26; + out[9] = fourP13579 + a[9] - b[9] + c; c = (out[9] >> 25); out[9] &= reduce_mask_25; + out[0] += 19 * c; +} + +inline void +curve25519_sub_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) { + word32 c; + out[0] = fourP0 + a[0] - b[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26; + out[1] = fourP13579 + a[1] - b[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25; + out[2] = fourP2468 + a[2] - b[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26; + out[3] = fourP13579 + a[3] - b[3] + c; c = (out[3] >> 25); out[3] &= reduce_mask_25; + out[4] = fourP2468 + a[4] - b[4] + c; c = (out[4] >> 26); out[4] &= reduce_mask_26; + out[5] = fourP13579 + a[5] - b[5] + c; c = (out[5] >> 25); out[5] &= reduce_mask_25; + out[6] = fourP2468 + a[6] - b[6] + c; c = (out[6] >> 26); out[6] &= reduce_mask_26; + out[7] = fourP13579 + a[7] - b[7] + c; c = (out[7] >> 25); out[7] &= reduce_mask_25; + out[8] = fourP2468 + a[8] - b[8] + c; c = (out[8] >> 26); out[8] &= reduce_mask_26; + out[9] = fourP13579 + a[9] - b[9] + c; c = (out[9] >> 25); out[9] &= reduce_mask_25; + out[0] += 19 * c; +} + +/* out = -a */ +inline void +curve25519_neg(bignum25519 out, const bignum25519 a) { + word32 c; + out[0] = twoP0 - a[0] ; c = (out[0] >> 26); out[0] &= reduce_mask_26; + out[1] = twoP13579 - a[1] + c; c = (out[1] >> 25); out[1] &= reduce_mask_25; + out[2] = twoP2468 - a[2] + c; c = (out[2] >> 26); out[2] &= reduce_mask_26; + out[3] = twoP13579 - a[3] + c; c = (out[3] >> 25); out[3] &= reduce_mask_25; + out[4] = twoP2468 - a[4] + c; c = (out[4] >> 26); out[4] &= reduce_mask_26; + out[5] = twoP13579 - a[5] + c; c = (out[5] >> 25); out[5] &= reduce_mask_25; + out[6] = twoP2468 - a[6] + c; c = (out[6] >> 26); out[6] &= reduce_mask_26; + out[7] = twoP13579 - a[7] + c; c = (out[7] >> 25); out[7] &= reduce_mask_25; + out[8] = twoP2468 - a[8] + c; c = (out[8] >> 26); out[8] &= reduce_mask_26; + out[9] = twoP13579 - a[9] + c; c = (out[9] >> 25); out[9] &= reduce_mask_25; + out[0] += 19 * c; +} + +/* out = a * b */ +void +curve25519_mul(bignum25519 out, const bignum25519 a, const bignum25519 b) { + word32 r0,r1,r2,r3,r4,r5,r6,r7,r8,r9; + word32 s0,s1,s2,s3,s4,s5,s6,s7,s8,s9; + word64 m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c; + word32 p; + + r0 = b[0]; r1 = b[1]; + r2 = b[2]; r3 = b[3]; + r4 = b[4]; r5 = b[5]; + r6 = b[6]; r7 = b[7]; + r8 = b[8]; r9 = b[9]; + + s0 = a[0]; s1 = a[1]; + s2 = a[2]; s3 = a[3]; + s4 = a[4]; s5 = a[5]; + s6 = a[6]; s7 = a[7]; + s8 = a[8]; s9 = a[9]; + + m1 = mul32x32_64(r0, s1) + mul32x32_64(r1, s0); + m3 = mul32x32_64(r0, s3) + mul32x32_64(r1, s2) + mul32x32_64(r2, s1) + mul32x32_64(r3, s0); + m5 = mul32x32_64(r0, s5) + mul32x32_64(r1, s4) + mul32x32_64(r2, s3) + mul32x32_64(r3, s2) + mul32x32_64(r4, s1) + mul32x32_64(r5, s0); + m7 = mul32x32_64(r0, s7) + mul32x32_64(r1, s6) + mul32x32_64(r2, s5) + mul32x32_64(r3, s4) + mul32x32_64(r4, s3) + mul32x32_64(r5, s2) + mul32x32_64(r6, s1) + mul32x32_64(r7, s0); + m9 = mul32x32_64(r0, s9) + mul32x32_64(r1, s8) + mul32x32_64(r2, s7) + mul32x32_64(r3, s6) + mul32x32_64(r4, s5) + mul32x32_64(r5, s4) + mul32x32_64(r6, s3) + mul32x32_64(r7, s2) + mul32x32_64(r8, s1) + mul32x32_64(r9, s0); + + r1 *= 2; r3 *= 2; + r5 *= 2; r7 *= 2; + + m0 = mul32x32_64(r0, s0); + m2 = mul32x32_64(r0, s2) + mul32x32_64(r1, s1) + mul32x32_64(r2, s0); + m4 = mul32x32_64(r0, s4) + mul32x32_64(r1, s3) + mul32x32_64(r2, s2) + mul32x32_64(r3, s1) + mul32x32_64(r4, s0); + m6 = mul32x32_64(r0, s6) + mul32x32_64(r1, s5) + mul32x32_64(r2, s4) + mul32x32_64(r3, s3) + mul32x32_64(r4, s2) + mul32x32_64(r5, s1) + mul32x32_64(r6, s0); + m8 = mul32x32_64(r0, s8) + mul32x32_64(r1, s7) + mul32x32_64(r2, s6) + mul32x32_64(r3, s5) + mul32x32_64(r4, s4) + mul32x32_64(r5, s3) + mul32x32_64(r6, s2) + mul32x32_64(r7, s1) + mul32x32_64(r8, s0); + + r1 *= 19; r2 *= 19; + r3 = (r3 / 2) * 19; + r4 *= 19; + r5 = (r5 / 2) * 19; + r6 *= 19; + r7 = (r7 / 2) * 19; + r8 *= 19; r9 *= 19; + + m1 += (mul32x32_64(r9, s2) + mul32x32_64(r8, s3) + mul32x32_64(r7, s4) + mul32x32_64(r6, s5) + mul32x32_64(r5, s6) + mul32x32_64(r4, s7) + mul32x32_64(r3, s8) + mul32x32_64(r2, s9)); + m3 += (mul32x32_64(r9, s4) + mul32x32_64(r8, s5) + mul32x32_64(r7, s6) + mul32x32_64(r6, s7) + mul32x32_64(r5, s8) + mul32x32_64(r4, s9)); + m5 += (mul32x32_64(r9, s6) + mul32x32_64(r8, s7) + mul32x32_64(r7, s8) + mul32x32_64(r6, s9)); + m7 += (mul32x32_64(r9, s8) + mul32x32_64(r8, s9)); + + r3 *= 2; r5 *= 2; + r7 *= 2; r9 *= 2; + + m0 += (mul32x32_64(r9, s1) + mul32x32_64(r8, s2) + mul32x32_64(r7, s3) + mul32x32_64(r6, s4) + mul32x32_64(r5, s5) + mul32x32_64(r4, s6) + mul32x32_64(r3, s7) + mul32x32_64(r2, s8) + mul32x32_64(r1, s9)); + m2 += (mul32x32_64(r9, s3) + mul32x32_64(r8, s4) + mul32x32_64(r7, s5) + mul32x32_64(r6, s6) + mul32x32_64(r5, s7) + mul32x32_64(r4, s8) + mul32x32_64(r3, s9)); + m4 += (mul32x32_64(r9, s5) + mul32x32_64(r8, s6) + mul32x32_64(r7, s7) + mul32x32_64(r6, s8) + mul32x32_64(r5, s9)); + m6 += (mul32x32_64(r9, s7) + mul32x32_64(r8, s8) + mul32x32_64(r7, s9)); + m8 += (mul32x32_64(r9, s9)); + + r0 = (word32)m0 & reduce_mask_26; c = (m0 >> 26); + m1 += c; r1 = (word32)m1 & reduce_mask_25; c = (m1 >> 25); + m2 += c; r2 = (word32)m2 & reduce_mask_26; c = (m2 >> 26); + m3 += c; r3 = (word32)m3 & reduce_mask_25; c = (m3 >> 25); + m4 += c; r4 = (word32)m4 & reduce_mask_26; c = (m4 >> 26); + m5 += c; r5 = (word32)m5 & reduce_mask_25; c = (m5 >> 25); + m6 += c; r6 = (word32)m6 & reduce_mask_26; c = (m6 >> 26); + m7 += c; r7 = (word32)m7 & reduce_mask_25; c = (m7 >> 25); + m8 += c; r8 = (word32)m8 & reduce_mask_26; c = (m8 >> 26); + m9 += c; r9 = (word32)m9 & reduce_mask_25; p = (word32)(m9 >> 25); + m0 = r0 + mul32x32_64(p,19); r0 = (word32)m0 & reduce_mask_26; p = (word32)(m0 >> 26); + r1 += p; + + out[0] = r0; out[1] = r1; + out[2] = r2; out[3] = r3; + out[4] = r4; out[5] = r5; + out[6] = r6; out[7] = r7; + out[8] = r8; out[9] = r9; +} + +/* out = in*in */ +void +curve25519_square(bignum25519 out, const bignum25519 in) { + word32 r0,r1,r2,r3,r4,r5,r6,r7,r8,r9; + word32 d6,d7,d8,d9; + word64 m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c; + word32 p; + + r0 = in[0]; r1 = in[1]; + r2 = in[2]; r3 = in[3]; + r4 = in[4]; r5 = in[5]; + r6 = in[6]; r7 = in[7]; + r8 = in[8]; r9 = in[9]; + + m0 = mul32x32_64(r0, r0); + r0 *= 2; + m1 = mul32x32_64(r0, r1); + m2 = mul32x32_64(r0, r2) + mul32x32_64(r1, r1 * 2); + r1 *= 2; + m3 = mul32x32_64(r0, r3) + mul32x32_64(r1, r2 ); + m4 = mul32x32_64(r0, r4) + mul32x32_64(r1, r3 * 2) + mul32x32_64(r2, r2); + r2 *= 2; + m5 = mul32x32_64(r0, r5) + mul32x32_64(r1, r4 ) + mul32x32_64(r2, r3); + m6 = mul32x32_64(r0, r6) + mul32x32_64(r1, r5 * 2) + mul32x32_64(r2, r4) + mul32x32_64(r3, r3 * 2); + r3 *= 2; + m7 = mul32x32_64(r0, r7) + mul32x32_64(r1, r6 ) + mul32x32_64(r2, r5) + mul32x32_64(r3, r4 ); + m8 = mul32x32_64(r0, r8) + mul32x32_64(r1, r7 * 2) + mul32x32_64(r2, r6) + mul32x32_64(r3, r5 * 2) + mul32x32_64(r4, r4 ); + m9 = mul32x32_64(r0, r9) + mul32x32_64(r1, r8 ) + mul32x32_64(r2, r7) + mul32x32_64(r3, r6 ) + mul32x32_64(r4, r5 * 2); + + d6 = r6 * 19; + d7 = r7 * 2 * 19; + d8 = r8 * 19; + d9 = r9 * 2 * 19; + + m0 += (mul32x32_64(d9, r1 ) + mul32x32_64(d8, r2 ) + mul32x32_64(d7, r3 ) + mul32x32_64(d6, r4 * 2) + mul32x32_64(r5, r5 * 2 * 19)); + m1 += (mul32x32_64(d9, r2 / 2) + mul32x32_64(d8, r3 ) + mul32x32_64(d7, r4 ) + mul32x32_64(d6, r5 * 2)); + m2 += (mul32x32_64(d9, r3 ) + mul32x32_64(d8, r4 * 2) + mul32x32_64(d7, r5 * 2) + mul32x32_64(d6, r6 )); + m3 += (mul32x32_64(d9, r4 ) + mul32x32_64(d8, r5 * 2) + mul32x32_64(d7, r6 )); + m4 += (mul32x32_64(d9, r5 * 2) + mul32x32_64(d8, r6 * 2) + mul32x32_64(d7, r7 )); + m5 += (mul32x32_64(d9, r6 ) + mul32x32_64(d8, r7 * 2)); + m6 += (mul32x32_64(d9, r7 * 2) + mul32x32_64(d8, r8 )); + m7 += (mul32x32_64(d9, r8 )); + m8 += (mul32x32_64(d9, r9 )); + + r0 = (word32)m0 & reduce_mask_26; c = (m0 >> 26); + m1 += c; r1 = (word32)m1 & reduce_mask_25; c = (m1 >> 25); + m2 += c; r2 = (word32)m2 & reduce_mask_26; c = (m2 >> 26); + m3 += c; r3 = (word32)m3 & reduce_mask_25; c = (m3 >> 25); + m4 += c; r4 = (word32)m4 & reduce_mask_26; c = (m4 >> 26); + m5 += c; r5 = (word32)m5 & reduce_mask_25; c = (m5 >> 25); + m6 += c; r6 = (word32)m6 & reduce_mask_26; c = (m6 >> 26); + m7 += c; r7 = (word32)m7 & reduce_mask_25; c = (m7 >> 25); + m8 += c; r8 = (word32)m8 & reduce_mask_26; c = (m8 >> 26); + m9 += c; r9 = (word32)m9 & reduce_mask_25; p = (word32)(m9 >> 25); + m0 = r0 + mul32x32_64(p,19); r0 = (word32)m0 & reduce_mask_26; p = (word32)(m0 >> 26); + r1 += p; + + out[0] = r0; out[1] = r1; + out[2] = r2; out[3] = r3; + out[4] = r4; out[5] = r5; + out[6] = r6; out[7] = r7; + out[8] = r8; out[9] = r9; +} + +/* out = in ^ (2 * count) */ +void +curve25519_square_times(bignum25519 out, const bignum25519 in, int count) { + word32 r0,r1,r2,r3,r4,r5,r6,r7,r8,r9; + word32 d6,d7,d8,d9,p; + word64 m0,m1,m2,m3,m4,m5,m6,m7,m8,m9,c; + + r0 = in[0]; r1 = in[1]; + r2 = in[2]; r3 = in[3]; + r4 = in[4]; r5 = in[5]; + r6 = in[6]; r7 = in[7]; + r8 = in[8]; r9 = in[9]; + + do { + m0 = mul32x32_64(r0, r0); + r0 *= 2; + m1 = mul32x32_64(r0, r1); + m2 = mul32x32_64(r0, r2) + mul32x32_64(r1, r1 * 2); + r1 *= 2; + m3 = mul32x32_64(r0, r3) + mul32x32_64(r1, r2 ); + m4 = mul32x32_64(r0, r4) + mul32x32_64(r1, r3 * 2) + mul32x32_64(r2, r2); + r2 *= 2; + m5 = mul32x32_64(r0, r5) + mul32x32_64(r1, r4 ) + mul32x32_64(r2, r3); + m6 = mul32x32_64(r0, r6) + mul32x32_64(r1, r5 * 2) + mul32x32_64(r2, r4) + mul32x32_64(r3, r3 * 2); + r3 *= 2; + m7 = mul32x32_64(r0, r7) + mul32x32_64(r1, r6 ) + mul32x32_64(r2, r5) + mul32x32_64(r3, r4 ); + m8 = mul32x32_64(r0, r8) + mul32x32_64(r1, r7 * 2) + mul32x32_64(r2, r6) + mul32x32_64(r3, r5 * 2) + mul32x32_64(r4, r4 ); + m9 = mul32x32_64(r0, r9) + mul32x32_64(r1, r8 ) + mul32x32_64(r2, r7) + mul32x32_64(r3, r6 ) + mul32x32_64(r4, r5 * 2); + + d6 = r6 * 19; + d7 = r7 * 2 * 19; + d8 = r8 * 19; + d9 = r9 * 2 * 19; + + m0 += (mul32x32_64(d9, r1 ) + mul32x32_64(d8, r2 ) + mul32x32_64(d7, r3 ) + mul32x32_64(d6, r4 * 2) + mul32x32_64(r5, r5 * 2 * 19)); + m1 += (mul32x32_64(d9, r2 / 2) + mul32x32_64(d8, r3 ) + mul32x32_64(d7, r4 ) + mul32x32_64(d6, r5 * 2)); + m2 += (mul32x32_64(d9, r3 ) + mul32x32_64(d8, r4 * 2) + mul32x32_64(d7, r5 * 2) + mul32x32_64(d6, r6 )); + m3 += (mul32x32_64(d9, r4 ) + mul32x32_64(d8, r5 * 2) + mul32x32_64(d7, r6 )); + m4 += (mul32x32_64(d9, r5 * 2) + mul32x32_64(d8, r6 * 2) + mul32x32_64(d7, r7 )); + m5 += (mul32x32_64(d9, r6 ) + mul32x32_64(d8, r7 * 2)); + m6 += (mul32x32_64(d9, r7 * 2) + mul32x32_64(d8, r8 )); + m7 += (mul32x32_64(d9, r8 )); + m8 += (mul32x32_64(d9, r9 )); + + r0 = (word32)m0 & reduce_mask_26; c = (m0 >> 26); + m1 += c; r1 = (word32)m1 & reduce_mask_25; c = (m1 >> 25); + m2 += c; r2 = (word32)m2 & reduce_mask_26; c = (m2 >> 26); + m3 += c; r3 = (word32)m3 & reduce_mask_25; c = (m3 >> 25); + m4 += c; r4 = (word32)m4 & reduce_mask_26; c = (m4 >> 26); + m5 += c; r5 = (word32)m5 & reduce_mask_25; c = (m5 >> 25); + m6 += c; r6 = (word32)m6 & reduce_mask_26; c = (m6 >> 26); + m7 += c; r7 = (word32)m7 & reduce_mask_25; c = (m7 >> 25); + m8 += c; r8 = (word32)m8 & reduce_mask_26; c = (m8 >> 26); + m9 += c; r9 = (word32)m9 & reduce_mask_25; p = (word32)(m9 >> 25); + m0 = r0 + mul32x32_64(p,19); r0 = (word32)m0 & reduce_mask_26; p = (word32)(m0 >> 26); + r1 += p; + } while (--count); + + out[0] = r0; out[1] = r1; + out[2] = r2; out[3] = r3; + out[4] = r4; out[5] = r5; + out[6] = r6; out[7] = r7; + out[8] = r8; out[9] = r9; +} + +/* Take a little-endian, 32-byte number and expand it into polynomial form */ +void +curve25519_expand(bignum25519 out, const byte in[32]) { + word32 x0,x1,x2,x3,x4,x5,x6,x7; + GetBlock block(in); + block(x0)(x1)(x2)(x3)(x4)(x5)(x6)(x7); + + out[0] = ( x0 ) & 0x3ffffff; + out[1] = ((((word64)x1 << 32) | x0) >> 26) & 0x1ffffff; + out[2] = ((((word64)x2 << 32) | x1) >> 19) & 0x3ffffff; + out[3] = ((((word64)x3 << 32) | x2) >> 13) & 0x1ffffff; + out[4] = (( x3) >> 6) & 0x3ffffff; + out[5] = ( x4 ) & 0x1ffffff; + out[6] = ((((word64)x5 << 32) | x4) >> 25) & 0x3ffffff; + out[7] = ((((word64)x6 << 32) | x5) >> 19) & 0x1ffffff; + out[8] = ((((word64)x7 << 32) | x6) >> 12) & 0x3ffffff; + out[9] = (( x7) >> 6) & 0x1ffffff; +} + +/* Take a fully reduced polynomial form number and contract it into a + * little-endian, 32-byte array + */ +void +curve25519_contract(byte out[32], const bignum25519 in) { + bignum25519 f; + curve25519_copy(f, in); + + #define carry_pass() \ + f[1] += f[0] >> 26; f[0] &= reduce_mask_26; \ + f[2] += f[1] >> 25; f[1] &= reduce_mask_25; \ + f[3] += f[2] >> 26; f[2] &= reduce_mask_26; \ + f[4] += f[3] >> 25; f[3] &= reduce_mask_25; \ + f[5] += f[4] >> 26; f[4] &= reduce_mask_26; \ + f[6] += f[5] >> 25; f[5] &= reduce_mask_25; \ + f[7] += f[6] >> 26; f[6] &= reduce_mask_26; \ + f[8] += f[7] >> 25; f[7] &= reduce_mask_25; \ + f[9] += f[8] >> 26; f[8] &= reduce_mask_26; + + #define carry_pass_full() \ + carry_pass() \ + f[0] += 19 * (f[9] >> 25); f[9] &= reduce_mask_25; + + #define carry_pass_final() \ + carry_pass() \ + f[9] &= reduce_mask_25; + + carry_pass_full() + carry_pass_full() + + /* now t is between 0 and 2^255-1, properly carried. */ + /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ + f[0] += 19; + carry_pass_full() + + /* now between 19 and 2^255-1 in both cases, and offset by 19. */ + f[0] += (reduce_mask_26 + 1) - 19; + f[1] += (reduce_mask_25 + 1) - 1; + f[2] += (reduce_mask_26 + 1) - 1; + f[3] += (reduce_mask_25 + 1) - 1; + f[4] += (reduce_mask_26 + 1) - 1; + f[5] += (reduce_mask_25 + 1) - 1; + f[6] += (reduce_mask_26 + 1) - 1; + f[7] += (reduce_mask_25 + 1) - 1; + f[8] += (reduce_mask_26 + 1) - 1; + f[9] += (reduce_mask_25 + 1) - 1; + + /* now between 2^255 and 2^256-20, and offset by 2^255. */ + carry_pass_final() + + #undef carry_pass + #undef carry_full + #undef carry_final + + f[1] <<= 2; f[2] <<= 3; + f[3] <<= 5; f[4] <<= 6; + f[6] <<= 1; f[7] <<= 3; + f[8] <<= 4; f[9] <<= 6; + + #define F(i, s) \ + out[s+0] |= (byte)( f[i] & 0xff); \ + out[s+1] = (byte)((f[i] >> 8) & 0xff); \ + out[s+2] = (byte)((f[i] >> 16) & 0xff); \ + out[s+3] = (byte)((f[i] >> 24) & 0xff); + + out[0] = out[16] = 0; + F(0,0); F(1,3); + F(2,6); F(3,9); + F(4,12); F(5,16); + F(6,19); F(7,22); + F(8,25); F(9,28); + #undef F +} + +/* out = (flag) ? in : out */ +inline void +curve25519_move_conditional_bytes(byte out[96], const byte in[96], word32 flag) { + const word32 nb = flag - 1, b = ~nb; + const word32 *inl = (const word32 *)in; + word32 *outl = (word32 *)out; + outl[0] = (outl[0] & nb) | (inl[0] & b); + outl[1] = (outl[1] & nb) | (inl[1] & b); + outl[2] = (outl[2] & nb) | (inl[2] & b); + outl[3] = (outl[3] & nb) | (inl[3] & b); + outl[4] = (outl[4] & nb) | (inl[4] & b); + outl[5] = (outl[5] & nb) | (inl[5] & b); + outl[6] = (outl[6] & nb) | (inl[6] & b); + outl[7] = (outl[7] & nb) | (inl[7] & b); + outl[8] = (outl[8] & nb) | (inl[8] & b); + outl[9] = (outl[9] & nb) | (inl[9] & b); + outl[10] = (outl[10] & nb) | (inl[10] & b); + outl[11] = (outl[11] & nb) | (inl[11] & b); + outl[12] = (outl[12] & nb) | (inl[12] & b); + outl[13] = (outl[13] & nb) | (inl[13] & b); + outl[14] = (outl[14] & nb) | (inl[14] & b); + outl[15] = (outl[15] & nb) | (inl[15] & b); + outl[16] = (outl[16] & nb) | (inl[16] & b); + outl[17] = (outl[17] & nb) | (inl[17] & b); + outl[18] = (outl[18] & nb) | (inl[18] & b); + outl[19] = (outl[19] & nb) | (inl[19] & b); + outl[20] = (outl[20] & nb) | (inl[20] & b); + outl[21] = (outl[21] & nb) | (inl[21] & b); + outl[22] = (outl[22] & nb) | (inl[22] & b); + outl[23] = (outl[23] & nb) | (inl[23] & b); +} + +/* if (iswap) swap(a, b) */ +inline void +curve25519_swap_conditional(bignum25519 a, bignum25519 b, word32 iswap) { + const word32 swap = (word32)(-(sword32)iswap); + word32 x0,x1,x2,x3,x4,x5,x6,x7,x8,x9; + + x0 = swap & (a[0] ^ b[0]); a[0] ^= x0; b[0] ^= x0; + x1 = swap & (a[1] ^ b[1]); a[1] ^= x1; b[1] ^= x1; + x2 = swap & (a[2] ^ b[2]); a[2] ^= x2; b[2] ^= x2; + x3 = swap & (a[3] ^ b[3]); a[3] ^= x3; b[3] ^= x3; + x4 = swap & (a[4] ^ b[4]); a[4] ^= x4; b[4] ^= x4; + x5 = swap & (a[5] ^ b[5]); a[5] ^= x5; b[5] ^= x5; + x6 = swap & (a[6] ^ b[6]); a[6] ^= x6; b[6] ^= x6; + x7 = swap & (a[7] ^ b[7]); a[7] ^= x7; b[7] ^= x7; + x8 = swap & (a[8] ^ b[8]); a[8] ^= x8; b[8] ^= x8; + x9 = swap & (a[9] ^ b[9]); a[9] ^= x9; b[9] ^= x9; +} + +/* + * In: b = 2^5 - 2^0 + * Out: b = 2^250 - 2^0 + */ +void +curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) { + ALIGN(16) bignum25519 t0,c; + + /* 2^5 - 2^0 */ /* b */ + /* 2^10 - 2^5 */ curve25519_square_times(t0, b, 5); + /* 2^10 - 2^0 */ curve25519_mul(b, t0, b); + /* 2^20 - 2^10 */ curve25519_square_times(t0, b, 10); + /* 2^20 - 2^0 */ curve25519_mul(c, t0, b); + /* 2^40 - 2^20 */ curve25519_square_times(t0, c, 20); + /* 2^40 - 2^0 */ curve25519_mul(t0, t0, c); + /* 2^50 - 2^10 */ curve25519_square_times(t0, t0, 10); + /* 2^50 - 2^0 */ curve25519_mul(b, t0, b); + /* 2^100 - 2^50 */ curve25519_square_times(t0, b, 50); + /* 2^100 - 2^0 */ curve25519_mul(c, t0, b); + /* 2^200 - 2^100 */ curve25519_square_times(t0, c, 100); + /* 2^200 - 2^0 */ curve25519_mul(t0, t0, c); + /* 2^250 - 2^50 */ curve25519_square_times(t0, t0, 50); + /* 2^250 - 2^0 */ curve25519_mul(b, t0, b); +} + +/* + * z^(p - 2) = z(2^255 - 21) + */ +void +curve25519_recip(bignum25519 out, const bignum25519 z) { + ALIGN(16) bignum25519 a,t0,b; + + /* 2 */ curve25519_square_times(a, z, 1); /* a = 2 */ + /* 8 */ curve25519_square_times(t0, a, 2); + /* 9 */ curve25519_mul(b, t0, z); /* b = 9 */ + /* 11 */ curve25519_mul(a, b, a); /* a = 11 */ + /* 22 */ curve25519_square_times(t0, a, 1); + /* 2^5 - 2^0 = 31 */ curve25519_mul(b, t0, b); + /* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b); + /* 2^255 - 2^5 */ curve25519_square_times(b, b, 5); + /* 2^255 - 21 */ curve25519_mul(out, b, a); +} + +/* + * z^((p-5)/8) = z^(2^252 - 3) + */ +void +curve25519_pow_two252m3(bignum25519 two252m3, const bignum25519 z) { + ALIGN(16) bignum25519 b,c,t0; + + /* 2 */ curve25519_square_times(c, z, 1); /* c = 2 */ + /* 8 */ curve25519_square_times(t0, c, 2); /* t0 = 8 */ + /* 9 */ curve25519_mul(b, t0, z); /* b = 9 */ + /* 11 */ curve25519_mul(c, b, c); /* c = 11 */ + /* 22 */ curve25519_square_times(t0, c, 1); + /* 2^5 - 2^0 = 31 */ curve25519_mul(b, t0, b); + /* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b); + /* 2^252 - 2^2 */ curve25519_square_times(b, b, 2); + /* 2^252 - 3 */ curve25519_mul(two252m3, b, z); +} + +inline void +ed25519_hash(byte *hash, const byte *in, size_t inlen) { + SHA512().CalculateDigest(hash, in, inlen); +} + +inline void +ed25519_extsk(hash_512bits extsk, const byte sk[32]) { + ed25519_hash(extsk, sk, 32); + extsk[0] &= 248; + extsk[31] &= 127; + extsk[31] |= 64; +} + +void +ed25519_hram(hash_512bits hram, const byte RS[64], const byte pk[32], const unsigned char *m, size_t mlen) { + SHA512 hash; + hash.Update(RS, 32); + hash.Update(pk, 32); + hash.Update(m, mlen); + hash.Final(hram); +} + +inline bignum256modm_element_t +lt_modm(bignum256modm_element_t a, bignum256modm_element_t b) { + return (a - b) >> 31; +} + +/* see HAC, Alg. 14.42 Step 4 */ +void +reduce256_modm(bignum256modm r) { + bignum256modm t; + bignum256modm_element_t b = 0, pb, mask; + + /* t = r - m */ + pb = 0; + pb += modm_m[0]; b = lt_modm(r[0], pb); t[0] = (r[0] - pb + (b << 30)); pb = b; + pb += modm_m[1]; b = lt_modm(r[1], pb); t[1] = (r[1] - pb + (b << 30)); pb = b; + pb += modm_m[2]; b = lt_modm(r[2], pb); t[2] = (r[2] - pb + (b << 30)); pb = b; + pb += modm_m[3]; b = lt_modm(r[3], pb); t[3] = (r[3] - pb + (b << 30)); pb = b; + pb += modm_m[4]; b = lt_modm(r[4], pb); t[4] = (r[4] - pb + (b << 30)); pb = b; + pb += modm_m[5]; b = lt_modm(r[5], pb); t[5] = (r[5] - pb + (b << 30)); pb = b; + pb += modm_m[6]; b = lt_modm(r[6], pb); t[6] = (r[6] - pb + (b << 30)); pb = b; + pb += modm_m[7]; b = lt_modm(r[7], pb); t[7] = (r[7] - pb + (b << 30)); pb = b; + pb += modm_m[8]; b = lt_modm(r[8], pb); t[8] = (r[8] - pb + (b << 16)); + + /* keep r if r was smaller than m */ + mask = b - 1; + r[0] ^= mask & (r[0] ^ t[0]); + r[1] ^= mask & (r[1] ^ t[1]); + r[2] ^= mask & (r[2] ^ t[2]); + r[3] ^= mask & (r[3] ^ t[3]); + r[4] ^= mask & (r[4] ^ t[4]); + r[5] ^= mask & (r[5] ^ t[5]); + r[6] ^= mask & (r[6] ^ t[6]); + r[7] ^= mask & (r[7] ^ t[7]); + r[8] ^= mask & (r[8] ^ t[8]); +} + +/* Barrett reduction, see HAC, Alg. 14.42 */ +void +barrett_reduce256_modm(bignum256modm r, const bignum256modm q1, const bignum256modm r1) { + bignum256modm q3, r2; + word64 c; + bignum256modm_element_t f, b, pb; + + /* q1 = x >> 248 = 264 bits = 9 30 bit elements + q2 = mu * q1 + q3 = (q2 / 256(32+1)) = q2 / (2^8)^(32+1) = q2 >> 264 + */ + c = mul32x32_64(modm_mu[0], q1[7]) + mul32x32_64(modm_mu[1], q1[6]) + mul32x32_64(modm_mu[2], q1[5]) + mul32x32_64(modm_mu[3], q1[4]) + mul32x32_64(modm_mu[4], q1[3]) + mul32x32_64(modm_mu[5], q1[2]) + mul32x32_64(modm_mu[6], q1[1]) + mul32x32_64(modm_mu[7], q1[0]); + c >>= 30; + c += mul32x32_64(modm_mu[0], q1[8]) + mul32x32_64(modm_mu[1], q1[7]) + mul32x32_64(modm_mu[2], q1[6]) + mul32x32_64(modm_mu[3], q1[5]) + mul32x32_64(modm_mu[4], q1[4]) + mul32x32_64(modm_mu[5], q1[3]) + mul32x32_64(modm_mu[6], q1[2]) + mul32x32_64(modm_mu[7], q1[1]) + mul32x32_64(modm_mu[8], q1[0]); + f = (bignum256modm_element_t)c; q3[0] = (f >> 24) & 0x3f; c >>= 30; + c += mul32x32_64(modm_mu[1], q1[8]) + mul32x32_64(modm_mu[2], q1[7]) + mul32x32_64(modm_mu[3], q1[6]) + mul32x32_64(modm_mu[4], q1[5]) + mul32x32_64(modm_mu[5], q1[4]) + mul32x32_64(modm_mu[6], q1[3]) + mul32x32_64(modm_mu[7], q1[2]) + mul32x32_64(modm_mu[8], q1[1]); + f = (bignum256modm_element_t)c; q3[0] |= (f << 6) & 0x3fffffff; q3[1] = (f >> 24) & 0x3f; c >>= 30; + c += mul32x32_64(modm_mu[2], q1[8]) + mul32x32_64(modm_mu[3], q1[7]) + mul32x32_64(modm_mu[4], q1[6]) + mul32x32_64(modm_mu[5], q1[5]) + mul32x32_64(modm_mu[6], q1[4]) + mul32x32_64(modm_mu[7], q1[3]) + mul32x32_64(modm_mu[8], q1[2]); + f = (bignum256modm_element_t)c; q3[1] |= (f << 6) & 0x3fffffff; q3[2] = (f >> 24) & 0x3f; c >>= 30; + c += mul32x32_64(modm_mu[3], q1[8]) + mul32x32_64(modm_mu[4], q1[7]) + mul32x32_64(modm_mu[5], q1[6]) + mul32x32_64(modm_mu[6], q1[5]) + mul32x32_64(modm_mu[7], q1[4]) + mul32x32_64(modm_mu[8], q1[3]); + f = (bignum256modm_element_t)c; q3[2] |= (f << 6) & 0x3fffffff; q3[3] = (f >> 24) & 0x3f; c >>= 30; + c += mul32x32_64(modm_mu[4], q1[8]) + mul32x32_64(modm_mu[5], q1[7]) + mul32x32_64(modm_mu[6], q1[6]) + mul32x32_64(modm_mu[7], q1[5]) + mul32x32_64(modm_mu[8], q1[4]); + f = (bignum256modm_element_t)c; q3[3] |= (f << 6) & 0x3fffffff; q3[4] = (f >> 24) & 0x3f; c >>= 30; + c += mul32x32_64(modm_mu[5], q1[8]) + mul32x32_64(modm_mu[6], q1[7]) + mul32x32_64(modm_mu[7], q1[6]) + mul32x32_64(modm_mu[8], q1[5]); + f = (bignum256modm_element_t)c; q3[4] |= (f << 6) & 0x3fffffff; q3[5] = (f >> 24) & 0x3f; c >>= 30; + c += mul32x32_64(modm_mu[6], q1[8]) + mul32x32_64(modm_mu[7], q1[7]) + mul32x32_64(modm_mu[8], q1[6]); + f = (bignum256modm_element_t)c; q3[5] |= (f << 6) & 0x3fffffff; q3[6] = (f >> 24) & 0x3f; c >>= 30; + c += mul32x32_64(modm_mu[7], q1[8]) + mul32x32_64(modm_mu[8], q1[7]); + f = (bignum256modm_element_t)c; q3[6] |= (f << 6) & 0x3fffffff; q3[7] = (f >> 24) & 0x3f; c >>= 30; + c += mul32x32_64(modm_mu[8], q1[8]); + f = (bignum256modm_element_t)c; q3[7] |= (f << 6) & 0x3fffffff; q3[8] = (bignum256modm_element_t)(c >> 24); + + /* r1 = (x mod 256^(32+1)) = x mod (2^8)(31+1) = x & ((1 << 264) - 1) + r2 = (q3 * m) mod (256^(32+1)) = (q3 * m) & ((1 << 264) - 1) + */ + c = mul32x32_64(modm_m[0], q3[0]); + r2[0] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30; + c += mul32x32_64(modm_m[0], q3[1]) + mul32x32_64(modm_m[1], q3[0]); + r2[1] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30; + c += mul32x32_64(modm_m[0], q3[2]) + mul32x32_64(modm_m[1], q3[1]) + mul32x32_64(modm_m[2], q3[0]); + r2[2] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30; + c += mul32x32_64(modm_m[0], q3[3]) + mul32x32_64(modm_m[1], q3[2]) + mul32x32_64(modm_m[2], q3[1]) + mul32x32_64(modm_m[3], q3[0]); + r2[3] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30; + c += mul32x32_64(modm_m[0], q3[4]) + mul32x32_64(modm_m[1], q3[3]) + mul32x32_64(modm_m[2], q3[2]) + mul32x32_64(modm_m[3], q3[1]) + mul32x32_64(modm_m[4], q3[0]); + r2[4] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30; + c += mul32x32_64(modm_m[0], q3[5]) + mul32x32_64(modm_m[1], q3[4]) + mul32x32_64(modm_m[2], q3[3]) + mul32x32_64(modm_m[3], q3[2]) + mul32x32_64(modm_m[4], q3[1]) + mul32x32_64(modm_m[5], q3[0]); + r2[5] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30; + c += mul32x32_64(modm_m[0], q3[6]) + mul32x32_64(modm_m[1], q3[5]) + mul32x32_64(modm_m[2], q3[4]) + mul32x32_64(modm_m[3], q3[3]) + mul32x32_64(modm_m[4], q3[2]) + mul32x32_64(modm_m[5], q3[1]) + mul32x32_64(modm_m[6], q3[0]); + r2[6] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30; + c += mul32x32_64(modm_m[0], q3[7]) + mul32x32_64(modm_m[1], q3[6]) + mul32x32_64(modm_m[2], q3[5]) + mul32x32_64(modm_m[3], q3[4]) + mul32x32_64(modm_m[4], q3[3]) + mul32x32_64(modm_m[5], q3[2]) + mul32x32_64(modm_m[6], q3[1]) + mul32x32_64(modm_m[7], q3[0]); + r2[7] = (bignum256modm_element_t)(c & 0x3fffffff); c >>= 30; + c += mul32x32_64(modm_m[0], q3[8]) + mul32x32_64(modm_m[1], q3[7]) + mul32x32_64(modm_m[2], q3[6]) + mul32x32_64(modm_m[3], q3[5]) + mul32x32_64(modm_m[4], q3[4]) + mul32x32_64(modm_m[5], q3[3]) + mul32x32_64(modm_m[6], q3[2]) + mul32x32_64(modm_m[7], q3[1]) + mul32x32_64(modm_m[8], q3[0]); + r2[8] = (bignum256modm_element_t)(c & 0xffffff); + + /* r = r1 - r2 + if (r < 0) r += (1 << 264) */ + pb = 0; + pb += r2[0]; b = lt_modm(r1[0], pb); r[0] = (r1[0] - pb + (b << 30)); pb = b; + pb += r2[1]; b = lt_modm(r1[1], pb); r[1] = (r1[1] - pb + (b << 30)); pb = b; + pb += r2[2]; b = lt_modm(r1[2], pb); r[2] = (r1[2] - pb + (b << 30)); pb = b; + pb += r2[3]; b = lt_modm(r1[3], pb); r[3] = (r1[3] - pb + (b << 30)); pb = b; + pb += r2[4]; b = lt_modm(r1[4], pb); r[4] = (r1[4] - pb + (b << 30)); pb = b; + pb += r2[5]; b = lt_modm(r1[5], pb); r[5] = (r1[5] - pb + (b << 30)); pb = b; + pb += r2[6]; b = lt_modm(r1[6], pb); r[6] = (r1[6] - pb + (b << 30)); pb = b; + pb += r2[7]; b = lt_modm(r1[7], pb); r[7] = (r1[7] - pb + (b << 30)); pb = b; + pb += r2[8]; b = lt_modm(r1[8], pb); r[8] = (r1[8] - pb + (b << 24)); + + reduce256_modm(r); + reduce256_modm(r); +} + +/* addition modulo m */ +void +add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) { + bignum256modm_element_t c; + + c = x[0] + y[0]; r[0] = c & 0x3fffffff; c >>= 30; + c += x[1] + y[1]; r[1] = c & 0x3fffffff; c >>= 30; + c += x[2] + y[2]; r[2] = c & 0x3fffffff; c >>= 30; + c += x[3] + y[3]; r[3] = c & 0x3fffffff; c >>= 30; + c += x[4] + y[4]; r[4] = c & 0x3fffffff; c >>= 30; + c += x[5] + y[5]; r[5] = c & 0x3fffffff; c >>= 30; + c += x[6] + y[6]; r[6] = c & 0x3fffffff; c >>= 30; + c += x[7] + y[7]; r[7] = c & 0x3fffffff; c >>= 30; + c += x[8] + y[8]; r[8] = c; + + reduce256_modm(r); +} + +/* multiplication modulo m */ +void +mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) { + bignum256modm r1, q1; + word64 c; + bignum256modm_element_t f; + + c = mul32x32_64(x[0], y[0]); + f = (bignum256modm_element_t)c; r1[0] = (f & 0x3fffffff); c >>= 30; + c += mul32x32_64(x[0], y[1]) + mul32x32_64(x[1], y[0]); + f = (bignum256modm_element_t)c; r1[1] = (f & 0x3fffffff); c >>= 30; + c += mul32x32_64(x[0], y[2]) + mul32x32_64(x[1], y[1]) + mul32x32_64(x[2], y[0]); + f = (bignum256modm_element_t)c; r1[2] = (f & 0x3fffffff); c >>= 30; + c += mul32x32_64(x[0], y[3]) + mul32x32_64(x[1], y[2]) + mul32x32_64(x[2], y[1]) + mul32x32_64(x[3], y[0]); + f = (bignum256modm_element_t)c; r1[3] = (f & 0x3fffffff); c >>= 30; + c += mul32x32_64(x[0], y[4]) + mul32x32_64(x[1], y[3]) + mul32x32_64(x[2], y[2]) + mul32x32_64(x[3], y[1]) + mul32x32_64(x[4], y[0]); + f = (bignum256modm_element_t)c; r1[4] = (f & 0x3fffffff); c >>= 30; + c += mul32x32_64(x[0], y[5]) + mul32x32_64(x[1], y[4]) + mul32x32_64(x[2], y[3]) + mul32x32_64(x[3], y[2]) + mul32x32_64(x[4], y[1]) + mul32x32_64(x[5], y[0]); + f = (bignum256modm_element_t)c; r1[5] = (f & 0x3fffffff); c >>= 30; + c += mul32x32_64(x[0], y[6]) + mul32x32_64(x[1], y[5]) + mul32x32_64(x[2], y[4]) + mul32x32_64(x[3], y[3]) + mul32x32_64(x[4], y[2]) + mul32x32_64(x[5], y[1]) + mul32x32_64(x[6], y[0]); + f = (bignum256modm_element_t)c; r1[6] = (f & 0x3fffffff); c >>= 30; + c += mul32x32_64(x[0], y[7]) + mul32x32_64(x[1], y[6]) + mul32x32_64(x[2], y[5]) + mul32x32_64(x[3], y[4]) + mul32x32_64(x[4], y[3]) + mul32x32_64(x[5], y[2]) + mul32x32_64(x[6], y[1]) + mul32x32_64(x[7], y[0]); + f = (bignum256modm_element_t)c; r1[7] = (f & 0x3fffffff); c >>= 30; + c += mul32x32_64(x[0], y[8]) + mul32x32_64(x[1], y[7]) + mul32x32_64(x[2], y[6]) + mul32x32_64(x[3], y[5]) + mul32x32_64(x[4], y[4]) + mul32x32_64(x[5], y[3]) + mul32x32_64(x[6], y[2]) + mul32x32_64(x[7], y[1]) + mul32x32_64(x[8], y[0]); + f = (bignum256modm_element_t)c; r1[8] = (f & 0x00ffffff); q1[0] = (f >> 8) & 0x3fffff; c >>= 30; + c += mul32x32_64(x[1], y[8]) + mul32x32_64(x[2], y[7]) + mul32x32_64(x[3], y[6]) + mul32x32_64(x[4], y[5]) + mul32x32_64(x[5], y[4]) + mul32x32_64(x[6], y[3]) + mul32x32_64(x[7], y[2]) + mul32x32_64(x[8], y[1]); + f = (bignum256modm_element_t)c; q1[0] = (q1[0] | (f << 22)) & 0x3fffffff; q1[1] = (f >> 8) & 0x3fffff; c >>= 30; + c += mul32x32_64(x[2], y[8]) + mul32x32_64(x[3], y[7]) + mul32x32_64(x[4], y[6]) + mul32x32_64(x[5], y[5]) + mul32x32_64(x[6], y[4]) + mul32x32_64(x[7], y[3]) + mul32x32_64(x[8], y[2]); + f = (bignum256modm_element_t)c; q1[1] = (q1[1] | (f << 22)) & 0x3fffffff; q1[2] = (f >> 8) & 0x3fffff; c >>= 30; + c += mul32x32_64(x[3], y[8]) + mul32x32_64(x[4], y[7]) + mul32x32_64(x[5], y[6]) + mul32x32_64(x[6], y[5]) + mul32x32_64(x[7], y[4]) + mul32x32_64(x[8], y[3]); + f = (bignum256modm_element_t)c; q1[2] = (q1[2] | (f << 22)) & 0x3fffffff; q1[3] = (f >> 8) & 0x3fffff; c >>= 30; + c += mul32x32_64(x[4], y[8]) + mul32x32_64(x[5], y[7]) + mul32x32_64(x[6], y[6]) + mul32x32_64(x[7], y[5]) + mul32x32_64(x[8], y[4]); + f = (bignum256modm_element_t)c; q1[3] = (q1[3] | (f << 22)) & 0x3fffffff; q1[4] = (f >> 8) & 0x3fffff; c >>= 30; + c += mul32x32_64(x[5], y[8]) + mul32x32_64(x[6], y[7]) + mul32x32_64(x[7], y[6]) + mul32x32_64(x[8], y[5]); + f = (bignum256modm_element_t)c; q1[4] = (q1[4] | (f << 22)) & 0x3fffffff; q1[5] = (f >> 8) & 0x3fffff; c >>= 30; + c += mul32x32_64(x[6], y[8]) + mul32x32_64(x[7], y[7]) + mul32x32_64(x[8], y[6]); + f = (bignum256modm_element_t)c; q1[5] = (q1[5] | (f << 22)) & 0x3fffffff; q1[6] = (f >> 8) & 0x3fffff; c >>= 30; + c += mul32x32_64(x[7], y[8]) + mul32x32_64(x[8], y[7]); + f = (bignum256modm_element_t)c; q1[6] = (q1[6] | (f << 22)) & 0x3fffffff; q1[7] = (f >> 8) & 0x3fffff; c >>= 30; + c += mul32x32_64(x[8], y[8]); + f = (bignum256modm_element_t)c; q1[7] = (q1[7] | (f << 22)) & 0x3fffffff; q1[8] = (f >> 8) & 0x3fffff; + + barrett_reduce256_modm(r, q1, r1); +} + +void +expand256_modm(bignum256modm out, const byte *in, size_t len) { + byte work[64] = {0}; + bignum256modm_element_t x[16]; + bignum256modm q1; + + memcpy(work, in, len); + x[0] = U8TO32_LE(work + 0); + x[1] = U8TO32_LE(work + 4); + x[2] = U8TO32_LE(work + 8); + x[3] = U8TO32_LE(work + 12); + x[4] = U8TO32_LE(work + 16); + x[5] = U8TO32_LE(work + 20); + x[6] = U8TO32_LE(work + 24); + x[7] = U8TO32_LE(work + 28); + x[8] = U8TO32_LE(work + 32); + x[9] = U8TO32_LE(work + 36); + x[10] = U8TO32_LE(work + 40); + x[11] = U8TO32_LE(work + 44); + x[12] = U8TO32_LE(work + 48); + x[13] = U8TO32_LE(work + 52); + x[14] = U8TO32_LE(work + 56); + x[15] = U8TO32_LE(work + 60); + + /* r1 = (x mod 256^(32+1)) = x mod (2^8)(31+1) = x & ((1 << 264) - 1) */ + out[0] = ( x[0]) & 0x3fffffff; + out[1] = ((x[ 0] >> 30) | (x[ 1] << 2)) & 0x3fffffff; + out[2] = ((x[ 1] >> 28) | (x[ 2] << 4)) & 0x3fffffff; + out[3] = ((x[ 2] >> 26) | (x[ 3] << 6)) & 0x3fffffff; + out[4] = ((x[ 3] >> 24) | (x[ 4] << 8)) & 0x3fffffff; + out[5] = ((x[ 4] >> 22) | (x[ 5] << 10)) & 0x3fffffff; + out[6] = ((x[ 5] >> 20) | (x[ 6] << 12)) & 0x3fffffff; + out[7] = ((x[ 6] >> 18) | (x[ 7] << 14)) & 0x3fffffff; + out[8] = ((x[ 7] >> 16) | (x[ 8] << 16)) & 0x00ffffff; + + /* 8*31 = 248 bits, no need to reduce */ + if (len < 32) + return; + + /* q1 = x >> 248 = 264 bits = 9 30 bit elements */ + q1[0] = ((x[ 7] >> 24) | (x[ 8] << 8)) & 0x3fffffff; + q1[1] = ((x[ 8] >> 22) | (x[ 9] << 10)) & 0x3fffffff; + q1[2] = ((x[ 9] >> 20) | (x[10] << 12)) & 0x3fffffff; + q1[3] = ((x[10] >> 18) | (x[11] << 14)) & 0x3fffffff; + q1[4] = ((x[11] >> 16) | (x[12] << 16)) & 0x3fffffff; + q1[5] = ((x[12] >> 14) | (x[13] << 18)) & 0x3fffffff; + q1[6] = ((x[13] >> 12) | (x[14] << 20)) & 0x3fffffff; + q1[7] = ((x[14] >> 10) | (x[15] << 22)) & 0x3fffffff; + q1[8] = ((x[15] >> 8) ); + + barrett_reduce256_modm(out, q1, out); +} + +void +expand_raw256_modm(bignum256modm out, const byte in[32]) { + bignum256modm_element_t x[8]; + + x[0] = U8TO32_LE(in + 0); + x[1] = U8TO32_LE(in + 4); + x[2] = U8TO32_LE(in + 8); + x[3] = U8TO32_LE(in + 12); + x[4] = U8TO32_LE(in + 16); + x[5] = U8TO32_LE(in + 20); + x[6] = U8TO32_LE(in + 24); + x[7] = U8TO32_LE(in + 28); + + out[0] = ( x[0]) & 0x3fffffff; + out[1] = ((x[ 0] >> 30) | (x[ 1] << 2)) & 0x3fffffff; + out[2] = ((x[ 1] >> 28) | (x[ 2] << 4)) & 0x3fffffff; + out[3] = ((x[ 2] >> 26) | (x[ 3] << 6)) & 0x3fffffff; + out[4] = ((x[ 3] >> 24) | (x[ 4] << 8)) & 0x3fffffff; + out[5] = ((x[ 4] >> 22) | (x[ 5] << 10)) & 0x3fffffff; + out[6] = ((x[ 5] >> 20) | (x[ 6] << 12)) & 0x3fffffff; + out[7] = ((x[ 6] >> 18) | (x[ 7] << 14)) & 0x3fffffff; + out[8] = ((x[ 7] >> 16) ) & 0x0000ffff; +} + +void +contract256_modm(byte out[32], const bignum256modm in) { + U32TO8_LE(out + 0, (in[0] ) | (in[1] << 30)); + U32TO8_LE(out + 4, (in[1] >> 2) | (in[2] << 28)); + U32TO8_LE(out + 8, (in[2] >> 4) | (in[3] << 26)); + U32TO8_LE(out + 12, (in[3] >> 6) | (in[4] << 24)); + U32TO8_LE(out + 16, (in[4] >> 8) | (in[5] << 22)); + U32TO8_LE(out + 20, (in[5] >> 10) | (in[6] << 20)); + U32TO8_LE(out + 24, (in[6] >> 12) | (in[7] << 18)); + U32TO8_LE(out + 28, (in[7] >> 14) | (in[8] << 16)); +} + +void +contract256_window4_modm(signed char r[64], const bignum256modm in) { + char carry; + signed char *quads = r; + bignum256modm_element_t i, j, v; + + for (i = 0; i < 8; i += 2) { + v = in[i]; + for (j = 0; j < 7; j++) { + *quads++ = (v & 15); + v >>= 4; + } + v |= (in[i+1] << 2); + for (j = 0; j < 8; j++) { + *quads++ = (v & 15); + v >>= 4; + } + } + + v = in[8]; + *quads++ = (v & 15); v >>= 4; + *quads++ = (v & 15); v >>= 4; + *quads++ = (v & 15); v >>= 4; + *quads++ = (v & 15); v >>= 4; + + /* making it signed */ + carry = 0; + for(i = 0; i < 63; i++) { + r[i] += carry; + r[i+1] += (r[i] >> 4); + r[i] &= 15; + carry = (r[i] >> 3); + r[i] -= (carry << 4); + } + r[63] += carry; +} + +void +contract256_slidingwindow_modm(signed char r[256], const bignum256modm s, int windowsize) { + int i,j,k,b; + int m = (1 << (windowsize - 1)) - 1, soplen = 256; + signed char *bits = r; + bignum256modm_element_t v; + + /* first put the binary expansion into r */ + for (i = 0; i < 8; i++) { + v = s[i]; + for (j = 0; j < 30; j++, v >>= 1) + *bits++ = (v & 1); + } + v = s[8]; + for (j = 0; j < 16; j++, v >>= 1) + *bits++ = (v & 1); + + /* Making it sliding window */ + for (j = 0; j < soplen; j++) { + if (!r[j]) + continue; + + for (b = 1; (b < (soplen - j)) && (b <= 6); b++) { + if ((r[j] + (r[j + b] << b)) <= m) { + r[j] += r[j + b] << b; + r[j + b] = 0; + } else if ((r[j] - (r[j + b] << b)) >= -m) { + r[j] -= r[j + b] << b; + for (k = j + b; k < soplen; k++) { + if (!r[k]) { + r[k] = 1; + break; + } + r[k] = 0; + } + } else if (r[j + b]) { + break; + } + } + } +} + +inline void +ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) { + curve25519_mul(r->x, p->x, p->t); + curve25519_mul(r->y, p->y, p->z); + curve25519_mul(r->z, p->z, p->t); +} + +inline void +ge25519_p1p1_to_full(ge25519 *r, const ge25519_p1p1 *p) { + curve25519_mul(r->x, p->x, p->t); + curve25519_mul(r->y, p->y, p->z); + curve25519_mul(r->z, p->z, p->t); + curve25519_mul(r->t, p->x, p->y); +} + +void +ge25519_full_to_pniels(ge25519_pniels *p, const ge25519 *r) { + curve25519_sub(p->ysubx, r->y, r->x); + curve25519_add(p->xaddy, r->y, r->x); + curve25519_copy(p->z, r->z); + curve25519_mul(p->t2d, r->t, ge25519_ec2d); +} + +void +ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519 *q) { + bignum25519 a,b,c,d,t,u; + + curve25519_sub(a, p->y, p->x); + curve25519_add(b, p->y, p->x); + curve25519_sub(t, q->y, q->x); + curve25519_add(u, q->y, q->x); + curve25519_mul(a, a, t); + curve25519_mul(b, b, u); + curve25519_mul(c, p->t, q->t); + curve25519_mul(c, c, ge25519_ec2d); + curve25519_mul(d, p->z, q->z); + curve25519_add(d, d, d); + curve25519_sub(r->x, b, a); + curve25519_add(r->y, b, a); + curve25519_add_after_basic(r->z, d, c); + curve25519_sub_after_basic(r->t, d, c); +} + +void +ge25519_double_p1p1(ge25519_p1p1 *r, const ge25519 *p) { + bignum25519 a,b,c; + + curve25519_square(a, p->x); + curve25519_square(b, p->y); + curve25519_square(c, p->z); + curve25519_add_reduce(c, c, c); + curve25519_add(r->x, p->x, p->y); + curve25519_square(r->x, r->x); + curve25519_add(r->y, b, a); + curve25519_sub(r->z, b, a); + curve25519_sub_after_basic(r->x, r->x, r->y); + curve25519_sub_after_basic(r->t, c, r->z); +} + +void +ge25519_nielsadd2_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_niels *q, byte signbit) { + const bignum25519 *qb = (const bignum25519 *)q; + bignum25519 *rb = (bignum25519 *)r; + bignum25519 a,b,c; + + curve25519_sub(a, p->y, p->x); + curve25519_add(b, p->y, p->x); + curve25519_mul(a, a, qb[signbit]); /* x for +, y for - */ + curve25519_mul(r->x, b, qb[signbit^1]); /* y for +, x for - */ + curve25519_add(r->y, r->x, a); + curve25519_sub(r->x, r->x, a); + curve25519_mul(c, p->t, q->t2d); + curve25519_add_reduce(r->t, p->z, p->z); + curve25519_copy(r->z, r->t); + curve25519_add(rb[2+signbit], rb[2+signbit], c); /* z for +, t for - */ + curve25519_sub(rb[2+(signbit^1)], rb[2+(signbit^1)], c); /* t for +, z for - */ +} + +void +ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_pniels *q, byte signbit) { + const bignum25519 *qb = (const bignum25519 *)q; + bignum25519 *rb = (bignum25519 *)r; + bignum25519 a,b,c; + + curve25519_sub(a, p->y, p->x); + curve25519_add(b, p->y, p->x); + curve25519_mul(a, a, qb[signbit]); /* ysubx for +, xaddy for - */ + curve25519_mul(r->x, b, qb[signbit^1]); /* xaddy for +, ysubx for - */ + curve25519_add(r->y, r->x, a); + curve25519_sub(r->x, r->x, a); + curve25519_mul(c, p->t, q->t2d); + curve25519_mul(r->t, p->z, q->z); + curve25519_add_reduce(r->t, r->t, r->t); + curve25519_copy(r->z, r->t); + curve25519_add(rb[2+signbit], rb[2+signbit], c); /* z for +, t for - */ + curve25519_sub(rb[2+(signbit^1)], rb[2+(signbit^1)], c); /* t for +, z for - */ +} + +void +ge25519_double_partial(ge25519 *r, const ge25519 *p) { + ge25519_p1p1 t; + ge25519_double_p1p1(&t, p); + ge25519_p1p1_to_partial(r, &t); +} + +void +ge25519_double(ge25519 *r, const ge25519 *p) { + ge25519_p1p1 t; + ge25519_double_p1p1(&t, p); + ge25519_p1p1_to_full(r, &t); +} + +void +ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q) { + ge25519_p1p1 t; + ge25519_add_p1p1(&t, p, q); + ge25519_p1p1_to_full(r, &t); +} + +void +ge25519_nielsadd2(ge25519 *r, const ge25519_niels *q) { + bignum25519 a,b,c,e,f,g,h; + + curve25519_sub(a, r->y, r->x); + curve25519_add(b, r->y, r->x); + curve25519_mul(a, a, q->ysubx); + curve25519_mul(e, b, q->xaddy); + curve25519_add(h, e, a); + curve25519_sub(e, e, a); + curve25519_mul(c, r->t, q->t2d); + curve25519_add(f, r->z, r->z); + curve25519_add_after_basic(g, f, c); + curve25519_sub_after_basic(f, f, c); + curve25519_mul(r->x, e, f); + curve25519_mul(r->y, h, g); + curve25519_mul(r->z, g, f); + curve25519_mul(r->t, e, h); +} + +void +ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels *q) { + bignum25519 a,b,c,x,y,z,t; + + curve25519_sub(a, p->y, p->x); + curve25519_add(b, p->y, p->x); + curve25519_mul(a, a, q->ysubx); + curve25519_mul(x, b, q->xaddy); + curve25519_add(y, x, a); + curve25519_sub(x, x, a); + curve25519_mul(c, p->t, q->t2d); + curve25519_mul(t, p->z, q->z); + curve25519_add(t, t, t); + curve25519_add_after_basic(z, t, c); + curve25519_sub_after_basic(t, t, c); + curve25519_mul(r->xaddy, x, t); + curve25519_mul(r->ysubx, y, z); + curve25519_mul(r->z, z, t); + curve25519_mul(r->t2d, x, y); + curve25519_copy(y, r->ysubx); + curve25519_sub(r->ysubx, r->ysubx, r->xaddy); + curve25519_add(r->xaddy, r->xaddy, y); + curve25519_mul(r->t2d, r->t2d, ge25519_ec2d); +} + +void +ge25519_pack(byte r[32], const ge25519 *p) { + bignum25519 tx, ty, zi; + byte parity[32]; + curve25519_recip(zi, p->z); + curve25519_mul(tx, p->x, zi); + curve25519_mul(ty, p->y, zi); + curve25519_contract(r, ty); + curve25519_contract(parity, tx); + r[31] ^= ((parity[0] & 1) << 7); +} + +int +ed25519_verify(const unsigned char *x, const unsigned char *y, size_t len) { + size_t differentbits = 0; + while (len--) + differentbits |= (*x++ ^ *y++); + return (int) (1 & ((differentbits - 1) >> 8)); +} + +int +ge25519_unpack_negative_vartime(ge25519 *r, const byte p[32]) { + const byte zero[32] = {0}; + const bignum25519 one = {1}; + byte parity = p[31] >> 7; + byte check[32]; + bignum25519 t, root, num, den, d3; + + curve25519_expand(r->y, p); + curve25519_copy(r->z, one); + curve25519_square(num, r->y); /* x = y^2 */ + curve25519_mul(den, num, ge25519_ecd); /* den = dy^2 */ + curve25519_sub_reduce(num, num, r->z); /* x = y^1 - 1 */ + curve25519_add(den, den, r->z); /* den = dy^2 + 1 */ + + /* Computation of sqrt(num/den) */ + /* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */ + curve25519_square(t, den); + curve25519_mul(d3, t, den); + curve25519_square(r->x, d3); + curve25519_mul(r->x, r->x, den); + curve25519_mul(r->x, r->x, num); + curve25519_pow_two252m3(r->x, r->x); + + /* 2. computation of r->x = num * den^3 * (num*den^7)^((p-5)/8) */ + curve25519_mul(r->x, r->x, d3); + curve25519_mul(r->x, r->x, num); + + /* 3. Check if either of the roots works: */ + curve25519_square(t, r->x); + curve25519_mul(t, t, den); + curve25519_sub_reduce(root, t, num); + curve25519_contract(check, root); + if (!ed25519_verify(check, zero, 32)) { + curve25519_add_reduce(t, t, num); + curve25519_contract(check, t); + if (!ed25519_verify(check, zero, 32)) + return 0; + curve25519_mul(r->x, r->x, ge25519_sqrtneg1); + } + + curve25519_contract(check, r->x); + if ((check[0] & 1) == parity) { + curve25519_copy(t, r->x); + curve25519_neg(r->x, t); + } + curve25519_mul(r->t, r->x, r->y); + return 1; +} + +/* computes [s1]p1 + [s2]basepoint */ +void +ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) { + signed char slide1[256], slide2[256]; + ge25519_pniels pre1[S1_TABLE_SIZE]; + ge25519 d1; + ge25519_p1p1 t; + sword32 i; + + contract256_slidingwindow_modm(slide1, s1, S1_SWINDOWSIZE); + contract256_slidingwindow_modm(slide2, s2, S2_SWINDOWSIZE); + + ge25519_double(&d1, p1); + ge25519_full_to_pniels(pre1, p1); + for (i = 0; i < S1_TABLE_SIZE - 1; i++) + ge25519_pnielsadd(&pre1[i+1], &d1, &pre1[i]); + + /* set neutral */ + memset(r, 0, sizeof(ge25519)); + r->y[0] = 1; + r->z[0] = 1; + + i = 255; + while ((i >= 0) && !(slide1[i] | slide2[i])) + i--; + + for (; i >= 0; i--) { + ge25519_double_p1p1(&t, r); + + if (slide1[i]) { + ge25519_p1p1_to_full(r, &t); + ge25519_pnielsadd_p1p1(&t, r, &pre1[abs(slide1[i]) / 2], (byte)slide1[i] >> 7); + } + + if (slide2[i]) { + ge25519_p1p1_to_full(r, &t); + ge25519_nielsadd2_p1p1(&t, r, &ge25519_niels_sliding_multiples[abs(slide2[i]) / 2], (byte)slide2[i] >> 7); + } + + ge25519_p1p1_to_partial(r, &t); + } +} + +#if !defined(HAVE_GE25519_SCALARMULT_BASE_CHOOSE_NIELS) + +word32 +ge25519_windowb_equal(word32 b, word32 c) { + return ((b ^ c) - 1) >> 31; +} + +void +ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const byte table[256][96], word32 pos, signed char b) { + bignum25519 neg; + word32 sign = (word32)((byte)b >> 7); + word32 mask = ~(sign - 1); + word32 u = (b + mask) ^ mask; + word32 i; + + /* ysubx, xaddy, t2d in packed form. initialize to ysubx = 1, xaddy = 1, t2d = 0 */ + byte packed[96] = {0}; + packed[0] = 1; + packed[32] = 1; + + for (i = 0; i < 8; i++) + curve25519_move_conditional_bytes(packed, table[(pos * 8) + i], ge25519_windowb_equal(u, i + 1)); + + /* expand in to t */ + curve25519_expand(t->ysubx, packed + 0); + curve25519_expand(t->xaddy, packed + 32); + curve25519_expand(t->t2d , packed + 64); + + /* adjust for sign */ + curve25519_swap_conditional(t->ysubx, t->xaddy, sign); + curve25519_neg(neg, t->t2d); + curve25519_swap_conditional(t->t2d, neg, sign); +} + +#endif /* HAVE_GE25519_SCALARMULT_BASE_CHOOSE_NIELS */ + +/* computes [s]basepoint */ +void +ge25519_scalarmult_base_niels(ge25519 *r, const byte basepoint_table[256][96], const bignum256modm s) { + signed char b[64]; + word32 i; + ge25519_niels t; + + contract256_window4_modm(b, s); + + ge25519_scalarmult_base_choose_niels(&t, basepoint_table, 0, b[1]); + curve25519_sub_reduce(r->x, t.xaddy, t.ysubx); + curve25519_add_reduce(r->y, t.xaddy, t.ysubx); + memset(r->z, 0, sizeof(bignum25519)); + curve25519_copy(r->t, t.t2d); + r->z[0] = 2; + for (i = 3; i < 64; i += 2) { + ge25519_scalarmult_base_choose_niels(&t, basepoint_table, i / 2, b[i]); + ge25519_nielsadd2(r, &t); + } + ge25519_double_partial(r, r); + ge25519_double_partial(r, r); + ge25519_double_partial(r, r); + ge25519_double(r, r); + ge25519_scalarmult_base_choose_niels(&t, basepoint_table, 0, b[0]); + curve25519_mul(t.t2d, t.t2d, ge25519_ecd); + ge25519_nielsadd2(r, &t); + for(i = 2; i < 64; i += 2) { + ge25519_scalarmult_base_choose_niels(&t, basepoint_table, i / 2, b[i]); + ge25519_nielsadd2(r, &t); + } +} + +ANONYMOUS_NAMESPACE_END +NAMESPACE_END // Ed25519 +NAMESPACE_END // Donna +NAMESPACE_END // CryptoPP + +//***************************** curve25519 *****************************// + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Donna) + +int curve25519_mult_CXX(byte sharedKey[32], const byte secretKey[32], const byte othersKey[32]) +{ + using namespace CryptoPP::Donna::X25519; + + FixedSizeSecBlock e; + for (size_t i = 0;i < 32;++i) + e[i] = secretKey[i]; + e[0] &= 0xf8; e[31] &= 0x7f; e[31] |= 0x40; + + bignum25519 nqpqx = {1}, nqpqz = {0}, nqz = {1}, nqx; + bignum25519 q, qx, qpqx, qqx, zzz, zmone; + size_t bit, lastbit; + + curve25519_expand(q, othersKey); + curve25519_copy(nqx, q); + + /* bit 255 is always 0, and bit 254 is always 1, so skip bit 255 and + start pre-swapped on bit 254 */ + lastbit = 1; + + /* we are doing bits 254..3 in the loop, but are swapping in bits 253..2 */ + for (int i = 253; i >= 2; i--) { + curve25519_add(qx, nqx, nqz); + curve25519_sub(nqz, nqx, nqz); + curve25519_add(qpqx, nqpqx, nqpqz); + curve25519_sub(nqpqz, nqpqx, nqpqz); + curve25519_mul(nqpqx, qpqx, nqz); + curve25519_mul(nqpqz, qx, nqpqz); + curve25519_add(qqx, nqpqx, nqpqz); + curve25519_sub(nqpqz, nqpqx, nqpqz); + curve25519_square(nqpqz, nqpqz); + curve25519_square(nqpqx, qqx); + curve25519_mul(nqpqz, nqpqz, q); + curve25519_square(qx, qx); + curve25519_square(nqz, nqz); + curve25519_mul(nqx, qx, nqz); + curve25519_sub(nqz, qx, nqz); + curve25519_scalar_product(zzz, nqz, 121665); + curve25519_add(zzz, zzz, qx); + curve25519_mul(nqz, nqz, zzz); + + bit = (e[i/8] >> (i & 7)) & 1; + curve25519_swap_conditional(nqx, nqpqx, bit ^ lastbit); + curve25519_swap_conditional(nqz, nqpqz, bit ^ lastbit); + lastbit = bit; + } + + /* the final 3 bits are always zero, so we only need to double */ + for (int i = 0; i < 3; i++) { + curve25519_add(qx, nqx, nqz); + curve25519_sub(nqz, nqx, nqz); + curve25519_square(qx, qx); + curve25519_square(nqz, nqz); + curve25519_mul(nqx, qx, nqz); + curve25519_sub(nqz, qx, nqz); + curve25519_scalar_product(zzz, nqz, 121665); + curve25519_add(zzz, zzz, qx); + curve25519_mul(nqz, nqz, zzz); + } + + curve25519_recip(zmone, nqz); + curve25519_mul(nqz, nqx, zmone); + curve25519_contract(sharedKey, nqz); + + return 0; +} + +int curve25519_mult(byte publicKey[32], const byte secretKey[32]) +{ + using namespace CryptoPP::Donna::X25519; + +#if (CRYPTOPP_CURVE25519_SSE2) + if (HasSSE2()) + return curve25519_mult_SSE2(publicKey, secretKey, basePoint); + else +#endif + + return curve25519_mult_CXX(publicKey, secretKey, basePoint); +} + +int curve25519_mult(byte sharedKey[32], const byte secretKey[32], const byte othersKey[32]) +{ +#if (CRYPTOPP_CURVE25519_SSE2) + if (HasSSE2()) + return curve25519_mult_SSE2(sharedKey, secretKey, othersKey); + else +#endif + + return curve25519_mult_CXX(sharedKey, secretKey, othersKey); +} + +NAMESPACE_END // Donna +NAMESPACE_END // CryptoPP + +//******************************* ed25519 *******************************// + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Donna) + +int +ed25519_publickey_CXX(byte publicKey[32], const byte secretKey[32]) +{ + using namespace CryptoPP::Donna::Ed25519; + + bignum256modm a; + ALIGN(16) ge25519 A; + hash_512bits extsk; + + /* A = aB */ + ed25519_extsk(extsk, secretKey); + expand256_modm(a, extsk, 32); + ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a); + ge25519_pack(publicKey, &A); + + return 0; +} + +int +ed25519_publickey(byte publicKey[32], const byte secretKey[32]) +{ + return ed25519_publickey_CXX(publicKey, secretKey); +} + +int +ed25519_sign_CXX(const byte *m, size_t mlen, const byte sk[32], const byte pk[32], byte RS[64]) +{ + using namespace CryptoPP::Donna::Ed25519; + + bignum256modm r, S, a; + ALIGN(16) ge25519 R; + hash_512bits extsk, hashr, hram; + + ed25519_extsk(extsk, sk); + + /* r = H(aExt[32..64], m) */ + SHA512 hash; + hash.Update(extsk + 32, 32); + hash.Update(m, mlen); + hash.Final(hashr); + expand256_modm(r, hashr, 64); + + /* R = rB */ + ge25519_scalarmult_base_niels(&R, ge25519_niels_base_multiples, r); + ge25519_pack(RS, &R); + + /* S = H(R,A,m).. */ + ed25519_hram(hram, RS, pk, m, mlen); + expand256_modm(S, hram, 64); + + /* S = H(R,A,m)a */ + expand256_modm(a, extsk, 32); + mul256_modm(S, S, a); + + /* S = (r + H(R,A,m)a) */ + add256_modm(S, S, r); + + /* S = (r + H(R,A,m)a) mod L */ + contract256_modm(RS + 32, S); + + return 0; +} + +int +ed25519_sign(const byte* message, size_t messageLength, const byte secretKey[32], + const byte publicKey[32], byte signature[64]) +{ + return ed25519_sign_CXX(message, messageLength, secretKey, publicKey, signature); +} + +int +ed25519_sign_open_CXX(const byte *m, size_t mlen, const byte pk[32], const byte RS[64]) { + + using namespace CryptoPP::Donna::Ed25519; + + ALIGN(16) ge25519 R, A; + hash_512bits hash; + bignum256modm hram, S; + unsigned char checkR[32]; + + if ((RS[63] & 224) || !ge25519_unpack_negative_vartime(&A, pk)) + return -1; + + /* hram = H(R,A,m) */ + ed25519_hram(hash, RS, pk, m, mlen); + expand256_modm(hram, hash, 64); + + /* S */ + expand256_modm(S, RS + 32, 32); + + /* SB - H(R,A,m)A */ + ge25519_double_scalarmult_vartime(&R, &A, hram, S); + ge25519_pack(checkR, &R); + + /* check that R = SB - H(R,A,m)A */ + return ed25519_verify(RS, checkR, 32) ? 0 : -1; +} + +int +ed25519_sign_open(const byte *message, size_t messageLength, const byte publicKey[32], const byte signature[64]) +{ + return ed25519_sign_open_CXX(message, messageLength, publicKey, signature); +} + +NAMESPACE_END // Donna +NAMESPACE_END // CryptoPP + +#endif // CRYPTOPP_CURVE25519_32BIT diff --git a/vendor/cryptopp/vendor_cryptopp/donna_32.h b/vendor/cryptopp/vendor_cryptopp/donna_32.h new file mode 100644 index 00000000..dc9b91e5 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/donna_32.h @@ -0,0 +1,411 @@ +// donna_32.h - written and placed in public domain by Jeffrey Walton +// Crypto++ specific implementation wrapped around Andrew +// Moon's public domain curve25519-donna and ed25519-donna, +// https://github.com/floodyberry/curve25519-donna and +// https://github.com/floodyberry/ed25519-donna. + +// This source file multiplexes two different repos using namespaces. This +// was a little easier from a project management standpoint. We only need +// two files per architecture at the expense of namespaces and bloat. + +#ifndef CRYPTOPP_DONNA_32_H +#define CRYPTOPP_DONNA_32_H +#ifndef CRYPTOPP_DOXYGEN_PROCESSING + +#include "config.h" + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Donna) +NAMESPACE_BEGIN(Arch32) + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::word64; + +// ******************** x25519 Agreement ************************* // + +#define ALIGN(n) CRYPTOPP_ALIGN_DATA(n) +#define mul32x32_64(a,b) (((word64)(a))*(b)) + +typedef word32 bignum25519[10]; + +const byte basePoint[32] = {9}; +const word32 reduce_mask_25 = (1 << 25) - 1; +const word32 reduce_mask_26 = (1 << 26) - 1; + +// ****************** ed25519 Signatures *********************** // + +typedef byte hash_512bits[64]; + +const int bignum256modm_bits_per_limb = 30; +const int bignum256modm_limb_size = 9; +typedef word32 bignum256modm_element_t; +typedef bignum256modm_element_t bignum256modm[9]; + +struct ge25519 { + bignum25519 x, y, z, t; +}; + +struct ge25519_p1p1 { + bignum25519 x, y, z, t; +}; + +struct ge25519_niels { + bignum25519 ysubx, xaddy, t2d; +}; + +struct ge25519_pniels { + bignum25519 ysubx, xaddy, z, t2d; +}; + +#define S1_SWINDOWSIZE 5 +#define S1_TABLE_SIZE (1<<(S1_SWINDOWSIZE-2)) +#define S2_SWINDOWSIZE 7 +#define S2_TABLE_SIZE (1<<(S2_SWINDOWSIZE-2)) + +// *************** ed25519-donna-32bit-tables.h *************** // + +ALIGN(16) const ge25519 ge25519_basepoint = { + {0x0325d51a,0x018b5823,0x00f6592a,0x0104a92d,0x01a4b31d,0x01d6dc5c,0x027118fe,0x007fd814,0x013cd6e5,0x0085a4db}, + {0x02666658,0x01999999,0x00cccccc,0x01333333,0x01999999,0x00666666,0x03333333,0x00cccccc,0x02666666,0x01999999}, + {0x00000001,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000,0x00000000}, + {0x01b7dda3,0x01a2ace9,0x025eadbb,0x0003ba8a,0x0083c27e,0x00abe37d,0x01274732,0x00ccacdd,0x00fd78b7,0x019e1d7c} +}; + +ALIGN(16) const bignum25519 ge25519_ecd = { + 0x035978a3,0x00d37284,0x03156ebd,0x006a0a0e,0x0001c029,0x0179e898,0x03a03cbb,0x01ce7198,0x02e2b6ff,0x01480db3 +}; + +ALIGN(16) const bignum25519 ge25519_ec2d = { + 0x02b2f159,0x01a6e509,0x022add7a,0x00d4141d,0x00038052,0x00f3d130,0x03407977,0x019ce331,0x01c56dff,0x00901b67 +}; + +ALIGN(16) const bignum25519 ge25519_sqrtneg1 = { + 0x020ea0b0,0x0186c9d2,0x008f189d,0x0035697f,0x00bd0c60,0x01fbd7a7,0x02804c9e,0x01e16569,0x0004fc1d,0x00ae0c92 +}; + +ALIGN(16) const ge25519_niels ge25519_niels_sliding_multiples[32] = { + {{0x0340913e,0x000e4175,0x03d673a2,0x002e8a05,0x03f4e67c,0x008f8a09,0x00c21a34,0x004cf4b8,0x01298f81,0x0113f4be},{0x018c3b85,0x0124f1bd,0x01c325f7,0x0037dc60,0x033e4cb7,0x003d42c2,0x01a44c32,0x014ca4e1,0x03a33d4b,0x001f3e74},{0x037aaa68,0x00448161,0x0093d579,0x011e6556,0x009b67a0,0x0143598c,0x01bee5ee,0x00b50b43,0x0289f0c6,0x01bc45ed}}, + {{0x00fcd265,0x0047fa29,0x034faacc,0x01ef2e0d,0x00ef4d4f,0x014bd6bd,0x00f98d10,0x014c5026,0x007555bd,0x00aae456},{0x00ee9730,0x016c2a13,0x017155e4,0x01874432,0x00096a10,0x01016732,0x01a8014f,0x011e9823,0x01b9a80f,0x01e85938},{0x01d0d889,0x01a4cfc3,0x034c4295,0x0110e1ae,0x0162508c,0x00f2db4c,0x0072a2c6,0x0098da2e,0x02f12b9b,0x0168a09a}}, + {{0x0047d6ba,0x0060b0e9,0x0136eff2,0x008a5939,0x03540053,0x0064a087,0x02788e5c,0x00be7c67,0x033eb1b5,0x005529f9},{0x00a5bb33,0x00af1102,0x01a05442,0x001e3af7,0x02354123,0x00bfec44,0x01f5862d,0x00dd7ba3,0x03146e20,0x00a51733},{0x012a8285,0x00f6fc60,0x023f9797,0x003e85ee,0x009c3820,0x01bda72d,0x01b3858d,0x00d35683,0x0296b3bb,0x010eaaf9}}, + {{0x023221b1,0x01cb26aa,0x0074f74d,0x0099ddd1,0x01b28085,0x00192c3a,0x013b27c9,0x00fc13bd,0x01d2e531,0x0075bb75},{0x004ea3bf,0x00973425,0x001a4d63,0x01d59cee,0x01d1c0d4,0x00542e49,0x01294114,0x004fce36,0x029283c9,0x01186fa9},{0x01b8b3a2,0x00db7200,0x00935e30,0x003829f5,0x02cc0d7d,0x0077adf3,0x0220dd2c,0x0014ea53,0x01c6a0f9,0x01ea7eec}}, + {{0x039d8064,0x01885f80,0x00337e6d,0x01b7a902,0x02628206,0x015eb044,0x01e30473,0x0191f2d9,0x011fadc9,0x01270169},{0x02a8632f,0x0199e2a9,0x00d8b365,0x017a8de2,0x02994279,0x0086f5b5,0x0119e4e3,0x01eb39d6,0x0338add7,0x00d2e7b4},{0x0045af1b,0x013a2fe4,0x0245e0d6,0x014538ce,0x038bfe0f,0x01d4cf16,0x037e14c9,0x0160d55e,0x0021b008,0x01cf05c8}}, + {{0x01864348,0x01d6c092,0x0070262b,0x014bb844,0x00fb5acd,0x008deb95,0x003aaab5,0x00eff474,0x00029d5c,0x0062ad66},{0x02802ade,0x01c02122,0x01c4e5f7,0x00781181,0x039767fb,0x01703406,0x0342388b,0x01f5e227,0x022546d8,0x0109d6ab},{0x016089e9,0x00cb317f,0x00949b05,0x01099417,0x000c7ad2,0x011a8622,0x0088ccda,0x01290886,0x022b53df,0x00f71954}}, + {{0x027fbf93,0x01c04ecc,0x01ed6a0d,0x004cdbbb,0x02bbf3af,0x00ad5968,0x01591955,0x0094f3a2,0x02d17602,0x00099e20},{0x02007f6d,0x003088a8,0x03db77ee,0x00d5ade6,0x02fe12ce,0x0107ba07,0x0107097d,0x00482a6f,0x02ec346f,0x008d3f5f},{0x032ea378,0x0028465c,0x028e2a6c,0x018efc6e,0x0090df9a,0x01a7e533,0x039bfc48,0x010c745d,0x03daa097,0x0125ee9b}}, + {{0x028ccf0b,0x00f36191,0x021ac081,0x012154c8,0x034e0a6e,0x01b25192,0x00180403,0x01d7eea1,0x00218d05,0x010ed735},{0x03cfeaa0,0x01b300c4,0x008da499,0x0068c4e1,0x0219230a,0x01f2d4d0,0x02defd60,0x00e565b7,0x017f12de,0x018788a4},{0x03d0b516,0x009d8be6,0x03ddcbb3,0x0071b9fe,0x03ace2bd,0x01d64270,0x032d3ec9,0x01084065,0x0210ae4d,0x01447584}}, + {{0x0020de87,0x00e19211,0x01b68102,0x00b5ac97,0x022873c0,0x01942d25,0x01271394,0x0102073f,0x02fe2482,0x01c69ff9},{0x010e9d81,0x019dbbe5,0x0089f258,0x006e06b8,0x02951883,0x018f1248,0x019b3237,0x00bc7553,0x024ddb85,0x01b4c964},{0x01c8c854,0x0060ae29,0x01406d8e,0x01cff2f9,0x00cff451,0x01778d0c,0x03ac8c41,0x01552e59,0x036559ee,0x011d1b12}}, + {{0x00741147,0x0151b219,0x01092690,0x00e877e6,0x01f4d6bb,0x0072a332,0x01cd3b03,0x00dadff2,0x0097db5e,0x0086598d},{0x01c69a2b,0x01decf1b,0x02c2fa6e,0x013b7c4f,0x037beac8,0x013a16b5,0x028e7bda,0x01f6e8ac,0x01e34fe9,0x01726947},{0x01f10e67,0x003c73de,0x022b7ea2,0x010f32c2,0x03ff776a,0x00142277,0x01d38b88,0x00776138,0x03c60822,0x01201140}}, + {{0x0236d175,0x0008748e,0x03c6476d,0x013f4cdc,0x02eed02a,0x00838a47,0x032e7210,0x018bcbb3,0x00858de4,0x01dc7826},{0x00a37fc7,0x0127b40b,0x01957884,0x011d30ad,0x02816683,0x016e0e23,0x00b76be4,0x012db115,0x02516506,0x0154ce62},{0x00451edf,0x00bd749e,0x03997342,0x01cc2c4c,0x00eb6975,0x01a59508,0x03a516cf,0x00c228ef,0x0168ff5a,0x01697b47}}, + {{0x00527359,0x01783156,0x03afd75c,0x00ce56dc,0x00e4b970,0x001cabe9,0x029e0f6d,0x0188850c,0x0135fefd,0x00066d80},{0x02150e83,0x01448abf,0x02bb0232,0x012bf259,0x033c8268,0x00711e20,0x03fc148f,0x005e0e70,0x017d8bf9,0x0112b2e2},{0x02134b83,0x001a0517,0x0182c3cc,0x00792182,0x0313d799,0x001a3ed7,0x0344547e,0x01f24a0d,0x03de6ad2,0x00543127}}, + {{0x00dca868,0x00618f27,0x015a1709,0x00ddc38a,0x0320fd13,0x0036168d,0x0371ab06,0x01783fc7,0x0391e05f,0x01e29b5d},{0x01471138,0x00fca542,0x00ca31cf,0x01ca7bad,0x0175bfbc,0x01a708ad,0x03bce212,0x01244215,0x0075bb99,0x01acad68},{0x03a0b976,0x01dc12d1,0x011aab17,0x00aba0ba,0x029806cd,0x0142f590,0x018fd8ea,0x01a01545,0x03c4ad55,0x01c971ff}}, + {{0x00d098c0,0x000afdc7,0x006cd230,0x01276af3,0x03f905b2,0x0102994c,0x002eb8a4,0x015cfbeb,0x025f855f,0x01335518},{0x01cf99b2,0x0099c574,0x01a69c88,0x00881510,0x01cd4b54,0x0112109f,0x008abdc5,0x0074647a,0x0277cb1f,0x01e53324},{0x02ac5053,0x01b109b0,0x024b095e,0x016997b3,0x02f26bb6,0x00311021,0x00197885,0x01d0a55a,0x03b6fcc8,0x01c020d5}}, + {{0x02584a34,0x00e7eee0,0x03257a03,0x011e95a3,0x011ead91,0x00536202,0x00b1ce24,0x008516c6,0x03669d6d,0x004ea4a8},{0x00773f01,0x0019c9ce,0x019f6171,0x01d4afde,0x02e33323,0x01ad29b6,0x02ead1dc,0x01ed51a5,0x01851ad0,0x001bbdfa},{0x00577de5,0x00ddc730,0x038b9952,0x00f281ae,0x01d50390,0x0002e071,0x000780ec,0x010d448d,0x01f8a2af,0x00f0a5b7}}, + {{0x031f2541,0x00d34bae,0x0323ff9d,0x003a056d,0x02e25443,0x00a1ad05,0x00d1bee8,0x002f7f8e,0x03007477,0x002a24b1},{0x0114a713,0x01457e76,0x032255d5,0x01cc647f,0x02a4bdef,0x0153d730,0x00118bcf,0x00f755ff,0x013490c7,0x01ea674e},{0x02bda3e8,0x00bb490d,0x00f291ea,0x000abf40,0x01dea321,0x002f9ce0,0x00b2b193,0x00fa54b5,0x0128302f,0x00a19d8b}}, + {{0x022ef5bd,0x01638af3,0x038c6f8a,0x01a33a3d,0x039261b2,0x01bb89b8,0x010bcf9d,0x00cf42a9,0x023d6f17,0x01da1bca},{0x00e35b25,0x000d824f,0x0152e9cf,0x00ed935d,0x020b8460,0x01c7b83f,0x00c969e5,0x01a74198,0x0046a9d9,0x00cbc768},{0x01597c6a,0x0144a99b,0x00a57551,0x0018269c,0x023c464c,0x0009b022,0x00ee39e1,0x0114c7f2,0x038a9ad2,0x01584c17}}, + {{0x03b0c0d5,0x00b30a39,0x038a6ce4,0x01ded83a,0x01c277a6,0x01010a61,0x0346d3eb,0x018d995e,0x02f2c57c,0x000c286b},{0x0092aed1,0x0125e37b,0x027ca201,0x001a6b6b,0x03290f55,0x0047ba48,0x018d916c,0x01a59062,0x013e35d4,0x0002abb1},{0x003ad2aa,0x007ddcc0,0x00c10f76,0x0001590b,0x002cfca6,0x000ed23e,0x00ee4329,0x00900f04,0x01c24065,0x0082fa70}}, + {{0x02025e60,0x003912b8,0x0327041c,0x017e5ee5,0x02c0ecec,0x015a0d1c,0x02b1ce7c,0x0062220b,0x0145067e,0x01a5d931},{0x009673a6,0x00e1f609,0x00927c2a,0x016faa37,0x01650ef0,0x016f63b5,0x03cd40e1,0x003bc38f,0x0361f0ac,0x01d42acc},{0x02f81037,0x008ca0e8,0x017e23d1,0x011debfe,0x01bcbb68,0x002e2563,0x03e8add6,0x000816e5,0x03fb7075,0x0153e5ac}}, + {{0x02b11ecd,0x016bf185,0x008f22ef,0x00e7d2bb,0x0225d92e,0x00ece785,0x00508873,0x017e16f5,0x01fbe85d,0x01e39a0e},{0x01669279,0x017c810a,0x024941f5,0x0023ebeb,0x00eb7688,0x005760f1,0x02ca4146,0x0073cde7,0x0052bb75,0x00f5ffa7},{0x03b8856b,0x00cb7dcd,0x02f14e06,0x001820d0,0x01d74175,0x00e59e22,0x03fba550,0x00484641,0x03350088,0x01c3c9a3}}, + {{0x00dcf355,0x0104481c,0x0022e464,0x01f73fe7,0x00e03325,0x0152b698,0x02ef769a,0x00973663,0x00039b8c,0x0101395b},{0x01805f47,0x019160ec,0x03832cd0,0x008b06eb,0x03d4d717,0x004cb006,0x03a75b8f,0x013b3d30,0x01cfad88,0x01f034d1},{0x0078338a,0x01c7d2e3,0x02bc2b23,0x018b3f05,0x0280d9aa,0x005f3d44,0x0220a95a,0x00eeeb97,0x0362aaec,0x00835d51}}, + {{0x01b9f543,0x013fac4d,0x02ad93ae,0x018ef464,0x0212cdf7,0x01138ba9,0x011583ab,0x019c3d26,0x028790b4,0x00e2e2b6},{0x033bb758,0x01f0dbf1,0x03734bd1,0x0129b1e5,0x02b3950e,0x003bc922,0x01a53ec8,0x018c5532,0x006f3cee,0x00ae3c79},{0x0351f95d,0x0012a737,0x03d596b8,0x017658fe,0x00ace54a,0x008b66da,0x0036c599,0x012a63a2,0x032ceba1,0x00126bac}}, + {{0x03dcfe7e,0x019f4f18,0x01c81aee,0x0044bc2b,0x00827165,0x014f7c13,0x03b430f0,0x00bf96cc,0x020c8d62,0x01471997},{0x01fc7931,0x001f42dd,0x00ba754a,0x005bd339,0x003fbe49,0x016b3930,0x012a159c,0x009f83b0,0x03530f67,0x01e57b85},{0x02ecbd81,0x0096c294,0x01fce4a9,0x017701a5,0x0175047d,0x00ee4a31,0x012686e5,0x008efcd4,0x0349dc54,0x01b3466f}}, + {{0x02179ca3,0x01d86414,0x03f0afd0,0x00305964,0x015c7428,0x0099711e,0x015d5442,0x00c71014,0x01b40b2e,0x01d483cf},{0x01afc386,0x01984859,0x036203ff,0x0045c6a8,0x0020a8aa,0x00990baa,0x03313f10,0x007ceede,0x027429e4,0x017806ce},{0x039357a1,0x0142f8f4,0x0294a7b6,0x00eaccf4,0x0259edb3,0x01311e6e,0x004d326f,0x0130c346,0x01ccef3c,0x01c424b2}}, + {{0x0364918c,0x00148fc0,0x01638a7b,0x01a1fd5b,0x028ad013,0x0081e5a4,0x01a54f33,0x0174e101,0x003d0257,0x003a856c},{0x00051dcf,0x00f62b1d,0x0143d0ad,0x0042adbd,0x000fda90,0x01743ceb,0x0173e5e4,0x017bc749,0x03b7137a,0x0105ce96},{0x00f9218a,0x015b8c7c,0x00e102f8,0x0158d7e2,0x0169a5b8,0x00b2f176,0x018b347a,0x014cfef2,0x0214a4e3,0x017f1595}}, + {{0x006d7ae5,0x0195c371,0x0391e26d,0x0062a7c6,0x003f42ab,0x010dad86,0x024f8198,0x01542b2a,0x0014c454,0x0189c471},{0x0390988e,0x00b8799d,0x02e44912,0x0078e2e6,0x00075654,0x01923eed,0x0040cd72,0x00a37c76,0x0009d466,0x00c8531d},{0x02651770,0x00609d01,0x0286c265,0x0134513c,0x00ee9281,0x005d223c,0x035c760c,0x00679b36,0x0073ecb8,0x016faa50}}, + {{0x02c89be4,0x016fc244,0x02f38c83,0x018beb72,0x02b3ce2c,0x0097b065,0x034f017b,0x01dd957f,0x00148f61,0x00eab357},{0x0343d2f8,0x003398fc,0x011e368e,0x00782a1f,0x00019eea,0x00117b6f,0x0128d0d1,0x01a5e6bb,0x01944f1b,0x012b41e1},{0x03318301,0x018ecd30,0x0104d0b1,0x0038398b,0x03726701,0x019da88c,0x002d9769,0x00a7a681,0x031d9028,0x00ebfc32}}, + {{0x0220405e,0x0171face,0x02d930f8,0x017f6d6a,0x023b8c47,0x0129d5f9,0x02972456,0x00a3a524,0x006f4cd2,0x004439fa},{0x00c53505,0x0190c2fd,0x00507244,0x009930f9,0x01a39270,0x01d327c6,0x0399bc47,0x01cfe13d,0x0332bd99,0x00b33e7d},{0x0203f5e4,0x003627b5,0x00018af8,0x01478581,0x004a2218,0x002e3bb7,0x039384d0,0x0146ea62,0x020b9693,0x0017155f}}, + {{0x03c97e6f,0x00738c47,0x03b5db1f,0x01808fcf,0x01e8fc98,0x01ed25dd,0x01bf5045,0x00eb5c2b,0x0178fe98,0x01b85530},{0x01c20eb0,0x01aeec22,0x030b9eee,0x01b7d07e,0x0187e16f,0x014421fb,0x009fa731,0x0040b6d7,0x00841861,0x00a27fbc},{0x02d69abf,0x0058cdbf,0x0129f9ec,0x013c19ae,0x026c5b93,0x013a7fe7,0x004bb2ba,0x0063226f,0x002a95ca,0x01abefd9}}, + {{0x02f5d2c1,0x00378318,0x03734fb5,0x01258073,0x0263f0f6,0x01ad70e0,0x01b56d06,0x01188fbd,0x011b9503,0x0036d2e1},{0x0113a8cc,0x01541c3e,0x02ac2bbc,0x01d95867,0x01f47459,0x00ead489,0x00ab5b48,0x01db3b45,0x00edb801,0x004b024f},{0x00b8190f,0x011fe4c2,0x00621f82,0x010508d7,0x001a5a76,0x00c7d7fd,0x03aab96d,0x019cd9dc,0x019c6635,0x00ceaa1e}}, + {{0x01085cf2,0x01fd47af,0x03e3f5e1,0x004b3e99,0x01e3d46a,0x0060033c,0x015ff0a8,0x0150cdd8,0x029e8e21,0x008cf1bc},{0x00156cb1,0x003d623f,0x01a4f069,0x00d8d053,0x01b68aea,0x01ca5ab6,0x0316ae43,0x0134dc44,0x001c8d58,0x0084b343},{0x0318c781,0x0135441f,0x03a51a5e,0x019293f4,0x0048bb37,0x013d3341,0x0143151e,0x019c74e1,0x00911914,0x0076ddde}}, + {{0x006bc26f,0x00d48e5f,0x00227bbe,0x00629ea8,0x01ea5f8b,0x0179a330,0x027a1d5f,0x01bf8f8e,0x02d26e2a,0x00c6b65e},{0x01701ab6,0x0051da77,0x01b4b667,0x00a0ce7c,0x038ae37b,0x012ac852,0x03a0b0fe,0x0097c2bb,0x00a017d2,0x01eb8b2a},{0x0120b962,0x0005fb42,0x0353b6fd,0x0061f8ce,0x007a1463,0x01560a64,0x00e0a792,0x01907c92,0x013a6622,0x007b47f1}} +}; + +// *************** modm-donna-32bit.h *************** // + +const bignum256modm modm_m = { + 0x1cf5d3ed, 0x20498c69, 0x2f79cd65, 0x37be77a8, + 0x00000014, 0x00000000, 0x00000000, 0x00000000, + 0x00001000 +}; + +const bignum256modm modm_mu = { + 0x0a2c131b, 0x3673968c, 0x06329a7e, 0x01885742, + 0x3fffeb21, 0x3fffffff, 0x3fffffff, 0x3fffffff, + 0x000fffff +}; + +/* multiples of p */ +const word32 twoP0 = 0x07ffffda; +const word32 twoP13579 = 0x03fffffe; +const word32 twoP2468 = 0x07fffffe; +const word32 fourP0 = 0x0fffffb4; +const word32 fourP13579 = 0x07fffffc; +const word32 fourP2468 = 0x0ffffffc; + +// *************** ed25519-donna-basepoint-table.h *************** // + +/* multiples of the base point in packed {ysubx, xaddy, t2d} form */ +ALIGN(16) const byte ge25519_niels_base_multiples[256][96] = { + {0x3e,0x91,0x40,0xd7,0x05,0x39,0x10,0x9d,0xb3,0xbe,0x40,0xd1,0x05,0x9f,0x39,0xfd,0x09,0x8a,0x8f,0x68,0x34,0x84,0xc1,0xa5,0x67,0x12,0xf8,0x98,0x92,0x2f,0xfd,0x44,0x85,0x3b,0x8c,0xf5,0xc6,0x93,0xbc,0x2f,0x19,0x0e,0x8c,0xfb,0xc6,0x2d,0x93,0xcf,0xc2,0x42,0x3d,0x64,0x98,0x48,0x0b,0x27,0x65,0xba,0xd4,0x33,0x3a,0x9d,0xcf,0x07,0x59,0xbb,0x6f,0x4b,0x67,0x15,0xbd,0xdb,0xea,0xa5,0xa2,0xee,0x00,0x3f,0xe1,0x41,0xfa,0xc6,0x57,0xc9,0x1c,0x9d,0xd4,0xcd,0xca,0xec,0x16,0xaf,0x1f,0xbe,0x0e,0x4f}, + {0xa8,0xd5,0xb4,0x42,0x60,0xa5,0x99,0x8a,0xf6,0xac,0x60,0x4e,0x0c,0x81,0x2b,0x8f,0xaa,0x37,0x6e,0xb1,0x6b,0x23,0x9e,0xe0,0x55,0x25,0xc9,0x69,0xa6,0x95,0xb5,0x6b,0xd7,0x71,0x3c,0x93,0xfc,0xe7,0x24,0x92,0xb5,0xf5,0x0f,0x7a,0x96,0x9d,0x46,0x9f,0x02,0x07,0xd6,0xe1,0x65,0x9a,0xa6,0x5a,0x2e,0x2e,0x7d,0xa8,0x3f,0x06,0x0c,0x59,0x02,0x68,0xd3,0xda,0xaa,0x7e,0x34,0x6e,0x05,0x48,0xee,0x83,0x93,0x59,0xf3,0xba,0x26,0x68,0x07,0xe6,0x10,0xbe,0xca,0x3b,0xb8,0xd1,0x5e,0x16,0x0a,0x4f,0x31,0x49}, + {0x65,0xd2,0xfc,0xa4,0xe8,0x1f,0x61,0x56,0x7d,0xba,0xc1,0xe5,0xfd,0x53,0xd3,0x3b,0xbd,0xd6,0x4b,0x21,0x1a,0xf3,0x31,0x81,0x62,0xda,0x5b,0x55,0x87,0x15,0xb9,0x2a,0x30,0x97,0xee,0x4c,0xa8,0xb0,0x25,0xaf,0x8a,0x4b,0x86,0xe8,0x30,0x84,0x5a,0x02,0x32,0x67,0x01,0x9f,0x02,0x50,0x1b,0xc1,0xf4,0xf8,0x80,0x9a,0x1b,0x4e,0x16,0x7a,0x34,0x48,0x67,0xf1,0xf4,0x11,0xf2,0x9b,0x95,0xf8,0x2d,0xf6,0x17,0x6b,0x4e,0xb8,0x4e,0x2a,0x72,0x5b,0x07,0x6f,0xde,0xd7,0x21,0x2a,0xbb,0x63,0xb9,0x04,0x9a,0x54}, + {0xbf,0x18,0x68,0x05,0x0a,0x05,0xfe,0x95,0xa9,0xfa,0x60,0x56,0x71,0x89,0x7e,0x32,0x73,0x50,0xa0,0x06,0xcd,0xe3,0xe8,0xc3,0x9a,0xa4,0x45,0x74,0x4c,0x3f,0x93,0x27,0x9f,0x09,0xfc,0x8e,0xb9,0x51,0x73,0x28,0x38,0x25,0xfd,0x7d,0xf4,0xc6,0x65,0x67,0x65,0x92,0x0a,0xfb,0x3d,0x8d,0x34,0xca,0x27,0x87,0xe5,0x21,0x03,0x91,0x0e,0x68,0xb0,0x26,0x14,0xe5,0xec,0x45,0x1e,0xbf,0x94,0x0f,0xba,0x6d,0x3d,0xc6,0x2b,0xe3,0xc0,0x52,0xf8,0x8c,0xd5,0x74,0x29,0xe4,0x18,0x4c,0xe6,0xb0,0xb1,0x79,0xf0,0x44}, + {0xba,0xd6,0x47,0xa4,0xc3,0x82,0x91,0x7f,0xb7,0x29,0x27,0x4b,0xd1,0x14,0x00,0xd5,0x87,0xa0,0x64,0xb8,0x1c,0xf1,0x3c,0xe3,0xf3,0x55,0x1b,0xeb,0x73,0x7e,0x4a,0x15,0x33,0xbb,0xa5,0x08,0x44,0xbc,0x12,0xa2,0x02,0xed,0x5e,0xc7,0xc3,0x48,0x50,0x8d,0x44,0xec,0xbf,0x5a,0x0c,0xeb,0x1b,0xdd,0xeb,0x06,0xe2,0x46,0xf1,0xcc,0x45,0x29,0xb3,0x03,0xd0,0xe7,0x79,0xa1,0x32,0xc8,0x7e,0x4d,0x12,0x00,0x0a,0x9d,0x72,0x5f,0xf3,0x8f,0x6d,0x0e,0xa1,0xd4,0xc1,0x62,0x98,0x7a,0xb2,0x38,0x59,0xac,0xb8,0x68}, + {0xa4,0x8c,0x7d,0x7b,0xb6,0x06,0x98,0x49,0x39,0x27,0xd2,0x27,0x84,0xe2,0x5b,0x57,0xb9,0x53,0x45,0x20,0xe7,0x5c,0x08,0xbb,0x84,0x78,0x41,0xae,0x41,0x4c,0xb6,0x38,0x31,0x71,0x15,0x77,0xeb,0xee,0x0c,0x3a,0x88,0xaf,0xc8,0x00,0x89,0x15,0x27,0x9b,0x36,0xa7,0x59,0xda,0x68,0xb6,0x65,0x80,0xbd,0x38,0xcc,0xa2,0xb6,0x7b,0xe5,0x51,0xa4,0xe3,0x9d,0x68,0x91,0xad,0x9d,0x8f,0x37,0x91,0xfb,0xf8,0x28,0x24,0x5f,0x17,0x88,0xb9,0xcf,0x9f,0x32,0xb5,0x0a,0x05,0x9f,0xc0,0x54,0x13,0xa2,0xdf,0x65,0x78}, + {0xb1,0x21,0x32,0xaa,0x9a,0x2c,0x6f,0xba,0xa7,0x23,0xba,0x3b,0x53,0x21,0xa0,0x6c,0x3a,0x2c,0x19,0x92,0x4f,0x76,0xea,0x9d,0xe0,0x17,0x53,0x2e,0x5d,0xdd,0x6e,0x1d,0xbf,0xa3,0x4e,0x94,0xd0,0x5c,0x1a,0x6b,0xd2,0xc0,0x9d,0xb3,0x3a,0x35,0x70,0x74,0x49,0x2e,0x54,0x28,0x82,0x52,0xb2,0x71,0x7e,0x92,0x3c,0x28,0x69,0xea,0x1b,0x46,0x36,0xda,0x0f,0xab,0xac,0x8a,0x7a,0x21,0xc8,0x49,0x35,0x3d,0x54,0xc6,0x28,0xa5,0x68,0x75,0xab,0x13,0x8b,0x5b,0xd0,0x37,0x37,0xbc,0x2c,0x3a,0x62,0xef,0x3c,0x23}, + {0xd9,0x34,0x92,0xf3,0xed,0x5d,0xa7,0xe2,0xf9,0x58,0xb5,0xe1,0x80,0x76,0x3d,0x96,0xfb,0x23,0x3c,0x6e,0xac,0x41,0x27,0x2c,0xc3,0x01,0x0e,0x32,0xa1,0x24,0x90,0x3a,0x8f,0x3e,0xdd,0x04,0x66,0x59,0xb7,0x59,0x2c,0x70,0x88,0xe2,0x77,0x03,0xb3,0x6c,0x23,0xc3,0xd9,0x5e,0x66,0x9c,0x33,0xb1,0x2f,0xe5,0xbc,0x61,0x60,0xe7,0x15,0x09,0x7e,0xa3,0x34,0xa8,0x35,0xe8,0x7d,0xdf,0xea,0x57,0x98,0x68,0xda,0x9c,0xe1,0x8b,0x26,0xb3,0x67,0x71,0x36,0x85,0x11,0x2c,0xc2,0xd5,0xef,0xdb,0xd9,0xb3,0x9e,0x58}, + {0x5e,0x51,0xaa,0x49,0x54,0x63,0x5b,0xed,0x3a,0x82,0xc6,0x0b,0x9f,0xc4,0x65,0xa8,0xc4,0xd1,0x42,0x5b,0xe9,0x1f,0x0c,0x85,0xb9,0x15,0xd3,0x03,0x6f,0x6d,0xd7,0x30,0x1d,0x9c,0x2f,0x63,0x0e,0xdd,0xcc,0x2e,0x15,0x31,0x89,0x76,0x96,0xb6,0xd0,0x51,0x58,0x7a,0x63,0xa8,0x6b,0xb7,0xdf,0x52,0x39,0xef,0x0e,0xa0,0x49,0x7d,0xd3,0x6d,0xc7,0xe4,0x06,0x21,0x17,0x44,0x44,0x6c,0x69,0x7f,0x8d,0x92,0x80,0xd6,0x53,0xfb,0x26,0x3f,0x4d,0x69,0xa4,0x9e,0x73,0xb4,0xb0,0x4b,0x86,0x2e,0x11,0x97,0xc6,0x10}, + {0xde,0x5f,0xbe,0x7d,0x27,0xc4,0x93,0x64,0xa2,0x7e,0xad,0x19,0xad,0x4f,0x5d,0x26,0x90,0x45,0x30,0x46,0xc8,0xdf,0x00,0x0e,0x09,0xfe,0x66,0xed,0xab,0x1c,0xe6,0x25,0x05,0xc8,0x58,0x83,0xa0,0x2a,0xa6,0x0c,0x47,0x42,0x20,0x7a,0xe3,0x4a,0x3d,0x6a,0xdc,0xed,0x11,0x3b,0xa6,0xd3,0x64,0x74,0xef,0x06,0x08,0x55,0xaf,0x9b,0xbf,0x03,0x04,0x66,0x58,0xcc,0x28,0xe1,0x13,0x3f,0x7e,0x74,0x59,0xb4,0xec,0x73,0x58,0x6f,0xf5,0x68,0x12,0xcc,0xed,0x3d,0xb6,0xa0,0x2c,0xe2,0x86,0x45,0x63,0x78,0x6d,0x56}, + {0x34,0x08,0xc1,0x9c,0x9f,0xa4,0x37,0x16,0x51,0xc4,0x9b,0xa8,0xd5,0x56,0x8e,0xbc,0xdb,0xd2,0x7f,0x7f,0x0f,0xec,0xb5,0x1c,0xd9,0x35,0xcc,0x5e,0xca,0x5b,0x97,0x33,0xd0,0x2f,0x5a,0xc6,0x85,0x42,0x05,0xa1,0xc3,0x67,0x16,0xf3,0x2a,0x11,0x64,0x6c,0x58,0xee,0x1a,0x73,0x40,0xe2,0x0a,0x68,0x2a,0xb2,0x93,0x47,0xf3,0xa5,0xfb,0x14,0xd4,0xf7,0x85,0x69,0x16,0x46,0xd7,0x3c,0x57,0x00,0xc8,0xc9,0x84,0x5e,0x3e,0x59,0x1e,0x13,0x61,0x7b,0xb6,0xf2,0xc3,0x2f,0x6c,0x52,0xfc,0x83,0xea,0x9c,0x82,0x14}, + {0xc2,0x95,0xdd,0x97,0x84,0x7b,0x43,0xff,0xa7,0xb5,0x4e,0xaa,0x30,0x4e,0x74,0x6c,0x8b,0xe8,0x85,0x3c,0x61,0x5d,0x0c,0x9e,0x73,0x81,0x75,0x5f,0x1e,0xc7,0xd9,0x2f,0xb8,0xec,0x71,0x4e,0x2f,0x0b,0xe7,0x21,0xe3,0x77,0xa4,0x40,0xb9,0xdd,0x56,0xe6,0x80,0x4f,0x1d,0xce,0xce,0x56,0x65,0xbf,0x7e,0x7b,0x5d,0x53,0xc4,0x3b,0xfc,0x05,0xdd,0xde,0xaf,0x52,0xae,0xb3,0xb8,0x24,0xcf,0x30,0x3b,0xed,0x8c,0x63,0x95,0x34,0x95,0x81,0xbe,0xa9,0x83,0xbc,0xa4,0x33,0x04,0x1f,0x65,0x5c,0x47,0x67,0x37,0x37}, + {0xd9,0xad,0xd1,0x40,0xfd,0x99,0xba,0x2f,0x27,0xd0,0xf4,0x96,0x6f,0x16,0x07,0xb3,0xae,0x3b,0xf0,0x15,0x52,0xf0,0x63,0x43,0x99,0xf9,0x18,0x3b,0x6c,0xa5,0xbe,0x1f,0x90,0x65,0x24,0x14,0xcb,0x95,0x40,0x63,0x35,0x55,0xc1,0x16,0x40,0x14,0x12,0xef,0x60,0xbc,0x10,0x89,0x0c,0x14,0x38,0x9e,0x8c,0x7c,0x90,0x30,0x57,0x90,0xf5,0x6b,0x8a,0x5b,0x41,0xe1,0xf1,0x78,0xa7,0x0f,0x7e,0xa7,0xc3,0xba,0xf7,0x9f,0x40,0x06,0x50,0x9a,0xa2,0x9a,0xb8,0xd7,0x52,0x6f,0x56,0x5a,0x63,0x7a,0xf6,0x1c,0x52,0x02}, + {0x94,0x52,0x9d,0x0a,0x0b,0xee,0x3f,0x51,0x66,0x5a,0xdf,0x0f,0x5c,0xe7,0x98,0x8f,0xce,0x07,0xe1,0xbf,0x88,0x86,0x61,0xd4,0xed,0x2c,0x38,0x71,0x7e,0x0a,0xa0,0x3f,0xe4,0x5e,0x2f,0x77,0x20,0x67,0x14,0xb1,0xce,0x9a,0x07,0x96,0xb1,0x94,0xf8,0xe8,0x4a,0x82,0xac,0x00,0x4d,0x22,0xf8,0x4a,0xc4,0x6c,0xcd,0xf7,0xd9,0x53,0x17,0x00,0x34,0xdb,0x3d,0x96,0x2d,0x23,0x69,0x3c,0x58,0x38,0x97,0xb4,0xda,0x87,0xde,0x1d,0x85,0xf2,0x91,0xa0,0xf9,0xd1,0xd7,0xaa,0xb6,0xed,0x48,0xa0,0x2f,0xfe,0xb5,0x12}, + {0x4d,0xe3,0xfc,0x96,0xc4,0xfb,0xf0,0x71,0xed,0x5b,0xf3,0xad,0x6b,0x82,0xb9,0x73,0x61,0xc5,0x28,0xff,0x61,0x72,0x04,0xd2,0x6f,0x20,0xb1,0x6f,0xf9,0x76,0x9b,0x74,0x92,0x1e,0x6f,0xad,0x26,0x7c,0x2b,0xdf,0x13,0x89,0x4b,0x50,0x23,0xd3,0x66,0x4b,0xc3,0x8b,0x1c,0x75,0xc0,0x9d,0x40,0x8c,0xb8,0xc7,0x96,0x07,0xc2,0x93,0x7e,0x6f,0x05,0xae,0xa6,0xae,0x04,0xf6,0x5a,0x1f,0x99,0x9c,0xe4,0xbe,0xf1,0x51,0x23,0xc1,0x66,0x6b,0xff,0xee,0xb5,0x08,0xa8,0x61,0x51,0x21,0xe0,0x01,0x0f,0xc1,0xce,0x0f}, + {0x44,0x1e,0xfe,0x49,0xa6,0x58,0x4d,0x64,0x7e,0x77,0xad,0x31,0xa2,0xae,0xfc,0x21,0xd2,0xd0,0x7f,0x88,0x5a,0x1c,0x44,0x02,0xf3,0x11,0xc5,0x83,0x71,0xaa,0x01,0x49,0x45,0x4e,0x24,0xc4,0x9d,0xd2,0xf2,0x3d,0x0a,0xde,0xd8,0x93,0x74,0x0e,0x02,0x2b,0x4d,0x21,0x0c,0x82,0x7e,0x06,0xc8,0x6c,0x0a,0xb9,0xea,0x6f,0x16,0x79,0x37,0x41,0xf0,0xf8,0x1a,0x8c,0x54,0xb7,0xb1,0x08,0xb4,0x99,0x62,0x24,0x7c,0x7a,0x0f,0xce,0x39,0xd9,0x06,0x1e,0xf9,0xb0,0x60,0xf7,0x13,0x12,0x6d,0x72,0x7b,0x88,0xbb,0x41}, + {0xbe,0x46,0x43,0x74,0x44,0x7d,0xe8,0x40,0x25,0x2b,0xb5,0x15,0xd4,0xda,0x48,0x1d,0x3e,0x60,0x3b,0xa1,0x18,0x8a,0x3a,0x7c,0xf7,0xbd,0xcd,0x2f,0xc1,0x28,0xb7,0x4e,0xae,0x91,0x66,0x7c,0x59,0x4c,0x23,0x7e,0xc8,0xb4,0x85,0x0a,0x3d,0x9d,0x88,0x64,0xe7,0xfa,0x4a,0x35,0x0c,0xc9,0xe2,0xda,0x1d,0x9e,0x6a,0x0c,0x07,0x1e,0x87,0x0a,0x89,0x89,0xbc,0x4b,0x99,0xb5,0x01,0x33,0x60,0x42,0xdd,0x5b,0x3a,0xae,0x6b,0x73,0x3c,0x9e,0xd5,0x19,0xe2,0xad,0x61,0x0d,0x64,0xd4,0x85,0x26,0x0f,0x30,0xe7,0x3e}, + {0xb7,0xd6,0x7d,0x9e,0xe4,0x55,0xd2,0xf5,0xac,0x1e,0x0b,0x61,0x5c,0x11,0x16,0x80,0xca,0x87,0xe1,0x92,0x5d,0x97,0x99,0x3c,0xc2,0x25,0x91,0x97,0x62,0x57,0x81,0x13,0x18,0x75,0x1e,0x84,0x47,0x79,0xfa,0x43,0xd7,0x46,0x9c,0x63,0x59,0xfa,0xc6,0xe5,0x74,0x2b,0x05,0xe3,0x1d,0x5e,0x06,0xa1,0x30,0x90,0xb8,0xcf,0xa2,0xc6,0x47,0x7d,0xe0,0xd6,0xf0,0x8e,0x14,0xd0,0xda,0x3f,0x3c,0x6f,0x54,0x91,0x9a,0x74,0x3e,0x9d,0x57,0x81,0xbb,0x26,0x10,0x62,0xec,0x71,0x80,0xec,0xc9,0x34,0x8d,0xf5,0x8c,0x14}, + {0x27,0xf0,0x34,0x79,0xf6,0x92,0xa4,0x46,0xa9,0x0a,0x84,0xf6,0xbe,0x84,0x99,0x46,0x54,0x18,0x61,0x89,0x2a,0xbc,0xa1,0x5c,0xd4,0xbb,0x5d,0xbd,0x1e,0xfa,0xf2,0x3f,0x6d,0x75,0xe4,0x9a,0x7d,0x2f,0x57,0xe2,0x7f,0x48,0xf3,0x88,0xbb,0x45,0xc3,0x56,0x8d,0xa8,0x60,0x69,0x6d,0x0b,0xd1,0x9f,0xb9,0xa1,0xae,0x4e,0xad,0xeb,0x8f,0x27,0x66,0x39,0x93,0x8c,0x1f,0x68,0xaa,0xb1,0x98,0x0c,0x29,0x20,0x9c,0x94,0x21,0x8c,0x52,0x3c,0x9d,0x21,0x91,0x52,0x11,0x39,0x7b,0x67,0x9c,0xfe,0x02,0xdd,0x04,0x41}, + {0x2a,0x42,0x24,0x11,0x5e,0xbf,0xb2,0x72,0xb5,0x3a,0xa3,0x98,0x33,0x0c,0xfa,0xa1,0x66,0xb6,0x52,0xfa,0x01,0x61,0xcb,0x94,0xd5,0x53,0xaf,0xaf,0x00,0x3b,0x86,0x2c,0xb8,0x6a,0x09,0xdb,0x06,0x4e,0x21,0x81,0x35,0x4f,0xe4,0x0c,0xc9,0xb6,0xa8,0x21,0xf5,0x2a,0x9e,0x40,0x2a,0xc1,0x24,0x65,0x81,0xa4,0xfc,0x8e,0xa4,0xb5,0x65,0x01,0x76,0x6a,0x84,0xa0,0x74,0xa4,0x90,0xf1,0xc0,0x7c,0x2f,0xcd,0x84,0xf9,0xef,0x12,0x8f,0x2b,0xaa,0x58,0x06,0x29,0x5e,0x69,0xb8,0xc8,0xfe,0xbf,0xd9,0x67,0x1b,0x59}, + {0xfa,0x9b,0xb4,0x80,0x1c,0x0d,0x2f,0x31,0x8a,0xec,0xf3,0xab,0x5e,0x51,0x79,0x59,0x88,0x1c,0xf0,0x9e,0xc0,0x33,0x70,0x72,0xcb,0x7b,0x8f,0xca,0xc7,0x2e,0xe0,0x3d,0x5d,0xb5,0x18,0x9f,0x71,0xb3,0xb9,0x99,0x1e,0x64,0x8c,0xa1,0xfa,0xe5,0x65,0xe4,0xed,0x05,0x9f,0xc2,0x36,0x11,0x08,0x61,0x8b,0x12,0x30,0x70,0x86,0x4f,0x9b,0x48,0xef,0x92,0xeb,0x3a,0x2d,0x10,0x32,0xd2,0x61,0xa8,0x16,0x61,0xb4,0x53,0x62,0xe1,0x24,0xaa,0x0b,0x19,0xe7,0xab,0x7e,0x3d,0xbf,0xbe,0x6c,0x49,0xba,0xfb,0xf5,0x49}, + {0xd4,0xcf,0x5b,0x8a,0x10,0x9a,0x94,0x30,0xeb,0x73,0x64,0xbc,0x70,0xdd,0x40,0xdc,0x1c,0x0d,0x7c,0x30,0xc1,0x94,0xc2,0x92,0x74,0x6e,0xfa,0xcb,0x6d,0xa8,0x04,0x56,0x2e,0x57,0x9c,0x1e,0x8c,0x62,0x5d,0x15,0x41,0x47,0x88,0xc5,0xac,0x86,0x4d,0x8a,0xeb,0x63,0x57,0x51,0xf6,0x52,0xa3,0x91,0x5b,0x51,0x67,0x88,0xc2,0xa6,0xa1,0x06,0xb6,0x64,0x17,0x7c,0xd4,0xd1,0x88,0x72,0x51,0x8b,0x41,0xe0,0x40,0x11,0x54,0x72,0xd1,0xf6,0xac,0x18,0x60,0x1a,0x03,0x9f,0xc6,0x42,0x27,0xfe,0x89,0x9e,0x98,0x20}, + {0x7f,0xcc,0x2d,0x3a,0xfd,0x77,0x97,0x49,0x92,0xd8,0x4f,0xa5,0x2c,0x7c,0x85,0x32,0xa0,0xe3,0x07,0xd2,0x64,0xd8,0x79,0xa2,0x29,0x7e,0xa6,0x0c,0x1d,0xed,0x03,0x04,0x2e,0xec,0xea,0x85,0x8b,0x27,0x74,0x16,0xdf,0x2b,0xcb,0x7a,0x07,0xdc,0x21,0x56,0x5a,0xf4,0xcb,0x61,0x16,0x4c,0x0a,0x64,0xd3,0x95,0x05,0xf7,0x50,0x99,0x0b,0x73,0x52,0xc5,0x4e,0x87,0x35,0x2d,0x4b,0xc9,0x8d,0x6f,0x24,0x98,0xcf,0xc8,0xe6,0xc5,0xce,0x35,0xc0,0x16,0xfa,0x46,0xcb,0xf7,0xcc,0x3d,0x30,0x08,0x43,0x45,0xd7,0x5b}, + {0xc2,0x4c,0xb2,0x28,0x95,0xd1,0x9a,0x7f,0x81,0xc1,0x35,0x63,0x65,0x54,0x6b,0x7f,0x36,0x72,0xc0,0x4f,0x6e,0xb6,0xb8,0x66,0x83,0xad,0x80,0x73,0x00,0x78,0x3a,0x13,0x2a,0x79,0xe7,0x15,0x21,0x93,0xc4,0x85,0xc9,0xdd,0xcd,0xbd,0xa2,0x89,0x4c,0xc6,0x62,0xd7,0xa3,0xad,0xa8,0x3d,0x1e,0x9d,0x2c,0xf8,0x67,0x30,0x12,0xdb,0xb7,0x5b,0xbe,0x62,0xca,0xc6,0x67,0xf4,0x61,0x09,0xee,0x52,0x19,0x21,0xd6,0x21,0xec,0x04,0x70,0x47,0xd5,0x9b,0x77,0x60,0x23,0x18,0xd2,0xe0,0xf0,0x58,0x6d,0xca,0x0d,0x74}, + {0x4e,0xce,0xcf,0x52,0x07,0xee,0x48,0xdf,0xb7,0x08,0xec,0x06,0xf3,0xfa,0xff,0xc3,0xc4,0x59,0x54,0xb9,0x2a,0x0b,0x71,0x05,0x8d,0xa3,0x3e,0x96,0xfa,0x25,0x1d,0x16,0x3c,0x43,0x78,0x04,0x57,0x8c,0x1a,0x23,0x9d,0x43,0x81,0xc2,0x0e,0x27,0xb5,0xb7,0x9f,0x07,0xd9,0xe3,0xea,0x99,0xaa,0xdb,0xd9,0x03,0x2b,0x6c,0x25,0xf5,0x03,0x2c,0x7d,0xa4,0x53,0x7b,0x75,0x18,0x0f,0x79,0x79,0x58,0x0c,0xcf,0x30,0x01,0x7b,0x30,0xf9,0xf7,0x7e,0x25,0x77,0x3d,0x90,0x31,0xaf,0xbb,0x96,0xbd,0xbd,0x68,0x94,0x69}, + {0xcf,0xfe,0xda,0xf4,0x46,0x2f,0x1f,0xbd,0xf7,0xd6,0x7f,0xa4,0x14,0x01,0xef,0x7c,0x7f,0xb3,0x47,0x4a,0xda,0xfd,0x1f,0xd3,0x85,0x57,0x90,0x73,0xa4,0x19,0x52,0x52,0x48,0x19,0xa9,0x6a,0xe6,0x3d,0xdd,0xd8,0xcc,0xd2,0xc0,0x2f,0xc2,0x64,0x50,0x48,0x2f,0xea,0xfd,0x34,0x66,0x24,0x48,0x9b,0x3a,0x2e,0x4a,0x6c,0x4e,0x1c,0x3e,0x29,0xe1,0x12,0x51,0x92,0x4b,0x13,0x6e,0x37,0xa0,0x5d,0xa1,0xdc,0xb5,0x78,0x37,0x70,0x11,0x31,0x1c,0x46,0xaf,0x89,0x45,0xb0,0x23,0x28,0x03,0x7f,0x44,0x5c,0x60,0x5b}, + {0x89,0x7c,0xc4,0x20,0x59,0x80,0x65,0xb9,0xcc,0x8f,0x3b,0x92,0x0c,0x10,0xf0,0xe7,0x77,0xef,0xe2,0x02,0x65,0x25,0x01,0x00,0xee,0xb3,0xae,0xa8,0xce,0x6d,0xa7,0x24,0x4c,0xf0,0xe7,0xf0,0xc6,0xfe,0xe9,0x3b,0x62,0x49,0xe3,0x75,0x9e,0x57,0x6a,0x86,0x1a,0xe6,0x1d,0x1e,0x16,0xef,0x42,0x55,0xd5,0xbd,0x5a,0xcc,0xf4,0xfe,0x12,0x2f,0x40,0xc7,0xc0,0xdf,0xb2,0x22,0x45,0x0a,0x07,0xa4,0xc9,0x40,0x7f,0x6e,0xd0,0x10,0x68,0xf6,0xcf,0x78,0x41,0x14,0xcf,0xc6,0x90,0x37,0xa4,0x18,0x25,0x7b,0x60,0x5e}, + {0x18,0x18,0xdf,0x6c,0x8f,0x1d,0xb3,0x58,0xa2,0x58,0x62,0xc3,0x4f,0xa7,0xcf,0x35,0x6e,0x1d,0xe6,0x66,0x4f,0xff,0xb3,0xe1,0xf7,0xd5,0xcd,0x6c,0xab,0xac,0x67,0x50,0x14,0xcf,0x96,0xa5,0x1c,0x43,0x2c,0xa0,0x00,0xe4,0xd3,0xae,0x40,0x2d,0xc4,0xe3,0xdb,0x26,0x0f,0x2e,0x80,0x26,0x45,0xd2,0x68,0x70,0x45,0x9e,0x13,0x33,0x1f,0x20,0x51,0x9d,0x03,0x08,0x6b,0x7f,0x52,0xfd,0x06,0x00,0x7c,0x01,0x64,0x49,0xb1,0x18,0xa8,0xa4,0x25,0x2e,0xb0,0x0e,0x22,0xd5,0x75,0x03,0x46,0x62,0x88,0xba,0x7c,0x39}, + {0xb2,0x59,0x59,0xf0,0x93,0x30,0xc1,0x30,0x76,0x79,0xa9,0xe9,0x8d,0xa1,0x3a,0xe2,0x26,0x5e,0x1d,0x72,0x91,0xd4,0x2f,0x22,0x3a,0x6c,0x6e,0x76,0x20,0xd3,0x39,0x23,0xe7,0x79,0x13,0xc8,0xfb,0xc3,0x15,0x78,0xf1,0x2a,0xe1,0xdd,0x20,0x94,0x61,0xa6,0xd5,0xfd,0xa8,0x85,0xf8,0xc0,0xa9,0xff,0x52,0xc2,0xe1,0xc1,0x22,0x40,0x1b,0x77,0xa7,0x2f,0x3a,0x51,0x86,0xd9,0x7d,0xd8,0x08,0xcf,0xd4,0xf9,0x71,0x9b,0xac,0xf5,0xb3,0x83,0xa2,0x1e,0x1b,0xc3,0x6b,0xd0,0x76,0x1a,0x97,0x19,0x92,0x18,0x1a,0x33}, + {0xc6,0x80,0x4f,0xfb,0x45,0x6f,0x16,0xf5,0xcf,0x75,0xc7,0x61,0xde,0xc7,0x36,0x9c,0x1c,0xd9,0x41,0x90,0x1b,0xe8,0xd4,0xe3,0x21,0xfe,0xbd,0x83,0x6b,0x7c,0x16,0x31,0xaf,0x72,0x75,0x9d,0x3a,0x2f,0x51,0x26,0x9e,0x4a,0x07,0x68,0x88,0xe2,0xcb,0x5b,0xc4,0xf7,0x80,0x11,0xc1,0xc1,0xed,0x84,0x7b,0xa6,0x49,0xf6,0x9f,0x61,0xc9,0x1a,0x68,0x10,0x4b,0x52,0x42,0x38,0x2b,0xf2,0x87,0xe9,0x9c,0xee,0x3b,0x34,0x68,0x50,0xc8,0x50,0x62,0x4a,0x84,0x71,0x9d,0xfc,0x11,0xb1,0x08,0x1f,0x34,0x36,0x24,0x61}, + {0x8d,0x89,0x4e,0x87,0xdb,0x41,0x9d,0xd9,0x20,0xdc,0x07,0x6c,0xf1,0xa5,0xfe,0x09,0xbc,0x9b,0x0f,0xd0,0x67,0x2c,0x3d,0x79,0x40,0xff,0x5e,0x9e,0x30,0xe2,0xeb,0x46,0x38,0x26,0x2d,0x1a,0xe3,0x49,0x63,0x8b,0x35,0xfd,0xd3,0x9b,0x00,0xb7,0xdf,0x9d,0xa4,0x6b,0xa0,0xa3,0xb8,0xf1,0x8b,0x7f,0x45,0x04,0xd9,0x78,0x31,0xaa,0x22,0x15,0x38,0x49,0x61,0x69,0x53,0x2f,0x38,0x2c,0x10,0x6d,0x2d,0xb7,0x9a,0x40,0xfe,0xda,0x27,0xf2,0x46,0xb6,0x91,0x33,0xc8,0xe8,0x6c,0x30,0x24,0x05,0xf5,0x70,0xfe,0x45}, + {0x8c,0x0b,0x0c,0x96,0xa6,0x75,0x48,0xda,0x20,0x2f,0x0e,0xef,0x76,0xd0,0x68,0x5b,0xd4,0x8f,0x0b,0x3d,0xcf,0x51,0xfb,0x07,0xd4,0x92,0xe3,0xa0,0x23,0x16,0x8d,0x42,0x91,0x14,0x95,0xc8,0x20,0x49,0xf2,0x62,0xa2,0x0c,0x63,0x3f,0xc8,0x07,0xf0,0x05,0xb8,0xd4,0xc9,0xf5,0xd2,0x45,0xbb,0x6f,0x45,0x22,0x7a,0xb5,0x6d,0x9f,0x61,0x16,0xfd,0x08,0xa3,0x01,0x44,0x4a,0x4f,0x08,0xac,0xca,0xa5,0x76,0xc3,0x19,0x22,0xa8,0x7d,0xbc,0xd1,0x43,0x46,0xde,0xb8,0xde,0xc6,0x38,0xbd,0x60,0x2d,0x59,0x81,0x1d}, + {0x5f,0xac,0x0d,0xa6,0x56,0x87,0x36,0x61,0x57,0xdc,0xab,0xeb,0x6a,0x2f,0xe0,0x17,0x7d,0x0f,0xce,0x4c,0x2d,0x3f,0x19,0x7f,0xf0,0xdc,0xec,0x89,0x77,0x4a,0x23,0x20,0xe8,0xc5,0x85,0x7b,0x9f,0xb6,0x65,0x87,0xb2,0xba,0x68,0xd1,0x8b,0x67,0xf0,0x6f,0x9b,0x0f,0x33,0x1d,0x7c,0xe7,0x70,0x3a,0x7c,0x8e,0xaf,0xb0,0x51,0x6d,0x5f,0x3a,0x52,0xb2,0x78,0x71,0xb6,0x0d,0xd2,0x76,0x60,0xd1,0x1e,0xd5,0xf9,0x34,0x1c,0x07,0x70,0x11,0xe4,0xb3,0x20,0x4a,0x2a,0xf6,0x66,0xe3,0xff,0x3c,0x35,0x82,0xd6,0x7c}, + {0xb6,0xfa,0x87,0xd8,0x5b,0xa4,0xe1,0x0b,0x6e,0x3b,0x40,0xba,0x32,0x6a,0x84,0x2a,0x00,0x60,0x6e,0xe9,0x12,0x10,0x92,0xd9,0x43,0x09,0xdc,0x3b,0x86,0xc8,0x38,0x28,0xf3,0xf4,0xac,0x68,0x60,0xcd,0x65,0xa6,0xd3,0xe3,0xd7,0x3c,0x18,0x2d,0xd9,0x42,0xd9,0x25,0x60,0x33,0x9d,0x38,0x59,0x57,0xff,0xd8,0x2c,0x2b,0x3b,0x25,0xf0,0x3e,0x30,0x50,0x46,0x4a,0xcf,0xb0,0x6b,0xd1,0xab,0x77,0xc5,0x15,0x41,0x6b,0x49,0xfa,0x9d,0x41,0xab,0xf4,0x8a,0xae,0xcf,0x82,0x12,0x28,0xa8,0x06,0xa6,0xb8,0xdc,0x21}, + {0xc8,0x9f,0x9d,0x8c,0x46,0x04,0x60,0x5c,0xcb,0xa3,0x2a,0xd4,0x6e,0x09,0x40,0x25,0x9c,0x2f,0xee,0x12,0x4c,0x4d,0x5b,0x12,0xab,0x1d,0xa3,0x94,0x81,0xd0,0xc3,0x0b,0xba,0x31,0x77,0xbe,0xfa,0x00,0x8d,0x9a,0x89,0x18,0x9e,0x62,0x7e,0x60,0x03,0x82,0x7f,0xd9,0xf3,0x43,0x37,0x02,0xcc,0xb2,0x8b,0x67,0x6f,0x6c,0xbf,0x0d,0x84,0x5d,0x8b,0xe1,0x9f,0x30,0x0d,0x38,0x6e,0x70,0xc7,0x65,0xe1,0xb9,0xa6,0x2d,0xb0,0x6e,0xab,0x20,0xae,0x7d,0x99,0xba,0xbb,0x57,0xdd,0x96,0xc1,0x2a,0x23,0x76,0x42,0x3a}, + {0xfa,0x84,0x70,0x8a,0x2c,0x43,0x42,0x4b,0x45,0xe5,0xb9,0xdf,0xe3,0x19,0x8a,0x89,0x5d,0xe4,0x58,0x9c,0x21,0x00,0x9f,0xbe,0xd1,0xeb,0x6d,0xa1,0xce,0x77,0xf1,0x1f,0xcb,0x7e,0x44,0xdb,0x72,0xc1,0xf8,0x3b,0xbd,0x2d,0x28,0xc6,0x1f,0xc4,0xcf,0x5f,0xfe,0x15,0xaa,0x75,0xc0,0xff,0xac,0x80,0xf9,0xa9,0xe1,0x24,0xe8,0xc9,0x70,0x07,0xfd,0xb5,0xb5,0x45,0x9a,0xd9,0x61,0xcf,0x24,0x79,0x3a,0x1b,0xe9,0x84,0x09,0x86,0x89,0x3e,0x3e,0x30,0x19,0x09,0x30,0xe7,0x1e,0x0b,0x50,0x41,0xfd,0x64,0xf2,0x39}, + {0x9c,0xe2,0xe7,0xdb,0x17,0x34,0xad,0xa7,0x9c,0x13,0x9c,0x2b,0x6a,0x37,0x94,0xbd,0xa9,0x7b,0x59,0x93,0x8e,0x1b,0xe9,0xa0,0x40,0x98,0x88,0x68,0x34,0xd7,0x12,0x17,0xe1,0x7b,0x09,0xfe,0xab,0x4a,0x9b,0xd1,0x29,0x19,0xe0,0xdf,0xe1,0xfc,0x6d,0xa4,0xff,0xf1,0xa6,0x2c,0x94,0x08,0xc9,0xc3,0x4e,0xf1,0x35,0x2c,0x27,0x21,0xc6,0x65,0xdd,0x93,0x31,0xce,0xf8,0x89,0x2b,0xe7,0xbb,0xc0,0x25,0xa1,0x56,0x33,0x10,0x4d,0x83,0xfe,0x1c,0x2e,0x3d,0xa9,0x19,0x04,0x72,0xe2,0x9c,0xb1,0x0a,0x80,0xf9,0x22}, + {0xcb,0xf8,0x9e,0x3e,0x8a,0x36,0x5a,0x60,0x15,0x47,0x50,0xa5,0x22,0xc0,0xe9,0xe3,0x8f,0x24,0x24,0x5f,0xb0,0x48,0x3d,0x55,0xe5,0x26,0x76,0x64,0xcd,0x16,0xf4,0x13,0xac,0xfd,0x6e,0x9a,0xdd,0x9f,0x02,0x42,0x41,0x49,0xa5,0x34,0xbe,0xce,0x12,0xb9,0x7b,0xf3,0xbd,0x87,0xb9,0x64,0x0f,0x64,0xb4,0xca,0x98,0x85,0xd3,0xa4,0x71,0x41,0x8c,0x4c,0xc9,0x99,0xaa,0x58,0x27,0xfa,0x07,0xb8,0x00,0xb0,0x6f,0x6f,0x00,0x23,0x92,0x53,0xda,0xad,0xdd,0x91,0xd2,0xfb,0xab,0xd1,0x4b,0x57,0xfa,0x14,0x82,0x50}, + {0x4b,0xfe,0xd6,0x3e,0x15,0x69,0x02,0xc2,0xc4,0x77,0x1d,0x51,0x39,0x67,0x5a,0xa6,0x94,0xaf,0x14,0x2c,0x46,0x26,0xde,0xcb,0x4b,0xa7,0xab,0x6f,0xec,0x60,0xf9,0x22,0xd6,0x03,0xd0,0x53,0xbb,0x15,0x1a,0x46,0x65,0xc9,0xf3,0xbc,0x88,0x28,0x10,0xb2,0x5a,0x3a,0x68,0x6c,0x75,0x76,0xc5,0x27,0x47,0xb4,0x6c,0xc8,0xa4,0x58,0x77,0x3a,0x76,0x50,0xae,0x93,0xf6,0x11,0x81,0x54,0xa6,0x54,0xfd,0x1d,0xdf,0x21,0xae,0x1d,0x65,0x5e,0x11,0xf3,0x90,0x8c,0x24,0x12,0x94,0xf4,0xe7,0x8d,0x5f,0xd1,0x9f,0x5d}, + {0x7f,0x72,0x63,0x6d,0xd3,0x08,0x14,0x03,0x33,0xb5,0xc7,0xd7,0xef,0x9a,0x37,0x6a,0x4b,0xe2,0xae,0xcc,0xc5,0x8f,0xe1,0xa9,0xd3,0xbe,0x8f,0x4f,0x91,0x35,0x2f,0x33,0x1e,0x52,0xd7,0xee,0x2a,0x4d,0x24,0x3f,0x15,0x96,0x2e,0x43,0x28,0x90,0x3a,0x8e,0xd4,0x16,0x9c,0x2e,0x77,0xba,0x64,0xe1,0xd8,0x98,0xeb,0x47,0xfa,0x87,0xc1,0x3b,0x0c,0xc2,0x86,0xea,0x15,0x01,0x47,0x6d,0x25,0xd1,0x46,0x6c,0xcb,0xb7,0x8a,0x99,0x88,0x01,0x66,0x3a,0xb5,0x32,0x78,0xd7,0x03,0xba,0x6f,0x90,0xce,0x81,0x0d,0x45}, + {0x75,0x52,0x20,0xa6,0xa1,0xb6,0x7b,0x6e,0x83,0x8e,0x3c,0x41,0xd7,0x21,0x4f,0xaa,0xb2,0x5c,0x8f,0xe8,0x55,0xd1,0x56,0x6f,0xe1,0x5b,0x34,0xa6,0x4b,0x5d,0xe2,0x2d,0x3f,0x74,0xae,0x1c,0x96,0xd8,0x74,0xd0,0xed,0x63,0x1c,0xee,0xf5,0x18,0x6d,0xf8,0x29,0xed,0xf4,0xe7,0x5b,0xc5,0xbd,0x97,0x08,0xb1,0x3a,0x66,0x79,0xd2,0xba,0x4c,0xcd,0x1f,0xd7,0xa0,0x24,0x90,0xd1,0x80,0xf8,0x8a,0x28,0xfb,0x0a,0xc2,0x25,0xc5,0x19,0x64,0x3a,0x5f,0x4b,0x97,0xa3,0xb1,0x33,0x72,0x00,0xe2,0xef,0xbc,0x7f,0x7d}, + {0x01,0x28,0x6b,0x26,0x6a,0x1e,0xef,0xfa,0x16,0x9f,0x73,0xd5,0xc4,0x68,0x6c,0x86,0x2c,0x76,0x03,0x1b,0xbc,0x2f,0x8a,0xf6,0x8d,0x5a,0xb7,0x87,0x5e,0x43,0x75,0x59,0x94,0x90,0xc2,0xf3,0xc5,0x5d,0x7c,0xcd,0xab,0x05,0x91,0x2a,0x9a,0xa2,0x81,0xc7,0x58,0x30,0x1c,0x42,0x36,0x1d,0xc6,0x80,0xd7,0xd4,0xd8,0xdc,0x96,0xd1,0x9c,0x4f,0x68,0x37,0x7b,0x6a,0xd8,0x97,0x92,0x19,0x63,0x7a,0xd1,0x1a,0x24,0x58,0xd0,0xd0,0x17,0x0c,0x1c,0x5c,0xad,0x9c,0x02,0xba,0x07,0x03,0x7a,0x38,0x84,0xd0,0xcd,0x7c}, + {0x17,0x04,0x26,0x6d,0x2c,0x42,0xa6,0xdc,0xbd,0x40,0x82,0x94,0x50,0x3d,0x15,0xae,0x77,0xc6,0x68,0xfb,0xb4,0xc1,0xc0,0xa9,0x53,0xcf,0xd0,0x61,0xed,0xd0,0x8b,0x42,0x93,0xcc,0x60,0x67,0x18,0x84,0x0c,0x9b,0x99,0x2a,0xb3,0x1a,0x7a,0x00,0xae,0xcd,0x18,0xda,0x0b,0x62,0x86,0xec,0x8d,0xa8,0x44,0xca,0x90,0x81,0x84,0xca,0x93,0x35,0xa7,0x9a,0x84,0x5e,0x9a,0x18,0x13,0x92,0xcd,0xfa,0xd8,0x65,0x35,0xc3,0xd8,0xd4,0xd1,0xbb,0xfd,0x53,0x5b,0x54,0x52,0x8c,0xe6,0x63,0x2d,0xda,0x08,0x83,0x39,0x27}, + {0x13,0xd4,0x5e,0x43,0x28,0x8d,0xc3,0x42,0xc9,0xcc,0x78,0x32,0x60,0xf3,0x50,0xbd,0xef,0x03,0xda,0x79,0x1a,0xab,0x07,0xbb,0x55,0x33,0x8c,0xbe,0xae,0x97,0x95,0x26,0x53,0x24,0x70,0x0a,0x4c,0x0e,0xa1,0xb9,0xde,0x1b,0x7d,0xd5,0x66,0x58,0xa2,0x0f,0xf7,0xda,0x27,0xcd,0xb5,0xd9,0xb9,0xff,0xfd,0x33,0x2c,0x49,0x45,0x29,0x2c,0x57,0xbe,0x30,0xcd,0xd6,0x45,0xc7,0x7f,0xc7,0xfb,0xae,0xba,0xe3,0xd3,0xe8,0xdf,0xe4,0x0c,0xda,0x5d,0xaa,0x30,0x88,0x2c,0xa2,0x80,0xca,0x5b,0xc0,0x98,0x54,0x98,0x7f}, + {0x17,0xe1,0x0b,0x9f,0x88,0xce,0x49,0x38,0x88,0xa2,0x54,0x7b,0x1b,0xad,0x05,0x80,0x1c,0x92,0xfc,0x23,0x9f,0xc3,0xa3,0x3d,0x04,0xf3,0x31,0x0a,0x47,0xec,0xc2,0x76,0x63,0x63,0xbf,0x0f,0x52,0x15,0x56,0xd3,0xa6,0xfb,0x4d,0xcf,0x45,0x5a,0x04,0x08,0xc2,0xa0,0x3f,0x87,0xbc,0x4f,0xc2,0xee,0xe7,0x12,0x9b,0xd6,0x3c,0x65,0xf2,0x30,0x85,0x0c,0xc1,0xaa,0x38,0xc9,0x08,0x8a,0xcb,0x6b,0x27,0xdb,0x60,0x9b,0x17,0x46,0x70,0xac,0x6f,0x0e,0x1e,0xc0,0x20,0xa9,0xda,0x73,0x64,0x59,0xf1,0x73,0x12,0x2f}, + {0x11,0x1e,0xe0,0x8a,0x7c,0xfc,0x39,0x47,0x9f,0xab,0x6a,0x4a,0x90,0x74,0x52,0xfd,0x2e,0x8f,0x72,0x87,0x82,0x8a,0xd9,0x41,0xf2,0x69,0x5b,0xd8,0x2a,0x57,0x9e,0x5d,0xc0,0x0b,0xa7,0x55,0xd7,0x8b,0x48,0x30,0xe7,0x42,0xd4,0xf1,0xa4,0xb5,0xd6,0x06,0x62,0x61,0x59,0xbc,0x9e,0xa6,0xd1,0xea,0x84,0xf7,0xc5,0xed,0x97,0x19,0xac,0x38,0x3b,0xb1,0x51,0xa7,0x17,0xb5,0x66,0x06,0x8c,0x85,0x9b,0x7e,0x86,0x06,0x7d,0x74,0x49,0xde,0x4d,0x45,0x11,0xc0,0xac,0xac,0x9c,0xe6,0xe9,0xbf,0x9c,0xcd,0xdf,0x22}, + {0xd9,0x0c,0x0d,0xc3,0xe0,0xd2,0xdb,0x8d,0x33,0x43,0xbb,0xac,0x5f,0x66,0x8e,0xad,0x1f,0x96,0x2a,0x32,0x8c,0x25,0x6b,0x8f,0xc7,0xc1,0x48,0x54,0xc0,0x16,0x29,0x6b,0xa1,0xe0,0x3b,0x10,0xb4,0x59,0xec,0x56,0x69,0xf9,0x59,0xd2,0xec,0xba,0xe3,0x2e,0x32,0xcd,0xf5,0x13,0x94,0xb2,0x7c,0x79,0x72,0xe4,0xcd,0x24,0x78,0x87,0xe9,0x0f,0x3b,0x91,0xba,0x0a,0xd1,0x34,0xdb,0x7e,0x0e,0xac,0x6d,0x2e,0x82,0xcd,0xa3,0x4e,0x15,0xf8,0x78,0x65,0xff,0x3d,0x08,0x66,0x17,0x0a,0xf0,0x7f,0x30,0x3f,0x30,0x4c}, + {0x85,0x8c,0xb2,0x17,0xd6,0x3b,0x0a,0xd3,0xea,0x3b,0x77,0x39,0xb7,0x77,0xd3,0xc5,0xbf,0x5c,0x6a,0x1e,0x8c,0xe7,0xc6,0xc6,0xc4,0xb7,0x2a,0x8b,0xf7,0xb8,0x61,0x0d,0x00,0x45,0xd9,0x0d,0x58,0x03,0xfc,0x29,0x93,0xec,0xbb,0x6f,0xa4,0x7a,0xd2,0xec,0xf8,0xa7,0xe2,0xc2,0x5f,0x15,0x0a,0x13,0xd5,0xa1,0x06,0xb7,0x1a,0x15,0x6b,0x41,0xb0,0x36,0xc1,0xe9,0xef,0xd7,0xa8,0x56,0x20,0x4b,0xe4,0x58,0xcd,0xe5,0x07,0xbd,0xab,0xe0,0x57,0x1b,0xda,0x2f,0xe6,0xaf,0xd2,0xe8,0x77,0x42,0xf7,0x2a,0x1a,0x19}, + {0x31,0x14,0x3c,0xc5,0x4b,0xf7,0x16,0xce,0xde,0xed,0x72,0x20,0xce,0x25,0x97,0x2b,0xe7,0x3e,0xb2,0xb5,0x6f,0xc3,0xb9,0xb8,0x08,0xc9,0x5c,0x0b,0x45,0x0e,0x2e,0x7e,0xfb,0x0e,0x46,0x4f,0x43,0x2b,0xe6,0x9f,0xd6,0x07,0x36,0xa6,0xd4,0x03,0xd3,0xde,0x24,0xda,0xa0,0xb7,0x0e,0x21,0x52,0xf0,0x93,0x5b,0x54,0x00,0xbe,0x7d,0x7e,0x23,0x30,0xb4,0x01,0x67,0xed,0x75,0x35,0x01,0x10,0xfd,0x0b,0x9f,0xe6,0x94,0x10,0x23,0x22,0x7f,0xe4,0x83,0x15,0x0f,0x32,0x75,0xe3,0x55,0x11,0xb1,0x99,0xa6,0xaf,0x71}, + {0x1d,0xb6,0x53,0x39,0x9b,0x6f,0xce,0x65,0xe6,0x41,0xa1,0xaf,0xea,0x39,0x58,0xc6,0xfe,0x59,0xf7,0xa9,0xfd,0x5f,0x43,0x0f,0x8e,0xc2,0xb1,0xc2,0xe9,0x42,0x11,0x02,0xd6,0x50,0x3b,0x47,0x1c,0x3c,0x42,0xea,0x10,0xef,0x38,0x3b,0x1f,0x7a,0xe8,0x51,0x95,0xbe,0xc9,0xb2,0x5f,0xbf,0x84,0x9b,0x1c,0x9a,0xf8,0x78,0xbc,0x1f,0x73,0x00,0x80,0x18,0xf8,0x48,0x18,0xc7,0x30,0xe4,0x19,0xc1,0xce,0x5e,0x22,0x0c,0x96,0xbf,0xe3,0x15,0xba,0x6b,0x83,0xe0,0xda,0xb6,0x08,0x58,0xe1,0x47,0x33,0x6f,0x4d,0x4c}, + {0xc9,0x1f,0x7d,0xc1,0xcf,0xec,0xf7,0x18,0x14,0x3c,0x40,0x51,0xa6,0xf5,0x75,0x6c,0xdf,0x0c,0xee,0xf7,0x2b,0x71,0xde,0xdb,0x22,0x7a,0xe4,0xa7,0xaa,0xdd,0x3f,0x19,0x70,0x19,0x8f,0x98,0xfc,0xdd,0x0c,0x2f,0x1b,0xf5,0xb9,0xb0,0x27,0x62,0x91,0x6b,0xbe,0x76,0x91,0x77,0xc4,0xb6,0xc7,0x6e,0xa8,0x9f,0x8f,0xa8,0x00,0x95,0xbf,0x38,0x6f,0x87,0xe8,0x37,0x3c,0xc9,0xd2,0x1f,0x2c,0x46,0xd1,0x18,0x5a,0x1e,0xf6,0xa2,0x76,0x12,0x24,0x39,0x82,0xf5,0x80,0x50,0x69,0x49,0x0d,0xbf,0x9e,0xb9,0x6f,0x6a}, + {0xeb,0x55,0x08,0x56,0xbb,0xc1,0x46,0x6a,0x9d,0xf0,0x93,0xf8,0x38,0xbb,0x16,0x24,0xc1,0xac,0x71,0x8f,0x37,0x11,0x1d,0xd7,0xea,0x96,0x18,0xa3,0x14,0x69,0xf7,0x75,0xc6,0x23,0xe4,0xb6,0xb5,0x22,0xb1,0xee,0x8e,0xff,0x86,0xf2,0x10,0x70,0x9d,0x93,0x8c,0x5d,0xcf,0x1d,0x83,0x2a,0xa9,0x90,0x10,0xeb,0xc5,0x42,0x9f,0xda,0x6f,0x13,0xd1,0xbd,0x05,0xa3,0xb1,0xdf,0x4c,0xf9,0x08,0x2c,0xf8,0x9f,0x9d,0x4b,0x36,0x0f,0x8a,0x58,0xbb,0xc3,0xa5,0xd8,0x87,0x2a,0xba,0xdc,0xe8,0x0b,0x51,0x83,0x21,0x02}, + {0x14,0x2d,0xad,0x5e,0x38,0x66,0xf7,0x4a,0x30,0x58,0x7c,0xca,0x80,0xd8,0x8e,0xa0,0x3d,0x1e,0x21,0x10,0xe6,0xa6,0x13,0x0d,0x03,0x6c,0x80,0x7b,0xe1,0x1c,0x07,0x6a,0x7f,0x7a,0x30,0x43,0x01,0x71,0x5a,0x9d,0x5f,0xa4,0x7d,0xc4,0x9e,0xde,0x63,0xb0,0xd3,0x7a,0x92,0xbe,0x52,0xfe,0xbb,0x22,0x6c,0x42,0x40,0xfd,0x41,0xc4,0x87,0x13,0xf8,0x8a,0x97,0x87,0xd1,0xc3,0xd3,0xb5,0x13,0x44,0x0e,0x7f,0x3d,0x5a,0x2b,0x72,0xa0,0x7c,0x47,0xbb,0x48,0x48,0x7b,0x0d,0x92,0xdc,0x1e,0xaf,0x6a,0xb2,0x71,0x31}, + {0xa8,0x4c,0x56,0x97,0x90,0x31,0x2f,0xa9,0x19,0xe1,0x75,0x22,0x4c,0xb8,0x7b,0xff,0x50,0x51,0x87,0xa4,0x37,0xfe,0x55,0x4f,0x5a,0x83,0xf0,0x3c,0x87,0xd4,0x1f,0x22,0xd1,0x47,0x8a,0xb2,0xd8,0xb7,0x0d,0xa6,0xf1,0xa4,0x70,0x17,0xd6,0x14,0xbf,0xa6,0x58,0xbd,0xdd,0x53,0x93,0xf8,0xa1,0xd4,0xe9,0x43,0x42,0x34,0x63,0x4a,0x51,0x6c,0x41,0x63,0x15,0x3a,0x4f,0x20,0x22,0x23,0x2d,0x03,0x0a,0xba,0xe9,0xe0,0x73,0xfb,0x0e,0x03,0x0f,0x41,0x4c,0xdd,0xe0,0xfc,0xaa,0x4a,0x92,0xfb,0x96,0xa5,0xda,0x48}, + {0xc7,0x9c,0xa5,0x5c,0x66,0x8e,0xca,0x6e,0xa0,0xac,0x38,0x2e,0x4b,0x25,0x47,0xa8,0xce,0x17,0x1e,0xd2,0x08,0xc7,0xaf,0x31,0xf7,0x4a,0xd8,0xca,0xfc,0xd6,0x6d,0x67,0x93,0x97,0x4c,0xc8,0x5d,0x1d,0xf6,0x14,0x06,0x82,0x41,0xef,0xe3,0xf9,0x41,0x99,0xac,0x77,0x62,0x34,0x8f,0xb8,0xf5,0xcd,0xa9,0x79,0x8a,0x0e,0xfa,0x37,0xc8,0x58,0x58,0x90,0xfc,0x96,0x85,0x68,0xf9,0x0c,0x1b,0xa0,0x56,0x7b,0xf3,0xbb,0xdc,0x1d,0x6a,0xd6,0x35,0x49,0x7d,0xe7,0xc2,0xdc,0x0a,0x7f,0xa5,0xc6,0xf2,0x73,0x4f,0x1c}, + {0xbb,0xa0,0x5f,0x30,0xbd,0x4f,0x7a,0x0e,0xad,0x63,0xc6,0x54,0xe0,0x4c,0x9d,0x82,0x48,0x38,0xe3,0x2f,0x83,0xc3,0x21,0xf4,0x42,0x4c,0xf6,0x1b,0x0d,0xc8,0x5a,0x79,0x84,0x34,0x7c,0xfc,0x6e,0x70,0x6e,0xb3,0x61,0xcf,0xc1,0xc3,0xb4,0xc9,0xdf,0x73,0xe5,0xc7,0x1c,0x78,0xc9,0x79,0x1d,0xeb,0x5c,0x67,0xaf,0x7d,0xdb,0x9a,0x45,0x70,0xb3,0x2b,0xb4,0x91,0x49,0xdb,0x91,0x1b,0xca,0xdc,0x02,0x4b,0x23,0x96,0x26,0x57,0xdc,0x78,0x8c,0x1f,0xe5,0x9e,0xdf,0x9f,0xd3,0x1f,0xe2,0x8c,0x84,0x62,0xe1,0x5f}, + {0x1a,0x96,0x94,0xe1,0x4f,0x21,0x59,0x4e,0x4f,0xcd,0x71,0x0d,0xc7,0x7d,0xbe,0x49,0x2d,0xf2,0x50,0x3b,0xd2,0xcf,0x00,0x93,0x32,0x72,0x91,0xfc,0x46,0xd4,0x89,0x47,0x08,0xb2,0x7c,0x5d,0x2d,0x85,0x79,0x28,0xe7,0xf2,0x7d,0x68,0x70,0xdd,0xde,0xb8,0x91,0x78,0x68,0x21,0xab,0xff,0x0b,0xdc,0x35,0xaa,0x7d,0x67,0x43,0xc0,0x44,0x2b,0x8e,0xb7,0x4e,0x07,0xab,0x87,0x1c,0x1a,0x67,0xf4,0xda,0x99,0x8e,0xd1,0xc6,0xfa,0x67,0x90,0x4f,0x48,0xcd,0xbb,0xac,0x3e,0xe4,0xa4,0xb9,0x2b,0xef,0x2e,0xc5,0x60}, + {0xf1,0x8b,0xfd,0x3b,0xbc,0x89,0x5d,0x0b,0x1a,0x55,0xf3,0xc9,0x37,0x92,0x6b,0xb0,0xf5,0x28,0x30,0xd5,0xb0,0x16,0x4c,0x0e,0xab,0xca,0xcf,0x2c,0x31,0x9c,0xbc,0x10,0x11,0x6d,0xae,0x7c,0xc2,0xc5,0x2b,0x70,0xab,0x8c,0xa4,0x54,0x9b,0x69,0xc7,0x44,0xb2,0x2e,0x49,0xba,0x56,0x40,0xbc,0xef,0x6d,0x67,0xb6,0xd9,0x48,0x72,0xd7,0x70,0x5b,0xa0,0xc2,0x3e,0x4b,0xe8,0x8a,0xaa,0xe0,0x81,0x17,0xed,0xf4,0x9e,0x69,0x98,0xd1,0x85,0x8e,0x70,0xe4,0x13,0x45,0x79,0x13,0xf4,0x76,0xa9,0xd3,0x5b,0x75,0x63}, + {0x53,0x08,0xd1,0x2a,0x3e,0xa0,0x5f,0xb5,0x69,0x35,0xe6,0x9e,0x90,0x75,0x6f,0x35,0x90,0xb8,0x69,0xbe,0xfd,0xf1,0xf9,0x9f,0x84,0x6f,0xc1,0x8b,0xc4,0xc1,0x8c,0x0d,0xb7,0xac,0xf1,0x97,0x18,0x10,0xc7,0x3d,0xd8,0xbb,0x65,0xc1,0x5e,0x7d,0xda,0x5d,0x0f,0x02,0xa1,0x0f,0x9c,0x5b,0x8e,0x50,0x56,0x2a,0xc5,0x37,0x17,0x75,0x63,0x27,0xa9,0x19,0xb4,0x6e,0xd3,0x02,0x94,0x02,0xa5,0x60,0xb4,0x77,0x7e,0x4e,0xb4,0xf0,0x56,0x49,0x3c,0xd4,0x30,0x62,0xa8,0xcf,0xe7,0x66,0xd1,0x7a,0x8a,0xdd,0xc2,0x70}, + {0x0e,0xec,0x6f,0x9f,0x50,0x94,0x61,0x65,0x8d,0x51,0xc6,0x46,0xa9,0x7e,0x2e,0xee,0x5c,0x9b,0xe0,0x67,0xf3,0xc1,0x33,0x97,0x95,0x84,0x94,0x63,0x63,0xac,0x0f,0x2e,0x13,0x7e,0xed,0xb8,0x7d,0x96,0xd4,0x91,0x7a,0x81,0x76,0xd7,0x0a,0x2f,0x25,0x74,0x64,0x25,0x85,0x0d,0xe0,0x82,0x09,0xe4,0xe5,0x3c,0xa5,0x16,0x38,0x61,0xb8,0x32,0x64,0xcd,0x48,0xe4,0xbe,0xf7,0xe7,0x79,0xd0,0x86,0x78,0x08,0x67,0x3a,0xc8,0x6a,0x2e,0xdb,0xe4,0xa0,0xd9,0xd4,0x9f,0xf8,0x41,0x4f,0x5a,0x73,0x5c,0x21,0x79,0x41}, + {0x2a,0xed,0xdc,0xd7,0xe7,0x94,0x70,0x8c,0x70,0x9c,0xd3,0x47,0xc3,0x8a,0xfb,0x97,0x02,0xd9,0x06,0xa9,0x33,0xe0,0x3b,0xe1,0x76,0x9d,0xd9,0x0c,0xa3,0x44,0x03,0x70,0x34,0xcd,0x6b,0x28,0xb9,0x33,0xae,0xe4,0xdc,0xd6,0x9d,0x55,0xb6,0x7e,0xef,0xb7,0x1f,0x8e,0xd3,0xb3,0x1f,0x14,0x8b,0x27,0x86,0xc2,0x41,0x22,0x66,0x85,0xfa,0x31,0xf4,0x22,0x36,0x2e,0x42,0x6c,0x82,0xaf,0x2d,0x50,0x33,0x98,0x87,0x29,0x20,0xc1,0x23,0x91,0x38,0x2b,0xe1,0xb7,0xc1,0x9b,0x89,0x24,0x95,0xa9,0x12,0x23,0xbb,0x24}, + {0xc3,0x67,0xde,0x32,0x17,0xed,0xa8,0xb1,0x48,0x49,0x1b,0x46,0x18,0x94,0xb4,0x3c,0xd2,0xbc,0xcf,0x76,0x43,0x43,0xbd,0x8e,0x08,0x80,0x18,0x1e,0x87,0x3e,0xee,0x0f,0x6b,0x5c,0xf8,0xf5,0x2a,0x0c,0xf8,0x41,0x94,0x67,0xfa,0x04,0xc3,0x84,0x72,0x68,0xad,0x1b,0xba,0xa3,0x99,0xdf,0x45,0x89,0x16,0x5d,0xeb,0xff,0xf9,0x2a,0x1d,0x0d,0xdf,0x1e,0x62,0x32,0xa1,0x8a,0xda,0xa9,0x79,0x65,0x22,0x59,0xa1,0x22,0xb8,0x30,0x93,0xc1,0x9a,0xa7,0x7b,0x19,0x04,0x40,0x76,0x1d,0x53,0x18,0x97,0xd7,0xac,0x16}, + {0x3d,0x1d,0x9b,0x2d,0xaf,0x72,0xdf,0x72,0x5a,0x24,0x32,0xa4,0x36,0x2a,0x46,0x63,0x37,0x96,0xb3,0x16,0x79,0xa0,0xce,0x3e,0x09,0x23,0x30,0xb9,0xf6,0x0e,0x3e,0x12,0xad,0xb6,0x87,0x78,0xc5,0xc6,0x59,0xc9,0xba,0xfe,0x90,0x5f,0xad,0x9e,0xe1,0x94,0x04,0xf5,0x42,0xa3,0x62,0x4e,0xe2,0x16,0x00,0x17,0x16,0x18,0x4b,0xd3,0x4e,0x16,0x9a,0xe6,0x2f,0x19,0x4c,0xd9,0x7e,0x48,0x13,0x15,0x91,0x3a,0xea,0x2c,0xae,0x61,0x27,0xde,0xa4,0xb9,0xd3,0xf6,0x7b,0x87,0xeb,0xf3,0x73,0x10,0xc6,0x0f,0xda,0x78}, + {0x6a,0xc6,0x2b,0xe5,0x28,0x5d,0xf1,0x5b,0x8e,0x1a,0xf0,0x70,0x18,0xe3,0x47,0x2c,0xdd,0x8b,0xc2,0x06,0xbc,0xaf,0x19,0x24,0x3a,0x17,0x6b,0x25,0xeb,0xde,0x25,0x2d,0x94,0x3a,0x0c,0x68,0xf1,0x80,0x9f,0xa2,0xe6,0xe7,0xe9,0x1a,0x15,0x7e,0xf7,0x71,0x73,0x79,0x01,0x48,0x58,0xf1,0x00,0x11,0xdd,0x8d,0xb3,0x16,0xb3,0xa4,0x4a,0x05,0xb8,0x7c,0x26,0x19,0x8d,0x46,0xc8,0xdf,0xaf,0x4d,0xe5,0x66,0x9c,0x78,0x28,0x0b,0x17,0xec,0x6e,0x66,0x2a,0x1d,0xeb,0x2a,0x60,0xa7,0x7d,0xab,0xa6,0x10,0x46,0x13}, + {0xfe,0xb0,0xf6,0x8d,0xc7,0x8e,0x13,0x51,0x1b,0xf5,0x75,0xe5,0x89,0xda,0x97,0x53,0xb9,0xf1,0x7a,0x71,0x1d,0x7a,0x20,0x09,0x50,0xd6,0x20,0x2b,0xba,0xfd,0x02,0x21,0x15,0xf5,0xd1,0x77,0xe7,0x65,0x2a,0xcd,0xf1,0x60,0xaa,0x8f,0x87,0x91,0x89,0x54,0xe5,0x06,0xbc,0xda,0xbc,0x3b,0xb7,0xb1,0xfb,0xc9,0x7c,0xa9,0xcb,0x78,0x48,0x65,0xa1,0xe6,0x5c,0x05,0x05,0xe4,0x9e,0x96,0x29,0xad,0x51,0x12,0x68,0xa7,0xbc,0x36,0x15,0xa4,0x7d,0xaa,0x17,0xf5,0x1a,0x3a,0xba,0xb2,0xec,0x29,0xdb,0x25,0xd7,0x0a}, + {0x57,0x24,0x4e,0x83,0xb1,0x67,0x42,0xdc,0xc5,0x1b,0xce,0x70,0xb5,0x44,0x75,0xb6,0xd7,0x5e,0xd1,0xf7,0x0b,0x7a,0xf0,0x1a,0x50,0x36,0xa0,0x71,0xfb,0xcf,0xef,0x4a,0x85,0x6f,0x05,0x9b,0x0c,0xbc,0xc7,0xfe,0xd7,0xff,0xf5,0xe7,0x68,0x52,0x7d,0x53,0xfa,0xae,0x12,0x43,0x62,0xc6,0xaf,0x77,0xd9,0x9f,0x39,0x02,0x53,0x5f,0x67,0x4f,0x1e,0x17,0x15,0x04,0x36,0x36,0x2d,0xc3,0x3b,0x48,0x98,0x89,0x11,0xef,0x2b,0xcd,0x10,0x51,0x94,0xd0,0xad,0x6e,0x0a,0x87,0x61,0x65,0xa8,0xa2,0x72,0xbb,0xcc,0x0b}, + {0xc8,0xa9,0xb1,0xea,0x2f,0x96,0x5e,0x18,0xcd,0x7d,0x14,0x65,0x35,0xe6,0xe7,0x86,0xf2,0x6d,0x5b,0xbb,0x31,0xe0,0x92,0xb0,0x3e,0xb7,0xd6,0x59,0xab,0xf0,0x24,0x40,0x96,0x12,0xfe,0x50,0x4c,0x5e,0x6d,0x18,0x7e,0x9f,0xe8,0xfe,0x82,0x7b,0x39,0xe0,0xb0,0x31,0x70,0x50,0xc5,0xf6,0xc7,0x3b,0xc2,0x37,0x8f,0x10,0x69,0xfd,0x78,0x66,0xc2,0x63,0x68,0x63,0x31,0xfa,0x86,0x15,0xf2,0x33,0x2d,0x57,0x48,0x8c,0xf6,0x07,0xfc,0xae,0x9e,0x78,0x9f,0xcc,0x73,0x4f,0x01,0x47,0xad,0x8e,0x10,0xe2,0x42,0x2d}, + {0x9b,0xd2,0xdf,0x94,0x15,0x13,0xf5,0x97,0x6a,0x4c,0x3f,0x31,0x5d,0x98,0x55,0x61,0x10,0x50,0x45,0x08,0x07,0x3f,0xa1,0xeb,0x22,0xd3,0xd2,0xb8,0x08,0x26,0x6b,0x67,0x93,0x75,0x53,0x0f,0x0d,0x7b,0x71,0x21,0x4c,0x06,0x1e,0x13,0x0b,0x69,0x4e,0x91,0x9f,0xe0,0x2a,0x75,0xae,0x87,0xb6,0x1b,0x6e,0x3c,0x42,0x9b,0xa7,0xf3,0x0b,0x42,0x47,0x2b,0x5b,0x1c,0x65,0xba,0x38,0x81,0x80,0x1b,0x1b,0x31,0xec,0xb6,0x71,0x86,0xb0,0x35,0x31,0xbc,0xb1,0x0c,0xff,0x7b,0xe0,0xf1,0x0c,0x9c,0xfa,0x2f,0x5d,0x74}, + {0xbd,0xc8,0xc9,0x2b,0x1e,0x5a,0x52,0xbf,0x81,0x9d,0x47,0x26,0x08,0x26,0x5b,0xea,0xdb,0x55,0x01,0xdf,0x0e,0xc7,0x11,0xd5,0xd0,0xf5,0x0c,0x96,0xeb,0x3c,0xe2,0x1a,0x6a,0x4e,0xd3,0x21,0x57,0xdf,0x36,0x60,0xd0,0xb3,0x7b,0x99,0x27,0x88,0xdb,0xb1,0xfa,0x6a,0x75,0xc8,0xc3,0x09,0xc2,0xd3,0x39,0xc8,0x1d,0x4c,0xe5,0x5b,0xe1,0x06,0x4a,0x99,0x32,0x19,0x87,0x5d,0x72,0x5b,0xb0,0xda,0xb1,0xce,0xb5,0x1c,0x35,0x32,0x05,0xca,0xb7,0xda,0x49,0x15,0xc4,0x7d,0xf7,0xc1,0x8e,0x27,0x61,0xd8,0xde,0x58}, + {0x5c,0xc5,0x66,0xf2,0x93,0x37,0x17,0xd8,0x49,0x4e,0x45,0xcc,0xc5,0x76,0xc9,0xc8,0xa8,0xc3,0x26,0xbc,0xf8,0x82,0xe3,0x5c,0xf9,0xf6,0x85,0x54,0xe8,0x9d,0xf3,0x2f,0xa8,0xc9,0xc2,0xb6,0xa8,0x5b,0xfb,0x2d,0x8c,0x59,0x2c,0xf5,0x8e,0xef,0xee,0x48,0x73,0x15,0x2d,0xf1,0x07,0x91,0x80,0x33,0xd8,0x5b,0x1d,0x53,0x6b,0x69,0xba,0x08,0x7a,0xc5,0xef,0xc3,0xee,0x3e,0xed,0x77,0x11,0x48,0xff,0xd4,0x17,0x55,0xe0,0x04,0xcb,0x71,0xa6,0xf1,0x3f,0x7a,0x3d,0xea,0x54,0xfe,0x7c,0x94,0xb4,0x33,0x06,0x12}, + {0x42,0x00,0x61,0x91,0x78,0x98,0x94,0x0b,0xe8,0xfa,0xeb,0xec,0x3c,0xb1,0xe7,0x4e,0xc0,0xa4,0xf0,0x94,0x95,0x73,0xbe,0x70,0x85,0x91,0xd5,0xb4,0x99,0x0a,0xd3,0x35,0x0a,0x10,0x12,0x49,0x47,0x31,0xbd,0x82,0x06,0xbe,0x6f,0x7e,0x6d,0x7b,0x23,0xde,0xc6,0x79,0xea,0x11,0x19,0x76,0x1e,0xe1,0xde,0x3b,0x39,0xcb,0xe3,0x3b,0x43,0x07,0xf4,0x97,0xe9,0x5c,0xc0,0x44,0x79,0xff,0xa3,0x51,0x5c,0xb0,0xe4,0x3d,0x5d,0x57,0x7c,0x84,0x76,0x5a,0xfd,0x81,0x33,0x58,0x9f,0xda,0xf6,0x7a,0xde,0x3e,0x87,0x2d}, + {0x09,0x34,0x37,0x43,0x64,0x31,0x7a,0x15,0xd9,0x81,0xaa,0xf4,0xee,0xb7,0xb8,0xfa,0x06,0x48,0xa6,0xf5,0xe6,0xfe,0x93,0xb0,0xb6,0xa7,0x7f,0x70,0x54,0x36,0x77,0x2e,0x81,0xf9,0x5d,0x4e,0xe1,0x02,0x62,0xaa,0xf5,0xe1,0x15,0x50,0x17,0x59,0x0d,0xa2,0x6c,0x1d,0xe2,0xba,0xd3,0x75,0xa2,0x18,0x53,0x02,0x60,0x01,0x8a,0x61,0x43,0x05,0xc1,0x23,0x4c,0x97,0xf4,0xbd,0xea,0x0d,0x93,0x46,0xce,0x9d,0x25,0x0a,0x6f,0xaa,0x2c,0xba,0x9a,0xa2,0xb8,0x2c,0x20,0x04,0x0d,0x96,0x07,0x2d,0x36,0x43,0x14,0x4b}, + {0x7a,0x1f,0x6e,0xb6,0xc7,0xb7,0xc4,0xcc,0x7e,0x2f,0x0c,0xf5,0x25,0x7e,0x15,0x44,0x1c,0xaf,0x3e,0x71,0xfc,0x6d,0xf0,0x3e,0xf7,0x63,0xda,0x52,0x67,0x44,0x2f,0x58,0xcb,0x9c,0x52,0x1c,0xe9,0x54,0x7c,0x96,0xfb,0x35,0xc6,0x64,0x92,0x26,0xf6,0x30,0x65,0x19,0x12,0x78,0xf4,0xaf,0x47,0x27,0x5c,0x6f,0xf6,0xea,0x18,0x84,0x03,0x17,0xe4,0x4c,0x32,0x20,0xd3,0x7b,0x31,0xc6,0xc4,0x8b,0x48,0xa4,0xe8,0x42,0x10,0xa8,0x64,0x13,0x5a,0x4e,0x8b,0xf1,0x1e,0xb2,0xc9,0x8d,0xa2,0xcd,0x4b,0x1c,0x2a,0x0c}, + {0x47,0x04,0x1f,0x6f,0xd0,0xc7,0x4d,0xd2,0x59,0xc0,0x87,0xdb,0x3e,0x9e,0x26,0xb2,0x8f,0xd2,0xb2,0xfb,0x72,0x02,0x5b,0xd1,0x77,0x48,0xf6,0xc6,0xd1,0x8b,0x55,0x7c,0x45,0x69,0xbd,0x69,0x48,0x81,0xc4,0xed,0x22,0x8d,0x1c,0xbe,0x7d,0x90,0x6d,0x0d,0xab,0xc5,0x5c,0xd5,0x12,0xd2,0x3b,0xc6,0x83,0xdc,0x14,0xa3,0x30,0x9b,0x6a,0x5a,0x3d,0x46,0x96,0xd3,0x24,0x15,0xec,0xd0,0xf0,0x24,0x5a,0xc3,0x8a,0x62,0xbb,0x12,0xa4,0x5f,0xbc,0x1c,0x79,0x3a,0x0c,0xa5,0xc3,0xaf,0xfb,0x0a,0xca,0xa5,0x04,0x04}, + {0xd6,0x43,0xa7,0x0a,0x07,0x40,0x1f,0x8c,0xe8,0x5e,0x26,0x5b,0xcb,0xd0,0xba,0xcc,0xde,0xd2,0x8f,0x66,0x6b,0x04,0x4b,0x57,0x33,0x96,0xdd,0xca,0xfd,0x5b,0x39,0x46,0xd1,0x6f,0x41,0x2a,0x1b,0x9e,0xbc,0x62,0x8b,0x59,0x50,0xe3,0x28,0xf7,0xc6,0xb5,0x67,0x69,0x5d,0x3d,0xd8,0x3f,0x34,0x04,0x98,0xee,0xf8,0xe7,0x16,0x75,0x52,0x39,0x9c,0x9a,0x5d,0x1a,0x2d,0xdb,0x7f,0x11,0x2a,0x5c,0x00,0xd1,0xbc,0x45,0x77,0x9c,0xea,0x6f,0xd5,0x54,0xf1,0xbe,0xd4,0xef,0x16,0xd0,0x22,0xe8,0x29,0x9a,0x57,0x76}, + {0x17,0x2a,0xc0,0x49,0x7e,0x8e,0xb6,0x45,0x7f,0xa3,0xa9,0xbc,0xa2,0x51,0xcd,0x23,0x1b,0x4c,0x22,0xec,0x11,0x5f,0xd6,0x3e,0xb1,0xbd,0x05,0x9e,0xdc,0x84,0xa3,0x43,0xf2,0x34,0xb4,0x52,0x13,0xb5,0x3c,0x33,0xe1,0x80,0xde,0x93,0x49,0x28,0x32,0xd8,0xce,0x35,0x0d,0x75,0x87,0x28,0x51,0xb5,0xc1,0x77,0x27,0x2a,0xbb,0x14,0xc5,0x02,0x45,0xb6,0xf1,0x8b,0xda,0xd5,0x4b,0x68,0x53,0x4b,0xb5,0xf6,0x7e,0xd3,0x8b,0xfb,0x53,0xd2,0xb0,0xa9,0xd7,0x16,0x39,0x31,0x59,0x80,0x54,0x61,0x09,0x92,0x60,0x11}, + {0xaa,0xcf,0xda,0x29,0x69,0x16,0x4d,0xb4,0x8f,0x59,0x13,0x84,0x4c,0x9f,0x52,0xda,0x59,0x55,0x3d,0x45,0xca,0x63,0xef,0xe9,0x0b,0x8e,0x69,0xc5,0x5b,0x12,0x1e,0x35,0xcd,0x4d,0x9b,0x36,0x16,0x56,0x38,0x7a,0x63,0x35,0x5c,0x65,0xa7,0x2c,0xc0,0x75,0x21,0x80,0xf1,0xd4,0xf9,0x1b,0xc2,0x7d,0x42,0xe0,0xe6,0x91,0x74,0x7d,0x63,0x2f,0xbe,0x7b,0xf6,0x1a,0x46,0x9b,0xb4,0xd4,0x61,0x89,0xab,0xc8,0x7a,0x03,0x03,0xd6,0xfb,0x99,0xa6,0xf9,0x9f,0xe1,0xde,0x71,0x9a,0x2a,0xce,0xe7,0x06,0x2d,0x18,0x7f}, + {0xec,0x68,0x01,0xab,0x64,0x8e,0x7c,0x7a,0x43,0xc5,0xed,0x15,0x55,0x4a,0x5a,0xcb,0xda,0x0e,0xcd,0x47,0xd3,0x19,0x55,0x09,0xb0,0x93,0x3e,0x34,0x8c,0xac,0xd4,0x67,0x22,0x75,0x21,0x8e,0x72,0x4b,0x45,0x09,0xd8,0xb8,0x84,0xd4,0xf4,0xe8,0x58,0xaa,0x3c,0x90,0x46,0x7f,0x4d,0x25,0x58,0xd3,0x17,0x52,0x1c,0x24,0x43,0xc0,0xac,0x44,0x77,0x57,0x7a,0x4f,0xbb,0x6b,0x7d,0x1c,0xe1,0x13,0x83,0x91,0xd4,0xfe,0x35,0x8b,0x84,0x46,0x6b,0xc9,0xc6,0xa1,0xdc,0x4a,0xbd,0x71,0xad,0x12,0x83,0x1c,0x6d,0x55}, + {0x82,0x39,0x8d,0x0c,0xe3,0x40,0xef,0x17,0x34,0xfa,0xa3,0x15,0x3e,0x07,0xf7,0x31,0x6e,0x64,0x73,0x07,0xcb,0xf3,0x21,0x4f,0xff,0x4e,0x82,0x1d,0x6d,0x6c,0x6c,0x74,0x21,0xe8,0x1b,0xb1,0x56,0x67,0xf0,0x81,0xdd,0xf3,0xa3,0x10,0x23,0xf8,0xaf,0x0f,0x5d,0x46,0x99,0x6a,0x55,0xd0,0xb2,0xf8,0x05,0x7f,0x8c,0xcc,0x38,0xbe,0x7a,0x09,0xa4,0x2d,0xa5,0x7e,0x87,0xc9,0x49,0x0c,0x43,0x1d,0xdc,0x9b,0x55,0x69,0x43,0x4c,0xd2,0xeb,0xcc,0xf7,0x09,0x38,0x2c,0x02,0xbd,0x84,0xee,0x4b,0xa3,0x14,0x7e,0x57}, + {0x0a,0x3b,0xa7,0x61,0xac,0x68,0xe2,0xf0,0xf5,0xa5,0x91,0x37,0x10,0xfa,0xfa,0xf2,0xe9,0x00,0x6d,0x6b,0x82,0x3e,0xe1,0xc1,0x42,0x8f,0xd7,0x6f,0xe9,0x7e,0xfa,0x60,0x2b,0xd7,0x4d,0xbd,0xbe,0xce,0xfe,0x94,0x11,0x22,0x0f,0x06,0xda,0x4f,0x6a,0xf4,0xff,0xd1,0xc8,0xc0,0x77,0x59,0x4a,0x12,0x95,0x92,0x00,0xfb,0xb8,0x04,0x53,0x70,0xc6,0x6e,0x29,0x4d,0x35,0x1d,0x3d,0xb6,0xd8,0x31,0xad,0x5f,0x3e,0x05,0xc3,0xf3,0xec,0x42,0xbd,0xb4,0x8c,0x95,0x0b,0x67,0xfd,0x53,0x63,0xa1,0x0c,0x8e,0x39,0x21}, + {0xf3,0x33,0x2b,0x38,0x8a,0x05,0xf5,0x89,0xb4,0xc0,0x48,0xad,0x0b,0xba,0xe2,0x5a,0x6e,0xb3,0x3d,0xa5,0x03,0xb5,0x93,0x8f,0xe6,0x32,0xa2,0x95,0x9d,0xed,0xa3,0x5a,0x01,0x56,0xb7,0xb4,0xf9,0xaa,0x98,0x27,0x72,0xad,0x8d,0x5c,0x13,0x72,0xac,0x5e,0x23,0xa0,0xb7,0x61,0x61,0xaa,0xce,0xd2,0x4e,0x7d,0x8f,0xe9,0x84,0xb2,0xbf,0x1b,0x61,0x65,0xd9,0xc7,0xe9,0x77,0x67,0x65,0x36,0x80,0xc7,0x72,0x54,0x12,0x2b,0xcb,0xee,0x6e,0x50,0xd9,0x99,0x32,0x05,0x65,0xcc,0x57,0x89,0x5e,0x4e,0xe1,0x07,0x4a}, + {0x99,0xf9,0x0d,0x98,0xcb,0x12,0xe4,0x4e,0x71,0xc7,0x6e,0x3c,0x6f,0xd7,0x15,0xa3,0xfd,0x77,0x5c,0x92,0xde,0xed,0xa5,0xbb,0x02,0x34,0x31,0x1d,0x39,0xac,0x0b,0x3f,0x9b,0xa4,0x77,0xc4,0xcd,0x58,0x0b,0x24,0x17,0xf0,0x47,0x64,0xde,0xda,0x38,0xfd,0xad,0x6a,0xc8,0xa7,0x32,0x8d,0x92,0x19,0x81,0xa0,0xaf,0x84,0xed,0x7a,0xaf,0x50,0xe5,0x5b,0xf6,0x15,0x01,0xde,0x4f,0x6e,0xb2,0x09,0x61,0x21,0x21,0x26,0x98,0x29,0xd9,0xd6,0xad,0x0b,0x81,0x05,0x02,0x78,0x06,0xd0,0xeb,0xba,0x16,0xa3,0x21,0x19}, + {0xfc,0x70,0xb8,0xdf,0x7e,0x2f,0x42,0x89,0xbd,0xb3,0x76,0x4f,0xeb,0x6b,0x29,0x2c,0xf7,0x4d,0xc2,0x36,0xd4,0xf1,0x38,0x07,0xb0,0xae,0x73,0xe2,0x41,0xdf,0x58,0x64,0x8b,0xc1,0xf3,0xd9,0x9a,0xad,0x5a,0xd7,0x9c,0xc1,0xb1,0x60,0xef,0x0e,0x6a,0x56,0xd9,0x0e,0x5c,0x25,0xac,0x0b,0x9a,0x3e,0xf5,0xc7,0x62,0xa0,0xec,0x9d,0x04,0x7b,0x83,0x44,0x44,0x35,0x7a,0xe3,0xcb,0xdc,0x93,0xbe,0xed,0x0f,0x33,0x79,0x88,0x75,0x87,0xdd,0xc5,0x12,0xc3,0x04,0x60,0x78,0x64,0x0e,0x95,0xc2,0xcb,0xdc,0x93,0x60}, + {0x6d,0x70,0xe0,0x85,0x85,0x9a,0xf3,0x1f,0x33,0x39,0xe7,0xb3,0xd8,0xa5,0xd0,0x36,0x3b,0x45,0x8f,0x71,0xe1,0xf2,0xb9,0x43,0x7c,0xa9,0x27,0x48,0x08,0xea,0xd1,0x57,0x4b,0x03,0x84,0x60,0xbe,0xee,0xde,0x6b,0x54,0xb8,0x0f,0x78,0xb6,0xc2,0x99,0x31,0x95,0x06,0x2d,0xb6,0xab,0x76,0x33,0x97,0x90,0x7d,0x64,0x8b,0xc9,0x80,0x31,0x6e,0x71,0xb0,0x28,0xa1,0xe7,0xb6,0x7a,0xee,0xaa,0x8b,0xa8,0x93,0x6d,0x59,0xc1,0xa4,0x30,0x61,0x21,0xb2,0x82,0xde,0xb4,0xf7,0x18,0xbd,0x97,0xdd,0x9d,0x99,0x3e,0x36}, + {0xc4,0x1f,0xee,0x35,0xc1,0x43,0xa8,0x96,0xcf,0xc8,0xe4,0x08,0x55,0xb3,0x6e,0x97,0x30,0xd3,0x8c,0xb5,0x01,0x68,0x2f,0xb4,0x2b,0x05,0x3a,0x69,0x78,0x9b,0xee,0x48,0xc6,0xae,0x4b,0xe2,0xdc,0x48,0x18,0x2f,0x60,0xaf,0xbc,0xba,0x55,0x72,0x9b,0x76,0x31,0xe9,0xef,0x3c,0x6e,0x3c,0xcb,0x90,0x55,0xb3,0xf9,0xc6,0x9b,0x97,0x1f,0x23,0xc6,0xf3,0x2a,0xcc,0x4b,0xde,0x31,0x5c,0x1f,0x8d,0x20,0xfe,0x30,0xb0,0x4b,0xb0,0x66,0xb4,0x4f,0xc1,0x09,0x70,0x8d,0xb7,0x13,0x24,0x79,0x08,0x9b,0xfa,0x9b,0x07}, + {0xf4,0x0d,0x30,0xda,0x51,0x3a,0x90,0xe3,0xb0,0x5a,0xa9,0x3d,0x23,0x64,0x39,0x84,0x80,0x64,0x35,0x0b,0x2d,0xf1,0x3c,0xed,0x94,0x71,0x81,0x84,0xf6,0x77,0x8c,0x03,0x45,0x42,0xd5,0xa2,0x80,0xed,0xc9,0xf3,0x52,0x39,0xf6,0x77,0x78,0x8b,0xa0,0x0a,0x75,0x54,0x08,0xd1,0x63,0xac,0x6d,0xd7,0x6b,0x63,0x70,0x94,0x15,0xfb,0xf4,0x1e,0xec,0x7b,0x16,0x5b,0xe6,0x5e,0x4e,0x85,0xc2,0xcd,0xd0,0x96,0x42,0x0a,0x59,0x59,0x99,0x21,0x10,0x98,0x34,0xdf,0xb2,0x72,0x56,0xff,0x0b,0x4a,0x2a,0xe9,0x5e,0x57}, + {0xcf,0x2f,0x18,0x8a,0x90,0x80,0xc0,0xd4,0xbd,0x9d,0x48,0x99,0xc2,0x70,0xe1,0x30,0xde,0x33,0xf7,0x52,0x57,0xbd,0xba,0x05,0x00,0xfd,0xd3,0x2c,0x11,0xe7,0xd4,0x43,0x01,0xd8,0xa4,0x0a,0x45,0xbc,0x46,0x5d,0xd8,0xb9,0x33,0xa5,0x27,0x12,0xaf,0xc3,0xc2,0x06,0x89,0x2b,0x26,0x3b,0x9e,0x38,0x1b,0x58,0x2f,0x38,0x7e,0x1e,0x0a,0x20,0xc5,0x3a,0xf9,0xea,0x67,0xb9,0x8d,0x51,0xc0,0x52,0x66,0x05,0x9b,0x98,0xbc,0x71,0xf5,0x97,0x71,0x56,0xd9,0x85,0x2b,0xfe,0x38,0x4e,0x1e,0x65,0x52,0xca,0x0e,0x05}, + {0x9c,0x0c,0x3f,0x45,0xde,0x1a,0x43,0xc3,0x9b,0x3b,0x70,0xff,0x5e,0x04,0xf5,0xe9,0x3d,0x7b,0x84,0xed,0xc9,0x7a,0xd9,0xfc,0xc6,0xf4,0x58,0x1c,0xc2,0xe6,0x0e,0x4b,0xea,0x68,0xe6,0x60,0x76,0x39,0xac,0x97,0x97,0xb4,0x3a,0x15,0xfe,0xbb,0x19,0x9b,0x9f,0xa7,0xec,0x34,0xb5,0x79,0xb1,0x4c,0x57,0xae,0x31,0xa1,0x9f,0xc0,0x51,0x61,0x96,0x5d,0xf0,0xfd,0x0d,0x5c,0xf5,0x3a,0x7a,0xee,0xb4,0x2a,0xe0,0x2e,0x26,0xdd,0x09,0x17,0x17,0x12,0x87,0xbb,0xb2,0x11,0x0b,0x03,0x0f,0x80,0xfa,0x24,0xef,0x1f}, + {0x96,0x31,0xa7,0x1a,0xfb,0x53,0xd6,0x37,0x18,0x64,0xd7,0x3f,0x30,0x95,0x94,0x0f,0xb2,0x17,0x3a,0xfb,0x09,0x0b,0x20,0xad,0x3e,0x61,0xc8,0x2f,0x29,0x49,0x4d,0x54,0x86,0x6b,0x97,0x30,0xf5,0xaf,0xd2,0x22,0x04,0x46,0xd2,0xc2,0x06,0xb8,0x90,0x8d,0xe5,0xba,0xe5,0x4d,0x6c,0x89,0xa1,0xdc,0x17,0x0c,0x34,0xc8,0xe6,0x5f,0x00,0x28,0x88,0x86,0x52,0x34,0x9f,0xba,0xef,0x6a,0xa1,0x7d,0x10,0x25,0x94,0xff,0x1b,0x5c,0x36,0x4b,0xd9,0x66,0xcd,0xbb,0x5b,0xf7,0xfa,0x6d,0x31,0x0f,0x93,0x72,0xe4,0x72}, + {0x4f,0x08,0x81,0x97,0x8c,0x20,0x95,0x26,0xe1,0x0e,0x45,0x23,0x0b,0x2a,0x50,0xb1,0x02,0xde,0xef,0x03,0xa6,0xae,0x9d,0xfd,0x4c,0xa3,0x33,0x27,0x8c,0x2e,0x9d,0x5a,0x27,0x76,0x2a,0xd3,0x35,0xf6,0xf3,0x07,0xf0,0x66,0x65,0x5f,0x86,0x4d,0xaa,0x7a,0x50,0x44,0xd0,0x28,0x97,0xe7,0x85,0x3c,0x38,0x64,0xe0,0x0f,0x00,0x7f,0xee,0x1f,0xe5,0xf7,0xdb,0x03,0xda,0x05,0x53,0x76,0xbd,0xcd,0x34,0x14,0x49,0xf2,0xda,0xa4,0xec,0x88,0x4a,0xd2,0xcd,0xd5,0x4a,0x7b,0x43,0x05,0x04,0xee,0x51,0x40,0xf9,0x00}, + {0xb2,0x30,0xd3,0xc3,0x23,0x6b,0x35,0x8d,0x06,0x1b,0x47,0xb0,0x9b,0x8b,0x1c,0xf2,0x3c,0xb8,0x42,0x6e,0x6c,0x31,0x6c,0xb3,0x0d,0xb1,0xea,0x8b,0x7e,0x9c,0xd7,0x07,0x53,0x97,0xaf,0x07,0xbb,0x93,0xef,0xd7,0xa7,0x66,0xb7,0x3d,0xcf,0xd0,0x3e,0x58,0xc5,0x1e,0x0b,0x6e,0xbf,0x98,0x69,0xce,0x52,0x04,0xd4,0x5d,0xd2,0xff,0xb7,0x47,0x12,0xdd,0x08,0xbc,0x9c,0xfb,0xfb,0x87,0x9b,0xc2,0xee,0xe1,0x3a,0x6b,0x06,0x8a,0xbf,0xc1,0x1f,0xdb,0x2b,0x24,0x57,0x0d,0xb6,0x4b,0xa6,0x5e,0xa3,0x20,0x35,0x1c}, + {0x4a,0xa3,0xcb,0xbc,0xa6,0x53,0xd2,0x80,0x9b,0x21,0x38,0x38,0xa1,0xc3,0x61,0x3e,0x96,0xe3,0x82,0x98,0x01,0xb6,0xc3,0x90,0x6f,0xe6,0x0e,0x5d,0x77,0x05,0x3d,0x1c,0x59,0xc0,0x6b,0x21,0x40,0x6f,0xa8,0xcd,0x7e,0xd8,0xbc,0x12,0x1d,0x23,0xbb,0x1f,0x90,0x09,0xc7,0x17,0x9e,0x6a,0x95,0xb4,0x55,0x2e,0xd1,0x66,0x3b,0x0c,0x75,0x38,0x1a,0xe5,0x22,0x94,0x40,0xf1,0x2e,0x69,0x71,0xf6,0x5d,0x2b,0x3c,0xc7,0xc0,0xcb,0x29,0xe0,0x4c,0x74,0xe7,0x4f,0x01,0x21,0x7c,0x48,0x30,0xd3,0xc7,0xe2,0x21,0x06}, + {0x8d,0x83,0x59,0x82,0xcc,0x60,0x98,0xaf,0xdc,0x9a,0x9f,0xc6,0xc1,0x48,0xea,0x90,0x30,0x1e,0x58,0x65,0x37,0x48,0x26,0x65,0xbc,0xa5,0xd3,0x7b,0x09,0xd6,0x07,0x00,0xf3,0xf0,0xdb,0xb0,0x96,0x17,0xae,0xb7,0x96,0xe1,0x7c,0xe1,0xb9,0xaf,0xdf,0x54,0xb4,0xa3,0xaa,0xe9,0x71,0x30,0x92,0x25,0x9d,0x2e,0x00,0xa1,0x9c,0x58,0x8e,0x5d,0x4b,0xa9,0x42,0x08,0x95,0x1d,0xbf,0xc0,0x3e,0x2e,0x8f,0x58,0x63,0xc3,0xd3,0xb2,0xef,0xe2,0x51,0xbb,0x38,0x14,0x96,0x0a,0x86,0xbf,0x1c,0x3c,0x78,0xd7,0x83,0x15}, + {0xe1,0x7a,0xa2,0x5d,0xef,0xa2,0xee,0xec,0x74,0x01,0x67,0x55,0x14,0x3a,0x7c,0x59,0x7a,0x16,0x09,0x66,0x12,0x2a,0xa6,0xc9,0x70,0x8f,0xed,0x81,0x2e,0x5f,0x2a,0x25,0xc7,0x28,0x9d,0xcc,0x04,0x47,0x03,0x90,0x8f,0xc5,0x2c,0xf7,0x9e,0x67,0x1b,0x1d,0x26,0x87,0x5b,0xbe,0x5f,0x2b,0xe1,0x16,0x0a,0x58,0xc5,0x83,0x4e,0x06,0x58,0x49,0x0d,0xe8,0x66,0x50,0x26,0x94,0x28,0x0d,0x6b,0x8c,0x7c,0x30,0x85,0xf7,0xc3,0xfc,0xfd,0x12,0x11,0x0c,0x78,0xda,0x53,0x1b,0x88,0xb3,0x43,0xd8,0x0b,0x17,0x9c,0x07}, + {0xff,0x6f,0xfa,0x64,0xe4,0xec,0x06,0x05,0x23,0xe5,0x05,0x62,0x1e,0x43,0xe3,0xbe,0x42,0xea,0xb8,0x51,0x24,0x42,0x79,0x35,0x00,0xfb,0xc9,0x4a,0xe3,0x05,0xec,0x6d,0x56,0xd0,0xd5,0xc0,0x50,0xcd,0xd6,0xcd,0x3b,0x57,0x03,0xbb,0x6d,0x68,0xf7,0x9a,0x48,0xef,0xc3,0xf3,0x3f,0x72,0xa6,0x3c,0xcc,0x8a,0x7b,0x31,0xd7,0xc0,0x68,0x67,0xb3,0xc1,0x55,0xf1,0xe5,0x25,0xb6,0x94,0x91,0x7b,0x7b,0x99,0xa7,0xf3,0x7b,0x41,0x00,0x26,0x6b,0x6d,0xdc,0xbd,0x2c,0xc2,0xf4,0x52,0xcd,0xdd,0x14,0x5e,0x44,0x51}, + {0x51,0x49,0x14,0x3b,0x4b,0x2b,0x50,0x57,0xb3,0xbc,0x4b,0x44,0x6b,0xff,0x67,0x8e,0xdb,0x85,0x63,0x16,0x27,0x69,0xbd,0xb8,0xc8,0x95,0x92,0xe3,0x31,0x6f,0x18,0x13,0x55,0xa4,0xbe,0x2b,0xab,0x47,0x31,0x89,0x29,0x91,0x07,0x92,0x4f,0xa2,0x53,0x8c,0xa7,0xf7,0x30,0xbe,0x48,0xf9,0x49,0x4b,0x3d,0xd4,0x4f,0x6e,0x08,0x90,0xe9,0x12,0x2e,0xbb,0xdf,0x7f,0xb3,0x96,0x0c,0xf1,0xf9,0xea,0x1c,0x12,0x5e,0x93,0x9a,0x9f,0x3f,0x98,0x5b,0x3a,0xc4,0x36,0x11,0xdf,0xaf,0x99,0x3e,0x5d,0xf0,0xe3,0xb2,0x77}, + {0xde,0xc4,0x2e,0x9c,0xc5,0xa9,0x6f,0x29,0xcb,0xf3,0x84,0x4f,0xbf,0x61,0x8b,0xbc,0x08,0xf9,0xa8,0x17,0xd9,0x06,0x77,0x1c,0x5d,0x25,0xd3,0x7a,0xfc,0x95,0xb7,0x63,0xa4,0xb0,0xdd,0x12,0x9c,0x63,0x98,0xd5,0x6b,0x86,0x24,0xc0,0x30,0x9f,0xd1,0xa5,0x60,0xe4,0xfc,0x58,0x03,0x2f,0x7c,0xd1,0x8a,0x5e,0x09,0x2e,0x15,0x95,0xa1,0x07,0xc8,0x5f,0x9e,0x38,0x02,0x8f,0x36,0xa8,0x3b,0xe4,0x8d,0xcf,0x02,0x3b,0x43,0x90,0x43,0x26,0x41,0xc5,0x5d,0xfd,0xa1,0xaf,0x37,0x01,0x2f,0x03,0x3d,0xe8,0x8f,0x3e}, + {0x94,0xa2,0x70,0x05,0xb9,0x15,0x8b,0x2f,0x49,0x45,0x08,0x67,0x70,0x42,0xf2,0x94,0x84,0xfd,0xbb,0x61,0xe1,0x5a,0x1c,0xde,0x07,0x40,0xac,0x7f,0x79,0x3b,0xba,0x75,0x3c,0xd1,0xef,0xe8,0x8d,0x4c,0x70,0x08,0x31,0x37,0xe0,0x33,0x8e,0x1a,0xc5,0xdf,0xe3,0xcd,0x60,0x12,0xa5,0x5d,0x9d,0xa5,0x86,0x8c,0x25,0xa6,0x99,0x08,0xd6,0x22,0x96,0xd1,0xcd,0x70,0xc0,0xdb,0x39,0x62,0x9a,0x8a,0x7d,0x6c,0x8b,0x8a,0xfe,0x60,0x60,0x12,0x40,0xeb,0xbc,0x47,0x88,0xb3,0x5e,0x9e,0x77,0x87,0x7b,0xd0,0x04,0x09}, + {0x9c,0x91,0xba,0xdd,0xd4,0x1f,0xce,0xb4,0xaa,0x8d,0x4c,0xc7,0x3e,0xdb,0x31,0xcf,0x51,0xcc,0x86,0xad,0x63,0xcc,0x63,0x2c,0x07,0xde,0x1d,0xbc,0x3f,0x14,0xe2,0x43,0xb9,0x40,0xf9,0x48,0x66,0x2d,0x32,0xf4,0x39,0x0c,0x2d,0xbd,0x0c,0x2f,0x95,0x06,0x31,0xf9,0x81,0xa0,0xad,0x97,0x76,0x16,0x6c,0x2a,0xf7,0xba,0xce,0xaa,0x40,0x62,0xa0,0x95,0xa2,0x5b,0x9c,0x74,0x34,0xf8,0x5a,0xd2,0x37,0xca,0x5b,0x7c,0x94,0xd6,0x6a,0x31,0xc9,0xe7,0xa7,0x3b,0xf1,0x66,0xac,0x0c,0xb4,0x8d,0x23,0xaf,0xbd,0x56}, + {0xeb,0x33,0x35,0xf5,0xe3,0xb9,0x2a,0x36,0x40,0x3d,0xb9,0x6e,0xd5,0x68,0x85,0x33,0x72,0x55,0x5a,0x1d,0x52,0x14,0x0e,0x9e,0x18,0x13,0x74,0x83,0x6d,0xa8,0x24,0x1d,0xb2,0x3b,0x9d,0xc1,0x6c,0xd3,0x10,0x13,0xb9,0x86,0x23,0x62,0xb7,0x6b,0x2a,0x06,0x5c,0x4f,0xa1,0xd7,0x91,0x85,0x9b,0x7c,0x54,0x57,0x1e,0x7e,0x50,0x31,0xaa,0x03,0x1f,0xce,0xd4,0xff,0x48,0x76,0xec,0xf4,0x1c,0x8c,0xac,0x54,0xf0,0xea,0x45,0xe0,0x7c,0x35,0x09,0x1d,0x82,0x25,0xd2,0x88,0x59,0x48,0xeb,0x9a,0xdc,0x61,0xb2,0x43}, + {0xbb,0x79,0xbb,0x88,0x19,0x1e,0x5b,0xe5,0x9d,0x35,0x7a,0xc1,0x7d,0xd0,0x9e,0xa0,0x33,0xea,0x3d,0x60,0xe2,0x2e,0x2c,0xb0,0xc2,0x6b,0x27,0x5b,0xcf,0x55,0x60,0x32,0x64,0x13,0x95,0x6c,0x8b,0x3d,0x51,0x19,0x7b,0xf4,0x0b,0x00,0x26,0x71,0xfe,0x94,0x67,0x95,0x4f,0xd5,0xdd,0x10,0x8d,0x02,0x64,0x09,0x94,0x42,0xe2,0xd5,0xb4,0x02,0xf2,0x8d,0xd1,0x28,0xcb,0x55,0xa1,0xb4,0x08,0xe5,0x6c,0x18,0x46,0x46,0xcc,0xea,0x89,0x43,0x82,0x6c,0x93,0xf4,0x9c,0xc4,0x10,0x34,0x5d,0xae,0x09,0xc8,0xa6,0x27}, + {0x88,0xb1,0x0d,0x1f,0xcd,0xeb,0xa6,0x8b,0xe8,0x5b,0x5a,0x67,0x3a,0xd7,0xd3,0x37,0x5a,0x58,0xf5,0x15,0xa3,0xdf,0x2e,0xf2,0x7e,0xa1,0x60,0xff,0x74,0x71,0xb6,0x2c,0x54,0x69,0x3d,0xc4,0x0a,0x27,0x2c,0xcd,0xb2,0xca,0x66,0x6a,0x57,0x3e,0x4a,0xdd,0x6c,0x03,0xd7,0x69,0x24,0x59,0xfa,0x79,0x99,0x25,0x8c,0x3d,0x60,0x03,0x15,0x22,0xd0,0xe1,0x0b,0x39,0xf9,0xcd,0xee,0x59,0xf1,0xe3,0x8c,0x72,0x44,0x20,0x42,0xa9,0xf4,0xf0,0x94,0x7a,0x66,0x1c,0x89,0x82,0x36,0xf4,0x90,0x38,0xb7,0xf4,0x1d,0x7b}, + {0x24,0xa2,0xb2,0xb3,0xe0,0xf2,0x92,0xe4,0x60,0x11,0x55,0x2b,0x06,0x9e,0x6c,0x7c,0x0e,0x7b,0x7f,0x0d,0xe2,0x8f,0xeb,0x15,0x92,0x59,0xfc,0x58,0x26,0xef,0xfc,0x61,0x8c,0xf5,0xf8,0x07,0x18,0x22,0x2e,0x5f,0xd4,0x09,0x94,0xd4,0x9f,0x5c,0x55,0xe3,0x30,0xa6,0xb6,0x1f,0x8d,0xa8,0xaa,0xb2,0x3d,0xe0,0x52,0xd3,0x45,0x82,0x69,0x68,0x7a,0x18,0x18,0x2a,0x85,0x5d,0xb1,0xdb,0xd7,0xac,0xdd,0x86,0xd3,0xaa,0xe4,0xf3,0x82,0xc4,0xf6,0x0f,0x81,0xe2,0xba,0x44,0xcf,0x01,0xaf,0x3d,0x47,0x4c,0xcf,0x46}, + {0xf9,0xe5,0xc4,0x9e,0xed,0x25,0x65,0x42,0x03,0x33,0x90,0x16,0x01,0xda,0x5e,0x0e,0xdc,0xca,0xe5,0xcb,0xf2,0xa7,0xb1,0x72,0x40,0x5f,0xeb,0x14,0xcd,0x7b,0x38,0x29,0x40,0x81,0x49,0xf1,0xa7,0x6e,0x3c,0x21,0x54,0x48,0x2b,0x39,0xf8,0x7e,0x1e,0x7c,0xba,0xce,0x29,0x56,0x8c,0xc3,0x88,0x24,0xbb,0xc5,0x8c,0x0d,0xe5,0xaa,0x65,0x10,0x57,0x0d,0x20,0xdf,0x25,0x45,0x2c,0x1c,0x4a,0x67,0xca,0xbf,0xd6,0x2d,0x3b,0x5c,0x30,0x40,0x83,0xe1,0xb1,0xe7,0x07,0x0a,0x16,0xe7,0x1c,0x4f,0xe6,0x98,0xa1,0x69}, + {0xbc,0x78,0x1a,0xd9,0xe0,0xb2,0x62,0x90,0x67,0x96,0x50,0xc8,0x9c,0x88,0xc9,0x47,0xb8,0x70,0x50,0x40,0x66,0x4a,0xf5,0x9d,0xbf,0xa1,0x93,0x24,0xa9,0xe6,0x69,0x73,0xed,0xca,0xc5,0xdc,0x34,0x44,0x01,0xe1,0x33,0xfb,0x84,0x3c,0x96,0x5d,0xed,0x47,0xe7,0xa0,0x86,0xed,0x76,0x95,0x01,0x70,0xe4,0xf9,0x67,0xd2,0x7b,0x69,0xb2,0x25,0x64,0x68,0x98,0x13,0xfb,0x3f,0x67,0x9d,0xb8,0xc7,0x5d,0x41,0xd9,0xfb,0xa5,0x3c,0x5e,0x3b,0x27,0xdf,0x3b,0xcc,0x4e,0xe0,0xd2,0x4c,0x4e,0xb5,0x3d,0x68,0x20,0x14}, + {0x97,0xd1,0x9d,0x24,0x1e,0xbd,0x78,0xb4,0x02,0xc1,0x58,0x5e,0x00,0x35,0x0c,0x62,0x5c,0xac,0xba,0xcc,0x2f,0xd3,0x02,0xfb,0x2d,0xa7,0x08,0xf5,0xeb,0x3b,0xb6,0x60,0xd0,0x5a,0xcc,0xc1,0x6f,0xbb,0xee,0x34,0x8b,0xac,0x46,0x96,0xe9,0x0c,0x1b,0x6a,0x53,0xde,0x6b,0xa6,0x49,0xda,0xb0,0xd3,0xc1,0x81,0xd0,0x61,0x41,0x3b,0xe8,0x31,0x4f,0x2b,0x06,0x9e,0x12,0xc7,0xe8,0x97,0xd8,0x0a,0x32,0x29,0x4f,0x8f,0xe4,0x49,0x3f,0x68,0x18,0x6f,0x4b,0xe1,0xec,0x5b,0x17,0x03,0x55,0x2d,0xb6,0x1e,0xcf,0x55}, + {0x58,0x3d,0xc2,0x65,0x10,0x10,0x79,0x58,0x9c,0x81,0x94,0x50,0x6d,0x08,0x9d,0x8b,0xa7,0x5f,0xc5,0x12,0xa9,0x2f,0x40,0xe2,0xd4,0x91,0x08,0x57,0x64,0x65,0x9a,0x66,0x52,0x8c,0xf5,0x7d,0xe3,0xb5,0x76,0x30,0x36,0xcc,0x99,0xe7,0xdd,0xb9,0x3a,0xd7,0x20,0xee,0x13,0x49,0xe3,0x1c,0x83,0xbd,0x33,0x01,0xba,0x62,0xaa,0xfb,0x56,0x1a,0xec,0xc9,0x9d,0x5c,0x50,0x6b,0x3e,0x94,0x1a,0x37,0x7c,0xa7,0xbb,0x57,0x25,0x30,0x51,0x76,0x34,0x41,0x56,0xae,0x73,0x98,0x5c,0x8a,0xc5,0x99,0x67,0x83,0xc4,0x13}, + {0xb9,0xe1,0xb3,0x5a,0x46,0x5d,0x3a,0x42,0x61,0x3f,0xf1,0xc7,0x87,0xc1,0x13,0xfc,0xb6,0xb9,0xb5,0xec,0x64,0x36,0xf8,0x19,0x07,0xb6,0x37,0xa6,0x93,0x0c,0xf8,0x66,0x80,0xd0,0x8b,0x5d,0x6a,0xfb,0xdc,0xc4,0x42,0x48,0x1a,0x57,0xec,0xc4,0xeb,0xde,0x65,0x53,0xe5,0xb8,0x83,0xe8,0xb2,0xd4,0x27,0xb8,0xe5,0xc8,0x7d,0xc8,0xbd,0x50,0x11,0xe1,0xdf,0x6e,0x83,0x37,0x6d,0x60,0xd9,0xab,0x11,0xf0,0x15,0x3e,0x35,0x32,0x96,0x3b,0xb7,0x25,0xc3,0x3a,0xb0,0x64,0xae,0xd5,0x5f,0x72,0x44,0x64,0xd5,0x1d}, + {0x7d,0x12,0x62,0x33,0xf8,0x7f,0xa4,0x8f,0x15,0x7c,0xcd,0x71,0xc4,0x6a,0x9f,0xbc,0x8b,0x0c,0x22,0x49,0x43,0x45,0x71,0x6e,0x2e,0x73,0x9f,0x21,0x12,0x59,0x64,0x0e,0x9a,0xc8,0xba,0x08,0x00,0xe6,0x97,0xc2,0xe0,0xc3,0xe1,0xea,0x11,0xea,0x4c,0x7d,0x7c,0x97,0xe7,0x9f,0xe1,0x8b,0xe3,0xf3,0xcd,0x05,0xa3,0x63,0x0f,0x45,0x3a,0x3a,0x27,0x46,0x39,0xd8,0x31,0x2f,0x8f,0x07,0x10,0xa5,0x94,0xde,0x83,0x31,0x9d,0x38,0x80,0x6f,0x99,0x17,0x6d,0x6c,0xe3,0xd1,0x7b,0xa8,0xa9,0x93,0x93,0x8d,0x8c,0x31}, + {0x19,0xfe,0xff,0x2a,0x03,0x5d,0x74,0xf2,0x66,0xdb,0x24,0x7f,0x49,0x3c,0x9f,0x0c,0xef,0x98,0x85,0xba,0xe3,0xd3,0x98,0xbc,0x14,0x53,0x1d,0x9a,0x67,0x7c,0x4c,0x22,0x98,0xd3,0x1d,0xab,0x29,0x9e,0x66,0x5d,0x3b,0x9e,0x2d,0x34,0x58,0x16,0x92,0xfc,0xcd,0x73,0x59,0xf3,0xfd,0x1d,0x85,0x55,0xf6,0x0a,0x95,0x25,0xc3,0x41,0x9a,0x50,0xe9,0x25,0xf9,0xa6,0xdc,0x6e,0xc0,0xbd,0x33,0x1f,0x1b,0x64,0xf4,0xf3,0x3e,0x79,0x89,0x3e,0x83,0x9d,0x80,0x12,0xec,0x82,0x89,0x13,0xa1,0x28,0x23,0xf0,0xbf,0x05}, + {0x0b,0xe0,0xca,0x23,0x70,0x13,0x32,0x36,0x59,0xcf,0xac,0xd1,0x0a,0xcf,0x4a,0x54,0x88,0x1c,0x1a,0xd2,0x49,0x10,0x74,0x96,0xa7,0x44,0x2a,0xfa,0xc3,0x8c,0x0b,0x78,0xe4,0x12,0xc5,0x0d,0xdd,0xa0,0x81,0x68,0xfe,0xfa,0xa5,0x44,0xc8,0x0d,0xe7,0x4f,0x40,0x52,0x4a,0x8f,0x6b,0x8e,0x74,0x1f,0xea,0xa3,0x01,0xee,0xcd,0x77,0x62,0x57,0x5f,0x30,0x4f,0x23,0xbc,0x8a,0xf3,0x1e,0x08,0xde,0x05,0x14,0xbd,0x7f,0x57,0x9a,0x0d,0x2a,0xe6,0x34,0x14,0xa5,0x82,0x5e,0xa1,0xb7,0x71,0x62,0x72,0x18,0xf4,0x5f}, + {0x9d,0xdb,0x89,0x17,0x0c,0x08,0x8e,0x39,0xf5,0x78,0xe7,0xf3,0x25,0x20,0x60,0xa7,0x5d,0x03,0xbd,0x06,0x4c,0x89,0x98,0xfa,0xbe,0x66,0xa9,0x25,0xdc,0x03,0x6a,0x10,0x40,0x95,0xb6,0x13,0xe8,0x47,0xdb,0xe5,0xe1,0x10,0x26,0x43,0x3b,0x2a,0x5d,0xf3,0x76,0x12,0x78,0x38,0xe9,0x26,0x1f,0xac,0x69,0xcb,0xa0,0xa0,0x8c,0xdb,0xd4,0x29,0xd0,0x53,0x33,0x33,0xaf,0x0a,0xad,0xd9,0xe5,0x09,0xd3,0xac,0xa5,0x9d,0x66,0x38,0xf0,0xf7,0x88,0xc8,0x8a,0x65,0x57,0x3c,0xfa,0xbe,0x2c,0x05,0x51,0x8a,0xb3,0x4a}, + {0x93,0xd5,0x68,0x67,0x25,0x2b,0x7c,0xda,0x13,0xca,0x22,0x44,0x57,0xc0,0xc1,0x98,0x1d,0xce,0x0a,0xca,0xd5,0x0b,0xa8,0xf1,0x90,0xa6,0x88,0xc0,0xad,0xd1,0xcd,0x29,0x9c,0xc0,0xdd,0x5f,0xef,0xd1,0xcf,0xd6,0xce,0x5d,0x57,0xf7,0xfd,0x3e,0x2b,0xe8,0xc2,0x34,0x16,0x20,0x5d,0x6b,0xd5,0x25,0x9b,0x2b,0xed,0x04,0xbb,0xc6,0x41,0x30,0x48,0xe1,0x56,0xd9,0xf9,0xf2,0xf2,0x0f,0x2e,0x6b,0x35,0x9f,0x75,0x97,0xe7,0xad,0x5c,0x02,0x6c,0x5f,0xbb,0x98,0x46,0x1a,0x7b,0x9a,0x04,0x14,0x68,0xbd,0x4b,0x10}, + {0x67,0xed,0xf1,0x68,0x31,0xfd,0xf0,0x51,0xc2,0x3b,0x6f,0xd8,0xcd,0x1d,0x81,0x2c,0xde,0xf2,0xd2,0x04,0x43,0x5c,0xdc,0x44,0x49,0x71,0x2a,0x09,0x57,0xcc,0xe8,0x5b,0x63,0xf1,0x7f,0xd6,0x5f,0x9a,0x5d,0xa9,0x81,0x56,0xc7,0x4c,0x9d,0xe6,0x2b,0xe9,0x57,0xf2,0x20,0xde,0x4c,0x02,0xf8,0xb7,0xf5,0x2d,0x07,0xfb,0x20,0x2a,0x4f,0x20,0x79,0xb0,0xeb,0x30,0x3d,0x3b,0x14,0xc8,0x30,0x2e,0x65,0xbd,0x5a,0x15,0x89,0x75,0x31,0x5c,0x6d,0x8f,0x31,0x3c,0x3c,0x65,0x1f,0x16,0x79,0xc2,0x17,0xfb,0x70,0x25}, + {0x75,0x15,0xb6,0x2c,0x7f,0x36,0xfa,0x3e,0x6c,0x02,0xd6,0x1c,0x76,0x6f,0xf9,0xf5,0x62,0x25,0xb5,0x65,0x2a,0x14,0xc7,0xe8,0xcd,0x0a,0x03,0x53,0xea,0x65,0xcb,0x3d,0x5a,0x24,0xb8,0x0b,0x55,0xa9,0x2e,0x19,0xd1,0x50,0x90,0x8f,0xa8,0xfb,0xe6,0xc8,0x35,0xc9,0xa4,0x88,0x2d,0xea,0x86,0x79,0x68,0x86,0x01,0xde,0x91,0x5f,0x1c,0x24,0xaa,0x6c,0xde,0x40,0x29,0x17,0xd8,0x28,0x3a,0x73,0xd9,0x22,0xf0,0x2c,0xbf,0x8f,0xd1,0x01,0x5b,0x23,0xdd,0xfc,0xd7,0x16,0xe5,0xf0,0xcd,0x5f,0xdd,0x0e,0x42,0x08}, + {0x4a,0xfa,0x62,0x83,0xab,0x20,0xff,0xcd,0x6e,0x3e,0x1a,0xe2,0xd4,0x18,0xe1,0x57,0x2b,0xe6,0x39,0xfc,0x17,0x96,0x17,0xe3,0xfd,0x69,0x17,0xbc,0xef,0x53,0x9a,0x0d,0xce,0x10,0xf4,0x04,0x4e,0xc3,0x58,0x03,0x85,0x06,0x6e,0x27,0x5a,0x5b,0x13,0xb6,0x21,0x15,0xb9,0xeb,0xc7,0x70,0x96,0x5d,0x9c,0x88,0xdb,0x21,0xf3,0x54,0xd6,0x04,0xd5,0xb5,0xbd,0xdd,0x16,0xc1,0x7d,0x5e,0x2d,0xdd,0xa5,0x8d,0xb6,0xde,0x54,0x29,0x92,0xa2,0x34,0x33,0x17,0x08,0xb6,0x1c,0xd7,0x1a,0x99,0x18,0x26,0x4f,0x7a,0x4a}, + {0x95,0x5f,0xb1,0x5f,0x02,0x18,0xa7,0xf4,0x8f,0x1b,0x5c,0x6b,0x34,0x5f,0xf6,0x3d,0x12,0x11,0xe0,0x00,0x85,0xf0,0xfc,0xcd,0x48,0x18,0xd3,0xdd,0x4c,0x0c,0xb5,0x11,0x4b,0x2a,0x37,0xaf,0x91,0xb2,0xc3,0x24,0xf2,0x47,0x81,0x71,0x70,0x82,0xda,0x93,0xf2,0x9e,0x89,0x86,0x64,0x85,0x84,0xdd,0x33,0xee,0xe0,0x23,0x42,0x31,0x96,0x4a,0xd6,0xff,0xa4,0x08,0x44,0x27,0xe8,0xa6,0xd9,0x76,0x15,0x9c,0x7e,0x17,0x8e,0x73,0xf2,0xb3,0x02,0x3d,0xb6,0x48,0x33,0x77,0x51,0xcc,0x6b,0xce,0x4d,0xce,0x4b,0x4f}, + {0x84,0x25,0x24,0xe2,0x5a,0xce,0x1f,0xa7,0x9e,0x8a,0xf5,0x92,0x56,0x72,0xea,0x26,0xf4,0x3c,0xea,0x1c,0xd7,0x09,0x1a,0xd2,0xe6,0x01,0x1c,0xb7,0x14,0xdd,0xfc,0x73,0x6f,0x0b,0x9d,0xc4,0x6e,0x61,0xe2,0x30,0x17,0x23,0xec,0xca,0x8f,0x71,0x56,0xe4,0xa6,0x4f,0x6b,0xf2,0x9b,0x40,0xeb,0x48,0x37,0x5f,0x59,0x61,0xe5,0xce,0x42,0x30,0x41,0xac,0x9b,0x44,0x79,0x70,0x7e,0x42,0x0a,0x31,0xe2,0xbc,0x6d,0xe3,0x5a,0x85,0x7c,0x1a,0x84,0x5f,0x21,0x76,0xae,0x4c,0xd6,0xe1,0x9c,0x9a,0x0c,0x74,0x9e,0x38}, + {0xce,0xb9,0xdc,0x34,0xae,0xb3,0xfc,0x64,0xad,0xd0,0x48,0xe3,0x23,0x03,0x50,0x97,0x1b,0x38,0xc6,0x62,0x7d,0xf0,0xb3,0x45,0x88,0x67,0x5a,0x46,0x79,0x53,0x54,0x61,0x28,0xac,0x0e,0x57,0xf6,0x78,0xbd,0xc9,0xe1,0x9c,0x91,0x27,0x32,0x0b,0x5b,0xe5,0xed,0x91,0x9b,0xa1,0xab,0x3e,0xfc,0x65,0x90,0x36,0x26,0xd6,0xe5,0x25,0xc4,0x25,0x6e,0xde,0xd7,0xf1,0xa6,0x06,0x3e,0x3f,0x08,0x23,0x06,0x8e,0x27,0x76,0xf9,0x3e,0x77,0x6c,0x8a,0x4e,0x26,0xf6,0x14,0x8c,0x59,0x47,0x48,0x15,0x89,0xa0,0x39,0x65}, + {0x73,0xf7,0xd2,0xc3,0x74,0x1f,0xd2,0xe9,0x45,0x68,0xc4,0x25,0x41,0x54,0x50,0xc1,0x33,0x9e,0xb9,0xf9,0xe8,0x5c,0x4e,0x62,0x6c,0x18,0xcd,0xc5,0xaa,0xe4,0xc5,0x11,0x19,0x4a,0xbb,0x14,0xd4,0xdb,0xc4,0xdd,0x8e,0x4f,0x42,0x98,0x3c,0xbc,0xb2,0x19,0x69,0x71,0xca,0x36,0xd7,0x9f,0xa8,0x48,0x90,0xbd,0x19,0xf0,0x0e,0x32,0x65,0x0f,0xc6,0xe0,0xfd,0xca,0xb1,0xd1,0x86,0xd4,0x81,0x51,0x3b,0x16,0xe3,0xe6,0x3f,0x4f,0x9a,0x93,0xf2,0xfa,0x0d,0xaf,0xa8,0x59,0x2a,0x07,0x33,0xec,0xbd,0xc7,0xab,0x4c}, + {0x2e,0x0a,0x9c,0x08,0x24,0x96,0x9e,0x23,0x38,0x47,0xfe,0x3a,0xc0,0xc4,0x48,0xc7,0x2a,0xa1,0x4f,0x76,0x2a,0xed,0xdb,0x17,0x82,0x85,0x1c,0x32,0xf0,0x93,0x9b,0x63,0x89,0xd2,0x78,0x3f,0x8f,0x78,0x8f,0xc0,0x9f,0x4d,0x40,0xa1,0x2c,0xa7,0x30,0xfe,0x9d,0xcc,0x65,0xcf,0xfc,0x8b,0x77,0xf2,0x21,0x20,0xcb,0x5a,0x16,0x98,0xe4,0x7e,0xc3,0xa1,0x11,0x91,0xe3,0x08,0xd5,0x7b,0x89,0x74,0x90,0x80,0xd4,0x90,0x2b,0x2b,0x19,0xfd,0x72,0xae,0xc2,0xae,0xd2,0xe7,0xa6,0x02,0xb6,0x85,0x3c,0x49,0xdf,0x0e}, + {0x68,0x5a,0x9b,0x59,0x58,0x81,0xcc,0xae,0x0e,0xe2,0xad,0xeb,0x0f,0x4f,0x57,0xea,0x07,0x7f,0xb6,0x22,0x74,0x1d,0xe4,0x4f,0xb4,0x4f,0x9d,0x01,0xe3,0x92,0x3b,0x40,0x13,0x41,0x76,0x84,0xd2,0xc4,0x67,0x67,0x35,0xf8,0xf5,0xf7,0x3f,0x40,0x90,0xa0,0xde,0xbe,0xe6,0xca,0xfa,0xcf,0x8f,0x1c,0x69,0xa3,0xdf,0xd1,0x54,0x0c,0xc0,0x04,0xf8,0x5c,0x46,0x8b,0x81,0x2f,0xc2,0x4d,0xf8,0xef,0x80,0x14,0x5a,0xf3,0xa0,0x71,0x57,0xd6,0xc7,0x04,0xad,0xbf,0xe8,0xae,0xf4,0x76,0x61,0xb2,0x2a,0xb1,0x5b,0x35}, + {0xf4,0xbb,0x93,0x74,0xcc,0x64,0x1e,0xa7,0xc3,0xb0,0xa3,0xec,0xd9,0x84,0xbd,0xe5,0x85,0xe7,0x05,0xfa,0x0c,0xc5,0x6b,0x0a,0x12,0xc3,0x2e,0x18,0x32,0x81,0x9b,0x0f,0x18,0x73,0x8c,0x5a,0xc7,0xda,0x01,0xa3,0x11,0xaa,0xce,0xb3,0x9d,0x03,0x90,0xed,0x2d,0x3f,0xae,0x3b,0xbf,0x7c,0x07,0x6f,0x8e,0xad,0x52,0xe0,0xf8,0xea,0x18,0x75,0x32,0x6c,0x7f,0x1b,0xc4,0x59,0x88,0xa4,0x98,0x32,0x38,0xf4,0xbc,0x60,0x2d,0x0f,0xd9,0xd1,0xb1,0xc9,0x29,0xa9,0x15,0x18,0xc4,0x55,0x17,0xbb,0x1b,0x87,0xc3,0x47}, + {0x48,0x4f,0xec,0x71,0x97,0x53,0x44,0x51,0x6e,0x5d,0x8c,0xc9,0x7d,0xb1,0x05,0xf8,0x6b,0xc6,0xc3,0x47,0x1a,0xc1,0x62,0xf7,0xdc,0x99,0x46,0x76,0x85,0x9b,0xb8,0x00,0xb0,0x66,0x50,0xc8,0x50,0x5d,0xe6,0xfb,0xb0,0x99,0xa2,0xb3,0xb0,0xc4,0xec,0x62,0xe0,0xe8,0x1a,0x44,0xea,0x54,0x37,0xe5,0x5f,0x8d,0xd4,0xe8,0x2c,0xa0,0xfe,0x08,0xd0,0xea,0xde,0x68,0x76,0xdd,0x4d,0x82,0x23,0x5d,0x68,0x4b,0x20,0x45,0x64,0xc8,0x65,0xd6,0x89,0x5d,0xcd,0xcf,0x14,0xb5,0x37,0xd5,0x75,0x4f,0xa7,0x29,0x38,0x47}, + {0x18,0xc4,0x79,0x46,0x75,0xda,0xd2,0x82,0xf0,0x8d,0x61,0xb2,0xd8,0xd7,0x3b,0xe6,0x0a,0xeb,0x47,0xac,0x24,0xef,0x5e,0x35,0xb4,0xc6,0x33,0x48,0x4c,0x68,0x78,0x20,0xc9,0x02,0x39,0xad,0x3a,0x53,0xd9,0x23,0x8f,0x58,0x03,0xef,0xce,0xdd,0xc2,0x64,0xb4,0x2f,0xe1,0xcf,0x90,0x73,0x25,0x15,0x90,0xd3,0xe4,0x44,0x4d,0x8b,0x66,0x6c,0x0c,0x82,0x78,0x7a,0x21,0xcf,0x48,0x3b,0x97,0x3e,0x27,0x81,0xb2,0x0a,0x6a,0xf7,0x7b,0xed,0x8e,0x8c,0xa7,0x65,0x6c,0xa9,0x3f,0x43,0x8a,0x4f,0x05,0xa6,0x11,0x74}, + {0x6d,0xc8,0x9d,0xb9,0x32,0x9d,0x65,0x4d,0x15,0xf1,0x3a,0x60,0x75,0xdc,0x4c,0x04,0x88,0xe4,0xc2,0xdc,0x2c,0x71,0x4c,0xb3,0xff,0x34,0x81,0xfb,0x74,0x65,0x13,0x7c,0xb4,0x75,0xb1,0x18,0x3d,0xe5,0x9a,0x57,0x02,0xa1,0x92,0xf3,0x59,0x31,0x71,0x68,0xf5,0x35,0xef,0x1e,0xba,0xec,0x55,0x84,0x8f,0x39,0x8c,0x45,0x72,0xa8,0xc9,0x1e,0x9b,0x50,0xa2,0x00,0xd4,0xa4,0xe6,0xb8,0xb4,0x82,0xc8,0x0b,0x02,0xd7,0x81,0x9b,0x61,0x75,0x95,0xf1,0x9b,0xcc,0xe7,0x57,0x60,0x64,0xcd,0xc7,0xa5,0x88,0xdd,0x3a}, + {0xf2,0xdc,0x35,0xb6,0x70,0x57,0x89,0xab,0xbc,0x1f,0x6c,0xf6,0x6c,0xef,0xdf,0x02,0x87,0xd1,0xb6,0xbe,0x68,0x02,0x53,0x85,0x74,0x9e,0x87,0xcc,0xfc,0x29,0x99,0x24,0x46,0x30,0x39,0x59,0xd4,0x98,0xc2,0x85,0xec,0x59,0xf6,0x5f,0x98,0x35,0x7e,0x8f,0x3a,0x6e,0xf6,0xf2,0x2a,0xa2,0x2c,0x1d,0x20,0xa7,0x06,0xa4,0x31,0x11,0xba,0x61,0x29,0x90,0x95,0x16,0xf1,0xa0,0xd0,0xa3,0x89,0xbd,0x7e,0xba,0x6c,0x6b,0x3b,0x02,0x07,0x33,0x78,0x26,0x3e,0x5a,0xf1,0x7b,0xe7,0xec,0xd8,0xbb,0x0c,0x31,0x20,0x56}, + {0x43,0xd6,0x34,0x49,0x43,0x93,0x89,0x52,0xf5,0x22,0x12,0xa5,0x06,0xf8,0xdb,0xb9,0x22,0x1c,0xf4,0xc3,0x8f,0x87,0x6d,0x8f,0x30,0x97,0x9d,0x4d,0x2a,0x6a,0x67,0x37,0xd6,0x85,0xe2,0x77,0xf4,0xb5,0x46,0x66,0x93,0x61,0x8f,0x6c,0x67,0xff,0xe8,0x40,0xdd,0x94,0xb5,0xab,0x11,0x73,0xec,0xa6,0x4d,0xec,0x8c,0x65,0xf3,0x46,0xc8,0x7e,0xc7,0x2e,0xa2,0x1d,0x3f,0x8f,0x5e,0x9b,0x13,0xcd,0x01,0x6c,0x77,0x1d,0x0f,0x13,0xb8,0x9f,0x98,0xa2,0xcf,0x8f,0x4c,0x21,0xd5,0x9d,0x9b,0x39,0x23,0xf7,0xaa,0x6d}, + {0x47,0xbe,0x3d,0xeb,0x62,0x75,0x3a,0x5f,0xb8,0xa0,0xbd,0x8e,0x54,0x38,0xea,0xf7,0x99,0x72,0x74,0x45,0x31,0xe5,0xc3,0x00,0x51,0xd5,0x27,0x16,0xe7,0xe9,0x04,0x13,0xa2,0x8e,0xad,0xac,0xbf,0x04,0x3b,0x58,0x84,0xe8,0x8b,0x14,0xe8,0x43,0xb7,0x29,0xdb,0xc5,0x10,0x08,0x3b,0x58,0x1e,0x2b,0xaa,0xbb,0xb3,0x8e,0xe5,0x49,0x54,0x2b,0xfe,0x9c,0xdc,0x6a,0xd2,0x14,0x98,0x78,0x0b,0xdd,0x48,0x8b,0x3f,0xab,0x1b,0x3c,0x0a,0xc6,0x79,0xf9,0xff,0xe1,0x0f,0xda,0x93,0xd6,0x2d,0x7c,0x2d,0xde,0x68,0x44}, + {0x9e,0x46,0x19,0x94,0x5e,0x35,0xbb,0x51,0x54,0xc7,0xdd,0x23,0x4c,0xdc,0xe6,0x33,0x62,0x99,0x7f,0x44,0xd6,0xb6,0xa5,0x93,0x63,0xbd,0x44,0xfb,0x6f,0x7c,0xce,0x6c,0xce,0x07,0x63,0xf8,0xc6,0xd8,0x9a,0x4b,0x28,0x0c,0x5d,0x43,0x31,0x35,0x11,0x21,0x2c,0x77,0x7a,0x65,0xc5,0x66,0xa8,0xd4,0x52,0x73,0x24,0x63,0x7e,0x42,0xa6,0x5d,0xca,0x22,0xac,0xde,0x88,0xc6,0x94,0x1a,0xf8,0x1f,0xae,0xbb,0xf7,0x6e,0x06,0xb9,0x0f,0x58,0x59,0x8d,0x38,0x8c,0xad,0x88,0xa8,0x2c,0x9f,0xe7,0xbf,0x9a,0xf2,0x58}, + {0x68,0x3e,0xe7,0x8d,0xab,0xcf,0x0e,0xe9,0xa5,0x76,0x7e,0x37,0x9f,0x6f,0x03,0x54,0x82,0x59,0x01,0xbe,0x0b,0x5b,0x49,0xf0,0x36,0x1e,0xf4,0xa7,0xc4,0x29,0x76,0x57,0xf6,0xcd,0x0e,0x71,0xbf,0x64,0x5a,0x4b,0x3c,0x29,0x2c,0x46,0x38,0xe5,0x4c,0xb1,0xb9,0x3a,0x0b,0xd5,0x56,0xd0,0x43,0x36,0x70,0x48,0x5b,0x18,0x24,0x37,0xf9,0x6a,0x88,0xa8,0xc6,0x09,0x45,0x02,0x20,0x32,0x73,0x89,0x55,0x4b,0x13,0x36,0xe0,0xd2,0x9f,0x28,0x33,0x3c,0x23,0x36,0xe2,0x83,0x8f,0xc1,0xae,0x0c,0xbb,0x25,0x1f,0x70}, + {0xed,0x6c,0x61,0xe4,0xf8,0xb0,0xa8,0xc3,0x7d,0xa8,0x25,0x9e,0x0e,0x66,0x00,0xf7,0x9c,0xa5,0xbc,0xf4,0x1f,0x06,0xe3,0x61,0xe9,0x0b,0xc4,0xbd,0xbf,0x92,0x0c,0x2e,0x13,0xc1,0xbe,0x7c,0xd9,0xf6,0x18,0x9d,0xe4,0xdb,0xbf,0x74,0xe6,0x06,0x4a,0x84,0xd6,0x60,0x4e,0xac,0x22,0xb5,0xf5,0x20,0x51,0x5e,0x95,0x50,0xc0,0x5b,0x0a,0x72,0x35,0x5a,0x80,0x9b,0x43,0x09,0x3f,0x0c,0xfc,0xab,0x42,0x62,0x37,0x8b,0x4e,0xe8,0x46,0x93,0x22,0x5c,0xf3,0x17,0x14,0x69,0xec,0xf0,0x4e,0x14,0xbb,0x9c,0x9b,0x0e}, + {0xad,0x20,0x57,0xfb,0x8f,0xd4,0xba,0xfb,0x0e,0x0d,0xf9,0xdb,0x6b,0x91,0x81,0xee,0xbf,0x43,0x55,0x63,0x52,0x31,0x81,0xd4,0xd8,0x7b,0x33,0x3f,0xeb,0x04,0x11,0x22,0xee,0xbe,0xb1,0x5d,0xd5,0x9b,0xee,0x8d,0xb9,0x3f,0x72,0x0a,0x37,0xab,0xc3,0xc9,0x91,0xd7,0x68,0x1c,0xbf,0xf1,0xa8,0x44,0xde,0x3c,0xfd,0x1c,0x19,0x44,0x6d,0x36,0x14,0x8c,0xbc,0xf2,0x43,0x17,0x3c,0x9e,0x3b,0x6c,0x85,0xb5,0xfc,0x26,0xda,0x2e,0x97,0xfb,0xa7,0x68,0x0e,0x2f,0xb8,0xcc,0x44,0x32,0x59,0xbc,0xe6,0xa4,0x67,0x41}, + {0x00,0x27,0xf6,0x76,0x28,0x9d,0x3b,0x64,0xeb,0x68,0x76,0x0e,0x40,0x9d,0x1d,0x5d,0x84,0x06,0xfc,0x21,0x03,0x43,0x4b,0x1b,0x6a,0x24,0x55,0x22,0x7e,0xbb,0x38,0x79,0xee,0x8f,0xce,0xf8,0x65,0x26,0xbe,0xc2,0x2c,0xd6,0x80,0xe8,0x14,0xff,0x67,0xe9,0xee,0x4e,0x36,0x2f,0x7e,0x6e,0x2e,0xf1,0xf6,0xd2,0x7e,0xcb,0x70,0x33,0xb3,0x34,0xcc,0xd6,0x81,0x86,0xee,0x91,0xc5,0xcd,0x53,0xa7,0x85,0xed,0x9c,0x10,0x02,0xce,0x83,0x88,0x80,0x58,0xc1,0x85,0x74,0xed,0xe4,0x65,0xfe,0x2d,0x6e,0xfc,0x76,0x11}, + {0x9b,0x61,0x9c,0x5b,0xd0,0x6c,0xaf,0xb4,0x80,0x84,0xa5,0xb2,0xf4,0xc9,0xdf,0x2d,0xc4,0x4d,0xe9,0xeb,0x02,0xa5,0x4f,0x3d,0x34,0x5f,0x7d,0x67,0x4c,0x3a,0xfc,0x08,0xb8,0x0e,0x77,0x49,0x89,0xe2,0x90,0xdb,0xa3,0x40,0xf4,0xac,0x2a,0xcc,0xfb,0x98,0x9b,0x87,0xd7,0xde,0xfe,0x4f,0x35,0x21,0xb6,0x06,0x69,0xf2,0x54,0x3e,0x6a,0x1f,0xea,0x34,0x07,0xd3,0x99,0xc1,0xa4,0x60,0xd6,0x5c,0x16,0x31,0xb6,0x85,0xc0,0x40,0x95,0x82,0x59,0xf7,0x23,0x3e,0x33,0xe2,0xd1,0x00,0xb9,0x16,0x01,0xad,0x2f,0x4f}, + {0x54,0x4e,0xae,0x94,0x41,0xb2,0xbe,0x44,0x6c,0xef,0x57,0x18,0x51,0x1c,0x54,0x5f,0x98,0x04,0x8d,0x36,0x2d,0x6b,0x1e,0xa6,0xab,0xf7,0x2e,0x97,0xa4,0x84,0x54,0x44,0x38,0xb6,0x3b,0xb7,0x1d,0xd9,0x2c,0x96,0x08,0x9c,0x12,0xfc,0xaa,0x77,0x05,0xe6,0x89,0x16,0xb6,0xf3,0x39,0x9b,0x61,0x6f,0x81,0xee,0x44,0x29,0x5f,0x99,0x51,0x34,0x7c,0x7d,0xea,0x9f,0xd0,0xfc,0x52,0x91,0xf6,0x5c,0x93,0xb0,0x94,0x6c,0x81,0x4a,0x40,0x5c,0x28,0x47,0xaa,0x9a,0x8e,0x25,0xb7,0x93,0x28,0x04,0xa6,0x9c,0xb8,0x10}, + {0x9c,0x28,0x18,0x97,0x49,0x47,0x59,0x3d,0x26,0x3f,0x53,0x24,0xc5,0xf8,0xeb,0x12,0x15,0xef,0xc3,0x14,0xcb,0xbf,0x62,0x02,0x8e,0x51,0xb7,0x77,0xd5,0x78,0xb8,0x20,0x6e,0xf0,0x45,0x5a,0xbe,0x41,0x39,0x75,0x65,0x5f,0x9c,0x6d,0xed,0xae,0x7c,0xd0,0xb6,0x51,0xff,0x72,0x9c,0x6b,0x77,0x11,0xa9,0x4d,0x0d,0xef,0xd9,0xd1,0xd2,0x17,0x6a,0x3e,0x3f,0x07,0x18,0xaf,0xf2,0x27,0x69,0x10,0x52,0xd7,0x19,0xe5,0x3f,0xfd,0x22,0x00,0xa6,0x3c,0x2c,0xb7,0xe3,0x22,0xa7,0xc6,0x65,0xcc,0x63,0x4f,0x21,0x72}, + {0x93,0xa6,0x07,0x53,0x40,0x7f,0xe3,0xb4,0x95,0x67,0x33,0x2f,0xd7,0x14,0xa7,0xab,0x99,0x10,0x76,0x73,0xa7,0xd0,0xfb,0xd6,0xc9,0xcb,0x71,0x81,0xc5,0x48,0xdf,0x5f,0xc9,0x29,0x3b,0xf4,0xb9,0xb7,0x9d,0x1d,0x75,0x8f,0x51,0x4f,0x4a,0x82,0x05,0xd6,0xc4,0x9d,0x2f,0x31,0xbd,0x72,0xc0,0xf2,0xb0,0x45,0x15,0x5a,0x85,0xac,0x24,0x1f,0xaa,0x05,0x95,0x8e,0x32,0x08,0xd6,0x24,0xee,0x20,0x14,0x0c,0xd1,0xc1,0x48,0x47,0xa2,0x25,0xfb,0x06,0x5c,0xe4,0xff,0xc7,0xe6,0x95,0xe3,0x2a,0x9e,0x73,0xba,0x00}, + {0xd6,0x90,0x87,0x5c,0xde,0x98,0x2e,0x59,0xdf,0xa2,0xc2,0x45,0xd3,0xb7,0xbf,0xe5,0x22,0x99,0xb4,0xf9,0x60,0x3b,0x5a,0x11,0xf3,0x78,0xad,0x67,0x3e,0x3a,0x28,0x03,0x26,0xbb,0x88,0xea,0xf5,0x26,0x44,0xae,0xfb,0x3b,0x97,0x84,0xd9,0x79,0x06,0x36,0x50,0x4e,0x69,0x26,0x0c,0x03,0x9f,0x5c,0x26,0xd2,0x18,0xd5,0xe7,0x7d,0x29,0x72,0x39,0xb9,0x0c,0xbe,0xc7,0x1d,0x24,0x48,0x80,0x30,0x63,0x8b,0x4d,0x9b,0xf1,0x32,0x08,0x93,0x28,0x02,0x0d,0xc9,0xdf,0xd3,0x45,0x19,0x27,0x46,0x68,0x29,0xe1,0x05}, + {0x5a,0x49,0x9c,0x2d,0xb3,0xee,0x82,0xba,0x7c,0xb9,0x2b,0xf1,0xfc,0xc8,0xef,0xce,0xe0,0xd1,0xb5,0x93,0xae,0xab,0x2d,0xb0,0x9b,0x8d,0x69,0x13,0x9c,0x0c,0xc0,0x39,0x50,0x45,0x2c,0x24,0xc8,0xbb,0xbf,0xad,0xd9,0x81,0x30,0xd0,0xec,0x0c,0xc8,0xbc,0x92,0xdf,0xc8,0xf5,0xa6,0x66,0x35,0x84,0x4c,0xce,0x58,0x82,0xd3,0x25,0xcf,0x78,0x68,0x9d,0x48,0x31,0x8e,0x6b,0xae,0x15,0x87,0xf0,0x2b,0x9c,0xab,0x1c,0x85,0xaa,0x05,0xfa,0x4e,0xf0,0x97,0x5a,0xa7,0xc9,0x32,0xf8,0x3f,0x6b,0x07,0x52,0x6b,0x00}, + {0x1c,0x78,0x95,0x9d,0xe1,0xcf,0xe0,0x29,0xe2,0x10,0x63,0x96,0x18,0xdf,0x81,0xb6,0x39,0x6b,0x51,0x70,0xd3,0x39,0xdf,0x57,0x22,0x61,0xc7,0x3b,0x44,0xe3,0x57,0x4d,0x2d,0x08,0xce,0xb9,0x16,0x7e,0xcb,0xf5,0x29,0xbc,0x7a,0x41,0x4c,0xf1,0x07,0x34,0xab,0xa7,0xf4,0x2b,0xce,0x6b,0xb3,0xd4,0xce,0x75,0x9f,0x1a,0x56,0xe9,0xe2,0x7d,0xcb,0x5e,0xa5,0xb6,0xf4,0xd4,0x70,0xde,0x99,0xdb,0x85,0x5d,0x7f,0x52,0x01,0x48,0x81,0x9a,0xee,0xd3,0x40,0xc4,0xc9,0xdb,0xed,0x29,0x60,0x1a,0xaf,0x90,0x2a,0x6b}, + {0x97,0x1e,0xe6,0x9a,0xfc,0xf4,0x23,0x69,0xd1,0x5f,0x3f,0xe0,0x1d,0x28,0x35,0x57,0x2d,0xd1,0xed,0xe6,0x43,0xae,0x64,0xa7,0x4a,0x3e,0x2d,0xd1,0xe9,0xf4,0xd8,0x5f,0x0a,0xd8,0xb2,0x5b,0x24,0xf3,0xeb,0x77,0x9b,0x07,0xb9,0x2f,0x47,0x1b,0x30,0xd8,0x33,0x73,0xee,0x4c,0xf2,0xe6,0x47,0xc6,0x09,0x21,0x6c,0x27,0xc8,0x12,0x58,0x46,0xd9,0x62,0x10,0x2a,0xb2,0xbe,0x43,0x4d,0x16,0xdc,0x31,0x38,0x75,0xfb,0x65,0x70,0xd7,0x68,0x29,0xde,0x7b,0x4a,0x0d,0x18,0x90,0x67,0xb1,0x1c,0x2b,0x2c,0xb3,0x05}, + {0xfd,0xa8,0x4d,0xd2,0xcc,0x5e,0xc0,0xc8,0x83,0xef,0xdf,0x05,0xac,0x1a,0xcf,0xa1,0x61,0xcd,0xf9,0x7d,0xf2,0xef,0xbe,0xdb,0x99,0x1e,0x47,0x7b,0xa3,0x56,0x55,0x3b,0x95,0x81,0xd5,0x7a,0x2c,0xa4,0xfc,0xf7,0xcc,0xf3,0x33,0x43,0x6e,0x28,0x14,0x32,0x9d,0x97,0x0b,0x34,0x0d,0x9d,0xc2,0xb6,0xe1,0x07,0x73,0x56,0x48,0x1a,0x77,0x31,0x82,0xd4,0x4d,0xe1,0x24,0xc5,0xb0,0x32,0xb6,0xa4,0x2b,0x1a,0x54,0x51,0xb3,0xed,0xf3,0x5a,0x2b,0x28,0x48,0x60,0xd1,0xa3,0xeb,0x36,0x73,0x7a,0xd2,0x79,0xc0,0x4f}, + {0x7f,0x2f,0xbf,0x89,0xb0,0x38,0xc9,0x51,0xa7,0xe9,0xdf,0x02,0x65,0xbd,0x97,0x24,0x53,0xe4,0x80,0x78,0x9c,0xc0,0xff,0xff,0x92,0x8e,0xf9,0xca,0xce,0x67,0x45,0x12,0x0d,0xc5,0x86,0x0c,0x44,0x8b,0x34,0xdc,0x51,0xe6,0x94,0xcc,0xc9,0xcb,0x37,0x13,0xb9,0x3c,0x3e,0x64,0x4d,0xf7,0x22,0x64,0x08,0xcd,0xe3,0xba,0xc2,0x70,0x11,0x24,0xb4,0x73,0xc4,0x0a,0x86,0xab,0xf9,0x3f,0x35,0xe4,0x13,0x01,0xee,0x1d,0x91,0xf0,0xaf,0xc4,0xc6,0xeb,0x60,0x50,0xe7,0x4a,0x0d,0x00,0x87,0x6c,0x96,0x12,0x86,0x3f}, + {0xde,0x0d,0x2a,0x78,0xc9,0x0c,0x9a,0x55,0x85,0x83,0x71,0xea,0xb2,0xcd,0x1d,0x55,0x8c,0x23,0xef,0x31,0x5b,0x86,0x62,0x7f,0x3d,0x61,0x73,0x79,0x76,0xa7,0x4a,0x50,0x13,0x8d,0x04,0x36,0xfa,0xfc,0x18,0x9c,0xdd,0x9d,0x89,0x73,0xb3,0x9d,0x15,0x29,0xaa,0xd0,0x92,0x9f,0x0b,0x35,0x9f,0xdc,0xd4,0x19,0x8a,0x87,0xee,0x7e,0xf5,0x26,0xb1,0xef,0x87,0x56,0xd5,0x2c,0xab,0x0c,0x7b,0xf1,0x7a,0x24,0x62,0xd1,0x80,0x51,0x67,0x24,0x5a,0x4f,0x34,0x5a,0xc1,0x85,0x69,0x30,0xba,0x9d,0x3d,0x94,0x41,0x40}, + {0x96,0xcc,0xeb,0x43,0xba,0xee,0xc0,0xc3,0xaf,0x9c,0xea,0x26,0x9c,0x9c,0x74,0x8d,0xc6,0xcc,0x77,0x1c,0xee,0x95,0xfa,0xd9,0x0f,0x34,0x84,0x76,0xd9,0xa1,0x20,0x14,0xdd,0xaa,0x6c,0xa2,0x43,0x77,0x21,0x4b,0xce,0xb7,0x8a,0x64,0x24,0xb4,0xa6,0x47,0xe3,0xc9,0xfb,0x03,0x7a,0x4f,0x1d,0xcb,0x19,0xd0,0x00,0x98,0x42,0x31,0xd9,0x12,0x4f,0x59,0x37,0xd3,0x99,0x77,0xc6,0x00,0x7b,0xa4,0x3a,0xb2,0x40,0x51,0x3c,0x5e,0x95,0xf3,0x5f,0xe3,0x54,0x28,0x18,0x44,0x12,0xa0,0x59,0x43,0x31,0x92,0x4f,0x1b}, + {0x51,0x09,0x15,0x89,0x9d,0x10,0x5c,0x3e,0x6a,0x69,0xe9,0x2d,0x91,0xfa,0xce,0x39,0x20,0x30,0x5f,0x97,0x3f,0xe4,0xea,0x20,0xae,0x2d,0x13,0x7f,0x2a,0x57,0x9b,0x23,0xb1,0x66,0x98,0xa4,0x30,0x30,0xcf,0x33,0x59,0x48,0x5f,0x21,0xd2,0x73,0x1f,0x25,0xf6,0xf4,0xde,0x51,0x40,0xaa,0x82,0xab,0xf6,0x23,0x9a,0x6f,0xd5,0x91,0xf1,0x5f,0x68,0x90,0x2d,0xac,0x33,0xd4,0x9e,0x81,0x23,0x85,0xc9,0x5f,0x79,0xab,0x83,0x28,0x3d,0xeb,0x93,0x55,0x80,0x72,0x45,0xef,0xcb,0x36,0x8f,0x75,0x6a,0x52,0x0c,0x02}, + {0xbc,0xdb,0xd8,0x9e,0xf8,0x34,0x98,0x77,0x6c,0xa4,0x7c,0xdc,0xf9,0xaa,0xf2,0xc8,0x74,0xb0,0xe1,0xa3,0xdc,0x4c,0x52,0xa9,0x77,0x38,0x31,0x15,0x46,0xcc,0xaa,0x02,0x89,0xcc,0x42,0xf0,0x59,0xef,0x31,0xe9,0xb6,0x4b,0x12,0x8e,0x9d,0x9c,0x58,0x2c,0x97,0x59,0xc7,0xae,0x8a,0xe1,0xc8,0xad,0x0c,0xc5,0x02,0x56,0x0a,0xfe,0x2c,0x45,0xdf,0x77,0x78,0x64,0xa0,0xf7,0xa0,0x86,0x9f,0x7c,0x60,0x0e,0x27,0x64,0xc4,0xbb,0xc9,0x11,0xfb,0xf1,0x25,0xea,0x17,0xab,0x7b,0x87,0x4b,0x30,0x7b,0x7d,0xfb,0x4c}, + {0xfe,0x75,0x9b,0xb8,0x6c,0x3d,0xb4,0x72,0x80,0xdc,0x6a,0x9c,0xd9,0x94,0xc6,0x54,0x9f,0x4c,0xe3,0x3e,0x37,0xaa,0xc3,0xb8,0x64,0x53,0x07,0x39,0x2b,0x62,0xb4,0x14,0x12,0xef,0x89,0x97,0xc2,0x99,0x86,0xe2,0x0d,0x19,0x57,0xdf,0x71,0xcd,0x6e,0x2b,0xd0,0x70,0xc9,0xec,0x57,0xc8,0x43,0xc3,0xc5,0x3a,0x4d,0x43,0xbc,0x4c,0x1d,0x5b,0x26,0x9f,0x0a,0xcc,0x15,0x26,0xfb,0xb6,0xe5,0xcc,0x8d,0xb8,0x2b,0x0e,0x4f,0x3a,0x05,0xa7,0x69,0x33,0x8b,0x49,0x01,0x13,0xd1,0x2d,0x59,0x58,0x12,0xf7,0x98,0x2f}, + {0x56,0x9e,0x0f,0xb5,0x4c,0xa7,0x94,0x0c,0x20,0x13,0x8e,0x8e,0xa9,0xf4,0x1f,0x5b,0x67,0x0f,0x30,0x82,0x21,0xcc,0x2a,0x9a,0xf9,0xaa,0x06,0xd8,0x49,0xe2,0x6a,0x3a,0x01,0xa7,0x54,0x4f,0x44,0xae,0x12,0x2e,0xde,0xd7,0xcb,0xa9,0xf0,0x3e,0xfe,0xfc,0xe0,0x5d,0x83,0x75,0x0d,0x89,0xbf,0xce,0x54,0x45,0x61,0xe7,0xe9,0x62,0x80,0x1d,0x5a,0x7c,0x90,0xa9,0x85,0xda,0x7a,0x65,0x62,0x0f,0xb9,0x91,0xb5,0xa8,0x0e,0x1a,0xe9,0xb4,0x34,0xdf,0xfb,0x1d,0x0e,0x8d,0xf3,0x5f,0xf2,0xae,0xe8,0x8c,0x8b,0x29}, + {0xb2,0x0c,0xf7,0xef,0x53,0x79,0x92,0x2a,0x76,0x70,0x15,0x79,0x2a,0xc9,0x89,0x4b,0x6a,0xcf,0xa7,0x30,0x7a,0x45,0x18,0x94,0x85,0xe4,0x5c,0x4d,0x40,0xa8,0xb8,0x34,0xde,0x65,0x21,0x0a,0xea,0x72,0x7a,0x83,0xf6,0x79,0xcf,0x0b,0xb4,0x07,0xab,0x3f,0x70,0xae,0x38,0x77,0xc7,0x36,0x16,0x52,0xdc,0xd7,0xa7,0x03,0x18,0x27,0xa6,0x6b,0x35,0x33,0x69,0x83,0xb5,0xec,0x6e,0xc2,0xfd,0xfe,0xb5,0x63,0xdf,0x13,0xa8,0xd5,0x73,0x25,0xb2,0xa4,0x9a,0xaa,0x93,0xa2,0x6a,0x1c,0x5e,0x46,0xdd,0x2b,0xd6,0x71}, + {0x80,0xdf,0x78,0xd3,0x28,0xcc,0x33,0x65,0xb4,0xa4,0x0f,0x0a,0x79,0x43,0xdb,0xf6,0x5a,0xda,0x01,0xf7,0xf9,0x5f,0x64,0xe3,0xa4,0x2b,0x17,0xf3,0x17,0xf3,0xd5,0x74,0xf5,0x5e,0xf7,0xb1,0xda,0xb5,0x2d,0xcd,0xf5,0x65,0xb0,0x16,0xcf,0x95,0x7f,0xd7,0x85,0xf0,0x49,0x3f,0xea,0x1f,0x57,0x14,0x3d,0x2b,0x2b,0x26,0x21,0x36,0x33,0x1c,0x81,0xca,0xd9,0x67,0x54,0xe5,0x6f,0xa8,0x37,0x8c,0x29,0x2b,0x75,0x7c,0x8b,0x39,0x3b,0x62,0xac,0xe3,0x92,0x08,0x6d,0xda,0x8c,0xd9,0xe9,0x47,0x45,0xcc,0xeb,0x4a}, + {0xc9,0x01,0x6d,0x27,0x1b,0x07,0xf0,0x12,0x70,0x8c,0xc4,0x86,0xc5,0xba,0xb8,0xe7,0xa9,0xfb,0xd6,0x71,0x9b,0x12,0x08,0x53,0x92,0xb7,0x3d,0x5a,0xf9,0xfb,0x88,0x5d,0x10,0xb6,0x54,0x73,0x9e,0x8d,0x40,0x0b,0x6e,0x5b,0xa8,0x5b,0x53,0x32,0x6b,0x80,0x07,0xa2,0x58,0x4a,0x03,0x3a,0xe6,0xdb,0x2c,0xdf,0xa1,0xc9,0xdd,0xd9,0x3b,0x17,0xdf,0x72,0x58,0xfe,0x1e,0x0f,0x50,0x2b,0xc1,0x18,0x39,0xd4,0x2e,0x58,0xd6,0x58,0xe0,0x3a,0x67,0xc9,0x8e,0x27,0xed,0xe6,0x19,0xa3,0x9e,0xb1,0x13,0xcd,0xe1,0x06}, + {0x23,0x6f,0x16,0x6f,0x51,0xad,0xd0,0x40,0xbe,0x6a,0xab,0x1f,0x93,0x32,0x8e,0x11,0x8e,0x08,0x4d,0xa0,0x14,0x5e,0xe3,0x3f,0x66,0x62,0xe1,0x26,0x35,0x60,0x80,0x30,0x53,0x03,0x5b,0x9e,0x62,0xaf,0x2b,0x47,0x47,0x04,0x8d,0x27,0x90,0x0b,0xaa,0x3b,0x27,0xbf,0x43,0x96,0x46,0x5f,0x78,0x0c,0x13,0x7b,0x83,0x8d,0x1a,0x6a,0x3a,0x7f,0x0b,0x80,0x3d,0x5d,0x39,0x44,0xe6,0xf7,0xf6,0xed,0x01,0xc9,0x55,0xd5,0xa8,0x95,0x39,0x63,0x2c,0x59,0x30,0x78,0xcd,0x68,0x7e,0x30,0x51,0x2e,0xed,0xfd,0xd0,0x30}, + {0xb3,0x33,0x12,0xf2,0x1a,0x4d,0x59,0xe0,0x9c,0x4d,0xcc,0xf0,0x8e,0xe7,0xdb,0x1b,0x77,0x9a,0x49,0x8f,0x7f,0x18,0x65,0x69,0x68,0x98,0x09,0x2c,0x20,0x14,0x92,0x0a,0x50,0x47,0xb8,0x68,0x1e,0x97,0xb4,0x9c,0xcf,0xbb,0x64,0x66,0x29,0x72,0x95,0xa0,0x2b,0x41,0xfa,0x72,0x26,0xe7,0x8d,0x5c,0xd9,0x89,0xc5,0x51,0x43,0x08,0x15,0x46,0x2e,0xa0,0xb9,0xae,0xc0,0x19,0x90,0xbc,0xae,0x4c,0x03,0x16,0x0d,0x11,0xc7,0x55,0xec,0x32,0x99,0x65,0x01,0xf5,0x6d,0x0e,0xfe,0x5d,0xca,0x95,0x28,0x0d,0xca,0x3b}, + {0xa4,0x62,0x5d,0x3c,0xbc,0x31,0xf0,0x40,0x60,0x7a,0xf0,0xcf,0x3e,0x8b,0xfc,0x19,0x45,0xb5,0x0f,0x13,0xa2,0x3d,0x18,0x98,0xcd,0x13,0x8f,0xae,0xdd,0xde,0x31,0x56,0xbf,0x01,0xcc,0x9e,0xb6,0x8e,0x68,0x9c,0x6f,0x89,0x44,0xa6,0xad,0x83,0xbc,0xf0,0xe2,0x9f,0x7a,0x5f,0x5f,0x95,0x2d,0xca,0x41,0x82,0xf2,0x8d,0x03,0xb4,0xa8,0x4e,0x02,0xd2,0xca,0xf1,0x0a,0x46,0xed,0x2a,0x83,0xee,0x8c,0xa4,0x05,0x53,0x30,0x46,0x5f,0x1a,0xf1,0x49,0x45,0x77,0x21,0x91,0x63,0xa4,0x2c,0x54,0x30,0x09,0xce,0x24}, + {0x06,0xc1,0x06,0xfd,0xf5,0x90,0xe8,0x1f,0xf2,0x10,0x88,0x5d,0x35,0x68,0xc4,0xb5,0x3e,0xaf,0x8c,0x6e,0xfe,0x08,0x78,0x82,0x4b,0xd7,0x06,0x8a,0xc2,0xe3,0xd4,0x41,0x85,0x0b,0xf3,0xfd,0x55,0xa1,0xcf,0x3f,0xa4,0x2e,0x37,0x36,0x8e,0x16,0xf7,0xd2,0x44,0xf8,0x92,0x64,0xde,0x64,0xe0,0xb2,0x80,0x42,0x4f,0x32,0xa7,0x28,0x99,0x54,0x2e,0x1a,0xee,0x63,0xa7,0x32,0x6e,0xf2,0xea,0xfd,0x5f,0xd2,0xb7,0xe4,0x91,0xae,0x69,0x4d,0x7f,0xd1,0x3b,0xd3,0x3b,0xbc,0x6a,0xff,0xdc,0xc0,0xde,0x66,0x1b,0x49}, + {0xa7,0x32,0xea,0xc7,0x3d,0xb1,0xf5,0x98,0x98,0xdb,0x16,0x7e,0xcc,0xf8,0xd5,0xe3,0x47,0xd9,0xf8,0xcb,0x52,0xbf,0x0a,0xac,0xac,0xe4,0x5e,0xc8,0xd0,0x38,0xf3,0x08,0xa1,0x64,0xda,0xd0,0x8e,0x4a,0xf0,0x75,0x4b,0x28,0xe2,0x67,0xaf,0x2c,0x22,0xed,0xa4,0x7b,0x7b,0x1f,0x79,0xa3,0x34,0x82,0x67,0x8b,0x01,0xb7,0xb0,0xb8,0xf6,0x4c,0xbd,0x73,0x1a,0x99,0x21,0xa8,0x83,0xc3,0x7a,0x0c,0x32,0xdf,0x01,0xbc,0x27,0xab,0x63,0x70,0x77,0x84,0x1b,0x33,0x3d,0xc1,0x99,0x8a,0x07,0xeb,0x82,0x4a,0x0d,0x53}, + {0x25,0x48,0xf9,0xe1,0x30,0x36,0x4c,0x00,0x5a,0x53,0xab,0x8c,0x26,0x78,0x2d,0x7e,0x8b,0xff,0x84,0xcc,0x23,0x23,0x48,0xc7,0xb9,0x70,0x17,0x10,0x3f,0x75,0xea,0x65,0x9e,0xbf,0x9a,0x6c,0x45,0x73,0x69,0x6d,0x80,0xa8,0x00,0x49,0xfc,0xb2,0x7f,0x25,0x50,0xb8,0xcf,0xc8,0x12,0xf4,0xac,0x2b,0x5b,0xbd,0xbf,0x0c,0xe0,0xe7,0xb3,0x0d,0x63,0x63,0x09,0xe2,0x3e,0xfc,0x66,0x3d,0x6b,0xcb,0xb5,0x61,0x7f,0x2c,0xd6,0x81,0x1a,0x3b,0x44,0x13,0x42,0x04,0xbe,0x0f,0xdb,0xa1,0xe1,0x21,0x19,0xec,0xa4,0x02}, + {0xa2,0xb8,0x24,0x3b,0x9a,0x25,0xe6,0x5c,0xb8,0xa0,0xaf,0x45,0xcc,0x7a,0x57,0xb8,0x37,0x70,0xa0,0x8b,0xe8,0xe6,0xcb,0xcc,0xbf,0x09,0x78,0x12,0x51,0x3c,0x14,0x3d,0x5f,0x79,0xcf,0xf1,0x62,0x61,0xc8,0xf5,0xf2,0x57,0xee,0x26,0x19,0x86,0x8c,0x11,0x78,0x35,0x06,0x1c,0x85,0x24,0x21,0x17,0xcf,0x7f,0x06,0xec,0x5d,0x2b,0xd1,0x36,0x57,0x45,0x15,0x79,0x91,0x27,0x6d,0x12,0x0a,0x3a,0x78,0xfc,0x5c,0x8f,0xe4,0xd5,0xac,0x9b,0x17,0xdf,0xe8,0xb6,0xbd,0x36,0x59,0x28,0xa8,0x5b,0x88,0x17,0xf5,0x2e}, + {0xdc,0xae,0x58,0x8c,0x4e,0x97,0x37,0x46,0xa4,0x41,0xf0,0xab,0xfb,0x22,0xef,0xb9,0x8a,0x71,0x80,0xe9,0x56,0xd9,0x85,0xe1,0xa6,0xa8,0x43,0xb1,0xfa,0x78,0x1b,0x2f,0x51,0x2f,0x5b,0x30,0xfb,0xbf,0xee,0x96,0xb8,0x96,0x95,0x88,0xad,0x38,0xf9,0xd3,0x25,0xdd,0xd5,0x46,0xc7,0x2d,0xf5,0xf0,0x95,0x00,0x3a,0xbb,0x90,0x82,0x96,0x57,0x01,0xe1,0x20,0x0a,0x43,0xb8,0x1a,0xf7,0x47,0xec,0xf0,0x24,0x8d,0x65,0x93,0xf3,0xd1,0xee,0xe2,0x6e,0xa8,0x09,0x75,0xcf,0xe1,0xa3,0x2a,0xdc,0x35,0x3e,0xc4,0x7d}, + {0xc3,0xd9,0x7d,0x88,0x65,0x66,0x96,0x85,0x55,0x53,0xb0,0x4b,0x31,0x9b,0x0f,0xc9,0xb1,0x79,0x20,0xef,0xf8,0x8d,0xe0,0xc6,0x2f,0xc1,0x8c,0x75,0x16,0x20,0xf7,0x7e,0x18,0x97,0x3e,0x27,0x5c,0x2a,0x78,0x5a,0x94,0xfd,0x4e,0x5e,0x99,0xc6,0x76,0x35,0x3e,0x7d,0x23,0x1f,0x05,0xd8,0x2e,0x0f,0x99,0x0a,0xd5,0x82,0x1d,0xb8,0x4f,0x04,0xd9,0xe3,0x07,0xa9,0xc5,0x18,0xdf,0xc1,0x59,0x63,0x4c,0xce,0x1d,0x37,0xb3,0x57,0x49,0xbb,0x01,0xb2,0x34,0x45,0x70,0xca,0x2e,0xdd,0x30,0x9c,0x3f,0x82,0x79,0x7f}, + {0xe8,0x13,0xb5,0xa3,0x39,0xd2,0x34,0x83,0xd8,0xa8,0x1f,0xb9,0xd4,0x70,0x36,0xc1,0x33,0xbd,0x90,0xf5,0x36,0x41,0xb5,0x12,0xb4,0xd9,0x84,0xd7,0x73,0x03,0x4e,0x0a,0xba,0x87,0xf5,0x68,0xf0,0x1f,0x9c,0x6a,0xde,0xc8,0x50,0x00,0x4e,0x89,0x27,0x08,0xe7,0x5b,0xed,0x7d,0x55,0x99,0xbf,0x3c,0xf0,0xd6,0x06,0x1c,0x43,0xb0,0xa9,0x64,0x19,0x29,0x7d,0x5b,0xa1,0xd6,0xb3,0x2e,0x35,0x82,0x3a,0xd5,0xa0,0xf6,0xb4,0xb0,0x47,0x5d,0xa4,0x89,0x43,0xce,0x56,0x71,0x6c,0x34,0x18,0xce,0x0a,0x7d,0x1a,0x07}, + {0x0b,0xba,0x87,0xc8,0xaa,0x2d,0x07,0xd3,0xee,0x62,0xa5,0xbf,0x05,0x29,0x26,0x01,0x8b,0x76,0xef,0xc0,0x02,0x30,0x54,0xcf,0x9c,0x7e,0xea,0x46,0x71,0xcc,0x3b,0x2c,0x31,0x44,0xe1,0x20,0x52,0x35,0x0c,0xcc,0x41,0x51,0xb1,0x09,0x07,0x95,0x65,0x0d,0x36,0x5f,0x9d,0x20,0x1b,0x62,0xf5,0x9a,0xd3,0x55,0x77,0x61,0xf7,0xbc,0x69,0x7c,0x5f,0x29,0xe8,0x04,0xeb,0xd7,0xf0,0x07,0x7d,0xf3,0x50,0x2f,0x25,0x18,0xdb,0x10,0xd7,0x98,0x17,0x17,0xa3,0xa9,0x51,0xe9,0x1d,0xa5,0xac,0x22,0x73,0x9a,0x5a,0x6f}, + {0xc5,0xc6,0x41,0x2f,0x0c,0x00,0xa1,0x8b,0x9b,0xfb,0xfe,0x0c,0xc1,0x79,0x9f,0xc4,0x9f,0x1c,0xc5,0x3c,0x70,0x47,0xfa,0x4e,0xca,0xaf,0x47,0xe1,0xa2,0x21,0x4e,0x49,0xbe,0x44,0xd9,0xa3,0xeb,0xd4,0x29,0xe7,0x9e,0xaf,0x78,0x80,0x40,0x09,0x9e,0x8d,0x03,0x9c,0x86,0x47,0x7a,0x56,0x25,0x45,0x24,0x3b,0x8d,0xee,0x80,0x96,0xab,0x02,0x9a,0x0d,0xe5,0xdd,0x85,0x8a,0xa4,0xef,0x49,0xa2,0xb9,0x0f,0x4e,0x22,0x9a,0x21,0xd9,0xf6,0x1e,0xd9,0x1d,0x1f,0x09,0xfa,0x34,0xbb,0x46,0xea,0xcb,0x76,0x5d,0x6b}, + {0x94,0xd9,0x0c,0xec,0x6c,0x55,0x57,0x88,0xba,0x1d,0xd0,0x5c,0x6f,0xdc,0x72,0x64,0x77,0xb4,0x42,0x8f,0x14,0x69,0x01,0xaf,0x54,0x73,0x27,0x85,0xf6,0x33,0xe3,0x0a,0x22,0x25,0x78,0x1e,0x17,0x41,0xf9,0xe0,0xd3,0x36,0x69,0x03,0x74,0xae,0xe6,0xf1,0x46,0xc7,0xfc,0xd0,0xa2,0x3e,0x8b,0x40,0x3e,0x31,0xdd,0x03,0x9c,0x86,0xfb,0x16,0x62,0x09,0xb6,0x33,0x97,0x19,0x8e,0x28,0x33,0xe1,0xab,0xd8,0xb4,0x72,0xfc,0x24,0x3e,0xd0,0x91,0x09,0xed,0xf7,0x11,0x48,0x75,0xd0,0x70,0x8f,0x8b,0xe3,0x81,0x3f}, + {0xfe,0xaf,0xd9,0x7e,0xcc,0x0f,0x91,0x7f,0x4b,0x87,0x65,0x24,0xa1,0xb8,0x5c,0x54,0x04,0x47,0x0c,0x4b,0xd2,0x7e,0x39,0xa8,0x93,0x09,0xf5,0x04,0xc1,0x0f,0x51,0x50,0x24,0xc8,0x17,0x5f,0x35,0x7f,0xdb,0x0a,0xa4,0x99,0x42,0xd7,0xc3,0x23,0xb9,0x74,0xf7,0xea,0xf8,0xcb,0x8b,0x3e,0x7c,0xd5,0x3d,0xdc,0xde,0x4c,0xd3,0xe2,0xd3,0x0a,0x9d,0x24,0x6e,0x33,0xc5,0x0f,0x0c,0x6f,0xd9,0xcf,0x31,0xc3,0x19,0xde,0x5e,0x74,0x1c,0xfe,0xee,0x09,0x00,0xfd,0xd6,0xf2,0xbe,0x1e,0xfa,0xf0,0x8b,0x15,0x7c,0x12}, + {0xa2,0x79,0x98,0x2e,0x42,0x7c,0x19,0xf6,0x47,0x36,0xca,0x52,0xd4,0xdd,0x4a,0xa4,0xcb,0xac,0x4e,0x4b,0xc1,0x3f,0x41,0x9b,0x68,0x4f,0xef,0x07,0x7d,0xf8,0x4e,0x35,0x74,0xb9,0x51,0xae,0xc4,0x8f,0xa2,0xde,0x96,0xfe,0x4d,0x74,0xd3,0x73,0x99,0x1d,0xa8,0x48,0x38,0x87,0x0b,0x68,0x40,0x62,0x95,0xdf,0x67,0xd1,0x79,0x24,0xd8,0x4e,0x75,0xd9,0xc5,0x60,0x22,0xb5,0xe3,0xfe,0xb8,0xb0,0x41,0xeb,0xfc,0x2e,0x35,0x50,0x3c,0x65,0xf6,0xa9,0x30,0xac,0x08,0x88,0x6d,0x23,0x39,0x05,0xd2,0x92,0x2d,0x30}, + {0x3d,0x28,0xa4,0xbc,0xa2,0xc1,0x13,0x78,0xd9,0x3d,0x86,0xa1,0x91,0xf0,0x62,0xed,0x86,0xfa,0x68,0xc2,0xb8,0xbc,0xc7,0xae,0x4c,0xae,0x1c,0x6f,0xb7,0xd3,0xe5,0x10,0x77,0xf1,0xe0,0xe4,0xb6,0x6f,0xbc,0x2d,0x93,0x6a,0xbd,0xa4,0x29,0xbf,0xe1,0x04,0xe8,0xf6,0x7a,0x78,0xd4,0x66,0x19,0x5e,0x60,0xd0,0x26,0xb4,0x5e,0x5f,0xdc,0x0e,0x67,0x8e,0xda,0x53,0xd6,0xbf,0x53,0x54,0x41,0xf6,0xa9,0x24,0xec,0x1e,0xdc,0xe9,0x23,0x8a,0x57,0x03,0x3b,0x26,0x87,0xbf,0x72,0xba,0x1c,0x36,0x51,0x6c,0xb4,0x45}, + {0xa1,0x7f,0x4f,0x31,0xbf,0x2a,0x40,0xa9,0x50,0xf4,0x8c,0x8e,0xdc,0xf1,0x57,0xe2,0x84,0xbe,0xa8,0x23,0x4b,0xd5,0xbb,0x1d,0x3b,0x71,0xcb,0x6d,0xa3,0xbf,0x77,0x21,0xe4,0xe3,0x7f,0x8a,0xdd,0x4d,0x9d,0xce,0x30,0x0e,0x62,0x76,0x56,0x64,0x13,0xab,0x58,0x99,0x0e,0xb3,0x7b,0x4f,0x59,0x4b,0xdf,0x29,0x12,0x32,0xef,0x0a,0x1c,0x5c,0x8f,0xdb,0x79,0xfa,0xbc,0x1b,0x08,0x37,0xb3,0x59,0x5f,0xc2,0x1e,0x81,0x48,0x60,0x87,0x24,0x83,0x9c,0x65,0x76,0x7a,0x08,0xbb,0xb5,0x8a,0x7d,0x38,0x19,0xe6,0x4a}, + {0x2e,0xa3,0x44,0x53,0xaa,0xf6,0xdb,0x8d,0x78,0x40,0x1b,0xb4,0xb4,0xea,0x88,0x7d,0x60,0x0d,0x13,0x4a,0x97,0xeb,0xb0,0x5e,0x03,0x3e,0xbf,0x17,0x1b,0xd9,0x00,0x1a,0x83,0xfb,0x5b,0x98,0x44,0x7e,0x11,0x61,0x36,0x31,0x96,0x71,0x2a,0x46,0xe0,0xfc,0x4b,0x90,0x25,0xd4,0x48,0x34,0xac,0x83,0x64,0x3d,0xa4,0x5b,0xbe,0x5a,0x68,0x75,0xb2,0xf2,0x61,0xeb,0x33,0x09,0x96,0x6e,0x52,0x49,0xff,0xc9,0xa8,0x0f,0x3d,0x54,0x69,0x65,0xf6,0x7a,0x10,0x75,0x72,0xdf,0xaa,0xe6,0xb0,0x23,0xb6,0x29,0x55,0x13}, + {0x18,0xd5,0xd1,0xad,0xd7,0xdb,0xf0,0x18,0x11,0x1f,0xc1,0xcf,0x88,0x78,0x9f,0x97,0x9b,0x75,0x14,0x71,0xf0,0xe1,0x32,0x87,0x01,0x3a,0xca,0x65,0x1a,0xb8,0xb5,0x79,0xfe,0x83,0x2e,0xe2,0xbc,0x16,0xc7,0xf5,0xc1,0x85,0x09,0xe8,0x19,0xeb,0x2b,0xb4,0xae,0x4a,0x25,0x14,0x37,0xa6,0x9d,0xec,0x13,0xa6,0x90,0x15,0x05,0xea,0x72,0x59,0x11,0x78,0x8f,0xdc,0x20,0xac,0xd4,0x0f,0xa8,0x4f,0x4d,0xac,0x94,0xd2,0x9a,0x9a,0x34,0x04,0x36,0xb3,0x64,0x2d,0x1b,0xc0,0xdb,0x3b,0x5f,0x90,0x95,0x9c,0x7e,0x4f}, + {0x2e,0x30,0x81,0x57,0xbc,0x4b,0x67,0x62,0x0f,0xdc,0xad,0x89,0x39,0x0f,0x52,0xd8,0xc6,0xd9,0xfb,0x53,0xae,0x99,0x29,0x8c,0x4c,0x8e,0x63,0x2e,0xd9,0x3a,0x99,0x31,0xfe,0x99,0x52,0x35,0x3d,0x44,0xc8,0x71,0xd7,0xea,0xeb,0xdb,0x1c,0x3b,0xcd,0x8b,0x66,0x94,0xa4,0xf1,0x9e,0x49,0x92,0x80,0xc8,0xad,0x44,0xa1,0xc4,0xee,0x42,0x19,0x92,0x49,0x23,0xae,0x19,0x53,0xac,0x7d,0x92,0x3e,0xea,0x0c,0x91,0x3d,0x1b,0x2c,0x22,0x11,0x3c,0x25,0x94,0xe4,0x3c,0x55,0x75,0xca,0xf9,0x4e,0x31,0x65,0x0a,0x2a}, + {0xc2,0x27,0xf9,0xf7,0x7f,0x93,0xb7,0x2d,0x35,0xa6,0xd0,0x17,0x06,0x1f,0x74,0xdb,0x76,0xaf,0x55,0x11,0xa2,0xf3,0x82,0x59,0xed,0x2d,0x7c,0x64,0x18,0xe2,0xf6,0x4c,0x3a,0x79,0x1c,0x3c,0xcd,0x1a,0x36,0xcf,0x3b,0xbc,0x35,0x5a,0xac,0xbc,0x9e,0x2f,0xab,0xa6,0xcd,0xa8,0xe9,0x60,0xe8,0x60,0x13,0x1a,0xea,0x6d,0x9b,0xc3,0x5d,0x05,0xb6,0x5b,0x8d,0xc2,0x7c,0x22,0x19,0xb1,0xab,0xff,0x4d,0x77,0xbc,0x4e,0xe2,0x07,0x89,0x2c,0xa3,0xe4,0xce,0x78,0x3c,0xa8,0xb6,0x24,0xaa,0x10,0x77,0x30,0x1a,0x12}, + {0x97,0x4a,0x03,0x9f,0x5e,0x5d,0xdb,0xe4,0x2d,0xbc,0x34,0x30,0x09,0xfc,0x53,0xe1,0xb1,0xd3,0x51,0x95,0x91,0x46,0x05,0x46,0x2d,0xe5,0x40,0x7a,0x6c,0xc7,0x3f,0x33,0xc9,0x83,0x74,0xc7,0x3e,0x71,0x59,0xd6,0xaf,0x96,0x2b,0xb8,0x77,0xe0,0xbf,0x88,0xd3,0xbc,0x97,0x10,0x23,0x28,0x9e,0x28,0x9b,0x3a,0xed,0x6c,0x4a,0xb9,0x7b,0x52,0x2e,0x48,0x5b,0x99,0x2a,0x99,0x3d,0x56,0x01,0x38,0x38,0x6e,0x7c,0xd0,0x05,0x34,0xe5,0xd8,0x64,0x2f,0xde,0x35,0x50,0x48,0xf7,0xa9,0xa7,0x20,0x9b,0x06,0x89,0x6b}, + {0x0d,0x22,0x70,0x62,0x41,0xa0,0x2a,0x81,0x4e,0x5b,0x24,0xf9,0xfa,0x89,0x5a,0x99,0x05,0xef,0x72,0x50,0xce,0xc4,0xad,0xff,0x73,0xeb,0x73,0xaa,0x03,0x21,0xbc,0x23,0x77,0xdb,0xc7,0xb5,0x8c,0xfa,0x82,0x40,0x55,0xc1,0x34,0xc7,0xf8,0x86,0x86,0x06,0x7e,0xa5,0xe7,0xf6,0xd9,0xc8,0xe6,0x29,0xcf,0x9b,0x63,0xa7,0x08,0xd3,0x73,0x04,0x05,0x9e,0x58,0x03,0x26,0x79,0xee,0xca,0x92,0xc4,0xdc,0x46,0x12,0x42,0x4b,0x2b,0x4f,0xa9,0x01,0xe6,0x74,0xef,0xa1,0x02,0x1a,0x34,0x04,0xde,0xbf,0x73,0x2f,0x10}, + {0xc6,0x45,0x57,0x7f,0xab,0xb9,0x18,0xeb,0x90,0xc6,0x87,0x57,0xee,0x8a,0x3a,0x02,0xa9,0xaf,0xf7,0x2d,0xda,0x12,0x27,0xb7,0x3d,0x01,0x5c,0xea,0x25,0x7d,0x59,0x36,0x9a,0x1c,0x51,0xb5,0xe0,0xda,0xb4,0xa2,0x06,0xff,0xff,0x2b,0x29,0x60,0xc8,0x7a,0x34,0x42,0x50,0xf5,0x5d,0x37,0x1f,0x98,0x2d,0xa1,0x4e,0xda,0x25,0xd7,0x6b,0x3f,0xac,0x58,0x60,0x10,0x7b,0x8d,0x4d,0x73,0x5f,0x90,0xc6,0x6f,0x9e,0x57,0x40,0xd9,0x2d,0x93,0x02,0x92,0xf9,0xf8,0x66,0x64,0xd0,0xd6,0x60,0xda,0x19,0xcc,0x7e,0x7b}, + {0x0d,0x69,0x5c,0x69,0x3c,0x37,0xc2,0x78,0x6e,0x90,0x42,0x06,0x66,0x2e,0x25,0xdd,0xd2,0x2b,0xe1,0x4a,0x44,0x44,0x1d,0x95,0x56,0x39,0x74,0x01,0x76,0xad,0x35,0x42,0x9b,0xfa,0x7c,0xa7,0x51,0x4a,0xae,0x6d,0x50,0x86,0xa3,0xe7,0x54,0x36,0x26,0x82,0xdb,0x82,0x2d,0x8f,0xcd,0xff,0xbb,0x09,0xba,0xca,0xf5,0x1b,0x66,0xdc,0xbe,0x03,0xf5,0x75,0x89,0x07,0x0d,0xcb,0x58,0x62,0x98,0xf2,0x89,0x91,0x54,0x42,0x29,0x49,0xe4,0x6e,0xe3,0xe2,0x23,0xb4,0xca,0xa0,0xa1,0x66,0xf0,0xcd,0xb0,0xe2,0x7c,0x0e}, + {0xa3,0x85,0x8c,0xc4,0x3a,0x64,0x94,0xc4,0xad,0x39,0x61,0x3c,0xf4,0x1d,0x36,0xfd,0x48,0x4d,0xe9,0x3a,0xdd,0x17,0xdb,0x09,0x4a,0x67,0xb4,0x8f,0x5d,0x0a,0x6e,0x66,0xf9,0x70,0x4b,0xd9,0xdf,0xfe,0xa6,0xfe,0x2d,0xba,0xfc,0xc1,0x51,0xc0,0x30,0xf1,0x89,0xab,0x2f,0x7f,0x7e,0xd4,0x82,0x48,0xb5,0xee,0xec,0x8a,0x13,0x56,0x52,0x61,0x0d,0xcb,0x70,0x48,0x4e,0xf6,0xbb,0x2a,0x6b,0x8b,0x45,0xaa,0xf0,0xbc,0x65,0xcd,0x5d,0x98,0xe8,0x75,0xba,0x4e,0xbe,0x9a,0xe4,0xde,0x14,0xd5,0x10,0xc8,0x0b,0x7f}, + {0x6f,0x13,0xf4,0x26,0xa4,0x6b,0x00,0xb9,0x35,0x30,0xe0,0x57,0x9e,0x36,0x67,0x8d,0x28,0x3c,0x46,0x4f,0xd9,0xdf,0xc8,0xcb,0xf5,0xdb,0xee,0xf8,0xbc,0x8d,0x1f,0x0d,0xa0,0x13,0x72,0x73,0xad,0x9d,0xac,0x83,0x98,0x2e,0xf7,0x2e,0xba,0xf8,0xf6,0x9f,0x57,0x69,0xec,0x43,0xdd,0x2e,0x1e,0x31,0x75,0xab,0xc5,0xde,0x7d,0x90,0x3a,0x1d,0xdc,0x81,0xd0,0x3e,0x31,0x93,0x16,0xba,0x80,0x34,0x1b,0x85,0xad,0x9f,0x32,0x29,0xcb,0x21,0x03,0x03,0x3c,0x01,0x28,0x01,0xe3,0xfd,0x1b,0xa3,0x44,0x1b,0x01,0x00}, + {0x0c,0x6c,0xc6,0x3f,0x6c,0xa0,0xdf,0x3f,0xd2,0x0d,0xd6,0x4d,0x8e,0xe3,0x40,0x5d,0x71,0x4d,0x8e,0x26,0x38,0x8b,0xe3,0x7a,0xe1,0x57,0x83,0x6e,0x91,0x8d,0xc4,0x3a,0x5c,0xa7,0x0a,0x6a,0x69,0x1f,0x56,0x16,0x6a,0xbd,0x52,0x58,0x5c,0x72,0xbf,0xc1,0xad,0x66,0x79,0x9a,0x7f,0xdd,0xa8,0x11,0x26,0x10,0x85,0xd2,0xa2,0x88,0xd9,0x63,0x2e,0x23,0xbd,0xaf,0x53,0x07,0x12,0x00,0x83,0xf6,0xd8,0xfd,0xb8,0xce,0x2b,0xe9,0x91,0x2b,0xe7,0x84,0xb3,0x69,0x16,0xf8,0x66,0xa0,0x68,0x23,0x2b,0xd5,0xfa,0x33}, + {0x16,0x1e,0xe4,0xc5,0xc6,0x49,0x06,0x54,0x35,0x77,0x3f,0x33,0x30,0x64,0xf8,0x0a,0x46,0xe7,0x05,0xf3,0xd2,0xfc,0xac,0xb2,0xa7,0xdc,0x56,0xa2,0x29,0xf4,0xc0,0x16,0xe8,0xcf,0x22,0xc4,0xd0,0xc8,0x2c,0x8d,0xcb,0x3a,0xa1,0x05,0x7b,0x4f,0x2b,0x07,0x6f,0xa5,0xf6,0xec,0xe6,0xb6,0xfe,0xa3,0xe2,0x71,0x0a,0xb9,0xcc,0x55,0xc3,0x3c,0x31,0x91,0x3e,0x90,0x43,0x94,0xb6,0xe9,0xce,0x37,0x56,0x7a,0xcb,0x94,0xa4,0xb8,0x44,0x92,0xba,0xba,0xa4,0xd1,0x7c,0xc8,0x68,0x75,0xae,0x6b,0x42,0xaf,0x1e,0x63}, + {0x9f,0xfe,0x66,0xda,0x10,0x04,0xe9,0xb3,0xa6,0xe5,0x16,0x6c,0x52,0x4b,0xdd,0x85,0x83,0xbf,0xf9,0x1e,0x61,0x97,0x3d,0xbc,0xb5,0x19,0xa9,0x1e,0x8b,0x64,0x99,0x55,0xe8,0x0d,0x70,0xa3,0xb9,0x75,0xd9,0x47,0x52,0x05,0xf8,0xe2,0xfb,0xc5,0x80,0x72,0xe1,0x5d,0xe4,0x32,0x27,0x8f,0x65,0x53,0xb5,0x80,0x5f,0x66,0x7f,0x2c,0x1f,0x43,0x19,0x7b,0x8f,0x85,0x44,0x63,0x02,0xd6,0x4a,0x51,0xea,0xa1,0x2f,0x35,0xab,0x14,0xd7,0xa9,0x90,0x20,0x1a,0x44,0x00,0x89,0x26,0x3b,0x25,0x91,0x5f,0x71,0x04,0x7b}, + {0x43,0xae,0xf6,0xac,0x28,0xbd,0xed,0x83,0xb4,0x7a,0x5c,0x7d,0x8b,0x7c,0x35,0x86,0x44,0x2c,0xeb,0xb7,0x69,0x47,0x40,0xc0,0x3f,0x58,0xf6,0xc2,0xf5,0x7b,0xb3,0x59,0xc6,0xba,0xe6,0xc4,0x80,0xc2,0x76,0xb3,0x0b,0x9b,0x1d,0x6d,0xdd,0xd3,0x0e,0x97,0x44,0xf9,0x0b,0x45,0x58,0x95,0x9a,0xb0,0x23,0xe2,0xcd,0x57,0xfa,0xac,0xd0,0x48,0x71,0xe6,0xab,0x7d,0xe4,0x26,0x0f,0xb6,0x37,0x3a,0x2f,0x62,0x97,0xa1,0xd1,0xf1,0x94,0x03,0x96,0xe9,0x7e,0xce,0x08,0x42,0xdb,0x3b,0x6d,0x33,0x91,0x41,0x23,0x16}, + {0xf6,0x7f,0x26,0xf6,0xde,0x99,0xe4,0xb9,0x43,0x08,0x2c,0x74,0x7b,0xca,0x72,0x77,0xb1,0xf2,0xa4,0xe9,0x3f,0x15,0xa0,0x23,0x06,0x50,0xd0,0xd5,0xec,0xdf,0xdf,0x2c,0x40,0x86,0xf3,0x1f,0xd6,0x9c,0x49,0xdd,0xa0,0x25,0x36,0x06,0xc3,0x9b,0xcd,0x29,0xc3,0x3d,0xd7,0x3d,0x02,0xd8,0xe2,0x51,0x31,0x92,0x3b,0x20,0x7a,0x70,0x25,0x4a,0x6a,0xed,0xf6,0x53,0x8a,0x66,0xb7,0x2a,0xa1,0x70,0xd1,0x1d,0x58,0x42,0x42,0x30,0x61,0x01,0xe2,0x3a,0x4c,0x14,0x00,0x40,0xfc,0x49,0x8e,0x24,0x6d,0x89,0x21,0x57}, + {0xae,0x1b,0x18,0xfd,0x17,0x55,0x6e,0x0b,0xb4,0x63,0xb9,0x2b,0x9f,0x62,0x22,0x90,0x25,0x46,0x06,0x32,0xe9,0xbc,0x09,0x55,0xda,0x13,0x3c,0xf6,0x74,0xdd,0x8e,0x57,0x4e,0xda,0xd0,0xa1,0x91,0x50,0x5d,0x28,0x08,0x3e,0xfe,0xb5,0xa7,0x6f,0xaa,0x4b,0xb3,0x93,0x93,0xe1,0x7c,0x17,0xe5,0x63,0xfd,0x30,0xb0,0xc4,0xaf,0x35,0xc9,0x03,0x3d,0x0c,0x2b,0x49,0xc6,0x76,0x72,0x99,0xfc,0x05,0xe2,0xdf,0xc4,0xc2,0xcc,0x47,0x3c,0x3a,0x62,0xdd,0x84,0x9b,0xd2,0xdc,0xa2,0xc7,0x88,0x02,0x59,0xab,0xc2,0x3e}, + {0xb9,0x7b,0xd8,0xe4,0x7b,0xd2,0xa0,0xa1,0xed,0x1a,0x39,0x61,0xeb,0x4d,0x8b,0xa9,0x83,0x9b,0xcb,0x73,0xd0,0xdd,0xa0,0x99,0xce,0xca,0x0f,0x20,0x5a,0xc2,0xd5,0x2d,0xcb,0xd1,0x32,0xae,0x09,0x3a,0x21,0xa7,0xd5,0xc2,0xf5,0x40,0xdf,0x87,0x2b,0x0f,0x29,0xab,0x1e,0xe8,0xc6,0xa4,0xae,0x0b,0x5e,0xac,0xdb,0x6a,0x6c,0xf6,0x1b,0x0e,0x7e,0x88,0x2c,0x79,0xe9,0xd5,0xab,0xe2,0x5d,0x6d,0x92,0xcb,0x18,0x00,0x02,0x1a,0x1e,0x5f,0xae,0xba,0xcd,0x69,0xba,0xbf,0x5f,0x8f,0xe8,0x5a,0xb3,0x48,0x05,0x73}, + {0xee,0xb8,0xa8,0xcb,0xa3,0x51,0x35,0xc4,0x16,0x5f,0x11,0xb2,0x1d,0x6f,0xa2,0x65,0x50,0x38,0x8c,0xab,0x52,0x4f,0x0f,0x76,0xca,0xb8,0x1d,0x41,0x3b,0x44,0x43,0x30,0x34,0xe3,0xd6,0xa1,0x4b,0x09,0x5b,0x80,0x19,0x3f,0x35,0x09,0x77,0xf1,0x3e,0xbf,0x2b,0x70,0x22,0x06,0xcb,0x06,0x3f,0x42,0xdd,0x45,0x78,0xd8,0x77,0x22,0x5a,0x58,0x62,0x89,0xd4,0x33,0x82,0x5f,0x8a,0xa1,0x7f,0x25,0x78,0xec,0xb5,0xc4,0x98,0x66,0xff,0x41,0x3e,0x37,0xa5,0x6f,0x8e,0xa7,0x1f,0x98,0xef,0x50,0x89,0x27,0x56,0x76}, + {0xc0,0xc8,0x1f,0xd5,0x59,0xcf,0xc3,0x38,0xf2,0xb6,0x06,0x05,0xfd,0xd2,0xed,0x9b,0x8f,0x0e,0x57,0xab,0x9f,0x10,0xbf,0x26,0xa6,0x46,0xb8,0xc1,0xa8,0x60,0x41,0x3f,0x9d,0xcf,0x86,0xea,0xa3,0x73,0x70,0xe1,0xdc,0x5f,0x15,0x07,0xb7,0xfb,0x8c,0x3a,0x8e,0x8a,0x83,0x31,0xfc,0xe7,0x53,0x48,0x16,0xf6,0x13,0xb6,0x84,0xf4,0xbb,0x28,0x7c,0x6c,0x13,0x6f,0x5c,0x2f,0x61,0xf2,0xbe,0x11,0xdd,0xf6,0x07,0xd1,0xea,0xaf,0x33,0x6f,0xde,0x13,0xd2,0x9a,0x7e,0x52,0x5d,0xf7,0x88,0x81,0x35,0xcb,0x79,0x1e}, + {0xf1,0xe3,0xf7,0xee,0xc3,0x36,0x34,0x01,0xf8,0x10,0x9e,0xfe,0x7f,0x6a,0x8b,0x82,0xfc,0xde,0xf9,0xbc,0xe5,0x08,0xf9,0x7f,0x31,0x38,0x3b,0x3a,0x1b,0x95,0xd7,0x65,0x81,0x81,0xe0,0xf5,0xd8,0x53,0xe9,0x77,0xd9,0xde,0x9d,0x29,0x44,0x0c,0xa5,0x84,0xe5,0x25,0x45,0x86,0x0c,0x2d,0x6c,0xdc,0xf4,0xf2,0xd1,0x39,0x2d,0xb5,0x8a,0x47,0x59,0xd1,0x52,0x92,0xd3,0xa4,0xa6,0x66,0x07,0xc8,0x1a,0x87,0xbc,0xe1,0xdd,0xe5,0x6f,0xc9,0xc1,0xa6,0x40,0x6b,0x2c,0xb8,0x14,0x22,0x21,0x1a,0x41,0x7a,0xd8,0x16}, + {0x15,0x62,0x06,0x42,0x5a,0x7e,0xbd,0xb3,0xc1,0x24,0x5a,0x0c,0xcd,0xe3,0x9b,0x87,0xb7,0x94,0xf9,0xd6,0xb1,0x5d,0xc0,0x57,0xa6,0x8c,0xf3,0x65,0x81,0x7c,0xf8,0x28,0x83,0x05,0x4e,0xd5,0xe2,0xd5,0xa4,0xfb,0xfa,0x99,0xbd,0x2e,0xd7,0xaf,0x1f,0xe2,0x8f,0x77,0xe9,0x6e,0x73,0xc2,0x7a,0x49,0xde,0x6d,0x5a,0x7a,0x57,0x0b,0x99,0x1f,0xd6,0xf7,0xe8,0x1b,0xad,0x4e,0x34,0xa3,0x8f,0x79,0xea,0xac,0xeb,0x50,0x1e,0x7d,0x52,0xe0,0x0d,0x52,0x9e,0x56,0xc6,0x77,0x3e,0x6d,0x4d,0x53,0xe1,0x2f,0x88,0x45}, + {0xd6,0x83,0x79,0x75,0x5d,0x34,0x69,0x66,0xa6,0x11,0xaa,0x17,0x11,0xed,0xb6,0x62,0x8f,0x12,0x5e,0x98,0x57,0x18,0xdd,0x7d,0xdd,0xf6,0x26,0xf6,0xb8,0xe5,0x8f,0x68,0xe4,0x6f,0x3c,0x94,0x29,0x99,0xac,0xd8,0xa2,0x92,0x83,0xa3,0x61,0xf1,0xf9,0xb5,0xf3,0x9a,0xc8,0xbe,0x13,0xdb,0x99,0x26,0x74,0xf0,0x05,0xe4,0x3c,0x84,0xcf,0x7d,0xc0,0x32,0x47,0x4a,0x48,0xd6,0x90,0x6c,0x99,0x32,0x56,0xca,0xfd,0x43,0x21,0xd5,0xe1,0xc6,0x5d,0x91,0xc3,0x28,0xbe,0xb3,0x1b,0x19,0x27,0x73,0x7e,0x68,0x39,0x67}, + {0xa6,0x75,0x56,0x38,0x14,0x20,0x78,0xef,0xe8,0xa9,0xfd,0xaa,0x30,0x9f,0x64,0xa2,0xcb,0xa8,0xdf,0x5c,0x50,0xeb,0xd1,0x4c,0xb3,0xc0,0x4d,0x1d,0xba,0x5a,0x11,0x46,0xc0,0x1a,0x0c,0xc8,0x9d,0xcc,0x6d,0xa6,0x36,0xa4,0x38,0x1b,0xf4,0x5c,0xa0,0x97,0xc6,0xd7,0xdb,0x95,0xbe,0xf3,0xeb,0xa7,0xab,0x7d,0x7e,0x8d,0xf6,0xb8,0xa0,0x7d,0x76,0xda,0xb5,0xc3,0x53,0x19,0x0f,0xd4,0x9b,0x9e,0x11,0x21,0x73,0x6f,0xac,0x1d,0x60,0x59,0xb2,0xfe,0x21,0x60,0xcc,0x03,0x4b,0x4b,0x67,0x83,0x7e,0x88,0x5f,0x5a}, + {0x11,0x3d,0xa1,0x70,0xcf,0x01,0x63,0x8f,0xc4,0xd0,0x0d,0x35,0x15,0xb8,0xce,0xcf,0x7e,0xa4,0xbc,0xa4,0xd4,0x97,0x02,0xf7,0x34,0x14,0x4d,0xe4,0x56,0xb6,0x69,0x36,0xb9,0x43,0xa6,0xa0,0xd3,0x28,0x96,0x9e,0x64,0x20,0xc3,0xe6,0x00,0xcb,0xc3,0xb5,0x32,0xec,0x2d,0x7c,0x89,0x02,0x53,0x9b,0x0c,0xc7,0xd1,0xd5,0xe2,0x7a,0xe3,0x43,0x33,0xe1,0xa6,0xed,0x06,0x3f,0x7e,0x38,0xc0,0x3a,0xa1,0x99,0x51,0x1d,0x30,0x67,0x11,0x38,0x26,0x36,0xf8,0xd8,0x5a,0xbd,0xbe,0xe9,0xd5,0x4f,0xcd,0xe6,0x21,0x6a}, + {0x5f,0xe6,0x46,0x30,0x0a,0x17,0xc6,0xf1,0x24,0x35,0xd2,0x00,0x2a,0x2a,0x71,0x58,0x55,0xb7,0x82,0x8c,0x3c,0xbd,0xdb,0x69,0x57,0xff,0x95,0xa1,0xf1,0xf9,0x6b,0x58,0xe3,0xb2,0x99,0x66,0x12,0x29,0x41,0xef,0x01,0x13,0x8d,0x70,0x47,0x08,0xd3,0x71,0xbd,0xb0,0x82,0x11,0xd0,0x32,0x54,0x32,0x36,0x8b,0x1e,0x00,0x07,0x1b,0x37,0x45,0x0b,0x79,0xf8,0x5e,0x8d,0x08,0xdb,0xa6,0xe5,0x37,0x09,0x61,0xdc,0xf0,0x78,0x52,0xb8,0x6e,0xa1,0x61,0xd2,0x49,0x03,0xac,0x79,0x21,0xe5,0x90,0x37,0xb0,0xaf,0x0e}, + {0x2f,0x04,0x48,0x37,0xc1,0x55,0x05,0x96,0x11,0xaa,0x0b,0x82,0xe6,0x41,0x9a,0x21,0x0c,0x6d,0x48,0x73,0x38,0xf7,0x81,0x1c,0x61,0xc6,0x02,0x5a,0x67,0xcc,0x9a,0x30,0x1d,0xae,0x75,0x0f,0x5e,0x80,0x40,0x51,0x30,0xcc,0x62,0x26,0xe3,0xfb,0x02,0xec,0x6d,0x39,0x92,0xea,0x1e,0xdf,0xeb,0x2c,0xb3,0x5b,0x43,0xc5,0x44,0x33,0xae,0x44,0xee,0x43,0xa5,0xbb,0xb9,0x89,0xf2,0x9c,0x42,0x71,0xc9,0x5a,0x9d,0x0e,0x76,0xf3,0xaa,0x60,0x93,0x4f,0xc6,0xe5,0x82,0x1d,0x8f,0x67,0x94,0x7f,0x1b,0x22,0xd5,0x62}, + {0x6d,0x93,0xd0,0x18,0x9c,0x29,0x4c,0x52,0x0c,0x1a,0x0c,0x8a,0x6c,0xb5,0x6b,0xc8,0x31,0x86,0x4a,0xdb,0x2e,0x05,0x75,0xa3,0x62,0x45,0x75,0xbc,0xe4,0xfd,0x0e,0x5c,0x3c,0x7a,0xf7,0x3a,0x26,0xd4,0x85,0x75,0x4d,0x14,0xe9,0xfe,0x11,0x7b,0xae,0xdf,0x3d,0x19,0xf7,0x59,0x80,0x70,0x06,0xa5,0x37,0x20,0x92,0x83,0x53,0x9a,0xf2,0x14,0xf5,0xd7,0xb2,0x25,0xdc,0x7e,0x71,0xdf,0x40,0x30,0xb5,0x99,0xdb,0x70,0xf9,0x21,0x62,0x4c,0xed,0xc3,0xb7,0x34,0x92,0xda,0x3e,0x09,0xee,0x7b,0x5c,0x36,0x72,0x5e}, + {0x7f,0x21,0x71,0x45,0x07,0xfc,0x5b,0x57,0x5b,0xd9,0x94,0x06,0x5d,0x67,0x79,0x37,0x33,0x1e,0x19,0xf4,0xbb,0x37,0x0a,0x9a,0xbc,0xea,0xb4,0x47,0x4c,0x10,0xf1,0x77,0x3e,0xb3,0x08,0x2f,0x06,0x39,0x93,0x7d,0xbe,0x32,0x9f,0xdf,0xe5,0x59,0x96,0x5b,0xfd,0xbd,0x9e,0x1f,0xad,0x3d,0xff,0xac,0xb7,0x49,0x73,0xcb,0x55,0x05,0xb2,0x70,0x4c,0x2c,0x11,0x55,0xc5,0x13,0x51,0xbe,0xcd,0x1f,0x88,0x9a,0x3a,0x42,0x88,0x66,0x47,0x3b,0x50,0x5e,0x85,0x77,0x66,0x44,0x4a,0x40,0x06,0x4a,0x8f,0x39,0x34,0x0e}, + {0xe8,0xbd,0xce,0x3e,0xd9,0x22,0x7d,0xb6,0x07,0x2f,0x82,0x27,0x41,0xe8,0xb3,0x09,0x8d,0x6d,0x5b,0xb0,0x1f,0xa6,0x3f,0x74,0x72,0x23,0x36,0x8a,0x36,0x05,0x54,0x5e,0x28,0x19,0x4b,0x3e,0x09,0x0b,0x93,0x18,0x40,0xf6,0xf3,0x73,0x0e,0xe1,0xe3,0x7d,0x6f,0x5d,0x39,0x73,0xda,0x17,0x32,0xf4,0x3e,0x9c,0x37,0xca,0xd6,0xde,0x8a,0x6f,0x9a,0xb2,0xb7,0xfd,0x3d,0x12,0x40,0xe3,0x91,0xb2,0x1a,0xa2,0xe1,0x97,0x7b,0x48,0x9e,0x94,0xe6,0xfd,0x02,0x7d,0x96,0xf9,0x97,0xde,0xd3,0xc8,0x2e,0xe7,0x0d,0x78}, + {0xbc,0xe7,0x9a,0x08,0x45,0x85,0xe2,0x0a,0x06,0x4d,0x7f,0x1c,0xcf,0xde,0x8d,0x38,0xb8,0x11,0x48,0x0a,0x51,0x15,0xac,0x38,0xe4,0x8c,0x92,0x71,0xf6,0x8b,0xb2,0x0e,0x72,0x27,0xf4,0x00,0xf3,0xea,0x1f,0x67,0xaa,0x41,0x8c,0x2a,0x2a,0xeb,0x72,0x8f,0x92,0x32,0x37,0x97,0xd7,0x7f,0xa1,0x29,0xa6,0x87,0xb5,0x32,0xad,0xc6,0xef,0x1d,0xa7,0x95,0x51,0xef,0x1a,0xbe,0x5b,0xaf,0xed,0x15,0x7b,0x91,0x77,0x12,0x8c,0x14,0x2e,0xda,0xe5,0x7a,0xfb,0xf7,0x91,0x29,0x67,0x28,0xdd,0xf8,0x1b,0x20,0x7d,0x46}, + {0xad,0x4f,0xef,0x74,0x9a,0x91,0xfe,0x95,0xa2,0x08,0xa3,0xf6,0xec,0x7b,0x82,0x3a,0x01,0x7b,0xa4,0x09,0xd3,0x01,0x4e,0x96,0x97,0xc7,0xa3,0x5b,0x4f,0x3c,0xc4,0x71,0xa9,0xe7,0x7a,0x56,0xbd,0xf4,0x1e,0xbc,0xbd,0x98,0x44,0xd6,0xb2,0x4c,0x62,0x3f,0xc8,0x4e,0x1f,0x2c,0xd2,0x64,0x10,0xe4,0x01,0x40,0x38,0xba,0xa5,0xc5,0xf9,0x2e,0xcd,0x74,0x9e,0xfa,0xf6,0x6d,0xfd,0xb6,0x7a,0x26,0xaf,0xe4,0xbc,0x78,0x82,0xf1,0x0e,0x99,0xef,0xf1,0xd0,0xb3,0x55,0x82,0x93,0xf2,0xc5,0x90,0xa3,0x8c,0x75,0x5a}, + {0x95,0x24,0x46,0xd9,0x10,0x27,0xb7,0xa2,0x03,0x50,0x7d,0xd5,0xd2,0xc6,0xa8,0x3a,0xca,0x87,0xb4,0xa0,0xbf,0x00,0xd4,0xe3,0xec,0x72,0xeb,0xb3,0x44,0xe2,0xba,0x2d,0x94,0xdc,0x61,0x1d,0x8b,0x91,0xe0,0x8c,0x66,0x30,0x81,0x9a,0x46,0x36,0xed,0x8d,0xd3,0xaa,0xe8,0xaf,0x29,0xa8,0xe6,0xd4,0x3f,0xd4,0x39,0xf6,0x27,0x80,0x73,0x0a,0xcc,0xe1,0xff,0x57,0x2f,0x4a,0x0f,0x98,0x43,0x98,0x83,0xe1,0x0d,0x0d,0x67,0x00,0xfd,0x15,0xfb,0x49,0x4a,0x3f,0x5c,0x10,0x9c,0xa6,0x26,0x51,0x63,0xca,0x98,0x26}, + {0x78,0xba,0xb0,0x32,0x88,0x31,0x65,0xe7,0x8b,0xff,0x5c,0x92,0xf7,0x31,0x18,0x38,0xcc,0x1f,0x29,0xa0,0x91,0x1b,0xa8,0x08,0x07,0xeb,0xca,0x49,0xcc,0x3d,0xb4,0x1f,0x0e,0xd9,0x3d,0x5e,0x2f,0x70,0x3d,0x2e,0x86,0x53,0xd2,0xe4,0x18,0x09,0x3f,0x9e,0x6a,0xa9,0x4d,0x02,0xf6,0x3e,0x77,0x5e,0x32,0x33,0xfa,0x4a,0x0c,0x4b,0x00,0x3c,0x2b,0xb8,0xf4,0x06,0xac,0x46,0xa9,0x9a,0xf3,0xc4,0x06,0xa8,0xa5,0x84,0xa2,0x1c,0x87,0x47,0xcd,0xc6,0x5f,0x26,0xd3,0x3e,0x17,0xd2,0x1f,0xcd,0x01,0xfd,0x43,0x6b}, + {0x44,0xc5,0x97,0x46,0x4b,0x5d,0xa7,0xc7,0xbf,0xff,0x0f,0xdf,0x48,0xf8,0xfd,0x15,0x5a,0x78,0x46,0xaa,0xeb,0xb9,0x68,0x28,0x14,0xf7,0x52,0x5b,0x10,0xd7,0x68,0x5a,0xf3,0x0e,0x76,0x3e,0x58,0x42,0xc7,0xb5,0x90,0xb9,0x0a,0xee,0xb9,0x52,0xdc,0x75,0x3f,0x92,0x2b,0x07,0xc2,0x27,0x14,0xbf,0xf0,0xd9,0xf0,0x6f,0x2d,0x0b,0x42,0x73,0x06,0x1e,0x85,0x9e,0xcb,0xf6,0x2c,0xaf,0xc4,0x38,0x22,0xc6,0x13,0x39,0x59,0x8f,0x73,0xf3,0xfb,0x99,0x96,0xb8,0x8a,0xda,0x9e,0xbc,0x34,0xea,0x2f,0x63,0xb5,0x3d}, + {0xd8,0xd9,0x5d,0xf7,0x2b,0xee,0x6e,0xf4,0xa5,0x59,0x67,0x39,0xf6,0xb1,0x17,0x0d,0x73,0x72,0x9e,0x49,0x31,0xd1,0xf2,0x1b,0x13,0x5f,0xd7,0x49,0xdf,0x1a,0x32,0x04,0xd5,0x25,0x98,0x82,0xb1,0x90,0x49,0x2e,0x91,0x89,0x9a,0x3e,0x87,0xeb,0xea,0xed,0xf8,0x4a,0x70,0x4c,0x39,0x3d,0xf0,0xee,0x0e,0x2b,0xdf,0x95,0xa4,0x7e,0x19,0x59,0xae,0x5a,0xe5,0xe4,0x19,0x60,0xe1,0x04,0xe9,0x92,0x2f,0x7e,0x7a,0x43,0x7b,0xe7,0xa4,0x9a,0x15,0x6f,0xc1,0x2d,0xce,0xc7,0xc0,0x0c,0xd7,0xf4,0xc1,0xfd,0xea,0x45}, + {0x2b,0xd7,0x45,0x80,0x85,0x01,0x84,0x69,0x51,0x06,0x2f,0xcf,0xa2,0xfa,0x22,0x4c,0xc6,0x2d,0x22,0x6b,0x65,0x36,0x1a,0x94,0xde,0xda,0x62,0x03,0xc8,0xeb,0x5e,0x5a,0xed,0xb1,0xcc,0xcf,0x24,0x46,0x0e,0xb6,0x95,0x03,0x5c,0xbd,0x92,0xc2,0xdb,0x59,0xc9,0x81,0x04,0xdc,0x1d,0x9d,0xa0,0x31,0x40,0xd9,0x56,0x5d,0xea,0xce,0x73,0x3f,0xc6,0x8d,0x4e,0x0a,0xd1,0xbf,0xa7,0xb7,0x39,0xb3,0xc9,0x44,0x7e,0x00,0x57,0xbe,0xfa,0xae,0x57,0x15,0x7f,0x20,0xc1,0x60,0xdb,0x18,0x62,0x26,0x91,0x88,0x05,0x26}, + {0x04,0xff,0x60,0x83,0xa6,0x04,0xf7,0x59,0xf4,0xe6,0x61,0x76,0xde,0x3f,0xd9,0xc3,0x51,0x35,0x87,0x12,0x73,0x2a,0x1b,0x83,0x57,0x5d,0x61,0x4e,0x2e,0x0c,0xad,0x54,0x42,0xe5,0x76,0xc6,0x3c,0x8e,0x81,0x4c,0xad,0xcc,0xce,0x03,0x93,0x2c,0x42,0x5e,0x08,0x9f,0x12,0xb4,0xca,0xcc,0x07,0xec,0xb8,0x43,0x44,0xb2,0x10,0xfa,0xed,0x0d,0x2a,0x52,0x2b,0xb8,0xd5,0x67,0x3b,0xee,0xeb,0xc1,0xa5,0x9f,0x46,0x63,0xf1,0x36,0xd3,0x9f,0xc1,0x6e,0xf2,0xd2,0xb4,0xa5,0x08,0x94,0x7a,0xa7,0xba,0xb2,0xec,0x62}, + {0x3d,0x2b,0x15,0x61,0x52,0x79,0xed,0xe5,0xd1,0xd7,0xdd,0x0e,0x7d,0x35,0x62,0x49,0x71,0x4c,0x6b,0xb9,0xd0,0xc8,0x82,0x74,0xbe,0xd8,0x66,0xa9,0x19,0xf9,0x59,0x2e,0x74,0x28,0xb6,0xaf,0x36,0x28,0x07,0x92,0xa5,0x04,0xe1,0x79,0x85,0x5e,0xcd,0x5f,0x4a,0xa1,0x30,0xc6,0xad,0x01,0xad,0x5a,0x98,0x3f,0x66,0x75,0x50,0x3d,0x91,0x61,0xda,0x31,0x32,0x1a,0x36,0x2d,0xc6,0x0d,0x70,0x02,0x20,0x94,0x32,0x58,0x47,0xfa,0xce,0x94,0x95,0x3f,0x51,0x01,0xd8,0x02,0x5c,0x5d,0xc0,0x31,0xa1,0xc2,0xdb,0x3d}, + {0x4b,0xc5,0x5e,0xce,0xf9,0x0f,0xdc,0x9a,0x0d,0x13,0x2f,0x8c,0x6b,0x2a,0x9c,0x03,0x15,0x95,0xf8,0xf0,0xc7,0x07,0x80,0x02,0x6b,0xb3,0x04,0xac,0x14,0x83,0x96,0x78,0x14,0xbb,0x96,0x27,0xa2,0x57,0xaa,0xf3,0x21,0xda,0x07,0x9b,0xb7,0xba,0x3a,0x88,0x1c,0x39,0xa0,0x31,0x18,0xe2,0x4b,0xe5,0xf9,0x05,0x32,0xd8,0x38,0xfb,0xe7,0x5e,0x8e,0x6a,0x44,0x41,0xcb,0xfd,0x8d,0x53,0xf9,0x37,0x49,0x43,0xa9,0xfd,0xac,0xa5,0x78,0x8c,0x3c,0x26,0x8d,0x90,0xaf,0x46,0x09,0x0d,0xca,0x9b,0x3c,0x63,0xd0,0x61}, + {0x66,0x25,0xdb,0xff,0x35,0x49,0x74,0x63,0xbb,0x68,0x0b,0x78,0x89,0x6b,0xbd,0xc5,0x03,0xec,0x3e,0x55,0x80,0x32,0x1b,0x6f,0xf5,0xd7,0xae,0x47,0xd8,0x5f,0x96,0x6e,0xdf,0x73,0xfc,0xf8,0xbc,0x28,0xa3,0xad,0xfc,0x37,0xf0,0xa6,0x5d,0x69,0x84,0xee,0x09,0xa9,0xc2,0x38,0xdb,0xb4,0x7f,0x63,0xdc,0x7b,0x06,0xf8,0x2d,0xac,0x23,0x5b,0x7b,0x52,0x80,0xee,0x53,0xb9,0xd2,0x9a,0x8d,0x6d,0xde,0xfa,0xaa,0x19,0x8f,0xe8,0xcf,0x82,0x0e,0x15,0x04,0x17,0x71,0x0e,0xdc,0xde,0x95,0xdd,0xb9,0xbb,0xb9,0x79}, + {0xc2,0x26,0x31,0x6a,0x40,0x55,0xb3,0xeb,0x93,0xc3,0xc8,0x68,0xa8,0x83,0x63,0xd2,0x82,0x7a,0xb9,0xe5,0x29,0x64,0x0c,0x6c,0x47,0x21,0xfd,0xc9,0x58,0xf1,0x65,0x50,0x74,0x73,0x9f,0x8e,0xae,0x7d,0x99,0xd1,0x16,0x08,0xbb,0xcf,0xf8,0xa2,0x32,0xa0,0x0a,0x5f,0x44,0x6d,0x12,0xba,0x6c,0xcd,0x34,0xb8,0xcc,0x0a,0x46,0x11,0xa8,0x1b,0x54,0x99,0x42,0x0c,0xfb,0x69,0x81,0x70,0x67,0xcf,0x6e,0xd7,0xac,0x00,0x46,0xe1,0xba,0x45,0xe6,0x70,0x8a,0xb9,0xaa,0x2e,0xf2,0xfa,0xa4,0x58,0x9e,0xf3,0x81,0x39}, + {0x93,0x0a,0x23,0x59,0x75,0x8a,0xfb,0x18,0x5d,0xf4,0xe6,0x60,0x69,0x8f,0x16,0x1d,0xb5,0x3c,0xa9,0x14,0x45,0xa9,0x85,0x3a,0xfd,0xd0,0xac,0x05,0x37,0x08,0xdc,0x38,0xde,0x6f,0xe6,0x6d,0xa5,0xdf,0x45,0xc8,0x3a,0x48,0x40,0x2c,0x00,0xa5,0x52,0xe1,0x32,0xf6,0xb4,0xc7,0x63,0xe1,0xd2,0xe9,0x65,0x1b,0xbc,0xdc,0x2e,0x45,0xf4,0x30,0x40,0x97,0x75,0xc5,0x82,0x27,0x6d,0x85,0xcc,0xbe,0x9c,0xf9,0x69,0x45,0x13,0xfa,0x71,0x4e,0xea,0xc0,0x73,0xfc,0x44,0x88,0x69,0x24,0x3f,0x59,0x1a,0x9a,0x2d,0x63}, + {0xa6,0xcb,0x07,0xb8,0x15,0x6b,0xbb,0xf6,0xd7,0xf0,0x54,0xbc,0xdf,0xc7,0x23,0x18,0x0b,0x67,0x29,0x6e,0x03,0x97,0x1d,0xbb,0x57,0x4a,0xed,0x47,0x88,0xf4,0x24,0x0b,0xa7,0x84,0x0c,0xed,0x11,0xfd,0x09,0xbf,0x3a,0x69,0x9f,0x0d,0x81,0x71,0xf0,0x63,0x79,0x87,0xcf,0x57,0x2d,0x8c,0x90,0x21,0xa2,0x4b,0xf6,0x8a,0xf2,0x7d,0x5a,0x3a,0xc7,0xea,0x1b,0x51,0xbe,0xd4,0xda,0xdc,0xf2,0xcc,0x26,0xed,0x75,0x80,0x53,0xa4,0x65,0x9a,0x5f,0x00,0x9f,0xff,0x9c,0xe1,0x63,0x1f,0x48,0x75,0x44,0xf7,0xfc,0x34}, + {0xca,0x67,0x97,0x78,0x4c,0xe0,0x97,0xc1,0x7d,0x46,0xd9,0x38,0xcb,0x4d,0x71,0xb8,0xa8,0x5f,0xf9,0x83,0x82,0x88,0xde,0x55,0xf7,0x63,0xfa,0x4d,0x16,0xdc,0x3b,0x3d,0x98,0xaa,0xcf,0x78,0xab,0x1d,0xbb,0xa5,0xf2,0x72,0x0b,0x19,0x67,0xa2,0xed,0x5c,0x8e,0x60,0x92,0x0a,0x11,0xc9,0x09,0x93,0xb0,0x74,0xb3,0x2f,0x04,0xa3,0x19,0x01,0x7d,0x17,0xc2,0xe8,0x9c,0xd8,0xa2,0x67,0xc1,0xd0,0x95,0x68,0xf6,0xa5,0x9d,0x66,0xb0,0xa2,0x82,0xb2,0xe5,0x98,0x65,0xf5,0x73,0x0a,0xe2,0xed,0xf1,0x88,0xc0,0x56}, + {0x17,0x6e,0xa8,0x10,0x11,0x3d,0x6d,0x33,0xfa,0xb2,0x75,0x0b,0x32,0x88,0xf3,0xd7,0x88,0x29,0x07,0x25,0x76,0x33,0x15,0xf9,0x87,0x8b,0x10,0x99,0x6b,0x4c,0x67,0x09,0x02,0x8f,0xf3,0x24,0xac,0x5f,0x1b,0x58,0xbd,0x0c,0xe3,0xba,0xfe,0xe9,0x0b,0xa9,0xf0,0x92,0xcf,0x8a,0x02,0x69,0x21,0x9a,0x8f,0x03,0x59,0x83,0xa4,0x7e,0x8b,0x03,0xf8,0x6f,0x31,0x99,0x21,0xf8,0x4e,0x9f,0x4f,0x8d,0xa7,0xea,0x82,0xd2,0x49,0x2f,0x74,0x31,0xef,0x5a,0xab,0xa5,0x71,0x09,0x65,0xeb,0x69,0x59,0x02,0x31,0x5e,0x6e}, + {0xfb,0x93,0xe5,0x87,0xf5,0x62,0x6c,0xb1,0x71,0x3e,0x5d,0xca,0xde,0xed,0x99,0x49,0x6d,0x3e,0xcc,0x14,0xe0,0xc1,0x91,0xb4,0xa8,0xdb,0xa8,0x89,0x47,0x11,0xf5,0x08,0x22,0x62,0x06,0x63,0x0e,0xfb,0x04,0x33,0x3f,0xba,0xac,0x87,0x89,0x06,0x35,0xfb,0xa3,0x61,0x10,0x8c,0x77,0x24,0x19,0xbd,0x20,0x86,0x83,0xd1,0x43,0xad,0x58,0x30,0xd0,0x63,0x76,0xe5,0xfd,0x0f,0x3c,0x32,0x10,0xa6,0x2e,0xa2,0x38,0xdf,0xc3,0x05,0x9a,0x4f,0x99,0xac,0xbd,0x8a,0xc7,0xbd,0x99,0xdc,0xe3,0xef,0xa4,0x9f,0x54,0x26}, + {0xd6,0xf9,0x6b,0x1e,0x46,0x5a,0x1d,0x74,0x81,0xa5,0x77,0x77,0xfc,0xb3,0x05,0x23,0xd9,0xd3,0x74,0x64,0xa2,0x74,0x55,0xd4,0xff,0xe0,0x01,0x64,0xdc,0xe1,0x26,0x19,0x6e,0x66,0x3f,0xaf,0x49,0x85,0x46,0xdb,0xa5,0x0e,0x4a,0xf1,0x04,0xcf,0x7f,0xd7,0x47,0x0c,0xba,0xa4,0xf7,0x3f,0xf2,0x3d,0x85,0x3c,0xce,0x32,0xe1,0xdf,0x10,0x3a,0xa0,0xce,0x17,0xea,0x8a,0x4e,0x7f,0xe0,0xfd,0xc1,0x1f,0x3a,0x46,0x15,0xd5,0x2f,0xf1,0xc0,0xf2,0x31,0xfd,0x22,0x53,0x17,0x15,0x5d,0x1e,0x86,0x1d,0xd0,0xa1,0x1f}, + {0x32,0x98,0x59,0x7d,0x94,0x55,0x80,0xcc,0x20,0x55,0xf1,0x37,0xda,0x56,0x46,0x1e,0x20,0x93,0x05,0x4e,0x74,0xf7,0xf6,0x99,0x33,0xcf,0x75,0x6a,0xbc,0x63,0x35,0x77,0xab,0x94,0xdf,0xd1,0x00,0xac,0xdc,0x38,0xe9,0x0d,0x08,0xd1,0xdd,0x2b,0x71,0x2e,0x62,0xe2,0xd5,0xfd,0x3e,0xe9,0x13,0x7f,0xe5,0x01,0x9a,0xee,0x18,0xed,0xfc,0x73,0xb3,0x9c,0x13,0x63,0x08,0xe9,0xb1,0x06,0xcd,0x3e,0xa0,0xc5,0x67,0xda,0x93,0xa4,0x32,0x89,0x63,0xad,0xc8,0xce,0x77,0x8d,0x44,0x4f,0x86,0x1b,0x70,0x6b,0x42,0x1f}, + {0x01,0x1c,0x91,0x41,0x4c,0x26,0xc9,0xef,0x25,0x2c,0xa2,0x17,0xb8,0xb7,0xa3,0xf1,0x47,0x14,0x0f,0xf3,0x6b,0xda,0x75,0x58,0x90,0xb0,0x31,0x1d,0x27,0xf5,0x1a,0x4e,0x52,0x25,0xa1,0x91,0xc8,0x35,0x7e,0xf1,0x76,0x9c,0x5e,0x57,0x53,0x81,0x6b,0xb7,0x3e,0x72,0x9b,0x0d,0x6f,0x40,0x83,0xfa,0x38,0xe4,0xa7,0x3f,0x1b,0xbb,0x76,0x0b,0x9b,0x93,0x92,0x7f,0xf9,0xc1,0xb8,0x08,0x6e,0xab,0x44,0xd4,0xcb,0x71,0x67,0xbe,0x17,0x80,0xbb,0x99,0x63,0x64,0xe5,0x22,0x55,0xa9,0x72,0xb7,0x1e,0xd6,0x6d,0x7b}, + {0x92,0x3d,0xf3,0x50,0xe8,0xc1,0xad,0xb7,0xcf,0xd5,0x8c,0x60,0x4f,0xfa,0x98,0x79,0xdb,0x5b,0xfc,0x8d,0xbd,0x2d,0x96,0xad,0x4f,0x2f,0x1d,0xaf,0xce,0x9b,0x3e,0x70,0xc7,0xd2,0x01,0xab,0xf9,0xab,0x30,0x57,0x18,0x3b,0x14,0x40,0xdc,0x76,0xfb,0x16,0x81,0xb2,0xcb,0xa0,0x65,0xbe,0x6c,0x86,0xfe,0x6a,0xff,0x9b,0x65,0x9b,0xfa,0x53,0x55,0x54,0x88,0x94,0xe9,0xc8,0x14,0x6c,0xe5,0xd4,0xae,0x65,0x66,0x5d,0x3a,0x84,0xf1,0x5a,0xd6,0xbc,0x3e,0xb7,0x1b,0x18,0x50,0x1f,0xc6,0xc4,0xe5,0x93,0x8d,0x39}, + {0xf3,0x48,0xe2,0x33,0x67,0xd1,0x4b,0x1c,0x5f,0x0a,0xbf,0x15,0x87,0x12,0x9e,0xbd,0x76,0x03,0x0b,0xa1,0xf0,0x8c,0x3f,0xd4,0x13,0x1b,0x19,0xdf,0x5d,0x9b,0xb0,0x53,0xf2,0xe3,0xe7,0xd2,0x60,0x7c,0x87,0xc3,0xb1,0x8b,0x82,0x30,0xa0,0xaa,0x34,0x3b,0x38,0xf1,0x9e,0x73,0xe7,0x26,0x3e,0x28,0x77,0x05,0xc3,0x02,0x90,0x9c,0x9c,0x69,0xcc,0xf1,0x46,0x59,0x23,0xa7,0x06,0xf3,0x7d,0xd9,0xe5,0xcc,0xb5,0x18,0x17,0x92,0x75,0xe9,0xb4,0x81,0x47,0xd2,0xcd,0x28,0x07,0xd9,0xcd,0x6f,0x0c,0xf3,0xca,0x51}, + {0x0a,0xe0,0x74,0x76,0x42,0xa7,0x0b,0xa6,0xf3,0x7b,0x7a,0xa1,0x70,0x85,0x0e,0x63,0xcc,0x24,0x33,0xcf,0x3d,0x56,0x58,0x37,0xaa,0xfd,0x83,0x23,0x29,0xaa,0x04,0x55,0xc7,0x54,0xac,0x18,0x9a,0xf9,0x7a,0x73,0x0f,0xb3,0x1c,0xc5,0xdc,0x78,0x33,0x90,0xc7,0x0c,0xe1,0x4c,0x33,0xbc,0x89,0x2b,0x9a,0xe9,0xf8,0x89,0xc1,0x29,0xae,0x12,0xcf,0x01,0x0d,0x1f,0xcb,0xc0,0x9e,0xa9,0xae,0xf7,0x34,0x3a,0xcc,0xef,0xd1,0x0d,0x22,0x4e,0x9c,0xd0,0x21,0x75,0xca,0x55,0xea,0xa5,0xeb,0x58,0xe9,0x4f,0xd1,0x5f}, + {0x2c,0xab,0x45,0x28,0xdf,0x2d,0xdc,0xb5,0x93,0xe9,0x7f,0x0a,0xb1,0x91,0x94,0x06,0x46,0xe3,0x02,0x40,0xd6,0xf3,0xaa,0x4d,0xd1,0x74,0x64,0x58,0x6e,0xf2,0x3f,0x09,0x8e,0xcb,0x93,0xbf,0x5e,0xfe,0x42,0x3c,0x5f,0x56,0xd4,0x36,0x51,0xa8,0xdf,0xbe,0xe8,0x20,0x42,0x88,0x9e,0x85,0xf0,0xe0,0x28,0xd1,0x25,0x07,0x96,0x3f,0xd7,0x7d,0x29,0x98,0x05,0x68,0xfe,0x24,0x0d,0xb1,0xe5,0x23,0xaf,0xdb,0x72,0x06,0x73,0x75,0x29,0xac,0x57,0xb4,0x3a,0x25,0x67,0x13,0xa4,0x70,0xb4,0x86,0xbc,0xbc,0x59,0x2f}, + {0x5f,0x13,0x17,0x99,0x42,0x7d,0x84,0x83,0xd7,0x03,0x7d,0x56,0x1f,0x91,0x1b,0xad,0xd1,0xaa,0x77,0xbe,0xd9,0x48,0x77,0x7e,0x4a,0xaf,0x51,0x2e,0x2e,0xb4,0x58,0x54,0x01,0xc3,0x91,0xb6,0x60,0xd5,0x41,0x70,0x1e,0xe7,0xd7,0xad,0x3f,0x1b,0x20,0x85,0x85,0x55,0x33,0x11,0x63,0xe1,0xc2,0x16,0xb1,0x28,0x08,0x01,0x3d,0x5e,0xa5,0x2a,0x4f,0x44,0x07,0x0c,0xe6,0x92,0x51,0xed,0x10,0x1d,0x42,0x74,0x2d,0x4e,0xc5,0x42,0x64,0xc8,0xb5,0xfd,0x82,0x4c,0x2b,0x35,0x64,0x86,0x76,0x8a,0x4a,0x00,0xe9,0x13}, + {0xdb,0xce,0x2f,0x83,0x45,0x88,0x9d,0x73,0x63,0xf8,0x6b,0xae,0xc9,0xd6,0x38,0xfa,0xf7,0xfe,0x4f,0xb7,0xca,0x0d,0xbc,0x32,0x5e,0xe4,0xbc,0x14,0x88,0x7e,0x93,0x73,0x7f,0x87,0x3b,0x19,0xc9,0x00,0x2e,0xbb,0x6b,0x50,0xdc,0xe0,0x90,0xa8,0xe3,0xec,0x9f,0x64,0xde,0x36,0xc0,0xb7,0xf3,0xec,0x1a,0x9e,0xde,0x98,0x08,0x04,0x46,0x5f,0x8d,0xf4,0x7b,0x29,0x16,0x71,0x03,0xb9,0x34,0x68,0xf0,0xd4,0x22,0x3b,0xd1,0xa9,0xc6,0xbd,0x96,0x46,0x57,0x15,0x97,0xe1,0x35,0xe8,0xd5,0x91,0xe8,0xa4,0xf8,0x2c}, + {0x67,0x0f,0x11,0x07,0x87,0xfd,0x93,0x6d,0x49,0xb5,0x38,0x7c,0xd3,0x09,0x4c,0xdd,0x86,0x6a,0x73,0xc2,0x4c,0x6a,0xb1,0x7c,0x09,0x2a,0x25,0x58,0x6e,0xbd,0x49,0x20,0xa2,0x6b,0xd0,0x17,0x7e,0x48,0xb5,0x2c,0x6b,0x19,0x50,0x39,0x1c,0x38,0xd2,0x24,0x30,0x8a,0x97,0x85,0x81,0x9c,0x65,0xd7,0xf6,0xa4,0xd6,0x91,0x28,0x7f,0x6f,0x7a,0x49,0xef,0x9a,0x6a,0x8d,0xfd,0x09,0x7d,0x0b,0xb9,0x3d,0x5b,0xbe,0x60,0xee,0xf0,0xd4,0xbf,0x9e,0x51,0x2c,0xb5,0x21,0x4c,0x1d,0x94,0x45,0xc5,0xdf,0xaa,0x11,0x60}, + {0x3c,0xf8,0x95,0xcf,0x6d,0x92,0x67,0x5f,0x71,0x90,0x28,0x71,0x61,0x85,0x7e,0x7c,0x5b,0x7a,0x8f,0x99,0xf3,0xe7,0xa1,0xd6,0xe0,0xf9,0x62,0x0b,0x1b,0xcc,0xc5,0x6f,0x90,0xf8,0xcb,0x02,0xc8,0xd0,0xde,0x63,0xaa,0x6a,0xff,0x0d,0xca,0x98,0xd0,0xfb,0x99,0xed,0xb6,0xb9,0xfd,0x0a,0x4d,0x62,0x1e,0x0b,0x34,0x79,0xb7,0x18,0xce,0x69,0xcb,0x79,0x98,0xb2,0x28,0x55,0xef,0xd1,0x92,0x90,0x7e,0xd4,0x3c,0xae,0x1a,0xdd,0x52,0x23,0x9f,0x18,0x42,0x04,0x7e,0x12,0xf1,0x01,0x71,0xe5,0x3a,0x6b,0x59,0x15}, + {0xa2,0x79,0x91,0x3f,0xd2,0x39,0x27,0x46,0xcf,0xdd,0xd6,0x97,0x31,0x12,0x83,0xff,0x8a,0x14,0xf2,0x53,0xb5,0xde,0x07,0x13,0xda,0x4d,0x5f,0x7b,0x68,0x37,0x22,0x0d,0xca,0x24,0x51,0x7e,0x16,0x31,0xff,0x09,0xdf,0x45,0xc7,0xd9,0x8b,0x15,0xe4,0x0b,0xe5,0x56,0xf5,0x7e,0x22,0x7d,0x2b,0x29,0x38,0xd1,0xb6,0xaf,0x41,0xe2,0xa4,0x3a,0xf5,0x05,0x33,0x2a,0xbf,0x38,0xc1,0x2c,0xc3,0x26,0xe9,0xa2,0x8f,0x3f,0x58,0x48,0xeb,0xd2,0x49,0x55,0xa2,0xb1,0x3a,0x08,0x6c,0xa3,0x87,0x46,0x6e,0xaa,0xfc,0x32}, + {0xf5,0x9a,0x7d,0xc5,0x8d,0x6e,0xc5,0x7b,0xf2,0xbd,0xf0,0x9d,0xed,0xd2,0x0b,0x3e,0xa3,0xe4,0xef,0x22,0xde,0x14,0xc0,0xaa,0x5c,0x6a,0xbd,0xfe,0xce,0xe9,0x27,0x46,0xdf,0xcc,0x87,0x27,0x73,0xa4,0x07,0x32,0xf8,0xe3,0x13,0xf2,0x08,0x19,0xe3,0x17,0x4e,0x96,0x0d,0xf6,0xd7,0xec,0xb2,0xd5,0xe9,0x0b,0x60,0xc2,0x36,0x63,0x6f,0x74,0x1c,0x97,0x6c,0xab,0x45,0xf3,0x4a,0x3f,0x1f,0x73,0x43,0x99,0x72,0xeb,0x88,0xe2,0x6d,0x18,0x44,0x03,0x8a,0x6a,0x59,0x33,0x93,0x62,0xd6,0x7e,0x00,0x17,0x49,0x7b}, + {0x64,0xb0,0x84,0xab,0x5c,0xfb,0x85,0x2d,0x14,0xbc,0xf3,0x89,0xd2,0x10,0x78,0x49,0x0c,0xce,0x15,0x7b,0x44,0xdc,0x6a,0x47,0x7b,0xfd,0x44,0xf8,0x76,0xa3,0x2b,0x12,0xdd,0xa2,0x53,0xdd,0x28,0x1b,0x34,0x54,0x3f,0xfc,0x42,0xdf,0x5b,0x90,0x17,0xaa,0xf4,0xf8,0xd2,0x4d,0xd9,0x92,0xf5,0x0f,0x7d,0xd3,0x8c,0xe0,0x0f,0x62,0x03,0x1d,0x54,0xe5,0xb4,0xa2,0xcd,0x32,0x02,0xc2,0x7f,0x18,0x5d,0x11,0x42,0xfd,0xd0,0x9e,0xd9,0x79,0xd4,0x7d,0xbe,0xb4,0xab,0x2e,0x4c,0xec,0x68,0x2b,0xf5,0x0b,0xc7,0x02}, + {0xbb,0x2f,0x0b,0x5d,0x4b,0xec,0x87,0xa2,0xca,0x82,0x48,0x07,0x90,0x57,0x5c,0x41,0x5c,0x81,0xd0,0xc1,0x1e,0xa6,0x44,0xe0,0xe0,0xf5,0x9e,0x40,0x0a,0x4f,0x33,0x26,0xe1,0x72,0x8d,0x45,0xbf,0x32,0xe5,0xac,0xb5,0x3c,0xb7,0x7c,0xe0,0x68,0xe7,0x5b,0xe7,0xbd,0x8b,0xee,0x94,0x7d,0xcf,0x56,0x03,0x3a,0xb4,0xfe,0xe3,0x97,0x06,0x6b,0xc0,0xa3,0x62,0xdf,0x4a,0xf0,0xc8,0xb6,0x5d,0xa4,0x6d,0x07,0xef,0x00,0xf0,0x3e,0xa9,0xd2,0xf0,0x49,0x58,0xb9,0x9c,0x9c,0xae,0x2f,0x1b,0x44,0x43,0x7f,0xc3,0x1c}, + {0x4f,0x32,0xc7,0x5c,0x5a,0x56,0x8f,0x50,0x22,0xa9,0x06,0xe5,0xc0,0xc4,0x61,0xd0,0x19,0xac,0x45,0x5c,0xdb,0xab,0x18,0xfb,0x4a,0x31,0x80,0x03,0xc1,0x09,0x68,0x6c,0xb9,0xae,0xce,0xc9,0xf1,0x56,0x66,0xd7,0x6a,0x65,0xe5,0x18,0xf8,0x15,0x5b,0x1c,0x34,0x23,0x4c,0x84,0x32,0x28,0xe7,0x26,0x38,0x68,0x19,0x2f,0x77,0x6f,0x34,0x3a,0xc8,0x6a,0xda,0xe2,0x12,0x51,0xd5,0xd2,0xed,0x51,0xe8,0xb1,0x31,0x03,0xbd,0xe9,0x62,0x72,0xc6,0x8e,0xdd,0x46,0x07,0x96,0xd0,0xc5,0xf7,0x6e,0x9f,0x1b,0x91,0x05}, + {0xbb,0x0e,0xdf,0xf5,0x83,0x99,0x33,0xc1,0xac,0x4c,0x2c,0x51,0x8f,0x75,0xf3,0xc0,0xe1,0x98,0xb3,0x0b,0x0a,0x13,0xf1,0x2c,0x62,0x0c,0x27,0xaa,0xf9,0xec,0x3c,0x6b,0xef,0xea,0x2e,0x51,0xf3,0xac,0x49,0x53,0x49,0xcb,0xc1,0x1c,0xd3,0x41,0xc1,0x20,0x8d,0x68,0x9a,0xa9,0x07,0x0c,0x18,0x24,0x17,0x2d,0x4b,0xc6,0xd1,0xf9,0x5e,0x55,0x08,0xbd,0x73,0x3b,0xba,0x70,0xa7,0x36,0x0c,0xbf,0xaf,0xa3,0x08,0xef,0x4a,0x62,0xf2,0x46,0x09,0xb4,0x98,0xff,0x37,0x57,0x9d,0x74,0x81,0x33,0xe1,0x4d,0x5f,0x67}, + {0xfc,0x82,0x17,0x6b,0x03,0x52,0x2c,0x0e,0xb4,0x83,0xad,0x6c,0x81,0x6c,0x81,0x64,0x3e,0x07,0x64,0x69,0xd9,0xbd,0xdc,0xd0,0x20,0xc5,0x64,0x01,0xf7,0x9d,0xd9,0x13,0x1d,0xb3,0xda,0x3b,0xd9,0xf6,0x2f,0xa1,0xfe,0x2d,0x65,0x9d,0x0f,0xd8,0x25,0x07,0x87,0x94,0xbe,0x9a,0xf3,0x4f,0x9c,0x01,0x43,0x3c,0xcd,0x82,0xb8,0x50,0xf4,0x60,0xca,0xc0,0xe5,0x21,0xc3,0x5e,0x4b,0x01,0xa2,0xbf,0x19,0xd7,0xc9,0x69,0xcb,0x4f,0xa0,0x23,0x00,0x75,0x18,0x1c,0x5f,0x4e,0x80,0xac,0xed,0x55,0x9e,0xde,0x06,0x1c}, + {0xe2,0xc4,0x3e,0xa3,0xd6,0x7a,0x0f,0x99,0x8e,0xe0,0x2e,0xbe,0x38,0xf9,0x08,0x66,0x15,0x45,0x28,0x63,0xc5,0x43,0xa1,0x9c,0x0d,0xb6,0x2d,0xec,0x1f,0x8a,0xf3,0x4c,0xaa,0x69,0x6d,0xff,0x40,0x2b,0xd5,0xff,0xbb,0x49,0x40,0xdc,0x18,0x0b,0x53,0x34,0x97,0x98,0x4d,0xa3,0x2f,0x5c,0x4a,0x5e,0x2d,0xba,0x32,0x7d,0x8e,0x6f,0x09,0x78,0xe7,0x5c,0xfa,0x0d,0x65,0xaa,0xaa,0xa0,0x8c,0x47,0xb5,0x48,0x2a,0x9e,0xc4,0xf9,0x5b,0x72,0x03,0x70,0x7d,0xcc,0x09,0x4f,0xbe,0x1a,0x09,0x26,0x3a,0xad,0x3c,0x37}, + {0x7c,0xf5,0xc9,0x82,0x4d,0x63,0x94,0xb2,0x36,0x45,0x93,0x24,0xe1,0xfd,0xcb,0x1f,0x5a,0xdb,0x8c,0x41,0xb3,0x4d,0x9c,0x9e,0xfc,0x19,0x44,0x45,0xd9,0xf3,0x40,0x00,0xad,0xbb,0xdd,0x89,0xfb,0xa8,0xbe,0xf1,0xcb,0xae,0xae,0x61,0xbc,0x2c,0xcb,0x3b,0x9d,0x8d,0x9b,0x1f,0xbb,0xa7,0x58,0x8f,0x86,0xa6,0x12,0x51,0xda,0x7e,0x54,0x21,0xd3,0x86,0x59,0xfd,0x39,0xe9,0xfd,0xde,0x0c,0x38,0x0a,0x51,0x89,0x2c,0x27,0xf4,0xb9,0x19,0x31,0xbb,0x07,0xa4,0x2b,0xb7,0xf4,0x4d,0x25,0x4a,0x33,0x0a,0x55,0x63}, + {0x37,0xcf,0x69,0xb5,0xed,0xd6,0x07,0x65,0xe1,0x2e,0xa5,0x0c,0xb0,0x29,0x84,0x17,0x5d,0xd6,0x6b,0xeb,0x90,0x00,0x7c,0xea,0x51,0x8f,0xf7,0xda,0xc7,0x62,0xea,0x3e,0x49,0x7b,0x54,0x72,0x45,0x58,0xba,0x9b,0xe0,0x08,0xc4,0xe2,0xfa,0xc6,0x05,0xf3,0x8d,0xf1,0x34,0xc7,0x69,0xfa,0xe8,0x60,0x7a,0x76,0x7d,0xaa,0xaf,0x2b,0xa9,0x39,0x4e,0x27,0x93,0xe6,0x13,0xc7,0x24,0x9d,0x75,0xd3,0xdb,0x68,0x77,0x85,0x63,0x5f,0x9a,0xb3,0x8a,0xeb,0x60,0x55,0x52,0x70,0xcd,0xc4,0xc9,0x65,0x06,0x6a,0x43,0x68}, + {0x27,0x3f,0x2f,0x20,0xe8,0x35,0x02,0xbc,0xb0,0x75,0xf9,0x64,0xe2,0x00,0x5c,0xc7,0x16,0x24,0x8c,0xa3,0xd5,0xe9,0xa4,0x91,0xf9,0x89,0xb7,0x8a,0xf6,0xe7,0xb6,0x17,0x7c,0x10,0x20,0xe8,0x17,0xd3,0x56,0x1e,0x65,0xe9,0x0a,0x84,0x44,0x68,0x26,0xc5,0x7a,0xfc,0x0f,0x32,0xc6,0xa1,0xe0,0xc1,0x72,0x14,0x61,0x91,0x9c,0x66,0x73,0x53,0x57,0x52,0x0e,0x9a,0xab,0x14,0x28,0x5d,0xfc,0xb3,0xca,0xc9,0x84,0x20,0x8f,0x90,0xca,0x1e,0x2d,0x5b,0x88,0xf5,0xca,0xaf,0x11,0x7d,0xf8,0x78,0xa6,0xb5,0xb4,0x1c}, + {0x6c,0xfc,0x4a,0x39,0x6b,0xc0,0x64,0xb6,0xb1,0x5f,0xda,0x98,0x24,0xde,0x88,0x0c,0x34,0xd8,0xca,0x4b,0x16,0x03,0x8d,0x4f,0xa2,0x34,0x74,0xde,0x78,0xca,0x0b,0x33,0xe7,0x07,0xa0,0xa2,0x62,0xaa,0x74,0x6b,0xb1,0xc7,0x71,0xf0,0xb0,0xe0,0x11,0xf3,0x23,0xe2,0x0b,0x00,0x38,0xe4,0x07,0x57,0xac,0x6e,0xef,0x82,0x2d,0xfd,0xc0,0x2d,0x4e,0x74,0x19,0x11,0x84,0xff,0x2e,0x98,0x24,0x47,0x07,0x2b,0x96,0x5e,0x69,0xf9,0xfb,0x53,0xc9,0xbf,0x4f,0xc1,0x8a,0xc5,0xf5,0x1c,0x9f,0x36,0x1b,0xbe,0x31,0x3c}, + {0xee,0x8a,0x94,0x08,0x4d,0x86,0xf4,0xb0,0x6f,0x1c,0xba,0x91,0xee,0x19,0xdc,0x07,0x58,0xa1,0xac,0xa6,0xae,0xcd,0x75,0x79,0xbb,0xd4,0x62,0x42,0x13,0x61,0x0b,0x33,0x72,0x42,0xcb,0xf9,0x93,0xbc,0x68,0xc1,0x98,0xdb,0xce,0xc7,0x1f,0x71,0xb8,0xae,0x7a,0x8d,0xac,0x34,0xaa,0x52,0x0e,0x7f,0xbb,0x55,0x7d,0x7e,0x09,0xc1,0xce,0x41,0x8a,0x80,0x6d,0xa2,0xd7,0x19,0x96,0xf7,0x6d,0x15,0x9e,0x1d,0x9e,0xd4,0x1f,0xbb,0x27,0xdf,0xa1,0xdb,0x6c,0xc3,0xd7,0x73,0x7d,0x77,0x28,0x1f,0xd9,0x4c,0xb4,0x26}, + {0x75,0x74,0x38,0x8f,0x47,0x48,0xf0,0x51,0x3c,0xcb,0xbe,0x9c,0xf4,0xbc,0x5d,0xb2,0x55,0x20,0x9f,0xd9,0x44,0x12,0xab,0x9a,0xd6,0xa5,0x10,0x1c,0x6c,0x9e,0x70,0x2c,0x83,0x03,0x73,0x62,0x93,0xf2,0xb7,0xe1,0x2c,0x8a,0xca,0xeb,0xff,0x79,0x52,0x4b,0x14,0x13,0xd4,0xbf,0x8a,0x77,0xfc,0xda,0x0f,0x61,0x72,0x9c,0x14,0x10,0xeb,0x7d,0x7a,0xee,0x66,0x87,0x6a,0xaf,0x62,0xcb,0x0e,0xcd,0x53,0x55,0x04,0xec,0xcb,0x66,0xb5,0xe4,0x0b,0x0f,0x38,0x01,0x80,0x58,0xea,0xe2,0x2c,0xf6,0x9f,0x8e,0xe6,0x08}, + {0xad,0x30,0xc1,0x4b,0x0a,0x50,0xad,0x34,0x9c,0xd4,0x0b,0x3d,0x49,0xdb,0x38,0x8d,0xbe,0x89,0x0a,0x50,0x98,0x3d,0x5c,0xa2,0x09,0x3b,0xba,0xee,0x87,0x3f,0x1f,0x2f,0xf9,0xf2,0xb8,0x0a,0xd5,0x09,0x2d,0x2f,0xdf,0x23,0x59,0xc5,0x8d,0x21,0xb9,0xac,0xb9,0x6c,0x76,0x73,0x26,0x34,0x8f,0x4a,0xf5,0x19,0xf7,0x38,0xd7,0x3b,0xb1,0x4c,0x4a,0xb6,0x15,0xe5,0x75,0x8c,0x84,0xf7,0x38,0x90,0x4a,0xdb,0xba,0x01,0x95,0xa5,0x50,0x1b,0x75,0x3f,0x3f,0x31,0x0d,0xc2,0xe8,0x2e,0xae,0xc0,0x53,0xe3,0xa1,0x19}, + {0xc3,0x05,0xfa,0xba,0x60,0x75,0x1c,0x7d,0x61,0x5e,0xe5,0xc6,0xa0,0xa0,0xe1,0xb3,0x73,0x64,0xd6,0xc0,0x18,0x97,0x52,0xe3,0x86,0x34,0x0c,0xc2,0x11,0x6b,0x54,0x41,0xbd,0xbd,0x96,0xd5,0xcd,0x72,0x21,0xb4,0x40,0xfc,0xee,0x98,0x43,0x45,0xe0,0x93,0xb5,0x09,0x41,0xb4,0x47,0x53,0xb1,0x9f,0x34,0xae,0x66,0x02,0x99,0xd3,0x6b,0x73,0xb4,0xb3,0x34,0x93,0x50,0x2d,0x53,0x85,0x73,0x65,0x81,0x60,0x4b,0x11,0xfd,0x46,0x75,0x83,0x5c,0x42,0x30,0x5f,0x5f,0xcc,0x5c,0xab,0x7f,0xb8,0xa2,0x95,0x22,0x41}, + {0xe9,0xd6,0x7e,0xf5,0x88,0x9b,0xc9,0x19,0x25,0xc8,0xf8,0x6d,0x26,0xcb,0x93,0x53,0x73,0xd2,0x0a,0xb3,0x13,0x32,0xee,0x5c,0x34,0x2e,0x2d,0xb5,0xeb,0x53,0xe1,0x14,0xc6,0xea,0x93,0xe2,0x61,0x52,0x65,0x2e,0xdb,0xac,0x33,0x21,0x03,0x92,0x5a,0x84,0x6b,0x99,0x00,0x79,0xcb,0x75,0x09,0x46,0x80,0xdd,0x5a,0x19,0x8d,0xbb,0x60,0x07,0x8a,0x81,0xe6,0xcd,0x17,0x1a,0x3e,0x41,0x84,0xa0,0x69,0xed,0xa9,0x6d,0x15,0x57,0xb1,0xcc,0xca,0x46,0x8f,0x26,0xbf,0x2c,0xf2,0xc5,0x3a,0xc3,0x9b,0xbe,0x34,0x6b}, + {0xb2,0xc0,0x78,0x3a,0x64,0x2f,0xdf,0xf3,0x7c,0x02,0x2e,0xf2,0x1e,0x97,0x3e,0x4c,0xa3,0xb5,0xc1,0x49,0x5e,0x1c,0x7d,0xec,0x2d,0xdd,0x22,0x09,0x8f,0xc1,0x12,0x20,0xd3,0xf2,0x71,0x65,0x65,0x69,0xfc,0x11,0x7a,0x73,0x0e,0x53,0x45,0xe8,0xc9,0xc6,0x35,0x50,0xfe,0xd4,0xa2,0xe7,0x3a,0xe3,0x0b,0xd3,0x6d,0x2e,0xb6,0xc7,0xb9,0x01,0x29,0x9d,0xc8,0x5a,0xe5,0x55,0x0b,0x88,0x63,0xa7,0xa0,0x45,0x1f,0x24,0x83,0x14,0x1f,0x6c,0xe7,0xc2,0xdf,0xef,0x36,0x3d,0xe8,0xad,0x4b,0x4e,0x78,0x5b,0xaf,0x08}, + {0x33,0x25,0x1f,0x88,0xdc,0x99,0x34,0x28,0xb6,0x23,0x93,0x77,0xda,0x25,0x05,0x9d,0xf4,0x41,0x34,0x67,0xfb,0xdd,0x7a,0x89,0x8d,0x16,0x3a,0x16,0x71,0x9d,0xb7,0x32,0x4b,0x2c,0xcc,0x89,0xd2,0x14,0x73,0xe2,0x8d,0x17,0x87,0xa2,0x11,0xbd,0xe4,0x4b,0xce,0x64,0x33,0xfa,0xd6,0x28,0xd5,0x18,0x6e,0x82,0xd9,0xaf,0xd5,0xc1,0x23,0x64,0x6a,0xb3,0xfc,0xed,0xd9,0xf8,0x85,0xcc,0xf9,0xe5,0x46,0x37,0x8f,0xc2,0xbc,0x22,0xcd,0xd3,0xe5,0xf9,0x38,0xe3,0x9d,0xe4,0xcc,0x2d,0x3e,0xc1,0xfb,0x5e,0x0a,0x48}, + {0x71,0x20,0x62,0x01,0x0b,0xe7,0x51,0x0b,0xc5,0xaf,0x1d,0x8b,0xcf,0x05,0xb5,0x06,0xcd,0xab,0x5a,0xef,0x61,0xb0,0x6b,0x2c,0x31,0xbf,0xb7,0x0c,0x60,0x27,0xaa,0x47,0x1f,0x22,0xce,0x42,0xe4,0x4c,0x61,0xb6,0x28,0x39,0x05,0x4c,0xcc,0x9d,0x19,0x6e,0x03,0xbe,0x1c,0xdc,0xa4,0xb4,0x3f,0x66,0x06,0x8e,0x1c,0x69,0x47,0x1d,0xb3,0x24,0xc3,0xf8,0x15,0xc0,0xed,0x1e,0x54,0x2a,0x7c,0x3f,0x69,0x7c,0x7e,0xfe,0xa4,0x11,0xd6,0x78,0xa2,0x4e,0x13,0x66,0xaf,0xf0,0x94,0xa0,0xdd,0x14,0x5d,0x58,0x5b,0x54}, + {0x0f,0x3a,0xd4,0xa0,0x5e,0x27,0xbf,0x67,0xbe,0xee,0x9b,0x08,0x34,0x8e,0xe6,0xad,0x2e,0xe7,0x79,0xd4,0x4c,0x13,0x89,0x42,0x54,0x54,0xba,0x32,0xc3,0xf9,0x62,0x0f,0xe1,0x21,0xb3,0xe3,0xd0,0xe4,0x04,0x62,0x95,0x1e,0xff,0x28,0x7a,0x63,0xaa,0x3b,0x9e,0xbd,0x99,0x5b,0xfd,0xcf,0x0c,0x0b,0x71,0xd0,0xc8,0x64,0x3e,0xdc,0x22,0x4d,0x39,0x5f,0x3b,0xd6,0x89,0x65,0xb4,0xfc,0x61,0xcf,0xcb,0x57,0x3f,0x6a,0xae,0x5c,0x05,0xfa,0x3a,0x95,0xd2,0xc2,0xba,0xfe,0x36,0x14,0x37,0x36,0x1a,0xa0,0x0f,0x1c}, + {0xff,0x3d,0x94,0x22,0xb6,0x04,0xc6,0xd2,0xa0,0xb3,0xcf,0x44,0xce,0xbe,0x8c,0xbc,0x78,0x86,0x80,0x97,0xf3,0x4f,0x25,0x5d,0xbf,0xa6,0x1c,0x3b,0x4f,0x61,0xa3,0x0f,0x50,0x6a,0x93,0x8c,0x0e,0x2b,0x08,0x69,0xb6,0xc5,0xda,0xc1,0x35,0xa0,0xc9,0xf9,0x34,0xb6,0xdf,0xc4,0x54,0x3e,0xb7,0x6f,0x40,0xc1,0x2b,0x1d,0x9b,0x41,0x05,0x40,0xf0,0x82,0xbe,0xb9,0xbd,0xfe,0x03,0xa0,0x90,0xac,0x44,0x3a,0xaf,0xc1,0x89,0x20,0x8e,0xfa,0x54,0x19,0x91,0x9f,0x49,0xf8,0x42,0xab,0x40,0xef,0x8a,0x21,0xba,0x1f}, + {0x3e,0xf5,0xc8,0xfa,0x48,0x94,0x54,0xab,0x41,0x37,0xa6,0x7b,0x9a,0xe8,0xf6,0x81,0x01,0x5e,0x2b,0x6c,0x7d,0x6c,0xfd,0x74,0x42,0x6e,0xc8,0xa8,0xca,0x3a,0x2e,0x39,0x94,0x01,0x7b,0x3e,0x04,0x57,0x3e,0x4f,0x7f,0xaf,0xda,0x08,0xee,0x3e,0x1d,0xa8,0xf1,0xde,0xdc,0x99,0xab,0xc6,0x39,0xc8,0xd5,0x61,0x77,0xff,0x13,0x5d,0x53,0x6c,0xaf,0x35,0x8a,0x3e,0xe9,0x34,0xbd,0x4c,0x16,0xe8,0x87,0x58,0x44,0x81,0x07,0x2e,0xab,0xb0,0x9a,0xf2,0x76,0x9c,0x31,0x19,0x3b,0xc1,0x0a,0xd5,0xe4,0x7f,0xe1,0x25}, + {0x76,0xf6,0x04,0x1e,0xd7,0x9b,0x28,0x0a,0x95,0x0f,0x42,0xd6,0x52,0x1c,0x8e,0x20,0xab,0x1f,0x69,0x34,0xb0,0xd8,0x86,0x51,0x51,0xb3,0x9f,0x2a,0x44,0x51,0x57,0x25,0xa7,0x21,0xf1,0x76,0xf5,0x7f,0x5f,0x91,0xe3,0x87,0xcd,0x2f,0x27,0x32,0x4a,0xc3,0x26,0xe5,0x1b,0x4d,0xde,0x2f,0xba,0xcc,0x9b,0x89,0x69,0x89,0x8f,0x82,0xba,0x6b,0x01,0x39,0xfe,0x90,0x66,0xbc,0xd1,0xe2,0xd5,0x7a,0x99,0xa0,0x18,0x4a,0xb5,0x4c,0xd4,0x60,0x84,0xaf,0x14,0x69,0x1d,0x97,0xe4,0x7b,0x6b,0x7f,0x4f,0x50,0x9d,0x55}, + {0xd5,0x54,0xeb,0xb3,0x78,0x83,0x73,0xa7,0x7c,0x3c,0x55,0xa5,0x66,0xd3,0x69,0x1d,0xba,0x00,0x28,0xf9,0x62,0xcf,0x26,0x0a,0x17,0x32,0x7e,0x80,0xd5,0x12,0xab,0x01,0xfd,0x66,0xd2,0xf6,0xe7,0x91,0x48,0x9c,0x1b,0x78,0x07,0x03,0x9b,0xa1,0x44,0x07,0x3b,0xe2,0x61,0x60,0x1d,0x8f,0x38,0x88,0x0e,0xd5,0x4b,0x35,0xa3,0xa6,0x3e,0x12,0x96,0x2d,0xe3,0x41,0x90,0x18,0x8d,0x11,0x48,0x58,0x31,0xd8,0xc2,0xe3,0xed,0xb9,0xd9,0x45,0x32,0xd8,0x71,0x42,0xab,0x1e,0x54,0xa1,0x18,0xc9,0xe2,0x61,0x39,0x4a}, + {0xa0,0xbb,0xe6,0xf8,0xe0,0x3b,0xdc,0x71,0x0a,0xe3,0xff,0x7e,0x34,0xf8,0xce,0xd6,0x6a,0x47,0x3a,0xe1,0x5f,0x42,0x92,0xa9,0x63,0xb7,0x1d,0xfb,0xe3,0xbc,0xd6,0x2c,0x1e,0x3f,0x23,0xf3,0x44,0xd6,0x27,0x03,0x16,0xf0,0xfc,0x34,0x0e,0x26,0x9a,0x49,0x79,0xb9,0xda,0xf2,0x16,0xa7,0xb5,0x83,0x1f,0x11,0xd4,0x9b,0xad,0xee,0xac,0x68,0x10,0xc2,0xd7,0xf3,0x0e,0xc9,0xb4,0x38,0x0c,0x04,0xad,0xb7,0x24,0x6e,0x8e,0x30,0x23,0x3e,0xe7,0xb7,0xf1,0xd9,0x60,0x38,0x97,0xf5,0x08,0xb5,0xd5,0x60,0x57,0x59}, + {0x97,0x63,0xaa,0x04,0xe1,0xbf,0x29,0x61,0xcb,0xfc,0xa7,0xa4,0x08,0x00,0x96,0x8f,0x58,0x94,0x90,0x7d,0x89,0xc0,0x8b,0x3f,0xa9,0x91,0xb2,0xdc,0x3e,0xa4,0x9f,0x70,0x90,0x27,0x02,0xfd,0xeb,0xcb,0x2a,0x88,0x60,0x57,0x11,0xc4,0x05,0x33,0xaf,0x89,0xf4,0x73,0x34,0x7d,0xe3,0x92,0xf4,0x65,0x2b,0x5a,0x51,0x54,0xdf,0xc5,0xb2,0x2c,0xca,0x2a,0xfd,0x63,0x8c,0x5d,0x0a,0xeb,0xff,0x4e,0x69,0x2e,0x66,0xc1,0x2b,0xd2,0x3a,0xb0,0xcb,0xf8,0x6e,0xf3,0x23,0x27,0x1f,0x13,0xc8,0xf0,0xec,0x29,0xf0,0x70}, + {0x33,0x3e,0xed,0x2e,0xb3,0x07,0x13,0x46,0xe7,0x81,0x55,0xa4,0x33,0x2f,0x04,0xae,0x66,0x03,0x5f,0x19,0xd3,0x49,0x44,0xc9,0x58,0x48,0x31,0x6c,0x8a,0x5d,0x7d,0x0b,0xb9,0xb0,0x10,0x5e,0xaa,0xaf,0x6a,0x2a,0xa9,0x1a,0x04,0xef,0x70,0xa3,0xf0,0x78,0x1f,0xd6,0x3a,0xaa,0x77,0xfb,0x3e,0x77,0xe1,0xd9,0x4b,0xa7,0xa2,0xa5,0xec,0x44,0x43,0xd5,0x95,0x7b,0x32,0x48,0xd4,0x25,0x1d,0x0f,0x34,0xa3,0x00,0x83,0xd3,0x70,0x2b,0xc5,0xe1,0x60,0x1c,0x53,0x1c,0xde,0xe4,0xe9,0x7d,0x2c,0x51,0x24,0x22,0x27}, + {0x2e,0x34,0xc5,0x49,0xaf,0x92,0xbc,0x1a,0xd0,0xfa,0xe6,0xb2,0x11,0xd8,0xee,0xff,0x29,0x4e,0xc8,0xfc,0x8d,0x8c,0xa2,0xef,0x43,0xc5,0x4c,0xa4,0x18,0xdf,0xb5,0x11,0xfc,0x75,0xa9,0x42,0x8a,0xbb,0x7b,0xbf,0x58,0xa3,0xad,0x96,0x77,0x39,0x5c,0x8c,0x48,0xaa,0xed,0xcd,0x6f,0xc7,0x7f,0xe2,0xa6,0x20,0xbc,0xf6,0xd7,0x5f,0x73,0x19,0x66,0x42,0xc8,0x42,0xd0,0x90,0xab,0xe3,0x7e,0x54,0x19,0x7f,0x0f,0x8e,0x84,0xeb,0xb9,0x97,0xa4,0x65,0xd0,0xa1,0x03,0x25,0x5f,0x89,0xdf,0x91,0x11,0x91,0xef,0x0f} +}; + +NAMESPACE_END // Arch32 +NAMESPACE_END // Donna +NAMESPACE_END // CryptoPP + +#endif // CRYPTOPP_DOXYGEN_PROCESSING +#endif // CRYPTOPP_DONNA_32_H diff --git a/vendor/cryptopp/vendor_cryptopp/donna_64.cpp b/vendor/cryptopp/vendor_cryptopp/donna_64.cpp new file mode 100644 index 00000000..370ff43b --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/donna_64.cpp @@ -0,0 +1,1654 @@ +// donna_64.cpp - written and placed in public domain by Jeffrey Walton +// Crypto++ specific implementation wrapped around Andrew +// Moon's public domain curve25519-donna and ed25519-donna, +// https://github.com/floodyberry/curve25519-donna and +// https://github.com/floodyberry/ed25519-donna. + +// The curve25519 and ed25519 source files multiplex different repos and +// architectures using namespaces. The repos are Andrew Moon's +// curve25519-donna and ed25519-donna. The architectures are 32-bit, 64-bit +// and SSE. For example, 32-bit x25519 uses symbols from Donna::X25519 and +// Donna::Arch32. + +// A fair amount of duplication happens below, but we could not directly +// use curve25519 for both x25519 and ed25519. A close examination reveals +// slight differences in the implementation. For example, look at the +// two curve25519_sub functions. + +// If needed, see Moon's commit "Go back to ignoring 256th bit [sic]", +// https://github.com/floodyberry/curve25519-donna/commit/57a683d18721a658 + +#include "pch.h" + +#include "config.h" +#include "donna.h" +#include "secblock.h" +#include "sha.h" +#include "misc.h" +#include "cpu.h" + +// Squash MS LNK4221 and libtool warnings +extern const char DONNA64_FNAME[] = __FILE__; + +#if defined(CRYPTOPP_CURVE25519_64BIT) + +#include "donna_64.h" + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word64; +using CryptoPP::GetWord; +using CryptoPP::PutWord; +using CryptoPP::LITTLE_ENDIAN_ORDER; + +inline word64 U8TO64_LE(const byte* p) +{ + return GetWord(false, LITTLE_ENDIAN_ORDER, p); +} + +inline void U64TO8_LE(byte* p, word64 w) +{ + PutWord(false, LITTLE_ENDIAN_ORDER, p, w); +} + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Donna) +NAMESPACE_BEGIN(X25519) +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::sword32; +using CryptoPP::word64; +using CryptoPP::sword64; + +using CryptoPP::GetBlock; +using CryptoPP::LittleEndian; + +// Bring in all the symbols from the 64-bit header +using namespace CryptoPP::Donna::Arch64; + +/* out = in */ +inline void +curve25519_copy(bignum25519 out, const bignum25519 in) { + out[0] = in[0]; out[1] = in[1]; + out[2] = in[2]; out[3] = in[3]; + out[4] = in[4]; +} + +/* out = a + b */ +inline void +curve25519_add(bignum25519 out, const bignum25519 a, const bignum25519 b) { + out[0] = a[0] + b[0]; + out[1] = a[1] + b[1]; + out[2] = a[2] + b[2]; + out[3] = a[3] + b[3]; + out[4] = a[4] + b[4]; +} + +/* out = a - b */ +inline void +curve25519_sub(bignum25519 out, const bignum25519 a, const bignum25519 b) { + out[0] = a[0] + two54m152 - b[0]; + out[1] = a[1] + two54m8 - b[1]; + out[2] = a[2] + two54m8 - b[2]; + out[3] = a[3] + two54m8 - b[3]; + out[4] = a[4] + two54m8 - b[4]; +} + +/* out = (in * scalar) */ +inline void +curve25519_scalar_product(bignum25519 out, const bignum25519 in, const word64 scalar) { + word128 a; + word64 c; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + a = ((word128) in[0]) * scalar; out[0] = (word64)a & reduce_mask_51; c = (word64)(a >> 51); + a = ((word128) in[1]) * scalar + c; out[1] = (word64)a & reduce_mask_51; c = (word64)(a >> 51); + a = ((word128) in[2]) * scalar + c; out[2] = (word64)a & reduce_mask_51; c = (word64)(a >> 51); + a = ((word128) in[3]) * scalar + c; out[3] = (word64)a & reduce_mask_51; c = (word64)(a >> 51); + a = ((word128) in[4]) * scalar + c; out[4] = (word64)a & reduce_mask_51; c = (word64)(a >> 51); + out[0] += c * 19; +#else + mul64x64_128(a, in[0], scalar) out[0] = lo128(a) & reduce_mask_51; shr128(c, a, 51); + mul64x64_128(a, in[1], scalar) add128_64(a, c) out[1] = lo128(a) & reduce_mask_51; shr128(c, a, 51); + mul64x64_128(a, in[2], scalar) add128_64(a, c) out[2] = lo128(a) & reduce_mask_51; shr128(c, a, 51); + mul64x64_128(a, in[3], scalar) add128_64(a, c) out[3] = lo128(a) & reduce_mask_51; shr128(c, a, 51); + mul64x64_128(a, in[4], scalar) add128_64(a, c) out[4] = lo128(a) & reduce_mask_51; shr128(c, a, 51); + out[0] += c * 19; +#endif +} + +/* out = a * b */ +inline void +curve25519_mul(bignum25519 out, const bignum25519 a, const bignum25519 b) { +#if !defined(CRYPTOPP_WORD128_AVAILABLE) + word128 mul; +#endif + word128 t[5]; + word64 r0,r1,r2,r3,r4,s0,s1,s2,s3,s4,c; + + r0 = b[0]; r1 = b[1]; r2 = b[2]; r3 = b[3]; r4 = b[4]; + s0 = a[0]; s1 = a[1]; s2 = a[2]; s3 = a[3]; s4 = a[4]; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + t[0] = ((word128) r0) * s0; + t[1] = ((word128) r0) * s1 + ((word128) r1) * s0; + t[2] = ((word128) r0) * s2 + ((word128) r2) * s0 + ((word128) r1) * s1; + t[3] = ((word128) r0) * s3 + ((word128) r3) * s0 + ((word128) r1) * s2 + ((word128) r2) * s1; + t[4] = ((word128) r0) * s4 + ((word128) r4) * s0 + ((word128) r3) * s1 + ((word128) r1) * s3 + ((word128) r2) * s2; +#else + mul64x64_128(t[0], r0, s0) + mul64x64_128(t[1], r0, s1) mul64x64_128(mul, r1, s0) add128(t[1], mul) + mul64x64_128(t[2], r0, s2) mul64x64_128(mul, r2, s0) add128(t[2], mul) mul64x64_128(mul, r1, s1) add128(t[2], mul) + mul64x64_128(t[3], r0, s3) mul64x64_128(mul, r3, s0) add128(t[3], mul) mul64x64_128(mul, r1, s2) add128(t[3], mul) mul64x64_128(mul, r2, s1) add128(t[3], mul) + mul64x64_128(t[4], r0, s4) mul64x64_128(mul, r4, s0) add128(t[4], mul) mul64x64_128(mul, r3, s1) add128(t[4], mul) mul64x64_128(mul, r1, s3) add128(t[4], mul) mul64x64_128(mul, r2, s2) add128(t[4], mul) +#endif + + r1 *= 19; r2 *= 19; r3 *= 19; r4 *= 19; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + t[0] += ((word128) r4) * s1 + ((word128) r1) * s4 + ((word128) r2) * s3 + ((word128) r3) * s2; + t[1] += ((word128) r4) * s2 + ((word128) r2) * s4 + ((word128) r3) * s3; + t[2] += ((word128) r4) * s3 + ((word128) r3) * s4; + t[3] += ((word128) r4) * s4; +#else + mul64x64_128(mul, r4, s1) add128(t[0], mul) mul64x64_128(mul, r1, s4) add128(t[0], mul) mul64x64_128(mul, r2, s3) add128(t[0], mul) mul64x64_128(mul, r3, s2) add128(t[0], mul) + mul64x64_128(mul, r4, s2) add128(t[1], mul) mul64x64_128(mul, r2, s4) add128(t[1], mul) mul64x64_128(mul, r3, s3) add128(t[1], mul) + mul64x64_128(mul, r4, s3) add128(t[2], mul) mul64x64_128(mul, r3, s4) add128(t[2], mul) + mul64x64_128(mul, r4, s4) add128(t[3], mul) +#endif + + r0 = lo128(t[0]) & reduce_mask_51; shr128(c, t[0], 51); + add128_64(t[1], c) r1 = lo128(t[1]) & reduce_mask_51; shr128(c, t[1], 51); + add128_64(t[2], c) r2 = lo128(t[2]) & reduce_mask_51; shr128(c, t[2], 51); + add128_64(t[3], c) r3 = lo128(t[3]) & reduce_mask_51; shr128(c, t[3], 51); + add128_64(t[4], c) r4 = lo128(t[4]) & reduce_mask_51; shr128(c, t[4], 51); + r0 += c * 19; c = r0 >> 51; r0 = r0 & reduce_mask_51; + r1 += c; + + out[0] = r0; out[1] = r1; out[2] = r2; out[3] = r3; out[4] = r4; +} + +/* out = in^(2 * count) */ +inline void +curve25519_square_times(bignum25519 out, const bignum25519 in, word64 count) { +#if !defined(CRYPTOPP_WORD128_AVAILABLE) + word128 mul; +#endif + word128 t[5]; + word64 r0,r1,r2,r3,r4,c; + word64 d0,d1,d2,d4,d419; + + r0 = in[0]; r1 = in[1]; r2 = in[2]; r3 = in[3]; r4 = in[4]; + + do { + d0 = r0 * 2; d1 = r1 * 2; + d2 = r2 * 2 * 19; + d419 = r4 * 19; d4 = d419 * 2; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + t[0] = ((word128) r0) * r0 + ((word128) d4) * r1 + (((word128) d2) * (r3 )); + t[1] = ((word128) d0) * r1 + ((word128) d4) * r2 + (((word128) r3) * (r3 * 19)); + t[2] = ((word128) d0) * r2 + ((word128) r1) * r1 + (((word128) d4) * (r3 )); + t[3] = ((word128) d0) * r3 + ((word128) d1) * r2 + (((word128) r4) * (d419 )); + t[4] = ((word128) d0) * r4 + ((word128) d1) * r3 + (((word128) r2) * (r2 )); +#else + mul64x64_128(t[0], r0, r0) mul64x64_128(mul, d4, r1) add128(t[0], mul) mul64x64_128(mul, d2, r3) add128(t[0], mul) + mul64x64_128(t[1], d0, r1) mul64x64_128(mul, d4, r2) add128(t[1], mul) mul64x64_128(mul, r3, r3 * 19) add128(t[1], mul) + mul64x64_128(t[2], d0, r2) mul64x64_128(mul, r1, r1) add128(t[2], mul) mul64x64_128(mul, d4, r3) add128(t[2], mul) + mul64x64_128(t[3], d0, r3) mul64x64_128(mul, d1, r2) add128(t[3], mul) mul64x64_128(mul, r4, d419) add128(t[3], mul) + mul64x64_128(t[4], d0, r4) mul64x64_128(mul, d1, r3) add128(t[4], mul) mul64x64_128(mul, r2, r2) add128(t[4], mul) +#endif + + r0 = lo128(t[0]) & reduce_mask_51; shr128(c, t[0], 51); + add128_64(t[1], c) r1 = lo128(t[1]) & reduce_mask_51; shr128(c, t[1], 51); + add128_64(t[2], c) r2 = lo128(t[2]) & reduce_mask_51; shr128(c, t[2], 51); + add128_64(t[3], c) r3 = lo128(t[3]) & reduce_mask_51; shr128(c, t[3], 51); + add128_64(t[4], c) r4 = lo128(t[4]) & reduce_mask_51; shr128(c, t[4], 51); + r0 += c * 19; c = r0 >> 51; r0 = r0 & reduce_mask_51; + r1 += c; + } while(--count); + + out[0] = r0; out[1] = r1; out[2] = r2; out[3] = r3; out[4] = r4; +} + +inline void +curve25519_square(bignum25519 out, const bignum25519 in) { +#if !defined(CRYPTOPP_WORD128_AVAILABLE) + word128 mul; +#endif + word128 t[5]; + word64 r0,r1,r2,r3,r4,c; + word64 d0,d1,d2,d4,d419; + + r0 = in[0]; r1 = in[1]; r2 = in[2]; r3 = in[3]; r4 = in[4]; + + d0 = r0 * 2; d1 = r1 * 2; + d2 = r2 * 2 * 19; + d419 = r4 * 19; d4 = d419 * 2; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + t[0] = ((word128) r0) * r0 + ((word128) d4) * r1 + (((word128) d2) * (r3 )); + t[1] = ((word128) d0) * r1 + ((word128) d4) * r2 + (((word128) r3) * (r3 * 19)); + t[2] = ((word128) d0) * r2 + ((word128) r1) * r1 + (((word128) d4) * (r3 )); + t[3] = ((word128) d0) * r3 + ((word128) d1) * r2 + (((word128) r4) * (d419 )); + t[4] = ((word128) d0) * r4 + ((word128) d1) * r3 + (((word128) r2) * (r2 )); +#else + mul64x64_128(t[0], r0, r0) mul64x64_128(mul, d4, r1) add128(t[0], mul) mul64x64_128(mul, d2, r3) add128(t[0], mul) + mul64x64_128(t[1], d0, r1) mul64x64_128(mul, d4, r2) add128(t[1], mul) mul64x64_128(mul, r3, r3 * 19) add128(t[1], mul) + mul64x64_128(t[2], d0, r2) mul64x64_128(mul, r1, r1) add128(t[2], mul) mul64x64_128(mul, d4, r3) add128(t[2], mul) + mul64x64_128(t[3], d0, r3) mul64x64_128(mul, d1, r2) add128(t[3], mul) mul64x64_128(mul, r4, d419) add128(t[3], mul) + mul64x64_128(t[4], d0, r4) mul64x64_128(mul, d1, r3) add128(t[4], mul) mul64x64_128(mul, r2, r2) add128(t[4], mul) +#endif + + r0 = lo128(t[0]) & reduce_mask_51; shr128(c, t[0], 51); + add128_64(t[1], c) r1 = lo128(t[1]) & reduce_mask_51; shr128(c, t[1], 51); + add128_64(t[2], c) r2 = lo128(t[2]) & reduce_mask_51; shr128(c, t[2], 51); + add128_64(t[3], c) r3 = lo128(t[3]) & reduce_mask_51; shr128(c, t[3], 51); + add128_64(t[4], c) r4 = lo128(t[4]) & reduce_mask_51; shr128(c, t[4], 51); + r0 += c * 19; c = r0 >> 51; r0 = r0 & reduce_mask_51; + r1 += c; + + out[0] = r0; out[1] = r1; out[2] = r2; out[3] = r3; out[4] = r4; +} + +/* Take a little-endian, 32-byte number and expand it into polynomial form */ +inline void +curve25519_expand(bignum25519 out, const byte *in) { + word64 x0,x1,x2,x3; + GetBlock block(in); + block(x0)(x1)(x2)(x3); + + out[0] = x0 & reduce_mask_51; x0 = (x0 >> 51) | (x1 << 13); + out[1] = x0 & reduce_mask_51; x1 = (x1 >> 38) | (x2 << 26); + out[2] = x1 & reduce_mask_51; x2 = (x2 >> 25) | (x3 << 39); + out[3] = x2 & reduce_mask_51; x3 = (x3 >> 12); + out[4] = x3 & reduce_mask_51; /* ignore the top bit */ +} + +/* Take a fully reduced polynomial form number and contract it into a + * little-endian, 32-byte array + */ +inline void +curve25519_contract(byte *out, const bignum25519 input) { + word64 t[5]; + word64 f, i; + + t[0] = input[0]; + t[1] = input[1]; + t[2] = input[2]; + t[3] = input[3]; + t[4] = input[4]; + + #define curve25519_contract_carry() \ + t[1] += t[0] >> 51; t[0] &= reduce_mask_51; \ + t[2] += t[1] >> 51; t[1] &= reduce_mask_51; \ + t[3] += t[2] >> 51; t[2] &= reduce_mask_51; \ + t[4] += t[3] >> 51; t[3] &= reduce_mask_51; + + #define curve25519_contract_carry_full() curve25519_contract_carry() \ + t[0] += 19 * (t[4] >> 51); t[4] &= reduce_mask_51; + + #define curve25519_contract_carry_final() curve25519_contract_carry() \ + t[4] &= reduce_mask_51; + + curve25519_contract_carry_full() + curve25519_contract_carry_full() + + /* now t is between 0 and 2^255-1, properly carried. */ + /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ + t[0] += 19; + curve25519_contract_carry_full() + + /* now between 19 and 2^255-1 in both cases, and offset by 19. */ + t[0] += 0x8000000000000 - 19; + t[1] += 0x8000000000000 - 1; + t[2] += 0x8000000000000 - 1; + t[3] += 0x8000000000000 - 1; + t[4] += 0x8000000000000 - 1; + + /* now between 2^255 and 2^256-20, and offset by 2^255. */ + curve25519_contract_carry_final() + + #define write51full(n,shift) \ + f = ((t[n] >> shift) | (t[n+1] << (51 - shift))); \ + for (i = 0; i < 8; i++, f >>= 8) *out++ = (byte)f; + #define write51(n) write51full(n,13*n) + + write51(0) + write51(1) + write51(2) + write51(3) + + #undef curve25519_contract_carry + #undef curve25519_contract_carry_full + #undef curve25519_contract_carry_final + #undef write51full + #undef write51 +} + +/* + * Swap the contents of [qx] and [qpx] iff @swap is non-zero + */ +inline void +curve25519_swap_conditional(bignum25519 x, bignum25519 qpx, word64 iswap) { + const word64 swap = (word64)(-(sword64)iswap); + word64 x0,x1,x2,x3,x4; + + x0 = swap & (x[0] ^ qpx[0]); x[0] ^= x0; qpx[0] ^= x0; + x1 = swap & (x[1] ^ qpx[1]); x[1] ^= x1; qpx[1] ^= x1; + x2 = swap & (x[2] ^ qpx[2]); x[2] ^= x2; qpx[2] ^= x2; + x3 = swap & (x[3] ^ qpx[3]); x[3] ^= x3; qpx[3] ^= x3; + x4 = swap & (x[4] ^ qpx[4]); x[4] ^= x4; qpx[4] ^= x4; +} + +/* + * In: b = 2^5 - 2^0 + * Out: b = 2^250 - 2^0 + */ +void +curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) { + ALIGN(16) bignum25519 t0,c; + + /* 2^5 - 2^0 */ /* b */ + /* 2^10 - 2^5 */ curve25519_square_times(t0, b, 5); + /* 2^10 - 2^0 */ curve25519_mul(b, t0, b); + /* 2^20 - 2^10 */ curve25519_square_times(t0, b, 10); + /* 2^20 - 2^0 */ curve25519_mul(c, t0, b); + /* 2^40 - 2^20 */ curve25519_square_times(t0, c, 20); + /* 2^40 - 2^0 */ curve25519_mul(t0, t0, c); + /* 2^50 - 2^10 */ curve25519_square_times(t0, t0, 10); + /* 2^50 - 2^0 */ curve25519_mul(b, t0, b); + /* 2^100 - 2^50 */ curve25519_square_times(t0, b, 50); + /* 2^100 - 2^0 */ curve25519_mul(c, t0, b); + /* 2^200 - 2^100 */ curve25519_square_times(t0, c, 100); + /* 2^200 - 2^0 */ curve25519_mul(t0, t0, c); + /* 2^250 - 2^50 */ curve25519_square_times(t0, t0, 50); + /* 2^250 - 2^0 */ curve25519_mul(b, t0, b); +} + +/* + * z^(p - 2) = z(2^255 - 21) + */ +void +curve25519_recip(bignum25519 out, const bignum25519 z) { + ALIGN(16) bignum25519 a, t0, b; + + /* 2 */ curve25519_square(a, z); /* a = 2 */ + /* 8 */ curve25519_square_times(t0, a, 2); + /* 9 */ curve25519_mul(b, t0, z); /* b = 9 */ + /* 11 */ curve25519_mul(a, b, a); /* a = 11 */ + /* 22 */ curve25519_square(t0, a); + /* 2^5 - 2^0 = 31 */ curve25519_mul(b, t0, b); + /* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b); + /* 2^255 - 2^5 */ curve25519_square_times(b, b, 5); + /* 2^255 - 21 */ curve25519_mul(out, b, a); +} + +ANONYMOUS_NAMESPACE_END +NAMESPACE_END // X25519 +NAMESPACE_END // Donna +NAMESPACE_END // CryptoPP + +//******************************* ed25519 *******************************// + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Donna) +NAMESPACE_BEGIN(Ed25519) +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::sword32; +using CryptoPP::word64; +using CryptoPP::sword64; + +using CryptoPP::GetBlock; +using CryptoPP::LittleEndian; + +using CryptoPP::SHA512; + +// Bring in all the symbols from the 64-bit header +using namespace CryptoPP::Donna::Arch64; + +/* out = in */ +inline void +curve25519_copy(bignum25519 out, const bignum25519 in) { + out[0] = in[0]; out[1] = in[1]; + out[2] = in[2]; out[3] = in[3]; + out[4] = in[4]; +} + +/* out = a + b */ +inline void +curve25519_add(bignum25519 out, const bignum25519 a, const bignum25519 b) { + out[0] = a[0] + b[0]; out[1] = a[1] + b[1]; + out[2] = a[2] + b[2]; out[3] = a[3] + b[3]; + out[4] = a[4] + b[4]; +} + +/* out = a + b, where a and/or b are the result of a basic op (add,sub) */ +inline void +curve25519_add_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) { + out[0] = a[0] + b[0]; out[1] = a[1] + b[1]; + out[2] = a[2] + b[2]; out[3] = a[3] + b[3]; + out[4] = a[4] + b[4]; +} + +inline void +curve25519_add_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) { + word64 c; + out[0] = a[0] + b[0] ; c = (out[0] >> 51); out[0] &= reduce_mask_51; + out[1] = a[1] + b[1] + c; c = (out[1] >> 51); out[1] &= reduce_mask_51; + out[2] = a[2] + b[2] + c; c = (out[2] >> 51); out[2] &= reduce_mask_51; + out[3] = a[3] + b[3] + c; c = (out[3] >> 51); out[3] &= reduce_mask_51; + out[4] = a[4] + b[4] + c; c = (out[4] >> 51); out[4] &= reduce_mask_51; + out[0] += c * 19; +} + +/* out = a - b */ +inline void +curve25519_sub(bignum25519 out, const bignum25519 a, const bignum25519 b) { + out[0] = a[0] + twoP0 - b[0]; + out[1] = a[1] + twoP1234 - b[1]; + out[2] = a[2] + twoP1234 - b[2]; + out[3] = a[3] + twoP1234 - b[3]; + out[4] = a[4] + twoP1234 - b[4]; +} + +/* out = a - b, where a and/or b are the result of a basic op (add,sub) */ +inline void +curve25519_sub_after_basic(bignum25519 out, const bignum25519 a, const bignum25519 b) { + out[0] = a[0] + fourP0 - b[0]; + out[1] = a[1] + fourP1234 - b[1]; + out[2] = a[2] + fourP1234 - b[2]; + out[3] = a[3] + fourP1234 - b[3]; + out[4] = a[4] + fourP1234 - b[4]; +} + +inline void +curve25519_sub_reduce(bignum25519 out, const bignum25519 a, const bignum25519 b) { + word64 c; + out[0] = a[0] + fourP0 - b[0] ; c = (out[0] >> 51); out[0] &= reduce_mask_51; + out[1] = a[1] + fourP1234 - b[1] + c; c = (out[1] >> 51); out[1] &= reduce_mask_51; + out[2] = a[2] + fourP1234 - b[2] + c; c = (out[2] >> 51); out[2] &= reduce_mask_51; + out[3] = a[3] + fourP1234 - b[3] + c; c = (out[3] >> 51); out[3] &= reduce_mask_51; + out[4] = a[4] + fourP1234 - b[4] + c; c = (out[4] >> 51); out[4] &= reduce_mask_51; + out[0] += c * 19; +} + +/* out = -a */ +inline void +curve25519_neg(bignum25519 out, const bignum25519 a) { + word64 c; + out[0] = twoP0 - a[0] ; c = (out[0] >> 51); out[0] &= reduce_mask_51; + out[1] = twoP1234 - a[1] + c; c = (out[1] >> 51); out[1] &= reduce_mask_51; + out[2] = twoP1234 - a[2] + c; c = (out[2] >> 51); out[2] &= reduce_mask_51; + out[3] = twoP1234 - a[3] + c; c = (out[3] >> 51); out[3] &= reduce_mask_51; + out[4] = twoP1234 - a[4] + c; c = (out[4] >> 51); out[4] &= reduce_mask_51; + out[0] += c * 19; +} + +/* out = a * b */ +inline void +curve25519_mul(bignum25519 out, const bignum25519 in2, const bignum25519 in) { +#if !defined(CRYPTOPP_WORD128_AVAILABLE) + word128 mul; +#endif + word128 t[5]; + word64 r0,r1,r2,r3,r4,s0,s1,s2,s3,s4,c; + + r0 = in[0]; r1 = in[1]; + r2 = in[2]; r3 = in[3]; + r4 = in[4]; + + s0 = in2[0]; s1 = in2[1]; + s2 = in2[2]; s3 = in2[3]; + s4 = in2[4]; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + t[0] = ((word128) r0) * s0; + t[1] = ((word128) r0) * s1 + ((word128) r1) * s0; + t[2] = ((word128) r0) * s2 + ((word128) r2) * s0 + ((word128) r1) * s1; + t[3] = ((word128) r0) * s3 + ((word128) r3) * s0 + ((word128) r1) * s2 + ((word128) r2) * s1; + t[4] = ((word128) r0) * s4 + ((word128) r4) * s0 + ((word128) r3) * s1 + ((word128) r1) * s3 + ((word128) r2) * s2; +#else + mul64x64_128(t[0], r0, s0) + mul64x64_128(t[1], r0, s1) mul64x64_128(mul, r1, s0) add128(t[1], mul) + mul64x64_128(t[2], r0, s2) mul64x64_128(mul, r2, s0) add128(t[2], mul) mul64x64_128(mul, r1, s1) add128(t[2], mul) + mul64x64_128(t[3], r0, s3) mul64x64_128(mul, r3, s0) add128(t[3], mul) mul64x64_128(mul, r1, s2) add128(t[3], mul) mul64x64_128(mul, r2, s1) add128(t[3], mul) + mul64x64_128(t[4], r0, s4) mul64x64_128(mul, r4, s0) add128(t[4], mul) mul64x64_128(mul, r3, s1) add128(t[4], mul) mul64x64_128(mul, r1, s3) add128(t[4], mul) mul64x64_128(mul, r2, s2) add128(t[4], mul) +#endif + + r1 *= 19; r2 *= 19; + r3 *= 19; r4 *= 19; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + t[0] += ((word128) r4) * s1 + ((word128) r1) * s4 + ((word128) r2) * s3 + ((word128) r3) * s2; + t[1] += ((word128) r4) * s2 + ((word128) r2) * s4 + ((word128) r3) * s3; + t[2] += ((word128) r4) * s3 + ((word128) r3) * s4; + t[3] += ((word128) r4) * s4; +#else + mul64x64_128(mul, r4, s1) add128(t[0], mul) mul64x64_128(mul, r1, s4) add128(t[0], mul) mul64x64_128(mul, r2, s3) add128(t[0], mul) mul64x64_128(mul, r3, s2) add128(t[0], mul) + mul64x64_128(mul, r4, s2) add128(t[1], mul) mul64x64_128(mul, r2, s4) add128(t[1], mul) mul64x64_128(mul, r3, s3) add128(t[1], mul) + mul64x64_128(mul, r4, s3) add128(t[2], mul) mul64x64_128(mul, r3, s4) add128(t[2], mul) + mul64x64_128(mul, r4, s4) add128(t[3], mul) +#endif + + r0 = lo128(t[0]) & reduce_mask_51; shr128(c, t[0], 51); + add128_64(t[1], c) r1 = lo128(t[1]) & reduce_mask_51; shr128(c, t[1], 51); + add128_64(t[2], c) r2 = lo128(t[2]) & reduce_mask_51; shr128(c, t[2], 51); + add128_64(t[3], c) r3 = lo128(t[3]) & reduce_mask_51; shr128(c, t[3], 51); + add128_64(t[4], c) r4 = lo128(t[4]) & reduce_mask_51; shr128(c, t[4], 51); + r0 += c * 19; c = r0 >> 51; r0 = r0 & reduce_mask_51; + r1 += c; + + out[0] = r0; out[1] = r1; + out[2] = r2; out[3] = r3; + out[4] = r4; +} + +void +curve25519_mul_noinline(bignum25519 out, const bignum25519 in2, const bignum25519 in) { + curve25519_mul(out, in2, in); +} + +/* out = in^(2 * count) */ +void +curve25519_square_times(bignum25519 out, const bignum25519 in, word64 count) { +#if !defined(CRYPTOPP_WORD128_AVAILABLE) + word128 mul; +#endif + word128 t[5]; + word64 r0,r1,r2,r3,r4,c; + word64 d0,d1,d2,d4,d419; + + r0 = in[0]; r1 = in[1]; + r2 = in[2]; r3 = in[3]; + r4 = in[4]; + + do { + d0 = r0 * 2; + d1 = r1 * 2; + d2 = r2 * 2 * 19; + d419 = r4 * 19; + d4 = d419 * 2; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + t[0] = ((word128) r0) * r0 + ((word128) d4) * r1 + (((word128) d2) * (r3 )); + t[1] = ((word128) d0) * r1 + ((word128) d4) * r2 + (((word128) r3) * (r3 * 19)); + t[2] = ((word128) d0) * r2 + ((word128) r1) * r1 + (((word128) d4) * (r3 )); + t[3] = ((word128) d0) * r3 + ((word128) d1) * r2 + (((word128) r4) * (d419 )); + t[4] = ((word128) d0) * r4 + ((word128) d1) * r3 + (((word128) r2) * (r2 )); +#else + mul64x64_128(t[0], r0, r0) mul64x64_128(mul, d4, r1) add128(t[0], mul) mul64x64_128(mul, d2, r3) add128(t[0], mul) + mul64x64_128(t[1], d0, r1) mul64x64_128(mul, d4, r2) add128(t[1], mul) mul64x64_128(mul, r3, r3 * 19) add128(t[1], mul) + mul64x64_128(t[2], d0, r2) mul64x64_128(mul, r1, r1) add128(t[2], mul) mul64x64_128(mul, d4, r3) add128(t[2], mul) + mul64x64_128(t[3], d0, r3) mul64x64_128(mul, d1, r2) add128(t[3], mul) mul64x64_128(mul, r4, d419) add128(t[3], mul) + mul64x64_128(t[4], d0, r4) mul64x64_128(mul, d1, r3) add128(t[4], mul) mul64x64_128(mul, r2, r2) add128(t[4], mul) +#endif + + r0 = lo128(t[0]) & reduce_mask_51; + r1 = lo128(t[1]) & reduce_mask_51; shl128(c, t[0], 13); r1 += c; + r2 = lo128(t[2]) & reduce_mask_51; shl128(c, t[1], 13); r2 += c; + r3 = lo128(t[3]) & reduce_mask_51; shl128(c, t[2], 13); r3 += c; + r4 = lo128(t[4]) & reduce_mask_51; shl128(c, t[3], 13); r4 += c; + shl128(c, t[4], 13); r0 += c * 19; + c = r0 >> 51; r0 &= reduce_mask_51; + r1 += c ; c = r1 >> 51; r1 &= reduce_mask_51; + r2 += c ; c = r2 >> 51; r2 &= reduce_mask_51; + r3 += c ; c = r3 >> 51; r3 &= reduce_mask_51; + r4 += c ; c = r4 >> 51; r4 &= reduce_mask_51; + r0 += c * 19; + } while(--count); + + out[0] = r0; out[1] = r1; + out[2] = r2; out[3] = r3; + out[4] = r4; +} + +inline void +curve25519_square(bignum25519 out, const bignum25519 in) { +#if !defined(CRYPTOPP_WORD128_AVAILABLE) + word128 mul; +#endif + word128 t[5]; + word64 r0,r1,r2,r3,r4,c; + word64 d0,d1,d2,d4,d419; + + r0 = in[0]; r1 = in[1]; + r2 = in[2]; r3 = in[3]; + r4 = in[4]; + + d0 = r0 * 2; d1 = r1 * 2; + d2 = r2 * 2 * 19; + d419 = r4 * 19; + d4 = d419 * 2; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + t[0] = ((word128) r0) * r0 + ((word128) d4) * r1 + (((word128) d2) * (r3 )); + t[1] = ((word128) d0) * r1 + ((word128) d4) * r2 + (((word128) r3) * (r3 * 19)); + t[2] = ((word128) d0) * r2 + ((word128) r1) * r1 + (((word128) d4) * (r3 )); + t[3] = ((word128) d0) * r3 + ((word128) d1) * r2 + (((word128) r4) * (d419 )); + t[4] = ((word128) d0) * r4 + ((word128) d1) * r3 + (((word128) r2) * (r2 )); +#else + mul64x64_128(t[0], r0, r0) mul64x64_128(mul, d4, r1) add128(t[0], mul) mul64x64_128(mul, d2, r3) add128(t[0], mul) + mul64x64_128(t[1], d0, r1) mul64x64_128(mul, d4, r2) add128(t[1], mul) mul64x64_128(mul, r3, r3 * 19) add128(t[1], mul) + mul64x64_128(t[2], d0, r2) mul64x64_128(mul, r1, r1) add128(t[2], mul) mul64x64_128(mul, d4, r3) add128(t[2], mul) + mul64x64_128(t[3], d0, r3) mul64x64_128(mul, d1, r2) add128(t[3], mul) mul64x64_128(mul, r4, d419) add128(t[3], mul) + mul64x64_128(t[4], d0, r4) mul64x64_128(mul, d1, r3) add128(t[4], mul) mul64x64_128(mul, r2, r2) add128(t[4], mul) +#endif + + r0 = lo128(t[0]) & reduce_mask_51; shr128(c, t[0], 51); + add128_64(t[1], c) r1 = lo128(t[1]) & reduce_mask_51; shr128(c, t[1], 51); + add128_64(t[2], c) r2 = lo128(t[2]) & reduce_mask_51; shr128(c, t[2], 51); + add128_64(t[3], c) r3 = lo128(t[3]) & reduce_mask_51; shr128(c, t[3], 51); + add128_64(t[4], c) r4 = lo128(t[4]) & reduce_mask_51; shr128(c, t[4], 51); + r0 += c * 19; c = r0 >> 51; r0 = r0 & reduce_mask_51; + r1 += c; + + out[0] = r0; out[1] = r1; + out[2] = r2; out[3] = r3; + out[4] = r4; +} + +/* Take a little-endian, 32-byte number and expand it into polynomial form */ +inline void +curve25519_expand(bignum25519 out, const byte *in) { + word64 x0,x1,x2,x3; + GetBlock block(in); + block(x0)(x1)(x2)(x3); + + out[0] = x0 & reduce_mask_51; x0 = (x0 >> 51) | (x1 << 13); + out[1] = x0 & reduce_mask_51; x1 = (x1 >> 38) | (x2 << 26); + out[2] = x1 & reduce_mask_51; x2 = (x2 >> 25) | (x3 << 39); + out[3] = x2 & reduce_mask_51; x3 = (x3 >> 12); + out[4] = x3 & reduce_mask_51; +} + +/* Take a fully reduced polynomial form number and contract it into a + * little-endian, 32-byte array + */ +inline void +curve25519_contract(byte *out, const bignum25519 input) { + word64 t[5]; + word64 f, i; + + t[0] = input[0]; + t[1] = input[1]; + t[2] = input[2]; + t[3] = input[3]; + t[4] = input[4]; + + #define curve25519_contract_carry() \ + t[1] += t[0] >> 51; t[0] &= reduce_mask_51; \ + t[2] += t[1] >> 51; t[1] &= reduce_mask_51; \ + t[3] += t[2] >> 51; t[2] &= reduce_mask_51; \ + t[4] += t[3] >> 51; t[3] &= reduce_mask_51; + + #define curve25519_contract_carry_full() curve25519_contract_carry() \ + t[0] += 19 * (t[4] >> 51); t[4] &= reduce_mask_51; + + #define curve25519_contract_carry_final() curve25519_contract_carry() \ + t[4] &= reduce_mask_51; + + curve25519_contract_carry_full() + curve25519_contract_carry_full() + + /* now t is between 0 and 2^255-1, properly carried. */ + /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ + t[0] += 19; + curve25519_contract_carry_full() + + /* now between 19 and 2^255-1 in both cases, and offset by 19. */ + t[0] += (reduce_mask_51 + 1) - 19; + t[1] += (reduce_mask_51 + 1) - 1; + t[2] += (reduce_mask_51 + 1) - 1; + t[3] += (reduce_mask_51 + 1) - 1; + t[4] += (reduce_mask_51 + 1) - 1; + + /* now between 2^255 and 2^256-20, and offset by 2^255. */ + curve25519_contract_carry_final() + + #define write51full(n,shift) \ + f = ((t[n] >> shift) | (t[n+1] << (51 - shift))); \ + for (i = 0; i < 8; i++, f >>= 8) *out++ = (byte)f; + #define write51(n) write51full(n,13*n) + write51(0) + write51(1) + write51(2) + write51(3) +} + +#if !defined(ED25519_GCC_64BIT_CHOOSE) + +/* out = (flag) ? in : out */ +inline void +curve25519_move_conditional_bytes(uint8_t out[96], const uint8_t in[96], word64 flag) { + const word64 nb = flag - 1, b = ~nb; + const word64 *inq = (const word64 *)in; + word64 *outq = (word64 *)out; + outq[0] = (outq[0] & nb) | (inq[0] & b); + outq[1] = (outq[1] & nb) | (inq[1] & b); + outq[2] = (outq[2] & nb) | (inq[2] & b); + outq[3] = (outq[3] & nb) | (inq[3] & b); + outq[4] = (outq[4] & nb) | (inq[4] & b); + outq[5] = (outq[5] & nb) | (inq[5] & b); + outq[6] = (outq[6] & nb) | (inq[6] & b); + outq[7] = (outq[7] & nb) | (inq[7] & b); + outq[8] = (outq[8] & nb) | (inq[8] & b); + outq[9] = (outq[9] & nb) | (inq[9] & b); + outq[10] = (outq[10] & nb) | (inq[10] & b); + outq[11] = (outq[11] & nb) | (inq[11] & b); +} + +/* if (iswap) swap(a, b) */ +inline void +curve25519_swap_conditional(bignum25519 a, bignum25519 b, word64 iswap) { + const word64 swap = (word64)(-(int64_t)iswap); + word64 x0,x1,x2,x3,x4; + + x0 = swap & (a[0] ^ b[0]); a[0] ^= x0; b[0] ^= x0; + x1 = swap & (a[1] ^ b[1]); a[1] ^= x1; b[1] ^= x1; + x2 = swap & (a[2] ^ b[2]); a[2] ^= x2; b[2] ^= x2; + x3 = swap & (a[3] ^ b[3]); a[3] ^= x3; b[3] ^= x3; + x4 = swap & (a[4] ^ b[4]); a[4] ^= x4; b[4] ^= x4; +} + +#endif /* ED25519_GCC_64BIT_CHOOSE */ + +// ************************************************************************************ + +inline void +ed25519_hash(byte *hash, const byte *in, size_t inlen) { + SHA512().CalculateDigest(hash, in, inlen); +} + +inline void +ed25519_extsk(hash_512bits extsk, const byte sk[32]) { + ed25519_hash(extsk, sk, 32); + extsk[0] &= 248; + extsk[31] &= 127; + extsk[31] |= 64; +} + +void +ed25519_hram(hash_512bits hram, const byte RS[64], const byte pk[32], const unsigned char *m, size_t mlen) { + SHA512 hash; + hash.Update(RS, 32); + hash.Update(pk, 32); + hash.Update(m, mlen); + hash.Final(hram); +} + +bignum256modm_element_t +lt_modm(bignum256modm_element_t a, bignum256modm_element_t b) { + return (a - b) >> 63; +} + +void +reduce256_modm(bignum256modm r) { + bignum256modm t; + bignum256modm_element_t b = 0, pb, mask; + + /* t = r - m */ + pb = 0; + pb += modm_m[0]; b = lt_modm(r[0], pb); t[0] = (r[0] - pb + (b << 56)); pb = b; + pb += modm_m[1]; b = lt_modm(r[1], pb); t[1] = (r[1] - pb + (b << 56)); pb = b; + pb += modm_m[2]; b = lt_modm(r[2], pb); t[2] = (r[2] - pb + (b << 56)); pb = b; + pb += modm_m[3]; b = lt_modm(r[3], pb); t[3] = (r[3] - pb + (b << 56)); pb = b; + pb += modm_m[4]; b = lt_modm(r[4], pb); t[4] = (r[4] - pb + (b << 32)); + + /* keep r if r was smaller than m */ + mask = b - 1; + + r[0] ^= mask & (r[0] ^ t[0]); + r[1] ^= mask & (r[1] ^ t[1]); + r[2] ^= mask & (r[2] ^ t[2]); + r[3] ^= mask & (r[3] ^ t[3]); + r[4] ^= mask & (r[4] ^ t[4]); +} + +void +barrett_reduce256_modm(bignum256modm r, const bignum256modm q1, const bignum256modm r1) { + bignum256modm q3, r2; + word128 c, mul; + bignum256modm_element_t f, b, pb; + + /* q1 = x >> 248 = 264 bits = 5 56 bit elements + q2 = mu * q1 + q3 = (q2 / 256(32+1)) = q2 / (2^8)^(32+1) = q2 >> 264 */ + mul64x64_128(c, modm_mu[0], q1[3]) mul64x64_128(mul, modm_mu[3], q1[0]) add128(c, mul) mul64x64_128(mul, modm_mu[1], q1[2]) add128(c, mul) mul64x64_128(mul, modm_mu[2], q1[1]) add128(c, mul) shr128(f, c, 56); + mul64x64_128(c, modm_mu[0], q1[4]) add128_64(c, f) mul64x64_128(mul, modm_mu[4], q1[0]) add128(c, mul) mul64x64_128(mul, modm_mu[3], q1[1]) add128(c, mul) mul64x64_128(mul, modm_mu[1], q1[3]) add128(c, mul) mul64x64_128(mul, modm_mu[2], q1[2]) add128(c, mul) + f = lo128(c); q3[0] = (f >> 40) & 0xffff; shr128(f, c, 56); + mul64x64_128(c, modm_mu[4], q1[1]) add128_64(c, f) mul64x64_128(mul, modm_mu[1], q1[4]) add128(c, mul) mul64x64_128(mul, modm_mu[2], q1[3]) add128(c, mul) mul64x64_128(mul, modm_mu[3], q1[2]) add128(c, mul) + f = lo128(c); q3[0] |= (f << 16) & 0xffffffffffffff; q3[1] = (f >> 40) & 0xffff; shr128(f, c, 56); + mul64x64_128(c, modm_mu[4], q1[2]) add128_64(c, f) mul64x64_128(mul, modm_mu[2], q1[4]) add128(c, mul) mul64x64_128(mul, modm_mu[3], q1[3]) add128(c, mul) + f = lo128(c); q3[1] |= (f << 16) & 0xffffffffffffff; q3[2] = (f >> 40) & 0xffff; shr128(f, c, 56); + mul64x64_128(c, modm_mu[4], q1[3]) add128_64(c, f) mul64x64_128(mul, modm_mu[3], q1[4]) add128(c, mul) + f = lo128(c); q3[2] |= (f << 16) & 0xffffffffffffff; q3[3] = (f >> 40) & 0xffff; shr128(f, c, 56); + mul64x64_128(c, modm_mu[4], q1[4]) add128_64(c, f) + f = lo128(c); q3[3] |= (f << 16) & 0xffffffffffffff; q3[4] = (f >> 40) & 0xffff; shr128(f, c, 56); + q3[4] |= (f << 16); + + mul64x64_128(c, modm_m[0], q3[0]) + r2[0] = lo128(c) & 0xffffffffffffff; shr128(f, c, 56); + mul64x64_128(c, modm_m[0], q3[1]) add128_64(c, f) mul64x64_128(mul, modm_m[1], q3[0]) add128(c, mul) + r2[1] = lo128(c) & 0xffffffffffffff; shr128(f, c, 56); + mul64x64_128(c, modm_m[0], q3[2]) add128_64(c, f) mul64x64_128(mul, modm_m[2], q3[0]) add128(c, mul) mul64x64_128(mul, modm_m[1], q3[1]) add128(c, mul) + r2[2] = lo128(c) & 0xffffffffffffff; shr128(f, c, 56); + mul64x64_128(c, modm_m[0], q3[3]) add128_64(c, f) mul64x64_128(mul, modm_m[3], q3[0]) add128(c, mul) mul64x64_128(mul, modm_m[1], q3[2]) add128(c, mul) mul64x64_128(mul, modm_m[2], q3[1]) add128(c, mul) + r2[3] = lo128(c) & 0xffffffffffffff; shr128(f, c, 56); + mul64x64_128(c, modm_m[0], q3[4]) add128_64(c, f) mul64x64_128(mul, modm_m[4], q3[0]) add128(c, mul) mul64x64_128(mul, modm_m[3], q3[1]) add128(c, mul) mul64x64_128(mul, modm_m[1], q3[3]) add128(c, mul) mul64x64_128(mul, modm_m[2], q3[2]) add128(c, mul) + r2[4] = lo128(c) & 0x0000ffffffffff; + + pb = 0; + pb += r2[0]; b = lt_modm(r1[0], pb); r[0] = (r1[0] - pb + (b << 56)); pb = b; + pb += r2[1]; b = lt_modm(r1[1], pb); r[1] = (r1[1] - pb + (b << 56)); pb = b; + pb += r2[2]; b = lt_modm(r1[2], pb); r[2] = (r1[2] - pb + (b << 56)); pb = b; + pb += r2[3]; b = lt_modm(r1[3], pb); r[3] = (r1[3] - pb + (b << 56)); pb = b; + pb += r2[4]; b = lt_modm(r1[4], pb); r[4] = (r1[4] - pb + (b << 40)); + + reduce256_modm(r); + reduce256_modm(r); +} + + +void +add256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) { + bignum256modm_element_t c; + + c = x[0] + y[0]; r[0] = c & 0xffffffffffffff; c >>= 56; + c += x[1] + y[1]; r[1] = c & 0xffffffffffffff; c >>= 56; + c += x[2] + y[2]; r[2] = c & 0xffffffffffffff; c >>= 56; + c += x[3] + y[3]; r[3] = c & 0xffffffffffffff; c >>= 56; + c += x[4] + y[4]; r[4] = c; + + reduce256_modm(r); +} + +void +mul256_modm(bignum256modm r, const bignum256modm x, const bignum256modm y) { + bignum256modm q1, r1; + word128 c, mul; + bignum256modm_element_t f; + + mul64x64_128(c, x[0], y[0]) + f = lo128(c); r1[0] = f & 0xffffffffffffff; shr128(f, c, 56); + mul64x64_128(c, x[0], y[1]) add128_64(c, f) mul64x64_128(mul, x[1], y[0]) add128(c, mul) + f = lo128(c); r1[1] = f & 0xffffffffffffff; shr128(f, c, 56); + mul64x64_128(c, x[0], y[2]) add128_64(c, f) mul64x64_128(mul, x[2], y[0]) add128(c, mul) mul64x64_128(mul, x[1], y[1]) add128(c, mul) + f = lo128(c); r1[2] = f & 0xffffffffffffff; shr128(f, c, 56); + mul64x64_128(c, x[0], y[3]) add128_64(c, f) mul64x64_128(mul, x[3], y[0]) add128(c, mul) mul64x64_128(mul, x[1], y[2]) add128(c, mul) mul64x64_128(mul, x[2], y[1]) add128(c, mul) + f = lo128(c); r1[3] = f & 0xffffffffffffff; shr128(f, c, 56); + mul64x64_128(c, x[0], y[4]) add128_64(c, f) mul64x64_128(mul, x[4], y[0]) add128(c, mul) mul64x64_128(mul, x[3], y[1]) add128(c, mul) mul64x64_128(mul, x[1], y[3]) add128(c, mul) mul64x64_128(mul, x[2], y[2]) add128(c, mul) + f = lo128(c); r1[4] = f & 0x0000ffffffffff; q1[0] = (f >> 24) & 0xffffffff; shr128(f, c, 56); + mul64x64_128(c, x[4], y[1]) add128_64(c, f) mul64x64_128(mul, x[1], y[4]) add128(c, mul) mul64x64_128(mul, x[2], y[3]) add128(c, mul) mul64x64_128(mul, x[3], y[2]) add128(c, mul) + f = lo128(c); q1[0] |= (f << 32) & 0xffffffffffffff; q1[1] = (f >> 24) & 0xffffffff; shr128(f, c, 56); + mul64x64_128(c, x[4], y[2]) add128_64(c, f) mul64x64_128(mul, x[2], y[4]) add128(c, mul) mul64x64_128(mul, x[3], y[3]) add128(c, mul) + f = lo128(c); q1[1] |= (f << 32) & 0xffffffffffffff; q1[2] = (f >> 24) & 0xffffffff; shr128(f, c, 56); + mul64x64_128(c, x[4], y[3]) add128_64(c, f) mul64x64_128(mul, x[3], y[4]) add128(c, mul) + f = lo128(c); q1[2] |= (f << 32) & 0xffffffffffffff; q1[3] = (f >> 24) & 0xffffffff; shr128(f, c, 56); + mul64x64_128(c, x[4], y[4]) add128_64(c, f) + f = lo128(c); q1[3] |= (f << 32) & 0xffffffffffffff; q1[4] = (f >> 24) & 0xffffffff; shr128(f, c, 56); + q1[4] |= (f << 32); + + barrett_reduce256_modm(r, q1, r1); +} + +void +expand256_modm(bignum256modm out, const byte *in, size_t len) { + byte work[64] = {0}; + bignum256modm_element_t x[16]; + bignum256modm q1; + + memcpy(work, in, len); + x[0] = U8TO64_LE(work + 0); + x[1] = U8TO64_LE(work + 8); + x[2] = U8TO64_LE(work + 16); + x[3] = U8TO64_LE(work + 24); + x[4] = U8TO64_LE(work + 32); + x[5] = U8TO64_LE(work + 40); + x[6] = U8TO64_LE(work + 48); + x[7] = U8TO64_LE(work + 56); + + /* r1 = (x mod 256^(32+1)) = x mod (2^8)(31+1) = x & ((1 << 264) - 1) */ + out[0] = ( x[0]) & 0xffffffffffffff; + out[1] = ((x[ 0] >> 56) | (x[ 1] << 8)) & 0xffffffffffffff; + out[2] = ((x[ 1] >> 48) | (x[ 2] << 16)) & 0xffffffffffffff; + out[3] = ((x[ 2] >> 40) | (x[ 3] << 24)) & 0xffffffffffffff; + out[4] = ((x[ 3] >> 32) | (x[ 4] << 32)) & 0x0000ffffffffff; + + /* under 252 bits, no need to reduce */ + if (len < 32) + return; + + /* q1 = x >> 248 = 264 bits */ + q1[0] = ((x[ 3] >> 56) | (x[ 4] << 8)) & 0xffffffffffffff; + q1[1] = ((x[ 4] >> 48) | (x[ 5] << 16)) & 0xffffffffffffff; + q1[2] = ((x[ 5] >> 40) | (x[ 6] << 24)) & 0xffffffffffffff; + q1[3] = ((x[ 6] >> 32) | (x[ 7] << 32)) & 0xffffffffffffff; + q1[4] = ((x[ 7] >> 24) ); + + barrett_reduce256_modm(out, q1, out); +} + +void +expand_raw256_modm(bignum256modm out, const byte in[32]) { + bignum256modm_element_t x[4]; + + x[0] = U8TO64_LE(in + 0); + x[1] = U8TO64_LE(in + 8); + x[2] = U8TO64_LE(in + 16); + x[3] = U8TO64_LE(in + 24); + + out[0] = ( x[0]) & 0xffffffffffffff; + out[1] = ((x[ 0] >> 56) | (x[ 1] << 8)) & 0xffffffffffffff; + out[2] = ((x[ 1] >> 48) | (x[ 2] << 16)) & 0xffffffffffffff; + out[3] = ((x[ 2] >> 40) | (x[ 3] << 24)) & 0xffffffffffffff; + out[4] = ((x[ 3] >> 32) ) & 0x000000ffffffff; +} + +void +contract256_modm(byte out[32], const bignum256modm in) { + U64TO8_LE(out + 0, (in[0] ) | (in[1] << 56)); + U64TO8_LE(out + 8, (in[1] >> 8) | (in[2] << 48)); + U64TO8_LE(out + 16, (in[2] >> 16) | (in[3] << 40)); + U64TO8_LE(out + 24, (in[3] >> 24) | (in[4] << 32)); +} + +void +contract256_window4_modm(signed char r[64], const bignum256modm in) { + char carry; + signed char *quads = r; + bignum256modm_element_t i, j, v, m; + + for (i = 0; i < 5; i++) { + v = in[i]; + m = (i == 4) ? 8 : 14; + for (j = 0; j < m; j++) { + *quads++ = (v & 15); + v >>= 4; + } + } + + /* making it signed */ + carry = 0; + for(i = 0; i < 63; i++) { + r[i] += carry; + r[i+1] += (r[i] >> 4); + r[i] &= 15; + carry = (r[i] >> 3); + r[i] -= (carry << 4); + } + r[63] += carry; +} + +void +contract256_slidingwindow_modm(signed char r[256], const bignum256modm s, int windowsize) { + int i,j,k,b; + int m = (1 << (windowsize - 1)) - 1, soplen = 256; + signed char *bits = r; + bignum256modm_element_t v; + + /* first put the binary expansion into r */ + for (i = 0; i < 4; i++) { + v = s[i]; + for (j = 0; j < 56; j++, v >>= 1) + *bits++ = (v & 1); + } + v = s[4]; + for (j = 0; j < 32; j++, v >>= 1) + *bits++ = (v & 1); + + /* Making it sliding window */ + for (j = 0; j < soplen; j++) { + if (!r[j]) + continue; + + for (b = 1; (b < (soplen - j)) && (b <= 6); b++) { + if ((r[j] + (r[j + b] << b)) <= m) { + r[j] += r[j + b] << b; + r[j + b] = 0; + } else if ((r[j] - (r[j + b] << b)) >= -m) { + r[j] -= r[j + b] << b; + for (k = j + b; k < soplen; k++) { + if (!r[k]) { + r[k] = 1; + break; + } + r[k] = 0; + } + } else if (r[j + b]) { + break; + } + } + } +} + +/* + * In: b = 2^5 - 2^0 + * Out: b = 2^250 - 2^0 + */ +void +curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) { + ALIGN(16) bignum25519 t0,c; + + /* 2^5 - 2^0 */ /* b */ + /* 2^10 - 2^5 */ curve25519_square_times(t0, b, 5); + /* 2^10 - 2^0 */ curve25519_mul_noinline(b, t0, b); + /* 2^20 - 2^10 */ curve25519_square_times(t0, b, 10); + /* 2^20 - 2^0 */ curve25519_mul_noinline(c, t0, b); + /* 2^40 - 2^20 */ curve25519_square_times(t0, c, 20); + /* 2^40 - 2^0 */ curve25519_mul_noinline(t0, t0, c); + /* 2^50 - 2^10 */ curve25519_square_times(t0, t0, 10); + /* 2^50 - 2^0 */ curve25519_mul_noinline(b, t0, b); + /* 2^100 - 2^50 */ curve25519_square_times(t0, b, 50); + /* 2^100 - 2^0 */ curve25519_mul_noinline(c, t0, b); + /* 2^200 - 2^100 */ curve25519_square_times(t0, c, 100); + /* 2^200 - 2^0 */ curve25519_mul_noinline(t0, t0, c); + /* 2^250 - 2^50 */ curve25519_square_times(t0, t0, 50); + /* 2^250 - 2^0 */ curve25519_mul_noinline(b, t0, b); +} + +/* + * z^(p - 2) = z(2^255 - 21) + */ +void +curve25519_recip(bignum25519 out, const bignum25519 z) { + ALIGN(16) bignum25519 a,t0,b; + + /* 2 */ curve25519_square_times(a, z, 1); /* a = 2 */ + /* 8 */ curve25519_square_times(t0, a, 2); + /* 9 */ curve25519_mul_noinline(b, t0, z); /* b = 9 */ + /* 11 */ curve25519_mul_noinline(a, b, a); /* a = 11 */ + /* 22 */ curve25519_square_times(t0, a, 1); + /* 2^5 - 2^0 = 31 */ curve25519_mul_noinline(b, t0, b); + /* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b); + /* 2^255 - 2^5 */ curve25519_square_times(b, b, 5); + /* 2^255 - 21 */ curve25519_mul_noinline(out, b, a); +} + +/* + * z^((p-5)/8) = z^(2^252 - 3) + */ +void +curve25519_pow_two252m3(bignum25519 two252m3, const bignum25519 z) { + ALIGN(16) bignum25519 b,c,t0; + + /* 2 */ curve25519_square_times(c, z, 1); /* c = 2 */ + /* 8 */ curve25519_square_times(t0, c, 2); /* t0 = 8 */ + /* 9 */ curve25519_mul_noinline(b, t0, z); /* b = 9 */ + /* 11 */ curve25519_mul_noinline(c, b, c); /* c = 11 */ + /* 22 */ curve25519_square_times(t0, c, 1); + /* 2^5 - 2^0 = 31 */ curve25519_mul_noinline(b, t0, b); + /* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b); + /* 2^252 - 2^2 */ curve25519_square_times(b, b, 2); + /* 2^252 - 3 */ curve25519_mul_noinline(two252m3, b, z); +} + +inline void +ge25519_p1p1_to_partial(ge25519 *r, const ge25519_p1p1 *p) { + curve25519_mul(r->x, p->x, p->t); + curve25519_mul(r->y, p->y, p->z); + curve25519_mul(r->z, p->z, p->t); +} + +inline void +ge25519_p1p1_to_full(ge25519 *r, const ge25519_p1p1 *p) { + curve25519_mul(r->x, p->x, p->t); + curve25519_mul(r->y, p->y, p->z); + curve25519_mul(r->z, p->z, p->t); + curve25519_mul(r->t, p->x, p->y); +} + +void +ge25519_full_to_pniels(ge25519_pniels *p, const ge25519 *r) { + curve25519_sub(p->ysubx, r->y, r->x); + curve25519_add(p->xaddy, r->y, r->x); + curve25519_copy(p->z, r->z); + curve25519_mul(p->t2d, r->t, ge25519_ec2d); +} + +void +ge25519_add_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519 *q) { + bignum25519 a,b,c,d,t,u; + + curve25519_sub(a, p->y, p->x); + curve25519_add(b, p->y, p->x); + curve25519_sub(t, q->y, q->x); + curve25519_add(u, q->y, q->x); + curve25519_mul(a, a, t); + curve25519_mul(b, b, u); + curve25519_mul(c, p->t, q->t); + curve25519_mul(c, c, ge25519_ec2d); + curve25519_mul(d, p->z, q->z); + curve25519_add(d, d, d); + curve25519_sub(r->x, b, a); + curve25519_add(r->y, b, a); + curve25519_add_after_basic(r->z, d, c); + curve25519_sub_after_basic(r->t, d, c); +} + +void +ge25519_double_p1p1(ge25519_p1p1 *r, const ge25519 *p) { + bignum25519 a,b,c; + + curve25519_square(a, p->x); + curve25519_square(b, p->y); + curve25519_square(c, p->z); + curve25519_add_reduce(c, c, c); + curve25519_add(r->x, p->x, p->y); + curve25519_square(r->x, r->x); + curve25519_add(r->y, b, a); + curve25519_sub(r->z, b, a); + curve25519_sub_after_basic(r->x, r->x, r->y); + curve25519_sub_after_basic(r->t, c, r->z); +} + +void +ge25519_nielsadd2_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_niels *q, byte signbit) { + const bignum25519 *qb = (const bignum25519 *)q; + bignum25519 *rb = (bignum25519 *)r; + bignum25519 a,b,c; + + curve25519_sub(a, p->y, p->x); + curve25519_add(b, p->y, p->x); + curve25519_mul(a, a, qb[signbit]); /* x for +, y for - */ + curve25519_mul(r->x, b, qb[signbit^1]); /* y for +, x for - */ + curve25519_add(r->y, r->x, a); + curve25519_sub(r->x, r->x, a); + curve25519_mul(c, p->t, q->t2d); + curve25519_add_reduce(r->t, p->z, p->z); + curve25519_copy(r->z, r->t); + curve25519_add(rb[2+signbit], rb[2+signbit], c); /* z for +, t for - */ + curve25519_sub(rb[2+(signbit^1)], rb[2+(signbit^1)], c); /* t for +, z for - */ +} + +void +ge25519_pnielsadd_p1p1(ge25519_p1p1 *r, const ge25519 *p, const ge25519_pniels *q, byte signbit) { + const bignum25519 *qb = (const bignum25519 *)q; + bignum25519 *rb = (bignum25519 *)r; + bignum25519 a,b,c; + + curve25519_sub(a, p->y, p->x); + curve25519_add(b, p->y, p->x); + curve25519_mul(a, a, qb[signbit]); /* ysubx for +, xaddy for - */ + curve25519_mul(r->x, b, qb[signbit^1]); /* xaddy for +, ysubx for - */ + curve25519_add(r->y, r->x, a); + curve25519_sub(r->x, r->x, a); + curve25519_mul(c, p->t, q->t2d); + curve25519_mul(r->t, p->z, q->z); + curve25519_add_reduce(r->t, r->t, r->t); + curve25519_copy(r->z, r->t); + curve25519_add(rb[2+signbit], rb[2+signbit], c); /* z for +, t for - */ + curve25519_sub(rb[2+(signbit^1)], rb[2+(signbit^1)], c); /* t for +, z for - */ +} + +void +ge25519_double_partial(ge25519 *r, const ge25519 *p) { + ge25519_p1p1 t; + ge25519_double_p1p1(&t, p); + ge25519_p1p1_to_partial(r, &t); +} + +void +ge25519_double(ge25519 *r, const ge25519 *p) { + ge25519_p1p1 t; + ge25519_double_p1p1(&t, p); + ge25519_p1p1_to_full(r, &t); +} + +void +ge25519_add(ge25519 *r, const ge25519 *p, const ge25519 *q) { + ge25519_p1p1 t; + ge25519_add_p1p1(&t, p, q); + ge25519_p1p1_to_full(r, &t); +} + +void +ge25519_nielsadd2(ge25519 *r, const ge25519_niels *q) { + bignum25519 a,b,c,e,f,g,h; + + curve25519_sub(a, r->y, r->x); + curve25519_add(b, r->y, r->x); + curve25519_mul(a, a, q->ysubx); + curve25519_mul(e, b, q->xaddy); + curve25519_add(h, e, a); + curve25519_sub(e, e, a); + curve25519_mul(c, r->t, q->t2d); + curve25519_add(f, r->z, r->z); + curve25519_add_after_basic(g, f, c); + curve25519_sub_after_basic(f, f, c); + curve25519_mul(r->x, e, f); + curve25519_mul(r->y, h, g); + curve25519_mul(r->z, g, f); + curve25519_mul(r->t, e, h); +} + +void +ge25519_pnielsadd(ge25519_pniels *r, const ge25519 *p, const ge25519_pniels *q) { + bignum25519 a,b,c,x,y,z,t; + + curve25519_sub(a, p->y, p->x); + curve25519_add(b, p->y, p->x); + curve25519_mul(a, a, q->ysubx); + curve25519_mul(x, b, q->xaddy); + curve25519_add(y, x, a); + curve25519_sub(x, x, a); + curve25519_mul(c, p->t, q->t2d); + curve25519_mul(t, p->z, q->z); + curve25519_add(t, t, t); + curve25519_add_after_basic(z, t, c); + curve25519_sub_after_basic(t, t, c); + curve25519_mul(r->xaddy, x, t); + curve25519_mul(r->ysubx, y, z); + curve25519_mul(r->z, z, t); + curve25519_mul(r->t2d, x, y); + curve25519_copy(y, r->ysubx); + curve25519_sub(r->ysubx, r->ysubx, r->xaddy); + curve25519_add(r->xaddy, r->xaddy, y); + curve25519_mul(r->t2d, r->t2d, ge25519_ec2d); +} + +void +ge25519_pack(byte r[32], const ge25519 *p) { + bignum25519 tx, ty, zi; + byte parity[32]; + curve25519_recip(zi, p->z); + curve25519_mul(tx, p->x, zi); + curve25519_mul(ty, p->y, zi); + curve25519_contract(r, ty); + curve25519_contract(parity, tx); + r[31] ^= ((parity[0] & 1) << 7); +} + +int +ed25519_verify(const unsigned char *x, const unsigned char *y, size_t len) { + size_t differentbits = 0; + while (len--) + differentbits |= (*x++ ^ *y++); + return (int) (1 & ((differentbits - 1) >> 8)); +} + +int +ge25519_unpack_negative_vartime(ge25519 *r, const byte p[32]) { + const byte zero[32] = {0}; + const bignum25519 one = {1}; + byte parity = p[31] >> 7; + byte check[32]; + bignum25519 t, root, num, den, d3; + + curve25519_expand(r->y, p); + curve25519_copy(r->z, one); + curve25519_square(num, r->y); /* x = y^2 */ + curve25519_mul(den, num, ge25519_ecd); /* den = dy^2 */ + curve25519_sub_reduce(num, num, r->z); /* x = y^1 - 1 */ + curve25519_add(den, den, r->z); /* den = dy^2 + 1 */ + + /* Computation of sqrt(num/den) */ + /* 1.: computation of num^((p-5)/8)*den^((7p-35)/8) = (num*den^7)^((p-5)/8) */ + curve25519_square(t, den); + curve25519_mul(d3, t, den); + curve25519_square(r->x, d3); + curve25519_mul(r->x, r->x, den); + curve25519_mul(r->x, r->x, num); + curve25519_pow_two252m3(r->x, r->x); + + /* 2. computation of r->x = num * den^3 * (num*den^7)^((p-5)/8) */ + curve25519_mul(r->x, r->x, d3); + curve25519_mul(r->x, r->x, num); + + /* 3. Check if either of the roots works: */ + curve25519_square(t, r->x); + curve25519_mul(t, t, den); + curve25519_sub_reduce(root, t, num); + curve25519_contract(check, root); + if (!ed25519_verify(check, zero, 32)) { + curve25519_add_reduce(t, t, num); + curve25519_contract(check, t); + if (!ed25519_verify(check, zero, 32)) + return 0; + curve25519_mul(r->x, r->x, ge25519_sqrtneg1); + } + + curve25519_contract(check, r->x); + if ((check[0] & 1) == parity) { + curve25519_copy(t, r->x); + curve25519_neg(r->x, t); + } + curve25519_mul(r->t, r->x, r->y); + return 1; +} + +/* computes [s1]p1 + [s2]basepoint */ +void +ge25519_double_scalarmult_vartime(ge25519 *r, const ge25519 *p1, const bignum256modm s1, const bignum256modm s2) { + signed char slide1[256], slide2[256]; + ge25519_pniels pre1[S1_TABLE_SIZE]; + ge25519 d1; + ge25519_p1p1 t; + sword32 i; + + contract256_slidingwindow_modm(slide1, s1, S1_SWINDOWSIZE); + contract256_slidingwindow_modm(slide2, s2, S2_SWINDOWSIZE); + + ge25519_double(&d1, p1); + ge25519_full_to_pniels(pre1, p1); + for (i = 0; i < S1_TABLE_SIZE - 1; i++) + ge25519_pnielsadd(&pre1[i+1], &d1, &pre1[i]); + + /* set neutral */ + memset(r, 0, sizeof(ge25519)); + r->y[0] = 1; + r->z[0] = 1; + + i = 255; + while ((i >= 0) && !(slide1[i] | slide2[i])) + i--; + + for (; i >= 0; i--) { + ge25519_double_p1p1(&t, r); + + if (slide1[i]) { + ge25519_p1p1_to_full(r, &t); + ge25519_pnielsadd_p1p1(&t, r, &pre1[abs(slide1[i]) / 2], (byte)slide1[i] >> 7); + } + + if (slide2[i]) { + ge25519_p1p1_to_full(r, &t); + ge25519_nielsadd2_p1p1(&t, r, &ge25519_niels_sliding_multiples[abs(slide2[i]) / 2], (byte)slide2[i] >> 7); + } + + ge25519_p1p1_to_partial(r, &t); + } +} + +#if !defined(HAVE_GE25519_SCALARMULT_BASE_CHOOSE_NIELS) + +word32 +ge25519_windowb_equal(word32 b, word32 c) { + return ((b ^ c) - 1) >> 31; +} + +void +ge25519_scalarmult_base_choose_niels(ge25519_niels *t, const uint8_t table[256][96], word32 pos, signed char b) { + bignum25519 neg; + word32 sign = (word32)((byte)b >> 7); + word32 mask = ~(sign - 1); + word32 u = (b + mask) ^ mask; + word32 i; + + /* ysubx, xaddy, t2d in packed form. initialize to ysubx = 1, xaddy = 1, t2d = 0 */ + uint8_t packed[96] = {0}; + packed[0] = 1; + packed[32] = 1; + + for (i = 0; i < 8; i++) + curve25519_move_conditional_bytes(packed, table[(pos * 8) + i], ge25519_windowb_equal(u, i + 1)); + + /* expand in to t */ + curve25519_expand(t->ysubx, packed + 0); + curve25519_expand(t->xaddy, packed + 32); + curve25519_expand(t->t2d , packed + 64); + + /* adjust for sign */ + curve25519_swap_conditional(t->ysubx, t->xaddy, sign); + curve25519_neg(neg, t->t2d); + curve25519_swap_conditional(t->t2d, neg, sign); +} + +#endif /* HAVE_GE25519_SCALARMULT_BASE_CHOOSE_NIELS */ + +/* computes [s]basepoint */ +void +ge25519_scalarmult_base_niels(ge25519 *r, const uint8_t basepoint_table[256][96], const bignum256modm s) { + signed char b[64]; + word32 i; + ge25519_niels t; + + contract256_window4_modm(b, s); + + ge25519_scalarmult_base_choose_niels(&t, basepoint_table, 0, b[1]); + curve25519_sub_reduce(r->x, t.xaddy, t.ysubx); + curve25519_add_reduce(r->y, t.xaddy, t.ysubx); + memset(r->z, 0, sizeof(bignum25519)); + curve25519_copy(r->t, t.t2d); + r->z[0] = 2; + for (i = 3; i < 64; i += 2) { + ge25519_scalarmult_base_choose_niels(&t, basepoint_table, i / 2, b[i]); + ge25519_nielsadd2(r, &t); + } + ge25519_double_partial(r, r); + ge25519_double_partial(r, r); + ge25519_double_partial(r, r); + ge25519_double(r, r); + ge25519_scalarmult_base_choose_niels(&t, basepoint_table, 0, b[0]); + curve25519_mul(t.t2d, t.t2d, ge25519_ecd); + ge25519_nielsadd2(r, &t); + for(i = 2; i < 64; i += 2) { + ge25519_scalarmult_base_choose_niels(&t, basepoint_table, i / 2, b[i]); + ge25519_nielsadd2(r, &t); + } +} + +ANONYMOUS_NAMESPACE_END +NAMESPACE_END // Ed25519 +NAMESPACE_END // Donna +NAMESPACE_END // CryptoPP + +//***************************** curve25519 *****************************// + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Donna) + +int curve25519_mult_CXX(byte sharedKey[32], const byte secretKey[32], const byte othersKey[32]) +{ + using namespace CryptoPP::Donna::X25519; + + FixedSizeSecBlock e; + for (size_t i = 0;i < 32;++i) + e[i] = secretKey[i]; + e[0] &= 0xf8; e[31] &= 0x7f; e[31] |= 0x40; + + bignum25519 nqpqx = {1}, nqpqz = {0}, nqz = {1}, nqx; + bignum25519 q, qx, qpqx, qqx, zzz, zmone; + size_t bit, lastbit; + + curve25519_expand(q, othersKey); + curve25519_copy(nqx, q); + + /* bit 255 is always 0, and bit 254 is always 1, so skip bit 255 and + start pre-swapped on bit 254 */ + lastbit = 1; + + /* we are doing bits 254..3 in the loop, but are swapping in bits 253..2 */ + for (int i = 253; i >= 2; i--) { + curve25519_add(qx, nqx, nqz); + curve25519_sub(nqz, nqx, nqz); + curve25519_add(qpqx, nqpqx, nqpqz); + curve25519_sub(nqpqz, nqpqx, nqpqz); + curve25519_mul(nqpqx, qpqx, nqz); + curve25519_mul(nqpqz, qx, nqpqz); + curve25519_add(qqx, nqpqx, nqpqz); + curve25519_sub(nqpqz, nqpqx, nqpqz); + curve25519_square(nqpqz, nqpqz); + curve25519_square(nqpqx, qqx); + curve25519_mul(nqpqz, nqpqz, q); + curve25519_square(qx, qx); + curve25519_square(nqz, nqz); + curve25519_mul(nqx, qx, nqz); + curve25519_sub(nqz, qx, nqz); + curve25519_scalar_product(zzz, nqz, 121665); + curve25519_add(zzz, zzz, qx); + curve25519_mul(nqz, nqz, zzz); + + bit = (e[i/8] >> (i & 7)) & 1; + curve25519_swap_conditional(nqx, nqpqx, bit ^ lastbit); + curve25519_swap_conditional(nqz, nqpqz, bit ^ lastbit); + lastbit = bit; + } + + /* the final 3 bits are always zero, so we only need to double */ + for (int i = 0; i < 3; i++) { + curve25519_add(qx, nqx, nqz); + curve25519_sub(nqz, nqx, nqz); + curve25519_square(qx, qx); + curve25519_square(nqz, nqz); + curve25519_mul(nqx, qx, nqz); + curve25519_sub(nqz, qx, nqz); + curve25519_scalar_product(zzz, nqz, 121665); + curve25519_add(zzz, zzz, qx); + curve25519_mul(nqz, nqz, zzz); + } + + curve25519_recip(zmone, nqz); + curve25519_mul(nqz, nqx, zmone); + curve25519_contract(sharedKey, nqz); + + return 0; +} + +int curve25519_mult(byte publicKey[32], const byte secretKey[32]) +{ + using namespace CryptoPP::Donna::X25519; + +#if (CRYPTOPP_CURVE25519_SSE2) + if (HasSSE2()) + return curve25519_mult_SSE2(publicKey, secretKey, basePoint); + else +#endif + + return curve25519_mult_CXX(publicKey, secretKey, basePoint); +} + +int curve25519_mult(byte sharedKey[32], const byte secretKey[32], const byte othersKey[32]) +{ +#if (CRYPTOPP_CURVE25519_SSE2) + if (HasSSE2()) + return curve25519_mult_SSE2(sharedKey, secretKey, othersKey); + else +#endif + + return curve25519_mult_CXX(sharedKey, secretKey, othersKey); +} + +NAMESPACE_END // Donna +NAMESPACE_END // CryptoPP + +//******************************* ed25519 *******************************// + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Donna) + +int +ed25519_publickey_CXX(byte publicKey[32], const byte secretKey[32]) +{ + using namespace CryptoPP::Donna::Ed25519; + + bignum256modm a; + ALIGN(16) ge25519 A; + hash_512bits extsk; + + /* A = aB */ + ed25519_extsk(extsk, secretKey); + expand256_modm(a, extsk, 32); + ge25519_scalarmult_base_niels(&A, ge25519_niels_base_multiples, a); + ge25519_pack(publicKey, &A); + + return 0; +} + +int +ed25519_publickey(byte publicKey[32], const byte secretKey[32]) +{ + return ed25519_publickey_CXX(publicKey, secretKey); +} + +int +ed25519_sign_CXX(const byte *m, size_t mlen, const byte sk[32], const byte pk[32], byte RS[64]) +{ + using namespace CryptoPP::Donna::Ed25519; + + bignum256modm r, S, a; + ALIGN(16) ge25519 R; + hash_512bits extsk, hashr, hram; + + ed25519_extsk(extsk, sk); + + /* r = H(aExt[32..64], m) */ + SHA512 hash; + hash.Update(extsk + 32, 32); + hash.Update(m, mlen); + hash.Final(hashr); + expand256_modm(r, hashr, 64); + + /* R = rB */ + ge25519_scalarmult_base_niels(&R, ge25519_niels_base_multiples, r); + ge25519_pack(RS, &R); + + /* S = H(R,A,m).. */ + ed25519_hram(hram, RS, pk, m, mlen); + expand256_modm(S, hram, 64); + + /* S = H(R,A,m)a */ + expand256_modm(a, extsk, 32); + mul256_modm(S, S, a); + + /* S = (r + H(R,A,m)a) */ + add256_modm(S, S, r); + + /* S = (r + H(R,A,m)a) mod L */ + contract256_modm(RS + 32, S); + return 0; +} + +int +ed25519_sign(const byte* message, size_t messageLength, const byte secretKey[32], + const byte publicKey[32], byte signature[64]) +{ + return ed25519_sign_CXX(message, messageLength, secretKey, publicKey, signature); +} + +int +ed25519_sign_open_CXX(const byte *m, size_t mlen, const byte pk[32], const byte RS[64]) { + + using namespace CryptoPP::Donna::Ed25519; + + ALIGN(16) ge25519 R, A; + hash_512bits hash; + bignum256modm hram, S; + unsigned char checkR[32]; + + if ((RS[63] & 224) || !ge25519_unpack_negative_vartime(&A, pk)) + return -1; + + /* hram = H(R,A,m) */ + ed25519_hram(hash, RS, pk, m, mlen); + expand256_modm(hram, hash, 64); + + /* S */ + expand256_modm(S, RS + 32, 32); + + /* SB - H(R,A,m)A */ + ge25519_double_scalarmult_vartime(&R, &A, hram, S); + ge25519_pack(checkR, &R); + + /* check that R = SB - H(R,A,m)A */ + return ed25519_verify(RS, checkR, 32) ? 0 : -1; +} + +int +ed25519_sign_open(const byte *message, size_t messageLength, const byte publicKey[32], const byte signature[64]) +{ + return ed25519_sign_open_CXX(message, messageLength, publicKey, signature); +} + +NAMESPACE_END // Donna +NAMESPACE_END // CryptoPP + +#endif // CRYPTOPP_CURVE25519_64BIT diff --git a/vendor/cryptopp/vendor_cryptopp/donna_64.h b/vendor/cryptopp/vendor_cryptopp/donna_64.h new file mode 100644 index 00000000..537e313c --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/donna_64.h @@ -0,0 +1,457 @@ +// donna_64.h - written and placed in public domain by Jeffrey Walton +// Crypto++ specific implementation wrapped around Andrew +// Moon's public domain curve25519-donna and ed25519-donna, +// https://github.com/floodyberry/curve25519-donna and +// https://github.com/floodyberry/ed25519-donna. + +// This source file multiplexes two different repos using namespaces. This +// was a little easier from a project management standpoint. We only need +// two files per architecture at the expense of namespaces and bloat. + +#ifndef CRYPTOPP_DONNA_64_H +#define CRYPTOPP_DONNA_64_H +#ifndef CRYPTOPP_DOXYGEN_PROCESSING + +#include "config.h" + +#if defined(_MSC_VER) +# include +# pragma intrinsic(_umul128) +# pragma intrinsic(__shiftright128) +#endif + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Donna) +NAMESPACE_BEGIN(Arch64) + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::word64; + +// ******************** x25519 Agreement ************************* // + +#define ALIGN(n) CRYPTOPP_ALIGN_DATA(n) +typedef word64 bignum25519[5]; + +const byte basePoint[32] = {9}; +const word64 reduce_mask_40 = ((word64)1 << 40) - 1; +const word64 reduce_mask_51 = ((word64)1 << 51) - 1; +const word64 reduce_mask_52 = ((word64)1 << 52) - 1; +const word64 reduce_mask_56 = ((word64)1 << 56) - 1; + +const word64 two54m152 = (((word64)1) << 54) - 152; +const word64 two54m8 = (((word64)1) << 54) - 8; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) +using CryptoPP::word128; +# define lo128(a) ((word64)a) +# define hi128(a) ((word64)(a >> 64)) +# define add128(a,b) a += b; +# define add128_64(a,b) a += (word64)b; +# define mul64x64_128(out,a,b) out = (word128)a * b; +# define shr128(out,in,shift) out = (word64)(in >> (shift)); +# define shl128(out,in,shift) out = (word64)((in << shift) >> 64); + +#elif defined(_MSC_VER) +struct word128 { word64 lo, hi; }; +# define mul64x64_128(out,a,b) out.lo = _umul128(a,b,&out.hi); +# define shr128_pair(out,hi,lo,shift) out = __shiftright128(lo, hi, shift); +# define shl128_pair(out,hi,lo,shift) out = __shiftleft128(lo, hi, shift); +# define shr128(out,in,shift) shr128_pair(out, in.hi, in.lo, shift) +# define shl128(out,in,shift) shl128_pair(out, in.hi, in.lo, shift) +# define add128(a,b) { word64 p = a.lo; a.lo += b.lo; a.hi += b.hi + (a.lo < p); } +# define add128_64(a,b) { word64 p = a.lo; a.lo += b; a.hi += (a.lo < p); } +# define lo128(a) (a.lo) +# define hi128(a) (a.hi) + +#elif defined(__GNUC__) +struct word128 { word64 lo, hi; }; +# define mul64x64_128(out,a,b) __asm__ ("mulq %3" : "=a" (out.lo), "=d" (out.hi) : "a" (a), "rm" (b)); +# define shr128_pair(out,hi,lo,shift) __asm__ ("shrdq %2,%1,%0" : "+r" (lo) : "r" (hi), "J" (shift)); out = lo; +# define shl128_pair(out,hi,lo,shift) __asm__ ("shldq %2,%1,%0" : "+r" (hi) : "r" (lo), "J" (shift)); out = hi; +# define shr128(out,in,shift) shr128_pair(out,in.hi, in.lo, shift) +# define shl128(out,in,shift) shl128_pair(out,in.hi, in.lo, shift) +# define add128(a,b) __asm__ ("addq %4,%2; adcq %5,%3" : "=r" (a.hi), "=r" (a.lo) : "1" (a.lo), "0" (a.hi), "rm" (b.lo), "rm" (b.hi) : "cc"); +# define add128_64(a,b) __asm__ ("addq %4,%2; adcq $0,%3" : "=r" (a.hi), "=r" (a.lo) : "1" (a.lo), "0" (a.hi), "rm" (b) : "cc"); +# define lo128(a) (a.lo) +# define hi128(a) (a.hi) + +#else +// https://groups.google.com/forum/#!forum/cryptopp-users +# error "Unsupported platform" +#endif + +// ****************** ed25519 Signatures *********************** // + +typedef byte hash_512bits[64]; + +const int bignum256modm_bits_per_limb = 56; +const int bignum256modm_limb_size = 5; +typedef word64 bignum256modm_element_t; +typedef bignum256modm_element_t bignum256modm[5]; + +/* multiples of p */ +const word64 twoP0 = 0x0fffffffffffda; +const word64 twoP1234 = 0x0ffffffffffffe; +const word64 fourP0 = 0x1fffffffffffb4; +const word64 fourP1234 = 0x1ffffffffffffc; + +struct ge25519 { + bignum25519 x, y, z, t; +}; + +struct ge25519_p1p1 { + bignum25519 x, y, z, t; +}; + +struct ge25519_niels { + bignum25519 ysubx, xaddy, t2d; +}; + +struct ge25519_pniels { + bignum25519 ysubx, xaddy, z, t2d; +}; + +#define S1_SWINDOWSIZE 5 +#define S1_TABLE_SIZE (1<<(S1_SWINDOWSIZE-2)) +#define S2_SWINDOWSIZE 7 +#define S2_TABLE_SIZE (1<<(S2_SWINDOWSIZE-2)) + +// *************** ed25519-donna-64bit-tables.h *************** // + +const ge25519 ge25519_basepoint = { + {0x00062d608f25d51a,0x000412a4b4f6592a,0x00075b7171a4b31d,0x0001ff60527118fe,0x000216936d3cd6e5}, + {0x0006666666666658,0x0004cccccccccccc,0x0001999999999999,0x0003333333333333,0x0006666666666666}, + {0x0000000000000001,0x0000000000000000,0x0000000000000000,0x0000000000000000,0x0000000000000000}, + {0x00068ab3a5b7dda3,0x00000eea2a5eadbb,0x0002af8df483c27e,0x000332b375274732,0x00067875f0fd78b7} +}; + +const bignum25519 ge25519_ecd = { + 0x00034dca135978a3,0x0001a8283b156ebd,0x0005e7a26001c029,0x000739c663a03cbb,0x00052036cee2b6ff +}; + +const bignum25519 ge25519_ec2d = { + 0x00069b9426b2f159,0x00035050762add7a,0x0003cf44c0038052,0x0006738cc7407977,0x0002406d9dc56dff +}; + +const bignum25519 ge25519_sqrtneg1 = { + 0x00061b274a0ea0b0,0x0000d5a5fc8f189d,0x0007ef5e9cbd0c60,0x00078595a6804c9e,0x0002b8324804fc1d +}; + +const ge25519_niels ge25519_niels_sliding_multiples[32] = { + {{0x00003905d740913e,0x0000ba2817d673a2,0x00023e2827f4e67c,0x000133d2e0c21a34,0x00044fd2f9298f81},{0x000493c6f58c3b85,0x0000df7181c325f7,0x0000f50b0b3e4cb7,0x0005329385a44c32,0x00007cf9d3a33d4b},{0x00011205877aaa68,0x000479955893d579,0x00050d66309b67a0,0x0002d42d0dbee5ee,0x0006f117b689f0c6}}, + {{0x00011fe8a4fcd265,0x0007bcb8374faacc,0x00052f5af4ef4d4f,0x0005314098f98d10,0x0002ab91587555bd},{0x0005b0a84cee9730,0x00061d10c97155e4,0x0004059cc8096a10,0x00047a608da8014f,0x0007a164e1b9a80f},{0x0006933f0dd0d889,0x00044386bb4c4295,0x0003cb6d3162508c,0x00026368b872a2c6,0x0005a2826af12b9b}}, + {{0x000182c3a447d6ba,0x00022964e536eff2,0x000192821f540053,0x0002f9f19e788e5c,0x000154a7e73eb1b5},{0x0002bc4408a5bb33,0x000078ebdda05442,0x0002ffb112354123,0x000375ee8df5862d,0x0002945ccf146e20},{0x0003dbf1812a8285,0x0000fa17ba3f9797,0x0006f69cb49c3820,0x00034d5a0db3858d,0x00043aabe696b3bb}}, + {{0x00072c9aaa3221b1,0x000267774474f74d,0x000064b0e9b28085,0x0003f04ef53b27c9,0x0001d6edd5d2e531},{0x00025cd0944ea3bf,0x00075673b81a4d63,0x000150b925d1c0d4,0x00013f38d9294114,0x000461bea69283c9},{0x00036dc801b8b3a2,0x0000e0a7d4935e30,0x0001deb7cecc0d7d,0x000053a94e20dd2c,0x0007a9fbb1c6a0f9}}, + {{0x0006217e039d8064,0x0006dea408337e6d,0x00057ac112628206,0x000647cb65e30473,0x00049c05a51fadc9},{0x0006678aa6a8632f,0x0005ea3788d8b365,0x00021bd6d6994279,0x0007ace75919e4e3,0x00034b9ed338add7},{0x0004e8bf9045af1b,0x000514e33a45e0d6,0x0007533c5b8bfe0f,0x000583557b7e14c9,0x00073c172021b008}}, + {{0x00075b0249864348,0x00052ee11070262b,0x000237ae54fb5acd,0x0003bfd1d03aaab5,0x00018ab598029d5c},{0x000700848a802ade,0x0001e04605c4e5f7,0x0005c0d01b9767fb,0x0007d7889f42388b,0x0004275aae2546d8},{0x00032cc5fd6089e9,0x000426505c949b05,0x00046a18880c7ad2,0x0004a4221888ccda,0x0003dc65522b53df}}, + {{0x0007013b327fbf93,0x0001336eeded6a0d,0x0002b565a2bbf3af,0x000253ce89591955,0x0000267882d17602},{0x0000c222a2007f6d,0x000356b79bdb77ee,0x00041ee81efe12ce,0x000120a9bd07097d,0x000234fd7eec346f},{0x0000a119732ea378,0x00063bf1ba8e2a6c,0x00069f94cc90df9a,0x000431d1779bfc48,0x000497ba6fdaa097}}, + {{0x0003cd86468ccf0b,0x00048553221ac081,0x0006c9464b4e0a6e,0x00075fba84180403,0x00043b5cd4218d05},{0x0006cc0313cfeaa0,0x0001a313848da499,0x0007cb534219230a,0x00039596dedefd60,0x00061e22917f12de},{0x0002762f9bd0b516,0x0001c6e7fbddcbb3,0x00075909c3ace2bd,0x00042101972d3ec9,0x000511d61210ae4d}}, + {{0x000386484420de87,0x0002d6b25db68102,0x000650b4962873c0,0x0004081cfd271394,0x00071a7fe6fe2482},{0x000676ef950e9d81,0x0001b81ae089f258,0x00063c4922951883,0x0002f1d54d9b3237,0x0006d325924ddb85},{0x000182b8a5c8c854,0x00073fcbe5406d8e,0x0005de3430cff451,0x000554b967ac8c41,0x0004746c4b6559ee}}, + {{0x000546c864741147,0x0003a1df99092690,0x0001ca8cc9f4d6bb,0x00036b7fc9cd3b03,0x000219663497db5e},{0x00077b3c6dc69a2b,0x0004edf13ec2fa6e,0x0004e85ad77beac8,0x0007dba2b28e7bda,0x0005c9a51de34fe9},{0x0000f1cf79f10e67,0x00043ccb0a2b7ea2,0x00005089dfff776a,0x0001dd84e1d38b88,0x0004804503c60822}}, + {{0x000021d23a36d175,0x0004fd3373c6476d,0x00020e291eeed02a,0x00062f2ecf2e7210,0x000771e098858de4},{0x00049ed02ca37fc7,0x000474c2b5957884,0x0005b8388e816683,0x0004b6c454b76be4,0x000553398a516506},{0x0002f5d278451edf,0x000730b133997342,0x0006965420eb6975,0x000308a3bfa516cf,0x0005a5ed1d68ff5a}}, + {{0x0005e0c558527359,0x0003395b73afd75c,0x000072afa4e4b970,0x00062214329e0f6d,0x000019b60135fefd},{0x0005122afe150e83,0x0004afc966bb0232,0x0001c478833c8268,0x00017839c3fc148f,0x00044acb897d8bf9},{0x000068145e134b83,0x0001e4860982c3cc,0x000068fb5f13d799,0x0007c9283744547e,0x000150c49fde6ad2}}, + {{0x0001863c9cdca868,0x0003770e295a1709,0x0000d85a3720fd13,0x0005e0ff1f71ab06,0x00078a6d7791e05f},{0x0003f29509471138,0x000729eeb4ca31cf,0x00069c22b575bfbc,0x0004910857bce212,0x0006b2b5a075bb99},{0x0007704b47a0b976,0x0002ae82e91aab17,0x00050bd6429806cd,0x00068055158fd8ea,0x000725c7ffc4ad55}}, + {{0x00002bf71cd098c0,0x00049dabcc6cd230,0x00040a6533f905b2,0x000573efac2eb8a4,0x0004cd54625f855f},{0x00026715d1cf99b2,0x0002205441a69c88,0x000448427dcd4b54,0x0001d191e88abdc5,0x000794cc9277cb1f},{0x0006c426c2ac5053,0x0005a65ece4b095e,0x0000c44086f26bb6,0x0007429568197885,0x0007008357b6fcc8}}, + {{0x00039fbb82584a34,0x00047a568f257a03,0x00014d88091ead91,0x0002145b18b1ce24,0x00013a92a3669d6d},{0x0000672738773f01,0x000752bf799f6171,0x0006b4a6dae33323,0x0007b54696ead1dc,0x00006ef7e9851ad0},{0x0003771cc0577de5,0x0003ca06bb8b9952,0x00000b81c5d50390,0x00043512340780ec,0x0003c296ddf8a2af}}, + {{0x00034d2ebb1f2541,0x0000e815b723ff9d,0x000286b416e25443,0x0000bdfe38d1bee8,0x0000a892c7007477},{0x000515f9d914a713,0x00073191ff2255d5,0x00054f5cc2a4bdef,0x0003dd57fc118bcf,0x0007a99d393490c7},{0x0002ed2436bda3e8,0x00002afd00f291ea,0x0000be7381dea321,0x0003e952d4b2b193,0x000286762d28302f}}, + {{0x00058e2bce2ef5bd,0x00068ce8f78c6f8a,0x0006ee26e39261b2,0x00033d0aa50bcf9d,0x0007686f2a3d6f17},{0x000036093ce35b25,0x0003b64d7552e9cf,0x00071ee0fe0b8460,0x00069d0660c969e5,0x00032f1da046a9d9},{0x000512a66d597c6a,0x0000609a70a57551,0x000026c08a3c464c,0x0004531fc8ee39e1,0x000561305f8a9ad2}}, + {{0x0002cc28e7b0c0d5,0x00077b60eb8a6ce4,0x0004042985c277a6,0x000636657b46d3eb,0x000030a1aef2c57c},{0x0004978dec92aed1,0x000069adae7ca201,0x00011ee923290f55,0x00069641898d916c,0x00000aaec53e35d4},{0x0001f773003ad2aa,0x000005642cc10f76,0x00003b48f82cfca6,0x0002403c10ee4329,0x00020be9c1c24065}}, + {{0x0000e44ae2025e60,0x0005f97b9727041c,0x0005683472c0ecec,0x000188882eb1ce7c,0x00069764c545067e},{0x000387d8249673a6,0x0005bea8dc927c2a,0x0005bd8ed5650ef0,0x0000ef0e3fcd40e1,0x000750ab3361f0ac},{0x00023283a2f81037,0x000477aff97e23d1,0x0000b8958dbcbb68,0x0000205b97e8add6,0x00054f96b3fb7075}}, + {{0x0005afc616b11ecd,0x00039f4aec8f22ef,0x0003b39e1625d92e,0x0005f85bd4508873,0x00078e6839fbe85d},{0x0005f20429669279,0x00008fafae4941f5,0x00015d83c4eb7688,0x0001cf379eca4146,0x0003d7fe9c52bb75},{0x00032df737b8856b,0x0000608342f14e06,0x0003967889d74175,0x0001211907fba550,0x00070f268f350088}}, + {{0x0004112070dcf355,0x0007dcff9c22e464,0x00054ada60e03325,0x00025cd98eef769a,0x000404e56c039b8c},{0x00064583b1805f47,0x00022c1baf832cd0,0x000132c01bd4d717,0x0004ecf4c3a75b8f,0x0007c0d345cfad88},{0x00071f4b8c78338a,0x00062cfc16bc2b23,0x00017cf51280d9aa,0x0003bbae5e20a95a,0x00020d754762aaec}}, + {{0x0004feb135b9f543,0x00063bd192ad93ae,0x00044e2ea612cdf7,0x000670f4991583ab,0x00038b8ada8790b4},{0x0007c36fc73bb758,0x0004a6c797734bd1,0x0000ef248ab3950e,0x00063154c9a53ec8,0x0002b8f1e46f3cee},{0x00004a9cdf51f95d,0x0005d963fbd596b8,0x00022d9b68ace54a,0x0004a98e8836c599,0x000049aeb32ceba1}}, + {{0x00067d3c63dcfe7e,0x000112f0adc81aee,0x00053df04c827165,0x0002fe5b33b430f0,0x00051c665e0c8d62},{0x00007d0b75fc7931,0x00016f4ce4ba754a,0x0005ace4c03fbe49,0x00027e0ec12a159c,0x000795ee17530f67},{0x00025b0a52ecbd81,0x0005dc0695fce4a9,0x0003b928c575047d,0x00023bf3512686e5,0x0006cd19bf49dc54}}, + {{0x0007619052179ca3,0x0000c16593f0afd0,0x000265c4795c7428,0x00031c40515d5442,0x0007520f3db40b2e},{0x0006612165afc386,0x0001171aa36203ff,0x0002642ea820a8aa,0x0001f3bb7b313f10,0x0005e01b3a7429e4},{0x00050be3d39357a1,0x0003ab33d294a7b6,0x0004c479ba59edb3,0x0004c30d184d326f,0x00071092c9ccef3c}}, + {{0x0000523f0364918c,0x000687f56d638a7b,0x00020796928ad013,0x0005d38405a54f33,0x0000ea15b03d0257},{0x0003d8ac74051dcf,0x00010ab6f543d0ad,0x0005d0f3ac0fda90,0x0005ef1d2573e5e4,0x0004173a5bb7137a},{0x00056e31f0f9218a,0x0005635f88e102f8,0x0002cbc5d969a5b8,0x000533fbc98b347a,0x0005fc565614a4e3}}, + {{0x0006570dc46d7ae5,0x00018a9f1b91e26d,0x000436b6183f42ab,0x000550acaa4f8198,0x00062711c414c454},{0x0002e1e67790988e,0x0001e38b9ae44912,0x000648fbb4075654,0x00028df1d840cd72,0x0003214c7409d466},{0x0001827406651770,0x0004d144f286c265,0x00017488f0ee9281,0x00019e6cdb5c760c,0x0005bea94073ecb8}}, + {{0x0005bf0912c89be4,0x00062fadcaf38c83,0x00025ec196b3ce2c,0x00077655ff4f017b,0x0003aacd5c148f61},{0x0000ce63f343d2f8,0x0001e0a87d1e368e,0x000045edbc019eea,0x0006979aed28d0d1,0x0004ad0785944f1b},{0x00063b34c3318301,0x0000e0e62d04d0b1,0x000676a233726701,0x00029e9a042d9769,0x0003aff0cb1d9028}}, + {{0x0005c7eb3a20405e,0x0005fdb5aad930f8,0x0004a757e63b8c47,0x00028e9492972456,0x000110e7e86f4cd2},{0x0006430bf4c53505,0x000264c3e4507244,0x00074c9f19a39270,0x00073f84f799bc47,0x0002ccf9f732bd99},{0x0000d89ed603f5e4,0x00051e1604018af8,0x0000b8eedc4a2218,0x00051ba98b9384d0,0x00005c557e0b9693}}, + {{0x0001ce311fc97e6f,0x0006023f3fb5db1f,0x0007b49775e8fc98,0x0003ad70adbf5045,0x0006e154c178fe98},{0x0006bbb089c20eb0,0x0006df41fb0b9eee,0x00051087ed87e16f,0x000102db5c9fa731,0x000289fef0841861},{0x00016336fed69abf,0x0004f066b929f9ec,0x0004e9ff9e6c5b93,0x00018c89bc4bb2ba,0x0006afbf642a95ca}}, + {{0x0000de0c62f5d2c1,0x00049601cf734fb5,0x0006b5c38263f0f6,0x0004623ef5b56d06,0x0000db4b851b9503},{0x00055070f913a8cc,0x000765619eac2bbc,0x0003ab5225f47459,0x00076ced14ab5b48,0x00012c093cedb801},{0x00047f9308b8190f,0x000414235c621f82,0x00031f5ff41a5a76,0x0006736773aab96d,0x00033aa8799c6635}}, + {{0x0007f51ebd085cf2,0x00012cfa67e3f5e1,0x0001800cf1e3d46a,0x00054337615ff0a8,0x000233c6f29e8e21},{0x0000f588fc156cb1,0x000363414da4f069,0x0007296ad9b68aea,0x0004d3711316ae43,0x000212cd0c1c8d58},{0x0004d5107f18c781,0x00064a4fd3a51a5e,0x0004f4cd0448bb37,0x000671d38543151e,0x0001db7778911914}}, + {{0x000352397c6bc26f,0x00018a7aa0227bbe,0x0005e68cc1ea5f8b,0x0006fe3e3a7a1d5f,0x00031ad97ad26e2a},{0x00014769dd701ab6,0x00028339f1b4b667,0x0004ab214b8ae37b,0x00025f0aefa0b0fe,0x0007ae2ca8a017d2},{0x000017ed0920b962,0x000187e33b53b6fd,0x00055829907a1463,0x000641f248e0a792,0x0001ed1fc53a6622}} +}; + +// ****************** modm-donna-64bit.h *********************** // + +const bignum256modm modm_m = { + 0x12631a5cf5d3ed, 0xf9dea2f79cd658, + 0x000000000014de, 0x00000000000000, + 0x00000010000000 +}; + +const bignum256modm modm_mu = { + 0x9ce5a30a2c131b, 0x215d086329a7ed, + 0xffffffffeb2106, 0xffffffffffffff, + 0x00000fffffffff +}; + +// *************** ed25519-donna-basepoint-table.h *************** // + +/* multiples of the base point in packed {ysubx, xaddy, t2d} form */ +ALIGN(16) const byte ge25519_niels_base_multiples[256][96] = { + {0x3e,0x91,0x40,0xd7,0x05,0x39,0x10,0x9d,0xb3,0xbe,0x40,0xd1,0x05,0x9f,0x39,0xfd,0x09,0x8a,0x8f,0x68,0x34,0x84,0xc1,0xa5,0x67,0x12,0xf8,0x98,0x92,0x2f,0xfd,0x44,0x85,0x3b,0x8c,0xf5,0xc6,0x93,0xbc,0x2f,0x19,0x0e,0x8c,0xfb,0xc6,0x2d,0x93,0xcf,0xc2,0x42,0x3d,0x64,0x98,0x48,0x0b,0x27,0x65,0xba,0xd4,0x33,0x3a,0x9d,0xcf,0x07,0x59,0xbb,0x6f,0x4b,0x67,0x15,0xbd,0xdb,0xea,0xa5,0xa2,0xee,0x00,0x3f,0xe1,0x41,0xfa,0xc6,0x57,0xc9,0x1c,0x9d,0xd4,0xcd,0xca,0xec,0x16,0xaf,0x1f,0xbe,0x0e,0x4f}, + {0xa8,0xd5,0xb4,0x42,0x60,0xa5,0x99,0x8a,0xf6,0xac,0x60,0x4e,0x0c,0x81,0x2b,0x8f,0xaa,0x37,0x6e,0xb1,0x6b,0x23,0x9e,0xe0,0x55,0x25,0xc9,0x69,0xa6,0x95,0xb5,0x6b,0xd7,0x71,0x3c,0x93,0xfc,0xe7,0x24,0x92,0xb5,0xf5,0x0f,0x7a,0x96,0x9d,0x46,0x9f,0x02,0x07,0xd6,0xe1,0x65,0x9a,0xa6,0x5a,0x2e,0x2e,0x7d,0xa8,0x3f,0x06,0x0c,0x59,0x02,0x68,0xd3,0xda,0xaa,0x7e,0x34,0x6e,0x05,0x48,0xee,0x83,0x93,0x59,0xf3,0xba,0x26,0x68,0x07,0xe6,0x10,0xbe,0xca,0x3b,0xb8,0xd1,0x5e,0x16,0x0a,0x4f,0x31,0x49}, + {0x65,0xd2,0xfc,0xa4,0xe8,0x1f,0x61,0x56,0x7d,0xba,0xc1,0xe5,0xfd,0x53,0xd3,0x3b,0xbd,0xd6,0x4b,0x21,0x1a,0xf3,0x31,0x81,0x62,0xda,0x5b,0x55,0x87,0x15,0xb9,0x2a,0x30,0x97,0xee,0x4c,0xa8,0xb0,0x25,0xaf,0x8a,0x4b,0x86,0xe8,0x30,0x84,0x5a,0x02,0x32,0x67,0x01,0x9f,0x02,0x50,0x1b,0xc1,0xf4,0xf8,0x80,0x9a,0x1b,0x4e,0x16,0x7a,0x34,0x48,0x67,0xf1,0xf4,0x11,0xf2,0x9b,0x95,0xf8,0x2d,0xf6,0x17,0x6b,0x4e,0xb8,0x4e,0x2a,0x72,0x5b,0x07,0x6f,0xde,0xd7,0x21,0x2a,0xbb,0x63,0xb9,0x04,0x9a,0x54}, + {0xbf,0x18,0x68,0x05,0x0a,0x05,0xfe,0x95,0xa9,0xfa,0x60,0x56,0x71,0x89,0x7e,0x32,0x73,0x50,0xa0,0x06,0xcd,0xe3,0xe8,0xc3,0x9a,0xa4,0x45,0x74,0x4c,0x3f,0x93,0x27,0x9f,0x09,0xfc,0x8e,0xb9,0x51,0x73,0x28,0x38,0x25,0xfd,0x7d,0xf4,0xc6,0x65,0x67,0x65,0x92,0x0a,0xfb,0x3d,0x8d,0x34,0xca,0x27,0x87,0xe5,0x21,0x03,0x91,0x0e,0x68,0xb0,0x26,0x14,0xe5,0xec,0x45,0x1e,0xbf,0x94,0x0f,0xba,0x6d,0x3d,0xc6,0x2b,0xe3,0xc0,0x52,0xf8,0x8c,0xd5,0x74,0x29,0xe4,0x18,0x4c,0xe6,0xb0,0xb1,0x79,0xf0,0x44}, + {0xba,0xd6,0x47,0xa4,0xc3,0x82,0x91,0x7f,0xb7,0x29,0x27,0x4b,0xd1,0x14,0x00,0xd5,0x87,0xa0,0x64,0xb8,0x1c,0xf1,0x3c,0xe3,0xf3,0x55,0x1b,0xeb,0x73,0x7e,0x4a,0x15,0x33,0xbb,0xa5,0x08,0x44,0xbc,0x12,0xa2,0x02,0xed,0x5e,0xc7,0xc3,0x48,0x50,0x8d,0x44,0xec,0xbf,0x5a,0x0c,0xeb,0x1b,0xdd,0xeb,0x06,0xe2,0x46,0xf1,0xcc,0x45,0x29,0xb3,0x03,0xd0,0xe7,0x79,0xa1,0x32,0xc8,0x7e,0x4d,0x12,0x00,0x0a,0x9d,0x72,0x5f,0xf3,0x8f,0x6d,0x0e,0xa1,0xd4,0xc1,0x62,0x98,0x7a,0xb2,0x38,0x59,0xac,0xb8,0x68}, + {0xa4,0x8c,0x7d,0x7b,0xb6,0x06,0x98,0x49,0x39,0x27,0xd2,0x27,0x84,0xe2,0x5b,0x57,0xb9,0x53,0x45,0x20,0xe7,0x5c,0x08,0xbb,0x84,0x78,0x41,0xae,0x41,0x4c,0xb6,0x38,0x31,0x71,0x15,0x77,0xeb,0xee,0x0c,0x3a,0x88,0xaf,0xc8,0x00,0x89,0x15,0x27,0x9b,0x36,0xa7,0x59,0xda,0x68,0xb6,0x65,0x80,0xbd,0x38,0xcc,0xa2,0xb6,0x7b,0xe5,0x51,0xa4,0xe3,0x9d,0x68,0x91,0xad,0x9d,0x8f,0x37,0x91,0xfb,0xf8,0x28,0x24,0x5f,0x17,0x88,0xb9,0xcf,0x9f,0x32,0xb5,0x0a,0x05,0x9f,0xc0,0x54,0x13,0xa2,0xdf,0x65,0x78}, + {0xb1,0x21,0x32,0xaa,0x9a,0x2c,0x6f,0xba,0xa7,0x23,0xba,0x3b,0x53,0x21,0xa0,0x6c,0x3a,0x2c,0x19,0x92,0x4f,0x76,0xea,0x9d,0xe0,0x17,0x53,0x2e,0x5d,0xdd,0x6e,0x1d,0xbf,0xa3,0x4e,0x94,0xd0,0x5c,0x1a,0x6b,0xd2,0xc0,0x9d,0xb3,0x3a,0x35,0x70,0x74,0x49,0x2e,0x54,0x28,0x82,0x52,0xb2,0x71,0x7e,0x92,0x3c,0x28,0x69,0xea,0x1b,0x46,0x36,0xda,0x0f,0xab,0xac,0x8a,0x7a,0x21,0xc8,0x49,0x35,0x3d,0x54,0xc6,0x28,0xa5,0x68,0x75,0xab,0x13,0x8b,0x5b,0xd0,0x37,0x37,0xbc,0x2c,0x3a,0x62,0xef,0x3c,0x23}, + {0xd9,0x34,0x92,0xf3,0xed,0x5d,0xa7,0xe2,0xf9,0x58,0xb5,0xe1,0x80,0x76,0x3d,0x96,0xfb,0x23,0x3c,0x6e,0xac,0x41,0x27,0x2c,0xc3,0x01,0x0e,0x32,0xa1,0x24,0x90,0x3a,0x8f,0x3e,0xdd,0x04,0x66,0x59,0xb7,0x59,0x2c,0x70,0x88,0xe2,0x77,0x03,0xb3,0x6c,0x23,0xc3,0xd9,0x5e,0x66,0x9c,0x33,0xb1,0x2f,0xe5,0xbc,0x61,0x60,0xe7,0x15,0x09,0x7e,0xa3,0x34,0xa8,0x35,0xe8,0x7d,0xdf,0xea,0x57,0x98,0x68,0xda,0x9c,0xe1,0x8b,0x26,0xb3,0x67,0x71,0x36,0x85,0x11,0x2c,0xc2,0xd5,0xef,0xdb,0xd9,0xb3,0x9e,0x58}, + {0x5e,0x51,0xaa,0x49,0x54,0x63,0x5b,0xed,0x3a,0x82,0xc6,0x0b,0x9f,0xc4,0x65,0xa8,0xc4,0xd1,0x42,0x5b,0xe9,0x1f,0x0c,0x85,0xb9,0x15,0xd3,0x03,0x6f,0x6d,0xd7,0x30,0x1d,0x9c,0x2f,0x63,0x0e,0xdd,0xcc,0x2e,0x15,0x31,0x89,0x76,0x96,0xb6,0xd0,0x51,0x58,0x7a,0x63,0xa8,0x6b,0xb7,0xdf,0x52,0x39,0xef,0x0e,0xa0,0x49,0x7d,0xd3,0x6d,0xc7,0xe4,0x06,0x21,0x17,0x44,0x44,0x6c,0x69,0x7f,0x8d,0x92,0x80,0xd6,0x53,0xfb,0x26,0x3f,0x4d,0x69,0xa4,0x9e,0x73,0xb4,0xb0,0x4b,0x86,0x2e,0x11,0x97,0xc6,0x10}, + {0xde,0x5f,0xbe,0x7d,0x27,0xc4,0x93,0x64,0xa2,0x7e,0xad,0x19,0xad,0x4f,0x5d,0x26,0x90,0x45,0x30,0x46,0xc8,0xdf,0x00,0x0e,0x09,0xfe,0x66,0xed,0xab,0x1c,0xe6,0x25,0x05,0xc8,0x58,0x83,0xa0,0x2a,0xa6,0x0c,0x47,0x42,0x20,0x7a,0xe3,0x4a,0x3d,0x6a,0xdc,0xed,0x11,0x3b,0xa6,0xd3,0x64,0x74,0xef,0x06,0x08,0x55,0xaf,0x9b,0xbf,0x03,0x04,0x66,0x58,0xcc,0x28,0xe1,0x13,0x3f,0x7e,0x74,0x59,0xb4,0xec,0x73,0x58,0x6f,0xf5,0x68,0x12,0xcc,0xed,0x3d,0xb6,0xa0,0x2c,0xe2,0x86,0x45,0x63,0x78,0x6d,0x56}, + {0x34,0x08,0xc1,0x9c,0x9f,0xa4,0x37,0x16,0x51,0xc4,0x9b,0xa8,0xd5,0x56,0x8e,0xbc,0xdb,0xd2,0x7f,0x7f,0x0f,0xec,0xb5,0x1c,0xd9,0x35,0xcc,0x5e,0xca,0x5b,0x97,0x33,0xd0,0x2f,0x5a,0xc6,0x85,0x42,0x05,0xa1,0xc3,0x67,0x16,0xf3,0x2a,0x11,0x64,0x6c,0x58,0xee,0x1a,0x73,0x40,0xe2,0x0a,0x68,0x2a,0xb2,0x93,0x47,0xf3,0xa5,0xfb,0x14,0xd4,0xf7,0x85,0x69,0x16,0x46,0xd7,0x3c,0x57,0x00,0xc8,0xc9,0x84,0x5e,0x3e,0x59,0x1e,0x13,0x61,0x7b,0xb6,0xf2,0xc3,0x2f,0x6c,0x52,0xfc,0x83,0xea,0x9c,0x82,0x14}, + {0xc2,0x95,0xdd,0x97,0x84,0x7b,0x43,0xff,0xa7,0xb5,0x4e,0xaa,0x30,0x4e,0x74,0x6c,0x8b,0xe8,0x85,0x3c,0x61,0x5d,0x0c,0x9e,0x73,0x81,0x75,0x5f,0x1e,0xc7,0xd9,0x2f,0xb8,0xec,0x71,0x4e,0x2f,0x0b,0xe7,0x21,0xe3,0x77,0xa4,0x40,0xb9,0xdd,0x56,0xe6,0x80,0x4f,0x1d,0xce,0xce,0x56,0x65,0xbf,0x7e,0x7b,0x5d,0x53,0xc4,0x3b,0xfc,0x05,0xdd,0xde,0xaf,0x52,0xae,0xb3,0xb8,0x24,0xcf,0x30,0x3b,0xed,0x8c,0x63,0x95,0x34,0x95,0x81,0xbe,0xa9,0x83,0xbc,0xa4,0x33,0x04,0x1f,0x65,0x5c,0x47,0x67,0x37,0x37}, + {0xd9,0xad,0xd1,0x40,0xfd,0x99,0xba,0x2f,0x27,0xd0,0xf4,0x96,0x6f,0x16,0x07,0xb3,0xae,0x3b,0xf0,0x15,0x52,0xf0,0x63,0x43,0x99,0xf9,0x18,0x3b,0x6c,0xa5,0xbe,0x1f,0x90,0x65,0x24,0x14,0xcb,0x95,0x40,0x63,0x35,0x55,0xc1,0x16,0x40,0x14,0x12,0xef,0x60,0xbc,0x10,0x89,0x0c,0x14,0x38,0x9e,0x8c,0x7c,0x90,0x30,0x57,0x90,0xf5,0x6b,0x8a,0x5b,0x41,0xe1,0xf1,0x78,0xa7,0x0f,0x7e,0xa7,0xc3,0xba,0xf7,0x9f,0x40,0x06,0x50,0x9a,0xa2,0x9a,0xb8,0xd7,0x52,0x6f,0x56,0x5a,0x63,0x7a,0xf6,0x1c,0x52,0x02}, + {0x94,0x52,0x9d,0x0a,0x0b,0xee,0x3f,0x51,0x66,0x5a,0xdf,0x0f,0x5c,0xe7,0x98,0x8f,0xce,0x07,0xe1,0xbf,0x88,0x86,0x61,0xd4,0xed,0x2c,0x38,0x71,0x7e,0x0a,0xa0,0x3f,0xe4,0x5e,0x2f,0x77,0x20,0x67,0x14,0xb1,0xce,0x9a,0x07,0x96,0xb1,0x94,0xf8,0xe8,0x4a,0x82,0xac,0x00,0x4d,0x22,0xf8,0x4a,0xc4,0x6c,0xcd,0xf7,0xd9,0x53,0x17,0x00,0x34,0xdb,0x3d,0x96,0x2d,0x23,0x69,0x3c,0x58,0x38,0x97,0xb4,0xda,0x87,0xde,0x1d,0x85,0xf2,0x91,0xa0,0xf9,0xd1,0xd7,0xaa,0xb6,0xed,0x48,0xa0,0x2f,0xfe,0xb5,0x12}, + {0x4d,0xe3,0xfc,0x96,0xc4,0xfb,0xf0,0x71,0xed,0x5b,0xf3,0xad,0x6b,0x82,0xb9,0x73,0x61,0xc5,0x28,0xff,0x61,0x72,0x04,0xd2,0x6f,0x20,0xb1,0x6f,0xf9,0x76,0x9b,0x74,0x92,0x1e,0x6f,0xad,0x26,0x7c,0x2b,0xdf,0x13,0x89,0x4b,0x50,0x23,0xd3,0x66,0x4b,0xc3,0x8b,0x1c,0x75,0xc0,0x9d,0x40,0x8c,0xb8,0xc7,0x96,0x07,0xc2,0x93,0x7e,0x6f,0x05,0xae,0xa6,0xae,0x04,0xf6,0x5a,0x1f,0x99,0x9c,0xe4,0xbe,0xf1,0x51,0x23,0xc1,0x66,0x6b,0xff,0xee,0xb5,0x08,0xa8,0x61,0x51,0x21,0xe0,0x01,0x0f,0xc1,0xce,0x0f}, + {0x44,0x1e,0xfe,0x49,0xa6,0x58,0x4d,0x64,0x7e,0x77,0xad,0x31,0xa2,0xae,0xfc,0x21,0xd2,0xd0,0x7f,0x88,0x5a,0x1c,0x44,0x02,0xf3,0x11,0xc5,0x83,0x71,0xaa,0x01,0x49,0x45,0x4e,0x24,0xc4,0x9d,0xd2,0xf2,0x3d,0x0a,0xde,0xd8,0x93,0x74,0x0e,0x02,0x2b,0x4d,0x21,0x0c,0x82,0x7e,0x06,0xc8,0x6c,0x0a,0xb9,0xea,0x6f,0x16,0x79,0x37,0x41,0xf0,0xf8,0x1a,0x8c,0x54,0xb7,0xb1,0x08,0xb4,0x99,0x62,0x24,0x7c,0x7a,0x0f,0xce,0x39,0xd9,0x06,0x1e,0xf9,0xb0,0x60,0xf7,0x13,0x12,0x6d,0x72,0x7b,0x88,0xbb,0x41}, + {0xbe,0x46,0x43,0x74,0x44,0x7d,0xe8,0x40,0x25,0x2b,0xb5,0x15,0xd4,0xda,0x48,0x1d,0x3e,0x60,0x3b,0xa1,0x18,0x8a,0x3a,0x7c,0xf7,0xbd,0xcd,0x2f,0xc1,0x28,0xb7,0x4e,0xae,0x91,0x66,0x7c,0x59,0x4c,0x23,0x7e,0xc8,0xb4,0x85,0x0a,0x3d,0x9d,0x88,0x64,0xe7,0xfa,0x4a,0x35,0x0c,0xc9,0xe2,0xda,0x1d,0x9e,0x6a,0x0c,0x07,0x1e,0x87,0x0a,0x89,0x89,0xbc,0x4b,0x99,0xb5,0x01,0x33,0x60,0x42,0xdd,0x5b,0x3a,0xae,0x6b,0x73,0x3c,0x9e,0xd5,0x19,0xe2,0xad,0x61,0x0d,0x64,0xd4,0x85,0x26,0x0f,0x30,0xe7,0x3e}, + {0xb7,0xd6,0x7d,0x9e,0xe4,0x55,0xd2,0xf5,0xac,0x1e,0x0b,0x61,0x5c,0x11,0x16,0x80,0xca,0x87,0xe1,0x92,0x5d,0x97,0x99,0x3c,0xc2,0x25,0x91,0x97,0x62,0x57,0x81,0x13,0x18,0x75,0x1e,0x84,0x47,0x79,0xfa,0x43,0xd7,0x46,0x9c,0x63,0x59,0xfa,0xc6,0xe5,0x74,0x2b,0x05,0xe3,0x1d,0x5e,0x06,0xa1,0x30,0x90,0xb8,0xcf,0xa2,0xc6,0x47,0x7d,0xe0,0xd6,0xf0,0x8e,0x14,0xd0,0xda,0x3f,0x3c,0x6f,0x54,0x91,0x9a,0x74,0x3e,0x9d,0x57,0x81,0xbb,0x26,0x10,0x62,0xec,0x71,0x80,0xec,0xc9,0x34,0x8d,0xf5,0x8c,0x14}, + {0x27,0xf0,0x34,0x79,0xf6,0x92,0xa4,0x46,0xa9,0x0a,0x84,0xf6,0xbe,0x84,0x99,0x46,0x54,0x18,0x61,0x89,0x2a,0xbc,0xa1,0x5c,0xd4,0xbb,0x5d,0xbd,0x1e,0xfa,0xf2,0x3f,0x6d,0x75,0xe4,0x9a,0x7d,0x2f,0x57,0xe2,0x7f,0x48,0xf3,0x88,0xbb,0x45,0xc3,0x56,0x8d,0xa8,0x60,0x69,0x6d,0x0b,0xd1,0x9f,0xb9,0xa1,0xae,0x4e,0xad,0xeb,0x8f,0x27,0x66,0x39,0x93,0x8c,0x1f,0x68,0xaa,0xb1,0x98,0x0c,0x29,0x20,0x9c,0x94,0x21,0x8c,0x52,0x3c,0x9d,0x21,0x91,0x52,0x11,0x39,0x7b,0x67,0x9c,0xfe,0x02,0xdd,0x04,0x41}, + {0x2a,0x42,0x24,0x11,0x5e,0xbf,0xb2,0x72,0xb5,0x3a,0xa3,0x98,0x33,0x0c,0xfa,0xa1,0x66,0xb6,0x52,0xfa,0x01,0x61,0xcb,0x94,0xd5,0x53,0xaf,0xaf,0x00,0x3b,0x86,0x2c,0xb8,0x6a,0x09,0xdb,0x06,0x4e,0x21,0x81,0x35,0x4f,0xe4,0x0c,0xc9,0xb6,0xa8,0x21,0xf5,0x2a,0x9e,0x40,0x2a,0xc1,0x24,0x65,0x81,0xa4,0xfc,0x8e,0xa4,0xb5,0x65,0x01,0x76,0x6a,0x84,0xa0,0x74,0xa4,0x90,0xf1,0xc0,0x7c,0x2f,0xcd,0x84,0xf9,0xef,0x12,0x8f,0x2b,0xaa,0x58,0x06,0x29,0x5e,0x69,0xb8,0xc8,0xfe,0xbf,0xd9,0x67,0x1b,0x59}, + {0xfa,0x9b,0xb4,0x80,0x1c,0x0d,0x2f,0x31,0x8a,0xec,0xf3,0xab,0x5e,0x51,0x79,0x59,0x88,0x1c,0xf0,0x9e,0xc0,0x33,0x70,0x72,0xcb,0x7b,0x8f,0xca,0xc7,0x2e,0xe0,0x3d,0x5d,0xb5,0x18,0x9f,0x71,0xb3,0xb9,0x99,0x1e,0x64,0x8c,0xa1,0xfa,0xe5,0x65,0xe4,0xed,0x05,0x9f,0xc2,0x36,0x11,0x08,0x61,0x8b,0x12,0x30,0x70,0x86,0x4f,0x9b,0x48,0xef,0x92,0xeb,0x3a,0x2d,0x10,0x32,0xd2,0x61,0xa8,0x16,0x61,0xb4,0x53,0x62,0xe1,0x24,0xaa,0x0b,0x19,0xe7,0xab,0x7e,0x3d,0xbf,0xbe,0x6c,0x49,0xba,0xfb,0xf5,0x49}, + {0xd4,0xcf,0x5b,0x8a,0x10,0x9a,0x94,0x30,0xeb,0x73,0x64,0xbc,0x70,0xdd,0x40,0xdc,0x1c,0x0d,0x7c,0x30,0xc1,0x94,0xc2,0x92,0x74,0x6e,0xfa,0xcb,0x6d,0xa8,0x04,0x56,0x2e,0x57,0x9c,0x1e,0x8c,0x62,0x5d,0x15,0x41,0x47,0x88,0xc5,0xac,0x86,0x4d,0x8a,0xeb,0x63,0x57,0x51,0xf6,0x52,0xa3,0x91,0x5b,0x51,0x67,0x88,0xc2,0xa6,0xa1,0x06,0xb6,0x64,0x17,0x7c,0xd4,0xd1,0x88,0x72,0x51,0x8b,0x41,0xe0,0x40,0x11,0x54,0x72,0xd1,0xf6,0xac,0x18,0x60,0x1a,0x03,0x9f,0xc6,0x42,0x27,0xfe,0x89,0x9e,0x98,0x20}, + {0x7f,0xcc,0x2d,0x3a,0xfd,0x77,0x97,0x49,0x92,0xd8,0x4f,0xa5,0x2c,0x7c,0x85,0x32,0xa0,0xe3,0x07,0xd2,0x64,0xd8,0x79,0xa2,0x29,0x7e,0xa6,0x0c,0x1d,0xed,0x03,0x04,0x2e,0xec,0xea,0x85,0x8b,0x27,0x74,0x16,0xdf,0x2b,0xcb,0x7a,0x07,0xdc,0x21,0x56,0x5a,0xf4,0xcb,0x61,0x16,0x4c,0x0a,0x64,0xd3,0x95,0x05,0xf7,0x50,0x99,0x0b,0x73,0x52,0xc5,0x4e,0x87,0x35,0x2d,0x4b,0xc9,0x8d,0x6f,0x24,0x98,0xcf,0xc8,0xe6,0xc5,0xce,0x35,0xc0,0x16,0xfa,0x46,0xcb,0xf7,0xcc,0x3d,0x30,0x08,0x43,0x45,0xd7,0x5b}, + {0xc2,0x4c,0xb2,0x28,0x95,0xd1,0x9a,0x7f,0x81,0xc1,0x35,0x63,0x65,0x54,0x6b,0x7f,0x36,0x72,0xc0,0x4f,0x6e,0xb6,0xb8,0x66,0x83,0xad,0x80,0x73,0x00,0x78,0x3a,0x13,0x2a,0x79,0xe7,0x15,0x21,0x93,0xc4,0x85,0xc9,0xdd,0xcd,0xbd,0xa2,0x89,0x4c,0xc6,0x62,0xd7,0xa3,0xad,0xa8,0x3d,0x1e,0x9d,0x2c,0xf8,0x67,0x30,0x12,0xdb,0xb7,0x5b,0xbe,0x62,0xca,0xc6,0x67,0xf4,0x61,0x09,0xee,0x52,0x19,0x21,0xd6,0x21,0xec,0x04,0x70,0x47,0xd5,0x9b,0x77,0x60,0x23,0x18,0xd2,0xe0,0xf0,0x58,0x6d,0xca,0x0d,0x74}, + {0x4e,0xce,0xcf,0x52,0x07,0xee,0x48,0xdf,0xb7,0x08,0xec,0x06,0xf3,0xfa,0xff,0xc3,0xc4,0x59,0x54,0xb9,0x2a,0x0b,0x71,0x05,0x8d,0xa3,0x3e,0x96,0xfa,0x25,0x1d,0x16,0x3c,0x43,0x78,0x04,0x57,0x8c,0x1a,0x23,0x9d,0x43,0x81,0xc2,0x0e,0x27,0xb5,0xb7,0x9f,0x07,0xd9,0xe3,0xea,0x99,0xaa,0xdb,0xd9,0x03,0x2b,0x6c,0x25,0xf5,0x03,0x2c,0x7d,0xa4,0x53,0x7b,0x75,0x18,0x0f,0x79,0x79,0x58,0x0c,0xcf,0x30,0x01,0x7b,0x30,0xf9,0xf7,0x7e,0x25,0x77,0x3d,0x90,0x31,0xaf,0xbb,0x96,0xbd,0xbd,0x68,0x94,0x69}, + {0xcf,0xfe,0xda,0xf4,0x46,0x2f,0x1f,0xbd,0xf7,0xd6,0x7f,0xa4,0x14,0x01,0xef,0x7c,0x7f,0xb3,0x47,0x4a,0xda,0xfd,0x1f,0xd3,0x85,0x57,0x90,0x73,0xa4,0x19,0x52,0x52,0x48,0x19,0xa9,0x6a,0xe6,0x3d,0xdd,0xd8,0xcc,0xd2,0xc0,0x2f,0xc2,0x64,0x50,0x48,0x2f,0xea,0xfd,0x34,0x66,0x24,0x48,0x9b,0x3a,0x2e,0x4a,0x6c,0x4e,0x1c,0x3e,0x29,0xe1,0x12,0x51,0x92,0x4b,0x13,0x6e,0x37,0xa0,0x5d,0xa1,0xdc,0xb5,0x78,0x37,0x70,0x11,0x31,0x1c,0x46,0xaf,0x89,0x45,0xb0,0x23,0x28,0x03,0x7f,0x44,0x5c,0x60,0x5b}, + {0x89,0x7c,0xc4,0x20,0x59,0x80,0x65,0xb9,0xcc,0x8f,0x3b,0x92,0x0c,0x10,0xf0,0xe7,0x77,0xef,0xe2,0x02,0x65,0x25,0x01,0x00,0xee,0xb3,0xae,0xa8,0xce,0x6d,0xa7,0x24,0x4c,0xf0,0xe7,0xf0,0xc6,0xfe,0xe9,0x3b,0x62,0x49,0xe3,0x75,0x9e,0x57,0x6a,0x86,0x1a,0xe6,0x1d,0x1e,0x16,0xef,0x42,0x55,0xd5,0xbd,0x5a,0xcc,0xf4,0xfe,0x12,0x2f,0x40,0xc7,0xc0,0xdf,0xb2,0x22,0x45,0x0a,0x07,0xa4,0xc9,0x40,0x7f,0x6e,0xd0,0x10,0x68,0xf6,0xcf,0x78,0x41,0x14,0xcf,0xc6,0x90,0x37,0xa4,0x18,0x25,0x7b,0x60,0x5e}, + {0x18,0x18,0xdf,0x6c,0x8f,0x1d,0xb3,0x58,0xa2,0x58,0x62,0xc3,0x4f,0xa7,0xcf,0x35,0x6e,0x1d,0xe6,0x66,0x4f,0xff,0xb3,0xe1,0xf7,0xd5,0xcd,0x6c,0xab,0xac,0x67,0x50,0x14,0xcf,0x96,0xa5,0x1c,0x43,0x2c,0xa0,0x00,0xe4,0xd3,0xae,0x40,0x2d,0xc4,0xe3,0xdb,0x26,0x0f,0x2e,0x80,0x26,0x45,0xd2,0x68,0x70,0x45,0x9e,0x13,0x33,0x1f,0x20,0x51,0x9d,0x03,0x08,0x6b,0x7f,0x52,0xfd,0x06,0x00,0x7c,0x01,0x64,0x49,0xb1,0x18,0xa8,0xa4,0x25,0x2e,0xb0,0x0e,0x22,0xd5,0x75,0x03,0x46,0x62,0x88,0xba,0x7c,0x39}, + {0xb2,0x59,0x59,0xf0,0x93,0x30,0xc1,0x30,0x76,0x79,0xa9,0xe9,0x8d,0xa1,0x3a,0xe2,0x26,0x5e,0x1d,0x72,0x91,0xd4,0x2f,0x22,0x3a,0x6c,0x6e,0x76,0x20,0xd3,0x39,0x23,0xe7,0x79,0x13,0xc8,0xfb,0xc3,0x15,0x78,0xf1,0x2a,0xe1,0xdd,0x20,0x94,0x61,0xa6,0xd5,0xfd,0xa8,0x85,0xf8,0xc0,0xa9,0xff,0x52,0xc2,0xe1,0xc1,0x22,0x40,0x1b,0x77,0xa7,0x2f,0x3a,0x51,0x86,0xd9,0x7d,0xd8,0x08,0xcf,0xd4,0xf9,0x71,0x9b,0xac,0xf5,0xb3,0x83,0xa2,0x1e,0x1b,0xc3,0x6b,0xd0,0x76,0x1a,0x97,0x19,0x92,0x18,0x1a,0x33}, + {0xc6,0x80,0x4f,0xfb,0x45,0x6f,0x16,0xf5,0xcf,0x75,0xc7,0x61,0xde,0xc7,0x36,0x9c,0x1c,0xd9,0x41,0x90,0x1b,0xe8,0xd4,0xe3,0x21,0xfe,0xbd,0x83,0x6b,0x7c,0x16,0x31,0xaf,0x72,0x75,0x9d,0x3a,0x2f,0x51,0x26,0x9e,0x4a,0x07,0x68,0x88,0xe2,0xcb,0x5b,0xc4,0xf7,0x80,0x11,0xc1,0xc1,0xed,0x84,0x7b,0xa6,0x49,0xf6,0x9f,0x61,0xc9,0x1a,0x68,0x10,0x4b,0x52,0x42,0x38,0x2b,0xf2,0x87,0xe9,0x9c,0xee,0x3b,0x34,0x68,0x50,0xc8,0x50,0x62,0x4a,0x84,0x71,0x9d,0xfc,0x11,0xb1,0x08,0x1f,0x34,0x36,0x24,0x61}, + {0x8d,0x89,0x4e,0x87,0xdb,0x41,0x9d,0xd9,0x20,0xdc,0x07,0x6c,0xf1,0xa5,0xfe,0x09,0xbc,0x9b,0x0f,0xd0,0x67,0x2c,0x3d,0x79,0x40,0xff,0x5e,0x9e,0x30,0xe2,0xeb,0x46,0x38,0x26,0x2d,0x1a,0xe3,0x49,0x63,0x8b,0x35,0xfd,0xd3,0x9b,0x00,0xb7,0xdf,0x9d,0xa4,0x6b,0xa0,0xa3,0xb8,0xf1,0x8b,0x7f,0x45,0x04,0xd9,0x78,0x31,0xaa,0x22,0x15,0x38,0x49,0x61,0x69,0x53,0x2f,0x38,0x2c,0x10,0x6d,0x2d,0xb7,0x9a,0x40,0xfe,0xda,0x27,0xf2,0x46,0xb6,0x91,0x33,0xc8,0xe8,0x6c,0x30,0x24,0x05,0xf5,0x70,0xfe,0x45}, + {0x8c,0x0b,0x0c,0x96,0xa6,0x75,0x48,0xda,0x20,0x2f,0x0e,0xef,0x76,0xd0,0x68,0x5b,0xd4,0x8f,0x0b,0x3d,0xcf,0x51,0xfb,0x07,0xd4,0x92,0xe3,0xa0,0x23,0x16,0x8d,0x42,0x91,0x14,0x95,0xc8,0x20,0x49,0xf2,0x62,0xa2,0x0c,0x63,0x3f,0xc8,0x07,0xf0,0x05,0xb8,0xd4,0xc9,0xf5,0xd2,0x45,0xbb,0x6f,0x45,0x22,0x7a,0xb5,0x6d,0x9f,0x61,0x16,0xfd,0x08,0xa3,0x01,0x44,0x4a,0x4f,0x08,0xac,0xca,0xa5,0x76,0xc3,0x19,0x22,0xa8,0x7d,0xbc,0xd1,0x43,0x46,0xde,0xb8,0xde,0xc6,0x38,0xbd,0x60,0x2d,0x59,0x81,0x1d}, + {0x5f,0xac,0x0d,0xa6,0x56,0x87,0x36,0x61,0x57,0xdc,0xab,0xeb,0x6a,0x2f,0xe0,0x17,0x7d,0x0f,0xce,0x4c,0x2d,0x3f,0x19,0x7f,0xf0,0xdc,0xec,0x89,0x77,0x4a,0x23,0x20,0xe8,0xc5,0x85,0x7b,0x9f,0xb6,0x65,0x87,0xb2,0xba,0x68,0xd1,0x8b,0x67,0xf0,0x6f,0x9b,0x0f,0x33,0x1d,0x7c,0xe7,0x70,0x3a,0x7c,0x8e,0xaf,0xb0,0x51,0x6d,0x5f,0x3a,0x52,0xb2,0x78,0x71,0xb6,0x0d,0xd2,0x76,0x60,0xd1,0x1e,0xd5,0xf9,0x34,0x1c,0x07,0x70,0x11,0xe4,0xb3,0x20,0x4a,0x2a,0xf6,0x66,0xe3,0xff,0x3c,0x35,0x82,0xd6,0x7c}, + {0xb6,0xfa,0x87,0xd8,0x5b,0xa4,0xe1,0x0b,0x6e,0x3b,0x40,0xba,0x32,0x6a,0x84,0x2a,0x00,0x60,0x6e,0xe9,0x12,0x10,0x92,0xd9,0x43,0x09,0xdc,0x3b,0x86,0xc8,0x38,0x28,0xf3,0xf4,0xac,0x68,0x60,0xcd,0x65,0xa6,0xd3,0xe3,0xd7,0x3c,0x18,0x2d,0xd9,0x42,0xd9,0x25,0x60,0x33,0x9d,0x38,0x59,0x57,0xff,0xd8,0x2c,0x2b,0x3b,0x25,0xf0,0x3e,0x30,0x50,0x46,0x4a,0xcf,0xb0,0x6b,0xd1,0xab,0x77,0xc5,0x15,0x41,0x6b,0x49,0xfa,0x9d,0x41,0xab,0xf4,0x8a,0xae,0xcf,0x82,0x12,0x28,0xa8,0x06,0xa6,0xb8,0xdc,0x21}, + {0xc8,0x9f,0x9d,0x8c,0x46,0x04,0x60,0x5c,0xcb,0xa3,0x2a,0xd4,0x6e,0x09,0x40,0x25,0x9c,0x2f,0xee,0x12,0x4c,0x4d,0x5b,0x12,0xab,0x1d,0xa3,0x94,0x81,0xd0,0xc3,0x0b,0xba,0x31,0x77,0xbe,0xfa,0x00,0x8d,0x9a,0x89,0x18,0x9e,0x62,0x7e,0x60,0x03,0x82,0x7f,0xd9,0xf3,0x43,0x37,0x02,0xcc,0xb2,0x8b,0x67,0x6f,0x6c,0xbf,0x0d,0x84,0x5d,0x8b,0xe1,0x9f,0x30,0x0d,0x38,0x6e,0x70,0xc7,0x65,0xe1,0xb9,0xa6,0x2d,0xb0,0x6e,0xab,0x20,0xae,0x7d,0x99,0xba,0xbb,0x57,0xdd,0x96,0xc1,0x2a,0x23,0x76,0x42,0x3a}, + {0xfa,0x84,0x70,0x8a,0x2c,0x43,0x42,0x4b,0x45,0xe5,0xb9,0xdf,0xe3,0x19,0x8a,0x89,0x5d,0xe4,0x58,0x9c,0x21,0x00,0x9f,0xbe,0xd1,0xeb,0x6d,0xa1,0xce,0x77,0xf1,0x1f,0xcb,0x7e,0x44,0xdb,0x72,0xc1,0xf8,0x3b,0xbd,0x2d,0x28,0xc6,0x1f,0xc4,0xcf,0x5f,0xfe,0x15,0xaa,0x75,0xc0,0xff,0xac,0x80,0xf9,0xa9,0xe1,0x24,0xe8,0xc9,0x70,0x07,0xfd,0xb5,0xb5,0x45,0x9a,0xd9,0x61,0xcf,0x24,0x79,0x3a,0x1b,0xe9,0x84,0x09,0x86,0x89,0x3e,0x3e,0x30,0x19,0x09,0x30,0xe7,0x1e,0x0b,0x50,0x41,0xfd,0x64,0xf2,0x39}, + {0x9c,0xe2,0xe7,0xdb,0x17,0x34,0xad,0xa7,0x9c,0x13,0x9c,0x2b,0x6a,0x37,0x94,0xbd,0xa9,0x7b,0x59,0x93,0x8e,0x1b,0xe9,0xa0,0x40,0x98,0x88,0x68,0x34,0xd7,0x12,0x17,0xe1,0x7b,0x09,0xfe,0xab,0x4a,0x9b,0xd1,0x29,0x19,0xe0,0xdf,0xe1,0xfc,0x6d,0xa4,0xff,0xf1,0xa6,0x2c,0x94,0x08,0xc9,0xc3,0x4e,0xf1,0x35,0x2c,0x27,0x21,0xc6,0x65,0xdd,0x93,0x31,0xce,0xf8,0x89,0x2b,0xe7,0xbb,0xc0,0x25,0xa1,0x56,0x33,0x10,0x4d,0x83,0xfe,0x1c,0x2e,0x3d,0xa9,0x19,0x04,0x72,0xe2,0x9c,0xb1,0x0a,0x80,0xf9,0x22}, + {0xcb,0xf8,0x9e,0x3e,0x8a,0x36,0x5a,0x60,0x15,0x47,0x50,0xa5,0x22,0xc0,0xe9,0xe3,0x8f,0x24,0x24,0x5f,0xb0,0x48,0x3d,0x55,0xe5,0x26,0x76,0x64,0xcd,0x16,0xf4,0x13,0xac,0xfd,0x6e,0x9a,0xdd,0x9f,0x02,0x42,0x41,0x49,0xa5,0x34,0xbe,0xce,0x12,0xb9,0x7b,0xf3,0xbd,0x87,0xb9,0x64,0x0f,0x64,0xb4,0xca,0x98,0x85,0xd3,0xa4,0x71,0x41,0x8c,0x4c,0xc9,0x99,0xaa,0x58,0x27,0xfa,0x07,0xb8,0x00,0xb0,0x6f,0x6f,0x00,0x23,0x92,0x53,0xda,0xad,0xdd,0x91,0xd2,0xfb,0xab,0xd1,0x4b,0x57,0xfa,0x14,0x82,0x50}, + {0x4b,0xfe,0xd6,0x3e,0x15,0x69,0x02,0xc2,0xc4,0x77,0x1d,0x51,0x39,0x67,0x5a,0xa6,0x94,0xaf,0x14,0x2c,0x46,0x26,0xde,0xcb,0x4b,0xa7,0xab,0x6f,0xec,0x60,0xf9,0x22,0xd6,0x03,0xd0,0x53,0xbb,0x15,0x1a,0x46,0x65,0xc9,0xf3,0xbc,0x88,0x28,0x10,0xb2,0x5a,0x3a,0x68,0x6c,0x75,0x76,0xc5,0x27,0x47,0xb4,0x6c,0xc8,0xa4,0x58,0x77,0x3a,0x76,0x50,0xae,0x93,0xf6,0x11,0x81,0x54,0xa6,0x54,0xfd,0x1d,0xdf,0x21,0xae,0x1d,0x65,0x5e,0x11,0xf3,0x90,0x8c,0x24,0x12,0x94,0xf4,0xe7,0x8d,0x5f,0xd1,0x9f,0x5d}, + {0x7f,0x72,0x63,0x6d,0xd3,0x08,0x14,0x03,0x33,0xb5,0xc7,0xd7,0xef,0x9a,0x37,0x6a,0x4b,0xe2,0xae,0xcc,0xc5,0x8f,0xe1,0xa9,0xd3,0xbe,0x8f,0x4f,0x91,0x35,0x2f,0x33,0x1e,0x52,0xd7,0xee,0x2a,0x4d,0x24,0x3f,0x15,0x96,0x2e,0x43,0x28,0x90,0x3a,0x8e,0xd4,0x16,0x9c,0x2e,0x77,0xba,0x64,0xe1,0xd8,0x98,0xeb,0x47,0xfa,0x87,0xc1,0x3b,0x0c,0xc2,0x86,0xea,0x15,0x01,0x47,0x6d,0x25,0xd1,0x46,0x6c,0xcb,0xb7,0x8a,0x99,0x88,0x01,0x66,0x3a,0xb5,0x32,0x78,0xd7,0x03,0xba,0x6f,0x90,0xce,0x81,0x0d,0x45}, + {0x75,0x52,0x20,0xa6,0xa1,0xb6,0x7b,0x6e,0x83,0x8e,0x3c,0x41,0xd7,0x21,0x4f,0xaa,0xb2,0x5c,0x8f,0xe8,0x55,0xd1,0x56,0x6f,0xe1,0x5b,0x34,0xa6,0x4b,0x5d,0xe2,0x2d,0x3f,0x74,0xae,0x1c,0x96,0xd8,0x74,0xd0,0xed,0x63,0x1c,0xee,0xf5,0x18,0x6d,0xf8,0x29,0xed,0xf4,0xe7,0x5b,0xc5,0xbd,0x97,0x08,0xb1,0x3a,0x66,0x79,0xd2,0xba,0x4c,0xcd,0x1f,0xd7,0xa0,0x24,0x90,0xd1,0x80,0xf8,0x8a,0x28,0xfb,0x0a,0xc2,0x25,0xc5,0x19,0x64,0x3a,0x5f,0x4b,0x97,0xa3,0xb1,0x33,0x72,0x00,0xe2,0xef,0xbc,0x7f,0x7d}, + {0x01,0x28,0x6b,0x26,0x6a,0x1e,0xef,0xfa,0x16,0x9f,0x73,0xd5,0xc4,0x68,0x6c,0x86,0x2c,0x76,0x03,0x1b,0xbc,0x2f,0x8a,0xf6,0x8d,0x5a,0xb7,0x87,0x5e,0x43,0x75,0x59,0x94,0x90,0xc2,0xf3,0xc5,0x5d,0x7c,0xcd,0xab,0x05,0x91,0x2a,0x9a,0xa2,0x81,0xc7,0x58,0x30,0x1c,0x42,0x36,0x1d,0xc6,0x80,0xd7,0xd4,0xd8,0xdc,0x96,0xd1,0x9c,0x4f,0x68,0x37,0x7b,0x6a,0xd8,0x97,0x92,0x19,0x63,0x7a,0xd1,0x1a,0x24,0x58,0xd0,0xd0,0x17,0x0c,0x1c,0x5c,0xad,0x9c,0x02,0xba,0x07,0x03,0x7a,0x38,0x84,0xd0,0xcd,0x7c}, + {0x17,0x04,0x26,0x6d,0x2c,0x42,0xa6,0xdc,0xbd,0x40,0x82,0x94,0x50,0x3d,0x15,0xae,0x77,0xc6,0x68,0xfb,0xb4,0xc1,0xc0,0xa9,0x53,0xcf,0xd0,0x61,0xed,0xd0,0x8b,0x42,0x93,0xcc,0x60,0x67,0x18,0x84,0x0c,0x9b,0x99,0x2a,0xb3,0x1a,0x7a,0x00,0xae,0xcd,0x18,0xda,0x0b,0x62,0x86,0xec,0x8d,0xa8,0x44,0xca,0x90,0x81,0x84,0xca,0x93,0x35,0xa7,0x9a,0x84,0x5e,0x9a,0x18,0x13,0x92,0xcd,0xfa,0xd8,0x65,0x35,0xc3,0xd8,0xd4,0xd1,0xbb,0xfd,0x53,0x5b,0x54,0x52,0x8c,0xe6,0x63,0x2d,0xda,0x08,0x83,0x39,0x27}, + {0x13,0xd4,0x5e,0x43,0x28,0x8d,0xc3,0x42,0xc9,0xcc,0x78,0x32,0x60,0xf3,0x50,0xbd,0xef,0x03,0xda,0x79,0x1a,0xab,0x07,0xbb,0x55,0x33,0x8c,0xbe,0xae,0x97,0x95,0x26,0x53,0x24,0x70,0x0a,0x4c,0x0e,0xa1,0xb9,0xde,0x1b,0x7d,0xd5,0x66,0x58,0xa2,0x0f,0xf7,0xda,0x27,0xcd,0xb5,0xd9,0xb9,0xff,0xfd,0x33,0x2c,0x49,0x45,0x29,0x2c,0x57,0xbe,0x30,0xcd,0xd6,0x45,0xc7,0x7f,0xc7,0xfb,0xae,0xba,0xe3,0xd3,0xe8,0xdf,0xe4,0x0c,0xda,0x5d,0xaa,0x30,0x88,0x2c,0xa2,0x80,0xca,0x5b,0xc0,0x98,0x54,0x98,0x7f}, + {0x17,0xe1,0x0b,0x9f,0x88,0xce,0x49,0x38,0x88,0xa2,0x54,0x7b,0x1b,0xad,0x05,0x80,0x1c,0x92,0xfc,0x23,0x9f,0xc3,0xa3,0x3d,0x04,0xf3,0x31,0x0a,0x47,0xec,0xc2,0x76,0x63,0x63,0xbf,0x0f,0x52,0x15,0x56,0xd3,0xa6,0xfb,0x4d,0xcf,0x45,0x5a,0x04,0x08,0xc2,0xa0,0x3f,0x87,0xbc,0x4f,0xc2,0xee,0xe7,0x12,0x9b,0xd6,0x3c,0x65,0xf2,0x30,0x85,0x0c,0xc1,0xaa,0x38,0xc9,0x08,0x8a,0xcb,0x6b,0x27,0xdb,0x60,0x9b,0x17,0x46,0x70,0xac,0x6f,0x0e,0x1e,0xc0,0x20,0xa9,0xda,0x73,0x64,0x59,0xf1,0x73,0x12,0x2f}, + {0x11,0x1e,0xe0,0x8a,0x7c,0xfc,0x39,0x47,0x9f,0xab,0x6a,0x4a,0x90,0x74,0x52,0xfd,0x2e,0x8f,0x72,0x87,0x82,0x8a,0xd9,0x41,0xf2,0x69,0x5b,0xd8,0x2a,0x57,0x9e,0x5d,0xc0,0x0b,0xa7,0x55,0xd7,0x8b,0x48,0x30,0xe7,0x42,0xd4,0xf1,0xa4,0xb5,0xd6,0x06,0x62,0x61,0x59,0xbc,0x9e,0xa6,0xd1,0xea,0x84,0xf7,0xc5,0xed,0x97,0x19,0xac,0x38,0x3b,0xb1,0x51,0xa7,0x17,0xb5,0x66,0x06,0x8c,0x85,0x9b,0x7e,0x86,0x06,0x7d,0x74,0x49,0xde,0x4d,0x45,0x11,0xc0,0xac,0xac,0x9c,0xe6,0xe9,0xbf,0x9c,0xcd,0xdf,0x22}, + {0xd9,0x0c,0x0d,0xc3,0xe0,0xd2,0xdb,0x8d,0x33,0x43,0xbb,0xac,0x5f,0x66,0x8e,0xad,0x1f,0x96,0x2a,0x32,0x8c,0x25,0x6b,0x8f,0xc7,0xc1,0x48,0x54,0xc0,0x16,0x29,0x6b,0xa1,0xe0,0x3b,0x10,0xb4,0x59,0xec,0x56,0x69,0xf9,0x59,0xd2,0xec,0xba,0xe3,0x2e,0x32,0xcd,0xf5,0x13,0x94,0xb2,0x7c,0x79,0x72,0xe4,0xcd,0x24,0x78,0x87,0xe9,0x0f,0x3b,0x91,0xba,0x0a,0xd1,0x34,0xdb,0x7e,0x0e,0xac,0x6d,0x2e,0x82,0xcd,0xa3,0x4e,0x15,0xf8,0x78,0x65,0xff,0x3d,0x08,0x66,0x17,0x0a,0xf0,0x7f,0x30,0x3f,0x30,0x4c}, + {0x85,0x8c,0xb2,0x17,0xd6,0x3b,0x0a,0xd3,0xea,0x3b,0x77,0x39,0xb7,0x77,0xd3,0xc5,0xbf,0x5c,0x6a,0x1e,0x8c,0xe7,0xc6,0xc6,0xc4,0xb7,0x2a,0x8b,0xf7,0xb8,0x61,0x0d,0x00,0x45,0xd9,0x0d,0x58,0x03,0xfc,0x29,0x93,0xec,0xbb,0x6f,0xa4,0x7a,0xd2,0xec,0xf8,0xa7,0xe2,0xc2,0x5f,0x15,0x0a,0x13,0xd5,0xa1,0x06,0xb7,0x1a,0x15,0x6b,0x41,0xb0,0x36,0xc1,0xe9,0xef,0xd7,0xa8,0x56,0x20,0x4b,0xe4,0x58,0xcd,0xe5,0x07,0xbd,0xab,0xe0,0x57,0x1b,0xda,0x2f,0xe6,0xaf,0xd2,0xe8,0x77,0x42,0xf7,0x2a,0x1a,0x19}, + {0x31,0x14,0x3c,0xc5,0x4b,0xf7,0x16,0xce,0xde,0xed,0x72,0x20,0xce,0x25,0x97,0x2b,0xe7,0x3e,0xb2,0xb5,0x6f,0xc3,0xb9,0xb8,0x08,0xc9,0x5c,0x0b,0x45,0x0e,0x2e,0x7e,0xfb,0x0e,0x46,0x4f,0x43,0x2b,0xe6,0x9f,0xd6,0x07,0x36,0xa6,0xd4,0x03,0xd3,0xde,0x24,0xda,0xa0,0xb7,0x0e,0x21,0x52,0xf0,0x93,0x5b,0x54,0x00,0xbe,0x7d,0x7e,0x23,0x30,0xb4,0x01,0x67,0xed,0x75,0x35,0x01,0x10,0xfd,0x0b,0x9f,0xe6,0x94,0x10,0x23,0x22,0x7f,0xe4,0x83,0x15,0x0f,0x32,0x75,0xe3,0x55,0x11,0xb1,0x99,0xa6,0xaf,0x71}, + {0x1d,0xb6,0x53,0x39,0x9b,0x6f,0xce,0x65,0xe6,0x41,0xa1,0xaf,0xea,0x39,0x58,0xc6,0xfe,0x59,0xf7,0xa9,0xfd,0x5f,0x43,0x0f,0x8e,0xc2,0xb1,0xc2,0xe9,0x42,0x11,0x02,0xd6,0x50,0x3b,0x47,0x1c,0x3c,0x42,0xea,0x10,0xef,0x38,0x3b,0x1f,0x7a,0xe8,0x51,0x95,0xbe,0xc9,0xb2,0x5f,0xbf,0x84,0x9b,0x1c,0x9a,0xf8,0x78,0xbc,0x1f,0x73,0x00,0x80,0x18,0xf8,0x48,0x18,0xc7,0x30,0xe4,0x19,0xc1,0xce,0x5e,0x22,0x0c,0x96,0xbf,0xe3,0x15,0xba,0x6b,0x83,0xe0,0xda,0xb6,0x08,0x58,0xe1,0x47,0x33,0x6f,0x4d,0x4c}, + {0xc9,0x1f,0x7d,0xc1,0xcf,0xec,0xf7,0x18,0x14,0x3c,0x40,0x51,0xa6,0xf5,0x75,0x6c,0xdf,0x0c,0xee,0xf7,0x2b,0x71,0xde,0xdb,0x22,0x7a,0xe4,0xa7,0xaa,0xdd,0x3f,0x19,0x70,0x19,0x8f,0x98,0xfc,0xdd,0x0c,0x2f,0x1b,0xf5,0xb9,0xb0,0x27,0x62,0x91,0x6b,0xbe,0x76,0x91,0x77,0xc4,0xb6,0xc7,0x6e,0xa8,0x9f,0x8f,0xa8,0x00,0x95,0xbf,0x38,0x6f,0x87,0xe8,0x37,0x3c,0xc9,0xd2,0x1f,0x2c,0x46,0xd1,0x18,0x5a,0x1e,0xf6,0xa2,0x76,0x12,0x24,0x39,0x82,0xf5,0x80,0x50,0x69,0x49,0x0d,0xbf,0x9e,0xb9,0x6f,0x6a}, + {0xeb,0x55,0x08,0x56,0xbb,0xc1,0x46,0x6a,0x9d,0xf0,0x93,0xf8,0x38,0xbb,0x16,0x24,0xc1,0xac,0x71,0x8f,0x37,0x11,0x1d,0xd7,0xea,0x96,0x18,0xa3,0x14,0x69,0xf7,0x75,0xc6,0x23,0xe4,0xb6,0xb5,0x22,0xb1,0xee,0x8e,0xff,0x86,0xf2,0x10,0x70,0x9d,0x93,0x8c,0x5d,0xcf,0x1d,0x83,0x2a,0xa9,0x90,0x10,0xeb,0xc5,0x42,0x9f,0xda,0x6f,0x13,0xd1,0xbd,0x05,0xa3,0xb1,0xdf,0x4c,0xf9,0x08,0x2c,0xf8,0x9f,0x9d,0x4b,0x36,0x0f,0x8a,0x58,0xbb,0xc3,0xa5,0xd8,0x87,0x2a,0xba,0xdc,0xe8,0x0b,0x51,0x83,0x21,0x02}, + {0x14,0x2d,0xad,0x5e,0x38,0x66,0xf7,0x4a,0x30,0x58,0x7c,0xca,0x80,0xd8,0x8e,0xa0,0x3d,0x1e,0x21,0x10,0xe6,0xa6,0x13,0x0d,0x03,0x6c,0x80,0x7b,0xe1,0x1c,0x07,0x6a,0x7f,0x7a,0x30,0x43,0x01,0x71,0x5a,0x9d,0x5f,0xa4,0x7d,0xc4,0x9e,0xde,0x63,0xb0,0xd3,0x7a,0x92,0xbe,0x52,0xfe,0xbb,0x22,0x6c,0x42,0x40,0xfd,0x41,0xc4,0x87,0x13,0xf8,0x8a,0x97,0x87,0xd1,0xc3,0xd3,0xb5,0x13,0x44,0x0e,0x7f,0x3d,0x5a,0x2b,0x72,0xa0,0x7c,0x47,0xbb,0x48,0x48,0x7b,0x0d,0x92,0xdc,0x1e,0xaf,0x6a,0xb2,0x71,0x31}, + {0xa8,0x4c,0x56,0x97,0x90,0x31,0x2f,0xa9,0x19,0xe1,0x75,0x22,0x4c,0xb8,0x7b,0xff,0x50,0x51,0x87,0xa4,0x37,0xfe,0x55,0x4f,0x5a,0x83,0xf0,0x3c,0x87,0xd4,0x1f,0x22,0xd1,0x47,0x8a,0xb2,0xd8,0xb7,0x0d,0xa6,0xf1,0xa4,0x70,0x17,0xd6,0x14,0xbf,0xa6,0x58,0xbd,0xdd,0x53,0x93,0xf8,0xa1,0xd4,0xe9,0x43,0x42,0x34,0x63,0x4a,0x51,0x6c,0x41,0x63,0x15,0x3a,0x4f,0x20,0x22,0x23,0x2d,0x03,0x0a,0xba,0xe9,0xe0,0x73,0xfb,0x0e,0x03,0x0f,0x41,0x4c,0xdd,0xe0,0xfc,0xaa,0x4a,0x92,0xfb,0x96,0xa5,0xda,0x48}, + {0xc7,0x9c,0xa5,0x5c,0x66,0x8e,0xca,0x6e,0xa0,0xac,0x38,0x2e,0x4b,0x25,0x47,0xa8,0xce,0x17,0x1e,0xd2,0x08,0xc7,0xaf,0x31,0xf7,0x4a,0xd8,0xca,0xfc,0xd6,0x6d,0x67,0x93,0x97,0x4c,0xc8,0x5d,0x1d,0xf6,0x14,0x06,0x82,0x41,0xef,0xe3,0xf9,0x41,0x99,0xac,0x77,0x62,0x34,0x8f,0xb8,0xf5,0xcd,0xa9,0x79,0x8a,0x0e,0xfa,0x37,0xc8,0x58,0x58,0x90,0xfc,0x96,0x85,0x68,0xf9,0x0c,0x1b,0xa0,0x56,0x7b,0xf3,0xbb,0xdc,0x1d,0x6a,0xd6,0x35,0x49,0x7d,0xe7,0xc2,0xdc,0x0a,0x7f,0xa5,0xc6,0xf2,0x73,0x4f,0x1c}, + {0xbb,0xa0,0x5f,0x30,0xbd,0x4f,0x7a,0x0e,0xad,0x63,0xc6,0x54,0xe0,0x4c,0x9d,0x82,0x48,0x38,0xe3,0x2f,0x83,0xc3,0x21,0xf4,0x42,0x4c,0xf6,0x1b,0x0d,0xc8,0x5a,0x79,0x84,0x34,0x7c,0xfc,0x6e,0x70,0x6e,0xb3,0x61,0xcf,0xc1,0xc3,0xb4,0xc9,0xdf,0x73,0xe5,0xc7,0x1c,0x78,0xc9,0x79,0x1d,0xeb,0x5c,0x67,0xaf,0x7d,0xdb,0x9a,0x45,0x70,0xb3,0x2b,0xb4,0x91,0x49,0xdb,0x91,0x1b,0xca,0xdc,0x02,0x4b,0x23,0x96,0x26,0x57,0xdc,0x78,0x8c,0x1f,0xe5,0x9e,0xdf,0x9f,0xd3,0x1f,0xe2,0x8c,0x84,0x62,0xe1,0x5f}, + {0x1a,0x96,0x94,0xe1,0x4f,0x21,0x59,0x4e,0x4f,0xcd,0x71,0x0d,0xc7,0x7d,0xbe,0x49,0x2d,0xf2,0x50,0x3b,0xd2,0xcf,0x00,0x93,0x32,0x72,0x91,0xfc,0x46,0xd4,0x89,0x47,0x08,0xb2,0x7c,0x5d,0x2d,0x85,0x79,0x28,0xe7,0xf2,0x7d,0x68,0x70,0xdd,0xde,0xb8,0x91,0x78,0x68,0x21,0xab,0xff,0x0b,0xdc,0x35,0xaa,0x7d,0x67,0x43,0xc0,0x44,0x2b,0x8e,0xb7,0x4e,0x07,0xab,0x87,0x1c,0x1a,0x67,0xf4,0xda,0x99,0x8e,0xd1,0xc6,0xfa,0x67,0x90,0x4f,0x48,0xcd,0xbb,0xac,0x3e,0xe4,0xa4,0xb9,0x2b,0xef,0x2e,0xc5,0x60}, + {0xf1,0x8b,0xfd,0x3b,0xbc,0x89,0x5d,0x0b,0x1a,0x55,0xf3,0xc9,0x37,0x92,0x6b,0xb0,0xf5,0x28,0x30,0xd5,0xb0,0x16,0x4c,0x0e,0xab,0xca,0xcf,0x2c,0x31,0x9c,0xbc,0x10,0x11,0x6d,0xae,0x7c,0xc2,0xc5,0x2b,0x70,0xab,0x8c,0xa4,0x54,0x9b,0x69,0xc7,0x44,0xb2,0x2e,0x49,0xba,0x56,0x40,0xbc,0xef,0x6d,0x67,0xb6,0xd9,0x48,0x72,0xd7,0x70,0x5b,0xa0,0xc2,0x3e,0x4b,0xe8,0x8a,0xaa,0xe0,0x81,0x17,0xed,0xf4,0x9e,0x69,0x98,0xd1,0x85,0x8e,0x70,0xe4,0x13,0x45,0x79,0x13,0xf4,0x76,0xa9,0xd3,0x5b,0x75,0x63}, + {0x53,0x08,0xd1,0x2a,0x3e,0xa0,0x5f,0xb5,0x69,0x35,0xe6,0x9e,0x90,0x75,0x6f,0x35,0x90,0xb8,0x69,0xbe,0xfd,0xf1,0xf9,0x9f,0x84,0x6f,0xc1,0x8b,0xc4,0xc1,0x8c,0x0d,0xb7,0xac,0xf1,0x97,0x18,0x10,0xc7,0x3d,0xd8,0xbb,0x65,0xc1,0x5e,0x7d,0xda,0x5d,0x0f,0x02,0xa1,0x0f,0x9c,0x5b,0x8e,0x50,0x56,0x2a,0xc5,0x37,0x17,0x75,0x63,0x27,0xa9,0x19,0xb4,0x6e,0xd3,0x02,0x94,0x02,0xa5,0x60,0xb4,0x77,0x7e,0x4e,0xb4,0xf0,0x56,0x49,0x3c,0xd4,0x30,0x62,0xa8,0xcf,0xe7,0x66,0xd1,0x7a,0x8a,0xdd,0xc2,0x70}, + {0x0e,0xec,0x6f,0x9f,0x50,0x94,0x61,0x65,0x8d,0x51,0xc6,0x46,0xa9,0x7e,0x2e,0xee,0x5c,0x9b,0xe0,0x67,0xf3,0xc1,0x33,0x97,0x95,0x84,0x94,0x63,0x63,0xac,0x0f,0x2e,0x13,0x7e,0xed,0xb8,0x7d,0x96,0xd4,0x91,0x7a,0x81,0x76,0xd7,0x0a,0x2f,0x25,0x74,0x64,0x25,0x85,0x0d,0xe0,0x82,0x09,0xe4,0xe5,0x3c,0xa5,0x16,0x38,0x61,0xb8,0x32,0x64,0xcd,0x48,0xe4,0xbe,0xf7,0xe7,0x79,0xd0,0x86,0x78,0x08,0x67,0x3a,0xc8,0x6a,0x2e,0xdb,0xe4,0xa0,0xd9,0xd4,0x9f,0xf8,0x41,0x4f,0x5a,0x73,0x5c,0x21,0x79,0x41}, + {0x2a,0xed,0xdc,0xd7,0xe7,0x94,0x70,0x8c,0x70,0x9c,0xd3,0x47,0xc3,0x8a,0xfb,0x97,0x02,0xd9,0x06,0xa9,0x33,0xe0,0x3b,0xe1,0x76,0x9d,0xd9,0x0c,0xa3,0x44,0x03,0x70,0x34,0xcd,0x6b,0x28,0xb9,0x33,0xae,0xe4,0xdc,0xd6,0x9d,0x55,0xb6,0x7e,0xef,0xb7,0x1f,0x8e,0xd3,0xb3,0x1f,0x14,0x8b,0x27,0x86,0xc2,0x41,0x22,0x66,0x85,0xfa,0x31,0xf4,0x22,0x36,0x2e,0x42,0x6c,0x82,0xaf,0x2d,0x50,0x33,0x98,0x87,0x29,0x20,0xc1,0x23,0x91,0x38,0x2b,0xe1,0xb7,0xc1,0x9b,0x89,0x24,0x95,0xa9,0x12,0x23,0xbb,0x24}, + {0xc3,0x67,0xde,0x32,0x17,0xed,0xa8,0xb1,0x48,0x49,0x1b,0x46,0x18,0x94,0xb4,0x3c,0xd2,0xbc,0xcf,0x76,0x43,0x43,0xbd,0x8e,0x08,0x80,0x18,0x1e,0x87,0x3e,0xee,0x0f,0x6b,0x5c,0xf8,0xf5,0x2a,0x0c,0xf8,0x41,0x94,0x67,0xfa,0x04,0xc3,0x84,0x72,0x68,0xad,0x1b,0xba,0xa3,0x99,0xdf,0x45,0x89,0x16,0x5d,0xeb,0xff,0xf9,0x2a,0x1d,0x0d,0xdf,0x1e,0x62,0x32,0xa1,0x8a,0xda,0xa9,0x79,0x65,0x22,0x59,0xa1,0x22,0xb8,0x30,0x93,0xc1,0x9a,0xa7,0x7b,0x19,0x04,0x40,0x76,0x1d,0x53,0x18,0x97,0xd7,0xac,0x16}, + {0x3d,0x1d,0x9b,0x2d,0xaf,0x72,0xdf,0x72,0x5a,0x24,0x32,0xa4,0x36,0x2a,0x46,0x63,0x37,0x96,0xb3,0x16,0x79,0xa0,0xce,0x3e,0x09,0x23,0x30,0xb9,0xf6,0x0e,0x3e,0x12,0xad,0xb6,0x87,0x78,0xc5,0xc6,0x59,0xc9,0xba,0xfe,0x90,0x5f,0xad,0x9e,0xe1,0x94,0x04,0xf5,0x42,0xa3,0x62,0x4e,0xe2,0x16,0x00,0x17,0x16,0x18,0x4b,0xd3,0x4e,0x16,0x9a,0xe6,0x2f,0x19,0x4c,0xd9,0x7e,0x48,0x13,0x15,0x91,0x3a,0xea,0x2c,0xae,0x61,0x27,0xde,0xa4,0xb9,0xd3,0xf6,0x7b,0x87,0xeb,0xf3,0x73,0x10,0xc6,0x0f,0xda,0x78}, + {0x6a,0xc6,0x2b,0xe5,0x28,0x5d,0xf1,0x5b,0x8e,0x1a,0xf0,0x70,0x18,0xe3,0x47,0x2c,0xdd,0x8b,0xc2,0x06,0xbc,0xaf,0x19,0x24,0x3a,0x17,0x6b,0x25,0xeb,0xde,0x25,0x2d,0x94,0x3a,0x0c,0x68,0xf1,0x80,0x9f,0xa2,0xe6,0xe7,0xe9,0x1a,0x15,0x7e,0xf7,0x71,0x73,0x79,0x01,0x48,0x58,0xf1,0x00,0x11,0xdd,0x8d,0xb3,0x16,0xb3,0xa4,0x4a,0x05,0xb8,0x7c,0x26,0x19,0x8d,0x46,0xc8,0xdf,0xaf,0x4d,0xe5,0x66,0x9c,0x78,0x28,0x0b,0x17,0xec,0x6e,0x66,0x2a,0x1d,0xeb,0x2a,0x60,0xa7,0x7d,0xab,0xa6,0x10,0x46,0x13}, + {0xfe,0xb0,0xf6,0x8d,0xc7,0x8e,0x13,0x51,0x1b,0xf5,0x75,0xe5,0x89,0xda,0x97,0x53,0xb9,0xf1,0x7a,0x71,0x1d,0x7a,0x20,0x09,0x50,0xd6,0x20,0x2b,0xba,0xfd,0x02,0x21,0x15,0xf5,0xd1,0x77,0xe7,0x65,0x2a,0xcd,0xf1,0x60,0xaa,0x8f,0x87,0x91,0x89,0x54,0xe5,0x06,0xbc,0xda,0xbc,0x3b,0xb7,0xb1,0xfb,0xc9,0x7c,0xa9,0xcb,0x78,0x48,0x65,0xa1,0xe6,0x5c,0x05,0x05,0xe4,0x9e,0x96,0x29,0xad,0x51,0x12,0x68,0xa7,0xbc,0x36,0x15,0xa4,0x7d,0xaa,0x17,0xf5,0x1a,0x3a,0xba,0xb2,0xec,0x29,0xdb,0x25,0xd7,0x0a}, + {0x57,0x24,0x4e,0x83,0xb1,0x67,0x42,0xdc,0xc5,0x1b,0xce,0x70,0xb5,0x44,0x75,0xb6,0xd7,0x5e,0xd1,0xf7,0x0b,0x7a,0xf0,0x1a,0x50,0x36,0xa0,0x71,0xfb,0xcf,0xef,0x4a,0x85,0x6f,0x05,0x9b,0x0c,0xbc,0xc7,0xfe,0xd7,0xff,0xf5,0xe7,0x68,0x52,0x7d,0x53,0xfa,0xae,0x12,0x43,0x62,0xc6,0xaf,0x77,0xd9,0x9f,0x39,0x02,0x53,0x5f,0x67,0x4f,0x1e,0x17,0x15,0x04,0x36,0x36,0x2d,0xc3,0x3b,0x48,0x98,0x89,0x11,0xef,0x2b,0xcd,0x10,0x51,0x94,0xd0,0xad,0x6e,0x0a,0x87,0x61,0x65,0xa8,0xa2,0x72,0xbb,0xcc,0x0b}, + {0xc8,0xa9,0xb1,0xea,0x2f,0x96,0x5e,0x18,0xcd,0x7d,0x14,0x65,0x35,0xe6,0xe7,0x86,0xf2,0x6d,0x5b,0xbb,0x31,0xe0,0x92,0xb0,0x3e,0xb7,0xd6,0x59,0xab,0xf0,0x24,0x40,0x96,0x12,0xfe,0x50,0x4c,0x5e,0x6d,0x18,0x7e,0x9f,0xe8,0xfe,0x82,0x7b,0x39,0xe0,0xb0,0x31,0x70,0x50,0xc5,0xf6,0xc7,0x3b,0xc2,0x37,0x8f,0x10,0x69,0xfd,0x78,0x66,0xc2,0x63,0x68,0x63,0x31,0xfa,0x86,0x15,0xf2,0x33,0x2d,0x57,0x48,0x8c,0xf6,0x07,0xfc,0xae,0x9e,0x78,0x9f,0xcc,0x73,0x4f,0x01,0x47,0xad,0x8e,0x10,0xe2,0x42,0x2d}, + {0x9b,0xd2,0xdf,0x94,0x15,0x13,0xf5,0x97,0x6a,0x4c,0x3f,0x31,0x5d,0x98,0x55,0x61,0x10,0x50,0x45,0x08,0x07,0x3f,0xa1,0xeb,0x22,0xd3,0xd2,0xb8,0x08,0x26,0x6b,0x67,0x93,0x75,0x53,0x0f,0x0d,0x7b,0x71,0x21,0x4c,0x06,0x1e,0x13,0x0b,0x69,0x4e,0x91,0x9f,0xe0,0x2a,0x75,0xae,0x87,0xb6,0x1b,0x6e,0x3c,0x42,0x9b,0xa7,0xf3,0x0b,0x42,0x47,0x2b,0x5b,0x1c,0x65,0xba,0x38,0x81,0x80,0x1b,0x1b,0x31,0xec,0xb6,0x71,0x86,0xb0,0x35,0x31,0xbc,0xb1,0x0c,0xff,0x7b,0xe0,0xf1,0x0c,0x9c,0xfa,0x2f,0x5d,0x74}, + {0xbd,0xc8,0xc9,0x2b,0x1e,0x5a,0x52,0xbf,0x81,0x9d,0x47,0x26,0x08,0x26,0x5b,0xea,0xdb,0x55,0x01,0xdf,0x0e,0xc7,0x11,0xd5,0xd0,0xf5,0x0c,0x96,0xeb,0x3c,0xe2,0x1a,0x6a,0x4e,0xd3,0x21,0x57,0xdf,0x36,0x60,0xd0,0xb3,0x7b,0x99,0x27,0x88,0xdb,0xb1,0xfa,0x6a,0x75,0xc8,0xc3,0x09,0xc2,0xd3,0x39,0xc8,0x1d,0x4c,0xe5,0x5b,0xe1,0x06,0x4a,0x99,0x32,0x19,0x87,0x5d,0x72,0x5b,0xb0,0xda,0xb1,0xce,0xb5,0x1c,0x35,0x32,0x05,0xca,0xb7,0xda,0x49,0x15,0xc4,0x7d,0xf7,0xc1,0x8e,0x27,0x61,0xd8,0xde,0x58}, + {0x5c,0xc5,0x66,0xf2,0x93,0x37,0x17,0xd8,0x49,0x4e,0x45,0xcc,0xc5,0x76,0xc9,0xc8,0xa8,0xc3,0x26,0xbc,0xf8,0x82,0xe3,0x5c,0xf9,0xf6,0x85,0x54,0xe8,0x9d,0xf3,0x2f,0xa8,0xc9,0xc2,0xb6,0xa8,0x5b,0xfb,0x2d,0x8c,0x59,0x2c,0xf5,0x8e,0xef,0xee,0x48,0x73,0x15,0x2d,0xf1,0x07,0x91,0x80,0x33,0xd8,0x5b,0x1d,0x53,0x6b,0x69,0xba,0x08,0x7a,0xc5,0xef,0xc3,0xee,0x3e,0xed,0x77,0x11,0x48,0xff,0xd4,0x17,0x55,0xe0,0x04,0xcb,0x71,0xa6,0xf1,0x3f,0x7a,0x3d,0xea,0x54,0xfe,0x7c,0x94,0xb4,0x33,0x06,0x12}, + {0x42,0x00,0x61,0x91,0x78,0x98,0x94,0x0b,0xe8,0xfa,0xeb,0xec,0x3c,0xb1,0xe7,0x4e,0xc0,0xa4,0xf0,0x94,0x95,0x73,0xbe,0x70,0x85,0x91,0xd5,0xb4,0x99,0x0a,0xd3,0x35,0x0a,0x10,0x12,0x49,0x47,0x31,0xbd,0x82,0x06,0xbe,0x6f,0x7e,0x6d,0x7b,0x23,0xde,0xc6,0x79,0xea,0x11,0x19,0x76,0x1e,0xe1,0xde,0x3b,0x39,0xcb,0xe3,0x3b,0x43,0x07,0xf4,0x97,0xe9,0x5c,0xc0,0x44,0x79,0xff,0xa3,0x51,0x5c,0xb0,0xe4,0x3d,0x5d,0x57,0x7c,0x84,0x76,0x5a,0xfd,0x81,0x33,0x58,0x9f,0xda,0xf6,0x7a,0xde,0x3e,0x87,0x2d}, + {0x09,0x34,0x37,0x43,0x64,0x31,0x7a,0x15,0xd9,0x81,0xaa,0xf4,0xee,0xb7,0xb8,0xfa,0x06,0x48,0xa6,0xf5,0xe6,0xfe,0x93,0xb0,0xb6,0xa7,0x7f,0x70,0x54,0x36,0x77,0x2e,0x81,0xf9,0x5d,0x4e,0xe1,0x02,0x62,0xaa,0xf5,0xe1,0x15,0x50,0x17,0x59,0x0d,0xa2,0x6c,0x1d,0xe2,0xba,0xd3,0x75,0xa2,0x18,0x53,0x02,0x60,0x01,0x8a,0x61,0x43,0x05,0xc1,0x23,0x4c,0x97,0xf4,0xbd,0xea,0x0d,0x93,0x46,0xce,0x9d,0x25,0x0a,0x6f,0xaa,0x2c,0xba,0x9a,0xa2,0xb8,0x2c,0x20,0x04,0x0d,0x96,0x07,0x2d,0x36,0x43,0x14,0x4b}, + {0x7a,0x1f,0x6e,0xb6,0xc7,0xb7,0xc4,0xcc,0x7e,0x2f,0x0c,0xf5,0x25,0x7e,0x15,0x44,0x1c,0xaf,0x3e,0x71,0xfc,0x6d,0xf0,0x3e,0xf7,0x63,0xda,0x52,0x67,0x44,0x2f,0x58,0xcb,0x9c,0x52,0x1c,0xe9,0x54,0x7c,0x96,0xfb,0x35,0xc6,0x64,0x92,0x26,0xf6,0x30,0x65,0x19,0x12,0x78,0xf4,0xaf,0x47,0x27,0x5c,0x6f,0xf6,0xea,0x18,0x84,0x03,0x17,0xe4,0x4c,0x32,0x20,0xd3,0x7b,0x31,0xc6,0xc4,0x8b,0x48,0xa4,0xe8,0x42,0x10,0xa8,0x64,0x13,0x5a,0x4e,0x8b,0xf1,0x1e,0xb2,0xc9,0x8d,0xa2,0xcd,0x4b,0x1c,0x2a,0x0c}, + {0x47,0x04,0x1f,0x6f,0xd0,0xc7,0x4d,0xd2,0x59,0xc0,0x87,0xdb,0x3e,0x9e,0x26,0xb2,0x8f,0xd2,0xb2,0xfb,0x72,0x02,0x5b,0xd1,0x77,0x48,0xf6,0xc6,0xd1,0x8b,0x55,0x7c,0x45,0x69,0xbd,0x69,0x48,0x81,0xc4,0xed,0x22,0x8d,0x1c,0xbe,0x7d,0x90,0x6d,0x0d,0xab,0xc5,0x5c,0xd5,0x12,0xd2,0x3b,0xc6,0x83,0xdc,0x14,0xa3,0x30,0x9b,0x6a,0x5a,0x3d,0x46,0x96,0xd3,0x24,0x15,0xec,0xd0,0xf0,0x24,0x5a,0xc3,0x8a,0x62,0xbb,0x12,0xa4,0x5f,0xbc,0x1c,0x79,0x3a,0x0c,0xa5,0xc3,0xaf,0xfb,0x0a,0xca,0xa5,0x04,0x04}, + {0xd6,0x43,0xa7,0x0a,0x07,0x40,0x1f,0x8c,0xe8,0x5e,0x26,0x5b,0xcb,0xd0,0xba,0xcc,0xde,0xd2,0x8f,0x66,0x6b,0x04,0x4b,0x57,0x33,0x96,0xdd,0xca,0xfd,0x5b,0x39,0x46,0xd1,0x6f,0x41,0x2a,0x1b,0x9e,0xbc,0x62,0x8b,0x59,0x50,0xe3,0x28,0xf7,0xc6,0xb5,0x67,0x69,0x5d,0x3d,0xd8,0x3f,0x34,0x04,0x98,0xee,0xf8,0xe7,0x16,0x75,0x52,0x39,0x9c,0x9a,0x5d,0x1a,0x2d,0xdb,0x7f,0x11,0x2a,0x5c,0x00,0xd1,0xbc,0x45,0x77,0x9c,0xea,0x6f,0xd5,0x54,0xf1,0xbe,0xd4,0xef,0x16,0xd0,0x22,0xe8,0x29,0x9a,0x57,0x76}, + {0x17,0x2a,0xc0,0x49,0x7e,0x8e,0xb6,0x45,0x7f,0xa3,0xa9,0xbc,0xa2,0x51,0xcd,0x23,0x1b,0x4c,0x22,0xec,0x11,0x5f,0xd6,0x3e,0xb1,0xbd,0x05,0x9e,0xdc,0x84,0xa3,0x43,0xf2,0x34,0xb4,0x52,0x13,0xb5,0x3c,0x33,0xe1,0x80,0xde,0x93,0x49,0x28,0x32,0xd8,0xce,0x35,0x0d,0x75,0x87,0x28,0x51,0xb5,0xc1,0x77,0x27,0x2a,0xbb,0x14,0xc5,0x02,0x45,0xb6,0xf1,0x8b,0xda,0xd5,0x4b,0x68,0x53,0x4b,0xb5,0xf6,0x7e,0xd3,0x8b,0xfb,0x53,0xd2,0xb0,0xa9,0xd7,0x16,0x39,0x31,0x59,0x80,0x54,0x61,0x09,0x92,0x60,0x11}, + {0xaa,0xcf,0xda,0x29,0x69,0x16,0x4d,0xb4,0x8f,0x59,0x13,0x84,0x4c,0x9f,0x52,0xda,0x59,0x55,0x3d,0x45,0xca,0x63,0xef,0xe9,0x0b,0x8e,0x69,0xc5,0x5b,0x12,0x1e,0x35,0xcd,0x4d,0x9b,0x36,0x16,0x56,0x38,0x7a,0x63,0x35,0x5c,0x65,0xa7,0x2c,0xc0,0x75,0x21,0x80,0xf1,0xd4,0xf9,0x1b,0xc2,0x7d,0x42,0xe0,0xe6,0x91,0x74,0x7d,0x63,0x2f,0xbe,0x7b,0xf6,0x1a,0x46,0x9b,0xb4,0xd4,0x61,0x89,0xab,0xc8,0x7a,0x03,0x03,0xd6,0xfb,0x99,0xa6,0xf9,0x9f,0xe1,0xde,0x71,0x9a,0x2a,0xce,0xe7,0x06,0x2d,0x18,0x7f}, + {0xec,0x68,0x01,0xab,0x64,0x8e,0x7c,0x7a,0x43,0xc5,0xed,0x15,0x55,0x4a,0x5a,0xcb,0xda,0x0e,0xcd,0x47,0xd3,0x19,0x55,0x09,0xb0,0x93,0x3e,0x34,0x8c,0xac,0xd4,0x67,0x22,0x75,0x21,0x8e,0x72,0x4b,0x45,0x09,0xd8,0xb8,0x84,0xd4,0xf4,0xe8,0x58,0xaa,0x3c,0x90,0x46,0x7f,0x4d,0x25,0x58,0xd3,0x17,0x52,0x1c,0x24,0x43,0xc0,0xac,0x44,0x77,0x57,0x7a,0x4f,0xbb,0x6b,0x7d,0x1c,0xe1,0x13,0x83,0x91,0xd4,0xfe,0x35,0x8b,0x84,0x46,0x6b,0xc9,0xc6,0xa1,0xdc,0x4a,0xbd,0x71,0xad,0x12,0x83,0x1c,0x6d,0x55}, + {0x82,0x39,0x8d,0x0c,0xe3,0x40,0xef,0x17,0x34,0xfa,0xa3,0x15,0x3e,0x07,0xf7,0x31,0x6e,0x64,0x73,0x07,0xcb,0xf3,0x21,0x4f,0xff,0x4e,0x82,0x1d,0x6d,0x6c,0x6c,0x74,0x21,0xe8,0x1b,0xb1,0x56,0x67,0xf0,0x81,0xdd,0xf3,0xa3,0x10,0x23,0xf8,0xaf,0x0f,0x5d,0x46,0x99,0x6a,0x55,0xd0,0xb2,0xf8,0x05,0x7f,0x8c,0xcc,0x38,0xbe,0x7a,0x09,0xa4,0x2d,0xa5,0x7e,0x87,0xc9,0x49,0x0c,0x43,0x1d,0xdc,0x9b,0x55,0x69,0x43,0x4c,0xd2,0xeb,0xcc,0xf7,0x09,0x38,0x2c,0x02,0xbd,0x84,0xee,0x4b,0xa3,0x14,0x7e,0x57}, + {0x0a,0x3b,0xa7,0x61,0xac,0x68,0xe2,0xf0,0xf5,0xa5,0x91,0x37,0x10,0xfa,0xfa,0xf2,0xe9,0x00,0x6d,0x6b,0x82,0x3e,0xe1,0xc1,0x42,0x8f,0xd7,0x6f,0xe9,0x7e,0xfa,0x60,0x2b,0xd7,0x4d,0xbd,0xbe,0xce,0xfe,0x94,0x11,0x22,0x0f,0x06,0xda,0x4f,0x6a,0xf4,0xff,0xd1,0xc8,0xc0,0x77,0x59,0x4a,0x12,0x95,0x92,0x00,0xfb,0xb8,0x04,0x53,0x70,0xc6,0x6e,0x29,0x4d,0x35,0x1d,0x3d,0xb6,0xd8,0x31,0xad,0x5f,0x3e,0x05,0xc3,0xf3,0xec,0x42,0xbd,0xb4,0x8c,0x95,0x0b,0x67,0xfd,0x53,0x63,0xa1,0x0c,0x8e,0x39,0x21}, + {0xf3,0x33,0x2b,0x38,0x8a,0x05,0xf5,0x89,0xb4,0xc0,0x48,0xad,0x0b,0xba,0xe2,0x5a,0x6e,0xb3,0x3d,0xa5,0x03,0xb5,0x93,0x8f,0xe6,0x32,0xa2,0x95,0x9d,0xed,0xa3,0x5a,0x01,0x56,0xb7,0xb4,0xf9,0xaa,0x98,0x27,0x72,0xad,0x8d,0x5c,0x13,0x72,0xac,0x5e,0x23,0xa0,0xb7,0x61,0x61,0xaa,0xce,0xd2,0x4e,0x7d,0x8f,0xe9,0x84,0xb2,0xbf,0x1b,0x61,0x65,0xd9,0xc7,0xe9,0x77,0x67,0x65,0x36,0x80,0xc7,0x72,0x54,0x12,0x2b,0xcb,0xee,0x6e,0x50,0xd9,0x99,0x32,0x05,0x65,0xcc,0x57,0x89,0x5e,0x4e,0xe1,0x07,0x4a}, + {0x99,0xf9,0x0d,0x98,0xcb,0x12,0xe4,0x4e,0x71,0xc7,0x6e,0x3c,0x6f,0xd7,0x15,0xa3,0xfd,0x77,0x5c,0x92,0xde,0xed,0xa5,0xbb,0x02,0x34,0x31,0x1d,0x39,0xac,0x0b,0x3f,0x9b,0xa4,0x77,0xc4,0xcd,0x58,0x0b,0x24,0x17,0xf0,0x47,0x64,0xde,0xda,0x38,0xfd,0xad,0x6a,0xc8,0xa7,0x32,0x8d,0x92,0x19,0x81,0xa0,0xaf,0x84,0xed,0x7a,0xaf,0x50,0xe5,0x5b,0xf6,0x15,0x01,0xde,0x4f,0x6e,0xb2,0x09,0x61,0x21,0x21,0x26,0x98,0x29,0xd9,0xd6,0xad,0x0b,0x81,0x05,0x02,0x78,0x06,0xd0,0xeb,0xba,0x16,0xa3,0x21,0x19}, + {0xfc,0x70,0xb8,0xdf,0x7e,0x2f,0x42,0x89,0xbd,0xb3,0x76,0x4f,0xeb,0x6b,0x29,0x2c,0xf7,0x4d,0xc2,0x36,0xd4,0xf1,0x38,0x07,0xb0,0xae,0x73,0xe2,0x41,0xdf,0x58,0x64,0x8b,0xc1,0xf3,0xd9,0x9a,0xad,0x5a,0xd7,0x9c,0xc1,0xb1,0x60,0xef,0x0e,0x6a,0x56,0xd9,0x0e,0x5c,0x25,0xac,0x0b,0x9a,0x3e,0xf5,0xc7,0x62,0xa0,0xec,0x9d,0x04,0x7b,0x83,0x44,0x44,0x35,0x7a,0xe3,0xcb,0xdc,0x93,0xbe,0xed,0x0f,0x33,0x79,0x88,0x75,0x87,0xdd,0xc5,0x12,0xc3,0x04,0x60,0x78,0x64,0x0e,0x95,0xc2,0xcb,0xdc,0x93,0x60}, + {0x6d,0x70,0xe0,0x85,0x85,0x9a,0xf3,0x1f,0x33,0x39,0xe7,0xb3,0xd8,0xa5,0xd0,0x36,0x3b,0x45,0x8f,0x71,0xe1,0xf2,0xb9,0x43,0x7c,0xa9,0x27,0x48,0x08,0xea,0xd1,0x57,0x4b,0x03,0x84,0x60,0xbe,0xee,0xde,0x6b,0x54,0xb8,0x0f,0x78,0xb6,0xc2,0x99,0x31,0x95,0x06,0x2d,0xb6,0xab,0x76,0x33,0x97,0x90,0x7d,0x64,0x8b,0xc9,0x80,0x31,0x6e,0x71,0xb0,0x28,0xa1,0xe7,0xb6,0x7a,0xee,0xaa,0x8b,0xa8,0x93,0x6d,0x59,0xc1,0xa4,0x30,0x61,0x21,0xb2,0x82,0xde,0xb4,0xf7,0x18,0xbd,0x97,0xdd,0x9d,0x99,0x3e,0x36}, + {0xc4,0x1f,0xee,0x35,0xc1,0x43,0xa8,0x96,0xcf,0xc8,0xe4,0x08,0x55,0xb3,0x6e,0x97,0x30,0xd3,0x8c,0xb5,0x01,0x68,0x2f,0xb4,0x2b,0x05,0x3a,0x69,0x78,0x9b,0xee,0x48,0xc6,0xae,0x4b,0xe2,0xdc,0x48,0x18,0x2f,0x60,0xaf,0xbc,0xba,0x55,0x72,0x9b,0x76,0x31,0xe9,0xef,0x3c,0x6e,0x3c,0xcb,0x90,0x55,0xb3,0xf9,0xc6,0x9b,0x97,0x1f,0x23,0xc6,0xf3,0x2a,0xcc,0x4b,0xde,0x31,0x5c,0x1f,0x8d,0x20,0xfe,0x30,0xb0,0x4b,0xb0,0x66,0xb4,0x4f,0xc1,0x09,0x70,0x8d,0xb7,0x13,0x24,0x79,0x08,0x9b,0xfa,0x9b,0x07}, + {0xf4,0x0d,0x30,0xda,0x51,0x3a,0x90,0xe3,0xb0,0x5a,0xa9,0x3d,0x23,0x64,0x39,0x84,0x80,0x64,0x35,0x0b,0x2d,0xf1,0x3c,0xed,0x94,0x71,0x81,0x84,0xf6,0x77,0x8c,0x03,0x45,0x42,0xd5,0xa2,0x80,0xed,0xc9,0xf3,0x52,0x39,0xf6,0x77,0x78,0x8b,0xa0,0x0a,0x75,0x54,0x08,0xd1,0x63,0xac,0x6d,0xd7,0x6b,0x63,0x70,0x94,0x15,0xfb,0xf4,0x1e,0xec,0x7b,0x16,0x5b,0xe6,0x5e,0x4e,0x85,0xc2,0xcd,0xd0,0x96,0x42,0x0a,0x59,0x59,0x99,0x21,0x10,0x98,0x34,0xdf,0xb2,0x72,0x56,0xff,0x0b,0x4a,0x2a,0xe9,0x5e,0x57}, + {0xcf,0x2f,0x18,0x8a,0x90,0x80,0xc0,0xd4,0xbd,0x9d,0x48,0x99,0xc2,0x70,0xe1,0x30,0xde,0x33,0xf7,0x52,0x57,0xbd,0xba,0x05,0x00,0xfd,0xd3,0x2c,0x11,0xe7,0xd4,0x43,0x01,0xd8,0xa4,0x0a,0x45,0xbc,0x46,0x5d,0xd8,0xb9,0x33,0xa5,0x27,0x12,0xaf,0xc3,0xc2,0x06,0x89,0x2b,0x26,0x3b,0x9e,0x38,0x1b,0x58,0x2f,0x38,0x7e,0x1e,0x0a,0x20,0xc5,0x3a,0xf9,0xea,0x67,0xb9,0x8d,0x51,0xc0,0x52,0x66,0x05,0x9b,0x98,0xbc,0x71,0xf5,0x97,0x71,0x56,0xd9,0x85,0x2b,0xfe,0x38,0x4e,0x1e,0x65,0x52,0xca,0x0e,0x05}, + {0x9c,0x0c,0x3f,0x45,0xde,0x1a,0x43,0xc3,0x9b,0x3b,0x70,0xff,0x5e,0x04,0xf5,0xe9,0x3d,0x7b,0x84,0xed,0xc9,0x7a,0xd9,0xfc,0xc6,0xf4,0x58,0x1c,0xc2,0xe6,0x0e,0x4b,0xea,0x68,0xe6,0x60,0x76,0x39,0xac,0x97,0x97,0xb4,0x3a,0x15,0xfe,0xbb,0x19,0x9b,0x9f,0xa7,0xec,0x34,0xb5,0x79,0xb1,0x4c,0x57,0xae,0x31,0xa1,0x9f,0xc0,0x51,0x61,0x96,0x5d,0xf0,0xfd,0x0d,0x5c,0xf5,0x3a,0x7a,0xee,0xb4,0x2a,0xe0,0x2e,0x26,0xdd,0x09,0x17,0x17,0x12,0x87,0xbb,0xb2,0x11,0x0b,0x03,0x0f,0x80,0xfa,0x24,0xef,0x1f}, + {0x96,0x31,0xa7,0x1a,0xfb,0x53,0xd6,0x37,0x18,0x64,0xd7,0x3f,0x30,0x95,0x94,0x0f,0xb2,0x17,0x3a,0xfb,0x09,0x0b,0x20,0xad,0x3e,0x61,0xc8,0x2f,0x29,0x49,0x4d,0x54,0x86,0x6b,0x97,0x30,0xf5,0xaf,0xd2,0x22,0x04,0x46,0xd2,0xc2,0x06,0xb8,0x90,0x8d,0xe5,0xba,0xe5,0x4d,0x6c,0x89,0xa1,0xdc,0x17,0x0c,0x34,0xc8,0xe6,0x5f,0x00,0x28,0x88,0x86,0x52,0x34,0x9f,0xba,0xef,0x6a,0xa1,0x7d,0x10,0x25,0x94,0xff,0x1b,0x5c,0x36,0x4b,0xd9,0x66,0xcd,0xbb,0x5b,0xf7,0xfa,0x6d,0x31,0x0f,0x93,0x72,0xe4,0x72}, + {0x4f,0x08,0x81,0x97,0x8c,0x20,0x95,0x26,0xe1,0x0e,0x45,0x23,0x0b,0x2a,0x50,0xb1,0x02,0xde,0xef,0x03,0xa6,0xae,0x9d,0xfd,0x4c,0xa3,0x33,0x27,0x8c,0x2e,0x9d,0x5a,0x27,0x76,0x2a,0xd3,0x35,0xf6,0xf3,0x07,0xf0,0x66,0x65,0x5f,0x86,0x4d,0xaa,0x7a,0x50,0x44,0xd0,0x28,0x97,0xe7,0x85,0x3c,0x38,0x64,0xe0,0x0f,0x00,0x7f,0xee,0x1f,0xe5,0xf7,0xdb,0x03,0xda,0x05,0x53,0x76,0xbd,0xcd,0x34,0x14,0x49,0xf2,0xda,0xa4,0xec,0x88,0x4a,0xd2,0xcd,0xd5,0x4a,0x7b,0x43,0x05,0x04,0xee,0x51,0x40,0xf9,0x00}, + {0xb2,0x30,0xd3,0xc3,0x23,0x6b,0x35,0x8d,0x06,0x1b,0x47,0xb0,0x9b,0x8b,0x1c,0xf2,0x3c,0xb8,0x42,0x6e,0x6c,0x31,0x6c,0xb3,0x0d,0xb1,0xea,0x8b,0x7e,0x9c,0xd7,0x07,0x53,0x97,0xaf,0x07,0xbb,0x93,0xef,0xd7,0xa7,0x66,0xb7,0x3d,0xcf,0xd0,0x3e,0x58,0xc5,0x1e,0x0b,0x6e,0xbf,0x98,0x69,0xce,0x52,0x04,0xd4,0x5d,0xd2,0xff,0xb7,0x47,0x12,0xdd,0x08,0xbc,0x9c,0xfb,0xfb,0x87,0x9b,0xc2,0xee,0xe1,0x3a,0x6b,0x06,0x8a,0xbf,0xc1,0x1f,0xdb,0x2b,0x24,0x57,0x0d,0xb6,0x4b,0xa6,0x5e,0xa3,0x20,0x35,0x1c}, + {0x4a,0xa3,0xcb,0xbc,0xa6,0x53,0xd2,0x80,0x9b,0x21,0x38,0x38,0xa1,0xc3,0x61,0x3e,0x96,0xe3,0x82,0x98,0x01,0xb6,0xc3,0x90,0x6f,0xe6,0x0e,0x5d,0x77,0x05,0x3d,0x1c,0x59,0xc0,0x6b,0x21,0x40,0x6f,0xa8,0xcd,0x7e,0xd8,0xbc,0x12,0x1d,0x23,0xbb,0x1f,0x90,0x09,0xc7,0x17,0x9e,0x6a,0x95,0xb4,0x55,0x2e,0xd1,0x66,0x3b,0x0c,0x75,0x38,0x1a,0xe5,0x22,0x94,0x40,0xf1,0x2e,0x69,0x71,0xf6,0x5d,0x2b,0x3c,0xc7,0xc0,0xcb,0x29,0xe0,0x4c,0x74,0xe7,0x4f,0x01,0x21,0x7c,0x48,0x30,0xd3,0xc7,0xe2,0x21,0x06}, + {0x8d,0x83,0x59,0x82,0xcc,0x60,0x98,0xaf,0xdc,0x9a,0x9f,0xc6,0xc1,0x48,0xea,0x90,0x30,0x1e,0x58,0x65,0x37,0x48,0x26,0x65,0xbc,0xa5,0xd3,0x7b,0x09,0xd6,0x07,0x00,0xf3,0xf0,0xdb,0xb0,0x96,0x17,0xae,0xb7,0x96,0xe1,0x7c,0xe1,0xb9,0xaf,0xdf,0x54,0xb4,0xa3,0xaa,0xe9,0x71,0x30,0x92,0x25,0x9d,0x2e,0x00,0xa1,0x9c,0x58,0x8e,0x5d,0x4b,0xa9,0x42,0x08,0x95,0x1d,0xbf,0xc0,0x3e,0x2e,0x8f,0x58,0x63,0xc3,0xd3,0xb2,0xef,0xe2,0x51,0xbb,0x38,0x14,0x96,0x0a,0x86,0xbf,0x1c,0x3c,0x78,0xd7,0x83,0x15}, + {0xe1,0x7a,0xa2,0x5d,0xef,0xa2,0xee,0xec,0x74,0x01,0x67,0x55,0x14,0x3a,0x7c,0x59,0x7a,0x16,0x09,0x66,0x12,0x2a,0xa6,0xc9,0x70,0x8f,0xed,0x81,0x2e,0x5f,0x2a,0x25,0xc7,0x28,0x9d,0xcc,0x04,0x47,0x03,0x90,0x8f,0xc5,0x2c,0xf7,0x9e,0x67,0x1b,0x1d,0x26,0x87,0x5b,0xbe,0x5f,0x2b,0xe1,0x16,0x0a,0x58,0xc5,0x83,0x4e,0x06,0x58,0x49,0x0d,0xe8,0x66,0x50,0x26,0x94,0x28,0x0d,0x6b,0x8c,0x7c,0x30,0x85,0xf7,0xc3,0xfc,0xfd,0x12,0x11,0x0c,0x78,0xda,0x53,0x1b,0x88,0xb3,0x43,0xd8,0x0b,0x17,0x9c,0x07}, + {0xff,0x6f,0xfa,0x64,0xe4,0xec,0x06,0x05,0x23,0xe5,0x05,0x62,0x1e,0x43,0xe3,0xbe,0x42,0xea,0xb8,0x51,0x24,0x42,0x79,0x35,0x00,0xfb,0xc9,0x4a,0xe3,0x05,0xec,0x6d,0x56,0xd0,0xd5,0xc0,0x50,0xcd,0xd6,0xcd,0x3b,0x57,0x03,0xbb,0x6d,0x68,0xf7,0x9a,0x48,0xef,0xc3,0xf3,0x3f,0x72,0xa6,0x3c,0xcc,0x8a,0x7b,0x31,0xd7,0xc0,0x68,0x67,0xb3,0xc1,0x55,0xf1,0xe5,0x25,0xb6,0x94,0x91,0x7b,0x7b,0x99,0xa7,0xf3,0x7b,0x41,0x00,0x26,0x6b,0x6d,0xdc,0xbd,0x2c,0xc2,0xf4,0x52,0xcd,0xdd,0x14,0x5e,0x44,0x51}, + {0x51,0x49,0x14,0x3b,0x4b,0x2b,0x50,0x57,0xb3,0xbc,0x4b,0x44,0x6b,0xff,0x67,0x8e,0xdb,0x85,0x63,0x16,0x27,0x69,0xbd,0xb8,0xc8,0x95,0x92,0xe3,0x31,0x6f,0x18,0x13,0x55,0xa4,0xbe,0x2b,0xab,0x47,0x31,0x89,0x29,0x91,0x07,0x92,0x4f,0xa2,0x53,0x8c,0xa7,0xf7,0x30,0xbe,0x48,0xf9,0x49,0x4b,0x3d,0xd4,0x4f,0x6e,0x08,0x90,0xe9,0x12,0x2e,0xbb,0xdf,0x7f,0xb3,0x96,0x0c,0xf1,0xf9,0xea,0x1c,0x12,0x5e,0x93,0x9a,0x9f,0x3f,0x98,0x5b,0x3a,0xc4,0x36,0x11,0xdf,0xaf,0x99,0x3e,0x5d,0xf0,0xe3,0xb2,0x77}, + {0xde,0xc4,0x2e,0x9c,0xc5,0xa9,0x6f,0x29,0xcb,0xf3,0x84,0x4f,0xbf,0x61,0x8b,0xbc,0x08,0xf9,0xa8,0x17,0xd9,0x06,0x77,0x1c,0x5d,0x25,0xd3,0x7a,0xfc,0x95,0xb7,0x63,0xa4,0xb0,0xdd,0x12,0x9c,0x63,0x98,0xd5,0x6b,0x86,0x24,0xc0,0x30,0x9f,0xd1,0xa5,0x60,0xe4,0xfc,0x58,0x03,0x2f,0x7c,0xd1,0x8a,0x5e,0x09,0x2e,0x15,0x95,0xa1,0x07,0xc8,0x5f,0x9e,0x38,0x02,0x8f,0x36,0xa8,0x3b,0xe4,0x8d,0xcf,0x02,0x3b,0x43,0x90,0x43,0x26,0x41,0xc5,0x5d,0xfd,0xa1,0xaf,0x37,0x01,0x2f,0x03,0x3d,0xe8,0x8f,0x3e}, + {0x94,0xa2,0x70,0x05,0xb9,0x15,0x8b,0x2f,0x49,0x45,0x08,0x67,0x70,0x42,0xf2,0x94,0x84,0xfd,0xbb,0x61,0xe1,0x5a,0x1c,0xde,0x07,0x40,0xac,0x7f,0x79,0x3b,0xba,0x75,0x3c,0xd1,0xef,0xe8,0x8d,0x4c,0x70,0x08,0x31,0x37,0xe0,0x33,0x8e,0x1a,0xc5,0xdf,0xe3,0xcd,0x60,0x12,0xa5,0x5d,0x9d,0xa5,0x86,0x8c,0x25,0xa6,0x99,0x08,0xd6,0x22,0x96,0xd1,0xcd,0x70,0xc0,0xdb,0x39,0x62,0x9a,0x8a,0x7d,0x6c,0x8b,0x8a,0xfe,0x60,0x60,0x12,0x40,0xeb,0xbc,0x47,0x88,0xb3,0x5e,0x9e,0x77,0x87,0x7b,0xd0,0x04,0x09}, + {0x9c,0x91,0xba,0xdd,0xd4,0x1f,0xce,0xb4,0xaa,0x8d,0x4c,0xc7,0x3e,0xdb,0x31,0xcf,0x51,0xcc,0x86,0xad,0x63,0xcc,0x63,0x2c,0x07,0xde,0x1d,0xbc,0x3f,0x14,0xe2,0x43,0xb9,0x40,0xf9,0x48,0x66,0x2d,0x32,0xf4,0x39,0x0c,0x2d,0xbd,0x0c,0x2f,0x95,0x06,0x31,0xf9,0x81,0xa0,0xad,0x97,0x76,0x16,0x6c,0x2a,0xf7,0xba,0xce,0xaa,0x40,0x62,0xa0,0x95,0xa2,0x5b,0x9c,0x74,0x34,0xf8,0x5a,0xd2,0x37,0xca,0x5b,0x7c,0x94,0xd6,0x6a,0x31,0xc9,0xe7,0xa7,0x3b,0xf1,0x66,0xac,0x0c,0xb4,0x8d,0x23,0xaf,0xbd,0x56}, + {0xeb,0x33,0x35,0xf5,0xe3,0xb9,0x2a,0x36,0x40,0x3d,0xb9,0x6e,0xd5,0x68,0x85,0x33,0x72,0x55,0x5a,0x1d,0x52,0x14,0x0e,0x9e,0x18,0x13,0x74,0x83,0x6d,0xa8,0x24,0x1d,0xb2,0x3b,0x9d,0xc1,0x6c,0xd3,0x10,0x13,0xb9,0x86,0x23,0x62,0xb7,0x6b,0x2a,0x06,0x5c,0x4f,0xa1,0xd7,0x91,0x85,0x9b,0x7c,0x54,0x57,0x1e,0x7e,0x50,0x31,0xaa,0x03,0x1f,0xce,0xd4,0xff,0x48,0x76,0xec,0xf4,0x1c,0x8c,0xac,0x54,0xf0,0xea,0x45,0xe0,0x7c,0x35,0x09,0x1d,0x82,0x25,0xd2,0x88,0x59,0x48,0xeb,0x9a,0xdc,0x61,0xb2,0x43}, + {0xbb,0x79,0xbb,0x88,0x19,0x1e,0x5b,0xe5,0x9d,0x35,0x7a,0xc1,0x7d,0xd0,0x9e,0xa0,0x33,0xea,0x3d,0x60,0xe2,0x2e,0x2c,0xb0,0xc2,0x6b,0x27,0x5b,0xcf,0x55,0x60,0x32,0x64,0x13,0x95,0x6c,0x8b,0x3d,0x51,0x19,0x7b,0xf4,0x0b,0x00,0x26,0x71,0xfe,0x94,0x67,0x95,0x4f,0xd5,0xdd,0x10,0x8d,0x02,0x64,0x09,0x94,0x42,0xe2,0xd5,0xb4,0x02,0xf2,0x8d,0xd1,0x28,0xcb,0x55,0xa1,0xb4,0x08,0xe5,0x6c,0x18,0x46,0x46,0xcc,0xea,0x89,0x43,0x82,0x6c,0x93,0xf4,0x9c,0xc4,0x10,0x34,0x5d,0xae,0x09,0xc8,0xa6,0x27}, + {0x88,0xb1,0x0d,0x1f,0xcd,0xeb,0xa6,0x8b,0xe8,0x5b,0x5a,0x67,0x3a,0xd7,0xd3,0x37,0x5a,0x58,0xf5,0x15,0xa3,0xdf,0x2e,0xf2,0x7e,0xa1,0x60,0xff,0x74,0x71,0xb6,0x2c,0x54,0x69,0x3d,0xc4,0x0a,0x27,0x2c,0xcd,0xb2,0xca,0x66,0x6a,0x57,0x3e,0x4a,0xdd,0x6c,0x03,0xd7,0x69,0x24,0x59,0xfa,0x79,0x99,0x25,0x8c,0x3d,0x60,0x03,0x15,0x22,0xd0,0xe1,0x0b,0x39,0xf9,0xcd,0xee,0x59,0xf1,0xe3,0x8c,0x72,0x44,0x20,0x42,0xa9,0xf4,0xf0,0x94,0x7a,0x66,0x1c,0x89,0x82,0x36,0xf4,0x90,0x38,0xb7,0xf4,0x1d,0x7b}, + {0x24,0xa2,0xb2,0xb3,0xe0,0xf2,0x92,0xe4,0x60,0x11,0x55,0x2b,0x06,0x9e,0x6c,0x7c,0x0e,0x7b,0x7f,0x0d,0xe2,0x8f,0xeb,0x15,0x92,0x59,0xfc,0x58,0x26,0xef,0xfc,0x61,0x8c,0xf5,0xf8,0x07,0x18,0x22,0x2e,0x5f,0xd4,0x09,0x94,0xd4,0x9f,0x5c,0x55,0xe3,0x30,0xa6,0xb6,0x1f,0x8d,0xa8,0xaa,0xb2,0x3d,0xe0,0x52,0xd3,0x45,0x82,0x69,0x68,0x7a,0x18,0x18,0x2a,0x85,0x5d,0xb1,0xdb,0xd7,0xac,0xdd,0x86,0xd3,0xaa,0xe4,0xf3,0x82,0xc4,0xf6,0x0f,0x81,0xe2,0xba,0x44,0xcf,0x01,0xaf,0x3d,0x47,0x4c,0xcf,0x46}, + {0xf9,0xe5,0xc4,0x9e,0xed,0x25,0x65,0x42,0x03,0x33,0x90,0x16,0x01,0xda,0x5e,0x0e,0xdc,0xca,0xe5,0xcb,0xf2,0xa7,0xb1,0x72,0x40,0x5f,0xeb,0x14,0xcd,0x7b,0x38,0x29,0x40,0x81,0x49,0xf1,0xa7,0x6e,0x3c,0x21,0x54,0x48,0x2b,0x39,0xf8,0x7e,0x1e,0x7c,0xba,0xce,0x29,0x56,0x8c,0xc3,0x88,0x24,0xbb,0xc5,0x8c,0x0d,0xe5,0xaa,0x65,0x10,0x57,0x0d,0x20,0xdf,0x25,0x45,0x2c,0x1c,0x4a,0x67,0xca,0xbf,0xd6,0x2d,0x3b,0x5c,0x30,0x40,0x83,0xe1,0xb1,0xe7,0x07,0x0a,0x16,0xe7,0x1c,0x4f,0xe6,0x98,0xa1,0x69}, + {0xbc,0x78,0x1a,0xd9,0xe0,0xb2,0x62,0x90,0x67,0x96,0x50,0xc8,0x9c,0x88,0xc9,0x47,0xb8,0x70,0x50,0x40,0x66,0x4a,0xf5,0x9d,0xbf,0xa1,0x93,0x24,0xa9,0xe6,0x69,0x73,0xed,0xca,0xc5,0xdc,0x34,0x44,0x01,0xe1,0x33,0xfb,0x84,0x3c,0x96,0x5d,0xed,0x47,0xe7,0xa0,0x86,0xed,0x76,0x95,0x01,0x70,0xe4,0xf9,0x67,0xd2,0x7b,0x69,0xb2,0x25,0x64,0x68,0x98,0x13,0xfb,0x3f,0x67,0x9d,0xb8,0xc7,0x5d,0x41,0xd9,0xfb,0xa5,0x3c,0x5e,0x3b,0x27,0xdf,0x3b,0xcc,0x4e,0xe0,0xd2,0x4c,0x4e,0xb5,0x3d,0x68,0x20,0x14}, + {0x97,0xd1,0x9d,0x24,0x1e,0xbd,0x78,0xb4,0x02,0xc1,0x58,0x5e,0x00,0x35,0x0c,0x62,0x5c,0xac,0xba,0xcc,0x2f,0xd3,0x02,0xfb,0x2d,0xa7,0x08,0xf5,0xeb,0x3b,0xb6,0x60,0xd0,0x5a,0xcc,0xc1,0x6f,0xbb,0xee,0x34,0x8b,0xac,0x46,0x96,0xe9,0x0c,0x1b,0x6a,0x53,0xde,0x6b,0xa6,0x49,0xda,0xb0,0xd3,0xc1,0x81,0xd0,0x61,0x41,0x3b,0xe8,0x31,0x4f,0x2b,0x06,0x9e,0x12,0xc7,0xe8,0x97,0xd8,0x0a,0x32,0x29,0x4f,0x8f,0xe4,0x49,0x3f,0x68,0x18,0x6f,0x4b,0xe1,0xec,0x5b,0x17,0x03,0x55,0x2d,0xb6,0x1e,0xcf,0x55}, + {0x58,0x3d,0xc2,0x65,0x10,0x10,0x79,0x58,0x9c,0x81,0x94,0x50,0x6d,0x08,0x9d,0x8b,0xa7,0x5f,0xc5,0x12,0xa9,0x2f,0x40,0xe2,0xd4,0x91,0x08,0x57,0x64,0x65,0x9a,0x66,0x52,0x8c,0xf5,0x7d,0xe3,0xb5,0x76,0x30,0x36,0xcc,0x99,0xe7,0xdd,0xb9,0x3a,0xd7,0x20,0xee,0x13,0x49,0xe3,0x1c,0x83,0xbd,0x33,0x01,0xba,0x62,0xaa,0xfb,0x56,0x1a,0xec,0xc9,0x9d,0x5c,0x50,0x6b,0x3e,0x94,0x1a,0x37,0x7c,0xa7,0xbb,0x57,0x25,0x30,0x51,0x76,0x34,0x41,0x56,0xae,0x73,0x98,0x5c,0x8a,0xc5,0x99,0x67,0x83,0xc4,0x13}, + {0xb9,0xe1,0xb3,0x5a,0x46,0x5d,0x3a,0x42,0x61,0x3f,0xf1,0xc7,0x87,0xc1,0x13,0xfc,0xb6,0xb9,0xb5,0xec,0x64,0x36,0xf8,0x19,0x07,0xb6,0x37,0xa6,0x93,0x0c,0xf8,0x66,0x80,0xd0,0x8b,0x5d,0x6a,0xfb,0xdc,0xc4,0x42,0x48,0x1a,0x57,0xec,0xc4,0xeb,0xde,0x65,0x53,0xe5,0xb8,0x83,0xe8,0xb2,0xd4,0x27,0xb8,0xe5,0xc8,0x7d,0xc8,0xbd,0x50,0x11,0xe1,0xdf,0x6e,0x83,0x37,0x6d,0x60,0xd9,0xab,0x11,0xf0,0x15,0x3e,0x35,0x32,0x96,0x3b,0xb7,0x25,0xc3,0x3a,0xb0,0x64,0xae,0xd5,0x5f,0x72,0x44,0x64,0xd5,0x1d}, + {0x7d,0x12,0x62,0x33,0xf8,0x7f,0xa4,0x8f,0x15,0x7c,0xcd,0x71,0xc4,0x6a,0x9f,0xbc,0x8b,0x0c,0x22,0x49,0x43,0x45,0x71,0x6e,0x2e,0x73,0x9f,0x21,0x12,0x59,0x64,0x0e,0x9a,0xc8,0xba,0x08,0x00,0xe6,0x97,0xc2,0xe0,0xc3,0xe1,0xea,0x11,0xea,0x4c,0x7d,0x7c,0x97,0xe7,0x9f,0xe1,0x8b,0xe3,0xf3,0xcd,0x05,0xa3,0x63,0x0f,0x45,0x3a,0x3a,0x27,0x46,0x39,0xd8,0x31,0x2f,0x8f,0x07,0x10,0xa5,0x94,0xde,0x83,0x31,0x9d,0x38,0x80,0x6f,0x99,0x17,0x6d,0x6c,0xe3,0xd1,0x7b,0xa8,0xa9,0x93,0x93,0x8d,0x8c,0x31}, + {0x19,0xfe,0xff,0x2a,0x03,0x5d,0x74,0xf2,0x66,0xdb,0x24,0x7f,0x49,0x3c,0x9f,0x0c,0xef,0x98,0x85,0xba,0xe3,0xd3,0x98,0xbc,0x14,0x53,0x1d,0x9a,0x67,0x7c,0x4c,0x22,0x98,0xd3,0x1d,0xab,0x29,0x9e,0x66,0x5d,0x3b,0x9e,0x2d,0x34,0x58,0x16,0x92,0xfc,0xcd,0x73,0x59,0xf3,0xfd,0x1d,0x85,0x55,0xf6,0x0a,0x95,0x25,0xc3,0x41,0x9a,0x50,0xe9,0x25,0xf9,0xa6,0xdc,0x6e,0xc0,0xbd,0x33,0x1f,0x1b,0x64,0xf4,0xf3,0x3e,0x79,0x89,0x3e,0x83,0x9d,0x80,0x12,0xec,0x82,0x89,0x13,0xa1,0x28,0x23,0xf0,0xbf,0x05}, + {0x0b,0xe0,0xca,0x23,0x70,0x13,0x32,0x36,0x59,0xcf,0xac,0xd1,0x0a,0xcf,0x4a,0x54,0x88,0x1c,0x1a,0xd2,0x49,0x10,0x74,0x96,0xa7,0x44,0x2a,0xfa,0xc3,0x8c,0x0b,0x78,0xe4,0x12,0xc5,0x0d,0xdd,0xa0,0x81,0x68,0xfe,0xfa,0xa5,0x44,0xc8,0x0d,0xe7,0x4f,0x40,0x52,0x4a,0x8f,0x6b,0x8e,0x74,0x1f,0xea,0xa3,0x01,0xee,0xcd,0x77,0x62,0x57,0x5f,0x30,0x4f,0x23,0xbc,0x8a,0xf3,0x1e,0x08,0xde,0x05,0x14,0xbd,0x7f,0x57,0x9a,0x0d,0x2a,0xe6,0x34,0x14,0xa5,0x82,0x5e,0xa1,0xb7,0x71,0x62,0x72,0x18,0xf4,0x5f}, + {0x9d,0xdb,0x89,0x17,0x0c,0x08,0x8e,0x39,0xf5,0x78,0xe7,0xf3,0x25,0x20,0x60,0xa7,0x5d,0x03,0xbd,0x06,0x4c,0x89,0x98,0xfa,0xbe,0x66,0xa9,0x25,0xdc,0x03,0x6a,0x10,0x40,0x95,0xb6,0x13,0xe8,0x47,0xdb,0xe5,0xe1,0x10,0x26,0x43,0x3b,0x2a,0x5d,0xf3,0x76,0x12,0x78,0x38,0xe9,0x26,0x1f,0xac,0x69,0xcb,0xa0,0xa0,0x8c,0xdb,0xd4,0x29,0xd0,0x53,0x33,0x33,0xaf,0x0a,0xad,0xd9,0xe5,0x09,0xd3,0xac,0xa5,0x9d,0x66,0x38,0xf0,0xf7,0x88,0xc8,0x8a,0x65,0x57,0x3c,0xfa,0xbe,0x2c,0x05,0x51,0x8a,0xb3,0x4a}, + {0x93,0xd5,0x68,0x67,0x25,0x2b,0x7c,0xda,0x13,0xca,0x22,0x44,0x57,0xc0,0xc1,0x98,0x1d,0xce,0x0a,0xca,0xd5,0x0b,0xa8,0xf1,0x90,0xa6,0x88,0xc0,0xad,0xd1,0xcd,0x29,0x9c,0xc0,0xdd,0x5f,0xef,0xd1,0xcf,0xd6,0xce,0x5d,0x57,0xf7,0xfd,0x3e,0x2b,0xe8,0xc2,0x34,0x16,0x20,0x5d,0x6b,0xd5,0x25,0x9b,0x2b,0xed,0x04,0xbb,0xc6,0x41,0x30,0x48,0xe1,0x56,0xd9,0xf9,0xf2,0xf2,0x0f,0x2e,0x6b,0x35,0x9f,0x75,0x97,0xe7,0xad,0x5c,0x02,0x6c,0x5f,0xbb,0x98,0x46,0x1a,0x7b,0x9a,0x04,0x14,0x68,0xbd,0x4b,0x10}, + {0x67,0xed,0xf1,0x68,0x31,0xfd,0xf0,0x51,0xc2,0x3b,0x6f,0xd8,0xcd,0x1d,0x81,0x2c,0xde,0xf2,0xd2,0x04,0x43,0x5c,0xdc,0x44,0x49,0x71,0x2a,0x09,0x57,0xcc,0xe8,0x5b,0x63,0xf1,0x7f,0xd6,0x5f,0x9a,0x5d,0xa9,0x81,0x56,0xc7,0x4c,0x9d,0xe6,0x2b,0xe9,0x57,0xf2,0x20,0xde,0x4c,0x02,0xf8,0xb7,0xf5,0x2d,0x07,0xfb,0x20,0x2a,0x4f,0x20,0x79,0xb0,0xeb,0x30,0x3d,0x3b,0x14,0xc8,0x30,0x2e,0x65,0xbd,0x5a,0x15,0x89,0x75,0x31,0x5c,0x6d,0x8f,0x31,0x3c,0x3c,0x65,0x1f,0x16,0x79,0xc2,0x17,0xfb,0x70,0x25}, + {0x75,0x15,0xb6,0x2c,0x7f,0x36,0xfa,0x3e,0x6c,0x02,0xd6,0x1c,0x76,0x6f,0xf9,0xf5,0x62,0x25,0xb5,0x65,0x2a,0x14,0xc7,0xe8,0xcd,0x0a,0x03,0x53,0xea,0x65,0xcb,0x3d,0x5a,0x24,0xb8,0x0b,0x55,0xa9,0x2e,0x19,0xd1,0x50,0x90,0x8f,0xa8,0xfb,0xe6,0xc8,0x35,0xc9,0xa4,0x88,0x2d,0xea,0x86,0x79,0x68,0x86,0x01,0xde,0x91,0x5f,0x1c,0x24,0xaa,0x6c,0xde,0x40,0x29,0x17,0xd8,0x28,0x3a,0x73,0xd9,0x22,0xf0,0x2c,0xbf,0x8f,0xd1,0x01,0x5b,0x23,0xdd,0xfc,0xd7,0x16,0xe5,0xf0,0xcd,0x5f,0xdd,0x0e,0x42,0x08}, + {0x4a,0xfa,0x62,0x83,0xab,0x20,0xff,0xcd,0x6e,0x3e,0x1a,0xe2,0xd4,0x18,0xe1,0x57,0x2b,0xe6,0x39,0xfc,0x17,0x96,0x17,0xe3,0xfd,0x69,0x17,0xbc,0xef,0x53,0x9a,0x0d,0xce,0x10,0xf4,0x04,0x4e,0xc3,0x58,0x03,0x85,0x06,0x6e,0x27,0x5a,0x5b,0x13,0xb6,0x21,0x15,0xb9,0xeb,0xc7,0x70,0x96,0x5d,0x9c,0x88,0xdb,0x21,0xf3,0x54,0xd6,0x04,0xd5,0xb5,0xbd,0xdd,0x16,0xc1,0x7d,0x5e,0x2d,0xdd,0xa5,0x8d,0xb6,0xde,0x54,0x29,0x92,0xa2,0x34,0x33,0x17,0x08,0xb6,0x1c,0xd7,0x1a,0x99,0x18,0x26,0x4f,0x7a,0x4a}, + {0x95,0x5f,0xb1,0x5f,0x02,0x18,0xa7,0xf4,0x8f,0x1b,0x5c,0x6b,0x34,0x5f,0xf6,0x3d,0x12,0x11,0xe0,0x00,0x85,0xf0,0xfc,0xcd,0x48,0x18,0xd3,0xdd,0x4c,0x0c,0xb5,0x11,0x4b,0x2a,0x37,0xaf,0x91,0xb2,0xc3,0x24,0xf2,0x47,0x81,0x71,0x70,0x82,0xda,0x93,0xf2,0x9e,0x89,0x86,0x64,0x85,0x84,0xdd,0x33,0xee,0xe0,0x23,0x42,0x31,0x96,0x4a,0xd6,0xff,0xa4,0x08,0x44,0x27,0xe8,0xa6,0xd9,0x76,0x15,0x9c,0x7e,0x17,0x8e,0x73,0xf2,0xb3,0x02,0x3d,0xb6,0x48,0x33,0x77,0x51,0xcc,0x6b,0xce,0x4d,0xce,0x4b,0x4f}, + {0x84,0x25,0x24,0xe2,0x5a,0xce,0x1f,0xa7,0x9e,0x8a,0xf5,0x92,0x56,0x72,0xea,0x26,0xf4,0x3c,0xea,0x1c,0xd7,0x09,0x1a,0xd2,0xe6,0x01,0x1c,0xb7,0x14,0xdd,0xfc,0x73,0x6f,0x0b,0x9d,0xc4,0x6e,0x61,0xe2,0x30,0x17,0x23,0xec,0xca,0x8f,0x71,0x56,0xe4,0xa6,0x4f,0x6b,0xf2,0x9b,0x40,0xeb,0x48,0x37,0x5f,0x59,0x61,0xe5,0xce,0x42,0x30,0x41,0xac,0x9b,0x44,0x79,0x70,0x7e,0x42,0x0a,0x31,0xe2,0xbc,0x6d,0xe3,0x5a,0x85,0x7c,0x1a,0x84,0x5f,0x21,0x76,0xae,0x4c,0xd6,0xe1,0x9c,0x9a,0x0c,0x74,0x9e,0x38}, + {0xce,0xb9,0xdc,0x34,0xae,0xb3,0xfc,0x64,0xad,0xd0,0x48,0xe3,0x23,0x03,0x50,0x97,0x1b,0x38,0xc6,0x62,0x7d,0xf0,0xb3,0x45,0x88,0x67,0x5a,0x46,0x79,0x53,0x54,0x61,0x28,0xac,0x0e,0x57,0xf6,0x78,0xbd,0xc9,0xe1,0x9c,0x91,0x27,0x32,0x0b,0x5b,0xe5,0xed,0x91,0x9b,0xa1,0xab,0x3e,0xfc,0x65,0x90,0x36,0x26,0xd6,0xe5,0x25,0xc4,0x25,0x6e,0xde,0xd7,0xf1,0xa6,0x06,0x3e,0x3f,0x08,0x23,0x06,0x8e,0x27,0x76,0xf9,0x3e,0x77,0x6c,0x8a,0x4e,0x26,0xf6,0x14,0x8c,0x59,0x47,0x48,0x15,0x89,0xa0,0x39,0x65}, + {0x73,0xf7,0xd2,0xc3,0x74,0x1f,0xd2,0xe9,0x45,0x68,0xc4,0x25,0x41,0x54,0x50,0xc1,0x33,0x9e,0xb9,0xf9,0xe8,0x5c,0x4e,0x62,0x6c,0x18,0xcd,0xc5,0xaa,0xe4,0xc5,0x11,0x19,0x4a,0xbb,0x14,0xd4,0xdb,0xc4,0xdd,0x8e,0x4f,0x42,0x98,0x3c,0xbc,0xb2,0x19,0x69,0x71,0xca,0x36,0xd7,0x9f,0xa8,0x48,0x90,0xbd,0x19,0xf0,0x0e,0x32,0x65,0x0f,0xc6,0xe0,0xfd,0xca,0xb1,0xd1,0x86,0xd4,0x81,0x51,0x3b,0x16,0xe3,0xe6,0x3f,0x4f,0x9a,0x93,0xf2,0xfa,0x0d,0xaf,0xa8,0x59,0x2a,0x07,0x33,0xec,0xbd,0xc7,0xab,0x4c}, + {0x2e,0x0a,0x9c,0x08,0x24,0x96,0x9e,0x23,0x38,0x47,0xfe,0x3a,0xc0,0xc4,0x48,0xc7,0x2a,0xa1,0x4f,0x76,0x2a,0xed,0xdb,0x17,0x82,0x85,0x1c,0x32,0xf0,0x93,0x9b,0x63,0x89,0xd2,0x78,0x3f,0x8f,0x78,0x8f,0xc0,0x9f,0x4d,0x40,0xa1,0x2c,0xa7,0x30,0xfe,0x9d,0xcc,0x65,0xcf,0xfc,0x8b,0x77,0xf2,0x21,0x20,0xcb,0x5a,0x16,0x98,0xe4,0x7e,0xc3,0xa1,0x11,0x91,0xe3,0x08,0xd5,0x7b,0x89,0x74,0x90,0x80,0xd4,0x90,0x2b,0x2b,0x19,0xfd,0x72,0xae,0xc2,0xae,0xd2,0xe7,0xa6,0x02,0xb6,0x85,0x3c,0x49,0xdf,0x0e}, + {0x68,0x5a,0x9b,0x59,0x58,0x81,0xcc,0xae,0x0e,0xe2,0xad,0xeb,0x0f,0x4f,0x57,0xea,0x07,0x7f,0xb6,0x22,0x74,0x1d,0xe4,0x4f,0xb4,0x4f,0x9d,0x01,0xe3,0x92,0x3b,0x40,0x13,0x41,0x76,0x84,0xd2,0xc4,0x67,0x67,0x35,0xf8,0xf5,0xf7,0x3f,0x40,0x90,0xa0,0xde,0xbe,0xe6,0xca,0xfa,0xcf,0x8f,0x1c,0x69,0xa3,0xdf,0xd1,0x54,0x0c,0xc0,0x04,0xf8,0x5c,0x46,0x8b,0x81,0x2f,0xc2,0x4d,0xf8,0xef,0x80,0x14,0x5a,0xf3,0xa0,0x71,0x57,0xd6,0xc7,0x04,0xad,0xbf,0xe8,0xae,0xf4,0x76,0x61,0xb2,0x2a,0xb1,0x5b,0x35}, + {0xf4,0xbb,0x93,0x74,0xcc,0x64,0x1e,0xa7,0xc3,0xb0,0xa3,0xec,0xd9,0x84,0xbd,0xe5,0x85,0xe7,0x05,0xfa,0x0c,0xc5,0x6b,0x0a,0x12,0xc3,0x2e,0x18,0x32,0x81,0x9b,0x0f,0x18,0x73,0x8c,0x5a,0xc7,0xda,0x01,0xa3,0x11,0xaa,0xce,0xb3,0x9d,0x03,0x90,0xed,0x2d,0x3f,0xae,0x3b,0xbf,0x7c,0x07,0x6f,0x8e,0xad,0x52,0xe0,0xf8,0xea,0x18,0x75,0x32,0x6c,0x7f,0x1b,0xc4,0x59,0x88,0xa4,0x98,0x32,0x38,0xf4,0xbc,0x60,0x2d,0x0f,0xd9,0xd1,0xb1,0xc9,0x29,0xa9,0x15,0x18,0xc4,0x55,0x17,0xbb,0x1b,0x87,0xc3,0x47}, + {0x48,0x4f,0xec,0x71,0x97,0x53,0x44,0x51,0x6e,0x5d,0x8c,0xc9,0x7d,0xb1,0x05,0xf8,0x6b,0xc6,0xc3,0x47,0x1a,0xc1,0x62,0xf7,0xdc,0x99,0x46,0x76,0x85,0x9b,0xb8,0x00,0xb0,0x66,0x50,0xc8,0x50,0x5d,0xe6,0xfb,0xb0,0x99,0xa2,0xb3,0xb0,0xc4,0xec,0x62,0xe0,0xe8,0x1a,0x44,0xea,0x54,0x37,0xe5,0x5f,0x8d,0xd4,0xe8,0x2c,0xa0,0xfe,0x08,0xd0,0xea,0xde,0x68,0x76,0xdd,0x4d,0x82,0x23,0x5d,0x68,0x4b,0x20,0x45,0x64,0xc8,0x65,0xd6,0x89,0x5d,0xcd,0xcf,0x14,0xb5,0x37,0xd5,0x75,0x4f,0xa7,0x29,0x38,0x47}, + {0x18,0xc4,0x79,0x46,0x75,0xda,0xd2,0x82,0xf0,0x8d,0x61,0xb2,0xd8,0xd7,0x3b,0xe6,0x0a,0xeb,0x47,0xac,0x24,0xef,0x5e,0x35,0xb4,0xc6,0x33,0x48,0x4c,0x68,0x78,0x20,0xc9,0x02,0x39,0xad,0x3a,0x53,0xd9,0x23,0x8f,0x58,0x03,0xef,0xce,0xdd,0xc2,0x64,0xb4,0x2f,0xe1,0xcf,0x90,0x73,0x25,0x15,0x90,0xd3,0xe4,0x44,0x4d,0x8b,0x66,0x6c,0x0c,0x82,0x78,0x7a,0x21,0xcf,0x48,0x3b,0x97,0x3e,0x27,0x81,0xb2,0x0a,0x6a,0xf7,0x7b,0xed,0x8e,0x8c,0xa7,0x65,0x6c,0xa9,0x3f,0x43,0x8a,0x4f,0x05,0xa6,0x11,0x74}, + {0x6d,0xc8,0x9d,0xb9,0x32,0x9d,0x65,0x4d,0x15,0xf1,0x3a,0x60,0x75,0xdc,0x4c,0x04,0x88,0xe4,0xc2,0xdc,0x2c,0x71,0x4c,0xb3,0xff,0x34,0x81,0xfb,0x74,0x65,0x13,0x7c,0xb4,0x75,0xb1,0x18,0x3d,0xe5,0x9a,0x57,0x02,0xa1,0x92,0xf3,0x59,0x31,0x71,0x68,0xf5,0x35,0xef,0x1e,0xba,0xec,0x55,0x84,0x8f,0x39,0x8c,0x45,0x72,0xa8,0xc9,0x1e,0x9b,0x50,0xa2,0x00,0xd4,0xa4,0xe6,0xb8,0xb4,0x82,0xc8,0x0b,0x02,0xd7,0x81,0x9b,0x61,0x75,0x95,0xf1,0x9b,0xcc,0xe7,0x57,0x60,0x64,0xcd,0xc7,0xa5,0x88,0xdd,0x3a}, + {0xf2,0xdc,0x35,0xb6,0x70,0x57,0x89,0xab,0xbc,0x1f,0x6c,0xf6,0x6c,0xef,0xdf,0x02,0x87,0xd1,0xb6,0xbe,0x68,0x02,0x53,0x85,0x74,0x9e,0x87,0xcc,0xfc,0x29,0x99,0x24,0x46,0x30,0x39,0x59,0xd4,0x98,0xc2,0x85,0xec,0x59,0xf6,0x5f,0x98,0x35,0x7e,0x8f,0x3a,0x6e,0xf6,0xf2,0x2a,0xa2,0x2c,0x1d,0x20,0xa7,0x06,0xa4,0x31,0x11,0xba,0x61,0x29,0x90,0x95,0x16,0xf1,0xa0,0xd0,0xa3,0x89,0xbd,0x7e,0xba,0x6c,0x6b,0x3b,0x02,0x07,0x33,0x78,0x26,0x3e,0x5a,0xf1,0x7b,0xe7,0xec,0xd8,0xbb,0x0c,0x31,0x20,0x56}, + {0x43,0xd6,0x34,0x49,0x43,0x93,0x89,0x52,0xf5,0x22,0x12,0xa5,0x06,0xf8,0xdb,0xb9,0x22,0x1c,0xf4,0xc3,0x8f,0x87,0x6d,0x8f,0x30,0x97,0x9d,0x4d,0x2a,0x6a,0x67,0x37,0xd6,0x85,0xe2,0x77,0xf4,0xb5,0x46,0x66,0x93,0x61,0x8f,0x6c,0x67,0xff,0xe8,0x40,0xdd,0x94,0xb5,0xab,0x11,0x73,0xec,0xa6,0x4d,0xec,0x8c,0x65,0xf3,0x46,0xc8,0x7e,0xc7,0x2e,0xa2,0x1d,0x3f,0x8f,0x5e,0x9b,0x13,0xcd,0x01,0x6c,0x77,0x1d,0x0f,0x13,0xb8,0x9f,0x98,0xa2,0xcf,0x8f,0x4c,0x21,0xd5,0x9d,0x9b,0x39,0x23,0xf7,0xaa,0x6d}, + {0x47,0xbe,0x3d,0xeb,0x62,0x75,0x3a,0x5f,0xb8,0xa0,0xbd,0x8e,0x54,0x38,0xea,0xf7,0x99,0x72,0x74,0x45,0x31,0xe5,0xc3,0x00,0x51,0xd5,0x27,0x16,0xe7,0xe9,0x04,0x13,0xa2,0x8e,0xad,0xac,0xbf,0x04,0x3b,0x58,0x84,0xe8,0x8b,0x14,0xe8,0x43,0xb7,0x29,0xdb,0xc5,0x10,0x08,0x3b,0x58,0x1e,0x2b,0xaa,0xbb,0xb3,0x8e,0xe5,0x49,0x54,0x2b,0xfe,0x9c,0xdc,0x6a,0xd2,0x14,0x98,0x78,0x0b,0xdd,0x48,0x8b,0x3f,0xab,0x1b,0x3c,0x0a,0xc6,0x79,0xf9,0xff,0xe1,0x0f,0xda,0x93,0xd6,0x2d,0x7c,0x2d,0xde,0x68,0x44}, + {0x9e,0x46,0x19,0x94,0x5e,0x35,0xbb,0x51,0x54,0xc7,0xdd,0x23,0x4c,0xdc,0xe6,0x33,0x62,0x99,0x7f,0x44,0xd6,0xb6,0xa5,0x93,0x63,0xbd,0x44,0xfb,0x6f,0x7c,0xce,0x6c,0xce,0x07,0x63,0xf8,0xc6,0xd8,0x9a,0x4b,0x28,0x0c,0x5d,0x43,0x31,0x35,0x11,0x21,0x2c,0x77,0x7a,0x65,0xc5,0x66,0xa8,0xd4,0x52,0x73,0x24,0x63,0x7e,0x42,0xa6,0x5d,0xca,0x22,0xac,0xde,0x88,0xc6,0x94,0x1a,0xf8,0x1f,0xae,0xbb,0xf7,0x6e,0x06,0xb9,0x0f,0x58,0x59,0x8d,0x38,0x8c,0xad,0x88,0xa8,0x2c,0x9f,0xe7,0xbf,0x9a,0xf2,0x58}, + {0x68,0x3e,0xe7,0x8d,0xab,0xcf,0x0e,0xe9,0xa5,0x76,0x7e,0x37,0x9f,0x6f,0x03,0x54,0x82,0x59,0x01,0xbe,0x0b,0x5b,0x49,0xf0,0x36,0x1e,0xf4,0xa7,0xc4,0x29,0x76,0x57,0xf6,0xcd,0x0e,0x71,0xbf,0x64,0x5a,0x4b,0x3c,0x29,0x2c,0x46,0x38,0xe5,0x4c,0xb1,0xb9,0x3a,0x0b,0xd5,0x56,0xd0,0x43,0x36,0x70,0x48,0x5b,0x18,0x24,0x37,0xf9,0x6a,0x88,0xa8,0xc6,0x09,0x45,0x02,0x20,0x32,0x73,0x89,0x55,0x4b,0x13,0x36,0xe0,0xd2,0x9f,0x28,0x33,0x3c,0x23,0x36,0xe2,0x83,0x8f,0xc1,0xae,0x0c,0xbb,0x25,0x1f,0x70}, + {0xed,0x6c,0x61,0xe4,0xf8,0xb0,0xa8,0xc3,0x7d,0xa8,0x25,0x9e,0x0e,0x66,0x00,0xf7,0x9c,0xa5,0xbc,0xf4,0x1f,0x06,0xe3,0x61,0xe9,0x0b,0xc4,0xbd,0xbf,0x92,0x0c,0x2e,0x13,0xc1,0xbe,0x7c,0xd9,0xf6,0x18,0x9d,0xe4,0xdb,0xbf,0x74,0xe6,0x06,0x4a,0x84,0xd6,0x60,0x4e,0xac,0x22,0xb5,0xf5,0x20,0x51,0x5e,0x95,0x50,0xc0,0x5b,0x0a,0x72,0x35,0x5a,0x80,0x9b,0x43,0x09,0x3f,0x0c,0xfc,0xab,0x42,0x62,0x37,0x8b,0x4e,0xe8,0x46,0x93,0x22,0x5c,0xf3,0x17,0x14,0x69,0xec,0xf0,0x4e,0x14,0xbb,0x9c,0x9b,0x0e}, + {0xad,0x20,0x57,0xfb,0x8f,0xd4,0xba,0xfb,0x0e,0x0d,0xf9,0xdb,0x6b,0x91,0x81,0xee,0xbf,0x43,0x55,0x63,0x52,0x31,0x81,0xd4,0xd8,0x7b,0x33,0x3f,0xeb,0x04,0x11,0x22,0xee,0xbe,0xb1,0x5d,0xd5,0x9b,0xee,0x8d,0xb9,0x3f,0x72,0x0a,0x37,0xab,0xc3,0xc9,0x91,0xd7,0x68,0x1c,0xbf,0xf1,0xa8,0x44,0xde,0x3c,0xfd,0x1c,0x19,0x44,0x6d,0x36,0x14,0x8c,0xbc,0xf2,0x43,0x17,0x3c,0x9e,0x3b,0x6c,0x85,0xb5,0xfc,0x26,0xda,0x2e,0x97,0xfb,0xa7,0x68,0x0e,0x2f,0xb8,0xcc,0x44,0x32,0x59,0xbc,0xe6,0xa4,0x67,0x41}, + {0x00,0x27,0xf6,0x76,0x28,0x9d,0x3b,0x64,0xeb,0x68,0x76,0x0e,0x40,0x9d,0x1d,0x5d,0x84,0x06,0xfc,0x21,0x03,0x43,0x4b,0x1b,0x6a,0x24,0x55,0x22,0x7e,0xbb,0x38,0x79,0xee,0x8f,0xce,0xf8,0x65,0x26,0xbe,0xc2,0x2c,0xd6,0x80,0xe8,0x14,0xff,0x67,0xe9,0xee,0x4e,0x36,0x2f,0x7e,0x6e,0x2e,0xf1,0xf6,0xd2,0x7e,0xcb,0x70,0x33,0xb3,0x34,0xcc,0xd6,0x81,0x86,0xee,0x91,0xc5,0xcd,0x53,0xa7,0x85,0xed,0x9c,0x10,0x02,0xce,0x83,0x88,0x80,0x58,0xc1,0x85,0x74,0xed,0xe4,0x65,0xfe,0x2d,0x6e,0xfc,0x76,0x11}, + {0x9b,0x61,0x9c,0x5b,0xd0,0x6c,0xaf,0xb4,0x80,0x84,0xa5,0xb2,0xf4,0xc9,0xdf,0x2d,0xc4,0x4d,0xe9,0xeb,0x02,0xa5,0x4f,0x3d,0x34,0x5f,0x7d,0x67,0x4c,0x3a,0xfc,0x08,0xb8,0x0e,0x77,0x49,0x89,0xe2,0x90,0xdb,0xa3,0x40,0xf4,0xac,0x2a,0xcc,0xfb,0x98,0x9b,0x87,0xd7,0xde,0xfe,0x4f,0x35,0x21,0xb6,0x06,0x69,0xf2,0x54,0x3e,0x6a,0x1f,0xea,0x34,0x07,0xd3,0x99,0xc1,0xa4,0x60,0xd6,0x5c,0x16,0x31,0xb6,0x85,0xc0,0x40,0x95,0x82,0x59,0xf7,0x23,0x3e,0x33,0xe2,0xd1,0x00,0xb9,0x16,0x01,0xad,0x2f,0x4f}, + {0x54,0x4e,0xae,0x94,0x41,0xb2,0xbe,0x44,0x6c,0xef,0x57,0x18,0x51,0x1c,0x54,0x5f,0x98,0x04,0x8d,0x36,0x2d,0x6b,0x1e,0xa6,0xab,0xf7,0x2e,0x97,0xa4,0x84,0x54,0x44,0x38,0xb6,0x3b,0xb7,0x1d,0xd9,0x2c,0x96,0x08,0x9c,0x12,0xfc,0xaa,0x77,0x05,0xe6,0x89,0x16,0xb6,0xf3,0x39,0x9b,0x61,0x6f,0x81,0xee,0x44,0x29,0x5f,0x99,0x51,0x34,0x7c,0x7d,0xea,0x9f,0xd0,0xfc,0x52,0x91,0xf6,0x5c,0x93,0xb0,0x94,0x6c,0x81,0x4a,0x40,0x5c,0x28,0x47,0xaa,0x9a,0x8e,0x25,0xb7,0x93,0x28,0x04,0xa6,0x9c,0xb8,0x10}, + {0x9c,0x28,0x18,0x97,0x49,0x47,0x59,0x3d,0x26,0x3f,0x53,0x24,0xc5,0xf8,0xeb,0x12,0x15,0xef,0xc3,0x14,0xcb,0xbf,0x62,0x02,0x8e,0x51,0xb7,0x77,0xd5,0x78,0xb8,0x20,0x6e,0xf0,0x45,0x5a,0xbe,0x41,0x39,0x75,0x65,0x5f,0x9c,0x6d,0xed,0xae,0x7c,0xd0,0xb6,0x51,0xff,0x72,0x9c,0x6b,0x77,0x11,0xa9,0x4d,0x0d,0xef,0xd9,0xd1,0xd2,0x17,0x6a,0x3e,0x3f,0x07,0x18,0xaf,0xf2,0x27,0x69,0x10,0x52,0xd7,0x19,0xe5,0x3f,0xfd,0x22,0x00,0xa6,0x3c,0x2c,0xb7,0xe3,0x22,0xa7,0xc6,0x65,0xcc,0x63,0x4f,0x21,0x72}, + {0x93,0xa6,0x07,0x53,0x40,0x7f,0xe3,0xb4,0x95,0x67,0x33,0x2f,0xd7,0x14,0xa7,0xab,0x99,0x10,0x76,0x73,0xa7,0xd0,0xfb,0xd6,0xc9,0xcb,0x71,0x81,0xc5,0x48,0xdf,0x5f,0xc9,0x29,0x3b,0xf4,0xb9,0xb7,0x9d,0x1d,0x75,0x8f,0x51,0x4f,0x4a,0x82,0x05,0xd6,0xc4,0x9d,0x2f,0x31,0xbd,0x72,0xc0,0xf2,0xb0,0x45,0x15,0x5a,0x85,0xac,0x24,0x1f,0xaa,0x05,0x95,0x8e,0x32,0x08,0xd6,0x24,0xee,0x20,0x14,0x0c,0xd1,0xc1,0x48,0x47,0xa2,0x25,0xfb,0x06,0x5c,0xe4,0xff,0xc7,0xe6,0x95,0xe3,0x2a,0x9e,0x73,0xba,0x00}, + {0xd6,0x90,0x87,0x5c,0xde,0x98,0x2e,0x59,0xdf,0xa2,0xc2,0x45,0xd3,0xb7,0xbf,0xe5,0x22,0x99,0xb4,0xf9,0x60,0x3b,0x5a,0x11,0xf3,0x78,0xad,0x67,0x3e,0x3a,0x28,0x03,0x26,0xbb,0x88,0xea,0xf5,0x26,0x44,0xae,0xfb,0x3b,0x97,0x84,0xd9,0x79,0x06,0x36,0x50,0x4e,0x69,0x26,0x0c,0x03,0x9f,0x5c,0x26,0xd2,0x18,0xd5,0xe7,0x7d,0x29,0x72,0x39,0xb9,0x0c,0xbe,0xc7,0x1d,0x24,0x48,0x80,0x30,0x63,0x8b,0x4d,0x9b,0xf1,0x32,0x08,0x93,0x28,0x02,0x0d,0xc9,0xdf,0xd3,0x45,0x19,0x27,0x46,0x68,0x29,0xe1,0x05}, + {0x5a,0x49,0x9c,0x2d,0xb3,0xee,0x82,0xba,0x7c,0xb9,0x2b,0xf1,0xfc,0xc8,0xef,0xce,0xe0,0xd1,0xb5,0x93,0xae,0xab,0x2d,0xb0,0x9b,0x8d,0x69,0x13,0x9c,0x0c,0xc0,0x39,0x50,0x45,0x2c,0x24,0xc8,0xbb,0xbf,0xad,0xd9,0x81,0x30,0xd0,0xec,0x0c,0xc8,0xbc,0x92,0xdf,0xc8,0xf5,0xa6,0x66,0x35,0x84,0x4c,0xce,0x58,0x82,0xd3,0x25,0xcf,0x78,0x68,0x9d,0x48,0x31,0x8e,0x6b,0xae,0x15,0x87,0xf0,0x2b,0x9c,0xab,0x1c,0x85,0xaa,0x05,0xfa,0x4e,0xf0,0x97,0x5a,0xa7,0xc9,0x32,0xf8,0x3f,0x6b,0x07,0x52,0x6b,0x00}, + {0x1c,0x78,0x95,0x9d,0xe1,0xcf,0xe0,0x29,0xe2,0x10,0x63,0x96,0x18,0xdf,0x81,0xb6,0x39,0x6b,0x51,0x70,0xd3,0x39,0xdf,0x57,0x22,0x61,0xc7,0x3b,0x44,0xe3,0x57,0x4d,0x2d,0x08,0xce,0xb9,0x16,0x7e,0xcb,0xf5,0x29,0xbc,0x7a,0x41,0x4c,0xf1,0x07,0x34,0xab,0xa7,0xf4,0x2b,0xce,0x6b,0xb3,0xd4,0xce,0x75,0x9f,0x1a,0x56,0xe9,0xe2,0x7d,0xcb,0x5e,0xa5,0xb6,0xf4,0xd4,0x70,0xde,0x99,0xdb,0x85,0x5d,0x7f,0x52,0x01,0x48,0x81,0x9a,0xee,0xd3,0x40,0xc4,0xc9,0xdb,0xed,0x29,0x60,0x1a,0xaf,0x90,0x2a,0x6b}, + {0x97,0x1e,0xe6,0x9a,0xfc,0xf4,0x23,0x69,0xd1,0x5f,0x3f,0xe0,0x1d,0x28,0x35,0x57,0x2d,0xd1,0xed,0xe6,0x43,0xae,0x64,0xa7,0x4a,0x3e,0x2d,0xd1,0xe9,0xf4,0xd8,0x5f,0x0a,0xd8,0xb2,0x5b,0x24,0xf3,0xeb,0x77,0x9b,0x07,0xb9,0x2f,0x47,0x1b,0x30,0xd8,0x33,0x73,0xee,0x4c,0xf2,0xe6,0x47,0xc6,0x09,0x21,0x6c,0x27,0xc8,0x12,0x58,0x46,0xd9,0x62,0x10,0x2a,0xb2,0xbe,0x43,0x4d,0x16,0xdc,0x31,0x38,0x75,0xfb,0x65,0x70,0xd7,0x68,0x29,0xde,0x7b,0x4a,0x0d,0x18,0x90,0x67,0xb1,0x1c,0x2b,0x2c,0xb3,0x05}, + {0xfd,0xa8,0x4d,0xd2,0xcc,0x5e,0xc0,0xc8,0x83,0xef,0xdf,0x05,0xac,0x1a,0xcf,0xa1,0x61,0xcd,0xf9,0x7d,0xf2,0xef,0xbe,0xdb,0x99,0x1e,0x47,0x7b,0xa3,0x56,0x55,0x3b,0x95,0x81,0xd5,0x7a,0x2c,0xa4,0xfc,0xf7,0xcc,0xf3,0x33,0x43,0x6e,0x28,0x14,0x32,0x9d,0x97,0x0b,0x34,0x0d,0x9d,0xc2,0xb6,0xe1,0x07,0x73,0x56,0x48,0x1a,0x77,0x31,0x82,0xd4,0x4d,0xe1,0x24,0xc5,0xb0,0x32,0xb6,0xa4,0x2b,0x1a,0x54,0x51,0xb3,0xed,0xf3,0x5a,0x2b,0x28,0x48,0x60,0xd1,0xa3,0xeb,0x36,0x73,0x7a,0xd2,0x79,0xc0,0x4f}, + {0x7f,0x2f,0xbf,0x89,0xb0,0x38,0xc9,0x51,0xa7,0xe9,0xdf,0x02,0x65,0xbd,0x97,0x24,0x53,0xe4,0x80,0x78,0x9c,0xc0,0xff,0xff,0x92,0x8e,0xf9,0xca,0xce,0x67,0x45,0x12,0x0d,0xc5,0x86,0x0c,0x44,0x8b,0x34,0xdc,0x51,0xe6,0x94,0xcc,0xc9,0xcb,0x37,0x13,0xb9,0x3c,0x3e,0x64,0x4d,0xf7,0x22,0x64,0x08,0xcd,0xe3,0xba,0xc2,0x70,0x11,0x24,0xb4,0x73,0xc4,0x0a,0x86,0xab,0xf9,0x3f,0x35,0xe4,0x13,0x01,0xee,0x1d,0x91,0xf0,0xaf,0xc4,0xc6,0xeb,0x60,0x50,0xe7,0x4a,0x0d,0x00,0x87,0x6c,0x96,0x12,0x86,0x3f}, + {0xde,0x0d,0x2a,0x78,0xc9,0x0c,0x9a,0x55,0x85,0x83,0x71,0xea,0xb2,0xcd,0x1d,0x55,0x8c,0x23,0xef,0x31,0x5b,0x86,0x62,0x7f,0x3d,0x61,0x73,0x79,0x76,0xa7,0x4a,0x50,0x13,0x8d,0x04,0x36,0xfa,0xfc,0x18,0x9c,0xdd,0x9d,0x89,0x73,0xb3,0x9d,0x15,0x29,0xaa,0xd0,0x92,0x9f,0x0b,0x35,0x9f,0xdc,0xd4,0x19,0x8a,0x87,0xee,0x7e,0xf5,0x26,0xb1,0xef,0x87,0x56,0xd5,0x2c,0xab,0x0c,0x7b,0xf1,0x7a,0x24,0x62,0xd1,0x80,0x51,0x67,0x24,0x5a,0x4f,0x34,0x5a,0xc1,0x85,0x69,0x30,0xba,0x9d,0x3d,0x94,0x41,0x40}, + {0x96,0xcc,0xeb,0x43,0xba,0xee,0xc0,0xc3,0xaf,0x9c,0xea,0x26,0x9c,0x9c,0x74,0x8d,0xc6,0xcc,0x77,0x1c,0xee,0x95,0xfa,0xd9,0x0f,0x34,0x84,0x76,0xd9,0xa1,0x20,0x14,0xdd,0xaa,0x6c,0xa2,0x43,0x77,0x21,0x4b,0xce,0xb7,0x8a,0x64,0x24,0xb4,0xa6,0x47,0xe3,0xc9,0xfb,0x03,0x7a,0x4f,0x1d,0xcb,0x19,0xd0,0x00,0x98,0x42,0x31,0xd9,0x12,0x4f,0x59,0x37,0xd3,0x99,0x77,0xc6,0x00,0x7b,0xa4,0x3a,0xb2,0x40,0x51,0x3c,0x5e,0x95,0xf3,0x5f,0xe3,0x54,0x28,0x18,0x44,0x12,0xa0,0x59,0x43,0x31,0x92,0x4f,0x1b}, + {0x51,0x09,0x15,0x89,0x9d,0x10,0x5c,0x3e,0x6a,0x69,0xe9,0x2d,0x91,0xfa,0xce,0x39,0x20,0x30,0x5f,0x97,0x3f,0xe4,0xea,0x20,0xae,0x2d,0x13,0x7f,0x2a,0x57,0x9b,0x23,0xb1,0x66,0x98,0xa4,0x30,0x30,0xcf,0x33,0x59,0x48,0x5f,0x21,0xd2,0x73,0x1f,0x25,0xf6,0xf4,0xde,0x51,0x40,0xaa,0x82,0xab,0xf6,0x23,0x9a,0x6f,0xd5,0x91,0xf1,0x5f,0x68,0x90,0x2d,0xac,0x33,0xd4,0x9e,0x81,0x23,0x85,0xc9,0x5f,0x79,0xab,0x83,0x28,0x3d,0xeb,0x93,0x55,0x80,0x72,0x45,0xef,0xcb,0x36,0x8f,0x75,0x6a,0x52,0x0c,0x02}, + {0xbc,0xdb,0xd8,0x9e,0xf8,0x34,0x98,0x77,0x6c,0xa4,0x7c,0xdc,0xf9,0xaa,0xf2,0xc8,0x74,0xb0,0xe1,0xa3,0xdc,0x4c,0x52,0xa9,0x77,0x38,0x31,0x15,0x46,0xcc,0xaa,0x02,0x89,0xcc,0x42,0xf0,0x59,0xef,0x31,0xe9,0xb6,0x4b,0x12,0x8e,0x9d,0x9c,0x58,0x2c,0x97,0x59,0xc7,0xae,0x8a,0xe1,0xc8,0xad,0x0c,0xc5,0x02,0x56,0x0a,0xfe,0x2c,0x45,0xdf,0x77,0x78,0x64,0xa0,0xf7,0xa0,0x86,0x9f,0x7c,0x60,0x0e,0x27,0x64,0xc4,0xbb,0xc9,0x11,0xfb,0xf1,0x25,0xea,0x17,0xab,0x7b,0x87,0x4b,0x30,0x7b,0x7d,0xfb,0x4c}, + {0xfe,0x75,0x9b,0xb8,0x6c,0x3d,0xb4,0x72,0x80,0xdc,0x6a,0x9c,0xd9,0x94,0xc6,0x54,0x9f,0x4c,0xe3,0x3e,0x37,0xaa,0xc3,0xb8,0x64,0x53,0x07,0x39,0x2b,0x62,0xb4,0x14,0x12,0xef,0x89,0x97,0xc2,0x99,0x86,0xe2,0x0d,0x19,0x57,0xdf,0x71,0xcd,0x6e,0x2b,0xd0,0x70,0xc9,0xec,0x57,0xc8,0x43,0xc3,0xc5,0x3a,0x4d,0x43,0xbc,0x4c,0x1d,0x5b,0x26,0x9f,0x0a,0xcc,0x15,0x26,0xfb,0xb6,0xe5,0xcc,0x8d,0xb8,0x2b,0x0e,0x4f,0x3a,0x05,0xa7,0x69,0x33,0x8b,0x49,0x01,0x13,0xd1,0x2d,0x59,0x58,0x12,0xf7,0x98,0x2f}, + {0x56,0x9e,0x0f,0xb5,0x4c,0xa7,0x94,0x0c,0x20,0x13,0x8e,0x8e,0xa9,0xf4,0x1f,0x5b,0x67,0x0f,0x30,0x82,0x21,0xcc,0x2a,0x9a,0xf9,0xaa,0x06,0xd8,0x49,0xe2,0x6a,0x3a,0x01,0xa7,0x54,0x4f,0x44,0xae,0x12,0x2e,0xde,0xd7,0xcb,0xa9,0xf0,0x3e,0xfe,0xfc,0xe0,0x5d,0x83,0x75,0x0d,0x89,0xbf,0xce,0x54,0x45,0x61,0xe7,0xe9,0x62,0x80,0x1d,0x5a,0x7c,0x90,0xa9,0x85,0xda,0x7a,0x65,0x62,0x0f,0xb9,0x91,0xb5,0xa8,0x0e,0x1a,0xe9,0xb4,0x34,0xdf,0xfb,0x1d,0x0e,0x8d,0xf3,0x5f,0xf2,0xae,0xe8,0x8c,0x8b,0x29}, + {0xb2,0x0c,0xf7,0xef,0x53,0x79,0x92,0x2a,0x76,0x70,0x15,0x79,0x2a,0xc9,0x89,0x4b,0x6a,0xcf,0xa7,0x30,0x7a,0x45,0x18,0x94,0x85,0xe4,0x5c,0x4d,0x40,0xa8,0xb8,0x34,0xde,0x65,0x21,0x0a,0xea,0x72,0x7a,0x83,0xf6,0x79,0xcf,0x0b,0xb4,0x07,0xab,0x3f,0x70,0xae,0x38,0x77,0xc7,0x36,0x16,0x52,0xdc,0xd7,0xa7,0x03,0x18,0x27,0xa6,0x6b,0x35,0x33,0x69,0x83,0xb5,0xec,0x6e,0xc2,0xfd,0xfe,0xb5,0x63,0xdf,0x13,0xa8,0xd5,0x73,0x25,0xb2,0xa4,0x9a,0xaa,0x93,0xa2,0x6a,0x1c,0x5e,0x46,0xdd,0x2b,0xd6,0x71}, + {0x80,0xdf,0x78,0xd3,0x28,0xcc,0x33,0x65,0xb4,0xa4,0x0f,0x0a,0x79,0x43,0xdb,0xf6,0x5a,0xda,0x01,0xf7,0xf9,0x5f,0x64,0xe3,0xa4,0x2b,0x17,0xf3,0x17,0xf3,0xd5,0x74,0xf5,0x5e,0xf7,0xb1,0xda,0xb5,0x2d,0xcd,0xf5,0x65,0xb0,0x16,0xcf,0x95,0x7f,0xd7,0x85,0xf0,0x49,0x3f,0xea,0x1f,0x57,0x14,0x3d,0x2b,0x2b,0x26,0x21,0x36,0x33,0x1c,0x81,0xca,0xd9,0x67,0x54,0xe5,0x6f,0xa8,0x37,0x8c,0x29,0x2b,0x75,0x7c,0x8b,0x39,0x3b,0x62,0xac,0xe3,0x92,0x08,0x6d,0xda,0x8c,0xd9,0xe9,0x47,0x45,0xcc,0xeb,0x4a}, + {0xc9,0x01,0x6d,0x27,0x1b,0x07,0xf0,0x12,0x70,0x8c,0xc4,0x86,0xc5,0xba,0xb8,0xe7,0xa9,0xfb,0xd6,0x71,0x9b,0x12,0x08,0x53,0x92,0xb7,0x3d,0x5a,0xf9,0xfb,0x88,0x5d,0x10,0xb6,0x54,0x73,0x9e,0x8d,0x40,0x0b,0x6e,0x5b,0xa8,0x5b,0x53,0x32,0x6b,0x80,0x07,0xa2,0x58,0x4a,0x03,0x3a,0xe6,0xdb,0x2c,0xdf,0xa1,0xc9,0xdd,0xd9,0x3b,0x17,0xdf,0x72,0x58,0xfe,0x1e,0x0f,0x50,0x2b,0xc1,0x18,0x39,0xd4,0x2e,0x58,0xd6,0x58,0xe0,0x3a,0x67,0xc9,0x8e,0x27,0xed,0xe6,0x19,0xa3,0x9e,0xb1,0x13,0xcd,0xe1,0x06}, + {0x23,0x6f,0x16,0x6f,0x51,0xad,0xd0,0x40,0xbe,0x6a,0xab,0x1f,0x93,0x32,0x8e,0x11,0x8e,0x08,0x4d,0xa0,0x14,0x5e,0xe3,0x3f,0x66,0x62,0xe1,0x26,0x35,0x60,0x80,0x30,0x53,0x03,0x5b,0x9e,0x62,0xaf,0x2b,0x47,0x47,0x04,0x8d,0x27,0x90,0x0b,0xaa,0x3b,0x27,0xbf,0x43,0x96,0x46,0x5f,0x78,0x0c,0x13,0x7b,0x83,0x8d,0x1a,0x6a,0x3a,0x7f,0x0b,0x80,0x3d,0x5d,0x39,0x44,0xe6,0xf7,0xf6,0xed,0x01,0xc9,0x55,0xd5,0xa8,0x95,0x39,0x63,0x2c,0x59,0x30,0x78,0xcd,0x68,0x7e,0x30,0x51,0x2e,0xed,0xfd,0xd0,0x30}, + {0xb3,0x33,0x12,0xf2,0x1a,0x4d,0x59,0xe0,0x9c,0x4d,0xcc,0xf0,0x8e,0xe7,0xdb,0x1b,0x77,0x9a,0x49,0x8f,0x7f,0x18,0x65,0x69,0x68,0x98,0x09,0x2c,0x20,0x14,0x92,0x0a,0x50,0x47,0xb8,0x68,0x1e,0x97,0xb4,0x9c,0xcf,0xbb,0x64,0x66,0x29,0x72,0x95,0xa0,0x2b,0x41,0xfa,0x72,0x26,0xe7,0x8d,0x5c,0xd9,0x89,0xc5,0x51,0x43,0x08,0x15,0x46,0x2e,0xa0,0xb9,0xae,0xc0,0x19,0x90,0xbc,0xae,0x4c,0x03,0x16,0x0d,0x11,0xc7,0x55,0xec,0x32,0x99,0x65,0x01,0xf5,0x6d,0x0e,0xfe,0x5d,0xca,0x95,0x28,0x0d,0xca,0x3b}, + {0xa4,0x62,0x5d,0x3c,0xbc,0x31,0xf0,0x40,0x60,0x7a,0xf0,0xcf,0x3e,0x8b,0xfc,0x19,0x45,0xb5,0x0f,0x13,0xa2,0x3d,0x18,0x98,0xcd,0x13,0x8f,0xae,0xdd,0xde,0x31,0x56,0xbf,0x01,0xcc,0x9e,0xb6,0x8e,0x68,0x9c,0x6f,0x89,0x44,0xa6,0xad,0x83,0xbc,0xf0,0xe2,0x9f,0x7a,0x5f,0x5f,0x95,0x2d,0xca,0x41,0x82,0xf2,0x8d,0x03,0xb4,0xa8,0x4e,0x02,0xd2,0xca,0xf1,0x0a,0x46,0xed,0x2a,0x83,0xee,0x8c,0xa4,0x05,0x53,0x30,0x46,0x5f,0x1a,0xf1,0x49,0x45,0x77,0x21,0x91,0x63,0xa4,0x2c,0x54,0x30,0x09,0xce,0x24}, + {0x06,0xc1,0x06,0xfd,0xf5,0x90,0xe8,0x1f,0xf2,0x10,0x88,0x5d,0x35,0x68,0xc4,0xb5,0x3e,0xaf,0x8c,0x6e,0xfe,0x08,0x78,0x82,0x4b,0xd7,0x06,0x8a,0xc2,0xe3,0xd4,0x41,0x85,0x0b,0xf3,0xfd,0x55,0xa1,0xcf,0x3f,0xa4,0x2e,0x37,0x36,0x8e,0x16,0xf7,0xd2,0x44,0xf8,0x92,0x64,0xde,0x64,0xe0,0xb2,0x80,0x42,0x4f,0x32,0xa7,0x28,0x99,0x54,0x2e,0x1a,0xee,0x63,0xa7,0x32,0x6e,0xf2,0xea,0xfd,0x5f,0xd2,0xb7,0xe4,0x91,0xae,0x69,0x4d,0x7f,0xd1,0x3b,0xd3,0x3b,0xbc,0x6a,0xff,0xdc,0xc0,0xde,0x66,0x1b,0x49}, + {0xa7,0x32,0xea,0xc7,0x3d,0xb1,0xf5,0x98,0x98,0xdb,0x16,0x7e,0xcc,0xf8,0xd5,0xe3,0x47,0xd9,0xf8,0xcb,0x52,0xbf,0x0a,0xac,0xac,0xe4,0x5e,0xc8,0xd0,0x38,0xf3,0x08,0xa1,0x64,0xda,0xd0,0x8e,0x4a,0xf0,0x75,0x4b,0x28,0xe2,0x67,0xaf,0x2c,0x22,0xed,0xa4,0x7b,0x7b,0x1f,0x79,0xa3,0x34,0x82,0x67,0x8b,0x01,0xb7,0xb0,0xb8,0xf6,0x4c,0xbd,0x73,0x1a,0x99,0x21,0xa8,0x83,0xc3,0x7a,0x0c,0x32,0xdf,0x01,0xbc,0x27,0xab,0x63,0x70,0x77,0x84,0x1b,0x33,0x3d,0xc1,0x99,0x8a,0x07,0xeb,0x82,0x4a,0x0d,0x53}, + {0x25,0x48,0xf9,0xe1,0x30,0x36,0x4c,0x00,0x5a,0x53,0xab,0x8c,0x26,0x78,0x2d,0x7e,0x8b,0xff,0x84,0xcc,0x23,0x23,0x48,0xc7,0xb9,0x70,0x17,0x10,0x3f,0x75,0xea,0x65,0x9e,0xbf,0x9a,0x6c,0x45,0x73,0x69,0x6d,0x80,0xa8,0x00,0x49,0xfc,0xb2,0x7f,0x25,0x50,0xb8,0xcf,0xc8,0x12,0xf4,0xac,0x2b,0x5b,0xbd,0xbf,0x0c,0xe0,0xe7,0xb3,0x0d,0x63,0x63,0x09,0xe2,0x3e,0xfc,0x66,0x3d,0x6b,0xcb,0xb5,0x61,0x7f,0x2c,0xd6,0x81,0x1a,0x3b,0x44,0x13,0x42,0x04,0xbe,0x0f,0xdb,0xa1,0xe1,0x21,0x19,0xec,0xa4,0x02}, + {0xa2,0xb8,0x24,0x3b,0x9a,0x25,0xe6,0x5c,0xb8,0xa0,0xaf,0x45,0xcc,0x7a,0x57,0xb8,0x37,0x70,0xa0,0x8b,0xe8,0xe6,0xcb,0xcc,0xbf,0x09,0x78,0x12,0x51,0x3c,0x14,0x3d,0x5f,0x79,0xcf,0xf1,0x62,0x61,0xc8,0xf5,0xf2,0x57,0xee,0x26,0x19,0x86,0x8c,0x11,0x78,0x35,0x06,0x1c,0x85,0x24,0x21,0x17,0xcf,0x7f,0x06,0xec,0x5d,0x2b,0xd1,0x36,0x57,0x45,0x15,0x79,0x91,0x27,0x6d,0x12,0x0a,0x3a,0x78,0xfc,0x5c,0x8f,0xe4,0xd5,0xac,0x9b,0x17,0xdf,0xe8,0xb6,0xbd,0x36,0x59,0x28,0xa8,0x5b,0x88,0x17,0xf5,0x2e}, + {0xdc,0xae,0x58,0x8c,0x4e,0x97,0x37,0x46,0xa4,0x41,0xf0,0xab,0xfb,0x22,0xef,0xb9,0x8a,0x71,0x80,0xe9,0x56,0xd9,0x85,0xe1,0xa6,0xa8,0x43,0xb1,0xfa,0x78,0x1b,0x2f,0x51,0x2f,0x5b,0x30,0xfb,0xbf,0xee,0x96,0xb8,0x96,0x95,0x88,0xad,0x38,0xf9,0xd3,0x25,0xdd,0xd5,0x46,0xc7,0x2d,0xf5,0xf0,0x95,0x00,0x3a,0xbb,0x90,0x82,0x96,0x57,0x01,0xe1,0x20,0x0a,0x43,0xb8,0x1a,0xf7,0x47,0xec,0xf0,0x24,0x8d,0x65,0x93,0xf3,0xd1,0xee,0xe2,0x6e,0xa8,0x09,0x75,0xcf,0xe1,0xa3,0x2a,0xdc,0x35,0x3e,0xc4,0x7d}, + {0xc3,0xd9,0x7d,0x88,0x65,0x66,0x96,0x85,0x55,0x53,0xb0,0x4b,0x31,0x9b,0x0f,0xc9,0xb1,0x79,0x20,0xef,0xf8,0x8d,0xe0,0xc6,0x2f,0xc1,0x8c,0x75,0x16,0x20,0xf7,0x7e,0x18,0x97,0x3e,0x27,0x5c,0x2a,0x78,0x5a,0x94,0xfd,0x4e,0x5e,0x99,0xc6,0x76,0x35,0x3e,0x7d,0x23,0x1f,0x05,0xd8,0x2e,0x0f,0x99,0x0a,0xd5,0x82,0x1d,0xb8,0x4f,0x04,0xd9,0xe3,0x07,0xa9,0xc5,0x18,0xdf,0xc1,0x59,0x63,0x4c,0xce,0x1d,0x37,0xb3,0x57,0x49,0xbb,0x01,0xb2,0x34,0x45,0x70,0xca,0x2e,0xdd,0x30,0x9c,0x3f,0x82,0x79,0x7f}, + {0xe8,0x13,0xb5,0xa3,0x39,0xd2,0x34,0x83,0xd8,0xa8,0x1f,0xb9,0xd4,0x70,0x36,0xc1,0x33,0xbd,0x90,0xf5,0x36,0x41,0xb5,0x12,0xb4,0xd9,0x84,0xd7,0x73,0x03,0x4e,0x0a,0xba,0x87,0xf5,0x68,0xf0,0x1f,0x9c,0x6a,0xde,0xc8,0x50,0x00,0x4e,0x89,0x27,0x08,0xe7,0x5b,0xed,0x7d,0x55,0x99,0xbf,0x3c,0xf0,0xd6,0x06,0x1c,0x43,0xb0,0xa9,0x64,0x19,0x29,0x7d,0x5b,0xa1,0xd6,0xb3,0x2e,0x35,0x82,0x3a,0xd5,0xa0,0xf6,0xb4,0xb0,0x47,0x5d,0xa4,0x89,0x43,0xce,0x56,0x71,0x6c,0x34,0x18,0xce,0x0a,0x7d,0x1a,0x07}, + {0x0b,0xba,0x87,0xc8,0xaa,0x2d,0x07,0xd3,0xee,0x62,0xa5,0xbf,0x05,0x29,0x26,0x01,0x8b,0x76,0xef,0xc0,0x02,0x30,0x54,0xcf,0x9c,0x7e,0xea,0x46,0x71,0xcc,0x3b,0x2c,0x31,0x44,0xe1,0x20,0x52,0x35,0x0c,0xcc,0x41,0x51,0xb1,0x09,0x07,0x95,0x65,0x0d,0x36,0x5f,0x9d,0x20,0x1b,0x62,0xf5,0x9a,0xd3,0x55,0x77,0x61,0xf7,0xbc,0x69,0x7c,0x5f,0x29,0xe8,0x04,0xeb,0xd7,0xf0,0x07,0x7d,0xf3,0x50,0x2f,0x25,0x18,0xdb,0x10,0xd7,0x98,0x17,0x17,0xa3,0xa9,0x51,0xe9,0x1d,0xa5,0xac,0x22,0x73,0x9a,0x5a,0x6f}, + {0xc5,0xc6,0x41,0x2f,0x0c,0x00,0xa1,0x8b,0x9b,0xfb,0xfe,0x0c,0xc1,0x79,0x9f,0xc4,0x9f,0x1c,0xc5,0x3c,0x70,0x47,0xfa,0x4e,0xca,0xaf,0x47,0xe1,0xa2,0x21,0x4e,0x49,0xbe,0x44,0xd9,0xa3,0xeb,0xd4,0x29,0xe7,0x9e,0xaf,0x78,0x80,0x40,0x09,0x9e,0x8d,0x03,0x9c,0x86,0x47,0x7a,0x56,0x25,0x45,0x24,0x3b,0x8d,0xee,0x80,0x96,0xab,0x02,0x9a,0x0d,0xe5,0xdd,0x85,0x8a,0xa4,0xef,0x49,0xa2,0xb9,0x0f,0x4e,0x22,0x9a,0x21,0xd9,0xf6,0x1e,0xd9,0x1d,0x1f,0x09,0xfa,0x34,0xbb,0x46,0xea,0xcb,0x76,0x5d,0x6b}, + {0x94,0xd9,0x0c,0xec,0x6c,0x55,0x57,0x88,0xba,0x1d,0xd0,0x5c,0x6f,0xdc,0x72,0x64,0x77,0xb4,0x42,0x8f,0x14,0x69,0x01,0xaf,0x54,0x73,0x27,0x85,0xf6,0x33,0xe3,0x0a,0x22,0x25,0x78,0x1e,0x17,0x41,0xf9,0xe0,0xd3,0x36,0x69,0x03,0x74,0xae,0xe6,0xf1,0x46,0xc7,0xfc,0xd0,0xa2,0x3e,0x8b,0x40,0x3e,0x31,0xdd,0x03,0x9c,0x86,0xfb,0x16,0x62,0x09,0xb6,0x33,0x97,0x19,0x8e,0x28,0x33,0xe1,0xab,0xd8,0xb4,0x72,0xfc,0x24,0x3e,0xd0,0x91,0x09,0xed,0xf7,0x11,0x48,0x75,0xd0,0x70,0x8f,0x8b,0xe3,0x81,0x3f}, + {0xfe,0xaf,0xd9,0x7e,0xcc,0x0f,0x91,0x7f,0x4b,0x87,0x65,0x24,0xa1,0xb8,0x5c,0x54,0x04,0x47,0x0c,0x4b,0xd2,0x7e,0x39,0xa8,0x93,0x09,0xf5,0x04,0xc1,0x0f,0x51,0x50,0x24,0xc8,0x17,0x5f,0x35,0x7f,0xdb,0x0a,0xa4,0x99,0x42,0xd7,0xc3,0x23,0xb9,0x74,0xf7,0xea,0xf8,0xcb,0x8b,0x3e,0x7c,0xd5,0x3d,0xdc,0xde,0x4c,0xd3,0xe2,0xd3,0x0a,0x9d,0x24,0x6e,0x33,0xc5,0x0f,0x0c,0x6f,0xd9,0xcf,0x31,0xc3,0x19,0xde,0x5e,0x74,0x1c,0xfe,0xee,0x09,0x00,0xfd,0xd6,0xf2,0xbe,0x1e,0xfa,0xf0,0x8b,0x15,0x7c,0x12}, + {0xa2,0x79,0x98,0x2e,0x42,0x7c,0x19,0xf6,0x47,0x36,0xca,0x52,0xd4,0xdd,0x4a,0xa4,0xcb,0xac,0x4e,0x4b,0xc1,0x3f,0x41,0x9b,0x68,0x4f,0xef,0x07,0x7d,0xf8,0x4e,0x35,0x74,0xb9,0x51,0xae,0xc4,0x8f,0xa2,0xde,0x96,0xfe,0x4d,0x74,0xd3,0x73,0x99,0x1d,0xa8,0x48,0x38,0x87,0x0b,0x68,0x40,0x62,0x95,0xdf,0x67,0xd1,0x79,0x24,0xd8,0x4e,0x75,0xd9,0xc5,0x60,0x22,0xb5,0xe3,0xfe,0xb8,0xb0,0x41,0xeb,0xfc,0x2e,0x35,0x50,0x3c,0x65,0xf6,0xa9,0x30,0xac,0x08,0x88,0x6d,0x23,0x39,0x05,0xd2,0x92,0x2d,0x30}, + {0x3d,0x28,0xa4,0xbc,0xa2,0xc1,0x13,0x78,0xd9,0x3d,0x86,0xa1,0x91,0xf0,0x62,0xed,0x86,0xfa,0x68,0xc2,0xb8,0xbc,0xc7,0xae,0x4c,0xae,0x1c,0x6f,0xb7,0xd3,0xe5,0x10,0x77,0xf1,0xe0,0xe4,0xb6,0x6f,0xbc,0x2d,0x93,0x6a,0xbd,0xa4,0x29,0xbf,0xe1,0x04,0xe8,0xf6,0x7a,0x78,0xd4,0x66,0x19,0x5e,0x60,0xd0,0x26,0xb4,0x5e,0x5f,0xdc,0x0e,0x67,0x8e,0xda,0x53,0xd6,0xbf,0x53,0x54,0x41,0xf6,0xa9,0x24,0xec,0x1e,0xdc,0xe9,0x23,0x8a,0x57,0x03,0x3b,0x26,0x87,0xbf,0x72,0xba,0x1c,0x36,0x51,0x6c,0xb4,0x45}, + {0xa1,0x7f,0x4f,0x31,0xbf,0x2a,0x40,0xa9,0x50,0xf4,0x8c,0x8e,0xdc,0xf1,0x57,0xe2,0x84,0xbe,0xa8,0x23,0x4b,0xd5,0xbb,0x1d,0x3b,0x71,0xcb,0x6d,0xa3,0xbf,0x77,0x21,0xe4,0xe3,0x7f,0x8a,0xdd,0x4d,0x9d,0xce,0x30,0x0e,0x62,0x76,0x56,0x64,0x13,0xab,0x58,0x99,0x0e,0xb3,0x7b,0x4f,0x59,0x4b,0xdf,0x29,0x12,0x32,0xef,0x0a,0x1c,0x5c,0x8f,0xdb,0x79,0xfa,0xbc,0x1b,0x08,0x37,0xb3,0x59,0x5f,0xc2,0x1e,0x81,0x48,0x60,0x87,0x24,0x83,0x9c,0x65,0x76,0x7a,0x08,0xbb,0xb5,0x8a,0x7d,0x38,0x19,0xe6,0x4a}, + {0x2e,0xa3,0x44,0x53,0xaa,0xf6,0xdb,0x8d,0x78,0x40,0x1b,0xb4,0xb4,0xea,0x88,0x7d,0x60,0x0d,0x13,0x4a,0x97,0xeb,0xb0,0x5e,0x03,0x3e,0xbf,0x17,0x1b,0xd9,0x00,0x1a,0x83,0xfb,0x5b,0x98,0x44,0x7e,0x11,0x61,0x36,0x31,0x96,0x71,0x2a,0x46,0xe0,0xfc,0x4b,0x90,0x25,0xd4,0x48,0x34,0xac,0x83,0x64,0x3d,0xa4,0x5b,0xbe,0x5a,0x68,0x75,0xb2,0xf2,0x61,0xeb,0x33,0x09,0x96,0x6e,0x52,0x49,0xff,0xc9,0xa8,0x0f,0x3d,0x54,0x69,0x65,0xf6,0x7a,0x10,0x75,0x72,0xdf,0xaa,0xe6,0xb0,0x23,0xb6,0x29,0x55,0x13}, + {0x18,0xd5,0xd1,0xad,0xd7,0xdb,0xf0,0x18,0x11,0x1f,0xc1,0xcf,0x88,0x78,0x9f,0x97,0x9b,0x75,0x14,0x71,0xf0,0xe1,0x32,0x87,0x01,0x3a,0xca,0x65,0x1a,0xb8,0xb5,0x79,0xfe,0x83,0x2e,0xe2,0xbc,0x16,0xc7,0xf5,0xc1,0x85,0x09,0xe8,0x19,0xeb,0x2b,0xb4,0xae,0x4a,0x25,0x14,0x37,0xa6,0x9d,0xec,0x13,0xa6,0x90,0x15,0x05,0xea,0x72,0x59,0x11,0x78,0x8f,0xdc,0x20,0xac,0xd4,0x0f,0xa8,0x4f,0x4d,0xac,0x94,0xd2,0x9a,0x9a,0x34,0x04,0x36,0xb3,0x64,0x2d,0x1b,0xc0,0xdb,0x3b,0x5f,0x90,0x95,0x9c,0x7e,0x4f}, + {0x2e,0x30,0x81,0x57,0xbc,0x4b,0x67,0x62,0x0f,0xdc,0xad,0x89,0x39,0x0f,0x52,0xd8,0xc6,0xd9,0xfb,0x53,0xae,0x99,0x29,0x8c,0x4c,0x8e,0x63,0x2e,0xd9,0x3a,0x99,0x31,0xfe,0x99,0x52,0x35,0x3d,0x44,0xc8,0x71,0xd7,0xea,0xeb,0xdb,0x1c,0x3b,0xcd,0x8b,0x66,0x94,0xa4,0xf1,0x9e,0x49,0x92,0x80,0xc8,0xad,0x44,0xa1,0xc4,0xee,0x42,0x19,0x92,0x49,0x23,0xae,0x19,0x53,0xac,0x7d,0x92,0x3e,0xea,0x0c,0x91,0x3d,0x1b,0x2c,0x22,0x11,0x3c,0x25,0x94,0xe4,0x3c,0x55,0x75,0xca,0xf9,0x4e,0x31,0x65,0x0a,0x2a}, + {0xc2,0x27,0xf9,0xf7,0x7f,0x93,0xb7,0x2d,0x35,0xa6,0xd0,0x17,0x06,0x1f,0x74,0xdb,0x76,0xaf,0x55,0x11,0xa2,0xf3,0x82,0x59,0xed,0x2d,0x7c,0x64,0x18,0xe2,0xf6,0x4c,0x3a,0x79,0x1c,0x3c,0xcd,0x1a,0x36,0xcf,0x3b,0xbc,0x35,0x5a,0xac,0xbc,0x9e,0x2f,0xab,0xa6,0xcd,0xa8,0xe9,0x60,0xe8,0x60,0x13,0x1a,0xea,0x6d,0x9b,0xc3,0x5d,0x05,0xb6,0x5b,0x8d,0xc2,0x7c,0x22,0x19,0xb1,0xab,0xff,0x4d,0x77,0xbc,0x4e,0xe2,0x07,0x89,0x2c,0xa3,0xe4,0xce,0x78,0x3c,0xa8,0xb6,0x24,0xaa,0x10,0x77,0x30,0x1a,0x12}, + {0x97,0x4a,0x03,0x9f,0x5e,0x5d,0xdb,0xe4,0x2d,0xbc,0x34,0x30,0x09,0xfc,0x53,0xe1,0xb1,0xd3,0x51,0x95,0x91,0x46,0x05,0x46,0x2d,0xe5,0x40,0x7a,0x6c,0xc7,0x3f,0x33,0xc9,0x83,0x74,0xc7,0x3e,0x71,0x59,0xd6,0xaf,0x96,0x2b,0xb8,0x77,0xe0,0xbf,0x88,0xd3,0xbc,0x97,0x10,0x23,0x28,0x9e,0x28,0x9b,0x3a,0xed,0x6c,0x4a,0xb9,0x7b,0x52,0x2e,0x48,0x5b,0x99,0x2a,0x99,0x3d,0x56,0x01,0x38,0x38,0x6e,0x7c,0xd0,0x05,0x34,0xe5,0xd8,0x64,0x2f,0xde,0x35,0x50,0x48,0xf7,0xa9,0xa7,0x20,0x9b,0x06,0x89,0x6b}, + {0x0d,0x22,0x70,0x62,0x41,0xa0,0x2a,0x81,0x4e,0x5b,0x24,0xf9,0xfa,0x89,0x5a,0x99,0x05,0xef,0x72,0x50,0xce,0xc4,0xad,0xff,0x73,0xeb,0x73,0xaa,0x03,0x21,0xbc,0x23,0x77,0xdb,0xc7,0xb5,0x8c,0xfa,0x82,0x40,0x55,0xc1,0x34,0xc7,0xf8,0x86,0x86,0x06,0x7e,0xa5,0xe7,0xf6,0xd9,0xc8,0xe6,0x29,0xcf,0x9b,0x63,0xa7,0x08,0xd3,0x73,0x04,0x05,0x9e,0x58,0x03,0x26,0x79,0xee,0xca,0x92,0xc4,0xdc,0x46,0x12,0x42,0x4b,0x2b,0x4f,0xa9,0x01,0xe6,0x74,0xef,0xa1,0x02,0x1a,0x34,0x04,0xde,0xbf,0x73,0x2f,0x10}, + {0xc6,0x45,0x57,0x7f,0xab,0xb9,0x18,0xeb,0x90,0xc6,0x87,0x57,0xee,0x8a,0x3a,0x02,0xa9,0xaf,0xf7,0x2d,0xda,0x12,0x27,0xb7,0x3d,0x01,0x5c,0xea,0x25,0x7d,0x59,0x36,0x9a,0x1c,0x51,0xb5,0xe0,0xda,0xb4,0xa2,0x06,0xff,0xff,0x2b,0x29,0x60,0xc8,0x7a,0x34,0x42,0x50,0xf5,0x5d,0x37,0x1f,0x98,0x2d,0xa1,0x4e,0xda,0x25,0xd7,0x6b,0x3f,0xac,0x58,0x60,0x10,0x7b,0x8d,0x4d,0x73,0x5f,0x90,0xc6,0x6f,0x9e,0x57,0x40,0xd9,0x2d,0x93,0x02,0x92,0xf9,0xf8,0x66,0x64,0xd0,0xd6,0x60,0xda,0x19,0xcc,0x7e,0x7b}, + {0x0d,0x69,0x5c,0x69,0x3c,0x37,0xc2,0x78,0x6e,0x90,0x42,0x06,0x66,0x2e,0x25,0xdd,0xd2,0x2b,0xe1,0x4a,0x44,0x44,0x1d,0x95,0x56,0x39,0x74,0x01,0x76,0xad,0x35,0x42,0x9b,0xfa,0x7c,0xa7,0x51,0x4a,0xae,0x6d,0x50,0x86,0xa3,0xe7,0x54,0x36,0x26,0x82,0xdb,0x82,0x2d,0x8f,0xcd,0xff,0xbb,0x09,0xba,0xca,0xf5,0x1b,0x66,0xdc,0xbe,0x03,0xf5,0x75,0x89,0x07,0x0d,0xcb,0x58,0x62,0x98,0xf2,0x89,0x91,0x54,0x42,0x29,0x49,0xe4,0x6e,0xe3,0xe2,0x23,0xb4,0xca,0xa0,0xa1,0x66,0xf0,0xcd,0xb0,0xe2,0x7c,0x0e}, + {0xa3,0x85,0x8c,0xc4,0x3a,0x64,0x94,0xc4,0xad,0x39,0x61,0x3c,0xf4,0x1d,0x36,0xfd,0x48,0x4d,0xe9,0x3a,0xdd,0x17,0xdb,0x09,0x4a,0x67,0xb4,0x8f,0x5d,0x0a,0x6e,0x66,0xf9,0x70,0x4b,0xd9,0xdf,0xfe,0xa6,0xfe,0x2d,0xba,0xfc,0xc1,0x51,0xc0,0x30,0xf1,0x89,0xab,0x2f,0x7f,0x7e,0xd4,0x82,0x48,0xb5,0xee,0xec,0x8a,0x13,0x56,0x52,0x61,0x0d,0xcb,0x70,0x48,0x4e,0xf6,0xbb,0x2a,0x6b,0x8b,0x45,0xaa,0xf0,0xbc,0x65,0xcd,0x5d,0x98,0xe8,0x75,0xba,0x4e,0xbe,0x9a,0xe4,0xde,0x14,0xd5,0x10,0xc8,0x0b,0x7f}, + {0x6f,0x13,0xf4,0x26,0xa4,0x6b,0x00,0xb9,0x35,0x30,0xe0,0x57,0x9e,0x36,0x67,0x8d,0x28,0x3c,0x46,0x4f,0xd9,0xdf,0xc8,0xcb,0xf5,0xdb,0xee,0xf8,0xbc,0x8d,0x1f,0x0d,0xa0,0x13,0x72,0x73,0xad,0x9d,0xac,0x83,0x98,0x2e,0xf7,0x2e,0xba,0xf8,0xf6,0x9f,0x57,0x69,0xec,0x43,0xdd,0x2e,0x1e,0x31,0x75,0xab,0xc5,0xde,0x7d,0x90,0x3a,0x1d,0xdc,0x81,0xd0,0x3e,0x31,0x93,0x16,0xba,0x80,0x34,0x1b,0x85,0xad,0x9f,0x32,0x29,0xcb,0x21,0x03,0x03,0x3c,0x01,0x28,0x01,0xe3,0xfd,0x1b,0xa3,0x44,0x1b,0x01,0x00}, + {0x0c,0x6c,0xc6,0x3f,0x6c,0xa0,0xdf,0x3f,0xd2,0x0d,0xd6,0x4d,0x8e,0xe3,0x40,0x5d,0x71,0x4d,0x8e,0x26,0x38,0x8b,0xe3,0x7a,0xe1,0x57,0x83,0x6e,0x91,0x8d,0xc4,0x3a,0x5c,0xa7,0x0a,0x6a,0x69,0x1f,0x56,0x16,0x6a,0xbd,0x52,0x58,0x5c,0x72,0xbf,0xc1,0xad,0x66,0x79,0x9a,0x7f,0xdd,0xa8,0x11,0x26,0x10,0x85,0xd2,0xa2,0x88,0xd9,0x63,0x2e,0x23,0xbd,0xaf,0x53,0x07,0x12,0x00,0x83,0xf6,0xd8,0xfd,0xb8,0xce,0x2b,0xe9,0x91,0x2b,0xe7,0x84,0xb3,0x69,0x16,0xf8,0x66,0xa0,0x68,0x23,0x2b,0xd5,0xfa,0x33}, + {0x16,0x1e,0xe4,0xc5,0xc6,0x49,0x06,0x54,0x35,0x77,0x3f,0x33,0x30,0x64,0xf8,0x0a,0x46,0xe7,0x05,0xf3,0xd2,0xfc,0xac,0xb2,0xa7,0xdc,0x56,0xa2,0x29,0xf4,0xc0,0x16,0xe8,0xcf,0x22,0xc4,0xd0,0xc8,0x2c,0x8d,0xcb,0x3a,0xa1,0x05,0x7b,0x4f,0x2b,0x07,0x6f,0xa5,0xf6,0xec,0xe6,0xb6,0xfe,0xa3,0xe2,0x71,0x0a,0xb9,0xcc,0x55,0xc3,0x3c,0x31,0x91,0x3e,0x90,0x43,0x94,0xb6,0xe9,0xce,0x37,0x56,0x7a,0xcb,0x94,0xa4,0xb8,0x44,0x92,0xba,0xba,0xa4,0xd1,0x7c,0xc8,0x68,0x75,0xae,0x6b,0x42,0xaf,0x1e,0x63}, + {0x9f,0xfe,0x66,0xda,0x10,0x04,0xe9,0xb3,0xa6,0xe5,0x16,0x6c,0x52,0x4b,0xdd,0x85,0x83,0xbf,0xf9,0x1e,0x61,0x97,0x3d,0xbc,0xb5,0x19,0xa9,0x1e,0x8b,0x64,0x99,0x55,0xe8,0x0d,0x70,0xa3,0xb9,0x75,0xd9,0x47,0x52,0x05,0xf8,0xe2,0xfb,0xc5,0x80,0x72,0xe1,0x5d,0xe4,0x32,0x27,0x8f,0x65,0x53,0xb5,0x80,0x5f,0x66,0x7f,0x2c,0x1f,0x43,0x19,0x7b,0x8f,0x85,0x44,0x63,0x02,0xd6,0x4a,0x51,0xea,0xa1,0x2f,0x35,0xab,0x14,0xd7,0xa9,0x90,0x20,0x1a,0x44,0x00,0x89,0x26,0x3b,0x25,0x91,0x5f,0x71,0x04,0x7b}, + {0x43,0xae,0xf6,0xac,0x28,0xbd,0xed,0x83,0xb4,0x7a,0x5c,0x7d,0x8b,0x7c,0x35,0x86,0x44,0x2c,0xeb,0xb7,0x69,0x47,0x40,0xc0,0x3f,0x58,0xf6,0xc2,0xf5,0x7b,0xb3,0x59,0xc6,0xba,0xe6,0xc4,0x80,0xc2,0x76,0xb3,0x0b,0x9b,0x1d,0x6d,0xdd,0xd3,0x0e,0x97,0x44,0xf9,0x0b,0x45,0x58,0x95,0x9a,0xb0,0x23,0xe2,0xcd,0x57,0xfa,0xac,0xd0,0x48,0x71,0xe6,0xab,0x7d,0xe4,0x26,0x0f,0xb6,0x37,0x3a,0x2f,0x62,0x97,0xa1,0xd1,0xf1,0x94,0x03,0x96,0xe9,0x7e,0xce,0x08,0x42,0xdb,0x3b,0x6d,0x33,0x91,0x41,0x23,0x16}, + {0xf6,0x7f,0x26,0xf6,0xde,0x99,0xe4,0xb9,0x43,0x08,0x2c,0x74,0x7b,0xca,0x72,0x77,0xb1,0xf2,0xa4,0xe9,0x3f,0x15,0xa0,0x23,0x06,0x50,0xd0,0xd5,0xec,0xdf,0xdf,0x2c,0x40,0x86,0xf3,0x1f,0xd6,0x9c,0x49,0xdd,0xa0,0x25,0x36,0x06,0xc3,0x9b,0xcd,0x29,0xc3,0x3d,0xd7,0x3d,0x02,0xd8,0xe2,0x51,0x31,0x92,0x3b,0x20,0x7a,0x70,0x25,0x4a,0x6a,0xed,0xf6,0x53,0x8a,0x66,0xb7,0x2a,0xa1,0x70,0xd1,0x1d,0x58,0x42,0x42,0x30,0x61,0x01,0xe2,0x3a,0x4c,0x14,0x00,0x40,0xfc,0x49,0x8e,0x24,0x6d,0x89,0x21,0x57}, + {0xae,0x1b,0x18,0xfd,0x17,0x55,0x6e,0x0b,0xb4,0x63,0xb9,0x2b,0x9f,0x62,0x22,0x90,0x25,0x46,0x06,0x32,0xe9,0xbc,0x09,0x55,0xda,0x13,0x3c,0xf6,0x74,0xdd,0x8e,0x57,0x4e,0xda,0xd0,0xa1,0x91,0x50,0x5d,0x28,0x08,0x3e,0xfe,0xb5,0xa7,0x6f,0xaa,0x4b,0xb3,0x93,0x93,0xe1,0x7c,0x17,0xe5,0x63,0xfd,0x30,0xb0,0xc4,0xaf,0x35,0xc9,0x03,0x3d,0x0c,0x2b,0x49,0xc6,0x76,0x72,0x99,0xfc,0x05,0xe2,0xdf,0xc4,0xc2,0xcc,0x47,0x3c,0x3a,0x62,0xdd,0x84,0x9b,0xd2,0xdc,0xa2,0xc7,0x88,0x02,0x59,0xab,0xc2,0x3e}, + {0xb9,0x7b,0xd8,0xe4,0x7b,0xd2,0xa0,0xa1,0xed,0x1a,0x39,0x61,0xeb,0x4d,0x8b,0xa9,0x83,0x9b,0xcb,0x73,0xd0,0xdd,0xa0,0x99,0xce,0xca,0x0f,0x20,0x5a,0xc2,0xd5,0x2d,0xcb,0xd1,0x32,0xae,0x09,0x3a,0x21,0xa7,0xd5,0xc2,0xf5,0x40,0xdf,0x87,0x2b,0x0f,0x29,0xab,0x1e,0xe8,0xc6,0xa4,0xae,0x0b,0x5e,0xac,0xdb,0x6a,0x6c,0xf6,0x1b,0x0e,0x7e,0x88,0x2c,0x79,0xe9,0xd5,0xab,0xe2,0x5d,0x6d,0x92,0xcb,0x18,0x00,0x02,0x1a,0x1e,0x5f,0xae,0xba,0xcd,0x69,0xba,0xbf,0x5f,0x8f,0xe8,0x5a,0xb3,0x48,0x05,0x73}, + {0xee,0xb8,0xa8,0xcb,0xa3,0x51,0x35,0xc4,0x16,0x5f,0x11,0xb2,0x1d,0x6f,0xa2,0x65,0x50,0x38,0x8c,0xab,0x52,0x4f,0x0f,0x76,0xca,0xb8,0x1d,0x41,0x3b,0x44,0x43,0x30,0x34,0xe3,0xd6,0xa1,0x4b,0x09,0x5b,0x80,0x19,0x3f,0x35,0x09,0x77,0xf1,0x3e,0xbf,0x2b,0x70,0x22,0x06,0xcb,0x06,0x3f,0x42,0xdd,0x45,0x78,0xd8,0x77,0x22,0x5a,0x58,0x62,0x89,0xd4,0x33,0x82,0x5f,0x8a,0xa1,0x7f,0x25,0x78,0xec,0xb5,0xc4,0x98,0x66,0xff,0x41,0x3e,0x37,0xa5,0x6f,0x8e,0xa7,0x1f,0x98,0xef,0x50,0x89,0x27,0x56,0x76}, + {0xc0,0xc8,0x1f,0xd5,0x59,0xcf,0xc3,0x38,0xf2,0xb6,0x06,0x05,0xfd,0xd2,0xed,0x9b,0x8f,0x0e,0x57,0xab,0x9f,0x10,0xbf,0x26,0xa6,0x46,0xb8,0xc1,0xa8,0x60,0x41,0x3f,0x9d,0xcf,0x86,0xea,0xa3,0x73,0x70,0xe1,0xdc,0x5f,0x15,0x07,0xb7,0xfb,0x8c,0x3a,0x8e,0x8a,0x83,0x31,0xfc,0xe7,0x53,0x48,0x16,0xf6,0x13,0xb6,0x84,0xf4,0xbb,0x28,0x7c,0x6c,0x13,0x6f,0x5c,0x2f,0x61,0xf2,0xbe,0x11,0xdd,0xf6,0x07,0xd1,0xea,0xaf,0x33,0x6f,0xde,0x13,0xd2,0x9a,0x7e,0x52,0x5d,0xf7,0x88,0x81,0x35,0xcb,0x79,0x1e}, + {0xf1,0xe3,0xf7,0xee,0xc3,0x36,0x34,0x01,0xf8,0x10,0x9e,0xfe,0x7f,0x6a,0x8b,0x82,0xfc,0xde,0xf9,0xbc,0xe5,0x08,0xf9,0x7f,0x31,0x38,0x3b,0x3a,0x1b,0x95,0xd7,0x65,0x81,0x81,0xe0,0xf5,0xd8,0x53,0xe9,0x77,0xd9,0xde,0x9d,0x29,0x44,0x0c,0xa5,0x84,0xe5,0x25,0x45,0x86,0x0c,0x2d,0x6c,0xdc,0xf4,0xf2,0xd1,0x39,0x2d,0xb5,0x8a,0x47,0x59,0xd1,0x52,0x92,0xd3,0xa4,0xa6,0x66,0x07,0xc8,0x1a,0x87,0xbc,0xe1,0xdd,0xe5,0x6f,0xc9,0xc1,0xa6,0x40,0x6b,0x2c,0xb8,0x14,0x22,0x21,0x1a,0x41,0x7a,0xd8,0x16}, + {0x15,0x62,0x06,0x42,0x5a,0x7e,0xbd,0xb3,0xc1,0x24,0x5a,0x0c,0xcd,0xe3,0x9b,0x87,0xb7,0x94,0xf9,0xd6,0xb1,0x5d,0xc0,0x57,0xa6,0x8c,0xf3,0x65,0x81,0x7c,0xf8,0x28,0x83,0x05,0x4e,0xd5,0xe2,0xd5,0xa4,0xfb,0xfa,0x99,0xbd,0x2e,0xd7,0xaf,0x1f,0xe2,0x8f,0x77,0xe9,0x6e,0x73,0xc2,0x7a,0x49,0xde,0x6d,0x5a,0x7a,0x57,0x0b,0x99,0x1f,0xd6,0xf7,0xe8,0x1b,0xad,0x4e,0x34,0xa3,0x8f,0x79,0xea,0xac,0xeb,0x50,0x1e,0x7d,0x52,0xe0,0x0d,0x52,0x9e,0x56,0xc6,0x77,0x3e,0x6d,0x4d,0x53,0xe1,0x2f,0x88,0x45}, + {0xd6,0x83,0x79,0x75,0x5d,0x34,0x69,0x66,0xa6,0x11,0xaa,0x17,0x11,0xed,0xb6,0x62,0x8f,0x12,0x5e,0x98,0x57,0x18,0xdd,0x7d,0xdd,0xf6,0x26,0xf6,0xb8,0xe5,0x8f,0x68,0xe4,0x6f,0x3c,0x94,0x29,0x99,0xac,0xd8,0xa2,0x92,0x83,0xa3,0x61,0xf1,0xf9,0xb5,0xf3,0x9a,0xc8,0xbe,0x13,0xdb,0x99,0x26,0x74,0xf0,0x05,0xe4,0x3c,0x84,0xcf,0x7d,0xc0,0x32,0x47,0x4a,0x48,0xd6,0x90,0x6c,0x99,0x32,0x56,0xca,0xfd,0x43,0x21,0xd5,0xe1,0xc6,0x5d,0x91,0xc3,0x28,0xbe,0xb3,0x1b,0x19,0x27,0x73,0x7e,0x68,0x39,0x67}, + {0xa6,0x75,0x56,0x38,0x14,0x20,0x78,0xef,0xe8,0xa9,0xfd,0xaa,0x30,0x9f,0x64,0xa2,0xcb,0xa8,0xdf,0x5c,0x50,0xeb,0xd1,0x4c,0xb3,0xc0,0x4d,0x1d,0xba,0x5a,0x11,0x46,0xc0,0x1a,0x0c,0xc8,0x9d,0xcc,0x6d,0xa6,0x36,0xa4,0x38,0x1b,0xf4,0x5c,0xa0,0x97,0xc6,0xd7,0xdb,0x95,0xbe,0xf3,0xeb,0xa7,0xab,0x7d,0x7e,0x8d,0xf6,0xb8,0xa0,0x7d,0x76,0xda,0xb5,0xc3,0x53,0x19,0x0f,0xd4,0x9b,0x9e,0x11,0x21,0x73,0x6f,0xac,0x1d,0x60,0x59,0xb2,0xfe,0x21,0x60,0xcc,0x03,0x4b,0x4b,0x67,0x83,0x7e,0x88,0x5f,0x5a}, + {0x11,0x3d,0xa1,0x70,0xcf,0x01,0x63,0x8f,0xc4,0xd0,0x0d,0x35,0x15,0xb8,0xce,0xcf,0x7e,0xa4,0xbc,0xa4,0xd4,0x97,0x02,0xf7,0x34,0x14,0x4d,0xe4,0x56,0xb6,0x69,0x36,0xb9,0x43,0xa6,0xa0,0xd3,0x28,0x96,0x9e,0x64,0x20,0xc3,0xe6,0x00,0xcb,0xc3,0xb5,0x32,0xec,0x2d,0x7c,0x89,0x02,0x53,0x9b,0x0c,0xc7,0xd1,0xd5,0xe2,0x7a,0xe3,0x43,0x33,0xe1,0xa6,0xed,0x06,0x3f,0x7e,0x38,0xc0,0x3a,0xa1,0x99,0x51,0x1d,0x30,0x67,0x11,0x38,0x26,0x36,0xf8,0xd8,0x5a,0xbd,0xbe,0xe9,0xd5,0x4f,0xcd,0xe6,0x21,0x6a}, + {0x5f,0xe6,0x46,0x30,0x0a,0x17,0xc6,0xf1,0x24,0x35,0xd2,0x00,0x2a,0x2a,0x71,0x58,0x55,0xb7,0x82,0x8c,0x3c,0xbd,0xdb,0x69,0x57,0xff,0x95,0xa1,0xf1,0xf9,0x6b,0x58,0xe3,0xb2,0x99,0x66,0x12,0x29,0x41,0xef,0x01,0x13,0x8d,0x70,0x47,0x08,0xd3,0x71,0xbd,0xb0,0x82,0x11,0xd0,0x32,0x54,0x32,0x36,0x8b,0x1e,0x00,0x07,0x1b,0x37,0x45,0x0b,0x79,0xf8,0x5e,0x8d,0x08,0xdb,0xa6,0xe5,0x37,0x09,0x61,0xdc,0xf0,0x78,0x52,0xb8,0x6e,0xa1,0x61,0xd2,0x49,0x03,0xac,0x79,0x21,0xe5,0x90,0x37,0xb0,0xaf,0x0e}, + {0x2f,0x04,0x48,0x37,0xc1,0x55,0x05,0x96,0x11,0xaa,0x0b,0x82,0xe6,0x41,0x9a,0x21,0x0c,0x6d,0x48,0x73,0x38,0xf7,0x81,0x1c,0x61,0xc6,0x02,0x5a,0x67,0xcc,0x9a,0x30,0x1d,0xae,0x75,0x0f,0x5e,0x80,0x40,0x51,0x30,0xcc,0x62,0x26,0xe3,0xfb,0x02,0xec,0x6d,0x39,0x92,0xea,0x1e,0xdf,0xeb,0x2c,0xb3,0x5b,0x43,0xc5,0x44,0x33,0xae,0x44,0xee,0x43,0xa5,0xbb,0xb9,0x89,0xf2,0x9c,0x42,0x71,0xc9,0x5a,0x9d,0x0e,0x76,0xf3,0xaa,0x60,0x93,0x4f,0xc6,0xe5,0x82,0x1d,0x8f,0x67,0x94,0x7f,0x1b,0x22,0xd5,0x62}, + {0x6d,0x93,0xd0,0x18,0x9c,0x29,0x4c,0x52,0x0c,0x1a,0x0c,0x8a,0x6c,0xb5,0x6b,0xc8,0x31,0x86,0x4a,0xdb,0x2e,0x05,0x75,0xa3,0x62,0x45,0x75,0xbc,0xe4,0xfd,0x0e,0x5c,0x3c,0x7a,0xf7,0x3a,0x26,0xd4,0x85,0x75,0x4d,0x14,0xe9,0xfe,0x11,0x7b,0xae,0xdf,0x3d,0x19,0xf7,0x59,0x80,0x70,0x06,0xa5,0x37,0x20,0x92,0x83,0x53,0x9a,0xf2,0x14,0xf5,0xd7,0xb2,0x25,0xdc,0x7e,0x71,0xdf,0x40,0x30,0xb5,0x99,0xdb,0x70,0xf9,0x21,0x62,0x4c,0xed,0xc3,0xb7,0x34,0x92,0xda,0x3e,0x09,0xee,0x7b,0x5c,0x36,0x72,0x5e}, + {0x7f,0x21,0x71,0x45,0x07,0xfc,0x5b,0x57,0x5b,0xd9,0x94,0x06,0x5d,0x67,0x79,0x37,0x33,0x1e,0x19,0xf4,0xbb,0x37,0x0a,0x9a,0xbc,0xea,0xb4,0x47,0x4c,0x10,0xf1,0x77,0x3e,0xb3,0x08,0x2f,0x06,0x39,0x93,0x7d,0xbe,0x32,0x9f,0xdf,0xe5,0x59,0x96,0x5b,0xfd,0xbd,0x9e,0x1f,0xad,0x3d,0xff,0xac,0xb7,0x49,0x73,0xcb,0x55,0x05,0xb2,0x70,0x4c,0x2c,0x11,0x55,0xc5,0x13,0x51,0xbe,0xcd,0x1f,0x88,0x9a,0x3a,0x42,0x88,0x66,0x47,0x3b,0x50,0x5e,0x85,0x77,0x66,0x44,0x4a,0x40,0x06,0x4a,0x8f,0x39,0x34,0x0e}, + {0xe8,0xbd,0xce,0x3e,0xd9,0x22,0x7d,0xb6,0x07,0x2f,0x82,0x27,0x41,0xe8,0xb3,0x09,0x8d,0x6d,0x5b,0xb0,0x1f,0xa6,0x3f,0x74,0x72,0x23,0x36,0x8a,0x36,0x05,0x54,0x5e,0x28,0x19,0x4b,0x3e,0x09,0x0b,0x93,0x18,0x40,0xf6,0xf3,0x73,0x0e,0xe1,0xe3,0x7d,0x6f,0x5d,0x39,0x73,0xda,0x17,0x32,0xf4,0x3e,0x9c,0x37,0xca,0xd6,0xde,0x8a,0x6f,0x9a,0xb2,0xb7,0xfd,0x3d,0x12,0x40,0xe3,0x91,0xb2,0x1a,0xa2,0xe1,0x97,0x7b,0x48,0x9e,0x94,0xe6,0xfd,0x02,0x7d,0x96,0xf9,0x97,0xde,0xd3,0xc8,0x2e,0xe7,0x0d,0x78}, + {0xbc,0xe7,0x9a,0x08,0x45,0x85,0xe2,0x0a,0x06,0x4d,0x7f,0x1c,0xcf,0xde,0x8d,0x38,0xb8,0x11,0x48,0x0a,0x51,0x15,0xac,0x38,0xe4,0x8c,0x92,0x71,0xf6,0x8b,0xb2,0x0e,0x72,0x27,0xf4,0x00,0xf3,0xea,0x1f,0x67,0xaa,0x41,0x8c,0x2a,0x2a,0xeb,0x72,0x8f,0x92,0x32,0x37,0x97,0xd7,0x7f,0xa1,0x29,0xa6,0x87,0xb5,0x32,0xad,0xc6,0xef,0x1d,0xa7,0x95,0x51,0xef,0x1a,0xbe,0x5b,0xaf,0xed,0x15,0x7b,0x91,0x77,0x12,0x8c,0x14,0x2e,0xda,0xe5,0x7a,0xfb,0xf7,0x91,0x29,0x67,0x28,0xdd,0xf8,0x1b,0x20,0x7d,0x46}, + {0xad,0x4f,0xef,0x74,0x9a,0x91,0xfe,0x95,0xa2,0x08,0xa3,0xf6,0xec,0x7b,0x82,0x3a,0x01,0x7b,0xa4,0x09,0xd3,0x01,0x4e,0x96,0x97,0xc7,0xa3,0x5b,0x4f,0x3c,0xc4,0x71,0xa9,0xe7,0x7a,0x56,0xbd,0xf4,0x1e,0xbc,0xbd,0x98,0x44,0xd6,0xb2,0x4c,0x62,0x3f,0xc8,0x4e,0x1f,0x2c,0xd2,0x64,0x10,0xe4,0x01,0x40,0x38,0xba,0xa5,0xc5,0xf9,0x2e,0xcd,0x74,0x9e,0xfa,0xf6,0x6d,0xfd,0xb6,0x7a,0x26,0xaf,0xe4,0xbc,0x78,0x82,0xf1,0x0e,0x99,0xef,0xf1,0xd0,0xb3,0x55,0x82,0x93,0xf2,0xc5,0x90,0xa3,0x8c,0x75,0x5a}, + {0x95,0x24,0x46,0xd9,0x10,0x27,0xb7,0xa2,0x03,0x50,0x7d,0xd5,0xd2,0xc6,0xa8,0x3a,0xca,0x87,0xb4,0xa0,0xbf,0x00,0xd4,0xe3,0xec,0x72,0xeb,0xb3,0x44,0xe2,0xba,0x2d,0x94,0xdc,0x61,0x1d,0x8b,0x91,0xe0,0x8c,0x66,0x30,0x81,0x9a,0x46,0x36,0xed,0x8d,0xd3,0xaa,0xe8,0xaf,0x29,0xa8,0xe6,0xd4,0x3f,0xd4,0x39,0xf6,0x27,0x80,0x73,0x0a,0xcc,0xe1,0xff,0x57,0x2f,0x4a,0x0f,0x98,0x43,0x98,0x83,0xe1,0x0d,0x0d,0x67,0x00,0xfd,0x15,0xfb,0x49,0x4a,0x3f,0x5c,0x10,0x9c,0xa6,0x26,0x51,0x63,0xca,0x98,0x26}, + {0x78,0xba,0xb0,0x32,0x88,0x31,0x65,0xe7,0x8b,0xff,0x5c,0x92,0xf7,0x31,0x18,0x38,0xcc,0x1f,0x29,0xa0,0x91,0x1b,0xa8,0x08,0x07,0xeb,0xca,0x49,0xcc,0x3d,0xb4,0x1f,0x0e,0xd9,0x3d,0x5e,0x2f,0x70,0x3d,0x2e,0x86,0x53,0xd2,0xe4,0x18,0x09,0x3f,0x9e,0x6a,0xa9,0x4d,0x02,0xf6,0x3e,0x77,0x5e,0x32,0x33,0xfa,0x4a,0x0c,0x4b,0x00,0x3c,0x2b,0xb8,0xf4,0x06,0xac,0x46,0xa9,0x9a,0xf3,0xc4,0x06,0xa8,0xa5,0x84,0xa2,0x1c,0x87,0x47,0xcd,0xc6,0x5f,0x26,0xd3,0x3e,0x17,0xd2,0x1f,0xcd,0x01,0xfd,0x43,0x6b}, + {0x44,0xc5,0x97,0x46,0x4b,0x5d,0xa7,0xc7,0xbf,0xff,0x0f,0xdf,0x48,0xf8,0xfd,0x15,0x5a,0x78,0x46,0xaa,0xeb,0xb9,0x68,0x28,0x14,0xf7,0x52,0x5b,0x10,0xd7,0x68,0x5a,0xf3,0x0e,0x76,0x3e,0x58,0x42,0xc7,0xb5,0x90,0xb9,0x0a,0xee,0xb9,0x52,0xdc,0x75,0x3f,0x92,0x2b,0x07,0xc2,0x27,0x14,0xbf,0xf0,0xd9,0xf0,0x6f,0x2d,0x0b,0x42,0x73,0x06,0x1e,0x85,0x9e,0xcb,0xf6,0x2c,0xaf,0xc4,0x38,0x22,0xc6,0x13,0x39,0x59,0x8f,0x73,0xf3,0xfb,0x99,0x96,0xb8,0x8a,0xda,0x9e,0xbc,0x34,0xea,0x2f,0x63,0xb5,0x3d}, + {0xd8,0xd9,0x5d,0xf7,0x2b,0xee,0x6e,0xf4,0xa5,0x59,0x67,0x39,0xf6,0xb1,0x17,0x0d,0x73,0x72,0x9e,0x49,0x31,0xd1,0xf2,0x1b,0x13,0x5f,0xd7,0x49,0xdf,0x1a,0x32,0x04,0xd5,0x25,0x98,0x82,0xb1,0x90,0x49,0x2e,0x91,0x89,0x9a,0x3e,0x87,0xeb,0xea,0xed,0xf8,0x4a,0x70,0x4c,0x39,0x3d,0xf0,0xee,0x0e,0x2b,0xdf,0x95,0xa4,0x7e,0x19,0x59,0xae,0x5a,0xe5,0xe4,0x19,0x60,0xe1,0x04,0xe9,0x92,0x2f,0x7e,0x7a,0x43,0x7b,0xe7,0xa4,0x9a,0x15,0x6f,0xc1,0x2d,0xce,0xc7,0xc0,0x0c,0xd7,0xf4,0xc1,0xfd,0xea,0x45}, + {0x2b,0xd7,0x45,0x80,0x85,0x01,0x84,0x69,0x51,0x06,0x2f,0xcf,0xa2,0xfa,0x22,0x4c,0xc6,0x2d,0x22,0x6b,0x65,0x36,0x1a,0x94,0xde,0xda,0x62,0x03,0xc8,0xeb,0x5e,0x5a,0xed,0xb1,0xcc,0xcf,0x24,0x46,0x0e,0xb6,0x95,0x03,0x5c,0xbd,0x92,0xc2,0xdb,0x59,0xc9,0x81,0x04,0xdc,0x1d,0x9d,0xa0,0x31,0x40,0xd9,0x56,0x5d,0xea,0xce,0x73,0x3f,0xc6,0x8d,0x4e,0x0a,0xd1,0xbf,0xa7,0xb7,0x39,0xb3,0xc9,0x44,0x7e,0x00,0x57,0xbe,0xfa,0xae,0x57,0x15,0x7f,0x20,0xc1,0x60,0xdb,0x18,0x62,0x26,0x91,0x88,0x05,0x26}, + {0x04,0xff,0x60,0x83,0xa6,0x04,0xf7,0x59,0xf4,0xe6,0x61,0x76,0xde,0x3f,0xd9,0xc3,0x51,0x35,0x87,0x12,0x73,0x2a,0x1b,0x83,0x57,0x5d,0x61,0x4e,0x2e,0x0c,0xad,0x54,0x42,0xe5,0x76,0xc6,0x3c,0x8e,0x81,0x4c,0xad,0xcc,0xce,0x03,0x93,0x2c,0x42,0x5e,0x08,0x9f,0x12,0xb4,0xca,0xcc,0x07,0xec,0xb8,0x43,0x44,0xb2,0x10,0xfa,0xed,0x0d,0x2a,0x52,0x2b,0xb8,0xd5,0x67,0x3b,0xee,0xeb,0xc1,0xa5,0x9f,0x46,0x63,0xf1,0x36,0xd3,0x9f,0xc1,0x6e,0xf2,0xd2,0xb4,0xa5,0x08,0x94,0x7a,0xa7,0xba,0xb2,0xec,0x62}, + {0x3d,0x2b,0x15,0x61,0x52,0x79,0xed,0xe5,0xd1,0xd7,0xdd,0x0e,0x7d,0x35,0x62,0x49,0x71,0x4c,0x6b,0xb9,0xd0,0xc8,0x82,0x74,0xbe,0xd8,0x66,0xa9,0x19,0xf9,0x59,0x2e,0x74,0x28,0xb6,0xaf,0x36,0x28,0x07,0x92,0xa5,0x04,0xe1,0x79,0x85,0x5e,0xcd,0x5f,0x4a,0xa1,0x30,0xc6,0xad,0x01,0xad,0x5a,0x98,0x3f,0x66,0x75,0x50,0x3d,0x91,0x61,0xda,0x31,0x32,0x1a,0x36,0x2d,0xc6,0x0d,0x70,0x02,0x20,0x94,0x32,0x58,0x47,0xfa,0xce,0x94,0x95,0x3f,0x51,0x01,0xd8,0x02,0x5c,0x5d,0xc0,0x31,0xa1,0xc2,0xdb,0x3d}, + {0x4b,0xc5,0x5e,0xce,0xf9,0x0f,0xdc,0x9a,0x0d,0x13,0x2f,0x8c,0x6b,0x2a,0x9c,0x03,0x15,0x95,0xf8,0xf0,0xc7,0x07,0x80,0x02,0x6b,0xb3,0x04,0xac,0x14,0x83,0x96,0x78,0x14,0xbb,0x96,0x27,0xa2,0x57,0xaa,0xf3,0x21,0xda,0x07,0x9b,0xb7,0xba,0x3a,0x88,0x1c,0x39,0xa0,0x31,0x18,0xe2,0x4b,0xe5,0xf9,0x05,0x32,0xd8,0x38,0xfb,0xe7,0x5e,0x8e,0x6a,0x44,0x41,0xcb,0xfd,0x8d,0x53,0xf9,0x37,0x49,0x43,0xa9,0xfd,0xac,0xa5,0x78,0x8c,0x3c,0x26,0x8d,0x90,0xaf,0x46,0x09,0x0d,0xca,0x9b,0x3c,0x63,0xd0,0x61}, + {0x66,0x25,0xdb,0xff,0x35,0x49,0x74,0x63,0xbb,0x68,0x0b,0x78,0x89,0x6b,0xbd,0xc5,0x03,0xec,0x3e,0x55,0x80,0x32,0x1b,0x6f,0xf5,0xd7,0xae,0x47,0xd8,0x5f,0x96,0x6e,0xdf,0x73,0xfc,0xf8,0xbc,0x28,0xa3,0xad,0xfc,0x37,0xf0,0xa6,0x5d,0x69,0x84,0xee,0x09,0xa9,0xc2,0x38,0xdb,0xb4,0x7f,0x63,0xdc,0x7b,0x06,0xf8,0x2d,0xac,0x23,0x5b,0x7b,0x52,0x80,0xee,0x53,0xb9,0xd2,0x9a,0x8d,0x6d,0xde,0xfa,0xaa,0x19,0x8f,0xe8,0xcf,0x82,0x0e,0x15,0x04,0x17,0x71,0x0e,0xdc,0xde,0x95,0xdd,0xb9,0xbb,0xb9,0x79}, + {0xc2,0x26,0x31,0x6a,0x40,0x55,0xb3,0xeb,0x93,0xc3,0xc8,0x68,0xa8,0x83,0x63,0xd2,0x82,0x7a,0xb9,0xe5,0x29,0x64,0x0c,0x6c,0x47,0x21,0xfd,0xc9,0x58,0xf1,0x65,0x50,0x74,0x73,0x9f,0x8e,0xae,0x7d,0x99,0xd1,0x16,0x08,0xbb,0xcf,0xf8,0xa2,0x32,0xa0,0x0a,0x5f,0x44,0x6d,0x12,0xba,0x6c,0xcd,0x34,0xb8,0xcc,0x0a,0x46,0x11,0xa8,0x1b,0x54,0x99,0x42,0x0c,0xfb,0x69,0x81,0x70,0x67,0xcf,0x6e,0xd7,0xac,0x00,0x46,0xe1,0xba,0x45,0xe6,0x70,0x8a,0xb9,0xaa,0x2e,0xf2,0xfa,0xa4,0x58,0x9e,0xf3,0x81,0x39}, + {0x93,0x0a,0x23,0x59,0x75,0x8a,0xfb,0x18,0x5d,0xf4,0xe6,0x60,0x69,0x8f,0x16,0x1d,0xb5,0x3c,0xa9,0x14,0x45,0xa9,0x85,0x3a,0xfd,0xd0,0xac,0x05,0x37,0x08,0xdc,0x38,0xde,0x6f,0xe6,0x6d,0xa5,0xdf,0x45,0xc8,0x3a,0x48,0x40,0x2c,0x00,0xa5,0x52,0xe1,0x32,0xf6,0xb4,0xc7,0x63,0xe1,0xd2,0xe9,0x65,0x1b,0xbc,0xdc,0x2e,0x45,0xf4,0x30,0x40,0x97,0x75,0xc5,0x82,0x27,0x6d,0x85,0xcc,0xbe,0x9c,0xf9,0x69,0x45,0x13,0xfa,0x71,0x4e,0xea,0xc0,0x73,0xfc,0x44,0x88,0x69,0x24,0x3f,0x59,0x1a,0x9a,0x2d,0x63}, + {0xa6,0xcb,0x07,0xb8,0x15,0x6b,0xbb,0xf6,0xd7,0xf0,0x54,0xbc,0xdf,0xc7,0x23,0x18,0x0b,0x67,0x29,0x6e,0x03,0x97,0x1d,0xbb,0x57,0x4a,0xed,0x47,0x88,0xf4,0x24,0x0b,0xa7,0x84,0x0c,0xed,0x11,0xfd,0x09,0xbf,0x3a,0x69,0x9f,0x0d,0x81,0x71,0xf0,0x63,0x79,0x87,0xcf,0x57,0x2d,0x8c,0x90,0x21,0xa2,0x4b,0xf6,0x8a,0xf2,0x7d,0x5a,0x3a,0xc7,0xea,0x1b,0x51,0xbe,0xd4,0xda,0xdc,0xf2,0xcc,0x26,0xed,0x75,0x80,0x53,0xa4,0x65,0x9a,0x5f,0x00,0x9f,0xff,0x9c,0xe1,0x63,0x1f,0x48,0x75,0x44,0xf7,0xfc,0x34}, + {0xca,0x67,0x97,0x78,0x4c,0xe0,0x97,0xc1,0x7d,0x46,0xd9,0x38,0xcb,0x4d,0x71,0xb8,0xa8,0x5f,0xf9,0x83,0x82,0x88,0xde,0x55,0xf7,0x63,0xfa,0x4d,0x16,0xdc,0x3b,0x3d,0x98,0xaa,0xcf,0x78,0xab,0x1d,0xbb,0xa5,0xf2,0x72,0x0b,0x19,0x67,0xa2,0xed,0x5c,0x8e,0x60,0x92,0x0a,0x11,0xc9,0x09,0x93,0xb0,0x74,0xb3,0x2f,0x04,0xa3,0x19,0x01,0x7d,0x17,0xc2,0xe8,0x9c,0xd8,0xa2,0x67,0xc1,0xd0,0x95,0x68,0xf6,0xa5,0x9d,0x66,0xb0,0xa2,0x82,0xb2,0xe5,0x98,0x65,0xf5,0x73,0x0a,0xe2,0xed,0xf1,0x88,0xc0,0x56}, + {0x17,0x6e,0xa8,0x10,0x11,0x3d,0x6d,0x33,0xfa,0xb2,0x75,0x0b,0x32,0x88,0xf3,0xd7,0x88,0x29,0x07,0x25,0x76,0x33,0x15,0xf9,0x87,0x8b,0x10,0x99,0x6b,0x4c,0x67,0x09,0x02,0x8f,0xf3,0x24,0xac,0x5f,0x1b,0x58,0xbd,0x0c,0xe3,0xba,0xfe,0xe9,0x0b,0xa9,0xf0,0x92,0xcf,0x8a,0x02,0x69,0x21,0x9a,0x8f,0x03,0x59,0x83,0xa4,0x7e,0x8b,0x03,0xf8,0x6f,0x31,0x99,0x21,0xf8,0x4e,0x9f,0x4f,0x8d,0xa7,0xea,0x82,0xd2,0x49,0x2f,0x74,0x31,0xef,0x5a,0xab,0xa5,0x71,0x09,0x65,0xeb,0x69,0x59,0x02,0x31,0x5e,0x6e}, + {0xfb,0x93,0xe5,0x87,0xf5,0x62,0x6c,0xb1,0x71,0x3e,0x5d,0xca,0xde,0xed,0x99,0x49,0x6d,0x3e,0xcc,0x14,0xe0,0xc1,0x91,0xb4,0xa8,0xdb,0xa8,0x89,0x47,0x11,0xf5,0x08,0x22,0x62,0x06,0x63,0x0e,0xfb,0x04,0x33,0x3f,0xba,0xac,0x87,0x89,0x06,0x35,0xfb,0xa3,0x61,0x10,0x8c,0x77,0x24,0x19,0xbd,0x20,0x86,0x83,0xd1,0x43,0xad,0x58,0x30,0xd0,0x63,0x76,0xe5,0xfd,0x0f,0x3c,0x32,0x10,0xa6,0x2e,0xa2,0x38,0xdf,0xc3,0x05,0x9a,0x4f,0x99,0xac,0xbd,0x8a,0xc7,0xbd,0x99,0xdc,0xe3,0xef,0xa4,0x9f,0x54,0x26}, + {0xd6,0xf9,0x6b,0x1e,0x46,0x5a,0x1d,0x74,0x81,0xa5,0x77,0x77,0xfc,0xb3,0x05,0x23,0xd9,0xd3,0x74,0x64,0xa2,0x74,0x55,0xd4,0xff,0xe0,0x01,0x64,0xdc,0xe1,0x26,0x19,0x6e,0x66,0x3f,0xaf,0x49,0x85,0x46,0xdb,0xa5,0x0e,0x4a,0xf1,0x04,0xcf,0x7f,0xd7,0x47,0x0c,0xba,0xa4,0xf7,0x3f,0xf2,0x3d,0x85,0x3c,0xce,0x32,0xe1,0xdf,0x10,0x3a,0xa0,0xce,0x17,0xea,0x8a,0x4e,0x7f,0xe0,0xfd,0xc1,0x1f,0x3a,0x46,0x15,0xd5,0x2f,0xf1,0xc0,0xf2,0x31,0xfd,0x22,0x53,0x17,0x15,0x5d,0x1e,0x86,0x1d,0xd0,0xa1,0x1f}, + {0x32,0x98,0x59,0x7d,0x94,0x55,0x80,0xcc,0x20,0x55,0xf1,0x37,0xda,0x56,0x46,0x1e,0x20,0x93,0x05,0x4e,0x74,0xf7,0xf6,0x99,0x33,0xcf,0x75,0x6a,0xbc,0x63,0x35,0x77,0xab,0x94,0xdf,0xd1,0x00,0xac,0xdc,0x38,0xe9,0x0d,0x08,0xd1,0xdd,0x2b,0x71,0x2e,0x62,0xe2,0xd5,0xfd,0x3e,0xe9,0x13,0x7f,0xe5,0x01,0x9a,0xee,0x18,0xed,0xfc,0x73,0xb3,0x9c,0x13,0x63,0x08,0xe9,0xb1,0x06,0xcd,0x3e,0xa0,0xc5,0x67,0xda,0x93,0xa4,0x32,0x89,0x63,0xad,0xc8,0xce,0x77,0x8d,0x44,0x4f,0x86,0x1b,0x70,0x6b,0x42,0x1f}, + {0x01,0x1c,0x91,0x41,0x4c,0x26,0xc9,0xef,0x25,0x2c,0xa2,0x17,0xb8,0xb7,0xa3,0xf1,0x47,0x14,0x0f,0xf3,0x6b,0xda,0x75,0x58,0x90,0xb0,0x31,0x1d,0x27,0xf5,0x1a,0x4e,0x52,0x25,0xa1,0x91,0xc8,0x35,0x7e,0xf1,0x76,0x9c,0x5e,0x57,0x53,0x81,0x6b,0xb7,0x3e,0x72,0x9b,0x0d,0x6f,0x40,0x83,0xfa,0x38,0xe4,0xa7,0x3f,0x1b,0xbb,0x76,0x0b,0x9b,0x93,0x92,0x7f,0xf9,0xc1,0xb8,0x08,0x6e,0xab,0x44,0xd4,0xcb,0x71,0x67,0xbe,0x17,0x80,0xbb,0x99,0x63,0x64,0xe5,0x22,0x55,0xa9,0x72,0xb7,0x1e,0xd6,0x6d,0x7b}, + {0x92,0x3d,0xf3,0x50,0xe8,0xc1,0xad,0xb7,0xcf,0xd5,0x8c,0x60,0x4f,0xfa,0x98,0x79,0xdb,0x5b,0xfc,0x8d,0xbd,0x2d,0x96,0xad,0x4f,0x2f,0x1d,0xaf,0xce,0x9b,0x3e,0x70,0xc7,0xd2,0x01,0xab,0xf9,0xab,0x30,0x57,0x18,0x3b,0x14,0x40,0xdc,0x76,0xfb,0x16,0x81,0xb2,0xcb,0xa0,0x65,0xbe,0x6c,0x86,0xfe,0x6a,0xff,0x9b,0x65,0x9b,0xfa,0x53,0x55,0x54,0x88,0x94,0xe9,0xc8,0x14,0x6c,0xe5,0xd4,0xae,0x65,0x66,0x5d,0x3a,0x84,0xf1,0x5a,0xd6,0xbc,0x3e,0xb7,0x1b,0x18,0x50,0x1f,0xc6,0xc4,0xe5,0x93,0x8d,0x39}, + {0xf3,0x48,0xe2,0x33,0x67,0xd1,0x4b,0x1c,0x5f,0x0a,0xbf,0x15,0x87,0x12,0x9e,0xbd,0x76,0x03,0x0b,0xa1,0xf0,0x8c,0x3f,0xd4,0x13,0x1b,0x19,0xdf,0x5d,0x9b,0xb0,0x53,0xf2,0xe3,0xe7,0xd2,0x60,0x7c,0x87,0xc3,0xb1,0x8b,0x82,0x30,0xa0,0xaa,0x34,0x3b,0x38,0xf1,0x9e,0x73,0xe7,0x26,0x3e,0x28,0x77,0x05,0xc3,0x02,0x90,0x9c,0x9c,0x69,0xcc,0xf1,0x46,0x59,0x23,0xa7,0x06,0xf3,0x7d,0xd9,0xe5,0xcc,0xb5,0x18,0x17,0x92,0x75,0xe9,0xb4,0x81,0x47,0xd2,0xcd,0x28,0x07,0xd9,0xcd,0x6f,0x0c,0xf3,0xca,0x51}, + {0x0a,0xe0,0x74,0x76,0x42,0xa7,0x0b,0xa6,0xf3,0x7b,0x7a,0xa1,0x70,0x85,0x0e,0x63,0xcc,0x24,0x33,0xcf,0x3d,0x56,0x58,0x37,0xaa,0xfd,0x83,0x23,0x29,0xaa,0x04,0x55,0xc7,0x54,0xac,0x18,0x9a,0xf9,0x7a,0x73,0x0f,0xb3,0x1c,0xc5,0xdc,0x78,0x33,0x90,0xc7,0x0c,0xe1,0x4c,0x33,0xbc,0x89,0x2b,0x9a,0xe9,0xf8,0x89,0xc1,0x29,0xae,0x12,0xcf,0x01,0x0d,0x1f,0xcb,0xc0,0x9e,0xa9,0xae,0xf7,0x34,0x3a,0xcc,0xef,0xd1,0x0d,0x22,0x4e,0x9c,0xd0,0x21,0x75,0xca,0x55,0xea,0xa5,0xeb,0x58,0xe9,0x4f,0xd1,0x5f}, + {0x2c,0xab,0x45,0x28,0xdf,0x2d,0xdc,0xb5,0x93,0xe9,0x7f,0x0a,0xb1,0x91,0x94,0x06,0x46,0xe3,0x02,0x40,0xd6,0xf3,0xaa,0x4d,0xd1,0x74,0x64,0x58,0x6e,0xf2,0x3f,0x09,0x8e,0xcb,0x93,0xbf,0x5e,0xfe,0x42,0x3c,0x5f,0x56,0xd4,0x36,0x51,0xa8,0xdf,0xbe,0xe8,0x20,0x42,0x88,0x9e,0x85,0xf0,0xe0,0x28,0xd1,0x25,0x07,0x96,0x3f,0xd7,0x7d,0x29,0x98,0x05,0x68,0xfe,0x24,0x0d,0xb1,0xe5,0x23,0xaf,0xdb,0x72,0x06,0x73,0x75,0x29,0xac,0x57,0xb4,0x3a,0x25,0x67,0x13,0xa4,0x70,0xb4,0x86,0xbc,0xbc,0x59,0x2f}, + {0x5f,0x13,0x17,0x99,0x42,0x7d,0x84,0x83,0xd7,0x03,0x7d,0x56,0x1f,0x91,0x1b,0xad,0xd1,0xaa,0x77,0xbe,0xd9,0x48,0x77,0x7e,0x4a,0xaf,0x51,0x2e,0x2e,0xb4,0x58,0x54,0x01,0xc3,0x91,0xb6,0x60,0xd5,0x41,0x70,0x1e,0xe7,0xd7,0xad,0x3f,0x1b,0x20,0x85,0x85,0x55,0x33,0x11,0x63,0xe1,0xc2,0x16,0xb1,0x28,0x08,0x01,0x3d,0x5e,0xa5,0x2a,0x4f,0x44,0x07,0x0c,0xe6,0x92,0x51,0xed,0x10,0x1d,0x42,0x74,0x2d,0x4e,0xc5,0x42,0x64,0xc8,0xb5,0xfd,0x82,0x4c,0x2b,0x35,0x64,0x86,0x76,0x8a,0x4a,0x00,0xe9,0x13}, + {0xdb,0xce,0x2f,0x83,0x45,0x88,0x9d,0x73,0x63,0xf8,0x6b,0xae,0xc9,0xd6,0x38,0xfa,0xf7,0xfe,0x4f,0xb7,0xca,0x0d,0xbc,0x32,0x5e,0xe4,0xbc,0x14,0x88,0x7e,0x93,0x73,0x7f,0x87,0x3b,0x19,0xc9,0x00,0x2e,0xbb,0x6b,0x50,0xdc,0xe0,0x90,0xa8,0xe3,0xec,0x9f,0x64,0xde,0x36,0xc0,0xb7,0xf3,0xec,0x1a,0x9e,0xde,0x98,0x08,0x04,0x46,0x5f,0x8d,0xf4,0x7b,0x29,0x16,0x71,0x03,0xb9,0x34,0x68,0xf0,0xd4,0x22,0x3b,0xd1,0xa9,0xc6,0xbd,0x96,0x46,0x57,0x15,0x97,0xe1,0x35,0xe8,0xd5,0x91,0xe8,0xa4,0xf8,0x2c}, + {0x67,0x0f,0x11,0x07,0x87,0xfd,0x93,0x6d,0x49,0xb5,0x38,0x7c,0xd3,0x09,0x4c,0xdd,0x86,0x6a,0x73,0xc2,0x4c,0x6a,0xb1,0x7c,0x09,0x2a,0x25,0x58,0x6e,0xbd,0x49,0x20,0xa2,0x6b,0xd0,0x17,0x7e,0x48,0xb5,0x2c,0x6b,0x19,0x50,0x39,0x1c,0x38,0xd2,0x24,0x30,0x8a,0x97,0x85,0x81,0x9c,0x65,0xd7,0xf6,0xa4,0xd6,0x91,0x28,0x7f,0x6f,0x7a,0x49,0xef,0x9a,0x6a,0x8d,0xfd,0x09,0x7d,0x0b,0xb9,0x3d,0x5b,0xbe,0x60,0xee,0xf0,0xd4,0xbf,0x9e,0x51,0x2c,0xb5,0x21,0x4c,0x1d,0x94,0x45,0xc5,0xdf,0xaa,0x11,0x60}, + {0x3c,0xf8,0x95,0xcf,0x6d,0x92,0x67,0x5f,0x71,0x90,0x28,0x71,0x61,0x85,0x7e,0x7c,0x5b,0x7a,0x8f,0x99,0xf3,0xe7,0xa1,0xd6,0xe0,0xf9,0x62,0x0b,0x1b,0xcc,0xc5,0x6f,0x90,0xf8,0xcb,0x02,0xc8,0xd0,0xde,0x63,0xaa,0x6a,0xff,0x0d,0xca,0x98,0xd0,0xfb,0x99,0xed,0xb6,0xb9,0xfd,0x0a,0x4d,0x62,0x1e,0x0b,0x34,0x79,0xb7,0x18,0xce,0x69,0xcb,0x79,0x98,0xb2,0x28,0x55,0xef,0xd1,0x92,0x90,0x7e,0xd4,0x3c,0xae,0x1a,0xdd,0x52,0x23,0x9f,0x18,0x42,0x04,0x7e,0x12,0xf1,0x01,0x71,0xe5,0x3a,0x6b,0x59,0x15}, + {0xa2,0x79,0x91,0x3f,0xd2,0x39,0x27,0x46,0xcf,0xdd,0xd6,0x97,0x31,0x12,0x83,0xff,0x8a,0x14,0xf2,0x53,0xb5,0xde,0x07,0x13,0xda,0x4d,0x5f,0x7b,0x68,0x37,0x22,0x0d,0xca,0x24,0x51,0x7e,0x16,0x31,0xff,0x09,0xdf,0x45,0xc7,0xd9,0x8b,0x15,0xe4,0x0b,0xe5,0x56,0xf5,0x7e,0x22,0x7d,0x2b,0x29,0x38,0xd1,0xb6,0xaf,0x41,0xe2,0xa4,0x3a,0xf5,0x05,0x33,0x2a,0xbf,0x38,0xc1,0x2c,0xc3,0x26,0xe9,0xa2,0x8f,0x3f,0x58,0x48,0xeb,0xd2,0x49,0x55,0xa2,0xb1,0x3a,0x08,0x6c,0xa3,0x87,0x46,0x6e,0xaa,0xfc,0x32}, + {0xf5,0x9a,0x7d,0xc5,0x8d,0x6e,0xc5,0x7b,0xf2,0xbd,0xf0,0x9d,0xed,0xd2,0x0b,0x3e,0xa3,0xe4,0xef,0x22,0xde,0x14,0xc0,0xaa,0x5c,0x6a,0xbd,0xfe,0xce,0xe9,0x27,0x46,0xdf,0xcc,0x87,0x27,0x73,0xa4,0x07,0x32,0xf8,0xe3,0x13,0xf2,0x08,0x19,0xe3,0x17,0x4e,0x96,0x0d,0xf6,0xd7,0xec,0xb2,0xd5,0xe9,0x0b,0x60,0xc2,0x36,0x63,0x6f,0x74,0x1c,0x97,0x6c,0xab,0x45,0xf3,0x4a,0x3f,0x1f,0x73,0x43,0x99,0x72,0xeb,0x88,0xe2,0x6d,0x18,0x44,0x03,0x8a,0x6a,0x59,0x33,0x93,0x62,0xd6,0x7e,0x00,0x17,0x49,0x7b}, + {0x64,0xb0,0x84,0xab,0x5c,0xfb,0x85,0x2d,0x14,0xbc,0xf3,0x89,0xd2,0x10,0x78,0x49,0x0c,0xce,0x15,0x7b,0x44,0xdc,0x6a,0x47,0x7b,0xfd,0x44,0xf8,0x76,0xa3,0x2b,0x12,0xdd,0xa2,0x53,0xdd,0x28,0x1b,0x34,0x54,0x3f,0xfc,0x42,0xdf,0x5b,0x90,0x17,0xaa,0xf4,0xf8,0xd2,0x4d,0xd9,0x92,0xf5,0x0f,0x7d,0xd3,0x8c,0xe0,0x0f,0x62,0x03,0x1d,0x54,0xe5,0xb4,0xa2,0xcd,0x32,0x02,0xc2,0x7f,0x18,0x5d,0x11,0x42,0xfd,0xd0,0x9e,0xd9,0x79,0xd4,0x7d,0xbe,0xb4,0xab,0x2e,0x4c,0xec,0x68,0x2b,0xf5,0x0b,0xc7,0x02}, + {0xbb,0x2f,0x0b,0x5d,0x4b,0xec,0x87,0xa2,0xca,0x82,0x48,0x07,0x90,0x57,0x5c,0x41,0x5c,0x81,0xd0,0xc1,0x1e,0xa6,0x44,0xe0,0xe0,0xf5,0x9e,0x40,0x0a,0x4f,0x33,0x26,0xe1,0x72,0x8d,0x45,0xbf,0x32,0xe5,0xac,0xb5,0x3c,0xb7,0x7c,0xe0,0x68,0xe7,0x5b,0xe7,0xbd,0x8b,0xee,0x94,0x7d,0xcf,0x56,0x03,0x3a,0xb4,0xfe,0xe3,0x97,0x06,0x6b,0xc0,0xa3,0x62,0xdf,0x4a,0xf0,0xc8,0xb6,0x5d,0xa4,0x6d,0x07,0xef,0x00,0xf0,0x3e,0xa9,0xd2,0xf0,0x49,0x58,0xb9,0x9c,0x9c,0xae,0x2f,0x1b,0x44,0x43,0x7f,0xc3,0x1c}, + {0x4f,0x32,0xc7,0x5c,0x5a,0x56,0x8f,0x50,0x22,0xa9,0x06,0xe5,0xc0,0xc4,0x61,0xd0,0x19,0xac,0x45,0x5c,0xdb,0xab,0x18,0xfb,0x4a,0x31,0x80,0x03,0xc1,0x09,0x68,0x6c,0xb9,0xae,0xce,0xc9,0xf1,0x56,0x66,0xd7,0x6a,0x65,0xe5,0x18,0xf8,0x15,0x5b,0x1c,0x34,0x23,0x4c,0x84,0x32,0x28,0xe7,0x26,0x38,0x68,0x19,0x2f,0x77,0x6f,0x34,0x3a,0xc8,0x6a,0xda,0xe2,0x12,0x51,0xd5,0xd2,0xed,0x51,0xe8,0xb1,0x31,0x03,0xbd,0xe9,0x62,0x72,0xc6,0x8e,0xdd,0x46,0x07,0x96,0xd0,0xc5,0xf7,0x6e,0x9f,0x1b,0x91,0x05}, + {0xbb,0x0e,0xdf,0xf5,0x83,0x99,0x33,0xc1,0xac,0x4c,0x2c,0x51,0x8f,0x75,0xf3,0xc0,0xe1,0x98,0xb3,0x0b,0x0a,0x13,0xf1,0x2c,0x62,0x0c,0x27,0xaa,0xf9,0xec,0x3c,0x6b,0xef,0xea,0x2e,0x51,0xf3,0xac,0x49,0x53,0x49,0xcb,0xc1,0x1c,0xd3,0x41,0xc1,0x20,0x8d,0x68,0x9a,0xa9,0x07,0x0c,0x18,0x24,0x17,0x2d,0x4b,0xc6,0xd1,0xf9,0x5e,0x55,0x08,0xbd,0x73,0x3b,0xba,0x70,0xa7,0x36,0x0c,0xbf,0xaf,0xa3,0x08,0xef,0x4a,0x62,0xf2,0x46,0x09,0xb4,0x98,0xff,0x37,0x57,0x9d,0x74,0x81,0x33,0xe1,0x4d,0x5f,0x67}, + {0xfc,0x82,0x17,0x6b,0x03,0x52,0x2c,0x0e,0xb4,0x83,0xad,0x6c,0x81,0x6c,0x81,0x64,0x3e,0x07,0x64,0x69,0xd9,0xbd,0xdc,0xd0,0x20,0xc5,0x64,0x01,0xf7,0x9d,0xd9,0x13,0x1d,0xb3,0xda,0x3b,0xd9,0xf6,0x2f,0xa1,0xfe,0x2d,0x65,0x9d,0x0f,0xd8,0x25,0x07,0x87,0x94,0xbe,0x9a,0xf3,0x4f,0x9c,0x01,0x43,0x3c,0xcd,0x82,0xb8,0x50,0xf4,0x60,0xca,0xc0,0xe5,0x21,0xc3,0x5e,0x4b,0x01,0xa2,0xbf,0x19,0xd7,0xc9,0x69,0xcb,0x4f,0xa0,0x23,0x00,0x75,0x18,0x1c,0x5f,0x4e,0x80,0xac,0xed,0x55,0x9e,0xde,0x06,0x1c}, + {0xe2,0xc4,0x3e,0xa3,0xd6,0x7a,0x0f,0x99,0x8e,0xe0,0x2e,0xbe,0x38,0xf9,0x08,0x66,0x15,0x45,0x28,0x63,0xc5,0x43,0xa1,0x9c,0x0d,0xb6,0x2d,0xec,0x1f,0x8a,0xf3,0x4c,0xaa,0x69,0x6d,0xff,0x40,0x2b,0xd5,0xff,0xbb,0x49,0x40,0xdc,0x18,0x0b,0x53,0x34,0x97,0x98,0x4d,0xa3,0x2f,0x5c,0x4a,0x5e,0x2d,0xba,0x32,0x7d,0x8e,0x6f,0x09,0x78,0xe7,0x5c,0xfa,0x0d,0x65,0xaa,0xaa,0xa0,0x8c,0x47,0xb5,0x48,0x2a,0x9e,0xc4,0xf9,0x5b,0x72,0x03,0x70,0x7d,0xcc,0x09,0x4f,0xbe,0x1a,0x09,0x26,0x3a,0xad,0x3c,0x37}, + {0x7c,0xf5,0xc9,0x82,0x4d,0x63,0x94,0xb2,0x36,0x45,0x93,0x24,0xe1,0xfd,0xcb,0x1f,0x5a,0xdb,0x8c,0x41,0xb3,0x4d,0x9c,0x9e,0xfc,0x19,0x44,0x45,0xd9,0xf3,0x40,0x00,0xad,0xbb,0xdd,0x89,0xfb,0xa8,0xbe,0xf1,0xcb,0xae,0xae,0x61,0xbc,0x2c,0xcb,0x3b,0x9d,0x8d,0x9b,0x1f,0xbb,0xa7,0x58,0x8f,0x86,0xa6,0x12,0x51,0xda,0x7e,0x54,0x21,0xd3,0x86,0x59,0xfd,0x39,0xe9,0xfd,0xde,0x0c,0x38,0x0a,0x51,0x89,0x2c,0x27,0xf4,0xb9,0x19,0x31,0xbb,0x07,0xa4,0x2b,0xb7,0xf4,0x4d,0x25,0x4a,0x33,0x0a,0x55,0x63}, + {0x37,0xcf,0x69,0xb5,0xed,0xd6,0x07,0x65,0xe1,0x2e,0xa5,0x0c,0xb0,0x29,0x84,0x17,0x5d,0xd6,0x6b,0xeb,0x90,0x00,0x7c,0xea,0x51,0x8f,0xf7,0xda,0xc7,0x62,0xea,0x3e,0x49,0x7b,0x54,0x72,0x45,0x58,0xba,0x9b,0xe0,0x08,0xc4,0xe2,0xfa,0xc6,0x05,0xf3,0x8d,0xf1,0x34,0xc7,0x69,0xfa,0xe8,0x60,0x7a,0x76,0x7d,0xaa,0xaf,0x2b,0xa9,0x39,0x4e,0x27,0x93,0xe6,0x13,0xc7,0x24,0x9d,0x75,0xd3,0xdb,0x68,0x77,0x85,0x63,0x5f,0x9a,0xb3,0x8a,0xeb,0x60,0x55,0x52,0x70,0xcd,0xc4,0xc9,0x65,0x06,0x6a,0x43,0x68}, + {0x27,0x3f,0x2f,0x20,0xe8,0x35,0x02,0xbc,0xb0,0x75,0xf9,0x64,0xe2,0x00,0x5c,0xc7,0x16,0x24,0x8c,0xa3,0xd5,0xe9,0xa4,0x91,0xf9,0x89,0xb7,0x8a,0xf6,0xe7,0xb6,0x17,0x7c,0x10,0x20,0xe8,0x17,0xd3,0x56,0x1e,0x65,0xe9,0x0a,0x84,0x44,0x68,0x26,0xc5,0x7a,0xfc,0x0f,0x32,0xc6,0xa1,0xe0,0xc1,0x72,0x14,0x61,0x91,0x9c,0x66,0x73,0x53,0x57,0x52,0x0e,0x9a,0xab,0x14,0x28,0x5d,0xfc,0xb3,0xca,0xc9,0x84,0x20,0x8f,0x90,0xca,0x1e,0x2d,0x5b,0x88,0xf5,0xca,0xaf,0x11,0x7d,0xf8,0x78,0xa6,0xb5,0xb4,0x1c}, + {0x6c,0xfc,0x4a,0x39,0x6b,0xc0,0x64,0xb6,0xb1,0x5f,0xda,0x98,0x24,0xde,0x88,0x0c,0x34,0xd8,0xca,0x4b,0x16,0x03,0x8d,0x4f,0xa2,0x34,0x74,0xde,0x78,0xca,0x0b,0x33,0xe7,0x07,0xa0,0xa2,0x62,0xaa,0x74,0x6b,0xb1,0xc7,0x71,0xf0,0xb0,0xe0,0x11,0xf3,0x23,0xe2,0x0b,0x00,0x38,0xe4,0x07,0x57,0xac,0x6e,0xef,0x82,0x2d,0xfd,0xc0,0x2d,0x4e,0x74,0x19,0x11,0x84,0xff,0x2e,0x98,0x24,0x47,0x07,0x2b,0x96,0x5e,0x69,0xf9,0xfb,0x53,0xc9,0xbf,0x4f,0xc1,0x8a,0xc5,0xf5,0x1c,0x9f,0x36,0x1b,0xbe,0x31,0x3c}, + {0xee,0x8a,0x94,0x08,0x4d,0x86,0xf4,0xb0,0x6f,0x1c,0xba,0x91,0xee,0x19,0xdc,0x07,0x58,0xa1,0xac,0xa6,0xae,0xcd,0x75,0x79,0xbb,0xd4,0x62,0x42,0x13,0x61,0x0b,0x33,0x72,0x42,0xcb,0xf9,0x93,0xbc,0x68,0xc1,0x98,0xdb,0xce,0xc7,0x1f,0x71,0xb8,0xae,0x7a,0x8d,0xac,0x34,0xaa,0x52,0x0e,0x7f,0xbb,0x55,0x7d,0x7e,0x09,0xc1,0xce,0x41,0x8a,0x80,0x6d,0xa2,0xd7,0x19,0x96,0xf7,0x6d,0x15,0x9e,0x1d,0x9e,0xd4,0x1f,0xbb,0x27,0xdf,0xa1,0xdb,0x6c,0xc3,0xd7,0x73,0x7d,0x77,0x28,0x1f,0xd9,0x4c,0xb4,0x26}, + {0x75,0x74,0x38,0x8f,0x47,0x48,0xf0,0x51,0x3c,0xcb,0xbe,0x9c,0xf4,0xbc,0x5d,0xb2,0x55,0x20,0x9f,0xd9,0x44,0x12,0xab,0x9a,0xd6,0xa5,0x10,0x1c,0x6c,0x9e,0x70,0x2c,0x83,0x03,0x73,0x62,0x93,0xf2,0xb7,0xe1,0x2c,0x8a,0xca,0xeb,0xff,0x79,0x52,0x4b,0x14,0x13,0xd4,0xbf,0x8a,0x77,0xfc,0xda,0x0f,0x61,0x72,0x9c,0x14,0x10,0xeb,0x7d,0x7a,0xee,0x66,0x87,0x6a,0xaf,0x62,0xcb,0x0e,0xcd,0x53,0x55,0x04,0xec,0xcb,0x66,0xb5,0xe4,0x0b,0x0f,0x38,0x01,0x80,0x58,0xea,0xe2,0x2c,0xf6,0x9f,0x8e,0xe6,0x08}, + {0xad,0x30,0xc1,0x4b,0x0a,0x50,0xad,0x34,0x9c,0xd4,0x0b,0x3d,0x49,0xdb,0x38,0x8d,0xbe,0x89,0x0a,0x50,0x98,0x3d,0x5c,0xa2,0x09,0x3b,0xba,0xee,0x87,0x3f,0x1f,0x2f,0xf9,0xf2,0xb8,0x0a,0xd5,0x09,0x2d,0x2f,0xdf,0x23,0x59,0xc5,0x8d,0x21,0xb9,0xac,0xb9,0x6c,0x76,0x73,0x26,0x34,0x8f,0x4a,0xf5,0x19,0xf7,0x38,0xd7,0x3b,0xb1,0x4c,0x4a,0xb6,0x15,0xe5,0x75,0x8c,0x84,0xf7,0x38,0x90,0x4a,0xdb,0xba,0x01,0x95,0xa5,0x50,0x1b,0x75,0x3f,0x3f,0x31,0x0d,0xc2,0xe8,0x2e,0xae,0xc0,0x53,0xe3,0xa1,0x19}, + {0xc3,0x05,0xfa,0xba,0x60,0x75,0x1c,0x7d,0x61,0x5e,0xe5,0xc6,0xa0,0xa0,0xe1,0xb3,0x73,0x64,0xd6,0xc0,0x18,0x97,0x52,0xe3,0x86,0x34,0x0c,0xc2,0x11,0x6b,0x54,0x41,0xbd,0xbd,0x96,0xd5,0xcd,0x72,0x21,0xb4,0x40,0xfc,0xee,0x98,0x43,0x45,0xe0,0x93,0xb5,0x09,0x41,0xb4,0x47,0x53,0xb1,0x9f,0x34,0xae,0x66,0x02,0x99,0xd3,0x6b,0x73,0xb4,0xb3,0x34,0x93,0x50,0x2d,0x53,0x85,0x73,0x65,0x81,0x60,0x4b,0x11,0xfd,0x46,0x75,0x83,0x5c,0x42,0x30,0x5f,0x5f,0xcc,0x5c,0xab,0x7f,0xb8,0xa2,0x95,0x22,0x41}, + {0xe9,0xd6,0x7e,0xf5,0x88,0x9b,0xc9,0x19,0x25,0xc8,0xf8,0x6d,0x26,0xcb,0x93,0x53,0x73,0xd2,0x0a,0xb3,0x13,0x32,0xee,0x5c,0x34,0x2e,0x2d,0xb5,0xeb,0x53,0xe1,0x14,0xc6,0xea,0x93,0xe2,0x61,0x52,0x65,0x2e,0xdb,0xac,0x33,0x21,0x03,0x92,0x5a,0x84,0x6b,0x99,0x00,0x79,0xcb,0x75,0x09,0x46,0x80,0xdd,0x5a,0x19,0x8d,0xbb,0x60,0x07,0x8a,0x81,0xe6,0xcd,0x17,0x1a,0x3e,0x41,0x84,0xa0,0x69,0xed,0xa9,0x6d,0x15,0x57,0xb1,0xcc,0xca,0x46,0x8f,0x26,0xbf,0x2c,0xf2,0xc5,0x3a,0xc3,0x9b,0xbe,0x34,0x6b}, + {0xb2,0xc0,0x78,0x3a,0x64,0x2f,0xdf,0xf3,0x7c,0x02,0x2e,0xf2,0x1e,0x97,0x3e,0x4c,0xa3,0xb5,0xc1,0x49,0x5e,0x1c,0x7d,0xec,0x2d,0xdd,0x22,0x09,0x8f,0xc1,0x12,0x20,0xd3,0xf2,0x71,0x65,0x65,0x69,0xfc,0x11,0x7a,0x73,0x0e,0x53,0x45,0xe8,0xc9,0xc6,0x35,0x50,0xfe,0xd4,0xa2,0xe7,0x3a,0xe3,0x0b,0xd3,0x6d,0x2e,0xb6,0xc7,0xb9,0x01,0x29,0x9d,0xc8,0x5a,0xe5,0x55,0x0b,0x88,0x63,0xa7,0xa0,0x45,0x1f,0x24,0x83,0x14,0x1f,0x6c,0xe7,0xc2,0xdf,0xef,0x36,0x3d,0xe8,0xad,0x4b,0x4e,0x78,0x5b,0xaf,0x08}, + {0x33,0x25,0x1f,0x88,0xdc,0x99,0x34,0x28,0xb6,0x23,0x93,0x77,0xda,0x25,0x05,0x9d,0xf4,0x41,0x34,0x67,0xfb,0xdd,0x7a,0x89,0x8d,0x16,0x3a,0x16,0x71,0x9d,0xb7,0x32,0x4b,0x2c,0xcc,0x89,0xd2,0x14,0x73,0xe2,0x8d,0x17,0x87,0xa2,0x11,0xbd,0xe4,0x4b,0xce,0x64,0x33,0xfa,0xd6,0x28,0xd5,0x18,0x6e,0x82,0xd9,0xaf,0xd5,0xc1,0x23,0x64,0x6a,0xb3,0xfc,0xed,0xd9,0xf8,0x85,0xcc,0xf9,0xe5,0x46,0x37,0x8f,0xc2,0xbc,0x22,0xcd,0xd3,0xe5,0xf9,0x38,0xe3,0x9d,0xe4,0xcc,0x2d,0x3e,0xc1,0xfb,0x5e,0x0a,0x48}, + {0x71,0x20,0x62,0x01,0x0b,0xe7,0x51,0x0b,0xc5,0xaf,0x1d,0x8b,0xcf,0x05,0xb5,0x06,0xcd,0xab,0x5a,0xef,0x61,0xb0,0x6b,0x2c,0x31,0xbf,0xb7,0x0c,0x60,0x27,0xaa,0x47,0x1f,0x22,0xce,0x42,0xe4,0x4c,0x61,0xb6,0x28,0x39,0x05,0x4c,0xcc,0x9d,0x19,0x6e,0x03,0xbe,0x1c,0xdc,0xa4,0xb4,0x3f,0x66,0x06,0x8e,0x1c,0x69,0x47,0x1d,0xb3,0x24,0xc3,0xf8,0x15,0xc0,0xed,0x1e,0x54,0x2a,0x7c,0x3f,0x69,0x7c,0x7e,0xfe,0xa4,0x11,0xd6,0x78,0xa2,0x4e,0x13,0x66,0xaf,0xf0,0x94,0xa0,0xdd,0x14,0x5d,0x58,0x5b,0x54}, + {0x0f,0x3a,0xd4,0xa0,0x5e,0x27,0xbf,0x67,0xbe,0xee,0x9b,0x08,0x34,0x8e,0xe6,0xad,0x2e,0xe7,0x79,0xd4,0x4c,0x13,0x89,0x42,0x54,0x54,0xba,0x32,0xc3,0xf9,0x62,0x0f,0xe1,0x21,0xb3,0xe3,0xd0,0xe4,0x04,0x62,0x95,0x1e,0xff,0x28,0x7a,0x63,0xaa,0x3b,0x9e,0xbd,0x99,0x5b,0xfd,0xcf,0x0c,0x0b,0x71,0xd0,0xc8,0x64,0x3e,0xdc,0x22,0x4d,0x39,0x5f,0x3b,0xd6,0x89,0x65,0xb4,0xfc,0x61,0xcf,0xcb,0x57,0x3f,0x6a,0xae,0x5c,0x05,0xfa,0x3a,0x95,0xd2,0xc2,0xba,0xfe,0x36,0x14,0x37,0x36,0x1a,0xa0,0x0f,0x1c}, + {0xff,0x3d,0x94,0x22,0xb6,0x04,0xc6,0xd2,0xa0,0xb3,0xcf,0x44,0xce,0xbe,0x8c,0xbc,0x78,0x86,0x80,0x97,0xf3,0x4f,0x25,0x5d,0xbf,0xa6,0x1c,0x3b,0x4f,0x61,0xa3,0x0f,0x50,0x6a,0x93,0x8c,0x0e,0x2b,0x08,0x69,0xb6,0xc5,0xda,0xc1,0x35,0xa0,0xc9,0xf9,0x34,0xb6,0xdf,0xc4,0x54,0x3e,0xb7,0x6f,0x40,0xc1,0x2b,0x1d,0x9b,0x41,0x05,0x40,0xf0,0x82,0xbe,0xb9,0xbd,0xfe,0x03,0xa0,0x90,0xac,0x44,0x3a,0xaf,0xc1,0x89,0x20,0x8e,0xfa,0x54,0x19,0x91,0x9f,0x49,0xf8,0x42,0xab,0x40,0xef,0x8a,0x21,0xba,0x1f}, + {0x3e,0xf5,0xc8,0xfa,0x48,0x94,0x54,0xab,0x41,0x37,0xa6,0x7b,0x9a,0xe8,0xf6,0x81,0x01,0x5e,0x2b,0x6c,0x7d,0x6c,0xfd,0x74,0x42,0x6e,0xc8,0xa8,0xca,0x3a,0x2e,0x39,0x94,0x01,0x7b,0x3e,0x04,0x57,0x3e,0x4f,0x7f,0xaf,0xda,0x08,0xee,0x3e,0x1d,0xa8,0xf1,0xde,0xdc,0x99,0xab,0xc6,0x39,0xc8,0xd5,0x61,0x77,0xff,0x13,0x5d,0x53,0x6c,0xaf,0x35,0x8a,0x3e,0xe9,0x34,0xbd,0x4c,0x16,0xe8,0x87,0x58,0x44,0x81,0x07,0x2e,0xab,0xb0,0x9a,0xf2,0x76,0x9c,0x31,0x19,0x3b,0xc1,0x0a,0xd5,0xe4,0x7f,0xe1,0x25}, + {0x76,0xf6,0x04,0x1e,0xd7,0x9b,0x28,0x0a,0x95,0x0f,0x42,0xd6,0x52,0x1c,0x8e,0x20,0xab,0x1f,0x69,0x34,0xb0,0xd8,0x86,0x51,0x51,0xb3,0x9f,0x2a,0x44,0x51,0x57,0x25,0xa7,0x21,0xf1,0x76,0xf5,0x7f,0x5f,0x91,0xe3,0x87,0xcd,0x2f,0x27,0x32,0x4a,0xc3,0x26,0xe5,0x1b,0x4d,0xde,0x2f,0xba,0xcc,0x9b,0x89,0x69,0x89,0x8f,0x82,0xba,0x6b,0x01,0x39,0xfe,0x90,0x66,0xbc,0xd1,0xe2,0xd5,0x7a,0x99,0xa0,0x18,0x4a,0xb5,0x4c,0xd4,0x60,0x84,0xaf,0x14,0x69,0x1d,0x97,0xe4,0x7b,0x6b,0x7f,0x4f,0x50,0x9d,0x55}, + {0xd5,0x54,0xeb,0xb3,0x78,0x83,0x73,0xa7,0x7c,0x3c,0x55,0xa5,0x66,0xd3,0x69,0x1d,0xba,0x00,0x28,0xf9,0x62,0xcf,0x26,0x0a,0x17,0x32,0x7e,0x80,0xd5,0x12,0xab,0x01,0xfd,0x66,0xd2,0xf6,0xe7,0x91,0x48,0x9c,0x1b,0x78,0x07,0x03,0x9b,0xa1,0x44,0x07,0x3b,0xe2,0x61,0x60,0x1d,0x8f,0x38,0x88,0x0e,0xd5,0x4b,0x35,0xa3,0xa6,0x3e,0x12,0x96,0x2d,0xe3,0x41,0x90,0x18,0x8d,0x11,0x48,0x58,0x31,0xd8,0xc2,0xe3,0xed,0xb9,0xd9,0x45,0x32,0xd8,0x71,0x42,0xab,0x1e,0x54,0xa1,0x18,0xc9,0xe2,0x61,0x39,0x4a}, + {0xa0,0xbb,0xe6,0xf8,0xe0,0x3b,0xdc,0x71,0x0a,0xe3,0xff,0x7e,0x34,0xf8,0xce,0xd6,0x6a,0x47,0x3a,0xe1,0x5f,0x42,0x92,0xa9,0x63,0xb7,0x1d,0xfb,0xe3,0xbc,0xd6,0x2c,0x1e,0x3f,0x23,0xf3,0x44,0xd6,0x27,0x03,0x16,0xf0,0xfc,0x34,0x0e,0x26,0x9a,0x49,0x79,0xb9,0xda,0xf2,0x16,0xa7,0xb5,0x83,0x1f,0x11,0xd4,0x9b,0xad,0xee,0xac,0x68,0x10,0xc2,0xd7,0xf3,0x0e,0xc9,0xb4,0x38,0x0c,0x04,0xad,0xb7,0x24,0x6e,0x8e,0x30,0x23,0x3e,0xe7,0xb7,0xf1,0xd9,0x60,0x38,0x97,0xf5,0x08,0xb5,0xd5,0x60,0x57,0x59}, + {0x97,0x63,0xaa,0x04,0xe1,0xbf,0x29,0x61,0xcb,0xfc,0xa7,0xa4,0x08,0x00,0x96,0x8f,0x58,0x94,0x90,0x7d,0x89,0xc0,0x8b,0x3f,0xa9,0x91,0xb2,0xdc,0x3e,0xa4,0x9f,0x70,0x90,0x27,0x02,0xfd,0xeb,0xcb,0x2a,0x88,0x60,0x57,0x11,0xc4,0x05,0x33,0xaf,0x89,0xf4,0x73,0x34,0x7d,0xe3,0x92,0xf4,0x65,0x2b,0x5a,0x51,0x54,0xdf,0xc5,0xb2,0x2c,0xca,0x2a,0xfd,0x63,0x8c,0x5d,0x0a,0xeb,0xff,0x4e,0x69,0x2e,0x66,0xc1,0x2b,0xd2,0x3a,0xb0,0xcb,0xf8,0x6e,0xf3,0x23,0x27,0x1f,0x13,0xc8,0xf0,0xec,0x29,0xf0,0x70}, + {0x33,0x3e,0xed,0x2e,0xb3,0x07,0x13,0x46,0xe7,0x81,0x55,0xa4,0x33,0x2f,0x04,0xae,0x66,0x03,0x5f,0x19,0xd3,0x49,0x44,0xc9,0x58,0x48,0x31,0x6c,0x8a,0x5d,0x7d,0x0b,0xb9,0xb0,0x10,0x5e,0xaa,0xaf,0x6a,0x2a,0xa9,0x1a,0x04,0xef,0x70,0xa3,0xf0,0x78,0x1f,0xd6,0x3a,0xaa,0x77,0xfb,0x3e,0x77,0xe1,0xd9,0x4b,0xa7,0xa2,0xa5,0xec,0x44,0x43,0xd5,0x95,0x7b,0x32,0x48,0xd4,0x25,0x1d,0x0f,0x34,0xa3,0x00,0x83,0xd3,0x70,0x2b,0xc5,0xe1,0x60,0x1c,0x53,0x1c,0xde,0xe4,0xe9,0x7d,0x2c,0x51,0x24,0x22,0x27}, + {0x2e,0x34,0xc5,0x49,0xaf,0x92,0xbc,0x1a,0xd0,0xfa,0xe6,0xb2,0x11,0xd8,0xee,0xff,0x29,0x4e,0xc8,0xfc,0x8d,0x8c,0xa2,0xef,0x43,0xc5,0x4c,0xa4,0x18,0xdf,0xb5,0x11,0xfc,0x75,0xa9,0x42,0x8a,0xbb,0x7b,0xbf,0x58,0xa3,0xad,0x96,0x77,0x39,0x5c,0x8c,0x48,0xaa,0xed,0xcd,0x6f,0xc7,0x7f,0xe2,0xa6,0x20,0xbc,0xf6,0xd7,0x5f,0x73,0x19,0x66,0x42,0xc8,0x42,0xd0,0x90,0xab,0xe3,0x7e,0x54,0x19,0x7f,0x0f,0x8e,0x84,0xeb,0xb9,0x97,0xa4,0x65,0xd0,0xa1,0x03,0x25,0x5f,0x89,0xdf,0x91,0x11,0x91,0xef,0x0f} +}; + +NAMESPACE_END // Arch64 +NAMESPACE_END // Donna +NAMESPACE_END // CryptoPP + +#endif // CRYPTOPP_DOXYGEN_PROCESSING +#endif // CRYPTOPP_DONNA_64_H diff --git a/vendor/cryptopp/vendor_cryptopp/donna_sse.cpp b/vendor/cryptopp/vendor_cryptopp/donna_sse.cpp new file mode 100644 index 00000000..99607b6d --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/donna_sse.cpp @@ -0,0 +1,1118 @@ +// donna_sse.cpp - written and placed in public domain by Jeffrey Walton +// This is a integration of Andrew Moon's public domain code. +// Also see https://github.com/floodyberry/curve25519-donna. + +// This is a integration of Andrew Moon's public domain code. The port was +// clean, but it has one potential problem. The original code is C and relies +// upon unions. Accessing the inactive union member is undefined behavior in +// C++. That means copying the array into packedelem8.u is OK; but then using +// packedelem8.v in a calcualtion is UB. Fortunately most (all?) compilers +// take pity on C++ developers and compile the code. We will have to keep an +// eye on things or rewrite significant portions of this code. + +// If needed, see Moon's commit "Go back to ignoring 256th bit [sic]", +// https://github.com/floodyberry/curve25519-donna/commit/57a683d18721a658 + +#include "pch.h" + +#include "config.h" +#include "donna.h" +#include "secblock.h" +#include "misc.h" + +// The data is aligned, but Clang issues warning based on type +// and not the actual alignment of the variable and data. +#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE +# pragma GCC diagnostic ignored "-Wcast-align" +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char DONNA_SSE_FNAME[] = __FILE__; + +#if (CRYPTOPP_CURVE25519_SSE2) + +#include "donna_sse.h" + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::sword32; +using CryptoPP::word64; +using CryptoPP::sword64; +using CryptoPP::GetBlock; +using CryptoPP::LittleEndian; + +// Bring in all the symbols from the SSE header +using namespace CryptoPP::Donna::ArchSSE; + +/* Copy a bignum to another: out = in */ +inline void +curve25519_copy(bignum25519 out, const bignum25519 in) { + xmmi x0,x1,x2; + x0 = _mm_load_si128((xmmi*)in + 0); + x1 = _mm_load_si128((xmmi*)in + 1); + x2 = _mm_load_si128((xmmi*)in + 2); + _mm_store_si128((xmmi*)out + 0, x0); + _mm_store_si128((xmmi*)out + 1, x1); + _mm_store_si128((xmmi*)out + 2, x2); +} + +/* Take a little-endian, 32-byte number and expand it into polynomial form */ +inline void +curve25519_expand(bignum25519 out, const byte in[32]) { + word32 x0,x1,x2,x3,x4,x5,x6,x7; + + x0 = *(word32 *)(in + 0); + x1 = *(word32 *)(in + 4); + x2 = *(word32 *)(in + 8); + x3 = *(word32 *)(in + 12); + x4 = *(word32 *)(in + 16); + x5 = *(word32 *)(in + 20); + x6 = *(word32 *)(in + 24); + x7 = *(word32 *)(in + 28); + + out[0] = ( x0 ) & reduce_mask_26; + out[1] = ((((word64)x1 << 32) | x0) >> 26) & reduce_mask_25; + out[2] = ((((word64)x2 << 32) | x1) >> 19) & reduce_mask_26; + out[3] = ((((word64)x3 << 32) | x2) >> 13) & reduce_mask_25; + out[4] = (( x3) >> 6) & reduce_mask_26; + out[5] = ( x4 ) & reduce_mask_25; + out[6] = ((((word64)x5 << 32) | x4) >> 25) & reduce_mask_26; + out[7] = ((((word64)x6 << 32) | x5) >> 19) & reduce_mask_25; + out[8] = ((((word64)x7 << 32) | x6) >> 12) & reduce_mask_26; + out[9] = (( x7) >> 6) & reduce_mask_25; /* ignore the top bit */ + + out[10] = 0; + out[11] = 0; +} + +/* Take a fully reduced polynomial form number and contract it into a + * little-endian, 32-byte array + */ +inline void +curve25519_contract(byte out[32], const bignum25519 in) { + ALIGN(16) bignum25519 f; + + curve25519_copy(f, in); + + #define carry_pass() \ + f[1] += f[0] >> 26; f[0] &= reduce_mask_26; \ + f[2] += f[1] >> 25; f[1] &= reduce_mask_25; \ + f[3] += f[2] >> 26; f[2] &= reduce_mask_26; \ + f[4] += f[3] >> 25; f[3] &= reduce_mask_25; \ + f[5] += f[4] >> 26; f[4] &= reduce_mask_26; \ + f[6] += f[5] >> 25; f[5] &= reduce_mask_25; \ + f[7] += f[6] >> 26; f[6] &= reduce_mask_26; \ + f[8] += f[7] >> 25; f[7] &= reduce_mask_25; \ + f[9] += f[8] >> 26; f[8] &= reduce_mask_26; + + #define carry_pass_full() \ + carry_pass() \ + f[0] += 19 * (f[9] >> 25); f[9] &= reduce_mask_25; + + #define carry_pass_final() \ + carry_pass() \ + f[9] &= reduce_mask_25; + + carry_pass_full() + carry_pass_full() + + /* now t is between 0 and 2^255-1, properly carried. */ + /* case 1: between 0 and 2^255-20. case 2: between 2^255-19 and 2^255-1. */ + f[0] += 19; + carry_pass_full() + + /* now between 19 and 2^255-1 in both cases, and offset by 19. */ + f[0] += (1 << 26) - 19; + f[1] += (1 << 25) - 1; + f[2] += (1 << 26) - 1; + f[3] += (1 << 25) - 1; + f[4] += (1 << 26) - 1; + f[5] += (1 << 25) - 1; + f[6] += (1 << 26) - 1; + f[7] += (1 << 25) - 1; + f[8] += (1 << 26) - 1; + f[9] += (1 << 25) - 1; + + /* now between 2^255 and 2^256-20, and offset by 2^255. */ + carry_pass_final() + + #undef carry_pass + #undef carry_full + #undef carry_final + + *(word32 *)(out + 0) = ((f[0] ) | (f[1] << 26)); + *(word32 *)(out + 4) = ((f[1] >> 6) | (f[2] << 19)); + *(word32 *)(out + 8) = ((f[2] >> 13) | (f[3] << 13)); + *(word32 *)(out + 12) = ((f[3] >> 19) | (f[4] << 6)); + *(word32 *)(out + 16) = ((f[5] ) | (f[6] << 25)); + *(word32 *)(out + 20) = ((f[6] >> 7) | (f[7] << 19)); + *(word32 *)(out + 24) = ((f[7] >> 13) | (f[8] << 12)); + *(word32 *)(out + 28) = ((f[8] >> 20) | (f[9] << 6)); +} + +/* + * Maybe swap the contents of two felem arrays (@a and @b), each 5 elements + * long. Perform the swap iff @swap is non-zero. + */ +inline void +curve25519_swap_conditional(bignum25519 a, bignum25519 b, word32 iswap) { + const word32 swap = (word32)(-(sword32)iswap); + xmmi a0,a1,a2,b0,b1,b2,x0,x1,x2; + xmmi mask = _mm_cvtsi32_si128(swap); + mask = _mm_shuffle_epi32(mask, 0); + a0 = _mm_load_si128((xmmi *)a + 0); + a1 = _mm_load_si128((xmmi *)a + 1); + a2 = _mm_load_si128((xmmi *)a + 2); + b0 = _mm_load_si128((xmmi *)b + 0); + b1 = _mm_load_si128((xmmi *)b + 1); + b2 = _mm_load_si128((xmmi *)b + 2); + b0 = _mm_xor_si128(a0, b0); + b1 = _mm_xor_si128(a1, b1); + b2 = _mm_xor_si128(a2, b2); + x0 = _mm_and_si128(b0, mask); + x1 = _mm_and_si128(b1, mask); + x2 = _mm_and_si128(b2, mask); + x0 = _mm_xor_si128(x0, a0); + x1 = _mm_xor_si128(x1, a1); + x2 = _mm_xor_si128(x2, a2); + a0 = _mm_xor_si128(x0, b0); + a1 = _mm_xor_si128(x1, b1); + a2 = _mm_xor_si128(x2, b2); + _mm_store_si128((xmmi *)a + 0, x0); + _mm_store_si128((xmmi *)a + 1, x1); + _mm_store_si128((xmmi *)a + 2, x2); + _mm_store_si128((xmmi *)b + 0, a0); + _mm_store_si128((xmmi *)b + 1, a1); + _mm_store_si128((xmmi *)b + 2, a2); +} + +/* interleave two bignums */ +inline void +curve25519_tangle32(packedelem32 *out, const bignum25519 x, const bignum25519 z) { + xmmi x0,x1,x2,z0,z1,z2; + + x0 = _mm_load_si128((xmmi *)(x + 0)); + x1 = _mm_load_si128((xmmi *)(x + 4)); + x2 = _mm_load_si128((xmmi *)(x + 8)); + z0 = _mm_load_si128((xmmi *)(z + 0)); + z1 = _mm_load_si128((xmmi *)(z + 4)); + z2 = _mm_load_si128((xmmi *)(z + 8)); + + out[0].v = _mm_unpacklo_epi32(x0, z0); + out[1].v = _mm_unpackhi_epi32(x0, z0); + out[2].v = _mm_unpacklo_epi32(x1, z1); + out[3].v = _mm_unpackhi_epi32(x1, z1); + out[4].v = _mm_unpacklo_epi32(x2, z2); +} + +/* split a packed bignum in to it's two parts */ +inline void +curve25519_untangle64(bignum25519 x, bignum25519 z, const packedelem64 *in) { + _mm_store_si128((xmmi *)(x + 0), _mm_unpacklo_epi64(_mm_unpacklo_epi32(in[0].v, in[1].v), _mm_unpacklo_epi32(in[2].v, in[3].v))); + _mm_store_si128((xmmi *)(x + 4), _mm_unpacklo_epi64(_mm_unpacklo_epi32(in[4].v, in[5].v), _mm_unpacklo_epi32(in[6].v, in[7].v))); + _mm_store_si128((xmmi *)(x + 8), _mm_unpacklo_epi32(in[8].v, in[9].v) ); + _mm_store_si128((xmmi *)(z + 0), _mm_unpacklo_epi64(_mm_unpackhi_epi32(in[0].v, in[1].v), _mm_unpackhi_epi32(in[2].v, in[3].v))); + _mm_store_si128((xmmi *)(z + 4), _mm_unpacklo_epi64(_mm_unpackhi_epi32(in[4].v, in[5].v), _mm_unpackhi_epi32(in[6].v, in[7].v))); + _mm_store_si128((xmmi *)(z + 8), _mm_unpackhi_epi32(in[8].v, in[9].v) ); +} + +/* add two packed bignums */ +inline void +curve25519_add_packed32(packedelem32 *out, const packedelem32 *r, const packedelem32 *s) { + out[0].v = _mm_add_epi32(r[0].v, s[0].v); + out[1].v = _mm_add_epi32(r[1].v, s[1].v); + out[2].v = _mm_add_epi32(r[2].v, s[2].v); + out[3].v = _mm_add_epi32(r[3].v, s[3].v); + out[4].v = _mm_add_epi32(r[4].v, s[4].v); +} + +/* subtract two packed bignums */ +inline void +curve25519_sub_packed32(packedelem32 *out, const packedelem32 *r, const packedelem32 *s) { + xmmi r0,r1,r2,r3,r4; + xmmi s0,s1,s2,s3; + xmmi c1,c2; + + r0 = _mm_add_epi32(r[0].v, packed32zeromodp0.v); + r1 = _mm_add_epi32(r[1].v, packed32zeromodp1.v); + r2 = _mm_add_epi32(r[2].v, packed32zeromodp1.v); + r3 = _mm_add_epi32(r[3].v, packed32zeromodp1.v); + r4 = _mm_add_epi32(r[4].v, packed32zeromodp1.v); + r0 = _mm_sub_epi32(r0, s[0].v); /* 00 11 */ + r1 = _mm_sub_epi32(r1, s[1].v); /* 22 33 */ + r2 = _mm_sub_epi32(r2, s[2].v); /* 44 55 */ + r3 = _mm_sub_epi32(r3, s[3].v); /* 66 77 */ + r4 = _mm_sub_epi32(r4, s[4].v); /* 88 99 */ + + s0 = _mm_unpacklo_epi64(r0, r2); /* 00 44 */ + s1 = _mm_unpackhi_epi64(r0, r2); /* 11 55 */ + s2 = _mm_unpacklo_epi64(r1, r3); /* 22 66 */ + s3 = _mm_unpackhi_epi64(r1, r3); /* 33 77 */ + + c1 = _mm_srli_epi32(s0, 26); c2 = _mm_srli_epi32(s2, 26); s0 = _mm_and_si128(s0, packedmask26262626.v); s2 = _mm_and_si128(s2, packedmask26262626.v); s1 = _mm_add_epi32(s1, c1); s3 = _mm_add_epi32(s3, c2); + c1 = _mm_srli_epi32(s1, 25); c2 = _mm_srli_epi32(s3, 25); s1 = _mm_and_si128(s1, packedmask25252525.v); s3 = _mm_and_si128(s3, packedmask25252525.v); s2 = _mm_add_epi32(s2, c1); r4 = _mm_add_epi32(r4, _mm_srli_si128(c2, 8)); s0 = _mm_add_epi32(s0, _mm_slli_si128(c2, 8)); + + out[0].v = _mm_unpacklo_epi64(s0, s1); /* 00 11 */ + out[1].v = _mm_unpacklo_epi64(s2, s3); /* 22 33 */ + out[2].v = _mm_unpackhi_epi64(s0, s1); /* 44 55 */ + out[3].v = _mm_unpackhi_epi64(s2, s3); /* 66 77 */ + out[4].v = r4; /* 88 99 */ +} + +/* multiply two packed bignums */ +inline void +curve25519_mul_packed64(packedelem64 *out, const packedelem64 *r, const packedelem64 *s) { + xmmi r1,r2,r3,r4,r5,r6,r7,r8,r9; + xmmi r1_2,r3_2,r5_2,r7_2,r9_2; + xmmi c1,c2; + + out[0].v = _mm_mul_epu32(r[0].v, s[0].v); + out[1].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[1].v), _mm_mul_epu32(r[1].v, s[0].v)); + r1_2 = _mm_slli_epi32(r[1].v, 1); + out[2].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r1_2 , s[1].v), _mm_mul_epu32(r[2].v, s[0].v))); + out[3].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[3].v), _mm_add_epi64(_mm_mul_epu32(r[1].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r[2].v, s[1].v), _mm_mul_epu32(r[3].v, s[0].v)))); + r3_2 = _mm_slli_epi32(r[3].v, 1); + out[4].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[4].v), _mm_add_epi64(_mm_mul_epu32(r1_2 , s[3].v), _mm_add_epi64(_mm_mul_epu32(r[2].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r3_2 , s[1].v), _mm_mul_epu32(r[4].v, s[0].v))))); + out[5].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[5].v), _mm_add_epi64(_mm_mul_epu32(r[1].v, s[4].v), _mm_add_epi64(_mm_mul_epu32(r[2].v, s[3].v), _mm_add_epi64(_mm_mul_epu32(r[3].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r[4].v, s[1].v), _mm_mul_epu32(r[5].v, s[0].v)))))); + r5_2 = _mm_slli_epi32(r[5].v, 1); + out[6].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[6].v), _mm_add_epi64(_mm_mul_epu32(r1_2 , s[5].v), _mm_add_epi64(_mm_mul_epu32(r[2].v, s[4].v), _mm_add_epi64(_mm_mul_epu32(r3_2 , s[3].v), _mm_add_epi64(_mm_mul_epu32(r[4].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r5_2 , s[1].v), _mm_mul_epu32(r[6].v, s[0].v))))))); + out[7].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[7].v), _mm_add_epi64(_mm_mul_epu32(r[1].v, s[6].v), _mm_add_epi64(_mm_mul_epu32(r[2].v, s[5].v), _mm_add_epi64(_mm_mul_epu32(r[3].v, s[4].v), _mm_add_epi64(_mm_mul_epu32(r[4].v, s[3].v), _mm_add_epi64(_mm_mul_epu32(r[5].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r[6].v, s[1].v), _mm_mul_epu32(r[7].v , s[0].v)))))))); + r7_2 = _mm_slli_epi32(r[7].v, 1); + out[8].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[8].v), _mm_add_epi64(_mm_mul_epu32(r1_2 , s[7].v), _mm_add_epi64(_mm_mul_epu32(r[2].v, s[6].v), _mm_add_epi64(_mm_mul_epu32(r3_2 , s[5].v), _mm_add_epi64(_mm_mul_epu32(r[4].v, s[4].v), _mm_add_epi64(_mm_mul_epu32(r5_2 , s[3].v), _mm_add_epi64(_mm_mul_epu32(r[6].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r7_2 , s[1].v), _mm_mul_epu32(r[8].v, s[0].v))))))))); + out[9].v = _mm_add_epi64(_mm_mul_epu32(r[0].v, s[9].v), _mm_add_epi64(_mm_mul_epu32(r[1].v, s[8].v), _mm_add_epi64(_mm_mul_epu32(r[2].v, s[7].v), _mm_add_epi64(_mm_mul_epu32(r[3].v, s[6].v), _mm_add_epi64(_mm_mul_epu32(r[4].v, s[5].v), _mm_add_epi64(_mm_mul_epu32(r[5].v, s[4].v), _mm_add_epi64(_mm_mul_epu32(r[6].v, s[3].v), _mm_add_epi64(_mm_mul_epu32(r[7].v, s[2].v), _mm_add_epi64(_mm_mul_epu32(r[8].v, s[1].v), _mm_mul_epu32(r[9].v, s[0].v)))))))))); + + r1 = _mm_mul_epu32(r[1].v, packednineteen.v); + r2 = _mm_mul_epu32(r[2].v, packednineteen.v); + r1_2 = _mm_slli_epi32(r1, 1); + r3 = _mm_mul_epu32(r[3].v, packednineteen.v); + r4 = _mm_mul_epu32(r[4].v, packednineteen.v); + r3_2 = _mm_slli_epi32(r3, 1); + r5 = _mm_mul_epu32(r[5].v, packednineteen.v); + r6 = _mm_mul_epu32(r[6].v, packednineteen.v); + r5_2 = _mm_slli_epi32(r5, 1); + r7 = _mm_mul_epu32(r[7].v, packednineteen.v); + r8 = _mm_mul_epu32(r[8].v, packednineteen.v); + r7_2 = _mm_slli_epi32(r7, 1); + r9 = _mm_mul_epu32(r[9].v, packednineteen.v); + r9_2 = _mm_slli_epi32(r9, 1); + + out[0].v = _mm_add_epi64(out[0].v, _mm_add_epi64(_mm_mul_epu32(r9_2, s[1].v), _mm_add_epi64(_mm_mul_epu32(r8, s[2].v), _mm_add_epi64(_mm_mul_epu32(r7_2, s[3].v), _mm_add_epi64(_mm_mul_epu32(r6, s[4].v), _mm_add_epi64(_mm_mul_epu32(r5_2, s[5].v), _mm_add_epi64(_mm_mul_epu32(r4, s[6].v), _mm_add_epi64(_mm_mul_epu32(r3_2, s[7].v), _mm_add_epi64(_mm_mul_epu32(r2, s[8].v), _mm_mul_epu32(r1_2, s[9].v)))))))))); + out[1].v = _mm_add_epi64(out[1].v, _mm_add_epi64(_mm_mul_epu32(r9 , s[2].v), _mm_add_epi64(_mm_mul_epu32(r8, s[3].v), _mm_add_epi64(_mm_mul_epu32(r7 , s[4].v), _mm_add_epi64(_mm_mul_epu32(r6, s[5].v), _mm_add_epi64(_mm_mul_epu32(r5 , s[6].v), _mm_add_epi64(_mm_mul_epu32(r4, s[7].v), _mm_add_epi64(_mm_mul_epu32(r3 , s[8].v), _mm_mul_epu32(r2, s[9].v))))))))); + out[2].v = _mm_add_epi64(out[2].v, _mm_add_epi64(_mm_mul_epu32(r9_2, s[3].v), _mm_add_epi64(_mm_mul_epu32(r8, s[4].v), _mm_add_epi64(_mm_mul_epu32(r7_2, s[5].v), _mm_add_epi64(_mm_mul_epu32(r6, s[6].v), _mm_add_epi64(_mm_mul_epu32(r5_2, s[7].v), _mm_add_epi64(_mm_mul_epu32(r4, s[8].v), _mm_mul_epu32(r3_2, s[9].v)))))))); + out[3].v = _mm_add_epi64(out[3].v, _mm_add_epi64(_mm_mul_epu32(r9 , s[4].v), _mm_add_epi64(_mm_mul_epu32(r8, s[5].v), _mm_add_epi64(_mm_mul_epu32(r7 , s[6].v), _mm_add_epi64(_mm_mul_epu32(r6, s[7].v), _mm_add_epi64(_mm_mul_epu32(r5 , s[8].v), _mm_mul_epu32(r4, s[9].v))))))); + out[4].v = _mm_add_epi64(out[4].v, _mm_add_epi64(_mm_mul_epu32(r9_2, s[5].v), _mm_add_epi64(_mm_mul_epu32(r8, s[6].v), _mm_add_epi64(_mm_mul_epu32(r7_2, s[7].v), _mm_add_epi64(_mm_mul_epu32(r6, s[8].v), _mm_mul_epu32(r5_2, s[9].v)))))); + out[5].v = _mm_add_epi64(out[5].v, _mm_add_epi64(_mm_mul_epu32(r9 , s[6].v), _mm_add_epi64(_mm_mul_epu32(r8, s[7].v), _mm_add_epi64(_mm_mul_epu32(r7 , s[8].v), _mm_mul_epu32(r6, s[9].v))))); + out[6].v = _mm_add_epi64(out[6].v, _mm_add_epi64(_mm_mul_epu32(r9_2, s[7].v), _mm_add_epi64(_mm_mul_epu32(r8, s[8].v), _mm_mul_epu32(r7_2, s[9].v)))); + out[7].v = _mm_add_epi64(out[7].v, _mm_add_epi64(_mm_mul_epu32(r9 , s[8].v), _mm_mul_epu32(r8, s[9].v))); + out[8].v = _mm_add_epi64(out[8].v, _mm_mul_epu32(r9_2, s[9].v)); + + c1 = _mm_srli_epi64(out[0].v, 26); c2 = _mm_srli_epi64(out[4].v, 26); out[0].v = _mm_and_si128(out[0].v, packedmask26.v); out[4].v = _mm_and_si128(out[4].v, packedmask26.v); out[1].v = _mm_add_epi64(out[1].v, c1); out[5].v = _mm_add_epi64(out[5].v, c2); + c1 = _mm_srli_epi64(out[1].v, 25); c2 = _mm_srli_epi64(out[5].v, 25); out[1].v = _mm_and_si128(out[1].v, packedmask25.v); out[5].v = _mm_and_si128(out[5].v, packedmask25.v); out[2].v = _mm_add_epi64(out[2].v, c1); out[6].v = _mm_add_epi64(out[6].v, c2); + c1 = _mm_srli_epi64(out[2].v, 26); c2 = _mm_srli_epi64(out[6].v, 26); out[2].v = _mm_and_si128(out[2].v, packedmask26.v); out[6].v = _mm_and_si128(out[6].v, packedmask26.v); out[3].v = _mm_add_epi64(out[3].v, c1); out[7].v = _mm_add_epi64(out[7].v, c2); + c1 = _mm_srli_epi64(out[3].v, 25); c2 = _mm_srli_epi64(out[7].v, 25); out[3].v = _mm_and_si128(out[3].v, packedmask25.v); out[7].v = _mm_and_si128(out[7].v, packedmask25.v); out[4].v = _mm_add_epi64(out[4].v, c1); out[8].v = _mm_add_epi64(out[8].v, c2); + c2 = _mm_srli_epi64(out[8].v, 26); out[8].v = _mm_and_si128(out[8].v, packedmask26.v); out[9].v = _mm_add_epi64(out[9].v, c2); + c2 = _mm_srli_epi64(out[9].v, 25); out[9].v = _mm_and_si128(out[9].v, packedmask25.v); out[0].v = _mm_add_epi64(out[0].v, _mm_mul_epu32(c2, packednineteen.v)); + c1 = _mm_srli_epi64(out[0].v, 26); c2 = _mm_srli_epi64(out[4].v, 26); out[0].v = _mm_and_si128(out[0].v, packedmask26.v); out[4].v = _mm_and_si128(out[4].v, packedmask26.v); out[1].v = _mm_add_epi64(out[1].v, c1); out[5].v = _mm_add_epi64(out[5].v, c2); +} + +/* multiply a bignum */ +void +curve25519_mul(bignum25519 out, const bignum25519 r, const bignum25519 s) { + xmmi m01,m23,m45,m67,m89; + xmmi m0123,m4567; + xmmi s0123,s4567; + xmmi s01,s23,s45,s67,s89; + xmmi s12,s34,s56,s78,s9; + xmmi r0,r2,r4,r6,r8; + xmmi r1,r3,r5,r7,r9; + xmmi r119,r219,r319,r419,r519,r619,r719,r819,r919; + xmmi c1,c2,c3; + + s0123 = _mm_load_si128((xmmi*)s + 0); + s01 = _mm_shuffle_epi32(s0123,_MM_SHUFFLE(3,1,2,0)); + s12 = _mm_shuffle_epi32(s0123, _MM_SHUFFLE(2,2,1,1)); + s23 = _mm_shuffle_epi32(s0123,_MM_SHUFFLE(3,3,2,2)); + s4567 = _mm_load_si128((xmmi*)s + 1); + s34 = _mm_unpacklo_epi64(_mm_srli_si128(s0123,12),s4567); + s45 = _mm_shuffle_epi32(s4567,_MM_SHUFFLE(3,1,2,0)); + s56 = _mm_shuffle_epi32(s4567, _MM_SHUFFLE(2,2,1,1)); + s67 = _mm_shuffle_epi32(s4567,_MM_SHUFFLE(3,3,2,2)); + s89 = _mm_load_si128((xmmi*)s + 2); + s78 = _mm_unpacklo_epi64(_mm_srli_si128(s4567,12),s89); + s89 = _mm_shuffle_epi32(s89,_MM_SHUFFLE(3,1,2,0)); + s9 = _mm_shuffle_epi32(s89, _MM_SHUFFLE(3,3,2,2)); + + r0 = _mm_load_si128((xmmi*)r + 0); + r1 = _mm_shuffle_epi32(r0, _MM_SHUFFLE(1,1,1,1)); + r1 = _mm_add_epi64(r1, _mm_and_si128(r1, sse2_top64bitmask.v)); + r2 = _mm_shuffle_epi32(r0, _MM_SHUFFLE(2,2,2,2)); + r3 = _mm_shuffle_epi32(r0, _MM_SHUFFLE(3,3,3,3)); + r3 = _mm_add_epi64(r3, _mm_and_si128(r3, sse2_top64bitmask.v)); + r0 = _mm_shuffle_epi32(r0, _MM_SHUFFLE(0,0,0,0)); + r4 = _mm_load_si128((xmmi*)r + 1); + r5 = _mm_shuffle_epi32(r4, _MM_SHUFFLE(1,1,1,1)); + r5 = _mm_add_epi64(r5, _mm_and_si128(r5, sse2_top64bitmask.v)); + r6 = _mm_shuffle_epi32(r4, _MM_SHUFFLE(2,2,2,2)); + r7 = _mm_shuffle_epi32(r4, _MM_SHUFFLE(3,3,3,3)); + r7 = _mm_add_epi64(r7, _mm_and_si128(r7, sse2_top64bitmask.v)); + r4 = _mm_shuffle_epi32(r4, _MM_SHUFFLE(0,0,0,0)); + r8 = _mm_load_si128((xmmi*)r + 2); + r9 = _mm_shuffle_epi32(r8, _MM_SHUFFLE(3,1,3,1)); + r9 = _mm_add_epi64(r9, _mm_and_si128(r9, sse2_top64bitmask.v)); + r8 = _mm_shuffle_epi32(r8, _MM_SHUFFLE(3,0,3,0)); + + m01 = _mm_mul_epu32(r1,s01); + m23 = _mm_mul_epu32(r1,s23); + m45 = _mm_mul_epu32(r1,s45); + m67 = _mm_mul_epu32(r1,s67); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r3,s01)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r3,s23)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r3,s45)); + m89 = _mm_mul_epu32(r1,s89); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r5,s01)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r5,s23)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r3,s67)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r7,s01)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r5,s45)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r7,s23)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r9,s01)); + + /* shift up */ + m89 = _mm_unpackhi_epi64(m67,_mm_slli_si128(m89,8)); + m67 = _mm_unpackhi_epi64(m45,_mm_slli_si128(m67,8)); + m45 = _mm_unpackhi_epi64(m23,_mm_slli_si128(m45,8)); + m23 = _mm_unpackhi_epi64(m01,_mm_slli_si128(m23,8)); + m01 = _mm_unpackhi_epi64(_mm_setzero_si128(),_mm_slli_si128(m01,8)); + + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r0,s01)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r0,s23)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r0,s45)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r0,s67)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r2,s01)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r2,s23)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r4,s23)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r0,s89)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r4,s01)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r2,s45)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r2,s67)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r6,s01)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r4,s45)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r6,s23)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r8,s01)); + + r219 = _mm_mul_epu32(r2, packednineteen.v); + r419 = _mm_mul_epu32(r4, packednineteen.v); + r619 = _mm_mul_epu32(r6, packednineteen.v); + r819 = _mm_mul_epu32(r8, packednineteen.v); + r119 = _mm_shuffle_epi32(r1,_MM_SHUFFLE(0,0,2,2)); r119 = _mm_mul_epu32(r119, packednineteen.v); + r319 = _mm_shuffle_epi32(r3,_MM_SHUFFLE(0,0,2,2)); r319 = _mm_mul_epu32(r319, packednineteen.v); + r519 = _mm_shuffle_epi32(r5,_MM_SHUFFLE(0,0,2,2)); r519 = _mm_mul_epu32(r519, packednineteen.v); + r719 = _mm_shuffle_epi32(r7,_MM_SHUFFLE(0,0,2,2)); r719 = _mm_mul_epu32(r719, packednineteen.v); + r919 = _mm_shuffle_epi32(r9,_MM_SHUFFLE(0,0,2,2)); r919 = _mm_mul_epu32(r919, packednineteen.v); + + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r919,s12)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r919,s34)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r919,s56)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r919,s78)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r719,s34)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r719,s56)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r719,s78)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r719,s9)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r519,s56)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r519,s78)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r519,s9)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r819,s89)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r319,s78)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r319,s9)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r619,s89)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r919,s9)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r819,s23)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r819,s45)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r819,s67)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r619,s45)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r619,s67)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r419,s67)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r419,s89)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r219,s89)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r119,s9)); + + r0 = _mm_unpacklo_epi64(m01, m45); + r1 = _mm_unpackhi_epi64(m01, m45); + r2 = _mm_unpacklo_epi64(m23, m67); + r3 = _mm_unpackhi_epi64(m23, m67); + r4 = _mm_unpacklo_epi64(m89, m89); + r5 = _mm_unpackhi_epi64(m89, m89); + + c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2); + c1 = _mm_srli_epi64(r1, 25); c2 = _mm_srli_epi64(r3, 25); r1 = _mm_and_si128(r1, packedmask25.v); r3 = _mm_and_si128(r3, packedmask25.v); r2 = _mm_add_epi64(r2, c1); r4 = _mm_add_epi64(r4, c2); c3 = _mm_slli_si128(c2, 8); + c1 = _mm_srli_epi64(r4, 26); r4 = _mm_and_si128(r4, packedmask26.v); r5 = _mm_add_epi64(r5, c1); + c1 = _mm_srli_epi64(r5, 25); r5 = _mm_and_si128(r5, packedmask25.v); r0 = _mm_add_epi64(r0, _mm_unpackhi_epi64(_mm_mul_epu32(c1, packednineteen.v), c3)); + c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2); + + m0123 = _mm_unpacklo_epi32(r0, r1); + m4567 = _mm_unpackhi_epi32(r0, r1); + m0123 = _mm_unpacklo_epi64(m0123, _mm_unpacklo_epi32(r2, r3)); + m4567 = _mm_unpacklo_epi64(m4567, _mm_unpackhi_epi32(r2, r3)); + m89 = _mm_unpackhi_epi32(r4, r5); + + _mm_store_si128((xmmi*)out + 0, m0123); + _mm_store_si128((xmmi*)out + 1, m4567); + _mm_store_si128((xmmi*)out + 2, m89); +} + +typedef struct bignum25519mulprecomp_t { + xmmi r0,r2,r4,r6,r8; + xmmi r1,r3,r5,r7,r9; + xmmi r119,r219,r319,r419,r519,r619,r719,r819,r919; +} bignum25519mulprecomp; + +/* precompute a constant to multiply by */ +inline void +curve25519_mul_precompute(bignum25519mulprecomp *pre, const bignum25519 r) { + pre->r0 = _mm_load_si128((xmmi*)r + 0); + pre->r1 = _mm_shuffle_epi32(pre->r0, _MM_SHUFFLE(1,1,1,1)); + pre->r1 = _mm_add_epi64(pre->r1, _mm_and_si128(pre->r1, sse2_top64bitmask.v)); + pre->r2 = _mm_shuffle_epi32(pre->r0, _MM_SHUFFLE(2,2,2,2)); + pre->r3 = _mm_shuffle_epi32(pre->r0, _MM_SHUFFLE(3,3,3,3)); + pre->r3 = _mm_add_epi64(pre->r3, _mm_and_si128(pre->r3, sse2_top64bitmask.v)); + pre->r0 = _mm_shuffle_epi32(pre->r0, _MM_SHUFFLE(0,0,0,0)); + pre->r4 = _mm_load_si128((xmmi*)r + 1); + pre->r5 = _mm_shuffle_epi32(pre->r4, _MM_SHUFFLE(1,1,1,1)); + pre->r5 = _mm_add_epi64(pre->r5, _mm_and_si128(pre->r5, sse2_top64bitmask.v)); + pre->r6 = _mm_shuffle_epi32(pre->r4, _MM_SHUFFLE(2,2,2,2)); + pre->r7 = _mm_shuffle_epi32(pre->r4, _MM_SHUFFLE(3,3,3,3)); + pre->r7 = _mm_add_epi64(pre->r7, _mm_and_si128(pre->r7, sse2_top64bitmask.v)); + pre->r4 = _mm_shuffle_epi32(pre->r4, _MM_SHUFFLE(0,0,0,0)); + pre->r8 = _mm_load_si128((xmmi*)r + 2); + pre->r9 = _mm_shuffle_epi32(pre->r8, _MM_SHUFFLE(3,1,3,1)); + pre->r9 = _mm_add_epi64(pre->r9, _mm_and_si128(pre->r9, sse2_top64bitmask.v)); + pre->r8 = _mm_shuffle_epi32(pre->r8, _MM_SHUFFLE(3,0,3,0)); + + pre->r219 = _mm_mul_epu32(pre->r2, packednineteen.v); + pre->r419 = _mm_mul_epu32(pre->r4, packednineteen.v); + pre->r619 = _mm_mul_epu32(pre->r6, packednineteen.v); + pre->r819 = _mm_mul_epu32(pre->r8, packednineteen.v); + pre->r119 = _mm_shuffle_epi32(pre->r1,_MM_SHUFFLE(0,0,2,2)); pre->r119 = _mm_mul_epu32(pre->r119, packednineteen.v); + pre->r319 = _mm_shuffle_epi32(pre->r3,_MM_SHUFFLE(0,0,2,2)); pre->r319 = _mm_mul_epu32(pre->r319, packednineteen.v); + pre->r519 = _mm_shuffle_epi32(pre->r5,_MM_SHUFFLE(0,0,2,2)); pre->r519 = _mm_mul_epu32(pre->r519, packednineteen.v); + pre->r719 = _mm_shuffle_epi32(pre->r7,_MM_SHUFFLE(0,0,2,2)); pre->r719 = _mm_mul_epu32(pre->r719, packednineteen.v); + pre->r919 = _mm_shuffle_epi32(pre->r9,_MM_SHUFFLE(0,0,2,2)); pre->r919 = _mm_mul_epu32(pre->r919, packednineteen.v); +} + + +/* multiply a bignum by a pre-computed constant */ +inline void +curve25519_mul_precomputed(bignum25519 out, const bignum25519 s, const bignum25519mulprecomp *r) { + xmmi m01,m23,m45,m67,m89; + xmmi m0123,m4567; + xmmi s0123,s4567; + xmmi s01,s23,s45,s67,s89; + xmmi s12,s34,s56,s78,s9; + xmmi r0,r1,r2,r3,r4,r5; + xmmi c1,c2,c3; + + s0123 = _mm_load_si128((xmmi*)s + 0); + s01 = _mm_shuffle_epi32(s0123,_MM_SHUFFLE(3,1,2,0)); + s12 = _mm_shuffle_epi32(s0123, _MM_SHUFFLE(2,2,1,1)); + s23 = _mm_shuffle_epi32(s0123,_MM_SHUFFLE(3,3,2,2)); + s4567 = _mm_load_si128((xmmi*)s + 1); + s34 = _mm_unpacklo_epi64(_mm_srli_si128(s0123,12),s4567); + s45 = _mm_shuffle_epi32(s4567,_MM_SHUFFLE(3,1,2,0)); + s56 = _mm_shuffle_epi32(s4567, _MM_SHUFFLE(2,2,1,1)); + s67 = _mm_shuffle_epi32(s4567,_MM_SHUFFLE(3,3,2,2)); + s89 = _mm_load_si128((xmmi*)s + 2); + s78 = _mm_unpacklo_epi64(_mm_srli_si128(s4567,12),s89); + s89 = _mm_shuffle_epi32(s89,_MM_SHUFFLE(3,1,2,0)); + s9 = _mm_shuffle_epi32(s89, _MM_SHUFFLE(3,3,2,2)); + + m01 = _mm_mul_epu32(r->r1,s01); + m23 = _mm_mul_epu32(r->r1,s23); + m45 = _mm_mul_epu32(r->r1,s45); + m67 = _mm_mul_epu32(r->r1,s67); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r->r3,s01)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r->r3,s23)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r->r3,s45)); + m89 = _mm_mul_epu32(r->r1,s89); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r->r5,s01)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r->r5,s23)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r->r3,s67)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r->r7,s01)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r->r5,s45)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r->r7,s23)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r->r9,s01)); + + /* shift up */ + m89 = _mm_unpackhi_epi64(m67,_mm_slli_si128(m89,8)); + m67 = _mm_unpackhi_epi64(m45,_mm_slli_si128(m67,8)); + m45 = _mm_unpackhi_epi64(m23,_mm_slli_si128(m45,8)); + m23 = _mm_unpackhi_epi64(m01,_mm_slli_si128(m23,8)); + m01 = _mm_unpackhi_epi64(_mm_setzero_si128(),_mm_slli_si128(m01,8)); + + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r->r0,s01)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r->r0,s23)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r->r0,s45)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r->r0,s67)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r->r2,s01)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r->r2,s23)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r->r4,s23)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r->r0,s89)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r->r4,s01)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r->r2,s45)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r->r2,s67)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r->r6,s01)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r->r4,s45)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r->r6,s23)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r->r8,s01)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r->r919,s12)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r->r919,s34)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r->r919,s56)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r->r919,s78)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r->r719,s34)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r->r719,s56)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r->r719,s78)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r->r719,s9)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r->r519,s56)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r->r519,s78)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r->r519,s9)); + m67 = _mm_add_epi64(m67,_mm_mul_epu32(r->r819,s89)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r->r319,s78)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r->r319,s9)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r->r619,s89)); + m89 = _mm_add_epi64(m89,_mm_mul_epu32(r->r919,s9)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r->r819,s23)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r->r819,s45)); + m45 = _mm_add_epi64(m45,_mm_mul_epu32(r->r819,s67)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r->r619,s45)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r->r619,s67)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r->r419,s67)); + m23 = _mm_add_epi64(m23,_mm_mul_epu32(r->r419,s89)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r->r219,s89)); + m01 = _mm_add_epi64(m01,_mm_mul_epu32(r->r119,s9)); + + r0 = _mm_unpacklo_epi64(m01, m45); + r1 = _mm_unpackhi_epi64(m01, m45); + r2 = _mm_unpacklo_epi64(m23, m67); + r3 = _mm_unpackhi_epi64(m23, m67); + r4 = _mm_unpacklo_epi64(m89, m89); + r5 = _mm_unpackhi_epi64(m89, m89); + + c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2); + c1 = _mm_srli_epi64(r1, 25); c2 = _mm_srli_epi64(r3, 25); r1 = _mm_and_si128(r1, packedmask25.v); r3 = _mm_and_si128(r3, packedmask25.v); r2 = _mm_add_epi64(r2, c1); r4 = _mm_add_epi64(r4, c2); c3 = _mm_slli_si128(c2, 8); + c1 = _mm_srli_epi64(r4, 26); r4 = _mm_and_si128(r4, packedmask26.v); r5 = _mm_add_epi64(r5, c1); + c1 = _mm_srli_epi64(r5, 25); r5 = _mm_and_si128(r5, packedmask25.v); r0 = _mm_add_epi64(r0, _mm_unpackhi_epi64(_mm_mul_epu32(c1, packednineteen.v), c3)); + c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2); + + m0123 = _mm_unpacklo_epi32(r0, r1); + m4567 = _mm_unpackhi_epi32(r0, r1); + m0123 = _mm_unpacklo_epi64(m0123, _mm_unpacklo_epi32(r2, r3)); + m4567 = _mm_unpacklo_epi64(m4567, _mm_unpackhi_epi32(r2, r3)); + m89 = _mm_unpackhi_epi32(r4, r5); + + _mm_store_si128((xmmi*)out + 0, m0123); + _mm_store_si128((xmmi*)out + 1, m4567); + _mm_store_si128((xmmi*)out + 2, m89); +} + +/* square a bignum 'count' times */ +#define curve25519_square(r,x) curve25519_square_times(r,x,1) + +void +curve25519_square_times(bignum25519 r, const bignum25519 in, int count) { + xmmi m01,m23,m45,m67,m89; + xmmi r0,r1,r2,r3,r4,r5,r6,r7,r8,r9; + xmmi r0a,r1a,r2a,r3a,r7a,r9a; + xmmi r0123,r4567; + xmmi r01,r23,r45,r67,r6x,r89,r8x; + xmmi r12,r34,r56,r78,r9x; + xmmi r5619; + xmmi c1,c2,c3; + + r0123 = _mm_load_si128((xmmi*)in + 0); + r01 = _mm_shuffle_epi32(r0123,_MM_SHUFFLE(3,1,2,0)); + r23 = _mm_shuffle_epi32(r0123,_MM_SHUFFLE(3,3,2,2)); + r4567 = _mm_load_si128((xmmi*)in + 1); + r45 = _mm_shuffle_epi32(r4567,_MM_SHUFFLE(3,1,2,0)); + r67 = _mm_shuffle_epi32(r4567,_MM_SHUFFLE(3,3,2,2)); + r89 = _mm_load_si128((xmmi*)in + 2); + r89 = _mm_shuffle_epi32(r89,_MM_SHUFFLE(3,1,2,0)); + + do { + r12 = _mm_unpackhi_epi64(r01, _mm_slli_si128(r23, 8)); + r0 = _mm_shuffle_epi32(r01, _MM_SHUFFLE(0,0,0,0)); + r0 = _mm_add_epi64(r0, _mm_and_si128(r0, sse2_top64bitmask.v)); + r0a = _mm_shuffle_epi32(r0,_MM_SHUFFLE(3,2,1,2)); + r1 = _mm_shuffle_epi32(r01, _MM_SHUFFLE(2,2,2,2)); + r2 = _mm_shuffle_epi32(r23, _MM_SHUFFLE(0,0,0,0)); + r2 = _mm_add_epi64(r2, _mm_and_si128(r2, sse2_top64bitmask.v)); + r2a = _mm_shuffle_epi32(r2,_MM_SHUFFLE(3,2,1,2)); + r3 = _mm_shuffle_epi32(r23, _MM_SHUFFLE(2,2,2,2)); + r34 = _mm_unpackhi_epi64(r23, _mm_slli_si128(r45, 8)); + r4 = _mm_shuffle_epi32(r45, _MM_SHUFFLE(0,0,0,0)); + r4 = _mm_add_epi64(r4, _mm_and_si128(r4, sse2_top64bitmask.v)); + r56 = _mm_unpackhi_epi64(r45, _mm_slli_si128(r67, 8)); + r5619 = _mm_mul_epu32(r56, packednineteen.v); + r5 = _mm_shuffle_epi32(r5619, _MM_SHUFFLE(1,1,1,0)); + r6 = _mm_shuffle_epi32(r5619, _MM_SHUFFLE(3,2,3,2)); + r78 = _mm_unpackhi_epi64(r67, _mm_slli_si128(r89, 8)); + r6x = _mm_unpacklo_epi64(r67, _mm_setzero_si128()); + r7 = _mm_shuffle_epi32(r67, _MM_SHUFFLE(2,2,2,2)); + r7 = _mm_mul_epu32(r7, packed3819.v); + r7a = _mm_shuffle_epi32(r7, _MM_SHUFFLE(3,3,3,2)); + r8x = _mm_unpacklo_epi64(r89, _mm_setzero_si128()); + r8 = _mm_shuffle_epi32(r89, _MM_SHUFFLE(0,0,0,0)); + r8 = _mm_mul_epu32(r8, packednineteen.v); + r9 = _mm_shuffle_epi32(r89, _MM_SHUFFLE(2,2,2,2)); + r9x = _mm_slli_epi32(_mm_shuffle_epi32(r89, _MM_SHUFFLE(3,3,3,2)), 1); + r9 = _mm_mul_epu32(r9, packed3819.v); + r9a = _mm_shuffle_epi32(r9, _MM_SHUFFLE(2,2,2,2)); + + m01 = _mm_mul_epu32(r01, r0); + m23 = _mm_mul_epu32(r23, r0a); + m45 = _mm_mul_epu32(r45, r0a); + m45 = _mm_add_epi64(m45, _mm_mul_epu32(r23, r2)); + r23 = _mm_slli_epi32(r23, 1); + m67 = _mm_mul_epu32(r67, r0a); + m67 = _mm_add_epi64(m67, _mm_mul_epu32(r45, r2a)); + m89 = _mm_mul_epu32(r89, r0a); + m89 = _mm_add_epi64(m89, _mm_mul_epu32(r67, r2a)); + r67 = _mm_slli_epi32(r67, 1); + m89 = _mm_add_epi64(m89, _mm_mul_epu32(r45, r4)); + r45 = _mm_slli_epi32(r45, 1); + + r1 = _mm_slli_epi32(r1, 1); + r3 = _mm_slli_epi32(r3, 1); + r1a = _mm_add_epi64(r1, _mm_and_si128(r1, sse2_bot64bitmask.v)); + r3a = _mm_add_epi64(r3, _mm_and_si128(r3, sse2_bot64bitmask.v)); + + m23 = _mm_add_epi64(m23, _mm_mul_epu32(r12, r1)); + m45 = _mm_add_epi64(m45, _mm_mul_epu32(r34, r1a)); + m67 = _mm_add_epi64(m67, _mm_mul_epu32(r56, r1a)); + m67 = _mm_add_epi64(m67, _mm_mul_epu32(r34, r3)); + r34 = _mm_slli_epi32(r34, 1); + m89 = _mm_add_epi64(m89, _mm_mul_epu32(r78, r1a)); + r78 = _mm_slli_epi32(r78, 1); + m89 = _mm_add_epi64(m89, _mm_mul_epu32(r56, r3a)); + r56 = _mm_slli_epi32(r56, 1); + + m01 = _mm_add_epi64(m01, _mm_mul_epu32(_mm_slli_epi32(r12, 1), r9)); + m01 = _mm_add_epi64(m01, _mm_mul_epu32(r34, r7)); + m23 = _mm_add_epi64(m23, _mm_mul_epu32(r34, r9)); + m01 = _mm_add_epi64(m01, _mm_mul_epu32(r56, r5)); + m23 = _mm_add_epi64(m23, _mm_mul_epu32(r56, r7)); + m45 = _mm_add_epi64(m45, _mm_mul_epu32(r56, r9)); + m01 = _mm_add_epi64(m01, _mm_mul_epu32(r23, r8)); + m01 = _mm_add_epi64(m01, _mm_mul_epu32(r45, r6)); + m23 = _mm_add_epi64(m23, _mm_mul_epu32(r45, r8)); + m23 = _mm_add_epi64(m23, _mm_mul_epu32(r6x, r6)); + m45 = _mm_add_epi64(m45, _mm_mul_epu32(r78, r7a)); + m67 = _mm_add_epi64(m67, _mm_mul_epu32(r78, r9)); + m45 = _mm_add_epi64(m45, _mm_mul_epu32(r67, r8)); + m67 = _mm_add_epi64(m67, _mm_mul_epu32(r8x, r8)); + m89 = _mm_add_epi64(m89, _mm_mul_epu32(r9x, r9a)); + + r0 = _mm_unpacklo_epi64(m01, m45); + r1 = _mm_unpackhi_epi64(m01, m45); + r2 = _mm_unpacklo_epi64(m23, m67); + r3 = _mm_unpackhi_epi64(m23, m67); + r4 = _mm_unpacklo_epi64(m89, m89); + r5 = _mm_unpackhi_epi64(m89, m89); + + c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2); + c1 = _mm_srli_epi64(r1, 25); c2 = _mm_srli_epi64(r3, 25); r1 = _mm_and_si128(r1, packedmask25.v); r3 = _mm_and_si128(r3, packedmask25.v); r2 = _mm_add_epi64(r2, c1); r4 = _mm_add_epi64(r4, c2); c3 = _mm_slli_si128(c2, 8); + c1 = _mm_srli_epi64(r4, 26); r4 = _mm_and_si128(r4, packedmask26.v); r5 = _mm_add_epi64(r5, c1); + c1 = _mm_srli_epi64(r5, 25); r5 = _mm_and_si128(r5, packedmask25.v); r0 = _mm_add_epi64(r0, _mm_unpackhi_epi64(_mm_mul_epu32(c1, packednineteen.v), c3)); + c1 = _mm_srli_epi64(r0, 26); c2 = _mm_srli_epi64(r2, 26); r0 = _mm_and_si128(r0, packedmask26.v); r2 = _mm_and_si128(r2, packedmask26.v); r1 = _mm_add_epi64(r1, c1); r3 = _mm_add_epi64(r3, c2); + + r01 = _mm_unpacklo_epi64(r0, r1); + r45 = _mm_unpackhi_epi64(r0, r1); + r23 = _mm_unpacklo_epi64(r2, r3); + r67 = _mm_unpackhi_epi64(r2, r3); + r89 = _mm_unpackhi_epi64(r4, r5); + } while (--count); + + r0123 = _mm_shuffle_epi32(r23, _MM_SHUFFLE(2,0,3,3)); + r4567 = _mm_shuffle_epi32(r67, _MM_SHUFFLE(2,0,3,3)); + r0123 = _mm_or_si128(r0123, _mm_shuffle_epi32(r01, _MM_SHUFFLE(3,3,2,0))); + r4567 = _mm_or_si128(r4567, _mm_shuffle_epi32(r45, _MM_SHUFFLE(3,3,2,0))); + r89 = _mm_shuffle_epi32(r89, _MM_SHUFFLE(3,3,2,0)); + + _mm_store_si128((xmmi*)r + 0, r0123); + _mm_store_si128((xmmi*)r + 1, r4567); + _mm_store_si128((xmmi*)r + 2, r89); +} + +/* square two packed bignums */ +inline void +curve25519_square_packed64(packedelem64 *out, const packedelem64 *r) { + xmmi r0,r1,r2,r3; + xmmi r1_2,r3_2,r4_2,r5_2,r6_2,r7_2; + xmmi d5,d6,d7,d8,d9; + xmmi c1,c2; + + r0 = r[0].v; + r1 = r[1].v; + r2 = r[2].v; + r3 = r[3].v; + + out[0].v = _mm_mul_epu32(r0, r0); + r0 = _mm_slli_epi32(r0, 1); + out[1].v = _mm_mul_epu32(r0, r1); + r1_2 = _mm_slli_epi32(r1, 1); + out[2].v = _mm_add_epi64(_mm_mul_epu32(r0, r2 ), _mm_mul_epu32(r1, r1_2)); + r1 = r1_2; + out[3].v = _mm_add_epi64(_mm_mul_epu32(r0, r3 ), _mm_mul_epu32(r1, r2 )); + r3_2 = _mm_slli_epi32(r3, 1); + out[4].v = _mm_add_epi64(_mm_mul_epu32(r0, r[4].v), _mm_add_epi64(_mm_mul_epu32(r1, r3_2 ), _mm_mul_epu32(r2, r2))); + r2 = _mm_slli_epi32(r2, 1); + out[5].v = _mm_add_epi64(_mm_mul_epu32(r0, r[5].v), _mm_add_epi64(_mm_mul_epu32(r1, r[4].v), _mm_mul_epu32(r2, r3))); + r5_2 = _mm_slli_epi32(r[5].v, 1); + out[6].v = _mm_add_epi64(_mm_mul_epu32(r0, r[6].v), _mm_add_epi64(_mm_mul_epu32(r1, r5_2 ), _mm_add_epi64(_mm_mul_epu32(r2, r[4].v), _mm_mul_epu32(r3, r3_2 )))); + r3 = r3_2; + out[7].v = _mm_add_epi64(_mm_mul_epu32(r0, r[7].v), _mm_add_epi64(_mm_mul_epu32(r1, r[6].v), _mm_add_epi64(_mm_mul_epu32(r2, r[5].v), _mm_mul_epu32(r3, r[4].v)))); + r7_2 = _mm_slli_epi32(r[7].v, 1); + out[8].v = _mm_add_epi64(_mm_mul_epu32(r0, r[8].v), _mm_add_epi64(_mm_mul_epu32(r1, r7_2 ), _mm_add_epi64(_mm_mul_epu32(r2, r[6].v), _mm_add_epi64(_mm_mul_epu32(r3, r5_2 ), _mm_mul_epu32(r[4].v, r[4].v))))); + out[9].v = _mm_add_epi64(_mm_mul_epu32(r0, r[9].v), _mm_add_epi64(_mm_mul_epu32(r1, r[8].v), _mm_add_epi64(_mm_mul_epu32(r2, r[7].v), _mm_add_epi64(_mm_mul_epu32(r3, r[6].v), _mm_mul_epu32(r[4].v, r5_2 ))))); + + d5 = _mm_mul_epu32(r[5].v, packedthirtyeight.v); + d6 = _mm_mul_epu32(r[6].v, packednineteen.v); + d7 = _mm_mul_epu32(r[7].v, packedthirtyeight.v); + d8 = _mm_mul_epu32(r[8].v, packednineteen.v); + d9 = _mm_mul_epu32(r[9].v, packedthirtyeight.v); + + r4_2 = _mm_slli_epi32(r[4].v, 1); + r6_2 = _mm_slli_epi32(r[6].v, 1); + out[0].v = _mm_add_epi64(out[0].v, _mm_add_epi64(_mm_mul_epu32(d9, r1 ), _mm_add_epi64(_mm_mul_epu32(d8, r2 ), _mm_add_epi64(_mm_mul_epu32(d7, r3 ), _mm_add_epi64(_mm_mul_epu32(d6, r4_2), _mm_mul_epu32(d5, r[5].v)))))); + out[1].v = _mm_add_epi64(out[1].v, _mm_add_epi64(_mm_mul_epu32(d9, _mm_srli_epi32(r2, 1)), _mm_add_epi64(_mm_mul_epu32(d8, r3 ), _mm_add_epi64(_mm_mul_epu32(d7, r[4].v), _mm_mul_epu32(d6, r5_2 ))))); + out[2].v = _mm_add_epi64(out[2].v, _mm_add_epi64(_mm_mul_epu32(d9, r3 ), _mm_add_epi64(_mm_mul_epu32(d8, r4_2), _mm_add_epi64(_mm_mul_epu32(d7, r5_2 ), _mm_mul_epu32(d6, r[6].v))))); + out[3].v = _mm_add_epi64(out[3].v, _mm_add_epi64(_mm_mul_epu32(d9, r[4].v ), _mm_add_epi64(_mm_mul_epu32(d8, r5_2), _mm_mul_epu32(d7, r[6].v)))); + out[4].v = _mm_add_epi64(out[4].v, _mm_add_epi64(_mm_mul_epu32(d9, r5_2 ), _mm_add_epi64(_mm_mul_epu32(d8, r6_2), _mm_mul_epu32(d7, r[7].v)))); + out[5].v = _mm_add_epi64(out[5].v, _mm_add_epi64(_mm_mul_epu32(d9, r[6].v ), _mm_mul_epu32(d8, r7_2 ))); + out[6].v = _mm_add_epi64(out[6].v, _mm_add_epi64(_mm_mul_epu32(d9, r7_2 ), _mm_mul_epu32(d8, r[8].v))); + out[7].v = _mm_add_epi64(out[7].v, _mm_mul_epu32(d9, r[8].v)); + out[8].v = _mm_add_epi64(out[8].v, _mm_mul_epu32(d9, r[9].v)); + + c1 = _mm_srli_epi64(out[0].v, 26); c2 = _mm_srli_epi64(out[4].v, 26); out[0].v = _mm_and_si128(out[0].v, packedmask26.v); out[4].v = _mm_and_si128(out[4].v, packedmask26.v); out[1].v = _mm_add_epi64(out[1].v, c1); out[5].v = _mm_add_epi64(out[5].v, c2); + c1 = _mm_srli_epi64(out[1].v, 25); c2 = _mm_srli_epi64(out[5].v, 25); out[1].v = _mm_and_si128(out[1].v, packedmask25.v); out[5].v = _mm_and_si128(out[5].v, packedmask25.v); out[2].v = _mm_add_epi64(out[2].v, c1); out[6].v = _mm_add_epi64(out[6].v, c2); + c1 = _mm_srli_epi64(out[2].v, 26); c2 = _mm_srli_epi64(out[6].v, 26); out[2].v = _mm_and_si128(out[2].v, packedmask26.v); out[6].v = _mm_and_si128(out[6].v, packedmask26.v); out[3].v = _mm_add_epi64(out[3].v, c1); out[7].v = _mm_add_epi64(out[7].v, c2); + c1 = _mm_srli_epi64(out[3].v, 25); c2 = _mm_srli_epi64(out[7].v, 25); out[3].v = _mm_and_si128(out[3].v, packedmask25.v); out[7].v = _mm_and_si128(out[7].v, packedmask25.v); out[4].v = _mm_add_epi64(out[4].v, c1); out[8].v = _mm_add_epi64(out[8].v, c2); + c2 = _mm_srli_epi64(out[8].v, 26); out[8].v = _mm_and_si128(out[8].v, packedmask26.v); out[9].v = _mm_add_epi64(out[9].v, c2); + c2 = _mm_srli_epi64(out[9].v, 25); out[9].v = _mm_and_si128(out[9].v, packedmask25.v); out[0].v = _mm_add_epi64(out[0].v, _mm_mul_epu32(c2, packednineteen.v)); + c1 = _mm_srli_epi64(out[0].v, 26); c2 = _mm_srli_epi64(out[4].v, 26); out[0].v = _mm_and_si128(out[0].v, packedmask26.v); out[4].v = _mm_and_si128(out[4].v, packedmask26.v); out[1].v = _mm_add_epi64(out[1].v, c1); out[5].v = _mm_add_epi64(out[5].v, c2); +} + +/* make [nqx+nqz,nqpqx+nqpqz], [nqpqx-nqpqz,nqx-nqz] from [nqx+nqz,nqpqx+nqpqz], [nqx-nqz,nqpqx-nqpqz] */ +inline void +curve25519_make_nqpq(packedelem64 *primex, packedelem64 *primez, const packedelem32 *pqx, const packedelem32 *pqz) { + primex[0].v = _mm_shuffle_epi32(pqx[0].v, _MM_SHUFFLE(1,1,0,0)); + primex[1].v = _mm_shuffle_epi32(pqx[0].v, _MM_SHUFFLE(3,3,2,2)); + primex[2].v = _mm_shuffle_epi32(pqx[1].v, _MM_SHUFFLE(1,1,0,0)); + primex[3].v = _mm_shuffle_epi32(pqx[1].v, _MM_SHUFFLE(3,3,2,2)); + primex[4].v = _mm_shuffle_epi32(pqx[2].v, _MM_SHUFFLE(1,1,0,0)); + primex[5].v = _mm_shuffle_epi32(pqx[2].v, _MM_SHUFFLE(3,3,2,2)); + primex[6].v = _mm_shuffle_epi32(pqx[3].v, _MM_SHUFFLE(1,1,0,0)); + primex[7].v = _mm_shuffle_epi32(pqx[3].v, _MM_SHUFFLE(3,3,2,2)); + primex[8].v = _mm_shuffle_epi32(pqx[4].v, _MM_SHUFFLE(1,1,0,0)); + primex[9].v = _mm_shuffle_epi32(pqx[4].v, _MM_SHUFFLE(3,3,2,2)); + primez[0].v = _mm_shuffle_epi32(pqz[0].v, _MM_SHUFFLE(0,0,1,1)); + primez[1].v = _mm_shuffle_epi32(pqz[0].v, _MM_SHUFFLE(2,2,3,3)); + primez[2].v = _mm_shuffle_epi32(pqz[1].v, _MM_SHUFFLE(0,0,1,1)); + primez[3].v = _mm_shuffle_epi32(pqz[1].v, _MM_SHUFFLE(2,2,3,3)); + primez[4].v = _mm_shuffle_epi32(pqz[2].v, _MM_SHUFFLE(0,0,1,1)); + primez[5].v = _mm_shuffle_epi32(pqz[2].v, _MM_SHUFFLE(2,2,3,3)); + primez[6].v = _mm_shuffle_epi32(pqz[3].v, _MM_SHUFFLE(0,0,1,1)); + primez[7].v = _mm_shuffle_epi32(pqz[3].v, _MM_SHUFFLE(2,2,3,3)); + primez[8].v = _mm_shuffle_epi32(pqz[4].v, _MM_SHUFFLE(0,0,1,1)); + primez[9].v = _mm_shuffle_epi32(pqz[4].v, _MM_SHUFFLE(2,2,3,3)); +} + +/* make [nqx+nqz,nqx-nqz] from [nqx+nqz,nqpqx+nqpqz], [nqx-nqz,nqpqx-nqpqz] */ +inline void +curve25519_make_nq(packedelem64 *nq, const packedelem32 *pqx, const packedelem32 *pqz) { + nq[0].v = _mm_unpacklo_epi64(pqx[0].v, pqz[0].v); + nq[1].v = _mm_unpackhi_epi64(pqx[0].v, pqz[0].v); + nq[2].v = _mm_unpacklo_epi64(pqx[1].v, pqz[1].v); + nq[3].v = _mm_unpackhi_epi64(pqx[1].v, pqz[1].v); + nq[4].v = _mm_unpacklo_epi64(pqx[2].v, pqz[2].v); + nq[5].v = _mm_unpackhi_epi64(pqx[2].v, pqz[2].v); + nq[6].v = _mm_unpacklo_epi64(pqx[3].v, pqz[3].v); + nq[7].v = _mm_unpackhi_epi64(pqx[3].v, pqz[3].v); + nq[8].v = _mm_unpacklo_epi64(pqx[4].v, pqz[4].v); + nq[9].v = _mm_unpackhi_epi64(pqx[4].v, pqz[4].v); +} + +/* compute [nqx+nqz,nqx-nqz] from nqx, nqz */ +inline void +curve25519_compute_nq(packedelem64 *nq, const bignum25519 nqx, const bignum25519 nqz) { + xmmi x0,x1,x2; + xmmi z0,z1,z2; + xmmi a0,a1,a2; + xmmi s0,s1,s2; + xmmi r0,r1; + xmmi c1,c2; + x0 = _mm_load_si128((xmmi*)nqx + 0); + x1 = _mm_load_si128((xmmi*)nqx + 1); + x2 = _mm_load_si128((xmmi*)nqx + 2); + z0 = _mm_load_si128((xmmi*)nqz + 0); + z1 = _mm_load_si128((xmmi*)nqz + 1); + z2 = _mm_load_si128((xmmi*)nqz + 2); + a0 = _mm_add_epi32(x0, z0); + a1 = _mm_add_epi32(x1, z1); + a2 = _mm_add_epi32(x2, z2); + s0 = _mm_add_epi32(x0, packed2p0.v); + s1 = _mm_add_epi32(x1, packed2p1.v); + s2 = _mm_add_epi32(x2, packed2p2.v); + s0 = _mm_sub_epi32(s0, z0); + s1 = _mm_sub_epi32(s1, z1); + s2 = _mm_sub_epi32(s2, z2); + r0 = _mm_and_si128(_mm_shuffle_epi32(s0, _MM_SHUFFLE(2,2,0,0)), sse2_bot32bitmask.v); + r1 = _mm_and_si128(_mm_shuffle_epi32(s0, _MM_SHUFFLE(3,3,1,1)), sse2_bot32bitmask.v); + c1 = _mm_srli_epi32(r0, 26); + c2 = _mm_srli_epi32(r1, 25); + r0 = _mm_and_si128(r0, packedmask26.v); + r1 = _mm_and_si128(r1, packedmask25.v); + r0 = _mm_add_epi32(r0, _mm_slli_si128(c2, 8)); + r1 = _mm_add_epi32(r1, c1); + s0 = _mm_unpacklo_epi64(_mm_unpacklo_epi32(r0, r1), _mm_unpackhi_epi32(r0, r1)); + s1 = _mm_add_epi32(s1, _mm_srli_si128(c2, 8)); + nq[0].v = _mm_unpacklo_epi64(a0, s0); + nq[2].v = _mm_unpackhi_epi64(a0, s0); + nq[4].v = _mm_unpacklo_epi64(a1, s1); + nq[6].v = _mm_unpackhi_epi64(a1, s1); + nq[8].v = _mm_unpacklo_epi64(a2, s2); + nq[1].v = _mm_shuffle_epi32(nq[0].v, _MM_SHUFFLE(3,3,1,1)); + nq[3].v = _mm_shuffle_epi32(nq[2].v, _MM_SHUFFLE(3,3,1,1)); + nq[5].v = _mm_shuffle_epi32(nq[4].v, _MM_SHUFFLE(3,3,1,1)); + nq[7].v = _mm_shuffle_epi32(nq[6].v, _MM_SHUFFLE(3,3,1,1)); + nq[9].v = _mm_shuffle_epi32(nq[8].v, _MM_SHUFFLE(3,3,1,1)); +} + + +/* compute [x+z,x-z] from [x,z] */ +inline void +curve25519_addsub_packed64(packedelem64 *r) { + packed32bignum25519 x,z,add,sub; + + x[0].v = _mm_unpacklo_epi64(r[0].v, r[1].v); + z[0].v = _mm_unpackhi_epi64(r[0].v, r[1].v); + x[1].v = _mm_unpacklo_epi64(r[2].v, r[3].v); + z[1].v = _mm_unpackhi_epi64(r[2].v, r[3].v); + x[2].v = _mm_unpacklo_epi64(r[4].v, r[5].v); + z[2].v = _mm_unpackhi_epi64(r[4].v, r[5].v); + x[3].v = _mm_unpacklo_epi64(r[6].v, r[7].v); + z[3].v = _mm_unpackhi_epi64(r[6].v, r[7].v); + x[4].v = _mm_unpacklo_epi64(r[8].v, r[9].v); + z[4].v = _mm_unpackhi_epi64(r[8].v, r[9].v); + + curve25519_add_packed32(add, x, z); + curve25519_sub_packed32(sub, x, z); + + r[0].v = _mm_unpacklo_epi64(add[0].v, sub[0].v); + r[1].v = _mm_unpackhi_epi64(add[0].v, sub[0].v); + r[2].v = _mm_unpacklo_epi64(add[1].v, sub[1].v); + r[3].v = _mm_unpackhi_epi64(add[1].v, sub[1].v); + r[4].v = _mm_unpacklo_epi64(add[2].v, sub[2].v); + r[5].v = _mm_unpackhi_epi64(add[2].v, sub[2].v); + r[6].v = _mm_unpacklo_epi64(add[3].v, sub[3].v); + r[7].v = _mm_unpackhi_epi64(add[3].v, sub[3].v); + r[8].v = _mm_unpacklo_epi64(add[4].v, sub[4].v); + r[9].v = _mm_unpackhi_epi64(add[4].v, sub[4].v); +} + +/* compute [x,z] * [121666,121665] */ +inline void +curve25519_121665_packed64(packedelem64 *out, const packedelem64 *in) { + xmmi c1,c2; + + out[0].v = _mm_mul_epu32(in[0].v, packed121666121665.v); + out[1].v = _mm_mul_epu32(in[1].v, packed121666121665.v); + out[2].v = _mm_mul_epu32(in[2].v, packed121666121665.v); + out[3].v = _mm_mul_epu32(in[3].v, packed121666121665.v); + out[4].v = _mm_mul_epu32(in[4].v, packed121666121665.v); + out[5].v = _mm_mul_epu32(in[5].v, packed121666121665.v); + out[6].v = _mm_mul_epu32(in[6].v, packed121666121665.v); + out[7].v = _mm_mul_epu32(in[7].v, packed121666121665.v); + out[8].v = _mm_mul_epu32(in[8].v, packed121666121665.v); + out[9].v = _mm_mul_epu32(in[9].v, packed121666121665.v); + + c1 = _mm_srli_epi64(out[0].v, 26); c2 = _mm_srli_epi64(out[4].v, 26); out[0].v = _mm_and_si128(out[0].v, packedmask26.v); out[4].v = _mm_and_si128(out[4].v, packedmask26.v); out[1].v = _mm_add_epi64(out[1].v, c1); out[5].v = _mm_add_epi64(out[5].v, c2); + c1 = _mm_srli_epi64(out[1].v, 25); c2 = _mm_srli_epi64(out[5].v, 25); out[1].v = _mm_and_si128(out[1].v, packedmask25.v); out[5].v = _mm_and_si128(out[5].v, packedmask25.v); out[2].v = _mm_add_epi64(out[2].v, c1); out[6].v = _mm_add_epi64(out[6].v, c2); + c1 = _mm_srli_epi64(out[2].v, 26); c2 = _mm_srli_epi64(out[6].v, 26); out[2].v = _mm_and_si128(out[2].v, packedmask26.v); out[6].v = _mm_and_si128(out[6].v, packedmask26.v); out[3].v = _mm_add_epi64(out[3].v, c1); out[7].v = _mm_add_epi64(out[7].v, c2); + c1 = _mm_srli_epi64(out[3].v, 25); c2 = _mm_srli_epi64(out[7].v, 25); out[3].v = _mm_and_si128(out[3].v, packedmask25.v); out[7].v = _mm_and_si128(out[7].v, packedmask25.v); out[4].v = _mm_add_epi64(out[4].v, c1); out[8].v = _mm_add_epi64(out[8].v, c2); + c2 = _mm_srli_epi64(out[8].v, 26); out[8].v = _mm_and_si128(out[8].v, packedmask26.v); out[9].v = _mm_add_epi64(out[9].v, c2); + c2 = _mm_srli_epi64(out[9].v, 25); out[9].v = _mm_and_si128(out[9].v, packedmask25.v); out[0].v = _mm_add_epi64(out[0].v, _mm_mul_epu32(c2, packednineteen.v)); + c1 = _mm_srli_epi64(out[0].v, 26); c2 = _mm_srli_epi64(out[4].v, 26); out[0].v = _mm_and_si128(out[0].v, packedmask26.v); out[4].v = _mm_and_si128(out[4].v, packedmask26.v); out[1].v = _mm_add_epi64(out[1].v, c1); out[5].v = _mm_add_epi64(out[5].v, c2); +} + +/* compute [sq.x,sqscalar.x-sqscalar.z] * [sq.z,sq.x-sq.z] */ +inline void +curve25519_final_nq(packedelem64 *nq, const packedelem64 *sq, const packedelem64 *sq121665) { + packed32bignum25519 x, z, sub; + packed64bignum25519 t, nqa, nqb; + + x[0].v = _mm_or_si128(_mm_unpacklo_epi64(sq[0].v, sq[1].v), _mm_slli_si128(_mm_unpacklo_epi64(sq121665[0].v, sq121665[1].v), 4)); + z[0].v = _mm_or_si128(_mm_unpackhi_epi64(sq[0].v, sq[1].v), _mm_slli_si128(_mm_unpackhi_epi64(sq121665[0].v, sq121665[1].v), 4)); + x[1].v = _mm_or_si128(_mm_unpacklo_epi64(sq[2].v, sq[3].v), _mm_slli_si128(_mm_unpacklo_epi64(sq121665[2].v, sq121665[3].v), 4)); + z[1].v = _mm_or_si128(_mm_unpackhi_epi64(sq[2].v, sq[3].v), _mm_slli_si128(_mm_unpackhi_epi64(sq121665[2].v, sq121665[3].v), 4)); + x[2].v = _mm_or_si128(_mm_unpacklo_epi64(sq[4].v, sq[5].v), _mm_slli_si128(_mm_unpacklo_epi64(sq121665[4].v, sq121665[5].v), 4)); + z[2].v = _mm_or_si128(_mm_unpackhi_epi64(sq[4].v, sq[5].v), _mm_slli_si128(_mm_unpackhi_epi64(sq121665[4].v, sq121665[5].v), 4)); + x[3].v = _mm_or_si128(_mm_unpacklo_epi64(sq[6].v, sq[7].v), _mm_slli_si128(_mm_unpacklo_epi64(sq121665[6].v, sq121665[7].v), 4)); + z[3].v = _mm_or_si128(_mm_unpackhi_epi64(sq[6].v, sq[7].v), _mm_slli_si128(_mm_unpackhi_epi64(sq121665[6].v, sq121665[7].v), 4)); + x[4].v = _mm_or_si128(_mm_unpacklo_epi64(sq[8].v, sq[9].v), _mm_slli_si128(_mm_unpacklo_epi64(sq121665[8].v, sq121665[9].v), 4)); + z[4].v = _mm_or_si128(_mm_unpackhi_epi64(sq[8].v, sq[9].v), _mm_slli_si128(_mm_unpackhi_epi64(sq121665[8].v, sq121665[9].v), 4)); + + curve25519_sub_packed32(sub, x, z); + + t[0].v = _mm_shuffle_epi32(sub[0].v, _MM_SHUFFLE(1,1,0,0)); + t[1].v = _mm_shuffle_epi32(sub[0].v, _MM_SHUFFLE(3,3,2,2)); + t[2].v = _mm_shuffle_epi32(sub[1].v, _MM_SHUFFLE(1,1,0,0)); + t[3].v = _mm_shuffle_epi32(sub[1].v, _MM_SHUFFLE(3,3,2,2)); + t[4].v = _mm_shuffle_epi32(sub[2].v, _MM_SHUFFLE(1,1,0,0)); + t[5].v = _mm_shuffle_epi32(sub[2].v, _MM_SHUFFLE(3,3,2,2)); + t[6].v = _mm_shuffle_epi32(sub[3].v, _MM_SHUFFLE(1,1,0,0)); + t[7].v = _mm_shuffle_epi32(sub[3].v, _MM_SHUFFLE(3,3,2,2)); + t[8].v = _mm_shuffle_epi32(sub[4].v, _MM_SHUFFLE(1,1,0,0)); + t[9].v = _mm_shuffle_epi32(sub[4].v, _MM_SHUFFLE(3,3,2,2)); + + nqa[0].v = _mm_unpacklo_epi64(sq[0].v, t[0].v); + nqb[0].v = _mm_unpackhi_epi64(sq[0].v, t[0].v); + nqa[1].v = _mm_unpacklo_epi64(sq[1].v, t[1].v); + nqb[1].v = _mm_unpackhi_epi64(sq[1].v, t[1].v); + nqa[2].v = _mm_unpacklo_epi64(sq[2].v, t[2].v); + nqb[2].v = _mm_unpackhi_epi64(sq[2].v, t[2].v); + nqa[3].v = _mm_unpacklo_epi64(sq[3].v, t[3].v); + nqb[3].v = _mm_unpackhi_epi64(sq[3].v, t[3].v); + nqa[4].v = _mm_unpacklo_epi64(sq[4].v, t[4].v); + nqb[4].v = _mm_unpackhi_epi64(sq[4].v, t[4].v); + nqa[5].v = _mm_unpacklo_epi64(sq[5].v, t[5].v); + nqb[5].v = _mm_unpackhi_epi64(sq[5].v, t[5].v); + nqa[6].v = _mm_unpacklo_epi64(sq[6].v, t[6].v); + nqb[6].v = _mm_unpackhi_epi64(sq[6].v, t[6].v); + nqa[7].v = _mm_unpacklo_epi64(sq[7].v, t[7].v); + nqb[7].v = _mm_unpackhi_epi64(sq[7].v, t[7].v); + nqa[8].v = _mm_unpacklo_epi64(sq[8].v, t[8].v); + nqb[8].v = _mm_unpackhi_epi64(sq[8].v, t[8].v); + nqa[9].v = _mm_unpacklo_epi64(sq[9].v, t[9].v); + nqb[9].v = _mm_unpackhi_epi64(sq[9].v, t[9].v); + + curve25519_mul_packed64(nq, nqa, nqb); +} + +/* + * In: b = 2^5 - 2^0 + * Out: b = 2^250 - 2^0 + */ +void +curve25519_pow_two5mtwo0_two250mtwo0(bignum25519 b) { + ALIGN(16) bignum25519 t0,c; + + /* 2^5 - 2^0 */ /* b */ + /* 2^10 - 2^5 */ curve25519_square_times(t0, b, 5); + /* 2^10 - 2^0 */ curve25519_mul(b, t0, b); + /* 2^20 - 2^10 */ curve25519_square_times(t0, b, 10); + /* 2^20 - 2^0 */ curve25519_mul(c, t0, b); + /* 2^40 - 2^20 */ curve25519_square_times(t0, c, 20); + /* 2^40 - 2^0 */ curve25519_mul(t0, t0, c); + /* 2^50 - 2^10 */ curve25519_square_times(t0, t0, 10); + /* 2^50 - 2^0 */ curve25519_mul(b, t0, b); + /* 2^100 - 2^50 */ curve25519_square_times(t0, b, 50); + /* 2^100 - 2^0 */ curve25519_mul(c, t0, b); + /* 2^200 - 2^100 */ curve25519_square_times(t0, c, 100); + /* 2^200 - 2^0 */ curve25519_mul(t0, t0, c); + /* 2^250 - 2^50 */ curve25519_square_times(t0, t0, 50); + /* 2^250 - 2^0 */ curve25519_mul(b, t0, b); +} + +/* + * z^(p - 2) = z(2^255 - 21) + */ +void +curve25519_recip(bignum25519 out, const bignum25519 z) { + ALIGN(16) bignum25519 a, t0, b; + + /* 2 */ curve25519_square(a, z); /* a = 2 */ + /* 8 */ curve25519_square_times(t0, a, 2); + /* 9 */ curve25519_mul(b, t0, z); /* b = 9 */ + /* 11 */ curve25519_mul(a, b, a); /* a = 11 */ + /* 22 */ curve25519_square(t0, a); + /* 2^5 - 2^0 = 31 */ curve25519_mul(b, t0, b); + /* 2^250 - 2^0 */ curve25519_pow_two5mtwo0_two250mtwo0(b); + /* 2^255 - 2^5 */ curve25519_square_times(b, b, 5); + /* 2^255 - 21 */ curve25519_mul(out, b, a); +} + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Donna) + +int curve25519_mult_SSE2(byte sharedKey[32], const byte secretKey[32], const byte othersKey[32]) +{ + FixedSizeSecBlock e; + for (size_t i = 0;i < 32;++i) + e[i] = secretKey[i]; + e[0] &= 0xf8; e[31] &= 0x7f; e[31] |= 0x40; + + ALIGN(16) bignum25519 nqx = {1}, nqpqz = {1}, nqz = {0}, nqpqx, zmone; + packed32bignum25519 qx, qz, pqz, pqx; + packed64bignum25519 nq, sq, sqscalar, prime, primex, primez, nqpq; + bignum25519mulprecomp preq; + size_t i=0, bit=0, lastbit=0; + + curve25519_expand(nqpqx, othersKey); + curve25519_mul_precompute(&preq, nqpqx); + + /* do bits 254..3 */ + for (i = 254, lastbit=0; i >= 3; i--) { + bit = (e[i/8] >> (i & 7)) & 1; + curve25519_swap_conditional(nqx, nqpqx, (word32)(bit ^ lastbit)); + curve25519_swap_conditional(nqz, nqpqz, (word32)(bit ^ lastbit)); + lastbit = bit; + + curve25519_tangle32(qx, nqx, nqpqx); /* qx = [nqx,nqpqx] */ + curve25519_tangle32(qz, nqz, nqpqz); /* qz = [nqz,nqpqz] */ + + curve25519_add_packed32(pqx, qx, qz); /* pqx = [nqx+nqz,nqpqx+nqpqz] */ + curve25519_sub_packed32(pqz, qx, qz); /* pqz = [nqx-nqz,nqpqx-nqpqz] */ + + curve25519_make_nqpq(primex, primez, pqx, pqz); /* primex = [nqx+nqz,nqpqx+nqpqz], primez = [nqpqx-nqpqz,nqx-nqz] */ + curve25519_mul_packed64(prime, primex, primez); /* prime = [nqx+nqz,nqpqx+nqpqz] * [nqpqx-nqpqz,nqx-nqz] */ + curve25519_addsub_packed64(prime); /* prime = [prime.x+prime.z,prime.x-prime.z] */ + curve25519_square_packed64(nqpq, prime); /* nqpq = prime^2 */ + curve25519_untangle64(nqpqx, nqpqz, nqpq); + curve25519_mul_precomputed(nqpqz, nqpqz, &preq); /* nqpqz = nqpqz * q */ + + /* (((sq.x-sq.z)*121665)+sq.x) * (sq.x-sq.z) is equivalent to (sq.x*121666-sq.z*121665) * (sq.x-sq.z) */ + curve25519_make_nq(nq, pqx, pqz); /* nq = [nqx+nqz,nqx-nqz] */ + curve25519_square_packed64(sq, nq); /* sq = nq^2 */ + curve25519_121665_packed64(sqscalar, sq); /* sqscalar = sq * [121666,121665] */ + curve25519_final_nq(nq, sq, sqscalar); /* nq = [sq.x,sqscalar.x-sqscalar.z] * [sq.z,sq.x-sq.z] */ + curve25519_untangle64(nqx, nqz, nq); + }; + + /* it's possible to get rid of this swap with the swap in the above loop + at the bottom instead of the top, but compilers seem to optimize better this way */ + curve25519_swap_conditional(nqx, nqpqx, (word32)bit); + curve25519_swap_conditional(nqz, nqpqz, (word32)bit); + + /* do bits 2..0 */ + for (i = 0; i < 3; i++) { + curve25519_compute_nq(nq, nqx, nqz); + curve25519_square_packed64(sq, nq); /* sq = nq^2 */ + curve25519_121665_packed64(sqscalar, sq); /* sqscalar = sq * [121666,121665] */ + curve25519_final_nq(nq, sq, sqscalar); /* nq = [sq.x,sqscalar.x-sqscalar.z] * [sq.z,sq.x-sq.z] */ + curve25519_untangle64(nqx, nqz, nq); + } + + curve25519_recip(zmone, nqz); + curve25519_mul(nqz, nqx, zmone); + curve25519_contract(sharedKey, nqz); + + return 0; +} + +NAMESPACE_END // Donna +NAMESPACE_END // CryptoPP + +#endif // CRYPTOPP_CURVE25519_SSE2 diff --git a/vendor/cryptopp/vendor_cryptopp/donna_sse.h b/vendor/cryptopp/vendor_cryptopp/donna_sse.h new file mode 100644 index 00000000..298a9141 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/donna_sse.h @@ -0,0 +1,86 @@ +// donna_sse.h - written and placed in public domain by Jeffrey Walton +// Crypto++ specific implementation wrapped around Andrew +// Moon's public domain curve25519-donna and ed25519-donna, +// https://github.com/floodyberry/curve25519-donna and +// https://github.com/floodyberry/ed25519-donna. + +// This source file multiplexes two different repos using namespaces. This +// was a little easier from a project management standpoint. We only need +// two files per architecture at the expense of namespaces and bloat. + +#ifndef CRYPTOPP_DONNA_SSE_H +#define CRYPTOPP_DONNA_SSE_H +#ifndef CRYPTOPP_DOXYGEN_PROCESSING + +#include "config.h" +#include + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Donna) +NAMESPACE_BEGIN(ArchSSE) + +using CryptoPP::byte; +using CryptoPP::word32; + +typedef __m128i xmmi; +#define ALIGN(n) CRYPTOPP_ALIGN_DATA(n) + +typedef union packedelem8_t { + byte u[16]; + xmmi v; +} packedelem8; + +typedef union packedelem32_t { + word32 u[4]; + xmmi v; +} packedelem32; + +typedef union packedelem64_t { + word64 u[2]; + xmmi v; +} packedelem64; + +/* 10 elements + an extra 2 to fit in 3 xmm registers */ +typedef word32 bignum25519[12]; +typedef packedelem32 packed32bignum25519[5]; +typedef packedelem64 packed64bignum25519[10]; + +const word32 reduce_mask_26 = (1 << 26) - 1; +const word32 reduce_mask_25 = (1 << 25) - 1; + +const packedelem32 sse2_bot32bitmask = {{0xffffffff, 0x00000000, 0xffffffff, 0x00000000}}; +const packedelem32 sse2_top32bitmask = {{0x00000000, 0xffffffff, 0x00000000, 0xffffffff}}; +const packedelem32 sse2_top64bitmask = {{0x00000000, 0x00000000, 0xffffffff, 0xffffffff}}; +const packedelem32 sse2_bot64bitmask = {{0xffffffff, 0xffffffff, 0x00000000, 0x00000000}}; + +/* reduction masks */ +const packedelem64 packedmask26 = {{0x03ffffff, 0x03ffffff}}; +const packedelem64 packedmask25 = {{0x01ffffff, 0x01ffffff}}; +const packedelem32 packedmask2625 = {{0x3ffffff,0,0x1ffffff,0}}; +const packedelem32 packedmask26262626 = {{0x03ffffff, 0x03ffffff, 0x03ffffff, 0x03ffffff}}; +const packedelem32 packedmask25252525 = {{0x01ffffff, 0x01ffffff, 0x01ffffff, 0x01ffffff}}; + +/* multipliers */ +const packedelem64 packednineteen = {{19, 19}}; +const packedelem64 packednineteenone = {{19, 1}}; +const packedelem64 packedthirtyeight = {{38, 38}}; +const packedelem64 packed3819 = {{19*2,19}}; +const packedelem64 packed9638 = {{19*4,19*2}}; + +/* 121666,121665 */ +const packedelem64 packed121666121665 = {{121666, 121665}}; + +/* 2*(2^255 - 19) = 0 mod p */ +const packedelem32 packed2p0 = {{0x7ffffda,0x3fffffe,0x7fffffe,0x3fffffe}}; +const packedelem32 packed2p1 = {{0x7fffffe,0x3fffffe,0x7fffffe,0x3fffffe}}; +const packedelem32 packed2p2 = {{0x7fffffe,0x3fffffe,0x0000000,0x0000000}}; + +const packedelem32 packed32zeromodp0 = {{0x7ffffda,0x7ffffda,0x3fffffe,0x3fffffe}}; +const packedelem32 packed32zeromodp1 = {{0x7fffffe,0x7fffffe,0x3fffffe,0x3fffffe}}; + +NAMESPACE_END // ArchSSE +NAMESPACE_END // Donna +NAMESPACE_END // CryptoPP + +#endif // CRYPTOPP_DOXYGEN_PROCESSING +#endif // CRYPTOPP_DONNA_SSE_H diff --git a/vendor/cryptopp/vendor_cryptopp/drbg.h b/vendor/cryptopp/vendor_cryptopp/drbg.h index 93ed781c..be926b12 100644 --- a/vendor/cryptopp/vendor_cryptopp/drbg.h +++ b/vendor/cryptopp/vendor_cryptopp/drbg.h @@ -232,6 +232,9 @@ public: void GenerateBlock(const byte* additional, size_t additionaLength, byte *output, size_t size) {return Hash_Generate(additional, additionaLength, output, size);} + std::string AlgorithmProvider() const + {/*Hack*/HASH hash; return hash.AlgorithmProvider();} + protected: // 10.1.1.2 Instantiation of Hash_DRBG (p.39) void DRBG_Instantiate(const byte* entropy, size_t entropyLength, const byte* nonce, size_t nonceLength, @@ -248,7 +251,8 @@ protected: const byte* input3, size_t inlen3, const byte* input4, size_t inlen4, byte* output, size_t outlen); private: - SecByteBlock m_c, m_v; + HASH m_hash; + SecByteBlock m_c, m_v, m_temp; word64 m_reseed; }; @@ -345,6 +349,9 @@ public: void GenerateBlock(const byte* additional, size_t additionaLength, byte *output, size_t size) {return HMAC_Generate(additional, additionaLength, output, size);} + std::string AlgorithmProvider() const + {/*Hack*/HASH hash; return hash.AlgorithmProvider();} + protected: // 10.1.2.3 Instantiation of HMAC_DRBG (p.45) void DRBG_Instantiate(const byte* entropy, size_t entropyLength, const byte* nonce, size_t nonceLength, @@ -360,6 +367,7 @@ protected: void HMAC_Update(const byte* input1, size_t inlen1, const byte* input2, size_t inlen2, const byte* input3, size_t inlen3); private: + HMAC m_hmac; SecByteBlock m_k, m_v; word64 m_reseed; }; @@ -445,20 +453,19 @@ void Hash_DRBG::Hash_Generate(const byte* additional // Step 2 if (additional && additionaLength) { - HASH hash; const byte two = 2; - SecByteBlock w(HASH::DIGESTSIZE); + m_temp.New(HASH::DIGESTSIZE); - hash.Update(&two, 1); - hash.Update(m_v, m_v.size()); - hash.Update(additional, additionaLength); - hash.Final(w); + m_hash.Update(&two, 1); + m_hash.Update(m_v, m_v.size()); + m_hash.Update(additional, additionaLength); + m_hash.Final(m_temp); CRYPTOPP_ASSERT(SEEDLENGTH >= HASH::DIGESTSIZE); int carry=0, j=HASH::DIGESTSIZE-1, i=SEEDLENGTH-1; while (j>=0) { - carry = m_v[i] + w[j] + carry; + carry = m_v[i] + m_temp[j] + carry; m_v[i] = static_cast(carry); i--; j--; carry >>= 8; } @@ -472,84 +479,41 @@ void Hash_DRBG::Hash_Generate(const byte* additional // Step 3 { - HASH hash; - SecByteBlock data(m_v); - + m_temp.Assign(m_v); while (size) { - hash.Update(data, data.size()); + m_hash.Update(m_temp, m_temp.size()); size_t count = STDMIN(size, (size_t)HASH::DIGESTSIZE); - hash.TruncatedFinal(output, count); + m_hash.TruncatedFinal(output, count); - IncrementCounterByOne(data, static_cast(data.size())); + IncrementCounterByOne(m_temp, static_cast(m_temp.size())); size -= count; output += count; } } // Steps 4-7 { - HASH hash; const byte three = 3; - SecByteBlock h(HASH::DIGESTSIZE); + m_temp.New(HASH::DIGESTSIZE); - hash.Update(&three, 1); - hash.Update(m_v, m_v.size()); - hash.Final(h); + m_hash.Update(&three, 1); + m_hash.Update(m_v, m_v.size()); + m_hash.Final(m_temp); CRYPTOPP_ASSERT(SEEDLENGTH >= HASH::DIGESTSIZE); CRYPTOPP_ASSERT(HASH::DIGESTSIZE >= sizeof(m_reseed)); int carry=0, k=sizeof(m_reseed)-1, j=HASH::DIGESTSIZE-1, i=SEEDLENGTH-1; - // Using Integer class slows things down by about 8 cpb. - // Using word128 and word64 benefits the first loop only by about 2 cpb. -#if defined(CRYPTOPP_WORD128_AVAILABLE) - byte* p1 = m_v.begin()+SEEDLENGTH-8; - byte* p2 = m_c.begin()+SEEDLENGTH-8; - byte* p3 = h.begin()+HASH::DIGESTSIZE-8; - - const word64 w1 = GetWord(false, BIG_ENDIAN_ORDER, p1); - const word64 w2 = GetWord(false, BIG_ENDIAN_ORDER, p2); - const word64 w3 = GetWord(false, BIG_ENDIAN_ORDER, p3); - const word64 w4 = m_reseed; - - word128 r = static_cast(w1) + w2 + w3 + w4; - PutWord(false, BIG_ENDIAN_ORDER, p1, static_cast(r)); - i -= 8; j -= 8; k=0; carry = static_cast(r >> 64); - - // The default implementation and a couple of others cause a crash in - // VS2005, VS2008 and VS2105. This seems to work with all MS compilers. -#elif defined(CRYPTOPP_MSC_VERSION) - byte* p1 = m_v.begin()+SEEDLENGTH-8; - byte* p2 = m_c.begin()+SEEDLENGTH-8; - byte* p3 = h.begin()+HASH::DIGESTSIZE-8; - - const word64 w1 = GetWord(false, BIG_ENDIAN_ORDER, p1); - const word64 w2 = GetWord(false, BIG_ENDIAN_ORDER, p2); - const word64 w3 = GetWord(false, BIG_ENDIAN_ORDER, p3); - const word64 w4 = m_reseed; - - const word64 r1 = (w1 & 0xffffffff) + (w2 & 0xffffffff) + (w3 & 0xffffffff) + (w4 & 0xffffffff); - carry = static_cast(r1 >> 32); - const word64 r2 = (w1 >> 32) + (w2 >> 32) + (w3 >> 32) + (w4 >> 32) + carry; - carry = static_cast(r2 >> 32); - - const word64 r = (r2 << 32) + (r1 & 0xffffffff); - PutWord(false, BIG_ENDIAN_ORDER, p1, r); - i -= 8; j -= 8; k=0; - - // Default implementation, but slower on some machines. -#else while (k>=0) { - carry = m_v[i] + m_c[i] + h[j] + GetByte(BIG_ENDIAN_ORDER, m_reseed, k) + carry; + carry = m_v[i] + m_c[i] + m_temp[j] + GetByte(BIG_ENDIAN_ORDER, m_reseed, k) + carry; m_v[i] = static_cast(carry); i--; j--; k--; carry >>= 8; } -#endif while (j>=0) { - carry = m_v[i] + m_c[i] + h[j] + carry; + carry = m_v[i] + m_c[i] + m_temp[j] + carry; m_v[i] = static_cast(carry); i--; j--; carry >>= 8; } @@ -560,9 +524,6 @@ void Hash_DRBG::Hash_Generate(const byte* additional m_v[i] = static_cast(carry); i--; carry >>= 8; } - - // CRYPTOPP_WORD128_AVAILABLE causes -Wunused-but-set-variable - CRYPTOPP_UNUSED(k); } m_reseed++; @@ -573,26 +534,25 @@ template void Hash_DRBG::Hash_Update(const byte* input1, size_t inlen1, const byte* input2, size_t inlen2, const byte* input3, size_t inlen3, const byte* input4, size_t inlen4, byte* output, size_t outlen) { - HASH hash; byte counter = 1; word32 bits = ConditionalByteReverse(BIG_ENDIAN_ORDER, static_cast(outlen*8)); while (outlen) { - hash.Update(&counter, 1); - hash.Update(reinterpret_cast(&bits), 4); + m_hash.Update(&counter, 1); + m_hash.Update(reinterpret_cast(&bits), 4); if (input1 && inlen1) - hash.Update(input1, inlen1); + m_hash.Update(input1, inlen1); if (input2 && inlen2) - hash.Update(input2, inlen2); + m_hash.Update(input2, inlen2); if (input3 && inlen3) - hash.Update(input3, inlen3); + m_hash.Update(input3, inlen3); if (input4 && inlen4) - hash.Update(input4, inlen4); + m_hash.Update(input4, inlen4); size_t count = STDMIN(outlen, (size_t)HASH::DIGESTSIZE); - hash.TruncatedFinal(output, count); + m_hash.TruncatedFinal(output, count); output += count; outlen -= count; counter++; @@ -670,17 +630,15 @@ void HMAC_DRBG::HMAC_Generate(const byte* additional HMAC_Update(additional, additionaLength, NULLPTR, 0, NULLPTR, 0); // Step 3 - HMAC hmac; - hmac.SetKey(m_k, m_k.size()); + m_hmac.SetKey(m_k, m_k.size()); while (size) { - hmac.Update(m_v, m_v.size()); - hmac.TruncatedFinal(m_v, m_v.size()); + m_hmac.Update(m_v, m_v.size()); + m_hmac.TruncatedFinal(m_v, m_v.size()); size_t count = STDMIN(size, (size_t)HASH::DIGESTSIZE); memcpy(output, m_v, count); - size -= count; output += count; } @@ -693,51 +651,50 @@ template void HMAC_DRBG::HMAC_Update(const byte* input1, size_t inlen1, const byte* input2, size_t inlen2, const byte* input3, size_t inlen3) { const byte zero = 0, one = 1; - HMAC hmac; // Step 1 - hmac.SetKey(m_k, m_k.size()); - hmac.Update(m_v, m_v.size()); - hmac.Update(&zero, 1); + m_hmac.SetKey(m_k, m_k.size()); + m_hmac.Update(m_v, m_v.size()); + m_hmac.Update(&zero, 1); if (input1 && inlen1) - hmac.Update(input1, inlen1); + m_hmac.Update(input1, inlen1); if (input2 && inlen2) - hmac.Update(input2, inlen2); + m_hmac.Update(input2, inlen2); if (input3 && inlen3) - hmac.Update(input3, inlen3); + m_hmac.Update(input3, inlen3); - hmac.TruncatedFinal(m_k, m_k.size()); + m_hmac.TruncatedFinal(m_k, m_k.size()); // Step 2 - hmac.SetKey(m_k, m_k.size()); - hmac.Update(m_v, m_v.size()); + m_hmac.SetKey(m_k, m_k.size()); + m_hmac.Update(m_v, m_v.size()); - hmac.TruncatedFinal(m_v, m_v.size()); + m_hmac.TruncatedFinal(m_v, m_v.size()); // Step 3 if ((inlen1 | inlen2 | inlen3) == 0) return; // Step 4 - hmac.SetKey(m_k, m_k.size()); - hmac.Update(m_v, m_v.size()); - hmac.Update(&one, 1); + m_hmac.SetKey(m_k, m_k.size()); + m_hmac.Update(m_v, m_v.size()); + m_hmac.Update(&one, 1); if (input1 && inlen1) - hmac.Update(input1, inlen1); + m_hmac.Update(input1, inlen1); if (input2 && inlen2) - hmac.Update(input2, inlen2); + m_hmac.Update(input2, inlen2); if (input3 && inlen3) - hmac.Update(input3, inlen3); + m_hmac.Update(input3, inlen3); - hmac.TruncatedFinal(m_k, m_k.size()); + m_hmac.TruncatedFinal(m_k, m_k.size()); // Step 5 - hmac.SetKey(m_k, m_k.size()); - hmac.Update(m_v, m_v.size()); + m_hmac.SetKey(m_k, m_k.size()); + m_hmac.Update(m_v, m_v.size()); - hmac.TruncatedFinal(m_v, m_v.size()); + m_hmac.TruncatedFinal(m_v, m_v.size()); } NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/eax.h b/vendor/cryptopp/vendor_cryptopp/eax.h index e3576363..9d4edfaa 100644 --- a/vendor/cryptopp/vendor_cryptopp/eax.h +++ b/vendor/cryptopp/vendor_cryptopp/eax.h @@ -21,6 +21,8 @@ public: // AuthenticatedSymmetricCipher std::string AlgorithmName() const {return GetMAC().GetCipher().AlgorithmName() + std::string("/EAX");} + std::string AlgorithmProvider() const + {return GetMAC().GetCipher().AlgorithmProvider();} size_t MinKeyLength() const {return GetMAC().MinKeyLength();} size_t MaxKeyLength() const @@ -76,6 +78,8 @@ class EAX_Final : public EAX_Base public: static std::string StaticAlgorithmName() {return T_BlockCipher::StaticAlgorithmName() + std::string("/EAX");} + std::string AlgorithmProvider() const + {return m_cmac.AlgorithmProvider();} bool IsForwardTransformation() const {return T_IsEncryption;} diff --git a/vendor/cryptopp/vendor_cryptopp/ec2n.cpp b/vendor/cryptopp/vendor_cryptopp/ec2n.cpp index 3b6cf2a2..97763232 100644 --- a/vendor/cryptopp/vendor_cryptopp/ec2n.cpp +++ b/vendor/cryptopp/vendor_cryptopp/ec2n.cpp @@ -11,6 +11,24 @@ #include "algebra.cpp" #include "eprecomp.cpp" +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::EC2N; + +#if defined(HAVE_GCC_INIT_PRIORITY) + const EC2N::Point g_identity __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 50))) = EC2N::Point(); +#elif defined(HAVE_MSC_INIT_PRIORITY) + #pragma warning(disable: 4075) + #pragma init_seg(".CRT$XCU") + const EC2N::Point g_identity; + #pragma warning(default: 4075) +#elif defined(HAVE_XLC_INIT_PRIORITY) + #pragma priority(290) + const EC2N::Point g_identity; +#endif + +ANONYMOUS_NAMESPACE_END + NAMESPACE_BEGIN(CryptoPP) EC2N::EC2N(BufferedTransformation &bt) @@ -103,7 +121,7 @@ void EC2N::EncodePoint(BufferedTransformation &bt, const Point &P, bool compress NullStore().TransferTo(bt, EncodedPointSize(compressed)); else if (compressed) { - bt.Put(2 + (!P.x ? 0 : m_field->Divide(P.y, P.x).GetBit(0))); + bt.Put((byte)(2U + (!P.x ? 0U : m_field->Divide(P.y, P.x).GetBit(0)))); P.x.Encode(bt, m_field->MaxElementByteLength()); } else @@ -177,7 +195,14 @@ bool EC2N::Equal(const Point &P, const Point &Q) const const EC2N::Point& EC2N::Identity() const { +#if defined(HAVE_GCC_INIT_PRIORITY) || defined(HAVE_MSC_INIT_PRIORITY) || defined(HAVE_XLC_INIT_PRIORITY) + return g_identity; +#elif defined(CRYPTOPP_CXX11_DYNAMIC_INIT) + static const EC2N::Point g_identity; + return g_identity; +#else return Singleton().Ref(); +#endif } const EC2N::Point& EC2N::Inverse(const Point &P) const diff --git a/vendor/cryptopp/vendor_cryptopp/eccrypto.cpp b/vendor/cryptopp/vendor_cryptopp/eccrypto.cpp index 60a86b66..eed99a17 100644 --- a/vendor/cryptopp/vendor_cryptopp/eccrypto.cpp +++ b/vendor/cryptopp/vendor_cryptopp/eccrypto.cpp @@ -28,6 +28,11 @@ #include "ec2n.h" #include "misc.h" +// Squash MS LNK4221 and libtool warnings +#ifndef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES +extern const char ECCRYPTO_FNAME[] = __FILE__; +#endif + NAMESPACE_BEGIN(CryptoPP) #if 0 @@ -485,7 +490,7 @@ bool DL_GroupParameters_EC::GetVoidValue(const char *name, const std::type_i { if (strcmp(name, Name::GroupOID()) == 0) { - if (m_oid.GetValues().empty()) + if (m_oid.Empty()) return false; this->ThrowIfTypeMismatch(name, typeid(OID), valueType); @@ -563,7 +568,7 @@ void DL_GroupParameters_EC::BERDecode(BufferedTransformation &bt) template void DL_GroupParameters_EC::DEREncode(BufferedTransformation &bt) const { - if (m_encodeAsOID && !m_oid.GetValues().empty()) + if (m_encodeAsOID && !m_oid.Empty()) m_oid.DEREncode(bt); else { diff --git a/vendor/cryptopp/vendor_cryptopp/ecp.cpp b/vendor/cryptopp/vendor_cryptopp/ecp.cpp index 73f66685..f5aa08e3 100644 --- a/vendor/cryptopp/vendor_cryptopp/ecp.cpp +++ b/vendor/cryptopp/vendor_cryptopp/ecp.cpp @@ -12,19 +12,36 @@ #include "filters.h" #include "algebra.cpp" -NAMESPACE_BEGIN(CryptoPP) - ANONYMOUS_NAMESPACE_BEGIN -static inline ECP::Point ToMontgomery(const ModularArithmetic &mr, const ECP::Point &P) + +using CryptoPP::ECP; +using CryptoPP::ModularArithmetic; + +#if defined(HAVE_GCC_INIT_PRIORITY) + const ECP::Point g_identity __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 51))) = ECP::Point(); +#elif defined(HAVE_MSC_INIT_PRIORITY) + #pragma warning(disable: 4075) + #pragma init_seg(".CRT$XCU") + const ECP::Point g_identity; + #pragma warning(default: 4075) +#elif defined(HAVE_XLC_INIT_PRIORITY) + #pragma priority(290) + const ECP::Point g_identity; +#endif + +inline ECP::Point ToMontgomery(const ModularArithmetic &mr, const ECP::Point &P) { return P.identity ? P : ECP::Point(mr.ConvertIn(P.x), mr.ConvertIn(P.y)); } -static inline ECP::Point FromMontgomery(const ModularArithmetic &mr, const ECP::Point &P) +inline ECP::Point FromMontgomery(const ModularArithmetic &mr, const ECP::Point &P) { return P.identity ? P : ECP::Point(mr.ConvertOut(P.x), mr.ConvertOut(P.y)); } -NAMESPACE_END + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) ECP::ECP(const ECP &ecp, bool convertToMontgomeryRepresentation) { @@ -124,13 +141,13 @@ void ECP::EncodePoint(BufferedTransformation &bt, const Point &P, bool compresse NullStore().TransferTo(bt, EncodedPointSize(compressed)); else if (compressed) { - bt.Put(2 + P.y.GetBit(0)); + bt.Put((byte)(2U + P.y.GetBit(0))); P.x.Encode(bt, GetField().MaxElementByteLength()); } else { unsigned int len = GetField().MaxElementByteLength(); - bt.Put(4); // uncompressed + bt.Put(4U); // uncompressed P.x.Encode(bt, len); P.y.Encode(bt, len); } @@ -201,7 +218,14 @@ bool ECP::Equal(const Point &P, const Point &Q) const const ECP::Point& ECP::Identity() const { +#if defined(HAVE_GCC_INIT_PRIORITY) || defined(HAVE_MSC_INIT_PRIORITY) || defined(HAVE_XLC_INIT_PRIORITY) + return g_identity; +#elif defined(CRYPTOPP_CXX11_DYNAMIC_INIT) + static const ECP::Point g_identity; + return g_identity; +#else return Singleton().Ref(); +#endif } const ECP::Point& ECP::Inverse(const Point &P) const diff --git a/vendor/cryptopp/vendor_cryptopp/elgamal.cpp b/vendor/cryptopp/vendor_cryptopp/elgamal.cpp index 13c2a9be..9871c538 100644 --- a/vendor/cryptopp/vendor_cryptopp/elgamal.cpp +++ b/vendor/cryptopp/vendor_cryptopp/elgamal.cpp @@ -5,6 +5,9 @@ #include "asn.h" #include "nbtheory.h" +// Squash MS LNK4221 and libtool warnings +extern const char ELGAMAL_FNAME[] = __FILE__; + NAMESPACE_BEGIN(CryptoPP) #if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) diff --git a/vendor/cryptopp/vendor_cryptopp/filters.cpp b/vendor/cryptopp/vendor_cryptopp/filters.cpp index 3bd0c3df..c07e912c 100644 --- a/vendor/cryptopp/vendor_cryptopp/filters.cpp +++ b/vendor/cryptopp/vendor_cryptopp/filters.cpp @@ -189,7 +189,7 @@ size_t MeterFilter::PutMaybeModifiable(byte *begin, size_t length, int messageEn FILTER_OUTPUT_MAYBE_MODIFIABLE(1, m_begin, t = (size_t)SaturatingSubtract(m_rangesToSkip.front().position, m_currentMessageBytes), false, modifiable); CRYPTOPP_ASSERT(t < m_length); - m_begin += t; + m_begin = PtrAdd(m_begin, t); m_length -= t; m_currentMessageBytes += t; m_totalBytes += t; @@ -203,7 +203,7 @@ size_t MeterFilter::PutMaybeModifiable(byte *begin, size_t length, int messageEn m_rangesToSkip.pop_front(); } - m_begin += t; + m_begin = PtrAdd(m_begin, t); m_length -= t; m_currentMessageBytes += t; m_totalBytes += t; @@ -264,7 +264,7 @@ byte *FilterWithBufferedInput::BlockQueue::GetBlock() if (m_size >= m_blockSize) { byte *ptr = m_begin; - if ((m_begin+=m_blockSize) == m_buffer.end()) + if ((m_begin = PtrAdd(m_begin, m_blockSize)) == m_buffer.end()) m_begin = m_buffer; m_size -= m_blockSize; return ptr; @@ -275,9 +275,9 @@ byte *FilterWithBufferedInput::BlockQueue::GetBlock() byte *FilterWithBufferedInput::BlockQueue::GetContigousBlocks(size_t &numberOfBytes) { - numberOfBytes = STDMIN(numberOfBytes, STDMIN(size_t(m_buffer.end()-m_begin), m_size)); + numberOfBytes = STDMIN(numberOfBytes, STDMIN(PtrDiff(m_buffer.end(), m_begin), m_size)); byte *ptr = m_begin; - m_begin += numberOfBytes; + m_begin = PtrAdd(m_begin, numberOfBytes); m_size -= numberOfBytes; if (m_size == 0 || m_begin == m_buffer.end()) m_begin = m_buffer; @@ -293,7 +293,7 @@ size_t FilterWithBufferedInput::BlockQueue::GetAll(byte *outString) size_t numberOfBytes = m_maxBlocks*m_blockSize; const byte *ptr = GetContigousBlocks(numberOfBytes); memcpy(outString, ptr, numberOfBytes); - memcpy(outString+numberOfBytes, m_begin, m_size); + memcpy(PtrAdd(outString, numberOfBytes), m_begin, m_size); m_size = 0; return size; } @@ -304,11 +304,12 @@ void FilterWithBufferedInput::BlockQueue::Put(const byte *inString, size_t lengt if (!inString || !length) return; CRYPTOPP_ASSERT(m_size + length <= m_buffer.size()); - byte *end = (m_size < size_t(m_buffer.end()-m_begin)) ? m_begin + m_size : m_begin + m_size - m_buffer.size(); + byte *end = (m_size < static_cast(PtrDiff(m_buffer.end(), m_begin)) ? + PtrAdd(m_begin, m_size) : PtrAdd(m_begin, m_size - m_buffer.size())); size_t len = STDMIN(length, size_t(m_buffer.end()-end)); memcpy(end, inString, len); if (len < length) - memcpy(m_buffer, inString+len, length-len); + memcpy(m_buffer, PtrAdd(inString, len), length-len); m_size += length; } @@ -364,7 +365,7 @@ size_t FilterWithBufferedInput::PutMaybeModifiable(byte *inString, size_t length CRYPTOPP_ASSERT(m_queue.CurrentSize() == 0); m_queue.ResetQueue(m_blockSize, (2*m_blockSize+m_lastSize-2)/m_blockSize); - inString += len; + inString = PtrAdd(inString, len); newLength -= m_firstSize; m_firstInputDone = true; } @@ -385,7 +386,7 @@ size_t FilterWithBufferedInput::PutMaybeModifiable(byte *inString, size_t length { size_t len = newLength - m_lastSize; NextPutMaybeModifiable(inString, len, modifiable); - inString += len; + inString = PtrAdd(inString, len); newLength -= len; } } @@ -402,7 +403,7 @@ size_t FilterWithBufferedInput::PutMaybeModifiable(byte *inString, size_t length CRYPTOPP_ASSERT(m_queue.CurrentSize() < m_blockSize); size_t len = m_blockSize - m_queue.CurrentSize(); m_queue.Put(inString, len); - inString += len; + inString = PtrAdd(inString, len); NextPutModifiable(m_queue.GetBlock(), m_blockSize); newLength -= m_blockSize; } @@ -411,7 +412,7 @@ size_t FilterWithBufferedInput::PutMaybeModifiable(byte *inString, size_t length { size_t len = RoundDownToMultipleOf(newLength - m_lastSize, m_blockSize); NextPutMaybeModifiable(inString, len, modifiable); - inString += len; + inString = PtrAdd(inString, len); newLength -= len; } } @@ -463,7 +464,7 @@ void FilterWithBufferedInput::NextPutMultiple(const byte *inString, size_t lengt { CRYPTOPP_ASSERT(length >= m_blockSize); NextPutSingle(inString); - inString += m_blockSize; + inString = PtrAdd(inString, m_blockSize); length -= m_blockSize; } } @@ -541,7 +542,7 @@ size_t ArraySink::Put2(const byte *begin, size_t length, int messageEnd, bool bl if (m_buf && begin) { copied = STDMIN(length, SaturatingSubtract(m_size, m_total)); - memmove(m_buf+m_total, begin, copied); + memmove(PtrAdd(m_buf, m_total), begin, copied); } m_total += copied; return length - copied; @@ -550,7 +551,7 @@ size_t ArraySink::Put2(const byte *begin, size_t length, int messageEnd, bool bl byte * ArraySink::CreatePutSpace(size_t &size) { size = SaturatingSubtract(m_size, m_total); - return m_buf + m_total; + return PtrAdd(m_buf, m_total); } void ArraySink::IsolatedInitialize(const NameValuePairs ¶meters) @@ -571,7 +572,7 @@ size_t ArrayXorSink::Put2(const byte *begin, size_t length, int messageEnd, bool if (m_buf && begin) { copied = STDMIN(length, SaturatingSubtract(m_size, m_total)); - xorbuf(m_buf+m_total, begin, copied); + xorbuf(PtrAdd(m_buf, m_total), begin, copied); } m_total += copied; return length - copied; @@ -679,7 +680,7 @@ void StreamTransformationFilter::NextPutMultiple(const byte *inString, size_t le len = length; m_cipher.ProcessString(space, inString, len); AttachedTransformation()->PutModifiable(space, len); - inString += len; + inString = PtrAdd(inString, len); length -= len; } while (length > 0); @@ -693,15 +694,13 @@ void StreamTransformationFilter::NextPutModifiable(byte *inString, size_t length void StreamTransformationFilter::LastPut(const byte *inString, size_t length) { - byte *space = NULLPTR; - -#if 1 - // This block is new to StreamTransformationFilter. It somewhat of a hack and was added - // for OCB mode; see GitHub Issue 515. The rub with OCB is, its a block cipher and the - // last block size can be 0. However, "last block = 0" is not the 0 predacted in the - // original code. In the orginal code 0 means "nothing special" so DEFAULT_PADDING is - // applied. OCB's 0 literally means a final block size can be 0 or non-0; and no padding - // is needed in either case because OCB has its own scheme (see handling of P_* and A_*). + // This block is new to StreamTransformationFilter. It is somewhat of a hack and was + // added for OCB mode; see GitHub Issue 515. The rub with OCB is, its a block cipher + // and the last block size can be 0. However, "last block = 0" is not the 0 predicated + // in the original code. In the orginal code 0 means "nothing special" so + // DEFAULT_PADDING is applied. OCB's 0 literally means a final block size can be 0 or + // non-0; and no padding is needed in either case because OCB has its own scheme (see + // handling of P_* and A_*). // Stream ciphers have policy objects to convey how to operate the cipher. The Crypto++ // framework operates well when MinLastBlockSize() is 1. However, it did not appear to // cover the OCB case either because we can't stream OCB. It needs full block sizes. In @@ -714,19 +713,19 @@ void StreamTransformationFilter::LastPut(const byte *inString, size_t length) // In some respect we have already hit the need for more information. For example, OCB // calculates the checksum on the cipher text at the same time, so we don't need the // disjoint behavior of calling "EncryptBlock" followed by a separate "AuthenticateBlock". - // Additional information may allow us to avoid the two spearate calls. + // Additional information may allow us to avoid the two separate calls. if (m_isSpecial) { const size_t leftOver = length % m_mandatoryBlockSize; - space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, m_reservedBufferSize); - + byte* space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, m_reservedBufferSize); length -= leftOver; + if (length) { // Process full blocks m_cipher.ProcessData(space, inString, length); AttachedTransformation()->Put(space, length); - inString += length; + inString = PtrAdd(inString, length); } if (leftOver) @@ -744,7 +743,6 @@ void StreamTransformationFilter::LastPut(const byte *inString, size_t length) return; } -#endif switch (m_padding) { @@ -759,9 +757,9 @@ void StreamTransformationFilter::LastPut(const byte *inString, size_t length) { // do padding size_t blockSize = STDMAX(minLastBlockSize, (size_t)m_mandatoryBlockSize); - space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, blockSize); + byte* space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, blockSize); if (inString) {memcpy(space, inString, length);} - memset(space + length, 0, blockSize - length); + memset(PtrAdd(space, length), 0, blockSize - length); size_t used = m_cipher.ProcessLastBlock(space, blockSize, space, blockSize); AttachedTransformation()->Put(space, used); } @@ -775,7 +773,7 @@ void StreamTransformationFilter::LastPut(const byte *inString, size_t length) throw InvalidCiphertext("StreamTransformationFilter: ciphertext length is not a multiple of block size"); } - space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, length, m_optimalBufferSize); + byte* space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, length, m_optimalBufferSize); size_t used = m_cipher.ProcessLastBlock(space, length, inString, length); AttachedTransformation()->Put(space, used); } @@ -786,6 +784,7 @@ void StreamTransformationFilter::LastPut(const byte *inString, size_t length) case W3C_PADDING: case ONE_AND_ZEROS_PADDING: unsigned int s; + byte* space; s = m_mandatoryBlockSize; CRYPTOPP_ASSERT(s > 1); space = HelpCreatePutSpace(*AttachedTransformation(), DEFAULT_CHANNEL, s, m_optimalBufferSize); @@ -797,18 +796,18 @@ void StreamTransformationFilter::LastPut(const byte *inString, size_t length) { CRYPTOPP_ASSERT(s < 256); byte pad = static_cast(s-length); - memset(space+length, pad, s-length); + memset(PtrAdd(space, length), pad, s-length); } else if (m_padding == W3C_PADDING) { CRYPTOPP_ASSERT(s < 256); - memset(space+length, 0, s-length-1); + memset(PtrAdd(space, length), 0, s-length-1); space[s-1] = static_cast(s-length); } else { space[length] = 0x80; - memset(space+length+1, 0, s-length-1); + memset(PtrAdd(space, length+1), 0, s-length-1); } m_cipher.ProcessData(space, space, s); AttachedTransformation()->Put(space, s); @@ -821,7 +820,7 @@ void StreamTransformationFilter::LastPut(const byte *inString, size_t length) if (m_padding == PKCS_PADDING) { byte pad = space[s-1]; - if (pad < 1 || pad > s || FindIfNot(space+s-pad, space+s, pad) != space+s) + if (pad < 1 || pad > s || FindIfNot(PtrAdd(space, s-pad), PtrAdd(space, s), pad) != PtrAdd(space, s)) throw InvalidCiphertext("StreamTransformationFilter: invalid PKCS #7 block padding found"); length = s-pad; } @@ -1196,7 +1195,7 @@ size_t StringStore::TransferTo2(BufferedTransformation &target, lword &transferB { lword position = 0; size_t blockedBytes = CopyRangeTo2(target, position, transferBytes, channel, blocking); - m_count += (size_t)position; + m_count += static_cast(position); transferBytes = position; return blockedBytes; } @@ -1205,9 +1204,9 @@ size_t StringStore::CopyRangeTo2(BufferedTransformation &target, lword &begin, l { size_t i = UnsignedMin(m_length, m_count+begin); size_t len = UnsignedMin(m_length-i, end-begin); - size_t blockedBytes = target.ChannelPut2(channel, m_store+i, len, 0, blocking); + size_t blockedBytes = target.ChannelPut2(channel, PtrAdd(m_store, i), len, 0, blocking); if (!blockedBytes) - begin += len; + begin = PtrAdd(begin, len); return blockedBytes; } @@ -1240,7 +1239,7 @@ size_t NullStore::CopyRangeTo2(BufferedTransformation &target, lword &begin, lwo size_t blockedBytes = target.ChannelPut2(channel, nullBytes, len, 0, blocking); if (blockedBytes) return blockedBytes; - begin += len; + begin = PtrAdd(begin, len); } return 0; } @@ -1249,8 +1248,7 @@ size_t NullStore::TransferTo2(BufferedTransformation &target, lword &transferByt { lword begin = 0; size_t blockedBytes = NullStore::CopyRangeTo2(target, begin, transferBytes, channel, blocking); - transferBytes = begin; - m_size -= begin; + transferBytes = begin; m_size -= begin; return blockedBytes; } diff --git a/vendor/cryptopp/vendor_cryptopp/filters.h b/vendor/cryptopp/vendor_cryptopp/filters.h index c9a4c092..0118a4ac 100644 --- a/vendor/cryptopp/vendor_cryptopp/filters.h +++ b/vendor/cryptopp/vendor_cryptopp/filters.h @@ -865,12 +865,12 @@ public: /// \brief Stop redirecting input void StopRedirection() {m_target = NULLPTR;} - Behavior GetBehavior() {return (Behavior) m_behavior;} + Behavior GetBehavior() {return static_cast(m_behavior);} void SetBehavior(Behavior behavior) {m_behavior=behavior;} bool GetPassSignals() const {return (m_behavior & PASS_SIGNALS) != 0;} - void SetPassSignals(bool pass) { if (pass) m_behavior |= PASS_SIGNALS; else m_behavior &= ~(word32) PASS_SIGNALS; } + void SetPassSignals(bool pass) { if (pass) m_behavior |= PASS_SIGNALS; else m_behavior &= ~static_cast(PASS_SIGNALS); } bool GetPassWaitObjects() const {return (m_behavior & PASS_WAIT_OBJECTS) != 0;} - void SetPassWaitObjects(bool pass) { if (pass) m_behavior |= PASS_WAIT_OBJECTS; else m_behavior &= ~(word32) PASS_WAIT_OBJECTS; } + void SetPassWaitObjects(bool pass) { if (pass) m_behavior |= PASS_WAIT_OBJECTS; else m_behavior &= ~static_cast(PASS_WAIT_OBJECTS); } bool CanModifyInput() const {return m_target ? m_target->CanModifyInput() : false;} @@ -1063,12 +1063,13 @@ template class StringSinkTemplate : public Bufferless { public: + typedef typename T::value_type value_type; virtual ~StringSinkTemplate() {} /// \brief Construct a StringSinkTemplate - /// \param output std::basic_string type + /// \param output std::basic_string or std::vector type StringSinkTemplate(T &output) - : m_output(&output) {CRYPTOPP_ASSERT(sizeof(output[0])==1);} + : m_output(&output) {CRYPTOPP_ASSERT(sizeof(value_type)==1);} void IsolatedInitialize(const NameValuePairs ¶meters) {if (!parameters.GetValue("OutputStringPointer", m_output)) throw InvalidArgument("StringSink: OutputStringPointer not specified");} @@ -1076,14 +1077,12 @@ public: size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) { CRYPTOPP_UNUSED(messageEnd); CRYPTOPP_UNUSED(blocking); - typedef typename T::traits_type::char_type char_type; - if (length > 0) { typename T::size_type size = m_output->size(); if (length < size && size + length > m_output->capacity()) m_output->reserve(2*size); - m_output->append((const char_type *)inString, (const char_type *)inString+length); + m_output->insert(m_output->end(), (const value_type *)inString, (const value_type *)inString+length); } return 0; } @@ -1099,6 +1098,11 @@ private: DOCUMENTED_TYPEDEF(StringSinkTemplate, StringSink) CRYPTOPP_DLL_TEMPLATE_CLASS StringSinkTemplate; +/// \brief Append input to a std::vector object +/// \details VectorSink is a typedef for StringSinkTemplate >. +DOCUMENTED_TYPEDEF(StringSinkTemplate >, VectorSink) +CRYPTOPP_DLL_TEMPLATE_CLASS StringSinkTemplate >; + /// \brief Incorporates input into RNG as additional entropy /// \since Crypto++ 4.0 class RandomNumberSink : public Bufferless @@ -1288,37 +1292,44 @@ public: //@{ /// \brief Pump data to attached transformation - /// \param pumpMax the maximpum number of bytes to pump + /// \param pumpMax the maximum number of bytes to pump /// \returns the number of bytes that remain in the block (i.e., bytes not processed) /// \details Internally, Pump() calls Pump2(). - /// \note pumpMax is a \p lword, which is a 64-bit value that typically uses \p LWORD_MAX. The default - /// argument is a \p size_t that uses \p SIZE_MAX, and it can be 32-bits or 64-bits. - lword Pump(lword pumpMax=(size_t)SIZE_MAX) + /// \note pumpMax is a lword, which is a 64-bit value that typically uses + /// LWORD_MAX. The default argument is SIZE_MAX, and it can be + /// 32-bits or 64-bits. + /// \sa Pump2, PumpAll, AnyRetrievable, MaxRetrievable + lword Pump(lword pumpMax=SIZE_MAX) {Pump2(pumpMax); return pumpMax;} /// \brief Pump messages to attached transformation - /// \param count the maximpum number of messages to pump + /// \param count the maximum number of messages to pump /// \returns TODO /// \details Internally, PumpMessages() calls PumpMessages2(). unsigned int PumpMessages(unsigned int count=UINT_MAX) {PumpMessages2(count); return count;} /// \brief Pump all data to attached transformation - /// \details Internally, PumpAll() calls PumpAll2(). + /// \details Pumps all data to the attached transformation and signal the end of the current + /// message. To avoid the MessageEnd() signal call \ref Pump "Pump(LWORD_MAX)" or \ref Pump2 + /// "Pump2(LWORD_MAX, bool)". + /// \details Internally, PumpAll() calls PumpAll2(), which calls PumpMessages(). + /// \sa Pump, Pump2, AnyRetrievable, MaxRetrievable void PumpAll() {PumpAll2();} /// \brief Pump data to attached transformation - /// \param byteCount the maximpum number of bytes to pump + /// \param byteCount the maximum number of bytes to pump /// \param blocking specifies whether the object should block when processing input /// \returns the number of bytes that remain in the block (i.e., bytes not processed) /// \details byteCount is an \a IN and \a OUT parameter. When the call is made, byteCount is the /// requested size of the pump. When the call returns, byteCount is the number of bytes that /// were pumped. + /// \sa Pump, PumpAll, AnyRetrievable, MaxRetrievable virtual size_t Pump2(lword &byteCount, bool blocking=true) =0; /// \brief Pump messages to attached transformation - /// \param messageCount the maximpum number of messages to pump + /// \param messageCount the maximum number of messages to pump /// \param blocking specifies whether the object should block when processing input /// \details messageCount is an IN and OUT parameter. virtual size_t PumpMessages2(unsigned int &messageCount, bool blocking=true) =0; @@ -1326,6 +1337,7 @@ public: /// \brief Pump all data to attached transformation /// \param blocking specifies whether the object should block when processing input /// \returns the number of bytes that remain in the block (i.e., bytes not processed) + /// \sa Pump, Pump2, AnyRetrievable, MaxRetrievable virtual size_t PumpAll2(bool blocking=true); /// \brief Determines if the Source is exhausted @@ -1414,6 +1426,24 @@ public: /// \since Crypto++ 5.6.0 DOCUMENTED_TYPEDEF(StringSource, ArraySource) +/// \brief std::vector-based implementation of the Source interface +/// \since Crypto++ 8.0 +class CRYPTOPP_DLL VectorSource : public SourceTemplate +{ +public: + /// \brief Construct a VectorSource + /// \param attachment an optional attached transformation + VectorSource(BufferedTransformation *attachment = NULLPTR) + : SourceTemplate(attachment) {} + + /// \brief Construct a VectorSource + /// \param vec vector of bytes + /// \param pumpAll flag indicating if source data should be pumped to its attached transformation + /// \param attachment an optional attached transformation + VectorSource(const std::vector &vec, bool pumpAll, BufferedTransformation *attachment = NULLPTR) + : SourceTemplate(attachment) {SourceInitialize(pumpAll, MakeParameters("InputBuffer", ConstByteArrayParameter(vec)));} +}; + /// \brief RNG-based implementation of Source interface /// \since Crypto++ 4.0 class CRYPTOPP_DLL RandomNumberSource : public SourceTemplate diff --git a/vendor/cryptopp/vendor_cryptopp/fips140.cpp b/vendor/cryptopp/vendor_cryptopp/fips140.cpp index f95f4005..bbccde55 100644 --- a/vendor/cryptopp/vendor_cryptopp/fips140.cpp +++ b/vendor/cryptopp/vendor_cryptopp/fips140.cpp @@ -6,7 +6,6 @@ #include "fips140.h" #include "misc.h" -#include "trdlocal.h" // needs to be included last for cygwin NAMESPACE_BEGIN(CryptoPP) @@ -16,10 +15,6 @@ NAMESPACE_BEGIN(CryptoPP) #define CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 0 #endif -#if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(THREADS_AVAILABLE)) -#error FIPS 140-2 compliance requires the availability of thread local storage. -#endif - #if (CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 && !defined(OS_RNG_AVAILABLE)) #error FIPS 140-2 compliance requires the availability of OS provided RNG. #endif @@ -42,28 +37,25 @@ PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus() } #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 -ThreadLocalStorage & AccessPowerUpSelfTestInProgress() -{ - static ThreadLocalStorage selfTestInProgress; - return selfTestInProgress; -} +// One variable for all threads for compatibility. Previously this +// was a ThreadLocalStorage variable, which is per-thread. Also see +// https://github.com/weidai11/cryptopp/issues/208 +static bool s_inProgress = false; #endif bool PowerUpSelfTestInProgressOnThisThread() { #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 - return AccessPowerUpSelfTestInProgress().GetValue() != NULLPTR; -#else - CRYPTOPP_ASSERT(false); // should not be called - return false; + return s_inProgress; #endif + return false; } void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress) { CRYPTOPP_UNUSED(inProgress); #if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 - AccessPowerUpSelfTestInProgress().SetValue((void *)inProgress); + s_inProgress = inProgress; #endif } diff --git a/vendor/cryptopp/vendor_cryptopp/gcm-simd.cpp b/vendor/cryptopp/vendor_cryptopp/gcm-simd.cpp deleted file mode 100644 index ed005793..00000000 --- a/vendor/cryptopp/vendor_cryptopp/gcm-simd.cpp +++ /dev/null @@ -1,647 +0,0 @@ -// gcm-simd.cpp - written and placed in the public domain by -// Jeffrey Walton, Uri Blumenthal and Marcel Raad. -// -// This source file uses intrinsics to gain access to SSE4.2 and -// ARMv8a CRC-32 and CRC-32C instructions. A separate source file -// is needed because additional CXXFLAGS are required to enable -// the appropriate instructions sets in some build configurations. - -#include "pch.h" -#include "config.h" -#include "misc.h" - -// Clang 3.3 integrated assembler crash on Linux. Other versions produce incorrect results. -// Clang has never handled Intel ASM very well. I wish LLVM would fix it. -#if defined(__clang__) -# undef CRYPTOPP_X86_ASM_AVAILABLE -# undef CRYPTOPP_X32_ASM_AVAILABLE -# undef CRYPTOPP_X64_ASM_AVAILABLE -# undef CRYPTOPP_SSE2_ASM_AVAILABLE -#endif - -// SunCC 12.3 - 12.5 crash in GCM_Reduce_CLMUL -// http://github.com/weidai11/cryptopp/issues/226 -#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5140) -# undef CRYPTOPP_CLMUL_AVAILABLE -#endif - -// Clang and GCC hoops... -#if !(defined(__ARM_FEATURE_CRYPTO) || defined(_MSC_VER)) -# undef CRYPTOPP_ARM_PMULL_AVAILABLE -#endif - -#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE) -# include -#endif - -#if (CRYPTOPP_CLMUL_AVAILABLE) -# include -# include -#endif - -#if (CRYPTOPP_ARM_NEON_AVAILABLE) -# include -#endif - -// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many -// compilers don't follow ACLE conventions for the include. -#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE) -# include -# include -#endif - -#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY -# include -# include -#endif - -#ifndef EXCEPTION_EXECUTE_HANDLER -# define EXCEPTION_EXECUTE_HANDLER 1 -#endif - -// Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670 -#define M128_CAST(x) ((__m128i *)(void *)(x)) -#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) - -// GCC cast warning -#define UINT64X2_CAST(x) ((uint64x2_t *)(void *)(x)) -#define CONST_UINT64X2_CAST(x) ((const uint64x2_t *)(const void *)(x)) - -ANONYMOUS_NAMESPACE_BEGIN - -// GCC 4.8 is missing PMULL gear -#if (CRYPTOPP_ARM_PMULL_AVAILABLE) -# if (CRYPTOPP_GCC_VERSION >= 40800) && (CRYPTOPP_GCC_VERSION < 49000) -inline poly128_t VMULL_P64(poly64_t a, poly64_t b) -{ - return __builtin_aarch64_crypto_pmulldi_ppp (a, b); -} - -inline poly128_t VMULL_HIGH_P64(poly64x2_t a, poly64x2_t b) -{ - return __builtin_aarch64_crypto_pmullv2di_ppp (a, b); -} -# else -inline poly128_t VMULL_P64(poly64_t a, poly64_t b) -{ - return vmull_p64(a, b); -} - -inline poly128_t VMULL_HIGH_P64(poly64x2_t a, poly64x2_t b) -{ - return vmull_high_p64(a, b); -} -# endif -#endif - -#if CRYPTOPP_ARM_PMULL_AVAILABLE -#if defined(__GNUC__) -// Schneiders, Hovsmith and O'Rourke used this trick. -// It results in much better code generation in production code -// by avoiding D-register spills when using vgetq_lane_u64. The -// problem does not surface under minimal test cases. -inline uint64x2_t PMULL_00(const uint64x2_t a, const uint64x2_t b) -{ - uint64x2_t r; - __asm __volatile("pmull %0.1q, %1.1d, %2.1d \n\t" - :"=w" (r) : "w" (a), "w" (b) ); - return r; -} - -inline uint64x2_t PMULL_01(const uint64x2_t a, const uint64x2_t b) -{ - uint64x2_t r; - __asm __volatile("pmull %0.1q, %1.1d, %2.1d \n\t" - :"=w" (r) : "w" (a), "w" (vget_high_u64(b)) ); - return r; -} - -inline uint64x2_t PMULL_10(const uint64x2_t a, const uint64x2_t b) -{ - uint64x2_t r; - __asm __volatile("pmull %0.1q, %1.1d, %2.1d \n\t" - :"=w" (r) : "w" (vget_high_u64(a)), "w" (b) ); - return r; -} - -inline uint64x2_t PMULL_11(const uint64x2_t a, const uint64x2_t b) -{ - uint64x2_t r; - __asm __volatile("pmull2 %0.1q, %1.2d, %2.2d \n\t" - :"=w" (r) : "w" (a), "w" (b) ); - return r; -} - -inline uint64x2_t VEXT_U8(uint64x2_t a, uint64x2_t b, unsigned int c) -{ - uint64x2_t r; - __asm __volatile("ext %0.16b, %1.16b, %2.16b, %3 \n\t" - :"=w" (r) : "w" (a), "w" (b), "I" (c) ); - return r; -} - -// https://github.com/weidai11/cryptopp/issues/366 -template -inline uint64x2_t VEXT_U8(uint64x2_t a, uint64x2_t b) -{ - uint64x2_t r; - __asm __volatile("ext %0.16b, %1.16b, %2.16b, %3 \n\t" - :"=w" (r) : "w" (a), "w" (b), "I" (C) ); - return r; -} -#endif // GCC and compatibles - -#if defined(_MSC_VER) -inline uint64x2_t PMULL_00(const uint64x2_t a, const uint64x2_t b) -{ - return (uint64x2_t)(vmull_p64(vgetq_lane_u64(vreinterpretq_u64_u8(a),0), - vgetq_lane_u64(vreinterpretq_u64_u8(b),0))); -} - -inline uint64x2_t PMULL_01(const uint64x2_t a, const uint64x2_t b) -{ - return (uint64x2_t)(vmull_p64(vgetq_lane_u64(vreinterpretq_u64_u8(a),0), - vgetq_lane_u64(vreinterpretq_u64_u8(b),1))); -} - -inline uint64x2_t PMULL_10(const uint64x2_t a, const uint64x2_t b) -{ - return (uint64x2_t)(vmull_p64(vgetq_lane_u64(vreinterpretq_u64_u8(a),1), - vgetq_lane_u64(vreinterpretq_u64_u8(b),0))); -} - -inline uint64x2_t PMULL_11(const uint64x2_t a, const uint64x2_t b) -{ - return (uint64x2_t)(vmull_p64(vgetq_lane_u64(vreinterpretq_u64_u8(a),1), - vgetq_lane_u64(vreinterpretq_u64_u8(b),1))); -} - -inline uint64x2_t VEXT_U8(uint64x2_t a, uint64x2_t b, unsigned int c) -{ - return (uint64x2_t)vextq_u8(vreinterpretq_u8_u64(a), vreinterpretq_u8_u64(b), c); -} - -// https://github.com/weidai11/cryptopp/issues/366 -template -inline uint64x2_t VEXT_U8(uint64x2_t a, uint64x2_t b) -{ - return (uint64x2_t)vextq_u8(vreinterpretq_u8_u64(a), vreinterpretq_u8_u64(b), C); -} -#endif // Microsoft and compatibles -#endif // CRYPTOPP_ARM_PMULL_AVAILABLE - -ANONYMOUS_NAMESPACE_END - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY -extern "C" { - typedef void (*SigHandler)(int); - - static jmp_buf s_jmpSIGILL; - static void SigIllHandler(int) - { - longjmp(s_jmpSIGILL, 1); - } -} -#endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY - -#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64) -bool CPU_ProbePMULL() -{ -#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) - return false; -#elif (CRYPTOPP_ARM_PMULL_AVAILABLE) -# if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY) - volatile bool result = true; - __try - { - const poly64_t a1={0x9090909090909090}, b1={0xb0b0b0b0b0b0b0b0}; - const poly8x16_t a2={0x80,0x80,0x80,0x80,0x80,0x80,0x80,0x80,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0}, - b2={0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xe0,0xe0,0xe0,0xe0,0xe0,0xe0,0xe0,0xe0}; - - const poly128_t r1 = vmull_p64(a1, b1); - const poly128_t r2 = vmull_high_p64((poly64x2_t)(a2), (poly64x2_t)(b2)); - - // Linaro is missing vreinterpretq_u64_p128. Also see http://github.com/weidai11/cryptopp/issues/233. - const uint64x2_t& t1 = (uint64x2_t)(r1); // {bignum,bignum} - const uint64x2_t& t2 = (uint64x2_t)(r2); // {bignum,bignum} - - result = !!(vgetq_lane_u64(t1,0) == 0x5300530053005300 && vgetq_lane_u64(t1,1) == 0x5300530053005300 && - vgetq_lane_u64(t2,0) == 0x6c006c006c006c00 && vgetq_lane_u64(t2,1) == 0x6c006c006c006c00); - } - __except (EXCEPTION_EXECUTE_HANDLER) - { - return false; - } - return result; -# else - -# if defined(__APPLE__) - // No SIGILL probes on Apple platforms. Plus, Apple Clang does not have PMULL intrinsics. - return false; -# endif - - // longjmp and clobber warnings. Volatile is required. - // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 - volatile bool result = true; - - volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); - if (oldHandler == SIG_ERR) - return false; - - volatile sigset_t oldMask; - if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) - return false; - - if (setjmp(s_jmpSIGILL)) - result = false; - else - { - const poly64_t a1={0x9090909090909090}, b1={0xb0b0b0b0b0b0b0b0}; - const poly8x16_t a2={0x80,0x80,0x80,0x80,0x80,0x80,0x80,0x80,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0}, - b2={0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xe0,0xe0,0xe0,0xe0,0xe0,0xe0,0xe0,0xe0}; - - const poly128_t r1 = VMULL_P64(a1, b1); - const poly128_t r2 = VMULL_HIGH_P64((poly64x2_t)(a2), (poly64x2_t)(b2)); - - // Linaro is missing vreinterpretq_u64_p128. Also see http://github.com/weidai11/cryptopp/issues/233. - const uint64x2_t& t1 = (uint64x2_t)(r1); // {bignum,bignum} - const uint64x2_t& t2 = (uint64x2_t)(r2); // {bignum,bignum} - - result = !!(vgetq_lane_u64(t1,0) == 0x5300530053005300 && vgetq_lane_u64(t1,1) == 0x5300530053005300 && - vgetq_lane_u64(t2,0) == 0x6c006c006c006c00 && vgetq_lane_u64(t2,1) == 0x6c006c006c006c00); - } - - sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); - signal(SIGILL, oldHandler); - return result; -# endif -#else - return false; -#endif // CRYPTOPP_ARM_SHA_AVAILABLE -} -#endif // ARM32 or ARM64 - -#if CRYPTOPP_ARM_NEON_AVAILABLE -void GCM_Xor16_NEON(byte *a, const byte *b, const byte *c) -{ - CRYPTOPP_ASSERT(IsAlignedOn(a,GetAlignmentOf())); - CRYPTOPP_ASSERT(IsAlignedOn(b,GetAlignmentOf())); - CRYPTOPP_ASSERT(IsAlignedOn(c,GetAlignmentOf())); - *UINT64X2_CAST(a) = veorq_u64(*CONST_UINT64X2_CAST(b), *CONST_UINT64X2_CAST(c)); -} -#endif - -#if CRYPTOPP_ARM_PMULL_AVAILABLE - -ANONYMOUS_NAMESPACE_BEGIN - -CRYPTOPP_ALIGN_DATA(16) -const word64 s_clmulConstants64[] = { - W64LIT(0xe100000000000000), W64LIT(0xc200000000000000), // Used for ARM and x86; polynomial coefficients - W64LIT(0x08090a0b0c0d0e0f), W64LIT(0x0001020304050607), // Unused for ARM; used for x86 _mm_shuffle_epi8 - W64LIT(0x0001020304050607), W64LIT(0x08090a0b0c0d0e0f) // Unused for ARM; used for x86 _mm_shuffle_epi8 -}; - -const uint64x2_t *s_clmulConstants = (const uint64x2_t *)s_clmulConstants64; -const unsigned int s_clmulTableSizeInBlocks = 8; - -ANONYMOUS_NAMESPACE_END - -uint64x2_t GCM_Reduce_PMULL(uint64x2_t c0, uint64x2_t c1, uint64x2_t c2, const uint64x2_t &r) -{ - c1 = veorq_u64(c1, VEXT_U8<8>(vdupq_n_u64(0), c0)); - c1 = veorq_u64(c1, PMULL_01(c0, r)); - c0 = VEXT_U8<8>(c0, vdupq_n_u64(0)); - c0 = vshlq_n_u64(veorq_u64(c0, c1), 1); - c0 = PMULL_00(c0, r); - c2 = veorq_u64(c2, c0); - c2 = veorq_u64(c2, VEXT_U8<8>(c1, vdupq_n_u64(0))); - c1 = vshrq_n_u64(vcombine_u64(vget_low_u64(c1), vget_low_u64(c2)), 63); - c2 = vshlq_n_u64(c2, 1); - - return veorq_u64(c2, c1); -} - -uint64x2_t GCM_Multiply_PMULL(const uint64x2_t &x, const uint64x2_t &h, const uint64x2_t &r) -{ - const uint64x2_t c0 = PMULL_00(x, h); - const uint64x2_t c1 = veorq_u64(PMULL_10(x, h), PMULL_01(x, h)); - const uint64x2_t c2 = PMULL_11(x, h); - - return GCM_Reduce_PMULL(c0, c1, c2, r); -} - -void GCM_SetKeyWithoutResync_PMULL(const byte *hashKey, byte *mulTable, unsigned int tableSize) -{ - const uint64x2_t r = s_clmulConstants[0]; - const uint64x2_t t = vreinterpretq_u64_u8(vrev64q_u8(vld1q_u8(hashKey))); - const uint64x2_t h0 = vextq_u64(t, t, 1); - - uint64x2_t h = h0; - unsigned int i; - for (i=0; i(mtable); - uint64x2_t x = vreinterpretq_u64_u8(vld1q_u8(hbuffer)); - const uint64x2_t r = s_clmulConstants[0]; - - const size_t BLOCKSIZE = 16; - while (len >= BLOCKSIZE) - { - size_t s = UnsignedMin(len/BLOCKSIZE, s_clmulTableSizeInBlocks), i=0; - uint64x2_t d1, d2 = vreinterpretq_u64_u8(vrev64q_u8(vld1q_u8(data+(s-1)*BLOCKSIZE))); - uint64x2_t c0 = vdupq_n_u64(0); - uint64x2_t c1 = vdupq_n_u64(0); - uint64x2_t c2 = vdupq_n_u64(0); - - while (true) - { - const uint64x2_t h0 = vld1q_u64((const uint64_t*)(table+i)); - const uint64x2_t h1 = vld1q_u64((const uint64_t*)(table+i+1)); - const uint64x2_t h2 = veorq_u64(h0, h1); - - if (++i == s) - { - const uint64x2_t t1 = vreinterpretq_u64_u8(vrev64q_u8(vld1q_u8(data))); - d1 = veorq_u64(vextq_u64(t1, t1, 1), x); - c0 = veorq_u64(c0, PMULL_00(d1, h0)); - c2 = veorq_u64(c2, PMULL_10(d1, h1)); - d1 = veorq_u64(d1, (uint64x2_t)vcombine_u32(vget_high_u32(vreinterpretq_u32_u64(d1)), - vget_low_u32(vreinterpretq_u32_u64(d1)))); - c1 = veorq_u64(c1, PMULL_00(d1, h2)); - - break; - } - - d1 = vreinterpretq_u64_u8(vrev64q_u8(vld1q_u8(data+(s-i)*16-8))); - c0 = veorq_u64(c0, PMULL_10(d2, h0)); - c2 = veorq_u64(c2, PMULL_10(d1, h1)); - d2 = veorq_u64(d2, d1); - c1 = veorq_u64(c1, PMULL_10(d2, h2)); - - if (++i == s) - { - const uint64x2_t t2 = vreinterpretq_u64_u8(vrev64q_u8(vld1q_u8(data))); - d1 = veorq_u64(vextq_u64(t2, t2, 1), x); - c0 = veorq_u64(c0, PMULL_01(d1, h0)); - c2 = veorq_u64(c2, PMULL_11(d1, h1)); - d1 = veorq_u64(d1, (uint64x2_t)vcombine_u32(vget_high_u32(vreinterpretq_u32_u64(d1)), - vget_low_u32(vreinterpretq_u32_u64(d1)))); - c1 = veorq_u64(c1, PMULL_01(d1, h2)); - - break; - } - - const uint64x2_t t3 = vreinterpretq_u64_u8(vrev64q_u8(vld1q_u8(data+(s-i)*16-8))); - d2 = vextq_u64(t3, t3, 1); - c0 = veorq_u64(c0, PMULL_01(d1, h0)); - c2 = veorq_u64(c2, PMULL_01(d2, h1)); - d1 = veorq_u64(d1, d2); - c1 = veorq_u64(c1, PMULL_01(d1, h2)); - } - data += s*16; - len -= s*16; - - c1 = veorq_u64(veorq_u64(c1, c0), c2); - x = GCM_Reduce_PMULL(c0, c1, c2, r); - } - - vst1q_u64(reinterpret_cast(hbuffer), x); - return len; -} - -void GCM_ReverseHashBufferIfNeeded_PMULL(byte *hashBuffer) -{ - if (GetNativeByteOrder() != BIG_ENDIAN_ORDER) - { - const uint8x16_t x = vrev64q_u8(vld1q_u8(hashBuffer)); - vst1q_u8(hashBuffer, vextq_u8(x, x, 8)); - } -} -#endif - -#if CRYPTOPP_SSE2_INTRIN_AVAILABLE || CRYPTOPP_SSE2_ASM_AVAILABLE -// SunCC 5.10-5.11 compiler crash. Move GCM_Xor16_SSE2 out-of-line, and place in -// a source file with a SSE architecture switch. Also see GH #226 and GH #284. -void GCM_Xor16_SSE2(byte *a, const byte *b, const byte *c) -{ -# if CRYPTOPP_SSE2_ASM_AVAILABLE && defined(__GNUC__) - asm ("movdqa %1, %%xmm0; pxor %2, %%xmm0; movdqa %%xmm0, %0;" - : "=m" (a[0]) : "m"(b[0]), "m"(c[0])); -# else // CRYPTOPP_SSE2_INTRIN_AVAILABLE - _mm_store_si128(M128_CAST(a), _mm_xor_si128( - _mm_load_si128(CONST_M128_CAST(b)), - _mm_load_si128(CONST_M128_CAST(c)))); -# endif -} -#endif - -#if CRYPTOPP_CLMUL_AVAILABLE - -ANONYMOUS_NAMESPACE_BEGIN - -CRYPTOPP_ALIGN_DATA(16) -const word64 s_clmulConstants64[] = { - W64LIT(0xe100000000000000), W64LIT(0xc200000000000000), - W64LIT(0x08090a0b0c0d0e0f), W64LIT(0x0001020304050607), - W64LIT(0x0001020304050607), W64LIT(0x08090a0b0c0d0e0f)}; - -const __m128i *s_clmulConstants = CONST_M128_CAST(s_clmulConstants64); -const unsigned int s_cltableSizeInBlocks = 8; - -ANONYMOUS_NAMESPACE_END - -#if 0 -// preserved for testing -void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c) -{ - word64 Z0=0, Z1=0, V0, V1; - - typedef BlockGetAndPut Block; - Block::Get(a)(V0)(V1); - - for (int i=0; i<16; i++) - { - for (int j=0x80; j!=0; j>>=1) - { - int x = b[i] & j; - Z0 ^= x ? V0 : 0; - Z1 ^= x ? V1 : 0; - x = (int)V1 & 1; - V1 = (V1>>1) | (V0<<63); - V0 = (V0>>1) ^ (x ? W64LIT(0xe1) << 56 : 0); - } - } - Block::Put(NULLPTR, c)(Z0)(Z1); -} - -__m128i _mm_clmulepi64_si128(const __m128i &a, const __m128i &b, int i) -{ - word64 A[1] = {ByteReverse(((word64*)&a)[i&1])}; - word64 B[1] = {ByteReverse(((word64*)&b)[i>>4])}; - - PolynomialMod2 pa((byte *)A, 8); - PolynomialMod2 pb((byte *)B, 8); - PolynomialMod2 c = pa*pb; - - __m128i output; - for (int i=0; i<16; i++) - ((byte *)&output)[i] = c.GetByte(i); - return output; -} -#endif // Testing - -__m128i GCM_Reduce_CLMUL(__m128i c0, __m128i c1, __m128i c2, const __m128i &r) -{ - /* - The polynomial to be reduced is c0 * x^128 + c1 * x^64 + c2. c0t below refers to the most - significant half of c0 as a polynomial, which, due to GCM's bit reflection, are in the - rightmost bit positions, and the lowest byte addresses. - - c1 ^= c0t * 0xc200000000000000 - c2t ^= c0t - t = shift (c1t ^ c0b) left 1 bit - c2 ^= t * 0xe100000000000000 - c2t ^= c1b - shift c2 left 1 bit and xor in lowest bit of c1t - */ - c1 = _mm_xor_si128(c1, _mm_slli_si128(c0, 8)); - c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(c0, r, 0x10)); - c0 = _mm_srli_si128(c0, 8); - c0 = _mm_xor_si128(c0, c1); - c0 = _mm_slli_epi64(c0, 1); - c0 = _mm_clmulepi64_si128(c0, r, 0); - c2 = _mm_xor_si128(c2, c0); - c2 = _mm_xor_si128(c2, _mm_srli_si128(c1, 8)); - c1 = _mm_unpacklo_epi64(c1, c2); - c1 = _mm_srli_epi64(c1, 63); - c2 = _mm_slli_epi64(c2, 1); - return _mm_xor_si128(c2, c1); -} - -__m128i GCM_Multiply_CLMUL(const __m128i &x, const __m128i &h, const __m128i &r) -{ - const __m128i c0 = _mm_clmulepi64_si128(x,h,0); - const __m128i c1 = _mm_xor_si128(_mm_clmulepi64_si128(x,h,1), _mm_clmulepi64_si128(x,h,0x10)); - const __m128i c2 = _mm_clmulepi64_si128(x,h,0x11); - - return GCM_Reduce_CLMUL(c0, c1, c2, r); -} - -void GCM_SetKeyWithoutResync_CLMUL(const byte *hashKey, byte *mulTable, unsigned int tableSize) -{ - const __m128i r = s_clmulConstants[0]; - const __m128i h0 = _mm_shuffle_epi8(_mm_load_si128(CONST_M128_CAST(hashKey)), s_clmulConstants[1]); - - __m128i h = h0; - unsigned int i; - for (i=0; i= 16) - { - size_t s = UnsignedMin(len/16, s_cltableSizeInBlocks), i=0; - __m128i d1, d2 = _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(data+(s-1)*16)), mask2); - __m128i c0 = _mm_setzero_si128(); - __m128i c1 = _mm_setzero_si128(); - __m128i c2 = _mm_setzero_si128(); - - while (true) - { - const __m128i h0 = _mm_load_si128(table+i); - const __m128i h1 = _mm_load_si128(table+i+1); - const __m128i h2 = _mm_xor_si128(h0, h1); - - if (++i == s) - { - d1 = _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(data)), mask1); - d1 = _mm_xor_si128(d1, x); - c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d1, h0, 0)); - c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d1, h1, 1)); - d1 = _mm_xor_si128(d1, _mm_shuffle_epi32(d1, _MM_SHUFFLE(1, 0, 3, 2))); - c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d1, h2, 0)); - break; - } - - d1 = _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(data+(s-i)*16-8)), mask2); - c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d2, h0, 1)); - c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d1, h1, 1)); - d2 = _mm_xor_si128(d2, d1); - c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d2, h2, 1)); - - if (++i == s) - { - d1 = _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(data)), mask1); - d1 = _mm_xor_si128(d1, x); - c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d1, h0, 0x10)); - c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d1, h1, 0x11)); - d1 = _mm_xor_si128(d1, _mm_shuffle_epi32(d1, _MM_SHUFFLE(1, 0, 3, 2))); - c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d1, h2, 0x10)); - break; - } - - d2 = _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(data+(s-i)*16-8)), mask1); - c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d1, h0, 0x10)); - c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d2, h1, 0x10)); - d1 = _mm_xor_si128(d1, d2); - c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d1, h2, 0x10)); - } - data += s*16; - len -= s*16; - - c1 = _mm_xor_si128(_mm_xor_si128(c1, c0), c2); - x = GCM_Reduce_CLMUL(c0, c1, c2, r); - } - - _mm_store_si128(M128_CAST(hbuffer), x); - return len; -} - -void GCM_ReverseHashBufferIfNeeded_CLMUL(byte *hashBuffer) -{ - // SSSE3 instruction, but only used with CLMUL - __m128i &x = *M128_CAST(hashBuffer); - x = _mm_shuffle_epi8(x, s_clmulConstants[1]); -} -#endif - -NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/gcm.cpp b/vendor/cryptopp/vendor_cryptopp/gcm.cpp index f484cd7f..d1c3011c 100644 --- a/vendor/cryptopp/vendor_cryptopp/gcm.cpp +++ b/vendor/cryptopp/vendor_cryptopp/gcm.cpp @@ -12,35 +12,28 @@ #ifndef CRYPTOPP_IMPORTS #ifndef CRYPTOPP_GENERATE_X64_MASM -// Clang 3.3 integrated assembler crash on Linux. Other versions produce incorrect results. -// Clang has never handled Intel ASM very well. I wish LLVM would fix it. -#if defined(__clang__) +// Visual Studio .Net 2003 compiler crash +#if defined(_MSC_VER) && (_MSC_VER < 1400) +# pragma optimize("", off) +#endif + +#include "gcm.h" +#include "cpu.h" + +#if defined(CRYPTOPP_DISABLE_GCM_ASM) # undef CRYPTOPP_X86_ASM_AVAILABLE # undef CRYPTOPP_X32_ASM_AVAILABLE # undef CRYPTOPP_X64_ASM_AVAILABLE # undef CRYPTOPP_SSE2_ASM_AVAILABLE #endif -// SunCC 12.3 - 12.5 crash in GCM_Reduce_CLMUL -// http://github.com/weidai11/cryptopp/issues/226 -#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5140) -# undef CRYPTOPP_CLMUL_AVAILABLE -#endif - -#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE) -# include -#endif - -#include "gcm.h" -#include "cpu.h" - NAMESPACE_BEGIN(CryptoPP) #if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) // Different assemblers accept different mnemonics: 'movd eax, xmm0' vs // 'movd rax, xmm0' vs 'mov eax, xmm0' vs 'mov rax, xmm0' -#if (CRYPTOPP_LLVM_CLANG_VERSION >= 30600) || (CRYPTOPP_APPLE_CLANG_VERSION >= 70000) || defined(CRYPTOPP_CLANG_INTEGRATED_ASSEMBLER) -// 'movd eax, xmm0' only. REG_WORD() macro not used. +#if defined(CRYPTOPP_DISABLE_MIXED_ASM) +// 'movd eax, xmm0' only. REG_WORD() macro not used. Clang path. # define USE_MOVD_REG32 1 #elif defined(__GNUC__) || defined(_MSC_VER) // 'movd eax, xmm0' or 'movd rax, xmm0'. REG_WORD() macro supplies REG32 or REG64. @@ -55,10 +48,6 @@ NAMESPACE_BEGIN(CryptoPP) #define M128_CAST(x) ((__m128i *)(void *)(x)) #define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) -#if CRYPTOPP_ARM_NEON_AVAILABLE -extern void GCM_Xor16_NEON(byte *a, const byte *b, const byte *c); -#endif - word16 GCM_Base::s_reductionTable[256]; volatile bool GCM_Base::s_reductionTableInitialized = false; @@ -82,6 +71,14 @@ static inline void Xor16(byte *a, const byte *b, const byte *c) extern void GCM_Xor16_SSE2(byte *a, const byte *b, const byte *c); #endif // SSE2 +#if CRYPTOPP_ARM_NEON_AVAILABLE +extern void GCM_Xor16_NEON(byte *a, const byte *b, const byte *c); +#endif + +#if CRYPTOPP_POWER7_AVAILABLE +extern void GCM_Xor16_POWER7(byte *a, const byte *b, const byte *c); +#endif + #if CRYPTOPP_CLMUL_AVAILABLE extern void GCM_SetKeyWithoutResync_CLMUL(const byte *hashKey, byte *mulTable, unsigned int tableSize); extern size_t GCM_AuthenticateBlocks_CLMUL(const byte *data, size_t len, const byte *mtable, byte *hbuffer); @@ -96,6 +93,13 @@ const unsigned int s_cltableSizeInBlocks = 8; extern void GCM_ReverseHashBufferIfNeeded_PMULL(byte *hashBuffer); #endif // CRYPTOPP_ARM_PMULL_AVAILABLE +#if CRYPTOPP_POWER8_VMULL_AVAILABLE +extern void GCM_SetKeyWithoutResync_VMULL(const byte *hashKey, byte *mulTable, unsigned int tableSize); +extern size_t GCM_AuthenticateBlocks_VMULL(const byte *data, size_t len, const byte *mtable, byte *hbuffer); +const unsigned int s_cltableSizeInBlocks = 8; +extern void GCM_ReverseHashBufferIfNeeded_VMULL(byte *hashBuffer); +#endif // CRYPTOPP_POWER8_VMULL_AVAILABLE + void GCM_Base::SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms) { BlockCipher &blockCipher = AccessBlockCipher(); @@ -130,6 +134,15 @@ void GCM_Base::SetKeyWithoutResync(const byte *userKey, size_t keylength, const CRYPTOPP_ASSERT(tableSize > static_cast(blockSize)); } else +#elif CRYPTOPP_POWER8_VMULL_AVAILABLE + if (HasPMULL()) + { + // Avoid "parameter not used" error and suppress Coverity finding + (void)params.GetIntValue(Name::TableSize(), tableSize); + tableSize = s_cltableSizeInBlocks * blockSize; + CRYPTOPP_ASSERT(tableSize > static_cast(blockSize)); + } + else #endif { if (params.GetIntValue(Name::TableSize(), tableSize)) @@ -161,6 +174,12 @@ void GCM_Base::SetKeyWithoutResync(const byte *userKey, size_t keylength, const GCM_SetKeyWithoutResync_PMULL(hashKey, mulTable, tableSize); return; } +#elif CRYPTOPP_POWER8_VMULL_AVAILABLE + if (HasPMULL()) + { + GCM_SetKeyWithoutResync_VMULL(hashKey, mulTable, tableSize); + return; + } #endif word64 V0, V1; @@ -194,6 +213,12 @@ void GCM_Base::SetKeyWithoutResync(const byte *userKey, size_t keylength, const for (k=1; k Block; @@ -392,7 +438,7 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len) #define READ_TABLE_WORD64_COMMON(a, b, c, d) *(word64 *)(void *)(mulTable+(a*1024)+(b*256)+c+d*8) - #ifdef CRYPTOPP_LITTLE_ENDIAN + #if (CRYPTOPP_LITTLE_ENDIAN) #if CRYPTOPP_BOOL_SLOW_WORD64 word32 z0 = (word32)x0; word32 z1 = (word32)(x0>>32); @@ -463,7 +509,7 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len) #define READ_TABLE_WORD64_COMMON(a, c, d) *(word64 *)(void *)(mulTable+(a)*256*16+(c)+(d)*8) - #ifdef CRYPTOPP_LITTLE_ENDIAN + #if (CRYPTOPP_LITTLE_ENDIAN) #if CRYPTOPP_BOOL_SLOW_WORD64 word32 z0 = (word32)x0; word32 z1 = (word32)(x0>>32); @@ -509,10 +555,10 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len) #ifdef CRYPTOPP_X64_MASM_AVAILABLE case 1: // SSE2 and 2K tables - GCM_AuthenticateBlocks_2K(data, len/16, hashBuffer, s_reductionTable); + GCM_AuthenticateBlocks_2K_SSE2(data, len/16, hashBuffer, s_reductionTable); return len % 16; case 3: // SSE2 and 64K tables - GCM_AuthenticateBlocks_64K(data, len/16, hashBuffer); + GCM_AuthenticateBlocks_64K_SSE2(data, len/16, hashBuffer); return len % 16; #endif @@ -525,7 +571,7 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len) INTEL_NOPREFIX #elif defined(CRYPTOPP_GENERATE_X64_MASM) ALIGN 8 - GCM_AuthenticateBlocks_2K PROC FRAME + GCM_AuthenticateBlocks_2K_SSE2 PROC FRAME rex_push_reg rsi push_reg rdi push_reg rbx @@ -666,7 +712,7 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len) AS2( add WORD_REG(cx), 16 ) AS2( sub WORD_REG(dx), 1 ) - ATT_NOPREFIX + // ATT_NOPREFIX ASJ( jnz, 0, b ) INTEL_NOPREFIX AS2( movdqa [WORD_REG(si)], xmm0 ) @@ -693,7 +739,7 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len) pop rdi pop rsi ret - GCM_AuthenticateBlocks_2K ENDP + GCM_AuthenticateBlocks_2K_SSE2 ENDP #endif return len%16; @@ -706,7 +752,7 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len) INTEL_NOPREFIX #elif defined(CRYPTOPP_GENERATE_X64_MASM) ALIGN 8 - GCM_AuthenticateBlocks_64K PROC FRAME + GCM_AuthenticateBlocks_64K_SSE2 PROC FRAME rex_push_reg rsi push_reg rdi .endprolog @@ -753,7 +799,7 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len) AS2( add WORD_REG(cx), 16 ) AS2( sub WORD_REG(dx), 1 ) - ATT_NOPREFIX + // ATT_NOPREFIX ASJ( jnz, 1, b ) INTEL_NOPREFIX AS2( movdqa [WORD_REG(si)], xmm0 ) @@ -768,7 +814,7 @@ size_t GCM_Base::AuthenticateBlocks(const byte *data, size_t len) pop rdi pop rsi ret - GCM_AuthenticateBlocks_64K ENDP + GCM_AuthenticateBlocks_64K_SSE2 ENDP #endif return len%16; @@ -806,5 +852,5 @@ void GCM_Base::AuthenticateLastFooterBlock(byte *mac, size_t macSize) NAMESPACE_END -#endif // #ifndef CRYPTOPP_GENERATE_X64_MASM +#endif // Not CRYPTOPP_GENERATE_X64_MASM #endif diff --git a/vendor/cryptopp/vendor_cryptopp/gcm.h b/vendor/cryptopp/vendor_cryptopp/gcm.h index 5db85b1a..db42aad5 100644 --- a/vendor/cryptopp/vendor_cryptopp/gcm.h +++ b/vendor/cryptopp/vendor_cryptopp/gcm.h @@ -10,6 +10,12 @@ #include "authenc.h" #include "modes.h" +// Clang 3.3 integrated assembler crash on Linux. Clang 3.4 due to compiler +// error with .intel_syntax, http://llvm.org/bugs/show_bug.cgi?id=24232 +#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_MIXED_ASM) +# define CRYPTOPP_DISABLE_GCM_ASM 1 +#endif + NAMESPACE_BEGIN(CryptoPP) /// \enum GCM_TablesOption @@ -29,6 +35,8 @@ public: // AuthenticatedSymmetricCipher std::string AlgorithmName() const {return GetBlockCipher().AlgorithmName() + std::string("/GCM");} + std::string AlgorithmProvider() const + {return GetBlockCipher().AlgorithmProvider();} size_t MinKeyLength() const {return GetBlockCipher().MinKeyLength();} size_t MaxKeyLength() const diff --git a/vendor/cryptopp/vendor_cryptopp/gcm_simd.cpp b/vendor/cryptopp/vendor_cryptopp/gcm_simd.cpp new file mode 100644 index 00000000..8d81c839 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/gcm_simd.cpp @@ -0,0 +1,926 @@ +// gcm_simd.cpp - written and placed in the public domain by +// Jeffrey Walton, Uri Blumenthal and Marcel Raad. +// Original x86 CLMUL by Wei Dai. ARM and POWER8 +// PMULL and VMULL by JW, UB and MR. +// +// This source file uses intrinsics to gain access to SSE4.2 and +// ARMv8a CRC-32 and CRC-32C instructions. A separate source file +// is needed because additional CXXFLAGS are required to enable +// the appropriate instructions sets in some build configurations. + +#include "pch.h" +#include "config.h" +#include "misc.h" + +#if defined(CRYPTOPP_DISABLE_GCM_ASM) +# undef CRYPTOPP_X86_ASM_AVAILABLE +# undef CRYPTOPP_X32_ASM_AVAILABLE +# undef CRYPTOPP_X64_ASM_AVAILABLE +# undef CRYPTOPP_SSE2_ASM_AVAILABLE +#endif + +#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE) +# include +# include +#endif + +#if (CRYPTOPP_CLMUL_AVAILABLE) +# include +# include +#endif + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +# include +#endif + +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +# include +#endif + +#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) +# include "ppc_simd.h" +#endif + +#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY +# include +# include +#endif + +#ifndef EXCEPTION_EXECUTE_HANDLER +# define EXCEPTION_EXECUTE_HANDLER 1 +#endif + +// Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670 +#define M128_CAST(x) ((__m128i *)(void *)(x)) +#define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) + +// GCC cast warning +#define UINT64X2_CAST(x) ((uint64x2_t *)(void *)(x)) +#define CONST_UINT64X2_CAST(x) ((const uint64x2_t *)(const void *)(x)) + +// Squash MS LNK4221 and libtool warnings +extern const char GCM_SIMD_FNAME[] = __FILE__; + +ANONYMOUS_NAMESPACE_BEGIN + +// *************************** ARM NEON *************************** // + +#if CRYPTOPP_ARM_PMULL_AVAILABLE +#if defined(__GNUC__) +// Schneiders, Hovsmith and O'Rourke used this trick. +// It results in much better code generation in production code +// by avoiding D-register spills when using vgetq_lane_u64. The +// problem does not surface under minimal test cases. +inline uint64x2_t PMULL_00(const uint64x2_t a, const uint64x2_t b) +{ + uint64x2_t r; + __asm __volatile("pmull %0.1q, %1.1d, %2.1d \n\t" + :"=w" (r) : "w" (a), "w" (b) ); + return r; +} + +inline uint64x2_t PMULL_01(const uint64x2_t a, const uint64x2_t b) +{ + uint64x2_t r; + __asm __volatile("pmull %0.1q, %1.1d, %2.1d \n\t" + :"=w" (r) : "w" (a), "w" (vget_high_u64(b)) ); + return r; +} + +inline uint64x2_t PMULL_10(const uint64x2_t a, const uint64x2_t b) +{ + uint64x2_t r; + __asm __volatile("pmull %0.1q, %1.1d, %2.1d \n\t" + :"=w" (r) : "w" (vget_high_u64(a)), "w" (b) ); + return r; +} + +inline uint64x2_t PMULL_11(const uint64x2_t a, const uint64x2_t b) +{ + uint64x2_t r; + __asm __volatile("pmull2 %0.1q, %1.2d, %2.2d \n\t" + :"=w" (r) : "w" (a), "w" (b) ); + return r; +} + +inline uint64x2_t VEXT_U8(uint64x2_t a, uint64x2_t b, unsigned int c) +{ + uint64x2_t r; + __asm __volatile("ext %0.16b, %1.16b, %2.16b, %3 \n\t" + :"=w" (r) : "w" (a), "w" (b), "I" (c) ); + return r; +} + +// https://github.com/weidai11/cryptopp/issues/366 +template +inline uint64x2_t VEXT_U8(uint64x2_t a, uint64x2_t b) +{ + uint64x2_t r; + __asm __volatile("ext %0.16b, %1.16b, %2.16b, %3 \n\t" + :"=w" (r) : "w" (a), "w" (b), "I" (C) ); + return r; +} +#endif // GCC and compatibles + +#if defined(_MSC_VER) +inline uint64x2_t PMULL_00(const uint64x2_t a, const uint64x2_t b) +{ + return (uint64x2_t)(vmull_p64( + vgetq_lane_u64(vreinterpretq_u64_u8(a),0), + vgetq_lane_u64(vreinterpretq_u64_u8(b),0))); +} + +inline uint64x2_t PMULL_01(const uint64x2_t a, const uint64x2_t b) +{ + return (uint64x2_t)(vmull_p64( + vgetq_lane_u64(vreinterpretq_u64_u8(a),0), + vgetq_lane_u64(vreinterpretq_u64_u8(b),1))); +} + +inline uint64x2_t PMULL_10(const uint64x2_t a, const uint64x2_t b) +{ + return (uint64x2_t)(vmull_p64( + vgetq_lane_u64(vreinterpretq_u64_u8(a),1), + vgetq_lane_u64(vreinterpretq_u64_u8(b),0))); +} + +inline uint64x2_t PMULL_11(const uint64x2_t a, const uint64x2_t b) +{ + return (uint64x2_t)(vmull_p64( + vgetq_lane_u64(vreinterpretq_u64_u8(a),1), + vgetq_lane_u64(vreinterpretq_u64_u8(b),1))); +} + +inline uint64x2_t VEXT_U8(uint64x2_t a, uint64x2_t b, unsigned int c) +{ + return (uint64x2_t)vextq_u8( + vreinterpretq_u8_u64(a), vreinterpretq_u8_u64(b), c); +} + +// https://github.com/weidai11/cryptopp/issues/366 +template +inline uint64x2_t VEXT_U8(uint64x2_t a, uint64x2_t b) +{ + return (uint64x2_t)vextq_u8( + vreinterpretq_u8_u64(a), vreinterpretq_u8_u64(b), C); +} +#endif // Microsoft and compatibles +#endif // CRYPTOPP_ARM_PMULL_AVAILABLE + +// ************************** Power 8 Crypto ************************** // + +#if CRYPTOPP_POWER8_VMULL_AVAILABLE + +using CryptoPP::uint32x4_p; +using CryptoPP::uint64x2_p; +using CryptoPP::VecGetLow; +using CryptoPP::VecGetHigh; +using CryptoPP::VecRotateLeftOctet; + +// POWER8 GCM mode is confusing. The algorithm is reflected so +// nearly everything we do is reversed for a little-endian system, +// including on big-endian machines. VMULL2LE swaps dwords for a +// little endian machine; VMULL_00LE, VMULL_01LE, VMULL_10LE and +// VMULL_11LE are backwards and (1) read low words with +// VecGetHigh, (2) read high words with VecGetLow, and +// (3) yields a product that is endian swapped. The steps ensures +// GCM parameters are presented in the correct order for the +// algorithm on both big and little-endian systems, but it is +// awful to try to follow the logic because it is so backwards. +// Because functions like VMULL_NN are so backwards we can't put +// them in ppc_simd.h. They simply don't work the way a typical +// user expects them to work. + +inline uint64x2_p VMULL2LE(const uint64x2_p& val) +{ +#if (CRYPTOPP_BIG_ENDIAN) + return VecRotateLeftOctet<8>(val); +#else + return val; +#endif +} + +// _mm_clmulepi64_si128(a, b, 0x00) +inline uint64x2_p VMULL_00LE(const uint64x2_p& a, const uint64x2_p& b) +{ +#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__)) + return VMULL2LE(__vpmsumd (VecGetHigh(a), VecGetHigh(b))); +#elif defined(__clang__) + return VMULL2LE(__builtin_altivec_crypto_vpmsumd (VecGetHigh(a), VecGetHigh(b))); +#else + return VMULL2LE(__builtin_crypto_vpmsumd (VecGetHigh(a), VecGetHigh(b))); +#endif +} + +// _mm_clmulepi64_si128(a, b, 0x01) +inline uint64x2_p VMULL_01LE(const uint64x2_p& a, const uint64x2_p& b) +{ + // Small speedup. VecGetHigh(b) ensures the high dword of 'b' is 0. + // The 0 used in the vmull yields 0 for the high product, so the high + // dword of 'a' is "don't care". +#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__)) + return VMULL2LE(__vpmsumd (a, VecGetHigh(b))); +#elif defined(__clang__) + return VMULL2LE(__builtin_altivec_crypto_vpmsumd (a, VecGetHigh(b))); +#else + return VMULL2LE(__builtin_crypto_vpmsumd (a, VecGetHigh(b))); +#endif +} + +// _mm_clmulepi64_si128(a, b, 0x10) +inline uint64x2_p VMULL_10LE(const uint64x2_p& a, const uint64x2_p& b) +{ + // Small speedup. VecGetHigh(a) ensures the high dword of 'a' is 0. + // The 0 used in the vmull yields 0 for the high product, so the high + // dword of 'b' is "don't care". +#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__)) + return VMULL2LE(__vpmsumd (VecGetHigh(a), b)); +#elif defined(__clang__) + return VMULL2LE(__builtin_altivec_crypto_vpmsumd (VecGetHigh(a), b)); +#else + return VMULL2LE(__builtin_crypto_vpmsumd (VecGetHigh(a), b)); +#endif +} + +// _mm_clmulepi64_si128(a, b, 0x11) +inline uint64x2_p VMULL_11LE(const uint64x2_p& a, const uint64x2_p& b) +{ + // Small speedup. VecGetLow(a) ensures the high dword of 'a' is 0. + // The 0 used in the vmull yields 0 for the high product, so the high + // dword of 'b' is "don't care". +#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__)) + return VMULL2LE(__vpmsumd (VecGetLow(a), b)); +#elif defined(__clang__) + return VMULL2LE(__builtin_altivec_crypto_vpmsumd (VecGetLow(a), b)); +#else + return VMULL2LE(__builtin_crypto_vpmsumd (VecGetLow(a), b)); +#endif +} +#endif // CRYPTOPP_POWER8_VMULL_AVAILABLE + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +// ************************* Feature Probes ************************* // + +#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY +extern "C" { + typedef void (*SigHandler)(int); + + static jmp_buf s_jmpSIGILL; + static void SigIllHandler(int) + { + longjmp(s_jmpSIGILL, 1); + } +} +#endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY + +#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8) +bool CPU_ProbePMULL() +{ +#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) + return false; +#elif (CRYPTOPP_ARM_PMULL_AVAILABLE) +# if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY) + volatile bool result = true; + __try + { + const poly64_t a1={0x9090909090909090}, b1={0xb0b0b0b0b0b0b0b0}; + const poly8x16_t a2={0x80,0x80,0x80,0x80,0x80,0x80,0x80,0x80, + 0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0}, + b2={0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0, + 0xe0,0xe0,0xe0,0xe0,0xe0,0xe0,0xe0,0xe0}; + + const poly128_t r1 = pmull_p64(a1, b1); + const poly128_t r2 = pmull_high_p64((poly64x2_t)(a2), (poly64x2_t)(b2)); + + // Linaro is missing a lot of pmull gear. Also see http://github.com/weidai11/cryptopp/issues/233. + const uint64x2_t t1 = (uint64x2_t)(r1); // {bignum,bignum} + const uint64x2_t t2 = (uint64x2_t)(r2); // {bignum,bignum} + + result = !!(vgetq_lane_u64(t1,0) == 0x5300530053005300 && + vgetq_lane_u64(t1,1) == 0x5300530053005300 && + vgetq_lane_u64(t2,0) == 0x6c006c006c006c00 && + vgetq_lane_u64(t2,1) == 0x6c006c006c006c00); + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + return false; + } + return result; +# else + + // longjmp and clobber warnings. Volatile is required. + volatile bool result = true; + + volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); + if (oldHandler == SIG_ERR) + return false; + + volatile sigset_t oldMask; + if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) + return false; + + if (setjmp(s_jmpSIGILL)) + result = false; + else + { + // Linaro is missing a lot of pmull gear. Also see http://github.com/weidai11/cryptopp/issues/233. + const uint64x2_t a1={0,0x9090909090909090}, b1={0,0xb0b0b0b0b0b0b0b0}; + const uint8x16_t a2={0x80,0x80,0x80,0x80,0x80,0x80,0x80,0x80, + 0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0,0xa0}, + b2={0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0,0xc0, + 0xe0,0xe0,0xe0,0xe0,0xe0,0xe0,0xe0,0xe0}; + + const uint64x2_t r1 = PMULL_00(a1, b1); + const uint64x2_t r2 = PMULL_11((uint64x2_t)a2, (uint64x2_t)b2); + + result = !!(vgetq_lane_u64(r1,0) == 0x5300530053005300 && + vgetq_lane_u64(r1,1) == 0x5300530053005300 && + vgetq_lane_u64(r2,0) == 0x6c006c006c006c00 && + vgetq_lane_u64(r2,1) == 0x6c006c006c006c00); + } + + sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); + signal(SIGILL, oldHandler); + return result; +# endif +#else + return false; +#endif // CRYPTOPP_ARM_PMULL_AVAILABLE +} +#endif // ARM32 or ARM64 + +#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) +bool CPU_ProbePMULL() +{ +#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) + return false; +#elif (CRYPTOPP_POWER8_VMULL_AVAILABLE) + // longjmp and clobber warnings. Volatile is required. + volatile bool result = true; + + volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); + if (oldHandler == SIG_ERR) + return false; + + volatile sigset_t oldMask; + if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) + return false; + + if (setjmp(s_jmpSIGILL)) + result = false; + else + { + const uint8x16_p a={0x0f,0x08,0x08,0x08, 0x80,0x80,0x80,0x80, + 0x00,0x0a,0x0a,0x0a, 0xa0,0xa0,0xa0,0xa0}, + b={0x0f,0xc0,0xc0,0xc0, 0x0c,0x0c,0x0c,0x0c, + 0x00,0xe0,0xe0,0xe0, 0x0e,0x0e,0x0e,0x0e}; + + const uint64x2_p r1 = VMULL_00LE((uint64x2_p)(a), (uint64x2_p)(b)); + const uint64x2_p r2 = VMULL_01LE((uint64x2_p)(a), (uint64x2_p)(b)); + const uint64x2_p r3 = VMULL_10LE((uint64x2_p)(a), (uint64x2_p)(b)); + const uint64x2_p r4 = VMULL_11LE((uint64x2_p)(a), (uint64x2_p)(b)); + + result = VecNotEqual(r1, r2) && VecNotEqual(r3, r4); + } + + sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); + signal(SIGILL, oldHandler); + return result; +#else + return false; +#endif // CRYPTOPP_POWER8_VMULL_AVAILABLE +} +#endif // PPC32 or PPC64 + +// *************************** ARM NEON *************************** // + +#if CRYPTOPP_ARM_NEON_AVAILABLE +void GCM_Xor16_NEON(byte *a, const byte *b, const byte *c) +{ + CRYPTOPP_ASSERT(IsAlignedOn(a,GetAlignmentOf())); + CRYPTOPP_ASSERT(IsAlignedOn(b,GetAlignmentOf())); + CRYPTOPP_ASSERT(IsAlignedOn(c,GetAlignmentOf())); + *UINT64X2_CAST(a) = veorq_u64(*CONST_UINT64X2_CAST(b), *CONST_UINT64X2_CAST(c)); +} +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +#if CRYPTOPP_ARM_PMULL_AVAILABLE + +// Swaps high and low 64-bit words +inline uint64x2_t SwapWords(const uint64x2_t& data) +{ + return (uint64x2_t)vcombine_u64( + vget_high_u64(data), vget_low_u64(data)); +} + +uint64x2_t GCM_Reduce_PMULL(uint64x2_t c0, uint64x2_t c1, uint64x2_t c2, const uint64x2_t &r) +{ + c1 = veorq_u64(c1, VEXT_U8<8>(vdupq_n_u64(0), c0)); + c1 = veorq_u64(c1, PMULL_01(c0, r)); + c0 = VEXT_U8<8>(c0, vdupq_n_u64(0)); + c0 = vshlq_n_u64(veorq_u64(c0, c1), 1); + c0 = PMULL_00(c0, r); + c2 = veorq_u64(c2, c0); + c2 = veorq_u64(c2, VEXT_U8<8>(c1, vdupq_n_u64(0))); + c1 = vshrq_n_u64(vcombine_u64(vget_low_u64(c1), vget_low_u64(c2)), 63); + c2 = vshlq_n_u64(c2, 1); + + return veorq_u64(c2, c1); +} + +uint64x2_t GCM_Multiply_PMULL(const uint64x2_t &x, const uint64x2_t &h, const uint64x2_t &r) +{ + const uint64x2_t c0 = PMULL_00(x, h); + const uint64x2_t c1 = veorq_u64(PMULL_10(x, h), PMULL_01(x, h)); + const uint64x2_t c2 = PMULL_11(x, h); + + return GCM_Reduce_PMULL(c0, c1, c2, r); +} + +void GCM_SetKeyWithoutResync_PMULL(const byte *hashKey, byte *mulTable, unsigned int tableSize) +{ + const uint64x2_t r = {0xe100000000000000ull, 0xc200000000000000ull}; + const uint64x2_t t = vreinterpretq_u64_u8(vrev64q_u8(vld1q_u8(hashKey))); + const uint64x2_t h0 = vextq_u64(t, t, 1); + + uint64x2_t h = h0; + unsigned int i; + for (i=0; i= 16) + { + size_t i=0, s = UnsignedMin(len/16U, 8U); + uint64x2_t d1, d2 = vreinterpretq_u64_u8(vrev64q_u8(vld1q_u8(data+(s-1)*16U))); + uint64x2_t c0 = vdupq_n_u64(0); + uint64x2_t c1 = vdupq_n_u64(0); + uint64x2_t c2 = vdupq_n_u64(0); + + while (true) + { + const uint64x2_t h0 = vld1q_u64((const uint64_t*)(mtable+(i+0)*16)); + const uint64x2_t h1 = vld1q_u64((const uint64_t*)(mtable+(i+1)*16)); + const uint64x2_t h2 = veorq_u64(h0, h1); + + if (++i == s) + { + const uint64x2_t t1 = vreinterpretq_u64_u8(vrev64q_u8(vld1q_u8(data))); + d1 = veorq_u64(vextq_u64(t1, t1, 1), x); + c0 = veorq_u64(c0, PMULL_00(d1, h0)); + c2 = veorq_u64(c2, PMULL_10(d1, h1)); + d1 = veorq_u64(d1, SwapWords(d1)); + c1 = veorq_u64(c1, PMULL_00(d1, h2)); + + break; + } + + d1 = vreinterpretq_u64_u8(vrev64q_u8(vld1q_u8(data+(s-i)*16-8))); + c0 = veorq_u64(c0, PMULL_10(d2, h0)); + c2 = veorq_u64(c2, PMULL_10(d1, h1)); + d2 = veorq_u64(d2, d1); + c1 = veorq_u64(c1, PMULL_10(d2, h2)); + + if (++i == s) + { + const uint64x2_t t2 = vreinterpretq_u64_u8(vrev64q_u8(vld1q_u8(data))); + d1 = veorq_u64(vextq_u64(t2, t2, 1), x); + c0 = veorq_u64(c0, PMULL_01(d1, h0)); + c2 = veorq_u64(c2, PMULL_11(d1, h1)); + d1 = veorq_u64(d1, SwapWords(d1)); + c1 = veorq_u64(c1, PMULL_01(d1, h2)); + + break; + } + + const uint64x2_t t3 = vreinterpretq_u64_u8(vrev64q_u8(vld1q_u8(data+(s-i)*16-8))); + d2 = vextq_u64(t3, t3, 1); + c0 = veorq_u64(c0, PMULL_01(d1, h0)); + c2 = veorq_u64(c2, PMULL_01(d2, h1)); + d1 = veorq_u64(d1, d2); + c1 = veorq_u64(c1, PMULL_01(d1, h2)); + } + data += s*16; + len -= s*16; + + c1 = veorq_u64(veorq_u64(c1, c0), c2); + x = GCM_Reduce_PMULL(c0, c1, c2, r); + } + + vst1q_u64(reinterpret_cast(hbuffer), x); + return len; +} + +void GCM_ReverseHashBufferIfNeeded_PMULL(byte *hashBuffer) +{ + if (GetNativeByteOrder() != BIG_ENDIAN_ORDER) + { + const uint8x16_t x = vrev64q_u8(vld1q_u8(hashBuffer)); + vst1q_u8(hashBuffer, vextq_u8(x, x, 8)); + } +} +#endif // CRYPTOPP_ARM_PMULL_AVAILABLE + +// ***************************** SSE ***************************** // + +#if CRYPTOPP_SSE2_INTRIN_AVAILABLE || CRYPTOPP_SSE2_ASM_AVAILABLE +// SunCC 5.10-5.11 compiler crash. Move GCM_Xor16_SSE2 out-of-line, and place in +// a source file with a SSE architecture switch. Also see GH #226 and GH #284. +void GCM_Xor16_SSE2(byte *a, const byte *b, const byte *c) +{ +# if CRYPTOPP_SSE2_ASM_AVAILABLE && defined(__GNUC__) + asm ("movdqa %1, %%xmm0; pxor %2, %%xmm0; movdqa %%xmm0, %0;" + : "=m" (a[0]) : "m"(b[0]), "m"(c[0])); +# else // CRYPTOPP_SSE2_INTRIN_AVAILABLE + _mm_store_si128(M128_CAST(a), _mm_xor_si128( + _mm_load_si128(CONST_M128_CAST(b)), + _mm_load_si128(CONST_M128_CAST(c)))); +# endif +} +#endif // CRYPTOPP_SSE2_ASM_AVAILABLE + +#if CRYPTOPP_CLMUL_AVAILABLE + +#if 0 +// preserved for testing +void gcm_gf_mult(const unsigned char *a, const unsigned char *b, unsigned char *c) +{ + word64 Z0=0, Z1=0, V0, V1; + + typedef BlockGetAndPut Block; + Block::Get(a)(V0)(V1); + + for (int i=0; i<16; i++) + { + for (int j=0x80; j!=0; j>>=1) + { + int x = b[i] & j; + Z0 ^= x ? V0 : 0; + Z1 ^= x ? V1 : 0; + x = (int)V1 & 1; + V1 = (V1>>1) | (V0<<63); + V0 = (V0>>1) ^ (x ? W64LIT(0xe1) << 56 : 0); + } + } + Block::Put(NULLPTR, c)(Z0)(Z1); +} + +__m128i _mm_clmulepi64_si128(const __m128i &a, const __m128i &b, int i) +{ + word64 A[1] = {ByteReverse(((word64*)&a)[i&1])}; + word64 B[1] = {ByteReverse(((word64*)&b)[i>>4])}; + + PolynomialMod2 pa((byte *)A, 8); + PolynomialMod2 pb((byte *)B, 8); + PolynomialMod2 c = pa*pb; + + __m128i output; + for (int i=0; i<16; i++) + ((byte *)&output)[i] = c.GetByte(i); + return output; +} +#endif // Testing + +// Swaps high and low 64-bit words +inline __m128i SwapWords(const __m128i& val) +{ + return _mm_shuffle_epi32(val, _MM_SHUFFLE(1, 0, 3, 2)); +} + +// SunCC 5.11-5.15 compiler crash. Make the function inline +// and parameters non-const. Also see GH #188 and GH #224. +inline __m128i GCM_Reduce_CLMUL(__m128i c0, __m128i c1, __m128i c2, const __m128i& r) +{ + /* + The polynomial to be reduced is c0 * x^128 + c1 * x^64 + c2. c0t below refers to the most + significant half of c0 as a polynomial, which, due to GCM's bit reflection, are in the + rightmost bit positions, and the lowest byte addresses. + + c1 ^= c0t * 0xc200000000000000 + c2t ^= c0t + t = shift (c1t ^ c0b) left 1 bit + c2 ^= t * 0xe100000000000000 + c2t ^= c1b + shift c2 left 1 bit and xor in lowest bit of c1t + */ + c1 = _mm_xor_si128(c1, _mm_slli_si128(c0, 8)); + c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(c0, r, 0x10)); + c0 = _mm_xor_si128(c1, _mm_srli_si128(c0, 8)); + c0 = _mm_slli_epi64(c0, 1); + c0 = _mm_clmulepi64_si128(c0, r, 0); + c2 = _mm_xor_si128(c2, c0); + c2 = _mm_xor_si128(c2, _mm_srli_si128(c1, 8)); + c1 = _mm_unpacklo_epi64(c1, c2); + c1 = _mm_srli_epi64(c1, 63); + c2 = _mm_slli_epi64(c2, 1); + return _mm_xor_si128(c2, c1); +} + +// SunCC 5.13-5.14 compiler crash. Don't make the function inline. +// This is in contrast to GCM_Reduce_CLMUL, which must be inline. +__m128i GCM_Multiply_CLMUL(const __m128i &x, const __m128i &h, const __m128i &r) +{ + const __m128i c0 = _mm_clmulepi64_si128(x,h,0); + const __m128i c1 = _mm_xor_si128(_mm_clmulepi64_si128(x,h,1), _mm_clmulepi64_si128(x,h,0x10)); + const __m128i c2 = _mm_clmulepi64_si128(x,h,0x11); + + return GCM_Reduce_CLMUL(c0, c1, c2, r); +} + +void GCM_SetKeyWithoutResync_CLMUL(const byte *hashKey, byte *mulTable, unsigned int tableSize) +{ + const __m128i r = _mm_set_epi32(0xc2000000, 0x00000000, 0xe1000000, 0x00000000); + const __m128i m = _mm_set_epi32(0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f); + __m128i h0 = _mm_shuffle_epi8(_mm_load_si128(CONST_M128_CAST(hashKey)), m), h = h0; + + unsigned int i; + for (i=0; i= 16) + { + size_t i=0, s = UnsignedMin(len/16, 8U); + __m128i d1 = _mm_loadu_si128(CONST_M128_CAST(data+(s-1)*16)); + __m128i d2 = _mm_shuffle_epi8(d1, m2); + __m128i c0 = _mm_setzero_si128(); + __m128i c1 = _mm_setzero_si128(); + __m128i c2 = _mm_setzero_si128(); + + while (true) + { + const __m128i h0 = _mm_load_si128(CONST_M128_CAST(mtable+(i+0)*16)); + const __m128i h1 = _mm_load_si128(CONST_M128_CAST(mtable+(i+1)*16)); + const __m128i h2 = _mm_xor_si128(h0, h1); + + if (++i == s) + { + d1 = _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(data)), m1); + d1 = _mm_xor_si128(d1, x); + c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d1, h0, 0)); + c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d1, h1, 1)); + d1 = _mm_xor_si128(d1, SwapWords(d1)); + c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d1, h2, 0)); + break; + } + + d1 = _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(data+(s-i)*16-8)), m2); + c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d2, h0, 1)); + c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d1, h1, 1)); + d2 = _mm_xor_si128(d2, d1); + c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d2, h2, 1)); + + if (++i == s) + { + d1 = _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(data)), m1); + d1 = _mm_xor_si128(d1, x); + c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d1, h0, 0x10)); + c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d1, h1, 0x11)); + d1 = _mm_xor_si128(d1, SwapWords(d1)); + c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d1, h2, 0x10)); + break; + } + + d2 = _mm_shuffle_epi8(_mm_loadu_si128(CONST_M128_CAST(data+(s-i)*16-8)), m1); + c0 = _mm_xor_si128(c0, _mm_clmulepi64_si128(d1, h0, 0x10)); + c2 = _mm_xor_si128(c2, _mm_clmulepi64_si128(d2, h1, 0x10)); + d1 = _mm_xor_si128(d1, d2); + c1 = _mm_xor_si128(c1, _mm_clmulepi64_si128(d1, h2, 0x10)); + } + data += s*16; + len -= s*16; + + c1 = _mm_xor_si128(_mm_xor_si128(c1, c0), c2); + x = GCM_Reduce_CLMUL(c0, c1, c2, r); + } + + _mm_store_si128(M128_CAST(hbuffer), x); + return len; +} + +void GCM_ReverseHashBufferIfNeeded_CLMUL(byte *hashBuffer) +{ + // SSSE3 instruction, but only used with CLMUL + const __m128i mask = _mm_set_epi32(0x00010203, 0x04050607, 0x08090a0b, 0x0c0d0e0f); + _mm_storeu_si128(M128_CAST(hashBuffer), _mm_shuffle_epi8( + _mm_loadu_si128(CONST_M128_CAST(hashBuffer)), mask)); +} +#endif // CRYPTOPP_CLMUL_AVAILABLE + +// ***************************** POWER8 ***************************** // + +#if CRYPTOPP_POWER7_AVAILABLE +void GCM_Xor16_POWER7(byte *a, const byte *b, const byte *c) +{ + VecStore(VecXor(VecLoad(b), VecLoad(c)), a); +} +#endif // CRYPTOPP_POWER7_AVAILABLE + +#if CRYPTOPP_POWER8_VMULL_AVAILABLE + +uint64x2_p GCM_Reduce_VMULL(uint64x2_p c0, uint64x2_p c1, uint64x2_p c2, uint64x2_p r) +{ + const uint64x2_p m1 = {1,1}, m63 = {63,63}; + + c1 = VecXor(c1, VecShiftRightOctet<8>(c0)); + c1 = VecXor(c1, VMULL_10LE(c0, r)); + c0 = VecXor(c1, VecShiftLeftOctet<8>(c0)); + c0 = VMULL_00LE(vec_sl(c0, m1), r); + c2 = VecXor(c2, c0); + c2 = VecXor(c2, VecShiftLeftOctet<8>(c1)); + c1 = vec_sr(vec_mergeh(c1, c2), m63); + c2 = vec_sl(c2, m1); + + return VecXor(c2, c1); +} + +inline uint64x2_p GCM_Multiply_VMULL(uint64x2_p x, uint64x2_p h, uint64x2_p r) +{ + const uint64x2_p c0 = VMULL_00LE(x, h); + const uint64x2_p c1 = VecXor(VMULL_01LE(x, h), VMULL_10LE(x, h)); + const uint64x2_p c2 = VMULL_11LE(x, h); + + return GCM_Reduce_VMULL(c0, c1, c2, r); +} + +inline uint64x2_p LoadHashKey(const byte *hashKey) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint64x2_p key = (uint64x2_p)VecLoad(hashKey); + const uint8x16_p mask = {8,9,10,11, 12,13,14,15, 0,1,2,3, 4,5,6,7}; + return VecPermute(key, key, mask); +#else + const uint64x2_p key = (uint64x2_p)VecLoad(hashKey); + const uint8x16_p mask = {15,14,13,12, 11,10,9,8, 7,6,5,4, 3,2,1,0}; + return VecPermute(key, key, mask); +#endif +} + +void GCM_SetKeyWithoutResync_VMULL(const byte *hashKey, byte *mulTable, unsigned int tableSize) +{ + const uint64x2_p r = {0xe100000000000000ull, 0xc200000000000000ull}; + uint64x2_p h = LoadHashKey(hashKey), h0 = h; + + unsigned int i; + uint64_t temp[2]; + + for (i=0; i +inline T SwapWords(const T& data) +{ + return (T)VecRotateLeftOctet<8>(data); +} + +inline uint64x2_p LoadBuffer1(const byte *dataBuffer) +{ +#if (CRYPTOPP_BIG_ENDIAN) + return (uint64x2_p)VecLoad(dataBuffer); +#else + const uint64x2_p data = (uint64x2_p)VecLoad(dataBuffer); + const uint8x16_p mask = {7,6,5,4, 3,2,1,0, 15,14,13,12, 11,10,9,8}; + return VecPermute(data, data, mask); +#endif +} + +inline uint64x2_p LoadBuffer2(const byte *dataBuffer) +{ +#if (CRYPTOPP_BIG_ENDIAN) + return (uint64x2_p)SwapWords(VecLoadBE(dataBuffer)); +#else + return (uint64x2_p)VecLoadBE(dataBuffer); +#endif +} + +size_t GCM_AuthenticateBlocks_VMULL(const byte *data, size_t len, const byte *mtable, byte *hbuffer) +{ + const uint64x2_p r = {0xe100000000000000ull, 0xc200000000000000ull}; + uint64x2_p x = (uint64x2_p)VecLoad(hbuffer); + + while (len >= 16) + { + size_t i=0, s = UnsignedMin(len/16, 8U); + uint64x2_p d1, d2 = LoadBuffer1(data+(s-1)*16); + uint64x2_p c0 = {0}, c1 = {0}, c2 = {0}; + + while (true) + { + const uint64x2_p h0 = (uint64x2_p)VecLoad(mtable+(i+0)*16); + const uint64x2_p h1 = (uint64x2_p)VecLoad(mtable+(i+1)*16); + const uint64x2_p h2 = (uint64x2_p)VecXor(h0, h1); + + if (++i == s) + { + d1 = LoadBuffer2(data); + d1 = VecXor(d1, x); + c0 = VecXor(c0, VMULL_00LE(d1, h0)); + c2 = VecXor(c2, VMULL_01LE(d1, h1)); + d1 = VecXor(d1, SwapWords(d1)); + c1 = VecXor(c1, VMULL_00LE(d1, h2)); + break; + } + + d1 = LoadBuffer1(data+(s-i)*16-8); + c0 = VecXor(c0, VMULL_01LE(d2, h0)); + c2 = VecXor(c2, VMULL_01LE(d1, h1)); + d2 = VecXor(d2, d1); + c1 = VecXor(c1, VMULL_01LE(d2, h2)); + + if (++i == s) + { + d1 = LoadBuffer2(data); + d1 = VecXor(d1, x); + c0 = VecXor(c0, VMULL_10LE(d1, h0)); + c2 = VecXor(c2, VMULL_11LE(d1, h1)); + d1 = VecXor(d1, SwapWords(d1)); + c1 = VecXor(c1, VMULL_10LE(d1, h2)); + break; + } + + d2 = LoadBuffer2(data+(s-i)*16-8); + c0 = VecXor(c0, VMULL_10LE(d1, h0)); + c2 = VecXor(c2, VMULL_10LE(d2, h1)); + d1 = VecXor(d1, d2); + c1 = VecXor(c1, VMULL_10LE(d1, h2)); + } + data += s*16; + len -= s*16; + + c1 = VecXor(VecXor(c1, c0), c2); + x = GCM_Reduce_VMULL(c0, c1, c2, r); + } + + VecStore(x, hbuffer); + return len; +} + +void GCM_ReverseHashBufferIfNeeded_VMULL(byte *hashBuffer) +{ + const uint64x2_p mask = {0x08090a0b0c0d0e0full, 0x0001020304050607ull}; + VecStore(VecPermute(VecLoad(hashBuffer), mask), hashBuffer); +} +#endif // CRYPTOPP_POWER8_VMULL_AVAILABLE + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/gf2n.cpp b/vendor/cryptopp/vendor_cryptopp/gf2n.cpp index a1d24ff3..c907e081 100644 --- a/vendor/cryptopp/vendor_cryptopp/gf2n.cpp +++ b/vendor/cryptopp/vendor_cryptopp/gf2n.cpp @@ -18,12 +18,27 @@ #include -// Issue 340 -#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE -# pragma GCC diagnostic ignored "-Wconversion" -# pragma GCC diagnostic ignored "-Wsign-conversion" +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::PolynomialMod2; + +#if defined(HAVE_GCC_INIT_PRIORITY) + const PolynomialMod2 g_zero __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 60))) = PolynomialMod2(); + const PolynomialMod2 g_one __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 61))) = PolynomialMod2(1); +#elif defined(HAVE_MSC_INIT_PRIORITY) + #pragma warning(disable: 4075) + #pragma init_seg(".CRT$XCU") + const PolynomialMod2 g_zero; + const PolynomialMod2 g_one(1); + #pragma warning(default: 4075) +#elif defined(HAVE_XLC_INIT_PRIORITY) + #pragma priority(290) + const PolynomialMod2 g_zero; + const PolynomialMod2 g_one(1); #endif +ANONYMOUS_NAMESPACE_END + NAMESPACE_BEGIN(CryptoPP) PolynomialMod2::PolynomialMod2() @@ -133,12 +148,26 @@ struct NewPolynomialMod2 const PolynomialMod2 &PolynomialMod2::Zero() { +#if defined(HAVE_GCC_INIT_PRIORITY) || defined(HAVE_MSC_INIT_PRIORITY) || defined(HAVE_XLC_INIT_PRIORITY) + return g_zero; +#elif defined(CRYPTOPP_CXX11_DYNAMIC_INIT) + static const PolynomialMod2 g_zero; + return g_zero; +#else return Singleton().Ref(); +#endif } const PolynomialMod2 &PolynomialMod2::One() { +#if defined(HAVE_GCC_INIT_PRIORITY) || defined(HAVE_MSC_INIT_PRIORITY) || defined(HAVE_XLC_INIT_PRIORITY) + return g_one; +#elif defined(CRYPTOPP_CXX11_DYNAMIC_INIT) + static const PolynomialMod2 g_one(1); + return g_one; +#else return Singleton >().Ref(); +#endif } void PolynomialMod2::Decode(const byte *input, size_t inputLen) @@ -336,7 +365,7 @@ PolynomialMod2 PolynomialMod2::Modulo(const PolynomialMod2 &b) const PolynomialMod2& PolynomialMod2::operator<<=(unsigned int n) { #if defined(CRYPTOPP_DEBUG) - int x; CRYPTOPP_UNUSED(x); + int x=0; CRYPTOPP_UNUSED(x); CRYPTOPP_ASSERT(SafeConvert(n,x)); #endif diff --git a/vendor/cryptopp/vendor_cryptopp/gf2n.h b/vendor/cryptopp/vendor_cryptopp/gf2n.h index 40cf3934..4bb34b19 100644 --- a/vendor/cryptopp/vendor_cryptopp/gf2n.h +++ b/vendor/cryptopp/vendor_cryptopp/gf2n.h @@ -357,13 +357,13 @@ class CRYPTOPP_DLL GF2NPP : public GF2NP public: // polynomial modulus = x^t0 + x^t1 + x^t2 + x^t3 + x^t4, t0 > t1 > t2 > t3 > t4 GF2NPP(unsigned int t0, unsigned int t1, unsigned int t2, unsigned int t3, unsigned int t4) - : GF2NP(PolynomialMod2::Pentanomial(t0, t1, t2, t3, t4)), t0(t0), t1(t1), t2(t2), t3(t3) {} + : GF2NP(PolynomialMod2::Pentanomial(t0, t1, t2, t3, t4)), t1(t1), t2(t2), t3(t3) {} GF2NP * Clone() const {return new GF2NPP(*this);} void DEREncode(BufferedTransformation &bt) const; private: - unsigned int t0, t1, t2, t3; + unsigned int t1, t2, t3; }; // construct new GF2NP from the ASN.1 sequence Characteristic-two diff --git a/vendor/cryptopp/vendor_cryptopp/gzip.cpp b/vendor/cryptopp/vendor_cryptopp/gzip.cpp index 2007bf80..ade1d422 100644 --- a/vendor/cryptopp/vendor_cryptopp/gzip.cpp +++ b/vendor/cryptopp/vendor_cryptopp/gzip.cpp @@ -14,6 +14,8 @@ static inline bool Is8859Character(char c) { void Gzip::IsolatedInitialize(const NameValuePairs ¶meters) { + Deflator::IsolatedInitialize(parameters); + ConstByteArrayParameter v; if (parameters.GetValue(Name::FileName(), v)) m_filename.assign(reinterpret_cast(v.begin()), v.size()); @@ -38,7 +40,8 @@ void Gzip::WritePrestreamHeader() AttachedTransformation()->Put(DEFLATED); AttachedTransformation()->Put((byte)flags); // general flag AttachedTransformation()->PutWord32(m_filetime, LITTLE_ENDIAN_ORDER); // time stamp - byte extra = (GetDeflateLevel() == 1) ? FAST : ((GetDeflateLevel() == 9) ? SLOW : 0); + byte extra = static_cast((GetDeflateLevel() == 1) ? + FAST : ((GetDeflateLevel() == 9) ? SLOW : 0)); AttachedTransformation()->Put(extra); AttachedTransformation()->Put(GZIP_OS_CODE); diff --git a/vendor/cryptopp/vendor_cryptopp/hc128.cpp b/vendor/cryptopp/vendor_cryptopp/hc128.cpp new file mode 100644 index 00000000..b734d6e5 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/hc128.cpp @@ -0,0 +1,279 @@ +// hc128.cpp - written and placed in the public domain by Jeffrey Walton +// based on public domain code by Hongjun Wu. +// +// The reference materials and source files are available at +// The eSTREAM Project, http://www.ecrypt.eu.org/stream/e2-hc128.html. + +#include "pch.h" +#include "config.h" + +#include "hc128.h" +#include "secblock.h" +#include "misc.h" + +/*h1 function*/ +#define h1(x, y) { \ + byte a,c; \ + a = (byte) (x); \ + c = (byte) ((x) >> 16); \ + y = (m_T[512+a])+(m_T[512+256+c]); \ +} + +/*h2 function*/ +#define h2(x, y) { \ + byte a,c; \ + a = (byte) (x); \ + c = (byte) ((x) >> 16); \ + y = (m_T[a])+(m_T[256+c]); \ +} + +/*one step of HC-128, update P and generate 32 bits keystream*/ +#define step_P(u,v,a,b,c,d,n){ \ + word32 tem0,tem1,tem2,tem3; \ + h1(m_X[(d)],tem3); \ + tem0 = rotrConstant<23>(m_T[(v)]); \ + tem1 = rotrConstant<10>(m_X[(c)]); \ + tem2 = rotrConstant<8>(m_X[(b)]); \ + (m_T[(u)]) += tem2+(tem0 ^ tem1); \ + (m_X[(a)]) = (m_T[(u)]); \ + (n) = tem3 ^ (m_T[(u)]); \ +} + +/*one step of HC-128, update Q and generate 32 bits keystream*/ +#define step_Q(u,v,a,b,c,d,n){ \ + word32 tem0,tem1,tem2,tem3; \ + h2(m_Y[(d)],tem3); \ + tem0 = rotrConstant<(32-23)>(m_T[(v)]); \ + tem1 = rotrConstant<(32-10)>(m_Y[(c)]); \ + tem2 = rotrConstant<(32-8)>(m_Y[(b)]); \ + (m_T[(u)]) += tem2 + (tem0 ^ tem1); \ + (m_Y[(a)]) = (m_T[(u)]); \ + (n) = tem3 ^ (m_T[(u)]) ; \ +} + +/*update table P*/ +#define update_P(u,v,a,b,c,d){ \ + word32 tem0,tem1,tem2,tem3; \ + tem0 = rotrConstant<23>(m_T[(v)]); \ + tem1 = rotrConstant<10>(m_X[(c)]); \ + tem2 = rotrConstant<8>(m_X[(b)]); \ + h1(m_X[(d)],tem3); \ + (m_T[(u)]) = ((m_T[(u)]) + tem2+(tem0^tem1)) ^ tem3; \ + (m_X[(a)]) = (m_T[(u)]); \ +} + +/*update table Q*/ +#define update_Q(u,v,a,b,c,d){ \ + word32 tem0,tem1,tem2,tem3; \ + tem0 = rotrConstant<(32-23)>(m_T[(v)]); \ + tem1 = rotrConstant<(32-10)>(m_Y[(c)]); \ + tem2 = rotrConstant<(32-8)>(m_Y[(b)]); \ + h2(m_Y[(d)],tem3); \ + (m_T[(u)]) = ((m_T[(u)]) + tem2+(tem0^tem1)) ^ tem3; \ + (m_Y[(a)]) = (m_T[(u)]); \ +} + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::word32; +using CryptoPP::rotrConstant; + +inline word32 f1(word32 x) +{ + return rotrConstant<7>(x) ^ rotrConstant<18>(x) ^ ((x) >> 3); +} + +inline word32 f2(word32 x) +{ + return rotrConstant<17>(x) ^ rotrConstant<19>(x) ^ ((x) >> 10); +} + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +/*16 steps of HC-128, generate 512 bits keystream*/ +void HC128Policy::GenerateKeystream(word32 keystream[16]) +{ + unsigned int cc = m_ctr & 0x1ff; + unsigned int dd = (cc + 16) & 0x1ff; + + if (m_ctr < 512) + { + m_ctr = (m_ctr + 16) & 0x3ff; + step_P(cc + 0, cc + 1, 0, 6, 13, 4, keystream[0]); + step_P(cc + 1, cc + 2, 1, 7, 14, 5, keystream[1]); + step_P(cc + 2, cc + 3, 2, 8, 15, 6, keystream[2]); + step_P(cc + 3, cc + 4, 3, 9, 0, 7, keystream[3]); + step_P(cc + 4, cc + 5, 4, 10, 1, 8, keystream[4]); + step_P(cc + 5, cc + 6, 5, 11, 2, 9, keystream[5]); + step_P(cc + 6, cc + 7, 6, 12, 3, 10, keystream[6]); + step_P(cc + 7, cc + 8, 7, 13, 4, 11, keystream[7]); + step_P(cc + 8, cc + 9, 8, 14, 5, 12, keystream[8]); + step_P(cc + 9, cc + 10, 9, 15, 6, 13, keystream[9]); + step_P(cc + 10, cc + 11, 10, 0, 7, 14, keystream[10]); + step_P(cc + 11, cc + 12, 11, 1, 8, 15, keystream[11]); + step_P(cc + 12, cc + 13, 12, 2, 9, 0, keystream[12]); + step_P(cc + 13, cc + 14, 13, 3, 10, 1, keystream[13]); + step_P(cc + 14, cc + 15, 14, 4, 11, 2, keystream[14]); + step_P(cc + 15, dd + 0, 15, 5, 12, 3, keystream[15]); + } + else + { + m_ctr = (m_ctr + 16) & 0x3ff; + step_Q(512 + cc + 0, 512 + cc + 1, 0, 6, 13, 4, keystream[0]); + step_Q(512 + cc + 1, 512 + cc + 2, 1, 7, 14, 5, keystream[1]); + step_Q(512 + cc + 2, 512 + cc + 3, 2, 8, 15, 6, keystream[2]); + step_Q(512 + cc + 3, 512 + cc + 4, 3, 9, 0, 7, keystream[3]); + step_Q(512 + cc + 4, 512 + cc + 5, 4, 10, 1, 8, keystream[4]); + step_Q(512 + cc + 5, 512 + cc + 6, 5, 11, 2, 9, keystream[5]); + step_Q(512 + cc + 6, 512 + cc + 7, 6, 12, 3, 10, keystream[6]); + step_Q(512 + cc + 7, 512 + cc + 8, 7, 13, 4, 11, keystream[7]); + step_Q(512 + cc + 8, 512 + cc + 9, 8, 14, 5, 12, keystream[8]); + step_Q(512 + cc + 9, 512 + cc + 10, 9, 15, 6, 13, keystream[9]); + step_Q(512 + cc + 10, 512 + cc + 11, 10, 0, 7, 14, keystream[10]); + step_Q(512 + cc + 11, 512 + cc + 12, 11, 1, 8, 15, keystream[11]); + step_Q(512 + cc + 12, 512 + cc + 13, 12, 2, 9, 0, keystream[12]); + step_Q(512 + cc + 13, 512 + cc + 14, 13, 3, 10, 1, keystream[13]); + step_Q(512 + cc + 14, 512 + cc + 15, 14, 4, 11, 2, keystream[14]); + step_Q(512 + cc + 15, 512 + dd + 0, 15, 5, 12, 3, keystream[15]); + } +} + +/*16 steps of HC-128, without generating keystream, */ +/*but use the outputs to update P and Q*/ +void HC128Policy::SetupUpdate() /*each time 16 steps*/ +{ + unsigned int cc = m_ctr & 0x1ff; + unsigned int dd = (cc + 16) & 0x1ff; + + if (m_ctr < 512) + { + m_ctr = (m_ctr + 16) & 0x3ff; + update_P(cc + 0, cc + 1, 0, 6, 13, 4); + update_P(cc + 1, cc + 2, 1, 7, 14, 5); + update_P(cc + 2, cc + 3, 2, 8, 15, 6); + update_P(cc + 3, cc + 4, 3, 9, 0, 7); + update_P(cc + 4, cc + 5, 4, 10, 1, 8); + update_P(cc + 5, cc + 6, 5, 11, 2, 9); + update_P(cc + 6, cc + 7, 6, 12, 3, 10); + update_P(cc + 7, cc + 8, 7, 13, 4, 11); + update_P(cc + 8, cc + 9, 8, 14, 5, 12); + update_P(cc + 9, cc + 10, 9, 15, 6, 13); + update_P(cc + 10, cc + 11, 10, 0, 7, 14); + update_P(cc + 11, cc + 12, 11, 1, 8, 15); + update_P(cc + 12, cc + 13, 12, 2, 9, 0); + update_P(cc + 13, cc + 14, 13, 3, 10, 1); + update_P(cc + 14, cc + 15, 14, 4, 11, 2); + update_P(cc + 15, dd + 0, 15, 5, 12, 3); + } + else + { + m_ctr = (m_ctr + 16) & 0x3ff; + update_Q(512 + cc + 0, 512 + cc + 1, 0, 6, 13, 4); + update_Q(512 + cc + 1, 512 + cc + 2, 1, 7, 14, 5); + update_Q(512 + cc + 2, 512 + cc + 3, 2, 8, 15, 6); + update_Q(512 + cc + 3, 512 + cc + 4, 3, 9, 0, 7); + update_Q(512 + cc + 4, 512 + cc + 5, 4, 10, 1, 8); + update_Q(512 + cc + 5, 512 + cc + 6, 5, 11, 2, 9); + update_Q(512 + cc + 6, 512 + cc + 7, 6, 12, 3, 10); + update_Q(512 + cc + 7, 512 + cc + 8, 7, 13, 4, 11); + update_Q(512 + cc + 8, 512 + cc + 9, 8, 14, 5, 12); + update_Q(512 + cc + 9, 512 + cc + 10, 9, 15, 6, 13); + update_Q(512 + cc + 10, 512 + cc + 11, 10, 0, 7, 14); + update_Q(512 + cc + 11, 512 + cc + 12, 11, 1, 8, 15); + update_Q(512 + cc + 12, 512 + cc + 13, 12, 2, 9, 0); + update_Q(512 + cc + 13, 512 + cc + 14, 13, 3, 10, 1); + update_Q(512 + cc + 14, 512 + cc + 15, 14, 4, 11, 2); + update_Q(512 + cc + 15, 512 + dd + 0, 15, 5, 12, 3); + } +} + +void HC128Policy::CipherSetKey(const NameValuePairs ¶ms, const byte *userKey, size_t keylen) +{ + CRYPTOPP_UNUSED(params); + + GetUserKey(LITTLE_ENDIAN_ORDER, m_key.begin(), 4, userKey, keylen); + for (unsigned int i = 4; i < 8; i++) + m_key[i] = m_key[i - 4]; +} + +void HC128Policy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) +{ + while (iterationCount--) + { + word32 keystream[16]; + GenerateKeystream(keystream); + + PutWord(false, LITTLE_ENDIAN_ORDER, output + 0, keystream[0]); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 4, keystream[1]); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 8, keystream[2]); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 12, keystream[3]); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 16, keystream[4]); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 20, keystream[5]); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 24, keystream[6]); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 28, keystream[7]); + + PutWord(false, LITTLE_ENDIAN_ORDER, output + 32, keystream[8]); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 36, keystream[9]); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 40, keystream[10]); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 44, keystream[11]); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 48, keystream[12]); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 52, keystream[13]); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 56, keystream[14]); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 60, keystream[15]); + + // If AdditiveCipherTemplate does not have an accumulated keystream + // then it will ask OperateKeystream to generate one. Optionally it + // will ask for an XOR of the input with the keystream while + // writing the result to the output buffer. In all cases the + // keystream is written to the output buffer. The optional part is + // adding the input buffer and keystream. + if ((operation & INPUT_NULL) != INPUT_NULL) + { + xorbuf(output, input, BYTES_PER_ITERATION); + input += BYTES_PER_ITERATION; + } + + output += BYTES_PER_ITERATION; + } +} + +void HC128Policy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) +{ + CRYPTOPP_UNUSED(keystreamBuffer); + + GetUserKey(LITTLE_ENDIAN_ORDER, m_iv.begin(), 4, iv, length); + for (unsigned int i = 4; i < 8; i++) + m_iv[i] = m_iv[i - 4]; + + /* expand the key and IV into the table T */ + /* (expand the key and IV into the table P and Q) */ + + for (unsigned int i = 0; i < 8; i++) + m_T[i] = m_key[i]; + for (unsigned int i = 8; i < 16; i++) + m_T[i] = m_iv[i - 8]; + + for (unsigned int i = 16; i < (256 + 16); i++) + m_T[i] = f2(m_T[i - 2]) + m_T[i - 7] + f1(m_T[i - 15]) + m_T[i - 16] + i; + + for (unsigned int i = 0; i < 16; i++) + m_T[i] = m_T[256 + i]; + + for (unsigned int i = 16; i < 1024; i++) + m_T[i] = f2(m_T[i - 2]) + m_T[i - 7] + f1(m_T[i - 15]) + m_T[i - 16] + 256 + i; + + /* initialize counter1024, X and Y */ + m_ctr = 0; + for (unsigned int i = 0; i < 16; i++) + m_X[i] = m_T[512 - 16 + i]; + for (unsigned int i = 0; i < 16; i++) + m_Y[i] = m_T[512 + 512 - 16 + i]; + + /* run the cipher 1024 steps before generating the output */ + for (unsigned int i = 0; i < 64; i++) + SetupUpdate(); +} + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/hc128.h b/vendor/cryptopp/vendor_cryptopp/hc128.h new file mode 100644 index 00000000..a43eeeb3 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/hc128.h @@ -0,0 +1,67 @@ +// hc128.h - written and placed in the public domain by Jeffrey Walton +// based on public domain code by Hongjun Wu. +// +// The reference materials and source files are available at +// The eSTREAM Project, http://www.ecrypt.eu.org/stream/e2-hc128.html. + +/// \file hc128.h +/// \brief Classes for HC-128 stream cipher +/// \sa The +/// eSTREAM Project | HC-128 and +/// Crypto++ Wiki | HC-128. +/// \since Crypto++ 8.0 + +#ifndef CRYPTOPP_HC128_H +#define CRYPTOPP_HC128_H + +#include "strciphr.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +/// \brief HC-128 stream cipher information +/// \since Crypto++ 8.0 +struct HC128Info : public FixedKeyLength<16, SimpleKeyingInterface::UNIQUE_IV, 16> +{ + CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "HC-128"; } +}; + +/// \brief HC-128 stream cipher implementation +/// \since Crypto++ 8.0 +class HC128Policy : public AdditiveCipherConcretePolicy, public HC128Info +{ +protected: + void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); + void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); + void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); + bool CanOperateKeystream() const { return true; } + bool CipherIsRandomAccess() const { return false; } + + void GenerateKeystream(word32* keystream); + void SetupUpdate(); + +private: + FixedSizeSecBlock m_X; + FixedSizeSecBlock m_Y; + FixedSizeSecBlock m_key; + FixedSizeSecBlock m_iv; + word32 m_T[1024]; + word32 m_ctr; +}; + +/// \brief HC-128 stream cipher +/// \details HC-128 is a stream cipher developed by Hongjun Wu. HC-128 is one of the +/// final four Profile 1 (software) ciphers selected for the eSTREAM portfolio. +/// \sa The +/// eSTREAM Project | HC-128 and +/// Crypto++ Wiki | HC-128. +/// \since Crypto++ 8.0 +struct HC128 : public HC128Info, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal >, HC128Info> Encryption; + typedef Encryption Decryption; +}; + +NAMESPACE_END + +#endif // CRYPTOPP_HC128_H diff --git a/vendor/cryptopp/vendor_cryptopp/hc256.cpp b/vendor/cryptopp/vendor_cryptopp/hc256.cpp new file mode 100644 index 00000000..f8ec989f --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/hc256.cpp @@ -0,0 +1,158 @@ +// hc256.cpp - written and placed in the public domain by Jeffrey Walton +// based on public domain code by Hongjun Wu. +// +// The reference materials and source files are available at +// The eSTREAM Project, http://www.ecrypt.eu.org/stream/hc256.html. + +#include "pch.h" +#include "config.h" + +#include "hc256.h" +#include "secblock.h" +#include "misc.h" + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::word32; +using CryptoPP::rotrConstant; + +inline word32 f1(word32 x) +{ + return rotrConstant<7>(x) ^ rotrConstant<18>(x) ^ (x >> 3); +} + +inline word32 f2(word32 x) +{ + return rotrConstant<17>(x) ^ rotrConstant<19>(x) ^ (x >> 10); +} + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +inline word32 HC256Policy::H1(word32 u) +{ + word32 tem; + byte a, b, c, d; + a = (byte)(u); + b = (byte)(u >> 8); + c = (byte)(u >> 16); + d = (byte)(u >> 24); + tem = m_Q[a] + m_Q[256 + b] + m_Q[512 + c] + m_Q[768 + d]; + return (tem); +} + +inline word32 HC256Policy::H2(word32 u) +{ + word32 tem; + byte a, b, c, d; + a = (byte)(u); + b = (byte)(u >> 8); + c = (byte)(u >> 16); + d = (byte)(u >> 24); + tem = m_P[a] + m_P[256 + b] + m_P[512 + c] + m_P[768 + d]; + return (tem); +} + +inline word32 HC256Policy::Generate() /*one step of the cipher*/ +{ + word32 i, i3, i10, i12, i1023; + word32 output; + + i = m_ctr & 0x3ff; + i3 = (i - 3) & 0x3ff; + i10 = (i - 10) & 0x3ff; + i12 = (i - 12) & 0x3ff; + i1023 = (i - 1023) & 0x3ff; + + if (m_ctr < 1024) { + m_P[i] = m_P[i] + m_P[i10] + (rotrConstant<10>(m_P[i3]) ^ rotrConstant<23>(m_P[i1023])) + m_Q[(m_P[i3] ^ m_P[i1023]) & 0x3ff]; + output = H1(m_P[i12]) ^ m_P[i]; + } + else { + m_Q[i] = m_Q[i] + m_Q[i10] + (rotrConstant<10>(m_Q[i3]) ^ rotrConstant<23>(m_Q[i1023])) + m_P[(m_Q[i3] ^ m_Q[i1023]) & 0x3ff]; + output = H2(m_Q[i12]) ^ m_Q[i]; + } + m_ctr = (m_ctr + 1) & 0x7ff; + return (output); +} + +void HC256Policy::CipherSetKey(const NameValuePairs ¶ms, const byte *userKey, size_t keylen) +{ + CRYPTOPP_UNUSED(params); CRYPTOPP_UNUSED(keylen); + CRYPTOPP_ASSERT(keylen == 32); + + for (unsigned int i = 0; i < 8; i++) + m_key[i] = 0; + + for (unsigned int i = 0; i < 32; i++) + { + m_key[i >> 2] = m_key[i >> 2] | userKey[i]; + m_key[i >> 2] = rotlConstant<8>(m_key[i >> 2]); + } +} + +void HC256Policy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) +{ + while (iterationCount--) + { + PutWord(false, LITTLE_ENDIAN_ORDER, output + 0, Generate()); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 4, Generate()); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 8, Generate()); + PutWord(false, LITTLE_ENDIAN_ORDER, output + 12, Generate()); + + // If AdditiveCipherTemplate does not have an accumulated keystream + // then it will ask OperateKeystream to generate one. Optionally it + // will ask for an XOR of the input with the keystream while + // writing the result to the output buffer. In all cases the + // keystream is written to the output buffer. The optional part is + // adding the input buffer and keystream. + if ((operation & INPUT_NULL) != INPUT_NULL) + { + xorbuf(output, input, BYTES_PER_ITERATION); + input += BYTES_PER_ITERATION; + } + + output += BYTES_PER_ITERATION; + } +} + +void HC256Policy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) +{ + CRYPTOPP_UNUSED(keystreamBuffer); CRYPTOPP_UNUSED(length); + CRYPTOPP_ASSERT(length == 32); + + /* initialize the iv */ + word32 W[2560]; + for (unsigned int i = 0; i < 8; i++) + m_iv[i] = 0; + + for (unsigned int i = 0; i < 32; i++) + { + m_iv[i >> 2] = m_iv[i >> 2] | iv[i]; + m_iv[i >> 2] = rotlConstant<8>(m_iv[i >> 2]); + } + + /* setup the table P and Q */ + + for (unsigned int i = 0; i < 8; i++) + W[i] = m_key[i]; + for (unsigned int i = 8; i < 16; i++) + W[i] = m_iv[i - 8]; + + for (unsigned int i = 16; i < 2560; i++) + W[i] = f2(W[i - 2]) + W[i - 7] + f1(W[i - 15]) + W[i - 16] + i; + + for (unsigned int i = 0; i < 1024; i++) + m_P[i] = W[i + 512]; + for (unsigned int i = 0; i < 1024; i++) + m_Q[i] = W[i + 1536]; + + m_ctr = 0; + + /* run the cipher 4096 steps before generating the output */ + for (unsigned int i = 0; i < 4096; i++) + Generate(); +} + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/hc256.h b/vendor/cryptopp/vendor_cryptopp/hc256.h new file mode 100644 index 00000000..ccd1ca05 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/hc256.h @@ -0,0 +1,67 @@ +// hc256.h - written and placed in the public domain by Jeffrey Walton +// based on public domain code by Hongjun Wu. +// +// The reference materials and source files are available at +// The eSTREAM Project, http://www.ecrypt.eu.org/stream/hc256.html. + +/// \file hc256.h +/// \brief Classes for HC-256 stream cipher +/// \sa The +/// eSTREAM Project | HC-256 and +/// Crypto++ Wiki | HC-128. +/// \since Crypto++ 8.0 + +#ifndef CRYPTOPP_HC256_H +#define CRYPTOPP_HC256_H + +#include "strciphr.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +/// \brief HC-256 stream cipher information +/// \since Crypto++ 8.0 +struct HC256Info : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 32> +{ + CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "HC-256"; } +}; + +/// \brief HC-256 stream cipher implementation +/// \since Crypto++ 8.0 +class HC256Policy : public AdditiveCipherConcretePolicy, public HC256Info +{ +protected: + void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); + void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); + void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); + bool CanOperateKeystream() const { return true; } + bool CipherIsRandomAccess() const { return false; } + + word32 H1(word32 u); + word32 H2(word32 u); + word32 Generate(); + +private: + FixedSizeSecBlock m_key; + FixedSizeSecBlock m_iv; + word32 m_P[1024]; + word32 m_Q[1024]; + word32 m_ctr; +}; + +/// \brief HC-256 stream cipher +/// \details HC-256 is a stream cipher developed by Hongjun Wu. HC-256 is the +/// successor to HC-128 from the eSTREAM project. +/// \sa The +/// eSTREAM Project | HC-256 and +/// Crypto++ Wiki | HC-128. +/// \since Crypto++ 8.0 +struct HC256 : public HC256Info, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal >, HC256Info> Encryption; + typedef Encryption Decryption; +}; + +NAMESPACE_END + +#endif // CRYPTOPP_HC256_H diff --git a/vendor/cryptopp/vendor_cryptopp/hight.cpp b/vendor/cryptopp/vendor_cryptopp/hight.cpp new file mode 100644 index 00000000..8b6f28ed --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/hight.cpp @@ -0,0 +1,271 @@ +// lea.cpp - written and placed in the public domain by Kim Sung Hee and Jeffrey Walton +// Based on "HIGHT: A 128-Bit Block Cipher for Fast Encryption on Common +// Processors" by Deukjo Hong, Jung-Keun Lee, Dong-Chan Kim, Daesung Kwon, +// Kwon Ho Ryu, and Dong-Geon Lee. +// +// This implementation is based on source files found in a zip file at the +// Korea Internet and Security Agency (https://www.kisa.or.kr/eng/main.jsp). +// The zip files was downloaded from the Korean language area of the site so we +// don't have a url or english zip filename to cite. The source filename from +// the zip is KISA_HIGHT_ECB.c. + +#include "pch.h" +#include "config.h" + +#include "hight.h" +#include "misc.h" + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; + +const byte DELTA[128] = { + 0x5A,0x6D,0x36,0x1B,0x0D,0x06,0x03,0x41, + 0x60,0x30,0x18,0x4C,0x66,0x33,0x59,0x2C, + 0x56,0x2B,0x15,0x4A,0x65,0x72,0x39,0x1C, + 0x4E,0x67,0x73,0x79,0x3C,0x5E,0x6F,0x37, + 0x5B,0x2D,0x16,0x0B,0x05,0x42,0x21,0x50, + 0x28,0x54,0x2A,0x55,0x6A,0x75,0x7A,0x7D, + 0x3E,0x5F,0x2F,0x17,0x4B,0x25,0x52,0x29, + 0x14,0x0A,0x45,0x62,0x31,0x58,0x6C,0x76, + 0x3B,0x1D,0x0E,0x47,0x63,0x71,0x78,0x7C, + 0x7E,0x7F,0x3F,0x1F,0x0F,0x07,0x43,0x61, + 0x70,0x38,0x5C,0x6E,0x77,0x7B,0x3D,0x1E, + 0x4F,0x27,0x53,0x69,0x34,0x1A,0x4D,0x26, + 0x13,0x49,0x24,0x12,0x09,0x04,0x02,0x01, + 0x40,0x20,0x10,0x08,0x44,0x22,0x11,0x48, + 0x64,0x32,0x19,0x0C,0x46,0x23,0x51,0x68, + 0x74,0x3A,0x5D,0x2E,0x57,0x6B,0x35,0x5A +}; + +const byte HIGHT_F0[256] = { + 0x00,0x86,0x0D,0x8B,0x1A,0x9C,0x17,0x91, + 0x34,0xB2,0x39,0xBF,0x2E,0xA8,0x23,0xA5, + 0x68,0xEE,0x65,0xE3,0x72,0xF4,0x7F,0xF9, + 0x5C,0xDA,0x51,0xD7,0x46,0xC0,0x4B,0xCD, + 0xD0,0x56,0xDD,0x5B,0xCA,0x4C,0xC7,0x41, + 0xE4,0x62,0xE9,0x6F,0xFE,0x78,0xF3,0x75, + 0xB8,0x3E,0xB5,0x33,0xA2,0x24,0xAF,0x29, + 0x8C,0x0A,0x81,0x07,0x96,0x10,0x9B,0x1D, + 0xA1,0x27,0xAC,0x2A,0xBB,0x3D,0xB6,0x30, + 0x95,0x13,0x98,0x1E,0x8F,0x09,0x82,0x04, + 0xC9,0x4F,0xC4,0x42,0xD3,0x55,0xDE,0x58, + 0xFD,0x7B,0xF0,0x76,0xE7,0x61,0xEA,0x6C, + 0x71,0xF7,0x7C,0xFA,0x6B,0xED,0x66,0xE0, + 0x45,0xC3,0x48,0xCE,0x5F,0xD9,0x52,0xD4, + 0x19,0x9F,0x14,0x92,0x03,0x85,0x0E,0x88, + 0x2D,0xAB,0x20,0xA6,0x37,0xB1,0x3A,0xBC, + 0x43,0xC5,0x4E,0xC8,0x59,0xDF,0x54,0xD2, + 0x77,0xF1,0x7A,0xFC,0x6D,0xEB,0x60,0xE6, + 0x2B,0xAD,0x26,0xA0,0x31,0xB7,0x3C,0xBA, + 0x1F,0x99,0x12,0x94,0x05,0x83,0x08,0x8E, + 0x93,0x15,0x9E,0x18,0x89,0x0F,0x84,0x02, + 0xA7,0x21,0xAA,0x2C,0xBD,0x3B,0xB0,0x36, + 0xFB,0x7D,0xF6,0x70,0xE1,0x67,0xEC,0x6A, + 0xCF,0x49,0xC2,0x44,0xD5,0x53,0xD8,0x5E, + 0xE2,0x64,0xEF,0x69,0xF8,0x7E,0xF5,0x73, + 0xD6,0x50,0xDB,0x5D,0xCC,0x4A,0xC1,0x47, + 0x8A,0x0C,0x87,0x01,0x90,0x16,0x9D,0x1B, + 0xBE,0x38,0xB3,0x35,0xA4,0x22,0xA9,0x2F, + 0x32,0xB4,0x3F,0xB9,0x28,0xAE,0x25,0xA3, + 0x06,0x80,0x0B,0x8D,0x1C,0x9A,0x11,0x97, + 0x5A,0xDC,0x57,0xD1,0x40,0xC6,0x4D,0xCB, + 0x6E,0xE8,0x63,0xE5,0x74,0xF2,0x79,0xFF +}; + +const byte HIGHT_F1[256] = { + 0x00,0x58,0xB0,0xE8,0x61,0x39,0xD1,0x89, + 0xC2,0x9A,0x72,0x2A,0xA3,0xFB,0x13,0x4B, + 0x85,0xDD,0x35,0x6D,0xE4,0xBC,0x54,0x0C, + 0x47,0x1F,0xF7,0xAF,0x26,0x7E,0x96,0xCE, + 0x0B,0x53,0xBB,0xE3,0x6A,0x32,0xDA,0x82, + 0xC9,0x91,0x79,0x21,0xA8,0xF0,0x18,0x40, + 0x8E,0xD6,0x3E,0x66,0xEF,0xB7,0x5F,0x07, + 0x4C,0x14,0xFC,0xA4,0x2D,0x75,0x9D,0xC5, + 0x16,0x4E,0xA6,0xFE,0x77,0x2F,0xC7,0x9F, + 0xD4,0x8C,0x64,0x3C,0xB5,0xED,0x05,0x5D, + 0x93,0xCB,0x23,0x7B,0xF2,0xAA,0x42,0x1A, + 0x51,0x09,0xE1,0xB9,0x30,0x68,0x80,0xD8, + 0x1D,0x45,0xAD,0xF5,0x7C,0x24,0xCC,0x94, + 0xDF,0x87,0x6F,0x37,0xBE,0xE6,0x0E,0x56, + 0x98,0xC0,0x28,0x70,0xF9,0xA1,0x49,0x11, + 0x5A,0x02,0xEA,0xB2,0x3B,0x63,0x8B,0xD3, + 0x2C,0x74,0x9C,0xC4,0x4D,0x15,0xFD,0xA5, + 0xEE,0xB6,0x5E,0x06,0x8F,0xD7,0x3F,0x67, + 0xA9,0xF1,0x19,0x41,0xC8,0x90,0x78,0x20, + 0x6B,0x33,0xDB,0x83,0x0A,0x52,0xBA,0xE2, + 0x27,0x7F,0x97,0xCF,0x46,0x1E,0xF6,0xAE, + 0xE5,0xBD,0x55,0x0D,0x84,0xDC,0x34,0x6C, + 0xA2,0xFA,0x12,0x4A,0xC3,0x9B,0x73,0x2B, + 0x60,0x38,0xD0,0x88,0x01,0x59,0xB1,0xE9, + 0x3A,0x62,0x8A,0xD2,0x5B,0x03,0xEB,0xB3, + 0xF8,0xA0,0x48,0x10,0x99,0xC1,0x29,0x71, + 0xBF,0xE7,0x0F,0x57,0xDE,0x86,0x6E,0x36, + 0x7D,0x25,0xCD,0x95,0x1C,0x44,0xAC,0xF4, + 0x31,0x69,0x81,0xD9,0x50,0x08,0xE0,0xB8, + 0xF3,0xAB,0x43,0x1B,0x92,0xCA,0x22,0x7A, + 0xB4,0xEC,0x04,0x5C,0xD5,0x8D,0x65,0x3D, + 0x76,0x2E,0xC6,0x9E,0x17,0x4F,0xA7,0xFF +}; + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +void HIGHT::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms) +{ + CRYPTOPP_UNUSED(params); + CRYPTOPP_UNUSED(keyLength); + + for(unsigned int i=0; i<4; i++) { + m_rkey[i ] = userKey[i+12]; + m_rkey[i+4] = userKey[i ]; + } + + for(unsigned int i=0; i<8; i++) { + for(unsigned int j=0; j<8; j++) { + m_rkey[8+16*i+j] = static_cast(userKey[(j-i)&7] + DELTA[16*i+j]); + } + + for(unsigned int j=0; j<8; j++) { + m_rkey[8+16*i+j+8] = static_cast(userKey[((j-i)&7)+8] + DELTA[16*i+j+8]); + } + } +} + +void HIGHT::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const +{ + // First Round + m_xx[1] = inBlock[1]; + m_xx[3] = inBlock[3]; + m_xx[5] = inBlock[5]; + m_xx[7] = inBlock[7]; + + m_xx[0] = (inBlock[0] + m_rkey[0]) & 0xFF; + m_xx[2] = (inBlock[2] ^ m_rkey[1]); + m_xx[4] = (inBlock[4] + m_rkey[2]) & 0xFF; + m_xx[6] = (inBlock[6] ^ m_rkey[3]); + + // Encryption Round + #define HIGHT_ENC(k, i0,i1,i2,i3,i4,i5,i6,i7) { \ + m_xx[i0] = (m_xx[i0] ^ (HIGHT_F0[m_xx[i1]] + m_rkey[4*k+3])) & 0xFF; \ + m_xx[i2] = (m_xx[i2] + (HIGHT_F1[m_xx[i3]] ^ m_rkey[4*k+2])) & 0xFF; \ + m_xx[i4] = (m_xx[i4] ^ (HIGHT_F0[m_xx[i5]] + m_rkey[4*k+1])) & 0xFF; \ + m_xx[i6] = (m_xx[i6] + (HIGHT_F1[m_xx[i7]] ^ m_rkey[4*k+0])) & 0xFF; \ + } + + HIGHT_ENC( 2, 7,6,5,4,3,2,1,0); + HIGHT_ENC( 3, 6,5,4,3,2,1,0,7); + HIGHT_ENC( 4, 5,4,3,2,1,0,7,6); + HIGHT_ENC( 5, 4,3,2,1,0,7,6,5); + HIGHT_ENC( 6, 3,2,1,0,7,6,5,4); + HIGHT_ENC( 7, 2,1,0,7,6,5,4,3); + HIGHT_ENC( 8, 1,0,7,6,5,4,3,2); + HIGHT_ENC( 9, 0,7,6,5,4,3,2,1); + HIGHT_ENC(10, 7,6,5,4,3,2,1,0); + HIGHT_ENC(11, 6,5,4,3,2,1,0,7); + HIGHT_ENC(12, 5,4,3,2,1,0,7,6); + HIGHT_ENC(13, 4,3,2,1,0,7,6,5); + HIGHT_ENC(14, 3,2,1,0,7,6,5,4); + HIGHT_ENC(15, 2,1,0,7,6,5,4,3); + HIGHT_ENC(16, 1,0,7,6,5,4,3,2); + HIGHT_ENC(17, 0,7,6,5,4,3,2,1); + HIGHT_ENC(18, 7,6,5,4,3,2,1,0); + HIGHT_ENC(19, 6,5,4,3,2,1,0,7); + HIGHT_ENC(20, 5,4,3,2,1,0,7,6); + HIGHT_ENC(21, 4,3,2,1,0,7,6,5); + HIGHT_ENC(22, 3,2,1,0,7,6,5,4); + HIGHT_ENC(23, 2,1,0,7,6,5,4,3); + HIGHT_ENC(24, 1,0,7,6,5,4,3,2); + HIGHT_ENC(25, 0,7,6,5,4,3,2,1); + HIGHT_ENC(26, 7,6,5,4,3,2,1,0); + HIGHT_ENC(27, 6,5,4,3,2,1,0,7); + HIGHT_ENC(28, 5,4,3,2,1,0,7,6); + HIGHT_ENC(29, 4,3,2,1,0,7,6,5); + HIGHT_ENC(30, 3,2,1,0,7,6,5,4); + HIGHT_ENC(31, 2,1,0,7,6,5,4,3); + HIGHT_ENC(32, 1,0,7,6,5,4,3,2); + HIGHT_ENC(33, 0,7,6,5,4,3,2,1); + + // Final Round + outBlock[1] = static_cast(m_xx[2]); + outBlock[3] = static_cast(m_xx[4]); + outBlock[5] = static_cast(m_xx[6]); + outBlock[7] = static_cast(m_xx[0]); + + outBlock[0] = static_cast(m_xx[1] + m_rkey[4]); + outBlock[2] = static_cast(m_xx[3] ^ m_rkey[5]); + outBlock[4] = static_cast(m_xx[5] + m_rkey[6]); + outBlock[6] = static_cast(m_xx[7] ^ m_rkey[7]); + + if (xorBlock) + xorbuf(outBlock, xorBlock, 8); +} + +void HIGHT::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const +{ + m_xx[2] = static_cast(inBlock[1]); + m_xx[4] = static_cast(inBlock[3]); + m_xx[6] = static_cast(inBlock[5]); + m_xx[0] = static_cast(inBlock[7]); + + m_xx[1] = static_cast(inBlock[0] - m_rkey[4]); + m_xx[3] = static_cast(inBlock[2] ^ m_rkey[5]); + m_xx[5] = static_cast(inBlock[4] - m_rkey[6]); + m_xx[7] = static_cast(inBlock[6] ^ m_rkey[7]); + + #define HIGHT_DEC(k, i0,i1,i2,i3,i4,i5,i6,i7) { \ + m_xx[i1] = (m_xx[i1] - (HIGHT_F1[m_xx[i2]] ^ m_rkey[4*k+2])) & 0xFF; \ + m_xx[i3] = (m_xx[i3] ^ (HIGHT_F0[m_xx[i4]] + m_rkey[4*k+1])) & 0xFF; \ + m_xx[i5] = (m_xx[i5] - (HIGHT_F1[m_xx[i6]] ^ m_rkey[4*k+0])) & 0xFF; \ + m_xx[i7] = (m_xx[i7] ^ (HIGHT_F0[m_xx[i0]] + m_rkey[4*k+3])) & 0xFF; \ + } + + HIGHT_DEC(33, 7,6,5,4,3,2,1,0); + HIGHT_DEC(32, 0,7,6,5,4,3,2,1); + HIGHT_DEC(31, 1,0,7,6,5,4,3,2); + HIGHT_DEC(30, 2,1,0,7,6,5,4,3); + HIGHT_DEC(29, 3,2,1,0,7,6,5,4); + HIGHT_DEC(28, 4,3,2,1,0,7,6,5); + HIGHT_DEC(27, 5,4,3,2,1,0,7,6); + HIGHT_DEC(26, 6,5,4,3,2,1,0,7); + HIGHT_DEC(25, 7,6,5,4,3,2,1,0); + HIGHT_DEC(24, 0,7,6,5,4,3,2,1); + HIGHT_DEC(23, 1,0,7,6,5,4,3,2); + HIGHT_DEC(22, 2,1,0,7,6,5,4,3); + HIGHT_DEC(21, 3,2,1,0,7,6,5,4); + HIGHT_DEC(20, 4,3,2,1,0,7,6,5); + HIGHT_DEC(19, 5,4,3,2,1,0,7,6); + HIGHT_DEC(18, 6,5,4,3,2,1,0,7); + HIGHT_DEC(17, 7,6,5,4,3,2,1,0); + HIGHT_DEC(16, 0,7,6,5,4,3,2,1); + HIGHT_DEC(15, 1,0,7,6,5,4,3,2); + HIGHT_DEC(14, 2,1,0,7,6,5,4,3); + HIGHT_DEC(13, 3,2,1,0,7,6,5,4); + HIGHT_DEC(12, 4,3,2,1,0,7,6,5); + HIGHT_DEC(11, 5,4,3,2,1,0,7,6); + HIGHT_DEC(10, 6,5,4,3,2,1,0,7); + HIGHT_DEC( 9, 7,6,5,4,3,2,1,0); + HIGHT_DEC( 8, 0,7,6,5,4,3,2,1); + HIGHT_DEC( 7, 1,0,7,6,5,4,3,2); + HIGHT_DEC( 6, 2,1,0,7,6,5,4,3); + HIGHT_DEC( 5, 3,2,1,0,7,6,5,4); + HIGHT_DEC( 4, 4,3,2,1,0,7,6,5); + HIGHT_DEC( 3, 5,4,3,2,1,0,7,6); + HIGHT_DEC( 2, 6,5,4,3,2,1,0,7); + + outBlock[1] = static_cast(m_xx[1]); + outBlock[3] = static_cast(m_xx[3]); + outBlock[5] = static_cast(m_xx[5]); + outBlock[7] = static_cast(m_xx[7]); + + outBlock[0] = static_cast(m_xx[0] - m_rkey[0]); + outBlock[2] = static_cast(m_xx[2] ^ m_rkey[1]); + outBlock[4] = static_cast(m_xx[4] - m_rkey[2]); + outBlock[6] = static_cast(m_xx[6] ^ m_rkey[3]); + + if (xorBlock) + xorbuf(outBlock, xorBlock, 8); +} + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/hight.h b/vendor/cryptopp/vendor_cryptopp/hight.h new file mode 100644 index 00000000..8a0f2a83 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/hight.h @@ -0,0 +1,81 @@ +// hight.h - written and placed in the public domain by Kim Sung Hee and Jeffrey Walton +// Based on "HIGHT: A New Block Cipher Suitable for Low-Resource Device" +// by Deukjo Hong, Jaechul Sung, Seokhie Hong, Jongin Lim, Sangjin Lee, +// Bon-Seok Koo, Changhoon Lee, Donghoon Chang, Jesang Lee, Kitae Jeong, +// Hyun Kim, Jongsung Kim, and Seongtaek Chee + +/// \file hight.h +/// \brief Classes for the HIGHT block cipher +/// \since Crypto++ 8.0 + +#ifndef CRYPTOPP_HIGHT_H +#define CRYPTOPP_HIGHT_H + +#include "config.h" +#include "seckey.h" +#include "secblock.h" +#include "algparam.h" + +NAMESPACE_BEGIN(CryptoPP) + +/// \brief HIGHT block cipher information +/// \since Crypto++ 8.0 +struct HIGHT_Info : public FixedBlockSize<8>, public FixedKeyLength<16> +{ + static const std::string StaticAlgorithmName() + { + // Format is Cipher-Blocksize + return "HIGHT"; + } +}; + +/// \brief HIGHT 64-bit block cipher +/// \details HIGHT provides 64-bit block size. The valid key size is 128-bits. +/// \note Crypto++ provides a byte oriented implementation +/// \sa HIGHT, +/// Korea Internet & Security +/// Agency website +/// \since Crypto++ 8.0 +class CRYPTOPP_NO_VTABLE HIGHT : public HIGHT_Info, public BlockCipherDocumentation +{ +public: + /// \brief HIGHT block cipher transformation functions + /// \details Provides implementation common to encryption and decryption + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + protected: + void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); + + FixedSizeSecBlock m_rkey; + mutable FixedSizeSecBlock m_xx; + }; + + /// \brief Encryption transformation + /// \details Enc provides implementation for encryption transformation. + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + /// \brief Encryption transformation + /// \details Dec provides implementation for decryption transformation. + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef HIGHT::Encryption HIGHTEncryption; +typedef HIGHT::Decryption HIGHTDecryption; + +NAMESPACE_END + +#endif // CRYPTOPP_HIGHT_H diff --git a/vendor/cryptopp/vendor_cryptopp/hkdf.h b/vendor/cryptopp/vendor_cryptopp/hkdf.h index c19706f5..cbb5319e 100644 --- a/vendor/cryptopp/vendor_cryptopp/hkdf.h +++ b/vendor/cryptopp/vendor_cryptopp/hkdf.h @@ -9,6 +9,7 @@ #include "cryptlib.h" #include "secblock.h" +#include "algparam.h" #include "hmac.h" NAMESPACE_BEGIN(CryptoPP) diff --git a/vendor/cryptopp/vendor_cryptopp/hmac.h b/vendor/cryptopp/vendor_cryptopp/hmac.h index dc69606d..71c92588 100644 --- a/vendor/cryptopp/vendor_cryptopp/hmac.h +++ b/vendor/cryptopp/vendor_cryptopp/hmac.h @@ -17,6 +17,8 @@ NAMESPACE_BEGIN(CryptoPP) class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE HMAC_Base : public VariableKeyLength<16, 0, INT_MAX>, public MessageAuthenticationCode { public: + virtual ~HMAC_Base() {} + /// \brief Construct a HMAC_Base HMAC_Base() : m_innerHashKeyed(false) {} void UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms); @@ -53,6 +55,8 @@ public: CRYPTOPP_CONSTANT(DIGESTSIZE=T::DIGESTSIZE) CRYPTOPP_CONSTANT(BLOCKSIZE=T::BLOCKSIZE) + virtual ~HMAC() {} + /// \brief Construct a HMAC HMAC() {} /// \brief Construct a HMAC @@ -63,6 +67,7 @@ public: static std::string StaticAlgorithmName() {return std::string("HMAC(") + T::StaticAlgorithmName() + ")";} std::string AlgorithmName() const {return std::string("HMAC(") + m_hash.AlgorithmName() + ")";} + std::string AlgorithmProvider() const {return m_hash.AlgorithmProvider();} private: HashTransformation & AccessHash() {return m_hash;} diff --git a/vendor/cryptopp/vendor_cryptopp/ida.cpp b/vendor/cryptopp/vendor_cryptopp/ida.cpp index 615bf2f2..1c8b3ab2 100644 --- a/vendor/cryptopp/vendor_cryptopp/ida.cpp +++ b/vendor/cryptopp/vendor_cryptopp/ida.cpp @@ -6,14 +6,9 @@ #include "ida.h" #include "stdcpp.h" #include "algebra.h" -#include "gf2_32.h" #include "polynomi.h" #include "polynomi.cpp" -ANONYMOUS_NAMESPACE_BEGIN -const CryptoPP::GF2_32 field; -NAMESPACE_END - NAMESPACE_BEGIN(CryptoPP) #if (defined(_MSC_VER) && (_MSC_VER < 1400)) && !defined(__MWERKS__) @@ -145,7 +140,7 @@ void RawIDA::ComputeV(unsigned int i) if (m_outputToInput[i] == size_t(m_threshold) && i * size_t(m_threshold) <= 1000*1000) { m_v[i].resize(m_threshold); - PrepareBulkPolynomialInterpolationAt(field, m_v[i].begin(), m_outputChannelIds[i], &(m_inputChannelIds[0]), m_w.begin(), m_threshold); + PrepareBulkPolynomialInterpolationAt(m_gf32, m_v[i].begin(), m_outputChannelIds[i], &(m_inputChannelIds[0]), m_w.begin(), m_threshold); } } @@ -161,7 +156,7 @@ void RawIDA::AddOutputChannel(word32 channelId) void RawIDA::PrepareInterpolation() { CRYPTOPP_ASSERT(m_inputChannelIds.size() == size_t(m_threshold)); - PrepareBulkPolynomialInterpolation(field, m_w.begin(), &(m_inputChannelIds[0]), (unsigned int)(m_threshold)); + PrepareBulkPolynomialInterpolation(m_gf32, m_w.begin(), &(m_inputChannelIds[0]), (unsigned int)(m_threshold)); for (unsigned int i=0; i > > { public: RawIDA(BufferedTransformation *attachment=NULLPTR) - : m_threshold (0), m_channelsReady(0), m_channelsFinished(0) + : m_channelsReady(0), m_channelsFinished(0), m_threshold (0) {Detach(attachment);} unsigned int GetThreshold() const {return m_threshold;} @@ -56,10 +57,11 @@ protected: std::vector m_inputChannelIds, m_outputChannelIds, m_outputToInput; std::vector m_outputChannelIdStrings; std::vector m_outputQueues; - int m_threshold; - unsigned int m_channelsReady, m_channelsFinished; std::vector > m_v; SecBlock m_u, m_w, m_y; + const GF2_32 m_gf32; + unsigned int m_channelsReady, m_channelsFinished; + int m_threshold; }; /// \brief Shamir's Secret Sharing Algorithm diff --git a/vendor/cryptopp/vendor_cryptopp/integer.cpp b/vendor/cryptopp/vendor_cryptopp/integer.cpp index 3246fb53..e73e5d8c 100644 --- a/vendor/cryptopp/vendor_cryptopp/integer.cpp +++ b/vendor/cryptopp/vendor_cryptopp/integer.cpp @@ -1,55 +1,54 @@ // integer.cpp - originally written and placed in the public domain by Wei Dai // contains public domain code contributed by Alister Lee and Leonard Janke -// Notes by JW: The Integer class needs to do two things. First, it needs to set function -// pointers on some platforms, like X86 and X64. The function pointers select a fast multiply -// and addition based on the cpu. Second, it wants to create Integer::Zero(), Integer::One() -// and Integer::Two(). -// The function pointers are initialized in the InitializeInteger class by calling -// SetFunctionPointers(). The call to SetFunctionPointers() is guarded to run once. If C++11 -// dynamic initialization is available, then a standard run_once is used. Otherwise, and simple -// flag is used. The flag suffers a race, but the worse case is the same function pointers -// get written twice without leaking memory. -// For Integer::Zero(), Integer::One() and Integer::Two(), we use one of two strategies. First, -// if C++11 dynamic initialization is available, then we use a static variable. Second, if -// C++11 dynamic initialization is not available, then we fall back to Wei's original code of -// a Singleton. -// Wei's original code was much simpler. It simply used the Singleton pattern, but it always -// produced memory findings on some platforms. The Singleton generates memory findings because -// it uses a Create On First Use pattern (a dumb Nifty Counter) and the compiler had to be smart -// enough to fold them to return the same object. Unix and Linux compilers do a good job of folding -// objects, but Microsoft compilers do a rather poor job for some versions of the compilers. -// Another problem with the Singleton is resource destruction requires running resource acquisition -// in reverse. For resources provided through the Singletons, there is no way to express the -// dependency order to safely destroy resources. (That's one of the problems C++11 dynamic +// Notes by JW: The Integer class needs to do two things. First, it needs +// to set function pointers on some platforms, like X86 and X64. The +// function pointers select a fast multiply and addition based on the cpu. +// Second, it wants to create Integer::Zero(), Integer::One() and +// Integer::Two(). +// The function pointers are initialized in the InitializeInteger class by +// calling SetFunctionPointers(). The call to SetFunctionPointers() is +// guarded to run once using a double-checked pattern. We don't use C++ +// std::call_once due to bad interactions between libstdc++, glibc and +// pthreads. The bad interactions were causing crashes for us on platforms +// like Sparc and PowerPC. Since we are only setting function pointers we +// don't have to worry about leaking memory. The worst case seems to be the +// pointers gets written twice until the init flag is set and visible to +// all threads. +// For Integer::Zero(), Integer::One() and Integer::Two(), we use one of three +// strategies. First, if initialization priorities are available then we use +// them. Initialization priorities are init_priority() on Linux and init_seg() +// on Windows. AIX, OS X and several other platforms lack them. Initialization +// priorities are platform specific but they are also the most trouble free +// with determisitic destruction. +// Second, if C++11 dynamic initialization is available, then we use it. After +// the std::call_once fiasco we dropped the priority dynamic initialization +// to avoid unknown troubles platforms that are tested less frequently. In +// addition Microsoft platforms mostly do not provide dynamic initialization. +// The MSDN docs claim they do but they don't in practice because we need +// Visual Studio 2017 and Windows 10 or above. +// Third, we fall back to Wei's original code of a Singleton. Wei's original +// code was much simpler. It simply used the Singleton pattern, but it always +// produced memory findings on some platforms. The Singleton generates memory +// findings because it uses a Create On First Use pattern (a dumb Nifty +// Counter) and the compiler had to be smart enough to fold them to return +// the same object. Unix and Linux compilers do a good job of folding objects, +// but Microsoft compilers do a rather poor job for some versions of the +// compiler. +// Another problem with the Singleton is resource destruction requires running +// resource acquisition in reverse. For resources provided through the +// Singletons, there is no way to express the dependency order to safely +// destroy resources. (That's one of the problems C++11 dynamic // intitialization with concurrent execution is supposed to solve). +// The final problem with Singletons is resource/memory exhaustion in languages +// like Java and .Net. Java and .Net load and unload a native DLL hundreds or +// thousands of times during the life of a program. Each load produces a +// memory leak and they can add up quickly. If they library is being used in +// Java or .Net then Singleton must be avoided at all costs. #include "pch.h" #include "config.h" -#if CRYPTOPP_MSC_VERSION -# pragma warning(disable: 4100) -#endif - -#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE -# pragma GCC diagnostic ignored "-Wunused" -#if !defined(__clang__) -# pragma GCC diagnostic ignored "-Wunused-but-set-variable" -#endif -#endif - -// Issue 340 -#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE -# pragma GCC diagnostic ignored "-Wconversion" -# pragma GCC diagnostic ignored "-Wsign-conversion" -#endif - -// Define this to statically initialize Integer Zero(), One() -// and Two() using Microsoft init_seg(). This is useful for -// testing Integer code for leaks when the MSC compiler -// does not fold use of the Singletons. -// #define USE_MSC_INIT_PRIORITY 1 - #ifndef CRYPTOPP_IMPORTS #include "integer.h" @@ -89,7 +88,7 @@ // "Inline assembly operands don't work with .intel_syntax", // http://llvm.org/bugs/show_bug.cgi?id=24232 -#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_INTEL_ASM) +#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_MIXED_ASM) # undef CRYPTOPP_X86_ASM_AVAILABLE # undef CRYPTOPP_X32_ASM_AVAILABLE # undef CRYPTOPP_X64_ASM_AVAILABLE @@ -102,16 +101,18 @@ // ***************** C++ Static Initialization ******************** NAMESPACE_BEGIN(CryptoPP) + +// Function body near the middle of the file static void SetFunctionPointers(); + +// Use a double-checked pattern. We are not leaking anything so it +// does not matter if a pointer is written twice during a race. +// Avoid std::call_once due to too many problems on platforms like +// Solaris and Sparc. Also see +// http://gcc.gnu.org/bugzilla/show_bug.cgi?id=66146 and +// http://github.com/weidai11/cryptopp/issues/707. InitializeInteger::InitializeInteger() { -#if !(HAVE_GCC_INIT_PRIORITY || HAVE_MSC_INIT_PRIORITY) -#if defined(CRYPTOPP_CXX11_SYNCHRONIZATION) && defined(CRYPTOPP_CXX11_DYNAMIC_INIT) - static std::once_flag s_flag; - std::call_once(s_flag, []() { - SetFunctionPointers(); - }); -#else static bool s_flag; MEMORY_BARRIER(); if (s_flag == false) @@ -120,8 +121,6 @@ InitializeInteger::InitializeInteger() s_flag = true; MEMORY_BARRIER(); } -#endif // C++11 or C++03 flag -#endif // not GCC and MSC init priorities } template @@ -195,6 +194,7 @@ static word AtomicInverseModPower2(word A) // ******************************************************** #if !defined(CRYPTOPP_NATIVE_DWORD_AVAILABLE) || (defined(__x86_64__) && defined(CRYPTOPP_WORD128_AVAILABLE)) + #define TWO_64_BIT_WORDS 1 #define Declare2Words(x) word x##0, x##1; #define AssignWord(a, b) a##0 = b; a##1 = 0; #define Add2WordsBy1(a, b, c) a##0 = b##0 + c; a##1 = b##1 + (a##0 < c); @@ -285,7 +285,7 @@ public: #endif { #if defined(CRYPTOPP_NATIVE_DWORD_AVAILABLE) -# if defined(CRYPTOPP_LITTLE_ENDIAN) +# if (CRYPTOPP_LITTLE_ENDIAN) const word t[2] = {low,high}; memcpy(&m_whole, t, sizeof(m_whole)); # else @@ -390,7 +390,7 @@ private: // Thanks to Martin Bonner at http://stackoverflow.com/a/39507183 struct half_words { - #ifdef CRYPTOPP_LITTLE_ENDIAN + #if (CRYPTOPP_LITTLE_ENDIAN) word low; word high; #else @@ -744,6 +744,10 @@ CRYPTOPP_NAKED int CRYPTOPP_FASTCALL Baseline_Add(size_t N, word *C, const word AS1( setc al) // store carry into eax (return result register) AddEpilogue + + // http://github.com/weidai11/cryptopp/issues/340 + CRYPTOPP_UNUSED(A); CRYPTOPP_UNUSED(B); + CRYPTOPP_UNUSED(C); CRYPTOPP_UNUSED(N); } CRYPTOPP_NAKED int CRYPTOPP_FASTCALL Baseline_Sub(size_t N, word *C, const word *A, const word *B) @@ -785,6 +789,10 @@ CRYPTOPP_NAKED int CRYPTOPP_FASTCALL Baseline_Sub(size_t N, word *C, const word AS1( setc al) // store carry into eax (return result register) AddEpilogue + + // http://github.com/weidai11/cryptopp/issues/340 + CRYPTOPP_UNUSED(A); CRYPTOPP_UNUSED(B); + CRYPTOPP_UNUSED(C); CRYPTOPP_UNUSED(N); } #if CRYPTOPP_INTEGER_SSE2 @@ -843,6 +851,10 @@ CRYPTOPP_NAKED int CRYPTOPP_FASTCALL SSE2_Add(size_t N, word *C, const word *A, AS1( emms) AddEpilogue + + // http://github.com/weidai11/cryptopp/issues/340 + CRYPTOPP_UNUSED(A); CRYPTOPP_UNUSED(B); + CRYPTOPP_UNUSED(C); CRYPTOPP_UNUSED(N); } CRYPTOPP_NAKED int CRYPTOPP_FASTCALL SSE2_Sub(size_t N, word *C, const word *A, const word *B) { @@ -899,6 +911,10 @@ CRYPTOPP_NAKED int CRYPTOPP_FASTCALL SSE2_Sub(size_t N, word *C, const word *A, AS1( emms) AddEpilogue + + // http://github.com/weidai11/cryptopp/issues/340 + CRYPTOPP_UNUSED(A); CRYPTOPP_UNUSED(B); + CRYPTOPP_UNUSED(C); CRYPTOPP_UNUSED(N); } #endif // CRYPTOPP_INTEGER_SSE2 #else // CRYPTOPP_SSE2_ASM_AVAILABLE @@ -1295,6 +1311,11 @@ void Baseline_MultiplyBottom2(word *R, const word *AA, const word *BB) MAYBE_CONST word* B = MAYBE_UNCONST_CAST(BB); Bot_2 + +// http://github.com/weidai11/cryptopp/issues/340 +#if defined(TWO_64_BIT_WORDS) + CRYPTOPP_UNUSED(d0); CRYPTOPP_UNUSED(d1); +#endif } void Baseline_MultiplyBottom4(word *R, const word *AA, const word *BB) @@ -3024,7 +3045,7 @@ Integer::Integer(const byte *encodedInteger, size_t byteCount, Signedness s, Byt else { SecByteBlock block(byteCount); -#if (_MSC_FULL_VER >= 140050727) +#if (_MSC_VER >= 1500) std::reverse_copy(encodedInteger, encodedInteger+byteCount, stdext::make_checked_array_iterator(block.begin(), block.size())); #else @@ -4361,8 +4382,8 @@ Integer Integer::MultiplicativeInverse() const Integer a_times_b_mod_c(const Integer &x, const Integer& y, const Integer& m) { - CRYPTOPP_ASSERT(m != 0); - if (m == 0) + CRYPTOPP_ASSERT(m.NotZero()); + if (m.IsZero()) throw Integer::DivideByZero(); return x*y%m; @@ -4370,8 +4391,8 @@ Integer a_times_b_mod_c(const Integer &x, const Integer& y, const Integer& m) Integer a_exp_b_mod_c(const Integer &x, const Integer& e, const Integer& m) { - CRYPTOPP_ASSERT(m != 0); - if (m == 0) + CRYPTOPP_ASSERT(m.NotZero()); + if (m.IsZero()) throw Integer::DivideByZero(); ModularArithmetic mr(m); @@ -4787,22 +4808,31 @@ public: } }; -// This is not really needed because each Integer can dynamically initialize itself, -// but we take a peephole optimization and initialize the class once if init priorities are -// available. Dynamic initialization will be used if init priorities are not available. +// This is not really needed because each Integer can dynamically initialize +// itself, but we take a peephole optimization and initialize the class once +// if init priorities are available. Dynamic initialization will be used if +// init priorities are not available. -#if HAVE_GCC_INIT_PRIORITY +#if defined(HAVE_GCC_INIT_PRIORITY) const InitInteger s_init __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 10))) = InitInteger(); + const Integer g_zero __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 11))) = Integer(0L); + const Integer g_one __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 12))) = Integer(1L); + const Integer g_two __attribute__ ((init_priority (CRYPTOPP_INIT_PRIORITY + 13))) = Integer(2L); #elif defined(HAVE_MSC_INIT_PRIORITY) #pragma warning(disable: 4075) #pragma init_seg(".CRT$XCU") const InitInteger s_init; -# if defined(USE_MSC_INIT_PRIORITY) const Integer g_zero(0L); const Integer g_one(1L); const Integer g_two(2L); -# endif #pragma warning(default: 4075) +#elif HAVE_XLC_INIT_PRIORITY + // XLC needs constant, not a define + #pragma priority(280) + const InitInteger s_init; + const Integer g_zero(0L); + const Integer g_one(1L); + const Integer g_two(2L); #else const InitInteger s_init; #endif @@ -4811,36 +4841,36 @@ public: const Integer &Integer::Zero() { -#if defined(CRYPTOPP_CXX11_DYNAMIC_INIT) - static Integer s_zero(0L); - return s_zero; -#elif defined(HAVE_MSC_INIT_PRIORITY) && defined(USE_MSC_INIT_PRIORITY) +#if defined(HAVE_GCC_INIT_PRIORITY) || defined(HAVE_MSC_INIT_PRIORITY) || defined(HAVE_XLC_INIT_PRIORITY) return g_zero; -#else +#elif defined(CRYPTOPP_CXX11_DYNAMIC_INIT) + static const Integer s_zero(0L); + return s_zero; +#else // Potential memory leak. Avoid if possible. return Singleton >().Ref(); #endif } const Integer &Integer::One() { -#if defined(CRYPTOPP_CXX11_DYNAMIC_INIT) - static Integer s_one(1L); - return s_one; -#elif defined(HAVE_MSC_INIT_PRIORITY) && defined(USE_MSC_INIT_PRIORITY) +#if defined(HAVE_GCC_INIT_PRIORITY) || defined(HAVE_MSC_INIT_PRIORITY) || defined(HAVE_XLC_INIT_PRIORITY) return g_one; -#else +#elif defined(CRYPTOPP_CXX11_DYNAMIC_INIT) + static const Integer s_one(1L); + return s_one; +#else // Potential memory leak. Avoid if possible. return Singleton >().Ref(); #endif } const Integer &Integer::Two() { -#if defined(CRYPTOPP_CXX11_DYNAMIC_INIT) - static Integer s_two(2L); - return s_two; -#elif defined(HAVE_MSC_INIT_PRIORITY) && defined(USE_MSC_INIT_PRIORITY) +#if defined(HAVE_GCC_INIT_PRIORITY) || defined(HAVE_MSC_INIT_PRIORITY) || defined(HAVE_XLC_INIT_PRIORITY) return g_two; -#else +#elif defined(CRYPTOPP_CXX11_DYNAMIC_INIT) + static const Integer s_two(2L); + return s_two; +#else // Potential memory leak. Avoid if possible. return Singleton >().Ref(); #endif } diff --git a/vendor/cryptopp/vendor_cryptopp/iterhash.cpp b/vendor/cryptopp/vendor_cryptopp/iterhash.cpp index bf287164..938a0fac 100644 --- a/vendor/cryptopp/vendor_cryptopp/iterhash.cpp +++ b/vendor/cryptopp/vendor_cryptopp/iterhash.cpp @@ -10,13 +10,16 @@ NAMESPACE_BEGIN(CryptoPP) -template void IteratedHashBase::Update(const byte *input, size_t len) +template void IteratedHashBase::Update(const byte *input, size_t length) { + CRYPTOPP_ASSERT(!(input == NULLPTR && length != 0)); + if (length == 0) { return; } + HashWordType oldCountLo = m_countLo, oldCountHi = m_countHi; - if ((m_countLo = oldCountLo + HashWordType(len)) < oldCountLo) + if ((m_countLo = oldCountLo + HashWordType(length)) < oldCountLo) m_countHi++; // carry from low to high - m_countHi += (HashWordType)SafeRightShift<8*sizeof(HashWordType)>(len); - if (m_countHi < oldCountHi || SafeRightShift<2*8*sizeof(HashWordType)>(len) != 0) + m_countHi += (HashWordType)SafeRightShift<8*sizeof(HashWordType)>(length); + if (m_countHi < oldCountHi || SafeRightShift<2*8*sizeof(HashWordType)>(length) != 0) throw HashInputTooLong(this->AlgorithmName()); const unsigned int blockSize = this->BlockSize(); @@ -24,53 +27,59 @@ template void IteratedHashBase::Update(const byte T* dataBuf = this->DataBuf(); byte* data = (byte *)dataBuf; - CRYPTOPP_ASSERT(dataBuf && data); if (num != 0) // process left over data { - if (num+len >= blockSize) + if (num+length >= blockSize) { - if (data && input) {memcpy(data+num, input, blockSize-num);} + if (input) + {std::memcpy(data+num, input, blockSize-num);} + HashBlock(dataBuf); input += (blockSize-num); - len -= (blockSize-num); + length -= (blockSize-num); num = 0; // drop through and do the rest } else { - if (data && input && len) {memcpy(data+num, input, len);} + if (input && length) + {std::memcpy(data+num, input, length);} return; } } // now process the input data in blocks of blockSize bytes and save the leftovers to m_data - if (len >= blockSize) + if (length >= blockSize) { if (input == data) { - CRYPTOPP_ASSERT(len == blockSize); + CRYPTOPP_ASSERT(length == blockSize); HashBlock(dataBuf); return; } else if (IsAligned(input)) { - size_t leftOver = HashMultipleBlocks((T *)(void*)input, len); - input += (len - leftOver); - len = leftOver; + size_t leftOver = HashMultipleBlocks((T *)(void*)input, length); + input += (length - leftOver); + length = leftOver; } else + { do { // copy input first if it's not aligned correctly - if (data && input) memcpy(data, input, blockSize); + if (input) + { std::memcpy(data, input, blockSize); } + HashBlock(dataBuf); input+=blockSize; - len-=blockSize; - } while (len >= blockSize); + length-=blockSize; + } while (length >= blockSize); + } } - if (data && input && len && data != input) - memcpy(data, input, len); + if (input && data != input) + std::memcpy(data, input, length); } template byte * IteratedHashBase::CreateUpdateSpace(size_t &size) @@ -83,17 +92,43 @@ template byte * IteratedHashBase::CreateUpdateSpa template size_t IteratedHashBase::HashMultipleBlocks(const T *input, size_t length) { - unsigned int blockSize = this->BlockSize(); + const unsigned int blockSize = this->BlockSize(); bool noReverse = NativeByteOrderIs(this->GetByteOrder()); T* dataBuf = this->DataBuf(); + + // Alignment checks due to http://github.com/weidai11/cryptopp/issues/690. + // Sparc requires 8-byte aligned buffer when HashWordType is word64. + // We also had to provide a GetAlignmentOf specialization for word64 on Sparc. + do { if (noReverse) - this->HashEndianCorrectedBlock(input); + { + if (IsAligned(input)) + { + // Sparc bus error with non-aligned input. + this->HashEndianCorrectedBlock(input); + } + else + { + std::memcpy(dataBuf, input, blockSize); + this->HashEndianCorrectedBlock(dataBuf); + } + } else { - ByteReverse(dataBuf, input, this->BlockSize()); - this->HashEndianCorrectedBlock(dataBuf); + if (IsAligned(input)) + { + // Sparc bus error with non-aligned input. + ByteReverse(dataBuf, input, blockSize); + this->HashEndianCorrectedBlock(dataBuf); + } + else + { + std::memcpy(dataBuf, input, blockSize); + ByteReverse(dataBuf, dataBuf, blockSize); + this->HashEndianCorrectedBlock(dataBuf); + } } input += blockSize/sizeof(T); @@ -109,6 +144,7 @@ template void IteratedHashBase::PadLastBlock(unsi unsigned int num = ModPowerOf2(m_countLo, blockSize); T* dataBuf = this->DataBuf(); byte* data = (byte *)dataBuf; + data[num++] = padFirst; if (num <= lastBlockSize) memset(data+num, 0, lastBlockSize-num); @@ -128,6 +164,7 @@ template void IteratedHashBase::Restart() template void IteratedHashBase::TruncatedFinal(byte *digest, size_t size) { + CRYPTOPP_ASSERT(digest != NULLPTR); this->ThrowIfInvalidTruncatedSize(size); T* dataBuf = this->DataBuf(); @@ -146,7 +183,7 @@ template void IteratedHashBase::TruncatedFinal(by else { ConditionalByteReverse(order, stateBuf, stateBuf, this->DigestSize()); - memcpy(digest, stateBuf, size); + std::memcpy(digest, stateBuf, size); } this->Restart(); // reinit for next use diff --git a/vendor/cryptopp/vendor_cryptopp/iterhash.h b/vendor/cryptopp/vendor_cryptopp/iterhash.h index dae50d43..edaa18e2 100644 --- a/vendor/cryptopp/vendor_cryptopp/iterhash.h +++ b/vendor/cryptopp/vendor_cryptopp/iterhash.h @@ -16,10 +16,6 @@ # endif #endif -// GCC cast warning -#define HashWordPtr(x) ((HashWordType*)(void*)(x)) -#define ConstHashWordPtr(x) ((const HashWordType*)(const void*)(x)) - NAMESPACE_BEGIN(CryptoPP) /// \brief Exception thrown when trying to hash more data than is allowed by a hash function @@ -41,6 +37,8 @@ class CRYPTOPP_NO_VTABLE IteratedHashBase : public BASE public: typedef T HashWordType; + virtual ~IteratedHashBase() {} + /// \brief Construct an IteratedHashBase IteratedHashBase() : m_countLo(0), m_countHi(0) {} @@ -82,9 +80,21 @@ public: /// The hash is restarted the hash for the next message. void TruncatedFinal(byte *digest, size_t digestSize); + /// \brief Retrieve the provider of this algorithm + /// \return the algorithm provider + /// \details The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI", + /// "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE, + /// usually indicate a specialized implementation using instructions from a higher + /// instruction set architecture (ISA). Future labels may include external hardware + /// like a hardware security module (HSM). + /// \note Provider is not universally implemented yet. + virtual std::string AlgorithmProvider() const { return "C++"; } + protected: - inline T GetBitCountHi() const {return (m_countLo >> (8*sizeof(T)-3)) + (m_countHi << 3);} - inline T GetBitCountLo() const {return m_countLo << 3;} + inline T GetBitCountHi() const + {return (m_countLo >> (8*sizeof(T)-3)) + (m_countHi << 3);} + inline T GetBitCountLo() const + {return m_countLo << 3;} void PadLastBlock(unsigned int lastBlockSize, byte padFirst=0x80); virtual void Init() =0; @@ -92,7 +102,8 @@ protected: virtual ByteOrder GetByteOrder() const =0; virtual void HashEndianCorrectedBlock(const HashWordType *data) =0; virtual size_t HashMultipleBlocks(const T *input, size_t length); - void HashBlock(const HashWordType *input) {HashMultipleBlocks(input, this->BlockSize());} + void HashBlock(const HashWordType *input) + {HashMultipleBlocks(input, this->BlockSize());} virtual T* DataBuf() =0; virtual T* StateBuf() =0; @@ -139,6 +150,11 @@ public: /// \details CorrectEndianess() calls ConditionalByteReverse() using T_Endianness. inline void CorrectEndianess(HashWordType *out, const HashWordType *in, size_t byteCount) { + CRYPTOPP_ASSERT(in != NULLPTR); + CRYPTOPP_ASSERT(out != NULLPTR); + CRYPTOPP_ASSERT(IsAligned(in)); + CRYPTOPP_ASSERT(IsAligned(out)); + ConditionalByteReverse(T_Endianness::ToEnum(), out, in, byteCount); } @@ -168,7 +184,7 @@ public: /// \brief Provides the digest size of the hash /// \return the digest size of the hash, in bytes /// \details DigestSize() returns DIGESTSIZE. - unsigned int DigestSize() const {return DIGESTSIZE;}; + unsigned int DigestSize() const {return DIGESTSIZE;} protected: IteratedHashWithStaticTransform() {this->Init();} diff --git a/vendor/cryptopp/vendor_cryptopp/kalyna.cpp b/vendor/cryptopp/vendor_cryptopp/kalyna.cpp index 18d6e2c0..6cff5cd0 100644 --- a/vendor/cryptopp/vendor_cryptopp/kalyna.cpp +++ b/vendor/cryptopp/vendor_cryptopp/kalyna.cpp @@ -43,7 +43,7 @@ using CryptoPP::KalynaTab::IS; template inline void MakeOddKey(const word64 evenkey[NB], word64 oddkey[NB]) { -#if defined(CRYPTOPP_BIG_ENDIAN) +#if (CRYPTOPP_BIG_ENDIAN) if (NB == 2) { oddkey[0] = (evenkey[1] << 8) | (evenkey[0] >> 56); diff --git a/vendor/cryptopp/vendor_cryptopp/kalyna.h b/vendor/cryptopp/vendor_cryptopp/kalyna.h index 0202ce8f..cf009eea 100644 --- a/vendor/cryptopp/vendor_cryptopp/kalyna.h +++ b/vendor/cryptopp/vendor_cryptopp/kalyna.h @@ -163,7 +163,7 @@ public: /// \brief Kalyna 512-bit block cipher /// \details Kalyna512 provides 512-bit block size. The valid key size is 512-bit. /// \since Crypto++ 6.0 -class Kalyna512 : Kalyna512_Info, public BlockCipherDocumentation +class Kalyna512 : public Kalyna512_Info, public BlockCipherDocumentation { public: class CRYPTOPP_NO_VTABLE Base : public Kalyna_Base, public BlockCipherImpl diff --git a/vendor/cryptopp/vendor_cryptopp/kalynatab.cpp b/vendor/cryptopp/vendor_cryptopp/kalynatab.cpp index 646643a0..d4ad171c 100644 --- a/vendor/cryptopp/vendor_cryptopp/kalynatab.cpp +++ b/vendor/cryptopp/vendor_cryptopp/kalynatab.cpp @@ -7,7 +7,11 @@ NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(KalynaTab) -CRYPTOPP_TABLE +extern const word64 T[8][256]; // Columns +extern const word64 IT[8][256]; // Inverse +extern const byte S[4][256]; // Substitution +extern const byte IS[4][256]; // Inverse + const word64 T[8][256] = { { @@ -540,7 +544,6 @@ const word64 T[8][256] = } }; -CRYPTOPP_TABLE const word64 IT[8][256] = { { @@ -1073,7 +1076,6 @@ const word64 IT[8][256] = } }; -CRYPTOPP_TABLE const byte S[4][256] = { { @@ -1150,7 +1152,6 @@ const byte S[4][256] = } }; -CRYPTOPP_TABLE const byte IS[4][256] = { { diff --git a/vendor/cryptopp/vendor_cryptopp/keccak.cpp b/vendor/cryptopp/vendor_cryptopp/keccak.cpp index cc1771cf..2cfff8fd 100644 --- a/vendor/cryptopp/vendor_cryptopp/keccak.cpp +++ b/vendor/cryptopp/vendor_cryptopp/keccak.cpp @@ -1,13 +1,16 @@ -// keccak.cpp - modified by Wei Dai from Ronny Van Keer's public domain sha3-simple.c -// all modifications here are placed in the public domain by Wei Dai +// keccak.cpp - modified by Wei Dai from Ronny Van Keer's public domain +// sha3-simple.c. All modifications here are placed in the +// public domain by Wei Dai. +// Keccack core function moved to keccakc.cpp in AUG 2018 +// by Jeffrey Walton. Separating the core file allows both +// SHA3 and Keccack to share the core implementation. /* The Keccak sponge function, designed by Guido Bertoni, Joan Daemen, Michael Peeters and Gilles Van Assche. For more information, feedback or questions, please refer to our website: http://keccak.noekeon.org/ -Implementation by Ronny Van Keer, -hereby denoted as "the implementer". +Implementation by Ronny Van Keer, hereby denoted as "the implementer". To the extent possible under law, the implementer has waived all copyright and related or neighboring rights to the source code in this file. @@ -16,243 +19,14 @@ http://creativecommons.org/publicdomain/zero/1.0/ #include "pch.h" #include "keccak.h" +#include "keccakc.h" NAMESPACE_BEGIN(CryptoPP) -static const word64 KeccakF_RoundConstants[24] = -{ - W64LIT(0x0000000000000001), W64LIT(0x0000000000008082), W64LIT(0x800000000000808a), - W64LIT(0x8000000080008000), W64LIT(0x000000000000808b), W64LIT(0x0000000080000001), - W64LIT(0x8000000080008081), W64LIT(0x8000000000008009), W64LIT(0x000000000000008a), - W64LIT(0x0000000000000088), W64LIT(0x0000000080008009), W64LIT(0x000000008000000a), - W64LIT(0x000000008000808b), W64LIT(0x800000000000008b), W64LIT(0x8000000000008089), - W64LIT(0x8000000000008003), W64LIT(0x8000000000008002), W64LIT(0x8000000000000080), - W64LIT(0x000000000000800a), W64LIT(0x800000008000000a), W64LIT(0x8000000080008081), - W64LIT(0x8000000000008080), W64LIT(0x0000000080000001), W64LIT(0x8000000080008008) -}; - -static void KeccakF1600(word64 *state) -{ - { - word64 Aba, Abe, Abi, Abo, Abu; - word64 Aga, Age, Agi, Ago, Agu; - word64 Aka, Ake, Aki, Ako, Aku; - word64 Ama, Ame, Ami, Amo, Amu; - word64 Asa, Ase, Asi, Aso, Asu; - word64 BCa, BCe, BCi, BCo, BCu; - word64 Da, De, Di, Do, Du; - word64 Eba, Ebe, Ebi, Ebo, Ebu; - word64 Ega, Ege, Egi, Ego, Egu; - word64 Eka, Eke, Eki, Eko, Eku; - word64 Ema, Eme, Emi, Emo, Emu; - word64 Esa, Ese, Esi, Eso, Esu; - - //copyFromState(A, state) - typedef BlockGetAndPut Block; - Block::Get(state)(Aba)(Abe)(Abi)(Abo)(Abu)(Aga)(Age)(Agi)(Ago)(Agu)(Aka)(Ake)(Aki)(Ako)(Aku)(Ama)(Ame)(Ami)(Amo)(Amu)(Asa)(Ase)(Asi)(Aso)(Asu); - - for( unsigned int round = 0; round < 24; round += 2 ) - { - // prepareTheta - BCa = Aba^Aga^Aka^Ama^Asa; - BCe = Abe^Age^Ake^Ame^Ase; - BCi = Abi^Agi^Aki^Ami^Asi; - BCo = Abo^Ago^Ako^Amo^Aso; - BCu = Abu^Agu^Aku^Amu^Asu; - - //thetaRhoPiChiIotaPrepareTheta(round , A, E) - Da = BCu^rotlConstant<1>(BCe); - De = BCa^rotlConstant<1>(BCi); - Di = BCe^rotlConstant<1>(BCo); - Do = BCi^rotlConstant<1>(BCu); - Du = BCo^rotlConstant<1>(BCa); - - Aba ^= Da; - BCa = Aba; - Age ^= De; - BCe = rotlConstant<44>(Age); - Aki ^= Di; - BCi = rotlConstant<43>(Aki); - Amo ^= Do; - BCo = rotlConstant<21>(Amo); - Asu ^= Du; - BCu = rotlConstant<14>(Asu); - Eba = BCa ^((~BCe)& BCi ); - Eba ^= (word64)KeccakF_RoundConstants[round]; - Ebe = BCe ^((~BCi)& BCo ); - Ebi = BCi ^((~BCo)& BCu ); - Ebo = BCo ^((~BCu)& BCa ); - Ebu = BCu ^((~BCa)& BCe ); - - Abo ^= Do; - BCa = rotlConstant<28>(Abo); - Agu ^= Du; - BCe = rotlConstant<20>(Agu); - Aka ^= Da; - BCi = rotlConstant<3>(Aka); - Ame ^= De; - BCo = rotlConstant<45>(Ame); - Asi ^= Di; - BCu = rotlConstant<61>(Asi); - Ega = BCa ^((~BCe)& BCi ); - Ege = BCe ^((~BCi)& BCo ); - Egi = BCi ^((~BCo)& BCu ); - Ego = BCo ^((~BCu)& BCa ); - Egu = BCu ^((~BCa)& BCe ); - - Abe ^= De; - BCa = rotlConstant<1>(Abe); - Agi ^= Di; - BCe = rotlConstant<6>(Agi); - Ako ^= Do; - BCi = rotlConstant<25>(Ako); - Amu ^= Du; - BCo = rotlConstant<8>(Amu); - Asa ^= Da; - BCu = rotlConstant<18>(Asa); - Eka = BCa ^((~BCe)& BCi ); - Eke = BCe ^((~BCi)& BCo ); - Eki = BCi ^((~BCo)& BCu ); - Eko = BCo ^((~BCu)& BCa ); - Eku = BCu ^((~BCa)& BCe ); - - Abu ^= Du; - BCa = rotlConstant<27>(Abu); - Aga ^= Da; - BCe = rotlConstant<36>(Aga); - Ake ^= De; - BCi = rotlConstant<10>(Ake); - Ami ^= Di; - BCo = rotlConstant<15>(Ami); - Aso ^= Do; - BCu = rotlConstant<56>(Aso); - Ema = BCa ^((~BCe)& BCi ); - Eme = BCe ^((~BCi)& BCo ); - Emi = BCi ^((~BCo)& BCu ); - Emo = BCo ^((~BCu)& BCa ); - Emu = BCu ^((~BCa)& BCe ); - - Abi ^= Di; - BCa = rotlConstant<62>(Abi); - Ago ^= Do; - BCe = rotlConstant<55>(Ago); - Aku ^= Du; - BCi = rotlConstant<39>(Aku); - Ama ^= Da; - BCo = rotlConstant<41>(Ama); - Ase ^= De; - BCu = rotlConstant<2>(Ase); - Esa = BCa ^((~BCe)& BCi ); - Ese = BCe ^((~BCi)& BCo ); - Esi = BCi ^((~BCo)& BCu ); - Eso = BCo ^((~BCu)& BCa ); - Esu = BCu ^((~BCa)& BCe ); - - // prepareTheta - BCa = Eba^Ega^Eka^Ema^Esa; - BCe = Ebe^Ege^Eke^Eme^Ese; - BCi = Ebi^Egi^Eki^Emi^Esi; - BCo = Ebo^Ego^Eko^Emo^Eso; - BCu = Ebu^Egu^Eku^Emu^Esu; - - //thetaRhoPiChiIotaPrepareTheta(round+1, E, A) - Da = BCu^rotlConstant<1>(BCe); - De = BCa^rotlConstant<1>(BCi); - Di = BCe^rotlConstant<1>(BCo); - Do = BCi^rotlConstant<1>(BCu); - Du = BCo^rotlConstant<1>(BCa); - - Eba ^= Da; - BCa = Eba; - Ege ^= De; - BCe = rotlConstant<44>(Ege); - Eki ^= Di; - BCi = rotlConstant<43>(Eki); - Emo ^= Do; - BCo = rotlConstant<21>(Emo); - Esu ^= Du; - BCu = rotlConstant<14>(Esu); - Aba = BCa ^((~BCe)& BCi ); - Aba ^= (word64)KeccakF_RoundConstants[round+1]; - Abe = BCe ^((~BCi)& BCo ); - Abi = BCi ^((~BCo)& BCu ); - Abo = BCo ^((~BCu)& BCa ); - Abu = BCu ^((~BCa)& BCe ); - - Ebo ^= Do; - BCa = rotlConstant<28>(Ebo); - Egu ^= Du; - BCe = rotlConstant<20>(Egu); - Eka ^= Da; - BCi = rotlConstant<3>(Eka); - Eme ^= De; - BCo = rotlConstant<45>(Eme); - Esi ^= Di; - BCu = rotlConstant<61>(Esi); - Aga = BCa ^((~BCe)& BCi ); - Age = BCe ^((~BCi)& BCo ); - Agi = BCi ^((~BCo)& BCu ); - Ago = BCo ^((~BCu)& BCa ); - Agu = BCu ^((~BCa)& BCe ); - - Ebe ^= De; - BCa = rotlConstant<1>(Ebe); - Egi ^= Di; - BCe = rotlConstant<6>(Egi); - Eko ^= Do; - BCi = rotlConstant<25>(Eko); - Emu ^= Du; - BCo = rotlConstant<8>(Emu); - Esa ^= Da; - BCu = rotlConstant<18>(Esa); - Aka = BCa ^((~BCe)& BCi ); - Ake = BCe ^((~BCi)& BCo ); - Aki = BCi ^((~BCo)& BCu ); - Ako = BCo ^((~BCu)& BCa ); - Aku = BCu ^((~BCa)& BCe ); - - Ebu ^= Du; - BCa = rotlConstant<27>(Ebu); - Ega ^= Da; - BCe = rotlConstant<36>(Ega); - Eke ^= De; - BCi = rotlConstant<10>(Eke); - Emi ^= Di; - BCo = rotlConstant<15>(Emi); - Eso ^= Do; - BCu = rotlConstant<56>(Eso); - Ama = BCa ^((~BCe)& BCi ); - Ame = BCe ^((~BCi)& BCo ); - Ami = BCi ^((~BCo)& BCu ); - Amo = BCo ^((~BCu)& BCa ); - Amu = BCu ^((~BCa)& BCe ); - - Ebi ^= Di; - BCa = rotlConstant<62>(Ebi); - Ego ^= Do; - BCe = rotlConstant<55>(Ego); - Eku ^= Du; - BCi = rotlConstant<39>(Eku); - Ema ^= Da; - BCo = rotlConstant<41>(Ema); - Ese ^= De; - BCu = rotlConstant<2>(Ese); - Asa = BCa ^((~BCe)& BCi ); - Ase = BCe ^((~BCi)& BCo ); - Asi = BCi ^((~BCo)& BCu ); - Aso = BCo ^((~BCu)& BCa ); - Asu = BCu ^((~BCa)& BCe ); - } - - //copyToState(state, A) - Block::Put(NULLPTR, state)(Aba)(Abe)(Abi)(Abo)(Abu)(Aga)(Age)(Agi)(Ago)(Agu)(Aka)(Ake)(Aki)(Ako)(Aku)(Ama)(Ame)(Ami)(Amo)(Amu)(Asa)(Ase)(Asi)(Aso)(Asu); - } -} - void Keccak::Update(const byte *input, size_t length) { - CRYPTOPP_ASSERT((input && length) || !(input || length)); - if (!length) { return; } + CRYPTOPP_ASSERT(!(input == NULLPTR && length != 0)); + if (length == 0) { return; } size_t spaceLeft; while (length >= (spaceLeft = r() - m_counter)) @@ -278,6 +52,7 @@ void Keccak::Restart() void Keccak::TruncatedFinal(byte *hash, size_t size) { + CRYPTOPP_ASSERT(hash != NULLPTR); ThrowIfInvalidTruncatedSize(size); m_state.BytePtr()[m_counter] ^= 1; diff --git a/vendor/cryptopp/vendor_cryptopp/keccakc.cpp b/vendor/cryptopp/vendor_cryptopp/keccakc.cpp new file mode 100644 index 00000000..7dd8e729 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/keccakc.cpp @@ -0,0 +1,258 @@ +// keccakc.cpp - Keccak core functions shared between SHA3 and Keccak. +// written and placed in the public domain by JW. + +/* +The Keccak sponge function, designed by Guido Bertoni, Joan Daemen, +Michael Peeters and Gilles Van Assche. For more information, feedback or +questions, please refer to our website: http://keccak.noekeon.org/ + +Implementation by Ronny Van Keer, hereby denoted as "the implementer". + +To the extent possible under law, the implementer has waived all copyright +and related or neighboring rights to the source code in this file. +http://creativecommons.org/publicdomain/zero/1.0/ +*/ + +#include "pch.h" +#include "keccak.h" +#include "keccakc.h" + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::word64; + +const word64 KeccakF_RoundConstants[24] = +{ + W64LIT(0x0000000000000001), W64LIT(0x0000000000008082), W64LIT(0x800000000000808a), + W64LIT(0x8000000080008000), W64LIT(0x000000000000808b), W64LIT(0x0000000080000001), + W64LIT(0x8000000080008081), W64LIT(0x8000000000008009), W64LIT(0x000000000000008a), + W64LIT(0x0000000000000088), W64LIT(0x0000000080008009), W64LIT(0x000000008000000a), + W64LIT(0x000000008000808b), W64LIT(0x800000000000008b), W64LIT(0x8000000000008089), + W64LIT(0x8000000000008003), W64LIT(0x8000000000008002), W64LIT(0x8000000000000080), + W64LIT(0x000000000000800a), W64LIT(0x800000008000000a), W64LIT(0x8000000080008081), + W64LIT(0x8000000000008080), W64LIT(0x0000000080000001), W64LIT(0x8000000080008008) +}; + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +void KeccakF1600(word64 *state) +{ + { + word64 Aba, Abe, Abi, Abo, Abu; + word64 Aga, Age, Agi, Ago, Agu; + word64 Aka, Ake, Aki, Ako, Aku; + word64 Ama, Ame, Ami, Amo, Amu; + word64 Asa, Ase, Asi, Aso, Asu; + word64 BCa, BCe, BCi, BCo, BCu; + word64 Da, De, Di, Do, Du; + word64 Eba, Ebe, Ebi, Ebo, Ebu; + word64 Ega, Ege, Egi, Ego, Egu; + word64 Eka, Eke, Eki, Eko, Eku; + word64 Ema, Eme, Emi, Emo, Emu; + word64 Esa, Ese, Esi, Eso, Esu; + + //copyFromState(A, state) + typedef BlockGetAndPut Block; + Block::Get(state)(Aba)(Abe)(Abi)(Abo)(Abu)(Aga)(Age)(Agi)(Ago)(Agu)(Aka)(Ake)(Aki)(Ako)(Aku)(Ama)(Ame)(Ami)(Amo)(Amu)(Asa)(Ase)(Asi)(Aso)(Asu); + + for( unsigned int round = 0; round < 24; round += 2 ) + { + // prepareTheta + BCa = Aba^Aga^Aka^Ama^Asa; + BCe = Abe^Age^Ake^Ame^Ase; + BCi = Abi^Agi^Aki^Ami^Asi; + BCo = Abo^Ago^Ako^Amo^Aso; + BCu = Abu^Agu^Aku^Amu^Asu; + + //thetaRhoPiChiIotaPrepareTheta(round , A, E) + Da = BCu^rotlConstant<1>(BCe); + De = BCa^rotlConstant<1>(BCi); + Di = BCe^rotlConstant<1>(BCo); + Do = BCi^rotlConstant<1>(BCu); + Du = BCo^rotlConstant<1>(BCa); + + Aba ^= Da; + BCa = Aba; + Age ^= De; + BCe = rotlConstant<44>(Age); + Aki ^= Di; + BCi = rotlConstant<43>(Aki); + Amo ^= Do; + BCo = rotlConstant<21>(Amo); + Asu ^= Du; + BCu = rotlConstant<14>(Asu); + Eba = BCa ^((~BCe)& BCi ); + Eba ^= (word64)KeccakF_RoundConstants[round]; + Ebe = BCe ^((~BCi)& BCo ); + Ebi = BCi ^((~BCo)& BCu ); + Ebo = BCo ^((~BCu)& BCa ); + Ebu = BCu ^((~BCa)& BCe ); + + Abo ^= Do; + BCa = rotlConstant<28>(Abo); + Agu ^= Du; + BCe = rotlConstant<20>(Agu); + Aka ^= Da; + BCi = rotlConstant<3>(Aka); + Ame ^= De; + BCo = rotlConstant<45>(Ame); + Asi ^= Di; + BCu = rotlConstant<61>(Asi); + Ega = BCa ^((~BCe)& BCi ); + Ege = BCe ^((~BCi)& BCo ); + Egi = BCi ^((~BCo)& BCu ); + Ego = BCo ^((~BCu)& BCa ); + Egu = BCu ^((~BCa)& BCe ); + + Abe ^= De; + BCa = rotlConstant<1>(Abe); + Agi ^= Di; + BCe = rotlConstant<6>(Agi); + Ako ^= Do; + BCi = rotlConstant<25>(Ako); + Amu ^= Du; + BCo = rotlConstant<8>(Amu); + Asa ^= Da; + BCu = rotlConstant<18>(Asa); + Eka = BCa ^((~BCe)& BCi ); + Eke = BCe ^((~BCi)& BCo ); + Eki = BCi ^((~BCo)& BCu ); + Eko = BCo ^((~BCu)& BCa ); + Eku = BCu ^((~BCa)& BCe ); + + Abu ^= Du; + BCa = rotlConstant<27>(Abu); + Aga ^= Da; + BCe = rotlConstant<36>(Aga); + Ake ^= De; + BCi = rotlConstant<10>(Ake); + Ami ^= Di; + BCo = rotlConstant<15>(Ami); + Aso ^= Do; + BCu = rotlConstant<56>(Aso); + Ema = BCa ^((~BCe)& BCi ); + Eme = BCe ^((~BCi)& BCo ); + Emi = BCi ^((~BCo)& BCu ); + Emo = BCo ^((~BCu)& BCa ); + Emu = BCu ^((~BCa)& BCe ); + + Abi ^= Di; + BCa = rotlConstant<62>(Abi); + Ago ^= Do; + BCe = rotlConstant<55>(Ago); + Aku ^= Du; + BCi = rotlConstant<39>(Aku); + Ama ^= Da; + BCo = rotlConstant<41>(Ama); + Ase ^= De; + BCu = rotlConstant<2>(Ase); + Esa = BCa ^((~BCe)& BCi ); + Ese = BCe ^((~BCi)& BCo ); + Esi = BCi ^((~BCo)& BCu ); + Eso = BCo ^((~BCu)& BCa ); + Esu = BCu ^((~BCa)& BCe ); + + // prepareTheta + BCa = Eba^Ega^Eka^Ema^Esa; + BCe = Ebe^Ege^Eke^Eme^Ese; + BCi = Ebi^Egi^Eki^Emi^Esi; + BCo = Ebo^Ego^Eko^Emo^Eso; + BCu = Ebu^Egu^Eku^Emu^Esu; + + //thetaRhoPiChiIotaPrepareTheta(round+1, E, A) + Da = BCu^rotlConstant<1>(BCe); + De = BCa^rotlConstant<1>(BCi); + Di = BCe^rotlConstant<1>(BCo); + Do = BCi^rotlConstant<1>(BCu); + Du = BCo^rotlConstant<1>(BCa); + + Eba ^= Da; + BCa = Eba; + Ege ^= De; + BCe = rotlConstant<44>(Ege); + Eki ^= Di; + BCi = rotlConstant<43>(Eki); + Emo ^= Do; + BCo = rotlConstant<21>(Emo); + Esu ^= Du; + BCu = rotlConstant<14>(Esu); + Aba = BCa ^((~BCe)& BCi ); + Aba ^= (word64)KeccakF_RoundConstants[round+1]; + Abe = BCe ^((~BCi)& BCo ); + Abi = BCi ^((~BCo)& BCu ); + Abo = BCo ^((~BCu)& BCa ); + Abu = BCu ^((~BCa)& BCe ); + + Ebo ^= Do; + BCa = rotlConstant<28>(Ebo); + Egu ^= Du; + BCe = rotlConstant<20>(Egu); + Eka ^= Da; + BCi = rotlConstant<3>(Eka); + Eme ^= De; + BCo = rotlConstant<45>(Eme); + Esi ^= Di; + BCu = rotlConstant<61>(Esi); + Aga = BCa ^((~BCe)& BCi ); + Age = BCe ^((~BCi)& BCo ); + Agi = BCi ^((~BCo)& BCu ); + Ago = BCo ^((~BCu)& BCa ); + Agu = BCu ^((~BCa)& BCe ); + + Ebe ^= De; + BCa = rotlConstant<1>(Ebe); + Egi ^= Di; + BCe = rotlConstant<6>(Egi); + Eko ^= Do; + BCi = rotlConstant<25>(Eko); + Emu ^= Du; + BCo = rotlConstant<8>(Emu); + Esa ^= Da; + BCu = rotlConstant<18>(Esa); + Aka = BCa ^((~BCe)& BCi ); + Ake = BCe ^((~BCi)& BCo ); + Aki = BCi ^((~BCo)& BCu ); + Ako = BCo ^((~BCu)& BCa ); + Aku = BCu ^((~BCa)& BCe ); + + Ebu ^= Du; + BCa = rotlConstant<27>(Ebu); + Ega ^= Da; + BCe = rotlConstant<36>(Ega); + Eke ^= De; + BCi = rotlConstant<10>(Eke); + Emi ^= Di; + BCo = rotlConstant<15>(Emi); + Eso ^= Do; + BCu = rotlConstant<56>(Eso); + Ama = BCa ^((~BCe)& BCi ); + Ame = BCe ^((~BCi)& BCo ); + Ami = BCi ^((~BCo)& BCu ); + Amo = BCo ^((~BCu)& BCa ); + Amu = BCu ^((~BCa)& BCe ); + + Ebi ^= Di; + BCa = rotlConstant<62>(Ebi); + Ego ^= Do; + BCe = rotlConstant<55>(Ego); + Eku ^= Du; + BCi = rotlConstant<39>(Eku); + Ema ^= Da; + BCo = rotlConstant<41>(Ema); + Ese ^= De; + BCu = rotlConstant<2>(Ese); + Asa = BCa ^((~BCe)& BCi ); + Ase = BCe ^((~BCi)& BCo ); + Asi = BCi ^((~BCo)& BCu ); + Aso = BCo ^((~BCu)& BCa ); + Asu = BCu ^((~BCa)& BCe ); + } + + //copyToState(state, A) + Block::Put(NULLPTR, state)(Aba)(Abe)(Abi)(Abo)(Abu)(Aga)(Age)(Agi)(Ago)(Agu)(Aka)(Ake)(Aki)(Ako)(Aku)(Ama)(Ame)(Ami)(Amo)(Amu)(Asa)(Ase)(Asi)(Aso)(Asu); + } +} + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/keccakc.h b/vendor/cryptopp/vendor_cryptopp/keccakc.h new file mode 100644 index 00000000..ed186593 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/keccakc.h @@ -0,0 +1,13 @@ +// keccakc.h - Keccak core functions shared between SHA3 and Keccak. +// written and placed in the public domain by JW. + +#ifndef CRYPTOPP_KECCAK_CORE +#define CRYPTOPP_KECCAK_CORE + +NAMESPACE_BEGIN(CryptoPP) + +void KeccakF1600(word64 *state); + +NAMESPACE_END + +#endif // CRYPTOPP_KECCAK_CORE diff --git a/vendor/cryptopp/vendor_cryptopp/lea.cpp b/vendor/cryptopp/vendor_cryptopp/lea.cpp new file mode 100644 index 00000000..4440189f --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/lea.cpp @@ -0,0 +1,899 @@ +// lea.cpp - written and placed in the public domain by Kim Sung Hee and Jeffrey Walton +// Based on "LEA: A 128-Bit Block Cipher for Fast Encryption on Common +// Processors" by Deukjo Hong, Jung-Keun Lee, Dong-Chan Kim, Daesung Kwon, +// Kwon Ho Ryu, and Dong-Geon Lee. +// +// This implementation is based on source files found in a zip file at the +// Korea Internet and Security Agency (https://www.kisa.or.kr/eng/main.jsp). +// The zip files was downloaded from the Korean language area of the site so we +// don't have a url or english zip filename to cite. The source filename from +// the zip is lea_core.c. +// +// The LEA team appears to have applied optimizations to functions in lea_core.c. +// The implementation does not exactly follow the aglorithmic description from +// the LEA paper. + +#include "pch.h" +#include "config.h" + +#include "lea.h" +#include "misc.h" +#include "cpu.h" + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::word32; +using CryptoPP::rotlConstant; + +ANONYMOUS_NAMESPACE_END + +const word32 delta[8][36] = { + {0xc3efe9db, 0x87dfd3b7, 0x0fbfa76f, 0x1f7f4ede, 0x3efe9dbc, 0x7dfd3b78, 0xfbfa76f0, 0xf7f4ede1, + 0xefe9dbc3, 0xdfd3b787, 0xbfa76f0f, 0x7f4ede1f, 0xfe9dbc3e, 0xfd3b787d, 0xfa76f0fb, 0xf4ede1f7, + 0xe9dbc3ef, 0xd3b787df, 0xa76f0fbf, 0x4ede1f7f, 0x9dbc3efe, 0x3b787dfd, 0x76f0fbfa, 0xede1f7f4, + 0xdbc3efe9, 0xb787dfd3, 0x6f0fbfa7, 0xde1f7f4e, 0xbc3efe9d, 0x787dfd3b, 0xf0fbfa76, 0xe1f7f4eD, + 0xc3efe9db, 0x87dfd3b7, 0x0fbfa76f, 0x1f7f4ede}, + {0x44626b02, 0x88c4d604, 0x1189ac09, 0x23135812, 0x4626b024, 0x8c4d6048, 0x189ac091, 0x31358122, + 0x626b0244, 0xc4d60488, 0x89ac0911, 0x13581223, 0x26b02446, 0x4d60488c, 0x9ac09118, 0x35812231, + 0x6b024462, 0xd60488c4, 0xac091189, 0x58122313, 0xb0244626, 0x60488c4d, 0xc091189a, 0x81223135, + 0x0244626b, 0x0488c4d6, 0x091189ac, 0x12231358, 0x244626b0, 0x488c4d60, 0x91189ac0, 0x22313581, + 0x44626b02, 0x88c4d604, 0x1189ac09, 0x23135812}, + {0x79e27c8a, 0xf3c4f914, 0xe789f229, 0xcf13e453, 0x9e27c8a7, 0x3c4f914f, 0x789f229e, 0xf13e453c, + 0xe27c8a79, 0xc4f914f3, 0x89f229e7, 0x13e453cf, 0x27c8a79e, 0x4f914f3c, 0x9f229e78, 0x3e453cf1, + 0x7c8a79e2, 0xf914f3c4, 0xf229e789, 0xe453cf13, 0xc8a79e27, 0x914f3c4f, 0x229e789f, 0x453cf13e, + 0x8a79e27c, 0x14f3c4f9, 0x29e789f2, 0x53cf13e4, 0xa79e27c8, 0x4f3c4f91, 0x9e789f22, 0x3cf13e45, + 0x79e27c8a, 0xf3c4f914, 0xe789f229, 0xcf13e453}, + {0x78df30ec, 0xf1be61d8, 0xe37cc3b1, 0xc6f98763, 0x8df30ec7, 0x1be61d8f, 0x37cc3b1e, 0x6f98763c, + 0xdf30ec78, 0xbe61d8f1, 0x7cc3b1e3, 0xf98763c6, 0xf30ec78d, 0xe61d8f1b, 0xcc3b1e37, 0x98763c6f, + 0x30ec78df, 0x61d8f1be, 0xc3b1e37c, 0x8763c6f9, 0x0ec78df3, 0x1d8f1be6, 0x3b1e37cc, 0x763c6f98, + 0xec78df30, 0xd8f1be61, 0xb1e37cc3, 0x63c6f987, 0xc78df30e, 0x8f1be61d, 0x1e37cc3b, 0x3c6f9876, + 0x78df30ec, 0xf1be61d8, 0xe37cc3b1, 0xc6f98763}, + {0x715ea49e, 0xe2bd493c, 0xc57a9279, 0x8af524f3, 0x15ea49e7, 0x2bd493ce, 0x57a9279c, 0xaf524f38, + 0x5ea49e71, 0xbd493ce2, 0x7a9279c5, 0xf524f38a, 0xea49e715, 0xd493ce2b, 0xa9279c57, 0x524f38af, + 0xa49e715e, 0x493ce2bd, 0x9279c57a, 0x24f38af5, 0x49e715ea, 0x93ce2bd4, 0x279c57a9, 0x4f38af52, + 0x9e715ea4, 0x3ce2bd49, 0x79c57a92, 0xf38af524, 0xe715ea49, 0xce2bd493, 0x9c57a927, 0x38af524f, + 0x715ea49e, 0xe2bd493c, 0xc57a9279, 0x8af524f3}, + {0xc785da0a, 0x8f0bb415, 0x1e17682b, 0x3c2ed056, 0x785da0ac, 0xf0bb4158, 0xe17682b1, 0xc2ed0563, + 0x85da0ac7, 0x0bb4158f, 0x17682b1e, 0x2ed0563c, 0x5da0ac78, 0xbb4158f0, 0x7682b1e1, 0xed0563c2, + 0xda0ac785, 0xb4158f0b, 0x682b1e17, 0xd0563c2e, 0xa0ac785d, 0x4158f0bb, 0x82b1e176, 0x0563c2ed, + 0x0ac785da, 0x158f0bb4, 0x2b1e1768, 0x563c2ed0, 0xac785da0, 0x58f0bb41, 0xb1e17682, 0x63c2ed05, + 0xc785da0a, 0x8f0bb415, 0x1e17682b, 0x3c2ed056}, + {0xe04ef22a, 0xc09de455, 0x813bc8ab, 0x02779157, 0x04ef22ae, 0x09de455c, 0x13bc8ab8, 0x27791570, + 0x4ef22ae0, 0x9de455c0, 0x3bc8ab81, 0x77915702, 0xef22ae04, 0xde455c09, 0xbc8ab813, 0x79157027, + 0xf22ae04e, 0xe455c09d, 0xc8ab813b, 0x91570277, 0x22ae04ef, 0x455c09de, 0x8ab813bc, 0x15702779, + 0x2ae04ef2, 0x55c09de4, 0xab813bc8, 0x57027791, 0xae04ef22, 0x5c09de45, 0xb813bc8a, 0x70277915, + 0xe04ef22a, 0xc09de455, 0x813bc8ab, 0x02779157}, + {0xe5c40957, 0xcb8812af, 0x9710255f, 0x2e204abf, 0x5c40957e, 0xb8812afc, 0x710255f9, 0xe204abf2, + 0xc40957e5, 0x8812afcb, 0x10255f97, 0x204abf2e, 0x40957e5c, 0x812afcb8, 0x0255f971, 0x04abf2e2, + 0x0957e5c4, 0x12afcb88, 0x255f9710, 0x4abf2e20, 0x957e5c40, 0x2afcb881, 0x55f97102, 0xabf2e204, + 0x57e5c409, 0xafcb8812, 0x5f971025, 0xbf2e204a, 0x7e5c4095, 0xfcb8812a, 0xf9710255, 0xf2e204ab, + 0xe5c40957, 0xcb8812af, 0x9710255f, 0x2e204abf} +}; + +inline void SetKey128(word32 rkey[144], const word32 key[4]) +{ + rkey[ 0] = rotlConstant<1>( key[ 0] + delta[0][ 0]); + rkey[ 6] = rotlConstant<1>(rkey[ 0] + delta[1][ 1]); + rkey[ 12] = rotlConstant<1>(rkey[ 6] + delta[2][ 2]); + rkey[ 18] = rotlConstant<1>(rkey[ 12] + delta[3][ 3]); + rkey[ 24] = rotlConstant<1>(rkey[ 18] + delta[0][ 4]); + rkey[ 30] = rotlConstant<1>(rkey[ 24] + delta[1][ 5]); + rkey[ 36] = rotlConstant<1>(rkey[ 30] + delta[2][ 6]); + rkey[ 42] = rotlConstant<1>(rkey[ 36] + delta[3][ 7]); + rkey[ 48] = rotlConstant<1>(rkey[ 42] + delta[0][ 8]); + rkey[ 54] = rotlConstant<1>(rkey[ 48] + delta[1][ 9]); + rkey[ 60] = rotlConstant<1>(rkey[ 54] + delta[2][10]); + rkey[ 66] = rotlConstant<1>(rkey[ 60] + delta[3][11]); + rkey[ 72] = rotlConstant<1>(rkey[ 66] + delta[0][12]); + rkey[ 78] = rotlConstant<1>(rkey[ 72] + delta[1][13]); + rkey[ 84] = rotlConstant<1>(rkey[ 78] + delta[2][14]); + rkey[ 90] = rotlConstant<1>(rkey[ 84] + delta[3][15]); + rkey[ 96] = rotlConstant<1>(rkey[ 90] + delta[0][16]); + rkey[102] = rotlConstant<1>(rkey[ 96] + delta[1][17]); + rkey[108] = rotlConstant<1>(rkey[102] + delta[2][18]); + rkey[114] = rotlConstant<1>(rkey[108] + delta[3][19]); + rkey[120] = rotlConstant<1>(rkey[114] + delta[0][20]); + rkey[126] = rotlConstant<1>(rkey[120] + delta[1][21]); + rkey[132] = rotlConstant<1>(rkey[126] + delta[2][22]); + rkey[138] = rotlConstant<1>(rkey[132] + delta[3][23]); + + rkey[ 1] = rkey[ 3] = rkey[ 5] = rotlConstant<3>( key[ 1] + delta[0][ 1]); + rkey[ 7] = rkey[ 9] = rkey[ 11] = rotlConstant<3>(rkey[ 1] + delta[1][ 2]); + rkey[ 13] = rkey[ 15] = rkey[ 17] = rotlConstant<3>(rkey[ 7] + delta[2][ 3]); + rkey[ 19] = rkey[ 21] = rkey[ 23] = rotlConstant<3>(rkey[ 13] + delta[3][ 4]); + rkey[ 25] = rkey[ 27] = rkey[ 29] = rotlConstant<3>(rkey[ 19] + delta[0][ 5]); + rkey[ 31] = rkey[ 33] = rkey[ 35] = rotlConstant<3>(rkey[ 25] + delta[1][ 6]); + rkey[ 37] = rkey[ 39] = rkey[ 41] = rotlConstant<3>(rkey[ 31] + delta[2][ 7]); + rkey[ 43] = rkey[ 45] = rkey[ 47] = rotlConstant<3>(rkey[ 37] + delta[3][ 8]); + rkey[ 49] = rkey[ 51] = rkey[ 53] = rotlConstant<3>(rkey[ 43] + delta[0][ 9]); + rkey[ 55] = rkey[ 57] = rkey[ 59] = rotlConstant<3>(rkey[ 49] + delta[1][10]); + rkey[ 61] = rkey[ 63] = rkey[ 65] = rotlConstant<3>(rkey[ 55] + delta[2][11]); + rkey[ 67] = rkey[ 69] = rkey[ 71] = rotlConstant<3>(rkey[ 61] + delta[3][12]); + rkey[ 73] = rkey[ 75] = rkey[ 77] = rotlConstant<3>(rkey[ 67] + delta[0][13]); + rkey[ 79] = rkey[ 81] = rkey[ 83] = rotlConstant<3>(rkey[ 73] + delta[1][14]); + rkey[ 85] = rkey[ 87] = rkey[ 89] = rotlConstant<3>(rkey[ 79] + delta[2][15]); + rkey[ 91] = rkey[ 93] = rkey[ 95] = rotlConstant<3>(rkey[ 85] + delta[3][16]); + rkey[ 97] = rkey[ 99] = rkey[101] = rotlConstant<3>(rkey[ 91] + delta[0][17]); + rkey[103] = rkey[105] = rkey[107] = rotlConstant<3>(rkey[ 97] + delta[1][18]); + rkey[109] = rkey[111] = rkey[113] = rotlConstant<3>(rkey[103] + delta[2][19]); + rkey[115] = rkey[117] = rkey[119] = rotlConstant<3>(rkey[109] + delta[3][20]); + rkey[121] = rkey[123] = rkey[125] = rotlConstant<3>(rkey[115] + delta[0][21]); + rkey[127] = rkey[129] = rkey[131] = rotlConstant<3>(rkey[121] + delta[1][22]); + rkey[133] = rkey[135] = rkey[137] = rotlConstant<3>(rkey[127] + delta[2][23]); + rkey[139] = rkey[141] = rkey[143] = rotlConstant<3>(rkey[133] + delta[3][24]); + + rkey[ 2] = rotlConstant<6>( key[ 2] + delta[0][ 2]); + rkey[ 8] = rotlConstant<6>(rkey[ 2] + delta[1][ 3]); + rkey[ 14] = rotlConstant<6>(rkey[ 8] + delta[2][ 4]); + rkey[ 20] = rotlConstant<6>(rkey[ 14] + delta[3][ 5]); + rkey[ 26] = rotlConstant<6>(rkey[ 20] + delta[0][ 6]); + rkey[ 32] = rotlConstant<6>(rkey[ 26] + delta[1][ 7]); + rkey[ 38] = rotlConstant<6>(rkey[ 32] + delta[2][ 8]); + rkey[ 44] = rotlConstant<6>(rkey[ 38] + delta[3][ 9]); + rkey[ 50] = rotlConstant<6>(rkey[ 44] + delta[0][10]); + rkey[ 56] = rotlConstant<6>(rkey[ 50] + delta[1][11]); + rkey[ 62] = rotlConstant<6>(rkey[ 56] + delta[2][12]); + rkey[ 68] = rotlConstant<6>(rkey[ 62] + delta[3][13]); + rkey[ 74] = rotlConstant<6>(rkey[ 68] + delta[0][14]); + rkey[ 80] = rotlConstant<6>(rkey[ 74] + delta[1][15]); + rkey[ 86] = rotlConstant<6>(rkey[ 80] + delta[2][16]); + rkey[ 92] = rotlConstant<6>(rkey[ 86] + delta[3][17]); + rkey[ 98] = rotlConstant<6>(rkey[ 92] + delta[0][18]); + rkey[104] = rotlConstant<6>(rkey[ 98] + delta[1][19]); + rkey[110] = rotlConstant<6>(rkey[104] + delta[2][20]); + rkey[116] = rotlConstant<6>(rkey[110] + delta[3][21]); + rkey[122] = rotlConstant<6>(rkey[116] + delta[0][22]); + rkey[128] = rotlConstant<6>(rkey[122] + delta[1][23]); + rkey[134] = rotlConstant<6>(rkey[128] + delta[2][24]); + rkey[140] = rotlConstant<6>(rkey[134] + delta[3][25]); + + rkey[ 4] = rotlConstant<11>( key[ 3] + delta[0][ 3]); + rkey[ 10] = rotlConstant<11>(rkey[ 4] + delta[1][ 4]); + rkey[ 16] = rotlConstant<11>(rkey[ 10] + delta[2][ 5]); + rkey[ 22] = rotlConstant<11>(rkey[ 16] + delta[3][ 6]); + rkey[ 28] = rotlConstant<11>(rkey[ 22] + delta[0][ 7]); + rkey[ 34] = rotlConstant<11>(rkey[ 28] + delta[1][ 8]); + rkey[ 40] = rotlConstant<11>(rkey[ 34] + delta[2][ 9]); + rkey[ 46] = rotlConstant<11>(rkey[ 40] + delta[3][10]); + rkey[ 52] = rotlConstant<11>(rkey[ 46] + delta[0][11]); + rkey[ 58] = rotlConstant<11>(rkey[ 52] + delta[1][12]); + rkey[ 64] = rotlConstant<11>(rkey[ 58] + delta[2][13]); + rkey[ 70] = rotlConstant<11>(rkey[ 64] + delta[3][14]); + rkey[ 76] = rotlConstant<11>(rkey[ 70] + delta[0][15]); + rkey[ 82] = rotlConstant<11>(rkey[ 76] + delta[1][16]); + rkey[ 88] = rotlConstant<11>(rkey[ 82] + delta[2][17]); + rkey[ 94] = rotlConstant<11>(rkey[ 88] + delta[3][18]); + rkey[100] = rotlConstant<11>(rkey[ 94] + delta[0][19]); + rkey[106] = rotlConstant<11>(rkey[100] + delta[1][20]); + rkey[112] = rotlConstant<11>(rkey[106] + delta[2][21]); + rkey[118] = rotlConstant<11>(rkey[112] + delta[3][22]); + rkey[124] = rotlConstant<11>(rkey[118] + delta[0][23]); + rkey[130] = rotlConstant<11>(rkey[124] + delta[1][24]); + rkey[136] = rotlConstant<11>(rkey[130] + delta[2][25]); + rkey[142] = rotlConstant<11>(rkey[136] + delta[3][26]); +} + +inline void SetKey192(word32 rkey[168], const word32 key[6]) +{ + rkey[ 0] = rotlConstant<1>( key[ 0] + delta[0][ 0]); + rkey[ 6] = rotlConstant<1>(rkey[ 0] + delta[1][ 1]); + rkey[ 12] = rotlConstant<1>(rkey[ 6] + delta[2][ 2]); + rkey[ 18] = rotlConstant<1>(rkey[ 12] + delta[3][ 3]); + rkey[ 24] = rotlConstant<1>(rkey[ 18] + delta[4][ 4]); + rkey[ 30] = rotlConstant<1>(rkey[ 24] + delta[5][ 5]); + rkey[ 36] = rotlConstant<1>(rkey[ 30] + delta[0][ 6]); + rkey[ 42] = rotlConstant<1>(rkey[ 36] + delta[1][ 7]); + rkey[ 48] = rotlConstant<1>(rkey[ 42] + delta[2][ 8]); + rkey[ 54] = rotlConstant<1>(rkey[ 48] + delta[3][ 9]); + rkey[ 60] = rotlConstant<1>(rkey[ 54] + delta[4][10]); + rkey[ 66] = rotlConstant<1>(rkey[ 60] + delta[5][11]); + rkey[ 72] = rotlConstant<1>(rkey[ 66] + delta[0][12]); + rkey[ 78] = rotlConstant<1>(rkey[ 72] + delta[1][13]); + rkey[ 84] = rotlConstant<1>(rkey[ 78] + delta[2][14]); + rkey[ 90] = rotlConstant<1>(rkey[ 84] + delta[3][15]); + rkey[ 96] = rotlConstant<1>(rkey[ 90] + delta[4][16]); + rkey[102] = rotlConstant<1>(rkey[ 96] + delta[5][17]); + rkey[108] = rotlConstant<1>(rkey[102] + delta[0][18]); + rkey[114] = rotlConstant<1>(rkey[108] + delta[1][19]); + rkey[120] = rotlConstant<1>(rkey[114] + delta[2][20]); + rkey[126] = rotlConstant<1>(rkey[120] + delta[3][21]); + rkey[132] = rotlConstant<1>(rkey[126] + delta[4][22]); + rkey[138] = rotlConstant<1>(rkey[132] + delta[5][23]); + rkey[144] = rotlConstant<1>(rkey[138] + delta[0][24]); + rkey[150] = rotlConstant<1>(rkey[144] + delta[1][25]); + rkey[156] = rotlConstant<1>(rkey[150] + delta[2][26]); + rkey[162] = rotlConstant<1>(rkey[156] + delta[3][27]); + + rkey[ 1] = rotlConstant<3>( key[ 1] + delta[0][ 1]); + rkey[ 7] = rotlConstant<3>(rkey[ 1] + delta[1][ 2]); + rkey[ 13] = rotlConstant<3>(rkey[ 7] + delta[2][ 3]); + rkey[ 19] = rotlConstant<3>(rkey[ 13] + delta[3][ 4]); + rkey[ 25] = rotlConstant<3>(rkey[ 19] + delta[4][ 5]); + rkey[ 31] = rotlConstant<3>(rkey[ 25] + delta[5][ 6]); + rkey[ 37] = rotlConstant<3>(rkey[ 31] + delta[0][ 7]); + rkey[ 43] = rotlConstant<3>(rkey[ 37] + delta[1][ 8]); + rkey[ 49] = rotlConstant<3>(rkey[ 43] + delta[2][ 9]); + rkey[ 55] = rotlConstant<3>(rkey[ 49] + delta[3][10]); + rkey[ 61] = rotlConstant<3>(rkey[ 55] + delta[4][11]); + rkey[ 67] = rotlConstant<3>(rkey[ 61] + delta[5][12]); + rkey[ 73] = rotlConstant<3>(rkey[ 67] + delta[0][13]); + rkey[ 79] = rotlConstant<3>(rkey[ 73] + delta[1][14]); + rkey[ 85] = rotlConstant<3>(rkey[ 79] + delta[2][15]); + rkey[ 91] = rotlConstant<3>(rkey[ 85] + delta[3][16]); + rkey[ 97] = rotlConstant<3>(rkey[ 91] + delta[4][17]); + rkey[103] = rotlConstant<3>(rkey[ 97] + delta[5][18]); + rkey[109] = rotlConstant<3>(rkey[103] + delta[0][19]); + rkey[115] = rotlConstant<3>(rkey[109] + delta[1][20]); + rkey[121] = rotlConstant<3>(rkey[115] + delta[2][21]); + rkey[127] = rotlConstant<3>(rkey[121] + delta[3][22]); + rkey[133] = rotlConstant<3>(rkey[127] + delta[4][23]); + rkey[139] = rotlConstant<3>(rkey[133] + delta[5][24]); + rkey[145] = rotlConstant<3>(rkey[139] + delta[0][25]); + rkey[151] = rotlConstant<3>(rkey[145] + delta[1][26]); + rkey[157] = rotlConstant<3>(rkey[151] + delta[2][27]); + rkey[163] = rotlConstant<3>(rkey[157] + delta[3][28]); + + rkey[ 2] = rotlConstant<6>( key[ 2] + delta[0][ 2]); + rkey[ 8] = rotlConstant<6>(rkey[ 2] + delta[1][ 3]); + rkey[ 14] = rotlConstant<6>(rkey[ 8] + delta[2][ 4]); + rkey[ 20] = rotlConstant<6>(rkey[ 14] + delta[3][ 5]); + rkey[ 26] = rotlConstant<6>(rkey[ 20] + delta[4][ 6]); + rkey[ 32] = rotlConstant<6>(rkey[ 26] + delta[5][ 7]); + rkey[ 38] = rotlConstant<6>(rkey[ 32] + delta[0][ 8]); + rkey[ 44] = rotlConstant<6>(rkey[ 38] + delta[1][ 9]); + rkey[ 50] = rotlConstant<6>(rkey[ 44] + delta[2][10]); + rkey[ 56] = rotlConstant<6>(rkey[ 50] + delta[3][11]); + rkey[ 62] = rotlConstant<6>(rkey[ 56] + delta[4][12]); + rkey[ 68] = rotlConstant<6>(rkey[ 62] + delta[5][13]); + rkey[ 74] = rotlConstant<6>(rkey[ 68] + delta[0][14]); + rkey[ 80] = rotlConstant<6>(rkey[ 74] + delta[1][15]); + rkey[ 86] = rotlConstant<6>(rkey[ 80] + delta[2][16]); + rkey[ 92] = rotlConstant<6>(rkey[ 86] + delta[3][17]); + rkey[ 98] = rotlConstant<6>(rkey[ 92] + delta[4][18]); + rkey[104] = rotlConstant<6>(rkey[ 98] + delta[5][19]); + rkey[110] = rotlConstant<6>(rkey[104] + delta[0][20]); + rkey[116] = rotlConstant<6>(rkey[110] + delta[1][21]); + rkey[122] = rotlConstant<6>(rkey[116] + delta[2][22]); + rkey[128] = rotlConstant<6>(rkey[122] + delta[3][23]); + rkey[134] = rotlConstant<6>(rkey[128] + delta[4][24]); + rkey[140] = rotlConstant<6>(rkey[134] + delta[5][25]); + rkey[146] = rotlConstant<6>(rkey[140] + delta[0][26]); + rkey[152] = rotlConstant<6>(rkey[146] + delta[1][27]); + rkey[158] = rotlConstant<6>(rkey[152] + delta[2][28]); + rkey[164] = rotlConstant<6>(rkey[158] + delta[3][29]); + + rkey[ 3] = rotlConstant<11>( key[ 3] + delta[0][ 3]); + rkey[ 9] = rotlConstant<11>(rkey[ 3] + delta[1][ 4]); + rkey[ 15] = rotlConstant<11>(rkey[ 9] + delta[2][ 5]); + rkey[ 21] = rotlConstant<11>(rkey[ 15] + delta[3][ 6]); + rkey[ 27] = rotlConstant<11>(rkey[ 21] + delta[4][ 7]); + rkey[ 33] = rotlConstant<11>(rkey[ 27] + delta[5][ 8]); + rkey[ 39] = rotlConstant<11>(rkey[ 33] + delta[0][ 9]); + rkey[ 45] = rotlConstant<11>(rkey[ 39] + delta[1][10]); + rkey[ 51] = rotlConstant<11>(rkey[ 45] + delta[2][11]); + rkey[ 57] = rotlConstant<11>(rkey[ 51] + delta[3][12]); + rkey[ 63] = rotlConstant<11>(rkey[ 57] + delta[4][13]); + rkey[ 69] = rotlConstant<11>(rkey[ 63] + delta[5][14]); + rkey[ 75] = rotlConstant<11>(rkey[ 69] + delta[0][15]); + rkey[ 81] = rotlConstant<11>(rkey[ 75] + delta[1][16]); + rkey[ 87] = rotlConstant<11>(rkey[ 81] + delta[2][17]); + rkey[ 93] = rotlConstant<11>(rkey[ 87] + delta[3][18]); + rkey[ 99] = rotlConstant<11>(rkey[ 93] + delta[4][19]); + rkey[105] = rotlConstant<11>(rkey[ 99] + delta[5][20]); + rkey[111] = rotlConstant<11>(rkey[105] + delta[0][21]); + rkey[117] = rotlConstant<11>(rkey[111] + delta[1][22]); + rkey[123] = rotlConstant<11>(rkey[117] + delta[2][23]); + rkey[129] = rotlConstant<11>(rkey[123] + delta[3][24]); + rkey[135] = rotlConstant<11>(rkey[129] + delta[4][25]); + rkey[141] = rotlConstant<11>(rkey[135] + delta[5][26]); + rkey[147] = rotlConstant<11>(rkey[141] + delta[0][27]); + rkey[153] = rotlConstant<11>(rkey[147] + delta[1][28]); + rkey[159] = rotlConstant<11>(rkey[153] + delta[2][29]); + rkey[165] = rotlConstant<11>(rkey[159] + delta[3][30]); + + rkey[ 4] = rotlConstant<13>( key[ 4] + delta[0][ 4]); + rkey[ 10] = rotlConstant<13>(rkey[ 4] + delta[1][ 5]); + rkey[ 16] = rotlConstant<13>(rkey[ 10] + delta[2][ 6]); + rkey[ 22] = rotlConstant<13>(rkey[ 16] + delta[3][ 7]); + rkey[ 28] = rotlConstant<13>(rkey[ 22] + delta[4][ 8]); + rkey[ 34] = rotlConstant<13>(rkey[ 28] + delta[5][ 9]); + rkey[ 40] = rotlConstant<13>(rkey[ 34] + delta[0][10]); + rkey[ 46] = rotlConstant<13>(rkey[ 40] + delta[1][11]); + rkey[ 52] = rotlConstant<13>(rkey[ 46] + delta[2][12]); + rkey[ 58] = rotlConstant<13>(rkey[ 52] + delta[3][13]); + rkey[ 64] = rotlConstant<13>(rkey[ 58] + delta[4][14]); + rkey[ 70] = rotlConstant<13>(rkey[ 64] + delta[5][15]); + rkey[ 76] = rotlConstant<13>(rkey[ 70] + delta[0][16]); + rkey[ 82] = rotlConstant<13>(rkey[ 76] + delta[1][17]); + rkey[ 88] = rotlConstant<13>(rkey[ 82] + delta[2][18]); + rkey[ 94] = rotlConstant<13>(rkey[ 88] + delta[3][19]); + rkey[100] = rotlConstant<13>(rkey[ 94] + delta[4][20]); + rkey[106] = rotlConstant<13>(rkey[100] + delta[5][21]); + rkey[112] = rotlConstant<13>(rkey[106] + delta[0][22]); + rkey[118] = rotlConstant<13>(rkey[112] + delta[1][23]); + rkey[124] = rotlConstant<13>(rkey[118] + delta[2][24]); + rkey[130] = rotlConstant<13>(rkey[124] + delta[3][25]); + rkey[136] = rotlConstant<13>(rkey[130] + delta[4][26]); + rkey[142] = rotlConstant<13>(rkey[136] + delta[5][27]); + rkey[148] = rotlConstant<13>(rkey[142] + delta[0][28]); + rkey[154] = rotlConstant<13>(rkey[148] + delta[1][29]); + rkey[160] = rotlConstant<13>(rkey[154] + delta[2][30]); + rkey[166] = rotlConstant<13>(rkey[160] + delta[3][31]); + + rkey[ 5] = rotlConstant<17>( key[ 5] + delta[0][ 5]); + rkey[ 11] = rotlConstant<17>(rkey[ 5] + delta[1][ 6]); + rkey[ 17] = rotlConstant<17>(rkey[ 11] + delta[2][ 7]); + rkey[ 23] = rotlConstant<17>(rkey[ 17] + delta[3][ 8]); + rkey[ 29] = rotlConstant<17>(rkey[ 23] + delta[4][ 9]); + rkey[ 35] = rotlConstant<17>(rkey[ 29] + delta[5][10]); + rkey[ 41] = rotlConstant<17>(rkey[ 35] + delta[0][11]); + rkey[ 47] = rotlConstant<17>(rkey[ 41] + delta[1][12]); + rkey[ 53] = rotlConstant<17>(rkey[ 47] + delta[2][13]); + rkey[ 59] = rotlConstant<17>(rkey[ 53] + delta[3][14]); + rkey[ 65] = rotlConstant<17>(rkey[ 59] + delta[4][15]); + rkey[ 71] = rotlConstant<17>(rkey[ 65] + delta[5][16]); + rkey[ 77] = rotlConstant<17>(rkey[ 71] + delta[0][17]); + rkey[ 83] = rotlConstant<17>(rkey[ 77] + delta[1][18]); + rkey[ 89] = rotlConstant<17>(rkey[ 83] + delta[2][19]); + rkey[ 95] = rotlConstant<17>(rkey[ 89] + delta[3][20]); + rkey[101] = rotlConstant<17>(rkey[ 95] + delta[4][21]); + rkey[107] = rotlConstant<17>(rkey[101] + delta[5][22]); + rkey[113] = rotlConstant<17>(rkey[107] + delta[0][23]); + rkey[119] = rotlConstant<17>(rkey[113] + delta[1][24]); + rkey[125] = rotlConstant<17>(rkey[119] + delta[2][25]); + rkey[131] = rotlConstant<17>(rkey[125] + delta[3][26]); + rkey[137] = rotlConstant<17>(rkey[131] + delta[4][27]); + rkey[143] = rotlConstant<17>(rkey[137] + delta[5][28]); + rkey[149] = rotlConstant<17>(rkey[143] + delta[0][29]); + rkey[155] = rotlConstant<17>(rkey[149] + delta[1][30]); + rkey[161] = rotlConstant<17>(rkey[155] + delta[2][31]); + rkey[167] = rotlConstant<17>(rkey[161] + delta[3][ 0]); +} + +inline void SetKey256(word32 rkey[192], const word32 key[8]) +{ + rkey[ 0] = rotlConstant< 1>( key[ 0] + delta[0][ 0]); + rkey[ 8] = rotlConstant< 6>(rkey[ 0] + delta[1][ 3]); + rkey[ 16] = rotlConstant<13>(rkey[ 8] + delta[2][ 6]); + rkey[ 24] = rotlConstant< 1>(rkey[ 16] + delta[4][ 4]); + rkey[ 32] = rotlConstant< 6>(rkey[ 24] + delta[5][ 7]); + rkey[ 40] = rotlConstant<13>(rkey[ 32] + delta[6][10]); + rkey[ 48] = rotlConstant< 1>(rkey[ 40] + delta[0][ 8]); + rkey[ 56] = rotlConstant< 6>(rkey[ 48] + delta[1][11]); + rkey[ 64] = rotlConstant<13>(rkey[ 56] + delta[2][14]); + rkey[ 72] = rotlConstant< 1>(rkey[ 64] + delta[4][12]); + rkey[ 80] = rotlConstant< 6>(rkey[ 72] + delta[5][15]); + rkey[ 88] = rotlConstant<13>(rkey[ 80] + delta[6][18]); + rkey[ 96] = rotlConstant< 1>(rkey[ 88] + delta[0][16]); + rkey[104] = rotlConstant< 6>(rkey[ 96] + delta[1][19]); + rkey[112] = rotlConstant<13>(rkey[104] + delta[2][22]); + rkey[120] = rotlConstant< 1>(rkey[112] + delta[4][20]); + rkey[128] = rotlConstant< 6>(rkey[120] + delta[5][23]); + rkey[136] = rotlConstant<13>(rkey[128] + delta[6][26]); + rkey[144] = rotlConstant< 1>(rkey[136] + delta[0][24]); + rkey[152] = rotlConstant< 6>(rkey[144] + delta[1][27]); + rkey[160] = rotlConstant<13>(rkey[152] + delta[2][30]); + rkey[168] = rotlConstant< 1>(rkey[160] + delta[4][28]); + rkey[176] = rotlConstant< 6>(rkey[168] + delta[5][31]); + rkey[184] = rotlConstant<13>(rkey[176] + delta[6][ 2]); + + rkey[ 1] = rotlConstant< 3>( key[ 1] + delta[0][ 1]); + rkey[ 9] = rotlConstant<11>(rkey[ 1] + delta[1][ 4]); + rkey[ 17] = rotlConstant<17>(rkey[ 9] + delta[2][ 7]); + rkey[ 25] = rotlConstant< 3>(rkey[ 17] + delta[4][ 5]); + rkey[ 33] = rotlConstant<11>(rkey[ 25] + delta[5][ 8]); + rkey[ 41] = rotlConstant<17>(rkey[ 33] + delta[6][11]); + rkey[ 49] = rotlConstant< 3>(rkey[ 41] + delta[0][ 9]); + rkey[ 57] = rotlConstant<11>(rkey[ 49] + delta[1][12]); + rkey[ 65] = rotlConstant<17>(rkey[ 57] + delta[2][15]); + rkey[ 73] = rotlConstant< 3>(rkey[ 65] + delta[4][13]); + rkey[ 81] = rotlConstant<11>(rkey[ 73] + delta[5][16]); + rkey[ 89] = rotlConstant<17>(rkey[ 81] + delta[6][19]); + rkey[ 97] = rotlConstant< 3>(rkey[ 89] + delta[0][17]); + rkey[105] = rotlConstant<11>(rkey[ 97] + delta[1][20]); + rkey[113] = rotlConstant<17>(rkey[105] + delta[2][23]); + rkey[121] = rotlConstant< 3>(rkey[113] + delta[4][21]); + rkey[129] = rotlConstant<11>(rkey[121] + delta[5][24]); + rkey[137] = rotlConstant<17>(rkey[129] + delta[6][27]); + rkey[145] = rotlConstant< 3>(rkey[137] + delta[0][25]); + rkey[153] = rotlConstant<11>(rkey[145] + delta[1][28]); + rkey[161] = rotlConstant<17>(rkey[153] + delta[2][31]); + rkey[169] = rotlConstant< 3>(rkey[161] + delta[4][29]); + rkey[177] = rotlConstant<11>(rkey[169] + delta[5][ 0]); + rkey[185] = rotlConstant<17>(rkey[177] + delta[6][ 3]); + + rkey[ 2] = rotlConstant< 6>( key[ 2] + delta[0][ 2]); + rkey[ 10] = rotlConstant<13>(rkey[ 2] + delta[1][ 5]); + rkey[ 18] = rotlConstant< 1>(rkey[ 10] + delta[3][ 3]); + rkey[ 26] = rotlConstant< 6>(rkey[ 18] + delta[4][ 6]); + rkey[ 34] = rotlConstant<13>(rkey[ 26] + delta[5][ 9]); + rkey[ 42] = rotlConstant< 1>(rkey[ 34] + delta[7][ 7]); + rkey[ 50] = rotlConstant< 6>(rkey[ 42] + delta[0][10]); + rkey[ 58] = rotlConstant<13>(rkey[ 50] + delta[1][13]); + rkey[ 66] = rotlConstant< 1>(rkey[ 58] + delta[3][11]); + rkey[ 74] = rotlConstant< 6>(rkey[ 66] + delta[4][14]); + rkey[ 82] = rotlConstant<13>(rkey[ 74] + delta[5][17]); + rkey[ 90] = rotlConstant< 1>(rkey[ 82] + delta[7][15]); + rkey[ 98] = rotlConstant< 6>(rkey[ 90] + delta[0][18]); + rkey[106] = rotlConstant<13>(rkey[ 98] + delta[1][21]); + rkey[114] = rotlConstant< 1>(rkey[106] + delta[3][19]); + rkey[122] = rotlConstant< 6>(rkey[114] + delta[4][22]); + rkey[130] = rotlConstant<13>(rkey[122] + delta[5][25]); + rkey[138] = rotlConstant< 1>(rkey[130] + delta[7][23]); + rkey[146] = rotlConstant< 6>(rkey[138] + delta[0][26]); + rkey[154] = rotlConstant<13>(rkey[146] + delta[1][29]); + rkey[162] = rotlConstant< 1>(rkey[154] + delta[3][27]); + rkey[170] = rotlConstant< 6>(rkey[162] + delta[4][30]); + rkey[178] = rotlConstant<13>(rkey[170] + delta[5][ 1]); + rkey[186] = rotlConstant< 1>(rkey[178] + delta[7][31]); + + rkey[ 3] = rotlConstant<11>( key[ 3] + delta[0][ 3]); + rkey[ 11] = rotlConstant<17>(rkey[ 3] + delta[1][ 6]); + rkey[ 19] = rotlConstant< 3>(rkey[ 11] + delta[3][ 4]); + rkey[ 27] = rotlConstant<11>(rkey[ 19] + delta[4][ 7]); + rkey[ 35] = rotlConstant<17>(rkey[ 27] + delta[5][10]); + rkey[ 43] = rotlConstant< 3>(rkey[ 35] + delta[7][ 8]); + rkey[ 51] = rotlConstant<11>(rkey[ 43] + delta[0][11]); + rkey[ 59] = rotlConstant<17>(rkey[ 51] + delta[1][14]); + rkey[ 67] = rotlConstant< 3>(rkey[ 59] + delta[3][12]); + rkey[ 75] = rotlConstant<11>(rkey[ 67] + delta[4][15]); + rkey[ 83] = rotlConstant<17>(rkey[ 75] + delta[5][18]); + rkey[ 91] = rotlConstant< 3>(rkey[ 83] + delta[7][16]); + rkey[ 99] = rotlConstant<11>(rkey[ 91] + delta[0][19]); + rkey[107] = rotlConstant<17>(rkey[ 99] + delta[1][22]); + rkey[115] = rotlConstant< 3>(rkey[107] + delta[3][20]); + rkey[123] = rotlConstant<11>(rkey[115] + delta[4][23]); + rkey[131] = rotlConstant<17>(rkey[123] + delta[5][26]); + rkey[139] = rotlConstant< 3>(rkey[131] + delta[7][24]); + rkey[147] = rotlConstant<11>(rkey[139] + delta[0][27]); + rkey[155] = rotlConstant<17>(rkey[147] + delta[1][30]); + rkey[163] = rotlConstant< 3>(rkey[155] + delta[3][28]); + rkey[171] = rotlConstant<11>(rkey[163] + delta[4][31]); + rkey[179] = rotlConstant<17>(rkey[171] + delta[5][ 2]); + rkey[187] = rotlConstant< 3>(rkey[179] + delta[7][ 0]); + + rkey[ 4] = rotlConstant<13>( key[ 4] + delta[0][ 4]); + rkey[ 12] = rotlConstant< 1>(rkey[ 4] + delta[2][ 2]); + rkey[ 20] = rotlConstant< 6>(rkey[ 12] + delta[3][ 5]); + rkey[ 28] = rotlConstant<13>(rkey[ 20] + delta[4][ 8]); + rkey[ 36] = rotlConstant< 1>(rkey[ 28] + delta[6][ 6]); + rkey[ 44] = rotlConstant< 6>(rkey[ 36] + delta[7][ 9]); + rkey[ 52] = rotlConstant<13>(rkey[ 44] + delta[0][12]); + rkey[ 60] = rotlConstant< 1>(rkey[ 52] + delta[2][10]); + rkey[ 68] = rotlConstant< 6>(rkey[ 60] + delta[3][13]); + rkey[ 76] = rotlConstant<13>(rkey[ 68] + delta[4][16]); + rkey[ 84] = rotlConstant< 1>(rkey[ 76] + delta[6][14]); + rkey[ 92] = rotlConstant< 6>(rkey[ 84] + delta[7][17]); + rkey[100] = rotlConstant<13>(rkey[ 92] + delta[0][20]); + rkey[108] = rotlConstant< 1>(rkey[100] + delta[2][18]); + rkey[116] = rotlConstant< 6>(rkey[108] + delta[3][21]); + rkey[124] = rotlConstant<13>(rkey[116] + delta[4][24]); + rkey[132] = rotlConstant< 1>(rkey[124] + delta[6][22]); + rkey[140] = rotlConstant< 6>(rkey[132] + delta[7][25]); + rkey[148] = rotlConstant<13>(rkey[140] + delta[0][28]); + rkey[156] = rotlConstant< 1>(rkey[148] + delta[2][26]); + rkey[164] = rotlConstant< 6>(rkey[156] + delta[3][29]); + rkey[172] = rotlConstant<13>(rkey[164] + delta[4][ 0]); + rkey[180] = rotlConstant< 1>(rkey[172] + delta[6][30]); + rkey[188] = rotlConstant< 6>(rkey[180] + delta[7][ 1]); + + rkey[ 5] = rotlConstant<17>( key[ 5] + delta[0][ 5]); + rkey[ 13] = rotlConstant< 3>(rkey[ 5] + delta[2][ 3]); + rkey[ 21] = rotlConstant<11>(rkey[ 13] + delta[3][ 6]); + rkey[ 29] = rotlConstant<17>(rkey[ 21] + delta[4][ 9]); + rkey[ 37] = rotlConstant< 3>(rkey[ 29] + delta[6][ 7]); + rkey[ 45] = rotlConstant<11>(rkey[ 37] + delta[7][10]); + rkey[ 53] = rotlConstant<17>(rkey[ 45] + delta[0][13]); + rkey[ 61] = rotlConstant< 3>(rkey[ 53] + delta[2][11]); + rkey[ 69] = rotlConstant<11>(rkey[ 61] + delta[3][14]); + rkey[ 77] = rotlConstant<17>(rkey[ 69] + delta[4][17]); + rkey[ 85] = rotlConstant< 3>(rkey[ 77] + delta[6][15]); + rkey[ 93] = rotlConstant<11>(rkey[ 85] + delta[7][18]); + rkey[101] = rotlConstant<17>(rkey[ 93] + delta[0][21]); + rkey[109] = rotlConstant< 3>(rkey[101] + delta[2][19]); + rkey[117] = rotlConstant<11>(rkey[109] + delta[3][22]); + rkey[125] = rotlConstant<17>(rkey[117] + delta[4][25]); + rkey[133] = rotlConstant< 3>(rkey[125] + delta[6][23]); + rkey[141] = rotlConstant<11>(rkey[133] + delta[7][26]); + rkey[149] = rotlConstant<17>(rkey[141] + delta[0][29]); + rkey[157] = rotlConstant< 3>(rkey[149] + delta[2][27]); + rkey[165] = rotlConstant<11>(rkey[157] + delta[3][30]); + rkey[173] = rotlConstant<17>(rkey[165] + delta[4][ 1]); + rkey[181] = rotlConstant< 3>(rkey[173] + delta[6][31]); + rkey[189] = rotlConstant<11>(rkey[181] + delta[7][ 2]); + + rkey[ 6] = rotlConstant< 1>( key[ 6] + delta[1][ 1]); + rkey[ 14] = rotlConstant< 6>(rkey[ 6] + delta[2][ 4]); + rkey[ 22] = rotlConstant<13>(rkey[ 14] + delta[3][ 7]); + rkey[ 30] = rotlConstant< 1>(rkey[ 22] + delta[5][ 5]); + rkey[ 38] = rotlConstant< 6>(rkey[ 30] + delta[6][ 8]); + rkey[ 46] = rotlConstant<13>(rkey[ 38] + delta[7][11]); + rkey[ 54] = rotlConstant< 1>(rkey[ 46] + delta[1][ 9]); + rkey[ 62] = rotlConstant< 6>(rkey[ 54] + delta[2][12]); + rkey[ 70] = rotlConstant<13>(rkey[ 62] + delta[3][15]); + rkey[ 78] = rotlConstant< 1>(rkey[ 70] + delta[5][13]); + rkey[ 86] = rotlConstant< 6>(rkey[ 78] + delta[6][16]); + rkey[ 94] = rotlConstant<13>(rkey[ 86] + delta[7][19]); + rkey[102] = rotlConstant< 1>(rkey[ 94] + delta[1][17]); + rkey[110] = rotlConstant< 6>(rkey[102] + delta[2][20]); + rkey[118] = rotlConstant<13>(rkey[110] + delta[3][23]); + rkey[126] = rotlConstant< 1>(rkey[118] + delta[5][21]); + rkey[134] = rotlConstant< 6>(rkey[126] + delta[6][24]); + rkey[142] = rotlConstant<13>(rkey[134] + delta[7][27]); + rkey[150] = rotlConstant< 1>(rkey[142] + delta[1][25]); + rkey[158] = rotlConstant< 6>(rkey[150] + delta[2][28]); + rkey[166] = rotlConstant<13>(rkey[158] + delta[3][31]); + rkey[174] = rotlConstant< 1>(rkey[166] + delta[5][29]); + rkey[182] = rotlConstant< 6>(rkey[174] + delta[6][ 0]); + rkey[190] = rotlConstant<13>(rkey[182] + delta[7][ 3]); + + rkey[ 7] = rotlConstant< 3>( key[ 7] + delta[1][ 2]); + rkey[ 15] = rotlConstant<11>(rkey[ 7] + delta[2][ 5]); + rkey[ 23] = rotlConstant<17>(rkey[ 15] + delta[3][ 8]); + rkey[ 31] = rotlConstant< 3>(rkey[ 23] + delta[5][ 6]); + rkey[ 39] = rotlConstant<11>(rkey[ 31] + delta[6][ 9]); + rkey[ 47] = rotlConstant<17>(rkey[ 39] + delta[7][12]); + rkey[ 55] = rotlConstant< 3>(rkey[ 47] + delta[1][10]); + rkey[ 63] = rotlConstant<11>(rkey[ 55] + delta[2][13]); + rkey[ 71] = rotlConstant<17>(rkey[ 63] + delta[3][16]); + rkey[ 79] = rotlConstant< 3>(rkey[ 71] + delta[5][14]); + rkey[ 87] = rotlConstant<11>(rkey[ 79] + delta[6][17]); + rkey[ 95] = rotlConstant<17>(rkey[ 87] + delta[7][20]); + rkey[103] = rotlConstant< 3>(rkey[ 95] + delta[1][18]); + rkey[111] = rotlConstant<11>(rkey[103] + delta[2][21]); + rkey[119] = rotlConstant<17>(rkey[111] + delta[3][24]); + rkey[127] = rotlConstant< 3>(rkey[119] + delta[5][22]); + rkey[135] = rotlConstant<11>(rkey[127] + delta[6][25]); + rkey[143] = rotlConstant<17>(rkey[135] + delta[7][28]); + rkey[151] = rotlConstant< 3>(rkey[143] + delta[1][26]); + rkey[159] = rotlConstant<11>(rkey[151] + delta[2][29]); + rkey[167] = rotlConstant<17>(rkey[159] + delta[3][ 0]); + rkey[175] = rotlConstant< 3>(rkey[167] + delta[5][30]); + rkey[183] = rotlConstant<11>(rkey[175] + delta[6][ 1]); + rkey[191] = rotlConstant<17>(rkey[183] + delta[7][ 4]); +} + +NAMESPACE_BEGIN(CryptoPP) + +#if CRYPTOPP_LEA_ADVANCED_PROCESS_BLOCKS +# if defined(CRYPTOPP_SSSE3_AVAILABLE) +extern size_t LEA_Enc_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); + +extern size_t LEA_Dec_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); +# endif + +# if (CRYPTOPP_ARM_NEON_AVAILABLE) +extern size_t LEA_Enc_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); + +extern size_t LEA_Dec_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); +# endif +#endif + +std::string LEA::Base::AlgorithmProvider() const +{ +#if (CRYPTOPP_LEA_ADVANCED_PROCESS_BLOCKS) +# if (CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) + return "SSSE3"; +# endif +# if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + return "NEON"; +# endif +#endif + return "C++"; +} + +void LEA::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms) +{ + CRYPTOPP_UNUSED(params); + + switch(keyLength) + { + case 16: // 128-bit key + { + m_rkey.New(144); m_temp.New(4); m_rounds = 24; + GetUserKey(LITTLE_ENDIAN_ORDER, m_temp.begin(), 4, userKey, 16); + SetKey128(m_rkey, m_temp); + break; + } + case 24: // 192-bit key + { + m_rkey.New(168); m_temp.New(6); m_rounds = 28; + GetUserKey(LITTLE_ENDIAN_ORDER, m_temp.begin(), 6, userKey, 24); + SetKey192(m_rkey, m_temp); + break; + } + case 32: // 256-bit key + { + m_rkey.New(192); m_temp.New(8); m_rounds = 32; + GetUserKey(LITTLE_ENDIAN_ORDER, m_temp.begin(), 8, userKey, 32); + SetKey256(m_rkey, m_temp); + break; + } + default: + CRYPTOPP_ASSERT(0);; + } +} + +void LEA::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const +{ + // Do not cast the buffer. It will SIGBUS on some ARM and SPARC. + GetBlock iblock(inBlock); + iblock(m_temp[0])(m_temp[1])(m_temp[2])(m_temp[3]); + + m_temp[3] = rotrConstant<3>((m_temp[2] ^ m_rkey[ 4]) + (m_temp[3] ^ m_rkey[ 5])); + m_temp[2] = rotrConstant<5>((m_temp[1] ^ m_rkey[ 2]) + (m_temp[2] ^ m_rkey[ 3])); + m_temp[1] = rotlConstant<9>((m_temp[0] ^ m_rkey[ 0]) + (m_temp[1] ^ m_rkey[ 1])); + m_temp[0] = rotrConstant<3>((m_temp[3] ^ m_rkey[ 10]) + (m_temp[0] ^ m_rkey[ 11])); + m_temp[3] = rotrConstant<5>((m_temp[2] ^ m_rkey[ 8]) + (m_temp[3] ^ m_rkey[ 9])); + m_temp[2] = rotlConstant<9>((m_temp[1] ^ m_rkey[ 6]) + (m_temp[2] ^ m_rkey[ 7])); + m_temp[1] = rotrConstant<3>((m_temp[0] ^ m_rkey[ 16]) + (m_temp[1] ^ m_rkey[ 17])); + m_temp[0] = rotrConstant<5>((m_temp[3] ^ m_rkey[ 14]) + (m_temp[0] ^ m_rkey[ 15])); + m_temp[3] = rotlConstant<9>((m_temp[2] ^ m_rkey[ 12]) + (m_temp[3] ^ m_rkey[ 13])); + m_temp[2] = rotrConstant<3>((m_temp[1] ^ m_rkey[ 22]) + (m_temp[2] ^ m_rkey[ 23])); + m_temp[1] = rotrConstant<5>((m_temp[0] ^ m_rkey[ 20]) + (m_temp[1] ^ m_rkey[ 21])); + m_temp[0] = rotlConstant<9>((m_temp[3] ^ m_rkey[ 18]) + (m_temp[0] ^ m_rkey[ 19])); + + m_temp[3] = rotrConstant<3>((m_temp[2] ^ m_rkey[ 28]) + (m_temp[3] ^ m_rkey[ 29])); + m_temp[2] = rotrConstant<5>((m_temp[1] ^ m_rkey[ 26]) + (m_temp[2] ^ m_rkey[ 27])); + m_temp[1] = rotlConstant<9>((m_temp[0] ^ m_rkey[ 24]) + (m_temp[1] ^ m_rkey[ 25])); + m_temp[0] = rotrConstant<3>((m_temp[3] ^ m_rkey[ 34]) + (m_temp[0] ^ m_rkey[ 35])); + m_temp[3] = rotrConstant<5>((m_temp[2] ^ m_rkey[ 32]) + (m_temp[3] ^ m_rkey[ 33])); + m_temp[2] = rotlConstant<9>((m_temp[1] ^ m_rkey[ 30]) + (m_temp[2] ^ m_rkey[ 31])); + m_temp[1] = rotrConstant<3>((m_temp[0] ^ m_rkey[ 40]) + (m_temp[1] ^ m_rkey[ 41])); + m_temp[0] = rotrConstant<5>((m_temp[3] ^ m_rkey[ 38]) + (m_temp[0] ^ m_rkey[ 39])); + m_temp[3] = rotlConstant<9>((m_temp[2] ^ m_rkey[ 36]) + (m_temp[3] ^ m_rkey[ 37])); + m_temp[2] = rotrConstant<3>((m_temp[1] ^ m_rkey[ 46]) + (m_temp[2] ^ m_rkey[ 47])); + m_temp[1] = rotrConstant<5>((m_temp[0] ^ m_rkey[ 44]) + (m_temp[1] ^ m_rkey[ 45])); + m_temp[0] = rotlConstant<9>((m_temp[3] ^ m_rkey[ 42]) + (m_temp[0] ^ m_rkey[ 43])); + + m_temp[3] = rotrConstant<3>((m_temp[2] ^ m_rkey[ 52]) + (m_temp[3] ^ m_rkey[ 53])); + m_temp[2] = rotrConstant<5>((m_temp[1] ^ m_rkey[ 50]) + (m_temp[2] ^ m_rkey[ 51])); + m_temp[1] = rotlConstant<9>((m_temp[0] ^ m_rkey[ 48]) + (m_temp[1] ^ m_rkey[ 49])); + m_temp[0] = rotrConstant<3>((m_temp[3] ^ m_rkey[ 58]) + (m_temp[0] ^ m_rkey[ 59])); + m_temp[3] = rotrConstant<5>((m_temp[2] ^ m_rkey[ 56]) + (m_temp[3] ^ m_rkey[ 57])); + m_temp[2] = rotlConstant<9>((m_temp[1] ^ m_rkey[ 54]) + (m_temp[2] ^ m_rkey[ 55])); + m_temp[1] = rotrConstant<3>((m_temp[0] ^ m_rkey[ 64]) + (m_temp[1] ^ m_rkey[ 65])); + m_temp[0] = rotrConstant<5>((m_temp[3] ^ m_rkey[ 62]) + (m_temp[0] ^ m_rkey[ 63])); + m_temp[3] = rotlConstant<9>((m_temp[2] ^ m_rkey[ 60]) + (m_temp[3] ^ m_rkey[ 61])); + m_temp[2] = rotrConstant<3>((m_temp[1] ^ m_rkey[ 70]) + (m_temp[2] ^ m_rkey[ 71])); + m_temp[1] = rotrConstant<5>((m_temp[0] ^ m_rkey[ 68]) + (m_temp[1] ^ m_rkey[ 69])); + m_temp[0] = rotlConstant<9>((m_temp[3] ^ m_rkey[ 66]) + (m_temp[0] ^ m_rkey[ 67])); + + m_temp[3] = rotrConstant<3>((m_temp[2] ^ m_rkey[ 76]) + (m_temp[3] ^ m_rkey[ 77])); + m_temp[2] = rotrConstant<5>((m_temp[1] ^ m_rkey[ 74]) + (m_temp[2] ^ m_rkey[ 75])); + m_temp[1] = rotlConstant<9>((m_temp[0] ^ m_rkey[ 72]) + (m_temp[1] ^ m_rkey[ 73])); + m_temp[0] = rotrConstant<3>((m_temp[3] ^ m_rkey[ 82]) + (m_temp[0] ^ m_rkey[ 83])); + m_temp[3] = rotrConstant<5>((m_temp[2] ^ m_rkey[ 80]) + (m_temp[3] ^ m_rkey[ 81])); + m_temp[2] = rotlConstant<9>((m_temp[1] ^ m_rkey[ 78]) + (m_temp[2] ^ m_rkey[ 79])); + m_temp[1] = rotrConstant<3>((m_temp[0] ^ m_rkey[ 88]) + (m_temp[1] ^ m_rkey[ 89])); + m_temp[0] = rotrConstant<5>((m_temp[3] ^ m_rkey[ 86]) + (m_temp[0] ^ m_rkey[ 87])); + m_temp[3] = rotlConstant<9>((m_temp[2] ^ m_rkey[ 84]) + (m_temp[3] ^ m_rkey[ 85])); + m_temp[2] = rotrConstant<3>((m_temp[1] ^ m_rkey[ 94]) + (m_temp[2] ^ m_rkey[ 95])); + m_temp[1] = rotrConstant<5>((m_temp[0] ^ m_rkey[ 92]) + (m_temp[1] ^ m_rkey[ 93])); + m_temp[0] = rotlConstant<9>((m_temp[3] ^ m_rkey[ 90]) + (m_temp[0] ^ m_rkey[ 91])); + + m_temp[3] = rotrConstant<3>((m_temp[2] ^ m_rkey[100]) + (m_temp[3] ^ m_rkey[101])); + m_temp[2] = rotrConstant<5>((m_temp[1] ^ m_rkey[ 98]) + (m_temp[2] ^ m_rkey[ 99])); + m_temp[1] = rotlConstant<9>((m_temp[0] ^ m_rkey[ 96]) + (m_temp[1] ^ m_rkey[ 97])); + m_temp[0] = rotrConstant<3>((m_temp[3] ^ m_rkey[106]) + (m_temp[0] ^ m_rkey[107])); + m_temp[3] = rotrConstant<5>((m_temp[2] ^ m_rkey[104]) + (m_temp[3] ^ m_rkey[105])); + m_temp[2] = rotlConstant<9>((m_temp[1] ^ m_rkey[102]) + (m_temp[2] ^ m_rkey[103])); + m_temp[1] = rotrConstant<3>((m_temp[0] ^ m_rkey[112]) + (m_temp[1] ^ m_rkey[113])); + m_temp[0] = rotrConstant<5>((m_temp[3] ^ m_rkey[110]) + (m_temp[0] ^ m_rkey[111])); + m_temp[3] = rotlConstant<9>((m_temp[2] ^ m_rkey[108]) + (m_temp[3] ^ m_rkey[109])); + m_temp[2] = rotrConstant<3>((m_temp[1] ^ m_rkey[118]) + (m_temp[2] ^ m_rkey[119])); + m_temp[1] = rotrConstant<5>((m_temp[0] ^ m_rkey[116]) + (m_temp[1] ^ m_rkey[117])); + m_temp[0] = rotlConstant<9>((m_temp[3] ^ m_rkey[114]) + (m_temp[0] ^ m_rkey[115])); + + m_temp[3] = rotrConstant<3>((m_temp[2] ^ m_rkey[124]) + (m_temp[3] ^ m_rkey[125])); + m_temp[2] = rotrConstant<5>((m_temp[1] ^ m_rkey[122]) + (m_temp[2] ^ m_rkey[123])); + m_temp[1] = rotlConstant<9>((m_temp[0] ^ m_rkey[120]) + (m_temp[1] ^ m_rkey[121])); + m_temp[0] = rotrConstant<3>((m_temp[3] ^ m_rkey[130]) + (m_temp[0] ^ m_rkey[131])); + m_temp[3] = rotrConstant<5>((m_temp[2] ^ m_rkey[128]) + (m_temp[3] ^ m_rkey[129])); + m_temp[2] = rotlConstant<9>((m_temp[1] ^ m_rkey[126]) + (m_temp[2] ^ m_rkey[127])); + m_temp[1] = rotrConstant<3>((m_temp[0] ^ m_rkey[136]) + (m_temp[1] ^ m_rkey[137])); + m_temp[0] = rotrConstant<5>((m_temp[3] ^ m_rkey[134]) + (m_temp[0] ^ m_rkey[135])); + m_temp[3] = rotlConstant<9>((m_temp[2] ^ m_rkey[132]) + (m_temp[3] ^ m_rkey[133])); + m_temp[2] = rotrConstant<3>((m_temp[1] ^ m_rkey[142]) + (m_temp[2] ^ m_rkey[143])); + m_temp[1] = rotrConstant<5>((m_temp[0] ^ m_rkey[140]) + (m_temp[1] ^ m_rkey[141])); + m_temp[0] = rotlConstant<9>((m_temp[3] ^ m_rkey[138]) + (m_temp[0] ^ m_rkey[139])); + + if(m_rounds > 24) + { + m_temp[3] = rotrConstant<3>((m_temp[2] ^ m_rkey[148]) + (m_temp[3] ^ m_rkey[149])); + m_temp[2] = rotrConstant<5>((m_temp[1] ^ m_rkey[146]) + (m_temp[2] ^ m_rkey[147])); + m_temp[1] = rotlConstant<9>((m_temp[0] ^ m_rkey[144]) + (m_temp[1] ^ m_rkey[145])); + m_temp[0] = rotrConstant<3>((m_temp[3] ^ m_rkey[154]) + (m_temp[0] ^ m_rkey[155])); + m_temp[3] = rotrConstant<5>((m_temp[2] ^ m_rkey[152]) + (m_temp[3] ^ m_rkey[153])); + m_temp[2] = rotlConstant<9>((m_temp[1] ^ m_rkey[150]) + (m_temp[2] ^ m_rkey[151])); + m_temp[1] = rotrConstant<3>((m_temp[0] ^ m_rkey[160]) + (m_temp[1] ^ m_rkey[161])); + m_temp[0] = rotrConstant<5>((m_temp[3] ^ m_rkey[158]) + (m_temp[0] ^ m_rkey[159])); + m_temp[3] = rotlConstant<9>((m_temp[2] ^ m_rkey[156]) + (m_temp[3] ^ m_rkey[157])); + m_temp[2] = rotrConstant<3>((m_temp[1] ^ m_rkey[166]) + (m_temp[2] ^ m_rkey[167])); + m_temp[1] = rotrConstant<5>((m_temp[0] ^ m_rkey[164]) + (m_temp[1] ^ m_rkey[165])); + m_temp[0] = rotlConstant<9>((m_temp[3] ^ m_rkey[162]) + (m_temp[0] ^ m_rkey[163])); + } + + if(m_rounds > 28) + { + m_temp[3] = rotrConstant<3>((m_temp[2] ^ m_rkey[172]) + (m_temp[3] ^ m_rkey[173])); + m_temp[2] = rotrConstant<5>((m_temp[1] ^ m_rkey[170]) + (m_temp[2] ^ m_rkey[171])); + m_temp[1] = rotlConstant<9>((m_temp[0] ^ m_rkey[168]) + (m_temp[1] ^ m_rkey[169])); + m_temp[0] = rotrConstant<3>((m_temp[3] ^ m_rkey[178]) + (m_temp[0] ^ m_rkey[179])); + m_temp[3] = rotrConstant<5>((m_temp[2] ^ m_rkey[176]) + (m_temp[3] ^ m_rkey[177])); + m_temp[2] = rotlConstant<9>((m_temp[1] ^ m_rkey[174]) + (m_temp[2] ^ m_rkey[175])); + m_temp[1] = rotrConstant<3>((m_temp[0] ^ m_rkey[184]) + (m_temp[1] ^ m_rkey[185])); + m_temp[0] = rotrConstant<5>((m_temp[3] ^ m_rkey[182]) + (m_temp[0] ^ m_rkey[183])); + m_temp[3] = rotlConstant<9>((m_temp[2] ^ m_rkey[180]) + (m_temp[3] ^ m_rkey[181])); + m_temp[2] = rotrConstant<3>((m_temp[1] ^ m_rkey[190]) + (m_temp[2] ^ m_rkey[191])); + m_temp[1] = rotrConstant<5>((m_temp[0] ^ m_rkey[188]) + (m_temp[1] ^ m_rkey[189])); + m_temp[0] = rotlConstant<9>((m_temp[3] ^ m_rkey[186]) + (m_temp[0] ^ m_rkey[187])); + } + + PutBlock oblock(xorBlock, outBlock); + oblock(m_temp[0])(m_temp[1])(m_temp[2])(m_temp[3]); +} + +void LEA::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const +{ + // Do not cast the buffer. It will SIGBUS on some ARM and SPARC. + GetBlock iblock(inBlock); + iblock(m_temp[0])(m_temp[1])(m_temp[2])(m_temp[3]); + + if(m_rounds > 28) + { + m_temp[0] = (rotrConstant<9>(m_temp[0]) - (m_temp[3] ^ m_rkey[186])) ^ m_rkey[187]; + m_temp[1] = (rotlConstant<5>(m_temp[1]) - (m_temp[0] ^ m_rkey[188])) ^ m_rkey[189]; + m_temp[2] = (rotlConstant<3>(m_temp[2]) - (m_temp[1] ^ m_rkey[190])) ^ m_rkey[191]; + m_temp[3] = (rotrConstant<9>(m_temp[3]) - (m_temp[2] ^ m_rkey[180])) ^ m_rkey[181]; + m_temp[0] = (rotlConstant<5>(m_temp[0]) - (m_temp[3] ^ m_rkey[182])) ^ m_rkey[183]; + m_temp[1] = (rotlConstant<3>(m_temp[1]) - (m_temp[0] ^ m_rkey[184])) ^ m_rkey[185]; + m_temp[2] = (rotrConstant<9>(m_temp[2]) - (m_temp[1] ^ m_rkey[174])) ^ m_rkey[175]; + m_temp[3] = (rotlConstant<5>(m_temp[3]) - (m_temp[2] ^ m_rkey[176])) ^ m_rkey[177]; + m_temp[0] = (rotlConstant<3>(m_temp[0]) - (m_temp[3] ^ m_rkey[178])) ^ m_rkey[179]; + m_temp[1] = (rotrConstant<9>(m_temp[1]) - (m_temp[0] ^ m_rkey[168])) ^ m_rkey[169]; + m_temp[2] = (rotlConstant<5>(m_temp[2]) - (m_temp[1] ^ m_rkey[170])) ^ m_rkey[171]; + m_temp[3] = (rotlConstant<3>(m_temp[3]) - (m_temp[2] ^ m_rkey[172])) ^ m_rkey[173]; + } + + if(m_rounds > 24) + { + m_temp[0] = (rotrConstant<9>(m_temp[0]) - (m_temp[3] ^ m_rkey[162])) ^ m_rkey[163]; + m_temp[1] = (rotlConstant<5>(m_temp[1]) - (m_temp[0] ^ m_rkey[164])) ^ m_rkey[165]; + m_temp[2] = (rotlConstant<3>(m_temp[2]) - (m_temp[1] ^ m_rkey[166])) ^ m_rkey[167]; + m_temp[3] = (rotrConstant<9>(m_temp[3]) - (m_temp[2] ^ m_rkey[156])) ^ m_rkey[157]; + m_temp[0] = (rotlConstant<5>(m_temp[0]) - (m_temp[3] ^ m_rkey[158])) ^ m_rkey[159]; + m_temp[1] = (rotlConstant<3>(m_temp[1]) - (m_temp[0] ^ m_rkey[160])) ^ m_rkey[161]; + m_temp[2] = (rotrConstant<9>(m_temp[2]) - (m_temp[1] ^ m_rkey[150])) ^ m_rkey[151]; + m_temp[3] = (rotlConstant<5>(m_temp[3]) - (m_temp[2] ^ m_rkey[152])) ^ m_rkey[153]; + m_temp[0] = (rotlConstant<3>(m_temp[0]) - (m_temp[3] ^ m_rkey[154])) ^ m_rkey[155]; + m_temp[1] = (rotrConstant<9>(m_temp[1]) - (m_temp[0] ^ m_rkey[144])) ^ m_rkey[145]; + m_temp[2] = (rotlConstant<5>(m_temp[2]) - (m_temp[1] ^ m_rkey[146])) ^ m_rkey[147]; + m_temp[3] = (rotlConstant<3>(m_temp[3]) - (m_temp[2] ^ m_rkey[148])) ^ m_rkey[149]; + } + + m_temp[0] = (rotrConstant<9>(m_temp[0]) - (m_temp[3] ^ m_rkey[138])) ^ m_rkey[139]; + m_temp[1] = (rotlConstant<5>(m_temp[1]) - (m_temp[0] ^ m_rkey[140])) ^ m_rkey[141]; + m_temp[2] = (rotlConstant<3>(m_temp[2]) - (m_temp[1] ^ m_rkey[142])) ^ m_rkey[143]; + m_temp[3] = (rotrConstant<9>(m_temp[3]) - (m_temp[2] ^ m_rkey[132])) ^ m_rkey[133]; + m_temp[0] = (rotlConstant<5>(m_temp[0]) - (m_temp[3] ^ m_rkey[134])) ^ m_rkey[135]; + m_temp[1] = (rotlConstant<3>(m_temp[1]) - (m_temp[0] ^ m_rkey[136])) ^ m_rkey[137]; + m_temp[2] = (rotrConstant<9>(m_temp[2]) - (m_temp[1] ^ m_rkey[126])) ^ m_rkey[127]; + m_temp[3] = (rotlConstant<5>(m_temp[3]) - (m_temp[2] ^ m_rkey[128])) ^ m_rkey[129]; + m_temp[0] = (rotlConstant<3>(m_temp[0]) - (m_temp[3] ^ m_rkey[130])) ^ m_rkey[131]; + m_temp[1] = (rotrConstant<9>(m_temp[1]) - (m_temp[0] ^ m_rkey[120])) ^ m_rkey[121]; + m_temp[2] = (rotlConstant<5>(m_temp[2]) - (m_temp[1] ^ m_rkey[122])) ^ m_rkey[123]; + m_temp[3] = (rotlConstant<3>(m_temp[3]) - (m_temp[2] ^ m_rkey[124])) ^ m_rkey[125]; + + m_temp[0] = (rotrConstant<9>(m_temp[0]) - (m_temp[3] ^ m_rkey[114])) ^ m_rkey[115]; + m_temp[1] = (rotlConstant<5>(m_temp[1]) - (m_temp[0] ^ m_rkey[116])) ^ m_rkey[117]; + m_temp[2] = (rotlConstant<3>(m_temp[2]) - (m_temp[1] ^ m_rkey[118])) ^ m_rkey[119]; + m_temp[3] = (rotrConstant<9>(m_temp[3]) - (m_temp[2] ^ m_rkey[108])) ^ m_rkey[109]; + m_temp[0] = (rotlConstant<5>(m_temp[0]) - (m_temp[3] ^ m_rkey[110])) ^ m_rkey[111]; + m_temp[1] = (rotlConstant<3>(m_temp[1]) - (m_temp[0] ^ m_rkey[112])) ^ m_rkey[113]; + m_temp[2] = (rotrConstant<9>(m_temp[2]) - (m_temp[1] ^ m_rkey[102])) ^ m_rkey[103]; + m_temp[3] = (rotlConstant<5>(m_temp[3]) - (m_temp[2] ^ m_rkey[104])) ^ m_rkey[105]; + m_temp[0] = (rotlConstant<3>(m_temp[0]) - (m_temp[3] ^ m_rkey[106])) ^ m_rkey[107]; + m_temp[1] = (rotrConstant<9>(m_temp[1]) - (m_temp[0] ^ m_rkey[ 96])) ^ m_rkey[ 97]; + m_temp[2] = (rotlConstant<5>(m_temp[2]) - (m_temp[1] ^ m_rkey[ 98])) ^ m_rkey[ 99]; + m_temp[3] = (rotlConstant<3>(m_temp[3]) - (m_temp[2] ^ m_rkey[100])) ^ m_rkey[101]; + + m_temp[0] = (rotrConstant<9>(m_temp[0]) - (m_temp[3] ^ m_rkey[ 90])) ^ m_rkey[ 91]; + m_temp[1] = (rotlConstant<5>(m_temp[1]) - (m_temp[0] ^ m_rkey[ 92])) ^ m_rkey[ 93]; + m_temp[2] = (rotlConstant<3>(m_temp[2]) - (m_temp[1] ^ m_rkey[ 94])) ^ m_rkey[ 95]; + m_temp[3] = (rotrConstant<9>(m_temp[3]) - (m_temp[2] ^ m_rkey[ 84])) ^ m_rkey[ 85]; + m_temp[0] = (rotlConstant<5>(m_temp[0]) - (m_temp[3] ^ m_rkey[ 86])) ^ m_rkey[ 87]; + m_temp[1] = (rotlConstant<3>(m_temp[1]) - (m_temp[0] ^ m_rkey[ 88])) ^ m_rkey[ 89]; + m_temp[2] = (rotrConstant<9>(m_temp[2]) - (m_temp[1] ^ m_rkey[ 78])) ^ m_rkey[ 79]; + m_temp[3] = (rotlConstant<5>(m_temp[3]) - (m_temp[2] ^ m_rkey[ 80])) ^ m_rkey[ 81]; + m_temp[0] = (rotlConstant<3>(m_temp[0]) - (m_temp[3] ^ m_rkey[ 82])) ^ m_rkey[ 83]; + m_temp[1] = (rotrConstant<9>(m_temp[1]) - (m_temp[0] ^ m_rkey[ 72])) ^ m_rkey[ 73]; + m_temp[2] = (rotlConstant<5>(m_temp[2]) - (m_temp[1] ^ m_rkey[ 74])) ^ m_rkey[ 75]; + m_temp[3] = (rotlConstant<3>(m_temp[3]) - (m_temp[2] ^ m_rkey[ 76])) ^ m_rkey[ 77]; + + m_temp[0] = (rotrConstant<9>(m_temp[0]) - (m_temp[3] ^ m_rkey[ 66])) ^ m_rkey[ 67]; + m_temp[1] = (rotlConstant<5>(m_temp[1]) - (m_temp[0] ^ m_rkey[ 68])) ^ m_rkey[ 69]; + m_temp[2] = (rotlConstant<3>(m_temp[2]) - (m_temp[1] ^ m_rkey[ 70])) ^ m_rkey[ 71]; + m_temp[3] = (rotrConstant<9>(m_temp[3]) - (m_temp[2] ^ m_rkey[ 60])) ^ m_rkey[ 61]; + m_temp[0] = (rotlConstant<5>(m_temp[0]) - (m_temp[3] ^ m_rkey[ 62])) ^ m_rkey[ 63]; + m_temp[1] = (rotlConstant<3>(m_temp[1]) - (m_temp[0] ^ m_rkey[ 64])) ^ m_rkey[ 65]; + m_temp[2] = (rotrConstant<9>(m_temp[2]) - (m_temp[1] ^ m_rkey[ 54])) ^ m_rkey[ 55]; + m_temp[3] = (rotlConstant<5>(m_temp[3]) - (m_temp[2] ^ m_rkey[ 56])) ^ m_rkey[ 57]; + m_temp[0] = (rotlConstant<3>(m_temp[0]) - (m_temp[3] ^ m_rkey[ 58])) ^ m_rkey[ 59]; + m_temp[1] = (rotrConstant<9>(m_temp[1]) - (m_temp[0] ^ m_rkey[ 48])) ^ m_rkey[ 49]; + m_temp[2] = (rotlConstant<5>(m_temp[2]) - (m_temp[1] ^ m_rkey[ 50])) ^ m_rkey[ 51]; + m_temp[3] = (rotlConstant<3>(m_temp[3]) - (m_temp[2] ^ m_rkey[ 52])) ^ m_rkey[ 53]; + + m_temp[0] = (rotrConstant<9>(m_temp[0]) - (m_temp[3] ^ m_rkey[ 42])) ^ m_rkey[ 43]; + m_temp[1] = (rotlConstant<5>(m_temp[1]) - (m_temp[0] ^ m_rkey[ 44])) ^ m_rkey[ 45]; + m_temp[2] = (rotlConstant<3>(m_temp[2]) - (m_temp[1] ^ m_rkey[ 46])) ^ m_rkey[ 47]; + m_temp[3] = (rotrConstant<9>(m_temp[3]) - (m_temp[2] ^ m_rkey[ 36])) ^ m_rkey[ 37]; + m_temp[0] = (rotlConstant<5>(m_temp[0]) - (m_temp[3] ^ m_rkey[ 38])) ^ m_rkey[ 39]; + m_temp[1] = (rotlConstant<3>(m_temp[1]) - (m_temp[0] ^ m_rkey[ 40])) ^ m_rkey[ 41]; + m_temp[2] = (rotrConstant<9>(m_temp[2]) - (m_temp[1] ^ m_rkey[ 30])) ^ m_rkey[ 31]; + m_temp[3] = (rotlConstant<5>(m_temp[3]) - (m_temp[2] ^ m_rkey[ 32])) ^ m_rkey[ 33]; + m_temp[0] = (rotlConstant<3>(m_temp[0]) - (m_temp[3] ^ m_rkey[ 34])) ^ m_rkey[ 35]; + m_temp[1] = (rotrConstant<9>(m_temp[1]) - (m_temp[0] ^ m_rkey[ 24])) ^ m_rkey[ 25]; + m_temp[2] = (rotlConstant<5>(m_temp[2]) - (m_temp[1] ^ m_rkey[ 26])) ^ m_rkey[ 27]; + m_temp[3] = (rotlConstant<3>(m_temp[3]) - (m_temp[2] ^ m_rkey[ 28])) ^ m_rkey[ 29]; + + m_temp[0] = (rotrConstant<9>(m_temp[0]) - (m_temp[3] ^ m_rkey[ 18])) ^ m_rkey[ 19]; + m_temp[1] = (rotlConstant<5>(m_temp[1]) - (m_temp[0] ^ m_rkey[ 20])) ^ m_rkey[ 21]; + m_temp[2] = (rotlConstant<3>(m_temp[2]) - (m_temp[1] ^ m_rkey[ 22])) ^ m_rkey[ 23]; + m_temp[3] = (rotrConstant<9>(m_temp[3]) - (m_temp[2] ^ m_rkey[ 12])) ^ m_rkey[ 13]; + m_temp[0] = (rotlConstant<5>(m_temp[0]) - (m_temp[3] ^ m_rkey[ 14])) ^ m_rkey[ 15]; + m_temp[1] = (rotlConstant<3>(m_temp[1]) - (m_temp[0] ^ m_rkey[ 16])) ^ m_rkey[ 17]; + m_temp[2] = (rotrConstant<9>(m_temp[2]) - (m_temp[1] ^ m_rkey[ 6])) ^ m_rkey[ 7]; + m_temp[3] = (rotlConstant<5>(m_temp[3]) - (m_temp[2] ^ m_rkey[ 8])) ^ m_rkey[ 9]; + m_temp[0] = (rotlConstant<3>(m_temp[0]) - (m_temp[3] ^ m_rkey[ 10])) ^ m_rkey[ 11]; + m_temp[1] = (rotrConstant<9>(m_temp[1]) - (m_temp[0] ^ m_rkey[ 0])) ^ m_rkey[ 1]; + m_temp[2] = (rotlConstant<5>(m_temp[2]) - (m_temp[1] ^ m_rkey[ 2])) ^ m_rkey[ 3]; + m_temp[3] = (rotlConstant<3>(m_temp[3]) - (m_temp[2] ^ m_rkey[ 4])) ^ m_rkey[ 5]; + + PutBlock oblock(xorBlock, outBlock); + oblock(m_temp[0])(m_temp[1])(m_temp[2])(m_temp[3]); +} + +#if CRYPTOPP_LEA_ADVANCED_PROCESS_BLOCKS +size_t LEA::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, + byte *outBlocks, size_t length, word32 flags) const +{ +#if defined(CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) { + return LEA_Enc_AdvancedProcessBlocks_SSSE3(m_rkey, m_rounds, + inBlocks, xorBlocks, outBlocks, length, flags); + } +#endif +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + return LEA_Enc_AdvancedProcessBlocks_NEON(m_rkey, (size_t)m_rounds, + inBlocks, xorBlocks, outBlocks, length, flags); +#endif + return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t LEA::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, + byte *outBlocks, size_t length, word32 flags) const +{ +#if defined(CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) { + return LEA_Dec_AdvancedProcessBlocks_SSSE3(m_rkey, m_rounds, + inBlocks, xorBlocks, outBlocks, length, flags); + } +#endif +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + return LEA_Dec_AdvancedProcessBlocks_NEON(m_rkey, (size_t)m_rounds, + inBlocks, xorBlocks, outBlocks, length, flags); +#endif + return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_LEA_ADVANCED_PROCESS_BLOCKS + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/lea.h b/vendor/cryptopp/vendor_cryptopp/lea.h new file mode 100644 index 00000000..a3482d5d --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/lea.h @@ -0,0 +1,106 @@ +// lea.h - written and placed in the public domain by Kim Sung Hee and Jeffrey Walton +// Based on "LEA: A 128-Bit Block Cipher for Fast Encryption on Common +// Processors" by Deukjo Hong, Jung-Keun Lee, Dong-Chan Kim, Daesung Kwon, +// Kwon Ho Ryu, and Dong-Geon Lee. + +/// \file lea.h +/// \brief Classes for the LEA block cipher +/// \since Crypto++ 8.0 + +#ifndef CRYPTOPP_LEA_H +#define CRYPTOPP_LEA_H + +#include "config.h" +#include "seckey.h" +#include "secblock.h" +#include "algparam.h" + +#if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8) +# define CRYPTOPP_LEA_ADVANCED_PROCESS_BLOCKS 1 +#endif + +// Yet another SunStudio/SunCC workaround. Failed self tests +// in SSE code paths on i386 for SunStudio 12.3 and below. +#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5120) +# undef CRYPTOPP_LEA_ADVANCED_PROCESS_BLOCKS +#endif + +NAMESPACE_BEGIN(CryptoPP) + +/// \brief LEA block cipher information +/// \since Crypto++ 8.0 +struct LEA_Info : public FixedBlockSize<16>, public VariableKeyLength<16,16,32,8> +{ + /// \brief The algorithm name + /// \returns the algorithm name + /// \details StaticAlgorithmName returns the algorithm's name as a static + /// member function. + static const std::string StaticAlgorithmName() + { + // Format is Cipher-Blocksize + return "LEA-128"; + } +}; + +/// \brief LEA 128-bit block cipher +/// \details LEA provides 128-bit block size. The valid key size is 128-bits, 192-bits and 256-bits. +/// \note Crypto++ provides a byte oriented implementation +/// \sa LEA, +/// +/// LEA: A 128-Bit Block Cipher for Fast Encryption on Common Processors +/// \since Crypto++ 8.0 +class CRYPTOPP_NO_VTABLE LEA : public LEA_Info, public BlockCipherDocumentation +{ +public: + /// \brief LEA block cipher transformation functions + /// \details Provides implementation common to encryption and decryption + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + protected: + void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); + std::string AlgorithmProvider() const; + + SecBlock m_rkey; + mutable SecBlock m_temp; + unsigned int m_rounds; + }; + + /// \brief Encryption transformation + /// \details Enc provides implementation for encryption transformation. All key and block + /// sizes are supported. + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + +#if CRYPTOPP_LEA_ADVANCED_PROCESS_BLOCKS + size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; +#endif + }; + + /// \brief Encryption transformation + /// \details Dec provides implementation for decryption transformation. All key and block + /// sizes are supported. + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + +#if CRYPTOPP_LEA_ADVANCED_PROCESS_BLOCKS + size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; +#endif + }; + + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef LEA::Encryption LEAEncryption; +typedef LEA::Decryption LEADecryption; + +NAMESPACE_END + +#endif // CRYPTOPP_LEA_H diff --git a/vendor/cryptopp/vendor_cryptopp/lea_simd.cpp b/vendor/cryptopp/vendor_cryptopp/lea_simd.cpp new file mode 100644 index 00000000..8278330e --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/lea_simd.cpp @@ -0,0 +1,1067 @@ +// lea_simd.cpp - written and placed in the public domain by Jeffrey Walton +// +// This source file uses intrinsics and built-ins to gain access to +// SSSE3, ARM NEON and ARMv8a, and Power8 Altivec instructions. A separate +// source file is needed because additional CXXFLAGS are required to enable +// the appropriate instructions sets in some build configurations. + +#include "pch.h" +#include "config.h" + +#include "lea.h" +#include "misc.h" +#include "adv_simd.h" + +// Uncomment for benchmarking C++ against SSE or NEON. +// Do so in both simon.cpp and simon-simd.cpp. +// #undef CRYPTOPP_SSSE3_AVAILABLE +// #undef CRYPTOPP_ARM_NEON_AVAILABLE + +#if (CRYPTOPP_SSSE3_AVAILABLE) +# include +# include +#endif + +#if defined(__XOP__) +# include +#endif + +#if defined(__AVX512F__) && defined(__AVX512VL__) +# define CRYPTOPP_AVX512_ROTATE 1 +# include +#endif + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +# include +#endif + +// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many +// compilers don't follow ACLE conventions for the include. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +# include +#endif + +// Do not port this to POWER architecture. Naively we hoped +// for a 2x to 3x speedup. The result was a 5x slow down +// because of the rotates and scattered loads. +// +// C++: +// LEA-128(128)/CTR (128-bit key)C++20715.640.5932015 +// LEA-128(192)/CTR (192-bit key)C++18617.480.6992378 +// LEA-128(256)/CTR (256-bit key)C++12426.20.8422861 +// +// Power8: +// LEA-128(128)/CTR (128-bit key)Power83788.70.5952023 +// LEA-128(192)/CTR (192-bit key)Power84082.10.6992375 +// LEA-128(256)/CTR (256-bit key)Power828116.01.0063419 + +#undef CRYPTOPP_POWER8_AVAILABLE +#if defined(CRYPTOPP_POWER8_AVAILABLE) +# include "ppc_simd.h" +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char LEA_SIMD_FNAME[] = __FILE__; + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::word32; + +// *************************** ARM NEON ***************************// + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + +inline uint32x4_t Xor(const uint32x4_t& a, const uint32x4_t& b) +{ + return veorq_u32(a, b); +} + +inline uint32x4_t Add(const uint32x4_t& a, const uint32x4_t& b) +{ + return vaddq_u32(a, b); +} + +inline uint32x4_t Sub(const uint32x4_t& a, const uint32x4_t& b) +{ + return vsubq_u32(a, b); +} + +template +inline uint32x4_t RotateLeft(const uint32x4_t& val) +{ + const uint32x4_t a(vshlq_n_u32(val, R)); + const uint32x4_t b(vshrq_n_u32(val, 32 - R)); + return vorrq_u32(a, b); +} + +template +inline uint32x4_t RotateRight(const uint32x4_t& val) +{ + const uint32x4_t a(vshlq_n_u32(val, 32 - R)); + const uint32x4_t b(vshrq_n_u32(val, R)); + return vorrq_u32(a, b); +} + +#if defined(__aarch32__) || defined(__aarch64__) +template <> +inline uint32x4_t RotateLeft<8>(const uint32x4_t& val) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8_t maskb[16] = { 14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3 }; + const uint8x16_t mask = vld1q_u8(maskb); +#else + const uint8_t maskb[16] = { 3,0,1,2, 7,4,5,6, 11,8,9,10, 15,12,13,14 }; + const uint8x16_t mask = vld1q_u8(maskb); +#endif + + return vreinterpretq_u32_u8( + vqtbl1q_u8(vreinterpretq_u8_u32(val), mask)); +} + +template <> +inline uint32x4_t RotateRight<8>(const uint32x4_t& val) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8_t maskb[16] = { 12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1 }; + const uint8x16_t mask = vld1q_u8(maskb); +#else + const uint8_t maskb[16] = { 1,2,3,0, 5,6,7,4, 9,10,11,8, 13,14,14,12 }; + const uint8x16_t mask = vld1q_u8(maskb); +#endif + + return vreinterpretq_u32_u8( + vqtbl1q_u8(vreinterpretq_u8_u32(val), mask)); +} +#endif + +uint32x4_t UnpackLow32(uint32x4_t a, uint32x4_t b) +{ + uint32x2_t a1 = vget_low_u32(a); + uint32x2_t b1 = vget_low_u32(b); + uint32x2x2_t result = vzip_u32(a1, b1); + return vcombine_u32(result.val[0], result.val[1]); +} + +uint32x4_t UnpackHigh32(uint32x4_t a, uint32x4_t b) +{ + uint32x2_t a1 = vget_high_u32(a); + uint32x2_t b1 = vget_high_u32(b); + uint32x2x2_t result = vzip_u32(a1, b1); + return vcombine_u32(result.val[0], result.val[1]); +} + +uint32x4_t UnpackLow64(uint32x4_t a, uint32x4_t b) +{ + uint64x1_t a1 = vget_low_u64((uint64x2_t)a); + uint64x1_t b1 = vget_low_u64((uint64x2_t)b); + return (uint32x4_t)vcombine_u64(a1, b1); +} + +uint32x4_t UnpackHigh64(uint32x4_t a, uint32x4_t b) +{ + uint64x1_t a1 = vget_high_u64((uint64x2_t)a); + uint64x1_t b1 = vget_high_u64((uint64x2_t)b); + return (uint32x4_t)vcombine_u64(a1, b1); +} + +template +inline uint32x4_t LoadKey(const word32 rkey[]) +{ + return vdupq_n_u32(rkey[IDX]); +} + +template +inline uint32x4_t UnpackNEON(const uint32x4_t& a, const uint32x4_t& b, const uint32x4_t& c, const uint32x4_t& d) +{ + // Should not be instantiated + CRYPTOPP_ASSERT(0);; + return vmovq_n_u32(0); +} + +template <> +inline uint32x4_t UnpackNEON<0>(const uint32x4_t& a, const uint32x4_t& b, const uint32x4_t& c, const uint32x4_t& d) +{ + const uint32x4_t r1 = UnpackLow32(a, b); + const uint32x4_t r2 = UnpackLow32(c, d); + return UnpackLow64(r1, r2); +} + +template <> +inline uint32x4_t UnpackNEON<1>(const uint32x4_t& a, const uint32x4_t& b, const uint32x4_t& c, const uint32x4_t& d) +{ + const uint32x4_t r1 = UnpackLow32(a, b); + const uint32x4_t r2 = UnpackLow32(c, d); + return UnpackHigh64(r1, r2); +} + +template <> +inline uint32x4_t UnpackNEON<2>(const uint32x4_t& a, const uint32x4_t& b, const uint32x4_t& c, const uint32x4_t& d) +{ + const uint32x4_t r1 = UnpackHigh32(a, b); + const uint32x4_t r2 = UnpackHigh32(c, d); + return UnpackLow64(r1, r2); +} + +template <> +inline uint32x4_t UnpackNEON<3>(const uint32x4_t& a, const uint32x4_t& b, const uint32x4_t& c, const uint32x4_t& d) +{ + const uint32x4_t r1 = UnpackHigh32(a, b); + const uint32x4_t r2 = UnpackHigh32(c, d); + return UnpackHigh64(r1, r2); +} + +template +inline uint32x4_t UnpackNEON(const uint32x4_t& v) +{ + // Should not be instantiated + CRYPTOPP_ASSERT(0);; + return vmovq_n_u32(0); +} + +template <> +inline uint32x4_t UnpackNEON<0>(const uint32x4_t& v) +{ + // Splat to all lanes + return vdupq_n_u32(vgetq_lane_u32(v, 0)); +} + +template <> +inline uint32x4_t UnpackNEON<1>(const uint32x4_t& v) +{ + // Splat to all lanes + return vdupq_n_u32(vgetq_lane_u32(v, 1)); +} + +template <> +inline uint32x4_t UnpackNEON<2>(const uint32x4_t& v) +{ + // Splat to all lanes + return vdupq_n_u32(vgetq_lane_u32(v, 2)); +} + +template <> +inline uint32x4_t UnpackNEON<3>(const uint32x4_t& v) +{ + // Splat to all lanes + return vdupq_n_u32(vgetq_lane_u32(v, 3)); +} + +template +inline uint32x4_t RepackNEON(const uint32x4_t& a, const uint32x4_t& b, const uint32x4_t& c, const uint32x4_t& d) +{ + return UnpackNEON(a, b, c, d); +} + +template +inline uint32x4_t RepackNEON(const uint32x4_t& v) +{ + return UnpackNEON(v); +} + +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +// *************************** IA-32 ***************************// + +#if (CRYPTOPP_SSSE3_AVAILABLE) + +inline __m128i Xor(const __m128i& a, const __m128i& b) +{ + return _mm_xor_si128(a, b); +} + +inline __m128i Add(const __m128i& a, const __m128i& b) +{ + return _mm_add_epi32(a, b); +} + +inline __m128i Sub(const __m128i& a, const __m128i& b) +{ + return _mm_sub_epi32(a, b); +} + +template +inline __m128i RotateLeft(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, R); +#else + return _mm_or_si128( + _mm_slli_epi32(val, R), _mm_srli_epi32(val, 32-R)); +#endif +} + +template +inline __m128i RotateRight(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 32-R); +#else + return _mm_or_si128( + _mm_slli_epi32(val, 32-R), _mm_srli_epi32(val, R)); +#endif +} + +// Faster than two Shifts and an Or. +template <> +inline __m128i RotateLeft<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 8); +#else + const __m128i mask = _mm_set_epi8(14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3); + return _mm_shuffle_epi8(val, mask); +#endif +} + +// Faster than two Shifts and an Or. +template <> +inline __m128i RotateRight<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 32-8); +#else + const __m128i mask = _mm_set_epi8(12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1); + return _mm_shuffle_epi8(val, mask); +#endif +} + +template +inline __m128i LoadKey(const word32 rkey[]) +{ + float rk; std::memcpy(&rk, rkey+IDX, sizeof(rk)); + return _mm_castps_si128(_mm_load_ps1(&rk)); +} + +template +inline __m128i UnpackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + // Should not be instantiated + CRYPTOPP_UNUSED(a); CRYPTOPP_UNUSED(b); + CRYPTOPP_UNUSED(c); CRYPTOPP_UNUSED(d); + CRYPTOPP_ASSERT(0); + return _mm_setzero_si128(); +} + +template <> +inline __m128i UnpackXMM<0>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + // LEA is little-endian oriented, so there is no need for a separate shuffle. + const __m128i r1 = _mm_unpacklo_epi32(a, b); + const __m128i r2 = _mm_unpacklo_epi32(c, d); + return _mm_unpacklo_epi64(r1, r2); +} + +template <> +inline __m128i UnpackXMM<1>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + // LEA is little-endian oriented, so there is no need for a separate shuffle. + const __m128i r1 = _mm_unpacklo_epi32(a, b); + const __m128i r2 = _mm_unpacklo_epi32(c, d); + return _mm_unpackhi_epi64(r1, r2); +} + +template <> +inline __m128i UnpackXMM<2>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + // LEA is little-endian oriented, so there is no need for a separate shuffle. + const __m128i r1 = _mm_unpackhi_epi32(a, b); + const __m128i r2 = _mm_unpackhi_epi32(c, d); + return _mm_unpacklo_epi64(r1, r2); +} + +template <> +inline __m128i UnpackXMM<3>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + // LEA is little-endian oriented, so there is no need for a separate shuffle. + const __m128i r1 = _mm_unpackhi_epi32(a, b); + const __m128i r2 = _mm_unpackhi_epi32(c, d); + return _mm_unpackhi_epi64(r1, r2); +} + +template +inline __m128i UnpackXMM(const __m128i& v) +{ + // Should not be instantiated + CRYPTOPP_UNUSED(v); CRYPTOPP_ASSERT(0); + return _mm_setzero_si128(); +} + +template <> +inline __m128i UnpackXMM<0>(const __m128i& v) +{ + // Splat to all lanes + return _mm_shuffle_epi8(v, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0)); +} + +template <> +inline __m128i UnpackXMM<1>(const __m128i& v) +{ + // Splat to all lanes + return _mm_shuffle_epi8(v, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4)); +} + +template <> +inline __m128i UnpackXMM<2>(const __m128i& v) +{ + // Splat to all lanes + return _mm_shuffle_epi8(v, _mm_set_epi8(11,10,9,8, 11,10,9,8, 11,10,9,8, 11,10,9,8)); +} + +template <> +inline __m128i UnpackXMM<3>(const __m128i& v) +{ + // Splat to all lanes + return _mm_shuffle_epi8(v, _mm_set_epi8(15,14,13,12, 15,14,13,12, 15,14,13,12, 15,14,13,12)); +} + +template +inline __m128i RepackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + return UnpackXMM(a, b, c, d); +} + +template +inline __m128i RepackXMM(const __m128i& v) +{ + return UnpackXMM(v); +} + +#endif // CRYPTOPP_SSSE3_AVAILABLE + +// *************************** Power8 ***************************// + +#if (CRYPTOPP_POWER8_AVAILABLE) + +using CryptoPP::uint8x16_p; +using CryptoPP::uint32x4_p; +using CryptoPP::uint64x2_p; + +inline uint32x4_p Xor(const uint32x4_p& a, const uint32x4_p& b) +{ + return VecXor(a, b); +} + +inline uint32x4_p Add(const uint32x4_p& a, const uint32x4_p& b) +{ + return VecAdd(a, b); +} + +inline uint32x4_p Sub(const uint32x4_p& a, const uint32x4_p& b) +{ + return VecSub(a, b); +} + +template +inline uint32x4_p RotateLeft(const uint32x4_p& val) +{ + const uint32x4_p m = {R, R, R, R}; + return vec_rl(val, m); +} + +template +inline uint32x4_p RotateRight(const uint32x4_p& val) +{ + const uint32x4_p m = {32-R, 32-R, 32-R, 32-R}; + return vec_rl(val, m); +} + +template +inline uint32x4_p LoadKey(const word32 rkey[]) +{ + return vec_splats(rkey[IDX]); +} + +template +inline uint32x4_p UnpackSIMD(const uint32x4_p& a, const uint32x4_p& b, const uint32x4_p& c, const uint32x4_p& d) +{ + // Should not be instantiated + CRYPTOPP_UNUSED(a); CRYPTOPP_UNUSED(b); + CRYPTOPP_UNUSED(c); CRYPTOPP_UNUSED(d); + CRYPTOPP_ASSERT(0); + return VecXor(a, a); +} + +template <> +inline uint32x4_p UnpackSIMD<0>(const uint32x4_p& a, const uint32x4_p& b, const uint32x4_p& c, const uint32x4_p& d) +{ + const uint64x2_p r1 = (uint64x2_p)vec_mergel(a, b); + const uint64x2_p r2 = (uint64x2_p)vec_mergel(c, d); + return (uint32x4_p)vec_mergel(r1, r2); +} + +template <> +inline uint32x4_p UnpackSIMD<1>(const uint32x4_p& a, const uint32x4_p& b, const uint32x4_p& c, const uint32x4_p& d) +{ + const uint64x2_p r1 = (uint64x2_p)vec_mergel(a, b); + const uint64x2_p r2 = (uint64x2_p)vec_mergel(c, d); + return (uint32x4_p)vec_mergeh(r1, r2); +} + +template <> +inline uint32x4_p UnpackSIMD<2>(const uint32x4_p& a, const uint32x4_p& b, const uint32x4_p& c, const uint32x4_p& d) +{ + const uint64x2_p r1 = (uint64x2_p)vec_mergeh(a, b); + const uint64x2_p r2 = (uint64x2_p)vec_mergeh(c, d); + return (uint32x4_p)vec_mergel(r1, r2); +} + +template <> +inline uint32x4_p UnpackSIMD<3>(const uint32x4_p& a, const uint32x4_p& b, const uint32x4_p& c, const uint32x4_p& d) +{ + const uint64x2_p r1 = (uint64x2_p)vec_mergeh(a, b); + const uint64x2_p r2 = (uint64x2_p)vec_mergeh(c, d); + return (uint32x4_p)vec_mergeh(r1, r2); +} + +template +inline uint32x4_p UnpackSIMD(const uint32x4_p& v) +{ + // Should not be instantiated + CRYPTOPP_ASSERT(0); + return VecXor(v, v); +} + +template <> +inline uint32x4_p UnpackSIMD<0>(const uint32x4_p& v) +{ + // Splat to all lanes + const uint8x16_p m = {3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0}; + return (uint32x4_p)VecPermute(v, v, m); +} + +template <> +inline uint32x4_p UnpackSIMD<1>(const uint32x4_p& v) +{ + // Splat to all lanes + const uint8x16_p m = {7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4}; + return (uint32x4_p)VecPermute(v, v, m); +} + +template <> +inline uint32x4_p UnpackSIMD<2>(const uint32x4_p& v) +{ + // Splat to all lanes + const uint8x16_p m = {11,10,9,8, 11,10,9,8, 11,10,9,8, 11,10,9,8}; + return (uint32x4_p)VecPermute(v, v, m); +} + +template <> +inline uint32x4_p UnpackSIMD<3>(const uint32x4_p& v) +{ + // Splat to all lanes + const uint8x16_p m = {15,14,13,12, 15,14,13,12, 15,14,13,12, 15,14,13,12}; + return (uint32x4_p)VecPermute(v, v, m); +} + +template +inline uint32x4_p RepackSIMD(const uint32x4_p& a, const uint32x4_p& b, const uint32x4_p& c, const uint32x4_p& d) +{ + return UnpackSIMD(a, b, c, d); +} + +template +inline uint32x4_p RepackSIMD(const uint32x4_p& v) +{ + return UnpackSIMD(v); +} + +#endif // CRYPTOPP_POWER8_AVAILABLE + +// *************************** LEA Encryption ***************************// + +#if (CRYPTOPP_ARM_NEON_AVAILABLE || CRYPTOPP_SSSE3_AVAILABLE) + +template +inline void LEA_Encryption(W temp[4], const word32 *subkeys, unsigned int rounds) +{ + temp[3] = RotateRight<3>(Add(Xor(temp[2], LoadKey<4>(subkeys)), Xor(temp[3], LoadKey<5>(subkeys)))); + temp[2] = RotateRight<5>(Add(Xor(temp[1], LoadKey<2>(subkeys)), Xor(temp[2], LoadKey<3>(subkeys)))); + temp[1] = RotateLeft<9>(Add(Xor(temp[0], LoadKey<0>(subkeys)), Xor(temp[1], LoadKey<1>(subkeys)))); + temp[0] = RotateRight<3>(Add(Xor(temp[3], LoadKey<10>(subkeys)), Xor(temp[0], LoadKey<11>(subkeys)))); + temp[3] = RotateRight<5>(Add(Xor(temp[2], LoadKey<8>(subkeys)), Xor(temp[3], LoadKey<9>(subkeys)))); + temp[2] = RotateLeft<9>(Add(Xor(temp[1], LoadKey<6>(subkeys)), Xor(temp[2], LoadKey<7>(subkeys)))); + temp[1] = RotateRight<3>(Add(Xor(temp[0], LoadKey<16>(subkeys)), Xor(temp[1], LoadKey<17>(subkeys)))); + temp[0] = RotateRight<5>(Add(Xor(temp[3], LoadKey<14>(subkeys)), Xor(temp[0], LoadKey<15>(subkeys)))); + temp[3] = RotateLeft<9>(Add(Xor(temp[2], LoadKey<12>(subkeys)), Xor(temp[3], LoadKey<13>(subkeys)))); + temp[2] = RotateRight<3>(Add(Xor(temp[1], LoadKey<22>(subkeys)), Xor(temp[2], LoadKey<23>(subkeys)))); + temp[1] = RotateRight<5>(Add(Xor(temp[0], LoadKey<20>(subkeys)), Xor(temp[1], LoadKey<21>(subkeys)))); + temp[0] = RotateLeft<9>(Add(Xor(temp[3], LoadKey<18>(subkeys)), Xor(temp[0], LoadKey<19>(subkeys)))); + + temp[3] = RotateRight<3>(Add(Xor(temp[2], LoadKey<28>(subkeys)), Xor(temp[3], LoadKey<29>(subkeys)))); + temp[2] = RotateRight<5>(Add(Xor(temp[1], LoadKey<26>(subkeys)), Xor(temp[2], LoadKey<27>(subkeys)))); + temp[1] = RotateLeft<9>(Add(Xor(temp[0], LoadKey<24>(subkeys)), Xor(temp[1], LoadKey<25>(subkeys)))); + temp[0] = RotateRight<3>(Add(Xor(temp[3], LoadKey<34>(subkeys)), Xor(temp[0], LoadKey<35>(subkeys)))); + temp[3] = RotateRight<5>(Add(Xor(temp[2], LoadKey<32>(subkeys)), Xor(temp[3], LoadKey<33>(subkeys)))); + temp[2] = RotateLeft<9>(Add(Xor(temp[1], LoadKey<30>(subkeys)), Xor(temp[2], LoadKey<31>(subkeys)))); + temp[1] = RotateRight<3>(Add(Xor(temp[0], LoadKey<40>(subkeys)), Xor(temp[1], LoadKey<41>(subkeys)))); + temp[0] = RotateRight<5>(Add(Xor(temp[3], LoadKey<38>(subkeys)), Xor(temp[0], LoadKey<39>(subkeys)))); + temp[3] = RotateLeft<9>(Add(Xor(temp[2], LoadKey<36>(subkeys)), Xor(temp[3], LoadKey<37>(subkeys)))); + temp[2] = RotateRight<3>(Add(Xor(temp[1], LoadKey<46>(subkeys)), Xor(temp[2], LoadKey<47>(subkeys)))); + temp[1] = RotateRight<5>(Add(Xor(temp[0], LoadKey<44>(subkeys)), Xor(temp[1], LoadKey<45>(subkeys)))); + temp[0] = RotateLeft<9>(Add(Xor(temp[3], LoadKey<42>(subkeys)), Xor(temp[0], LoadKey<43>(subkeys)))); + + temp[3] = RotateRight<3>(Add(Xor(temp[2], LoadKey<52>(subkeys)), Xor(temp[3], LoadKey<53>(subkeys)))); + temp[2] = RotateRight<5>(Add(Xor(temp[1], LoadKey<50>(subkeys)), Xor(temp[2], LoadKey<51>(subkeys)))); + temp[1] = RotateLeft<9>(Add(Xor(temp[0], LoadKey<48>(subkeys)), Xor(temp[1], LoadKey<49>(subkeys)))); + temp[0] = RotateRight<3>(Add(Xor(temp[3], LoadKey<58>(subkeys)), Xor(temp[0], LoadKey<59>(subkeys)))); + temp[3] = RotateRight<5>(Add(Xor(temp[2], LoadKey<56>(subkeys)), Xor(temp[3], LoadKey<57>(subkeys)))); + temp[2] = RotateLeft<9>(Add(Xor(temp[1], LoadKey<54>(subkeys)), Xor(temp[2], LoadKey<55>(subkeys)))); + temp[1] = RotateRight<3>(Add(Xor(temp[0], LoadKey<64>(subkeys)), Xor(temp[1], LoadKey<65>(subkeys)))); + temp[0] = RotateRight<5>(Add(Xor(temp[3], LoadKey<62>(subkeys)), Xor(temp[0], LoadKey<63>(subkeys)))); + temp[3] = RotateLeft<9>(Add(Xor(temp[2], LoadKey<60>(subkeys)), Xor(temp[3], LoadKey<61>(subkeys)))); + temp[2] = RotateRight<3>(Add(Xor(temp[1], LoadKey<70>(subkeys)), Xor(temp[2], LoadKey<71>(subkeys)))); + temp[1] = RotateRight<5>(Add(Xor(temp[0], LoadKey<68>(subkeys)), Xor(temp[1], LoadKey<69>(subkeys)))); + temp[0] = RotateLeft<9>(Add(Xor(temp[3], LoadKey<66>(subkeys)), Xor(temp[0], LoadKey<67>(subkeys)))); + + temp[3] = RotateRight<3>(Add(Xor(temp[2], LoadKey<76>(subkeys)), Xor(temp[3], LoadKey<77>(subkeys)))); + temp[2] = RotateRight<5>(Add(Xor(temp[1], LoadKey<74>(subkeys)), Xor(temp[2], LoadKey<75>(subkeys)))); + temp[1] = RotateLeft<9>(Add(Xor(temp[0], LoadKey<72>(subkeys)), Xor(temp[1], LoadKey<73>(subkeys)))); + temp[0] = RotateRight<3>(Add(Xor(temp[3], LoadKey<82>(subkeys)), Xor(temp[0], LoadKey<83>(subkeys)))); + temp[3] = RotateRight<5>(Add(Xor(temp[2], LoadKey<80>(subkeys)), Xor(temp[3], LoadKey<81>(subkeys)))); + temp[2] = RotateLeft<9>(Add(Xor(temp[1], LoadKey<78>(subkeys)), Xor(temp[2], LoadKey<79>(subkeys)))); + temp[1] = RotateRight<3>(Add(Xor(temp[0], LoadKey<88>(subkeys)), Xor(temp[1], LoadKey<89>(subkeys)))); + temp[0] = RotateRight<5>(Add(Xor(temp[3], LoadKey<86>(subkeys)), Xor(temp[0], LoadKey<87>(subkeys)))); + temp[3] = RotateLeft<9>(Add(Xor(temp[2], LoadKey<84>(subkeys)), Xor(temp[3], LoadKey<85>(subkeys)))); + temp[2] = RotateRight<3>(Add(Xor(temp[1], LoadKey<94>(subkeys)), Xor(temp[2], LoadKey<95>(subkeys)))); + temp[1] = RotateRight<5>(Add(Xor(temp[0], LoadKey<92>(subkeys)), Xor(temp[1], LoadKey<93>(subkeys)))); + temp[0] = RotateLeft<9>(Add(Xor(temp[3], LoadKey<90>(subkeys)), Xor(temp[0], LoadKey<91>(subkeys)))); + + temp[3] = RotateRight<3>(Add(Xor(temp[2], LoadKey<100>(subkeys)), Xor(temp[3], LoadKey<101>(subkeys)))); + temp[2] = RotateRight<5>(Add(Xor(temp[1], LoadKey<98>(subkeys)), Xor(temp[2], LoadKey<99>(subkeys)))); + temp[1] = RotateLeft<9>(Add(Xor(temp[0], LoadKey<96>(subkeys)), Xor(temp[1], LoadKey<97>(subkeys)))); + temp[0] = RotateRight<3>(Add(Xor(temp[3], LoadKey<106>(subkeys)), Xor(temp[0], LoadKey<107>(subkeys)))); + temp[3] = RotateRight<5>(Add(Xor(temp[2], LoadKey<104>(subkeys)), Xor(temp[3], LoadKey<105>(subkeys)))); + temp[2] = RotateLeft<9>(Add(Xor(temp[1], LoadKey<102>(subkeys)), Xor(temp[2], LoadKey<103>(subkeys)))); + temp[1] = RotateRight<3>(Add(Xor(temp[0], LoadKey<112>(subkeys)), Xor(temp[1], LoadKey<113>(subkeys)))); + temp[0] = RotateRight<5>(Add(Xor(temp[3], LoadKey<110>(subkeys)), Xor(temp[0], LoadKey<111>(subkeys)))); + temp[3] = RotateLeft<9>(Add(Xor(temp[2], LoadKey<108>(subkeys)), Xor(temp[3], LoadKey<109>(subkeys)))); + temp[2] = RotateRight<3>(Add(Xor(temp[1], LoadKey<118>(subkeys)), Xor(temp[2], LoadKey<119>(subkeys)))); + temp[1] = RotateRight<5>(Add(Xor(temp[0], LoadKey<116>(subkeys)), Xor(temp[1], LoadKey<117>(subkeys)))); + temp[0] = RotateLeft<9>(Add(Xor(temp[3], LoadKey<114>(subkeys)), Xor(temp[0], LoadKey<115>(subkeys)))); + + temp[3] = RotateRight<3>(Add(Xor(temp[2], LoadKey<124>(subkeys)), Xor(temp[3], LoadKey<125>(subkeys)))); + temp[2] = RotateRight<5>(Add(Xor(temp[1], LoadKey<122>(subkeys)), Xor(temp[2], LoadKey<123>(subkeys)))); + temp[1] = RotateLeft<9>(Add(Xor(temp[0], LoadKey<120>(subkeys)), Xor(temp[1], LoadKey<121>(subkeys)))); + temp[0] = RotateRight<3>(Add(Xor(temp[3], LoadKey<130>(subkeys)), Xor(temp[0], LoadKey<131>(subkeys)))); + temp[3] = RotateRight<5>(Add(Xor(temp[2], LoadKey<128>(subkeys)), Xor(temp[3], LoadKey<129>(subkeys)))); + temp[2] = RotateLeft<9>(Add(Xor(temp[1], LoadKey<126>(subkeys)), Xor(temp[2], LoadKey<127>(subkeys)))); + temp[1] = RotateRight<3>(Add(Xor(temp[0], LoadKey<136>(subkeys)), Xor(temp[1], LoadKey<137>(subkeys)))); + temp[0] = RotateRight<5>(Add(Xor(temp[3], LoadKey<134>(subkeys)), Xor(temp[0], LoadKey<135>(subkeys)))); + temp[3] = RotateLeft<9>(Add(Xor(temp[2], LoadKey<132>(subkeys)), Xor(temp[3], LoadKey<133>(subkeys)))); + temp[2] = RotateRight<3>(Add(Xor(temp[1], LoadKey<142>(subkeys)), Xor(temp[2], LoadKey<143>(subkeys)))); + temp[1] = RotateRight<5>(Add(Xor(temp[0], LoadKey<140>(subkeys)), Xor(temp[1], LoadKey<141>(subkeys)))); + temp[0] = RotateLeft<9>(Add(Xor(temp[3], LoadKey<138>(subkeys)), Xor(temp[0], LoadKey<139>(subkeys)))); + + if(rounds > 24) + { + temp[3] = RotateRight<3>(Add(Xor(temp[2], LoadKey<148>(subkeys)), Xor(temp[3], LoadKey<149>(subkeys)))); + temp[2] = RotateRight<5>(Add(Xor(temp[1], LoadKey<146>(subkeys)), Xor(temp[2], LoadKey<147>(subkeys)))); + temp[1] = RotateLeft<9>(Add(Xor(temp[0], LoadKey<144>(subkeys)), Xor(temp[1], LoadKey<145>(subkeys)))); + temp[0] = RotateRight<3>(Add(Xor(temp[3], LoadKey<154>(subkeys)), Xor(temp[0], LoadKey<155>(subkeys)))); + temp[3] = RotateRight<5>(Add(Xor(temp[2], LoadKey<152>(subkeys)), Xor(temp[3], LoadKey<153>(subkeys)))); + temp[2] = RotateLeft<9>(Add(Xor(temp[1], LoadKey<150>(subkeys)), Xor(temp[2], LoadKey<151>(subkeys)))); + temp[1] = RotateRight<3>(Add(Xor(temp[0], LoadKey<160>(subkeys)), Xor(temp[1], LoadKey<161>(subkeys)))); + temp[0] = RotateRight<5>(Add(Xor(temp[3], LoadKey<158>(subkeys)), Xor(temp[0], LoadKey<159>(subkeys)))); + temp[3] = RotateLeft<9>(Add(Xor(temp[2], LoadKey<156>(subkeys)), Xor(temp[3], LoadKey<157>(subkeys)))); + temp[2] = RotateRight<3>(Add(Xor(temp[1], LoadKey<166>(subkeys)), Xor(temp[2], LoadKey<167>(subkeys)))); + temp[1] = RotateRight<5>(Add(Xor(temp[0], LoadKey<164>(subkeys)), Xor(temp[1], LoadKey<165>(subkeys)))); + temp[0] = RotateLeft<9>(Add(Xor(temp[3], LoadKey<162>(subkeys)), Xor(temp[0], LoadKey<163>(subkeys)))); + } + + if(rounds > 28) + { + temp[3] = RotateRight<3>(Add(Xor(temp[2], LoadKey<172>(subkeys)), Xor(temp[3], LoadKey<173>(subkeys)))); + temp[2] = RotateRight<5>(Add(Xor(temp[1], LoadKey<170>(subkeys)), Xor(temp[2], LoadKey<171>(subkeys)))); + temp[1] = RotateLeft<9>(Add(Xor(temp[0], LoadKey<168>(subkeys)), Xor(temp[1], LoadKey<169>(subkeys)))); + temp[0] = RotateRight<3>(Add(Xor(temp[3], LoadKey<178>(subkeys)), Xor(temp[0], LoadKey<179>(subkeys)))); + temp[3] = RotateRight<5>(Add(Xor(temp[2], LoadKey<176>(subkeys)), Xor(temp[3], LoadKey<177>(subkeys)))); + temp[2] = RotateLeft<9>(Add(Xor(temp[1], LoadKey<174>(subkeys)), Xor(temp[2], LoadKey<175>(subkeys)))); + temp[1] = RotateRight<3>(Add(Xor(temp[0], LoadKey<184>(subkeys)), Xor(temp[1], LoadKey<185>(subkeys)))); + temp[0] = RotateRight<5>(Add(Xor(temp[3], LoadKey<182>(subkeys)), Xor(temp[0], LoadKey<183>(subkeys)))); + temp[3] = RotateLeft<9>(Add(Xor(temp[2], LoadKey<180>(subkeys)), Xor(temp[3], LoadKey<181>(subkeys)))); + temp[2] = RotateRight<3>(Add(Xor(temp[1], LoadKey<190>(subkeys)), Xor(temp[2], LoadKey<191>(subkeys)))); + temp[1] = RotateRight<5>(Add(Xor(temp[0], LoadKey<188>(subkeys)), Xor(temp[1], LoadKey<189>(subkeys)))); + temp[0] = RotateLeft<9>(Add(Xor(temp[3], LoadKey<186>(subkeys)), Xor(temp[0], LoadKey<187>(subkeys)))); + } +} + +// *************************** LEA Decryption ***************************// + +template +inline void LEA_Decryption(W temp[4], const word32 *subkeys, unsigned int rounds) +{ + if(rounds > 28) + { + temp[0] = Xor(Sub(RotateRight<9>(temp[0]), Xor(temp[3], LoadKey<186>(subkeys))), LoadKey<187>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<5>(temp[1]), Xor(temp[0], LoadKey<188>(subkeys))), LoadKey<189>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<3>(temp[2]), Xor(temp[1], LoadKey<190>(subkeys))), LoadKey<191>(subkeys)); + temp[3] = Xor(Sub(RotateRight<9>(temp[3]), Xor(temp[2], LoadKey<180>(subkeys))), LoadKey<181>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<5>(temp[0]), Xor(temp[3], LoadKey<182>(subkeys))), LoadKey<183>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<3>(temp[1]), Xor(temp[0], LoadKey<184>(subkeys))), LoadKey<185>(subkeys)); + temp[2] = Xor(Sub(RotateRight<9>(temp[2]), Xor(temp[1], LoadKey<174>(subkeys))), LoadKey<175>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<5>(temp[3]), Xor(temp[2], LoadKey<176>(subkeys))), LoadKey<177>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<3>(temp[0]), Xor(temp[3], LoadKey<178>(subkeys))), LoadKey<179>(subkeys)); + temp[1] = Xor(Sub(RotateRight<9>(temp[1]), Xor(temp[0], LoadKey<168>(subkeys))), LoadKey<169>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<5>(temp[2]), Xor(temp[1], LoadKey<170>(subkeys))), LoadKey<171>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<3>(temp[3]), Xor(temp[2], LoadKey<172>(subkeys))), LoadKey<173>(subkeys)); + } + + if(rounds > 24) + { + temp[0] = Xor(Sub(RotateRight<9>(temp[0]), Xor(temp[3], LoadKey<162>(subkeys))), LoadKey<163>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<5>(temp[1]), Xor(temp[0], LoadKey<164>(subkeys))), LoadKey<165>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<3>(temp[2]), Xor(temp[1], LoadKey<166>(subkeys))), LoadKey<167>(subkeys)); + temp[3] = Xor(Sub(RotateRight<9>(temp[3]), Xor(temp[2], LoadKey<156>(subkeys))), LoadKey<157>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<5>(temp[0]), Xor(temp[3], LoadKey<158>(subkeys))), LoadKey<159>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<3>(temp[1]), Xor(temp[0], LoadKey<160>(subkeys))), LoadKey<161>(subkeys)); + temp[2] = Xor(Sub(RotateRight<9>(temp[2]), Xor(temp[1], LoadKey<150>(subkeys))), LoadKey<151>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<5>(temp[3]), Xor(temp[2], LoadKey<152>(subkeys))), LoadKey<153>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<3>(temp[0]), Xor(temp[3], LoadKey<154>(subkeys))), LoadKey<155>(subkeys)); + temp[1] = Xor(Sub(RotateRight<9>(temp[1]), Xor(temp[0], LoadKey<144>(subkeys))), LoadKey<145>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<5>(temp[2]), Xor(temp[1], LoadKey<146>(subkeys))), LoadKey<147>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<3>(temp[3]), Xor(temp[2], LoadKey<148>(subkeys))), LoadKey<149>(subkeys)); + } + + temp[0] = Xor(Sub(RotateRight<9>(temp[0]), Xor(temp[3], LoadKey<138>(subkeys))), LoadKey<139>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<5>(temp[1]), Xor(temp[0], LoadKey<140>(subkeys))), LoadKey<141>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<3>(temp[2]), Xor(temp[1], LoadKey<142>(subkeys))), LoadKey<143>(subkeys)); + temp[3] = Xor(Sub(RotateRight<9>(temp[3]), Xor(temp[2], LoadKey<132>(subkeys))), LoadKey<133>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<5>(temp[0]), Xor(temp[3], LoadKey<134>(subkeys))), LoadKey<135>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<3>(temp[1]), Xor(temp[0], LoadKey<136>(subkeys))), LoadKey<137>(subkeys)); + temp[2] = Xor(Sub(RotateRight<9>(temp[2]), Xor(temp[1], LoadKey<126>(subkeys))), LoadKey<127>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<5>(temp[3]), Xor(temp[2], LoadKey<128>(subkeys))), LoadKey<129>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<3>(temp[0]), Xor(temp[3], LoadKey<130>(subkeys))), LoadKey<131>(subkeys)); + temp[1] = Xor(Sub(RotateRight<9>(temp[1]), Xor(temp[0], LoadKey<120>(subkeys))), LoadKey<121>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<5>(temp[2]), Xor(temp[1], LoadKey<122>(subkeys))), LoadKey<123>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<3>(temp[3]), Xor(temp[2], LoadKey<124>(subkeys))), LoadKey<125>(subkeys)); + + temp[0] = Xor(Sub(RotateRight<9>(temp[0]), Xor(temp[3], LoadKey<114>(subkeys))), LoadKey<115>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<5>(temp[1]), Xor(temp[0], LoadKey<116>(subkeys))), LoadKey<117>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<3>(temp[2]), Xor(temp[1], LoadKey<118>(subkeys))), LoadKey<119>(subkeys)); + temp[3] = Xor(Sub(RotateRight<9>(temp[3]), Xor(temp[2], LoadKey<108>(subkeys))), LoadKey<109>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<5>(temp[0]), Xor(temp[3], LoadKey<110>(subkeys))), LoadKey<111>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<3>(temp[1]), Xor(temp[0], LoadKey<112>(subkeys))), LoadKey<113>(subkeys)); + temp[2] = Xor(Sub(RotateRight<9>(temp[2]), Xor(temp[1], LoadKey<102>(subkeys))), LoadKey<103>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<5>(temp[3]), Xor(temp[2], LoadKey<104>(subkeys))), LoadKey<105>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<3>(temp[0]), Xor(temp[3], LoadKey<106>(subkeys))), LoadKey<107>(subkeys)); + temp[1] = Xor(Sub(RotateRight<9>(temp[1]), Xor(temp[0], LoadKey<96>(subkeys))), LoadKey<97>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<5>(temp[2]), Xor(temp[1], LoadKey<98>(subkeys))), LoadKey<99>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<3>(temp[3]), Xor(temp[2], LoadKey<100>(subkeys))), LoadKey<101>(subkeys)); + + temp[0] = Xor(Sub(RotateRight<9>(temp[0]), Xor(temp[3], LoadKey<90>(subkeys))), LoadKey<91>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<5>(temp[1]), Xor(temp[0], LoadKey<92>(subkeys))), LoadKey<93>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<3>(temp[2]), Xor(temp[1], LoadKey<94>(subkeys))), LoadKey<95>(subkeys)); + temp[3] = Xor(Sub(RotateRight<9>(temp[3]), Xor(temp[2], LoadKey<84>(subkeys))), LoadKey<85>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<5>(temp[0]), Xor(temp[3], LoadKey<86>(subkeys))), LoadKey<87>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<3>(temp[1]), Xor(temp[0], LoadKey<88>(subkeys))), LoadKey<89>(subkeys)); + temp[2] = Xor(Sub(RotateRight<9>(temp[2]), Xor(temp[1], LoadKey<78>(subkeys))), LoadKey<79>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<5>(temp[3]), Xor(temp[2], LoadKey<80>(subkeys))), LoadKey<81>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<3>(temp[0]), Xor(temp[3], LoadKey<82>(subkeys))), LoadKey<83>(subkeys)); + temp[1] = Xor(Sub(RotateRight<9>(temp[1]), Xor(temp[0], LoadKey<72>(subkeys))), LoadKey<73>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<5>(temp[2]), Xor(temp[1], LoadKey<74>(subkeys))), LoadKey<75>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<3>(temp[3]), Xor(temp[2], LoadKey<76>(subkeys))), LoadKey<77>(subkeys)); + + temp[0] = Xor(Sub(RotateRight<9>(temp[0]), Xor(temp[3], LoadKey<66>(subkeys))), LoadKey<67>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<5>(temp[1]), Xor(temp[0], LoadKey<68>(subkeys))), LoadKey<69>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<3>(temp[2]), Xor(temp[1], LoadKey<70>(subkeys))), LoadKey<71>(subkeys)); + temp[3] = Xor(Sub(RotateRight<9>(temp[3]), Xor(temp[2], LoadKey<60>(subkeys))), LoadKey<61>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<5>(temp[0]), Xor(temp[3], LoadKey<62>(subkeys))), LoadKey<63>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<3>(temp[1]), Xor(temp[0], LoadKey<64>(subkeys))), LoadKey<65>(subkeys)); + temp[2] = Xor(Sub(RotateRight<9>(temp[2]), Xor(temp[1], LoadKey<54>(subkeys))), LoadKey<55>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<5>(temp[3]), Xor(temp[2], LoadKey<56>(subkeys))), LoadKey<57>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<3>(temp[0]), Xor(temp[3], LoadKey<58>(subkeys))), LoadKey<59>(subkeys)); + temp[1] = Xor(Sub(RotateRight<9>(temp[1]), Xor(temp[0], LoadKey<48>(subkeys))), LoadKey<49>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<5>(temp[2]), Xor(temp[1], LoadKey<50>(subkeys))), LoadKey<51>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<3>(temp[3]), Xor(temp[2], LoadKey<52>(subkeys))), LoadKey<53>(subkeys)); + + temp[0] = Xor(Sub(RotateRight<9>(temp[0]), Xor(temp[3], LoadKey<42>(subkeys))), LoadKey<43>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<5>(temp[1]), Xor(temp[0], LoadKey<44>(subkeys))), LoadKey<45>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<3>(temp[2]), Xor(temp[1], LoadKey<46>(subkeys))), LoadKey<47>(subkeys)); + temp[3] = Xor(Sub(RotateRight<9>(temp[3]), Xor(temp[2], LoadKey<36>(subkeys))), LoadKey<37>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<5>(temp[0]), Xor(temp[3], LoadKey<38>(subkeys))), LoadKey<39>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<3>(temp[1]), Xor(temp[0], LoadKey<40>(subkeys))), LoadKey<41>(subkeys)); + temp[2] = Xor(Sub(RotateRight<9>(temp[2]), Xor(temp[1], LoadKey<30>(subkeys))), LoadKey<31>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<5>(temp[3]), Xor(temp[2], LoadKey<32>(subkeys))), LoadKey<33>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<3>(temp[0]), Xor(temp[3], LoadKey<34>(subkeys))), LoadKey<35>(subkeys)); + temp[1] = Xor(Sub(RotateRight<9>(temp[1]), Xor(temp[0], LoadKey<24>(subkeys))), LoadKey<25>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<5>(temp[2]), Xor(temp[1], LoadKey<26>(subkeys))), LoadKey<27>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<3>(temp[3]), Xor(temp[2], LoadKey<28>(subkeys))), LoadKey<29>(subkeys)); + + temp[0] = Xor(Sub(RotateRight<9>(temp[0]), Xor(temp[3], LoadKey<18>(subkeys))), LoadKey<19>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<5>(temp[1]), Xor(temp[0], LoadKey<20>(subkeys))), LoadKey<21>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<3>(temp[2]), Xor(temp[1], LoadKey<22>(subkeys))), LoadKey<23>(subkeys)); + temp[3] = Xor(Sub(RotateRight<9>(temp[3]), Xor(temp[2], LoadKey<12>(subkeys))), LoadKey<13>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<5>(temp[0]), Xor(temp[3], LoadKey<14>(subkeys))), LoadKey<15>(subkeys)); + temp[1] = Xor(Sub(RotateLeft<3>(temp[1]), Xor(temp[0], LoadKey<16>(subkeys))), LoadKey<17>(subkeys)); + temp[2] = Xor(Sub(RotateRight<9>(temp[2]), Xor(temp[1], LoadKey<6>(subkeys))), LoadKey<7>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<5>(temp[3]), Xor(temp[2], LoadKey<8>(subkeys))), LoadKey<9>(subkeys)); + temp[0] = Xor(Sub(RotateLeft<3>(temp[0]), Xor(temp[3], LoadKey<10>(subkeys))), LoadKey<11>(subkeys)); + temp[1] = Xor(Sub(RotateRight<9>(temp[1]), Xor(temp[0], LoadKey<0>(subkeys))), LoadKey<1>(subkeys)); + temp[2] = Xor(Sub(RotateLeft<5>(temp[2]), Xor(temp[1], LoadKey<2>(subkeys))), LoadKey<3>(subkeys)); + temp[3] = Xor(Sub(RotateLeft<3>(temp[3]), Xor(temp[2], LoadKey<4>(subkeys))), LoadKey<5>(subkeys)); +} + +#endif // LEA Encryption and Decryption + +// *************************** ARM NEON ***************************// + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + +inline void LEA_Enc_Block(uint32x4_t &block0, + const word32 *subkeys, unsigned int rounds) +{ + uint32x4_t temp[4]; + temp[0] = UnpackNEON<0>(block0); + temp[1] = UnpackNEON<1>(block0); + temp[2] = UnpackNEON<2>(block0); + temp[3] = UnpackNEON<3>(block0); + + LEA_Encryption(temp, subkeys, rounds); + + block0 = RepackNEON<0>(temp[0], temp[1], temp[2], temp[3]); +} + +inline void LEA_Dec_Block(uint32x4_t &block0, + const word32 *subkeys, unsigned int rounds) +{ + uint32x4_t temp[4]; + temp[0] = UnpackNEON<0>(block0); + temp[1] = UnpackNEON<1>(block0); + temp[2] = UnpackNEON<2>(block0); + temp[3] = UnpackNEON<3>(block0); + + LEA_Decryption(temp, subkeys, rounds); + + block0 = RepackNEON<0>(temp[0], temp[1], temp[2], temp[3]); +} + +inline void LEA_Enc_4_Blocks(uint32x4_t &block0, uint32x4_t &block1, + uint32x4_t &block2, uint32x4_t &block3, const word32 *subkeys, unsigned int rounds) +{ + uint32x4_t temp[4]; + temp[0] = UnpackNEON<0>(block0, block1, block2, block3); + temp[1] = UnpackNEON<1>(block0, block1, block2, block3); + temp[2] = UnpackNEON<2>(block0, block1, block2, block3); + temp[3] = UnpackNEON<3>(block0, block1, block2, block3); + + LEA_Encryption(temp, subkeys, rounds); + + block0 = RepackNEON<0>(temp[0], temp[1], temp[2], temp[3]); + block1 = RepackNEON<1>(temp[0], temp[1], temp[2], temp[3]); + block2 = RepackNEON<2>(temp[0], temp[1], temp[2], temp[3]); + block3 = RepackNEON<3>(temp[0], temp[1], temp[2], temp[3]); +} + +inline void LEA_Dec_4_Blocks(uint32x4_t &block0, uint32x4_t &block1, + uint32x4_t &block2, uint32x4_t &block3, const word32 *subkeys, unsigned int rounds) +{ + uint32x4_t temp[4]; + temp[0] = UnpackNEON<0>(block0, block1, block2, block3); + temp[1] = UnpackNEON<1>(block0, block1, block2, block3); + temp[2] = UnpackNEON<2>(block0, block1, block2, block3); + temp[3] = UnpackNEON<3>(block0, block1, block2, block3); + + LEA_Decryption(temp, subkeys, rounds); + + block0 = RepackNEON<0>(temp[0], temp[1], temp[2], temp[3]); + block1 = RepackNEON<1>(temp[0], temp[1], temp[2], temp[3]); + block2 = RepackNEON<2>(temp[0], temp[1], temp[2], temp[3]); + block3 = RepackNEON<3>(temp[0], temp[1], temp[2], temp[3]); +} + +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +// *************************** IA-32 ***************************// + +#if (CRYPTOPP_SSSE3_AVAILABLE) + +inline void LEA_Enc_Block(__m128i &block0, + const word32 *subkeys, unsigned int rounds) +{ + __m128i temp[4]; + temp[0] = UnpackXMM<0>(block0); + temp[1] = UnpackXMM<1>(block0); + temp[2] = UnpackXMM<2>(block0); + temp[3] = UnpackXMM<3>(block0); + + LEA_Encryption(temp, subkeys, rounds); + + block0 = RepackXMM<0>(temp[0], temp[1], temp[2], temp[3]); +} + +inline void LEA_Dec_Block(__m128i &block0, + const word32 *subkeys, unsigned int rounds) +{ + __m128i temp[4]; + temp[0] = UnpackXMM<0>(block0); + temp[1] = UnpackXMM<1>(block0); + temp[2] = UnpackXMM<2>(block0); + temp[3] = UnpackXMM<3>(block0); + + LEA_Decryption(temp, subkeys, rounds); + + block0 = RepackXMM<0>(temp[0], temp[1], temp[2], temp[3]); +} + +inline void LEA_Enc_4_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, const word32 *subkeys, unsigned int rounds) +{ + __m128i temp[4]; + temp[0] = UnpackXMM<0>(block0, block1, block2, block3); + temp[1] = UnpackXMM<1>(block0, block1, block2, block3); + temp[2] = UnpackXMM<2>(block0, block1, block2, block3); + temp[3] = UnpackXMM<3>(block0, block1, block2, block3); + + LEA_Encryption(temp, subkeys, rounds); + + block0 = RepackXMM<0>(temp[0], temp[1], temp[2], temp[3]); + block1 = RepackXMM<1>(temp[0], temp[1], temp[2], temp[3]); + block2 = RepackXMM<2>(temp[0], temp[1], temp[2], temp[3]); + block3 = RepackXMM<3>(temp[0], temp[1], temp[2], temp[3]); +} + +inline void LEA_Dec_4_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, const word32 *subkeys, unsigned int rounds) +{ + __m128i temp[4]; + temp[0] = UnpackXMM<0>(block0, block1, block2, block3); + temp[1] = UnpackXMM<1>(block0, block1, block2, block3); + temp[2] = UnpackXMM<2>(block0, block1, block2, block3); + temp[3] = UnpackXMM<3>(block0, block1, block2, block3); + + LEA_Decryption(temp, subkeys, rounds); + + block0 = RepackXMM<0>(temp[0], temp[1], temp[2], temp[3]); + block1 = RepackXMM<1>(temp[0], temp[1], temp[2], temp[3]); + block2 = RepackXMM<2>(temp[0], temp[1], temp[2], temp[3]); + block3 = RepackXMM<3>(temp[0], temp[1], temp[2], temp[3]); +} + +#endif // CRYPTOPP_SSSE3_AVAILABLE + +// *************************** Power8 ***************************// + +#if (CRYPTOPP_POWER8_AVAILABLE) + +inline void LEA_Enc_Block(uint32x4_p &block0, + const word32 *subkeys, unsigned int rounds) +{ + uint32x4_p temp[4]; + temp[0] = UnpackSIMD<0>(block0); + temp[1] = UnpackSIMD<1>(block0); + temp[2] = UnpackSIMD<2>(block0); + temp[3] = UnpackSIMD<3>(block0); + + LEA_Encryption(temp, subkeys, rounds); + + block0 = RepackSIMD<0>(temp[0], temp[1], temp[2], temp[3]); +} + +inline void LEA_Dec_Block(uint32x4_p &block0, + const word32 *subkeys, unsigned int rounds) +{ + uint32x4_p temp[4]; + temp[0] = UnpackSIMD<0>(block0); + temp[1] = UnpackSIMD<1>(block0); + temp[2] = UnpackSIMD<2>(block0); + temp[3] = UnpackSIMD<3>(block0); + + LEA_Decryption(temp, subkeys, rounds); + + block0 = RepackSIMD<0>(temp[0], temp[1], temp[2], temp[3]); +} + +inline void LEA_Enc_4_Blocks(uint32x4_p &block0, uint32x4_p &block1, + uint32x4_p &block2, uint32x4_p &block3, const word32 *subkeys, unsigned int rounds) +{ + uint32x4_p temp[4]; + temp[0] = UnpackSIMD<0>(block0, block1, block2, block3); + temp[1] = UnpackSIMD<1>(block0, block1, block2, block3); + temp[2] = UnpackSIMD<2>(block0, block1, block2, block3); + temp[3] = UnpackSIMD<3>(block0, block1, block2, block3); + + LEA_Encryption(temp, subkeys, rounds); + + block0 = RepackSIMD<0>(temp[0], temp[1], temp[2], temp[3]); + block1 = RepackSIMD<1>(temp[0], temp[1], temp[2], temp[3]); + block2 = RepackSIMD<2>(temp[0], temp[1], temp[2], temp[3]); + block3 = RepackSIMD<3>(temp[0], temp[1], temp[2], temp[3]); +} + +inline void LEA_Dec_4_Blocks(uint32x4_p &block0, uint32x4_p &block1, + uint32x4_p &block2, uint32x4_p &block3, const word32 *subkeys, unsigned int rounds) +{ + uint32x4_p temp[4]; + temp[0] = UnpackSIMD<0>(block0, block1, block2, block3); + temp[1] = UnpackSIMD<1>(block0, block1, block2, block3); + temp[2] = UnpackSIMD<2>(block0, block1, block2, block3); + temp[3] = UnpackSIMD<3>(block0, block1, block2, block3); + + LEA_Decryption(temp, subkeys, rounds); + + block0 = RepackSIMD<0>(temp[0], temp[1], temp[2], temp[3]); + block1 = RepackSIMD<1>(temp[0], temp[1], temp[2], temp[3]); + block2 = RepackSIMD<2>(temp[0], temp[1], temp[2], temp[3]); + block3 = RepackSIMD<3>(temp[0], temp[1], temp[2], temp[3]); +} + +#endif // CRYPTOPP_POWER8_AVAILABLE + +ANONYMOUS_NAMESPACE_END + +// *************************** SIMD Templates ***************************// + +NAMESPACE_BEGIN(CryptoPP) + +#if defined(CRYPTOPP_SSSE3_AVAILABLE) +size_t LEA_Enc_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_4x1_SSE(LEA_Enc_Block, LEA_Enc_4_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t LEA_Dec_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_4x1_SSE(LEA_Dec_Block, LEA_Dec_4_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_SSSE3_AVAILABLE + +#if defined(CRYPTOPP_ARM_NEON_AVAILABLE) +size_t LEA_Enc_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + uint32x4_t unused; // Avoid template argument deduction/substitution failures + return AdvancedProcessBlocks128_4x1_NEON(LEA_Enc_Block, LEA_Enc_4_Blocks, + unused, subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t LEA_Dec_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + uint32x4_t unused; // Avoid template argument deduction/substitution failures + return AdvancedProcessBlocks128_4x1_NEON(LEA_Dec_Block, LEA_Dec_4_Blocks, + unused, subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +#if defined(CRYPTOPP_POWER8_AVAILABLE) +size_t LEA_Enc_AdvancedProcessBlocks_POWER8(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_4x1_ALTIVEC(LEA_Enc_Block, LEA_Enc_4_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t LEA_Dec_AdvancedProcessBlocks_POWER8(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_4x1_ALTIVEC(LEA_Dec_Block, LEA_Dec_4_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_POWER8_AVAILABLE + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/md5.cpp b/vendor/cryptopp/vendor_cryptopp/md5.cpp index 3bdc7379..99a0e34b 100644 --- a/vendor/cryptopp/vendor_cryptopp/md5.cpp +++ b/vendor/cryptopp/vendor_cryptopp/md5.cpp @@ -2,12 +2,13 @@ // any modifications are placed in the public domain #include "pch.h" + #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 #include "md5.h" #include "misc.h" NAMESPACE_BEGIN(CryptoPP) -namespace Weak1 { +NAMESPACE_BEGIN(Weak1) #if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) void MD5_TestInstantiations() @@ -24,8 +25,11 @@ void MD5::InitState(HashWordType *state) state[3] = 0x10325476L; } -void MD5::Transform (word32 *digest, const word32 *in) +void MD5::Transform (word32 *digest, const word32 *data) { + CRYPTOPP_ASSERT(digest); + CRYPTOPP_ASSERT(data); + // #define F1(x, y, z) (x & y | ~x & z) #define F1(x, y, z) (z ^ (x & (y ^ z))) #define F2(x, y, z) F1(z, x, y) @@ -42,73 +46,73 @@ void MD5::Transform (word32 *digest, const word32 *in) c=digest[2]; d=digest[3]; - MD5STEP(F1, a, b, c, d, in[0] + 0xd76aa478, 7); - MD5STEP(F1, d, a, b, c, in[1] + 0xe8c7b756, 12); - MD5STEP(F1, c, d, a, b, in[2] + 0x242070db, 17); - MD5STEP(F1, b, c, d, a, in[3] + 0xc1bdceee, 22); - MD5STEP(F1, a, b, c, d, in[4] + 0xf57c0faf, 7); - MD5STEP(F1, d, a, b, c, in[5] + 0x4787c62a, 12); - MD5STEP(F1, c, d, a, b, in[6] + 0xa8304613, 17); - MD5STEP(F1, b, c, d, a, in[7] + 0xfd469501, 22); - MD5STEP(F1, a, b, c, d, in[8] + 0x698098d8, 7); - MD5STEP(F1, d, a, b, c, in[9] + 0x8b44f7af, 12); - MD5STEP(F1, c, d, a, b, in[10] + 0xffff5bb1, 17); - MD5STEP(F1, b, c, d, a, in[11] + 0x895cd7be, 22); - MD5STEP(F1, a, b, c, d, in[12] + 0x6b901122, 7); - MD5STEP(F1, d, a, b, c, in[13] + 0xfd987193, 12); - MD5STEP(F1, c, d, a, b, in[14] + 0xa679438e, 17); - MD5STEP(F1, b, c, d, a, in[15] + 0x49b40821, 22); + MD5STEP(F1, a, b, c, d, data[0] + 0xd76aa478, 7); + MD5STEP(F1, d, a, b, c, data[1] + 0xe8c7b756, 12); + MD5STEP(F1, c, d, a, b, data[2] + 0x242070db, 17); + MD5STEP(F1, b, c, d, a, data[3] + 0xc1bdceee, 22); + MD5STEP(F1, a, b, c, d, data[4] + 0xf57c0faf, 7); + MD5STEP(F1, d, a, b, c, data[5] + 0x4787c62a, 12); + MD5STEP(F1, c, d, a, b, data[6] + 0xa8304613, 17); + MD5STEP(F1, b, c, d, a, data[7] + 0xfd469501, 22); + MD5STEP(F1, a, b, c, d, data[8] + 0x698098d8, 7); + MD5STEP(F1, d, a, b, c, data[9] + 0x8b44f7af, 12); + MD5STEP(F1, c, d, a, b, data[10] + 0xffff5bb1, 17); + MD5STEP(F1, b, c, d, a, data[11] + 0x895cd7be, 22); + MD5STEP(F1, a, b, c, d, data[12] + 0x6b901122, 7); + MD5STEP(F1, d, a, b, c, data[13] + 0xfd987193, 12); + MD5STEP(F1, c, d, a, b, data[14] + 0xa679438e, 17); + MD5STEP(F1, b, c, d, a, data[15] + 0x49b40821, 22); - MD5STEP(F2, a, b, c, d, in[1] + 0xf61e2562, 5); - MD5STEP(F2, d, a, b, c, in[6] + 0xc040b340, 9); - MD5STEP(F2, c, d, a, b, in[11] + 0x265e5a51, 14); - MD5STEP(F2, b, c, d, a, in[0] + 0xe9b6c7aa, 20); - MD5STEP(F2, a, b, c, d, in[5] + 0xd62f105d, 5); - MD5STEP(F2, d, a, b, c, in[10] + 0x02441453, 9); - MD5STEP(F2, c, d, a, b, in[15] + 0xd8a1e681, 14); - MD5STEP(F2, b, c, d, a, in[4] + 0xe7d3fbc8, 20); - MD5STEP(F2, a, b, c, d, in[9] + 0x21e1cde6, 5); - MD5STEP(F2, d, a, b, c, in[14] + 0xc33707d6, 9); - MD5STEP(F2, c, d, a, b, in[3] + 0xf4d50d87, 14); - MD5STEP(F2, b, c, d, a, in[8] + 0x455a14ed, 20); - MD5STEP(F2, a, b, c, d, in[13] + 0xa9e3e905, 5); - MD5STEP(F2, d, a, b, c, in[2] + 0xfcefa3f8, 9); - MD5STEP(F2, c, d, a, b, in[7] + 0x676f02d9, 14); - MD5STEP(F2, b, c, d, a, in[12] + 0x8d2a4c8a, 20); + MD5STEP(F2, a, b, c, d, data[1] + 0xf61e2562, 5); + MD5STEP(F2, d, a, b, c, data[6] + 0xc040b340, 9); + MD5STEP(F2, c, d, a, b, data[11] + 0x265e5a51, 14); + MD5STEP(F2, b, c, d, a, data[0] + 0xe9b6c7aa, 20); + MD5STEP(F2, a, b, c, d, data[5] + 0xd62f105d, 5); + MD5STEP(F2, d, a, b, c, data[10] + 0x02441453, 9); + MD5STEP(F2, c, d, a, b, data[15] + 0xd8a1e681, 14); + MD5STEP(F2, b, c, d, a, data[4] + 0xe7d3fbc8, 20); + MD5STEP(F2, a, b, c, d, data[9] + 0x21e1cde6, 5); + MD5STEP(F2, d, a, b, c, data[14] + 0xc33707d6, 9); + MD5STEP(F2, c, d, a, b, data[3] + 0xf4d50d87, 14); + MD5STEP(F2, b, c, d, a, data[8] + 0x455a14ed, 20); + MD5STEP(F2, a, b, c, d, data[13] + 0xa9e3e905, 5); + MD5STEP(F2, d, a, b, c, data[2] + 0xfcefa3f8, 9); + MD5STEP(F2, c, d, a, b, data[7] + 0x676f02d9, 14); + MD5STEP(F2, b, c, d, a, data[12] + 0x8d2a4c8a, 20); - MD5STEP(F3, a, b, c, d, in[5] + 0xfffa3942, 4); - MD5STEP(F3, d, a, b, c, in[8] + 0x8771f681, 11); - MD5STEP(F3, c, d, a, b, in[11] + 0x6d9d6122, 16); - MD5STEP(F3, b, c, d, a, in[14] + 0xfde5380c, 23); - MD5STEP(F3, a, b, c, d, in[1] + 0xa4beea44, 4); - MD5STEP(F3, d, a, b, c, in[4] + 0x4bdecfa9, 11); - MD5STEP(F3, c, d, a, b, in[7] + 0xf6bb4b60, 16); - MD5STEP(F3, b, c, d, a, in[10] + 0xbebfbc70, 23); - MD5STEP(F3, a, b, c, d, in[13] + 0x289b7ec6, 4); - MD5STEP(F3, d, a, b, c, in[0] + 0xeaa127fa, 11); - MD5STEP(F3, c, d, a, b, in[3] + 0xd4ef3085, 16); - MD5STEP(F3, b, c, d, a, in[6] + 0x04881d05, 23); - MD5STEP(F3, a, b, c, d, in[9] + 0xd9d4d039, 4); - MD5STEP(F3, d, a, b, c, in[12] + 0xe6db99e5, 11); - MD5STEP(F3, c, d, a, b, in[15] + 0x1fa27cf8, 16); - MD5STEP(F3, b, c, d, a, in[2] + 0xc4ac5665, 23); + MD5STEP(F3, a, b, c, d, data[5] + 0xfffa3942, 4); + MD5STEP(F3, d, a, b, c, data[8] + 0x8771f681, 11); + MD5STEP(F3, c, d, a, b, data[11] + 0x6d9d6122, 16); + MD5STEP(F3, b, c, d, a, data[14] + 0xfde5380c, 23); + MD5STEP(F3, a, b, c, d, data[1] + 0xa4beea44, 4); + MD5STEP(F3, d, a, b, c, data[4] + 0x4bdecfa9, 11); + MD5STEP(F3, c, d, a, b, data[7] + 0xf6bb4b60, 16); + MD5STEP(F3, b, c, d, a, data[10] + 0xbebfbc70, 23); + MD5STEP(F3, a, b, c, d, data[13] + 0x289b7ec6, 4); + MD5STEP(F3, d, a, b, c, data[0] + 0xeaa127fa, 11); + MD5STEP(F3, c, d, a, b, data[3] + 0xd4ef3085, 16); + MD5STEP(F3, b, c, d, a, data[6] + 0x04881d05, 23); + MD5STEP(F3, a, b, c, d, data[9] + 0xd9d4d039, 4); + MD5STEP(F3, d, a, b, c, data[12] + 0xe6db99e5, 11); + MD5STEP(F3, c, d, a, b, data[15] + 0x1fa27cf8, 16); + MD5STEP(F3, b, c, d, a, data[2] + 0xc4ac5665, 23); - MD5STEP(F4, a, b, c, d, in[0] + 0xf4292244, 6); - MD5STEP(F4, d, a, b, c, in[7] + 0x432aff97, 10); - MD5STEP(F4, c, d, a, b, in[14] + 0xab9423a7, 15); - MD5STEP(F4, b, c, d, a, in[5] + 0xfc93a039, 21); - MD5STEP(F4, a, b, c, d, in[12] + 0x655b59c3, 6); - MD5STEP(F4, d, a, b, c, in[3] + 0x8f0ccc92, 10); - MD5STEP(F4, c, d, a, b, in[10] + 0xffeff47d, 15); - MD5STEP(F4, b, c, d, a, in[1] + 0x85845dd1, 21); - MD5STEP(F4, a, b, c, d, in[8] + 0x6fa87e4f, 6); - MD5STEP(F4, d, a, b, c, in[15] + 0xfe2ce6e0, 10); - MD5STEP(F4, c, d, a, b, in[6] + 0xa3014314, 15); - MD5STEP(F4, b, c, d, a, in[13] + 0x4e0811a1, 21); - MD5STEP(F4, a, b, c, d, in[4] + 0xf7537e82, 6); - MD5STEP(F4, d, a, b, c, in[11] + 0xbd3af235, 10); - MD5STEP(F4, c, d, a, b, in[2] + 0x2ad7d2bb, 15); - MD5STEP(F4, b, c, d, a, in[9] + 0xeb86d391, 21); + MD5STEP(F4, a, b, c, d, data[0] + 0xf4292244, 6); + MD5STEP(F4, d, a, b, c, data[7] + 0x432aff97, 10); + MD5STEP(F4, c, d, a, b, data[14] + 0xab9423a7, 15); + MD5STEP(F4, b, c, d, a, data[5] + 0xfc93a039, 21); + MD5STEP(F4, a, b, c, d, data[12] + 0x655b59c3, 6); + MD5STEP(F4, d, a, b, c, data[3] + 0x8f0ccc92, 10); + MD5STEP(F4, c, d, a, b, data[10] + 0xffeff47d, 15); + MD5STEP(F4, b, c, d, a, data[1] + 0x85845dd1, 21); + MD5STEP(F4, a, b, c, d, data[8] + 0x6fa87e4f, 6); + MD5STEP(F4, d, a, b, c, data[15] + 0xfe2ce6e0, 10); + MD5STEP(F4, c, d, a, b, data[6] + 0xa3014314, 15); + MD5STEP(F4, b, c, d, a, data[13] + 0x4e0811a1, 21); + MD5STEP(F4, a, b, c, d, data[4] + 0xf7537e82, 6); + MD5STEP(F4, d, a, b, c, data[11] + 0xbd3af235, 10); + MD5STEP(F4, c, d, a, b, data[2] + 0x2ad7d2bb, 15); + MD5STEP(F4, b, c, d, a, data[9] + 0xeb86d391, 21); digest[0]+=a; digest[1]+=b; @@ -116,5 +120,5 @@ void MD5::Transform (word32 *digest, const word32 *in) digest[3]+=d; } -} -NAMESPACE_END +NAMESPACE_END // Weak +NAMESPACE_END // CryptoPP diff --git a/vendor/cryptopp/vendor_cryptopp/misc.h b/vendor/cryptopp/vendor_cryptopp/misc.h index 70351ae6..14b0dd19 100644 --- a/vendor/cryptopp/vendor_cryptopp/misc.h +++ b/vendor/cryptopp/vendor_cryptopp/misc.h @@ -360,6 +360,62 @@ template // ************** misc functions *************** +/// \brief Create a pointer with an offset +/// \tparam PTR a pointer type +/// \tparam OFF a size type +/// \param pointer a pointer +/// \param offset a offset into the pointer +/// \details PtrAdd can be used to squash Clang and GCC +/// UBsan findings for pointer addition and subtraction. +template +inline PTR PtrAdd(PTR pointer, OFF offset) +{ + return pointer+static_cast(offset); +} + +/// \brief Create a pointer with an offset +/// \tparam PTR a pointer type +/// \tparam OFF a size type +/// \param pointer a pointer +/// \param offset a offset into the pointer +/// \details PtrSub can be used to squash Clang and GCC +/// UBsan findings for pointer addition and subtraction. +template +inline PTR PtrSub(PTR pointer, OFF offset) +{ + return pointer-static_cast(offset); +} + +/// \brief Determine pointer difference +/// \tparam PTR a pointer type +/// \param pointer1 the first pointer +/// \param pointer2 the second pointer +/// \details PtrDiff can be used to squash Clang and GCC +/// UBsan findings for pointer addition and subtraction. +/// pointer1 and pointer2 must point to the same object or +/// array (or one past the end), and yields the number of +/// elements (not bytes) difference. +template +inline ptrdiff_t PtrDiff(const PTR pointer1, const PTR pointer2) +{ + return pointer1 - pointer2; +} + +/// \brief Determine pointer difference +/// \tparam PTR a pointer type +/// \param pointer1 the first pointer +/// \param pointer2 the second pointer +/// \details PtrByteDiff can be used to squash Clang and GCC +/// UBsan findings for pointer addition and subtraction. +/// pointer1 and pointer2 must point to the same object or +/// array (or one past the end), and yields the number of +/// bytes (not elements) difference. +template +inline size_t PtrByteDiff(const PTR pointer1, const PTR pointer2) +{ + return (size_t)(reinterpret_cast(pointer1) - reinterpret_cast(pointer2)); +} + #if (!__STDC_WANT_SECURE_LIB__ && !defined(_MEMORY_S_DEFINED)) || defined(CRYPTOPP_WANT_SECURE_LIB) /// \brief Bounds checking replacement for memcpy() @@ -729,7 +785,7 @@ inline unsigned int TrailingZeros(word32 v) #elif defined(_MSC_VER) && (_MSC_VER >= 1400) unsigned long result; _BitScanForward(&result, v); - return (unsigned int)result; + return static_cast(result); #else // from http://graphics.stanford.edu/~seander/bithacks.html#ZerosOnRightMultLookup static const int MultiplyDeBruijnBitPosition[32] = @@ -760,7 +816,7 @@ inline unsigned int TrailingZeros(word64 v) #elif defined(_MSC_VER) && (_MSC_VER >= 1400) && (defined(_M_X64) || defined(_M_IA64)) unsigned long result; _BitScanForward64(&result, v); - return (unsigned int)result; + return static_cast(result); #else return word32(v) ? TrailingZeros(word32(v)) : 32 + TrailingZeros(word32(v>>32)); #endif @@ -987,28 +1043,25 @@ inline T1 RoundUpToMultipleOf(const T1 &n, const T2 &m) /// \brief Returns the minimum alignment requirements of a type /// \tparam T class or type /// \returns the minimum alignment requirements of T, in bytes -/// \details Internally the function calls C++11's alignof if available. If not available, -/// then the function uses compiler specific extensions such as __alignof and -/// _alignof_. If an extension is not available, then the function uses -/// __BIGGEST_ALIGNMENT__ if __BIGGEST_ALIGNMENT__ is smaller than sizeof(T). -/// sizeof(T) is used if all others are not available. -/// In all cases, if CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined, then the -/// function returns 1. +/// \details Internally the function calls C++11's alignof if available. If not +/// available, then the function uses compiler specific extensions such as +/// __alignof and _alignof_. If an extension is not available, then +/// the function uses __BIGGEST_ALIGNMENT__ if __BIGGEST_ALIGNMENT__ +/// is smaller than sizeof(T). sizeof(T) is used if all others are +/// not available. template inline unsigned int GetAlignmentOf() { -// GCC 4.6 (circa 2008) and above aggressively uses vectorization. -#if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) - if (sizeof(T) < 16) - return 1; -#endif - #if defined(CRYPTOPP_CXX11_ALIGNOF) return alignof(T); #elif (_MSC_VER >= 1300) return __alignof(T); #elif defined(__GNUC__) return __alignof__(T); +#elif defined(__SUNPRO_CC) + return __alignof__(T); +#elif defined(__IBM_ALIGNOF__) + return __alignof__(T); #elif CRYPTOPP_BOOL_SLOW_WORD64 return UnsignedMin(4U, sizeof(T)); #else @@ -1024,42 +1077,48 @@ inline unsigned int GetAlignmentOf() /// \brief Determines whether ptr is aligned to a minimum value /// \param ptr the pointer being checked for alignment /// \param alignment the alignment value to test the pointer against -/// \returns true if ptr is aligned on at least alignment boundary, false otherwise -/// \details Internally the function tests whether alignment is 1. If so, the function returns true. -/// If not, then the function effectively performs a modular reduction and returns true if the residue is 0 +/// \returns true if ptr is aligned on at least alignment +/// boundary, false otherwise +/// \details Internally the function tests whether alignment is 1. If so, +/// the function returns true. If not, then the function effectively +/// performs a modular reduction and returns true if the residue is 0. inline bool IsAlignedOn(const void *ptr, unsigned int alignment) { - return alignment==1 || (IsPowerOf2(alignment) ? ModPowerOf2((size_t)ptr, alignment) == 0 : (size_t)ptr % alignment == 0); + const uintptr_t x = reinterpret_cast(ptr); + return alignment==1 || (IsPowerOf2(alignment) ? ModPowerOf2(x, alignment) == 0 : x % alignment == 0); } /// \brief Determines whether ptr is minimally aligned /// \tparam T class or type /// \param ptr the pointer to check for alignment -/// \returns true if ptr is aligned to at least T boundary, false otherwise -/// \details Internally the function calls IsAlignedOn with a second parameter of GetAlignmentOf +/// \returns true if ptr is aligned to at least T +/// boundary, false otherwise +/// \details Internally the function calls IsAlignedOn with a second +/// parameter of GetAlignmentOf. template inline bool IsAligned(const void *ptr) { return IsAlignedOn(ptr, GetAlignmentOf()); } -#if defined(CRYPTOPP_LITTLE_ENDIAN) +#if (CRYPTOPP_LITTLE_ENDIAN) typedef LittleEndian NativeByteOrder; -#elif defined(CRYPTOPP_BIG_ENDIAN) +#elif (CRYPTOPP_BIG_ENDIAN) typedef BigEndian NativeByteOrder; #else # error "Unable to determine endian-ness" #endif /// \brief Returns NativeByteOrder as an enumerated ByteOrder value -/// \returns LittleEndian if the native byte order is little-endian, and BigEndian if the -/// native byte order is big-endian -/// \details NativeByteOrder is a typedef depending on the platform. If CRYPTOPP_LITTLE_ENDIAN is -/// set in config.h, then GetNativeByteOrder returns LittleEndian. If -/// CRYPTOPP_BIG_ENDIAN is set, then GetNativeByteOrder returns BigEndian. -/// \note There are other byte orders besides little- and big-endian, and they include bi-endian -/// and PDP-endian. If a system is neither little-endian nor big-endian, then a compile time -/// error occurs. +/// \returns LittleEndian if the native byte order is little-endian, +/// and BigEndian if the native byte order is big-endian +/// \details NativeByteOrder is a typedef depending on the platform. +/// If CRYPTOPP_LITTLE_ENDIAN is set in config.h, then +/// GetNativeByteOrder returns LittleEndian. If CRYPTOPP_BIG_ENDIAN +/// is set, then GetNativeByteOrder returns BigEndian. +/// \note There are other byte orders besides little- and big-endian, +/// and they include bi-endian and PDP-endian. If a system is neither +/// little-endian nor big-endian, then a compile time error occurs. inline ByteOrder GetNativeByteOrder() { return NativeByteOrder::ToEnum(); @@ -1162,81 +1221,89 @@ inline void ConditionalSwapPointers(bool c, T &a, T &b) /// \tparam T class or type /// \param buf an array of elements /// \param n the number of elements in the array -/// \details The operation performs a wipe or zeroization. The function attempts to survive optimizations and dead code removal +/// \details The operation performs a wipe or zeroization. The function +/// attempts to survive optimizations and dead code removal. template void SecureWipeBuffer(T *buf, size_t n) { - // GCC 4.3.2 on Cygwin optimizes away the first store if this loop is done in the forward direction + // GCC 4.3.2 on Cygwin optimizes away the first store if this + // loop is done in the forward direction volatile T *p = buf+n; while (n--) *(--p) = 0; } -#if (_MSC_VER >= 1400 || defined(__GNUC__)) && (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86) +#if !defined(CRYPTOPP_DISABLE_ASM) && \ + (_MSC_VER >= 1400 || defined(__GNUC__)) && \ + (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86) /// \brief Sets each byte of an array to 0 /// \param buf an array of bytes /// \param n the number of elements in the array -/// \details The operation performs a wipe or zeroization. The function attempts to survive optimizations and dead code removal. +/// \details The operation performs a wipe or zeroization. The function +/// attempts to survive optimizations and dead code removal. template<> inline void SecureWipeBuffer(byte *buf, size_t n) { volatile byte *p = buf; #ifdef __GNUC__ asm volatile("rep stosb" : "+c"(n), "+D"(p) : "a"(0) : "memory"); #else - __stosb((byte *)(size_t)p, 0, n); + __stosb(reinterpret_cast(reinterpret_cast(p)), 0, n); #endif } /// \brief Sets each 16-bit element of an array to 0 /// \param buf an array of 16-bit words /// \param n the number of elements in the array -/// \details The operation performs a wipe or zeroization. The function attempts to survive optimizations and dead code removal. +/// \details The operation performs a wipe or zeroization. The function +/// attempts to survive optimizations and dead code removal. template<> inline void SecureWipeBuffer(word16 *buf, size_t n) { volatile word16 *p = buf; #ifdef __GNUC__ asm volatile("rep stosw" : "+c"(n), "+D"(p) : "a"(0) : "memory"); #else - __stosw((word16 *)(size_t)p, 0, n); + __stosw(reinterpret_cast(reinterpret_cast(p)), 0, n); #endif } /// \brief Sets each 32-bit element of an array to 0 /// \param buf an array of 32-bit words /// \param n the number of elements in the array -/// \details The operation performs a wipe or zeroization. The function attempts to survive optimizations and dead code removal. +/// \details The operation performs a wipe or zeroization. The function +/// attempts to survive optimizations and dead code removal. template<> inline void SecureWipeBuffer(word32 *buf, size_t n) { volatile word32 *p = buf; #ifdef __GNUC__ asm volatile("rep stosl" : "+c"(n), "+D"(p) : "a"(0) : "memory"); #else - __stosd((unsigned long *)(size_t)p, 0, n); + __stosd(reinterpret_cast(reinterpret_cast(p)), 0, n); #endif } /// \brief Sets each 64-bit element of an array to 0 /// \param buf an array of 64-bit words /// \param n the number of elements in the array -/// \details The operation performs a wipe or zeroization. The function attempts to survive optimizations and dead code removal. +/// \details The operation performs a wipe or zeroization. The function +/// attempts to survive optimizations and dead code removal. template<> inline void SecureWipeBuffer(word64 *buf, size_t n) { #if CRYPTOPP_BOOL_X64 volatile word64 *p = buf; -#ifdef __GNUC__ +# ifdef __GNUC__ asm volatile("rep stosq" : "+c"(n), "+D"(p) : "a"(0) : "memory"); +# else + __stosq(const_cast(p), 0, n); +# endif #else - __stosq((word64 *)(size_t)p, 0, n); -#endif -#else - SecureWipeBuffer((word32 *)buf, 2*n); + SecureWipeBuffer(reinterpret_cast(buf), 2*n); #endif } -#endif // #if (_MSC_VER >= 1400 || defined(__GNUC__)) && (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86) +#endif // CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 -#if (_MSC_VER >= 1700) && defined(_M_ARM) +#if !defined(CRYPTOPP_DISABLE_ASM) && (_MSC_VER >= 1700) && defined(_M_ARM) template<> inline void SecureWipeBuffer(byte *buf, size_t n) { char *p = reinterpret_cast(buf+n); @@ -1270,18 +1337,19 @@ template<> inline void SecureWipeBuffer(word64 *buf, size_t n) /// \tparam T class or type /// \param buf an array of elements /// \param n the number of elements in the array -/// \details The operation performs a wipe or zeroization. The function attempts to survive optimizations and dead code removal. +/// \details The operation performs a wipe or zeroization. The function +/// attempts to survive optimizations and dead code removal. template inline void SecureWipeArray(T *buf, size_t n) { if (sizeof(T) % 8 == 0 && GetAlignmentOf() % GetAlignmentOf() == 0) - SecureWipeBuffer((word64 *)(void *)buf, n * (sizeof(T)/8)); + SecureWipeBuffer(reinterpret_cast(static_cast(buf)), n * (sizeof(T)/8)); else if (sizeof(T) % 4 == 0 && GetAlignmentOf() % GetAlignmentOf() == 0) - SecureWipeBuffer((word32 *)(void *)buf, n * (sizeof(T)/4)); + SecureWipeBuffer(reinterpret_cast(static_cast(buf)), n * (sizeof(T)/4)); else if (sizeof(T) % 2 == 0 && GetAlignmentOf() % GetAlignmentOf() == 0) - SecureWipeBuffer((word16 *)(void *)buf, n * (sizeof(T)/2)); + SecureWipeBuffer(reinterpret_cast(static_cast(buf)), n * (sizeof(T)/2)); else - SecureWipeBuffer((byte *)(void *)buf, n * sizeof(T)); + SecureWipeBuffer(reinterpret_cast(static_cast(buf)), n * sizeof(T)); } /// \brief Converts a wide character C-string to a multibyte string @@ -1815,7 +1883,7 @@ template<> inline word32 rotrMod(word32 x, unsigned int y) return (__rlwnm(x,32-y,0,31)); } -#endif // #if (defined(__MWERKS__) && TARGET_CPU_PPC) +#endif // __MWERKS__ && TARGET_CPU_PPC // ************** endian reversal *************** @@ -1992,7 +2060,7 @@ inline T ConditionalByteReverse(ByteOrder order, T value) /// not part of a full element. If T is int (and int is 4 bytes), then /// byteCount = 10 means only the first 2 elements or 8 bytes are /// reversed. -/// \details The follwoing program should help illustrate the behavior. +/// \details The following program should help illustrate the behavior. ///
vector v1, v2;
 ///
 /// v1.push_back(1);
@@ -2012,14 +2080,18 @@ inline T ConditionalByteReverse(ByteOrder order, T value)
 /// for(unsigned int i = 0; i < v2.size(); i++)
 ///   cout << std::hex << v2[i] << " ";
 /// cout << endl;
-/// The program above results in the follwoing output. +/// The program above results in the following output. ///
V1: 00000001 00000002 00000003 00000004
 /// V2: 01000000 02000000 03000000 04000000
/// \sa ConditionalByteReverse template void ByteReverse(T *out, const T *in, size_t byteCount) { + // Alignment check due to Issues 690 CRYPTOPP_ASSERT(byteCount % sizeof(T) == 0); + CRYPTOPP_ASSERT(IsAligned(in)); + CRYPTOPP_ASSERT(IsAligned(out)); + size_t count = byteCount/sizeof(T); for (size_t i=0; i(xorBlock ? (value ^ xorBlock[0]) : value); } inline void UnalignedbyteNonTemplate(ByteOrder order, byte *block, word16 value, const byte *xorBlock) @@ -2228,7 +2299,6 @@ inline void UnalignedbyteNonTemplate(ByteOrder order, byte *block, word64 value, } } } -#endif // #ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS /// \brief Access a block of memory /// \tparam T class or type @@ -2250,13 +2320,10 @@ template inline T GetWord(bool assumeAligned, ByteOrder order, const byte *block) { CRYPTOPP_UNUSED(assumeAligned); -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - return ConditionalByteReverse(order, *reinterpret_cast((const void *)block)); -#else + T temp; memcpy(&temp, block, sizeof(T)); return ConditionalByteReverse(order, temp); -#endif } /// \brief Access a block of memory @@ -2295,14 +2362,11 @@ template inline void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock = NULLPTR) { CRYPTOPP_UNUSED(assumeAligned); -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - *reinterpret_cast((void *)block) = ConditionalByteReverse(order, value) ^ (xorBlock ? *reinterpret_cast((const void *)xorBlock) : 0); -#else + T t1, t2; t1 = ConditionalByteReverse(order, value); if (xorBlock) {memcpy(&t2, xorBlock, sizeof(T)); t1 ^= t2;} memcpy(block, &t1, sizeof(T)); -#endif } /// \brief Access a block of memory diff --git a/vendor/cryptopp/vendor_cryptopp/modarith.h b/vendor/cryptopp/vendor_cryptopp/modarith.h index 740e581c..a00582eb 100644 --- a/vendor/cryptopp/vendor_cryptopp/modarith.h +++ b/vendor/cryptopp/vendor_cryptopp/modarith.h @@ -47,12 +47,12 @@ public: /// \brief Construct a ModularArithmetic /// \param modulus congruence class modulus ModularArithmetic(const Integer &modulus = Integer::One()) - : AbstractRing(), m_modulus(modulus), m_result((word)0, modulus.reg.size()) {} + : AbstractRing(), m_modulus(modulus), m_result(static_cast(0), modulus.reg.size()) {} /// \brief Copy construct a ModularArithmetic /// \param ma other ModularArithmetic ModularArithmetic(const ModularArithmetic &ma) - : AbstractRing(), m_modulus(ma.m_modulus), m_result((word)0, ma.m_modulus.reg.size()) {} + : AbstractRing(), m_modulus(ma.m_modulus), m_result(static_cast(0), ma.m_modulus.reg.size()) {} /// \brief Construct a ModularArithmetic /// \param bt BER encoded ModularArithmetic diff --git a/vendor/cryptopp/vendor_cryptopp/modes.cpp b/vendor/cryptopp/vendor_cryptopp/modes.cpp index 1dbc8fc3..bc728403 100644 --- a/vendor/cryptopp/vendor_cryptopp/modes.cpp +++ b/vendor/cryptopp/vendor_cryptopp/modes.cpp @@ -32,24 +32,26 @@ void CipherModeBase::ResizeBuffers() void CFB_ModePolicy::Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount) { - CRYPTOPP_ASSERT(input); - CRYPTOPP_ASSERT(output); - CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation()); // CFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt - CRYPTOPP_ASSERT(m_feedbackSize == BlockSize()); + CRYPTOPP_ASSERT(input); CRYPTOPP_ASSERT(output); + CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation()); + CRYPTOPP_ASSERT(m_register.size() == BlockSize()); + CRYPTOPP_ASSERT(m_temp.size() == BlockSize()); + CRYPTOPP_ASSERT(iterationCount > 0); const unsigned int s = BlockSize(); if (dir == ENCRYPTION) { m_cipher->ProcessAndXorBlock(m_register, input, output); if (iterationCount > 1) - m_cipher->AdvancedProcessBlocks(output, input+s, output+s, (iterationCount-1)*s, 0); - memcpy(m_register, output+(iterationCount-1)*s, s); + m_cipher->AdvancedProcessBlocks(output, PtrAdd(input,s), PtrAdd(output,s), (iterationCount-1)*s, 0); + memcpy(m_register, PtrAdd(output,(iterationCount-1)*s), s); } else { - memcpy(m_temp, input+(iterationCount-1)*s, s); // make copy first in case of in-place decryption + // make copy first in case of in-place decryption + memcpy(m_temp, PtrAdd(input,(iterationCount-1)*s), s); if (iterationCount > 1) - m_cipher->AdvancedProcessBlocks(input, input+s, output+s, (iterationCount-1)*s, BlockTransformation::BT_ReverseDirection); + m_cipher->AdvancedProcessBlocks(input, PtrAdd(input,s), PtrAdd(output,s), (iterationCount-1)*s, BlockTransformation::BT_ReverseDirection); m_cipher->ProcessAndXorBlock(m_register, input, output); memcpy(m_register, m_temp, s); } @@ -57,16 +59,21 @@ void CFB_ModePolicy::Iterate(byte *output, const byte *input, CipherDir dir, siz void CFB_ModePolicy::TransformRegister() { - CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation()); // CFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt + CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation()); + CRYPTOPP_ASSERT(m_register.size() == BlockSize()); + CRYPTOPP_ASSERT(m_temp.size() == BlockSize()); + + const ptrdiff_t updateSize = BlockSize()-m_feedbackSize; m_cipher->ProcessBlock(m_register, m_temp); - unsigned int updateSize = BlockSize()-m_feedbackSize; - memmove_s(m_register, m_register.size(), m_register+m_feedbackSize, updateSize); - memcpy_s(m_register+updateSize, m_register.size()-updateSize, m_temp, m_feedbackSize); + memmove_s(m_register, m_register.size(), PtrAdd(m_register.begin(),m_feedbackSize), updateSize); + memcpy_s(PtrAdd(m_register.begin(),updateSize), m_register.size()-updateSize, m_temp, m_feedbackSize); } void CFB_ModePolicy::CipherResynchronize(const byte *iv, size_t length) { CRYPTOPP_ASSERT(length == BlockSize()); + CRYPTOPP_ASSERT(m_register.size() == BlockSize()); + CopyOrZero(m_register, m_register.size(), iv, length); TransformRegister(); } @@ -84,19 +91,30 @@ void CFB_ModePolicy::ResizeBuffers() m_temp.New(BlockSize()); } +byte* CFB_ModePolicy::GetRegisterBegin() +{ + CRYPTOPP_ASSERT(!m_register.empty()); + CRYPTOPP_ASSERT(BlockSize() >= m_feedbackSize); + return PtrAdd(m_register.begin(), BlockSize() - m_feedbackSize); +} + void OFB_ModePolicy::WriteKeystream(byte *keystreamBuffer, size_t iterationCount) { - CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation()); // OFB mode needs the "encrypt" direction of the underlying block cipher, even to decrypt - unsigned int s = BlockSize(); + CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation()); + CRYPTOPP_ASSERT(m_register.size() == BlockSize()); + CRYPTOPP_ASSERT(iterationCount > 0); + + const unsigned int s = BlockSize(); m_cipher->ProcessBlock(m_register, keystreamBuffer); if (iterationCount > 1) - m_cipher->AdvancedProcessBlocks(keystreamBuffer, NULLPTR, keystreamBuffer+s, s*(iterationCount-1), 0); - memcpy(m_register, keystreamBuffer+s*(iterationCount-1), s); + m_cipher->AdvancedProcessBlocks(keystreamBuffer, NULLPTR, PtrAdd(keystreamBuffer, s), s*(iterationCount-1), 0); + memcpy(m_register, PtrAdd(keystreamBuffer, (iterationCount-1)*s), s); } void OFB_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) { CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length); + CRYPTOPP_ASSERT(m_register.size() == BlockSize()); CRYPTOPP_ASSERT(length == BlockSize()); CopyOrZero(m_register, m_register.size(), iv, length); @@ -107,8 +125,8 @@ void CTR_ModePolicy::SeekToIteration(lword iterationCount) int carry=0; for (int i=BlockSize()-1; i>=0; i--) { - unsigned int sum = m_register[i] + byte(iterationCount) + carry; - m_counterArray[i] = (byte) sum; + unsigned int sum = m_register[i] + (byte)iterationCount + carry; + m_counterArray[i] = byte(sum & 0xff); carry = sum >> 8; iterationCount >>= 8; } @@ -121,20 +139,23 @@ void CTR_ModePolicy::IncrementCounterBy256() void CTR_ModePolicy::OperateKeystream(KeystreamOperation /*operation*/, byte *output, const byte *input, size_t iterationCount) { - CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation()); // CTR mode needs the "encrypt" direction of the underlying block cipher, even to decrypt - unsigned int s = BlockSize(); - unsigned int inputIncrement = input ? s : 0; + CRYPTOPP_ASSERT(m_cipher->IsForwardTransformation()); + CRYPTOPP_ASSERT(m_counterArray.size() == BlockSize()); + + const unsigned int s = BlockSize(); + const unsigned int inputIncrement = input ? s : 0; while (iterationCount) { - byte lsb = m_counterArray[s-1]; - size_t blocks = UnsignedMin(iterationCount, 256U-lsb); + const byte lsb = m_counterArray[s-1]; + const size_t blocks = UnsignedMin(iterationCount, 256U-lsb); + m_cipher->AdvancedProcessBlocks(m_counterArray, input, output, blocks*s, BlockTransformation::BT_InBlockIsCounter|BlockTransformation::BT_AllowParallel); - if ((m_counterArray[s-1] = lsb + (byte)blocks) == 0) + if ((m_counterArray[s-1] = byte(lsb + blocks)) == 0) IncrementCounterBy256(); - output += blocks*s; - input += blocks*inputIncrement; + output = PtrAdd(output, blocks*s); + input = PtrAdd(input, blocks*inputIncrement); iterationCount -= blocks; } } @@ -142,10 +163,11 @@ void CTR_ModePolicy::OperateKeystream(KeystreamOperation /*operation*/, byte *ou void CTR_ModePolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) { CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length); + CRYPTOPP_ASSERT(m_register.size() == BlockSize()); CRYPTOPP_ASSERT(length == BlockSize()); CopyOrZero(m_register, m_register.size(), iv, length); - m_counterArray = m_register; + m_counterArray.Assign(m_register.begin(), m_register.size()); } void BlockOrientedCipherModeBase::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) @@ -174,20 +196,23 @@ void ECB_OneWay::ProcessData(byte *outString, const byte *inString, size_t lengt void CBC_Encryption::ProcessData(byte *outString, const byte *inString, size_t length) { - if (!length) return; CRYPTOPP_ASSERT(length%BlockSize()==0); + CRYPTOPP_ASSERT(m_register.size() == BlockSize()); + if (!length) return; const unsigned int blockSize = BlockSize(); m_cipher->AdvancedProcessBlocks(inString, m_register, outString, blockSize, BlockTransformation::BT_XorInput); if (length > blockSize) - m_cipher->AdvancedProcessBlocks(inString+blockSize, outString, outString+blockSize, length-blockSize, BlockTransformation::BT_XorInput); - memcpy(m_register, outString + length - blockSize, blockSize); + m_cipher->AdvancedProcessBlocks(PtrAdd(inString,blockSize), outString, PtrAdd(outString,blockSize), length-blockSize, BlockTransformation::BT_XorInput); + memcpy(m_register, PtrAdd(outString, length - blockSize), blockSize); } size_t CBC_CTS_Encryption::ProcessLastBlock(byte *outString, size_t outLength, const byte *inString, size_t inLength) { CRYPTOPP_UNUSED(outLength); - size_t used = inLength; + const size_t used = inLength; + const unsigned int blockSize = BlockSize(); + if (inLength <= BlockSize()) { if (!m_stolenIV) @@ -200,17 +225,17 @@ size_t CBC_CTS_Encryption::ProcessLastBlock(byte *outString, size_t outLength, c else { // steal from next to last block - xorbuf(m_register, inString, BlockSize()); + xorbuf(m_register, inString, blockSize); m_cipher->ProcessBlock(m_register); - inString += BlockSize(); - inLength -= BlockSize(); - memcpy(outString+BlockSize(), m_register, inLength); + inString = PtrAdd(inString, blockSize); + inLength -= blockSize; + memcpy(PtrAdd(outString, blockSize), m_register, inLength); } // output last full ciphertext block xorbuf(m_register, inString, inLength); m_cipher->ProcessBlock(m_register); - memcpy(outString, m_register, BlockSize()); + memcpy(outString, m_register, blockSize); return used; } @@ -223,14 +248,14 @@ void CBC_Decryption::ResizeBuffers() void CBC_Decryption::ProcessData(byte *outString, const byte *inString, size_t length) { - if (!length) - return; CRYPTOPP_ASSERT(length%BlockSize()==0); + if (!length) {return;} + // save copy now in case of in-place decryption const unsigned int blockSize = BlockSize(); - memcpy(m_temp, inString+length-blockSize, blockSize); // save copy now in case of in-place decryption + memcpy(m_temp, PtrAdd(inString,length-blockSize), blockSize); if (length > blockSize) - m_cipher->AdvancedProcessBlocks(inString+blockSize, inString, outString+blockSize, length-blockSize, BlockTransformation::BT_ReverseDirection|BlockTransformation::BT_AllowParallel); + m_cipher->AdvancedProcessBlocks(PtrAdd(inString,blockSize), inString, PtrAdd(outString,blockSize), length-blockSize, BlockTransformation::BT_ReverseDirection|BlockTransformation::BT_AllowParallel); m_cipher->ProcessAndXorBlock(inString, m_register, outString); m_register.swap(m_temp); } @@ -239,8 +264,9 @@ size_t CBC_CTS_Decryption::ProcessLastBlock(byte *outString, size_t outLength, c { CRYPTOPP_UNUSED(outLength); const byte *pn1, *pn2; - bool stealIV = inLength <= BlockSize(); - size_t used = inLength; + const size_t used = inLength; + const bool stealIV = inLength <= BlockSize(); + const unsigned int blockSize = BlockSize(); if (stealIV) { @@ -249,13 +275,13 @@ size_t CBC_CTS_Decryption::ProcessLastBlock(byte *outString, size_t outLength, c } else { - pn1 = inString + BlockSize(); + pn1 = PtrAdd(inString, blockSize); pn2 = inString; - inLength -= BlockSize(); + inLength -= blockSize; } // decrypt last partial plaintext block - memcpy(m_temp, pn2, BlockSize()); + memcpy(m_temp, pn2, blockSize); m_cipher->ProcessBlock(m_temp); xorbuf(m_temp, pn1, inLength); @@ -265,11 +291,11 @@ size_t CBC_CTS_Decryption::ProcessLastBlock(byte *outString, size_t outLength, c } else { - memcpy(outString+BlockSize(), m_temp, inLength); + memcpy(PtrAdd(outString, blockSize), m_temp, inLength); // decrypt next to last plaintext block memcpy(m_temp, pn1, inLength); m_cipher->ProcessBlock(m_temp); - xorbuf(outString, m_temp, m_register, BlockSize()); + xorbuf(outString, m_temp, m_register, blockSize); } return used; diff --git a/vendor/cryptopp/vendor_cryptopp/modes.h b/vendor/cryptopp/vendor_cryptopp/modes.h index b199ef6d..c15279b8 100644 --- a/vendor/cryptopp/vendor_cryptopp/modes.h +++ b/vendor/cryptopp/vendor_cryptopp/modes.h @@ -50,17 +50,58 @@ class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CipherModeBase : public SymmetricCipher { public: virtual ~CipherModeBase() {} - size_t MinKeyLength() const {return m_cipher->MinKeyLength();} - size_t MaxKeyLength() const {return m_cipher->MaxKeyLength();} - size_t DefaultKeyLength() const {return m_cipher->DefaultKeyLength();} - size_t GetValidKeyLength(size_t n) const {return m_cipher->GetValidKeyLength(n);} - bool IsValidKeyLength(size_t n) const {return m_cipher->IsValidKeyLength(n);} + // Algorithm class + std::string AlgorithmProvider() const { + return m_cipher != NULLPTR ? m_cipher->AlgorithmProvider() : "C++"; + } + + /// \brief Returns smallest valid key length + /// \returns the minimum key length, in bytes + size_t MinKeyLength() const {return m_cipher->MinKeyLength();} + + /// \brief Returns largest valid key length + /// \returns the maximum key length, in bytes + size_t MaxKeyLength() const {return m_cipher->MaxKeyLength();} + + /// \brief Returns default key length + /// \returns the default key length, in bytes + size_t DefaultKeyLength() const {return m_cipher->DefaultKeyLength();} + + /// \brief Returns a valid key length for the algorithm + /// \param keylength the size of the key, in bytes + /// \returns the valid key length, in bytes + /// \details keylength is provided in bytes, not bits. If keylength is less than MIN_KEYLENGTH, + /// then the function returns MIN_KEYLENGTH. If keylength is greater than MAX_KEYLENGTH, + /// then the function returns MAX_KEYLENGTH. if If keylength is a multiple of KEYLENGTH_MULTIPLE, + /// then keylength is returned. Otherwise, the function returns a \a lower multiple of + /// KEYLENGTH_MULTIPLE. + size_t GetValidKeyLength(size_t keylength) const {return m_cipher->GetValidKeyLength(keylength);} + + /// \brief Returns whether keylength is a valid key length + /// \param keylength the requested keylength + /// \return true if keylength is valid, false otherwise + /// \details Internally the function calls GetValidKeyLength() + bool IsValidKeyLength(size_t keylength) const {return m_cipher->IsValidKeyLength(keylength);} + + /// \brief Provides input and output data alignment for optimal performance. + /// \return the input data alignment that provides optimal performance + /// \sa GetAlignment() and OptimalBlockSize() unsigned int OptimalDataAlignment() const {return m_cipher->OptimalDataAlignment();} + /// \brief Returns length of the IV accepted by this object + /// \return the size of an IV, in bytes + /// \throws NotImplemented() if the object does not support resynchronization + /// \details The default implementation throws NotImplemented unsigned int IVSize() const {return BlockSize();} + + /// \brief Minimal requirement for secure IVs + /// \return the secure IV requirement of the algorithm virtual IV_Requirement IVRequirement() const =0; + /// \brief Set external block cipher + /// \param cipher An external block cipher + /// \details The cipher should be keyed. void SetCipher(BlockCipher &cipher) { this->ThrowIfResynchronizable(); @@ -68,6 +109,11 @@ public: this->ResizeBuffers(); } + /// \brief Set external block cipher and IV + /// \param cipher An external block cipher + /// \param iv a byte array used to resynchronize the cipher + /// \param feedbackSize the feedback size, in bytes + /// \details The cipher should be keyed. void SetCipherWithIV(BlockCipher &cipher, const byte *iv, int feedbackSize = 0) { this->ThrowIfInvalidIV(iv); @@ -80,7 +126,11 @@ public: protected: CipherModeBase() : m_cipher(NULLPTR) {} - inline unsigned int BlockSize() const {CRYPTOPP_ASSERT(m_register.size() > 0); return (unsigned int)m_register.size();} + inline unsigned int BlockSize() const + { + CRYPTOPP_ASSERT(m_register.size() > 0); + return static_cast(m_register.size()); + } virtual void SetFeedbackSize(unsigned int feedbackSize) { if (!(feedbackSize == 0 || feedbackSize == BlockSize())) @@ -90,7 +140,7 @@ protected: virtual void ResizeBuffers(); BlockCipher *m_cipher; - AlignedSecByteBlock m_register; + SecByteBlock m_register; }; /// \brief Block cipher mode of operation common operations @@ -118,31 +168,40 @@ public: CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "CFB";} virtual ~CFB_ModePolicy() {} + CFB_ModePolicy() : m_feedbackSize(0) {} IV_Requirement IVRequirement() const {return RANDOM_IV;} protected: unsigned int GetBytesPerIteration() const {return m_feedbackSize;} - byte * GetRegisterBegin() {return m_register + BlockSize() - m_feedbackSize;} bool CanIterate() const {return m_feedbackSize == BlockSize();} void Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount); void TransformRegister(); void CipherResynchronize(const byte *iv, size_t length); void SetFeedbackSize(unsigned int feedbackSize); void ResizeBuffers(); + byte * GetRegisterBegin(); SecByteBlock m_temp; unsigned int m_feedbackSize; }; -inline void CopyOrZero(void *dest, size_t d, const void *src, size_t s) +/// \brief Initialize a block of memory +/// \param dest the destination block of memory +/// \param dsize the size of the destination block, in bytes +/// \param src the source block of memory +/// \param ssize the size of the source block, in bytes +/// \details CopyOrZero copies ssize bytes from source to destination if +/// src is not NULL. If src is NULL then dest is zero'd. Bounds are not +/// checked at runtime. Debug builds assert if ssize exceeds dsize. +inline void CopyOrZero(void *dest, size_t dsize, const void *src, size_t ssize) { CRYPTOPP_ASSERT(dest); - CRYPTOPP_ASSERT(d >= s); + CRYPTOPP_ASSERT(dsize >= ssize); - if (src) - memcpy_s(dest, d, src, s); + if (src != NULLPTR) + memcpy_s(dest, dsize, src, ssize); else - memset(dest, 0, d); + memset(dest, 0, dsize); } /// \brief OFB block cipher mode of operation @@ -154,7 +213,7 @@ public: bool CipherIsRandomAccess() const {return false;} IV_Requirement IVRequirement() const {return UNIQUE_IV;} -private: +protected: unsigned int GetBytesPerIteration() const {return BlockSize();} unsigned int GetIterationsToBuffer() const {return m_cipher->OptimalNumberOfParallelBlocks();} void WriteKeystream(byte *keystreamBuffer, size_t iterationCount); @@ -183,7 +242,8 @@ protected: void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); void SeekToIteration(lword iterationCount); - AlignedSecByteBlock m_counterArray; + // adv_simd.h increments the counter + mutable SecByteBlock m_counterArray; }; /// \brief Block cipher mode of operation default implementation @@ -214,7 +274,7 @@ public: void SetKey(const byte *key, size_t length, const NameValuePairs ¶ms = g_nullNameValuePairs) {m_cipher->SetKey(key, length, params); BlockOrientedCipherModeBase::ResizeBuffers();} IV_Requirement IVRequirement() const {return NOT_RESYNCHRONIZABLE;} - unsigned int OptimalBlockSize() const {return BlockSize() * m_cipher->OptimalNumberOfParallelBlocks();} + unsigned int OptimalBlockSize() const {return static_cast(BlockSize() * m_cipher->OptimalNumberOfParallelBlocks());} void ProcessData(byte *outString, const byte *inString, size_t length); }; @@ -251,7 +311,7 @@ protected: void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) { CBC_Encryption::UncheckedSetKey(key, length, params); - m_stolenIV = params.GetValueWithDefault(Name::StolenIV(), (byte *)NULLPTR); + m_stolenIV = params.GetValueWithDefault(Name::StolenIV(), static_cast(NULLPTR)); } byte *m_stolenIV; @@ -267,7 +327,7 @@ public: protected: virtual void ResizeBuffers(); - AlignedSecByteBlock m_temp; + SecByteBlock m_temp; }; /// \brief CBC-CTS block cipher mode of operation decryption operation @@ -284,29 +344,61 @@ template class CipherModeFinalTemplate_CipherHolder : protected ObjectHolder, public AlgorithmImpl > { public: + /// \brief Provides the name of this algorithm + /// \return the standard algorithm name + /// \details The standard algorithm name can be a name like \a AES or \a AES/GCM. Some algorithms + /// do not have standard names yet. For example, there is no standard algorithm name for + /// Shoup's ECIES. static std::string CRYPTOPP_API StaticAlgorithmName() {return CIPHER::StaticAlgorithmName() + "/" + BASE::StaticAlgorithmName();} + /// \brief Construct a CipherModeFinalTemplate CipherModeFinalTemplate_CipherHolder() { this->m_cipher = &this->m_object; this->ResizeBuffers(); } + + /// \brief Construct a CipherModeFinalTemplate + /// \param key a byte array used to key the cipher + /// \param length size of the key in bytes + /// \details key must be at least DEFAULT_KEYLENGTH in length. Internally, the function calls + /// SimpleKeyingInterface::SetKey. CipherModeFinalTemplate_CipherHolder(const byte *key, size_t length) { this->m_cipher = &this->m_object; this->SetKey(key, length); } + + /// \brief Construct a CipherModeFinalTemplate + /// \param key a byte array used to key the cipher + /// \param length size of the key in bytes + /// \param iv a byte array used to resynchronize the cipher + /// \details key must be at least DEFAULT_KEYLENGTH in length. iv must be IVSize() or + /// BLOCKSIZE in length. Internally, the function calls SimpleKeyingInterface::SetKey. CipherModeFinalTemplate_CipherHolder(const byte *key, size_t length, const byte *iv) { this->m_cipher = &this->m_object; this->SetKey(key, length, MakeParameters(Name::IV(), ConstByteArrayParameter(iv, this->m_cipher->BlockSize()))); } + + /// \brief Construct a CipherModeFinalTemplate + /// \param key a byte array used to key the cipher + /// \param length size of the key in bytes + /// \param iv a byte array used to resynchronize the cipher + /// \param feedbackSize the feedback size, in bytes + /// \details key must be at least DEFAULT_KEYLENGTH in length. iv must be IVSize() or + /// BLOCKSIZE in length. Internally, the function calls SimpleKeyingInterface::SetKey. CipherModeFinalTemplate_CipherHolder(const byte *key, size_t length, const byte *iv, int feedbackSize) { this->m_cipher = &this->m_object; this->SetKey(key, length, MakeParameters(Name::IV(), ConstByteArrayParameter(iv, this->m_cipher->BlockSize()))(Name::FeedbackSize(), feedbackSize)); } + + // Algorithm class + std::string AlgorithmProvider() const { + return this->m_cipher->AlgorithmProvider(); + } }; /// \tparam BASE CipherModeFinalTemplate_CipherHolder base class @@ -315,14 +407,36 @@ template class CipherModeFinalTemplate_ExternalCipher : public BASE { public: + /// \brief Construct a default CipherModeFinalTemplate + /// \details The cipher is not keyed. CipherModeFinalTemplate_ExternalCipher() {} + + /// \brief Construct a CipherModeFinalTemplate + /// \param cipher An external block cipher + /// \details The cipher should be keyed. CipherModeFinalTemplate_ExternalCipher(BlockCipher &cipher) {this->SetCipher(cipher);} + + /// \brief Construct a CipherModeFinalTemplate + /// \param cipher An external block cipher + /// \param iv a byte array used to resynchronize the cipher + /// \param feedbackSize the feedback size, in bytes + /// \details The cipher should be keyed. CipherModeFinalTemplate_ExternalCipher(BlockCipher &cipher, const byte *iv, int feedbackSize = 0) {this->SetCipherWithIV(cipher, iv, feedbackSize);} + /// \brief Provides the name of this algorithm + /// \return the standard algorithm name + /// \details The standard algorithm name can be a name like \a AES or \a AES/GCM. Some algorithms + /// do not have standard names yet. For example, there is no standard algorithm name for + /// Shoup's ECIES. + /// \note AlgorithmName is not universally implemented yet std::string AlgorithmName() const {return (this->m_cipher ? this->m_cipher->AlgorithmName() + "/" : std::string("")) + BASE::StaticAlgorithmName();} + + // Algorithm class + std::string AlgorithmProvider() const + {return this->m_cipher->AlgorithmProvider();} }; CRYPTOPP_DLL_TEMPLATE_CLASS CFB_CipherTemplate >; diff --git a/vendor/cryptopp/vendor_cryptopp/mqv.cpp b/vendor/cryptopp/vendor_cryptopp/mqv.cpp index 03896910..1189dfb1 100644 --- a/vendor/cryptopp/vendor_cryptopp/mqv.cpp +++ b/vendor/cryptopp/vendor_cryptopp/mqv.cpp @@ -8,6 +8,9 @@ #include "hmqv.h" #include "fhmqv.h" +// Squash MS LNK4221 and libtool warnings +extern const char MQV_FNAME[] = __FILE__; + NAMESPACE_BEGIN(CryptoPP) #if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) diff --git a/vendor/cryptopp/vendor_cryptopp/naclite.h b/vendor/cryptopp/vendor_cryptopp/naclite.h index c2183ae5..8be89e4a 100644 --- a/vendor/cryptopp/vendor_cryptopp/naclite.h +++ b/vendor/cryptopp/vendor_cryptopp/naclite.h @@ -3,40 +3,48 @@ // Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, // Tanja Lange, Peter Schwabe and Sjaak Smetsers. +// The Tweet API was added to the Crypto++ library to cross-validate results. +// We debated over putting it in the Test namespace, but settled for the NaCl +// namespace to segreate it from other parts of the library. + /// \file naclite.h /// \brief Crypto++ interface to TweetNaCl library (20140917) -/// \details TweetNaCl is a compact reimplementation of the NaCl library by -/// Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja Lange, -/// Peter Schwabe and Sjaak Smetsers. The library is less than 20 KB in size -/// and provides 25 of the NaCl library functions. +/// \details TweetNaCl is a compact reimplementation of the NaCl library +/// by Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja +/// Lange, Peter Schwabe and Sjaak Smetsers. The library is less than +/// 20 KB in size and provides 25 of the NaCl library functions. /// \details The compact library uses curve25519, XSalsa20, Poly1305 and -/// SHA-512 as default primitives, and includes both x25519 key exchange and -/// ed25519 signatures. The complete list of functions can be found in -/// TweetNaCl: +/// SHA-512 as default primitives, and includes both x25519 key exchange +/// and ed25519 signatures. The complete list of functions can be found +/// in TweetNaCl: /// A crypto library in 100 tweets (20140917), Table 1, page 5. -/// \details Crypto++ rejects small order elements using libsodium's blacklist. The -/// TweetNaCl library allowed them but the library predated the attack. If you wish -/// to allow small elements then use the "unchecked" versions of crypto_box_unchecked, -/// crypto_box_open_unchecked and crypto_box_beforenm_unchecked. -/// \details TweetNaCl is well written but not well optimzed. It runs 2x to 3x -/// slower than optimized routines from libsodium. However, the library is still -/// 2x to 4x faster than the algorithms NaCl was designed to replace. +/// \details Crypto++ rejects small order elements using libsodium's +/// blacklist. The TweetNaCl library allowed them but the library predated +/// the attack. If you wish to allow small elements then use the "unchecked" +/// versions of crypto_box_unchecked, crypto_box_open_unchecked and +/// crypto_box_beforenm_unchecked. +/// \details TweetNaCl is well written but not well optimzed. It runs about +/// 10x slower than optimized routines from libsodium. However, the library +/// is still 2x to 4x faster than the algorithms NaCl was designed to replace +/// and allows cross-checking results from an independent implementation. /// \details The Crypto++ wrapper for TweetNaCl requires OS features. That is, -/// NO_OS_DEPENDENCE cannot be defined. It is due to TweetNaCl's -/// internal function randombytes. Crypto++ used -/// DefaultAutoSeededRNG within randombytes, so OS integration -/// must be enabled. You can use another generator like RDRAND to -/// avoid the restriction. -/// \sa The security impact -/// of a new cryptographic library, NO_OS_DEPENDENCE cannot be defined. It is due to TweetNaCl's +/// internal function randombytes. Crypto++ used +/// DefaultAutoSeededRNG within randombytes, so OS +/// integration must be enabled. You can use another generator like +/// RDRAND to avoid the restriction. +/// \sa The security +/// impact of a new cryptographic library, TweetNaCl: /// A crypto library in 100 tweets (20140917), May the Fourth Be With You: A -/// Microarchitectural Side Channel Attack on Several Real-World Applications of -/// Curve25519, May the Fourth Be With You: +/// A Microarchitectural Side Channel Attack on Several Real-World +/// Applications of Curve25519, libsodium -/// commit afabd7e7386e1194 and RFC -/// 7748, Elliptic Curves for Security, Section 6. +/// commit afabd7e7386e1194 and RFC 7748, Elliptic Curves for +/// Security, Section 6. /// \since Crypto++ 6.0 #ifndef CRYPTOPP_NACL_H @@ -373,6 +381,19 @@ int crypto_sign_open(byte *m,word64 *mlen,const byte *sm,word64 n,const byte *pk /// \since Crypto++ 6.0 int crypto_sign_keypair(byte *pk, byte *sk); +/// \brief Calculate a public key from a secret key +/// \param pk public key byte buffer +/// \param sk private key byte buffer +/// \details crypto_sign_sk2pk() creates an ed25519 public key from an existing +/// 32-byte secret key. The function does not backfill the tail bytes of the +/// secret key with the calculated public key. +/// \details crypto_sign_sk2pk() is not part of libsodium or Tweet API. It was +/// added for interop with some anonymous routing protocols. +/// \returns 0 on success, non-0 otherwise +/// \sa NaCl crypto_sign documentation +/// \since Crypto++ 8.0 +int crypto_sign_sk2pk(byte *pk, const byte *sk); + /// \brief Produce a keystream using XSalsa20 /// \details crypto_stream() uses crypto_stream_xsalsa20 /// \returns 0 on success, non-0 otherwise diff --git a/vendor/cryptopp/vendor_cryptopp/neon-simd.cpp b/vendor/cryptopp/vendor_cryptopp/neon_simd.cpp similarity index 62% rename from vendor/cryptopp/vendor_cryptopp/neon-simd.cpp rename to vendor/cryptopp/vendor_cryptopp/neon_simd.cpp index bb10a308..1a77260b 100644 --- a/vendor/cryptopp/vendor_cryptopp/neon-simd.cpp +++ b/vendor/cryptopp/vendor_cryptopp/neon_simd.cpp @@ -1,4 +1,5 @@ -// crc-simd.cpp - written and placed in the public domain by + +// crc_simd.cpp - written and placed in the public domain by // Jeffrey Walton, Uri Blumenthal and Marcel Raad. // // This source file uses intrinsics to gain access to ARMv7a and @@ -16,7 +17,7 @@ // Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many // compilers don't follow ACLE conventions for the include. -#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE) +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) # include # include #endif @@ -30,6 +31,9 @@ # define EXCEPTION_EXECUTE_HANDLER 1 #endif +// Squash MS LNK4221 and libtool warnings +extern const char NEON_SIMD_FNAME[] = __FILE__; + NAMESPACE_BEGIN(CryptoPP) #ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY @@ -44,9 +48,66 @@ extern "C" { } #endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY +bool CPU_ProbeARMv7() +{ +#if defined(__aarch32__) || defined(__aarch64__) + return true; +#elif defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) + return false; +#elif (CRYPTOPP_ARM_NEON_AVAILABLE) +# if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY) + volatile bool result = true; + __try + { + // Modern MS hardware is ARMv7 + result = true; + } + __except (EXCEPTION_EXECUTE_HANDLER) + { + return false; + } + return result; +# elif defined(__arm__) && (__ARM_ARCH >= 7) + // longjmp and clobber warnings. Volatile is required. + // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 + volatile bool result = true; + + volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); + if (oldHandler == SIG_ERR) + return false; + + volatile sigset_t oldMask; + if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) + return false; + + if (setjmp(s_jmpSIGILL)) + result = false; + else + { + // ARMv7 added movt and movw + int a; + asm volatile("movw %0,%1 \n" + "movt %0,%1 \n" + : "=r"(a) : "i"(0x1234)); + result = (a == 0x12341234); + } + + sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); + signal(SIGILL, oldHandler); + return result; +# else + return false; +# endif +#else + return false; +#endif // CRYPTOPP_ARM_NEON_AVAILABLE +} + bool CPU_ProbeNEON() { -#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) +#if defined(__aarch32__) || defined(__aarch64__) + return true; +#elif defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) return false; #elif (CRYPTOPP_ARM_NEON_AVAILABLE) # if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY) diff --git a/vendor/cryptopp/vendor_cryptopp/network.cpp b/vendor/cryptopp/vendor_cryptopp/network.cpp deleted file mode 100644 index c7873d0e..00000000 --- a/vendor/cryptopp/vendor_cryptopp/network.cpp +++ /dev/null @@ -1,554 +0,0 @@ -// network.cpp - originally written and placed in the public domain by Wei Dai - -#include "pch.h" - -#include "network.h" - -#if !defined(NO_OS_DEPENDENCE) && defined(SOCKETS_AVAILABLE) - -#include "wait.h" - -#define CRYPTOPP_TRACE_NETWORK 0 - -NAMESPACE_BEGIN(CryptoPP) - -lword LimitedBandwidth::ComputeCurrentTransceiveLimit() -{ - if (!m_maxBytesPerSecond) - return ULONG_MAX; - - const double curTime = GetCurTimeAndCleanUp(); - CRYPTOPP_UNUSED(curTime); - - lword total = 0; - for (OpQueue::size_type i=0; i!=m_ops.size(); ++i) - total += m_ops[i].second; - return SaturatingSubtract(m_maxBytesPerSecond, total); -} - -double LimitedBandwidth::TimeToNextTransceive() -{ - if (!m_maxBytesPerSecond) - return 0; - - if (!m_nextTransceiveTime) - ComputeNextTransceiveTime(); - - return SaturatingSubtract(m_nextTransceiveTime, m_timer.ElapsedTimeAsDouble()); -} - -void LimitedBandwidth::NoteTransceive(lword size) -{ - if (m_maxBytesPerSecond) - { - double curTime = GetCurTimeAndCleanUp(); - m_ops.push_back(std::make_pair(curTime, size)); - m_nextTransceiveTime = 0; - } -} - -void LimitedBandwidth::ComputeNextTransceiveTime() -{ - double curTime = GetCurTimeAndCleanUp(); - lword total = 0; - for (unsigned int i=0; i!=m_ops.size(); ++i) - total += m_ops[i].second; - m_nextTransceiveTime = - (total < m_maxBytesPerSecond) ? curTime : m_ops.front().first + 1000; -} - -double LimitedBandwidth::GetCurTimeAndCleanUp() -{ - if (!m_maxBytesPerSecond) - return 0; - - double curTime = m_timer.ElapsedTimeAsDouble(); - while (m_ops.size() && (m_ops.front().first + 1000 < curTime)) - m_ops.pop_front(); - return curTime; -} - -void LimitedBandwidth::GetWaitObjects(WaitObjectContainer &container, const CallStack &callStack) -{ - double nextTransceiveTime = TimeToNextTransceive(); - if (nextTransceiveTime) - container.ScheduleEvent(nextTransceiveTime, CallStack("LimitedBandwidth::GetWaitObjects()", &callStack)); -} - -// ************************************************************* - -size_t NonblockingSource::GeneralPump2( - lword& byteCount, bool blockingOutput, - unsigned long maxTime, bool checkDelimiter, byte delimiter) -{ - m_blockedBySpeedLimit = false; - - if (!GetMaxBytesPerSecond()) - { - size_t ret = DoPump(byteCount, blockingOutput, maxTime, checkDelimiter, delimiter); - m_doPumpBlocked = (ret != 0); - return ret; - } - - bool forever = (maxTime == INFINITE_TIME); - unsigned long timeToGo = maxTime; - Timer timer(Timer::MILLISECONDS, forever); - lword maxSize = byteCount; - byteCount = 0; - - timer.StartTimer(); - - while (true) - { - lword curMaxSize = UnsignedMin(ComputeCurrentTransceiveLimit(), maxSize - byteCount); - - if (curMaxSize || m_doPumpBlocked) - { - if (!forever) timeToGo = SaturatingSubtract(maxTime, timer.ElapsedTime()); - size_t ret = DoPump(curMaxSize, blockingOutput, timeToGo, checkDelimiter, delimiter); - m_doPumpBlocked = (ret != 0); - if (curMaxSize) - { - NoteTransceive(curMaxSize); - byteCount += curMaxSize; - } - if (ret) - return ret; - } - - if (maxSize != ULONG_MAX && byteCount >= maxSize) - break; - - if (!forever) - { - timeToGo = SaturatingSubtract(maxTime, timer.ElapsedTime()); - if (!timeToGo) - break; - } - - double waitTime = TimeToNextTransceive(); - if (!forever && waitTime > timeToGo) - { - m_blockedBySpeedLimit = true; - break; - } - - WaitObjectContainer container; - LimitedBandwidth::GetWaitObjects(container, CallStack("NonblockingSource::GeneralPump2() - speed limit", NULLPTR)); - container.Wait((unsigned long)waitTime); - } - - return 0; -} - -size_t NonblockingSource::PumpMessages2(unsigned int &messageCount, bool blocking) -{ - if (messageCount == 0) - return 0; - - messageCount = 0; - - lword byteCount; - do { - byteCount = LWORD_MAX; - RETURN_IF_NONZERO(Pump2(byteCount, blocking)); - } while(byteCount == LWORD_MAX); - - if (!m_messageEndSent && SourceExhausted()) - { - RETURN_IF_NONZERO(AttachedTransformation()->Put2(NULLPTR, 0, GetAutoSignalPropagation(), true)); - m_messageEndSent = true; - messageCount = 1; - } - return 0; -} - -lword NonblockingSink::TimedFlush(unsigned long maxTime, size_t targetSize) -{ - m_blockedBySpeedLimit = false; - - size_t curBufSize = GetCurrentBufferSize(); - if (curBufSize <= targetSize && (targetSize || !EofPending())) - return 0; - - if (!GetMaxBytesPerSecond()) - return DoFlush(maxTime, targetSize); - - bool forever = (maxTime == INFINITE_TIME); - unsigned long timeToGo = maxTime; - Timer timer(Timer::MILLISECONDS, forever); - lword totalFlushed = 0; - - timer.StartTimer(); - - while (true) - { - size_t flushSize = UnsignedMin(curBufSize - targetSize, ComputeCurrentTransceiveLimit()); - if (flushSize || EofPending()) - { - if (!forever) timeToGo = SaturatingSubtract(maxTime, timer.ElapsedTime()); - size_t ret = (size_t)DoFlush(timeToGo, curBufSize - flushSize); - if (ret) - { - NoteTransceive(ret); - curBufSize -= ret; - totalFlushed += ret; - } - } - - if (curBufSize <= targetSize && (targetSize || !EofPending())) - break; - - if (!forever) - { - timeToGo = SaturatingSubtract(maxTime, timer.ElapsedTime()); - if (!timeToGo) - break; - } - - double waitTime = TimeToNextTransceive(); - if (!forever && waitTime > timeToGo) - { - m_blockedBySpeedLimit = true; - break; - } - - WaitObjectContainer container; - LimitedBandwidth::GetWaitObjects(container, CallStack("NonblockingSink::TimedFlush() - speed limit", NULLPTR)); - container.Wait((unsigned long)waitTime); - } - - return totalFlushed; -} - -bool NonblockingSink::IsolatedFlush(bool hardFlush, bool blocking) -{ - TimedFlush(blocking ? INFINITE_TIME : 0); - return hardFlush && (!!GetCurrentBufferSize() || EofPending()); -} - -// ************************************************************* - -NetworkSource::NetworkSource(BufferedTransformation *attachment) - : NonblockingSource(attachment), m_buf(1024*16) - , m_putSize(0), m_dataBegin(0), m_dataEnd(0) - , m_waitingForResult(false), m_outputBlocked(false) -{ -} - -unsigned int NetworkSource::GetMaxWaitObjectCount() const -{ - return LimitedBandwidth::GetMaxWaitObjectCount() - + GetReceiver().GetMaxWaitObjectCount() - + AttachedTransformation()->GetMaxWaitObjectCount(); -} - -void NetworkSource::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (BlockedBySpeedLimit()) - LimitedBandwidth::GetWaitObjects(container, CallStack("NetworkSource::GetWaitObjects() - speed limit", &callStack)); - else if (!m_outputBlocked) - { - if (m_dataBegin == m_dataEnd) - AccessReceiver().GetWaitObjects(container, CallStack("NetworkSource::GetWaitObjects() - no data", &callStack)); - else - container.SetNoWait(CallStack("NetworkSource::GetWaitObjects() - have data", &callStack)); - } - - AttachedTransformation()->GetWaitObjects(container, CallStack("NetworkSource::GetWaitObjects() - attachment", &callStack)); -} - -size_t NetworkSource::DoPump(lword &byteCount, bool blockingOutput, unsigned long maxTime, bool checkDelimiter, byte delimiter) -{ - NetworkReceiver &receiver = AccessReceiver(); - - lword maxSize = byteCount; - byteCount = 0; - bool forever = maxTime == INFINITE_TIME; - Timer timer(Timer::MILLISECONDS, forever); - BufferedTransformation *t = AttachedTransformation(); - - if (m_outputBlocked) - goto DoOutput; - - while (true) - { - if (m_dataBegin == m_dataEnd) - { - if (receiver.EofReceived()) - break; - - if (m_waitingForResult) - { - if (receiver.MustWaitForResult() && - !receiver.Wait(SaturatingSubtract(maxTime, timer.ElapsedTime()), - CallStack("NetworkSource::DoPump() - wait receive result", NULLPTR))) - break; - - unsigned int recvResult = receiver.GetReceiveResult(); -#if CRYPTOPP_TRACE_NETWORK - OutputDebugStringA((IntToString((unsigned int)this) + ": Received " + IntToString(recvResult) + " bytes\n").c_str()); -#endif - m_dataEnd += recvResult; - m_waitingForResult = false; - - if (!receiver.MustWaitToReceive() && !receiver.EofReceived() && m_dataEnd != m_buf.size()) - goto ReceiveNoWait; - } - else - { - m_dataEnd = m_dataBegin = 0; - - if (receiver.MustWaitToReceive()) - { - if (!receiver.Wait(SaturatingSubtract(maxTime, timer.ElapsedTime()), - CallStack("NetworkSource::DoPump() - wait receive", NULLPTR))) - break; - - receiver.Receive(m_buf+m_dataEnd, m_buf.size()-m_dataEnd); - m_waitingForResult = true; - } - else - { -ReceiveNoWait: - m_waitingForResult = true; - // call Receive repeatedly as long as data is immediately available, - // because some receivers tend to return data in small pieces -#if CRYPTOPP_TRACE_NETWORK - OutputDebugStringA((IntToString((unsigned int)this) + ": Receiving " + IntToString(m_buf.size()-m_dataEnd) + " bytes\n").c_str()); -#endif - while (receiver.Receive(m_buf+m_dataEnd, m_buf.size()-m_dataEnd)) - { - unsigned int recvResult = receiver.GetReceiveResult(); -#if CRYPTOPP_TRACE_NETWORK - OutputDebugStringA((IntToString((unsigned int)this) + ": Received " + IntToString(recvResult) + " bytes\n").c_str()); -#endif - m_dataEnd += recvResult; - if (receiver.EofReceived() || m_dataEnd > m_buf.size() /2) - { - m_waitingForResult = false; - break; - } - } - } - } - } - else - { - m_putSize = UnsignedMin(m_dataEnd - m_dataBegin, maxSize - byteCount); - - if (checkDelimiter) - m_putSize = std::find(m_buf+m_dataBegin, m_buf+m_dataBegin+m_putSize, delimiter) - (m_buf+m_dataBegin); - -DoOutput: - size_t result = t->PutModifiable2(m_buf+m_dataBegin, m_putSize, 0, forever || blockingOutput); - if (result) - { - if (t->Wait(SaturatingSubtract(maxTime, timer.ElapsedTime()), - CallStack("NetworkSource::DoPump() - wait attachment", NULLPTR))) - goto DoOutput; - else - { - m_outputBlocked = true; - return result; - } - } - m_outputBlocked = false; - - byteCount += m_putSize; - m_dataBegin += m_putSize; - if (checkDelimiter && m_dataBegin < m_dataEnd && m_buf[m_dataBegin] == delimiter) - break; - if (maxSize != ULONG_MAX && byteCount == maxSize) - break; - // once time limit is reached, return even if there is more data waiting - // but make 0 a special case so caller can request a large amount of data to be - // pumped as long as it is immediately available - if (maxTime > 0 && timer.ElapsedTime() > maxTime) - break; - } - } - - return 0; -} - -// ************************************************************* - -NetworkSink::NetworkSink(unsigned int maxBufferSize, unsigned int autoFlushBound) - : m_maxBufferSize(maxBufferSize), m_autoFlushBound(autoFlushBound) - , m_needSendResult(false), m_wasBlocked(false), m_eofState(EOF_NONE) - , m_buffer(STDMIN(16U*1024U+256, maxBufferSize)), m_skipBytes(0) - , m_speedTimer(Timer::MILLISECONDS), m_byteCountSinceLastTimerReset(0) - , m_currentSpeed(0), m_maxObservedSpeed(0) -{ -} - -float NetworkSink::ComputeCurrentSpeed() -{ - if (m_speedTimer.ElapsedTime() > 1000) - { - m_currentSpeed = m_byteCountSinceLastTimerReset * 1000 / m_speedTimer.ElapsedTime(); - m_maxObservedSpeed = STDMAX(m_currentSpeed, m_maxObservedSpeed * 0.98f); - m_byteCountSinceLastTimerReset = 0; - m_speedTimer.StartTimer(); -// OutputDebugStringA(("max speed: " + IntToString((int)m_maxObservedSpeed) + " current speed: " + IntToString((int)m_currentSpeed) + "\n").c_str()); - } - return m_currentSpeed; -} - -float NetworkSink::GetMaxObservedSpeed() const -{ - lword m = GetMaxBytesPerSecond(); - return m ? STDMIN(m_maxObservedSpeed, static_cast(m)) : m_maxObservedSpeed; -} - -unsigned int NetworkSink::GetMaxWaitObjectCount() const -{ - return LimitedBandwidth::GetMaxWaitObjectCount() + GetSender().GetMaxWaitObjectCount(); -} - -void NetworkSink::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (BlockedBySpeedLimit()) - LimitedBandwidth::GetWaitObjects(container, CallStack("NetworkSink::GetWaitObjects() - speed limit", &callStack)); - else if (m_wasBlocked) - AccessSender().GetWaitObjects(container, CallStack("NetworkSink::GetWaitObjects() - was blocked", &callStack)); - else if (!m_buffer.IsEmpty()) - AccessSender().GetWaitObjects(container, CallStack("NetworkSink::GetWaitObjects() - buffer not empty", &callStack)); - else if (EofPending()) - AccessSender().GetWaitObjects(container, CallStack("NetworkSink::GetWaitObjects() - EOF pending", &callStack)); -} - -size_t NetworkSink::Put2(const byte *inString, size_t length, int messageEnd, bool blocking) -{ - if (m_eofState == EOF_DONE) - { - if (length || messageEnd) - throw Exception(Exception::OTHER_ERROR, "NetworkSink::Put2() being called after EOF had been sent"); - - return 0; - } - - if (m_eofState > EOF_NONE) - goto EofSite; - - { - if (m_skipBytes) - { - CRYPTOPP_ASSERT(length >= m_skipBytes); - inString += m_skipBytes; - length -= m_skipBytes; - } - - m_buffer.Put(inString, length); - - if (!blocking || m_buffer.CurrentSize() > m_autoFlushBound) - TimedFlush(0, 0); - - size_t targetSize = messageEnd ? 0 : m_maxBufferSize; - if (blocking) - TimedFlush(INFINITE_TIME, targetSize); - - if (m_buffer.CurrentSize() > targetSize) - { - CRYPTOPP_ASSERT(!blocking); - m_wasBlocked = true; - m_skipBytes += length; - size_t blockedBytes = UnsignedMin(length, m_buffer.CurrentSize() - targetSize); - return STDMAX(blockedBytes, 1); - } - - m_wasBlocked = false; - m_skipBytes = 0; - } - - if (messageEnd) - { - m_eofState = EOF_PENDING_SEND; - - EofSite: - TimedFlush(blocking ? INFINITE_TIME : 0, 0); - if (m_eofState != EOF_DONE) - return 1; - } - - return 0; -} - -lword NetworkSink::DoFlush(unsigned long maxTime, size_t targetSize) -{ - NetworkSender &sender = AccessSender(); - - bool forever = maxTime == INFINITE_TIME; - Timer timer(Timer::MILLISECONDS, forever); - unsigned int totalFlushSize = 0; - - while (true) - { - if (m_buffer.CurrentSize() <= targetSize) - break; - - if (m_needSendResult) - { - if (sender.MustWaitForResult() && - !sender.Wait(SaturatingSubtract(maxTime, timer.ElapsedTime()), - CallStack("NetworkSink::DoFlush() - wait send result", NULLPTR))) - break; - - unsigned int sendResult = sender.GetSendResult(); -#if CRYPTOPP_TRACE_NETWORK - OutputDebugStringA((IntToString((unsigned int)this) + ": Sent " + IntToString(sendResult) + " bytes\n").c_str()); -#endif - m_buffer.Skip(sendResult); - totalFlushSize += sendResult; - m_needSendResult = false; - - if (!m_buffer.AnyRetrievable()) - break; - } - - unsigned long timeOut = maxTime ? SaturatingSubtract(maxTime, timer.ElapsedTime()) : 0; - if (sender.MustWaitToSend() && !sender.Wait(timeOut, CallStack("NetworkSink::DoFlush() - wait send", NULLPTR))) - break; - - size_t contiguousSize = 0; - const byte *block = m_buffer.Spy(contiguousSize); - -#if CRYPTOPP_TRACE_NETWORK - OutputDebugStringA((IntToString((unsigned int)this) + ": Sending " + IntToString(contiguousSize) + " bytes\n").c_str()); -#endif - sender.Send(block, contiguousSize); - m_needSendResult = true; - - if (maxTime > 0 && timeOut == 0) - break; // once time limit is reached, return even if there is more data waiting - } - - m_byteCountSinceLastTimerReset += totalFlushSize; - ComputeCurrentSpeed(); - - if (m_buffer.IsEmpty() && !m_needSendResult) - { - if (m_eofState == EOF_PENDING_SEND) - { - sender.SendEof(); - m_eofState = sender.MustWaitForEof() ? EOF_PENDING_DELIVERY : EOF_DONE; - } - - while (m_eofState == EOF_PENDING_DELIVERY) - { - unsigned long timeOut = maxTime ? SaturatingSubtract(maxTime, timer.ElapsedTime()) : 0; - if (!sender.Wait(timeOut, CallStack("NetworkSink::DoFlush() - wait EOF", NULLPTR))) - break; - - if (sender.EofSent()) - m_eofState = EOF_DONE; - } - } - - return totalFlushSize; -} - -NAMESPACE_END - -#endif // #ifdef SOCKETS_AVAILABLE diff --git a/vendor/cryptopp/vendor_cryptopp/network.h b/vendor/cryptopp/vendor_cryptopp/network.h deleted file mode 100644 index 3ea90dee..00000000 --- a/vendor/cryptopp/vendor_cryptopp/network.h +++ /dev/null @@ -1,234 +0,0 @@ -#ifndef CRYPTOPP_NETWORK_H -#define CRYPTOPP_NETWORK_H - -#include "config.h" - -#if !defined(NO_OS_DEPENDENCE) && defined(SOCKETS_AVAILABLE) - -#include "filters.h" -#include "hrtimer.h" -#include "stdcpp.h" - -NAMESPACE_BEGIN(CryptoPP) - -class LimitedBandwidth -{ -public: - LimitedBandwidth(lword maxBytesPerSecond = 0) - : m_maxBytesPerSecond(maxBytesPerSecond), m_timer(Timer::MILLISECONDS) - , m_nextTransceiveTime(0) - { m_timer.StartTimer(); } - - lword GetMaxBytesPerSecond() const - { return m_maxBytesPerSecond; } - - void SetMaxBytesPerSecond(lword v) - { m_maxBytesPerSecond = v; } - - lword ComputeCurrentTransceiveLimit(); - - double TimeToNextTransceive(); - - void NoteTransceive(lword size); - -public: - /*! GetWaitObjects() must be called despite the 0 return from GetMaxWaitObjectCount(); - the 0 is because the ScheduleEvent() method is used instead of adding a wait object */ - unsigned int GetMaxWaitObjectCount() const { return 0; } - void GetWaitObjects(WaitObjectContainer &container, const CallStack &callStack); - -private: - lword m_maxBytesPerSecond; - - typedef std::deque > OpQueue; - OpQueue m_ops; - - Timer m_timer; - double m_nextTransceiveTime; - - void ComputeNextTransceiveTime(); - double GetCurTimeAndCleanUp(); -}; - -/// a Source class that can pump from a device for a specified amount of time. -class CRYPTOPP_NO_VTABLE NonblockingSource : public AutoSignaling, public LimitedBandwidth -{ -public: - NonblockingSource(BufferedTransformation *attachment) - : m_messageEndSent(false) , m_doPumpBlocked(false), m_blockedBySpeedLimit(false) {Detach(attachment);} - - /// \name NONBLOCKING SOURCE - //@{ - - /// pump up to maxSize bytes using at most maxTime milliseconds - /*! If checkDelimiter is true, pump up to delimiter, which itself is not extracted or pumped. */ - size_t GeneralPump2(lword &byteCount, bool blockingOutput=true, unsigned long maxTime=INFINITE_TIME, bool checkDelimiter=false, byte delimiter='\n'); - - lword GeneralPump(lword maxSize=LWORD_MAX, unsigned long maxTime=INFINITE_TIME, bool checkDelimiter=false, byte delimiter='\n') - { - GeneralPump2(maxSize, true, maxTime, checkDelimiter, delimiter); - return maxSize; - } - lword TimedPump(unsigned long maxTime) - {return GeneralPump(LWORD_MAX, maxTime);} - lword PumpLine(byte delimiter='\n', lword maxSize=1024) - {return GeneralPump(maxSize, INFINITE_TIME, true, delimiter);} - - size_t Pump2(lword &byteCount, bool blocking=true) - {return GeneralPump2(byteCount, blocking, blocking ? INFINITE_TIME : 0);} - size_t PumpMessages2(unsigned int &messageCount, bool blocking=true); - //@} - -protected: - virtual size_t DoPump(lword &byteCount, bool blockingOutput, - unsigned long maxTime, bool checkDelimiter, byte delimiter) =0; - - bool BlockedBySpeedLimit() const { return m_blockedBySpeedLimit; } - -private: - bool m_messageEndSent, m_doPumpBlocked, m_blockedBySpeedLimit; -}; - -/// Network Receiver -class CRYPTOPP_NO_VTABLE NetworkReceiver : public Waitable -{ -public: - virtual bool MustWaitToReceive() {return false;} - virtual bool MustWaitForResult() {return false;} - /// receive data from network source, returns whether result is immediately available - virtual bool Receive(byte* buf, size_t bufLen) =0; - virtual unsigned int GetReceiveResult() =0; - virtual bool EofReceived() const =0; -}; - -class CRYPTOPP_NO_VTABLE NonblockingSinkInfo -{ -public: - virtual ~NonblockingSinkInfo() {} - virtual size_t GetMaxBufferSize() const =0; - virtual size_t GetCurrentBufferSize() const =0; - virtual bool EofPending() const =0; - /// compute the current speed of this sink in bytes per second - virtual float ComputeCurrentSpeed() =0; - /// get the maximum observed speed of this sink in bytes per second - virtual float GetMaxObservedSpeed() const =0; -}; - -/// a Sink class that queues input and can flush to a device for a specified amount of time. -class CRYPTOPP_NO_VTABLE NonblockingSink : public Sink, public NonblockingSinkInfo, public LimitedBandwidth -{ -public: - NonblockingSink() : m_blockedBySpeedLimit(false) {} - - bool IsolatedFlush(bool hardFlush, bool blocking); - - /// flush to device for no more than maxTime milliseconds - /*! This function will repeatedly attempt to flush data to some device, until - the queue is empty, or a total of maxTime milliseconds have elapsed. - If maxTime == 0, at least one attempt will be made to flush some data, but - it is likely that not all queued data will be flushed, even if the device - is ready to receive more data without waiting. If you want to flush as much data - as possible without waiting for the device, call this function in a loop. - For example: while (sink.TimedFlush(0) > 0) {} - \return number of bytes flushed - */ - lword TimedFlush(unsigned long maxTime, size_t targetSize = 0); - - virtual void SetMaxBufferSize(size_t maxBufferSize) =0; - /// set a bound which will cause sink to flush if exceeded by GetCurrentBufferSize() - virtual void SetAutoFlushBound(size_t bound) =0; - -protected: - virtual lword DoFlush(unsigned long maxTime, size_t targetSize) = 0; - - bool BlockedBySpeedLimit() const { return m_blockedBySpeedLimit; } - -private: - bool m_blockedBySpeedLimit; -}; - -/// Network Sender -class CRYPTOPP_NO_VTABLE NetworkSender : public Waitable -{ -public: - virtual bool MustWaitToSend() {return false;} - virtual bool MustWaitForResult() {return false;} - virtual void Send(const byte* buf, size_t bufLen) =0; - virtual unsigned int GetSendResult() =0; - virtual bool MustWaitForEof() {return false;} - virtual void SendEof() =0; - virtual bool EofSent() {return false;} // implement if MustWaitForEof() == true -}; - -/// Network Source -class CRYPTOPP_NO_VTABLE NetworkSource : public NonblockingSource -{ -public: - NetworkSource(BufferedTransformation *attachment); - - unsigned int GetMaxWaitObjectCount() const; - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - - bool SourceExhausted() const {return m_dataBegin == m_dataEnd && GetReceiver().EofReceived();} - -protected: - size_t DoPump(lword &byteCount, bool blockingOutput, unsigned long maxTime, bool checkDelimiter, byte delimiter); - - virtual NetworkReceiver & AccessReceiver() =0; - const NetworkReceiver & GetReceiver() const {return const_cast(this)->AccessReceiver();} - -private: - SecByteBlock m_buf; - size_t m_putSize, m_dataBegin, m_dataEnd; - bool m_waitingForResult, m_outputBlocked; -}; - -/// Network Sink -class CRYPTOPP_NO_VTABLE NetworkSink : public NonblockingSink -{ -public: - NetworkSink(unsigned int maxBufferSize, unsigned int autoFlushBound); - - unsigned int GetMaxWaitObjectCount() const; - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); - - void SetMaxBufferSize(size_t maxBufferSize) {m_maxBufferSize = maxBufferSize; m_buffer.SetNodeSize(UnsignedMin(maxBufferSize, 16U*1024U+256U));} - void SetAutoFlushBound(size_t bound) {m_autoFlushBound = bound;} - - size_t GetMaxBufferSize() const {return m_maxBufferSize;} - size_t GetCurrentBufferSize() const {return (size_t)m_buffer.CurrentSize();} - - void ClearBuffer() { m_buffer.Clear(); } - - bool EofPending() const { return m_eofState > EOF_NONE && m_eofState < EOF_DONE; } - - /// compute the current speed of this sink in bytes per second - float ComputeCurrentSpeed(); - /// get the maximum observed speed of this sink in bytes per second - float GetMaxObservedSpeed() const; - -protected: - lword DoFlush(unsigned long maxTime, size_t targetSize); - - virtual NetworkSender & AccessSender() =0; - const NetworkSender & GetSender() const {return const_cast(this)->AccessSender();} - -private: - enum EofState { EOF_NONE, EOF_PENDING_SEND, EOF_PENDING_DELIVERY, EOF_DONE }; - - size_t m_maxBufferSize, m_autoFlushBound; - bool m_needSendResult, m_wasBlocked; - EofState m_eofState; - ByteQueue m_buffer; - size_t m_skipBytes; - Timer m_speedTimer; - float m_byteCountSinceLastTimerReset, m_currentSpeed, m_maxObservedSpeed; -}; - -NAMESPACE_END - -#endif // SOCKETS_AVAILABLE - -#endif // CRYPTOPP_NETWORK_H diff --git a/vendor/cryptopp/vendor_cryptopp/oids.h b/vendor/cryptopp/vendor_cryptopp/oids.h index 09d689aa..e21fe786 100644 --- a/vendor/cryptopp/vendor_cryptopp/oids.h +++ b/vendor/cryptopp/vendor_cryptopp/oids.h @@ -83,6 +83,12 @@ DEFINE_OID(1, iso) DEFINE_OID(teletrust_ellipticCurve()+1+9, brainpoolP320r1) DEFINE_OID(teletrust_ellipticCurve()+1+11, brainpoolP384r1) DEFINE_OID(teletrust_ellipticCurve()+1+13, brainpoolP512r1) + // https://tools.ietf.org/html/draft-ietf-curdle-pkix-07 + DEFINE_OID(identified_organization()+101, thawte) + DEFINE_OID(thawte()+110, X25519) + DEFINE_OID(thawte()+111, X448) + DEFINE_OID(thawte()+112, Ed25519) + DEFINE_OID(thawte()+113, Ed448) DEFINE_OID(identified_organization()+132, certicom) DEFINE_OID(certicom()+0, certicom_ellipticCurve) // these are sorted by curve type and then by OID diff --git a/vendor/cryptopp/vendor_cryptopp/osrng.h b/vendor/cryptopp/vendor_cryptopp/osrng.h index 0dbca3ff..f80c5748 100644 --- a/vendor/cryptopp/vendor_cryptopp/osrng.h +++ b/vendor/cryptopp/vendor_cryptopp/osrng.h @@ -221,6 +221,8 @@ public: void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length) {m_rng->GenerateIntoBufferedTransformation(target, channel, length);} + std::string AlgorithmProvider() const; + private: member_ptr m_rng; }; @@ -253,6 +255,14 @@ void AutoSeededX917RNG::Reseed(bool blocking, const byte *input, s Reseed(key, BLOCK_CIPHER::DEFAULT_KEYLENGTH, seed, NULLPTR); } +template +std::string AutoSeededX917RNG::AlgorithmProvider() const +{ + // Hack for now... We need to instantiate one + typename BLOCK_CIPHER::Encryption bc; + return bc.AlgorithmProvider(); +} + CRYPTOPP_DLL_TEMPLATE_CLASS AutoSeededX917RNG; #if defined(CRYPTOPP_DOXYGEN_PROCESSING) diff --git a/vendor/cryptopp/vendor_cryptopp/padlkrng.cpp b/vendor/cryptopp/vendor_cryptopp/padlkrng.cpp index e65b900d..0a3620e4 100644 --- a/vendor/cryptopp/vendor_cryptopp/padlkrng.cpp +++ b/vendor/cryptopp/vendor_cryptopp/padlkrng.cpp @@ -17,15 +17,18 @@ NAMESPACE_BEGIN(CryptoPP) +std::string PadlockRNG::AlgorithmProvider() const +{ + return "Padlock"; +} + PadlockRNG::PadlockRNG(word32 divisor) -: m_divisor(DivisorHelper(divisor)), m_msr(0) + : m_divisor(DivisorHelper(divisor)), m_msr(0) { #if defined(CRYPTOPP_X86_ASM_AVAILABLE) if (!HasPadlockRNG()) - throw PadlockRNG_Err("PadlockRNG", "PadlockRNG generator not available"); -#else - throw PadlockRNG_Err("PadlockRNG", "PadlockRNG generator not available"); #endif + throw PadlockRNG_Err("PadlockRNG", "PadlockRNG generator not available"); } void PadlockRNG::GenerateBlock(byte *output, size_t size) @@ -49,7 +52,7 @@ void PadlockRNG::GenerateBlock(byte *output, size_t size) : "=g" (m_msr) : "g" (m_buffer.data()), "g" (m_divisor) #if (CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) - : "eax", "edx", "rdi", "cc" + : "rax", "rdx", "rdi", "cc" #else : "eax", "edx", "edi", "cc" #endif diff --git a/vendor/cryptopp/vendor_cryptopp/padlkrng.h b/vendor/cryptopp/vendor_cryptopp/padlkrng.h index 10cd602a..7116dd3a 100644 --- a/vendor/cryptopp/vendor_cryptopp/padlkrng.h +++ b/vendor/cryptopp/vendor_cryptopp/padlkrng.h @@ -96,6 +96,8 @@ public: CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(length); } + std::string AlgorithmProvider() const; + /// \brief Set the XSTORE divisor /// \param divisor the XSTORE divisor /// \returns the old XSTORE divisor diff --git a/vendor/cryptopp/vendor_cryptopp/panama.cpp b/vendor/cryptopp/vendor_cryptopp/panama.cpp index 8bca02a0..b6d6a0b6 100644 --- a/vendor/cryptopp/vendor_cryptopp/panama.cpp +++ b/vendor/cryptopp/vendor_cryptopp/panama.cpp @@ -17,6 +17,21 @@ NAMESPACE_BEGIN(CryptoPP) # pragma warning(disable: 4731) #endif +template +std::string Panama::AlgorithmProvider() const +{ +#ifndef CRYPTOPP_DISABLE_PANAMA_ASM +# if CRYPTOPP_SSSE3_ASM_AVAILABLE + if(HasSSSE3()) + return "SSSE3"; +# elif CRYPTOPP_SSE2_ASM_AVAILABLE + if(HasSSE2()) + return "SSE2"; +# endif +#endif + return "C++"; +} + template void Panama::Reset() { @@ -57,9 +72,7 @@ void CRYPTOPP_NOINLINE Panama_SSE2_Pull(size_t count, word32 *state, word32 *z, #endif #endif // #ifdef CRYPTOPP_GENERATE_X64_MASM -#if CRYPTOPP_BOOL_X32 - #define REG_loopEnd r8d -#elif CRYPTOPP_BOOL_X86 +#if CRYPTOPP_BOOL_X86 #define REG_loopEnd [esp] #elif defined(CRYPTOPP_GENERATE_X64_MASM) #define REG_loopEnd rdi @@ -76,8 +89,7 @@ void CRYPTOPP_NOINLINE Panama_SSE2_Pull(size_t count, word32 *state, word32 *z, AS2( mov REG_loopEnd, AS_REG_1) #else AS_PUSH_IF86( bp) - // AS1( push AS_REG_1) // AS_REG_1 is defined as ecx uner X86 and X32 (see cpu.h) - AS_PUSH_IF86( cx) + AS1( push AS_REG_1) #endif AS2( movdqa xmm0, XMMWORD_PTR [AS_REG_2+0*16]) @@ -286,10 +298,7 @@ void CRYPTOPP_NOINLINE Panama_SSE2_Pull(size_t count, word32 *state, word32 *z, AS2( movdqa XMMWORD_PTR [AS_REG_2+1*16], xmm1) AS2( movdqa XMMWORD_PTR [AS_REG_2+0*16], xmm0) - #if CRYPTOPP_BOOL_X32 - AS2( add esp, 8) - AS_POP_IF86( bp) - #elif CRYPTOPP_BOOL_X86 + #if CRYPTOPP_BOOL_X86 AS2( add esp, 4) AS_POP_IF86( bp) #endif @@ -319,14 +328,13 @@ void CRYPTOPP_NOINLINE Panama_SSE2_Pull(size_t count, word32 *state, word32 *z, #else } #endif -#endif // #ifdef CRYPTOPP_SSE2_ASM_AVAILABLE +#endif // CRYPTOPP_SSE2_ASM_AVAILABLE #ifndef CRYPTOPP_GENERATE_X64_MASM template void Panama::Iterate(size_t count, const word32 *p, byte *output, const byte *input, KeystreamOperation operation) { - CRYPTOPP_ASSERT(IsAlignedOn(m_state,GetAlignmentOf())); word32 bstart = m_state[17]; word32 *const aPtr = m_state; word32 cPtr[17]; @@ -334,8 +342,8 @@ void Panama::Iterate(size_t count, const word32 *p, byte *output, const byte #define bPtr ((byte *)(aPtr+20)) // reorder the state for SSE2 -// a and c: 4 8 12 16 | 3 7 11 15 | 2 6 10 14 | 1 5 9 13 | 0 -// xmm0 xmm1 xmm2 xmm3 eax +// a and c: 4 8 12 16 | 3 7 11 15 | 2 6 10 14 | 1 5 9 13 | 0 | +// xmm0 xmm1 xmm2 xmm3 eax #define a(i) aPtr[((i)*13+16) % 17] // 13 is inverse of 4 mod 17 #define c(i) cPtr[((i)*13+16) % 17] // b: 0 4 | 1 5 | 2 6 | 3 7 @@ -420,7 +428,7 @@ void Panama::Iterate(size_t count, const word32 *p, byte *output, const byte m_state[17] = bstart; } -namespace Weak { +NAMESPACE_BEGIN(Weak) template size_t PanamaHash::HashMultipleBlocks(const word32 *input, size_t length) { @@ -435,18 +443,17 @@ void PanamaHash::TruncatedFinal(byte *hash, size_t size) this->PadLastBlock(this->BLOCKSIZE, 0x01); - HashEndianCorrectedBlock(this->m_data); + this->HashEndianCorrectedBlock(this->m_data); this->Iterate(32); // pull - FixedSizeSecBlock buf; - this->Iterate(1, NULLPTR, buf.BytePtr(), NULLPTR); + this->Iterate(1, NULLPTR, m_buf.BytePtr(), NULLPTR); - memcpy(hash, buf, size); + memcpy(hash, m_buf, size); this->Restart(); // reinit for next use } -} +NAMESPACE_END template void PanamaCipherPolicy::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) @@ -459,22 +466,20 @@ void PanamaCipherPolicy::CipherSetKey(const NameValuePairs ¶ms, const byt template void PanamaCipherPolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) { - CRYPTOPP_UNUSED(keystreamBuffer); CRYPTOPP_UNUSED(iv); CRYPTOPP_UNUSED(length); - CRYPTOPP_ASSERT(IsAlignedOn(iv,GetAlignmentOf())); - CRYPTOPP_ASSERT(length==32); + CRYPTOPP_UNUSED(keystreamBuffer); CRYPTOPP_UNUSED(iv); + CRYPTOPP_UNUSED(length); CRYPTOPP_ASSERT(length==32); this->Reset(); this->Iterate(1, m_key); if (iv && IsAligned(iv)) - this->Iterate(1, (const word32 *)(void *)iv); + this->Iterate(1, reinterpret_cast(iv)); else { - FixedSizeSecBlock buf; if (iv) - memcpy(buf, iv, 32); + memcpy(m_buf, iv, 32); else - memset(buf, 0, 32); - this->Iterate(1, buf); + memset(m_buf, 0, 32); + this->Iterate(1, m_buf); } #if (CRYPTOPP_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)) && !defined(CRYPTOPP_DISABLE_PANAMA_ASM) @@ -485,6 +490,12 @@ void PanamaCipherPolicy::CipherResynchronize(byte *keystreamBuffer, const byt this->Iterate(32); } +template +std::string PanamaCipherPolicy::AlgorithmProvider() const +{ + return Panama::AlgorithmProvider(); +} + template unsigned int PanamaCipherPolicy::GetAlignment() const { @@ -501,7 +512,8 @@ void PanamaCipherPolicy::OperateKeystream(KeystreamOperation operation, byte { #if (CRYPTOPP_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)) && !defined(CRYPTOPP_DISABLE_PANAMA_ASM) if (B::ToEnum() == LITTLE_ENDIAN_ORDER && HasSSE2()) - Panama_SSE2_Pull(iterationCount, this->m_state, (word32 *)(void *)output, (const word32 *)(void *)input); + Panama_SSE2_Pull(iterationCount, this->m_state, + reinterpret_cast(output), reinterpret_cast(input)); else #endif this->Iterate(iterationCount, NULLPTR, output, input, operation); diff --git a/vendor/cryptopp/vendor_cryptopp/panama.h b/vendor/cryptopp/vendor_cryptopp/panama.h index 71953a4a..69262606 100644 --- a/vendor/cryptopp/vendor_cryptopp/panama.h +++ b/vendor/cryptopp/vendor_cryptopp/panama.h @@ -11,9 +11,12 @@ #include "secblock.h" // Clang 3.3 integrated assembler crash on Linux. Clang 3.4 due to compiler error with .intel_syntax -#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_INTEL_ASM) -# define CRYPTOPP_DISABLE_PANAMA_ASM -#endif +//#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_MIXED_ASM) +//# define CRYPTOPP_DISABLE_PANAMA_ASM +//#endif + +// https://github.com/weidai11/cryptopp/issues/758 +#define CRYPTOPP_DISABLE_PANAMA_ASM 1 NAMESPACE_BEGIN(CryptoPP) @@ -22,6 +25,8 @@ template class CRYPTOPP_NO_VTABLE Panama { public: + virtual ~Panama() {} + std::string AlgorithmProvider() const; void Reset(); void Iterate(size_t count, const word32 *p=NULLPTR, byte *output=NULLPTR, const byte *input=NULLPTR, KeystreamOperation operation=WRITE_KEYSTREAM); @@ -40,6 +45,7 @@ class PanamaHash : protected Panama, public AlgorithmImpl::Reset();} unsigned int DigestSize() const {return DIGESTSIZE;} void TruncatedFinal(byte *hash, size_t size); @@ -50,6 +56,8 @@ protected: void HashEndianCorrectedBlock(const word32 *data) {this->Iterate(1, data);} // push size_t HashMultipleBlocks(const word32 *input, size_t length); word32* StateBuf() {return NULLPTR;} + + FixedSizeSecBlock m_buf; }; } @@ -134,6 +142,8 @@ class PanamaCipherPolicy : public AdditiveCipherConcretePolicy, protected Panama { protected: + virtual ~PanamaCipherPolicy() {} + std::string AlgorithmProvider() const; void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); bool CipherIsRandomAccess() const {return false;} @@ -141,6 +151,7 @@ protected: unsigned int GetAlignment() const; FixedSizeSecBlock m_key; + FixedSizeSecBlock m_buf; }; /// \brief Panama stream cipher diff --git a/vendor/cryptopp/vendor_cryptopp/poly1305.cpp b/vendor/cryptopp/vendor_cryptopp/poly1305.cpp index e23eef71..9836dcdd 100644 --- a/vendor/cryptopp/vendor_cryptopp/poly1305.cpp +++ b/vendor/cryptopp/vendor_cryptopp/poly1305.cpp @@ -11,6 +11,12 @@ NAMESPACE_BEGIN(CryptoPP) #define CONSTANT_TIME_CARRY(a,b) ((a ^ ((a ^ b) | ((a - b) ^ b))) >> (sizeof(a) * 8 - 1)) +template +std::string Poly1305_Base::AlgorithmProvider() const +{ + return m_cipher.AlgorithmProvider(); +} + template void Poly1305_Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) { diff --git a/vendor/cryptopp/vendor_cryptopp/poly1305.h b/vendor/cryptopp/vendor_cryptopp/poly1305.h index a8d2219a..f7b23aad 100644 --- a/vendor/cryptopp/vendor_cryptopp/poly1305.h +++ b/vendor/cryptopp/vendor_cryptopp/poly1305.h @@ -80,6 +80,8 @@ public: unsigned int BlockSize() const {return BLOCKSIZE;} unsigned int DigestSize() const {return DIGESTSIZE;} + std::string AlgorithmProvider() const; + protected: void HashBlocks(const byte *input, size_t length, word32 padbit); void HashFinal(byte *mac, size_t length); diff --git a/vendor/cryptopp/vendor_cryptopp/ppc-simd.cpp b/vendor/cryptopp/vendor_cryptopp/ppc-simd.cpp deleted file mode 100644 index 7b3158e8..00000000 --- a/vendor/cryptopp/vendor_cryptopp/ppc-simd.cpp +++ /dev/null @@ -1,314 +0,0 @@ -// ppc-simd.cpp - written and placed in the public domain by -// Jeffrey Walton, Uri Blumenthal and Marcel Raad. -// -// This source file uses intrinsics to gain access to AltiVec, -// Power8 and in-core crypto instructions. A separate source file -// is needed because additional CXXFLAGS are required to enable the -// appropriate instructions sets in some build configurations. - -// TODO: we still need to implement Power8 SHA. Once we have Power8 SHA, -// we should be able to use CRYPTOPP_POWER8_AES_AVAILABLE and -// CRYPTOPP_POWER8_SHA_AVAILABLE instead of the broader -// CRYPTOPP_POWER8_AVAILABLE. The change will need to be coordinated -// with the defines in config.h. - -// TODO: Bob Wilkinson reported we are misdetecting CRYPTOPP_POWER8_AVAILABLE. -// The problem is, the updated compiler supports them but the down-level -// assembler and linker do not. We will probably need to fix it through -// the makefile, similar to the way x86 AES and SHA are handled. For the time -// being CRYPTOPP_DISABLE_POWER8 will have to be applied manually. Another -// twist is, we don't have access to a test machine and it must be fixed -// for two compilers (IBM XL C/C++ and GCC). Ugh... - -#include "pch.h" -#include "config.h" -#include "stdcpp.h" - -#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) -# include "ppc-simd.h" -#endif - -#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY -# include -# include -#endif - -#ifndef EXCEPTION_EXECUTE_HANDLER -# define EXCEPTION_EXECUTE_HANDLER 1 -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY -extern "C" { - typedef void (*SigHandler)(int); - - static jmp_buf s_jmpSIGILL; - static void SigIllHandler(int) - { - longjmp(s_jmpSIGILL, 1); - } -} -#endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY - -#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) -bool CPU_ProbeAltivec() -{ -#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) - return false; -#elif (CRYPTOPP_ALTIVEC_AVAILABLE) -# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY) - - // longjmp and clobber warnings. Volatile is required. - // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 - volatile int result = true; - - volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); - if (oldHandler == SIG_ERR) - return false; - - volatile sigset_t oldMask; - if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) - return false; - - if (setjmp(s_jmpSIGILL)) - result = false; - else - { - const byte b1[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; - const byte b2[16] = {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}; - byte b3[16]; - - const uint8x16_p v1 = (uint8x16_p)VectorLoad(0, b1); - const uint8x16_p v2 = (uint8x16_p)VectorLoad(0, b2); - const uint8x16_p v3 = (uint8x16_p)VectorXor(v1, v2); - VectorStore(v3, b3); - - result = (0 == std::memcmp(b2, b3, 16)); - } - - sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); - signal(SIGILL, oldHandler); - return result; -# endif -#else - return false; -#endif // CRYPTOPP_ALTIVEC_AVAILABLE -} - -bool CPU_ProbePower7() -{ -#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) - return false; -#elif (CRYPTOPP_POWER7_AVAILABLE) -# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY) - - // longjmp and clobber warnings. Volatile is required. - // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 - volatile int result = false; - - volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); - if (oldHandler == SIG_ERR) - return false; - - volatile sigset_t oldMask; - if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) - return false; - - if (setjmp(s_jmpSIGILL)) - result = false; - else - { - byte b1[19] = {255, 255, 255, 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}, b2[17]; - const uint8x16_p v1 = (uint8x16_p)VectorLoad(0, b1+3); - VectorStore(v1, b2+1); - - result = (0 == std::memcmp(b1+3, b2+1, 16)); - } - - sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); - signal(SIGILL, oldHandler); - return result; -# endif -#else - return false; -#endif // CRYPTOPP_POWER7_AVAILABLE -} - -bool CPU_ProbePower8() -{ -#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) - return false; -#elif (CRYPTOPP_POWER8_AVAILABLE) -# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY) - - // longjmp and clobber warnings. Volatile is required. - // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 - volatile int result = true; - - volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); - if (oldHandler == SIG_ERR) - return false; - - volatile sigset_t oldMask; - if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) - return false; - - if (setjmp(s_jmpSIGILL)) - result = false; - else - { - byte b1[19] = {255, 255, 255, 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}, b2[17]; - const uint8x16_p v1 = (uint8x16_p)VectorLoad(0, b1+3); - VectorStore(v1, b2+1); - - result = (0 == std::memcmp(b1+3, b2+1, 16)); - } - - sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); - signal(SIGILL, oldHandler); - return result; -# endif -#else - return false; -#endif // CRYPTOPP_POWER8_AVAILABLE -} - -bool CPU_ProbeAES() -{ -#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) - return false; -#elif (CRYPTOPP_POWER8_AVAILABLE) -# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY) - - // longjmp and clobber warnings. Volatile is required. - // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 - volatile int result = true; - - volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); - if (oldHandler == SIG_ERR) - return false; - - volatile sigset_t oldMask; - if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) - return false; - - if (setjmp(s_jmpSIGILL)) - result = false; - else - { - byte key[16] = {0xA0, 0xFA, 0xFE, 0x17, 0x88, 0x54, 0x2c, 0xb1, - 0x23, 0xa3, 0x39, 0x39, 0x2a, 0x6c, 0x76, 0x05}; - byte state[16] = {0x19, 0x3d, 0xe3, 0xb3, 0xa0, 0xf4, 0xe2, 0x2b, - 0x9a, 0xc6, 0x8d, 0x2a, 0xe9, 0xf8, 0x48, 0x08}; - byte r[16] = {255}, z[16] = {}; - - uint8x16_p k = (uint8x16_p)VectorLoad(0, key); - uint8x16_p s = (uint8x16_p)VectorLoad(0, state); - s = VectorEncrypt(s, k); - s = VectorEncryptLast(s, k); - s = VectorDecrypt(s, k); - s = VectorDecryptLast(s, k); - VectorStore(s, r); - - result = (0 != std::memcmp(r, z, 16)); - } - - sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); - signal(SIGILL, oldHandler); - return result; -# endif -#else - return false; -#endif // CRYPTOPP_ALTIVEC_AVAILABLE -} - -bool CPU_ProbeSHA256() -{ -#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) - return false; -#elif (CRYPTOPP_POWER8_AVAILABLE) -# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY) - - // longjmp and clobber warnings. Volatile is required. - // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 - volatile int result = false; - - volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); - if (oldHandler == SIG_ERR) - return false; - - volatile sigset_t oldMask; - if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) - return false; - - if (setjmp(s_jmpSIGILL)) - result = false; - else - { - byte r[16], z[16] = {0}; - uint8x16_p x = ((uint8x16_p){0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}); - - x = VectorSHA256<0,0>(x); - x = VectorSHA256<0,1>(x); - x = VectorSHA256<1,0>(x); - x = VectorSHA256<1,1>(x); - VectorStore(x, r); - - result = (0 == std::memcmp(r, z, 16)); - } - - sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); - signal(SIGILL, oldHandler); - return result; -# endif -#else - return false; -#endif // CRYPTOPP_ALTIVEC_AVAILABLE -} - -bool CPU_ProbeSHA512() -{ -#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) - return false; -#elif (CRYPTOPP_POWER8_AVAILABLE) -# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY) - - // longjmp and clobber warnings. Volatile is required. - // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 - volatile int result = false; - - volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); - if (oldHandler == SIG_ERR) - return false; - - volatile sigset_t oldMask; - if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) - return false; - - if (setjmp(s_jmpSIGILL)) - result = false; - else - { - byte r[16], z[16] = {0}; - uint8x16_p x = ((uint8x16_p){0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}); - - x = VectorSHA512<0,0>(x); - x = VectorSHA512<0,1>(x); - x = VectorSHA512<1,0>(x); - x = VectorSHA512<1,1>(x); - VectorStore(x, r); - - result = (0 == std::memcmp(r, z, 16)); - } - - sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); - signal(SIGILL, oldHandler); - return result; -# endif -#else - return false; -#endif // CRYPTOPP_POWER8_AVAILABLE -} -# endif // CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64 -NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/ppc-simd.h b/vendor/cryptopp/vendor_cryptopp/ppc-simd.h deleted file mode 100644 index ddfa24ce..00000000 --- a/vendor/cryptopp/vendor_cryptopp/ppc-simd.h +++ /dev/null @@ -1,553 +0,0 @@ -// ppc-simd.h - written and placed in public domain by Jeffrey Walton - -/// \file ppc-simd.h -/// \brief Support functions for PowerPC and vector operations -/// \details This header provides an agnostic interface into GCC and -/// IBM XL C/C++ compilers modulo their different built-in functions -/// for accessing vector intructions. -/// \details The abstractions are necesssary to support back to GCC 4.8. -/// GCC 4.8 and 4.9 are still popular, and they are the default -/// compiler for GCC112, GCC118 and others on the compile farm. Older -/// IBM XL C/C++ compilers also experience it due to lack of -/// vec_xl_be support on some platforms. Modern compilers -/// provide best support and don't need many of the little hacks below. -/// \since Crypto++ 6.0 - -#ifndef CRYPTOPP_PPC_CRYPTO_H -#define CRYPTOPP_PPC_CRYPTO_H - -#include "config.h" -#include "misc.h" - -#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING) -# include -# undef vector -# undef pixel -# undef bool -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING) - -typedef __vector unsigned char uint8x16_p; -typedef __vector unsigned short uint16x8_p; -typedef __vector unsigned int uint32x4_p; - -#if defined(CRYPTOPP_POWER8_AVAILABLE) -typedef __vector unsigned long long uint64x2_p; -#endif - -#endif // CRYPTOPP_ALTIVEC_AVAILABLE - -#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) && !defined(CRYPTOPP_POWER7_AVAILABLE) - -inline uint32x4_p VectorLoad(const byte src[16]) -{ - uint8x16_p data; - if (IsAlignedOn(src, 16)) - { - data = vec_ld(0, src); - } - else - { - // http://www.nxp.com/docs/en/reference-manual/ALTIVECPEM.pdf - const uint8x16_p perm = vec_lvsl(0, src); - const uint8x16_p low = vec_ld(0, src); - const uint8x16_p high = vec_ld(15, src); - data = vec_perm(low, high, perm); - } - -#if defined(CRYPTOPP_BIG_ENDIAN) - return (uint32x4_p)data; -#else - const uint8x16_p mask = {15,14,13,12, 11,10,9,8, 7,6,5,4, 3,2,1,0}; - return (uint32x4_p)vec_perm(data, data, mask); -#endif -} - -inline void VectorStore(const uint32x4_p data, byte dest[16]) -{ -#if defined(CRYPTOPP_LITTLE_ENDIAN) - const uint8x16_p mask = {15,14,13,12, 11,10,9,8, 7,6,5,4, 3,2,1,0}; - const uint8x16_p t1 = (uint8x16_p)vec_perm(data, data, mask); -#else - const uint8x16_p t1 = (uint8x16_p)data; -#endif - - if (IsAlignedOn(dest, 16)) - { - vec_st(t1, 0, dest); - } - else - { - // http://www.nxp.com/docs/en/reference-manual/ALTIVECPEM.pdf - const uint8x16_p t2 = vec_perm(t1, t1, vec_lvsr(0, dest)); - vec_ste((uint8x16_p) t2, 0, (unsigned char*) dest); - vec_ste((uint16x8_p) t2, 1, (unsigned short*)dest); - vec_ste((uint32x4_p) t2, 3, (unsigned int*) dest); - vec_ste((uint32x4_p) t2, 4, (unsigned int*) dest); - vec_ste((uint32x4_p) t2, 8, (unsigned int*) dest); - vec_ste((uint32x4_p) t2, 12, (unsigned int*) dest); - vec_ste((uint16x8_p) t2, 14, (unsigned short*)dest); - vec_ste((uint8x16_p) t2, 15, (unsigned char*) dest); - } -} - -inline uint32x4_p VectorXor(const uint32x4_p vec1, const uint32x4_p vec2) -{ - return vec_xor(vec1, vec2); -} - -inline uint32x4_p VectorAdd(const uint32x4_p vec1, const uint32x4_p vec2) -{ - return vec_add(vec1, vec2); -} - -#endif - -#if defined(CRYPTOPP_POWER7_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING) - -/// \brief Reverse a 16-byte array -/// \param src the byte array -/// \details ReverseByteArrayLE reverses a 16-byte array on a little endian -/// system. It does nothing on a big endian system. -/// \since Crypto++ 6.0 -inline void ReverseByteArrayLE(byte src[16]) -{ -#if defined(CRYPTOPP_XLC_VERSION) && defined(CRYPTOPP_LITTLE_ENDIAN) - vec_st(vec_reve(vec_ld(0, src)), 0, src); -#elif defined(CRYPTOPP_LITTLE_ENDIAN) - const uint8x16_p mask = {15,14,13,12, 11,10,9,8, 7,6,5,4, 3,2,1,0}; - const uint8x16_p zero = {0}; - vec_vsx_st(vec_perm(vec_vsx_ld(0, src), zero, mask), 0, src); -#endif -} - -/// \brief Reverse a vector -/// \tparam T vector type -/// \param src the vector -/// \details Reverse() endian swaps the bytes in a vector -/// \sa Reverse(), VectorLoadBE(), VectorLoad(), VectorLoadKey() -/// \since Crypto++ 6.0 -template -inline T Reverse(const T& src) -{ - const uint8x16_p mask = {15,14,13,12, 11,10,9,8, 7,6,5,4, 3,2,1,0}; - return vec_perm(src, src, mask); -} - -/// \brief Loads a vector from a byte array -/// \param src the byte array -/// \details Loads a vector in big endian format from a byte array. -/// VectorLoadBE will swap endianess on little endian systems. -/// \note VectorLoadBE() does not require an aligned array. -/// \sa Reverse(), VectorLoadBE(), VectorLoad(), VectorLoadKey() -/// \since Crypto++ 6.0 -inline uint32x4_p VectorLoadBE(const uint8_t src[16]) -{ -#if defined(CRYPTOPP_XLC_VERSION) - return (uint32x4_p)vec_xl_be(0, src); -#else -# if defined(CRYPTOPP_LITTLE_ENDIAN) - return (uint32x4_p)Reverse(vec_vsx_ld(0, src)); -# else - return (uint32x4_p)vec_vsx_ld(0, src); -# endif -#endif -} - -/// \brief Loads a vector from a byte array -/// \param src the byte array -/// \param off offset into the src byte array -/// \details Loads a vector in big endian format from a byte array. -/// VectorLoadBE will swap endianess on little endian systems. -/// \note VectorLoadBE does not require an aligned array. -/// \sa Reverse(), VectorLoadBE(), VectorLoad(), VectorLoadKey() -/// \since Crypto++ 6.0 -inline uint32x4_p VectorLoadBE(int off, const uint8_t src[16]) -{ -#if defined(CRYPTOPP_XLC_VERSION) - return (uint32x4_p)vec_xl_be(off, src); -#else -# if defined(CRYPTOPP_LITTLE_ENDIAN) - return (uint32x4_p)Reverse(vec_vsx_ld(off, src)); -# else - return (uint32x4_p)vec_vsx_ld(off, src); -# endif -#endif -} - -/// \brief Loads a vector from a byte array -/// \param src the byte array -/// \details Loads a vector in big endian format from a byte array. -/// VectorLoad will swap endianess on little endian systems. -/// \note VectorLoad does not require an aligned array. -/// \sa Reverse(), VectorLoadBE(), VectorLoad(), VectorLoadKey() -/// \since Crypto++ 6.0 -inline uint32x4_p VectorLoad(const byte src[16]) -{ - return (uint32x4_p)VectorLoadBE(src); -} - -/// \brief Loads a vector from a byte array -/// \param src the byte array -/// \param off offset into the src byte array -/// \details Loads a vector in big endian format from a byte array. -/// VectorLoad will swap endianess on little endian systems. -/// \note VectorLoad does not require an aligned array. -/// \sa Reverse(), VectorLoadBE(), VectorLoad(), VectorLoadKey() -/// \since Crypto++ 6.0 -inline uint32x4_p VectorLoad(int off, const byte src[16]) -{ - return (uint32x4_p)VectorLoadBE(off, src); -} - -/// \brief Loads a vector from a byte array -/// \param src the byte array -/// \details Loads a vector from a byte array. -/// VectorLoadKey does not swap endianess on little endian systems. -/// \note VectorLoadKey does not require an aligned array. -/// \sa Reverse(), VectorLoadBE(), VectorLoad(), VectorLoadKey() -/// \since Crypto++ 6.0 -inline uint32x4_p VectorLoadKey(const byte src[16]) -{ -#if defined(CRYPTOPP_XLC_VERSION) - return (uint32x4_p)vec_xl(0, src); -#else - return (uint32x4_p)vec_vsx_ld(0, src); -#endif -} - -/// \brief Loads a vector from a 32-bit word array -/// \param src the 32-bit word array -/// \details Loads a vector from a 32-bit word array. -/// VectorLoadKey does not swap endianess on little endian systems. -/// \note VectorLoadKey does not require an aligned array. -/// \sa Reverse(), VectorLoadBE(), VectorLoad(), VectorLoadKey() -/// \since Crypto++ 6.0 -inline uint32x4_p VectorLoadKey(const word32 src[4]) -{ -#if defined(CRYPTOPP_XLC_VERSION) - return (uint32x4_p)vec_xl(0, src); -#else - return (uint32x4_p)vec_vsx_ld(0, src); -#endif -} - -/// \brief Loads a vector from a byte array -/// \param src the byte array -/// \param off offset into the src byte array -/// \details Loads a vector from a byte array. -/// VectorLoadKey does not swap endianess on little endian systems. -/// \note VectorLoadKey does not require an aligned array. -/// \sa Reverse(), VectorLoadBE(), VectorLoad(), VectorLoadKey() -/// \since Crypto++ 6.0 -inline uint32x4_p VectorLoadKey(int off, const byte src[16]) -{ -#if defined(CRYPTOPP_XLC_VERSION) - return (uint32x4_p)vec_xl(off, src); -#else - return (uint32x4_p)vec_vsx_ld(off, src); -#endif -} - -/// \brief Stores a vector to a byte array -/// \tparam T vector type -/// \param src the vector -/// \param dest the byte array -/// \details Stores a vector in big endian format to a byte array. -/// VectorStoreBE will swap endianess on little endian systems. -/// \note VectorStoreBE does not require an aligned array. -/// \sa Reverse(), VectorLoadBE(), VectorLoad(), VectorLoadKey() -/// \since Crypto++ 6.0 -template -inline void VectorStoreBE(const T& src, uint8_t dest[16]) -{ -#if defined(CRYPTOPP_XLC_VERSION) - vec_xst_be((uint8x16_p)src, 0, dest); -#else -# if defined(CRYPTOPP_LITTLE_ENDIAN) - vec_vsx_st(Reverse((uint8x16_p)src), 0, dest); -# else - vec_vsx_st((uint8x16_p)src, 0, dest); -# endif -#endif -} -/// \brief Stores a vector to a byte array -/// \tparam T vector type -/// \param src the vector -/// \param off offset into the dest byte array -/// \param dest the byte array -/// \details Stores a vector in big endian format to a byte array. -/// VectorStoreBE will swap endianess on little endian systems. -/// \note VectorStoreBE does not require an aligned array. -/// \sa Reverse(), VectorLoadBE(), VectorLoad(), VectorLoadKey() -/// \since Crypto++ 6.0 -template -inline void VectorStoreBE(const T& src, int off, uint8_t dest[16]) -{ -#if defined(CRYPTOPP_XLC_VERSION) - vec_xst_be((uint8x16_p)src, off, dest); -#else -# if defined(CRYPTOPP_LITTLE_ENDIAN) - vec_vsx_st(Reverse((uint8x16_p)src), off, dest); -# else - vec_vsx_st((uint8x16_p)src, off, dest); -# endif -#endif -} - -/// \brief Stores a vector to a byte array -/// \tparam T vector type -/// \param src the vector -/// \param dest the byte array -/// \details Stores a vector in big endian format to a byte array. -/// VectorStore will swap endianess on little endian systems. -/// \note VectorStore does not require an aligned array. -/// \since Crypto++ 6.0 -template -inline void VectorStore(const T& src, byte dest[16]) -{ - // Do not call VectorStoreBE. It slows us down by about 0.5 cpb on LE. -#if defined(CRYPTOPP_XLC_VERSION) - vec_xst_be((uint8x16_p)src, 0, dest); -#else -# if defined(CRYPTOPP_LITTLE_ENDIAN) - vec_vsx_st(Reverse((uint8x16_p)src), 0, dest); -# else - vec_vsx_st((uint8x16_p)src, 0, dest); -# endif -#endif -} - -/// \brief Stores a vector to a byte array -/// \tparam T vector type -/// \param src the vector -/// \param off offset into the dest byte array -/// \param dest the byte array -/// \details Stores a vector in big endian format to a byte array. -/// VectorStore will swap endianess on little endian systems. -/// \note VectorStore does not require an aligned array. -/// \since Crypto++ 6.0 -template -inline void VectorStore(const T& src, int off, byte dest[16]) -{ - // Do not call VectorStoreBE. It slows us down by about 0.5 cpb on LE. -#if defined(CRYPTOPP_XLC_VERSION) - vec_xst_be((uint8x16_p)src, off, dest); -#else -# if defined(CRYPTOPP_LITTLE_ENDIAN) - vec_vsx_st(Reverse((uint8x16_p)src), off, dest); -# else - vec_vsx_st((uint8x16_p)src, off, dest); -# endif -#endif -} - -/// \brief Permutes two vectors -/// \tparam T1 vector type -/// \tparam T2 vector type -/// \param vec1 the first vector -/// \param vec2 the second vector -/// \param mask vector mask -/// \details VectorPermute returns a new vector from vec1 and vec2 -/// based on mask. mask is an uint8x16_p type vector. The return -/// vector is the same type as vec1. -/// \since Crypto++ 6.0 -template -inline T1 VectorPermute(const T1& vec1, const T1& vec2, const T2& mask) -{ - return (T1)vec_perm(vec1, vec2, (uint8x16_p)mask); -} - -/// \brief XOR two vectors -/// \tparam T1 vector type -/// \tparam T2 vector type -/// \param vec1 the first vector -/// \param vec2 the second vector -/// \details VectorXor returns a new vector from vec1 and vec2. The return -/// vector is the same type as vec1. -/// \since Crypto++ 6.0 -template -inline T1 VectorXor(const T1& vec1, const T2& vec2) -{ - return (T1)vec_xor(vec1, (T1)vec2); -} - -/// \brief Add two vector -/// \tparam T1 vector type -/// \tparam T2 vector type -/// \param vec1 the first vector -/// \param vec2 the second vector -/// \details VectorAdd returns a new vector from vec1 and vec2. -/// vec2 is cast to the same type as vec1. The return vector -/// is the same type as vec1. -/// \since Crypto++ 6.0 -template -inline T1 VectorAdd(const T1& vec1, const T2& vec2) -{ - return (T1)vec_add(vec1, (T1)vec2); -} - -/// \brief Shift two vectors left -/// \tparam C shift byte count -/// \tparam T1 vector type -/// \tparam T2 vector type -/// \param vec1 the first vector -/// \param vec2 the second vector -/// \details VectorShiftLeft() concatenates vec1 and vec2 and returns a -/// new vector after shifting the concatenation by the specified number -/// of bytes. Both vec1 and vec2 are cast to uint8x16_p. The return -/// vector is the same type as vec1. -/// \details On big endian machines VectorShiftLeft() is vec_sld(a, b, -/// c). On little endian machines VectorShiftLeft() is translated to -/// vec_sld(b, a, 16-c). You should always call the function as -/// if on a big endian machine as shown below. -///
-///    uint8x16_p r0 = {0};
-///    uint8x16_p r1 = VectorLoad(ptr);
-///    uint8x16_p r5 = VectorShiftLeft<12>(r0, r1);
-/// 
-/// \sa Is vec_sld -/// endian sensitive? on Stack Overflow -/// \since Crypto++ 6.0 -template -inline T1 VectorShiftLeft(const T1& vec1, const T2& vec2) -{ -#if defined(CRYPTOPP_LITTLE_ENDIAN) - return (T1)vec_sld((uint8x16_p)vec2, (uint8x16_p)vec1, 16-C); -#else - return (T1)vec_sld((uint8x16_p)vec1, (uint8x16_p)vec2, C); -#endif -} - -#endif // CRYPTOPP_POWER7_AVAILABLE - -#if defined(CRYPTOPP_POWER8_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING) - -/// \brief One round of AES encryption -/// \tparam T1 vector type -/// \tparam T2 vector type -/// \param state the state vector -/// \param key the subkey vector -/// \details VectorEncrypt performs one round of AES encryption of state -/// using subkey key. The return vector is the same type as vec1. -/// \since Crypto++ 6.0 -template -inline T1 VectorEncrypt(const T1& state, const T2& key) -{ -#if defined(CRYPTOPP_XLC_VERSION) - return (T1)__vcipher((uint8x16_p)state, (uint8x16_p)key); -#elif defined(CRYPTOPP_GCC_VERSION) - return (T1)__builtin_crypto_vcipher((uint64x2_p)state, (uint64x2_p)key); -#else - CRYPTOPP_ASSERT(0); -#endif -} - -/// \brief Final round of AES encryption -/// \tparam T1 vector type -/// \tparam T2 vector type -/// \param state the state vector -/// \param key the subkey vector -/// \details VectorEncryptLast performs the final round of AES encryption -/// of state using subkey key. The return vector is the same type as vec1. -/// \since Crypto++ 6.0 -template -inline T1 VectorEncryptLast(const T1& state, const T2& key) -{ -#if defined(CRYPTOPP_XLC_VERSION) - return (T1)__vcipherlast((uint8x16_p)state, (uint8x16_p)key); -#elif defined(CRYPTOPP_GCC_VERSION) - return (T1)__builtin_crypto_vcipherlast((uint64x2_p)state, (uint64x2_p)key); -#else - CRYPTOPP_ASSERT(0); -#endif -} - -/// \brief One round of AES decryption -/// \tparam T1 vector type -/// \tparam T2 vector type -/// \param state the state vector -/// \param key the subkey vector -/// \details VectorDecrypt performs one round of AES decryption of state -/// using subkey key. The return vector is the same type as vec1. -/// \since Crypto++ 6.0 -template -inline T1 VectorDecrypt(const T1& state, const T2& key) -{ -#if defined(CRYPTOPP_XLC_VERSION) - return (T1)__vncipher((uint8x16_p)state, (uint8x16_p)key); -#elif defined(CRYPTOPP_GCC_VERSION) - return (T1)__builtin_crypto_vncipher((uint64x2_p)state, (uint64x2_p)key); -#else - CRYPTOPP_ASSERT(0); -#endif -} - -/// \brief Final round of AES decryption -/// \tparam T1 vector type -/// \tparam T2 vector type -/// \param state the state vector -/// \param key the subkey vector -/// \details VectorDecryptLast performs the final round of AES decryption -/// of state using subkey key. The return vector is the same type as vec1. -/// \since Crypto++ 6.0 -template -inline T1 VectorDecryptLast(const T1& state, const T2& key) -{ -#if defined(CRYPTOPP_XLC_VERSION) - return (T1)__vncipherlast((uint8x16_p)state, (uint8x16_p)key); -#elif defined(CRYPTOPP_GCC_VERSION) - return (T1)__builtin_crypto_vncipherlast((uint64x2_p)state, (uint64x2_p)key); -#else - CRYPTOPP_ASSERT(0); -#endif -} - -/// \brief SHA256 Sigma functions -/// \tparam func function -/// \tparam subfunc sub-function -/// \tparam T vector type -/// \param vec the block to transform -/// \details VectorSHA256 selects sigma0, sigma1, Sigma0, Sigma1 based on -/// func and subfunc. The return vector is the same type as vec. -/// \since Crypto++ 6.0 -template -inline T VectorSHA256(const T& vec) -{ -#if defined(CRYPTOPP_XLC_VERSION) - return (T)__vshasigmaw((uint32x4_p)vec, func, subfunc); -#elif defined(CRYPTOPP_GCC_VERSION) - return (T)__builtin_crypto_vshasigmaw((uint32x4_p)vec, func, subfunc); -#else - CRYPTOPP_ASSERT(0); -#endif -} - -/// \brief SHA512 Sigma functions -/// \tparam func function -/// \tparam subfunc sub-function -/// \tparam T vector type -/// \param vec the block to transform -/// \details VectorSHA512 selects sigma0, sigma1, Sigma0, Sigma1 based on -/// func and subfunc. The return vector is the same type as vec. -/// \since Crypto++ 6.0 -template -inline T VectorSHA512(const T& vec) -{ -#if defined(CRYPTOPP_XLC_VERSION) - return (T)__vshasigmad((uint64x2_p)vec, func, subfunc); -#elif defined(CRYPTOPP_GCC_VERSION) - return (T)__builtin_crypto_vshasigmad((uint64x2_p)vec, func, subfunc); -#else - CRYPTOPP_ASSERT(0); -#endif -} - -#endif // CRYPTOPP_POWER8_AVAILABLE - -NAMESPACE_END - -#endif // CRYPTOPP_PPC_CRYPTO_H diff --git a/vendor/cryptopp/vendor_cryptopp/ppc_power7.cpp b/vendor/cryptopp/vendor_cryptopp/ppc_power7.cpp new file mode 100644 index 00000000..070abc7b --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/ppc_power7.cpp @@ -0,0 +1,90 @@ +// ppc_power7.cpp - written and placed in the public domain by +// Jeffrey Walton, Uri Blumenthal and Marcel Raad. +// +// This source file uses intrinsics and built-ins to gain access to +// Power7 instructions. A separate source file is needed because +// additional CXXFLAGS are required to enable the appropriate +// instructions sets in some build configurations. + +#include "pch.h" +#include "config.h" + +#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY +# include +# include +#endif + +#if defined(_ARCH_PWR7) +# include "ppc_simd.h" +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char PPC_POWER7_FNAME[] = __FILE__; + +NAMESPACE_BEGIN(CryptoPP) + +// ************************* Feature Probes ************************* // + +#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY +extern "C" { + typedef void (*SigHandler)(int); + + static jmp_buf s_jmpSIGILL; + static void SigIllHandler(int) + { + longjmp(s_jmpSIGILL, 1); + } +} +#endif // CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY + +#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) +bool CPU_ProbePower7() +{ +#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) + return false; +#elif (_ARCH_PWR7) && defined(CRYPTOPP_POWER7_AVAILABLE) +# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY) + + // longjmp and clobber warnings. Volatile is required. + // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 + volatile int result = false; + + volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); + if (oldHandler == SIG_ERR) + return false; + + volatile sigset_t oldMask; + if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) + return false; + + if (setjmp(s_jmpSIGILL)) + result = false; + else + { + // POWER7 added unaligned loads and store operations + byte b1[19] = {255, 255, 255, 1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}, b2[17]; + + // Specifically call the VSX loads and stores + #if defined(__early_xlc__) || defined(__early_xlC__) + vec_xstw4(vec_xlw4(0, b1+3), 0, b2+1); + #elif defined(__xlc__) || defined(__xlC__) || defined(__clang__) + vec_xst(vec_xl(0, b1+3), 0, b2+1); + #else + vec_vsx_st(vec_vsx_ld(0, b1+3), 0, b2+1); + #endif + + result = (0 == std::memcmp(b1+3, b2+1, 16)); + } + + sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); + signal(SIGILL, oldHandler); + return result; +# endif +#else + return false; +#endif // _ARCH_PWR7 +} + +#endif // PPC32 or PPC64 + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/ppc_power8.cpp b/vendor/cryptopp/vendor_cryptopp/ppc_power8.cpp new file mode 100644 index 00000000..cd8f2531 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/ppc_power8.cpp @@ -0,0 +1,234 @@ +// ppc_power8.cpp - written and placed in the public domain by +// Jeffrey Walton, Uri Blumenthal and Marcel Raad. +// +// This source file uses intrinsics and built-ins to gain access to +// Power8 instructions. A separate source file is needed because +// additional CXXFLAGS are required to enable the appropriate +// instructions sets in some build configurations. + +#include "pch.h" +#include "config.h" + +#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY +# include +# include +#endif + +#if defined(_ARCH_PWR8) || defined(__CRYPTO__) +# include "ppc_simd.h" +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char PPC_POWER8_FNAME[] = __FILE__; + +NAMESPACE_BEGIN(CryptoPP) + +// ************************* Feature Probes ************************* // + +#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY +extern "C" { + typedef void (*SigHandler)(int); + + static jmp_buf s_jmpSIGILL; + static void SigIllHandler(int) + { + longjmp(s_jmpSIGILL, 1); + } +} +#endif // CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY + +#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) + +bool CPU_ProbePower8() +{ +#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) + return false; +#elif (_ARCH_PWR8) && defined(CRYPTOPP_POWER8_AVAILABLE) +# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY) + + // longjmp and clobber warnings. Volatile is required. + // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 + volatile int result = true; + + volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); + if (oldHandler == SIG_ERR) + return false; + + volatile sigset_t oldMask; + if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) + return false; + + if (setjmp(s_jmpSIGILL)) + result = false; + else + { + // POWER8 added 64-bit SIMD operations + const word64 x = W64LIT(0xffffffffffffffff); + word64 w1[2] = {x, x}, w2[2] = {4, 6}, w3[2]; + + // Specifically call the VSX loads and stores with 64-bit types + #if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__)) + const uint64x2_p v1 = vec_xl(0, (unsigned long long*)w1); + const uint64x2_p v2 = vec_xl(0, (unsigned long long*)w2); + const uint64x2_p v3 = vec_add(v1, v2); // 64-bit add + vec_xst(v3, 0, (unsigned long long*)w3); + #else + const uint64x2_p v1 = (uint64x2_p)vec_vsx_ld(0, (const byte*)w1); + const uint64x2_p v2 = (uint64x2_p)vec_vsx_ld(0, (const byte*)w2); + const uint64x2_p v3 = vec_add(v1, v2); // 64-bit add + vec_vsx_st((uint8x16_p)v3, 0, (byte*)w3); + #endif + + // Relies on integer wrap + result = (w3[0] == 3 && w3[1] == 5); + } + + sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); + signal(SIGILL, oldHandler); + return result; +# endif +#else + return false; +#endif // _ARCH_PWR8 +} + +bool CPU_ProbeAES() +{ +#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) + return false; +#elif (__CRYPTO__) && defined(CRYPTOPP_POWER8_AES_AVAILABLE) +# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY) + + // longjmp and clobber warnings. Volatile is required. + // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 + volatile int result = true; + + volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); + if (oldHandler == SIG_ERR) + return false; + + volatile sigset_t oldMask; + if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) + return false; + + if (setjmp(s_jmpSIGILL)) + result = false; + else + { + byte key[16] = {0xA0, 0xFA, 0xFE, 0x17, 0x88, 0x54, 0x2c, 0xb1, + 0x23, 0xa3, 0x39, 0x39, 0x2a, 0x6c, 0x76, 0x05}; + byte state[16] = {0x19, 0x3d, 0xe3, 0xb3, 0xa0, 0xf4, 0xe2, 0x2b, + 0x9a, 0xc6, 0x8d, 0x2a, 0xe9, 0xf8, 0x48, 0x08}; + byte r[16] = {255}, z[16] = {}; + + uint8x16_p k = (uint8x16_p)VecLoad(0, key); + uint8x16_p s = (uint8x16_p)VecLoad(0, state); + s = VecEncrypt(s, k); + s = VecEncryptLast(s, k); + s = VecDecrypt(s, k); + s = VecDecryptLast(s, k); + VecStore(s, r); + + result = (0 != std::memcmp(r, z, 16)); + } + + sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); + signal(SIGILL, oldHandler); + return result; +# endif +#else + return false; +#endif // __CRYPTO__ +} + +bool CPU_ProbeSHA256() +{ +#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) + return false; +#elif (__CRYPTO__) && defined(CRYPTOPP_POWER8_SHA_AVAILABLE) +# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY) + + // longjmp and clobber warnings. Volatile is required. + // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 + volatile int result = false; + + volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); + if (oldHandler == SIG_ERR) + return false; + + volatile sigset_t oldMask; + if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) + return false; + + if (setjmp(s_jmpSIGILL)) + result = false; + else + { + byte r[16], z[16] = {0}; + uint8x16_p x = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + + x = VecSHA256<0,0>(x); + x = VecSHA256<0,0xf>(x); + x = VecSHA256<1,0>(x); + x = VecSHA256<1,0xf>(x); + VecStore(x, r); + + result = (0 == std::memcmp(r, z, 16)); + } + + sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); + signal(SIGILL, oldHandler); + return result; +# endif +#else + return false; +#endif // CRYPTOPP_ALTIVEC_AVAILABLE +} + +bool CPU_ProbeSHA512() +{ +#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) + return false; +#elif (__CRYPTO__) && defined(CRYPTOPP_POWER8_SHA_AVAILABLE) +# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY) + + // longjmp and clobber warnings. Volatile is required. + // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 + volatile int result = false; + + volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); + if (oldHandler == SIG_ERR) + return false; + + volatile sigset_t oldMask; + if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) + return false; + + if (setjmp(s_jmpSIGILL)) + result = false; + else + { + byte r[16], z[16] = {0}; + uint8x16_p x = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + + x = VecSHA512<0,0>(x); + x = VecSHA512<0,0xf>(x); + x = VecSHA512<1,0>(x); + x = VecSHA512<1,0xf>(x); + VecStore(x, r); + + result = (0 == std::memcmp(r, z, 16)); + } + + sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); + signal(SIGILL, oldHandler); + return result; +# endif +#else + return false; +#endif // CRYPTOPP_POWER8_AVAILABLE +} + +#endif // PPC32 or PPC64 + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/ppc_power9.cpp b/vendor/cryptopp/vendor_cryptopp/ppc_power9.cpp new file mode 100644 index 00000000..c842d46d --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/ppc_power9.cpp @@ -0,0 +1,130 @@ +// ppc_power9.cpp - written and placed in the public domain by +// Jeffrey Walton, Uri Blumenthal and Marcel Raad. +// +// This source file uses intrinsics and built-ins to gain access to +// Power9 instructions. A separate source file is needed because +// additional CXXFLAGS are required to enable the appropriate +// instructions sets in some build configurations. + +#include "pch.h" +#include "config.h" + +#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY +# include +# include +#endif + +#if defined(_ARCH_PWR9) +# include "ppc_simd.h" +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char PPC_POWER9_FNAME[] = __FILE__; + +NAMESPACE_BEGIN(CryptoPP) + +// ************************* Feature Probes ************************* // + +#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY +extern "C" { + typedef void (*SigHandler)(int); + + static jmp_buf s_jmpSIGILL; + static void SigIllHandler(int) + { + longjmp(s_jmpSIGILL, 1); + } +} +#endif // CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY + +#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) + +bool CPU_ProbePower9() +{ +#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) + return false; +#elif defined(CRYPTOPP_POWER9_AVAILABLE) +# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY) + // longjmp and clobber warnings. Volatile is required. + // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721954 + volatile int result = true; + + volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); + if (oldHandler == SIG_ERR) + return false; + + volatile sigset_t oldMask; + if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) + return false; + + if (setjmp(s_jmpSIGILL)) + result = false; + else + { + // This is "darn r3, 0". It provides a conditioned 32-bit + // word. It is available on both 32-bit and 64-bit. +#if CRYPTOPP_BIG_ENDIAN + __asm__ __volatile__ (".byte 0x7c, 0x60, 0x05, 0xe6 \n" : : : "r3"); +#else + __asm__ __volatile__ (".byte 0xe6, 0x05, 0x60, 0x7c \n" : : : "r3"); +#endif + result = true; + } + + sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); + signal(SIGILL, oldHandler); + return result; +# endif +#else + return false; +#endif // _ARCH_PWR9 +} + +// The DARN probe is not guarded with a preprocessor macro at the moment. We +// don't use CRYPTOPP_POWER9_AVAILABLE because old compilers, like GCC 4.8 on +// CentOS 7, will report NO even though we can produce the random numbers. +// Other Power9 implementations which use builtins will use the preprocessor +// macro guard. This strategy also gets into a situation where Power9 is not +// available but DARN is. +bool CPU_ProbeDARN() +{ +#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) + return false; +#else +# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY) + // longjmp and clobber warnings. Volatile is required. + // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721954 + volatile int result = true; + + volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); + if (oldHandler == SIG_ERR) + return false; + + volatile sigset_t oldMask; + if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) + return false; + + if (setjmp(s_jmpSIGILL)) + result = false; + else + { + // This is "darn r3, 0". It provides a conditioned 32-bit + // word. It is available on both 32-bit and 64-bit. +#if CRYPTOPP_BIG_ENDIAN + __asm__ __volatile__ (".byte 0x7c, 0x60, 0x05, 0xe6 \n" : : : "r3"); +#else + __asm__ __volatile__ (".byte 0xe6, 0x05, 0x60, 0x7c \n" : : : "r3"); +#endif + result = true; + } + + sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); + signal(SIGILL, oldHandler); + return result; +# endif +#endif // DARN +} + +#endif // PPC32 or PPC64 + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/ppc_simd.cpp b/vendor/cryptopp/vendor_cryptopp/ppc_simd.cpp new file mode 100644 index 00000000..b8182ad5 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/ppc_simd.cpp @@ -0,0 +1,93 @@ +// ppc_simd.cpp - written and placed in the public domain by +// Jeffrey Walton, Uri Blumenthal and Marcel Raad. +// +// This source file uses intrinsics to gain access to AltiVec, +// Power8 and in-core crypto instructions. A separate source file +// is needed because additional CXXFLAGS are required to enable the +// appropriate instructions sets in some build configurations. + +#include "pch.h" +#include "config.h" +#include "stdcpp.h" + +#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) +# include "ppc_simd.h" +#endif + +#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY +# include +# include +#endif + +#ifndef EXCEPTION_EXECUTE_HANDLER +# define EXCEPTION_EXECUTE_HANDLER 1 +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char PPC_SIMD_FNAME[] = __FILE__; + +NAMESPACE_BEGIN(CryptoPP) + +#ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY +extern "C" { + typedef void (*SigHandler)(int); + + static jmp_buf s_jmpSIGILL; + static void SigIllHandler(int) + { + longjmp(s_jmpSIGILL, 1); + } +} +#endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY + +#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) +bool CPU_ProbeAltivec() +{ +#if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) + return false; +#elif (_ARCH_PWR3) && (CRYPTOPP_ALTIVEC_AVAILABLE) +# if defined(CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY) + + // longjmp and clobber warnings. Volatile is required. + // http://github.com/weidai11/cryptopp/issues/24 and http://stackoverflow.com/q/7721854 + volatile int result = true; + + volatile SigHandler oldHandler = signal(SIGILL, SigIllHandler); + if (oldHandler == SIG_ERR) + return false; + + volatile sigset_t oldMask; + if (sigprocmask(0, NULLPTR, (sigset_t*)&oldMask)) + return false; + + if (setjmp(s_jmpSIGILL)) + result = false; + else + { + CRYPTOPP_ALIGN_DATA(16) + const byte b1[16] = {0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; + CRYPTOPP_ALIGN_DATA(16) + const byte b2[16] = {1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1}; + CRYPTOPP_ALIGN_DATA(16) byte b3[16]; + + // Specifically call the Altivec loads and stores + const uint8x16_p v1 = (uint8x16_p)vec_ld(0, (byte*)b1); + const uint8x16_p v2 = (uint8x16_p)vec_ld(0, (byte*)b2); + const uint8x16_p v3 = (uint8x16_p)VecXor(v1, v2); + vec_st(v3, 0, b3); + + result = (0 == std::memcmp(b2, b3, 16)); + } + + sigprocmask(SIG_SETMASK, (sigset_t*)&oldMask, NULLPTR); + signal(SIGILL, oldHandler); + return result; +# endif +#else + return false; +#endif // CRYPTOPP_ALTIVEC_AVAILABLE +} + +# endif // CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64 + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/ppc_simd.h b/vendor/cryptopp/vendor_cryptopp/ppc_simd.h new file mode 100644 index 00000000..08733435 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/ppc_simd.h @@ -0,0 +1,1481 @@ +// ppc_simd.h - written and placed in public domain by Jeffrey Walton + +/// \file ppc_simd.h +/// \brief Support functions for PowerPC and vector operations +/// \details This header provides an agnostic interface into Clang, GCC +/// and IBM XL C/C++ compilers modulo their different built-in functions +/// for accessing vector intructions. +/// \details The abstractions are necesssary to support back to GCC 4.8 and +/// XLC 11 and 12. GCC 4.8 and 4.9 are still popular, and they are the +/// default compiler for GCC112, GCC118 and others on the compile farm. +/// Older IBM XL C/C++ compilers also experience it due to lack of +/// vec_xl and vec_xst support on some platforms. Modern +/// compilers provide best support and don't need many of the hacks +/// below. +/// \details The library is tested with the following PowerPC machines and +/// compilers. GCC110, GCC111, GCC112, GCC119 and GCC135 are provided by +/// the GCC Compile Farm +/// - PowerMac G5, OSX 10.5, POWER4, Apple GCC 4.0 +/// - PowerMac G5, OSX 10.5, POWER4, Macports GCC 5.0 +/// - GCC110, Linux, POWER7, GCC 4.8.5 +/// - GCC110, Linux, POWER7, XLC 12.01 +/// - GCC111, AIX, POWER7, GCC 4.8.1 +/// - GCC111, AIX, POWER7, XLC 12.01 +/// - GCC112, Linux, POWER8, GCC 4.8.5 +/// - GCC112, Linux, POWER8, XLC 13.01 +/// - GCC112, Linux, POWER8, Clang 7.0 +/// - GCC119, AIX, POWER8, GCC 7.2.0 +/// - GCC119, AIX, POWER8, XLC 13.01 +/// - GCC135, Linux, POWER9, GCC 7.0 +/// \details 12 machines are used for testing because the three compilers form +/// five profiles. The profiles are listed below. +/// - GCC (Linux GCC, Macports GCC, etc. Consistent across machines) +/// - XLC 13.0 and earlier (all IBM components) +/// - XLC 13.1 and later on Linux (LLVM front-end, no compatibility macros) +/// - XLC 13.1 and later on Linux (LLVM front-end, -qxlcompatmacros option) +/// - LLVM Clang (traditional Clang compiler) +/// \details The LLVM front-end makes it tricky to write portable code because +/// LLVM pretends to be other compilers but cannot consume other compiler's +/// builtins. When using XLC with -qxlcompatmacros the compiler pretends to +/// be GCC, Clang and XLC all at once but it can only consume it's variety +/// of builtins. +/// \details At Crypto++ 8.0 the various VectorFunc{Name} were renamed to +/// VecFunc{Name}. For example, VectorAnd was changed to VecAnd. The name +/// change helped consolidate two slightly different implementations. +/// \since Crypto++ 6.0, LLVM Clang compiler support since Crypto++ 8.0 + +// Use __ALTIVEC__, _ARCH_PWR7 and _ARCH_PWR8 when detecting actual +// availaibility of the feature for the source file being compiled. The +// preprocessor macros depend on compiler options like -maltivec; and +// not compiler versions. + +// DO NOT USE this pattern in VecLoad and VecStore. We have to use the +// spaghetti code tangled in preprocessor macros because XLC 12 generates +// bad code in some places. To verify the bad code generation test on +// GCC111 with XLC 12.01 installed. XLC 13.01 on GCC112 and GCC119 are OK. +// +// inline uint32x4_p VecLoad(const byte src[16]) +// { +// #if defined(_ARCH_PWR7) +// return (uint32x4_p) *(uint8x16_p*)((byte*)src); +// #else +// return VecLoad_ALTIVEC(src); +// #endif +// } + +#ifndef CRYPTOPP_PPC_CRYPTO_H +#define CRYPTOPP_PPC_CRYPTO_H + +#include "config.h" +#include "misc.h" + +#if defined(__ALTIVEC__) +# include +# undef vector +# undef pixel +# undef bool +#endif + +// IBM XLC on AIX does not define __CRYPTO__ like it should with -qarch=pwr8. +// Crypto is available in XLC 13.1 and above. More LLVM front-end goodness. +#if defined(_AIX) && defined(_ARCH_PWR8) && (__xlC__ >= 0xd01) +# undef __CRYPTO__ +# define __CRYPTO__ 1 +#endif + +// Hack to detect early XLC compilers. XLC compilers for POWER7 use +// vec_xlw4 and vec_xstw4 (and ld2 variants); not vec_xl and vec_st. +// Some XLC compilers for POWER7 and above use vec_xl and vec_xst. +// The way to tell the difference is, XLC compilers version 13.0 and +// earlier use vec_xlw4 and vec_xstw4. XLC compilers 13.1 and later +// are use vec_xl and vec_xst. The open question is, how to handle +// early Clang compilers for POWER7. We know the latest Clang +// compilers support vec_xl and vec_xst. Also see +// https://www-01.ibm.com/support/docview.wss?uid=swg21683541. + +#if defined(__xlc__) && (__xlc__ < 0x0d01) +# define __early_xlc__ 1 +#endif +#if defined(__xlC__) && (__xlC__ < 0x0d01) +# define __early_xlC__ 1 +#endif + +// VecLoad_ALTIVEC and VecStore_ALTIVEC are +// too noisy on modern compilers +#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE +# pragma GCC diagnostic push +# pragma GCC diagnostic ignored "-Wdeprecated" +#endif + +NAMESPACE_BEGIN(CryptoPP) + +#if defined(__ALTIVEC__) || defined(CRYPTOPP_DOXYGEN_PROCESSING) + +/// \brief Vector of 8-bit elements +/// \par Wraps +/// __vector unsigned char +/// \since Crypto++ 6.0 +typedef __vector unsigned char uint8x16_p; +/// \brief Vector of 16-bit elements +/// \par Wraps +/// __vector unsigned short +/// \since Crypto++ 6.0 +typedef __vector unsigned short uint16x8_p; +/// \brief Vector of 32-bit elements +/// \par Wraps +/// __vector unsigned int +/// \since Crypto++ 6.0 +typedef __vector unsigned int uint32x4_p; + +#if defined(_ARCH_PWR7) || defined(CRYPTOPP_DOXYGEN_PROCESSING) +/// \brief Vector of 64-bit elements +/// \details uint64x2_p is available on POWER7 and above. Some supporting +/// functions, like 64-bit vec_add (vaddudm), did not +/// arrive until POWER8. +/// \par Wraps +/// __vector unsigned long long +/// \since Crypto++ 6.0 +typedef __vector unsigned long long uint64x2_p; +#endif // _ARCH_PWR7 + +/// \brief The 0 vector +/// \returns a 32-bit vector of 0's +/// \since Crypto++ 8.0 +inline uint32x4_p VecZero() +{ + const uint32x4_p v = {0,0,0,0}; + return v; +} + +/// \brief The 1 vector +/// \returns a 32-bit vector of 1's +/// \since Crypto++ 8.0 +inline uint32x4_p VecOne() +{ + const uint32x4_p v = {1,1,1,1}; + return v; +} + +/// \brief Reverse bytes in a vector +/// \tparam T vector type +/// \param data the vector +/// \returns vector +/// \details VecReverse() reverses the bytes in a vector +/// \par Wraps +/// vec_perm +/// \since Crypto++ 6.0 +template +inline T VecReverse(const T data) +{ +#if (_ARCH_PWR9) + return (T)vec_revb((uint8x16_p)data); +#else + const uint8x16_p mask = {15,14,13,12, 11,10,9,8, 7,6,5,4, 3,2,1,0}; + return (T)vec_perm(data, data, mask); +#endif +} + +//////////////////////// Loads //////////////////////// + +/// \brief Loads a vector from a byte array +/// \param src the byte array +/// \details Loads a vector in native endian format from a byte array. +/// \details VecLoad_ALTIVEC() uses vec_ld if the effective address +/// of src is aligned. If unaligned it uses vec_lvsl, +/// vec_ld, vec_perm and src. The fixups using +/// vec_lvsl and vec_perm are relatively expensive so +/// you should provide aligned memory adresses. +/// \par Wraps +/// vec_ld, vec_lvsl, vec_perm +/// \since Crypto++ 6.0 +inline uint32x4_p VecLoad_ALTIVEC(const byte src[16]) +{ + // Avoid IsAlignedOn for convenience. + uintptr_t eff = reinterpret_cast(src)+0; + if (eff % 16 == 0) + { + return (uint32x4_p)vec_ld(0, src); + } + else + { + // http://www.nxp.com/docs/en/reference-manual/ALTIVECPEM.pdf + const uint8x16_p perm = vec_lvsl(0, src); + const uint8x16_p low = vec_ld(0, src); + const uint8x16_p high = vec_ld(15, src); + return (uint32x4_p)vec_perm(low, high, perm); + } +} + +/// \brief Loads a vector from a byte array +/// \param src the byte array +/// \param off offset into the src byte array +/// \details Loads a vector in native endian format from a byte array. +/// \details VecLoad_ALTIVEC() uses vec_ld if the effective address +/// of src is aligned. If unaligned it uses vec_lvsl, +/// vec_ld, vec_perm and src. +/// \details The fixups using vec_lvsl and vec_perm are +/// relatively expensive so you should provide aligned memory adresses. +/// \par Wraps +/// vec_ld, vec_lvsl, vec_perm +/// \since Crypto++ 6.0 +inline uint32x4_p VecLoad_ALTIVEC(int off, const byte src[16]) +{ + // Avoid IsAlignedOn for convenience. + uintptr_t eff = reinterpret_cast(src)+off; + if (eff % 16 == 0) + { + return (uint32x4_p)vec_ld(off, src); + } + else + { + // http://www.nxp.com/docs/en/reference-manual/ALTIVECPEM.pdf + const uint8x16_p perm = vec_lvsl(off, src); + const uint8x16_p low = vec_ld(off, src); + const uint8x16_p high = vec_ld(15, src); + return (uint32x4_p)vec_perm(low, high, perm); + } +} + +/// \brief Loads a vector from a byte array +/// \param src the byte array +/// \details VecLoad() loads a vector in from a byte array. +/// \details VecLoad() uses POWER7's vec_xl or +/// vec_vsx_ld if available. The instructions do not require +/// aligned effective memory addresses. VecLoad_ALTIVEC() is used if POWER7 +/// is not available. VecLoad_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \par Wraps +/// vec_xlw4, vec_xld2, vec_xl, vec_vsx_ld (and Altivec load) +/// \since Crypto++ 6.0 +inline uint32x4_p VecLoad(const byte src[16]) +{ +#if defined(_ARCH_PWR7) +# if defined(__early_xlc__) || defined(__early_xlC__) + return (uint32x4_p)vec_xlw4(0, (byte*)src); +# elif defined(__xlc__) || defined(__xlC__) || defined(__clang__) + return (uint32x4_p)vec_xl(0, (byte*)src); +# else + return (uint32x4_p)vec_vsx_ld(0, (byte*)src); +# endif +#else + return VecLoad_ALTIVEC(src); +#endif +} + +/// \brief Loads a vector from a byte array +/// \param src the byte array +/// \param off offset into the byte array +/// \details VecLoad() loads a vector in from a byte array. +/// \details VecLoad() uses POWER7's vec_xl or +/// vec_vsx_ld if available. The instructions do not require +/// aligned effective memory addresses. VecLoad_ALTIVEC() is used if POWER7 +/// is not available. VecLoad_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \par Wraps +/// vec_xlw4, vec_xld2, vec_xl, vec_vsx_ld (and Altivec load) +/// \since Crypto++ 6.0 +inline uint32x4_p VecLoad(int off, const byte src[16]) +{ +#if defined(_ARCH_PWR7) +# if defined(__early_xlc__) || defined(__early_xlC__) + return (uint32x4_p)vec_xlw4(off, (byte*)src); +# elif defined(__xlc__) || defined(__xlC__) || defined(__clang__) + return (uint32x4_p)vec_xl(off, (byte*)src); +# else + return (uint32x4_p)vec_vsx_ld(off, (byte*)src); +# endif +#else + return VecLoad_ALTIVEC(off, src); +#endif +} + +/// \brief Loads a vector from a word array +/// \param src the word array +/// \details VecLoad() loads a vector in from a word array. +/// \details VecLoad() uses POWER7's vec_xl or +/// vec_vsx_ld if available. The instructions do not require +/// aligned effective memory addresses. VecLoad_ALTIVEC() is used if POWER7 +/// is not available. VecLoad_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \par Wraps +/// vec_xlw4, vec_xld2, vec_xl, vec_vsx_ld (and Altivec load) +/// \since Crypto++ 8.0 +inline uint32x4_p VecLoad(const word32 src[4]) +{ + return VecLoad((const byte*)src); +} + +/// \brief Loads a vector from a word array +/// \param src the word array +/// \param off offset into the word array +/// \details VecLoad() loads a vector in from a word array. +/// \details VecLoad() uses POWER7's vec_xl or +/// vec_vsx_ld if available. The instructions do not require +/// aligned effective memory addresses. VecLoad_ALTIVEC() is used if POWER7 +/// is not available. VecLoad_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \par Wraps +/// vec_xlw4, vec_xld2, vec_xl, vec_vsx_ld (and Altivec load) +/// \since Crypto++ 8.0 +inline uint32x4_p VecLoad(int off, const word32 src[4]) +{ + return VecLoad(off, (const byte*)src); +} + +#if defined(_ARCH_PWR7) || defined(CRYPTOPP_DOXYGEN_PROCESSING) + +/// \brief Loads a vector from a word array +/// \param src the word array +/// \details VecLoad() loads a vector in from a word array. +/// \details VecLoad() uses POWER7's vec_xl or +/// vec_vsx_ld if available. The instructions do not require +/// aligned effective memory addresses. VecLoad_ALTIVEC() is used if POWER7 +/// is not available. VecLoad_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \details VecLoad() with 64-bit elements is available on POWER7 and above. +/// \par Wraps +/// vec_xlw4, vec_xld2, vec_xl, vec_vsx_ld (and Altivec load) +/// \since Crypto++ 8.0 +inline uint64x2_p VecLoad(const word64 src[2]) +{ + return (uint64x2_p)VecLoad((const byte*)src); +} + +/// \brief Loads a vector from a word array +/// \param src the word array +/// \param off offset into the word array +/// \details VecLoad() loads a vector in from a word array. +/// \details VecLoad() uses POWER7's vec_xl or +/// vec_vsx_ld if available. The instructions do not require +/// aligned effective memory addresses. VecLoad_ALTIVEC() is used if POWER7 +/// is not available. VecLoad_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \details VecLoad() with 64-bit elements is available on POWER8 and above. +/// \par Wraps +/// vec_xlw4, vec_xld2, vec_xl, vec_vsx_ld (and Altivec load) +/// \since Crypto++ 8.0 +inline uint64x2_p VecLoad(int off, const word64 src[2]) +{ + return (uint64x2_p)VecLoad(off, (const byte*)src); +} + +#endif // _ARCH_PWR7 + +/// \brief Loads a vector from an aligned byte array +/// \param src the byte array +/// \details VecLoadAligned() loads a vector in from an aligned byte array. +/// \details VecLoadAligned() uses POWER7's vec_xl or +/// vec_vsx_ld if available. The instructions do not require +/// aligned effective memory addresses. Altivec's vec_ld is used +/// if POWER7 is not available. The effective address of src must +/// be aligned. +/// \par Wraps +/// vec_ld, vec_xlw4, vec_xld2, vec_xl, vec_vsx_ld +/// \since Crypto++ 8.0 +inline uint32x4_p VecLoadAligned(const byte src[16]) +{ +#if defined(_ARCH_PWR7) +# if defined(__early_xlc__) || defined(__early_xlC__) + return (uint32x4_p)vec_xlw4(0, (byte*)src); +# elif defined(__xlc__) || defined(__xlC__) || defined(__clang__) + return (uint32x4_p)vec_xl(0, (byte*)src); +# else + return (uint32x4_p)vec_vsx_ld(0, (byte*)src); +# endif +#else // _ARCH_PWR7 + CRYPTOPP_ASSERT(((uintptr_t)src) % 16 == 0); + return (uint32x4_p)vec_ld(0, (byte*)src); +#endif // _ARCH_PWR7 +} + +/// \brief Loads a vector from an aligned byte array +/// \param src the byte array +/// \param off offset into the byte array +/// \details VecLoadAligned() loads a vector in from an aligned byte array. +/// \details VecLoadAligned() uses POWER7's vec_xl or +/// vec_vsx_ld if available. The instructions do not require +/// aligned effective memory addresses. Altivec's vec_ld is used +/// if POWER7 is not available. The effective address of src must +/// be aligned. +/// \par Wraps +/// vec_ld, vec_xlw4, vec_xld2, vec_xl, vec_vsx_ld +/// \since Crypto++ 8.0 +inline uint32x4_p VecLoadAligned(int off, const byte src[16]) +{ +#if defined(_ARCH_PWR7) +# if defined(__early_xlc__) || defined(__early_xlC__) + return (uint32x4_p)vec_xlw4(off, (byte*)src); +# elif defined(__xlc__) || defined(__xlC__) || defined(__clang__) + return (uint32x4_p)vec_xl(off, (byte*)src); +# else + return (uint32x4_p)vec_vsx_ld(off, (byte*)src); +# endif +#else // _ARCH_PWR7 + CRYPTOPP_ASSERT((((uintptr_t)src)+off) % 16 == 0); + return (uint32x4_p)vec_ld(off, (byte*)src); +#endif // _ARCH_PWR7 +} + +/// \brief Loads a vector from a byte array +/// \param src the byte array +/// \details VecLoadBE() loads a vector in from a byte array. VecLoadBE +/// will reverse all bytes in the array on a little endian system. +/// \details VecLoadBE() uses POWER7's vec_xl or +/// vec_vsx_ld if available. The instructions do not require +/// aligned effective memory addresses. VecLoad_ALTIVEC() is used if POWER7 +/// is not available. VecLoad_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \par Wraps +/// vec_xlw4, vec_xld2, vec_xl, vec_vsx_ld (and Altivec load) +/// \since Crypto++ 6.0 +inline uint32x4_p VecLoadBE(const byte src[16]) +{ +#if defined(_ARCH_PWR7) +# if defined(__early_xlc__) || defined(__early_xlC__) +# if (CRYPTOPP_BIG_ENDIAN) + return (uint32x4_p)vec_xlw4(0, (byte*)src); +# else + return (uint32x4_p)VecReverse(vec_xlw4(0, (byte*)src)); +# endif +# elif defined(__xlc__) || defined(__xlC__) || defined(__clang__) + return (uint32x4_p)vec_xl_be(0, (byte*)src); +# else +# if (CRYPTOPP_BIG_ENDIAN) + return (uint32x4_p)vec_vsx_ld(0, (byte*)src); +# else + return (uint32x4_p)VecReverse(vec_vsx_ld(0, (byte*)src)); +# endif +# endif +#else // _ARCH_PWR7 +# if (CRYPTOPP_BIG_ENDIAN) + return (uint32x4_p)VecLoad((const byte*)src); +# else + return (uint32x4_p)VecReverse(VecLoad((const byte*)src)); +# endif +#endif // _ARCH_PWR7 +} + +/// \brief Loads a vector from a byte array +/// \param src the byte array +/// \param off offset into the src byte array +/// \details VecLoadBE() loads a vector in from a byte array. VecLoadBE +/// will reverse all bytes in the array on a little endian system. +/// \details VecLoadBE() uses POWER7's vec_xl or +/// vec_vsx_ld if available. The instructions do not require +/// aligned effective memory addresses. VecLoad_ALTIVEC() is used if POWER7 +/// is not available. VecLoad_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \par Wraps +/// vec_xlw4, vec_xld2, vec_xl, vec_vsx_ld (and Altivec load) +/// \since Crypto++ 6.0 +inline uint32x4_p VecLoadBE(int off, const byte src[16]) +{ +#if defined(_ARCH_PWR7) +# if defined(__early_xlc__) || defined(__early_xlC__) +# if (CRYPTOPP_BIG_ENDIAN) + return (uint32x4_p)vec_xlw4(off, (byte*)src); +# else + return (uint32x4_p)VecReverse(vec_xlw4(off, (byte*)src)); +# endif +# elif defined(__xlc__) || defined(__xlC__) || defined(__clang__) + return (uint32x4_p)vec_xl_be(off, (byte*)src); +# else +# if (CRYPTOPP_BIG_ENDIAN) + return (uint32x4_p)vec_vsx_ld(off, (byte*)src); +# else + return (uint32x4_p)VecReverse(vec_vsx_ld(off, (byte*)src)); +# endif +# endif +#else // _ARCH_PWR7 +# if (CRYPTOPP_BIG_ENDIAN) + return (uint32x4_p)VecLoad(off, (const byte*)src); +# else + return (uint32x4_p)VecReverse(VecLoad(off, (const byte*)src)); +# endif +#endif // _ARCH_PWR7 +} + +//////////////////////// Stores //////////////////////// + +/// \brief Stores a vector to a byte array +/// \tparam T vector type +/// \param data the vector +/// \param dest the byte array +/// \details VecStore_ALTIVEC() stores a vector to a byte array. +/// \details VecStore_ALTIVEC() uses vec_st if the effective address +/// of dest is aligned, and uses vec_ste otherwise. +/// vec_ste is relatively expensive so you should provide aligned +/// memory adresses. +/// \details VecStore_ALTIVEC() is used automatically when POWER7 or above +/// and unaligned loads is not available. +/// \par Wraps +/// vec_st, vec_ste, vec_lvsr, vec_perm +/// \since Crypto++ 8.0 +template +inline void VecStore_ALTIVEC(const T data, byte dest[16]) +{ + // Avoid IsAlignedOn for convenience. + uintptr_t eff = reinterpret_cast(dest)+0; + if (eff % 16 == 0) + { + vec_st((uint8x16_p)data, 0, dest); + } + else + { + // http://www.nxp.com/docs/en/reference-manual/ALTIVECPEM.pdf + uint8x16_p perm = (uint8x16_p)vec_perm(data, data, vec_lvsr(0, dest)); + vec_ste((uint8x16_p) perm, 0, (unsigned char*) dest); + vec_ste((uint16x8_p) perm, 1, (unsigned short*)dest); + vec_ste((uint32x4_p) perm, 3, (unsigned int*) dest); + vec_ste((uint32x4_p) perm, 4, (unsigned int*) dest); + vec_ste((uint32x4_p) perm, 8, (unsigned int*) dest); + vec_ste((uint32x4_p) perm, 12, (unsigned int*) dest); + vec_ste((uint16x8_p) perm, 14, (unsigned short*)dest); + vec_ste((uint8x16_p) perm, 15, (unsigned char*) dest); + } +} + +/// \brief Stores a vector to a byte array +/// \tparam T vector type +/// \param data the vector +/// \param off the byte offset into the array +/// \param dest the byte array +/// \details VecStore_ALTIVEC() stores a vector to a byte array. +/// \details VecStore_ALTIVEC() uses vec_st if the effective address +/// of dest is aligned, and uses vec_ste otherwise. +/// vec_ste is relatively expensive so you should provide aligned +/// memory adresses. +/// \details VecStore_ALTIVEC() is used automatically when POWER7 or above +/// and unaligned loads is not available. +/// \par Wraps +/// vec_st, vec_ste, vec_lvsr, vec_perm +/// \since Crypto++ 8.0 +template +inline void VecStore_ALTIVEC(const T data, int off, byte dest[16]) +{ + // Avoid IsAlignedOn for convenience. + uintptr_t eff = reinterpret_cast(dest)+off; + if (eff % 16 == 0) + { + vec_st((uint8x16_p)data, off, dest); + } + else + { + // http://www.nxp.com/docs/en/reference-manual/ALTIVECPEM.pdf + uint8x16_p perm = (uint8x16_p)vec_perm(data, data, vec_lvsr(off, dest)); + vec_ste((uint8x16_p) perm, 0, (unsigned char*) dest); + vec_ste((uint16x8_p) perm, 1, (unsigned short*)dest); + vec_ste((uint32x4_p) perm, 3, (unsigned int*) dest); + vec_ste((uint32x4_p) perm, 4, (unsigned int*) dest); + vec_ste((uint32x4_p) perm, 8, (unsigned int*) dest); + vec_ste((uint32x4_p) perm, 12, (unsigned int*) dest); + vec_ste((uint16x8_p) perm, 14, (unsigned short*)dest); + vec_ste((uint8x16_p) perm, 15, (unsigned char*) dest); + } +} + +/// \brief Stores a vector to a byte array +/// \tparam T vector type +/// \param data the vector +/// \param dest the byte array +/// \details VecStore() stores a vector to a byte array. +/// \details VecStore() uses POWER7's vec_xst or +/// vec_vsx_st if available. The instructions do not require +/// aligned effective memory addresses. VecStore_ALTIVEC() is used if POWER7 +/// is not available. VecStore_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \par Wraps +/// vec_xstw4, vec_xstld2, vec_xst, vec_vsx_st (and Altivec store) +/// \since Crypto++ 6.0 +template +inline void VecStore(const T data, byte dest[16]) +{ +#if defined(_ARCH_PWR7) +# if defined(__early_xlc__) || defined(__early_xlC__) + vec_xstw4((uint8x16_p)data, 0, (byte*)dest); +# elif defined(__xlc__) || defined(__xlC__) || defined(__clang__) + vec_xst((uint8x16_p)data, 0, (byte*)dest); +# else + vec_vsx_st((uint8x16_p)data, 0, (byte*)dest); +# endif +#else + VecStore_ALTIVEC((uint8x16_p)data, 0, (byte*)dest); +#endif +} + +/// \brief Stores a vector to a byte array +/// \tparam T vector type +/// \param data the vector +/// \param off the byte offset into the array +/// \param dest the byte array +/// \details VecStore() stores a vector to a byte array. +/// \details VecStore() uses POWER7's vec_xst or +/// vec_vsx_st if available. The instructions do not require +/// aligned effective memory addresses. VecStore_ALTIVEC() is used if POWER7 +/// is not available. VecStore_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \par Wraps +/// vec_xstw4, vec_xstld2, vec_xst, vec_vsx_st (and Altivec store) +/// \since Crypto++ 6.0 +template +inline void VecStore(const T data, int off, byte dest[16]) +{ +#if defined(_ARCH_PWR7) +# if defined(__early_xlc__) || defined(__early_xlC__) + vec_xstw4((uint8x16_p)data, off, (byte*)dest); +# elif defined(__xlc__) || defined(__xlC__) || defined(__clang__) + vec_xst((uint8x16_p)data, off, (byte*)dest); +# else + vec_vsx_st((uint8x16_p)data, off, (byte*)dest); +# endif +#else + VecStore_ALTIVEC((uint8x16_p)data, off, (byte*)dest); +#endif +} + +/// \brief Stores a vector to a word array +/// \tparam T vector type +/// \param data the vector +/// \param dest the word array +/// \details VecStore() stores a vector to a word array. +/// \details VecStore() uses POWER7's vec_xst or +/// vec_vsx_st if available. The instructions do not require +/// aligned effective memory addresses. VecStore_ALTIVEC() is used if POWER7 +/// is not available. VecStore_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \par Wraps +/// vec_xstw4, vec_xstld2, vec_xst, vec_vsx_st (and Altivec store) +/// \since Crypto++ 8.0 +template +inline void VecStore(const T data, word32 dest[4]) +{ + VecStore((uint8x16_p)data, 0, (byte*)dest); +} + +/// \brief Stores a vector to a word array +/// \tparam T vector type +/// \param data the vector +/// \param off the byte offset into the array +/// \param dest the word array +/// \details VecStore() stores a vector to a word array. +/// \details VecStore() uses POWER7's vec_xst or +/// vec_vsx_st if available. The instructions do not require +/// aligned effective memory addresses. VecStore_ALTIVEC() is used if POWER7 +/// is not available. VecStore_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \par Wraps +/// vec_xstw4, vec_xstld2, vec_xst, vec_vsx_st (and Altivec store) +/// \since Crypto++ 8.0 +template +inline void VecStore(const T data, int off, word32 dest[4]) +{ + VecStore((uint8x16_p)data, off, (byte*)dest); +} + +/// \brief Stores a vector to a word array +/// \tparam T vector type +/// \param data the vector +/// \param dest the word array +/// \details VecStore() stores a vector to a word array. +/// \details VecStore() uses POWER7's vec_xst or +/// vec_vsx_st if available. The instructions do not require +/// aligned effective memory addresses. VecStore_ALTIVEC() is used if POWER7 +/// is not available. VecStore_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \details VecStore() with 64-bit elements is available on POWER8 and above. +/// \par Wraps +/// vec_xstw4, vec_xstld2, vec_xst, vec_vsx_st (and Altivec store) +/// \since Crypto++ 8.0 +template +inline void VecStore(const T data, word64 dest[2]) +{ + VecStore((uint8x16_p)data, 0, (byte*)dest); +} + +/// \brief Stores a vector to a word array +/// \tparam T vector type +/// \param data the vector +/// \param off the byte offset into the array +/// \param dest the word array +/// \details VecStore() stores a vector to a word array. +/// \details VecStore() uses POWER7's vec_xst or +/// vec_vsx_st if available. The instructions do not require +/// aligned effective memory addresses. VecStore_ALTIVEC() is used if POWER7 +/// is not available. VecStore_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \details VecStore() with 64-bit elements is available on POWER8 and above. +/// \par Wraps +/// vec_xstw4, vec_xstld2, vec_xst, vec_vsx_st (and Altivec store) +/// \since Crypto++ 8.0 +template +inline void VecStore(const T data, int off, word64 dest[2]) +{ + VecStore((uint8x16_p)data, off, (byte*)dest); +} + +/// \brief Stores a vector to a byte array +/// \tparam T vector type +/// \param data the vector +/// \param dest the byte array +/// \details VecStoreBE() stores a vector to a byte array. VecStoreBE +/// will reverse all bytes in the array on a little endian system. +/// \details VecStoreBE() uses POWER7's vec_xst or +/// vec_vsx_st if available. The instructions do not require +/// aligned effective memory addresses. VecStore_ALTIVEC() is used if POWER7 +/// is not available. VecStore_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \par Wraps +/// vec_xstw4, vec_xstld2, vec_xst, vec_vsx_st (and Altivec store) +/// \since Crypto++ 6.0 +template +inline void VecStoreBE(const T data, byte dest[16]) +{ +#if defined(_ARCH_PWR7) +# if defined(__early_xlc__) || defined(__early_xlC__) +# if (CRYPTOPP_BIG_ENDIAN) + vec_xstw4((uint8x16_p)data, 0, (byte*)dest); +# else + vec_xstw4((uint8x16_p)VecReverse(data), 0, (byte*)dest); +# endif +# elif defined(__xlc__) || defined(__xlC__) || defined(__clang__) + vec_xst_be((uint8x16_p)data, 0, (byte*)dest); +# else +# if (CRYPTOPP_BIG_ENDIAN) + vec_vsx_st((uint8x16_p)data, 0, (byte*)dest); +# else + vec_vsx_st((uint8x16_p)VecReverse(data), 0, (byte*)dest); +# endif +# endif +#else // _ARCH_PWR7 +# if (CRYPTOPP_BIG_ENDIAN) + VecStore_ALTIVEC((uint8x16_p)data, 0, (byte*)dest); +# else + VecStore_ALTIVEC((uint8x16_p)VecReverse(data), 0, (byte*)dest); +# endif +#endif // _ARCH_PWR7 +} + +/// \brief Stores a vector to a byte array +/// \tparam T vector type +/// \param data the vector +/// \param off offset into the dest byte array +/// \param dest the byte array +/// \details VecStoreBE() stores a vector to a byte array. VecStoreBE +/// will reverse all bytes in the array on a little endian system. +/// \details VecStoreBE() uses POWER7's vec_xst or +/// vec_vsx_st if available. The instructions do not require +/// aligned effective memory addresses. VecStore_ALTIVEC() is used if POWER7 +/// is not available. VecStore_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \par Wraps +/// vec_xstw4, vec_xstld2, vec_xst, vec_vsx_st (and Altivec store) +/// \since Crypto++ 6.0 +template +inline void VecStoreBE(const T data, int off, byte dest[16]) +{ +#if defined(_ARCH_PWR7) +# if defined(__early_xlc__) || defined(__early_xlC__) +# if (CRYPTOPP_BIG_ENDIAN) + vec_xstw4((uint8x16_p)data, off, (byte*)dest); +# else + vec_xstw4((uint8x16_p)VecReverse(data), off, (byte*)dest); +# endif +# elif defined(__xlc__) || defined(__xlC__) || defined(__clang__) + vec_xst_be((uint8x16_p)data, off, (byte*)dest); +# else +# if (CRYPTOPP_BIG_ENDIAN) + vec_vsx_st((uint8x16_p)data, off, (byte*)dest); +# else + vec_vsx_st((uint8x16_p)VecReverse(data), off, (byte*)dest); +# endif +# endif +#else // _ARCH_PWR7 +# if (CRYPTOPP_BIG_ENDIAN) + VecStore_ALTIVEC((uint8x16_p)data, off, (byte*)dest); +# else + VecStore_ALTIVEC((uint8x16_p)VecReverse(data), off, (byte*)dest); +# endif +#endif // _ARCH_PWR7 +} + +/// \brief Stores a vector to a word array +/// \tparam T vector type +/// \param data the vector +/// \param dest the word array +/// \details VecStoreBE() stores a vector to a word array. VecStoreBE +/// will reverse all bytes in the array on a little endian system. +/// \details VecStoreBE() uses POWER7's vec_xst or +/// vec_vsx_st if available. The instructions do not require +/// aligned effective memory addresses. VecStore_ALTIVEC() is used if POWER7 +/// is not available. VecStore_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \par Wraps +/// vec_xstw4, vec_xstld2, vec_xst, vec_vsx_st (and Altivec store) +/// \since Crypto++ 8.0 +template +inline void VecStoreBE(const T data, word32 dest[4]) +{ + return VecStoreBE((uint8x16_p)data, (byte*)dest); +} + +/// \brief Stores a vector to a word array +/// \tparam T vector type +/// \param data the vector +/// \param off offset into the dest word array +/// \param dest the word array +/// \details VecStoreBE() stores a vector to a word array. VecStoreBE +/// will reverse all words in the array on a little endian system. +/// \details VecStoreBE() uses POWER7's vec_xst or +/// vec_vsx_st if available. The instructions do not require +/// aligned effective memory addresses. VecStore_ALTIVEC() is used if POWER7 +/// is not available. VecStore_ALTIVEC() can be relatively expensive if +/// extra instructions are required to fix up unaligned memory +/// addresses. +/// \par Wraps +/// vec_xstw4, vec_xstld2, vec_xst, vec_vsx_st (and Altivec store) +/// \since Crypto++ 8.0 +template +inline void VecStoreBE(const T data, int off, word32 dest[4]) +{ + return VecStoreBE((uint8x16_p)data, off, (byte*)dest); +} + +//////////////////////// Miscellaneous //////////////////////// + +/// \brief Permutes a vector +/// \tparam T1 vector type +/// \tparam T2 vector type +/// \param vec the vector +/// \param mask vector mask +/// \returns vector +/// \details VecPermute() returns a new vector from vec based on +/// mask. mask is an uint8x16_p type vector. The return +/// vector is the same type as vec. +/// \par Wraps +/// vec_perm +/// \since Crypto++ 6.0 +template +inline T1 VecPermute(const T1 vec, const T2 mask) +{ + return (T1)vec_perm(vec, vec, (uint8x16_p)mask); +} + +/// \brief Permutes two vectors +/// \tparam T1 vector type +/// \tparam T2 vector type +/// \param vec1 the first vector +/// \param vec2 the second vector +/// \param mask vector mask +/// \returns vector +/// \details VecPermute() returns a new vector from vec1 and vec2 +/// based on mask. mask is an uint8x16_p type vector. The return +/// vector is the same type as vec1. +/// \par Wraps +/// vec_perm +/// \since Crypto++ 6.0 +template +inline T1 VecPermute(const T1 vec1, const T1 vec2, const T2 mask) +{ + return (T1)vec_perm(vec1, (T1)vec2, (uint8x16_p)mask); +} + +/// \brief AND two vectors +/// \tparam T1 vector type +/// \tparam T2 vector type +/// \param vec1 the first vector +/// \param vec2 the second vector +/// \returns vector +/// \details VecAnd() returns a new vector from vec1 and vec2. The return +/// vector is the same type as vec1. +/// \par Wraps +/// vec_and +/// \since Crypto++ 6.0 +template +inline T1 VecAnd(const T1 vec1, const T2 vec2) +{ + return (T1)vec_and(vec1, (T1)vec2); +} + +/// \brief OR two vectors +/// \tparam T1 vector type +/// \tparam T2 vector type +/// \param vec1 the first vector +/// \param vec2 the second vector +/// \returns vector +/// \details VecOr() returns a new vector from vec1 and vec2. The return +/// vector is the same type as vec1. +/// \par Wraps +/// vec_or +/// \since Crypto++ 6.0 +template +inline T1 VecOr(const T1 vec1, const T2 vec2) +{ + return (T1)vec_or(vec1, (T1)vec2); +} + +/// \brief XOR two vectors +/// \tparam T1 vector type +/// \tparam T2 vector type +/// \param vec1 the first vector +/// \param vec2 the second vector +/// \returns vector +/// \details VecXor() returns a new vector from vec1 and vec2. The return +/// vector is the same type as vec1. +/// \par Wraps +/// vec_xor +/// \since Crypto++ 6.0 +template +inline T1 VecXor(const T1 vec1, const T2 vec2) +{ + return (T1)vec_xor(vec1, (T1)vec2); +} + +/// \brief Add two vectors +/// \tparam T1 vector type +/// \tparam T2 vector type +/// \param vec1 the first vector +/// \param vec2 the second vector +/// \returns vector +/// \details VecAdd() returns a new vector from vec1 and vec2. +/// vec2 is cast to the same type as vec1. The return vector +/// is the same type as vec1. +/// \par Wraps +/// vec_add +/// \since Crypto++ 6.0 +template +inline T1 VecAdd(const T1 vec1, const T2 vec2) +{ + return (T1)vec_add(vec1, (T1)vec2); +} + +/// \brief Subtract two vectors +/// \tparam T1 vector type +/// \tparam T2 vector type +/// \param vec1 the first vector +/// \param vec2 the second vector +/// \details VecSub() returns a new vector from vec1 and vec2. +/// vec2 is cast to the same type as vec1. The return vector +/// is the same type as vec1. +/// \par Wraps +/// vec_sub +/// \since Crypto++ 6.0 +template +inline T1 VecSub(const T1 vec1, const T2 vec2) +{ + return (T1)vec_sub(vec1, (T1)vec2); +} + +/// \brief Add two vectors +/// \tparam T1 vector type +/// \tparam T2 vector type +/// \param vec1 the first vector +/// \param vec2 the second vector +/// \returns vector +/// \details VecAdd64() returns a new vector from vec1 and vec2. +/// vec1 and vec2 are added as if uint64x2_p vectors. On POWER7 +/// and below VecAdd64() manages the carries from two elements in +/// a uint32x4_p vector. +/// \par Wraps +/// vec_add for POWER8, vec_addc, vec_perm, vec_add for Altivec +/// \since Crypto++ 8.0 +inline uint32x4_p VecAdd64(const uint32x4_p& vec1, const uint32x4_p& vec2) +{ + // 64-bit elements available at POWER7, but addudm requires POWER8 +#if defined(_ARCH_PWR8) + return (uint32x4_p)vec_add((uint64x2_p)vec1, (uint64x2_p)vec2); +#else + // The carry mask selects carries from elements 1 and 3 and sets remaining + // elements to 0. The mask also shifts the carried values left by 4 bytes + // so the carries are added to elements 0 and 2. + const uint8x16_p cmask = {4,5,6,7, 16,16,16,16, 12,13,14,15, 16,16,16,16}; + const uint32x4_p zero = {0, 0, 0, 0}; + + uint32x4_p cy = vec_addc(vec1, vec2); + cy = vec_perm(cy, zero, cmask); + return vec_add(vec_add(vec1, vec2), cy); +#endif +} + +/// \brief Shift a vector left +/// \tparam C shift byte count +/// \tparam T vector type +/// \param vec the vector +/// \returns vector +/// \details VecShiftLeftOctet() returns a new vector after shifting the +/// concatenation of the zero vector and the source vector by the specified +/// number of bytes. The return vector is the same type as vec. +/// \details On big endian machines VecShiftLeftOctet() is vec_sld(a, z, +/// c). On little endian machines VecShiftLeftOctet() is translated to +/// vec_sld(z, a, 16-c). You should always call the function as +/// if on a big endian machine as shown below. +///
+///    uint8x16_p x = VecLoad(ptr);
+///    uint8x16_p y = VecShiftLeftOctet<12>(x);
+/// 
+/// \par Wraps +/// vec_sld +/// \sa Is vec_sld +/// endian sensitive? on Stack Overflow +/// \since Crypto++ 6.0 +template +inline T VecShiftLeftOctet(const T vec) +{ + const T zero = {0}; + if (C >= 16) + { + // Out of range + return zero; + } + else if (C == 0) + { + // Noop + return vec; + } + else + { +#if (CRYPTOPP_BIG_ENDIAN) + enum { R=C&0xf }; + return (T)vec_sld((uint8x16_p)vec, (uint8x16_p)zero, R); +#else + enum { R=(16-C)&0xf }; // Linux xlC 13.1 workaround in Debug builds + return (T)vec_sld((uint8x16_p)zero, (uint8x16_p)vec, R); +#endif + } +} + +/// \brief Shift a vector right +/// \tparam C shift byte count +/// \tparam T vector type +/// \param vec the vector +/// \returns vector +/// \details VecShiftRightOctet() returns a new vector after shifting the +/// concatenation of the zero vector and the source vector by the specified +/// number of bytes. The return vector is the same type as vec. +/// \details On big endian machines VecShiftRightOctet() is vec_sld(a, z, +/// c). On little endian machines VecShiftRightOctet() is translated to +/// vec_sld(z, a, 16-c). You should always call the function as +/// if on a big endian machine as shown below. +///
+///    uint8x16_p x = VecLoad(ptr);
+///    uint8x16_p y = VecShiftRightOctet<12>(y);
+/// 
+/// \par Wraps +/// vec_sld +/// \sa Is vec_sld +/// endian sensitive? on Stack Overflow +/// \since Crypto++ 6.0 +template +inline T VecShiftRightOctet(const T vec) +{ + const T zero = {0}; + if (C >= 16) + { + // Out of range + return zero; + } + else if (C == 0) + { + // Noop + return vec; + } + else + { +#if (CRYPTOPP_BIG_ENDIAN) + enum { R=(16-C)&0xf }; // Linux xlC 13.1 workaround in Debug builds + return (T)vec_sld((uint8x16_p)zero, (uint8x16_p)vec, R); +#else + enum { R=C&0xf }; + return (T)vec_sld((uint8x16_p)vec, (uint8x16_p)zero, R); +#endif + } +} + +/// \brief Rotate a vector left +/// \tparam C shift byte count +/// \tparam T vector type +/// \param vec the vector +/// \returns vector +/// \details VecRotateLeftOctet() returns a new vector after rotating the +/// concatenation of the source vector with itself by the specified +/// number of bytes. The return vector is the same type as vec. +/// \par Wraps +/// vec_sld +/// \sa Is vec_sld +/// endian sensitive? on Stack Overflow +/// \since Crypto++ 6.0 +template +inline T VecRotateLeftOctet(const T vec) +{ +#if (CRYPTOPP_BIG_ENDIAN) + enum { R = C&0xf }; + return (T)vec_sld((uint8x16_p)vec, (uint8x16_p)vec, R); +#else + enum { R=(16-C)&0xf }; // Linux xlC 13.1 workaround in Debug builds + return (T)vec_sld((uint8x16_p)vec, (uint8x16_p)vec, R); +#endif +} + +/// \brief Rotate a vector right +/// \tparam C shift byte count +/// \tparam T vector type +/// \param vec the vector +/// \returns vector +/// \details VecRotateRightOctet() returns a new vector after rotating the +/// concatenation of the source vector with itself by the specified +/// number of bytes. The return vector is the same type as vec. +/// \par Wraps +/// vec_sld +/// \sa Is vec_sld +/// endian sensitive? on Stack Overflow +/// \since Crypto++ 6.0 +template +inline T VecRotateRightOctet(const T vec) +{ +#if (CRYPTOPP_BIG_ENDIAN) + enum { R=(16-C)&0xf }; // Linux xlC 13.1 workaround in Debug builds + return (T)vec_sld((uint8x16_p)vec, (uint8x16_p)vec, R); +#else + enum { R = C&0xf }; + return (T)vec_sld((uint8x16_p)vec, (uint8x16_p)vec, R); +#endif +} + +/// \brief Rotate a packed vector left +/// \tparam C shift bit count +/// \param vec the vector +/// \returns vector +/// \details VecRotateLeft() rotates each element in a packed vector by bit count. +/// \par Wraps +/// vec_rl +/// \since Crypto++ 7.0 +template +inline uint32x4_p VecRotateLeft(const uint32x4_p vec) +{ + const uint32x4_p m = {C, C, C, C}; + return vec_rl(vec, m); +} + +#if defined(_ARCH_PWR8) || defined(CRYPTOPP_DOXYGEN_PROCESSING) + +/// \brief Rotate a packed vector left +/// \tparam C shift bit count +/// \param vec the vector +/// \returns vector +/// \details VecRotateLeft() rotates each element in a packed vector by bit count. +/// \details VecRotateLeft() with 64-bit elements is available on POWER8 and above. +/// \par Wraps +/// vec_rl +/// \since Crypto++ 8.0 +template +inline uint64x2_p VecRotateLeft(const uint64x2_p vec) +{ + const uint64x2_p m = {C, C}; + return vec_rl(vec, m); +} + +#endif + +/// \brief Rotate a packed vector right +/// \tparam C shift bit count +/// \param vec the vector +/// \returns vector +/// \details VecRotateRight() rotates each element in a packed vector by bit count. +/// \par Wraps +/// vec_rl +/// \since Crypto++ 7.0 +template +inline uint32x4_p VecRotateRight(const uint32x4_p vec) +{ + const uint32x4_p m = {32-C, 32-C, 32-C, 32-C}; + return vec_rl(vec, m); +} + +#if defined(_ARCH_PWR8) || defined(CRYPTOPP_DOXYGEN_PROCESSING) + +/// \brief Rotate a packed vector right +/// \tparam C shift bit count +/// \param vec the vector +/// \returns vector +/// \details VecRotateRight() rotates each element in a packed vector by bit count. +/// \details VecRotateRight() with 64-bit elements is available on POWER8 and above. +/// \par Wraps +/// vec_rl +/// \since Crypto++ 8.0 +template +inline uint64x2_p VecRotateRight(const uint64x2_p vec) +{ + const uint64x2_p m = {64-C, 64-C}; + return vec_rl(vec, m); +} + +#endif + +/// \brief Exchange high and low double words +/// \tparam T vector type +/// \param vec the vector +/// \returns vector +/// \par Wraps +/// vec_sld +/// \since Crypto++ 7.0 +template +inline T VecSwapWords(const T vec) +{ + return (T)vec_sld((uint8x16_p)vec, (uint8x16_p)vec, 8); +} + +/// \brief Extract a dword from a vector +/// \tparam T vector type +/// \param val the vector +/// \returns vector created from low dword +/// \details VecGetLow() extracts the low dword from a vector. The low dword +/// is composed of the least significant bits and occupies bytes 8 through 15 +/// when viewed as a big endian array. The return vector is the same type as +/// the original vector and padded with 0's in the most significant bit positions. +/// \par Wraps +/// vec_sld +/// \since Crypto++ 7.0 +template +inline T VecGetLow(const T val) +{ + //const T zero = {0}; + //const uint8x16_p mask = {16,16,16,16, 16,16,16,16, 8,9,10,11, 12,13,14,15 }; + //return (T)vec_perm(zero, val, mask); + return VecShiftRightOctet<8>(VecShiftLeftOctet<8>(val)); +} + +/// \brief Extract a dword from a vector +/// \tparam T vector type +/// \param val the vector +/// \returns vector created from high dword +/// \details VecGetHigh() extracts the high dword from a vector. The high dword +/// is composed of the most significant bits and occupies bytes 0 through 7 +/// when viewed as a big endian array. The return vector is the same type as +/// the original vector and padded with 0's in the most significant bit positions. +/// \par Wraps +/// vec_sld +/// \since Crypto++ 7.0 +template +inline T VecGetHigh(const T val) +{ + //const T zero = {0}; + //const uint8x16_p mask = {16,16,16,16, 16,16,16,16, 0,1,2,3, 4,5,6,7 }; + //return (T)vec_perm(zero, val, mask); + return VecShiftRightOctet<8>(val); +} + +/// \brief Compare two vectors +/// \tparam T1 vector type +/// \tparam T2 vector type +/// \param vec1 the first vector +/// \param vec2 the second vector +/// \returns true if vec1 equals vec2, false otherwise +/// \details VecEqual() performs a bitwise compare. The vector element types do +/// not matter. +/// \par Wraps +/// vec_all_eq +/// \since Crypto++ 8.0 +template +inline bool VecEqual(const T1 vec1, const T2 vec2) +{ + return 1 == vec_all_eq((uint32x4_p)vec1, (uint32x4_p)vec2); +} + +/// \brief Compare two vectors +/// \tparam T1 vector type +/// \tparam T2 vector type +/// \param vec1 the first vector +/// \param vec2 the second vector +/// \returns true if vec1 does not equal vec2, false otherwise +/// \details VecNotEqual() performs a bitwise compare. The vector element types do +/// not matter. +/// \par Wraps +/// vec_all_eq +/// \since Crypto++ 8.0 +template +inline bool VecNotEqual(const T1 vec1, const T2 vec2) +{ + return 0 == vec_all_eq((uint32x4_p)vec1, (uint32x4_p)vec2); +} + +//////////////////////// Power8 Crypto //////////////////////// + +#if defined(__CRYPTO__) || defined(CRYPTOPP_DOXYGEN_PROCESSING) + +/// \brief One round of AES encryption +/// \tparam T1 vector type +/// \tparam T2 vector type +/// \param state the state vector +/// \param key the subkey vector +/// \details VecEncrypt() performs one round of AES encryption of state +/// using subkey key. The return vector is the same type as vec1. +/// \details VecEncrypt() is available on POWER8 and above. +/// \par Wraps +/// __vcipher, __builtin_altivec_crypto_vcipher, __builtin_crypto_vcipher +/// \since GCC and XLC since Crypto++ 6.0, LLVM Clang since Crypto++ 8.0 +template +inline T1 VecEncrypt(const T1 state, const T2 key) +{ +#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__)) + return (T1)__vcipher((uint8x16_p)state, (uint8x16_p)key); +#elif defined(__clang__) + return (T1)__builtin_altivec_crypto_vcipher((uint64x2_p)state, (uint64x2_p)key); +#elif defined(__GNUC__) + return (T1)__builtin_crypto_vcipher((uint64x2_p)state, (uint64x2_p)key); +#else + CRYPTOPP_ASSERT(0); +#endif +} + +/// \brief Final round of AES encryption +/// \tparam T1 vector type +/// \tparam T2 vector type +/// \param state the state vector +/// \param key the subkey vector +/// \details VecEncryptLast() performs the final round of AES encryption +/// of state using subkey key. The return vector is the same type as vec1. +/// \details VecEncryptLast() is available on POWER8 and above. +/// \par Wraps +/// __vcipherlast, __builtin_altivec_crypto_vcipherlast, __builtin_crypto_vcipherlast +/// \since GCC and XLC since Crypto++ 6.0, LLVM Clang since Crypto++ 8.0 +template +inline T1 VecEncryptLast(const T1 state, const T2 key) +{ +#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__)) + return (T1)__vcipherlast((uint8x16_p)state, (uint8x16_p)key); +#elif defined(__clang__) + return (T1)__builtin_altivec_crypto_vcipherlast((uint64x2_p)state, (uint64x2_p)key); +#elif defined(__GNUC__) + return (T1)__builtin_crypto_vcipherlast((uint64x2_p)state, (uint64x2_p)key); +#else + CRYPTOPP_ASSERT(0); +#endif +} + +/// \brief One round of AES decryption +/// \tparam T1 vector type +/// \tparam T2 vector type +/// \param state the state vector +/// \param key the subkey vector +/// \details VecDecrypt() performs one round of AES decryption of state +/// using subkey key. The return vector is the same type as vec1. +/// \details VecDecrypt() is available on POWER8 and above. +/// \par Wraps +/// __vncipher, __builtin_altivec_crypto_vncipher, __builtin_crypto_vncipher +/// \since GCC and XLC since Crypto++ 6.0, LLVM Clang since Crypto++ 8.0 +template +inline T1 VecDecrypt(const T1 state, const T2 key) +{ +#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__)) + return (T1)__vncipher((uint8x16_p)state, (uint8x16_p)key); +#elif defined(__clang__) + return (T1)__builtin_altivec_crypto_vncipher((uint64x2_p)state, (uint64x2_p)key); +#elif defined(__GNUC__) + return (T1)__builtin_crypto_vncipher((uint64x2_p)state, (uint64x2_p)key); +#else + CRYPTOPP_ASSERT(0); +#endif +} + +/// \brief Final round of AES decryption +/// \tparam T1 vector type +/// \tparam T2 vector type +/// \param state the state vector +/// \param key the subkey vector +/// \details VecDecryptLast() performs the final round of AES decryption +/// of state using subkey key. The return vector is the same type as vec1. +/// \details VecDecryptLast() is available on POWER8 and above. +/// \par Wraps +/// __vncipherlast, __builtin_altivec_crypto_vncipherlast, __builtin_crypto_vncipherlast +/// \since GCC and XLC since Crypto++ 6.0, LLVM Clang since Crypto++ 8.0 +template +inline T1 VecDecryptLast(const T1 state, const T2 key) +{ +#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__)) + return (T1)__vncipherlast((uint8x16_p)state, (uint8x16_p)key); +#elif defined(__clang__) + return (T1)__builtin_altivec_crypto_vncipherlast((uint64x2_p)state, (uint64x2_p)key); +#elif defined(__GNUC__) + return (T1)__builtin_crypto_vncipherlast((uint64x2_p)state, (uint64x2_p)key); +#else + CRYPTOPP_ASSERT(0); +#endif +} + +/// \brief SHA256 Sigma functions +/// \tparam func function +/// \tparam fmask function mask +/// \tparam T vector type +/// \param vec the block to transform +/// \details VecSHA256() selects sigma0, sigma1, Sigma0, Sigma1 based on +/// func and fmask. The return vector is the same type as vec. +/// \details VecSHA256() is available on POWER8 and above. +/// \par Wraps +/// __vshasigmaw, __builtin_altivec_crypto_vshasigmaw, __builtin_crypto_vshasigmaw +/// \since GCC and XLC since Crypto++ 6.0, LLVM Clang since Crypto++ 8.0 +template +inline T VecSHA256(const T vec) +{ +#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__)) + return (T)__vshasigmaw((uint32x4_p)vec, func, fmask); +#elif defined(__clang__) + return (T)__builtin_altivec_crypto_vshasigmaw((uint32x4_p)vec, func, fmask); +#elif defined(__GNUC__) + return (T)__builtin_crypto_vshasigmaw((uint32x4_p)vec, func, fmask); +#else + CRYPTOPP_ASSERT(0); +#endif +} + +/// \brief SHA512 Sigma functions +/// \tparam func function +/// \tparam fmask function mask +/// \tparam T vector type +/// \param vec the block to transform +/// \details VecSHA512() selects sigma0, sigma1, Sigma0, Sigma1 based on +/// func and fmask. The return vector is the same type as vec. +/// \details VecSHA512() is available on POWER8 and above. +/// \par Wraps +/// __vshasigmad, __builtin_altivec_crypto_vshasigmad, __builtin_crypto_vshasigmad +/// \since GCC and XLC since Crypto++ 6.0, LLVM Clang since Crypto++ 8.0 +template +inline T VecSHA512(const T vec) +{ +#if defined(__ibmxl__) || (defined(_AIX) && defined(__xlC__)) + return (T)__vshasigmad((uint64x2_p)vec, func, fmask); +#elif defined(__clang__) + return (T)__builtin_altivec_crypto_vshasigmad((uint64x2_p)vec, func, fmask); +#elif defined(__GNUC__) + return (T)__builtin_crypto_vshasigmad((uint64x2_p)vec, func, fmask); +#else + CRYPTOPP_ASSERT(0); +#endif +} + +#endif // __CRYPTO__ + +#endif // _ALTIVEC_ + +NAMESPACE_END + +#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE +# pragma GCC diagnostic pop +#endif + +#endif // CRYPTOPP_PPC_CRYPTO_H diff --git a/vendor/cryptopp/vendor_cryptopp/pubkey.h b/vendor/cryptopp/vendor_cryptopp/pubkey.h index c4e9721b..b09bc0e4 100644 --- a/vendor/cryptopp/vendor_cryptopp/pubkey.h +++ b/vendor/cryptopp/vendor_cryptopp/pubkey.h @@ -1050,7 +1050,7 @@ public: CRYPTOPP_GET_FUNCTION_ENTRY(PublicElement); } - /// \brief Initialize or reinitialize this this key + /// \brief Initialize or reinitialize this key /// \param source NameValuePairs to assign void AssignFrom(const NameValuePairs &source); @@ -1135,7 +1135,7 @@ public: CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent); } - /// \brief Initialize or reinitialize this this key + /// \brief Initialize or reinitialize this key /// \param source NameValuePairs to assign void AssignFrom(const NameValuePairs &source) { diff --git a/vendor/cryptopp/vendor_cryptopp/pwdbased.h b/vendor/cryptopp/vendor_cryptopp/pwdbased.h index 20828a91..a27550a7 100644 --- a/vendor/cryptopp/vendor_cryptopp/pwdbased.h +++ b/vendor/cryptopp/vendor_cryptopp/pwdbased.h @@ -12,6 +12,7 @@ #include "hrtimer.h" #include "integer.h" #include "argnames.h" +#include "algparam.h" #include "hmac.h" NAMESPACE_BEGIN(CryptoPP) diff --git a/vendor/cryptopp/vendor_cryptopp/queue.cpp b/vendor/cryptopp/vendor_cryptopp/queue.cpp index 8bf43d99..1f0a91f9 100644 --- a/vendor/cryptopp/vendor_cryptopp/queue.cpp +++ b/vendor/cryptopp/vendor_cryptopp/queue.cpp @@ -6,6 +6,7 @@ #include "queue.h" #include "filters.h" +#include "misc.h" NAMESPACE_BEGIN(CryptoPP) @@ -16,13 +17,13 @@ class ByteQueueNode { public: ByteQueueNode(size_t maxSize) - : buf(maxSize) + : m_buf(maxSize) { m_head = m_tail = 0; - next = NULLPTR; + m_next = NULLPTR; } - inline size_t MaxSize() const {return buf.size();} + inline size_t MaxSize() const {return m_buf.size();} inline size_t CurrentSize() const { @@ -44,8 +45,8 @@ public: // Avoid passing NULL to memcpy if (!begin || !length) return length; size_t l = STDMIN(length, MaxSize()-m_tail); - if (buf+m_tail != begin) - memcpy(buf+m_tail, begin, l); + if (m_buf+m_tail != begin) + memcpy(m_buf+m_tail, begin, l); m_tail += l; return l; } @@ -55,28 +56,28 @@ public: if (m_tail==m_head) return 0; - outByte=buf[m_head]; + outByte=m_buf[m_head]; return 1; } inline size_t Peek(byte *target, size_t copyMax) const { size_t len = STDMIN(copyMax, m_tail-m_head); - memcpy(target, buf+m_head, len); + memcpy(target, m_buf+m_head, len); return len; } inline size_t CopyTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) const { size_t len = m_tail-m_head; - target.ChannelPut(channel, buf+m_head, len); + target.ChannelPut(channel, m_buf+m_head, len); return len; } inline size_t CopyTo(BufferedTransformation &target, size_t copyMax, const std::string &channel=DEFAULT_CHANNEL) const { size_t len = STDMIN(copyMax, m_tail-m_head); - target.ChannelPut(channel, buf+m_head, len); + target.ChannelPut(channel, m_buf+m_head, len); return len; } @@ -97,7 +98,7 @@ public: inline size_t TransferTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) { size_t len = m_tail-m_head; - target.ChannelPutModifiable(channel, buf+m_head, len); + target.ChannelPutModifiable(channel, m_buf+m_head, len); m_head = m_tail; return len; } @@ -105,7 +106,7 @@ public: inline size_t TransferTo(BufferedTransformation &target, lword transferMax, const std::string &channel=DEFAULT_CHANNEL) { size_t len = UnsignedMin(m_tail-m_head, transferMax); - target.ChannelPutModifiable(channel, buf+m_head, len); + target.ChannelPutModifiable(channel, m_buf+m_head, len); m_head += len; return len; } @@ -119,12 +120,12 @@ public: inline byte operator[](size_t i) const { - return buf[m_head+i]; + return m_buf[m_head+i]; } - ByteQueueNode *next; + ByteQueueNode* m_next; - SecByteBlock buf; + SecByteBlock m_buf; size_t m_head, m_tail; }; @@ -157,13 +158,13 @@ void ByteQueue::CopyFrom(const ByteQueue ©) m_nodeSize = copy.m_nodeSize; m_head = m_tail = new ByteQueueNode(*copy.m_head); - for (ByteQueueNode *current=copy.m_head->next; current; current=current->next) + for (ByteQueueNode *current=copy.m_head->m_next; current; current=current->m_next) { - m_tail->next = new ByteQueueNode(*current); - m_tail = m_tail->next; + m_tail->m_next = new ByteQueueNode(*current); + m_tail = m_tail->m_next; } - m_tail->next = NULLPTR; + m_tail->m_next = NULLPTR; Put(copy.m_lazyString, copy.m_lazyLength); } @@ -177,7 +178,7 @@ void ByteQueue::Destroy() { for (ByteQueueNode *next, *current=m_head; current; current=next) { - next=current->next; + next=current->m_next; delete current; } } @@ -192,7 +193,7 @@ lword ByteQueue::CurrentSize() const { lword size=0; - for (ByteQueueNode *current=m_head; current; current=current->next) + for (ByteQueueNode *current=m_head; current; current=current->m_next) size += current->CurrentSize(); return size + m_lazyLength; @@ -205,15 +206,15 @@ bool ByteQueue::IsEmpty() const void ByteQueue::Clear() { - for (ByteQueueNode *next, *current=m_head->next; current; current=next) + for (ByteQueueNode *next, *current=m_head->m_next; current; current=next) { - next=current->next; + next=current->m_next; delete current; } m_tail = m_head; m_head->Clear(); - m_head->next = NULLPTR; + m_head->m_next = NULLPTR; m_lazyLength = 0; } @@ -227,7 +228,7 @@ size_t ByteQueue::Put2(const byte *inString, size_t length, int messageEnd, bool size_t len; while ((len=m_tail->Put(inString, length)) < length) { - inString += len; + inString = PtrAdd(inString, len); length -= len; if (m_autoNodeSize && m_nodeSize < s_maxAutoNodeSize) do @@ -235,8 +236,8 @@ size_t ByteQueue::Put2(const byte *inString, size_t length, int messageEnd, bool m_nodeSize *= 2; } while (m_nodeSize < length && m_nodeSize < s_maxAutoNodeSize); - m_tail->next = new ByteQueueNode(STDMAX(m_nodeSize, length)); - m_tail = m_tail->next; + m_tail->m_next = new ByteQueueNode(STDMAX(m_nodeSize, length)); + m_tail = m_tail->m_next; } return 0; @@ -248,7 +249,7 @@ void ByteQueue::CleanupUsedNodes() while (m_head && m_head != m_tail && m_head->UsedUp()) { ByteQueueNode *temp=m_head; - m_head=m_head->next; + m_head=m_head->m_next; delete temp; } @@ -262,7 +263,7 @@ void ByteQueue::LazyPut(const byte *inString, size_t size) if (m_lazyLength > 0) FinalizeLazyPut(); - if (inString == m_tail->buf+m_tail->m_tail) + if (inString == m_tail->m_buf+m_tail->m_tail) Put(inString, size); else { @@ -345,7 +346,7 @@ size_t ByteQueue::TransferTo2(BufferedTransformation &target, lword &transferByt if (blocking) { lword bytesLeft = transferBytes; - for (ByteQueueNode *current=m_head; bytesLeft && current; current=current->next) + for (ByteQueueNode *current=m_head; bytesLeft && current; current=current->m_next) bytesLeft -= current->TransferTo(target, bytesLeft, channel); CleanupUsedNodes(); @@ -356,7 +357,7 @@ size_t ByteQueue::TransferTo2(BufferedTransformation &target, lword &transferByt target.ChannelPutModifiable(channel, m_lazyString, len); else target.ChannelPut(channel, m_lazyString, len); - m_lazyString += len; + m_lazyString = PtrAdd(m_lazyString, len); m_lazyLength -= len; bytesLeft -= len; } @@ -391,13 +392,13 @@ void ByteQueue::Unget(const byte *inString, size_t length) { size_t len = STDMIN(length, m_head->m_head); length -= len; - m_head->m_head -= len; - memcpy(m_head->buf + m_head->m_head, inString + length, len); + m_head->m_head = m_head->m_head - len; + memcpy(m_head->m_buf + m_head->m_head, inString + length, len); if (length > 0) { ByteQueueNode *newHead = new ByteQueueNode(length); - newHead->next = m_head; + newHead->m_next = m_head; m_head = newHead; m_head->Put(inString, length); } @@ -412,7 +413,7 @@ const byte * ByteQueue::Spy(size_t &contiguousSize) const return m_lazyString; } else - return m_head->buf + m_head->m_head; + return m_head->m_buf + m_head->m_head; } byte * ByteQueue::CreatePutSpace(size_t &size) @@ -422,12 +423,12 @@ byte * ByteQueue::CreatePutSpace(size_t &size) if (m_tail->m_tail == m_tail->MaxSize()) { - m_tail->next = new ByteQueueNode(STDMAX(m_nodeSize, size)); - m_tail = m_tail->next; + m_tail->m_next = new ByteQueueNode(STDMAX(m_nodeSize, size)); + m_tail = m_tail->m_next; } size = m_tail->MaxSize() - m_tail->m_tail; - return m_tail->buf + m_tail->m_tail; + return PtrAdd(m_tail->m_buf.begin(), m_tail->m_tail); } ByteQueue & ByteQueue::operator=(const ByteQueue &rhs) @@ -456,7 +457,7 @@ bool ByteQueue::operator==(const ByteQueue &rhs) const byte ByteQueue::operator[](lword i) const { - for (ByteQueueNode *current=m_head; current; current=current->next) + for (ByteQueueNode *current=m_head; current; current=current->m_next) { if (i < current->CurrentSize()) return (*current)[(size_t)i]; @@ -524,7 +525,7 @@ size_t ByteQueue::Walker::TransferTo2(BufferedTransformation &target, lword &tra while (m_node) { size_t len = (size_t)STDMIN(bytesLeft, (lword)m_node->CurrentSize()-m_offset); - blockedBytes = target.ChannelPut2(channel, m_node->buf+m_node->m_head+m_offset, len, 0, blocking); + blockedBytes = target.ChannelPut2(channel, m_node->m_buf+m_node->m_head+m_offset, len, 0, blocking); if (blockedBytes) goto done; @@ -538,7 +539,7 @@ size_t ByteQueue::Walker::TransferTo2(BufferedTransformation &target, lword &tra goto done; } - m_node = m_node->next; + m_node = m_node->m_next; m_offset = 0; } @@ -549,7 +550,7 @@ size_t ByteQueue::Walker::TransferTo2(BufferedTransformation &target, lword &tra if (blockedBytes) goto done; - m_lazyString += len; + m_lazyString = PtrAdd(m_lazyString, len); m_lazyLength -= len; bytesLeft -= len; } diff --git a/vendor/cryptopp/vendor_cryptopp/rabbit.cpp b/vendor/cryptopp/vendor_cryptopp/rabbit.cpp new file mode 100644 index 00000000..ef146259 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/rabbit.cpp @@ -0,0 +1,259 @@ +// rabbit.cpp - written and placed in the public domain by Jeffrey Walton +// based on public domain code by Martin Boesgaard, Mette Vesterager, +// Thomas Pedersen, Jesper Christiansen and Ove Scavenius. +// +// The reference materials and source files are available at +// The eSTREAM Project, http://www.ecrypt.eu.org/stream/e2-rabbit.html. + +#include "pch.h" +#include "config.h" + +#include "rabbit.h" +#include "secblock.h" +#include "misc.h" + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::word32; +using CryptoPP::word64; +using CryptoPP::rotlConstant; + +word32 G_func(word32 x) +{ +#if 0 + /* Temporary variables */ + word32 a, b, h, l; + + /* Construct high and low argument for squaring */ + a = x & 0xFFFF; + b = x >> 16; + + /* Calculate high and low result of squaring */ + h = (((static_cast(a*a) >> 17U) + static_cast(a*b)) >> 15U) + b*b; + l = x*x; + + /* Return high XOR low */ + return static_cast(h^l); +#endif + + // Thanks to Jack Lloyd for suggesting the 64-bit multiply. + word64 z = x; + z *= x; + return static_cast((z >> 32) ^ z); +} + +word32 NextState(word32 c[8], word32 x[8], word32 carry) +{ + /* Temporary variables */ + word32 g[8], c_old[8], i; + + /* Save old counter values */ + for (i = 0; i<8; i++) + c_old[i] = c[i]; + + /* Calculate new counter values */ + c[0] = static_cast(c[0] + 0x4D34D34D + carry); + c[1] = static_cast(c[1] + 0xD34D34D3 + (c[0] < c_old[0])); + c[2] = static_cast(c[2] + 0x34D34D34 + (c[1] < c_old[1])); + c[3] = static_cast(c[3] + 0x4D34D34D + (c[2] < c_old[2])); + c[4] = static_cast(c[4] + 0xD34D34D3 + (c[3] < c_old[3])); + c[5] = static_cast(c[5] + 0x34D34D34 + (c[4] < c_old[4])); + c[6] = static_cast(c[6] + 0x4D34D34D + (c[5] < c_old[5])); + c[7] = static_cast(c[7] + 0xD34D34D3 + (c[6] < c_old[6])); + carry = (c[7] < c_old[7]); + + /* Calculate the g-values */ + for (i = 0; i<8; i++) + g[i] = G_func(static_cast(x[i] + c[i])); + + /* Calculate new state values */ + x[0] = static_cast(g[0] + rotlConstant<16>(g[7]) + rotlConstant<16>(g[6])); + x[1] = static_cast(g[1] + rotlConstant<8>(g[0]) + g[7]); + x[2] = static_cast(g[2] + rotlConstant<16>(g[1]) + rotlConstant<16>(g[0])); + x[3] = static_cast(g[3] + rotlConstant<8>(g[2]) + g[1]); + x[4] = static_cast(g[4] + rotlConstant<16>(g[3]) + rotlConstant<16>(g[2])); + x[5] = static_cast(g[5] + rotlConstant<8>(g[4]) + g[3]); + x[6] = static_cast(g[6] + rotlConstant<16>(g[5]) + rotlConstant<16>(g[4])); + x[7] = static_cast(g[7] + rotlConstant<8>(g[6]) + g[5]); + + return carry; +} + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +void RabbitPolicy::CipherSetKey(const NameValuePairs ¶ms, const byte *userKey, size_t keylen) +{ + /* Generate four subkeys */ + CRYPTOPP_UNUSED(params); + GetUserKey(LITTLE_ENDIAN_ORDER, m_t.begin(), 4, userKey, keylen); + + /* Generate initial state variables */ + m_mx[0] = m_t[0]; + m_mx[2] = m_t[1]; + m_mx[4] = m_t[2]; + m_mx[6] = m_t[3]; + m_mx[1] = static_cast(m_t[3] << 16) | (m_t[2] >> 16); + m_mx[3] = static_cast(m_t[0] << 16) | (m_t[3] >> 16); + m_mx[5] = static_cast(m_t[1] << 16) | (m_t[0] >> 16); + m_mx[7] = static_cast(m_t[2] << 16) | (m_t[1] >> 16); + + /* Generate initial counter values */ + m_mc[0] = rotlConstant<16>(m_t[2]); + m_mc[2] = rotlConstant<16>(m_t[3]); + m_mc[4] = rotlConstant<16>(m_t[0]); + m_mc[6] = rotlConstant<16>(m_t[1]); + m_mc[1] = (m_t[0] & 0xFFFF0000) | (m_t[1] & 0xFFFF); + m_mc[3] = (m_t[1] & 0xFFFF0000) | (m_t[2] & 0xFFFF); + m_mc[5] = (m_t[2] & 0xFFFF0000) | (m_t[3] & 0xFFFF); + m_mc[7] = (m_t[3] & 0xFFFF0000) | (m_t[0] & 0xFFFF); + + /* Clear carry bit */ + m_mcy = 0; + + /* Iterate the system four times */ + for (unsigned int i = 0; i<4; i++) + m_mcy = NextState(m_mc, m_mx, m_mcy); + + /* Modify the counters */ + for (unsigned int i = 0; i<8; i++) + m_mc[i] ^= m_mx[(i + 4) & 0x7]; + + /* Copy master instance to work instance */ + for (unsigned int i = 0; i<8; i++) + { + m_wx[i] = m_mx[i]; + m_wc[i] = m_mc[i]; + } + m_wcy = m_mcy; +} + +void RabbitPolicy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) +{ + byte* out = output; + for (size_t i = 0; i> 16) ^ (m_wx[3] << 16)); + PutWord(false, LITTLE_ENDIAN_ORDER, out + 4, m_wx[2] ^ (m_wx[7] >> 16) ^ (m_wx[5] << 16)); + PutWord(false, LITTLE_ENDIAN_ORDER, out + 8, m_wx[4] ^ (m_wx[1] >> 16) ^ (m_wx[7] << 16)); + PutWord(false, LITTLE_ENDIAN_ORDER, out + 12, m_wx[6] ^ (m_wx[3] >> 16) ^ (m_wx[1] << 16)); + } + + // If AdditiveCipherTemplate does not have an accumulated keystream + // then it will ask OperateKeystream to generate one. Optionally it + // will ask for an XOR of the input with the keystream while + // writing the result to the output buffer. In all cases the + // keystream is written to the output buffer. The optional part is + // adding the input buffer and keystream. + if ((operation & INPUT_NULL) != INPUT_NULL) + xorbuf(output, input, GetBytesPerIteration() * iterationCount); +} + +void RabbitWithIVPolicy::CipherSetKey(const NameValuePairs ¶ms, const byte *userKey, size_t keylen) +{ + /* Generate four subkeys */ + CRYPTOPP_UNUSED(params); + GetUserKey(LITTLE_ENDIAN_ORDER, m_t.begin(), 4, userKey, keylen); + + /* Generate initial state variables */ + m_mx[0] = m_t[0]; + m_mx[2] = m_t[1]; + m_mx[4] = m_t[2]; + m_mx[6] = m_t[3]; + m_mx[1] = static_cast(m_t[3] << 16) | (m_t[2] >> 16); + m_mx[3] = static_cast(m_t[0] << 16) | (m_t[3] >> 16); + m_mx[5] = static_cast(m_t[1] << 16) | (m_t[0] >> 16); + m_mx[7] = static_cast(m_t[2] << 16) | (m_t[1] >> 16); + + /* Generate initial counter values */ + m_mc[0] = rotlConstant<16>(m_t[2]); + m_mc[2] = rotlConstant<16>(m_t[3]); + m_mc[4] = rotlConstant<16>(m_t[0]); + m_mc[6] = rotlConstant<16>(m_t[1]); + m_mc[1] = (m_t[0] & 0xFFFF0000) | (m_t[1] & 0xFFFF); + m_mc[3] = (m_t[1] & 0xFFFF0000) | (m_t[2] & 0xFFFF); + m_mc[5] = (m_t[2] & 0xFFFF0000) | (m_t[3] & 0xFFFF); + m_mc[7] = (m_t[3] & 0xFFFF0000) | (m_t[0] & 0xFFFF); + + /* Clear carry bit */ + m_mcy = 0; + + /* Iterate the system four times */ + for (unsigned int i = 0; i<4; i++) + m_mcy = NextState(m_mc, m_mx, m_mcy); + + /* Modify the counters */ + for (unsigned int i = 0; i<8; i++) + m_mc[i] ^= m_mx[(i + 4) & 0x7]; + + /* Copy master instance to work instance */ + for (unsigned int i = 0; i<8; i++) + { + m_wx[i] = m_mx[i]; + m_wc[i] = m_mc[i]; + } + m_wcy = m_mcy; +} + +void RabbitWithIVPolicy::CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) +{ + CRYPTOPP_UNUSED(keystreamBuffer); + CRYPTOPP_UNUSED(length); + CRYPTOPP_ASSERT(length == 8); + + /* Generate four subvectors */ + GetBlock v(iv); v(m_t[0])(m_t[2]); + m_t[1] = (m_t[0] >> 16) | (m_t[2] & 0xFFFF0000); + m_t[3] = (m_t[2] << 16) | (m_t[0] & 0x0000FFFF); + + /* Modify counter values */ + m_wc[0] = m_mc[0] ^ m_t[0]; + m_wc[1] = m_mc[1] ^ m_t[1]; + m_wc[2] = m_mc[2] ^ m_t[2]; + m_wc[3] = m_mc[3] ^ m_t[3]; + m_wc[4] = m_mc[4] ^ m_t[0]; + m_wc[5] = m_mc[5] ^ m_t[1]; + m_wc[6] = m_mc[6] ^ m_t[2]; + m_wc[7] = m_mc[7] ^ m_t[3]; + + /* Copy state variables */ + for (unsigned int i = 0; i<8; i++) + m_wx[i] = m_mx[i]; + m_wcy = m_mcy; + + /* Iterate the system four times */ + for (unsigned int i = 0; i<4; i++) + m_wcy = NextState(m_wc, m_wx, m_wcy); +} + +void RabbitWithIVPolicy::OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) +{ + byte* out = output; + for (unsigned int i = 0; i> 16) ^ (m_wx[3] << 16)); + PutWord(false, LITTLE_ENDIAN_ORDER, out + 4, m_wx[2] ^ (m_wx[7] >> 16) ^ (m_wx[5] << 16)); + PutWord(false, LITTLE_ENDIAN_ORDER, out + 8, m_wx[4] ^ (m_wx[1] >> 16) ^ (m_wx[7] << 16)); + PutWord(false, LITTLE_ENDIAN_ORDER, out + 12, m_wx[6] ^ (m_wx[3] >> 16) ^ (m_wx[1] << 16)); + } + + // If AdditiveCipherTemplate does not have an accumulated keystream + // then it will ask OperateKeystream to generate one. Optionally it + // will ask for an XOR of the input with the keystream while + // writing the result to the output buffer. In all cases the + // keystream is written to the output buffer. The optional part is + // adding the input buffer and keystream. + if ((operation & INPUT_NULL) != INPUT_NULL) + xorbuf(output, input, GetBytesPerIteration() * iterationCount); +} + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/rabbit.h b/vendor/cryptopp/vendor_cryptopp/rabbit.h new file mode 100644 index 00000000..6601dcd1 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/rabbit.h @@ -0,0 +1,112 @@ +// rabbit.h - written and placed in the public domain by Jeffrey Walton +// based on public domain code by Martin Boesgaard, Mette Vesterager, +// Thomas Pedersen, Jesper Christiansen and Ove Scavenius. +// +// The reference materials and source files are available at +// The eSTREAM Project, http://www.ecrypt.eu.org/stream/e2-rabbit.html. + +/// \file rabbit.h +/// \brief Classes for Rabbit stream cipher +/// \sa The +/// eSTREAM Project | Rabbit and +/// Crypto++ Wiki | Rabbit. +/// \since Crypto++ 8.0 + +#ifndef CRYPTOPP_RABBIT_H +#define CRYPTOPP_RABBIT_H + +#include "strciphr.h" +#include "secblock.h" + +// The library does not have a way to describe an optional IV. Rabbit takes +// an optional IV so two classes are offered to bridge the gap. One provides +// Rabbit without an IV and the second provides Rabbit with an IV. + +NAMESPACE_BEGIN(CryptoPP) + +/// \brief Rabbit stream cipher information +/// \since Crypto++ 8.0 +struct RabbitInfo : public FixedKeyLength<16, SimpleKeyingInterface::NOT_RESYNCHRONIZABLE> +{ + CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "Rabbit"; } +}; + +/// \brief Rabbit stream cipher information +/// \since Crypto++ 8.0 +struct RabbitWithIVInfo : public FixedKeyLength<16, SimpleKeyingInterface::UNIQUE_IV, 8> +{ + CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() { return "RabbitWithIV"; } +}; + +/// \brief Rabbit stream cipher implementation +/// \since Crypto++ 8.0 +class RabbitPolicy : public AdditiveCipherConcretePolicy, public RabbitInfo +{ +protected: + void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); + void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); + bool CanOperateKeystream() const { return true; } + bool CipherIsRandomAccess() const { return false; } + +private: + // Master and working states + FixedSizeSecBlock m_mx, m_mc, m_wx, m_wc; + // Workspace + FixedSizeSecBlock m_t; + word32 m_mcy, m_wcy; // carry +}; + +/// \brief Rabbit stream cipher implementation +/// \since Crypto++ 8.0 +class RabbitWithIVPolicy : public AdditiveCipherConcretePolicy, public RabbitWithIVInfo +{ +protected: + void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); + void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); + void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); + bool CanOperateKeystream() const { return true; } + bool CipherIsRandomAccess() const { return false; } + +private: + // Master and working states + FixedSizeSecBlock m_mx, m_mc, m_wx, m_wc; + // Workspace + FixedSizeSecBlock m_t; + word32 m_mcy, m_wcy; // carry +}; + +/// \brief Rabbit stream cipher +/// \details Rabbit is a stream cipher developed by Martin Boesgaard, Mette Vesterager, +/// Thomas Pedersen, Jesper Christiansen and Ove Scavenius. Rabbit is one of the final four +/// Profile 1 (software) ciphers selected for the eSTREAM portfolio. +/// \details Crypto++ provides Rabbit and RabbitWithIV classes. Two classes are necessary +/// because the library lacks the means to describe and manage optional IVs. +/// \sa RabbitWithIV, The +/// eSTREAM Project | Rabbit and +/// Crypto++ Wiki | Rabbit. +/// \since Crypto++ 8.0 +struct Rabbit : public RabbitInfo, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal >, RabbitInfo> Encryption; + typedef Encryption Decryption; +}; + +/// \brief Rabbit stream cipher +/// \details Rabbit is a stream cipher developed by Martin Boesgaard, Mette Vesterager, +/// Thomas Pedersen, Jesper Christiansen and Ove Scavenius. Rabbit is one of the final four +/// Profile 1 (software) ciphers selected for the eSTREAM portfolio. +/// \details Crypto++ provides Rabbit and RabbitWithIV classes. Two classes are necessary +/// because the library lacks the means to describe and manage optional IVs. +/// \sa Rabbit, The +/// eSTREAM Project | Rabbit and +/// Crypto++ Wiki | Rabbit. +/// \since Crypto++ 8.0 +struct RabbitWithIV : public RabbitWithIVInfo, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal >, RabbitWithIVInfo> Encryption; + typedef Encryption Decryption; +}; + +NAMESPACE_END + +#endif // CRYPTOPP_RABBIT_H diff --git a/vendor/cryptopp/vendor_cryptopp/rdrand.cpp b/vendor/cryptopp/vendor_cryptopp/rdrand.cpp index 64b12208..15afcd93 100644 --- a/vendor/cryptopp/vendor_cryptopp/rdrand.cpp +++ b/vendor/cryptopp/vendor_cryptopp/rdrand.cpp @@ -7,95 +7,37 @@ #include "rdrand.h" #include "cpu.h" -// This file (and friends) provides both RDRAND and RDSEED. They were added at -// Crypto++ 5.6.3. At compile time, it uses CRYPTOPP_BOOL_{X86|X32|X64} -// to select an implementation or "throw NotImplemented". The class does not -// determine if RDRAND or RDSEED are available at runtime. If not available, -// then a SIGILL will result. Users of the classes should call HasRDRAND() -// or HasRDSEED() to determine if a generator is available. +// This file (and friends) provides both RDRAND and RDSEED. They were added +// at Crypto++ 5.6.3. At compile time, it uses CRYPTOPP_BOOL_{X86|X32|X64} +// to select an implementation or throws "NotImplemented". Users of the +// classes should call HasRDRAND() or HasRDSEED() to determine if a +// generator is available at runtime. // The original classes accepted a retry count. Retries were superflous for // RDRAND, and RDSEED encountered a failure about 1 in 256 bytes depending // on the processor. Retries were removed at Crypto++ 6.0 because // GenerateBlock unconditionally retries and always fulfills the request. - -///////////////////////////////////////////////////////////////////// -///////////////////////////////////////////////////////////////////// - -// For Linux, NASM is optional. Run rdrand-nasm.sh, and then make -// with "USE_NASM" like so: USE_NASM=1 make -j 4. The makefile -// will add the appropriate defines when building rdrand.cpp, -// and add the appropriate object file during link. - -#if 0 -#define NASM_RDRAND_ASM_AVAILABLE 1 -#define NASM_RDSEED_ASM_AVAILABLE 1 -#endif +// Intel recommends using a retry count in case RDRAND or RDSEED circuit +// is bad. This implemenation does not follow the advice and requires +// good silicon. If the circuit or processor is bad then the user has +// bigger problems than generating random numbers. ///////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////// #if defined(CRYPTOPP_CPUID_AVAILABLE) + # if defined(CRYPTOPP_MSC_VERSION) -# if (CRYPTOPP_MSC_VERSION >= 1700) -# define ALL_RDRAND_INTRIN_AVAILABLE 1 -# else -# define MASM_RDRAND_ASM_AVAILABLE 1 -# endif -# if (CRYPTOPP_MSC_VERSION >= 1800) -# define ALL_RDSEED_INTRIN_AVAILABLE 1 -# else -# define MASM_RDSEED_ASM_AVAILABLE 1 -# endif -# elif defined(CRYPTOPP_LLVM_CLANG_VERSION) || defined(CRYPTOPP_APPLE_CLANG_VERSION) -# if defined(__RDRND__) -# define ALL_RDRAND_INTRIN_AVAILABLE 1 -# else -# define GCC_RDRAND_ASM_AVAILABLE 1 -# endif -# if defined(__RDSEED__) -# define ALL_RDSEED_INTRIN_AVAILABLE 1 -# else -# define GCC_RDSEED_ASM_AVAILABLE 1 -# endif -# elif defined(__SUNPRO_CC) -# if defined(__RDRND__) && (__SUNPRO_CC >= 0x5130) -# define ALL_RDRAND_INTRIN_AVAILABLE 1 -# elif (__SUNPRO_CC >= 0x5100) -# define GCC_RDRAND_ASM_AVAILABLE 1 -# endif -# if defined(__RDSEED__) && (__SUNPRO_CC >= 0x5140) -# define ALL_RDSEED_INTRIN_AVAILABLE 1 -# elif (__SUNPRO_CC >= 0x5100) -# define GCC_RDSEED_ASM_AVAILABLE 1 -# endif -# elif defined(CRYPTOPP_GCC_VERSION) -# if defined(__RDRND__) && (CRYPTOPP_GCC_VERSION >= 40700) && !defined(__OPTIMIZE__) -# define ALL_RDRAND_INTRIN_AVAILABLE 1 -# else -# define GCC_RDRAND_ASM_AVAILABLE 1 -# endif -# if defined(__RDSEED__) && (CRYPTOPP_GCC_VERSION >= 40800) && !defined(__OPTIMIZE__) -# define ALL_RDSEED_INTRIN_AVAILABLE 1 -# else -# define GCC_RDSEED_ASM_AVAILABLE 1 -# endif +# define MASM_RDRAND_ASM_AVAILABLE 1 +# define MASM_RDSEED_ASM_AVAILABLE 1 # endif -#endif -///////////////////////////////////////////////////////////////////// -///////////////////////////////////////////////////////////////////// +# if (__SUNPRO_CC >= 0x5100) || (CRYPTOPP_APPLE_CLANG_VERSION >= 30000) || \ + (CRYPTOPP_CLANG_VERSION >= 20800) || (CRYPTOPP_GCC_VERSION >= 30200) +# define GCC_RDRAND_ASM_AVAILABLE 1 +# define GCC_RDSEED_ASM_AVAILABLE 1 +# endif -#if (ALL_RDRAND_INTRIN_AVAILABLE || ALL_RDSEED_INTRIN_AVAILABLE) -# include // rdrand, MSC, ICC, GCC, and SunCC -# if defined(__GNUC__) && (CRYPTOPP_GCC_VERSION >= 40700) -# include // rdseed for some compilers, like GCC -# endif -# if defined(__has_include) -# if __has_include() -# include -# endif -# endif -#endif +#endif // CRYPTOPP_CPUID_AVAILABLE typedef unsigned char byte; @@ -107,14 +49,6 @@ extern "C" void CRYPTOPP_FASTCALL MASM_RDRAND_GenerateBlock(byte*, size_t); extern "C" void CRYPTOPP_FASTCALL MASM_RDSEED_GenerateBlock(byte*, size_t); #endif -#if NASM_RDRAND_ASM_AVAILABLE -extern "C" void NASM_RDRAND_GenerateBlock(byte*, size_t); -#endif - -#if NASM_RDSEED_ASM_AVAILABLE -extern "C" void NASM_RDSEED_GenerateBlock(byte*, size_t); -#endif - ///////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////// @@ -125,7 +59,8 @@ NAMESPACE_BEGIN(CryptoPP) // Fills 4 bytes inline void RDRAND32(void* output) { -#if defined(__SUNPRO_CC) + CRYPTOPP_UNUSED(output); // MSC warning +#if defined(GCC_RDRAND_ASM_AVAILABLE) __asm__ __volatile__ ( "1:\n" @@ -134,40 +69,15 @@ inline void RDRAND32(void* output) : "=a" (*reinterpret_cast(output)) : : "cc" ); -#elif defined(GCC_RDRAND_ASM_AVAILABLE) && (CRYPTOPP_GCC_VERSION >= 40700) - __asm__ __volatile__ - ( - INTEL_NOPREFIX - ASL(1) - AS1(rdrand eax) - ASJ(jnc, 1, b) - ATT_NOPREFIX - : "=a" (*reinterpret_cast(output)) - : : "cc" - ); -#elif defined(GCC_RDRAND_ASM_AVAILABLE) && (CRYPTOPP_GCC_VERSION >= 30200) - __asm__ __volatile__ - ( - "1:\n" - ".byte 0x0f, 0xc7, 0xf0;\n" - "jnc 1b;\n" - : "=a" (*reinterpret_cast(output)) - : : "cc" - ); -#elif defined(ALL_RDRAND_INTRIN_AVAILABLE) - while(!_rdrand32_step(reinterpret_cast(output))) {} -#else - // RDRAND not detected at compile time, or no suitable compiler found - CRYPTOPP_UNUSED(output); - throw NotImplemented("RDRAND: failed to find an implementation"); #endif } -#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 +#if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32) // Fills 8 bytes inline void RDRAND64(void* output) { -#if defined(__SUNPRO_CC) && (__SUNPRO_CC >= 0x5100) + CRYPTOPP_UNUSED(output); // MSC warning +#if defined(GCC_RDRAND_ASM_AVAILABLE) __asm__ __volatile__ ( "1:\n" @@ -176,35 +86,9 @@ inline void RDRAND64(void* output) : "=a" (*reinterpret_cast(output)) : : "cc" ); -#elif defined(GCC_RDRAND_ASM_AVAILABLE) && (CRYPTOPP_GCC_VERSION >= 40700) - __asm__ __volatile__ - ( - INTEL_NOPREFIX - ASL(1) - AS1(rdrand rax) - ASJ(jnc, 1, b) - ATT_NOPREFIX - : "=a" (*reinterpret_cast(output)) - : : "cc" - ); -#elif defined(GCC_RDRAND_ASM_AVAILABLE) && (CRYPTOPP_GCC_VERSION >= 30200) - __asm__ __volatile__ - ( - "1:\n" - ".byte 0x48, 0x0f, 0xc7, 0xf0;\n" - "jnc 1b;\n" - : "=a" (*reinterpret_cast(output)) - : : "cc" - ); -#elif defined(ALL_RDRAND_INTRIN_AVAILABLE) - while(!_rdrand64_step(reinterpret_cast(output))) {} -#else - // RDRAND not detected at compile time, or no suitable compiler found - CRYPTOPP_UNUSED(output); - throw NotImplemented("RDRAND: failed to find an implementation"); #endif } -#endif // CRYPTOPP_BOOL_X64, CRYPTOPP_BOOL_X32 and RDRAND64 +#endif // RDRAND64 RDRAND::RDRAND() { @@ -217,18 +101,16 @@ void RDRAND::GenerateBlock(byte *output, size_t size) CRYPTOPP_ASSERT((output && size) || !(output || size)); if (size == 0) return; -#if defined(NASM_RDRAND_ASM_AVAILABLE) - - NASM_RDRAND_GenerateBlock(output, size); - -#elif defined(MASM_RDRAND_ASM_AVAILABLE) +#if defined(MASM_RDRAND_ASM_AVAILABLE) MASM_RDRAND_GenerateBlock(output, size); -#elif CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 +#elif defined(GCC_RDRAND_ASM_AVAILABLE) + +# if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32) size_t i = 0; for (i = 0; i < size/8; i++) - RDRAND64(reinterpret_cast(output)+i); + RDRAND64(output+i*8); output += i*8; size -= i*8; @@ -237,12 +119,12 @@ void RDRAND::GenerateBlock(byte *output, size_t size) { word64 val; RDRAND64(&val); - ::memcpy(output, &val, size); + std::memcpy(output, &val, size); } -#elif CRYPTOPP_BOOL_X86 +# else size_t i = 0; for (i = 0; i < size/4; i++) - RDRAND32(reinterpret_cast(output)+i); + RDRAND32(output+i*4); output += i*4; size -= i*4; @@ -251,10 +133,11 @@ void RDRAND::GenerateBlock(byte *output, size_t size) { word32 val; RDRAND32(&val); - ::memcpy(output, &val, size); + std::memcpy(output, &val, size); } +# endif #else - // RDRAND not detected at compile time, or no suitable compiler found + // No suitable compiler found CRYPTOPP_UNUSED(output); throw NotImplemented("RDRAND: failed to find a suitable implementation"); #endif @@ -282,7 +165,8 @@ void RDRAND::DiscardBytes(size_t n) // Fills 4 bytes inline void RDSEED32(void* output) { -#if defined(__SUNPRO_CC) + CRYPTOPP_UNUSED(output); // MSC warning +#if defined(GCC_RDSEED_ASM_AVAILABLE) __asm__ __volatile__ ( "1:\n" @@ -291,40 +175,15 @@ inline void RDSEED32(void* output) : "=a" (*reinterpret_cast(output)) : : "cc" ); -#elif defined(GCC_RDSEED_ASM_AVAILABLE) && (CRYPTOPP_GCC_VERSION >= 40800) - __asm__ __volatile__ - ( - INTEL_NOPREFIX - ASL(1) - AS1(rdseed eax) - ASJ(jnc, 1, b) - ATT_NOPREFIX - : "=a" (*reinterpret_cast(output)) - : : "cc" - ); -#elif defined(GCC_RDSEED_ASM_AVAILABLE) && (CRYPTOPP_GCC_VERSION >= 30200) - __asm__ __volatile__ - ( - "1:\n" - ".byte 0x0f, 0xc7, 0xf8;\n" - "jnc 1b;\n" - : "=a" (*reinterpret_cast(output)) - : : "cc" - ); -#elif defined(ALL_RDSEED_INTRIN_AVAILABLE) - while(!_rdseed32_step(reinterpret_cast(output))) {} -#else - // RDSEED not detected at compile time, or no suitable compiler found - CRYPTOPP_UNUSED(output); - throw NotImplemented("RDSEED: failed to find an implementation"); #endif } -#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 +#if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32) // Fills 8 bytes inline void RDSEED64(void* output) { -#if defined(__SUNPRO_CC) && (__SUNPRO_CC >= 0x5100) + CRYPTOPP_UNUSED(output); // MSC warning +#if defined(GCC_RDSEED_ASM_AVAILABLE) __asm__ __volatile__ ( "1:\n" @@ -333,35 +192,9 @@ inline void RDSEED64(void* output) : "=a" (*reinterpret_cast(output)) : : "cc" ); -#elif defined(GCC_RDSEED_ASM_AVAILABLE) && (CRYPTOPP_GCC_VERSION >= 40800) - __asm__ __volatile__ - ( - INTEL_NOPREFIX - ASL(1) - AS1(rdseed rax) - ASJ(jnc, 1, b) - ATT_NOPREFIX - : "=a" (*reinterpret_cast(output)) - : : "cc" - ); -#elif defined(GCC_RDSEED_ASM_AVAILABLE) && (CRYPTOPP_GCC_VERSION >= 30200) - __asm__ __volatile__ - ( - "1:\n" - ".byte 0x48, 0x0f, 0xc7, 0xf8;\n" - "jnc 1b;\n" - : "=a" (*reinterpret_cast(output)) - : : "cc" - ); -#elif defined(ALL_RDSEED_INTRIN_AVAILABLE) - while(!_rdseed64_step(reinterpret_cast(output))) {} -#else - // RDSEED not detected at compile time, or no suitable compiler found - CRYPTOPP_UNUSED(output); - throw NotImplemented("RDSEED: failed to find an implementation"); #endif } -#endif // CRYPTOPP_BOOL_X64 and RDSEED64 +#endif // RDSEED64 RDSEED::RDSEED() { @@ -374,18 +207,15 @@ void RDSEED::GenerateBlock(byte *output, size_t size) CRYPTOPP_ASSERT((output && size) || !(output || size)); if (size == 0) return; -#if defined(NASM_RDSEED_ASM_AVAILABLE) - - NASM_RDSEED_GenerateBlock(output, size); - -#elif defined(MASM_RDSEED_ASM_AVAILABLE) +#if defined(MASM_RDSEED_ASM_AVAILABLE) MASM_RDSEED_GenerateBlock(output, size); -#elif CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 +#elif defined(GCC_RDSEED_ASM_AVAILABLE) +# if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32) size_t i = 0; for (i = 0; i < size/8; i++) - RDSEED64(reinterpret_cast(output)+i); + RDSEED64(output+i*8); output += i*8; size -= i*8; @@ -394,12 +224,12 @@ void RDSEED::GenerateBlock(byte *output, size_t size) { word64 val; RDSEED64(&val); - ::memcpy(output, &val, size); + std::memcpy(output, &val, size); } -#elif CRYPTOPP_BOOL_X86 +# else size_t i = 0; for (i = 0; i < size/4; i++) - RDSEED32(reinterpret_cast(output)+i); + RDSEED32(output+i*4); output += i*4; size -= i*4; @@ -408,9 +238,14 @@ void RDSEED::GenerateBlock(byte *output, size_t size) { word32 val; RDSEED32(&val); - ::memcpy(output, &val, size); + std::memcpy(output, &val, size); } -#endif // CRYPTOPP_BOOL_X64, CRYPTOPP_BOOL_X32 and RDSEED64 +# endif +#else + // No suitable compiler found + CRYPTOPP_UNUSED(output); + throw NotImplemented("RDSEED: failed to find a suitable implementation"); +#endif // RDSEED64 } void RDSEED::DiscardBytes(size_t n) @@ -429,7 +264,7 @@ void RDSEED::DiscardBytes(size_t n) } } -#else // CRYPTOPP_CPUID_AVAILABLE +#else // not CRYPTOPP_CPUID_AVAILABLE RDRAND::RDRAND() { @@ -438,11 +273,13 @@ RDRAND::RDRAND() void RDRAND::GenerateBlock(byte *output, size_t size) { + // Constructor will throw, should not get here CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(size); } void RDRAND::DiscardBytes(size_t n) { + // Constructor will throw, should not get here CRYPTOPP_UNUSED(n); } @@ -453,14 +290,16 @@ RDSEED::RDSEED() void RDSEED::GenerateBlock(byte *output, size_t size) { + // Constructor will throw, should not get here CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(size); } void RDSEED::DiscardBytes(size_t n) { + // Constructor will throw, should not get here CRYPTOPP_UNUSED(n); } -#endif +#endif // CRYPTOPP_CPUID_AVAILABLE NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/rdrand.h b/vendor/cryptopp/vendor_cryptopp/rdrand.h index 320d864c..41e4921e 100644 --- a/vendor/cryptopp/vendor_cryptopp/rdrand.h +++ b/vendor/cryptopp/vendor_cryptopp/rdrand.h @@ -20,8 +20,8 @@ // GenerateBlock unconditionally retries and always fulfills the request. // Throughput varies wildly depending on processor and manufacturer. A Core i5 or -// Core i7 RDRAND can generate at over 200 MiB/s. Its below the theroetical -// maximum, but it takes about 5 instructions to generate, retry and store a +// Core i7 RDRAND can generate at over 200 MiB/s. It is below the theroetical +// maximum, but it takes about 5 instructions to generate, retry and store a // result. A low-end Celeron may perform RDRAND at about 7 MiB/s. RDSEED // performs at about 1/4 to 1/2 the rate of RDRAND. AMD RDRAND performed poorly // during testing with Athlon X4 845. The Bulldozer v4 only performed at 1 MiB/s. @@ -80,6 +80,10 @@ public: // Override to avoid the base class' throw. CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(length); } + + std::string AlgorithmProvider() const { + return "RDRAND"; + } }; /// \brief Exception thrown when a RDSEED generator encounters @@ -130,6 +134,10 @@ public: // Override to avoid the base class' throw. CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(length); } + + std::string AlgorithmProvider() const { + return "RDSEED"; + } }; NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/regtest1.cpp b/vendor/cryptopp/vendor_cryptopp/regtest1.cpp index 3daa810e..848ad885 100644 --- a/vendor/cryptopp/vendor_cryptopp/regtest1.cpp +++ b/vendor/cryptopp/vendor_cryptopp/regtest1.cpp @@ -1,5 +1,6 @@ // regtest1.cpp - originally written and placed in the public domain by Wei Dai -// regtest.cpp split into 3 files due to OOM kills by JW in April 2017 +// regtest.cpp split into 3 files due to OOM kills by JW +// in April 2017. A second split occured in July 2018. #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 @@ -18,6 +19,7 @@ #include "sha.h" #include "sha3.h" #include "sm3.h" +#include "hkdf.h" #include "tiger.h" #include "ripemd.h" #include "panama.h" @@ -25,6 +27,7 @@ #include "osrng.h" #include "drbg.h" +#include "darn.h" #include "mersenne.h" #include "rdrand.h" #include "padlkrng.h" @@ -45,10 +48,14 @@ USING_NAMESPACE(CryptoPP) // Unkeyed ciphers void RegisterFactories1(); -// Shared key ciphers +// MAC ciphers void RegisterFactories2(); -// Public key ciphers +// Stream ciphers void RegisterFactories3(); +// Block ciphers +void RegisterFactories4(); +// Public key ciphers +void RegisterFactories5(); void RegisterFactories(Test::TestClass suites) { @@ -59,14 +66,18 @@ void RegisterFactories(Test::TestClass suites) if ((suites & Test::Unkeyed) == Test::Unkeyed) RegisterFactories1(); - if ((suites & Test::SharedKeyMAC) == Test::SharedKeyMAC || - (suites & Test::SharedKeyStream) == Test::SharedKeyStream || - (suites & Test::SharedKeyBlock) == Test::SharedKeyBlock) + if ((suites & Test::SharedKeyMAC) == Test::SharedKeyMAC) RegisterFactories2(); - if ((suites & Test::PublicKey) == Test::PublicKey) + if ((suites & Test::SharedKeyStream) == Test::SharedKeyStream) RegisterFactories3(); + if ((suites & Test::SharedKeyBlock) == Test::SharedKeyBlock) + RegisterFactories4(); + + if ((suites & Test::PublicKey) == Test::PublicKey) + RegisterFactories5(); + s_registered = true; } @@ -122,10 +133,19 @@ void RegisterFactories1() RegisterDefaultFactoryFor(); if (HasRDSEED()) RegisterDefaultFactoryFor(); +#endif +#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) + if (HasDARN()) + RegisterDefaultFactoryFor(); #endif RegisterDefaultFactoryFor::Encryption >("AES/OFB RNG"); RegisterDefaultFactoryFor >("Hash_DRBG(SHA1)"); RegisterDefaultFactoryFor >("Hash_DRBG(SHA256)"); RegisterDefaultFactoryFor >("HMAC_DRBG(SHA1)"); RegisterDefaultFactoryFor >("HMAC_DRBG(SHA256)"); + + RegisterDefaultFactoryFor >(); + RegisterDefaultFactoryFor >(); + RegisterDefaultFactoryFor >(); + RegisterDefaultFactoryFor >(); } diff --git a/vendor/cryptopp/vendor_cryptopp/regtest2.cpp b/vendor/cryptopp/vendor_cryptopp/regtest2.cpp index b5bf18b0..e68db6cc 100644 --- a/vendor/cryptopp/vendor_cryptopp/regtest2.cpp +++ b/vendor/cryptopp/vendor_cryptopp/regtest2.cpp @@ -1,5 +1,6 @@ // regtest2.cpp - originally written and placed in the public domain by Wei Dai -// regtest.cpp split into 3 files due to OOM kills by JW in April 2017 +// regtest.cpp split into 3 files due to OOM kills by JW +// in April 2017. A second split occured in July 2018. #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 @@ -8,46 +9,14 @@ #include "bench.h" #include "cpu.h" -#include "modes.h" -#include "seal.h" -#include "ttmac.h" -#include "aria.h" -#include "camellia.h" -#include "shacal2.h" -#include "tea.h" -#include "aes.h" -#include "salsa.h" -#include "chacha.h" -#include "vmac.h" -#include "tiger.h" -#include "sosemanuk.h" -#include "arc4.h" -#include "ccm.h" -#include "gcm.h" -#include "eax.h" -#include "twofish.h" -#include "serpent.h" -#include "cast.h" -#include "rc6.h" -#include "mars.h" -#include "kalyna.h" -#include "threefish.h" -#include "simon.h" -#include "speck.h" -#include "sm4.h" -#include "des.h" -#include "idea.h" -#include "rc5.h" -#include "tea.h" -#include "skipjack.h" +// For MAC's +#include "hmac.h" #include "cmac.h" #include "dmac.h" -#include "blowfish.h" -#include "seed.h" -#include "wake.h" -#include "hkdf.h" +#include "vmac.h" +#include "ttmac.h" -// For HMAC's +// Ciphers #include "md5.h" #include "keccak.h" #include "sha.h" @@ -56,9 +25,24 @@ #include "ripemd.h" #include "poly1305.h" #include "siphash.h" -#include "whrlpool.h" #include "panama.h" +// Stream ciphers +#include "arc4.h" +#include "seal.h" +#include "wake.h" +#include "chacha.h" +#include "salsa.h" +#include "rabbit.h" +#include "hc128.h" +#include "hc256.h" +#include "panama.h" +#include "sosemanuk.h" + +// Block for CMAC +#include "aes.h" +#include "des.h" + // Aggressive stack checking with VS2005 SP1 and above. #if (_MSC_FULL_VER >= 140050727) # pragma strict_gs_check (on) @@ -70,7 +54,7 @@ USING_NAMESPACE(CryptoPP) -// Shared key ciphers +// MAC ciphers void RegisterFactories2() { RegisterDefaultFactoryFor >(); @@ -93,96 +77,25 @@ void RegisterFactories2() RegisterDefaultFactoryFor(); RegisterDefaultFactoryFor >(); RegisterDefaultFactoryFor >(); +} - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories(); - RegisterSymmetricCipherDefaultFactories(); - RegisterSymmetricCipherDefaultFactories(); - RegisterSymmetricCipherDefaultFactories(); - RegisterSymmetricCipherDefaultFactories(); - RegisterSymmetricCipherDefaultFactories(); +// Stream ciphers +void RegisterFactories3() +{ RegisterSymmetricCipherDefaultFactories(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); RegisterSymmetricCipherDefaultFactories >(); RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterAuthenticatedSymmetricCipherDefaultFactories >(); - RegisterAuthenticatedSymmetricCipherDefaultFactories >(); - RegisterAuthenticatedSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); // For test vectors - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Benchmarks - RegisterSymmetricCipherDefaultFactories >(); // Benchmarks - RegisterSymmetricCipherDefaultFactories >(); // Benchmarks - - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Benchmarks - RegisterSymmetricCipherDefaultFactories >(); // Benchmarks - RegisterSymmetricCipherDefaultFactories >(); // Benchmarks - - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Benchmarks - RegisterSymmetricCipherDefaultFactories >(); // Benchmarks - - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Benchmarks - RegisterSymmetricCipherDefaultFactories >(); // Benchmarks - - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Test Vectors - RegisterSymmetricCipherDefaultFactories >(); // Benchmarks - - RegisterDefaultFactoryFor >(); - RegisterDefaultFactoryFor >(); - RegisterDefaultFactoryFor >(); - RegisterDefaultFactoryFor >(); + RegisterSymmetricCipherDefaultFactories(); + RegisterSymmetricCipherDefaultFactories(); + RegisterSymmetricCipherDefaultFactories(); + RegisterSymmetricCipherDefaultFactories(); + RegisterSymmetricCipherDefaultFactories(); + RegisterSymmetricCipherDefaultFactories(); + RegisterSymmetricCipherDefaultFactories(); + RegisterSymmetricCipherDefaultFactories(); } diff --git a/vendor/cryptopp/vendor_cryptopp/regtest3.cpp b/vendor/cryptopp/vendor_cryptopp/regtest3.cpp index 7949c846..b1267b65 100644 --- a/vendor/cryptopp/vendor_cryptopp/regtest3.cpp +++ b/vendor/cryptopp/vendor_cryptopp/regtest3.cpp @@ -1,5 +1,6 @@ -// regtest.cpp - originally written and placed in the public domain by Wei Dai -// regtest.cpp split into 3 files due to OOM kills by JW in April 2017 +// regtest3.cpp - originally written and placed in the public domain by Wei Dai +// regtest.cpp split into 3 files due to OOM kills by JW +// in April 2017. A second split occured in July 2018. #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 @@ -8,18 +9,36 @@ #include "bench.h" #include "cpu.h" -#include "dh.h" -#include "nr.h" -#include "rw.h" -#include "rsa.h" -#include "dsa.h" -#include "pssr.h" -#include "esign.h" - -// Hashes -#include "md2.h" -#include "md5.h" -#include "sha.h" +#include "modes.h" +#include "aria.h" +#include "seed.h" +#include "hight.h" +#include "camellia.h" +#include "shacal2.h" +#include "tea.h" +#include "aes.h" +#include "tiger.h" +#include "ccm.h" +#include "gcm.h" +#include "eax.h" +#include "twofish.h" +#include "serpent.h" +#include "cast.h" +#include "rc6.h" +#include "mars.h" +#include "kalyna.h" +#include "threefish.h" +#include "cham.h" +#include "lea.h" +#include "simeck.h" +#include "simon.h" +#include "speck.h" +#include "sm4.h" +#include "des.h" +#include "idea.h" +#include "rc5.h" +#include "skipjack.h" +#include "blowfish.h" // Aggressive stack checking with VS2005 SP1 and above. #if (_MSC_FULL_VER >= 140050727) @@ -32,26 +51,97 @@ USING_NAMESPACE(CryptoPP) -void RegisterFactories3() +// Shared key ciphers +void RegisterFactories4() { - RegisterDefaultFactoryFor(); - RegisterAsymmetricCipherDefaultFactories > >("RSA/OAEP-MGF1(SHA-1)"); - RegisterAsymmetricCipherDefaultFactories >("DLIES(NoCofactorMultiplication, KDF2(SHA-1), XOR, HMAC(SHA-1), DHAES)"); - RegisterSignatureSchemeDefaultFactories(); - RegisterSignatureSchemeDefaultFactories >(); - RegisterSignatureSchemeDefaultFactories >(); - RegisterSignatureSchemeDefaultFactories >(); - RegisterSignatureSchemeDefaultFactories >(); - RegisterSignatureSchemeDefaultFactories >(); - RegisterSignatureSchemeDefaultFactories >(); - RegisterSignatureSchemeDefaultFactories >(); - RegisterSignatureSchemeDefaultFactories >(); - RegisterSignatureSchemeDefaultFactories >(); - RegisterSignatureSchemeDefaultFactories >("NR(1363)/EMSA1(SHA-1)"); - RegisterSignatureSchemeDefaultFactories >("DSA-1363/EMSA1(SHA-1)"); - RegisterSignatureSchemeDefaultFactories >("RSA/PKCS1-1.5(MD2)"); - RegisterSignatureSchemeDefaultFactories >("RSA/PKCS1-1.5(SHA-1)"); - RegisterSignatureSchemeDefaultFactories >("ESIGN/EMSA5-MGF1(SHA-1)"); - RegisterSignatureSchemeDefaultFactories >("RW/EMSA2(SHA-1)"); - RegisterSignatureSchemeDefaultFactories >("RSA/PSS-MGF1(SHA-1)"); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + + RegisterAuthenticatedSymmetricCipherDefaultFactories >(); + RegisterAuthenticatedSymmetricCipherDefaultFactories >(); + RegisterAuthenticatedSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); // For test vectors + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + RegisterSymmetricCipherDefaultFactories >(); + + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks + + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Test Vectors + RegisterSymmetricCipherDefaultFactories >(); // Benchmarks } diff --git a/vendor/cryptopp/vendor_cryptopp/regtest4.cpp b/vendor/cryptopp/vendor_cryptopp/regtest4.cpp new file mode 100644 index 00000000..87c89477 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/regtest4.cpp @@ -0,0 +1,58 @@ +// regtest4.cpp - originally written and placed in the public domain by Wei Dai +// regtest.cpp split into 3 files due to OOM kills by JW +// in April 2017. A second split occured in July 2018. + +#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 + +#include "cryptlib.h" +#include "factory.h" +#include "bench.h" +#include "cpu.h" + +#include "dh.h" +#include "nr.h" +#include "rw.h" +#include "rsa.h" +#include "dsa.h" +#include "pssr.h" +#include "esign.h" + +// Hashes +#include "md2.h" +#include "md5.h" +#include "sha.h" + +// Aggressive stack checking with VS2005 SP1 and above. +#if (_MSC_FULL_VER >= 140050727) +# pragma strict_gs_check (on) +#endif + +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) +#endif + +USING_NAMESPACE(CryptoPP) + +void RegisterFactories5() +{ + RegisterDefaultFactoryFor(); + RegisterAsymmetricCipherDefaultFactories > >("RSA/OAEP-MGF1(SHA-1)"); + RegisterAsymmetricCipherDefaultFactories >("DLIES(NoCofactorMultiplication, KDF2(SHA-1), XOR, HMAC(SHA-1), DHAES)"); + RegisterSignatureSchemeDefaultFactories(); + RegisterSignatureSchemeDefaultFactories >(); + RegisterSignatureSchemeDefaultFactories >(); + RegisterSignatureSchemeDefaultFactories >(); + RegisterSignatureSchemeDefaultFactories >(); + RegisterSignatureSchemeDefaultFactories >(); + RegisterSignatureSchemeDefaultFactories >(); + RegisterSignatureSchemeDefaultFactories >(); + RegisterSignatureSchemeDefaultFactories >(); + RegisterSignatureSchemeDefaultFactories >(); + RegisterSignatureSchemeDefaultFactories >("NR(1363)/EMSA1(SHA-1)"); + RegisterSignatureSchemeDefaultFactories >("DSA-1363/EMSA1(SHA-1)"); + RegisterSignatureSchemeDefaultFactories >("RSA/PKCS1-1.5(MD2)"); + RegisterSignatureSchemeDefaultFactories >("RSA/PKCS1-1.5(SHA-1)"); + RegisterSignatureSchemeDefaultFactories >("ESIGN/EMSA5-MGF1(SHA-1)"); + RegisterSignatureSchemeDefaultFactories >("RW/EMSA2(SHA-1)"); + RegisterSignatureSchemeDefaultFactories >("RSA/PSS-MGF1(SHA-1)"); +} diff --git a/vendor/cryptopp/vendor_cryptopp/rijndael.cpp b/vendor/cryptopp/vendor_cryptopp/rijndael.cpp index c398526c..4793672a 100644 --- a/vendor/cryptopp/vendor_cryptopp/rijndael.cpp +++ b/vendor/cryptopp/vendor_cryptopp/rijndael.cpp @@ -5,7 +5,16 @@ // use "cl /EP /P /DCRYPTOPP_GENERATE_X64_MASM rijndael.cpp" to generate MASM code /* -July 2017: Added support for ARM AES instructions via compiler intrinsics. +July 2018: Added support for ARMv7 AES instructions via Cryptogams ASM. + See the head notes in aes_armv4.S for copyright and license. +*/ + +/* +September 2017: Added support for Power8 AES instructions via compiler intrinsics. +*/ + +/* +July 2017: Added support for ARMv8 AES instructions via compiler intrinsics. */ /* @@ -21,8 +30,9 @@ x86 assembly code, doing an 8-bit register move to minimize the number of register spills. Also switched to compressed tables and copying round keys to the stack. -The C++ implementation now uses compressed tables if -CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined. +The C++ implementation uses compressed tables if +CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS is defined. +It is defined on x86 platforms by default but no others. */ /* @@ -78,15 +88,20 @@ being unloaded from L1 cache, until that round is finished. #include "misc.h" #include "cpu.h" -NAMESPACE_BEGIN(CryptoPP) - -// Clang 3.3 integrated assembler crash on Linux -#if CRYPTOPP_BOOL_X32 || (defined(CRYPTOPP_LLVM_CLANG_VERSION) && (CRYPTOPP_LLVM_CLANG_VERSION < 30400)) -# define CRYPTOPP_DISABLE_RIJNDAEL_ASM +// VS2017 and global optimization bug. TODO, figure out when +// we can re-enable full optimizations for VS2017. Also see +// https://github.com/weidai11/cryptopp/issues/649 +#if (_MSC_VER >= 1910) +# ifndef CRYPTOPP_DEBUG +# pragma optimize("", off) +# pragma optimize("ts", on) +# endif #endif +NAMESPACE_BEGIN(CryptoPP) + // Hack for http://github.com/weidai11/cryptopp/issues/42 and http://github.com/weidai11/cryptopp/issues/132 -#if (CRYPTOPP_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)) && !defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) +#if (CRYPTOPP_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)) # define CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS 1 #endif @@ -94,7 +109,7 @@ NAMESPACE_BEGIN(CryptoPP) #define M128I_CAST(x) ((__m128i *)(void *)(x)) #define CONST_M128I_CAST(x) ((const __m128i *)(const void *)(x)) -#if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) +#if defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) # if (CRYPTOPP_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)) && !defined(CRYPTOPP_DISABLE_RIJNDAEL_ASM) namespace rdtable {CRYPTOPP_ALIGN_DATA(16) word64 Te[256+2];} using namespace rdtable; @@ -102,28 +117,19 @@ using namespace rdtable; static word64 Te[256]; # endif static word64 Td[256]; -#else // Not CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS +#else // Not CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS # if defined(CRYPTOPP_X64_MASM_AVAILABLE) // Unused; avoids linker error on Microsoft X64 non-AESNI platforms namespace rdtable {CRYPTOPP_ALIGN_DATA(16) word64 Te[256+2];} # endif CRYPTOPP_ALIGN_DATA(16) static word32 Te[256*4]; CRYPTOPP_ALIGN_DATA(16) static word32 Td[256*4]; -#endif // CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS +#endif // CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS static volatile bool s_TeFilled = false, s_TdFilled = false; ANONYMOUS_NAMESPACE_BEGIN -CRYPTOPP_ALIGN_DATA(16) -const word32 s_one[] = {0, 0, 0, 1<<24}; - -/* for 128-bit blocks, Rijndael never uses more than 10 rcon values */ -CRYPTOPP_ALIGN_DATA(16) -const word32 s_rconLE[] = { - 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x1B, 0x36 -}; - #if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 // Determine whether the range between begin and end overlaps @@ -190,7 +196,7 @@ ANONYMOUS_NAMESPACE_END tempBlock[c] = ((byte *)(Te+byte(t)))[1]; t >>= 8;\ tempBlock[d] = ((byte *)(Te+t))[1]; -#if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) +#if defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) #define QUARTER_ROUND_LD(t, a, b, c, d) \ tempBlock[a] = ((byte *)(Td+byte(t)))[GetNativeByteOrder()*7]; t >>= 8;\ tempBlock[b] = ((byte *)(Td+byte(t)))[GetNativeByteOrder()*7]; t >>= 8;\ @@ -207,10 +213,10 @@ ANONYMOUS_NAMESPACE_END #define QUARTER_ROUND_E(t, a, b, c, d) QUARTER_ROUND(TL_M, Te, t, a, b, c, d) #define QUARTER_ROUND_D(t, a, b, c, d) QUARTER_ROUND(TL_M, Td, t, a, b, c, d) -#ifdef CRYPTOPP_LITTLE_ENDIAN +#if (CRYPTOPP_LITTLE_ENDIAN) #define QUARTER_ROUND_FE(t, a, b, c, d) QUARTER_ROUND(TL_F, Te, t, d, c, b, a) #define QUARTER_ROUND_FD(t, a, b, c, d) QUARTER_ROUND(TL_F, Td, t, d, c, b, a) - #if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) + #if defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) #define TL_F(T, i, x) (*(word32 *)(void *)((byte *)T + x*8 + (6-i)%4+1)) #define TL_M(T, i, x) (*(word32 *)(void *)((byte *)T + x*8 + (i+3)%4+1)) #else @@ -220,7 +226,7 @@ ANONYMOUS_NAMESPACE_END #else #define QUARTER_ROUND_FE(t, a, b, c, d) QUARTER_ROUND(TL_F, Te, t, a, b, c, d) #define QUARTER_ROUND_FD(t, a, b, c, d) QUARTER_ROUND(TL_F, Td, t, a, b, c, d) - #if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) + #if defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) #define TL_F(T, i, x) (*(word32 *)(void *)((byte *)T + x*8 + (4-i)%4)) #define TL_M TL_F #else @@ -240,12 +246,33 @@ ANONYMOUS_NAMESPACE_END #define fd(x) (f8(x) ^ f4(x) ^ x) #define fe(x) (f8(x) ^ f4(x) ^ f2(x)) +unsigned int Rijndael::Base::OptimalDataAlignment() const +{ +#if (CRYPTOPP_AESNI_AVAILABLE) + if (HasAESNI()) + return 1; +#endif +#if (CRYPTOPP_ARM_AES_AVAILABLE) + if (HasAES()) + return 1; +#endif +#if (CRYPTOGAMS_ARM_AES) + if (HasARMv7()) + return 1; +#endif +#if (CRYPTOPP_POWER8_AES_AVAILABLE) + if (HasAES()) + return 1; +#endif + return BlockTransformation::OptimalDataAlignment(); +} + void Rijndael::Base::FillEncTable() { for (int i=0; i<256; i++) { byte x = Se[i]; -#if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) +#if defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) word32 y = word32(x)<<8 | word32(x)<<16 | word32(f2(x))<<24; Te[i] = word64(y | f3(x))<<32 | y; #else @@ -268,7 +295,7 @@ void Rijndael::Base::FillDecTable() for (int i=0; i<256; i++) { byte x = Sd[i]; -#if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) +#if defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) word32 y = word32(fd(x))<<8 | word32(f9(x))<<16 | word32(fe(x))<<24; Td[i] = word64(y | fb(x))<<32 | y | x; #else @@ -300,6 +327,13 @@ extern size_t Rijndael_Dec_AdvancedProcessBlocks_ARMV8(const word32 *subkeys, si const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); #endif +#if (CRYPTOGAMS_ARM_AES) +extern "C" int AES_set_encrypt_key(const unsigned char *userKey, const int bitLen, word32 *rkey); +extern "C" int AES_set_decrypt_key(const unsigned char *userKey, const int bitLen, word32 *rkey); +extern "C" void AES_encrypt(const unsigned char in[16], unsigned char out[16], const word32 *rkey); +extern "C" void AES_decrypt(const unsigned char in[16], unsigned char out[16], const word32 *rkey); +#endif + #if (CRYPTOPP_POWER8_AES_AVAILABLE) extern void Rijndael_UncheckedSetKey_POWER8(const byte* userKey, size_t keyLen, word32* rk, const byte* Se); @@ -310,10 +344,72 @@ extern size_t Rijndael_Dec_AdvancedProcessBlocks128_6x1_ALTIVEC(const word32 *su const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); #endif +#if (CRYPTOGAMS_ARM_AES) +int CRYPTOGAMS_set_encrypt_key(const byte *userKey, const int bitLen, word32 *rkey) +{ + return AES_set_encrypt_key(userKey, bitLen, rkey); +} +int CRYPTOGAMS_set_decrypt_key(const byte *userKey, const int bitLen, word32 *rkey) +{ + return AES_set_decrypt_key(userKey, bitLen, rkey); +} +void CRYPTOGAMS_encrypt(const byte *inBlock, const byte *xorBlock, byte *outBlock, const word32 *rkey) +{ + AES_encrypt(inBlock, outBlock, rkey); + if (xorBlock) + xorbuf (outBlock, xorBlock, 16); +} +void CRYPTOGAMS_decrypt(const byte *inBlock, const byte *xorBlock, byte *outBlock, const word32 *rkey) +{ + AES_decrypt(inBlock, outBlock, rkey); + if (xorBlock) + xorbuf (outBlock, xorBlock, 16); +} +#endif + +std::string Rijndael::Base::AlgorithmProvider() const +{ +#if (CRYPTOPP_AESNI_AVAILABLE) + if (HasAESNI()) + return "AESNI"; +#endif +#if CRYPTOPP_SSE2_ASM_AVAILABLE && !defined(CRYPTOPP_DISABLE_RIJNDAEL_ASM) + if (HasSSE2()) + return "SSE2"; +#endif +#if (CRYPTOPP_ARM_AES_AVAILABLE) + if (HasAES()) + return "ARMv8"; +#endif +#if (CRYPTOGAMS_ARM_AES) + if (HasARMv7()) + return "ARMv7"; +#endif +#if (CRYPTOPP_POWER8_AES_AVAILABLE) + if (HasAES()) + return "Power8"; +#endif + return "C++"; +} + void Rijndael::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLen, const NameValuePairs &) { AssertValidKeyLength(keyLen); +#if (CRYPTOGAMS_ARM_AES) + if (HasARMv7()) + { + m_rounds = keyLen/4 + 6; + m_key.New(4*(15+1)+4); + + if (IsForwardTransformation()) + CRYPTOGAMS_set_encrypt_key(userKey, keyLen*8, m_key.begin()); + else + CRYPTOGAMS_set_decrypt_key(userKey, keyLen*8, m_key.begin()); + return; + } +#endif + #if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 m_aliasBlock.New(s_sizeToAllocate); // The alias block is only used on IA-32 when unaligned data access is in effect. @@ -453,6 +549,14 @@ void Rijndael::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock } #endif +#if (CRYPTOGAMS_ARM_AES) + if (HasARMv7()) + { + CRYPTOGAMS_encrypt(inBlock, xorBlock, outBlock, m_key.begin()); + return; + } +#endif + #if (CRYPTOPP_POWER8_AES_AVAILABLE) if (HasAES()) { @@ -483,7 +587,7 @@ void Rijndael::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock unsigned int i; volatile word32 _u = 0; word32 u = _u; -#if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) +#if defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) for (i=0; i<2048; i+=cacheLineSize) #else for (i=0; i<1024; i+=cacheLineSize) @@ -498,8 +602,8 @@ void Rijndael::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock QUARTER_ROUND_FE(s0, t1, t2, t3, t0) // Nr - 2 full rounds: - unsigned int r = m_rounds/2 - 1; - do + unsigned int r = m_rounds/2 - 1; + do { s0 = rk[0]; s1 = rk[1]; s2 = rk[2]; s3 = rk[3]; @@ -515,8 +619,8 @@ void Rijndael::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock QUARTER_ROUND_E(s1, t2, t3, t0, t1) QUARTER_ROUND_E(s0, t1, t2, t3, t0) - rk += 8; - } while (--r); + rk += 8; + } while (--r); word32 tbw[4]; byte *const tempBlock = (byte *)tbw; @@ -547,6 +651,14 @@ void Rijndael::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock } #endif +#if (CRYPTOGAMS_ARM_AES) + if (HasARMv7()) + { + CRYPTOGAMS_decrypt(inBlock, xorBlock, outBlock, m_key.begin()); + return; + } +#endif + #if (CRYPTOPP_POWER8_AES_AVAILABLE) if (HasAES()) { @@ -577,7 +689,7 @@ void Rijndael::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock unsigned int i; volatile word32 _u = 0; word32 u = _u; -#if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) +#if defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS) for (i=0; i<2048; i+=cacheLineSize) #else for (i=0; i<1024; i+=cacheLineSize) @@ -592,8 +704,8 @@ void Rijndael::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock QUARTER_ROUND_FD(s0, t3, t2, t1, t0) // Nr - 2 full rounds: - unsigned int r = m_rounds/2 - 1; - do + unsigned int r = m_rounds/2 - 1; + do { s0 = rk[0]; s1 = rk[1]; s2 = rk[2]; s3 = rk[3]; @@ -609,12 +721,12 @@ void Rijndael::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock QUARTER_ROUND_D(s1, t0, t3, t2, t1) QUARTER_ROUND_D(s0, t3, t2, t1, t0) - rk += 8; - } while (--r); + rk += 8; + } while (--r); -#if !(defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) || defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS)) +#if !(defined(CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS)) // timing attack countermeasure. see comments at top for more details - // If CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined, + // If CRYPTOPP_ALLOW_RIJNDAEL_UNALIGNED_DATA_ACCESS is defined, // QUARTER_ROUND_LD will use Td, which is already preloaded. u = _u; for (i=0; i<256; i+=cacheLineSize) @@ -644,11 +756,11 @@ void Rijndael::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock #if CRYPTOPP_SSE2_ASM_AVAILABLE && !defined(CRYPTOPP_DISABLE_RIJNDAEL_ASM) -CRYPTOPP_NAKED void CRYPTOPP_FASTCALL Rijndael_Enc_AdvancedProcessBlocks(void *locals, const word32 *k) +CRYPTOPP_NAKED void CRYPTOPP_FASTCALL Rijndael_Enc_AdvancedProcessBlocks_SSE2(void *locals, const word32 *k) { CRYPTOPP_UNUSED(locals); CRYPTOPP_UNUSED(k); -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 +#if CRYPTOPP_BOOL_X86 #define L_REG esp #define L_INDEX(i) (L_REG+768+i) @@ -748,7 +860,7 @@ CRYPTOPP_NAKED void CRYPTOPP_FASTCALL Rijndael_Enc_AdvancedProcessBlocks(void *l AS2( mov edi, [g_cacheLineSize]) #endif -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 +#if CRYPTOPP_BOOL_X86 AS2( mov [ecx+16*12+16*4], esp) // save esp to L_SP AS2( lea esp, [ecx-768]) #endif @@ -808,7 +920,7 @@ CRYPTOPP_NAKED void CRYPTOPP_FASTCALL Rijndael_Enc_AdvancedProcessBlocks(void *l AS2( movd eax, xmm1) AS2( mov al, BYTE PTR [WORD_REG(si)+15]) AS2( MOVD MM(2), eax) -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 +#if CRYPTOPP_BOOL_X86 AS2( mov eax, 1) AS2( movd mm3, eax) #endif @@ -936,7 +1048,7 @@ CRYPTOPP_NAKED void CRYPTOPP_FASTCALL Rijndael_Enc_AdvancedProcessBlocks(void *l AS2( xor cl, ch) AS2( and WORD_REG(cx), 255) ASL(5) -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 +#if CRYPTOPP_BOOL_X86 AS2( paddb MM(2), mm3) #else AS2( add MM(2), 1) @@ -1037,7 +1149,7 @@ CRYPTOPP_NAKED void CRYPTOPP_FASTCALL Rijndael_Enc_AdvancedProcessBlocks(void *l AS2( movdqu xmm2, [WORD_REG(ax)]) AS2( pxor xmm2, xmm4) -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 +#if CRYPTOPP_BOOL_X86 AS2( movdqa xmm0, [L_INCREMENTS]) AS2( paddd xmm0, [L_INBLOCKS]) AS2( movdqa [L_INBLOCKS], xmm0) @@ -1085,7 +1197,7 @@ CRYPTOPP_NAKED void CRYPTOPP_FASTCALL Rijndael_Enc_AdvancedProcessBlocks(void *l AS2( movaps [WORD_REG(ax)+4*16], xmm0) AS2( movaps [WORD_REG(ax)+5*16], xmm0) AS2( movaps [WORD_REG(ax)+6*16], xmm0) -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 +#if CRYPTOPP_BOOL_X86 AS2( mov esp, [L_SP]) AS1( emms) #endif @@ -1122,7 +1234,7 @@ CRYPTOPP_NAKED void CRYPTOPP_FASTCALL Rijndael_Enc_AdvancedProcessBlocks(void *l #ifdef CRYPTOPP_X64_MASM_AVAILABLE extern "C" { -void Rijndael_Enc_AdvancedProcessBlocks(void *locals, const word32 *k); +void Rijndael_Enc_AdvancedProcessBlocks_SSE2(void *locals, const word32 *k); } #endif @@ -1186,7 +1298,7 @@ size_t Rijndael::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xo int keysToCopy = m_rounds - (flags & BT_InBlockIsCounter ? 3 : 2); locals.keysBegin = (12-keysToCopy)*16; - Rijndael_Enc_AdvancedProcessBlocks(&locals, m_key); + Rijndael_Enc_AdvancedProcessBlocks_SSE2(&locals, m_key); return length % BLOCKSIZE; } diff --git a/vendor/cryptopp/vendor_cryptopp/rijndael.h b/vendor/cryptopp/vendor_cryptopp/rijndael.h index 9bbafda3..ca7c286c 100644 --- a/vendor/cryptopp/vendor_cryptopp/rijndael.h +++ b/vendor/cryptopp/vendor_cryptopp/rijndael.h @@ -5,7 +5,7 @@ /// \details All key sizes are supported. The library only provides Rijndael with 128-bit blocks, /// and not 192-bit or 256-bit blocks /// \since Rijndael since Crypto++ 3.1, Intel AES-NI since Crypto++ 5.6.1, ARMv8 AES since Crypto++ 6.0, -/// Power8 AES since Crypto++ 6.0 +/// Power8 AES since Crypto++ 6.0, ARMv7 AES since Crypto++ 8.0 #ifndef CRYPTOPP_RIJNDAEL_H #define CRYPTOPP_RIJNDAEL_H @@ -13,8 +13,14 @@ #include "seckey.h" #include "secblock.h" +// Clang 3.3 integrated assembler crash on Linux. Clang 3.4 due to compiler +// error with .intel_syntax, http://llvm.org/bugs/show_bug.cgi?id=24232 +#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_MIXED_ASM) +# define CRYPTOPP_DISABLE_RIJNDAEL_ASM 1 +#endif + #if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_ARM32 || \ - CRYPTOPP_BOOL_ARM64 || CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64 + CRYPTOPP_BOOL_ARMV8 || CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64 # define CRYPTOPP_RIJNDAEL_ADVANCED_PROCESS_BLOCKS 1 #endif @@ -24,7 +30,7 @@ NAMESPACE_BEGIN(CryptoPP) /// \details All key sizes are supported. The library only provides Rijndael with 128-bit blocks, /// and not 192-bit or 256-bit blocks /// \since Rijndael since Crypto++ 3.1, Intel AES-NI since Crypto++ 5.6.1, ARMv8 AES since Crypto++ 6.0, -/// Power8 AES since Crypto++ 6.0 +/// Power8 AES since Crypto++ 6.0, ARMv7 AES since Crypto++ 8.0 struct Rijndael_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32, 8> { CRYPTOPP_DLL static const char * CRYPTOPP_API StaticAlgorithmName() {return CRYPTOPP_RIJNDAEL_NAME;} @@ -34,7 +40,7 @@ struct Rijndael_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 1 /// \details All key sizes are supported. The library only provides Rijndael with 128-bit blocks, /// and not 192-bit or 256-bit blocks /// \since Rijndael since Crypto++ 3.1, Intel AES-NI since Crypto++ 5.6.1, ARMv8 AES since Crypto++ 6.0, -/// Power8 AES since Crypto++ 6.0 +/// Power8 AES since Crypto++ 6.0, ARMv7 AES since Crypto++ 8.0 /// \sa Rijndael class CRYPTOPP_DLL Rijndael : public Rijndael_Info, public BlockCipherDocumentation { @@ -44,6 +50,8 @@ class CRYPTOPP_DLL Rijndael : public Rijndael_Info, public BlockCipherDocumentat { public: void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); + std::string AlgorithmProvider() const; + unsigned int OptimalDataAlignment() const; protected: static void FillEncTable(); @@ -56,15 +64,15 @@ class CRYPTOPP_DLL Rijndael : public Rijndael_Info, public BlockCipherDocumentat static const word32 rcon[]; unsigned int m_rounds; - FixedSizeAlignedSecBlock m_key; + SecBlock > m_key; mutable SecByteBlock m_aliasBlock; }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Enc provides implementation for encryption transformation. All key sizes are supported. /// The library only provides Rijndael with 128-bit blocks, and not 192-bit or 256-bit blocks /// \since Rijndael since Crypto++ 3.1, Intel AES-NI since Crypto++ 5.6.1, ARMv8 AES since Crypto++ 6.0, - /// Power8 AES since Crypto++ 6.0 + /// Power8 AES since Crypto++ 6.0, ARMv7 AES since Crypto++ 8.0 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Enc : public Base { public: @@ -74,11 +82,11 @@ class CRYPTOPP_DLL Rijndael : public Rijndael_Info, public BlockCipherDocumentat #endif }; - /// \brief Provides implementation for decryption transformation + /// \brief Decryption transformation /// \details Dec provides implementation for decryption transformation. All key sizes are supported. /// The library only provides Rijndael with 128-bit blocks, and not 192-bit or 256-bit blocks /// \since Rijndael since Crypto++ 3.1, Intel AES-NI since Crypto++ 5.6.1, ARMv8 AES since Crypto++ 6.0, - /// Power8 AES since Crypto++ 6.0 + /// Power8 AES since Crypto++ 6.0, ARMv7 AES since Crypto++ 8.0 class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Dec : public Base { public: diff --git a/vendor/cryptopp/vendor_cryptopp/rijndael-simd.cpp b/vendor/cryptopp/vendor_cryptopp/rijndael_simd.cpp similarity index 79% rename from vendor/cryptopp/vendor_cryptopp/rijndael-simd.cpp rename to vendor/cryptopp/vendor_cryptopp/rijndael_simd.cpp index 4f55f610..36ad06ac 100644 --- a/vendor/cryptopp/vendor_cryptopp/rijndael-simd.cpp +++ b/vendor/cryptopp/vendor_cryptopp/rijndael_simd.cpp @@ -1,4 +1,4 @@ -// rijndael-simd.cpp - written and placed in the public domain by +// rijndael_simd.cpp - written and placed in the public domain by // Jeffrey Walton, Uri Blumenthal and Marcel Raad. // AES-NI code originally written by Wei Dai. // @@ -23,34 +23,24 @@ #include "pch.h" #include "config.h" #include "misc.h" -#include "adv-simd.h" - -// We set CRYPTOPP_POWER8_CRYPTO_AVAILABLE based on compiler version. -// If the crypto is not available, then we have to disable it here. -#if !(defined(__CRYPTO) || defined(_ARCH_PWR8) || defined(_ARCH_PWR9)) -# undef CRYPTOPP_POWER8_CRYPTO_AVAILABLE -# undef CRYPTOPP_POWER8_AES_AVAILABLE -#endif +#include "adv_simd.h" #if (CRYPTOPP_AESNI_AVAILABLE) # include # include #endif -// Use ARMv8 rather than NEON due to compiler inconsistencies -#if (CRYPTOPP_ARM_AES_AVAILABLE) +#if (CRYPTOPP_ARM_NEON_AVAILABLE) # include #endif -// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many -// compilers don't follow ACLE conventions for the include. -#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE) +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) # include # include #endif #if defined(CRYPTOPP_POWER8_AES_AVAILABLE) -# include "ppc-simd.h" +# include "ppc_simd.h" #endif #ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY @@ -66,8 +56,13 @@ #define M128_CAST(x) ((__m128i *)(void *)(x)) #define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) +// Squash MS LNK4221 and libtool warnings +extern const char RIJNDAEL_SIMD_FNAME[] = __FILE__; + NAMESPACE_BEGIN(CryptoPP) +// ************************* Feature Probes ************************* // + #ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY extern "C" { typedef void (*SigHandler)(int); @@ -80,7 +75,7 @@ extern "C" { } #endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY -#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64) +#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8) bool CPU_ProbeAES() { #if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) @@ -341,14 +336,14 @@ ANONYMOUS_NAMESPACE_END size_t Rijndael_Enc_AdvancedProcessBlocks_ARMV8(const word32 *subKeys, size_t rounds, const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) { - return AdvancedProcessBlocks128_NEON1x6(ARMV8_Enc_Block, ARMV8_Enc_6_Blocks, + return AdvancedProcessBlocks128_6x1_NEON(ARMV8_Enc_Block, ARMV8_Enc_6_Blocks, subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); } size_t Rijndael_Dec_AdvancedProcessBlocks_ARMV8(const word32 *subKeys, size_t rounds, const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) { - return AdvancedProcessBlocks128_NEON1x6(ARMV8_Dec_Block, ARMV8_Dec_6_Blocks, + return AdvancedProcessBlocks128_6x1_NEON(ARMV8_Dec_Block, ARMV8_Dec_6_Blocks, subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); } @@ -534,7 +529,7 @@ size_t Rijndael_Dec_AdvancedProcessBlocks_AESNI(const word32 *subKeys, size_t ro #endif // CRYPTOPP_AESNI_AVAILABLE -// ***************************** Power 8 ***************************** // +// ************************** Power 8 Crypto ************************** // #if (CRYPTOPP_POWER8_AES_AVAILABLE) @@ -553,17 +548,17 @@ static inline void POWER8_Enc_Block(uint32x4_p &block, const word32 *subkeys, un CRYPTOPP_ASSERT(IsAlignedOn(subkeys, 16)); const byte *keys = reinterpret_cast(subkeys); - uint32x4_p k = VectorLoadKey(keys); - block = VectorXor(block, k); + uint32x4_p k = VecLoad(keys); + block = VecXor(block, k); for (size_t i=1; i(subkeys); - uint32x4_p k = VectorLoadKey(keys); - block0 = VectorXor(block0, k); - block1 = VectorXor(block1, k); - block2 = VectorXor(block2, k); - block3 = VectorXor(block3, k); - block4 = VectorXor(block4, k); - block5 = VectorXor(block5, k); + uint32x4_p k = VecLoad(keys); + block0 = VecXor(block0, k); + block1 = VecXor(block1, k); + block2 = VecXor(block2, k); + block3 = VecXor(block3, k); + block4 = VecXor(block4, k); + block5 = VecXor(block5, k); for (size_t i=1; i(subkeys); - uint32x4_p k = VectorLoadKey(rounds*16, keys); - block = VectorXor(block, k); + uint32x4_p k = VecLoad(rounds*16, keys); + block = VecXor(block, k); for (size_t i=rounds-1; i>1; i-=2) { - block = VectorDecrypt(block, VectorLoadKey( i*16, keys)); - block = VectorDecrypt(block, VectorLoadKey((i-1)*16, keys)); + block = VecDecrypt(block, VecLoad( i*16, keys)); + block = VecDecrypt(block, VecLoad((i-1)*16, keys)); } - block = VectorDecrypt(block, VectorLoadKey(16, keys)); - block = VectorDecryptLast(block, VectorLoadKey(0, keys)); + block = VecDecrypt(block, VecLoad(16, keys)); + block = VecDecryptLast(block, VecLoad(0, keys)); } static inline void POWER8_Dec_6_Blocks(uint32x4_p &block0, uint32x4_p &block1, @@ -626,32 +621,32 @@ static inline void POWER8_Dec_6_Blocks(uint32x4_p &block0, uint32x4_p &block1, CRYPTOPP_ASSERT(IsAlignedOn(subkeys, 16)); const byte *keys = reinterpret_cast(subkeys); - uint32x4_p k = VectorLoadKey(rounds*16, keys); - block0 = VectorXor(block0, k); - block1 = VectorXor(block1, k); - block2 = VectorXor(block2, k); - block3 = VectorXor(block3, k); - block4 = VectorXor(block4, k); - block5 = VectorXor(block5, k); + uint32x4_p k = VecLoad(rounds*16, keys); + block0 = VecXor(block0, k); + block1 = VecXor(block1, k); + block2 = VecXor(block2, k); + block3 = VecXor(block3, k); + block4 = VecXor(block4, k); + block5 = VecXor(block5, k); for (size_t i=rounds-1; i>0; --i) { - k = VectorLoadKey(i*16, keys); - block0 = VectorDecrypt(block0, k); - block1 = VectorDecrypt(block1, k); - block2 = VectorDecrypt(block2, k); - block3 = VectorDecrypt(block3, k); - block4 = VectorDecrypt(block4, k); - block5 = VectorDecrypt(block5, k); + k = VecLoad(i*16, keys); + block0 = VecDecrypt(block0, k); + block1 = VecDecrypt(block1, k); + block2 = VecDecrypt(block2, k); + block3 = VecDecrypt(block3, k); + block4 = VecDecrypt(block4, k); + block5 = VecDecrypt(block5, k); } - k = VectorLoadKey(0, keys); - block0 = VectorDecryptLast(block0, k); - block1 = VectorDecryptLast(block1, k); - block2 = VectorDecryptLast(block2, k); - block3 = VectorDecryptLast(block3, k); - block4 = VectorDecryptLast(block4, k); - block5 = VectorDecryptLast(block5, k); + k = VecLoad(0, keys); + block0 = VecDecryptLast(block0, k); + block1 = VecDecryptLast(block1, k); + block2 = VecDecryptLast(block2, k); + block3 = VecDecryptLast(block3, k); + block4 = VecDecryptLast(block4, k); + block5 = VecDecryptLast(block5, k); } ANONYMOUS_NAMESPACE_END @@ -660,60 +655,62 @@ void Rijndael_UncheckedSetKey_POWER8(const byte* userKey, size_t keyLen, word32* { const size_t rounds = keyLen / 4 + 6; const word32 *rc = s_rconBE; + word32 *rkey = rk, temp; - GetUserKey(BIG_ENDIAN_ORDER, rk, keyLen/4, userKey, keyLen); - word32 *rk_saved = rk, temp; // unused in big-endian - CRYPTOPP_UNUSED(rk_saved); + GetUserKey(BIG_ENDIAN_ORDER, rkey, keyLen/4, userKey, keyLen); // keySize: m_key allocates 4*(rounds+1) word32's. const size_t keySize = 4*(rounds+1); - const word32* end = rk + keySize; + const word32* end = rkey + keySize; while (true) { - temp = rk[keyLen/4-1]; + temp = rkey[keyLen/4-1]; word32 x = (word32(Se[GETBYTE(temp, 2)]) << 24) ^ (word32(Se[GETBYTE(temp, 1)]) << 16) ^ (word32(Se[GETBYTE(temp, 0)]) << 8) ^ Se[GETBYTE(temp, 3)]; - rk[keyLen/4] = rk[0] ^ x ^ *(rc++); - rk[keyLen/4+1] = rk[1] ^ rk[keyLen/4]; - rk[keyLen/4+2] = rk[2] ^ rk[keyLen/4+1]; - rk[keyLen/4+3] = rk[3] ^ rk[keyLen/4+2]; + rkey[keyLen/4] = rkey[0] ^ x ^ *(rc++); + rkey[keyLen/4+1] = rkey[1] ^ rkey[keyLen/4]; + rkey[keyLen/4+2] = rkey[2] ^ rkey[keyLen/4+1]; + rkey[keyLen/4+3] = rkey[3] ^ rkey[keyLen/4+2]; - if (rk + keyLen/4 + 4 == end) + if (rkey + keyLen/4 + 4 == end) break; if (keyLen == 24) { - rk[10] = rk[ 4] ^ rk[ 9]; - rk[11] = rk[ 5] ^ rk[10]; + rkey[10] = rkey[ 4] ^ rkey[ 9]; + rkey[11] = rkey[ 5] ^ rkey[10]; } else if (keyLen == 32) { - temp = rk[11]; - rk[12] = rk[ 4] ^ (word32(Se[GETBYTE(temp, 3)]) << 24) ^ (word32(Se[GETBYTE(temp, 2)]) << 16) ^ (word32(Se[GETBYTE(temp, 1)]) << 8) ^ Se[GETBYTE(temp, 0)]; - rk[13] = rk[ 5] ^ rk[12]; - rk[14] = rk[ 6] ^ rk[13]; - rk[15] = rk[ 7] ^ rk[14]; + temp = rkey[11]; + rkey[12] = rkey[ 4] ^ (word32(Se[GETBYTE(temp, 3)]) << 24) ^ (word32(Se[GETBYTE(temp, 2)]) << 16) ^ (word32(Se[GETBYTE(temp, 1)]) << 8) ^ Se[GETBYTE(temp, 0)]; + rkey[13] = rkey[ 5] ^ rkey[12]; + rkey[14] = rkey[ 6] ^ rkey[13]; + rkey[15] = rkey[ 7] ^ rkey[14]; } - rk += keyLen/4; + rkey += keyLen/4; } -#if defined(CRYPTOPP_LITTLE_ENDIAN) - rk = rk_saved; +#if (CRYPTOPP_LITTLE_ENDIAN) + rkey = rk; const uint8x16_p mask = ((uint8x16_p){12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3}); const uint8x16_p zero = {0}; unsigned int i=0; - for (i=0; i m_state; int m_rounds; }; diff --git a/vendor/cryptopp/vendor_cryptopp/scrypt.cpp b/vendor/cryptopp/vendor_cryptopp/scrypt.cpp index 5a53ca1e..3566c3e1 100644 --- a/vendor/cryptopp/vendor_cryptopp/scrypt.cpp +++ b/vendor/cryptopp/vendor_cryptopp/scrypt.cpp @@ -245,8 +245,14 @@ size_t Scrypt::DeriveKey(byte*derived, size_t derivedLen, const byte*secret, siz // 1: (B_0 ... B_{p-1}) <-- PBKDF2(P, S, 1, p * MFLen) PBKDF2_SHA256(B, B.size(), secret, secretLen, salt, saltLen, 1); + #ifdef _OPENMP + int threads = STDMIN(omp_get_max_threads(), + static_cast(STDMIN(static_cast(parallel), + static_cast(std::numeric_limits::max())))); + #endif + // http://stackoverflow.com/q/49604260/608639 - #pragma omp parallel + #pragma omp parallel num_threads(threads) { // Each thread gets its own copy AlignedSecByteBlock XY(static_cast(blockSize * 256U)); diff --git a/vendor/cryptopp/vendor_cryptopp/scrypt.h b/vendor/cryptopp/vendor_cryptopp/scrypt.h index 4d4dfcd9..129c5dc3 100644 --- a/vendor/cryptopp/vendor_cryptopp/scrypt.h +++ b/vendor/cryptopp/vendor_cryptopp/scrypt.h @@ -8,7 +8,7 @@ /// The scrypt key derivation function /// and RFC 7914, The scrypt Password-Based /// Key Derivation Function -/// \since Crypto++ 6.2 +/// \since Crypto++ 7.0 #ifndef CRYPTOPP_SCRYPT_H #define CRYPTOPP_SCRYPT_H @@ -25,11 +25,11 @@ NAMESPACE_BEGIN(CryptoPP) /// example, the library is limited to a derived key length of SIZE_MAX, /// and not (2^32 - 1) * 32. /// \sa Stronger Key Derivation via -/// Sequential Memory-Hard Functions, +/// Sequential Memory-Hard Functions, /// The scrypt key derivation function /// and RFC 7914, The scrypt Password-Based /// Key Derivation Function -/// \since Crypto++ 6.2 +/// \since Crypto++ 7.0 class Scrypt : public KeyDerivationFunction { public: diff --git a/vendor/cryptopp/vendor_cryptopp/secblock.h b/vendor/cryptopp/vendor_cryptopp/secblock.h index 842f0298..26ebd0ae 100644 --- a/vendor/cryptopp/vendor_cryptopp/secblock.h +++ b/vendor/cryptopp/vendor_cryptopp/secblock.h @@ -55,6 +55,8 @@ public: /// \since Crypto++ 6.0 #if defined(CRYPTOPP_DOXYGEN_PROCESSING) static const size_type ELEMS_MAX = ...; +#elif defined(_MSC_VER) && (_MSC_VER <= 1400) + static const size_type ELEMS_MAX = (~(size_type)0)/sizeof(T); #elif defined(CRYPTOPP_CXX11_ENUM) enum : size_type {ELEMS_MAX = SIZE_MAX/sizeof(T)}; #else @@ -198,10 +200,10 @@ public: #if CRYPTOPP_BOOL_ALIGN16 // TODO: Does this need the test 'size*sizeof(T) >= 16'? if (T_Align16 && size) - return (pointer)AlignedAllocate(size*sizeof(T)); + return reinterpret_cast(AlignedAllocate(size*sizeof(T))); #endif - return (pointer)UnalignedAllocate(size*sizeof(T)); + return reinterpret_cast(UnalignedAllocate(size*sizeof(T))); } /// \brief Deallocates a block of memory @@ -217,7 +219,7 @@ public: // This will fire if SetMark(0) was called in the SecBlock // Our self tests exercise it, disable it now. // CRYPTOPP_ASSERT((ptr && size) || !(ptr || size)); - SecureWipeArray((pointer)ptr, size); + SecureWipeArray(reinterpret_cast(ptr), size); #if CRYPTOPP_BOOL_ALIGN16 if (T_Align16 && size) @@ -307,7 +309,8 @@ public: /// \brief Static secure memory block with cleanup /// \tparam T class or type /// \tparam S fixed-size of the stack-based memory block, in elements -/// \tparam T_Align16 boolean that determines whether allocations should be aligned on a 16-byte boundary +/// \tparam T_Align16 boolean that determines whether allocations should +/// be aligned on a 16-byte boundary /// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack- /// based allocation at compile time. The class can grow its memory /// block at runtime if a suitable allocator is available. If size @@ -317,6 +320,26 @@ public: /// they require that all objects of the same allocator type are equivalent. template , bool T_Align16 = false> class FixedSizeAllocatorWithCleanup : public AllocatorBase +{ + // The body of FixedSizeAllocatorWithCleanup is provided in the two + // partial specializations that follow. The two specialiations + // pivot on the boolean template parameter T_Align16. AIX, Solaris, + // IBM XLC and SunCC receive a little extra help. We managed to + // clear most of the warnings. +}; + +/// \brief Static secure memory block with cleanup +/// \tparam T class or type +/// \tparam S fixed-size of the stack-based memory block, in elements +/// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack- +/// based allocation at compile time. The class can grow its memory +/// block at runtime if a suitable allocator is available. If size +/// grows beyond S and a suitable allocator is available, then the +/// statically allocated array is obsoleted. +/// \note This allocator can't be used with standard collections because +/// they require that all objects of the same allocator type are equivalent. +template +class FixedSizeAllocatorWithCleanup : public AllocatorBase { public: CRYPTOPP_INHERIT_ALLOCATOR_TYPES @@ -385,6 +408,10 @@ public: { if (ptr == GetAlignedArray()) { + // If the m_allocated assert fires then the bit twiddling for + // GetAlignedArray() is probably incorrect for the platform. + // Be sure to check CRYPTOPP_ALIGN_DATA(8). The platform may + // not have a way to declaritively align data to 8. CRYPTOPP_ASSERT(size <= S); CRYPTOPP_ASSERT(m_allocated); m_allocated = false; @@ -398,7 +425,8 @@ public: /// \param oldPtr the previous allocation /// \param oldSize the size of the previous allocation /// \param newSize the new, requested size - /// \param preserve flag that indicates if the old allocation should be preserved + /// \param preserve flag that indicates if the old allocation should + /// be preserved /// \returns pointer to the new memory block /// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack- /// based allocation at compile time. If size is less than or equal to @@ -431,22 +459,222 @@ public: return newPointer; } - CRYPTOPP_CONSTEXPR size_type max_size() const {return STDMAX(m_fallbackAllocator.max_size(), S);} + CRYPTOPP_CONSTEXPR size_type max_size() const + { + return STDMAX(m_fallbackAllocator.max_size(), S); + } private: -#ifdef __BORLANDC__ - T* GetAlignedArray() {return m_array;} - T m_array[S]; +#if defined(CRYPTOPP_BOOL_ALIGN16) && (defined(_M_X64) || defined(__x86_64__)) + // Before we can add additional platforms we need to check the + // linker documentation for alignment behavior for stack variables. + // CRYPTOPP_ALIGN_DATA(16) is known OK on Linux, OS X, Solaris. + // Also see http://stackoverflow.com/a/1468656/608639. + T* GetAlignedArray() { + CRYPTOPP_ASSERT(IsAlignedOn(m_array, 16)); + return m_array; + } + CRYPTOPP_ALIGN_DATA(16) T m_array[S]; + +#elif defined(CRYPTOPP_BOOL_ALIGN16) + + // There be demons here... We cannot use CRYPTOPP_ALIGN_DATA(16) + // because linkers on 32-bit machines (and some 64-bit machines) + // align the stack to 8-bytes or less by default, not 16-bytes as + // requested. Additionally, the AIX linker seems to use 4-bytes + // by default. However, all linkers tested appear to honor + // CRYPTOPP_ALIGN_DATA(8). Also see + // http://stackoverflow.com/a/1468656/608639. + // + // The 16-byte alignment is achieved by padding the requested + // size with extra elements so we have at least 16-bytes of slack + // to work with. Then the pointer is moved down to achieve a + // 16-byte alignment (stacks grow down). + // + // The additional 16-bytes introduces a small secondary issue. + // The secondary issue is, a large T results in 0 = 8/sizeof(T). + // The library is OK but users may hit it. So we need to guard + // for a large T, and that is what PAD achieves. + T* GetAlignedArray() { + T* p_array = (T*)(void*)(((byte*)m_array) + (0-(size_t)m_array)%16); + // Verify the 16-byte alignment + CRYPTOPP_ASSERT(IsAlignedOn(p_array, 16)); + // Verify allocated array with pad is large enough. + CRYPTOPP_ASSERT(p_array+S <= m_array+(S+PAD)); + return p_array; + } + +# if defined(_AIX) + // PAD is elements, not bytes, and rounded up to ensure no overflow. + enum { Q = sizeof(T), PAD = (Q >= 16) ? 1 : (Q >= 8) ? 2 : (Q >= 4) ? 4 : (Q >= 2) ? 8 : 16 }; + CRYPTOPP_ALIGN_DATA(8) T m_array[S+PAD]; +# else + // PAD is elements, not bytes, and rounded up to ensure no overflow. + enum { Q = sizeof(T), PAD = (Q >= 8) ? 1 : (Q >= 4) ? 2 : (Q >= 2) ? 4 : 8 }; + CRYPTOPP_ALIGN_DATA(8) T m_array[S+PAD]; +# endif + #else - T* GetAlignedArray() {return (CRYPTOPP_BOOL_ALIGN16 && T_Align16) ? (T*)(void *)(((byte *)m_array) + (0-(size_t)m_array)%16) : m_array;} - CRYPTOPP_ALIGN_DATA(8) T m_array[(CRYPTOPP_BOOL_ALIGN16 && T_Align16) ? S+8/sizeof(T) : S]; + + // CRYPTOPP_BOOL_ALIGN16 is 0. Use natural alignment of T. + T* GetAlignedArray() {return m_array;} + CRYPTOPP_ALIGN_DATA(4) T m_array[S]; + #endif A m_fallbackAllocator; bool m_allocated; }; +/// \brief Static secure memory block with cleanup +/// \tparam T class or type +/// \tparam S fixed-size of the stack-based memory block, in elements +/// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack- +/// based allocation at compile time. The class can grow its memory +/// block at runtime if a suitable allocator is available. If size +/// grows beyond S and a suitable allocator is available, then the +/// statically allocated array is obsoleted. +/// \note This allocator can't be used with standard collections because +/// they require that all objects of the same allocator type are equivalent. +template +class FixedSizeAllocatorWithCleanup : public AllocatorBase +{ +public: + CRYPTOPP_INHERIT_ALLOCATOR_TYPES + + /// \brief Constructs a FixedSizeAllocatorWithCleanup + FixedSizeAllocatorWithCleanup() : m_allocated(false) {} + + /// \brief Allocates a block of memory + /// \param size the count elements in the memory block + /// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack-based + /// allocation at compile time. If size is less than or equal to + /// S, then a pointer to the static array is returned. + /// \details The class can grow its memory block at runtime if a suitable + /// allocator is available. If size grows beyond S and a suitable + /// allocator is available, then the statically allocated array is + /// obsoleted. If a suitable allocator is not available, as with a + /// NullAllocator, then the function returns NULL and a runtime error + /// eventually occurs. + /// \sa reallocate(), SecBlockWithHint + pointer allocate(size_type size) + { + CRYPTOPP_ASSERT(IsAlignedOn(m_array, 8)); + + if (size <= S && !m_allocated) + { + m_allocated = true; + return GetAlignedArray(); + } + else + return m_fallbackAllocator.allocate(size); + } + + /// \brief Allocates a block of memory + /// \param size the count elements in the memory block + /// \param hint an unused hint + /// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack- + /// based allocation at compile time. If size is less than or equal to + /// S, then a pointer to the static array is returned. + /// \details The class can grow its memory block at runtime if a suitable + /// allocator is available. If size grows beyond S and a suitable + /// allocator is available, then the statically allocated array is + /// obsoleted. If a suitable allocator is not available, as with a + /// NullAllocator, then the function returns NULL and a runtime error + /// eventually occurs. + /// \sa reallocate(), SecBlockWithHint + pointer allocate(size_type size, const void *hint) + { + if (size <= S && !m_allocated) + { + m_allocated = true; + return GetAlignedArray(); + } + else + return m_fallbackAllocator.allocate(size, hint); + } + + /// \brief Deallocates a block of memory + /// \param ptr a pointer to the memory block to deallocate + /// \param size the count elements in the memory block + /// \details The memory block is wiped or zeroized before deallocation. + /// If the statically allocated memory block is active, then no + /// additional actions are taken after the wipe. + /// \details If a dynamic memory block is active, then the pointer and + /// size are passed to the allocator for deallocation. + void deallocate(void *ptr, size_type size) + { + if (ptr == GetAlignedArray()) + { + // If the m_allocated assert fires then + // something overwrote the flag. + CRYPTOPP_ASSERT(size <= S); + CRYPTOPP_ASSERT(m_allocated); + m_allocated = false; + SecureWipeArray((pointer)ptr, size); + } + else + m_fallbackAllocator.deallocate(ptr, size); + } + + /// \brief Reallocates a block of memory + /// \param oldPtr the previous allocation + /// \param oldSize the size of the previous allocation + /// \param newSize the new, requested size + /// \param preserve flag that indicates if the old allocation should + /// be preserved + /// \returns pointer to the new memory block + /// \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack- + /// based allocation at compile time. If size is less than or equal to + /// S, then a pointer to the static array is returned. + /// \details The class can grow its memory block at runtime if a suitable + /// allocator is available. If size grows beyond S and a suitable + /// allocator is available, then the statically allocated array is + /// obsoleted. If a suitable allocator is not available, as with a + /// NullAllocator, then the function returns NULL and a runtime error + /// eventually occurs. + /// \note size is the count of elements, and not the number of bytes. + /// \sa reallocate(), SecBlockWithHint + pointer reallocate(pointer oldPtr, size_type oldSize, size_type newSize, bool preserve) + { + if (oldPtr == GetAlignedArray() && newSize <= S) + { + CRYPTOPP_ASSERT(oldSize <= S); + if (oldSize > newSize) + SecureWipeArray(oldPtr+newSize, oldSize-newSize); + return oldPtr; + } + + pointer newPointer = allocate(newSize, NULLPTR); + if (preserve && newSize) + { + const size_t copySize = STDMIN(oldSize, newSize); + memcpy_s(newPointer, sizeof(T)*newSize, oldPtr, sizeof(T)*copySize); + } + deallocate(oldPtr, oldSize); + return newPointer; + } + + CRYPTOPP_CONSTEXPR size_type max_size() const + { + return STDMAX(m_fallbackAllocator.max_size(), S); + } + +private: + + // The 8-byte alignments follows convention of Linux and Windows. + // Linux and Windows receives most testing. Duplicate it here for + // other platforms like AIX and Solaris. AIX and Solaris often use + // alignments smaller than expected. In fact AIX caught us by + // surprise with word16 and word32. + T* GetAlignedArray() {return m_array;} + CRYPTOPP_ALIGN_DATA(8) T m_array[S]; + + A m_fallbackAllocator; + bool m_allocated; +}; + /// \brief Secure memory block with allocator and cleanup /// \tparam T a class or type /// \tparam A AllocatorWithCleanup derived class for allocation and cleanup @@ -473,6 +701,8 @@ public: /// \since Crypto++ 6.0 #if defined(CRYPTOPP_DOXYGEN_PROCESSING) static const size_type ELEMS_MAX = ...; +#elif defined(_MSC_VER) && (_MSC_VER <= 1400) + static const size_type ELEMS_MAX = (~(size_type)0)/sizeof(T); #elif defined(CRYPTOPP_CXX11_ENUM) enum : size_type {ELEMS_MAX = A::ELEMS_MAX}; #else diff --git a/vendor/cryptopp/vendor_cryptopp/seckey.h b/vendor/cryptopp/vendor_cryptopp/seckey.h index 38fd14a8..90fd6dce 100644 --- a/vendor/cryptopp/vendor_cryptopp/seckey.h +++ b/vendor/cryptopp/vendor_cryptopp/seckey.h @@ -42,29 +42,6 @@ class FixedBlockSize public: /// \brief The block size of the algorithm provided as a constant. CRYPTOPP_CONSTANT(BLOCKSIZE = N) - /// \brief The default blocksize for the algorithm provided as a constant. - CRYPTOPP_CONSTANT(DEFAULT_BLOCKSIZE = N) - /// \brief The minimum blocksize for the algorithm provided as a constant. - CRYPTOPP_CONSTANT(MIN_BLOCKSIZE = N) - /// \brief The maximum blocksize for the algorithm provided as a constant. - CRYPTOPP_CONSTANT(MAX_BLOCKSIZE = N) - /// \brief The default block size for the algorithm provided by a static function. - /// \param blocksize the block size, in bytes - /// \details The default implementation returns BLOCKSIZE. blocksize is unused - /// in the default implementation. - CRYPTOPP_STATIC_CONSTEXPR size_t CRYPTOPP_API StaticGetValidBlockSize(size_t blocksize) - { - return CRYPTOPP_UNUSED(blocksize), static_cast(BLOCKSIZE); - } - /// \brief The default block size under a key provided by a static function. - /// \param keylength the size of the key, in bytes - /// \param blocksize the block size, in bytes - /// \details The default implementation returns BLOCKSIZE. blocksize is unused - /// in the default implementation. - CRYPTOPP_STATIC_CONSTEXPR size_t CRYPTOPP_API StaticGetValidBlockSize(size_t keylength, size_t blocksize) - { - return CRYPTOPP_UNUSED(keylength), CRYPTOPP_UNUSED(blocksize), static_cast(BLOCKSIZE); - } }; // ************** rounds *************** @@ -311,8 +288,9 @@ public: SimpleKeyingInterface::IV_Requirement IVRequirement() const {return (SimpleKeyingInterface::IV_Requirement)INFO::IV_REQUIREMENT;} - /// \brief The default initialization vector length for the algorithm - /// \details IVSize is provided in bytes, not bits. The default implementation uses IV_LENGTH, which is 0. + /// \brief The initialization vector length for the algorithm + /// \details IVSize is provided in bytes, not bits. The default implementation uses + /// IV_LENGTH, which is 0. unsigned int IVSize() const {return INFO::IV_LENGTH;} }; diff --git a/vendor/cryptopp/vendor_cryptopp/setenv-android.sh b/vendor/cryptopp/vendor_cryptopp/setenv-android-gcc.sh similarity index 98% rename from vendor/cryptopp/vendor_cryptopp/setenv-android.sh rename to vendor/cryptopp/vendor_cryptopp/setenv-android-gcc.sh index c66ed236..d49f2000 100755 --- a/vendor/cryptopp/vendor_cryptopp/setenv-android.sh +++ b/vendor/cryptopp/vendor_cryptopp/setenv-android-gcc.sh @@ -71,7 +71,7 @@ if [ -z "${AOSP_API-}" ]; then else echo "WARNING: Using AOSP_API has been deprecated. Please use AOSP_API_VERSION instead." echo "If you set for example AOSP_API=android-23 then now instead set AOSP_API_VERSION=23" - exit 1 + [ "$0" = "$BASH_SOURCE" ] && exit 1 || return 1 fi ##################################################################### @@ -126,8 +126,8 @@ case "$THE_ARCH" in AOSP_FLAGS="-march=armv7-a -mthumb -mfpu=vfpv3-d16 -mfloat-abi=softfp -DCRYPTOPP_DISABLE_ASM -Wl,--fix-cortex-a8 -funwind-tables -fexceptions -frtti" ;; hard|armv7a-hard|armeabi-v7a-hard) - echo hard, armv7a-hard and armeabi-v7a-hard are not supported, as android uses softfloats - exit 1 + echo hard, armv7a-hard and armeabi-v7a-hard are not supported, as android uses softfloats + [ "$0" = "$BASH_SOURCE" ] && exit 1 || return 1 #TOOLCHAIN_ARCH="arm-linux-androideabi" #TOOLCHAIN_NAME="arm-linux-androideabi" #AOSP_ABI="armeabi-v7a" @@ -174,7 +174,7 @@ case "$THE_ARCH" in TOOLCHAIN_NAME="x86_64-linux-android" AOSP_ABI="x86_64" AOSP_ARCH="arch-x86_64" - AOSP_FLAGS="-march=x86-64 -msse4.2 -mpopcnt -mtune=intel -DCRYPTOPP_DISABLE_CLMUL -DCRYPTOPP_DISABLE_AES -DCRYPTOPP_DISABLE_SHA -funwind-tables -fexceptions -frtti" + AOSP_FLAGS="-march=x86-64 -msse4.2 -mpopcnt -mtune=intel -DCRYPTOPP_DISABLE_CLMUL -DCRYPTOPP_DISABLE_AESNI -DCRYPTOPP_DISABLE_SHANI -funwind-tables -fexceptions -frtti" ;; *) echo "ERROR: Unknown architecture $1" diff --git a/vendor/cryptopp/vendor_cryptopp/setenv-ios.sh b/vendor/cryptopp/vendor_cryptopp/setenv-ios.sh index 596ec7e4..d9f86940 100755 --- a/vendor/cryptopp/vendor_cryptopp/setenv-ios.sh +++ b/vendor/cryptopp/vendor_cryptopp/setenv-ios.sh @@ -42,6 +42,7 @@ SETENV_VERBOSE=1 APPLE_SDK= IOS_ARCH= +BACK_ARCH= for ARG in "$@" do @@ -49,66 +50,74 @@ do # i386 (simulator) if [ "$CL" == "i386" ]; then - IOS_ARCH=i386 + BACK_ARCH=i386 + APPLE_SDK=iPhoneSimulator fi # x86_64 (simulator) if [ "$CL" == "x86_64" ]; then - IOS_ARCH=x86_64 + BACK_ARCH=x86_64 + APPLE_SDK=iPhoneSimulator fi # ARMv5 if [ "$CL" == "armv5" ]; then - IOS_ARCH=armv5 + BACK_ARCH=armv5 fi # ARMv6 if [ "$CL" == "armv6" ]; then - IOS_ARCH=armv6 + BACK_ARCH=armv6 fi # ARMv7 if [ "$CL" == "armv7" ]; then - IOS_ARCH=armv7 + BACK_ARCH=armv7 fi # ARMv7s if [ "$CL" == "armv7s" ]; then - IOS_ARCH=armv7s + BACK_ARCH=armv7s fi # ARM64 if [[ ("$CL" == "arm64" || "$CL" == "armv8" || "$CL" == "aarch64") ]]; then - IOS_ARCH=arm64 + BACK_ARCH=arm64 fi # iPhone if [[ ("$CL" == "iphone" || "$CL" == "iphoneos") ]]; then + BACK_ARCH=armv7 APPLE_SDK=iPhoneOS fi # iPhone Simulator if [[ ("$CL" == "simulator" || "$CL" == "iphonesimulator") ]]; then + BACK_ARCH=i386 APPLE_SDK=iPhoneSimulator fi # Watch if [[ ("$CL" == "watch" || "$CL" == "watchos" || "$CL" == "applewatch") ]]; then + BACK_ARCH=armv7 APPLE_SDK=WatchOS fi # Watch Simulator if [ "$CL" == "watchsimulator" ]; then + BACK_ARCH=i386 APPLE_SDK=WatchSimulator fi # Apple TV if [[ ("$CL" == "tv" || "$CL" == "appletv" || "$CL" == "appletvos") ]]; then + BACK_ARCH=arm64 APPLE_SDK=AppleTVOS fi # Apple TV Simulator if [[ ("$CL" == "tvsimulator" || "$CL" == "appletvsimulator") ]]; then + BACK_ARCH=x86_64 APPLE_SDK=AppleTVSimulator fi @@ -116,21 +125,13 @@ done # Defaults if not set if [ -z "$APPLE_SDK" ]; then + BACK_ARCH=armv7 APPLE_SDK=iPhoneOS fi +# Defaults if not set if [ -z "$IOS_ARCH" ]; then - if [ "$APPLE_SDK" == "iPhoneOS" ]; then - IOS_ARCH=armv7 - elif [ "$APPLE_SDK" == "iPhoneSimulator" ]; then - IOS_ARCH=i386 - elif [ "$APPLE_SDK" == "AppleTVOS" ]; then - IOS_ARCH=arm64 - elif [ "$APPLE_SDK" == "WatchOS" ]; then - IOS_ARCH=armv7 - fi - - # TODO: fill in missing simulator architectures + IOS_ARCH="$BACK_ARCH" fi # Allow a user override? I think we should be doing this. The use case is: @@ -195,12 +196,12 @@ fi # https://github.com/weidai11/cryptopp/issues/635 if [ "$APPLE_SDK" == "iPhoneSimulator" ]; then - IOS_FLAGS="$IOS_FLAGS -DCRYPTOPP_DISABLE_SSSE3" + IOS_FLAGS="$IOS_FLAGS -DCRYPTOPP_DISABLE_ASM" fi # Simulator fixup. LD fails to link dylib. if [ "$APPLE_SDK" == "iPhoneSimulator" ] && [ "$IOS_ARCH" == "i386" ]; then - IOS_FLAGS="$IOS_FLAGS -miphoneos-version-min=5" + IOS_FLAGS="$IOS_FLAGS -miphoneos-version-min=5 -DCRYPTOPP_DISABLE_ASM" fi # ARMv7s fixup. Xcode 4/iOS 6 @@ -219,8 +220,25 @@ if [ "$APPLE_SDK" == "AppleTVOS" ]; then fi # ARM64 Simulator fixup. Under Xcode 6/iOS 8, it uses x86_64 and not i386 +# -ios_simulator_version_min does not work though it is in LLVM sources. if [ "$IOS_ARCH" == "x86_64" ]; then - IOS_FLAGS="$IOS_FLAGS -miphoneos-version-min=8" + IOS_FLAGS="$IOS_FLAGS -DCRYPTOPP_DISABLE_ASM" +fi + +# Disable ASM for simulator. We are failing on Travis due to missing _start. +# We may need to link against crt1.o for simulator builds. Also see +# https://stackoverflow.com/q/24841283/608639 +# -watchos_simulator_version_min does not work though it is in LLVM sources. +if [ "$APPLE_SDK" == "WatchSimulator" ]; then + IOS_FLAGS="$IOS_FLAGS -DCRYPTOPP_DISABLE_ASM" +fi + +# Disable ASM for simulator. We are failing on Travis due to missing _start. +# We may need to link against crt1.o for simulator builds. Also see +# https://stackoverflow.com/q/24841283/608639 +# -tvos_simulator_version_min does not work though it is in LLVM sources. +if [ "$APPLE_SDK" == "AppleTVSimulator" ]; then + IOS_FLAGS="$IOS_FLAGS -tvos_simulator_version_min -DCRYPTOPP_DISABLE_ASM" fi # Simulator uses i386 or x86_64, Device uses ARMv5, ARMv6, ARMv7, ARMv7s or ARMv8 diff --git a/vendor/cryptopp/vendor_cryptopp/sha.cpp b/vendor/cryptopp/vendor_cryptopp/sha.cpp index f8c8979d..aa54af20 100644 --- a/vendor/cryptopp/vendor_cryptopp/sha.cpp +++ b/vendor/cryptopp/vendor_cryptopp/sha.cpp @@ -6,7 +6,7 @@ // code from Johannes Schneiders, Skip Hovsmith and Barry O'Rourke. // All code is in the public domain. -// In August 2017 Walton reworked the internals to align all the implementations. +// In August 2017 JW reworked the internals to align all the implementations. // Formerly all hashes were software based, IterHashBase handled endian conversions, // and IterHashBase dispatched a single to block SHA{N}::Transform. SHA{N}::Transform // then performed the single block hashing. It was repeated for multiple blocks. @@ -16,11 +16,12 @@ // SHA{N}::HashMultipleBlocks (class), and the function calls SHA{N}_HashMultipleBlocks // (free standing) or SHA{N}_HashBlock (free standing) as a fallback. // -// An added wrinkle is hardware is little endian, C++ is big endian, and callers use big endian, -// so SHA{N}_HashMultipleBlock accepts a ByteOrder for the incoming data arrangement. Hardware -// based SHA{N}_HashMultipleBlock can often perform the endian swap much easier by setting -// an EPI mask. Endian swap incurs no penalty on Intel SHA, and 4-instruction penaly on ARM SHA. -// Under C++ the full software based swap penalty is incurred due to use of ReverseBytes(). +// An added wrinkle is hardware is little endian, C++ is big endian, and callers use +// big endian, so SHA{N}_HashMultipleBlock accepts a ByteOrder for the incoming data +// arrangement. Hardware based SHA{N}_HashMultipleBlock can often perform the endian +// swap much easier by setting an EPI mask. Endian swap incurs no penalty on Intel SHA, +// and 4-instruction penalty on ARM SHA. Under C++ the full software based swap penalty +// is incurred due to use of ReverseBytes(). // // The rework also removed the hacked-in pointers to implementations. @@ -41,13 +42,6 @@ #include "misc.h" #include "cpu.h" -// Clang 3.3 integrated assembler crash on Linux -// http://github.com/weidai11/cryptopp/issues/264 -// Clang 3.4.1 (x86) crash on FreeBSD 10.3. Clang 3.4.1 (x64) works fine. -#if defined(CRYPTOPP_LLVM_CLANG_VERSION) && (CRYPTOPP_LLVM_CLANG_VERSION < 30500) -# define CRYPTOPP_DISABLE_SHA_ASM -#endif - #if defined(CRYPTOPP_DISABLE_SHA_ASM) # undef CRYPTOPP_X86_ASM_AVAILABLE # undef CRYPTOPP_X32_ASM_AVAILABLE @@ -62,16 +56,93 @@ extern void SHA1_HashMultipleBlocks_SHANI(word32 *state, const word32 *data, siz extern void SHA256_HashMultipleBlocks_SHANI(word32 *state, const word32 *data, size_t length, ByteOrder order); #endif -#if CRYPTOPP_ARM_SHA_AVAILABLE +#if CRYPTOPP_ARM_SHA1_AVAILABLE extern void SHA1_HashMultipleBlocks_ARMV8(word32 *state, const word32 *data, size_t length, ByteOrder order); +#endif + +#if CRYPTOPP_ARM_SHA2_AVAILABLE extern void SHA256_HashMultipleBlocks_ARMV8(word32 *state, const word32 *data, size_t length, ByteOrder order); #endif +#if CRYPTOPP_ARM_SHA512_AVAILABLE +extern void SHA512_HashMultipleBlocks_ARMV8(word32 *state, const word32 *data, size_t length, ByteOrder order); +#endif + #if CRYPTOPP_POWER8_SHA_AVAILABLE extern void SHA256_HashMultipleBlocks_POWER8(word32 *state, const word32 *data, size_t length, ByteOrder order); extern void SHA512_HashMultipleBlocks_POWER8(word64 *state, const word64 *data, size_t length, ByteOrder order); #endif +// We add extern to export table to sha_simd.cpp, but it +// cleared http://github.com/weidai11/cryptopp/issues/502 +extern const word32 SHA256_K[64]; +extern const word64 SHA512_K[80]; + +CRYPTOPP_ALIGN_DATA(16) +const word64 SHA512_K[80] = { + W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd), + W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc), + W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019), + W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118), + W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe), + W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2), + W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1), + W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694), + W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3), + W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65), + W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483), + W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5), + W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210), + W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4), + W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725), + W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70), + W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926), + W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df), + W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8), + W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b), + W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001), + W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30), + W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910), + W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8), + W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53), + W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8), + W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb), + W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3), + W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60), + W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec), + W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9), + W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b), + W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207), + W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178), + W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6), + W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b), + W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493), + W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c), + W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a), + W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817) +}; + +CRYPTOPP_ALIGN_DATA(16) +const word32 SHA256_K[64] = { + + 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, + 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, + 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, + 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, + 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, + 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, + 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, + 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, + 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, + 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, + 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, + 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, + 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, + 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, + 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, + 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 +}; + //////////////////////////////// // start of Steve Reid's code // //////////////////////////////// @@ -151,6 +222,23 @@ ANONYMOUS_NAMESPACE_END // end of Steve Reid's code // ////////////////////////////// +std::string SHA1::AlgorithmProvider() const +{ +#if CRYPTOPP_SHANI_AVAILABLE + if (HasSHA()) + return "SHANI"; +#endif +#if CRYPTOPP_SSE2_ASM_AVAILABLE + if (HasSSE2()) + return "SSE2"; +#endif +#if CRYPTOPP_ARM_SHA1_AVAILABLE + if (HasSHA1()) + return "ARMv8"; +#endif + return "C++"; +} + void SHA1::InitState(HashWordType *state) { state[0] = 0x67452301; @@ -172,7 +260,7 @@ void SHA1::Transform(word32 *state, const word32 *data) return; } #endif -#if CRYPTOPP_ARM_SHA_AVAILABLE +#if CRYPTOPP_ARM_SHA1_AVAILABLE if (HasSHA1()) { SHA1_HashMultipleBlocks_ARMV8(state, data, SHA1::BLOCKSIZE, LITTLE_ENDIAN_ORDER); @@ -195,7 +283,7 @@ size_t SHA1::HashMultipleBlocks(const word32 *input, size_t length) return length & (SHA1::BLOCKSIZE - 1); } #endif -#if CRYPTOPP_ARM_SHA_AVAILABLE +#if CRYPTOPP_ARM_SHA1_AVAILABLE if (HasSHA1()) { SHA1_HashMultipleBlocks_ARMV8(m_state, input, length, BIG_ENDIAN_ORDER); @@ -226,28 +314,6 @@ size_t SHA1::HashMultipleBlocks(const word32 *input, size_t length) // ************************************************************* -CRYPTOPP_ALIGN_DATA(16) -CRYPTOPP_TABLE -const word32 SHA256_K[64] = { - - 0x428a2f98, 0x71374491, 0xb5c0fbcf, 0xe9b5dba5, - 0x3956c25b, 0x59f111f1, 0x923f82a4, 0xab1c5ed5, - 0xd807aa98, 0x12835b01, 0x243185be, 0x550c7dc3, - 0x72be5d74, 0x80deb1fe, 0x9bdc06a7, 0xc19bf174, - 0xe49b69c1, 0xefbe4786, 0x0fc19dc6, 0x240ca1cc, - 0x2de92c6f, 0x4a7484aa, 0x5cb0a9dc, 0x76f988da, - 0x983e5152, 0xa831c66d, 0xb00327c8, 0xbf597fc7, - 0xc6e00bf3, 0xd5a79147, 0x06ca6351, 0x14292967, - 0x27b70a85, 0x2e1b2138, 0x4d2c6dfc, 0x53380d13, - 0x650a7354, 0x766a0abb, 0x81c2c92e, 0x92722c85, - 0xa2bfe8a1, 0xa81a664b, 0xc24b8b70, 0xc76c51a3, - 0xd192e819, 0xd6990624, 0xf40e3585, 0x106aa070, - 0x19a4c116, 0x1e376c08, 0x2748774c, 0x34b0bcb5, - 0x391c0cb3, 0x4ed8aa4a, 0x5b9cca4f, 0x682e6ff3, - 0x748f82ee, 0x78a5636f, 0x84c87814, 0x8cc70208, - 0x90befffa, 0xa4506ceb, 0xbef9a3f7, 0xc67178f2 -}; - ANONYMOUS_NAMESPACE_BEGIN #define a(i) T[(0-i)&7] @@ -320,20 +386,50 @@ void SHA256_HashBlock_CXX(word32 *state, const word32 *data) ANONYMOUS_NAMESPACE_END +std::string SHA256_AlgorithmProvider() +{ +#if CRYPTOPP_SHANI_AVAILABLE + if (HasSHA()) + return "SHANI"; +#endif +#if CRYPTOPP_SSE2_ASM_AVAILABLE + if (HasSSE2()) + return "SSE2"; +#endif +#if CRYPTOPP_ARM_SHA2_AVAILABLE + if (HasSHA2()) + return "ARMv8"; +#endif +#if (CRYPTOPP_POWER8_SHA_AVAILABLE) + if (HasSHA256()) + return "Power8"; +#endif + return "C++"; +} + +std::string SHA224::AlgorithmProvider() const +{ + return SHA256_AlgorithmProvider(); +} + void SHA224::InitState(HashWordType *state) { - static const word32 s[8] = {0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4}; + static const word32 s[8] = { + 0xc1059ed8, 0x367cd507, 0x3070dd17, 0xf70e5939, + 0xffc00b31, 0x68581511, 0x64f98fa7, 0xbefa4fa4}; memcpy(state, s, sizeof(s)); } void SHA256::InitState(HashWordType *state) { - static const word32 s[8] = {0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}; + static const word32 s[8] = { + 0x6a09e667, 0xbb67ae85, 0x3c6ef372, 0xa54ff53a, + 0x510e527f, 0x9b05688c, 0x1f83d9ab, 0x5be0cd19}; memcpy(state, s, sizeof(s)); } #endif // Not CRYPTOPP_GENERATE_X64_MASM -#if (defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X32_ASM_AVAILABLE) || defined(CRYPTOPP_GENERATE_X64_MASM)) +#if defined(CRYPTOPP_X86_ASM_AVAILABLE) ANONYMOUS_NAMESPACE_BEGIN @@ -357,9 +453,7 @@ void CRYPTOPP_FASTCALL SHA256_HashMultipleBlocks_SSE2(word32 *state, const word3 #define DATA_SAVE [BASE+8*4+16*4+2*WORD_SZ] #define DATA_END [BASE+8*4+16*4+3*WORD_SZ] #define Kt(i) WORD_REG(si)+(i)*4 -#if CRYPTOPP_BOOL_X32 - #define BASE esp+8 -#elif CRYPTOPP_BOOL_X86 +#if CRYPTOPP_BOOL_X86 #define BASE esp+4 #elif defined(__GNUC__) #define BASE r8 @@ -470,7 +564,7 @@ void CRYPTOPP_FASTCALL SHA256_HashMultipleBlocks_SSE2(word32 *state, const word3 lea rsi, [?SHA256_K@CryptoPP@@3QBIB + 48*4] #endif -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 +#if CRYPTOPP_BOOL_X86 #ifndef __GNUC__ AS2( mov edi, [len]) AS2( lea WORD_REG(si), [SHA256_K+48*4]) @@ -492,7 +586,7 @@ void CRYPTOPP_FASTCALL SHA256_HashMultipleBlocks_SSE2(word32 *state, const word3 AS2( mov K_END, WORD_REG(si)) #if CRYPTOPP_SSE2_ASM_AVAILABLE -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 +#if CRYPTOPP_BOOL_X86 AS2( test edi, 1) ASJ( jnz, 2, f) AS1( dec DWORD PTR K_END) @@ -501,7 +595,7 @@ void CRYPTOPP_FASTCALL SHA256_HashMultipleBlocks_SSE2(word32 *state, const word3 AS2( movdqu xmm1, XMMWORD_PTR [WORD_REG(cx)+1*16]) #endif -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 +#if CRYPTOPP_BOOL_X86 #if CRYPTOPP_SSE2_ASM_AVAILABLE ASJ( jmp, 0, f) #endif @@ -521,13 +615,13 @@ INTEL_NOPREFIX AS2( movdqu E(0), xmm1) AS2( movdqu A(0), xmm0) #endif -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 +#if CRYPTOPP_BOOL_X86 ASL(3) #endif AS2( sub WORD_REG(si), 48*4) SWAP_COPY(0) SWAP_COPY(1) SWAP_COPY(2) SWAP_COPY(3) SWAP_COPY(4) SWAP_COPY(5) SWAP_COPY(6) SWAP_COPY(7) -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 +#if CRYPTOPP_BOOL_X86 SWAP_COPY(8) SWAP_COPY(9) SWAP_COPY(10) SWAP_COPY(11) SWAP_COPY(12) SWAP_COPY(13) SWAP_COPY(14) SWAP_COPY(15) #endif @@ -582,7 +676,7 @@ INTEL_NOPREFIX AS2( mov DATA_SAVE, WORD_REG(dx)) #if CRYPTOPP_SSE2_ASM_AVAILABLE -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 +#if CRYPTOPP_BOOL_X86 AS2( test DWORD PTR K_END, 1) ASJ( jz, 4, f) #endif @@ -598,7 +692,7 @@ INTEL_NOPREFIX INTEL_NOPREFIX #endif -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 +#if CRYPTOPP_BOOL_X86 #if CRYPTOPP_SSE2_ASM_AVAILABLE ASJ( jmp, 5, f) ASL(4) // non-SSE2 @@ -658,7 +752,7 @@ INTEL_NOPREFIX ANONYMOUS_NAMESPACE_END -#endif // CRYPTOPP_X86_ASM_AVAILABLE or CRYPTOPP_GENERATE_X64_MASM +#endif // CRYPTOPP_X86_ASM_AVAILABLE #ifndef CRYPTOPP_GENERATE_X64_MASM @@ -668,6 +762,11 @@ void CRYPTOPP_FASTCALL SHA256_HashMultipleBlocks_SSE2(word32 *state, const word3 } #endif +std::string SHA256::AlgorithmProvider() const +{ + return SHA256_AlgorithmProvider(); +} + void SHA256::Transform(word32 *state, const word32 *data) { CRYPTOPP_ASSERT(state); @@ -680,7 +779,7 @@ void SHA256::Transform(word32 *state, const word32 *data) return; } #endif -#if CRYPTOPP_ARM_SHA_AVAILABLE +#if CRYPTOPP_ARM_SHA2_AVAILABLE if (HasSHA2()) { SHA256_HashMultipleBlocks_ARMV8(state, data, SHA256::BLOCKSIZE, LITTLE_ENDIAN_ORDER); @@ -710,7 +809,7 @@ size_t SHA256::HashMultipleBlocks(const word32 *input, size_t length) return length & (SHA256::BLOCKSIZE - 1); } #endif -#if CRYPTOPP_SSE2_ASM_AVAILABLE +#if CRYPTOPP_SSE2_ASM_AVAILABLE || CRYPTOPP_X64_MASM_AVAILABLE if (HasSSE2()) { const size_t res = length & (SHA256::BLOCKSIZE - 1); @@ -718,7 +817,7 @@ size_t SHA256::HashMultipleBlocks(const word32 *input, size_t length) return res; } #endif -#if CRYPTOPP_ARM_SHA_AVAILABLE +#if CRYPTOPP_ARM_SHA2_AVAILABLE if (HasSHA2()) { SHA256_HashMultipleBlocks_ARMV8(m_state, input, length, BIG_ENDIAN_ORDER); @@ -766,7 +865,7 @@ size_t SHA224::HashMultipleBlocks(const word32 *input, size_t length) return length & (SHA256::BLOCKSIZE - 1); } #endif -#if CRYPTOPP_SSE2_ASM_AVAILABLE +#if CRYPTOPP_SSE2_ASM_AVAILABLE || CRYPTOPP_X64_MASM_AVAILABLE if (HasSSE2()) { const size_t res = length & (SHA256::BLOCKSIZE - 1); @@ -774,7 +873,7 @@ size_t SHA224::HashMultipleBlocks(const word32 *input, size_t length) return res; } #endif -#if CRYPTOPP_ARM_SHA_AVAILABLE +#if CRYPTOPP_ARM_SHA2_AVAILABLE if (HasSHA2()) { SHA256_HashMultipleBlocks_ARMV8(m_state, input, length, BIG_ENDIAN_ORDER); @@ -812,6 +911,29 @@ size_t SHA224::HashMultipleBlocks(const word32 *input, size_t length) // ************************************************************* +std::string SHA512_AlgorithmProvider() +{ +#if CRYPTOPP_SSE2_ASM_AVAILABLE + if (HasSSE2()) + return "SSE2"; +#endif +#if (CRYPTOPP_POWER8_SHA_AVAILABLE) + if (HasSHA512()) + return "Power8"; +#endif + return "C++"; +} + +std::string SHA384::AlgorithmProvider() const +{ + return SHA512_AlgorithmProvider(); +} + +std::string SHA512::AlgorithmProvider() const +{ + return SHA512_AlgorithmProvider(); +} + void SHA384::InitState(HashWordType *state) { const word64 s[8] = { @@ -832,56 +954,15 @@ void SHA512::InitState(HashWordType *state) memcpy(state, s, sizeof(s)); } -// We add extern to export table to sha-simd.cpp, but it -// cleared http://github.com/weidai11/cryptopp/issues/502 -CRYPTOPP_ALIGN_DATA(16) -CRYPTOPP_TABLE -const word64 SHA512_K[80] = { - W64LIT(0x428a2f98d728ae22), W64LIT(0x7137449123ef65cd), - W64LIT(0xb5c0fbcfec4d3b2f), W64LIT(0xe9b5dba58189dbbc), - W64LIT(0x3956c25bf348b538), W64LIT(0x59f111f1b605d019), - W64LIT(0x923f82a4af194f9b), W64LIT(0xab1c5ed5da6d8118), - W64LIT(0xd807aa98a3030242), W64LIT(0x12835b0145706fbe), - W64LIT(0x243185be4ee4b28c), W64LIT(0x550c7dc3d5ffb4e2), - W64LIT(0x72be5d74f27b896f), W64LIT(0x80deb1fe3b1696b1), - W64LIT(0x9bdc06a725c71235), W64LIT(0xc19bf174cf692694), - W64LIT(0xe49b69c19ef14ad2), W64LIT(0xefbe4786384f25e3), - W64LIT(0x0fc19dc68b8cd5b5), W64LIT(0x240ca1cc77ac9c65), - W64LIT(0x2de92c6f592b0275), W64LIT(0x4a7484aa6ea6e483), - W64LIT(0x5cb0a9dcbd41fbd4), W64LIT(0x76f988da831153b5), - W64LIT(0x983e5152ee66dfab), W64LIT(0xa831c66d2db43210), - W64LIT(0xb00327c898fb213f), W64LIT(0xbf597fc7beef0ee4), - W64LIT(0xc6e00bf33da88fc2), W64LIT(0xd5a79147930aa725), - W64LIT(0x06ca6351e003826f), W64LIT(0x142929670a0e6e70), - W64LIT(0x27b70a8546d22ffc), W64LIT(0x2e1b21385c26c926), - W64LIT(0x4d2c6dfc5ac42aed), W64LIT(0x53380d139d95b3df), - W64LIT(0x650a73548baf63de), W64LIT(0x766a0abb3c77b2a8), - W64LIT(0x81c2c92e47edaee6), W64LIT(0x92722c851482353b), - W64LIT(0xa2bfe8a14cf10364), W64LIT(0xa81a664bbc423001), - W64LIT(0xc24b8b70d0f89791), W64LIT(0xc76c51a30654be30), - W64LIT(0xd192e819d6ef5218), W64LIT(0xd69906245565a910), - W64LIT(0xf40e35855771202a), W64LIT(0x106aa07032bbd1b8), - W64LIT(0x19a4c116b8d2d0c8), W64LIT(0x1e376c085141ab53), - W64LIT(0x2748774cdf8eeb99), W64LIT(0x34b0bcb5e19b48a8), - W64LIT(0x391c0cb3c5c95a63), W64LIT(0x4ed8aa4ae3418acb), - W64LIT(0x5b9cca4f7763e373), W64LIT(0x682e6ff3d6b2b8a3), - W64LIT(0x748f82ee5defb2fc), W64LIT(0x78a5636f43172f60), - W64LIT(0x84c87814a1f0ab72), W64LIT(0x8cc702081a6439ec), - W64LIT(0x90befffa23631e28), W64LIT(0xa4506cebde82bde9), - W64LIT(0xbef9a3f7b2c67915), W64LIT(0xc67178f2e372532b), - W64LIT(0xca273eceea26619c), W64LIT(0xd186b8c721c0c207), - W64LIT(0xeada7dd6cde0eb1e), W64LIT(0xf57d4f7fee6ed178), - W64LIT(0x06f067aa72176fba), W64LIT(0x0a637dc5a2c898a6), - W64LIT(0x113f9804bef90dae), W64LIT(0x1b710b35131c471b), - W64LIT(0x28db77f523047d84), W64LIT(0x32caab7b40c72493), - W64LIT(0x3c9ebe0a15c9bebc), W64LIT(0x431d67c49c100d4c), - W64LIT(0x4cc5d4becb3e42b6), W64LIT(0x597f299cfc657e2a), - W64LIT(0x5fcb6fab3ad6faec), W64LIT(0x6c44198c4a475817) -}; +#if CRYPTOPP_SSE2_ASM_AVAILABLE && (CRYPTOPP_BOOL_X86) -#if CRYPTOPP_SSE2_ASM_AVAILABLE && (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32) +// Anonymous namespace removed due to a new compile error. +// g++ -DNDEBUG -g2 -O3 -pthread -pipe -c sha.cpp +// sha.cpp: Assembler messages: +// sha.cpp:1155: Error: symbol `SHA512_Round' is already defined +// sha.cpp:1155: Error: symbol `SHA512_Round' is already defined -ANONYMOUS_NAMESPACE_BEGIN +// ANONYMOUS_NAMESPACE_BEGIN CRYPTOPP_NAKED void CRYPTOPP_FASTCALL SHA512_HashBlock_SSE2(word64 *state, const word64 *data) { @@ -904,13 +985,8 @@ CRYPTOPP_NAKED void CRYPTOPP_FASTCALL SHA512_HashBlock_SSE2(word64 *state, const AS_PUSH_IF86( ax) AS2( xor eax, eax) -#if CRYPTOPP_BOOL_X32 - AS2( lea edi, [esp+8+8*8]) // start at middle of state buffer. will decrement pointer each round to avoid copying - AS2( lea esi, [esp+8+20*8+8]) // 16-byte alignment, then add 8 -#else AS2( lea edi, [esp+4+8*8]) // start at middle of state buffer. will decrement pointer each round to avoid copying AS2( lea esi, [esp+4+20*8+8]) // 16-byte alignment, then add 8 -#endif AS2( movdqu xmm0, [ecx+0*16]) AS2( movdq2q mm4, xmm0) @@ -964,29 +1040,29 @@ CRYPTOPP_NAKED void CRYPTOPP_FASTCALL SHA512_HashBlock_SSE2(word64 *state, const AS2( pxor xmm7, xmm6)\ AS2( psrlq r, c-b)\ AS2( pxor r, xmm7) - ASL(SHA512_Round) + // k + w is in mm0, a is in mm4, e is in mm5 - AS2( paddq mm0, [edi+7*8]) // h - AS2( movq mm2, [edi+5*8]) // f - AS2( movq mm3, [edi+6*8]) // g + AS2( paddq mm0, [edi+7*8]) // h + AS2( movq mm2, [edi+5*8]) // f + AS2( movq mm3, [edi+6*8]) // g AS2( pxor mm2, mm3) AS2( pand mm2, mm5) SSE2_S0_S1(mm5,14,18,41) AS2( pxor mm2, mm3) AS2( paddq mm0, mm2) // h += Ch(e,f,g) AS2( paddq mm5, mm0) // h += S1(e) - AS2( movq mm2, [edi+1*8]) // b + AS2( movq mm2, [edi+1*8]) // b AS2( movq mm1, mm2) AS2( por mm2, mm4) - AS2( pand mm2, [edi+2*8]) // c + AS2( pand mm2, [edi+2*8]) // c AS2( pand mm1, mm4) AS2( por mm1, mm2) AS2( paddq mm1, mm5) // temp = h + Maj(a,b,c) - AS2( paddq mm5, [edi+3*8]) // e = d + h + AS2( paddq mm5, [edi+3*8]) // e = d + h AS2( movq [edi+3*8], mm5) AS2( movq [edi+11*8], mm5) - SSE2_S0_S1(mm4,28,34,39) // S0(a) + SSE2_S0_S1(mm4,28,34,39) // S0(a) AS2( paddq mm4, mm1) // a = temp + S0(a) AS2( movq [edi-8], mm4) AS2( movq [edi+7*8], mm4) @@ -999,6 +1075,7 @@ CRYPTOPP_NAKED void CRYPTOPP_FASTCALL SHA512_HashBlock_SSE2(word64 *state, const AS2( movq [esi+eax*8+16*8], mm0) AS2( paddq mm0, [ebx+eax*8]) ASC( call, SHA512_Round) + AS1( inc eax) AS2( sub edi, 8) AS2( test eax, 7) @@ -1040,11 +1117,7 @@ CRYPTOPP_NAKED void CRYPTOPP_FASTCALL SHA512_HashBlock_SSE2(word64 *state, const // do housekeeping every 8 rounds AS2( mov esi, 0xf) AS2( and esi, eax) -#if CRYPTOPP_BOOL_X32 - AS2( lea esi, [esp+8+20*8+8+esi*8]) -#else AS2( lea esi, [esp+4+20*8+8+esi*8]) -#endif AS2( add edi, 8*8) AS2( cmp eax, 80) ASJ( jne, 1, b) @@ -1077,7 +1150,7 @@ CRYPTOPP_NAKED void CRYPTOPP_FASTCALL SHA512_HashBlock_SSE2(word64 *state, const #endif } -ANONYMOUS_NAMESPACE_END +// ANONYMOUS_NAMESPACE_END #endif // CRYPTOPP_SSE2_ASM_AVAILABLE @@ -1112,8 +1185,10 @@ void SHA512_HashBlock_CXX(word64 *state, const word64 *data) CRYPTOPP_ASSERT(data); word64 W[16]={0}, T[8]; + /* Copy context->state[] to working vars */ - memcpy(T, state, sizeof(T)); + std::memcpy(T, state, sizeof(T)); + /* 80 operations, partially loop unrolled */ for (unsigned int j=0; j<80; j+=16) { @@ -1122,7 +1197,7 @@ void SHA512_HashBlock_CXX(word64 *state, const word64 *data) R( 8); R( 9); R(10); R(11); R(12); R(13); R(14); R(15); } - /* Add the working vars back into context.state[] */ + state[0] += a(0); state[1] += b(0); state[2] += c(0); @@ -1133,6 +1208,31 @@ void SHA512_HashBlock_CXX(word64 *state, const word64 *data) state[7] += h(0); } +ANONYMOUS_NAMESPACE_END + +void SHA512::Transform(word64 *state, const word64 *data) +{ + CRYPTOPP_ASSERT(state); + CRYPTOPP_ASSERT(data); + +#if CRYPTOPP_SSE2_ASM_AVAILABLE && (CRYPTOPP_BOOL_X86) + if (HasSSE2()) + { + SHA512_HashBlock_SSE2(state, data); + return; + } +#endif +#if CRYPTOPP_POWER8_SHA_AVAILABLE + if (HasSHA512()) + { + SHA512_HashMultipleBlocks_POWER8(state, data, SHA512::BLOCKSIZE, BIG_ENDIAN_ORDER); + return; + } +#endif + + SHA512_HashBlock_CXX(state, data); +} + #undef Ch #undef Maj @@ -1156,31 +1256,6 @@ void SHA512_HashBlock_CXX(word64 *state, const word64 *data) #undef g #undef h -ANONYMOUS_NAMESPACE_END - -void SHA512::Transform(word64 *state, const word64 *data) -{ - CRYPTOPP_ASSERT(state); - CRYPTOPP_ASSERT(data); - -#if CRYPTOPP_SSE2_ASM_AVAILABLE && (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32) - if (HasSSE2()) - { - SHA512_HashBlock_SSE2(state, data); - return; - } -#endif -#if CRYPTOPP_POWER8_SHA_AVAILABLE - if (HasSHA512()) - { - SHA512_HashMultipleBlocks_POWER8(state, data, SHA512::BLOCKSIZE, BIG_ENDIAN_ORDER); - return; - } -#endif - - SHA512_HashBlock_CXX(state, data); -} - NAMESPACE_END #endif // Not CRYPTOPP_GENERATE_X64_MASM diff --git a/vendor/cryptopp/vendor_cryptopp/sha.h b/vendor/cryptopp/vendor_cryptopp/sha.h index 2d2463d5..aed1ecfa 100644 --- a/vendor/cryptopp/vendor_cryptopp/sha.h +++ b/vendor/cryptopp/vendor_cryptopp/sha.h @@ -11,10 +11,10 @@ #include "config.h" #include "iterhash.h" -#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32) -# define SHA_X86_ALIGN16 true -#else -# define SHA_X86_ALIGN16 false +// Clang 3.3 integrated assembler crash on Linux. Clang 3.4 due to compiler +// error with .intel_syntax, http://llvm.org/bugs/show_bug.cgi?id=24232 +#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_MIXED_ASM) +# define CRYPTOPP_DISABLE_SHA_ASM 1 #endif NAMESPACE_BEGIN(CryptoPP) @@ -50,6 +50,8 @@ public: /// \brief The algorithm name /// \returns C-style string "SHA-1" CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-1";} + // Algorithm class + std::string AlgorithmProvider() const; protected: size_t HashMultipleBlocks(const HashWordType *input, size_t length); @@ -87,6 +89,9 @@ public: /// \returns C-style string "SHA-256" CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-256";} + // Algorithm class + std::string AlgorithmProvider() const; + protected: size_t HashMultipleBlocks(const HashWordType *input, size_t length); }; @@ -123,6 +128,9 @@ public: /// \returns C-style string "SHA-224" CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-224";} + // Algorithm class + std::string AlgorithmProvider() const; + protected: size_t HashMultipleBlocks(const HashWordType *input, size_t length); }; @@ -130,7 +138,7 @@ protected: /// \brief SHA-512 message digest /// \sa SHA-512 /// \since SHA2 since Crypto++ 4.0, Power8 SHA since Crypto++ 6.1 -class CRYPTOPP_DLL SHA512 : public IteratedHashWithStaticTransform +class CRYPTOPP_DLL SHA512 : public IteratedHashWithStaticTransform { public: /// \brief Initialize state array @@ -157,12 +165,15 @@ public: /// \brief The algorithm name /// \returns C-style string "SHA-512" CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-512";} + + // Algorithm class + std::string AlgorithmProvider() const; }; /// \brief SHA-384 message digest /// \sa SHA-384 /// \since SHA2 since Crypto++ 4.0, Power8 SHA since Crypto++ 6.1 -class CRYPTOPP_DLL SHA384 : public IteratedHashWithStaticTransform +class CRYPTOPP_DLL SHA384 : public IteratedHashWithStaticTransform { public: /// \brief Initialize state array @@ -189,6 +200,9 @@ public: /// \brief The algorithm name /// \returns C-style string "SHA-384" CRYPTOPP_STATIC_CONSTEXPR const char* CRYPTOPP_API StaticAlgorithmName() {return "SHA-384";} + + // Algorithm class + std::string AlgorithmProvider() const; }; NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/sha3.cpp b/vendor/cryptopp/vendor_cryptopp/sha3.cpp index ec3b04e3..0a4ba893 100644 --- a/vendor/cryptopp/vendor_cryptopp/sha3.cpp +++ b/vendor/cryptopp/vendor_cryptopp/sha3.cpp @@ -1,13 +1,16 @@ -// sha3.cpp - modified by Wei Dai from Ronny Van Keer's public domain Keccak-simple.c -// all modifications here are placed in the public domain by Wei Dai +// sha3.cpp - modified by Wei Dai from Ronny Van Keer's public domain +// Keccak-simple.c. All modifications here are placed in the +// public domain by Wei Dai. +// Keccack core function moved to keccakc.cpp in AUG 2018 +// by Jeffrey Walton. Separating the core file allows both +// SHA3 and Keccack to share the core implementation. /* The Keccak sponge function, designed by Guido Bertoni, Joan Daemen, Michael Peeters and Gilles Van Assche. For more information, feedback or questions, please refer to our website: http://keccak.noekeon.org/ -Implementation by Ronny Van Keer, -hereby denoted as "the implementer". +Implementation by Ronny Van Keer, hereby denoted as "the implementer". To the extent possible under law, the implementer has waived all copyright and related or neighboring rights to the source code in this file. @@ -16,243 +19,14 @@ http://creativecommons.org/publicdomain/zero/1.0/ #include "pch.h" #include "sha3.h" +#include "keccakc.h" NAMESPACE_BEGIN(CryptoPP) -static const word64 KeccakF_RoundConstants[24] = -{ - W64LIT(0x0000000000000001), W64LIT(0x0000000000008082), W64LIT(0x800000000000808a), - W64LIT(0x8000000080008000), W64LIT(0x000000000000808b), W64LIT(0x0000000080000001), - W64LIT(0x8000000080008081), W64LIT(0x8000000000008009), W64LIT(0x000000000000008a), - W64LIT(0x0000000000000088), W64LIT(0x0000000080008009), W64LIT(0x000000008000000a), - W64LIT(0x000000008000808b), W64LIT(0x800000000000008b), W64LIT(0x8000000000008089), - W64LIT(0x8000000000008003), W64LIT(0x8000000000008002), W64LIT(0x8000000000000080), - W64LIT(0x000000000000800a), W64LIT(0x800000008000000a), W64LIT(0x8000000080008081), - W64LIT(0x8000000000008080), W64LIT(0x0000000080000001), W64LIT(0x8000000080008008) -}; - -static void KeccakF1600(word64 *state) -{ - { - word64 Aba, Abe, Abi, Abo, Abu; - word64 Aga, Age, Agi, Ago, Agu; - word64 Aka, Ake, Aki, Ako, Aku; - word64 Ama, Ame, Ami, Amo, Amu; - word64 Asa, Ase, Asi, Aso, Asu; - word64 BCa, BCe, BCi, BCo, BCu; - word64 Da, De, Di, Do, Du; - word64 Eba, Ebe, Ebi, Ebo, Ebu; - word64 Ega, Ege, Egi, Ego, Egu; - word64 Eka, Eke, Eki, Eko, Eku; - word64 Ema, Eme, Emi, Emo, Emu; - word64 Esa, Ese, Esi, Eso, Esu; - - //copyFromState(A, state) - typedef BlockGetAndPut Block; - Block::Get(state)(Aba)(Abe)(Abi)(Abo)(Abu)(Aga)(Age)(Agi)(Ago)(Agu)(Aka)(Ake)(Aki)(Ako)(Aku)(Ama)(Ame)(Ami)(Amo)(Amu)(Asa)(Ase)(Asi)(Aso)(Asu); - - for( unsigned int round = 0; round < 24; round += 2 ) - { - // prepareTheta - BCa = Aba^Aga^Aka^Ama^Asa; - BCe = Abe^Age^Ake^Ame^Ase; - BCi = Abi^Agi^Aki^Ami^Asi; - BCo = Abo^Ago^Ako^Amo^Aso; - BCu = Abu^Agu^Aku^Amu^Asu; - - //thetaRhoPiChiIotaPrepareTheta(round , A, E) - Da = BCu^rotlConstant<1>(BCe); - De = BCa^rotlConstant<1>(BCi); - Di = BCe^rotlConstant<1>(BCo); - Do = BCi^rotlConstant<1>(BCu); - Du = BCo^rotlConstant<1>(BCa); - - Aba ^= Da; - BCa = Aba; - Age ^= De; - BCe = rotlConstant<44>(Age); - Aki ^= Di; - BCi = rotlConstant<43>(Aki); - Amo ^= Do; - BCo = rotlConstant<21>(Amo); - Asu ^= Du; - BCu = rotlConstant<14>(Asu); - Eba = BCa ^((~BCe)& BCi ); - Eba ^= (word64)KeccakF_RoundConstants[round]; - Ebe = BCe ^((~BCi)& BCo ); - Ebi = BCi ^((~BCo)& BCu ); - Ebo = BCo ^((~BCu)& BCa ); - Ebu = BCu ^((~BCa)& BCe ); - - Abo ^= Do; - BCa = rotlConstant<28>(Abo); - Agu ^= Du; - BCe = rotlConstant<20>(Agu); - Aka ^= Da; - BCi = rotlConstant<3>(Aka); - Ame ^= De; - BCo = rotlConstant<45>(Ame); - Asi ^= Di; - BCu = rotlConstant<61>(Asi); - Ega = BCa ^((~BCe)& BCi ); - Ege = BCe ^((~BCi)& BCo ); - Egi = BCi ^((~BCo)& BCu ); - Ego = BCo ^((~BCu)& BCa ); - Egu = BCu ^((~BCa)& BCe ); - - Abe ^= De; - BCa = rotlConstant<1>(Abe); - Agi ^= Di; - BCe = rotlConstant<6>(Agi); - Ako ^= Do; - BCi = rotlConstant<25>(Ako); - Amu ^= Du; - BCo = rotlConstant<8>(Amu); - Asa ^= Da; - BCu = rotlConstant<18>(Asa); - Eka = BCa ^((~BCe)& BCi ); - Eke = BCe ^((~BCi)& BCo ); - Eki = BCi ^((~BCo)& BCu ); - Eko = BCo ^((~BCu)& BCa ); - Eku = BCu ^((~BCa)& BCe ); - - Abu ^= Du; - BCa = rotlConstant<27>(Abu); - Aga ^= Da; - BCe = rotlConstant<36>(Aga); - Ake ^= De; - BCi = rotlConstant<10>(Ake); - Ami ^= Di; - BCo = rotlConstant<15>(Ami); - Aso ^= Do; - BCu = rotlConstant<56>(Aso); - Ema = BCa ^((~BCe)& BCi ); - Eme = BCe ^((~BCi)& BCo ); - Emi = BCi ^((~BCo)& BCu ); - Emo = BCo ^((~BCu)& BCa ); - Emu = BCu ^((~BCa)& BCe ); - - Abi ^= Di; - BCa = rotlConstant<62>(Abi); - Ago ^= Do; - BCe = rotlConstant<55>(Ago); - Aku ^= Du; - BCi = rotlConstant<39>(Aku); - Ama ^= Da; - BCo = rotlConstant<41>(Ama); - Ase ^= De; - BCu = rotlConstant<2>(Ase); - Esa = BCa ^((~BCe)& BCi ); - Ese = BCe ^((~BCi)& BCo ); - Esi = BCi ^((~BCo)& BCu ); - Eso = BCo ^((~BCu)& BCa ); - Esu = BCu ^((~BCa)& BCe ); - - // prepareTheta - BCa = Eba^Ega^Eka^Ema^Esa; - BCe = Ebe^Ege^Eke^Eme^Ese; - BCi = Ebi^Egi^Eki^Emi^Esi; - BCo = Ebo^Ego^Eko^Emo^Eso; - BCu = Ebu^Egu^Eku^Emu^Esu; - - //thetaRhoPiChiIotaPrepareTheta(round+1, E, A) - Da = BCu^rotlConstant<1>(BCe); - De = BCa^rotlConstant<1>(BCi); - Di = BCe^rotlConstant<1>(BCo); - Do = BCi^rotlConstant<1>(BCu); - Du = BCo^rotlConstant<1>(BCa); - - Eba ^= Da; - BCa = Eba; - Ege ^= De; - BCe = rotlConstant<44>(Ege); - Eki ^= Di; - BCi = rotlConstant<43>(Eki); - Emo ^= Do; - BCo = rotlConstant<21>(Emo); - Esu ^= Du; - BCu = rotlConstant<14>(Esu); - Aba = BCa ^((~BCe)& BCi ); - Aba ^= (word64)KeccakF_RoundConstants[round+1]; - Abe = BCe ^((~BCi)& BCo ); - Abi = BCi ^((~BCo)& BCu ); - Abo = BCo ^((~BCu)& BCa ); - Abu = BCu ^((~BCa)& BCe ); - - Ebo ^= Do; - BCa = rotlConstant<28>(Ebo); - Egu ^= Du; - BCe = rotlConstant<20>(Egu); - Eka ^= Da; - BCi = rotlConstant<3>(Eka); - Eme ^= De; - BCo = rotlConstant<45>(Eme); - Esi ^= Di; - BCu = rotlConstant<61>(Esi); - Aga = BCa ^((~BCe)& BCi ); - Age = BCe ^((~BCi)& BCo ); - Agi = BCi ^((~BCo)& BCu ); - Ago = BCo ^((~BCu)& BCa ); - Agu = BCu ^((~BCa)& BCe ); - - Ebe ^= De; - BCa = rotlConstant<1>(Ebe); - Egi ^= Di; - BCe = rotlConstant<6>(Egi); - Eko ^= Do; - BCi = rotlConstant<25>(Eko); - Emu ^= Du; - BCo = rotlConstant<8>(Emu); - Esa ^= Da; - BCu = rotlConstant<18>(Esa); - Aka = BCa ^((~BCe)& BCi ); - Ake = BCe ^((~BCi)& BCo ); - Aki = BCi ^((~BCo)& BCu ); - Ako = BCo ^((~BCu)& BCa ); - Aku = BCu ^((~BCa)& BCe ); - - Ebu ^= Du; - BCa = rotlConstant<27>(Ebu); - Ega ^= Da; - BCe = rotlConstant<36>(Ega); - Eke ^= De; - BCi = rotlConstant<10>(Eke); - Emi ^= Di; - BCo = rotlConstant<15>(Emi); - Eso ^= Do; - BCu = rotlConstant<56>(Eso); - Ama = BCa ^((~BCe)& BCi ); - Ame = BCe ^((~BCi)& BCo ); - Ami = BCi ^((~BCo)& BCu ); - Amo = BCo ^((~BCu)& BCa ); - Amu = BCu ^((~BCa)& BCe ); - - Ebi ^= Di; - BCa = rotlConstant<62>(Ebi); - Ego ^= Do; - BCe = rotlConstant<55>(Ego); - Eku ^= Du; - BCi = rotlConstant<39>(Eku); - Ema ^= Da; - BCo = rotlConstant<41>(Ema); - Ese ^= De; - BCu = rotlConstant<2>(Ese); - Asa = BCa ^((~BCe)& BCi ); - Ase = BCe ^((~BCi)& BCo ); - Asi = BCi ^((~BCo)& BCu ); - Aso = BCo ^((~BCu)& BCa ); - Asu = BCu ^((~BCa)& BCe ); - } - - //copyToState(state, A) - Block::Put(NULLPTR, state)(Aba)(Abe)(Abi)(Abo)(Abu)(Aga)(Age)(Agi)(Ago)(Agu)(Aka)(Ake)(Aki)(Ako)(Aku)(Ama)(Ame)(Ami)(Amo)(Amu)(Asa)(Ase)(Asi)(Aso)(Asu); - } -} - void SHA3::Update(const byte *input, size_t length) { - CRYPTOPP_ASSERT((input && length) || !(input || length)); - if (!length) { return; } + CRYPTOPP_ASSERT(!(input == NULLPTR && length != 0)); + if (length == 0) { return; } size_t spaceLeft; while (length >= (spaceLeft = r() - m_counter)) @@ -278,6 +52,7 @@ void SHA3::Restart() void SHA3::TruncatedFinal(byte *hash, size_t size) { + CRYPTOPP_ASSERT(hash != NULLPTR); ThrowIfInvalidTruncatedSize(size); m_state.BytePtr()[m_counter] ^= 0x06; diff --git a/vendor/cryptopp/vendor_cryptopp/sha-simd.cpp b/vendor/cryptopp/vendor_cryptopp/sha_simd.cpp similarity index 68% rename from vendor/cryptopp/vendor_cryptopp/sha-simd.cpp rename to vendor/cryptopp/vendor_cryptopp/sha_simd.cpp index 419d0611..95ac10fc 100644 --- a/vendor/cryptopp/vendor_cryptopp/sha-simd.cpp +++ b/vendor/cryptopp/vendor_cryptopp/sha_simd.cpp @@ -1,4 +1,4 @@ -// sha-simd.cpp - written and placed in the public domain by +// sha_simd.cpp - written and placed in the public domain by // Jeffrey Walton, Uri Blumenthal and Marcel Raad. // // This source file uses intrinsics to gain access to SHA-NI and @@ -11,25 +11,29 @@ #include "sha.h" #include "misc.h" +#if defined(CRYPTOPP_DISABLE_SHA_ASM) +# undef CRYPTOPP_X86_ASM_AVAILABLE +# undef CRYPTOPP_X32_ASM_AVAILABLE +# undef CRYPTOPP_X64_ASM_AVAILABLE +# undef CRYPTOPP_SSE2_ASM_AVAILABLE +#endif + #if (CRYPTOPP_SHANI_AVAILABLE) # include # include #endif -// Use ARMv8 rather than NEON due to compiler inconsistencies -#if (CRYPTOPP_ARM_SHA_AVAILABLE) +#if (CRYPTOPP_ARM_NEON_AVAILABLE) # include #endif -// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many -// compilers don't follow ACLE conventions for the include. -#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE) +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) # include # include #endif #if CRYPTOPP_POWER8_SHA_AVAILABLE -# include "ppc-simd.h" +# include "ppc_simd.h" #endif #ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY @@ -45,8 +49,16 @@ #define M128_CAST(x) ((__m128i *)(void *)(x)) #define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) +// Squash MS LNK4221 and libtool warnings +extern const char SHA_SIMD_FNAME[] = __FILE__; + NAMESPACE_BEGIN(CryptoPP) +// ***************** SHA key tables ******************** + +extern const word32 SHA256_K[64]; +extern const word64 SHA512_K[80]; + // ***************** SIGILL probes ******************** #ifdef CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY @@ -61,12 +73,12 @@ extern "C" { } #endif // Not CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY -#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64) +#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8) bool CPU_ProbeSHA1() { #if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) return false; -#elif (CRYPTOPP_ARM_SHA_AVAILABLE) +#elif (CRYPTOPP_ARM_SHA1_AVAILABLE) # if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY) volatile bool result = true; __try @@ -121,14 +133,14 @@ bool CPU_ProbeSHA1() # endif #else return false; -#endif // CRYPTOPP_ARM_SHA_AVAILABLE +#endif // CRYPTOPP_ARM_SHA1_AVAILABLE } bool CPU_ProbeSHA2() { #if defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) return false; -#elif (CRYPTOPP_ARM_SHA_AVAILABLE) +#elif (CRYPTOPP_ARM_SHA2_AVAILABLE) # if defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY) volatile bool result = true; __try @@ -181,16 +193,12 @@ bool CPU_ProbeSHA2() # endif #else return false; -#endif // CRYPTOPP_ARM_SHA_AVAILABLE +#endif // CRYPTOPP_ARM_SHA2_AVAILABLE } #endif // ARM32 or ARM64 // ***************** Intel x86 SHA ******************** -// provided by sha.cpp -extern const word32 SHA256_K[64]; -extern const word64 SHA512_K[80]; - ///////////////////////////////////// // start of Walton and Gulley code // ///////////////////////////////////// @@ -609,7 +617,7 @@ void SHA256_HashMultipleBlocks_SHANI(word32 *state, const word32 *data, size_t l // start of Walton, Schneiders, O'Rourke and Hovsmith code // ///////////////////////////////////////////////////////////// -#if CRYPTOPP_ARM_SHA_AVAILABLE +#if CRYPTOPP_ARM_SHA1_AVAILABLE void SHA1_HashMultipleBlocks_ARMV8(word32 *state, const word32 *data, size_t length, ByteOrder order) { CRYPTOPP_ASSERT(state); @@ -796,7 +804,9 @@ void SHA1_HashMultipleBlocks_ARMV8(word32 *state, const word32 *data, size_t len vst1q_u32(&state[0], ABCD); state[4] = E0; } +#endif // CRYPTOPP_ARM_SHA1_AVAILABLE +#if CRYPTOPP_ARM_SHA2_AVAILABLE void SHA256_HashMultipleBlocks_ARMV8(word32 *state, const word32 *data, size_t length, ByteOrder order) { CRYPTOPP_ASSERT(state); @@ -964,7 +974,7 @@ void SHA256_HashMultipleBlocks_ARMV8(word32 *state, const word32 *data, size_t l vst1q_u32(&state[0], STATE0); vst1q_u32(&state[4], STATE1); } -#endif // CRYPTOPP_ARM_SHA_AVAILABLE +#endif // CRYPTOPP_ARM_SHA2_AVAILABLE /////////////////////////////////////////////////////////// // end of Walton, Schneiders, O'Rourke and Hovsmith code // @@ -981,160 +991,75 @@ void SHA256_HashMultipleBlocks_ARMV8(word32 *state, const word32 *data, size_t l // Indexes into the S[] array enum {A=0, B=1, C, D, E, F, G, H}; -typedef __vector unsigned char uint8x16_p8; -typedef __vector unsigned int uint32x4_p8; -typedef __vector unsigned long long uint64x2_p8; - -uint32x4_p8 VEC_XL_BE(int offset, const uint8_t* data) +inline +uint32x4_p VecLoad32(const word32* data, int offset) { -#if defined(CRYPTOPP_XLC_VERSION) - return vec_xl_be(offset, data); +#if (CRYPTOPP_LITTLE_ENDIAN) + const uint8x16_p mask = {3,2,1,0, 7,6,5,4, 11,10,9,8, 15,14,13,12}; + const uint32x4_p val = VecLoad(offset, data); + return (uint32x4_p)VecPermute(val, val, mask); #else - uint32x4_p8 res; - __asm(" lxvd2x %x0, %1, %2 \n\t" - : "=wa" (res) - : "b" (data), "r" (offset)); - return res; + return VecLoad(offset, data); #endif } -#endif // CRYPTOPP_POWER8_SHA_AVAILABLE - -#if CRYPTOPP_POWER8_SHA_AVAILABLE - -// Aligned load -template static inline -uint32x4_p8 VectorLoad32x4(const T* data, int offset) +template inline +void VecStore32(const T data, word32 dest[4]) { - return (uint32x4_p8)vec_ld(offset, data); + VecStore(data, dest); } -// Unaligned load -template static inline -uint32x4_p8 VectorLoad32x4u(const T* data, int offset) -{ -#if defined(CRYPTOPP_XLC_VERSION) - return (uint32x4_p8)vec_xl(offset, data); -#else - return (uint32x4_p8)vec_vsx_ld(offset, data); -#endif -} - -// Aligned store -template static inline -void VectorStore32x4(const uint32x4_p8 val, T* data, int offset) -{ - vec_st((uint8x16_p8)val, offset, data); -} - -// Unaligned store -template static inline -void VectorStore32x4u(const uint32x4_p8 val, T* data, int offset) -{ -#if defined(CRYPTOPP_XLC_VERSION) - vec_xst((uint8x16_p8)val, offset, (uint8_t*)data); -#else - vec_vsx_st((uint8x16_p8)val, offset, (uint8_t*)data); -#endif -} - -// Unaligned load of a user message. The load is big-endian, -// and then the message is permuted for 32-bit words. -template static inline -uint32x4_p8 VectorLoadMsg32x4(const T* data, int offset) -{ -#if defined(CRYPTOPP_LITTLE_ENDIAN) - const uint8x16_p8 mask = {3,2,1,0, 7,6,5,4, 11,10,9,8, 15,14,13,12}; - const uint32x4_p8 r = VectorLoad32x4u(data, offset); - return (uint32x4_p8)vec_perm(r, r, mask); -#else - return VectorLoad32x4u(data, offset); -#endif -} - -static inline -uint32x4_p8 VectorCh(const uint32x4_p8 x, const uint32x4_p8 y, const uint32x4_p8 z) +inline +uint32x4_p VectorCh(const uint32x4_p x, const uint32x4_p y, const uint32x4_p z) { // The trick below is due to Andy Polyakov and Jack Lloyd return vec_sel(z,y,x); } -static inline -uint32x4_p8 VectorMaj(const uint32x4_p8 x, const uint32x4_p8 y, const uint32x4_p8 z) +inline +uint32x4_p VectorMaj(const uint32x4_p x, const uint32x4_p y, const uint32x4_p z) { // The trick below is due to Andy Polyakov and Jack Lloyd - return vec_sel(y, z, vec_xor(x, y)); + return vec_sel(y, z, VecXor(x, y)); } -static inline -uint32x4_p8 Vector_sigma0(const uint32x4_p8 val) +inline +uint32x4_p Vector_sigma0(const uint32x4_p val) { -#if defined(CRYPTOPP_XLC_VERSION) - return __vshasigmaw(val, 0, 0); -#else - return __builtin_crypto_vshasigmaw(val, 0, 0); -#endif + return VecSHA256<0,0>(val); } -static inline -uint32x4_p8 Vector_sigma1(const uint32x4_p8 val) +inline +uint32x4_p Vector_sigma1(const uint32x4_p val) { -#if defined(CRYPTOPP_XLC_VERSION) - return __vshasigmaw(val, 0, 0xf); -#else - return __builtin_crypto_vshasigmaw(val, 0, 0xf); -#endif + return VecSHA256<0,0xf>(val); } -static inline -uint32x4_p8 VectorSigma0(const uint32x4_p8 val) +inline +uint32x4_p VectorSigma0(const uint32x4_p val) { -#if defined(CRYPTOPP_XLC_VERSION) - return __vshasigmaw(val, 1, 0); -#else - return __builtin_crypto_vshasigmaw(val, 1, 0); -#endif + return VecSHA256<1,0>(val); } -static inline -uint32x4_p8 VectorSigma1(const uint32x4_p8 val) +inline +uint32x4_p VectorSigma1(const uint32x4_p val) { -#if defined(CRYPTOPP_XLC_VERSION) - return __vshasigmaw(val, 1, 0xf); -#else - return __builtin_crypto_vshasigmaw(val, 1, 0xf); -#endif + return VecSHA256<1,0xf>(val); } -static inline -uint32x4_p8 VectorPack(const uint32x4_p8 a, const uint32x4_p8 b, - const uint32x4_p8 c, const uint32x4_p8 d) +inline +uint32x4_p VectorPack(const uint32x4_p a, const uint32x4_p b, + const uint32x4_p c, const uint32x4_p d) { - const uint8x16_p8 m1 = {0,1,2,3, 16,17,18,19, 0,0,0,0, 0,0,0,0}; - const uint8x16_p8 m2 = {0,1,2,3, 4,5,6,7, 16,17,18,19, 20,21,22,23}; - return vec_perm(vec_perm(a,b,m1), vec_perm(c,d,m1), m2); + const uint8x16_p m1 = {0,1,2,3, 16,17,18,19, 0,0,0,0, 0,0,0,0}; + const uint8x16_p m2 = {0,1,2,3, 4,5,6,7, 16,17,18,19, 20,21,22,23}; + return VecPermute(VecPermute(a,b,m1), VecPermute(c,d,m1), m2); } -template static inline -uint32x4_p8 VectorShiftLeft(const uint32x4_p8 val) +template inline +void SHA256_ROUND1(uint32x4_p W[16], uint32x4_p S[8], const uint32x4_p K, const uint32x4_p M) { -#if (defined(CRYPTOPP_LITTLE_ENDIAN)) - return (uint32x4_p8)vec_sld((uint8x16_p8)val, (uint8x16_p8)val, (16-L)&0xf); -#else - return (uint32x4_p8)vec_sld((uint8x16_p8)val, (uint8x16_p8)val, L&0xf); -#endif -} - -template <> -uint32x4_p8 VectorShiftLeft<0>(const uint32x4_p8 val) { return val; } - -template <> -uint32x4_p8 VectorShiftLeft<16>(const uint32x4_p8 val) { return val; } - -template static inline -void SHA256_ROUND1(uint32x4_p8 W[16], uint32x4_p8 S[8], const uint32x4_p8 K, const uint32x4_p8 M) -{ - uint32x4_p8 T1, T2; + uint32x4_p T1, T2; W[R] = M; T1 = S[H] + VectorSigma1(S[E]) + VectorCh(S[E],S[F],S[G]) + K + M; @@ -1146,18 +1071,18 @@ void SHA256_ROUND1(uint32x4_p8 W[16], uint32x4_p8 S[8], const uint32x4_p8 K, con S[A] = T1 + T2; } -template static inline -void SHA256_ROUND2(uint32x4_p8 W[16], uint32x4_p8 S[8], const uint32x4_p8 K) +template inline +void SHA256_ROUND2(uint32x4_p W[16], uint32x4_p S[8], const uint32x4_p K) { // Indexes into the W[] array enum {IDX0=(R+0)&0xf, IDX1=(R+1)&0xf, IDX9=(R+9)&0xf, IDX14=(R+14)&0xf}; - const uint32x4_p8 s0 = Vector_sigma0(W[IDX1]); - const uint32x4_p8 s1 = Vector_sigma1(W[IDX14]); + const uint32x4_p s0 = Vector_sigma0(W[IDX1]); + const uint32x4_p s1 = Vector_sigma1(W[IDX14]); - uint32x4_p8 T1 = (W[IDX0] += s0 + s1 + W[IDX9]); + uint32x4_p T1 = (W[IDX0] += s0 + s1 + W[IDX9]); T1 += S[H] + VectorSigma1(S[E]) + VectorCh(S[E],S[F],S[G]) + K; - uint32x4_p8 T2 = VectorSigma0(S[A]) + VectorMaj(S[A],S[B],S[C]); + uint32x4_p T2 = VectorSigma0(S[A]) + VectorMaj(S[A],S[B],S[C]); S[H] = S[G]; S[G] = S[F]; S[F] = S[E]; S[E] = S[D] + T1; @@ -1174,125 +1099,123 @@ void SHA256_HashMultipleBlocks_POWER8(word32 *state, const word32 *data, size_t const uint32_t* k = reinterpret_cast(SHA256_K); const uint32_t* m = reinterpret_cast(data); - uint32x4_p8 abcd = VectorLoad32x4u(state+0, 0); - uint32x4_p8 efgh = VectorLoad32x4u(state+4, 0); - uint32x4_p8 W[16], S[8], vm, vk; + uint32x4_p abcd = VecLoad(state+0); + uint32x4_p efgh = VecLoad(state+4); + uint32x4_p W[16], S[8], vm, vk; size_t blocks = length / SHA256::BLOCKSIZE; while (blocks--) { - unsigned int i, offset=0; + unsigned int offset=0; S[A] = abcd; S[E] = efgh; - S[B] = VectorShiftLeft<4>(S[A]); - S[F] = VectorShiftLeft<4>(S[E]); - S[C] = VectorShiftLeft<4>(S[B]); - S[G] = VectorShiftLeft<4>(S[F]); - S[D] = VectorShiftLeft<4>(S[C]); - S[H] = VectorShiftLeft<4>(S[G]); + S[B] = VecShiftLeftOctet<4>(S[A]); + S[F] = VecShiftLeftOctet<4>(S[E]); + S[C] = VecShiftLeftOctet<4>(S[B]); + S[G] = VecShiftLeftOctet<4>(S[F]); + S[D] = VecShiftLeftOctet<4>(S[C]); + S[H] = VecShiftLeftOctet<4>(S[G]); - // Unroll the loop to provide the round number as a constexpr - // for (unsigned int i=0; i<16; ++i) - { - vk = VectorLoad32x4(k, offset); - vm = VectorLoadMsg32x4(m, offset); - SHA256_ROUND1<0>(W,S, vk,vm); - offset+=16; + // Rounds 0-16 + vk = VecLoad(offset, k); + vm = VecLoad32(m, offset); + SHA256_ROUND1<0>(W,S, vk,vm); + offset+=16; - vk = VectorShiftLeft<4>(vk); - vm = VectorShiftLeft<4>(vm); - SHA256_ROUND1<1>(W,S, vk,vm); + vk = VecShiftLeftOctet<4>(vk); + vm = VecShiftLeftOctet<4>(vm); + SHA256_ROUND1<1>(W,S, vk,vm); - vk = VectorShiftLeft<4>(vk); - vm = VectorShiftLeft<4>(vm); - SHA256_ROUND1<2>(W,S, vk,vm); + vk = VecShiftLeftOctet<4>(vk); + vm = VecShiftLeftOctet<4>(vm); + SHA256_ROUND1<2>(W,S, vk,vm); - vk = VectorShiftLeft<4>(vk); - vm = VectorShiftLeft<4>(vm); - SHA256_ROUND1<3>(W,S, vk,vm); + vk = VecShiftLeftOctet<4>(vk); + vm = VecShiftLeftOctet<4>(vm); + SHA256_ROUND1<3>(W,S, vk,vm); - vk = VectorLoad32x4(k, offset); - vm = VectorLoadMsg32x4(m, offset); - SHA256_ROUND1<4>(W,S, vk,vm); - offset+=16; + vk = VecLoad(offset, k); + vm = VecLoad32(m, offset); + SHA256_ROUND1<4>(W,S, vk,vm); + offset+=16; - vk = VectorShiftLeft<4>(vk); - vm = VectorShiftLeft<4>(vm); - SHA256_ROUND1<5>(W,S, vk,vm); + vk = VecShiftLeftOctet<4>(vk); + vm = VecShiftLeftOctet<4>(vm); + SHA256_ROUND1<5>(W,S, vk,vm); - vk = VectorShiftLeft<4>(vk); - vm = VectorShiftLeft<4>(vm); - SHA256_ROUND1<6>(W,S, vk,vm); + vk = VecShiftLeftOctet<4>(vk); + vm = VecShiftLeftOctet<4>(vm); + SHA256_ROUND1<6>(W,S, vk,vm); - vk = VectorShiftLeft<4>(vk); - vm = VectorShiftLeft<4>(vm); - SHA256_ROUND1<7>(W,S, vk,vm); + vk = VecShiftLeftOctet<4>(vk); + vm = VecShiftLeftOctet<4>(vm); + SHA256_ROUND1<7>(W,S, vk,vm); - vk = VectorLoad32x4(k, offset); - vm = VectorLoadMsg32x4(m, offset); - SHA256_ROUND1<8>(W,S, vk,vm); - offset+=16; + vk = VecLoad(offset, k); + vm = VecLoad32(m, offset); + SHA256_ROUND1<8>(W,S, vk,vm); + offset+=16; - vk = VectorShiftLeft<4>(vk); - vm = VectorShiftLeft<4>(vm); - SHA256_ROUND1<9>(W,S, vk,vm); + vk = VecShiftLeftOctet<4>(vk); + vm = VecShiftLeftOctet<4>(vm); + SHA256_ROUND1<9>(W,S, vk,vm); - vk = VectorShiftLeft<4>(vk); - vm = VectorShiftLeft<4>(vm); - SHA256_ROUND1<10>(W,S, vk,vm); + vk = VecShiftLeftOctet<4>(vk); + vm = VecShiftLeftOctet<4>(vm); + SHA256_ROUND1<10>(W,S, vk,vm); - vk = VectorShiftLeft<4>(vk); - vm = VectorShiftLeft<4>(vm); - SHA256_ROUND1<11>(W,S, vk,vm); + vk = VecShiftLeftOctet<4>(vk); + vm = VecShiftLeftOctet<4>(vm); + SHA256_ROUND1<11>(W,S, vk,vm); - vk = VectorLoad32x4(k, offset); - vm = VectorLoadMsg32x4(m, offset); - SHA256_ROUND1<12>(W,S, vk,vm); - offset+=16; + vk = VecLoad(offset, k); + vm = VecLoad32(m, offset); + SHA256_ROUND1<12>(W,S, vk,vm); + offset+=16; - vk = VectorShiftLeft<4>(vk); - vm = VectorShiftLeft<4>(vm); - SHA256_ROUND1<13>(W,S, vk,vm); + vk = VecShiftLeftOctet<4>(vk); + vm = VecShiftLeftOctet<4>(vm); + SHA256_ROUND1<13>(W,S, vk,vm); - vk = VectorShiftLeft<4>(vk); - vm = VectorShiftLeft<4>(vm); - SHA256_ROUND1<14>(W,S, vk,vm); + vk = VecShiftLeftOctet<4>(vk); + vm = VecShiftLeftOctet<4>(vm); + SHA256_ROUND1<14>(W,S, vk,vm); - vk = VectorShiftLeft<4>(vk); - vm = VectorShiftLeft<4>(vm); - SHA256_ROUND1<15>(W,S, vk,vm); - } + vk = VecShiftLeftOctet<4>(vk); + vm = VecShiftLeftOctet<4>(vm); + SHA256_ROUND1<15>(W,S, vk,vm); m += 16; // 32-bit words, not bytes - for (i=16; i<64; i+=16) + // Rounds 16-64 + for (unsigned int i=16; i<64; i+=16) { - vk = VectorLoad32x4(k, offset); + vk = VecLoad(offset, k); SHA256_ROUND2<0>(W,S, vk); - SHA256_ROUND2<1>(W,S, VectorShiftLeft<4>(vk)); - SHA256_ROUND2<2>(W,S, VectorShiftLeft<8>(vk)); - SHA256_ROUND2<3>(W,S, VectorShiftLeft<12>(vk)); + SHA256_ROUND2<1>(W,S, VecShiftLeftOctet<4>(vk)); + SHA256_ROUND2<2>(W,S, VecShiftLeftOctet<8>(vk)); + SHA256_ROUND2<3>(W,S, VecShiftLeftOctet<12>(vk)); offset+=16; - vk = VectorLoad32x4(k, offset); + vk = VecLoad(offset, k); SHA256_ROUND2<4>(W,S, vk); - SHA256_ROUND2<5>(W,S, VectorShiftLeft<4>(vk)); - SHA256_ROUND2<6>(W,S, VectorShiftLeft<8>(vk)); - SHA256_ROUND2<7>(W,S, VectorShiftLeft<12>(vk)); + SHA256_ROUND2<5>(W,S, VecShiftLeftOctet<4>(vk)); + SHA256_ROUND2<6>(W,S, VecShiftLeftOctet<8>(vk)); + SHA256_ROUND2<7>(W,S, VecShiftLeftOctet<12>(vk)); offset+=16; - vk = VectorLoad32x4(k, offset); + vk = VecLoad(offset, k); SHA256_ROUND2<8>(W,S, vk); - SHA256_ROUND2<9>(W,S, VectorShiftLeft<4>(vk)); - SHA256_ROUND2<10>(W,S, VectorShiftLeft<8>(vk)); - SHA256_ROUND2<11>(W,S, VectorShiftLeft<12>(vk)); + SHA256_ROUND2<9>(W,S, VecShiftLeftOctet<4>(vk)); + SHA256_ROUND2<10>(W,S, VecShiftLeftOctet<8>(vk)); + SHA256_ROUND2<11>(W,S, VecShiftLeftOctet<12>(vk)); offset+=16; - vk = VectorLoad32x4(k, offset); + vk = VecLoad(offset, k); SHA256_ROUND2<12>(W,S, vk); - SHA256_ROUND2<13>(W,S, VectorShiftLeft<4>(vk)); - SHA256_ROUND2<14>(W,S, VectorShiftLeft<8>(vk)); - SHA256_ROUND2<15>(W,S, VectorShiftLeft<12>(vk)); + SHA256_ROUND2<13>(W,S, VecShiftLeftOctet<4>(vk)); + SHA256_ROUND2<14>(W,S, VecShiftLeftOctet<8>(vk)); + SHA256_ROUND2<15>(W,S, VecShiftLeftOctet<12>(vk)); offset+=16; } @@ -1300,146 +1223,76 @@ void SHA256_HashMultipleBlocks_POWER8(word32 *state, const word32 *data, size_t efgh += VectorPack(S[E],S[F],S[G],S[H]); } - VectorStore32x4u(abcd, state+0, 0); - VectorStore32x4u(efgh, state+4, 0); + VecStore32(abcd, state+0); + VecStore32(efgh, state+4); } -static inline -uint64x2_p8 VectorPermute64x2(const uint64x2_p8 val, const uint8x16_p8 mask) +inline +void VecStore64(const uint64x2_p val, word64* data) { - return (uint64x2_p8)vec_perm(val, val, mask); + VecStore(val, data); } -// Aligned load -template static inline -uint64x2_p8 VectorLoad64x2(const T* data, int offset) +inline +uint64x2_p VecLoad64(const word64* data, int offset) { - return (uint64x2_p8)vec_ld(offset, (const uint8_t*)data); -} - -// Unaligned load -template static inline -uint64x2_p8 VectorLoad64x2u(const T* data, int offset) -{ -#if defined(CRYPTOPP_XLC_VERSION) - return (uint64x2_p8)vec_xl(offset, (const uint8_t*)data); +#if (CRYPTOPP_LITTLE_ENDIAN) + const uint8x16_p mask = {0,1,2,3, 4,5,6,7, 8,9,10,11, 12,13,14,15}; + return VecPermute(VecLoad(offset, data), mask); #else - return (uint64x2_p8)vec_vsx_ld(offset, (const uint8_t*)data); + return VecLoad(offset, data); #endif } -// Aligned store -template static inline -void VectorStore64x2(const uint64x2_p8 val, T* data, int offset) -{ - vec_st((uint8x16_p8)val, offset, (uint8_t*)data); -} - -// Unaligned store -template static inline -void VectorStore64x2u(const uint64x2_p8 val, T* data, int offset) -{ -#if defined(CRYPTOPP_XLC_VERSION) - vec_xst((uint8x16_p8)val, offset, (uint8_t*)data); -#else - vec_vsx_st((uint8x16_p8)val, offset, (uint8_t*)data); -#endif -} - -// Unaligned load of a user message. The load is big-endian, -// and then the message is permuted for 32-bit words. -template static inline -uint64x2_p8 VectorLoadMsg64x2(const T* data, int offset) -{ -#if defined(CRYPTOPP_LITTLE_ENDIAN) - const uint8x16_p8 mask = {0,1,2,3, 4,5,6,7, 8,9,10,11, 12,13,14,15}; - return VectorPermute64x2(VectorLoad64x2u(data, offset), mask); -#else - return VectorLoad64x2u(data, offset); -#endif -} - -static inline -uint64x2_p8 VectorCh(const uint64x2_p8 x, const uint64x2_p8 y, const uint64x2_p8 z) +inline +uint64x2_p VectorCh(const uint64x2_p x, const uint64x2_p y, const uint64x2_p z) { // The trick below is due to Andy Polyakov and Jack Lloyd return vec_sel(z,y,x); } -static inline -uint64x2_p8 VectorMaj(const uint64x2_p8 x, const uint64x2_p8 y, const uint64x2_p8 z) +inline +uint64x2_p VectorMaj(const uint64x2_p x, const uint64x2_p y, const uint64x2_p z) { // The trick below is due to Andy Polyakov and Jack Lloyd - return vec_sel(y, z, vec_xor(x, y)); + return vec_sel(y, z, VecXor(x, y)); } -static inline -uint64x2_p8 Vector_sigma0(const uint64x2_p8 val) +inline +uint64x2_p Vector_sigma0(const uint64x2_p val) { -#if defined(CRYPTOPP_XLC_VERSION) - return __vshasigmad(val, 0, 0); -#else - return __builtin_crypto_vshasigmad(val, 0, 0); -#endif + return VecSHA512<0,0>(val); } -static inline -uint64x2_p8 Vector_sigma1(const uint64x2_p8 val) +inline +uint64x2_p Vector_sigma1(const uint64x2_p val) { -#if defined(CRYPTOPP_XLC_VERSION) - return __vshasigmad(val, 0, 0xf); -#else - return __builtin_crypto_vshasigmad(val, 0, 0xf); -#endif + return VecSHA512<0,0xf>(val); } -static inline -uint64x2_p8 VectorSigma0(const uint64x2_p8 val) +inline +uint64x2_p VectorSigma0(const uint64x2_p val) { -#if defined(CRYPTOPP_XLC_VERSION) - return __vshasigmad(val, 1, 0); -#else - return __builtin_crypto_vshasigmad(val, 1, 0); -#endif + return VecSHA512<1,0>(val); } -static inline -uint64x2_p8 VectorSigma1(const uint64x2_p8 val) +inline +uint64x2_p VectorSigma1(const uint64x2_p val) { -#if defined(CRYPTOPP_XLC_VERSION) - return __vshasigmad(val, 1, 0xf); -#else - return __builtin_crypto_vshasigmad(val, 1, 0xf); -#endif + return VecSHA512<1,0xf>(val); } -static inline -uint64x2_p8 VectorPack(const uint64x2_p8 x, const uint64x2_p8 y) +inline +uint64x2_p VectorPack(const uint64x2_p x, const uint64x2_p y) { - const uint8x16_p8 m = {0,1,2,3, 4,5,6,7, 16,17,18,19, 20,21,22,23}; - return vec_perm(x,y,m); + const uint8x16_p m = {0,1,2,3, 4,5,6,7, 16,17,18,19, 20,21,22,23}; + return VecPermute(x,y,m); } -template static inline -uint64x2_p8 VectorShiftLeft(const uint64x2_p8 val) +template inline +void SHA512_ROUND1(uint64x2_p W[16], uint64x2_p S[8], const uint64x2_p K, const uint64x2_p M) { -#if (defined(CRYPTOPP_LITTLE_ENDIAN)) - return (uint64x2_p8)vec_sld((uint8x16_p8)val, (uint8x16_p8)val, (16-L)&0xf); -#else - return (uint64x2_p8)vec_sld((uint8x16_p8)val, (uint8x16_p8)val, L&0xf); -#endif -} - -template <> -uint64x2_p8 VectorShiftLeft<0>(const uint64x2_p8 val) { return val; } - -template <> -uint64x2_p8 VectorShiftLeft<16>(const uint64x2_p8 val) { return val; } - -template static inline -void SHA512_ROUND1(uint64x2_p8 W[16], uint64x2_p8 S[8], const uint64x2_p8 K, const uint64x2_p8 M) -{ - uint64x2_p8 T1, T2; + uint64x2_p T1, T2; W[R] = M; T1 = S[H] + VectorSigma1(S[E]) + VectorCh(S[E],S[F],S[G]) + K + M; @@ -1451,18 +1304,18 @@ void SHA512_ROUND1(uint64x2_p8 W[16], uint64x2_p8 S[8], const uint64x2_p8 K, con S[A] = T1 + T2; } -template static inline -void SHA512_ROUND2(uint64x2_p8 W[16], uint64x2_p8 S[8], const uint64x2_p8 K) +template inline +void SHA512_ROUND2(uint64x2_p W[16], uint64x2_p S[8], const uint64x2_p K) { // Indexes into the W[] array enum {IDX0=(R+0)&0xf, IDX1=(R+1)&0xf, IDX9=(R+9)&0xf, IDX14=(R+14)&0xf}; - const uint64x2_p8 s0 = Vector_sigma0(W[IDX1]); - const uint64x2_p8 s1 = Vector_sigma1(W[IDX14]); + const uint64x2_p s0 = Vector_sigma0(W[IDX1]); + const uint64x2_p s1 = Vector_sigma1(W[IDX14]); - uint64x2_p8 T1 = (W[IDX0] += s0 + s1 + W[IDX9]); + uint64x2_p T1 = (W[IDX0] += s0 + s1 + W[IDX9]); T1 += S[H] + VectorSigma1(S[E]) + VectorCh(S[E],S[F],S[G]) + K; - uint64x2_p8 T2 = VectorSigma0(S[A]) + VectorMaj(S[A],S[B],S[C]); + uint64x2_p T2 = VectorSigma0(S[A]) + VectorMaj(S[A],S[B],S[C]); S[H] = S[G]; S[G] = S[F]; S[F] = S[E]; S[E] = S[D] + T1; @@ -1479,142 +1332,140 @@ void SHA512_HashMultipleBlocks_POWER8(word64 *state, const word64 *data, size_t const uint64_t* k = reinterpret_cast(SHA512_K); const uint64_t* m = reinterpret_cast(data); - uint64x2_p8 ab = VectorLoad64x2u(state+0, 0); - uint64x2_p8 cd = VectorLoad64x2u(state+2, 0); - uint64x2_p8 ef = VectorLoad64x2u(state+4, 0); - uint64x2_p8 gh = VectorLoad64x2u(state+6, 0); - uint64x2_p8 W[16], S[8], vm, vk; + uint64x2_p ab = VecLoad(state+0); + uint64x2_p cd = VecLoad(state+2); + uint64x2_p ef = VecLoad(state+4); + uint64x2_p gh = VecLoad(state+6); + uint64x2_p W[16], S[8], vm, vk; size_t blocks = length / SHA512::BLOCKSIZE; while (blocks--) { - unsigned int i, offset=0; + unsigned int offset=0; S[A] = ab; S[C] = cd; S[E] = ef; S[G] = gh; - S[B] = VectorShiftLeft<8>(S[A]); - S[D] = VectorShiftLeft<8>(S[C]); - S[F] = VectorShiftLeft<8>(S[E]); - S[H] = VectorShiftLeft<8>(S[G]); + S[B] = VecShiftLeftOctet<8>(S[A]); + S[D] = VecShiftLeftOctet<8>(S[C]); + S[F] = VecShiftLeftOctet<8>(S[E]); + S[H] = VecShiftLeftOctet<8>(S[G]); - // Unroll the loop to provide the round number as a constexpr - // for (unsigned int i=0; i<16; ++i) - { - vk = VectorLoad64x2(k, offset); - vm = VectorLoadMsg64x2(m, offset); - SHA512_ROUND1<0>(W,S, vk,vm); - offset+=16; + // Rounds 0-16 + vk = VecLoad(offset, k); + vm = VecLoad64(m, offset); + SHA512_ROUND1<0>(W,S, vk,vm); + offset+=16; - vk = VectorShiftLeft<8>(vk); - vm = VectorShiftLeft<8>(vm); - SHA512_ROUND1<1>(W,S, vk,vm); + vk = VecShiftLeftOctet<8>(vk); + vm = VecShiftLeftOctet<8>(vm); + SHA512_ROUND1<1>(W,S, vk,vm); - vk = VectorLoad64x2(k, offset); - vm = VectorLoadMsg64x2(m, offset); - SHA512_ROUND1<2>(W,S, vk,vm); - offset+=16; + vk = VecLoad(offset, k); + vm = VecLoad64(m, offset); + SHA512_ROUND1<2>(W,S, vk,vm); + offset+=16; - vk = VectorShiftLeft<8>(vk); - vm = VectorShiftLeft<8>(vm); - SHA512_ROUND1<3>(W,S, vk,vm); + vk = VecShiftLeftOctet<8>(vk); + vm = VecShiftLeftOctet<8>(vm); + SHA512_ROUND1<3>(W,S, vk,vm); - vk = VectorLoad64x2(k, offset); - vm = VectorLoadMsg64x2(m, offset); - SHA512_ROUND1<4>(W,S, vk,vm); - offset+=16; + vk = VecLoad(offset, k); + vm = VecLoad64(m, offset); + SHA512_ROUND1<4>(W,S, vk,vm); + offset+=16; - vk = VectorShiftLeft<8>(vk); - vm = VectorShiftLeft<8>(vm); - SHA512_ROUND1<5>(W,S, vk,vm); + vk = VecShiftLeftOctet<8>(vk); + vm = VecShiftLeftOctet<8>(vm); + SHA512_ROUND1<5>(W,S, vk,vm); - vk = VectorLoad64x2(k, offset); - vm = VectorLoadMsg64x2(m, offset); - SHA512_ROUND1<6>(W,S, vk,vm); - offset+=16; + vk = VecLoad(offset, k); + vm = VecLoad64(m, offset); + SHA512_ROUND1<6>(W,S, vk,vm); + offset+=16; - vk = VectorShiftLeft<8>(vk); - vm = VectorShiftLeft<8>(vm); - SHA512_ROUND1<7>(W,S, vk,vm); + vk = VecShiftLeftOctet<8>(vk); + vm = VecShiftLeftOctet<8>(vm); + SHA512_ROUND1<7>(W,S, vk,vm); - vk = VectorLoad64x2(k, offset); - vm = VectorLoadMsg64x2(m, offset); - SHA512_ROUND1<8>(W,S, vk,vm); - offset+=16; + vk = VecLoad(offset, k); + vm = VecLoad64(m, offset); + SHA512_ROUND1<8>(W,S, vk,vm); + offset+=16; - vk = VectorShiftLeft<8>(vk); - vm = VectorShiftLeft<8>(vm); - SHA512_ROUND1<9>(W,S, vk,vm); + vk = VecShiftLeftOctet<8>(vk); + vm = VecShiftLeftOctet<8>(vm); + SHA512_ROUND1<9>(W,S, vk,vm); - vk = VectorLoad64x2(k, offset); - vm = VectorLoadMsg64x2(m, offset); - SHA512_ROUND1<10>(W,S, vk,vm); - offset+=16; + vk = VecLoad(offset, k); + vm = VecLoad64(m, offset); + SHA512_ROUND1<10>(W,S, vk,vm); + offset+=16; - vk = VectorShiftLeft<8>(vk); - vm = VectorShiftLeft<8>(vm); - SHA512_ROUND1<11>(W,S, vk,vm); + vk = VecShiftLeftOctet<8>(vk); + vm = VecShiftLeftOctet<8>(vm); + SHA512_ROUND1<11>(W,S, vk,vm); - vk = VectorLoad64x2(k, offset); - vm = VectorLoadMsg64x2(m, offset); - SHA512_ROUND1<12>(W,S, vk,vm); - offset+=16; + vk = VecLoad(offset, k); + vm = VecLoad64(m, offset); + SHA512_ROUND1<12>(W,S, vk,vm); + offset+=16; - vk = VectorShiftLeft<8>(vk); - vm = VectorShiftLeft<8>(vm); - SHA512_ROUND1<13>(W,S, vk,vm); + vk = VecShiftLeftOctet<8>(vk); + vm = VecShiftLeftOctet<8>(vm); + SHA512_ROUND1<13>(W,S, vk,vm); - vk = VectorLoad64x2(k, offset); - vm = VectorLoadMsg64x2(m, offset); - SHA512_ROUND1<14>(W,S, vk,vm); - offset+=16; + vk = VecLoad(offset, k); + vm = VecLoad64(m, offset); + SHA512_ROUND1<14>(W,S, vk,vm); + offset+=16; - vk = VectorShiftLeft<8>(vk); - vm = VectorShiftLeft<8>(vm); - SHA512_ROUND1<15>(W,S, vk,vm); - } + vk = VecShiftLeftOctet<8>(vk); + vm = VecShiftLeftOctet<8>(vm); + SHA512_ROUND1<15>(W,S, vk,vm); m += 16; // 64-bit words, not bytes - for (i=16 ; i<80; i+=16) + // Rounds 16-80 + for (unsigned int i=16; i<80; i+=16) { - vk = VectorLoad64x2(k, offset); + vk = VecLoad(offset, k); SHA512_ROUND2<0>(W,S, vk); - SHA512_ROUND2<1>(W,S, VectorShiftLeft<8>(vk)); + SHA512_ROUND2<1>(W,S, VecShiftLeftOctet<8>(vk)); offset+=16; - vk = VectorLoad64x2(k, offset); + vk = VecLoad(offset, k); SHA512_ROUND2<2>(W,S, vk); - SHA512_ROUND2<3>(W,S, VectorShiftLeft<8>(vk)); + SHA512_ROUND2<3>(W,S, VecShiftLeftOctet<8>(vk)); offset+=16; - vk = VectorLoad64x2(k, offset); + vk = VecLoad(offset, k); SHA512_ROUND2<4>(W,S, vk); - SHA512_ROUND2<5>(W,S, VectorShiftLeft<8>(vk)); + SHA512_ROUND2<5>(W,S, VecShiftLeftOctet<8>(vk)); offset+=16; - vk = VectorLoad64x2(k, offset); + vk = VecLoad(offset, k); SHA512_ROUND2<6>(W,S, vk); - SHA512_ROUND2<7>(W,S, VectorShiftLeft<8>(vk)); + SHA512_ROUND2<7>(W,S, VecShiftLeftOctet<8>(vk)); offset+=16; - vk = VectorLoad64x2(k, offset); + vk = VecLoad(offset, k); SHA512_ROUND2<8>(W,S, vk); - SHA512_ROUND2<9>(W,S, VectorShiftLeft<8>(vk)); + SHA512_ROUND2<9>(W,S, VecShiftLeftOctet<8>(vk)); offset+=16; - vk = VectorLoad64x2(k, offset); + vk = VecLoad(offset, k); SHA512_ROUND2<10>(W,S, vk); - SHA512_ROUND2<11>(W,S, VectorShiftLeft<8>(vk)); + SHA512_ROUND2<11>(W,S, VecShiftLeftOctet<8>(vk)); offset+=16; - vk = VectorLoad64x2(k, offset); + vk = VecLoad(offset, k); SHA512_ROUND2<12>(W,S, vk); - SHA512_ROUND2<13>(W,S, VectorShiftLeft<8>(vk)); + SHA512_ROUND2<13>(W,S, VecShiftLeftOctet<8>(vk)); offset+=16; - vk = VectorLoad64x2(k, offset); + vk = VecLoad(offset, k); SHA512_ROUND2<14>(W,S, vk); - SHA512_ROUND2<15>(W,S, VectorShiftLeft<8>(vk)); + SHA512_ROUND2<15>(W,S, VecShiftLeftOctet<8>(vk)); offset+=16; } @@ -1624,10 +1475,10 @@ void SHA512_HashMultipleBlocks_POWER8(word64 *state, const word64 *data, size_t gh += VectorPack(S[G],S[H]); } - VectorStore64x2u(ab, state+0, 0); - VectorStore64x2u(cd, state+2, 0); - VectorStore64x2u(ef, state+4, 0); - VectorStore64x2u(gh, state+6, 0); + VecStore64(ab, state+0); + VecStore64(cd, state+2); + VecStore64(ef, state+4); + VecStore64(gh, state+6); } #endif // CRYPTOPP_POWER8_SHA_AVAILABLE diff --git a/vendor/cryptopp/vendor_cryptopp/shacal2.cpp b/vendor/cryptopp/vendor_cryptopp/shacal2.cpp index bdaf644e..37ba9899 100644 --- a/vendor/cryptopp/vendor_cryptopp/shacal2.cpp +++ b/vendor/cryptopp/vendor_cryptopp/shacal2.cpp @@ -44,6 +44,15 @@ extern void SHACAL2_Enc_ProcessAndXorBlock_SHANI(const word32* subKeys, const byte *inBlock, const byte *xorBlock, byte *outBlock); #endif +std::string SHACAL2::Base::AlgorithmProvider() const +{ +#if CRYPTOPP_SHANI_AVAILABLE + if (HasSHA()) + return "SHANI"; +#endif + return "C++"; +} + void SHACAL2::Base::UncheckedSetKey(const byte *userKey, unsigned int keylen, const NameValuePairs &) { AssertValidKeyLength(keylen); diff --git a/vendor/cryptopp/vendor_cryptopp/shacal2.h b/vendor/cryptopp/vendor_cryptopp/shacal2.h index 20cb306c..ca0c482c 100644 --- a/vendor/cryptopp/vendor_cryptopp/shacal2.h +++ b/vendor/cryptopp/vendor_cryptopp/shacal2.h @@ -28,6 +28,7 @@ class SHACAL2 : public SHACAL2_Info, public BlockCipherDocumentation class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl { public: + std::string AlgorithmProvider() const; void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); protected: @@ -37,7 +38,7 @@ class SHACAL2 : public SHACAL2_Info, public BlockCipherDocumentation }; /// \brief SHACAL2 block cipher transformation functions - /// \details Provides implementation for encryption transformation + /// \details Encryption transformation class CRYPTOPP_NO_VTABLE Enc : public Base { public: @@ -45,7 +46,7 @@ class SHACAL2 : public SHACAL2_Info, public BlockCipherDocumentation }; /// \brief SHACAL2 block cipher transformation functions - /// \details Provides implementation for decryption transformation + /// \details Decryption transformation class CRYPTOPP_NO_VTABLE Dec : public Base { public: diff --git a/vendor/cryptopp/vendor_cryptopp/shacal2-simd.cpp b/vendor/cryptopp/vendor_cryptopp/shacal2_simd.cpp similarity index 88% rename from vendor/cryptopp/vendor_cryptopp/shacal2-simd.cpp rename to vendor/cryptopp/vendor_cryptopp/shacal2_simd.cpp index 5bcf455d..dd64089c 100644 --- a/vendor/cryptopp/vendor_cryptopp/shacal2-simd.cpp +++ b/vendor/cryptopp/vendor_cryptopp/shacal2_simd.cpp @@ -22,22 +22,13 @@ # include #endif -// Use ARMv8 rather than NEON due to compiler inconsistencies -#if (CRYPTOPP_ARM_SHA_AVAILABLE) -# include -#endif - -// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many -// compilers don't follow ACLE conventions for the include. -#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE) -# include -# include -#endif - // Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670 #define M128_CAST(x) ((__m128i *)(void *)(x)) #define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) +// Squash MS LNK4221 and libtool warnings +extern const char SHACAL2_SIMD_FNAME[] = __FILE__; + NAMESPACE_BEGIN(CryptoPP) #if CRYPTOPP_SHANI_AVAILABLE diff --git a/vendor/cryptopp/vendor_cryptopp/shark.cpp b/vendor/cryptopp/vendor_cryptopp/shark.cpp index a8c304eb..6e3b8da3 100644 --- a/vendor/cryptopp/vendor_cryptopp/shark.cpp +++ b/vendor/cryptopp/vendor_cryptopp/shark.cpp @@ -67,7 +67,7 @@ void SHARK::Base::UncheckedSetKey(const byte *key, unsigned int keyLen, const Na m_roundKeys[i] = SHARKTransform(m_roundKeys[i]); } -#ifdef CRYPTOPP_LITTLE_ENDIAN +#if (CRYPTOPP_LITTLE_ENDIAN) m_roundKeys[0] = ByteReverse(m_roundKeys[0]); m_roundKeys[m_rounds] = ByteReverse(m_roundKeys[m_rounds]); #endif @@ -84,7 +84,7 @@ void SHARK::Enc::InitForKeySetup() m_roundKeys[DEFAULT_ROUNDS] = SHARKTransform(cbox[0][DEFAULT_ROUNDS]); -#ifdef CRYPTOPP_LITTLE_ENDIAN +#if (CRYPTOPP_LITTLE_ENDIAN) m_roundKeys[0] = ByteReverse(m_roundKeys[0]); m_roundKeys[m_rounds] = ByteReverse(m_roundKeys[m_rounds]); #endif diff --git a/vendor/cryptopp/vendor_cryptopp/simeck.cpp b/vendor/cryptopp/vendor_cryptopp/simeck.cpp new file mode 100644 index 00000000..982f5f4a --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/simeck.cpp @@ -0,0 +1,194 @@ +// simeck.cpp - written and placed in the public domain by Gangqiang Yang and Jeffrey Walton. +// Based on "The Simeck Family of Lightweight Block Ciphers" by Gangqiang Yang, +// Bo Zhu, Valentin Suder, Mark D. Aagaard, and Guang Gong + +#include "pch.h" +#include "config.h" + +#include "simeck.h" +#include "misc.h" +#include "cpu.h" + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::rotlConstant; +using CryptoPP::rotrConstant; + +/// \brief SIMECK encryption round +/// \tparam T word type +/// \param key the key for the round or iteration +/// \param left the first value +/// \param right the second value +/// \details SIMECK_Encryption serves as the key schedule, encryption and +/// decryption functions. +template +inline void SIMECK_Encryption(const T key, T& left, T& right) +{ + const T temp = left; + left = (left & rotlConstant<5>(left)) ^ rotlConstant<1>(left) ^ right ^ key; + right = temp; +} + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +#if CRYPTOPP_SIMECK_ADVANCED_PROCESS_BLOCKS +# if (CRYPTOPP_SSSE3_AVAILABLE) +extern size_t SIMECK64_Enc_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); + +extern size_t SIMECK64_Dec_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); +# endif // CRYPTOPP_SSSE3_AVAILABLE +#endif // CRYPTOPP_SIMECK_ADVANCED_PROCESS_BLOCKS + +std::string SIMECK32::Base::AlgorithmProvider() const +{ + return "C++"; +} + +void SIMECK32::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms) +{ + CRYPTOPP_UNUSED(params); + CRYPTOPP_UNUSED(keyLength); + + GetBlock kblock(userKey); + kblock(m_t[3])(m_t[2])(m_t[1])(m_t[0]); + + word16 constant = 0xFFFC; + word32 sequence = 0x9A42BB1F; + for (unsigned int i = 0; i < ROUNDS; ++i) + { + m_rk[i] = m_t[0]; + + constant &= 0xFFFC; + constant |= sequence & 1; + sequence >>= 1; + + SIMECK_Encryption(static_cast(constant), m_t[1], m_t[0]); + + // rotate the LFSR of m_t + m_t[4] = m_t[1]; + m_t[1] = m_t[2]; + m_t[2] = m_t[3]; + m_t[3] = m_t[4]; + } +} + +void SIMECK32::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const +{ + // Do not cast the buffer. It will SIGBUS on some ARM and SPARC. + GetBlock iblock(inBlock); + iblock(m_t[1])(m_t[0]); + + for (int idx = 0; idx < ROUNDS; ++idx) + SIMECK_Encryption(m_rk[idx], m_t[1], m_t[0]); + + PutBlock oblock(xorBlock, outBlock); + oblock(m_t[1])(m_t[0]); +} + +void SIMECK32::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const +{ + // Do not cast the buffer. It will SIGBUS on some ARM and SPARC. + GetBlock iblock(inBlock); + iblock(m_t[0])(m_t[1]); + + for (int idx = ROUNDS - 1; idx >= 0; --idx) + SIMECK_Encryption(m_rk[idx], m_t[1], m_t[0]); + + PutBlock oblock(xorBlock, outBlock); + oblock(m_t[0])(m_t[1]); +} + +std::string SIMECK64::Base::AlgorithmProvider() const +{ +#if (CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) + return "SSSE3"; +#endif + return "C++"; +} + +void SIMECK64::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms) +{ + CRYPTOPP_UNUSED(params); + CRYPTOPP_UNUSED(keyLength); + + GetBlock kblock(userKey); + kblock(m_t[3])(m_t[2])(m_t[1])(m_t[0]); + + word64 constant = W64LIT(0xFFFFFFFC); + word64 sequence = W64LIT(0x938BCA3083F); + for (unsigned int i = 0; i < ROUNDS; ++i) + { + m_rk[i] = m_t[0]; + + constant &= W64LIT(0xFFFFFFFC); + constant |= sequence & 1; + sequence >>= 1; + + SIMECK_Encryption(static_cast(constant), m_t[1], m_t[0]); + + // rotate the LFSR of m_t + m_t[4] = m_t[1]; + m_t[1] = m_t[2]; + m_t[2] = m_t[3]; + m_t[3] = m_t[4]; + } +} + +void SIMECK64::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const +{ + // Do not cast the buffer. It will SIGBUS on some ARM and SPARC. + GetBlock iblock(inBlock); + iblock(m_t[1])(m_t[0]); + + for (int idx = 0; idx < ROUNDS; ++idx) + SIMECK_Encryption(m_rk[idx], m_t[1], m_t[0]); + + PutBlock oblock(xorBlock, outBlock); + oblock(m_t[1])(m_t[0]); +} + +void SIMECK64::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const +{ + // Do not cast the buffer. It will SIGBUS on some ARM and SPARC. + GetBlock iblock(inBlock); + iblock(m_t[0])(m_t[1]); + + for (int idx = ROUNDS - 1; idx >= 0; --idx) + SIMECK_Encryption(m_rk[idx], m_t[1], m_t[0]); + + PutBlock oblock(xorBlock, outBlock); + oblock(m_t[0])(m_t[1]); +} + +#if CRYPTOPP_SIMECK_ADVANCED_PROCESS_BLOCKS +size_t SIMECK64::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, + byte *outBlocks, size_t length, word32 flags) const +{ +# if (CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) { + return SIMECK64_Enc_AdvancedProcessBlocks_SSSE3(m_rk, ROUNDS, + inBlocks, xorBlocks, outBlocks, length, flags); + } +# endif // CRYPTOPP_SSSE3_AVAILABLE + return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t SIMECK64::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, + byte *outBlocks, size_t length, word32 flags) const +{ +# if (CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) { + return SIMECK64_Dec_AdvancedProcessBlocks_SSSE3(m_rk, ROUNDS, + inBlocks, xorBlocks, outBlocks, length, flags); + } +# endif // CRYPTOPP_SSSE3_AVAILABLE + return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_SIMECK_ADVANCED_PROCESS_BLOCKS + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/simeck.h b/vendor/cryptopp/vendor_cryptopp/simeck.h new file mode 100644 index 00000000..e7c84b01 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/simeck.h @@ -0,0 +1,172 @@ +// simeck.h - written and placed in the public domain by Gangqiang Yang and Jeffrey Walton. +// Based on "The Simeck Family of Lightweight Block Ciphers" by Gangqiang Yang, +// Bo Zhu, Valentin Suder, Mark D. Aagaard, and Guang Gong + +/// \file simeck.h +/// \brief Classes for the SIMECK block cipher +/// \sa SIMECK, +/// The Simeck +/// Family of Lightweight Block Ciphers +/// \since Crypto++ 8.0 + +#ifndef CRYPTOPP_SIMECK_H +#define CRYPTOPP_SIMECK_H + +#include "config.h" +#include "seckey.h" +#include "secblock.h" +#include "algparam.h" + +#if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86) +# define CRYPTOPP_SIMECK_ADVANCED_PROCESS_BLOCKS 1 +#endif + +// Yet another SunStudio/SunCC workaround. Failed self tests +// in SSE code paths on i386 for SunStudio 12.3 and below. +#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5120) +# undef CRYPTOPP_SIMECK_ADVANCED_PROCESS_BLOCKS +#endif + +NAMESPACE_BEGIN(CryptoPP) + +/// \brief SIMECK block cipher information +/// \since Crypto++ 8.0 +struct SIMECK32_Info : public FixedBlockSize<4>, public FixedKeyLength<8>, public FixedRounds<32> +{ + /// \brief The algorithm name + /// \returns the algorithm name + /// \details StaticAlgorithmName returns the algorithm's name as a static + /// member function. + static const std::string StaticAlgorithmName() + { + // Format is Cipher-Blocksize + return "SIMECK-32"; + } +}; + +/// \brief SIMECK block cipher information +/// \since Crypto++ 8.0 +struct SIMECK64_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public FixedRounds<44> +{ + /// \brief The algorithm name + /// \returns the algorithm name + /// \details StaticAlgorithmName returns the algorithm's name as a static + /// member function. + static const std::string StaticAlgorithmName() + { + // Format is Cipher-Blocksize + return "SIMECK-64"; + } +}; + +/// \brief SIMECK 32-bit block cipher +/// \details SIMECK32 provides 32-bit block size. The valid key size is 64-bit. +/// \note Crypto++ provides a byte oriented implementation +/// \sa SIMECK64, SIMECK, +/// The Simeck Family of +/// Lightweight Block Ciphers +/// \since Crypto++ 8.0 +class CRYPTOPP_NO_VTABLE SIMECK32 : public SIMECK32_Info, public BlockCipherDocumentation +{ +public: + /// \brief SIMECK block cipher transformation functions + /// \details Provides implementation common to encryption and decryption + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + protected: + void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); + std::string AlgorithmProvider() const; + + FixedSizeSecBlock m_rk; + mutable FixedSizeSecBlock m_t; + }; + + /// \brief Encryption transformation + /// \details Enc provides implementation for encryption transformation. All key and block + /// sizes are supported. + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + /// \brief Encryption transformation + /// \details Dec provides implementation for decryption transformation. All key and block + /// sizes are supported. + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef SIMECK32::Encryption SIMECK32Encryption; +typedef SIMECK32::Decryption SIMECK32Decryption; + +/// \brief SIMECK 64-bit block cipher +/// \details SIMECK64 provides 64-bit block size. The valid key size is 128-bit. +/// \note Crypto++ provides a byte oriented implementation +/// \sa SIMECK32, SIMECK, +/// The Simeck Family of +/// Lightweight Block Ciphers +/// \since Crypto++ 8.0 +class CRYPTOPP_NO_VTABLE SIMECK64 : public SIMECK64_Info, public BlockCipherDocumentation +{ +public: + /// \brief SIMECK block cipher transformation functions + /// \details Provides implementation common to encryption and decryption + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + protected: + void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); + std::string AlgorithmProvider() const; + + FixedSizeSecBlock m_rk; + mutable FixedSizeSecBlock m_t; + }; + + /// \brief Encryption transformation + /// \details Enc provides implementation for encryption transformation. All key and block + /// sizes are supported. + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + +#if CRYPTOPP_SIMECK_ADVANCED_PROCESS_BLOCKS + size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; +#endif + }; + + /// \brief Encryption transformation + /// \details Dec provides implementation for decryption transformation. All key and block + /// sizes are supported. + /// \since Crypto++ 8.0 + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + +#if CRYPTOPP_SIMECK_ADVANCED_PROCESS_BLOCKS + size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; +#endif + }; + + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef SIMECK64::Encryption SIMECK64Encryption; +typedef SIMECK64::Decryption SIMECK64Decryption; + +NAMESPACE_END + +#endif // CRYPTOPP_SIMECK_H diff --git a/vendor/cryptopp/vendor_cryptopp/simeck_simd.cpp b/vendor/cryptopp/vendor_cryptopp/simeck_simd.cpp new file mode 100644 index 00000000..abb4ffbd --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/simeck_simd.cpp @@ -0,0 +1,344 @@ +// simeck_simd.cpp - written and placed in the public domain by Gangqiang Yang and Jeffrey Walton. +// +// This source file uses intrinsics and built-ins to gain access to +// SSSE3, ARM NEON and ARMv8a, and Power7 Altivec instructions. A separate +// source file is needed because additional CXXFLAGS are required to enable +// the appropriate instructions sets in some build configurations. + +#include "pch.h" +#include "config.h" + +#include "simeck.h" +#include "misc.h" +#include "adv_simd.h" + +// Uncomment for benchmarking C++ against SSE or NEON. +// Do so in both simon.cpp and simon-simd.cpp. +// #undef CRYPTOPP_SSSE3_AVAILABLE +// #undef CRYPTOPP_ARM_NEON_AVAILABLE + +#if (CRYPTOPP_SSSE3_AVAILABLE) +# include +# include +#endif + +#if defined(__XOP__) +# include +#endif + +#if defined(__AVX512F__) && defined(__AVX512VL__) +# define CRYPTOPP_AVX512_ROTATE 1 +# include +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char SIMECK_SIMD_FNAME[] = __FILE__; + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::word16; +using CryptoPP::word32; + +#if (CRYPTOPP_SSSE3_AVAILABLE) + +////////////////////////////////////////////////////////////////////////// + +template +inline __m128i RotateLeft32(const __m128i& val) +{ +#if defined(CRYPTOPP_AVX512_ROTATE) + return _mm_rol_epi32(val, R); +#elif defined(__XOP__) + return _mm_roti_epi32(val, R); +#else + return _mm_or_si128( + _mm_slli_epi32(val, R), _mm_srli_epi32(val, 32-R)); +#endif +} + +template +inline __m128i RotateRight32(const __m128i& val) +{ +#if defined(CRYPTOPP_AVX512_ROTATE) + return _mm_ror_epi32(val, R); +#elif defined(__XOP__) + return _mm_roti_epi32(val, 32-R); +#else + return _mm_or_si128( + _mm_slli_epi32(val, 32-R), _mm_srli_epi32(val, R)); +#endif +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +inline __m128i RotateLeft32<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 8); +#else + const __m128i mask = _mm_set_epi8(14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3); + return _mm_shuffle_epi8(val, mask); +#endif +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +inline __m128i RotateRight32<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 32-8); +#else + const __m128i mask = _mm_set_epi8(12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1); + return _mm_shuffle_epi8(val, mask); +#endif +} + +/// \brief Unpack XMM words +/// \tparam IDX the element from each XMM word +/// \param a the first XMM word +/// \param b the second XMM word +/// \param c the third XMM word +/// \param d the fourth XMM word +/// \details UnpackXMM selects the IDX element from a, b, c, d and returns a concatenation +/// equivalent to a[IDX] || b[IDX] || c[IDX] || d[IDX]. +template +inline __m128i UnpackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + // Should not be instantiated + CRYPTOPP_UNUSED(a); CRYPTOPP_UNUSED(b); + CRYPTOPP_UNUSED(c); CRYPTOPP_UNUSED(d); + CRYPTOPP_ASSERT(0); + return _mm_setzero_si128(); +} + +template <> +inline __m128i UnpackXMM<0>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + const __m128i r1 = _mm_unpacklo_epi32(a, b); + const __m128i r2 = _mm_unpacklo_epi32(c, d); + return _mm_shuffle_epi8(_mm_unpacklo_epi64(r1, r2), + _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3)); +} + +template <> +inline __m128i UnpackXMM<1>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + const __m128i r1 = _mm_unpacklo_epi32(a, b); + const __m128i r2 = _mm_unpacklo_epi32(c, d); + return _mm_shuffle_epi8(_mm_unpackhi_epi64(r1, r2), + _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3)); +} + +template <> +inline __m128i UnpackXMM<2>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + const __m128i r1 = _mm_unpackhi_epi32(a, b); + const __m128i r2 = _mm_unpackhi_epi32(c, d); + return _mm_shuffle_epi8(_mm_unpacklo_epi64(r1, r2), + _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3)); +} + +template <> +inline __m128i UnpackXMM<3>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + const __m128i r1 = _mm_unpackhi_epi32(a, b); + const __m128i r2 = _mm_unpackhi_epi32(c, d); + return _mm_shuffle_epi8(_mm_unpackhi_epi64(r1, r2), + _mm_set_epi8(12,13,14,15, 8,9,10,11, 4,5,6,7, 0,1,2,3)); +} + +/// \brief Unpack a XMM word +/// \tparam IDX the element from each XMM word +/// \param v the first XMM word +/// \details UnpackXMM selects the IDX element from v and returns a concatenation +/// equivalent to v[IDX] || v[IDX] || v[IDX] || v[IDX]. +template +inline __m128i UnpackXMM(const __m128i& v) +{ + // Should not be instantiated + CRYPTOPP_UNUSED(v); CRYPTOPP_ASSERT(0); + return _mm_setzero_si128(); +} + +template <> +inline __m128i UnpackXMM<0>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3)); +} + +template <> +inline __m128i UnpackXMM<1>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(4,5,6,7, 4,5,6,7, 4,5,6,7, 4,5,6,7)); +} + +template <> +inline __m128i UnpackXMM<2>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(8,9,10,11, 8,9,10,11, 8,9,10,11, 8,9,10,11)); +} + +template <> +inline __m128i UnpackXMM<3>(const __m128i& v) +{ + return _mm_shuffle_epi8(v, _mm_set_epi8(12,13,14,15, 12,13,14,15, 12,13,14,15, 12,13,14,15)); +} + +template +inline __m128i RepackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + return UnpackXMM(a, b, c, d); +} + +template +inline __m128i RepackXMM(const __m128i& v) +{ + return UnpackXMM(v); +} + +inline void SIMECK64_Encrypt(__m128i &a, __m128i &b, __m128i &c, __m128i &d, const __m128i key) +{ + // SunStudio 12.3 workaround + __m128i s, t; s = a; t = c; + a = _mm_xor_si128(_mm_and_si128(a, RotateLeft32<5>(a)), RotateLeft32<1>(a)); + c = _mm_xor_si128(_mm_and_si128(c, RotateLeft32<5>(c)), RotateLeft32<1>(c)); + a = _mm_xor_si128(a, _mm_xor_si128(b, key)); + c = _mm_xor_si128(c, _mm_xor_si128(d, key)); + b = s; d = t; +} + +inline void SIMECK64_Enc_Block(__m128i &block0, const word32 *subkeys, unsigned int /*rounds*/) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ... + __m128i a = UnpackXMM<0>(block0); + __m128i b = UnpackXMM<1>(block0); + __m128i c = UnpackXMM<2>(block0); + __m128i d = UnpackXMM<3>(block0); + + const unsigned int rounds = 44; + for (int i = 0; i < static_cast(rounds); i += 4) + { + const __m128i key = _mm_loadu_si128((const __m128i*)(subkeys + i)); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(0, 0, 0, 0))); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(1, 1, 1, 1))); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(2, 2, 2, 2))); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(3, 3, 3, 3))); + } + + // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ... + block0 = RepackXMM<0>(a,b,c,d); +} + +inline void SIMECK64_Dec_Block(__m128i &block0, const word32 *subkeys, unsigned int /*rounds*/) +{ + // SIMECK requires a word swap for the decryption transform + __m128i w = _mm_shuffle_epi32(block0, _MM_SHUFFLE(2, 3, 0, 1)); + + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ... + __m128i a = UnpackXMM<0>(w); + __m128i b = UnpackXMM<1>(w); + __m128i c = UnpackXMM<2>(w); + __m128i d = UnpackXMM<3>(w); + + const unsigned int rounds = 44; + for (int i = static_cast(rounds)-1; i >= 0; i -= 4) + { + const __m128i key = _mm_loadu_si128((const __m128i*)(subkeys + i - 3)); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(3, 3, 3, 3))); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(2, 2, 2, 2))); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(1, 1, 1, 1))); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(0, 0, 0, 0))); + } + + // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ... + w = RepackXMM<0>(a,b,c,d); + + block0 = _mm_shuffle_epi32(w, _MM_SHUFFLE(2, 3, 0, 1)); +} + +inline void SIMECK64_Enc_4_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, const word32 *subkeys, unsigned int /*rounds*/) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ... + __m128i a = UnpackXMM<0>(block0, block1, block2, block3); + __m128i b = UnpackXMM<1>(block0, block1, block2, block3); + __m128i c = UnpackXMM<2>(block0, block1, block2, block3); + __m128i d = UnpackXMM<3>(block0, block1, block2, block3); + + const unsigned int rounds = 44; + for (int i = 0; i < static_cast(rounds); i += 4) + { + const __m128i key = _mm_loadu_si128((const __m128i*)(subkeys + i)); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(0, 0, 0, 0))); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(1, 1, 1, 1))); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(2, 2, 2, 2))); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(3, 3, 3, 3))); + } + + // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ... + block0 = RepackXMM<0>(a, b, c, d); + block1 = RepackXMM<1>(a, b, c, d); + block2 = RepackXMM<2>(a, b, c, d); + block3 = RepackXMM<3>(a, b, c, d); +} + +inline void SIMECK64_Dec_4_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, const word32 *subkeys, unsigned int /*rounds*/) +{ + // SIMECK requires a word swap for the decryption transform + __m128i w = _mm_shuffle_epi32(block0, _MM_SHUFFLE(2, 3, 0, 1)); + __m128i x = _mm_shuffle_epi32(block1, _MM_SHUFFLE(2, 3, 0, 1)); + __m128i y = _mm_shuffle_epi32(block2, _MM_SHUFFLE(2, 3, 0, 1)); + __m128i z = _mm_shuffle_epi32(block3, _MM_SHUFFLE(2, 3, 0, 1)); + + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 B1 C1 D1][A2 B2 C2 D2] ... + __m128i a = UnpackXMM<0>(w, x, y, z); + __m128i b = UnpackXMM<1>(w, x, y, z); + __m128i c = UnpackXMM<2>(w, x, y, z); + __m128i d = UnpackXMM<3>(w, x, y, z); + + const unsigned int rounds = 44; + for (int i = static_cast(rounds)-1; i >= 0; i -= 4) + { + const __m128i key = _mm_loadu_si128((const __m128i*)(subkeys + i - 3)); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(3, 3, 3, 3))); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(2, 2, 2, 2))); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(1, 1, 1, 1))); + SIMECK64_Encrypt(a, b, c, d, _mm_shuffle_epi32(key, _MM_SHUFFLE(0, 0, 0, 0))); + } + + // [A1 B1 C1 D1][A2 B2 C2 D2] ... => [A1 A2 A3 A4][B1 B2 B3 B4] ... + w = RepackXMM<0>(a, b, c, d); + x = RepackXMM<1>(a, b, c, d); + y = RepackXMM<2>(a, b, c, d); + z = RepackXMM<3>(a, b, c, d); + + block0 = _mm_shuffle_epi32(w, _MM_SHUFFLE(2, 3, 0, 1)); + block1 = _mm_shuffle_epi32(x, _MM_SHUFFLE(2, 3, 0, 1)); + block2 = _mm_shuffle_epi32(y, _MM_SHUFFLE(2, 3, 0, 1)); + block3 = _mm_shuffle_epi32(z, _MM_SHUFFLE(2, 3, 0, 1)); +} + +#endif // CRYPTOPP_SSSE3_AVAILABLE + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +#if defined(CRYPTOPP_SSSE3_AVAILABLE) +size_t SIMECK64_Enc_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_4x1_SSE(SIMECK64_Enc_Block, SIMECK64_Enc_4_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t SIMECK64_Dec_AdvancedProcessBlocks_SSSE3(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_4x1_SSE(SIMECK64_Dec_Block, SIMECK64_Dec_4_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_SSSE3_AVAILABLE + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/simon-simd.cpp b/vendor/cryptopp/vendor_cryptopp/simon-simd.cpp deleted file mode 100644 index 91f10779..00000000 --- a/vendor/cryptopp/vendor_cryptopp/simon-simd.cpp +++ /dev/null @@ -1,1095 +0,0 @@ -// simon-simd.cpp - written and placed in the public domain by Jeffrey Walton -// -// This source file uses intrinsics and built-ins to gain access to -// SSSE3, ARM NEON and ARMv8a, and Power7 Altivec instructions. A separate -// source file is needed because additional CXXFLAGS are required to enable -// the appropriate instructions sets in some build configurations. - -#include "pch.h" -#include "config.h" - -#include "simon.h" -#include "misc.h" -#include "adv-simd.h" - -// Uncomment for benchmarking C++ against SSE or NEON. -// Do so in both simon.cpp and simon-simd.cpp. -// #undef CRYPTOPP_SSSE3_AVAILABLE -// #undef CRYPTOPP_SSE41_AVAILABLE -// #undef CRYPTOPP_ARM_NEON_AVAILABLE - -#if (CRYPTOPP_SSSE3_AVAILABLE) -# include -# include -#endif - -#if (CRYPTOPP_SSE41_AVAILABLE) -# include -#endif - -#if defined(__AVX512F__) && defined(__AVX512VL__) -# define CRYPTOPP_AVX512_ROTATE 1 -# include -#endif - -#if (CRYPTOPP_ARM_NEON_AVAILABLE) -# include -#endif - -// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many -// compilers don't follow ACLE conventions for the include. -#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE) -# include -# include -#endif - -// https://www.spinics.net/lists/gcchelp/msg47735.html and -// https://www.spinics.net/lists/gcchelp/msg47749.html -#if (CRYPTOPP_GCC_VERSION >= 40900) -# define GCC_NO_UBSAN __attribute__ ((no_sanitize_undefined)) -#else -# define GCC_NO_UBSAN -#endif - -ANONYMOUS_NAMESPACE_BEGIN - -using CryptoPP::byte; -using CryptoPP::word32; -using CryptoPP::word64; -using CryptoPP::rotlFixed; -using CryptoPP::rotrFixed; -using CryptoPP::vec_swap; // SunCC - -// *************************** ARM NEON ************************** // - -#if (CRYPTOPP_ARM_NEON_AVAILABLE) - -template -inline T UnpackHigh32(const T& a, const T& b) -{ - const uint32x2_t x(vget_high_u32((uint32x4_t)a)); - const uint32x2_t y(vget_high_u32((uint32x4_t)b)); - const uint32x2x2_t r = vzip_u32(x, y); - return (T)vcombine_u32(r.val[0], r.val[1]); -} - -template -inline T UnpackLow32(const T& a, const T& b) -{ - const uint32x2_t x(vget_low_u32((uint32x4_t)a)); - const uint32x2_t y(vget_low_u32((uint32x4_t)b)); - const uint32x2x2_t r = vzip_u32(x, y); - return (T)vcombine_u32(r.val[0], r.val[1]); -} - -template -inline uint32x4_t RotateLeft32(const uint32x4_t& val) -{ - const uint32x4_t a(vshlq_n_u32(val, R)); - const uint32x4_t b(vshrq_n_u32(val, 32 - R)); - return vorrq_u32(a, b); -} - -template -inline uint32x4_t RotateRight32(const uint32x4_t& val) -{ - const uint32x4_t a(vshlq_n_u32(val, 32 - R)); - const uint32x4_t b(vshrq_n_u32(val, R)); - return vorrq_u32(a, b); -} - -#if defined(__aarch32__) || defined(__aarch64__) -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline uint32x4_t RotateLeft32<8>(const uint32x4_t& val) -{ -#if defined(CRYPTOPP_BIG_ENDIAN) - const uint8_t maskb[16] = { 14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3 }; - const uint8x16_t mask = vld1q_u8(maskb); -#else - const uint8_t maskb[16] = { 3,0,1,2, 7,4,5,6, 11,8,9,10, 15,12,13,14 }; - const uint8x16_t mask = vld1q_u8(maskb); -#endif - - return vreinterpretq_u32_u8( - vqtbl1q_u8(vreinterpretq_u8_u32(val), mask)); -} - -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline uint32x4_t RotateRight32<8>(const uint32x4_t& val) -{ -#if defined(CRYPTOPP_BIG_ENDIAN) - const uint8_t maskb[16] = { 12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1 }; - const uint8x16_t mask = vld1q_u8(maskb); -#else - const uint8_t maskb[16] = { 1,2,3,0, 5,6,7,4, 9,10,11,8, 13,14,14,12 }; - const uint8x16_t mask = vld1q_u8(maskb); -#endif - - return vreinterpretq_u32_u8( - vqtbl1q_u8(vreinterpretq_u8_u32(val), mask)); -} -#endif - -inline uint32x4_t SIMON64_f(const uint32x4_t& val) -{ - return veorq_u32(RotateLeft32<2>(val), - vandq_u32(RotateLeft32<1>(val), RotateLeft32<8>(val))); -} - -inline void SIMON64_Enc_Block(uint32x4_t &block1, uint32x4_t &block0, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. If only a single block is available then - // a Zero block is provided to promote vectorizations. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; - uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; - - for (int i = 0; i < static_cast(rounds & ~1)-1; i += 2) - { - const uint32x4_t rk1 = vld1q_dup_u32(subkeys+i); - y1 = veorq_u32(veorq_u32(y1, SIMON64_f(x1)), rk1); - - const uint32x4_t rk2 = vld1q_dup_u32(subkeys+i+1); - x1 = veorq_u32(veorq_u32(x1, SIMON64_f(y1)), rk2); - } - - if (rounds & 1) - { - const uint32x4_t rk = vld1q_dup_u32(subkeys+rounds-1); - - y1 = veorq_u32(veorq_u32(y1, SIMON64_f(x1)), rk); - std::swap(x1, y1); - } - - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = UnpackLow32(y1, x1); - block1 = UnpackHigh32(y1, x1); -} - -inline void SIMON64_Dec_Block(uint32x4_t &block0, uint32x4_t &block1, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. If only a single block is available then - // a Zero block is provided to promote vectorizations. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; - uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; - - if (rounds & 1) - { - std::swap(x1, y1); - const uint32x4_t rk = vld1q_dup_u32(subkeys + rounds - 1); - - y1 = veorq_u32(veorq_u32(y1, rk), SIMON64_f(x1)); - rounds--; - } - - for (int i = static_cast(rounds-2); i >= 0; i -= 2) - { - const uint32x4_t rk1 = vld1q_dup_u32(subkeys+i+1); - x1 = veorq_u32(veorq_u32(x1, SIMON64_f(y1)), rk1); - - const uint32x4_t rk2 = vld1q_dup_u32(subkeys+i); - y1 = veorq_u32(veorq_u32(y1, SIMON64_f(x1)), rk2); - } - - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = UnpackLow32(y1, x1); - block1 = UnpackHigh32(y1, x1); -} - -inline void SIMON64_Enc_6_Blocks(uint32x4_t &block0, uint32x4_t &block1, - uint32x4_t &block2, uint32x4_t &block3, uint32x4_t &block4, uint32x4_t &block5, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. If only a single block is available then - // a Zero block is provided to promote vectorizations. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; - uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; - uint32x4_t x2 = vuzpq_u32(block2, block3).val[1]; - uint32x4_t y2 = vuzpq_u32(block2, block3).val[0]; - uint32x4_t x3 = vuzpq_u32(block4, block5).val[1]; - uint32x4_t y3 = vuzpq_u32(block4, block5).val[0]; - - for (int i = 0; i < static_cast(rounds & ~1) - 1; i += 2) - { - const uint32x4_t rk1 = vld1q_dup_u32(subkeys+i); - y1 = veorq_u32(veorq_u32(y1, SIMON64_f(x1)), rk1); - y2 = veorq_u32(veorq_u32(y2, SIMON64_f(x2)), rk1); - y3 = veorq_u32(veorq_u32(y3, SIMON64_f(x3)), rk1); - - const uint32x4_t rk2 = vld1q_dup_u32(subkeys+i+1); - x1 = veorq_u32(veorq_u32(x1, SIMON64_f(y1)), rk2); - x2 = veorq_u32(veorq_u32(x2, SIMON64_f(y2)), rk2); - x3 = veorq_u32(veorq_u32(x3, SIMON64_f(y3)), rk2); - } - - if (rounds & 1) - { - const uint32x4_t rk = vld1q_dup_u32(subkeys + rounds - 1); - - y1 = veorq_u32(veorq_u32(y1, SIMON64_f(x1)), rk); - y2 = veorq_u32(veorq_u32(y2, SIMON64_f(x2)), rk); - y3 = veorq_u32(veorq_u32(y3, SIMON64_f(x3)), rk); - std::swap(x1, y1); std::swap(x2, y2); std::swap(x3, y3); - } - - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = UnpackLow32(y1, x1); - block1 = UnpackHigh32(y1, x1); - block2 = UnpackLow32(y2, x2); - block3 = UnpackHigh32(y2, x2); - block4 = UnpackLow32(y3, x3); - block5 = UnpackHigh32(y3, x3); -} - -inline void SIMON64_Dec_6_Blocks(uint32x4_t &block0, uint32x4_t &block1, - uint32x4_t &block2, uint32x4_t &block3, uint32x4_t &block4, uint32x4_t &block5, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. If only a single block is available then - // a Zero block is provided to promote vectorizations. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; - uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; - uint32x4_t x2 = vuzpq_u32(block2, block3).val[1]; - uint32x4_t y2 = vuzpq_u32(block2, block3).val[0]; - uint32x4_t x3 = vuzpq_u32(block4, block5).val[1]; - uint32x4_t y3 = vuzpq_u32(block4, block5).val[0]; - - if (rounds & 1) - { - std::swap(x1, y1); std::swap(x2, y2); std::swap(x3, y3); - const uint32x4_t rk = vld1q_dup_u32(subkeys + rounds - 1); - - y1 = veorq_u32(veorq_u32(y1, rk), SIMON64_f(x1)); - y2 = veorq_u32(veorq_u32(y2, rk), SIMON64_f(x2)); - y3 = veorq_u32(veorq_u32(y3, rk), SIMON64_f(x3)); - rounds--; - } - - for (int i = static_cast(rounds-2); i >= 0; i -= 2) - { - const uint32x4_t rk1 = vld1q_dup_u32(subkeys + i + 1); - x1 = veorq_u32(veorq_u32(x1, SIMON64_f(y1)), rk1); - x2 = veorq_u32(veorq_u32(x2, SIMON64_f(y2)), rk1); - x3 = veorq_u32(veorq_u32(x3, SIMON64_f(y3)), rk1); - - const uint32x4_t rk2 = vld1q_dup_u32(subkeys + i); - y1 = veorq_u32(veorq_u32(y1, SIMON64_f(x1)), rk2); - y2 = veorq_u32(veorq_u32(y2, SIMON64_f(x2)), rk2); - y3 = veorq_u32(veorq_u32(y3, SIMON64_f(x3)), rk2); - } - - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = UnpackLow32(y1, x1); - block1 = UnpackHigh32(y1, x1); - block2 = UnpackLow32(y2, x2); - block3 = UnpackHigh32(y2, x2); - block4 = UnpackLow32(y3, x3); - block5 = UnpackHigh32(y3, x3); -} - -#endif // CRYPTOPP_ARM_NEON_AVAILABLE - -#if (CRYPTOPP_ARM_NEON_AVAILABLE) - -template -inline T UnpackHigh64(const T& a, const T& b) -{ - const uint64x1_t x(vget_high_u64((uint64x2_t)a)); - const uint64x1_t y(vget_high_u64((uint64x2_t)b)); - return (T)vcombine_u64(x, y); -} - -template -inline T UnpackLow64(const T& a, const T& b) -{ - const uint64x1_t x(vget_low_u64((uint64x2_t)a)); - const uint64x1_t y(vget_low_u64((uint64x2_t)b)); - return (T)vcombine_u64(x, y); -} - -template -inline uint64x2_t RotateLeft64(const uint64x2_t& val) -{ - const uint64x2_t a(vshlq_n_u64(val, R)); - const uint64x2_t b(vshrq_n_u64(val, 64 - R)); - return vorrq_u64(a, b); -} - -template -inline uint64x2_t RotateRight64(const uint64x2_t& val) -{ - const uint64x2_t a(vshlq_n_u64(val, 64 - R)); - const uint64x2_t b(vshrq_n_u64(val, R)); - return vorrq_u64(a, b); -} - -#if defined(__aarch32__) || defined(__aarch64__) -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline uint64x2_t RotateLeft64<8>(const uint64x2_t& val) -{ -#if defined(CRYPTOPP_BIG_ENDIAN) - const uint8_t maskb[16] = { 14,13,12,11, 10,9,8,15, 6,5,4,3, 2,1,0,7 }; - const uint8x16_t mask = vld1q_u8(maskb); -#else - const uint8_t maskb[16] = { 7,0,1,2, 3,4,5,6, 15,8,9,10, 11,12,13,14 }; - const uint8x16_t mask = vld1q_u8(maskb); -#endif - - return vreinterpretq_u64_u8( - vqtbl1q_u8(vreinterpretq_u8_u64(val), mask)); -} - -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline uint64x2_t RotateRight64<8>(const uint64x2_t& val) -{ -#if defined(CRYPTOPP_BIG_ENDIAN) - const uint8_t maskb[16] = { 8,15,14,13, 12,11,10,9, 0,7,6,5, 4,3,2,1 }; - const uint8x16_t mask = vld1q_u8(maskb); -#else - const uint8_t maskb[16] = { 1,2,3,4, 5,6,7,0, 9,10,11,12, 13,14,15,8 }; - const uint8x16_t mask = vld1q_u8(maskb); -#endif - - return vreinterpretq_u64_u8( - vqtbl1q_u8(vreinterpretq_u8_u64(val), mask)); -} -#endif - -inline uint64x2_t SIMON128_f(const uint64x2_t& val) -{ - return veorq_u64(RotateLeft64<2>(val), - vandq_u64(RotateLeft64<1>(val), RotateLeft64<8>(val))); -} - -inline void SIMON128_Enc_Block(uint64x2_t &block0, uint64x2_t &block1, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - uint64x2_t x1 = UnpackHigh64(block0, block1); - uint64x2_t y1 = UnpackLow64(block0, block1); - - for (int i = 0; i < static_cast(rounds & ~1)-1; i += 2) - { - const uint64x2_t rk1 = vld1q_dup_u64(subkeys+i); - y1 = veorq_u64(veorq_u64(y1, SIMON128_f(x1)), rk1); - - const uint64x2_t rk2 = vld1q_dup_u64(subkeys+i+1); - x1 = veorq_u64(veorq_u64(x1, SIMON128_f(y1)), rk2); - } - - if (rounds & 1) - { - const uint64x2_t rk = vld1q_dup_u64(subkeys+rounds-1); - - y1 = veorq_u64(veorq_u64(y1, SIMON128_f(x1)), rk); - std::swap(x1, y1); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = UnpackLow64(y1, x1); - block1 = UnpackHigh64(y1, x1); -} - -inline void SIMON128_Enc_6_Blocks(uint64x2_t &block0, uint64x2_t &block1, - uint64x2_t &block2, uint64x2_t &block3, uint64x2_t &block4, uint64x2_t &block5, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - uint64x2_t x1 = UnpackHigh64(block0, block1); - uint64x2_t y1 = UnpackLow64(block0, block1); - uint64x2_t x2 = UnpackHigh64(block2, block3); - uint64x2_t y2 = UnpackLow64(block2, block3); - uint64x2_t x3 = UnpackHigh64(block4, block5); - uint64x2_t y3 = UnpackLow64(block4, block5); - - for (int i = 0; i < static_cast(rounds & ~1) - 1; i += 2) - { - const uint64x2_t rk1 = vld1q_dup_u64(subkeys+i); - y1 = veorq_u64(veorq_u64(y1, SIMON128_f(x1)), rk1); - y2 = veorq_u64(veorq_u64(y2, SIMON128_f(x2)), rk1); - y3 = veorq_u64(veorq_u64(y3, SIMON128_f(x3)), rk1); - - const uint64x2_t rk2 = vld1q_dup_u64(subkeys+i+1); - x1 = veorq_u64(veorq_u64(x1, SIMON128_f(y1)), rk2); - x2 = veorq_u64(veorq_u64(x2, SIMON128_f(y2)), rk2); - x3 = veorq_u64(veorq_u64(x3, SIMON128_f(y3)), rk2); - } - - if (rounds & 1) - { - const uint64x2_t rk = vld1q_dup_u64(subkeys + rounds - 1); - - y1 = veorq_u64(veorq_u64(y1, SIMON128_f(x1)), rk); - y2 = veorq_u64(veorq_u64(y2, SIMON128_f(x2)), rk); - y3 = veorq_u64(veorq_u64(y3, SIMON128_f(x3)), rk); - std::swap(x1, y1); std::swap(x2, y2); std::swap(x3, y3); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = UnpackLow64(y1, x1); - block1 = UnpackHigh64(y1, x1); - block2 = UnpackLow64(y2, x2); - block3 = UnpackHigh64(y2, x2); - block4 = UnpackLow64(y3, x3); - block5 = UnpackHigh64(y3, x3); -} - -inline void SIMON128_Dec_Block(uint64x2_t &block0, uint64x2_t &block1, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - uint64x2_t x1 = UnpackHigh64(block0, block1); - uint64x2_t y1 = UnpackLow64(block0, block1); - - if (rounds & 1) - { - std::swap(x1, y1); - const uint64x2_t rk = vld1q_dup_u64(subkeys + rounds - 1); - - y1 = veorq_u64(veorq_u64(y1, rk), SIMON128_f(x1)); - rounds--; - } - - for (int i = static_cast(rounds-2); i >= 0; i -= 2) - { - const uint64x2_t rk1 = vld1q_dup_u64(subkeys+i+1); - x1 = veorq_u64(veorq_u64(x1, SIMON128_f(y1)), rk1); - - const uint64x2_t rk2 = vld1q_dup_u64(subkeys+i); - y1 = veorq_u64(veorq_u64(y1, SIMON128_f(x1)), rk2); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = UnpackLow64(y1, x1); - block1 = UnpackHigh64(y1, x1); -} - -inline void SIMON128_Dec_6_Blocks(uint64x2_t &block0, uint64x2_t &block1, - uint64x2_t &block2, uint64x2_t &block3, uint64x2_t &block4, uint64x2_t &block5, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - uint64x2_t x1 = UnpackHigh64(block0, block1); - uint64x2_t y1 = UnpackLow64(block0, block1); - uint64x2_t x2 = UnpackHigh64(block2, block3); - uint64x2_t y2 = UnpackLow64(block2, block3); - uint64x2_t x3 = UnpackHigh64(block4, block5); - uint64x2_t y3 = UnpackLow64(block4, block5); - - if (rounds & 1) - { - std::swap(x1, y1); std::swap(x2, y2); std::swap(x3, y3); - const uint64x2_t rk = vld1q_dup_u64(subkeys + rounds - 1); - - y1 = veorq_u64(veorq_u64(y1, rk), SIMON128_f(x1)); - y2 = veorq_u64(veorq_u64(y2, rk), SIMON128_f(x2)); - y3 = veorq_u64(veorq_u64(y3, rk), SIMON128_f(x3)); - rounds--; - } - - for (int i = static_cast(rounds-2); i >= 0; i -= 2) - { - const uint64x2_t rk1 = vld1q_dup_u64(subkeys + i + 1); - x1 = veorq_u64(veorq_u64(x1, SIMON128_f(y1)), rk1); - x2 = veorq_u64(veorq_u64(x2, SIMON128_f(y2)), rk1); - x3 = veorq_u64(veorq_u64(x3, SIMON128_f(y3)), rk1); - - const uint64x2_t rk2 = vld1q_dup_u64(subkeys + i); - y1 = veorq_u64(veorq_u64(y1, SIMON128_f(x1)), rk2); - y2 = veorq_u64(veorq_u64(y2, SIMON128_f(x2)), rk2); - y3 = veorq_u64(veorq_u64(y3, SIMON128_f(x3)), rk2); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = UnpackLow64(y1, x1); - block1 = UnpackHigh64(y1, x1); - block2 = UnpackLow64(y2, x2); - block3 = UnpackHigh64(y2, x2); - block4 = UnpackLow64(y3, x3); - block5 = UnpackHigh64(y3, x3); -} - -#endif // CRYPTOPP_ARM_NEON_AVAILABLE - -// ***************************** IA-32 ***************************** // - -#if defined(CRYPTOPP_SSSE3_AVAILABLE) - -// Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670 -#ifndef M128_CAST -# define M128_CAST(x) ((__m128i *)(void *)(x)) -#endif -#ifndef CONST_M128_CAST -# define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) -#endif - -// GCC double casts, https://www.spinics.net/lists/gcchelp/msg47735.html -#ifndef DOUBLE_CAST -# define DOUBLE_CAST(x) ((double *)(void *)(x)) -#endif -#ifndef CONST_DOUBLE_CAST -# define CONST_DOUBLE_CAST(x) ((const double *)(const void *)(x)) -#endif - -inline void Swap128(__m128i& a,__m128i& b) -{ -#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5120) - // __m128i is an unsigned long long[2], and support for swapping it was not added until C++11. - // SunCC 12.1 - 12.3 fail to consume the swap; while SunCC 12.4 consumes it without -std=c++11. - vec_swap(a, b); -#else - std::swap(a, b); -#endif -} - -#if defined(CRYPTOPP_AVX512_ROTATE) -template -inline __m128i RotateLeft64(const __m128i& val) -{ - return _mm_rol_epi64(val, R); -} - -template -inline __m128i RotateRight64(const __m128i& val) -{ - return _mm_ror_epi64(val, R); -} -#else -template -inline __m128i RotateLeft64(const __m128i& val) -{ - return _mm_or_si128( - _mm_slli_epi64(val, R), _mm_srli_epi64(val, 64-R)); -} - -template -inline __m128i RotateRight64(const __m128i& val) -{ - return _mm_or_si128( - _mm_slli_epi64(val, 64-R), _mm_srli_epi64(val, R)); -} - -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline __m128i RotateLeft64<8>(const __m128i& val) -{ - const __m128i mask = _mm_set_epi8(14,13,12,11, 10,9,8,15, 6,5,4,3, 2,1,0,7); - return _mm_shuffle_epi8(val, mask); -} - -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline __m128i RotateRight64<8>(const __m128i& val) -{ - const __m128i mask = _mm_set_epi8(8,15,14,13, 12,11,10,9, 0,7,6,5, 4,3,2,1); - return _mm_shuffle_epi8(val, mask); -} -#endif // CRYPTOPP_AVX512_ROTATE - -inline __m128i SIMON128_f(const __m128i& v) -{ - return _mm_xor_si128(RotateLeft64<2>(v), - _mm_and_si128(RotateLeft64<1>(v), RotateLeft64<8>(v))); -} - -inline void GCC_NO_UBSAN SIMON128_Enc_Block(__m128i &block0, __m128i &block1, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - __m128i x1 = _mm_unpackhi_epi64(block0, block1); - __m128i y1 = _mm_unpacklo_epi64(block0, block1); - - for (int i = 0; i < static_cast(rounds & ~1)-1; i += 2) - { - const __m128i rk1 = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i))); - y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON128_f(x1)), rk1); - - const __m128i rk2 = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i+1))); - x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON128_f(y1)), rk2); - } - - if (rounds & 1) - { - const __m128i rk = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+rounds-1))); - - y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON128_f(x1)), rk); - Swap128(x1, y1); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = _mm_unpacklo_epi64(y1, x1); - block1 = _mm_unpackhi_epi64(y1, x1); -} - -inline void GCC_NO_UBSAN SIMON128_Enc_6_Blocks(__m128i &block0, __m128i &block1, - __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - __m128i x1 = _mm_unpackhi_epi64(block0, block1); - __m128i y1 = _mm_unpacklo_epi64(block0, block1); - __m128i x2 = _mm_unpackhi_epi64(block2, block3); - __m128i y2 = _mm_unpacklo_epi64(block2, block3); - __m128i x3 = _mm_unpackhi_epi64(block4, block5); - __m128i y3 = _mm_unpacklo_epi64(block4, block5); - - for (int i = 0; i < static_cast(rounds & ~1) - 1; i += 2) - { - const __m128i rk1 = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys + i))); - y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON128_f(x1)), rk1); - y2 = _mm_xor_si128(_mm_xor_si128(y2, SIMON128_f(x2)), rk1); - y3 = _mm_xor_si128(_mm_xor_si128(y3, SIMON128_f(x3)), rk1); - - const __m128i rk2 = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys + i + 1))); - x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON128_f(y1)), rk2); - x2 = _mm_xor_si128(_mm_xor_si128(x2, SIMON128_f(y2)), rk2); - x3 = _mm_xor_si128(_mm_xor_si128(x3, SIMON128_f(y3)), rk2); - } - - if (rounds & 1) - { - const __m128i rk = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys + rounds - 1))); - y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON128_f(x1)), rk); - y2 = _mm_xor_si128(_mm_xor_si128(y2, SIMON128_f(x2)), rk); - y3 = _mm_xor_si128(_mm_xor_si128(y3, SIMON128_f(x3)), rk); - Swap128(x1, y1); Swap128(x2, y2); Swap128(x3, y3); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = _mm_unpacklo_epi64(y1, x1); - block1 = _mm_unpackhi_epi64(y1, x1); - block2 = _mm_unpacklo_epi64(y2, x2); - block3 = _mm_unpackhi_epi64(y2, x2); - block4 = _mm_unpacklo_epi64(y3, x3); - block5 = _mm_unpackhi_epi64(y3, x3); -} - -inline void GCC_NO_UBSAN SIMON128_Dec_Block(__m128i &block0, __m128i &block1, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - __m128i x1 = _mm_unpackhi_epi64(block0, block1); - __m128i y1 = _mm_unpacklo_epi64(block0, block1); - - if (rounds & 1) - { - const __m128i rk = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys + rounds - 1))); - - Swap128(x1, y1); - y1 = _mm_xor_si128(_mm_xor_si128(y1, rk), SIMON128_f(x1)); - rounds--; - } - - for (int i = static_cast(rounds-2); i >= 0; i -= 2) - { - const __m128i rk1 = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i+1))); - x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON128_f(y1)), rk1); - - const __m128i rk2 = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i))); - y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON128_f(x1)), rk2); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = _mm_unpacklo_epi64(y1, x1); - block1 = _mm_unpackhi_epi64(y1, x1); -} - -inline void GCC_NO_UBSAN SIMON128_Dec_6_Blocks(__m128i &block0, __m128i &block1, - __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - __m128i x1 = _mm_unpackhi_epi64(block0, block1); - __m128i y1 = _mm_unpacklo_epi64(block0, block1); - __m128i x2 = _mm_unpackhi_epi64(block2, block3); - __m128i y2 = _mm_unpacklo_epi64(block2, block3); - __m128i x3 = _mm_unpackhi_epi64(block4, block5); - __m128i y3 = _mm_unpacklo_epi64(block4, block5); - - if (rounds & 1) - { - const __m128i rk = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys + rounds - 1))); - - Swap128(x1, y1); Swap128(x2, y2); Swap128(x3, y3); - y1 = _mm_xor_si128(_mm_xor_si128(y1, rk), SIMON128_f(x1)); - y2 = _mm_xor_si128(_mm_xor_si128(y2, rk), SIMON128_f(x2)); - y3 = _mm_xor_si128(_mm_xor_si128(y3, rk), SIMON128_f(x3)); - rounds--; - } - - for (int i = static_cast(rounds-2); i >= 0; i -= 2) - { - const __m128i rk1 = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys + i + 1))); - x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON128_f(y1)), rk1); - x2 = _mm_xor_si128(_mm_xor_si128(x2, SIMON128_f(y2)), rk1); - x3 = _mm_xor_si128(_mm_xor_si128(x3, SIMON128_f(y3)), rk1); - - const __m128i rk2 = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys + i))); - y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON128_f(x1)), rk2); - y2 = _mm_xor_si128(_mm_xor_si128(y2, SIMON128_f(x2)), rk2); - y3 = _mm_xor_si128(_mm_xor_si128(y3, SIMON128_f(x3)), rk2); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = _mm_unpacklo_epi64(y1, x1); - block1 = _mm_unpackhi_epi64(y1, x1); - block2 = _mm_unpacklo_epi64(y2, x2); - block3 = _mm_unpackhi_epi64(y2, x2); - block4 = _mm_unpacklo_epi64(y3, x3); - block5 = _mm_unpackhi_epi64(y3, x3); -} - -#endif // CRYPTOPP_SSSE3_AVAILABLE - -#if defined(CRYPTOPP_SSE41_AVAILABLE) - -template -inline __m128i RotateLeft32(const __m128i& val) -{ - return _mm_or_si128( - _mm_slli_epi32(val, R), _mm_srli_epi32(val, 32-R)); -} - -template -inline __m128i RotateRight32(const __m128i& val) -{ - return _mm_or_si128( - _mm_slli_epi32(val, 32-R), _mm_srli_epi32(val, R)); -} - -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline __m128i RotateLeft32<8>(const __m128i& val) -{ - const __m128i mask = _mm_set_epi8(14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3); - return _mm_shuffle_epi8(val, mask); -} - -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline __m128i RotateRight32<8>(const __m128i& val) -{ - const __m128i mask = _mm_set_epi8(12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1); - return _mm_shuffle_epi8(val, mask); -} - -inline __m128i SIMON64_f(const __m128i& v) -{ - return _mm_xor_si128(RotateLeft32<2>(v), - _mm_and_si128(RotateLeft32<1>(v), RotateLeft32<8>(v))); -} - -inline void GCC_NO_UBSAN SIMON64_Enc_Block(__m128i &block0, __m128i &block1, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. Thanks to Peter Cordes for help with the - // SSE permutes below. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - const __m128 t0 = _mm_castsi128_ps(block0); - const __m128 t1 = _mm_castsi128_ps(block1); - __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); - __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); - - for (int i = 0; i < static_cast(rounds & ~1)-1; i += 2) - { - const __m128i rk1 = _mm_set1_epi32(subkeys[i]); - y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON64_f(x1)), rk1); - - const __m128i rk2 = _mm_set1_epi32(subkeys[i+1]); - x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON64_f(y1)), rk2); - } - - if (rounds & 1) - { - const __m128i rk = _mm_set1_epi32(subkeys[rounds-1]); - y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON64_f(x1)), rk); - Swap128(x1, y1); - } - - // The is roughly the SSE equivalent to ARM vzp32 - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = _mm_unpacklo_epi32(y1, x1); - block1 = _mm_unpackhi_epi32(y1, x1); -} - -inline void GCC_NO_UBSAN SIMON64_Dec_Block(__m128i &block0, __m128i &block1, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. Thanks to Peter Cordes for help with the - // SSE permutes below. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - const __m128 t0 = _mm_castsi128_ps(block0); - const __m128 t1 = _mm_castsi128_ps(block1); - __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); - __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); - - if (rounds & 1) - { - Swap128(x1, y1); - const __m128i rk = _mm_set1_epi32(subkeys[rounds-1]); - y1 = _mm_xor_si128(_mm_xor_si128(y1, rk), SIMON64_f(x1)); - rounds--; - } - - for (int i = static_cast(rounds-2); i >= 0; i -= 2) - { - const __m128i rk1 = _mm_set1_epi32(subkeys[i+1]); - x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON64_f(y1)), rk1); - - const __m128i rk2 = _mm_set1_epi32(subkeys[i]); - y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON64_f(x1)), rk2); - } - - // The is roughly the SSE equivalent to ARM vzp32 - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = _mm_unpacklo_epi32(y1, x1); - block1 = _mm_unpackhi_epi32(y1, x1); -} - -inline void GCC_NO_UBSAN SIMON64_Enc_6_Blocks(__m128i &block0, __m128i &block1, - __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. Thanks to Peter Cordes for help with the - // SSE permutes below. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - const __m128 t0 = _mm_castsi128_ps(block0); - const __m128 t1 = _mm_castsi128_ps(block1); - __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); - __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); - - const __m128 t2 = _mm_castsi128_ps(block2); - const __m128 t3 = _mm_castsi128_ps(block3); - __m128i x2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(3,1,3,1))); - __m128i y2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(2,0,2,0))); - - const __m128 t4 = _mm_castsi128_ps(block4); - const __m128 t5 = _mm_castsi128_ps(block5); - __m128i x3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(3,1,3,1))); - __m128i y3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(2,0,2,0))); - - for (int i = 0; i < static_cast(rounds & ~1)-1; i += 2) - { - const __m128i rk1 = _mm_set1_epi32(subkeys[i]); - y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON64_f(x1)), rk1); - y2 = _mm_xor_si128(_mm_xor_si128(y2, SIMON64_f(x2)), rk1); - y3 = _mm_xor_si128(_mm_xor_si128(y3, SIMON64_f(x3)), rk1); - - const __m128i rk2 = _mm_set1_epi32(subkeys[i+1]); - x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON64_f(y1)), rk2); - x2 = _mm_xor_si128(_mm_xor_si128(x2, SIMON64_f(y2)), rk2); - x3 = _mm_xor_si128(_mm_xor_si128(x3, SIMON64_f(y3)), rk2); - } - - if (rounds & 1) - { - const __m128i rk = _mm_set1_epi32(subkeys[rounds-1]); - y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON64_f(x1)), rk); - y2 = _mm_xor_si128(_mm_xor_si128(y2, SIMON64_f(x2)), rk); - y3 = _mm_xor_si128(_mm_xor_si128(y3, SIMON64_f(x3)), rk); - Swap128(x1, y1); Swap128(x2, y2); Swap128(x3, y3); - } - - // The is roughly the SSE equivalent to ARM vzp32 - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = _mm_unpacklo_epi32(y1, x1); - block1 = _mm_unpackhi_epi32(y1, x1); - block2 = _mm_unpacklo_epi32(y2, x2); - block3 = _mm_unpackhi_epi32(y2, x2); - block4 = _mm_unpacklo_epi32(y3, x3); - block5 = _mm_unpackhi_epi32(y3, x3); -} - -inline void GCC_NO_UBSAN SIMON64_Dec_6_Blocks(__m128i &block0, __m128i &block1, - __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. Thanks to Peter Cordes for help with the - // SSE permutes below. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - const __m128 t0 = _mm_castsi128_ps(block0); - const __m128 t1 = _mm_castsi128_ps(block1); - __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); - __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); - - const __m128 t2 = _mm_castsi128_ps(block2); - const __m128 t3 = _mm_castsi128_ps(block3); - __m128i x2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(3,1,3,1))); - __m128i y2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(2,0,2,0))); - - const __m128 t4 = _mm_castsi128_ps(block4); - const __m128 t5 = _mm_castsi128_ps(block5); - __m128i x3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(3,1,3,1))); - __m128i y3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(2,0,2,0))); - - if (rounds & 1) - { - Swap128(x1, y1); Swap128(x2, y2); Swap128(x3, y3); - const __m128i rk = _mm_set1_epi32(subkeys[rounds-1]); - y1 = _mm_xor_si128(_mm_xor_si128(y1, rk), SIMON64_f(x1)); - y2 = _mm_xor_si128(_mm_xor_si128(y2, rk), SIMON64_f(x2)); - y3 = _mm_xor_si128(_mm_xor_si128(y3, rk), SIMON64_f(x3)); - rounds--; - } - - for (int i = static_cast(rounds-2); i >= 0; i -= 2) - { - const __m128i rk1 = _mm_set1_epi32(subkeys[i+1]); - x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON64_f(y1)), rk1); - x2 = _mm_xor_si128(_mm_xor_si128(x2, SIMON64_f(y2)), rk1); - x3 = _mm_xor_si128(_mm_xor_si128(x3, SIMON64_f(y3)), rk1); - - const __m128i rk2 = _mm_set1_epi32(subkeys[i]); - y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON64_f(x1)), rk2); - y2 = _mm_xor_si128(_mm_xor_si128(y2, SIMON64_f(x2)), rk2); - y3 = _mm_xor_si128(_mm_xor_si128(y3, SIMON64_f(x3)), rk2); - } - - // The is roughly the SSE equivalent to ARM vzp32 - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = _mm_unpacklo_epi32(y1, x1); - block1 = _mm_unpackhi_epi32(y1, x1); - block2 = _mm_unpacklo_epi32(y2, x2); - block3 = _mm_unpackhi_epi32(y2, x2); - block4 = _mm_unpacklo_epi32(y3, x3); - block5 = _mm_unpackhi_epi32(y3, x3); -} - -#endif // CRYPTOPP_SSE41_AVAILABLE - -ANONYMOUS_NAMESPACE_END - -/////////////////////////////////////////////////////////////////////// - -NAMESPACE_BEGIN(CryptoPP) - -// *************************** ARM NEON **************************** // - -#if (CRYPTOPP_ARM_NEON_AVAILABLE) -size_t SIMON64_Enc_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks64_6x2_NEON(SIMON64_Enc_Block, SIMON64_Enc_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} - -size_t SIMON64_Dec_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks64_6x2_NEON(SIMON64_Dec_Block, SIMON64_Dec_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} -#endif // CRYPTOPP_ARM_NEON_AVAILABLE - -#if (CRYPTOPP_ARM_NEON_AVAILABLE) -size_t SIMON128_Enc_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks128_6x2_NEON(SIMON128_Enc_Block, SIMON128_Enc_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} - -size_t SIMON128_Dec_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks128_6x2_NEON(SIMON128_Dec_Block, SIMON128_Dec_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} -#endif // CRYPTOPP_ARM_NEON_AVAILABLE - -// ***************************** IA-32 ***************************** // - -#if defined(CRYPTOPP_SSE41_AVAILABLE) -size_t SIMON64_Enc_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks64_6x2_SSE(SIMON64_Enc_Block, SIMON64_Enc_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} - -size_t SIMON64_Dec_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks64_6x2_SSE(SIMON64_Dec_Block, SIMON64_Dec_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} -#endif - -#if defined(CRYPTOPP_SSSE3_AVAILABLE) -size_t SIMON128_Enc_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks128_6x2_SSE(SIMON128_Enc_Block, SIMON128_Enc_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} - -size_t SIMON128_Dec_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks128_6x2_SSE(SIMON128_Dec_Block, SIMON128_Dec_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} -#endif // CRYPTOPP_SSSE3_AVAILABLE - -NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/simon.cpp b/vendor/cryptopp/vendor_cryptopp/simon.cpp index 82b7ef4f..099cd7a2 100644 --- a/vendor/cryptopp/vendor_cryptopp/simon.cpp +++ b/vendor/cryptopp/vendor_cryptopp/simon.cpp @@ -99,7 +99,8 @@ inline void SIMON64_ExpandKey_3W(word32 key[42], const word32 k[3]) key[0] = k[2]; key[1] = k[1]; key[2] = k[0]; for (size_t i = 3; i<42; ++i) { - key[i] = c ^ (z & 1) ^ key[i - 3] ^ rotrConstant<3>(key[i - 1]) ^ rotrConstant<4>(key[i - 1]); + key[i] = static_cast(c ^ (z & 1) ^ key[i - 3] ^ + rotrConstant<3>(key[i - 1]) ^ rotrConstant<4>(key[i - 1])); z >>= 1; } } @@ -117,7 +118,9 @@ inline void SIMON64_ExpandKey_4W(word32 key[44], const word32 k[4]) key[0] = k[3]; key[1] = k[2]; key[2] = k[1]; key[3] = k[0]; for (size_t i = 4; i<44; ++i) { - key[i] = c ^ (z & 1) ^ key[i - 4] ^ rotrConstant<3>(key[i - 1]) ^ key[i - 3] ^ rotrConstant<4>(key[i - 1]) ^ rotrConstant<1>(key[i - 3]); + key[i] = static_cast(c ^ (z & 1) ^ key[i - 4] ^ + rotrConstant<3>(key[i - 1]) ^ key[i - 3] ^ rotrConstant<4>(key[i - 1]) ^ + rotrConstant<1>(key[i - 3])); z >>= 1; } } @@ -225,6 +228,45 @@ extern size_t SIMON128_Dec_AdvancedProcessBlocks_SSSE3(const word64* subKeys, si const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); #endif +#if (CRYPTOPP_ALTIVEC_AVAILABLE) +extern size_t SIMON64_Enc_AdvancedProcessBlocks_ALTIVEC(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); + +extern size_t SIMON64_Dec_AdvancedProcessBlocks_ALTIVEC(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); +#endif + +#if (CRYPTOPP_POWER8_AVAILABLE) +extern size_t SIMON128_Enc_AdvancedProcessBlocks_POWER8(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); + +extern size_t SIMON128_Dec_AdvancedProcessBlocks_POWER8(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); +#endif + +std::string SIMON64::Base::AlgorithmProvider() const +{ +#if (CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS) +# if (CRYPTOPP_SSE41_AVAILABLE) + if (HasSSE41()) + return "SSE4.1"; +# endif +# if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + return "NEON"; +# endif +# if (CRYPTOPP_POWER7_AVAILABLE) + if (HasPower7()) + return "Power7"; +# endif +# if (CRYPTOPP_ALTIVEC_AVAILABLE) + if (HasAltivec()) + return "Altivec"; +# endif +#endif + return "C++"; +} + void SIMON64::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms) { CRYPTOPP_ASSERT(keyLength == 12 || keyLength == 16); @@ -236,7 +278,7 @@ void SIMON64::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, m_wspace.New(4U); // Do the endian gyrations from the paper and align pointers - typedef GetBlock KeyBlock; + typedef GetBlock KeyBlock; KeyBlock kblk(userKey); switch (m_kwords) @@ -254,12 +296,18 @@ void SIMON64::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, default: CRYPTOPP_ASSERT(0);; } + + // Altivec loads the current subkey as a 16-byte vector + // The extra elements ensure memory backs the last subkey. +#if CRYPTOPP_ALTIVEC_AVAILABLE + m_rkeys.Grow(m_rkeys.size()+4); +#endif } void SIMON64::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const { // Do the endian gyrations from the paper and align pointers - typedef GetBlock InBlock; + typedef GetBlock InBlock; InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]); switch (m_rounds) @@ -275,14 +323,14 @@ void SIMON64::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, } // Do the endian gyrations from the paper and align pointers - typedef PutBlock OutBlock; + typedef PutBlock OutBlock; OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]); } void SIMON64::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const { // Do the endian gyrations from the paper and align pointers - typedef GetBlock InBlock; + typedef GetBlock InBlock; InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]); switch (m_rounds) @@ -298,12 +346,31 @@ void SIMON64::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, } // Do the endian gyrations from the paper and align pointers - typedef PutBlock OutBlock; + typedef PutBlock OutBlock; OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]); } /////////////////////////////////////////////////////////// +std::string SIMON128::Base::AlgorithmProvider() const +{ +#if (CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS) +# if (CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) + return "SSSE3"; +# endif +# if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + return "NEON"; +# endif +# if (CRYPTOPP_POWER8_AVAILABLE) + if (HasPower8()) + return "Power8"; +# endif +#endif + return "C++"; +} + void SIMON128::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms) { CRYPTOPP_ASSERT(keyLength == 16 || keyLength == 24 || keyLength == 32); @@ -315,7 +382,7 @@ void SIMON128::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength m_wspace.New(4U); // Do the endian gyrations from the paper and align pointers - typedef GetBlock KeyBlock; + typedef GetBlock KeyBlock; KeyBlock kblk(userKey); switch (m_kwords) @@ -343,7 +410,7 @@ void SIMON128::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength void SIMON128::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const { // Do the endian gyrations from the paper and align pointers - typedef GetBlock InBlock; + typedef GetBlock InBlock; InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]); switch (m_rounds) @@ -362,14 +429,14 @@ void SIMON128::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock } // Do the endian gyrations from the paper and align pointers - typedef PutBlock OutBlock; + typedef PutBlock OutBlock; OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]); } void SIMON128::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const { // Do the endian gyrations from the paper and align pointers - typedef GetBlock InBlock; + typedef GetBlock InBlock; InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]); switch (m_rounds) @@ -388,7 +455,7 @@ void SIMON128::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock } // Do the endian gyrations from the paper and align pointers - typedef PutBlock OutBlock; + typedef PutBlock OutBlock; OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]); } @@ -405,6 +472,11 @@ size_t SIMON64::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xor if (HasNEON()) return SIMON64_Enc_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds, inBlocks, xorBlocks, outBlocks, length, flags); +#endif +#if (CRYPTOPP_ALTIVEC_AVAILABLE) + if (HasAltivec()) + return SIMON64_Enc_AdvancedProcessBlocks_ALTIVEC(m_rkeys, (size_t)m_rounds, + inBlocks, xorBlocks, outBlocks, length, flags); #endif return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); } @@ -421,6 +493,11 @@ size_t SIMON64::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xor if (HasNEON()) return SIMON64_Dec_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds, inBlocks, xorBlocks, outBlocks, length, flags); +#endif +#if (CRYPTOPP_ALTIVEC_AVAILABLE) + if (HasAltivec()) + return SIMON64_Dec_AdvancedProcessBlocks_ALTIVEC(m_rkeys, (size_t)m_rounds, + inBlocks, xorBlocks, outBlocks, length, flags); #endif return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); } @@ -439,6 +516,11 @@ size_t SIMON128::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xo if (HasNEON()) return SIMON128_Enc_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds, inBlocks, xorBlocks, outBlocks, length, flags); +#endif +#if (CRYPTOPP_POWER8_AVAILABLE) + if (HasPower8()) + return SIMON128_Enc_AdvancedProcessBlocks_POWER8(m_rkeys, (size_t)m_rounds, + inBlocks, xorBlocks, outBlocks, length, flags); #endif return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); } @@ -455,6 +537,11 @@ size_t SIMON128::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xo if (HasNEON()) return SIMON128_Dec_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds, inBlocks, xorBlocks, outBlocks, length, flags); +#endif +#if (CRYPTOPP_POWER8_AVAILABLE) + if (HasPower8()) + return SIMON128_Dec_AdvancedProcessBlocks_POWER8(m_rkeys, (size_t)m_rounds, + inBlocks, xorBlocks, outBlocks, length, flags); #endif return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); } diff --git a/vendor/cryptopp/vendor_cryptopp/simon.h b/vendor/cryptopp/vendor_cryptopp/simon.h index 3ecd0318..2bcb0e5e 100644 --- a/vendor/cryptopp/vendor_cryptopp/simon.h +++ b/vendor/cryptopp/vendor_cryptopp/simon.h @@ -17,14 +17,25 @@ #include "seckey.h" #include "secblock.h" -#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64 +#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || \ + CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8 || \ + CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64 # define CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS 1 #endif -#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64 +#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || \ + CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8 || \ + CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64 # define CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS 1 #endif +// Yet another SunStudio/SunCC workaround. Failed self tests +// in SSE code paths on i386 for SunStudio 12.3 and below. +#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5120) +# undef CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS +# undef CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS +#endif + NAMESPACE_BEGIN(CryptoPP) /// \brief SIMON block cipher information @@ -36,6 +47,10 @@ NAMESPACE_BEGIN(CryptoPP) template struct SIMON_Info : public FixedBlockSize, VariableKeyLength { + /// \brief The algorithm name + /// \returns the algorithm name + /// \details StaticAlgorithmName returns the algorithm's name as a static + /// member function. static const std::string StaticAlgorithmName() { // Format is Cipher-Blocksize(Keylength) @@ -52,7 +67,7 @@ template struct SIMON_Base { virtual ~SIMON_Base() {} -SIMON_Base() : m_kwords(0), m_rounds(0) {} + SIMON_Base() : m_kwords(0), m_rounds(0) {} typedef SecBlock > AlignedSecBlock; mutable AlignedSecBlock m_wspace; // workspace @@ -79,35 +94,41 @@ public: class CRYPTOPP_NO_VTABLE Base : protected SIMON_Base, public BlockCipherImpl > { public: + /// \brief The algorithm name + /// \returns the algorithm name + /// \details AlgorithmName returns the algorithm's name as a + /// member function. std::string AlgorithmName() const { return StaticAlgorithmName() + (m_kwords == 0 ? "" : "(" + IntToString(m_kwords*sizeof(word32)*8) + ")"); } + std::string AlgorithmProvider() const; + protected: void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Enc provides implementation for encryption transformation. All key /// sizes are supported. /// \since Crypto++ 6.0 class CRYPTOPP_NO_VTABLE Enc : public Base { - protected: + public: void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; #if CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; #endif }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Dec provides implementation for decryption transformation. All key /// sizes are supported. /// \since Crypto++ 6.0 class CRYPTOPP_NO_VTABLE Dec : public Base { - protected: + public: void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; #if CRYPTOPP_SIMON64_ADVANCED_PROCESS_BLOCKS size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; @@ -136,35 +157,41 @@ public: class CRYPTOPP_NO_VTABLE Base : protected SIMON_Base, public BlockCipherImpl > { public: + /// \brief The algorithm name + /// \returns the algorithm name + /// \details AlgorithmName returns the algorithm's name as a + /// member function. std::string AlgorithmName() const { return StaticAlgorithmName() + (m_kwords == 0 ? "" : "(" + IntToString(m_kwords*sizeof(word64)*8) + ")"); } + std::string AlgorithmProvider() const; + protected: void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Enc provides implementation for encryption transformation. All key /// sizes are supported. /// \since Crypto++ 6.0 class CRYPTOPP_NO_VTABLE Enc : public Base { - protected: + public: void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; #if CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; #endif }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Dec provides implementation for decryption transformation. All key /// sizes are supported. /// \since Crypto++ 6.0 class CRYPTOPP_NO_VTABLE Dec : public Base { - protected: + public: void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; #if CRYPTOPP_SIMON128_ADVANCED_PROCESS_BLOCKS size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; diff --git a/vendor/cryptopp/vendor_cryptopp/simon128_simd.cpp b/vendor/cryptopp/vendor_cryptopp/simon128_simd.cpp new file mode 100644 index 00000000..c3006547 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/simon128_simd.cpp @@ -0,0 +1,833 @@ +// simon-simd.cpp - written and placed in the public domain by Jeffrey Walton +// +// This source file uses intrinsics and built-ins to gain access to +// SSSE3, ARM NEON and ARMv8a, and Power7 Altivec instructions. A separate +// source file is needed because additional CXXFLAGS are required to enable +// the appropriate instructions sets in some build configurations. + +#include "pch.h" +#include "config.h" + +#include "simon.h" +#include "misc.h" +#include "adv_simd.h" + +// Uncomment for benchmarking C++ against SSE or NEON. +// Do so in both simon.cpp and simon-simd.cpp. +// #undef CRYPTOPP_SSSE3_AVAILABLE +// #undef CRYPTOPP_ARM_NEON_AVAILABLE + +#if (CRYPTOPP_SSSE3_AVAILABLE) +# include +# include +#endif + +#if defined(__XOP__) +# include +#endif + +#if defined(__AVX512F__) && defined(__AVX512VL__) +# define CRYPTOPP_AVX512_ROTATE 1 +# include +#endif + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +# include +#endif + +// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many +// compilers don't follow ACLE conventions for the include. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +# include +#endif + +#if defined(CRYPTOPP_POWER7_AVAILABLE) +# include "ppc_simd.h" +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char SIMON128_SIMD_FNAME[] = __FILE__; + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::word64; +using CryptoPP::vec_swap; // SunCC + +// *************************** ARM NEON ************************** // + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + +template +inline T UnpackHigh64(const T& a, const T& b) +{ + const uint64x1_t x(vget_high_u64((uint64x2_t)a)); + const uint64x1_t y(vget_high_u64((uint64x2_t)b)); + return (T)vcombine_u64(x, y); +} + +template +inline T UnpackLow64(const T& a, const T& b) +{ + const uint64x1_t x(vget_low_u64((uint64x2_t)a)); + const uint64x1_t y(vget_low_u64((uint64x2_t)b)); + return (T)vcombine_u64(x, y); +} + +template +inline uint64x2_t RotateLeft64(const uint64x2_t& val) +{ + const uint64x2_t a(vshlq_n_u64(val, R)); + const uint64x2_t b(vshrq_n_u64(val, 64 - R)); + return vorrq_u64(a, b); +} + +template +inline uint64x2_t RotateRight64(const uint64x2_t& val) +{ + const uint64x2_t a(vshlq_n_u64(val, 64 - R)); + const uint64x2_t b(vshrq_n_u64(val, R)); + return vorrq_u64(a, b); +} + +#if defined(__aarch32__) || defined(__aarch64__) +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +inline uint64x2_t RotateLeft64<8>(const uint64x2_t& val) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8_t maskb[16] = { 14,13,12,11, 10,9,8,15, 6,5,4,3, 2,1,0,7 }; + const uint8x16_t mask = vld1q_u8(maskb); +#else + const uint8_t maskb[16] = { 7,0,1,2, 3,4,5,6, 15,8,9,10, 11,12,13,14 }; + const uint8x16_t mask = vld1q_u8(maskb); +#endif + + return vreinterpretq_u64_u8( + vqtbl1q_u8(vreinterpretq_u8_u64(val), mask)); +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +inline uint64x2_t RotateRight64<8>(const uint64x2_t& val) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8_t maskb[16] = { 8,15,14,13, 12,11,10,9, 0,7,6,5, 4,3,2,1 }; + const uint8x16_t mask = vld1q_u8(maskb); +#else + const uint8_t maskb[16] = { 1,2,3,4, 5,6,7,0, 9,10,11,12, 13,14,15,8 }; + const uint8x16_t mask = vld1q_u8(maskb); +#endif + + return vreinterpretq_u64_u8( + vqtbl1q_u8(vreinterpretq_u8_u64(val), mask)); +} +#endif + +inline uint64x2_t SIMON128_f(const uint64x2_t& val) +{ + return veorq_u64(RotateLeft64<2>(val), + vandq_u64(RotateLeft64<1>(val), RotateLeft64<8>(val))); +} + +inline void SIMON128_Enc_Block(uint64x2_t &block0, uint64x2_t &block1, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_t x1 = UnpackHigh64(block0, block1); + uint64x2_t y1 = UnpackLow64(block0, block1); + + for (int i = 0; i < static_cast(rounds & ~1)-1; i += 2) + { + const uint64x2_t rk1 = vld1q_dup_u64(subkeys+i); + y1 = veorq_u64(veorq_u64(y1, SIMON128_f(x1)), rk1); + + const uint64x2_t rk2 = vld1q_dup_u64(subkeys+i+1); + x1 = veorq_u64(veorq_u64(x1, SIMON128_f(y1)), rk2); + } + + if (rounds & 1) + { + const uint64x2_t rk = vld1q_dup_u64(subkeys+rounds-1); + + y1 = veorq_u64(veorq_u64(y1, SIMON128_f(x1)), rk); + std::swap(x1, y1); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = UnpackLow64(y1, x1); + block1 = UnpackHigh64(y1, x1); +} + +inline void SIMON128_Enc_6_Blocks(uint64x2_t &block0, uint64x2_t &block1, + uint64x2_t &block2, uint64x2_t &block3, uint64x2_t &block4, uint64x2_t &block5, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_t x1 = UnpackHigh64(block0, block1); + uint64x2_t y1 = UnpackLow64(block0, block1); + uint64x2_t x2 = UnpackHigh64(block2, block3); + uint64x2_t y2 = UnpackLow64(block2, block3); + uint64x2_t x3 = UnpackHigh64(block4, block5); + uint64x2_t y3 = UnpackLow64(block4, block5); + + for (int i = 0; i < static_cast(rounds & ~1) - 1; i += 2) + { + const uint64x2_t rk1 = vld1q_dup_u64(subkeys+i); + y1 = veorq_u64(veorq_u64(y1, SIMON128_f(x1)), rk1); + y2 = veorq_u64(veorq_u64(y2, SIMON128_f(x2)), rk1); + y3 = veorq_u64(veorq_u64(y3, SIMON128_f(x3)), rk1); + + const uint64x2_t rk2 = vld1q_dup_u64(subkeys+i+1); + x1 = veorq_u64(veorq_u64(x1, SIMON128_f(y1)), rk2); + x2 = veorq_u64(veorq_u64(x2, SIMON128_f(y2)), rk2); + x3 = veorq_u64(veorq_u64(x3, SIMON128_f(y3)), rk2); + } + + if (rounds & 1) + { + const uint64x2_t rk = vld1q_dup_u64(subkeys + rounds - 1); + + y1 = veorq_u64(veorq_u64(y1, SIMON128_f(x1)), rk); + y2 = veorq_u64(veorq_u64(y2, SIMON128_f(x2)), rk); + y3 = veorq_u64(veorq_u64(y3, SIMON128_f(x3)), rk); + std::swap(x1, y1); std::swap(x2, y2); std::swap(x3, y3); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = UnpackLow64(y1, x1); + block1 = UnpackHigh64(y1, x1); + block2 = UnpackLow64(y2, x2); + block3 = UnpackHigh64(y2, x2); + block4 = UnpackLow64(y3, x3); + block5 = UnpackHigh64(y3, x3); +} + +inline void SIMON128_Dec_Block(uint64x2_t &block0, uint64x2_t &block1, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_t x1 = UnpackHigh64(block0, block1); + uint64x2_t y1 = UnpackLow64(block0, block1); + + if (rounds & 1) + { + std::swap(x1, y1); + const uint64x2_t rk = vld1q_dup_u64(subkeys + rounds - 1); + + y1 = veorq_u64(veorq_u64(y1, rk), SIMON128_f(x1)); + rounds--; + } + + for (int i = static_cast(rounds-2); i >= 0; i -= 2) + { + const uint64x2_t rk1 = vld1q_dup_u64(subkeys+i+1); + x1 = veorq_u64(veorq_u64(x1, SIMON128_f(y1)), rk1); + + const uint64x2_t rk2 = vld1q_dup_u64(subkeys+i); + y1 = veorq_u64(veorq_u64(y1, SIMON128_f(x1)), rk2); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = UnpackLow64(y1, x1); + block1 = UnpackHigh64(y1, x1); +} + +inline void SIMON128_Dec_6_Blocks(uint64x2_t &block0, uint64x2_t &block1, + uint64x2_t &block2, uint64x2_t &block3, uint64x2_t &block4, uint64x2_t &block5, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_t x1 = UnpackHigh64(block0, block1); + uint64x2_t y1 = UnpackLow64(block0, block1); + uint64x2_t x2 = UnpackHigh64(block2, block3); + uint64x2_t y2 = UnpackLow64(block2, block3); + uint64x2_t x3 = UnpackHigh64(block4, block5); + uint64x2_t y3 = UnpackLow64(block4, block5); + + if (rounds & 1) + { + std::swap(x1, y1); std::swap(x2, y2); std::swap(x3, y3); + const uint64x2_t rk = vld1q_dup_u64(subkeys + rounds - 1); + + y1 = veorq_u64(veorq_u64(y1, rk), SIMON128_f(x1)); + y2 = veorq_u64(veorq_u64(y2, rk), SIMON128_f(x2)); + y3 = veorq_u64(veorq_u64(y3, rk), SIMON128_f(x3)); + rounds--; + } + + for (int i = static_cast(rounds-2); i >= 0; i -= 2) + { + const uint64x2_t rk1 = vld1q_dup_u64(subkeys + i + 1); + x1 = veorq_u64(veorq_u64(x1, SIMON128_f(y1)), rk1); + x2 = veorq_u64(veorq_u64(x2, SIMON128_f(y2)), rk1); + x3 = veorq_u64(veorq_u64(x3, SIMON128_f(y3)), rk1); + + const uint64x2_t rk2 = vld1q_dup_u64(subkeys + i); + y1 = veorq_u64(veorq_u64(y1, SIMON128_f(x1)), rk2); + y2 = veorq_u64(veorq_u64(y2, SIMON128_f(x2)), rk2); + y3 = veorq_u64(veorq_u64(y3, SIMON128_f(x3)), rk2); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = UnpackLow64(y1, x1); + block1 = UnpackHigh64(y1, x1); + block2 = UnpackLow64(y2, x2); + block3 = UnpackHigh64(y2, x2); + block4 = UnpackLow64(y3, x3); + block5 = UnpackHigh64(y3, x3); +} + +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +// ***************************** IA-32 ***************************** // + +#if defined(CRYPTOPP_SSSE3_AVAILABLE) + +// Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670 +#ifndef M128_CAST +# define M128_CAST(x) ((__m128i *)(void *)(x)) +#endif +#ifndef CONST_M128_CAST +# define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) +#endif + +// GCC double casts, https://www.spinics.net/lists/gcchelp/msg47735.html +#ifndef DOUBLE_CAST +# define DOUBLE_CAST(x) ((double *)(void *)(x)) +#endif +#ifndef CONST_DOUBLE_CAST +# define CONST_DOUBLE_CAST(x) ((const double *)(const void *)(x)) +#endif + +inline void Swap128(__m128i& a,__m128i& b) +{ +#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5120) + // __m128i is an unsigned long long[2], and support for swapping it was not added until C++11. + // SunCC 12.1 - 12.3 fail to consume the swap; while SunCC 12.4 consumes it without -std=c++11. + vec_swap(a, b); +#else + std::swap(a, b); +#endif +} + +template +inline __m128i RotateLeft64(const __m128i& val) +{ +#if defined(CRYPTOPP_AVX512_ROTATE) + return _mm_rol_epi64(val, R); +#elif defined(__XOP__) + return _mm_roti_epi64(val, R); +#else + return _mm_or_si128( + _mm_slli_epi64(val, R), _mm_srli_epi64(val, 64-R)); +#endif +} + +template +inline __m128i RotateRight64(const __m128i& val) +{ +#if defined(CRYPTOPP_AVX512_ROTATE) + return _mm_ror_epi64(val, R); +#elif defined(__XOP__) + return _mm_roti_epi64(val, 64-R); +#else + return _mm_or_si128( + _mm_slli_epi64(val, 64-R), _mm_srli_epi64(val, R)); +#endif +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +__m128i RotateLeft64<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi64(val, 8); +#else + const __m128i mask = _mm_set_epi8(14,13,12,11, 10,9,8,15, 6,5,4,3, 2,1,0,7); + return _mm_shuffle_epi8(val, mask); +#endif +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +__m128i RotateRight64<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi64(val, 64-8); +#else + const __m128i mask = _mm_set_epi8(8,15,14,13, 12,11,10,9, 0,7,6,5, 4,3,2,1); + return _mm_shuffle_epi8(val, mask); +#endif +} + +inline __m128i SIMON128_f(const __m128i& v) +{ + return _mm_xor_si128(RotateLeft64<2>(v), + _mm_and_si128(RotateLeft64<1>(v), RotateLeft64<8>(v))); +} + +inline void SIMON128_Enc_Block(__m128i &block0, __m128i &block1, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + __m128i x1 = _mm_unpackhi_epi64(block0, block1); + __m128i y1 = _mm_unpacklo_epi64(block0, block1); + + for (int i = 0; i < static_cast(rounds & ~1)-1; i += 2) + { + const __m128i rk1 = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i))); + y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON128_f(x1)), rk1); + + const __m128i rk2 = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i+1))); + x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON128_f(y1)), rk2); + } + + if (rounds & 1) + { + const __m128i rk = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+rounds-1))); + + y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON128_f(x1)), rk); + Swap128(x1, y1); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = _mm_unpacklo_epi64(y1, x1); + block1 = _mm_unpackhi_epi64(y1, x1); +} + +inline void SIMON128_Enc_6_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + __m128i x1 = _mm_unpackhi_epi64(block0, block1); + __m128i y1 = _mm_unpacklo_epi64(block0, block1); + __m128i x2 = _mm_unpackhi_epi64(block2, block3); + __m128i y2 = _mm_unpacklo_epi64(block2, block3); + __m128i x3 = _mm_unpackhi_epi64(block4, block5); + __m128i y3 = _mm_unpacklo_epi64(block4, block5); + + for (int i = 0; i < static_cast(rounds & ~1) - 1; i += 2) + { + const __m128i rk1 = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys + i))); + y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON128_f(x1)), rk1); + y2 = _mm_xor_si128(_mm_xor_si128(y2, SIMON128_f(x2)), rk1); + y3 = _mm_xor_si128(_mm_xor_si128(y3, SIMON128_f(x3)), rk1); + + const __m128i rk2 = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys + i + 1))); + x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON128_f(y1)), rk2); + x2 = _mm_xor_si128(_mm_xor_si128(x2, SIMON128_f(y2)), rk2); + x3 = _mm_xor_si128(_mm_xor_si128(x3, SIMON128_f(y3)), rk2); + } + + if (rounds & 1) + { + const __m128i rk = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys + rounds - 1))); + y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON128_f(x1)), rk); + y2 = _mm_xor_si128(_mm_xor_si128(y2, SIMON128_f(x2)), rk); + y3 = _mm_xor_si128(_mm_xor_si128(y3, SIMON128_f(x3)), rk); + Swap128(x1, y1); Swap128(x2, y2); Swap128(x3, y3); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = _mm_unpacklo_epi64(y1, x1); + block1 = _mm_unpackhi_epi64(y1, x1); + block2 = _mm_unpacklo_epi64(y2, x2); + block3 = _mm_unpackhi_epi64(y2, x2); + block4 = _mm_unpacklo_epi64(y3, x3); + block5 = _mm_unpackhi_epi64(y3, x3); +} + +inline void SIMON128_Dec_Block(__m128i &block0, __m128i &block1, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + __m128i x1 = _mm_unpackhi_epi64(block0, block1); + __m128i y1 = _mm_unpacklo_epi64(block0, block1); + + if (rounds & 1) + { + const __m128i rk = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys + rounds - 1))); + + Swap128(x1, y1); + y1 = _mm_xor_si128(_mm_xor_si128(y1, rk), SIMON128_f(x1)); + rounds--; + } + + for (int i = static_cast(rounds-2); i >= 0; i -= 2) + { + const __m128i rk1 = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i+1))); + x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON128_f(y1)), rk1); + + const __m128i rk2 = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i))); + y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON128_f(x1)), rk2); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = _mm_unpacklo_epi64(y1, x1); + block1 = _mm_unpackhi_epi64(y1, x1); +} + +inline void SIMON128_Dec_6_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + __m128i x1 = _mm_unpackhi_epi64(block0, block1); + __m128i y1 = _mm_unpacklo_epi64(block0, block1); + __m128i x2 = _mm_unpackhi_epi64(block2, block3); + __m128i y2 = _mm_unpacklo_epi64(block2, block3); + __m128i x3 = _mm_unpackhi_epi64(block4, block5); + __m128i y3 = _mm_unpacklo_epi64(block4, block5); + + if (rounds & 1) + { + const __m128i rk = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys + rounds - 1))); + + Swap128(x1, y1); Swap128(x2, y2); Swap128(x3, y3); + y1 = _mm_xor_si128(_mm_xor_si128(y1, rk), SIMON128_f(x1)); + y2 = _mm_xor_si128(_mm_xor_si128(y2, rk), SIMON128_f(x2)); + y3 = _mm_xor_si128(_mm_xor_si128(y3, rk), SIMON128_f(x3)); + rounds--; + } + + for (int i = static_cast(rounds-2); i >= 0; i -= 2) + { + const __m128i rk1 = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys + i + 1))); + x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON128_f(y1)), rk1); + x2 = _mm_xor_si128(_mm_xor_si128(x2, SIMON128_f(y2)), rk1); + x3 = _mm_xor_si128(_mm_xor_si128(x3, SIMON128_f(y3)), rk1); + + const __m128i rk2 = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys + i))); + y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON128_f(x1)), rk2); + y2 = _mm_xor_si128(_mm_xor_si128(y2, SIMON128_f(x2)), rk2); + y3 = _mm_xor_si128(_mm_xor_si128(y3, SIMON128_f(x3)), rk2); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = _mm_unpacklo_epi64(y1, x1); + block1 = _mm_unpackhi_epi64(y1, x1); + block2 = _mm_unpacklo_epi64(y2, x2); + block3 = _mm_unpackhi_epi64(y2, x2); + block4 = _mm_unpacklo_epi64(y3, x3); + block5 = _mm_unpackhi_epi64(y3, x3); +} + +#endif // CRYPTOPP_SSSE3_AVAILABLE + +// ***************************** Power8 ***************************** // + +#if defined(CRYPTOPP_POWER8_AVAILABLE) + +using CryptoPP::uint8x16_p; +using CryptoPP::uint32x4_p; +using CryptoPP::uint64x2_p; + +using CryptoPP::VecAnd; +using CryptoPP::VecXor; +using CryptoPP::VecPermute; + +// Rotate left by bit count +template +inline uint64x2_p RotateLeft64(const uint64x2_p val) +{ + const uint64x2_p m = {C, C}; + return vec_rl(val, m); +} + +// Rotate right by bit count +template +inline uint64x2_p RotateRight64(const uint64x2_p val) +{ + const uint64x2_p m = {64-C, 64-C}; + return vec_rl(val, m); +} + +inline uint64x2_p SIMON128_f(const uint64x2_p val) +{ + return VecXor(RotateLeft64<2>(val), + VecAnd(RotateLeft64<1>(val), RotateLeft64<8>(val))); +} + +inline void SIMON128_Enc_Block(uint32x4_p &block, const word64 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + const uint8x16_p m2 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m1 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + const uint8x16_p m2 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_p x1 = (uint64x2_p)VecPermute(block, block, m1); + uint64x2_p y1 = (uint64x2_p)VecPermute(block, block, m2); + + for (int i = 0; i < static_cast(rounds & ~1)-1; i += 2) + { + const uint64x2_p rk1 = vec_splats((unsigned long long)subkeys[i]); + y1 = VecXor(VecXor(y1, SIMON128_f(x1)), rk1); + + const uint64x2_p rk2 = vec_splats((unsigned long long)subkeys[i+1]); + x1 = VecXor(VecXor(x1, SIMON128_f(y1)), rk2); + } + + if (rounds & 1) + { + const uint64x2_p rk = vec_splats((unsigned long long)subkeys[rounds-1]); + y1 = VecXor(VecXor(y1, SIMON128_f(x1)), rk); + std::swap(x1, y1); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + //const uint8x16_p m4 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m3 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + //const uint8x16_p m4 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block = (uint32x4_p)VecPermute(x1, y1, m3); +} + +inline void SIMON128_Dec_Block(uint32x4_p &block, const word64 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + const uint8x16_p m2 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m1 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + const uint8x16_p m2 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_p x1 = (uint64x2_p)VecPermute(block, block, m1); + uint64x2_p y1 = (uint64x2_p)VecPermute(block, block, m2); + + if (rounds & 1) + { + std::swap(x1, y1); + const uint64x2_p rk = vec_splats((unsigned long long)subkeys[rounds-1]); + y1 = VecXor(VecXor(y1, rk), SIMON128_f(x1)); + rounds--; + } + + for (int i = static_cast(rounds-2); i >= 0; i -= 2) + { + const uint64x2_p rk1 = vec_splats((unsigned long long)subkeys[i+1]); + x1 = VecXor(VecXor(x1, SIMON128_f(y1)), rk1); + + const uint64x2_p rk2 = vec_splats((unsigned long long)subkeys[i]); + y1 = VecXor(VecXor(y1, SIMON128_f(x1)), rk2); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + //const uint8x16_p m4 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m3 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + //const uint8x16_p m4 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block = (uint32x4_p)VecPermute(x1, y1, m3); +} + +inline void SIMON128_Enc_6_Blocks(uint32x4_p &block0, uint32x4_p &block1, + uint32x4_p &block2, uint32x4_p &block3, uint32x4_p &block4, + uint32x4_p &block5, const word64 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + const uint8x16_p m2 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m1 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + const uint8x16_p m2 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_p x1 = (uint64x2_p)VecPermute(block0, block1, m1); + uint64x2_p y1 = (uint64x2_p)VecPermute(block0, block1, m2); + uint64x2_p x2 = (uint64x2_p)VecPermute(block2, block3, m1); + uint64x2_p y2 = (uint64x2_p)VecPermute(block2, block3, m2); + uint64x2_p x3 = (uint64x2_p)VecPermute(block4, block5, m1); + uint64x2_p y3 = (uint64x2_p)VecPermute(block4, block5, m2); + + for (int i = 0; i < static_cast(rounds & ~1)-1; i += 2) + { + const uint64x2_p rk1 = vec_splats((unsigned long long)subkeys[i]); + y1 = VecXor(VecXor(y1, SIMON128_f(x1)), rk1); + y2 = VecXor(VecXor(y2, SIMON128_f(x2)), rk1); + y3 = VecXor(VecXor(y3, SIMON128_f(x3)), rk1); + + const uint64x2_p rk2 = vec_splats((unsigned long long)subkeys[i+1]); + x1 = VecXor(VecXor(x1, SIMON128_f(y1)), rk2); + x2 = VecXor(VecXor(x2, SIMON128_f(y2)), rk2); + x3 = VecXor(VecXor(x3, SIMON128_f(y3)), rk2); + } + + if (rounds & 1) + { + const uint64x2_p rk = vec_splats((unsigned long long)subkeys[rounds-1]); + y1 = VecXor(VecXor(y1, SIMON128_f(x1)), rk); + y2 = VecXor(VecXor(y2, SIMON128_f(x2)), rk); + y3 = VecXor(VecXor(y3, SIMON128_f(x3)), rk); + std::swap(x1, y1); std::swap(x2, y2); std::swap(x3, y3); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + const uint8x16_p m4 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m3 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + const uint8x16_p m4 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = (uint32x4_p)VecPermute(x1, y1, m3); + block1 = (uint32x4_p)VecPermute(x1, y1, m4); + block2 = (uint32x4_p)VecPermute(x2, y2, m3); + block3 = (uint32x4_p)VecPermute(x2, y2, m4); + block4 = (uint32x4_p)VecPermute(x3, y3, m3); + block5 = (uint32x4_p)VecPermute(x3, y3, m4); +} + +inline void SIMON128_Dec_6_Blocks(uint32x4_p &block0, uint32x4_p &block1, + uint32x4_p &block2, uint32x4_p &block3, uint32x4_p &block4, + uint32x4_p &block5, const word64 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + const uint8x16_p m2 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m1 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + const uint8x16_p m2 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_p x1 = (uint64x2_p)VecPermute(block0, block1, m1); + uint64x2_p y1 = (uint64x2_p)VecPermute(block0, block1, m2); + uint64x2_p x2 = (uint64x2_p)VecPermute(block2, block3, m1); + uint64x2_p y2 = (uint64x2_p)VecPermute(block2, block3, m2); + uint64x2_p x3 = (uint64x2_p)VecPermute(block4, block5, m1); + uint64x2_p y3 = (uint64x2_p)VecPermute(block4, block5, m2); + + if (rounds & 1) + { + std::swap(x1, y1); std::swap(x2, y2); std::swap(x3, y3); + const uint64x2_p rk = vec_splats((unsigned long long)subkeys[rounds-1]); + y1 = VecXor(VecXor(y1, rk), SIMON128_f(x1)); + y2 = VecXor(VecXor(y2, rk), SIMON128_f(x2)); + y3 = VecXor(VecXor(y3, rk), SIMON128_f(x3)); + rounds--; + } + + for (int i = static_cast(rounds-2); i >= 0; i -= 2) + { + const uint64x2_p rk1 = vec_splats((unsigned long long)subkeys[i+1]); + x1 = VecXor(VecXor(x1, SIMON128_f(y1)), rk1); + x2 = VecXor(VecXor(x2, SIMON128_f(y2)), rk1); + x3 = VecXor(VecXor(x3, SIMON128_f(y3)), rk1); + + const uint64x2_p rk2 = vec_splats((unsigned long long)subkeys[i]); + y1 = VecXor(VecXor(y1, SIMON128_f(x1)), rk2); + y2 = VecXor(VecXor(y2, SIMON128_f(x2)), rk2); + y3 = VecXor(VecXor(y3, SIMON128_f(x3)), rk2); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + const uint8x16_p m4 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m3 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + const uint8x16_p m4 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = (uint32x4_p)VecPermute(x1, y1, m3); + block1 = (uint32x4_p)VecPermute(x1, y1, m4); + block2 = (uint32x4_p)VecPermute(x2, y2, m3); + block3 = (uint32x4_p)VecPermute(x2, y2, m4); + block4 = (uint32x4_p)VecPermute(x3, y3, m3); + block5 = (uint32x4_p)VecPermute(x3, y3, m4); +} + +#endif // CRYPTOPP_POWER8_AVAILABLE + +ANONYMOUS_NAMESPACE_END + +/////////////////////////////////////////////////////////////////////// + +NAMESPACE_BEGIN(CryptoPP) + +// *************************** ARM NEON **************************** // + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +size_t SIMON128_Enc_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_6x2_NEON(SIMON128_Enc_Block, SIMON128_Enc_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t SIMON128_Dec_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_6x2_NEON(SIMON128_Dec_Block, SIMON128_Dec_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +// ***************************** IA-32 ***************************** // + +#if defined(CRYPTOPP_SSSE3_AVAILABLE) +size_t SIMON128_Enc_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_6x2_SSE(SIMON128_Enc_Block, SIMON128_Enc_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t SIMON128_Dec_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_6x2_SSE(SIMON128_Dec_Block, SIMON128_Dec_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_SSSE3_AVAILABLE + +// ***************************** Power8 ***************************** // + +#if defined(CRYPTOPP_POWER8_AVAILABLE) +size_t SIMON128_Enc_AdvancedProcessBlocks_POWER8(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_6x1_ALTIVEC(SIMON128_Enc_Block, SIMON128_Enc_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t SIMON128_Dec_AdvancedProcessBlocks_POWER8(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_6x1_ALTIVEC(SIMON128_Dec_Block, SIMON128_Dec_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_POWER8_AVAILABLE + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/simon64_simd.cpp b/vendor/cryptopp/vendor_cryptopp/simon64_simd.cpp new file mode 100644 index 00000000..000ae94d --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/simon64_simd.cpp @@ -0,0 +1,884 @@ +// simon-simd.cpp - written and placed in the public domain by Jeffrey Walton +// +// This source file uses intrinsics and built-ins to gain access to +// SSSE3, ARM NEON and ARMv8a, and Altivec instructions. A separate +// source file is needed because additional CXXFLAGS are required to enable +// the appropriate instructions sets in some build configurations. + +#include "pch.h" +#include "config.h" + +#include "simon.h" +#include "misc.h" +#include "adv_simd.h" + +// Uncomment for benchmarking C++ against SSE or NEON. +// Do so in both simon.cpp and simon-simd.cpp. +// #undef CRYPTOPP_SSE41_AVAILABLE +// #undef CRYPTOPP_ARM_NEON_AVAILABLE + +#if (CRYPTOPP_SSSE3_AVAILABLE) +# include +# include +#endif + +#if (CRYPTOPP_SSE41_AVAILABLE) +# include +#endif + +#if defined(__XOP__) +# include +#endif + +#if defined(__AVX512F__) && defined(__AVX512VL__) +# define CRYPTOPP_AVX512_ROTATE 1 +# include +#endif + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +# include +#endif + +// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many +// compilers don't follow ACLE conventions for the include. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +# include +#endif + +#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) +# include "ppc_simd.h" +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char SIMON64_SIMD_FNAME[] = __FILE__; + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::word64; +using CryptoPP::vec_swap; // SunCC + +// *************************** ARM NEON ************************** // + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + +template +inline T UnpackHigh32(const T& a, const T& b) +{ + const uint32x2_t x(vget_high_u32((uint32x4_t)a)); + const uint32x2_t y(vget_high_u32((uint32x4_t)b)); + const uint32x2x2_t r = vzip_u32(x, y); + return (T)vcombine_u32(r.val[0], r.val[1]); +} + +template +inline T UnpackLow32(const T& a, const T& b) +{ + const uint32x2_t x(vget_low_u32((uint32x4_t)a)); + const uint32x2_t y(vget_low_u32((uint32x4_t)b)); + const uint32x2x2_t r = vzip_u32(x, y); + return (T)vcombine_u32(r.val[0], r.val[1]); +} + +template +inline uint32x4_t RotateLeft32(const uint32x4_t& val) +{ + const uint32x4_t a(vshlq_n_u32(val, R)); + const uint32x4_t b(vshrq_n_u32(val, 32 - R)); + return vorrq_u32(a, b); +} + +template +inline uint32x4_t RotateRight32(const uint32x4_t& val) +{ + const uint32x4_t a(vshlq_n_u32(val, 32 - R)); + const uint32x4_t b(vshrq_n_u32(val, R)); + return vorrq_u32(a, b); +} + +#if defined(__aarch32__) || defined(__aarch64__) +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +inline uint32x4_t RotateLeft32<8>(const uint32x4_t& val) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8_t maskb[16] = { 14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3 }; + const uint8x16_t mask = vld1q_u8(maskb); +#else + const uint8_t maskb[16] = { 3,0,1,2, 7,4,5,6, 11,8,9,10, 15,12,13,14 }; + const uint8x16_t mask = vld1q_u8(maskb); +#endif + + return vreinterpretq_u32_u8( + vqtbl1q_u8(vreinterpretq_u8_u32(val), mask)); +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +inline uint32x4_t RotateRight32<8>(const uint32x4_t& val) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8_t maskb[16] = { 12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1 }; + const uint8x16_t mask = vld1q_u8(maskb); +#else + const uint8_t maskb[16] = { 1,2,3,0, 5,6,7,4, 9,10,11,8, 13,14,14,12 }; + const uint8x16_t mask = vld1q_u8(maskb); +#endif + + return vreinterpretq_u32_u8( + vqtbl1q_u8(vreinterpretq_u8_u32(val), mask)); +} +#endif + +inline uint32x4_t SIMON64_f(const uint32x4_t& val) +{ + return veorq_u32(RotateLeft32<2>(val), + vandq_u32(RotateLeft32<1>(val), RotateLeft32<8>(val))); +} + +inline void SIMON64_Enc_Block(uint32x4_t &block1, uint32x4_t &block0, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; + uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; + + for (int i = 0; i < static_cast(rounds & ~1)-1; i += 2) + { + const uint32x4_t rk1 = vld1q_dup_u32(subkeys+i); + y1 = veorq_u32(veorq_u32(y1, SIMON64_f(x1)), rk1); + + const uint32x4_t rk2 = vld1q_dup_u32(subkeys+i+1); + x1 = veorq_u32(veorq_u32(x1, SIMON64_f(y1)), rk2); + } + + if (rounds & 1) + { + const uint32x4_t rk = vld1q_dup_u32(subkeys+rounds-1); + + y1 = veorq_u32(veorq_u32(y1, SIMON64_f(x1)), rk); + std::swap(x1, y1); + } + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = UnpackLow32(y1, x1); + block1 = UnpackHigh32(y1, x1); +} + +inline void SIMON64_Dec_Block(uint32x4_t &block0, uint32x4_t &block1, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; + uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; + + if (rounds & 1) + { + std::swap(x1, y1); + const uint32x4_t rk = vld1q_dup_u32(subkeys + rounds - 1); + + y1 = veorq_u32(veorq_u32(y1, rk), SIMON64_f(x1)); + rounds--; + } + + for (int i = static_cast(rounds-2); i >= 0; i -= 2) + { + const uint32x4_t rk1 = vld1q_dup_u32(subkeys+i+1); + x1 = veorq_u32(veorq_u32(x1, SIMON64_f(y1)), rk1); + + const uint32x4_t rk2 = vld1q_dup_u32(subkeys+i); + y1 = veorq_u32(veorq_u32(y1, SIMON64_f(x1)), rk2); + } + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = UnpackLow32(y1, x1); + block1 = UnpackHigh32(y1, x1); +} + +inline void SIMON64_Enc_6_Blocks(uint32x4_t &block0, uint32x4_t &block1, + uint32x4_t &block2, uint32x4_t &block3, uint32x4_t &block4, uint32x4_t &block5, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; + uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; + uint32x4_t x2 = vuzpq_u32(block2, block3).val[1]; + uint32x4_t y2 = vuzpq_u32(block2, block3).val[0]; + uint32x4_t x3 = vuzpq_u32(block4, block5).val[1]; + uint32x4_t y3 = vuzpq_u32(block4, block5).val[0]; + + for (int i = 0; i < static_cast(rounds & ~1) - 1; i += 2) + { + const uint32x4_t rk1 = vld1q_dup_u32(subkeys+i); + y1 = veorq_u32(veorq_u32(y1, SIMON64_f(x1)), rk1); + y2 = veorq_u32(veorq_u32(y2, SIMON64_f(x2)), rk1); + y3 = veorq_u32(veorq_u32(y3, SIMON64_f(x3)), rk1); + + const uint32x4_t rk2 = vld1q_dup_u32(subkeys+i+1); + x1 = veorq_u32(veorq_u32(x1, SIMON64_f(y1)), rk2); + x2 = veorq_u32(veorq_u32(x2, SIMON64_f(y2)), rk2); + x3 = veorq_u32(veorq_u32(x3, SIMON64_f(y3)), rk2); + } + + if (rounds & 1) + { + const uint32x4_t rk = vld1q_dup_u32(subkeys + rounds - 1); + + y1 = veorq_u32(veorq_u32(y1, SIMON64_f(x1)), rk); + y2 = veorq_u32(veorq_u32(y2, SIMON64_f(x2)), rk); + y3 = veorq_u32(veorq_u32(y3, SIMON64_f(x3)), rk); + std::swap(x1, y1); std::swap(x2, y2); std::swap(x3, y3); + } + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = UnpackLow32(y1, x1); + block1 = UnpackHigh32(y1, x1); + block2 = UnpackLow32(y2, x2); + block3 = UnpackHigh32(y2, x2); + block4 = UnpackLow32(y3, x3); + block5 = UnpackHigh32(y3, x3); +} + +inline void SIMON64_Dec_6_Blocks(uint32x4_t &block0, uint32x4_t &block1, + uint32x4_t &block2, uint32x4_t &block3, uint32x4_t &block4, uint32x4_t &block5, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; + uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; + uint32x4_t x2 = vuzpq_u32(block2, block3).val[1]; + uint32x4_t y2 = vuzpq_u32(block2, block3).val[0]; + uint32x4_t x3 = vuzpq_u32(block4, block5).val[1]; + uint32x4_t y3 = vuzpq_u32(block4, block5).val[0]; + + if (rounds & 1) + { + std::swap(x1, y1); std::swap(x2, y2); std::swap(x3, y3); + const uint32x4_t rk = vld1q_dup_u32(subkeys + rounds - 1); + + y1 = veorq_u32(veorq_u32(y1, rk), SIMON64_f(x1)); + y2 = veorq_u32(veorq_u32(y2, rk), SIMON64_f(x2)); + y3 = veorq_u32(veorq_u32(y3, rk), SIMON64_f(x3)); + rounds--; + } + + for (int i = static_cast(rounds-2); i >= 0; i -= 2) + { + const uint32x4_t rk1 = vld1q_dup_u32(subkeys + i + 1); + x1 = veorq_u32(veorq_u32(x1, SIMON64_f(y1)), rk1); + x2 = veorq_u32(veorq_u32(x2, SIMON64_f(y2)), rk1); + x3 = veorq_u32(veorq_u32(x3, SIMON64_f(y3)), rk1); + + const uint32x4_t rk2 = vld1q_dup_u32(subkeys + i); + y1 = veorq_u32(veorq_u32(y1, SIMON64_f(x1)), rk2); + y2 = veorq_u32(veorq_u32(y2, SIMON64_f(x2)), rk2); + y3 = veorq_u32(veorq_u32(y3, SIMON64_f(x3)), rk2); + } + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = UnpackLow32(y1, x1); + block1 = UnpackHigh32(y1, x1); + block2 = UnpackLow32(y2, x2); + block3 = UnpackHigh32(y2, x2); + block4 = UnpackLow32(y3, x3); + block5 = UnpackHigh32(y3, x3); +} + +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +// ***************************** IA-32 ***************************** // + +#if defined(CRYPTOPP_SSE41_AVAILABLE) + +inline void Swap128(__m128i& a,__m128i& b) +{ +#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5120) + // __m128i is an unsigned long long[2], and support for swapping it was not added until C++11. + // SunCC 12.1 - 12.3 fail to consume the swap; while SunCC 12.4 consumes it without -std=c++11. + vec_swap(a, b); +#else + std::swap(a, b); +#endif +} + +template +inline __m128i RotateLeft32(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, R); +#else + return _mm_or_si128( + _mm_slli_epi32(val, R), _mm_srli_epi32(val, 32-R)); +#endif +} + +template +inline __m128i RotateRight32(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 32-R); +#else + return _mm_or_si128( + _mm_slli_epi32(val, 32-R), _mm_srli_epi32(val, R)); +#endif +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +__m128i RotateLeft32<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 8); +#else + const __m128i mask = _mm_set_epi8(14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3); + return _mm_shuffle_epi8(val, mask); +#endif +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +__m128i RotateRight32<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 32-8); +#else + const __m128i mask = _mm_set_epi8(12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1); + return _mm_shuffle_epi8(val, mask); +#endif +} + +inline __m128i SIMON64_f(const __m128i& v) +{ + return _mm_xor_si128(RotateLeft32<2>(v), + _mm_and_si128(RotateLeft32<1>(v), RotateLeft32<8>(v))); +} + +inline void SIMON64_Enc_Block(__m128i &block0, __m128i &block1, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + const __m128 t0 = _mm_castsi128_ps(block0); + const __m128 t1 = _mm_castsi128_ps(block1); + __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); + __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); + + for (int i = 0; i < static_cast(rounds & ~1)-1; i += 2) + { + const __m128i rk1 = _mm_set1_epi32(subkeys[i]); + y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON64_f(x1)), rk1); + + const __m128i rk2 = _mm_set1_epi32(subkeys[i+1]); + x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON64_f(y1)), rk2); + } + + if (rounds & 1) + { + const __m128i rk = _mm_set1_epi32(subkeys[rounds-1]); + y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON64_f(x1)), rk); + Swap128(x1, y1); + } + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = _mm_unpacklo_epi32(y1, x1); + block1 = _mm_unpackhi_epi32(y1, x1); +} + +inline void SIMON64_Dec_Block(__m128i &block0, __m128i &block1, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + const __m128 t0 = _mm_castsi128_ps(block0); + const __m128 t1 = _mm_castsi128_ps(block1); + __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); + __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); + + if (rounds & 1) + { + Swap128(x1, y1); + const __m128i rk = _mm_set1_epi32(subkeys[rounds-1]); + y1 = _mm_xor_si128(_mm_xor_si128(y1, rk), SIMON64_f(x1)); + rounds--; + } + + for (int i = static_cast(rounds-2); i >= 0; i -= 2) + { + const __m128i rk1 = _mm_set1_epi32(subkeys[i+1]); + x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON64_f(y1)), rk1); + + const __m128i rk2 = _mm_set1_epi32(subkeys[i]); + y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON64_f(x1)), rk2); + } + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = _mm_unpacklo_epi32(y1, x1); + block1 = _mm_unpackhi_epi32(y1, x1); +} + +inline void SIMON64_Enc_6_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + const __m128 t0 = _mm_castsi128_ps(block0); + const __m128 t1 = _mm_castsi128_ps(block1); + __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); + __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); + + const __m128 t2 = _mm_castsi128_ps(block2); + const __m128 t3 = _mm_castsi128_ps(block3); + __m128i x2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(3,1,3,1))); + __m128i y2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(2,0,2,0))); + + const __m128 t4 = _mm_castsi128_ps(block4); + const __m128 t5 = _mm_castsi128_ps(block5); + __m128i x3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(3,1,3,1))); + __m128i y3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(2,0,2,0))); + + for (int i = 0; i < static_cast(rounds & ~1)-1; i += 2) + { + const __m128i rk1 = _mm_set1_epi32(subkeys[i]); + y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON64_f(x1)), rk1); + y2 = _mm_xor_si128(_mm_xor_si128(y2, SIMON64_f(x2)), rk1); + y3 = _mm_xor_si128(_mm_xor_si128(y3, SIMON64_f(x3)), rk1); + + const __m128i rk2 = _mm_set1_epi32(subkeys[i+1]); + x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON64_f(y1)), rk2); + x2 = _mm_xor_si128(_mm_xor_si128(x2, SIMON64_f(y2)), rk2); + x3 = _mm_xor_si128(_mm_xor_si128(x3, SIMON64_f(y3)), rk2); + } + + if (rounds & 1) + { + const __m128i rk = _mm_set1_epi32(subkeys[rounds-1]); + y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON64_f(x1)), rk); + y2 = _mm_xor_si128(_mm_xor_si128(y2, SIMON64_f(x2)), rk); + y3 = _mm_xor_si128(_mm_xor_si128(y3, SIMON64_f(x3)), rk); + Swap128(x1, y1); Swap128(x2, y2); Swap128(x3, y3); + } + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = _mm_unpacklo_epi32(y1, x1); + block1 = _mm_unpackhi_epi32(y1, x1); + block2 = _mm_unpacklo_epi32(y2, x2); + block3 = _mm_unpackhi_epi32(y2, x2); + block4 = _mm_unpacklo_epi32(y3, x3); + block5 = _mm_unpackhi_epi32(y3, x3); +} + +inline void SIMON64_Dec_6_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + const __m128 t0 = _mm_castsi128_ps(block0); + const __m128 t1 = _mm_castsi128_ps(block1); + __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); + __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); + + const __m128 t2 = _mm_castsi128_ps(block2); + const __m128 t3 = _mm_castsi128_ps(block3); + __m128i x2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(3,1,3,1))); + __m128i y2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(2,0,2,0))); + + const __m128 t4 = _mm_castsi128_ps(block4); + const __m128 t5 = _mm_castsi128_ps(block5); + __m128i x3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(3,1,3,1))); + __m128i y3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(2,0,2,0))); + + if (rounds & 1) + { + Swap128(x1, y1); Swap128(x2, y2); Swap128(x3, y3); + const __m128i rk = _mm_set1_epi32(subkeys[rounds-1]); + y1 = _mm_xor_si128(_mm_xor_si128(y1, rk), SIMON64_f(x1)); + y2 = _mm_xor_si128(_mm_xor_si128(y2, rk), SIMON64_f(x2)); + y3 = _mm_xor_si128(_mm_xor_si128(y3, rk), SIMON64_f(x3)); + rounds--; + } + + for (int i = static_cast(rounds-2); i >= 0; i -= 2) + { + const __m128i rk1 = _mm_set1_epi32(subkeys[i+1]); + x1 = _mm_xor_si128(_mm_xor_si128(x1, SIMON64_f(y1)), rk1); + x2 = _mm_xor_si128(_mm_xor_si128(x2, SIMON64_f(y2)), rk1); + x3 = _mm_xor_si128(_mm_xor_si128(x3, SIMON64_f(y3)), rk1); + + const __m128i rk2 = _mm_set1_epi32(subkeys[i]); + y1 = _mm_xor_si128(_mm_xor_si128(y1, SIMON64_f(x1)), rk2); + y2 = _mm_xor_si128(_mm_xor_si128(y2, SIMON64_f(x2)), rk2); + y3 = _mm_xor_si128(_mm_xor_si128(y3, SIMON64_f(x3)), rk2); + } + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = _mm_unpacklo_epi32(y1, x1); + block1 = _mm_unpackhi_epi32(y1, x1); + block2 = _mm_unpacklo_epi32(y2, x2); + block3 = _mm_unpackhi_epi32(y2, x2); + block4 = _mm_unpacklo_epi32(y3, x3); + block5 = _mm_unpackhi_epi32(y3, x3); +} + +#endif // CRYPTOPP_SSE41_AVAILABLE + +// ***************************** Altivec ***************************** // + +#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) + +using CryptoPP::uint8x16_p; +using CryptoPP::uint32x4_p; + +using CryptoPP::VecAnd; +using CryptoPP::VecXor; +using CryptoPP::VecLoad; +using CryptoPP::VecLoadBE; +using CryptoPP::VecPermute; + +// Rotate left by bit count +template +inline uint32x4_p RotateLeft32(const uint32x4_p val) +{ + const uint32x4_p m = {C, C, C, C}; + return vec_rl(val, m); +} + +// Rotate right by bit count +template +inline uint32x4_p RotateRight32(const uint32x4_p val) +{ + const uint32x4_p m = {32-C, 32-C, 32-C, 32-C}; + return vec_rl(val, m); +} + +inline uint32x4_p SIMON64_f(const uint32x4_p val) +{ + return VecXor(RotateLeft32<2>(val), + VecAnd(RotateLeft32<1>(val), RotateLeft32<8>(val))); +} + +inline void SIMON64_Enc_Block(uint32x4_p &block0, uint32x4_p &block1, + const word32 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; + const uint8x16_p m2 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; +#else + const uint8x16_p m1 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; + const uint8x16_p m2 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; +#endif + + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + uint32x4_p x1 = VecPermute(block0, block1, m1); + uint32x4_p y1 = VecPermute(block0, block1, m2); + + for (int i = 0; i < static_cast(rounds & ~1)-1; i += 2) + { +#if CRYPTOPP_POWER7_AVAILABLE + const uint32x4_p rk1 = vec_splats(subkeys[i]); + const uint32x4_p rk2 = vec_splats(subkeys[i+1]); +#else + const uint8x16_p m = {0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3}; + uint32x4_p rk1 = VecLoad(subkeys+i); + uint32x4_p rk2 = VecLoad(subkeys+i+1); + rk1 = VecPermute(rk1, rk1, m); + rk2 = VecPermute(rk2, rk2, m); +#endif + y1 = VecXor(VecXor(y1, SIMON64_f(x1)), rk1); + x1 = VecXor(VecXor(x1, SIMON64_f(y1)), rk2); + } + + if (rounds & 1) + { +#if CRYPTOPP_POWER7_AVAILABLE + const uint32x4_p rk = vec_splats(subkeys[rounds-1]); +#else + const uint8x16_p m = {0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3}; + uint32x4_p rk = VecLoad(subkeys+rounds-1); + rk = VecPermute(rk, rk, m); +#endif + y1 = VecXor(VecXor(y1, SIMON64_f(x1)), rk); + std::swap(x1, y1); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {19,18,17,16, 3,2,1,0, 23,22,21,20, 7,6,5,4}; + const uint8x16_p m4 = {27,26,25,24, 11,10,9,8, 31,30,29,28, 15,14,13,12}; +#else + const uint8x16_p m3 = {3,2,1,0, 19,18,17,16, 7,6,5,4, 23,22,21,20}; + const uint8x16_p m4 = {11,10,9,8, 27,26,25,24, 15,14,13,12, 31,30,29,28}; +#endif + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = (uint32x4_p)VecPermute(x1, y1, m3); + block1 = (uint32x4_p)VecPermute(x1, y1, m4); +} + +inline void SIMON64_Dec_Block(uint32x4_p &block0, uint32x4_p &block1, + const word32 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; + const uint8x16_p m2 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; +#else + const uint8x16_p m1 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; + const uint8x16_p m2 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; +#endif + + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + uint32x4_p x1 = VecPermute(block0, block1, m1); + uint32x4_p y1 = VecPermute(block0, block1, m2); + + if (rounds & 1) + { + std::swap(x1, y1); +#if CRYPTOPP_POWER7_AVAILABLE + const uint32x4_p rk = vec_splats(subkeys[rounds-1]); +#else + const uint8x16_p m = {0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3}; + uint32x4_p rk = VecLoad(subkeys+rounds-1); + rk = VecPermute(rk, rk, m); +#endif + y1 = VecXor(VecXor(y1, rk), SIMON64_f(x1)); + rounds--; + } + + for (int i = static_cast(rounds-2); i >= 0; i -= 2) + { +#if CRYPTOPP_POWER7_AVAILABLE + const uint32x4_p rk1 = vec_splats(subkeys[i+1]); + const uint32x4_p rk2 = vec_splats(subkeys[i]); +#else + const uint8x16_p m = {0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3}; + uint32x4_p rk1 = VecLoad(subkeys+i+1); + uint32x4_p rk2 = VecLoad(subkeys+i); + rk1 = VecPermute(rk1, rk1, m); + rk2 = VecPermute(rk2, rk2, m); +#endif + x1 = VecXor(VecXor(x1, SIMON64_f(y1)), rk1); + y1 = VecXor(VecXor(y1, SIMON64_f(x1)), rk2); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {19,18,17,16, 3,2,1,0, 23,22,21,20, 7,6,5,4}; + const uint8x16_p m4 = {27,26,25,24, 11,10,9,8, 31,30,29,28, 15,14,13,12}; +#else + const uint8x16_p m3 = {3,2,1,0, 19,18,17,16, 7,6,5,4, 23,22,21,20}; + const uint8x16_p m4 = {11,10,9,8, 27,26,25,24, 15,14,13,12, 31,30,29,28}; +#endif + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = (uint32x4_p)VecPermute(x1, y1, m3); + block1 = (uint32x4_p)VecPermute(x1, y1, m4); +} + +inline void SIMON64_Enc_6_Blocks(uint32x4_p &block0, uint32x4_p &block1, + uint32x4_p &block2, uint32x4_p &block3, uint32x4_p &block4, + uint32x4_p &block5, const word32 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; + const uint8x16_p m2 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; +#else + const uint8x16_p m1 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; + const uint8x16_p m2 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; +#endif + + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint32x4_p x1 = (uint32x4_p)VecPermute(block0, block1, m1); + uint32x4_p y1 = (uint32x4_p)VecPermute(block0, block1, m2); + uint32x4_p x2 = (uint32x4_p)VecPermute(block2, block3, m1); + uint32x4_p y2 = (uint32x4_p)VecPermute(block2, block3, m2); + uint32x4_p x3 = (uint32x4_p)VecPermute(block4, block5, m1); + uint32x4_p y3 = (uint32x4_p)VecPermute(block4, block5, m2); + + for (int i = 0; i < static_cast(rounds & ~1)-1; i += 2) + { +#if CRYPTOPP_POWER7_AVAILABLE + const uint32x4_p rk1 = vec_splats(subkeys[i]); + const uint32x4_p rk2 = vec_splats(subkeys[i+1]); +#else + const uint8x16_p m = {0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3}; + uint32x4_p rk1 = VecLoad(subkeys+i); + uint32x4_p rk2 = VecLoad(subkeys+i+1); + rk1 = VecPermute(rk1, rk1, m); + rk2 = VecPermute(rk2, rk2, m); +#endif + y1 = VecXor(VecXor(y1, SIMON64_f(x1)), rk1); + y2 = VecXor(VecXor(y2, SIMON64_f(x2)), rk1); + y3 = VecXor(VecXor(y3, SIMON64_f(x3)), rk1); + + x1 = VecXor(VecXor(x1, SIMON64_f(y1)), rk2); + x2 = VecXor(VecXor(x2, SIMON64_f(y2)), rk2); + x3 = VecXor(VecXor(x3, SIMON64_f(y3)), rk2); + } + + if (rounds & 1) + { +#if CRYPTOPP_POWER7_AVAILABLE + const uint32x4_p rk = vec_splats(subkeys[rounds-1]); +#else + const uint8x16_p m = {0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3}; + uint32x4_p rk = VecLoad(subkeys+rounds-1); + rk = VecPermute(rk, rk, m); +#endif + y1 = VecXor(VecXor(y1, SIMON64_f(x1)), rk); + y2 = VecXor(VecXor(y2, SIMON64_f(x2)), rk); + y3 = VecXor(VecXor(y3, SIMON64_f(x3)), rk); + std::swap(x1, y1); std::swap(x2, y2); std::swap(x3, y3); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {19,18,17,16, 3,2,1,0, 23,22,21,20, 7,6,5,4}; + const uint8x16_p m4 = {27,26,25,24, 11,10,9,8, 31,30,29,28, 15,14,13,12}; +#else + const uint8x16_p m3 = {3,2,1,0, 19,18,17,16, 7,6,5,4, 23,22,21,20}; + const uint8x16_p m4 = {11,10,9,8, 27,26,25,24, 15,14,13,12, 31,30,29,28}; +#endif + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = (uint32x4_p)VecPermute(x1, y1, m3); + block1 = (uint32x4_p)VecPermute(x1, y1, m4); + block2 = (uint32x4_p)VecPermute(x2, y2, m3); + block3 = (uint32x4_p)VecPermute(x2, y2, m4); + block4 = (uint32x4_p)VecPermute(x3, y3, m3); + block5 = (uint32x4_p)VecPermute(x3, y3, m4); +} + +inline void SIMON64_Dec_6_Blocks(uint32x4_p &block0, uint32x4_p &block1, + uint32x4_p &block2, uint32x4_p &block3, uint32x4_p &block4, + uint32x4_p &block5, const word32 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; + const uint8x16_p m2 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; +#else + const uint8x16_p m1 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; + const uint8x16_p m2 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; +#endif + + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint32x4_p x1 = (uint32x4_p)VecPermute(block0, block1, m1); + uint32x4_p y1 = (uint32x4_p)VecPermute(block0, block1, m2); + uint32x4_p x2 = (uint32x4_p)VecPermute(block2, block3, m1); + uint32x4_p y2 = (uint32x4_p)VecPermute(block2, block3, m2); + uint32x4_p x3 = (uint32x4_p)VecPermute(block4, block5, m1); + uint32x4_p y3 = (uint32x4_p)VecPermute(block4, block5, m2); + + if (rounds & 1) + { + std::swap(x1, y1); std::swap(x2, y2); std::swap(x3, y3); + +#if CRYPTOPP_POWER7_AVAILABLE + const uint32x4_p rk = vec_splats(subkeys[rounds-1]); +#else + const uint8x16_p m = {0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3}; + uint32x4_p rk = VecLoad(subkeys+rounds-1); + rk = VecPermute(rk, rk, m); +#endif + y1 = VecXor(VecXor(y1, rk), SIMON64_f(x1)); + y2 = VecXor(VecXor(y2, rk), SIMON64_f(x2)); + y3 = VecXor(VecXor(y3, rk), SIMON64_f(x3)); + rounds--; + } + + for (int i = static_cast(rounds-2); i >= 0; i -= 2) + { +#if CRYPTOPP_POWER7_AVAILABLE + const uint32x4_p rk1 = vec_splats(subkeys[i+1]); + const uint32x4_p rk2 = vec_splats(subkeys[i]); +#else + const uint8x16_p m = {0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3}; + uint32x4_p rk1 = VecLoad(subkeys+i+1); + uint32x4_p rk2 = VecLoad(subkeys+i); + rk1 = VecPermute(rk1, rk1, m); + rk2 = VecPermute(rk2, rk2, m); +#endif + x1 = VecXor(VecXor(x1, SIMON64_f(y1)), rk1); + x2 = VecXor(VecXor(x2, SIMON64_f(y2)), rk1); + x3 = VecXor(VecXor(x3, SIMON64_f(y3)), rk1); + + y1 = VecXor(VecXor(y1, SIMON64_f(x1)), rk2); + y2 = VecXor(VecXor(y2, SIMON64_f(x2)), rk2); + y3 = VecXor(VecXor(y3, SIMON64_f(x3)), rk2); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {19,18,17,16, 3,2,1,0, 23,22,21,20, 7,6,5,4}; + const uint8x16_p m4 = {27,26,25,24, 11,10,9,8, 31,30,29,28, 15,14,13,12}; +#else + const uint8x16_p m3 = {3,2,1,0, 19,18,17,16, 7,6,5,4, 23,22,21,20}; + const uint8x16_p m4 = {11,10,9,8, 27,26,25,24, 15,14,13,12, 31,30,29,28}; +#endif + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = (uint32x4_p)VecPermute(x1, y1, m3); + block1 = (uint32x4_p)VecPermute(x1, y1, m4); + block2 = (uint32x4_p)VecPermute(x2, y2, m3); + block3 = (uint32x4_p)VecPermute(x2, y2, m4); + block4 = (uint32x4_p)VecPermute(x3, y3, m3); + block5 = (uint32x4_p)VecPermute(x3, y3, m4); +} + +#endif // CRYPTOPP_ALTIVEC_AVAILABLE + +ANONYMOUS_NAMESPACE_END + +/////////////////////////////////////////////////////////////////////// + +NAMESPACE_BEGIN(CryptoPP) + +// *************************** ARM NEON **************************** // + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +size_t SIMON64_Enc_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_6x2_NEON(SIMON64_Enc_Block, SIMON64_Enc_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t SIMON64_Dec_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_6x2_NEON(SIMON64_Dec_Block, SIMON64_Dec_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +// ***************************** IA-32 ***************************** // + +#if defined(CRYPTOPP_SSE41_AVAILABLE) +size_t SIMON64_Enc_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_6x2_SSE(SIMON64_Enc_Block, SIMON64_Enc_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t SIMON64_Dec_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_6x2_SSE(SIMON64_Dec_Block, SIMON64_Dec_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif + +// ***************************** Altivec ***************************** // + +#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) +size_t SIMON64_Enc_AdvancedProcessBlocks_ALTIVEC(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_6x2_ALTIVEC(SIMON64_Enc_Block, SIMON64_Enc_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t SIMON64_Dec_AdvancedProcessBlocks_ALTIVEC(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_6x2_ALTIVEC(SIMON64_Dec_Block, SIMON64_Dec_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/sm4.cpp b/vendor/cryptopp/vendor_cryptopp/sm4.cpp index 1aa2a1ff..2c92883e 100644 --- a/vendor/cryptopp/vendor_cryptopp/sm4.cpp +++ b/vendor/cryptopp/vendor_cryptopp/sm4.cpp @@ -17,6 +17,7 @@ using CryptoPP::byte; using CryptoPP::word32; using CryptoPP::rotlConstant; +CRYPTOPP_ALIGN_DATA(4) const byte S[256] = { 0xD6, 0x90, 0xE9, 0xFE, 0xCC, 0xE1, 0x3D, 0xB7, 0x16, 0xB6, 0x14, 0xC2, 0x28, 0xFB, 0x2C, 0x05, @@ -89,6 +90,22 @@ ANONYMOUS_NAMESPACE_END NAMESPACE_BEGIN(CryptoPP) +#if CRYPTOPP_SM4_ADVANCED_PROCESS_BLOCKS +# if defined(CRYPTOPP_AESNI_AVAILABLE) +extern size_t SM4_Enc_AdvancedProcessBlocks_AESNI(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); +# endif +#endif + +std::string SM4::Enc::AlgorithmProvider() const +{ +#if defined(CRYPTOPP_AESNI_AVAILABLE) + if (HasAESNI()) + return "AESNI"; +#endif + return "C++"; +} + void SM4::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms) { CRYPTOPP_ASSERT(keyLength == 16); @@ -174,4 +191,18 @@ void SM4::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byt OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2])(m_wspace[1])(m_wspace[0]); } +#if CRYPTOPP_SM4_ADVANCED_PROCESS_BLOCKS +size_t SM4::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, + byte *outBlocks, size_t length, word32 flags) const +{ +#if defined(CRYPTOPP_AESNI_AVAILABLE) + if (HasAESNI()) { + return SM4_Enc_AdvancedProcessBlocks_AESNI(m_rkeys, 32, + inBlocks, xorBlocks, outBlocks, length, flags); + } +#endif + return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_SM4_ADVANCED_PROCESS_BLOCKS + NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/sm4.h b/vendor/cryptopp/vendor_cryptopp/sm4.h index b979b35b..92883a31 100644 --- a/vendor/cryptopp/vendor_cryptopp/sm4.h +++ b/vendor/cryptopp/vendor_cryptopp/sm4.h @@ -4,8 +4,11 @@ /// \brief Classes for the SM4 block cipher /// \details SM4 is a block cipher designed by Xiaoyun Wang, et al. The block cipher is part of the /// Chinese State Cryptography Administration portfolio. The cipher was formely known as SMS4. -/// \sa SMS4 Encryption Algorithm for Wireless Networks and -/// Reference implementation using OpenSSL. +/// \details SM4 encryption is accelerated on machines with AES-NI. Decryption is not acclerated because +/// it is not profitable. Thanks to Markku-Juhani Olavi Saarinen for help and the code. +/// \sa SMS4 Encryption Algorithm for Wireless Networks, +/// Reference implementation using OpenSSL and +/// Markku-Juhani Olavi Saarinen GitHub. /// \since Crypto++ 6.0 #ifndef CRYPTOPP_SM4_H @@ -15,6 +18,10 @@ #include "seckey.h" #include "secblock.h" +#if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86) +# define CRYPTOPP_SM4_ADVANCED_PROCESS_BLOCKS 1 +#endif + NAMESPACE_BEGIN(CryptoPP) /// \brief SM4 block cipher information @@ -42,24 +49,35 @@ public: { protected: void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); - protected: + SecBlock > m_rkeys; mutable SecBlock > m_wspace; }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Enc provides implementation for encryption transformation. All key /// sizes are supported. - /// \since Crypto++ 6.0 + /// \details SM4 encryption is accelerated on machines with AES-NI. Decryption is + /// not acclerated because it is not profitable. Thanks to Markku-Juhani Olavi + /// Saarinen. + /// \since Crypto++ 6.0, AESNI encryption since Crypto++ 8.0 class CRYPTOPP_NO_VTABLE Enc : public Base { + public: + std::string AlgorithmProvider() const; protected: void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; +#if CRYPTOPP_SM4_ADVANCED_PROCESS_BLOCKS + size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; +#endif }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Dec provides implementation for decryption transformation. All key /// sizes are supported. + /// \details SM4 encryption is accelerated on machines with AES-NI. Decryption is + /// not acclerated because it is not profitable. Thanks to Markku-Juhani Olavi + /// Saarinen. /// \since Crypto++ 6.0 class CRYPTOPP_NO_VTABLE Dec : public Base { diff --git a/vendor/cryptopp/vendor_cryptopp/sm4_simd.cpp b/vendor/cryptopp/vendor_cryptopp/sm4_simd.cpp new file mode 100644 index 00000000..f0d39ae2 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/sm4_simd.cpp @@ -0,0 +1,327 @@ +// sm4_simd.cpp - written and placed in the public domain by +// Markku-Juhani O. Saarinen and Jeffrey Walton +// +// This source file uses intrinsics and built-ins to gain access to +// AESNI, ARM NEON and ARMv8a, and Power7 Altivec instructions. A separate +// source file is needed because additional CXXFLAGS are required to enable +// the appropriate instructions sets in some build configurations. +// +// AES-NI based on Markku-Juhani O. Saarinen work at https://github.com/mjosaarinen/sm4ni. +// +// ARMv8 is upcoming. + +#include "pch.h" +#include "config.h" + +#include "sm4.h" +#include "misc.h" +#include "adv_simd.h" + +// Uncomment for benchmarking C++ against SSE. +// Do so in both simon.cpp and simon-simd.cpp. +// #undef CRYPTOPP_AESNI_AVAILABLE + +#if (CRYPTOPP_SSE2_INTRIN_AVAILABLE) +# include +# include +#endif + +#if (CRYPTOPP_AESNI_AVAILABLE) +# include +# include +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char SM4_SIMD_FNAME[] = __FILE__; + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::word32; + +#if (CRYPTOPP_AESNI_AVAILABLE) + +template +inline __m128i ShiftLeft(const __m128i& val) +{ + return _mm_slli_epi32(val, R); +} + +template +inline __m128i ShiftRight(const __m128i& val) +{ + return _mm_srli_epi32(val, R); +} + +template +inline __m128i ShiftLeft64(const __m128i& val) +{ + return _mm_slli_epi64(val, R); +} + +template +inline __m128i ShiftRight64(const __m128i& val) +{ + return _mm_srli_epi64(val, R); +} + +template +inline __m128i RotateLeft(const __m128i& val) +{ + return _mm_or_si128( + _mm_slli_epi32(val, R), _mm_srli_epi32(val, 32-R)); +} + +template +inline __m128i RotateRight(const __m128i& val) +{ + return _mm_or_si128( + _mm_slli_epi32(val, 32-R), _mm_srli_epi32(val, R)); +} + +template <> +inline __m128i RotateLeft<8>(const __m128i& val) +{ + const __m128i r08 = _mm_set_epi32(0x0E0D0C0F, 0x0A09080B, 0x06050407, 0x02010003); + return _mm_shuffle_epi8(val, r08); +} + +template <> +inline __m128i RotateLeft<16>(const __m128i& val) +{ + const __m128i mask = _mm_set_epi32(0x0D0C0F0E, 0x09080B0A, 0x05040706, 0x01000302); + return _mm_shuffle_epi8(val, mask); +} + +template <> +inline __m128i RotateLeft<24>(const __m128i& val) +{ + const __m128i mask = _mm_set_epi32(0x0C0F0E0D, 0x080B0A09, 0x04070605, 0x00030201); + return _mm_shuffle_epi8(val, mask); +} + +/// \brief Unpack XMM words +/// \tparam IDX the element from each XMM word +/// \param a the first XMM word +/// \param b the second XMM word +/// \param c the third XMM word +/// \param d the fourth XMM word +/// \details UnpackXMM selects the IDX element from a, b, c, d and returns a concatenation +/// equivalent to a[IDX] || b[IDX] || c[IDX] || d[IDX]. +template +inline __m128i UnpackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + // Should not be instantiated + CRYPTOPP_UNUSED(a); CRYPTOPP_UNUSED(b); + CRYPTOPP_UNUSED(c); CRYPTOPP_UNUSED(d); + CRYPTOPP_ASSERT(0); + return _mm_setzero_si128(); +} + +template <> +inline __m128i UnpackXMM<0>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + const __m128i r1 = _mm_unpacklo_epi32(a, b); + const __m128i r2 = _mm_unpacklo_epi32(c, d); + return _mm_unpacklo_epi64(r1, r2); +} + +template <> +inline __m128i UnpackXMM<1>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + const __m128i r1 = _mm_unpacklo_epi32(a, b); + const __m128i r2 = _mm_unpacklo_epi32(c, d); + return _mm_unpackhi_epi64(r1, r2); +} + +template <> +inline __m128i UnpackXMM<2>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + const __m128i r1 = _mm_unpackhi_epi32(a, b); + const __m128i r2 = _mm_unpackhi_epi32(c, d); + return _mm_unpacklo_epi64(r1, r2); +} + +template <> +inline __m128i UnpackXMM<3>(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + const __m128i r1 = _mm_unpackhi_epi32(a, b); + const __m128i r2 = _mm_unpackhi_epi32(c, d); + return _mm_unpackhi_epi64(r1, r2); +} + +/// \brief Unpack a XMM word +/// \tparam IDX the element from each XMM word +/// \param v the first XMM word +/// \details UnpackXMM selects the IDX element from v and returns a concatenation +/// equivalent to v[IDX] || v[IDX] || v[IDX] || v[IDX]. +template +inline __m128i UnpackXMM(const __m128i& v) +{ + // Should not be instantiated + CRYPTOPP_UNUSED(v); CRYPTOPP_ASSERT(0); + return _mm_setzero_si128(); +} + +template <> +inline __m128i UnpackXMM<0>(const __m128i& v) +{ + // Splat to all lanes + return _mm_shuffle_epi8(v, _mm_set_epi8(3,2,1,0, 3,2,1,0, 3,2,1,0, 3,2,1,0)); +} + +template <> +inline __m128i UnpackXMM<1>(const __m128i& v) +{ + // Splat to all lanes + return _mm_shuffle_epi8(v, _mm_set_epi8(7,6,5,4, 7,6,5,4, 7,6,5,4, 7,6,5,4)); +} + +template <> +inline __m128i UnpackXMM<2>(const __m128i& v) +{ + // Splat to all lanes + return _mm_shuffle_epi8(v, _mm_set_epi8(11,10,9,8, 11,10,9,8, 11,10,9,8, 11,10,9,8)); +} + +template <> +inline __m128i UnpackXMM<3>(const __m128i& v) +{ + // Splat to all lanes + return _mm_shuffle_epi8(v, _mm_set_epi8(15,14,13,12, 15,14,13,12, 15,14,13,12, 15,14,13,12)); +} + +template +inline __m128i RepackXMM(const __m128i& a, const __m128i& b, const __m128i& c, const __m128i& d) +{ + return UnpackXMM(a, b, c, d); +} + +template +inline __m128i RepackXMM(const __m128i& v) +{ + return UnpackXMM(v); +} + +inline void SM4_Encrypt(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, const word32 *subkeys) +{ + // nibble mask + const __m128i c0f = _mm_set_epi32(0x0F0F0F0F, 0x0F0F0F0F, 0x0F0F0F0F, 0x0F0F0F0F); + + // flip all bytes in all 32-bit words + const __m128i flp = _mm_set_epi32(0x0C0D0E0F, 0x08090A0B, 0x04050607, 0x00010203); + + // inverse shift rows + const __m128i shr = _mm_set_epi32(0x0306090C, 0x0F020508, 0x0B0E0104, 0x070A0D00); + + // Affine transform 1 (low and high hibbles) + const __m128i m1l = _mm_set_epi32(0xC7C1B4B2, 0x22245157, 0x9197E2E4, 0x74720701); + const __m128i m1h = _mm_set_epi32(0xF052B91B, 0xF95BB012, 0xE240AB09, 0xEB49A200); + + // Affine transform 2 (low and high hibbles) + const __m128i m2l = _mm_set_epi32(0xEDD14478, 0x172BBE82, 0x5B67F2CE, 0xA19D0834); + const __m128i m2h = _mm_set_epi32(0x11CDBE62, 0xCC1063BF, 0xAE7201DD, 0x73AFDC00); + + __m128i t0 = UnpackXMM<0>(block0, block1, block2, block3); + __m128i t1 = UnpackXMM<1>(block0, block1, block2, block3); + __m128i t2 = UnpackXMM<2>(block0, block1, block2, block3); + __m128i t3 = UnpackXMM<3>(block0, block1, block2, block3); + + t0 = _mm_shuffle_epi8(t0, flp); + t1 = _mm_shuffle_epi8(t1, flp); + t2 = _mm_shuffle_epi8(t2, flp); + t3 = _mm_shuffle_epi8(t3, flp); + + const unsigned int ROUNDS = 32; + for (unsigned int i = 0; i < ROUNDS; i++) + { + const __m128i k = _mm_shuffle_epi32(_mm_castps_si128( + _mm_load_ss((const float*)(subkeys+i))), _MM_SHUFFLE(0,0,0,0)); + + __m128i x, y; + x = _mm_xor_si128(t1, _mm_xor_si128(t2, _mm_xor_si128(t3, k))); + + y = _mm_and_si128(x, c0f); // inner affine + y = _mm_shuffle_epi8(m1l, y); + x = _mm_and_si128(ShiftRight64<4>(x), c0f); + x = _mm_xor_si128(_mm_shuffle_epi8(m1h, x), y); + + x = _mm_shuffle_epi8(x, shr); // inverse MixColumns + x = _mm_aesenclast_si128(x, c0f); // AESNI instruction + + y = _mm_andnot_si128(x, c0f); // outer affine + y = _mm_shuffle_epi8(m2l, y); + x = _mm_and_si128(ShiftRight64<4>(x), c0f); + x = _mm_xor_si128(_mm_shuffle_epi8(m2h, x), y); + + // 4 parallel L1 linear transforms + y = _mm_xor_si128(x, RotateLeft<8>(x)); + y = _mm_xor_si128(y, RotateLeft<16>(x)); + y = _mm_xor_si128(ShiftLeft<2>(y), ShiftRight<30>(y)); + x = _mm_xor_si128(x, _mm_xor_si128(y, RotateLeft<24>(x))); + + // rotate registers + x = _mm_xor_si128(x, t0); + t0 = t1; t1 = t2; + t2 = t3; t3 = x; + } + + t0 = _mm_shuffle_epi8(t0, flp); + t1 = _mm_shuffle_epi8(t1, flp); + t2 = _mm_shuffle_epi8(t2, flp); + t3 = _mm_shuffle_epi8(t3, flp); + + block0 = RepackXMM<0>(t3,t2,t1,t0); + block1 = RepackXMM<1>(t3,t2,t1,t0); + block2 = RepackXMM<2>(t3,t2,t1,t0); + block3 = RepackXMM<3>(t3,t2,t1,t0); +} + +inline void SM4_Enc_4_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, const word32 *subkeys, unsigned int /*rounds*/) +{ + SM4_Encrypt(block0, block1, block2, block3, subkeys); +} + +inline void SM4_Dec_4_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, const word32 *subkeys, unsigned int /*rounds*/) +{ + SM4_Encrypt(block0, block1, block2, block3, subkeys); +} + +inline void SM4_Enc_Block(__m128i &block0, + const word32 *subkeys, unsigned int /*rounds*/) +{ + __m128i t1 = _mm_setzero_si128(); + __m128i t2 = _mm_setzero_si128(); + __m128i t3 = _mm_setzero_si128(); + + SM4_Encrypt(block0, t1, t2, t3, subkeys); +} + +inline void SM4_Dec_Block(__m128i &block0, + const word32 *subkeys, unsigned int /*rounds*/) +{ + __m128i t1 = _mm_setzero_si128(); + __m128i t2 = _mm_setzero_si128(); + __m128i t3 = _mm_setzero_si128(); + + SM4_Encrypt(block0, t1, t2, t3, subkeys); +} + +#endif // CRYPTOPP_AESNI_AVAILABLE + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +#if defined(CRYPTOPP_AESNI_AVAILABLE) +size_t SM4_Enc_AdvancedProcessBlocks_AESNI(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_4x1_SSE(SM4_Enc_Block, SM4_Enc_4_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_AESNI_AVAILABLE + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/socketft.cpp b/vendor/cryptopp/vendor_cryptopp/socketft.cpp deleted file mode 100644 index 00c6b603..00000000 --- a/vendor/cryptopp/vendor_cryptopp/socketft.cpp +++ /dev/null @@ -1,673 +0,0 @@ -// socketft.cpp - originally written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "config.h" - -#if !defined(NO_OS_DEPENDENCE) && defined(SOCKETS_AVAILABLE) - -#include "socketft.h" -#include "wait.h" - -// Windows 8, Windows Server 2012, and Windows Phone 8.1 need and -#if defined(CRYPTOPP_WIN32_AVAILABLE) -# if ((WINVER >= 0x0602 /*_WIN32_WINNT_WIN8*/) || (_WIN32_WINNT >= 0x0602 /*_WIN32_WINNT_WIN8*/)) -# include -# include -# define USE_WINDOWS8_API -# endif -#endif - -#ifdef USE_BERKELEY_STYLE_SOCKETS -#include -#include -#include -#include -#include -#include -#endif - -#if defined(CRYPTOPP_MSAN) -# include -#endif - -// From http://groups.google.com/d/msg/cryptopp-users/MzvocLrbIpE/TMCa6LFhCgAJ, -// is a compatibility header and it needs _WIN32_WINNT >= 0x501. -// The work-around should be OK since it won't cross-pollinate into header files. -#if defined(__MINGW32__) && (_WIN32_WINNT < 0x501) -# undef _WIN32_WINNT -# define _WIN32_WINNT 0x501 -#endif - -#ifdef USE_WINDOWS_STYLE_SOCKETS -# pragma comment(lib, "ws2_32.lib") -# if defined(_WIN32_WINNT) && (_WIN32_WINNT < 0x501) -# include -# endif -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef USE_WINDOWS_STYLE_SOCKETS -const int SOCKET_EINVAL = WSAEINVAL; -const int SOCKET_EWOULDBLOCK = WSAEWOULDBLOCK; -typedef int socklen_t; -#else -const int SOCKET_EINVAL = EINVAL; -const int SOCKET_EWOULDBLOCK = EWOULDBLOCK; -#endif - -// Solaris doesn't have INADDR_NONE -#ifndef INADDR_NONE -# define INADDR_NONE 0xffffffff -#endif /* INADDR_NONE */ - -// Some Windows SDKs do not have INET6_ADDRSTRLEN -#ifndef INET_ADDRSTRLEN -# define INET_ADDRSTRLEN (22) -#endif -#ifndef INET6_ADDRSTRLEN -# define INET6_ADDRSTRLEN (65) -#endif - -#define MAX_ADDRSTRLEN (INET6_ADDRSTRLEN > INET_ADDRSTRLEN ? INET6_ADDRSTRLEN : INET_ADDRSTRLEN) - -// Also see http://stackoverflow.com/a/20816961 and http://github.com/weidai11/cryptopp/issues/322 -#if defined(USE_WINDOWS_STYLE_SOCKETS) -int inet_pton(int af, const char *src, void *dst) -{ -#if CRYPTOPP_MSC_VERSION -# pragma warning(push) -# pragma warning(disable: 4996) -#endif - - // Posix states only src is validated. Avoid a bad dst dereference. - if(!src || !dst) return 0; - - struct sockaddr_storage ss; - ZeroMemory(&ss, sizeof(ss)); - -#if CRYPTOPP_MSC_VERSION >= 1400 - char temp[MAX_ADDRSTRLEN]; - strcpy_s(temp, sizeof(temp), src); -#else - char temp[MAX_ADDRSTRLEN]; - strncpy(temp, src, sizeof(temp)); - temp[MAX_ADDRSTRLEN-1] = '\0'; -#endif - - - int size = sizeof(ss); - if (WSAStringToAddressA(temp, af, NULLPTR, (struct sockaddr *)&ss, &size) == 0) { - switch (af) { - case AF_INET: - *(struct in_addr *)dst = ((struct sockaddr_in *)&ss)->sin_addr; - return 1; - case AF_INET6: - *(struct in6_addr *)dst = ((struct sockaddr_in6 *)&ss)->sin6_addr; - return 1; - } - } - - ((sockaddr_in *)dst)->sin_addr.s_addr = INADDR_NONE; - return 0; - -#if CRYPTOPP_MSC_VERSION -# pragma warning(pop) -#endif -} -#endif - -Socket::Err::Err(socket_t s, const std::string& operation, int error) - : OS_Error(IO_ERROR, "Socket: " + operation + " operation failed with error " + IntToString(error), operation, error) - , m_s(s) -{ -} - -Socket::~Socket() -{ - if (m_own) - { - try - { - CloseSocket(); - } - catch (const Exception&) - { - CRYPTOPP_ASSERT(0); - } - } -} - -void Socket::AttachSocket(socket_t s, bool own) -{ - if (m_own) - CloseSocket(); - - m_s = s; - m_own = own; - SocketChanged(); -} - -socket_t Socket::DetachSocket() -{ - socket_t s = m_s; - m_s = INVALID_SOCKET; - SocketChanged(); - return s; -} - -void Socket::Create(int nType) -{ - CRYPTOPP_ASSERT(m_s == INVALID_SOCKET); - m_s = socket(AF_INET, nType, 0); - CheckAndHandleError("socket", m_s); - m_own = true; - SocketChanged(); -} - -void Socket::CloseSocket() -{ - if (m_s != INVALID_SOCKET) - { -#ifdef USE_WINDOWS_STYLE_SOCKETS -# if defined(USE_WINDOWS8_API) - BOOL result = CancelIoEx((HANDLE) m_s, NULLPTR); - CRYPTOPP_ASSERT(result || (!result && GetLastError() == ERROR_NOT_FOUND)); - CheckAndHandleError_int("closesocket", closesocket(m_s)); - CRYPTOPP_UNUSED(result); // Used by CRYPTOPP_ASSERT in debug builds -# else - BOOL result = CancelIo((HANDLE) m_s); - CRYPTOPP_ASSERT(result || (!result && GetLastError() == ERROR_NOT_FOUND)); - CheckAndHandleError_int("closesocket", closesocket(m_s)); - CRYPTOPP_UNUSED(result); -# endif -#else - CheckAndHandleError_int("close", close(m_s)); -#endif - m_s = INVALID_SOCKET; - SocketChanged(); - } -} - -void Socket::Bind(unsigned int port, const char *addr) -{ - sockaddr_in sa; - memset(&sa, 0, sizeof(sa)); - sa.sin_family = AF_INET; - - if (addr == NULLPTR) - sa.sin_addr.s_addr = htonl(INADDR_ANY); - else - { - // unsigned long result = inet_addr(addr); - unsigned long result; - if (inet_pton(AF_INET, addr, &result) < 1 || result == INADDR_NONE) - { - SetLastError(SOCKET_EINVAL); - CheckAndHandleError_int("inet_addr", SOCKET_ERROR); - } - sa.sin_addr.s_addr = result; - } - - sa.sin_port = htons((unsigned short)port); - - Bind((sockaddr *)&sa, sizeof(sa)); -} - -void Socket::Bind(const sockaddr *psa, socklen_t saLen) -{ - CRYPTOPP_ASSERT(m_s != INVALID_SOCKET); - // cygwin workaround: needs const_cast - CheckAndHandleError_int("bind", bind(m_s, const_cast(psa), saLen)); -} - -void Socket::Listen(int backlog) -{ - CRYPTOPP_ASSERT(m_s != INVALID_SOCKET); - CheckAndHandleError_int("listen", listen(m_s, backlog)); -} - -bool Socket::Connect(const char *addr, unsigned int port) -{ - CRYPTOPP_ASSERT(addr != NULLPTR); - - sockaddr_in sa; - memset(&sa, 0, sizeof(sa)); - sa.sin_family = AF_INET; - - // Make inet_pton failures non-fatal. - if (!addr || inet_pton(AF_INET, addr, &sa.sin_addr.s_addr) < 1) - sa.sin_addr.s_addr = INADDR_NONE; - - if (sa.sin_addr.s_addr == INADDR_NONE) - { - addrinfo hints, *result = NULLPTR; - memset(&hints, 0, sizeof(hints)); - - hints.ai_socktype = SOCK_STREAM; - hints.ai_family = AF_INET; - - if (getaddrinfo(addr, NULLPTR, &hints, &result) != 0 || result == NULLPTR) - { - freeaddrinfo(result); - SetLastError(SOCKET_EINVAL); - CheckAndHandleError_int("getaddrinfo", SOCKET_ERROR); - } - else - { - // Avoid assignment on due to alignment issues in Apple headers - // sa.sin_addr.s_addr = ((struct sockaddr_in *)(result->ai_addr))->sin_addr.s_addr; - struct sockaddr_in* sap = (struct sockaddr_in *)result->ai_addr; - memcpy(&sa.sin_addr.s_addr, &sap->sin_addr.s_addr, sizeof(sa.sin_addr.s_addr)); - freeaddrinfo(result); - } - } - - sa.sin_port = htons((unsigned short)port); - - return Connect((const sockaddr *)&sa, sizeof(sa)); -} - -bool Socket::Connect(const sockaddr* psa, socklen_t saLen) -{ - CRYPTOPP_ASSERT(m_s != INVALID_SOCKET); - int result = connect(m_s, const_cast(psa), saLen); - if (result == SOCKET_ERROR && GetLastError() == SOCKET_EWOULDBLOCK) - return false; - CheckAndHandleError_int("connect", result); - return true; -} - -bool Socket::Accept(Socket& target, sockaddr *psa, socklen_t *psaLen) -{ - CRYPTOPP_ASSERT(m_s != INVALID_SOCKET); - socket_t s = accept(m_s, psa, psaLen); - if (s == INVALID_SOCKET && GetLastError() == SOCKET_EWOULDBLOCK) - return false; - CheckAndHandleError("accept", s); - target.AttachSocket(s, true); - return true; -} - -void Socket::GetSockName(sockaddr *psa, socklen_t *psaLen) -{ - CRYPTOPP_ASSERT(m_s != INVALID_SOCKET); - CheckAndHandleError_int("getsockname", getsockname(m_s, psa, psaLen)); -} - -void Socket::GetPeerName(sockaddr *psa, socklen_t *psaLen) -{ - CRYPTOPP_ASSERT(m_s != INVALID_SOCKET); - CheckAndHandleError_int("getpeername", getpeername(m_s, psa, psaLen)); -} - -unsigned int Socket::Send(const byte* buf, size_t bufLen, int flags) -{ - CRYPTOPP_ASSERT(m_s != INVALID_SOCKET); - int result = send(m_s, (const char *)buf, UnsignedMin(INT_MAX, bufLen), flags); - CheckAndHandleError_int("send", result); - return result; -} - -unsigned int Socket::Receive(byte* buf, size_t bufLen, int flags) -{ - CRYPTOPP_ASSERT(m_s != INVALID_SOCKET); - int result = recv(m_s, (char *)buf, UnsignedMin(INT_MAX, bufLen), flags); - CheckAndHandleError_int("recv", result); - return result; -} - -void Socket::ShutDown(int how) -{ - CRYPTOPP_ASSERT(m_s != INVALID_SOCKET); - int result = shutdown(m_s, how); - CheckAndHandleError_int("shutdown", result); -} - -void Socket::IOCtl(long cmd, unsigned long *argp) -{ - CRYPTOPP_ASSERT(m_s != INVALID_SOCKET); -#ifdef USE_WINDOWS_STYLE_SOCKETS - CheckAndHandleError_int("ioctlsocket", ioctlsocket(m_s, cmd, argp)); -#else - CheckAndHandleError_int("ioctl", ioctl(m_s, cmd, argp)); -#endif -} - -bool Socket::SendReady(const timeval *timeout) -{ - fd_set fds; - FD_ZERO(&fds); - FD_SET(m_s, &fds); -#ifdef CRYPTOPP_MSAN - __msan_unpoison(&fds, sizeof(fds)); -#endif - - int ready; - if (timeout == NULLPTR) - ready = select((int)m_s+1, NULLPTR, &fds, NULLPTR, NULLPTR); - else - { - timeval timeoutCopy = *timeout; // select() modified timeout on Linux - ready = select((int)m_s+1, NULLPTR, &fds, NULLPTR, &timeoutCopy); - } - CheckAndHandleError_int("select", ready); - return ready > 0; -} - -bool Socket::ReceiveReady(const timeval *timeout) -{ - fd_set fds; - FD_ZERO(&fds); - FD_SET(m_s, &fds); -#ifdef CRYPTOPP_MSAN - __msan_unpoison(&fds, sizeof(fds)); -#endif - - int ready; - if (timeout == NULLPTR) - ready = select((int)m_s+1, &fds, NULLPTR, NULLPTR, NULLPTR); - else - { - timeval timeoutCopy = *timeout; // select() modified timeout on Linux - ready = select((int)m_s+1, &fds, NULLPTR, NULLPTR, &timeoutCopy); - } - CheckAndHandleError_int("select", ready); - return ready > 0; -} - -unsigned int Socket::PortNameToNumber(const char *name, const char *protocol) -{ - int port = atoi(name); - if (IntToString(port) == name) - return port; - - servent *se = getservbyname(name, protocol); - if (!se) - throw Err(INVALID_SOCKET, "getservbyname", SOCKET_EINVAL); - return ntohs(se->s_port); -} - -void Socket::StartSockets() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - WSADATA wsd; - int result = WSAStartup(0x0202, &wsd); - if (result != 0) - throw Err(INVALID_SOCKET, "WSAStartup", result); -#endif -} - -void Socket::ShutdownSockets() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - int result = WSACleanup(); - if (result != 0) - throw Err(INVALID_SOCKET, "WSACleanup", result); -#endif -} - -int Socket::GetLastError() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - return WSAGetLastError(); -#else - return errno; -#endif -} - -void Socket::SetLastError(int errorCode) -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - WSASetLastError(errorCode); -#else - errno = errorCode; -#endif -} - -void Socket::HandleError(const char *operation) const -{ - int err = GetLastError(); - throw Err(m_s, operation, err); -} - -#ifdef USE_WINDOWS_STYLE_SOCKETS - -SocketReceiver::SocketReceiver(Socket &s) - : m_s(s), m_lastResult(0), m_resultPending(false), m_eofReceived(false) -{ - m_event.AttachHandle(CreateEvent(NULLPTR, true, false, NULLPTR), true); - m_s.CheckAndHandleError("CreateEvent", m_event.HandleValid()); - memset(&m_overlapped, 0, sizeof(m_overlapped)); - m_overlapped.hEvent = m_event; -} - -SocketReceiver::~SocketReceiver() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS -# if defined(USE_WINDOWS8_API) - BOOL result = CancelIoEx((HANDLE) m_s.GetSocket(), NULLPTR); - CRYPTOPP_ASSERT(result || (!result && GetLastError() == ERROR_NOT_FOUND)); - CRYPTOPP_UNUSED(result); // Used by CRYPTOPP_ASSERT in debug builds -# else - BOOL result = CancelIo((HANDLE) m_s.GetSocket()); - CRYPTOPP_ASSERT(result || (!result && GetLastError() == ERROR_NOT_FOUND)); - CRYPTOPP_UNUSED(result); -# endif -#endif -} - -bool SocketReceiver::Receive(byte* buf, size_t bufLen) -{ - CRYPTOPP_ASSERT(!m_resultPending && !m_eofReceived); - - DWORD flags = 0; - // don't queue too much at once, or we might use up non-paged memory - WSABUF wsabuf = {UnsignedMin((u_long)128*1024, bufLen), (char *)buf}; - if (WSARecv(m_s, &wsabuf, 1, &m_lastResult, &flags, &m_overlapped, NULLPTR) == 0) - { - if (m_lastResult == 0) - m_eofReceived = true; - } - else - { - switch (WSAGetLastError()) - { - default: - m_s.CheckAndHandleError_int("WSARecv", SOCKET_ERROR); - // Fall through for non-fatal - case WSAEDISCON: - m_lastResult = 0; - m_eofReceived = true; - break; - case WSA_IO_PENDING: - m_resultPending = true; - } - } - return !m_resultPending; -} - -void SocketReceiver::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (m_resultPending) - container.AddHandle(m_event, CallStack("SocketReceiver::GetWaitObjects() - result pending", &callStack)); - else if (!m_eofReceived) - container.SetNoWait(CallStack("SocketReceiver::GetWaitObjects() - result ready", &callStack)); -} - -unsigned int SocketReceiver::GetReceiveResult() -{ - if (m_resultPending) - { - DWORD flags = 0; - if (WSAGetOverlappedResult(m_s, &m_overlapped, &m_lastResult, false, &flags)) - { - if (m_lastResult == 0) - m_eofReceived = true; - } - else - { - switch (WSAGetLastError()) - { - default: - m_s.CheckAndHandleError("WSAGetOverlappedResult", FALSE); - // Fall through for non-fatal - case WSAEDISCON: - m_lastResult = 0; - m_eofReceived = true; - } - } - m_resultPending = false; - } - return m_lastResult; -} - -// ************************************************************* - -SocketSender::SocketSender(Socket &s) - : m_s(s), m_lastResult(0), m_resultPending(false) -{ - m_event.AttachHandle(CreateEvent(NULLPTR, true, false, NULLPTR), true); - m_s.CheckAndHandleError("CreateEvent", m_event.HandleValid()); - memset(&m_overlapped, 0, sizeof(m_overlapped)); - m_overlapped.hEvent = m_event; -} - - -SocketSender::~SocketSender() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS -# if defined(USE_WINDOWS8_API) - BOOL result = CancelIoEx((HANDLE) m_s.GetSocket(), NULLPTR); - CRYPTOPP_ASSERT(result || (!result && GetLastError() == ERROR_NOT_FOUND)); - CRYPTOPP_UNUSED(result); // Used by CRYPTOPP_ASSERT in debug builds -# else - BOOL result = CancelIo((HANDLE) m_s.GetSocket()); - CRYPTOPP_ASSERT(result || (!result && GetLastError() == ERROR_NOT_FOUND)); - CRYPTOPP_UNUSED(result); -# endif -#endif -} - -void SocketSender::Send(const byte* buf, size_t bufLen) -{ - CRYPTOPP_ASSERT(!m_resultPending); - DWORD written = 0; - // don't queue too much at once, or we might use up non-paged memory - WSABUF wsabuf = {UnsignedMin((u_long)128*1024, bufLen), (char *)buf}; - if (WSASend(m_s, &wsabuf, 1, &written, 0, &m_overlapped, NULLPTR) == 0) - { - m_resultPending = false; - m_lastResult = written; - } - else - { - if (WSAGetLastError() != WSA_IO_PENDING) - m_s.CheckAndHandleError_int("WSASend", SOCKET_ERROR); - - m_resultPending = true; - } -} - -void SocketSender::SendEof() -{ - CRYPTOPP_ASSERT(!m_resultPending); - m_s.ShutDown(SD_SEND); - m_s.CheckAndHandleError("ResetEvent", ResetEvent(m_event)); - m_s.CheckAndHandleError_int("WSAEventSelect", WSAEventSelect(m_s, m_event, FD_CLOSE)); - m_resultPending = true; -} - -bool SocketSender::EofSent() -{ - if (m_resultPending) - { - WSANETWORKEVENTS events; - m_s.CheckAndHandleError_int("WSAEnumNetworkEvents", WSAEnumNetworkEvents(m_s, m_event, &events)); - if ((events.lNetworkEvents & FD_CLOSE) != FD_CLOSE) - throw Socket::Err(m_s, "WSAEnumNetworkEvents (FD_CLOSE not present)", E_FAIL); - if (events.iErrorCode[FD_CLOSE_BIT] != 0) - throw Socket::Err(m_s, "FD_CLOSE (via WSAEnumNetworkEvents)", events.iErrorCode[FD_CLOSE_BIT]); - m_resultPending = false; - } - return m_lastResult != 0; -} - -void SocketSender::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (m_resultPending) - container.AddHandle(m_event, CallStack("SocketSender::GetWaitObjects() - result pending", &callStack)); - else - container.SetNoWait(CallStack("SocketSender::GetWaitObjects() - result ready", &callStack)); -} - -unsigned int SocketSender::GetSendResult() -{ - if (m_resultPending) - { - DWORD flags = 0; - BOOL result = WSAGetOverlappedResult(m_s, &m_overlapped, &m_lastResult, false, &flags); - m_s.CheckAndHandleError("WSAGetOverlappedResult", result); - m_resultPending = false; - } - return m_lastResult; -} - -#endif - -#ifdef USE_BERKELEY_STYLE_SOCKETS - -SocketReceiver::SocketReceiver(Socket &s) - : m_s(s), m_lastResult(0), m_eofReceived(false) -{ -} - -void SocketReceiver::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (!m_eofReceived) - container.AddReadFd(m_s, CallStack("SocketReceiver::GetWaitObjects()", &callStack)); -} - -bool SocketReceiver::Receive(byte* buf, size_t bufLen) -{ - m_lastResult = m_s.Receive(buf, bufLen); - if (bufLen > 0 && m_lastResult == 0) - m_eofReceived = true; - return true; -} - -unsigned int SocketReceiver::GetReceiveResult() -{ - return m_lastResult; -} - -SocketSender::SocketSender(Socket &s) - : m_s(s), m_lastResult(0) -{ -} - -void SocketSender::Send(const byte* buf, size_t bufLen) -{ - m_lastResult = m_s.Send(buf, bufLen); -} - -void SocketSender::SendEof() -{ - m_s.ShutDown(SD_SEND); -} - -unsigned int SocketSender::GetSendResult() -{ - return m_lastResult; -} - -void SocketSender::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - container.AddWriteFd(m_s, CallStack("SocketSender::GetWaitObjects()", &callStack)); -} - -#endif // USE_BERKELEY_STYLE_SOCKETS - -NAMESPACE_END - -#endif // SOCKETS_AVAILABLE diff --git a/vendor/cryptopp/vendor_cryptopp/socketft.h b/vendor/cryptopp/vendor_cryptopp/socketft.h deleted file mode 100644 index 00c4fc27..00000000 --- a/vendor/cryptopp/vendor_cryptopp/socketft.h +++ /dev/null @@ -1,227 +0,0 @@ -#ifndef CRYPTOPP_SOCKETFT_H -#define CRYPTOPP_SOCKETFT_H - -#include "config.h" - -#if !defined(NO_OS_DEPENDENCE) && defined(SOCKETS_AVAILABLE) - -#include "cryptlib.h" -#include "network.h" -#include "queue.h" - -#ifdef USE_WINDOWS_STYLE_SOCKETS -# if defined(_WINSOCKAPI_) && !defined(_WINSOCK2API_) -# error Winsock 1 is not supported by this library. Please include this file or winsock2.h before windows.h. -# endif -#include -#include -#include "winpipes.h" -#else -#include -#include -#include -#include -#endif - -NAMESPACE_BEGIN(CryptoPP) - -#ifdef USE_WINDOWS_STYLE_SOCKETS -typedef ::SOCKET socket_t; -#else -typedef int socket_t; -const socket_t INVALID_SOCKET = -1; -// cygwin 1.1.4 doesn't have SHUT_RD -const int SD_RECEIVE = 0; -const int SD_SEND = 1; -const int SD_BOTH = 2; -const int SOCKET_ERROR = -1; -#endif - -#ifndef socklen_t -typedef TYPE_OF_SOCKLEN_T socklen_t; // see config.h -#endif - -/// wrapper for Windows or Berkeley Sockets -class Socket -{ -public: - /// exception thrown by Socket class - class Err : public OS_Error - { - public: - Err(socket_t s, const std::string& operation, int error); - socket_t GetSocket() const {return m_s;} - - private: - socket_t m_s; - }; - - Socket(socket_t s = INVALID_SOCKET, bool own=false) : m_s(s), m_own(own) {} - Socket(const Socket &s) : m_s(s.m_s), m_own(false) {} - virtual ~Socket(); - - bool GetOwnership() const {return m_own;} - void SetOwnership(bool own) {m_own = own;} - - operator socket_t() {return m_s;} - socket_t GetSocket() const {return m_s;} - void AttachSocket(socket_t s, bool own=false); - socket_t DetachSocket(); - void CloseSocket(); - - void Create(int nType = SOCK_STREAM); - void Bind(unsigned int port, const char *addr=NULLPTR); - void Bind(const sockaddr* psa, socklen_t saLen); - void Listen(int backlog = SOMAXCONN); - // the next three functions return false if the socket is in nonblocking mode - // and the operation cannot be completed immediately - bool Connect(const char *addr, unsigned int port); - bool Connect(const sockaddr* psa, socklen_t saLen); - bool Accept(Socket& s, sockaddr *psa=NULLPTR, socklen_t *psaLen=NULLPTR); - void GetSockName(sockaddr *psa, socklen_t *psaLen); - void GetPeerName(sockaddr *psa, socklen_t *psaLen); - unsigned int Send(const byte* buf, size_t bufLen, int flags=0); - unsigned int Receive(byte* buf, size_t bufLen, int flags=0); - void ShutDown(int how = SD_SEND); - - void IOCtl(long cmd, unsigned long *argp); - bool SendReady(const timeval *timeout); - bool ReceiveReady(const timeval *timeout); - - virtual void HandleError(const char *operation) const; - void CheckAndHandleError_int(const char *operation, int result) const - {if (result == SOCKET_ERROR) HandleError(operation);} - void CheckAndHandleError(const char *operation, socket_t result) const - {if (result == static_cast(SOCKET_ERROR)) HandleError(operation);} -#ifdef USE_WINDOWS_STYLE_SOCKETS - void CheckAndHandleError(const char *operation, BOOL result) const - {if (!result) HandleError(operation);} - void CheckAndHandleError(const char *operation, bool result) const - {if (!result) HandleError(operation);} -#endif - - /// look up the port number given its name, returns 0 if not found - static unsigned int PortNameToNumber(const char *name, const char *protocol="tcp"); - /// start Windows Sockets 2 - static void StartSockets(); - /// calls WSACleanup for Windows Sockets - static void ShutdownSockets(); - /// returns errno or WSAGetLastError - static int GetLastError(); - /// sets errno or calls WSASetLastError - static void SetLastError(int errorCode); - -protected: - virtual void SocketChanged() {} - - socket_t m_s; - bool m_own; -}; - -class SocketsInitializer -{ -public: - SocketsInitializer() {Socket::StartSockets();} - ~SocketsInitializer() {try {Socket::ShutdownSockets();} catch (const Exception&) {CRYPTOPP_ASSERT(0);}} -}; - -class SocketReceiver : public NetworkReceiver -{ -public: - SocketReceiver(Socket &s); - -#ifdef USE_BERKELEY_STYLE_SOCKETS - bool MustWaitToReceive() {return true;} -#else - ~SocketReceiver(); - bool MustWaitForResult() {return true;} -#endif - bool Receive(byte* buf, size_t bufLen); - unsigned int GetReceiveResult(); - bool EofReceived() const {return m_eofReceived;} - - unsigned int GetMaxWaitObjectCount() const {return 1;} - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - -private: - Socket &m_s; - -#ifdef USE_WINDOWS_STYLE_SOCKETS - WindowsHandle m_event; - OVERLAPPED m_overlapped; - DWORD m_lastResult; - bool m_resultPending; -#else - unsigned int m_lastResult; -#endif - - bool m_eofReceived; -}; - -class SocketSender : public NetworkSender -{ -public: - SocketSender(Socket &s); - -#ifdef USE_BERKELEY_STYLE_SOCKETS - bool MustWaitToSend() {return true;} -#else - ~SocketSender(); - bool MustWaitForResult() {return true;} - bool MustWaitForEof() { return true; } - bool EofSent(); -#endif - void Send(const byte* buf, size_t bufLen); - unsigned int GetSendResult(); - void SendEof(); - - unsigned int GetMaxWaitObjectCount() const {return 1;} - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - -private: - Socket &m_s; -#ifdef USE_WINDOWS_STYLE_SOCKETS - WindowsHandle m_event; - OVERLAPPED m_overlapped; - DWORD m_lastResult; - bool m_resultPending; -#else - unsigned int m_lastResult; -#endif -}; - -/// socket-based implementation of NetworkSource -class SocketSource : public NetworkSource, public Socket -{ -public: - SocketSource(socket_t s = INVALID_SOCKET, bool pumpAll = false, BufferedTransformation *attachment = NULLPTR) - : NetworkSource(attachment), Socket(s), m_receiver(*this) - { - if (pumpAll) - PumpAll(); - } - -private: - NetworkReceiver & AccessReceiver() {return m_receiver;} - SocketReceiver m_receiver; -}; - -/// socket-based implementation of NetworkSink -class SocketSink : public NetworkSink, public Socket -{ -public: - SocketSink(socket_t s=INVALID_SOCKET, unsigned int maxBufferSize=0, unsigned int autoFlushBound=16*1024) - : NetworkSink(maxBufferSize, autoFlushBound), Socket(s), m_sender(*this) {} - - void SendEof() {ShutDown(SD_SEND);} - -private: - NetworkSender & AccessSender() {return m_sender;} - SocketSender m_sender; -}; - -NAMESPACE_END - -#endif // SOCKETS_AVAILABLE - -#endif // CRYPTOPP_SOCKETFT_H diff --git a/vendor/cryptopp/vendor_cryptopp/sosemanuk.cpp b/vendor/cryptopp/vendor_cryptopp/sosemanuk.cpp index d303f878..82cf8c92 100644 --- a/vendor/cryptopp/vendor_cryptopp/sosemanuk.cpp +++ b/vendor/cryptopp/vendor_cryptopp/sosemanuk.cpp @@ -19,6 +19,17 @@ NAMESPACE_BEGIN(CryptoPP) +std::string SosemanukPolicy::AlgorithmProvider() const +{ +#ifndef CRYPTOPP_DISABLE_SOSEMANUK_ASM +# if CRYPTOPP_SSE2_ASM_AVAILABLE + if (HasSSE2()) + return "SSE2"; +# endif +#endif + return "C++"; +} + void SosemanukPolicy::CipherSetKey(const NameValuePairs ¶ms, const byte *userKey, size_t keylen) { CRYPTOPP_UNUSED(params); diff --git a/vendor/cryptopp/vendor_cryptopp/sosemanuk.h b/vendor/cryptopp/vendor_cryptopp/sosemanuk.h index f832bcc7..94ebcfea 100644 --- a/vendor/cryptopp/vendor_cryptopp/sosemanuk.h +++ b/vendor/cryptopp/vendor_cryptopp/sosemanuk.h @@ -10,16 +10,16 @@ #include "strciphr.h" #include "secblock.h" -// Clang due to "Inline assembly operands don't work with .intel_syntax" -// https://llvm.org/bugs/show_bug.cgi?id=24232 -#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_INTEL_ASM) -# define CRYPTOPP_DISABLE_SOSEMANUK_ASM +// Clang 3.3 integrated assembler crash on Linux. Clang 3.4 due to compiler +// error with .intel_syntax, http://llvm.org/bugs/show_bug.cgi?id=24232 +#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_MIXED_ASM) +# define CRYPTOPP_DISABLE_SOSEMANUK_ASM 1 #endif NAMESPACE_BEGIN(CryptoPP) /// \brief Sosemanuk stream cipher information - /// \since Crypto++ 5.5 +/// \since Crypto++ 5.5 struct SosemanukInfo : public VariableKeyLength<16, 1, 32, 1, SimpleKeyingInterface::UNIQUE_IV, 16> { CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "Sosemanuk";} @@ -30,6 +30,7 @@ struct SosemanukInfo : public VariableKeyLength<16, 1, 32, 1, SimpleKeyingInterf class SosemanukPolicy : public AdditiveCipherConcretePolicy, public SosemanukInfo { protected: + std::string AlgorithmProvider() const; void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); diff --git a/vendor/cryptopp/vendor_cryptopp/speck-simd.cpp b/vendor/cryptopp/vendor_cryptopp/speck-simd.cpp deleted file mode 100644 index 3666f240..00000000 --- a/vendor/cryptopp/vendor_cryptopp/speck-simd.cpp +++ /dev/null @@ -1,981 +0,0 @@ -// speck-simd.cpp - written and placed in the public domain by Jeffrey Walton -// -// This source file uses intrinsics and built-ins to gain access to -// SSSE3, ARM NEON and ARMv8a, and Power7 Altivec instructions. A separate -// source file is needed because additional CXXFLAGS are required to enable -// the appropriate instructions sets in some build configurations. - -#include "pch.h" -#include "config.h" - -#include "speck.h" -#include "misc.h" -#include "adv-simd.h" - -// Uncomment for benchmarking C++ against SSE or NEON. -// Do so in both speck.cpp and speck-simd.cpp. -// #undef CRYPTOPP_SSSE3_AVAILABLE -// #undef CRYPTOPP_SSE41_AVAILABLE -// #undef CRYPTOPP_ARM_NEON_AVAILABLE - -#if (CRYPTOPP_SSSE3_AVAILABLE) -# include -# include -#endif - -#if (CRYPTOPP_SSE41_AVAILABLE) -# include -#endif - -#if defined(__AVX512F__) && defined(__AVX512VL__) -# define CRYPTOPP_AVX512_ROTATE 1 -# include -#endif - -#if (CRYPTOPP_ARM_NEON_AVAILABLE) -# include -#endif - -// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many -// compilers don't follow ACLE conventions for the include. -#if defined(CRYPTOPP_ARM_ACLE_AVAILABLE) -# include -# include -#endif - -// https://www.spinics.net/lists/gcchelp/msg47735.html and -// https://www.spinics.net/lists/gcchelp/msg47749.html -#if (CRYPTOPP_GCC_VERSION >= 40900) -# define GCC_NO_UBSAN __attribute__ ((no_sanitize_undefined)) -#else -# define GCC_NO_UBSAN -#endif - -ANONYMOUS_NAMESPACE_BEGIN - -using CryptoPP::byte; -using CryptoPP::word32; -using CryptoPP::word64; - -// *************************** ARM NEON ************************** // - -#if (CRYPTOPP_ARM_NEON_AVAILABLE) - -template -inline T UnpackHigh32(const T& a, const T& b) -{ - const uint32x2_t x(vget_high_u32((uint32x4_t)a)); - const uint32x2_t y(vget_high_u32((uint32x4_t)b)); - const uint32x2x2_t r = vzip_u32(x, y); - return (T)vcombine_u32(r.val[0], r.val[1]); -} - -template -inline T UnpackLow32(const T& a, const T& b) -{ - const uint32x2_t x(vget_low_u32((uint32x4_t)a)); - const uint32x2_t y(vget_low_u32((uint32x4_t)b)); - const uint32x2x2_t r = vzip_u32(x, y); - return (T)vcombine_u32(r.val[0], r.val[1]); -} - -template -inline uint32x4_t RotateLeft32(const uint32x4_t& val) -{ - const uint32x4_t a(vshlq_n_u32(val, R)); - const uint32x4_t b(vshrq_n_u32(val, 32 - R)); - return vorrq_u32(a, b); -} - -template -inline uint32x4_t RotateRight32(const uint32x4_t& val) -{ - const uint32x4_t a(vshlq_n_u32(val, 32 - R)); - const uint32x4_t b(vshrq_n_u32(val, R)); - return vorrq_u32(a, b); -} - -#if defined(__aarch32__) || defined(__aarch64__) -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline uint32x4_t RotateLeft32<8>(const uint32x4_t& val) -{ -#if defined(CRYPTOPP_BIG_ENDIAN) - const uint8_t maskb[16] = { 14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3 }; - const uint8x16_t mask = vld1q_u8(maskb); -#else - const uint8_t maskb[16] = { 3,0,1,2, 7,4,5,6, 11,8,9,10, 15,12,13,14 }; - const uint8x16_t mask = vld1q_u8(maskb); -#endif - - return vreinterpretq_u32_u8( - vqtbl1q_u8(vreinterpretq_u8_u32(val), mask)); -} - -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline uint32x4_t RotateRight32<8>(const uint32x4_t& val) -{ -#if defined(CRYPTOPP_BIG_ENDIAN) - const uint8_t maskb[16] = { 12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1 }; - const uint8x16_t mask = vld1q_u8(maskb); -#else - const uint8_t maskb[16] = { 1,2,3,0, 5,6,7,4, 9,10,11,8, 13,14,15,12 }; - const uint8x16_t mask = vld1q_u8(maskb); -#endif - - return vreinterpretq_u32_u8( - vqtbl1q_u8(vreinterpretq_u8_u32(val), mask)); -} -#endif // Aarch32 or Aarch64 - -inline void SPECK64_Enc_Block(uint32x4_t &block0, uint32x4_t &block1, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; - uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; - - for (int i=0; i < static_cast(rounds); ++i) - { - const uint32x4_t rk = vdupq_n_u32(subkeys[i]); - - x1 = RotateRight32<8>(x1); - x1 = vaddq_u32(x1, y1); - x1 = veorq_u32(x1, rk); - y1 = RotateLeft32<3>(y1); - y1 = veorq_u32(y1, x1); - } - - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = UnpackLow32(y1, x1); - block1 = UnpackHigh32(y1, x1); -} - -inline void SPECK64_Dec_Block(uint32x4_t &block0, uint32x4_t &block1, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; - uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; - - for (int i = static_cast(rounds-1); i >= 0; --i) - { - const uint32x4_t rk = vdupq_n_u32(subkeys[i]); - - y1 = veorq_u32(y1, x1); - y1 = RotateRight32<3>(y1); - x1 = veorq_u32(x1, rk); - x1 = vsubq_u32(x1, y1); - x1 = RotateLeft32<8>(x1); - } - - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = UnpackLow32(y1, x1); - block1 = UnpackHigh32(y1, x1); -} - -inline void SPECK64_Enc_6_Blocks(uint32x4_t &block0, uint32x4_t &block1, - uint32x4_t &block2, uint32x4_t &block3, uint32x4_t &block4, uint32x4_t &block5, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. If only a single block is available then - // a Zero block is provided to promote vectorizations. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; - uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; - uint32x4_t x2 = vuzpq_u32(block2, block3).val[1]; - uint32x4_t y2 = vuzpq_u32(block2, block3).val[0]; - uint32x4_t x3 = vuzpq_u32(block4, block5).val[1]; - uint32x4_t y3 = vuzpq_u32(block4, block5).val[0]; - - for (int i=0; i < static_cast(rounds); ++i) - { - const uint32x4_t rk = vdupq_n_u32(subkeys[i]); - - x1 = RotateRight32<8>(x1); - x2 = RotateRight32<8>(x2); - x3 = RotateRight32<8>(x3); - x1 = vaddq_u32(x1, y1); - x2 = vaddq_u32(x2, y2); - x3 = vaddq_u32(x3, y3); - x1 = veorq_u32(x1, rk); - x2 = veorq_u32(x2, rk); - x3 = veorq_u32(x3, rk); - y1 = RotateLeft32<3>(y1); - y2 = RotateLeft32<3>(y2); - y3 = RotateLeft32<3>(y3); - y1 = veorq_u32(y1, x1); - y2 = veorq_u32(y2, x2); - y3 = veorq_u32(y3, x3); - } - - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = UnpackLow32(y1, x1); - block1 = UnpackHigh32(y1, x1); - block2 = UnpackLow32(y2, x2); - block3 = UnpackHigh32(y2, x2); - block4 = UnpackLow32(y3, x3); - block5 = UnpackHigh32(y3, x3); -} - -inline void SPECK64_Dec_6_Blocks(uint32x4_t &block0, uint32x4_t &block1, - uint32x4_t &block2, uint32x4_t &block3, uint32x4_t &block4, uint32x4_t &block5, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. If only a single block is available then - // a Zero block is provided to promote vectorizations. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; - uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; - uint32x4_t x2 = vuzpq_u32(block2, block3).val[1]; - uint32x4_t y2 = vuzpq_u32(block2, block3).val[0]; - uint32x4_t x3 = vuzpq_u32(block4, block5).val[1]; - uint32x4_t y3 = vuzpq_u32(block4, block5).val[0]; - - for (int i = static_cast(rounds-1); i >= 0; --i) - { - const uint32x4_t rk = vdupq_n_u32(subkeys[i]); - - y1 = veorq_u32(y1, x1); - y2 = veorq_u32(y2, x2); - y3 = veorq_u32(y3, x3); - y1 = RotateRight32<3>(y1); - y2 = RotateRight32<3>(y2); - y3 = RotateRight32<3>(y3); - x1 = veorq_u32(x1, rk); - x2 = veorq_u32(x2, rk); - x3 = veorq_u32(x3, rk); - x1 = vsubq_u32(x1, y1); - x2 = vsubq_u32(x2, y2); - x3 = vsubq_u32(x3, y3); - x1 = RotateLeft32<8>(x1); - x2 = RotateLeft32<8>(x2); - x3 = RotateLeft32<8>(x3); - } - - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = UnpackLow32(y1, x1); - block1 = UnpackHigh32(y1, x1); - block2 = UnpackLow32(y2, x2); - block3 = UnpackHigh32(y2, x2); - block4 = UnpackLow32(y3, x3); - block5 = UnpackHigh32(y3, x3); -} - -#endif // CRYPTOPP_ARM_NEON_AVAILABLE - -#if (CRYPTOPP_ARM_NEON_AVAILABLE) - -template -inline T UnpackHigh64(const T& a, const T& b) -{ - const uint64x1_t x(vget_high_u64((uint64x2_t)a)); - const uint64x1_t y(vget_high_u64((uint64x2_t)b)); - return (T)vcombine_u64(x, y); -} - -template -inline T UnpackLow64(const T& a, const T& b) -{ - const uint64x1_t x(vget_low_u64((uint64x2_t)a)); - const uint64x1_t y(vget_low_u64((uint64x2_t)b)); - return (T)vcombine_u64(x, y); -} - -template -inline uint64x2_t RotateLeft64(const uint64x2_t& val) -{ - const uint64x2_t a(vshlq_n_u64(val, R)); - const uint64x2_t b(vshrq_n_u64(val, 64 - R)); - return vorrq_u64(a, b); -} - -template -inline uint64x2_t RotateRight64(const uint64x2_t& val) -{ - const uint64x2_t a(vshlq_n_u64(val, 64 - R)); - const uint64x2_t b(vshrq_n_u64(val, R)); - return vorrq_u64(a, b); -} - -#if defined(__aarch32__) || defined(__aarch64__) -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline uint64x2_t RotateLeft64<8>(const uint64x2_t& val) -{ -#if defined(CRYPTOPP_BIG_ENDIAN) - const uint8_t maskb[16] = { 14,13,12,11, 10,9,8,15, 6,5,4,3, 2,1,0,7 }; - const uint8x16_t mask = vld1q_u8(maskb); -#else - const uint8_t maskb[16] = { 7,0,1,2, 3,4,5,6, 15,8,9,10, 11,12,13,14 }; - const uint8x16_t mask = vld1q_u8(maskb); -#endif - - return vreinterpretq_u64_u8( - vqtbl1q_u8(vreinterpretq_u8_u64(val), mask)); -} - -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline uint64x2_t RotateRight64<8>(const uint64x2_t& val) -{ -#if defined(CRYPTOPP_BIG_ENDIAN) - const uint8_t maskb[16] = { 8,15,14,13, 12,11,10,9, 0,7,6,5, 4,3,2,1 }; - const uint8x16_t mask = vld1q_u8(maskb); -#else - const uint8_t maskb[16] = { 1,2,3,4, 5,6,7,0, 9,10,11,12, 13,14,15,8 }; - const uint8x16_t mask = vld1q_u8(maskb); -#endif - - return vreinterpretq_u64_u8( - vqtbl1q_u8(vreinterpretq_u8_u64(val), mask)); -} -#endif - -inline void SPECK128_Enc_Block(uint64x2_t &block0, uint64x2_t &block1, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - uint64x2_t x1 = UnpackHigh64(block0, block1); - uint64x2_t y1 = UnpackLow64(block0, block1); - - for (int i=0; i < static_cast(rounds); ++i) - { - const uint64x2_t rk = vld1q_dup_u64(subkeys+i); - - x1 = RotateRight64<8>(x1); - x1 = vaddq_u64(x1, y1); - x1 = veorq_u64(x1, rk); - y1 = RotateLeft64<3>(y1); - y1 = veorq_u64(y1, x1); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = UnpackLow64(y1, x1); - block1 = UnpackHigh64(y1, x1); -} - -inline void SPECK128_Enc_6_Blocks(uint64x2_t &block0, uint64x2_t &block1, - uint64x2_t &block2, uint64x2_t &block3, uint64x2_t &block4, uint64x2_t &block5, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - uint64x2_t x1 = UnpackHigh64(block0, block1); - uint64x2_t y1 = UnpackLow64(block0, block1); - uint64x2_t x2 = UnpackHigh64(block2, block3); - uint64x2_t y2 = UnpackLow64(block2, block3); - uint64x2_t x3 = UnpackHigh64(block4, block5); - uint64x2_t y3 = UnpackLow64(block4, block5); - - for (int i=0; i < static_cast(rounds); ++i) - { - const uint64x2_t rk = vld1q_dup_u64(subkeys+i); - - x1 = RotateRight64<8>(x1); - x2 = RotateRight64<8>(x2); - x3 = RotateRight64<8>(x3); - x1 = vaddq_u64(x1, y1); - x2 = vaddq_u64(x2, y2); - x3 = vaddq_u64(x3, y3); - x1 = veorq_u64(x1, rk); - x2 = veorq_u64(x2, rk); - x3 = veorq_u64(x3, rk); - y1 = RotateLeft64<3>(y1); - y2 = RotateLeft64<3>(y2); - y3 = RotateLeft64<3>(y3); - y1 = veorq_u64(y1, x1); - y2 = veorq_u64(y2, x2); - y3 = veorq_u64(y3, x3); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = UnpackLow64(y1, x1); - block1 = UnpackHigh64(y1, x1); - block2 = UnpackLow64(y2, x2); - block3 = UnpackHigh64(y2, x2); - block4 = UnpackLow64(y3, x3); - block5 = UnpackHigh64(y3, x3); -} - -inline void SPECK128_Dec_Block(uint64x2_t &block0, uint64x2_t &block1, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - uint64x2_t x1 = UnpackHigh64(block0, block1); - uint64x2_t y1 = UnpackLow64(block0, block1); - - for (int i = static_cast(rounds-1); i >= 0; --i) - { - const uint64x2_t rk = vld1q_dup_u64(subkeys+i); - - y1 = veorq_u64(y1, x1); - y1 = RotateRight64<3>(y1); - x1 = veorq_u64(x1, rk); - x1 = vsubq_u64(x1, y1); - x1 = RotateLeft64<8>(x1); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = UnpackLow64(y1, x1); - block1 = UnpackHigh64(y1, x1); -} - -inline void SPECK128_Dec_6_Blocks(uint64x2_t &block0, uint64x2_t &block1, - uint64x2_t &block2, uint64x2_t &block3, uint64x2_t &block4, uint64x2_t &block5, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - uint64x2_t x1 = UnpackHigh64(block0, block1); - uint64x2_t y1 = UnpackLow64(block0, block1); - uint64x2_t x2 = UnpackHigh64(block2, block3); - uint64x2_t y2 = UnpackLow64(block2, block3); - uint64x2_t x3 = UnpackHigh64(block4, block5); - uint64x2_t y3 = UnpackLow64(block4, block5); - - for (int i = static_cast(rounds-1); i >= 0; --i) - { - const uint64x2_t rk = vld1q_dup_u64(subkeys+i); - - y1 = veorq_u64(y1, x1); - y2 = veorq_u64(y2, x2); - y3 = veorq_u64(y3, x3); - y1 = RotateRight64<3>(y1); - y2 = RotateRight64<3>(y2); - y3 = RotateRight64<3>(y3); - x1 = veorq_u64(x1, rk); - x2 = veorq_u64(x2, rk); - x3 = veorq_u64(x3, rk); - x1 = vsubq_u64(x1, y1); - x2 = vsubq_u64(x2, y2); - x3 = vsubq_u64(x3, y3); - x1 = RotateLeft64<8>(x1); - x2 = RotateLeft64<8>(x2); - x3 = RotateLeft64<8>(x3); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = UnpackLow64(y1, x1); - block1 = UnpackHigh64(y1, x1); - block2 = UnpackLow64(y2, x2); - block3 = UnpackHigh64(y2, x2); - block4 = UnpackLow64(y3, x3); - block5 = UnpackHigh64(y3, x3); -} - -#endif // CRYPTOPP_ARM_NEON_AVAILABLE - -// ***************************** IA-32 ***************************** // - -#if defined(CRYPTOPP_SSSE3_AVAILABLE) - -// Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670 -#ifndef M128_CAST -# define M128_CAST(x) ((__m128i *)(void *)(x)) -#endif -#ifndef CONST_M128_CAST -# define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) -#endif - -// GCC double casts, https://www.spinics.net/lists/gcchelp/msg47735.html -#ifndef DOUBLE_CAST -# define DOUBLE_CAST(x) ((double *)(void *)(x)) -#endif -#ifndef CONST_DOUBLE_CAST -# define CONST_DOUBLE_CAST(x) ((const double *)(const void *)(x)) -#endif - -#if defined(CRYPTOPP_AVX512_ROTATE) -template -inline __m128i RotateLeft64(const __m128i& val) -{ - return _mm_rol_epi64(val, R); -} - -template -inline __m128i RotateRight64(const __m128i& val) -{ - return _mm_ror_epi64(val, R); -} -#else -template -inline __m128i RotateLeft64(const __m128i& val) -{ - return _mm_or_si128( - _mm_slli_epi64(val, R), _mm_srli_epi64(val, 64-R)); -} - -template -inline __m128i RotateRight64(const __m128i& val) -{ - return _mm_or_si128( - _mm_slli_epi64(val, 64-R), _mm_srli_epi64(val, R)); -} - -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline __m128i RotateLeft64<8>(const __m128i& val) -{ - const __m128i mask = _mm_set_epi8(14,13,12,11, 10,9,8,15, 6,5,4,3, 2,1,0,7); - return _mm_shuffle_epi8(val, mask); -} - -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline __m128i RotateRight64<8>(const __m128i& val) -{ - const __m128i mask = _mm_set_epi8(8,15,14,13, 12,11,10,9, 0,7,6,5, 4,3,2,1); - return _mm_shuffle_epi8(val, mask); -} - -#endif // CRYPTOPP_AVX512_ROTATE - -inline void GCC_NO_UBSAN SPECK128_Enc_Block(__m128i &block0, __m128i &block1, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - __m128i x1 = _mm_unpackhi_epi64(block0, block1); - __m128i y1 = _mm_unpacklo_epi64(block0, block1); - - for (int i=0; i < static_cast(rounds); ++i) - { - const __m128i rk = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i))); - - x1 = RotateRight64<8>(x1); - x1 = _mm_add_epi64(x1, y1); - x1 = _mm_xor_si128(x1, rk); - y1 = RotateLeft64<3>(y1); - y1 = _mm_xor_si128(y1, x1); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = _mm_unpacklo_epi64(y1, x1); - block1 = _mm_unpackhi_epi64(y1, x1); -} - -inline void GCC_NO_UBSAN SPECK128_Enc_6_Blocks(__m128i &block0, __m128i &block1, - __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - __m128i x1 = _mm_unpackhi_epi64(block0, block1); - __m128i y1 = _mm_unpacklo_epi64(block0, block1); - __m128i x2 = _mm_unpackhi_epi64(block2, block3); - __m128i y2 = _mm_unpacklo_epi64(block2, block3); - __m128i x3 = _mm_unpackhi_epi64(block4, block5); - __m128i y3 = _mm_unpacklo_epi64(block4, block5); - - for (int i=0; i < static_cast(rounds); ++i) - { - const __m128i rk = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i))); - - x1 = RotateRight64<8>(x1); - x2 = RotateRight64<8>(x2); - x3 = RotateRight64<8>(x3); - x1 = _mm_add_epi64(x1, y1); - x2 = _mm_add_epi64(x2, y2); - x3 = _mm_add_epi64(x3, y3); - x1 = _mm_xor_si128(x1, rk); - x2 = _mm_xor_si128(x2, rk); - x3 = _mm_xor_si128(x3, rk); - y1 = RotateLeft64<3>(y1); - y2 = RotateLeft64<3>(y2); - y3 = RotateLeft64<3>(y3); - y1 = _mm_xor_si128(y1, x1); - y2 = _mm_xor_si128(y2, x2); - y3 = _mm_xor_si128(y3, x3); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = _mm_unpacklo_epi64(y1, x1); - block1 = _mm_unpackhi_epi64(y1, x1); - block2 = _mm_unpacklo_epi64(y2, x2); - block3 = _mm_unpackhi_epi64(y2, x2); - block4 = _mm_unpacklo_epi64(y3, x3); - block5 = _mm_unpackhi_epi64(y3, x3); -} - -inline void GCC_NO_UBSAN SPECK128_Dec_Block(__m128i &block0, __m128i &block1, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - __m128i x1 = _mm_unpackhi_epi64(block0, block1); - __m128i y1 = _mm_unpacklo_epi64(block0, block1); - - for (int i = static_cast(rounds-1); i >= 0; --i) - { - const __m128i rk = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i))); - - y1 = _mm_xor_si128(y1, x1); - y1 = RotateRight64<3>(y1); - x1 = _mm_xor_si128(x1, rk); - x1 = _mm_sub_epi64(x1, y1); - x1 = RotateLeft64<8>(x1); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = _mm_unpacklo_epi64(y1, x1); - block1 = _mm_unpackhi_epi64(y1, x1); -} - -inline void GCC_NO_UBSAN SPECK128_Dec_6_Blocks(__m128i &block0, __m128i &block1, - __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, - const word64 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. - // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... - __m128i x1 = _mm_unpackhi_epi64(block0, block1); - __m128i y1 = _mm_unpacklo_epi64(block0, block1); - __m128i x2 = _mm_unpackhi_epi64(block2, block3); - __m128i y2 = _mm_unpacklo_epi64(block2, block3); - __m128i x3 = _mm_unpackhi_epi64(block4, block5); - __m128i y3 = _mm_unpacklo_epi64(block4, block5); - - for (int i = static_cast(rounds-1); i >= 0; --i) - { - const __m128i rk = _mm_castpd_si128( - _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i))); - - y1 = _mm_xor_si128(y1, x1); - y2 = _mm_xor_si128(y2, x2); - y3 = _mm_xor_si128(y3, x3); - y1 = RotateRight64<3>(y1); - y2 = RotateRight64<3>(y2); - y3 = RotateRight64<3>(y3); - x1 = _mm_xor_si128(x1, rk); - x2 = _mm_xor_si128(x2, rk); - x3 = _mm_xor_si128(x3, rk); - x1 = _mm_sub_epi64(x1, y1); - x2 = _mm_sub_epi64(x2, y2); - x3 = _mm_sub_epi64(x3, y3); - x1 = RotateLeft64<8>(x1); - x2 = RotateLeft64<8>(x2); - x3 = RotateLeft64<8>(x3); - } - - // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... - block0 = _mm_unpacklo_epi64(y1, x1); - block1 = _mm_unpackhi_epi64(y1, x1); - block2 = _mm_unpacklo_epi64(y2, x2); - block3 = _mm_unpackhi_epi64(y2, x2); - block4 = _mm_unpacklo_epi64(y3, x3); - block5 = _mm_unpackhi_epi64(y3, x3); -} - -#endif // CRYPTOPP_SSSE3_AVAILABLE - -#if defined(CRYPTOPP_SSE41_AVAILABLE) - -template -inline __m128i RotateLeft32(const __m128i& val) -{ - return _mm_or_si128( - _mm_slli_epi32(val, R), _mm_srli_epi32(val, 32-R)); -} - -template -inline __m128i RotateRight32(const __m128i& val) -{ - return _mm_or_si128( - _mm_slli_epi32(val, 32-R), _mm_srli_epi32(val, R)); -} - -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline __m128i RotateLeft32<8>(const __m128i& val) -{ - const __m128i mask = _mm_set_epi8(14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3); - return _mm_shuffle_epi8(val, mask); -} - -// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. -template <> -inline __m128i RotateRight32<8>(const __m128i& val) -{ - const __m128i mask = _mm_set_epi8(12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1); - return _mm_shuffle_epi8(val, mask); -} - -inline void GCC_NO_UBSAN SPECK64_Enc_Block(__m128i &block0, __m128i &block1, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. Thanks to Peter Cordes for help with the - // SSE permutes below. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - const __m128 t0 = _mm_castsi128_ps(block0); - const __m128 t1 = _mm_castsi128_ps(block1); - __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); - __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); - - for (int i=0; i < static_cast(rounds); ++i) - { - const __m128i rk = _mm_set1_epi32(subkeys[i]); - - x1 = RotateRight32<8>(x1); - x1 = _mm_add_epi32(x1, y1); - x1 = _mm_xor_si128(x1, rk); - y1 = RotateLeft32<3>(y1); - y1 = _mm_xor_si128(y1, x1); - } - - // The is roughly the SSE equivalent to ARM vzp32 - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = _mm_unpacklo_epi32(y1, x1); - block1 = _mm_unpackhi_epi32(y1, x1); -} - -inline void GCC_NO_UBSAN SPECK64_Dec_Block(__m128i &block0, __m128i &block1, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. Thanks to Peter Cordes for help with the - // SSE permutes below. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - const __m128 t0 = _mm_castsi128_ps(block0); - const __m128 t1 = _mm_castsi128_ps(block1); - __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); - __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); - - for (int i = static_cast(rounds-1); i >= 0; --i) - { - const __m128i rk = _mm_set1_epi32(subkeys[i]); - - y1 = _mm_xor_si128(y1, x1); - y1 = RotateRight32<3>(y1); - x1 = _mm_xor_si128(x1, rk); - x1 = _mm_sub_epi32(x1, y1); - x1 = RotateLeft32<8>(x1); - } - - // The is roughly the SSE equivalent to ARM vzp32 - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = _mm_unpacklo_epi32(y1, x1); - block1 = _mm_unpackhi_epi32(y1, x1); -} - -inline void GCC_NO_UBSAN SPECK64_Enc_6_Blocks(__m128i &block0, __m128i &block1, - __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. Thanks to Peter Cordes for help with the - // SSE permutes below. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - const __m128 t0 = _mm_castsi128_ps(block0); - const __m128 t1 = _mm_castsi128_ps(block1); - __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); - __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); - - const __m128 t2 = _mm_castsi128_ps(block2); - const __m128 t3 = _mm_castsi128_ps(block3); - __m128i x2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(3,1,3,1))); - __m128i y2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(2,0,2,0))); - - const __m128 t4 = _mm_castsi128_ps(block4); - const __m128 t5 = _mm_castsi128_ps(block5); - __m128i x3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(3,1,3,1))); - __m128i y3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(2,0,2,0))); - - for (int i=0; i < static_cast(rounds); ++i) - { - const __m128i rk = _mm_set1_epi32(subkeys[i]); - - x1 = RotateRight32<8>(x1); - x2 = RotateRight32<8>(x2); - x3 = RotateRight32<8>(x3); - x1 = _mm_add_epi32(x1, y1); - x2 = _mm_add_epi32(x2, y2); - x3 = _mm_add_epi32(x3, y3); - x1 = _mm_xor_si128(x1, rk); - x2 = _mm_xor_si128(x2, rk); - x3 = _mm_xor_si128(x3, rk); - y1 = RotateLeft32<3>(y1); - y2 = RotateLeft32<3>(y2); - y3 = RotateLeft32<3>(y3); - y1 = _mm_xor_si128(y1, x1); - y2 = _mm_xor_si128(y2, x2); - y3 = _mm_xor_si128(y3, x3); - } - - // The is roughly the SSE equivalent to ARM vzp32 - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = _mm_unpacklo_epi32(y1, x1); - block1 = _mm_unpackhi_epi32(y1, x1); - block2 = _mm_unpacklo_epi32(y2, x2); - block3 = _mm_unpackhi_epi32(y2, x2); - block4 = _mm_unpacklo_epi32(y3, x3); - block5 = _mm_unpackhi_epi32(y3, x3); -} - -inline void GCC_NO_UBSAN SPECK64_Dec_6_Blocks(__m128i &block0, __m128i &block1, - __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, - const word32 *subkeys, unsigned int rounds) -{ - // Rearrange the data for vectorization. The incoming data was read into - // a little-endian word array. Depending on the number of blocks it needs to - // be permuted to the following. Thanks to Peter Cordes for help with the - // SSE permutes below. - // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... - const __m128 t0 = _mm_castsi128_ps(block0); - const __m128 t1 = _mm_castsi128_ps(block1); - __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); - __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); - - const __m128 t2 = _mm_castsi128_ps(block2); - const __m128 t3 = _mm_castsi128_ps(block3); - __m128i x2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(3,1,3,1))); - __m128i y2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(2,0,2,0))); - - const __m128 t4 = _mm_castsi128_ps(block4); - const __m128 t5 = _mm_castsi128_ps(block5); - __m128i x3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(3,1,3,1))); - __m128i y3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(2,0,2,0))); - - for (int i = static_cast(rounds-1); i >= 0; --i) - { - const __m128i rk = _mm_set1_epi32(subkeys[i]); - - y1 = _mm_xor_si128(y1, x1); - y2 = _mm_xor_si128(y2, x2); - y3 = _mm_xor_si128(y3, x3); - y1 = RotateRight32<3>(y1); - y2 = RotateRight32<3>(y2); - y3 = RotateRight32<3>(y3); - x1 = _mm_xor_si128(x1, rk); - x2 = _mm_xor_si128(x2, rk); - x3 = _mm_xor_si128(x3, rk); - x1 = _mm_sub_epi32(x1, y1); - x2 = _mm_sub_epi32(x2, y2); - x3 = _mm_sub_epi32(x3, y3); - x1 = RotateLeft32<8>(x1); - x2 = RotateLeft32<8>(x2); - x3 = RotateLeft32<8>(x3); - } - - // The is roughly the SSE equivalent to ARM vzp32 - // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] - block0 = _mm_unpacklo_epi32(y1, x1); - block1 = _mm_unpackhi_epi32(y1, x1); - block2 = _mm_unpacklo_epi32(y2, x2); - block3 = _mm_unpackhi_epi32(y2, x2); - block4 = _mm_unpacklo_epi32(y3, x3); - block5 = _mm_unpackhi_epi32(y3, x3); -} - -#endif // CRYPTOPP_SSE41_AVAILABLE - -ANONYMOUS_NAMESPACE_END - -/////////////////////////////////////////////////////////////////////// - -NAMESPACE_BEGIN(CryptoPP) - -// *************************** ARM NEON **************************** // - -#if (CRYPTOPP_ARM_NEON_AVAILABLE) -size_t SPECK64_Enc_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks64_6x2_NEON(SPECK64_Enc_Block, SPECK64_Enc_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} - -size_t SPECK64_Dec_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks64_6x2_NEON(SPECK64_Dec_Block, SPECK64_Dec_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} -#endif - -#if (CRYPTOPP_ARM_NEON_AVAILABLE) -size_t SPECK128_Enc_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks128_6x2_NEON(SPECK128_Enc_Block, SPECK128_Enc_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} - -size_t SPECK128_Dec_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks128_6x2_NEON(SPECK128_Dec_Block, SPECK128_Dec_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} -#endif // CRYPTOPP_ARM_NEON_AVAILABLE - -// ***************************** IA-32 ***************************** // - -#if defined(CRYPTOPP_SSE41_AVAILABLE) -size_t SPECK64_Enc_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks64_6x2_SSE(SPECK64_Enc_Block, SPECK64_Enc_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} - -size_t SPECK64_Dec_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks64_6x2_SSE(SPECK64_Dec_Block, SPECK64_Dec_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} -#endif - -#if defined(CRYPTOPP_SSSE3_AVAILABLE) -size_t SPECK128_Enc_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks128_6x2_SSE(SPECK128_Enc_Block, SPECK128_Enc_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} - -size_t SPECK128_Dec_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds, - const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) -{ - return AdvancedProcessBlocks128_6x2_SSE(SPECK128_Dec_Block, SPECK128_Dec_6_Blocks, - subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); -} -#endif // CRYPTOPP_SSSE3_AVAILABLE - -NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/speck.cpp b/vendor/cryptopp/vendor_cryptopp/speck.cpp index d8dd2d01..61fac2cf 100644 --- a/vendor/cryptopp/vendor_cryptopp/speck.cpp +++ b/vendor/cryptopp/vendor_cryptopp/speck.cpp @@ -7,6 +7,14 @@ #include "misc.h" #include "cpu.h" +#ifndef CRYPTOPP_INLINE +# if defined(CRYPTOPP_DEBUG) +# define CRYPTOPP_INLINE static +# else +# define CRYPTOPP_INLINE inline +# endif +#endif + // Uncomment for benchmarking C++ against SSE or NEON. // Do so in both speck.cpp and speck-simd.cpp. // #undef CRYPTOPP_SSSE3_AVAILABLE @@ -28,7 +36,7 @@ using CryptoPP::rotrConstant; /// additional template parameters also made calling SPECK_Encrypt and SPECK_Decrypt /// kind of messy. template -inline void TF83(W& x, W& y, const W k) +CRYPTOPP_INLINE void TF83(W& x, W& y, const W k) { x = rotrConstant<8>(x); x += y; x ^= k; @@ -44,7 +52,7 @@ inline void TF83(W& x, W& y, const W k) /// additional template parameters also made calling SPECK_Encrypt and SPECK_Decrypt /// kind of messy. template -inline void TR83(W& x, W& y, const W k) +CRYPTOPP_INLINE void TR83(W& x, W& y, const W k) { y ^= x; y = rotrConstant<3>(y); @@ -59,7 +67,7 @@ inline void TR83(W& x, W& y, const W k) /// \param p input array /// \param k subkey array template -inline void SPECK_Encrypt(W c[2], const W p[2], const W k[R]) +CRYPTOPP_INLINE void SPECK_Encrypt(W c[2], const W p[2], const W k[R]) { c[0]=p[0]; c[1]=p[1]; @@ -75,7 +83,7 @@ inline void SPECK_Encrypt(W c[2], const W p[2], const W k[R]) /// \param c input array /// \param k subkey array template -inline void SPECK_Decrypt(W p[2], const W c[2], const W k[R]) +CRYPTOPP_INLINE void SPECK_Decrypt(W p[2], const W c[2], const W k[R]) { p[0]=c[0]; p[1]=c[1]; @@ -91,7 +99,7 @@ inline void SPECK_Decrypt(W p[2], const W c[2], const W k[R]) /// \param key empty subkey array /// \param k user key array template -inline void SPECK_ExpandKey_2W(W key[R], const W k[2]) +CRYPTOPP_INLINE void SPECK_ExpandKey_2W(W key[R], const W k[2]) { CRYPTOPP_ASSERT(R==32); W i=0, B=k[0], A=k[1]; @@ -111,7 +119,7 @@ inline void SPECK_ExpandKey_2W(W key[R], const W k[2]) /// \param key empty subkey array /// \param k user key array template -inline void SPECK_ExpandKey_3W(W key[R], const W k[3]) +CRYPTOPP_INLINE void SPECK_ExpandKey_3W(W key[R], const W k[3]) { CRYPTOPP_ASSERT(R==33 || R==26); W i=0, C=k[0], B=k[1], A=k[2]; @@ -138,7 +146,7 @@ inline void SPECK_ExpandKey_3W(W key[R], const W k[3]) /// \param key empty subkey array /// \param k user key array template -inline void SPECK_ExpandKey_4W(W key[R], const W k[4]) +CRYPTOPP_INLINE void SPECK_ExpandKey_4W(W key[R], const W k[4]) { CRYPTOPP_ASSERT(R==34 || R==27); W i=0, D=k[0], C=k[1], B=k[2], A=k[3]; @@ -200,6 +208,45 @@ extern size_t SPECK128_Dec_AdvancedProcessBlocks_SSSE3(const word64* subKeys, si const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); #endif +#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) +extern size_t SPECK64_Enc_AdvancedProcessBlocks_ALTIVEC(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); + +extern size_t SPECK64_Dec_AdvancedProcessBlocks_ALTIVEC(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); +#endif + +#if defined(CRYPTOPP_POWER8_AVAILABLE) +extern size_t SPECK128_Enc_AdvancedProcessBlocks_POWER8(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); + +extern size_t SPECK128_Dec_AdvancedProcessBlocks_POWER8(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags); +#endif + +std::string SPECK64::Base::AlgorithmProvider() const +{ +#if (CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS) +# if (CRYPTOPP_SSE41_AVAILABLE) + if (HasSSE41()) + return "SSE4.1"; +# endif +# if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + return "NEON"; +# endif +# if (CRYPTOPP_POWER7_AVAILABLE) + if (HasPower7()) + return "Power7"; +# endif +# if (CRYPTOPP_ALTIVEC_AVAILABLE) + if (HasAltivec()) + return "Altivec"; +# endif +#endif + return "C++"; +} + void SPECK64::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms) { CRYPTOPP_ASSERT(keyLength == 12 || keyLength == 16); @@ -211,7 +258,7 @@ void SPECK64::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, m_wspace.New(4U); // Do the endian gyrations from the paper and align pointers - typedef GetBlock KeyBlock; + typedef GetBlock KeyBlock; KeyBlock kblk(userKey); switch (m_kwords) @@ -229,12 +276,18 @@ void SPECK64::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, default: CRYPTOPP_ASSERT(0);; } + + // Altivec loads the current subkey as a 16-byte vector + // The extra elements ensure memory backs the last subkey. +#if CRYPTOPP_ALTIVEC_AVAILABLE + m_rkeys.Grow(m_rkeys.size()+4); +#endif } void SPECK64::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const { // Do the endian gyrations from the paper and align pointers - typedef GetBlock InBlock; + typedef GetBlock InBlock; InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]); switch (m_rounds) @@ -250,14 +303,14 @@ void SPECK64::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, } // Do the endian gyrations from the paper and align pointers - typedef PutBlock OutBlock; + typedef PutBlock OutBlock; OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]); } void SPECK64::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const { // Do the endian gyrations from the paper and align pointers - typedef GetBlock InBlock; + typedef GetBlock InBlock; InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]); switch (m_rounds) @@ -273,12 +326,31 @@ void SPECK64::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, } // Do the endian gyrations from the paper and align pointers - typedef PutBlock OutBlock; + typedef PutBlock OutBlock; OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]); } /////////////////////////////////////////////////////////// +std::string SPECK128::Base::AlgorithmProvider() const +{ +#if (CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS) +# if (CRYPTOPP_SSSE3_AVAILABLE) + if (HasSSSE3()) + return "SSSE3"; +# endif +# if (CRYPTOPP_ARM_NEON_AVAILABLE) + if (HasNEON()) + return "NEON"; +# endif +# if (CRYPTOPP_POWER8_AVAILABLE) + if (HasPower8()) + return "Power8"; +# endif +#endif + return "C++"; +} + void SPECK128::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms) { CRYPTOPP_ASSERT(keyLength == 16 || keyLength == 24 || keyLength == 32); @@ -290,7 +362,7 @@ void SPECK128::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength m_wspace.New(4U); // Do the endian gyrations from the paper and align pointers - typedef GetBlock KeyBlock; + typedef GetBlock KeyBlock; KeyBlock kblk(userKey); switch (m_kwords) @@ -318,7 +390,7 @@ void SPECK128::Base::UncheckedSetKey(const byte *userKey, unsigned int keyLength void SPECK128::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const { // Do the endian gyrations from the paper and align pointers - typedef GetBlock InBlock; + typedef GetBlock InBlock; InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]); switch (m_rounds) @@ -337,14 +409,14 @@ void SPECK128::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock } // Do the endian gyrations from the paper and align pointers - typedef PutBlock OutBlock; + typedef PutBlock OutBlock; OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]); } void SPECK128::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const { // Do the endian gyrations from the paper and align pointers - typedef GetBlock InBlock; + typedef GetBlock InBlock; InBlock iblk(inBlock); iblk(m_wspace[1])(m_wspace[0]); switch (m_rounds) @@ -363,7 +435,7 @@ void SPECK128::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock } // Do the endian gyrations from the paper and align pointers - typedef PutBlock OutBlock; + typedef PutBlock OutBlock; OutBlock oblk(xorBlock, outBlock); oblk(m_wspace[3])(m_wspace[2]); } @@ -380,6 +452,11 @@ size_t SPECK64::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xor if (HasNEON()) return SPECK64_Enc_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds, inBlocks, xorBlocks, outBlocks, length, flags); +#endif +#if (CRYPTOPP_ALTIVEC_AVAILABLE) + if (HasAltivec()) + return SPECK64_Enc_AdvancedProcessBlocks_ALTIVEC(m_rkeys, (size_t)m_rounds, + inBlocks, xorBlocks, outBlocks, length, flags); #endif return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); } @@ -396,6 +473,11 @@ size_t SPECK64::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xor if (HasNEON()) return SPECK64_Dec_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds, inBlocks, xorBlocks, outBlocks, length, flags); +#endif +#if (CRYPTOPP_ALTIVEC_AVAILABLE) + if (HasAltivec()) + return SPECK64_Dec_AdvancedProcessBlocks_ALTIVEC(m_rkeys, (size_t)m_rounds, + inBlocks, xorBlocks, outBlocks, length, flags); #endif return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); } @@ -414,6 +496,11 @@ size_t SPECK128::Enc::AdvancedProcessBlocks(const byte *inBlocks, const byte *xo if (HasNEON()) return SPECK128_Enc_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds, inBlocks, xorBlocks, outBlocks, length, flags); +#endif +#if (CRYPTOPP_POWER8_AVAILABLE) + if (HasPower8()) + return SPECK128_Enc_AdvancedProcessBlocks_POWER8(m_rkeys, (size_t)m_rounds, + inBlocks, xorBlocks, outBlocks, length, flags); #endif return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); } @@ -430,6 +517,11 @@ size_t SPECK128::Dec::AdvancedProcessBlocks(const byte *inBlocks, const byte *xo if (HasNEON()) return SPECK128_Dec_AdvancedProcessBlocks_NEON(m_rkeys, (size_t)m_rounds, inBlocks, xorBlocks, outBlocks, length, flags); +#endif +#if (CRYPTOPP_POWER8_AVAILABLE) + if (HasPower8()) + return SPECK128_Dec_AdvancedProcessBlocks_POWER8(m_rkeys, (size_t)m_rounds, + inBlocks, xorBlocks, outBlocks, length, flags); #endif return BlockTransformation::AdvancedProcessBlocks(inBlocks, xorBlocks, outBlocks, length, flags); } diff --git a/vendor/cryptopp/vendor_cryptopp/speck.h b/vendor/cryptopp/vendor_cryptopp/speck.h index e0c4051f..09fb26ee 100644 --- a/vendor/cryptopp/vendor_cryptopp/speck.h +++ b/vendor/cryptopp/vendor_cryptopp/speck.h @@ -17,14 +17,25 @@ #include "seckey.h" #include "secblock.h" -#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64 +#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || \ + CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8 || \ + CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64 # define CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS 1 #endif -#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64 +#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 || \ + CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8 || \ + CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64 # define CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS 1 #endif +// Yet another SunStudio/SunCC workaround. Failed self tests +// in SSE code paths on i386 for SunStudio 12.3 and below. +#if defined(__SUNPRO_CC) && (__SUNPRO_CC <= 0x5120) +# undef CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS +# undef CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS +#endif + NAMESPACE_BEGIN(CryptoPP) /// \brief SPECK block cipher information @@ -36,6 +47,10 @@ NAMESPACE_BEGIN(CryptoPP) template struct SPECK_Info : public FixedBlockSize, VariableKeyLength { + /// \brief The algorithm name + /// \returns the algorithm name + /// \details StaticAlgorithmName returns the algorithm's name as a static + /// member function. static const std::string StaticAlgorithmName() { // Format is Cipher-Blocksize(Keylength) @@ -79,35 +94,41 @@ public: class CRYPTOPP_NO_VTABLE Base : protected SPECK_Base, public BlockCipherImpl > { public: + /// \brief The algorithm name + /// \returns the algorithm name + /// \details AlgorithmName returns the algorithm's name as a + /// member function. std::string AlgorithmName() const { return StaticAlgorithmName() + (m_kwords == 0 ? "" : "(" + IntToString(m_kwords*sizeof(word32)*8) + ")"); } + std::string AlgorithmProvider() const; + protected: void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Enc provides implementation for encryption transformation. All key /// sizes are supported. /// \since Crypto++ 6.0 class CRYPTOPP_NO_VTABLE Enc : public Base { - protected: + public: void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; #if CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; #endif }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Dec provides implementation for decryption transformation. All key /// sizes are supported. /// \since Crypto++ 6.0 class CRYPTOPP_NO_VTABLE Dec : public Base { - protected: + public: void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; #if CRYPTOPP_SPECK64_ADVANCED_PROCESS_BLOCKS size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; @@ -136,35 +157,41 @@ public: class CRYPTOPP_NO_VTABLE Base : protected SPECK_Base, public BlockCipherImpl > { public: + /// \brief The algorithm name + /// \returns the algorithm name + /// \details AlgorithmName returns the algorithm's name as a + /// member function. std::string AlgorithmName() const { return StaticAlgorithmName() + (m_kwords == 0 ? "" : "(" + IntToString(m_kwords*sizeof(word64)*8) + ")"); } + std::string AlgorithmProvider() const; + protected: void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Enc provides implementation for encryption transformation. All key /// sizes are supported. /// \since Crypto++ 6.0 class CRYPTOPP_NO_VTABLE Enc : public Base { - protected: + public: void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; #if CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; #endif }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Dec provides implementation for decryption transformation. All key /// sizes are supported. /// \since Crypto++ 6.0 class CRYPTOPP_NO_VTABLE Dec : public Base { - protected: + public: void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; #if CRYPTOPP_SPECK128_ADVANCED_PROCESS_BLOCKS size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; diff --git a/vendor/cryptopp/vendor_cryptopp/speck128_simd.cpp b/vendor/cryptopp/vendor_cryptopp/speck128_simd.cpp new file mode 100644 index 00000000..e42f62f5 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/speck128_simd.cpp @@ -0,0 +1,750 @@ +// speck128_simd.cpp - written and placed in the public domain by Jeffrey Walton +// +// This source file uses intrinsics and built-ins to gain access to +// SSSE3, ARM NEON and ARMv8a, and Power7 Altivec instructions. A separate +// source file is needed because additional CXXFLAGS are required to enable +// the appropriate instructions sets in some build configurations. + +#include "pch.h" +#include "config.h" + +#include "speck.h" +#include "misc.h" +#include "adv_simd.h" + +// Uncomment for benchmarking C++ against SSE or NEON. +// Do so in both speck.cpp and speck-simd.cpp. +// #undef CRYPTOPP_SSSE3_AVAILABLE +// #undef CRYPTOPP_ARM_NEON_AVAILABLE + +#if (CRYPTOPP_SSSE3_AVAILABLE) +# include +# include +#endif + +#if defined(__XOP__) +# include +#endif + +#if defined(__AVX512F__) && defined(__AVX512VL__) +# define CRYPTOPP_AVX512_ROTATE 1 +# include +#endif + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +# include +#endif + +// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many +// compilers don't follow ACLE conventions for the include. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +# include +#endif + +#if defined(CRYPTOPP_POWER8_AVAILABLE) +# include "ppc_simd.h" +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char SPECK128_SIMD_FNAME[] = __FILE__; + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::word64; + +// *************************** ARM NEON ************************** // + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + +template +inline T UnpackHigh64(const T& a, const T& b) +{ + const uint64x1_t x(vget_high_u64((uint64x2_t)a)); + const uint64x1_t y(vget_high_u64((uint64x2_t)b)); + return (T)vcombine_u64(x, y); +} + +template +inline T UnpackLow64(const T& a, const T& b) +{ + const uint64x1_t x(vget_low_u64((uint64x2_t)a)); + const uint64x1_t y(vget_low_u64((uint64x2_t)b)); + return (T)vcombine_u64(x, y); +} + +template +inline uint64x2_t RotateLeft64(const uint64x2_t& val) +{ + const uint64x2_t a(vshlq_n_u64(val, R)); + const uint64x2_t b(vshrq_n_u64(val, 64 - R)); + return vorrq_u64(a, b); +} + +template +inline uint64x2_t RotateRight64(const uint64x2_t& val) +{ + const uint64x2_t a(vshlq_n_u64(val, 64 - R)); + const uint64x2_t b(vshrq_n_u64(val, R)); + return vorrq_u64(a, b); +} + +#if defined(__aarch32__) || defined(__aarch64__) +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +inline uint64x2_t RotateLeft64<8>(const uint64x2_t& val) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8_t maskb[16] = { 14,13,12,11, 10,9,8,15, 6,5,4,3, 2,1,0,7 }; + const uint8x16_t mask = vld1q_u8(maskb); +#else + const uint8_t maskb[16] = { 7,0,1,2, 3,4,5,6, 15,8,9,10, 11,12,13,14 }; + const uint8x16_t mask = vld1q_u8(maskb); +#endif + + return vreinterpretq_u64_u8( + vqtbl1q_u8(vreinterpretq_u8_u64(val), mask)); +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +inline uint64x2_t RotateRight64<8>(const uint64x2_t& val) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8_t maskb[16] = { 8,15,14,13, 12,11,10,9, 0,7,6,5, 4,3,2,1 }; + const uint8x16_t mask = vld1q_u8(maskb); +#else + const uint8_t maskb[16] = { 1,2,3,4, 5,6,7,0, 9,10,11,12, 13,14,15,8 }; + const uint8x16_t mask = vld1q_u8(maskb); +#endif + + return vreinterpretq_u64_u8( + vqtbl1q_u8(vreinterpretq_u8_u64(val), mask)); +} +#endif + +inline void SPECK128_Enc_Block(uint64x2_t &block0, uint64x2_t &block1, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_t x1 = UnpackHigh64(block0, block1); + uint64x2_t y1 = UnpackLow64(block0, block1); + + for (int i=0; i < static_cast(rounds); ++i) + { + const uint64x2_t rk = vld1q_dup_u64(subkeys+i); + + x1 = RotateRight64<8>(x1); + x1 = vaddq_u64(x1, y1); + x1 = veorq_u64(x1, rk); + y1 = RotateLeft64<3>(y1); + y1 = veorq_u64(y1, x1); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = UnpackLow64(y1, x1); + block1 = UnpackHigh64(y1, x1); +} + +inline void SPECK128_Enc_6_Blocks(uint64x2_t &block0, uint64x2_t &block1, + uint64x2_t &block2, uint64x2_t &block3, uint64x2_t &block4, uint64x2_t &block5, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_t x1 = UnpackHigh64(block0, block1); + uint64x2_t y1 = UnpackLow64(block0, block1); + uint64x2_t x2 = UnpackHigh64(block2, block3); + uint64x2_t y2 = UnpackLow64(block2, block3); + uint64x2_t x3 = UnpackHigh64(block4, block5); + uint64x2_t y3 = UnpackLow64(block4, block5); + + for (int i=0; i < static_cast(rounds); ++i) + { + const uint64x2_t rk = vld1q_dup_u64(subkeys+i); + + x1 = RotateRight64<8>(x1); + x2 = RotateRight64<8>(x2); + x3 = RotateRight64<8>(x3); + x1 = vaddq_u64(x1, y1); + x2 = vaddq_u64(x2, y2); + x3 = vaddq_u64(x3, y3); + x1 = veorq_u64(x1, rk); + x2 = veorq_u64(x2, rk); + x3 = veorq_u64(x3, rk); + y1 = RotateLeft64<3>(y1); + y2 = RotateLeft64<3>(y2); + y3 = RotateLeft64<3>(y3); + y1 = veorq_u64(y1, x1); + y2 = veorq_u64(y2, x2); + y3 = veorq_u64(y3, x3); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = UnpackLow64(y1, x1); + block1 = UnpackHigh64(y1, x1); + block2 = UnpackLow64(y2, x2); + block3 = UnpackHigh64(y2, x2); + block4 = UnpackLow64(y3, x3); + block5 = UnpackHigh64(y3, x3); +} + +inline void SPECK128_Dec_Block(uint64x2_t &block0, uint64x2_t &block1, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_t x1 = UnpackHigh64(block0, block1); + uint64x2_t y1 = UnpackLow64(block0, block1); + + for (int i = static_cast(rounds-1); i >= 0; --i) + { + const uint64x2_t rk = vld1q_dup_u64(subkeys+i); + + y1 = veorq_u64(y1, x1); + y1 = RotateRight64<3>(y1); + x1 = veorq_u64(x1, rk); + x1 = vsubq_u64(x1, y1); + x1 = RotateLeft64<8>(x1); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = UnpackLow64(y1, x1); + block1 = UnpackHigh64(y1, x1); +} + +inline void SPECK128_Dec_6_Blocks(uint64x2_t &block0, uint64x2_t &block1, + uint64x2_t &block2, uint64x2_t &block3, uint64x2_t &block4, uint64x2_t &block5, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_t x1 = UnpackHigh64(block0, block1); + uint64x2_t y1 = UnpackLow64(block0, block1); + uint64x2_t x2 = UnpackHigh64(block2, block3); + uint64x2_t y2 = UnpackLow64(block2, block3); + uint64x2_t x3 = UnpackHigh64(block4, block5); + uint64x2_t y3 = UnpackLow64(block4, block5); + + for (int i = static_cast(rounds-1); i >= 0; --i) + { + const uint64x2_t rk = vld1q_dup_u64(subkeys+i); + + y1 = veorq_u64(y1, x1); + y2 = veorq_u64(y2, x2); + y3 = veorq_u64(y3, x3); + y1 = RotateRight64<3>(y1); + y2 = RotateRight64<3>(y2); + y3 = RotateRight64<3>(y3); + x1 = veorq_u64(x1, rk); + x2 = veorq_u64(x2, rk); + x3 = veorq_u64(x3, rk); + x1 = vsubq_u64(x1, y1); + x2 = vsubq_u64(x2, y2); + x3 = vsubq_u64(x3, y3); + x1 = RotateLeft64<8>(x1); + x2 = RotateLeft64<8>(x2); + x3 = RotateLeft64<8>(x3); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = UnpackLow64(y1, x1); + block1 = UnpackHigh64(y1, x1); + block2 = UnpackLow64(y2, x2); + block3 = UnpackHigh64(y2, x2); + block4 = UnpackLow64(y3, x3); + block5 = UnpackHigh64(y3, x3); +} + +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +// ***************************** IA-32 ***************************** // + +#if defined(CRYPTOPP_SSSE3_AVAILABLE) + +// Clang __m128i casts, http://bugs.llvm.org/show_bug.cgi?id=20670 +#ifndef M128_CAST +# define M128_CAST(x) ((__m128i *)(void *)(x)) +#endif +#ifndef CONST_M128_CAST +# define CONST_M128_CAST(x) ((const __m128i *)(const void *)(x)) +#endif + +// GCC double casts, https://www.spinics.net/lists/gcchelp/msg47735.html +#ifndef DOUBLE_CAST +# define DOUBLE_CAST(x) ((double *)(void *)(x)) +#endif +#ifndef CONST_DOUBLE_CAST +# define CONST_DOUBLE_CAST(x) ((const double *)(const void *)(x)) +#endif + +template +inline __m128i RotateLeft64(const __m128i& val) +{ +#if defined(CRYPTOPP_AVX512_ROTATE) + return _mm_rol_epi64(val, R); +#elif defined(__XOP__) + return _mm_roti_epi64(val, R); +#else + return _mm_or_si128( + _mm_slli_epi64(val, R), _mm_srli_epi64(val, 64-R)); +#endif +} + +template +inline __m128i RotateRight64(const __m128i& val) +{ +#if defined(CRYPTOPP_AVX512_ROTATE) + return _mm_ror_epi64(val, R); +#elif defined(__XOP__) + return _mm_roti_epi64(val, 64-R); +#else + return _mm_or_si128( + _mm_slli_epi64(val, 64-R), _mm_srli_epi64(val, R)); +#endif +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +__m128i RotateLeft64<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi64(val, 8); +#else + const __m128i mask = _mm_set_epi8(14,13,12,11, 10,9,8,15, 6,5,4,3, 2,1,0,7); + return _mm_shuffle_epi8(val, mask); +#endif +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +__m128i RotateRight64<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi64(val, 64-8); +#else + const __m128i mask = _mm_set_epi8(8,15,14,13, 12,11,10,9, 0,7,6,5, 4,3,2,1); + return _mm_shuffle_epi8(val, mask); +#endif +} + +inline void SPECK128_Enc_Block(__m128i &block0, __m128i &block1, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + __m128i x1 = _mm_unpackhi_epi64(block0, block1); + __m128i y1 = _mm_unpacklo_epi64(block0, block1); + + for (int i=0; i < static_cast(rounds); ++i) + { + const __m128i rk = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i))); + + x1 = RotateRight64<8>(x1); + x1 = _mm_add_epi64(x1, y1); + x1 = _mm_xor_si128(x1, rk); + y1 = RotateLeft64<3>(y1); + y1 = _mm_xor_si128(y1, x1); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = _mm_unpacklo_epi64(y1, x1); + block1 = _mm_unpackhi_epi64(y1, x1); +} + +inline void SPECK128_Enc_6_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + __m128i x1 = _mm_unpackhi_epi64(block0, block1); + __m128i y1 = _mm_unpacklo_epi64(block0, block1); + __m128i x2 = _mm_unpackhi_epi64(block2, block3); + __m128i y2 = _mm_unpacklo_epi64(block2, block3); + __m128i x3 = _mm_unpackhi_epi64(block4, block5); + __m128i y3 = _mm_unpacklo_epi64(block4, block5); + + for (int i=0; i < static_cast(rounds); ++i) + { + const __m128i rk = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i))); + + x1 = RotateRight64<8>(x1); + x2 = RotateRight64<8>(x2); + x3 = RotateRight64<8>(x3); + x1 = _mm_add_epi64(x1, y1); + x2 = _mm_add_epi64(x2, y2); + x3 = _mm_add_epi64(x3, y3); + x1 = _mm_xor_si128(x1, rk); + x2 = _mm_xor_si128(x2, rk); + x3 = _mm_xor_si128(x3, rk); + y1 = RotateLeft64<3>(y1); + y2 = RotateLeft64<3>(y2); + y3 = RotateLeft64<3>(y3); + y1 = _mm_xor_si128(y1, x1); + y2 = _mm_xor_si128(y2, x2); + y3 = _mm_xor_si128(y3, x3); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = _mm_unpacklo_epi64(y1, x1); + block1 = _mm_unpackhi_epi64(y1, x1); + block2 = _mm_unpacklo_epi64(y2, x2); + block3 = _mm_unpackhi_epi64(y2, x2); + block4 = _mm_unpacklo_epi64(y3, x3); + block5 = _mm_unpackhi_epi64(y3, x3); +} + +inline void SPECK128_Dec_Block(__m128i &block0, __m128i &block1, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + __m128i x1 = _mm_unpackhi_epi64(block0, block1); + __m128i y1 = _mm_unpacklo_epi64(block0, block1); + + for (int i = static_cast(rounds-1); i >= 0; --i) + { + const __m128i rk = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i))); + + y1 = _mm_xor_si128(y1, x1); + y1 = RotateRight64<3>(y1); + x1 = _mm_xor_si128(x1, rk); + x1 = _mm_sub_epi64(x1, y1); + x1 = RotateLeft64<8>(x1); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = _mm_unpacklo_epi64(y1, x1); + block1 = _mm_unpackhi_epi64(y1, x1); +} + +inline void SPECK128_Dec_6_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, + const word64 *subkeys, unsigned int rounds) +{ + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + __m128i x1 = _mm_unpackhi_epi64(block0, block1); + __m128i y1 = _mm_unpacklo_epi64(block0, block1); + __m128i x2 = _mm_unpackhi_epi64(block2, block3); + __m128i y2 = _mm_unpacklo_epi64(block2, block3); + __m128i x3 = _mm_unpackhi_epi64(block4, block5); + __m128i y3 = _mm_unpacklo_epi64(block4, block5); + + for (int i = static_cast(rounds-1); i >= 0; --i) + { + const __m128i rk = _mm_castpd_si128( + _mm_loaddup_pd(CONST_DOUBLE_CAST(subkeys+i))); + + y1 = _mm_xor_si128(y1, x1); + y2 = _mm_xor_si128(y2, x2); + y3 = _mm_xor_si128(y3, x3); + y1 = RotateRight64<3>(y1); + y2 = RotateRight64<3>(y2); + y3 = RotateRight64<3>(y3); + x1 = _mm_xor_si128(x1, rk); + x2 = _mm_xor_si128(x2, rk); + x3 = _mm_xor_si128(x3, rk); + x1 = _mm_sub_epi64(x1, y1); + x2 = _mm_sub_epi64(x2, y2); + x3 = _mm_sub_epi64(x3, y3); + x1 = RotateLeft64<8>(x1); + x2 = RotateLeft64<8>(x2); + x3 = RotateLeft64<8>(x3); + } + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = _mm_unpacklo_epi64(y1, x1); + block1 = _mm_unpackhi_epi64(y1, x1); + block2 = _mm_unpacklo_epi64(y2, x2); + block3 = _mm_unpackhi_epi64(y2, x2); + block4 = _mm_unpacklo_epi64(y3, x3); + block5 = _mm_unpackhi_epi64(y3, x3); +} + +#endif // CRYPTOPP_SSSE3_AVAILABLE + +// ***************************** Power8 ***************************** // + +#if defined(CRYPTOPP_POWER8_AVAILABLE) + +using CryptoPP::uint8x16_p; +using CryptoPP::uint32x4_p; +using CryptoPP::uint64x2_p; + +using CryptoPP::VecAdd; +using CryptoPP::VecSub; +using CryptoPP::VecXor; +using CryptoPP::VecPermute; + +// Rotate left by bit count +template +inline uint64x2_p RotateLeft64(const uint64x2_p val) +{ + const uint64x2_p m = {C, C}; + return vec_rl(val, m); +} + +// Rotate right by bit count +template +inline uint64x2_p RotateRight64(const uint64x2_p val) +{ + const uint64x2_p m = {64-C, 64-C}; + return vec_rl(val, m); +} + +void SPECK128_Enc_Block(uint32x4_p &block, const word64 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + const uint8x16_p m2 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m1 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + const uint8x16_p m2 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_p x1 = (uint64x2_p)VecPermute(block, block, m1); + uint64x2_p y1 = (uint64x2_p)VecPermute(block, block, m2); + + for (int i=0; i < static_cast(rounds); ++i) + { + const uint64x2_p rk = vec_splats((unsigned long long)subkeys[i]); + + x1 = RotateRight64<8>(x1); + x1 = VecAdd(x1, y1); + x1 = VecXor(x1, rk); + + y1 = RotateLeft64<3>(y1); + y1 = VecXor(y1, x1); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + //const uint8x16_p m4 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m3 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + //const uint8x16_p m4 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block = (uint32x4_p)VecPermute(x1, y1, m3); +} + +void SPECK128_Dec_Block(uint32x4_p &block, const word64 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + const uint8x16_p m2 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m1 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + const uint8x16_p m2 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_p x1 = (uint64x2_p)VecPermute(block, block, m1); + uint64x2_p y1 = (uint64x2_p)VecPermute(block, block, m2); + + for (int i = static_cast(rounds-1); i >= 0; --i) + { + const uint64x2_p rk = vec_splats((unsigned long long)subkeys[i]); + + y1 = VecXor(y1, x1); + y1 = RotateRight64<3>(y1); + x1 = VecXor(x1, rk); + x1 = VecSub(x1, y1); + x1 = RotateLeft64<8>(x1); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + //const uint8x16_p m4 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m3 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + //const uint8x16_p m4 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block = (uint32x4_p)VecPermute(x1, y1, m3); +} + +void SPECK128_Enc_6_Blocks(uint32x4_p &block0, uint32x4_p &block1, + uint32x4_p &block2, uint32x4_p &block3, uint32x4_p &block4, + uint32x4_p &block5, const word64 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + const uint8x16_p m2 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m1 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + const uint8x16_p m2 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_p x1 = (uint64x2_p)VecPermute(block0, block1, m1); + uint64x2_p y1 = (uint64x2_p)VecPermute(block0, block1, m2); + uint64x2_p x2 = (uint64x2_p)VecPermute(block2, block3, m1); + uint64x2_p y2 = (uint64x2_p)VecPermute(block2, block3, m2); + uint64x2_p x3 = (uint64x2_p)VecPermute(block4, block5, m1); + uint64x2_p y3 = (uint64x2_p)VecPermute(block4, block5, m2); + + for (int i=0; i < static_cast(rounds); ++i) + { + const uint64x2_p rk = vec_splats((unsigned long long)subkeys[i]); + + x1 = RotateRight64<8>(x1); + x2 = RotateRight64<8>(x2); + x3 = RotateRight64<8>(x3); + x1 = VecAdd(x1, y1); + x2 = VecAdd(x2, y2); + x3 = VecAdd(x3, y3); + x1 = VecXor(x1, rk); + x2 = VecXor(x2, rk); + x3 = VecXor(x3, rk); + + y1 = RotateLeft64<3>(y1); + y2 = RotateLeft64<3>(y2); + y3 = RotateLeft64<3>(y3); + y1 = VecXor(y1, x1); + y2 = VecXor(y2, x2); + y3 = VecXor(y3, x3); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + const uint8x16_p m4 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m3 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + const uint8x16_p m4 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = (uint32x4_p)VecPermute(x1, y1, m3); + block1 = (uint32x4_p)VecPermute(x1, y1, m4); + block2 = (uint32x4_p)VecPermute(x2, y2, m3); + block3 = (uint32x4_p)VecPermute(x2, y2, m4); + block4 = (uint32x4_p)VecPermute(x3, y3, m3); + block5 = (uint32x4_p)VecPermute(x3, y3, m4); +} + +void SPECK128_Dec_6_Blocks(uint32x4_p &block0, uint32x4_p &block1, + uint32x4_p &block2, uint32x4_p &block3, uint32x4_p &block4, + uint32x4_p &block5, const word64 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + const uint8x16_p m2 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m1 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + const uint8x16_p m2 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 A2][B1 B2] ... => [A1 B1][A2 B2] ... + uint64x2_p x1 = (uint64x2_p)VecPermute(block0, block1, m1); + uint64x2_p y1 = (uint64x2_p)VecPermute(block0, block1, m2); + uint64x2_p x2 = (uint64x2_p)VecPermute(block2, block3, m1); + uint64x2_p y2 = (uint64x2_p)VecPermute(block2, block3, m2); + uint64x2_p x3 = (uint64x2_p)VecPermute(block4, block5, m1); + uint64x2_p y3 = (uint64x2_p)VecPermute(block4, block5, m2); + + for (int i = static_cast(rounds-1); i >= 0; --i) + { + const uint64x2_p rk = vec_splats((unsigned long long)subkeys[i]); + + y1 = VecXor(y1, x1); + y2 = VecXor(y2, x2); + y3 = VecXor(y3, x3); + y1 = RotateRight64<3>(y1); + y2 = RotateRight64<3>(y2); + y3 = RotateRight64<3>(y3); + + x1 = VecXor(x1, rk); + x2 = VecXor(x2, rk); + x3 = VecXor(x3, rk); + x1 = VecSub(x1, y1); + x2 = VecSub(x2, y2); + x3 = VecSub(x3, y3); + x1 = RotateLeft64<8>(x1); + x2 = RotateLeft64<8>(x2); + x3 = RotateLeft64<8>(x3); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {31,30,29,28,27,26,25,24, 15,14,13,12,11,10,9,8}; + const uint8x16_p m4 = {23,22,21,20,19,18,17,16, 7,6,5,4,3,2,1,0}; +#else + const uint8x16_p m3 = {7,6,5,4,3,2,1,0, 23,22,21,20,19,18,17,16}; + const uint8x16_p m4 = {15,14,13,12,11,10,9,8, 31,30,29,28,27,26,25,24}; +#endif + + // [A1 B1][A2 B2] ... => [A1 A2][B1 B2] ... + block0 = (uint32x4_p)VecPermute(x1, y1, m3); + block1 = (uint32x4_p)VecPermute(x1, y1, m4); + block2 = (uint32x4_p)VecPermute(x2, y2, m3); + block3 = (uint32x4_p)VecPermute(x2, y2, m4); + block4 = (uint32x4_p)VecPermute(x3, y3, m3); + block5 = (uint32x4_p)VecPermute(x3, y3, m4); +} + +#endif // CRYPTOPP_POWER8_AVAILABLE + +ANONYMOUS_NAMESPACE_END + +/////////////////////////////////////////////////////////////////////// + +NAMESPACE_BEGIN(CryptoPP) + +// *************************** ARM NEON **************************** // + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +size_t SPECK128_Enc_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_6x2_NEON(SPECK128_Enc_Block, SPECK128_Enc_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t SPECK128_Dec_AdvancedProcessBlocks_NEON(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_6x2_NEON(SPECK128_Dec_Block, SPECK128_Dec_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +// ***************************** IA-32 ***************************** // + +#if defined(CRYPTOPP_SSSE3_AVAILABLE) +size_t SPECK128_Enc_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_6x2_SSE(SPECK128_Enc_Block, SPECK128_Enc_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t SPECK128_Dec_AdvancedProcessBlocks_SSSE3(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_6x2_SSE(SPECK128_Dec_Block, SPECK128_Dec_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_SSSE3_AVAILABLE + +// ***************************** Power8 ***************************** // + +#if defined(CRYPTOPP_POWER8_AVAILABLE) +size_t SPECK128_Enc_AdvancedProcessBlocks_POWER8(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_6x1_ALTIVEC(SPECK128_Enc_Block, SPECK128_Enc_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t SPECK128_Dec_AdvancedProcessBlocks_POWER8(const word64* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks128_6x1_ALTIVEC(SPECK128_Dec_Block, SPECK128_Dec_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif // CRYPTOPP_POWER8_AVAILABLE + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/speck64_simd.cpp b/vendor/cryptopp/vendor_cryptopp/speck64_simd.cpp new file mode 100644 index 00000000..c8ee0604 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/speck64_simd.cpp @@ -0,0 +1,794 @@ +// speck64_simd.cpp - written and placed in the public domain by Jeffrey Walton +// +// This source file uses intrinsics and built-ins to gain access to +// SSSE3, ARM NEON and ARMv8a, and Altivec instructions. A separate +// source file is needed because additional CXXFLAGS are required to enable +// the appropriate instructions sets in some build configurations. + +#include "pch.h" +#include "config.h" + +#include "speck.h" +#include "misc.h" +#include "adv_simd.h" + +// Uncomment for benchmarking C++ against SSE or NEON. +// Do so in both speck.cpp and speck-simd.cpp. +// #undef CRYPTOPP_SSE41_AVAILABLE +// #undef CRYPTOPP_ARM_NEON_AVAILABLE + +#if (CRYPTOPP_SSSE3_AVAILABLE) +# include +# include +#endif + +#if (CRYPTOPP_SSE41_AVAILABLE) +# include +#endif + +#if defined(__XOP__) +# include +#endif + +#if defined(__AVX512F__) && defined(__AVX512VL__) +# define CRYPTOPP_AVX512_ROTATE 1 +# include +#endif + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +# include +#endif + +// Can't use CRYPTOPP_ARM_XXX_AVAILABLE because too many +// compilers don't follow ACLE conventions for the include. +#if (CRYPTOPP_ARM_ACLE_AVAILABLE) +# include +# include +#endif + +#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) +# include "ppc_simd.h" +#endif + +// Squash MS LNK4221 and libtool warnings +extern const char SPECK64_SIMD_FNAME[] = __FILE__; + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; +using CryptoPP::word32; +using CryptoPP::word64; + +// *************************** ARM NEON ************************** // + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) + +template +inline T UnpackHigh32(const T& a, const T& b) +{ + const uint32x2_t x(vget_high_u32((uint32x4_t)a)); + const uint32x2_t y(vget_high_u32((uint32x4_t)b)); + const uint32x2x2_t r = vzip_u32(x, y); + return (T)vcombine_u32(r.val[0], r.val[1]); +} + +template +inline T UnpackLow32(const T& a, const T& b) +{ + const uint32x2_t x(vget_low_u32((uint32x4_t)a)); + const uint32x2_t y(vget_low_u32((uint32x4_t)b)); + const uint32x2x2_t r = vzip_u32(x, y); + return (T)vcombine_u32(r.val[0], r.val[1]); +} + +template +inline uint32x4_t RotateLeft32(const uint32x4_t& val) +{ + const uint32x4_t a(vshlq_n_u32(val, R)); + const uint32x4_t b(vshrq_n_u32(val, 32 - R)); + return vorrq_u32(a, b); +} + +template +inline uint32x4_t RotateRight32(const uint32x4_t& val) +{ + const uint32x4_t a(vshlq_n_u32(val, 32 - R)); + const uint32x4_t b(vshrq_n_u32(val, R)); + return vorrq_u32(a, b); +} + +#if defined(__aarch32__) || defined(__aarch64__) +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +inline uint32x4_t RotateLeft32<8>(const uint32x4_t& val) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8_t maskb[16] = { 14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3 }; + const uint8x16_t mask = vld1q_u8(maskb); +#else + const uint8_t maskb[16] = { 3,0,1,2, 7,4,5,6, 11,8,9,10, 15,12,13,14 }; + const uint8x16_t mask = vld1q_u8(maskb); +#endif + + return vreinterpretq_u32_u8( + vqtbl1q_u8(vreinterpretq_u8_u32(val), mask)); +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +inline uint32x4_t RotateRight32<8>(const uint32x4_t& val) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8_t maskb[16] = { 12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1 }; + const uint8x16_t mask = vld1q_u8(maskb); +#else + const uint8_t maskb[16] = { 1,2,3,0, 5,6,7,4, 9,10,11,8, 13,14,15,12 }; + const uint8x16_t mask = vld1q_u8(maskb); +#endif + + return vreinterpretq_u32_u8( + vqtbl1q_u8(vreinterpretq_u8_u32(val), mask)); +} +#endif // Aarch32 or Aarch64 + +inline void SPECK64_Enc_Block(uint32x4_t &block0, uint32x4_t &block1, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; + uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; + + for (int i=0; i < static_cast(rounds); ++i) + { + const uint32x4_t rk = vdupq_n_u32(subkeys[i]); + + x1 = RotateRight32<8>(x1); + x1 = vaddq_u32(x1, y1); + x1 = veorq_u32(x1, rk); + y1 = RotateLeft32<3>(y1); + y1 = veorq_u32(y1, x1); + } + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = UnpackLow32(y1, x1); + block1 = UnpackHigh32(y1, x1); +} + +inline void SPECK64_Dec_Block(uint32x4_t &block0, uint32x4_t &block1, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; + uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; + + for (int i = static_cast(rounds-1); i >= 0; --i) + { + const uint32x4_t rk = vdupq_n_u32(subkeys[i]); + + y1 = veorq_u32(y1, x1); + y1 = RotateRight32<3>(y1); + x1 = veorq_u32(x1, rk); + x1 = vsubq_u32(x1, y1); + x1 = RotateLeft32<8>(x1); + } + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = UnpackLow32(y1, x1); + block1 = UnpackHigh32(y1, x1); +} + +inline void SPECK64_Enc_6_Blocks(uint32x4_t &block0, uint32x4_t &block1, + uint32x4_t &block2, uint32x4_t &block3, uint32x4_t &block4, uint32x4_t &block5, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; + uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; + uint32x4_t x2 = vuzpq_u32(block2, block3).val[1]; + uint32x4_t y2 = vuzpq_u32(block2, block3).val[0]; + uint32x4_t x3 = vuzpq_u32(block4, block5).val[1]; + uint32x4_t y3 = vuzpq_u32(block4, block5).val[0]; + + for (int i=0; i < static_cast(rounds); ++i) + { + const uint32x4_t rk = vdupq_n_u32(subkeys[i]); + + x1 = RotateRight32<8>(x1); + x2 = RotateRight32<8>(x2); + x3 = RotateRight32<8>(x3); + x1 = vaddq_u32(x1, y1); + x2 = vaddq_u32(x2, y2); + x3 = vaddq_u32(x3, y3); + x1 = veorq_u32(x1, rk); + x2 = veorq_u32(x2, rk); + x3 = veorq_u32(x3, rk); + y1 = RotateLeft32<3>(y1); + y2 = RotateLeft32<3>(y2); + y3 = RotateLeft32<3>(y3); + y1 = veorq_u32(y1, x1); + y2 = veorq_u32(y2, x2); + y3 = veorq_u32(y3, x3); + } + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = UnpackLow32(y1, x1); + block1 = UnpackHigh32(y1, x1); + block2 = UnpackLow32(y2, x2); + block3 = UnpackHigh32(y2, x2); + block4 = UnpackLow32(y3, x3); + block5 = UnpackHigh32(y3, x3); +} + +inline void SPECK64_Dec_6_Blocks(uint32x4_t &block0, uint32x4_t &block1, + uint32x4_t &block2, uint32x4_t &block3, uint32x4_t &block4, uint32x4_t &block5, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + uint32x4_t x1 = vuzpq_u32(block0, block1).val[1]; + uint32x4_t y1 = vuzpq_u32(block0, block1).val[0]; + uint32x4_t x2 = vuzpq_u32(block2, block3).val[1]; + uint32x4_t y2 = vuzpq_u32(block2, block3).val[0]; + uint32x4_t x3 = vuzpq_u32(block4, block5).val[1]; + uint32x4_t y3 = vuzpq_u32(block4, block5).val[0]; + + for (int i = static_cast(rounds-1); i >= 0; --i) + { + const uint32x4_t rk = vdupq_n_u32(subkeys[i]); + + y1 = veorq_u32(y1, x1); + y2 = veorq_u32(y2, x2); + y3 = veorq_u32(y3, x3); + y1 = RotateRight32<3>(y1); + y2 = RotateRight32<3>(y2); + y3 = RotateRight32<3>(y3); + x1 = veorq_u32(x1, rk); + x2 = veorq_u32(x2, rk); + x3 = veorq_u32(x3, rk); + x1 = vsubq_u32(x1, y1); + x2 = vsubq_u32(x2, y2); + x3 = vsubq_u32(x3, y3); + x1 = RotateLeft32<8>(x1); + x2 = RotateLeft32<8>(x2); + x3 = RotateLeft32<8>(x3); + } + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = UnpackLow32(y1, x1); + block1 = UnpackHigh32(y1, x1); + block2 = UnpackLow32(y2, x2); + block3 = UnpackHigh32(y2, x2); + block4 = UnpackLow32(y3, x3); + block5 = UnpackHigh32(y3, x3); +} + +#endif // CRYPTOPP_ARM_NEON_AVAILABLE + +// ***************************** IA-32 ***************************** // + +#if defined(CRYPTOPP_SSE41_AVAILABLE) + +template +inline __m128i RotateLeft32(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, R); +#else + return _mm_or_si128( + _mm_slli_epi32(val, R), _mm_srli_epi32(val, 32-R)); +#endif +} + +template +inline __m128i RotateRight32(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 32-R); +#else + return _mm_or_si128( + _mm_slli_epi32(val, 32-R), _mm_srli_epi32(val, R)); +#endif +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +__m128i RotateLeft32<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 8); +#else + const __m128i mask = _mm_set_epi8(14,13,12,15, 10,9,8,11, 6,5,4,7, 2,1,0,3); + return _mm_shuffle_epi8(val, mask); +#endif +} + +// Faster than two Shifts and an Or. Thanks to Louis Wingers and Bryan Weeks. +template <> +__m128i RotateRight32<8>(const __m128i& val) +{ +#if defined(__XOP__) + return _mm_roti_epi32(val, 32-8); +#else + const __m128i mask = _mm_set_epi8(12,15,14,13, 8,11,10,9, 4,7,6,5, 0,3,2,1); + return _mm_shuffle_epi8(val, mask); +#endif +} + +inline void SPECK64_Enc_Block(__m128i &block0, __m128i &block1, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + const __m128 t0 = _mm_castsi128_ps(block0); + const __m128 t1 = _mm_castsi128_ps(block1); + __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); + __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); + + for (int i=0; i < static_cast(rounds); ++i) + { + const __m128i rk = _mm_set1_epi32(subkeys[i]); + + x1 = RotateRight32<8>(x1); + x1 = _mm_add_epi32(x1, y1); + x1 = _mm_xor_si128(x1, rk); + y1 = RotateLeft32<3>(y1); + y1 = _mm_xor_si128(y1, x1); + } + + // The is roughly the SSE equivalent to ARM vzp32 + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = _mm_unpacklo_epi32(y1, x1); + block1 = _mm_unpackhi_epi32(y1, x1); +} + +inline void SPECK64_Dec_Block(__m128i &block0, __m128i &block1, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + const __m128 t0 = _mm_castsi128_ps(block0); + const __m128 t1 = _mm_castsi128_ps(block1); + __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); + __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); + + for (int i = static_cast(rounds-1); i >= 0; --i) + { + const __m128i rk = _mm_set1_epi32(subkeys[i]); + + y1 = _mm_xor_si128(y1, x1); + y1 = RotateRight32<3>(y1); + x1 = _mm_xor_si128(x1, rk); + x1 = _mm_sub_epi32(x1, y1); + x1 = RotateLeft32<8>(x1); + } + + // The is roughly the SSE equivalent to ARM vzp32 + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = _mm_unpacklo_epi32(y1, x1); + block1 = _mm_unpackhi_epi32(y1, x1); +} + +inline void SPECK64_Enc_6_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + const __m128 t0 = _mm_castsi128_ps(block0); + const __m128 t1 = _mm_castsi128_ps(block1); + __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); + __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); + + const __m128 t2 = _mm_castsi128_ps(block2); + const __m128 t3 = _mm_castsi128_ps(block3); + __m128i x2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(3,1,3,1))); + __m128i y2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(2,0,2,0))); + + const __m128 t4 = _mm_castsi128_ps(block4); + const __m128 t5 = _mm_castsi128_ps(block5); + __m128i x3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(3,1,3,1))); + __m128i y3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(2,0,2,0))); + + for (int i=0; i < static_cast(rounds); ++i) + { + const __m128i rk = _mm_set1_epi32(subkeys[i]); + + x1 = RotateRight32<8>(x1); + x2 = RotateRight32<8>(x2); + x3 = RotateRight32<8>(x3); + x1 = _mm_add_epi32(x1, y1); + x2 = _mm_add_epi32(x2, y2); + x3 = _mm_add_epi32(x3, y3); + x1 = _mm_xor_si128(x1, rk); + x2 = _mm_xor_si128(x2, rk); + x3 = _mm_xor_si128(x3, rk); + y1 = RotateLeft32<3>(y1); + y2 = RotateLeft32<3>(y2); + y3 = RotateLeft32<3>(y3); + y1 = _mm_xor_si128(y1, x1); + y2 = _mm_xor_si128(y2, x2); + y3 = _mm_xor_si128(y3, x3); + } + + // The is roughly the SSE equivalent to ARM vzp32 + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = _mm_unpacklo_epi32(y1, x1); + block1 = _mm_unpackhi_epi32(y1, x1); + block2 = _mm_unpacklo_epi32(y2, x2); + block3 = _mm_unpackhi_epi32(y2, x2); + block4 = _mm_unpacklo_epi32(y3, x3); + block5 = _mm_unpackhi_epi32(y3, x3); +} + +inline void SPECK64_Dec_6_Blocks(__m128i &block0, __m128i &block1, + __m128i &block2, __m128i &block3, __m128i &block4, __m128i &block5, + const word32 *subkeys, unsigned int rounds) +{ + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + const __m128 t0 = _mm_castsi128_ps(block0); + const __m128 t1 = _mm_castsi128_ps(block1); + __m128i x1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(3,1,3,1))); + __m128i y1 = _mm_castps_si128(_mm_shuffle_ps(t0, t1, _MM_SHUFFLE(2,0,2,0))); + + const __m128 t2 = _mm_castsi128_ps(block2); + const __m128 t3 = _mm_castsi128_ps(block3); + __m128i x2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(3,1,3,1))); + __m128i y2 = _mm_castps_si128(_mm_shuffle_ps(t2, t3, _MM_SHUFFLE(2,0,2,0))); + + const __m128 t4 = _mm_castsi128_ps(block4); + const __m128 t5 = _mm_castsi128_ps(block5); + __m128i x3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(3,1,3,1))); + __m128i y3 = _mm_castps_si128(_mm_shuffle_ps(t4, t5, _MM_SHUFFLE(2,0,2,0))); + + for (int i = static_cast(rounds-1); i >= 0; --i) + { + const __m128i rk = _mm_set1_epi32(subkeys[i]); + + y1 = _mm_xor_si128(y1, x1); + y2 = _mm_xor_si128(y2, x2); + y3 = _mm_xor_si128(y3, x3); + y1 = RotateRight32<3>(y1); + y2 = RotateRight32<3>(y2); + y3 = RotateRight32<3>(y3); + x1 = _mm_xor_si128(x1, rk); + x2 = _mm_xor_si128(x2, rk); + x3 = _mm_xor_si128(x3, rk); + x1 = _mm_sub_epi32(x1, y1); + x2 = _mm_sub_epi32(x2, y2); + x3 = _mm_sub_epi32(x3, y3); + x1 = RotateLeft32<8>(x1); + x2 = RotateLeft32<8>(x2); + x3 = RotateLeft32<8>(x3); + } + + // The is roughly the SSE equivalent to ARM vzp32 + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = _mm_unpacklo_epi32(y1, x1); + block1 = _mm_unpackhi_epi32(y1, x1); + block2 = _mm_unpacklo_epi32(y2, x2); + block3 = _mm_unpackhi_epi32(y2, x2); + block4 = _mm_unpacklo_epi32(y3, x3); + block5 = _mm_unpackhi_epi32(y3, x3); +} + +#endif // CRYPTOPP_SSE41_AVAILABLE + +// ***************************** Altivec ***************************** // + +#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) +using CryptoPP::uint8x16_p; +using CryptoPP::uint32x4_p; + +using CryptoPP::VecAdd; +using CryptoPP::VecSub; +using CryptoPP::VecXor; +using CryptoPP::VecLoad; +using CryptoPP::VecPermute; + +// Rotate left by bit count +template +inline uint32x4_p RotateLeft32(const uint32x4_p val) +{ + const uint32x4_p m = {C, C, C, C}; + return vec_rl(val, m); +} + +// Rotate right by bit count +template +inline uint32x4_p RotateRight32(const uint32x4_p val) +{ + const uint32x4_p m = {32-C, 32-C, 32-C, 32-C}; + return vec_rl(val, m); +} + +void SPECK64_Enc_Block(uint32x4_p &block0, uint32x4_p &block1, + const word32 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; + const uint8x16_p m2 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; +#else + const uint8x16_p m1 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; + const uint8x16_p m2 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; +#endif + + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + uint32x4_p x1 = VecPermute(block0, block1, m1); + uint32x4_p y1 = VecPermute(block0, block1, m2); + + for (int i=0; i < static_cast(rounds); ++i) + { +#if CRYPTOPP_POWER7_AVAILABLE + const uint32x4_p rk = vec_splats(subkeys[i]); +#else + // subkeys has extra elements so memory backs the last subkey + const uint8x16_p m = {0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3}; + uint32x4_p rk = VecLoad(subkeys+i); + rk = VecPermute(rk, rk, m); +#endif + + x1 = RotateRight32<8>(x1); + x1 = VecAdd(x1, y1); + x1 = VecXor(x1, rk); + + y1 = RotateLeft32<3>(y1); + y1 = VecXor(y1, x1); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {19,18,17,16, 3,2,1,0, 23,22,21,20, 7,6,5,4}; + const uint8x16_p m4 = {27,26,25,24, 11,10,9,8, 31,30,29,28, 15,14,13,12}; +#else + const uint8x16_p m3 = {3,2,1,0, 19,18,17,16, 7,6,5,4, 23,22,21,20}; + const uint8x16_p m4 = {11,10,9,8, 27,26,25,24, 15,14,13,12, 31,30,29,28}; +#endif + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = (uint32x4_p)VecPermute(x1, y1, m3); + block1 = (uint32x4_p)VecPermute(x1, y1, m4); +} + +void SPECK64_Dec_Block(uint32x4_p &block0, uint32x4_p &block1, + const word32 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; + const uint8x16_p m2 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; +#else + const uint8x16_p m1 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; + const uint8x16_p m2 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; +#endif + + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + uint32x4_p x1 = VecPermute(block0, block1, m1); + uint32x4_p y1 = VecPermute(block0, block1, m2); + + for (int i = static_cast(rounds-1); i >= 0; --i) + { +#if CRYPTOPP_POWER7_AVAILABLE + const uint32x4_p rk = vec_splats(subkeys[i]); +#else + // subkeys has extra elements so memory backs the last subkey + const uint8x16_p m = {0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3}; + uint32x4_p rk = VecLoad(subkeys+i); + rk = VecPermute(rk, rk, m); +#endif + + y1 = VecXor(y1, x1); + y1 = RotateRight32<3>(y1); + + x1 = VecXor(x1, rk); + x1 = VecSub(x1, y1); + x1 = RotateLeft32<8>(x1); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {19,18,17,16, 3,2,1,0, 23,22,21,20, 7,6,5,4}; + const uint8x16_p m4 = {27,26,25,24, 11,10,9,8, 31,30,29,28, 15,14,13,12}; +#else + const uint8x16_p m3 = {3,2,1,0, 19,18,17,16, 7,6,5,4, 23,22,21,20}; + const uint8x16_p m4 = {11,10,9,8, 27,26,25,24, 15,14,13,12, 31,30,29,28}; +#endif + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = (uint32x4_p)VecPermute(x1, y1, m3); + block1 = (uint32x4_p)VecPermute(x1, y1, m4); +} + +void SPECK64_Enc_6_Blocks(uint32x4_p &block0, uint32x4_p &block1, + uint32x4_p &block2, uint32x4_p &block3, uint32x4_p &block4, + uint32x4_p &block5, const word32 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; + const uint8x16_p m2 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; +#else + const uint8x16_p m1 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; + const uint8x16_p m2 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; +#endif + + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + uint32x4_p x1 = (uint32x4_p)VecPermute(block0, block1, m1); + uint32x4_p y1 = (uint32x4_p)VecPermute(block0, block1, m2); + uint32x4_p x2 = (uint32x4_p)VecPermute(block2, block3, m1); + uint32x4_p y2 = (uint32x4_p)VecPermute(block2, block3, m2); + uint32x4_p x3 = (uint32x4_p)VecPermute(block4, block5, m1); + uint32x4_p y3 = (uint32x4_p)VecPermute(block4, block5, m2); + + for (int i=0; i < static_cast(rounds); ++i) + { +#if CRYPTOPP_POWER7_AVAILABLE + const uint32x4_p rk = vec_splats(subkeys[i]); +#else + // subkeys has extra elements so memory backs the last subkey + const uint8x16_p m = {0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3}; + uint32x4_p rk = VecLoad(subkeys+i); + rk = VecPermute(rk, rk, m); +#endif + + x1 = RotateRight32<8>(x1); + x2 = RotateRight32<8>(x2); + x3 = RotateRight32<8>(x3); + + x1 = VecAdd(x1, y1); + x2 = VecAdd(x2, y2); + x3 = VecAdd(x3, y3); + + x1 = VecXor(x1, rk); + x2 = VecXor(x2, rk); + x3 = VecXor(x3, rk); + + y1 = RotateLeft32<3>(y1); + y2 = RotateLeft32<3>(y2); + y3 = RotateLeft32<3>(y3); + + y1 = VecXor(y1, x1); + y2 = VecXor(y2, x2); + y3 = VecXor(y3, x3); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {19,18,17,16, 3,2,1,0, 23,22,21,20, 7,6,5,4}; + const uint8x16_p m4 = {27,26,25,24, 11,10,9,8, 31,30,29,28, 15,14,13,12}; +#else + const uint8x16_p m3 = {3,2,1,0, 19,18,17,16, 7,6,5,4, 23,22,21,20}; + const uint8x16_p m4 = {11,10,9,8, 27,26,25,24, 15,14,13,12, 31,30,29,28}; +#endif + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = (uint32x4_p)VecPermute(x1, y1, m3); + block1 = (uint32x4_p)VecPermute(x1, y1, m4); + block2 = (uint32x4_p)VecPermute(x2, y2, m3); + block3 = (uint32x4_p)VecPermute(x2, y2, m4); + block4 = (uint32x4_p)VecPermute(x3, y3, m3); + block5 = (uint32x4_p)VecPermute(x3, y3, m4); +} + +void SPECK64_Dec_6_Blocks(uint32x4_p &block0, uint32x4_p &block1, + uint32x4_p &block2, uint32x4_p &block3, uint32x4_p &block4, + uint32x4_p &block5, const word32 *subkeys, unsigned int rounds) +{ +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m1 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; + const uint8x16_p m2 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; +#else + const uint8x16_p m1 = {3,2,1,0, 11,10,9,8, 19,18,17,16, 27,26,25,24}; + const uint8x16_p m2 = {7,6,5,4, 15,14,13,12, 23,22,21,20, 31,30,29,28}; +#endif + + // [A1 A2 A3 A4][B1 B2 B3 B4] ... => [A1 A3 B1 B3][A2 A4 B2 B4] ... + uint32x4_p x1 = (uint32x4_p)VecPermute(block0, block1, m1); + uint32x4_p y1 = (uint32x4_p)VecPermute(block0, block1, m2); + uint32x4_p x2 = (uint32x4_p)VecPermute(block2, block3, m1); + uint32x4_p y2 = (uint32x4_p)VecPermute(block2, block3, m2); + uint32x4_p x3 = (uint32x4_p)VecPermute(block4, block5, m1); + uint32x4_p y3 = (uint32x4_p)VecPermute(block4, block5, m2); + + for (int i = static_cast(rounds-1); i >= 0; --i) + { +#if CRYPTOPP_POWER7_AVAILABLE + const uint32x4_p rk = vec_splats(subkeys[i]); +#else + // subkeys has extra elements so memory backs the last subkey + const uint8x16_p m = {0,1,2,3, 0,1,2,3, 0,1,2,3, 0,1,2,3}; + uint32x4_p rk = VecLoad(subkeys+i); + rk = VecPermute(rk, rk, m); +#endif + + y1 = VecXor(y1, x1); + y2 = VecXor(y2, x2); + y3 = VecXor(y3, x3); + + y1 = RotateRight32<3>(y1); + y2 = RotateRight32<3>(y2); + y3 = RotateRight32<3>(y3); + + x1 = VecXor(x1, rk); + x2 = VecXor(x2, rk); + x3 = VecXor(x3, rk); + + x1 = VecSub(x1, y1); + x2 = VecSub(x2, y2); + x3 = VecSub(x3, y3); + + x1 = RotateLeft32<8>(x1); + x2 = RotateLeft32<8>(x2); + x3 = RotateLeft32<8>(x3); + } + +#if (CRYPTOPP_BIG_ENDIAN) + const uint8x16_p m3 = {19,18,17,16, 3,2,1,0, 23,22,21,20, 7,6,5,4}; + const uint8x16_p m4 = {27,26,25,24, 11,10,9,8, 31,30,29,28, 15,14,13,12}; +#else + const uint8x16_p m3 = {3,2,1,0, 19,18,17,16, 7,6,5,4, 23,22,21,20}; + const uint8x16_p m4 = {11,10,9,8, 27,26,25,24, 15,14,13,12, 31,30,29,28}; +#endif + + // [A1 A3 B1 B3][A2 A4 B2 B4] => [A1 A2 A3 A4][B1 B2 B3 B4] + block0 = (uint32x4_p)VecPermute(x1, y1, m3); + block1 = (uint32x4_p)VecPermute(x1, y1, m4); + block2 = (uint32x4_p)VecPermute(x2, y2, m3); + block3 = (uint32x4_p)VecPermute(x2, y2, m4); + block4 = (uint32x4_p)VecPermute(x3, y3, m3); + block5 = (uint32x4_p)VecPermute(x3, y3, m4); +} + +#endif // CRYPTOPP_ALTIVEC_AVAILABLE + +ANONYMOUS_NAMESPACE_END + +/////////////////////////////////////////////////////////////////////// + +NAMESPACE_BEGIN(CryptoPP) + +// *************************** ARM NEON **************************** // + +#if (CRYPTOPP_ARM_NEON_AVAILABLE) +size_t SPECK64_Enc_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_6x2_NEON(SPECK64_Enc_Block, SPECK64_Enc_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t SPECK64_Dec_AdvancedProcessBlocks_NEON(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_6x2_NEON(SPECK64_Dec_Block, SPECK64_Dec_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif + +// ***************************** IA-32 ***************************** // + +#if defined(CRYPTOPP_SSE41_AVAILABLE) +size_t SPECK64_Enc_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_6x2_SSE(SPECK64_Enc_Block, SPECK64_Enc_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t SPECK64_Dec_AdvancedProcessBlocks_SSE41(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_6x2_SSE(SPECK64_Dec_Block, SPECK64_Dec_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif + +// ***************************** Altivec ***************************** // + +#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) +size_t SPECK64_Enc_AdvancedProcessBlocks_ALTIVEC(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_6x2_ALTIVEC(SPECK64_Enc_Block, SPECK64_Enc_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} + +size_t SPECK64_Dec_AdvancedProcessBlocks_ALTIVEC(const word32* subKeys, size_t rounds, + const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) +{ + return AdvancedProcessBlocks64_6x2_ALTIVEC(SPECK64_Dec_Block, SPECK64_Dec_6_Blocks, + subKeys, rounds, inBlocks, xorBlocks, outBlocks, length, flags); +} +#endif + +NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/sse-simd.cpp b/vendor/cryptopp/vendor_cryptopp/sse_simd.cpp similarity index 86% rename from vendor/cryptopp/vendor_cryptopp/sse-simd.cpp rename to vendor/cryptopp/vendor_cryptopp/sse_simd.cpp index 7da3796a..bd4d59c2 100644 --- a/vendor/cryptopp/vendor_cryptopp/sse-simd.cpp +++ b/vendor/cryptopp/vendor_cryptopp/sse_simd.cpp @@ -1,4 +1,4 @@ -// sse-simd.cpp - written and placed in the public domain by +// sse_simd.cpp - written and placed in the public domain by // Jeffrey Walton, Uri Blumenthal and Marcel Raad. // // This source file uses intrinsics to gain access to SSE for CPU @@ -24,9 +24,14 @@ // Needed by SunCC and MSVC #if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) -# include +# if !defined(CRYPTOPP_NO_CPU_FEATURE_PROBES) && !CRYPTOPP_SSE2_ASM_AVAILABLE && CRYPTOPP_SSE2_INTRIN_AVAILABLE +# include +# endif #endif +// Squash MS LNK4221 and libtool warnings +extern const char SSE_SIMD_FNAME[] = __FILE__; + NAMESPACE_BEGIN(CryptoPP) #ifndef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY diff --git a/vendor/cryptopp/vendor_cryptopp/stdcpp.h b/vendor/cryptopp/vendor_cryptopp/stdcpp.h index 9eac8835..a13fd25b 100644 --- a/vendor/cryptopp/vendor_cryptopp/stdcpp.h +++ b/vendor/cryptopp/vendor_cryptopp/stdcpp.h @@ -32,6 +32,16 @@ namespace std { } #endif +// workaround needed for IBM XLC and debug heaps on AIX +#if defined(_AIX) && (defined(__xlc__) || defined(__xlC__) || defined(__ibmxl__)) +# if defined(__DEBUG_ALLOC__) +namespace std { + using ::_debug_memset; + using ::_debug_memcpy; +} +# endif +#endif + // make_unchecked_array_iterator #if _MSC_VER >= 1600 #include @@ -56,10 +66,18 @@ namespace std { #include // uintptr_t and ptrdiff_t -#if (__cplusplus < 201103L) && (!defined(_MSC_VER) || (_MSC_VER >= 1700)) +#if defined(__SUNPRO_CC) +# if (__SUNPRO_CC >= 0x5100) +# include +# endif +#elif defined(_MSC_VER) +# if (_MSC_VER >= 1700) +# include +# else +# include +# endif +#elif (__cplusplus < 201103L) # include -#elif defined(_MSC_VER) && (_MSC_VER < 1700) -# include #endif // workaround needed on Sun Studio 12u1 Sun C++ 5.10 SunOS_i386 128229-02 2009/09/21 @@ -73,4 +91,4 @@ namespace std { using std::log; #endif -#endif +#endif // CRYPTOPP_STDCPP_H diff --git a/vendor/cryptopp/vendor_cryptopp/strciphr.cpp b/vendor/cryptopp/vendor_cryptopp/strciphr.cpp index 6aae6318..1ccb0670 100644 --- a/vendor/cryptopp/vendor_cryptopp/strciphr.cpp +++ b/vendor/cryptopp/vendor_cryptopp/strciphr.cpp @@ -6,6 +6,11 @@ #include "strciphr.h" +// Squash MS LNK4221 and libtool warnings +#ifndef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES +extern const char STRCIPHER_FNAME[] = __FILE__; +#endif + NAMESPACE_BEGIN(CryptoPP) template @@ -30,26 +35,23 @@ void AdditiveCipherTemplate::GenerateBlock(byte *outString, size_t length) { if (m_leftOver > 0) { - size_t len = STDMIN(m_leftOver, length); - memcpy(outString, KeystreamBufferEnd()-m_leftOver, len); - length -= len; - m_leftOver -= len; - outString += len; + const size_t len = STDMIN(m_leftOver, length); + memcpy(outString, PtrSub(KeystreamBufferEnd(), m_leftOver), len); - if (!length) - return; + length -= len; m_leftOver -= len; + outString = PtrAdd(outString, len); + if (!length) {return;} } - CRYPTOPP_ASSERT(m_leftOver == 0); PolicyInterface &policy = this->AccessPolicy(); unsigned int bytesPerIteration = policy.GetBytesPerIteration(); if (length >= bytesPerIteration) { - size_t iterations = length / bytesPerIteration; + const size_t iterations = length / bytesPerIteration; policy.WriteKeystream(outString, iterations); - outString += iterations * bytesPerIteration; length -= iterations * bytesPerIteration; + outString = PtrAdd(outString, iterations * bytesPerIteration); } if (length > 0) @@ -57,8 +59,8 @@ void AdditiveCipherTemplate::GenerateBlock(byte *outString, size_t length) size_t bufferByteSize = RoundUpToMultipleOf(length, bytesPerIteration); size_t bufferIterations = bufferByteSize / bytesPerIteration; - policy.WriteKeystream(KeystreamBufferEnd()-bufferByteSize, bufferIterations); - memcpy(outString, KeystreamBufferEnd()-bufferByteSize, length); + policy.WriteKeystream(PtrSub(KeystreamBufferEnd(), bufferByteSize), bufferIterations); + memcpy(outString, PtrSub(KeystreamBufferEnd(), bufferByteSize), length); m_leftOver = bufferByteSize - length; } } @@ -68,35 +70,27 @@ void AdditiveCipherTemplate::ProcessData(byte *outString, const byte *inStrin { if (m_leftOver > 0) { - size_t len = STDMIN(m_leftOver, length); + const size_t len = STDMIN(m_leftOver, length); xorbuf(outString, inString, KeystreamBufferEnd()-m_leftOver, len); - length -= len; - m_leftOver -= len; - inString += len; - outString += len; - if (!length) - return; + length -= len; m_leftOver -= len; + inString = PtrAdd(inString, len); + outString = PtrAdd(outString, len); } - CRYPTOPP_ASSERT(m_leftOver == 0); PolicyInterface &policy = this->AccessPolicy(); unsigned int bytesPerIteration = policy.GetBytesPerIteration(); if (policy.CanOperateKeystream() && length >= bytesPerIteration) { - size_t iterations = length / bytesPerIteration; + const size_t iterations = length / bytesPerIteration; unsigned int alignment = policy.GetAlignment(); KeystreamOperation operation = KeystreamOperation((IsAlignedOn(inString, alignment) * 2) | (int)IsAlignedOn(outString, alignment)); - policy.OperateKeystream(operation, outString, inString, iterations); - inString += iterations * bytesPerIteration; - outString += iterations * bytesPerIteration; + inString = PtrAdd(inString, iterations * bytesPerIteration); + outString = PtrAdd(outString, iterations * bytesPerIteration); length -= iterations * bytesPerIteration; - - if (!length) - return; } size_t bufferByteSize = m_buffer.size(); @@ -106,9 +100,10 @@ void AdditiveCipherTemplate::ProcessData(byte *outString, const byte *inStrin { policy.WriteKeystream(m_buffer, bufferIterations); xorbuf(outString, inString, KeystreamBufferBegin(), bufferByteSize); + length -= bufferByteSize; - inString += bufferByteSize; - outString += bufferByteSize; + inString = PtrAdd(inString, bufferByteSize); + outString = PtrAdd(outString, bufferByteSize); } if (length > 0) @@ -116,8 +111,8 @@ void AdditiveCipherTemplate::ProcessData(byte *outString, const byte *inStrin bufferByteSize = RoundUpToMultipleOf(length, bytesPerIteration); bufferIterations = bufferByteSize / bytesPerIteration; - policy.WriteKeystream(KeystreamBufferEnd()-bufferByteSize, bufferIterations); - xorbuf(outString, inString, KeystreamBufferEnd()-bufferByteSize, length); + policy.WriteKeystream(PtrSub(KeystreamBufferEnd(), bufferByteSize), bufferIterations); + xorbuf(outString, inString, PtrSub(KeystreamBufferEnd(), bufferByteSize), length); m_leftOver = bufferByteSize - length; } } @@ -135,15 +130,15 @@ template void AdditiveCipherTemplate::Seek(lword position) { PolicyInterface &policy = this->AccessPolicy(); - unsigned int bytesPerIteration = policy.GetBytesPerIteration(); + word32 bytesPerIteration = policy.GetBytesPerIteration(); policy.SeekToIteration(position / bytesPerIteration); position %= bytesPerIteration; if (position > 0) { - policy.WriteKeystream(KeystreamBufferEnd()-bytesPerIteration, 1); - m_leftOver = bytesPerIteration - (unsigned int)position; + policy.WriteKeystream(PtrSub(KeystreamBufferEnd(), bytesPerIteration), 1); + m_leftOver = bytesPerIteration - static_cast(position); } else m_leftOver = 0; @@ -176,40 +171,74 @@ void CFB_CipherTemplate::Resynchronize(const byte *iv, int length) template void CFB_CipherTemplate::ProcessData(byte *outString, const byte *inString, size_t length) { + CRYPTOPP_ASSERT(outString); CRYPTOPP_ASSERT(inString); CRYPTOPP_ASSERT(length % this->MandatoryBlockSize() == 0); PolicyInterface &policy = this->AccessPolicy(); - unsigned int bytesPerIteration = policy.GetBytesPerIteration(); - unsigned int alignment = policy.GetAlignment(); + word32 bytesPerIteration = policy.GetBytesPerIteration(); byte *reg = policy.GetRegisterBegin(); if (m_leftOver) { - size_t len = STDMIN(m_leftOver, length); - CombineMessageAndShiftRegister(outString, reg + bytesPerIteration - m_leftOver, inString, len); - m_leftOver -= len; - length -= len; - inString += len; - outString += len; + const size_t len = STDMIN(m_leftOver, length); + CombineMessageAndShiftRegister(outString, PtrAdd(reg, bytesPerIteration - m_leftOver), inString, len); + + m_leftOver -= len; length -= len; + inString = PtrAdd(inString, len); + outString = PtrAdd(outString, len); } - if (!length) - return; + // TODO: Figure out what is happening on ARM A-32. x86, Aarch64 and PowerPC are OK. + // The issue surfaced for CFB mode when we cut-in Cryptogams AES ARMv7 asm. + // Using 'outString' for both input and output leads to incorrect results. + // + // Benchmarking on Cortex-A7 and Cortex-A9 indicates removing the block + // below costs about 9 cpb for CFB mode on ARM. + // + // Also see https://github.com/weidai11/cryptopp/issues/683. + // + // UPDATE: It appears the issue is related to alignment checks. When we made + // the alignment check result volatile GCC and Clang stopped short- + // circuiting the transform, which is what we wanted. I suspect + // there's a little more to the issue, but we can enable the block again. - CRYPTOPP_ASSERT(m_leftOver == 0); - - if (policy.CanIterate() && length >= bytesPerIteration && IsAlignedOn(outString, alignment)) + const unsigned int alignment = policy.GetAlignment(); + volatile bool isAligned = IsAlignedOn(outString, alignment); + if (policy.CanIterate() && length >= bytesPerIteration && isAligned) { - if (IsAlignedOn(inString, alignment)) - policy.Iterate(outString, inString, GetCipherDir(*this), length / bytesPerIteration); + isAligned &= IsAlignedOn(inString, alignment); + const CipherDir cipherDir = GetCipherDir(*this); + if (isAligned) + policy.Iterate(outString, inString, cipherDir, length / bytesPerIteration); else { + // GCC and Clang does not like this on ARM. The incorrect result is a string + // of 0's instead of ciphertext (or plaintext if decrypting). The 0's trace + // back to the allocation for the std::string in datatest.cpp. Elements in the + // string are initialized to their default value, which is 0. + // + // It almost feels as if the compiler does not see the string is transformed + // in-place so it short-circuits the transform. However, if we use a stand-alone + // reproducer with the same data then the issue is _not_ present. + // + // When working on this issue we introduced PtrAdd and PtrSub to ensure we were + // not running afoul of pointer arithmetic rules of the language. Namely we need + // to use ptrdiff_t when subtracting pointers. We believe the relevant code paths + // are clean. + // + // One workaround is a distinct and aligned temporary buffer. It [mostly] works + // as expected but requires an extra allocation (casts not shown): + // + // std::string temp(inString, length); + // policy.Iterate(outString, &temp[0], cipherDir, length / bytesPerIteration); + // memcpy(outString, inString, length); - policy.Iterate(outString, outString, GetCipherDir(*this), length / bytesPerIteration); + policy.Iterate(outString, outString, cipherDir, length / bytesPerIteration); } - inString += length - length % bytesPerIteration; - outString += length - length % bytesPerIteration; - length %= bytesPerIteration; + const size_t remainder = length % bytesPerIteration; + inString = PtrAdd(inString, length - remainder); + outString = PtrAdd(outString, length - remainder); + length = remainder; } while (length >= bytesPerIteration) @@ -217,8 +246,8 @@ void CFB_CipherTemplate::ProcessData(byte *outString, const byte *inString policy.TransformRegister(); CombineMessageAndShiftRegister(outString, reg, inString, bytesPerIteration); length -= bytesPerIteration; - inString += bytesPerIteration; - outString += bytesPerIteration; + inString = PtrAdd(inString, bytesPerIteration); + outString = PtrAdd(outString, bytesPerIteration); } if (length > 0) @@ -239,7 +268,7 @@ void CFB_EncryptionTemplate::CombineMessageAndShiftRegister(byte *output, template void CFB_DecryptionTemplate::CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, size_t length) { - for (unsigned int i=0; i /// typedef SymmetricCipherFinal\, AdditiveCipherTemplate\<\> \> \> Encryption; /// -/// \details AdditiveCipherTemplate and CFB_CipherTemplate are designed so that they don't need -/// to take a policy class as a template parameter (although this is allowed), so that -/// their code is not duplicated for each new cipher. Instead they each -/// get a reference to an abstract policy interface by calling AccessPolicy() on itself, so +/// \details AdditiveCipherTemplate and CFB_CipherTemplate are designed so that they don't +/// need to take a policy class as a template parameter (although this is allowed), so +/// that their code is not duplicated for each new cipher. Instead they each get a +/// reference to an abstract policy interface by calling AccessPolicy() on itself, so /// AccessPolicy() must be overridden to return the actual policy reference. This is done -/// by the ConceretePolicyHolder class. Finally, SymmetricCipherFinal implements the constructors and -/// other functions that must be implemented by the most derived class. +/// by the ConceretePolicyHolder class. Finally, SymmetricCipherFinal implements the +/// constructors and other functions that must be implemented by the most derived class. #ifndef CRYPTOPP_STRCIPHR_H #define CRYPTOPP_STRCIPHR_H @@ -97,7 +97,8 @@ enum KeystreamOperation { /// \brief XOR the input buffer and keystream, write to the aligned output buffer XOR_KEYSTREAM_OUTPUT_ALIGNED= OUTPUT_ALIGNED, /// \brief XOR the aligned input buffer and keystream, write to the aligned output buffer - XOR_KEYSTREAM_BOTH_ALIGNED = OUTPUT_ALIGNED | INPUT_ALIGNED}; + XOR_KEYSTREAM_BOTH_ALIGNED = OUTPUT_ALIGNED | INPUT_ALIGNED +}; /// \brief Policy object for additive stream ciphers struct CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AdditiveCipherAbstractPolicy @@ -130,7 +131,7 @@ struct CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AdditiveCipherAbstractPolicy /// \param iterationCount the number of iterations to generate the key stream /// \sa CanOperateKeystream(), OperateKeystream(), WriteKeystream() virtual void WriteKeystream(byte *keystream, size_t iterationCount) - {OperateKeystream(KeystreamOperation(INPUT_NULL | (KeystreamOperationFlags)IsAlignedOn(keystream, GetAlignment())), keystream, NULLPTR, iterationCount);} + {OperateKeystream(KeystreamOperation(INPUT_NULL | static_cast(IsAlignedOn(keystream, GetAlignment()))), keystream, NULLPTR, iterationCount);} /// \brief Flag indicating /// \returns true if the stream can be generated independent of the transformation input, false otherwise @@ -146,7 +147,8 @@ struct CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AdditiveCipherAbstractPolicy /// which will be derived from GetBytesPerIteration(). /// \sa CanOperateKeystream(), OperateKeystream(), WriteKeystream(), KeystreamOperation() virtual void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) - {CRYPTOPP_UNUSED(operation); CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(iterationCount); CRYPTOPP_ASSERT(false);} + {CRYPTOPP_UNUSED(operation); CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(input); + CRYPTOPP_UNUSED(iterationCount); CRYPTOPP_ASSERT(false);} /// \brief Key the cipher /// \param params set of NameValuePairs use to initialize this object @@ -159,7 +161,8 @@ struct CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AdditiveCipherAbstractPolicy /// \param iv a byte array used to resynchronize the cipher /// \param length the size of the IV array virtual void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) - {CRYPTOPP_UNUSED(keystreamBuffer); CRYPTOPP_UNUSED(iv); CRYPTOPP_UNUSED(length); throw NotImplemented("SimpleKeyingInterface: this object doesn't support resynchronization");} + {CRYPTOPP_UNUSED(keystreamBuffer); CRYPTOPP_UNUSED(iv); CRYPTOPP_UNUSED(length); + throw NotImplemented("SimpleKeyingInterface: this object doesn't support resynchronization");} /// \brief Flag indicating random access /// \returns true if the cipher is seekable, false otherwise @@ -169,7 +172,24 @@ struct CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AdditiveCipherAbstractPolicy /// \brief Seeks to a random position in the stream /// \sa CipherIsRandomAccess() virtual void SeekToIteration(lword iterationCount) - {CRYPTOPP_UNUSED(iterationCount); CRYPTOPP_ASSERT(!CipherIsRandomAccess()); throw NotImplemented("StreamTransformation: this object doesn't support random access");} + {CRYPTOPP_UNUSED(iterationCount); CRYPTOPP_ASSERT(!CipherIsRandomAccess()); + throw NotImplemented("StreamTransformation: this object doesn't support random access");} + + /// \brief Retrieve the provider of this algorithm + /// \return the algorithm provider + /// \details The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI", + /// "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE, + /// usually indicate a specialized implementation using instructions from a higher + /// instruction set architecture (ISA). Future labels may include external hardware + /// like a hardware security module (HSM). + /// \details Generally speaking Wei Dai's original IA-32 ASM code falls under "SSE2". + /// Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics + /// instead of ASM. + /// \details Algorithms which combine different instructions or ISAs provide the + /// dominant one. For example on x86 AES/GCM returns "AESNI" rather than + /// "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL". + /// \note Provider is not universally implemented yet. + virtual std::string AlgorithmProvider() const { return "C++"; } }; /// \brief Base class for additive stream ciphers @@ -183,6 +203,8 @@ struct CRYPTOPP_NO_VTABLE AdditiveCipherConcretePolicy : public BASE typedef WT WordType; CRYPTOPP_CONSTANT(BYTES_PER_ITERATION = sizeof(WordType) * W) + virtual ~AdditiveCipherConcretePolicy() {} + #if !(CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64) /// \brief Provides data alignment requirements /// \returns data alignment requirements, in bytes @@ -217,10 +239,17 @@ struct CRYPTOPP_NO_VTABLE AdditiveCipherConcretePolicy : public BASE }; /// \brief Helper macro to implement OperateKeystream +/// \param x KeystreamOperation mask +/// \param b Endian order +/// \param i index in output buffer +/// \param a value to output #define CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, b, i, a) \ PutWord(bool(x & OUTPUT_ALIGNED), b, output+i*sizeof(WordType), (x & INPUT_NULL) ? (a) : (a) ^ GetWord(bool(x & INPUT_ALIGNED), b, input+i*sizeof(WordType))); /// \brief Helper macro to implement OperateKeystream +/// \param x KeystreamOperation mask +/// \param i index in output buffer +/// \param a value to output #define CRYPTOPP_KEYSTREAM_OUTPUT_XMM(x, i, a) {\ __m128i t = (x & INPUT_NULL) ? a : _mm_xor_si128(a, (x & INPUT_ALIGNED) ? _mm_load_si128((__m128i *)input+i) : _mm_loadu_si128((__m128i *)input+i));\ if (x & OUTPUT_ALIGNED) _mm_store_si128((__m128i *)output+i, t);\ @@ -262,12 +291,13 @@ class CRYPTOPP_NO_VTABLE AdditiveCipherTemplate : public BASE, public RandomNumb { public: virtual ~AdditiveCipherTemplate() {} + AdditiveCipherTemplate() : m_leftOver(0) {} /// \brief Generate random array of bytes /// \param output the byte buffer /// \param size the length of the buffer, in bytes - /// \details All generated values are uniformly distributed over the range specified within the - /// the constraints of a particular generator. + /// \details All generated values are uniformly distributed over the range specified + /// within the constraints of a particular generator. void GenerateBlock(byte *output, size_t size); /// \brief Apply keystream to data @@ -325,6 +355,22 @@ public: /// \sa IsRandomAccess() void Seek(lword position); + /// \brief Retrieve the provider of this algorithm + /// \return the algorithm provider + /// \details The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI", + /// "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE, + /// usually indicate a specialized implementation using instructions from a higher + /// instruction set architecture (ISA). Future labels may include external hardware + /// like a hardware security module (HSM). + /// \details Generally speaking Wei Dai's original IA-32 ASM code falls under "SSE2". + /// Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics + /// instead of ASM. + /// \details Algorithms which combine different instructions or ISAs provide the + /// dominant one. For example on x86 AES/GCM returns "AESNI" rather than + /// "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL". + /// \note Provider is not universally implemented yet. + std::string AlgorithmProvider() const { return this->GetPolicy().AlgorithmProvider(); } + typedef typename BASE::PolicyInterface PolicyInterface; protected: @@ -333,9 +379,9 @@ protected: unsigned int GetBufferByteSize(const PolicyInterface &policy) const {return policy.GetBytesPerIteration() * policy.GetIterationsToBuffer();} inline byte * KeystreamBufferBegin() {return this->m_buffer.data();} - inline byte * KeystreamBufferEnd() {return (this->m_buffer.data() + this->m_buffer.size());} + inline byte * KeystreamBufferEnd() {return (PtrAdd(this->m_buffer.data(), this->m_buffer.size()));} - SecByteBlock m_buffer; + AlignedSecByteBlock m_buffer; size_t m_leftOver; }; @@ -374,8 +420,9 @@ public: /// \param iterationCount the number of iterations to perform on the input /// \sa IsSelfInverting() and IsForwardTransformation() virtual void Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount) - {CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(dir); CRYPTOPP_UNUSED(iterationCount); - CRYPTOPP_ASSERT(false); /*throw 0;*/ throw Exception(Exception::OTHER_ERROR, "SimpleKeyingInterface: unexpected error");} + {CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(dir); + CRYPTOPP_UNUSED(iterationCount); CRYPTOPP_ASSERT(false); + throw Exception(Exception::OTHER_ERROR, "SimpleKeyingInterface: unexpected error");} /// \brief Key the cipher /// \param params set of NameValuePairs use to initialize this object @@ -387,7 +434,24 @@ public: /// \param iv a byte array used to resynchronize the cipher /// \param length the size of the IV array virtual void CipherResynchronize(const byte *iv, size_t length) - {CRYPTOPP_UNUSED(iv); CRYPTOPP_UNUSED(length); throw NotImplemented("SimpleKeyingInterface: this object doesn't support resynchronization");} + {CRYPTOPP_UNUSED(iv); CRYPTOPP_UNUSED(length); + throw NotImplemented("SimpleKeyingInterface: this object doesn't support resynchronization");} + + /// \brief Retrieve the provider of this algorithm + /// \return the algorithm provider + /// \details The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI", + /// "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE, + /// usually indicate a specialized implementation using instructions from a higher + /// instruction set architecture (ISA). Future labels may include external hardware + /// like a hardware security module (HSM). + /// \details Generally speaking Wei Dai's original IA-32 ASM code falls under "SSE2". + /// Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics + /// instead of ASM. + /// \details Algorithms which combine different instructions or ISAs provide the + /// dominant one. For example on x86 AES/GCM returns "AESNI" rather than + /// "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL". + /// \note Provider is not universally implemented yet. + virtual std::string AlgorithmProvider() const { return "C++"; } }; /// \brief Base class for feedback based stream ciphers @@ -399,6 +463,8 @@ struct CRYPTOPP_NO_VTABLE CFB_CipherConcretePolicy : public BASE { typedef WT WordType; + virtual ~CFB_CipherConcretePolicy() {} + /// \brief Provides data alignment requirements /// \returns data alignment requirements, in bytes /// \details Internally, the default implementation returns 1. If the stream cipher is implemented @@ -433,8 +499,8 @@ struct CRYPTOPP_NO_VTABLE CFB_CipherConcretePolicy : public BASE /// \returns reference to the next feedback register word inline RegisterOutput& operator()(WordType ®isterWord) { - CRYPTOPP_ASSERT(IsAligned(m_output)); - CRYPTOPP_ASSERT(IsAligned(m_input)); + //CRYPTOPP_ASSERT(IsAligned(m_output)); + //CRYPTOPP_ASSERT(IsAligned(m_input)); if (!NativeByteOrderIs(B::ToEnum())) registerWord = ByteReverse(registerWord); @@ -447,18 +513,26 @@ struct CRYPTOPP_NO_VTABLE CFB_CipherConcretePolicy : public BASE } else { - WordType ct = *(const WordType *)m_input ^ registerWord; + // WordType ct = *(const WordType *)m_input ^ registerWord; + WordType ct = GetWord(false, NativeByteOrder::ToEnum(), m_input) ^ registerWord; registerWord = ct; - *(WordType*)m_output = ct; + + // *(WordType*)m_output = ct; + PutWord(false, NativeByteOrder::ToEnum(), m_output, ct); + m_input += sizeof(WordType); m_output += sizeof(WordType); } } else { - WordType ct = *(const WordType *)m_input; - *(WordType*)m_output = registerWord ^ ct; + // WordType ct = *(const WordType *)m_input; + WordType ct = GetWord(false, NativeByteOrder::ToEnum(), m_input); + + // *(WordType*)m_output = registerWord ^ ct; + PutWord(false, NativeByteOrder::ToEnum(), m_output, registerWord ^ ct); registerWord = ct; + m_input += sizeof(WordType); m_output += sizeof(WordType); } @@ -480,6 +554,9 @@ template class CRYPTOPP_NO_VTABLE CFB_CipherTemplate : public BASE { public: + virtual ~CFB_CipherTemplate() {} + CFB_CipherTemplate() : m_leftOver(0) {} + /// \brief Apply keystream to data /// \param outString a buffer to write the transformed data /// \param inString a buffer to read the data @@ -526,6 +603,22 @@ public: /// \returns true if the stream cipher is self inverting, false otherwise bool IsSelfInverting() const {return false;} + /// \brief Retrieve the provider of this algorithm + /// \return the algorithm provider + /// \details The algorithm provider can be a name like "C++", "SSE", "NEON", "AESNI", + /// "ARMv8" and "Power8". C++ is standard C++ code. Other labels, like SSE, + /// usually indicate a specialized implementation using instructions from a higher + /// instruction set architecture (ISA). Future labels may include external hardware + /// like a hardware security module (HSM). + /// \details Generally speaking Wei Dai's original IA-32 ASM code falls under "SSE2". + /// Labels like "SSSE3" and "SSE4.1" follow after Wei's code and use intrinsics + /// instead of ASM. + /// \details Algorithms which combine different instructions or ISAs provide the + /// dominant one. For example on x86 AES/GCM returns "AESNI" rather than + /// "CLMUL" or "AES+SSE4.1" or "AES+CLMUL" or "AES+SSE4.1+CLMUL". + /// \note Provider is not universally implemented yet. + std::string AlgorithmProvider() const { return this->GetPolicy().AlgorithmProvider(); } + typedef typename BASE::PolicyInterface PolicyInterface; protected: diff --git a/vendor/cryptopp/vendor_cryptopp/tea.h b/vendor/cryptopp/vendor_cryptopp/tea.h index 7188724e..973486a9 100644 --- a/vendor/cryptopp/vendor_cryptopp/tea.h +++ b/vendor/cryptopp/vendor_cryptopp/tea.h @@ -15,6 +15,10 @@ NAMESPACE_BEGIN(CryptoPP) /// \brief TEA block cipher information struct TEA_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public VariableRounds<32> { + /// \brief The algorithm name + /// \returns the algorithm name + /// \details StaticAlgorithmName returns the algorithm's name as a static + /// member function. CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "TEA";} }; @@ -58,6 +62,10 @@ typedef TEA::Decryption TEADecryption; /// \brief XTEA block cipher information struct XTEA_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public VariableRounds<32> { + /// \brief The algorithm name + /// \returns the algorithm name + /// \details StaticAlgorithmName returns the algorithm's name as a static + /// member function. CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "XTEA";} }; @@ -98,16 +106,21 @@ public: /// \brief BTEA block cipher information struct BTEA_Info : public FixedKeyLength<16> { + /// \brief The algorithm name + /// \returns the algorithm name + /// \details StaticAlgorithmName returns the algorithm's name as a static + /// member function. CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "BTEA";} }; /// \brief BTEA block cipher /// \details Corrected Block TEA as described in "xxtea". This class hasn't been tested yet. -/// \sa Corrected Block TEA. +/// \sa Correction to xtea and +/// Corrected Block TEA. class BTEA : public BTEA_Info, public BlockCipherDocumentation { /// \brief BTEA block cipher default operation - class CRYPTOPP_NO_VTABLE Base : public AlgorithmImpl, BTEA_Info>, public BTEA_Info + class CRYPTOPP_NO_VTABLE Base : public AlgorithmImpl, BTEA_Info> { public: void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) diff --git a/vendor/cryptopp/vendor_cryptopp/test.cpp b/vendor/cryptopp/vendor_cryptopp/test.cpp index 109ca6c6..843342b6 100644 --- a/vendor/cryptopp/vendor_cryptopp/test.cpp +++ b/vendor/cryptopp/vendor_cryptopp/test.cpp @@ -7,8 +7,8 @@ #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 #include "dll.h" -#include "aes.h" #include "cryptlib.h" +#include "aes.h" #include "filters.h" #include "md5.h" #include "ripemd.h" @@ -18,14 +18,13 @@ #include "randpool.h" #include "ida.h" #include "base64.h" -#include "socketft.h" -#include "wait.h" #include "factory.h" #include "whrlpool.h" #include "tiger.h" #include "smartptr.h" #include "pkcspad.h" #include "stdcpp.h" +#include "osrng.h" #include "ossig.h" #include "trap.h" @@ -42,11 +41,6 @@ #include #endif -#if defined(USE_BERKELEY_STYLE_SOCKETS) && !defined(macintosh) -#include -#include -#endif - #if (_MSC_VER >= 1000) #include // for the debug heap #endif @@ -61,7 +55,6 @@ #ifdef __BORLANDC__ #pragma comment(lib, "cryptlib_bds.lib") -#pragma comment(lib, "ws2_32.lib") #endif // Aggressive stack checking with VS2005 SP1 and above. @@ -69,6 +62,10 @@ # pragma strict_gs_check (on) #endif +// If CRYPTOPP_USE_AES_GENERATOR is 1 then AES/OFB based is used. +// Otherwise the OS random number generator is used. +#define CRYPTOPP_USE_AES_GENERATOR 1 + // Global namespace, provided by other source files void FIPS140_SampleApplication(); void RegisterFactories(CryptoPP::Test::TestClass suites); @@ -79,8 +76,6 @@ NAMESPACE_BEGIN(Test) const int MAX_PHRASE_LENGTH=250; -void PrintSeedAndThreads(const std::string& seed); - void GenerateRSAKey(unsigned int keyLength, const char *privFilename, const char *pubFilename, const char *seed); std::string RSAEncryptString(const char *pubFilename, const char *seed, const char *message); std::string RSADecryptString(const char *privFilename, const char *ciphertext); @@ -112,15 +107,16 @@ void Base64Decode(const char *infile, const char *outfile); void HexEncode(const char *infile, const char *outfile); void HexDecode(const char *infile, const char *outfile); -void ForwardTcpPort(const char *sourcePort, const char *destinationHost, const char *destinationPort); - void FIPS140_GenerateRandomFiles(); bool Validate(int, bool, const char *); -void PrintSeedAndThreads(const std::string& seed); ANONYMOUS_NAMESPACE_BEGIN +#if (CRYPTOPP_USE_AES_GENERATOR) OFB_Mode::Encryption s_globalRNG; +#else +NonblockingRng s_globalRNG; +#endif NAMESPACE_END RandomNumberGenerator & GlobalRNG() @@ -128,6 +124,10 @@ RandomNumberGenerator & GlobalRNG() return dynamic_cast(s_globalRNG); } +// Global seed used for the self tests +std::string s_globalSeed; +void PrintSeedAndThreads(); + // See misc.h and trap.h for comments and usage #if defined(CRYPTOPP_DEBUG) && defined(UNIX_SIGNALS_AVAILABLE) static const SignalHandler s_dummyHandler; @@ -143,17 +143,27 @@ int scoped_main(int argc, char *argv[]) _CrtSetDbgFlag( tempflag ); #endif +#ifdef _SUNPRO_CC + // No need for thread safety for the test program + cout.set_safe_flag(stream_MT::unsafe_object); + cin.set_safe_flag(stream_MT::unsafe_object); +#endif + try { RegisterFactories(All); // Some editors have problems with the '\0' character when redirecting output. - std::string seed = IntToString(time(NULLPTR)); - seed.resize(16, ' '); + s_globalSeed = IntToString(time(NULLPTR)); + s_globalSeed.resize(16, ' '); - // Fetch the SymmetricCipher interface, not the RandomNumberGenerator interface, to key the underlying cipher - OFB_Mode::Encryption& aesg = dynamic_cast::Encryption&>(GlobalRNG()); - aesg.SetKeyWithIV((byte *)seed.data(), 16, (byte *)seed.data()); +#if (CRYPTOPP_USE_AES_GENERATOR) + // Fetch the SymmetricCipher interface, not the RandomNumberGenerator + // interface, to key the underlying cipher. If CRYPTOPP_USE_AES_GENERATOR is 1 + // then AES/OFB based is used. Otherwise the OS random number generator is used. + SymmetricCipher& cipher = dynamic_cast(GlobalRNG()); + cipher.SetKeyWithIV((byte *)s_globalSeed.data(), 16, (byte *)s_globalSeed.data()); +#endif std::string command, executableName, macFilename; @@ -304,9 +314,11 @@ int scoped_main(int argc, char *argv[]) // TestDataFile() adds CRYPTOPP_DATA_DIR as required std::string fname = (argv[2] ? argv[2] : "all"); if (fname.find(".txt") == std::string::npos) - fname = "TestVectors/" + fname + ".txt"; + fname += ".txt"; + if (fname.find("TestVectors") == std::string::npos) + fname = "TestVectors/" + fname; - PrintSeedAndThreads(seed); + PrintSeedAndThreads(); return !RunTestDataFile(fname.c_str()); } else if (command == "t") @@ -318,7 +330,7 @@ int scoped_main(int argc, char *argv[]) std::cin.getline(passPhrase, MAX_PHRASE_LENGTH); std::cout << "\nPlaintext: "; - std::cin.getline(plaintext, 1024); + std::cin.getline(plaintext, sizeof(plaintext)); std::string ciphertext = EncryptString(plaintext, passPhrase); std::cout << "\nCiphertext: " << ciphertext << std::endl; @@ -351,7 +363,7 @@ int scoped_main(int argc, char *argv[]) char thisSeed[1024]; std::cout << "\nRandom Seed: "; std::ws(std::cin); - std::cin.getline(thisSeed, 1024); + std::cin.getline(thisSeed, sizeof(thisSeed)); SecretShareFile(StringToValue(argv[2]), StringToValue(argv[3]), argv[4], thisSeed); } else if (command == "sr") @@ -372,8 +384,6 @@ int scoped_main(int argc, char *argv[]) FIPS140_SampleApplication(); else if (command == "fips-rand") FIPS140_GenerateRandomFiles(); - else if (command == "ft") - ForwardTcpPort(argv[2], argv[3], argv[4]); else if (command == "a") { if (AdhocTest) @@ -390,7 +400,7 @@ int scoped_main(int argc, char *argv[]) AES_CTR_Encrypt(argv[2], argv[3], argv[4], argv[5]); else if (command == "h") { - FileSource usage(CRYPTOPP_DATA_DIR "TestData/usage.dat", true, new FileSink(std::cout)); + FileSource usage(DataDir("TestData/usage.dat").c_str(), true, new FileSink(std::cout)); return 1; } else if (command == "V") @@ -430,9 +440,9 @@ void FIPS140_GenerateRandomFiles() #endif } -void PrintSeedAndThreads(const std::string& seed) +void PrintSeedAndThreads() { - std::cout << "Using seed: " << seed << std::endl; + std::cout << "Using seed: " << s_globalSeed << std::endl; #ifdef _OPENMP int tc = 0; @@ -779,90 +789,28 @@ void HexDecode(const char *in, const char *out) FileSource(in, true, new HexDecoder(new FileSink(out))); } -void ForwardTcpPort(const char *sourcePortName, const char *destinationHost, const char *destinationPortName) -{ - // Quiet warnings for Windows Phone and Windows Store builds - CRYPTOPP_UNUSED(sourcePortName), CRYPTOPP_UNUSED(destinationHost), CRYPTOPP_UNUSED(destinationPortName); - -#ifdef SOCKETS_AVAILABLE - SocketsInitializer sockInit; - - Socket sockListen, sockSource, sockDestination; - - int sourcePort = Socket::PortNameToNumber(sourcePortName); - int destinationPort = Socket::PortNameToNumber(destinationPortName); - - sockListen.Create(); - sockListen.Bind(sourcePort); - - const int flag = 1; - int err = setsockopt(sockListen, IPPROTO_TCP, TCP_NODELAY, (char*)&flag, sizeof(int)); - CRYPTOPP_ASSERT(err == 0); - if(err != 0) - throw Socket::Err(sockListen, "setsockopt", sockListen.GetLastError()); - - std::cout << "Listing on port " << sourcePort << ".\n"; - sockListen.Listen(); - - sockListen.Accept(sockSource); - std::cout << "Connection accepted on port " << sourcePort << ".\n"; - sockListen.CloseSocket(); - - std::cout << "Making connection to " << destinationHost << ", port " << destinationPort << ".\n"; - sockDestination.Create(); - sockDestination.Connect(destinationHost, destinationPort); - - std::cout << "Connection made to " << destinationHost << ", starting to forward.\n"; - - SocketSource out(sockSource, false, new SocketSink(sockDestination)); - SocketSource in(sockDestination, false, new SocketSink(sockSource)); - - WaitObjectContainer waitObjects; - - while (!(in.SourceExhausted() && out.SourceExhausted())) - { - waitObjects.Clear(); - - out.GetWaitObjects(waitObjects, CallStack("ForwardTcpPort - out", NULLPTR)); - in.GetWaitObjects(waitObjects, CallStack("ForwardTcpPort - in", NULLPTR)); - - waitObjects.Wait(INFINITE_TIME); - - if (!out.SourceExhausted()) - { - std::cout << "o" << std::flush; - out.PumpAll2(false); - if (out.SourceExhausted()) - std::cout << "EOF received on source socket.\n"; - } - - if (!in.SourceExhausted()) - { - std::cout << "i" << std::flush; - in.PumpAll2(false); - if (in.SourceExhausted()) - std::cout << "EOF received on destination socket.\n"; - } - } -#else - std::cout << "Socket support was not enabled at compile time.\n"; - exit(-1); -#endif -} - bool Validate(int alg, bool thorough, const char *seedInput) { bool result; // Some editors have problems with the '\0' character when redirecting output. // seedInput is argv[3] when issuing 'cryptest.exe v all ' - std::string seed = (seedInput ? seedInput : IntToString(::time(NULLPTR))); - seed.resize(16, ' '); - OFB_Mode::Encryption& prng = dynamic_cast::Encryption&>(GlobalRNG()); - prng.SetKeyWithIV((byte *)seed.data(), 16, (byte *)seed.data()); + if (seedInput != NULLPTR) + { + s_globalSeed = seedInput; + s_globalSeed.resize(16, ' '); + } + +#if (CRYPTOPP_USE_AES_GENERATOR) + // Fetch the OFB_Mode interface, not the RandomNumberGenerator + // interface, to key the underlying cipher. If CRYPTOPP_USE_AES_GENERATOR is 1 + // then AES/OFB based is used. Otherwise the OS random number generator is used. + SymmetricCipher& cipher = dynamic_cast(GlobalRNG()); + cipher.SetKeyWithIV((byte *)s_globalSeed.data(), 16, (byte *)s_globalSeed.data()); +#endif g_testBegin = ::time(NULLPTR); - PrintSeedAndThreads(seed); + PrintSeedAndThreads(); switch (alg) { @@ -881,9 +829,10 @@ bool Validate(int alg, bool thorough, const char *seedInput) case 12: result = ValidateThreeWay(); break; case 13: result = ValidateBBS(); break; case 14: result = ValidateDH(); break; - case 15: result = ValidateRSA(); break; - case 16: result = ValidateElGamal(); break; - case 17: result = ValidateDSA(thorough); break; + case 15: result = ValidateX25519(); break; + case 16: result = ValidateRSA(); break; + case 17: result = ValidateElGamal(); break; + case 18: result = ValidateDSA(thorough); break; // case 18: result = ValidateHAVAL(); break; case 19: result = ValidateSAFER(); break; case 20: result = ValidateLUC(); break; @@ -935,20 +884,28 @@ bool Validate(int alg, bool thorough, const char *seedInput) case 66: result = ValidateCamellia(); break; case 67: result = ValidateWhirlpool(); break; case 68: result = ValidateTTMAC(); break; - case 69: result = ValidateSalsa(); break; - case 70: result = ValidateSosemanuk(); break; - case 71: result = ValidateVMAC(); break; - case 72: result = ValidateCCM(); break; - case 73: result = ValidateGCM(); break; - case 74: result = ValidateCMAC(); break; - case 75: result = ValidateSM3(); break; - case 76: result = ValidateBLAKE2s(); break; - case 77: result = ValidateBLAKE2b(); break; - case 78: result = ValidatePoly1305(); break; - case 79: result = ValidateSipHash(); break; - case 80: result = ValidateHashDRBG(); break; - case 81: result = ValidateHmacDRBG(); break; - case 82: result = ValidateNaCl(); break; + case 70: result = ValidateSalsa(); break; + case 71: result = ValidateChaCha(); break; + case 72: result = ValidateSosemanuk(); break; + case 73: result = ValidateRabbit(); break; + case 74: result = ValidateHC128(); break; + case 75: result = ValidateHC256(); break; + case 80: result = ValidateVMAC(); break; + case 81: result = ValidateCCM(); break; + case 82: result = ValidateGCM(); break; + case 83: result = ValidateCMAC(); break; + case 84: result = ValidateSM3(); break; + case 85: result = ValidateBLAKE2s(); break; + case 86: result = ValidateBLAKE2b(); break; + case 87: result = ValidatePoly1305(); break; + case 88: result = ValidateSipHash(); break; + case 89: result = ValidateHashDRBG(); break; + case 90: result = ValidateHmacDRBG(); break; + case 91: result = ValidateNaCl(); break; + case 100: result = ValidateCHAM(); break; + case 101: result = ValidateSIMECK(); break; + case 102: result = ValidateSIMON(); break; + case 103: result = ValidateSPECK(); break; #if defined(CRYPTOPP_EXTENDED_VALIDATION) // http://github.com/weidai11/cryptopp/issues/92 @@ -965,6 +922,13 @@ bool Validate(int alg, bool thorough, const char *seedInput) case 9994: result = TestHuffmanCodes(); break; // http://github.com/weidai11/cryptopp/issues/346 case 9993: result = TestASN1Parse(); break; + // http://github.com/weidai11/cryptopp/issues/242 + case 9992: result = TestX25519(); break; + // http://github.com/weidai11/cryptopp/issues/346 + case 9991: result = TestEd25519(); break; +# if defined(CRYPTOPP_ALTIVEC_AVAILABLE) + case 9990: result = TestAltivecOps(); break; +# endif #endif default: return false; @@ -972,9 +936,9 @@ bool Validate(int alg, bool thorough, const char *seedInput) g_testEnd = ::time(NULLPTR); - std::cout << "\nSeed used was " << seed << std::endl; - std::cout << "Test started at " << TimeToString(g_testBegin) << std::endl; - std::cout << "Test ended at " << TimeToString(g_testEnd) << std::endl; + std::cout << "\nSeed used was " << s_globalSeed; + std::cout << "\nTest started at " << TimeToString(g_testBegin); + std::cout << "\nTest ended at " << TimeToString(g_testEnd) << std::endl; return result; } diff --git a/vendor/cryptopp/vendor_cryptopp/threefish.h b/vendor/cryptopp/vendor_cryptopp/threefish.h index d78d4219..d98c93ff 100644 --- a/vendor/cryptopp/vendor_cryptopp/threefish.h +++ b/vendor/cryptopp/vendor_cryptopp/threefish.h @@ -67,7 +67,7 @@ struct CRYPTOPP_NO_VTABLE Threefish_Base /// \brief Threefish 256-bit block cipher /// \details Threefish256 provides 256-bit block size. The valid key size is 256-bit. /// \note Crypto++ provides a byte oriented implementation -/// \sa Threefish256, Threefish512, Threefish1024, Threefish +/// \sa Threefish512, Threefish1024, Threefish /// \since Crypto++ 6.0 class CRYPTOPP_NO_VTABLE Threefish256 : public Threefish_Info<32>, public BlockCipherDocumentation { @@ -81,7 +81,7 @@ public: void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Enc provides implementation for encryption transformation. All key and block /// sizes are supported. /// \since Crypto++ 6.0 @@ -91,7 +91,7 @@ public: void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Dec provides implementation for decryption transformation. All key and block /// sizes are supported. /// \since Crypto++ 6.0 @@ -111,9 +111,9 @@ typedef Threefish256::Decryption Threefish256Decryption; /// \brief Threefish 512-bit block cipher /// \details Threefish512 provides 512-bit block size. The valid key size is 512-bit. /// \note Crypto++ provides a byte oriented implementation -/// \sa Threefish256, Threefish512, Threefish1024, Threefish +/// \sa Threefish256, Threefish1024, Threefish /// \since Crypto++ 6.0 -class CRYPTOPP_NO_VTABLE Threefish512 : public Threefish_Base<32>, public BlockCipherDocumentation +class CRYPTOPP_NO_VTABLE Threefish512 : public Threefish_Info<64>, public BlockCipherDocumentation { public: /// \brief Threefish block cipher transformation functions @@ -125,7 +125,7 @@ public: void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Enc provides implementation for encryption transformation. All key and block /// sizes are supported. /// \since Crypto++ 6.0 @@ -135,7 +135,7 @@ public: void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Dec provides implementation for decryption transformation. All key and block /// sizes are supported. /// \since Crypto++ 6.0 @@ -155,9 +155,9 @@ typedef Threefish512::Decryption Threefish512Decryption; /// \brief Threefish 1024-bit block cipher /// \details Threefish1024 provides 1024-bit block size. The valid key size is 1024-bit. /// \note Crypto++ provides a byte oriented implementation -/// \sa Threefish256, Threefish512, Threefish1024, Threefish +/// \sa Threefish256, Threefish512, Threefish /// \since Crypto++ 6.0 -class CRYPTOPP_NO_VTABLE Threefish1024 : public Threefish_Base<32>, public BlockCipherDocumentation +class CRYPTOPP_NO_VTABLE Threefish1024 : public Threefish_Info<128>, public BlockCipherDocumentation { public: /// \brief Threefish block cipher transformation functions @@ -169,7 +169,7 @@ public: void UncheckedSetKey(const byte *userKey, unsigned int keyLength, const NameValuePairs ¶ms); }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Enc provides implementation for encryption transformation. All key and block /// sizes are supported. /// \since Crypto++ 6.0 @@ -179,7 +179,7 @@ public: void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; }; - /// \brief Provides implementation for encryption transformation + /// \brief Encryption transformation /// \details Dec provides implementation for decryption transformation. All key and block /// sizes are supported. /// \since Crypto++ 6.0 diff --git a/vendor/cryptopp/vendor_cryptopp/tiger.cpp b/vendor/cryptopp/vendor_cryptopp/tiger.cpp index 3365b981..9b35a8c7 100644 --- a/vendor/cryptopp/vendor_cryptopp/tiger.cpp +++ b/vendor/cryptopp/vendor_cryptopp/tiger.cpp @@ -16,6 +16,17 @@ NAMESPACE_BEGIN(CryptoPP) +std::string Tiger::AlgorithmProvider() const +{ +#ifndef CRYPTOPP_DISABLE_TIGER_ASM +# if CRYPTOPP_SSE2_ASM_AVAILABLE + if (HasSSE2()) + return "SSE2"; +# endif +#endif + return "C++"; +} + void Tiger::InitState(HashWordType *state) { state[0] = W64LIT(0x0123456789ABCDEF); @@ -25,6 +36,7 @@ void Tiger::InitState(HashWordType *state) void Tiger::TruncatedFinal(byte *hash, size_t size) { + CRYPTOPP_ASSERT(hash != NULLPTR); ThrowIfInvalidTruncatedSize(size); PadLastBlock(56, 0x01); @@ -39,9 +51,9 @@ void Tiger::TruncatedFinal(byte *hash, size_t size) Restart(); // reinit for next use } -void Tiger::Transform (word64 *digest, const word64 *X) +void Tiger::Transform (word64 *state, const word64 *data) { -#if CRYPTOPP_SSE2_ASM_AVAILABLE && (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32) +#if CRYPTOPP_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 if (HasSSE2()) { #ifdef __GNUC__ @@ -51,8 +63,8 @@ void Tiger::Transform (word64 *digest, const word64 *X) AS_PUSH_IF86(bx) #else AS2( lea edx, [table]) - AS2( mov eax, digest) - AS2( mov esi, X) + AS2( mov eax, state) + AS2( mov esi, data) #endif AS2( movq mm0, [eax]) AS2( movq mm1, [eax+1*8]) @@ -181,19 +193,11 @@ void Tiger::Transform (word64 *digest, const word64 *X) AS2( psubq mm3, mm4)\ AS2( movq [Y+7*8], mm3) -#if CRYPTOPP_BOOL_X32 - SSE2_pass(mm0, mm1, mm2, 5, esi) - SSE2_key_schedule(esp+8, esi) - SSE2_pass(mm2, mm0, mm1, 7, esp+8) - SSE2_key_schedule(esp+8, esp+8) - SSE2_pass(mm1, mm2, mm0, 9, esp+8) -#else SSE2_pass(mm0, mm1, mm2, 5, esi) SSE2_key_schedule(esp+4, esi) SSE2_pass(mm2, mm0, mm1, 7, esp+4) SSE2_key_schedule(esp+4, esp+4) SSE2_pass(mm1, mm2, mm0, 9, esp+4) -#endif AS2( pxor mm0, [eax+0*8]) AS2( movq [eax+0*8], mm0) @@ -209,7 +213,7 @@ void Tiger::Transform (word64 *digest, const word64 *X) AS_POP_IF86(bx) ATT_PREFIX : - : "a" (digest), "S" (X), "d" (table) + : "a" (state), "S" (data), "d" (table) : "%ecx", "%edi", "memory", "cc" ); #endif @@ -217,9 +221,9 @@ void Tiger::Transform (word64 *digest, const word64 *X) else #endif { - word64 a = digest[0]; - word64 b = digest[1]; - word64 c = digest[2]; + word64 a = state[0]; + word64 b = state[1]; + word64 c = state[2]; word64 Y[8]; #define t1 (table) @@ -263,15 +267,15 @@ void Tiger::Transform (word64 *digest, const word64 *X) Y[6] += Y[5]; \ Y[7] -= Y[6] ^ W64LIT(0x0123456789ABCDEF) - pass(a,b,c,5,X); - key_schedule(Y,X); + pass(a,b,c,5,data); + key_schedule(Y,data); pass(c,a,b,7,Y); key_schedule(Y,Y); pass(b,c,a,9,Y); - digest[0] = a ^ digest[0]; - digest[1] = b - digest[1]; - digest[2] = c + digest[2]; + state[0] = a ^ state[0]; + state[1] = b - state[1]; + state[2] = c + state[2]; } } diff --git a/vendor/cryptopp/vendor_cryptopp/tiger.h b/vendor/cryptopp/vendor_cryptopp/tiger.h index 2e1d9343..f76ca3e4 100644 --- a/vendor/cryptopp/vendor_cryptopp/tiger.h +++ b/vendor/cryptopp/vendor_cryptopp/tiger.h @@ -10,10 +10,10 @@ #include "config.h" #include "iterhash.h" -// Clang 3.3 integrated assembler crash on Linux -// http://github.com/weidai11/cryptopp/issues/264 -#if defined(CRYPTOPP_LLVM_CLANG_VERSION) && (CRYPTOPP_LLVM_CLANG_VERSION < 30400) -# define CRYPTOPP_DISABLE_TIGER_ASM +// Clang 3.3 integrated assembler crash on Linux. Clang 3.4 due to compiler +// error with .intel_syntax, http://llvm.org/bugs/show_bug.cgi?id=24232 +#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_MIXED_ASM) +# define CRYPTOPP_DISABLE_TIGER_ASM 1 #endif NAMESPACE_BEGIN(CryptoPP) @@ -24,10 +24,12 @@ NAMESPACE_BEGIN(CryptoPP) class Tiger : public IteratedHashWithStaticTransform { public: + CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "Tiger";} + std::string AlgorithmProvider() const; + static void InitState(HashWordType *state); static void Transform(word64 *digest, const word64 *data); void TruncatedFinal(byte *hash, size_t size); - CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "Tiger";} protected: static const word64 table[4*256+3]; diff --git a/vendor/cryptopp/vendor_cryptopp/trap.h b/vendor/cryptopp/vendor_cryptopp/trap.h index f30ba293..a34be810 100644 --- a/vendor/cryptopp/vendor_cryptopp/trap.h +++ b/vendor/cryptopp/vendor_cryptopp/trap.h @@ -64,8 +64,8 @@ # define CRYPTOPP_ASSERT(exp) { \ if (!(exp)) { \ std::ostringstream oss; \ - oss << "Assertion failed: " << (char*)(__FILE__) << "(" \ - << (int)(__LINE__) << "): " << (char*)(__func__) \ + oss << "Assertion failed: " << __FILE__ << "(" \ + << __LINE__ << "): " << __func__ \ << std::endl; \ std::cerr << oss.str(); \ raise(SIGTRAP); \ @@ -75,8 +75,8 @@ # define CRYPTOPP_ASSERT(exp) { \ if (!(exp)) { \ std::ostringstream oss; \ - oss << "Assertion failed: " << (char*)(__FILE__) << "(" \ - << (int)(__LINE__) << "): " << (char*)(__FUNCTION__) \ + oss << "Assertion failed: " << __FILE__ << "(" \ + << __LINE__ << "): " << __FUNCTION__ \ << std::endl; \ std::cerr << oss.str(); \ if (IsDebuggerPresent()) {DebugBreak();} \ diff --git a/vendor/cryptopp/vendor_cryptopp/trdlocal.cpp b/vendor/cryptopp/vendor_cryptopp/trdlocal.cpp deleted file mode 100644 index f13b1845..00000000 --- a/vendor/cryptopp/vendor_cryptopp/trdlocal.cpp +++ /dev/null @@ -1,110 +0,0 @@ -// trdlocal.cpp - originally written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "config.h" - -#ifndef CRYPTOPP_IMPORTS - -#if !defined(NO_OS_DEPENDENCE) && defined(THREADS_AVAILABLE) - -#include "trdlocal.h" -#include "stdcpp.h" - -#ifdef HAS_WINTHREADS -#define WIN32_LEAN_AND_MEAN -#include -#endif - -#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE -# pragma GCC diagnostic ignored "-Wc++11-compat" -#endif - -NAMESPACE_BEGIN(CryptoPP) - -ThreadLocalStorage::Err::Err(const std::string& operation, int error) - : OS_Error(OTHER_ERROR, "ThreadLocalStorage: " + operation + " operation failed with error 0x" + IntToString(error, 16), operation, error) -{ -} - -// Windows: "a process may have up to TLS_MINIMUM_AVAILABLE indexes (guaranteed to be greater than -// or equal to 64)", https://support.microsoft.com/en-us/help/94804/info-thread-local-storage-overview -ThreadLocalStorage::ThreadLocalStorage() -{ -#ifdef HAS_WINTHREADS - m_index = TlsAlloc(); - CRYPTOPP_ASSERT(m_index != TLS_OUT_OF_INDEXES); - if (m_index == TLS_OUT_OF_INDEXES) - throw Err("TlsAlloc", GetLastError()); -#else - m_index = 0; - int error = pthread_key_create(&m_index, NULLPTR); - CRYPTOPP_ASSERT(!error); - if (error) - throw Err("pthread_key_create", error); -#endif -} - -ThreadLocalStorage::~ThreadLocalStorage() CRYPTOPP_THROW -{ -#if defined(CRYPTOPP_CXX17_EXCEPTIONS) - if (std::uncaught_exceptions() == 0) -#elif defined(CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE) - if (std::uncaught_exception() == false) -#else - try -#endif -#ifdef HAS_WINTHREADS - { - int rc = TlsFree(m_index); - CRYPTOPP_ASSERT(rc); - if (!rc) - throw Err("TlsFree", GetLastError()); - } -#else - { - int error = pthread_key_delete(m_index); - CRYPTOPP_ASSERT(!error); - if (error) - throw Err("pthread_key_delete", error); - } -#endif -#if !defined(CRYPTOPP_CXX17_EXCEPTIONS) && !defined(CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE) - catch(const Exception&) - { - } -#endif -} - -void ThreadLocalStorage::SetValue(void *value) -{ -#ifdef HAS_WINTHREADS - if (!TlsSetValue(m_index, value)) - throw Err("TlsSetValue", GetLastError()); -#else - int error = pthread_setspecific(m_index, value); - if (error) - throw Err("pthread_key_getspecific", error); -#endif -} - -void *ThreadLocalStorage::GetValue() const -{ -#ifdef HAS_WINTHREADS - void *result = TlsGetValue(m_index); - const DWORD dwRet = GetLastError(); - - CRYPTOPP_ASSERT(result || (!result && (dwRet == NO_ERROR))); - if (!result && dwRet != NO_ERROR) - throw Err("TlsGetValue", dwRet); -#else - // Null is a valid return value. Posix does not provide a way to - // check for a "good" Null vs a "bad" Null (errno is not set). - void *result = pthread_getspecific(m_index); -#endif - return result; -} - -NAMESPACE_END - -#endif // THREADS_AVAILABLE -#endif // CRYPTOPP_IMPORTS diff --git a/vendor/cryptopp/vendor_cryptopp/trdlocal.h b/vendor/cryptopp/vendor_cryptopp/trdlocal.h deleted file mode 100644 index a30ca692..00000000 --- a/vendor/cryptopp/vendor_cryptopp/trdlocal.h +++ /dev/null @@ -1,44 +0,0 @@ -#ifndef CRYPTOPP_TRDLOCAL_H -#define CRYPTOPP_TRDLOCAL_H - -#include "config.h" - -#if !defined(NO_OS_DEPENDENCE) && defined(THREADS_AVAILABLE) - -#include "misc.h" - -#ifdef HAS_WINTHREADS -typedef unsigned long ThreadLocalIndexType; -#else -#include -typedef pthread_key_t ThreadLocalIndexType; -#endif - -NAMESPACE_BEGIN(CryptoPP) - -/// thread local storage -class CRYPTOPP_DLL ThreadLocalStorage : public NotCopyable -{ -public: - /// exception thrown by ThreadLocalStorage class - class Err : public OS_Error - { - public: - Err(const std::string& operation, int error); - }; - - ThreadLocalStorage(); - ~ThreadLocalStorage() CRYPTOPP_THROW; - - void SetValue(void *value); - void *GetValue() const; - -private: - ThreadLocalIndexType m_index; -}; - -NAMESPACE_END - -#endif // THREADS_AVAILABLE - -#endif // CRYPTOPP_TRDLOCAL_H diff --git a/vendor/cryptopp/vendor_cryptopp/ttmac.cpp b/vendor/cryptopp/vendor_cryptopp/ttmac.cpp index 7ab62115..db7e3485 100644 --- a/vendor/cryptopp/vendor_cryptopp/ttmac.cpp +++ b/vendor/cryptopp/vendor_cryptopp/ttmac.cpp @@ -17,11 +17,10 @@ word32 H(word32 x, word32 y, word32 z) { return z ^ (x | ~y); } word32 I(word32 x, word32 y, word32 z) { return y ^ (z & (x^y)); } word32 J(word32 x, word32 y, word32 z) { return x ^ (y | ~z); } -typedef word32 (*Fn)(word32, word32, word32); -template -void Subround(word32& a, word32 b, word32& c, word32 d, word32 e, word32 x, word32 k) +template +void Subround(Fn fn, word32& a, word32 b, word32& c, word32 d, word32 e, word32 x, word32 k) { - a += f(b, c, d) + x + k; + a += fn(b, c, d) + x + k; a = rotlVariable(a, S) + e; c = rotlConstant<10>(c); } @@ -137,175 +136,175 @@ void TTMAC_Base::Transform(word32 *digest, const word32 *X, bool last) d2 = trackB[3]; e2 = trackB[4]; - Subround(a1, b1, c1, d1, e1, X[ 0], k0); - Subround(e1, a1, b1, c1, d1, X[ 1], k0); - Subround(d1, e1, a1, b1, c1, X[ 2], k0); - Subround(c1, d1, e1, a1, b1, X[ 3], k0); - Subround(b1, c1, d1, e1, a1, X[ 4], k0); - Subround(a1, b1, c1, d1, e1, X[ 5], k0); - Subround(e1, a1, b1, c1, d1, X[ 6], k0); - Subround(d1, e1, a1, b1, c1, X[ 7], k0); - Subround(c1, d1, e1, a1, b1, X[ 8], k0); - Subround(b1, c1, d1, e1, a1, X[ 9], k0); - Subround(a1, b1, c1, d1, e1, X[10], k0); - Subround(e1, a1, b1, c1, d1, X[11], k0); - Subround(d1, e1, a1, b1, c1, X[12], k0); - Subround(c1, d1, e1, a1, b1, X[13], k0); - Subround(b1, c1, d1, e1, a1, X[14], k0); - Subround(a1, b1, c1, d1, e1, X[15], k0); + Subround<11>(F, a1, b1, c1, d1, e1, X[ 0], k0); + Subround<14>(F, e1, a1, b1, c1, d1, X[ 1], k0); + Subround<15>(F, d1, e1, a1, b1, c1, X[ 2], k0); + Subround<12>(F, c1, d1, e1, a1, b1, X[ 3], k0); + Subround< 5>(F, b1, c1, d1, e1, a1, X[ 4], k0); + Subround< 8>(F, a1, b1, c1, d1, e1, X[ 5], k0); + Subround< 7>(F, e1, a1, b1, c1, d1, X[ 6], k0); + Subround< 9>(F, d1, e1, a1, b1, c1, X[ 7], k0); + Subround<11>(F, c1, d1, e1, a1, b1, X[ 8], k0); + Subround<13>(F, b1, c1, d1, e1, a1, X[ 9], k0); + Subround<14>(F, a1, b1, c1, d1, e1, X[10], k0); + Subround<15>(F, e1, a1, b1, c1, d1, X[11], k0); + Subround< 6>(F, d1, e1, a1, b1, c1, X[12], k0); + Subround< 7>(F, c1, d1, e1, a1, b1, X[13], k0); + Subround< 9>(F, b1, c1, d1, e1, a1, X[14], k0); + Subround< 8>(F, a1, b1, c1, d1, e1, X[15], k0); - Subround(e1, a1, b1, c1, d1, X[ 7], k1); - Subround(d1, e1, a1, b1, c1, X[ 4], k1); - Subround(c1, d1, e1, a1, b1, X[13], k1); - Subround(b1, c1, d1, e1, a1, X[ 1], k1); - Subround(a1, b1, c1, d1, e1, X[10], k1); - Subround(e1, a1, b1, c1, d1, X[ 6], k1); - Subround(d1, e1, a1, b1, c1, X[15], k1); - Subround(c1, d1, e1, a1, b1, X[ 3], k1); - Subround(b1, c1, d1, e1, a1, X[12], k1); - Subround(a1, b1, c1, d1, e1, X[ 0], k1); - Subround(e1, a1, b1, c1, d1, X[ 9], k1); - Subround(d1, e1, a1, b1, c1, X[ 5], k1); - Subround(c1, d1, e1, a1, b1, X[ 2], k1); - Subround(b1, c1, d1, e1, a1, X[14], k1); - Subround(a1, b1, c1, d1, e1, X[11], k1); - Subround(e1, a1, b1, c1, d1, X[ 8], k1); + Subround< 7>(G, e1, a1, b1, c1, d1, X[ 7], k1); + Subround< 6>(G, d1, e1, a1, b1, c1, X[ 4], k1); + Subround< 8>(G, c1, d1, e1, a1, b1, X[13], k1); + Subround<13>(G, b1, c1, d1, e1, a1, X[ 1], k1); + Subround<11>(G, a1, b1, c1, d1, e1, X[10], k1); + Subround< 9>(G, e1, a1, b1, c1, d1, X[ 6], k1); + Subround< 7>(G, d1, e1, a1, b1, c1, X[15], k1); + Subround<15>(G, c1, d1, e1, a1, b1, X[ 3], k1); + Subround< 7>(G, b1, c1, d1, e1, a1, X[12], k1); + Subround<12>(G, a1, b1, c1, d1, e1, X[ 0], k1); + Subround<15>(G, e1, a1, b1, c1, d1, X[ 9], k1); + Subround< 9>(G, d1, e1, a1, b1, c1, X[ 5], k1); + Subround<11>(G, c1, d1, e1, a1, b1, X[ 2], k1); + Subround< 7>(G, b1, c1, d1, e1, a1, X[14], k1); + Subround<13>(G, a1, b1, c1, d1, e1, X[11], k1); + Subround<12>(G, e1, a1, b1, c1, d1, X[ 8], k1); - Subround(d1, e1, a1, b1, c1, X[ 3], k2); - Subround(c1, d1, e1, a1, b1, X[10], k2); - Subround(b1, c1, d1, e1, a1, X[14], k2); - Subround(a1, b1, c1, d1, e1, X[ 4], k2); - Subround(e1, a1, b1, c1, d1, X[ 9], k2); - Subround(d1, e1, a1, b1, c1, X[15], k2); - Subround(c1, d1, e1, a1, b1, X[ 8], k2); - Subround(b1, c1, d1, e1, a1, X[ 1], k2); - Subround(a1, b1, c1, d1, e1, X[ 2], k2); - Subround(e1, a1, b1, c1, d1, X[ 7], k2); - Subround(d1, e1, a1, b1, c1, X[ 0], k2); - Subround(c1, d1, e1, a1, b1, X[ 6], k2); - Subround(b1, c1, d1, e1, a1, X[13], k2); - Subround(a1, b1, c1, d1, e1, X[11], k2); - Subround(e1, a1, b1, c1, d1, X[ 5], k2); - Subround(d1, e1, a1, b1, c1, X[12], k2); + Subround<11>(H, d1, e1, a1, b1, c1, X[ 3], k2); + Subround<13>(H, c1, d1, e1, a1, b1, X[10], k2); + Subround< 6>(H, b1, c1, d1, e1, a1, X[14], k2); + Subround< 7>(H, a1, b1, c1, d1, e1, X[ 4], k2); + Subround<14>(H, e1, a1, b1, c1, d1, X[ 9], k2); + Subround< 9>(H, d1, e1, a1, b1, c1, X[15], k2); + Subround<13>(H, c1, d1, e1, a1, b1, X[ 8], k2); + Subround<15>(H, b1, c1, d1, e1, a1, X[ 1], k2); + Subround<14>(H, a1, b1, c1, d1, e1, X[ 2], k2); + Subround< 8>(H, e1, a1, b1, c1, d1, X[ 7], k2); + Subround<13>(H, d1, e1, a1, b1, c1, X[ 0], k2); + Subround< 6>(H, c1, d1, e1, a1, b1, X[ 6], k2); + Subround< 5>(H, b1, c1, d1, e1, a1, X[13], k2); + Subround<12>(H, a1, b1, c1, d1, e1, X[11], k2); + Subround< 7>(H, e1, a1, b1, c1, d1, X[ 5], k2); + Subround< 5>(H, d1, e1, a1, b1, c1, X[12], k2); - Subround(c1, d1, e1, a1, b1, X[ 1], k3); - Subround(b1, c1, d1, e1, a1, X[ 9], k3); - Subround(a1, b1, c1, d1, e1, X[11], k3); - Subround(e1, a1, b1, c1, d1, X[10], k3); - Subround(d1, e1, a1, b1, c1, X[ 0], k3); - Subround(c1, d1, e1, a1, b1, X[ 8], k3); - Subround(b1, c1, d1, e1, a1, X[12], k3); - Subround(a1, b1, c1, d1, e1, X[ 4], k3); - Subround(e1, a1, b1, c1, d1, X[13], k3); - Subround(d1, e1, a1, b1, c1, X[ 3], k3); - Subround(c1, d1, e1, a1, b1, X[ 7], k3); - Subround(b1, c1, d1, e1, a1, X[15], k3); - Subround(a1, b1, c1, d1, e1, X[14], k3); - Subround(e1, a1, b1, c1, d1, X[ 5], k3); - Subround(d1, e1, a1, b1, c1, X[ 6], k3); - Subround(c1, d1, e1, a1, b1, X[ 2], k3); + Subround<11>(I, c1, d1, e1, a1, b1, X[ 1], k3); + Subround<12>(I, b1, c1, d1, e1, a1, X[ 9], k3); + Subround<14>(I, a1, b1, c1, d1, e1, X[11], k3); + Subround<15>(I, e1, a1, b1, c1, d1, X[10], k3); + Subround<14>(I, d1, e1, a1, b1, c1, X[ 0], k3); + Subround<15>(I, c1, d1, e1, a1, b1, X[ 8], k3); + Subround< 9>(I, b1, c1, d1, e1, a1, X[12], k3); + Subround< 8>(I, a1, b1, c1, d1, e1, X[ 4], k3); + Subround< 9>(I, e1, a1, b1, c1, d1, X[13], k3); + Subround<14>(I, d1, e1, a1, b1, c1, X[ 3], k3); + Subround< 5>(I, c1, d1, e1, a1, b1, X[ 7], k3); + Subround< 6>(I, b1, c1, d1, e1, a1, X[15], k3); + Subround< 8>(I, a1, b1, c1, d1, e1, X[14], k3); + Subround< 6>(I, e1, a1, b1, c1, d1, X[ 5], k3); + Subround< 5>(I, d1, e1, a1, b1, c1, X[ 6], k3); + Subround<12>(I, c1, d1, e1, a1, b1, X[ 2], k3); - Subround(b1, c1, d1, e1, a1, X[ 4], k4); - Subround(a1, b1, c1, d1, e1, X[ 0], k4); - Subround(e1, a1, b1, c1, d1, X[ 5], k4); - Subround(d1, e1, a1, b1, c1, X[ 9], k4); - Subround(c1, d1, e1, a1, b1, X[ 7], k4); - Subround(b1, c1, d1, e1, a1, X[12], k4); - Subround(a1, b1, c1, d1, e1, X[ 2], k4); - Subround(e1, a1, b1, c1, d1, X[10], k4); - Subround(d1, e1, a1, b1, c1, X[14], k4); - Subround(c1, d1, e1, a1, b1, X[ 1], k4); - Subround(b1, c1, d1, e1, a1, X[ 3], k4); - Subround(a1, b1, c1, d1, e1, X[ 8], k4); - Subround(e1, a1, b1, c1, d1, X[11], k4); - Subround(d1, e1, a1, b1, c1, X[ 6], k4); - Subround(c1, d1, e1, a1, b1, X[15], k4); - Subround(b1, c1, d1, e1, a1, X[13], k4); + Subround< 9>(J, b1, c1, d1, e1, a1, X[ 4], k4); + Subround<15>(J, a1, b1, c1, d1, e1, X[ 0], k4); + Subround< 5>(J, e1, a1, b1, c1, d1, X[ 5], k4); + Subround<11>(J, d1, e1, a1, b1, c1, X[ 9], k4); + Subround< 6>(J, c1, d1, e1, a1, b1, X[ 7], k4); + Subround< 8>(J, b1, c1, d1, e1, a1, X[12], k4); + Subround<13>(J, a1, b1, c1, d1, e1, X[ 2], k4); + Subround<12>(J, e1, a1, b1, c1, d1, X[10], k4); + Subround< 5>(J, d1, e1, a1, b1, c1, X[14], k4); + Subround<12>(J, c1, d1, e1, a1, b1, X[ 1], k4); + Subround<13>(J, b1, c1, d1, e1, a1, X[ 3], k4); + Subround<14>(J, a1, b1, c1, d1, e1, X[ 8], k4); + Subround<11>(J, e1, a1, b1, c1, d1, X[11], k4); + Subround< 8>(J, d1, e1, a1, b1, c1, X[ 6], k4); + Subround< 5>(J, c1, d1, e1, a1, b1, X[15], k4); + Subround< 6>(J, b1, c1, d1, e1, a1, X[13], k4); - Subround(a2, b2, c2, d2, e2, X[ 5], k5); - Subround(e2, a2, b2, c2, d2, X[14], k5); - Subround(d2, e2, a2, b2, c2, X[ 7], k5); - Subround(c2, d2, e2, a2, b2, X[ 0], k5); - Subround(b2, c2, d2, e2, a2, X[ 9], k5); - Subround(a2, b2, c2, d2, e2, X[ 2], k5); - Subround(e2, a2, b2, c2, d2, X[11], k5); - Subround(d2, e2, a2, b2, c2, X[ 4], k5); - Subround(c2, d2, e2, a2, b2, X[13], k5); - Subround(b2, c2, d2, e2, a2, X[ 6], k5); - Subround(a2, b2, c2, d2, e2, X[15], k5); - Subround(e2, a2, b2, c2, d2, X[ 8], k5); - Subround(d2, e2, a2, b2, c2, X[ 1], k5); - Subround(c2, d2, e2, a2, b2, X[10], k5); - Subround(b2, c2, d2, e2, a2, X[ 3], k5); - Subround(a2, b2, c2, d2, e2, X[12], k5); + Subround< 8>(J, a2, b2, c2, d2, e2, X[ 5], k5); + Subround< 9>(J, e2, a2, b2, c2, d2, X[14], k5); + Subround< 9>(J, d2, e2, a2, b2, c2, X[ 7], k5); + Subround<11>(J, c2, d2, e2, a2, b2, X[ 0], k5); + Subround<13>(J, b2, c2, d2, e2, a2, X[ 9], k5); + Subround<15>(J, a2, b2, c2, d2, e2, X[ 2], k5); + Subround<15>(J, e2, a2, b2, c2, d2, X[11], k5); + Subround< 5>(J, d2, e2, a2, b2, c2, X[ 4], k5); + Subround< 7>(J, c2, d2, e2, a2, b2, X[13], k5); + Subround< 7>(J, b2, c2, d2, e2, a2, X[ 6], k5); + Subround< 8>(J, a2, b2, c2, d2, e2, X[15], k5); + Subround<11>(J, e2, a2, b2, c2, d2, X[ 8], k5); + Subround<14>(J, d2, e2, a2, b2, c2, X[ 1], k5); + Subround<14>(J, c2, d2, e2, a2, b2, X[10], k5); + Subround<12>(J, b2, c2, d2, e2, a2, X[ 3], k5); + Subround< 6>(J, a2, b2, c2, d2, e2, X[12], k5); - Subround(e2, a2, b2, c2, d2, X[ 6], k6); - Subround(d2, e2, a2, b2, c2, X[11], k6); - Subround(c2, d2, e2, a2, b2, X[ 3], k6); - Subround(b2, c2, d2, e2, a2, X[ 7], k6); - Subround(a2, b2, c2, d2, e2, X[ 0], k6); - Subround(e2, a2, b2, c2, d2, X[13], k6); - Subround(d2, e2, a2, b2, c2, X[ 5], k6); - Subround(c2, d2, e2, a2, b2, X[10], k6); - Subround(b2, c2, d2, e2, a2, X[14], k6); - Subround(a2, b2, c2, d2, e2, X[15], k6); - Subround(e2, a2, b2, c2, d2, X[ 8], k6); - Subround(d2, e2, a2, b2, c2, X[12], k6); - Subround(c2, d2, e2, a2, b2, X[ 4], k6); - Subround(b2, c2, d2, e2, a2, X[ 9], k6); - Subround(a2, b2, c2, d2, e2, X[ 1], k6); - Subround(e2, a2, b2, c2, d2, X[ 2], k6); + Subround< 9>(I, e2, a2, b2, c2, d2, X[ 6], k6); + Subround<13>(I, d2, e2, a2, b2, c2, X[11], k6); + Subround<15>(I, c2, d2, e2, a2, b2, X[ 3], k6); + Subround< 7>(I, b2, c2, d2, e2, a2, X[ 7], k6); + Subround<12>(I, a2, b2, c2, d2, e2, X[ 0], k6); + Subround< 8>(I, e2, a2, b2, c2, d2, X[13], k6); + Subround< 9>(I, d2, e2, a2, b2, c2, X[ 5], k6); + Subround<11>(I, c2, d2, e2, a2, b2, X[10], k6); + Subround< 7>(I, b2, c2, d2, e2, a2, X[14], k6); + Subround< 7>(I, a2, b2, c2, d2, e2, X[15], k6); + Subround<12>(I, e2, a2, b2, c2, d2, X[ 8], k6); + Subround< 7>(I, d2, e2, a2, b2, c2, X[12], k6); + Subround< 6>(I, c2, d2, e2, a2, b2, X[ 4], k6); + Subround<15>(I, b2, c2, d2, e2, a2, X[ 9], k6); + Subround<13>(I, a2, b2, c2, d2, e2, X[ 1], k6); + Subround<11>(I, e2, a2, b2, c2, d2, X[ 2], k6); - Subround(d2, e2, a2, b2, c2, X[15], k7); - Subround(c2, d2, e2, a2, b2, X[ 5], k7); - Subround(b2, c2, d2, e2, a2, X[ 1], k7); - Subround(a2, b2, c2, d2, e2, X[ 3], k7); - Subround(e2, a2, b2, c2, d2, X[ 7], k7); - Subround(d2, e2, a2, b2, c2, X[14], k7); - Subround(c2, d2, e2, a2, b2, X[ 6], k7); - Subround(b2, c2, d2, e2, a2, X[ 9], k7); - Subround(a2, b2, c2, d2, e2, X[11], k7); - Subround(e2, a2, b2, c2, d2, X[ 8], k7); - Subround(d2, e2, a2, b2, c2, X[12], k7); - Subround(c2, d2, e2, a2, b2, X[ 2], k7); - Subround(b2, c2, d2, e2, a2, X[10], k7); - Subround(a2, b2, c2, d2, e2, X[ 0], k7); - Subround(e2, a2, b2, c2, d2, X[ 4], k7); - Subround(d2, e2, a2, b2, c2, X[13], k7); + Subround< 9>(H, d2, e2, a2, b2, c2, X[15], k7); + Subround< 7>(H, c2, d2, e2, a2, b2, X[ 5], k7); + Subround<15>(H, b2, c2, d2, e2, a2, X[ 1], k7); + Subround<11>(H, a2, b2, c2, d2, e2, X[ 3], k7); + Subround< 8>(H, e2, a2, b2, c2, d2, X[ 7], k7); + Subround< 6>(H, d2, e2, a2, b2, c2, X[14], k7); + Subround< 6>(H, c2, d2, e2, a2, b2, X[ 6], k7); + Subround<14>(H, b2, c2, d2, e2, a2, X[ 9], k7); + Subround<12>(H, a2, b2, c2, d2, e2, X[11], k7); + Subround<13>(H, e2, a2, b2, c2, d2, X[ 8], k7); + Subround< 5>(H, d2, e2, a2, b2, c2, X[12], k7); + Subround<14>(H, c2, d2, e2, a2, b2, X[ 2], k7); + Subround<13>(H, b2, c2, d2, e2, a2, X[10], k7); + Subround<13>(H, a2, b2, c2, d2, e2, X[ 0], k7); + Subround< 7>(H, e2, a2, b2, c2, d2, X[ 4], k7); + Subround< 5>(H, d2, e2, a2, b2, c2, X[13], k7); - Subround(c2, d2, e2, a2, b2, X[ 8], k8); - Subround(b2, c2, d2, e2, a2, X[ 6], k8); - Subround(a2, b2, c2, d2, e2, X[ 4], k8); - Subround(e2, a2, b2, c2, d2, X[ 1], k8); - Subround(d2, e2, a2, b2, c2, X[ 3], k8); - Subround(c2, d2, e2, a2, b2, X[11], k8); - Subround(b2, c2, d2, e2, a2, X[15], k8); - Subround(a2, b2, c2, d2, e2, X[ 0], k8); - Subround(e2, a2, b2, c2, d2, X[ 5], k8); - Subround(d2, e2, a2, b2, c2, X[12], k8); - Subround(c2, d2, e2, a2, b2, X[ 2], k8); - Subround(b2, c2, d2, e2, a2, X[13], k8); - Subround(a2, b2, c2, d2, e2, X[ 9], k8); - Subround(e2, a2, b2, c2, d2, X[ 7], k8); - Subround(d2, e2, a2, b2, c2, X[10], k8); - Subround(c2, d2, e2, a2, b2, X[14], k8); + Subround<15>(G, c2, d2, e2, a2, b2, X[ 8], k8); + Subround< 5>(G, b2, c2, d2, e2, a2, X[ 6], k8); + Subround< 8>(G, a2, b2, c2, d2, e2, X[ 4], k8); + Subround<11>(G, e2, a2, b2, c2, d2, X[ 1], k8); + Subround<14>(G, d2, e2, a2, b2, c2, X[ 3], k8); + Subround<14>(G, c2, d2, e2, a2, b2, X[11], k8); + Subround< 6>(G, b2, c2, d2, e2, a2, X[15], k8); + Subround<14>(G, a2, b2, c2, d2, e2, X[ 0], k8); + Subround< 6>(G, e2, a2, b2, c2, d2, X[ 5], k8); + Subround< 9>(G, d2, e2, a2, b2, c2, X[12], k8); + Subround<12>(G, c2, d2, e2, a2, b2, X[ 2], k8); + Subround< 9>(G, b2, c2, d2, e2, a2, X[13], k8); + Subround<12>(G, a2, b2, c2, d2, e2, X[ 9], k8); + Subround< 5>(G, e2, a2, b2, c2, d2, X[ 7], k8); + Subround<15>(G, d2, e2, a2, b2, c2, X[10], k8); + Subround< 8>(G, c2, d2, e2, a2, b2, X[14], k8); - Subround(b2, c2, d2, e2, a2, X[12], k9); - Subround(a2, b2, c2, d2, e2, X[15], k9); - Subround(e2, a2, b2, c2, d2, X[10], k9); - Subround(d2, e2, a2, b2, c2, X[ 4], k9); - Subround(c2, d2, e2, a2, b2, X[ 1], k9); - Subround(b2, c2, d2, e2, a2, X[ 5], k9); - Subround(a2, b2, c2, d2, e2, X[ 8], k9); - Subround(e2, a2, b2, c2, d2, X[ 7], k9); - Subround(d2, e2, a2, b2, c2, X[ 6], k9); - Subround(c2, d2, e2, a2, b2, X[ 2], k9); - Subround(b2, c2, d2, e2, a2, X[13], k9); - Subround(a2, b2, c2, d2, e2, X[14], k9); - Subround(e2, a2, b2, c2, d2, X[ 0], k9); - Subround(d2, e2, a2, b2, c2, X[ 3], k9); - Subround(c2, d2, e2, a2, b2, X[ 9], k9); - Subround(b2, c2, d2, e2, a2, X[11], k9); + Subround< 8>(F, b2, c2, d2, e2, a2, X[12], k9); + Subround< 5>(F, a2, b2, c2, d2, e2, X[15], k9); + Subround<12>(F, e2, a2, b2, c2, d2, X[10], k9); + Subround< 9>(F, d2, e2, a2, b2, c2, X[ 4], k9); + Subround<12>(F, c2, d2, e2, a2, b2, X[ 1], k9); + Subround< 5>(F, b2, c2, d2, e2, a2, X[ 5], k9); + Subround<14>(F, a2, b2, c2, d2, e2, X[ 8], k9); + Subround< 6>(F, e2, a2, b2, c2, d2, X[ 7], k9); + Subround< 8>(F, d2, e2, a2, b2, c2, X[ 6], k9); + Subround<13>(F, c2, d2, e2, a2, b2, X[ 2], k9); + Subround< 6>(F, b2, c2, d2, e2, a2, X[13], k9); + Subround< 5>(F, a2, b2, c2, d2, e2, X[14], k9); + Subround<15>(F, e2, a2, b2, c2, d2, X[ 0], k9); + Subround<13>(F, d2, e2, a2, b2, c2, X[ 3], k9); + Subround<11>(F, c2, d2, e2, a2, b2, X[ 9], k9); + Subround<11>(F, b2, c2, d2, e2, a2, X[11], k9); a1 -= trackA[0]; b1 -= trackA[1]; diff --git a/vendor/cryptopp/vendor_cryptopp/tweetnacl.cpp b/vendor/cryptopp/vendor_cryptopp/tweetnacl.cpp index b36f1e08..aec6210e 100644 --- a/vendor/cryptopp/vendor_cryptopp/tweetnacl.cpp +++ b/vendor/cryptopp/vendor_cryptopp/tweetnacl.cpp @@ -755,6 +755,25 @@ int crypto_sign_keypair(byte *pk, byte *sk) return 0; } +int crypto_sign_sk2pk(byte *pk, const byte *sk) +{ + byte d[64]; + gf p[4]; + // int i; + + // randombytes(sk, 32); + crypto_hash(d, sk, 32); + d[0] &= 248; + d[31] &= 127; + d[31] |= 64; + + scalarbase(p,d); + pack(pk,p); + + // for(i=0; i<32; ++i) sk[32 + i] = pk[i]; + return 0; +} + static const word64 L[32] = {0xed, 0xd3, 0xf5, 0x5c, 0x1a, 0x63, 0x12, 0x58, 0xd6, 0x9c, 0xf7, 0xa2, 0xde, 0xf9, 0xde, 0x14, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0x10}; static void modL(byte *r,sword64 x[64]) @@ -895,6 +914,3 @@ NAMESPACE_END // CryptoPP NAMESPACE_END // NaCl #endif // NO_OS_DEPENDENCE - - - diff --git a/vendor/cryptopp/vendor_cryptopp/validat0.cpp b/vendor/cryptopp/vendor_cryptopp/validat0.cpp index d97c41f6..56c3e159 100644 --- a/vendor/cryptopp/vendor_cryptopp/validat0.cpp +++ b/vendor/cryptopp/vendor_cryptopp/validat0.cpp @@ -1,31 +1,30 @@ // validat0.cpp - originally written and placed in the public domain by Wei Dai and Jeffrey Walton -// Routines in this source file are only tested in Debug builds +// Routines in this source file are only tested in Debug builds. +// Source files split in July 2018 to expedite compiles. #include "pch.h" -#include "secblock.h" -#include "integer.h" -#include "nbtheory.h" -#include "zdeflate.h" -#include "filters.h" -#include "stdcpp.h" -#include "default.h" -#include "zinflate.h" -#include "channels.h" -#include "files.h" +#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 + +#include "cryptlib.h" +#include "cpu.h" +#include "validate.h" + +#include "asn.h" #include "gf2n.h" +#include "default.h" +#include "integer.h" +#include "polynomi.h" +#include "channels.h" + +#include "ida.h" #include "gzip.h" #include "zlib.h" -#include "ida.h" -#include "hex.h" -#include "asn.h" #include #include #include -#include "validate.h" - // Aggressive stack checking with VS2005 SP1 and above. #if (_MSC_FULL_VER >= 140050727) # pragma strict_gs_check (on) @@ -42,12 +41,11 @@ NAMESPACE_BEGIN(Test) // Issue 64: "PolynomialMod2::operator<<=", http://github.com/weidai11/cryptopp/issues/64 bool TestPolynomialMod2() { + std::cout << "\nTesting PolynomialMod2 bit operations...\n\n"; bool pass1 = true, pass2 = true, pass3 = true; - std::cout << "\nTesting PolynomialMod2 bit operations...\n\n"; - - static const unsigned int start = 0; - static const unsigned int stop = 4 * WORD_BITS + 1; + const unsigned int start = 0; + const unsigned int stop = 4 * WORD_BITS + 1; for (unsigned int i = start; i < stop; i++) { @@ -154,13 +152,14 @@ bool TestCompressors() { std::cout << "\nTesting Compressors and Decompressors...\n\n"; bool fail1 = false, fail2 = false, fail3 = false; + const unsigned int COMP_COUNT = 64; try { // Gzip uses Adler32 checksums. We expect a failure to to happen on occasion. // If we see more than 2 failures in a run of 128, then we need to investigate. unsigned int truncatedCount=0; - for (unsigned int i = 0; i<128; ++i) + for (unsigned int i = 0; i, AllocatorWithCleanup > s1; - std::basic_string, AllocatorWithCleanup > s2; - s1.resize(1024); s2.resize(1024); - - std::vector > v1; - std::vector > v2; - v1.resize(1024); v2.resize(1024); - } - - //********** Zeroized block **********// - - { - // NULL ptr with a size means to create a new SecBlock with all elements zero'd - SecByteBlock z1(NULLPTR, 256); - temp = true; - - for (size_t i = 0; i < z1.size(); i++) - temp &= (z1[i] == 0); - - pass1 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Zeroized byte array\n"; - - SecBlock z2(NULLPTR, 256); - temp = true; - - for (size_t i = 0; i < z2.size(); i++) - temp &= (z2[i] == 0); - - pass1 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Zeroized word32 array\n"; - - SecBlock z3(NULLPTR, 256); - temp = true; - - for (size_t i = 0; i < z3.size(); i++) - temp &= (z3[i] == 0); - - pass1 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Zeroized word64 array\n"; - -#if defined(CRYPTOPP_WORD128_AVAILABLE) - SecBlock z4(NULLPTR, 256); - temp = true; - - for (size_t i = 0; i < z4.size(); i++) - temp &= (z4[i] == 0); - - pass1 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Zeroized word128 array\n"; -#endif - } - - //********** Non-zero'd block **********// - - { - SecByteBlock z1(NULLPTR, 256); - z1.SetMark(0); - - SecBlock z2(NULLPTR, 256); - z2.SetMark(0); - - SecBlock z3(NULLPTR, 256); - z3.SetMark(0); - -#if defined(CRYPTOPP_WORD128_AVAILABLE) - SecBlock z4(NULLPTR, 256); - z4.SetMark(0); -#endif - } - - //********** Assign **********// - try { - SecByteBlock a, b; - temp = true; + std::string in = "The quick brown fox jumps over the lazy dog"; - a.Assign((const byte*)"a", 1); - b.Assign((const byte*)"b", 1); + std::string str; + StringSource s1(in, true, new StringSink(str)); - temp &= (a.SizeInBytes() == 1); - temp &= (b.SizeInBytes() == 1); - temp &= (a[0] == 'a'); - temp &= (b[0] == 'b'); + std::vector vec; + StringSource s2(in, true, new VectorSink(vec)); - a.Assign((const byte*)"ab", 2); - b.Assign((const byte*)"cd", 2); + std::vector vec2; + VectorSource s3(vec, true, new VectorSink(vec2)); - temp &= (a.SizeInBytes() == 2); - temp &= (b.SizeInBytes() == 2); - temp &= (a[0] == 'a' && a[1] == 'b'); - temp &= (b[0] == 'c' && b[1] == 'd'); + return str.size() == vec.size() && + std::equal(str.begin(), str.end(), vec.begin()) && + vec.size() == vec2.size() && + std::equal(vec.begin(), vec.end(), vec2.begin()); } - catch(const Exception& /*ex*/) + catch(const std::exception&) { - temp = false; } - - pass2 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Assign byte\n"; - - try - { - SecBlock a, b; - temp = true; - - word32 one[1] = {1}, two[1] = {2}; - a.Assign(one, 1); - b.Assign(two, 1); - - temp &= (a.SizeInBytes() == 4); - temp &= (b.SizeInBytes() == 4); - temp &= (a[0] == 1); - temp &= (b[0] == 2); - - word32 three[2] = {1,2}, four[2] = {3,4}; - a.Assign(three, 2); - b.Assign(four, 2); - - temp &= (a.SizeInBytes() == 8); - temp &= (b.SizeInBytes() == 8); - temp &= (a[0] == 1 && a[1] == 2); - temp &= (b[0] == 3 && b[1] == 4); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass2 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Assign word32\n"; - - try - { - SecBlock a, b; - temp = true; - - word64 one[1] = {1}, two[1] = {2}; - a.Assign(one, 1); - b.Assign(two, 1); - - temp &= (a.SizeInBytes() == 8); - temp &= (b.SizeInBytes() == 8); - temp &= (a[0] == 1); - temp &= (b[0] == 2); - - word64 three[2] = {1,2}, four[2] = {3,4}; - a.Assign(three, 2); - b.Assign(four, 2); - - temp &= (a.SizeInBytes() == 16); - temp &= (b.SizeInBytes() == 16); - temp &= (a[0] == 1 && a[1] == 2); - temp &= (b[0] == 3 && b[1] == 4); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass2 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Assign word64\n"; - -#if defined(CRYPTOPP_WORD128_AVAILABLE) - try - { - SecBlock a, b; - temp = true; - - word128 one[1] = {1}, two[1] = {2}; - a.Assign(one, 1); - b.Assign(two, 1); - - temp &= (a.SizeInBytes() == 16); - temp &= (b.SizeInBytes() == 16); - temp &= (a[0] == 1); - temp &= (b[0] == 2); - - word128 three[2] = {1,2}, four[2] = {3,4}; - a.Assign(three, 2); - b.Assign(four, 2); - - temp &= (a.SizeInBytes() == 32); - temp &= (b.SizeInBytes() == 32); - temp &= (a[0] == 1 && a[1] == 2); - temp &= (b[0] == 3 && b[1] == 4); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass2 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Assign word128\n"; -#endif - - //********** Append **********// - - try - { - SecByteBlock a, b; - temp = true; - - a.Assign((const byte*)"a", 1); - b.Assign((const byte*)"b", 1); - - a += b; - temp &= (a.SizeInBytes() == 2); - temp &= (a[0] == 'a' && a[1] == 'b'); - - a.Assign((const byte*)"ab", 2); - b.Assign((const byte*)"cd", 2); - - a += b; - temp &= (a.SizeInBytes() == 4); - temp &= (a[0] == 'a' && a[1] == 'b' && a[2] == 'c' && a[3] == 'd'); - - a.Assign((const byte*)"a", 1); - - a += a; - temp &= (a.SizeInBytes() == 2); - temp &= (a[0] == 'a' && a[1] == 'a'); - - a.Assign((const byte*)"ab", 2); - - a += a; - temp &= (a.SizeInBytes() == 4); - temp &= (a[0] == 'a' && a[1] == 'b' && a[2] == 'a' && a[3] == 'b'); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass3 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Append byte\n"; - - try - { - SecBlock a, b; - temp = true; - - const word32 one[1] = {1}, two[1] = {2}; - a.Assign(one, 1); - b.Assign(two, 1); - - a += b; - temp &= (a.SizeInBytes() == 8); - temp &= (a[0] == 1 && a[1] == 2); - - const word32 three[2] = {1,2}, four[2] = {3,4}; - a.Assign(three, 2); - b.Assign(four, 2); - - a += b; - temp &= (a.SizeInBytes() == 16); - temp &= (a[0] == 1 && a[1] == 2 && a[2] == 3 && a[3] == 4); - - a.Assign(one, 1); - - a += a; - temp &= (a.SizeInBytes() == 8); - temp &= (a[0] == 1 && a[1] == 1); - - a.Assign(three, 2); - - a += a; - temp &= (a.SizeInBytes() == 16); - temp &= (a[0] == 1 && a[1] == 2 && a[2] == 1 && a[3] == 2); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass3 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Append word32\n"; - - try - { - SecBlock a, b; - temp = true; - - const word64 one[1] = {1}, two[1] = {2}; - a.Assign(one, 1); - b.Assign(two, 1); - - a += b; - temp &= (a.SizeInBytes() == 16); - temp &= (a[0] == 1 && a[1] == 2); - - const word64 three[2] = {1,2}, four[2] = {3,4}; - a.Assign(three, 2); - b.Assign(four, 2); - - a += b; - temp &= (a.SizeInBytes() == 32); - temp &= (a[0] == 1 && a[1] == 2 && a[2] == 3 && a[3] == 4); - - a.Assign(one, 1); - - a += a; - temp &= (a.SizeInBytes() == 16); - temp &= (a[0] == 1 && a[1] == 1); - - a.Assign(three, 2); - - a += a; - temp &= (a.SizeInBytes() == 32); - temp &= (a[0] == 1 && a[1] == 2 && a[2] == 1 && a[3] == 2); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass3 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Append word64\n"; - -#if defined(CRYPTOPP_WORD128_AVAILABLE) - try - { - SecBlock a, b; - temp = true; - - const word128 one[1] = {1}, two[1] = {2}; - a.Assign(one, 1); - b.Assign(two, 1); - - a += b; - temp &= (a.SizeInBytes() == 32); - temp &= (a[0] == 1 && a[1] == 2); - - const word128 three[2] = {1,2}, four[2] = {3,4}; - a.Assign(three, 2); - b.Assign(four, 2); - - a += b; - temp &= (a.SizeInBytes() == 64); - temp &= (a[0] == 1 && a[1] == 2 && a[2] == 3 && a[3] == 4); - - a.Assign(one, 1); - - a += a; - temp &= (a.SizeInBytes() == 32); - temp &= (a[0] == 1 && a[1] == 1); - - a.Assign(three, 2); - - a += a; - temp &= (a.SizeInBytes() == 64); - temp &= (a[0] == 1 && a[1] == 2 && a[2] == 1 && a[3] == 2); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass3 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Append word128\n"; -#endif - - //********** Concatenate **********// - - // byte - try - { - SecByteBlock a, b, c; - temp = true; - - a.Assign((const byte*)"a", 1); - b.Assign((const byte*)"b", 1); - - c = a + b; - temp &= (a[0] == 'a'); - temp &= (b[0] == 'b'); - temp &= (c.SizeInBytes() == 2); - temp &= (c[0] == 'a' && c[1] == 'b'); - - a.Assign((const byte*)"ab", 2); - b.Assign((const byte*)"cd", 2); - - c = a + b; - temp &= (a[0] == 'a' && a[1] == 'b'); - temp &= (b[0] == 'c' && b[1] == 'd'); - temp &= (c.SizeInBytes() == 4); - temp &= (c[0] == 'a' && c[1] == 'b' && c[2] == 'c' && c[3] == 'd'); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass4 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Concatenate byte\n"; - - // word32 - try - { - SecBlock a, b, c; - temp = true; - - const word32 one[1] = {1}, two[1] = {2}; - a.Assign(one, 1); - b.Assign(two, 1); - - c = a + b; - temp &= (a[0] == 1); - temp &= (b[0] == 2); - temp &= (c.SizeInBytes() == 8); - temp &= (c[0] == 1 && c[1] == 2); - - const word32 three[2] = {1,2}, four[2] = {3,4}; - a.Assign(three, 2); - b.Assign(four, 2); - - c = a + b; - temp &= (a[0] == 1 && a[1] == 2); - temp &= (b[0] == 3 && b[1] == 4); - temp &= (c.SizeInBytes() == 16); - temp &= (c[0] == 1 && c[1] == 2 && c[2] == 3 && c[3] == 4); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass4 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Concatenate word32\n"; - - // word64 - try - { - SecBlock a, b, c; - temp = true; - - const word64 one[1] = {1}, two[1] = {2}; - a.Assign(one, 1); - b.Assign(two, 1); - - c = a + b; - temp &= (a[0] == 1); - temp &= (b[0] == 2); - temp &= (c.SizeInBytes() == 16); - temp &= (c[0] == 1 && c[1] == 2); - - const word64 three[2] = {1,2}, four[2] = {3,4}; - a.Assign(three, 2); - b.Assign(four, 2); - - c = a + b; - temp &= (a[0] == 1 && a[1] == 2); - temp &= (b[0] == 3 && b[1] == 4); - temp &= (c.SizeInBytes() == 32); - temp &= (c[0] == 1 && c[1] == 2 && c[2] == 3 && c[3] == 4); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass4 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Concatenate word64\n"; - -#if defined(CRYPTOPP_WORD128_AVAILABLE) - try - { - SecBlock a, b, c; - temp = true; - - const word128 one[1] = {1}, two[1] = {2}; - a.Assign(one, 1); - b.Assign(two, 1); - - c = a + b; - temp &= (a[0] == 1); - temp &= (b[0] == 2); - temp &= (c.SizeInBytes() == 32); - temp &= (c[0] == 1 && c[1] == 2); - - const word128 three[2] = {1,2}, four[2] = {3,4}; - a.Assign(three, 2); - b.Assign(four, 2); - - c = a + b; - temp &= (a[0] == 1 && a[1] == 2); - temp &= (b[0] == 3 && b[1] == 4); - temp &= (c.SizeInBytes() == 64); - temp &= (c[0] == 1 && c[1] == 2 && c[2] == 3 && c[3] == 4); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass4 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Concatenate word128\n"; -#endif - - //********** Equality **********// - - // byte - try - { - static const byte str1[] = "abcdefghijklmnopqrstuvwxyz"; - static const byte str2[] = "zyxwvutsrqponmlkjihgfedcba"; - static const byte str3[] = "0123456789"; - - temp = true; - SecByteBlock a,b; - - a.Assign(str1, COUNTOF(str1)); - b.Assign(str1, COUNTOF(str1)); - temp &= (a.operator==(b)); - - a.Assign(str3, COUNTOF(str3)); - b.Assign(str3, COUNTOF(str3)); - temp &= (a == b); - - a.Assign(str1, COUNTOF(str1)); - b.Assign(str2, COUNTOF(str2)); - temp &= (a.operator!=(b)); - - a.Assign(str1, COUNTOF(str1)); - b.Assign(str3, COUNTOF(str3)); - temp &= (a != b); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass5 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Equality byte\n"; - - // word32 - try - { - static const word32 str1[] = {2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97}; - static const word32 str2[] = {97,89,83,79,73,71,67,61,59,53,47,43,41,37,31,29,23,19,17,13,11,7,5,3,2}; - static const word32 str3[] = {0,1,2,3,4,5,6,7,8,9}; - - temp = true; - SecBlock a,b; - - a.Assign(str1, COUNTOF(str1)); - b.Assign(str1, COUNTOF(str1)); - temp &= (a.operator==(b)); - - a.Assign(str3, COUNTOF(str3)); - b.Assign(str3, COUNTOF(str3)); - temp &= (a == b); - - a.Assign(str1, COUNTOF(str1)); - b.Assign(str2, COUNTOF(str2)); - temp &= (a.operator!=(b)); - - a.Assign(str1, COUNTOF(str1)); - b.Assign(str3, COUNTOF(str3)); - temp &= (a != b); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass5 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Equality word32\n"; - - // word64 - try - { - static const word64 str1[] = {2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97}; - static const word64 str2[] = {97,89,83,79,73,71,67,61,59,53,47,43,41,37,31,29,23,19,17,13,11,7,5,3,2}; - static const word64 str3[] = {0,1,2,3,4,5,6,7,8,9}; - - temp = true; - SecBlock a,b; - - a.Assign(str1, COUNTOF(str1)); - b.Assign(str1, COUNTOF(str1)); - temp &= (a.operator==(b)); - - a.Assign(str3, COUNTOF(str3)); - b.Assign(str3, COUNTOF(str3)); - temp &= (a == b); - - a.Assign(str1, COUNTOF(str1)); - b.Assign(str2, COUNTOF(str2)); - temp &= (a.operator!=(b)); - - a.Assign(str1, COUNTOF(str1)); - b.Assign(str3, COUNTOF(str3)); - temp &= (a != b); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass5 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Equality word64\n"; - -#if defined(CRYPTOPP_WORD128_AVAILABLE) - // word128 - try - { - static const word128 str1[] = {2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97}; - static const word128 str2[] = {97,89,83,79,73,71,67,61,59,53,47,43,41,37,31,29,23,19,17,13,11,7,5,3,2}; - static const word128 str3[] = {0,1,2,3,4,5,6,7,8,9}; - - temp = true; - SecBlock a,b; - - a.Assign(str1, COUNTOF(str1)); - b.Assign(str1, COUNTOF(str1)); - temp &= (a.operator==(b)); - - a.Assign(str3, COUNTOF(str3)); - b.Assign(str3, COUNTOF(str3)); - temp &= (a == b); - - a.Assign(str1, COUNTOF(str1)); - b.Assign(str2, COUNTOF(str2)); - temp &= (a.operator!=(b)); - - a.Assign(str1, COUNTOF(str1)); - b.Assign(str3, COUNTOF(str3)); - temp &= (a != b); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - - pass5 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Equality word128\n"; -#endif - - //********** Allocator Size/Overflow **********// - - try - { - temp = false; - - AllocatorBase A; - const size_t max = A.max_size(); - SecBlock t(max+1); - } - catch(const Exception& /*ex*/) - { - temp = true; - } - catch(const std::exception& /*ex*/) - { - temp = true; - } - - pass6 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Overflow word32\n"; - - try - { - temp = false; - - AllocatorBase A; - const size_t max = A.max_size(); - SecBlock t(max+1); - } - catch(const Exception& /*ex*/) - { - temp = true; - } - catch(const std::exception& /*ex*/) - { - temp = true; - } - - pass6 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Overflow word64\n"; - -#if defined(CRYPTOPP_WORD128_AVAILABLE) - try - { - temp = false; - - AllocatorBase A; - const size_t max = A.max_size(); - SecBlock t(max+1); - } - catch(const Exception& /*ex*/) - { - temp = true; - } - catch(const std::exception& /*ex*/) - { - temp = true; - } - - pass6 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Overflow word128\n"; -#endif - - //********** FixedSizeAllocatorWithCleanup and Grow **********// - - // byte - try - { - static const unsigned int SIZE = 8; - SecBlockWithHint block(SIZE); - memset(block, 0xaa, block.SizeInBytes()); - - temp = true; - block.CleanGrow(SIZE*2); - temp &= (block.size() == SIZE*2); - - for (size_t i = 0; i < block.size()/2; i++) - temp &= (block[i] == 0xaa); - for (size_t i = block.size()/2; i < block.size(); i++) - temp &= (block[i] == 0); - - block.CleanNew(SIZE*4); - temp &= (block.size() == SIZE*4); - for (size_t i = 0; i < block.size(); i++) - temp &= (block[i] == 0); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - catch(const std::exception& /*ex*/) - { - temp = false; - } - - pass7 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " FixedSizeAllocator Grow with byte\n"; - - // word32 - try - { - static const unsigned int SIZE = 8; - SecBlockWithHint block(SIZE); - memset(block, 0xaa, block.SizeInBytes()); - - temp = true; - block.CleanGrow(SIZE*2); - temp &= (block.size() == SIZE*2); - - for (size_t i = 0; i < block.size()/2; i++) - temp &= (block[i] == 0xaaaaaaaa); - - for (size_t i = block.size()/2; i < block.size(); i++) - temp &= (block[i] == 0); - - block.CleanNew(SIZE*4); - temp &= (block.size() == SIZE*4); - for (size_t i = 0; i < block.size(); i++) - temp &= (block[i] == 0); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - catch(const std::exception& /*ex*/) - { - temp = false; - } - - pass7 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " FixedSizeAllocator Grow with word32\n"; - - // word64 - try - { - static const unsigned int SIZE = 8; - SecBlockWithHint block(SIZE); - memset(block, 0xaa, block.SizeInBytes()); - - temp = true; - block.CleanGrow(SIZE*2); - temp &= (block.size() == SIZE*2); - - for (size_t i = 0; i < block.size()/2; i++) - temp &= (block[i] == W64LIT(0xaaaaaaaaaaaaaaaa)); - - for (size_t i = block.size()/2; i < block.size(); i++) - temp &= (block[i] == 0); - - block.CleanNew(SIZE*4); - temp &= (block.size() == SIZE*4); - for (size_t i = 0; i < block.size(); i++) - temp &= (block[i] == 0); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - catch(const std::exception& /*ex*/) - { - temp = false; - } - - pass7 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " FixedSizeAllocator Grow with word64\n"; - -#if defined(CRYPTOPP_WORD128_AVAILABLE) - // word128 - try - { - static const unsigned int SIZE = 8; - SecBlock > block(SIZE); - memset(block, 0xaa, block.SizeInBytes()); - - temp = true; - block.CleanGrow(SIZE*2); - temp &= (block.size() == SIZE*2); - - for (size_t i = 0; i < block.size()/2; i++) - temp &= (block[i] == (((word128)W64LIT(0xaaaaaaaaaaaaaaaa) << 64U) | W64LIT(0xaaaaaaaaaaaaaaaa))); - - for (size_t i = block.size()/2; i < block.size(); i++) - temp &= (block[i] == 0); - - block.CleanNew(SIZE*4); - temp &= (block.size() == SIZE*4); - for (size_t i = 0; i < block.size(); i++) - temp &= (block[i] == 0); - } - catch(const Exception& /*ex*/) - { - temp = false; - } - catch(const std::exception& /*ex*/) - { - temp = false; - } - - pass7 &= temp; - if (!temp) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " FixedSizeAllocator Grow with word128\n"; -#endif - - return pass1 && pass2 && pass3 && pass4 && pass5 && pass6 && pass7; -} -#endif - -#if defined(CRYPTOPP_EXTENDED_VALIDATION) -bool TestHuffmanCodes() -{ - std::cout << "\nTesting Huffman codes...\n\n"; - bool pass=true; - - static const size_t nCodes = 30; - const unsigned int codeCounts[nCodes] = { - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - - static const unsigned int maxCodeBits = nCodes >> 1; - unsigned int codeBits[nCodes] = { - ~0u, ~0u, ~0u, ~0u, ~0u, - ~0u, ~0u, ~0u, ~0u, ~0u, - ~0u, ~0u, ~0u, ~0u, ~0u, - }; - - try - { - HuffmanEncoder::GenerateCodeLengths(codeBits, maxCodeBits, codeCounts, nCodes); - } - catch(const Exception& /*ex*/) - { - pass=false; - } - - if (!pass) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " GenerateCodeLengths" << std::endl; - - // Try to crash the HuffmanDecoder - for (unsigned int i=0; i<128; ++i) - { - try - { - byte data1[0xfff]; // Place on stack, avoid new - unsigned int data2[0xff]; - - unsigned int len1 = GlobalRNG().GenerateWord32(4, 0xfff); - GlobalRNG().GenerateBlock(data1, len1); - unsigned int len2 = GlobalRNG().GenerateWord32(4, 0xff); - GlobalRNG().GenerateBlock((byte*)data2, len2*sizeof(unsigned int)); - - ArraySource source(data1, len1, false); - HuffmanDecoder decoder(data2, len2); - - LowFirstBitReader reader(source); - unsigned int val; - for (unsigned int j=0; !source.AnyRetrievable(); ++j) - decoder.Decode(reader, val); - } - catch (const Exception&) {} - } - - std::cout << "passed: HuffmanDecoder decode" << std::endl; - - return pass; -} -#endif - -#if defined(CRYPTOPP_EXTENDED_VALIDATION) -bool TestIntegerBitops() -{ - std::cout << "\nTesting Integer bit operations...\n\n"; - - struct Bitops_TestTuple - { - // m,n are operands; a,o,x are and,or,xor results - const char *m, *n, *a, *o, *x; - }; - static const Bitops_TestTuple tests[] = { - { - "0xc2cea8a4", "0xb36e5794", "0x824e0084", "0xf3eeffb4", "0x71a0ff30" - }, - { - "0x436eb828", "0x1b375cb4", "0x3261820", "0x5b7ffcbc", "0x5859e49c" - }, - { - "0x1e5c0b28", "0x4fded465", "0xe5c0020", "0x5fdedf6d", "0x5182df4d" - }, - { - "0xeb71fde7", "0xf7bb47cf", "0xe33145c7", "0xfffbffef", "0x1ccaba28" - }, - { - "0xa6b0f01f", "0x8a8ca98", "0xa0c018", "0xaeb8fa9f", "0xae183a87" - }, - { - "0xa70bd8b7", "0x5c758cf5", "0x40188b5", "0xff7fdcf7", "0xfb7e5442" - }, - { - "0xf91af382", "0x718a9995", "0x710a9180", "0xf99afb97", "0x88906a17" - }, - { - "0xbd2a76ad", "0xddd8dfeb", "0x9d0856a9", "0xfdfaffef", "0x60f2a946" - }, - { - "0xd4b559cc", "0x91a53295", "0x90a51084", "0xd5b57bdd", "0x45106b59" - }, - { - "0x89434e9e", "0xa42fdaf9", "0x80034a98", "0xad6fdeff", "0x2d6c9467" - }, - { - "0xb947ac04", "0xd4201e52", "0x90000c00", "0xfd67be56", "0x6d67b256" - }, - { - "0xa83945c1", "0x3a9c5dba", "0x28184580", "0xbabd5dfb", "0x92a5187b" - }, - { - "0xbca38ffa", "0x881ba9fd", "0x880389f8", "0xbcbbafff", "0x34b82607" - }, - { - "0xfcd0b92", "0xeaad8534", "0xa8d0110", "0xefed8fb6", "0xe5608ea6" - }, - { - "0x50d160d0", "0x64646f75", "0x40406050", "0x74f56ff5", "0x34b50fa5" - }, - { - "0x165ccff8", "0x67d49127", "0x6548120", "0x77dcdfff", "0x71885edf" - }, - { - "0x8c4f4bbb7adaacb5", "0x2566b7a909b24aa9", "0x44603a9089208a1", "0xad6fffbb7bfaeebd", "0xa929fc127368e61c" - }, - { - "0x6f9ef50aafb31e8d", "0x7a93b2ccd1bbbff2", "0x6a92b00881b31e80", "0x7f9ff7ceffbbbfff", "0x150d47c67e08a17f" - }, - { - "0x4c99e967f8de5294", "0x1f4699e0c14e6974", "0xc008960c04e4014", "0x5fdff9e7f9de7bf4", "0x53df708739903be0" - }, - { - "0xcc55f5d6d3ea45c", "0x6805b4ddb6390c2f", "0x805145d2438040c", "0x6cc5ffddff3fac7f", "0x64c0eb80db07a873" - }, - { - "0x90620d1a012459e7", "0x89d31098ce3fed42", "0x8042001800244942", "0x99f31d9acf3ffde7", "0x19b11d82cf1bb4a5" - }, - { - "0xb87d1674e90a935a", "0x75ea466cbb782ac4", "0x30680664a9080240", "0xfdff567cfb7abbde", "0xcd9750185272b99e" - }, - { - "0x1f135732240701f0", "0x6aa09a1614bf4dd4", "0xa001212040701d0", "0x7fb3df3634bf4df4", "0x75b3cd2430b84c24" - }, - { - "0xc9a88d8300099a31", "0xdc8e91df745169ee", "0xc888818300010820", "0xddae9ddf7459fbff", "0x15261c5c7458f3df" - }, - { - "0xc8c828d15228b562", "0x43f86cffa3d15d80", "0x40c828d102001500", "0xcbf86cfff3f9fde2", "0x8b30442ef1f9e8e2" - }, - { - "0x41fdc0bc2009563f", "0x59dd1c417e3c07bc", "0x41dd00002008063c", "0x59fddcfd7e3d57bf", "0x1820dcfd5e355183" - }, - { - "0x9e2f78600c3a84e7", "0xac69a0e1fe7887b0", "0x8c2920600c3884a0", "0xbe6ff8e1fe7a87f7", "0x3246d881f2420357" - }, - { - "0xd424d1d9a955f617", "0x9608f5bde1c4d893", "0x9400d199a144d013", "0xd62cf5fde9d5fe97", "0x422c246448912e84" - }, - { - "0x1aa8b60a0627719a", "0x5b26e6aca95f5f60", "0x1a20a60800075100", "0x5baef6aeaf7f7ffa", "0x418e50a6af782efa" - }, - { - "0xcf5db499233fac00", "0xf33e7a29c3c33da8", "0xc31c300903032c00", "0xff7ffeb9e3ffbda8", "0x3c63ceb0e0fc91a8" - }, - { - "0x6b47c03d576e878d", "0x2032d13574d67da4", "0x2002c03554460584", "0x6b77d13d77feffad", "0x4b75110823b8fa29" - }, - { - "0xd47eeb3aefebf074", "0x6d7ba17a42c66b89", "0x447aa13a42c26000", "0xfd7feb7aefeffbfd", "0xb9054a40ad2d9bfd" - }, - { - "0x33ad9c5d20b03f5c05535f20a2941c8f4ae0f1f19500759151060dce39e5dfed41ec4f", - "0x277401dc000fde7eda4d60a5698935f7febd8fbe49e5d6f56ca2e7f6118380d3cd655da392df3ba6c1b13dc0119af34cfa1d18a65", - "0x10a9841c002016480453410020041c8640c0312191006411110401082924cfa1418845", - "0x277401dc000fde7eda4d60a5698935f7febfbfffcdf7dff7fde2f7f7f38ba9d3cdf5ffaf9fdf7ba7d9b53de0ddfbff5dfedd1ee6f", - "0x277401dc000fde7eda4d60a5698935f7febeb5678c37ddf69962b2c3e389a9920591f3ac8dc66ba198a42da0cd796d1104c90662a" - }, - { - "0xb6ea335c13111216862e370d12fb9c761a6266617f62a1904b0d7944ab3cddc71f11752ad9424b0", - "0xa6b380f048a9cbe45ff4ea824064c831eb03ff875e1e3e", - "0xa62200104028090410d480020044c831e1035285140430", - "0xb6ea335c13111216862e370d12fb9c761a6b7e6f7feabdbe4fff7fecaf3eddc71fb17ffafde3ebe", - "0xb6ea335c13111216862e370d12fb9c7610095e6e7be83d2e0ef237ec8f3a914401a14ad2aca3a8e" - }, - { - "0x8fb9486ad1f89ca5b3f6da9f0d5ef9ec328b8cc3e5122afbd8a67bd1b2b4ab5c548b90cf9fe1933a0362922f1e84ef0", - "0x10615f963dffc13718ed1ecdb9cfbef33148befeb91b190dc7e7d28d8821ff248ab26a34e1b89885c643e447c72", - "0x6051901ca58136188d0c4cb9cc32830040a412281b180443c192848800540080820a208138000082030404c70", - "0x8fb9586bdffebdfff3f7daff1fdff9efbefbbdcbfffebbfbd9affff7f2bdab7dffaf9afffff5f3ba9be7d66ffec7ef2", - "0x8fb9580b8e6ea15a72c1c272139340238c78bd8b5bec93e0c1abbc366039237dabaf1a7df5d572829be7546cfac3282" - }, - { - "0x10af96443b186faf790279bf3bbe0517d56ffc01e7fec8c88e765d48cc32333390224f4d762d1ba788c50801cba02524cb49", - "0x95d44e7344fb1701bace3ae83affbb6290bf282f7565b9a82c386823f5f213a53eccb2cfe5deb4dd040067a64ada8c1b6828599b96cc70647e7d19dc7dfba393addabe689ffbe1a36642bc9844b81c6c4c2e178", - "0x2c96442b084000000260ad288004028509b800c70640c080144548883032118022094d3608122408c1000181800400c148", - "0x95d44e7344fb1701bace3ae83affbb6290bf282f7565b9a82c386823f5f213a53ecdbaffe5dfb5dffef7f7a7dbfbbffb797d5fffd6de7fecfefdfffdfdffe3b3bffbbe6cffffe3f3fe7abcd8c4bcbe6e5e6eb79", - "0x95d44e7344fb1701bace3ae83affbb6290bf282f7565b9a82c386823f5f213a53ecdb836819d055bfef7f781d12937fb39550f6456d20f88f2f5feb9a97760b09ee3bc4c6b2c8372dc3a30c8c4a4a66e1e62a31" - }, - { - "0x5fc77dab8cd9c1da8c91eb7ba9c23ce85375b61bf3b9a8c4e4df7bc917aa8a14e747888c9756a2be2fd2e256e44194ce093a0185594de0dcf8340c45b6af7dbdc7682fbef6313f9f1cb234689d9f1ff603e1273faad89d0fe1ab57fbc7c32d29dce125fafc973754464b55ae5de58a8a5661c2065b95c2c94d7ec34", - "0xd4a9158961d4c11258cd047eda13d6804c16c3a374b7f4115bd835bde0b5", - "0x1080158800548100504504649012c480480081221420641158081495e034", - "0x5fc77dab8cd9c1da8c91eb7ba9c23ce85375b61bf3b9a8c4e4df7bc917aa8a14e747888c9756a2be2fd2e256e44194ce093a0185594de0dcf8340c45b6af7dbdc7682fbef6313f9f1cb234689d9f1ff603e1273faad89d0fe1ab57fbc7cf6fb9dcf73dfefdb7bfd447eff5bf7de5cbee7e77cb7f5b95ffcb5ffecb5", - "0x5fc77dab8cd9c1da8c91eb7ba9c23ce85375b61bf3b9a8c4e4df7bc917aa8a14e747888c9756a2be2fd2e256e44194ce093a0185594de0dcf8340c45b6af7dbdc7682fbef6313f9f1cb234689d9f1ff603e1273faad89d0fe1ab57fbc7ce67b8847738b6edb2bb8401a6f49335e14be66c5689791a807f4a16a0c81" - }, - { - "0x52cbea1f4d78445fb8f9267203f0f04bddf65b69b1acb0877143e77317f2d9679cb", - "0x331e156a1e1daa0039926a08ec80c2d7c1500bc435a53ebfc32fa398a3304fcd79d90725528e320add050da666b9de42b8307b", - "0x88421a41684412b839023200f0d00990725128a120a0805042666315e0090304b", - "0x331e156a1e1daa0039926a08ec80c2d7c1552ffeb5f5ffbfc7ffaf9ae7307fcf7dfddf65f69f3acbdd771dbe77b9ff6fbe79fb", - "0x331e156a1e1daa0039926a08ec80c2d7c155277a9451e93b86d42c0ac41070c27d64d840e41528c1d57219981188a16f2e49b0" - }, - { - "0xbde7e20f37c3ed822555d36050240dcfb5a9a3867d149cffe78e92b95573cbdde33a8c9495148e04cafa1325aae058b4a98c50f7019de1345de6dce12436bed4b86eca2d", - "0xee480b4096f0c1ac565d623dd53b62dba81c507d3c8e15372396fa49de0ecf074fb0ed1785f00f8094022ff50fc436a7cbd18de8ff317c33ea9bdbd8814a7658fcd1fd10b2ed10eaf7e4c2b8f409df3c36f1f0c986a49805a9ed08bbcd603e2eec9e18", - "0x547a00d1781e0020014022050040406a58981846814107c238a929950014a544038809410108c00caf20000a8e00894280450f00184a01005a0cc0020042014286c8a08", - "0xee480b4096f0c1ac565d623dd53b62dba81c507d3c8e15372396fa49de0ecfbfeff2ef37c7fd8fa5d5d36ff52fcdffb7ebf38ffdffbdfff7ee9bfbddf3cbfffbfeddfd95b6ef14eafff7e7baf459ffbdbef1f7c99fe5bc5deffde9bffffefebeeede3d", - "0xee480b4096f0c1ac565d623dd53b62dba81c507d3c8e15372396fa49de0ecfbaa852e220461d8da5c1d14fa52bc9f91262720b95ebad83d46409628df281abbbc65d6985a66314200df7e71214516b95baa107c81b45ac584f31e99ffbdeea96825435" - }, - { - "0x17ed0a1aa80542396e82ab79f6d4dda731d10f9487467fcfa5c8b501fa86488fbe268605c01beb257c9e301a42833d22965ea2ff0eda5f18427481a300a8f9aa81e76d774ea1dbed40268eca094bef627d2c206f6885fc12f71557bfda836", - "0x422340e8ff3b4177efa5f58111fe306aa602d8020164fa34c12acdb3de81e", - "0x2340604e21416540248480014a2062240000020004f810c10045b3da816", - "0x17ed0a1aa80542396e82ab79f6d4dda731d10f9487467fcfa5c8b501fa86488fbe268605c01beb257c9e301a42833d22965ea2ff0eda5f18427481a300a8f9aac3e76dffffbbdbffefa7ffcb19ffff6aff2ef86f69e5fe36f73fdfbfde83e", - "0x17ed0a1aa80542396e82ab79f6d4dda731d10f9487467fcfa5c8b501fa86488fbe268605c01beb257c9e301a42833d22965ea2ff0eda5f18427481a300a8f9aac3c42d9fb19a9a9aaf837b4b18b5df08db2ef86d69e10626363f9a0c04028" - }, - { - "0x290796408a0b8baa742b9d466afc4958528f7976fdce50caa83ed63285f58d200e4c65842ea24c3d4a3850a1824b61d25af9d3b41b9e64407a5262a75d9efd08481cfbc339ae26b0755438894b9e2298a35ed9", - "0x4cb6f7935f5cc586320c6ce957f82cff774cde7d4201735a5acd22190fcb1c9c16d1887a", - "0x4012f193141884040008406007580cfd00481c794201220210450018094b1c0010810858", - "0x290796408a0b8baa742b9d466afc4958528f7976fdce50caa83ed63285f58d200e4c65842ea24c3d4a3850a1824b61defeffd3ff5fdfe6727e7eebf7fdbeff7f4cdeffc339ff7efafd76398fcb9ebe9ef3defb", - "0x290796408a0b8baa742b9d466afc4958528f7976fdce50caa83ed63285f58d200e4c65842ea24c3d4a3850a1824b619eec0e40eb475be272763e8bf0a5b2027f04c2868138dd7ceab87621868082be8e72d6a3" - }, - { - "0x14e55ecb09d8c6827022df7c713c05a5d882e25782", - "0x2dbdb54cb6341fcea6f67cfaa5186aa0a91b9782e362cbb0dd0ef3cbc130ce0cb2ce7232c0562", - "0x10600e020898048060209c1000200124c002200502", - "0x2dbdb54cb6341fcea6f67cfaa5186aa0a91bdfd7eff2dfbcfd2ff3eff7f7dfccfadffa3ee57e2", - "0x2dbdb54cb6341fcea6f67cfaa5186aa0a91ad9d70fd2563cb529f1e636f7ddcce893fa1ce52e0" - }, - { - "0x2b0dfd23fc740e1759697bcba800aa1be7df28c59fe72b9869766ac34ecb4e5d0dbc74c2cbb5f734bb8d38dab59c3f22cdc706c657839580c2793c4c7660606548c048a697db3dfbad82e695c605", - "0x33080f6fd52aeca572f24a98ff19b9e7327c3b951ccfd8c9a6b9bd6f7c940079e4be88178a2a6d5a2b17", - "0x30007249108288030900a00cd0100c612001180004918482620206548800020849a0813880264100205", - "0x2b0dfd23fc740e1759697bcba800aa1be7df28c59fe72b9869766ac34ecb4e5d0dbc74c2fbbdff7fffaffcfff7fe7fbaffdfbfe777ffbf95defffccdf6f9fd6f7cd448fff7ffbdffafaaefdfef17", - "0x2b0dfd23fc740e1759697bcba800aa1be7df28c59fe72b9869766ac34ecb4e5d0dbc74c2f8bdf85b6ea7d47fc76e75ba32debf2165ffae15deb6e485d0d9dd0a345448df7365b5ec27a88bcfed12" - }, - { - "0xc0cc21922748d7626df1ab92b4ad4df1861050ca7de74adb92a140", - "0x3531a6880ccc47bc3826056efe912f3db02df9c0b6931e253ab9248f472359fe59218690f6781f35da89b8f1ff45cd5a1db9a414c9d7ec62ff5859a1572b1c1880a99aa74ebe8b12c68e791c11dd6cc0e5ed5", - "0xc40192054091400800898234a948b104004080410542c8020040", - "0x3531a6880ccc47bc3826056efe912f3db02df9c0b6931e253ab9248f472359fe59218690f6781f35da89b8f1ff45cd5a1db9a414c9d7ec6effda59a377af7e3edfbbbbaf4efedf1ae78f7dbfdffdedf9effd5", - "0x3531a6880ccc47bc3826056efe912f3db02df9c0b6931e253ab9248f472359fe59218690f6781f35da89b8f1ff45cd5a1db9a414c9d7ec6ef39a408323a66a3e5fb3238c046a540aa78b75bbcfa9c179cff95" - }, - { - "0x68cbb0a526d1fa61003e12401db51090fa4649b00b7be7465d0eb18f74c86157a919", - "0x1ca7d6f9bc3e11d3c365af63bf9499b6c7e9c569da7361f0214b8d", - "0x1610001c111080600641b00019a6464904218a704060010909", - "0x68cbb0a526d1fa7da7fefbfc3fb5d3d3ffef6bbf9ffbf7c7fdcff9df77e9f177eb9d", - "0x68cbb0a526d1fa7da7e8ebfc23a4c3539fe92a0f9fe25181b4cbd85507a99176e294" - }, - { - "0x210bef18d384992c5eb72e2b362c7296d9810f5ba9fd25e2d5648989d65095e45d1478f2a83140a0f68033a08fa3d7c392a3dc77e8e6aeba9ed76038e9e7825255fac990bf1098e6f9cba0", - "0xdb48641b3f63e5f1f41ff3b1578c4b190de42379d45cba03c4c6f34b1b14ea930fdff90dca53116710228e45b081fbddc9273a542e6f689642453adb91086bdb99681342113262d67f5517f2691024fe367459b01872549211067798063cc00b16c883b8cd2ffaa6d6116863f204bb23ce26c5bcdaf3e1b816dcf65ca", - "0x21014200d280002452a52800062c309681000113202d25e051640081024081644510008220010000660000208c00914080238c52e8a22c201686202049a20042445ac9803e108064c94180", - "0xdb48641b3f63e5f1f41ff3b1578c4b190de42379d45cba03c4c6f34b1b14ea930fdff90dca53116710228e45b081fbddc9273afeffef78dfd2c5fbfbf3bb6bdfb96d9b52f5baffd67f7d57faf99d65ff7e75d9f79f7ad7961b0f7f9b3e3cfa3f7ef9abbdcf7ffeeeffb9ed77f38ebf7bef27dfbcdbfbf1b99efffefea", - "0xdb48641b3f63e5f1f41ff3b1578c4b190de42379d45cba03c4c6f34b1b14ea930fdff90dca53116710228e45b081fbddc9252aeadfe250dfd080d1a973bb091cb0058b52e488fd04217841baf18d41f7683188f79758d7861b091f9b3c343a366af1a9850a5174cc3db88515f18a255beb039a1043f810b198b36ae6a" - }, - { - "0x143143205d76a7287d48be24db8fbfe37c291d82e103aa05cfc172fb920f0e8cc15c47de948b964e39be34a5b8a2610198c0c5b98543e6e727be153cfff0338f229cc22f029e04f766c62988634fee1a0a16880c93e5b10bada4018b6765b54c08f5710344dbfb9e9ad5dd7914cab496b22a6", - "0x2d58b8b513f4bceb8300f8b978e31c163f36155e9678bb0f221ee7cbcf7262b9d53c7a395ea916218fa2478baada74f3e69df63a7be0c9554c07004f9e4d869642bbd63a9fe07138a6aef7ad14c74231cf6401c597f9b6d15c266c42c28613838609bd4f4522c9eb65fc8456acc339c641ac7d7b7bc2c48c8f2", - "0x100201970a308140836045a8638a30c201c82c103220089c1307a100e0804010c0246808a924431a614a4382260011040050005024486060211143a902001208482270014044220c620004107e8120014000c02c080038184018947452048086570004488c31882418c79104a8084800a2", - "0x2d58b8b513f4bcffb343f8fd7ee73c7f7fbe35df9ffffb7f2b1fe7ebcffa67ffd57efbbb5faf9ee1dfe7df9fabde7efbfebdf7bafbe1c9ddccc7b9cfdfefe7b7febffefffff3ff3abeeeffaf9ec7f777cf6d89e7dfffbedb5eae6cd3e7b71bafa609bf6f65b7cdebf5fd8756fffbbfded5fd7d7ffbf6d6beaf6", - "0x2d58b8b513f4bcffb243d8e40e44346b7788318519c758730b03652accd86776144e81ab51a79ae0d3e5991f214c3aca58a95382d981c8cd8cc2b9caddab61b1fcaeeac56fd3fe1a3a6cd8af8ac3b557094d89a6d817acdb4aae60d12737182e22083628209785e3908d87127738a75c9471046fb176523ea54" - }, - { - "0x258e988b847b06b73462629161e28517f7b9ad7b5c19a9ad2c07f9a66f33fb2220fddb5a33b9cd5c2d63fd543efa1bef16e26b95484d70d0d7cfce28491ace0a608fb6cf9e97cb88d73c96c9150f9ef53c5e75bd68805fdce891e5935e9428ca67eba1e345148fcf2", - "0x1857c0e26e0476169cf804c8d5a431022cce0da75d7642a2414a900370f201f5073c7e700ff6626fbd8a104182954fa9f23a45474af5456a00e36f6a6c8162afdf7492d387a455dd8506167d5cc24e6861d7b480b1458230", - "0x1812c0a04000121280780040d12430020ccc05a319144082400a900360a000f10624385004d6000d3c880000808440a0003a44414874000800c16c0040816203c56412d2800455cc8106103548420c206092140011408030", - "0x258e988b847b06b73462629161e28517f7bdfd7f7ef9efed6dcff9eeef7bfb3222fdfbda77ffed7e2d77fd543fff3bff56f3eff748ff76f6ffdfef2c593bdefaffafb6dffebfdfdef73eb6ffb7cf9efffdff7dbd78fa5fddf8d1e5f7dfdc2ceee7fffbeb4f14dfef2", - "0x258e988b847b06b73462629161e28517f63cd1757af9eecc45c879eae269b83202313b80466ea9760977545409f53bf04691ac7248b216f62c176f2c51339af0ffac129bea389fde7732a03fb3c788dfc1a93c9050fa1a8130c184f48b580c2ce1f6daab4e00d7ec2" - }, - { - "0x328edc02c67d84bf095ac048e50c2dc29cffc08184b11e4da02904be14eccd317e9f6bdd6fe2b8233e8928d65d4ad434ef8a629cae6013bfb3c54be167e16371dc6412b62c2b1213424dfb7d391cea8a7494a28576ce823d8e111994182909efba7dd3533dbbe510dab4ac5ef", - "0x61a1365a1226597896c514f5bb16a064f6ff6982ac91ea568daa43e473aa63867bdb628e92e97ebd4f2091", - "0x4121224210201020968510918a00a04042284100a801c84001884180108a63865911228a92410ca94a0081", - "0x328edc02c67d84bf095ac048e50c2dc29cffc08184b11e4da02904be14eccd317e9f6bdd6fe2b8233e8928d65d4ad434ef8a629cae6013bfb3c54be167e16371dc661ab76dab3277d7cdff7d7f5ffbea76dfeff7feeecb3faf79dbb43e6f3befba7ffff73dfbef97fbf4fe5ff", - "0x328edc02c67d84bf095ac048e50c2dc29cffc08184b11e4da02904be14eccd317e9f6bdd6fe2b8233e8928d65d4ad434ef8a629cae6013bfb3c54be167e16371dc6208a5498a3076d5c4972c76475be072dbcd73eee44b232b79c330266e3349821a6ee51552cb8731605e57e" - }, - { - "0x37a92944b67fae733d201c024838975531bc3f748d98089eed38faed40c9463441cf48ac40e98097ce75db2bf0120ef69087a176d31d562cc99137c67e4a659cbb1298ba150aa191ced4089deee7048511de602414936af93cb2cef1b7ee801d9b75d961d33bb2958669b16193abf7b55ccfebac3a490415128dac92", - "0x6fb8d83d986c4604db1b9396493a0a68270806cdbcc3299a049ebe77bd6891258e6313c720fb1b30ae9c4387ba51db3325e15033d9e01d499707c138b4cf4b85032da65e9ce3aabc5effbf7003771476ff71e86f665d2d3e7578dfcbb8f08c1619f609ec147f0", - "0x88c811882c440490030014400a0008000804c51c822900008e2800380001218462008100780320a6184381280181102001102140801c4810004118a4024101022d824a0ce30a3c4801993001161432bb2148660214093a357855c8b8b080041040012810490", - "0x37a92944b67fae733d201c024838975531bc3f748d9efb9feff9feed60cdf7bd79efdbace6ebf097eeffdf3bf9b24ffff7fff7ffd35df63dfdf33ff7ff4aeddcbb7bbdbfb73aff95cffd9e9dfeff74fd13df6cf4bcd37afb7dfbcefbbfefefffff75ff71d77ff79f86fff5f3d3eff7bdfcffefacfb699f759ecdeff2", - "0x37a92944b67fae733d201c024838975531bc3f748d9ef3136ee17c292084f78d78abdb0ce66bf017a2ae171969b2471d77fc77ffc145b01df5e33877cd408c5883693da7a638ff84cde9969c3a7e74f902552cd0acc35823595b00cb1c2b6fe66c75ee109454458b009fd4b3404ca038a07464a4fb289b758c4ceb62" - }, - { - "0x1ab020d8beb54c354411f3a5658b5e5e87a896d7049c5eab20a302b6e35ca98364d7edd00eb3e209dcb035fe4b6eeace4e525229bf790c67bae63821e1282712d7c624efa64b3e5ad1a73aeb1033d4cd5949d63183173632445c9f488e74cd", - "0x4d706a200a7a70e0b6eeef2dbdb88779dd50af16e6405c17fd2c2efb5493cf13b730207a009a14ca150042af3e6b7f05230161a10073f87a56afede3c2cfd09857f78d7913cdd966e9a2e6e6e3", - "0x45000000a2a20a002a6e30ca9800451cd500e12e2005c10352c0a6a40824e1212202078000210c21000402826025704200120010052d02212ab0023c0cd5008563181111200404489008664c1", - "0x1ab020d8beb54c354411f3a5658b5e5e87a8dff76ebc5efb70e3b6feef7dbdbbe7fffdd0afb7e649dcb7fdfe6ffffedfcf53f739bf7b0cffbeee3d21e3af3f7bffc727efe7eb3e7bf9ff7eeffdf3d6cfd9d9d7f78f7f37ffdd7effeaeef6ef", - "0x1ab020d8beb54c354411f3a5658b5e5e87a8dba76ebc54d15043b4580c71143be3ae3080a1a5044980a7c8d26595be5d8141e5199f030cfdae2c2d21a3871979a8c307eec7ea3e2929dd6c44fdd0160289d181c60e6e25ff9d3a76ea68922e" - }, - { - "0x85993ec08ac960d46bcba87136f24042485c6d3e0a9973e828df60e537860d6bc83dafa7fb292beef466d0a939ab9da2b", - "0x4c9a310b11d6e4b4d29d7ede30fb42161fd6a58792440f416abda6df55913a8a26c35140524de5dd9519c30f19641f4f0863bfefc2ae6c89333dd77d6f688cffcbde281772cee0dac9bb0dd16b6c1d33fa7e39b2e781896dcc2b0aba3abedf1381f9f38eb210f5bd2001ea8453ceb136dc3915fabdc30709db0b1a07ec40be", - "0x811926c08a08601002c8803022a2004040180d1e0889210808d2000420040c6b002d83815b290820700490a1202a8402a", - "0x4c9a310b11d6e4b4d29d7ede30fb42161fd6a58792440f416abda6df55913a8a26c35140524de5dd9519c30f19641f4f0863bfefc2ae6c89333dd77d6f688cffcbde281772cee0dac9bb0dd16b6c1d7bfbfe39bef78dcffdfeaf1bff3ebeff97c7fbf3afb73ef7bdf60ffbfc73debdb7defb7ffabfffef4fff0b9b9ffddabf", - "0x4c9a310b11d6e4b4d29d7ede30fb42161fd6a58792440f416abda6df55913a8a26c35140524de5dd9519c30f19641f4f0863bfefc2ae6c89333dd77d6f688cffcbde281772cee0dac9bb0dd16b6c156a6992311e718ccfd176ac19d51ebafb96472a1327252e7730d60fb9fc33180db506c36a482f7de84fb601899d559a95" - }, - { - "0x4d9f3e8aae22123e382e7835d3d9d7e944a5c81cab3415fda40d0ec8fde8a50d8b21b2298f83a65bbdb10d120d302d8db4e9807715be0e", - "0x4dacc1a6f2cecd4179556cbbdfe1cedbc952de5232ff1fe1ae9c0c3bbfcd9087e4ed5bcd1f8c289b1456ef032d888", - "0xa48104308c4c004854008a93414eda4050cc02128a10c0a2180018b8080083c00051001300089b0410070109808", - "0x4d9f3e8aae22123e3cfefc3ffffdfffd57b5dedfbffe1dfdbc9d2fedffeff5ff9be9f2ebbfffff5bffffddbeddf8ef8db5edeef737fe8e", - "0x4d9f3e8aae22123e3cf4b42fbcf53b3d53309ed716ca09101898232ddec754f391c872ea347f7f53c3ffd8aedcc8ef0405acee87276686" - }, - { - "0x28d61d5ca1f56b4d3134009f478b17ac208a5b559d9c3726a7a16919e3b12ec6d61a142dc04d834141a9a4", - "0xb444947aba00d50e10326ebea7a2618a10144dde07c15c685d4785eae16d232eb741bc2a09b7cf794a33ed3598803ad61af", - "0xc00104a1e06a041020000445801404008050501c8c160222a16019c2a00a44d610002cc04980010121a4", - "0xb444947aba00d78f71f7eebff7b6f39b501dfdfeb7fbde68fdf7ddfbe37f6b7eb7d1be3b1bffef79eb73fd35d8b43ede9af", - "0xb444947aba00d78371e7a4a1f116b299501db9a6b6bb9e60f8f2dc33221f4954a1d022111b5ba218eb71313140b42ecc80b" - }, - { - "0x1b9a0b9c87fa234d05d06e18171cce3f8fc4adf7f75a402c4c5a281f46e714b96badab2184546aa11a7be482616cbb973da00e329628d3e692b69b43d34391884d87fcd64e2339fbb30044a370fffde97a128d1e5", - "0x7d641e556550c3ddb89ee553cbc0d8d92cdaec6519a2ff3bd792e0b309c24cb49056fb219ef4dfb2a72e76ac7df3407a44e55af5689e9c85c87e74d542dfb445f56a0a518c", - "0x78640a55655080008084a001c0405049049ac8201800462a1182a000000248b01052002108608d32212a60a43d30001804c05ac56082108588300440020fb4449520085184", - "0x1b9a0b9c87fa234d05d06e18171cce3fdfc5edf7f75e7dffcdfe7d3ffeef9dbbefafef719e7ffbbd7b7fefb2fd6cfbdf3defbe3bff6dfbeef2f7fbc7df7797ac4fd7ffd6cfebf9ffb7e74df77dfffdff7eb2ad1ed", - "0x1b9a0b9c87fa234d05d06e18171cce38598548a1a2567df7c5b47d23faea992ba6036d701e7b991c6355efb2fd4870de38cfbc2b796528cce051f1840c77962c03d25380c7caf1a734e709f75d04b9b62cb228069" - }, - { - "0x142cd4c71f04927a526ca430e542cd9432860", - "0x1337869f6c145daf15b226485ef3c48b8037bf7cb2cc9834153b90f55d4217a5e4a9ea133", - "0x142c90c41804103a106404000500c48022020", - "0x1337869f6c145daf15b226485ef3c48b8037bf7cf6cf9f34977bd2fdfd72f7e7edbdfa973", - "0x1337869f6c145daf15b226485ef3c48b8037ab50660b87308741c299f972f2e7293dd8953" - }, - { - "0x4f517f63e95a08284faaf4d4a290c334fc5d039e386727ddbb5d0a6d5fbb5540e97767023d60bedd158ed25051a6c56", - "0x9e2c9c6d2e3be2ad25733871aeba4ba64081294478f936f9c4fc45ada6bb2c098c98f21e709a88995cc3b0cf7e693f8e73f58f8f4735c81e8421182fc15426174f3b6da7b493135c", - "0x4f405a4269120008498a20c400808114cc190096200320c53b5808645318014040110200154020541186d2504120054", - "0x9e2c9c6d2e3be2ad25733871aeba4ba64081294478f936f9c4fd57ffbebfac8b8cfaff5f7abb8cbb5fc7f0ffffef7ffffbf5dfafd7fffd5e8eb77e7fe3d62fffdf7beda7b59b7f5e", - "0x9e2c9c6d2e3be2ad25733871aeba4ba64081294478f936f9c009525b982e8c8b08625d533ab384aa130660f69def4df3a8405f2992ce7d4a8ab66e5fe2822dfa9e638082b1897f0a" - }, - { - "0x1713f8f439c07e35b741ec9b0bca80149a7ef129c73c23c34b4515d29dc7dec711007fa395ced70f3bebc6d229edb75bf04231f2414e0a826f3edae4edcf770d59650cc252c6a2eff07fda9baa70938085d1e15144a451d26304d8f3df2406b8eb40f4fae3666780d2e54cd93a5f17439a4d3656dc5d48", - "0x328df4b64b0bd0fbea359666904ea4aa215b03727a70bda853b6cf612b12c3d56ee93b003bd00a7b9c1d6755f580b467deba33bf7f33da4c37fffe79e73e4381ad4bf1306d1b58f5eb276cae813d6f9153d1294c51098d37b3b80154da", - "0x108094864a0310006a219446900e20aa005201603250b00011b241400a0243144ae02900330008610c004244a080b067da9a22301300804021514420411243008843d12004184840e02260260100428140d1284c110188053210005448", - "0x1713f8f439c07e35b741ec9b0bca80149a7ef129c73c23c34b4537dffdf7dfcfd1fbffb797eed74fbfebe7db2bffff7bfdea73f6cf6f2b92effffeedffcf7fdd5b7f9cdf77d7f7eff47fdebbbbffffb3dfddf7fffefdf7fe6385fdfbff346fbbfbf5ffffefeee7bdfff55fd93b5f574b9f7fb7fedd5dda", - "0x1713f8f439c07e35b741ec9b0bca80149a7ef129c73c23c34b45275f697195ccc1fb959603a847419f41e7892a9fcd2b4dea62448e2f2190acebb40dd6cf4cdd531e90df3593576f4418042199cfecb35f9dd6aebaddb6ec208575b82e146ba3b3b51fdd8fc8e6bdbd741f081313464a177a85eedd0992" - }, - { - "0x68bc9c8f8257c6c88c0b2d46defc4539748fb906140acbf1a68820d1748bfc13ec84619f2b495d1ce74e0ca441a246497", - "0x2d30db90794c4b611858b19c973ea865904346738291751ba5fccc5cbf02c09876aca6bf23289174f545ad8039e0fbcefe359521dfc9681a7715e672fdc23cc446c7900851d2ed09568729c88bf9653c63f7e229893f31059e8b51924a54968d44e5bb26decae3159ce786d9b3a1454c6d6cb8108d22bd5111d2cc7eddb", - "0x68241c03824200880c0105068a50000854868904040a02d0828000906482d813a004400d2808100c220c0000408046493", - "0x2d30db90794c4b611858b19c973ea865904346738291751ba5fccc5cbf02c09876aca6bf23289174f545ad8039e0fbcefe359521dfc9681a7715e672fdc23cc446c7900851d2ed09568729c88bf9fdbceff7f7efc9bf3b2ddedffdd77b749fbd46f5bbefffeeeb35ddf78ffdb3edc56dff6ff95d9de7ff5db5d3ee7eddf", - "0x2d30db90794c4b611858b19c973ea865904346738291751ba5fccc5cbf02c09876aca6bf23289174f545ad8039e0fbcefe359521dfc9681a7715e672fdc23cc446c7900851d2ed09568729c88b91d9a0ec75b5ef41b33a28d855add77320193442f1b1ed2f6c6b354d930d25a04dc12df247f14d91c5f35db5936e3894c" - }, - { - "0x6eef644a36b1e052a413160909a537f81d46b2d330981f507d84737065541b5bb5faebfa8491dcd0347fbe498a501e254b91f6d82d6771a69d0aee5a490e2a44a8ba4f5da963d70b486f36f4a65f372a6a60522cac6e6a01d1a2da8743d5381", - "0x391d108a0ba169bb746b3d5816fa985288c230bdde7e3b8433f8d595b63f08a90448923f30926960cf736be42e377b087e68848af89d80d95122b942b0162153d9d665c0e3508d8a25c8862c0bb7ad4f00e4b1213326f5ce32433df12cb9", - "0x3004000a0a01280130601018127a8050080030098074038003300415003508090408800910800140cb6008a4002250081e688082701800d00020a000a004000380d4408021508482214802240332a406002080002220150a200034310081", - "0x6eeff5db3eb1fa56bfb756bbdda57ff99d6ebef33bddfff3fdc77ffd7d5f7bfbbffaeffba7f3ddf6b67fff7fbe52ff77fb97f6d86deff9fe9d9ffe7bdd2f2b66bdbfdf7ffd6ff70bd8ef7efce6dfbf7afef05e6fbe7f7a6fdde3feb7dfd7fb9", - "0x6eecf59b3e115a443fa450badc245851986e3ef03b45f8b3c5c74cfd3c0f78ab3f6aaf73a762d5f6a273497f3412fd52fb16105065c8f87e909ffc71dd252b26bd87d23bf56de20390cd6a7cc49f8c50be905c67be7d586e8d41feb49cc7f38" - }, - { - "0xa210334e6ffbec2fcfa42021075f84222c7", - "0x181b940df674ffa93b3346264fed88e40b8d8f252487bc1f2cb4c3284fa17145d2cd0c77102fc177898e53fb12c40525aeb017a57661a80a268f27b4c78cbb4bae0e96ed0065e32bc7dcb01be9cc4e6bd5db5e453e94855cb2d1d3f86e8218fe55035102fc10901add0eb539089af", - "0x821032440351002c0080000106150000087", - "0x181b940df674ffa93b3346264fed88e40b8d8f252487bc1f2cb4c3284fa17145d2cd0c77102fc177898e53fb12c40525aeb017a57661a80a268f27b4c78cbb4bae0e96ed0065e32bc7dcb01be9cc4e6bd5db5e453e94855cb2d1d3f86ea218ff5f6ffbeeffdfb43afd0fffbd2abef", - "0x181b940df674ffa93b3346264fed88e40b8d8f252487bc1f2cb4c3284fa17145d2cd0c77102fc177898e53fb12c40525aeb017a57661a80a268f27b4c78cbb4bae0e96ed0065e32bc7dcb01be9cc4e6bd5db5e453e94855cb2d1d3f86e2008cd1b6caaeed3df343afc09eabd2ab68" - }, - { - "0x2db0666cd0edeeab9e46e5b729521be3ece0714ffeefe18cd1b8b0f17e04c51b0d79fc6d428c22b9af63756", - "0x1c1d5f18453c10d365065465c676fb8b58cb436b88660a0e19c350feb1f6954caf029a43a3e59bb35ce0bdbf80a7b8ff4b4f5d7d133bd244df8813e9695b1a6af9cea293e5da9ce4f8e1035fc8ce4ca62ecbec89e89fe25053e4153899415f61c41fcb412f13b58ac70fb84077831497f", - "0x8906468c0014e888e44a426094009e08ce05043e4052088411820c01e00410b01318845028800318300156", - "0x1c1d5f18453c10d365065465c676fb8b58cb436b88660a0e19c350feb1f6954caf029a43a3e59bb35ce0bdbf80a7b8ff4b4f5d7d133bd244df8813e9695b1a6af9cea293e5ffbce6fcf1efffebde4ee7bfebfe9bebffe2715ffefff99dd1fff1f57fcfc53f1ffdfeef4fbc62ffaf77f7f", - "0x1c1d5f18453c10d365065465c676fb8b58cb436b88660a0e19c350feb1f6954caf029a43a3e59bb35ce0bdbf80a7b8ff4b4f5d7d133bd244df8813e9695b1a6af9cea293e5f72c829431eeb163500a4399e2be920b7302211c1afad91590e7d13561cf84341ecc76aa4d3462ce2c77e29" - }, - { - "0x33de1dc3fc5d6eeb5cbca27cc816a3727d1f9188400ea6b2c2799a40f7e611770b45cac7ed49fc0b66a46fcaf2393c0e03741bd08d26308fce62b0c56fbe44cb0949990bc3d4e5919ee1706dce518d6a06e865bdc26e761ef6723241b33583262bc4365103ba49dd17c0", - "0x148a80223564208532d09dd94cf189921325cad8f2a6a32568e36b2007f00866ce0c8e59034cac999f915817492737af76413832e2c4e840627b91b54766a1555e91b87b2692df16c41161184ac9a124d59aad5c06b1a61892cf5c0cd6cc628f764a161f1bdd6546cb51a1510eef5ddfbd", - "0x1121081d84c608910102048c812a222250881080006a00042480800510200240905804005492403262441083220040800601b9085062081444290806b2600cb004011010040c18104c1102d4c0081220080451c00464402867202001311812402c01001010a495d1780", - "0x148a8022356420b7fedddffd5dffebdebfa7fed8f6a7f37d7ff3eb600ff6bae6ff9eceffe75dff9bdfdbdfff49ff3feff66ffaf2fbfcee43767bd1bd6776afdf7eb1fd7fbed6df1fcd996bdbdeedb1bef5faedde57bdee1efaeffdcefefe7eff767a57bf3fdf676fcf77f153beefdddffd", - "0x148a8022356420b6eccd5e25119f62ceaf87b610e405d1587772e3600956baa4b796ceaee55ddb92da5b9ffa00db3cc9d22ef2c0dbf8e6431660413861562e9b3c217d1498d6141f8d886adb9e2c30ba34eac092573ccc1e7aaae1ceb8ba7c79047857ac2e5e436d0f67f052b4a680c87d" - }, - { - "0x683d881de1820ee9fbb71ccd74fd10e3a9ce71bd132955b9e9840d9259275498d2fae81b112416f37e9af907c319657d5d81623462b98d93818a23751a2196de6dd7c18e05960", - "0xa9a2ae43423e6c78cc59ceba6601f6d85397527c462767dceeb1ebc6ad425fb2810a2b7525", - "0xa880a002402e24688c104c300601d4d81203422800012018a2314182094046900008205120", - "0x683d881de1820ee9fbb71ccd74fd10e3a9ce71bd132955b9e9840d9259275498d2fafa3bf53437f7ff9efd9febbf657f7d857b7567fdeff7fdceeb7fbe6bd6ffffffd1aeb7d65", - "0x683d881de1820ee9fbb71ccd74fd10e3a9ce71bd132955b9e9840d9259275498d2f07231f5103515b9163c9b28bf056230045b41457defe5fc44c86ba64b42fb96ffd12cb2c45" - }, - { - "0xa827c5e2bd4293ed726065b32cac5c18d9df68b18300848f23f98c22fecd6b9fe7ed38a5adedd78f8dfe975d85c171f62b766947d7cd3d2ed3be52b50b792c0d6bb2701e28f22674a092e5ee0ec89bcd52680c6ae673a", - "0x1deac63a0a7ae71db949662f05aafcefed47a6c6dd5819dc82d250d978001903a1f19e1b8b44e76bd5899884bb97121fa13a63c33822314a486d29b59b66f141fd64af3414a3ea6bdca9b4362e704c744e8a12c1ab736636ca3aa9da4b75795f1a", - "0x202040a28c429068606045810c880c00099700018000040921b88402768d48998049382121e813860c328201048000d20b502047140d140ad30042340239080943226004004020202012a52602488388102004428471a", - "0x1deac63a0a7ae71db9496eaf7dfeffffed7ff7e6df5b3bdec7d3ddddfe8b1933a9f9fe3f9bc6efefd7b9fefefb9f5adffd7afbdff977f95e5f7f6bb7fff6fd7dfff6ef3ff5abfaffdee9f6bf2f71eeff6eef5ac9af7fe6fecbbefdfecbf7ff7f3a", - "0x1deac63a0a7ae71db9496cad79f4d73bc47971e0db032b164713dd448e8b0133a9b96c241386c887033066fa681d48c17c429b1cd157e9165f724b02fdf28c3d2eb6420ff188badc4e69628d0971aefb6ced58c8852d86da43867cfccbb3d73820" - }, - { - "0x1cc981657c8a20f5c777fc1df0e3cde0b23d434e043732dcaaa0758e009a8d1bf8591ff8db693d676eff2c39645b79c06b510ac22b1b47551eb728aa9404c24f2a6dee6bbdf2276759786f4116d21f4009dd6fb8e277976668bd021effecc797ca23682b97dbdffb93333834b8bb8fb68e922f42e3c00111", - "0x1e52f1e05fbedda88873e9984a7a19bfbfbe9ea43e30588f46317b5cadc8eb02d255875f1dde872476d05dec1164e46c7fcf3fd718fff34a80d4c6e951d10f6ae0225d00e3953e99e", - "0x61010a002b094200063608808400824b2a69ea43a10000644110254014821000015865b0c060124668050200164c4687c823682187db14a801002814181086a60200000221400110", - "0x1cc981657c8a20f5c777fc1df0e3cde0b23d434e043732dcaaa0758e009a8d1bf8591ff8db693d676eff2c39645b79c1ef7f1ec7fbffdfdd9fbfb9aeb7a5dbfffbedee6bfff7aff77b7fffcbdedebf6d2ddd7ff9fffff7676dbddedfffeec7d7fef3fd7b9ffffffb9f7f7eb5bdbbffbe8eb7ff4efbd3e99f", - "0x1cc981657c8a20f5c777fc1df0e3cde0b23d434e043732dcaaa0758e009a8d1bf8591ff8db693d676eff2c39645b79c18e7e14c7d0f69ddd9989b12e33a559b4d18404285ef7af933a6fda8bca5caf6d2c851a493f9fe52105b8dcdfe9a2815036d0955a1824eb539e7f56a1a5ab79188cb7ff4cda93e88f" - }, - { - "0xb77c8e0971a4f32bc9539c14b542ed2fa08e87560981cbdca4ccf4f7cc04fe7546a4a7eebe2592d131329fd591f66728a4179e", - "0x2fb77bc1694a8265e74ee9f41672fc681d72ea8eb65ef5807bcba4bc52ef9e381a4e4315a771497e506b734def1ca93dd519fe9e6944dd782380dff70b72798c", - "0x327c080970a08222485180108100ac02a08e0012080101842048745048004c6504a025c4182492410010180180d6670820118c", - "0x2fb77bc1694a8265e74ee9f416f7fcee1d73eeffbfdff79c7fffe6fd7fef9ebf5e4fc3dffff5cdfef7ef77ffff5eadbfffbfff9ef975fffff791fff72bf67f9e", - "0x2fb77bc1694a8265e74ee9f416c580e614034e7d9d97a61c6f7ee6517d4f10bf4c47c2de7bd5858aa7a777b39a5a0d9a3ba7db0cb875efe7f611299023d66e12" - }, - { - "0x89a0fbe80f4c622f45f4f7a15d8dc23bff17d939349f39cffa643af024db78243fc46c7948ab14ea12595e8a6cf2196ed4f353d9b1b8834b96fb61073301b99af019f042b2215e8cd5f31cf65123dab47d6b697a", - "0xc2b6f7a999af54a94c156f771b995b528", - "0x22215a8890f108944102d23039012128", - "0x89a0fbe80f4c622f45f4f7a15d8dc23bff17d939349f39cffa643af024db78243fc46c7948ab14ea12595e8a6cf2196ed4f353d9b1b8834b96fb61073301b99af019f04ebb6f7e9ddff75ef6d177fff5fdfffd7a", - "0x89a0fbe80f4c622f45f4f7a15d8dc23bff17d939349f39cffa643af024db78243fc46c7948ab14ea12595e8a6cf2196ed4f353d9b1b8834b96fb61073301b99af019f04e994e24154f06566290752dc5c4fedc52" - }, - { - "0x61cc2de53fe06a0381ce0dc4999795469453324c9036484632c257f02dddee71188198ed649bbe9ddae347178970bfbd3f1f28a787ee407a433f8473ba4fb77940227b769c9d555a8a70917ecfd038f80da4c6d5dc7211cc468c69a2275cfc119f145d2887543bbeb24", - "0x117135d192a9645062d1be59a1f8b151692159285e5877a0ae304521ad800f51fbba812d038e053cb79578c70cd34248a2b4026533bb961add83d9362893b74ce01695861c82b6f94f181feb4a957875c74cf1e7fe48dcc5196bf1214cc564f599168bf2fee1a07e617cfac992443fcdb28247", - "0x1c408050b000202018205c4811200420452124800340802200250302051ca71108010cd24008a09402243138960ad983d13208103644000411800402a4f947100223020148554508a1011648dc010900d0004c454421180408c29a20204e4118f04192003541b28204", - "0x117135d192a9645062d7bedbfffbff57e9395de8de59fff9fe794533adc90f75fffbad2d7f8eddfef795f8df8ed74bfbebfdae7573fb971bffd3f9f6aafbffece7b6b7fe5fbbb6fb7f9c1feffffdf9f5d7ecf7efffecfdc79febfb6d6ddde7f59dd6ebf6fee3f5ffe17dfbcdd2cc7fcfbbeb67", - "0x117135d192a9645062d7a29b7fab4f57c91945c88211eed9fa59001289490c357fd9ad087c8cd8e25084f0de82050bf34b69ac5142c30111265028c4a2ebc9a8e7b2a67e5bb91202388c1dccfdfcb1a092e456eee9a421c696eb2b6d2198a3d485d2e33464c3d5b1a0650b8c40cc4a8e096963" - }, - { - "0x1af3ce2ba6101f661c52430ae7280e3491d8d044a6621c3ef348c4e6e45fc6dfc91ec46b27214a9ebff52a0922fdebf1e895cd7cc4f428c64b7b3c4711b53f1f04f25b2f63ba70f281f52cb8149509f1ad38156397556eedf9e5c72388364cdba9112913", - "0x5c5811bd255dad9049ec956e6eeaa95895e56e1c5c03cbfe24ae065ac3f528fda51a966771d288dfe3aab7611232e6f6bde10cf0d97620ebde6370ab24dbdecd4d7783c05cc8579517951049f16b26cf1612f6344a669d93ac990a997dfb5180a07a75f6a20dc110fd5547e744cfe0b348cc1786d8c7f587dc83fd9e8fdb9", - "0xa00e02861011200452010885280a201010000426621c10c3088462041dc61708124429240042183c050801205169510095043044f02006434024411130091000925b25000a00a201602098100501502c30046203140cc1786584230834481b89002911", - "0x5c5811bd255dad9049ec956e6eeaa95895e56e1c5c03cbfe24ae07fffff7bafda5fef7e775f2aeffe3ebff7d9f36eef6bde3eff4dd7e6eeffe6ffcbbecdffeff5dffebff5ee8d7bfdfbf1ec9fdffeecf569ef6b7fbe6fd9bfff9fadf7dfbf7bba77f7dfff2cfc159fddf5ff7c5dff9f75eeedf9edcf7fd87fccfff9f9fdbb", - "0x5c5811bd255dad9049ec956e6eeaa95895e56e1c5c03cbfe24ae07f5ff17929ca4ecf7a255e226ad6349fe7c9f36ac909c22e3c455384eae220e8c3ac89d6cbf59de683f0e68c5bac92a0ec0adbcea80549e9283f9a2ec88ff68fad65849a7bb07755de9f0c64059adca5d34c599d9c61e22c81884b5cd04b84e470f9d4aa" - }, - { - "0xcd10bb69c381582eff7391a446db73312e738c6978564b350ca88e09cad650ef89dfb4cb00831c41d4739e957fdac00124348c91183da60b8f12dd3e349cad8b8d752fd9ea5613b1a41818032e0a2f2030790009a4fe9cdca54f96402b143e", - "0x7c4f944973a8882522976043833419c2c15b1531af1207b40092dd1e3c123a4cf06370c3111b", - "0x104d140010a888052007404202101180001801200a020030000009043c10180440024003101a", - "0xcd10bb69c381582eff7391a446db73312e738c6978564b350ca88e09cad650ef89dfb4cb00831c41d4739e957fdac00124348c91183da60b8f7edfbe7dffad8bad77bff9ebd737b9e6d95b173faf3f27b47992ddbefe9efeedfff770eb153f", - "0xcd10bb69c381582eff7391a446db73312e738c6978564b350ca88e09cad650ef89dfb4cb00831c41d4739e957fdac00124348c91183da60b8f6e92aa7def0503a857b8b9a9d527a866d943161fa53d27847992d4bac28ee6e9bff530e80525" - }, - { - "0x1cdc2579b3f1727c03a0f733c6a1a50025c8b51640ed21fb0e700f873d35c83797a14", - "0xe3e7298d39a9c7cd225125b1a01505e3d9ca63f8b494e4d7218b10e8bddc06984bbbe43e263f30f6a92a9d7", - "0x10042120110162580220f03084a085000100a0144004004b0a600e063d30c02102814", - "0xe3e7298d39a9c7cd225dfdb5f9b7f5f3fdcbe3ffb7d6e5f721afd8fdbfdcefb9fbbff43fa73f35febfbfbd7", - "0xe3e7298d39a9c7cd224df994d9a6f491a5c9c30f8752457221aed85dab9cebb9b0b59431a102053e9ebd3c3" - }, - { - "0x3ac7a7062a50d421ec7b732acfeafd988b5fe95661d371a7f2fdb5b9c1d37e304dd3a0dfcb995e9f99e1b86696b54df83fcd4e87764ffe27fbbd785875c31993f20f4628df79cbaeb50c3dfd132e20935f33ee0276c23f445dff5a075a8198907c1e248787fb28c44495d2e2ed677832432eeda5026afb91467cef4b8", - "0x12659e0b26181845981459681797ab57a50c5b4a34882e973f884d99c1e89c0457b99c9445be077039c60cffa057c608594d38423730d3eae76e8a8db6f946877e90bfecde4aaa320128ef3811cd31c3834e66fa7a61d1454778bf82781c091ae5fd348fd903d85116f83f331d84edaa925d1d65b0b30c1b7c6c69da380", - "0x20860306081044000459600287aa5580085b481400021127804d9181c0900410099080458a0150198000b820168408580d0842073043ea276a88081071420112900f44084a280200200c3811012000834e22ea0260c0054458bf0200180118807c14048103d800044015120084652812410c65a002081b104468ca080", - "0x127fdfaf263a58d5b9fc7b7b3fdfebffbd8f5feb76e9fff7bffafdbdf9e9df7e77fddfb4dfff9f7ebfdfedffe6d7f74df97ffd4eb776dffee7ffbffdfefdc79ffff2bfeefedffbfbafbdef3dfddf3fe3935f77fe7a77d37f477dffda7f5e899af5fd3eafdf87fb79d6fcbff3ffedeffab25f3fedb5b36efbfd6e7dff7b8", - "0x125f59ac20324891b9f8221b3d5841aa3d8704a362e9fde6987ab02c78294f7a67f44f349a759e2ea65fed47c6c17345a172f50cb0469c14c09537f5ee8c859eed62b0aaf695d3f9af9de305ecde1fe3101155147817137a032540d87f46888275812aab5e842379d2bcaae1ff698ad2a01e338815b166e0ed2a1535738" - }, - { - "0x39d2210d760b098917fd1293f0708ed6ffcd7686a4041e774a0f52e808524d686429da6774dd45dcf69abb4a7a48116d71f8e38074196cddf128b041a28cdc1e12cf755c7", - "0x59d65c9b948dab08f5c3604fb8b4d15085e4ae6ea8e762bbcceb904b3d9b5837977c4c9f2b9e9f3f8c6babd3b5e846ed8bdad898648bc4f8ccbea95d7a9cf5fd694e6b1a176058fbb30257aafa296741ab7181398c43a264a94972c08b4a5c56807a5f06b5b88eb420df822b43c43b400d0", - "0x284221095208080003c41080b0200c529cc5740004001a17400852a000520868202140237081018c42822008484000094058428070190495b008b00082800802000b400c0", - "0x59d65c9b948dab08f5c3604fb8b4d15085e4ae6ea8e762bbcceb904b3d9b5837977c4c9f2b9e9f3f8c6babd3b5f9d6ed8ffedb99ed9ffdfadffef9dffefffdffefee6f1e776a5ffbfb0a57effa6d6fdbef75dd7ddcf7baffeb7b7ad1ef7bfcf7807e5f6efdf9aeb461ff8eff5fd6ff755d7", - "0x59d65c9b948dab08f5c3604fb8b4d15085e4ae6ea8e762bbcceb904b3d9b5837977c4c9f2b9e9f3f8c6babd3b5d194cc86acd391ed9c39ea5f4ed9d3ac63388befea6f04602a57a95b0a05e7924d4e9bcc055c7c50b538dfe3333ad1e63ba4b5000e466a6849a604617d0ef75dd6f435517" - }, - { - "0xcf08fe64414998cc59938913e660f0f9b221f459cd8e04126cf902d0b6cea0edc26164b9d84e9ce7dfe058c1fe0fb452848616368c3", - "0x234286d14c1098ea9fd7f83508641ef3288da679fce09dd1359514ebf0dbcdc73b8f7f6171762d3d5df6492591c9386", - "0x4000910810806090d1b02100400c820000247900c094c0208500616099c84618875f6050402c0d145200041000082", - "0xcf08fe644149bbcedfd3cd13feeafffffa35fc7ddfff2c9feef9fef0bfdfb5fdd6ebf4fbddcfbfefffe179f7ff3ffdf6cda797ffbc7", - "0xcf08fe644149bb8edf42c5037e8a6f2e4a14fc3dd37d2c9fca80fe302b1f9578d68a94621589a768a08129b7d332e9a4cda387ffb45" - }, - { - "0x343e32e61b86c0c7cc895cf233ea3d5b5ad65435c1f87e034b59788a9af14ffae9249f1f3cfe0789abbe8edc8ce", - "0x63f7afb1dcebc9d65f9d468754ea558119988cb7d85e427003f2c1d9b360d2c75b97c1308ee3a7b5901044c6353e14f3e6b54a2ead64acdf914c6f7b6d4ed3205abdc78aa7bb47d548607b4ffe1db7331aac39c8bc7fcfd62238467352656a3ad04a423", - "0x241e10440b024046c00058b0038a251b42d4402041487e010311188818c00c7ac9040218047202012a3a8048002", - "0x63f7afb1dcebc9d65f9d468754ea558119988cb7d85e427003f2c1d9b360d2c75b97c1308ee3a7b5901044c6353e14f3e6b54a2ead64bcffb3ee7fffedcfdfa95efff7eabffb5fd75c75fbfffe1fff7b7aaebbf9ffffeff6bf3f7eff57edebbededecef", - "0x63f7afb1dcebc9d65f9d468754ea558119988cb7d85e427003f2c1d9b360d2c75b97c1308ee3a7b5901044c6353e14f3e6b54a2ead6498e1a3aa74fdad891fa9064ff4609ae01d031c55bab7801efc6a6226a339f38526f2bd277a8d55ecc1845e96ced" - }, - { - "0x981ba5db1da1fe952887e32cd21d51ba024022c8d837ec00f9772a111f87644012cee4a01f66d09ef168ebdfb91232e9e8f65d63ee7e6e050ae9707e7b15df4f8037b0d8d427f32429a45312a24081ed5a9c8ec22358f3621c961349638f30e049d00d513901fe065d5364f4cfca93f14a2b1b", - "0x1ba08accd8474ea8d9dc2f10d3c2c2edcbf9c3a909ab45", - "0x38000c048400c0019002e00514240e4cbc883a1082b01", - "0x981ba5db1da1fe952887e32cd21d51ba024022c8d837ec00f9772a111f87644012cee4a01f66d09ef168ebdfb91232e9e8f65d63ee7e6e050ae9707e7b15df4f8037b0d8d427f32429a45312a24081ed5a9c8ec22358f3621c9613497bafbaecd9d74ff9f9ddff16dfd3e6fdcffbd3f94bab5f", - "0x981ba5db1da1fe952887e32cd21d51ba024022c8d837ec00f9772a111f87644012cee4a01f66d09ef168ebdfb91232e9e8f65d63ee7e6e050ae9707e7b15df4f8037b0d8d427f32429a45312a24081ed5a9c8ec22358f3621c961349782fba2c919743f9e0ddd1168e91a6190433505843805e" - }, - { - "0x1d9992a4fce731fe937e70ec9efba437b1efa9e5459e3145f8c9142c6988eca9a61273750bcc1f00a64b32bab5a3a4c89858231f4fedce7a73bcc7285bbd18b328ccc298919f5511e973cd124f7e1c3912d52f4593c676f1c3f87a521", - "0x6e195204da93bdade43f0622217647326502417d70305d050d988", - "0x421810045011a921c412062200300210250001447030410008100", - "0x1d9992a4fce731fe937e70ec9efba437b1efa9e5459e3145f8c9142c6988eca9a61273750bcc1f00a64b32bab5a3a4c89858231f4fedce7a73bcc7285bbd18b328ccee99d39fdf93fdffed3f4f7e3d7f57f76f47d3ff76f1dffd7fda9", - "0x1d9992a4fce731fe937e70ec9efba437b1efa9e5459e3145f8c9142c6988eca9a61273750bcc1f00a64b32bab5a3a4c89858231f4fedce7a73bcc7285bbd18b328ccac81c39b8f8254de292d495c3d4f55e74a47d2bb06c19efd77ca9" - }, - { - "0x123b8aaf5660144d596f10574b4c232f267222596831", - "0x10ab460448ce805f18a3c1d64fc8cc0c02b2cd5f860d462e33602f09fd131e5468c86997e5a033729b2a03d3c284ee0111488ea", - "0x1021028c0600144801270012000c2028066000100820", - "0x10ab460448ce805f18a3c1d64fc8cc0c02b2cd5f860d462e33602f09fd133ffceafd6f97e5f5b7f39f7eb7d3f2f6ef2335de8fb", - "0x10ab460448ce805f18a3c1d64fc8cc0c02b2cd5f860d462e33602f09fd123decc23d0f96a175a5839e5eb711f076892334de0db" - }, - { - "0x17529608c59c36277d9e89f9b275032e62ab42b4dc006f1943e12b088c36657b02937109db797e2fbb83c984f507841be083c5e36dd04a8b7d3", - "0x1d556659e3b765044e08b1f7879bf057ef", - "0x1814004940304104080810368500a017c3", - "0x17529608c59c36277d9e89f9b275032e62ab42b4dc006f1943e12b088c36657b02937109db797e2fbbd7dfe5ff3ff65be4e3cfff7df9ff8f7ff", - "0x17529608c59c36277d9e89f9b275032e62ab42b4dc006f1943e12b088c36657b02937109db797e2fba569fe16b3cf24ba4634efc15a9f58e03c" - }, - { - "0x23ed0547893da2de2673832f9e6d988ce38c44a47495c1e0a714eb2f18ec455157cc20ea9da75cdcb0c4e9afa546efb3650b7e5cb7e659359d17fe79d2d5116bcd6c5cca45e0719d063e7df33f6788e5c6bd77c114340748cf553c5aa4992076953c4904181e24bb7c26a6e895d8b808c70133b52c9ca4a2266c2e2302bf777", - "0x3eaf5dd3cbba83558163fd16469a3d64905ff28ee65c15ff01f4d720b1ad669a893671bb614382f2331985333b0af52cbc0af22e50e4cb39d4ab3ad58127b3c481e692bb22dc0b497690e57e6fc84a87c2e1eb85e6c8bfc253fd497fc88", - "0x20aa1d83489880448123a50646922500105cb286401415170070d20011294408080241a061010232311105230800c42c340010240040cb11140a2091002691040104101a20980800268085582808420102a12884a48026400221003f400", - "0x23ed0547893da2de2673832f9e6d988ce38c44a47495c1e0a714eb2f18ec455157cc3eefddf7dffeb3d5e9effd56efbb7d6ffe5ff7eeff7d9dfffffdd7f5b1efeffeddfe75fb71df86fe7ffbbf77bbeff7bdffcbf63e57eccf7dfcfbbedda177b7fcc9e69abf26ff7f6ff6f8f5feffc8cf87f3f5ef9de6eabfee7fff4bfffff", - "0x23ed0547893da2de2673832f9e6d988ce38c44a47495c1e0a714eb2f18ec455157cc1e45c0749766339168cc5850a929586fee034568bf6988e8ff8d05f5a0c6abf6d5fc345b10de84cc4eeaba54b3ef3391cbcbe61a57ac046ce8f19e4ca15126f8c8e28aa50667776fd07870a6d7c08d86f154c719426a99ae7dde4bc0bff" - }, - { - "0x4881b1172db56487aa0b4362479871a57", - "0xd40bc374f241c2bb638ed6dea08d7885135052619d2f58523b3218b57371993a62bea6cfc8abf4abb8e4a96b0a38bbffffdd0bc5e5a6514f0db", - "0x4081210228b16487880b4160061041053", - "0xd40bc374f241c2bb638ed6dea08d7885135052619d2f58523b3218b57371993a62bea6cfc8abf4abb8eca9fb1f3dbfffffff0bc7e7e7d97fadf", - "0xd40bc374f241c2bb638ed6dea08d7885135052619d2f58523b3218b57371993a62bea6cfc8abf4abb8ac28da1d150e9b7877008687e1c93ea8c" - }, - { - "0x1e0e22b43b6de9f7ee3000e87eef492f84ee1bcd3f490cdbf35171b174335fe53afa9b752d9b1e1b0bd58d71d35687cb7b74", - "0xac57c7cfa532414e1182c7c499ffa996f7a28187f7f5d7586f0fd6b64e566bff1ff68daa60d7b650cfece99b8e2551941008aaa5ab966c526d584251600baf9f48d6b573e2779363363cea427961c0ac63d9c9abcc30976c3755b739dcbcccfbb7ae06b5deed54c59a5271caaa26134877898f75b065f3c72a8429ab5", - "0x40602140a4429948a30000876c3410b008c0bcc0f0908c0635160914411052518aa82612483181803510451105280421a34", - "0xac57c7cfa532414e1182c7c499ffa996f7a28187f7f5d7586f0fd6b64e566bff1ff68daa60d7b650cfece99b8e2551941008aaa5ab966c526d584251600baf9f48d6b573e2779363363cebe2fb6bc3beffdfffebcc3e97eef7d7ff7ffdbcdfffb7efbfb5dfff57c7bffe73efabb753d9f7e9bffdf8f7fff76afcbfbf5", - "0xac57c7cfa532414e1182c7c499ffa996f7a28187f7f5d7586f0fd6b64e566bff1ff68daa60d7b650cfece99b8e2551941008aaa5ab966c526d584251600baf9f48d6b573e2779363363ceba29b4a831abd46b748cc3e1082c3c74f773d001f0f2763b980c9f64386afac226503914191c6683fc8e8b2eef242f89e1c1" - }, - { - "0x46529c1d4b03b4a0efd29ce200ce9564cdc4fa4b53b9b6725e3fffe3454d6e53848fa573858f0bdbcf846d790a5bfc7470d0b8ac1d494804fa7048b869d5e016e389bf93cb959469dca3f4c5e93f8bcb7dbb64bcec19c8d9dbc5f2cecb285d81f5fefe99ff4564662c7cc275a40f0ea519adb2", - "0x1b10fed79bfd5e52ba14eea13cf223bfbeb5f42bd781083545c4306ed5f69250efc19707288aadf9df45b4056a293da0cfae076ee9b08e7a7058ef0a58e67149980cdc60a75825607ec4e531e9d036e71e3df52048853e3", - "0x1010d6c518485a523810e0a13cf0029790a5b4034701080041c4100045a6000086811601280889f91c01100408083d004e82002ca190864a40408c0818a4510888008440075825601ec4440060c004271a00f02040801a2", - "0x46529c1d4b03b4a0efd29ce200ce9564cdc4fa4b53b9b6725e3fffe3f54fef7bbfdfe57ba5cfebdbcfa67ffbeb5ffefd78d0bbfc5d4b4eedff796dbefdddf076ebabff9fffdfd47ffeb3fecdfbffffefffbbe7bfed9ff8fddfe7f6dfcbeddf8bf5fefe9fff4f777ebd7fee75e7df5ea599fff3", - "0x46529c1d4b03b4a0efd29ce200ce9564cdc4fa4b53b9b6725e3fffe2f442832a3b5a405824c1e1c800a65682e104bec908c03bf8410a4ee9a5196db695cc90646b23600e3fced43f7e302ec913dffd25e6b3831be997387c55a2e6574be59b8b807ca89e130b3778b17fac0447d05ca191fe51" - }, - { - "0x1c61ea1ba6135d29a669cc258f24a09ce0c6af1fa717", - "0x277557a8f45578e7730c64350cd3fd389bf96320fb3079402e9949062868fda63a6c371adf34952bd8fbf8a361671041556548ecabc7561f3febfcf26290dc819caa54b8eb26a7fb3a593202b2eb9a87fa214342ea4d639c3487882c7b6a03401d0715171c8ec44d45eff0c2571ca3f556d0d986fbeb5ff", - "0x10416008a4005408a60804218a24000c00802f1ea517", - "0x277557a8f45578e7730c64350cd3fd389bf96320fb3079402e9949062868fda63a6c371adf34952bd8fbf8a361671041556548ecabc7561f3febfcf26290dc819caa54b8eb26a7fb3a593202b2eb9a87fa214342ea4d639c3487882c7b6a03401d07d71fbdbee57dd7fff6ded75cf3ff5fdeddeefbfb7ff", - "0x277557a8f45578e7730c64350cd3fd389bf96320fb3079402e9949062868fda63a6c371adf34952bd8fbf8a361671041556548ecabc7561f3febfcf26290dc819caa54b8eb26a7fb3a593202b2eb9a87fa214342ea4d639c3487882c7b6a03401d06d309bd34a5789775965e954451bf5f1ed5ec0a112e8" - }, - { - "0x259856f9c56582b4f8056fdbd37332ff6684ad104683782087ef2b965fa2d22153ca880d735c116878afac5b2477b7f", - "0x1518494828299164e2ee455afe73cd24484df0def1e24c01926bdb2566d44e483a04bbdd5aeab159678305b6ade08cb5bc83e0e63a7bd9e2bb016c355f0fd9e94044e8e9dd380c64ea2f83d239d0987a6864dd1a07c9d742", - "0x20105268c4008210c8040e438331122b2004811040811800044e0a945380c20002c8080111080120000d80002415342", - "0x1518494828299164e2ee455afe73cd24484df0def1e24c01926bdb2566d44e483a04bbdd5aeab15967db85ffbdf6dcbfff83f6ffbf7ffbefff696ef55f6fffeb487efaf9fdfa2d66ff3fabd2fff5d97eefeeffdfb7cfff7f", - "0x1518494828299164e2ee455afe73cd24484df0def1e24c01926bdb2566d44e483a04bbdd5aeab15965da80d931b6d49ef303b61b874ceacd4d6926e45b67ee6b483a1a50b8c22146ff132b52eee5596cefee27dfb58eac3d" - }, - { - "0xd8526c4a399bb415b422ab254fb7c9a053c1507e3260aac195366c5fed9ff583053547f1b8f54561838e8d5fff273e25", - "0xdc8169197ca1b7f60394685c3438a5b9ff07c0deafe3d68064567be3d9ad3c577600e0d98c4bda37a6ed8175d437cded052bdf221c4c3d76221331061", - "0x4002480a30180400b42028044527882012c14076200008808434205a6c981501013446d010b540218082854221231021", - "0xdc8169197ca1b7f60394685c3dbda7fdff9ffbdfffe3feb274ff7ffbddbd3d57f726eafd9d5bfef7fefdff7df477ddff1fafdf761c7cfdf7fff373e65", - "0xdc8169197ca1b7f60394685c39bd837d5c9e7b9ff4a1fc3230ad0779dc9129509526ea759518bcf258347e2de46499921ea48b740474d5a3dde142e44" - }, - { - "0x47ac96c78ee0c7a9906ce5af63d0ad1b0420e1ca783cc6904ee84", - "0x630297e0f122e36f0c5f2f34efbb078c2f4c00e7c16f96cb054", - "0x20028780e002a1000c452f20c0a90304204000600046904a004", - "0x47ef96d7eef1e7ebff6cffaf77ffbf1f8c2fedcafffdef96cfed4", - "0x47cf94506e11e54aff60ba80573f161c880fadca9ffda90685ed0" - }, - { - "0x432a40ea48fcb8b8161bc19a26b544f54833bf5e005c7d1c19e8405c5464c8c139fdd9b627865e596c513fc68454827f070310dd7efe80306693ce441c89a74d91db5e27d6ba966aa1e109cc8385bd86a23d127cf609eea4118e0e1d9be83b561dcffb0ec3844d22", - "0x70d78d38ebcadb77733fc709a6d3b76576ca71acd7e3196640d6adc00225142070b943d5624a3a3d4e77a787d8221848ab06c5135", - "0x50c7880002481864410882008011b560744a212482021004401009c002211020402002c0400820214836838540001800a80044120", - "0x432a40ea48fcb8b8161bc19a26b544f54833bf5e005c7d1c19e8405c5464c8c139fdd9b627865e596c513fc68454827f070310df7ffed3befebfff773ffdf7dffdfb7e77febf9eeffff19fec8feffd86a27d527fff9dfff635afafddfffa7b7f9fefff8ef3ec5d37", - "0x432a40ea48fcb8b8161bc19a26b544f54833bf5e005c7d1c19e8405c5464c8c139fdd9b627865e596c513fc68454827f070310da738653beda3e79332f75d7d7fce02870ba1d8ca7dfd09fa88eef6186806c507bfd9dd3f2352dadc97c92432b9fee7f8473e81c17" - }, - { - "0x7c4c2d104ca2a5c080fbf1e717e47f848ff9be3555bcff60c07907ade9e334a556157dcd28ebbfd73367defdc4d8f5de60815360394e4de6e7535d356ccb8a2d896157ba65a7e8541a06e604454aef3e8cebfc7aedb48466eb65039cf17c13fcdb1b", - "0x2a73b2854f05d043d4e28e0b2634fd7023aaf3e57e58f213dd0693769", - "0x2a0100804e00404084e2880a2604ac50000262a45018c213c10681309", - "0x7c4c2d104ca2a5c080fbf1e717e47f848ff9be3555bcff60c07907ade9e334a556157dcd28ebbfd73367defdc4d8f5de60815360394e4de6e7535d356ccb8a2d896157ba65a7ef7f3a56f65d457fef3eecfbff7fffb6beefff77e79ff17dd3fdff7b", - "0x7c4c2d104ca2a5c080fbf1e717e47f848ff9be3555bcff60c07907ade9e334a556157dcd28ebbfd73367defdc4d8f5de60815360394e4de6e7535d356ccb8a2d896157ba65a54f6f325216594177a1166c599f353ab6bec9d532e613d041c395ec72" - }, - { - "0x3ee957090c3ab10e1c8af669f2093bba430a4322a741522d2ce1d20b07558298627de3dbbbef8828abc64195bad0f9f6acbb734a420d0d8dd330e90d23ab633826a612060eb95070758199006b547b24792d59f97c3191b2dee7a96e", - "0x7e30cfb7abf89648583c2f705f30abb997ded579a0de3172e2b546c920f92fbdf3bf5ffbd5d73620da518e7b4964a44505817d16c7028f4da494135d2589deffbfdb19f6a454f0431cda1884e51f48c67605f9f044e955a4f23da9dfa92af8dfba09ea6adf0390c", - "0x4e102090838a1061808e20122091028020a02228701502d2c415202050500802014424010480000284000949a4041348018114a420d018d42004904218921080600100406205010040091004b005a0478000989782090a28ce0290c", - "0x7e30cfb7abf89648583c2f73ffb5fbb9d7ffd5f9e8ff77ffe2b7ffed30fd3fbff7bf7ffbdfdf36b0ff59afff6ffebdffbff9ff9eff669f5fad9f9f7fefbffeffbfdbd9ffb75ef0d33efe3b86ef7f68e6ff95fff75cf9d5a6f77fbbdfbbffffdffb19fb6fff7b96e", - "0x7e30cfb7abf89648583c2f73b1a5db295475c598687157edc226fd6d105d1d9787aa7d291bca1690af09a7fd6eba99febb79ff9c7b669616099b8c37ee3eea5b9f0bc12b975a6091266c2b068f7e68a69d90fef71cf0c5a2477a1b983bff67487910f1473179062" - }, - { - "0x20265b43c9319cd56eac6a02cbf7913ba44b", - "0x995b92e854a8e0d548bfc02e18529b37790f0e4d9aaf36e7abc4a0f1e6d69489215aaa61b5863b1c86b3536b443dc639d1eb3db7789c2cb2f8cad1a74e5168ef33948c81a06fbad3b9ab0b7c84045cd1f77620ef43c7f2088d2901917bec5346a44f679be9491d273dbe5bf6e39095bb411cac63e38626013d671445c", - "0x20261901493010c0462c2802401390310448", - "0x995b92e854a8e0d548bfc02e18529b37790f0e4d9aaf36e7abc4a0f1e6d69489215aaa61b5863b1c86b3536b443dc639d1eb3db7789c2cb2f8cad1a74e5168ef33948c81a06fbad3b9ab0b7c84045cd1f77620ef43c7f2088d2901917bec5346a44f679be9491d273dbe5bf6e7b4bdbb59ddfeebe7a62ebf7d77be45f", - "0x995b92e854a8e0d548bfc02e18529b37790f0e4d9aaf36e7abc4a0f1e6d69489215aaa61b5863b1c86b3536b443dc639d1eb3db7789c2cb2f8cad1a74e5168ef33948c81a06fbad3b9ab0b7c84045cd1f77620ef43c7f2088d2901917bec5346a44f679be9491d273dbe59f48624a92858d1fa8925260abe4474ae017" - }, - { - "0x20a92c71c161a786989694109718416d7a291b8f9c71a5a71ee827e003a5a19cf2aa8faeecbfa231c330e2d4c747b75ccc4d43d8c37472b60", - "0xc2ba3ef844b62f020cd6e4b010499c2c28ab3c15ed2ef3114e5b806244e57be1a7d999a21399c1e950977f021c82a906bed39caeec6aa077628421f9d5dfed01b24fe857000e259537fbe07d6a83080080ae927512d4518f9a56f0a40376234855377d8ef40dcb6055bd8d351", - "0x20282071400021809096840092084045000801851471a0250a80000000a480141280018e8816a020033022404507350cc40d4340413400340", - "0xc2ba3ef844b62f020cd6e4b010499c2c28ab3c15ed2ef3114e5b806244e57be1a7d999a21399c1e950977f021c82a906bed39caeecebac77e3e5a7ffdddffd11b75fe97f7a2f3f9fbffbe5ff7eeb2fe083afb3fdf2fedfaffefff2b5c376e3dcd777ffdefc4dcbf8d7fdffb71", - "0xc2ba3ef844b62f020cd6e4b010499c2c28ab3c15ed2ef3114e5b806244e57be1a7d999a21399c1e950977f021c82a906bed39caeccc38c06a3e5867f4d4979112557a93a7a273e1aab8a45da746b2fe0830b33e9e07ede2176e95295c046c19c9270cad2384088b896c9ff831" - }, - { - "0xf6b7f399370d10b097b17e514f044d77a8f170148f4837033bb5d425f73a4079e1c7a9c3e69246f902d8c9fd27caad1e93d83578d4af8d3b7b1c02041c44917a22ed56f2562ac1426a356f8d31965e8e367b8929f3907b1dc6e73a8f3a566ca5c4e113e9d2c53770b110df51cf504701ff3fcea5b819b9bfc49f", - "0x61989df2b7097a6a84dc016aec2716d9cac359d2d799d90ec006a66efe3f1fd0851978c4cfe2f64b307b852e23f5dfdc2f63196e1076782a228a46f5f7d4e54afc1ad7abf1f8fef46edaad1706956f95eb95953bd4", - "0x990290097822808c0002c82510d08a8119521400000c40002222ec1612500001404005628401105a8426238109d0006319460032082a020804c4e110e142c41250a110d850c440420117068425900991950094", - "0xf6b7f399370d10b097b17e514f044d77a8f170148f4837033bb5d425f73a4079e1c7a9c3e6f3defdf2ffc9ff6fcefd1ffbfc377eddefcf7bfbdf9bdd1ec497fe6eff7fffd6afd97aeeffefff7bb67f8f3e7bfdffffbf7b1deef77eff3a76eee7f5f7d7eddafd3ff7bbf1ffffff7edfadff3fdfefbdfbbdbfffdf", - "0xf6b7f399370d10b097b17e514f044d77a8f170148f4837033bb5d425f73a4079e1c7a9c3e6f3de64f06fc0874d4e711ff934126e0d654e62a9cb9bdd128497dc4c1369ed86afd83aaefa8d7b7aa6250b18587cf62fbf1804a8f74cf71074e6e33116c70c98392da71ae127af3b3e9dace8395bca2df22c2aff4b" - }, - { - "0x31d126e874580b754389fad8b64aaa61cabb4f8eb6904fe7e504341ed903f7daa3e74d4da3afca80b2415672a", - "0x16fb17a0468c0afa6bad456efa4f9baf26860eda9d7c00c2520c8c9b6026fb50df59b8cb74f6d9be861052c5e831158e7ffd98746328ce11f91d9ea22f0803a8b059aea22d1715ca1abeae53a8bc6b8bfb9b6c9d24ae714767", - "0x11100e0745803440288e0189048aa20c0800a8a04904a22c10014008902e51a83c6080da1a6c880024114722", - "0x16fb17a0468c0afa6bad456efa4f9baf26860eda9d7c00c2520c8c9b6026fb50df59b8cb74f6d9be861052c5eb3d17eefffd98f77738dfbdfb7dbea63fabb7f8fb79aefe7f5757cbffbebf7faabe7fdffbbbfcbd2fae75676f", - "0x16fb17a0468c0afa6bad456efa4f9baf26860eda9d7c00c2520c8c9b6026fb50df59b8cb74f6d9be861052c5eb2c07e0f8b818c3371051bc7279340433a3b7505b30aa5c5347568bf72e912e02821f5f21a190352f8a64204d" - }, - { - "0xbf1a14e469c234b72d56324d100e016bc38cdf7158e35f230c047585e7b107acc8e222e7f19552541e59316affd90e96ca657b6112f5e8c786dfcff342fc46252fcdab10c632578540dbf6235f164bc5711924c7c6ba9da85ab", - "0x5dd3fb9a3de26cd89eb9517af6bb25678f149f906e8751a0c20d7646d21c17191237022a990e0156541e376986fd6a680c60228e5955df08bae5789c81751cdcafe5a2e72d45b09", - "0x5d5158821d220c001481413006a800620204919042041000000876400214020112210220880600564412026806252a480800020251054008b22158140145101824c582a20d00109", - "0xbf1a14e469c234b72d56324d100e016bc38cdff3fbfb7fe36cdcffbdf7fbf7bfede7aff7ff957ed75ff9f36fffdfde9edf7d7b7712fff9cf87dfdfff77fdc6fd6fedaf70e6be5fd5dfdbfee77f9ecbf57dddafe7e6ffbdedfab", - "0xbf1a14e469c234b72d56324d100e016bc38c82a2a37962c160dceb3cb6cbf117ed85adf36e053cd34ff9f367899fdc8add7c695610df71c987899bed7595c0d845a5a770e4bc0ed09fd34cc6278acab06dc58b22645db0edea2" - }, - }; - - bool opa=true, opo=true, opx=true; - - //////////////////// AND //////////////////// - - for (size_t i=0; i and - // Exponentiate(). It can easily consume all machine memory because it is an exponentiation - // without a modular reduction. - - // ****************************** DivideByZero ****************************** - - { - try { - Integer x = Integer(prng, 128) / Integer::Zero(); - result=false; - } catch (const Exception&) { - result=true; - } - - pass = result && pass; - if (!result) - std::cout << "FAILED: Integer DivideByZero\n"; - } - - // The 0*0 % 0 test. - { - try { - Integer x = 0; - Integer y = 0; - Integer z = ModularMultiplication(y, y, x); - result = false; - } - catch(const Integer::DivideByZero&) { - result = true; - } - - pass = result && pass; - if (!result) - std::cout << "FAILED: Integer DivideByZero\n"; - } - - // Another 0*0 % 0 test. - { - try { - Integer x = 0; - Integer y = 0; - Integer z = (y * y) % x; - result = false; - } - catch(const Integer::DivideByZero&) { - result = true; - } - - pass = result && pass; - if (!result) - std::cout << "FAILED: Integer DivideByZero\n"; - } - - // The 0^0 % 0 test. - { - try { - Integer x = 0; - Integer y = 0; - Integer z = ModularExponentiation(y, y, x); - result = false; - } - catch(const Integer::DivideByZero&) { - result = true; - } - - pass = result && pass; - if (!result) - std::cout << "FAILED: Integer DivideByZero\n"; - } - - // Another 0^0 % 0 test. - { - try { - Integer x = 0; - Integer y = 0; - Integer z = EuclideanDomainOf().Exponentiate(y, y) % x; - result = false; - } - catch(const Integer::DivideByZero&) { - result = true; - } - - pass = result && pass; - if (!result) - std::cout << "FAILED: Integer DivideByZero\n"; - } - - // Integer divide by 0 - { - try { - Integer r=1, q=1, a=1, d=0; - Integer::Divide(r, q, a, d); - result = false; - } - catch(const Integer::DivideByZero&) { - result = true; - } - - pass = result && pass; - if (!result) - std::cout << "FAILED: Integer DivideByZero\n"; - } - - // Another Integer divide by 0 - { - try { - Integer q=1, a=1; word r=1, d=0; - Integer::Divide(r, q, a, d); - result = false; - } - catch(const Integer::DivideByZero&) { - result = true; - } - - pass = result && pass; - if (!result) - std::cout << "FAILED: Integer DivideByZero\n"; - } - - if (pass) - std::cout << "passed:"; - else - std::cout << "FAILED:"; - std::cout << " Integer DivideByZero\n"; - - // ************************ RandomNumberNotFound ************************ - - try { - // A run of 71 composites; see http://en.wikipedia.org/wiki/Prime_gap - Integer x = Integer(GlobalRNG(), 31398, 31468, Integer::PRIME); - result=false; - } catch (const Exception&) { - result=true; - } - - pass = result && pass; - if (result) - std::cout << "passed:"; - else - std::cout << "FAILED:"; - std::cout << " Integer RandomNumberNotFound\n"; - - // ************************ Carmichael pseudo-primes ************************ - - result=true; - if (IsPrime(Integer("561"))) - result = false; - if (IsPrime(Integer("41041"))) - result = false; - if (IsPrime(Integer("321197185"))) - result = false; - if (IsPrime(Integer("5394826801"))) - result = false; - if (IsPrime(Integer("232250619601"))) - result = false; - if (IsPrime(Integer("974637772161"))) - result = false; - - pass = result && pass; - if (result) - std::cout << "passed:"; - else - std::cout << "FAILED:"; - std::cout << " Carmichael pseudo-primes\n"; - - // ****************************** Integer Double ****************************** - - try { - Integer x = Integer::One().Doubled(); - result = (x == Integer::Two()); - } catch (const Exception&) { - result=false; - } - - pass = result && pass; - if (!result) - std::cout << "FAILED: Integer Doubled\n"; - - // ****************************** Integer Square ****************************** - - try { - Integer x = Integer::Two().Squared(); - result = (x == 4); - } catch (const Exception&) { - result=false; - } - - pass = result && pass; - if (!result) - std::cout << "FAILED: Integer Squared\n"; - - try { - Integer x = Integer::Two().Squared(); - result = (x == 4) && x.IsSquare(); - } catch (const Exception&) { - result=false; - } - - pass = result && pass; - if (!result) - std::cout << "FAILED: Integer IsSquare\n"; - - if (pass) - std::cout << "passed:"; - else - std::cout << "FAILED:"; - std::cout << " Squaring operations\n"; - - // ****************************** Integer GCD ****************************** - - { - for (unsigned int i=0; i<128; ++i) - { - Integer x, y; - switch(i%2) - { - case 0: - { - AlgorithmParameters params = - MakeParameters("BitLength", 256)("RandomNumberType", Integer::PRIME); - x.GenerateRandom(prng, params); - y.GenerateRandom(prng, params); - break; - } - case 1: - { - x = MaurerProvablePrime(prng, 256); - y = MihailescuProvablePrime(prng, 256); - } - } - - if (x != y) - { - result = (RelativelyPrime(x, y) == true); - pass = result && pass; - - if (!result) - std::cout << "FAILED: Integer GCD\n"; - } - } - - if (pass) - std::cout << "passed:"; - else - std::cout << "FAILED:"; - std::cout << " GCD operations\n"; - } - - // ******************** Integer Modulo and InverseMod ******************** - - // http://github.com/weidai11/cryptopp/issues/602 - // The bug report that uncovered the InverseMod problems - { - Integer a("0x2F0500010000018000000000001C1C000000000000000A000B0000000000000000000000000000FDFFFFFF00000000"); - Integer b("0x3D2F050001"); - - result = (Integer("0x3529E4FEBC") == a.InverseMod(b)); - pass = result && pass; - if (!result) - std::cout << "FAILED: InverseMod operation\n"; - } - - // Integer Integer::InverseMod(const Integer &m) - // Large 'a' and 'm' - for (unsigned int i=0; i<128; ++i) - { - Integer a(prng, 1024), m(prng, 1024); - a++, m++; // make non-0 - - Integer x = a.InverseMod(m); - Integer y = (a % m).InverseMod(m); - Integer z = (a * y).Modulo(m); - - if (RelativelyPrime(a, m) == true) - result = (x == y) && (z == 1) && (ModularMultiplication(a, x, m) == 1); - else - result = (x == y); - - pass = result && pass; - if (!result) - std::cout << "FAILED: InverseMod operation\n"; - } - - // Integer Integer::InverseMod(const Integer &m) - // Corner cases like 0, 2m-1 and 2m+1 - for (unsigned int i=0; i<128; ++i) - { - Integer a(prng, 1024), m(prng, 1024); - a++, m++; // make non-0 - - // Corner cases - int j = i % 12; - switch (j) - { - case 0: - a = -1; break; - case 1: - a = 0; break; - case 2: - a = 1; break; - case 3: - a = m-1; break; - case 4: - a = m; break; - case 5: - a = m+1; break; - case 6: - a = 2*m-1; break; - case 7: - a = 2*m; break; - case 8: - a = 2*m+1; break; - case 9: - a = (m<<256)-1; break; - case 10: - a = (m<<256); break; - case 11: - a = (m<<256)+1; break; - default: - ;; - } - - Integer x = a.InverseMod(m); - Integer y = (a % m).InverseMod(m); - Integer z = (a * y).Modulo(m); - - if (RelativelyPrime(a, m) == true) - result = (x == y) && (z == 1) && (ModularMultiplication(a, x, m) == 1); - else - result = (x == y); - - pass = result && pass; - if (!result) - std::cout << "FAILED: InverseMod operation\n"; - } - - // Integer Integer::InverseMod(const Integer &m) - // Large 'a', small 'm' - for (unsigned int i=0; i<128; ++i) - { - Integer a(prng, 4096), m(prng, 32); - a++, m++; // make non-0 - - Integer x = a.InverseMod(m); - Integer y = (a % m).InverseMod(m); - Integer z = (a * y).Modulo(m); - - if (RelativelyPrime(a, m) == true) - result = (x == y) && (z == 1) && (ModularMultiplication(a, x, m) == 1); - else - result = (x == y); - - pass = result && pass; - if (!result) - std::cout << "FAILED: InverseMod operation\n"; - } - - // Integer Integer::InverseMod(word m) - // Small 'm' using word - for (unsigned int i=0; i<128; ++i) - { - Integer a(prng, 4096); word m; - prng.GenerateBlock((byte*)&m, sizeof(m)); - - a++; // make non-0 - if (m == 0) m++; - - // Avoid the conversion from word to long - Integer mi = Integer(Integer::POSITIVE, 0, m); - Integer ri = a % Integer(Integer::POSITIVE, 0, m); - - Integer x = Integer(Integer::POSITIVE, 0, a.InverseMod(m)); - Integer y = Integer(Integer::POSITIVE, 0, ri.InverseMod(m)); - Integer z = Integer(Integer::POSITIVE, 0, (a * y).Modulo(m)); - - if (GCD(a,mi) == 1) - result = (x == y) && (z == 1); - else - result = (x == y); - - pass = result && pass; - if (!result) - std::cout << "FAILED: InverseMod operation\n"; - } - - if (pass) - std::cout << "passed:"; - else - std::cout << "FAILED:"; - std::cout << " InverseMod operations\n"; - - // ****************************** Integer Divide ****************************** - - // Divide (Integer &r, Integer &q, const Integer &a, const Integer &d) - for (unsigned int i=0; i<128; ++i) - { - Integer r, q, a(prng, 1024), d(prng, 1024); - Integer::Divide(r, q, a, d); - - Integer xr = a % d; - Integer xq = a / d; - result = (r == xr) && (q == xq); - - pass = result && pass; - if (!result) - std::cout << "FAILED: Divide operation\n"; - } - - // Divide (word &r, Integer &q, const Integer &a, word d) - for (unsigned int i=0; i<128; ++i) - { - word r, d = prng.GenerateWord32(); - Integer q, a(prng, 1024); - Integer::Divide(r, q, a, d); - - Integer xr = a % Integer(Integer::POSITIVE, 0, d); - Integer xq = a / Integer(Integer::POSITIVE, 0, d); - result = (Integer(Integer::POSITIVE, 0, r) == xr) && (q == xq); - - pass = result && pass; - if (!result) - std::cout << "FAILED: Divide operation\n"; - } - - if (pass) - std::cout << "passed:"; - else - std::cout << "FAILED:"; - std::cout << " Divide operations\n"; - - // ****************************** Integer Power2 ****************************** - - { - Integer x, y; - - x = Integer::Power2(0); - result = (x == 1); - - pass = result && pass; - if (!result) - std::cout << "FAILED: Power2 operation\n"; - - x = Integer::Power2(1); - result = (x == 2); - - pass = result && pass; - if (!result) - std::cout << "FAILED: Power2 operation\n"; - } - - for (unsigned int i=0; i<128; i+=2) - { - Integer b = 2, m(prng, 2048); - - Integer x = EuclideanDomainOf().Exponentiate(b, i) % m; - Integer y = Integer::Power2(i) % m; - result = (x == y); - - pass = result && pass; - if (!result) - std::cout << "FAILED: Power2 operation\n"; - } - - if (pass) - std::cout << "passed:"; - else - std::cout << "FAILED:"; - std::cout << " Power2 operations\n"; - - // ****************************** Integer Exponentiation ****************************** - - { - word32 m = prng.GenerateWord32(); - if (m == 0) m++; - - Integer z = Integer::Zero(); - Integer x = ModularExponentiation(z, z, m); - Integer y = EuclideanDomainOf().Exponentiate(z, z) % m; - result = (x == y) && (x == 1); - - pass = result && pass; - if (!result) - std::cout << "FAILED: Exponentiation operation\n"; - } - - // The 0^0 % 0 test. - { - try - { - Integer x = 0; - Integer y = ModularExponentiation(x, x, x); - result = false; - } - catch(const Integer::DivideByZero&) - { - result = true; - } - - pass = result && pass; - if (!result) - std::cout << "FAILED: Exponentiation operation\n"; - } - - // Another 0^0 % 0 test. - { - try - { - Integer x = 0; - Integer z = EuclideanDomainOf().Exponentiate(0, 0) % x; - result = false; - } - catch(const Integer::DivideByZero&) - { - result = true; - } - - pass = result && pass; - if (!result) - std::cout << "FAILED: Exponentiation operation\n"; - } - - // Run the exponent 0 to 128 on base 0 - for (unsigned int i=0; i<128; i+=2) - { - Integer b = 0, m(prng, 2048); - - Integer x = ModularExponentiation(b, i, m); - Integer y = EuclideanDomainOf().Exponentiate(b, i) % m; - result = (x == y); - - pass = result && pass; - if (!result) - std::cout << "FAILED: Exponentiation operation\n"; - } - - // Run the exponent 1 to 128 on base 2 - for (unsigned int i=0; i<128; i+=2) - { - Integer b = 1, m(prng, 2048); - - Integer x = ModularExponentiation(b, i, m); - Integer y = EuclideanDomainOf().Exponentiate(b, i) % m; - result = (x == y); - - pass = result && pass; - if (!result) - std::cout << "FAILED: Exponentiation operation\n"; - } - - // Run the exponent 0 to 128 on base 2 - for (unsigned int i=0; i<128; i+=2) - { - Integer b = 2, m(prng, 2048); - - Integer x = ModularExponentiation(b, i, m); - Integer y = EuclideanDomainOf().Exponentiate(b, i) % m; - result = (x == y); - - pass = result && pass; - if (!result) - std::cout << "FAILED: Exponentiation operation\n"; - } - - // Run the exponent 0 to 24 on random base - for (unsigned int i=0; i<24; ++i) - { - Integer b(prng, 32), m(prng, 2048); - - Integer x = ModularExponentiation(b, i, m); - Integer y = EuclideanDomainOf().Exponentiate(b, i) % m; - result = (x == y); - - pass = result && pass; - if (!result) - std::cout << "FAILED: Exponentiation operation\n"; - } - - if (pass) - std::cout << "passed:"; - else - std::cout << "FAILED:"; - std::cout << " Exponentiation operations\n"; - - return pass; + return false; } #endif diff --git a/vendor/cryptopp/vendor_cryptopp/validat1.cpp b/vendor/cryptopp/vendor_cryptopp/validat1.cpp index e87b24c2..39392b94 100644 --- a/vendor/cryptopp/vendor_cryptopp/validat1.cpp +++ b/vendor/cryptopp/vendor_cryptopp/validat1.cpp @@ -1,64 +1,26 @@ -// validat1.cpp - originally written and placed in the public domain by Wei Dai -// CryptoPP::Test namespace added by JW in February 2017 +// validat1.cpp - originally written and placed in the public domain by Wei Dai and Jeffrey Walton +// Routines in this source file are only tested in Debug builds. +// Source files split in July 2018 to expedite compiles. #include "pch.h" #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 #include "cryptlib.h" -#include "pubkey.h" -#include "gfpcrypt.h" -#include "eccrypto.h" -#include "filters.h" -#include "files.h" -#include "hex.h" -#include "base32.h" -#include "base64.h" -#include "modes.h" -#include "cbcmac.h" -#include "dmac.h" -#include "idea.h" -#include "des.h" -#include "rc2.h" -#include "arc4.h" -#include "rc5.h" -#include "blowfish.h" -#include "3way.h" -#include "safer.h" -#include "gost.h" -#include "shark.h" -#include "cast.h" -#include "square.h" -#include "seal.h" -#include "rc6.h" -#include "mars.h" -#include "aes.h" #include "cpu.h" -#include "rng.h" -#include "rijndael.h" -#include "twofish.h" -#include "serpent.h" -#include "skipjack.h" -#include "shacal2.h" -#include "camellia.h" -#include "aria.h" -#include "osrng.h" -#include "drbg.h" -#include "rdrand.h" -#include "padlkrng.h" -#include "mersenne.h" -#include "randpool.h" -#include "zdeflate.h" -#include "smartptr.h" -#include "channels.h" -#include "misc.h" +#include "validate.h" + +#include "secblock.h" +#include "gzip.h" +#include "zlib.h" + +#if defined(CRYPTOPP_ALTIVEC_AVAILABLE) +# include "ppc_simd.h" +#endif -#include -#include #include #include - -#include "validate.h" +#include // Aggressive stack checking with VS2005 SP1 and above. #if (_MSC_FULL_VER >= 140050727) @@ -72,3392 +34,1188 @@ NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(Test) -bool ValidateAll(bool thorough) -{ - bool pass=TestSettings(); - pass=TestOS_RNG() && pass; - pass=TestRandomPool() && pass; -#if !defined(NO_OS_DEPENDENCE) && defined(OS_RNG_AVAILABLE) - pass=TestAutoSeededX917() && pass; -#endif - // pass=TestSecRandom() && pass; #if defined(CRYPTOPP_EXTENDED_VALIDATION) - pass=TestMersenne() && pass; -#endif -#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) - pass=TestPadlockRNG() && pass; - pass=TestRDRAND() && pass; - pass=TestRDSEED() && pass; -#endif -#if defined(CRYPTOPP_EXTENDED_VALIDATION) - // http://github.com/weidai11/cryptopp/issues/92 - pass=TestSecBlock() && pass; - // http://github.com/weidai11/cryptopp/issues/602 - pass=TestIntegerOps() && pass; - // http://github.com/weidai11/cryptopp/issues/336 - pass=TestIntegerBitops() && pass; - // http://github.com/weidai11/cryptopp/issues/64 - pass=TestPolynomialMod2() && pass; - // http://github.com/weidai11/cryptopp/issues/360 - pass=TestRounding() && pass; - // http://github.com/weidai11/cryptopp/issues/242 - pass=TestHuffmanCodes() && pass; - // http://github.com/weidai11/cryptopp/issues/346 - pass=TestASN1Parse() && pass; - // Always part of the self tests; call in Debug - pass=ValidateBaseCode() && pass; - // https://github.com/weidai11/cryptopp/issues/562 - pass=ValidateEncoder() && pass; - // Additional tests due to no coverage - pass=TestCompressors() && pass; - pass=TestSharing() && pass; - pass=TestEncryptors() && pass; -#endif - - pass=ValidateCRC32() && pass; - pass=ValidateCRC32C() && pass; - pass=ValidateAdler32() && pass; - pass=ValidateMD2() && pass; -#if defined(CRYPTOPP_EXTENDED_VALIDATION) - pass=ValidateMD4() && pass; -#endif - pass=ValidateMD5() && pass; - pass=ValidateSHA() && pass; - - pass=RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/keccak.txt") && pass; - pass=RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/sha3.txt") && pass; - - pass=ValidateHashDRBG() && pass; - pass=ValidateHmacDRBG() && pass; - - pass=ValidateTiger() && pass; - pass=ValidateRIPEMD() && pass; - pass=ValidatePanama() && pass; - pass=ValidateWhirlpool() && pass; - - pass=ValidateSM3() && pass; - pass=ValidateBLAKE2s() && pass; - pass=ValidateBLAKE2b() && pass; - pass=ValidatePoly1305() && pass; - pass=ValidateSipHash() && pass; - - pass=ValidateHMAC() && pass; - pass=ValidateTTMAC() && pass; - - pass=ValidatePBKDF() && pass; - pass=ValidateHKDF() && pass; - pass=ValidateScrypt() && pass; - - pass=ValidateDES() && pass; - pass=ValidateCipherModes() && pass; - pass=ValidateIDEA() && pass; - pass=ValidateSAFER() && pass; - pass=ValidateRC2() && pass; - pass=ValidateARC4() && pass; - pass=ValidateRC5() && pass; - pass=ValidateBlowfish() && pass; - pass=ValidateThreeWay() && pass; - pass=ValidateGOST() && pass; - pass=ValidateSHARK() && pass; - pass=ValidateCAST() && pass; - pass=ValidateSquare() && pass; - pass=ValidateSKIPJACK() && pass; - pass=ValidateSEAL() && pass; - pass=ValidateRC6() && pass; - pass=ValidateMARS() && pass; - pass=ValidateRijndael() && pass; - pass=ValidateTwofish() && pass; - pass=ValidateSerpent() && pass; - pass=ValidateSHACAL2() && pass; - pass=ValidateARIA() && pass; - pass=ValidateCamellia() && pass; - pass=ValidateSalsa() && pass; - pass=ValidateSosemanuk() && pass; - pass=RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/seed.txt") && pass; - pass=RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/threefish.txt") && pass; - pass=RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/kalyna.txt") && pass; - pass=RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/sm4.txt") && pass; - pass=ValidateVMAC() && pass; - pass=ValidateCCM() && pass; - pass=ValidateGCM() && pass; - pass=ValidateCMAC() && pass; - pass=RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/eax.txt") && pass; - - pass=ValidateBBS() && pass; - pass=ValidateDH() && pass; - pass=ValidateMQV() && pass; - pass=ValidateHMQV() && pass; - pass=ValidateFHMQV() && pass; - pass=ValidateRSA() && pass; - pass=ValidateElGamal() && pass; - pass=ValidateDLIES() && pass; - pass=ValidateNR() && pass; - pass=ValidateDSA(thorough) && pass; - pass=ValidateLUC() && pass; - pass=ValidateLUC_DH() && pass; - pass=ValidateLUC_DL() && pass; - pass=ValidateXTR_DH() && pass; - pass=ValidateRabin() && pass; - pass=ValidateRW() && pass; -// pass=ValidateBlumGoldwasser() && pass; - pass=ValidateECP() && pass; - pass=ValidateEC2N() && pass; - pass=ValidateECDSA() && pass; - pass=ValidateECDSA_RFC6979() && pass; - pass=ValidateECGDSA(thorough) && pass; - pass=ValidateESIGN() && pass; - - pass=ValidateNaCl() && pass; - - if (pass) - std::cout << "\nAll tests passed!\n"; - else - std::cout << "\nOops! Not all tests passed.\n"; - - return pass; -} - -bool TestSettings() +bool TestSecBlock() { - bool pass = true; + std::cout << "\nTesting SecBlock...\n\n"; - std::cout << "\nTesting Settings...\n\n"; + bool pass1=true, pass2=true, pass3=true, pass4=true, pass5=true, pass6=true, pass7=true, temp=false; - word32 w; - const byte s[] = "\x01\x02\x03\x04"; + //************ Allocators ************// -#if (_MSC_FULL_VER >= 140050727) - std::copy(s, s+4, - stdext::make_checked_array_iterator(reinterpret_cast(&w), sizeof(w))); -#else - std::copy(s, s+4, reinterpret_cast(&w)); + { + std::basic_string, AllocatorWithCleanup > s1; + std::basic_string, AllocatorWithCleanup > s2; + s1.resize(1024); s2.resize(1024); + + std::vector > v1; + std::vector > v2; + v1.resize(1024); v2.resize(1024); + } + + //********** Zeroized block **********// + + { + // NULL ptr with a size means to create a new SecBlock with all elements zero'd + SecByteBlock z1(NULLPTR, 256); + temp = true; + + for (size_t i = 0; i < z1.size(); i++) + temp &= (z1[i] == 0); + + pass1 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Zeroized byte array\n"; + + SecBlock z2(NULLPTR, 256); + temp = true; + + for (size_t i = 0; i < z2.size(); i++) + temp &= (z2[i] == 0); + + pass1 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Zeroized word32 array\n"; + + SecBlock z3(NULLPTR, 256); + temp = true; + + for (size_t i = 0; i < z3.size(); i++) + temp &= (z3[i] == 0); + + pass1 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Zeroized word64 array\n"; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + SecBlock z4(NULLPTR, 256); + temp = true; + + for (size_t i = 0; i < z4.size(); i++) + temp &= (z4[i] == 0); + + pass1 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Zeroized word128 array\n"; +#endif + } + + //********** Non-zero'd block **********// + + { + SecByteBlock z1(NULLPTR, 256); + z1.SetMark(0); + + SecBlock z2(NULLPTR, 256); + z2.SetMark(0); + + SecBlock z3(NULLPTR, 256); + z3.SetMark(0); + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + SecBlock z4(NULLPTR, 256); + z4.SetMark(0); +#endif + } + + //********** Assign **********// + + try + { + SecByteBlock a, b; + temp = true; + + a.Assign((const byte*)"a", 1); + b.Assign((const byte*)"b", 1); + + temp &= (a.SizeInBytes() == 1); + temp &= (b.SizeInBytes() == 1); + temp &= (a[0] == 'a'); + temp &= (b[0] == 'b'); + + a.Assign((const byte*)"ab", 2); + b.Assign((const byte*)"cd", 2); + + temp &= (a.SizeInBytes() == 2); + temp &= (b.SizeInBytes() == 2); + temp &= (a[0] == 'a' && a[1] == 'b'); + temp &= (b[0] == 'c' && b[1] == 'd'); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass2 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Assign byte\n"; + + try + { + SecBlock a, b; + temp = true; + + word32 one[1] = {1}, two[1] = {2}; + a.Assign(one, 1); + b.Assign(two, 1); + + temp &= (a.SizeInBytes() == 4); + temp &= (b.SizeInBytes() == 4); + temp &= (a[0] == 1); + temp &= (b[0] == 2); + + word32 three[2] = {1,2}, four[2] = {3,4}; + a.Assign(three, 2); + b.Assign(four, 2); + + temp &= (a.SizeInBytes() == 8); + temp &= (b.SizeInBytes() == 8); + temp &= (a[0] == 1 && a[1] == 2); + temp &= (b[0] == 3 && b[1] == 4); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass2 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Assign word32\n"; + + try + { + SecBlock a, b; + temp = true; + + word64 one[1] = {1}, two[1] = {2}; + a.Assign(one, 1); + b.Assign(two, 1); + + temp &= (a.SizeInBytes() == 8); + temp &= (b.SizeInBytes() == 8); + temp &= (a[0] == 1); + temp &= (b[0] == 2); + + word64 three[2] = {1,2}, four[2] = {3,4}; + a.Assign(three, 2); + b.Assign(four, 2); + + temp &= (a.SizeInBytes() == 16); + temp &= (b.SizeInBytes() == 16); + temp &= (a[0] == 1 && a[1] == 2); + temp &= (b[0] == 3 && b[1] == 4); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass2 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Assign word64\n"; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + try + { + SecBlock a, b; + temp = true; + + word128 one[1] = {1}, two[1] = {2}; + a.Assign(one, 1); + b.Assign(two, 1); + + temp &= (a.SizeInBytes() == 16); + temp &= (b.SizeInBytes() == 16); + temp &= (a[0] == 1); + temp &= (b[0] == 2); + + word128 three[2] = {1,2}, four[2] = {3,4}; + a.Assign(three, 2); + b.Assign(four, 2); + + temp &= (a.SizeInBytes() == 32); + temp &= (b.SizeInBytes() == 32); + temp &= (a[0] == 1 && a[1] == 2); + temp &= (b[0] == 3 && b[1] == 4); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass2 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Assign word128\n"; #endif - if (w == 0x04030201L) - { -#ifdef CRYPTOPP_LITTLE_ENDIAN - std::cout << "passed: "; -#else - std::cout << "FAILED: "; - pass = false; -#endif - std::cout << "Your machine is little endian.\n"; - } - else if (w == 0x01020304L) - { -#ifndef CRYPTOPP_LITTLE_ENDIAN - std::cout << "passed: "; -#else - std::cout << "FAILED: "; - pass = false; -#endif - std::cout << "Your machine is big endian.\n"; - } - else - { - std::cout << "FAILED: Your machine is neither big endian nor little endian.\n"; - pass = false; - } + //********** Append **********// -#if defined(CRYPTOPP_EXTENDED_VALIDATION) - // App and library versions, http://github.com/weidai11/cryptopp/issues/371 - const int v1 = LibraryVersion(); - const int v2 = HeaderVersion(); - if(v1/10 == v2/10) - std::cout << "passed: "; - else - { - std::cout << "FAILED: "; - pass = false; - } - std::cout << "Library version (library): " << v1 << ", header version (app): " << v2 << "\n"; + try + { + SecByteBlock a, b; + temp = true; + + a.Assign((const byte*)"a", 1); + b.Assign((const byte*)"b", 1); + + a += b; + temp &= (a.SizeInBytes() == 2); + temp &= (a[0] == 'a' && a[1] == 'b'); + + a.Assign((const byte*)"ab", 2); + b.Assign((const byte*)"cd", 2); + + a += b; + temp &= (a.SizeInBytes() == 4); + temp &= (a[0] == 'a' && a[1] == 'b' && a[2] == 'c' && a[3] == 'd'); + + a.Assign((const byte*)"a", 1); + + a += a; + temp &= (a.SizeInBytes() == 2); + temp &= (a[0] == 'a' && a[1] == 'a'); + + a.Assign((const byte*)"ab", 2); + + a += a; + temp &= (a.SizeInBytes() == 4); + temp &= (a[0] == 'a' && a[1] == 'b' && a[2] == 'a' && a[3] == 'b'); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass3 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Append byte\n"; + + try + { + SecBlock a, b; + temp = true; + + const word32 one[1] = {1}, two[1] = {2}; + a.Assign(one, 1); + b.Assign(two, 1); + + a += b; + temp &= (a.SizeInBytes() == 8); + temp &= (a[0] == 1 && a[1] == 2); + + const word32 three[2] = {1,2}, four[2] = {3,4}; + a.Assign(three, 2); + b.Assign(four, 2); + + a += b; + temp &= (a.SizeInBytes() == 16); + temp &= (a[0] == 1 && a[1] == 2 && a[2] == 3 && a[3] == 4); + + a.Assign(one, 1); + + a += a; + temp &= (a.SizeInBytes() == 8); + temp &= (a[0] == 1 && a[1] == 1); + + a.Assign(three, 2); + + a += a; + temp &= (a.SizeInBytes() == 16); + temp &= (a[0] == 1 && a[1] == 2 && a[2] == 1 && a[3] == 2); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass3 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Append word32\n"; + + try + { + SecBlock a, b; + temp = true; + + const word64 one[1] = {1}, two[1] = {2}; + a.Assign(one, 1); + b.Assign(two, 1); + + a += b; + temp &= (a.SizeInBytes() == 16); + temp &= (a[0] == 1 && a[1] == 2); + + const word64 three[2] = {1,2}, four[2] = {3,4}; + a.Assign(three, 2); + b.Assign(four, 2); + + a += b; + temp &= (a.SizeInBytes() == 32); + temp &= (a[0] == 1 && a[1] == 2 && a[2] == 3 && a[3] == 4); + + a.Assign(one, 1); + + a += a; + temp &= (a.SizeInBytes() == 16); + temp &= (a[0] == 1 && a[1] == 1); + + a.Assign(three, 2); + + a += a; + temp &= (a.SizeInBytes() == 32); + temp &= (a[0] == 1 && a[1] == 2 && a[2] == 1 && a[3] == 2); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass3 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Append word64\n"; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + try + { + SecBlock a, b; + temp = true; + + const word128 one[1] = {1}, two[1] = {2}; + a.Assign(one, 1); + b.Assign(two, 1); + + a += b; + temp &= (a.SizeInBytes() == 32); + temp &= (a[0] == 1 && a[1] == 2); + + const word128 three[2] = {1,2}, four[2] = {3,4}; + a.Assign(three, 2); + b.Assign(four, 2); + + a += b; + temp &= (a.SizeInBytes() == 64); + temp &= (a[0] == 1 && a[1] == 2 && a[2] == 3 && a[3] == 4); + + a.Assign(one, 1); + + a += a; + temp &= (a.SizeInBytes() == 32); + temp &= (a[0] == 1 && a[1] == 1); + + a.Assign(three, 2); + + a += a; + temp &= (a.SizeInBytes() == 64); + temp &= (a[0] == 1 && a[1] == 2 && a[2] == 1 && a[3] == 2); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass3 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Append word128\n"; #endif -#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS - // Don't assert the alignment of testvals. That's what this test is for. - byte testvals[10] = {1,2,2,3,3,3,3,2,2,1}; - if (*(word32 *)(void *)(testvals+3) == 0x03030303 && *(word64 *)(void *)(testvals+1) == W64LIT(0x0202030303030202)) - std::cout << "passed: Unaligned data access (CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS).\n"; - else - { - std::cout << "FAILED: Unaligned data access gave incorrect results.\n"; - pass = false; - } -#else - std::cout << "passed: Aligned data access (no CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS).\n"; + //********** Concatenate **********// + + // byte + try + { + SecByteBlock a, b, c; + temp = true; + + a.Assign((const byte*)"a", 1); + b.Assign((const byte*)"b", 1); + + c = a + b; + temp &= (a[0] == 'a'); + temp &= (b[0] == 'b'); + temp &= (c.SizeInBytes() == 2); + temp &= (c[0] == 'a' && c[1] == 'b'); + + a.Assign((const byte*)"ab", 2); + b.Assign((const byte*)"cd", 2); + + c = a + b; + temp &= (a[0] == 'a' && a[1] == 'b'); + temp &= (b[0] == 'c' && b[1] == 'd'); + temp &= (c.SizeInBytes() == 4); + temp &= (c[0] == 'a' && c[1] == 'b' && c[2] == 'c' && c[3] == 'd'); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass4 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Concatenate byte\n"; + + // word32 + try + { + SecBlock a, b, c; + temp = true; + + const word32 one[1] = {1}, two[1] = {2}; + a.Assign(one, 1); + b.Assign(two, 1); + + c = a + b; + temp &= (a[0] == 1); + temp &= (b[0] == 2); + temp &= (c.SizeInBytes() == 8); + temp &= (c[0] == 1 && c[1] == 2); + + const word32 three[2] = {1,2}, four[2] = {3,4}; + a.Assign(three, 2); + b.Assign(four, 2); + + c = a + b; + temp &= (a[0] == 1 && a[1] == 2); + temp &= (b[0] == 3 && b[1] == 4); + temp &= (c.SizeInBytes() == 16); + temp &= (c[0] == 1 && c[1] == 2 && c[2] == 3 && c[3] == 4); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass4 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Concatenate word32\n"; + + // word64 + try + { + SecBlock a, b, c; + temp = true; + + const word64 one[1] = {1}, two[1] = {2}; + a.Assign(one, 1); + b.Assign(two, 1); + + c = a + b; + temp &= (a[0] == 1); + temp &= (b[0] == 2); + temp &= (c.SizeInBytes() == 16); + temp &= (c[0] == 1 && c[1] == 2); + + const word64 three[2] = {1,2}, four[2] = {3,4}; + a.Assign(three, 2); + b.Assign(four, 2); + + c = a + b; + temp &= (a[0] == 1 && a[1] == 2); + temp &= (b[0] == 3 && b[1] == 4); + temp &= (c.SizeInBytes() == 32); + temp &= (c[0] == 1 && c[1] == 2 && c[2] == 3 && c[3] == 4); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass4 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Concatenate word64\n"; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + try + { + SecBlock a, b, c; + temp = true; + + const word128 one[1] = {1}, two[1] = {2}; + a.Assign(one, 1); + b.Assign(two, 1); + + c = a + b; + temp &= (a[0] == 1); + temp &= (b[0] == 2); + temp &= (c.SizeInBytes() == 32); + temp &= (c[0] == 1 && c[1] == 2); + + const word128 three[2] = {1,2}, four[2] = {3,4}; + a.Assign(three, 2); + b.Assign(four, 2); + + c = a + b; + temp &= (a[0] == 1 && a[1] == 2); + temp &= (b[0] == 3 && b[1] == 4); + temp &= (c.SizeInBytes() == 64); + temp &= (c[0] == 1 && c[1] == 2 && c[2] == 3 && c[3] == 4); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass4 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Concatenate word128\n"; #endif - if (sizeof(byte) == 1) - std::cout << "passed: "; - else - { - std::cout << "FAILED: "; - pass = false; - } - std::cout << "sizeof(byte) == " << sizeof(byte) << "\n"; + //********** Equality **********// - if (sizeof(word16) == 2) - std::cout << "passed: "; - else - { - std::cout << "FAILED: "; - pass = false; - } - std::cout << "sizeof(word16) == " << sizeof(word16) << "\n"; + // byte + try + { + static const byte str1[] = "abcdefghijklmnopqrstuvwxyz"; + static const byte str2[] = "zyxwvutsrqponmlkjihgfedcba"; + static const byte str3[] = "0123456789"; - if (sizeof(word32) == 4) - std::cout << "passed: "; - else - { - std::cout << "FAILED: "; - pass = false; - } - std::cout << "sizeof(word32) == " << sizeof(word32) << "\n"; + temp = true; + SecByteBlock a,b; - if (sizeof(word64) == 8) - std::cout << "passed: "; - else - { - std::cout << "FAILED: "; - pass = false; - } - std::cout << "sizeof(word64) == " << sizeof(word64) << "\n"; + a.Assign(str1, COUNTOF(str1)); + b.Assign(str1, COUNTOF(str1)); + temp &= (a.operator==(b)); -#ifdef CRYPTOPP_WORD128_AVAILABLE - if (sizeof(word128) == 16) - std::cout << "passed: "; - else - { - std::cout << "FAILED: "; - pass = false; - } - std::cout << "sizeof(word128) == " << sizeof(word128) << "\n"; + a.Assign(str3, COUNTOF(str3)); + b.Assign(str3, COUNTOF(str3)); + temp &= (a == b); + + a.Assign(str1, COUNTOF(str1)); + b.Assign(str2, COUNTOF(str2)); + temp &= (a.operator!=(b)); + + a.Assign(str1, COUNTOF(str1)); + b.Assign(str3, COUNTOF(str3)); + temp &= (a != b); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass5 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Equality byte\n"; + + // word32 + try + { + static const word32 str1[] = {2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97}; + static const word32 str2[] = {97,89,83,79,73,71,67,61,59,53,47,43,41,37,31,29,23,19,17,13,11,7,5,3,2}; + static const word32 str3[] = {0,1,2,3,4,5,6,7,8,9}; + + temp = true; + SecBlock a,b; + + a.Assign(str1, COUNTOF(str1)); + b.Assign(str1, COUNTOF(str1)); + temp &= (a.operator==(b)); + + a.Assign(str3, COUNTOF(str3)); + b.Assign(str3, COUNTOF(str3)); + temp &= (a == b); + + a.Assign(str1, COUNTOF(str1)); + b.Assign(str2, COUNTOF(str2)); + temp &= (a.operator!=(b)); + + a.Assign(str1, COUNTOF(str1)); + b.Assign(str3, COUNTOF(str3)); + temp &= (a != b); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass5 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Equality word32\n"; + + // word64 + try + { + static const word64 str1[] = {2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97}; + static const word64 str2[] = {97,89,83,79,73,71,67,61,59,53,47,43,41,37,31,29,23,19,17,13,11,7,5,3,2}; + static const word64 str3[] = {0,1,2,3,4,5,6,7,8,9}; + + temp = true; + SecBlock a,b; + + a.Assign(str1, COUNTOF(str1)); + b.Assign(str1, COUNTOF(str1)); + temp &= (a.operator==(b)); + + a.Assign(str3, COUNTOF(str3)); + b.Assign(str3, COUNTOF(str3)); + temp &= (a == b); + + a.Assign(str1, COUNTOF(str1)); + b.Assign(str2, COUNTOF(str2)); + temp &= (a.operator!=(b)); + + a.Assign(str1, COUNTOF(str1)); + b.Assign(str3, COUNTOF(str3)); + temp &= (a != b); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass5 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Equality word64\n"; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + // word128 + try + { + static const word128 str1[] = {2,3,5,7,11,13,17,19,23,29,31,37,41,43,47,53,59,61,67,71,73,79,83,89,97}; + static const word128 str2[] = {97,89,83,79,73,71,67,61,59,53,47,43,41,37,31,29,23,19,17,13,11,7,5,3,2}; + static const word128 str3[] = {0,1,2,3,4,5,6,7,8,9}; + + temp = true; + SecBlock a,b; + + a.Assign(str1, COUNTOF(str1)); + b.Assign(str1, COUNTOF(str1)); + temp &= (a.operator==(b)); + + a.Assign(str3, COUNTOF(str3)); + b.Assign(str3, COUNTOF(str3)); + temp &= (a == b); + + a.Assign(str1, COUNTOF(str1)); + b.Assign(str2, COUNTOF(str2)); + temp &= (a.operator!=(b)); + + a.Assign(str1, COUNTOF(str1)); + b.Assign(str3, COUNTOF(str3)); + temp &= (a != b); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + + pass5 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Equality word128\n"; #endif - if (sizeof(word) == 2*sizeof(hword) -#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - && sizeof(dword) == 2*sizeof(word) -#endif - ) - std::cout << "passed: "; - else - { - std::cout << "FAILED: "; - pass = false; - } - std::cout << "sizeof(hword) == " << sizeof(hword) << ", sizeof(word) == " << sizeof(word); -#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE - std::cout << ", sizeof(dword) == " << sizeof(dword); -#endif - std::cout << "\n"; + //********** Allocator Size/Overflow **********// - const int cacheLineSize = GetCacheLineSize(); - if (cacheLineSize < 16 || cacheLineSize > 256 || !IsPowerOf2(cacheLineSize)) - { - std::cout << "FAILED: "; - pass = false; - } - else - std::cout << "passed: "; - std::cout << "cacheLineSize == " << cacheLineSize << "\n"; + try + { + temp = false; -#ifdef CRYPTOPP_CPUID_AVAILABLE - bool hasSSE2 = HasSSE2(); - bool hasSSSE3 = HasSSSE3(); - bool hasSSE41 = HasSSE41(); - bool hasSSE42 = HasSSE42(); - bool isP4 = IsP4(); + AllocatorBase A; + const size_t max = A.max_size(); + SecBlock t(max+1); + } + catch(const Exception& /*ex*/) + { + temp = true; + } + catch(const std::exception& /*ex*/) + { + temp = true; + } - std::cout << "hasSSE2 == " << hasSSE2 << ", hasSSSE3 == " << hasSSSE3 << ", hasSSE4.1 == " << hasSSE41 << ", hasSSE4.2 == " << hasSSE42; - std::cout << ", hasAESNI == " << HasAESNI() << ", hasCLMUL == " << HasCLMUL() << ", hasRDRAND == " << HasRDRAND() << ", hasRDSEED == " << HasRDSEED(); - std::cout << ", hasSHA == " << HasSHA() << ", isP4 == " << isP4 << "\n"; + pass6 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Overflow word32\n"; -#elif (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64) - bool hasNEON = HasNEON(); - bool hasCRC32 = HasCRC32(); - bool hasPMULL = HasPMULL(); - bool hasAES = HasAES(); - bool hasSHA1 = HasSHA1(); - bool hasSHA2 = HasSHA2(); + try + { + temp = false; - std::cout << "passed: "; - std::cout << "hasNEON == " << hasNEON << ", hasCRC32 == " << hasCRC32 << ", hasPMULL == " << hasPMULL; - std::cout << ", hasAES == " << hasAES << ", hasSHA1 == " << hasSHA1 << ", hasSHA2 == " << hasSHA2 << "\n"; + AllocatorBase A; + const size_t max = A.max_size(); + SecBlock t(max+1); + } + catch(const Exception& /*ex*/) + { + temp = true; + } + catch(const std::exception& /*ex*/) + { + temp = true; + } -#elif (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) - const bool hasAltivec = HasAltivec(); - const bool hasPower7 = HasPower7(); - const bool hasPower8 = HasPower8(); - const bool hasAES = HasAES(); - const bool hasSHA256 = HasSHA256(); - const bool hasSHA512 = HasSHA512(); + pass6 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Overflow word64\n"; - std::cout << "passed: "; - std::cout << "hasAltivec == " << hasAltivec << ", hasPower7 == " << hasPower7 << ", hasPower8 == " << hasPower8; - std::cout << ", hasAES == " << hasAES << ", hasSHA256 == " << hasSHA256 << ", hasSHA512 == " << hasSHA512 << "\n"; +#if defined(CRYPTOPP_WORD128_AVAILABLE) + try + { + temp = false; + AllocatorBase A; + const size_t max = A.max_size(); + SecBlock t(max+1); + } + catch(const Exception& /*ex*/) + { + temp = true; + } + catch(const std::exception& /*ex*/) + { + temp = true; + } + + pass6 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Overflow word128\n"; #endif - if (!pass) - { - std::cerr << "Some critical setting in config.h is in error. Please fix it and recompile.\n"; - std::abort(); - } - return pass; -} + //********** FixedSizeAllocatorWithCleanup and Grow **********// -bool TestOS_RNG() -{ - bool pass = true; + // byte + try + { + static const unsigned int SIZE = 8; + SecBlockWithHint block(SIZE); + memset(block, 0xaa, block.SizeInBytes()); - member_ptr rng; + temp = true; + block.CleanGrow(SIZE*2); + temp &= (block.size() == SIZE*2); -#ifdef BLOCKING_RNG_AVAILABLE - try {rng.reset(new BlockingRng);} - catch (const OS_RNG_Err &) {} + for (size_t i = 0; i < block.size()/2; i++) + temp &= (block[i] == 0xaa); + for (size_t i = block.size()/2; i < block.size(); i++) + temp &= (block[i] == 0); + + block.CleanNew(SIZE*4); + temp &= (block.size() == SIZE*4); + for (size_t i = 0; i < block.size(); i++) + temp &= (block[i] == 0); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + catch(const std::exception& /*ex*/) + { + temp = false; + } + + pass7 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " FixedSizeAllocator Grow with byte\n"; + + // word32 + try + { + static const unsigned int SIZE = 8; + SecBlockWithHint block(SIZE); + memset(block, 0xaa, block.SizeInBytes()); + + temp = true; + block.CleanGrow(SIZE*2); + temp &= (block.size() == SIZE*2); + + for (size_t i = 0; i < block.size()/2; i++) + temp &= (block[i] == 0xaaaaaaaa); + + for (size_t i = block.size()/2; i < block.size(); i++) + temp &= (block[i] == 0); + + block.CleanNew(SIZE*4); + temp &= (block.size() == SIZE*4); + for (size_t i = 0; i < block.size(); i++) + temp &= (block[i] == 0); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + catch(const std::exception& /*ex*/) + { + temp = false; + } + + pass7 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " FixedSizeAllocator Grow with word32\n"; + + // word64 + try + { + static const unsigned int SIZE = 8; + SecBlockWithHint block(SIZE); + memset(block, 0xaa, block.SizeInBytes()); + + temp = true; + block.CleanGrow(SIZE*2); + temp &= (block.size() == SIZE*2); + + for (size_t i = 0; i < block.size()/2; i++) + temp &= (block[i] == W64LIT(0xaaaaaaaaaaaaaaaa)); + + for (size_t i = block.size()/2; i < block.size(); i++) + temp &= (block[i] == 0); + + block.CleanNew(SIZE*4); + temp &= (block.size() == SIZE*4); + for (size_t i = 0; i < block.size(); i++) + temp &= (block[i] == 0); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + catch(const std::exception& /*ex*/) + { + temp = false; + } + + pass7 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " FixedSizeAllocator Grow with word64\n"; + +#if defined(CRYPTOPP_WORD128_AVAILABLE) + // word128 + try + { + static const unsigned int SIZE = 8; + SecBlock > block(SIZE); + memset(block, 0xaa, block.SizeInBytes()); + + temp = true; + block.CleanGrow(SIZE*2); + temp &= (block.size() == SIZE*2); + + for (size_t i = 0; i < block.size()/2; i++) + temp &= (block[i] == (((word128)W64LIT(0xaaaaaaaaaaaaaaaa) << 64U) | W64LIT(0xaaaaaaaaaaaaaaaa))); + + for (size_t i = block.size()/2; i < block.size(); i++) + temp &= (block[i] == 0); + + block.CleanNew(SIZE*4); + temp &= (block.size() == SIZE*4); + for (size_t i = 0; i < block.size(); i++) + temp &= (block[i] == 0); + } + catch(const Exception& /*ex*/) + { + temp = false; + } + catch(const std::exception& /*ex*/) + { + temp = false; + } + + pass7 &= temp; + if (!temp) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " FixedSizeAllocator Grow with word128\n"; #endif - if (rng.get()) - { - std::cout << "\nTesting operating system provided blocking random number generator...\n\n"; - - MeterFilter meter(new Redirector(TheBitBucket())); - RandomNumberSource test(*rng, UINT_MAX, false, new Deflator(new Redirector(meter))); - unsigned long total=0, length=0; - time_t t = time(NULLPTR), t1 = 0; - CRYPTOPP_UNUSED(length); - - // check that it doesn't take too long to generate a reasonable amount of randomness - while (total < 16 && (t1 < 10 || total*8 > (unsigned long)t1)) - { - test.Pump(1); - total += 1; - t1 = time(NULLPTR) - t; - } - - if (total < 16) - { - std::cout << "FAILED:"; - pass = false; - } - else - std::cout << "passed:"; - std::cout << " it took " << long(t1) << " seconds to generate " << total << " bytes" << std::endl; - -#if 0 // disable this part. it's causing an unpredictable pause during the validation testing - if (t1 < 2) - { - // that was fast, are we really blocking? - // first exhaust the extropy reserve - t = time(NULLPTR); - while (time(NULLPTR) - t < 2) - { - test.Pump(1); - total += 1; - } - - // if it generates too many bytes in a certain amount of time, - // something's probably wrong - t = time(NULLPTR); - while (time(NULLPTR) - t < 2) - { - test.Pump(1); - total += 1; - length += 1; - } - if (length > 1024) - { - std::cout << "FAILED:"; - pass = false; - } - else - std::cout << "passed:"; - std::cout << " it generated " << length << " bytes in " << long(time(NULLPTR) - t) << " seconds" << std::endl; - } -#endif - - test.AttachedTransformation()->MessageEnd(); - - if (meter.GetTotalBytes() < total) - { - std::cout << "FAILED:"; - pass = false; - } - else - std::cout << "passed:"; - std::cout << " " << total << " generated bytes compressed to " << meter.GetTotalBytes() << " bytes by DEFLATE\n"; - - try - { - // Miscellaneous for code coverage - RandomNumberGenerator& prng = *rng.get(); - (void)prng.AlgorithmName(); - word32 result = prng.GenerateWord32(); - result = prng.GenerateWord32((result & 0xff), 0xffffffff - (result & 0xff)); - prng.GenerateBlock(reinterpret_cast(&result), 4); - prng.GenerateBlock(reinterpret_cast(&result), 3); - prng.GenerateBlock(reinterpret_cast(&result), 2); - prng.GenerateBlock(reinterpret_cast(&result), 1); - prng.GenerateBlock(reinterpret_cast(&result), 0); - pass = true; - } - catch (const Exception&) - { - pass = false; - } - - if (!pass) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " GenerateWord32 and Crop\n"; - } - else - std::cout << "\nNo operating system provided blocking random number generator, skipping test." << std::endl; - - rng.reset(NULLPTR); -#ifdef NONBLOCKING_RNG_AVAILABLE - try {rng.reset(new NonblockingRng);} - catch (OS_RNG_Err &) {} -#endif - - if (rng.get()) - { - std::cout << "\nTesting operating system provided nonblocking random number generator...\n\n"; - - MeterFilter meter(new Redirector(TheBitBucket())); - RandomNumberSource test(*rng, 100000, true, new Deflator(new Redirector(meter))); - - if (meter.GetTotalBytes() < 100000) - { - std::cout << "FAILED:"; - pass = false; - } - else - std::cout << "passed:"; - std::cout << " 100000 generated bytes compressed to " << meter.GetTotalBytes() << " bytes by DEFLATE\n"; - - try - { - // Miscellaneous for code coverage - RandomNumberGenerator& prng = *rng.get(); - (void)prng.AlgorithmName(); - word32 result = prng.GenerateWord32(); - result = prng.GenerateWord32((result & 0xff), 0xffffffff - (result & 0xff)); - prng.GenerateBlock(reinterpret_cast(&result), 4); - prng.GenerateBlock(reinterpret_cast(&result), 3); - prng.GenerateBlock(reinterpret_cast(&result), 2); - prng.GenerateBlock(reinterpret_cast(&result), 1); - prng.GenerateBlock(reinterpret_cast(&result), 0); - pass = true; - } - catch (const Exception&) - { - pass = false; - } - - if (!pass) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " GenerateWord32 and Crop\n"; - } - else - std::cout << "\nNo operating system provided nonblocking random number generator, skipping test." << std::endl; - - return pass; -} - -bool TestRandomPool() -{ - std::cout << "\nTesting RandomPool generator...\n\n"; - bool pass=true, fail; - { - RandomPool prng; - static const unsigned int ENTROPY_SIZE = 32; - - MeterFilter meter(new Redirector(TheBitBucket())); - RandomNumberSource test(prng, 100000, true, new Deflator(new Redirector(meter))); - - fail = false; - if (meter.GetTotalBytes() < 100000) - fail = true; - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " 100000 generated bytes compressed to " << meter.GetTotalBytes() << " bytes by DEFLATE\n"; - - try - { - fail = false; - prng.DiscardBytes(100000); - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " discarded 10000 bytes" << std::endl; - - try - { - fail = false; - if(prng.CanIncorporateEntropy()) - { - SecByteBlock entropy(ENTROPY_SIZE); - GlobalRNG().GenerateBlock(entropy, entropy.SizeInBytes()); - - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - } - } - catch (const Exception& /*ex*/) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " IncorporateEntropy with " << 4*ENTROPY_SIZE << " bytes\n"; - - try - { - // Miscellaneous for code coverage - (void)prng.AlgorithmName(); // "unknown" - word32 result = prng.GenerateWord32(); - result = prng.GenerateWord32((result & 0xff), 0xffffffff - (result & 0xff)); - prng.GenerateBlock(reinterpret_cast(&result), 4); - prng.GenerateBlock(reinterpret_cast(&result), 3); - prng.GenerateBlock(reinterpret_cast(&result), 2); - prng.GenerateBlock(reinterpret_cast(&result), 1); - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " GenerateWord32 and Crop\n"; - } - -#if !defined(NO_OS_DEPENDENCE) && defined(OS_RNG_AVAILABLE) - std::cout << "\nTesting AutoSeeded RandomPool generator...\n\n"; - { - AutoSeededRandomPool prng; - static const unsigned int ENTROPY_SIZE = 32; - - MeterFilter meter(new Redirector(TheBitBucket())); - RandomNumberSource test(prng, 100000, true, new Deflator(new Redirector(meter))); - - fail = false; - if (meter.GetTotalBytes() < 100000) - fail = true; - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " 100000 generated bytes compressed to " << meter.GetTotalBytes() << " bytes by DEFLATE\n"; - - try - { - fail = false; - prng.DiscardBytes(100000); - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " discarded 10000 bytes" << std::endl; - - try - { - fail = false; - if(prng.CanIncorporateEntropy()) - { - SecByteBlock entropy(ENTROPY_SIZE); - GlobalRNG().GenerateBlock(entropy, entropy.SizeInBytes()); - - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - } - } - catch (const Exception& /*ex*/) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " IncorporateEntropy with " << 4*ENTROPY_SIZE << " bytes\n"; - - try - { - // Miscellaneous for code coverage - fail = false; - (void)prng.AlgorithmName(); // "unknown" - word32 result = prng.GenerateWord32(); - result = prng.GenerateWord32((result & 0xff), 0xffffffff - (result & 0xff)); - prng.GenerateBlock(reinterpret_cast(&result), 4); - prng.GenerateBlock(reinterpret_cast(&result), 3); - prng.GenerateBlock(reinterpret_cast(&result), 2); - prng.GenerateBlock(reinterpret_cast(&result), 1); - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " GenerateWord32 and Crop\n"; - } -#endif - - // Old, PGP 2.6 style RandomPool. Added because users were still having problems - // with it in 2017. The missing functionality was a barrier to upgrades. - std::cout << "\nTesting OldRandomPool generator...\n\n"; - { - OldRandomPool old; - static const unsigned int ENTROPY_SIZE = 32; - - // https://github.com/weidai11/cryptopp/issues/452 - byte actual[32], expected[32] = { - 0x41,0xD1,0xEF,0x8F,0x10,0x3C,0xE2,0x94, - 0x47,0xC0,0xC3,0x86,0x66,0xBC,0x86,0x09, - 0x57,0x77,0x73,0x91,0x57,0x4D,0x93,0x66, - 0xD1,0x13,0xE1,0xBA,0x07,0x49,0x8F,0x75 - }; - - SecByteBlock seed(384); - for (size_t i=0; i<384; ++i) - seed[i] = static_cast(i); - old.IncorporateEntropy(seed, seed.size()); - - old.GenerateBlock(actual, sizeof(actual)); - fail = (0 != std::memcmp(actual, expected, sizeof(expected))); - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Expected sequence from PGP-style RandomPool (circa 2007)\n"; - - OldRandomPool prng; - MeterFilter meter(new Redirector(TheBitBucket())); - RandomNumberSource test(prng, 100000, true, new Deflator(new Redirector(meter))); - - fail = false; - if (meter.GetTotalBytes() < 100000) - fail = true; - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " 100000 generated bytes compressed to " << meter.GetTotalBytes() << " bytes by DEFLATE\n"; - - try - { - fail = false; - prng.DiscardBytes(100000); - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " discarded 10000 bytes" << std::endl; - - try - { - fail = false; - if(prng.CanIncorporateEntropy()) - { - SecByteBlock entropy(ENTROPY_SIZE); - GlobalRNG().GenerateBlock(entropy, entropy.SizeInBytes()); - - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - } - } - catch (const Exception& /*ex*/) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " IncorporateEntropy with " << 4*ENTROPY_SIZE << " bytes\n"; - - try - { - // Miscellaneous for code coverage - fail = false; - word32 result = prng.GenerateWord32(); - result = prng.GenerateWord32((result & 0xff), 0xffffffff - (result & 0xff)); - prng.GenerateBlock(reinterpret_cast(&result), 4); - prng.GenerateBlock(reinterpret_cast(&result), 3); - prng.GenerateBlock(reinterpret_cast(&result), 2); - prng.GenerateBlock(reinterpret_cast(&result), 1); - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " GenerateWord32 and Crop\n"; - } - - return pass; -} - -#if !defined(NO_OS_DEPENDENCE) && defined(OS_RNG_AVAILABLE) -bool TestAutoSeededX917() -{ - // This tests Auto-Seeding and GenerateIntoBufferedTransformation. - std::cout << "\nTesting AutoSeeded X917 generator...\n\n"; - - AutoSeededX917RNG prng; - bool pass = true, fail; - static const unsigned int ENTROPY_SIZE = 32; - - MeterFilter meter(new Redirector(TheBitBucket())); - RandomNumberSource test(prng, 100000, true, new Deflator(new Redirector(meter))); - - fail = false; - if (meter.GetTotalBytes() < 100000) - fail = true; - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " 100000 generated bytes compressed to " << meter.GetTotalBytes() << " bytes by DEFLATE\n"; - - try - { - fail = false; - prng.DiscardBytes(100000); - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " discarded 10000 bytes" << std::endl; - - try - { - fail = false; - if(prng.CanIncorporateEntropy()) - { - SecByteBlock entropy(ENTROPY_SIZE); - GlobalRNG().GenerateBlock(entropy, entropy.SizeInBytes()); - - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - } - } - catch (const Exception& /*ex*/) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " IncorporateEntropy with " << 4*ENTROPY_SIZE << " bytes\n"; - - try - { - // Miscellaneous for code coverage - fail = false; - (void)prng.AlgorithmName(); // "unknown" - word32 result = prng.GenerateWord32(); - result = prng.GenerateWord32((result & 0xff), 0xffffffff - (result & 0xff)); - prng.GenerateBlock(reinterpret_cast(&result), 4); - prng.GenerateBlock(reinterpret_cast(&result), 3); - prng.GenerateBlock(reinterpret_cast(&result), 2); - prng.GenerateBlock(reinterpret_cast(&result), 1); - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " GenerateWord32 and Crop\n"; - - return pass; + return pass1 && pass2 && pass3 && pass4 && pass5 && pass6 && pass7; } #endif #if defined(CRYPTOPP_EXTENDED_VALIDATION) -bool TestMersenne() +bool TestHuffmanCodes() { - std::cout << "\nTesting Mersenne Twister...\n\n"; + std::cout << "\nTesting Huffman codes...\n\n"; + bool pass=true; - static const unsigned int ENTROPY_SIZE = 32; - bool pass = true, fail = false; + static const size_t nCodes = 30; + const unsigned int codeCounts[nCodes] = { + 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; - // First 10; http://create.stephan-brumme.com/mersenne-twister/ - word32 result[10], expected[10] = {0xD091BB5C, 0x22AE9EF6, - 0xE7E1FAEE, 0xD5C31F79, 0x2082352C, 0xF807B7DF, 0xE9D30005, - 0x3895AFE1, 0xA1E24BBA, 0x4EE4092B}; + static const unsigned int maxCodeBits = nCodes >> 1; + unsigned int codeBits[nCodes] = { + ~0u, ~0u, ~0u, ~0u, ~0u, + ~0u, ~0u, ~0u, ~0u, ~0u, + ~0u, ~0u, ~0u, ~0u, ~0u, + }; - MT19937ar prng; - prng.GenerateBlock(reinterpret_cast(result), sizeof(result)); - fail = (0 != std::memcmp(result, expected, sizeof(expected))); + try + { + HuffmanEncoder::GenerateCodeLengths(codeBits, maxCodeBits, codeCounts, nCodes); + } + catch(const Exception& /*ex*/) + { + pass=false; + } - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Expected sequence from MT19937ar (2002 version)\n"; + if (!pass) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " GenerateCodeLengths" << std::endl; - MeterFilter meter(new Redirector(TheBitBucket())); - RandomNumberSource test(prng, 100000, true, new Deflator(new Redirector(meter))); + // Try to crash the HuffmanDecoder + for (unsigned int i=0; i<128; ++i) + { + try + { + byte data1[0xfff]; // Place on stack, avoid new + unsigned int data2[0xff]; - fail = false; - if (meter.GetTotalBytes() < 100000) - fail = true; + unsigned int len1 = GlobalRNG().GenerateWord32(4, 0xfff); + GlobalRNG().GenerateBlock(data1, len1); + unsigned int len2 = GlobalRNG().GenerateWord32(4, 0xff); + GlobalRNG().GenerateBlock((byte*)data2, len2*sizeof(unsigned int)); - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " 100000 generated bytes compressed to " << meter.GetTotalBytes() << " bytes by DEFLATE\n"; + ArraySource source(data1, len1, false); + HuffmanDecoder decoder(data2, len2); - try - { - fail = false; - prng.DiscardBytes(100000); - } - catch (const Exception&) - { - fail = true; - } + LowFirstBitReader reader(source); + unsigned int val; + for (unsigned int j=0; !source.AnyRetrievable(); ++j) + decoder.Decode(reader, val); + } + catch (const Exception&) {} + } - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " discarded 10000 bytes\n"; + std::cout << "passed: HuffmanDecoder decode" << std::endl; - try - { - fail = false; - if(prng.CanIncorporateEntropy()) - { - SecByteBlock entropy(ENTROPY_SIZE); - GlobalRNG().GenerateBlock(entropy, entropy.SizeInBytes()); - - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); - } - } - catch (const Exception& /*ex*/) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " IncorporateEntropy with " << 4*ENTROPY_SIZE << " bytes\n"; - - try - { - // Miscellaneous for code coverage - (void)prng.AlgorithmName(); - word32 temp = prng.GenerateWord32(); - temp = prng.GenerateWord32((temp & 0xff), 0xffffffff - (temp & 0xff)); - prng.GenerateBlock(reinterpret_cast(&result[0]), 4); - prng.GenerateBlock(reinterpret_cast(&result[0]), 3); - prng.GenerateBlock(reinterpret_cast(&result[0]), 2); - prng.GenerateBlock(reinterpret_cast(&result[0]), 1); - prng.GenerateBlock(reinterpret_cast(&result[0]), 0); - fail = false; - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " GenerateWord32 and Crop\n"; - - return pass; + return pass; } #endif -#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) - bool TestPadlockRNG() +#if defined(CRYPTOPP_EXTENDED_VALIDATION) +# if defined(CRYPTOPP_ALTIVEC_AVAILABLE) +bool TestAltivecOps() { - std::cout << "\nTesting Padlock RNG generator...\n\n"; + std::cout << "\nTesting Altivec operations...\n\n"; - bool pass = true, fail = false; - member_ptr rng; + if (HasAltivec() == false) + { + std::cout << "\nAltivec not available, skipping test." << std::endl; + return true; + } - try {rng.reset(new PadlockRNG);} - catch (const PadlockRNG_Err &) {} - if (rng.get()) - { - PadlockRNG& padlock = dynamic_cast(*rng.get()); - static const unsigned int SIZE = 10000; - SecByteBlock zero(16), one(16), t(16); - std::memset(zero, 0x00, 16); - std::memset( one, 0xff, 16); + // These tests may seem superflous, but we really want to test the + // Altivec/POWER4 implementation. That does not happen when POWER7 + // or POWER8 is available because we use POWER7's unaligned loads + // and stores with POWER8's AES, SHA, etc. These tests enage + // Altivec/POWER4 without POWER7, like on an old PowerMac. - // Cryptography Research, Inc tests - word32 oldDivisor = padlock.SetDivisor(0); - padlock.GenerateBlock(t, t.size()); - word32 msr = padlock.GetMSR(); - padlock.SetDivisor(oldDivisor); + //********** Unaligned loads and stores **********// + bool pass1=true; - // Bit 6 should be set - fail = !(msr & (1 << 6U)); - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " VIA RNG is activated\n"; + CRYPTOPP_ALIGN_DATA(16) + byte dest[20], src[20] = {23,22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5,4}; + const byte st1[16] ={22,21,20,19,18,17,16,15,14,13,12,11,10,9,8,7}; + const byte st2[16] ={21,20,19,18,17,16,15,14,13,12,11,10,9,8,7,6}; + const byte st3[16] ={20,19,18,17,16,15,14,13,12,11,10,9,8,7,6,5}; - // Bit 13 should be unset - fail = !!(msr & (1 << 13U)); - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " von Neumann corrector is activated\n"; + VecStore(VecLoad(src), dest); + pass1 = (0 == std::memcmp(src, dest, 16)) && pass1; + CRYPTOPP_ASSERT(pass1); - // Bit 14 should be unset - fail = !!(msr & (1 << 14U)); - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " String filter is deactivated\n"; + VecStore(VecLoad(src+1), dest+1); + pass1 = (0 == std::memcmp(st1, dest+1, 16)) && pass1; + CRYPTOPP_ASSERT(pass1); - // Bit 12:10 should be unset - fail = !!(msr & (0x7 << 10U)); - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Bias voltage is unmodified\n"; + VecStore(VecLoad(src+2), dest+2); + pass1 = (0 == std::memcmp(st2, dest+2, 16)) && pass1; + CRYPTOPP_ASSERT(pass1); - fail = false; - if (t == zero || t == one) - fail = true; + VecStore(VecLoad(src+3), dest+3); + pass1 = (0 == std::memcmp(st3, dest+3, 16)) && pass1; + CRYPTOPP_ASSERT(pass1); - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " All 0's or all 1's test\n"; + VecStoreBE(VecLoadBE(src), dest); + pass1 = (0 == std::memcmp(src, dest, 16)) && pass1; + CRYPTOPP_ASSERT(pass1); - MeterFilter meter(new Redirector(TheBitBucket())); - Deflator deflator(new Redirector(meter)); - MaurerRandomnessTest maurer; + VecStoreBE(VecLoadBE(src+1), dest+1); + pass1 = (0 == std::memcmp(st1, dest+1, 16)) && pass1; + CRYPTOPP_ASSERT(pass1); - ChannelSwitch chsw; - chsw.AddDefaultRoute(deflator); - chsw.AddDefaultRoute(maurer); + VecStoreBE(VecLoadBE(src+2), dest+2); + pass1 = (0 == std::memcmp(st2, dest+2, 16)) && pass1; + CRYPTOPP_ASSERT(pass1); - RandomNumberSource rns(padlock, SIZE, true, new Redirector(chsw)); - deflator.Flush(true); + VecStoreBE(VecLoadBE(src+3), dest+3); + pass1 = (0 == std::memcmp(st3, dest+3, 16)) && pass1; + CRYPTOPP_ASSERT(pass1); - CRYPTOPP_ASSERT(0 == maurer.BytesNeeded()); - const double mv = maurer.GetTestValue(); - fail = false; - if (mv < 0.98f) - fail = true; +#if (CRYPTOPP_LITTLE_ENDIAN) + VecStore(VecLoadBE(src), dest); + pass1 = (0 != std::memcmp(src, dest, 16)) && pass1; + CRYPTOPP_ASSERT(pass1); - // Coverity finding, also see http://stackoverflow.com/a/34509163/608639. - StreamState ss(std::cout); - std::cout << std::setiosflags(std::ios::fixed) << std::setprecision(6); - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Maurer Randomness Test returned value " << mv << "\n"; - - fail = false; - if (meter.GetTotalBytes() < SIZE) - fail = true; - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " " << SIZE << " generated bytes compressed to " << meter.GetTotalBytes() << " bytes by DEFLATE\n"; - - try - { - fail = false; - padlock.DiscardBytes(SIZE); - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " discarded " << SIZE << " bytes\n"; - - try - { - // Miscellaneous for code coverage - (void)padlock.AlgorithmName(); - (void)padlock.CanIncorporateEntropy(); - padlock.IncorporateEntropy(NULLPTR, 0); - - word32 result = padlock.GenerateWord32(); - result = padlock.GenerateWord32((result & 0xff), 0xffffffff - (result & 0xff)); - padlock.GenerateBlock(reinterpret_cast(&result), 4); - padlock.GenerateBlock(reinterpret_cast(&result), 3); - padlock.GenerateBlock(reinterpret_cast(&result), 2); - padlock.GenerateBlock(reinterpret_cast(&result), 1); - fail = false; - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " GenerateWord32 and Crop\n"; - } - else - std::cout << "Padlock RNG generator not available, skipping test.\n"; - - return pass; -} - -bool TestRDRAND() -{ - std::cout << "\nTesting RDRAND generator...\n\n"; - - bool pass = true, fail = false; - member_ptr rng; - - try {rng.reset(new RDRAND);} - catch (const RDRAND_Err &) {} - if (rng.get()) - { - RDRAND& rdrand = dynamic_cast(*rng.get()); - static const unsigned int SIZE = 10000; - - MeterFilter meter(new Redirector(TheBitBucket())); - Deflator deflator(new Redirector(meter)); - MaurerRandomnessTest maurer; - - ChannelSwitch chsw; - chsw.AddDefaultRoute(deflator); - chsw.AddDefaultRoute(maurer); - - RandomNumberSource rns(rdrand, SIZE, true, new Redirector(chsw)); - deflator.Flush(true); - - CRYPTOPP_ASSERT(0 == maurer.BytesNeeded()); - const double mv = maurer.GetTestValue(); - if (mv < 0.98f) - fail = true; - - // Coverity finding, also see http://stackoverflow.com/a/34509163/608639. - StreamState ss(std::cout); - std::cout << std::setiosflags(std::ios::fixed) << std::setprecision(6); - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Maurer Randomness Test returned value " << mv << "\n"; - - fail = false; - if (meter.GetTotalBytes() < SIZE) - fail = true; - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " " << SIZE << " generated bytes compressed to " << meter.GetTotalBytes() << " bytes by DEFLATE\n"; - - try - { - fail = false; - rdrand.DiscardBytes(SIZE); - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " discarded " << SIZE << " bytes\n"; - - try - { - // Miscellaneous for code coverage - (void)rdrand.AlgorithmName(); - (void)rdrand.CanIncorporateEntropy(); - rdrand.IncorporateEntropy(NULLPTR, 0); - - word32 result = rdrand.GenerateWord32(); - result = rdrand.GenerateWord32((result & 0xff), 0xffffffff - (result & 0xff)); - rdrand.GenerateBlock(reinterpret_cast(&result), 4); - rdrand.GenerateBlock(reinterpret_cast(&result), 3); - rdrand.GenerateBlock(reinterpret_cast(&result), 2); - rdrand.GenerateBlock(reinterpret_cast(&result), 1); - fail = false; - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " GenerateWord32 and Crop\n"; - } - else - std::cout << "RDRAND generator not available, skipping test.\n"; - - return pass; -} - -bool TestRDSEED() -{ - std::cout << "\nTesting RDSEED generator...\n\n"; - - bool pass = true, fail = false; - member_ptr rng; - - try {rng.reset(new RDSEED);} - catch (const RDSEED_Err &) {} - if (rng.get()) - { - RDSEED& rdseed = dynamic_cast(*rng.get()); - static const unsigned int SIZE = 10000; - - MeterFilter meter(new Redirector(TheBitBucket())); - Deflator deflator(new Redirector(meter)); - MaurerRandomnessTest maurer; - - ChannelSwitch chsw; - chsw.AddDefaultRoute(deflator); - chsw.AddDefaultRoute(maurer); - - RandomNumberSource rns(rdseed, SIZE, true, new Redirector(chsw)); - deflator.Flush(true); - - CRYPTOPP_ASSERT(0 == maurer.BytesNeeded()); - const double mv = maurer.GetTestValue(); - if (mv < 0.98f) - fail = true; - - // Coverity finding, also see http://stackoverflow.com/a/34509163/608639. - StreamState ss(std::cout); - std::cout << std::setiosflags(std::ios::fixed) << std::setprecision(6); - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " Maurer Randomness Test returned value " << mv << "\n"; - - fail = false; - if (meter.GetTotalBytes() < SIZE) - fail = true; - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " " << SIZE << " generated bytes compressed to " << meter.GetTotalBytes() << " bytes by DEFLATE\n"; - - try - { - fail = false; - rdseed.DiscardBytes(SIZE); - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " discarded " << SIZE << " bytes\n"; - - try - { - // Miscellaneous for code coverage - (void)rdseed.AlgorithmName(); - (void)rdseed.CanIncorporateEntropy(); - rdseed.IncorporateEntropy(NULLPTR, 0); - - word32 result = rdseed.GenerateWord32(); - result = rdseed.GenerateWord32((result & 0xff), 0xffffffff - (result & 0xff)); - rdseed.GenerateBlock(reinterpret_cast(&result), 4); - rdseed.GenerateBlock(reinterpret_cast(&result), 3); - rdseed.GenerateBlock(reinterpret_cast(&result), 2); - rdseed.GenerateBlock(reinterpret_cast(&result), 1); - fail = false; - } - catch (const Exception&) - { - fail = true; - } - - pass &= !fail; - if (fail) - std::cout << "FAILED:"; - else - std::cout << "passed:"; - std::cout << " GenerateWord32 and Crop\n"; - } - else - std::cout << "RDSEED generator not available, skipping test.\n"; - - return pass; -} + VecStoreBE(VecLoad(src), dest); + pass1 = (0 != std::memcmp(src, dest, 16)) && pass1; + CRYPTOPP_ASSERT(pass1); #endif -bool ValidateHashDRBG() -{ - std::cout << "\nTesting NIST Hash DRBGs...\n\n"; - bool pass=true, fail; - - // # CAVS 14.3 - // # DRBG800-90A information for "drbg_pr" - // # Generated on Tue Apr 02 15:32:09 2013 - - { - // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] - // [PersonalizationStringLen = 0], [AdditionalInputLen = 0], [ReturnedBitsLen = 640] - const byte entropy1[] = "\x16\x10\xb8\x28\xcc\xd2\x7d\xe0\x8c\xee\xa0\x32\xa2\x0e\x92\x08"; - const byte entropy2[] = "\x72\xd2\x8c\x90\x8e\xda\xf9\xa4\xd1\xe5\x26\xd8\xf2\xde\xd5\x44"; - const byte nonce[] = "\x49\x2c\xf1\x70\x92\x42\xf6\xb5"; - - Hash_DRBG drbg(entropy1, 16, nonce, 8); - drbg.IncorporateEntropy(entropy2, 16); - - SecByteBlock result(80); - drbg.GenerateBlock(result, result.size()); - drbg.GenerateBlock(result, result.size()); - - const byte expected[] = "\x56\xF3\x3D\x4F\xDB\xB9\xA5\xB6\x4D\x26\x23\x44\x97\xE9\xDC\xB8\x77\x98\xC6\x8D" - "\x08\xF7\xC4\x11\x99\xD4\xBD\xDF\x97\xEB\xBF\x6C\xB5\x55\x0E\x5D\x14\x9F\xF4\xD5" - "\xBD\x0F\x05\xF2\x5A\x69\x88\xC1\x74\x36\x39\x62\x27\x18\x4A\xF8\x4A\x56\x43\x35" - "\x65\x8E\x2F\x85\x72\xBE\xA3\x33\xEE\xE2\xAB\xFF\x22\xFF\xA6\xDE\x3E\x22\xAC\xA2"; - - fail = !!memcmp(result, expected, 640/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (COUNT=0, E=16, N=8)\n"; - } - - { - // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] - // [PersonalizationStringLen = 0], [AdditionalInputLen = 0], [ReturnedBitsLen = 640] - const byte entropy1[] = "\x55\x08\x75\xb7\x4e\xc1\x1f\x90\x67\x78\xa3\x1a\x37\xa3\x29\xfd"; - const byte entropy2[] = "\x96\xc6\x39\xec\x14\x9f\x6b\x28\xe2\x79\x3b\xb9\x37\x9e\x60\x67"; - const byte nonce[] = "\x08\xdd\x8c\xd3\x5b\xfa\x00\x94"; - - Hash_DRBG drbg(entropy1, 16, nonce, 8); - drbg.IncorporateEntropy(entropy2, 16); - - SecByteBlock result(80); - drbg.GenerateBlock(result, result.size()); - drbg.GenerateBlock(result, result.size()); - - const byte expected[] = "\xEE\x44\xC6\xCF\x2C\x0C\x73\xA8\xAC\x4C\xA5\x6C\x0E\x71\x2C\xA5\x50\x9A\x19\x5D" - "\xE4\x5B\x8D\x2B\xC9\x40\xA7\xDB\x66\xC3\xEB\x2A\xA1\xBD\xB4\xDD\x76\x85\x12\x45" - "\x80\x2E\x68\x05\x4A\xAB\xA8\x7C\xD6\x3A\xD3\xE5\xC9\x7C\x06\xE7\xA3\x9F\xF6\xF9" - "\x8E\xB3\xD9\x72\xD4\x11\x35\xE5\xE7\x46\x1B\x49\x9C\x56\x45\x6A\xBE\x7F\x77\xD4"; - - fail = !!memcmp(result, expected, 640/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (COUNT=1, E=16, N=8)\n"; - } - - { - // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] - // [PersonalizationStringLen = 0], [AdditionalInputLen = 128], [ReturnedBitsLen = 640] - const byte entropy1[] = "\xd9\xba\xb5\xce\xdc\xa9\x6f\x61\x78\xd6\x45\x09\xa0\xdf\xdc\x5e"; - const byte entropy2[] = "\xc6\xba\xd0\x74\xc5\x90\x67\x86\xf5\xe1\xf3\x20\x99\xf5\xb4\x91"; - const byte nonce[] = "\xda\xd8\x98\x94\x14\x45\x0e\x01"; - const byte additional1[] = "\x3e\x6b\xf4\x6f\x4d\xaa\x38\x25\xd7\x19\x4e\x69\x4e\x77\x52\xf7"; - const byte additional2[] = "\x04\xfa\x28\x95\xaa\x5a\x6f\x8c\x57\x43\x34\x3b\x80\x5e\x5e\xa4"; - const byte additional3[] = "\xdf\x5d\xc4\x59\xdf\xf0\x2a\xa2\xf0\x52\xd7\x21\xec\x60\x72\x30"; - - Hash_DRBG drbg(entropy1, 16, nonce, 8); - drbg.IncorporateEntropy(entropy2, 16, additional1, 16); - - SecByteBlock result(80); - drbg.GenerateBlock(additional2, 16, result, result.size()); - drbg.GenerateBlock(additional3, 16, result, result.size()); - - const byte expected[] = "\xC4\x8B\x89\xF9\xDA\x3F\x74\x82\x45\x55\x5D\x5D\x03\x3B\x69\x3D\xD7\x1A\x4D\xF5" - "\x69\x02\x05\xCE\xFC\xD7\x20\x11\x3C\xC2\x4E\x09\x89\x36\xFF\x5E\x77\xB5\x41\x53" - "\x58\x70\xB3\x39\x46\x8C\xDD\x8D\x6F\xAF\x8C\x56\x16\x3A\x70\x0A\x75\xB2\x3E\x59" - "\x9B\x5A\xEC\xF1\x6F\x3B\xAF\x6D\x5F\x24\x19\x97\x1F\x24\xF4\x46\x72\x0F\xEA\xBE"; - - fail = !!memcmp(result, expected, 640/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=0, E=16, N=8, A=16)\n"; - } - - { - // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] - // [PersonalizationStringLen = 0], [AdditionalInputLen = 128], [ReturnedBitsLen = 640] - const byte entropy1[] = "\x28\x00\x0f\xbf\xf0\x57\x22\xc8\x89\x93\x06\xc2\x9b\x50\x78\x0a"; - const byte entropy2[] = "\xd9\x95\x8e\x8c\x08\xaf\x5a\x41\x0e\x91\x9b\xdf\x40\x8e\x5a\x0a"; - const byte nonce[] = "\x11\x2f\x6e\x20\xc0\x29\xed\x3f"; - const byte additional1[] = "\x91\x1d\x96\x5b\x6e\x77\xa9\x6c\xfe\x3f\xf2\xd2\xe3\x0e\x2a\x86"; - const byte additional2[] = "\xcd\x44\xd9\x96\xab\x05\xef\xe8\x27\xd3\x65\x83\xf1\x43\x18\x2c"; - const byte additional3[] = "\x9f\x6a\x31\x82\x12\x18\x4e\x70\xaf\x5d\x00\x14\x1f\x42\x82\xf6"; - - Hash_DRBG drbg(entropy1, 16, nonce, 8); - drbg.IncorporateEntropy(entropy2, 16, additional1, 16); - - SecByteBlock result(80); - drbg.GenerateBlock(additional2, 16, result, result.size()); - drbg.GenerateBlock(additional3, 16, result, result.size()); - - const byte expected[] = "\x54\x61\x65\x92\x1E\x71\x4A\xD1\x39\x02\x2F\x97\xD2\x65\x3F\x0D\x47\x69\xB1\x4A" - "\x3E\x6E\xEF\xA1\xA0\x16\xD6\x9E\xA9\x7F\x51\xD5\x81\xDC\xAA\xCF\x66\xF9\xB1\xE8" - "\x06\x94\x41\xD6\xB5\xC5\x44\x60\x54\x07\xE8\xE7\xDC\x1C\xD8\xE4\x70\xAD\x84\x77" - "\x5A\x65\x31\xBE\xE0\xFC\x81\x36\xE2\x8F\x0B\xFE\xEB\xE1\x98\x62\x7E\x98\xE0\xC1"; - - fail = !!memcmp(result, expected, 640/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=1, E=16, N=8, A=16)\n"; - } - - { - // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] - // [PersonalizationStringLen = 128], [AdditionalInputLen = 0], [ReturnedBitsLen = 640] - const byte entropy1[] = "\x0e\xd5\x4c\xef\x44\x5c\x61\x7d\x58\x86\xe0\x34\xc0\x97\x36\xd4"; - const byte entropy2[] = "\x0b\x90\x27\xb8\x01\xe7\xf7\x2e\xe6\xec\x50\x2b\x8b\x6b\xd7\x11"; - const byte nonce[] = "\x2c\x8b\x07\x13\x55\x6c\x91\x6f"; - const byte personalization[] = "\xf3\x37\x8e\xa1\x45\x34\x30\x41\x12\xe0\xee\x57\xe9\xb3\x4a\x4b"; - - Hash_DRBG drbg(entropy1, 16, nonce, 8, personalization, 16); - drbg.IncorporateEntropy(entropy2, 16); - - SecByteBlock result(80); - drbg.GenerateBlock(result, result.size()); - drbg.GenerateBlock(result, result.size()); - - const byte expected[] = "\x55\x37\x0E\xD4\xB7\xCA\xA4\xBB\x67\x3A\x0F\x58\x40\xB3\x9F\x76\x4E\xDA\xD2\x85" - "\xD5\x6F\x01\x8F\x2D\xA7\x54\x4B\x0E\x66\x39\x62\x35\x96\x1D\xB7\xF6\xDA\xFB\x30" - "\xB6\xC5\x68\xD8\x40\x6E\x2B\xD4\x3D\x23\xEB\x0F\x10\xBA\x5F\x24\x9C\xC9\xE9\x4A" - "\xD3\xA5\xF1\xDF\xA4\xF2\xB4\x80\x40\x91\xED\x8C\xD6\x6D\xE7\xB7\x53\xB2\x09\xD5"; - - fail = !!memcmp(result, expected, 640/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=0, E=16, N=8, A=0, P=16)\n"; - } - - { - // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] - // [PersonalizationStringLen = 128], [AdditionalInputLen = 0], [ReturnedBitsLen = 640] - const byte entropy1[] = "\x8f\x2a\x33\x9f\x5f\x45\x21\x30\xa4\x57\xa9\x6f\xcb\xe2\xe6\x36"; - const byte entropy2[] = "\x1f\xff\x9e\x4f\x4d\x66\x3a\x1f\x9e\x85\x4a\x15\x7d\xad\x97\xe0"; - const byte nonce[] = "\x0e\xd0\xe9\xa5\xa4\x54\x8a\xd0"; - const byte personalization[] = "\x45\xe4\xb3\xe2\x63\x87\x62\x57\x2c\x99\xe4\x03\x45\xd6\x32\x6f"; - - Hash_DRBG drbg(entropy1, 16, nonce, 8, personalization, 16); - drbg.IncorporateEntropy(entropy2, 16); - - SecByteBlock result(80); - drbg.GenerateBlock(result, result.size()); - drbg.GenerateBlock(result, result.size()); - - const byte expected[] = "\x4F\xE8\x96\x41\xF8\xD3\x95\xC4\x43\x6E\xFB\xF8\x05\x75\xA7\x69\x74\x6E\x0C\x5F" - "\x54\x14\x35\xB4\xE6\xA6\xB3\x40\x7C\xA2\xC4\x42\xA2\x2F\x66\x28\x28\xCF\x4A\xA8" - "\xDC\x16\xBC\x5F\x69\xE5\xBB\x05\xD1\x43\x8F\x80\xAB\xC5\x8F\x9C\x3F\x75\x57\xEB" - "\x44\x0D\xF5\x0C\xF4\x95\x23\x94\x67\x11\x55\x98\x14\x43\xFF\x13\x14\x85\x5A\xBC"; - - fail = !!memcmp(result, expected, 640/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=1, E=16, N=8, A=0, P=16)\n"; - } - - { - // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] - // [PersonalizationStringLen = 128], [AdditionalInputLen = 16], [ReturnedBitsLen = 640] - const byte entropy1[] = "\x48\xa1\xa9\x7c\xcc\x49\xd7\xcc\xf6\xe3\x78\xa2\xf1\x6b\x0f\xcd"; - const byte entropy2[] = "\xba\x5d\xa6\x79\x12\x37\x24\x3f\xea\x60\x50\xf5\xb9\x9e\xcd\xf5"; - const byte nonce[] = "\xb0\x91\xd2\xec\x12\xa8\x39\xfe"; - const byte personalization[] = "\x3d\xc1\x6c\x1a\xdd\x9c\xac\x4e\xbb\xb0\xb8\x89\xe4\x3b\x9e\x12"; - const byte additional1[] = "\xd1\x23\xe3\x8e\x4c\x97\xe8\x29\x94\xa9\x71\x7a\xc6\xf1\x7c\x08"; - const byte additional2[] = "\x80\x0b\xed\x97\x29\xcf\xad\xe6\x68\x0d\xfe\x53\xba\x0c\x1e\x28"; - const byte additional3[] = "\x25\x1e\x66\xb9\xe3\x85\xac\x1c\x17\xfb\x77\x1b\x5d\xc7\x6c\xf2"; - - Hash_DRBG drbg(entropy1, 16, nonce, 8, personalization, 16); - drbg.IncorporateEntropy(entropy2, 16, additional1, 16); - - SecByteBlock result(80); - drbg.GenerateBlock(additional2, 16, result, result.size()); - drbg.GenerateBlock(additional3, 16, result, result.size()); - - const byte expected[] = "\xA1\xB2\xEE\x86\xA0\xF1\xDA\xB7\x93\x83\x13\x3A\x62\x27\x99\x08\x95\x3A\x1C\x9A" - "\x98\x77\x60\x12\x11\x19\xCC\x78\xB8\x51\x2B\xD5\x37\xA1\x9D\xB9\x73\xCA\x39\x7A" - "\xDD\x92\x33\x78\x6D\x5D\x41\xFF\xFA\xE9\x80\x59\x04\x85\x21\xE2\x52\x84\xBC\x6F" - "\xDB\x97\xF3\x4E\x6A\x12\x7A\xCD\x41\x0F\x50\x68\x28\x46\xBE\x56\x9E\x9A\x6B\xC8"; - - fail = !!memcmp(result, expected, 640/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=0, E=16, N=8, A=16, P=16)\n"; - } - - { - // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] - // [PersonalizationStringLen = 128], [AdditionalInputLen = 16], [ReturnedBitsLen = 640] - const byte entropy1[] = "\x3b\xcb\xa8\x3b\x6d\xfb\x06\x79\x80\xef\xc3\x1e\xd2\x9e\x68\x57"; - const byte entropy2[] = "\x2f\xc9\x87\x49\x19\xcb\x52\x4a\x5b\xac\xf0\xcd\x96\x4e\xf8\x6e"; - const byte nonce[] = "\x23\xfe\x20\x9f\xac\x70\x45\xde"; - const byte personalization[] = "\xf2\x25\xf4\xd9\x6b\x9c\xab\x49\x1e\xab\x18\x14\xb2\x5e\x78\xef"; - const byte additional1[] = "\x57\x5b\x9a\x11\x32\x7a\xab\x89\x08\xfe\x46\x11\x9a\xed\x14\x5d"; - const byte additional2[] = "\x5d\x19\xcd\xed\xb7\xe3\x44\x66\x8e\x11\x42\x96\xa0\x38\xb1\x7f"; - const byte additional3[] = "\x2b\xaf\xa0\x15\xed\xdd\x5c\x76\x32\x75\x34\x35\xd1\x37\x72\xfb"; - - Hash_DRBG drbg(entropy1, 16, nonce, 8, personalization, 16); - drbg.IncorporateEntropy(entropy2, 16, additional1, 16); - - SecByteBlock result(80); - drbg.GenerateBlock(additional2, 16, result, result.size()); - drbg.GenerateBlock(additional3, 16, result, result.size()); - - const byte expected[] = "\x1D\x12\xEB\x6D\x42\x60\xBD\xFB\xA7\x99\xB8\x53\xCC\x6F\x19\xB1\x64\xFE\x2F\x55" - "\xBA\xA2\x1C\x89\xD4\xD0\xE9\xB4\xBA\xD4\xE5\xF8\xC5\x30\x06\x41\xBA\xC4\x3D\x2B" - "\x73\x91\x27\xE9\x31\xC0\x55\x55\x11\xE8\xB6\x57\x02\x0D\xCE\x90\xAC\x31\xB9\x00" - "\x31\xC1\xD4\x4F\xE7\x12\x3B\xCC\x85\x16\x2F\x12\x8F\xB2\xDF\x84\x4E\xF7\x06\xBE"; - - fail = !!memcmp(result, expected, 640/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=1, E=16, N=8, A=16, P=16)\n"; - } - - { - // [SHA-256], [PredictionResistance = False], [EntropyInputLen = 256], [NonceLen = 128] - // [PersonalizationStringLen = 256], [AdditionalInputLen = 256], [ReturnedBitsLen = 1024] - const byte entropy1[] = "\xf0\x5b\xab\x56\xc7\xac\x6e\xeb\x31\xa0\xcf\x8a\x8a\x06\x2a\x49\x17\x9a\xcf\x3c\x5b\x20\x4d\x60\xdd\x7a\x3e\xb7\x8f\x5d\x8e\x3b"; - const byte entropy2[] = "\x72\xd4\x02\xa2\x59\x7b\x98\xa3\xb8\xf5\x0b\x71\x6c\x63\xc6\xdb\xa7\x3a\x07\xe6\x54\x89\x06\x3f\x02\xc5\x32\xf5\xda\xc4\xd4\x18"; - const byte nonce[] = "\xa1\x45\x08\x53\x41\x68\xb6\x88\xf0\x5f\x1e\x41\x9c\x88\xcc\x30"; - const byte personalization[] = "\xa0\x34\x72\xf4\x04\x59\xe2\x87\xea\xcb\x21\x32\xc0\xb6\x54\x02\x7d\xa3\xe6\x69\x25\xb4\x21\x25\x54\xc4\x48\x18\x8c\x0e\x86\x01"; - const byte additional1[] = "\xb3\x0d\x28\xaf\xa4\x11\x6b\xbc\x13\x6e\x65\x09\xb5\x82\xa6\x93\xbc\x91\x71\x40\x46\xaa\x3c\x66\xb6\x77\xb3\xef\xf9\xad\xfd\x49"; - const byte additional2[] = "\x77\xfd\x1d\x68\xd6\xa4\xdd\xd5\xf3\x27\x25\x2d\x3f\x6b\xdf\xee\x8c\x35\xce\xd3\x83\xbe\xaf\xc9\x32\x77\xef\xf2\x1b\x6f\xf4\x1b"; - const byte additional3[] = "\x59\xa0\x1f\xf8\x6a\x58\x72\x1e\x85\xd2\xf8\x3f\x73\x99\xf1\x96\x4e\x27\xf8\x7f\xcd\x1b\xf5\xc1\xeb\xf3\x37\x10\x9b\x13\xbd\x24"; - - Hash_DRBG drbg(entropy1, 32, nonce, 16, personalization, 32); - drbg.IncorporateEntropy(entropy2, 32, additional1, 32); - - SecByteBlock result(128); - drbg.GenerateBlock(additional2, 32, result, result.size()); - drbg.GenerateBlock(additional3, 32, result, result.size()); - - const byte expected[] = "\xFF\x27\x96\x38\x5C\x32\xBF\x84\x3D\xFA\xBB\xF0\x3E\x70\x5A\x39\xCB\xA3\x4C\xF1" - "\x4F\xAE\xC3\x05\x63\xDF\x5A\xDD\xBD\x2D\x35\x83\xF5\x7E\x05\xF9\x40\x30\x56\x18" - "\xF2\x00\x88\x14\x03\xC2\xD9\x81\x36\x39\xE6\x67\x55\xDC\xFC\x4E\x88\xEA\x71\xDD" - "\xB2\x25\x2E\x09\x91\x49\x40\xEB\xE2\x3D\x63\x44\xA0\xF4\xDB\x5E\xE8\x39\xE6\x70" - "\xEC\x47\x24\x3F\xA0\xFC\xF5\x13\x61\xCE\x53\x98\xAA\xBF\xB4\x19\x1B\xFE\xD5\x00" - "\xE1\x03\x3A\x76\x54\xFF\xD7\x24\x70\x5E\x8C\xB2\x41\x7D\x92\x0A\x2F\x4F\x27\xB8" - "\x45\x13\x7F\xFB\x87\x90\xA9\x49"; - - fail = !!memcmp(result, expected, 1024/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA256/128/440 (C0UNT=0, E=32, N=16, A=32, P=32)\n"; - } - - { - // [SHA-256], [PredictionResistance = False], [EntropyInputLen = 256], [NonceLen = 128] - // [PersonalizationStringLen = 256], [AdditionalInputLen = 256], [ReturnedBitsLen = 1024] - const byte entropy1[] = "\xfe\x61\x50\x79\xf1\xad\x2a\x71\xea\x7f\x0f\x5a\x14\x34\xee\xc8\x46\x35\x54\x4a\x95\x6a\x4f\xbd\x64\xff\xba\xf6\x1d\x34\x61\x83"; - const byte entropy2[] = "\x18\x89\x7b\xd8\x3e\xff\x38\xab\xb5\x6e\x82\xa8\x1b\x8c\x5e\x59\x3c\x3d\x85\x62\x2a\xe2\x88\xe5\xb2\xc6\xc5\xd2\xad\x7d\xc9\x45"; - const byte nonce[] = "\x9d\xa7\x87\x56\xb7\x49\x17\x02\x4c\xd2\x00\x65\x11\x9b\xe8\x7e"; - const byte personalization[] = "\x77\x5d\xbf\x32\xf3\x5c\xf3\x51\xf4\xb8\x1c\xd3\xfa\x7f\x65\x0b\xcf\x31\x88\xa1\x25\x57\x0c\xdd\xac\xaa\xfe\xa1\x7b\x3b\x29\xbc"; - const byte additional1[] = "\xef\x96\xc7\x9c\xb1\x73\x1d\x82\x85\x0a\x6b\xca\x9b\x5c\x34\x39\xba\xd3\x4e\x4d\x82\x6f\x35\x9f\x61\x5c\xf6\xf2\xa3\x3e\x91\x05"; - const byte additional2[] = "\xaf\x25\xc4\x6e\x21\xfc\xc3\xaf\x1f\xbb\xf8\x76\xb4\x57\xab\x1a\x94\x0a\x85\x16\x47\x81\xa4\xab\xda\xc8\xab\xca\xd0\x84\xda\xae"; - const byte additional3[] = "\x59\x5b\x44\x94\x38\x86\x36\xff\x8e\x45\x1a\x0c\x42\xc8\xcc\x21\x06\x38\x3a\xc5\xa6\x30\x96\xb9\x14\x81\xb3\xa1\x2b\xc8\xcd\xf6"; - - Hash_DRBG drbg(entropy1, 32, nonce, 16, personalization, 32); - drbg.IncorporateEntropy(entropy2, 32, additional1, 32); - - SecByteBlock result(128); - drbg.GenerateBlock(additional2, 32, result, result.size()); - drbg.GenerateBlock(additional3, 32, result, result.size()); - - const byte expected[] = "\x8B\x1C\x9C\x76\xC4\x9B\x3B\xAE\xFD\x6E\xEB\x6C\xFF\xA3\xA1\x03\x3A\x8C\xAF\x09" - "\xFE\xBD\x44\x00\xFC\x0F\xD3\xA8\x26\x9C\xEE\x01\xAC\xE3\x73\x0E\xBE\xDA\x9A\xC6" - "\x23\x44\x6D\xA1\x56\x94\x29\xEC\x4B\xCD\x01\x84\x32\x25\xEF\x00\x91\x0B\xCC\xF3" - "\x06\x3B\x80\xF5\x46\xAC\xD2\xED\x5F\x70\x2B\x56\x2F\x21\x0A\xE9\x80\x87\x38\xAD" - "\xB0\x2A\xEB\x27\xF2\xD9\x20\x2A\x66\x0E\xF5\xC9\x20\x4A\xB4\x3C\xCE\xD6\x24\x97" - "\xDB\xB1\xED\x94\x12\x6A\x2F\x03\x98\x4A\xD4\xD1\x72\xF3\x7A\x66\x74\x7E\x2A\x5B" - "\xDE\xEF\x43\xBC\xB9\x8C\x49\x01"; - - fail = !!memcmp(result, expected, 1024/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA256/128/440 (C0UNT=1, E=32, N=16, A=32, P=32)\n"; - } - - { - // [SHA-512], [PredictionResistance = False], [EntropyInputLen = 256], [NonceLen = 128] - // [PersonalizationStringLen = 256], [AdditionalInputLen = 256], [ReturnedBitsLen = 2048] - const byte entropy1[] = "\x55\x4e\x8f\xfd\xc4\x9a\xd8\xf9\x9a\xe5\xd5\xf8\x1a\xf5\xda\xfb\x7f\x75\x53\xd7\xcb\x56\x8e\xa7\x3c\xc0\x82\xdd\x80\x76\x25\xc0"; - const byte entropy2[] = "\x78\x07\x3e\x86\x79\x4b\x10\x95\x88\xf4\x22\xf9\xbd\x04\x7e\xc0\xce\xab\xd6\x78\x6b\xdf\xe2\x89\xb3\x16\x43\x9c\x32\x2d\xb2\x59"; - const byte nonce[] = "\xf0\x89\x78\xde\x2d\xc2\xcd\xd9\xc0\xfd\x3d\x84\xd9\x8b\x8e\x8e"; - const byte personalization[] = "\x3e\x52\x7a\xb5\x81\x2b\x0c\x0e\x98\x2a\x95\x78\x93\x98\xd9\xeb\xf1\xb9\xeb\xd6\x1d\x02\x05\xed\x42\x21\x2d\x24\xb8\x37\xf8\x41"; - const byte additional1[] = "\xf2\x6b\xb1\xef\x30\xca\x8f\x97\xc0\x19\xd0\x79\xe5\xc6\x5e\xae\xd1\xa3\x9a\x52\xaf\x12\xe8\x28\xde\x03\x70\x79\x9a\x70\x11\x8b"; - const byte additional2[] = "\xb0\x9d\xb5\xa8\x45\xec\x79\x7a\x4b\x60\x7e\xe4\xd5\x58\x56\x70\x35\x20\x9b\xd8\xe5\x01\x6c\x78\xff\x1f\x6b\x93\xbf\x7c\x34\xca"; - const byte additional3[] = "\x45\x92\x2f\xb3\x5a\xd0\x6a\x84\x5f\xc9\xca\x16\x4a\x42\xbb\x59\x84\xb4\x38\x57\xa9\x16\x23\x48\xf0\x2f\x51\x61\x24\x35\xb8\x62"; - - Hash_DRBG drbg(entropy1, 32, nonce, 16, personalization, 32); - drbg.IncorporateEntropy(entropy2, 32, additional1, 32); - - SecByteBlock result(256); - drbg.GenerateBlock(additional2, 32, result, result.size()); - drbg.GenerateBlock(additional3, 32, result, result.size()); - - const byte expected[] = "\x1F\x20\x83\x9E\x22\x55\x3B\x1E\x6C\xD4\xF6\x3A\x47\xC3\x99\x54\x0F\x69\xA3\xBB" - "\x37\x47\xA0\x2A\x12\xAC\xC7\x00\x85\xC5\xCC\xF4\x7B\x12\x5A\x4A\xEA\xED\x2F\xE5" - "\x31\x51\x0D\xC1\x8E\x50\x29\xE2\xA6\xCB\x8F\x34\xBA\xDA\x8B\x47\x32\x33\x81\xF1" - "\x2D\xF6\x8B\x73\x8C\xFF\x15\xC8\x8E\x8C\x31\x48\xFA\xC3\xC4\x9F\x52\x81\x23\xC2" - "\x2A\x83\xBD\xF1\x44\xEF\x15\x49\x93\x44\x83\x6B\x37\x5D\xBB\xFF\x72\xD2\x86\x96" - "\x62\xF8\x4D\x12\x3B\x16\xCB\xAC\xA1\x00\x12\x1F\x94\xA8\xD5\xAE\x9A\x9E\xDA\xC8" - "\xD7\x6D\x59\x33\xFD\x55\xC9\xCC\x5B\xAD\x39\x73\xB5\x13\x8B\x96\xDF\xDB\xF5\x90" - "\x81\xDF\x68\x6A\x30\x72\x42\xF2\x74\xAE\x7F\x1F\x7F\xFE\x8B\x3D\x49\x38\x98\x34" - "\x7C\x63\x46\x6E\xAF\xFA\xCB\x06\x06\x08\xE6\xC8\x35\x3C\x68\xB8\xCC\x9D\x5C\xDF" - "\xDB\xC0\x41\x44\x48\xE6\x11\xD4\x78\x50\x81\x91\xED\x1D\x75\xF3\xBD\x79\xFF\x1E" - "\x37\xAF\xC6\x5D\x49\xD6\x5C\xAC\x5B\xCB\xD6\x91\x37\x51\xFA\x98\x70\xFC\x32\xB3" - "\xF2\x86\xE4\xED\x74\xF2\x5D\x8B\x6C\x4D\xB8\xDE\xD8\x4A\xD6\x5E\xD6\x6D\xAE\xB1" - "\x1B\xA2\x94\x52\x54\xAD\x3C\x3D\x25\xBD\x12\x46\x3C\xA0\x45\x9D"; - - fail = !!memcmp(result, expected, 2048/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA512/256/888 (C0UNT=0, E=32, N=16, A=32, P=32)\n"; - } - - { - // [SHA-512], [PredictionResistance = False], [EntropyInputLen = 256], [NonceLen = 128] - // [PersonalizationStringLen = 256], [AdditionalInputLen = 256], [ReturnedBitsLen = 2048] - const byte entropy1[] = "\x0c\x9f\xcd\x06\x21\x3c\xb2\xf6\x3c\xdf\x79\x76\x4b\x46\x74\xfc\xdf\x68\xb0\xff\xae\xc7\x21\x8a\xa2\xaf\x4e\x4c\xb9\xe6\x60\x78"; - const byte entropy2[] = "\x75\xb8\x49\x54\xdf\x30\x10\x16\x2c\x06\x8c\x12\xeb\x6c\x1d\x03\x64\x5c\xad\x10\x5c\xc3\x17\x69\xb2\x5a\xc1\x7c\xb8\x33\x5b\x45"; - const byte nonce[] = "\x43\x1c\x4d\x65\x93\x96\xad\xdc\xc1\x6d\x17\x9f\x7f\x57\x24\x4d"; - const byte personalization[] = "\x7e\x54\xbd\x87\xd2\x0a\x95\xd7\xc4\x0c\x3b\x1b\x32\x15\x26\xd2\x06\x67\xa4\xac\xc1\xaa\xfb\x55\x91\x68\x2c\xb5\xc9\xcd\x66\x05"; - const byte additional1[] = "\xd5\x74\x9e\x56\xfb\x5f\xf3\xf8\x2c\x73\x2b\x7a\x83\xe0\xde\x06\x85\x0b\xf0\x57\x50\xc8\x55\x60\x4a\x41\x4f\x86\xb1\x68\x14\x03"; - const byte additional2[] = "\x9a\x83\xbb\x06\xdf\x4d\x53\x89\xf5\x3f\x24\xff\xf7\xcd\x0c\xcf\x4f\xbe\x46\x79\x8e\xce\x82\xa8\xc4\x6b\x5f\x8e\x58\x32\x62\x23"; - const byte additional3[] = "\x48\x13\xc4\x95\x10\x99\xdd\x7f\xd4\x77\x3c\x9b\x8a\xa4\x1c\x3d\xb0\x93\x92\x50\xba\x23\x98\xef\x4b\x1b\xd2\x53\xc1\x61\xda\xc6"; - - Hash_DRBG drbg(entropy1, 32, nonce, 16, personalization, 32); - drbg.IncorporateEntropy(entropy2, 32, additional1, 32); - - SecByteBlock result(256); - drbg.GenerateBlock(additional2, 32, result, result.size()); - drbg.GenerateBlock(additional3, 32, result, result.size()); - - const byte expected[] = "\xE1\x7E\x4B\xEE\xD1\x65\x4F\xB2\xFC\xC8\xE8\xD7\xC6\x72\x7D\xD2\xE3\x15\x73\xC0" - "\x23\xC8\x55\x5D\x2B\xD8\x28\xD8\x31\xE4\xC9\x87\x42\x51\x87\x66\x43\x1F\x2C\xA4" - "\x73\xED\x4E\x50\x12\xC4\x50\x0E\x4C\xDD\x14\x73\xA2\xFB\xB3\x07\x0C\x66\x97\x4D" - "\x89\xDE\x35\x1C\x93\xE7\xE6\x8F\x20\x3D\x84\xE6\x73\x46\x0F\x7C\xF4\x3B\x6C\x02" - "\x23\x7C\x79\x6C\x86\xD9\x48\x80\x9C\x34\xCB\xA1\x23\xE7\xF7\x8A\x2E\x4B\x9D\x39" - "\xA5\x86\x1A\x73\x58\x28\x5A\x1D\x8D\x4A\xBD\x42\xD5\x49\x2B\xDF\x53\x1D\xE7\x4A" - "\x5F\x74\x09\x7F\xDC\x29\x7D\x58\x9C\x4B\xC5\x2F\x3B\x8F\xBF\x56\xCA\x48\x0A\x74" - "\xAE\xFF\xDD\x12\xE4\xF6\xAB\x83\x26\x4F\x52\x8A\x19\xBB\x91\x32\xA4\x42\xEC\x4F" - "\x3C\x76\xED\x9F\x03\xAA\x5E\x53\x79\x4C\xD0\x06\xD2\x1A\x42\x9D\xB1\xA7\xEC\xF7" - "\x5B\xD4\x03\x70\x1E\xF2\x47\x26\x48\xAC\x35\xEE\xD0\x58\x40\x94\x8C\x11\xD0\xEB" - "\x77\x39\x5A\xA3\xD5\xD0\xD3\xC3\x68\xE1\x75\xAA\xC0\x44\xEA\xD8\xDD\x13\x3F\xF9" - "\x7D\x21\x14\x34\xA5\x87\x43\xA4\x0A\x96\x77\x00\xCC\xCA\xB1\xDA\xC4\x39\xE0\x66" - "\x37\x05\x6E\xAC\xF2\xE6\xC6\xC5\x4F\x79\xD3\xE5\x6A\x3D\x36\x3F"; - - fail = !!memcmp(result, expected, 2048/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA512/256/888 (C0UNT=1, E=32, N=16, A=32, P=32)\n"; - } - - return pass; -} - -bool ValidateHmacDRBG() -{ - std::cout << "\nTesting NIST HMAC DRBGs...\n\n"; - bool pass=true, fail; - - // # CAVS 14.3 - // # DRBG800-90A information for "drbg_pr" - // # Generated on Tue Apr 02 15:32:12 2013 - - { - // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] - // [PersonalizationStringLen = 0], [AdditionalInputLen = 0], [ReturnedBitsLen = 640] - const byte entropy1[] = "\x79\x34\x9b\xbf\x7c\xdd\xa5\x79\x95\x57\x86\x66\x21\xc9\x13\x83"; - const byte entropy2[] = "\xc7\x21\x5b\x5b\x96\xc4\x8e\x9b\x33\x8c\x74\xe3\xe9\x9d\xfe\xdf"; - const byte nonce[] = "\x11\x46\x73\x3a\xbf\x8c\x35\xc8"; - - HMAC_DRBG drbg(entropy1, 16, nonce, 8); - drbg.IncorporateEntropy(entropy2, 16); - - SecByteBlock result(80); - drbg.GenerateBlock(result, result.size()); - drbg.GenerateBlock(result, result.size()); - - const byte expected[] = "\xc6\xa1\x6a\xb8\xd4\x20\x70\x6f\x0f\x34\xab\x7f\xec\x5a\xdc\xa9\xd8\xca\x3a\x13" - "\x3e\x15\x9c\xa6\xac\x43\xc6\xf8\xa2\xbe\x22\x83\x4a\x4c\x0a\x0a\xff\xb1\x0d\x71" - "\x94\xf1\xc1\xa5\xcf\x73\x22\xec\x1a\xe0\x96\x4e\xd4\xbf\x12\x27\x46\xe0\x87\xfd" - "\xb5\xb3\xe9\x1b\x34\x93\xd5\xbb\x98\xfa\xed\x49\xe8\x5f\x13\x0f\xc8\xa4\x59\xb7"; - - fail = !!memcmp(result, expected, 640/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "HMAC_DRBG SHA1/128/440 (COUNT=0, E=16, N=8)\n"; - } - - { - // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] - // [PersonalizationStringLen = 0], [AdditionalInputLen = 0], [ReturnedBitsLen = 640] - const byte entropy1[] = "\xee\x57\xfc\x23\x60\x0f\xb9\x02\x9a\x9e\xc6\xc8\x2e\x7b\x51\xe4"; - const byte entropy2[] = "\x84\x1d\x27\x6c\xa9\x51\x90\x61\xd9\x2d\x7d\xdf\xa6\x62\x8c\xa3"; - const byte nonce[] = "\x3e\x97\x21\xe4\x39\x3e\xf9\xad"; - - HMAC_DRBG drbg(entropy1, 16, nonce, 8); - drbg.IncorporateEntropy(entropy2, 16); - - SecByteBlock result(80); - drbg.GenerateBlock(result, result.size()); - drbg.GenerateBlock(result, result.size()); - - const byte expected[] = "\xee\x26\xa5\xc8\xef\x08\xa1\xca\x8f\x14\x15\x4d\x67\xc8\x8f\x5e\x7e\xd8\x21\x9d" - "\x93\x1b\x98\x42\xac\x00\x39\xf2\x14\x55\x39\xf2\x14\x2b\x44\x11\x7a\x99\x8c\x22" - "\xf5\x90\xf6\xc9\xb3\x8b\x46\x5b\x78\x3e\xcf\xf1\x3a\x77\x50\x20\x1f\x7e\xcf\x1b" - "\x8a\xb3\x93\x60\x4c\x73\xb2\x38\x93\x36\x60\x9a\xf3\x44\x0c\xde\x43\x29\x8b\x84"; - - fail = !!memcmp(result, expected, 640/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "HMAC_DRBG SHA1/128/440 (COUNT=1, E=16, N=8)\n"; - } - - // ***************************************************** - - { - // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] - // [PersonalizationStringLen = 0], [AdditionalInputLen = 16], [ReturnedBitsLen = 640] - const byte entropy1[] = "\x7d\x70\x52\xa7\x76\xfd\x2f\xb3\xd7\x19\x1f\x73\x33\x04\xee\x8b"; - const byte entropy2[] = "\x49\x04\x7e\x87\x9d\x61\x09\x55\xee\xd9\x16\xe4\x06\x0e\x00\xc9"; - const byte nonce[] = "\xbe\x4a\x0c\xee\xdc\xa8\x02\x07"; - const byte additional1[] = "\xfd\x8b\xb3\x3a\xab\x2f\x6c\xdf\xbc\x54\x18\x11\x86\x1d\x51\x8d"; - const byte additional2[] = "\x99\xaf\xe3\x47\x54\x04\x61\xdd\xf6\xab\xeb\x49\x1e\x07\x15\xb4"; - const byte additional3[] = "\x02\xf7\x73\x48\x2d\xd7\xae\x66\xf7\x6e\x38\x15\x98\xa6\x4e\xf0"; - - HMAC_DRBG drbg(entropy1, 16, nonce, 8); - drbg.IncorporateEntropy(entropy2, 16, additional1, 16); - - SecByteBlock result(80); - drbg.GenerateBlock(additional2, 16, result, result.size()); - drbg.GenerateBlock(additional3, 16, result, result.size()); - - const byte expected[] = "\xa7\x36\x34\x38\x44\xfc\x92\x51\x13\x91\xdb\x0a\xdd\xd9\x06\x4d\xbe\xe2\x4c\x89" - "\x76\xaa\x25\x9a\x9e\x3b\x63\x68\xaa\x6d\xe4\xc9\xbf\x3a\x0e\xff\xcd\xa9\xcb\x0e" - "\x9d\xc3\x36\x52\xab\x58\xec\xb7\x65\x0e\xd8\x04\x67\xf7\x6a\x84\x9f\xb1\xcf\xc1" - "\xed\x0a\x09\xf7\x15\x50\x86\x06\x4d\xb3\x24\xb1\xe1\x24\xf3\xfc\x9e\x61\x4f\xcb"; - - fail = !!memcmp(result, expected, 640/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "HMAC_DRBG SHA1/128/440 (COUNT=0, E=16, N=8, A=16)\n"; - } - - { - // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] - // [PersonalizationStringLen = 0], [AdditionalInputLen = 16], [ReturnedBitsLen = 640] - const byte entropy1[] = "\x29\xc6\x2a\xfa\x3c\x52\x20\x8a\x3f\xde\xcb\x43\xfa\x61\x3f\x15"; - const byte entropy2[] = "\xbd\x87\xbe\x99\xd1\x84\x16\x54\x12\x31\x41\x40\xd4\x02\x71\x41"; - const byte nonce[] = "\x6c\x9e\xb5\x9a\xc3\xc2\xd4\x8b"; - const byte additional1[] = "\x43\x3d\xda\xf2\x59\xd1\x4b\xcf\x89\x76\x30\xcc\xaa\x27\x33\x8c"; - const byte additional2[] = "\x14\x11\x46\xd4\x04\xf2\x84\xc2\xd0\x2b\x6a\x10\x15\x6e\x33\x82"; - const byte additional3[] = "\xed\xc3\x43\xdb\xff\xe7\x1a\xb4\x11\x4a\xc3\x63\x9d\x44\x5b\x65"; - - HMAC_DRBG drbg(entropy1, 16, nonce, 8); - drbg.IncorporateEntropy(entropy2, 16, additional1, 16); - - SecByteBlock result(80); - drbg.GenerateBlock(additional2, 16, result, result.size()); - drbg.GenerateBlock(additional3, 16, result, result.size()); - - const byte expected[] = "\x8c\x73\x0f\x05\x26\x69\x4d\x5a\x9a\x45\xdb\xab\x05\x7a\x19\x75\x35\x7d\x65\xaf" - "\xd3\xef\xf3\x03\x32\x0b\xd1\x40\x61\xf9\xad\x38\x75\x91\x02\xb6\xc6\x01\x16\xf6" - "\xdb\x7a\x6e\x8e\x7a\xb9\x4c\x05\x50\x0b\x4d\x1e\x35\x7d\xf8\xe9\x57\xac\x89\x37" - "\xb0\x5f\xb3\xd0\x80\xa0\xf9\x06\x74\xd4\x4d\xe1\xbd\x6f\x94\xd2\x95\xc4\x51\x9d"; - - fail = !!memcmp(result, expected, 640/8); - pass = !fail && pass; - - std::cout << (fail ? "FAILED " : "passed ") << "HMAC_DRBG SHA1/128/440 (COUNT=1, E=16, N=8, A=16)\n"; - } - - return pass; -} - -class CipherFactory -{ -public: - virtual unsigned int BlockSize() const =0; - virtual unsigned int KeyLength() const =0; - - virtual BlockTransformation* NewEncryption(const byte *keyStr) const =0; - virtual BlockTransformation* NewDecryption(const byte *keyStr) const =0; -}; - -template class FixedRoundsCipherFactory : public CipherFactory -{ -public: - FixedRoundsCipherFactory(unsigned int keylen=0) : - m_keylen(keylen ? keylen : static_cast(E::DEFAULT_KEYLENGTH)) {} - - unsigned int BlockSize() const {return E::BLOCKSIZE;} - unsigned int KeyLength() const {return m_keylen;} - - BlockTransformation* NewEncryption(const byte *keyStr) const - {return new E(keyStr, m_keylen);} - BlockTransformation* NewDecryption(const byte *keyStr) const - {return new D(keyStr, m_keylen);} - - unsigned int m_keylen; -}; - -template class VariableRoundsCipherFactory : public CipherFactory -{ -public: - VariableRoundsCipherFactory(unsigned int keylen=0, unsigned int rounds=0) : - m_keylen(keylen ? keylen : static_cast(E::DEFAULT_KEYLENGTH)), - m_rounds(rounds ? rounds : static_cast(E::DEFAULT_ROUNDS)) {} - - unsigned int BlockSize() const {return static_cast(E::BLOCKSIZE);} - unsigned int KeyLength() const {return m_keylen;} - - BlockTransformation* NewEncryption(const byte *keyStr) const - {return new E(keyStr, m_keylen, m_rounds);} - BlockTransformation* NewDecryption(const byte *keyStr) const - {return new D(keyStr, m_keylen, m_rounds);} - - unsigned int m_keylen, m_rounds; -}; - -bool BlockTransformationTest(const CipherFactory &cg, BufferedTransformation &valdata, unsigned int tuples = 0xffff) -{ - HexEncoder output(new FileSink(std::cout)); - SecByteBlock plain(cg.BlockSize()), cipher(cg.BlockSize()), out(cg.BlockSize()), outplain(cg.BlockSize()); - SecByteBlock key(cg.KeyLength()); - bool pass=true, fail; - - while (valdata.MaxRetrievable() && tuples--) - { - (void)valdata.Get(key, cg.KeyLength()); - (void)valdata.Get(plain, cg.BlockSize()); - (void)valdata.Get(cipher, cg.BlockSize()); - - member_ptr transE(cg.NewEncryption(key)); - transE->ProcessBlock(plain, out); - fail = memcmp(out, cipher, cg.BlockSize()) != 0; - - member_ptr transD(cg.NewDecryption(key)); - transD->ProcessBlock(out, outplain); - fail=fail || memcmp(outplain, plain, cg.BlockSize()); - - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - output.Put(key, cg.KeyLength()); - std::cout << " "; - output.Put(outplain, cg.BlockSize()); - std::cout << " "; - output.Put(out, cg.BlockSize()); - std::cout << std::endl; - } - return pass; -} - -class FilterTester : public Unflushable -{ -public: - FilterTester(const byte *validOutput, size_t outputLen) - : validOutput(validOutput), outputLen(outputLen), counter(0), fail(false) {} - void PutByte(byte inByte) - { - if (counter >= outputLen || validOutput[counter] != inByte) - { - std::cerr << "incorrect output " << counter << ", " << (word16)validOutput[counter] << ", " << (word16)inByte << "\n"; - fail = true; - CRYPTOPP_ASSERT(false); - } - counter++; - } - size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) - { - CRYPTOPP_UNUSED(messageEnd), CRYPTOPP_UNUSED(blocking); - - while (length--) - FilterTester::PutByte(*inString++); - - if (messageEnd) - if (counter != outputLen) - { - fail = true; - CRYPTOPP_ASSERT(false); - } - - return 0; - } - bool GetResult() - { - return !fail; - } - - const byte *validOutput; - size_t outputLen, counter; - bool fail; -}; - -bool TestFilter(BufferedTransformation &bt, const byte *in, size_t inLen, const byte *out, size_t outLen) -{ - FilterTester *ft; - bt.Attach(ft = new FilterTester(out, outLen)); - - while (inLen) - { - size_t randomLen = GlobalRNG().GenerateWord32(0, (word32)inLen); - bt.Put(in, randomLen); - in += randomLen; - inLen -= randomLen; - } - bt.MessageEnd(); - return ft->GetResult(); -} - -bool ValidateDES() -{ - std::cout << "\nDES validation suite running...\n\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/descert.dat", true, new HexDecoder); - bool pass = BlockTransformationTest(FixedRoundsCipherFactory(), valdata); - - std::cout << "\nTesting EDE2, EDE3, and XEX3 variants...\n\n"; - - FileSource valdata1(CRYPTOPP_DATA_DIR "TestData/3desval.dat", true, new HexDecoder); - pass = BlockTransformationTest(FixedRoundsCipherFactory(), valdata1, 1) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory(), valdata1, 1) && pass; - pass = BlockTransformationTest(FixedRoundsCipherFactory(), valdata1, 1) && pass; - - return pass; -} - -bool TestModeIV(SymmetricCipher &e, SymmetricCipher &d) -{ - SecByteBlock lastIV, iv(e.IVSize()); - StreamTransformationFilter filter(e, new StreamTransformationFilter(d)); - - // Enterprise Analysis finding on the stack based array - const int BUF_SIZE=20480U; - AlignedSecByteBlock plaintext(BUF_SIZE); - - for (unsigned int i=1; i cbcmac(key); - HashFilter cbcmacFilter(cbcmac); - fail = !TestFilter(cbcmacFilter, plain_3, sizeof(plain_3), mac1, sizeof(mac1)); - pass = pass && !fail; - std::cout << (fail ? "FAILED " : "passed ") << "CBC MAC" << std::endl; - - DMAC dmac(key); - HashFilter dmacFilter(dmac); - fail = !TestFilter(dmacFilter, plain_3, sizeof(plain_3), mac2, sizeof(mac2)); - pass = pass && !fail; - std::cout << (fail ? "FAILED " : "passed ") << "DMAC" << std::endl; - } - - return pass; -} - -bool ValidateIDEA() -{ - std::cout << "\nIDEA validation suite running...\n\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/ideaval.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory(), valdata); -} - -bool ValidateSAFER() -{ - std::cout << "\nSAFER validation suite running...\n\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/saferval.dat", true, new HexDecoder); - bool pass = true; - pass = BlockTransformationTest(VariableRoundsCipherFactory(8,6), valdata, 4) && pass; - pass = BlockTransformationTest(VariableRoundsCipherFactory(16,12), valdata, 4) && pass; - pass = BlockTransformationTest(VariableRoundsCipherFactory(8,6), valdata, 4) && pass; - pass = BlockTransformationTest(VariableRoundsCipherFactory(16,10), valdata, 4) && pass; - return pass; -} - -bool ValidateRC2() -{ - std::cout << "\nRC2 validation suite running...\n\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/rc2val.dat", true, new HexDecoder); - HexEncoder output(new FileSink(std::cout)); - SecByteBlock plain(RC2Encryption::BLOCKSIZE), cipher(RC2Encryption::BLOCKSIZE), out(RC2Encryption::BLOCKSIZE), outplain(RC2Encryption::BLOCKSIZE); - SecByteBlock key(128); - bool pass=true, fail; - - while (valdata.MaxRetrievable()) - { - byte keyLen, effectiveLen; - - (void)valdata.Get(keyLen); - (void)valdata.Get(effectiveLen); - (void)valdata.Get(key, keyLen); - (void)valdata.Get(plain, RC2Encryption::BLOCKSIZE); - (void)valdata.Get(cipher, RC2Encryption::BLOCKSIZE); - - member_ptr transE(new RC2Encryption(key, keyLen, effectiveLen)); - transE->ProcessBlock(plain, out); - fail = memcmp(out, cipher, RC2Encryption::BLOCKSIZE) != 0; - - member_ptr transD(new RC2Decryption(key, keyLen, effectiveLen)); - transD->ProcessBlock(out, outplain); - fail=fail || memcmp(outplain, plain, RC2Encryption::BLOCKSIZE); - - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - output.Put(key, keyLen); - std::cout << " "; - output.Put(outplain, RC2Encryption::BLOCKSIZE); - std::cout << " "; - output.Put(out, RC2Encryption::BLOCKSIZE); - std::cout << std::endl; - } - return pass; -} - -bool ValidateARC4() -{ - unsigned char Key0[] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef }; - unsigned char Input0[]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; - unsigned char Output0[] = {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96}; - - unsigned char Key1[]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; - unsigned char Input1[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - unsigned char Output1[]={0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79}; - - unsigned char Key2[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - unsigned char Input2[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - unsigned char Output2[]={0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a}; - - unsigned char Key3[]={0xef,0x01,0x23,0x45}; - unsigned char Input3[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; - unsigned char Output3[]={0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61}; - - unsigned char Key4[]={ 0x01,0x23,0x45,0x67,0x89,0xab, 0xcd,0xef }; - unsigned char Input4[] = - {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, - 0x01}; - unsigned char Output4[]= { - 0x75,0x95,0xc3,0xe6,0x11,0x4a,0x09,0x78,0x0c,0x4a,0xd4, - 0x52,0x33,0x8e,0x1f,0xfd,0x9a,0x1b,0xe9,0x49,0x8f, - 0x81,0x3d,0x76,0x53,0x34,0x49,0xb6,0x77,0x8d,0xca, - 0xd8,0xc7,0x8a,0x8d,0x2b,0xa9,0xac,0x66,0x08,0x5d, - 0x0e,0x53,0xd5,0x9c,0x26,0xc2,0xd1,0xc4,0x90,0xc1, - 0xeb,0xbe,0x0c,0xe6,0x6d,0x1b,0x6b,0x1b,0x13,0xb6, - 0xb9,0x19,0xb8,0x47,0xc2,0x5a,0x91,0x44,0x7a,0x95, - 0xe7,0x5e,0x4e,0xf1,0x67,0x79,0xcd,0xe8,0xbf,0x0a, - 0x95,0x85,0x0e,0x32,0xaf,0x96,0x89,0x44,0x4f,0xd3, - 0x77,0x10,0x8f,0x98,0xfd,0xcb,0xd4,0xe7,0x26,0x56, - 0x75,0x00,0x99,0x0b,0xcc,0x7e,0x0c,0xa3,0xc4,0xaa, - 0xa3,0x04,0xa3,0x87,0xd2,0x0f,0x3b,0x8f,0xbb,0xcd, - 0x42,0xa1,0xbd,0x31,0x1d,0x7a,0x43,0x03,0xdd,0xa5, - 0xab,0x07,0x88,0x96,0xae,0x80,0xc1,0x8b,0x0a,0xf6, - 0x6d,0xff,0x31,0x96,0x16,0xeb,0x78,0x4e,0x49,0x5a, - 0xd2,0xce,0x90,0xd7,0xf7,0x72,0xa8,0x17,0x47,0xb6, - 0x5f,0x62,0x09,0x3b,0x1e,0x0d,0xb9,0xe5,0xba,0x53, - 0x2f,0xaf,0xec,0x47,0x50,0x83,0x23,0xe6,0x71,0x32, - 0x7d,0xf9,0x44,0x44,0x32,0xcb,0x73,0x67,0xce,0xc8, - 0x2f,0x5d,0x44,0xc0,0xd0,0x0b,0x67,0xd6,0x50,0xa0, - 0x75,0xcd,0x4b,0x70,0xde,0xdd,0x77,0xeb,0x9b,0x10, - 0x23,0x1b,0x6b,0x5b,0x74,0x13,0x47,0x39,0x6d,0x62, - 0x89,0x74,0x21,0xd4,0x3d,0xf9,0xb4,0x2e,0x44,0x6e, - 0x35,0x8e,0x9c,0x11,0xa9,0xb2,0x18,0x4e,0xcb,0xef, - 0x0c,0xd8,0xe7,0xa8,0x77,0xef,0x96,0x8f,0x13,0x90, - 0xec,0x9b,0x3d,0x35,0xa5,0x58,0x5c,0xb0,0x09,0x29, - 0x0e,0x2f,0xcd,0xe7,0xb5,0xec,0x66,0xd9,0x08,0x4b, - 0xe4,0x40,0x55,0xa6,0x19,0xd9,0xdd,0x7f,0xc3,0x16, - 0x6f,0x94,0x87,0xf7,0xcb,0x27,0x29,0x12,0x42,0x64, - 0x45,0x99,0x85,0x14,0xc1,0x5d,0x53,0xa1,0x8c,0x86, - 0x4c,0xe3,0xa2,0xb7,0x55,0x57,0x93,0x98,0x81,0x26, - 0x52,0x0e,0xac,0xf2,0xe3,0x06,0x6e,0x23,0x0c,0x91, - 0xbe,0xe4,0xdd,0x53,0x04,0xf5,0xfd,0x04,0x05,0xb3, - 0x5b,0xd9,0x9c,0x73,0x13,0x5d,0x3d,0x9b,0xc3,0x35, - 0xee,0x04,0x9e,0xf6,0x9b,0x38,0x67,0xbf,0x2d,0x7b, - 0xd1,0xea,0xa5,0x95,0xd8,0xbf,0xc0,0x06,0x6f,0xf8, - 0xd3,0x15,0x09,0xeb,0x0c,0x6c,0xaa,0x00,0x6c,0x80, - 0x7a,0x62,0x3e,0xf8,0x4c,0x3d,0x33,0xc1,0x95,0xd2, - 0x3e,0xe3,0x20,0xc4,0x0d,0xe0,0x55,0x81,0x57,0xc8, - 0x22,0xd4,0xb8,0xc5,0x69,0xd8,0x49,0xae,0xd5,0x9d, - 0x4e,0x0f,0xd7,0xf3,0x79,0x58,0x6b,0x4b,0x7f,0xf6, - 0x84,0xed,0x6a,0x18,0x9f,0x74,0x86,0xd4,0x9b,0x9c, - 0x4b,0xad,0x9b,0xa2,0x4b,0x96,0xab,0xf9,0x24,0x37, - 0x2c,0x8a,0x8f,0xff,0xb1,0x0d,0x55,0x35,0x49,0x00, - 0xa7,0x7a,0x3d,0xb5,0xf2,0x05,0xe1,0xb9,0x9f,0xcd, - 0x86,0x60,0x86,0x3a,0x15,0x9a,0xd4,0xab,0xe4,0x0f, - 0xa4,0x89,0x34,0x16,0x3d,0xdd,0xe5,0x42,0xa6,0x58, - 0x55,0x40,0xfd,0x68,0x3c,0xbf,0xd8,0xc0,0x0f,0x12, - 0x12,0x9a,0x28,0x4d,0xea,0xcc,0x4c,0xde,0xfe,0x58, - 0xbe,0x71,0x37,0x54,0x1c,0x04,0x71,0x26,0xc8,0xd4, - 0x9e,0x27,0x55,0xab,0x18,0x1a,0xb7,0xe9,0x40,0xb0, - 0xc0}; - - member_ptr arc4; - bool pass=true, fail; - unsigned int i; - - std::cout << "\nARC4 validation suite running...\n\n"; - - arc4.reset(new Weak::ARC4(Key0, sizeof(Key0))); - arc4->ProcessString(Input0, sizeof(Input0)); - fail = memcmp(Input0, Output0, sizeof(Input0)) != 0; - std::cout << (fail ? "FAILED" : "passed") << " Test 0" << std::endl; - pass = pass && !fail; - - arc4.reset(new Weak::ARC4(Key1, sizeof(Key1))); - arc4->ProcessString(Key1, Input1, sizeof(Key1)); - fail = memcmp(Output1, Key1, sizeof(Key1)) != 0; - std::cout << (fail ? "FAILED" : "passed") << " Test 1" << std::endl; - pass = pass && !fail; - - arc4.reset(new Weak::ARC4(Key2, sizeof(Key2))); - for (i=0, fail=false; iProcessByte(Input2[i]) != Output2[i]) - fail = true; - std::cout << (fail ? "FAILED" : "passed") << " Test 2" << std::endl; - pass = pass && !fail; - - arc4.reset(new Weak::ARC4(Key3, sizeof(Key3))); - for (i=0, fail=false; iProcessByte(Input3[i]) != Output3[i]) - fail = true; - std::cout << (fail ? "FAILED" : "passed") << " Test 3" << std::endl; - pass = pass && !fail; - - arc4.reset(new Weak::ARC4(Key4, sizeof(Key4))); - for (i=0, fail=false; iProcessByte(Input4[i]) != Output4[i]) - fail = true; - std::cout << (fail ? "FAILED" : "passed") << " Test 4" << std::endl; - pass = pass && !fail; - - return pass; -} - -bool ValidateRC5() -{ - std::cout << "\nRC5 validation suite running...\n\n"; - bool pass1 = true, pass2 = true; - - RC5Encryption enc; // 0 to 2040-bits (255-bytes) - pass1 = RC5Encryption::DEFAULT_KEYLENGTH == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(0) == 0 && pass1; - pass1 = enc.StaticGetValidKeyLength(254) == 254 && pass1; - pass1 = enc.StaticGetValidKeyLength(255) == 255 && pass1; - pass1 = enc.StaticGetValidKeyLength(256) == 255 && pass1; - pass1 = enc.StaticGetValidKeyLength(0) == enc.MinKeyLength() && pass1; - pass1 = enc.StaticGetValidKeyLength(SIZE_MAX) == enc.MaxKeyLength() && pass1; - - RC5Decryption dec; - pass2 = RC5Decryption::DEFAULT_KEYLENGTH == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(0) == 0 && pass2; - pass2 = dec.StaticGetValidKeyLength(254) == 254 && pass2; - pass2 = dec.StaticGetValidKeyLength(255) == 255 && pass2; - pass2 = dec.StaticGetValidKeyLength(256) == 255 && pass2; - pass2 = dec.StaticGetValidKeyLength(0) == dec.MinKeyLength() && pass2; - pass2 = dec.StaticGetValidKeyLength(SIZE_MAX) == dec.MaxKeyLength() && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/rc5val.dat", true, new HexDecoder); - return BlockTransformationTest(VariableRoundsCipherFactory(16, 12), valdata) && pass1 && pass2; -} - -bool ValidateRC6() -{ - std::cout << "\nRC6 validation suite running...\n\n"; - bool pass1 = true, pass2 = true, pass3 = true; - - RC6Encryption enc; - pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(24) == 24 && pass1; - pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(64) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(128) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(0) == enc.MinKeyLength() && pass1; - pass1 = enc.StaticGetValidKeyLength(SIZE_MAX) == enc.MaxKeyLength() && pass1; - - RC6Decryption dec; - pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(24) == 24 && pass2; - pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(64) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(128) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(0) == dec.MinKeyLength() && pass2; - pass2 = dec.StaticGetValidKeyLength(SIZE_MAX) == dec.MaxKeyLength() && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/rc6val.dat", true, new HexDecoder); - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 2) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(24), valdata, 2) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(32), valdata, 2) && pass3; - return pass1 && pass2 && pass3; -} - -bool ValidateMARS() -{ - std::cout << "\nMARS validation suite running...\n\n"; - bool pass1 = true, pass2 = true, pass3 = true; - - MARSEncryption enc; - pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(24) == 24 && pass1; - pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(64) == 56 && pass1; - pass1 = enc.StaticGetValidKeyLength(128) == 56 && pass1; - pass1 = enc.StaticGetValidKeyLength(0) == enc.MinKeyLength() && pass1; - pass1 = enc.StaticGetValidKeyLength(SIZE_MAX) == enc.MaxKeyLength() && pass1; - - MARSDecryption dec; - pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(24) == 24 && pass2; - pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(64) == 56 && pass2; - pass2 = dec.StaticGetValidKeyLength(128) == 56 && pass2; - pass2 = dec.StaticGetValidKeyLength(0) == dec.MinKeyLength() && pass2; - pass2 = dec.StaticGetValidKeyLength(SIZE_MAX) == dec.MaxKeyLength() && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/marsval.dat", true, new HexDecoder); - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 4) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(24), valdata, 3) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(32), valdata, 2) && pass3; - return pass1 && pass2 && pass3; -} - -bool ValidateRijndael() -{ - std::cout << "\nRijndael (AES) validation suite running...\n\n"; - bool pass1 = true, pass2 = true, pass3 = true; - - RijndaelEncryption enc; - pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(24) == 24 && pass1; - pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(64) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(128) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(0) == enc.MinKeyLength() && pass1; - pass1 = enc.StaticGetValidKeyLength(SIZE_MAX) == enc.MaxKeyLength() && pass1; - - RijndaelDecryption dec; - pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(24) == 24 && pass2; - pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(64) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(128) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(0) == dec.MinKeyLength() && pass2; - pass2 = dec.StaticGetValidKeyLength(SIZE_MAX) == dec.MaxKeyLength() && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/rijndael.dat", true, new HexDecoder); - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 4) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(24), valdata, 3) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(32), valdata, 2) && pass3; - pass3 = RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/aes.txt") && pass3; - return pass1 && pass2 && pass3; -} - -bool ValidateTwofish() -{ - std::cout << "\nTwofish validation suite running...\n\n"; - bool pass1 = true, pass2 = true, pass3 = true; - - TwofishEncryption enc; - pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(24) == 24 && pass1; - pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(64) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(128) == 32 && pass1; - - TwofishDecryption dec; - pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(24) == 24 && pass2; - pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(64) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(128) == 32 && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/twofishv.dat", true, new HexDecoder); - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 4) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(24), valdata, 3) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(32), valdata, 2) && pass3; - return pass1 && pass2 && pass3; -} - -bool ValidateSerpent() -{ - std::cout << "\nSerpent validation suite running...\n\n"; - bool pass1 = true, pass2 = true, pass3 = true; - - SerpentEncryption enc; - pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(24) == 24 && pass1; - pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(64) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(128) == 32 && pass1; - - SerpentDecryption dec; - pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(24) == 24 && pass2; - pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(64) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(128) == 32 && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/serpentv.dat", true, new HexDecoder); - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 5) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(24), valdata, 4) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(32), valdata, 3) && pass3; - return pass1 && pass2 && pass3; -} - -bool ValidateBlowfish() -{ - std::cout << "\nBlowfish validation suite running...\n\n"; - bool pass1 = true, pass2 = true, pass3 = true, fail; - - BlowfishEncryption enc1; // 32 to 448-bits (4 to 56-bytes) - pass1 = enc1.StaticGetValidKeyLength(3) == 4 && pass1; - pass1 = enc1.StaticGetValidKeyLength(4) == 4 && pass1; - pass1 = enc1.StaticGetValidKeyLength(5) == 5 && pass1; - pass1 = enc1.StaticGetValidKeyLength(8) == 8 && pass1; - pass1 = enc1.StaticGetValidKeyLength(16) == 16 && pass1; - pass1 = enc1.StaticGetValidKeyLength(24) == 24 && pass1; - pass1 = enc1.StaticGetValidKeyLength(32) == 32 && pass1; - pass1 = enc1.StaticGetValidKeyLength(56) == 56 && pass1; - pass1 = enc1.StaticGetValidKeyLength(57) == 56 && pass1; - pass1 = enc1.StaticGetValidKeyLength(60) == 56 && pass1; - pass1 = enc1.StaticGetValidKeyLength(64) == 56 && pass1; - pass1 = enc1.StaticGetValidKeyLength(128) == 56 && pass1; - - BlowfishDecryption dec1; // 32 to 448-bits (4 to 56-bytes) - pass2 = dec1.StaticGetValidKeyLength(3) == 4 && pass2; - pass2 = dec1.StaticGetValidKeyLength(4) == 4 && pass2; - pass2 = dec1.StaticGetValidKeyLength(5) == 5 && pass2; - pass2 = dec1.StaticGetValidKeyLength(8) == 8 && pass2; - pass2 = dec1.StaticGetValidKeyLength(16) == 16 && pass2; - pass2 = dec1.StaticGetValidKeyLength(24) == 24 && pass2; - pass2 = dec1.StaticGetValidKeyLength(32) == 32 && pass2; - pass2 = dec1.StaticGetValidKeyLength(56) == 56 && pass2; - pass2 = dec1.StaticGetValidKeyLength(57) == 56 && pass2; - pass2 = dec1.StaticGetValidKeyLength(60) == 56 && pass2; - pass2 = dec1.StaticGetValidKeyLength(64) == 56 && pass2; - pass2 = dec1.StaticGetValidKeyLength(128) == 56 && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - HexEncoder output(new FileSink(std::cout)); - const char *key[]={"abcdefghijklmnopqrstuvwxyz", "Who is John Galt?"}; - byte *plain[]={(byte *)"BLOWFISH", (byte *)"\xfe\xdc\xba\x98\x76\x54\x32\x10"}; - byte *cipher[]={(byte *)"\x32\x4e\xd0\xfe\xf4\x13\xa2\x03", (byte *)"\xcc\x91\x73\x2b\x80\x22\xf6\x84"}; - byte out[8], outplain[8]; - - for (int i=0; i<2; i++) - { - ECB_Mode::Encryption enc2((byte *)key[i], strlen(key[i])); - enc2.ProcessData(out, plain[i], 8); - fail = memcmp(out, cipher[i], 8) != 0; - - ECB_Mode::Decryption dec2((byte *)key[i], strlen(key[i])); - dec2.ProcessData(outplain, cipher[i], 8); - fail = fail || memcmp(outplain, plain[i], 8); - pass3 = pass3 && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << '\"' << key[i] << '\"'; - for (int j=0; j<(signed int)(30-strlen(key[i])); j++) - std::cout << ' '; - output.Put(outplain, 8); - std::cout << " "; - output.Put(out, 8); - std::cout << std::endl; - } - return pass1 && pass2 && pass3; -} - -bool ValidateThreeWay() -{ - std::cout << "\n3-WAY validation suite running...\n\n"; - bool pass1 = true, pass2 = true; - - ThreeWayEncryption enc; // 96-bit only - pass1 = ThreeWayEncryption::KEYLENGTH == 12 && pass1; - pass1 = enc.StaticGetValidKeyLength(8) == 12 && pass1; - pass1 = enc.StaticGetValidKeyLength(12) == 12 && pass1; - pass1 = enc.StaticGetValidKeyLength(16) == 12 && pass1; - - ThreeWayDecryption dec; // 96-bit only - pass2 = ThreeWayDecryption::KEYLENGTH == 12 && pass2; - pass2 = dec.StaticGetValidKeyLength(8) == 12 && pass2; - pass2 = dec.StaticGetValidKeyLength(12) == 12 && pass2; - pass2 = dec.StaticGetValidKeyLength(16) == 12 && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/3wayval.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory(), valdata) && pass1 && pass2; -} - -bool ValidateGOST() -{ - std::cout << "\nGOST validation suite running...\n\n"; - bool pass1 = true, pass2 = true; - - GOSTEncryption enc; // 256-bit only - pass1 = GOSTEncryption::KEYLENGTH == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(16) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(24) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(40) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(64) == 32 && pass1; - - GOSTDecryption dec; // 256-bit only - pass2 = GOSTDecryption::KEYLENGTH == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(16) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(24) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(40) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(64) == 32 && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/gostval.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory(), valdata) && pass1 && pass2; -} - -bool ValidateSHARK() -{ - std::cout << "\nSHARK validation suite running...\n\n"; - bool pass1 = true, pass2 = true; - - SHARKEncryption enc; // 128-bit only - pass1 = SHARKEncryption::KEYLENGTH == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(15) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(17) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(32) == 16 && pass1; - - SHARKDecryption dec; // 128-bit only - pass2 = SHARKDecryption::KEYLENGTH == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(15) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(17) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(32) == 16 && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/sharkval.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory(), valdata) && pass1 && pass2; -} - -bool ValidateCAST() -{ - std::cout << "\nCAST-128 validation suite running...\n\n"; - bool pass1 = true, pass2 = true, pass3 = true; - - CAST128Encryption enc1; // 40 to 128-bits (5 to 16-bytes) - pass1 = CAST128Encryption::DEFAULT_KEYLENGTH == 16 && pass1; - pass1 = enc1.StaticGetValidKeyLength(4) == 5 && pass1; - pass1 = enc1.StaticGetValidKeyLength(5) == 5 && pass1; - pass1 = enc1.StaticGetValidKeyLength(15) == 15 && pass1; - pass1 = enc1.StaticGetValidKeyLength(16) == 16 && pass1; - pass1 = enc1.StaticGetValidKeyLength(17) == 16 && pass1; - - CAST128Decryption dec1; // 40 to 128-bits (5 to 16-bytes) - pass2 = CAST128Decryption::DEFAULT_KEYLENGTH == 16 && pass2; - pass2 = dec1.StaticGetValidKeyLength(4) == 5 && pass2; - pass2 = dec1.StaticGetValidKeyLength(5) == 5 && pass2; - pass2 = dec1.StaticGetValidKeyLength(15) == 15 && pass2; - pass2 = dec1.StaticGetValidKeyLength(16) == 16 && pass2; - pass2 = dec1.StaticGetValidKeyLength(17) == 16 && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource val128(CRYPTOPP_DATA_DIR "TestData/cast128v.dat", true, new HexDecoder); - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), val128, 1) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(10), val128, 1) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(5), val128, 1) && pass3; - - std::cout << "\nCAST-256 validation suite running...\n\n"; - bool pass4 = true, pass5 = true, pass6 = true; - - CAST256Encryption enc2; // 128, 160, 192, 224, or 256-bits (16 to 32-bytes, step 4) - pass1 = CAST128Encryption::DEFAULT_KEYLENGTH == 16 && pass1; - pass4 = enc2.StaticGetValidKeyLength(15) == 16 && pass4; - pass4 = enc2.StaticGetValidKeyLength(16) == 16 && pass4; - pass4 = enc2.StaticGetValidKeyLength(17) == 20 && pass4; - pass4 = enc2.StaticGetValidKeyLength(20) == 20 && pass4; - pass4 = enc2.StaticGetValidKeyLength(24) == 24 && pass4; - pass4 = enc2.StaticGetValidKeyLength(28) == 28 && pass4; - pass4 = enc2.StaticGetValidKeyLength(31) == 32 && pass4; - pass4 = enc2.StaticGetValidKeyLength(32) == 32 && pass4; - pass4 = enc2.StaticGetValidKeyLength(33) == 32 && pass4; - - CAST256Decryption dec2; // 128, 160, 192, 224, or 256-bits (16 to 32-bytes, step 4) - pass2 = CAST256Decryption::DEFAULT_KEYLENGTH == 16 && pass2; - pass5 = dec2.StaticGetValidKeyLength(15) == 16 && pass5; - pass5 = dec2.StaticGetValidKeyLength(16) == 16 && pass5; - pass5 = dec2.StaticGetValidKeyLength(17) == 20 && pass5; - pass5 = dec2.StaticGetValidKeyLength(20) == 20 && pass5; - pass5 = dec2.StaticGetValidKeyLength(24) == 24 && pass5; - pass5 = dec2.StaticGetValidKeyLength(28) == 28 && pass5; - pass5 = dec2.StaticGetValidKeyLength(31) == 32 && pass5; - pass5 = dec2.StaticGetValidKeyLength(32) == 32 && pass5; - pass5 = dec2.StaticGetValidKeyLength(33) == 32 && pass5; - std::cout << (pass4 && pass5 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource val256(CRYPTOPP_DATA_DIR "TestData/cast256v.dat", true, new HexDecoder); - pass6 = BlockTransformationTest(FixedRoundsCipherFactory(16), val256, 1) && pass6; - pass6 = BlockTransformationTest(FixedRoundsCipherFactory(24), val256, 1) && pass6; - pass6 = BlockTransformationTest(FixedRoundsCipherFactory(32), val256, 1) && pass6; - - return pass1 && pass2 && pass3 && pass4 && pass5 && pass6; -} - -bool ValidateSquare() -{ - std::cout << "\nSquare validation suite running...\n\n"; - bool pass1 = true, pass2 = true; - - SquareEncryption enc; // 128-bits only - pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(15) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(17) == 16 && pass1; - - SquareDecryption dec; // 128-bits only - pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(15) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(17) == 16 && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/squareva.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory(), valdata) && pass1 && pass2; -} - -bool ValidateSKIPJACK() -{ - std::cout << "\nSKIPJACK validation suite running...\n\n"; - bool pass1 = true, pass2 = true; - - SKIPJACKEncryption enc; // 80-bits only - pass1 = enc.StaticGetValidKeyLength(8) == 10 && pass1; - pass1 = enc.StaticGetValidKeyLength(9) == 10 && pass1; - pass1 = enc.StaticGetValidKeyLength(10) == 10 && pass1; - pass1 = enc.StaticGetValidKeyLength(16) == 10 && pass1; - - SKIPJACKDecryption dec; // 80-bits only - pass2 = dec.StaticGetValidKeyLength(8) == 10 && pass2; - pass2 = dec.StaticGetValidKeyLength(9) == 10 && pass2; - pass2 = dec.StaticGetValidKeyLength(10) == 10 && pass2; - pass2 = dec.StaticGetValidKeyLength(16) == 10 && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/skipjack.dat", true, new HexDecoder); - return BlockTransformationTest(FixedRoundsCipherFactory(), valdata) && pass1 && pass2; -} - -bool ValidateSEAL() -{ - const byte input[] = {0x37,0xa0,0x05,0x95,0x9b,0x84,0xc4,0x9c,0xa4,0xbe,0x1e,0x05,0x06,0x73,0x53,0x0f,0x5f,0xb0,0x97,0xfd,0xf6,0xa1,0x3f,0xbd,0x6c,0x2c,0xde,0xcd,0x81,0xfd,0xee,0x7c}; - const byte key[] = {0x67, 0x45, 0x23, 0x01, 0xef, 0xcd, 0xab, 0x89, 0x98, 0xba, 0xdc, 0xfe, 0x10, 0x32, 0x54, 0x76, 0xc3, 0xd2, 0xe1, 0xf0}; - const byte iv[] = {0x01, 0x35, 0x77, 0xaf}; - byte output[32]; - - std::cout << "\nSEAL validation suite running...\n\n"; - - SEAL<>::Encryption seal(key, sizeof(key), iv); - unsigned int size = sizeof(input); - bool pass = true; - - memset(output, 1, size); - seal.ProcessString(output, input, size); - for (unsigned int i=0; iInitialize(CombinedNameValuePairs( - parameters, - MakeParameters(Name::EncodingLookupArray(), (const byte *)&stars[0], false) - (Name::PaddingByte(), padding) - (Name::GroupSize(), insertLineBreaks ? maxLineLength : 0) - (Name::Separator(), ConstByteArrayParameter(lineBreak)) - (Name::Terminator(), ConstByteArrayParameter(lineBreak)) - (Name::Log2Base(), 6, true))); -} - -class MyDecoder : public BaseN_Decoder -{ -public: - MyDecoder(BufferedTransformation *attachment = NULLPTR); - void IsolatedInitialize(const NameValuePairs ¶ms); - static const int * CRYPTOPP_API GetDecodingLookupArray(); -}; - -MyDecoder::MyDecoder(BufferedTransformation *attachment) - : BaseN_Decoder(GetDecodingLookupArray(), 6, attachment) -{ -} - -void MyDecoder::IsolatedInitialize(const NameValuePairs ¶meters) -{ - BaseN_Decoder::IsolatedInitialize(CombinedNameValuePairs( - parameters, - MakeParameters(Name::DecodingLookupArray(), GetDecodingLookupArray(), false)(Name::Log2Base(), 6, true))); -} - -struct MyDecoderAlphabet -{ - MyDecoderAlphabet() { - std::fill(tab, tab+COUNTOF(tab), '*'); - } - byte tab[64]; -}; - -struct MyDecoderArray -{ - MyDecoderArray() { - std::fill(tab, tab+COUNTOF(tab), -1); - } - int tab[256]; -}; - -const int * MyDecoder::GetDecodingLookupArray() -{ - static bool s_initialized = false; - static MyDecoderAlphabet s_alpha; - static MyDecoderArray s_array; - - MEMORY_BARRIER(); - if (!s_initialized) - { - InitializeDecodingLookupArray(s_array.tab, s_alpha.tab, COUNTOF(s_alpha.tab), false); - s_initialized = true; - MEMORY_BARRIER(); - } - return s_array.tab; -} - -bool ValidateEncoder() -{ - // The default encoder and decoder alphabet are bogus. They are a - // string of '*'. To round trip a string both IsolatedInitialize - // must be called and work correctly. - std::cout << "\nCustom encoder validation running...\n\n"; - bool pass = true; - - int lookup[256]; - const char alphabet[64+1] = - "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz01234576789*"; - const char expected[] = - "ILcBMSgriDicmKmTi2oENCsuJTufN0yWjL1HnS8xKdaiOkeZK3gKock1ktmlo1q4LlsNPrAyGrG0gjO2gzQ5FQ=="; - - MyEncoder encoder; - std::string str1; - - AlgorithmParameters eparams = MakeParameters(Name::EncodingLookupArray(),(const byte*)alphabet) - (Name::InsertLineBreaks(), false); - encoder.IsolatedInitialize(eparams); - - encoder.Detach(new StringSink(str1)); - encoder.Put((const byte*) alphabet, 64); - encoder.MessageEnd(); - - MyDecoder decoder; - std::string str2; - - MyDecoder::InitializeDecodingLookupArray(lookup, (const byte*) alphabet, 64, false); - AlgorithmParameters dparams = MakeParameters(Name::DecodingLookupArray(),(const int*)lookup); - decoder.IsolatedInitialize(dparams); - - decoder.Detach(new StringSink(str2)); - decoder.Put((const byte*) str1.data(), str1.size()); - decoder.MessageEnd(); - - pass = (str1 == std::string(expected)) && pass; - pass = (str2 == std::string(alphabet, 64)) && pass; - - std::cout << (pass ? "passed:" : "FAILED:"); - std::cout << " Encode and decode\n"; - - // Try forcing an empty message. This is the Monero bug - // at https://github.com/weidai11/cryptopp/issues/562. - { - MyDecoder decoder2; - SecByteBlock empty; - - AlgorithmParameters dparams2 = MakeParameters(Name::DecodingLookupArray(),(const int*)lookup); - decoder2.IsolatedInitialize(dparams2); - - decoder2.Detach(new Redirector(TheBitBucket())); - decoder2.Put(empty.BytePtr(), empty.SizeInBytes()); - decoder2.MessageEnd(); - - // Tame the optimizer - volatile lword size = decoder2.MaxRetrievable(); - lword shadow = size; - CRYPTOPP_UNUSED(shadow); - } - - std::cout << "passed: 0-length message\n"; - - return pass; -} - -bool ValidateSHACAL2() -{ - std::cout << "\nSHACAL-2 validation suite running...\n\n"; - bool pass1 = true, pass2 = true, pass3 = true; - - SHACAL2Encryption enc; // 128 to 512-bits (16 to 64-bytes) - pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(15) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(64) == 64 && pass1; - pass1 = enc.StaticGetValidKeyLength(65) == 64 && pass1; - pass1 = enc.StaticGetValidKeyLength(128) == 64 && pass1; - pass1 = enc.StaticGetValidKeyLength(0) == enc.MinKeyLength() && pass1; - pass1 = enc.StaticGetValidKeyLength(SIZE_MAX) == enc.MaxKeyLength() && pass1; - - SHACAL2Decryption dec; // 128 to 512-bits (16 to 64-bytes) - pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(15) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(64) == 64 && pass2; - pass2 = dec.StaticGetValidKeyLength(65) == 64 && pass2; - pass2 = dec.StaticGetValidKeyLength(128) == 64 && pass2; - pass2 = dec.StaticGetValidKeyLength(0) == dec.MinKeyLength() && pass2; - pass2 = dec.StaticGetValidKeyLength(SIZE_MAX) == dec.MaxKeyLength() && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/shacal2v.dat", true, new HexDecoder); - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 4) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(64), valdata, 10) && pass3; - return pass1 && pass2 && pass3; -} - -bool ValidateARIA() -{ - std::cout << "\nARIA validation suite running...\n\n"; - bool pass1 = true, pass2 = true, pass3 = true; - - ARIAEncryption enc; - pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(24) == 24 && pass1; - pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(64) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(128) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(0) == enc.MinKeyLength() && pass1; - pass1 = enc.StaticGetValidKeyLength(SIZE_MAX) == enc.MaxKeyLength() && pass1; - - ARIADecryption dec; - pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(24) == 24 && pass2; - pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(64) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(128) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(0) == dec.MinKeyLength() && pass2; - pass2 = dec.StaticGetValidKeyLength(SIZE_MAX) == dec.MaxKeyLength() && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/aria.dat", true, new HexDecoder); - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 15) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(24), valdata, 15) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(32), valdata, 15) && pass3; - return pass1 && pass2 && pass3; -} - -bool ValidateCamellia() -{ - std::cout << "\nCamellia validation suite running...\n\n"; - bool pass1 = true, pass2 = true, pass3 = true; - - CamelliaEncryption enc; - pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; - pass1 = enc.StaticGetValidKeyLength(24) == 24 && pass1; - pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(64) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(128) == 32 && pass1; - pass1 = enc.StaticGetValidKeyLength(0) == enc.MinKeyLength() && pass1; - pass1 = enc.StaticGetValidKeyLength(SIZE_MAX) == enc.MaxKeyLength() && pass1; - - CamelliaDecryption dec; - pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; - pass2 = dec.StaticGetValidKeyLength(24) == 24 && pass2; - pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(64) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(128) == 32 && pass2; - pass2 = dec.StaticGetValidKeyLength(0) == dec.MinKeyLength() && pass2; - pass2 = dec.StaticGetValidKeyLength(SIZE_MAX) == dec.MaxKeyLength() && pass2; - std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; - - FileSource valdata(CRYPTOPP_DATA_DIR "TestData/camellia.dat", true, new HexDecoder); - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 15) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(24), valdata, 15) && pass3; - pass3 = BlockTransformationTest(FixedRoundsCipherFactory(32), valdata, 15) && pass3; - return pass1 && pass2 && pass3; -} - -bool ValidateSalsa() -{ - std::cout << "\nSalsa validation suite running...\n"; - - return RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/salsa.txt"); -} - -bool ValidateSosemanuk() -{ - std::cout << "\nSosemanuk validation suite running...\n"; - return RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/sosemanuk.txt"); -} - -bool ValidateVMAC() -{ - std::cout << "\nVMAC validation suite running...\n"; - return RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/vmac.txt"); -} - -bool ValidateCCM() -{ - std::cout << "\nAES/CCM validation suite running...\n"; - return RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/ccm.txt"); -} - -bool ValidateGCM() -{ - std::cout << "\nAES/GCM validation suite running...\n"; - std::cout << "\n2K tables:"; - bool pass = RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/gcm.txt", MakeParameters(Name::TableSize(), (int)2048)); - std::cout << "\n64K tables:"; - return RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/gcm.txt", MakeParameters(Name::TableSize(), (int)64*1024)) && pass; -} - -bool ValidateCMAC() -{ - std::cout << "\nCMAC validation suite running...\n"; - return RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/cmac.txt"); + if (!pass1) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Altivec loads and stores" << std::endl; + + //********** Shifts **********// + bool pass2=true; + + uint8x16_p val = {0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff}; + + pass2 = (VecEqual(val, VecShiftLeftOctet<0>(val))) && pass2; + CRYPTOPP_ASSERT(pass2); + pass2 = (VecEqual(val, VecShiftRightOctet<0>(val))) && pass2; + CRYPTOPP_ASSERT(pass2); + + uint8x16_p lsh1 = {0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0x00}; + uint8x16_p rsh1 = {0x00,0xff,0xff,0xff, 0xff,0xff,0xff,0xff, + 0xff,0xff,0xff,0xff, 0xff,0xff,0xff,0xff}; + + pass2 = (VecEqual(lsh1, VecShiftLeftOctet<1>(val))) && pass2; + CRYPTOPP_ASSERT(pass2); + pass2 = (VecEqual(rsh1, VecShiftRightOctet<1>(val))) && pass2; + CRYPTOPP_ASSERT(pass2); + + uint8x16_p lsh15 = {0xff,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00}; + uint8x16_p rsh15 = {0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0xff}; + + pass2 = (VecEqual(lsh15, VecShiftLeftOctet<15>(val))) && pass2; + CRYPTOPP_ASSERT(pass2); + pass2 = (VecEqual(rsh15, VecShiftRightOctet<15>(val))) && pass2; + CRYPTOPP_ASSERT(pass2); + + uint8x16_p lsh16 = {0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00}; + uint8x16_p rsh16 = {0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, + 0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00}; + + pass2 = (VecEqual(lsh16, VecShiftLeftOctet<16>(val))) && pass2; + CRYPTOPP_ASSERT(pass2); + pass2 = (VecEqual(rsh16, VecShiftRightOctet<16>(val))) && pass2; + CRYPTOPP_ASSERT(pass2); + + if (!pass2) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Altivec left and right shifts" << std::endl; + + //********** Extraction **********// + bool pass3=true; + + uint8x16_p ex1 = {0x1f,0x1e,0x1d,0x1c, 0x1b,0x1a,0x19,0x18, + 0x17,0x16,0x15,0x14, 0x13,0x12,0x11,0x10}; + uint8x16_p ex2 = {0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, + 0x17,0x16,0x15,0x14, 0x13,0x12,0x11,0x10}; + uint8x16_p ex3 = {0x00,0x00,0x00,0x00, 0x00,0x00,0x00,0x00, + 0x1f,0x1e,0x1d,0x1c, 0x1b,0x1a,0x19,0x18}; + + pass3 = VecEqual(ex2, VecGetLow(ex1)) && pass3; + CRYPTOPP_ASSERT(pass3); + pass3 = VecEqual(ex3, VecGetHigh(ex1)) && pass3; + CRYPTOPP_ASSERT(pass3); + + uint8x16_p ex4 = VecShiftRightOctet<8>(VecShiftLeftOctet<8>(ex1)); + pass3 = VecEqual(ex4, VecGetLow(ex1)) && pass3; + CRYPTOPP_ASSERT(pass3); + uint8x16_p ex5 = VecShiftRightOctet<8>(ex1); + pass3 = VecEqual(ex5, VecGetHigh(ex1)) && pass3; + CRYPTOPP_ASSERT(pass3); + + if (!pass3) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Altivec vector extraction" << std::endl; + + return pass1 && pass2 && pass3; } +#endif +#endif NAMESPACE_END // Test NAMESPACE_END // CryptoPP diff --git a/vendor/cryptopp/vendor_cryptopp/validat10.cpp b/vendor/cryptopp/vendor_cryptopp/validat10.cpp new file mode 100644 index 00000000..4e7bf9f8 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/validat10.cpp @@ -0,0 +1,535 @@ +// validat10.cpp - written and placed in the public domain by Jeffrey Walton +// Routines in this source file test NaCl library routines. +// Source files split in July 2018 to expedite compiles. +// +// There are two types or sets of self tests. First is a known answer test, +// and second are pairwise consitency checks. The known answer tests are test +// vectors lifted from libsodium. The pairwise consitency checks are randomized +// and confirm the library can arrive at the same result or round trip data +// using it's own transformations. +// +// A link like https://github.com/jedisct1/libsodium/blob/master/test/default/box.c +// references the libsodium test data for a test. For example, box.c is one of the +// test runners for crypto_box, and there is a box.exp with the known answer. The +// glue code for box.c and box.exp is in "cmptest.h". box.c runs the test and +// generates output, while cmptest.h gathers the output and compares them. + +#include "pch.h" + +#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 + +#include "cryptlib.h" +#include "secblock.h" +#include "integer.h" +#include "naclite.h" +#include "validate.h" + +#include +#include +#include + +// Aggressive stack checking with VS2005 SP1 and above. +#if (_MSC_FULL_VER >= 140050727) +# pragma strict_gs_check (on) +#endif + +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4610 4510 4505 4355) +#endif + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Test) + +#ifndef CRYPTOPP_DISABLE_NACL + +USING_NAMESPACE(NaCl) + +bool TestCryptoBox() +{ + // https://github.com/jedisct1/libsodium/blob/master/test/default/box.c + const byte alicesk[32] = { + 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, + 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, + 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a + }; + + const byte bobpk[32] = { + 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b, 0x61, + 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78, + 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f + }; + + const byte small_order_p[crypto_box_PUBLICKEYBYTES] = { + 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, + 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, + 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 + }; + + const byte nonce[24] = { + 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73, 0xcd, 0x62, 0xbd, 0xa8, + 0x75, 0xfc, 0x73, 0xd6, 0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 + }; + + /* API requires first 32 bytes to be 0 */ + const byte m[163] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0xbe, 0x07, 0x5f, 0xc5, + 0x3c, 0x81, 0xf2, 0xd5, 0xcf, 0x14, 0x13, 0x16, 0xeb, 0xeb, 0x0c, 0x7b, + 0x52, 0x28, 0xc5, 0x2a, 0x4c, 0x62, 0xcb, 0xd4, 0x4b, 0x66, 0x84, 0x9b, + 0x64, 0x24, 0x4f, 0xfc, 0xe5, 0xec, 0xba, 0xaf, 0x33, 0xbd, 0x75, 0x1a, + 0x1a, 0xc7, 0x28, 0xd4, 0x5e, 0x6c, 0x61, 0x29, 0x6c, 0xdc, 0x3c, 0x01, + 0x23, 0x35, 0x61, 0xf4, 0x1d, 0xb6, 0x6c, 0xce, 0x31, 0x4a, 0xdb, 0x31, + 0x0e, 0x3b, 0xe8, 0x25, 0x0c, 0x46, 0xf0, 0x6d, 0xce, 0xea, 0x3a, 0x7f, + 0xa1, 0x34, 0x80, 0x57, 0xe2, 0xf6, 0x55, 0x6a, 0xd6, 0xb1, 0x31, 0x8a, + 0x02, 0x4a, 0x83, 0x8f, 0x21, 0xaf, 0x1f, 0xde, 0x04, 0x89, 0x77, 0xeb, + 0x48, 0xf5, 0x9f, 0xfd, 0x49, 0x24, 0xca, 0x1c, 0x60, 0x90, 0x2e, 0x52, + 0xf0, 0xa0, 0x89, 0xbc, 0x76, 0x89, 0x70, 0x40, 0xe0, 0x82, 0xf9, 0x37, + 0x76, 0x38, 0x48, 0x64, 0x5e, 0x07, 0x05 + }; + + const byte exp1[] = { + 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 ,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9, + 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 ,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce, + 0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 ,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a, + 0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b ,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72, + 0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 ,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38, + 0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a ,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae, + 0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea ,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda, + 0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde ,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3, + 0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 ,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74, + 0xe3,0x55,0xa5 + }; + + const byte exp2[] = { + 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 ,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9, + 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 ,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce, + 0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 ,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a, + 0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b ,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72, + 0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 ,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38, + 0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a ,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae, + 0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea ,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda, + 0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde ,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3, + 0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 ,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74, + 0xe3,0x55,0xa5 + }; + + byte c[163]; + byte k[crypto_box_BEFORENMBYTES]; + + bool pass = true; int rc; + + // Reject small order elements + + rc = crypto_box(c, m, 163, nonce, bobpk, alicesk); + pass = (rc == 0) && pass; + pass = (std::memcmp(c+16, exp1, 163-16) == 0) && pass; + + rc = crypto_box(c, m, 163, nonce, small_order_p, alicesk); + pass = (rc != 0) && pass; + std::memset(c, 0, sizeof(c)); + + rc = crypto_box_beforenm(k, bobpk, alicesk); + pass = (rc == 0) && pass; + rc = crypto_box_afternm(c, m, 163, nonce, k); + pass = (rc == 0) && pass; + pass = (std::memcmp(c+16, exp2, 163-16) == 0) && pass; + + rc = crypto_box_beforenm(k, small_order_p, alicesk); + pass = (rc != 0) && pass; + + // Allow small order elements + + rc = crypto_box_unchecked(c, m, 163, nonce, bobpk, alicesk); + pass = (rc == 0) && pass; + pass = (std::memcmp(c+16, exp1, 163-16) == 0) && pass; + + rc = crypto_box_unchecked(c, m, 163, nonce, small_order_p, alicesk); + pass = (rc == 0) && pass; + std::memset(c, 0, sizeof(c)); + + rc = crypto_box_beforenm_unchecked(k, bobpk, alicesk); + pass = (rc == 0) && pass; + rc = crypto_box_afternm(c, m, 163, nonce, k); + pass = (rc == 0) && pass; + pass = (std::memcmp(c+16, exp2, 163-16) == 0) && pass; + + rc = crypto_box_beforenm_unchecked(k, small_order_p, alicesk); + pass = (rc == 0) && pass; + + return pass; +} + +bool TestCryptoBoxOpen() +{ + // https://github.com/jedisct1/libsodium/blob/master/test/default/box2.c + const byte bobsk[32] = { + 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f, 0x8b, 0x83, 0x80, + 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18, 0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, + 0xff, 0x88, 0xe0, 0xeb + }; + + const byte alicepk[32] = { + 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, + 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, + 0xaa, 0x9b, 0x4e, 0x6a + }; + + static const byte small_order_p[crypto_box_PUBLICKEYBYTES] = { + 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, + 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, + 0x5f, 0x49, 0xb8, 0x00 + }; + + const byte nonce[24] = { + 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73, 0xcd, 0x62, 0xbd, 0xa8, + 0x75, 0xfc, 0x73, 0xd6, 0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 + }; + + /* API requires first 16 bytes to be 0 */ + const byte c[163] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5, + 0x2a, 0x7d, 0xfb, 0x4b, 0x3d, 0x33, 0x05, 0xd9, 0x8e, 0x99, 0x3b, 0x9f, + 0x48, 0x68, 0x12, 0x73, 0xc2, 0x96, 0x50, 0xba, 0x32, 0xfc, 0x76, 0xce, + 0x48, 0x33, 0x2e, 0xa7, 0x16, 0x4d, 0x96, 0xa4, 0x47, 0x6f, 0xb8, 0xc5, + 0x31, 0xa1, 0x18, 0x6a, 0xc0, 0xdf, 0xc1, 0x7c, 0x98, 0xdc, 0xe8, 0x7b, + 0x4d, 0xa7, 0xf0, 0x11, 0xec, 0x48, 0xc9, 0x72, 0x71, 0xd2, 0xc2, 0x0f, + 0x9b, 0x92, 0x8f, 0xe2, 0x27, 0x0d, 0x6f, 0xb8, 0x63, 0xd5, 0x17, 0x38, + 0xb4, 0x8e, 0xee, 0xe3, 0x14, 0xa7, 0xcc, 0x8a, 0xb9, 0x32, 0x16, 0x45, + 0x48, 0xe5, 0x26, 0xae, 0x90, 0x22, 0x43, 0x68, 0x51, 0x7a, 0xcf, 0xea, + 0xbd, 0x6b, 0xb3, 0x73, 0x2b, 0xc0, 0xe9, 0xda, 0x99, 0x83, 0x2b, 0x61, + 0xca, 0x01, 0xb6, 0xde, 0x56, 0x24, 0x4a, 0x9e, 0x88, 0xd5, 0xf9, 0xb3, + 0x79, 0x73, 0xf6, 0x22, 0xa4, 0x3d, 0x14, 0xa6, 0x59, 0x9b, 0x1f, 0x65, + 0x4c, 0xb4, 0x5a, 0x74, 0xe3, 0x55, 0xa5 + }; + + const byte exp1[] = { + 0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5, 0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b, + 0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4, 0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc, + 0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a, 0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29, + 0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4, 0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31, + 0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d, 0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57, + 0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a, 0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde, + 0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd, 0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52, + 0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40, 0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64, + 0x5e,0x07,0x05 + }; + + const byte exp2[] = { + 0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5, 0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b, + 0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4, 0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc, + 0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a, 0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29, + 0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4, 0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31, + 0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d, 0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57, + 0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a, 0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde, + 0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd, 0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52, + 0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40, 0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64, + 0x5e,0x07,0x05 + }; + + byte m[163]; + byte k[crypto_box_BEFORENMBYTES]; + + bool pass = true; int rc; + + // Reject small order elements + + rc = crypto_box_open(m, c, 163, nonce, alicepk, bobsk); + pass = (rc == 0) && pass; + pass = (std::memcmp(m+32, exp1, 163-32) == 0) && pass; + + rc = crypto_box_open(m, c, 163, nonce, small_order_p, bobsk); + pass = (rc != 0) && pass; + + rc = crypto_box_beforenm(k, small_order_p, bobsk); + pass = (rc != 0) && pass; + rc = crypto_box_beforenm(k, alicepk, bobsk); + pass = (rc == 0) && pass; + + rc = crypto_box_open_afternm(m, c, 163, nonce, k); + pass = (rc == 0) && pass; + pass = (std::memcmp(m+32, exp2, 163-32) == 0) && pass; + + // Allow small order elements + + rc = crypto_box_open_unchecked(m, c, 163, nonce, alicepk, bobsk); + pass = (rc == 0) && pass; + pass = (std::memcmp(m+32, exp1, 163-32) == 0) && pass; + + rc = crypto_box_beforenm_unchecked(k, small_order_p, bobsk); + pass = (rc == 0) && pass; + rc = crypto_box_beforenm_unchecked(k, alicepk, bobsk); + pass = (rc == 0) && pass; + + rc = crypto_box_open_afternm(m, c, 163, nonce, k); + pass = (rc == 0) && pass; + pass = (std::memcmp(m+32, exp2, 163-32) == 0) && pass; + + return pass; +} + +bool TestCryptoBoxKeys() +{ + // https://github.com/jedisct1/libsodium/blob/master/test/default/box7.c + const unsigned int MAX_TEST = 64; + const unsigned int MAX_MESSAGE = 4096; + + byte alicesk[crypto_box_SECRETKEYBYTES]; + byte alicepk[crypto_box_PUBLICKEYBYTES]; + byte bobsk[crypto_box_SECRETKEYBYTES]; + byte bobpk[crypto_box_PUBLICKEYBYTES]; + + // byte m[MAX_MESSAGE+32]; + // byte c[MAX_MESSAGE+32]; + // byte r[MAX_MESSAGE+32]; + + bool pass = true, fail; int rc; + for (unsigned int i=0; i < MAX_TEST; ++i) + { + fail = (crypto_box_keypair(alicepk, alicesk) != 0); + pass = !fail && pass; + fail = (crypto_box_keypair(bobpk, bobsk) != 0); + pass = !fail && pass; + + SecByteBlock m, c, r, n; + const word32 len = (i == 0 ? 0 : GlobalRNG().GenerateWord32(1, MAX_MESSAGE)); + + m.New(len+crypto_box_ZEROBYTES); + c.New(len+crypto_box_BOXZEROBYTES+crypto_box_MACBYTES); + r.New(len+crypto_box_ZEROBYTES); + n.New(crypto_box_NONCEBYTES); + + GlobalRNG().GenerateBlock(m+crypto_box_ZEROBYTES, len); + GlobalRNG().GenerateBlock(n, crypto_box_NONCEBYTES); + + std::memset(m, 0x00, crypto_box_ZEROBYTES); + rc = crypto_box(c, m, len + crypto_box_ZEROBYTES, n, bobpk, alicesk); + fail = (rc != 0); pass = !fail && pass; + + std::memset(c, 0x00, crypto_box_BOXZEROBYTES); + rc = crypto_box_open(r, c, len + crypto_box_BOXZEROBYTES + crypto_box_MACBYTES, n, alicepk, bobsk); + fail = (rc != 0); pass = !fail && pass; + + fail = std::memcmp(m+crypto_box_ZEROBYTES, r+crypto_box_ZEROBYTES, len) != 0; + pass = !fail && pass; + + m.SetMark(16); c.SetMark(16); r.SetMark(16); + } + + return pass; +} + +struct TestData { + const byte sk[crypto_sign_SEEDBYTES]; + const byte pk[crypto_sign_PUBLICKEYBYTES]; + const byte sig[crypto_sign_BYTES]; + const word32 len; + const char* msg; +}; + +// https://github.com/jedisct1/libsodium/blob/master/test/default/sign.c +const TestData test_data[] = { + {{0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,},{0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a,},{0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b,},0,""}, + {{0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb,},{0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c,},{0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00,},1,"\x72"}, + {{0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7,},{0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25,},{0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a,},2,"\xaf\x82"}, + {{0x0d,0x4a,0x05,0xb0,0x73,0x52,0xa5,0x43,0x6e,0x18,0x03,0x56,0xda,0x0a,0xe6,0xef,0xa0,0x34,0x5f,0xf7,0xfb,0x15,0x72,0x57,0x57,0x72,0xe8,0x00,0x5e,0xd9,0x78,0xe9,},{0xe6,0x1a,0x18,0x5b,0xce,0xf2,0x61,0x3a,0x6c,0x7c,0xb7,0x97,0x63,0xce,0x94,0x5d,0x3b,0x24,0x5d,0x76,0x11,0x4d,0xd4,0x40,0xbc,0xf5,0xf2,0xdc,0x1a,0xa5,0x70,0x57,},{0xd9,0x86,0x8d,0x52,0xc2,0xbe,0xbc,0xe5,0xf3,0xfa,0x5a,0x79,0x89,0x19,0x70,0xf3,0x09,0xcb,0x65,0x91,0xe3,0xe1,0x70,0x2a,0x70,0x27,0x6f,0xa9,0x7c,0x24,0xb3,0xa8,0xe5,0x86,0x06,0xc3,0x8c,0x97,0x58,0x52,0x9d,0xa5,0x0e,0xe3,0x1b,0x82,0x19,0xcb,0xa4,0x52,0x71,0xc6,0x89,0xaf,0xa6,0x0b,0x0e,0xa2,0x6c,0x99,0xdb,0x19,0xb0,0x0c,},3,"\xcb\xc7\x7b"}, + {{0x6d,0xf9,0x34,0x0c,0x13,0x8c,0xc1,0x88,0xb5,0xfe,0x44,0x64,0xeb,0xaa,0x3f,0x7f,0xc2,0x06,0xa2,0xd5,0x5c,0x34,0x34,0x70,0x7e,0x74,0xc9,0xfc,0x04,0xe2,0x0e,0xbb,},{0xc0,0xda,0xc1,0x02,0xc4,0x53,0x31,0x86,0xe2,0x5d,0xc4,0x31,0x28,0x47,0x23,0x53,0xea,0xab,0xdb,0x87,0x8b,0x15,0x2a,0xeb,0x8e,0x00,0x1f,0x92,0xd9,0x02,0x33,0xa7,},{0x12,0x4f,0x6f,0xc6,0xb0,0xd1,0x00,0x84,0x27,0x69,0xe7,0x1b,0xd5,0x30,0x66,0x4d,0x88,0x8d,0xf8,0x50,0x7d,0xf6,0xc5,0x6d,0xed,0xfd,0xb5,0x09,0xae,0xb9,0x34,0x16,0xe2,0x6b,0x91,0x8d,0x38,0xaa,0x06,0x30,0x5d,0xf3,0x09,0x56,0x97,0xc1,0x8b,0x2a,0xa8,0x32,0xea,0xa5,0x2e,0xdc,0x0a,0xe4,0x9f,0xba,0xe5,0xa8,0x5e,0x15,0x0c,0x07,},4,"\x5f\x4c\x89\x89"}, + {{0xb7,0x80,0x38,0x1a,0x65,0xed,0xf8,0xb7,0x8f,0x69,0x45,0xe8,0xdb,0xec,0x79,0x41,0xac,0x04,0x9f,0xd4,0xc6,0x10,0x40,0xcf,0x0c,0x32,0x43,0x57,0x97,0x5a,0x29,0x3c,},{0xe2,0x53,0xaf,0x07,0x66,0x80,0x4b,0x86,0x9b,0xb1,0x59,0x5b,0xe9,0x76,0x5b,0x53,0x48,0x86,0xbb,0xaa,0xb8,0x30,0x5b,0xf5,0x0d,0xbc,0x7f,0x89,0x9b,0xfb,0x5f,0x01,},{0xb2,0xfc,0x46,0xad,0x47,0xaf,0x46,0x44,0x78,0xc1,0x99,0xe1,0xf8,0xbe,0x16,0x9f,0x1b,0xe6,0x32,0x7c,0x7f,0x9a,0x0a,0x66,0x89,0x37,0x1c,0xa9,0x4c,0xaf,0x04,0x06,0x4a,0x01,0xb2,0x2a,0xff,0x15,0x20,0xab,0xd5,0x89,0x51,0x34,0x16,0x03,0xfa,0xed,0x76,0x8c,0xf7,0x8c,0xe9,0x7a,0xe7,0xb0,0x38,0xab,0xfe,0x45,0x6a,0xa1,0x7c,0x09,},5,"\x18\xb6\xbe\xc0\x97"}, + {{0x78,0xae,0x9e,0xff,0xe6,0xf2,0x45,0xe9,0x24,0xa7,0xbe,0x63,0x04,0x11,0x46,0xeb,0xc6,0x70,0xdb,0xd3,0x06,0x0c,0xba,0x67,0xfb,0xc6,0x21,0x6f,0xeb,0xc4,0x45,0x46,},{0xfb,0xcf,0xbf,0xa4,0x05,0x05,0xd7,0xf2,0xbe,0x44,0x4a,0x33,0xd1,0x85,0xcc,0x54,0xe1,0x6d,0x61,0x52,0x60,0xe1,0x64,0x0b,0x2b,0x50,0x87,0xb8,0x3e,0xe3,0x64,0x3d,},{0x6e,0xd6,0x29,0xfc,0x1d,0x9c,0xe9,0xe1,0x46,0x87,0x55,0xff,0x63,0x6d,0x5a,0x3f,0x40,0xa5,0xd9,0xc9,0x1a,0xfd,0x93,0xb7,0x9d,0x24,0x18,0x30,0xf7,0xe5,0xfa,0x29,0x85,0x4b,0x8f,0x20,0xcc,0x6e,0xec,0xbb,0x24,0x8d,0xbd,0x8d,0x16,0xd1,0x4e,0x99,0x75,0x21,0x94,0xe4,0x90,0x4d,0x09,0xc7,0x4d,0x63,0x95,0x18,0x83,0x9d,0x23,0x00,},6,"\x89\x01\x0d\x85\x59\x72"}, + {{0x69,0x18,0x65,0xbf,0xc8,0x2a,0x1e,0x4b,0x57,0x4e,0xec,0xde,0x4c,0x75,0x19,0x09,0x3f,0xaf,0x0c,0xf8,0x67,0x38,0x02,0x34,0xe3,0x66,0x46,0x45,0xc6,0x1c,0x5f,0x79,},{0x98,0xa5,0xe3,0xa3,0x6e,0x67,0xaa,0xba,0x89,0x88,0x8b,0xf0,0x93,0xde,0x1a,0xd9,0x63,0xe7,0x74,0x01,0x3b,0x39,0x02,0xbf,0xab,0x35,0x6d,0x8b,0x90,0x17,0x8a,0x63,},{0x6e,0x0a,0xf2,0xfe,0x55,0xae,0x37,0x7a,0x6b,0x7a,0x72,0x78,0xed,0xfb,0x41,0x9b,0xd3,0x21,0xe0,0x6d,0x0d,0xf5,0xe2,0x70,0x37,0xdb,0x88,0x12,0xe7,0xe3,0x52,0x98,0x10,0xfa,0x55,0x52,0xf6,0xc0,0x02,0x09,0x85,0xca,0x17,0xa0,0xe0,0x2e,0x03,0x6d,0x7b,0x22,0x2a,0x24,0xf9,0x9b,0x77,0xb7,0x5f,0xdd,0x16,0xcb,0x05,0x56,0x81,0x07,},7,"\xb4\xa8\xf3\x81\xe7\x0e\x7a"}, + {{0x3b,0x26,0x51,0x6f,0xb3,0xdc,0x88,0xeb,0x18,0x1b,0x9e,0xd7,0x3f,0x0b,0xcd,0x52,0xbc,0xd6,0xb4,0xc7,0x88,0xe4,0xbc,0xaf,0x46,0x05,0x7f,0xd0,0x78,0xbe,0xe0,0x73,},{0xf8,0x1f,0xb5,0x4a,0x82,0x5f,0xce,0xd9,0x5e,0xb0,0x33,0xaf,0xcd,0x64,0x31,0x40,0x75,0xab,0xfb,0x0a,0xbd,0x20,0xa9,0x70,0x89,0x25,0x03,0x43,0x6f,0x34,0xb8,0x63,},{0xd6,0xad,0xde,0xc5,0xaf,0xb0,0x52,0x8a,0xc1,0x7b,0xb1,0x78,0xd3,0xe7,0xf2,0x88,0x7f,0x9a,0xdb,0xb1,0xad,0x16,0xe1,0x10,0x54,0x5e,0xf3,0xbc,0x57,0xf9,0xde,0x23,0x14,0xa5,0xc8,0x38,0x8f,0x72,0x3b,0x89,0x07,0xbe,0x0f,0x3a,0xc9,0x0c,0x62,0x59,0xbb,0xe8,0x85,0xec,0xc1,0x76,0x45,0xdf,0x3d,0xb7,0xd4,0x88,0xf8,0x05,0xfa,0x08,},8,"\x42\x84\xab\xc5\x1b\xb6\x72\x35"}, + {{0xed,0xc6,0xf5,0xfb,0xdd,0x1c,0xee,0x4d,0x10,0x1c,0x06,0x35,0x30,0xa3,0x04,0x90,0xb2,0x21,0xbe,0x68,0xc0,0x36,0xf5,0xb0,0x7d,0x0f,0x95,0x3b,0x74,0x5d,0xf1,0x92,},{0xc1,0xa4,0x9c,0x66,0xe6,0x17,0xf9,0xef,0x5e,0xc6,0x6b,0xc4,0xc6,0x56,0x4c,0xa3,0x3d,0xe2,0xa5,0xfb,0x5e,0x14,0x64,0x06,0x2e,0x6d,0x6c,0x62,0x19,0x15,0x5e,0xfd,},{0x2c,0x76,0xa0,0x4a,0xf2,0x39,0x1c,0x14,0x70,0x82,0xe3,0x3f,0xaa,0xcd,0xbe,0x56,0x64,0x2a,0x1e,0x13,0x4b,0xd3,0x88,0x62,0x0b,0x85,0x2b,0x90,0x1a,0x6b,0xc1,0x6f,0xf6,0xc9,0xcc,0x94,0x04,0xc4,0x1d,0xea,0x12,0xed,0x28,0x1d,0xa0,0x67,0xa1,0x51,0x38,0x66,0xf9,0xd9,0x64,0xf8,0xbd,0xd2,0x49,0x53,0x85,0x6c,0x50,0x04,0x29,0x01,},9,"\x67\x2b\xf8\x96\x5d\x04\xbc\x51\x46"}, + {{0x4e,0x7d,0x21,0xfb,0x3b,0x18,0x97,0x57,0x1a,0x44,0x58,0x33,0xbe,0x0f,0x9f,0xd4,0x1c,0xd6,0x2b,0xe3,0xaa,0x04,0x04,0x0f,0x89,0x34,0xe1,0xfc,0xbd,0xca,0xcd,0x45,},{0x31,0xb2,0x52,0x4b,0x83,0x48,0xf7,0xab,0x1d,0xfa,0xfa,0x67,0x5c,0xc5,0x38,0xe9,0xa8,0x4e,0x3f,0xe5,0x81,0x9e,0x27,0xc1,0x2a,0xd8,0xbb,0xc1,0xa3,0x6e,0x4d,0xff,},{0x28,0xe4,0x59,0x8c,0x41,0x5a,0xe9,0xde,0x01,0xf0,0x3f,0x9f,0x3f,0xab,0x4e,0x91,0x9e,0x8b,0xf5,0x37,0xdd,0x2b,0x0c,0xdf,0x6e,0x79,0xb9,0xe6,0x55,0x9c,0x94,0x09,0xd9,0x15,0x1a,0x4c,0x40,0xf0,0x83,0x19,0x39,0x37,0x62,0x7c,0x36,0x94,0x88,0x25,0x9e,0x99,0xda,0x5a,0x9f,0x0a,0x87,0x49,0x7f,0xa6,0x69,0x6a,0x5d,0xd6,0xce,0x08,},10,"\x33\xd7\xa7\x86\xad\xed\x8c\x1b\xf6\x91"}, + {{0xa9,0x80,0xf8,0x92,0xdb,0x13,0xc9,0x9a,0x3e,0x89,0x71,0xe9,0x65,0xb2,0xff,0x3d,0x41,0xea,0xfd,0x54,0x09,0x3b,0xc9,0xf3,0x4d,0x1f,0xd2,0x2d,0x84,0x11,0x5b,0xb6,},{0x44,0xb5,0x7e,0xe3,0x0c,0xdb,0x55,0x82,0x9d,0x0a,0x5d,0x4f,0x04,0x6b,0xae,0xf0,0x78,0xf1,0xe9,0x7a,0x7f,0x21,0xb6,0x2d,0x75,0xf8,0xe9,0x6e,0xa1,0x39,0xc3,0x5f,},{0x77,0xd3,0x89,0xe5,0x99,0x63,0x0d,0x93,0x40,0x76,0x32,0x95,0x83,0xcd,0x41,0x05,0xa6,0x49,0xa9,0x29,0x2a,0xbc,0x44,0xcd,0x28,0xc4,0x00,0x00,0xc8,0xe2,0xf5,0xac,0x76,0x60,0xa8,0x1c,0x85,0xb7,0x2a,0xf8,0x45,0x2d,0x7d,0x25,0xc0,0x70,0x86,0x1d,0xae,0x91,0x60,0x1c,0x78,0x03,0xd6,0x56,0x53,0x16,0x50,0xdd,0x4e,0x5c,0x41,0x00,},11,"\x34\x86\xf6\x88\x48\xa6\x5a\x0e\xb5\x50\x7d"}, + {{0x5b,0x5a,0x61,0x9f,0x8c,0xe1,0xc6,0x6d,0x7c,0xe2,0x6e,0x5a,0x2a,0xe7,0xb0,0xc0,0x4f,0xeb,0xcd,0x34,0x6d,0x28,0x6c,0x92,0x9e,0x19,0xd0,0xd5,0x97,0x3b,0xfe,0xf9,},{0x6f,0xe8,0x36,0x93,0xd0,0x11,0xd1,0x11,0x13,0x1c,0x4f,0x3f,0xba,0xaa,0x40,0xa9,0xd3,0xd7,0x6b,0x30,0x01,0x2f,0xf7,0x3b,0xb0,0xe3,0x9e,0xc2,0x7a,0xb1,0x82,0x57,},{0x0f,0x9a,0xd9,0x79,0x30,0x33,0xa2,0xfa,0x06,0x61,0x4b,0x27,0x7d,0x37,0x38,0x1e,0x6d,0x94,0xf6,0x5a,0xc2,0xa5,0xa9,0x45,0x58,0xd0,0x9e,0xd6,0xce,0x92,0x22,0x58,0xc1,0xa5,0x67,0x95,0x2e,0x86,0x3a,0xc9,0x42,0x97,0xae,0xc3,0xc0,0xd0,0xc8,0xdd,0xf7,0x10,0x84,0xe5,0x04,0x86,0x0b,0xb6,0xba,0x27,0x44,0x9b,0x55,0xad,0xc4,0x0e,},12,"\x5a\x8d\x9d\x0a\x22\x35\x7e\x66\x55\xf9\xc7\x85"}, + {{0x94,0x0c,0x89,0xfe,0x40,0xa8,0x1d,0xaf,0xbd,0xb2,0x41,0x6d,0x14,0xae,0x46,0x91,0x19,0x86,0x97,0x44,0x41,0x0c,0x33,0x03,0xbf,0xaa,0x02,0x41,0xda,0xc5,0x78,0x00,},{0xa2,0xeb,0x8c,0x05,0x01,0xe3,0x0b,0xae,0x0c,0xf8,0x42,0xd2,0xbd,0xe8,0xde,0xc7,0x38,0x6f,0x6b,0x7f,0xc3,0x98,0x1b,0x8c,0x57,0xc9,0x79,0x2b,0xb9,0x4c,0xf2,0xdd,},{0xd8,0xbb,0x64,0xaa,0xd8,0xc9,0x95,0x5a,0x11,0x5a,0x79,0x3a,0xdd,0xd2,0x4f,0x7f,0x2b,0x07,0x76,0x48,0x71,0x4f,0x49,0xc4,0x69,0x4e,0xc9,0x95,0xb3,0x30,0xd0,0x9d,0x64,0x0d,0xf3,0x10,0xf4,0x47,0xfd,0x7b,0x6c,0xb5,0xc1,0x4f,0x9f,0xe9,0xf4,0x90,0xbc,0xf8,0xcf,0xad,0xbf,0xd2,0x16,0x9c,0x8a,0xc2,0x0d,0x3b,0x8a,0xf4,0x9a,0x0c,},13,"\xb8\x7d\x38\x13\xe0\x3f\x58\xcf\x19\xfd\x0b\x63\x95"}, + {{0x9a,0xca,0xd9,0x59,0xd2,0x16,0x21,0x2d,0x78,0x9a,0x11,0x92,0x52,0xeb,0xfe,0x0c,0x96,0x51,0x2a,0x23,0xc7,0x3b,0xd9,0xf3,0xb2,0x02,0x29,0x2d,0x69,0x16,0xa7,0x38,},{0xcf,0x3a,0xf8,0x98,0x46,0x7a,0x5b,0x7a,0x52,0xd3,0x3d,0x53,0xbc,0x03,0x7e,0x26,0x42,0xa8,0xda,0x99,0x69,0x03,0xfc,0x25,0x22,0x17,0xe9,0xc0,0x33,0xe2,0xf2,0x91,},{0x6e,0xe3,0xfe,0x81,0xe2,0x3c,0x60,0xeb,0x23,0x12,0xb2,0x00,0x6b,0x3b,0x25,0xe6,0x83,0x8e,0x02,0x10,0x66,0x23,0xf8,0x44,0xc4,0x4e,0xdb,0x8d,0xaf,0xd6,0x6a,0xb0,0x67,0x10,0x87,0xfd,0x19,0x5d,0xf5,0xb8,0xf5,0x8a,0x1d,0x6e,0x52,0xaf,0x42,0x90,0x80,0x53,0xd5,0x5c,0x73,0x21,0x01,0x00,0x92,0x74,0x87,0x95,0xef,0x94,0xcf,0x06,},14,"\x55\xc7\xfa\x43\x4f\x5e\xd8\xcd\xec\x2b\x7a\xea\xc1\x73"}, + {{0xd5,0xae,0xee,0x41,0xee,0xb0,0xe9,0xd1,0xbf,0x83,0x37,0xf9,0x39,0x58,0x7e,0xbe,0x29,0x61,0x61,0xe6,0xbf,0x52,0x09,0xf5,0x91,0xec,0x93,0x9e,0x14,0x40,0xc3,0x00,},{0xfd,0x2a,0x56,0x57,0x23,0x16,0x3e,0x29,0xf5,0x3c,0x9d,0xe3,0xd5,0xe8,0xfb,0xe3,0x6a,0x7a,0xb6,0x6e,0x14,0x39,0xec,0x4e,0xae,0x9c,0x0a,0x60,0x4a,0xf2,0x91,0xa5,},{0xf6,0x8d,0x04,0x84,0x7e,0x5b,0x24,0x97,0x37,0x89,0x9c,0x01,0x4d,0x31,0xc8,0x05,0xc5,0x00,0x7a,0x62,0xc0,0xa1,0x0d,0x50,0xbb,0x15,0x38,0xc5,0xf3,0x55,0x03,0x95,0x1f,0xbc,0x1e,0x08,0x68,0x2f,0x2c,0xc0,0xc9,0x2e,0xfe,0x8f,0x49,0x85,0xde,0xc6,0x1d,0xcb,0xd5,0x4d,0x4b,0x94,0xa2,0x25,0x47,0xd2,0x44,0x51,0x27,0x1c,0x8b,0x00,},15,"\x0a\x68\x8e\x79\xbe\x24\xf8\x66\x28\x6d\x46\x46\xb5\xd8\x1c"}, + {{0x0a,0x47,0xd1,0x04,0x52,0xae,0x2f,0xeb,0xec,0x51,0x8a,0x1c,0x7c,0x36,0x28,0x90,0xc3,0xfc,0x1a,0x49,0xd3,0x4b,0x03,0xb6,0x46,0x7d,0x35,0xc9,0x04,0xa8,0x36,0x2d,},{0x34,0xe5,0xa8,0x50,0x8c,0x47,0x43,0x74,0x69,0x62,0xc0,0x66,0xe4,0xba,0xde,0xa2,0x20,0x1b,0x8a,0xb4,0x84,0xde,0x5c,0x4f,0x94,0x47,0x6c,0xcd,0x21,0x43,0x95,0x5b,},{0x2a,0x3d,0x27,0xdc,0x40,0xd0,0xa8,0x12,0x79,0x49,0xa3,0xb7,0xf9,0x08,0xb3,0x68,0x8f,0x63,0xb7,0xf1,0x4f,0x65,0x1a,0xac,0xd7,0x15,0x94,0x0b,0xdb,0xe2,0x7a,0x08,0x09,0xaa,0xc1,0x42,0xf4,0x7a,0xb0,0xe1,0xe4,0x4f,0xa4,0x90,0xba,0x87,0xce,0x53,0x92,0xf3,0x3a,0x89,0x15,0x39,0xca,0xf1,0xef,0x4c,0x36,0x7c,0xae,0x54,0x50,0x0c,},16,"\xc9\x42\xfa\x7a\xc6\xb2\x3a\xb7\xff\x61\x2f\xdc\x8e\x68\xef\x39"}, + {{0xf8,0x14,0x8f,0x75,0x06,0xb7,0x75,0xef,0x46,0xfd,0xc8,0xe8,0xc7,0x56,0x51,0x68,0x12,0xd4,0x7d,0x6c,0xfb,0xfa,0x31,0x8c,0x27,0xc9,0xa2,0x26,0x41,0xe5,0x6f,0x17,},{0x04,0x45,0xe4,0x56,0xda,0xcc,0x7d,0x5b,0x0b,0xbe,0xd2,0x3c,0x82,0x00,0xcd,0xb7,0x4b,0xdc,0xb0,0x3e,0x4c,0x7b,0x73,0xf0,0xa2,0xb9,0xb4,0x6e,0xac,0x5d,0x43,0x72,},{0x36,0x53,0xcc,0xb2,0x12,0x19,0x20,0x2b,0x84,0x36,0xfb,0x41,0xa3,0x2b,0xa2,0x61,0x8c,0x4a,0x13,0x34,0x31,0xe6,0xe6,0x34,0x63,0xce,0xb3,0xb6,0x10,0x6c,0x4d,0x56,0xe1,0xd2,0xba,0x16,0x5b,0xa7,0x6e,0xaa,0xd3,0xdc,0x39,0xbf,0xfb,0x13,0x0f,0x1d,0xe3,0xd8,0xe6,0x42,0x7d,0xb5,0xb7,0x19,0x38,0xdb,0x4e,0x27,0x2b,0xc3,0xe2,0x0b,},17,"\x73\x68\x72\x4a\x5b\x0e\xfb\x57\xd2\x8d\x97\x62\x2d\xbd\xe7\x25\xaf"}, + {{0x77,0xf8,0x86,0x91,0xc4,0xef,0xf2,0x3e,0xbb,0x73,0x64,0x94,0x70,0x92,0x95,0x1a,0x5f,0xf3,0xf1,0x07,0x85,0xb4,0x17,0xe9,0x18,0x82,0x3a,0x55,0x2d,0xab,0x7c,0x75,},{0x74,0xd2,0x91,0x27,0xf1,0x99,0xd8,0x6a,0x86,0x76,0xae,0xc3,0x3b,0x4c,0xe3,0xf2,0x25,0xcc,0xb1,0x91,0xf5,0x2c,0x19,0x1c,0xcd,0x1e,0x8c,0xca,0x65,0x21,0x3a,0x6b,},{0xfb,0xe9,0x29,0xd7,0x43,0xa0,0x3c,0x17,0x91,0x05,0x75,0x49,0x2f,0x30,0x92,0xee,0x2a,0x2b,0xf1,0x4a,0x60,0xa3,0xfc,0xac,0xec,0x74,0xa5,0x8c,0x73,0x34,0x51,0x0f,0xc2,0x62,0xdb,0x58,0x27,0x91,0x32,0x2d,0x6c,0x8c,0x41,0xf1,0x70,0x0a,0xdb,0x80,0x02,0x7e,0xca,0xbc,0x14,0x27,0x0b,0x70,0x34,0x44,0xae,0x3e,0xe7,0x62,0x3e,0x0a,},18,"\xbd\x8e\x05\x03\x3f\x3a\x8b\xcd\xcb\xf4\xbe\xce\xb7\x09\x01\xc8\x2e\x31"}, + {{0xab,0x6f,0x7a,0xee,0x6a,0x08,0x37,0xb3,0x34,0xba,0x5e,0xb1,0xb2,0xad,0x7f,0xce,0xcf,0xab,0x7e,0x32,0x3c,0xab,0x18,0x7f,0xe2,0xe0,0xa9,0x5d,0x80,0xef,0xf1,0x32,},{0x5b,0x96,0xdc,0xa4,0x97,0x87,0x5b,0xf9,0x66,0x4c,0x5e,0x75,0xfa,0xcf,0x3f,0x9b,0xc5,0x4b,0xae,0x91,0x3d,0x66,0xca,0x15,0xee,0x85,0xf1,0x49,0x1c,0xa2,0x4d,0x2c,},{0x73,0xbc,0xa6,0x4e,0x9d,0xd0,0xdb,0x88,0x13,0x8e,0xed,0xfa,0xfc,0xea,0x8f,0x54,0x36,0xcf,0xb7,0x4b,0xfb,0x0e,0x77,0x33,0xcf,0x34,0x9b,0xaa,0x0c,0x49,0x77,0x5c,0x56,0xd5,0x93,0x4e,0x1d,0x38,0xe3,0x6f,0x39,0xb7,0xc5,0xbe,0xb0,0xa8,0x36,0x51,0x0c,0x45,0x12,0x6f,0x8e,0xc4,0xb6,0x81,0x05,0x19,0x90,0x5b,0x0c,0xa0,0x7c,0x09,},19,"\x81\x71\x45\x6f\x8b\x90\x71\x89\xb1\xd7\x79\xe2\x6b\xc5\xaf\xbb\x08\xc6\x7a"}, + {{0x8d,0x13,0x5d,0xe7,0xc8,0x41,0x1b,0xbd,0xbd,0x1b,0x31,0xe5,0xdc,0x67,0x8f,0x2a,0xc7,0x10,0x9e,0x79,0x2b,0x60,0xf3,0x8c,0xd2,0x49,0x36,0xe8,0xa8,0x98,0xc3,0x2d,},{0x1c,0xa2,0x81,0x93,0x85,0x29,0x89,0x65,0x35,0xa7,0x71,0x4e,0x35,0x84,0x08,0x5b,0x86,0xef,0x9f,0xec,0x72,0x3f,0x42,0x81,0x9f,0xc8,0xdd,0x5d,0x8c,0x00,0x81,0x7f,},{0xa1,0xad,0xc2,0xbc,0x6a,0x2d,0x98,0x06,0x62,0x67,0x7e,0x7f,0xdf,0xf6,0x42,0x4d,0xe7,0xdb,0xa5,0x0f,0x57,0x95,0xca,0x90,0xfd,0xf3,0xe9,0x6e,0x25,0x6f,0x32,0x85,0xca,0xc7,0x1d,0x33,0x60,0x48,0x2e,0x99,0x3d,0x02,0x94,0xba,0x4e,0xc7,0x44,0x0c,0x61,0xaf,0xfd,0xf3,0x5f,0xe8,0x3e,0x6e,0x04,0x26,0x39,0x37,0xdb,0x93,0xf1,0x05,},20,"\x8b\xa6\xa4\xc9\xa1\x5a\x24\x4a\x9c\x26\xbb\x2a\x59\xb1\x02\x6f\x21\x34\x8b\x49"}, + {{0x0e,0x76,0x5d,0x72,0x0e,0x70,0x5f,0x93,0x66,0xc1,0xab,0x8c,0x3f,0xa8,0x4c,0x9a,0x44,0x37,0x0c,0x06,0x96,0x9f,0x80,0x32,0x96,0x88,0x4b,0x28,0x46,0xa6,0x52,0xa4,},{0x7f,0xae,0x45,0xdd,0x0a,0x05,0x97,0x10,0x26,0xd4,0x10,0xbc,0x49,0x7a,0xf5,0xbe,0x7d,0x08,0x27,0xa8,0x2a,0x14,0x5c,0x20,0x3f,0x62,0x5d,0xfc,0xb8,0xb0,0x3b,0xa8,},{0xbb,0x61,0xcf,0x84,0xde,0x61,0x86,0x22,0x07,0xc6,0xa4,0x55,0x25,0x8b,0xc4,0xdb,0x4e,0x15,0xee,0xa0,0x31,0x7f,0xf8,0x87,0x18,0xb8,0x82,0xa0,0x6b,0x5c,0xf6,0xec,0x6f,0xd2,0x0c,0x5a,0x26,0x9e,0x5d,0x5c,0x80,0x5b,0xaf,0xbc,0xc5,0x79,0xe2,0x59,0x0a,0xf4,0x14,0xc7,0xc2,0x27,0x27,0x3c,0x10,0x2a,0x10,0x07,0x0c,0xdf,0xe8,0x0f,},21,"\x1d\x56\x6a\x62\x32\xbb\xaa\xb3\xe6\xd8\x80\x4b\xb5\x18\xa4\x98\xed\x0f\x90\x49\x86"}, + {{0xdb,0x36,0xe3,0x26,0xd6,0x76,0xc2,0xd1,0x9c,0xc8,0xfe,0x0c,0x14,0xb7,0x09,0x20,0x2e,0xcf,0xc7,0x61,0xd2,0x70,0x89,0xeb,0x6e,0xa4,0xb1,0xbb,0x02,0x1e,0xcf,0xa7,},{0x48,0x35,0x9b,0x85,0x0d,0x23,0xf0,0x71,0x5d,0x94,0xbb,0x8b,0xb7,0x5e,0x7e,0x14,0x32,0x2e,0xaf,0x14,0xf0,0x6f,0x28,0xa8,0x05,0x40,0x3f,0xbd,0xa0,0x02,0xfc,0x85,},{0xb6,0xdc,0xd0,0x99,0x89,0xdf,0xba,0xc5,0x43,0x22,0xa3,0xce,0x87,0x87,0x6e,0x1d,0x62,0x13,0x4d,0xa9,0x98,0xc7,0x9d,0x24,0xb5,0x0b,0xd7,0xa6,0xa7,0x97,0xd8,0x6a,0x0e,0x14,0xdc,0x9d,0x74,0x91,0xd6,0xc1,0x4a,0x67,0x3c,0x65,0x2c,0xfb,0xec,0x9f,0x96,0x2a,0x38,0xc9,0x45,0xda,0x3b,0x2f,0x08,0x79,0xd0,0xb6,0x8a,0x92,0x13,0x00,},22,"\x1b\x0a\xfb\x0a\xc4\xba\x9a\xb7\xb7\x17\x2c\xdd\xc9\xeb\x42\xbb\xa1\xa6\x4b\xce\x47\xd4"}, + {{0xc8,0x99,0x55,0xe0,0xf7,0x74,0x1d,0x90,0x5d,0xf0,0x73,0x0b,0x3d,0xc2,0xb0,0xce,0x1a,0x13,0x13,0x4e,0x44,0xfe,0xf3,0xd4,0x0d,0x60,0xc0,0x20,0xef,0x19,0xdf,0x77,},{0xfd,0xb3,0x06,0x73,0x40,0x2f,0xaf,0x1c,0x80,0x33,0x71,0x4f,0x35,0x17,0xe4,0x7c,0xc0,0xf9,0x1f,0xe7,0x0c,0xf3,0x83,0x6d,0x6c,0x23,0x63,0x6e,0x3f,0xd2,0x28,0x7c,},{0x7e,0xf6,0x6e,0x5e,0x86,0xf2,0x36,0x08,0x48,0xe0,0x01,0x4e,0x94,0x88,0x0a,0xe2,0x92,0x0a,0xd8,0xa3,0x18,0x5a,0x46,0xb3,0x5d,0x1e,0x07,0xde,0xa8,0xfa,0x8a,0xe4,0xf6,0xb8,0x43,0xba,0x17,0x4d,0x99,0xfa,0x79,0x86,0x65,0x4a,0x08,0x91,0xc1,0x2a,0x79,0x44,0x55,0x66,0x93,0x75,0xbf,0x92,0xaf,0x4c,0xc2,0x77,0x0b,0x57,0x9e,0x0c,},23,"\x50\x7c\x94\xc8\x82\x0d\x2a\x57\x93\xcb\xf3\x44\x2b\x3d\x71\x93\x6f\x35\xfe\x3a\xfe\xf3\x16"}, + {{0x4e,0x62,0x62,0x7f,0xc2,0x21,0x14,0x24,0x78,0xae,0xe7,0xf0,0x07,0x81,0xf8,0x17,0xf6,0x62,0xe3,0xb7,0x5d,0xb2,0x9b,0xb1,0x4a,0xb4,0x7c,0xf8,0xe8,0x41,0x04,0xd6,},{0xb1,0xd3,0x98,0x01,0x89,0x20,0x27,0xd5,0x8a,0x8c,0x64,0x33,0x51,0x63,0x19,0x58,0x93,0xbf,0xc1,0xb6,0x1d,0xbe,0xca,0x32,0x60,0x49,0x7e,0x1f,0x30,0x37,0x11,0x07,},{0x83,0x6a,0xfa,0x76,0x4d,0x9c,0x48,0xaa,0x47,0x70,0xa4,0x38,0x8b,0x65,0x4e,0x97,0xb3,0xc1,0x6f,0x08,0x29,0x67,0xfe,0xbc,0xa2,0x7f,0x2f,0xc4,0x7d,0xdf,0xd9,0x24,0x4b,0x03,0xcf,0xc7,0x29,0x69,0x8a,0xcf,0x51,0x09,0x70,0x43,0x46,0xb6,0x0b,0x23,0x0f,0x25,0x54,0x30,0x08,0x9d,0xdc,0x56,0x91,0x23,0x99,0xd1,0x12,0x2d,0xe7,0x0a,},24,"\xd3\xd6\x15\xa8\x47\x2d\x99\x62\xbb\x70\xc5\xb5\x46\x6a\x3d\x98\x3a\x48\x11\x04\x6e\x2a\x0e\xf5"}, + {{0x6b,0x83,0xd7,0xda,0x89,0x08,0xc3,0xe7,0x20,0x5b,0x39,0x86,0x4b,0x56,0xe5,0xf3,0xe1,0x71,0x96,0xa3,0xfc,0x9c,0x2f,0x58,0x05,0xaa,0xd0,0xf5,0x55,0x4c,0x14,0x2d,},{0xd0,0xc8,0x46,0xf9,0x7f,0xe2,0x85,0x85,0xc0,0xee,0x15,0x90,0x15,0xd6,0x4c,0x56,0x31,0x1c,0x88,0x6e,0xdd,0xcc,0x18,0x5d,0x29,0x6d,0xbb,0x16,0x5d,0x26,0x25,0xd6,},{0x16,0xe4,0x62,0xa2,0x9a,0x6d,0xd4,0x98,0x68,0x5a,0x37,0x18,0xb3,0xee,0xd0,0x0c,0xc1,0x59,0x86,0x01,0xee,0x47,0x82,0x04,0x86,0x03,0x2d,0x6b,0x9a,0xcc,0x9b,0xf8,0x9f,0x57,0x68,0x4e,0x08,0xd8,0xc0,0xf0,0x55,0x89,0xcd,0xa2,0x88,0x2a,0x05,0xdc,0x4c,0x63,0xf9,0xd0,0x43,0x1d,0x65,0x52,0x71,0x08,0x12,0x43,0x30,0x03,0xbc,0x08,},25,"\x6a\xda\x80\xb6\xfa\x84\xf7\x03\x49\x20\x78\x9e\x85\x36\xb8\x2d\x5e\x46\x78\x05\x9a\xed\x27\xf7\x1c"}, + {{0x19,0xa9,0x1f,0xe2,0x3a,0x4e,0x9e,0x33,0xec,0xc4,0x74,0x87,0x8f,0x57,0xc6,0x4c,0xf1,0x54,0xb3,0x94,0x20,0x34,0x87,0xa7,0x03,0x5e,0x1a,0xd9,0xcd,0x69,0x7b,0x0d,},{0x2b,0xf3,0x2b,0xa1,0x42,0xba,0x46,0x22,0xd8,0xf3,0xe2,0x9e,0xcd,0x85,0xee,0xa0,0x7b,0x9c,0x47,0xbe,0x9d,0x64,0x41,0x2c,0x9b,0x51,0x0b,0x27,0xdd,0x21,0x8b,0x23,},{0x88,0x1f,0x5b,0x8c,0x5a,0x03,0x0d,0xf0,0xf7,0x5b,0x66,0x34,0xb0,0x70,0xdd,0x27,0xbd,0x1e,0xe3,0xc0,0x87,0x38,0xae,0x34,0x93,0x38,0xb3,0xee,0x64,0x69,0xbb,0xf9,0x76,0x0b,0x13,0x57,0x8a,0x23,0x7d,0x51,0x82,0x53,0x5e,0xde,0x12,0x12,0x83,0x02,0x7a,0x90,0xb5,0xf8,0x65,0xd6,0x3a,0x65,0x37,0xdc,0xa0,0x7b,0x44,0x04,0x9a,0x0f,},26,"\x82\xcb\x53\xc4\xd5\xa0\x13\xba\xe5\x07\x07\x59\xec\x06\xc3\xc6\x95\x5a\xb7\xa4\x05\x09\x58\xec\x32\x8c"}, + {{0x1d,0x5b,0x8c,0xb6,0x21,0x5c,0x18,0x14,0x16,0x66,0xba,0xee,0xfc,0xf5,0xd6,0x9d,0xad,0x5b,0xea,0x9a,0x34,0x93,0xdd,0xda,0xa3,0x57,0xa4,0x39,0x7a,0x13,0xd4,0xde,},{0x94,0xd2,0x3d,0x97,0x7c,0x33,0xe4,0x9e,0x5e,0x49,0x92,0xc6,0x8f,0x25,0xec,0x99,0xa2,0x7c,0x41,0xce,0x6b,0x91,0xf2,0xbf,0xa0,0xcd,0x82,0x92,0xfe,0x96,0x28,0x35,},{0x3a,0xcd,0x39,0xbe,0xc8,0xc3,0xcd,0x2b,0x44,0x29,0x97,0x22,0xb5,0x85,0x0a,0x04,0x00,0xc1,0x44,0x35,0x90,0xfd,0x48,0x61,0xd5,0x9a,0xae,0x74,0x96,0xac,0xb3,0xdf,0x73,0xfc,0x3f,0xdf,0x79,0x69,0xae,0x5f,0x50,0xba,0x47,0xdd,0xdc,0x43,0x52,0x46,0xe5,0xfd,0x37,0x6f,0x6b,0x89,0x1c,0xd4,0xc2,0xca,0xf5,0xd6,0x14,0xb6,0x17,0x0c,},27,"\xa9\xa8\xcb\xb0\xad\x58\x51\x24\xe5\x22\xab\xbf\xb4\x05\x33\xbd\xd6\xf4\x93\x47\xb5\x5b\x18\xe8\x55\x8c\xb0"}, + {{0x6a,0x91,0xb3,0x22,0x7c,0x47,0x22,0x99,0x08,0x9b,0xdc,0xe9,0x35,0x6e,0x72,0x6a,0x40,0xef,0xd8,0x40,0xf1,0x10,0x02,0x70,0x8b,0x7e,0xe5,0x5b,0x64,0x10,0x5a,0xc2,},{0x9d,0x08,0x4a,0xa8,0xb9,0x7a,0x6b,0x9b,0xaf,0xa4,0x96,0xdb,0xc6,0xf7,0x6f,0x33,0x06,0xa1,0x16,0xc9,0xd9,0x17,0xe6,0x81,0x52,0x0a,0x0f,0x91,0x43,0x69,0x42,0x7e,},{0xf5,0x87,0x54,0x23,0x78,0x1b,0x66,0x21,0x6c,0xb5,0xe8,0x99,0x8d,0xe5,0xd9,0xff,0xc2,0x9d,0x1d,0x67,0x10,0x70,0x54,0xac,0xe3,0x37,0x45,0x03,0xa9,0xc3,0xef,0x81,0x15,0x77,0xf2,0x69,0xde,0x81,0x29,0x67,0x44,0xbd,0x70,0x6f,0x1a,0xc4,0x78,0xca,0xf0,0x9b,0x54,0xcd,0xf8,0x71,0xb3,0xf8,0x02,0xbd,0x57,0xf9,0xa6,0xcb,0x91,0x01,},28,"\x5c\xb6\xf9\xaa\x59\xb8\x0e\xca\x14\xf6\xa6\x8f\xb4\x0c\xf0\x7b\x79\x4e\x75\x17\x1f\xba\x96\x26\x2c\x1c\x6a\xdc"}, + {{0x93,0xea,0xa8,0x54,0xd7,0x91,0xf0,0x53,0x72,0xce,0x72,0xb9,0x4f,0xc6,0x50,0x3b,0x2f,0xf8,0xae,0x68,0x19,0xe6,0xa2,0x1a,0xfe,0x82,0x5e,0x27,0xad,0xa9,0xe4,0xfb,},{0x16,0xce,0xe8,0xa3,0xf2,0x63,0x18,0x34,0xc8,0x8b,0x67,0x08,0x97,0xff,0x0b,0x08,0xce,0x90,0xcc,0x14,0x7b,0x45,0x93,0xb3,0xf1,0xf4,0x03,0x72,0x7f,0x7e,0x7a,0xd5,},{0xd8,0x34,0x19,0x7c,0x1a,0x30,0x80,0x61,0x4e,0x0a,0x5f,0xa0,0xaa,0xaa,0x80,0x88,0x24,0xf2,0x1c,0x38,0xd6,0x92,0xe6,0xff,0xbd,0x20,0x0f,0x7d,0xfb,0x3c,0x8f,0x44,0x40,0x2a,0x73,0x82,0x18,0x0b,0x98,0xad,0x0a,0xfc,0x8e,0xec,0x1a,0x02,0xac,0xec,0xf3,0xcb,0x7f,0xde,0x62,0x7b,0x9f,0x18,0x11,0x1f,0x26,0x0a,0xb1,0xdb,0x9a,0x07,},29,"\x32\xfe\x27\x99\x41\x24\x20\x21\x53\xb5\xc7\x0d\x38\x13\xfd\xee\x9c\x2a\xa6\xe7\xdc\x74\x3d\x4d\x53\x5f\x18\x40\xa5"}, + {{0x94,0x1c,0xac,0x69,0xfb,0x7b,0x18,0x15,0xc5,0x7b,0xb9,0x87,0xc4,0xd6,0xc2,0xad,0x2c,0x35,0xd5,0xf9,0xa3,0x18,0x2a,0x79,0xd4,0xba,0x13,0xea,0xb2,0x53,0xa8,0xad,},{0x23,0xbe,0x32,0x3c,0x56,0x2d,0xfd,0x71,0xce,0x65,0xf5,0xbb,0xa5,0x6a,0x74,0xa3,0xa6,0xdf,0xc3,0x6b,0x57,0x3d,0x2f,0x94,0xf6,0x35,0xc7,0xf9,0xb4,0xfd,0x5a,0x5b,},{0x0f,0x8f,0xad,0x1e,0x6b,0xde,0x77,0x1b,0x4f,0x54,0x20,0xea,0xc7,0x5c,0x37,0x8b,0xae,0x6d,0xb5,0xac,0x66,0x50,0xcd,0x2b,0xc2,0x10,0xc1,0x82,0x3b,0x43,0x2b,0x48,0xe0,0x16,0xb1,0x05,0x95,0x45,0x8f,0xfa,0xb9,0x2f,0x7a,0x89,0x89,0xb2,0x93,0xce,0xb8,0xdf,0xed,0x6c,0x24,0x3a,0x20,0x38,0xfc,0x06,0x65,0x2a,0xaa,0xf1,0x6f,0x02,},30,"\xbb\x31\x72\x79\x57\x10\xfe\x00\x05\x4d\x3b\x5d\xfe\xf8\xa1\x16\x23\x58\x2d\xa6\x8b\xf8\xe4\x6d\x72\xd2\x7c\xec\xe2\xaa"}, + {{0x1a,0xcd,0xbb,0x79,0x3b,0x03,0x84,0x93,0x46,0x27,0x47,0x0d,0x79,0x5c,0x3d,0x1d,0xd4,0xd7,0x9c,0xea,0x59,0xef,0x98,0x3f,0x29,0x5b,0x9b,0x59,0x17,0x9c,0xbb,0x28,},{0x3f,0x60,0xc7,0x54,0x1a,0xfa,0x76,0xc0,0x19,0xcf,0x5a,0xa8,0x2d,0xcd,0xb0,0x88,0xed,0x9e,0x4e,0xd9,0x78,0x05,0x14,0xae,0xfb,0x37,0x9d,0xab,0xc8,0x44,0xf3,0x1a,},{0xbe,0x71,0xef,0x48,0x06,0xcb,0x04,0x1d,0x88,0x5e,0xff,0xd9,0xe6,0xb0,0xfb,0xb7,0x3d,0x65,0xd7,0xcd,0xec,0x47,0xa8,0x9c,0x8a,0x99,0x48,0x92,0xf4,0xe5,0x5a,0x56,0x8c,0x4c,0xc7,0x8d,0x61,0xf9,0x01,0xe8,0x0d,0xbb,0x62,0x8b,0x86,0xa2,0x3c,0xcd,0x59,0x4e,0x71,0x2b,0x57,0xfa,0x94,0xc2,0xd6,0x7e,0xc2,0x66,0x34,0x87,0x85,0x07,},31,"\x7c\xf3\x4f\x75\xc3\xda\xc9\xa8\x04\xd0\xfc\xd0\x9e\xba\x9b\x29\xc9\x48\x4e\x8a\x01\x8f\xa9\xe0\x73\x04\x2d\xf8\x8e\x3c\x56"}, + {{0x8e,0xd7,0xa7,0x97,0xb9,0xce,0xa8,0xa8,0x37,0x0d,0x41,0x91,0x36,0xbc,0xdf,0x68,0x3b,0x75,0x9d,0x2e,0x3c,0x69,0x47,0xf1,0x7e,0x13,0xe2,0x48,0x5a,0xa9,0xd4,0x20,},{0xb4,0x9f,0x3a,0x78,0xb1,0xc6,0xa7,0xfc,0xa8,0xf3,0x46,0x6f,0x33,0xbc,0x0e,0x92,0x9f,0x01,0xfb,0xa0,0x43,0x06,0xc2,0xa7,0x46,0x5f,0x46,0xc3,0x75,0x93,0x16,0xd9,},{0x04,0x26,0x6c,0x03,0x3b,0x91,0xc1,0x32,0x2c,0xeb,0x34,0x46,0xc9,0x01,0xff,0xcf,0x3c,0xc4,0x0c,0x40,0x34,0xe8,0x87,0xc9,0x59,0x7c,0xa1,0x89,0x3b,0xa7,0x33,0x0b,0xec,0xbb,0xd8,0xb4,0x81,0x42,0xef,0x35,0xc0,0x12,0xc6,0xba,0x51,0xa6,0x6d,0xf9,0x30,0x8c,0xb6,0x26,0x8a,0xd6,0xb1,0xe4,0xb0,0x3e,0x70,0x10,0x24,0x95,0x79,0x0b,},32,"\xa7\x50\xc2\x32\x93\x3d\xc1\x4b\x11\x84\xd8\x6d\x8b\x4c\xe7\x2e\x16\xd6\x97\x44\xba\x69\x81\x8b\x6a\xc3\x3b\x1d\x82\x3b\xb2\xc3"}, + {{0xf2,0xab,0x39,0x6f,0xe8,0x90,0x6e,0x3e,0x56,0x33,0xe9,0x9c,0xab,0xcd,0x5b,0x09,0xdf,0x08,0x59,0xb5,0x16,0x23,0x0b,0x1e,0x04,0x50,0xb5,0x80,0xb6,0x5f,0x61,0x6c,},{0x8e,0xa0,0x74,0x24,0x51,0x59,0xa1,0x16,0xaa,0x71,0x22,0xa2,0x5e,0xc1,0x6b,0x89,0x1d,0x62,0x5a,0x68,0xf3,0x36,0x60,0x42,0x39,0x08,0xf6,0xbd,0xc4,0x4f,0x8c,0x1b,},{0xa0,0x6a,0x23,0xd9,0x82,0xd8,0x1a,0xb8,0x83,0xaa,0xe2,0x30,0xad,0xbc,0x36,0x8a,0x6a,0x99,0x77,0xf0,0x03,0xce,0xbb,0x00,0xd4,0xc2,0xe4,0x01,0x84,0x90,0x19,0x1a,0x84,0xd3,0xa2,0x82,0xfd,0xbf,0xb2,0xfc,0x88,0x04,0x6e,0x62,0xde,0x43,0xe1,0x5f,0xb5,0x75,0x33,0x6b,0x3c,0x8b,0x77,0xd1,0x9c,0xe6,0xa0,0x09,0xce,0x51,0xf5,0x0c,},33,"\x5a\x44\xe3\x4b\x74\x6c\x5f\xd1\x89\x8d\x55\x2a\xb3\x54\xd2\x8f\xb4\x71\x38\x56\xd7\x69\x7d\xd6\x3e\xb9\xbd\x6b\x99\xc2\x80\xe1\x87"}, + {{0x55,0x0a,0x41,0xc0,0x13,0xf7,0x9b,0xab,0x8f,0x06,0xe4,0x3a,0xd1,0x83,0x6d,0x51,0x31,0x27,0x36,0xa9,0x71,0x38,0x06,0xfa,0xfe,0x66,0x45,0x21,0x9e,0xaa,0x1f,0x9d,},{0xaf,0x6b,0x71,0x45,0x47,0x4d,0xc9,0x95,0x4b,0x9a,0xf9,0x3a,0x9c,0xdb,0x34,0x44,0x9d,0x5b,0x7c,0x65,0x1c,0x82,0x4d,0x24,0xe2,0x30,0xb9,0x00,0x33,0xce,0x59,0xc0,},{0x16,0xdc,0x1e,0x2b,0x9f,0xa9,0x09,0xee,0xfd,0xc2,0x77,0xba,0x16,0xeb,0xe2,0x07,0xb8,0xda,0x5e,0x91,0x14,0x3c,0xde,0x78,0xc5,0x04,0x7a,0x89,0xf6,0x81,0xc3,0x3c,0x4e,0x4e,0x34,0x28,0xd5,0xc9,0x28,0x09,0x59,0x03,0xa8,0x11,0xec,0x00,0x2d,0x52,0xa3,0x9e,0xd7,0xf8,0xb3,0xfe,0x19,0x27,0x20,0x0c,0x6d,0xd0,0xb9,0xab,0x3e,0x04,},34,"\x8b\xc4\x18\x5e\x50\xe5\x7d\x5f\x87\xf4\x75\x15\xfe\x2b\x18\x37\xd5\x85\xf0\xaa\xe9\xe1\xca\x38\x3b\x3e\xc9\x08\x88\x4b\xb9\x00\xff\x27"}, + {{0x19,0xac,0x3e,0x27,0x24,0x38,0xc7,0x2d,0xdf,0x7b,0x88,0x19,0x64,0x86,0x7c,0xb3,0xb3,0x1f,0xf4,0xc7,0x93,0xbb,0x7e,0xa1,0x54,0x61,0x3c,0x1d,0xb0,0x68,0xcb,0x7e,},{0xf8,0x5b,0x80,0xe0,0x50,0xa1,0xb9,0x62,0x0d,0xb1,0x38,0xbf,0xc9,0xe1,0x00,0x32,0x7e,0x25,0xc2,0x57,0xc5,0x92,0x17,0xb6,0x01,0xf1,0xf6,0xac,0x9a,0x41,0x3d,0x3f,},{0xea,0x85,0x5d,0x78,0x1c,0xbe,0xa4,0x68,0x2e,0x35,0x01,0x73,0xcb,0x89,0xe8,0x61,0x9c,0xcf,0xdd,0xb9,0x7c,0xdc,0xe1,0x6f,0x9a,0x2f,0x6f,0x68,0x92,0xf4,0x6d,0xbe,0x68,0xe0,0x4b,0x12,0xb8,0xd8,0x86,0x89,0xa7,0xa3,0x16,0x70,0xcd,0xff,0x40,0x9a,0xf9,0x8a,0x93,0xb4,0x9a,0x34,0x53,0x7b,0x6a,0xa0,0x09,0xd2,0xeb,0x8b,0x47,0x01,},35,"\x95\x87\x2d\x5f\x78\x9f\x95\x48\x4e\x30\xcb\xb0\xe1\x14\x02\x89\x53\xb1\x6f\x5c\x6a\x8d\x9f\x65\xc0\x03\xa8\x35\x43\xbe\xaa\x46\xb3\x86\x45"}, + {{0xca,0x26,0x7d,0xe9,0x6c,0x93,0xc2,0x38,0xfa,0xfb,0x12,0x79,0x81,0x20,0x59,0xab,0x93,0xac,0x03,0x05,0x96,0x57,0xfd,0x99,0x4f,0x8f,0xa5,0xa0,0x92,0x39,0xc8,0x21,},{0x01,0x73,0x70,0xc8,0x79,0x09,0x0a,0x81,0xc7,0xf2,0x72,0xc2,0xfc,0x80,0xe3,0xaa,0xc2,0xbc,0x60,0x3f,0xcb,0x37,0x9a,0xfc,0x98,0x69,0x11,0x60,0xab,0x74,0x5b,0x26,},{0xac,0x95,0x7f,0x82,0x33,0x5a,0xa7,0x14,0x1e,0x96,0xb5,0x9d,0x63,0xe3,0xcc,0xee,0x95,0xc3,0xa2,0xc4,0x7d,0x02,0x65,0x40,0xc2,0xaf,0x42,0xdc,0x95,0x33,0xd5,0xfd,0x81,0x82,0x7d,0x16,0x79,0xad,0x18,0x7a,0xea,0xf3,0x78,0x34,0x91,0x5e,0x75,0xb1,0x47,0xa9,0x28,0x68,0x06,0xc8,0x01,0x75,0x16,0xba,0x43,0xdd,0x05,0x1a,0x5e,0x0c,},36,"\xe0\x5f\x71\xe4\xe4\x9a\x72\xec\x55\x0c\x44\xa3\xb8\x5a\xca\x8f\x20\xff\x26\xc3\xee\x94\xa8\x0f\x1b\x43\x1c\x7d\x15\x4e\xc9\x60\x3e\xe0\x25\x31"}, + {{0x3d,0xff,0x5e,0x89,0x94,0x75,0xe7,0xe9,0x1d,0xd2,0x61,0x32,0x2f,0xab,0x09,0x98,0x0c,0x52,0x97,0x0d,0xe1,0xda,0x6e,0x2e,0x20,0x16,0x60,0xcc,0x4f,0xce,0x70,0x32,},{0xf3,0x01,0x62,0xba,0xc9,0x84,0x47,0xc4,0x04,0x2f,0xac,0x05,0xda,0x44,0x80,0x34,0x62,0x9b,0xe2,0xc6,0xa5,0x8d,0x30,0xdf,0xd5,0x78,0xba,0x9f,0xb5,0xe3,0x93,0x0b,},{0x5e,0xfe,0x7a,0x92,0xff,0x96,0x23,0x08,0x9b,0x3e,0x3b,0x78,0xf3,0x52,0x11,0x53,0x66,0xe2,0x6b,0xa3,0xfb,0x1a,0x41,0x62,0x09,0xbc,0x02,0x9e,0x9c,0xad,0xcc,0xd9,0xf4,0xaf,0xfa,0x33,0x35,0x55,0xa8,0xf3,0xa3,0x5a,0x9d,0x0f,0x7c,0x34,0xb2,0x92,0xca,0xe7,0x7e,0xc9,0x6f,0xa3,0xad,0xfc,0xaa,0xde,0xe2,0xd9,0xce,0xd8,0xf8,0x05,},37,"\x93\x8f\x0e\x77\x62\x1b\xf3\xea\x52\xc7\xc4\x91\x1c\x51\x57\xc2\xd8\xa2\xa8\x58\x09\x3e\xf1\x6a\xa9\xb1\x07\xe6\x9d\x98\x03\x7b\xa1\x39\xa3\xc3\x82"}, + {{0x9a,0x6b,0x84,0x78,0x64,0xe7,0x0c,0xfe,0x8b,0xa6,0xab,0x22,0xfa,0x0c,0xa3,0x08,0xc0,0xcc,0x8b,0xec,0x71,0x41,0xfb,0xca,0xa3,0xb8,0x1f,0x5d,0x1e,0x1c,0xfc,0xfc,},{0x34,0xad,0x0f,0xbd,0xb2,0x56,0x65,0x07,0xa8,0x1c,0x2b,0x1f,0x8a,0xa8,0xf5,0x3d,0xcc,0xaa,0x64,0xcc,0x87,0xad,0xa9,0x1b,0x90,0x3e,0x90,0x0d,0x07,0xee,0xe9,0x30,},{0x2a,0xb2,0x55,0x16,0x9c,0x48,0x9c,0x54,0xc7,0x32,0x23,0x2e,0x37,0xc8,0x73,0x49,0xd4,0x86,0xb1,0xeb,0xa2,0x05,0x09,0xdb,0xab,0xe7,0xfe,0xd3,0x29,0xef,0x08,0xfd,0x75,0xba,0x1c,0xd1,0x45,0xe6,0x7b,0x2e,0xa2,0x6c,0xb5,0xcc,0x51,0xca,0xb3,0x43,0xee,0xb0,0x85,0xfe,0x1f,0xd7,0xb0,0xec,0x4c,0x6a,0xfc,0xd9,0xb9,0x79,0xf9,0x05,},38,"\x83\x83\x67\x47\x11\x83\xc7\x1f\x7e\x71\x77\x24\xf8\x9d\x40\x1c\x3a\xd9\x86\x3f\xd9\xcc\x7a\xa3\xcf\x33\xd3\xc5\x29\x86\x0c\xb5\x81\xf3\x09\x3d\x87\xda"}, + {{0x57,0x5b,0xe0,0x7a,0xfc,0xa5,0xd0,0x63,0xc2,0x38,0xcd,0x9b,0x80,0x28,0x77,0x2c,0xc4,0x9c,0xda,0x34,0x47,0x14,0x32,0xa2,0xe1,0x66,0xe0,0x96,0xe2,0x21,0x9e,0xfc,},{0x94,0xe5,0xeb,0x4d,0x50,0x24,0xf4,0x9d,0x7e,0xbf,0x79,0x81,0x7c,0x8d,0xe1,0x14,0x97,0xdc,0x2b,0x55,0x62,0x2a,0x51,0xae,0x12,0x3f,0xfc,0x74,0x9d,0xbb,0x16,0xe0,},{0x58,0x27,0x1d,0x44,0x23,0x6f,0x3b,0x98,0xc5,0x8f,0xd7,0xae,0x0d,0x2f,0x49,0xef,0x2b,0x6e,0x3a,0xff,0xdb,0x22,0x5a,0xa3,0xba,0x55,0x5f,0x0e,0x11,0xcc,0x53,0xc2,0x3a,0xd1,0x9b,0xaf,0x24,0x34,0x65,0x90,0xd0,0x5d,0x7d,0x53,0x90,0x58,0x20,0x82,0xcf,0x94,0xd3,0x9c,0xad,0x65,0x30,0xab,0x93,0xd1,0x3e,0xfb,0x39,0x27,0x95,0x06,},39,"\x33\xe5\x91\x8b\x66\xd3\x3d\x55\xfe\x71\x7c\xa3\x43\x83\xea\xe7\x8f\x0a\xf8\x28\x89\xca\xf6\x69\x6e\x1a\xc9\xd9\x5d\x1f\xfb\x32\xcb\xa7\x55\xf9\xe3\x50\x3e"}, + {{0x15,0xff,0xb4,0x55,0x14,0xd4,0x34,0x44,0xd6,0x1f,0xcb,0x10,0x5e,0x30,0xe1,0x35,0xfd,0x26,0x85,0x23,0xdd,0xa2,0x0b,0x82,0x75,0x8b,0x17,0x94,0x23,0x11,0x04,0x41,},{0x17,0x72,0xc5,0xab,0xc2,0xd2,0x3f,0xd2,0xf9,0xd1,0xc3,0x25,0x7b,0xe7,0xbc,0x3c,0x1c,0xd7,0x9c,0xee,0x40,0x84,0x4b,0x74,0x9b,0x3a,0x77,0x43,0xd2,0xf9,0x64,0xb8,},{0x68,0x28,0xcd,0x76,0x24,0xe7,0x93,0xb8,0xa4,0xce,0xb9,0x6d,0x3c,0x2a,0x97,0x5b,0xf7,0x73,0xe5,0xff,0x66,0x45,0xf3,0x53,0x61,0x40,0x58,0x62,0x1e,0x58,0x83,0x52,0x89,0xe7,0xf3,0x1f,0x42,0xdf,0xe6,0xaf,0x6d,0x73,0x6f,0x26,0x44,0x51,0x1e,0x32,0x0c,0x0f,0xa6,0x98,0x58,0x2a,0x79,0x77,0x8d,0x18,0x73,0x0e,0xd3,0xe8,0xcb,0x08,},40,"\xda\x9c\x55\x59\xd0\xea\x51\xd2\x55\xb6\xbd\x9d\x76\x38\xb8\x76\x47\x2f\x94\x2b\x33\x0f\xc0\xe2\xb3\x0a\xea\x68\xd7\x73\x68\xfc\xe4\x94\x82\x72\x99\x1d\x25\x7e"}, + {{0xfe,0x05,0x68,0x64,0x29,0x43,0xb2,0xe1,0xaf,0xbf,0xd1,0xf1,0x0f,0xe8,0xdf,0x87,0xa4,0x23,0x6b,0xea,0x40,0xdc,0xe7,0x42,0x07,0x2c,0xb2,0x18,0x86,0xee,0xc1,0xfa,},{0x29,0x9e,0xbd,0x1f,0x13,0x17,0x7d,0xbd,0xb6,0x6a,0x91,0x2b,0xbf,0x71,0x20,0x38,0xfd,0xf7,0x3b,0x06,0xc3,0xac,0x02,0x0c,0x7b,0x19,0x12,0x67,0x55,0xd4,0x7f,0x61,},{0xd5,0x9e,0x6d,0xfc,0xc6,0xd7,0xe3,0xe2,0xc5,0x8d,0xec,0x81,0xe9,0x85,0xd2,0x45,0xe6,0x81,0xac,0xf6,0x59,0x4a,0x23,0xc5,0x92,0x14,0xf7,0xbe,0xd8,0x01,0x5d,0x81,0x3c,0x76,0x82,0xb6,0x0b,0x35,0x83,0x44,0x03,0x11,0xe7,0x2a,0x86,0x65,0xba,0x2c,0x96,0xde,0xc2,0x3c,0xe8,0x26,0xe1,0x60,0x12,0x7e,0x18,0x13,0x2b,0x03,0x04,0x04,},41,"\xc5\x9d\x08\x62\xec\x1c\x97\x46\xab\xcc\x3c\xf8\x3c\x9e\xeb\xa2\xc7\x08\x2a\x03\x6a\x8c\xb5\x7c\xe4\x87\xe7\x63\x49\x27\x96\xd4\x7e\x6e\x06\x3a\x0c\x1f\xec\xcc\x2d"}, + {{0x5e,0xcb,0x16,0xc2,0xdf,0x27,0xc8,0xcf,0x58,0xe4,0x36,0xa9,0xd3,0xaf,0xfb,0xd5,0x8e,0x95,0x38,0xa9,0x26,0x59,0xa0,0xf9,0x7c,0x4c,0x4f,0x99,0x46,0x35,0xa8,0xca,},{0xda,0x76,0x8b,0x20,0xc4,0x37,0xdd,0x3a,0xa5,0xf8,0x4b,0xb6,0xa0,0x77,0xff,0xa3,0x4a,0xb6,0x85,0x01,0xc5,0x35,0x2b,0x5c,0xc3,0xfd,0xce,0x7f,0xe6,0xc2,0x39,0x8d,},{0x1c,0x72,0x3a,0x20,0xc6,0x77,0x24,0x26,0xa6,0x70,0xe4,0xd5,0xc4,0xa9,0x7c,0x6e,0xbe,0x91,0x47,0xf7,0x1b,0xb0,0xa4,0x15,0x63,0x1e,0x44,0x40,0x6e,0x29,0x03,0x22,0xe4,0xca,0x97,0x7d,0x34,0x8f,0xe7,0x85,0x6a,0x8e,0xdc,0x23,0x5d,0x0f,0xe9,0x5f,0x7e,0xd9,0x1a,0xef,0xdd,0xf2,0x8a,0x77,0xe2,0xc7,0xdb,0xfd,0x8f,0x55,0x2f,0x0a,},42,"\x56\xf1\x32\x9d\x9a\x6b\xe2\x5a\x61\x59\xc7\x2f\x12\x68\x8d\xc8\x31\x4e\x85\xdd\x9e\x7e\x4d\xc0\x5b\xbe\xcb\x77\x29\xe0\x23\xc8\x6f\x8e\x09\x37\x35\x3f\x27\xc7\xed\xe9"}, + {{0xd5,0x99,0xd6,0x37,0xb3,0xc3,0x0a,0x82,0xa9,0x98,0x4e,0x2f,0x75,0x84,0x97,0xd1,0x44,0xde,0x6f,0x06,0xb9,0xfb,0xa0,0x4d,0xd4,0x0f,0xd9,0x49,0x03,0x9d,0x7c,0x84,},{0x67,0x91,0xd8,0xce,0x50,0xa4,0x46,0x89,0xfc,0x17,0x87,0x27,0xc5,0xc3,0xa1,0xc9,0x59,0xfb,0xee,0xd7,0x4e,0xf7,0xd8,0xe7,0xbd,0x3c,0x1a,0xb4,0xda,0x31,0xc5,0x1f,},{0xeb,0xf1,0x0d,0x9a,0xc7,0xc9,0x61,0x08,0x14,0x0e,0x7d,0xef,0x6f,0xe9,0x53,0x3d,0x72,0x76,0x46,0xff,0x5b,0x3a,0xf2,0x73,0xc1,0xdf,0x95,0x76,0x2a,0x66,0xf3,0x2b,0x65,0xa0,0x96,0x34,0xd0,0x13,0xf5,0x4b,0x5d,0xd6,0x01,0x1f,0x91,0xbc,0x33,0x6c,0xa8,0xb3,0x55,0xce,0x33,0xf8,0xcf,0xbe,0xc2,0x53,0x5a,0x4c,0x42,0x7f,0x82,0x05,},43,"\xa7\xc0\x4e\x8b\xa7\x5d\x0a\x03\xd8\xb1\x66\xad\x7a\x1d\x77\xe1\xb9\x1c\x7a\xaf\x7b\xef\xdd\x99\x31\x1f\xc3\xc5\x4a\x68\x4d\xdd\x97\x1d\x5b\x32\x11\xc3\xee\xaf\xf1\xe5\x4e"}, + {{0x30,0xab,0x82,0x32,0xfa,0x70,0x18,0xf0,0xce,0x6c,0x39,0xbd,0x8f,0x78,0x2f,0xe2,0xe1,0x59,0x75,0x8b,0xb0,0xf2,0xf4,0x38,0x6c,0x7f,0x28,0xcf,0xd2,0xc8,0x58,0x98,},{0xec,0xfb,0x6a,0x2b,0xd4,0x2f,0x31,0xb6,0x12,0x50,0xba,0x5d,0xe7,0xe4,0x6b,0x47,0x19,0xaf,0xdf,0xbc,0x66,0x0d,0xb7,0x1a,0x7b,0xd1,0xdf,0x7b,0x0a,0x3a,0xbe,0x37,},{0x9a,0xf8,0x85,0x34,0x4c,0xc7,0x23,0x94,0x98,0xf7,0x12,0xdf,0x80,0xbc,0x01,0xb8,0x06,0x38,0x29,0x1e,0xd4,0xa1,0xd2,0x8b,0xaa,0x55,0x45,0x01,0x7a,0x72,0xe2,0xf6,0x56,0x49,0xcc,0xf9,0x60,0x3d,0xa6,0xeb,0x5b,0xfa,0xb9,0xf5,0x54,0x3a,0x6c,0xa4,0xa7,0xaf,0x38,0x66,0x15,0x3c,0x76,0xbf,0x66,0xbf,0x95,0xde,0xf6,0x15,0xb0,0x0c,},44,"\x63\xb8\x0b\x79\x56\xac\xbe\xcf\x0c\x35\xe9\xab\x06\xb9\x14\xb0\xc7\x01\x4f\xe1\xa4\xbb\xc0\x21\x72\x40\xc1\xa3\x30\x95\xd7\x07\x95\x3e\xd7\x7b\x15\xd2\x11\xad\xaf\x9b\x97\xdc"}, + {{0x0d,0xdc,0xdc,0x87,0x2c,0x7b,0x74,0x8d,0x40,0xef,0xe9,0x6c,0x28,0x81,0xae,0x18,0x9d,0x87,0xf5,0x61,0x48,0xed,0x8a,0xf3,0xeb,0xbb,0xc8,0x03,0x24,0xe3,0x8b,0xdd,},{0x58,0x8d,0xda,0xdc,0xbc,0xed,0xf4,0x0d,0xf0,0xe9,0x69,0x7d,0x8b,0xb2,0x77,0xc7,0xbb,0x14,0x98,0xfa,0x1d,0x26,0xce,0x0a,0x83,0x5a,0x76,0x0b,0x92,0xca,0x7c,0x85,},{0xc1,0x79,0xc0,0x94,0x56,0xe2,0x35,0xfe,0x24,0x10,0x5a,0xfa,0x6e,0x8e,0xc0,0x46,0x37,0xf8,0xf9,0x43,0x81,0x7c,0xd0,0x98,0xba,0x95,0x38,0x7f,0x96,0x53,0xb2,0xad,0xd1,0x81,0xa3,0x14,0x47,0xd9,0x2d,0x1a,0x1d,0xdf,0x1c,0xeb,0x0d,0xb6,0x21,0x18,0xde,0x9d,0xff,0xb7,0xdc,0xd2,0x42,0x40,0x57,0xcb,0xdf,0xf5,0xd4,0x1d,0x04,0x03,},45,"\x65\x64\x1c\xd4\x02\xad\xd8\xbf\x3d\x1d\x67\xdb\xeb\x6d\x41\xde\xbf\xbe\xf6\x7e\x43\x17\xc3\x5b\x0a\x6d\x5b\xbb\xae\x0e\x03\x4d\xe7\xd6\x70\xba\x14\x13\xd0\x56\xf2\xd6\xf1\xde\x12"}, + {{0x89,0xf0,0xd6,0x82,0x99,0xba,0x0a,0x5a,0x83,0xf2,0x48,0xae,0x0c,0x16,0x9f,0x8e,0x38,0x49,0xa9,0xb4,0x7b,0xd4,0x54,0x98,0x84,0x30,0x5c,0x99,0x12,0xb4,0x66,0x03,},{0xab,0xa3,0xe7,0x95,0xaa,0xb2,0x01,0x2a,0xcc,0xea,0xdd,0x7b,0x3b,0xd9,0xda,0xee,0xed,0x6f,0xf5,0x25,0x8b,0xdc,0xd7,0xc9,0x36,0x99,0xc2,0xa3,0x83,0x6e,0x38,0x32,},{0x2c,0x69,0x1f,0xa8,0xd4,0x87,0xce,0x20,0xd5,0xd2,0xfa,0x41,0x55,0x91,0x16,0xe0,0xbb,0xf4,0x39,0x7c,0xf5,0x24,0x0e,0x15,0x25,0x56,0x18,0x35,0x41,0xd6,0x6c,0xf7,0x53,0x58,0x24,0x01,0xa4,0x38,0x8d,0x39,0x03,0x39,0xdb,0xef,0x4d,0x38,0x47,0x43,0xca,0xa3,0x46,0xf5,0x5f,0x8d,0xab,0xa6,0x8b,0xa7,0xb9,0x13,0x1a,0x8a,0x6e,0x0b,},46,"\x4f\x18\x46\xdd\x7a\xd5\x0e\x54\x5d\x4c\xfb\xff\xbb\x1d\xc2\xff\x14\x5d\xc1\x23\x75\x4d\x08\xaf\x4e\x44\xec\xc0\xbc\x8c\x91\x41\x13\x88\xbc\x76\x53\xe2\xd8\x93\xd1\xea\xc2\x10\x7d\x05"}, + {{0x0a,0x3c,0x18,0x44,0xe2,0xdb,0x07,0x0f,0xb2,0x4e,0x3c,0x95,0xcb,0x1c,0xc6,0x71,0x4e,0xf8,0x4e,0x2c,0xcd,0x2b,0x9d,0xd2,0xf1,0x46,0x0e,0xbf,0x7e,0xcf,0x13,0xb1,},{0x72,0xe4,0x09,0x93,0x7e,0x06,0x10,0xeb,0x5c,0x20,0xb3,0x26,0xdc,0x6e,0xa1,0xbb,0xbc,0x04,0x06,0x70,0x1c,0x5c,0xd6,0x7d,0x1f,0xbd,0xe0,0x91,0x92,0xb0,0x7c,0x01,},{0x87,0xf7,0xfd,0xf4,0x60,0x95,0x20,0x1e,0x87,0x7a,0x58,0x8f,0xe3,0xe5,0xaa,0xf4,0x76,0xbd,0x63,0x13,0x8d,0x8a,0x87,0x8b,0x89,0xd6,0xac,0x60,0x63,0x1b,0x34,0x58,0xb9,0xd4,0x1a,0x3c,0x61,0xa5,0x88,0xe1,0xdb,0x8d,0x29,0xa5,0x96,0x89,0x81,0xb0,0x18,0x77,0x6c,0x58,0x87,0x80,0x92,0x2f,0x5a,0xa7,0x32,0xba,0x63,0x79,0xdd,0x05,},47,"\x4c\x82\x74\xd0\xed\x1f\x74\xe2\xc8\x6c\x08\xd9\x55\xbd\xe5\x5b\x2d\x54\x32\x7e\x82\x06\x2a\x1f\x71\xf7\x0d\x53\x6f\xdc\x87\x22\xcd\xea\xd7\xd2\x2a\xae\xad\x2b\xfa\xa1\xad\x00\xb8\x29\x57"}, + {{0xc8,0xd7,0xa8,0x81,0x8b,0x98,0xdf,0xdb,0x20,0x83,0x9c,0x87,0x1c,0xb5,0xc4,0x8e,0x9e,0x94,0x70,0xca,0x3a,0xd3,0x5b,0xa2,0x61,0x3a,0x5d,0x31,0x99,0xc8,0xab,0x23,},{0x90,0xd2,0xef,0xbb,0xa4,0xd4,0x3e,0x6b,0x2b,0x99,0x2c,0xa1,0x60,0x83,0xdb,0xcf,0xa2,0xb3,0x22,0x38,0x39,0x07,0xb0,0xee,0x75,0xf3,0xe9,0x58,0x45,0xd3,0xc4,0x7f,},{0xfa,0x2e,0x99,0x44,0x21,0xae,0xf1,0xd5,0x85,0x66,0x74,0x81,0x3d,0x05,0xcb,0xd2,0xcf,0x84,0xef,0x5e,0xb4,0x24,0xaf,0x6e,0xcd,0x0d,0xc6,0xfd,0xbd,0xc2,0xfe,0x60,0x5f,0xe9,0x85,0x88,0x33,0x12,0xec,0xf3,0x4f,0x59,0xbf,0xb2,0xf1,0xc9,0x14,0x9e,0x5b,0x9c,0xc9,0xec,0xda,0x05,0xb2,0x73,0x11,0x30,0xf3,0xed,0x28,0xdd,0xae,0x0b,},48,"\x78\x3e\x33\xc3\xac\xbd\xbb\x36\xe8\x19\xf5\x44\xa7\x78\x1d\x83\xfc\x28\x3d\x33\x09\xf5\xd3\xd1\x2c\x8d\xcd\x6b\x0b\x3d\x0e\x89\xe3\x8c\xfd\x3b\x4d\x08\x85\x66\x1c\xa5\x47\xfb\x97\x64\xab\xff"}, + {{0xb4,0x82,0x70,0x36,0x12,0xd0,0xc5,0x86,0xf7,0x6c,0xfc,0xb2,0x1c,0xfd,0x21,0x03,0xc9,0x57,0x25,0x15,0x04,0xa8,0xc0,0xac,0x4c,0x86,0xc9,0xc6,0xf3,0xe4,0x29,0xff,},{0xfd,0x71,0x1d,0xc7,0xdd,0x3b,0x1d,0xfb,0x9d,0xf9,0x70,0x4b,0xe3,0xe6,0xb2,0x6f,0x58,0x7f,0xe7,0xdd,0x7b,0xa4,0x56,0xa9,0x1b,0xa4,0x3f,0xe5,0x1a,0xec,0x09,0xad,},{0x58,0x83,0x2b,0xde,0xb2,0x6f,0xea,0xfc,0x31,0xb4,0x62,0x77,0xcf,0x3f,0xb5,0xd7,0xa1,0x7d,0xfb,0x7c,0xcd,0x9b,0x1f,0x58,0xec,0xbe,0x6f,0xeb,0x97,0x96,0x66,0x82,0x8f,0x23,0x9b,0xa4,0xd7,0x52,0x19,0x26,0x0e,0xca,0xc0,0xac,0xf4,0x0f,0x0e,0x5e,0x25,0x90,0xf4,0xca,0xa1,0x6b,0xbb,0xcd,0x8a,0x15,0x5d,0x34,0x79,0x67,0xa6,0x07,},49,"\x29\xd7\x7a\xcf\xd9\x9c\x7a\x00\x70\xa8\x8f\xeb\x62\x47\xa2\xbc\xe9\x98\x4f\xe3\xe6\xfb\xf1\x9d\x40\x45\x04\x2a\x21\xab\x26\xcb\xd7\x71\xe1\x84\xa9\xa7\x5f\x31\x6b\x64\x8c\x69\x20\xdb\x92\xb8\x7b"}, + {{0x84,0xe5,0x0d,0xd9,0xa0,0xf1,0x97,0xe3,0x89,0x3c,0x38,0xdb,0xd9,0x1f,0xaf,0xc3,0x44,0xc1,0x77,0x6d,0x3a,0x40,0x0e,0x2f,0x0f,0x0e,0xe7,0xaa,0x82,0x9e,0xb8,0xa2,},{0x2c,0x50,0xf8,0x70,0xee,0x48,0xb3,0x6b,0x0a,0xc2,0xf8,0xa5,0xf3,0x36,0xfb,0x09,0x0b,0x11,0x30,0x50,0xdb,0xcc,0x25,0xe0,0x78,0x20,0x0a,0x6e,0x16,0x15,0x3e,0xea,},{0x69,0xe6,0xa4,0x49,0x1a,0x63,0x83,0x73,0x16,0xe8,0x6a,0x5f,0x4b,0xa7,0xcd,0x0d,0x73,0x1e,0xcc,0x58,0xf1,0xd0,0xa2,0x64,0xc6,0x7c,0x89,0xbe,0xfd,0xd8,0xd3,0x82,0x9d,0x8d,0xe1,0x3b,0x33,0xcc,0x0b,0xf5,0x13,0x93,0x17,0x15,0xc7,0x80,0x96,0x57,0xe2,0xbf,0xb9,0x60,0xe5,0xc7,0x64,0xc9,0x71,0xd7,0x33,0x74,0x60,0x93,0xe5,0x00,},50,"\xf3\x99\x2c\xde\x64\x93\xe6\x71\xf1\xe1\x29\xdd\xca\x80\x38\xb0\xab\xdb\x77\xbb\x90\x35\xf9\xf8\xbe\x54\xbd\x5d\x68\xc1\xae\xff\x72\x4f\xf4\x7d\x29\x34\x43\x91\xdc\x53\x61\x66\xb8\x67\x1c\xbb\xf1\x23"}, + {{0xb3,0x22,0xd4,0x65,0x77,0xa2,0xa9,0x91,0xa4,0xd1,0x69,0x82,0x87,0x83,0x2a,0x39,0xc4,0x87,0xef,0x77,0x6b,0x4b,0xff,0x03,0x7a,0x05,0xc7,0xf1,0x81,0x2b,0xde,0xec,},{0xeb,0x2b,0xca,0xdf,0xd3,0xee,0xc2,0x98,0x6b,0xaf,0xf3,0x2b,0x98,0xe7,0xc4,0xdb,0xf0,0x3f,0xf9,0x5d,0x8a,0xd5,0xff,0x9a,0xa9,0x50,0x6e,0x54,0x72,0xff,0x84,0x5f,},{0xc7,0xb5,0x51,0x37,0x31,0x7c,0xa2,0x1e,0x33,0x48,0x9f,0xf6,0xa9,0xbf,0xab,0x97,0xc8,0x55,0xdc,0x6f,0x85,0x68,0x4a,0x70,0xa9,0x12,0x5a,0x26,0x1b,0x56,0xd5,0xe6,0xf1,0x49,0xc5,0x77,0x4d,0x73,0x4f,0x2d,0x8d,0xeb,0xfc,0x77,0xb7,0x21,0x89,0x6a,0x82,0x67,0xc2,0x37,0x68,0xe9,0xba,0xdb,0x91,0x0e,0xef,0x83,0xec,0x25,0x88,0x02,},51,"\x19\xf1\xbf\x5d\xcf\x17\x50\xc6\x11\xf1\xc4\xa2\x86\x52\x00\x50\x4d\x82\x29\x8e\xdd\x72\x67\x1f\x62\xa7\xb1\x47\x1a\xc3\xd4\xa3\x0f\x7d\xe9\xe5\xda\x41\x08\xc5\x2a\x4c\xe7\x0a\x3e\x11\x4a\x52\xa3\xb3\xc5"}, + {{0x96,0x0c,0xab,0x50,0x34,0xb9,0x83,0x8d,0x09,0x8d,0x2d,0xcb,0xf4,0x36,0x4b,0xec,0x16,0xd3,0x88,0xf6,0x37,0x6d,0x73,0xa6,0x27,0x3b,0x70,0xf8,0x2b,0xbc,0x98,0xc0,},{0x5e,0x3c,0x19,0xf2,0x41,0x5a,0xcf,0x72,0x9f,0x82,0x9a,0x4e,0xbd,0x5c,0x40,0xe1,0xa6,0xbc,0x9f,0xbc,0xa9,0x57,0x03,0xa9,0x37,0x60,0x87,0xed,0x09,0x37,0xe5,0x1a,},{0x27,0xd4,0xc3,0xa1,0x81,0x1e,0xf9,0xd4,0x36,0x0b,0x3b,0xdd,0x13,0x3c,0x2c,0xcc,0x30,0xd0,0x2c,0x2f,0x24,0x82,0x15,0x77,0x6c,0xb0,0x7e,0xe4,0x17,0x7f,0x9b,0x13,0xfc,0x42,0xdd,0x70,0xa6,0xc2,0xfe,0xd8,0xf2,0x25,0xc7,0x66,0x3c,0x7f,0x18,0x2e,0x7e,0xe8,0xec,0xcf,0xf2,0x0d,0xc7,0xb0,0xe1,0xd5,0x83,0x4e,0xc5,0xb1,0xea,0x01,},52,"\xf8\xb2\x19\x62\x44\x7b\x0a\x8f\x2e\x42\x79\xde\x41\x1b\xea\x12\x8e\x0b\xe4\x4b\x69\x15\xe6\xcd\xa8\x83\x41\xa6\x8a\x0d\x81\x83\x57\xdb\x93\x8e\xac\x73\xe0\xaf\x6d\x31\x20\x6b\x39\x48\xf8\xc4\x8a\x44\x73\x08"}, + {{0xeb,0x77,0xb2,0x63,0x8f,0x23,0xee,0xbc,0x82,0xef,0xe4,0x5e,0xe9,0xe5,0xa0,0x32,0x66,0x37,0x40,0x1e,0x66,0x3e,0xd0,0x29,0x69,0x9b,0x21,0xe6,0x44,0x3f,0xb4,0x8e,},{0x9e,0xf2,0x76,0x08,0x96,0x1a,0xc7,0x11,0xde,0x71,0xa6,0xe2,0xd4,0xd4,0x66,0x3e,0xa3,0xec,0xd4,0x2f,0xb7,0xe4,0xe8,0x62,0x7c,0x39,0x62,0x2d,0xf4,0xaf,0x0b,0xbc,},{0x18,0xdc,0x56,0xd7,0xbd,0x9a,0xcd,0x4f,0x4d,0xaa,0x78,0x54,0x0b,0x4a,0xc8,0xff,0x7a,0xa9,0x81,0x5f,0x45,0xa0,0xbb,0xa3,0x70,0x73,0x1a,0x14,0xea,0xab,0xe9,0x6d,0xf8,0xb5,0xf3,0x7d,0xbf,0x8e,0xae,0x4c,0xb1,0x5a,0x64,0xb2,0x44,0x65,0x1e,0x59,0xd6,0xa3,0xd6,0x76,0x1d,0x9e,0x3c,0x50,0xf2,0xd0,0xcb,0xb0,0x9c,0x05,0xec,0x06,},53,"\x99\xe3\xd0\x09\x34\x00\x3e\xba\xfc\x3e\x9f\xdb\x68\x7b\x0f\x5f\xf9\xd5\x78\x2a\x4b\x1f\x56\xb9\x70\x00\x46\xc0\x77\x91\x56\x02\xc3\x13\x4e\x22\xfc\x90\xed\x7e\x69\x0f\xdd\xd4\x43\x3e\x20\x34\xdc\xb2\xdc\x99\xab"}, + {{0xb6,0x25,0xaa,0x89,0xd3,0xf7,0x30,0x87,0x15,0x42,0x7b,0x6c,0x39,0xbb,0xac,0x58,0xef,0xfd,0x3a,0x0f,0xb7,0x31,0x6f,0x7a,0x22,0xb9,0x9e,0xe5,0x92,0x2f,0x2d,0xc9,},{0x65,0xa9,0x9c,0x3e,0x16,0xfe,0xa8,0x94,0xec,0x33,0xc6,0xb2,0x0d,0x91,0x05,0xe2,0xa0,0x4e,0x27,0x64,0xa4,0x76,0x9d,0x9b,0xbd,0x4d,0x8b,0xac,0xfe,0xab,0x4a,0x2e,},{0x01,0xbb,0x90,0x1d,0x83,0xb8,0xb6,0x82,0xd3,0x61,0x4a,0xf4,0x6a,0x80,0x7b,0xa2,0x69,0x13,0x58,0xfe,0xb7,0x75,0x32,0x5d,0x34,0x23,0xf5,0x49,0xff,0x0a,0xa5,0x75,0x7e,0x4e,0x1a,0x74,0xe9,0xc7,0x0f,0x97,0x21,0xd8,0xf3,0x54,0xb3,0x19,0xd4,0xf4,0xa1,0xd9,0x14,0x45,0xc8,0x70,0xfd,0x0f,0xfb,0x94,0xfe,0xd6,0x46,0x64,0x73,0x0d,},54,"\xe0\x72\x41\xdb\xd3\xad\xbe\x61\x0b\xbe\x4d\x00\x5d\xd4\x67\x32\xa4\xc2\x50\x86\xec\xb8\xec\x29\xcd\x7b\xca\x11\x6e\x1b\xf9\xf5\x3b\xfb\xf3\xe1\x1f\xa4\x90\x18\xd3\x9f\xf1\x15\x4a\x06\x66\x8e\xf7\xdf\x5c\x67\x8e\x6a"}, + {{0xb1,0xc9,0xf8,0xbd,0x03,0xfe,0x82,0xe7,0x8f,0x5c,0x0f,0xb0,0x64,0x50,0xf2,0x7d,0xac,0xdf,0x71,0x64,0x34,0xdb,0x26,0x82,0x75,0xdf,0x3e,0x1d,0xc1,0x77,0xaf,0x42,},{0x7f,0xc8,0x8b,0x1f,0x7b,0x3f,0x11,0xc6,0x29,0xbe,0x67,0x1c,0x21,0x62,0x1f,0x5c,0x10,0x67,0x2f,0xaf,0xc8,0x49,0x2d,0xa8,0x85,0x74,0x20,0x59,0xee,0x67,0x74,0xcf,},{0x4b,0x22,0x99,0x51,0xef,0x26,0x2f,0x16,0x97,0x8f,0x79,0x14,0xbc,0x67,0x2e,0x72,0x26,0xc5,0xf8,0x37,0x9d,0x27,0x78,0xc5,0xa2,0xdc,0x0a,0x26,0x50,0x86,0x9f,0x7a,0xcf,0xbd,0x0b,0xcd,0x30,0xfd,0xb0,0x61,0x9b,0xb4,0x4f,0xc1,0xae,0x59,0x39,0xb8,0x7c,0xc3,0x18,0x13,0x30,0x09,0xc2,0x03,0x95,0xb6,0xc7,0xeb,0x98,0x10,0x77,0x01,},55,"\x33\x1d\xa7\xa9\xc1\xf8\x7b\x2a\xc9\x1e\xe3\xb8\x6d\x06\xc2\x91\x63\xc0\x5e\xd6\xf8\xd8\xa9\x72\x5b\x47\x1b\x7d\xb0\xd6\xac\xec\x7f\x0f\x70\x24\x87\x16\x3f\x5e\xda\x02\x0c\xa5\xb4\x93\xf3\x99\xe1\xc8\xd3\x08\xc3\xc0\xc2"}, + {{0x6d,0x8c,0xdb,0x2e,0x07,0x5f,0x3a,0x2f,0x86,0x13,0x72,0x14,0xcb,0x23,0x6c,0xeb,0x89,0xa6,0x72,0x8b,0xb4,0xa2,0x00,0x80,0x6b,0xf3,0x55,0x7f,0xb7,0x8f,0xac,0x69,},{0x57,0xa0,0x4c,0x7a,0x51,0x13,0xcd,0xdf,0xe4,0x9a,0x4c,0x12,0x46,0x91,0xd4,0x6c,0x1f,0x9c,0xdc,0x8f,0x34,0x3f,0x9d,0xcb,0x72,0xa1,0x33,0x0a,0xec,0xa7,0x1f,0xda,},{0xa6,0xcb,0xc9,0x47,0xf9,0xc8,0x7d,0x14,0x55,0xcf,0x1a,0x70,0x85,0x28,0xc0,0x90,0xf1,0x1e,0xce,0xe4,0x85,0x5d,0x1d,0xba,0xad,0xf4,0x74,0x54,0xa4,0xde,0x55,0xfa,0x4c,0xe8,0x4b,0x36,0xd7,0x3a,0x5b,0x5f,0x8f,0x59,0x29,0x8c,0xcf,0x21,0x99,0x2d,0xf4,0x92,0xef,0x34,0x16,0x3d,0x87,0x75,0x3b,0x7e,0x9d,0x32,0xf2,0xc3,0x66,0x0b,},56,"\x7f\x31\x8d\xbd\x12\x1c\x08\xbf\xdd\xfe\xff\x4f\x6a\xff\x4e\x45\x79\x32\x51\xf8\xab\xf6\x58\x40\x33\x58\x23\x89\x84\x36\x00\x54\xf2\xa8\x62\xc5\xbb\x83\xed\x89\x02\x5d\x20\x14\xa7\xa0\xce\xe5\x0d\xa3\xcb\x0e\x76\xbb\xb6\xbf"}, + {{0x47,0xad,0xc6,0xd6,0xbf,0x57,0x1e,0xe9,0x57,0x0c,0xa0,0xf7,0x5b,0x60,0x4a,0xc4,0x3e,0x30,0x3e,0x4a,0xb3,0x39,0xca,0x9b,0x53,0xca,0xcc,0x5b,0xe4,0x5b,0x2c,0xcb,},{0xa3,0xf5,0x27,0xa1,0xc1,0xf1,0x7d,0xfe,0xed,0x92,0x27,0x73,0x47,0xc9,0xf9,0x8a,0xb4,0x75,0xde,0x17,0x55,0xb0,0xab,0x54,0x6b,0x8a,0x15,0xd0,0x1b,0x9b,0xd0,0xbe,},{0x4e,0x8c,0x31,0x83,0x43,0xc3,0x06,0xad,0xbb,0xa6,0x0c,0x92,0xb7,0x5c,0xb0,0x56,0x9b,0x92,0x19,0xd8,0xa8,0x6e,0x5d,0x57,0x75,0x2e,0xd2,0x35,0xfc,0x10,0x9a,0x43,0xc2,0xcf,0x4e,0x94,0x2c,0xac,0xf2,0x97,0x27,0x9f,0xbb,0x28,0x67,0x53,0x47,0xe0,0x80,0x27,0x72,0x2a,0x4e,0xb7,0x39,0x5e,0x00,0xa1,0x74,0x95,0xd3,0x2e,0xdf,0x0b,},57,"\xce\x49\x7c\x5f\xf5\xa7\x79\x90\xb7\xd8\xf8\x69\x9e\xb1\xf5\xd8\xc0\x58\x2f\x70\xcb\x7a\xc5\xc5\x4d\x9d\x92\x49\x13\x27\x8b\xc6\x54\xd3\x7e\xa2\x27\x59\x0e\x15\x20\x22\x17\xfc\x98\xda\xc4\xc0\xf3\xbe\x21\x83\xd1\x33\x31\x57\x39"}, + {{0x3c,0x19,0xb5,0x0b,0x0f,0xe4,0x79,0x61,0x71,0x9c,0x38,0x1d,0x0d,0x8d,0xa9,0xb9,0x86,0x9d,0x31,0x2f,0x13,0xe3,0x29,0x8b,0x97,0xfb,0x22,0xf0,0xaf,0x29,0xcb,0xbe,},{0x0f,0x7e,0xda,0x09,0x14,0x99,0x62,0x5e,0x2b,0xae,0x85,0x36,0xea,0x35,0xcd,0xa5,0x48,0x3b,0xd1,0x6a,0x9c,0x7e,0x41,0x6b,0x34,0x1d,0x6f,0x2c,0x83,0x34,0x36,0x12,},{0xef,0xbd,0x41,0xf2,0x6a,0x5d,0x62,0x68,0x55,0x16,0xf8,0x82,0xb6,0xec,0x74,0xe0,0xd5,0xa7,0x18,0x30,0xd2,0x03,0xc2,0x31,0x24,0x8f,0x26,0xe9,0x9a,0x9c,0x65,0x78,0xec,0x90,0x0d,0x68,0xcd,0xb8,0xfa,0x72,0x16,0xad,0x0d,0x24,0xf9,0xec,0xbc,0x9f,0xfa,0x65,0x53,0x51,0x66,0x65,0x82,0xf6,0x26,0x64,0x53,0x95,0xa3,0x1f,0xa7,0x04,},58,"\x8d\xdc\xd6\x30\x43\xf5\x5e\xc3\xbf\xc8\x3d\xce\xae\x69\xd8\xf8\xb3\x2f\x4c\xdb\x6e\x2a\xeb\xd9\x4b\x43\x14\xf8\xfe\x72\x87\xdc\xb6\x27\x32\xc9\x05\x2e\x75\x57\xfe\x63\x53\x43\x38\xef\xb5\xb6\x25\x4c\x5d\x41\xd2\x69\x0c\xf5\x14\x4f"}, + {{0x34,0xe1,0xe9,0xd5,0x39,0x10,0x7e,0xb8,0x6b,0x39,0x3a,0x5c,0xce,0xa1,0x49,0x6d,0x35,0xbc,0x7d,0x5e,0x9a,0x8c,0x51,0x59,0xd9,0x57,0xe4,0xe5,0x85,0x2b,0x3e,0xb0,},{0x0e,0xcb,0x26,0x01,0xd5,0xf7,0x04,0x74,0x28,0xe9,0xf9,0x09,0x88,0x3a,0x12,0x42,0x00,0x85,0xf0,0x4e,0xe2,0xa8,0x8b,0x6d,0x95,0xd3,0xd7,0xf2,0xc9,0x32,0xbd,0x76,},{0x32,0xd2,0x29,0x04,0xd3,0xe7,0x01,0x2d,0x6f,0x5a,0x44,0x1b,0x0b,0x42,0x28,0x06,0x4a,0x5c,0xf9,0x5b,0x72,0x3a,0x66,0xb0,0x48,0xa0,0x87,0xec,0xd5,0x59,0x20,0xc3,0x1c,0x20,0x4c,0x3f,0x20,0x06,0x89,0x1a,0x85,0xdd,0x19,0x32,0xe3,0xf1,0xd6,0x14,0xcf,0xd6,0x33,0xb5,0xe6,0x32,0x91,0xc6,0xd8,0x16,0x6f,0x30,0x11,0x43,0x1e,0x09,},59,"\xa6\xd4\xd0\x54\x2c\xfe\x0d\x24\x0a\x90\x50\x7d\xeb\xac\xab\xce\x7c\xbb\xd4\x87\x32\x35\x3f\x4f\xad\x82\xc7\xbb\x7d\xbd\x9d\xf8\xe7\xd9\xa1\x69\x80\xa4\x51\x86\xd8\x78\x6c\x5e\xf6\x54\x45\xbc\xc5\xb2\xad\x5f\x66\x0f\xfc\x7c\x8e\xaa\xc0"}, + {{0x49,0xdd,0x47,0x3e,0xde,0x6a,0xa3,0xc8,0x66,0x82,0x4a,0x40,0xad,0xa4,0x99,0x6c,0x23,0x9a,0x20,0xd8,0x4c,0x93,0x65,0xe4,0xf0,0xa4,0x55,0x4f,0x80,0x31,0xb9,0xcf,},{0x78,0x8d,0xe5,0x40,0x54,0x4d,0x3f,0xeb,0x0c,0x91,0x92,0x40,0xb3,0x90,0x72,0x9b,0xe4,0x87,0xe9,0x4b,0x64,0xad,0x97,0x3e,0xb6,0x5b,0x46,0x69,0xec,0xf2,0x35,0x01,},{0xd2,0xfd,0xe0,0x27,0x91,0xe7,0x20,0x85,0x25,0x07,0xfa,0xa7,0xc3,0x78,0x90,0x40,0xd9,0xef,0x86,0x64,0x63,0x21,0xf3,0x13,0xac,0x55,0x7f,0x40,0x02,0x49,0x15,0x42,0xdd,0x67,0xd0,0x5c,0x69,0x90,0xcd,0xb0,0xd4,0x95,0x50,0x1f,0xbc,0x5d,0x51,0x88,0xbf,0xbb,0x84,0xdc,0x1b,0xf6,0x09,0x8b,0xee,0x06,0x03,0xa4,0x7f,0xc2,0x69,0x0f,},60,"\x3a\x53\x59\x4f\x3f\xba\x03\x02\x93\x18\xf5\x12\xb0\x84\xa0\x71\xeb\xd6\x0b\xae\xc7\xf5\x5b\x02\x8d\xc7\x3b\xfc\x9c\x74\xe0\xca\x49\x6b\xf8\x19\xdd\x92\xab\x61\xcd\x8b\x74\xbe\x3c\x0d\x6d\xcd\x12\x8e\xfc\x5e\xd3\x34\x2c\xba\x12\x4f\x72\x6c"}, + {{0x33,0x1c,0x64,0xda,0x48,0x2b,0x6b,0x55,0x13,0x73,0xc3,0x64,0x81,0xa0,0x2d,0x81,0x36,0xec,0xad,0xbb,0x01,0xab,0x11,0x4b,0x44,0x70,0xbf,0x41,0x60,0x7a,0xc5,0x71,},{0x52,0xa0,0x0d,0x96,0xa3,0x14,0x8b,0x47,0x26,0x69,0x2d,0x9e,0xff,0x89,0x16,0x0e,0xa9,0xf9,0x9a,0x5c,0xc4,0x38,0x9f,0x36,0x1f,0xed,0x0b,0xb1,0x6a,0x42,0xd5,0x21,},{0x22,0xc9,0x9a,0xa9,0x46,0xea,0xd3,0x9a,0xc7,0x99,0x75,0x62,0x81,0x0c,0x01,0xc2,0x0b,0x46,0xbd,0x61,0x06,0x45,0xbd,0x2d,0x56,0xdc,0xdc,0xba,0xac,0xc5,0x45,0x2c,0x74,0xfb,0xf4,0xb8,0xb1,0x81,0x3b,0x0e,0x94,0xc3,0x0d,0x80,0x8c,0xe5,0x49,0x8e,0x61,0xd4,0xf7,0xcc,0xbb,0x4c,0xc5,0xf0,0x4d,0xfc,0x61,0x40,0x82,0x5a,0x96,0x00,},61,"\x20\xe1\xd0\x5a\x0d\x5b\x32\xcc\x81\x50\xb8\x11\x6c\xef\x39\x65\x9d\xd5\xfb\x44\x3a\xb1\x56\x00\xf7\x8e\x5b\x49\xc4\x53\x26\xd9\x32\x3f\x28\x50\xa6\x3c\x38\x08\x85\x94\x95\xae\x27\x3f\x58\xa5\x1e\x9d\xe9\xa1\x45\xd7\x74\xb4\x0b\xa9\xd7\x53\xd3"}, + {{0x5c,0x0b,0x96,0xf2,0xaf,0x87,0x12,0x12,0x2c,0xf7,0x43,0xc8,0xf8,0xdc,0x77,0xb6,0xcd,0x55,0x70,0xa7,0xde,0x13,0x29,0x7b,0xb3,0xdd,0xe1,0x88,0x62,0x13,0xcc,0xe2,},{0x05,0x10,0xea,0xf5,0x7d,0x73,0x01,0xb0,0xe1,0xd5,0x27,0x03,0x9b,0xf4,0xc6,0xe2,0x92,0x30,0x0a,0x3a,0x61,0xb4,0x76,0x54,0x34,0xf3,0x20,0x3c,0x10,0x03,0x51,0xb1,},{0x06,0xe5,0xd8,0x43,0x6a,0xc7,0x70,0x5b,0x3a,0x90,0xf1,0x63,0x1c,0xdd,0x38,0xec,0x1a,0x3f,0xa4,0x97,0x78,0xa9,0xb9,0xf2,0xfa,0x5e,0xbe,0xa4,0xe7,0xd5,0x60,0xad,0xa7,0xdd,0x26,0xff,0x42,0xfa,0xfa,0x8b,0xa4,0x20,0x32,0x37,0x42,0x76,0x1a,0xca,0x69,0x04,0x94,0x0d,0xc2,0x1b,0xbe,0xf6,0x3f,0xf7,0x2d,0xaa,0xb4,0x5d,0x43,0x0b,},62,"\x54\xe0\xca\xa8\xe6\x39\x19\xca\x61\x4b\x2b\xfd\x30\x8c\xcf\xe5\x0c\x9e\xa8\x88\xe1\xee\x44\x46\xd6\x82\xcb\x50\x34\x62\x7f\x97\xb0\x53\x92\xc0\x4e\x83\x55\x56\xc3\x1c\x52\x81\x6a\x48\xe4\xfb\x19\x66\x93\x20\x6b\x8a\xfb\x44\x08\x66\x2b\x3c\xb5\x75"}, + {{0xde,0x84,0xf2,0x43,0x5f,0x78,0xde,0xdb,0x87,0xda,0x18,0x19,0x4f,0xf6,0xa3,0x36,0xf0,0x81,0x11,0x15,0x0d,0xef,0x90,0x1c,0x1a,0xc4,0x18,0x14,0x6e,0xb7,0xb5,0x4a,},{0xd3,0xa9,0x2b,0xba,0xa4,0xd6,0x3a,0xf7,0x9c,0x22,0x26,0xa7,0x23,0x6e,0x64,0x27,0x42,0x8d,0xf8,0xb3,0x62,0x42,0x7f,0x87,0x30,0x23,0xb2,0x2d,0x2f,0x5e,0x03,0xf2,},{0x47,0x1e,0xbc,0x97,0x3c,0xfd,0xac,0xee,0xc0,0x72,0x79,0x30,0x73,0x68,0xb7,0x3b,0xe3,0x5b,0xc6,0xf8,0xd8,0x31,0x2b,0x70,0x15,0x05,0x67,0x36,0x90,0x96,0x70,0x6d,0xc4,0x71,0x12,0x6c,0x35,0x76,0xf9,0xf0,0xeb,0x55,0x0d,0xf5,0xac,0x6a,0x52,0x51,0x81,0x11,0x00,0x29,0xdd,0x1f,0xc1,0x11,0x74,0xd1,0xaa,0xce,0xd4,0x8d,0x63,0x0f,},63,"\x20\x51\x35\xec\x7f\x41\x7c\x85\x80\x72\xd5\x23\x3f\xb3\x64\x82\xd4\x90\x6a\xbd\x60\xa7\x4a\x49\x8c\x34\x7f\xf2\x48\xdf\xa2\x72\x2c\xa7\x4e\x87\x9d\xe3\x31\x69\xfa\xdc\x7c\xd4\x4d\x6c\x94\xa1\x7d\x16\xe1\xe6\x30\x82\x4b\xa3\xe0\xdf\x22\xed\x68\xea\xab"}, + {{0xba,0x4d,0x6e,0x67,0xb2,0xce,0x67,0xa1,0xe4,0x43,0x26,0x49,0x40,0x44,0xf3,0x7a,0x44,0x2f,0x3b,0x81,0x72,0x5b,0xc1,0xf9,0x34,0x14,0x62,0x71,0x8b,0x55,0xee,0x20,},{0xf7,0x3f,0xa0,0x76,0xf8,0x4b,0x6d,0xb6,0x75,0xa5,0xfd,0xa5,0xad,0x67,0xe3,0x51,0xa4,0x1e,0x8e,0x7f,0x29,0xad,0xd1,0x68,0x09,0xca,0x01,0x03,0x87,0xe9,0xc6,0xcc,},{0x57,0xb9,0xd2,0xa7,0x11,0x20,0x7f,0x83,0x74,0x21,0xba,0xe7,0xdd,0x48,0xea,0xa1,0x8e,0xab,0x1a,0x9a,0x70,0xa0,0xf1,0x30,0x58,0x06,0xfe,0xe1,0x7b,0x45,0x8f,0x3a,0x09,0x64,0xb3,0x02,0xd1,0x83,0x4d,0x3e,0x0a,0xc9,0xe8,0x49,0x6f,0x00,0x0b,0x77,0xf0,0x08,0x3b,0x41,0xf8,0xa9,0x57,0xe6,0x32,0xfb,0xc7,0x84,0x0e,0xee,0x6a,0x06,},64,"\x4b\xaf\xda\xc9\x09\x9d\x40\x57\xed\x6d\xd0\x8b\xca\xee\x87\x56\xe9\xa4\x0f\x2c\xb9\x59\x80\x20\xeb\x95\x01\x95\x28\x40\x9b\xbe\xa3\x8b\x38\x4a\x59\xf1\x19\xf5\x72\x97\xbf\xb2\xfa\x14\x2f\xc7\xbb\x1d\x90\xdb\xdd\xde\x77\x2b\xcd\xe4\x8c\x56\x70\xd5\xfa\x13"}, + {{0x0d,0x13,0x1c,0x45,0xae,0xa6,0xf3,0xa4,0xe1,0xb9,0xa2,0xcf,0x60,0xc5,0x51,0x04,0x58,0x7e,0xfa,0xa8,0x46,0xb2,0x22,0xbf,0x0a,0x7b,0x74,0xce,0x7a,0x3f,0x63,0xb6,},{0x3c,0x67,0x29,0xdb,0xe9,0x3b,0x49,0x9c,0x4e,0x61,0x4a,0x2f,0x21,0xbe,0xb7,0x29,0x43,0x8d,0x49,0x8e,0x1a,0xc8,0xd1,0x4c,0xba,0xd9,0x71,0x7a,0x5d,0xbd,0x97,0xcd,},{0xa9,0xc5,0xee,0x86,0xfb,0x06,0xd9,0xe4,0x6b,0x37,0x9c,0x32,0xdd,0xa7,0xc9,0x2c,0x9c,0x13,0xdb,0x27,0x4d,0xc2,0x41,0x16,0xfb,0xdd,0x87,0x86,0x96,0x04,0x54,0x88,0xcc,0x75,0xa5,0x2f,0xff,0x67,0xd1,0xa5,0x11,0x3d,0x06,0xe3,0x33,0xac,0x67,0xff,0x66,0x4b,0x3f,0x2a,0x40,0x5f,0xa1,0xd1,0x4d,0xd5,0xbb,0xb9,0x74,0x09,0xb6,0x06,},65,"\xb4\x29\x1d\x08\xb8\x8f\xb2\xf7\xb8\xf9\x9d\x0d\xce\x40\x07\x9f\xcb\xab\x71\x8b\xbd\x8f\x4e\x8e\xab\xc3\xc1\x42\x8b\x6a\x07\x1f\xb2\xa3\xc8\xeb\xa1\xca\xcc\xcf\xa8\x71\xb3\x65\xc7\x08\xbe\xf2\x68\x5b\xc1\x3e\x6b\x80\xbc\x14\xa5\xf2\x49\x17\x0f\xfc\x56\xd0\x14"}, +}; + +bool TestCryptoSign() +{ + // https://github.com/jedisct1/libsodium/blob/master/test/default/sign.c + const unsigned int MAX_MESSAGE = 65; // Sync with test data + + byte pk[crypto_sign_PUBLICKEYBYTES]; + byte sk[crypto_sign_SECRETKEYBYTES]; + SecByteBlock sm(MAX_MESSAGE+crypto_sign_BYTES); + SecByteBlock rm(MAX_MESSAGE+crypto_sign_BYTES); + + bool pass = true, fail; int rc; + + for (unsigned int i=0; i(data.msg); + const word64 l = data.len; + word64 smlen; + + rc = crypto_sign(sm, &smlen, m, l, sk); + fail = (rc != 0); pass = !fail && pass; + + word64 s = STDMIN(smlen, (word64)crypto_sign_BYTES); + pass = (s >= crypto_sign_BYTES) && pass; + + fail = std::memcmp(sm, data.sig, (size_t)s) != 0; + pass = !fail && pass; + + word64 rmlen; + rc = crypto_sign_open(rm, &rmlen, sm, smlen, pk); + fail = (rc != 0); pass = !fail && pass; + + pass = (l == rmlen) && pass; + fail = std::memcmp(m, rm, (size_t)STDMIN(l, rmlen)) != 0; + pass = !fail && pass; + } + + return pass; +} + +bool TestCryptoSignKeys() +{ + // https://github.com/jedisct1/libsodium/blob/master/test/default/sign.c + const unsigned int MAX_TEST = 64; + const unsigned int MAX_MESSAGE = 4096; + + byte pk[crypto_sign_PUBLICKEYBYTES]; + byte sk[crypto_sign_SECRETKEYBYTES]; + + bool pass = true, fail; int rc; + + for (unsigned int i=0; i -#include #include - -#include "validate.h" +#include // Aggressive stack checking with VS2005 SP1 and above. #if (_MSC_FULL_VER >= 140050727) @@ -60,1308 +30,1241 @@ NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(Test) -class FixedRNG : public RandomNumberGenerator +#if defined(CRYPTOPP_EXTENDED_VALIDATION) +bool TestIntegerBitops() { -public: - FixedRNG(BufferedTransformation &source) : m_source(source) {} + std::cout << "\nTesting Integer bit operations...\n\n"; - void GenerateBlock(byte *output, size_t size) - { - m_source.Get(output, size); - } + struct Bitops_TestTuple + { + // m,n are operands; a,o,x are and,or,xor results + const char *m, *n, *a, *o, *x; + }; + static const Bitops_TestTuple tests[] = { + { + "0xc2cea8a4", "0xb36e5794", "0x824e0084", "0xf3eeffb4", "0x71a0ff30" + }, + { + "0x436eb828", "0x1b375cb4", "0x3261820", "0x5b7ffcbc", "0x5859e49c" + }, + { + "0x1e5c0b28", "0x4fded465", "0xe5c0020", "0x5fdedf6d", "0x5182df4d" + }, + { + "0xeb71fde7", "0xf7bb47cf", "0xe33145c7", "0xfffbffef", "0x1ccaba28" + }, + { + "0xa6b0f01f", "0x8a8ca98", "0xa0c018", "0xaeb8fa9f", "0xae183a87" + }, + { + "0xa70bd8b7", "0x5c758cf5", "0x40188b5", "0xff7fdcf7", "0xfb7e5442" + }, + { + "0xf91af382", "0x718a9995", "0x710a9180", "0xf99afb97", "0x88906a17" + }, + { + "0xbd2a76ad", "0xddd8dfeb", "0x9d0856a9", "0xfdfaffef", "0x60f2a946" + }, + { + "0xd4b559cc", "0x91a53295", "0x90a51084", "0xd5b57bdd", "0x45106b59" + }, + { + "0x89434e9e", "0xa42fdaf9", "0x80034a98", "0xad6fdeff", "0x2d6c9467" + }, + { + "0xb947ac04", "0xd4201e52", "0x90000c00", "0xfd67be56", "0x6d67b256" + }, + { + "0xa83945c1", "0x3a9c5dba", "0x28184580", "0xbabd5dfb", "0x92a5187b" + }, + { + "0xbca38ffa", "0x881ba9fd", "0x880389f8", "0xbcbbafff", "0x34b82607" + }, + { + "0xfcd0b92", "0xeaad8534", "0xa8d0110", "0xefed8fb6", "0xe5608ea6" + }, + { + "0x50d160d0", "0x64646f75", "0x40406050", "0x74f56ff5", "0x34b50fa5" + }, + { + "0x165ccff8", "0x67d49127", "0x6548120", "0x77dcdfff", "0x71885edf" + }, + { + "0x8c4f4bbb7adaacb5", "0x2566b7a909b24aa9", "0x44603a9089208a1", "0xad6fffbb7bfaeebd", "0xa929fc127368e61c" + }, + { + "0x6f9ef50aafb31e8d", "0x7a93b2ccd1bbbff2", "0x6a92b00881b31e80", "0x7f9ff7ceffbbbfff", "0x150d47c67e08a17f" + }, + { + "0x4c99e967f8de5294", "0x1f4699e0c14e6974", "0xc008960c04e4014", "0x5fdff9e7f9de7bf4", "0x53df708739903be0" + }, + { + "0xcc55f5d6d3ea45c", "0x6805b4ddb6390c2f", "0x805145d2438040c", "0x6cc5ffddff3fac7f", "0x64c0eb80db07a873" + }, + { + "0x90620d1a012459e7", "0x89d31098ce3fed42", "0x8042001800244942", "0x99f31d9acf3ffde7", "0x19b11d82cf1bb4a5" + }, + { + "0xb87d1674e90a935a", "0x75ea466cbb782ac4", "0x30680664a9080240", "0xfdff567cfb7abbde", "0xcd9750185272b99e" + }, + { + "0x1f135732240701f0", "0x6aa09a1614bf4dd4", "0xa001212040701d0", "0x7fb3df3634bf4df4", "0x75b3cd2430b84c24" + }, + { + "0xc9a88d8300099a31", "0xdc8e91df745169ee", "0xc888818300010820", "0xddae9ddf7459fbff", "0x15261c5c7458f3df" + }, + { + "0xc8c828d15228b562", "0x43f86cffa3d15d80", "0x40c828d102001500", "0xcbf86cfff3f9fde2", "0x8b30442ef1f9e8e2" + }, + { + "0x41fdc0bc2009563f", "0x59dd1c417e3c07bc", "0x41dd00002008063c", "0x59fddcfd7e3d57bf", "0x1820dcfd5e355183" + }, + { + "0x9e2f78600c3a84e7", "0xac69a0e1fe7887b0", "0x8c2920600c3884a0", "0xbe6ff8e1fe7a87f7", "0x3246d881f2420357" + }, + { + "0xd424d1d9a955f617", "0x9608f5bde1c4d893", "0x9400d199a144d013", "0xd62cf5fde9d5fe97", "0x422c246448912e84" + }, + { + "0x1aa8b60a0627719a", "0x5b26e6aca95f5f60", "0x1a20a60800075100", "0x5baef6aeaf7f7ffa", "0x418e50a6af782efa" + }, + { + "0xcf5db499233fac00", "0xf33e7a29c3c33da8", "0xc31c300903032c00", "0xff7ffeb9e3ffbda8", "0x3c63ceb0e0fc91a8" + }, + { + "0x6b47c03d576e878d", "0x2032d13574d67da4", "0x2002c03554460584", "0x6b77d13d77feffad", "0x4b75110823b8fa29" + }, + { + "0xd47eeb3aefebf074", "0x6d7ba17a42c66b89", "0x447aa13a42c26000", "0xfd7feb7aefeffbfd", "0xb9054a40ad2d9bfd" + }, + { + "0x33ad9c5d20b03f5c05535f20a2941c8f4ae0f1f19500759151060dce39e5dfed41ec4f", + "0x277401dc000fde7eda4d60a5698935f7febd8fbe49e5d6f56ca2e7f6118380d3cd655da392df3ba6c1b13dc0119af34cfa1d18a65", + "0x10a9841c002016480453410020041c8640c0312191006411110401082924cfa1418845", + "0x277401dc000fde7eda4d60a5698935f7febfbfffcdf7dff7fde2f7f7f38ba9d3cdf5ffaf9fdf7ba7d9b53de0ddfbff5dfedd1ee6f", + "0x277401dc000fde7eda4d60a5698935f7febeb5678c37ddf69962b2c3e389a9920591f3ac8dc66ba198a42da0cd796d1104c90662a" + }, + { + "0xb6ea335c13111216862e370d12fb9c761a6266617f62a1904b0d7944ab3cddc71f11752ad9424b0", + "0xa6b380f048a9cbe45ff4ea824064c831eb03ff875e1e3e", + "0xa62200104028090410d480020044c831e1035285140430", + "0xb6ea335c13111216862e370d12fb9c761a6b7e6f7feabdbe4fff7fecaf3eddc71fb17ffafde3ebe", + "0xb6ea335c13111216862e370d12fb9c7610095e6e7be83d2e0ef237ec8f3a914401a14ad2aca3a8e" + }, + { + "0x8fb9486ad1f89ca5b3f6da9f0d5ef9ec328b8cc3e5122afbd8a67bd1b2b4ab5c548b90cf9fe1933a0362922f1e84ef0", + "0x10615f963dffc13718ed1ecdb9cfbef33148befeb91b190dc7e7d28d8821ff248ab26a34e1b89885c643e447c72", + "0x6051901ca58136188d0c4cb9cc32830040a412281b180443c192848800540080820a208138000082030404c70", + "0x8fb9586bdffebdfff3f7daff1fdff9efbefbbdcbfffebbfbd9affff7f2bdab7dffaf9afffff5f3ba9be7d66ffec7ef2", + "0x8fb9580b8e6ea15a72c1c272139340238c78bd8b5bec93e0c1abbc366039237dabaf1a7df5d572829be7546cfac3282" + }, + { + "0x10af96443b186faf790279bf3bbe0517d56ffc01e7fec8c88e765d48cc32333390224f4d762d1ba788c50801cba02524cb49", + "0x95d44e7344fb1701bace3ae83affbb6290bf282f7565b9a82c386823f5f213a53eccb2cfe5deb4dd040067a64ada8c1b6828599b96cc70647e7d19dc7dfba393addabe689ffbe1a36642bc9844b81c6c4c2e178", + "0x2c96442b084000000260ad288004028509b800c70640c080144548883032118022094d3608122408c1000181800400c148", + "0x95d44e7344fb1701bace3ae83affbb6290bf282f7565b9a82c386823f5f213a53ecdbaffe5dfb5dffef7f7a7dbfbbffb797d5fffd6de7fecfefdfffdfdffe3b3bffbbe6cffffe3f3fe7abcd8c4bcbe6e5e6eb79", + "0x95d44e7344fb1701bace3ae83affbb6290bf282f7565b9a82c386823f5f213a53ecdb836819d055bfef7f781d12937fb39550f6456d20f88f2f5feb9a97760b09ee3bc4c6b2c8372dc3a30c8c4a4a66e1e62a31" + }, + { + "0x5fc77dab8cd9c1da8c91eb7ba9c23ce85375b61bf3b9a8c4e4df7bc917aa8a14e747888c9756a2be2fd2e256e44194ce093a0185594de0dcf8340c45b6af7dbdc7682fbef6313f9f1cb234689d9f1ff603e1273faad89d0fe1ab57fbc7c32d29dce125fafc973754464b55ae5de58a8a5661c2065b95c2c94d7ec34", + "0xd4a9158961d4c11258cd047eda13d6804c16c3a374b7f4115bd835bde0b5", + "0x1080158800548100504504649012c480480081221420641158081495e034", + "0x5fc77dab8cd9c1da8c91eb7ba9c23ce85375b61bf3b9a8c4e4df7bc917aa8a14e747888c9756a2be2fd2e256e44194ce093a0185594de0dcf8340c45b6af7dbdc7682fbef6313f9f1cb234689d9f1ff603e1273faad89d0fe1ab57fbc7cf6fb9dcf73dfefdb7bfd447eff5bf7de5cbee7e77cb7f5b95ffcb5ffecb5", + "0x5fc77dab8cd9c1da8c91eb7ba9c23ce85375b61bf3b9a8c4e4df7bc917aa8a14e747888c9756a2be2fd2e256e44194ce093a0185594de0dcf8340c45b6af7dbdc7682fbef6313f9f1cb234689d9f1ff603e1273faad89d0fe1ab57fbc7ce67b8847738b6edb2bb8401a6f49335e14be66c5689791a807f4a16a0c81" + }, + { + "0x52cbea1f4d78445fb8f9267203f0f04bddf65b69b1acb0877143e77317f2d9679cb", + "0x331e156a1e1daa0039926a08ec80c2d7c1500bc435a53ebfc32fa398a3304fcd79d90725528e320add050da666b9de42b8307b", + "0x88421a41684412b839023200f0d00990725128a120a0805042666315e0090304b", + "0x331e156a1e1daa0039926a08ec80c2d7c1552ffeb5f5ffbfc7ffaf9ae7307fcf7dfddf65f69f3acbdd771dbe77b9ff6fbe79fb", + "0x331e156a1e1daa0039926a08ec80c2d7c155277a9451e93b86d42c0ac41070c27d64d840e41528c1d57219981188a16f2e49b0" + }, + { + "0xbde7e20f37c3ed822555d36050240dcfb5a9a3867d149cffe78e92b95573cbdde33a8c9495148e04cafa1325aae058b4a98c50f7019de1345de6dce12436bed4b86eca2d", + "0xee480b4096f0c1ac565d623dd53b62dba81c507d3c8e15372396fa49de0ecf074fb0ed1785f00f8094022ff50fc436a7cbd18de8ff317c33ea9bdbd8814a7658fcd1fd10b2ed10eaf7e4c2b8f409df3c36f1f0c986a49805a9ed08bbcd603e2eec9e18", + "0x547a00d1781e0020014022050040406a58981846814107c238a929950014a544038809410108c00caf20000a8e00894280450f00184a01005a0cc0020042014286c8a08", + "0xee480b4096f0c1ac565d623dd53b62dba81c507d3c8e15372396fa49de0ecfbfeff2ef37c7fd8fa5d5d36ff52fcdffb7ebf38ffdffbdfff7ee9bfbddf3cbfffbfeddfd95b6ef14eafff7e7baf459ffbdbef1f7c99fe5bc5deffde9bffffefebeeede3d", + "0xee480b4096f0c1ac565d623dd53b62dba81c507d3c8e15372396fa49de0ecfbaa852e220461d8da5c1d14fa52bc9f91262720b95ebad83d46409628df281abbbc65d6985a66314200df7e71214516b95baa107c81b45ac584f31e99ffbdeea96825435" + }, + { + "0x17ed0a1aa80542396e82ab79f6d4dda731d10f9487467fcfa5c8b501fa86488fbe268605c01beb257c9e301a42833d22965ea2ff0eda5f18427481a300a8f9aa81e76d774ea1dbed40268eca094bef627d2c206f6885fc12f71557bfda836", + "0x422340e8ff3b4177efa5f58111fe306aa602d8020164fa34c12acdb3de81e", + "0x2340604e21416540248480014a2062240000020004f810c10045b3da816", + "0x17ed0a1aa80542396e82ab79f6d4dda731d10f9487467fcfa5c8b501fa86488fbe268605c01beb257c9e301a42833d22965ea2ff0eda5f18427481a300a8f9aac3e76dffffbbdbffefa7ffcb19ffff6aff2ef86f69e5fe36f73fdfbfde83e", + "0x17ed0a1aa80542396e82ab79f6d4dda731d10f9487467fcfa5c8b501fa86488fbe268605c01beb257c9e301a42833d22965ea2ff0eda5f18427481a300a8f9aac3c42d9fb19a9a9aaf837b4b18b5df08db2ef86d69e10626363f9a0c04028" + }, + { + "0x290796408a0b8baa742b9d466afc4958528f7976fdce50caa83ed63285f58d200e4c65842ea24c3d4a3850a1824b61d25af9d3b41b9e64407a5262a75d9efd08481cfbc339ae26b0755438894b9e2298a35ed9", + "0x4cb6f7935f5cc586320c6ce957f82cff774cde7d4201735a5acd22190fcb1c9c16d1887a", + "0x4012f193141884040008406007580cfd00481c794201220210450018094b1c0010810858", + "0x290796408a0b8baa742b9d466afc4958528f7976fdce50caa83ed63285f58d200e4c65842ea24c3d4a3850a1824b61defeffd3ff5fdfe6727e7eebf7fdbeff7f4cdeffc339ff7efafd76398fcb9ebe9ef3defb", + "0x290796408a0b8baa742b9d466afc4958528f7976fdce50caa83ed63285f58d200e4c65842ea24c3d4a3850a1824b619eec0e40eb475be272763e8bf0a5b2027f04c2868138dd7ceab87621868082be8e72d6a3" + }, + { + "0x14e55ecb09d8c6827022df7c713c05a5d882e25782", + "0x2dbdb54cb6341fcea6f67cfaa5186aa0a91b9782e362cbb0dd0ef3cbc130ce0cb2ce7232c0562", + "0x10600e020898048060209c1000200124c002200502", + "0x2dbdb54cb6341fcea6f67cfaa5186aa0a91bdfd7eff2dfbcfd2ff3eff7f7dfccfadffa3ee57e2", + "0x2dbdb54cb6341fcea6f67cfaa5186aa0a91ad9d70fd2563cb529f1e636f7ddcce893fa1ce52e0" + }, + { + "0x2b0dfd23fc740e1759697bcba800aa1be7df28c59fe72b9869766ac34ecb4e5d0dbc74c2cbb5f734bb8d38dab59c3f22cdc706c657839580c2793c4c7660606548c048a697db3dfbad82e695c605", + "0x33080f6fd52aeca572f24a98ff19b9e7327c3b951ccfd8c9a6b9bd6f7c940079e4be88178a2a6d5a2b17", + "0x30007249108288030900a00cd0100c612001180004918482620206548800020849a0813880264100205", + "0x2b0dfd23fc740e1759697bcba800aa1be7df28c59fe72b9869766ac34ecb4e5d0dbc74c2fbbdff7fffaffcfff7fe7fbaffdfbfe777ffbf95defffccdf6f9fd6f7cd448fff7ffbdffafaaefdfef17", + "0x2b0dfd23fc740e1759697bcba800aa1be7df28c59fe72b9869766ac34ecb4e5d0dbc74c2f8bdf85b6ea7d47fc76e75ba32debf2165ffae15deb6e485d0d9dd0a345448df7365b5ec27a88bcfed12" + }, + { + "0xc0cc21922748d7626df1ab92b4ad4df1861050ca7de74adb92a140", + "0x3531a6880ccc47bc3826056efe912f3db02df9c0b6931e253ab9248f472359fe59218690f6781f35da89b8f1ff45cd5a1db9a414c9d7ec62ff5859a1572b1c1880a99aa74ebe8b12c68e791c11dd6cc0e5ed5", + "0xc40192054091400800898234a948b104004080410542c8020040", + "0x3531a6880ccc47bc3826056efe912f3db02df9c0b6931e253ab9248f472359fe59218690f6781f35da89b8f1ff45cd5a1db9a414c9d7ec6effda59a377af7e3edfbbbbaf4efedf1ae78f7dbfdffdedf9effd5", + "0x3531a6880ccc47bc3826056efe912f3db02df9c0b6931e253ab9248f472359fe59218690f6781f35da89b8f1ff45cd5a1db9a414c9d7ec6ef39a408323a66a3e5fb3238c046a540aa78b75bbcfa9c179cff95" + }, + { + "0x68cbb0a526d1fa61003e12401db51090fa4649b00b7be7465d0eb18f74c86157a919", + "0x1ca7d6f9bc3e11d3c365af63bf9499b6c7e9c569da7361f0214b8d", + "0x1610001c111080600641b00019a6464904218a704060010909", + "0x68cbb0a526d1fa7da7fefbfc3fb5d3d3ffef6bbf9ffbf7c7fdcff9df77e9f177eb9d", + "0x68cbb0a526d1fa7da7e8ebfc23a4c3539fe92a0f9fe25181b4cbd85507a99176e294" + }, + { + "0x210bef18d384992c5eb72e2b362c7296d9810f5ba9fd25e2d5648989d65095e45d1478f2a83140a0f68033a08fa3d7c392a3dc77e8e6aeba9ed76038e9e7825255fac990bf1098e6f9cba0", + "0xdb48641b3f63e5f1f41ff3b1578c4b190de42379d45cba03c4c6f34b1b14ea930fdff90dca53116710228e45b081fbddc9273a542e6f689642453adb91086bdb99681342113262d67f5517f2691024fe367459b01872549211067798063cc00b16c883b8cd2ffaa6d6116863f204bb23ce26c5bcdaf3e1b816dcf65ca", + "0x21014200d280002452a52800062c309681000113202d25e051640081024081644510008220010000660000208c00914080238c52e8a22c201686202049a20042445ac9803e108064c94180", + "0xdb48641b3f63e5f1f41ff3b1578c4b190de42379d45cba03c4c6f34b1b14ea930fdff90dca53116710228e45b081fbddc9273afeffef78dfd2c5fbfbf3bb6bdfb96d9b52f5baffd67f7d57faf99d65ff7e75d9f79f7ad7961b0f7f9b3e3cfa3f7ef9abbdcf7ffeeeffb9ed77f38ebf7bef27dfbcdbfbf1b99efffefea", + "0xdb48641b3f63e5f1f41ff3b1578c4b190de42379d45cba03c4c6f34b1b14ea930fdff90dca53116710228e45b081fbddc9252aeadfe250dfd080d1a973bb091cb0058b52e488fd04217841baf18d41f7683188f79758d7861b091f9b3c343a366af1a9850a5174cc3db88515f18a255beb039a1043f810b198b36ae6a" + }, + { + "0x143143205d76a7287d48be24db8fbfe37c291d82e103aa05cfc172fb920f0e8cc15c47de948b964e39be34a5b8a2610198c0c5b98543e6e727be153cfff0338f229cc22f029e04f766c62988634fee1a0a16880c93e5b10bada4018b6765b54c08f5710344dbfb9e9ad5dd7914cab496b22a6", + "0x2d58b8b513f4bceb8300f8b978e31c163f36155e9678bb0f221ee7cbcf7262b9d53c7a395ea916218fa2478baada74f3e69df63a7be0c9554c07004f9e4d869642bbd63a9fe07138a6aef7ad14c74231cf6401c597f9b6d15c266c42c28613838609bd4f4522c9eb65fc8456acc339c641ac7d7b7bc2c48c8f2", + "0x100201970a308140836045a8638a30c201c82c103220089c1307a100e0804010c0246808a924431a614a4382260011040050005024486060211143a902001208482270014044220c620004107e8120014000c02c080038184018947452048086570004488c31882418c79104a8084800a2", + "0x2d58b8b513f4bcffb343f8fd7ee73c7f7fbe35df9ffffb7f2b1fe7ebcffa67ffd57efbbb5faf9ee1dfe7df9fabde7efbfebdf7bafbe1c9ddccc7b9cfdfefe7b7febffefffff3ff3abeeeffaf9ec7f777cf6d89e7dfffbedb5eae6cd3e7b71bafa609bf6f65b7cdebf5fd8756fffbbfded5fd7d7ffbf6d6beaf6", + "0x2d58b8b513f4bcffb243d8e40e44346b7788318519c758730b03652accd86776144e81ab51a79ae0d3e5991f214c3aca58a95382d981c8cd8cc2b9caddab61b1fcaeeac56fd3fe1a3a6cd8af8ac3b557094d89a6d817acdb4aae60d12737182e22083628209785e3908d87127738a75c9471046fb176523ea54" + }, + { + "0x258e988b847b06b73462629161e28517f7b9ad7b5c19a9ad2c07f9a66f33fb2220fddb5a33b9cd5c2d63fd543efa1bef16e26b95484d70d0d7cfce28491ace0a608fb6cf9e97cb88d73c96c9150f9ef53c5e75bd68805fdce891e5935e9428ca67eba1e345148fcf2", + "0x1857c0e26e0476169cf804c8d5a431022cce0da75d7642a2414a900370f201f5073c7e700ff6626fbd8a104182954fa9f23a45474af5456a00e36f6a6c8162afdf7492d387a455dd8506167d5cc24e6861d7b480b1458230", + "0x1812c0a04000121280780040d12430020ccc05a319144082400a900360a000f10624385004d6000d3c880000808440a0003a44414874000800c16c0040816203c56412d2800455cc8106103548420c206092140011408030", + "0x258e988b847b06b73462629161e28517f7bdfd7f7ef9efed6dcff9eeef7bfb3222fdfbda77ffed7e2d77fd543fff3bff56f3eff748ff76f6ffdfef2c593bdefaffafb6dffebfdfdef73eb6ffb7cf9efffdff7dbd78fa5fddf8d1e5f7dfdc2ceee7fffbeb4f14dfef2", + "0x258e988b847b06b73462629161e28517f63cd1757af9eecc45c879eae269b83202313b80466ea9760977545409f53bf04691ac7248b216f62c176f2c51339af0ffac129bea389fde7732a03fb3c788dfc1a93c9050fa1a8130c184f48b580c2ce1f6daab4e00d7ec2" + }, + { + "0x328edc02c67d84bf095ac048e50c2dc29cffc08184b11e4da02904be14eccd317e9f6bdd6fe2b8233e8928d65d4ad434ef8a629cae6013bfb3c54be167e16371dc6412b62c2b1213424dfb7d391cea8a7494a28576ce823d8e111994182909efba7dd3533dbbe510dab4ac5ef", + "0x61a1365a1226597896c514f5bb16a064f6ff6982ac91ea568daa43e473aa63867bdb628e92e97ebd4f2091", + "0x4121224210201020968510918a00a04042284100a801c84001884180108a63865911228a92410ca94a0081", + "0x328edc02c67d84bf095ac048e50c2dc29cffc08184b11e4da02904be14eccd317e9f6bdd6fe2b8233e8928d65d4ad434ef8a629cae6013bfb3c54be167e16371dc661ab76dab3277d7cdff7d7f5ffbea76dfeff7feeecb3faf79dbb43e6f3befba7ffff73dfbef97fbf4fe5ff", + "0x328edc02c67d84bf095ac048e50c2dc29cffc08184b11e4da02904be14eccd317e9f6bdd6fe2b8233e8928d65d4ad434ef8a629cae6013bfb3c54be167e16371dc6208a5498a3076d5c4972c76475be072dbcd73eee44b232b79c330266e3349821a6ee51552cb8731605e57e" + }, + { + "0x37a92944b67fae733d201c024838975531bc3f748d98089eed38faed40c9463441cf48ac40e98097ce75db2bf0120ef69087a176d31d562cc99137c67e4a659cbb1298ba150aa191ced4089deee7048511de602414936af93cb2cef1b7ee801d9b75d961d33bb2958669b16193abf7b55ccfebac3a490415128dac92", + "0x6fb8d83d986c4604db1b9396493a0a68270806cdbcc3299a049ebe77bd6891258e6313c720fb1b30ae9c4387ba51db3325e15033d9e01d499707c138b4cf4b85032da65e9ce3aabc5effbf7003771476ff71e86f665d2d3e7578dfcbb8f08c1619f609ec147f0", + "0x88c811882c440490030014400a0008000804c51c822900008e2800380001218462008100780320a6184381280181102001102140801c4810004118a4024101022d824a0ce30a3c4801993001161432bb2148660214093a357855c8b8b080041040012810490", + "0x37a92944b67fae733d201c024838975531bc3f748d9efb9feff9feed60cdf7bd79efdbace6ebf097eeffdf3bf9b24ffff7fff7ffd35df63dfdf33ff7ff4aeddcbb7bbdbfb73aff95cffd9e9dfeff74fd13df6cf4bcd37afb7dfbcefbbfefefffff75ff71d77ff79f86fff5f3d3eff7bdfcffefacfb699f759ecdeff2", + "0x37a92944b67fae733d201c024838975531bc3f748d9ef3136ee17c292084f78d78abdb0ce66bf017a2ae171969b2471d77fc77ffc145b01df5e33877cd408c5883693da7a638ff84cde9969c3a7e74f902552cd0acc35823595b00cb1c2b6fe66c75ee109454458b009fd4b3404ca038a07464a4fb289b758c4ceb62" + }, + { + "0x1ab020d8beb54c354411f3a5658b5e5e87a896d7049c5eab20a302b6e35ca98364d7edd00eb3e209dcb035fe4b6eeace4e525229bf790c67bae63821e1282712d7c624efa64b3e5ad1a73aeb1033d4cd5949d63183173632445c9f488e74cd", + "0x4d706a200a7a70e0b6eeef2dbdb88779dd50af16e6405c17fd2c2efb5493cf13b730207a009a14ca150042af3e6b7f05230161a10073f87a56afede3c2cfd09857f78d7913cdd966e9a2e6e6e3", + "0x45000000a2a20a002a6e30ca9800451cd500e12e2005c10352c0a6a40824e1212202078000210c21000402826025704200120010052d02212ab0023c0cd5008563181111200404489008664c1", + "0x1ab020d8beb54c354411f3a5658b5e5e87a8dff76ebc5efb70e3b6feef7dbdbbe7fffdd0afb7e649dcb7fdfe6ffffedfcf53f739bf7b0cffbeee3d21e3af3f7bffc727efe7eb3e7bf9ff7eeffdf3d6cfd9d9d7f78f7f37ffdd7effeaeef6ef", + "0x1ab020d8beb54c354411f3a5658b5e5e87a8dba76ebc54d15043b4580c71143be3ae3080a1a5044980a7c8d26595be5d8141e5199f030cfdae2c2d21a3871979a8c307eec7ea3e2929dd6c44fdd0160289d181c60e6e25ff9d3a76ea68922e" + }, + { + "0x85993ec08ac960d46bcba87136f24042485c6d3e0a9973e828df60e537860d6bc83dafa7fb292beef466d0a939ab9da2b", + "0x4c9a310b11d6e4b4d29d7ede30fb42161fd6a58792440f416abda6df55913a8a26c35140524de5dd9519c30f19641f4f0863bfefc2ae6c89333dd77d6f688cffcbde281772cee0dac9bb0dd16b6c1d33fa7e39b2e781896dcc2b0aba3abedf1381f9f38eb210f5bd2001ea8453ceb136dc3915fabdc30709db0b1a07ec40be", + "0x811926c08a08601002c8803022a2004040180d1e0889210808d2000420040c6b002d83815b290820700490a1202a8402a", + "0x4c9a310b11d6e4b4d29d7ede30fb42161fd6a58792440f416abda6df55913a8a26c35140524de5dd9519c30f19641f4f0863bfefc2ae6c89333dd77d6f688cffcbde281772cee0dac9bb0dd16b6c1d7bfbfe39bef78dcffdfeaf1bff3ebeff97c7fbf3afb73ef7bdf60ffbfc73debdb7defb7ffabfffef4fff0b9b9ffddabf", + "0x4c9a310b11d6e4b4d29d7ede30fb42161fd6a58792440f416abda6df55913a8a26c35140524de5dd9519c30f19641f4f0863bfefc2ae6c89333dd77d6f688cffcbde281772cee0dac9bb0dd16b6c156a6992311e718ccfd176ac19d51ebafb96472a1327252e7730d60fb9fc33180db506c36a482f7de84fb601899d559a95" + }, + { + "0x4d9f3e8aae22123e382e7835d3d9d7e944a5c81cab3415fda40d0ec8fde8a50d8b21b2298f83a65bbdb10d120d302d8db4e9807715be0e", + "0x4dacc1a6f2cecd4179556cbbdfe1cedbc952de5232ff1fe1ae9c0c3bbfcd9087e4ed5bcd1f8c289b1456ef032d888", + "0xa48104308c4c004854008a93414eda4050cc02128a10c0a2180018b8080083c00051001300089b0410070109808", + "0x4d9f3e8aae22123e3cfefc3ffffdfffd57b5dedfbffe1dfdbc9d2fedffeff5ff9be9f2ebbfffff5bffffddbeddf8ef8db5edeef737fe8e", + "0x4d9f3e8aae22123e3cf4b42fbcf53b3d53309ed716ca09101898232ddec754f391c872ea347f7f53c3ffd8aedcc8ef0405acee87276686" + }, + { + "0x28d61d5ca1f56b4d3134009f478b17ac208a5b559d9c3726a7a16919e3b12ec6d61a142dc04d834141a9a4", + "0xb444947aba00d50e10326ebea7a2618a10144dde07c15c685d4785eae16d232eb741bc2a09b7cf794a33ed3598803ad61af", + "0xc00104a1e06a041020000445801404008050501c8c160222a16019c2a00a44d610002cc04980010121a4", + "0xb444947aba00d78f71f7eebff7b6f39b501dfdfeb7fbde68fdf7ddfbe37f6b7eb7d1be3b1bffef79eb73fd35d8b43ede9af", + "0xb444947aba00d78371e7a4a1f116b299501db9a6b6bb9e60f8f2dc33221f4954a1d022111b5ba218eb71313140b42ecc80b" + }, + { + "0x1b9a0b9c87fa234d05d06e18171cce3f8fc4adf7f75a402c4c5a281f46e714b96badab2184546aa11a7be482616cbb973da00e329628d3e692b69b43d34391884d87fcd64e2339fbb30044a370fffde97a128d1e5", + "0x7d641e556550c3ddb89ee553cbc0d8d92cdaec6519a2ff3bd792e0b309c24cb49056fb219ef4dfb2a72e76ac7df3407a44e55af5689e9c85c87e74d542dfb445f56a0a518c", + "0x78640a55655080008084a001c0405049049ac8201800462a1182a000000248b01052002108608d32212a60a43d30001804c05ac56082108588300440020fb4449520085184", + "0x1b9a0b9c87fa234d05d06e18171cce3fdfc5edf7f75e7dffcdfe7d3ffeef9dbbefafef719e7ffbbd7b7fefb2fd6cfbdf3defbe3bff6dfbeef2f7fbc7df7797ac4fd7ffd6cfebf9ffb7e74df77dfffdff7eb2ad1ed", + "0x1b9a0b9c87fa234d05d06e18171cce38598548a1a2567df7c5b47d23faea992ba6036d701e7b991c6355efb2fd4870de38cfbc2b796528cce051f1840c77962c03d25380c7caf1a734e709f75d04b9b62cb228069" + }, + { + "0x142cd4c71f04927a526ca430e542cd9432860", + "0x1337869f6c145daf15b226485ef3c48b8037bf7cb2cc9834153b90f55d4217a5e4a9ea133", + "0x142c90c41804103a106404000500c48022020", + "0x1337869f6c145daf15b226485ef3c48b8037bf7cf6cf9f34977bd2fdfd72f7e7edbdfa973", + "0x1337869f6c145daf15b226485ef3c48b8037ab50660b87308741c299f972f2e7293dd8953" + }, + { + "0x4f517f63e95a08284faaf4d4a290c334fc5d039e386727ddbb5d0a6d5fbb5540e97767023d60bedd158ed25051a6c56", + "0x9e2c9c6d2e3be2ad25733871aeba4ba64081294478f936f9c4fc45ada6bb2c098c98f21e709a88995cc3b0cf7e693f8e73f58f8f4735c81e8421182fc15426174f3b6da7b493135c", + "0x4f405a4269120008498a20c400808114cc190096200320c53b5808645318014040110200154020541186d2504120054", + "0x9e2c9c6d2e3be2ad25733871aeba4ba64081294478f936f9c4fd57ffbebfac8b8cfaff5f7abb8cbb5fc7f0ffffef7ffffbf5dfafd7fffd5e8eb77e7fe3d62fffdf7beda7b59b7f5e", + "0x9e2c9c6d2e3be2ad25733871aeba4ba64081294478f936f9c009525b982e8c8b08625d533ab384aa130660f69def4df3a8405f2992ce7d4a8ab66e5fe2822dfa9e638082b1897f0a" + }, + { + "0x1713f8f439c07e35b741ec9b0bca80149a7ef129c73c23c34b4515d29dc7dec711007fa395ced70f3bebc6d229edb75bf04231f2414e0a826f3edae4edcf770d59650cc252c6a2eff07fda9baa70938085d1e15144a451d26304d8f3df2406b8eb40f4fae3666780d2e54cd93a5f17439a4d3656dc5d48", + "0x328df4b64b0bd0fbea359666904ea4aa215b03727a70bda853b6cf612b12c3d56ee93b003bd00a7b9c1d6755f580b467deba33bf7f33da4c37fffe79e73e4381ad4bf1306d1b58f5eb276cae813d6f9153d1294c51098d37b3b80154da", + "0x108094864a0310006a219446900e20aa005201603250b00011b241400a0243144ae02900330008610c004244a080b067da9a22301300804021514420411243008843d12004184840e02260260100428140d1284c110188053210005448", + "0x1713f8f439c07e35b741ec9b0bca80149a7ef129c73c23c34b4537dffdf7dfcfd1fbffb797eed74fbfebe7db2bffff7bfdea73f6cf6f2b92effffeedffcf7fdd5b7f9cdf77d7f7eff47fdebbbbffffb3dfddf7fffefdf7fe6385fdfbff346fbbfbf5ffffefeee7bdfff55fd93b5f574b9f7fb7fedd5dda", + "0x1713f8f439c07e35b741ec9b0bca80149a7ef129c73c23c34b45275f697195ccc1fb959603a847419f41e7892a9fcd2b4dea62448e2f2190acebb40dd6cf4cdd531e90df3593576f4418042199cfecb35f9dd6aebaddb6ec208575b82e146ba3b3b51fdd8fc8e6bdbd741f081313464a177a85eedd0992" + }, + { + "0x68bc9c8f8257c6c88c0b2d46defc4539748fb906140acbf1a68820d1748bfc13ec84619f2b495d1ce74e0ca441a246497", + "0x2d30db90794c4b611858b19c973ea865904346738291751ba5fccc5cbf02c09876aca6bf23289174f545ad8039e0fbcefe359521dfc9681a7715e672fdc23cc446c7900851d2ed09568729c88bf9653c63f7e229893f31059e8b51924a54968d44e5bb26decae3159ce786d9b3a1454c6d6cb8108d22bd5111d2cc7eddb", + "0x68241c03824200880c0105068a50000854868904040a02d0828000906482d813a004400d2808100c220c0000408046493", + "0x2d30db90794c4b611858b19c973ea865904346738291751ba5fccc5cbf02c09876aca6bf23289174f545ad8039e0fbcefe359521dfc9681a7715e672fdc23cc446c7900851d2ed09568729c88bf9fdbceff7f7efc9bf3b2ddedffdd77b749fbd46f5bbefffeeeb35ddf78ffdb3edc56dff6ff95d9de7ff5db5d3ee7eddf", + "0x2d30db90794c4b611858b19c973ea865904346738291751ba5fccc5cbf02c09876aca6bf23289174f545ad8039e0fbcefe359521dfc9681a7715e672fdc23cc446c7900851d2ed09568729c88b91d9a0ec75b5ef41b33a28d855add77320193442f1b1ed2f6c6b354d930d25a04dc12df247f14d91c5f35db5936e3894c" + }, + { + "0x6eef644a36b1e052a413160909a537f81d46b2d330981f507d84737065541b5bb5faebfa8491dcd0347fbe498a501e254b91f6d82d6771a69d0aee5a490e2a44a8ba4f5da963d70b486f36f4a65f372a6a60522cac6e6a01d1a2da8743d5381", + "0x391d108a0ba169bb746b3d5816fa985288c230bdde7e3b8433f8d595b63f08a90448923f30926960cf736be42e377b087e68848af89d80d95122b942b0162153d9d665c0e3508d8a25c8862c0bb7ad4f00e4b1213326f5ce32433df12cb9", + "0x3004000a0a01280130601018127a8050080030098074038003300415003508090408800910800140cb6008a4002250081e688082701800d00020a000a004000380d4408021508482214802240332a406002080002220150a200034310081", + "0x6eeff5db3eb1fa56bfb756bbdda57ff99d6ebef33bddfff3fdc77ffd7d5f7bfbbffaeffba7f3ddf6b67fff7fbe52ff77fb97f6d86deff9fe9d9ffe7bdd2f2b66bdbfdf7ffd6ff70bd8ef7efce6dfbf7afef05e6fbe7f7a6fdde3feb7dfd7fb9", + "0x6eecf59b3e115a443fa450badc245851986e3ef03b45f8b3c5c74cfd3c0f78ab3f6aaf73a762d5f6a273497f3412fd52fb16105065c8f87e909ffc71dd252b26bd87d23bf56de20390cd6a7cc49f8c50be905c67be7d586e8d41feb49cc7f38" + }, + { + "0xa210334e6ffbec2fcfa42021075f84222c7", + "0x181b940df674ffa93b3346264fed88e40b8d8f252487bc1f2cb4c3284fa17145d2cd0c77102fc177898e53fb12c40525aeb017a57661a80a268f27b4c78cbb4bae0e96ed0065e32bc7dcb01be9cc4e6bd5db5e453e94855cb2d1d3f86e8218fe55035102fc10901add0eb539089af", + "0x821032440351002c0080000106150000087", + "0x181b940df674ffa93b3346264fed88e40b8d8f252487bc1f2cb4c3284fa17145d2cd0c77102fc177898e53fb12c40525aeb017a57661a80a268f27b4c78cbb4bae0e96ed0065e32bc7dcb01be9cc4e6bd5db5e453e94855cb2d1d3f86ea218ff5f6ffbeeffdfb43afd0fffbd2abef", + "0x181b940df674ffa93b3346264fed88e40b8d8f252487bc1f2cb4c3284fa17145d2cd0c77102fc177898e53fb12c40525aeb017a57661a80a268f27b4c78cbb4bae0e96ed0065e32bc7dcb01be9cc4e6bd5db5e453e94855cb2d1d3f86e2008cd1b6caaeed3df343afc09eabd2ab68" + }, + { + "0x2db0666cd0edeeab9e46e5b729521be3ece0714ffeefe18cd1b8b0f17e04c51b0d79fc6d428c22b9af63756", + "0x1c1d5f18453c10d365065465c676fb8b58cb436b88660a0e19c350feb1f6954caf029a43a3e59bb35ce0bdbf80a7b8ff4b4f5d7d133bd244df8813e9695b1a6af9cea293e5da9ce4f8e1035fc8ce4ca62ecbec89e89fe25053e4153899415f61c41fcb412f13b58ac70fb84077831497f", + "0x8906468c0014e888e44a426094009e08ce05043e4052088411820c01e00410b01318845028800318300156", + "0x1c1d5f18453c10d365065465c676fb8b58cb436b88660a0e19c350feb1f6954caf029a43a3e59bb35ce0bdbf80a7b8ff4b4f5d7d133bd244df8813e9695b1a6af9cea293e5ffbce6fcf1efffebde4ee7bfebfe9bebffe2715ffefff99dd1fff1f57fcfc53f1ffdfeef4fbc62ffaf77f7f", + "0x1c1d5f18453c10d365065465c676fb8b58cb436b88660a0e19c350feb1f6954caf029a43a3e59bb35ce0bdbf80a7b8ff4b4f5d7d133bd244df8813e9695b1a6af9cea293e5f72c829431eeb163500a4399e2be920b7302211c1afad91590e7d13561cf84341ecc76aa4d3462ce2c77e29" + }, + { + "0x33de1dc3fc5d6eeb5cbca27cc816a3727d1f9188400ea6b2c2799a40f7e611770b45cac7ed49fc0b66a46fcaf2393c0e03741bd08d26308fce62b0c56fbe44cb0949990bc3d4e5919ee1706dce518d6a06e865bdc26e761ef6723241b33583262bc4365103ba49dd17c0", + "0x148a80223564208532d09dd94cf189921325cad8f2a6a32568e36b2007f00866ce0c8e59034cac999f915817492737af76413832e2c4e840627b91b54766a1555e91b87b2692df16c41161184ac9a124d59aad5c06b1a61892cf5c0cd6cc628f764a161f1bdd6546cb51a1510eef5ddfbd", + "0x1121081d84c608910102048c812a222250881080006a00042480800510200240905804005492403262441083220040800601b9085062081444290806b2600cb004011010040c18104c1102d4c0081220080451c00464402867202001311812402c01001010a495d1780", + "0x148a8022356420b7fedddffd5dffebdebfa7fed8f6a7f37d7ff3eb600ff6bae6ff9eceffe75dff9bdfdbdfff49ff3feff66ffaf2fbfcee43767bd1bd6776afdf7eb1fd7fbed6df1fcd996bdbdeedb1bef5faedde57bdee1efaeffdcefefe7eff767a57bf3fdf676fcf77f153beefdddffd", + "0x148a8022356420b6eccd5e25119f62ceaf87b610e405d1587772e3600956baa4b796ceaee55ddb92da5b9ffa00db3cc9d22ef2c0dbf8e6431660413861562e9b3c217d1498d6141f8d886adb9e2c30ba34eac092573ccc1e7aaae1ceb8ba7c79047857ac2e5e436d0f67f052b4a680c87d" + }, + { + "0x683d881de1820ee9fbb71ccd74fd10e3a9ce71bd132955b9e9840d9259275498d2fae81b112416f37e9af907c319657d5d81623462b98d93818a23751a2196de6dd7c18e05960", + "0xa9a2ae43423e6c78cc59ceba6601f6d85397527c462767dceeb1ebc6ad425fb2810a2b7525", + "0xa880a002402e24688c104c300601d4d81203422800012018a2314182094046900008205120", + "0x683d881de1820ee9fbb71ccd74fd10e3a9ce71bd132955b9e9840d9259275498d2fafa3bf53437f7ff9efd9febbf657f7d857b7567fdeff7fdceeb7fbe6bd6ffffffd1aeb7d65", + "0x683d881de1820ee9fbb71ccd74fd10e3a9ce71bd132955b9e9840d9259275498d2f07231f5103515b9163c9b28bf056230045b41457defe5fc44c86ba64b42fb96ffd12cb2c45" + }, + { + "0xa827c5e2bd4293ed726065b32cac5c18d9df68b18300848f23f98c22fecd6b9fe7ed38a5adedd78f8dfe975d85c171f62b766947d7cd3d2ed3be52b50b792c0d6bb2701e28f22674a092e5ee0ec89bcd52680c6ae673a", + "0x1deac63a0a7ae71db949662f05aafcefed47a6c6dd5819dc82d250d978001903a1f19e1b8b44e76bd5899884bb97121fa13a63c33822314a486d29b59b66f141fd64af3414a3ea6bdca9b4362e704c744e8a12c1ab736636ca3aa9da4b75795f1a", + "0x202040a28c429068606045810c880c00099700018000040921b88402768d48998049382121e813860c328201048000d20b502047140d140ad30042340239080943226004004020202012a52602488388102004428471a", + "0x1deac63a0a7ae71db9496eaf7dfeffffed7ff7e6df5b3bdec7d3ddddfe8b1933a9f9fe3f9bc6efefd7b9fefefb9f5adffd7afbdff977f95e5f7f6bb7fff6fd7dfff6ef3ff5abfaffdee9f6bf2f71eeff6eef5ac9af7fe6fecbbefdfecbf7ff7f3a", + "0x1deac63a0a7ae71db9496cad79f4d73bc47971e0db032b164713dd448e8b0133a9b96c241386c887033066fa681d48c17c429b1cd157e9165f724b02fdf28c3d2eb6420ff188badc4e69628d0971aefb6ced58c8852d86da43867cfccbb3d73820" + }, + { + "0x1cc981657c8a20f5c777fc1df0e3cde0b23d434e043732dcaaa0758e009a8d1bf8591ff8db693d676eff2c39645b79c06b510ac22b1b47551eb728aa9404c24f2a6dee6bbdf2276759786f4116d21f4009dd6fb8e277976668bd021effecc797ca23682b97dbdffb93333834b8bb8fb68e922f42e3c00111", + "0x1e52f1e05fbedda88873e9984a7a19bfbfbe9ea43e30588f46317b5cadc8eb02d255875f1dde872476d05dec1164e46c7fcf3fd718fff34a80d4c6e951d10f6ae0225d00e3953e99e", + "0x61010a002b094200063608808400824b2a69ea43a10000644110254014821000015865b0c060124668050200164c4687c823682187db14a801002814181086a60200000221400110", + "0x1cc981657c8a20f5c777fc1df0e3cde0b23d434e043732dcaaa0758e009a8d1bf8591ff8db693d676eff2c39645b79c1ef7f1ec7fbffdfdd9fbfb9aeb7a5dbfffbedee6bfff7aff77b7fffcbdedebf6d2ddd7ff9fffff7676dbddedfffeec7d7fef3fd7b9ffffffb9f7f7eb5bdbbffbe8eb7ff4efbd3e99f", + "0x1cc981657c8a20f5c777fc1df0e3cde0b23d434e043732dcaaa0758e009a8d1bf8591ff8db693d676eff2c39645b79c18e7e14c7d0f69ddd9989b12e33a559b4d18404285ef7af933a6fda8bca5caf6d2c851a493f9fe52105b8dcdfe9a2815036d0955a1824eb539e7f56a1a5ab79188cb7ff4cda93e88f" + }, + { + "0xb77c8e0971a4f32bc9539c14b542ed2fa08e87560981cbdca4ccf4f7cc04fe7546a4a7eebe2592d131329fd591f66728a4179e", + "0x2fb77bc1694a8265e74ee9f41672fc681d72ea8eb65ef5807bcba4bc52ef9e381a4e4315a771497e506b734def1ca93dd519fe9e6944dd782380dff70b72798c", + "0x327c080970a08222485180108100ac02a08e0012080101842048745048004c6504a025c4182492410010180180d6670820118c", + "0x2fb77bc1694a8265e74ee9f416f7fcee1d73eeffbfdff79c7fffe6fd7fef9ebf5e4fc3dffff5cdfef7ef77ffff5eadbfffbfff9ef975fffff791fff72bf67f9e", + "0x2fb77bc1694a8265e74ee9f416c580e614034e7d9d97a61c6f7ee6517d4f10bf4c47c2de7bd5858aa7a777b39a5a0d9a3ba7db0cb875efe7f611299023d66e12" + }, + { + "0x89a0fbe80f4c622f45f4f7a15d8dc23bff17d939349f39cffa643af024db78243fc46c7948ab14ea12595e8a6cf2196ed4f353d9b1b8834b96fb61073301b99af019f042b2215e8cd5f31cf65123dab47d6b697a", + "0xc2b6f7a999af54a94c156f771b995b528", + "0x22215a8890f108944102d23039012128", + "0x89a0fbe80f4c622f45f4f7a15d8dc23bff17d939349f39cffa643af024db78243fc46c7948ab14ea12595e8a6cf2196ed4f353d9b1b8834b96fb61073301b99af019f04ebb6f7e9ddff75ef6d177fff5fdfffd7a", + "0x89a0fbe80f4c622f45f4f7a15d8dc23bff17d939349f39cffa643af024db78243fc46c7948ab14ea12595e8a6cf2196ed4f353d9b1b8834b96fb61073301b99af019f04e994e24154f06566290752dc5c4fedc52" + }, + { + "0x61cc2de53fe06a0381ce0dc4999795469453324c9036484632c257f02dddee71188198ed649bbe9ddae347178970bfbd3f1f28a787ee407a433f8473ba4fb77940227b769c9d555a8a70917ecfd038f80da4c6d5dc7211cc468c69a2275cfc119f145d2887543bbeb24", + "0x117135d192a9645062d1be59a1f8b151692159285e5877a0ae304521ad800f51fbba812d038e053cb79578c70cd34248a2b4026533bb961add83d9362893b74ce01695861c82b6f94f181feb4a957875c74cf1e7fe48dcc5196bf1214cc564f599168bf2fee1a07e617cfac992443fcdb28247", + "0x1c408050b000202018205c4811200420452124800340802200250302051ca71108010cd24008a09402243138960ad983d13208103644000411800402a4f947100223020148554508a1011648dc010900d0004c454421180408c29a20204e4118f04192003541b28204", + "0x117135d192a9645062d7bedbfffbff57e9395de8de59fff9fe794533adc90f75fffbad2d7f8eddfef795f8df8ed74bfbebfdae7573fb971bffd3f9f6aafbffece7b6b7fe5fbbb6fb7f9c1feffffdf9f5d7ecf7efffecfdc79febfb6d6ddde7f59dd6ebf6fee3f5ffe17dfbcdd2cc7fcfbbeb67", + "0x117135d192a9645062d7a29b7fab4f57c91945c88211eed9fa59001289490c357fd9ad087c8cd8e25084f0de82050bf34b69ac5142c30111265028c4a2ebc9a8e7b2a67e5bb91202388c1dccfdfcb1a092e456eee9a421c696eb2b6d2198a3d485d2e33464c3d5b1a0650b8c40cc4a8e096963" + }, + { + "0x1af3ce2ba6101f661c52430ae7280e3491d8d044a6621c3ef348c4e6e45fc6dfc91ec46b27214a9ebff52a0922fdebf1e895cd7cc4f428c64b7b3c4711b53f1f04f25b2f63ba70f281f52cb8149509f1ad38156397556eedf9e5c72388364cdba9112913", + "0x5c5811bd255dad9049ec956e6eeaa95895e56e1c5c03cbfe24ae065ac3f528fda51a966771d288dfe3aab7611232e6f6bde10cf0d97620ebde6370ab24dbdecd4d7783c05cc8579517951049f16b26cf1612f6344a669d93ac990a997dfb5180a07a75f6a20dc110fd5547e744cfe0b348cc1786d8c7f587dc83fd9e8fdb9", + "0xa00e02861011200452010885280a201010000426621c10c3088462041dc61708124429240042183c050801205169510095043044f02006434024411130091000925b25000a00a201602098100501502c30046203140cc1786584230834481b89002911", + "0x5c5811bd255dad9049ec956e6eeaa95895e56e1c5c03cbfe24ae07fffff7bafda5fef7e775f2aeffe3ebff7d9f36eef6bde3eff4dd7e6eeffe6ffcbbecdffeff5dffebff5ee8d7bfdfbf1ec9fdffeecf569ef6b7fbe6fd9bfff9fadf7dfbf7bba77f7dfff2cfc159fddf5ff7c5dff9f75eeedf9edcf7fd87fccfff9f9fdbb", + "0x5c5811bd255dad9049ec956e6eeaa95895e56e1c5c03cbfe24ae07f5ff17929ca4ecf7a255e226ad6349fe7c9f36ac909c22e3c455384eae220e8c3ac89d6cbf59de683f0e68c5bac92a0ec0adbcea80549e9283f9a2ec88ff68fad65849a7bb07755de9f0c64059adca5d34c599d9c61e22c81884b5cd04b84e470f9d4aa" + }, + { + "0xcd10bb69c381582eff7391a446db73312e738c6978564b350ca88e09cad650ef89dfb4cb00831c41d4739e957fdac00124348c91183da60b8f12dd3e349cad8b8d752fd9ea5613b1a41818032e0a2f2030790009a4fe9cdca54f96402b143e", + "0x7c4f944973a8882522976043833419c2c15b1531af1207b40092dd1e3c123a4cf06370c3111b", + "0x104d140010a888052007404202101180001801200a020030000009043c10180440024003101a", + "0xcd10bb69c381582eff7391a446db73312e738c6978564b350ca88e09cad650ef89dfb4cb00831c41d4739e957fdac00124348c91183da60b8f7edfbe7dffad8bad77bff9ebd737b9e6d95b173faf3f27b47992ddbefe9efeedfff770eb153f", + "0xcd10bb69c381582eff7391a446db73312e738c6978564b350ca88e09cad650ef89dfb4cb00831c41d4739e957fdac00124348c91183da60b8f6e92aa7def0503a857b8b9a9d527a866d943161fa53d27847992d4bac28ee6e9bff530e80525" + }, + { + "0x1cdc2579b3f1727c03a0f733c6a1a50025c8b51640ed21fb0e700f873d35c83797a14", + "0xe3e7298d39a9c7cd225125b1a01505e3d9ca63f8b494e4d7218b10e8bddc06984bbbe43e263f30f6a92a9d7", + "0x10042120110162580220f03084a085000100a0144004004b0a600e063d30c02102814", + "0xe3e7298d39a9c7cd225dfdb5f9b7f5f3fdcbe3ffb7d6e5f721afd8fdbfdcefb9fbbff43fa73f35febfbfbd7", + "0xe3e7298d39a9c7cd224df994d9a6f491a5c9c30f8752457221aed85dab9cebb9b0b59431a102053e9ebd3c3" + }, + { + "0x3ac7a7062a50d421ec7b732acfeafd988b5fe95661d371a7f2fdb5b9c1d37e304dd3a0dfcb995e9f99e1b86696b54df83fcd4e87764ffe27fbbd785875c31993f20f4628df79cbaeb50c3dfd132e20935f33ee0276c23f445dff5a075a8198907c1e248787fb28c44495d2e2ed677832432eeda5026afb91467cef4b8", + "0x12659e0b26181845981459681797ab57a50c5b4a34882e973f884d99c1e89c0457b99c9445be077039c60cffa057c608594d38423730d3eae76e8a8db6f946877e90bfecde4aaa320128ef3811cd31c3834e66fa7a61d1454778bf82781c091ae5fd348fd903d85116f83f331d84edaa925d1d65b0b30c1b7c6c69da380", + "0x20860306081044000459600287aa5580085b481400021127804d9181c0900410099080458a0150198000b820168408580d0842073043ea276a88081071420112900f44084a280200200c3811012000834e22ea0260c0054458bf0200180118807c14048103d800044015120084652812410c65a002081b104468ca080", + "0x127fdfaf263a58d5b9fc7b7b3fdfebffbd8f5feb76e9fff7bffafdbdf9e9df7e77fddfb4dfff9f7ebfdfedffe6d7f74df97ffd4eb776dffee7ffbffdfefdc79ffff2bfeefedffbfbafbdef3dfddf3fe3935f77fe7a77d37f477dffda7f5e899af5fd3eafdf87fb79d6fcbff3ffedeffab25f3fedb5b36efbfd6e7dff7b8", + "0x125f59ac20324891b9f8221b3d5841aa3d8704a362e9fde6987ab02c78294f7a67f44f349a759e2ea65fed47c6c17345a172f50cb0469c14c09537f5ee8c859eed62b0aaf695d3f9af9de305ecde1fe3101155147817137a032540d87f46888275812aab5e842379d2bcaae1ff698ad2a01e338815b166e0ed2a1535738" + }, + { + "0x39d2210d760b098917fd1293f0708ed6ffcd7686a4041e774a0f52e808524d686429da6774dd45dcf69abb4a7a48116d71f8e38074196cddf128b041a28cdc1e12cf755c7", + "0x59d65c9b948dab08f5c3604fb8b4d15085e4ae6ea8e762bbcceb904b3d9b5837977c4c9f2b9e9f3f8c6babd3b5e846ed8bdad898648bc4f8ccbea95d7a9cf5fd694e6b1a176058fbb30257aafa296741ab7181398c43a264a94972c08b4a5c56807a5f06b5b88eb420df822b43c43b400d0", + "0x284221095208080003c41080b0200c529cc5740004001a17400852a000520868202140237081018c42822008484000094058428070190495b008b00082800802000b400c0", + "0x59d65c9b948dab08f5c3604fb8b4d15085e4ae6ea8e762bbcceb904b3d9b5837977c4c9f2b9e9f3f8c6babd3b5f9d6ed8ffedb99ed9ffdfadffef9dffefffdffefee6f1e776a5ffbfb0a57effa6d6fdbef75dd7ddcf7baffeb7b7ad1ef7bfcf7807e5f6efdf9aeb461ff8eff5fd6ff755d7", + "0x59d65c9b948dab08f5c3604fb8b4d15085e4ae6ea8e762bbcceb904b3d9b5837977c4c9f2b9e9f3f8c6babd3b5d194cc86acd391ed9c39ea5f4ed9d3ac63388befea6f04602a57a95b0a05e7924d4e9bcc055c7c50b538dfe3333ad1e63ba4b5000e466a6849a604617d0ef75dd6f435517" + }, + { + "0xcf08fe64414998cc59938913e660f0f9b221f459cd8e04126cf902d0b6cea0edc26164b9d84e9ce7dfe058c1fe0fb452848616368c3", + "0x234286d14c1098ea9fd7f83508641ef3288da679fce09dd1359514ebf0dbcdc73b8f7f6171762d3d5df6492591c9386", + "0x4000910810806090d1b02100400c820000247900c094c0208500616099c84618875f6050402c0d145200041000082", + "0xcf08fe644149bbcedfd3cd13feeafffffa35fc7ddfff2c9feef9fef0bfdfb5fdd6ebf4fbddcfbfefffe179f7ff3ffdf6cda797ffbc7", + "0xcf08fe644149bb8edf42c5037e8a6f2e4a14fc3dd37d2c9fca80fe302b1f9578d68a94621589a768a08129b7d332e9a4cda387ffb45" + }, + { + "0x343e32e61b86c0c7cc895cf233ea3d5b5ad65435c1f87e034b59788a9af14ffae9249f1f3cfe0789abbe8edc8ce", + "0x63f7afb1dcebc9d65f9d468754ea558119988cb7d85e427003f2c1d9b360d2c75b97c1308ee3a7b5901044c6353e14f3e6b54a2ead64acdf914c6f7b6d4ed3205abdc78aa7bb47d548607b4ffe1db7331aac39c8bc7fcfd62238467352656a3ad04a423", + "0x241e10440b024046c00058b0038a251b42d4402041487e010311188818c00c7ac9040218047202012a3a8048002", + "0x63f7afb1dcebc9d65f9d468754ea558119988cb7d85e427003f2c1d9b360d2c75b97c1308ee3a7b5901044c6353e14f3e6b54a2ead64bcffb3ee7fffedcfdfa95efff7eabffb5fd75c75fbfffe1fff7b7aaebbf9ffffeff6bf3f7eff57edebbededecef", + "0x63f7afb1dcebc9d65f9d468754ea558119988cb7d85e427003f2c1d9b360d2c75b97c1308ee3a7b5901044c6353e14f3e6b54a2ead6498e1a3aa74fdad891fa9064ff4609ae01d031c55bab7801efc6a6226a339f38526f2bd277a8d55ecc1845e96ced" + }, + { + "0x981ba5db1da1fe952887e32cd21d51ba024022c8d837ec00f9772a111f87644012cee4a01f66d09ef168ebdfb91232e9e8f65d63ee7e6e050ae9707e7b15df4f8037b0d8d427f32429a45312a24081ed5a9c8ec22358f3621c961349638f30e049d00d513901fe065d5364f4cfca93f14a2b1b", + "0x1ba08accd8474ea8d9dc2f10d3c2c2edcbf9c3a909ab45", + "0x38000c048400c0019002e00514240e4cbc883a1082b01", + "0x981ba5db1da1fe952887e32cd21d51ba024022c8d837ec00f9772a111f87644012cee4a01f66d09ef168ebdfb91232e9e8f65d63ee7e6e050ae9707e7b15df4f8037b0d8d427f32429a45312a24081ed5a9c8ec22358f3621c9613497bafbaecd9d74ff9f9ddff16dfd3e6fdcffbd3f94bab5f", + "0x981ba5db1da1fe952887e32cd21d51ba024022c8d837ec00f9772a111f87644012cee4a01f66d09ef168ebdfb91232e9e8f65d63ee7e6e050ae9707e7b15df4f8037b0d8d427f32429a45312a24081ed5a9c8ec22358f3621c961349782fba2c919743f9e0ddd1168e91a6190433505843805e" + }, + { + "0x1d9992a4fce731fe937e70ec9efba437b1efa9e5459e3145f8c9142c6988eca9a61273750bcc1f00a64b32bab5a3a4c89858231f4fedce7a73bcc7285bbd18b328ccc298919f5511e973cd124f7e1c3912d52f4593c676f1c3f87a521", + "0x6e195204da93bdade43f0622217647326502417d70305d050d988", + "0x421810045011a921c412062200300210250001447030410008100", + "0x1d9992a4fce731fe937e70ec9efba437b1efa9e5459e3145f8c9142c6988eca9a61273750bcc1f00a64b32bab5a3a4c89858231f4fedce7a73bcc7285bbd18b328ccee99d39fdf93fdffed3f4f7e3d7f57f76f47d3ff76f1dffd7fda9", + "0x1d9992a4fce731fe937e70ec9efba437b1efa9e5459e3145f8c9142c6988eca9a61273750bcc1f00a64b32bab5a3a4c89858231f4fedce7a73bcc7285bbd18b328ccac81c39b8f8254de292d495c3d4f55e74a47d2bb06c19efd77ca9" + }, + { + "0x123b8aaf5660144d596f10574b4c232f267222596831", + "0x10ab460448ce805f18a3c1d64fc8cc0c02b2cd5f860d462e33602f09fd131e5468c86997e5a033729b2a03d3c284ee0111488ea", + "0x1021028c0600144801270012000c2028066000100820", + "0x10ab460448ce805f18a3c1d64fc8cc0c02b2cd5f860d462e33602f09fd133ffceafd6f97e5f5b7f39f7eb7d3f2f6ef2335de8fb", + "0x10ab460448ce805f18a3c1d64fc8cc0c02b2cd5f860d462e33602f09fd123decc23d0f96a175a5839e5eb711f076892334de0db" + }, + { + "0x17529608c59c36277d9e89f9b275032e62ab42b4dc006f1943e12b088c36657b02937109db797e2fbb83c984f507841be083c5e36dd04a8b7d3", + "0x1d556659e3b765044e08b1f7879bf057ef", + "0x1814004940304104080810368500a017c3", + "0x17529608c59c36277d9e89f9b275032e62ab42b4dc006f1943e12b088c36657b02937109db797e2fbbd7dfe5ff3ff65be4e3cfff7df9ff8f7ff", + "0x17529608c59c36277d9e89f9b275032e62ab42b4dc006f1943e12b088c36657b02937109db797e2fba569fe16b3cf24ba4634efc15a9f58e03c" + }, + { + "0x23ed0547893da2de2673832f9e6d988ce38c44a47495c1e0a714eb2f18ec455157cc20ea9da75cdcb0c4e9afa546efb3650b7e5cb7e659359d17fe79d2d5116bcd6c5cca45e0719d063e7df33f6788e5c6bd77c114340748cf553c5aa4992076953c4904181e24bb7c26a6e895d8b808c70133b52c9ca4a2266c2e2302bf777", + "0x3eaf5dd3cbba83558163fd16469a3d64905ff28ee65c15ff01f4d720b1ad669a893671bb614382f2331985333b0af52cbc0af22e50e4cb39d4ab3ad58127b3c481e692bb22dc0b497690e57e6fc84a87c2e1eb85e6c8bfc253fd497fc88", + "0x20aa1d83489880448123a50646922500105cb286401415170070d20011294408080241a061010232311105230800c42c340010240040cb11140a2091002691040104101a20980800268085582808420102a12884a48026400221003f400", + "0x23ed0547893da2de2673832f9e6d988ce38c44a47495c1e0a714eb2f18ec455157cc3eefddf7dffeb3d5e9effd56efbb7d6ffe5ff7eeff7d9dfffffdd7f5b1efeffeddfe75fb71df86fe7ffbbf77bbeff7bdffcbf63e57eccf7dfcfbbedda177b7fcc9e69abf26ff7f6ff6f8f5feffc8cf87f3f5ef9de6eabfee7fff4bfffff", + "0x23ed0547893da2de2673832f9e6d988ce38c44a47495c1e0a714eb2f18ec455157cc1e45c0749766339168cc5850a929586fee034568bf6988e8ff8d05f5a0c6abf6d5fc345b10de84cc4eeaba54b3ef3391cbcbe61a57ac046ce8f19e4ca15126f8c8e28aa50667776fd07870a6d7c08d86f154c719426a99ae7dde4bc0bff" + }, + { + "0x4881b1172db56487aa0b4362479871a57", + "0xd40bc374f241c2bb638ed6dea08d7885135052619d2f58523b3218b57371993a62bea6cfc8abf4abb8e4a96b0a38bbffffdd0bc5e5a6514f0db", + "0x4081210228b16487880b4160061041053", + "0xd40bc374f241c2bb638ed6dea08d7885135052619d2f58523b3218b57371993a62bea6cfc8abf4abb8eca9fb1f3dbfffffff0bc7e7e7d97fadf", + "0xd40bc374f241c2bb638ed6dea08d7885135052619d2f58523b3218b57371993a62bea6cfc8abf4abb8ac28da1d150e9b7877008687e1c93ea8c" + }, + { + "0x1e0e22b43b6de9f7ee3000e87eef492f84ee1bcd3f490cdbf35171b174335fe53afa9b752d9b1e1b0bd58d71d35687cb7b74", + "0xac57c7cfa532414e1182c7c499ffa996f7a28187f7f5d7586f0fd6b64e566bff1ff68daa60d7b650cfece99b8e2551941008aaa5ab966c526d584251600baf9f48d6b573e2779363363cea427961c0ac63d9c9abcc30976c3755b739dcbcccfbb7ae06b5deed54c59a5271caaa26134877898f75b065f3c72a8429ab5", + "0x40602140a4429948a30000876c3410b008c0bcc0f0908c0635160914411052518aa82612483181803510451105280421a34", + "0xac57c7cfa532414e1182c7c499ffa996f7a28187f7f5d7586f0fd6b64e566bff1ff68daa60d7b650cfece99b8e2551941008aaa5ab966c526d584251600baf9f48d6b573e2779363363cebe2fb6bc3beffdfffebcc3e97eef7d7ff7ffdbcdfffb7efbfb5dfff57c7bffe73efabb753d9f7e9bffdf8f7fff76afcbfbf5", + "0xac57c7cfa532414e1182c7c499ffa996f7a28187f7f5d7586f0fd6b64e566bff1ff68daa60d7b650cfece99b8e2551941008aaa5ab966c526d584251600baf9f48d6b573e2779363363ceba29b4a831abd46b748cc3e1082c3c74f773d001f0f2763b980c9f64386afac226503914191c6683fc8e8b2eef242f89e1c1" + }, + { + "0x46529c1d4b03b4a0efd29ce200ce9564cdc4fa4b53b9b6725e3fffe3454d6e53848fa573858f0bdbcf846d790a5bfc7470d0b8ac1d494804fa7048b869d5e016e389bf93cb959469dca3f4c5e93f8bcb7dbb64bcec19c8d9dbc5f2cecb285d81f5fefe99ff4564662c7cc275a40f0ea519adb2", + "0x1b10fed79bfd5e52ba14eea13cf223bfbeb5f42bd781083545c4306ed5f69250efc19707288aadf9df45b4056a293da0cfae076ee9b08e7a7058ef0a58e67149980cdc60a75825607ec4e531e9d036e71e3df52048853e3", + "0x1010d6c518485a523810e0a13cf0029790a5b4034701080041c4100045a6000086811601280889f91c01100408083d004e82002ca190864a40408c0818a4510888008440075825601ec4440060c004271a00f02040801a2", + "0x46529c1d4b03b4a0efd29ce200ce9564cdc4fa4b53b9b6725e3fffe3f54fef7bbfdfe57ba5cfebdbcfa67ffbeb5ffefd78d0bbfc5d4b4eedff796dbefdddf076ebabff9fffdfd47ffeb3fecdfbffffefffbbe7bfed9ff8fddfe7f6dfcbeddf8bf5fefe9fff4f777ebd7fee75e7df5ea599fff3", + "0x46529c1d4b03b4a0efd29ce200ce9564cdc4fa4b53b9b6725e3fffe2f442832a3b5a405824c1e1c800a65682e104bec908c03bf8410a4ee9a5196db695cc90646b23600e3fced43f7e302ec913dffd25e6b3831be997387c55a2e6574be59b8b807ca89e130b3778b17fac0447d05ca191fe51" + }, + { + "0x1c61ea1ba6135d29a669cc258f24a09ce0c6af1fa717", + "0x277557a8f45578e7730c64350cd3fd389bf96320fb3079402e9949062868fda63a6c371adf34952bd8fbf8a361671041556548ecabc7561f3febfcf26290dc819caa54b8eb26a7fb3a593202b2eb9a87fa214342ea4d639c3487882c7b6a03401d0715171c8ec44d45eff0c2571ca3f556d0d986fbeb5ff", + "0x10416008a4005408a60804218a24000c00802f1ea517", + "0x277557a8f45578e7730c64350cd3fd389bf96320fb3079402e9949062868fda63a6c371adf34952bd8fbf8a361671041556548ecabc7561f3febfcf26290dc819caa54b8eb26a7fb3a593202b2eb9a87fa214342ea4d639c3487882c7b6a03401d07d71fbdbee57dd7fff6ded75cf3ff5fdeddeefbfb7ff", + "0x277557a8f45578e7730c64350cd3fd389bf96320fb3079402e9949062868fda63a6c371adf34952bd8fbf8a361671041556548ecabc7561f3febfcf26290dc819caa54b8eb26a7fb3a593202b2eb9a87fa214342ea4d639c3487882c7b6a03401d06d309bd34a5789775965e954451bf5f1ed5ec0a112e8" + }, + { + "0x259856f9c56582b4f8056fdbd37332ff6684ad104683782087ef2b965fa2d22153ca880d735c116878afac5b2477b7f", + "0x1518494828299164e2ee455afe73cd24484df0def1e24c01926bdb2566d44e483a04bbdd5aeab159678305b6ade08cb5bc83e0e63a7bd9e2bb016c355f0fd9e94044e8e9dd380c64ea2f83d239d0987a6864dd1a07c9d742", + "0x20105268c4008210c8040e438331122b2004811040811800044e0a945380c20002c8080111080120000d80002415342", + "0x1518494828299164e2ee455afe73cd24484df0def1e24c01926bdb2566d44e483a04bbdd5aeab15967db85ffbdf6dcbfff83f6ffbf7ffbefff696ef55f6fffeb487efaf9fdfa2d66ff3fabd2fff5d97eefeeffdfb7cfff7f", + "0x1518494828299164e2ee455afe73cd24484df0def1e24c01926bdb2566d44e483a04bbdd5aeab15965da80d931b6d49ef303b61b874ceacd4d6926e45b67ee6b483a1a50b8c22146ff132b52eee5596cefee27dfb58eac3d" + }, + { + "0xd8526c4a399bb415b422ab254fb7c9a053c1507e3260aac195366c5fed9ff583053547f1b8f54561838e8d5fff273e25", + "0xdc8169197ca1b7f60394685c3438a5b9ff07c0deafe3d68064567be3d9ad3c577600e0d98c4bda37a6ed8175d437cded052bdf221c4c3d76221331061", + "0x4002480a30180400b42028044527882012c14076200008808434205a6c981501013446d010b540218082854221231021", + "0xdc8169197ca1b7f60394685c3dbda7fdff9ffbdfffe3feb274ff7ffbddbd3d57f726eafd9d5bfef7fefdff7df477ddff1fafdf761c7cfdf7fff373e65", + "0xdc8169197ca1b7f60394685c39bd837d5c9e7b9ff4a1fc3230ad0779dc9129509526ea759518bcf258347e2de46499921ea48b740474d5a3dde142e44" + }, + { + "0x47ac96c78ee0c7a9906ce5af63d0ad1b0420e1ca783cc6904ee84", + "0x630297e0f122e36f0c5f2f34efbb078c2f4c00e7c16f96cb054", + "0x20028780e002a1000c452f20c0a90304204000600046904a004", + "0x47ef96d7eef1e7ebff6cffaf77ffbf1f8c2fedcafffdef96cfed4", + "0x47cf94506e11e54aff60ba80573f161c880fadca9ffda90685ed0" + }, + { + "0x432a40ea48fcb8b8161bc19a26b544f54833bf5e005c7d1c19e8405c5464c8c139fdd9b627865e596c513fc68454827f070310dd7efe80306693ce441c89a74d91db5e27d6ba966aa1e109cc8385bd86a23d127cf609eea4118e0e1d9be83b561dcffb0ec3844d22", + "0x70d78d38ebcadb77733fc709a6d3b76576ca71acd7e3196640d6adc00225142070b943d5624a3a3d4e77a787d8221848ab06c5135", + "0x50c7880002481864410882008011b560744a212482021004401009c002211020402002c0400820214836838540001800a80044120", + "0x432a40ea48fcb8b8161bc19a26b544f54833bf5e005c7d1c19e8405c5464c8c139fdd9b627865e596c513fc68454827f070310df7ffed3befebfff773ffdf7dffdfb7e77febf9eeffff19fec8feffd86a27d527fff9dfff635afafddfffa7b7f9fefff8ef3ec5d37", + "0x432a40ea48fcb8b8161bc19a26b544f54833bf5e005c7d1c19e8405c5464c8c139fdd9b627865e596c513fc68454827f070310da738653beda3e79332f75d7d7fce02870ba1d8ca7dfd09fa88eef6186806c507bfd9dd3f2352dadc97c92432b9fee7f8473e81c17" + }, + { + "0x7c4c2d104ca2a5c080fbf1e717e47f848ff9be3555bcff60c07907ade9e334a556157dcd28ebbfd73367defdc4d8f5de60815360394e4de6e7535d356ccb8a2d896157ba65a7e8541a06e604454aef3e8cebfc7aedb48466eb65039cf17c13fcdb1b", + "0x2a73b2854f05d043d4e28e0b2634fd7023aaf3e57e58f213dd0693769", + "0x2a0100804e00404084e2880a2604ac50000262a45018c213c10681309", + "0x7c4c2d104ca2a5c080fbf1e717e47f848ff9be3555bcff60c07907ade9e334a556157dcd28ebbfd73367defdc4d8f5de60815360394e4de6e7535d356ccb8a2d896157ba65a7ef7f3a56f65d457fef3eecfbff7fffb6beefff77e79ff17dd3fdff7b", + "0x7c4c2d104ca2a5c080fbf1e717e47f848ff9be3555bcff60c07907ade9e334a556157dcd28ebbfd73367defdc4d8f5de60815360394e4de6e7535d356ccb8a2d896157ba65a54f6f325216594177a1166c599f353ab6bec9d532e613d041c395ec72" + }, + { + "0x3ee957090c3ab10e1c8af669f2093bba430a4322a741522d2ce1d20b07558298627de3dbbbef8828abc64195bad0f9f6acbb734a420d0d8dd330e90d23ab633826a612060eb95070758199006b547b24792d59f97c3191b2dee7a96e", + "0x7e30cfb7abf89648583c2f705f30abb997ded579a0de3172e2b546c920f92fbdf3bf5ffbd5d73620da518e7b4964a44505817d16c7028f4da494135d2589deffbfdb19f6a454f0431cda1884e51f48c67605f9f044e955a4f23da9dfa92af8dfba09ea6adf0390c", + "0x4e102090838a1061808e20122091028020a02228701502d2c415202050500802014424010480000284000949a4041348018114a420d018d42004904218921080600100406205010040091004b005a0478000989782090a28ce0290c", + "0x7e30cfb7abf89648583c2f73ffb5fbb9d7ffd5f9e8ff77ffe2b7ffed30fd3fbff7bf7ffbdfdf36b0ff59afff6ffebdffbff9ff9eff669f5fad9f9f7fefbffeffbfdbd9ffb75ef0d33efe3b86ef7f68e6ff95fff75cf9d5a6f77fbbdfbbffffdffb19fb6fff7b96e", + "0x7e30cfb7abf89648583c2f73b1a5db295475c598687157edc226fd6d105d1d9787aa7d291bca1690af09a7fd6eba99febb79ff9c7b669616099b8c37ee3eea5b9f0bc12b975a6091266c2b068f7e68a69d90fef71cf0c5a2477a1b983bff67487910f1473179062" + }, + { + "0x20265b43c9319cd56eac6a02cbf7913ba44b", + "0x995b92e854a8e0d548bfc02e18529b37790f0e4d9aaf36e7abc4a0f1e6d69489215aaa61b5863b1c86b3536b443dc639d1eb3db7789c2cb2f8cad1a74e5168ef33948c81a06fbad3b9ab0b7c84045cd1f77620ef43c7f2088d2901917bec5346a44f679be9491d273dbe5bf6e39095bb411cac63e38626013d671445c", + "0x20261901493010c0462c2802401390310448", + "0x995b92e854a8e0d548bfc02e18529b37790f0e4d9aaf36e7abc4a0f1e6d69489215aaa61b5863b1c86b3536b443dc639d1eb3db7789c2cb2f8cad1a74e5168ef33948c81a06fbad3b9ab0b7c84045cd1f77620ef43c7f2088d2901917bec5346a44f679be9491d273dbe5bf6e7b4bdbb59ddfeebe7a62ebf7d77be45f", + "0x995b92e854a8e0d548bfc02e18529b37790f0e4d9aaf36e7abc4a0f1e6d69489215aaa61b5863b1c86b3536b443dc639d1eb3db7789c2cb2f8cad1a74e5168ef33948c81a06fbad3b9ab0b7c84045cd1f77620ef43c7f2088d2901917bec5346a44f679be9491d273dbe59f48624a92858d1fa8925260abe4474ae017" + }, + { + "0x20a92c71c161a786989694109718416d7a291b8f9c71a5a71ee827e003a5a19cf2aa8faeecbfa231c330e2d4c747b75ccc4d43d8c37472b60", + "0xc2ba3ef844b62f020cd6e4b010499c2c28ab3c15ed2ef3114e5b806244e57be1a7d999a21399c1e950977f021c82a906bed39caeec6aa077628421f9d5dfed01b24fe857000e259537fbe07d6a83080080ae927512d4518f9a56f0a40376234855377d8ef40dcb6055bd8d351", + "0x20282071400021809096840092084045000801851471a0250a80000000a480141280018e8816a020033022404507350cc40d4340413400340", + "0xc2ba3ef844b62f020cd6e4b010499c2c28ab3c15ed2ef3114e5b806244e57be1a7d999a21399c1e950977f021c82a906bed39caeecebac77e3e5a7ffdddffd11b75fe97f7a2f3f9fbffbe5ff7eeb2fe083afb3fdf2fedfaffefff2b5c376e3dcd777ffdefc4dcbf8d7fdffb71", + "0xc2ba3ef844b62f020cd6e4b010499c2c28ab3c15ed2ef3114e5b806244e57be1a7d999a21399c1e950977f021c82a906bed39caeccc38c06a3e5867f4d4979112557a93a7a273e1aab8a45da746b2fe0830b33e9e07ede2176e95295c046c19c9270cad2384088b896c9ff831" + }, + { + "0xf6b7f399370d10b097b17e514f044d77a8f170148f4837033bb5d425f73a4079e1c7a9c3e69246f902d8c9fd27caad1e93d83578d4af8d3b7b1c02041c44917a22ed56f2562ac1426a356f8d31965e8e367b8929f3907b1dc6e73a8f3a566ca5c4e113e9d2c53770b110df51cf504701ff3fcea5b819b9bfc49f", + "0x61989df2b7097a6a84dc016aec2716d9cac359d2d799d90ec006a66efe3f1fd0851978c4cfe2f64b307b852e23f5dfdc2f63196e1076782a228a46f5f7d4e54afc1ad7abf1f8fef46edaad1706956f95eb95953bd4", + "0x990290097822808c0002c82510d08a8119521400000c40002222ec1612500001404005628401105a8426238109d0006319460032082a020804c4e110e142c41250a110d850c440420117068425900991950094", + "0xf6b7f399370d10b097b17e514f044d77a8f170148f4837033bb5d425f73a4079e1c7a9c3e6f3defdf2ffc9ff6fcefd1ffbfc377eddefcf7bfbdf9bdd1ec497fe6eff7fffd6afd97aeeffefff7bb67f8f3e7bfdffffbf7b1deef77eff3a76eee7f5f7d7eddafd3ff7bbf1ffffff7edfadff3fdfefbdfbbdbfffdf", + "0xf6b7f399370d10b097b17e514f044d77a8f170148f4837033bb5d425f73a4079e1c7a9c3e6f3de64f06fc0874d4e711ff934126e0d654e62a9cb9bdd128497dc4c1369ed86afd83aaefa8d7b7aa6250b18587cf62fbf1804a8f74cf71074e6e33116c70c98392da71ae127af3b3e9dace8395bca2df22c2aff4b" + }, + { + "0x31d126e874580b754389fad8b64aaa61cabb4f8eb6904fe7e504341ed903f7daa3e74d4da3afca80b2415672a", + "0x16fb17a0468c0afa6bad456efa4f9baf26860eda9d7c00c2520c8c9b6026fb50df59b8cb74f6d9be861052c5e831158e7ffd98746328ce11f91d9ea22f0803a8b059aea22d1715ca1abeae53a8bc6b8bfb9b6c9d24ae714767", + "0x11100e0745803440288e0189048aa20c0800a8a04904a22c10014008902e51a83c6080da1a6c880024114722", + "0x16fb17a0468c0afa6bad456efa4f9baf26860eda9d7c00c2520c8c9b6026fb50df59b8cb74f6d9be861052c5eb3d17eefffd98f77738dfbdfb7dbea63fabb7f8fb79aefe7f5757cbffbebf7faabe7fdffbbbfcbd2fae75676f", + "0x16fb17a0468c0afa6bad456efa4f9baf26860eda9d7c00c2520c8c9b6026fb50df59b8cb74f6d9be861052c5eb2c07e0f8b818c3371051bc7279340433a3b7505b30aa5c5347568bf72e912e02821f5f21a190352f8a64204d" + }, + { + "0xbf1a14e469c234b72d56324d100e016bc38cdf7158e35f230c047585e7b107acc8e222e7f19552541e59316affd90e96ca657b6112f5e8c786dfcff342fc46252fcdab10c632578540dbf6235f164bc5711924c7c6ba9da85ab", + "0x5dd3fb9a3de26cd89eb9517af6bb25678f149f906e8751a0c20d7646d21c17191237022a990e0156541e376986fd6a680c60228e5955df08bae5789c81751cdcafe5a2e72d45b09", + "0x5d5158821d220c001481413006a800620204919042041000000876400214020112210220880600564412026806252a480800020251054008b22158140145101824c582a20d00109", + "0xbf1a14e469c234b72d56324d100e016bc38cdff3fbfb7fe36cdcffbdf7fbf7bfede7aff7ff957ed75ff9f36fffdfde9edf7d7b7712fff9cf87dfdfff77fdc6fd6fedaf70e6be5fd5dfdbfee77f9ecbf57dddafe7e6ffbdedfab", + "0xbf1a14e469c234b72d56324d100e016bc38c82a2a37962c160dceb3cb6cbf117ed85adf36e053cd34ff9f367899fdc8add7c695610df71c987899bed7595c0d845a5a770e4bc0ed09fd34cc6278acab06dc58b22645db0edea2" + }, + }; -private: - BufferedTransformation &m_source; -}; + bool opa=true, opo=true, opx=true; -bool ValidateBBS() -{ - std::cout << "\nBlumBlumShub validation suite running...\n\n"; + //////////////////// AND //////////////////// - Integer p("212004934506826557583707108431463840565872545889679278744389317666981496005411448865750399674653351"); - Integer q("100677295735404212434355574418077394581488455772477016953458064183204108039226017738610663984508231"); - Integer seed("63239752671357255800299643604761065219897634268887145610573595874544114193025997412441121667211431"); - BlumBlumShub bbs(p, q, seed); - bool pass = true, fail; - int j; + for (size_t i=0; i and + // Exponentiate(). It can easily consume all machine memory because it is an exponentiation + // without a modular reduction. - const byte *message = (byte *)"test message"; - const int messageLen = 12; + // ****************************** DivideByZero ****************************** - SecByteBlock signature(priv.MaxSignatureLength()); - size_t signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature); - fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength); - pass = pass && !fail; + { + try { + Integer x = Integer(prng, 128) / Integer::Zero(); + result=false; + } catch (const Exception&) { + result=true; + } - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "signature and verification\n"; + pass = result && pass; + if (!result) + std::cout << "FAILED: Integer DivideByZero\n"; + } - ++signature[0]; - fail = pub.VerifyMessage(message, messageLen, signature, signatureLength); - pass = pass && !fail; + // The 0*0 % 0 test. + { + try { + Integer x = 0; + Integer y = 0; + Integer z = ModularMultiplication(y, y, x); + result = false; + } + catch(const Integer::DivideByZero&) { + result = true; + } - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "checking invalid signature" << std::endl; + pass = result && pass; + if (!result) + std::cout << "FAILED: Integer DivideByZero\n"; + } - if (priv.MaxRecoverableLength() > 0) - { - signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULLPTR, 0, signature); - SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength)); - DecodingResult result = pub.RecoverMessage(recovered, NULLPTR, 0, signature, signatureLength); - fail = !(result.isValidCoding && result.messageLength == messageLen && memcmp(recovered, message, messageLen) == 0); - pass = pass && !fail; + // Another 0*0 % 0 test. + { + try { + Integer x = 0; + Integer y = 0; + Integer z = (y * y) % x; + result = false; + } + catch(const Integer::DivideByZero&) { + result = true; + } - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "signature and verification with recovery" << std::endl; + pass = result && pass; + if (!result) + std::cout << "FAILED: Integer DivideByZero\n"; + } - ++signature[0]; - result = pub.RecoverMessage(recovered, NULLPTR, 0, signature, signatureLength); - fail = result.isValidCoding; - pass = pass && !fail; + // The 0^0 % 0 test. + { + try { + Integer x = 0; + Integer y = 0; + Integer z = ModularExponentiation(y, y, x); + result = false; + } + catch(const Integer::DivideByZero&) { + result = true; + } - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "recovery with invalid signature" << std::endl; - } + pass = result && pass; + if (!result) + std::cout << "FAILED: Integer DivideByZero\n"; + } - return pass; + // Another 0^0 % 0 test. + { + try { + Integer x = 0; + Integer y = 0; + Integer z = EuclideanDomainOf().Exponentiate(y, y) % x; + result = false; + } + catch(const Integer::DivideByZero&) { + result = true; + } + + pass = result && pass; + if (!result) + std::cout << "FAILED: Integer DivideByZero\n"; + } + + // Integer divide by 0 + { + try { + Integer r=1, q=1, a=1, d=0; + Integer::Divide(r, q, a, d); + result = false; + } + catch(const Integer::DivideByZero&) { + result = true; + } + + pass = result && pass; + if (!result) + std::cout << "FAILED: Integer DivideByZero\n"; + } + + // Another Integer divide by 0 + { + try { + Integer q=1, a=1; word r=1, d=0; + Integer::Divide(r, q, a, d); + result = false; + } + catch(const Integer::DivideByZero&) { + result = true; + } + + pass = result && pass; + if (!result) + std::cout << "FAILED: Integer DivideByZero\n"; + } + + if (pass) + std::cout << "passed:"; + else + std::cout << "FAILED:"; + std::cout << " Integer DivideByZero\n"; + + // ************************ RandomNumberNotFound ************************ + + try { + // A run of 71 composites; see http://en.wikipedia.org/wiki/Prime_gap + Integer x = Integer(GlobalRNG(), 31398, 31468, Integer::PRIME); + result=false; + } catch (const Exception&) { + result=true; + } + + pass = result && pass; + if (result) + std::cout << "passed:"; + else + std::cout << "FAILED:"; + std::cout << " Integer RandomNumberNotFound\n"; + + // ************************ Carmichael pseudo-primes ************************ + + result=true; + if (IsPrime(Integer("561"))) + result = false; + if (IsPrime(Integer("41041"))) + result = false; + if (IsPrime(Integer("321197185"))) + result = false; + if (IsPrime(Integer("5394826801"))) + result = false; + if (IsPrime(Integer("232250619601"))) + result = false; + if (IsPrime(Integer("974637772161"))) + result = false; + + pass = result && pass; + if (result) + std::cout << "passed:"; + else + std::cout << "FAILED:"; + std::cout << " Carmichael pseudo-primes\n"; + + // ****************************** Integer Double ****************************** + + try { + Integer x = Integer::One().Doubled(); + result = (x == Integer::Two()); + } catch (const Exception&) { + result=false; + } + + pass = result && pass; + if (!result) + std::cout << "FAILED: Integer Doubled\n"; + + // ****************************** Integer Square ****************************** + + try { + Integer x = Integer::Two().Squared(); + result = (x == 4); + } catch (const Exception&) { + result=false; + } + + pass = result && pass; + if (!result) + std::cout << "FAILED: Integer Squared\n"; + + try { + Integer x = Integer::Two().Squared(); + result = (x == 4) && x.IsSquare(); + } catch (const Exception&) { + result=false; + } + + pass = result && pass; + if (!result) + std::cout << "FAILED: Integer IsSquare\n"; + + if (pass) + std::cout << "passed:"; + else + std::cout << "FAILED:"; + std::cout << " Squaring operations\n"; + + // ****************************** Integer GCD ****************************** + + { + for (unsigned int i=0; i<128; ++i) + { + Integer x, y; + switch(i%2) + { + case 0: + { + AlgorithmParameters params = + MakeParameters("BitLength", 256)("RandomNumberType", Integer::PRIME); + x.GenerateRandom(prng, params); + y.GenerateRandom(prng, params); + break; + } + case 1: + { + x = MaurerProvablePrime(prng, 256); + y = MihailescuProvablePrime(prng, 256); + } + } + + if (x != y) + { + result = (RelativelyPrime(x, y) == true); + pass = result && pass; + + if (!result) + std::cout << "FAILED: Integer GCD\n"; + } + } + + if (pass) + std::cout << "passed:"; + else + std::cout << "FAILED:"; + std::cout << " GCD operations\n"; + } + + // ******************** Integer Modulo and InverseMod ******************** + + // http://github.com/weidai11/cryptopp/issues/602 + // The bug report that uncovered the InverseMod problems + { + Integer a("0x2F0500010000018000000000001C1C000000000000000A000B0000000000000000000000000000FDFFFFFF00000000"); + Integer b("0x3D2F050001"); + + result = (Integer("0x3529E4FEBC") == a.InverseMod(b)); + pass = result && pass; + if (!result) + std::cout << "FAILED: InverseMod operation\n"; + } + + // Integer Integer::InverseMod(const Integer &m) + // Large 'a' and 'm' + for (unsigned int i=0; i<128; ++i) + { + Integer a(prng, 1024), m(prng, 1024); + a++, m++; // make non-0 + + Integer x = a.InverseMod(m); + Integer y = (a % m).InverseMod(m); + Integer z = (a * y).Modulo(m); + + if (RelativelyPrime(a, m) == true) + result = (x == y) && (z == 1) && (ModularMultiplication(a, x, m) == 1); + else + result = (x == y); + + pass = result && pass; + if (!result) + std::cout << "FAILED: InverseMod operation\n"; + } + + // Integer Integer::InverseMod(const Integer &m) + // Corner cases like 0, 2m-1 and 2m+1 + for (unsigned int i=0; i<128; ++i) + { + Integer a(prng, 1024), m(prng, 1024); + a++, m++; // make non-0 + + // Corner cases + int j = i % 12; + switch (j) + { + case 0: + a = -1; break; + case 1: + a = 0; break; + case 2: + a = 1; break; + case 3: + a = m-1; break; + case 4: + a = m; break; + case 5: + a = m+1; break; + case 6: + a = 2*m-1; break; + case 7: + a = 2*m; break; + case 8: + a = 2*m+1; break; + case 9: + a = (m<<256)-1; break; + case 10: + a = (m<<256); break; + case 11: + a = (m<<256)+1; break; + default: + ;; + } + + Integer x = a.InverseMod(m); + Integer y = (a % m).InverseMod(m); + Integer z = (a * y).Modulo(m); + + if (RelativelyPrime(a, m) == true) + result = (x == y) && (z == 1) && (ModularMultiplication(a, x, m) == 1); + else + result = (x == y); + + pass = result && pass; + if (!result) + std::cout << "FAILED: InverseMod operation\n"; + } + + // Integer Integer::InverseMod(const Integer &m) + // Large 'a', small 'm' + for (unsigned int i=0; i<128; ++i) + { + Integer a(prng, 4096), m(prng, 32); + a++, m++; // make non-0 + + Integer x = a.InverseMod(m); + Integer y = (a % m).InverseMod(m); + Integer z = (a * y).Modulo(m); + + if (RelativelyPrime(a, m) == true) + result = (x == y) && (z == 1) && (ModularMultiplication(a, x, m) == 1); + else + result = (x == y); + + pass = result && pass; + if (!result) + std::cout << "FAILED: InverseMod operation\n"; + } + + // Integer Integer::InverseMod(word m) + // Small 'm' using word + for (unsigned int i=0; i<128; ++i) + { + Integer a(prng, 4096); word m; + prng.GenerateBlock((byte*)&m, sizeof(m)); + + a++; // make non-0 + if (m == 0) m++; + + // Avoid the conversion from word to long + Integer mi = Integer(Integer::POSITIVE, 0, m); + Integer ri = a % Integer(Integer::POSITIVE, 0, m); + + Integer x = Integer(Integer::POSITIVE, 0, a.InverseMod(m)); + Integer y = Integer(Integer::POSITIVE, 0, ri.InverseMod(m)); + Integer z = Integer(Integer::POSITIVE, 0, (a * y).Modulo(m)); + + if (GCD(a,mi) == 1) + result = (x == y) && (z == 1); + else + result = (x == y); + + pass = result && pass; + if (!result) + std::cout << "FAILED: InverseMod operation\n"; + } + + if (pass) + std::cout << "passed:"; + else + std::cout << "FAILED:"; + std::cout << " InverseMod operations\n"; + + // ****************************** Integer Divide ****************************** + + // Divide (Integer &r, Integer &q, const Integer &a, const Integer &d) + for (unsigned int i=0; i<128; ++i) + { + Integer r, q, a(prng, 1024), d(prng, 1024); + Integer::Divide(r, q, a, d); + + Integer xr = a % d; + Integer xq = a / d; + result = (r == xr) && (q == xq); + + pass = result && pass; + if (!result) + std::cout << "FAILED: Divide operation\n"; + } + + // Divide (word &r, Integer &q, const Integer &a, word d) + for (unsigned int i=0; i<128; ++i) + { + word r, d = prng.GenerateWord32(); + Integer q, a(prng, 1024); + Integer::Divide(r, q, a, d); + + Integer xr = a % Integer(Integer::POSITIVE, 0, d); + Integer xq = a / Integer(Integer::POSITIVE, 0, d); + result = (Integer(Integer::POSITIVE, 0, r) == xr) && (q == xq); + + pass = result && pass; + if (!result) + std::cout << "FAILED: Divide operation\n"; + } + + if (pass) + std::cout << "passed:"; + else + std::cout << "FAILED:"; + std::cout << " Divide operations\n"; + + // ****************************** Integer Power2 ****************************** + + { + Integer x, y; + + x = Integer::Power2(0); + result = (x == 1); + + pass = result && pass; + if (!result) + std::cout << "FAILED: Power2 operation\n"; + + x = Integer::Power2(1); + result = (x == 2); + + pass = result && pass; + if (!result) + std::cout << "FAILED: Power2 operation\n"; + } + + for (unsigned int i=0; i<128; i+=2) + { + Integer b = 2, m(prng, 2048); + + Integer x = EuclideanDomainOf().Exponentiate(b, i) % m; + Integer y = Integer::Power2(i) % m; + result = (x == y); + + pass = result && pass; + if (!result) + std::cout << "FAILED: Power2 operation\n"; + } + + if (pass) + std::cout << "passed:"; + else + std::cout << "FAILED:"; + std::cout << " Power2 operations\n"; + + // ****************************** Integer Exponentiation ****************************** + + { + word32 m = prng.GenerateWord32(); + if (m == 0) m++; + + Integer z = Integer::Zero(); + Integer x = ModularExponentiation(z, z, m); + Integer y = EuclideanDomainOf().Exponentiate(z, z) % m; + result = (x == y) && (x == 1); + + pass = result && pass; + if (!result) + std::cout << "FAILED: Exponentiation operation\n"; + } + + // The 0^0 % 0 test. + { + try + { + Integer x = 0; + Integer y = ModularExponentiation(x, x, x); + result = false; + } + catch(const Integer::DivideByZero&) + { + result = true; + } + + pass = result && pass; + if (!result) + std::cout << "FAILED: Exponentiation operation\n"; + } + + // Another 0^0 % 0 test. + { + try + { + Integer x = 0; + Integer z = EuclideanDomainOf().Exponentiate(0, 0) % x; + result = false; + } + catch(const Integer::DivideByZero&) + { + result = true; + } + + pass = result && pass; + if (!result) + std::cout << "FAILED: Exponentiation operation\n"; + } + + // Run the exponent 0 to 128 on base 0 + for (unsigned int i=0; i<128; i+=2) + { + Integer b = 0, m(prng, 2048); + + Integer x = ModularExponentiation(b, i, m); + Integer y = EuclideanDomainOf().Exponentiate(b, i) % m; + result = (x == y); + + pass = result && pass; + if (!result) + std::cout << "FAILED: Exponentiation operation\n"; + } + + // Run the exponent 1 to 128 on base 2 + for (unsigned int i=0; i<128; i+=2) + { + Integer b = 1, m(prng, 2048); + + Integer x = ModularExponentiation(b, i, m); + Integer y = EuclideanDomainOf().Exponentiate(b, i) % m; + result = (x == y); + + pass = result && pass; + if (!result) + std::cout << "FAILED: Exponentiation operation\n"; + } + + // Run the exponent 0 to 128 on base 2 + for (unsigned int i=0; i<128; i+=2) + { + Integer b = 2, m(prng, 2048); + + Integer x = ModularExponentiation(b, i, m); + Integer y = EuclideanDomainOf().Exponentiate(b, i) % m; + result = (x == y); + + pass = result && pass; + if (!result) + std::cout << "FAILED: Exponentiation operation\n"; + } + + // Run the exponent 0 to 24 on random base + for (unsigned int i=0; i<24; ++i) + { + Integer b(prng, 32), m(prng, 2048); + + Integer x = ModularExponentiation(b, i, m); + Integer y = EuclideanDomainOf().Exponentiate(b, i) % m; + result = (x == y); + + pass = result && pass; + if (!result) + std::cout << "FAILED: Exponentiation operation\n"; + } + + if (pass) + std::cout << "passed:"; + else + std::cout << "FAILED:"; + std::cout << " Exponentiation operations\n"; + + return pass; } - -bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough = false) -{ - bool pass = true, fail; - - fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "cryptosystem key validation\n"; - - const byte *message = (byte *)"test message"; - const int messageLen = 12; - SecByteBlock ciphertext(priv.CiphertextLength(messageLen)); - SecByteBlock plaintext(priv.MaxPlaintextLength(ciphertext.size())); - - pub.Encrypt(GlobalRNG(), message, messageLen, ciphertext); - fail = priv.Decrypt(GlobalRNG(), ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen); - fail = fail || memcmp(message, plaintext, messageLen); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "encryption and decryption\n"; - - return pass; -} - -bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d) -{ - if (d.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed simple key agreement domain parameters validation" << std::endl; - else - { - std::cout << "FAILED simple key agreement domain parameters invalid" << std::endl; - return false; - } - - SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength()); - SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength()); - SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength()); - - d.GenerateKeyPair(GlobalRNG(), priv1, pub1); - d.GenerateKeyPair(GlobalRNG(), priv2, pub2); - - memset(val1.begin(), 0x10, val1.size()); - memset(val2.begin(), 0x11, val2.size()); - - if (!(d.Agree(val1, priv1, pub2) && d.Agree(val2, priv2, pub1))) - { - std::cout << "FAILED simple key agreement failed" << std::endl; - return false; - } - - if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength())) - { - std::cout << "FAILED simple agreed values not equal" << std::endl; - return false; - } - - std::cout << "passed simple key agreement" << std::endl; - return true; -} - -bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d) -{ - if (d.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid" << std::endl; - return false; - } - - SecByteBlock spriv1(d.StaticPrivateKeyLength()), spriv2(d.StaticPrivateKeyLength()); - SecByteBlock epriv1(d.EphemeralPrivateKeyLength()), epriv2(d.EphemeralPrivateKeyLength()); - SecByteBlock spub1(d.StaticPublicKeyLength()), spub2(d.StaticPublicKeyLength()); - SecByteBlock epub1(d.EphemeralPublicKeyLength()), epub2(d.EphemeralPublicKeyLength()); - SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength()); - - d.GenerateStaticKeyPair(GlobalRNG(), spriv1, spub1); - d.GenerateStaticKeyPair(GlobalRNG(), spriv2, spub2); - d.GenerateEphemeralKeyPair(GlobalRNG(), epriv1, epub1); - d.GenerateEphemeralKeyPair(GlobalRNG(), epriv2, epub2); - - memset(val1.begin(), 0x10, val1.size()); - memset(val2.begin(), 0x11, val2.size()); - - if (!(d.Agree(val1, spriv1, epriv1, spub2, epub2) && d.Agree(val2, spriv2, epriv2, spub1, epub1))) - { - std::cout << "FAILED authenticated key agreement failed" << std::endl; - return false; - } - - if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength())) - { - std::cout << "FAILED authenticated agreed values not equal" << std::endl; - return false; - } - - std::cout << "passed authenticated key agreement" << std::endl; - return true; -} - -bool ValidateRSA() -{ - std::cout << "\nRSA validation suite running...\n\n"; - - // Must be large enough for RSA-3072 to test SHA3_256 - byte out[256], outPlain[128]; - bool pass = true, fail; - - { - const char plain[] = "Everyone gets Friday off."; - static const byte signature[] = - "\x05\xfa\x6a\x81\x2f\xc7\xdf\x8b\xf4\xf2\x54\x25\x09\xe0\x3e\x84" - "\x6e\x11\xb9\xc6\x20\xbe\x20\x09\xef\xb4\x40\xef\xbc\xc6\x69\x21" - "\x69\x94\xac\x04\xf3\x41\xb5\x7d\x05\x20\x2d\x42\x8f\xb2\xa2\x7b" - "\x5c\x77\xdf\xd9\xb1\x5b\xfc\x3d\x55\x93\x53\x50\x34\x10\xc1\xe1"; - - FileSource keys(CRYPTOPP_DATA_DIR "TestData/rsa512a.dat", true, new HexDecoder); - Weak::RSASSA_PKCS1v15_MD2_Signer rsaPriv(keys); - Weak::RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv); - - size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out); - CRYPTOPP_ASSERT(signatureLength <= sizeof(out)); - fail = memcmp(signature, out, signatureLength) != 0; - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "signature check against test vector\n"; - - fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "verification check against test vector\n"; - - out[10]++; - fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "invalid signature verification\n"; - } - ///// - { - const char plain[] = "Everyone gets Friday off."; - static const byte signature[] = - "\x2e\x87\xda\x1f\xe4\xda\x1d\x7a\xb7\xf2\x42\x36\xe9\xc0\x4e\xab\x3f\x03\x71\xe1" - "\x2b\xc5\x3c\xbf\x21\x21\xa8\xd6\x28\xb0\x08\xfd\x9c\xf6\x94\xbd\x37\x32\xda\xfc" - "\x42\x1c\x8e\xdb\x8a\x81\x90\x46\x45\xb4\xde\x9e\xce\x90\xfe\xa1\xfd\xbc\x5a\xce" - "\xca\x59\x89\x93\xc0\x0f\x2f\xf1\x13\xb0\xf5\x3d\xa3\x9a\x85\xb7\x40\xd9\x34\x88" - "\x29\xb2\x4a\x0f\x9b\xbe\x22\x3a\x5b\x54\x51\xb7\xf0\x10\x72\x50\xc4\x2a\xe9\xe4" - "\xc3\x82\xeb\x32\x33\x14\xb6\xf2\x7b\x30\x7a\xbf\xc2\xf3\x0f\x4d\x72\xa0\x8d\xa1" - "\xc6\xce\xd0\xa3\x3c\xf7\x23\x4b\xb7\x2c\x5e\xca\x83\x01\xc7\x5c\xd5\xd0\xd1\x94" - "\x43\xf0\xad\xa2\xe6\x72\x2b\x13\x39\xb2\x4b\x25\x91\x3a\x4f\x53\x05\x00\x8c\xc7" - "\xcf\x4f\x11\x64\xe6\xf4\x1a\x4d\x90\x7e\xf1\xfe\xed\xec\x8d\xbb\x00\x31\x2e\x03" - "\xbe\x87\x84\x60\xfb\x5e\xef\x9d\x18\x2c\x28\x3d\xaa\x67\x80\xa3\x62\x07\x06\x5e" - "\xce\xee\x3b\xd0\x78\xb5\x98\x38\x1e\xe8\x62\x19\x9c\xc3\xd4\xf7\xc2\xc5\x00\xf0" - "\xeb\x89\x65\x53\x35\xe7\x13\x7e\xbb\x26\xb0\x76\x9c\xf2\x80\xaa\xe1\xb1\x0a\xa6" - "\x47\xfc\x5f\xe0\x7f\x82\xd7\x83\x41\xc3\x50\xa1\xe0\x0e\x1a\xe4"; - - FileSource keys(CRYPTOPP_DATA_DIR "TestData/rsa2048a.dat", true, new HexDecoder); - RSASS::Signer rsaPriv(keys); - RSASS::Verifier rsaPub(rsaPriv); - - size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out); - CRYPTOPP_ASSERT(signatureLength <= sizeof(out)); - fail = memcmp(signature, out, signatureLength) != 0; - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "signature check against test vector\n"; - - fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "verification check against test vector\n"; - - out[10]++; - fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "invalid signature verification\n"; - } - ///// - { - FileSource keys(CRYPTOPP_DATA_DIR "TestData/rsa1024.dat", true, new HexDecoder); - RSAES_PKCS1v15_Decryptor rsaPriv(keys); - RSAES_PKCS1v15_Encryptor rsaPub(rsaPriv); - - pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass; - } - { - RSAES >::Decryptor rsaPriv(GlobalRNG(), 512); - RSAES >::Encryptor rsaPub(rsaPriv); - - pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass; - } - { - byte *plain = (byte *) - "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; - static const byte encrypted[] = - "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" - "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" - "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" - "\x62\x51"; - static const byte oaepSeed[] = - "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2" - "\xf0\x6c\xb5\x8f"; - ByteQueue bq; - bq.Put(oaepSeed, 20); - FixedRNG rng(bq); - - FileSource privFile(CRYPTOPP_DATA_DIR "TestData/rsa400pv.dat", true, new HexDecoder); - FileSource pubFile(CRYPTOPP_DATA_DIR "TestData/rsa400pb.dat", true, new HexDecoder); - RSAES_OAEP_SHA_Decryptor rsaPriv; - rsaPriv.AccessKey().BERDecodePrivateKey(privFile, false, 0); - RSAES_OAEP_SHA_Encryptor rsaPub(pubFile); - - memset(out, 0, 50); - memset(outPlain, 0, 8); - rsaPub.Encrypt(rng, plain, 8, out); - DecodingResult result = rsaPriv.FixedLengthDecrypt(GlobalRNG(), encrypted, outPlain); - fail = !result.isValidCoding || (result.messageLength!=8) || memcmp(out, encrypted, 50) || memcmp(plain, outPlain, 8); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "PKCS 2.0 encryption and decryption\n"; - } - - return pass; -} - -bool ValidateDH() -{ - std::cout << "\nDH validation suite running...\n\n"; - - FileSource f(CRYPTOPP_DATA_DIR "TestData/dh1024.dat", true, new HexDecoder()); - DH dh(f); - return SimpleKeyAgreementValidate(dh); -} - -bool ValidateMQV() -{ - std::cout << "\nMQV validation suite running...\n\n"; - - FileSource f(CRYPTOPP_DATA_DIR "TestData/mqv1024.dat", true, new HexDecoder()); - MQV mqv(f); - return AuthenticatedKeyAgreementValidate(mqv); -} - -bool ValidateHMQV() -{ - std::cout << "\nHMQV validation suite running...\n\n"; - - //ECHMQV< ECP >::Domain hmqvB(false /*server*/); - ECHMQV256 hmqvB(false); - FileSource f256(CRYPTOPP_DATA_DIR "TestData/hmqv256.dat", true, new HexDecoder()); - FileSource f384(CRYPTOPP_DATA_DIR "TestData/hmqv384.dat", true, new HexDecoder()); - FileSource f512(CRYPTOPP_DATA_DIR "TestData/hmqv512.dat", true, new HexDecoder()); - hmqvB.AccessGroupParameters().BERDecode(f256); - - std::cout << "HMQV with NIST P-256 and SHA-256:" << std::endl; - - if (hmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl; - return false; - } - - const OID oid = ASN1::secp256r1(); - ECHMQV< ECP >::Domain hmqvA(oid, true /*client*/); - - if (hmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl; - return false; - } - - SecByteBlock sprivA(hmqvA.StaticPrivateKeyLength()), sprivB(hmqvB.StaticPrivateKeyLength()); - SecByteBlock eprivA(hmqvA.EphemeralPrivateKeyLength()), eprivB(hmqvB.EphemeralPrivateKeyLength()); - SecByteBlock spubA(hmqvA.StaticPublicKeyLength()), spubB(hmqvB.StaticPublicKeyLength()); - SecByteBlock epubA(hmqvA.EphemeralPublicKeyLength()), epubB(hmqvB.EphemeralPublicKeyLength()); - SecByteBlock valA(hmqvA.AgreedValueLength()), valB(hmqvB.AgreedValueLength()); - - hmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA); - hmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB); - hmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA); - hmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB); - - memset(valA.begin(), 0x00, valA.size()); - memset(valB.begin(), 0x11, valB.size()); - - if (!(hmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && hmqvB.Agree(valB, sprivB, eprivB, spubA, epubA))) - { - std::cout << "FAILED authenticated key agreement failed" << std::endl; - return false; - } - - if (memcmp(valA.begin(), valB.begin(), hmqvA.AgreedValueLength())) - { - std::cout << "FAILED authenticated agreed values not equal" << std::endl; - return false; - } - - std::cout << "passed authenticated key agreement" << std::endl; - - // Now test HMQV with NIST P-384 curve and SHA384 hash - std::cout << std::endl; - std::cout << "HMQV with NIST P-384 and SHA-384:" << std::endl; - - ECHMQV384 hmqvB384(false); - hmqvB384.AccessGroupParameters().BERDecode(f384); - - if (hmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl; - return false; - } - - const OID oid384 = ASN1::secp384r1(); - ECHMQV384 hmqvA384(oid384, true /*client*/); - - if (hmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl; - return false; - } - - SecByteBlock sprivA384(hmqvA384.StaticPrivateKeyLength()), sprivB384(hmqvB384.StaticPrivateKeyLength()); - SecByteBlock eprivA384(hmqvA384.EphemeralPrivateKeyLength()), eprivB384(hmqvB384.EphemeralPrivateKeyLength()); - SecByteBlock spubA384(hmqvA384.StaticPublicKeyLength()), spubB384(hmqvB384.StaticPublicKeyLength()); - SecByteBlock epubA384(hmqvA384.EphemeralPublicKeyLength()), epubB384(hmqvB384.EphemeralPublicKeyLength()); - SecByteBlock valA384(hmqvA384.AgreedValueLength()), valB384(hmqvB384.AgreedValueLength()); - - hmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384); - hmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384); - hmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384); - hmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384); - - memset(valA384.begin(), 0x00, valA384.size()); - memset(valB384.begin(), 0x11, valB384.size()); - - if (!(hmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && hmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384))) - { - std::cout << "FAILED authenticated key agreement failed" << std::endl; - return false; - } - - if (memcmp(valA384.begin(), valB384.begin(), hmqvA384.AgreedValueLength())) - { - std::cout << "FAILED authenticated agreed values not equal" << std::endl; - return false; - } - - std::cout << "passed authenticated key agreement" << std::endl; - - return true; -} - -bool ValidateFHMQV() -{ - std::cout << "\nFHMQV validation suite running...\n\n"; - - //ECFHMQV< ECP >::Domain fhmqvB(false /*server*/); - ECFHMQV256 fhmqvB(false); - FileSource f256(CRYPTOPP_DATA_DIR "TestData/fhmqv256.dat", true, new HexDecoder()); - FileSource f384(CRYPTOPP_DATA_DIR "TestData/fhmqv384.dat", true, new HexDecoder()); - FileSource f512(CRYPTOPP_DATA_DIR "TestData/fhmqv512.dat", true, new HexDecoder()); - fhmqvB.AccessGroupParameters().BERDecode(f256); - - std::cout << "FHMQV with NIST P-256 and SHA-256:" << std::endl; - - if (fhmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl; - return false; - } - - const OID oid = ASN1::secp256r1(); - ECFHMQV< ECP >::Domain fhmqvA(oid, true /*client*/); - - if (fhmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl; - return false; - } - - SecByteBlock sprivA(fhmqvA.StaticPrivateKeyLength()), sprivB(fhmqvB.StaticPrivateKeyLength()); - SecByteBlock eprivA(fhmqvA.EphemeralPrivateKeyLength()), eprivB(fhmqvB.EphemeralPrivateKeyLength()); - SecByteBlock spubA(fhmqvA.StaticPublicKeyLength()), spubB(fhmqvB.StaticPublicKeyLength()); - SecByteBlock epubA(fhmqvA.EphemeralPublicKeyLength()), epubB(fhmqvB.EphemeralPublicKeyLength()); - SecByteBlock valA(fhmqvA.AgreedValueLength()), valB(fhmqvB.AgreedValueLength()); - - fhmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA); - fhmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB); - fhmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA); - fhmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB); - - memset(valA.begin(), 0x00, valA.size()); - memset(valB.begin(), 0x11, valB.size()); - - if (!(fhmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && fhmqvB.Agree(valB, sprivB, eprivB, spubA, epubA))) - { - std::cout << "FAILED authenticated key agreement failed" << std::endl; - return false; - } - - if (memcmp(valA.begin(), valB.begin(), fhmqvA.AgreedValueLength())) - { - std::cout << "FAILED authenticated agreed values not equal" << std::endl; - return false; - } - - std::cout << "passed authenticated key agreement" << std::endl; - - // Now test FHMQV with NIST P-384 curve and SHA384 hash - std::cout << std::endl; - std::cout << "FHMQV with NIST P-384 and SHA-384:" << std::endl; - - ECHMQV384 fhmqvB384(false); - fhmqvB384.AccessGroupParameters().BERDecode(f384); - - if (fhmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl; - return false; - } - - const OID oid384 = ASN1::secp384r1(); - ECHMQV384 fhmqvA384(oid384, true /*client*/); - - if (fhmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3)) - std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl; - else - { - std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl; - return false; - } - - SecByteBlock sprivA384(fhmqvA384.StaticPrivateKeyLength()), sprivB384(fhmqvB384.StaticPrivateKeyLength()); - SecByteBlock eprivA384(fhmqvA384.EphemeralPrivateKeyLength()), eprivB384(fhmqvB384.EphemeralPrivateKeyLength()); - SecByteBlock spubA384(fhmqvA384.StaticPublicKeyLength()), spubB384(fhmqvB384.StaticPublicKeyLength()); - SecByteBlock epubA384(fhmqvA384.EphemeralPublicKeyLength()), epubB384(fhmqvB384.EphemeralPublicKeyLength()); - SecByteBlock valA384(fhmqvA384.AgreedValueLength()), valB384(fhmqvB384.AgreedValueLength()); - - fhmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384); - fhmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384); - fhmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384); - fhmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384); - - memset(valA384.begin(), 0x00, valA384.size()); - memset(valB384.begin(), 0x11, valB384.size()); - - if (!(fhmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && fhmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384))) - { - std::cout << "FAILED authenticated key agreement failed" << std::endl; - return false; - } - - if (memcmp(valA384.begin(), valB384.begin(), fhmqvA384.AgreedValueLength())) - { - std::cout << "FAILED authenticated agreed values not equal" << std::endl; - return false; - } - - std::cout << "passed authenticated key agreement" << std::endl; - - return true; -} - -bool ValidateLUC_DH() -{ - std::cout << "\nLUC-DH validation suite running...\n\n"; - - FileSource f(CRYPTOPP_DATA_DIR "TestData/lucd512.dat", true, new HexDecoder()); - LUC_DH dh(f); - return SimpleKeyAgreementValidate(dh); -} - -bool ValidateXTR_DH() -{ - std::cout << "\nXTR-DH validation suite running...\n\n"; - - FileSource f(CRYPTOPP_DATA_DIR "TestData/xtrdh171.dat", true, new HexDecoder()); - XTR_DH dh(f); - return SimpleKeyAgreementValidate(dh); -} - -bool ValidateElGamal() -{ - std::cout << "\nElGamal validation suite running...\n\n"; - bool pass = true; - { - FileSource fc(CRYPTOPP_DATA_DIR "TestData/elgc1024.dat", true, new HexDecoder); - ElGamalDecryptor privC(fc); - ElGamalEncryptor pubC(privC); - privC.AccessKey().Precompute(); - ByteQueue queue; - privC.AccessKey().SavePrecomputation(queue); - privC.AccessKey().LoadPrecomputation(queue); - - pass = CryptoSystemValidate(privC, pubC) && pass; - } - return pass; -} - -bool ValidateDLIES() -{ - std::cout << "\nDLIES validation suite running...\n\n"; - bool pass = true; - { - FileSource fc(CRYPTOPP_DATA_DIR "TestData/dlie1024.dat", true, new HexDecoder); - DLIES<>::Decryptor privC(fc); - DLIES<>::Encryptor pubC(privC); - pass = CryptoSystemValidate(privC, pubC) && pass; - } - { - std::cout << "Generating new encryption key..." << std::endl; - DLIES<>::GroupParameters gp; - gp.GenerateRandomWithKeySize(GlobalRNG(), 128); - DLIES<>::Decryptor decryptor; - decryptor.AccessKey().GenerateRandom(GlobalRNG(), gp); - DLIES<>::Encryptor encryptor(decryptor); - - pass = CryptoSystemValidate(decryptor, encryptor) && pass; - } - return pass; -} - -bool ValidateNR() -{ - std::cout << "\nNR validation suite running...\n\n"; - bool pass = true; - { - FileSource f(CRYPTOPP_DATA_DIR "TestData/nr2048.dat", true, new HexDecoder); - NR::Signer privS(f); - privS.AccessKey().Precompute(); - NR::Verifier pubS(privS); - - pass = SignatureValidate(privS, pubS) && pass; - } - { - std::cout << "Generating new signature key..." << std::endl; - NR::Signer privS(GlobalRNG(), 256); - NR::Verifier pubS(privS); - - pass = SignatureValidate(privS, pubS) && pass; - } - return pass; -} - -bool ValidateDSA(bool thorough) -{ - std::cout << "\nDSA validation suite running...\n\n"; - - bool pass = true; - FileSource fs1(CRYPTOPP_DATA_DIR "TestData/dsa1024.dat", true, new HexDecoder()); - DSA::Signer priv(fs1); - DSA::Verifier pub(priv); - FileSource fs2(CRYPTOPP_DATA_DIR "TestData/dsa1024b.dat", true, new HexDecoder()); - DSA::Verifier pub1(fs2); - CRYPTOPP_ASSERT(pub.GetKey() == pub1.GetKey()); - pass = SignatureValidate(priv, pub, thorough) && pass; - pass = RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/dsa.txt", g_nullNameValuePairs, thorough) && pass; - - return pass; -} - -bool ValidateLUC() -{ - std::cout << "\nLUC validation suite running...\n\n"; - bool pass=true; - - { - FileSource f(CRYPTOPP_DATA_DIR "TestData/luc1024.dat", true, new HexDecoder); - LUCSSA_PKCS1v15_SHA_Signer priv(f); - LUCSSA_PKCS1v15_SHA_Verifier pub(priv); - pass = SignatureValidate(priv, pub) && pass; - } - { - LUCES_OAEP_SHA_Decryptor priv(GlobalRNG(), 512); - LUCES_OAEP_SHA_Encryptor pub(priv); - pass = CryptoSystemValidate(priv, pub) && pass; - } - return pass; -} - -bool ValidateLUC_DL() -{ - std::cout << "\nLUC-HMP validation suite running...\n\n"; - - FileSource f(CRYPTOPP_DATA_DIR "TestData/lucs512.dat", true, new HexDecoder); - LUC_HMP::Signer privS(f); - LUC_HMP::Verifier pubS(privS); - bool pass = SignatureValidate(privS, pubS); - - std::cout << "\nLUC-IES validation suite running...\n\n"; - - FileSource fc(CRYPTOPP_DATA_DIR "TestData/lucc512.dat", true, new HexDecoder); - LUC_IES<>::Decryptor privC(fc); - LUC_IES<>::Encryptor pubC(privC); - pass = CryptoSystemValidate(privC, pubC) && pass; - - return pass; -} - -bool ValidateRabin() -{ - std::cout << "\nRabin validation suite running...\n\n"; - bool pass=true; - - { - FileSource f(CRYPTOPP_DATA_DIR "TestData/rabi1024.dat", true, new HexDecoder); - RabinSS::Signer priv(f); - RabinSS::Verifier pub(priv); - pass = SignatureValidate(priv, pub) && pass; - } - { - RabinES >::Decryptor priv(GlobalRNG(), 512); - RabinES >::Encryptor pub(priv); - pass = CryptoSystemValidate(priv, pub) && pass; - } - return pass; -} - -bool ValidateRW() -{ - std::cout << "\nRW validation suite running...\n\n"; - - FileSource f(CRYPTOPP_DATA_DIR "TestData/rw1024.dat", true, new HexDecoder); - RWSS::Signer priv(f); - RWSS::Verifier pub(priv); - - return SignatureValidate(priv, pub); -} - -/* -bool ValidateBlumGoldwasser() -{ - std::cout << "\nBlumGoldwasser validation suite running...\n\n"; - - FileSource f(CRYPTOPP_DATA_DIR "TestData/blum512.dat", true, new HexDecoder); - BlumGoldwasserPrivateKey priv(f); - BlumGoldwasserPublicKey pub(priv); - - return CryptoSystemValidate(priv, pub); -} -*/ - -bool ValidateECP() -{ - std::cout << "\nECP validation suite running...\n\n"; - - ECIES::Decryptor cpriv(GlobalRNG(), ASN1::secp192r1()); - ECIES::Encryptor cpub(cpriv); - ByteQueue bq; - cpriv.GetKey().DEREncode(bq); - cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true); - cpub.GetKey().DEREncode(bq); - ECDSA::Signer spriv(bq); - ECDSA::Verifier spub(bq); - ECDH::Domain ecdhc(ASN1::secp192r1()); - ECMQV::Domain ecmqvc(ASN1::secp192r1()); - - spriv.AccessKey().Precompute(); - ByteQueue queue; - spriv.AccessKey().SavePrecomputation(queue); - spriv.AccessKey().LoadPrecomputation(queue); - - bool pass = SignatureValidate(spriv, spub); - cpub.AccessKey().Precompute(); - cpriv.AccessKey().Precompute(); - pass = CryptoSystemValidate(cpriv, cpub) && pass; - pass = SimpleKeyAgreementValidate(ecdhc) && pass; - pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; - - std::cout << "Turning on point compression..." << std::endl; - cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true); - cpub.AccessKey().AccessGroupParameters().SetPointCompression(true); - ecdhc.AccessGroupParameters().SetPointCompression(true); - ecmqvc.AccessGroupParameters().SetPointCompression(true); - pass = CryptoSystemValidate(cpriv, cpub) && pass; - pass = SimpleKeyAgreementValidate(ecdhc) && pass; - pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; - - std::cout << "Testing SEC 2, NIST, and Brainpool recommended curves..." << std::endl; - OID oid; - while (!(oid = DL_GroupParameters_EC::GetNextRecommendedParametersOID(oid)).GetValues().empty()) - { - DL_GroupParameters_EC params(oid); - bool fail = !params.Validate(GlobalRNG(), 2); - std::cout << (fail ? "FAILED" : "passed") << " " << std::dec << params.GetCurve().GetField().MaxElementBitLength() << " bits" << std::endl; - pass = pass && !fail; - } - - return pass; -} - -bool ValidateEC2N() -{ - std::cout << "\nEC2N validation suite running...\n\n"; - - // DEREncode() changed to Save() at Issue 569. - ECIES::Decryptor cpriv(GlobalRNG(), ASN1::sect193r1()); - ECIES::Encryptor cpub(cpriv); - ByteQueue bq; - cpriv.AccessMaterial().Save(bq); - cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true); - cpub.AccessMaterial().Save(bq); - ECDSA::Signer spriv(bq); - ECDSA::Verifier spub(bq); - ECDH::Domain ecdhc(ASN1::sect193r1()); - ECMQV::Domain ecmqvc(ASN1::sect193r1()); - - spriv.AccessKey().Precompute(); - ByteQueue queue; - spriv.AccessKey().SavePrecomputation(queue); - spriv.AccessKey().LoadPrecomputation(queue); - - bool pass = SignatureValidate(spriv, spub); - pass = CryptoSystemValidate(cpriv, cpub) && pass; - pass = SimpleKeyAgreementValidate(ecdhc) && pass; - pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; - - std::cout << "Turning on point compression..." << std::endl; - cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true); - cpub.AccessKey().AccessGroupParameters().SetPointCompression(true); - ecdhc.AccessGroupParameters().SetPointCompression(true); - ecmqvc.AccessGroupParameters().SetPointCompression(true); - pass = CryptoSystemValidate(cpriv, cpub) && pass; - pass = SimpleKeyAgreementValidate(ecdhc) && pass; - pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; - -#if 0 // TODO: turn this back on when I make EC2N faster for pentanomial basis - std::cout << "Testing SEC 2 recommended curves..." << std::endl; - OID oid; - while (!(oid = DL_GroupParameters_EC::GetNextRecommendedParametersOID(oid)).m_values.empty()) - { - DL_GroupParameters_EC params(oid); - bool fail = !params.Validate(GlobalRNG(), 2); - std::cout << (fail ? "FAILED" : "passed") << " " << params.GetCurve().GetField().MaxElementBitLength() << " bits" << std::endl; - pass = pass && !fail; - } #endif - return pass; -} - -bool ValidateECDSA() -{ - std::cout << "\nECDSA validation suite running...\n\n"; - - // from Sample Test Vectors for P1363 - GF2NT gf2n(191, 9, 0); - byte a[]="\x28\x66\x53\x7B\x67\x67\x52\x63\x6A\x68\xF5\x65\x54\xE1\x26\x40\x27\x6B\x64\x9E\xF7\x52\x62\x67"; - byte b[]="\x2E\x45\xEF\x57\x1F\x00\x78\x6F\x67\xB0\x08\x1B\x94\x95\xA3\xD9\x54\x62\xF5\xDE\x0A\xA1\x85\xEC"; - EC2N ec(gf2n, PolynomialMod2(a,24), PolynomialMod2(b,24)); - - EC2N::Point P; - bool result = ec.DecodePoint(P, (byte *)"\x04\x36\xB3\xDA\xF8\xA2\x32\x06\xF9\xC4\xF2\x99\xD7\xB2\x1A\x9C\x36\x91\x37\xF2\xC8\x4A\xE1\xAA\x0D" - "\x76\x5B\xE7\x34\x33\xB3\xF9\x5E\x33\x29\x32\xE7\x0E\xA2\x45\xCA\x24\x18\xEA\x0E\xF9\x80\x18\xFB", ec.EncodedPointSize()); - CRYPTOPP_ASSERT(result); CRYPTOPP_UNUSED(result); - - Integer n("40000000000000000000000004a20e90c39067c893bbb9a5H"); - Integer d("340562e1dda332f9d2aec168249b5696ee39d0ed4d03760fH"); - EC2N::Point Q(ec.Multiply(d, P)); - ECDSA::Signer priv(ec, P, n, d); - ECDSA::Verifier pub(priv); - - Integer h("A9993E364706816ABA3E25717850C26C9CD0D89DH"); - Integer k("3eeace72b4919d991738d521879f787cb590aff8189d2b69H"); - static const byte sig[]="\x03\x8e\x5a\x11\xfb\x55\xe4\xc6\x54\x71\xdc\xd4\x99\x84\x52\xb1\xe0\x2d\x8a\xf7\x09\x9b\xb9\x30" - "\x0c\x9a\x08\xc3\x44\x68\xc2\x44\xb4\xe5\xd6\xb2\x1b\x3c\x68\x36\x28\x07\x41\x60\x20\x32\x8b\x6e"; - Integer r(sig, 24); - Integer s(sig+24, 24); - - Integer rOut, sOut; - bool fail, pass=true; - - priv.RawSign(k, h, rOut, sOut); - fail = (rOut != r) || (sOut != s); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "signature check against test vector\n"; - - fail = !pub.VerifyMessage((byte *)"abc", 3, sig, sizeof(sig)); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "verification check against test vector\n"; - - fail = pub.VerifyMessage((byte *)"xyz", 3, sig, sizeof(sig)); - pass = pass && !fail; - - pass = SignatureValidate(priv, pub) && pass; - - return pass; -} - -bool ValidateECDSA_RFC6979() -{ - std::cout << "\nRFC6979 deterministic ECDSA validation suite running...\n\n"; - - DL_Algorithm_ECDSA_RFC6979 sign; - - const Integer x("09A4D6792295A7F730FC3F2B49CBC0F62E862272Fh"); - const Integer e("AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BFh"); - const Integer q("4000000000000000000020108A2E0CC0D99F8A5EFh"); - const Integer k("23AF4074C90A02B3FE61D286D5C87F425E6BDD81Bh"); - const Integer &k_out = sign.GenerateRandom(x, q, e); - - bool pass = (k_out == k); - - std::cout << (pass ? "passed " : "FAILED "); - std::cout << "deterministic k generation against test vector\n"; - - return pass; -} - -// from http://www.teletrust.de/fileadmin/files/oid/ecgdsa_final.pdf -bool ValidateECGDSA(bool thorough) -{ - std::cout << "\nECGDSA validation suite running...\n\n"; - - bool fail, pass=true; - - // 2.4.1 Examples of ECGDSA over GF(p) with the hash function RIPEMD-160 (p. 10) - if (thorough) - { - const OID oid = ASN1::brainpoolP192r1(); - DL_GroupParameters_EC params(oid); - Integer x("0x 80F2425E 89B4F585 F27F3536 ED834D68 E3E492DE 08FE84B9"); - ECGDSA::Signer signer(params, x); - ECGDSA::Verifier verifier(signer); - - Integer e("0x 00000000 577EF842 B32FDE45 79727FFF 02F7A280 74ADC4EF"); - Integer k("0x 22C17C2A 367DD85A B8A365ED 06F19C43 F9ED1834 9A9BC044"); - - Integer r, s; - signer.RawSign(k, e, r, s); - - Integer rExp("0x 2D017BE7 F117FF99 4ED6FC63 CA5B4C7A 0430E9FA 095DAFC4"); - Integer sExp("0x C02B5CC5 C51D5411 060BF024 5049F824 839F671D 78A1BBF1"); - - fail = (r != rExp) || (s != sExp); - pass = pass && !fail; - - const byte msg[] = "Example of ECGDSA with the hash function RIPEMD-160"; - const size_t len = strlen((char*)msg); - - byte signature[48]; - r.Encode(signature+0, 24); - s.Encode(signature+24, 24); - - fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "brainpoolP192r1 using RIPEMD-160\n"; - - fail = !SignatureValidate(signer, verifier); - pass = pass && !fail; - } - - // 2.4.1 Examples of ECGDSA over GF(p) with the hash function RIPEMD-160 (p. 13) - if (thorough) - { - const OID oid = ASN1::brainpoolP256r1(); - DL_GroupParameters_EC params(oid); - Integer x("0x 47B3A278 62DEF037 49ACF0D6 00E69F9B 851D01ED AEFA531F 4D168E78 7307F4D8"); - ECGDSA::Signer signer(params, x); - ECGDSA::Verifier verifier(signer); - - Integer e("0x 00000000 00000000 00000000 577EF842 B32FDE45 79727FFF 02F7A280 74ADC4EF"); - Integer k("0x 908E3099 776261A4 558FF7A9 FA6DFFE0 CA6BB3F9 CB35C2E4 E1DC73FD 5E8C08A3"); - - Integer r, s; - signer.RawSign(k, e, r, s); - - Integer rExp("0x 62CCD1D2 91E62F6A 4FFBD966 C66C85AA BA990BB6 AB0C087D BD54A456 CCC84E4C"); - Integer sExp("0x 9119719B 08EEA0D6 BC56E4D1 D37369BC F3768445 EF65CAE4 A37BF6D4 3BD01646"); - - fail = (r != rExp) || (s != sExp); - pass = pass && !fail; - - const byte msg[] = "Example of ECGDSA with the hash function RIPEMD-160"; - const size_t len = strlen((char*)msg); - - byte signature[64]; - r.Encode(signature+0, 32); - s.Encode(signature+32, 32); - - fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "brainpoolP256r1 using RIPEMD-160\n"; - - fail = !SignatureValidate(signer, verifier); - pass = pass && !fail; - } - - // 2.4.1 Examples of ECGDSA over GF(p) with the hash function RIPEMD-160 (p. 16) - if (thorough) - { - const OID oid = ASN1::brainpoolP320r1(); - DL_GroupParameters_EC params(oid); - Integer x("0x 48683594 5A3A284F FC52629A D48D8F37 F4B2E993 9C52BC72 362A9961 40192AEF 7D2AAFF0 C73A51C5"); - ECGDSA::Signer signer(params, x); - ECGDSA::Verifier verifier(signer); - - Integer e("0x 00000000 00000000 00000000 00000000 00000000 577EF842 B32FDE45 79727FFF 02F7A280 74ADC4EF"); - Integer k("0x C70BC00A 77AD7872 5D36CEEC 27D6F956 FB546EEF 6DC90E35 31452BD8 7ECE8A4A 7AD730AD C299D81B"); - - Integer r, s; - signer.RawSign(k, e, r, s); - - Integer rExp("0x 3C925969 FAB22F7A E7B8CC5D 50CB0867 DFDB2CF4 FADA3D49 0DF75D72 F7563186 419494C9 8F9C82A6"); - Integer sExp("0x 06AB5250 B31A8E93 56194894 61733200 E4FD5C12 75C0AB37 E7E41149 5BAAE145 41DF6DE6 66B8CA56"); - - fail = (r != rExp) || (s != sExp); - pass = pass && !fail; - - const byte msg[] = "Example of ECGDSA with the hash function RIPEMD-160"; - const size_t len = strlen((char*)msg); - - byte signature[80]; - r.Encode(signature+0, 40); - s.Encode(signature+40, 40); - - fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "brainpoolP320r1 using RIPEMD-160\n"; - - fail = !SignatureValidate(signer, verifier); - pass = pass && !fail; - } - - // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-1 (p. 19) - { - const OID oid = ASN1::brainpoolP192r1(); - DL_GroupParameters_EC params(oid); - Integer x("0x 80F2425E 89B4F585 F27F3536 ED834D68 E3E492DE 08FE84B9"); - ECGDSA::Signer signer(params, x); - ECGDSA::Verifier verifier(signer); - - Integer e("0x 00000000 CF00CD42 CAA80DDF 8DDEBDFD 32F2DA15 11B53F29"); - Integer k("0x 22C17C2A 367DD85A B8A365ED 06F19C43 F9ED1834 9A9BC044"); - - Integer r, s; - signer.RawSign(k, e, r, s); - - Integer rExp("0x 2D017BE7 F117FF99 4ED6FC63 CA5B4C7A 0430E9FA 095DAFC4"); - Integer sExp("0x 18FD604E 5F00F55B 3585C052 8C319A2B 05B8F2DD EE9CF1A6"); - - fail = (r != rExp) || (s != sExp); - pass = pass && !fail; - - const byte msg[] = "Example of ECGDSA with the hash function SHA-1"; - const size_t len = strlen((char*)msg); - - byte signature[48]; - r.Encode(signature+0, 24); - s.Encode(signature+24, 24); - - fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "brainpoolP192r1 using SHA-1\n"; - - fail = !SignatureValidate(signer, verifier); - pass = pass && !fail; - } - - // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-224 (p. 23) - { - const OID oid = ASN1::brainpoolP320r1(); - DL_GroupParameters_EC params(oid); - Integer x("0x 48683594 5A3A284F FC52629A D48D8F37 F4B2E993 9C52BC72 362A9961 40192AEF 7D2AAFF0 C73A51C5"); - ECGDSA::Signer signer(params, x); - ECGDSA::Verifier verifier(signer); - - Integer e("0x 00000000 00000000 00000000 92AE8A0E 8D08EADE E9426378 714FF3E0 1957587D 2876FA70 D40E3144"); - Integer k("0x C70BC00A 77AD7872 5D36CEEC 27D6F956 FB546EEF 6DC90E35 31452BD8 7ECE8A4A 7AD730AD C299D81B"); - - Integer r, s; - signer.RawSign(k, e, r, s); - - Integer rExp("0x 3C925969 FAB22F7A E7B8CC5D 50CB0867 DFDB2CF4 FADA3D49 0DF75D72 F7563186 419494C9 8F9C82A6"); - Integer sExp("0x 6EA191CA 0D468AC3 E9568768 9338357C 7D0BACB3 F1D87E0D EC05F635 B7ADB842 75AA0086 60F812CF"); - - fail = (r != rExp) || (s != sExp); - pass = pass && !fail; - - const byte msg[] = "Example of ECGDSA with the hash function SHA-224"; - const size_t len = strlen((char*)msg); - - byte signature[80]; - r.Encode(signature+0, 40); - s.Encode(signature+40, 40); - - fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "brainpoolP320r1 using SHA-224\n"; - - fail = !SignatureValidate(signer, verifier); - pass = pass && !fail; - } - - // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-256 (p. 27) - { - const OID oid = ASN1::brainpoolP320r1(); - DL_GroupParameters_EC params(oid); - Integer x("0x 48683594 5A3A284F FC52629A D48D8F37 F4B2E993 9C52BC72 362A9961 40192AEF 7D2AAFF0 C73A51C5"); - ECGDSA::Signer signer(params, x); - ECGDSA::Verifier verifier(signer); - - Integer e("0x 00000000 00000000 37ED8AA9 4AE667DB BB753330 E050EB8E 12195807 ECDC4FB1 0E0662B4 22C219D7"); - Integer k("0x C70BC00A 77AD7872 5D36CEEC 27D6F956 FB546EEF 6DC90E35 31452BD8 7ECE8A4A 7AD730AD C299D81B"); - - Integer r, s; - signer.RawSign(k, e, r, s); - - Integer rExp("0x 3C925969 FAB22F7A E7B8CC5D 50CB0867 DFDB2CF4 FADA3D49 0DF75D72 F7563186 419494C9 8F9C82A6"); - Integer sExp("0x 24370797 A9D11717 BBBB2B76 2E08ECD0 7DD7E033 F544E47C BF3C6D16 FD90B51D CC2E4DD8 E6ECD8CD"); - - fail = (r != rExp) || (s != sExp); - pass = pass && !fail; - - const byte msg[] = "Example of ECGDSA with the hash function SHA-256"; - const size_t len = strlen((char*)msg); - - byte signature[80]; - r.Encode(signature+0, 40); - s.Encode(signature+40, 40); - - fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "brainpoolP320r1 using SHA-256\n"; - - fail = !SignatureValidate(signer, verifier); - pass = pass && !fail; - } - - // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-384 (p. 34) - { - const OID oid = ASN1::brainpoolP512r1(); - DL_GroupParameters_EC params(oid); - Integer x("0x 92006A98 8AF96D91 57AADCF8 62716962 7CE2ECC4 C58ECE5C 1A0A8642 11AB764C 04236FA0 160857A7 8E71CCAE 4D79D52E 5A69A457 8AF50658 1F598FA9 B4F7DA68"); - ECGDSA::Signer signer(params, x); - ECGDSA::Verifier verifier(signer); - - Integer e("0x 00000000 00000000 00000000 00000000 68FEAB7D 8BF8A779 4466E447 5959946B 2136C084 A86090CA 8070C980 68B1250D 88213190 6B7E0CB8 475F9054 E9290C2E"); - Integer k("0x 6942B01D 5901BEC1 506BB874 9618E22E C0FCD7F3 5159D51E D53BA77A 78752128 A58232AD 8E0E021A FDE1477F F4C74FDF FE88AE2D 15D89B56 F6D73C03 77631D2B"); - - Integer r, s; - signer.RawSign(k, e, r, s); - - Integer rExp("0x 0104918B 2B32B1A5 49BD43C3 0092953B 4164CA01 A1A97B5B 0756EA06 3AC16B41 B88A1BAB 4538CD7D 8466180B 3E3F5C86 46AC4A45 F564E9B6 8FEE72ED 00C7AC48"); - Integer sExp("0x 3D233E9F D9EB152E 889F4F7C F325B464 0894E5EA 44C51443 54305CD4 BF70D234 8257C2DB E06C5544 92CE9FDD 6861A565 77B53E5E E80E6062 31A4CF06 8FA1EC21"); - - fail = (r != rExp) || (s != sExp); - pass = pass && !fail; - - const byte msg[] = "Example of ECGDSA with the hash function SHA-384"; - const size_t len = strlen((char*)msg); - - byte signature[128]; - r.Encode(signature+0, 64); - s.Encode(signature+64, 64); - - fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "brainpoolP512r1 using SHA-384\n"; - - fail = !SignatureValidate(signer, verifier); - pass = pass && !fail; - } - - // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-512 (p. 38) - { - const OID oid = ASN1::brainpoolP512r1(); - DL_GroupParameters_EC params(oid); - Integer x("0x 92006A98 8AF96D91 57AADCF8 62716962 7CE2ECC4 C58ECE5C 1A0A8642 11AB764C 04236FA0 160857A7 8E71CCAE 4D79D52E 5A69A457 8AF50658 1F598FA9 B4F7DA68"); - ECGDSA::Signer signer(params, x); - ECGDSA::Verifier verifier(signer); - - Integer e("0x 1A95EF81 D213BD3B 8191E7FE 7F5BFD43 F51E3EE5 A4FD3D08 4A7C9BB5 411F4649 746AEBC6 623D4DEA 7E02DC5A 85E24AF2 96B5A555 AD470413 71E4BF64 380F3E34"); - Integer k("0x 6942B01D 5901BEC1 506BB874 9618E22E C0FCD7F3 5159D51E D53BA77A 78752128 A58232AD 8E0E021A FDE1477F F4C74FDF FE88AE2D 15D89B56 F6D73C03 77631D2B"); - - Integer r, s; - signer.RawSign(k, e, r, s); - - Integer rExp("0x 0104918B 2B32B1A5 49BD43C3 0092953B 4164CA01 A1A97B5B 0756EA06 3AC16B41 B88A1BAB 4538CD7D 8466180B 3E3F5C86 46AC4A45 F564E9B6 8FEE72ED 00C7AC48"); - Integer sExp("0x 17A011F8 DD7B5665 2B27AA6D 6E7BDF3C 7C23B5FA 32910FBA A107E627 0E1CA8A7 A263F661 8E6098A0 D6CD6BA1 C03544C5 425875EC B3418AF5 A3EE3F32 143E48D2"); - - fail = (r != rExp) || (s != sExp); - pass = pass && !fail; - - const byte msg[] = "Example of ECGDSA with the hash function SHA-512"; - const size_t len = strlen((char*)msg); - - byte signature[128]; - r.Encode(signature+0, 64); - s.Encode(signature+64, 64); - - fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "brainpoolP512r1 using SHA-512\n"; - - fail = !SignatureValidate(signer, verifier); - pass = pass && !fail; - } - - return pass; -} - -bool ValidateESIGN() -{ - std::cout << "\nESIGN validation suite running...\n\n"; - - bool pass = true, fail; - - static const char plain[] = "test"; - static const byte signature[] = - "\xA3\xE3\x20\x65\xDE\xDA\xE7\xEC\x05\xC1\xBF\xCD\x25\x79\x7D\x99\xCD\xD5\x73\x9D\x9D\xF3\xA4\xAA\x9A\xA4\x5A\xC8\x23\x3D\x0D\x37" - "\xFE\xBC\x76\x3F\xF1\x84\xF6\x59\x14\x91\x4F\x0C\x34\x1B\xAE\x9A\x5C\x2E\x2E\x38\x08\x78\x77\xCB\xDC\x3C\x7E\xA0\x34\x44\x5B\x0F" - "\x67\xD9\x35\x2A\x79\x47\x1A\x52\x37\x71\xDB\x12\x67\xC1\xB6\xC6\x66\x73\xB3\x40\x2E\xD6\xF2\x1A\x84\x0A\xB6\x7B\x0F\xEB\x8B\x88" - "\xAB\x33\xDD\xE4\x83\x21\x90\x63\x2D\x51\x2A\xB1\x6F\xAB\xA7\x5C\xFD\x77\x99\xF2\xE1\xEF\x67\x1A\x74\x02\x37\x0E\xED\x0A\x06\xAD" - "\xF4\x15\x65\xB8\xE1\xD1\x45\xAE\x39\x19\xB4\xFF\x5D\xF1\x45\x7B\xE0\xFE\x72\xED\x11\x92\x8F\x61\x41\x4F\x02\x00\xF2\x76\x6F\x7C" - "\x79\xA2\xE5\x52\x20\x5D\x97\x5E\xFE\x39\xAE\x21\x10\xFB\x35\xF4\x80\x81\x41\x13\xDD\xE8\x5F\xCA\x1E\x4F\xF8\x9B\xB2\x68\xFB\x28"; - - FileSource keys(CRYPTOPP_DATA_DIR "TestData/esig1536.dat", true, new HexDecoder); - ESIGN::Signer signer(keys); - ESIGN::Verifier verifier(signer); - - fail = !SignatureValidate(signer, verifier); - pass = pass && !fail; - - fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature, verifier.SignatureLength()); - pass = pass && !fail; - - std::cout << (fail ? "FAILED " : "passed "); - std::cout << "verification check against test vector\n"; - - std::cout << "Generating signature key from seed..." << std::endl; - signer.AccessKey().GenerateRandom(GlobalRNG(), MakeParameters("Seed", ConstByteArrayParameter((const byte *)"test", 4))("KeySize", 3*512)); - verifier = signer; - - fail = !SignatureValidate(signer, verifier); - pass = pass && !fail; - - return pass; -} - NAMESPACE_END // Test NAMESPACE_END // CryptoPP diff --git a/vendor/cryptopp/vendor_cryptopp/validat3.cpp b/vendor/cryptopp/vendor_cryptopp/validat3.cpp index adf7f385..9a2d454f 100644 --- a/vendor/cryptopp/vendor_cryptopp/validat3.cpp +++ b/vendor/cryptopp/vendor_cryptopp/validat3.cpp @@ -1,47 +1,33 @@ // validat3.cpp - originally written and placed in the public domain by Wei Dai -// CryptoPP::Test namespace added by JW in February 2017 +// CryptoPP::Test namespace added by JW in February 2017. +// Source files split in July 2018 to expedite compiles. #include "pch.h" #define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 #include "cryptlib.h" -#include "pubkey.h" -#include "gfpcrypt.h" -#include "eccrypto.h" - -#include "aes.h" -#include "crc.h" -#include "adler32.h" -#include "md2.h" -#include "md4.h" -#include "md5.h" -#include "sha.h" -#include "tiger.h" -#include "ripemd.h" -#include "whrlpool.h" -#include "hkdf.h" -#include "poly1305.h" -#include "siphash.h" -#include "blake2.h" -#include "hmac.h" -#include "ttmac.h" -#include "integer.h" -#include "pwdbased.h" -#include "scrypt.h" -#include "filters.h" -#include "files.h" -#include "hex.h" -#include "smartptr.h" - -#include -#include -#include - +#include "cpu.h" #include "validate.h" +#include "rng.h" +#include "drbg.h" +#include "darn.h" +#include "osrng.h" +#include "rdrand.h" +#include "mersenne.h" +#include "padlkrng.h" +#include "randpool.h" + +#include "gzip.h" +#include "channels.h" + +#include +#include +#include + // Aggressive stack checking with VS2005 SP1 and above. -#if (_MSC_FULL_VER >= 140050727) +#if (_MSC_VER >= 1500) # pragma strict_gs_check (on) #endif @@ -52,1972 +38,1266 @@ NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(Test) -struct HashTestTuple +bool ValidateAll(bool thorough) { - HashTestTuple(const char *input, const char *output, unsigned int repeatTimes=1) - : input((byte *)input), output((byte *)output), inputLen(strlen(input)), repeatTimes(repeatTimes) {} + bool pass=TestSettings(); + pass=TestOS_RNG() && pass; + pass=TestRandomPool() && pass; +#if !defined(NO_OS_DEPENDENCE) && defined(OS_RNG_AVAILABLE) + pass=TestAutoSeededX917() && pass; +#endif + // pass=TestSecRandom() && pass; +#if defined(CRYPTOPP_EXTENDED_VALIDATION) + pass=TestMersenne() && pass; +#endif +#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) + pass=TestPadlockRNG() && pass; + pass=TestRDRAND() && pass; + pass=TestRDSEED() && pass; +#endif +#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) + pass=TestDARN() && pass; +#endif +#if defined(CRYPTOPP_EXTENDED_VALIDATION) + // http://github.com/weidai11/cryptopp/issues/92 + pass=TestSecBlock() && pass; + // http://github.com/weidai11/cryptopp/issues/602 + pass=TestIntegerOps() && pass; + // http://github.com/weidai11/cryptopp/issues/336 + pass=TestIntegerBitops() && pass; + // http://github.com/weidai11/cryptopp/issues/64 + pass=TestPolynomialMod2() && pass; + // http://github.com/weidai11/cryptopp/issues/360 + pass=TestRounding() && pass; + // http://github.com/weidai11/cryptopp/issues/242 + pass=TestHuffmanCodes() && pass; + // http://github.com/weidai11/cryptopp/issues/346 + pass=TestASN1Parse() && pass; + // https://github.com/weidai11/cryptopp/pull/334 + pass=TestStringSink() && pass; + // Always part of the self tests; call in Debug +# if defined(CRYPTOPP_ALTIVEC_AVAILABLE) + pass=TestAltivecOps() && pass; +# endif + // Always part of the self tests; call in Debug + pass=ValidateBaseCode() && pass; + // https://github.com/weidai11/cryptopp/issues/562 + pass=ValidateEncoder() && pass; + // Additional tests due to no coverage + pass=TestCompressors() && pass; + pass=TestSharing() && pass; + pass=TestEncryptors() && pass; + pass=TestX25519() && pass; + pass=TestEd25519() && pass; +#endif - HashTestTuple(const char *input, unsigned int inputLen, const char *output, unsigned int repeatTimes) - : input((byte *)input), output((byte *)output), inputLen(inputLen), repeatTimes(repeatTimes) {} + pass=ValidateCRC32() && pass; + pass=ValidateCRC32C() && pass; + pass=ValidateAdler32() && pass; + pass=ValidateMD2() && pass; +#if defined(CRYPTOPP_EXTENDED_VALIDATION) + pass=ValidateMD4() && pass; +#endif + pass=ValidateMD5() && pass; + pass=ValidateSHA() && pass; - const byte *input, *output; - size_t inputLen; - unsigned int repeatTimes; -}; + pass=RunTestDataFile("TestVectors/keccak.txt") && pass; + pass=RunTestDataFile("TestVectors/sha3.txt") && pass; -bool HashModuleTest(HashTransformation &md, const HashTestTuple *testSet, unsigned int testSetSize) -{ - bool pass=true, fail; - SecByteBlock digest(md.DigestSize()); + pass=ValidateHashDRBG() && pass; + pass=ValidateHmacDRBG() && pass; - // Coverity finding, also see http://stackoverflow.com/a/34509163/608639. - StreamState ss(std::cout); - for (unsigned int i=0; i= 1500) + std::copy(s, s+4, + stdext::make_checked_array_iterator(reinterpret_cast(&w), sizeof(w))); +#else + std::copy(s, s+4, reinterpret_cast(&w)); +#endif - std::cout << "\nRIPEMD-320 validation suite running...\n\n"; - RIPEMD320 md320; - pass = HashModuleTest(md320, testSet320, COUNTOF(testSet320)) && pass; + if (w == 0x04030201L) + { +#if (CRYPTOPP_LITTLE_ENDIAN) + std::cout << "passed: "; +#else + std::cout << "FAILED: "; + pass = false; +#endif + std::cout << "Your machine is little endian.\n"; + } + else if (w == 0x01020304L) + { +#if (CRYPTOPP_BIG_ENDIAN) + std::cout << "passed: "; +#else + std::cout << "FAILED: "; + pass = false; +#endif + std::cout << "Your machine is big endian.\n"; + } + else + { + std::cout << "FAILED: Your machine is neither big endian nor little endian.\n"; + pass = false; + } +#if defined(CRYPTOPP_EXTENDED_VALIDATION) + // App and library versions, http://github.com/weidai11/cryptopp/issues/371 + const int v1 = LibraryVersion(); + const int v2 = HeaderVersion(); + if(v1/10 == v2/10) + std::cout << "passed: "; + else + { + std::cout << "FAILED: "; + pass = false; + } + std::cout << "Library version (library): " << v1 << ", header version (app): " << v2 << "\n"; +#endif + + // CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS removed at Issue 682. + std::cout << "passed: Aligned data access.\n"; + + if (sizeof(byte) == 1) + std::cout << "passed: "; + else + { + std::cout << "FAILED: "; + pass = false; + } + std::cout << "sizeof(byte) == " << sizeof(byte) << "\n"; + + if (sizeof(word16) == 2) + std::cout << "passed: "; + else + { + std::cout << "FAILED: "; + pass = false; + } + std::cout << "sizeof(word16) == " << sizeof(word16) << "\n"; + + if (sizeof(word32) == 4) + std::cout << "passed: "; + else + { + std::cout << "FAILED: "; + pass = false; + } + std::cout << "sizeof(word32) == " << sizeof(word32) << "\n"; + + if (sizeof(word64) == 8) + std::cout << "passed: "; + else + { + std::cout << "FAILED: "; + pass = false; + } + std::cout << "sizeof(word64) == " << sizeof(word64) << "\n"; + +#ifdef CRYPTOPP_WORD128_AVAILABLE + if (sizeof(word128) == 16) + std::cout << "passed: "; + else + { + std::cout << "FAILED: "; + pass = false; + } + std::cout << "sizeof(word128) == " << sizeof(word128) << "\n"; +#endif + + if (sizeof(word) == 2*sizeof(hword) +#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE + && sizeof(dword) == 2*sizeof(word) +#endif + ) + std::cout << "passed: "; + else + { + std::cout << "FAILED: "; + pass = false; + } + std::cout << "sizeof(hword) == " << sizeof(hword) << ", sizeof(word) == " << sizeof(word); +#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE + std::cout << ", sizeof(dword) == " << sizeof(dword); +#endif + std::cout << "\n"; + + const int cacheLineSize = GetCacheLineSize(); + if (cacheLineSize < 16 || cacheLineSize > 256 || !IsPowerOf2(cacheLineSize)) + { + std::cout << "FAILED: "; + pass = false; + } + else + std::cout << "passed: "; + std::cout << "cacheLineSize == " << cacheLineSize << "\n"; + +#ifdef CRYPTOPP_CPUID_AVAILABLE + bool hasSSE2 = HasSSE2(); + bool hasSSSE3 = HasSSSE3(); + bool hasSSE41 = HasSSE41(); + bool hasSSE42 = HasSSE42(); + bool hasAVX = HasAVX(); + bool hasAVX2 = HasAVX2(); + bool hasAESNI = HasAESNI(); + bool hasCLMUL = HasCLMUL(); + bool hasRDRAND = HasRDRAND(); + bool hasRDSEED = HasRDSEED(); + bool hasSHA = HasSHA(); + bool isP4 = IsP4(); + + std::cout << "hasSSE2 == " << hasSSE2 << ", hasSSSE3 == " << hasSSSE3; + std::cout << ", hasSSE4.1 == " << hasSSE41 << ", hasSSE4.2 == " << hasSSE42; + std::cout << ", hasAVX == " << hasAVX << ", hasAVX2 == " << hasAVX2; + std::cout << ", hasAESNI == " << hasAESNI << ", hasCLMUL == " << hasCLMUL; + std::cout << ", hasRDRAND == " << hasRDRAND << ", hasRDSEED == " << hasRDSEED; + std::cout << ", hasSHA == " << hasSHA << ", isP4 == " << isP4; + std::cout << "\n"; + +#elif (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARMV8) + +# if defined(__arm__) + bool hasARMv7 = HasARMv7(); + bool hasNEON = HasNEON(); + + std::cout << "passed: "; + std::cout << "hasARMv7 == " << hasARMv7 << ", hasNEON == " << hasNEON << "\n"; +# else // __arch32__ and __aarch64__ + bool hasCRC32 = HasCRC32(); + bool hasPMULL = HasPMULL(); + bool hasAES = HasAES(); + bool hasSHA1 = HasSHA1(); + bool hasSHA2 = HasSHA2(); + bool hasSHA512 = HasSHA512(); + bool hasSHA3 = HasSHA3(); + bool hasSM3 = HasSM3(); + bool hasSM4 = HasSM4(); + + std::cout << "passed: "; + std::cout << ", hasCRC32 == " << hasCRC32 << ", hasAES == " << hasAES; + std::cout << ", hasPMULL == " << hasPMULL << ", hasSHA1 == " << hasSHA1; + std::cout << ", hasSHA2 == " << hasSHA2 << ", hasSHA512 == " << hasSHA512; + std::cout << ", hasSHA3 == " << hasSHA3 << ", hasSM3 == " << hasSM3; + std::cout << ", hasSM4 == " << hasSM4 << "\n"; +# endif + +#elif (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) + const bool hasAltivec = HasAltivec(); + const bool hasPower7 = HasPower7(); + const bool hasPower8 = HasPower8(); + const bool hasPower9 = HasPower9(); + const bool hasPMULL = HasPMULL(); + const bool hasAES = HasAES(); + const bool hasSHA256 = HasSHA256(); + const bool hasSHA512 = HasSHA512(); + + std::cout << "passed: "; + std::cout << "hasAltivec == " << hasAltivec << ", hasPower7 == " << hasPower7; + std::cout << ", hasPower8 == " << hasPower8 << ", hasPower9 == " << hasPower9; + std::cout << ", hasPMULL == " << hasPMULL << ", hasAES == " << hasAES; + std::cout << ", hasSHA256 == " << hasSHA256 << ", hasSHA512 == " << hasSHA512 << "\n"; + +#endif + + if (!pass) + { + std::cerr << "Some critical setting in config.h is in error. Please fix it and recompile.\n"; + std::abort(); + } return pass; } -#ifdef CRYPTOPP_REMOVED -bool ValidateHAVAL() +bool Test_RandomNumberGenerator(RandomNumberGenerator& prng, bool drain=false) { - HashTestTuple testSet[] = - { - HashTestTuple("", "\xC6\x8F\x39\x91\x3F\x90\x1F\x3D\xDF\x44\xC7\x07\x35\x7A\x7D\x70"), - HashTestTuple("a", "\x4D\xA0\x8F\x51\x4A\x72\x75\xDB\xC4\xCE\xCE\x4A\x34\x73\x85\x98\x39\x83\xA8\x30"), - HashTestTuple("HAVAL", "\x0C\x13\x96\xD7\x77\x26\x89\xC4\x67\x73\xF3\xDA\xAC\xA4\xEF\xA9\x82\xAD\xBF\xB2\xF1\x46\x7E\xEA"), - HashTestTuple("0123456789", "\xBE\xBD\x78\x16\xF0\x9B\xAE\xEC\xF8\x90\x3B\x1B\x9B\xC6\x72\xD9\xFA\x42\x8E\x46\x2B\xA6\x99\xF8\x14\x84\x15\x29"), - HashTestTuple("abcdefghijklmnopqrstuvwxyz", "\xC9\xC7\xD8\xAF\xA1\x59\xFD\x9E\x96\x5C\xB8\x3F\xF5\xEE\x6F\x58\xAE\xDA\x35\x2C\x0E\xFF\x00\x55\x48\x15\x3A\x61\x55\x1C\x38\xEE"), - HashTestTuple("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", "\xB4\x5C\xB6\xE6\x2F\x2B\x13\x20\xE4\xF8\xF1\xB0\xB2\x73\xD4\x5A\xDD\x47\xC3\x21\xFD\x23\x99\x9D\xCF\x40\x3A\xC3\x76\x36\xD9\x63") - }; + bool pass = true, result = true; + const size_t GENERATE_SIZE = 1024*10, DISCARD_SIZE = 256, ENTROPY_SIZE = 32; + if(drain) + { + RandomNumberSource(prng, UINT_MAX, true, new Redirector(TheBitBucket())); + } + + MeterFilter meter(new Redirector(TheBitBucket())); + RandomNumberSource(prng, GENERATE_SIZE, true, new Deflator(new Redirector(meter))); + + if (meter.GetTotalBytes() < GENERATE_SIZE) + { + pass = false; + result = false; + } + + if (!pass) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " " << GENERATE_SIZE << " generated bytes compressed to "; + std::cout << meter.GetTotalBytes() << " bytes by DEFLATE\n"; + + try + { + pass = true; + if(prng.CanIncorporateEntropy()) + { + SecByteBlock entropy(ENTROPY_SIZE); + GlobalRNG().GenerateBlock(entropy, entropy.SizeInBytes()); + + prng.IncorporateEntropy(entropy, entropy.SizeInBytes()); + prng.IncorporateEntropy(entropy, entropy.SizeInBytes()-1); + prng.IncorporateEntropy(entropy, entropy.SizeInBytes()-2); + prng.IncorporateEntropy(entropy, entropy.SizeInBytes()-3); + } + } + catch (const Exception& /*ex*/) + { + pass = false; + result = false; + } + + if (!pass) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " IncorporateEntropy with " << 4*ENTROPY_SIZE << " bytes\n"; + + try + { + word32 val = prng.GenerateWord32(); + val = prng.GenerateWord32((val & 0xff), 0xffffffff - (val & 0xff)); + + prng.GenerateBlock(reinterpret_cast(&val), 4); + prng.GenerateBlock(reinterpret_cast(&val), 3); + prng.GenerateBlock(reinterpret_cast(&val), 2); + prng.GenerateBlock(reinterpret_cast(&val), 1); + } + catch (const Exception&) + { + pass = false; + result = false; + } + + if (!pass) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " GenerateWord32 and Crop\n"; + + try + { + pass = true; + prng.DiscardBytes(DISCARD_SIZE); + prng.DiscardBytes(DISCARD_SIZE-1); + prng.DiscardBytes(DISCARD_SIZE-2); + prng.DiscardBytes(DISCARD_SIZE-3); + } + catch (const Exception&) + { + pass = false; + result = false; + } + + if (!pass) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " DiscardBytes with " << 4*DISCARD_SIZE << " bytes\n"; + + // Miscellaneous for code coverage + (void)prng.AlgorithmName(); // "unknown" + + CRYPTOPP_ASSERT(result); + return result; +} + +bool TestOS_RNG() +{ + bool pass = true; + + member_ptr rng; + +#ifdef BLOCKING_RNG_AVAILABLE + try {rng.reset(new BlockingRng);} + catch (const OS_RNG_Err &) {} + + if (rng.get()) + { + std::cout << "\nTesting operating system provided blocking random number generator...\n\n"; + + MeterFilter meter(new Redirector(TheBitBucket())); + RandomNumberSource test(*rng, UINT_MAX, false, new Deflator(new Redirector(meter))); + unsigned long total=0; + time_t t = time(NULLPTR), t1 = 0; + + // check that it doesn't take too long to generate a reasonable amount of randomness + while (total < 16 && (t1 < 10 || total*8 > (unsigned long)t1)) + { + test.Pump(1); + total += 1; + t1 = time(NULLPTR) - t; + } + + if (total < 16) + { + std::cout << "FAILED:"; + pass = false; + } + else + std::cout << "passed:"; + std::cout << " it took " << long(t1) << " seconds to generate " << total << " bytes" << std::endl; + + test.AttachedTransformation()->MessageEnd(); + + if (meter.GetTotalBytes() < total) + { + std::cout << "FAILED:"; + pass = false; + } + else + std::cout << "passed:"; + std::cout << " " << total << " generated bytes compressed to " << meter.GetTotalBytes() << " bytes by DEFLATE\n"; + + try + { + // Miscellaneous for code coverage + RandomNumberGenerator& prng = *rng.get(); + (void)prng.AlgorithmName(); + word32 result = prng.GenerateWord32(); + result = prng.GenerateWord32((result & 0xff), 0xffffffff - (result & 0xff)); + prng.GenerateBlock(reinterpret_cast(&result), 4); + prng.GenerateBlock(reinterpret_cast(&result), 3); + prng.GenerateBlock(reinterpret_cast(&result), 2); + prng.GenerateBlock(reinterpret_cast(&result), 1); + prng.GenerateBlock(reinterpret_cast(&result), 0); + pass = true; + } + catch (const Exception&) + { + pass = false; + } + + if (!pass) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " GenerateWord32 and Crop\n"; + } + else + std::cout << "\nNo operating system provided blocking random number generator, skipping test." << std::endl; +#endif + +#ifdef NONBLOCKING_RNG_AVAILABLE + try {rng.reset(new NonblockingRng);} + catch (OS_RNG_Err &) {} + + if (rng.get()) + { + std::cout << "\nTesting operating system provided nonblocking random number generator...\n\n"; + + pass = Test_RandomNumberGenerator(*rng.get()) && pass; + } + else + std::cout << "\nNo operating system provided non-blocking random number generator, skipping test." << std::endl; +#endif + + CRYPTOPP_ASSERT(pass); + return pass; +} + +bool TestRandomPool() +{ + member_ptr prng; bool pass=true; - std::cout << "\nHAVAL validation suite running...\n\n"; + try {prng.reset(new RandomPool);} + catch (Exception &) {} + + if(prng.get()) { - HAVAL3 md(16); - pass = HashModuleTest(md, testSet+0, 1) && pass; - } - { - HAVAL3 md(20); - pass = HashModuleTest(md, testSet+1, 1) && pass; - } - { - HAVAL4 md(24); - pass = HashModuleTest(md, testSet+2, 1) && pass; - } - { - HAVAL4 md(28); - pass = HashModuleTest(md, testSet+3, 1) && pass; - } - { - HAVAL5 md(32); - pass = HashModuleTest(md, testSet+4, 1) && pass; - } - { - HAVAL5 md(32); - pass = HashModuleTest(md, testSet+5, 1) && pass; + std::cout << "\nTesting RandomPool generator...\n\n"; + pass = Test_RandomNumberGenerator(*prng.get()) && pass; } - return pass; -} +#if !defined(NO_OS_DEPENDENCE) && defined(OS_RNG_AVAILABLE) + try {prng.reset(new AutoSeededRandomPool);} + catch (Exception &) {} + + if(prng.get()) + { + std::cout << "\nTesting AutoSeeded RandomPool generator...\n\n"; + pass = Test_RandomNumberGenerator(*prng.get()) && pass; + } #endif -bool ValidatePanama() -{ - return RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/panama.txt"); -} + // Old, PGP 2.6 style RandomPool. Added because users were still having problems + // with it in 2017. The missing functionality was a barrier to upgrades. + try {prng.reset(new OldRandomPool);} + catch (Exception &) {} -bool ValidateWhirlpool() -{ - return RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/whrlpool.txt"); -} - -#ifdef CRYPTOPP_REMOVED -bool ValidateMD5MAC() -{ - const byte keys[2][MD5MAC::KEYLENGTH]={ - {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb,0xcc,0xdd,0xee,0xff}, - {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98,0x76,0x54,0x32,0x10}}; - - const char *TestVals[7]={ - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890"}; - - const byte output[2][7][MD5MAC::DIGESTSIZE]={ - {{0x1f,0x1e,0xf2,0x37,0x5c,0xc0,0xe0,0x84,0x4f,0x98,0xe7,0xe8,0x11,0xa3,0x4d,0xa8}, - {0x7a,0x76,0xee,0x64,0xca,0x71,0xef,0x23,0x7e,0x26,0x29,0xed,0x94,0x52,0x73,0x65}, - {0xe8,0x01,0x3c,0x11,0xf7,0x20,0x9d,0x13,0x28,0xc0,0xca,0xa0,0x4f,0xd0,0x12,0xa6}, - {0xc8,0x95,0x53,0x4f,0x22,0xa1,0x74,0xbc,0x3e,0x6a,0x25,0xa2,0xb2,0xef,0xd6,0x30}, - {0x91,0x72,0x86,0x7e,0xb6,0x00,0x17,0x88,0x4c,0x6f,0xa8,0xcc,0x88,0xeb,0xe7,0xc9}, - {0x3b,0xd0,0xe1,0x1d,0x5e,0x09,0x4c,0xb7,0x1e,0x35,0x44,0xac,0xa9,0xb8,0xbf,0xa2}, - {0x93,0x37,0x16,0x64,0x44,0xcc,0x95,0x35,0xb7,0xd5,0xb8,0x0f,0x91,0xe5,0x29,0xcb}}, - {{0x2f,0x6e,0x73,0x13,0xbf,0xbb,0xbf,0xcc,0x3a,0x2d,0xde,0x26,0x8b,0x59,0xcc,0x4d}, - {0x69,0xf6,0xca,0xff,0x40,0x25,0x36,0xd1,0x7a,0xe1,0x38,0x03,0x2c,0x0c,0x5f,0xfd}, - {0x56,0xd3,0x2b,0x6c,0x34,0x76,0x65,0xd9,0x74,0xd6,0xf7,0x5c,0x3f,0xc6,0xf0,0x40}, - {0xb8,0x02,0xb2,0x15,0x4e,0x59,0x8b,0x6f,0x87,0x60,0x56,0xc7,0x85,0x46,0x2c,0x0b}, - {0x5a,0xde,0xf4,0xbf,0xf8,0x04,0xbe,0x08,0x58,0x7e,0x94,0x41,0xcf,0x6d,0xbd,0x57}, - {0x18,0xe3,0x49,0xa5,0x24,0x44,0xb3,0x0e,0x5e,0xba,0x5a,0xdd,0xdc,0xd9,0xf1,0x8d}, - {0xf2,0xb9,0x06,0xa5,0xb8,0x4b,0x9b,0x4b,0xbe,0x95,0xed,0x32,0x56,0x4e,0xe7,0xeb}}}; - - // Coverity finding, also see http://stackoverflow.com/a/34509163/608639. - StreamState ss(std::cout); - - byte digest[MD5MAC::DIGESTSIZE]; - bool pass=true, fail; - - std::cout << "\nMD5MAC validation suite running...\n"; - - for (int k=0; k<2; k++) + if(prng.get()) { - MD5MAC mac(keys[k]); - std::cout << "\nKEY: "; - for (int j=0;j XMACC_MD5; - - const byte keys[2][XMACC_MD5::KEYLENGTH]={ - {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb}, - {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98}}; - - const word32 counters[2]={0xccddeeff, 0x76543210}; - - const char *TestVals[7]={ - "", - "a", - "abc", - "message digest", - "abcdefghijklmnopqrstuvwxyz", - "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", - "12345678901234567890123456789012345678901234567890123456789012345678901234567890"}; - - const byte output[2][7][XMACC_MD5::DIGESTSIZE]={ - {{0xcc,0xdd,0xef,0x00,0xfa,0x89,0x54,0x92,0x86,0x32,0xda,0x2a,0x3f,0x29,0xc5,0x52,0xa0,0x0d,0x05,0x13}, - {0xcc,0xdd,0xef,0x01,0xae,0xdb,0x8b,0x7b,0x69,0x71,0xc7,0x91,0x71,0x48,0x9d,0x18,0xe7,0xdf,0x9d,0x5a}, - {0xcc,0xdd,0xef,0x02,0x5e,0x01,0x2e,0x2e,0x4b,0xc3,0x83,0x62,0xc2,0xf4,0xe6,0x18,0x1c,0x44,0xaf,0xca}, - {0xcc,0xdd,0xef,0x03,0x3e,0xa9,0xf1,0xe0,0x97,0x91,0xf8,0xe2,0xbe,0xe0,0xdf,0xf3,0x41,0x03,0xb3,0x5a}, - {0xcc,0xdd,0xef,0x04,0x2e,0x6a,0x8d,0xb9,0x72,0xe3,0xce,0x9f,0xf4,0x28,0x45,0xe7,0xbc,0x80,0xa9,0xc7}, - {0xcc,0xdd,0xef,0x05,0x1a,0xd5,0x40,0x78,0xfb,0x16,0x37,0xfc,0x7a,0x1d,0xce,0xb4,0x77,0x10,0xb2,0xa0}, - {0xcc,0xdd,0xef,0x06,0x13,0x2f,0x11,0x47,0xd7,0x1b,0xb5,0x52,0x36,0x51,0x26,0xb0,0x96,0xd7,0x60,0x81}}, - {{0x76,0x54,0x32,0x11,0xe9,0xcb,0x74,0x32,0x07,0x93,0xfe,0x01,0xdd,0x27,0xdb,0xde,0x6b,0x77,0xa4,0x56}, - {0x76,0x54,0x32,0x12,0xcd,0x55,0x87,0x5c,0xc0,0x35,0x85,0x99,0x44,0x02,0xa5,0x0b,0x8c,0xe7,0x2c,0x68}, - {0x76,0x54,0x32,0x13,0xac,0xfd,0x87,0x50,0xc3,0x8f,0xcd,0x58,0xaa,0xa5,0x7e,0x7a,0x25,0x63,0x26,0xd1}, - {0x76,0x54,0x32,0x14,0xe3,0x30,0xf5,0xdd,0x27,0x2b,0x76,0x22,0x7f,0xaa,0x90,0x73,0x6a,0x48,0xdb,0x00}, - {0x76,0x54,0x32,0x15,0xfc,0x57,0x00,0x20,0x7c,0x9d,0xf6,0x30,0x6f,0xbd,0x46,0x3e,0xfb,0x8a,0x2c,0x60}, - {0x76,0x54,0x32,0x16,0xfb,0x0f,0xd3,0xdf,0x4c,0x4b,0xc3,0x05,0x9d,0x63,0x1e,0xba,0x25,0x2b,0xbe,0x35}, - {0x76,0x54,0x32,0x17,0xc6,0xfe,0xe6,0x5f,0xb1,0x35,0x8a,0xf5,0x32,0x7a,0x80,0xbd,0xb8,0x72,0xee,0xae}}}; - - // Coverity finding, also see http://stackoverflow.com/a/34509163/608639. - StreamState ss(std::cout); - - byte digest[XMACC_MD5::DIGESTSIZE]; - bool pass=true, fail; - - std::cout << "\nXMACC/MD5 validation suite running...\n"; - - for (int k=0; k<2; k++) - { - XMACC_MD5 mac(keys[k], counters[k]); - std::cout << "\nKEY: "; - for (int j=0;j pbkdf; - - std::cout << "\nPKCS #12 PBKDF validation suite running...\n\n"; - pass = TestPBKDF(pbkdf, testSet, COUNTOF(testSet)) && pass; - } - - { - // from draft-ietf-smime-password-03.txt, at http://www.imc.org/draft-ietf-smime-password - PBKDF_TestTuple testSet[] = - { - {0, 5, "70617373776f7264", "1234567878563412", "D1DAA78615F287E6"}, - {0, 500, "416C6C206E2D656E746974696573206D75737420636F6D6D756E69636174652077697468206F74686572206E2d656E74697469657320766961206E2D3120656E746974656568656568656573", "1234567878563412","6A8970BF68C92CAEA84A8DF28510858607126380CC47AB2D"} - }; - - PKCS5_PBKDF2_HMAC pbkdf; - - std::cout << "\nPKCS #5 PBKDF2 validation suite running...\n\n"; - pass = TestPBKDF(pbkdf, testSet, COUNTOF(testSet)) && pass; - } - - return pass; -} - -struct HKDF_TestTuple -{ - const char *hexSecret, *hexSalt, *hexInfo, *hexExpected; - size_t len; -}; - -bool TestHKDF(KeyDerivationFunction &kdf, const HKDF_TestTuple *testSet, unsigned int testSetSize) -{ - bool pass = true; - - for (unsigned int i=0; i") : ""); - std::cout << " "; - std::cout << (tuple.hexInfo ? (strlen(tuple.hexInfo) ? tuple.hexInfo : "<0-LEN INFO>") : ""); - std::cout << " "; - enc.Put(derived, derived.size()); - std::cout << std::endl; - } - - return pass; -} - -bool ValidateHKDF() -{ - bool pass = true; - - { - // SHA-1 from RFC 5869, Appendix A, https://tools.ietf.org/html/rfc5869 - const HKDF_TestTuple testSet[] = - { - // Test Case #4 - {"0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "085a01ea1b10f36933068b56efa5ad81 a4f14b822f5b091568a9cdd4f155fda2 c22e422478d305f3f896", 42}, - // Test Case #5 - {"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "0bd770a74d1160f7c9f12cd5912a06eb ff6adcae899d92191fe4305673ba2ffe 8fa3f1a4e5ad79f3f334b3b202b2173c 486ea37ce3d397ed034c7f9dfeb15c5e 927336d0441f4c4300e2cff0d0900b52 d3b4", 82}, - // Test Case #6 - {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "", "", "0ac1af7002b3d761d1e55298da9d0506 b9ae52057220a306e07b6b87e8df21d0 ea00033de03984d34918", 42}, - // Test Case #7 - {"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c", NULLPTR, "", "2c91117204d745f3500d636a62f64f0 ab3bae548aa53d423b0d1f27ebba6f5e5 673a081d70cce7acfc48", 42} - }; - - HKDF hkdf; - - std::cout << "\nRFC 5869 HKDF(SHA-1) validation suite running...\n\n"; - pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass; - } - - { - // SHA-256 from RFC 5869, Appendix A, https://tools.ietf.org/html/rfc5869 - const HKDF_TestTuple testSet[] = - { - // Test Case #1 - {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "3cb25f25faacd57a90434f64d0362f2a 2d2d0a90cf1a5a4c5db02d56ecc4c5bf 34007208d5b887185865", 42}, - // Test Case #2 - {"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "b11e398dc80327a1c8e7f78c596a4934 4f012eda2d4efad8a050cc4c19afa97c 59045a99cac7827271cb41c65e590e09 da3275600c2f09b8367793a9aca3db71 cc30c58179ec3e87c14c01d5c1f3434f 1d87", 82}, - // Test Case #3 - {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "", "", "8da4e775a563c18f715f802a063c5a31 b8a11f5c5ee1879ec3454e5f3c738d2d 9d201395faa4b61a96c8", 42} - }; - - HKDF hkdf; - - std::cout << "\nRFC 5869 HKDF(SHA-256) validation suite running...\n\n"; - pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass; - } - - { - // SHA-512, Crypto++ generated, based on RFC 5869, https://tools.ietf.org/html/rfc5869 - const HKDF_TestTuple testSet[] = - { - // Test Case #0 - {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "832390086CDA71FB47625BB5CEB168E4 C8E26A1A16ED34D9FC7FE92C14815793 38DA362CB8D9F925D7CB", 42}, - // Test Case #0 - {"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "CE6C97192805B346E6161E821ED16567 3B84F400A2B514B2FE23D84CD189DDF1 B695B48CBD1C8388441137B3CE28F16A A64BA33BA466B24DF6CFCB021ECFF235 F6A2056CE3AF1DE44D572097A8505D9E 7A93", 82}, - // Test Case #0 - {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "", "", "F5FA02B18298A72A8C23898A8703472C 6EB179DC204C03425C970E3B164BF90F FF22D04836D0E2343BAC", 42}, - // Test Case #0 - {"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c", NULLPTR, "", "1407D46013D98BC6DECEFCFEE55F0F90 B0C7F63D68EB1A80EAF07E953CFC0A3A 5240A155D6E4DAA965BB", 42} - }; - - HKDF hkdf; - - std::cout << "\nRFC 5869 HKDF(SHA-512) validation suite running...\n\n"; - pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass; - } - - { - // Whirlpool, Crypto++ generated, based on RFC 5869, https://tools.ietf.org/html/rfc5869 - const HKDF_TestTuple testSet[] = - { - // Test Case #0 - {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "0D29F74CCD8640F44B0DD9638111C1B5 766EFED752AF358109E2E7C9CD4A28EF 2F90B2AD461FBA0744D4", 42}, - // Test Case #0 - {"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "4EBE4FE2DCCEC42661699500BE279A99 3FED90351E19373B3926FAA3A410700B2 BBF77E254CF1451AE6068D64A0904D96 6F4FF25498445A501B88F50D21E3A68A8 90E09445DC5886DD00E7F4F7C58A5121 70", 82}, - // Test Case #0 - {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "", "", "110632D0F7AEFAC31771FC66C22BB346 2614B81E4B04BA7F2B662E0BD694F564 58615F9A9CB56C57ECF2", 42}, - // Test Case #0 - {"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c" /*key*/, NULLPTR /*salt*/, "" /*info*/, "4089286EBFB23DD8A02F0C9DAA35D538 EB09CD0A8CBAB203F39083AA3E0BD313 E6F91E64F21A187510B0", 42} - }; - - HKDF hkdf; - - std::cout << "\nRFC 5869 HKDF(Whirlpool) validation suite running...\n\n"; - pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass; - } - - return pass; -} - -struct Scrypt_TestTuple -{ - const char * passwd; - const char * salt; - word64 n; - word32 r; - word32 p; - const char * expect; -}; - -bool TestScrypt(KeyDerivationFunction &pbkdf, const Scrypt_TestTuple *testSet, unsigned int testSetSize) -{ - bool pass = true; - - for (unsigned int i=0; i::StaticAlgorithmName() != "Poly1305(AES)"); - std::cout << (fail ? "FAILED " : "passed ") << "algorithm name\n"; - pass = pass && !fail; - } - - // Test data from http://cr.yp.to/mac/poly1305-20050329.pdf - const Poly1305_TestTuples tests[] = - { - // Appendix B, Test 1 - { - "\xec\x07\x4c\x83\x55\x80\x74\x17\x01\x42\x5b\x62\x32\x35\xad\xd6" // Key - "\x85\x1f\xc4\x0c\x34\x67\xac\x0b\xe0\x5c\xc2\x04\x04\xf3\xf7\x00", - "\xf3\xf6", // Message - "\xfb\x44\x73\x50\xc4\xe8\x68\xc5\x2a\xc3\x27\x5c\xf9\xd4\x32\x7e", // Nonce - "\xf4\xc6\x33\xc3\x04\x4f\xc1\x45\xf8\x4f\x33\x5c\xb8\x19\x53\xde", // Digest - 32, 2, 16, 16 - }, - // Appendix B, Test 2 - { - "\x75\xde\xaa\x25\xc0\x9f\x20\x8e\x1d\xc4\xce\x6b\x5c\xad\x3f\xbf" // Key - "\x61\xee\x09\x21\x8d\x29\xb0\xaa\xed\x7e\x15\x4a\x2c\x55\x09\xcc", - "", // Message - "\x61\xee\x09\x21\x8d\x29\xb0\xaa\xed\x7e\x15\x4a\x2c\x55\x09\xcc", // Nonce - "\xdd\x3f\xab\x22\x51\xf1\x1a\xc7\x59\xf0\x88\x71\x29\xcc\x2e\xe7", // Digest - 32, 0, 16, 16 - }, - // Appendix B, Test 3 - { - "\x6a\xcb\x5f\x61\xa7\x17\x6d\xd3\x20\xc5\xc1\xeb\x2e\xdc\xdc\x74" // Key - "\x48\x44\x3d\x0b\xb0\xd2\x11\x09\xc8\x9a\x10\x0b\x5c\xe2\xc2\x08", - "\x66\x3c\xea\x19\x0f\xfb\x83\xd8\x95\x93\xf3\xf4\x76\xb6\xbc\x24" // Message - "\xd7\xe6\x79\x10\x7e\xa2\x6a\xdb\x8c\xaf\x66\x52\xd0\x65\x61\x36", - "\xae\x21\x2a\x55\x39\x97\x29\x59\x5d\xea\x45\x8b\xc6\x21\xff\x0e", // Nonce - "\x0e\xe1\xc1\x6b\xb7\x3f\x0f\x4f\xd1\x98\x81\x75\x3c\x01\xcd\xbe", // Digest - 32, 32, 16, 16 - }, - // Appendix B, Test 4 - { - "\xe1\xa5\x66\x8a\x4d\x5b\x66\xa5\xf6\x8c\xc5\x42\x4e\xd5\x98\x2d" // Key - "\x12\x97\x6a\x08\xc4\x42\x6d\x0c\xe8\xa8\x24\x07\xc4\xf4\x82\x07", - "\xab\x08\x12\x72\x4a\x7f\x1e\x34\x27\x42\xcb\xed\x37\x4d\x94\xd1" // Message - "\x36\xc6\xb8\x79\x5d\x45\xb3\x81\x98\x30\xf2\xc0\x44\x91\xfa\xf0" - "\x99\x0c\x62\xe4\x8b\x80\x18\xb2\xc3\xe4\xa0\xfa\x31\x34\xcb\x67" - "\xfa\x83\xe1\x58\xc9\x94\xd9\x61\xc4\xcb\x21\x09\x5c\x1b\xf9", - "\x9a\xe8\x31\xe7\x43\x97\x8d\x3a\x23\x52\x7c\x71\x28\x14\x9e\x3a", // Nonce - "\x51\x54\xad\x0d\x2c\xb2\x6e\x01\x27\x4f\xc5\x11\x48\x49\x1f\x1b", // Digest - 32, 63, 16, 16 - } - }; - - unsigned int count = 0; - byte digest[Poly1305::DIGESTSIZE]; - - // Positive tests - for (unsigned int i=0; i poly1305((const byte*)tests[i].key, tests[i].klen); - poly1305.Resynchronize((const byte*)tests[i].nonce, (int)tests[i].nlen); - poly1305.Update((const byte*)tests[i].message, tests[i].mlen); - poly1305.Final(digest); - - fail = !!memcmp(digest, tests[i].digest, tests[i].dlen) != 0; - if (fail) - { - std::cout << "FAILED " << "Poly1305 test set " << count << std::endl; - } - - count++; - pass = pass && !fail; - } - - // Positive tests - for (unsigned int i=0; i poly1305((const byte*)tests[i].key, tests[i].klen,(const byte*)tests[i].nonce, (int)tests[i].nlen); - poly1305.Update((const byte*)tests[i].message, tests[i].mlen); - poly1305.Final(digest); - - fail = !!memcmp(digest, tests[i].digest, tests[i].dlen) != 0; - if (fail) - { - std::cout << "FAILED " << "Poly1305 test set " << count << std::endl; - } - - count++; - pass = pass && !fail; - } - - // Negative tests - for (unsigned int i=0; i poly1305((const byte*)tests[i].key, tests[i].klen); - poly1305.Resynchronize((const byte*)tests[i].nonce, (int)tests[i].nlen); - poly1305.Update((const byte*)tests[i].message, tests[i].mlen); - poly1305.Final(digest); - - unsigned int next = (i+1) % COUNTOF(tests); - fail = !!memcmp(digest, tests[next].digest, tests[next].dlen) == 0; - if (fail) - { - std::cout << "FAILED " << "Poly1305 test set " << count << std::endl; - } - - count++; - pass = pass && !fail; - } - - std::cout << (!pass ? "FAILED " : "passed ") << count << " message authentication codes" << std::endl; - - return pass; -} - -bool ValidateSipHash() -{ - std::cout << "\nSipHash validation suite running...\n\n"; - bool fail, pass = true, pass1=true, pass2=true, pass3=true, pass4=true; - - { - fail = (SipHash<2,4>::StaticAlgorithmName() != "SipHash-2-4"); - std::cout << (fail ? "FAILED " : "passed ") << "SipHash-2-4 algorithm name\n"; - pass = pass && !fail; - - fail = (SipHash<2,4, false>::DIGESTSIZE != 8); - std::cout << (fail ? "FAILED " : "passed ") << "SipHash-2-4 64-bit digest size\n"; - pass = pass && !fail; - - fail = (SipHash<2,4, true>::DIGESTSIZE != 16); - std::cout << (fail ? "FAILED " : "passed ") << "SipHash-2-4 128-bit digest size\n"; - pass = pass && !fail; - - fail = (SipHash<4,8>::StaticAlgorithmName() != "SipHash-4-8"); - std::cout << (fail ? "FAILED " : "passed ") << "SipHash-4-8 algorithm name\n"; - pass = pass && !fail; - - fail = (SipHash<4,8, false>::DIGESTSIZE != 8); - std::cout << (fail ? "FAILED " : "passed ") << "SipHash-4-8 64-bit digest size\n"; - pass = pass && !fail; - - fail = (SipHash<4,8, true>::DIGESTSIZE != 16); - std::cout << (fail ? "FAILED " : "passed ") << "SipHash-4-8 128-bit digest size\n"; - pass = pass && !fail; - } - - // Siphash-2-4, 64-bit MAC - { - const byte key[] = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; - SipHash<2,4, false> hash(key, 16); - byte digest[SipHash<2,4, false>::DIGESTSIZE]; - - hash.Update((const byte*)"", 0); - hash.Final(digest); - fail = !!memcmp("\x31\x0E\x0E\xDD\x47\xDB\x6F\x72", digest, COUNTOF(digest)); - pass1 = !fail && pass1; - - hash.Update((const byte*)"\x00", 1); - hash.Final(digest); - fail = !!memcmp("\xFD\x67\xDC\x93\xC5\x39\xF8\x74", digest, COUNTOF(digest)); - pass1 = !fail && pass1; - - hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06", 7); - hash.Final(digest); - fail = !!memcmp("\x37\xD1\x01\x8B\xF5\x00\x02\xAB", digest, COUNTOF(digest)); - pass1 = !fail && pass1; - - hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07", 8); - hash.Final(digest); - fail = !!memcmp("\x62\x24\x93\x9A\x79\xF5\xF5\x93", digest, COUNTOF(digest)); - pass1 = !fail && pass1; - - hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07\x08", 9); - hash.Final(digest); - fail = !!memcmp("\xB0\xE4\xA9\x0B\xDF\x82\x00\x9E", digest, COUNTOF(digest)); - pass1 = !fail && pass1; - - std::cout << (pass1 ? "passed " : "FAILED ") << "SipHash-2-4 64-bit MAC\n"; - pass = pass1 && pass; - } - - // Siphash-2-4, 128-bit MAC - { - const byte key[] = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; - SipHash<2,4, true> hash(key, 16); - byte digest[SipHash<2,4, true>::DIGESTSIZE]; - - hash.Update((const byte*)"", 0); - hash.Final(digest); - fail = !!memcmp("\xA3\x81\x7F\x04\xBA\x25\xA8\xE6\x6D\xF6\x72\x14\xC7\x55\x02\x93", digest, COUNTOF(digest)); - pass3 = !fail && pass3; - - hash.Update((const byte*)"\x00", 1); - hash.Final(digest); - fail = !!memcmp("\xDA\x87\xC1\xD8\x6B\x99\xAF\x44\x34\x76\x59\x11\x9B\x22\xFC\x45", digest, COUNTOF(digest)); - pass3 = !fail && pass3; - - hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06", 7); - hash.Final(digest); - fail = !!memcmp("\xA1\xF1\xEB\xBE\xD8\xDB\xC1\x53\xC0\xB8\x4A\xA6\x1F\xF0\x82\x39", digest, COUNTOF(digest)); - pass3 = !fail && pass3; - - hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07", 8); - hash.Final(digest); - fail = !!memcmp("\x3B\x62\xA9\xBA\x62\x58\xF5\x61\x0F\x83\xE2\x64\xF3\x14\x97\xB4", digest, COUNTOF(digest)); - pass3 = !fail && pass3; - - hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07\x08", 9); - hash.Final(digest); - fail = !!memcmp("\x26\x44\x99\x06\x0A\xD9\xBA\xAB\xC4\x7F\x8B\x02\xBB\x6D\x71\xED", digest, COUNTOF(digest)); - pass3 = !fail && pass3; - - std::cout << (pass3 ? "passed " : "FAILED ") << "SipHash-2-4 128-bit MAC\n"; - pass = pass3 && pass; - } - - // Siphash-4-8, 64-bit MAC - { - const byte key[] = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; - SipHash<4, 8, false> hash(key, 16); - byte digest[SipHash<4, 8, false>::DIGESTSIZE]; - - hash.Update((const byte*)"", 0); - hash.Final(digest); - fail = !!memcmp("\x41\xDA\x38\x99\x2B\x05\x79\xC8", digest, COUNTOF(digest)); - pass2 = !fail && pass2; - - hash.Update((const byte*)"\x00", 1); - hash.Final(digest); - fail = !!memcmp("\x51\xB8\x95\x52\xF9\x14\x59\xC8", digest, COUNTOF(digest)); - pass2 = !fail && pass2; - - hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06", 7); - hash.Final(digest); - fail = !!memcmp("\x47\xD7\x3F\x71\x5A\xBE\xFD\x4E", digest, COUNTOF(digest)); - pass2 = !fail && pass2; - - hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07", 8); - hash.Final(digest); - fail = !!memcmp("\x20\xB5\x8B\x9C\x07\x2F\xDB\x50", digest, COUNTOF(digest)); - pass2 = !fail && pass2; - - hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07\x08", 9); - hash.Final(digest); - fail = !!memcmp("\x36\x31\x9A\xF3\x5E\xE1\x12\x53", digest, COUNTOF(digest)); - pass2 = !fail && pass2; - - std::cout << (pass2 ? "passed " : "FAILED ") << "SipHash-4-8 64-bit MAC\n"; - pass = pass2 && pass; - } - - // Siphash-4-8, 128-bit MAC - { - const byte key[] = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; - SipHash<4, 8, true> hash(key, 16); - byte digest[SipHash<4, 8, true>::DIGESTSIZE]; - - hash.Update((const byte*)"", 0); - hash.Final(digest); - fail = !!memcmp("\x1F\x64\xCE\x58\x6D\xA9\x04\xE9\xCF\xEC\xE8\x54\x83\xA7\x0A\x6C", digest, COUNTOF(digest)); - pass4 = !fail && pass4; - - hash.Update((const byte*)"\x00", 1); - hash.Final(digest); - fail = !!memcmp("\x47\x34\x5D\xA8\xEF\x4C\x79\x47\x6A\xF2\x7C\xA7\x91\xC7\xA2\x80", digest, COUNTOF(digest)); - pass4 = !fail && pass4; - - hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06", 7); - hash.Final(digest); - fail = !!memcmp("\xED\x00\xE1\x3B\x18\x4B\xF1\xC2\x72\x6B\x8B\x54\xFF\xD2\xEE\xE0", digest, COUNTOF(digest)); - pass4 = !fail && pass4; - - hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07", 8); - hash.Final(digest); - fail = !!memcmp("\xA7\xD9\x46\x13\x8F\xF9\xED\xF5\x36\x4A\x5A\x23\xAF\xCA\xE0\x63", digest, COUNTOF(digest)); - pass4 = !fail && pass4; - - hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07\x08", 9); - hash.Final(digest); - fail = !!memcmp("\x9E\x73\x14\xB7\x54\x5C\xEC\xA3\x8B\x9A\x55\x49\xE4\xFB\x0B\xE8", digest, COUNTOF(digest)); - pass4 = !fail && pass4; - - std::cout << (pass4 ? "passed " : "FAILED ") << "SipHash-4-8 128-bit MAC\n"; - pass = pass4 && pass; - } - - return pass; -} - -struct BLAKE2_TestTuples -{ - const char *key, *message, *digest; - size_t klen, mlen, dlen; -}; - -bool ValidateBLAKE2s() -{ - std::cout << "\nBLAKE2s validation suite running...\n\n"; - bool fail, pass = true; - - { - fail = strcmp(BLAKE2s::StaticAlgorithmName(), "BLAKE2s") != 0; - std::cout << (fail ? "FAILED " : "passed ") << "algorithm name\n"; - pass = pass && !fail; - } - - const BLAKE2_TestTuples tests[] = { - { - NULLPTR, - NULLPTR, - "\x8F\x38", - 0, 0, 2 - }, - { - NULLPTR, - NULLPTR, - "\x36\xE9\xD2\x46", - 0, 0, 4 - }, - { - NULLPTR, - NULLPTR, - "\xEF\x2A\x8B\x78\xDD\x80\xDA\x9C", - 0, 0, 8 - }, - { - NULLPTR, - NULLPTR, - "\x64\x55\x0D\x6F\xFE\x2C\x0A\x01\xA1\x4A\xBA\x1E\xAD\xE0\x20\x0C", - 0, 0, 16 - }, - { - NULLPTR, - NULLPTR, - "\x69\x21\x7A\x30\x79\x90\x80\x94\xE1\x11\x21\xD0\x42\x35\x4A\x7C\x1F\x55\xB6\x48\x2C\xA1\xA5\x1E\x1B\x25\x0D\xFD\x1E\xD0\xEE\xF9", - 0, 0, 32 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x25\xEC\xB2\xF6\xA7\x81\x82\x57\x5D\x4B\xD7\x02\x72\x6D\xE1\x82\xBB\x1E\x21\xA8\x5D\x51\x34\xAD\xA2\x25\x8D\x7E\x21\x38\x03\xA7", - 0, 15, 32 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xD4\x1C\x69\x87\x29\x7E\xDE\x4F\x08\x9B\x66\x9B\xC7\x0E\x62\xB9\xFA\xFA\x1C\x37\xCC\x31\x29\x22\xE0\xEA\x63\xE2\xE5\x85\xAA\x9F", - 0, 16, 32 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xE0\xAD\xF2\xCC\x1F\x1F\x55\x3A\xE6\xC3\xCD\x3D\xF7\x68\xEA\x66\x9C\x32\xBE\x1D\x37\xF9\xA2\x61\xD4\x4F\x45\x26\x69\xD0\xD3\xA4", - 0, 17, 32 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x10\x42\x65\x1C\x86\x15\xC4\x87\x69\x41\x19\x1F\xB6\xD5\xC5\x1D\xEB\x4C\xA1\x8C\xAF\xEF\xEB\x79\x69\x62\x87\x0D\x6A\x5D\xEE\x20", - 0, 31, 32 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xEA\xB1\xC5\xDD\xDF\xB5\x7C\x48\xC5\xB0\xB3\xF5\xBE\x5B\x47\x6D\xBB\xF5\xA3\x5C\x21\xD3\xDD\x94\x13\xA1\x04\xB8\x14\xF9\x2D\x4B", - 0, 32, 32 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x7E\x82\x07\x49\x14\x62\x11\x96\xC5\xE8\xF3\xCB\x0F\x21\x7B\x37\xAE\x9B\x64\x58\xF4\x66\x01\xB9\x21\x23\xAC\x48\x64\x30\x83\x8F", - 0, 33, 32 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x90\xB5\xA2\x5E\x8E\xA8\xA0\xC8\x74\x85\xAE\x18\x08\x9D\x92\xEB\x14\x5A\x5D\x4E\x2C\x60\x7B\xCB\x4B\x94\xD1\x0F\xAE\x59\x33\xC1", - 0, 63, 32 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x71\x27\x28\x45\x9E\x67\xD7\xED\xB7\xAE\xFA\x88\xFF\x5C\x7E\x7B\x5D\xA9\x94\xA1\xC3\xB1\x7B\x64\xFB\xC1\x4E\x47\xCA\xDA\x45\xDD", - 0, 64, 32 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x58\x72\x3B\xB1\xBE\x18\x33\x12\x31\x5E\x6E\xF7\xF2\xB1\x84\x60\x97\x2C\x19\xD3\x01\xAF\x42\x00\xAB\xDB\x04\x26\xFC\xB0\xC1\xF8", - 0, 65, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - NULLPTR, - "\x9A\xD4\x81\xEF\x81\x6C\xAC\xB6\x59\x35\x8E\x6D\x6B\x73\xF1\xE5\xAC\x71\xD6\x6E\x8B\x12\x6B\x73\xD9\xD9\x7D\x2F\xA7\xA4\x61\xB4", - 15, 0, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x61\x8C\xBE\x19\x4B\x28\xDC\xA3\x8B\xE5\x1A\x79\x37\x45\xB4\x66\x3D\xF1\x9D\xB5\x8F\xFF\xEF\xC4\x5D\x37\x82\x25\x93\xEB\xE2\x93", - 15, 15, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xF3\xEC\x81\x61\x44\x5C\x6E\x2E\xE6\x52\x6A\xCA\x5F\xD9\x25\x74\x2A\x33\xB9\x1F\xEF\x0F\x7E\x54\x4F\x50\xC2\xFB\x04\x3C\x52\xD2", - 15, 16, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xF4\x81\x43\x6E\x2F\x4C\x5D\x09\x21\x73\x24\xDA\xA6\x23\x9E\xFD\xF8\x82\xCE\x0E\x3E\x4C\xB4\x17\xCC\x27\xCD\x1A\xAE\x90\x9B\x94", - 15, 17, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x99\x5E\x74\x8E\x96\xFE\xC0\x39\x5B\x73\xA3\xC0\x4E\xC7\xF7\xBE\x89\x83\xCD\x18\x24\x60\x60\x7B\xBC\xF5\x50\xF5\x84\xD1\x71\x6B", - 15, 31, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x21\x6E\xB9\xE2\xE4\xAF\x94\x5F\x6A\xA3\xD2\xCA\x25\x72\xFB\x8F\xDB\x95\x2F\xAC\x1C\x69\xC1\x26\x28\x31\x63\x16\x25\xA5\x2C\xF8", - 15, 32, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xE3\x71\x9F\xD8\xAE\x68\xC8\xC4\x5D\x17\xDD\x21\x33\xBB\xE1\x61\x51\x22\xC2\x3B\x00\x6E\xDD\x66\x7E\x2A\x0A\x6B\x77\xA9\x0B\x8D", - 15, 33, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xD3\xF8\x5F\x1B\xBE\x9C\x53\xCB\x7F\x5F\x5F\x62\x4D\x06\x36\x8F\xF8\x15\xA7\xF5\xEB\x77\xC6\xC5\xB4\x81\x15\x01\x82\x8D\x9D\x40", - 15, 63, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xBF\xA3\xDA\x09\xF9\xDE\x1B\xE6\x57\x4B\x55\x82\x85\x69\x79\xA1\x89\xD6\xF4\x15\x8B\x03\xFA\xAC\x6E\x00\x80\x26\xF1\x6B\xA1\x28", - 15, 64, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x77\x45\xEA\x51\x24\x46\x53\x19\x6F\xE4\xED\x6B\x54\x5C\x9B\x95\x88\xF5\xD4\x2B\x4C\x3E\xE6\xB7\xA1\xA3\x9F\xC4\x3A\x27\x1E\x45", - 15, 65, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - NULLPTR, - "\xFD\x61\x6D\xA6\x8E\xEF\x10\x24\x16\xC7\xBD\x7D\xC8\xCA\xF8\x2B\x3D\x92\x7B\xCB\xDD\x06\x8E\x7C\xCA\xA7\x72\x76\xCE\x6C\x8C\xD4", - 16, 0, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x10\x18\x97\x28\xFB\x05\x1D\xA0\xA8\xD6\x8F\x1C\xAD\x81\xFC\x7C\xA2\x6D\x41\x4B\xAA\x0C\x2A\x95\xB7\xF4\xEF\x9A\x67\xB5\x26\x5F", - 16, 15, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x9E\x3B\x50\xF3\xB5\xF4\xC9\xB3\x57\x03\x74\xF1\xB3\xA0\x4B\x3C\xC1\x71\xB4\x30\x42\xE4\x65\x90\xE5\xE2\x8A\x4D\xBA\xCD\xB1\x9F", - 16, 16, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x69\x70\x88\xAB\x61\x39\x46\xEA\x3B\xEB\x98\x98\x78\xCD\x8E\xF1\xB5\x7E\x81\xFC\x42\x7D\x46\xB8\xDA\x85\xD2\xEB\xB8\x56\xE4\xAC", - 16, 17, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xD2\xDA\xAC\x63\x09\xF1\x81\xBB\xCC\x06\x0D\xCC\xB8\xFA\x67\x08\x14\xD4\x6A\x50\xD7\x4F\xBF\x3B\x4A\x2E\x39\x4D\x45\x55\x27\x2F", - 16, 31, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xEB\xB0\xF3\x27\xC3\xC4\x35\x97\x4F\x89\x73\x5A\x4D\xEB\xBB\x4C\x7C\xE9\x0C\x3E\x13\xEB\x07\x83\x74\x67\x0A\x86\xA7\xF4\xA8\x73", - 16, 32, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xC8\x96\xC3\x3A\x26\x77\x02\x84\x5D\x95\x1B\x0D\x9F\x5C\x07\xC5\x6D\x21\x5D\x7E\x20\xF1\x2F\xE0\x45\xE3\x50\x42\x9D\x58\xB0\xEA", - 16, 33, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x8A\x3C\x9F\xA4\xAC\x78\x82\xA7\x08\x76\xB9\xE1\xED\x22\x9B\x43\x45\xF4\xD4\x01\x76\xC4\xED\x5D\xA4\x5A\x41\xDE\x28\xB8\x09\x6C", - 16, 63, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x2D\x0C\x97\xBE\xD2\xF2\x13\x40\xB9\xC8\x15\x91\x6A\x55\x86\x7A\x43\xB1\xFD\xC7\x04\x08\x1B\x58\x37\x09\x12\x80\x40\x99\x7C\xED", - 16, 64, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xF7\xC0\x08\xE1\x31\x52\x9B\x71\x87\x51\xCF\xFF\x8B\x08\xA3\x14\x32\x08\x06\x8C\x22\xAD\x83\x97\x71\x95\xC5\x2C\xFC\x66\xA4\xAD", - 16, 65, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - NULLPTR, - "\xD0\xCE\x8E\x8D\xA0\xBA\xA4\x26\x0E\xD3\x1F\xD1\x7B\x78\xE6\x18\x15\xC6\xFF\xD8\x5A\xDB\x41\x8A\xE7\x36\xF0\xE7\xB9\x87\x2B\x6A", - 17, 0, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xCB\xE4\x63\xEB\x6B\x24\x6C\x08\x55\x84\x36\x30\x8E\xFA\xC1\x6B\x97\x43\xD7\x1F\x1F\x3E\x96\xBA\x7E\x87\xF2\x42\x3E\xF5\x69\x5E", - 17, 15, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xEF\x39\x55\x9D\x92\x20\xDC\xB6\x8C\x21\x79\xD6\x7C\x51\xB7\x36\xAC\x4E\xFC\xA1\xDE\x66\xC7\xED\x40\xBF\x23\x15\xD1\x25\x82\x4B", - 17, 16, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xE3\x3E\x44\x7B\xA2\x7F\x69\x21\x09\x57\x79\x72\xE7\x4B\xE0\xC7\xCD\x54\xDC\xCD\x55\x60\x75\x61\x82\x66\xD7\x5B\x6F\x60\xDD\x73", - 17, 17, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xA9\xC4\x29\x2F\x5B\x49\x9A\xE0\x71\xE7\xFD\x65\x98\x53\x42\xC0\xC0\xF1\x75\xBC\xB5\x7B\x5C\xA1\x61\xFC\x8B\x45\x44\x54\xEC\x06", - 17, 31, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x29\x60\xBD\x05\x28\xEA\xF1\xA9\x43\xEF\x2D\x87\xC7\xB5\x27\x47\x33\xBA\xC8\x0C\x9F\x1C\xF5\x72\x62\x4C\xA7\x9E\x10\x23\x66\x76", - 17, 32, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xE2\xF1\x33\x23\x9D\xD8\xBC\x60\x1F\xB7\xD8\x21\xF5\x13\x98\xE2\x5C\x24\x0E\xC0\x60\x18\xB4\x0B\x93\xF1\x04\x25\xC5\xEC\x20\x14", - 17, 33, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xEB\x4F\x8D\xB3\xF5\x03\x72\x55\x72\xCE\xF3\x91\x22\xCD\xEA\x5A\xC4\x9A\xD0\x42\xE1\xC4\x62\x90\xCE\x11\x9E\xFD\x11\xDB\xCA\x23", - 17, 63, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xB5\x9A\xA7\x74\xDA\xB8\xDE\x5C\xBB\xC3\x5A\xFC\xF0\xD7\xAF\x51\x1E\x0F\x05\x45\xDB\xDA\xB7\xA4\xA6\x52\xB2\x9E\x0E\x23\x14\x3D", - 17, 64, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x69\xA2\x95\x6C\x87\xED\x22\x76\x0A\x53\x75\x6D\x28\xF4\xCD\xC5\xF7\xF9\x88\x51\x73\xA7\xD9\x44\x0C\x96\xB1\x5F\xE5\x57\xFE\xE3", - 17, 65, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - NULLPTR, - "\x39\x4A\xB9\x85\xDD\xFF\x59\x59\x84\x5A\xF7\x54\xD6\xFC\x19\xFB\x94\x0E\xAE\xA4\xEA\x70\x54\x3E\x0D\x7E\x9D\xC7\x8A\x22\x77\x3B", - 31, 0, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x1B\x46\x57\xC0\x48\x26\x7B\xC6\x17\xEC\xD5\x76\x89\xEE\x81\xE5\x5B\xE0\xAC\xCE\xB7\x5D\x33\x2A\xAF\xB6\xE2\xF6\xC0\xBB\x93\xE6", - 31, 15, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x53\xB3\x3A\x58\x98\xD2\x0D\x25\x61\x5A\x0C\xF5\x74\x7F\x44\x2F\x51\x70\x31\x66\x5E\x41\x5E\xBC\xF5\xF0\x03\x12\x98\x12\x90\xCC", - 31, 16, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x0B\x2C\x2A\x74\x72\x12\x18\xE1\xCE\xCD\x8A\x7E\xFC\xCE\x8D\x57\xBE\x42\x1A\xCC\xA2\x20\x24\x33\xC5\x1E\x31\x54\x1F\xB6\x45\xBD", - 31, 17, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xEF\x13\x95\xD4\x42\xC9\x9A\x04\xFE\xF0\x11\xE9\x72\xA9\x37\x74\x3E\x14\xC4\x4C\x58\x0C\xAC\x81\x4A\x75\x73\x35\x05\xC0\x81\x32", - 31, 31, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x0D\x35\xCF\x7F\x82\x08\x1E\x1B\xE9\x1E\x75\xE1\x96\x05\x9F\xBD\x63\x94\x8E\xE0\x71\xEF\x53\xDE\x79\xC6\x68\x21\xD6\x8A\x5A\xE4", - 31, 32, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x74\x0D\xCB\x50\x59\x59\xB9\x48\x52\x2B\x0B\x2A\x1F\xFC\x4F\x12\xF5\x9F\x49\x11\xED\x43\x61\xA6\x38\x8D\xF9\x35\x5C\xCD\x18\xBB", - 31, 33, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xDD\x48\xE5\xE8\x86\x8E\x61\xFF\x8A\x85\xC6\x5A\xB8\x5A\x32\xD2\x2A\x9C\xA2\xC8\xDC\xB9\xD6\x0A\x44\xD3\xF1\xB4\x8B\x5B\xD3\x80", - 31, 63, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x81\xEF\xAD\x79\x16\xE4\x29\x02\xDB\x89\x8D\xF2\xA4\x6D\xB4\xC4\x2A\x8C\xC6\x7E\xDE\x9B\xF7\x63\xB2\x10\xED\x15\xED\x0A\x0E\x3C", - 31, 64, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xEB\x54\xC4\x8A\x8F\x92\x53\x4D\xDF\x1D\x78\xCA\x98\x38\xF9\x10\xE4\x05\xCD\x6D\xB6\x82\x3B\x76\xB7\x82\x3A\xD2\x20\x77\xD4\x89", - 31, 65, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - NULLPTR, - "\x18\xE3\xCE\x19\x98\x7B\xA5\x0B\x30\xDD\x14\x4C\x16\xF2\x26\x55\xEB\xA3\x14\x09\xD6\x62\x10\xBC\x38\xBB\xC1\x4B\x5D\xAB\x05\x19", - 32, 0, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x10\x9D\x6C\xB3\x37\x9C\x9E\x2B\xC9\x1C\xF9\x79\x7A\x46\xEA\xFA\x78\x5C\xA1\x54\x83\xBD\xC2\x67\x31\xFA\x66\xAC\x5D\x4C\xE7\xAB", - 32, 15, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x76\x83\x9A\x8F\xBC\x20\x81\xD6\x09\x5C\x97\x46\xD3\xD6\xA4\xC4\xC1\x17\x8E\x3B\x14\xFC\xFD\x8F\x72\x20\xEF\xC6\x0B\xD3\xFF\x42", - 32, 16, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xEA\x0C\x05\xE6\x8F\xD6\xA6\xA1\xD9\xFC\xDA\x3C\xCB\x49\x02\xA5\xF9\x5D\x80\x9E\x89\xF6\xA2\x15\x74\x48\x84\x87\x77\x47\x6D\xBB", - 32, 17, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x98\x79\xD8\x91\x48\xB3\x12\x10\xE8\x49\x73\x38\x1B\xFA\x6C\xCA\x85\x59\xF9\xF9\xFE\xD3\xF2\x98\x9E\x9D\x5C\xE8\x1E\x59\xB3\x46", - 32, 31, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xC7\x41\x7E\x23\xDD\x7D\xB0\x84\xCA\x64\x26\x5A\xE0\x98\xD7\xF2\x29\xE4\x4C\x88\xC9\xF9\x15\x00\x19\x73\xC7\xCF\x95\xF5\x30\x68", - 32, 32, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x0F\xDA\x45\x55\xAC\x8F\xB0\x17\x1D\xF2\x41\x54\xFB\x41\x26\x16\x0C\x00\x84\x49\x3D\x54\xAE\x9F\x13\xD4\xE5\x11\x2B\x42\xB5\xF5", - 32, 33, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xF1\x1B\x54\x05\xCE\x3A\xEB\xA1\x1B\x49\x99\x43\xBF\x2C\x73\x10\x0E\x35\x6B\xEA\x40\xAC\xE5\xBC\xD8\xD5\xB0\xAE\xB2\x8E\xFB\x05", - 32, 63, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xEA\xAF\xA4\xBE\xD6\x9D\x98\x73\x5E\xDF\xFC\x35\xFD\xB8\x26\x18\xAC\x15\x9E\x2B\xB2\xF9\x36\xEC\x51\x58\x1E\xD8\x53\xB7\x11\x10", - 32, 64, 32 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xC3\x0A\xE0\xAB\xFA\x38\x3C\x3F\xBC\x44\xD3\x2A\x4F\xC8\xFA\x86\xF2\x15\x9E\x83\x75\x65\xE4\x78\x63\xED\xEF\x31\x79\xEC\x00\x21", - 32, 65, 32 - } - }; - - byte digest[BLAKE2s::DIGESTSIZE]; - for (unsigned int i=0; i(i); + old.IncorporateEntropy(seed, seed.size()); + + old.GenerateBlock(actual, sizeof(actual)); + pass = (0 == std::memcmp(actual, expected, sizeof(expected))) && pass; + + if (!pass) + std::cout << "FAILED:"; else - { - BLAKE2s blake2s((const byte*)tests[i].key, tests[i].klen, NULLPTR, 0, NULLPTR, 0, false, (unsigned int)tests[i].dlen); - blake2s.Update((const byte*)tests[i].message, tests[i].mlen); - blake2s.Final(digest); - } - - fail = !!memcmp(digest, tests[i].digest, tests[i].dlen) != 0; - if (fail) - { - std::cout << "FAILED " << "BLAKE2s test set " << i << std::endl; - } - - pass = pass && !fail; + std::cout << "passed:"; + std::cout << " Expected sequence from PGP-style RandomPool (circa 2007)\n"; } - std::cout << (!pass ? "FAILED " : "passed ") << COUNTOF(tests) << " hashes and keyed hashes" << std::endl; - return pass; } -bool ValidateBLAKE2b() +#if !defined(NO_OS_DEPENDENCE) && defined(OS_RNG_AVAILABLE) +bool TestAutoSeededX917() { - std::cout << "\nBLAKE2b validation suite running...\n\n"; - bool fail, pass = true; + // This tests Auto-Seeding and GenerateIntoBufferedTransformation. + std::cout << "\nTesting AutoSeeded X917 generator...\n\n"; + AutoSeededX917RNG prng; + return Test_RandomNumberGenerator(prng); +} +#endif + +#if defined(CRYPTOPP_EXTENDED_VALIDATION) +bool TestMersenne() +{ + std::cout << "\nTesting Mersenne Twister...\n\n"; + + member_ptr rng; + bool pass = true; + + try {rng.reset(new MT19937ar);} + catch (const PadlockRNG_Err &) {} + + if(rng.get()) { - fail = strcmp(BLAKE2b::StaticAlgorithmName(), "BLAKE2b") != 0; - std::cout << (fail ? "FAILED " : "passed ") << "algorithm name\n"; - pass = pass && !fail; + pass = Test_RandomNumberGenerator(*rng.get()); } - const BLAKE2_TestTuples tests[] = { - { - NULLPTR, - NULLPTR, - "\x12\x71\xCF\x25", - 0, 0, 4 - }, - { - NULLPTR, - NULLPTR, - "\xE4\xA6\xA0\x57\x74\x79\xB2\xB4", - 0, 0, 8 - }, - { - NULLPTR, - NULLPTR, - "\xCA\xE6\x69\x41\xD9\xEF\xBD\x40\x4E\x4D\x88\x75\x8E\xA6\x76\x70", - 0, 0, 16 - }, - { - NULLPTR, - NULLPTR, - "\x0E\x57\x51\xC0\x26\xE5\x43\xB2\xE8\xAB\x2E\xB0\x60\x99\xDA\xA1\xD1\xE5\xDF\x47\x77\x8F\x77\x87\xFA\xAB\x45\xCD\xF1\x2F\xE3\xA8", - 0, 0, 32 - }, - { - NULLPTR, - NULLPTR, - "\x78\x6A\x02\xF7\x42\x01\x59\x03\xC6\xC6\xFD\x85\x25\x52\xD2\x72\x91\x2F\x47\x40\xE1\x58\x47\x61\x8A\x86\xE2\x17\xF7\x1F\x54\x19\xD2\x5E\x10\x31\xAF\xEE\x58\x53\x13\x89\x64\x44\x93\x4E\xB0\x4B\x90\x3A\x68\x5B\x14\x48\xB7\x55\xD5\x6F\x70\x1A\xFE\x9B\xE2\xCE", - 0, 0, 64 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x2A\xF7\xA1\x34\x71\x1C\x5A\x03\xCE\xC8\xFC\xA9\x88\xD9\x9C\x8B\x99\x9A\x95\x33\x0D\xC9\x37\xBE\xE3\x3B\xB3\x0B\xAD\x1B\xE3\x7E\x4F\x66\x81\xF1\xE8\x0E\x64\xA1\x9D\xFC\x86\x83\xF1\xFE\x32\x5D\xAA\xDD\xB8\x1B\xA7\xA3\x88\x3F\x71\x1F\x04\x14\x08\x91\x16\x39", - 0, 31, 64 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x49\x9A\x63\x97\x86\x14\xB9\x50\xCC\x1D\xA0\xAB\x63\xAF\x3B\xC3\xFF\xBC\x63\xA2\x91\xE5\x2A\xD7\xA8\x11\xD6\xD4\x23\x32\x52\xCF\xA9\xD6\x5A\x19\x51\xBA\x20\xF1\x74\xEF\x7D\x82\x38\xFB\x85\x20\x82\x16\x0B\xC7\x3C\xD0\xD2\x72\x45\x75\x38\x5C\xE4\x17\xB1\xAA", - 0, 32, 64 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xA5\x5B\x85\xDD\x70\x10\xE5\x04\xD3\xB5\x10\xEF\x08\xE1\x95\x40\x19\x69\x82\x87\x44\xFD\xBF\x5B\xE8\xE2\xBB\xE3\x57\x8F\x24\x0B\xFB\x92\xD1\x50\x98\xAC\x06\xED\xC2\xBB\x93\x04\x54\x84\x35\x23\x83\xA1\xB0\x47\x91\x99\x0C\x4C\xA6\xFD\x73\x8D\xE5\x78\xA5\x5E", - 0, 33, 64 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xB8\xBC\xDA\xB9\x66\xE2\x5A\x76\x72\x38\x55\xD9\x5A\x4E\x8C\x4F\xA9\xEC\x8C\xFF\x0B\x18\x38\x98\x5C\x8C\x90\xBC\x46\x56\x24\xD7\x96\xAB\x26\x2B\x49\x14\xD0\xEE\x91\x69\x9A\x0C\xC3\xE6\xCA\x14\x55\x37\xDA\xF6\x59\x4A\x31\x78\x67\x49\x89\x0E\x84\xDC\xE7\x5D", - 0, 63, 64 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xA1\xD7\x6B\x3B\xB7\xCE\x56\x22\xD1\x13\x94\xDF\xF4\xA2\x04\xEF\x75\x85\xAF\x93\x63\x55\xBF\xCE\xAF\x01\x25\xCA\x17\x65\xC3\xD2\x6E\x67\x71\x95\x33\x18\xE7\xE4\xC1\xFA\xE0\xE6\x24\x8A\xE9\x56\xB7\x63\xE2\xBF\x8F\xB3\xA7\xD4\xD7\xFD\x1A\xC1\xAB\x1F\x17\x77", - 0, 64, 64 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xF3\x26\x82\x25\x97\xE1\x91\x53\xF8\x57\xC6\xD9\x57\x46\x09\xDF\x1E\x05\x81\xF6\x23\xEE\x8B\xBC\xFA\xA1\x9F\x21\xB6\xF3\x1D\xAD\x9F\x4E\x47\x0B\xE6\x3C\x5E\x28\xE9\x11\x1D\xAA\x52\xF2\x6B\x1A\x61\xCF\x61\x1C\xB0\x7D\xE5\x79\x14\x79\x79\xA6\x08\xDF\x76\x4B", - 0, 65, 64 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x6A\x3F\x90\x50\x84\x5D\x84\xB7\xA2\x43\xF3\xEE\x2C\x7A\x10\x50\xC4\x4C\x5E\x39\xF4\xB8\xCC\x1D\xB3\xF1\x39\x82\x77\x22\x10\x92\x36\x21\xA0\xBA\x13\xCC\x4F\xA3\x1C\x4F\xEC\x1A\x15\x29\x20\x20\x3E\x1A\x06\xEA\xF4\xFF\xCB\x44\x72\x52\x3B\xE5\xE0\x08\x79\x92", - 0, 127, 64 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xC2\xB8\x8C\x5F\xBD\x61\x0F\xAB\x04\xD3\x40\xAD\x88\x74\x02\x6B\x27\x33\x5C\x6F\x8C\xE5\x93\xC3\x2F\x1A\xE5\xE8\x42\xA6\x07\xCB\xB7\x73\x88\xF3\xF5\xFF\xDC\xBF\xCC\x87\x8F\x56\x1F\xF2\x30\x37\x02\xBE\xC3\x1D\xA7\x8F\x12\x56\x35\x03\x50\xC6\x1E\xD8\xBD\x84", - 0, 128, 64 - }, - { - NULLPTR, - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xAD\xE2\x77\xD8\x19\xA7\xBE\xF1\x4E\x47\x92\xDF\x4B\xFD\x1E\x7B\xDE\xC8\x41\x54\x31\xF6\x18\x79\x8B\x7F\x9A\x23\x3C\x6F\xA0\x56\xE6\xB3\x85\xBE\x76\x78\x88\x58\x86\x47\xEB\x48\xC5\x20\x62\xF3\x40\xA5\xB2\xB3\x3F\x33\x18\x3A\x12\xA8\xE9\x9A\x74\x9B\xE8\x8F", - 0, 129, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - NULLPTR, - "\x55\xD9\xFB\xF8\x8E\x42\x80\xBF\xE2\x75\xB8\xA7\xA1\xFA\xAD\x7D\xEA\x4B\x65\xB3\xDF\xA2\x92\xE1\xB0\x43\xB6\x36\x74\xB4\xC7\x87\x5D\x68\x02\x21\x39\x49\x0B\x69\x70\xC8\x80\x14\x82\x26\x77\x3D\x2D\x97\xAD\x01\x67\x55\x7D\x54\x62\xA0\x88\x0C\xB3\xFA\x69\x85", - 31, 0, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xBA\xD4\xD2\x86\x9D\x23\x5A\xBD\x76\x77\x0A\xD4\x28\xFD\x31\x8B\x34\xD6\xAA\x7A\x22\xB7\x2E\x8E\x09\x55\x79\xF9\xE9\xB4\x0D\xB7\xA8\x05\x0E\xAB\x17\xD9\xFC\x97\x97\xA0\x61\x40\xC6\x35\x61\xC1\x9A\x91\xF5\x69\x41\xA1\x3D\x3F\xFE\x8B\xEA\xC8\xC4\xE4\xDD\xD7", - 31, 31, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x24\x4C\x4F\xD1\x8D\x4B\xEC\xE4\x7E\x45\x25\x33\x75\xBE\x95\xCB\x5D\x20\xA0\xE7\x62\xB4\x81\x62\x74\x12\xFD\x86\x09\x4A\xBB\x35\x6B\x26\xF8\xE4\x5A\x8F\x38\xD2\xA1\x10\x89\xC1\x93\xDB\xB0\xB2\xA7\xD8\xE0\x83\x3D\xE6\x76\x18\xF6\xFE\x1A\x14\xBC\x9E\x63\xEF", - 31, 32, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x91\x58\xD9\x2B\xF2\x81\x65\xA2\xDE\x73\x9E\x9D\x15\x04\xFB\x9C\x47\x76\x04\xA3\x51\xE6\x84\xEF\x1C\xF0\xF5\xF1\x1B\x5F\xE5\x78\x39\x3D\x23\xCA\x3C\x95\xAB\xB1\xD7\xC1\xE9\x10\x4A\x6C\x51\x46\x6C\x19\x02\x48\x75\xD5\x23\x76\xCF\xCC\x64\x02\x15\xC2\xCF\xD6", - 31, 33, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xEA\xFA\xD7\x50\xFD\x93\x65\xB6\xA7\x29\x75\x07\x17\x80\xF7\xE2\xE2\xF9\x60\xF3\x9C\x9F\x06\xFC\x13\x16\x79\x66\x7A\x3A\x92\xE2\x75\x79\x71\x89\x34\x5C\x6F\x85\x76\x31\xCF\x7A\x76\xB4\x52\xF5\xDC\xC7\x39\x2A\x39\x1A\x26\xD6\x74\xEA\xF4\xC7\x44\x53\xF6\x43", - 31, 63, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x5C\x55\x87\x5A\xCA\xF3\x78\x11\x33\x91\x5C\x40\x3C\xE8\xDB\x74\xEA\x68\x4D\x76\x44\x91\x6A\x03\x72\xF7\xAA\x0B\x09\x0A\xAD\xC1\x14\xDF\xC0\x52\x83\x0C\x5A\x75\x2B\x25\x0D\x6F\x7F\x94\xBE\x48\x93\xA2\x19\xED\x2E\x4C\x4C\x47\xA3\xF4\xD0\xBD\x9D\x51\x4A\xDA", - 31, 64, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xA2\x3C\xB9\x96\xBC\x40\x61\x12\xF7\x5A\xE7\xBE\x2F\x04\xBB\xCF\x4F\x6D\x65\x65\xF8\x65\xA6\xF6\x88\x5D\x56\x57\x79\xA3\x11\x33\x37\xD1\x72\x84\xEE\x75\x56\x4E\x00\x52\xF1\x88\x07\xC6\xD6\x4D\xFB\x55\xF0\x25\x39\x70\x51\x35\x1A\x73\x85\x6D\x6B\x26\x7A\x79", - 31, 65, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x22\xEA\xC1\x75\x7B\xBF\x13\xA1\x91\x8B\x46\x89\x2A\xEC\xEB\x07\x6F\x3F\xF4\x70\x68\x8F\xD3\x6D\xE5\x5B\xB9\x03\x69\x38\xF3\x11\x2E\x1E\x6E\x24\xD9\x60\xB7\x4E\xB1\xD4\x67\x38\xBD\x1B\x45\x7C\xF9\x29\xFC\xBB\x4C\x23\x78\xE3\xE5\xFE\x4A\x2D\xED\xDA\x29\x05", - 31, 127, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x9C\xAE\xD2\x2D\x53\x1B\x52\x07\x39\x4F\xE4\x9F\xE4\x8D\x55\x2C\xC6\x00\x6D\x61\xA5\x83\xA5\xE7\x10\x3B\x34\xFD\x24\xBD\x4E\xE1\xD0\xC2\x02\x8A\xE2\x86\x57\xF3\xAC\x31\xBD\x51\xDE\xEB\x54\xFD\xEB\x84\x80\x2C\x79\x16\x28\x98\x1E\x3C\x83\x87\xDE\x14\x83\x34", - 31, 128, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xF3\x73\x96\x41\x7B\xEF\x67\xF3\x97\xF5\xCD\x8D\xFD\x79\xAA\xBC\xC7\x95\x70\x48\xC8\xC3\x89\xFE\xEC\x7B\xDB\x23\x43\x1E\xFA\x85\x51\x75\x4E\x04\xB3\xF3\xCB\xA6\x46\x58\x2A\x3E\x22\xBE\xFF\x85\x12\xC9\x2B\xE7\xA7\x93\x78\x47\xF5\xFD\xB8\x43\xAF\xBD\x11\x9A", - 31, 129, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - NULLPTR, - "\x0C\xAB\xE4\x02\x57\xEB\xAC\x85\xBC\xD6\x13\xBD\x40\x56\x58\xEC\x0B\x7F\x32\xB4\xDB\xBE\x6A\x31\x57\x60\x25\xC4\xFA\xBB\x3E\xDB\x55\x63\xE8\xD1\x27\x19\xB9\xEE\x9C\x7B\xE0\x0D\x8F\x09\xA4\x66\x5C\x32\x34\x34\xC8\x7F\x66\x00\xB7\x0B\x7B\x9C\x32\x74\xFC\x40", - 32, 0, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xA8\x09\x82\xFC\x9A\x5B\xC7\xC5\xF0\x37\x26\x7B\x86\x5D\x35\xA2\x2E\x4D\x79\xCE\xBE\x99\x56\xD6\x56\xBB\xCA\x48\x4C\xFB\x47\xD9\xF4\xBE\xA2\x7A\x3A\xA3\xA7\x91\x34\x8B\x23\xB4\x84\xD1\x66\x8A\xBC\x0F\x4E\xE4\xF1\x70\x8E\xFB\x1A\x95\x12\x2B\x2F\xFF\x49\x87", - 32, 31, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xE0\xD6\xF6\x98\xC1\x50\xBB\xBF\xC1\x65\x47\x20\xC3\x2A\xD6\xE4\x1E\x3B\x31\xC0\xBA\xCF\x7C\xF8\xF8\xA5\xDB\x17\xCF\x4B\x84\x98\x02\x2D\x23\xF6\x18\x78\x8E\x10\xE2\xD3\x53\x5D\x43\x37\x8E\x3F\x9D\x68\xD2\x99\xBB\xC8\x04\xA7\xF4\xCA\xD2\x5C\x0C\x99\xA8\xF4", - 32, 32, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x43\x62\x70\x1E\xFE\x4C\x12\x39\x03\x01\x04\xA8\x5E\xB5\x55\xE6\xE9\xE5\x55\x6A\xCE\x80\x18\x1D\x81\xA6\xBA\x87\x92\xAB\xFC\x0C\x54\x83\x09\xD2\x45\xFD\xA6\xBC\x1A\x7E\x79\x45\x74\x06\xCC\x77\x3D\x18\x77\x8C\x0D\x38\x03\xC2\x76\x2B\x91\x6F\xF7\xE8\xCA\x61", - 32, 33, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x08\x1C\xBA\x80\x31\x39\xDF\x39\x37\xBE\x58\xB7\x22\xB3\x3E\x17\x9D\xBF\xE3\xCC\x02\x3C\x60\x2B\x1A\xB8\xEF\x77\x40\x32\x5A\x23\x8F\x48\x3F\x48\x64\x5E\x35\xA6\xBE\xB5\xBE\x1E\x3C\x35\x19\x15\xDE\x87\x41\xFF\xBB\xC4\x65\xB0\xDD\x4A\x5A\x88\x96\x47\xF5\x48", - 32, 63, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xA5\x35\x83\xFB\x6B\x15\x35\x70\x70\x23\x1A\x21\xC3\xBC\x97\x6C\x9C\x59\xDA\x51\xE4\xC4\x11\xDE\x3F\x04\x4E\x0F\x11\x8B\x9F\x1D\xA5\x26\x12\xBC\x2C\x54\x03\x67\x03\x0D\xD5\xB3\xFB\x34\x67\xE7\x02\xC6\x6F\xD9\x31\x1E\xA6\x5C\xBC\xA3\xFE\x86\x2D\x12\x45\xD7", - 32, 64, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xD9\x1C\xA9\xC0\xE9\x06\xEF\x1E\xDE\xD4\x84\x42\x89\xCD\x7A\xFF\x96\x92\x3E\x43\xAE\xAC\xC6\xDA\xD5\x2E\x55\x3E\x9A\xAA\x10\x86\x2E\xE9\xE4\xEF\x56\xDF\x9D\xD2\x70\x84\x5A\xF7\xD7\xD6\x58\x99\xE9\x01\xCC\x70\xBE\x98\xE0\x20\x3E\xCB\xCB\xCD\x4A\xD0\xA7\x81", - 32, 65, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xC5\x0E\x8C\x76\x05\x2D\xA7\x43\x90\x73\x8D\x38\xB0\x6C\x9D\x83\x2C\x14\xB1\x2C\x61\x42\x19\xC9\x82\xC5\x90\xB6\xB6\xCE\x78\xFD\x73\x9A\x2A\x79\x27\xA6\xBA\xAF\xEF\xCE\x68\x1D\x00\x53\x49\x2E\x89\x1E\x4C\x13\x12\x77\x9A\x78\xA5\x0F\x2A\xE7\x73\x78\xE2\x0A", - 32, 127, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x17\xB1\x1E\x2B\xB1\xDF\x49\xFA\x9A\xD0\xD1\x6E\x79\x33\x2A\x62\xA2\x11\x3B\x5E\xE0\xEF\xA2\x49\x44\x6C\x70\xD2\x69\x69\x7F\x69\xC3\xB4\x0B\x21\x1E\x76\x43\x58\x81\x8E\xA1\x2F\x73\x75\xDB\xC3\x22\xF3\x9C\xB7\x03\x56\x49\x8C\xDE\x60\x5A\xB7\x52\x7A\xA1\x53", - 32, 128, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xE4\xF6\xE4\x01\x8A\xA6\xD0\x8D\xCF\x81\x1D\x38\x60\x5C\xB6\xF5\x83\xAA\xB2\x1F\xC0\xC8\x77\xA5\xA4\x77\xE0\x65\x55\xB7\x34\xFC\x7C\x40\x53\x6A\xEC\x32\x7D\x2A\xA3\xE8\xD0\x31\x91\xA8\x15\x11\x58\xE8\x51\xF7\xA0\xDB\xCA\x8A\x71\x6D\x5B\x19\x7B\x78\xDA\xF7", - 32, 129, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - NULLPTR, - "\x0D\x19\x8F\xB3\x01\xE3\x83\x7D\xF1\xB9\x98\xEE\x48\x47\xF5\x1D\x91\x01\xEB\x91\x4A\x85\xFA\x6A\x7E\xBA\x7C\xDB\x12\x69\x45\xD7\x15\x6F\xF2\xF5\x05\x81\x27\xA0\x4A\xE4\xE8\xCF\x43\xD8\x76\x8A\x64\xFE\x9D\x97\x61\xE1\x0B\xC1\xBE\x45\xF9\xFA\x1C\xEB\x4B\xB6", - 33, 0, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x0E\xC6\xDC\x77\xF3\x78\x55\xDE\xF9\x10\x48\x37\x28\xC6\xC1\x93\x0D\x65\x6B\x51\x20\x78\x48\x90\x10\x01\x1B\x9D\xFC\xDB\xB2\x6E\x6D\xD9\xAC\xF5\x1A\xBE\xEF\xBF\xAF\x46\x99\x61\x65\x53\x50\xA6\x08\x09\x90\x8E\x77\x36\x33\x80\xC1\xD7\x7E\xD2\x59\x8A\xA9\x51", - 33, 31, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x44\x66\x17\xF1\x0A\xDD\x2A\xCC\x5C\x23\xAF\x6D\x1B\xF8\xE6\x99\x6B\x69\x41\x82\xFD\x7D\x1D\xBD\x83\x44\xF7\x80\x1D\x96\x8F\xF6\xB5\x4A\xA2\x60\x72\x06\x7D\x06\xA6\x11\x87\x44\x27\xAF\x2D\x04\xA7\x8E\xF0\x90\x72\x7F\xED\x05\x90\x36\x27\xD9\x37\xBF\xDF\x9B", - 33, 32, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xA8\xAE\x4B\x1B\x9C\x20\x5F\xF3\xE8\xBC\xA5\xD0\x8B\xB0\x10\x1F\xB9\xFB\x10\xB5\x29\xB2\xA0\x72\x43\xD8\x75\x08\xF5\x65\x3C\xA8\xB2\x93\x92\x2F\x85\xB2\xE6\xC2\xAF\x72\x30\xDF\x50\x5F\x1F\x60\xFD\x4A\xC5\x02\x4D\xDF\x01\xBD\x83\x4F\xC7\x9A\x9E\x15\xAA\x8B", - 33, 33, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x88\x18\xC9\xDB\x3A\xD3\x29\x7F\xC3\xC0\x6A\x27\x62\x50\x06\x72\x74\x7D\x60\xAF\x53\xA8\xB0\x4D\xF2\xE2\x9E\x50\xF8\xE8\xFD\x93\x21\x11\x4D\x69\x42\xA0\xD8\x60\xFA\xDD\xEE\x95\x59\xED\x51\x5B\x29\xA9\x19\x4B\xE5\xE5\x5B\x88\x63\x06\x05\xBF\x6E\x57\x3E\xE2", - 33, 63, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x35\xEC\xD6\x75\x45\x34\xAD\x71\x93\x99\xE8\xC0\xB0\x2F\x0D\xE2\x79\xB1\x7A\x5E\xA3\x54\x59\x3F\x1B\x73\x92\xC4\xAD\x18\xEE\x56\xE1\xE6\x76\x6D\x7B\xCC\x62\xE8\x9C\x38\x56\x7B\xC4\x0A\xE4\x89\x7C\x66\x84\x8C\xB3\x99\xDE\x2E\x60\xDD\x48\xA0\x08\x0A\xDE\xA0", - 33, 64, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xBA\x5D\xDD\x7B\xE8\x47\xB7\x2D\x90\x17\x52\x66\xDD\x17\x54\xFC\x69\x59\x9D\x43\x1B\x3C\x6D\xE8\x08\x3B\xB2\xEA\xA5\x8C\xDE\xE9\x71\x69\xF5\x62\x22\x14\x67\xC9\xAC\xC2\xB7\xEA\xEA\xAF\x10\x17\xDA\xD8\x52\xFA\x45\x65\x9F\x5E\xAE\x38\xB7\xCF\x01\xD2\x66\x53", - 33, 65, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x9B\x61\x94\x75\x04\x23\x28\xED\xAF\x0C\x9B\x50\x58\xEB\x5F\xD0\x8F\x78\x16\xA7\x81\xA6\x29\xA1\xEC\x50\xA7\xE6\x41\x53\xE2\x3B\x38\x84\x28\x4C\xE7\x33\x25\xA5\xF2\xB4\xEB\x0C\x7A\x40\xEA\xA0\x39\x54\x76\x7D\x94\xDA\xE7\x2B\x67\x68\x60\xF1\xD2\x8A\x05\xA5", - 33, 127, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x9C\x18\x11\x0D\x2C\x8D\xE4\x07\x0D\x7F\x99\xB5\x0F\x88\x55\x7C\xBB\xB8\x4C\x8D\xE3\x42\x04\x32\x2C\xF0\x77\x79\xBE\x35\xE2\xEA\x0B\x4B\xA1\x44\x69\xDA\xA6\xFB\xBD\x40\xD6\x66\x5A\x99\x4E\x9E\x7B\x32\x20\xB8\xC7\x34\x3F\xCA\x66\x5C\x86\x2A\x60\x1A\x69\x74", - 33, 128, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xCB\xEC\x77\x51\x9F\xD7\xAC\x67\xEE\xB7\x8D\xAC\xB8\x1E\xE2\x8D\x3E\x17\x61\x29\xC0\x39\xF5\xDD\xB4\x5A\xC6\x8A\xBB\x40\x55\x81\x03\x7E\x58\x43\x9E\xDD\x36\x08\x04\x96\xCD\xC1\x95\xCF\xF1\x71\x20\x81\x66\x10\x89\xE3\x88\x22\xB8\x5E\x65\xA4\xC8\x8E\xAA\x2A", - 33, 129, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - NULLPTR, - "\x31\xD7\x85\x5E\xBC\xAA\x40\xE2\xEF\xA6\xD4\x35\xC7\x9E\x37\x1E\x80\xBD\x1E\x37\x72\xE6\xEF\xD6\xB1\x41\x1A\xE5\xF8\xB2\x92\x1A\xE0\xAD\x11\xBF\xF0\x57\xD5\x9A\xF8\xC4\x4C\x11\x88\x64\xDA\x88\x45\x3C\xCC\xF7\xCB\x44\x9E\x34\x23\xA3\x9D\x6D\x11\x98\x0B\xAC", - 63, 0, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x3E\x7E\xA0\x5E\x1B\x64\x0D\x9F\x5B\xDA\xF9\xB8\x56\x4E\x2D\xEC\x99\x5E\xDC\xF3\xAF\x26\xE1\x19\x4E\x1B\xC2\xA6\xDA\x2D\x41\x8A\xDD\xC2\x12\xA6\x54\x6C\x90\x98\x74\x27\x29\xF6\x2D\x94\x55\xA6\x92\x95\x4C\x8E\xD3\x23\x72\x06\xEF\x92\x38\x99\xA6\x9E\xE2\x14", - 63, 31, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x79\xA5\x33\xEA\x9A\xBC\xBF\xB9\x48\x23\xDF\x8F\x27\x7E\x96\x4A\xB9\x2D\xA7\x3D\xEE\x9E\xBE\x97\x5E\x1B\xC1\x4A\xD0\x19\xF8\xF8\xF4\x6D\x0C\x59\x94\xB3\x6C\x2E\xCA\x18\xD7\xEF\x20\x98\x21\x77\x7E\x07\xEB\x4F\x51\x0C\x82\xCE\xD3\x3F\x48\x82\xBC\x98\x3C\xBA", - 63, 32, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xF8\x34\x86\xBD\x50\xEC\xB7\x32\x3A\xCC\x9A\x93\x6B\xA6\x45\x3D\xD5\x77\x42\xC7\x88\xC1\x34\xEB\x17\xE4\x0C\x41\xB0\xDD\x4F\xC9\x83\x29\x38\x26\x64\x1C\x21\xC9\xD1\x8A\xA5\xFC\x9F\x64\x5E\xE8\x11\x17\x41\x0C\xE6\xEB\x8C\x73\x93\xF6\xB2\xEB\xEF\xC7\xB8\xBE", - 63, 33, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x9B\xDF\x77\xB9\xC0\x1F\xC9\xC5\xAA\x6B\x52\x8B\x30\x77\xE5\x1C\xD0\x09\x79\x44\x45\x6D\xB6\x1A\xFF\x1B\xEE\x54\xD1\xE9\x8D\x84\xB9\x53\x5F\x50\x50\x75\x58\x69\x7C\x5C\xEE\x86\xCC\x19\x4D\x3D\x8A\x4F\xCD\x93\x48\xEF\xAE\xBF\x95\x12\x72\x88\x45\xCB\x00\xD3", - 63, 63, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x79\x8A\xB1\xD6\x8A\x88\x62\x00\xF4\x20\xA6\xC6\x5D\x63\x7D\x2D\xEB\x91\xB9\xDA\x63\xA9\xFF\xC4\x6A\x49\x19\x30\x73\xE2\xDE\x95\x7B\x9A\xEE\x23\xAE\x58\xD9\x58\x91\xFE\x43\x9D\x82\x0B\x95\x50\xE1\x58\x1D\xA6\x93\x70\x84\x4A\x70\xE5\xC2\xED\x28\x39\x5C\x29", - 63, 64, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xD2\x0E\x26\xF0\xDE\xB8\x75\xEF\xD0\xB9\xD3\x29\x2D\x1F\x94\x46\x62\xB5\x9A\x55\xFB\xAB\x4C\x13\xFF\xB9\x62\x82\x90\x93\x04\xE6\x8B\xA5\x32\x9A\x50\xB9\x2D\xAE\x79\x6B\xC3\xE1\x3E\x58\xE1\x5F\xAB\x9B\xA7\x07\x95\x52\x8B\x60\x5C\x64\x0C\xEB\x15\x93\x16\x2A", - 63, 65, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x60\x41\x21\xAA\x32\x6A\x49\x68\xDF\xBA\xAE\x5A\xF2\x43\xE6\xA6\x7B\xB7\x4A\x4C\x0D\xD6\xE7\x32\x71\x1E\x24\xCC\x14\xD0\x5F\x5A\x94\x0A\x21\x4F\xBB\x68\xA1\x43\x78\xC8\x71\x8C\x5C\x4E\xB8\x19\x91\xA6\x5B\x1E\x59\x87\x86\xB7\x6F\x5D\xB8\xCB\xF2\xEC\x7C\x50", - 63, 127, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x5A\xC4\xD5\xD9\xA5\x67\x38\x66\x0B\x18\x67\xF7\xD8\xD3\x4E\x82\x6C\xFA\xC1\x91\x40\x73\x60\xE7\xCA\x0E\x71\x7D\x30\xC8\x55\x88\x25\x83\xCF\xB2\x55\xCA\x9B\xE9\x61\x53\x73\xCF\xB1\xB8\x40\x3F\xC1\x37\xB2\x20\xEB\x4F\x03\xC5\x15\x48\x94\xE6\xAE\xDB\xA4\x60", - 63, 128, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x0A\x3E\x43\x52\x9D\x71\xDA\x38\x49\xBC\x64\x93\xA9\x43\x78\x1E\xB2\x5B\x79\xE9\xF5\x3F\x1A\xFE\xEB\x41\xBE\x41\x33\xDA\x6B\x31\x2E\xC5\xBD\xD6\xC2\x96\xE2\x4C\xA1\x2C\x05\xA8\x52\x86\x4C\x8F\xEE\x73\x6F\x71\x71\x6D\x5B\x60\xE1\x1C\xAC\x7D\x2F\xC6\x23\x55", - 63, 129, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - NULLPTR, - "\xD9\x38\xD6\xD9\x8F\x0B\xD9\x87\x39\xA6\x59\x19\xD2\xB3\xC9\x14\x9A\x4F\xCE\x6C\x98\xB0\x6A\xF4\xF9\x58\x58\x31\x35\x0B\x57\x47\xC2\xF6\xA7\x82\xA3\x39\x61\xA8\x1B\x62\x59\x7A\x2E\xB1\xE9\xC0\xA5\x80\x3D\xA7\xC5\xD3\x93\x4B\xB2\x0A\x6E\x88\xBA\xA4\xAE\x02", - 64, 0, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xE9\x47\xAF\x37\x5E\x3D\xBF\x30\x27\x8E\x29\xE6\x39\x0A\x48\x77\x3F\xB0\x0E\x80\x86\xDF\x3B\x98\x8A\x11\x97\xA7\x3C\xBE\x9C\x4A\x23\xAC\x25\x28\xF5\xD0\x9F\xBA\xFC\xDE\xCD\x88\x85\x30\x00\x00\xA3\xC2\x51\xCF\x9A\x41\x88\x00\x02\xA6\xB5\x46\xD2\x58\xB1\xB6", - 64, 31, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x64\x24\x6B\xA8\x6C\x93\x07\xE2\x62\xC2\x35\xD6\xD9\xA7\xD1\xCD\xFA\xCE\x0A\x12\xB0\x5E\x57\x1C\xBC\x61\xDF\xFB\x59\x6C\x95\xAD\x04\xEF\x02\xCD\x89\xDD\x39\x80\x7D\x78\x3E\x55\x32\x3C\x53\x32\xF3\x91\xFE\x16\x0C\xF9\xF4\x41\xBB\x9E\xF7\xBA\xE6\x0A\xB7\x6F", - 64, 32, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xB0\x09\xE7\x5A\xBA\x9F\xED\xBE\x3C\xA4\x6A\x93\xF8\x9A\x79\x3A\x01\x8F\x06\xC6\x4A\xA6\xED\xC5\xDD\x21\xDF\x3C\x87\xD4\xBD\xC1\x0E\x29\x3E\x3F\x3B\x6A\x16\x7B\x41\xB8\xB7\x79\xC9\xB2\x16\xD0\xC2\xC2\xF8\xA7\x68\x9B\xB2\x93\x2B\x0A\x43\x58\xC0\x76\xE0\x40", - 64, 33, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x62\x47\x33\xE4\x70\xCC\xBE\x7A\x64\xE1\xBC\xF4\x37\x0E\x61\x92\xCC\x78\xA0\x1B\x26\x11\x39\x82\x36\x29\x76\xFA\x0A\x2A\x99\x52\xE5\xDC\x08\xB5\xFF\xBC\xEA\x5F\xE7\xDD\x48\xF7\x77\x36\x49\x58\x46\xA3\x53\x38\xCB\xFD\x96\x39\x2C\xDB\x01\x94\x4E\x8D\xCC\xD9", - 64, 63, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x76\x31\x38\x1F\x2B\x49\xCF\x26\xCA\x9B\xD9\x8F\x48\x09\x67\x50\x6F\x0E\xC3\x26\xC3\x44\x05\xC1\xE5\x8F\x58\x20\x80\xE0\x2F\x47\xAE\xC9\xF4\x5C\x8C\x48\x41\xA5\xF8\xBA\xD3\x24\x60\x64\xBE\x6C\x23\x15\xC8\x36\xC1\x91\xE4\x4A\x76\x8F\x2A\x8D\xBC\x22\x42\x14", - 64, 64, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x97\x13\x7E\x8C\x18\x22\x5B\x6B\xBC\x61\xF3\x9A\xB4\x10\x77\x91\x43\x80\x05\x9D\x13\x1D\xDC\xA7\x95\x1B\x41\x95\x4D\x49\x6A\xFF\x51\xE1\x03\x87\xCF\x61\x86\x21\x64\x7F\xD6\x4D\x4C\x5A\x49\xC5\xC7\x47\x18\x6F\xDB\x87\xBA\x22\xD3\x4C\xB3\x85\x76\x01\x64\x9D", - 64, 65, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\xB9\x5F\x66\xD3\x80\xDC\x88\xBF\x0F\x75\xB8\xA7\x0F\x93\xAB\xBB\x46\x34\x8C\x38\xD0\x71\x1F\x83\xAC\x80\x4A\x2C\x68\xFD\xCD\x3C\x82\x31\x83\x3B\x25\xE0\xC4\x5C\xCF\xD7\x4A\x33\x9D\x27\x2E\xC0\x2F\x44\x39\x7C\x9F\xBA\x54\x07\x0B\xA3\x5C\x71\x39\xA0\x9A\x11", - 64, 127, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x59\xB3\xCE\x2E\x95\xDB\x70\x0A\xA7\x34\xC1\x50\x70\xCA\x57\xDE\x3C\x37\x6C\xB7\x22\xF8\x99\x60\x6E\xE4\x0E\x67\xBF\x7C\x10\xC6\x7C\x16\xDE\x7A\xEF\x06\x02\x13\x3E\x57\x75\xE3\x9A\x4D\x88\xAE\x1C\x32\x07\xEC\x57\x77\x11\x53\x47\x07\x79\x9C\xA8\x60\x30\x96", - 64, 128, 64 - }, - { - "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", - "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", - "\x43\x06\xF9\x3E\x7C\xFB\xDE\x72\x5F\x83\x3E\x39\xCD\x07\x57\x89\x9B\xCD\x81\x0F\x83\x51\x56\x18\x19\xB4\x6F\xFD\xA4\x61\x86\x2E\x68\x9C\x55\x5A\xF4\xBC\x88\x46\x04\x5C\xDD\x27\xC6\xE0\x0C\x81\x07\x7C\xC5\x90\x0B\x25\x2D\xF1\xD1\x40\x01\xD8\x39\x69\x3C\x2E", - 64, 129, 64 - } - }; + // Reset state + try {rng.reset(new MT19937ar);} + catch (const PadlockRNG_Err &) {} - byte digest[BLAKE2b::DIGESTSIZE]; - for (unsigned int i=0; iGenerateBlock(reinterpret_cast(result), sizeof(result)); + pass = (0 == std::memcmp(result, expected, sizeof(expected))) && pass; + + if (!pass) + std::cout << "FAILED:"; else - { - BLAKE2b blake2b((const byte*)tests[i].key, tests[i].klen, NULLPTR, 0, NULLPTR, 0, false, (unsigned int)tests[i].dlen); - blake2b.Update((const byte*)tests[i].message, tests[i].mlen); - blake2b.Final(digest); - } - - fail = !!memcmp(digest, tests[i].digest, tests[i].dlen) != 0; - if (fail) - { - std::cout << "FAILED " << "BLAKE2b test set " << i << std::endl; - } - - pass = pass && !fail; + std::cout << "passed:"; + std::cout << " Expected sequence from MT19937\n"; } - std::cout << (!pass ? "FAILED " : "passed ") << COUNTOF(tests) << " hashes and keyed hashes" << std::endl; + return pass; +} +#endif + +#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) +bool TestPadlockRNG() +{ + std::cout << "\nTesting Padlock RNG generator...\n\n"; + + member_ptr rng; + bool pass = true, fail; + + try {rng.reset(new PadlockRNG);} + catch (const PadlockRNG_Err &) {} + + if (rng.get()) + { + PadlockRNG& padlock = dynamic_cast(*rng.get()); + pass = Test_RandomNumberGenerator(padlock); + + SecByteBlock zero(16), one(16), t(16); + std::memset(zero, 0x00, zero.size()); + std::memset( one, 0xff, one.size()); + + // Cryptography Research, Inc tests + word32 oldDivisor = padlock.SetDivisor(0); + padlock.GenerateBlock(t, t.size()); + word32 msr = padlock.GetMSR(); + padlock.SetDivisor(oldDivisor); + + // Bit 6 should be set + fail = !(msr & (1 << 6U)); + pass &= !fail; + if (fail) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " VIA RNG is activated\n"; + + // Bit 13 should be unset + fail = !!(msr & (1 << 13U)); + pass &= !fail; + if (fail) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " von Neumann corrector is activated\n"; + + // Bit 14 should be unset + fail = !!(msr & (1 << 14U)); + pass &= !fail; + if (fail) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " String filter is deactivated\n"; + + // Bit 12:10 should be unset + fail = !!(msr & (0x7 << 10U)); + pass &= !fail; + if (fail) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " Bias voltage is unmodified\n"; + + fail = false; + if (t == zero || t == one) + fail = true; + + pass &= !fail; + if (fail) + std::cout << "FAILED:"; + else + std::cout << "passed:"; + std::cout << " All 0's or all 1's test\n"; + } + else + std::cout << "Padlock RNG generator not available, skipping test.\n"; return pass; } -bool ValidateSM3() +bool TestRDRAND() { - return RunTestDataFile(CRYPTOPP_DATA_DIR "TestVectors/sm3.txt"); + std::cout << "\nTesting RDRAND generator...\n\n"; + + bool pass = true; + member_ptr rng; + + try {rng.reset(new RDRAND);} + catch (const RDRAND_Err &) {} + + if (rng.get()) + { + RDRAND& rdrand = dynamic_cast(*rng.get()); + pass = Test_RandomNumberGenerator(rdrand) && pass; + + MaurerRandomnessTest maurer; + const unsigned int SIZE = 1024*10; + RandomNumberSource(rdrand, SIZE, true, new Redirector(maurer)); + + CRYPTOPP_ASSERT(0 == maurer.BytesNeeded()); + const double mv = maurer.GetTestValue(); + if (mv < 0.98f) + pass = false; + + std::ostringstream oss; + oss.flags(std::ios::fixed); + oss.precision(6); + + if (!pass) + oss << "FAILED:"; + else + oss << "passed:"; + oss << " Maurer Randomness Test returned value " << mv << "\n"; + std::cout << oss.str(); + } + else + std::cout << "RDRAND generator not available, skipping test.\n"; + + return pass; +} + +bool TestRDSEED() +{ + std::cout << "\nTesting RDSEED generator...\n\n"; + + bool pass = true; + member_ptr rng; + + try {rng.reset(new RDSEED);} + catch (const RDSEED_Err &) {} + + if (rng.get()) + { + RDSEED& rdseed = dynamic_cast(*rng.get()); + pass = Test_RandomNumberGenerator(rdseed) && pass; + + MaurerRandomnessTest maurer; + const unsigned int SIZE = 1024*10; + RandomNumberSource(rdseed, SIZE, true, new Redirector(maurer)); + + CRYPTOPP_ASSERT(0 == maurer.BytesNeeded()); + const double mv = maurer.GetTestValue(); + if (mv < 0.98f) + pass = false; + + std::ostringstream oss; + oss.flags(std::ios::fixed); + oss.precision(6); + + if (!pass) + oss << "FAILED:"; + else + oss << "passed:"; + oss << " Maurer Randomness Test returned value " << mv << "\n"; + std::cout << oss.str(); + } + else + std::cout << "RDSEED generator not available, skipping test.\n"; + + return pass; +} +#endif // x86, x32, or x64 + +#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) +bool TestDARN() +{ + std::cout << "\nTesting DARN generator...\n\n"; + + bool pass = true; + member_ptr rng; + + try {rng.reset(new DARN);} + catch (const DARN_Err &) {} + + if (rng.get()) + { + DARN& darn = dynamic_cast(*rng.get()); + pass = Test_RandomNumberGenerator(darn) && pass; + + MaurerRandomnessTest maurer; + const unsigned int SIZE = 1024*10; + RandomNumberSource(darn, SIZE, true, new Redirector(maurer)); + + CRYPTOPP_ASSERT(0 == maurer.BytesNeeded()); + const double mv = maurer.GetTestValue(); + if (mv < 0.98f) + pass = false; + + std::ostringstream oss; + oss.flags(std::ios::fixed); + oss.precision(6); + + if (!pass) + oss << "FAILED:"; + else + oss << "passed:"; + oss << " Maurer Randomness Test returned value " << mv << "\n"; + std::cout << oss.str(); + } + else + std::cout << "DARN generator not available, skipping test.\n"; + + return pass; +} +#endif // PPC32 or PPC64 + +bool ValidateHashDRBG() +{ + std::cout << "\nTesting NIST Hash DRBGs...\n\n"; + bool pass=true, fail; + + // # CAVS 14.3 + // # DRBG800-90A information for "drbg_pr" + // # Generated on Tue Apr 02 15:32:09 2013 + + { + // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] + // [PersonalizationStringLen = 0], [AdditionalInputLen = 0], [ReturnedBitsLen = 640] + const byte entropy1[] = "\x16\x10\xb8\x28\xcc\xd2\x7d\xe0\x8c\xee\xa0\x32\xa2\x0e\x92\x08"; + const byte entropy2[] = "\x72\xd2\x8c\x90\x8e\xda\xf9\xa4\xd1\xe5\x26\xd8\xf2\xde\xd5\x44"; + const byte nonce[] = "\x49\x2c\xf1\x70\x92\x42\xf6\xb5"; + + Hash_DRBG drbg(entropy1, 16, nonce, 8); + drbg.IncorporateEntropy(entropy2, 16); + + SecByteBlock result(80); + drbg.GenerateBlock(result, result.size()); + drbg.GenerateBlock(result, result.size()); + + const byte expected[] = "\x56\xF3\x3D\x4F\xDB\xB9\xA5\xB6\x4D\x26\x23\x44\x97\xE9\xDC\xB8\x77\x98\xC6\x8D" + "\x08\xF7\xC4\x11\x99\xD4\xBD\xDF\x97\xEB\xBF\x6C\xB5\x55\x0E\x5D\x14\x9F\xF4\xD5" + "\xBD\x0F\x05\xF2\x5A\x69\x88\xC1\x74\x36\x39\x62\x27\x18\x4A\xF8\x4A\x56\x43\x35" + "\x65\x8E\x2F\x85\x72\xBE\xA3\x33\xEE\xE2\xAB\xFF\x22\xFF\xA6\xDE\x3E\x22\xAC\xA2"; + + fail = !!memcmp(result, expected, 640/8); + pass = !fail && pass; + + std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (COUNT=0, E=16, N=8)\n"; + } + + { + // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] + // [PersonalizationStringLen = 0], [AdditionalInputLen = 0], [ReturnedBitsLen = 640] + const byte entropy1[] = "\x55\x08\x75\xb7\x4e\xc1\x1f\x90\x67\x78\xa3\x1a\x37\xa3\x29\xfd"; + const byte entropy2[] = "\x96\xc6\x39\xec\x14\x9f\x6b\x28\xe2\x79\x3b\xb9\x37\x9e\x60\x67"; + const byte nonce[] = "\x08\xdd\x8c\xd3\x5b\xfa\x00\x94"; + + Hash_DRBG drbg(entropy1, 16, nonce, 8); + drbg.IncorporateEntropy(entropy2, 16); + + SecByteBlock result(80); + drbg.GenerateBlock(result, result.size()); + drbg.GenerateBlock(result, result.size()); + + const byte expected[] = "\xEE\x44\xC6\xCF\x2C\x0C\x73\xA8\xAC\x4C\xA5\x6C\x0E\x71\x2C\xA5\x50\x9A\x19\x5D" + "\xE4\x5B\x8D\x2B\xC9\x40\xA7\xDB\x66\xC3\xEB\x2A\xA1\xBD\xB4\xDD\x76\x85\x12\x45" + "\x80\x2E\x68\x05\x4A\xAB\xA8\x7C\xD6\x3A\xD3\xE5\xC9\x7C\x06\xE7\xA3\x9F\xF6\xF9" + "\x8E\xB3\xD9\x72\xD4\x11\x35\xE5\xE7\x46\x1B\x49\x9C\x56\x45\x6A\xBE\x7F\x77\xD4"; + + fail = !!memcmp(result, expected, 640/8); + pass = !fail && pass; + + std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (COUNT=1, E=16, N=8)\n"; + } + + { + // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] + // [PersonalizationStringLen = 0], [AdditionalInputLen = 128], [ReturnedBitsLen = 640] + const byte entropy1[] = "\xd9\xba\xb5\xce\xdc\xa9\x6f\x61\x78\xd6\x45\x09\xa0\xdf\xdc\x5e"; + const byte entropy2[] = "\xc6\xba\xd0\x74\xc5\x90\x67\x86\xf5\xe1\xf3\x20\x99\xf5\xb4\x91"; + const byte nonce[] = "\xda\xd8\x98\x94\x14\x45\x0e\x01"; + const byte additional1[] = "\x3e\x6b\xf4\x6f\x4d\xaa\x38\x25\xd7\x19\x4e\x69\x4e\x77\x52\xf7"; + const byte additional2[] = "\x04\xfa\x28\x95\xaa\x5a\x6f\x8c\x57\x43\x34\x3b\x80\x5e\x5e\xa4"; + const byte additional3[] = "\xdf\x5d\xc4\x59\xdf\xf0\x2a\xa2\xf0\x52\xd7\x21\xec\x60\x72\x30"; + + Hash_DRBG drbg(entropy1, 16, nonce, 8); + drbg.IncorporateEntropy(entropy2, 16, additional1, 16); + + SecByteBlock result(80); + drbg.GenerateBlock(additional2, 16, result, result.size()); + drbg.GenerateBlock(additional3, 16, result, result.size()); + + const byte expected[] = "\xC4\x8B\x89\xF9\xDA\x3F\x74\x82\x45\x55\x5D\x5D\x03\x3B\x69\x3D\xD7\x1A\x4D\xF5" + "\x69\x02\x05\xCE\xFC\xD7\x20\x11\x3C\xC2\x4E\x09\x89\x36\xFF\x5E\x77\xB5\x41\x53" + "\x58\x70\xB3\x39\x46\x8C\xDD\x8D\x6F\xAF\x8C\x56\x16\x3A\x70\x0A\x75\xB2\x3E\x59" + "\x9B\x5A\xEC\xF1\x6F\x3B\xAF\x6D\x5F\x24\x19\x97\x1F\x24\xF4\x46\x72\x0F\xEA\xBE"; + + fail = !!memcmp(result, expected, 640/8); + pass = !fail && pass; + + std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=0, E=16, N=8, A=16)\n"; + } + + { + // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] + // [PersonalizationStringLen = 0], [AdditionalInputLen = 128], [ReturnedBitsLen = 640] + const byte entropy1[] = "\x28\x00\x0f\xbf\xf0\x57\x22\xc8\x89\x93\x06\xc2\x9b\x50\x78\x0a"; + const byte entropy2[] = "\xd9\x95\x8e\x8c\x08\xaf\x5a\x41\x0e\x91\x9b\xdf\x40\x8e\x5a\x0a"; + const byte nonce[] = "\x11\x2f\x6e\x20\xc0\x29\xed\x3f"; + const byte additional1[] = "\x91\x1d\x96\x5b\x6e\x77\xa9\x6c\xfe\x3f\xf2\xd2\xe3\x0e\x2a\x86"; + const byte additional2[] = "\xcd\x44\xd9\x96\xab\x05\xef\xe8\x27\xd3\x65\x83\xf1\x43\x18\x2c"; + const byte additional3[] = "\x9f\x6a\x31\x82\x12\x18\x4e\x70\xaf\x5d\x00\x14\x1f\x42\x82\xf6"; + + Hash_DRBG drbg(entropy1, 16, nonce, 8); + drbg.IncorporateEntropy(entropy2, 16, additional1, 16); + + SecByteBlock result(80); + drbg.GenerateBlock(additional2, 16, result, result.size()); + drbg.GenerateBlock(additional3, 16, result, result.size()); + + const byte expected[] = "\x54\x61\x65\x92\x1E\x71\x4A\xD1\x39\x02\x2F\x97\xD2\x65\x3F\x0D\x47\x69\xB1\x4A" + "\x3E\x6E\xEF\xA1\xA0\x16\xD6\x9E\xA9\x7F\x51\xD5\x81\xDC\xAA\xCF\x66\xF9\xB1\xE8" + "\x06\x94\x41\xD6\xB5\xC5\x44\x60\x54\x07\xE8\xE7\xDC\x1C\xD8\xE4\x70\xAD\x84\x77" + "\x5A\x65\x31\xBE\xE0\xFC\x81\x36\xE2\x8F\x0B\xFE\xEB\xE1\x98\x62\x7E\x98\xE0\xC1"; + + fail = !!memcmp(result, expected, 640/8); + pass = !fail && pass; + + std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=1, E=16, N=8, A=16)\n"; + } + + { + // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] + // [PersonalizationStringLen = 128], [AdditionalInputLen = 0], [ReturnedBitsLen = 640] + const byte entropy1[] = "\x0e\xd5\x4c\xef\x44\x5c\x61\x7d\x58\x86\xe0\x34\xc0\x97\x36\xd4"; + const byte entropy2[] = "\x0b\x90\x27\xb8\x01\xe7\xf7\x2e\xe6\xec\x50\x2b\x8b\x6b\xd7\x11"; + const byte nonce[] = "\x2c\x8b\x07\x13\x55\x6c\x91\x6f"; + const byte personalization[] = "\xf3\x37\x8e\xa1\x45\x34\x30\x41\x12\xe0\xee\x57\xe9\xb3\x4a\x4b"; + + Hash_DRBG drbg(entropy1, 16, nonce, 8, personalization, 16); + drbg.IncorporateEntropy(entropy2, 16); + + SecByteBlock result(80); + drbg.GenerateBlock(result, result.size()); + drbg.GenerateBlock(result, result.size()); + + const byte expected[] = "\x55\x37\x0E\xD4\xB7\xCA\xA4\xBB\x67\x3A\x0F\x58\x40\xB3\x9F\x76\x4E\xDA\xD2\x85" + "\xD5\x6F\x01\x8F\x2D\xA7\x54\x4B\x0E\x66\x39\x62\x35\x96\x1D\xB7\xF6\xDA\xFB\x30" + "\xB6\xC5\x68\xD8\x40\x6E\x2B\xD4\x3D\x23\xEB\x0F\x10\xBA\x5F\x24\x9C\xC9\xE9\x4A" + "\xD3\xA5\xF1\xDF\xA4\xF2\xB4\x80\x40\x91\xED\x8C\xD6\x6D\xE7\xB7\x53\xB2\x09\xD5"; + + fail = !!memcmp(result, expected, 640/8); + pass = !fail && pass; + + std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=0, E=16, N=8, A=0, P=16)\n"; + } + + { + // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] + // [PersonalizationStringLen = 128], [AdditionalInputLen = 0], [ReturnedBitsLen = 640] + const byte entropy1[] = "\x8f\x2a\x33\x9f\x5f\x45\x21\x30\xa4\x57\xa9\x6f\xcb\xe2\xe6\x36"; + const byte entropy2[] = "\x1f\xff\x9e\x4f\x4d\x66\x3a\x1f\x9e\x85\x4a\x15\x7d\xad\x97\xe0"; + const byte nonce[] = "\x0e\xd0\xe9\xa5\xa4\x54\x8a\xd0"; + const byte personalization[] = "\x45\xe4\xb3\xe2\x63\x87\x62\x57\x2c\x99\xe4\x03\x45\xd6\x32\x6f"; + + Hash_DRBG drbg(entropy1, 16, nonce, 8, personalization, 16); + drbg.IncorporateEntropy(entropy2, 16); + + SecByteBlock result(80); + drbg.GenerateBlock(result, result.size()); + drbg.GenerateBlock(result, result.size()); + + const byte expected[] = "\x4F\xE8\x96\x41\xF8\xD3\x95\xC4\x43\x6E\xFB\xF8\x05\x75\xA7\x69\x74\x6E\x0C\x5F" + "\x54\x14\x35\xB4\xE6\xA6\xB3\x40\x7C\xA2\xC4\x42\xA2\x2F\x66\x28\x28\xCF\x4A\xA8" + "\xDC\x16\xBC\x5F\x69\xE5\xBB\x05\xD1\x43\x8F\x80\xAB\xC5\x8F\x9C\x3F\x75\x57\xEB" + "\x44\x0D\xF5\x0C\xF4\x95\x23\x94\x67\x11\x55\x98\x14\x43\xFF\x13\x14\x85\x5A\xBC"; + + fail = !!memcmp(result, expected, 640/8); + pass = !fail && pass; + + std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=1, E=16, N=8, A=0, P=16)\n"; + } + + { + // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] + // [PersonalizationStringLen = 128], [AdditionalInputLen = 16], [ReturnedBitsLen = 640] + const byte entropy1[] = "\x48\xa1\xa9\x7c\xcc\x49\xd7\xcc\xf6\xe3\x78\xa2\xf1\x6b\x0f\xcd"; + const byte entropy2[] = "\xba\x5d\xa6\x79\x12\x37\x24\x3f\xea\x60\x50\xf5\xb9\x9e\xcd\xf5"; + const byte nonce[] = "\xb0\x91\xd2\xec\x12\xa8\x39\xfe"; + const byte personalization[] = "\x3d\xc1\x6c\x1a\xdd\x9c\xac\x4e\xbb\xb0\xb8\x89\xe4\x3b\x9e\x12"; + const byte additional1[] = "\xd1\x23\xe3\x8e\x4c\x97\xe8\x29\x94\xa9\x71\x7a\xc6\xf1\x7c\x08"; + const byte additional2[] = "\x80\x0b\xed\x97\x29\xcf\xad\xe6\x68\x0d\xfe\x53\xba\x0c\x1e\x28"; + const byte additional3[] = "\x25\x1e\x66\xb9\xe3\x85\xac\x1c\x17\xfb\x77\x1b\x5d\xc7\x6c\xf2"; + + Hash_DRBG drbg(entropy1, 16, nonce, 8, personalization, 16); + drbg.IncorporateEntropy(entropy2, 16, additional1, 16); + + SecByteBlock result(80); + drbg.GenerateBlock(additional2, 16, result, result.size()); + drbg.GenerateBlock(additional3, 16, result, result.size()); + + const byte expected[] = "\xA1\xB2\xEE\x86\xA0\xF1\xDA\xB7\x93\x83\x13\x3A\x62\x27\x99\x08\x95\x3A\x1C\x9A" + "\x98\x77\x60\x12\x11\x19\xCC\x78\xB8\x51\x2B\xD5\x37\xA1\x9D\xB9\x73\xCA\x39\x7A" + "\xDD\x92\x33\x78\x6D\x5D\x41\xFF\xFA\xE9\x80\x59\x04\x85\x21\xE2\x52\x84\xBC\x6F" + "\xDB\x97\xF3\x4E\x6A\x12\x7A\xCD\x41\x0F\x50\x68\x28\x46\xBE\x56\x9E\x9A\x6B\xC8"; + + fail = !!memcmp(result, expected, 640/8); + pass = !fail && pass; + + std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=0, E=16, N=8, A=16, P=16)\n"; + } + + { + // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] + // [PersonalizationStringLen = 128], [AdditionalInputLen = 16], [ReturnedBitsLen = 640] + const byte entropy1[] = "\x3b\xcb\xa8\x3b\x6d\xfb\x06\x79\x80\xef\xc3\x1e\xd2\x9e\x68\x57"; + const byte entropy2[] = "\x2f\xc9\x87\x49\x19\xcb\x52\x4a\x5b\xac\xf0\xcd\x96\x4e\xf8\x6e"; + const byte nonce[] = "\x23\xfe\x20\x9f\xac\x70\x45\xde"; + const byte personalization[] = "\xf2\x25\xf4\xd9\x6b\x9c\xab\x49\x1e\xab\x18\x14\xb2\x5e\x78\xef"; + const byte additional1[] = "\x57\x5b\x9a\x11\x32\x7a\xab\x89\x08\xfe\x46\x11\x9a\xed\x14\x5d"; + const byte additional2[] = "\x5d\x19\xcd\xed\xb7\xe3\x44\x66\x8e\x11\x42\x96\xa0\x38\xb1\x7f"; + const byte additional3[] = "\x2b\xaf\xa0\x15\xed\xdd\x5c\x76\x32\x75\x34\x35\xd1\x37\x72\xfb"; + + Hash_DRBG drbg(entropy1, 16, nonce, 8, personalization, 16); + drbg.IncorporateEntropy(entropy2, 16, additional1, 16); + + SecByteBlock result(80); + drbg.GenerateBlock(additional2, 16, result, result.size()); + drbg.GenerateBlock(additional3, 16, result, result.size()); + + const byte expected[] = "\x1D\x12\xEB\x6D\x42\x60\xBD\xFB\xA7\x99\xB8\x53\xCC\x6F\x19\xB1\x64\xFE\x2F\x55" + "\xBA\xA2\x1C\x89\xD4\xD0\xE9\xB4\xBA\xD4\xE5\xF8\xC5\x30\x06\x41\xBA\xC4\x3D\x2B" + "\x73\x91\x27\xE9\x31\xC0\x55\x55\x11\xE8\xB6\x57\x02\x0D\xCE\x90\xAC\x31\xB9\x00" + "\x31\xC1\xD4\x4F\xE7\x12\x3B\xCC\x85\x16\x2F\x12\x8F\xB2\xDF\x84\x4E\xF7\x06\xBE"; + + fail = !!memcmp(result, expected, 640/8); + pass = !fail && pass; + + std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA1/128/440 (C0UNT=1, E=16, N=8, A=16, P=16)\n"; + } + + { + // [SHA-256], [PredictionResistance = False], [EntropyInputLen = 256], [NonceLen = 128] + // [PersonalizationStringLen = 256], [AdditionalInputLen = 256], [ReturnedBitsLen = 1024] + const byte entropy1[] = "\xf0\x5b\xab\x56\xc7\xac\x6e\xeb\x31\xa0\xcf\x8a\x8a\x06\x2a\x49\x17\x9a\xcf\x3c\x5b\x20\x4d\x60\xdd\x7a\x3e\xb7\x8f\x5d\x8e\x3b"; + const byte entropy2[] = "\x72\xd4\x02\xa2\x59\x7b\x98\xa3\xb8\xf5\x0b\x71\x6c\x63\xc6\xdb\xa7\x3a\x07\xe6\x54\x89\x06\x3f\x02\xc5\x32\xf5\xda\xc4\xd4\x18"; + const byte nonce[] = "\xa1\x45\x08\x53\x41\x68\xb6\x88\xf0\x5f\x1e\x41\x9c\x88\xcc\x30"; + const byte personalization[] = "\xa0\x34\x72\xf4\x04\x59\xe2\x87\xea\xcb\x21\x32\xc0\xb6\x54\x02\x7d\xa3\xe6\x69\x25\xb4\x21\x25\x54\xc4\x48\x18\x8c\x0e\x86\x01"; + const byte additional1[] = "\xb3\x0d\x28\xaf\xa4\x11\x6b\xbc\x13\x6e\x65\x09\xb5\x82\xa6\x93\xbc\x91\x71\x40\x46\xaa\x3c\x66\xb6\x77\xb3\xef\xf9\xad\xfd\x49"; + const byte additional2[] = "\x77\xfd\x1d\x68\xd6\xa4\xdd\xd5\xf3\x27\x25\x2d\x3f\x6b\xdf\xee\x8c\x35\xce\xd3\x83\xbe\xaf\xc9\x32\x77\xef\xf2\x1b\x6f\xf4\x1b"; + const byte additional3[] = "\x59\xa0\x1f\xf8\x6a\x58\x72\x1e\x85\xd2\xf8\x3f\x73\x99\xf1\x96\x4e\x27\xf8\x7f\xcd\x1b\xf5\xc1\xeb\xf3\x37\x10\x9b\x13\xbd\x24"; + + Hash_DRBG drbg(entropy1, 32, nonce, 16, personalization, 32); + drbg.IncorporateEntropy(entropy2, 32, additional1, 32); + + SecByteBlock result(128); + drbg.GenerateBlock(additional2, 32, result, result.size()); + drbg.GenerateBlock(additional3, 32, result, result.size()); + + const byte expected[] = "\xFF\x27\x96\x38\x5C\x32\xBF\x84\x3D\xFA\xBB\xF0\x3E\x70\x5A\x39\xCB\xA3\x4C\xF1" + "\x4F\xAE\xC3\x05\x63\xDF\x5A\xDD\xBD\x2D\x35\x83\xF5\x7E\x05\xF9\x40\x30\x56\x18" + "\xF2\x00\x88\x14\x03\xC2\xD9\x81\x36\x39\xE6\x67\x55\xDC\xFC\x4E\x88\xEA\x71\xDD" + "\xB2\x25\x2E\x09\x91\x49\x40\xEB\xE2\x3D\x63\x44\xA0\xF4\xDB\x5E\xE8\x39\xE6\x70" + "\xEC\x47\x24\x3F\xA0\xFC\xF5\x13\x61\xCE\x53\x98\xAA\xBF\xB4\x19\x1B\xFE\xD5\x00" + "\xE1\x03\x3A\x76\x54\xFF\xD7\x24\x70\x5E\x8C\xB2\x41\x7D\x92\x0A\x2F\x4F\x27\xB8" + "\x45\x13\x7F\xFB\x87\x90\xA9\x49"; + + fail = !!memcmp(result, expected, 1024/8); + pass = !fail && pass; + + std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA256/128/440 (C0UNT=0, E=32, N=16, A=32, P=32)\n"; + } + + { + // [SHA-256], [PredictionResistance = False], [EntropyInputLen = 256], [NonceLen = 128] + // [PersonalizationStringLen = 256], [AdditionalInputLen = 256], [ReturnedBitsLen = 1024] + const byte entropy1[] = "\xfe\x61\x50\x79\xf1\xad\x2a\x71\xea\x7f\x0f\x5a\x14\x34\xee\xc8\x46\x35\x54\x4a\x95\x6a\x4f\xbd\x64\xff\xba\xf6\x1d\x34\x61\x83"; + const byte entropy2[] = "\x18\x89\x7b\xd8\x3e\xff\x38\xab\xb5\x6e\x82\xa8\x1b\x8c\x5e\x59\x3c\x3d\x85\x62\x2a\xe2\x88\xe5\xb2\xc6\xc5\xd2\xad\x7d\xc9\x45"; + const byte nonce[] = "\x9d\xa7\x87\x56\xb7\x49\x17\x02\x4c\xd2\x00\x65\x11\x9b\xe8\x7e"; + const byte personalization[] = "\x77\x5d\xbf\x32\xf3\x5c\xf3\x51\xf4\xb8\x1c\xd3\xfa\x7f\x65\x0b\xcf\x31\x88\xa1\x25\x57\x0c\xdd\xac\xaa\xfe\xa1\x7b\x3b\x29\xbc"; + const byte additional1[] = "\xef\x96\xc7\x9c\xb1\x73\x1d\x82\x85\x0a\x6b\xca\x9b\x5c\x34\x39\xba\xd3\x4e\x4d\x82\x6f\x35\x9f\x61\x5c\xf6\xf2\xa3\x3e\x91\x05"; + const byte additional2[] = "\xaf\x25\xc4\x6e\x21\xfc\xc3\xaf\x1f\xbb\xf8\x76\xb4\x57\xab\x1a\x94\x0a\x85\x16\x47\x81\xa4\xab\xda\xc8\xab\xca\xd0\x84\xda\xae"; + const byte additional3[] = "\x59\x5b\x44\x94\x38\x86\x36\xff\x8e\x45\x1a\x0c\x42\xc8\xcc\x21\x06\x38\x3a\xc5\xa6\x30\x96\xb9\x14\x81\xb3\xa1\x2b\xc8\xcd\xf6"; + + Hash_DRBG drbg(entropy1, 32, nonce, 16, personalization, 32); + drbg.IncorporateEntropy(entropy2, 32, additional1, 32); + + SecByteBlock result(128); + drbg.GenerateBlock(additional2, 32, result, result.size()); + drbg.GenerateBlock(additional3, 32, result, result.size()); + + const byte expected[] = "\x8B\x1C\x9C\x76\xC4\x9B\x3B\xAE\xFD\x6E\xEB\x6C\xFF\xA3\xA1\x03\x3A\x8C\xAF\x09" + "\xFE\xBD\x44\x00\xFC\x0F\xD3\xA8\x26\x9C\xEE\x01\xAC\xE3\x73\x0E\xBE\xDA\x9A\xC6" + "\x23\x44\x6D\xA1\x56\x94\x29\xEC\x4B\xCD\x01\x84\x32\x25\xEF\x00\x91\x0B\xCC\xF3" + "\x06\x3B\x80\xF5\x46\xAC\xD2\xED\x5F\x70\x2B\x56\x2F\x21\x0A\xE9\x80\x87\x38\xAD" + "\xB0\x2A\xEB\x27\xF2\xD9\x20\x2A\x66\x0E\xF5\xC9\x20\x4A\xB4\x3C\xCE\xD6\x24\x97" + "\xDB\xB1\xED\x94\x12\x6A\x2F\x03\x98\x4A\xD4\xD1\x72\xF3\x7A\x66\x74\x7E\x2A\x5B" + "\xDE\xEF\x43\xBC\xB9\x8C\x49\x01"; + + fail = !!memcmp(result, expected, 1024/8); + pass = !fail && pass; + + std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA256/128/440 (C0UNT=1, E=32, N=16, A=32, P=32)\n"; + } + + { + // [SHA-512], [PredictionResistance = False], [EntropyInputLen = 256], [NonceLen = 128] + // [PersonalizationStringLen = 256], [AdditionalInputLen = 256], [ReturnedBitsLen = 2048] + const byte entropy1[] = "\x55\x4e\x8f\xfd\xc4\x9a\xd8\xf9\x9a\xe5\xd5\xf8\x1a\xf5\xda\xfb\x7f\x75\x53\xd7\xcb\x56\x8e\xa7\x3c\xc0\x82\xdd\x80\x76\x25\xc0"; + const byte entropy2[] = "\x78\x07\x3e\x86\x79\x4b\x10\x95\x88\xf4\x22\xf9\xbd\x04\x7e\xc0\xce\xab\xd6\x78\x6b\xdf\xe2\x89\xb3\x16\x43\x9c\x32\x2d\xb2\x59"; + const byte nonce[] = "\xf0\x89\x78\xde\x2d\xc2\xcd\xd9\xc0\xfd\x3d\x84\xd9\x8b\x8e\x8e"; + const byte personalization[] = "\x3e\x52\x7a\xb5\x81\x2b\x0c\x0e\x98\x2a\x95\x78\x93\x98\xd9\xeb\xf1\xb9\xeb\xd6\x1d\x02\x05\xed\x42\x21\x2d\x24\xb8\x37\xf8\x41"; + const byte additional1[] = "\xf2\x6b\xb1\xef\x30\xca\x8f\x97\xc0\x19\xd0\x79\xe5\xc6\x5e\xae\xd1\xa3\x9a\x52\xaf\x12\xe8\x28\xde\x03\x70\x79\x9a\x70\x11\x8b"; + const byte additional2[] = "\xb0\x9d\xb5\xa8\x45\xec\x79\x7a\x4b\x60\x7e\xe4\xd5\x58\x56\x70\x35\x20\x9b\xd8\xe5\x01\x6c\x78\xff\x1f\x6b\x93\xbf\x7c\x34\xca"; + const byte additional3[] = "\x45\x92\x2f\xb3\x5a\xd0\x6a\x84\x5f\xc9\xca\x16\x4a\x42\xbb\x59\x84\xb4\x38\x57\xa9\x16\x23\x48\xf0\x2f\x51\x61\x24\x35\xb8\x62"; + + Hash_DRBG drbg(entropy1, 32, nonce, 16, personalization, 32); + drbg.IncorporateEntropy(entropy2, 32, additional1, 32); + + SecByteBlock result(256); + drbg.GenerateBlock(additional2, 32, result, result.size()); + drbg.GenerateBlock(additional3, 32, result, result.size()); + + const byte expected[] = "\x1F\x20\x83\x9E\x22\x55\x3B\x1E\x6C\xD4\xF6\x3A\x47\xC3\x99\x54\x0F\x69\xA3\xBB" + "\x37\x47\xA0\x2A\x12\xAC\xC7\x00\x85\xC5\xCC\xF4\x7B\x12\x5A\x4A\xEA\xED\x2F\xE5" + "\x31\x51\x0D\xC1\x8E\x50\x29\xE2\xA6\xCB\x8F\x34\xBA\xDA\x8B\x47\x32\x33\x81\xF1" + "\x2D\xF6\x8B\x73\x8C\xFF\x15\xC8\x8E\x8C\x31\x48\xFA\xC3\xC4\x9F\x52\x81\x23\xC2" + "\x2A\x83\xBD\xF1\x44\xEF\x15\x49\x93\x44\x83\x6B\x37\x5D\xBB\xFF\x72\xD2\x86\x96" + "\x62\xF8\x4D\x12\x3B\x16\xCB\xAC\xA1\x00\x12\x1F\x94\xA8\xD5\xAE\x9A\x9E\xDA\xC8" + "\xD7\x6D\x59\x33\xFD\x55\xC9\xCC\x5B\xAD\x39\x73\xB5\x13\x8B\x96\xDF\xDB\xF5\x90" + "\x81\xDF\x68\x6A\x30\x72\x42\xF2\x74\xAE\x7F\x1F\x7F\xFE\x8B\x3D\x49\x38\x98\x34" + "\x7C\x63\x46\x6E\xAF\xFA\xCB\x06\x06\x08\xE6\xC8\x35\x3C\x68\xB8\xCC\x9D\x5C\xDF" + "\xDB\xC0\x41\x44\x48\xE6\x11\xD4\x78\x50\x81\x91\xED\x1D\x75\xF3\xBD\x79\xFF\x1E" + "\x37\xAF\xC6\x5D\x49\xD6\x5C\xAC\x5B\xCB\xD6\x91\x37\x51\xFA\x98\x70\xFC\x32\xB3" + "\xF2\x86\xE4\xED\x74\xF2\x5D\x8B\x6C\x4D\xB8\xDE\xD8\x4A\xD6\x5E\xD6\x6D\xAE\xB1" + "\x1B\xA2\x94\x52\x54\xAD\x3C\x3D\x25\xBD\x12\x46\x3C\xA0\x45\x9D"; + + fail = !!memcmp(result, expected, 2048/8); + pass = !fail && pass; + + std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA512/256/888 (C0UNT=0, E=32, N=16, A=32, P=32)\n"; + } + + { + // [SHA-512], [PredictionResistance = False], [EntropyInputLen = 256], [NonceLen = 128] + // [PersonalizationStringLen = 256], [AdditionalInputLen = 256], [ReturnedBitsLen = 2048] + const byte entropy1[] = "\x0c\x9f\xcd\x06\x21\x3c\xb2\xf6\x3c\xdf\x79\x76\x4b\x46\x74\xfc\xdf\x68\xb0\xff\xae\xc7\x21\x8a\xa2\xaf\x4e\x4c\xb9\xe6\x60\x78"; + const byte entropy2[] = "\x75\xb8\x49\x54\xdf\x30\x10\x16\x2c\x06\x8c\x12\xeb\x6c\x1d\x03\x64\x5c\xad\x10\x5c\xc3\x17\x69\xb2\x5a\xc1\x7c\xb8\x33\x5b\x45"; + const byte nonce[] = "\x43\x1c\x4d\x65\x93\x96\xad\xdc\xc1\x6d\x17\x9f\x7f\x57\x24\x4d"; + const byte personalization[] = "\x7e\x54\xbd\x87\xd2\x0a\x95\xd7\xc4\x0c\x3b\x1b\x32\x15\x26\xd2\x06\x67\xa4\xac\xc1\xaa\xfb\x55\x91\x68\x2c\xb5\xc9\xcd\x66\x05"; + const byte additional1[] = "\xd5\x74\x9e\x56\xfb\x5f\xf3\xf8\x2c\x73\x2b\x7a\x83\xe0\xde\x06\x85\x0b\xf0\x57\x50\xc8\x55\x60\x4a\x41\x4f\x86\xb1\x68\x14\x03"; + const byte additional2[] = "\x9a\x83\xbb\x06\xdf\x4d\x53\x89\xf5\x3f\x24\xff\xf7\xcd\x0c\xcf\x4f\xbe\x46\x79\x8e\xce\x82\xa8\xc4\x6b\x5f\x8e\x58\x32\x62\x23"; + const byte additional3[] = "\x48\x13\xc4\x95\x10\x99\xdd\x7f\xd4\x77\x3c\x9b\x8a\xa4\x1c\x3d\xb0\x93\x92\x50\xba\x23\x98\xef\x4b\x1b\xd2\x53\xc1\x61\xda\xc6"; + + Hash_DRBG drbg(entropy1, 32, nonce, 16, personalization, 32); + drbg.IncorporateEntropy(entropy2, 32, additional1, 32); + + SecByteBlock result(256); + drbg.GenerateBlock(additional2, 32, result, result.size()); + drbg.GenerateBlock(additional3, 32, result, result.size()); + + const byte expected[] = "\xE1\x7E\x4B\xEE\xD1\x65\x4F\xB2\xFC\xC8\xE8\xD7\xC6\x72\x7D\xD2\xE3\x15\x73\xC0" + "\x23\xC8\x55\x5D\x2B\xD8\x28\xD8\x31\xE4\xC9\x87\x42\x51\x87\x66\x43\x1F\x2C\xA4" + "\x73\xED\x4E\x50\x12\xC4\x50\x0E\x4C\xDD\x14\x73\xA2\xFB\xB3\x07\x0C\x66\x97\x4D" + "\x89\xDE\x35\x1C\x93\xE7\xE6\x8F\x20\x3D\x84\xE6\x73\x46\x0F\x7C\xF4\x3B\x6C\x02" + "\x23\x7C\x79\x6C\x86\xD9\x48\x80\x9C\x34\xCB\xA1\x23\xE7\xF7\x8A\x2E\x4B\x9D\x39" + "\xA5\x86\x1A\x73\x58\x28\x5A\x1D\x8D\x4A\xBD\x42\xD5\x49\x2B\xDF\x53\x1D\xE7\x4A" + "\x5F\x74\x09\x7F\xDC\x29\x7D\x58\x9C\x4B\xC5\x2F\x3B\x8F\xBF\x56\xCA\x48\x0A\x74" + "\xAE\xFF\xDD\x12\xE4\xF6\xAB\x83\x26\x4F\x52\x8A\x19\xBB\x91\x32\xA4\x42\xEC\x4F" + "\x3C\x76\xED\x9F\x03\xAA\x5E\x53\x79\x4C\xD0\x06\xD2\x1A\x42\x9D\xB1\xA7\xEC\xF7" + "\x5B\xD4\x03\x70\x1E\xF2\x47\x26\x48\xAC\x35\xEE\xD0\x58\x40\x94\x8C\x11\xD0\xEB" + "\x77\x39\x5A\xA3\xD5\xD0\xD3\xC3\x68\xE1\x75\xAA\xC0\x44\xEA\xD8\xDD\x13\x3F\xF9" + "\x7D\x21\x14\x34\xA5\x87\x43\xA4\x0A\x96\x77\x00\xCC\xCA\xB1\xDA\xC4\x39\xE0\x66" + "\x37\x05\x6E\xAC\xF2\xE6\xC6\xC5\x4F\x79\xD3\xE5\x6A\x3D\x36\x3F"; + + fail = !!memcmp(result, expected, 2048/8); + pass = !fail && pass; + + std::cout << (fail ? "FAILED " : "passed ") << "Hash_DRBG SHA512/256/888 (C0UNT=1, E=32, N=16, A=32, P=32)\n"; + } + + return pass; } NAMESPACE_END // Test diff --git a/vendor/cryptopp/vendor_cryptopp/validat4.cpp b/vendor/cryptopp/vendor_cryptopp/validat4.cpp index cf7ef70b..96161a81 100644 --- a/vendor/cryptopp/vendor_cryptopp/validat4.cpp +++ b/vendor/cryptopp/vendor_cryptopp/validat4.cpp @@ -1,526 +1,1798 @@ -// validat4.cpp - written and placed in the public domain by Jeffrey Walton -// Routines in this source file test NaCl library routines. -// -// There are two types or sets of self tests. First is a known answer test, -// and second are pairwise consitency checks. The known answer tests are test -// vectors lifted from libsodium. The pairwise consitency checks are randomized -// and confirm the library can arrive at the same result or round trip data -// using it's own transformations. -// -// A link like https://github.com/jedisct1/libsodium/blob/master/test/default/box.c -// references the libsodium test data for a test. For example, box.c is one of the -// test runners for crypto_box, and there is a box.exp with the known answer. The -// glue code for box.c and box.exp is in "cmptest.h". box.c runs the test and -// generates output, while cmptest.h gathers the output and compares them. +// validat4.cpp - originally written and placed in the public domain by Wei Dai +// CryptoPP::Test namespace added by JW in February 2017. +// Source files split in July 2018 to expedite compiles. #include "pch.h" +#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 + #include "cryptlib.h" -#include "secblock.h" -#include "integer.h" -#include "naclite.h" +#include "cpu.h" +#include "validate.h" + +#include "hex.h" +#include "base32.h" +#include "base64.h" + +#include "rc2.h" +#include "aes.h" +#include "des.h" +#include "rc5.h" +#include "rc6.h" +#include "3way.h" +#include "aria.h" +#include "cast.h" +#include "mars.h" +#include "idea.h" +#include "gost.h" +#include "seal.h" +#include "seed.h" +#include "safer.h" +#include "shark.h" +#include "square.h" +#include "serpent.h" +#include "shacal2.h" +#include "twofish.h" +#include "blowfish.h" +#include "camellia.h" +#include "skipjack.h" + +#include "arc4.h" +#include "salsa.h" +#include "chacha.h" +#include "rabbit.h" +#include "sosemanuk.h" + +#include "modes.h" +#include "cmac.h" +#include "dmac.h" +#include "hmac.h" + +#include "drbg.h" #include #include #include -#include "validate.h" - // Aggressive stack checking with VS2005 SP1 and above. #if (_MSC_FULL_VER >= 140050727) # pragma strict_gs_check (on) #endif #if CRYPTOPP_MSC_VERSION -# pragma warning(disable: 4610 4510 4505 4355) +# pragma warning(disable: 4505 4355) #endif NAMESPACE_BEGIN(CryptoPP) NAMESPACE_BEGIN(Test) -#ifndef CRYPTOPP_DISABLE_NACL -USING_NAMESPACE(NaCl) - -bool TestCryptoBox() +bool ValidateHmacDRBG() { - // https://github.com/jedisct1/libsodium/blob/master/test/default/box.c - const byte alicesk[32] = { - 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d, 0x3c, 0x16, 0xc1, - 0x72, 0x51, 0xb2, 0x66, 0x45, 0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, - 0x99, 0x2a, 0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a - }; + std::cout << "\nTesting NIST HMAC DRBGs...\n\n"; + bool pass=true, fail; - const byte bobpk[32] = { - 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4, 0xd3, 0x5b, 0x61, - 0xc2, 0xec, 0xe4, 0x35, 0x37, 0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78, - 0x67, 0x4d, 0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f - }; + // # CAVS 14.3 + // # DRBG800-90A information for "drbg_pr" + // # Generated on Tue Apr 02 15:32:12 2013 - const byte small_order_p[crypto_box_PUBLICKEYBYTES] = { - 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, - 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, - 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 - }; + { + // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] + // [PersonalizationStringLen = 0], [AdditionalInputLen = 0], [ReturnedBitsLen = 640] + const byte entropy1[] = "\x79\x34\x9b\xbf\x7c\xdd\xa5\x79\x95\x57\x86\x66\x21\xc9\x13\x83"; + const byte entropy2[] = "\xc7\x21\x5b\x5b\x96\xc4\x8e\x9b\x33\x8c\x74\xe3\xe9\x9d\xfe\xdf"; + const byte nonce[] = "\x11\x46\x73\x3a\xbf\x8c\x35\xc8"; - const byte nonce[24] = { - 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73, 0xcd, 0x62, 0xbd, 0xa8, - 0x75, 0xfc, 0x73, 0xd6, 0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 - }; + HMAC_DRBG drbg(entropy1, 16, nonce, 8); + drbg.IncorporateEntropy(entropy2, 16); - /* API requires first 32 bytes to be 0 */ - const byte m[163] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0xbe, 0x07, 0x5f, 0xc5, - 0x3c, 0x81, 0xf2, 0xd5, 0xcf, 0x14, 0x13, 0x16, 0xeb, 0xeb, 0x0c, 0x7b, - 0x52, 0x28, 0xc5, 0x2a, 0x4c, 0x62, 0xcb, 0xd4, 0x4b, 0x66, 0x84, 0x9b, - 0x64, 0x24, 0x4f, 0xfc, 0xe5, 0xec, 0xba, 0xaf, 0x33, 0xbd, 0x75, 0x1a, - 0x1a, 0xc7, 0x28, 0xd4, 0x5e, 0x6c, 0x61, 0x29, 0x6c, 0xdc, 0x3c, 0x01, - 0x23, 0x35, 0x61, 0xf4, 0x1d, 0xb6, 0x6c, 0xce, 0x31, 0x4a, 0xdb, 0x31, - 0x0e, 0x3b, 0xe8, 0x25, 0x0c, 0x46, 0xf0, 0x6d, 0xce, 0xea, 0x3a, 0x7f, - 0xa1, 0x34, 0x80, 0x57, 0xe2, 0xf6, 0x55, 0x6a, 0xd6, 0xb1, 0x31, 0x8a, - 0x02, 0x4a, 0x83, 0x8f, 0x21, 0xaf, 0x1f, 0xde, 0x04, 0x89, 0x77, 0xeb, - 0x48, 0xf5, 0x9f, 0xfd, 0x49, 0x24, 0xca, 0x1c, 0x60, 0x90, 0x2e, 0x52, - 0xf0, 0xa0, 0x89, 0xbc, 0x76, 0x89, 0x70, 0x40, 0xe0, 0x82, 0xf9, 0x37, - 0x76, 0x38, 0x48, 0x64, 0x5e, 0x07, 0x05 - }; + SecByteBlock result(80); + drbg.GenerateBlock(result, result.size()); + drbg.GenerateBlock(result, result.size()); - const byte exp1[] = { - 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 ,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9, - 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 ,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce, - 0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 ,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a, - 0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b ,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72, - 0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 ,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38, - 0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a ,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae, - 0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea ,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda, - 0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde ,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3, - 0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 ,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74, - 0xe3,0x55,0xa5 - }; + const byte expected[] = "\xc6\xa1\x6a\xb8\xd4\x20\x70\x6f\x0f\x34\xab\x7f\xec\x5a\xdc\xa9\xd8\xca\x3a\x13" + "\x3e\x15\x9c\xa6\xac\x43\xc6\xf8\xa2\xbe\x22\x83\x4a\x4c\x0a\x0a\xff\xb1\x0d\x71" + "\x94\xf1\xc1\xa5\xcf\x73\x22\xec\x1a\xe0\x96\x4e\xd4\xbf\x12\x27\x46\xe0\x87\xfd" + "\xb5\xb3\xe9\x1b\x34\x93\xd5\xbb\x98\xfa\xed\x49\xe8\x5f\x13\x0f\xc8\xa4\x59\xb7"; - const byte exp2[] = { - 0xf3,0xff,0xc7,0x70,0x3f,0x94,0x00,0xe5 ,0x2a,0x7d,0xfb,0x4b,0x3d,0x33,0x05,0xd9, - 0x8e,0x99,0x3b,0x9f,0x48,0x68,0x12,0x73 ,0xc2,0x96,0x50,0xba,0x32,0xfc,0x76,0xce, - 0x48,0x33,0x2e,0xa7,0x16,0x4d,0x96,0xa4 ,0x47,0x6f,0xb8,0xc5,0x31,0xa1,0x18,0x6a, - 0xc0,0xdf,0xc1,0x7c,0x98,0xdc,0xe8,0x7b ,0x4d,0xa7,0xf0,0x11,0xec,0x48,0xc9,0x72, - 0x71,0xd2,0xc2,0x0f,0x9b,0x92,0x8f,0xe2 ,0x27,0x0d,0x6f,0xb8,0x63,0xd5,0x17,0x38, - 0xb4,0x8e,0xee,0xe3,0x14,0xa7,0xcc,0x8a ,0xb9,0x32,0x16,0x45,0x48,0xe5,0x26,0xae, - 0x90,0x22,0x43,0x68,0x51,0x7a,0xcf,0xea ,0xbd,0x6b,0xb3,0x73,0x2b,0xc0,0xe9,0xda, - 0x99,0x83,0x2b,0x61,0xca,0x01,0xb6,0xde ,0x56,0x24,0x4a,0x9e,0x88,0xd5,0xf9,0xb3, - 0x79,0x73,0xf6,0x22,0xa4,0x3d,0x14,0xa6 ,0x59,0x9b,0x1f,0x65,0x4c,0xb4,0x5a,0x74, - 0xe3,0x55,0xa5 - }; + fail = !!memcmp(result, expected, 640/8); + pass = !fail && pass; - byte c[163]; - byte k[crypto_box_BEFORENMBYTES]; + std::cout << (fail ? "FAILED " : "passed ") << "HMAC_DRBG SHA1/128/440 (COUNT=0, E=16, N=8)\n"; + } - bool pass = true; int rc; + { + // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] + // [PersonalizationStringLen = 0], [AdditionalInputLen = 0], [ReturnedBitsLen = 640] + const byte entropy1[] = "\xee\x57\xfc\x23\x60\x0f\xb9\x02\x9a\x9e\xc6\xc8\x2e\x7b\x51\xe4"; + const byte entropy2[] = "\x84\x1d\x27\x6c\xa9\x51\x90\x61\xd9\x2d\x7d\xdf\xa6\x62\x8c\xa3"; + const byte nonce[] = "\x3e\x97\x21\xe4\x39\x3e\xf9\xad"; - // Reject small order elements + HMAC_DRBG drbg(entropy1, 16, nonce, 8); + drbg.IncorporateEntropy(entropy2, 16); - rc = crypto_box(c, m, 163, nonce, bobpk, alicesk); - pass = (rc == 0) && pass; - pass = (std::memcmp(c+16, exp1, 163-16) == 0) && pass; + SecByteBlock result(80); + drbg.GenerateBlock(result, result.size()); + drbg.GenerateBlock(result, result.size()); - rc = crypto_box(c, m, 163, nonce, small_order_p, alicesk); - pass = (rc != 0) && pass; - std::memset(c, 0, sizeof(c)); + const byte expected[] = "\xee\x26\xa5\xc8\xef\x08\xa1\xca\x8f\x14\x15\x4d\x67\xc8\x8f\x5e\x7e\xd8\x21\x9d" + "\x93\x1b\x98\x42\xac\x00\x39\xf2\x14\x55\x39\xf2\x14\x2b\x44\x11\x7a\x99\x8c\x22" + "\xf5\x90\xf6\xc9\xb3\x8b\x46\x5b\x78\x3e\xcf\xf1\x3a\x77\x50\x20\x1f\x7e\xcf\x1b" + "\x8a\xb3\x93\x60\x4c\x73\xb2\x38\x93\x36\x60\x9a\xf3\x44\x0c\xde\x43\x29\x8b\x84"; - rc = crypto_box_beforenm(k, bobpk, alicesk); - pass = (rc == 0) && pass; - rc = crypto_box_afternm(c, m, 163, nonce, k); - pass = (rc == 0) && pass; - pass = (std::memcmp(c+16, exp2, 163-16) == 0) && pass; + fail = !!memcmp(result, expected, 640/8); + pass = !fail && pass; - rc = crypto_box_beforenm(k, small_order_p, alicesk); - pass = (rc != 0) && pass; + std::cout << (fail ? "FAILED " : "passed ") << "HMAC_DRBG SHA1/128/440 (COUNT=1, E=16, N=8)\n"; + } - // Allow small order elements + // ***************************************************** - rc = crypto_box_unchecked(c, m, 163, nonce, bobpk, alicesk); - pass = (rc == 0) && pass; - pass = (std::memcmp(c+16, exp1, 163-16) == 0) && pass; + { + // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] + // [PersonalizationStringLen = 0], [AdditionalInputLen = 16], [ReturnedBitsLen = 640] + const byte entropy1[] = "\x7d\x70\x52\xa7\x76\xfd\x2f\xb3\xd7\x19\x1f\x73\x33\x04\xee\x8b"; + const byte entropy2[] = "\x49\x04\x7e\x87\x9d\x61\x09\x55\xee\xd9\x16\xe4\x06\x0e\x00\xc9"; + const byte nonce[] = "\xbe\x4a\x0c\xee\xdc\xa8\x02\x07"; + const byte additional1[] = "\xfd\x8b\xb3\x3a\xab\x2f\x6c\xdf\xbc\x54\x18\x11\x86\x1d\x51\x8d"; + const byte additional2[] = "\x99\xaf\xe3\x47\x54\x04\x61\xdd\xf6\xab\xeb\x49\x1e\x07\x15\xb4"; + const byte additional3[] = "\x02\xf7\x73\x48\x2d\xd7\xae\x66\xf7\x6e\x38\x15\x98\xa6\x4e\xf0"; - rc = crypto_box_unchecked(c, m, 163, nonce, small_order_p, alicesk); - pass = (rc == 0) && pass; - std::memset(c, 0, sizeof(c)); + HMAC_DRBG drbg(entropy1, 16, nonce, 8); + drbg.IncorporateEntropy(entropy2, 16, additional1, 16); - rc = crypto_box_beforenm_unchecked(k, bobpk, alicesk); - pass = (rc == 0) && pass; - rc = crypto_box_afternm(c, m, 163, nonce, k); - pass = (rc == 0) && pass; - pass = (std::memcmp(c+16, exp2, 163-16) == 0) && pass; + SecByteBlock result(80); + drbg.GenerateBlock(additional2, 16, result, result.size()); + drbg.GenerateBlock(additional3, 16, result, result.size()); - rc = crypto_box_beforenm_unchecked(k, small_order_p, alicesk); - pass = (rc == 0) && pass; + const byte expected[] = "\xa7\x36\x34\x38\x44\xfc\x92\x51\x13\x91\xdb\x0a\xdd\xd9\x06\x4d\xbe\xe2\x4c\x89" + "\x76\xaa\x25\x9a\x9e\x3b\x63\x68\xaa\x6d\xe4\xc9\xbf\x3a\x0e\xff\xcd\xa9\xcb\x0e" + "\x9d\xc3\x36\x52\xab\x58\xec\xb7\x65\x0e\xd8\x04\x67\xf7\x6a\x84\x9f\xb1\xcf\xc1" + "\xed\x0a\x09\xf7\x15\x50\x86\x06\x4d\xb3\x24\xb1\xe1\x24\xf3\xfc\x9e\x61\x4f\xcb"; - return pass; + fail = !!memcmp(result, expected, 640/8); + pass = !fail && pass; + + std::cout << (fail ? "FAILED " : "passed ") << "HMAC_DRBG SHA1/128/440 (COUNT=0, E=16, N=8, A=16)\n"; + } + + { + // [SHA-1], [PredictionResistance = False], [EntropyInputLen = 128], [NonceLen = 64] + // [PersonalizationStringLen = 0], [AdditionalInputLen = 16], [ReturnedBitsLen = 640] + const byte entropy1[] = "\x29\xc6\x2a\xfa\x3c\x52\x20\x8a\x3f\xde\xcb\x43\xfa\x61\x3f\x15"; + const byte entropy2[] = "\xbd\x87\xbe\x99\xd1\x84\x16\x54\x12\x31\x41\x40\xd4\x02\x71\x41"; + const byte nonce[] = "\x6c\x9e\xb5\x9a\xc3\xc2\xd4\x8b"; + const byte additional1[] = "\x43\x3d\xda\xf2\x59\xd1\x4b\xcf\x89\x76\x30\xcc\xaa\x27\x33\x8c"; + const byte additional2[] = "\x14\x11\x46\xd4\x04\xf2\x84\xc2\xd0\x2b\x6a\x10\x15\x6e\x33\x82"; + const byte additional3[] = "\xed\xc3\x43\xdb\xff\xe7\x1a\xb4\x11\x4a\xc3\x63\x9d\x44\x5b\x65"; + + HMAC_DRBG drbg(entropy1, 16, nonce, 8); + drbg.IncorporateEntropy(entropy2, 16, additional1, 16); + + SecByteBlock result(80); + drbg.GenerateBlock(additional2, 16, result, result.size()); + drbg.GenerateBlock(additional3, 16, result, result.size()); + + const byte expected[] = "\x8c\x73\x0f\x05\x26\x69\x4d\x5a\x9a\x45\xdb\xab\x05\x7a\x19\x75\x35\x7d\x65\xaf" + "\xd3\xef\xf3\x03\x32\x0b\xd1\x40\x61\xf9\xad\x38\x75\x91\x02\xb6\xc6\x01\x16\xf6" + "\xdb\x7a\x6e\x8e\x7a\xb9\x4c\x05\x50\x0b\x4d\x1e\x35\x7d\xf8\xe9\x57\xac\x89\x37" + "\xb0\x5f\xb3\xd0\x80\xa0\xf9\x06\x74\xd4\x4d\xe1\xbd\x6f\x94\xd2\x95\xc4\x51\x9d"; + + fail = !!memcmp(result, expected, 640/8); + pass = !fail && pass; + + std::cout << (fail ? "FAILED " : "passed ") << "HMAC_DRBG SHA1/128/440 (COUNT=1, E=16, N=8, A=16)\n"; + } + + return pass; } -bool TestCryptoBoxOpen() +class CipherFactory { - // https://github.com/jedisct1/libsodium/blob/master/test/default/box2.c - const byte bobsk[32] = { - 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b, 0x79, 0xe1, 0x7f, 0x8b, 0x83, 0x80, - 0x0e, 0xe6, 0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18, 0xb6, 0xfd, 0x1c, 0x2f, 0x8b, 0x27, - 0xff, 0x88, 0xe0, 0xeb - }; +public: + virtual unsigned int BlockSize() const =0; + virtual unsigned int KeyLength() const =0; - const byte alicepk[32] = { - 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54, 0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, - 0xf7, 0x5a, 0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4, 0xeb, 0xa4, 0xa9, 0x8e, - 0xaa, 0x9b, 0x4e, 0x6a - }; - - static const byte small_order_p[crypto_box_PUBLICKEYBYTES] = { - 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, - 0xc4, 0x6a, 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, - 0x5f, 0x49, 0xb8, 0x00 - }; - - const byte nonce[24] = { - 0x69, 0x69, 0x6e, 0xe9, 0x55, 0xb6, 0x2b, 0x73, 0xcd, 0x62, 0xbd, 0xa8, - 0x75, 0xfc, 0x73, 0xd6, 0x82, 0x19, 0xe0, 0x03, 0x6b, 0x7a, 0x0b, 0x37 - }; - - /* API requires first 16 bytes to be 0 */ - const byte c[163] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0xf3, 0xff, 0xc7, 0x70, 0x3f, 0x94, 0x00, 0xe5, - 0x2a, 0x7d, 0xfb, 0x4b, 0x3d, 0x33, 0x05, 0xd9, 0x8e, 0x99, 0x3b, 0x9f, - 0x48, 0x68, 0x12, 0x73, 0xc2, 0x96, 0x50, 0xba, 0x32, 0xfc, 0x76, 0xce, - 0x48, 0x33, 0x2e, 0xa7, 0x16, 0x4d, 0x96, 0xa4, 0x47, 0x6f, 0xb8, 0xc5, - 0x31, 0xa1, 0x18, 0x6a, 0xc0, 0xdf, 0xc1, 0x7c, 0x98, 0xdc, 0xe8, 0x7b, - 0x4d, 0xa7, 0xf0, 0x11, 0xec, 0x48, 0xc9, 0x72, 0x71, 0xd2, 0xc2, 0x0f, - 0x9b, 0x92, 0x8f, 0xe2, 0x27, 0x0d, 0x6f, 0xb8, 0x63, 0xd5, 0x17, 0x38, - 0xb4, 0x8e, 0xee, 0xe3, 0x14, 0xa7, 0xcc, 0x8a, 0xb9, 0x32, 0x16, 0x45, - 0x48, 0xe5, 0x26, 0xae, 0x90, 0x22, 0x43, 0x68, 0x51, 0x7a, 0xcf, 0xea, - 0xbd, 0x6b, 0xb3, 0x73, 0x2b, 0xc0, 0xe9, 0xda, 0x99, 0x83, 0x2b, 0x61, - 0xca, 0x01, 0xb6, 0xde, 0x56, 0x24, 0x4a, 0x9e, 0x88, 0xd5, 0xf9, 0xb3, - 0x79, 0x73, 0xf6, 0x22, 0xa4, 0x3d, 0x14, 0xa6, 0x59, 0x9b, 0x1f, 0x65, - 0x4c, 0xb4, 0x5a, 0x74, 0xe3, 0x55, 0xa5 - }; - - const byte exp1[] = { - 0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5, 0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b, - 0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4, 0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc, - 0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a, 0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29, - 0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4, 0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31, - 0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d, 0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57, - 0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a, 0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde, - 0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd, 0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52, - 0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40, 0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64, - 0x5e,0x07,0x05 - }; - - const byte exp2[] = { - 0xbe,0x07,0x5f,0xc5,0x3c,0x81,0xf2,0xd5, 0xcf,0x14,0x13,0x16,0xeb,0xeb,0x0c,0x7b, - 0x52,0x28,0xc5,0x2a,0x4c,0x62,0xcb,0xd4, 0x4b,0x66,0x84,0x9b,0x64,0x24,0x4f,0xfc, - 0xe5,0xec,0xba,0xaf,0x33,0xbd,0x75,0x1a, 0x1a,0xc7,0x28,0xd4,0x5e,0x6c,0x61,0x29, - 0x6c,0xdc,0x3c,0x01,0x23,0x35,0x61,0xf4, 0x1d,0xb6,0x6c,0xce,0x31,0x4a,0xdb,0x31, - 0x0e,0x3b,0xe8,0x25,0x0c,0x46,0xf0,0x6d, 0xce,0xea,0x3a,0x7f,0xa1,0x34,0x80,0x57, - 0xe2,0xf6,0x55,0x6a,0xd6,0xb1,0x31,0x8a, 0x02,0x4a,0x83,0x8f,0x21,0xaf,0x1f,0xde, - 0x04,0x89,0x77,0xeb,0x48,0xf5,0x9f,0xfd, 0x49,0x24,0xca,0x1c,0x60,0x90,0x2e,0x52, - 0xf0,0xa0,0x89,0xbc,0x76,0x89,0x70,0x40, 0xe0,0x82,0xf9,0x37,0x76,0x38,0x48,0x64, - 0x5e,0x07,0x05 - }; - - byte m[163]; - byte k[crypto_box_BEFORENMBYTES]; - - bool pass = true; int rc; - - // Reject small order elements - - rc = crypto_box_open(m, c, 163, nonce, alicepk, bobsk); - pass = (rc == 0) && pass; - pass = (std::memcmp(m+32, exp1, 163-32) == 0) && pass; - - rc = crypto_box_open(m, c, 163, nonce, small_order_p, bobsk); - pass = (rc != 0) && pass; - - rc = crypto_box_beforenm(k, small_order_p, bobsk); - pass = (rc != 0) && pass; - rc = crypto_box_beforenm(k, alicepk, bobsk); - pass = (rc == 0) && pass; - - rc = crypto_box_open_afternm(m, c, 163, nonce, k); - pass = (rc == 0) && pass; - pass = (std::memcmp(m+32, exp2, 163-32) == 0) && pass; - - // Allow small order elements - - rc = crypto_box_open_unchecked(m, c, 163, nonce, alicepk, bobsk); - pass = (rc == 0) && pass; - pass = (std::memcmp(m+32, exp1, 163-32) == 0) && pass; - - rc = crypto_box_beforenm_unchecked(k, small_order_p, bobsk); - pass = (rc == 0) && pass; - rc = crypto_box_beforenm_unchecked(k, alicepk, bobsk); - pass = (rc == 0) && pass; - - rc = crypto_box_open_afternm(m, c, 163, nonce, k); - pass = (rc == 0) && pass; - pass = (std::memcmp(m+32, exp2, 163-32) == 0) && pass; - - return pass; -} - -bool TestCryptoBoxKeys() -{ - // https://github.com/jedisct1/libsodium/blob/master/test/default/box7.c - const unsigned int MAX_TEST = 64; - const unsigned int MAX_MESSAGE = 4096; - - byte alicesk[crypto_box_SECRETKEYBYTES]; - byte alicepk[crypto_box_PUBLICKEYBYTES]; - byte bobsk[crypto_box_SECRETKEYBYTES]; - byte bobpk[crypto_box_PUBLICKEYBYTES]; - - // byte m[MAX_MESSAGE+32]; - // byte c[MAX_MESSAGE+32]; - // byte r[MAX_MESSAGE+32]; - - bool pass = true, fail; int rc; - for (unsigned int i=0; i < MAX_TEST; ++i) - { - fail = (crypto_box_keypair(alicepk, alicesk) != 0); - pass = !fail && pass; - fail = (crypto_box_keypair(bobpk, bobsk) != 0); - pass = !fail && pass; - - SecByteBlock m, c, r, n; - const word32 len = (i == 0 ? 0 : GlobalRNG().GenerateWord32(1, MAX_MESSAGE)); - - m.New(len+crypto_box_ZEROBYTES); - c.New(len+crypto_box_BOXZEROBYTES+crypto_box_MACBYTES); - r.New(len+crypto_box_ZEROBYTES); - n.New(crypto_box_NONCEBYTES); - - GlobalRNG().GenerateBlock(m+crypto_box_ZEROBYTES, len); - GlobalRNG().GenerateBlock(n, crypto_box_NONCEBYTES); - - std::memset(m, 0x00, crypto_box_ZEROBYTES); - rc = crypto_box(c, m, len + crypto_box_ZEROBYTES, n, bobpk, alicesk); - fail = (rc != 0); pass = !fail && pass; - - std::memset(c, 0x00, crypto_box_BOXZEROBYTES); - rc = crypto_box_open(r, c, len + crypto_box_BOXZEROBYTES + crypto_box_MACBYTES, n, alicepk, bobsk); - fail = (rc != 0); pass = !fail && pass; - - fail = std::memcmp(m+crypto_box_ZEROBYTES, r+crypto_box_ZEROBYTES, len) != 0; - pass = !fail && pass; - - m.SetMark(16); c.SetMark(16); r.SetMark(16); - } - - return pass; -} - -struct TestData { - const byte sk[crypto_sign_SEEDBYTES]; - const byte pk[crypto_sign_PUBLICKEYBYTES]; - const byte sig[crypto_sign_BYTES]; - const word32 len; - const char* msg; + virtual BlockTransformation* NewEncryption(const byte *keyStr) const =0; + virtual BlockTransformation* NewDecryption(const byte *keyStr) const =0; }; -// https://github.com/jedisct1/libsodium/blob/master/test/default/sign.c -const TestData test_data[] = { - {{0x9d,0x61,0xb1,0x9d,0xef,0xfd,0x5a,0x60,0xba,0x84,0x4a,0xf4,0x92,0xec,0x2c,0xc4,0x44,0x49,0xc5,0x69,0x7b,0x32,0x69,0x19,0x70,0x3b,0xac,0x03,0x1c,0xae,0x7f,0x60,},{0xd7,0x5a,0x98,0x01,0x82,0xb1,0x0a,0xb7,0xd5,0x4b,0xfe,0xd3,0xc9,0x64,0x07,0x3a,0x0e,0xe1,0x72,0xf3,0xda,0xa6,0x23,0x25,0xaf,0x02,0x1a,0x68,0xf7,0x07,0x51,0x1a,},{0xe5,0x56,0x43,0x00,0xc3,0x60,0xac,0x72,0x90,0x86,0xe2,0xcc,0x80,0x6e,0x82,0x8a,0x84,0x87,0x7f,0x1e,0xb8,0xe5,0xd9,0x74,0xd8,0x73,0xe0,0x65,0x22,0x49,0x01,0x55,0x5f,0xb8,0x82,0x15,0x90,0xa3,0x3b,0xac,0xc6,0x1e,0x39,0x70,0x1c,0xf9,0xb4,0x6b,0xd2,0x5b,0xf5,0xf0,0x59,0x5b,0xbe,0x24,0x65,0x51,0x41,0x43,0x8e,0x7a,0x10,0x0b,},0,""}, - {{0x4c,0xcd,0x08,0x9b,0x28,0xff,0x96,0xda,0x9d,0xb6,0xc3,0x46,0xec,0x11,0x4e,0x0f,0x5b,0x8a,0x31,0x9f,0x35,0xab,0xa6,0x24,0xda,0x8c,0xf6,0xed,0x4f,0xb8,0xa6,0xfb,},{0x3d,0x40,0x17,0xc3,0xe8,0x43,0x89,0x5a,0x92,0xb7,0x0a,0xa7,0x4d,0x1b,0x7e,0xbc,0x9c,0x98,0x2c,0xcf,0x2e,0xc4,0x96,0x8c,0xc0,0xcd,0x55,0xf1,0x2a,0xf4,0x66,0x0c,},{0x92,0xa0,0x09,0xa9,0xf0,0xd4,0xca,0xb8,0x72,0x0e,0x82,0x0b,0x5f,0x64,0x25,0x40,0xa2,0xb2,0x7b,0x54,0x16,0x50,0x3f,0x8f,0xb3,0x76,0x22,0x23,0xeb,0xdb,0x69,0xda,0x08,0x5a,0xc1,0xe4,0x3e,0x15,0x99,0x6e,0x45,0x8f,0x36,0x13,0xd0,0xf1,0x1d,0x8c,0x38,0x7b,0x2e,0xae,0xb4,0x30,0x2a,0xee,0xb0,0x0d,0x29,0x16,0x12,0xbb,0x0c,0x00,},1,"\x72"}, - {{0xc5,0xaa,0x8d,0xf4,0x3f,0x9f,0x83,0x7b,0xed,0xb7,0x44,0x2f,0x31,0xdc,0xb7,0xb1,0x66,0xd3,0x85,0x35,0x07,0x6f,0x09,0x4b,0x85,0xce,0x3a,0x2e,0x0b,0x44,0x58,0xf7,},{0xfc,0x51,0xcd,0x8e,0x62,0x18,0xa1,0xa3,0x8d,0xa4,0x7e,0xd0,0x02,0x30,0xf0,0x58,0x08,0x16,0xed,0x13,0xba,0x33,0x03,0xac,0x5d,0xeb,0x91,0x15,0x48,0x90,0x80,0x25,},{0x62,0x91,0xd6,0x57,0xde,0xec,0x24,0x02,0x48,0x27,0xe6,0x9c,0x3a,0xbe,0x01,0xa3,0x0c,0xe5,0x48,0xa2,0x84,0x74,0x3a,0x44,0x5e,0x36,0x80,0xd7,0xdb,0x5a,0xc3,0xac,0x18,0xff,0x9b,0x53,0x8d,0x16,0xf2,0x90,0xae,0x67,0xf7,0x60,0x98,0x4d,0xc6,0x59,0x4a,0x7c,0x15,0xe9,0x71,0x6e,0xd2,0x8d,0xc0,0x27,0xbe,0xce,0xea,0x1e,0xc4,0x0a,},2,"\xaf\x82"}, - {{0x0d,0x4a,0x05,0xb0,0x73,0x52,0xa5,0x43,0x6e,0x18,0x03,0x56,0xda,0x0a,0xe6,0xef,0xa0,0x34,0x5f,0xf7,0xfb,0x15,0x72,0x57,0x57,0x72,0xe8,0x00,0x5e,0xd9,0x78,0xe9,},{0xe6,0x1a,0x18,0x5b,0xce,0xf2,0x61,0x3a,0x6c,0x7c,0xb7,0x97,0x63,0xce,0x94,0x5d,0x3b,0x24,0x5d,0x76,0x11,0x4d,0xd4,0x40,0xbc,0xf5,0xf2,0xdc,0x1a,0xa5,0x70,0x57,},{0xd9,0x86,0x8d,0x52,0xc2,0xbe,0xbc,0xe5,0xf3,0xfa,0x5a,0x79,0x89,0x19,0x70,0xf3,0x09,0xcb,0x65,0x91,0xe3,0xe1,0x70,0x2a,0x70,0x27,0x6f,0xa9,0x7c,0x24,0xb3,0xa8,0xe5,0x86,0x06,0xc3,0x8c,0x97,0x58,0x52,0x9d,0xa5,0x0e,0xe3,0x1b,0x82,0x19,0xcb,0xa4,0x52,0x71,0xc6,0x89,0xaf,0xa6,0x0b,0x0e,0xa2,0x6c,0x99,0xdb,0x19,0xb0,0x0c,},3,"\xcb\xc7\x7b"}, - {{0x6d,0xf9,0x34,0x0c,0x13,0x8c,0xc1,0x88,0xb5,0xfe,0x44,0x64,0xeb,0xaa,0x3f,0x7f,0xc2,0x06,0xa2,0xd5,0x5c,0x34,0x34,0x70,0x7e,0x74,0xc9,0xfc,0x04,0xe2,0x0e,0xbb,},{0xc0,0xda,0xc1,0x02,0xc4,0x53,0x31,0x86,0xe2,0x5d,0xc4,0x31,0x28,0x47,0x23,0x53,0xea,0xab,0xdb,0x87,0x8b,0x15,0x2a,0xeb,0x8e,0x00,0x1f,0x92,0xd9,0x02,0x33,0xa7,},{0x12,0x4f,0x6f,0xc6,0xb0,0xd1,0x00,0x84,0x27,0x69,0xe7,0x1b,0xd5,0x30,0x66,0x4d,0x88,0x8d,0xf8,0x50,0x7d,0xf6,0xc5,0x6d,0xed,0xfd,0xb5,0x09,0xae,0xb9,0x34,0x16,0xe2,0x6b,0x91,0x8d,0x38,0xaa,0x06,0x30,0x5d,0xf3,0x09,0x56,0x97,0xc1,0x8b,0x2a,0xa8,0x32,0xea,0xa5,0x2e,0xdc,0x0a,0xe4,0x9f,0xba,0xe5,0xa8,0x5e,0x15,0x0c,0x07,},4,"\x5f\x4c\x89\x89"}, - {{0xb7,0x80,0x38,0x1a,0x65,0xed,0xf8,0xb7,0x8f,0x69,0x45,0xe8,0xdb,0xec,0x79,0x41,0xac,0x04,0x9f,0xd4,0xc6,0x10,0x40,0xcf,0x0c,0x32,0x43,0x57,0x97,0x5a,0x29,0x3c,},{0xe2,0x53,0xaf,0x07,0x66,0x80,0x4b,0x86,0x9b,0xb1,0x59,0x5b,0xe9,0x76,0x5b,0x53,0x48,0x86,0xbb,0xaa,0xb8,0x30,0x5b,0xf5,0x0d,0xbc,0x7f,0x89,0x9b,0xfb,0x5f,0x01,},{0xb2,0xfc,0x46,0xad,0x47,0xaf,0x46,0x44,0x78,0xc1,0x99,0xe1,0xf8,0xbe,0x16,0x9f,0x1b,0xe6,0x32,0x7c,0x7f,0x9a,0x0a,0x66,0x89,0x37,0x1c,0xa9,0x4c,0xaf,0x04,0x06,0x4a,0x01,0xb2,0x2a,0xff,0x15,0x20,0xab,0xd5,0x89,0x51,0x34,0x16,0x03,0xfa,0xed,0x76,0x8c,0xf7,0x8c,0xe9,0x7a,0xe7,0xb0,0x38,0xab,0xfe,0x45,0x6a,0xa1,0x7c,0x09,},5,"\x18\xb6\xbe\xc0\x97"}, - {{0x78,0xae,0x9e,0xff,0xe6,0xf2,0x45,0xe9,0x24,0xa7,0xbe,0x63,0x04,0x11,0x46,0xeb,0xc6,0x70,0xdb,0xd3,0x06,0x0c,0xba,0x67,0xfb,0xc6,0x21,0x6f,0xeb,0xc4,0x45,0x46,},{0xfb,0xcf,0xbf,0xa4,0x05,0x05,0xd7,0xf2,0xbe,0x44,0x4a,0x33,0xd1,0x85,0xcc,0x54,0xe1,0x6d,0x61,0x52,0x60,0xe1,0x64,0x0b,0x2b,0x50,0x87,0xb8,0x3e,0xe3,0x64,0x3d,},{0x6e,0xd6,0x29,0xfc,0x1d,0x9c,0xe9,0xe1,0x46,0x87,0x55,0xff,0x63,0x6d,0x5a,0x3f,0x40,0xa5,0xd9,0xc9,0x1a,0xfd,0x93,0xb7,0x9d,0x24,0x18,0x30,0xf7,0xe5,0xfa,0x29,0x85,0x4b,0x8f,0x20,0xcc,0x6e,0xec,0xbb,0x24,0x8d,0xbd,0x8d,0x16,0xd1,0x4e,0x99,0x75,0x21,0x94,0xe4,0x90,0x4d,0x09,0xc7,0x4d,0x63,0x95,0x18,0x83,0x9d,0x23,0x00,},6,"\x89\x01\x0d\x85\x59\x72"}, - {{0x69,0x18,0x65,0xbf,0xc8,0x2a,0x1e,0x4b,0x57,0x4e,0xec,0xde,0x4c,0x75,0x19,0x09,0x3f,0xaf,0x0c,0xf8,0x67,0x38,0x02,0x34,0xe3,0x66,0x46,0x45,0xc6,0x1c,0x5f,0x79,},{0x98,0xa5,0xe3,0xa3,0x6e,0x67,0xaa,0xba,0x89,0x88,0x8b,0xf0,0x93,0xde,0x1a,0xd9,0x63,0xe7,0x74,0x01,0x3b,0x39,0x02,0xbf,0xab,0x35,0x6d,0x8b,0x90,0x17,0x8a,0x63,},{0x6e,0x0a,0xf2,0xfe,0x55,0xae,0x37,0x7a,0x6b,0x7a,0x72,0x78,0xed,0xfb,0x41,0x9b,0xd3,0x21,0xe0,0x6d,0x0d,0xf5,0xe2,0x70,0x37,0xdb,0x88,0x12,0xe7,0xe3,0x52,0x98,0x10,0xfa,0x55,0x52,0xf6,0xc0,0x02,0x09,0x85,0xca,0x17,0xa0,0xe0,0x2e,0x03,0x6d,0x7b,0x22,0x2a,0x24,0xf9,0x9b,0x77,0xb7,0x5f,0xdd,0x16,0xcb,0x05,0x56,0x81,0x07,},7,"\xb4\xa8\xf3\x81\xe7\x0e\x7a"}, - {{0x3b,0x26,0x51,0x6f,0xb3,0xdc,0x88,0xeb,0x18,0x1b,0x9e,0xd7,0x3f,0x0b,0xcd,0x52,0xbc,0xd6,0xb4,0xc7,0x88,0xe4,0xbc,0xaf,0x46,0x05,0x7f,0xd0,0x78,0xbe,0xe0,0x73,},{0xf8,0x1f,0xb5,0x4a,0x82,0x5f,0xce,0xd9,0x5e,0xb0,0x33,0xaf,0xcd,0x64,0x31,0x40,0x75,0xab,0xfb,0x0a,0xbd,0x20,0xa9,0x70,0x89,0x25,0x03,0x43,0x6f,0x34,0xb8,0x63,},{0xd6,0xad,0xde,0xc5,0xaf,0xb0,0x52,0x8a,0xc1,0x7b,0xb1,0x78,0xd3,0xe7,0xf2,0x88,0x7f,0x9a,0xdb,0xb1,0xad,0x16,0xe1,0x10,0x54,0x5e,0xf3,0xbc,0x57,0xf9,0xde,0x23,0x14,0xa5,0xc8,0x38,0x8f,0x72,0x3b,0x89,0x07,0xbe,0x0f,0x3a,0xc9,0x0c,0x62,0x59,0xbb,0xe8,0x85,0xec,0xc1,0x76,0x45,0xdf,0x3d,0xb7,0xd4,0x88,0xf8,0x05,0xfa,0x08,},8,"\x42\x84\xab\xc5\x1b\xb6\x72\x35"}, - {{0xed,0xc6,0xf5,0xfb,0xdd,0x1c,0xee,0x4d,0x10,0x1c,0x06,0x35,0x30,0xa3,0x04,0x90,0xb2,0x21,0xbe,0x68,0xc0,0x36,0xf5,0xb0,0x7d,0x0f,0x95,0x3b,0x74,0x5d,0xf1,0x92,},{0xc1,0xa4,0x9c,0x66,0xe6,0x17,0xf9,0xef,0x5e,0xc6,0x6b,0xc4,0xc6,0x56,0x4c,0xa3,0x3d,0xe2,0xa5,0xfb,0x5e,0x14,0x64,0x06,0x2e,0x6d,0x6c,0x62,0x19,0x15,0x5e,0xfd,},{0x2c,0x76,0xa0,0x4a,0xf2,0x39,0x1c,0x14,0x70,0x82,0xe3,0x3f,0xaa,0xcd,0xbe,0x56,0x64,0x2a,0x1e,0x13,0x4b,0xd3,0x88,0x62,0x0b,0x85,0x2b,0x90,0x1a,0x6b,0xc1,0x6f,0xf6,0xc9,0xcc,0x94,0x04,0xc4,0x1d,0xea,0x12,0xed,0x28,0x1d,0xa0,0x67,0xa1,0x51,0x38,0x66,0xf9,0xd9,0x64,0xf8,0xbd,0xd2,0x49,0x53,0x85,0x6c,0x50,0x04,0x29,0x01,},9,"\x67\x2b\xf8\x96\x5d\x04\xbc\x51\x46"}, - {{0x4e,0x7d,0x21,0xfb,0x3b,0x18,0x97,0x57,0x1a,0x44,0x58,0x33,0xbe,0x0f,0x9f,0xd4,0x1c,0xd6,0x2b,0xe3,0xaa,0x04,0x04,0x0f,0x89,0x34,0xe1,0xfc,0xbd,0xca,0xcd,0x45,},{0x31,0xb2,0x52,0x4b,0x83,0x48,0xf7,0xab,0x1d,0xfa,0xfa,0x67,0x5c,0xc5,0x38,0xe9,0xa8,0x4e,0x3f,0xe5,0x81,0x9e,0x27,0xc1,0x2a,0xd8,0xbb,0xc1,0xa3,0x6e,0x4d,0xff,},{0x28,0xe4,0x59,0x8c,0x41,0x5a,0xe9,0xde,0x01,0xf0,0x3f,0x9f,0x3f,0xab,0x4e,0x91,0x9e,0x8b,0xf5,0x37,0xdd,0x2b,0x0c,0xdf,0x6e,0x79,0xb9,0xe6,0x55,0x9c,0x94,0x09,0xd9,0x15,0x1a,0x4c,0x40,0xf0,0x83,0x19,0x39,0x37,0x62,0x7c,0x36,0x94,0x88,0x25,0x9e,0x99,0xda,0x5a,0x9f,0x0a,0x87,0x49,0x7f,0xa6,0x69,0x6a,0x5d,0xd6,0xce,0x08,},10,"\x33\xd7\xa7\x86\xad\xed\x8c\x1b\xf6\x91"}, - {{0xa9,0x80,0xf8,0x92,0xdb,0x13,0xc9,0x9a,0x3e,0x89,0x71,0xe9,0x65,0xb2,0xff,0x3d,0x41,0xea,0xfd,0x54,0x09,0x3b,0xc9,0xf3,0x4d,0x1f,0xd2,0x2d,0x84,0x11,0x5b,0xb6,},{0x44,0xb5,0x7e,0xe3,0x0c,0xdb,0x55,0x82,0x9d,0x0a,0x5d,0x4f,0x04,0x6b,0xae,0xf0,0x78,0xf1,0xe9,0x7a,0x7f,0x21,0xb6,0x2d,0x75,0xf8,0xe9,0x6e,0xa1,0x39,0xc3,0x5f,},{0x77,0xd3,0x89,0xe5,0x99,0x63,0x0d,0x93,0x40,0x76,0x32,0x95,0x83,0xcd,0x41,0x05,0xa6,0x49,0xa9,0x29,0x2a,0xbc,0x44,0xcd,0x28,0xc4,0x00,0x00,0xc8,0xe2,0xf5,0xac,0x76,0x60,0xa8,0x1c,0x85,0xb7,0x2a,0xf8,0x45,0x2d,0x7d,0x25,0xc0,0x70,0x86,0x1d,0xae,0x91,0x60,0x1c,0x78,0x03,0xd6,0x56,0x53,0x16,0x50,0xdd,0x4e,0x5c,0x41,0x00,},11,"\x34\x86\xf6\x88\x48\xa6\x5a\x0e\xb5\x50\x7d"}, - {{0x5b,0x5a,0x61,0x9f,0x8c,0xe1,0xc6,0x6d,0x7c,0xe2,0x6e,0x5a,0x2a,0xe7,0xb0,0xc0,0x4f,0xeb,0xcd,0x34,0x6d,0x28,0x6c,0x92,0x9e,0x19,0xd0,0xd5,0x97,0x3b,0xfe,0xf9,},{0x6f,0xe8,0x36,0x93,0xd0,0x11,0xd1,0x11,0x13,0x1c,0x4f,0x3f,0xba,0xaa,0x40,0xa9,0xd3,0xd7,0x6b,0x30,0x01,0x2f,0xf7,0x3b,0xb0,0xe3,0x9e,0xc2,0x7a,0xb1,0x82,0x57,},{0x0f,0x9a,0xd9,0x79,0x30,0x33,0xa2,0xfa,0x06,0x61,0x4b,0x27,0x7d,0x37,0x38,0x1e,0x6d,0x94,0xf6,0x5a,0xc2,0xa5,0xa9,0x45,0x58,0xd0,0x9e,0xd6,0xce,0x92,0x22,0x58,0xc1,0xa5,0x67,0x95,0x2e,0x86,0x3a,0xc9,0x42,0x97,0xae,0xc3,0xc0,0xd0,0xc8,0xdd,0xf7,0x10,0x84,0xe5,0x04,0x86,0x0b,0xb6,0xba,0x27,0x44,0x9b,0x55,0xad,0xc4,0x0e,},12,"\x5a\x8d\x9d\x0a\x22\x35\x7e\x66\x55\xf9\xc7\x85"}, - {{0x94,0x0c,0x89,0xfe,0x40,0xa8,0x1d,0xaf,0xbd,0xb2,0x41,0x6d,0x14,0xae,0x46,0x91,0x19,0x86,0x97,0x44,0x41,0x0c,0x33,0x03,0xbf,0xaa,0x02,0x41,0xda,0xc5,0x78,0x00,},{0xa2,0xeb,0x8c,0x05,0x01,0xe3,0x0b,0xae,0x0c,0xf8,0x42,0xd2,0xbd,0xe8,0xde,0xc7,0x38,0x6f,0x6b,0x7f,0xc3,0x98,0x1b,0x8c,0x57,0xc9,0x79,0x2b,0xb9,0x4c,0xf2,0xdd,},{0xd8,0xbb,0x64,0xaa,0xd8,0xc9,0x95,0x5a,0x11,0x5a,0x79,0x3a,0xdd,0xd2,0x4f,0x7f,0x2b,0x07,0x76,0x48,0x71,0x4f,0x49,0xc4,0x69,0x4e,0xc9,0x95,0xb3,0x30,0xd0,0x9d,0x64,0x0d,0xf3,0x10,0xf4,0x47,0xfd,0x7b,0x6c,0xb5,0xc1,0x4f,0x9f,0xe9,0xf4,0x90,0xbc,0xf8,0xcf,0xad,0xbf,0xd2,0x16,0x9c,0x8a,0xc2,0x0d,0x3b,0x8a,0xf4,0x9a,0x0c,},13,"\xb8\x7d\x38\x13\xe0\x3f\x58\xcf\x19\xfd\x0b\x63\x95"}, - {{0x9a,0xca,0xd9,0x59,0xd2,0x16,0x21,0x2d,0x78,0x9a,0x11,0x92,0x52,0xeb,0xfe,0x0c,0x96,0x51,0x2a,0x23,0xc7,0x3b,0xd9,0xf3,0xb2,0x02,0x29,0x2d,0x69,0x16,0xa7,0x38,},{0xcf,0x3a,0xf8,0x98,0x46,0x7a,0x5b,0x7a,0x52,0xd3,0x3d,0x53,0xbc,0x03,0x7e,0x26,0x42,0xa8,0xda,0x99,0x69,0x03,0xfc,0x25,0x22,0x17,0xe9,0xc0,0x33,0xe2,0xf2,0x91,},{0x6e,0xe3,0xfe,0x81,0xe2,0x3c,0x60,0xeb,0x23,0x12,0xb2,0x00,0x6b,0x3b,0x25,0xe6,0x83,0x8e,0x02,0x10,0x66,0x23,0xf8,0x44,0xc4,0x4e,0xdb,0x8d,0xaf,0xd6,0x6a,0xb0,0x67,0x10,0x87,0xfd,0x19,0x5d,0xf5,0xb8,0xf5,0x8a,0x1d,0x6e,0x52,0xaf,0x42,0x90,0x80,0x53,0xd5,0x5c,0x73,0x21,0x01,0x00,0x92,0x74,0x87,0x95,0xef,0x94,0xcf,0x06,},14,"\x55\xc7\xfa\x43\x4f\x5e\xd8\xcd\xec\x2b\x7a\xea\xc1\x73"}, - {{0xd5,0xae,0xee,0x41,0xee,0xb0,0xe9,0xd1,0xbf,0x83,0x37,0xf9,0x39,0x58,0x7e,0xbe,0x29,0x61,0x61,0xe6,0xbf,0x52,0x09,0xf5,0x91,0xec,0x93,0x9e,0x14,0x40,0xc3,0x00,},{0xfd,0x2a,0x56,0x57,0x23,0x16,0x3e,0x29,0xf5,0x3c,0x9d,0xe3,0xd5,0xe8,0xfb,0xe3,0x6a,0x7a,0xb6,0x6e,0x14,0x39,0xec,0x4e,0xae,0x9c,0x0a,0x60,0x4a,0xf2,0x91,0xa5,},{0xf6,0x8d,0x04,0x84,0x7e,0x5b,0x24,0x97,0x37,0x89,0x9c,0x01,0x4d,0x31,0xc8,0x05,0xc5,0x00,0x7a,0x62,0xc0,0xa1,0x0d,0x50,0xbb,0x15,0x38,0xc5,0xf3,0x55,0x03,0x95,0x1f,0xbc,0x1e,0x08,0x68,0x2f,0x2c,0xc0,0xc9,0x2e,0xfe,0x8f,0x49,0x85,0xde,0xc6,0x1d,0xcb,0xd5,0x4d,0x4b,0x94,0xa2,0x25,0x47,0xd2,0x44,0x51,0x27,0x1c,0x8b,0x00,},15,"\x0a\x68\x8e\x79\xbe\x24\xf8\x66\x28\x6d\x46\x46\xb5\xd8\x1c"}, - {{0x0a,0x47,0xd1,0x04,0x52,0xae,0x2f,0xeb,0xec,0x51,0x8a,0x1c,0x7c,0x36,0x28,0x90,0xc3,0xfc,0x1a,0x49,0xd3,0x4b,0x03,0xb6,0x46,0x7d,0x35,0xc9,0x04,0xa8,0x36,0x2d,},{0x34,0xe5,0xa8,0x50,0x8c,0x47,0x43,0x74,0x69,0x62,0xc0,0x66,0xe4,0xba,0xde,0xa2,0x20,0x1b,0x8a,0xb4,0x84,0xde,0x5c,0x4f,0x94,0x47,0x6c,0xcd,0x21,0x43,0x95,0x5b,},{0x2a,0x3d,0x27,0xdc,0x40,0xd0,0xa8,0x12,0x79,0x49,0xa3,0xb7,0xf9,0x08,0xb3,0x68,0x8f,0x63,0xb7,0xf1,0x4f,0x65,0x1a,0xac,0xd7,0x15,0x94,0x0b,0xdb,0xe2,0x7a,0x08,0x09,0xaa,0xc1,0x42,0xf4,0x7a,0xb0,0xe1,0xe4,0x4f,0xa4,0x90,0xba,0x87,0xce,0x53,0x92,0xf3,0x3a,0x89,0x15,0x39,0xca,0xf1,0xef,0x4c,0x36,0x7c,0xae,0x54,0x50,0x0c,},16,"\xc9\x42\xfa\x7a\xc6\xb2\x3a\xb7\xff\x61\x2f\xdc\x8e\x68\xef\x39"}, - {{0xf8,0x14,0x8f,0x75,0x06,0xb7,0x75,0xef,0x46,0xfd,0xc8,0xe8,0xc7,0x56,0x51,0x68,0x12,0xd4,0x7d,0x6c,0xfb,0xfa,0x31,0x8c,0x27,0xc9,0xa2,0x26,0x41,0xe5,0x6f,0x17,},{0x04,0x45,0xe4,0x56,0xda,0xcc,0x7d,0x5b,0x0b,0xbe,0xd2,0x3c,0x82,0x00,0xcd,0xb7,0x4b,0xdc,0xb0,0x3e,0x4c,0x7b,0x73,0xf0,0xa2,0xb9,0xb4,0x6e,0xac,0x5d,0x43,0x72,},{0x36,0x53,0xcc,0xb2,0x12,0x19,0x20,0x2b,0x84,0x36,0xfb,0x41,0xa3,0x2b,0xa2,0x61,0x8c,0x4a,0x13,0x34,0x31,0xe6,0xe6,0x34,0x63,0xce,0xb3,0xb6,0x10,0x6c,0x4d,0x56,0xe1,0xd2,0xba,0x16,0x5b,0xa7,0x6e,0xaa,0xd3,0xdc,0x39,0xbf,0xfb,0x13,0x0f,0x1d,0xe3,0xd8,0xe6,0x42,0x7d,0xb5,0xb7,0x19,0x38,0xdb,0x4e,0x27,0x2b,0xc3,0xe2,0x0b,},17,"\x73\x68\x72\x4a\x5b\x0e\xfb\x57\xd2\x8d\x97\x62\x2d\xbd\xe7\x25\xaf"}, - {{0x77,0xf8,0x86,0x91,0xc4,0xef,0xf2,0x3e,0xbb,0x73,0x64,0x94,0x70,0x92,0x95,0x1a,0x5f,0xf3,0xf1,0x07,0x85,0xb4,0x17,0xe9,0x18,0x82,0x3a,0x55,0x2d,0xab,0x7c,0x75,},{0x74,0xd2,0x91,0x27,0xf1,0x99,0xd8,0x6a,0x86,0x76,0xae,0xc3,0x3b,0x4c,0xe3,0xf2,0x25,0xcc,0xb1,0x91,0xf5,0x2c,0x19,0x1c,0xcd,0x1e,0x8c,0xca,0x65,0x21,0x3a,0x6b,},{0xfb,0xe9,0x29,0xd7,0x43,0xa0,0x3c,0x17,0x91,0x05,0x75,0x49,0x2f,0x30,0x92,0xee,0x2a,0x2b,0xf1,0x4a,0x60,0xa3,0xfc,0xac,0xec,0x74,0xa5,0x8c,0x73,0x34,0x51,0x0f,0xc2,0x62,0xdb,0x58,0x27,0x91,0x32,0x2d,0x6c,0x8c,0x41,0xf1,0x70,0x0a,0xdb,0x80,0x02,0x7e,0xca,0xbc,0x14,0x27,0x0b,0x70,0x34,0x44,0xae,0x3e,0xe7,0x62,0x3e,0x0a,},18,"\xbd\x8e\x05\x03\x3f\x3a\x8b\xcd\xcb\xf4\xbe\xce\xb7\x09\x01\xc8\x2e\x31"}, - {{0xab,0x6f,0x7a,0xee,0x6a,0x08,0x37,0xb3,0x34,0xba,0x5e,0xb1,0xb2,0xad,0x7f,0xce,0xcf,0xab,0x7e,0x32,0x3c,0xab,0x18,0x7f,0xe2,0xe0,0xa9,0x5d,0x80,0xef,0xf1,0x32,},{0x5b,0x96,0xdc,0xa4,0x97,0x87,0x5b,0xf9,0x66,0x4c,0x5e,0x75,0xfa,0xcf,0x3f,0x9b,0xc5,0x4b,0xae,0x91,0x3d,0x66,0xca,0x15,0xee,0x85,0xf1,0x49,0x1c,0xa2,0x4d,0x2c,},{0x73,0xbc,0xa6,0x4e,0x9d,0xd0,0xdb,0x88,0x13,0x8e,0xed,0xfa,0xfc,0xea,0x8f,0x54,0x36,0xcf,0xb7,0x4b,0xfb,0x0e,0x77,0x33,0xcf,0x34,0x9b,0xaa,0x0c,0x49,0x77,0x5c,0x56,0xd5,0x93,0x4e,0x1d,0x38,0xe3,0x6f,0x39,0xb7,0xc5,0xbe,0xb0,0xa8,0x36,0x51,0x0c,0x45,0x12,0x6f,0x8e,0xc4,0xb6,0x81,0x05,0x19,0x90,0x5b,0x0c,0xa0,0x7c,0x09,},19,"\x81\x71\x45\x6f\x8b\x90\x71\x89\xb1\xd7\x79\xe2\x6b\xc5\xaf\xbb\x08\xc6\x7a"}, - {{0x8d,0x13,0x5d,0xe7,0xc8,0x41,0x1b,0xbd,0xbd,0x1b,0x31,0xe5,0xdc,0x67,0x8f,0x2a,0xc7,0x10,0x9e,0x79,0x2b,0x60,0xf3,0x8c,0xd2,0x49,0x36,0xe8,0xa8,0x98,0xc3,0x2d,},{0x1c,0xa2,0x81,0x93,0x85,0x29,0x89,0x65,0x35,0xa7,0x71,0x4e,0x35,0x84,0x08,0x5b,0x86,0xef,0x9f,0xec,0x72,0x3f,0x42,0x81,0x9f,0xc8,0xdd,0x5d,0x8c,0x00,0x81,0x7f,},{0xa1,0xad,0xc2,0xbc,0x6a,0x2d,0x98,0x06,0x62,0x67,0x7e,0x7f,0xdf,0xf6,0x42,0x4d,0xe7,0xdb,0xa5,0x0f,0x57,0x95,0xca,0x90,0xfd,0xf3,0xe9,0x6e,0x25,0x6f,0x32,0x85,0xca,0xc7,0x1d,0x33,0x60,0x48,0x2e,0x99,0x3d,0x02,0x94,0xba,0x4e,0xc7,0x44,0x0c,0x61,0xaf,0xfd,0xf3,0x5f,0xe8,0x3e,0x6e,0x04,0x26,0x39,0x37,0xdb,0x93,0xf1,0x05,},20,"\x8b\xa6\xa4\xc9\xa1\x5a\x24\x4a\x9c\x26\xbb\x2a\x59\xb1\x02\x6f\x21\x34\x8b\x49"}, - {{0x0e,0x76,0x5d,0x72,0x0e,0x70,0x5f,0x93,0x66,0xc1,0xab,0x8c,0x3f,0xa8,0x4c,0x9a,0x44,0x37,0x0c,0x06,0x96,0x9f,0x80,0x32,0x96,0x88,0x4b,0x28,0x46,0xa6,0x52,0xa4,},{0x7f,0xae,0x45,0xdd,0x0a,0x05,0x97,0x10,0x26,0xd4,0x10,0xbc,0x49,0x7a,0xf5,0xbe,0x7d,0x08,0x27,0xa8,0x2a,0x14,0x5c,0x20,0x3f,0x62,0x5d,0xfc,0xb8,0xb0,0x3b,0xa8,},{0xbb,0x61,0xcf,0x84,0xde,0x61,0x86,0x22,0x07,0xc6,0xa4,0x55,0x25,0x8b,0xc4,0xdb,0x4e,0x15,0xee,0xa0,0x31,0x7f,0xf8,0x87,0x18,0xb8,0x82,0xa0,0x6b,0x5c,0xf6,0xec,0x6f,0xd2,0x0c,0x5a,0x26,0x9e,0x5d,0x5c,0x80,0x5b,0xaf,0xbc,0xc5,0x79,0xe2,0x59,0x0a,0xf4,0x14,0xc7,0xc2,0x27,0x27,0x3c,0x10,0x2a,0x10,0x07,0x0c,0xdf,0xe8,0x0f,},21,"\x1d\x56\x6a\x62\x32\xbb\xaa\xb3\xe6\xd8\x80\x4b\xb5\x18\xa4\x98\xed\x0f\x90\x49\x86"}, - {{0xdb,0x36,0xe3,0x26,0xd6,0x76,0xc2,0xd1,0x9c,0xc8,0xfe,0x0c,0x14,0xb7,0x09,0x20,0x2e,0xcf,0xc7,0x61,0xd2,0x70,0x89,0xeb,0x6e,0xa4,0xb1,0xbb,0x02,0x1e,0xcf,0xa7,},{0x48,0x35,0x9b,0x85,0x0d,0x23,0xf0,0x71,0x5d,0x94,0xbb,0x8b,0xb7,0x5e,0x7e,0x14,0x32,0x2e,0xaf,0x14,0xf0,0x6f,0x28,0xa8,0x05,0x40,0x3f,0xbd,0xa0,0x02,0xfc,0x85,},{0xb6,0xdc,0xd0,0x99,0x89,0xdf,0xba,0xc5,0x43,0x22,0xa3,0xce,0x87,0x87,0x6e,0x1d,0x62,0x13,0x4d,0xa9,0x98,0xc7,0x9d,0x24,0xb5,0x0b,0xd7,0xa6,0xa7,0x97,0xd8,0x6a,0x0e,0x14,0xdc,0x9d,0x74,0x91,0xd6,0xc1,0x4a,0x67,0x3c,0x65,0x2c,0xfb,0xec,0x9f,0x96,0x2a,0x38,0xc9,0x45,0xda,0x3b,0x2f,0x08,0x79,0xd0,0xb6,0x8a,0x92,0x13,0x00,},22,"\x1b\x0a\xfb\x0a\xc4\xba\x9a\xb7\xb7\x17\x2c\xdd\xc9\xeb\x42\xbb\xa1\xa6\x4b\xce\x47\xd4"}, - {{0xc8,0x99,0x55,0xe0,0xf7,0x74,0x1d,0x90,0x5d,0xf0,0x73,0x0b,0x3d,0xc2,0xb0,0xce,0x1a,0x13,0x13,0x4e,0x44,0xfe,0xf3,0xd4,0x0d,0x60,0xc0,0x20,0xef,0x19,0xdf,0x77,},{0xfd,0xb3,0x06,0x73,0x40,0x2f,0xaf,0x1c,0x80,0x33,0x71,0x4f,0x35,0x17,0xe4,0x7c,0xc0,0xf9,0x1f,0xe7,0x0c,0xf3,0x83,0x6d,0x6c,0x23,0x63,0x6e,0x3f,0xd2,0x28,0x7c,},{0x7e,0xf6,0x6e,0x5e,0x86,0xf2,0x36,0x08,0x48,0xe0,0x01,0x4e,0x94,0x88,0x0a,0xe2,0x92,0x0a,0xd8,0xa3,0x18,0x5a,0x46,0xb3,0x5d,0x1e,0x07,0xde,0xa8,0xfa,0x8a,0xe4,0xf6,0xb8,0x43,0xba,0x17,0x4d,0x99,0xfa,0x79,0x86,0x65,0x4a,0x08,0x91,0xc1,0x2a,0x79,0x44,0x55,0x66,0x93,0x75,0xbf,0x92,0xaf,0x4c,0xc2,0x77,0x0b,0x57,0x9e,0x0c,},23,"\x50\x7c\x94\xc8\x82\x0d\x2a\x57\x93\xcb\xf3\x44\x2b\x3d\x71\x93\x6f\x35\xfe\x3a\xfe\xf3\x16"}, - {{0x4e,0x62,0x62,0x7f,0xc2,0x21,0x14,0x24,0x78,0xae,0xe7,0xf0,0x07,0x81,0xf8,0x17,0xf6,0x62,0xe3,0xb7,0x5d,0xb2,0x9b,0xb1,0x4a,0xb4,0x7c,0xf8,0xe8,0x41,0x04,0xd6,},{0xb1,0xd3,0x98,0x01,0x89,0x20,0x27,0xd5,0x8a,0x8c,0x64,0x33,0x51,0x63,0x19,0x58,0x93,0xbf,0xc1,0xb6,0x1d,0xbe,0xca,0x32,0x60,0x49,0x7e,0x1f,0x30,0x37,0x11,0x07,},{0x83,0x6a,0xfa,0x76,0x4d,0x9c,0x48,0xaa,0x47,0x70,0xa4,0x38,0x8b,0x65,0x4e,0x97,0xb3,0xc1,0x6f,0x08,0x29,0x67,0xfe,0xbc,0xa2,0x7f,0x2f,0xc4,0x7d,0xdf,0xd9,0x24,0x4b,0x03,0xcf,0xc7,0x29,0x69,0x8a,0xcf,0x51,0x09,0x70,0x43,0x46,0xb6,0x0b,0x23,0x0f,0x25,0x54,0x30,0x08,0x9d,0xdc,0x56,0x91,0x23,0x99,0xd1,0x12,0x2d,0xe7,0x0a,},24,"\xd3\xd6\x15\xa8\x47\x2d\x99\x62\xbb\x70\xc5\xb5\x46\x6a\x3d\x98\x3a\x48\x11\x04\x6e\x2a\x0e\xf5"}, - {{0x6b,0x83,0xd7,0xda,0x89,0x08,0xc3,0xe7,0x20,0x5b,0x39,0x86,0x4b,0x56,0xe5,0xf3,0xe1,0x71,0x96,0xa3,0xfc,0x9c,0x2f,0x58,0x05,0xaa,0xd0,0xf5,0x55,0x4c,0x14,0x2d,},{0xd0,0xc8,0x46,0xf9,0x7f,0xe2,0x85,0x85,0xc0,0xee,0x15,0x90,0x15,0xd6,0x4c,0x56,0x31,0x1c,0x88,0x6e,0xdd,0xcc,0x18,0x5d,0x29,0x6d,0xbb,0x16,0x5d,0x26,0x25,0xd6,},{0x16,0xe4,0x62,0xa2,0x9a,0x6d,0xd4,0x98,0x68,0x5a,0x37,0x18,0xb3,0xee,0xd0,0x0c,0xc1,0x59,0x86,0x01,0xee,0x47,0x82,0x04,0x86,0x03,0x2d,0x6b,0x9a,0xcc,0x9b,0xf8,0x9f,0x57,0x68,0x4e,0x08,0xd8,0xc0,0xf0,0x55,0x89,0xcd,0xa2,0x88,0x2a,0x05,0xdc,0x4c,0x63,0xf9,0xd0,0x43,0x1d,0x65,0x52,0x71,0x08,0x12,0x43,0x30,0x03,0xbc,0x08,},25,"\x6a\xda\x80\xb6\xfa\x84\xf7\x03\x49\x20\x78\x9e\x85\x36\xb8\x2d\x5e\x46\x78\x05\x9a\xed\x27\xf7\x1c"}, - {{0x19,0xa9,0x1f,0xe2,0x3a,0x4e,0x9e,0x33,0xec,0xc4,0x74,0x87,0x8f,0x57,0xc6,0x4c,0xf1,0x54,0xb3,0x94,0x20,0x34,0x87,0xa7,0x03,0x5e,0x1a,0xd9,0xcd,0x69,0x7b,0x0d,},{0x2b,0xf3,0x2b,0xa1,0x42,0xba,0x46,0x22,0xd8,0xf3,0xe2,0x9e,0xcd,0x85,0xee,0xa0,0x7b,0x9c,0x47,0xbe,0x9d,0x64,0x41,0x2c,0x9b,0x51,0x0b,0x27,0xdd,0x21,0x8b,0x23,},{0x88,0x1f,0x5b,0x8c,0x5a,0x03,0x0d,0xf0,0xf7,0x5b,0x66,0x34,0xb0,0x70,0xdd,0x27,0xbd,0x1e,0xe3,0xc0,0x87,0x38,0xae,0x34,0x93,0x38,0xb3,0xee,0x64,0x69,0xbb,0xf9,0x76,0x0b,0x13,0x57,0x8a,0x23,0x7d,0x51,0x82,0x53,0x5e,0xde,0x12,0x12,0x83,0x02,0x7a,0x90,0xb5,0xf8,0x65,0xd6,0x3a,0x65,0x37,0xdc,0xa0,0x7b,0x44,0x04,0x9a,0x0f,},26,"\x82\xcb\x53\xc4\xd5\xa0\x13\xba\xe5\x07\x07\x59\xec\x06\xc3\xc6\x95\x5a\xb7\xa4\x05\x09\x58\xec\x32\x8c"}, - {{0x1d,0x5b,0x8c,0xb6,0x21,0x5c,0x18,0x14,0x16,0x66,0xba,0xee,0xfc,0xf5,0xd6,0x9d,0xad,0x5b,0xea,0x9a,0x34,0x93,0xdd,0xda,0xa3,0x57,0xa4,0x39,0x7a,0x13,0xd4,0xde,},{0x94,0xd2,0x3d,0x97,0x7c,0x33,0xe4,0x9e,0x5e,0x49,0x92,0xc6,0x8f,0x25,0xec,0x99,0xa2,0x7c,0x41,0xce,0x6b,0x91,0xf2,0xbf,0xa0,0xcd,0x82,0x92,0xfe,0x96,0x28,0x35,},{0x3a,0xcd,0x39,0xbe,0xc8,0xc3,0xcd,0x2b,0x44,0x29,0x97,0x22,0xb5,0x85,0x0a,0x04,0x00,0xc1,0x44,0x35,0x90,0xfd,0x48,0x61,0xd5,0x9a,0xae,0x74,0x96,0xac,0xb3,0xdf,0x73,0xfc,0x3f,0xdf,0x79,0x69,0xae,0x5f,0x50,0xba,0x47,0xdd,0xdc,0x43,0x52,0x46,0xe5,0xfd,0x37,0x6f,0x6b,0x89,0x1c,0xd4,0xc2,0xca,0xf5,0xd6,0x14,0xb6,0x17,0x0c,},27,"\xa9\xa8\xcb\xb0\xad\x58\x51\x24\xe5\x22\xab\xbf\xb4\x05\x33\xbd\xd6\xf4\x93\x47\xb5\x5b\x18\xe8\x55\x8c\xb0"}, - {{0x6a,0x91,0xb3,0x22,0x7c,0x47,0x22,0x99,0x08,0x9b,0xdc,0xe9,0x35,0x6e,0x72,0x6a,0x40,0xef,0xd8,0x40,0xf1,0x10,0x02,0x70,0x8b,0x7e,0xe5,0x5b,0x64,0x10,0x5a,0xc2,},{0x9d,0x08,0x4a,0xa8,0xb9,0x7a,0x6b,0x9b,0xaf,0xa4,0x96,0xdb,0xc6,0xf7,0x6f,0x33,0x06,0xa1,0x16,0xc9,0xd9,0x17,0xe6,0x81,0x52,0x0a,0x0f,0x91,0x43,0x69,0x42,0x7e,},{0xf5,0x87,0x54,0x23,0x78,0x1b,0x66,0x21,0x6c,0xb5,0xe8,0x99,0x8d,0xe5,0xd9,0xff,0xc2,0x9d,0x1d,0x67,0x10,0x70,0x54,0xac,0xe3,0x37,0x45,0x03,0xa9,0xc3,0xef,0x81,0x15,0x77,0xf2,0x69,0xde,0x81,0x29,0x67,0x44,0xbd,0x70,0x6f,0x1a,0xc4,0x78,0xca,0xf0,0x9b,0x54,0xcd,0xf8,0x71,0xb3,0xf8,0x02,0xbd,0x57,0xf9,0xa6,0xcb,0x91,0x01,},28,"\x5c\xb6\xf9\xaa\x59\xb8\x0e\xca\x14\xf6\xa6\x8f\xb4\x0c\xf0\x7b\x79\x4e\x75\x17\x1f\xba\x96\x26\x2c\x1c\x6a\xdc"}, - {{0x93,0xea,0xa8,0x54,0xd7,0x91,0xf0,0x53,0x72,0xce,0x72,0xb9,0x4f,0xc6,0x50,0x3b,0x2f,0xf8,0xae,0x68,0x19,0xe6,0xa2,0x1a,0xfe,0x82,0x5e,0x27,0xad,0xa9,0xe4,0xfb,},{0x16,0xce,0xe8,0xa3,0xf2,0x63,0x18,0x34,0xc8,0x8b,0x67,0x08,0x97,0xff,0x0b,0x08,0xce,0x90,0xcc,0x14,0x7b,0x45,0x93,0xb3,0xf1,0xf4,0x03,0x72,0x7f,0x7e,0x7a,0xd5,},{0xd8,0x34,0x19,0x7c,0x1a,0x30,0x80,0x61,0x4e,0x0a,0x5f,0xa0,0xaa,0xaa,0x80,0x88,0x24,0xf2,0x1c,0x38,0xd6,0x92,0xe6,0xff,0xbd,0x20,0x0f,0x7d,0xfb,0x3c,0x8f,0x44,0x40,0x2a,0x73,0x82,0x18,0x0b,0x98,0xad,0x0a,0xfc,0x8e,0xec,0x1a,0x02,0xac,0xec,0xf3,0xcb,0x7f,0xde,0x62,0x7b,0x9f,0x18,0x11,0x1f,0x26,0x0a,0xb1,0xdb,0x9a,0x07,},29,"\x32\xfe\x27\x99\x41\x24\x20\x21\x53\xb5\xc7\x0d\x38\x13\xfd\xee\x9c\x2a\xa6\xe7\xdc\x74\x3d\x4d\x53\x5f\x18\x40\xa5"}, - {{0x94,0x1c,0xac,0x69,0xfb,0x7b,0x18,0x15,0xc5,0x7b,0xb9,0x87,0xc4,0xd6,0xc2,0xad,0x2c,0x35,0xd5,0xf9,0xa3,0x18,0x2a,0x79,0xd4,0xba,0x13,0xea,0xb2,0x53,0xa8,0xad,},{0x23,0xbe,0x32,0x3c,0x56,0x2d,0xfd,0x71,0xce,0x65,0xf5,0xbb,0xa5,0x6a,0x74,0xa3,0xa6,0xdf,0xc3,0x6b,0x57,0x3d,0x2f,0x94,0xf6,0x35,0xc7,0xf9,0xb4,0xfd,0x5a,0x5b,},{0x0f,0x8f,0xad,0x1e,0x6b,0xde,0x77,0x1b,0x4f,0x54,0x20,0xea,0xc7,0x5c,0x37,0x8b,0xae,0x6d,0xb5,0xac,0x66,0x50,0xcd,0x2b,0xc2,0x10,0xc1,0x82,0x3b,0x43,0x2b,0x48,0xe0,0x16,0xb1,0x05,0x95,0x45,0x8f,0xfa,0xb9,0x2f,0x7a,0x89,0x89,0xb2,0x93,0xce,0xb8,0xdf,0xed,0x6c,0x24,0x3a,0x20,0x38,0xfc,0x06,0x65,0x2a,0xaa,0xf1,0x6f,0x02,},30,"\xbb\x31\x72\x79\x57\x10\xfe\x00\x05\x4d\x3b\x5d\xfe\xf8\xa1\x16\x23\x58\x2d\xa6\x8b\xf8\xe4\x6d\x72\xd2\x7c\xec\xe2\xaa"}, - {{0x1a,0xcd,0xbb,0x79,0x3b,0x03,0x84,0x93,0x46,0x27,0x47,0x0d,0x79,0x5c,0x3d,0x1d,0xd4,0xd7,0x9c,0xea,0x59,0xef,0x98,0x3f,0x29,0x5b,0x9b,0x59,0x17,0x9c,0xbb,0x28,},{0x3f,0x60,0xc7,0x54,0x1a,0xfa,0x76,0xc0,0x19,0xcf,0x5a,0xa8,0x2d,0xcd,0xb0,0x88,0xed,0x9e,0x4e,0xd9,0x78,0x05,0x14,0xae,0xfb,0x37,0x9d,0xab,0xc8,0x44,0xf3,0x1a,},{0xbe,0x71,0xef,0x48,0x06,0xcb,0x04,0x1d,0x88,0x5e,0xff,0xd9,0xe6,0xb0,0xfb,0xb7,0x3d,0x65,0xd7,0xcd,0xec,0x47,0xa8,0x9c,0x8a,0x99,0x48,0x92,0xf4,0xe5,0x5a,0x56,0x8c,0x4c,0xc7,0x8d,0x61,0xf9,0x01,0xe8,0x0d,0xbb,0x62,0x8b,0x86,0xa2,0x3c,0xcd,0x59,0x4e,0x71,0x2b,0x57,0xfa,0x94,0xc2,0xd6,0x7e,0xc2,0x66,0x34,0x87,0x85,0x07,},31,"\x7c\xf3\x4f\x75\xc3\xda\xc9\xa8\x04\xd0\xfc\xd0\x9e\xba\x9b\x29\xc9\x48\x4e\x8a\x01\x8f\xa9\xe0\x73\x04\x2d\xf8\x8e\x3c\x56"}, - {{0x8e,0xd7,0xa7,0x97,0xb9,0xce,0xa8,0xa8,0x37,0x0d,0x41,0x91,0x36,0xbc,0xdf,0x68,0x3b,0x75,0x9d,0x2e,0x3c,0x69,0x47,0xf1,0x7e,0x13,0xe2,0x48,0x5a,0xa9,0xd4,0x20,},{0xb4,0x9f,0x3a,0x78,0xb1,0xc6,0xa7,0xfc,0xa8,0xf3,0x46,0x6f,0x33,0xbc,0x0e,0x92,0x9f,0x01,0xfb,0xa0,0x43,0x06,0xc2,0xa7,0x46,0x5f,0x46,0xc3,0x75,0x93,0x16,0xd9,},{0x04,0x26,0x6c,0x03,0x3b,0x91,0xc1,0x32,0x2c,0xeb,0x34,0x46,0xc9,0x01,0xff,0xcf,0x3c,0xc4,0x0c,0x40,0x34,0xe8,0x87,0xc9,0x59,0x7c,0xa1,0x89,0x3b,0xa7,0x33,0x0b,0xec,0xbb,0xd8,0xb4,0x81,0x42,0xef,0x35,0xc0,0x12,0xc6,0xba,0x51,0xa6,0x6d,0xf9,0x30,0x8c,0xb6,0x26,0x8a,0xd6,0xb1,0xe4,0xb0,0x3e,0x70,0x10,0x24,0x95,0x79,0x0b,},32,"\xa7\x50\xc2\x32\x93\x3d\xc1\x4b\x11\x84\xd8\x6d\x8b\x4c\xe7\x2e\x16\xd6\x97\x44\xba\x69\x81\x8b\x6a\xc3\x3b\x1d\x82\x3b\xb2\xc3"}, - {{0xf2,0xab,0x39,0x6f,0xe8,0x90,0x6e,0x3e,0x56,0x33,0xe9,0x9c,0xab,0xcd,0x5b,0x09,0xdf,0x08,0x59,0xb5,0x16,0x23,0x0b,0x1e,0x04,0x50,0xb5,0x80,0xb6,0x5f,0x61,0x6c,},{0x8e,0xa0,0x74,0x24,0x51,0x59,0xa1,0x16,0xaa,0x71,0x22,0xa2,0x5e,0xc1,0x6b,0x89,0x1d,0x62,0x5a,0x68,0xf3,0x36,0x60,0x42,0x39,0x08,0xf6,0xbd,0xc4,0x4f,0x8c,0x1b,},{0xa0,0x6a,0x23,0xd9,0x82,0xd8,0x1a,0xb8,0x83,0xaa,0xe2,0x30,0xad,0xbc,0x36,0x8a,0x6a,0x99,0x77,0xf0,0x03,0xce,0xbb,0x00,0xd4,0xc2,0xe4,0x01,0x84,0x90,0x19,0x1a,0x84,0xd3,0xa2,0x82,0xfd,0xbf,0xb2,0xfc,0x88,0x04,0x6e,0x62,0xde,0x43,0xe1,0x5f,0xb5,0x75,0x33,0x6b,0x3c,0x8b,0x77,0xd1,0x9c,0xe6,0xa0,0x09,0xce,0x51,0xf5,0x0c,},33,"\x5a\x44\xe3\x4b\x74\x6c\x5f\xd1\x89\x8d\x55\x2a\xb3\x54\xd2\x8f\xb4\x71\x38\x56\xd7\x69\x7d\xd6\x3e\xb9\xbd\x6b\x99\xc2\x80\xe1\x87"}, - {{0x55,0x0a,0x41,0xc0,0x13,0xf7,0x9b,0xab,0x8f,0x06,0xe4,0x3a,0xd1,0x83,0x6d,0x51,0x31,0x27,0x36,0xa9,0x71,0x38,0x06,0xfa,0xfe,0x66,0x45,0x21,0x9e,0xaa,0x1f,0x9d,},{0xaf,0x6b,0x71,0x45,0x47,0x4d,0xc9,0x95,0x4b,0x9a,0xf9,0x3a,0x9c,0xdb,0x34,0x44,0x9d,0x5b,0x7c,0x65,0x1c,0x82,0x4d,0x24,0xe2,0x30,0xb9,0x00,0x33,0xce,0x59,0xc0,},{0x16,0xdc,0x1e,0x2b,0x9f,0xa9,0x09,0xee,0xfd,0xc2,0x77,0xba,0x16,0xeb,0xe2,0x07,0xb8,0xda,0x5e,0x91,0x14,0x3c,0xde,0x78,0xc5,0x04,0x7a,0x89,0xf6,0x81,0xc3,0x3c,0x4e,0x4e,0x34,0x28,0xd5,0xc9,0x28,0x09,0x59,0x03,0xa8,0x11,0xec,0x00,0x2d,0x52,0xa3,0x9e,0xd7,0xf8,0xb3,0xfe,0x19,0x27,0x20,0x0c,0x6d,0xd0,0xb9,0xab,0x3e,0x04,},34,"\x8b\xc4\x18\x5e\x50\xe5\x7d\x5f\x87\xf4\x75\x15\xfe\x2b\x18\x37\xd5\x85\xf0\xaa\xe9\xe1\xca\x38\x3b\x3e\xc9\x08\x88\x4b\xb9\x00\xff\x27"}, - {{0x19,0xac,0x3e,0x27,0x24,0x38,0xc7,0x2d,0xdf,0x7b,0x88,0x19,0x64,0x86,0x7c,0xb3,0xb3,0x1f,0xf4,0xc7,0x93,0xbb,0x7e,0xa1,0x54,0x61,0x3c,0x1d,0xb0,0x68,0xcb,0x7e,},{0xf8,0x5b,0x80,0xe0,0x50,0xa1,0xb9,0x62,0x0d,0xb1,0x38,0xbf,0xc9,0xe1,0x00,0x32,0x7e,0x25,0xc2,0x57,0xc5,0x92,0x17,0xb6,0x01,0xf1,0xf6,0xac,0x9a,0x41,0x3d,0x3f,},{0xea,0x85,0x5d,0x78,0x1c,0xbe,0xa4,0x68,0x2e,0x35,0x01,0x73,0xcb,0x89,0xe8,0x61,0x9c,0xcf,0xdd,0xb9,0x7c,0xdc,0xe1,0x6f,0x9a,0x2f,0x6f,0x68,0x92,0xf4,0x6d,0xbe,0x68,0xe0,0x4b,0x12,0xb8,0xd8,0x86,0x89,0xa7,0xa3,0x16,0x70,0xcd,0xff,0x40,0x9a,0xf9,0x8a,0x93,0xb4,0x9a,0x34,0x53,0x7b,0x6a,0xa0,0x09,0xd2,0xeb,0x8b,0x47,0x01,},35,"\x95\x87\x2d\x5f\x78\x9f\x95\x48\x4e\x30\xcb\xb0\xe1\x14\x02\x89\x53\xb1\x6f\x5c\x6a\x8d\x9f\x65\xc0\x03\xa8\x35\x43\xbe\xaa\x46\xb3\x86\x45"}, - {{0xca,0x26,0x7d,0xe9,0x6c,0x93,0xc2,0x38,0xfa,0xfb,0x12,0x79,0x81,0x20,0x59,0xab,0x93,0xac,0x03,0x05,0x96,0x57,0xfd,0x99,0x4f,0x8f,0xa5,0xa0,0x92,0x39,0xc8,0x21,},{0x01,0x73,0x70,0xc8,0x79,0x09,0x0a,0x81,0xc7,0xf2,0x72,0xc2,0xfc,0x80,0xe3,0xaa,0xc2,0xbc,0x60,0x3f,0xcb,0x37,0x9a,0xfc,0x98,0x69,0x11,0x60,0xab,0x74,0x5b,0x26,},{0xac,0x95,0x7f,0x82,0x33,0x5a,0xa7,0x14,0x1e,0x96,0xb5,0x9d,0x63,0xe3,0xcc,0xee,0x95,0xc3,0xa2,0xc4,0x7d,0x02,0x65,0x40,0xc2,0xaf,0x42,0xdc,0x95,0x33,0xd5,0xfd,0x81,0x82,0x7d,0x16,0x79,0xad,0x18,0x7a,0xea,0xf3,0x78,0x34,0x91,0x5e,0x75,0xb1,0x47,0xa9,0x28,0x68,0x06,0xc8,0x01,0x75,0x16,0xba,0x43,0xdd,0x05,0x1a,0x5e,0x0c,},36,"\xe0\x5f\x71\xe4\xe4\x9a\x72\xec\x55\x0c\x44\xa3\xb8\x5a\xca\x8f\x20\xff\x26\xc3\xee\x94\xa8\x0f\x1b\x43\x1c\x7d\x15\x4e\xc9\x60\x3e\xe0\x25\x31"}, - {{0x3d,0xff,0x5e,0x89,0x94,0x75,0xe7,0xe9,0x1d,0xd2,0x61,0x32,0x2f,0xab,0x09,0x98,0x0c,0x52,0x97,0x0d,0xe1,0xda,0x6e,0x2e,0x20,0x16,0x60,0xcc,0x4f,0xce,0x70,0x32,},{0xf3,0x01,0x62,0xba,0xc9,0x84,0x47,0xc4,0x04,0x2f,0xac,0x05,0xda,0x44,0x80,0x34,0x62,0x9b,0xe2,0xc6,0xa5,0x8d,0x30,0xdf,0xd5,0x78,0xba,0x9f,0xb5,0xe3,0x93,0x0b,},{0x5e,0xfe,0x7a,0x92,0xff,0x96,0x23,0x08,0x9b,0x3e,0x3b,0x78,0xf3,0x52,0x11,0x53,0x66,0xe2,0x6b,0xa3,0xfb,0x1a,0x41,0x62,0x09,0xbc,0x02,0x9e,0x9c,0xad,0xcc,0xd9,0xf4,0xaf,0xfa,0x33,0x35,0x55,0xa8,0xf3,0xa3,0x5a,0x9d,0x0f,0x7c,0x34,0xb2,0x92,0xca,0xe7,0x7e,0xc9,0x6f,0xa3,0xad,0xfc,0xaa,0xde,0xe2,0xd9,0xce,0xd8,0xf8,0x05,},37,"\x93\x8f\x0e\x77\x62\x1b\xf3\xea\x52\xc7\xc4\x91\x1c\x51\x57\xc2\xd8\xa2\xa8\x58\x09\x3e\xf1\x6a\xa9\xb1\x07\xe6\x9d\x98\x03\x7b\xa1\x39\xa3\xc3\x82"}, - {{0x9a,0x6b,0x84,0x78,0x64,0xe7,0x0c,0xfe,0x8b,0xa6,0xab,0x22,0xfa,0x0c,0xa3,0x08,0xc0,0xcc,0x8b,0xec,0x71,0x41,0xfb,0xca,0xa3,0xb8,0x1f,0x5d,0x1e,0x1c,0xfc,0xfc,},{0x34,0xad,0x0f,0xbd,0xb2,0x56,0x65,0x07,0xa8,0x1c,0x2b,0x1f,0x8a,0xa8,0xf5,0x3d,0xcc,0xaa,0x64,0xcc,0x87,0xad,0xa9,0x1b,0x90,0x3e,0x90,0x0d,0x07,0xee,0xe9,0x30,},{0x2a,0xb2,0x55,0x16,0x9c,0x48,0x9c,0x54,0xc7,0x32,0x23,0x2e,0x37,0xc8,0x73,0x49,0xd4,0x86,0xb1,0xeb,0xa2,0x05,0x09,0xdb,0xab,0xe7,0xfe,0xd3,0x29,0xef,0x08,0xfd,0x75,0xba,0x1c,0xd1,0x45,0xe6,0x7b,0x2e,0xa2,0x6c,0xb5,0xcc,0x51,0xca,0xb3,0x43,0xee,0xb0,0x85,0xfe,0x1f,0xd7,0xb0,0xec,0x4c,0x6a,0xfc,0xd9,0xb9,0x79,0xf9,0x05,},38,"\x83\x83\x67\x47\x11\x83\xc7\x1f\x7e\x71\x77\x24\xf8\x9d\x40\x1c\x3a\xd9\x86\x3f\xd9\xcc\x7a\xa3\xcf\x33\xd3\xc5\x29\x86\x0c\xb5\x81\xf3\x09\x3d\x87\xda"}, - {{0x57,0x5b,0xe0,0x7a,0xfc,0xa5,0xd0,0x63,0xc2,0x38,0xcd,0x9b,0x80,0x28,0x77,0x2c,0xc4,0x9c,0xda,0x34,0x47,0x14,0x32,0xa2,0xe1,0x66,0xe0,0x96,0xe2,0x21,0x9e,0xfc,},{0x94,0xe5,0xeb,0x4d,0x50,0x24,0xf4,0x9d,0x7e,0xbf,0x79,0x81,0x7c,0x8d,0xe1,0x14,0x97,0xdc,0x2b,0x55,0x62,0x2a,0x51,0xae,0x12,0x3f,0xfc,0x74,0x9d,0xbb,0x16,0xe0,},{0x58,0x27,0x1d,0x44,0x23,0x6f,0x3b,0x98,0xc5,0x8f,0xd7,0xae,0x0d,0x2f,0x49,0xef,0x2b,0x6e,0x3a,0xff,0xdb,0x22,0x5a,0xa3,0xba,0x55,0x5f,0x0e,0x11,0xcc,0x53,0xc2,0x3a,0xd1,0x9b,0xaf,0x24,0x34,0x65,0x90,0xd0,0x5d,0x7d,0x53,0x90,0x58,0x20,0x82,0xcf,0x94,0xd3,0x9c,0xad,0x65,0x30,0xab,0x93,0xd1,0x3e,0xfb,0x39,0x27,0x95,0x06,},39,"\x33\xe5\x91\x8b\x66\xd3\x3d\x55\xfe\x71\x7c\xa3\x43\x83\xea\xe7\x8f\x0a\xf8\x28\x89\xca\xf6\x69\x6e\x1a\xc9\xd9\x5d\x1f\xfb\x32\xcb\xa7\x55\xf9\xe3\x50\x3e"}, - {{0x15,0xff,0xb4,0x55,0x14,0xd4,0x34,0x44,0xd6,0x1f,0xcb,0x10,0x5e,0x30,0xe1,0x35,0xfd,0x26,0x85,0x23,0xdd,0xa2,0x0b,0x82,0x75,0x8b,0x17,0x94,0x23,0x11,0x04,0x41,},{0x17,0x72,0xc5,0xab,0xc2,0xd2,0x3f,0xd2,0xf9,0xd1,0xc3,0x25,0x7b,0xe7,0xbc,0x3c,0x1c,0xd7,0x9c,0xee,0x40,0x84,0x4b,0x74,0x9b,0x3a,0x77,0x43,0xd2,0xf9,0x64,0xb8,},{0x68,0x28,0xcd,0x76,0x24,0xe7,0x93,0xb8,0xa4,0xce,0xb9,0x6d,0x3c,0x2a,0x97,0x5b,0xf7,0x73,0xe5,0xff,0x66,0x45,0xf3,0x53,0x61,0x40,0x58,0x62,0x1e,0x58,0x83,0x52,0x89,0xe7,0xf3,0x1f,0x42,0xdf,0xe6,0xaf,0x6d,0x73,0x6f,0x26,0x44,0x51,0x1e,0x32,0x0c,0x0f,0xa6,0x98,0x58,0x2a,0x79,0x77,0x8d,0x18,0x73,0x0e,0xd3,0xe8,0xcb,0x08,},40,"\xda\x9c\x55\x59\xd0\xea\x51\xd2\x55\xb6\xbd\x9d\x76\x38\xb8\x76\x47\x2f\x94\x2b\x33\x0f\xc0\xe2\xb3\x0a\xea\x68\xd7\x73\x68\xfc\xe4\x94\x82\x72\x99\x1d\x25\x7e"}, - {{0xfe,0x05,0x68,0x64,0x29,0x43,0xb2,0xe1,0xaf,0xbf,0xd1,0xf1,0x0f,0xe8,0xdf,0x87,0xa4,0x23,0x6b,0xea,0x40,0xdc,0xe7,0x42,0x07,0x2c,0xb2,0x18,0x86,0xee,0xc1,0xfa,},{0x29,0x9e,0xbd,0x1f,0x13,0x17,0x7d,0xbd,0xb6,0x6a,0x91,0x2b,0xbf,0x71,0x20,0x38,0xfd,0xf7,0x3b,0x06,0xc3,0xac,0x02,0x0c,0x7b,0x19,0x12,0x67,0x55,0xd4,0x7f,0x61,},{0xd5,0x9e,0x6d,0xfc,0xc6,0xd7,0xe3,0xe2,0xc5,0x8d,0xec,0x81,0xe9,0x85,0xd2,0x45,0xe6,0x81,0xac,0xf6,0x59,0x4a,0x23,0xc5,0x92,0x14,0xf7,0xbe,0xd8,0x01,0x5d,0x81,0x3c,0x76,0x82,0xb6,0x0b,0x35,0x83,0x44,0x03,0x11,0xe7,0x2a,0x86,0x65,0xba,0x2c,0x96,0xde,0xc2,0x3c,0xe8,0x26,0xe1,0x60,0x12,0x7e,0x18,0x13,0x2b,0x03,0x04,0x04,},41,"\xc5\x9d\x08\x62\xec\x1c\x97\x46\xab\xcc\x3c\xf8\x3c\x9e\xeb\xa2\xc7\x08\x2a\x03\x6a\x8c\xb5\x7c\xe4\x87\xe7\x63\x49\x27\x96\xd4\x7e\x6e\x06\x3a\x0c\x1f\xec\xcc\x2d"}, - {{0x5e,0xcb,0x16,0xc2,0xdf,0x27,0xc8,0xcf,0x58,0xe4,0x36,0xa9,0xd3,0xaf,0xfb,0xd5,0x8e,0x95,0x38,0xa9,0x26,0x59,0xa0,0xf9,0x7c,0x4c,0x4f,0x99,0x46,0x35,0xa8,0xca,},{0xda,0x76,0x8b,0x20,0xc4,0x37,0xdd,0x3a,0xa5,0xf8,0x4b,0xb6,0xa0,0x77,0xff,0xa3,0x4a,0xb6,0x85,0x01,0xc5,0x35,0x2b,0x5c,0xc3,0xfd,0xce,0x7f,0xe6,0xc2,0x39,0x8d,},{0x1c,0x72,0x3a,0x20,0xc6,0x77,0x24,0x26,0xa6,0x70,0xe4,0xd5,0xc4,0xa9,0x7c,0x6e,0xbe,0x91,0x47,0xf7,0x1b,0xb0,0xa4,0x15,0x63,0x1e,0x44,0x40,0x6e,0x29,0x03,0x22,0xe4,0xca,0x97,0x7d,0x34,0x8f,0xe7,0x85,0x6a,0x8e,0xdc,0x23,0x5d,0x0f,0xe9,0x5f,0x7e,0xd9,0x1a,0xef,0xdd,0xf2,0x8a,0x77,0xe2,0xc7,0xdb,0xfd,0x8f,0x55,0x2f,0x0a,},42,"\x56\xf1\x32\x9d\x9a\x6b\xe2\x5a\x61\x59\xc7\x2f\x12\x68\x8d\xc8\x31\x4e\x85\xdd\x9e\x7e\x4d\xc0\x5b\xbe\xcb\x77\x29\xe0\x23\xc8\x6f\x8e\x09\x37\x35\x3f\x27\xc7\xed\xe9"}, - {{0xd5,0x99,0xd6,0x37,0xb3,0xc3,0x0a,0x82,0xa9,0x98,0x4e,0x2f,0x75,0x84,0x97,0xd1,0x44,0xde,0x6f,0x06,0xb9,0xfb,0xa0,0x4d,0xd4,0x0f,0xd9,0x49,0x03,0x9d,0x7c,0x84,},{0x67,0x91,0xd8,0xce,0x50,0xa4,0x46,0x89,0xfc,0x17,0x87,0x27,0xc5,0xc3,0xa1,0xc9,0x59,0xfb,0xee,0xd7,0x4e,0xf7,0xd8,0xe7,0xbd,0x3c,0x1a,0xb4,0xda,0x31,0xc5,0x1f,},{0xeb,0xf1,0x0d,0x9a,0xc7,0xc9,0x61,0x08,0x14,0x0e,0x7d,0xef,0x6f,0xe9,0x53,0x3d,0x72,0x76,0x46,0xff,0x5b,0x3a,0xf2,0x73,0xc1,0xdf,0x95,0x76,0x2a,0x66,0xf3,0x2b,0x65,0xa0,0x96,0x34,0xd0,0x13,0xf5,0x4b,0x5d,0xd6,0x01,0x1f,0x91,0xbc,0x33,0x6c,0xa8,0xb3,0x55,0xce,0x33,0xf8,0xcf,0xbe,0xc2,0x53,0x5a,0x4c,0x42,0x7f,0x82,0x05,},43,"\xa7\xc0\x4e\x8b\xa7\x5d\x0a\x03\xd8\xb1\x66\xad\x7a\x1d\x77\xe1\xb9\x1c\x7a\xaf\x7b\xef\xdd\x99\x31\x1f\xc3\xc5\x4a\x68\x4d\xdd\x97\x1d\x5b\x32\x11\xc3\xee\xaf\xf1\xe5\x4e"}, - {{0x30,0xab,0x82,0x32,0xfa,0x70,0x18,0xf0,0xce,0x6c,0x39,0xbd,0x8f,0x78,0x2f,0xe2,0xe1,0x59,0x75,0x8b,0xb0,0xf2,0xf4,0x38,0x6c,0x7f,0x28,0xcf,0xd2,0xc8,0x58,0x98,},{0xec,0xfb,0x6a,0x2b,0xd4,0x2f,0x31,0xb6,0x12,0x50,0xba,0x5d,0xe7,0xe4,0x6b,0x47,0x19,0xaf,0xdf,0xbc,0x66,0x0d,0xb7,0x1a,0x7b,0xd1,0xdf,0x7b,0x0a,0x3a,0xbe,0x37,},{0x9a,0xf8,0x85,0x34,0x4c,0xc7,0x23,0x94,0x98,0xf7,0x12,0xdf,0x80,0xbc,0x01,0xb8,0x06,0x38,0x29,0x1e,0xd4,0xa1,0xd2,0x8b,0xaa,0x55,0x45,0x01,0x7a,0x72,0xe2,0xf6,0x56,0x49,0xcc,0xf9,0x60,0x3d,0xa6,0xeb,0x5b,0xfa,0xb9,0xf5,0x54,0x3a,0x6c,0xa4,0xa7,0xaf,0x38,0x66,0x15,0x3c,0x76,0xbf,0x66,0xbf,0x95,0xde,0xf6,0x15,0xb0,0x0c,},44,"\x63\xb8\x0b\x79\x56\xac\xbe\xcf\x0c\x35\xe9\xab\x06\xb9\x14\xb0\xc7\x01\x4f\xe1\xa4\xbb\xc0\x21\x72\x40\xc1\xa3\x30\x95\xd7\x07\x95\x3e\xd7\x7b\x15\xd2\x11\xad\xaf\x9b\x97\xdc"}, - {{0x0d,0xdc,0xdc,0x87,0x2c,0x7b,0x74,0x8d,0x40,0xef,0xe9,0x6c,0x28,0x81,0xae,0x18,0x9d,0x87,0xf5,0x61,0x48,0xed,0x8a,0xf3,0xeb,0xbb,0xc8,0x03,0x24,0xe3,0x8b,0xdd,},{0x58,0x8d,0xda,0xdc,0xbc,0xed,0xf4,0x0d,0xf0,0xe9,0x69,0x7d,0x8b,0xb2,0x77,0xc7,0xbb,0x14,0x98,0xfa,0x1d,0x26,0xce,0x0a,0x83,0x5a,0x76,0x0b,0x92,0xca,0x7c,0x85,},{0xc1,0x79,0xc0,0x94,0x56,0xe2,0x35,0xfe,0x24,0x10,0x5a,0xfa,0x6e,0x8e,0xc0,0x46,0x37,0xf8,0xf9,0x43,0x81,0x7c,0xd0,0x98,0xba,0x95,0x38,0x7f,0x96,0x53,0xb2,0xad,0xd1,0x81,0xa3,0x14,0x47,0xd9,0x2d,0x1a,0x1d,0xdf,0x1c,0xeb,0x0d,0xb6,0x21,0x18,0xde,0x9d,0xff,0xb7,0xdc,0xd2,0x42,0x40,0x57,0xcb,0xdf,0xf5,0xd4,0x1d,0x04,0x03,},45,"\x65\x64\x1c\xd4\x02\xad\xd8\xbf\x3d\x1d\x67\xdb\xeb\x6d\x41\xde\xbf\xbe\xf6\x7e\x43\x17\xc3\x5b\x0a\x6d\x5b\xbb\xae\x0e\x03\x4d\xe7\xd6\x70\xba\x14\x13\xd0\x56\xf2\xd6\xf1\xde\x12"}, - {{0x89,0xf0,0xd6,0x82,0x99,0xba,0x0a,0x5a,0x83,0xf2,0x48,0xae,0x0c,0x16,0x9f,0x8e,0x38,0x49,0xa9,0xb4,0x7b,0xd4,0x54,0x98,0x84,0x30,0x5c,0x99,0x12,0xb4,0x66,0x03,},{0xab,0xa3,0xe7,0x95,0xaa,0xb2,0x01,0x2a,0xcc,0xea,0xdd,0x7b,0x3b,0xd9,0xda,0xee,0xed,0x6f,0xf5,0x25,0x8b,0xdc,0xd7,0xc9,0x36,0x99,0xc2,0xa3,0x83,0x6e,0x38,0x32,},{0x2c,0x69,0x1f,0xa8,0xd4,0x87,0xce,0x20,0xd5,0xd2,0xfa,0x41,0x55,0x91,0x16,0xe0,0xbb,0xf4,0x39,0x7c,0xf5,0x24,0x0e,0x15,0x25,0x56,0x18,0x35,0x41,0xd6,0x6c,0xf7,0x53,0x58,0x24,0x01,0xa4,0x38,0x8d,0x39,0x03,0x39,0xdb,0xef,0x4d,0x38,0x47,0x43,0xca,0xa3,0x46,0xf5,0x5f,0x8d,0xab,0xa6,0x8b,0xa7,0xb9,0x13,0x1a,0x8a,0x6e,0x0b,},46,"\x4f\x18\x46\xdd\x7a\xd5\x0e\x54\x5d\x4c\xfb\xff\xbb\x1d\xc2\xff\x14\x5d\xc1\x23\x75\x4d\x08\xaf\x4e\x44\xec\xc0\xbc\x8c\x91\x41\x13\x88\xbc\x76\x53\xe2\xd8\x93\xd1\xea\xc2\x10\x7d\x05"}, - {{0x0a,0x3c,0x18,0x44,0xe2,0xdb,0x07,0x0f,0xb2,0x4e,0x3c,0x95,0xcb,0x1c,0xc6,0x71,0x4e,0xf8,0x4e,0x2c,0xcd,0x2b,0x9d,0xd2,0xf1,0x46,0x0e,0xbf,0x7e,0xcf,0x13,0xb1,},{0x72,0xe4,0x09,0x93,0x7e,0x06,0x10,0xeb,0x5c,0x20,0xb3,0x26,0xdc,0x6e,0xa1,0xbb,0xbc,0x04,0x06,0x70,0x1c,0x5c,0xd6,0x7d,0x1f,0xbd,0xe0,0x91,0x92,0xb0,0x7c,0x01,},{0x87,0xf7,0xfd,0xf4,0x60,0x95,0x20,0x1e,0x87,0x7a,0x58,0x8f,0xe3,0xe5,0xaa,0xf4,0x76,0xbd,0x63,0x13,0x8d,0x8a,0x87,0x8b,0x89,0xd6,0xac,0x60,0x63,0x1b,0x34,0x58,0xb9,0xd4,0x1a,0x3c,0x61,0xa5,0x88,0xe1,0xdb,0x8d,0x29,0xa5,0x96,0x89,0x81,0xb0,0x18,0x77,0x6c,0x58,0x87,0x80,0x92,0x2f,0x5a,0xa7,0x32,0xba,0x63,0x79,0xdd,0x05,},47,"\x4c\x82\x74\xd0\xed\x1f\x74\xe2\xc8\x6c\x08\xd9\x55\xbd\xe5\x5b\x2d\x54\x32\x7e\x82\x06\x2a\x1f\x71\xf7\x0d\x53\x6f\xdc\x87\x22\xcd\xea\xd7\xd2\x2a\xae\xad\x2b\xfa\xa1\xad\x00\xb8\x29\x57"}, - {{0xc8,0xd7,0xa8,0x81,0x8b,0x98,0xdf,0xdb,0x20,0x83,0x9c,0x87,0x1c,0xb5,0xc4,0x8e,0x9e,0x94,0x70,0xca,0x3a,0xd3,0x5b,0xa2,0x61,0x3a,0x5d,0x31,0x99,0xc8,0xab,0x23,},{0x90,0xd2,0xef,0xbb,0xa4,0xd4,0x3e,0x6b,0x2b,0x99,0x2c,0xa1,0x60,0x83,0xdb,0xcf,0xa2,0xb3,0x22,0x38,0x39,0x07,0xb0,0xee,0x75,0xf3,0xe9,0x58,0x45,0xd3,0xc4,0x7f,},{0xfa,0x2e,0x99,0x44,0x21,0xae,0xf1,0xd5,0x85,0x66,0x74,0x81,0x3d,0x05,0xcb,0xd2,0xcf,0x84,0xef,0x5e,0xb4,0x24,0xaf,0x6e,0xcd,0x0d,0xc6,0xfd,0xbd,0xc2,0xfe,0x60,0x5f,0xe9,0x85,0x88,0x33,0x12,0xec,0xf3,0x4f,0x59,0xbf,0xb2,0xf1,0xc9,0x14,0x9e,0x5b,0x9c,0xc9,0xec,0xda,0x05,0xb2,0x73,0x11,0x30,0xf3,0xed,0x28,0xdd,0xae,0x0b,},48,"\x78\x3e\x33\xc3\xac\xbd\xbb\x36\xe8\x19\xf5\x44\xa7\x78\x1d\x83\xfc\x28\x3d\x33\x09\xf5\xd3\xd1\x2c\x8d\xcd\x6b\x0b\x3d\x0e\x89\xe3\x8c\xfd\x3b\x4d\x08\x85\x66\x1c\xa5\x47\xfb\x97\x64\xab\xff"}, - {{0xb4,0x82,0x70,0x36,0x12,0xd0,0xc5,0x86,0xf7,0x6c,0xfc,0xb2,0x1c,0xfd,0x21,0x03,0xc9,0x57,0x25,0x15,0x04,0xa8,0xc0,0xac,0x4c,0x86,0xc9,0xc6,0xf3,0xe4,0x29,0xff,},{0xfd,0x71,0x1d,0xc7,0xdd,0x3b,0x1d,0xfb,0x9d,0xf9,0x70,0x4b,0xe3,0xe6,0xb2,0x6f,0x58,0x7f,0xe7,0xdd,0x7b,0xa4,0x56,0xa9,0x1b,0xa4,0x3f,0xe5,0x1a,0xec,0x09,0xad,},{0x58,0x83,0x2b,0xde,0xb2,0x6f,0xea,0xfc,0x31,0xb4,0x62,0x77,0xcf,0x3f,0xb5,0xd7,0xa1,0x7d,0xfb,0x7c,0xcd,0x9b,0x1f,0x58,0xec,0xbe,0x6f,0xeb,0x97,0x96,0x66,0x82,0x8f,0x23,0x9b,0xa4,0xd7,0x52,0x19,0x26,0x0e,0xca,0xc0,0xac,0xf4,0x0f,0x0e,0x5e,0x25,0x90,0xf4,0xca,0xa1,0x6b,0xbb,0xcd,0x8a,0x15,0x5d,0x34,0x79,0x67,0xa6,0x07,},49,"\x29\xd7\x7a\xcf\xd9\x9c\x7a\x00\x70\xa8\x8f\xeb\x62\x47\xa2\xbc\xe9\x98\x4f\xe3\xe6\xfb\xf1\x9d\x40\x45\x04\x2a\x21\xab\x26\xcb\xd7\x71\xe1\x84\xa9\xa7\x5f\x31\x6b\x64\x8c\x69\x20\xdb\x92\xb8\x7b"}, - {{0x84,0xe5,0x0d,0xd9,0xa0,0xf1,0x97,0xe3,0x89,0x3c,0x38,0xdb,0xd9,0x1f,0xaf,0xc3,0x44,0xc1,0x77,0x6d,0x3a,0x40,0x0e,0x2f,0x0f,0x0e,0xe7,0xaa,0x82,0x9e,0xb8,0xa2,},{0x2c,0x50,0xf8,0x70,0xee,0x48,0xb3,0x6b,0x0a,0xc2,0xf8,0xa5,0xf3,0x36,0xfb,0x09,0x0b,0x11,0x30,0x50,0xdb,0xcc,0x25,0xe0,0x78,0x20,0x0a,0x6e,0x16,0x15,0x3e,0xea,},{0x69,0xe6,0xa4,0x49,0x1a,0x63,0x83,0x73,0x16,0xe8,0x6a,0x5f,0x4b,0xa7,0xcd,0x0d,0x73,0x1e,0xcc,0x58,0xf1,0xd0,0xa2,0x64,0xc6,0x7c,0x89,0xbe,0xfd,0xd8,0xd3,0x82,0x9d,0x8d,0xe1,0x3b,0x33,0xcc,0x0b,0xf5,0x13,0x93,0x17,0x15,0xc7,0x80,0x96,0x57,0xe2,0xbf,0xb9,0x60,0xe5,0xc7,0x64,0xc9,0x71,0xd7,0x33,0x74,0x60,0x93,0xe5,0x00,},50,"\xf3\x99\x2c\xde\x64\x93\xe6\x71\xf1\xe1\x29\xdd\xca\x80\x38\xb0\xab\xdb\x77\xbb\x90\x35\xf9\xf8\xbe\x54\xbd\x5d\x68\xc1\xae\xff\x72\x4f\xf4\x7d\x29\x34\x43\x91\xdc\x53\x61\x66\xb8\x67\x1c\xbb\xf1\x23"}, - {{0xb3,0x22,0xd4,0x65,0x77,0xa2,0xa9,0x91,0xa4,0xd1,0x69,0x82,0x87,0x83,0x2a,0x39,0xc4,0x87,0xef,0x77,0x6b,0x4b,0xff,0x03,0x7a,0x05,0xc7,0xf1,0x81,0x2b,0xde,0xec,},{0xeb,0x2b,0xca,0xdf,0xd3,0xee,0xc2,0x98,0x6b,0xaf,0xf3,0x2b,0x98,0xe7,0xc4,0xdb,0xf0,0x3f,0xf9,0x5d,0x8a,0xd5,0xff,0x9a,0xa9,0x50,0x6e,0x54,0x72,0xff,0x84,0x5f,},{0xc7,0xb5,0x51,0x37,0x31,0x7c,0xa2,0x1e,0x33,0x48,0x9f,0xf6,0xa9,0xbf,0xab,0x97,0xc8,0x55,0xdc,0x6f,0x85,0x68,0x4a,0x70,0xa9,0x12,0x5a,0x26,0x1b,0x56,0xd5,0xe6,0xf1,0x49,0xc5,0x77,0x4d,0x73,0x4f,0x2d,0x8d,0xeb,0xfc,0x77,0xb7,0x21,0x89,0x6a,0x82,0x67,0xc2,0x37,0x68,0xe9,0xba,0xdb,0x91,0x0e,0xef,0x83,0xec,0x25,0x88,0x02,},51,"\x19\xf1\xbf\x5d\xcf\x17\x50\xc6\x11\xf1\xc4\xa2\x86\x52\x00\x50\x4d\x82\x29\x8e\xdd\x72\x67\x1f\x62\xa7\xb1\x47\x1a\xc3\xd4\xa3\x0f\x7d\xe9\xe5\xda\x41\x08\xc5\x2a\x4c\xe7\x0a\x3e\x11\x4a\x52\xa3\xb3\xc5"}, - {{0x96,0x0c,0xab,0x50,0x34,0xb9,0x83,0x8d,0x09,0x8d,0x2d,0xcb,0xf4,0x36,0x4b,0xec,0x16,0xd3,0x88,0xf6,0x37,0x6d,0x73,0xa6,0x27,0x3b,0x70,0xf8,0x2b,0xbc,0x98,0xc0,},{0x5e,0x3c,0x19,0xf2,0x41,0x5a,0xcf,0x72,0x9f,0x82,0x9a,0x4e,0xbd,0x5c,0x40,0xe1,0xa6,0xbc,0x9f,0xbc,0xa9,0x57,0x03,0xa9,0x37,0x60,0x87,0xed,0x09,0x37,0xe5,0x1a,},{0x27,0xd4,0xc3,0xa1,0x81,0x1e,0xf9,0xd4,0x36,0x0b,0x3b,0xdd,0x13,0x3c,0x2c,0xcc,0x30,0xd0,0x2c,0x2f,0x24,0x82,0x15,0x77,0x6c,0xb0,0x7e,0xe4,0x17,0x7f,0x9b,0x13,0xfc,0x42,0xdd,0x70,0xa6,0xc2,0xfe,0xd8,0xf2,0x25,0xc7,0x66,0x3c,0x7f,0x18,0x2e,0x7e,0xe8,0xec,0xcf,0xf2,0x0d,0xc7,0xb0,0xe1,0xd5,0x83,0x4e,0xc5,0xb1,0xea,0x01,},52,"\xf8\xb2\x19\x62\x44\x7b\x0a\x8f\x2e\x42\x79\xde\x41\x1b\xea\x12\x8e\x0b\xe4\x4b\x69\x15\xe6\xcd\xa8\x83\x41\xa6\x8a\x0d\x81\x83\x57\xdb\x93\x8e\xac\x73\xe0\xaf\x6d\x31\x20\x6b\x39\x48\xf8\xc4\x8a\x44\x73\x08"}, - {{0xeb,0x77,0xb2,0x63,0x8f,0x23,0xee,0xbc,0x82,0xef,0xe4,0x5e,0xe9,0xe5,0xa0,0x32,0x66,0x37,0x40,0x1e,0x66,0x3e,0xd0,0x29,0x69,0x9b,0x21,0xe6,0x44,0x3f,0xb4,0x8e,},{0x9e,0xf2,0x76,0x08,0x96,0x1a,0xc7,0x11,0xde,0x71,0xa6,0xe2,0xd4,0xd4,0x66,0x3e,0xa3,0xec,0xd4,0x2f,0xb7,0xe4,0xe8,0x62,0x7c,0x39,0x62,0x2d,0xf4,0xaf,0x0b,0xbc,},{0x18,0xdc,0x56,0xd7,0xbd,0x9a,0xcd,0x4f,0x4d,0xaa,0x78,0x54,0x0b,0x4a,0xc8,0xff,0x7a,0xa9,0x81,0x5f,0x45,0xa0,0xbb,0xa3,0x70,0x73,0x1a,0x14,0xea,0xab,0xe9,0x6d,0xf8,0xb5,0xf3,0x7d,0xbf,0x8e,0xae,0x4c,0xb1,0x5a,0x64,0xb2,0x44,0x65,0x1e,0x59,0xd6,0xa3,0xd6,0x76,0x1d,0x9e,0x3c,0x50,0xf2,0xd0,0xcb,0xb0,0x9c,0x05,0xec,0x06,},53,"\x99\xe3\xd0\x09\x34\x00\x3e\xba\xfc\x3e\x9f\xdb\x68\x7b\x0f\x5f\xf9\xd5\x78\x2a\x4b\x1f\x56\xb9\x70\x00\x46\xc0\x77\x91\x56\x02\xc3\x13\x4e\x22\xfc\x90\xed\x7e\x69\x0f\xdd\xd4\x43\x3e\x20\x34\xdc\xb2\xdc\x99\xab"}, - {{0xb6,0x25,0xaa,0x89,0xd3,0xf7,0x30,0x87,0x15,0x42,0x7b,0x6c,0x39,0xbb,0xac,0x58,0xef,0xfd,0x3a,0x0f,0xb7,0x31,0x6f,0x7a,0x22,0xb9,0x9e,0xe5,0x92,0x2f,0x2d,0xc9,},{0x65,0xa9,0x9c,0x3e,0x16,0xfe,0xa8,0x94,0xec,0x33,0xc6,0xb2,0x0d,0x91,0x05,0xe2,0xa0,0x4e,0x27,0x64,0xa4,0x76,0x9d,0x9b,0xbd,0x4d,0x8b,0xac,0xfe,0xab,0x4a,0x2e,},{0x01,0xbb,0x90,0x1d,0x83,0xb8,0xb6,0x82,0xd3,0x61,0x4a,0xf4,0x6a,0x80,0x7b,0xa2,0x69,0x13,0x58,0xfe,0xb7,0x75,0x32,0x5d,0x34,0x23,0xf5,0x49,0xff,0x0a,0xa5,0x75,0x7e,0x4e,0x1a,0x74,0xe9,0xc7,0x0f,0x97,0x21,0xd8,0xf3,0x54,0xb3,0x19,0xd4,0xf4,0xa1,0xd9,0x14,0x45,0xc8,0x70,0xfd,0x0f,0xfb,0x94,0xfe,0xd6,0x46,0x64,0x73,0x0d,},54,"\xe0\x72\x41\xdb\xd3\xad\xbe\x61\x0b\xbe\x4d\x00\x5d\xd4\x67\x32\xa4\xc2\x50\x86\xec\xb8\xec\x29\xcd\x7b\xca\x11\x6e\x1b\xf9\xf5\x3b\xfb\xf3\xe1\x1f\xa4\x90\x18\xd3\x9f\xf1\x15\x4a\x06\x66\x8e\xf7\xdf\x5c\x67\x8e\x6a"}, - {{0xb1,0xc9,0xf8,0xbd,0x03,0xfe,0x82,0xe7,0x8f,0x5c,0x0f,0xb0,0x64,0x50,0xf2,0x7d,0xac,0xdf,0x71,0x64,0x34,0xdb,0x26,0x82,0x75,0xdf,0x3e,0x1d,0xc1,0x77,0xaf,0x42,},{0x7f,0xc8,0x8b,0x1f,0x7b,0x3f,0x11,0xc6,0x29,0xbe,0x67,0x1c,0x21,0x62,0x1f,0x5c,0x10,0x67,0x2f,0xaf,0xc8,0x49,0x2d,0xa8,0x85,0x74,0x20,0x59,0xee,0x67,0x74,0xcf,},{0x4b,0x22,0x99,0x51,0xef,0x26,0x2f,0x16,0x97,0x8f,0x79,0x14,0xbc,0x67,0x2e,0x72,0x26,0xc5,0xf8,0x37,0x9d,0x27,0x78,0xc5,0xa2,0xdc,0x0a,0x26,0x50,0x86,0x9f,0x7a,0xcf,0xbd,0x0b,0xcd,0x30,0xfd,0xb0,0x61,0x9b,0xb4,0x4f,0xc1,0xae,0x59,0x39,0xb8,0x7c,0xc3,0x18,0x13,0x30,0x09,0xc2,0x03,0x95,0xb6,0xc7,0xeb,0x98,0x10,0x77,0x01,},55,"\x33\x1d\xa7\xa9\xc1\xf8\x7b\x2a\xc9\x1e\xe3\xb8\x6d\x06\xc2\x91\x63\xc0\x5e\xd6\xf8\xd8\xa9\x72\x5b\x47\x1b\x7d\xb0\xd6\xac\xec\x7f\x0f\x70\x24\x87\x16\x3f\x5e\xda\x02\x0c\xa5\xb4\x93\xf3\x99\xe1\xc8\xd3\x08\xc3\xc0\xc2"}, - {{0x6d,0x8c,0xdb,0x2e,0x07,0x5f,0x3a,0x2f,0x86,0x13,0x72,0x14,0xcb,0x23,0x6c,0xeb,0x89,0xa6,0x72,0x8b,0xb4,0xa2,0x00,0x80,0x6b,0xf3,0x55,0x7f,0xb7,0x8f,0xac,0x69,},{0x57,0xa0,0x4c,0x7a,0x51,0x13,0xcd,0xdf,0xe4,0x9a,0x4c,0x12,0x46,0x91,0xd4,0x6c,0x1f,0x9c,0xdc,0x8f,0x34,0x3f,0x9d,0xcb,0x72,0xa1,0x33,0x0a,0xec,0xa7,0x1f,0xda,},{0xa6,0xcb,0xc9,0x47,0xf9,0xc8,0x7d,0x14,0x55,0xcf,0x1a,0x70,0x85,0x28,0xc0,0x90,0xf1,0x1e,0xce,0xe4,0x85,0x5d,0x1d,0xba,0xad,0xf4,0x74,0x54,0xa4,0xde,0x55,0xfa,0x4c,0xe8,0x4b,0x36,0xd7,0x3a,0x5b,0x5f,0x8f,0x59,0x29,0x8c,0xcf,0x21,0x99,0x2d,0xf4,0x92,0xef,0x34,0x16,0x3d,0x87,0x75,0x3b,0x7e,0x9d,0x32,0xf2,0xc3,0x66,0x0b,},56,"\x7f\x31\x8d\xbd\x12\x1c\x08\xbf\xdd\xfe\xff\x4f\x6a\xff\x4e\x45\x79\x32\x51\xf8\xab\xf6\x58\x40\x33\x58\x23\x89\x84\x36\x00\x54\xf2\xa8\x62\xc5\xbb\x83\xed\x89\x02\x5d\x20\x14\xa7\xa0\xce\xe5\x0d\xa3\xcb\x0e\x76\xbb\xb6\xbf"}, - {{0x47,0xad,0xc6,0xd6,0xbf,0x57,0x1e,0xe9,0x57,0x0c,0xa0,0xf7,0x5b,0x60,0x4a,0xc4,0x3e,0x30,0x3e,0x4a,0xb3,0x39,0xca,0x9b,0x53,0xca,0xcc,0x5b,0xe4,0x5b,0x2c,0xcb,},{0xa3,0xf5,0x27,0xa1,0xc1,0xf1,0x7d,0xfe,0xed,0x92,0x27,0x73,0x47,0xc9,0xf9,0x8a,0xb4,0x75,0xde,0x17,0x55,0xb0,0xab,0x54,0x6b,0x8a,0x15,0xd0,0x1b,0x9b,0xd0,0xbe,},{0x4e,0x8c,0x31,0x83,0x43,0xc3,0x06,0xad,0xbb,0xa6,0x0c,0x92,0xb7,0x5c,0xb0,0x56,0x9b,0x92,0x19,0xd8,0xa8,0x6e,0x5d,0x57,0x75,0x2e,0xd2,0x35,0xfc,0x10,0x9a,0x43,0xc2,0xcf,0x4e,0x94,0x2c,0xac,0xf2,0x97,0x27,0x9f,0xbb,0x28,0x67,0x53,0x47,0xe0,0x80,0x27,0x72,0x2a,0x4e,0xb7,0x39,0x5e,0x00,0xa1,0x74,0x95,0xd3,0x2e,0xdf,0x0b,},57,"\xce\x49\x7c\x5f\xf5\xa7\x79\x90\xb7\xd8\xf8\x69\x9e\xb1\xf5\xd8\xc0\x58\x2f\x70\xcb\x7a\xc5\xc5\x4d\x9d\x92\x49\x13\x27\x8b\xc6\x54\xd3\x7e\xa2\x27\x59\x0e\x15\x20\x22\x17\xfc\x98\xda\xc4\xc0\xf3\xbe\x21\x83\xd1\x33\x31\x57\x39"}, - {{0x3c,0x19,0xb5,0x0b,0x0f,0xe4,0x79,0x61,0x71,0x9c,0x38,0x1d,0x0d,0x8d,0xa9,0xb9,0x86,0x9d,0x31,0x2f,0x13,0xe3,0x29,0x8b,0x97,0xfb,0x22,0xf0,0xaf,0x29,0xcb,0xbe,},{0x0f,0x7e,0xda,0x09,0x14,0x99,0x62,0x5e,0x2b,0xae,0x85,0x36,0xea,0x35,0xcd,0xa5,0x48,0x3b,0xd1,0x6a,0x9c,0x7e,0x41,0x6b,0x34,0x1d,0x6f,0x2c,0x83,0x34,0x36,0x12,},{0xef,0xbd,0x41,0xf2,0x6a,0x5d,0x62,0x68,0x55,0x16,0xf8,0x82,0xb6,0xec,0x74,0xe0,0xd5,0xa7,0x18,0x30,0xd2,0x03,0xc2,0x31,0x24,0x8f,0x26,0xe9,0x9a,0x9c,0x65,0x78,0xec,0x90,0x0d,0x68,0xcd,0xb8,0xfa,0x72,0x16,0xad,0x0d,0x24,0xf9,0xec,0xbc,0x9f,0xfa,0x65,0x53,0x51,0x66,0x65,0x82,0xf6,0x26,0x64,0x53,0x95,0xa3,0x1f,0xa7,0x04,},58,"\x8d\xdc\xd6\x30\x43\xf5\x5e\xc3\xbf\xc8\x3d\xce\xae\x69\xd8\xf8\xb3\x2f\x4c\xdb\x6e\x2a\xeb\xd9\x4b\x43\x14\xf8\xfe\x72\x87\xdc\xb6\x27\x32\xc9\x05\x2e\x75\x57\xfe\x63\x53\x43\x38\xef\xb5\xb6\x25\x4c\x5d\x41\xd2\x69\x0c\xf5\x14\x4f"}, - {{0x34,0xe1,0xe9,0xd5,0x39,0x10,0x7e,0xb8,0x6b,0x39,0x3a,0x5c,0xce,0xa1,0x49,0x6d,0x35,0xbc,0x7d,0x5e,0x9a,0x8c,0x51,0x59,0xd9,0x57,0xe4,0xe5,0x85,0x2b,0x3e,0xb0,},{0x0e,0xcb,0x26,0x01,0xd5,0xf7,0x04,0x74,0x28,0xe9,0xf9,0x09,0x88,0x3a,0x12,0x42,0x00,0x85,0xf0,0x4e,0xe2,0xa8,0x8b,0x6d,0x95,0xd3,0xd7,0xf2,0xc9,0x32,0xbd,0x76,},{0x32,0xd2,0x29,0x04,0xd3,0xe7,0x01,0x2d,0x6f,0x5a,0x44,0x1b,0x0b,0x42,0x28,0x06,0x4a,0x5c,0xf9,0x5b,0x72,0x3a,0x66,0xb0,0x48,0xa0,0x87,0xec,0xd5,0x59,0x20,0xc3,0x1c,0x20,0x4c,0x3f,0x20,0x06,0x89,0x1a,0x85,0xdd,0x19,0x32,0xe3,0xf1,0xd6,0x14,0xcf,0xd6,0x33,0xb5,0xe6,0x32,0x91,0xc6,0xd8,0x16,0x6f,0x30,0x11,0x43,0x1e,0x09,},59,"\xa6\xd4\xd0\x54\x2c\xfe\x0d\x24\x0a\x90\x50\x7d\xeb\xac\xab\xce\x7c\xbb\xd4\x87\x32\x35\x3f\x4f\xad\x82\xc7\xbb\x7d\xbd\x9d\xf8\xe7\xd9\xa1\x69\x80\xa4\x51\x86\xd8\x78\x6c\x5e\xf6\x54\x45\xbc\xc5\xb2\xad\x5f\x66\x0f\xfc\x7c\x8e\xaa\xc0"}, - {{0x49,0xdd,0x47,0x3e,0xde,0x6a,0xa3,0xc8,0x66,0x82,0x4a,0x40,0xad,0xa4,0x99,0x6c,0x23,0x9a,0x20,0xd8,0x4c,0x93,0x65,0xe4,0xf0,0xa4,0x55,0x4f,0x80,0x31,0xb9,0xcf,},{0x78,0x8d,0xe5,0x40,0x54,0x4d,0x3f,0xeb,0x0c,0x91,0x92,0x40,0xb3,0x90,0x72,0x9b,0xe4,0x87,0xe9,0x4b,0x64,0xad,0x97,0x3e,0xb6,0x5b,0x46,0x69,0xec,0xf2,0x35,0x01,},{0xd2,0xfd,0xe0,0x27,0x91,0xe7,0x20,0x85,0x25,0x07,0xfa,0xa7,0xc3,0x78,0x90,0x40,0xd9,0xef,0x86,0x64,0x63,0x21,0xf3,0x13,0xac,0x55,0x7f,0x40,0x02,0x49,0x15,0x42,0xdd,0x67,0xd0,0x5c,0x69,0x90,0xcd,0xb0,0xd4,0x95,0x50,0x1f,0xbc,0x5d,0x51,0x88,0xbf,0xbb,0x84,0xdc,0x1b,0xf6,0x09,0x8b,0xee,0x06,0x03,0xa4,0x7f,0xc2,0x69,0x0f,},60,"\x3a\x53\x59\x4f\x3f\xba\x03\x02\x93\x18\xf5\x12\xb0\x84\xa0\x71\xeb\xd6\x0b\xae\xc7\xf5\x5b\x02\x8d\xc7\x3b\xfc\x9c\x74\xe0\xca\x49\x6b\xf8\x19\xdd\x92\xab\x61\xcd\x8b\x74\xbe\x3c\x0d\x6d\xcd\x12\x8e\xfc\x5e\xd3\x34\x2c\xba\x12\x4f\x72\x6c"}, - {{0x33,0x1c,0x64,0xda,0x48,0x2b,0x6b,0x55,0x13,0x73,0xc3,0x64,0x81,0xa0,0x2d,0x81,0x36,0xec,0xad,0xbb,0x01,0xab,0x11,0x4b,0x44,0x70,0xbf,0x41,0x60,0x7a,0xc5,0x71,},{0x52,0xa0,0x0d,0x96,0xa3,0x14,0x8b,0x47,0x26,0x69,0x2d,0x9e,0xff,0x89,0x16,0x0e,0xa9,0xf9,0x9a,0x5c,0xc4,0x38,0x9f,0x36,0x1f,0xed,0x0b,0xb1,0x6a,0x42,0xd5,0x21,},{0x22,0xc9,0x9a,0xa9,0x46,0xea,0xd3,0x9a,0xc7,0x99,0x75,0x62,0x81,0x0c,0x01,0xc2,0x0b,0x46,0xbd,0x61,0x06,0x45,0xbd,0x2d,0x56,0xdc,0xdc,0xba,0xac,0xc5,0x45,0x2c,0x74,0xfb,0xf4,0xb8,0xb1,0x81,0x3b,0x0e,0x94,0xc3,0x0d,0x80,0x8c,0xe5,0x49,0x8e,0x61,0xd4,0xf7,0xcc,0xbb,0x4c,0xc5,0xf0,0x4d,0xfc,0x61,0x40,0x82,0x5a,0x96,0x00,},61,"\x20\xe1\xd0\x5a\x0d\x5b\x32\xcc\x81\x50\xb8\x11\x6c\xef\x39\x65\x9d\xd5\xfb\x44\x3a\xb1\x56\x00\xf7\x8e\x5b\x49\xc4\x53\x26\xd9\x32\x3f\x28\x50\xa6\x3c\x38\x08\x85\x94\x95\xae\x27\x3f\x58\xa5\x1e\x9d\xe9\xa1\x45\xd7\x74\xb4\x0b\xa9\xd7\x53\xd3"}, - {{0x5c,0x0b,0x96,0xf2,0xaf,0x87,0x12,0x12,0x2c,0xf7,0x43,0xc8,0xf8,0xdc,0x77,0xb6,0xcd,0x55,0x70,0xa7,0xde,0x13,0x29,0x7b,0xb3,0xdd,0xe1,0x88,0x62,0x13,0xcc,0xe2,},{0x05,0x10,0xea,0xf5,0x7d,0x73,0x01,0xb0,0xe1,0xd5,0x27,0x03,0x9b,0xf4,0xc6,0xe2,0x92,0x30,0x0a,0x3a,0x61,0xb4,0x76,0x54,0x34,0xf3,0x20,0x3c,0x10,0x03,0x51,0xb1,},{0x06,0xe5,0xd8,0x43,0x6a,0xc7,0x70,0x5b,0x3a,0x90,0xf1,0x63,0x1c,0xdd,0x38,0xec,0x1a,0x3f,0xa4,0x97,0x78,0xa9,0xb9,0xf2,0xfa,0x5e,0xbe,0xa4,0xe7,0xd5,0x60,0xad,0xa7,0xdd,0x26,0xff,0x42,0xfa,0xfa,0x8b,0xa4,0x20,0x32,0x37,0x42,0x76,0x1a,0xca,0x69,0x04,0x94,0x0d,0xc2,0x1b,0xbe,0xf6,0x3f,0xf7,0x2d,0xaa,0xb4,0x5d,0x43,0x0b,},62,"\x54\xe0\xca\xa8\xe6\x39\x19\xca\x61\x4b\x2b\xfd\x30\x8c\xcf\xe5\x0c\x9e\xa8\x88\xe1\xee\x44\x46\xd6\x82\xcb\x50\x34\x62\x7f\x97\xb0\x53\x92\xc0\x4e\x83\x55\x56\xc3\x1c\x52\x81\x6a\x48\xe4\xfb\x19\x66\x93\x20\x6b\x8a\xfb\x44\x08\x66\x2b\x3c\xb5\x75"}, - {{0xde,0x84,0xf2,0x43,0x5f,0x78,0xde,0xdb,0x87,0xda,0x18,0x19,0x4f,0xf6,0xa3,0x36,0xf0,0x81,0x11,0x15,0x0d,0xef,0x90,0x1c,0x1a,0xc4,0x18,0x14,0x6e,0xb7,0xb5,0x4a,},{0xd3,0xa9,0x2b,0xba,0xa4,0xd6,0x3a,0xf7,0x9c,0x22,0x26,0xa7,0x23,0x6e,0x64,0x27,0x42,0x8d,0xf8,0xb3,0x62,0x42,0x7f,0x87,0x30,0x23,0xb2,0x2d,0x2f,0x5e,0x03,0xf2,},{0x47,0x1e,0xbc,0x97,0x3c,0xfd,0xac,0xee,0xc0,0x72,0x79,0x30,0x73,0x68,0xb7,0x3b,0xe3,0x5b,0xc6,0xf8,0xd8,0x31,0x2b,0x70,0x15,0x05,0x67,0x36,0x90,0x96,0x70,0x6d,0xc4,0x71,0x12,0x6c,0x35,0x76,0xf9,0xf0,0xeb,0x55,0x0d,0xf5,0xac,0x6a,0x52,0x51,0x81,0x11,0x00,0x29,0xdd,0x1f,0xc1,0x11,0x74,0xd1,0xaa,0xce,0xd4,0x8d,0x63,0x0f,},63,"\x20\x51\x35\xec\x7f\x41\x7c\x85\x80\x72\xd5\x23\x3f\xb3\x64\x82\xd4\x90\x6a\xbd\x60\xa7\x4a\x49\x8c\x34\x7f\xf2\x48\xdf\xa2\x72\x2c\xa7\x4e\x87\x9d\xe3\x31\x69\xfa\xdc\x7c\xd4\x4d\x6c\x94\xa1\x7d\x16\xe1\xe6\x30\x82\x4b\xa3\xe0\xdf\x22\xed\x68\xea\xab"}, - {{0xba,0x4d,0x6e,0x67,0xb2,0xce,0x67,0xa1,0xe4,0x43,0x26,0x49,0x40,0x44,0xf3,0x7a,0x44,0x2f,0x3b,0x81,0x72,0x5b,0xc1,0xf9,0x34,0x14,0x62,0x71,0x8b,0x55,0xee,0x20,},{0xf7,0x3f,0xa0,0x76,0xf8,0x4b,0x6d,0xb6,0x75,0xa5,0xfd,0xa5,0xad,0x67,0xe3,0x51,0xa4,0x1e,0x8e,0x7f,0x29,0xad,0xd1,0x68,0x09,0xca,0x01,0x03,0x87,0xe9,0xc6,0xcc,},{0x57,0xb9,0xd2,0xa7,0x11,0x20,0x7f,0x83,0x74,0x21,0xba,0xe7,0xdd,0x48,0xea,0xa1,0x8e,0xab,0x1a,0x9a,0x70,0xa0,0xf1,0x30,0x58,0x06,0xfe,0xe1,0x7b,0x45,0x8f,0x3a,0x09,0x64,0xb3,0x02,0xd1,0x83,0x4d,0x3e,0x0a,0xc9,0xe8,0x49,0x6f,0x00,0x0b,0x77,0xf0,0x08,0x3b,0x41,0xf8,0xa9,0x57,0xe6,0x32,0xfb,0xc7,0x84,0x0e,0xee,0x6a,0x06,},64,"\x4b\xaf\xda\xc9\x09\x9d\x40\x57\xed\x6d\xd0\x8b\xca\xee\x87\x56\xe9\xa4\x0f\x2c\xb9\x59\x80\x20\xeb\x95\x01\x95\x28\x40\x9b\xbe\xa3\x8b\x38\x4a\x59\xf1\x19\xf5\x72\x97\xbf\xb2\xfa\x14\x2f\xc7\xbb\x1d\x90\xdb\xdd\xde\x77\x2b\xcd\xe4\x8c\x56\x70\xd5\xfa\x13"}, - {{0x0d,0x13,0x1c,0x45,0xae,0xa6,0xf3,0xa4,0xe1,0xb9,0xa2,0xcf,0x60,0xc5,0x51,0x04,0x58,0x7e,0xfa,0xa8,0x46,0xb2,0x22,0xbf,0x0a,0x7b,0x74,0xce,0x7a,0x3f,0x63,0xb6,},{0x3c,0x67,0x29,0xdb,0xe9,0x3b,0x49,0x9c,0x4e,0x61,0x4a,0x2f,0x21,0xbe,0xb7,0x29,0x43,0x8d,0x49,0x8e,0x1a,0xc8,0xd1,0x4c,0xba,0xd9,0x71,0x7a,0x5d,0xbd,0x97,0xcd,},{0xa9,0xc5,0xee,0x86,0xfb,0x06,0xd9,0xe4,0x6b,0x37,0x9c,0x32,0xdd,0xa7,0xc9,0x2c,0x9c,0x13,0xdb,0x27,0x4d,0xc2,0x41,0x16,0xfb,0xdd,0x87,0x86,0x96,0x04,0x54,0x88,0xcc,0x75,0xa5,0x2f,0xff,0x67,0xd1,0xa5,0x11,0x3d,0x06,0xe3,0x33,0xac,0x67,0xff,0x66,0x4b,0x3f,0x2a,0x40,0x5f,0xa1,0xd1,0x4d,0xd5,0xbb,0xb9,0x74,0x09,0xb6,0x06,},65,"\xb4\x29\x1d\x08\xb8\x8f\xb2\xf7\xb8\xf9\x9d\x0d\xce\x40\x07\x9f\xcb\xab\x71\x8b\xbd\x8f\x4e\x8e\xab\xc3\xc1\x42\x8b\x6a\x07\x1f\xb2\xa3\xc8\xeb\xa1\xca\xcc\xcf\xa8\x71\xb3\x65\xc7\x08\xbe\xf2\x68\x5b\xc1\x3e\x6b\x80\xbc\x14\xa5\xf2\x49\x17\x0f\xfc\x56\xd0\x14"}, +template class FixedRoundsCipherFactory : public CipherFactory +{ +public: + FixedRoundsCipherFactory(unsigned int keylen=0) : + m_keylen(keylen ? keylen : static_cast(E::DEFAULT_KEYLENGTH)) {} + + unsigned int BlockSize() const {return E::BLOCKSIZE;} + unsigned int KeyLength() const {return m_keylen;} + + BlockTransformation* NewEncryption(const byte *keyStr) const + {return new E(keyStr, m_keylen);} + BlockTransformation* NewDecryption(const byte *keyStr) const + {return new D(keyStr, m_keylen);} + + unsigned int m_keylen; }; -bool TestCryptoSign() +template class VariableRoundsCipherFactory : public CipherFactory { - // https://github.com/jedisct1/libsodium/blob/master/test/default/sign.c - const unsigned int MAX_MESSAGE = 65; // Sync with test data +public: + VariableRoundsCipherFactory(unsigned int keylen=0, unsigned int rounds=0) : + m_keylen(keylen ? keylen : static_cast(E::DEFAULT_KEYLENGTH)), + m_rounds(rounds ? rounds : static_cast(E::DEFAULT_ROUNDS)) {} - byte pk[crypto_sign_PUBLICKEYBYTES]; - byte sk[crypto_sign_SECRETKEYBYTES]; - SecByteBlock sm(MAX_MESSAGE+crypto_sign_BYTES); - SecByteBlock rm(MAX_MESSAGE+crypto_sign_BYTES); + unsigned int BlockSize() const {return static_cast(E::BLOCKSIZE);} + unsigned int KeyLength() const {return m_keylen;} - bool pass = true, fail; int rc; + BlockTransformation* NewEncryption(const byte *keyStr) const + {return new E(keyStr, m_keylen, m_rounds);} + BlockTransformation* NewDecryption(const byte *keyStr) const + {return new D(keyStr, m_keylen, m_rounds);} - for (unsigned int i=0; i(data.msg); - const word64 l = data.len; - word64 smlen; +bool BlockTransformationTest(const CipherFactory &cg, BufferedTransformation &valdata, unsigned int tuples = 0xffff) +{ + HexEncoder output(new FileSink(std::cout)); + SecByteBlock plain(cg.BlockSize()), cipher(cg.BlockSize()), out(cg.BlockSize()), outplain(cg.BlockSize()); + SecByteBlock key(cg.KeyLength()); + bool pass=true, fail; - rc = crypto_sign(sm, &smlen, m, l, sk); - fail = (rc != 0); pass = !fail && pass; + while (valdata.MaxRetrievable() && tuples--) + { + (void)valdata.Get(key, cg.KeyLength()); + (void)valdata.Get(plain, cg.BlockSize()); + (void)valdata.Get(cipher, cg.BlockSize()); - word64 s = STDMIN(smlen, (word64)crypto_sign_BYTES); - pass = (s >= crypto_sign_BYTES) && pass; + member_ptr transE(cg.NewEncryption(key)); + transE->ProcessBlock(plain, out); + fail = memcmp(out, cipher, cg.BlockSize()) != 0; - fail = std::memcmp(sm, data.sig, (size_t)s) != 0; - pass = !fail && pass; + member_ptr transD(cg.NewDecryption(key)); + transD->ProcessBlock(out, outplain); + fail=fail || memcmp(outplain, plain, cg.BlockSize()); - word64 rmlen; - rc = crypto_sign_open(rm, &rmlen, sm, smlen, pk); - fail = (rc != 0); pass = !fail && pass; + pass = pass && !fail; - pass = (l == rmlen) && pass; - fail = std::memcmp(m, rm, (size_t)STDMIN(l, rmlen)) != 0; - pass = !fail && pass; - } - - return pass; + std::cout << (fail ? "FAILED " : "passed "); + output.Put(key, cg.KeyLength()); + std::cout << " "; + output.Put(outplain, cg.BlockSize()); + std::cout << " "; + output.Put(out, cg.BlockSize()); + std::cout << std::endl; + } + return pass; } -bool TestCryptoSignKeys() +class FilterTester : public Unflushable { - // https://github.com/jedisct1/libsodium/blob/master/test/default/sign.c - const unsigned int MAX_TEST = 64; - const unsigned int MAX_MESSAGE = 4096; +public: + FilterTester(const byte *validOutput, size_t outputLen) + : validOutput(validOutput), outputLen(outputLen), counter(0), fail(false) {} + void PutByte(byte inByte) + { + if (counter >= outputLen || validOutput[counter] != inByte) + { + std::cerr << "incorrect output " << counter << ", " << (word16)validOutput[counter] << ", " << (word16)inByte << "\n"; + fail = true; + CRYPTOPP_ASSERT(false); + } + counter++; + } + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) + { + CRYPTOPP_UNUSED(messageEnd), CRYPTOPP_UNUSED(blocking); - byte pk[crypto_sign_PUBLICKEYBYTES]; - byte sk[crypto_sign_SECRETKEYBYTES]; + while (length--) + FilterTester::PutByte(*inString++); - bool pass = true, fail; int rc; + if (messageEnd) + if (counter != outputLen) + { + fail = true; + CRYPTOPP_ASSERT(false); + } - for (unsigned int i=0; iGetResult(); } -#endif // CRYPTOPP_DISABLE_NACL - -// NaCl requires an integrated random number generator; see randombytes() -// in tweetnacl.cpp. We use DefaultAutoSeededRNG but it means we need -// Operating System features to seed the generator. If you use another -// generator, like RDRAND, then undefine CRYPTOPP_DISABLE_NACL in naclite.h. -bool ValidateNaCl() +bool ValidateDES() { - std::cout << "\nTesting NaCl library functions...\n\n"; - bool pass = true, fail = false; + std::cout << "\nDES validation suite running...\n\n"; -#ifdef CRYPTOPP_DISABLE_NACL + FileSource valdata(DataDir("TestData/descert.dat").c_str(), true, new HexDecoder); + bool pass = BlockTransformationTest(FixedRoundsCipherFactory(), valdata); - std::cout << "NaCl not available, skipping test." << std::endl; + std::cout << "\nTesting EDE2, EDE3, and XEX3 variants...\n\n"; -#else + FileSource valdata1(DataDir("TestData/3desval.dat").c_str(), true, new HexDecoder); + pass = BlockTransformationTest(FixedRoundsCipherFactory(), valdata1, 1) && pass; + pass = BlockTransformationTest(FixedRoundsCipherFactory(), valdata1, 1) && pass; + pass = BlockTransformationTest(FixedRoundsCipherFactory(), valdata1, 1) && pass; - fail = !TestCryptoBox(); - std::cout << (fail ? "FAILED" : "passed") << " crypto_box, crypto_box_beforenm, crypto_box_afternm\n"; - pass = !fail && pass; - - fail = !TestCryptoBoxOpen(); - std::cout << (fail ? "FAILED" : "passed") << " crypto_box_open, crypto_box_open_afternm\n"; - pass = !fail && pass; - - fail = !TestCryptoBoxKeys(); - std::cout << (fail ? "FAILED" : "passed") << " crypto_box_keypair pairwise consistency\n"; - pass = !fail && pass; - - fail = !TestCryptoSign(); - std::cout << (fail ? "FAILED" : "passed") << " crypto_sign, crypto_sign_open, crypto_sign_keypair\n"; - pass = !fail && pass; - - fail = !TestCryptoSignKeys(); - std::cout << (fail ? "FAILED" : "passed") << " crypto_sign_keypair pairwise consistency\n"; - pass = !fail && pass; - -#endif - - return pass; + return pass; } -NAMESPACE_END -NAMESPACE_END +bool TestModeIV(SymmetricCipher &e, SymmetricCipher &d) +{ + SecByteBlock lastIV, iv(e.IVSize()); + StreamTransformationFilter filter(e, new StreamTransformationFilter(d)); + + // Enterprise Analysis finding on the stack based array + const int BUF_SIZE=20480U; + AlignedSecByteBlock plaintext(BUF_SIZE); + + for (unsigned int i=1; i cbcmac(key); + HashFilter cbcmacFilter(cbcmac); + fail = !TestFilter(cbcmacFilter, plain_3, sizeof(plain_3), mac1, sizeof(mac1)); + pass = pass && !fail; + std::cout << (fail ? "FAILED " : "passed ") << "CBC MAC" << std::endl; + + DMAC dmac(key); + HashFilter dmacFilter(dmac); + fail = !TestFilter(dmacFilter, plain_3, sizeof(plain_3), mac2, sizeof(mac2)); + pass = pass && !fail; + std::cout << (fail ? "FAILED " : "passed ") << "DMAC" << std::endl; + } + + return pass; +} + +bool ValidateIDEA() +{ + std::cout << "\nIDEA validation suite running...\n\n"; + + FileSource valdata(DataDir("TestData/ideaval.dat").c_str(), true, new HexDecoder); + return BlockTransformationTest(FixedRoundsCipherFactory(), valdata); +} + +bool ValidateSAFER() +{ + std::cout << "\nSAFER validation suite running...\n\n"; + + FileSource valdata(DataDir("TestData/saferval.dat").c_str(), true, new HexDecoder); + bool pass = true; + pass = BlockTransformationTest(VariableRoundsCipherFactory(8,6), valdata, 4) && pass; + pass = BlockTransformationTest(VariableRoundsCipherFactory(16,12), valdata, 4) && pass; + pass = BlockTransformationTest(VariableRoundsCipherFactory(8,6), valdata, 4) && pass; + pass = BlockTransformationTest(VariableRoundsCipherFactory(16,10), valdata, 4) && pass; + return pass; +} + +bool ValidateRC2() +{ + std::cout << "\nRC2 validation suite running...\n\n"; + + FileSource valdata(DataDir("TestData/rc2val.dat").c_str(), true, new HexDecoder); + HexEncoder output(new FileSink(std::cout)); + SecByteBlock plain(RC2Encryption::BLOCKSIZE), cipher(RC2Encryption::BLOCKSIZE), out(RC2Encryption::BLOCKSIZE), outplain(RC2Encryption::BLOCKSIZE); + SecByteBlock key(128); + bool pass=true, fail; + + while (valdata.MaxRetrievable()) + { + byte keyLen, effectiveLen; + + (void)valdata.Get(keyLen); + (void)valdata.Get(effectiveLen); + (void)valdata.Get(key, keyLen); + (void)valdata.Get(plain, RC2Encryption::BLOCKSIZE); + (void)valdata.Get(cipher, RC2Encryption::BLOCKSIZE); + + member_ptr transE(new RC2Encryption(key, keyLen, effectiveLen)); + transE->ProcessBlock(plain, out); + fail = memcmp(out, cipher, RC2Encryption::BLOCKSIZE) != 0; + + member_ptr transD(new RC2Decryption(key, keyLen, effectiveLen)); + transD->ProcessBlock(out, outplain); + fail=fail || memcmp(outplain, plain, RC2Encryption::BLOCKSIZE); + + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + output.Put(key, keyLen); + std::cout << " "; + output.Put(outplain, RC2Encryption::BLOCKSIZE); + std::cout << " "; + output.Put(out, RC2Encryption::BLOCKSIZE); + std::cout << std::endl; + } + return pass; +} + +bool ValidateARC4() +{ + unsigned char Key0[] = {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef }; + unsigned char Input0[]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; + unsigned char Output0[] = {0x75,0xb7,0x87,0x80,0x99,0xe0,0xc5,0x96}; + + unsigned char Key1[]={0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef}; + unsigned char Input1[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + unsigned char Output1[]={0x74,0x94,0xc2,0xe7,0x10,0x4b,0x08,0x79}; + + unsigned char Key2[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + unsigned char Input2[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + unsigned char Output2[]={0xde,0x18,0x89,0x41,0xa3,0x37,0x5d,0x3a}; + + unsigned char Key3[]={0xef,0x01,0x23,0x45}; + unsigned char Input3[]={0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}; + unsigned char Output3[]={0xd6,0xa1,0x41,0xa7,0xec,0x3c,0x38,0xdf,0xbd,0x61}; + + unsigned char Key4[]={ 0x01,0x23,0x45,0x67,0x89,0xab, 0xcd,0xef }; + unsigned char Input4[] = + {0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01,0x01, + 0x01}; + unsigned char Output4[]= { + 0x75,0x95,0xc3,0xe6,0x11,0x4a,0x09,0x78,0x0c,0x4a,0xd4, + 0x52,0x33,0x8e,0x1f,0xfd,0x9a,0x1b,0xe9,0x49,0x8f, + 0x81,0x3d,0x76,0x53,0x34,0x49,0xb6,0x77,0x8d,0xca, + 0xd8,0xc7,0x8a,0x8d,0x2b,0xa9,0xac,0x66,0x08,0x5d, + 0x0e,0x53,0xd5,0x9c,0x26,0xc2,0xd1,0xc4,0x90,0xc1, + 0xeb,0xbe,0x0c,0xe6,0x6d,0x1b,0x6b,0x1b,0x13,0xb6, + 0xb9,0x19,0xb8,0x47,0xc2,0x5a,0x91,0x44,0x7a,0x95, + 0xe7,0x5e,0x4e,0xf1,0x67,0x79,0xcd,0xe8,0xbf,0x0a, + 0x95,0x85,0x0e,0x32,0xaf,0x96,0x89,0x44,0x4f,0xd3, + 0x77,0x10,0x8f,0x98,0xfd,0xcb,0xd4,0xe7,0x26,0x56, + 0x75,0x00,0x99,0x0b,0xcc,0x7e,0x0c,0xa3,0xc4,0xaa, + 0xa3,0x04,0xa3,0x87,0xd2,0x0f,0x3b,0x8f,0xbb,0xcd, + 0x42,0xa1,0xbd,0x31,0x1d,0x7a,0x43,0x03,0xdd,0xa5, + 0xab,0x07,0x88,0x96,0xae,0x80,0xc1,0x8b,0x0a,0xf6, + 0x6d,0xff,0x31,0x96,0x16,0xeb,0x78,0x4e,0x49,0x5a, + 0xd2,0xce,0x90,0xd7,0xf7,0x72,0xa8,0x17,0x47,0xb6, + 0x5f,0x62,0x09,0x3b,0x1e,0x0d,0xb9,0xe5,0xba,0x53, + 0x2f,0xaf,0xec,0x47,0x50,0x83,0x23,0xe6,0x71,0x32, + 0x7d,0xf9,0x44,0x44,0x32,0xcb,0x73,0x67,0xce,0xc8, + 0x2f,0x5d,0x44,0xc0,0xd0,0x0b,0x67,0xd6,0x50,0xa0, + 0x75,0xcd,0x4b,0x70,0xde,0xdd,0x77,0xeb,0x9b,0x10, + 0x23,0x1b,0x6b,0x5b,0x74,0x13,0x47,0x39,0x6d,0x62, + 0x89,0x74,0x21,0xd4,0x3d,0xf9,0xb4,0x2e,0x44,0x6e, + 0x35,0x8e,0x9c,0x11,0xa9,0xb2,0x18,0x4e,0xcb,0xef, + 0x0c,0xd8,0xe7,0xa8,0x77,0xef,0x96,0x8f,0x13,0x90, + 0xec,0x9b,0x3d,0x35,0xa5,0x58,0x5c,0xb0,0x09,0x29, + 0x0e,0x2f,0xcd,0xe7,0xb5,0xec,0x66,0xd9,0x08,0x4b, + 0xe4,0x40,0x55,0xa6,0x19,0xd9,0xdd,0x7f,0xc3,0x16, + 0x6f,0x94,0x87,0xf7,0xcb,0x27,0x29,0x12,0x42,0x64, + 0x45,0x99,0x85,0x14,0xc1,0x5d,0x53,0xa1,0x8c,0x86, + 0x4c,0xe3,0xa2,0xb7,0x55,0x57,0x93,0x98,0x81,0x26, + 0x52,0x0e,0xac,0xf2,0xe3,0x06,0x6e,0x23,0x0c,0x91, + 0xbe,0xe4,0xdd,0x53,0x04,0xf5,0xfd,0x04,0x05,0xb3, + 0x5b,0xd9,0x9c,0x73,0x13,0x5d,0x3d,0x9b,0xc3,0x35, + 0xee,0x04,0x9e,0xf6,0x9b,0x38,0x67,0xbf,0x2d,0x7b, + 0xd1,0xea,0xa5,0x95,0xd8,0xbf,0xc0,0x06,0x6f,0xf8, + 0xd3,0x15,0x09,0xeb,0x0c,0x6c,0xaa,0x00,0x6c,0x80, + 0x7a,0x62,0x3e,0xf8,0x4c,0x3d,0x33,0xc1,0x95,0xd2, + 0x3e,0xe3,0x20,0xc4,0x0d,0xe0,0x55,0x81,0x57,0xc8, + 0x22,0xd4,0xb8,0xc5,0x69,0xd8,0x49,0xae,0xd5,0x9d, + 0x4e,0x0f,0xd7,0xf3,0x79,0x58,0x6b,0x4b,0x7f,0xf6, + 0x84,0xed,0x6a,0x18,0x9f,0x74,0x86,0xd4,0x9b,0x9c, + 0x4b,0xad,0x9b,0xa2,0x4b,0x96,0xab,0xf9,0x24,0x37, + 0x2c,0x8a,0x8f,0xff,0xb1,0x0d,0x55,0x35,0x49,0x00, + 0xa7,0x7a,0x3d,0xb5,0xf2,0x05,0xe1,0xb9,0x9f,0xcd, + 0x86,0x60,0x86,0x3a,0x15,0x9a,0xd4,0xab,0xe4,0x0f, + 0xa4,0x89,0x34,0x16,0x3d,0xdd,0xe5,0x42,0xa6,0x58, + 0x55,0x40,0xfd,0x68,0x3c,0xbf,0xd8,0xc0,0x0f,0x12, + 0x12,0x9a,0x28,0x4d,0xea,0xcc,0x4c,0xde,0xfe,0x58, + 0xbe,0x71,0x37,0x54,0x1c,0x04,0x71,0x26,0xc8,0xd4, + 0x9e,0x27,0x55,0xab,0x18,0x1a,0xb7,0xe9,0x40,0xb0, + 0xc0}; + + member_ptr arc4; + bool pass=true, fail; + unsigned int i; + + std::cout << "\nARC4 validation suite running...\n\n"; + + arc4.reset(new Weak::ARC4(Key0, sizeof(Key0))); + arc4->ProcessString(Input0, sizeof(Input0)); + fail = memcmp(Input0, Output0, sizeof(Input0)) != 0; + std::cout << (fail ? "FAILED" : "passed") << " Test 0" << std::endl; + pass = pass && !fail; + + arc4.reset(new Weak::ARC4(Key1, sizeof(Key1))); + arc4->ProcessString(Key1, Input1, sizeof(Key1)); + fail = memcmp(Output1, Key1, sizeof(Key1)) != 0; + std::cout << (fail ? "FAILED" : "passed") << " Test 1" << std::endl; + pass = pass && !fail; + + arc4.reset(new Weak::ARC4(Key2, sizeof(Key2))); + for (i=0, fail=false; iProcessByte(Input2[i]) != Output2[i]) + fail = true; + std::cout << (fail ? "FAILED" : "passed") << " Test 2" << std::endl; + pass = pass && !fail; + + arc4.reset(new Weak::ARC4(Key3, sizeof(Key3))); + for (i=0, fail=false; iProcessByte(Input3[i]) != Output3[i]) + fail = true; + std::cout << (fail ? "FAILED" : "passed") << " Test 3" << std::endl; + pass = pass && !fail; + + arc4.reset(new Weak::ARC4(Key4, sizeof(Key4))); + for (i=0, fail=false; iProcessByte(Input4[i]) != Output4[i]) + fail = true; + std::cout << (fail ? "FAILED" : "passed") << " Test 4" << std::endl; + pass = pass && !fail; + + return pass; +} + +bool ValidateRC5() +{ + std::cout << "\nRC5 validation suite running...\n\n"; + bool pass1 = true, pass2 = true; + + RC5Encryption enc; // 0 to 2040-bits (255-bytes) + pass1 = RC5Encryption::DEFAULT_KEYLENGTH == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(0) == 0 && pass1; + pass1 = enc.StaticGetValidKeyLength(254) == 254 && pass1; + pass1 = enc.StaticGetValidKeyLength(255) == 255 && pass1; + pass1 = enc.StaticGetValidKeyLength(256) == 255 && pass1; + pass1 = enc.StaticGetValidKeyLength(0) == enc.MinKeyLength() && pass1; + pass1 = enc.StaticGetValidKeyLength(SIZE_MAX) == enc.MaxKeyLength() && pass1; + + RC5Decryption dec; + pass2 = RC5Decryption::DEFAULT_KEYLENGTH == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(0) == 0 && pass2; + pass2 = dec.StaticGetValidKeyLength(254) == 254 && pass2; + pass2 = dec.StaticGetValidKeyLength(255) == 255 && pass2; + pass2 = dec.StaticGetValidKeyLength(256) == 255 && pass2; + pass2 = dec.StaticGetValidKeyLength(0) == dec.MinKeyLength() && pass2; + pass2 = dec.StaticGetValidKeyLength(SIZE_MAX) == dec.MaxKeyLength() && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource valdata(DataDir("TestData/rc5val.dat").c_str(), true, new HexDecoder); + return BlockTransformationTest(VariableRoundsCipherFactory(16, 12), valdata) && pass1 && pass2; +} + +bool ValidateRC6() +{ + std::cout << "\nRC6 validation suite running...\n\n"; + bool pass1 = true, pass2 = true, pass3 = true; + + RC6Encryption enc; + pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(24) == 24 && pass1; + pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(64) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(128) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(0) == enc.MinKeyLength() && pass1; + pass1 = enc.StaticGetValidKeyLength(SIZE_MAX) == enc.MaxKeyLength() && pass1; + + RC6Decryption dec; + pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(24) == 24 && pass2; + pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(64) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(128) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(0) == dec.MinKeyLength() && pass2; + pass2 = dec.StaticGetValidKeyLength(SIZE_MAX) == dec.MaxKeyLength() && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource valdata(DataDir("TestData/rc6val.dat").c_str(), true, new HexDecoder); + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 2) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(24), valdata, 2) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(32), valdata, 2) && pass3; + return pass1 && pass2 && pass3; +} + +bool ValidateMARS() +{ + std::cout << "\nMARS validation suite running...\n\n"; + bool pass1 = true, pass2 = true, pass3 = true; + + MARSEncryption enc; + pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(24) == 24 && pass1; + pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(64) == 56 && pass1; + pass1 = enc.StaticGetValidKeyLength(128) == 56 && pass1; + pass1 = enc.StaticGetValidKeyLength(0) == enc.MinKeyLength() && pass1; + pass1 = enc.StaticGetValidKeyLength(SIZE_MAX) == enc.MaxKeyLength() && pass1; + + MARSDecryption dec; + pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(24) == 24 && pass2; + pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(64) == 56 && pass2; + pass2 = dec.StaticGetValidKeyLength(128) == 56 && pass2; + pass2 = dec.StaticGetValidKeyLength(0) == dec.MinKeyLength() && pass2; + pass2 = dec.StaticGetValidKeyLength(SIZE_MAX) == dec.MaxKeyLength() && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource valdata(DataDir("TestData/marsval.dat").c_str(), true, new HexDecoder); + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 4) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(24), valdata, 3) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(32), valdata, 2) && pass3; + return pass1 && pass2 && pass3; +} + +bool ValidateRijndael() +{ + std::cout << "\nRijndael (AES) validation suite running...\n\n"; + bool pass1 = true, pass2 = true, pass3 = true; + + RijndaelEncryption enc; + pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(24) == 24 && pass1; + pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(64) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(128) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(0) == enc.MinKeyLength() && pass1; + pass1 = enc.StaticGetValidKeyLength(SIZE_MAX) == enc.MaxKeyLength() && pass1; + + RijndaelDecryption dec; + pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(24) == 24 && pass2; + pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(64) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(128) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(0) == dec.MinKeyLength() && pass2; + pass2 = dec.StaticGetValidKeyLength(SIZE_MAX) == dec.MaxKeyLength() && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource valdata(DataDir("TestData/rijndael.dat").c_str(), true, new HexDecoder); + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 4) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(24), valdata, 3) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(32), valdata, 2) && pass3; + pass3 = RunTestDataFile("TestVectors/aes.txt") && pass3; + return pass1 && pass2 && pass3; +} + +bool ValidateTwofish() +{ + std::cout << "\nTwofish validation suite running...\n\n"; + bool pass1 = true, pass2 = true, pass3 = true; + + TwofishEncryption enc; + pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(24) == 24 && pass1; + pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(64) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(128) == 32 && pass1; + + TwofishDecryption dec; + pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(24) == 24 && pass2; + pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(64) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(128) == 32 && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource valdata(DataDir("TestData/twofishv.dat").c_str(), true, new HexDecoder); + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 4) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(24), valdata, 3) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(32), valdata, 2) && pass3; + return pass1 && pass2 && pass3; +} + +bool ValidateSerpent() +{ + std::cout << "\nSerpent validation suite running...\n\n"; + bool pass1 = true, pass2 = true, pass3 = true; + + SerpentEncryption enc; + pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(24) == 24 && pass1; + pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(64) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(128) == 32 && pass1; + + SerpentDecryption dec; + pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(24) == 24 && pass2; + pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(64) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(128) == 32 && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource valdata(DataDir("TestData/serpentv.dat").c_str(), true, new HexDecoder); + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 5) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(24), valdata, 4) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(32), valdata, 3) && pass3; + return pass1 && pass2 && pass3; +} + +bool ValidateBlowfish() +{ + std::cout << "\nBlowfish validation suite running...\n\n"; + bool pass1 = true, pass2 = true, pass3 = true, fail; + + BlowfishEncryption enc1; // 32 to 448-bits (4 to 56-bytes) + pass1 = enc1.StaticGetValidKeyLength(3) == 4 && pass1; + pass1 = enc1.StaticGetValidKeyLength(4) == 4 && pass1; + pass1 = enc1.StaticGetValidKeyLength(5) == 5 && pass1; + pass1 = enc1.StaticGetValidKeyLength(8) == 8 && pass1; + pass1 = enc1.StaticGetValidKeyLength(16) == 16 && pass1; + pass1 = enc1.StaticGetValidKeyLength(24) == 24 && pass1; + pass1 = enc1.StaticGetValidKeyLength(32) == 32 && pass1; + pass1 = enc1.StaticGetValidKeyLength(56) == 56 && pass1; + pass1 = enc1.StaticGetValidKeyLength(57) == 56 && pass1; + pass1 = enc1.StaticGetValidKeyLength(60) == 56 && pass1; + pass1 = enc1.StaticGetValidKeyLength(64) == 56 && pass1; + pass1 = enc1.StaticGetValidKeyLength(128) == 56 && pass1; + + BlowfishDecryption dec1; // 32 to 448-bits (4 to 56-bytes) + pass2 = dec1.StaticGetValidKeyLength(3) == 4 && pass2; + pass2 = dec1.StaticGetValidKeyLength(4) == 4 && pass2; + pass2 = dec1.StaticGetValidKeyLength(5) == 5 && pass2; + pass2 = dec1.StaticGetValidKeyLength(8) == 8 && pass2; + pass2 = dec1.StaticGetValidKeyLength(16) == 16 && pass2; + pass2 = dec1.StaticGetValidKeyLength(24) == 24 && pass2; + pass2 = dec1.StaticGetValidKeyLength(32) == 32 && pass2; + pass2 = dec1.StaticGetValidKeyLength(56) == 56 && pass2; + pass2 = dec1.StaticGetValidKeyLength(57) == 56 && pass2; + pass2 = dec1.StaticGetValidKeyLength(60) == 56 && pass2; + pass2 = dec1.StaticGetValidKeyLength(64) == 56 && pass2; + pass2 = dec1.StaticGetValidKeyLength(128) == 56 && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + HexEncoder output(new FileSink(std::cout)); + const char *key[]={"abcdefghijklmnopqrstuvwxyz", "Who is John Galt?"}; + byte *plain[]={(byte *)"BLOWFISH", (byte *)"\xfe\xdc\xba\x98\x76\x54\x32\x10"}; + byte *cipher[]={(byte *)"\x32\x4e\xd0\xfe\xf4\x13\xa2\x03", (byte *)"\xcc\x91\x73\x2b\x80\x22\xf6\x84"}; + byte out[8], outplain[8]; + + for (int i=0; i<2; i++) + { + ECB_Mode::Encryption enc2((byte *)key[i], strlen(key[i])); + enc2.ProcessData(out, plain[i], 8); + fail = memcmp(out, cipher[i], 8) != 0; + + ECB_Mode::Decryption dec2((byte *)key[i], strlen(key[i])); + dec2.ProcessData(outplain, cipher[i], 8); + fail = fail || memcmp(outplain, plain[i], 8); + pass3 = pass3 && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << '\"' << key[i] << '\"'; + for (int j=0; j<(signed int)(30-strlen(key[i])); j++) + std::cout << ' '; + output.Put(outplain, 8); + std::cout << " "; + output.Put(out, 8); + std::cout << std::endl; + } + return pass1 && pass2 && pass3; +} + +bool ValidateThreeWay() +{ + std::cout << "\n3-WAY validation suite running...\n\n"; + bool pass1 = true, pass2 = true; + + ThreeWayEncryption enc; // 96-bit only + pass1 = ThreeWayEncryption::KEYLENGTH == 12 && pass1; + pass1 = enc.StaticGetValidKeyLength(8) == 12 && pass1; + pass1 = enc.StaticGetValidKeyLength(12) == 12 && pass1; + pass1 = enc.StaticGetValidKeyLength(16) == 12 && pass1; + + ThreeWayDecryption dec; // 96-bit only + pass2 = ThreeWayDecryption::KEYLENGTH == 12 && pass2; + pass2 = dec.StaticGetValidKeyLength(8) == 12 && pass2; + pass2 = dec.StaticGetValidKeyLength(12) == 12 && pass2; + pass2 = dec.StaticGetValidKeyLength(16) == 12 && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource valdata(DataDir("TestData/3wayval.dat").c_str(), true, new HexDecoder); + return BlockTransformationTest(FixedRoundsCipherFactory(), valdata) && pass1 && pass2; +} + +bool ValidateGOST() +{ + std::cout << "\nGOST validation suite running...\n\n"; + bool pass1 = true, pass2 = true; + + GOSTEncryption enc; // 256-bit only + pass1 = GOSTEncryption::KEYLENGTH == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(16) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(24) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(40) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(64) == 32 && pass1; + + GOSTDecryption dec; // 256-bit only + pass2 = GOSTDecryption::KEYLENGTH == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(16) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(24) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(40) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(64) == 32 && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource valdata(DataDir("TestData/gostval.dat").c_str(), true, new HexDecoder); + return BlockTransformationTest(FixedRoundsCipherFactory(), valdata) && pass1 && pass2; +} + +bool ValidateSHARK() +{ + std::cout << "\nSHARK validation suite running...\n\n"; + bool pass1 = true, pass2 = true; + + SHARKEncryption enc; // 128-bit only + pass1 = SHARKEncryption::KEYLENGTH == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(15) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(17) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(32) == 16 && pass1; + + SHARKDecryption dec; // 128-bit only + pass2 = SHARKDecryption::KEYLENGTH == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(15) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(17) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(32) == 16 && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource valdata(DataDir("TestData/sharkval.dat").c_str(), true, new HexDecoder); + return BlockTransformationTest(FixedRoundsCipherFactory(), valdata) && pass1 && pass2; +} + +bool ValidateCAST() +{ + std::cout << "\nCAST-128 validation suite running...\n\n"; + bool pass1 = true, pass2 = true, pass3 = true; + + CAST128Encryption enc1; // 40 to 128-bits (5 to 16-bytes) + pass1 = CAST128Encryption::DEFAULT_KEYLENGTH == 16 && pass1; + pass1 = enc1.StaticGetValidKeyLength(4) == 5 && pass1; + pass1 = enc1.StaticGetValidKeyLength(5) == 5 && pass1; + pass1 = enc1.StaticGetValidKeyLength(15) == 15 && pass1; + pass1 = enc1.StaticGetValidKeyLength(16) == 16 && pass1; + pass1 = enc1.StaticGetValidKeyLength(17) == 16 && pass1; + + CAST128Decryption dec1; // 40 to 128-bits (5 to 16-bytes) + pass2 = CAST128Decryption::DEFAULT_KEYLENGTH == 16 && pass2; + pass2 = dec1.StaticGetValidKeyLength(4) == 5 && pass2; + pass2 = dec1.StaticGetValidKeyLength(5) == 5 && pass2; + pass2 = dec1.StaticGetValidKeyLength(15) == 15 && pass2; + pass2 = dec1.StaticGetValidKeyLength(16) == 16 && pass2; + pass2 = dec1.StaticGetValidKeyLength(17) == 16 && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource val128(DataDir("TestData/cast128v.dat").c_str(), true, new HexDecoder); + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), val128, 1) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(10), val128, 1) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(5), val128, 1) && pass3; + + std::cout << "\nCAST-256 validation suite running...\n\n"; + bool pass4 = true, pass5 = true, pass6 = true; + + CAST256Encryption enc2; // 128, 160, 192, 224, or 256-bits (16 to 32-bytes, step 4) + pass1 = CAST128Encryption::DEFAULT_KEYLENGTH == 16 && pass1; + pass4 = enc2.StaticGetValidKeyLength(15) == 16 && pass4; + pass4 = enc2.StaticGetValidKeyLength(16) == 16 && pass4; + pass4 = enc2.StaticGetValidKeyLength(17) == 20 && pass4; + pass4 = enc2.StaticGetValidKeyLength(20) == 20 && pass4; + pass4 = enc2.StaticGetValidKeyLength(24) == 24 && pass4; + pass4 = enc2.StaticGetValidKeyLength(28) == 28 && pass4; + pass4 = enc2.StaticGetValidKeyLength(31) == 32 && pass4; + pass4 = enc2.StaticGetValidKeyLength(32) == 32 && pass4; + pass4 = enc2.StaticGetValidKeyLength(33) == 32 && pass4; + + CAST256Decryption dec2; // 128, 160, 192, 224, or 256-bits (16 to 32-bytes, step 4) + pass2 = CAST256Decryption::DEFAULT_KEYLENGTH == 16 && pass2; + pass5 = dec2.StaticGetValidKeyLength(15) == 16 && pass5; + pass5 = dec2.StaticGetValidKeyLength(16) == 16 && pass5; + pass5 = dec2.StaticGetValidKeyLength(17) == 20 && pass5; + pass5 = dec2.StaticGetValidKeyLength(20) == 20 && pass5; + pass5 = dec2.StaticGetValidKeyLength(24) == 24 && pass5; + pass5 = dec2.StaticGetValidKeyLength(28) == 28 && pass5; + pass5 = dec2.StaticGetValidKeyLength(31) == 32 && pass5; + pass5 = dec2.StaticGetValidKeyLength(32) == 32 && pass5; + pass5 = dec2.StaticGetValidKeyLength(33) == 32 && pass5; + std::cout << (pass4 && pass5 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource val256(DataDir("TestData/cast256v.dat").c_str(), true, new HexDecoder); + pass6 = BlockTransformationTest(FixedRoundsCipherFactory(16), val256, 1) && pass6; + pass6 = BlockTransformationTest(FixedRoundsCipherFactory(24), val256, 1) && pass6; + pass6 = BlockTransformationTest(FixedRoundsCipherFactory(32), val256, 1) && pass6; + + return pass1 && pass2 && pass3 && pass4 && pass5 && pass6; +} + +bool ValidateSquare() +{ + std::cout << "\nSquare validation suite running...\n\n"; + bool pass1 = true, pass2 = true; + + SquareEncryption enc; // 128-bits only + pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(15) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(17) == 16 && pass1; + + SquareDecryption dec; // 128-bits only + pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(15) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(17) == 16 && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource valdata(DataDir("TestData/squareva.dat").c_str(), true, new HexDecoder); + return BlockTransformationTest(FixedRoundsCipherFactory(), valdata) && pass1 && pass2; +} + +bool ValidateSKIPJACK() +{ + std::cout << "\nSKIPJACK validation suite running...\n\n"; + bool pass1 = true, pass2 = true; + + SKIPJACKEncryption enc; // 80-bits only + pass1 = enc.StaticGetValidKeyLength(8) == 10 && pass1; + pass1 = enc.StaticGetValidKeyLength(9) == 10 && pass1; + pass1 = enc.StaticGetValidKeyLength(10) == 10 && pass1; + pass1 = enc.StaticGetValidKeyLength(16) == 10 && pass1; + + SKIPJACKDecryption dec; // 80-bits only + pass2 = dec.StaticGetValidKeyLength(8) == 10 && pass2; + pass2 = dec.StaticGetValidKeyLength(9) == 10 && pass2; + pass2 = dec.StaticGetValidKeyLength(10) == 10 && pass2; + pass2 = dec.StaticGetValidKeyLength(16) == 10 && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource valdata(DataDir("TestData/skipjack.dat").c_str(), true, new HexDecoder); + return BlockTransformationTest(FixedRoundsCipherFactory(), valdata) && pass1 && pass2; +} + +bool ValidateSEAL() +{ + const byte input[] = {0x37,0xa0,0x05,0x95,0x9b,0x84,0xc4,0x9c,0xa4,0xbe,0x1e,0x05,0x06,0x73,0x53,0x0f,0x5f,0xb0,0x97,0xfd,0xf6,0xa1,0x3f,0xbd,0x6c,0x2c,0xde,0xcd,0x81,0xfd,0xee,0x7c}; + const byte key[] = {0x67, 0x45, 0x23, 0x01, 0xef, 0xcd, 0xab, 0x89, 0x98, 0xba, 0xdc, 0xfe, 0x10, 0x32, 0x54, 0x76, 0xc3, 0xd2, 0xe1, 0xf0}; + const byte iv[] = {0x01, 0x35, 0x77, 0xaf}; + byte output[32]; + + std::cout << "\nSEAL validation suite running...\n\n"; + + SEAL<>::Encryption seal(key, sizeof(key), iv); + unsigned int size = sizeof(input); + bool pass = true; + + memset(output, 1, size); + seal.ProcessString(output, input, size); + for (unsigned int i=0; iInitialize(CombinedNameValuePairs( + parameters, + MakeParameters(Name::EncodingLookupArray(), (const byte *)&stars[0], false) + (Name::PaddingByte(), padding) + (Name::GroupSize(), insertLineBreaks ? maxLineLength : 0) + (Name::Separator(), ConstByteArrayParameter(lineBreak)) + (Name::Terminator(), ConstByteArrayParameter(lineBreak)) + (Name::Log2Base(), 6, true))); +} + +class MyDecoder : public BaseN_Decoder +{ +public: + MyDecoder(BufferedTransformation *attachment = NULLPTR); + void IsolatedInitialize(const NameValuePairs ¶ms); + static const int * CRYPTOPP_API GetDecodingLookupArray(); +}; + +MyDecoder::MyDecoder(BufferedTransformation *attachment) + : BaseN_Decoder(GetDecodingLookupArray(), 6, attachment) +{ +} + +void MyDecoder::IsolatedInitialize(const NameValuePairs ¶meters) +{ + BaseN_Decoder::IsolatedInitialize(CombinedNameValuePairs( + parameters, + MakeParameters(Name::DecodingLookupArray(), GetDecodingLookupArray(), false)(Name::Log2Base(), 6, true))); +} + +struct MyDecoderAlphabet +{ + MyDecoderAlphabet() { + std::fill(tab, tab+COUNTOF(tab), '*'); + } + byte tab[64]; +}; + +struct MyDecoderArray +{ + MyDecoderArray() { + std::fill(tab, tab+COUNTOF(tab), -1); + } + int tab[256]; +}; + +const int * MyDecoder::GetDecodingLookupArray() +{ + static bool s_initialized = false; + static MyDecoderAlphabet s_alpha; + static MyDecoderArray s_array; + + MEMORY_BARRIER(); + if (!s_initialized) + { + InitializeDecodingLookupArray(s_array.tab, s_alpha.tab, COUNTOF(s_alpha.tab), false); + s_initialized = true; + MEMORY_BARRIER(); + } + return s_array.tab; +} + +bool ValidateEncoder() +{ + // The default encoder and decoder alphabet are bogus. They are a + // string of '*'. To round trip a string both IsolatedInitialize + // must be called and work correctly. + std::cout << "\nCustom encoder validation running...\n\n"; + bool pass = true; + + int lookup[256]; + const char alphabet[64+1] = + "AaBbCcDdEeFfGgHhIiJjKkLlMmNnOoPpQqRrSsTtUuVvWwXxYyZz01234576789*"; + const char expected[] = + "ILcBMSgriDicmKmTi2oENCsuJTufN0yWjL1HnS8xKdaiOkeZK3gKock1ktmlo1q4LlsNPrAyGrG0gjO2gzQ5FQ=="; + + MyEncoder encoder; + std::string str1; + + AlgorithmParameters eparams = MakeParameters(Name::EncodingLookupArray(),(const byte*)alphabet) + (Name::InsertLineBreaks(), false); + encoder.IsolatedInitialize(eparams); + + encoder.Detach(new StringSink(str1)); + encoder.Put((const byte*) alphabet, 64); + encoder.MessageEnd(); + + MyDecoder decoder; + std::string str2; + + MyDecoder::InitializeDecodingLookupArray(lookup, (const byte*) alphabet, 64, false); + AlgorithmParameters dparams = MakeParameters(Name::DecodingLookupArray(),(const int*)lookup); + decoder.IsolatedInitialize(dparams); + + decoder.Detach(new StringSink(str2)); + decoder.Put((const byte*) str1.data(), str1.size()); + decoder.MessageEnd(); + + pass = (str1 == std::string(expected)) && pass; + pass = (str2 == std::string(alphabet, 64)) && pass; + + std::cout << (pass ? "passed:" : "FAILED:"); + std::cout << " Encode and decode\n"; + + // Try forcing an empty message. This is the Monero bug + // at https://github.com/weidai11/cryptopp/issues/562. + { + MyDecoder decoder2; + SecByteBlock empty; + + AlgorithmParameters dparams2 = MakeParameters(Name::DecodingLookupArray(),(const int*)lookup); + decoder2.IsolatedInitialize(dparams2); + + decoder2.Detach(new Redirector(TheBitBucket())); + decoder2.Put(empty.BytePtr(), empty.SizeInBytes()); + decoder2.MessageEnd(); + + // Tame the optimizer + volatile lword size = decoder2.MaxRetrievable(); + lword shadow = size; + CRYPTOPP_UNUSED(shadow); + } + + std::cout << "passed: 0-length message\n"; + + return pass; +} + +bool ValidateSHACAL2() +{ + std::cout << "\nSHACAL-2 validation suite running...\n\n"; + bool pass1 = true, pass2 = true, pass3 = true; + + SHACAL2Encryption enc; // 128 to 512-bits (16 to 64-bytes) + pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(15) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(64) == 64 && pass1; + pass1 = enc.StaticGetValidKeyLength(65) == 64 && pass1; + pass1 = enc.StaticGetValidKeyLength(128) == 64 && pass1; + pass1 = enc.StaticGetValidKeyLength(0) == enc.MinKeyLength() && pass1; + pass1 = enc.StaticGetValidKeyLength(SIZE_MAX) == enc.MaxKeyLength() && pass1; + + SHACAL2Decryption dec; // 128 to 512-bits (16 to 64-bytes) + pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(15) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(64) == 64 && pass2; + pass2 = dec.StaticGetValidKeyLength(65) == 64 && pass2; + pass2 = dec.StaticGetValidKeyLength(128) == 64 && pass2; + pass2 = dec.StaticGetValidKeyLength(0) == dec.MinKeyLength() && pass2; + pass2 = dec.StaticGetValidKeyLength(SIZE_MAX) == dec.MaxKeyLength() && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource valdata(DataDir("TestData/shacal2v.dat").c_str(), true, new HexDecoder); + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 4) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(64), valdata, 10) && pass3; + return pass1 && pass2 && pass3; +} + +bool ValidateARIA() +{ + std::cout << "\nARIA validation suite running...\n\n"; + bool pass1 = true, pass2 = true, pass3 = true; + + ARIAEncryption enc; + pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(24) == 24 && pass1; + pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(64) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(128) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(0) == enc.MinKeyLength() && pass1; + pass1 = enc.StaticGetValidKeyLength(SIZE_MAX) == enc.MaxKeyLength() && pass1; + + ARIADecryption dec; + pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(24) == 24 && pass2; + pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(64) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(128) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(0) == dec.MinKeyLength() && pass2; + pass2 = dec.StaticGetValidKeyLength(SIZE_MAX) == dec.MaxKeyLength() && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource valdata(DataDir("TestData/aria.dat").c_str(), true, new HexDecoder); + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 15) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(24), valdata, 15) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(32), valdata, 15) && pass3; + return pass1 && pass2 && pass3; +} + +bool ValidateSIMECK() +{ + std::cout << "\nSIMECK validation suite running...\n"; + + return RunTestDataFile("TestVectors/simeck.txt"); +} + +bool ValidateCHAM() +{ + std::cout << "\nCHAM validation suite running...\n"; + + return RunTestDataFile("TestVectors/cham.txt"); +} + +bool ValidateHIGHT() +{ + std::cout << "\nHIGHT validation suite running...\n"; + + return RunTestDataFile("TestVectors/hight.txt"); +} + +bool ValidateLEA() +{ + std::cout << "\nLEA validation suite running...\n"; + + return RunTestDataFile("TestVectors/lea.txt"); +} + +bool ValidateSIMON() +{ + std::cout << "\nSIMON validation suite running...\n"; + + return RunTestDataFile("TestVectors/simon.txt"); +} + +bool ValidateSPECK() +{ + std::cout << "\nSPECK validation suite running...\n"; + + return RunTestDataFile("TestVectors/speck.txt"); +} + +bool ValidateCamellia() +{ + std::cout << "\nCamellia validation suite running...\n\n"; + bool pass1 = true, pass2 = true, pass3 = true; + + CamelliaEncryption enc; + pass1 = enc.StaticGetValidKeyLength(8) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(16) == 16 && pass1; + pass1 = enc.StaticGetValidKeyLength(24) == 24 && pass1; + pass1 = enc.StaticGetValidKeyLength(32) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(64) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(128) == 32 && pass1; + pass1 = enc.StaticGetValidKeyLength(0) == enc.MinKeyLength() && pass1; + pass1 = enc.StaticGetValidKeyLength(SIZE_MAX) == enc.MaxKeyLength() && pass1; + + CamelliaDecryption dec; + pass2 = dec.StaticGetValidKeyLength(8) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(16) == 16 && pass2; + pass2 = dec.StaticGetValidKeyLength(24) == 24 && pass2; + pass2 = dec.StaticGetValidKeyLength(32) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(64) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(128) == 32 && pass2; + pass2 = dec.StaticGetValidKeyLength(0) == dec.MinKeyLength() && pass2; + pass2 = dec.StaticGetValidKeyLength(SIZE_MAX) == dec.MaxKeyLength() && pass2; + std::cout << (pass1 && pass2 ? "passed:" : "FAILED:") << " Algorithm key lengths\n"; + + FileSource valdata(DataDir("TestData/camellia.dat").c_str(), true, new HexDecoder); + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(16), valdata, 15) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(24), valdata, 15) && pass3; + pass3 = BlockTransformationTest(FixedRoundsCipherFactory(32), valdata, 15) && pass3; + return pass1 && pass2 && pass3; +} + +bool ValidateSalsa() +{ + std::cout << "\nSalsa validation suite running...\n"; + + return RunTestDataFile("TestVectors/salsa.txt"); +} + +bool ValidateChaCha() +{ + std::cout << "\nChaCha validation suite running...\n"; + + return RunTestDataFile("TestVectors/chacha.txt"); +} + +bool ValidateSosemanuk() +{ + std::cout << "\nSosemanuk validation suite running...\n"; + return RunTestDataFile("TestVectors/sosemanuk.txt"); +} + +bool ValidateRabbit() +{ + std::cout << "\nRabbit validation suite running...\n"; + return RunTestDataFile("TestVectors/rabbit.txt"); +} + +bool ValidateHC128() +{ + std::cout << "\nHC-128 validation suite running...\n"; + return RunTestDataFile("TestVectors/hc128.txt"); +} + +bool ValidateHC256() +{ + std::cout << "\nHC-256 validation suite running...\n"; + return RunTestDataFile("TestVectors/hc256.txt"); +} + +bool ValidateVMAC() +{ + std::cout << "\nVMAC validation suite running...\n"; + return RunTestDataFile("TestVectors/vmac.txt"); +} + +bool ValidateCCM() +{ + std::cout << "\nAES/CCM validation suite running...\n"; + return RunTestDataFile("TestVectors/ccm.txt"); +} + +bool ValidateGCM() +{ + std::cout << "\nAES/GCM validation suite running...\n"; + std::cout << "\n2K tables:"; + bool pass = RunTestDataFile("TestVectors/gcm.txt", MakeParameters(Name::TableSize(), (int)2048)); + std::cout << "\n64K tables:"; + return RunTestDataFile("TestVectors/gcm.txt", MakeParameters(Name::TableSize(), (int)64*1024)) && pass; +} + +bool ValidateCMAC() +{ + std::cout << "\nCMAC validation suite running...\n"; + return RunTestDataFile("TestVectors/cmac.txt"); +} + +NAMESPACE_END // Test +NAMESPACE_END // CryptoPP diff --git a/vendor/cryptopp/vendor_cryptopp/validat5.cpp b/vendor/cryptopp/vendor_cryptopp/validat5.cpp new file mode 100644 index 00000000..e451c308 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/validat5.cpp @@ -0,0 +1,2029 @@ +// validat5.cpp - originally written and placed in the public domain by Wei Dai +// CryptoPP::Test namespace added by JW in February 2017. +// Source files split in July 2018 to expedite compiles. + +#include "pch.h" + +#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 + +#include "cryptlib.h" +#include "cpu.h" +#include "validate.h" + +#include "aes.h" +#include "crc.h" +#include "adler32.h" + +#include "md2.h" +#include "md4.h" +#include "md5.h" + +#include "sha.h" +#include "sha3.h" +#include "pssr.h" +#include "tiger.h" +#include "blake2.h" +#include "ripemd.h" +#include "siphash.h" +#include "poly1305.h" +#include "whrlpool.h" + +#include "hkdf.h" +#include "scrypt.h" +#include "pwdbased.h" + +#include "cmac.h" +#include "dmac.h" +#include "hmac.h" +#include "ttmac.h" + +#include +#include +#include + +// Aggressive stack checking with VS2005 SP1 and above. +#if (_MSC_FULL_VER >= 140050727) +# pragma strict_gs_check (on) +#endif + +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) +#endif + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Test) + +struct HashTestTuple +{ + HashTestTuple(const char *input, const char *output, unsigned int repeatTimes=1) + : input((byte *)input), output((byte *)output), inputLen(strlen(input)), repeatTimes(repeatTimes) {} + + HashTestTuple(const char *input, unsigned int inputLen, const char *output, unsigned int repeatTimes) + : input((byte *)input), output((byte *)output), inputLen(inputLen), repeatTimes(repeatTimes) {} + + const byte *input, *output; + size_t inputLen; + unsigned int repeatTimes; +}; + +bool HashModuleTest(HashTransformation &md, const HashTestTuple *testSet, unsigned int testSetSize) +{ + bool pass=true, fail; + std::ostringstream oss; + + SecByteBlock digest(md.DigestSize()); + for (unsigned int i=0; i XMACC_MD5; + + const byte keys[2][XMACC_MD5::KEYLENGTH]={ + {0x00,0x11,0x22,0x33,0x44,0x55,0x66,0x77,0x88,0x99,0xaa,0xbb}, + {0x01,0x23,0x45,0x67,0x89,0xab,0xcd,0xef,0xfe,0xdc,0xba,0x98}}; + + const word32 counters[2]={0xccddeeff, 0x76543210}; + + const char *TestVals[7]={ + "", + "a", + "abc", + "message digest", + "abcdefghijklmnopqrstuvwxyz", + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789", + "12345678901234567890123456789012345678901234567890123456789012345678901234567890"}; + + const byte output[2][7][XMACC_MD5::DIGESTSIZE]={ + {{0xcc,0xdd,0xef,0x00,0xfa,0x89,0x54,0x92,0x86,0x32,0xda,0x2a,0x3f,0x29,0xc5,0x52,0xa0,0x0d,0x05,0x13}, + {0xcc,0xdd,0xef,0x01,0xae,0xdb,0x8b,0x7b,0x69,0x71,0xc7,0x91,0x71,0x48,0x9d,0x18,0xe7,0xdf,0x9d,0x5a}, + {0xcc,0xdd,0xef,0x02,0x5e,0x01,0x2e,0x2e,0x4b,0xc3,0x83,0x62,0xc2,0xf4,0xe6,0x18,0x1c,0x44,0xaf,0xca}, + {0xcc,0xdd,0xef,0x03,0x3e,0xa9,0xf1,0xe0,0x97,0x91,0xf8,0xe2,0xbe,0xe0,0xdf,0xf3,0x41,0x03,0xb3,0x5a}, + {0xcc,0xdd,0xef,0x04,0x2e,0x6a,0x8d,0xb9,0x72,0xe3,0xce,0x9f,0xf4,0x28,0x45,0xe7,0xbc,0x80,0xa9,0xc7}, + {0xcc,0xdd,0xef,0x05,0x1a,0xd5,0x40,0x78,0xfb,0x16,0x37,0xfc,0x7a,0x1d,0xce,0xb4,0x77,0x10,0xb2,0xa0}, + {0xcc,0xdd,0xef,0x06,0x13,0x2f,0x11,0x47,0xd7,0x1b,0xb5,0x52,0x36,0x51,0x26,0xb0,0x96,0xd7,0x60,0x81}}, + {{0x76,0x54,0x32,0x11,0xe9,0xcb,0x74,0x32,0x07,0x93,0xfe,0x01,0xdd,0x27,0xdb,0xde,0x6b,0x77,0xa4,0x56}, + {0x76,0x54,0x32,0x12,0xcd,0x55,0x87,0x5c,0xc0,0x35,0x85,0x99,0x44,0x02,0xa5,0x0b,0x8c,0xe7,0x2c,0x68}, + {0x76,0x54,0x32,0x13,0xac,0xfd,0x87,0x50,0xc3,0x8f,0xcd,0x58,0xaa,0xa5,0x7e,0x7a,0x25,0x63,0x26,0xd1}, + {0x76,0x54,0x32,0x14,0xe3,0x30,0xf5,0xdd,0x27,0x2b,0x76,0x22,0x7f,0xaa,0x90,0x73,0x6a,0x48,0xdb,0x00}, + {0x76,0x54,0x32,0x15,0xfc,0x57,0x00,0x20,0x7c,0x9d,0xf6,0x30,0x6f,0xbd,0x46,0x3e,0xfb,0x8a,0x2c,0x60}, + {0x76,0x54,0x32,0x16,0xfb,0x0f,0xd3,0xdf,0x4c,0x4b,0xc3,0x05,0x9d,0x63,0x1e,0xba,0x25,0x2b,0xbe,0x35}, + {0x76,0x54,0x32,0x17,0xc6,0xfe,0xe6,0x5f,0xb1,0x35,0x8a,0xf5,0x32,0x7a,0x80,0xbd,0xb8,0x72,0xee,0xae}}}; + + // Coverity finding, also see http://stackoverflow.com/a/34509163/608639. + StreamState ss(std::cout); + + byte digest[XMACC_MD5::DIGESTSIZE]; + bool pass=true, fail; + + std::cout << "\nXMACC/MD5 validation suite running...\n"; + + for (int k=0; k<2; k++) + { + XMACC_MD5 mac(keys[k], counters[k]); + std::cout << "\nKEY: "; + for (int j=0;j pbkdf; + + std::cout << "\nPKCS #12 PBKDF validation suite running...\n\n"; + pass = TestPBKDF(pbkdf, testSet, COUNTOF(testSet)) && pass; + } + + { + // from draft-ietf-smime-password-03.txt, at http://www.imc.org/draft-ietf-smime-password + PBKDF_TestTuple testSet[] = + { + {0, 5, "70617373776f7264", "1234567878563412", "D1DAA78615F287E6"}, + {0, 500, "416C6C206E2D656E746974696573206D75737420636F6D6D756E69636174652077697468206F74686572206E2d656E74697469657320766961206E2D3120656E746974656568656568656573", "1234567878563412","6A8970BF68C92CAEA84A8DF28510858607126380CC47AB2D"} + }; + + PKCS5_PBKDF2_HMAC pbkdf; + + std::cout << "\nPKCS #5 PBKDF2 validation suite running...\n\n"; + pass = TestPBKDF(pbkdf, testSet, COUNTOF(testSet)) && pass; + } + + return pass; +} + +struct HKDF_TestTuple +{ + const char *hexSecret, *hexSalt, *hexInfo, *hexExpected; + size_t len; +}; + +bool TestHKDF(KeyDerivationFunction &kdf, const HKDF_TestTuple *testSet, unsigned int testSetSize) +{ + bool pass = true; + + for (unsigned int i=0; i") : ""); + std::cout << " "; + std::cout << (tuple.hexInfo ? (strlen(tuple.hexInfo) ? tuple.hexInfo : "<0-LEN INFO>") : ""); + std::cout << " "; + enc.Put(derived, derived.size()); + std::cout << std::endl; + } + + return pass; +} + +bool ValidateHKDF() +{ + bool pass = true; + + { + // SHA-1 from RFC 5869, Appendix A, https://tools.ietf.org/html/rfc5869 + const HKDF_TestTuple testSet[] = + { + // Test Case #4 + {"0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "085a01ea1b10f36933068b56efa5ad81 a4f14b822f5b091568a9cdd4f155fda2 c22e422478d305f3f896", 42}, + // Test Case #5 + {"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "0bd770a74d1160f7c9f12cd5912a06eb ff6adcae899d92191fe4305673ba2ffe 8fa3f1a4e5ad79f3f334b3b202b2173c 486ea37ce3d397ed034c7f9dfeb15c5e 927336d0441f4c4300e2cff0d0900b52 d3b4", 82}, + // Test Case #6 + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "", "", "0ac1af7002b3d761d1e55298da9d0506 b9ae52057220a306e07b6b87e8df21d0 ea00033de03984d34918", 42}, + // Test Case #7 + {"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c", NULLPTR, "", "2c91117204d745f3500d636a62f64f0 ab3bae548aa53d423b0d1f27ebba6f5e5 673a081d70cce7acfc48", 42} + }; + + HKDF hkdf; + + std::cout << "\nRFC 5869 HKDF(SHA-1) validation suite running...\n\n"; + pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass; + } + + { + // SHA-256 from RFC 5869, Appendix A, https://tools.ietf.org/html/rfc5869 + const HKDF_TestTuple testSet[] = + { + // Test Case #1 + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "3cb25f25faacd57a90434f64d0362f2a 2d2d0a90cf1a5a4c5db02d56ecc4c5bf 34007208d5b887185865", 42}, + // Test Case #2 + {"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "b11e398dc80327a1c8e7f78c596a4934 4f012eda2d4efad8a050cc4c19afa97c 59045a99cac7827271cb41c65e590e09 da3275600c2f09b8367793a9aca3db71 cc30c58179ec3e87c14c01d5c1f3434f 1d87", 82}, + // Test Case #3 + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "", "", "8da4e775a563c18f715f802a063c5a31 b8a11f5c5ee1879ec3454e5f3c738d2d 9d201395faa4b61a96c8", 42} + }; + + HKDF hkdf; + + std::cout << "\nRFC 5869 HKDF(SHA-256) validation suite running...\n\n"; + pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass; + } + + { + // SHA-512, Crypto++ generated, based on RFC 5869, https://tools.ietf.org/html/rfc5869 + const HKDF_TestTuple testSet[] = + { + // Test Case #0 + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "832390086CDA71FB47625BB5CEB168E4 C8E26A1A16ED34D9FC7FE92C14815793 38DA362CB8D9F925D7CB", 42}, + // Test Case #0 + {"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "CE6C97192805B346E6161E821ED16567 3B84F400A2B514B2FE23D84CD189DDF1 B695B48CBD1C8388441137B3CE28F16A A64BA33BA466B24DF6CFCB021ECFF235 F6A2056CE3AF1DE44D572097A8505D9E 7A93", 82}, + // Test Case #0 + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "", "", "F5FA02B18298A72A8C23898A8703472C 6EB179DC204C03425C970E3B164BF90F FF22D04836D0E2343BAC", 42}, + // Test Case #0 + {"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c", NULLPTR, "", "1407D46013D98BC6DECEFCFEE55F0F90 B0C7F63D68EB1A80EAF07E953CFC0A3A 5240A155D6E4DAA965BB", 42} + }; + + HKDF hkdf; + + std::cout << "\nRFC 5869 HKDF(SHA-512) validation suite running...\n\n"; + pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass; + } + + { + // Whirlpool, Crypto++ generated, based on RFC 5869, https://tools.ietf.org/html/rfc5869 + const HKDF_TestTuple testSet[] = + { + // Test Case #0 + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "000102030405060708090a0b0c", "f0f1f2f3f4f5f6f7f8f9", "0D29F74CCD8640F44B0DD9638111C1B5 766EFED752AF358109E2E7C9CD4A28EF 2F90B2AD461FBA0744D4", 42}, + // Test Case #0 + {"000102030405060708090a0b0c0d0e0f 101112131415161718191a1b1c1d1e1f 202122232425262728292a2b2c2d2e2f 303132333435363738393a3b3c3d3e3f 404142434445464748494a4b4c4d4e4f", "606162636465666768696a6b6c6d6e6f 707172737475767778797a7b7c7d7e7f 808182838485868788898a8b8c8d8e8f 909192939495969798999a9b9c9d9e9f a0a1a2a3a4a5a6a7a8a9aaabacadaeaf", "b0b1b2b3b4b5b6b7b8b9babbbcbdbebf c0c1c2c3c4c5c6c7c8c9cacbcccdcecf d0d1d2d3d4d5d6d7d8d9dadbdcdddedf e0e1e2e3e4e5e6e7e8e9eaebecedeeef f0f1f2f3f4f5f6f7f8f9fafbfcfdfeff", "4EBE4FE2DCCEC42661699500BE279A99 3FED90351E19373B3926FAA3A410700B2 BBF77E254CF1451AE6068D64A0904D96 6F4FF25498445A501B88F50D21E3A68A8 90E09445DC5886DD00E7F4F7C58A5121 70", 82}, + // Test Case #0 + {"0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", "", "", "110632D0F7AEFAC31771FC66C22BB346 2614B81E4B04BA7F2B662E0BD694F564 58615F9A9CB56C57ECF2", 42}, + // Test Case #0 + {"0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c" /*key*/, NULLPTR /*salt*/, "" /*info*/, "4089286EBFB23DD8A02F0C9DAA35D538 EB09CD0A8CBAB203F39083AA3E0BD313 E6F91E64F21A187510B0", 42} + }; + + HKDF hkdf; + + std::cout << "\nRFC 5869 HKDF(Whirlpool) validation suite running...\n\n"; + pass = TestHKDF(hkdf, testSet, COUNTOF(testSet)) && pass; + } + + return pass; +} + +struct Scrypt_TestTuple +{ + const char * passwd; + const char * salt; + word64 n; + word32 r; + word32 p; + const char * expect; +}; + +bool TestScrypt(KeyDerivationFunction &pbkdf, const Scrypt_TestTuple *testSet, unsigned int testSetSize) +{ + bool pass = true; + + for (unsigned int i=0; i::StaticAlgorithmName() != "Poly1305(AES)"); + std::cout << (fail ? "FAILED " : "passed ") << "algorithm name\n"; + pass = pass && !fail; + } + + // Test data from http://cr.yp.to/mac/poly1305-20050329.pdf + const Poly1305_TestTuples tests[] = + { + // Appendix B, Test 1 + { + "\xec\x07\x4c\x83\x55\x80\x74\x17\x01\x42\x5b\x62\x32\x35\xad\xd6" // Key + "\x85\x1f\xc4\x0c\x34\x67\xac\x0b\xe0\x5c\xc2\x04\x04\xf3\xf7\x00", + "\xf3\xf6", // Message + "\xfb\x44\x73\x50\xc4\xe8\x68\xc5\x2a\xc3\x27\x5c\xf9\xd4\x32\x7e", // Nonce + "\xf4\xc6\x33\xc3\x04\x4f\xc1\x45\xf8\x4f\x33\x5c\xb8\x19\x53\xde", // Digest + 32, 2, 16, 16 + }, + // Appendix B, Test 2 + { + "\x75\xde\xaa\x25\xc0\x9f\x20\x8e\x1d\xc4\xce\x6b\x5c\xad\x3f\xbf" // Key + "\x61\xee\x09\x21\x8d\x29\xb0\xaa\xed\x7e\x15\x4a\x2c\x55\x09\xcc", + "", // Message + "\x61\xee\x09\x21\x8d\x29\xb0\xaa\xed\x7e\x15\x4a\x2c\x55\x09\xcc", // Nonce + "\xdd\x3f\xab\x22\x51\xf1\x1a\xc7\x59\xf0\x88\x71\x29\xcc\x2e\xe7", // Digest + 32, 0, 16, 16 + }, + // Appendix B, Test 3 + { + "\x6a\xcb\x5f\x61\xa7\x17\x6d\xd3\x20\xc5\xc1\xeb\x2e\xdc\xdc\x74" // Key + "\x48\x44\x3d\x0b\xb0\xd2\x11\x09\xc8\x9a\x10\x0b\x5c\xe2\xc2\x08", + "\x66\x3c\xea\x19\x0f\xfb\x83\xd8\x95\x93\xf3\xf4\x76\xb6\xbc\x24" // Message + "\xd7\xe6\x79\x10\x7e\xa2\x6a\xdb\x8c\xaf\x66\x52\xd0\x65\x61\x36", + "\xae\x21\x2a\x55\x39\x97\x29\x59\x5d\xea\x45\x8b\xc6\x21\xff\x0e", // Nonce + "\x0e\xe1\xc1\x6b\xb7\x3f\x0f\x4f\xd1\x98\x81\x75\x3c\x01\xcd\xbe", // Digest + 32, 32, 16, 16 + }, + // Appendix B, Test 4 + { + "\xe1\xa5\x66\x8a\x4d\x5b\x66\xa5\xf6\x8c\xc5\x42\x4e\xd5\x98\x2d" // Key + "\x12\x97\x6a\x08\xc4\x42\x6d\x0c\xe8\xa8\x24\x07\xc4\xf4\x82\x07", + "\xab\x08\x12\x72\x4a\x7f\x1e\x34\x27\x42\xcb\xed\x37\x4d\x94\xd1" // Message + "\x36\xc6\xb8\x79\x5d\x45\xb3\x81\x98\x30\xf2\xc0\x44\x91\xfa\xf0" + "\x99\x0c\x62\xe4\x8b\x80\x18\xb2\xc3\xe4\xa0\xfa\x31\x34\xcb\x67" + "\xfa\x83\xe1\x58\xc9\x94\xd9\x61\xc4\xcb\x21\x09\x5c\x1b\xf9", + "\x9a\xe8\x31\xe7\x43\x97\x8d\x3a\x23\x52\x7c\x71\x28\x14\x9e\x3a", // Nonce + "\x51\x54\xad\x0d\x2c\xb2\x6e\x01\x27\x4f\xc5\x11\x48\x49\x1f\x1b", // Digest + 32, 63, 16, 16 + } + }; + + unsigned int count = 0; + byte digest[Poly1305::DIGESTSIZE]; + + // Positive tests + for (unsigned int i=0; i poly1305((const byte*)tests[i].key, tests[i].klen); + poly1305.Resynchronize((const byte*)tests[i].nonce, (int)tests[i].nlen); + poly1305.Update((const byte*)tests[i].message, tests[i].mlen); + poly1305.Final(digest); + + fail = !!memcmp(digest, tests[i].digest, tests[i].dlen) != 0; + if (fail) + { + std::cout << "FAILED " << "Poly1305 test set " << count << std::endl; + } + + count++; + pass = pass && !fail; + } + + // Positive tests + for (unsigned int i=0; i poly1305((const byte*)tests[i].key, tests[i].klen,(const byte*)tests[i].nonce, (int)tests[i].nlen); + poly1305.Update((const byte*)tests[i].message, tests[i].mlen); + poly1305.Final(digest); + + fail = !!memcmp(digest, tests[i].digest, tests[i].dlen) != 0; + if (fail) + { + std::cout << "FAILED " << "Poly1305 test set " << count << std::endl; + } + + count++; + pass = pass && !fail; + } + + // Negative tests + for (unsigned int i=0; i poly1305((const byte*)tests[i].key, tests[i].klen); + poly1305.Resynchronize((const byte*)tests[i].nonce, (int)tests[i].nlen); + poly1305.Update((const byte*)tests[i].message, tests[i].mlen); + poly1305.Final(digest); + + unsigned int next = (i+1) % COUNTOF(tests); + fail = !!memcmp(digest, tests[next].digest, tests[next].dlen) == 0; + if (fail) + { + std::cout << "FAILED " << "Poly1305 test set " << count << std::endl; + } + + count++; + pass = pass && !fail; + } + + std::cout << (!pass ? "FAILED " : "passed ") << count << " message authentication codes" << std::endl; + + return pass; +} + +bool ValidateSipHash() +{ + std::cout << "\nSipHash validation suite running...\n\n"; + bool fail, pass = true, pass1=true, pass2=true, pass3=true, pass4=true; + + { + fail = (SipHash<2,4>::StaticAlgorithmName() != "SipHash-2-4"); + std::cout << (fail ? "FAILED " : "passed ") << "SipHash-2-4 algorithm name\n"; + pass = pass && !fail; + + fail = (SipHash<2,4, false>::DIGESTSIZE != 8); + std::cout << (fail ? "FAILED " : "passed ") << "SipHash-2-4 64-bit digest size\n"; + pass = pass && !fail; + + fail = (SipHash<2,4, true>::DIGESTSIZE != 16); + std::cout << (fail ? "FAILED " : "passed ") << "SipHash-2-4 128-bit digest size\n"; + pass = pass && !fail; + + fail = (SipHash<4,8>::StaticAlgorithmName() != "SipHash-4-8"); + std::cout << (fail ? "FAILED " : "passed ") << "SipHash-4-8 algorithm name\n"; + pass = pass && !fail; + + fail = (SipHash<4,8, false>::DIGESTSIZE != 8); + std::cout << (fail ? "FAILED " : "passed ") << "SipHash-4-8 64-bit digest size\n"; + pass = pass && !fail; + + fail = (SipHash<4,8, true>::DIGESTSIZE != 16); + std::cout << (fail ? "FAILED " : "passed ") << "SipHash-4-8 128-bit digest size\n"; + pass = pass && !fail; + } + + // Siphash-2-4, 64-bit MAC + { + const byte key[] = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; + SipHash<2,4, false> hash(key, 16); + byte digest[SipHash<2,4, false>::DIGESTSIZE]; + + hash.Update((const byte*)"", 0); + hash.Final(digest); + fail = !!memcmp("\x31\x0E\x0E\xDD\x47\xDB\x6F\x72", digest, COUNTOF(digest)); + pass1 = !fail && pass1; + + hash.Update((const byte*)"\x00", 1); + hash.Final(digest); + fail = !!memcmp("\xFD\x67\xDC\x93\xC5\x39\xF8\x74", digest, COUNTOF(digest)); + pass1 = !fail && pass1; + + hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06", 7); + hash.Final(digest); + fail = !!memcmp("\x37\xD1\x01\x8B\xF5\x00\x02\xAB", digest, COUNTOF(digest)); + pass1 = !fail && pass1; + + hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07", 8); + hash.Final(digest); + fail = !!memcmp("\x62\x24\x93\x9A\x79\xF5\xF5\x93", digest, COUNTOF(digest)); + pass1 = !fail && pass1; + + hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07\x08", 9); + hash.Final(digest); + fail = !!memcmp("\xB0\xE4\xA9\x0B\xDF\x82\x00\x9E", digest, COUNTOF(digest)); + pass1 = !fail && pass1; + + std::cout << (pass1 ? "passed " : "FAILED ") << "SipHash-2-4 64-bit MAC\n"; + pass = pass1 && pass; + } + + // Siphash-2-4, 128-bit MAC + { + const byte key[] = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; + SipHash<2,4, true> hash(key, 16); + byte digest[SipHash<2,4, true>::DIGESTSIZE]; + + hash.Update((const byte*)"", 0); + hash.Final(digest); + fail = !!memcmp("\xA3\x81\x7F\x04\xBA\x25\xA8\xE6\x6D\xF6\x72\x14\xC7\x55\x02\x93", digest, COUNTOF(digest)); + pass3 = !fail && pass3; + + hash.Update((const byte*)"\x00", 1); + hash.Final(digest); + fail = !!memcmp("\xDA\x87\xC1\xD8\x6B\x99\xAF\x44\x34\x76\x59\x11\x9B\x22\xFC\x45", digest, COUNTOF(digest)); + pass3 = !fail && pass3; + + hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06", 7); + hash.Final(digest); + fail = !!memcmp("\xA1\xF1\xEB\xBE\xD8\xDB\xC1\x53\xC0\xB8\x4A\xA6\x1F\xF0\x82\x39", digest, COUNTOF(digest)); + pass3 = !fail && pass3; + + hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07", 8); + hash.Final(digest); + fail = !!memcmp("\x3B\x62\xA9\xBA\x62\x58\xF5\x61\x0F\x83\xE2\x64\xF3\x14\x97\xB4", digest, COUNTOF(digest)); + pass3 = !fail && pass3; + + hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07\x08", 9); + hash.Final(digest); + fail = !!memcmp("\x26\x44\x99\x06\x0A\xD9\xBA\xAB\xC4\x7F\x8B\x02\xBB\x6D\x71\xED", digest, COUNTOF(digest)); + pass3 = !fail && pass3; + + std::cout << (pass3 ? "passed " : "FAILED ") << "SipHash-2-4 128-bit MAC\n"; + pass = pass3 && pass; + } + + // Siphash-4-8, 64-bit MAC + { + const byte key[] = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; + SipHash<4, 8, false> hash(key, 16); + byte digest[SipHash<4, 8, false>::DIGESTSIZE]; + + hash.Update((const byte*)"", 0); + hash.Final(digest); + fail = !!memcmp("\x41\xDA\x38\x99\x2B\x05\x79\xC8", digest, COUNTOF(digest)); + pass2 = !fail && pass2; + + hash.Update((const byte*)"\x00", 1); + hash.Final(digest); + fail = !!memcmp("\x51\xB8\x95\x52\xF9\x14\x59\xC8", digest, COUNTOF(digest)); + pass2 = !fail && pass2; + + hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06", 7); + hash.Final(digest); + fail = !!memcmp("\x47\xD7\x3F\x71\x5A\xBE\xFD\x4E", digest, COUNTOF(digest)); + pass2 = !fail && pass2; + + hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07", 8); + hash.Final(digest); + fail = !!memcmp("\x20\xB5\x8B\x9C\x07\x2F\xDB\x50", digest, COUNTOF(digest)); + pass2 = !fail && pass2; + + hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07\x08", 9); + hash.Final(digest); + fail = !!memcmp("\x36\x31\x9A\xF3\x5E\xE1\x12\x53", digest, COUNTOF(digest)); + pass2 = !fail && pass2; + + std::cout << (pass2 ? "passed " : "FAILED ") << "SipHash-4-8 64-bit MAC\n"; + pass = pass2 && pass; + } + + // Siphash-4-8, 128-bit MAC + { + const byte key[] = "\x00\x01\x02\x03\x04\x05\x06\x07\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F"; + SipHash<4, 8, true> hash(key, 16); + byte digest[SipHash<4, 8, true>::DIGESTSIZE]; + + hash.Update((const byte*)"", 0); + hash.Final(digest); + fail = !!memcmp("\x1F\x64\xCE\x58\x6D\xA9\x04\xE9\xCF\xEC\xE8\x54\x83\xA7\x0A\x6C", digest, COUNTOF(digest)); + pass4 = !fail && pass4; + + hash.Update((const byte*)"\x00", 1); + hash.Final(digest); + fail = !!memcmp("\x47\x34\x5D\xA8\xEF\x4C\x79\x47\x6A\xF2\x7C\xA7\x91\xC7\xA2\x80", digest, COUNTOF(digest)); + pass4 = !fail && pass4; + + hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06", 7); + hash.Final(digest); + fail = !!memcmp("\xED\x00\xE1\x3B\x18\x4B\xF1\xC2\x72\x6B\x8B\x54\xFF\xD2\xEE\xE0", digest, COUNTOF(digest)); + pass4 = !fail && pass4; + + hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07", 8); + hash.Final(digest); + fail = !!memcmp("\xA7\xD9\x46\x13\x8F\xF9\xED\xF5\x36\x4A\x5A\x23\xAF\xCA\xE0\x63", digest, COUNTOF(digest)); + pass4 = !fail && pass4; + + hash.Update((const byte*)"\x00\x01\x02\x03\x04\x05\x06\x07\x08", 9); + hash.Final(digest); + fail = !!memcmp("\x9E\x73\x14\xB7\x54\x5C\xEC\xA3\x8B\x9A\x55\x49\xE4\xFB\x0B\xE8", digest, COUNTOF(digest)); + pass4 = !fail && pass4; + + std::cout << (pass4 ? "passed " : "FAILED ") << "SipHash-4-8 128-bit MAC\n"; + pass = pass4 && pass; + } + + return pass; +} + +struct BLAKE2_TestTuples +{ + const char *key, *message, *digest; + size_t klen, mlen, dlen; +}; + +bool ValidateBLAKE2s() +{ + std::cout << "\nBLAKE2s validation suite running...\n\n"; + bool fail, pass = true; + + { + fail = strcmp(BLAKE2s::StaticAlgorithmName(), "BLAKE2s") != 0; + std::cout << (fail ? "FAILED " : "passed ") << "algorithm name\n"; + pass = pass && !fail; + } + + const BLAKE2_TestTuples tests[] = { + { + NULLPTR, + NULLPTR, + "\x8F\x38", + 0, 0, 2 + }, + { + NULLPTR, + NULLPTR, + "\x36\xE9\xD2\x46", + 0, 0, 4 + }, + { + NULLPTR, + NULLPTR, + "\xEF\x2A\x8B\x78\xDD\x80\xDA\x9C", + 0, 0, 8 + }, + { + NULLPTR, + NULLPTR, + "\x64\x55\x0D\x6F\xFE\x2C\x0A\x01\xA1\x4A\xBA\x1E\xAD\xE0\x20\x0C", + 0, 0, 16 + }, + { + NULLPTR, + NULLPTR, + "\x69\x21\x7A\x30\x79\x90\x80\x94\xE1\x11\x21\xD0\x42\x35\x4A\x7C\x1F\x55\xB6\x48\x2C\xA1\xA5\x1E\x1B\x25\x0D\xFD\x1E\xD0\xEE\xF9", + 0, 0, 32 + }, + { + NULLPTR, + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x25\xEC\xB2\xF6\xA7\x81\x82\x57\x5D\x4B\xD7\x02\x72\x6D\xE1\x82\xBB\x1E\x21\xA8\x5D\x51\x34\xAD\xA2\x25\x8D\x7E\x21\x38\x03\xA7", + 0, 15, 32 + }, + { + NULLPTR, + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xD4\x1C\x69\x87\x29\x7E\xDE\x4F\x08\x9B\x66\x9B\xC7\x0E\x62\xB9\xFA\xFA\x1C\x37\xCC\x31\x29\x22\xE0\xEA\x63\xE2\xE5\x85\xAA\x9F", + 0, 16, 32 + }, + { + NULLPTR, + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xE0\xAD\xF2\xCC\x1F\x1F\x55\x3A\xE6\xC3\xCD\x3D\xF7\x68\xEA\x66\x9C\x32\xBE\x1D\x37\xF9\xA2\x61\xD4\x4F\x45\x26\x69\xD0\xD3\xA4", + 0, 17, 32 + }, + { + NULLPTR, + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x10\x42\x65\x1C\x86\x15\xC4\x87\x69\x41\x19\x1F\xB6\xD5\xC5\x1D\xEB\x4C\xA1\x8C\xAF\xEF\xEB\x79\x69\x62\x87\x0D\x6A\x5D\xEE\x20", + 0, 31, 32 + }, + { + NULLPTR, + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xEA\xB1\xC5\xDD\xDF\xB5\x7C\x48\xC5\xB0\xB3\xF5\xBE\x5B\x47\x6D\xBB\xF5\xA3\x5C\x21\xD3\xDD\x94\x13\xA1\x04\xB8\x14\xF9\x2D\x4B", + 0, 32, 32 + }, + { + NULLPTR, + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x7E\x82\x07\x49\x14\x62\x11\x96\xC5\xE8\xF3\xCB\x0F\x21\x7B\x37\xAE\x9B\x64\x58\xF4\x66\x01\xB9\x21\x23\xAC\x48\x64\x30\x83\x8F", + 0, 33, 32 + }, + { + NULLPTR, + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x90\xB5\xA2\x5E\x8E\xA8\xA0\xC8\x74\x85\xAE\x18\x08\x9D\x92\xEB\x14\x5A\x5D\x4E\x2C\x60\x7B\xCB\x4B\x94\xD1\x0F\xAE\x59\x33\xC1", + 0, 63, 32 + }, + { + NULLPTR, + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x71\x27\x28\x45\x9E\x67\xD7\xED\xB7\xAE\xFA\x88\xFF\x5C\x7E\x7B\x5D\xA9\x94\xA1\xC3\xB1\x7B\x64\xFB\xC1\x4E\x47\xCA\xDA\x45\xDD", + 0, 64, 32 + }, + { + NULLPTR, + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x58\x72\x3B\xB1\xBE\x18\x33\x12\x31\x5E\x6E\xF7\xF2\xB1\x84\x60\x97\x2C\x19\xD3\x01\xAF\x42\x00\xAB\xDB\x04\x26\xFC\xB0\xC1\xF8", + 0, 65, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + NULLPTR, + "\x9A\xD4\x81\xEF\x81\x6C\xAC\xB6\x59\x35\x8E\x6D\x6B\x73\xF1\xE5\xAC\x71\xD6\x6E\x8B\x12\x6B\x73\xD9\xD9\x7D\x2F\xA7\xA4\x61\xB4", + 15, 0, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x61\x8C\xBE\x19\x4B\x28\xDC\xA3\x8B\xE5\x1A\x79\x37\x45\xB4\x66\x3D\xF1\x9D\xB5\x8F\xFF\xEF\xC4\x5D\x37\x82\x25\x93\xEB\xE2\x93", + 15, 15, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xF3\xEC\x81\x61\x44\x5C\x6E\x2E\xE6\x52\x6A\xCA\x5F\xD9\x25\x74\x2A\x33\xB9\x1F\xEF\x0F\x7E\x54\x4F\x50\xC2\xFB\x04\x3C\x52\xD2", + 15, 16, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xF4\x81\x43\x6E\x2F\x4C\x5D\x09\x21\x73\x24\xDA\xA6\x23\x9E\xFD\xF8\x82\xCE\x0E\x3E\x4C\xB4\x17\xCC\x27\xCD\x1A\xAE\x90\x9B\x94", + 15, 17, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x99\x5E\x74\x8E\x96\xFE\xC0\x39\x5B\x73\xA3\xC0\x4E\xC7\xF7\xBE\x89\x83\xCD\x18\x24\x60\x60\x7B\xBC\xF5\x50\xF5\x84\xD1\x71\x6B", + 15, 31, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x21\x6E\xB9\xE2\xE4\xAF\x94\x5F\x6A\xA3\xD2\xCA\x25\x72\xFB\x8F\xDB\x95\x2F\xAC\x1C\x69\xC1\x26\x28\x31\x63\x16\x25\xA5\x2C\xF8", + 15, 32, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xE3\x71\x9F\xD8\xAE\x68\xC8\xC4\x5D\x17\xDD\x21\x33\xBB\xE1\x61\x51\x22\xC2\x3B\x00\x6E\xDD\x66\x7E\x2A\x0A\x6B\x77\xA9\x0B\x8D", + 15, 33, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xD3\xF8\x5F\x1B\xBE\x9C\x53\xCB\x7F\x5F\x5F\x62\x4D\x06\x36\x8F\xF8\x15\xA7\xF5\xEB\x77\xC6\xC5\xB4\x81\x15\x01\x82\x8D\x9D\x40", + 15, 63, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xBF\xA3\xDA\x09\xF9\xDE\x1B\xE6\x57\x4B\x55\x82\x85\x69\x79\xA1\x89\xD6\xF4\x15\x8B\x03\xFA\xAC\x6E\x00\x80\x26\xF1\x6B\xA1\x28", + 15, 64, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x77\x45\xEA\x51\x24\x46\x53\x19\x6F\xE4\xED\x6B\x54\x5C\x9B\x95\x88\xF5\xD4\x2B\x4C\x3E\xE6\xB7\xA1\xA3\x9F\xC4\x3A\x27\x1E\x45", + 15, 65, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + NULLPTR, + "\xFD\x61\x6D\xA6\x8E\xEF\x10\x24\x16\xC7\xBD\x7D\xC8\xCA\xF8\x2B\x3D\x92\x7B\xCB\xDD\x06\x8E\x7C\xCA\xA7\x72\x76\xCE\x6C\x8C\xD4", + 16, 0, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x10\x18\x97\x28\xFB\x05\x1D\xA0\xA8\xD6\x8F\x1C\xAD\x81\xFC\x7C\xA2\x6D\x41\x4B\xAA\x0C\x2A\x95\xB7\xF4\xEF\x9A\x67\xB5\x26\x5F", + 16, 15, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x9E\x3B\x50\xF3\xB5\xF4\xC9\xB3\x57\x03\x74\xF1\xB3\xA0\x4B\x3C\xC1\x71\xB4\x30\x42\xE4\x65\x90\xE5\xE2\x8A\x4D\xBA\xCD\xB1\x9F", + 16, 16, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x69\x70\x88\xAB\x61\x39\x46\xEA\x3B\xEB\x98\x98\x78\xCD\x8E\xF1\xB5\x7E\x81\xFC\x42\x7D\x46\xB8\xDA\x85\xD2\xEB\xB8\x56\xE4\xAC", + 16, 17, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xD2\xDA\xAC\x63\x09\xF1\x81\xBB\xCC\x06\x0D\xCC\xB8\xFA\x67\x08\x14\xD4\x6A\x50\xD7\x4F\xBF\x3B\x4A\x2E\x39\x4D\x45\x55\x27\x2F", + 16, 31, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xEB\xB0\xF3\x27\xC3\xC4\x35\x97\x4F\x89\x73\x5A\x4D\xEB\xBB\x4C\x7C\xE9\x0C\x3E\x13\xEB\x07\x83\x74\x67\x0A\x86\xA7\xF4\xA8\x73", + 16, 32, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xC8\x96\xC3\x3A\x26\x77\x02\x84\x5D\x95\x1B\x0D\x9F\x5C\x07\xC5\x6D\x21\x5D\x7E\x20\xF1\x2F\xE0\x45\xE3\x50\x42\x9D\x58\xB0\xEA", + 16, 33, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x8A\x3C\x9F\xA4\xAC\x78\x82\xA7\x08\x76\xB9\xE1\xED\x22\x9B\x43\x45\xF4\xD4\x01\x76\xC4\xED\x5D\xA4\x5A\x41\xDE\x28\xB8\x09\x6C", + 16, 63, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x2D\x0C\x97\xBE\xD2\xF2\x13\x40\xB9\xC8\x15\x91\x6A\x55\x86\x7A\x43\xB1\xFD\xC7\x04\x08\x1B\x58\x37\x09\x12\x80\x40\x99\x7C\xED", + 16, 64, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xF7\xC0\x08\xE1\x31\x52\x9B\x71\x87\x51\xCF\xFF\x8B\x08\xA3\x14\x32\x08\x06\x8C\x22\xAD\x83\x97\x71\x95\xC5\x2C\xFC\x66\xA4\xAD", + 16, 65, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + NULLPTR, + "\xD0\xCE\x8E\x8D\xA0\xBA\xA4\x26\x0E\xD3\x1F\xD1\x7B\x78\xE6\x18\x15\xC6\xFF\xD8\x5A\xDB\x41\x8A\xE7\x36\xF0\xE7\xB9\x87\x2B\x6A", + 17, 0, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xCB\xE4\x63\xEB\x6B\x24\x6C\x08\x55\x84\x36\x30\x8E\xFA\xC1\x6B\x97\x43\xD7\x1F\x1F\x3E\x96\xBA\x7E\x87\xF2\x42\x3E\xF5\x69\x5E", + 17, 15, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xEF\x39\x55\x9D\x92\x20\xDC\xB6\x8C\x21\x79\xD6\x7C\x51\xB7\x36\xAC\x4E\xFC\xA1\xDE\x66\xC7\xED\x40\xBF\x23\x15\xD1\x25\x82\x4B", + 17, 16, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xE3\x3E\x44\x7B\xA2\x7F\x69\x21\x09\x57\x79\x72\xE7\x4B\xE0\xC7\xCD\x54\xDC\xCD\x55\x60\x75\x61\x82\x66\xD7\x5B\x6F\x60\xDD\x73", + 17, 17, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xA9\xC4\x29\x2F\x5B\x49\x9A\xE0\x71\xE7\xFD\x65\x98\x53\x42\xC0\xC0\xF1\x75\xBC\xB5\x7B\x5C\xA1\x61\xFC\x8B\x45\x44\x54\xEC\x06", + 17, 31, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x29\x60\xBD\x05\x28\xEA\xF1\xA9\x43\xEF\x2D\x87\xC7\xB5\x27\x47\x33\xBA\xC8\x0C\x9F\x1C\xF5\x72\x62\x4C\xA7\x9E\x10\x23\x66\x76", + 17, 32, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xE2\xF1\x33\x23\x9D\xD8\xBC\x60\x1F\xB7\xD8\x21\xF5\x13\x98\xE2\x5C\x24\x0E\xC0\x60\x18\xB4\x0B\x93\xF1\x04\x25\xC5\xEC\x20\x14", + 17, 33, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xEB\x4F\x8D\xB3\xF5\x03\x72\x55\x72\xCE\xF3\x91\x22\xCD\xEA\x5A\xC4\x9A\xD0\x42\xE1\xC4\x62\x90\xCE\x11\x9E\xFD\x11\xDB\xCA\x23", + 17, 63, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xB5\x9A\xA7\x74\xDA\xB8\xDE\x5C\xBB\xC3\x5A\xFC\xF0\xD7\xAF\x51\x1E\x0F\x05\x45\xDB\xDA\xB7\xA4\xA6\x52\xB2\x9E\x0E\x23\x14\x3D", + 17, 64, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x69\xA2\x95\x6C\x87\xED\x22\x76\x0A\x53\x75\x6D\x28\xF4\xCD\xC5\xF7\xF9\x88\x51\x73\xA7\xD9\x44\x0C\x96\xB1\x5F\xE5\x57\xFE\xE3", + 17, 65, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + NULLPTR, + "\x39\x4A\xB9\x85\xDD\xFF\x59\x59\x84\x5A\xF7\x54\xD6\xFC\x19\xFB\x94\x0E\xAE\xA4\xEA\x70\x54\x3E\x0D\x7E\x9D\xC7\x8A\x22\x77\x3B", + 31, 0, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x1B\x46\x57\xC0\x48\x26\x7B\xC6\x17\xEC\xD5\x76\x89\xEE\x81\xE5\x5B\xE0\xAC\xCE\xB7\x5D\x33\x2A\xAF\xB6\xE2\xF6\xC0\xBB\x93\xE6", + 31, 15, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x53\xB3\x3A\x58\x98\xD2\x0D\x25\x61\x5A\x0C\xF5\x74\x7F\x44\x2F\x51\x70\x31\x66\x5E\x41\x5E\xBC\xF5\xF0\x03\x12\x98\x12\x90\xCC", + 31, 16, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x0B\x2C\x2A\x74\x72\x12\x18\xE1\xCE\xCD\x8A\x7E\xFC\xCE\x8D\x57\xBE\x42\x1A\xCC\xA2\x20\x24\x33\xC5\x1E\x31\x54\x1F\xB6\x45\xBD", + 31, 17, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xEF\x13\x95\xD4\x42\xC9\x9A\x04\xFE\xF0\x11\xE9\x72\xA9\x37\x74\x3E\x14\xC4\x4C\x58\x0C\xAC\x81\x4A\x75\x73\x35\x05\xC0\x81\x32", + 31, 31, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x0D\x35\xCF\x7F\x82\x08\x1E\x1B\xE9\x1E\x75\xE1\x96\x05\x9F\xBD\x63\x94\x8E\xE0\x71\xEF\x53\xDE\x79\xC6\x68\x21\xD6\x8A\x5A\xE4", + 31, 32, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x74\x0D\xCB\x50\x59\x59\xB9\x48\x52\x2B\x0B\x2A\x1F\xFC\x4F\x12\xF5\x9F\x49\x11\xED\x43\x61\xA6\x38\x8D\xF9\x35\x5C\xCD\x18\xBB", + 31, 33, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xDD\x48\xE5\xE8\x86\x8E\x61\xFF\x8A\x85\xC6\x5A\xB8\x5A\x32\xD2\x2A\x9C\xA2\xC8\xDC\xB9\xD6\x0A\x44\xD3\xF1\xB4\x8B\x5B\xD3\x80", + 31, 63, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x81\xEF\xAD\x79\x16\xE4\x29\x02\xDB\x89\x8D\xF2\xA4\x6D\xB4\xC4\x2A\x8C\xC6\x7E\xDE\x9B\xF7\x63\xB2\x10\xED\x15\xED\x0A\x0E\x3C", + 31, 64, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xEB\x54\xC4\x8A\x8F\x92\x53\x4D\xDF\x1D\x78\xCA\x98\x38\xF9\x10\xE4\x05\xCD\x6D\xB6\x82\x3B\x76\xB7\x82\x3A\xD2\x20\x77\xD4\x89", + 31, 65, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + NULLPTR, + "\x18\xE3\xCE\x19\x98\x7B\xA5\x0B\x30\xDD\x14\x4C\x16\xF2\x26\x55\xEB\xA3\x14\x09\xD6\x62\x10\xBC\x38\xBB\xC1\x4B\x5D\xAB\x05\x19", + 32, 0, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x10\x9D\x6C\xB3\x37\x9C\x9E\x2B\xC9\x1C\xF9\x79\x7A\x46\xEA\xFA\x78\x5C\xA1\x54\x83\xBD\xC2\x67\x31\xFA\x66\xAC\x5D\x4C\xE7\xAB", + 32, 15, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x76\x83\x9A\x8F\xBC\x20\x81\xD6\x09\x5C\x97\x46\xD3\xD6\xA4\xC4\xC1\x17\x8E\x3B\x14\xFC\xFD\x8F\x72\x20\xEF\xC6\x0B\xD3\xFF\x42", + 32, 16, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xEA\x0C\x05\xE6\x8F\xD6\xA6\xA1\xD9\xFC\xDA\x3C\xCB\x49\x02\xA5\xF9\x5D\x80\x9E\x89\xF6\xA2\x15\x74\x48\x84\x87\x77\x47\x6D\xBB", + 32, 17, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x98\x79\xD8\x91\x48\xB3\x12\x10\xE8\x49\x73\x38\x1B\xFA\x6C\xCA\x85\x59\xF9\xF9\xFE\xD3\xF2\x98\x9E\x9D\x5C\xE8\x1E\x59\xB3\x46", + 32, 31, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xC7\x41\x7E\x23\xDD\x7D\xB0\x84\xCA\x64\x26\x5A\xE0\x98\xD7\xF2\x29\xE4\x4C\x88\xC9\xF9\x15\x00\x19\x73\xC7\xCF\x95\xF5\x30\x68", + 32, 32, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\x0F\xDA\x45\x55\xAC\x8F\xB0\x17\x1D\xF2\x41\x54\xFB\x41\x26\x16\x0C\x00\x84\x49\x3D\x54\xAE\x9F\x13\xD4\xE5\x11\x2B\x42\xB5\xF5", + 32, 33, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xF1\x1B\x54\x05\xCE\x3A\xEB\xA1\x1B\x49\x99\x43\xBF\x2C\x73\x10\x0E\x35\x6B\xEA\x40\xAC\xE5\xBC\xD8\xD5\xB0\xAE\xB2\x8E\xFB\x05", + 32, 63, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xEA\xAF\xA4\xBE\xD6\x9D\x98\x73\x5E\xDF\xFC\x35\xFD\xB8\x26\x18\xAC\x15\x9E\x2B\xB2\xF9\x36\xEC\x51\x58\x1E\xD8\x53\xB7\x11\x10", + 32, 64, 32 + }, + { + "\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61\x61", + "\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A\x7A", + "\xC3\x0A\xE0\xAB\xFA\x38\x3C\x3F\xBC\x44\xD3\x2A\x4F\xC8\xFA\x86\xF2\x15\x9E\x83\x75\x65\xE4\x78\x63\xED\xEF\x31\x79\xEC\x00\x21", + 32, 65, 32 + } + }; + + byte digest[BLAKE2s::DIGESTSIZE]; + for (unsigned int i=0; i +#include +#include + +// Aggressive stack checking with VS2005 SP1 and above. +#if (_MSC_FULL_VER >= 140050727) +# pragma strict_gs_check (on) +#endif + +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) +#endif + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Test) + +bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough) +{ + bool pass = true, fail; + + fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "cryptosystem key validation\n"; + + const byte *message = (byte *)"test message"; + const int messageLen = 12; + SecByteBlock ciphertext(priv.CiphertextLength(messageLen)); + SecByteBlock plaintext(priv.MaxPlaintextLength(ciphertext.size())); + + pub.Encrypt(GlobalRNG(), message, messageLen, ciphertext); + fail = priv.Decrypt(GlobalRNG(), ciphertext, priv.CiphertextLength(messageLen), plaintext) != DecodingResult(messageLen); + fail = fail || memcmp(message, plaintext, messageLen); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "encryption and decryption\n"; + + return pass; +} + +bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d) +{ + if (d.GetCryptoParameters().Validate(GlobalRNG(), 3)) + std::cout << "passed simple key agreement domain parameters validation" << std::endl; + else + { + std::cout << "FAILED simple key agreement domain parameters invalid" << std::endl; + return false; + } + + SecByteBlock priv1(d.PrivateKeyLength()), priv2(d.PrivateKeyLength()); + SecByteBlock pub1(d.PublicKeyLength()), pub2(d.PublicKeyLength()); + SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength()); + + d.GenerateKeyPair(GlobalRNG(), priv1, pub1); + d.GenerateKeyPair(GlobalRNG(), priv2, pub2); + + memset(val1.begin(), 0x10, val1.size()); + memset(val2.begin(), 0x11, val2.size()); + + if (!(d.Agree(val1, priv1, pub2) && d.Agree(val2, priv2, pub1))) + { + std::cout << "FAILED simple key agreement failed" << std::endl; + return false; + } + + if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength())) + { + std::cout << "FAILED simple agreed values not equal" << std::endl; + return false; + } + + std::cout << "passed simple key agreement" << std::endl; + return true; +} + +bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d) +{ + if (d.GetCryptoParameters().Validate(GlobalRNG(), 3)) + std::cout << "passed authenticated key agreement domain parameters validation" << std::endl; + else + { + std::cout << "FAILED authenticated key agreement domain parameters invalid" << std::endl; + return false; + } + + SecByteBlock spriv1(d.StaticPrivateKeyLength()), spriv2(d.StaticPrivateKeyLength()); + SecByteBlock epriv1(d.EphemeralPrivateKeyLength()), epriv2(d.EphemeralPrivateKeyLength()); + SecByteBlock spub1(d.StaticPublicKeyLength()), spub2(d.StaticPublicKeyLength()); + SecByteBlock epub1(d.EphemeralPublicKeyLength()), epub2(d.EphemeralPublicKeyLength()); + SecByteBlock val1(d.AgreedValueLength()), val2(d.AgreedValueLength()); + + d.GenerateStaticKeyPair(GlobalRNG(), spriv1, spub1); + d.GenerateStaticKeyPair(GlobalRNG(), spriv2, spub2); + d.GenerateEphemeralKeyPair(GlobalRNG(), epriv1, epub1); + d.GenerateEphemeralKeyPair(GlobalRNG(), epriv2, epub2); + + memset(val1.begin(), 0x10, val1.size()); + memset(val2.begin(), 0x11, val2.size()); + + if (!(d.Agree(val1, spriv1, epriv1, spub2, epub2) && d.Agree(val2, spriv2, epriv2, spub1, epub1))) + { + std::cout << "FAILED authenticated key agreement failed" << std::endl; + return false; + } + + if (memcmp(val1.begin(), val2.begin(), d.AgreedValueLength())) + { + std::cout << "FAILED authenticated agreed values not equal" << std::endl; + return false; + } + + std::cout << "passed authenticated key agreement" << std::endl; + return true; +} + +bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough) +{ + bool pass = true, fail; + + fail = !pub.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2) || !priv.GetMaterial().Validate(GlobalRNG(), thorough ? 3 : 2); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "signature key validation\n"; + + const byte message[] = "test message"; + const int messageLen = 12; + + SecByteBlock signature(priv.MaxSignatureLength()); + size_t signatureLength = priv.SignMessage(GlobalRNG(), message, messageLen, signature); + fail = !pub.VerifyMessage(message, messageLen, signature, signatureLength); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "signature and verification\n"; + + ++signature[0]; + fail = pub.VerifyMessage(message, messageLen, signature, signatureLength); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "checking invalid signature" << std::endl; + + if (priv.MaxRecoverableLength() > 0) + { + signatureLength = priv.SignMessageWithRecovery(GlobalRNG(), message, messageLen, NULLPTR, 0, signature); + SecByteBlock recovered(priv.MaxRecoverableLengthFromSignatureLength(signatureLength)); + DecodingResult result = pub.RecoverMessage(recovered, NULLPTR, 0, signature, signatureLength); + fail = !(result.isValidCoding && result.messageLength == messageLen && memcmp(recovered, message, messageLen) == 0); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "signature and verification with recovery" << std::endl; + + ++signature[0]; + result = pub.RecoverMessage(recovered, NULLPTR, 0, signature, signatureLength); + fail = result.isValidCoding; + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "recovery with invalid signature" << std::endl; + } + + return pass; +} + +bool ValidateBBS() +{ + std::cout << "\nBlumBlumShub validation suite running...\n\n"; + + Integer p("212004934506826557583707108431463840565872545889679278744389317666981496005411448865750399674653351"); + Integer q("100677295735404212434355574418077394581488455772477016953458064183204108039226017738610663984508231"); + Integer seed("63239752671357255800299643604761065219897634268887145610573595874544114193025997412441121667211431"); + BlumBlumShub bbs(p, q, seed); + bool pass = true, fail; + int j; + + const byte output1[] = { + 0x49,0xEA,0x2C,0xFD,0xB0,0x10,0x64,0xA0,0xBB,0xB9, + 0x2A,0xF1,0x01,0xDA,0xC1,0x8A,0x94,0xF7,0xB7,0xCE}; + const byte output2[] = { + 0x74,0x45,0x48,0xAE,0xAC,0xB7,0x0E,0xDF,0xAF,0xD7, + 0xD5,0x0E,0x8E,0x29,0x83,0x75,0x6B,0x27,0x46,0xA1}; + + byte buf[20]; + std::ostringstream oss; + + bbs.GenerateBlock(buf, 20); + fail = memcmp(output1, buf, 20) != 0; + pass = pass && !fail; + + oss << (fail ? "FAILED " : "passed "); + for (j=0;j<20;j++) + oss << std::setw(2) << std::setfill('0') << std::hex << (int)buf[j]; + oss << std::endl; + + bbs.Seek(10); + bbs.GenerateBlock(buf, 10); + fail = memcmp(output1+10, buf, 10) != 0; + pass = pass && !fail; + + oss << (fail ? "FAILED " : "passed "); + for (j=0;j<10;j++) + oss << std::setw(2) << std::setfill('0') << std::hex << (int)buf[j]; + oss << std::endl; + + bbs.Seek(1234567); + bbs.GenerateBlock(buf, 20); + fail = memcmp(output2, buf, 20) != 0; + pass = pass && !fail; + + oss << (fail ? "FAILED " : "passed "); + for (j=0;j<20;j++) + oss << std::setw(2) << std::setfill('0') << std::hex << (int)buf[j]; + oss << std::endl; + + std::cout << oss.str(); + return pass; +} + +bool ValidateECP() +{ + // Remove word recommend. Some ECP curves may not be recommended depending + // on whom you ask. ECP is more descriptive item in this case. + std::cout << "\nTesting SEC 2, NIST and Brainpool ECP curves...\n\n"; + bool pass = true; OID oid; + + while (!(oid = DL_GroupParameters_EC::GetNextRecommendedParametersOID(oid)).GetValues().empty()) + { + DL_GroupParameters_EC params(oid); + bool fail = !params.Validate(GlobalRNG(), 2); + std::cout << (fail ? "FAILED" : "passed") << " " << std::dec << params.GetCurve().GetField().MaxElementBitLength() << " bits\n"; + pass = pass && !fail; + } + + std::cout << "\nECP validation suite running...\n\n"; + return ValidateECP_Agreement() && ValidateECP_Encrypt() && ValidateECP_Sign() && pass; +} + +bool ValidateEC2N() +{ + // Remove word recommend. Binary curves may not be recommended depending + // on whom you ask. EC2N is more descriptive item in this case. + std::cout << "\nTesting SEC 2 EC2N curves...\n\n"; + bool pass = true; OID oid; + +#if 1 // TODO: turn this back on when I make EC2N faster for pentanomial basis + while (!(oid = DL_GroupParameters_EC::GetNextRecommendedParametersOID(oid)).GetValues().empty()) + { + DL_GroupParameters_EC params(oid); + bool fail = !params.Validate(GlobalRNG(), 2); + std::cout << (fail ? "FAILED" : "passed") << " " << params.GetCurve().GetField().MaxElementBitLength() << " bits\n"; + pass = pass && !fail; + } +#endif + + std::cout << "\nEC2N validation suite running...\n\n"; + return ValidateEC2N_Agreement() && ValidateEC2N_Encrypt() && ValidateEC2N_Sign() && pass; +} + +bool ValidateRSA() +{ + std::cout << "\nRSA validation suite running...\n\n"; + return ValidateRSA_Encrypt() && ValidateRSA_Sign(); +} + +bool ValidateLUC() +{ + std::cout << "\nLUC validation suite running...\n\n"; + return ValidateLUC_Encrypt() && ValidateLUC_Sign(); +} + +bool ValidateLUC_DL() +{ + // Prologue printed in each function + return ValidateLUC_DL_Encrypt() && ValidateLUC_DL_Sign(); +} + +bool ValidateRabin() +{ + std::cout << "\nRabin validation suite running...\n\n"; + return ValidateRabin_Encrypt() && ValidateRabin_Sign(); +} + +NAMESPACE_END // Test +NAMESPACE_END // CryptoPP diff --git a/vendor/cryptopp/vendor_cryptopp/validat7.cpp b/vendor/cryptopp/vendor_cryptopp/validat7.cpp new file mode 100644 index 00000000..b240993f --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/validat7.cpp @@ -0,0 +1,622 @@ +// validat7.cpp - originally written and placed in the public domain by Wei Dai +// CryptoPP::Test namespace added by JW in February 2017. +// Source files split in July 2018 to expedite compiles. + +#include "pch.h" + +#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 + +#include "cryptlib.h" +#include "cpu.h" +#include "validate.h" + +#include "asn.h" +#include "oids.h" + +#include "sha.h" +#include "sha3.h" + +#include "dh.h" +#include "luc.h" +#include "mqv.h" +#include "xtr.h" +#include "hmqv.h" +#include "pubkey.h" +#include "xtrcrypt.h" +#include "eccrypto.h" + +// Curve25519 +#include "xed25519.h" +#include "donna.h" +#include "naclite.h" + +#include +#include +#include + +// Aggressive stack checking with VS2005 SP1 and above. +#if (_MSC_FULL_VER >= 140050727) +# pragma strict_gs_check (on) +#endif + +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) +#endif + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Test) + +bool ValidateDH() +{ + std::cout << "\nDH validation suite running...\n\n"; + + FileSource f(DataDir("TestData/dh1024.dat").c_str(), true, new HexDecoder); + DH dh(f); + return SimpleKeyAgreementValidate(dh); +} + +bool ValidateX25519() +{ + std::cout << "\nx25519 validation suite running...\n\n"; + + FileSource f(DataDir("TestData/x25519.dat").c_str(), true, new HexDecoder); + x25519 dh(f); + return SimpleKeyAgreementValidate(dh); +} + +bool ValidateMQV() +{ + std::cout << "\nMQV validation suite running...\n\n"; + + FileSource f(DataDir("TestData/mqv1024.dat").c_str(), true, new HexDecoder); + MQV mqv(f); + return AuthenticatedKeyAgreementValidate(mqv); +} + +bool ValidateHMQV() +{ + std::cout << "\nHMQV validation suite running...\n\n"; + + ECHMQV256 hmqvB(false); + FileSource f256(DataDir("TestData/hmqv256.dat").c_str(), true, new HexDecoder); + FileSource f384(DataDir("TestData/hmqv384.dat").c_str(), true, new HexDecoder); + FileSource f512(DataDir("TestData/hmqv512.dat").c_str(), true, new HexDecoder); + hmqvB.AccessGroupParameters().BERDecode(f256); + + std::cout << "HMQV with NIST P-256 and SHA-256:" << std::endl; + + if (hmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3)) + std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl; + else + { + std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl; + return false; + } + + const OID oid = ASN1::secp256r1(); + ECHMQV< ECP >::Domain hmqvA(oid, true /*client*/); + + if (hmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3)) + std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl; + else + { + std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl; + return false; + } + + SecByteBlock sprivA(hmqvA.StaticPrivateKeyLength()), sprivB(hmqvB.StaticPrivateKeyLength()); + SecByteBlock eprivA(hmqvA.EphemeralPrivateKeyLength()), eprivB(hmqvB.EphemeralPrivateKeyLength()); + SecByteBlock spubA(hmqvA.StaticPublicKeyLength()), spubB(hmqvB.StaticPublicKeyLength()); + SecByteBlock epubA(hmqvA.EphemeralPublicKeyLength()), epubB(hmqvB.EphemeralPublicKeyLength()); + SecByteBlock valA(hmqvA.AgreedValueLength()), valB(hmqvB.AgreedValueLength()); + + hmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA); + hmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB); + hmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA); + hmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB); + + std::memset(valA.begin(), 0x00, valA.size()); + std::memset(valB.begin(), 0x11, valB.size()); + + if (!(hmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && hmqvB.Agree(valB, sprivB, eprivB, spubA, epubA))) + { + std::cout << "FAILED authenticated key agreement failed" << std::endl; + return false; + } + + if (memcmp(valA.begin(), valB.begin(), hmqvA.AgreedValueLength())) + { + std::cout << "FAILED authenticated agreed values not equal" << std::endl; + return false; + } + + std::cout << "passed authenticated key agreement" << std::endl; + + // Now test HMQV with NIST P-384 curve and SHA384 hash + std::cout << std::endl; + std::cout << "HMQV with NIST P-384 and SHA-384:" << std::endl; + + ECHMQV384 hmqvB384(false); + hmqvB384.AccessGroupParameters().BERDecode(f384); + + if (hmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3)) + std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl; + else + { + std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl; + return false; + } + + const OID oid384 = ASN1::secp384r1(); + ECHMQV384 hmqvA384(oid384, true /*client*/); + + if (hmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3)) + std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl; + else + { + std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl; + return false; + } + + SecByteBlock sprivA384(hmqvA384.StaticPrivateKeyLength()), sprivB384(hmqvB384.StaticPrivateKeyLength()); + SecByteBlock eprivA384(hmqvA384.EphemeralPrivateKeyLength()), eprivB384(hmqvB384.EphemeralPrivateKeyLength()); + SecByteBlock spubA384(hmqvA384.StaticPublicKeyLength()), spubB384(hmqvB384.StaticPublicKeyLength()); + SecByteBlock epubA384(hmqvA384.EphemeralPublicKeyLength()), epubB384(hmqvB384.EphemeralPublicKeyLength()); + SecByteBlock valA384(hmqvA384.AgreedValueLength()), valB384(hmqvB384.AgreedValueLength()); + + hmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384); + hmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384); + hmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384); + hmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384); + + std::memset(valA384.begin(), 0x00, valA384.size()); + std::memset(valB384.begin(), 0x11, valB384.size()); + + if (!(hmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && hmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384))) + { + std::cout << "FAILED authenticated key agreement failed" << std::endl; + return false; + } + + if (memcmp(valA384.begin(), valB384.begin(), hmqvA384.AgreedValueLength())) + { + std::cout << "FAILED authenticated agreed values not equal" << std::endl; + return false; + } + + std::cout << "passed authenticated key agreement" << std::endl; + + return true; +} + +bool ValidateFHMQV() +{ +std::cout << "\nFHMQV validation suite running...\n\n"; + + //ECFHMQV< ECP >::Domain fhmqvB(false /*server*/); + ECFHMQV256 fhmqvB(false); + FileSource f256(DataDir("TestData/fhmqv256.dat").c_str(), true, new HexDecoder); + FileSource f384(DataDir("TestData/fhmqv384.dat").c_str(), true, new HexDecoder); + FileSource f512(DataDir("TestData/fhmqv512.dat").c_str(), true, new HexDecoder); + fhmqvB.AccessGroupParameters().BERDecode(f256); + + std::cout << "FHMQV with NIST P-256 and SHA-256:" << std::endl; + + if (fhmqvB.GetCryptoParameters().Validate(GlobalRNG(), 3)) + std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl; + else + { + std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl; + return false; + } + + const OID oid = ASN1::secp256r1(); + ECFHMQV< ECP >::Domain fhmqvA(oid, true /*client*/); + + if (fhmqvA.GetCryptoParameters().Validate(GlobalRNG(), 3)) + std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl; + else + { + std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl; + return false; + } + + SecByteBlock sprivA(fhmqvA.StaticPrivateKeyLength()), sprivB(fhmqvB.StaticPrivateKeyLength()); + SecByteBlock eprivA(fhmqvA.EphemeralPrivateKeyLength()), eprivB(fhmqvB.EphemeralPrivateKeyLength()); + SecByteBlock spubA(fhmqvA.StaticPublicKeyLength()), spubB(fhmqvB.StaticPublicKeyLength()); + SecByteBlock epubA(fhmqvA.EphemeralPublicKeyLength()), epubB(fhmqvB.EphemeralPublicKeyLength()); + SecByteBlock valA(fhmqvA.AgreedValueLength()), valB(fhmqvB.AgreedValueLength()); + + fhmqvA.GenerateStaticKeyPair(GlobalRNG(), sprivA, spubA); + fhmqvB.GenerateStaticKeyPair(GlobalRNG(), sprivB, spubB); + fhmqvA.GenerateEphemeralKeyPair(GlobalRNG(), eprivA, epubA); + fhmqvB.GenerateEphemeralKeyPair(GlobalRNG(), eprivB, epubB); + + std::memset(valA.begin(), 0x00, valA.size()); + std::memset(valB.begin(), 0x11, valB.size()); + + if (!(fhmqvA.Agree(valA, sprivA, eprivA, spubB, epubB) && fhmqvB.Agree(valB, sprivB, eprivB, spubA, epubA))) + { + std::cout << "FAILED authenticated key agreement failed" << std::endl; + return false; + } + + if (memcmp(valA.begin(), valB.begin(), fhmqvA.AgreedValueLength())) + { + std::cout << "FAILED authenticated agreed values not equal" << std::endl; + return false; + } + + std::cout << "passed authenticated key agreement" << std::endl; + + // Now test FHMQV with NIST P-384 curve and SHA384 hash + std::cout << std::endl; + std::cout << "FHMQV with NIST P-384 and SHA-384:" << std::endl; + + ECHMQV384 fhmqvB384(false); + fhmqvB384.AccessGroupParameters().BERDecode(f384); + + if (fhmqvB384.GetCryptoParameters().Validate(GlobalRNG(), 3)) + std::cout << "passed authenticated key agreement domain parameters validation (server)" << std::endl; + else + { + std::cout << "FAILED authenticated key agreement domain parameters invalid (server)" << std::endl; + return false; + } + + const OID oid384 = ASN1::secp384r1(); + ECHMQV384 fhmqvA384(oid384, true /*client*/); + + if (fhmqvA384.GetCryptoParameters().Validate(GlobalRNG(), 3)) + std::cout << "passed authenticated key agreement domain parameters validation (client)" << std::endl; + else + { + std::cout << "FAILED authenticated key agreement domain parameters invalid (client)" << std::endl; + return false; + } + + SecByteBlock sprivA384(fhmqvA384.StaticPrivateKeyLength()), sprivB384(fhmqvB384.StaticPrivateKeyLength()); + SecByteBlock eprivA384(fhmqvA384.EphemeralPrivateKeyLength()), eprivB384(fhmqvB384.EphemeralPrivateKeyLength()); + SecByteBlock spubA384(fhmqvA384.StaticPublicKeyLength()), spubB384(fhmqvB384.StaticPublicKeyLength()); + SecByteBlock epubA384(fhmqvA384.EphemeralPublicKeyLength()), epubB384(fhmqvB384.EphemeralPublicKeyLength()); + SecByteBlock valA384(fhmqvA384.AgreedValueLength()), valB384(fhmqvB384.AgreedValueLength()); + + fhmqvA384.GenerateStaticKeyPair(GlobalRNG(), sprivA384, spubA384); + fhmqvB384.GenerateStaticKeyPair(GlobalRNG(), sprivB384, spubB384); + fhmqvA384.GenerateEphemeralKeyPair(GlobalRNG(), eprivA384, epubA384); + fhmqvB384.GenerateEphemeralKeyPair(GlobalRNG(), eprivB384, epubB384); + + std::memset(valA384.begin(), 0x00, valA384.size()); + std::memset(valB384.begin(), 0x11, valB384.size()); + + if (!(fhmqvA384.Agree(valA384, sprivA384, eprivA384, spubB384, epubB384) && fhmqvB384.Agree(valB384, sprivB384, eprivB384, spubA384, epubA384))) + { + std::cout << "FAILED authenticated key agreement failed" << std::endl; + return false; + } + + if (memcmp(valA384.begin(), valB384.begin(), fhmqvA384.AgreedValueLength())) + { + std::cout << "FAILED authenticated agreed values not equal" << std::endl; + return false; + } + + std::cout << "passed authenticated key agreement" << std::endl; + + return true; +} + +bool ValidateLUC_DH() +{ + std::cout << "\nLUC-DH validation suite running...\n\n"; + + FileSource f(DataDir("TestData/lucd512.dat").c_str(), true, new HexDecoder); + LUC_DH dh(f); + return SimpleKeyAgreementValidate(dh); +} + +bool ValidateXTR_DH() +{ + std::cout << "\nXTR-DH validation suite running...\n\n"; + + FileSource f(DataDir("TestData/xtrdh171.dat").c_str(), true, new HexDecoder); + XTR_DH dh(f); + return SimpleKeyAgreementValidate(dh); +} + +bool ValidateECP_Agreement() +{ + ECDH::Domain ecdhc(ASN1::secp192r1()); + ECMQV::Domain ecmqvc(ASN1::secp192r1()); + bool pass = SimpleKeyAgreementValidate(ecdhc); + pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; + + std::cout << "Turning on point compression..." << std::endl; + ecdhc.AccessGroupParameters().SetPointCompression(true); + ecmqvc.AccessGroupParameters().SetPointCompression(true); + pass = SimpleKeyAgreementValidate(ecdhc) && pass; + pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; + + return pass; +} + +bool ValidateEC2N_Agreement() +{ + ECDH::Domain ecdhc(ASN1::sect193r1()); + ECMQV::Domain ecmqvc(ASN1::sect193r1()); + bool pass = SimpleKeyAgreementValidate(ecdhc); + pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; + + std::cout << "Turning on point compression..." << std::endl; + ecdhc.AccessGroupParameters().SetPointCompression(true); + ecmqvc.AccessGroupParameters().SetPointCompression(true); + pass = SimpleKeyAgreementValidate(ecdhc) && pass; + pass = AuthenticatedKeyAgreementValidate(ecmqvc) && pass; + + return pass; +} + +// TestX25519 is slighty more comprehensive than ValidateX25519 +// because it cross-validates against Bernstein's NaCL library. +// TestX25519 called in Debug builds. +bool TestX25519() +{ + std::cout << "\nTesting curve25519 Key Agreements...\n\n"; + const unsigned int AGREE_COUNT = 64; + bool pass = true; + + try { + + FileSource f1(DataDir("TestData/x25519.dat").c_str(), true, new HexDecoder); + FileSource f2(DataDir("TestData/x25519v0.dat").c_str(), true, new HexDecoder); + FileSource f3(DataDir("TestData/x25519v1.dat").c_str(), true, new HexDecoder); + + x25519 x1(f1); + x25519 x2(f2); + x25519 x3(f3); + + FileSource f4(DataDir("TestData/x25519.dat").c_str(), true, new HexDecoder); + FileSource f5(DataDir("TestData/x25519v0.dat").c_str(), true, new HexDecoder); + FileSource f6(DataDir("TestData/x25519v1.dat").c_str(), true, new HexDecoder); + + x1.Load(f4); + x2.Load(f5); + x3.Load(f6); + } + catch (const BERDecodeErr&) { + pass = false; + } + + SecByteBlock priv1(32), priv2(32), pub1(32), pub2(32), share1(32), share2(32); + for (unsigned int i=0; i +#include +#include + +// Aggressive stack checking with VS2005 SP1 and above. +#if (_MSC_FULL_VER >= 140050727) +# pragma strict_gs_check (on) +#endif + +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) +#endif + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Test) + +bool ValidateRSA_Encrypt() +{ + // Must be large enough for RSA-3072 to test SHA3_256 + byte out[256], outPlain[128]; + bool pass = true, fail; + + { + FileSource keys(DataDir("TestData/rsa1024.dat").c_str(), true, new HexDecoder); + RSAES_PKCS1v15_Decryptor rsaPriv(keys); + RSAES_PKCS1v15_Encryptor rsaPub(rsaPriv); + + pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass; + } + { + RSAES >::Decryptor rsaPriv(GlobalRNG(), 512); + RSAES >::Encryptor rsaPub(rsaPriv); + + pass = CryptoSystemValidate(rsaPriv, rsaPub) && pass; + } + { + byte *plain = (byte *) + "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; + static const byte encrypted[] = + "\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" + "\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" + "\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" + "\x62\x51"; + static const byte oaepSeed[] = + "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2" + "\xf0\x6c\xb5\x8f"; + ByteQueue bq; + bq.Put(oaepSeed, 20); + FixedRNG rng(bq); + + FileSource privFile(DataDir("TestData/rsa400pv.dat").c_str(), true, new HexDecoder); + FileSource pubFile(DataDir("TestData/rsa400pb.dat").c_str(), true, new HexDecoder); + RSAES_OAEP_SHA_Decryptor rsaPriv; + rsaPriv.AccessKey().BERDecodePrivateKey(privFile, false, 0); + RSAES_OAEP_SHA_Encryptor rsaPub(pubFile); + + memset(out, 0, 50); + memset(outPlain, 0, 8); + rsaPub.Encrypt(rng, plain, 8, out); + DecodingResult result = rsaPriv.FixedLengthDecrypt(GlobalRNG(), encrypted, outPlain); + fail = !result.isValidCoding || (result.messageLength!=8) || memcmp(out, encrypted, 50) || memcmp(plain, outPlain, 8); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "PKCS 2.0 encryption and decryption\n"; + } + + return pass; +} + +bool ValidateLUC_Encrypt() +{ + FileSource f(DataDir("TestData/luc1024.dat").c_str(), true, new HexDecoder); + LUCES_OAEP_SHA_Decryptor priv(GlobalRNG(), 512); + LUCES_OAEP_SHA_Encryptor pub(priv); + return CryptoSystemValidate(priv, pub); +} + +bool ValidateLUC_DL_Encrypt() +{ + std::cout << "\nLUC-IES validation suite running...\n\n"; + + FileSource fc(DataDir("TestData/lucc512.dat").c_str(), true, new HexDecoder); + LUC_IES<>::Decryptor privC(fc); + LUC_IES<>::Encryptor pubC(privC); + return CryptoSystemValidate(privC, pubC); +} + +bool ValidateRabin_Encrypt() +{ + FileSource f(DataDir("TestData/rabi1024.dat").c_str(), true, new HexDecoder); + RabinES >::Decryptor priv(f); + RabinES >::Encryptor pub(priv); + return CryptoSystemValidate(priv, pub); +} + +bool ValidateECP_Encrypt() +{ + ECIES::Decryptor cpriv(GlobalRNG(), ASN1::secp192r1()); + ECIES::Encryptor cpub(cpriv); + ByteQueue bq; + cpriv.GetKey().DEREncode(bq); + cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true); + cpub.GetKey().DEREncode(bq); + + cpub.AccessKey().Precompute(); + cpriv.AccessKey().Precompute(); + bool pass = CryptoSystemValidate(cpriv, cpub); + + std::cout << "Turning on point compression..." << std::endl; + cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true); + cpub.AccessKey().AccessGroupParameters().SetPointCompression(true); + pass = CryptoSystemValidate(cpriv, cpub) && pass; + + return pass; +} + +bool ValidateEC2N_Encrypt() +{ + // DEREncode() changed to Save() at Issue 569. + ECIES::Decryptor cpriv(GlobalRNG(), ASN1::sect193r1()); + ECIES::Encryptor cpub(cpriv); + ByteQueue bq; + cpriv.AccessMaterial().Save(bq); + cpub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true); + cpub.AccessMaterial().Save(bq); + bool pass = CryptoSystemValidate(cpriv, cpub); + + std::cout << "Turning on point compression..." << std::endl; + cpriv.AccessKey().AccessGroupParameters().SetPointCompression(true); + cpub.AccessKey().AccessGroupParameters().SetPointCompression(true); + pass = CryptoSystemValidate(cpriv, cpub) && pass; + + return pass; +} + +bool ValidateElGamal() +{ + std::cout << "\nElGamal validation suite running...\n\n"; + bool pass = true; + { + FileSource fc(DataDir("TestData/elgc1024.dat").c_str(), true, new HexDecoder); + ElGamalDecryptor privC(fc); + ElGamalEncryptor pubC(privC); + privC.AccessKey().Precompute(); + ByteQueue queue; + privC.AccessKey().SavePrecomputation(queue); + privC.AccessKey().LoadPrecomputation(queue); + + pass = CryptoSystemValidate(privC, pubC) && pass; + } + return pass; +} + +bool ValidateDLIES() +{ + std::cout << "\nDLIES validation suite running...\n\n"; + bool pass = true; + { + FileSource fc(DataDir("TestData/dlie1024.dat").c_str(), true, new HexDecoder); + DLIES<>::Decryptor privC(fc); + DLIES<>::Encryptor pubC(privC); + pass = CryptoSystemValidate(privC, pubC) && pass; + } + { + std::cout << "Generating new encryption key..." << std::endl; + DLIES<>::GroupParameters gp; + gp.GenerateRandomWithKeySize(GlobalRNG(), 128); + DLIES<>::Decryptor decryptor; + decryptor.AccessKey().GenerateRandom(GlobalRNG(), gp); + DLIES<>::Encryptor encryptor(decryptor); + + pass = CryptoSystemValidate(decryptor, encryptor) && pass; + } + return pass; +} + +NAMESPACE_END // Test +NAMESPACE_END // CryptoPP diff --git a/vendor/cryptopp/vendor_cryptopp/validat9.cpp b/vendor/cryptopp/vendor_cryptopp/validat9.cpp new file mode 100644 index 00000000..735afe51 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/validat9.cpp @@ -0,0 +1,704 @@ +// validat9.cpp - originally written and placed in the public domain by Wei Dai +// CryptoPP::Test namespace added by JW in February 2017. +// Source files split in July 2018 to expedite compiles. + +#include "pch.h" + +#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 + +#include "cryptlib.h" +#include "cpu.h" +#include "validate.h" + +#include "asn.h" +#include "oids.h" + +#include "md2.h" +#include "md4.h" +#include "md5.h" + +#include "sha.h" +#include "sha3.h" +#include "pssr.h" +#include "ripemd.h" +#include "whrlpool.h" + +#include "rw.h" +#include "dsa.h" +#include "luc.h" +#include "rsa.h" +#include "esign.h" +#include "rabin.h" +#include "pubkey.h" +#include "eccrypto.h" + +// Curve25519 +#include "xed25519.h" +#include "donna.h" +#include "naclite.h" + +#include +#include +#include + +// Aggressive stack checking with VS2005 SP1 and above. +#if (_MSC_FULL_VER >= 140050727) +# pragma strict_gs_check (on) +#endif + +#if CRYPTOPP_MSC_VERSION +# pragma warning(disable: 4505 4355) +#endif + +NAMESPACE_BEGIN(CryptoPP) +NAMESPACE_BEGIN(Test) + +bool ValidateRSA_Sign() +{ + // Must be large enough for RSA-3072 to test SHA3_256 + byte out[256]; + bool pass = true, fail; + + { + const char plain[] = "Everyone gets Friday off."; + const byte signature[] = + "\x05\xfa\x6a\x81\x2f\xc7\xdf\x8b\xf4\xf2\x54\x25\x09\xe0\x3e\x84" + "\x6e\x11\xb9\xc6\x20\xbe\x20\x09\xef\xb4\x40\xef\xbc\xc6\x69\x21" + "\x69\x94\xac\x04\xf3\x41\xb5\x7d\x05\x20\x2d\x42\x8f\xb2\xa2\x7b" + "\x5c\x77\xdf\xd9\xb1\x5b\xfc\x3d\x55\x93\x53\x50\x34\x10\xc1\xe1"; + + FileSource keys(DataDir("TestData/rsa512a.dat").c_str(), true, new HexDecoder); + Weak::RSASSA_PKCS1v15_MD2_Signer rsaPriv(keys); + Weak::RSASSA_PKCS1v15_MD2_Verifier rsaPub(rsaPriv); + + size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out); + CRYPTOPP_ASSERT(signatureLength <= sizeof(out)); + fail = memcmp(signature, out, signatureLength) != 0; + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "signature check against test vector\n"; + + fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "verification check against test vector\n"; + + out[10]++; + fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "invalid signature verification\n"; + } + ///// + { + const char plain[] = "Everyone gets Friday off."; + const byte signature[] = + "\x2e\x87\xda\x1f\xe4\xda\x1d\x7a\xb7\xf2\x42\x36\xe9\xc0\x4e\xab\x3f\x03\x71\xe1" + "\x2b\xc5\x3c\xbf\x21\x21\xa8\xd6\x28\xb0\x08\xfd\x9c\xf6\x94\xbd\x37\x32\xda\xfc" + "\x42\x1c\x8e\xdb\x8a\x81\x90\x46\x45\xb4\xde\x9e\xce\x90\xfe\xa1\xfd\xbc\x5a\xce" + "\xca\x59\x89\x93\xc0\x0f\x2f\xf1\x13\xb0\xf5\x3d\xa3\x9a\x85\xb7\x40\xd9\x34\x88" + "\x29\xb2\x4a\x0f\x9b\xbe\x22\x3a\x5b\x54\x51\xb7\xf0\x10\x72\x50\xc4\x2a\xe9\xe4" + "\xc3\x82\xeb\x32\x33\x14\xb6\xf2\x7b\x30\x7a\xbf\xc2\xf3\x0f\x4d\x72\xa0\x8d\xa1" + "\xc6\xce\xd0\xa3\x3c\xf7\x23\x4b\xb7\x2c\x5e\xca\x83\x01\xc7\x5c\xd5\xd0\xd1\x94" + "\x43\xf0\xad\xa2\xe6\x72\x2b\x13\x39\xb2\x4b\x25\x91\x3a\x4f\x53\x05\x00\x8c\xc7" + "\xcf\x4f\x11\x64\xe6\xf4\x1a\x4d\x90\x7e\xf1\xfe\xed\xec\x8d\xbb\x00\x31\x2e\x03" + "\xbe\x87\x84\x60\xfb\x5e\xef\x9d\x18\x2c\x28\x3d\xaa\x67\x80\xa3\x62\x07\x06\x5e" + "\xce\xee\x3b\xd0\x78\xb5\x98\x38\x1e\xe8\x62\x19\x9c\xc3\xd4\xf7\xc2\xc5\x00\xf0" + "\xeb\x89\x65\x53\x35\xe7\x13\x7e\xbb\x26\xb0\x76\x9c\xf2\x80\xaa\xe1\xb1\x0a\xa6" + "\x47\xfc\x5f\xe0\x7f\x82\xd7\x83\x41\xc3\x50\xa1\xe0\x0e\x1a\xe4"; + + FileSource keys(DataDir("TestData/rsa2048a.dat").c_str(), true, new HexDecoder); + RSASS::Signer rsaPriv(keys); + RSASS::Verifier rsaPub(rsaPriv); + + size_t signatureLength = rsaPriv.SignMessage(GlobalRNG(), (byte *)plain, strlen(plain), out); + CRYPTOPP_ASSERT(signatureLength <= sizeof(out)); + fail = memcmp(signature, out, signatureLength) != 0; + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "signature check against test vector\n"; + + fail = !rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "verification check against test vector\n"; + + out[10]++; + fail = rsaPub.VerifyMessage((byte *)plain, strlen(plain), out, signatureLength); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "invalid signature verification\n"; + } + + return pass; +} + +bool ValidateNR() +{ + std::cout << "\nNR validation suite running...\n\n"; + bool pass = true; + { + FileSource f(DataDir("TestData/nr2048.dat").c_str(), true, new HexDecoder); + NR::Signer privS(f); + privS.AccessKey().Precompute(); + NR::Verifier pubS(privS); + + pass = SignatureValidate(privS, pubS) && pass; + } + { + std::cout << "Generating new signature key..." << std::endl; + NR::Signer privS(GlobalRNG(), 256); + NR::Verifier pubS(privS); + + pass = SignatureValidate(privS, pubS) && pass; + } + return pass; +} + +bool ValidateDSA(bool thorough) +{ + std::cout << "\nDSA validation suite running...\n\n"; + + bool pass = true; + FileSource fs1(DataDir("TestData/dsa1024.dat").c_str(), true, new HexDecoder); + DSA::Signer priv(fs1); + DSA::Verifier pub(priv); + FileSource fs2(DataDir("TestData/dsa1024b.dat").c_str(), true, new HexDecoder); + DSA::Verifier pub1(fs2); + CRYPTOPP_ASSERT(pub.GetKey() == pub1.GetKey()); + pass = SignatureValidate(priv, pub, thorough) && pass; + + return pass; +} + +bool ValidateLUC_Sign() +{ + FileSource f(DataDir("TestData/luc1024.dat").c_str(), true, new HexDecoder); + LUCSSA_PKCS1v15_SHA_Signer priv(f); + LUCSSA_PKCS1v15_SHA_Verifier pub(priv); + return SignatureValidate(priv, pub); +} + +bool ValidateLUC_DL_Sign() +{ + std::cout << "\nLUC-HMP validation suite running...\n\n"; + + FileSource f(DataDir("TestData/lucs512.dat").c_str(), true, new HexDecoder); + LUC_HMP::Signer privS(f); + LUC_HMP::Verifier pubS(privS); + return SignatureValidate(privS, pubS); +} + +bool ValidateRabin_Sign() +{ + FileSource f(DataDir("TestData/rabi1024.dat").c_str(), true, new HexDecoder); + RabinSS::Signer priv(f); + RabinSS::Verifier pub(priv); + return SignatureValidate(priv, pub); +} + +bool ValidateRW() +{ + std::cout << "\nRW validation suite running...\n\n"; + + FileSource f(DataDir("TestData/rw1024.dat").c_str(), true, new HexDecoder); + RWSS::Signer priv(f); + RWSS::Verifier pub(priv); + + return SignatureValidate(priv, pub); +} + +bool ValidateECP_Sign() +{ + ECDSA::Signer spriv(GlobalRNG(), ASN1::secp192r1()); + ECDSA::Verifier spub(spriv); + ByteQueue bq; + spriv.GetKey().DEREncode(bq); + spub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true); + spub.GetKey().DEREncode(bq); + spriv.AccessKey().BERDecode(bq); + spub.AccessKey().BERDecode(bq); + + spriv.AccessKey().Precompute(); + ByteQueue queue; + spriv.AccessKey().SavePrecomputation(queue); + spriv.AccessKey().LoadPrecomputation(queue); + + return SignatureValidate(spriv, spub); +} + +bool ValidateEC2N_Sign() +{ + // DEREncode() changed to Save() at Issue 569. + ECDSA::Signer spriv(GlobalRNG(), ASN1::sect193r1()); + ECDSA::Verifier spub(spriv); + ByteQueue bq; + spriv.AccessMaterial().Save(bq); + spub.AccessKey().AccessGroupParameters().SetEncodeAsOID(true); + spub.AccessMaterial().Save(bq); + spriv.AccessMaterial().Load(bq); + spub.AccessMaterial().Load(bq); + + spriv.AccessKey().Precompute(); + ByteQueue queue; + spriv.AccessKey().SavePrecomputation(queue); + spriv.AccessKey().LoadPrecomputation(queue); + + return SignatureValidate(spriv, spub); +} + +bool ValidateECDSA() +{ + std::cout << "\nECDSA validation suite running...\n\n"; + + // from Sample Test Vectors for P1363 + GF2NT gf2n(191, 9, 0); + byte a[]="\x28\x66\x53\x7B\x67\x67\x52\x63\x6A\x68\xF5\x65\x54\xE1\x26\x40\x27\x6B\x64\x9E\xF7\x52\x62\x67"; + byte b[]="\x2E\x45\xEF\x57\x1F\x00\x78\x6F\x67\xB0\x08\x1B\x94\x95\xA3\xD9\x54\x62\xF5\xDE\x0A\xA1\x85\xEC"; + EC2N ec(gf2n, PolynomialMod2(a,24), PolynomialMod2(b,24)); + + EC2N::Point P; + bool result = ec.DecodePoint(P, (byte *)"\x04\x36\xB3\xDA\xF8\xA2\x32\x06\xF9\xC4\xF2\x99\xD7\xB2\x1A\x9C\x36\x91\x37\xF2\xC8\x4A\xE1\xAA\x0D" + "\x76\x5B\xE7\x34\x33\xB3\xF9\x5E\x33\x29\x32\xE7\x0E\xA2\x45\xCA\x24\x18\xEA\x0E\xF9\x80\x18\xFB", ec.EncodedPointSize()); + CRYPTOPP_ASSERT(result); CRYPTOPP_UNUSED(result); + + Integer n("40000000000000000000000004a20e90c39067c893bbb9a5H"); + Integer d("340562e1dda332f9d2aec168249b5696ee39d0ed4d03760fH"); + EC2N::Point Q(ec.Multiply(d, P)); + ECDSA::Signer priv(ec, P, n, d); + ECDSA::Verifier pub(priv); + + Integer h("A9993E364706816ABA3E25717850C26C9CD0D89DH"); + Integer k("3eeace72b4919d991738d521879f787cb590aff8189d2b69H"); + const byte sig[]="\x03\x8e\x5a\x11\xfb\x55\xe4\xc6\x54\x71\xdc\xd4\x99\x84\x52\xb1\xe0\x2d\x8a\xf7\x09\x9b\xb9\x30" + "\x0c\x9a\x08\xc3\x44\x68\xc2\x44\xb4\xe5\xd6\xb2\x1b\x3c\x68\x36\x28\x07\x41\x60\x20\x32\x8b\x6e"; + Integer r(sig, 24); + Integer s(sig+24, 24); + + Integer rOut, sOut; + bool fail, pass=true; + + priv.RawSign(k, h, rOut, sOut); + fail = (rOut != r) || (sOut != s); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "signature check against test vector\n"; + + fail = !pub.VerifyMessage((byte *)"abc", 3, sig, sizeof(sig)); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "verification check against test vector\n"; + + fail = pub.VerifyMessage((byte *)"xyz", 3, sig, sizeof(sig)); + pass = pass && !fail; + + pass = SignatureValidate(priv, pub) && pass; + + return pass; +} + +bool ValidateECDSA_RFC6979() +{ + std::cout << "\nRFC6979 deterministic ECDSA validation suite running...\n\n"; + + DL_Algorithm_ECDSA_RFC6979 sign; + + const Integer x("09A4D6792295A7F730FC3F2B49CBC0F62E862272Fh"); + const Integer e("AF2BDBE1AA9B6EC1E2ADE1D694F41FC71A831D0268E9891562113D8A62ADD1BFh"); + const Integer q("4000000000000000000020108A2E0CC0D99F8A5EFh"); + const Integer k("23AF4074C90A02B3FE61D286D5C87F425E6BDD81Bh"); + const Integer &k_out = sign.GenerateRandom(x, q, e); + + bool pass = (k_out == k); + + std::cout << (pass ? "passed " : "FAILED "); + std::cout << "deterministic k generation against test vector\n"; + + return pass; +} + +// from http://www.teletrust.de/fileadmin/files/oid/ecgdsa_final.pdf +bool ValidateECGDSA(bool thorough) +{ + std::cout << "\nECGDSA validation suite running...\n\n"; + + bool fail, pass=true; + + // 2.4.1 Examples of ECGDSA over GF(p) with the hash function RIPEMD-160 (p. 10) + if (thorough) + { + const OID oid = ASN1::brainpoolP192r1(); + DL_GroupParameters_EC params(oid); + Integer x("0x 80F2425E 89B4F585 F27F3536 ED834D68 E3E492DE 08FE84B9"); + ECGDSA::Signer signer(params, x); + ECGDSA::Verifier verifier(signer); + + Integer e("0x 00000000 577EF842 B32FDE45 79727FFF 02F7A280 74ADC4EF"); + Integer k("0x 22C17C2A 367DD85A B8A365ED 06F19C43 F9ED1834 9A9BC044"); + + Integer r, s; + signer.RawSign(k, e, r, s); + + Integer rExp("0x 2D017BE7 F117FF99 4ED6FC63 CA5B4C7A 0430E9FA 095DAFC4"); + Integer sExp("0x C02B5CC5 C51D5411 060BF024 5049F824 839F671D 78A1BBF1"); + + fail = (r != rExp) || (s != sExp); + pass = pass && !fail; + + const byte msg[] = "Example of ECGDSA with the hash function RIPEMD-160"; + const size_t len = strlen((char*)msg); + + byte signature[48]; + r.Encode(signature+0, 24); + s.Encode(signature+24, 24); + + fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "brainpoolP192r1 using RIPEMD-160\n"; + + fail = !SignatureValidate(signer, verifier); + pass = pass && !fail; + } + + // 2.4.1 Examples of ECGDSA over GF(p) with the hash function RIPEMD-160 (p. 13) + if (thorough) + { + const OID oid = ASN1::brainpoolP256r1(); + DL_GroupParameters_EC params(oid); + Integer x("0x 47B3A278 62DEF037 49ACF0D6 00E69F9B 851D01ED AEFA531F 4D168E78 7307F4D8"); + ECGDSA::Signer signer(params, x); + ECGDSA::Verifier verifier(signer); + + Integer e("0x 00000000 00000000 00000000 577EF842 B32FDE45 79727FFF 02F7A280 74ADC4EF"); + Integer k("0x 908E3099 776261A4 558FF7A9 FA6DFFE0 CA6BB3F9 CB35C2E4 E1DC73FD 5E8C08A3"); + + Integer r, s; + signer.RawSign(k, e, r, s); + + Integer rExp("0x 62CCD1D2 91E62F6A 4FFBD966 C66C85AA BA990BB6 AB0C087D BD54A456 CCC84E4C"); + Integer sExp("0x 9119719B 08EEA0D6 BC56E4D1 D37369BC F3768445 EF65CAE4 A37BF6D4 3BD01646"); + + fail = (r != rExp) || (s != sExp); + pass = pass && !fail; + + const byte msg[] = "Example of ECGDSA with the hash function RIPEMD-160"; + const size_t len = strlen((char*)msg); + + byte signature[64]; + r.Encode(signature+0, 32); + s.Encode(signature+32, 32); + + fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "brainpoolP256r1 using RIPEMD-160\n"; + + fail = !SignatureValidate(signer, verifier); + pass = pass && !fail; + } + + // 2.4.1 Examples of ECGDSA over GF(p) with the hash function RIPEMD-160 (p. 16) + if (thorough) + { + const OID oid = ASN1::brainpoolP320r1(); + DL_GroupParameters_EC params(oid); + Integer x("0x 48683594 5A3A284F FC52629A D48D8F37 F4B2E993 9C52BC72 362A9961 40192AEF 7D2AAFF0 C73A51C5"); + ECGDSA::Signer signer(params, x); + ECGDSA::Verifier verifier(signer); + + Integer e("0x 00000000 00000000 00000000 00000000 00000000 577EF842 B32FDE45 79727FFF 02F7A280 74ADC4EF"); + Integer k("0x C70BC00A 77AD7872 5D36CEEC 27D6F956 FB546EEF 6DC90E35 31452BD8 7ECE8A4A 7AD730AD C299D81B"); + + Integer r, s; + signer.RawSign(k, e, r, s); + + Integer rExp("0x 3C925969 FAB22F7A E7B8CC5D 50CB0867 DFDB2CF4 FADA3D49 0DF75D72 F7563186 419494C9 8F9C82A6"); + Integer sExp("0x 06AB5250 B31A8E93 56194894 61733200 E4FD5C12 75C0AB37 E7E41149 5BAAE145 41DF6DE6 66B8CA56"); + + fail = (r != rExp) || (s != sExp); + pass = pass && !fail; + + const byte msg[] = "Example of ECGDSA with the hash function RIPEMD-160"; + const size_t len = strlen((char*)msg); + + byte signature[80]; + r.Encode(signature+0, 40); + s.Encode(signature+40, 40); + + fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "brainpoolP320r1 using RIPEMD-160\n"; + + fail = !SignatureValidate(signer, verifier); + pass = pass && !fail; + } + + // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-1 (p. 19) + { + const OID oid = ASN1::brainpoolP192r1(); + DL_GroupParameters_EC params(oid); + Integer x("0x 80F2425E 89B4F585 F27F3536 ED834D68 E3E492DE 08FE84B9"); + ECGDSA::Signer signer(params, x); + ECGDSA::Verifier verifier(signer); + + Integer e("0x 00000000 CF00CD42 CAA80DDF 8DDEBDFD 32F2DA15 11B53F29"); + Integer k("0x 22C17C2A 367DD85A B8A365ED 06F19C43 F9ED1834 9A9BC044"); + + Integer r, s; + signer.RawSign(k, e, r, s); + + Integer rExp("0x 2D017BE7 F117FF99 4ED6FC63 CA5B4C7A 0430E9FA 095DAFC4"); + Integer sExp("0x 18FD604E 5F00F55B 3585C052 8C319A2B 05B8F2DD EE9CF1A6"); + + fail = (r != rExp) || (s != sExp); + pass = pass && !fail; + + const byte msg[] = "Example of ECGDSA with the hash function SHA-1"; + const size_t len = strlen((char*)msg); + + byte signature[48]; + r.Encode(signature+0, 24); + s.Encode(signature+24, 24); + + fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "brainpoolP192r1 using SHA-1\n"; + + fail = !SignatureValidate(signer, verifier); + pass = pass && !fail; + } + + // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-224 (p. 23) + { + const OID oid = ASN1::brainpoolP320r1(); + DL_GroupParameters_EC params(oid); + Integer x("0x 48683594 5A3A284F FC52629A D48D8F37 F4B2E993 9C52BC72 362A9961 40192AEF 7D2AAFF0 C73A51C5"); + ECGDSA::Signer signer(params, x); + ECGDSA::Verifier verifier(signer); + + Integer e("0x 00000000 00000000 00000000 92AE8A0E 8D08EADE E9426378 714FF3E0 1957587D 2876FA70 D40E3144"); + Integer k("0x C70BC00A 77AD7872 5D36CEEC 27D6F956 FB546EEF 6DC90E35 31452BD8 7ECE8A4A 7AD730AD C299D81B"); + + Integer r, s; + signer.RawSign(k, e, r, s); + + Integer rExp("0x 3C925969 FAB22F7A E7B8CC5D 50CB0867 DFDB2CF4 FADA3D49 0DF75D72 F7563186 419494C9 8F9C82A6"); + Integer sExp("0x 6EA191CA 0D468AC3 E9568768 9338357C 7D0BACB3 F1D87E0D EC05F635 B7ADB842 75AA0086 60F812CF"); + + fail = (r != rExp) || (s != sExp); + pass = pass && !fail; + + const byte msg[] = "Example of ECGDSA with the hash function SHA-224"; + const size_t len = strlen((char*)msg); + + byte signature[80]; + r.Encode(signature+0, 40); + s.Encode(signature+40, 40); + + fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "brainpoolP320r1 using SHA-224\n"; + + fail = !SignatureValidate(signer, verifier); + pass = pass && !fail; + } + + // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-256 (p. 27) + { + const OID oid = ASN1::brainpoolP320r1(); + DL_GroupParameters_EC params(oid); + Integer x("0x 48683594 5A3A284F FC52629A D48D8F37 F4B2E993 9C52BC72 362A9961 40192AEF 7D2AAFF0 C73A51C5"); + ECGDSA::Signer signer(params, x); + ECGDSA::Verifier verifier(signer); + + Integer e("0x 00000000 00000000 37ED8AA9 4AE667DB BB753330 E050EB8E 12195807 ECDC4FB1 0E0662B4 22C219D7"); + Integer k("0x C70BC00A 77AD7872 5D36CEEC 27D6F956 FB546EEF 6DC90E35 31452BD8 7ECE8A4A 7AD730AD C299D81B"); + + Integer r, s; + signer.RawSign(k, e, r, s); + + Integer rExp("0x 3C925969 FAB22F7A E7B8CC5D 50CB0867 DFDB2CF4 FADA3D49 0DF75D72 F7563186 419494C9 8F9C82A6"); + Integer sExp("0x 24370797 A9D11717 BBBB2B76 2E08ECD0 7DD7E033 F544E47C BF3C6D16 FD90B51D CC2E4DD8 E6ECD8CD"); + + fail = (r != rExp) || (s != sExp); + pass = pass && !fail; + + const byte msg[] = "Example of ECGDSA with the hash function SHA-256"; + const size_t len = strlen((char*)msg); + + byte signature[80]; + r.Encode(signature+0, 40); + s.Encode(signature+40, 40); + + fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "brainpoolP320r1 using SHA-256\n"; + + fail = !SignatureValidate(signer, verifier); + pass = pass && !fail; + } + + // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-384 (p. 34) + { + const OID oid = ASN1::brainpoolP512r1(); + DL_GroupParameters_EC params(oid); + Integer x("0x 92006A98 8AF96D91 57AADCF8 62716962 7CE2ECC4 C58ECE5C 1A0A8642 11AB764C 04236FA0 160857A7 8E71CCAE 4D79D52E 5A69A457 8AF50658 1F598FA9 B4F7DA68"); + ECGDSA::Signer signer(params, x); + ECGDSA::Verifier verifier(signer); + + Integer e("0x 00000000 00000000 00000000 00000000 68FEAB7D 8BF8A779 4466E447 5959946B 2136C084 A86090CA 8070C980 68B1250D 88213190 6B7E0CB8 475F9054 E9290C2E"); + Integer k("0x 6942B01D 5901BEC1 506BB874 9618E22E C0FCD7F3 5159D51E D53BA77A 78752128 A58232AD 8E0E021A FDE1477F F4C74FDF FE88AE2D 15D89B56 F6D73C03 77631D2B"); + + Integer r, s; + signer.RawSign(k, e, r, s); + + Integer rExp("0x 0104918B 2B32B1A5 49BD43C3 0092953B 4164CA01 A1A97B5B 0756EA06 3AC16B41 B88A1BAB 4538CD7D 8466180B 3E3F5C86 46AC4A45 F564E9B6 8FEE72ED 00C7AC48"); + Integer sExp("0x 3D233E9F D9EB152E 889F4F7C F325B464 0894E5EA 44C51443 54305CD4 BF70D234 8257C2DB E06C5544 92CE9FDD 6861A565 77B53E5E E80E6062 31A4CF06 8FA1EC21"); + + fail = (r != rExp) || (s != sExp); + pass = pass && !fail; + + const byte msg[] = "Example of ECGDSA with the hash function SHA-384"; + const size_t len = strlen((char*)msg); + + byte signature[128]; + r.Encode(signature+0, 64); + s.Encode(signature+64, 64); + + fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "brainpoolP512r1 using SHA-384\n"; + + fail = !SignatureValidate(signer, verifier); + pass = pass && !fail; + } + + // 2.4.1 Examples of ECGDSA over GF(p) with the hash function SHA-512 (p. 38) + { + const OID oid = ASN1::brainpoolP512r1(); + DL_GroupParameters_EC params(oid); + Integer x("0x 92006A98 8AF96D91 57AADCF8 62716962 7CE2ECC4 C58ECE5C 1A0A8642 11AB764C 04236FA0 160857A7 8E71CCAE 4D79D52E 5A69A457 8AF50658 1F598FA9 B4F7DA68"); + ECGDSA::Signer signer(params, x); + ECGDSA::Verifier verifier(signer); + + Integer e("0x 1A95EF81 D213BD3B 8191E7FE 7F5BFD43 F51E3EE5 A4FD3D08 4A7C9BB5 411F4649 746AEBC6 623D4DEA 7E02DC5A 85E24AF2 96B5A555 AD470413 71E4BF64 380F3E34"); + Integer k("0x 6942B01D 5901BEC1 506BB874 9618E22E C0FCD7F3 5159D51E D53BA77A 78752128 A58232AD 8E0E021A FDE1477F F4C74FDF FE88AE2D 15D89B56 F6D73C03 77631D2B"); + + Integer r, s; + signer.RawSign(k, e, r, s); + + Integer rExp("0x 0104918B 2B32B1A5 49BD43C3 0092953B 4164CA01 A1A97B5B 0756EA06 3AC16B41 B88A1BAB 4538CD7D 8466180B 3E3F5C86 46AC4A45 F564E9B6 8FEE72ED 00C7AC48"); + Integer sExp("0x 17A011F8 DD7B5665 2B27AA6D 6E7BDF3C 7C23B5FA 32910FBA A107E627 0E1CA8A7 A263F661 8E6098A0 D6CD6BA1 C03544C5 425875EC B3418AF5 A3EE3F32 143E48D2"); + + fail = (r != rExp) || (s != sExp); + pass = pass && !fail; + + const byte msg[] = "Example of ECGDSA with the hash function SHA-512"; + const size_t len = strlen((char*)msg); + + byte signature[128]; + r.Encode(signature+0, 64); + s.Encode(signature+64, 64); + + fail = !verifier.VerifyMessage(msg, len, signature, sizeof(signature)); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "brainpoolP512r1 using SHA-512\n"; + + fail = !SignatureValidate(signer, verifier); + pass = pass && !fail; + } + + return pass; +} + +bool ValidateESIGN() +{ + std::cout << "\nESIGN validation suite running...\n\n"; + + bool pass = true, fail; + + const char plain[] = "test"; + const byte signature[] = + "\xA3\xE3\x20\x65\xDE\xDA\xE7\xEC\x05\xC1\xBF\xCD\x25\x79\x7D\x99\xCD\xD5\x73\x9D\x9D\xF3\xA4\xAA\x9A\xA4\x5A\xC8\x23\x3D\x0D\x37" + "\xFE\xBC\x76\x3F\xF1\x84\xF6\x59\x14\x91\x4F\x0C\x34\x1B\xAE\x9A\x5C\x2E\x2E\x38\x08\x78\x77\xCB\xDC\x3C\x7E\xA0\x34\x44\x5B\x0F" + "\x67\xD9\x35\x2A\x79\x47\x1A\x52\x37\x71\xDB\x12\x67\xC1\xB6\xC6\x66\x73\xB3\x40\x2E\xD6\xF2\x1A\x84\x0A\xB6\x7B\x0F\xEB\x8B\x88" + "\xAB\x33\xDD\xE4\x83\x21\x90\x63\x2D\x51\x2A\xB1\x6F\xAB\xA7\x5C\xFD\x77\x99\xF2\xE1\xEF\x67\x1A\x74\x02\x37\x0E\xED\x0A\x06\xAD" + "\xF4\x15\x65\xB8\xE1\xD1\x45\xAE\x39\x19\xB4\xFF\x5D\xF1\x45\x7B\xE0\xFE\x72\xED\x11\x92\x8F\x61\x41\x4F\x02\x00\xF2\x76\x6F\x7C" + "\x79\xA2\xE5\x52\x20\x5D\x97\x5E\xFE\x39\xAE\x21\x10\xFB\x35\xF4\x80\x81\x41\x13\xDD\xE8\x5F\xCA\x1E\x4F\xF8\x9B\xB2\x68\xFB\x28"; + + FileSource keys(DataDir("TestData/esig1536.dat").c_str(), true, new HexDecoder); + ESIGN::Signer signer(keys); + ESIGN::Verifier verifier(signer); + + fail = !SignatureValidate(signer, verifier); + pass = pass && !fail; + + fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature, verifier.SignatureLength()); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "verification check against test vector\n"; + + std::cout << "Generating signature key from seed..." << std::endl; + signer.AccessKey().GenerateRandom(GlobalRNG(), MakeParameters("Seed", ConstByteArrayParameter((const byte *)"test", 4))("KeySize", 3*512)); + verifier = signer; + + fail = !SignatureValidate(signer, verifier); + pass = pass && !fail; + + return pass; +} + +bool ValidateEd25519() +{ + std::cout << "\ned25519 validation suite running...\n\n"; + bool pass = true, fail; + + const char plain[] = "test"; + const byte signature[] = + "\x91\x12\x44\x91\xA5\x99\xF8\x49\xBA\xB2\xC4\xF2\xBA\x0B\xAA\x99" + "\xC8\xC5\xF5\x19\xDC\x07\xD4\x4C\xF7\x31\xDE\x2F\x2B\x81\xB2\x81" + "\xF6\xA7\xDE\x33\x29\xCA\x45\xAC\x69\x2A\x80\xB7\xDB\x7F\x07\x37" + "\x77\xC4\xBF\xC5\x45\x79\x3A\xAC\xB5\x16\xAE\x4E\xD9\x16\x95\x0E"; + + FileSource keys(DataDir("TestData/ed25519.dat").c_str(), true, new HexDecoder); + ed25519::Signer signer(keys); + ed25519::Verifier verifier(signer); + + fail = !SignatureValidate(signer, verifier); + pass = pass && !fail; + + fail = !verifier.VerifyMessage((byte *)plain, strlen(plain), signature, verifier.SignatureLength()); + pass = pass && !fail; + + std::cout << (fail ? "FAILED " : "passed "); + std::cout << "verification check against test vector\n"; + + return pass; +} + +NAMESPACE_END // Test +NAMESPACE_END // CryptoPP diff --git a/vendor/cryptopp/vendor_cryptopp/validate.h b/vendor/cryptopp/vendor_cryptopp/validate.h index 8f328657..5e7a7916 100644 --- a/vendor/cryptopp/vendor_cryptopp/validate.h +++ b/vendor/cryptopp/vendor_cryptopp/validate.h @@ -5,8 +5,11 @@ #define CRYPTOPP_VALIDATE_H #include "cryptlib.h" -#include "integer.h" #include "misc.h" +#include "files.h" +#include "argnames.h" +#include "algparam.h" +#include "hex.h" #include #include @@ -30,6 +33,9 @@ bool TestRDRAND(); bool TestRDSEED(); bool TestPadlockRNG(); #endif +#if (CRYPTOPP_BOOL_PPC32 || CRYPTOPP_BOOL_PPC64) +bool TestDARN(); +#endif bool ValidateBaseCode(); bool ValidateEncoder(); bool ValidateCRC32(); @@ -81,9 +87,21 @@ bool ValidateTwofish(); bool ValidateSerpent(); bool ValidateSHACAL2(); bool ValidateARIA(); +bool ValidateSIMECK(); +bool ValidateCHAM(); +bool ValidateHIGHT(); +bool ValidateLEA(); +bool ValidateSIMON(); +bool ValidateSPECK(); bool ValidateCamellia(); + +bool ValidateHC128(); +bool ValidateHC256(); +bool ValidateRabbit(); bool ValidateSalsa(); +bool ValidateChaCha(); bool ValidateSosemanuk(); + bool ValidateVMAC(); bool ValidateCCM(); bool ValidateGCM(); @@ -115,6 +133,10 @@ bool ValidateESIGN(); bool ValidateHashDRBG(); bool ValidateHmacDRBG(); +bool TestX25519(); +bool TestEd25519(); +bool ValidateX25519(); +bool ValidateEd25519(); bool ValidateNaCl(); // If CRYPTOPP_DEBUG or CRYPTOPP_COVERAGE is in effect, then perform additional tests @@ -137,60 +159,31 @@ bool TestRounding(); bool TestHuffmanCodes(); // http://github.com/weidai11/cryptopp/issues/346 bool TestASN1Parse(); +// https://github.com/weidai11/cryptopp/pull/334 +bool TestStringSink(); // Additional tests due to no coverage bool TestCompressors(); bool TestEncryptors(); bool TestMersenne(); bool TestSharing(); +# if defined(CRYPTOPP_ALTIVEC_AVAILABLE) +bool TestAltivecOps(); +# endif #endif -#if 1 -// Coverity findings in benchmark and validation routines -class StreamState +class FixedRNG : public RandomNumberGenerator { public: - StreamState(std::ostream& out) - : m_out(out), m_prec(out.precision()), m_width(out.width()), m_fmt(out.flags()), m_fill(out.fill()) - { - } + FixedRNG(BufferedTransformation &source) : m_source(source) {} - ~StreamState() + void GenerateBlock(byte *output, size_t size) { - m_out.fill(m_fill); - m_out.flags(m_fmt); - m_out.width(m_width); - m_out.precision(m_prec); + m_source.Get(output, size); } private: - std::ostream& m_out; - std::streamsize m_prec; - std::streamsize m_width; - std::ios_base::fmtflags m_fmt; - std::ostream::char_type m_fill; + BufferedTransformation &m_source; }; -#endif - -#if 0 -class StreamState -{ -public: - StreamState(std::ostream& out) - : m_out(out), m_state(NULLPTR) - { - m_state.copyfmt(m_out); - } - - ~StreamState() - { - m_out.copyfmt(m_state); - } - -private: - std::ostream& m_out; - std::ios m_state; -}; -#endif // Safer functions on Windows for C&A, http://github.com/weidai11/cryptopp/issues/55 inline std::string TimeToString(const time_t& t) @@ -234,7 +227,7 @@ inline T StringToValue(const std::string& str) iss >> std::noskipws >> value; // Use fail(), not bad() - if (iss.fail() || !iss.eof()) + if (iss.fail()) throw InvalidArgument(str + "' is not a value"); if (NON_NEGATIVE && value < 0) @@ -257,10 +250,86 @@ inline int StringToValue(const std::string& str) return r; } -// Functions that need a RNG; uses AES inf CFB mode with Seed. -CryptoPP::RandomNumberGenerator & GlobalRNG(); +inline std::string AddSeparator(std::string str) +{ + const char last = (str.empty() ? '\0' : *str.end()-1); + if (last != '/' && last != '\\') + return str + "/"; + return str; +} -bool RunTestDataFile(const char *filename, const CryptoPP::NameValuePairs &overrideParameters=CryptoPP::g_nullNameValuePairs, bool thorough=true); +// Ideally we would cache the directory and just add the prefix +// to subsequent calls, but ... Static Initialization Order Fiasco +inline std::string DataDir(const std::string& filename) +{ + std::string name; + std::ifstream file; +#ifndef CRYPTOPP_DISABLE_DATA_DIR_SEARCH + // Data files in PWD are probably the newest. This is probably a build directory. + name = std::string("./") + filename; + file.open(name.c_str()); + if (file.is_open()) + return name; +#endif +#ifdef CRYPTOPP_DATA_DIR + // Honor the user's setting next. This is likely an install directory if it is not "./". + name = AddSeparator(CRYPTOPP_DATA_DIR) + filename; + file.open(name.c_str()); + if (file.is_open()) + return name; +#endif +#ifndef CRYPTOPP_DISABLE_DATA_DIR_SEARCH + // Finally look in $ORIGIN/../share/. This is likely a Linux install directory for users. + name = std::string("../share/cryptopp/") + filename; + file.open(name.c_str()); + if (file.is_open()) + return name; +#endif + // This will cause the expected exception in the caller + return filename; +} + +// Definition in test.cpp +RandomNumberGenerator& GlobalRNG(); + +// Definition in datatest.cpp +bool RunTestDataFile(const char *filename, const NameValuePairs &overrideParameters=g_nullNameValuePairs, bool thorough=true); + +// Definitions in validat6.cpp +bool CryptoSystemValidate(PK_Decryptor &priv, PK_Encryptor &pub, bool thorough = false); +bool SimpleKeyAgreementValidate(SimpleKeyAgreementDomain &d); +bool AuthenticatedKeyAgreementValidate(AuthenticatedKeyAgreementDomain &d); +bool SignatureValidate(PK_Signer &priv, PK_Verifier &pub, bool thorough = false); + +// Miscellaneous PK definitions in validat6.cpp +// Key Agreement definitions in validat7.cpp +// Encryption and Decryption definitions in validat8.cpp +// Sign and Verify definitions in validat9.cpp + +bool ValidateECP(); +bool ValidateEC2N(); + +bool ValidateRSA_Encrypt(); +bool ValidateRSA_Sign(); + +bool ValidateLUC_Encrypt(); +bool ValidateLUC_Sign(); + +bool ValidateLUC_DL_Encrypt(); +bool ValidateLUC_DL_Sign(); + +bool ValidateRabin_Encrypt(); +bool ValidateRabin_Sign(); + +bool ValidateECP(); +bool ValidateECP_Agreement(); +bool ValidateECP_Encrypt(); +bool ValidateECP_Sign(); + +bool ValidateEC2N(); +bool ValidateEC2N_Agreement(); +bool ValidateEC2N_Encrypt(); +bool ValidateEC2N_Sign(); NAMESPACE_END // Test NAMESPACE_END // CryptoPP diff --git a/vendor/cryptopp/vendor_cryptopp/vmac.cpp b/vendor/cryptopp/vendor_cryptopp/vmac.cpp index c99b2692..8312854b 100644 --- a/vendor/cryptopp/vendor_cryptopp/vmac.cpp +++ b/vendor/cryptopp/vendor_cryptopp/vmac.cpp @@ -9,6 +9,10 @@ #include "argnames.h" #include "secblock.h" +#if defined(_MSC_VER) && !CRYPTOPP_BOOL_SLOW_WORD64 +#include +#endif + #if defined(CRYPTOPP_DISABLE_VMAC_ASM) # undef CRYPTOPP_X86_ASM_AVAILABLE # undef CRYPTOPP_X32_ASM_AVAILABLE @@ -20,26 +24,25 @@ # pragma warning(disable: 4731) #endif -NAMESPACE_BEGIN(CryptoPP) - -#if defined(_MSC_VER) && !CRYPTOPP_BOOL_SLOW_WORD64 -#include -#endif +ANONYMOUS_NAMESPACE_BEGIN #if defined(CRYPTOPP_WORD128_AVAILABLE) && !defined(CRYPTOPP_X64_ASM_AVAILABLE) +using CryptoPP::word128; +using CryptoPP::word64; # define VMAC_BOOL_WORD128 1 #else +using CryptoPP::word64; # define VMAC_BOOL_WORD128 0 #endif #ifdef __BORLANDC__ #define const // Turbo C++ 2006 workaround #endif -static const word64 p64 = W64LIT(0xfffffffffffffeff); /* 2^64 - 257 prime */ -static const word64 m62 = W64LIT(0x3fffffffffffffff); /* 62-bit mask */ -static const word64 m63 = W64LIT(0x7fffffffffffffff); /* 63-bit mask */ -static const word64 m64 = W64LIT(0xffffffffffffffff); /* 64-bit mask */ -static const word64 mpoly = W64LIT(0x1fffffff1fffffff); /* Poly key mask */ +const word64 p64 = W64LIT(0xfffffffffffffeff); /* 2^64 - 257 prime */ +const word64 m62 = W64LIT(0x3fffffffffffffff); /* 62-bit mask */ +const word64 m63 = W64LIT(0x7fffffffffffffff); /* 63-bit mask */ +const word64 m64 = W64LIT(0xffffffffffffffff); /* 64-bit mask */ +const word64 mpoly = W64LIT(0x1fffffff1fffffff); /* Poly key mask */ #ifdef __BORLANDC__ #undef const #endif @@ -48,10 +51,14 @@ static const word64 mpoly = W64LIT(0x1fffffff1fffffff); /* Poly key mask */ // workaround GCC Bug 31690: ICE with const __uint128_t and C++ front-end #define m126 ((word128(m62)<<64)|m64) #else -static const word128 m126 = (word128(m62)<<64)|m64; /* 126-bit mask */ +const word128 m126 = (word128(m62)<<64)|m64; /* 126-bit mask */ #endif #endif +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + void VMAC_Base::UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms) { int digestLength = params.GetIntValueWithDefault(Name::DigestSize(), DefaultDigestSize()); @@ -167,7 +174,7 @@ unsigned int VMAC_Base::OptimalDataAlignment() const GetCipher().OptimalDataAlignment(); } -#if CRYPTOPP_SSE2_ASM_AVAILABLE && (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32) +#if CRYPTOPP_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 #if CRYPTOPP_MSC_VERSION # pragma warning(disable: 4731) // frame pointer register 'ebp' modified by inline assembly code #endif @@ -217,13 +224,8 @@ VMAC_Base::VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, #endif AS2( shr ebx, 3) -#if CRYPTOPP_BOOL_X32 - AS_PUSH_IF86( bp) - AS2( sub esp, 24) -#else AS_PUSH_IF86( bp) AS2( sub esp, 12) -#endif ASL(4) AS2( mov ebp, ebx) AS2( cmp ecx, ebx) @@ -246,11 +248,7 @@ VMAC_Base::VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, AS2( pxor mm7, mm7) AS2( movd [esp], mm6) AS2( psrlq mm6, 32) -#if CRYPTOPP_BOOL_X32 - AS2( movd [esp+8], mm5) -#else AS2( movd [esp+4], mm5) -#endif AS2( psrlq mm5, 32) AS2( cmp edi, ebp) ASJ( je, 1, f) @@ -265,11 +263,7 @@ VMAC_Base::VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, AS2( paddq mm5, mm2) ASS( pshufw mm2, mm0, 1, 0, 3, 2) AS2( pmuludq mm0, mm1) -#if CRYPTOPP_BOOL_X32 - AS2( movd [esp+16], mm3) -#else AS2( movd [esp+8], mm3) -#endif AS2( psrlq mm3, 32) AS2( paddq mm5, mm3) ASS( pshufw mm3, mm1, 1, 0, 3, 2) @@ -278,48 +272,28 @@ VMAC_Base::VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, AS2( pmuludq mm3, mm4) AS2( movd mm4, [esp]) AS2( paddq mm7, mm4) -#if CRYPTOPP_BOOL_X32 - AS2( movd mm4, [esp+8]) - AS2( paddq mm6, mm4) - AS2( movd mm4, [esp+16]) -#else AS2( movd mm4, [esp+4]) AS2( paddq mm6, mm4) AS2( movd mm4, [esp+8]) -#endif AS2( paddq mm6, mm4) AS2( movd [esp], mm0) AS2( psrlq mm0, 32) AS2( paddq mm6, mm0) -#if CRYPTOPP_BOOL_X32 - AS2( movd [esp+8], mm1) -#else AS2( movd [esp+4], mm1) -#endif AS2( psrlq mm1, 32) AS2( paddq mm5, mm1) AS2( cmp edi, ebp) ASJ( jne, 0, b) ASL(1) AS2( paddq mm5, mm2) -#if CRYPTOPP_BOOL_X32 - AS2( movd [esp+16], mm3) -#else AS2( movd [esp+8], mm3) -#endif AS2( psrlq mm3, 32) AS2( paddq mm5, mm3) AS2( movd mm4, [esp]) AS2( paddq mm7, mm4) -#if CRYPTOPP_BOOL_X32 - AS2( movd mm4, [esp+8]) - AS2( paddq mm6, mm4) - AS2( movd mm4, [esp+16]) -#else AS2( movd mm4, [esp+4]) AS2( paddq mm6, mm4) AS2( movd mm4, [esp+8]) -#endif AS2( paddq mm6, mm4) AS2( lea ebp, [8*ebx]) AS2( sub edi, ebp) // reset edi to start of nhK @@ -327,11 +301,7 @@ VMAC_Base::VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, AS2( movd [esp], mm7) AS2( psrlq mm7, 32) AS2( paddq mm6, mm7) -#if CRYPTOPP_BOOL_X32 - AS2( movd [esp+8], mm6) -#else AS2( movd [esp+4], mm6) -#endif AS2( psrlq mm6, 32) AS2( paddq mm5, mm6) AS2( psllq mm5, 2) @@ -353,11 +323,7 @@ VMAC_Base::VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, AS2( movd a0, mm0) AS2( psrlq mm0, 32) AS2( movd mm1, k1) -#if CRYPTOPP_BOOL_X32 - AS2( movd mm2, [esp+8]) -#else AS2( movd mm2, [esp+4]) -#endif AS2( paddq mm1, mm2) AS2( paddq mm0, mm1) AS2( movd a1, mm0) @@ -395,11 +361,7 @@ VMAC_Base::VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, AS2( movq mm3, mm2) AS2( pmuludq mm2, k3) // a0*k3 AS2( pmuludq mm3, mm7) // a0*k0 -#if CRYPTOPP_BOOL_X32 - AS2( movd [esp+16], mm0) -#else AS2( movd [esp+8], mm0) -#endif AS2( psrlq mm0, 32) AS2( pmuludq mm7, mm5) // a1*k0 AS2( pmuludq mm5, k3) // a1*k3 @@ -422,22 +384,14 @@ VMAC_Base::VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, AS2( movd mm1, a3) AS2( pmuludq mm1, k2) // a3*k2 AS2( paddq mm5, mm2) -#if CRYPTOPP_BOOL_X32 - AS2( movd mm2, [esp+8]) -#else AS2( movd mm2, [esp+4]) -#endif AS2( psllq mm5, 1) AS2( paddq mm0, mm5) AS2( psllq mm4, 33) AS2( movd a0, mm0) AS2( psrlq mm0, 32) AS2( paddq mm6, mm7) -#if CRYPTOPP_BOOL_X32 - AS2( movd mm7, [esp+16]) -#else AS2( movd mm7, [esp+8]) -#endif AS2( paddq mm0, mm6) AS2( paddq mm0, mm2) AS2( paddq mm3, mm1) @@ -461,11 +415,7 @@ VMAC_Base::VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, ASL(3) AS2( test ecx, ecx) ASJ( jnz, 4, b) -#if CRYPTOPP_BOOL_X32 - AS2( add esp, 24) -#else AS2( add esp, 12) -#endif AS_POP_IF86( bp) AS1( emms) #ifdef __GNUC__ @@ -800,7 +750,7 @@ void VMAC_Base::VHASH_Update_Template(const word64 *data, size_t blocksRemaining inline void VMAC_Base::VHASH_Update(const word64 *data, size_t blocksRemainingInWord64) { -#if CRYPTOPP_SSE2_ASM_AVAILABLE && (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32) +#if CRYPTOPP_SSE2_ASM_AVAILABLE && CRYPTOPP_BOOL_X86 if (HasSSE2()) { VHASH_Update_SSE2(data, blocksRemainingInWord64, 0); @@ -825,7 +775,7 @@ size_t VMAC_Base::HashMultipleBlocks(const word64 *data, size_t length) return remaining; } -static word64 L3Hash(const word64 *input, const word64 *l3Key, size_t len) +word64 L3Hash(const word64 *input, const word64 *l3Key, size_t len) { word64 rh, rl, t, z=0; word64 p1 = input[0], p2 = input[1]; diff --git a/vendor/cryptopp/vendor_cryptopp/vmac.h b/vendor/cryptopp/vendor_cryptopp/vmac.h index 18d06efe..e229abc2 100644 --- a/vendor/cryptopp/vendor_cryptopp/vmac.h +++ b/vendor/cryptopp/vendor_cryptopp/vmac.h @@ -11,10 +11,10 @@ #include "iterhash.h" #include "seckey.h" -// Clang 3.3 integrated assembler crash on Linux -// http://github.com/weidai11/cryptopp/issues/264 -#if (defined(CRYPTOPP_LLVM_CLANG_VERSION) && (CRYPTOPP_LLVM_CLANG_VERSION < 30400)) || CRYPTOPP_BOOL_X32 -# define CRYPTOPP_DISABLE_VMAC_ASM +// Clang 3.3 integrated assembler crash on Linux. Clang 3.4 due to compiler +// error with .intel_syntax, http://llvm.org/bugs/show_bug.cgi?id=24232 +#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_MIXED_ASM) +# define CRYPTOPP_DISABLE_VMAC_ASM 1 #endif NAMESPACE_BEGIN(CryptoPP) @@ -25,6 +25,7 @@ class VMAC_Base : public IteratedHashBase { public: std::string AlgorithmName() const {return std::string("VMAC(") + GetCipher().AlgorithmName() + ")-" + IntToString(DigestSize()*8);} + std::string AlgorithmProvider() const {return GetCipher().AlgorithmProvider();} unsigned int IVSize() const {return GetCipher().BlockSize();} unsigned int MinIVLength() const {return 1;} void Resynchronize(const byte *nonce, int length=-1); diff --git a/vendor/cryptopp/vendor_cryptopp/vs2005.zip b/vendor/cryptopp/vendor_cryptopp/vs2005.zip index f98cb969..f2de526c 100644 Binary files a/vendor/cryptopp/vendor_cryptopp/vs2005.zip and b/vendor/cryptopp/vendor_cryptopp/vs2005.zip differ diff --git a/vendor/cryptopp/vendor_cryptopp/wait.cpp b/vendor/cryptopp/vendor_cryptopp/wait.cpp deleted file mode 100644 index 17f42ffe..00000000 --- a/vendor/cryptopp/vendor_cryptopp/wait.cpp +++ /dev/null @@ -1,486 +0,0 @@ -// wait.cpp - originally written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "config.h" - -// http://connect.microsoft.com/VisualStudio/feedback/details/1581706 -// and http://github.com/weidai11/cryptopp/issues/214 -#if CRYPTOPP_MSC_VERSION -# pragma warning(disable: 4189) -# pragma warning(disable: 4589) -#endif - -#if !defined(NO_OS_DEPENDENCE) && (defined(SOCKETS_AVAILABLE) || defined(WINDOWS_PIPES_AVAILABLE)) - -#include "wait.h" -#include "misc.h" -#include "smartptr.h" - -// Windows 8, Windows Server 2012, and Windows Phone 8.1 need and -#if defined(CRYPTOPP_WIN32_AVAILABLE) -# if ((WINVER >= 0x0602 /*_WIN32_WINNT_WIN8*/) || (_WIN32_WINNT >= 0x0602 /*_WIN32_WINNT_WIN8*/)) -# include -# include -# define USE_WINDOWS8_API -# endif -#endif - -#ifdef USE_BERKELEY_STYLE_SOCKETS -#include -#include -#include -#include -#endif - -#if defined(CRYPTOPP_MSAN) -# include -#endif - -NAMESPACE_BEGIN(CryptoPP) - -unsigned int WaitObjectContainer::MaxWaitObjects() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - return MAXIMUM_WAIT_OBJECTS * (MAXIMUM_WAIT_OBJECTS-1); -#else - return FD_SETSIZE; -#endif -} - -WaitObjectContainer::WaitObjectContainer(WaitObjectsTracer* tracer) - : m_tracer(tracer), -#ifdef USE_WINDOWS_STYLE_SOCKETS - m_startWaiting(0), m_stopWaiting(0), -#endif - m_firstEventTime(0.0f), m_eventTimer(Timer::MILLISECONDS), m_lastResult(0), - m_sameResultCount(0), m_noWaitTimer(Timer::MILLISECONDS) -{ - Clear(); - m_eventTimer.StartTimer(); -} - -void WaitObjectContainer::Clear() -{ -#ifdef USE_WINDOWS_STYLE_SOCKETS - m_handles.clear(); -#else - m_maxFd = 0; - FD_ZERO(&m_readfds); - FD_ZERO(&m_writefds); -# ifdef CRYPTOPP_MSAN - __msan_unpoison(&m_readfds, sizeof(m_readfds)); - __msan_unpoison(&m_writefds, sizeof(m_writefds)); -# endif -#endif - m_noWait = false; - m_firstEventTime = 0; -} - -inline void WaitObjectContainer::SetLastResult(LastResultType result) -{ - if (result == m_lastResult) - m_sameResultCount++; - else - { - m_lastResult = result; - m_sameResultCount = 0; - } -} - -void WaitObjectContainer::DetectNoWait(LastResultType result, CallStack const& callStack) -{ - if (result == m_lastResult && m_noWaitTimer.ElapsedTime() > 1000) - { - if (m_sameResultCount > m_noWaitTimer.ElapsedTime()) - { - if (m_tracer) - { - std::string desc = "No wait loop detected - m_lastResult: "; - desc.append(IntToString(m_lastResult)).append(", call stack:"); - for (CallStack const* cs = &callStack; cs; cs = cs->Prev()) - desc.append("\n- ").append(cs->Format()); - m_tracer->TraceNoWaitLoop(desc); - } - try { throw 0; } catch (...) {} // help debugger break - } - - m_noWaitTimer.StartTimer(); - m_sameResultCount = 0; - } -} - -void WaitObjectContainer::SetNoWait(CallStack const& callStack) -{ - DetectNoWait(LastResultType(LASTRESULT_NOWAIT), CallStack("WaitObjectContainer::SetNoWait()", &callStack)); - m_noWait = true; -} - -void WaitObjectContainer::ScheduleEvent(double milliseconds, CallStack const& callStack) -{ - if (milliseconds <= 3) - DetectNoWait(LastResultType(LASTRESULT_SCHEDULED), CallStack("WaitObjectContainer::ScheduleEvent()", &callStack)); - double thisEventTime = m_eventTimer.ElapsedTimeAsDouble() + milliseconds; - if (!m_firstEventTime || thisEventTime < m_firstEventTime) - m_firstEventTime = thisEventTime; -} - -#ifdef USE_WINDOWS_STYLE_SOCKETS - -struct WaitingThreadData -{ - bool waitingToWait, terminate; - HANDLE startWaiting, stopWaiting; - const HANDLE *waitHandles; - unsigned int count; - HANDLE threadHandle; - DWORD threadId; - DWORD* error; -}; - -WaitObjectContainer::~WaitObjectContainer() -{ - try // don't let exceptions escape destructor - { - if (!m_threads.empty()) - { - HANDLE threadHandles[MAXIMUM_WAIT_OBJECTS] = {0}; - - unsigned int i; - for (i=0; i pThread((WaitingThreadData *)lParam); - WaitingThreadData &thread = *pThread; - std::vector handles; - - while (true) - { - thread.waitingToWait = true; -#if defined(USE_WINDOWS8_API) - DWORD result = ::WaitForSingleObjectEx(thread.startWaiting, INFINITE, FALSE); - CRYPTOPP_ASSERT(result != WAIT_FAILED); -#else - DWORD result = ::WaitForSingleObject(thread.startWaiting, INFINITE); - CRYPTOPP_ASSERT(result != WAIT_FAILED); -#endif - - thread.waitingToWait = false; - if (thread.terminate) - break; - if (!thread.count) - continue; - - handles.resize(thread.count + 1); - handles[0] = thread.stopWaiting; - std::copy(thread.waitHandles, thread.waitHandles+thread.count, handles.begin()+1); - -#if defined(USE_WINDOWS8_API) - result = ::WaitForMultipleObjectsEx((DWORD)handles.size(), &handles[0], FALSE, INFINITE, FALSE); - CRYPTOPP_ASSERT(result != WAIT_FAILED); -#else - result = ::WaitForMultipleObjects((DWORD)handles.size(), &handles[0], FALSE, INFINITE); - CRYPTOPP_ASSERT(result != WAIT_FAILED); -#endif - - if (result == WAIT_OBJECT_0) - continue; // another thread finished waiting first, so do nothing - SetEvent(thread.stopWaiting); - if (!(result > WAIT_OBJECT_0 && result < WAIT_OBJECT_0 + handles.size())) - { - CRYPTOPP_ASSERT(!"error in WaitingThread"); // break here so we can see which thread has an error - *thread.error = ::GetLastError(); - } - } - - return S_OK; // return a value here to avoid compiler warning -} - -void WaitObjectContainer::CreateThreads(unsigned int count) -{ - size_t currentCount = m_threads.size(); - if (currentCount == 0) - { - m_startWaiting = ::CreateEvent(NULLPTR, TRUE, FALSE, NULLPTR); - m_stopWaiting = ::CreateEvent(NULLPTR, TRUE, FALSE, NULLPTR); - } - - if (currentCount < count) - { - m_threads.resize(count); - for (size_t i=currentCount; i MAXIMUM_WAIT_OBJECTS) - { - // too many wait objects for a single WaitForMultipleObjects call, so use multiple threads - static const unsigned int WAIT_OBJECTS_PER_THREAD = MAXIMUM_WAIT_OBJECTS-1; - unsigned int nThreads = (unsigned int)((m_handles.size() + WAIT_OBJECTS_PER_THREAD - 1) / WAIT_OBJECTS_PER_THREAD); - if (nThreads > MAXIMUM_WAIT_OBJECTS) // still too many wait objects, maybe implement recursive threading later? - throw Err("WaitObjectContainer: number of wait objects exceeds limit"); - CreateThreads(nThreads); - DWORD error = S_OK; - - for (unsigned int i=0; i 0) - { - unsigned long timeAfterWait = t.ElapsedTime(); - OutputDebugStringA(("Handles " + IntToString(m_handles.size()) + ", Woke up by " + IntToString(result-WAIT_OBJECT_0) + ", Busied for " + IntToString(timeBeforeWait-lastTime) + " us, Waited for " + IntToString(timeAfterWait-timeBeforeWait) + " us, max " + IntToString(milliseconds) + "ms\n").c_str()); - lastTime = timeAfterWait; - } -#endif - if (result < WAIT_OBJECT_0 + m_handles.size()) - { - if (result == m_lastResult) - m_sameResultCount++; - else - { - m_lastResult = result; - m_sameResultCount = 0; - } - return true; - } - else if (result == WAIT_TIMEOUT) - { - SetLastResult(timeoutIsScheduledEvent ? LASTRESULT_SCHEDULED : LASTRESULT_TIMEOUT); - return timeoutIsScheduledEvent; - } - else - throw Err("WaitObjectContainer: WaitForMultipleObjects failed with error " + IntToString(::GetLastError())); - } -} - -#else // #ifdef USE_WINDOWS_STYLE_SOCKETS - -void WaitObjectContainer::AddReadFd(int fd, CallStack const& callStack) // TODO: do something with callStack -{ - CRYPTOPP_UNUSED(callStack); - FD_SET(fd, &m_readfds); - m_maxFd = STDMAX(m_maxFd, fd); -} - -void WaitObjectContainer::AddWriteFd(int fd, CallStack const& callStack) // TODO: do something with callStack -{ - CRYPTOPP_UNUSED(callStack); - FD_SET(fd, &m_writefds); - m_maxFd = STDMAX(m_maxFd, fd); -} - -bool WaitObjectContainer::Wait(unsigned long milliseconds) -{ - if (m_noWait || (!m_maxFd && !m_firstEventTime)) - return true; - - bool timeoutIsScheduledEvent = false; - - if (m_firstEventTime) - { - double timeToFirstEvent = SaturatingSubtract(m_firstEventTime, m_eventTimer.ElapsedTimeAsDouble()); - if (timeToFirstEvent <= milliseconds) - { - milliseconds = (unsigned long)timeToFirstEvent; - timeoutIsScheduledEvent = true; - } - } - - timeval tv, *timeout; - - if (milliseconds == INFINITE_TIME) - timeout = NULLPTR; - else - { - tv.tv_sec = milliseconds / 1000; - tv.tv_usec = (milliseconds % 1000) * 1000; - timeout = &tv; - } - - int result = select(m_maxFd+1, &m_readfds, &m_writefds, NULLPTR, timeout); - - if (result > 0) - return true; - else if (result == 0) - return timeoutIsScheduledEvent; - else - throw Err("WaitObjectContainer: select failed with error " + IntToString(errno)); -} - -#endif - -// ******************************************************** - -std::string CallStack::Format() const -{ - return m_info; -} - -std::string CallStackWithNr::Format() const -{ - return std::string(m_info) + " / nr: " + IntToString(m_nr); -} - -std::string CallStackWithStr::Format() const -{ - return std::string(m_info) + " / " + std::string(m_z); -} - -bool Waitable::Wait(unsigned long milliseconds, CallStack const& callStack) -{ - WaitObjectContainer container; - GetWaitObjects(container, callStack); // reduce clutter by not adding this func to stack - return container.Wait(milliseconds); -} - -NAMESPACE_END - -#endif diff --git a/vendor/cryptopp/vendor_cryptopp/wait.h b/vendor/cryptopp/vendor_cryptopp/wait.h deleted file mode 100644 index 924ed42b..00000000 --- a/vendor/cryptopp/vendor_cryptopp/wait.h +++ /dev/null @@ -1,235 +0,0 @@ -// wait.h - originally written and placed in the public domain by Wei Dai - -#ifndef CRYPTOPP_WAIT_H -#define CRYPTOPP_WAIT_H - -#include "config.h" - -#if !defined(NO_OS_DEPENDENCE) && (defined(SOCKETS_AVAILABLE) || defined(WINDOWS_PIPES_AVAILABLE)) - -#include "cryptlib.h" -#include "misc.h" -#include "stdcpp.h" - -#ifdef USE_WINDOWS_STYLE_SOCKETS -#include -#else -#include -#include -#endif - -// For definitions of VOID, PVOID, HANDLE, PHANDLE, etc. -#if defined(CRYPTOPP_WIN32_AVAILABLE) -#define WIN32_LEAN_AND_MEAN -#include -#endif - -#include "hrtimer.h" - -#if defined(__has_feature) -# if __has_feature(memory_sanitizer) -# define CRYPTOPP_MSAN 1 -# endif -#endif - -// http://connect.microsoft.com/VisualStudio/feedback/details/1581706 -// and http://github.com/weidai11/cryptopp/issues/214 -#if (CRYPTOPP_MSC_VERSION >= 1900) -# pragma warning(push) -# pragma warning(disable: 4589) -#endif - -NAMESPACE_BEGIN(CryptoPP) - -class Tracer -{ -public: - Tracer(unsigned int level) : m_level(level) {} - virtual ~Tracer() {} - -protected: - /// Override this in your most-derived tracer to do the actual tracing. - virtual void Trace(unsigned int n, std::string const& s) = 0; - - /*! By default, tracers will decide which trace messages to trace according to a trace level - mechanism. If your most-derived tracer uses a different mechanism, override this to - return false. If this method returns false, the default TraceXxxx(void) methods will all - return 0 and must be overridden explicitly by your tracer for trace messages you want. */ - virtual bool UsingDefaults() const { return true; } - -protected: - unsigned int m_level; - - void TraceIf(unsigned int n, std::string const&s) - { if (n) Trace(n, s); } - - /*! Returns nr if, according to the default log settings mechanism (using log levels), - the message should be traced. Returns 0 if the default trace level mechanism is not - in use, or if it is in use but the event should not be traced. Provided as a utility - method for easier and shorter coding of default TraceXxxx(void) implementations. */ - unsigned int Tracing(unsigned int nr, unsigned int minLevel) const - { return (UsingDefaults() && m_level >= minLevel) ? nr : 0; } -}; - -// Your Tracer-derived class should inherit as virtual public from Tracer or another -// Tracer-derived class, and should pass the log level in its constructor. You can use the -// following methods to begin and end your Tracer definition. - -// This constructor macro initializes Tracer directly even if not derived directly from it; -// this is intended, virtual base classes are always initialized by the most derived class. -#define CRYPTOPP_TRACER_CONSTRUCTOR(DERIVED) \ - public: DERIVED(unsigned int level = 0) : Tracer(level) {} - -#define CRYPTOPP_BEGIN_TRACER_CLASS_1(DERIVED, BASE1) \ - class DERIVED : virtual public BASE1, public NotCopyable { CRYPTOPP_TRACER_CONSTRUCTOR(DERIVED) - -#define CRYPTOPP_BEGIN_TRACER_CLASS_2(DERIVED, BASE1, BASE2) \ - class DERIVED : virtual public BASE1, virtual public BASE2, public NotCopyable { CRYPTOPP_TRACER_CONSTRUCTOR(DERIVED) - -#define CRYPTOPP_END_TRACER_CLASS }; - -// In your Tracer-derived class, you should define a globally unique event number for each -// new event defined. This can be done using the following macros. - -#define CRYPTOPP_BEGIN_TRACER_EVENTS(UNIQUENR) enum { EVENTBASE = UNIQUENR, -#define CRYPTOPP_TRACER_EVENT(EVENTNAME) EventNr_##EVENTNAME, -#define CRYPTOPP_END_TRACER_EVENTS }; - -// In your own Tracer-derived class, you must define two methods per new trace event type: -// - unsigned int TraceXxxx() const -// Your default implementation of this method should return the event number if according -// to the default trace level system the event should be traced, or 0 if it should not. -// - void TraceXxxx(string const& s) -// This method should call TraceIf(TraceXxxx(), s); to do the tracing. -// For your convenience, a macro to define these two types of methods are defined below. -// If you use this macro, you should also use the TRACER_EVENTS macros above to associate -// event names with numbers. - -#define CRYPTOPP_TRACER_EVENT_METHODS(EVENTNAME, LOGLEVEL) \ - virtual unsigned int Trace##EVENTNAME() const { return Tracing(EventNr_##EVENTNAME, LOGLEVEL); } \ - virtual void Trace##EVENTNAME(std::string const& s) { TraceIf(Trace##EVENTNAME(), s); } - - -/*! A simple unidirectional linked list with m_prev == 0 to indicate the final entry. - The aim of this implementation is to provide a very lightweight and practical - tracing mechanism with a low performance impact. Functions and methods supporting - this call-stack mechanism would take a parameter of the form "CallStack const& callStack", - and would pass this parameter to subsequent functions they call using the construct: - - SubFunc(arg1, arg2, CallStack("my func at place such and such", &callStack)); - - The advantage of this approach is that it is easy to use and should be very efficient, - involving no allocation from the heap, just a linked list of stack objects containing - pointers to static ASCIIZ strings (or possibly additional but simple data if derived). */ -class CallStack -{ -public: - CallStack(char const* i, CallStack const* p) : m_info(i), m_prev(p) {} - CallStack const* Prev() const { return m_prev; } - virtual std::string Format() const; - -protected: - char const* m_info; - CallStack const* m_prev; -}; - -/*! An extended CallStack entry type with an additional numeric parameter. */ -class CallStackWithNr : public CallStack -{ -public: - CallStackWithNr(char const* i, word32 n, CallStack const* p) : CallStack(i, p), m_nr(n) {} - std::string Format() const; - -protected: - word32 m_nr; -}; - -/*! An extended CallStack entry type with an additional string parameter. */ -class CallStackWithStr : public CallStack -{ -public: - CallStackWithStr(char const* i, char const* z, CallStack const* p) : CallStack(i, p), m_z(z) {} - std::string Format() const; - -protected: - char const* m_z; -}; - -// Thanks to Maximilian Zamorsky for help with http://connect.microsoft.com/VisualStudio/feedback/details/1570496/ -CRYPTOPP_BEGIN_TRACER_CLASS_1(WaitObjectsTracer, Tracer) - CRYPTOPP_BEGIN_TRACER_EVENTS(0x48752841) - CRYPTOPP_TRACER_EVENT(NoWaitLoop) - CRYPTOPP_END_TRACER_EVENTS - CRYPTOPP_TRACER_EVENT_METHODS(NoWaitLoop, 1) -CRYPTOPP_END_TRACER_CLASS - -struct WaitingThreadData; - -/// container of wait objects -class WaitObjectContainer : public NotCopyable -{ -public: - /// exception thrown by WaitObjectContainer - class Err : public Exception - { - public: - Err(const std::string& s) : Exception(IO_ERROR, s) {} - }; - - static unsigned int MaxWaitObjects(); - - WaitObjectContainer(WaitObjectsTracer* tracer = NULLPTR); - - void Clear(); - void SetNoWait(CallStack const& callStack); - void ScheduleEvent(double milliseconds, CallStack const& callStack); - // returns false if timed out - bool Wait(unsigned long milliseconds); - -#ifdef USE_WINDOWS_STYLE_SOCKETS - virtual ~WaitObjectContainer(); - void AddHandle(HANDLE handle, CallStack const& callStack); -#else - void AddReadFd(int fd, CallStack const& callStack); - void AddWriteFd(int fd, CallStack const& callStack); -#endif - -private: - WaitObjectsTracer* m_tracer; - -#ifdef USE_WINDOWS_STYLE_SOCKETS - void CreateThreads(unsigned int count); - std::vector m_handles; - std::vector m_threads; - HANDLE m_startWaiting; - HANDLE m_stopWaiting; -#else - fd_set m_readfds, m_writefds; - int m_maxFd; -#endif - double m_firstEventTime; - Timer m_eventTimer; - bool m_noWait; - -#ifdef USE_WINDOWS_STYLE_SOCKETS - typedef size_t LastResultType; -#else - typedef int LastResultType; -#endif - enum { LASTRESULT_NOWAIT = -1, LASTRESULT_SCHEDULED = -2, LASTRESULT_TIMEOUT = -3 }; - LastResultType m_lastResult; - unsigned int m_sameResultCount; - Timer m_noWaitTimer; - void SetLastResult(LastResultType result); - void DetectNoWait(LastResultType result, CallStack const& callStack); -}; - -NAMESPACE_END - -#if (CRYPTOPP_MSC_VERSION >= 1900) -# pragma warning(pop) -#endif - -#endif // NO_OS_DEPENDENCE - -#endif // CRYPTOPP_WAIT_H diff --git a/vendor/cryptopp/vendor_cryptopp/wake.cpp b/vendor/cryptopp/vendor_cryptopp/wake.cpp index 8501bcf7..f4e43dc1 100644 --- a/vendor/cryptopp/vendor_cryptopp/wake.cpp +++ b/vendor/cryptopp/vendor_cryptopp/wake.cpp @@ -5,6 +5,15 @@ #include "wake.h" #include "smartptr.h" +ANONYMOUS_NAMESPACE_BEGIN + +const unsigned int TT[8]= { + 0x726a8f3b, 0xe69a3b5c, 0xd3c71fe5, 0xab3c73d2, + 0x4d3a8eb3, 0x0396d6e8, 0x3d4c2f7a, 0x9ee27cf3 +} ; + +ANONYMOUS_NAMESPACE_END + NAMESPACE_BEGIN(CryptoPP) #if defined(CRYPTOPP_DEBUG) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) @@ -25,17 +34,7 @@ void WAKE_Base::GenKey(word32 k0, word32 k1, word32 k2, word32 k3) { // this code is mostly copied from David Wheeler's paper "A Bulk Data Encryption Algorithm" signed int x, z, p; - // x and z were declared as "long" in Wheeler's paper, which is a signed type. I don't know if that was intentional, but it's too late to change it now. -- Wei 7/4/2010 - CRYPTOPP_COMPILE_ASSERT(sizeof(x) == 4); - static unsigned int tt[10]= { - 0x726a8f3b, // table - 0xe69a3b5c, - 0xd3c71fe5, - 0xab3c73d2, - 0x4d3a8eb3, - 0x0396d6e8, - 0x3d4c2f7a, - 0x9ee27cf3, } ; + t[0] = k0; t[1] = k1; t[2] = k2; @@ -43,7 +42,7 @@ void WAKE_Base::GenKey(word32 k0, word32 k1, word32 k2, word32 k3) for (p=4 ; p<256 ; p++) { x=t[p-4]+t[p-1] ; // fill t - t[p]= (x>>3) ^ tt[x&7] ; + t[p]= (x>>3) ^ TT[x&7] ; } for (p=0 ; p<23 ; p++) @@ -108,7 +107,5 @@ void WAKE_ROFB_Policy::Iterate(KeystreamOperation operation, byte *output, co */ template class WAKE_Policy; template class WAKE_Policy; -//template class WAKE_ROFB_Policy; -//template class WAKE_ROFB_Policy; NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/wake.h b/vendor/cryptopp/vendor_cryptopp/wake.h index e2a6456b..adecd30f 100644 --- a/vendor/cryptopp/vendor_cryptopp/wake.h +++ b/vendor/cryptopp/vendor_cryptopp/wake.h @@ -54,22 +54,6 @@ struct WAKE_OFB : public WAKE_OFB_Info, public SymmetricCipherDocumentation typedef Encryption Decryption; }; -/* -template -class WAKE_ROFB_Policy : public WAKE_Policy -{ -protected: - void Iterate(KeystreamOperation operation, byte *output, const byte *input, unsigned int iterationCount); -}; - -template -struct WAKE_ROFB : public WAKE_Info -{ - typedef SymmetricCipherTemplate, WAKE_ROFB_Policy > > Encryption; - typedef Encryption Decryption; -}; -*/ - NAMESPACE_END #endif diff --git a/vendor/cryptopp/vendor_cryptopp/whrlpool.cpp b/vendor/cryptopp/vendor_cryptopp/whrlpool.cpp index e0e401cc..4a52a0dd 100644 --- a/vendor/cryptopp/vendor_cryptopp/whrlpool.cpp +++ b/vendor/cryptopp/vendor_cryptopp/whrlpool.cpp @@ -73,11 +73,11 @@ #include "misc.h" #include "cpu.h" -// "Inline assembly operands don't work with .intel_syntax", -// http://llvm.org/bugs/show_bug.cgi?id=24232 -#if defined(CRYPTOPP_DISABLE_INTEL_ASM) +#if defined(CRYPTOPP_DISABLE_WHIRLPOOL_ASM) +# undef CRYPTOPP_X86_ASM_AVAILABLE +# undef CRYPTOPP_X32_ASM_AVAILABLE +# undef CRYPTOPP_X64_ASM_AVAILABLE # undef CRYPTOPP_SSE2_ASM_AVAILABLE -# undef CRYPTOPP_SSSE3_ASM_AVAILABLE #endif NAMESPACE_BEGIN(CryptoPP) @@ -89,6 +89,15 @@ void Whirlpool_TestInstantiations() } #endif +std::string Whirlpool::AlgorithmProvider() const +{ +#if CRYPTOPP_SSE2_ASM_AVAILABLE + if (HasSSE2()) + return "SSE2"; +#endif + return "C++"; +} + void Whirlpool::InitState(HashWordType *state) { memset(state, 0, 8*sizeof(state[0])); @@ -96,6 +105,7 @@ void Whirlpool::InitState(HashWordType *state) void Whirlpool::TruncatedFinal(byte *hash, size_t size) { + CRYPTOPP_ASSERT(hash != NULLPTR); ThrowIfInvalidTruncatedSize(size); PadLastBlock(32); @@ -407,6 +417,9 @@ const word64 Whirlpool_C[4*256+R] = { // Whirlpool basic transformation. Transforms state based on block. void Whirlpool::Transform(word64 *digest, const word64 *block) { + CRYPTOPP_ASSERT(digest != NULLPTR); + CRYPTOPP_ASSERT(block != NULLPTR); + #if CRYPTOPP_SSE2_ASM_AVAILABLE if (HasSSE2()) { @@ -425,15 +438,13 @@ void Whirlpool::Transform(word64 *digest, const word64 *block) AS2( mov WORD_REG(cx), digest) AS2( mov WORD_REG(dx), block) #endif -#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 +#if CRYPTOPP_BOOL_X86 AS2( mov eax, esp) AS2( and esp, -16) AS2( sub esp, 16*8) AS_PUSH_IF86( ax) #if CRYPTOPP_BOOL_X86 #define SSE2_workspace esp+WORD_SZ - #elif CRYPTOPP_BOOL_X32 - #define SSE2_workspace esp+(WORD_SZ*2) #endif #else #define SSE2_workspace %3 diff --git a/vendor/cryptopp/vendor_cryptopp/whrlpool.h b/vendor/cryptopp/vendor_cryptopp/whrlpool.h index 8d08c763..33e4b302 100644 --- a/vendor/cryptopp/vendor_cryptopp/whrlpool.h +++ b/vendor/cryptopp/vendor_cryptopp/whrlpool.h @@ -13,6 +13,12 @@ #include "config.h" #include "iterhash.h" +// Clang 3.3 integrated assembler crash on Linux. Clang 3.4 due to compiler +// error with .intel_syntax, http://llvm.org/bugs/show_bug.cgi?id=24232 +#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_MIXED_ASM) +# define CRYPTOPP_DISABLE_WHIRLPOOL_ASM 1 +#endif + NAMESPACE_BEGIN(CryptoPP) /// \brief Whirlpool message digest @@ -23,10 +29,12 @@ NAMESPACE_BEGIN(CryptoPP) class Whirlpool : public IteratedHashWithStaticTransform { public: + CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "Whirlpool";} + std::string AlgorithmProvider() const; + static void InitState(HashWordType *state); static void Transform(word64 *digest, const word64 *data); void TruncatedFinal(byte *hash, size_t size); - CRYPTOPP_STATIC_CONSTEXPR const char* StaticAlgorithmName() {return "Whirlpool";} }; NAMESPACE_END diff --git a/vendor/cryptopp/vendor_cryptopp/winpipes.cpp b/vendor/cryptopp/vendor_cryptopp/winpipes.cpp deleted file mode 100644 index 2585dd55..00000000 --- a/vendor/cryptopp/vendor_cryptopp/winpipes.cpp +++ /dev/null @@ -1,227 +0,0 @@ -// winpipes.cpp - originally written and placed in the public domain by Wei Dai - -#include "pch.h" -#include "config.h" - -#if !defined(NO_OS_DEPENDENCE) && defined(WINDOWS_PIPES_AVAILABLE) - -#include "winpipes.h" -#include "wait.h" - -// Windows 8, Windows Server 2012, and Windows Phone 8.1 need and -#if defined(CRYPTOPP_WIN32_AVAILABLE) -# if ((WINVER >= 0x0602 /*_WIN32_WINNT_WIN8*/) || (_WIN32_WINNT >= 0x0602 /*_WIN32_WINNT_WIN8*/)) -# include -# include -# define USE_WINDOWS8_API -# endif -#endif - -NAMESPACE_BEGIN(CryptoPP) - -WindowsHandle::WindowsHandle(HANDLE h, bool own) - : m_h(h), m_own(own) -{ -} - -WindowsHandle::~WindowsHandle() -{ - if (m_own) - { - try - { - CloseHandle(); - } - catch (const Exception&) - { - CRYPTOPP_ASSERT(0); - } - } -} - -bool WindowsHandle::HandleValid() const -{ - return m_h && m_h != INVALID_HANDLE_VALUE; -} - -void WindowsHandle::AttachHandle(HANDLE h, bool own) -{ - if (m_own) - CloseHandle(); - - m_h = h; - m_own = own; - HandleChanged(); -} - -HANDLE WindowsHandle::DetachHandle() -{ - HANDLE h = m_h; - m_h = INVALID_HANDLE_VALUE; - HandleChanged(); - return h; -} - -void WindowsHandle::CloseHandle() -{ - if (m_h != INVALID_HANDLE_VALUE) - { - ::CloseHandle(m_h); - m_h = INVALID_HANDLE_VALUE; - HandleChanged(); - } -} - -// ******************************************************** - -void WindowsPipe::HandleError(const char *operation) const -{ - DWORD err = GetLastError(); - throw Err(GetHandle(), operation, err); -} - -WindowsPipe::Err::Err(HANDLE s, const std::string& operation, int error) - : OS_Error(IO_ERROR, "WindowsPipe: " + operation + " operation failed with error 0x" + IntToString(error, 16), operation, error) - , m_h(s) -{ -} - -// ************************************************************* - -WindowsPipeReceiver::WindowsPipeReceiver() - : m_lastResult(0), m_resultPending(false), m_eofReceived(false) -{ - m_event.AttachHandle(CreateEvent(NULLPTR, true, false, NULLPTR), true); - CheckAndHandleError("CreateEvent", m_event.HandleValid()); - memset(&m_overlapped, 0, sizeof(m_overlapped)); - m_overlapped.hEvent = m_event; -} - -bool WindowsPipeReceiver::Receive(byte* buf, size_t bufLen) -{ - CRYPTOPP_ASSERT(!m_resultPending && !m_eofReceived); - - const HANDLE h = GetHandle(); - // don't queue too much at once, or we might use up non-paged memory - if (ReadFile(h, buf, UnsignedMin((DWORD)128*1024, bufLen), &m_lastResult, &m_overlapped)) - { - if (m_lastResult == 0) - m_eofReceived = true; - } - else - { - switch (GetLastError()) - { - default: - CheckAndHandleError("ReadFile", false); - // Fall through for non-fatal - case ERROR_BROKEN_PIPE: - case ERROR_HANDLE_EOF: - m_lastResult = 0; - m_eofReceived = true; - break; - case ERROR_IO_PENDING: - m_resultPending = true; - } - } - return !m_resultPending; -} - -void WindowsPipeReceiver::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (m_resultPending) - container.AddHandle(m_event, CallStack("WindowsPipeReceiver::GetWaitObjects() - result pending", &callStack)); - else if (!m_eofReceived) - container.SetNoWait(CallStack("WindowsPipeReceiver::GetWaitObjects() - result ready", &callStack)); -} - -unsigned int WindowsPipeReceiver::GetReceiveResult() -{ - if (m_resultPending) - { -#if defined(USE_WINDOWS8_API) - BOOL result = GetOverlappedResultEx(GetHandle(), &m_overlapped, &m_lastResult, INFINITE, FALSE); -#else - BOOL result = GetOverlappedResult(GetHandle(), &m_overlapped, &m_lastResult, FALSE); -#endif - if (result) - { - if (m_lastResult == 0) - m_eofReceived = true; - } - else - { - switch (GetLastError()) - { - default: - CheckAndHandleError("GetOverlappedResult", false); - // Fall through for non-fatal - case ERROR_BROKEN_PIPE: - case ERROR_HANDLE_EOF: - m_lastResult = 0; - m_eofReceived = true; - } - } - m_resultPending = false; - } - return m_lastResult; -} - -// ************************************************************* - -WindowsPipeSender::WindowsPipeSender() - : m_lastResult(0), m_resultPending(false) -{ - m_event.AttachHandle(CreateEvent(NULLPTR, true, false, NULLPTR), true); - CheckAndHandleError("CreateEvent", m_event.HandleValid()); - memset(&m_overlapped, 0, sizeof(m_overlapped)); - m_overlapped.hEvent = m_event; -} - -void WindowsPipeSender::Send(const byte* buf, size_t bufLen) -{ - DWORD written = 0; - const HANDLE h = GetHandle(); - // don't queue too much at once, or we might use up non-paged memory - if (WriteFile(h, buf, UnsignedMin((DWORD)128*1024, bufLen), &written, &m_overlapped)) - { - m_resultPending = false; - m_lastResult = written; - } - else - { - if (GetLastError() != ERROR_IO_PENDING) - CheckAndHandleError("WriteFile", false); - - m_resultPending = true; - } -} - -void WindowsPipeSender::GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) -{ - if (m_resultPending) - container.AddHandle(m_event, CallStack("WindowsPipeSender::GetWaitObjects() - result pending", &callStack)); - else - container.SetNoWait(CallStack("WindowsPipeSender::GetWaitObjects() - result ready", &callStack)); -} - -unsigned int WindowsPipeSender::GetSendResult() -{ - if (m_resultPending) - { - const HANDLE h = GetHandle(); -#if defined(USE_WINDOWS8_API) - BOOL result = GetOverlappedResultEx(h, &m_overlapped, &m_lastResult, INFINITE, FALSE); - CheckAndHandleError("GetOverlappedResultEx", result); -#else - BOOL result = GetOverlappedResult(h, &m_overlapped, &m_lastResult, FALSE); - CheckAndHandleError("GetOverlappedResult", result); -#endif - m_resultPending = false; - } - return m_lastResult; -} - -NAMESPACE_END - -#endif diff --git a/vendor/cryptopp/vendor_cryptopp/winpipes.h b/vendor/cryptopp/vendor_cryptopp/winpipes.h deleted file mode 100644 index 347e800c..00000000 --- a/vendor/cryptopp/vendor_cryptopp/winpipes.h +++ /dev/null @@ -1,146 +0,0 @@ -#ifndef CRYPTOPP_WINPIPES_H -#define CRYPTOPP_WINPIPES_H - -#include "config.h" - -#if !defined(NO_OS_DEPENDENCE) && defined(WINDOWS_PIPES_AVAILABLE) - -#include "cryptlib.h" -#include "network.h" -#include "queue.h" -#include - -NAMESPACE_BEGIN(CryptoPP) - -/// \brief Windows Handle -class WindowsHandle -{ -public: - virtual ~WindowsHandle(); - - WindowsHandle(HANDLE h = INVALID_HANDLE_VALUE, bool own=false); - WindowsHandle(const WindowsHandle &h) : m_h(h.m_h), m_own(false) {} - - bool GetOwnership() const {return m_own;} - void SetOwnership(bool own) {m_own = own;} - - operator HANDLE() const {return m_h;} - HANDLE GetHandle() const {return m_h;} - bool HandleValid() const; - void AttachHandle(HANDLE h, bool own=false); - HANDLE DetachHandle(); - void CloseHandle(); - -protected: - virtual void HandleChanged() {} - - HANDLE m_h; - bool m_own; -}; - -/// \brief Windows Pipe -class WindowsPipe -{ -public: - class Err : public OS_Error - { - public: - Err(HANDLE h, const std::string& operation, int error); - HANDLE GetHandle() const {return m_h;} - - private: - HANDLE m_h; - }; - -protected: - virtual HANDLE GetHandle() const =0; - virtual void HandleError(const char *operation) const; - void CheckAndHandleError(const char *operation, BOOL result) const - {if (!result) HandleError(operation);} -}; - -/// \brief Pipe-based implementation of NetworkReceiver -class WindowsPipeReceiver : public WindowsPipe, public NetworkReceiver -{ -public: - WindowsPipeReceiver(); - - bool MustWaitForResult() {return true;} - bool Receive(byte* buf, size_t bufLen); - unsigned int GetReceiveResult(); - bool EofReceived() const {return m_eofReceived;} - - HANDLE GetHandle() const {return m_event;} - unsigned int GetMaxWaitObjectCount() const {return 1;} - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - -private: - WindowsHandle m_event; - OVERLAPPED m_overlapped; - DWORD m_lastResult; - bool m_resultPending; - bool m_eofReceived; -}; - -/// \brief Pipe-based implementation of NetworkSender -class WindowsPipeSender : public WindowsPipe, public NetworkSender -{ -public: - WindowsPipeSender(); - - bool MustWaitForResult() {return true;} - void Send(const byte* buf, size_t bufLen); - unsigned int GetSendResult(); - bool MustWaitForEof() { return false; } - void SendEof() {} - - HANDLE GetHandle() const {return m_event;} - unsigned int GetMaxWaitObjectCount() const {return 1;} - void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); - -private: - WindowsHandle m_event; - OVERLAPPED m_overlapped; - DWORD m_lastResult; - bool m_resultPending; -}; - -/// \brief Windows Pipe Source -class WindowsPipeSource : public WindowsHandle, public NetworkSource, public WindowsPipeReceiver -{ -public: - WindowsPipeSource(HANDLE h=INVALID_HANDLE_VALUE, bool pumpAll=false, BufferedTransformation *attachment=NULLPTR) - : WindowsHandle(h), NetworkSource(attachment) - { - if (pumpAll) - PumpAll(); - } - - using NetworkSource::GetMaxWaitObjectCount; - using NetworkSource::GetWaitObjects; - -private: - HANDLE GetHandle() const {return WindowsHandle::GetHandle();} - NetworkReceiver & AccessReceiver() {return *this;} -}; - -/// \brief Windows Pipe Sink -class WindowsPipeSink : public WindowsHandle, public NetworkSink, public WindowsPipeSender -{ -public: - WindowsPipeSink(HANDLE h=INVALID_HANDLE_VALUE, unsigned int maxBufferSize=0, unsigned int autoFlushBound=16*1024) - : WindowsHandle(h), NetworkSink(maxBufferSize, autoFlushBound) {} - - using NetworkSink::GetMaxWaitObjectCount; - using NetworkSink::GetWaitObjects; - -private: - HANDLE GetHandle() const {return WindowsHandle::GetHandle();} - NetworkSender & AccessSender() {return *this;} -}; - -NAMESPACE_END - -#endif // WINDOWS_PIPES_AVAILABLE - -#endif diff --git a/vendor/cryptopp/vendor_cryptopp/x64dll.asm b/vendor/cryptopp/vendor_cryptopp/x64dll.asm index 97c9aba3..33fa6a17 100644 --- a/vendor/cryptopp/vendor_cryptopp/x64dll.asm +++ b/vendor/cryptopp/vendor_cryptopp/x64dll.asm @@ -58,7 +58,7 @@ $1@Baseline_Sub: Baseline_Sub ENDP ALIGN 8 -Rijndael_Enc_AdvancedProcessBlocks PROC FRAME +Rijndael_Enc_AdvancedProcessBlocks_SSE2 PROC FRAME rex_push_reg rsi push_reg rdi push_reg rbx @@ -454,10 +454,10 @@ pop rbx pop rdi pop rsi ret -Rijndael_Enc_AdvancedProcessBlocks ENDP +Rijndael_Enc_AdvancedProcessBlocks_SSE2 ENDP ALIGN 8 -GCM_AuthenticateBlocks_2K PROC FRAME +GCM_AuthenticateBlocks_2K_SSE2 PROC FRAME rex_push_reg rsi push_reg rdi push_reg rbx @@ -593,10 +593,10 @@ pop rbx pop rdi pop rsi ret -GCM_AuthenticateBlocks_2K ENDP +GCM_AuthenticateBlocks_2K_SSE2 ENDP ALIGN 8 -GCM_AuthenticateBlocks_64K PROC FRAME +GCM_AuthenticateBlocks_64K_SSE2 PROC FRAME rex_push_reg rsi push_reg rdi .endprolog @@ -673,10 +673,10 @@ movdqa [rsi], xmm0 pop rdi pop rsi ret -GCM_AuthenticateBlocks_64K ENDP +GCM_AuthenticateBlocks_64K_SSE2 ENDP ALIGN 8 -SHA256_SSE_HashMultipleBlocks PROC FRAME +SHA256_HashMultipleBlocks_SSE2 PROC FRAME rex_push_reg rsi push_reg rdi push_reg rbx @@ -1962,7 +1962,19 @@ pop rbx pop rdi pop rsi ret -SHA256_SSE_HashMultipleBlocks ENDP +SHA256_HashMultipleBlocks_SSE2 ENDP + + ALIGN 8 +ExtendedControlRegister PROC +;; First paramter is RCX, and xgetbv expects the CTRL in ECX +;; http://www.agner.org/optimize/vectorclass/read.php?i=65 +DB 0fh, 01h, 0d0h +;; xcr = (EDX << 32) | EAX +and rax, 0ffffffffh +shl rdx, 32 +or rax, rdx +ret +ExtendedControlRegister ENDP _TEXT ENDS END diff --git a/vendor/cryptopp/vendor_cryptopp/xed25519.cpp b/vendor/cryptopp/vendor_cryptopp/xed25519.cpp new file mode 100644 index 00000000..05414e45 --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/xed25519.cpp @@ -0,0 +1,863 @@ +// xed25519.cpp - written and placed in public domain by Jeffrey Walton +// Crypto++ specific implementation wrapped around Andrew +// Moon's public domain curve25519-donna and ed25519-donna, +// https://github.com/floodyberry/curve25519-donna and +// https://github.com/floodyberry/ed25519-donna. + +#include "pch.h" + +#include "cryptlib.h" +#include "asn.h" +#include "integer.h" +#include "filters.h" +#include "stdcpp.h" + +#include "xed25519.h" +#include "donna.h" + +ANONYMOUS_NAMESPACE_BEGIN + +using CryptoPP::byte; + +CRYPTOPP_ALIGN_DATA(16) +const byte blacklist[][32] = { + { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, + 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }, + { 0xe0, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, + 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x00 }, + { 0x5f, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, + 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0x57 }, + { 0xec, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, + { 0xed, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, + { 0xee, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f }, + { 0xcd, 0xeb, 0x7a, 0x7c, 0x3b, 0x41, 0xb8, 0xae, 0x16, 0x56, 0xe3, 0xfa, 0xf1, 0x9f, 0xc4, 0x6a, + 0xda, 0x09, 0x8d, 0xeb, 0x9c, 0x32, 0xb1, 0xfd, 0x86, 0x62, 0x05, 0x16, 0x5f, 0x49, 0xb8, 0x80 }, + { 0x4c, 0x9c, 0x95, 0xbc, 0xa3, 0x50, 0x8c, 0x24, 0xb1, 0xd0, 0xb1, 0x55, 0x9c, 0x83, 0xef, 0x5b, + 0x04, 0x44, 0x5c, 0xc4, 0x58, 0x1c, 0x8e, 0x86, 0xd8, 0x22, 0x4e, 0xdd, 0xd0, 0x9f, 0x11, 0xd7 }, + { 0xd9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, + { 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff }, + { 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, + 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff } +}; + +bool HasSmallOrder(const byte y[32]) +{ + // The magic 12 is the count of blaklisted points + byte c[12] = { 0 }; + for (size_t j = 0; j < 32; j++) { + for (size_t i = 0; i < COUNTOF(blacklist); i++) { + c[i] |= y[j] ^ blacklist[i][j]; + } + } + + unsigned int k = 0; + for (size_t i = 0; i < COUNTOF(blacklist); i++) { + k |= (c[i] - 1); + } + + return (bool)((k >> 8) & 1); +} + +ANONYMOUS_NAMESPACE_END + +NAMESPACE_BEGIN(CryptoPP) + +// ******************** x25519 Agreement ************************* // + +x25519::x25519(const byte y[PUBLIC_KEYLENGTH], const byte x[SECRET_KEYLENGTH]) +{ + std::memcpy(m_pk, y, SECRET_KEYLENGTH); + std::memcpy(m_sk, x, PUBLIC_KEYLENGTH); + + CRYPTOPP_ASSERT(IsClamped(m_sk) == true); + CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false); +} + +x25519::x25519(const byte x[SECRET_KEYLENGTH]) +{ + std::memcpy(m_sk, x, SECRET_KEYLENGTH); + Donna::curve25519_mult(m_pk, m_sk); + + CRYPTOPP_ASSERT(IsClamped(m_sk) == true); + CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false); +} + +x25519::x25519(const Integer &y, const Integer &x) +{ + CRYPTOPP_ASSERT(y.MinEncodedSize() <= PUBLIC_KEYLENGTH); + CRYPTOPP_ASSERT(x.MinEncodedSize() <= SECRET_KEYLENGTH); + + y.Encode(m_pk, PUBLIC_KEYLENGTH); std::reverse(m_pk+0, m_pk+PUBLIC_KEYLENGTH); + x.Encode(m_sk, SECRET_KEYLENGTH); std::reverse(m_sk+0, m_sk+SECRET_KEYLENGTH); + + CRYPTOPP_ASSERT(IsClamped(m_sk) == true); + CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false); +} + +x25519::x25519(const Integer &x) +{ + CRYPTOPP_ASSERT(x.MinEncodedSize() <= SECRET_KEYLENGTH); + + x.Encode(m_sk, SECRET_KEYLENGTH); + std::reverse(m_sk+0, m_sk+SECRET_KEYLENGTH); + Donna::curve25519_mult(m_pk, m_sk); + + CRYPTOPP_ASSERT(IsClamped(m_sk) == true); + CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false); +} + +x25519::x25519(RandomNumberGenerator &rng) +{ + rng.GenerateBlock(m_sk, SECRET_KEYLENGTH); + m_sk[0] &= 248; m_sk[31] &= 127; m_sk[31] |= 64; + Donna::curve25519_mult(m_pk, m_sk); +} + +x25519::x25519(BufferedTransformation ¶ms) +{ + Load(params); +} + +void x25519::ClampKeys(byte y[PUBLIC_KEYLENGTH], byte x[SECRET_KEYLENGTH]) const +{ + x[0] &= 248; x[31] &= 127; x[31] |= 64; + Donna::curve25519_mult(y, x); +} + +bool x25519::IsClamped(const byte x[SECRET_KEYLENGTH]) const +{ + return (x[0] & 248) == x[0] && (x[31] & 127) == x[31] && (x[31] | 64) == x[31]; +} + +bool x25519::IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const +{ + return HasSmallOrder(y); +} + +void x25519::BERDecodeAndCheckAlgorithmID(BufferedTransformation &bt) +{ + // We have not yet determined the OID to use for this object. + // We can't use OID's decoder because it throws BERDecodeError + // if the OIDs do not match. + OID oid(bt); + + if (!m_oid.Empty() && m_oid != oid) + BERDecodeError(); // Only accept user specified OID + else if (oid == ASN1::curve25519() || oid == ASN1::X25519()) + m_oid = oid; // Accept any of the x25519 OIDs + else + BERDecodeError(); +} + +void x25519::BERDecode(BufferedTransformation &bt) +{ + // https://tools.ietf.org/html/rfc8410, section 7 and + // https://www.cryptopp.com/wiki/curve25519_keys + BERSequenceDecoder privateKeyInfo(bt); + word32 version; + BERDecodeUnsigned(privateKeyInfo, version, INTEGER, 0, 1); // check version + + BERSequenceDecoder algorithm(privateKeyInfo); + // GetAlgorithmID().BERDecodeAndCheck(algorithm); + BERDecodeAndCheckAlgorithmID(algorithm); + algorithm.MessageEnd(); + + BERGeneralDecoder octetString(privateKeyInfo, OCTET_STRING); + BERDecodePrivateKey(octetString, false, (size_t)privateKeyInfo.RemainingLength()); + octetString.MessageEnd(); + + // publicKey [1] IMPLICIT PublicKey OPTIONAL + bool generatePublicKey = true; + if (privateKeyInfo.EndReached() == false /*version == 1?*/) + { + // Should we test this before decoding? In either case we + // just throw a BERDecodeErr() when we can't parse it. + BERGeneralDecoder publicKey(privateKeyInfo, CONTEXT_SPECIFIC | CONSTRUCTED | 1); + SecByteBlock subjectPublicKey; + unsigned int unusedBits; + BERDecodeBitString(publicKey, subjectPublicKey, unusedBits); + CRYPTOPP_ASSERT(unusedBits == 0); + CRYPTOPP_ASSERT(subjectPublicKey.size() == PUBLIC_KEYLENGTH); + if (subjectPublicKey.size() != PUBLIC_KEYLENGTH) + BERDecodeError(); + std::memcpy(m_pk.begin(), subjectPublicKey, PUBLIC_KEYLENGTH); + generatePublicKey = false; + publicKey.MessageEnd(); + } + + privateKeyInfo.MessageEnd(); + + if (generatePublicKey) + Donna::curve25519_mult(m_pk, m_sk); + + CRYPTOPP_ASSERT(IsClamped(m_sk) == true); + CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false); +} + +void x25519::DEREncode(BufferedTransformation &bt, int version) const +{ + // https://tools.ietf.org/html/rfc8410, section 7 and + // https://www.cryptopp.com/wiki/curve25519_keys + CRYPTOPP_ASSERT(version == 0 || version == 1); + + DERSequenceEncoder privateKeyInfo(bt); + DEREncodeUnsigned(privateKeyInfo, version); + + DERSequenceEncoder algorithm(privateKeyInfo); + GetAlgorithmID().DEREncode(algorithm); + algorithm.MessageEnd(); + + DERGeneralEncoder octetString(privateKeyInfo, OCTET_STRING); + DEREncodePrivateKey(octetString); + octetString.MessageEnd(); + + if (version == 1) + { + DERGeneralEncoder publicKey(privateKeyInfo, CONTEXT_SPECIFIC | CONSTRUCTED | 1); + DEREncodeBitString(publicKey, m_pk, PUBLIC_KEYLENGTH); + publicKey.MessageEnd(); + } + + privateKeyInfo.MessageEnd(); +} + +void x25519::BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t /*size*/) +{ + // https://tools.ietf.org/html/rfc8410 and + // https://www.cryptopp.com/wiki/curve25519_keys + + BERGeneralDecoder privateKey(bt, OCTET_STRING); + + if (!privateKey.IsDefiniteLength()) + BERDecodeError(); + + size_t size = privateKey.Get(m_sk, SECRET_KEYLENGTH); + if (size != SECRET_KEYLENGTH) + BERDecodeError(); + + // We don't know how to decode them + if (parametersPresent) + BERDecodeError(); + + privateKey.MessageEnd(); +} + +void x25519::DEREncodePrivateKey(BufferedTransformation &bt) const +{ + // https://tools.ietf.org/html/rfc8410 + DERGeneralEncoder privateKey(bt, OCTET_STRING); + privateKey.Put(m_sk, SECRET_KEYLENGTH); + privateKey.MessageEnd(); +} + +bool x25519::Validate(RandomNumberGenerator &rng, unsigned int level) const +{ + CRYPTOPP_UNUSED(rng); + CRYPTOPP_ASSERT(IsClamped(m_sk) == true); + CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false); + + if (level >= 1 && IsClamped(m_sk) == false) + return false; + if (level >= 2 && IsSmallOrder(m_pk) == true) + return false; + if (level >= 3) + { + SecByteBlock sk(m_sk, SECRET_KEYLENGTH), pk(PUBLIC_KEYLENGTH); + ClampKeys(pk, sk); + + // Secret key is already clamped, bufs are equal + if (VerifyBufsEqual(pk, m_pk, PUBLIC_KEYLENGTH) == false) + return false; + } + + return true; +} + +bool x25519::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const +{ + if (std::strcmp(name, Name::PrivateExponent()) == 0 || std::strcmp(name, "SecretKey") == 0) + { + this->ThrowIfTypeMismatch(name, typeid(ConstByteArrayParameter), valueType); + reinterpret_cast(pValue)->Assign(m_sk, SECRET_KEYLENGTH, false); + return true; + } + + if (std::strcmp(name, Name::PublicElement()) == 0) + { + this->ThrowIfTypeMismatch(name, typeid(ConstByteArrayParameter), valueType); + reinterpret_cast(pValue)->Assign(m_pk, PUBLIC_KEYLENGTH, false); + return true; + } + + if (std::strcmp(name, Name::GroupOID()) == 0) + { + if (m_oid.Empty()) + return false; + + this->ThrowIfTypeMismatch(name, typeid(OID), valueType); + *reinterpret_cast(pValue) = m_oid; + return true; + } + + return false; +} + +void x25519::AssignFrom(const NameValuePairs &source) +{ + ConstByteArrayParameter val; + if (source.GetValue(Name::PrivateExponent(), val) || source.GetValue("SecretKey", val)) + { + std::memcpy(m_sk, val.begin(), SECRET_KEYLENGTH); + } + + if (source.GetValue(Name::PublicElement(), val)) + { + std::memcpy(m_pk, val.begin(), PUBLIC_KEYLENGTH); + } + + OID oid; + if (source.GetValue(Name::GroupOID(), oid)) + { + m_oid = oid; + } +} + +void x25519::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms) +{ + ConstByteArrayParameter seed; + if (params.GetValue(Name::Seed(), seed) && rng.CanIncorporateEntropy()) + rng.IncorporateEntropy(seed.begin(), seed.size()); + + rng.GenerateBlock(m_sk, SECRET_KEYLENGTH); + m_sk[0] &= 248; m_sk[31] &= 127; m_sk[31] |= 64; + Donna::curve25519_mult(m_pk, m_sk); +} + +void x25519::GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const +{ + rng.GenerateBlock(privateKey, SECRET_KEYLENGTH); + privateKey[0] &= 248; privateKey[31] &= 127; privateKey[31] |= 64; +} + +void x25519::GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const +{ + CRYPTOPP_UNUSED(rng); + Donna::curve25519_mult(publicKey, privateKey); +} + +bool x25519::Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey) const +{ + CRYPTOPP_ASSERT(agreedValue != NULLPTR); + CRYPTOPP_ASSERT(otherPublicKey != NULLPTR); + + if (validateOtherPublicKey && IsSmallOrder(otherPublicKey)) + return false; + + return Donna::curve25519_mult(agreedValue, privateKey, otherPublicKey) == 0; +} + +// ******************** ed25519 Signer ************************* // + +void ed25519PrivateKey::ClampKeys(byte y[PUBLIC_KEYLENGTH], byte x[SECRET_KEYLENGTH]) const +{ + x[0] &= 248; x[31] &= 127; x[31] |= 64; + int ret = Donna::ed25519_publickey(y, x); + CRYPTOPP_ASSERT(ret == 0); CRYPTOPP_UNUSED(ret); +} + +bool ed25519PrivateKey::IsClamped(const byte x[SECRET_KEYLENGTH]) const +{ + return (x[0] & 248) == x[0] && (x[31] & 127) == x[31] && (x[31] | 64) == x[31]; +} + +bool ed25519PrivateKey::IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const +{ + return HasSmallOrder(y); +} + +bool ed25519PrivateKey::Validate(RandomNumberGenerator &rng, unsigned int level) const +{ + CRYPTOPP_UNUSED(rng); + CRYPTOPP_ASSERT(IsClamped(m_sk) == true); + CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false); + + if (level >= 1 && IsClamped(m_sk) == false) + return false; + if (level >= 2 && IsSmallOrder(m_pk) == true) + return false; + if (level >= 3) + { + SecByteBlock sk(m_sk, SECRET_KEYLENGTH), pk(PUBLIC_KEYLENGTH); + ClampKeys(pk, sk); + + // Secret key is already clamped, bufs are equal + if (VerifyBufsEqual(pk, m_pk, PUBLIC_KEYLENGTH) == false) + return false; + } + + return true; +} + +bool ed25519PrivateKey::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const +{ + if (std::strcmp(name, Name::PrivateExponent()) == 0 || std::strcmp(name, "SecretKey") == 0) + { + this->ThrowIfTypeMismatch(name, typeid(ConstByteArrayParameter), valueType); + reinterpret_cast(pValue)->Assign(m_sk, SECRET_KEYLENGTH, false); + return true; + } + + if (std::strcmp(name, Name::PublicElement()) == 0) + { + this->ThrowIfTypeMismatch(name, typeid(ConstByteArrayParameter), valueType); + reinterpret_cast(pValue)->Assign(m_pk, PUBLIC_KEYLENGTH, false); + return true; + } + + if (std::strcmp(name, Name::GroupOID()) == 0) + { + if (m_oid.Empty()) + return false; + + this->ThrowIfTypeMismatch(name, typeid(OID), valueType); + *reinterpret_cast(pValue) = m_oid; + return true; + } + + return false; +} + +void ed25519PrivateKey::AssignFrom(const NameValuePairs &source) +{ + ConstByteArrayParameter val; + if (source.GetValue(Name::PrivateExponent(), val) || source.GetValue("SecretKey", val)) + { + CRYPTOPP_ASSERT(val.size() == SECRET_KEYLENGTH); + std::memcpy(m_sk, val.begin(), SECRET_KEYLENGTH); + } + if (source.GetValue(Name::PublicElement(), val)) + { + CRYPTOPP_ASSERT(val.size() == PUBLIC_KEYLENGTH); + std::memcpy(m_pk, val.begin(), PUBLIC_KEYLENGTH); + } + + OID oid; + if (source.GetValue(Name::GroupOID(), oid)) + { + m_oid = oid; + } + + bool clamp = false; + if (source.GetValue("Clamp", clamp) && clamp == true) + ClampKeys(m_pk, m_sk); + + CRYPTOPP_ASSERT(IsClamped(m_sk) == true); + CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false); +} + +void ed25519PrivateKey::GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms=g_nullNameValuePairs) +{ + ConstByteArrayParameter seed; + if (params.GetValue(Name::Seed(), seed) && rng.CanIncorporateEntropy()) + rng.IncorporateEntropy(seed.begin(), seed.size()); + + rng.GenerateBlock(m_sk, 32); + m_sk[0] &= 248; m_sk[31] &= 127; m_sk[31] |= 64; + int ret = Donna::ed25519_publickey(m_pk, m_sk); + CRYPTOPP_ASSERT(ret == 0); CRYPTOPP_UNUSED(ret); +} + +void ed25519PrivateKey::MakePublicKey (PublicKey &pub) const +{ + pub.AssignFrom(MakeParameters + (Name::PublicElement(), ConstByteArrayParameter(m_pk.begin(), PUBLIC_KEYLENGTH)) + (Name::GroupOID(), GetAlgorithmID())); +} + +void ed25519PrivateKey::BERDecodeAndCheckAlgorithmID(BufferedTransformation &bt) +{ + // We have not yet determined the OID to use for this object. + // We can't use OID's decoder because it throws BERDecodeError + // if the OIDs do not match. + OID oid(bt); + + if (!m_oid.Empty() && m_oid != oid) + BERDecodeError(); // Only accept user specified OID + else if (oid == ASN1::curve25519() || oid == ASN1::Ed25519()) + m_oid = oid; // Accept any of the ed25519PrivateKey OIDs + else + BERDecodeError(); +} + +void ed25519PrivateKey::BERDecode(BufferedTransformation &bt) +{ + // https://tools.ietf.org/html/rfc8410, section 7 and + // https://www.cryptopp.com/wiki/curve25519_keys + BERSequenceDecoder privateKeyInfo(bt); + word32 version; + BERDecodeUnsigned(privateKeyInfo, version, INTEGER, 0, 1); // check version + + BERSequenceDecoder algorithm(privateKeyInfo); + // GetAlgorithmID().BERDecodeAndCheck(algorithm); + BERDecodeAndCheckAlgorithmID(algorithm); + algorithm.MessageEnd(); + + BERGeneralDecoder octetString(privateKeyInfo, OCTET_STRING); + BERDecodePrivateKey(octetString, false, (size_t)privateKeyInfo.RemainingLength()); + octetString.MessageEnd(); + + // publicKey [1] IMPLICIT PublicKey OPTIONAL + bool generatePublicKey = true; + if (privateKeyInfo.EndReached() == false /*version == 1?*/) + { + // Should we test this before decoding? In either case we + // just throw a BERDecodeErr() when we can't parse it. + BERGeneralDecoder publicKey(privateKeyInfo, CONTEXT_SPECIFIC | CONSTRUCTED | 1); + SecByteBlock subjectPublicKey; + unsigned int unusedBits; + BERDecodeBitString(publicKey, subjectPublicKey, unusedBits); + CRYPTOPP_ASSERT(unusedBits == 0); + CRYPTOPP_ASSERT(subjectPublicKey.size() == PUBLIC_KEYLENGTH); + if (subjectPublicKey.size() != PUBLIC_KEYLENGTH) + BERDecodeError(); + std::memcpy(m_pk.begin(), subjectPublicKey, PUBLIC_KEYLENGTH); + generatePublicKey = false; + publicKey.MessageEnd(); + } + + privateKeyInfo.MessageEnd(); + + if (generatePublicKey) + Donna::ed25519_publickey(m_pk, m_sk); + + CRYPTOPP_ASSERT(IsClamped(m_sk) == true); + CRYPTOPP_ASSERT(IsSmallOrder(m_pk) == false); +} + +void ed25519PrivateKey::DEREncode(BufferedTransformation &bt, int version) const +{ + // https://tools.ietf.org/html/rfc8410, section 7 and + // https://www.cryptopp.com/wiki/curve25519_keys + CRYPTOPP_ASSERT(version == 0 || version == 1); + + DERSequenceEncoder privateKeyInfo(bt); + DEREncodeUnsigned(privateKeyInfo, version); + + DERSequenceEncoder algorithm(privateKeyInfo); + GetAlgorithmID().DEREncode(algorithm); + algorithm.MessageEnd(); + + DERGeneralEncoder octetString(privateKeyInfo, OCTET_STRING); + DEREncodePrivateKey(octetString); + octetString.MessageEnd(); + + if (version == 1) + { + DERGeneralEncoder publicKey(privateKeyInfo, CONTEXT_SPECIFIC | CONSTRUCTED | 1); + DEREncodeBitString(publicKey, m_pk, PUBLIC_KEYLENGTH); + publicKey.MessageEnd(); + } + + privateKeyInfo.MessageEnd(); +} + +void ed25519PrivateKey::BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t /*size*/) +{ + // https://tools.ietf.org/html/rfc8410 and + // https://www.cryptopp.com/wiki/curve25519_keys + + BERGeneralDecoder privateKey(bt, OCTET_STRING); + + if (!privateKey.IsDefiniteLength()) + BERDecodeError(); + + size_t size = privateKey.Get(m_sk, SECRET_KEYLENGTH); + if (size != SECRET_KEYLENGTH) + BERDecodeError(); + + // We don't know how to decode them + if (parametersPresent) + BERDecodeError(); + + privateKey.MessageEnd(); +} + +void ed25519PrivateKey::DEREncodePrivateKey(BufferedTransformation &bt) const +{ + // https://tools.ietf.org/html/rfc8410 + DERGeneralEncoder privateKey(bt, OCTET_STRING); + privateKey.Put(m_sk, SECRET_KEYLENGTH); + privateKey.MessageEnd(); +} + +void ed25519PrivateKey::SetPrivateExponent (const byte x[SECRET_KEYLENGTH]) +{ + AssignFrom(MakeParameters + (Name::PrivateExponent(), ConstByteArrayParameter(x, SECRET_KEYLENGTH)) + ("Clamp", true)); +} + +void ed25519PrivateKey::SetPrivateExponent (const Integer &x) +{ + CRYPTOPP_ASSERT(x.MinEncodedSize() <= SECRET_KEYLENGTH); + + SecByteBlock bx(SECRET_KEYLENGTH); + x.Encode(bx, SECRET_KEYLENGTH); std::reverse(bx+0, bx+SECRET_KEYLENGTH); + + AssignFrom(MakeParameters + (Name::PrivateExponent(), ConstByteArrayParameter(bx, SECRET_KEYLENGTH, false)) + ("Clamp", true)); +} + +const Integer& ed25519PrivateKey::GetPrivateExponent() const +{ + m_x = Integer(m_sk, SECRET_KEYLENGTH, Integer::UNSIGNED, LITTLE_ENDIAN_ORDER); + return m_x; +} + +//////////////////////// + +ed25519Signer::ed25519Signer(const byte y[PUBLIC_KEYLENGTH], const byte x[SECRET_KEYLENGTH]) +{ + AccessPrivateKey().AssignFrom(MakeParameters + (Name::PrivateExponent(), ConstByteArrayParameter(x, SECRET_KEYLENGTH, false)) + (Name::PublicElement(), ConstByteArrayParameter(y, PUBLIC_KEYLENGTH, false))); +} + +ed25519Signer::ed25519Signer(const byte x[SECRET_KEYLENGTH]) +{ + AccessPrivateKey().AssignFrom(MakeParameters + (Name::PrivateExponent(), ConstByteArrayParameter(x, SECRET_KEYLENGTH, false)) + ("Clamp", true)); +} + +ed25519Signer::ed25519Signer(const Integer &y, const Integer &x) +{ + CRYPTOPP_ASSERT(y.MinEncodedSize() <= PUBLIC_KEYLENGTH); + CRYPTOPP_ASSERT(x.MinEncodedSize() <= SECRET_KEYLENGTH); + + SecByteBlock by(PUBLIC_KEYLENGTH), bx(SECRET_KEYLENGTH); + y.Encode(by, PUBLIC_KEYLENGTH); std::reverse(by+0, by+PUBLIC_KEYLENGTH); + x.Encode(bx, SECRET_KEYLENGTH); std::reverse(bx+0, bx+SECRET_KEYLENGTH); + + AccessPrivateKey().AssignFrom(MakeParameters + (Name::PublicElement(), ConstByteArrayParameter(by, PUBLIC_KEYLENGTH, false)) + (Name::PrivateExponent(), ConstByteArrayParameter(bx, SECRET_KEYLENGTH, false))); +} + +ed25519Signer::ed25519Signer(const Integer &x) +{ + CRYPTOPP_ASSERT(x.MinEncodedSize() <= SECRET_KEYLENGTH); + + SecByteBlock bx(SECRET_KEYLENGTH); + x.Encode(bx, SECRET_KEYLENGTH); std::reverse(bx+0, bx+SECRET_KEYLENGTH); + + AccessPrivateKey().AssignFrom(MakeParameters + (Name::PrivateExponent(), ConstByteArrayParameter(bx, SECRET_KEYLENGTH, false)) + ("Clamp", true)); +} + +ed25519Signer::ed25519Signer(RandomNumberGenerator &rng) +{ + AccessPrivateKey().GenerateRandom(rng); +} + +ed25519Signer::ed25519Signer(BufferedTransformation ¶ms) +{ + AccessPrivateKey().Load(params); +} + +size_t ed25519Signer::SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const +{ + CRYPTOPP_ASSERT(signature != NULLPTR); CRYPTOPP_UNUSED(rng); + + ed25519_MessageAccumulator& accum = static_cast(messageAccumulator); + const ed25519PrivateKey& pk = static_cast(GetPrivateKey()); + int ret = Donna::ed25519_sign(accum.data(), accum.size(), pk.GetPrivateKeyBytePtr(), pk.GetPublicKeyBytePtr(), signature); + CRYPTOPP_ASSERT(ret == 0); + + if (restart) + accum.Restart(); + + return ret == 0 ? SIGNATURE_LENGTH : 0; +} + +// ******************** ed25519 Verifier ************************* // + +bool ed25519PublicKey::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const +{ + if (std::strcmp(name, Name::PublicElement()) == 0) + { + this->ThrowIfTypeMismatch(name, typeid(ConstByteArrayParameter), valueType); + reinterpret_cast(pValue)->Assign(m_pk, PUBLIC_KEYLENGTH, false); + return true; + } + + if (std::strcmp(name, Name::GroupOID()) == 0) + { + if (m_oid.Empty()) + return false; + + this->ThrowIfTypeMismatch(name, typeid(OID), valueType); + *reinterpret_cast(pValue) = m_oid; + return true; + } + + return false; +} + +void ed25519PublicKey::AssignFrom(const NameValuePairs &source) +{ + ConstByteArrayParameter ba; + if (source.GetValue(Name::PublicElement(), ba)) + { + std::memcpy(m_pk, ba.begin(), PUBLIC_KEYLENGTH); + } + + OID oid; + if (source.GetValue(Name::GroupOID(), oid)) + { + m_oid = oid; + } +} + +void ed25519PublicKey::BERDecodeAndCheckAlgorithmID(BufferedTransformation& bt) +{ + // We have not yet determined the OID to use for this object. + // We can't use OID's decoder because it throws BERDecodeError + // if the OIDs do not match. + OID oid(bt); + + if (!m_oid.Empty() && m_oid != oid) + BERDecodeError(); // Only accept user specified OID + else if (oid == ASN1::curve25519() || oid == ASN1::Ed25519()) + m_oid = oid; // Accept any of the ed25519PublicKey OIDs + else + BERDecodeError(); +} + +void ed25519PublicKey::BERDecode(BufferedTransformation &bt) +{ + BERSequenceDecoder publicKeyInfo(bt); + + BERSequenceDecoder algorithm(publicKeyInfo); + // GetAlgorithmID().BERDecodeAndCheck(algorithm); + BERDecodeAndCheckAlgorithmID(algorithm); + algorithm.MessageEnd(); + + BERDecodePublicKey(publicKeyInfo, false, (size_t)publicKeyInfo.RemainingLength()); + + publicKeyInfo.MessageEnd(); +} + +void ed25519PublicKey::DEREncode(BufferedTransformation &bt) const +{ + DERSequenceEncoder publicKeyInfo(bt); + + DERSequenceEncoder algorithm(publicKeyInfo); + GetAlgorithmID().DEREncode(algorithm); + algorithm.MessageEnd(); + + DEREncodePublicKey(publicKeyInfo); + + publicKeyInfo.MessageEnd(); +} + +void ed25519PublicKey::BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t /*size*/) +{ + // We don't know how to decode them + if (parametersPresent) + BERDecodeError(); + + SecByteBlock subjectPublicKey; + unsigned int unusedBits; + BERDecodeBitString(bt, subjectPublicKey, unusedBits); + + CRYPTOPP_ASSERT(unusedBits == 0); + CRYPTOPP_ASSERT(subjectPublicKey.size() == PUBLIC_KEYLENGTH); + if (subjectPublicKey.size() != PUBLIC_KEYLENGTH) + BERDecodeError(); + + std::memcpy(m_pk.begin(), subjectPublicKey, PUBLIC_KEYLENGTH); +} + +void ed25519PublicKey::DEREncodePublicKey(BufferedTransformation &bt) const +{ + DEREncodeBitString(bt, m_pk, PUBLIC_KEYLENGTH); +} + +void ed25519PublicKey::SetPublicElement (const byte y[PUBLIC_KEYLENGTH]) +{ + std::memcpy(m_pk, y, PUBLIC_KEYLENGTH); +} + +void ed25519PublicKey::SetPublicElement (const Integer &y) +{ + CRYPTOPP_ASSERT(y.MinEncodedSize() <= PUBLIC_KEYLENGTH); + + SecByteBlock by(PUBLIC_KEYLENGTH); + y.Encode(by, PUBLIC_KEYLENGTH); std::reverse(by+0, by+PUBLIC_KEYLENGTH); + + std::memcpy(m_pk, by, PUBLIC_KEYLENGTH); +} + +const Integer& ed25519PublicKey::GetPublicElement() const +{ + m_y = Integer(m_pk, PUBLIC_KEYLENGTH, Integer::UNSIGNED, LITTLE_ENDIAN_ORDER); + return m_y; +} + +bool ed25519PublicKey::Validate(RandomNumberGenerator &rng, unsigned int level) const +{ + CRYPTOPP_UNUSED(rng); CRYPTOPP_UNUSED(level); + return true; +} + +//////////////////////// + +ed25519Verifier::ed25519Verifier(const byte y[PUBLIC_KEYLENGTH]) +{ + AccessPublicKey().AssignFrom(MakeParameters + (Name::PublicElement(), ConstByteArrayParameter(y, PUBLIC_KEYLENGTH))); +} + +ed25519Verifier::ed25519Verifier(const Integer &y) +{ + CRYPTOPP_ASSERT(y.MinEncodedSize() <= PUBLIC_KEYLENGTH); + + SecByteBlock by(PUBLIC_KEYLENGTH); + y.Encode(by, PUBLIC_KEYLENGTH); std::reverse(by+0, by+PUBLIC_KEYLENGTH); + + AccessPublicKey().AssignFrom(MakeParameters + (Name::PublicElement(), ConstByteArrayParameter(by, PUBLIC_KEYLENGTH, false))); +} + +ed25519Verifier::ed25519Verifier(BufferedTransformation ¶ms) +{ + AccessPublicKey().Load(params); +} + +ed25519Verifier::ed25519Verifier(const ed25519Signer& signer) +{ + const ed25519PrivateKey& priv = static_cast(signer.GetPrivateKey()); + priv.MakePublicKey(AccessPublicKey()); +} + +bool ed25519Verifier::VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const +{ + ed25519_MessageAccumulator& accum = static_cast(messageAccumulator); + const ed25519PublicKey& pk = static_cast(GetPublicKey()); + int ret = Donna::ed25519_sign_open(accum.data(), accum.size(), pk.GetPublicKeyBytePtr(), accum.signature()); + accum.Restart(); + + return ret == 0; +} + +NAMESPACE_END // CryptoPP diff --git a/vendor/cryptopp/vendor_cryptopp/xed25519.h b/vendor/cryptopp/vendor_cryptopp/xed25519.h new file mode 100644 index 00000000..354d49ae --- /dev/null +++ b/vendor/cryptopp/vendor_cryptopp/xed25519.h @@ -0,0 +1,757 @@ +// xed25519.h - written and placed in public domain by Jeffrey Walton +// Crypto++ specific implementation wrapped around Andrew +// Moon's public domain curve25519-donna and ed25519-donna, +// https://github.com/floodyberry/curve25519-donna and +// https://github.com/floodyberry/ed25519-donna. + +// Typically the key agreement classes encapsulate their data more +// than x25519 does below. They are a little more accessible +// due to crypto_box operations. + +/// \file xed25519.h +/// \brief Classes for x25519 and ed25519 operations +/// \details This implementation integrates Andrew Moon's public domain code +/// for curve25519-donna and ed25519-donna. +/// \details Moving keys into and out of the library proceeds as follows. +/// If an Integer class is accepted or returned, then the data is in big +/// endian format. That is, the MSB is at byte position 0, and the LSB +/// is at byte position 31. The Integer will work as expected, just like +/// an int or a long. +/// \details If a byte array is accepted, then the byte array is in little +/// endian format. That is, the LSB is at byte position 0, and the MSB is +/// at byte position 31. This follows the implementation where byte 0 is +/// clamed with 248. That is my_arr[0] &= 248 to mask the lower 3 bits. +/// \details PKCS8 and X509 keys encoded using ASN.1 follow little endian +/// arrays. The format is specified in draft-ietf-curdle-pkix. +/// \details If you have a little endian array and you want to wrap it in +/// an Integer using big endian then you can perform the following: +///
Integer x(my_arr, SECRET_KEYLENGTH, UNSIGNED, LITTLE_ENDIAN_ORDER);
+/// \sa Andrew Moon's x22519 GitHub curve25519-donna, +/// ed22519 GitHub ed25519-donna, and +/// draft-ietf-curdle-pkix +/// \since Crypto++ 8.0 + +#ifndef CRYPTOPP_XED25519_H +#define CRYPTOPP_XED25519_H + +#include "cryptlib.h" +#include "pubkey.h" +#include "oids.h" + +NAMESPACE_BEGIN(CryptoPP) + +class Integer; +struct ed25519Signer; +struct ed25519Verifier; + +// ******************** x25519 Agreement ************************* // + +/// \brief x25519 with key validation +/// \since Crypto++ 8.0 +class x25519 : public SimpleKeyAgreementDomain, public CryptoParameters, public PKCS8PrivateKey +{ +public: + /// \brief Size of the private key + /// \details SECRET_KEYLENGTH is the size of the private key, in bytes. + CRYPTOPP_CONSTANT(SECRET_KEYLENGTH = 32) + /// \brief Size of the public key + /// \details PUBLIC_KEYLENGTH is the size of the public key, in bytes. + CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH = 32) + /// \brief Size of the shared key + /// \details SHARED_KEYLENGTH is the size of the shared key, in bytes. + CRYPTOPP_CONSTANT(SHARED_KEYLENGTH = 32) + + virtual ~x25519() {} + + /// \brief Create a x25519 object + /// \param y public key + /// \param x private key + /// \details This constructor creates a x25519 object using existing parameters. + /// \note The public key is not validated. + x25519(const byte y[PUBLIC_KEYLENGTH], const byte x[SECRET_KEYLENGTH]); + + /// \brief Create a x25519 object + /// \param x private key + /// \details This constructor creates a x25519 object using existing parameters. + /// The public key is calculated from the private key. + x25519(const byte x[SECRET_KEYLENGTH]); + + /// \brief Create a x25519 object + /// \param y public key + /// \param x private key + /// \details This constructor creates a x25519 object using existing parameters. + /// \note The public key is not validated. + x25519(const Integer &y, const Integer &x); + + /// \brief Create a x25519 object + /// \param x private key + /// \details This constructor creates a x25519 object using existing parameters. + /// The public key is calculated from the private key. + x25519(const Integer &x); + + /// \brief Create a x25519 object + /// \param rng RandomNumberGenerator derived class + /// \details This constructor creates a new x25519 using the random number generator. + x25519(RandomNumberGenerator &rng); + + /// \brief Create a x25519 object + /// \param params public and private key + /// \details This constructor creates a x25519 object using existing parameters. + /// The params can be created with Save. + /// \note The public key is not validated. + x25519(BufferedTransformation ¶ms); + + /// \brief Create a x25519 object + /// \param oid an object identifier + /// \details This constructor creates a new x25519 using the specified OID. The public + /// and private points are uninitialized. + x25519(const OID &oid); + + /// \brief Clamp a private key + /// \param y public key + /// \param x private key + /// \details ClampKeys() clamps a private key and then regenerates the + /// public key from the private key. + void ClampKeys(byte y[PUBLIC_KEYLENGTH], byte x[SECRET_KEYLENGTH]) const; + + /// \brief Determine if private key is clamped + /// \param x private key + bool IsClamped(const byte x[SECRET_KEYLENGTH]) const; + + /// \brief Test if a key has small order + /// \param y public key + bool IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const; + + /// \Brief Get the Object Identifier + /// \returns the Object Identifier + /// \details The default OID is from RFC 8410 using id-X25519. + /// The default private key format is RFC 5208. + OID GetAlgorithmID() const { + return m_oid.Empty() ? ASN1::X25519() : m_oid; + } + + /// \Brief Set the Object Identifier + /// \param oid the new Object Identifier + void SetAlgorithmID(const OID& oid) { + m_oid = oid; + } + + // CryptoParameters + bool Validate(RandomNumberGenerator &rng, unsigned int level) const; + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + + // CryptoParameters + CryptoParameters & AccessCryptoParameters() {return *this;} + + /// \brief DER encode ASN.1 object + /// \param bt BufferedTransformation object + /// \details Save() will write the OID associated with algorithm or scheme. + /// In the case of public and private keys, this function writes the + /// subjectPubicKeyInfo parts. + /// \details The default OID is from RFC 8410 using id-X25519. + /// The default private key format is RFC 5208, which is the old format. + /// The old format provides the best interop, and keys will work + /// with OpenSSL. + /// \sa RFC 5958, Asymmetric + /// Key Packages + void Save(BufferedTransformation &bt) const { + DEREncode(bt, 0); + } + + /// \brief DER encode ASN.1 object + /// \param bt BufferedTransformation object + /// \param v1 flag indicating v1 + /// \details Save() will write the OID associated with algorithm or scheme. + /// In the case of public and private keys, this function writes the + /// subjectPubicKeyInfo parts. + /// \details The default OID is from RFC 8410 using id-X25519. + /// The default private key format is RFC 5208. + /// \details v1 means INTEGER 0 is written. INTEGER 0 means + /// RFC 5208 format, which is the old format. The old format provides + /// the best interop, and keys will work with OpenSSL. The other + /// option uses INTEGER 1. INTEGER 1 means RFC 5958 format, + /// which is the new format. + /// \sa RFC 5958, Asymmetric + /// Key Packages + void Save(BufferedTransformation &bt, bool v1) const { + DEREncode(bt, v1 ? 0 : 1); + } + + /// \brief BER decode ASN.1 object + /// \param bt BufferedTransformation object + /// \sa RFC 5958, Asymmetric + /// Key Packages + void Load(BufferedTransformation &bt) { + BERDecode(bt); + } + + // PKCS8PrivateKey + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const { DEREncode(bt, 0); } + void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size); + void DEREncodePrivateKey(BufferedTransformation &bt) const; + + /// \brief DER encode ASN.1 object + /// \param bt BufferedTransformation object + /// \param version indicates version + /// \details DEREncode() will write the OID associated with algorithm or + /// scheme. In the case of public and private keys, this function writes + /// the subjectPubicKeyInfo parts. + /// \details The default OID is from RFC 8410 using id-X25519. + /// The default private key format is RFC 5208. + /// \details The value of version is written as the INTEGER. INTEGER 0 means + /// RFC 5208 format, which is the old format. The old format provides + /// the best interop, and keys will work with OpenSSL. The INTEGER 1 + /// means RFC 5958 format, which is the new format. + void DEREncode(BufferedTransformation &bt, int version) const; + + /// \brief Determine if OID is valid for this object + /// \details BERDecodeAndCheckAlgorithmID() parses the OID from + /// bt and determines if it valid for this object. The + /// problem in practice is there are multiple OIDs available to + /// denote curve25519 operations. The OIDs include an old GNU + /// OID used by SSH, OIDs specified in draft-josefsson-pkix-newcurves, + /// and OIDs specified in draft-ietf-curdle-pkix. + /// \details By default BERDecodeAndCheckAlgorithmID() accepts an + /// OID set by the user, ASN1::curve25519() and ASN1::X25519(). + /// ASN1::curve25519() is generic and says "this key is valid for + /// curve25519 operations". ASN1::X25519() is specific and says + /// "this key is valid for x25519 key exchange." + void BERDecodeAndCheckAlgorithmID(BufferedTransformation& bt); + + // DL_PrivateKey + void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms); + + // SimpleKeyAgreementDomain + unsigned int AgreedValueLength() const {return SHARED_KEYLENGTH;} + unsigned int PrivateKeyLength() const {return SECRET_KEYLENGTH;} + unsigned int PublicKeyLength() const {return PUBLIC_KEYLENGTH;} + + // SimpleKeyAgreementDomain + void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const; + void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const; + bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const; + +protected: + FixedSizeSecBlock m_sk; + FixedSizeSecBlock m_pk; + OID m_oid; // preferred OID +}; + +// ****************** ed25519 Signer *********************** // + +/// \brief ed25519 message accumulator +/// \details ed25519 buffers the entire message, and does not +/// digest the message incrementally. You should be careful with +/// large messages like files on-disk. The behavior is by design +/// because Bernstein feels small messages should be authenticated; +/// and larger messages will be hashed by the application. +struct ed25519_MessageAccumulator : public PK_MessageAccumulator +{ + CRYPTOPP_CONSTANT(RESERVE_SIZE=2048+64) + CRYPTOPP_CONSTANT(SIGNATURE_LENGTH=64) + + /// \brief Create a message accumulator + ed25519_MessageAccumulator() { + Restart(); + } + + /// \brief Create a message accumulator + /// \details ed25519 does not use a RNG. You can safely use + /// NullRNG() because IsProbablistic returns false. + ed25519_MessageAccumulator(RandomNumberGenerator &rng) { + CRYPTOPP_UNUSED(rng); Restart(); + } + + /// \brief Add data to the accumulator + /// \param msg pointer to the data to accumulate + /// \param len the size of the data, in bytes + void Update(const byte* msg, size_t len) { + if (msg && len) + m_msg.insert(m_msg.end(), msg, msg+len); + } + + /// \brief Reset the accumulator + void Restart() { + m_msg.reserve(RESERVE_SIZE); + m_msg.resize(SIGNATURE_LENGTH); + } + + /// \brief Retrieve pointer to signature buffer + /// \returns pointer to signature buffer + byte* signature() { + return &m_msg[0]; + } + + /// \brief Retrieve pointer to signature buffer + /// \returns pointer to signature buffer + const byte* signature() const { + return &m_msg[0]; + } + + /// \brief Retrieve pointer to data buffer + /// \returns pointer to data buffer + const byte* data() const { + return &m_msg[0]+SIGNATURE_LENGTH; + } + + /// \brief Retrieve size of data buffer + /// \returns size of the data buffer, in bytes + size_t size() const { + return m_msg.size()-SIGNATURE_LENGTH; + } + +protected: + // TODO: Find an equivalent Crypto++ structure. + std::vector > m_msg; +}; + +/// \brief Ed25519 private key +/// \details ed25519PrivateKey is somewhat of a hack. It needed to +/// provide DL_PrivateKey interface to fit into the existing +/// framework, but it lacks a lot of the internals of a true +/// DL_PrivateKey. The missing pieces include GroupParameters +/// and Point, which provide the low level field operations +/// found in traditional implementations like NIST curves over +/// prime and binary fields. +/// \details ed25519PrivateKey is also unusual because the +/// class members of interest are byte arrays and not Integers. +/// In addition, the byte arrays are little-endian meaning +/// LSB is at element 0 and the MSB is at element 31. +/// If you call \ref ed25519PrivateKey::GetPrivateExponent() +/// "GetPrivateExponent()" then the little-endian byte array is +/// converted to a big-endian Integer() so it can be returned +/// the way a caller expects. And calling +/// \ref ed25519PrivateKey::SetPrivateExponent "SetPrivateExponent()" +/// perfoms a similar internal conversion. +/// \since Crypto++ 8.0 +struct ed25519PrivateKey : public PKCS8PrivateKey +{ + /// \brief Size of the private key + /// \details SECRET_KEYLENGTH is the size of the private key, in bytes. + CRYPTOPP_CONSTANT(SECRET_KEYLENGTH = 32) + /// \brief Size of the public key + /// \details PUBLIC_KEYLENGTH is the size of the public key, in bytes. + CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH = 32) + /// \brief Size of the siganture + /// \details SIGNATURE_LENGTH is the size of the signature, in bytes. + /// ed25519 is a DL-based signature scheme. The signature is the + /// concatenation of r || s. + CRYPTOPP_CONSTANT(SIGNATURE_LENGTH = 64) + + // CryptoMaterial + bool Validate(RandomNumberGenerator &rng, unsigned int level) const; + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + + // GroupParameters + OID GetAlgorithmID() const { + return m_oid.Empty() ? ASN1::Ed25519() : m_oid; + } + + /// \brief DER encode ASN.1 object + /// \param bt BufferedTransformation object + /// \details Save() will write the OID associated with algorithm or scheme. + /// In the case of public and private keys, this function writes the + /// subjectPubicKeyInfo parts. + /// \details The default OID is from RFC 8410 using id-Ed25519. + /// The default private key format is RFC 5208, which is the old format. + /// The old format provides the best interop, and keys will work + /// with OpenSSL. + /// \sa RFC 5958, Asymmetric + /// Key Packages + void Save(BufferedTransformation &bt) const { + DEREncode(bt, 0); + } + + /// \brief DER encode ASN.1 object + /// \param bt BufferedTransformation object + /// \param v1 flag indicating v1 + /// \details Save() will write the OID associated with algorithm or scheme. + /// In the case of public and private keys, this function writes the + /// subjectPubicKeyInfo parts. + /// \details The default OID is from RFC 8410 using id-Ed25519. + /// The default private key format is RFC 5208. + /// \details v1 means INTEGER 0 is written. INTEGER 0 means + /// RFC 5208 format, which is the old format. The old format provides + /// the best interop, and keys will work with OpenSSL. The other + /// option uses INTEGER 1. INTEGER 1 means RFC 5958 format, + /// which is the new format. + /// \sa RFC 5958, Asymmetric + /// Key Packages + void Save(BufferedTransformation &bt, bool v1) const { + DEREncode(bt, v1 ? 0 : 1); + } + + /// \brief BER decode ASN.1 object + /// \param bt BufferedTransformation object + /// \sa RFC 5958, Asymmetric + /// Key Packages + void Load(BufferedTransformation &bt) { + BERDecode(bt); + } + + /// \brief Initializes a public key from this key + /// \param pub reference to a public key + void MakePublicKey(PublicKey &pub) const; + + // PKCS8PrivateKey + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const { DEREncode(bt, 0); } + void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size); + void DEREncodePrivateKey(BufferedTransformation &bt) const; + + /// \brief DER encode ASN.1 object + /// \param bt BufferedTransformation object + /// \param version indicates version + /// \details DEREncode() will write the OID associated with algorithm or + /// scheme. In the case of public and private keys, this function writes + /// the subjectPubicKeyInfo parts. + /// \details The default OID is from RFC 8410 using id-X25519. + /// The default private key format is RFC 5208. + /// \details The value of version is written as the INTEGER. INTEGER 0 means + /// RFC 5208 format, which is the old format. The old format provides + /// the best interop, and keys will work with OpenSSL. The INTEGER 1 + /// means RFC 5958 format, which is the new format. + void DEREncode(BufferedTransformation &bt, int version) const; + + /// \brief Determine if OID is valid for this object + /// \details BERDecodeAndCheckAlgorithmID() parses the OID from + /// bt and determines if it valid for this object. The + /// problem in practice is there are multiple OIDs available to + /// denote curve25519 operations. The OIDs include an old GNU + /// OID used by SSH, OIDs specified in draft-josefsson-pkix-newcurves, + /// and OIDs specified in draft-ietf-curdle-pkix. + /// \details By default BERDecodeAndCheckAlgorithmID() accepts an + /// OID set by the user, ASN1::curve25519() and ASN1::Ed25519(). + /// ASN1::curve25519() is generic and says "this key is valid for + /// curve25519 operations". ASN1::Ed25519() is specific and says + /// "this key is valid for ed25519 signing." + void BERDecodeAndCheckAlgorithmID(BufferedTransformation& bt); + + // PKCS8PrivateKey + void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms); + void SetPrivateExponent(const byte x[SECRET_KEYLENGTH]); + void SetPrivateExponent(const Integer &x); + const Integer& GetPrivateExponent() const; + + /// \brief Clamp a private key + /// \param y public key + /// \param x private key + /// \details ClampKeys() clamps a private key and then regenerates the + /// public key from the private key. + void ClampKeys(byte y[PUBLIC_KEYLENGTH], byte x[SECRET_KEYLENGTH]) const; + + /// \brief Determine if private key is clamped + /// \param x private key + bool IsClamped(const byte x[SECRET_KEYLENGTH]) const; + + /// \brief Test if a key has small order + /// \param y public key + bool IsSmallOrder(const byte y[PUBLIC_KEYLENGTH]) const; + + /// \brief Retrieve private key byte array + /// \returns the private key byte array + /// \details GetPrivateKeyBytePtr() is used by signing code to call ed25519_sign. + const byte* GetPrivateKeyBytePtr() const { + return m_sk.begin(); + } + + /// \brief Retrieve public key byte array + /// \returns the public key byte array + /// \details GetPublicKeyBytePtr() is used by signing code to call ed25519_sign. + const byte* GetPublicKeyBytePtr() const { + return m_pk.begin(); + } + +protected: + FixedSizeSecBlock m_sk; + FixedSizeSecBlock m_pk; + OID m_oid; // preferred OID + mutable Integer m_x; // for DL_PrivateKey +}; + +/// \brief Ed25519 signature algorithm +/// \since Crypto++ 8.0 +struct ed25519Signer : public PK_Signer +{ + /// \brief Size of the private key + /// \details SECRET_KEYLENGTH is the size of the private key, in bytes. + CRYPTOPP_CONSTANT(SECRET_KEYLENGTH = 32) + /// \brief Size of the public key + /// \details PUBLIC_KEYLENGTH is the size of the public key, in bytes. + CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH = 32) + /// \brief Size of the siganture + /// \details SIGNATURE_LENGTH is the size of the signature, in bytes. + /// ed25519 is a DL-based signature scheme. The signature is the + /// concatenation of r || s. + CRYPTOPP_CONSTANT(SIGNATURE_LENGTH = 64) + typedef Integer Element; + + virtual ~ed25519Signer() {} + + /// \brief Create a ed25519Signer object + ed25519Signer() {} + + /// \brief Create a ed25519Signer object + /// \param y public key + /// \param x private key + /// \details This constructor creates a ed25519Signer object using existing parameters. + /// \note The public key is not validated. + ed25519Signer(const byte y[PUBLIC_KEYLENGTH], const byte x[SECRET_KEYLENGTH]); + + /// \brief Create a ed25519Signer object + /// \param x private key + /// \details This constructor creates a ed25519Signer object using existing parameters. + /// The public key is calculated from the private key. + ed25519Signer(const byte x[SECRET_KEYLENGTH]); + + /// \brief Create a ed25519Signer object + /// \param y public key + /// \param x private key + /// \details This constructor creates a ed25519Signer object using existing parameters. + /// \note The public key is not validated. + ed25519Signer(const Integer &y, const Integer &x); + + /// \brief Create a ed25519Signer object + /// \param x private key + /// \details This constructor creates a ed25519Signer object using existing parameters. + /// The public key is calculated from the private key. + ed25519Signer(const Integer &x); + + /// \brief Create a ed25519Signer object + /// \param rng RandomNumberGenerator derived class + /// \details This constructor creates a new ed25519Signer using the random number generator. + ed25519Signer(RandomNumberGenerator &rng); + + /// \brief Create a ed25519Signer object + /// \param params public and private key + /// \details This constructor creates a ed25519Signer object using existing parameters. + /// The params can be created with Save. + /// \note The public key is not validated. + ed25519Signer(BufferedTransformation ¶ms); + + // DL_ObjectImplBase + PrivateKey& AccessKey() { return m_key; } + PrivateKey& AccessPrivateKey() { return m_key; } + + const PrivateKey& GetKey() const { return m_key; } + const PrivateKey& GetPrivateKey() const { return m_key; } + + // DL_SignatureSchemeBase + size_t SignatureLength() const { return SIGNATURE_LENGTH; } + size_t MaxRecoverableLength() const { return 0; } + size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const { + CRYPTOPP_UNUSED(signatureLength); return 0; + } + + bool IsProbabilistic() const { return false; } + bool AllowNonrecoverablePart() const { return false; } + bool RecoverablePartFirst() const { return false; } + + PK_MessageAccumulator* NewSignatureAccumulator(RandomNumberGenerator &rng) const { + return new ed25519_MessageAccumulator(rng); + } + + void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const { + CRYPTOPP_UNUSED(messageAccumulator); CRYPTOPP_UNUSED(recoverableMessage); + CRYPTOPP_UNUSED(recoverableMessageLength); + throw NotImplemented("ed25519Signer: this object does not support recoverable messages"); + } + + size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const; + +protected: + ed25519PrivateKey m_key; +}; + +// ****************** ed25519 Verifier *********************** // + +/// \brief Ed25519 public key +/// \details ed25519PublicKey is somewhat of a hack. It needed to +/// provide DL_PublicKey interface to fit into the existing +/// framework, but it lacks a lot of the internals of a true +/// DL_PublicKey. The missing pieces include GroupParameters +/// and Point, which provide the low level field operations +/// found in traditional implementations like NIST curves over +/// prime and binary fields. +/// \details ed25519PublicKey is also unusual because the +/// class members of interest are byte arrays and not Integers. +/// In addition, the byte arrays are little-endian meaning +/// LSB is at element 0 and the MSB is at element 31. +/// If you call \ref ed25519PublicKey::GetPublicElement() +/// "GetPublicElement()" then the little-endian byte array is +/// converted to a big-endian Integer() so it can be returned +/// the way a caller expects. And calling +/// \ref ed25519PublicKey::SetPublicElement "SetPublicElement()" +/// perfoms a similar internal conversion. +/// \since Crypto++ 8.0 +struct ed25519PublicKey : public X509PublicKey +{ + /// \brief Size of the public key + /// \details PUBLIC_KEYLENGTH is the size of the public key, in bytes. + CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH = 32) + typedef Integer Element; + + OID GetAlgorithmID() const { + return m_oid.Empty() ? ASN1::Ed25519() : m_oid; + } + + /// \brief DER encode ASN.1 object + /// \param bt BufferedTransformation object + /// \details Save() will write the OID associated with algorithm or scheme. + /// In the case of public and private keys, this function writes the + /// subjectPubicKeyInfo parts. + /// \details The default OID is from RFC 8410 using id-X25519. + /// The default private key format is RFC 5208, which is the old format. + /// The old format provides the best interop, and keys will work + /// with OpenSSL. + void Save(BufferedTransformation &bt) const { + BEREncode(bt); + } + + /// \brief BER decode ASN.1 object + /// \param bt BufferedTransformation object + /// \sa RFC 5958, Asymmetric + /// Key Packages + void Load(BufferedTransformation &bt) { + BERDecode(bt); + } + + // X509PublicKey + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const; + void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size); + void DEREncodePublicKey(BufferedTransformation &bt) const; + + /// \brief Determine if OID is valid for this object + /// \details BERDecodeAndCheckAlgorithmID() parses the OID from + /// bt and determines if it valid for this object. The + /// problem in practice is there are multiple OIDs available to + /// denote curve25519 operations. The OIDs include an old GNU + /// OID used by SSH, OIDs specified in draft-josefsson-pkix-newcurves, + /// and OIDs specified in draft-ietf-curdle-pkix. + /// \details By default BERDecodeAndCheckAlgorithmID() accepts an + /// OID set by the user, ASN1::curve25519() and ASN1::Ed25519(). + /// ASN1::curve25519() is generic and says "this key is valid for + /// curve25519 operations". ASN1::Ed25519() is specific and says + /// "this key is valid for ed25519 signing." + void BERDecodeAndCheckAlgorithmID(BufferedTransformation& bt); + + bool Validate(RandomNumberGenerator &rng, unsigned int level) const; + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + + // DL_PublicKey + void SetPublicElement(const byte y[PUBLIC_KEYLENGTH]); + void SetPublicElement(const Element &y); + const Element& GetPublicElement() const; + + /// \brief Retrieve public key byte array + /// \returns the public key byte array + /// \details GetPublicKeyBytePtr() is used by signing code to call ed25519_sign. + const byte* GetPublicKeyBytePtr() const { + return m_pk.begin(); + } + +protected: + FixedSizeSecBlock m_pk; + OID m_oid; // preferred OID + mutable Integer m_y; // for DL_PublicKey +}; + +/// \brief Ed25519 signature verification algorithm +/// \since Crypto++ 8.0 +struct ed25519Verifier : public PK_Verifier +{ + CRYPTOPP_CONSTANT(PUBLIC_KEYLENGTH = 32) + CRYPTOPP_CONSTANT(SIGNATURE_LENGTH = 64) + typedef Integer Element; + + virtual ~ed25519Verifier() {} + + /// \brief Create a ed25519Verifier object + ed25519Verifier() {} + + /// \brief Create a ed25519Verifier object + /// \param y public key + /// \details This constructor creates a ed25519Verifier object using existing parameters. + /// \note The public key is not validated. + ed25519Verifier(const byte y[PUBLIC_KEYLENGTH]); + + /// \brief Create a ed25519Verifier object + /// \param y public key + /// \details This constructor creates a ed25519Verifier object using existing parameters. + /// \note The public key is not validated. + ed25519Verifier(const Integer &y); + + /// \brief Create a ed25519Verifier object + /// \param params public and private key + /// \details This constructor creates a ed25519Verifier object using existing parameters. + /// The params can be created with Save. + /// \note The public key is not validated. + ed25519Verifier(BufferedTransformation ¶ms); + + /// \brief Create a ed25519Verifier object + /// \param signer ed25519 signer object + /// \details This constructor creates a ed25519Verifier object using existing parameters. + /// The params can be created with Save. + /// \note The public key is not validated. + ed25519Verifier(const ed25519Signer& signer); + + // DL_ObjectImplBase + PublicKey& AccessKey() { return m_key; } + PublicKey& AccessPublicKey() { return m_key; } + + const PublicKey& GetKey() const { return m_key; } + const PublicKey& GetPublicKey() const { return m_key; } + + // DL_SignatureSchemeBase + size_t SignatureLength() const { return SIGNATURE_LENGTH; } + size_t MaxRecoverableLength() const { return 0; } + size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const { + CRYPTOPP_UNUSED(signatureLength); return 0; + } + + bool IsProbabilistic() const { return false; } + bool AllowNonrecoverablePart() const { return false; } + bool RecoverablePartFirst() const { return false; } + + ed25519_MessageAccumulator* NewVerificationAccumulator() const { + return new ed25519_MessageAccumulator; + } + + void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const { + CRYPTOPP_ASSERT(signature != NULLPTR); + CRYPTOPP_ASSERT(signatureLength == SIGNATURE_LENGTH); + ed25519_MessageAccumulator& accum = static_cast(messageAccumulator); + if (signature && signatureLength) + std::memcpy(accum.signature(), signature, STDMIN((size_t)SIGNATURE_LENGTH, signatureLength)); + } + + bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const; + + DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const { + CRYPTOPP_UNUSED(recoveredMessage); CRYPTOPP_UNUSED(messageAccumulator); + throw NotImplemented("ed25519Verifier: this object does not support recoverable messages"); + } + +protected: + ed25519PublicKey m_key; +}; + +/// \brief Ed25519 signature scheme +/// \since Crypto++ 8.0 +struct ed25519 +{ + typedef ed25519Signer Signer; + typedef ed25519Verifier Verifier; +}; + +NAMESPACE_END // CryptoPP + +#endif // CRYPTOPP_XED25519_H diff --git a/vendor/cryptopp/vendor_cryptopp/xtr.cpp b/vendor/cryptopp/vendor_cryptopp/xtr.cpp index 34b3ecf4..6862c3d2 100644 --- a/vendor/cryptopp/vendor_cryptopp/xtr.cpp +++ b/vendor/cryptopp/vendor_cryptopp/xtr.cpp @@ -13,7 +13,12 @@ NAMESPACE_BEGIN(CryptoPP) const GFP2Element & GFP2Element::Zero() { +#if defined(CRYPTOPP_CXX11_DYNAMIC_INIT) + static const GFP2Element s_zero; + return s_zero; +#else return Singleton().Ref(); +#endif } void XTR_FindPrimesAndGenerator(RandomNumberGenerator &rng, Integer &p, Integer &q, GFP2Element &g, unsigned int pbits, unsigned int qbits) @@ -26,15 +31,23 @@ void XTR_FindPrimesAndGenerator(RandomNumberGenerator &rng, Integer &p, Integer const Integer minP = Integer::Power2(pbits - 1); const Integer maxP = Integer::Power2(pbits) - 1; +top: + Integer r1, r2; do { - bool qFound = q.Randomize(rng, minQ, maxQ, Integer::PRIME, 7, 12); - CRYPTOPP_UNUSED(qFound); CRYPTOPP_ASSERT(qFound); - bool solutionsExist = SolveModularQuadraticEquation(r1, r2, 1, -1, 1, q); - CRYPTOPP_UNUSED(solutionsExist); CRYPTOPP_ASSERT(solutionsExist); - } while (!p.Randomize(rng, minP, maxP, Integer::PRIME, CRT(rng.GenerateBit()?r1:r2, q, 2, 3, EuclideanMultiplicativeInverse(p, 3)), 3*q)); - CRYPTOPP_ASSERT(((p.Squared() - p + 1) % q).IsZero()); + (void)q.Randomize(rng, minQ, maxQ, Integer::PRIME, 7, 12); + // Solution always exists because q === 7 mod 12. + (void)SolveModularQuadraticEquation(r1, r2, 1, -1, 1, q); + // I believe k_i, r1 and r2 are being used slightly different than the + // paper's algorithm. I believe it is leading to the failed asserts. + // Just make the assert part of the condition. + if(!p.Randomize(rng, minP, maxP, Integer::PRIME, CRT(rng.GenerateBit() ? + r1 : r2, q, 2, 3, EuclideanMultiplicativeInverse(p, 3)), 3 * q)) { continue; } + } while (((p % 3U) != 2) || (((p.Squared() - p + 1) % q).NotZero())); + + // CRYPTOPP_ASSERT((p % 3U) == 2); + // CRYPTOPP_ASSERT(((p.Squared() - p + 1) % q).IsZero()); GFP2_ONB gfp2(p); GFP2Element three = gfp2.ConvertIn(3), t; @@ -50,7 +63,11 @@ void XTR_FindPrimesAndGenerator(RandomNumberGenerator &rng, Integer &p, Integer if (g != three) break; } - CRYPTOPP_ASSERT(XTR_Exponentiate(g, q, p) == three); + + if (XTR_Exponentiate(g, q, p) != three) + goto top; + + // CRYPTOPP_ASSERT(XTR_Exponentiate(g, q, p) == three); } GFP2Element XTR_Exponentiate(const GFP2Element &b, const Integer &e, const Integer &p)