aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorlloyd <[email protected]>2006-05-18 18:33:19 +0000
committerlloyd <[email protected]>2006-05-18 18:33:19 +0000
commita2c99d3270eb73ef2db5704fc54356c6b75096f8 (patch)
treead3d6c4fcc8dd0f403f8105598943616246fe172 /src
Initial checkin1.5.6
Diffstat (limited to 'src')
-rw-r--r--src/adler32.cpp75
-rw-r--r--src/aes.cpp195
-rw-r--r--src/aes_tab.cpp418
-rw-r--r--src/allocate.cpp25
-rw-r--r--src/arc4.cpp103
-rw-r--r--src/asn1_alg.cpp71
-rw-r--r--src/asn1_alt.cpp182
-rw-r--r--src/asn1_att.cpp62
-rw-r--r--src/asn1_dn.cpp285
-rw-r--r--src/asn1_ext.cpp70
-rw-r--r--src/asn1_int.cpp56
-rw-r--r--src/asn1_ku.cpp41
-rw-r--r--src/asn1_oid.cpp178
-rw-r--r--src/asn1_str.cpp211
-rw-r--r--src/asn1_tm.cpp298
-rw-r--r--src/base.cpp262
-rw-r--r--src/base64.cpp218
-rw-r--r--src/basefilt.cpp72
-rw-r--r--src/ber_code.cpp237
-rw-r--r--src/ber_dec.cpp270
-rw-r--r--src/big_base.cpp380
-rw-r--r--src/big_code.cpp144
-rw-r--r--src/big_io.cpp52
-rw-r--r--src/big_ops2.cpp224
-rw-r--r--src/big_ops3.cpp188
-rw-r--r--src/big_rand.cpp86
-rw-r--r--src/bit_ops.cpp98
-rw-r--r--src/blfs_tab.cpp195
-rw-r--r--src/blinding.cpp47
-rw-r--r--src/blowfish.cpp118
-rw-r--r--src/buf_es.cpp95
-rw-r--r--src/buf_filt.cpp68
-rw-r--r--src/cast128.cpp175
-rw-r--r--src/cast256.cpp168
-rw-r--r--src/cast_tab.cpp410
-rw-r--r--src/cbc.cpp157
-rw-r--r--src/certstore.cpp46
-rw-r--r--src/cfb.cpp142
-rw-r--r--src/charset.cpp167
-rw-r--r--src/cmac.cpp153
-rw-r--r--src/conf.cpp153
-rw-r--r--src/crc24.cpp98
-rw-r--r--src/crc32.cpp101
-rw-r--r--src/crl_ent.cpp165
-rw-r--r--src/ctr.cpp74
-rw-r--r--src/cts.cpp175
-rw-r--r--src/data_snk.cpp56
-rw-r--r--src/data_src.cpp188
-rw-r--r--src/datastor.cpp164
-rw-r--r--src/def_alg.cpp267
-rw-r--r--src/def_mode.cpp134
-rw-r--r--src/def_ops.cpp355
-rw-r--r--src/def_powm.cpp22
-rw-r--r--src/defalloc.cpp81
-rw-r--r--src/der_enc.cpp479
-rw-r--r--src/des.cpp274
-rw-r--r--src/des_tab.cpp634
-rw-r--r--src/dh.cpp112
-rw-r--r--src/divide.cpp104
-rw-r--r--src/dl_algo.cpp106
-rw-r--r--src/dl_group.cpp317
-rw-r--r--src/dlies.cpp128
-rw-r--r--src/dsa.cpp131
-rw-r--r--src/eax.cpp306
-rw-r--r--src/ecb.cpp152
-rw-r--r--src/elgamal.cpp120
-rw-r--r--src/eme1.cpp96
-rw-r--r--src/eme_pkcs.cpp68
-rw-r--r--src/emsa1.cpp98
-rw-r--r--src/emsa2.cpp70
-rw-r--r--src/emsa3.cpp62
-rw-r--r--src/emsa4.cpp144
-rw-r--r--src/emsa_raw.cpp37
-rw-r--r--src/eng_base.cpp345
-rw-r--r--src/engine.cpp361
-rw-r--r--src/es_file.cpp33
-rw-r--r--src/exceptn.cpp70
-rw-r--r--src/filter.cpp127
-rw-r--r--src/filters.cpp96
-rw-r--r--src/fips140.cpp178
-rw-r--r--src/fork256.cpp142
-rw-r--r--src/get_algo.cpp236
-rw-r--r--src/get_enc.cpp133
-rw-r--r--src/get_pbe.cpp71
-rw-r--r--src/gost.cpp80
-rw-r--r--src/gost_tab.cpp190
-rw-r--r--src/has160.cpp141
-rw-r--r--src/hash_id.cpp105
-rw-r--r--src/hex.cpp185
-rw-r--r--src/hmac.cpp90
-rw-r--r--src/idea.cpp156
-rw-r--r--src/if_algo.cpp157
-rw-r--r--src/inifile.cpp150
-rw-r--r--src/init_def.cpp149
-rw-r--r--src/jacobi.cpp51
-rw-r--r--src/kas_tab.cpp82
-rw-r--r--src/kasumi.cpp139
-rw-r--r--src/kdf.cpp75
-rw-r--r--src/keypair.cpp58
-rw-r--r--src/libstate.cpp314
-rw-r--r--src/lion.cpp113
-rw-r--r--src/look_pk.cpp74
-rw-r--r--src/lubyrack.cpp114
-rw-r--r--src/make_prm.cpp177
-rw-r--r--src/mars.cpp287
-rw-r--r--src/mars_tab.cpp98
-rw-r--r--src/md2.cpp106
-rw-r--r--src/md4.cpp98
-rw-r--r--src/md5.cpp126
-rw-r--r--src/mdx_hash.cpp92
-rw-r--r--src/mem_pool.cpp302
-rw-r--r--src/mgf1.cpp49
-rw-r--r--src/mist_tab.cpp104
-rw-r--r--src/misty1.cpp149
-rw-r--r--src/mlock.cpp24
-rw-r--r--src/mode_pad.cpp125
-rw-r--r--src/modebase.cpp53
-rw-r--r--src/modules.cpp187
-rw-r--r--src/mp_asm.cpp237
-rw-r--r--src/mp_comba.cpp384
-rw-r--r--src/mp_misc.cpp117
-rw-r--r--src/mp_mul.cpp170
-rw-r--r--src/mp_numth.cpp69
-rw-r--r--src/mp_shift.cpp109
-rw-r--r--src/mp_sqr.cpp134
-rw-r--r--src/mutex.cpp73
-rw-r--r--src/nr.cpp130
-rw-r--r--src/numthry.cpp323
-rw-r--r--src/ofb.cpp65
-rw-r--r--src/oids.cpp52
-rw-r--r--src/openpgp.cpp194
-rw-r--r--src/out_buf.cpp115
-rw-r--r--src/par_hash.cpp102
-rw-r--r--src/parsing.cpp296
-rw-r--r--src/pbes1.cpp168
-rw-r--r--src/pbes2.cpp227
-rw-r--r--src/pem.cpp145
-rw-r--r--src/pgp_s2k.cpp82
-rw-r--r--src/pipe.cpp284
-rw-r--r--src/pipe_io.cpp43
-rw-r--r--src/pipe_rw.cpp164
-rw-r--r--src/pk_algs.cpp46
-rw-r--r--src/pk_core.cpp289
-rw-r--r--src/pk_filts.cpp113
-rw-r--r--src/pk_keys.cpp68
-rw-r--r--src/pk_util.cpp116
-rw-r--r--src/pkcs10.cpp228
-rw-r--r--src/pkcs5.cpp124
-rw-r--r--src/pkcs8.cpp294
-rw-r--r--src/policy.cpp374
-rw-r--r--src/pow_mod.cpp155
-rw-r--r--src/powm_fw.cpp102
-rw-r--r--src/powm_mnt.cpp174
-rw-r--r--src/prf_x942.cpp91
-rw-r--r--src/primes.cpp673
-rw-r--r--src/pubkey.cpp393
-rw-r--r--src/randpool.cpp189
-rw-r--r--src/rc2.cpp166
-rw-r--r--src/rc5.cpp104
-rw-r--r--src/rc6.cpp133
-rw-r--r--src/reducer.cpp96
-rw-r--r--src/rmd128.cpp165
-rw-r--r--src/rmd160.cpp200
-rw-r--r--src/rng.cpp65
-rw-r--r--src/rsa.cpp156
-rw-r--r--src/rw.cpp142
-rw-r--r--src/s2k.cpp53
-rw-r--r--src/safe_tab.cpp119
-rw-r--r--src/safer_sk.cpp112
-rw-r--r--src/secqueue.cpp203
-rw-r--r--src/seed.cpp134
-rw-r--r--src/seed_tab.cpp190
-rw-r--r--src/serpent.cpp376
-rw-r--r--src/sha160.cpp122
-rw-r--r--src/sha256.cpp123
-rw-r--r--src/sha_64.cpp197
-rw-r--r--src/skipjack.cpp162
-rw-r--r--src/sqr_tab.cpp458
-rw-r--r--src/square.cpp186
-rw-r--r--src/symkey.cpp138
-rw-r--r--src/tea.cpp60
-rw-r--r--src/tig_tab.cpp362
-rw-r--r--src/tiger.cpp122
-rw-r--r--src/timers.cpp44
-rw-r--r--src/tur_tab.cpp104
-rw-r--r--src/turing.cpp273
-rw-r--r--src/two_tab.cpp291
-rw-r--r--src/twofish.cpp227
-rw-r--r--src/ui.cpp62
-rw-r--r--src/util.cpp81
-rw-r--r--src/whrl_tab.cpp538
-rw-r--r--src/whrlpool.cpp141
-rw-r--r--src/wid_wake.cpp139
-rw-r--r--src/x509_ca.cpp287
-rw-r--r--src/x509_crl.cpp174
-rw-r--r--src/x509_ext.cpp357
-rw-r--r--src/x509_key.cpp197
-rw-r--r--src/x509_obj.cpp165
-rw-r--r--src/x509cert.cpp471
-rw-r--r--src/x509find.cpp188
-rw-r--r--src/x509opt.cpp109
-rw-r--r--src/x509self.cpp198
-rw-r--r--src/x509stor.cpp670
-rw-r--r--src/x919_mac.cpp92
-rw-r--r--src/x931_rng.cpp136
-rw-r--r--src/xtea.cpp81
206 files changed, 34586 insertions, 0 deletions
diff --git a/src/adler32.cpp b/src/adler32.cpp
new file mode 100644
index 000000000..424976035
--- /dev/null
+++ b/src/adler32.cpp
@@ -0,0 +1,75 @@
+/*************************************************
+* Adler32 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/adler32.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* Adler32 Checksum *
+*************************************************/
+void Adler32::hash(const byte input[], u32bit length)
+ {
+ u32bit S1x = S1, S2x = S2;
+ while(length >= 16)
+ {
+ S1x += input[ 0]; S2x += S1x;
+ S1x += input[ 1]; S2x += S1x;
+ S1x += input[ 2]; S2x += S1x;
+ S1x += input[ 3]; S2x += S1x;
+ S1x += input[ 4]; S2x += S1x;
+ S1x += input[ 5]; S2x += S1x;
+ S1x += input[ 6]; S2x += S1x;
+ S1x += input[ 7]; S2x += S1x;
+ S1x += input[ 8]; S2x += S1x;
+ S1x += input[ 9]; S2x += S1x;
+ S1x += input[10]; S2x += S1x;
+ S1x += input[11]; S2x += S1x;
+ S1x += input[12]; S2x += S1x;
+ S1x += input[13]; S2x += S1x;
+ S1x += input[14]; S2x += S1x;
+ S1x += input[15]; S2x += S1x;
+ input += 16;
+ length -= 16;
+ }
+ for(u32bit j = 0; j != length; ++j)
+ {
+ S1x += input[j]; S2x += S1x;
+ }
+ S1x %= 65521;
+ S2x %= 65521;
+ S1 = S1x;
+ S2 = S2x;
+ }
+
+/*************************************************
+* Update an Adler32 Checksum *
+*************************************************/
+void Adler32::add_data(const byte input[], u32bit length)
+ {
+ const u32bit PROCESS_AMOUNT = 5552;
+ while(length >= PROCESS_AMOUNT)
+ {
+ hash(input, PROCESS_AMOUNT);
+ input += PROCESS_AMOUNT;
+ length -= PROCESS_AMOUNT;
+ }
+ hash(input, length);
+ }
+
+/*************************************************
+* Finalize an Adler32 Checksum *
+*************************************************/
+void Adler32::final_result(byte output[])
+ {
+ output[0] = get_byte(2, S2);
+ output[1] = get_byte(3, S2);
+ output[2] = get_byte(2, S1);
+ output[3] = get_byte(3, S1);
+ clear();
+ }
+
+}
diff --git a/src/aes.cpp b/src/aes.cpp
new file mode 100644
index 000000000..778c4154e
--- /dev/null
+++ b/src/aes.cpp
@@ -0,0 +1,195 @@
+/*************************************************
+* AES Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/aes.h>
+#include <botan/bit_ops.h>
+#include <botan/parsing.h>
+
+namespace Botan {
+
+/*************************************************
+* AES Encryption *
+*************************************************/
+void AES::enc(const byte in[], byte out[]) const
+ {
+ u32bit T0, T1, T2, T3, B0, B1, B2, B3;
+ B0 = TE0[in[ 0] ^ ME[ 0]] ^ TE1[in[ 5] ^ ME[ 5]] ^
+ TE2[in[10] ^ ME[10]] ^ TE3[in[15] ^ ME[15]] ^ EK[0];
+ B1 = TE0[in[ 4] ^ ME[ 4]] ^ TE1[in[ 9] ^ ME[ 9]] ^
+ TE2[in[14] ^ ME[14]] ^ TE3[in[ 3] ^ ME[ 3]] ^ EK[1];
+ B2 = TE0[in[ 8] ^ ME[ 8]] ^ TE1[in[13] ^ ME[13]] ^
+ TE2[in[ 2] ^ ME[ 2]] ^ TE3[in[ 7] ^ ME[ 7]] ^ EK[2];
+ B3 = TE0[in[12] ^ ME[12]] ^ TE1[in[ 1] ^ ME[ 1]] ^
+ TE2[in[ 6] ^ ME[ 6]] ^ TE3[in[11] ^ ME[11]] ^ EK[3];
+ for(u32bit j = 1; j != ROUNDS - 1; j += 2)
+ {
+ T0 = TE0[get_byte(0, B0)] ^ TE1[get_byte(1, B1)] ^
+ TE2[get_byte(2, B2)] ^ TE3[get_byte(3, B3)] ^ EK[4*j+0];
+ T1 = TE0[get_byte(0, B1)] ^ TE1[get_byte(1, B2)] ^
+ TE2[get_byte(2, B3)] ^ TE3[get_byte(3, B0)] ^ EK[4*j+1];
+ T2 = TE0[get_byte(0, B2)] ^ TE1[get_byte(1, B3)] ^
+ TE2[get_byte(2, B0)] ^ TE3[get_byte(3, B1)] ^ EK[4*j+2];
+ T3 = TE0[get_byte(0, B3)] ^ TE1[get_byte(1, B0)] ^
+ TE2[get_byte(2, B1)] ^ TE3[get_byte(3, B2)] ^ EK[4*j+3];
+ B0 = TE0[get_byte(0, T0)] ^ TE1[get_byte(1, T1)] ^
+ TE2[get_byte(2, T2)] ^ TE3[get_byte(3, T3)] ^ EK[4*j+4];
+ B1 = TE0[get_byte(0, T1)] ^ TE1[get_byte(1, T2)] ^
+ TE2[get_byte(2, T3)] ^ TE3[get_byte(3, T0)] ^ EK[4*j+5];
+ B2 = TE0[get_byte(0, T2)] ^ TE1[get_byte(1, T3)] ^
+ TE2[get_byte(2, T0)] ^ TE3[get_byte(3, T1)] ^ EK[4*j+6];
+ B3 = TE0[get_byte(0, T3)] ^ TE1[get_byte(1, T0)] ^
+ TE2[get_byte(2, T1)] ^ TE3[get_byte(3, T2)] ^ EK[4*j+7];
+ }
+ out[ 0] = SE[get_byte(0, B0)] ^ ME[16];
+ out[ 1] = SE[get_byte(1, B1)] ^ ME[17];
+ out[ 2] = SE[get_byte(2, B2)] ^ ME[18];
+ out[ 3] = SE[get_byte(3, B3)] ^ ME[19];
+ out[ 4] = SE[get_byte(0, B1)] ^ ME[20];
+ out[ 5] = SE[get_byte(1, B2)] ^ ME[21];
+ out[ 6] = SE[get_byte(2, B3)] ^ ME[22];
+ out[ 7] = SE[get_byte(3, B0)] ^ ME[23];
+ out[ 8] = SE[get_byte(0, B2)] ^ ME[24];
+ out[ 9] = SE[get_byte(1, B3)] ^ ME[25];
+ out[10] = SE[get_byte(2, B0)] ^ ME[26];
+ out[11] = SE[get_byte(3, B1)] ^ ME[27];
+ out[12] = SE[get_byte(0, B3)] ^ ME[28];
+ out[13] = SE[get_byte(1, B0)] ^ ME[29];
+ out[14] = SE[get_byte(2, B1)] ^ ME[30];
+ out[15] = SE[get_byte(3, B2)] ^ ME[31];
+ }
+
+/*************************************************
+* AES Decryption *
+*************************************************/
+void AES::dec(const byte in[], byte out[]) const
+ {
+ u32bit T0, T1, T2, T3, B0, B1, B2, B3;
+ B0 = TD0[in[ 0] ^ MD[ 0]] ^ TD1[in[13] ^ MD[13]] ^
+ TD2[in[10] ^ MD[10]] ^ TD3[in[ 7] ^ MD[ 7]] ^ DK[0];
+ B1 = TD0[in[ 4] ^ MD[ 4]] ^ TD1[in[ 1] ^ MD[ 1]] ^
+ TD2[in[14] ^ MD[14]] ^ TD3[in[11] ^ MD[11]] ^ DK[1];
+ B2 = TD0[in[ 8] ^ MD[ 8]] ^ TD1[in[ 5] ^ MD[ 5]] ^
+ TD2[in[ 2] ^ MD[ 2]] ^ TD3[in[15] ^ MD[15]] ^ DK[2];
+ B3 = TD0[in[12] ^ MD[12]] ^ TD1[in[ 9] ^ MD[ 9]] ^
+ TD2[in[ 6] ^ MD[ 6]] ^ TD3[in[ 3] ^ MD[ 3]] ^ DK[3];
+ for(u32bit j = 1; j != ROUNDS - 1; j += 2)
+ {
+ T0 = TD0[get_byte(0, B0)] ^ TD1[get_byte(1, B3)] ^
+ TD2[get_byte(2, B2)] ^ TD3[get_byte(3, B1)] ^ DK[4*j+0];
+ T1 = TD0[get_byte(0, B1)] ^ TD1[get_byte(1, B0)] ^
+ TD2[get_byte(2, B3)] ^ TD3[get_byte(3, B2)] ^ DK[4*j+1];
+ T2 = TD0[get_byte(0, B2)] ^ TD1[get_byte(1, B1)] ^
+ TD2[get_byte(2, B0)] ^ TD3[get_byte(3, B3)] ^ DK[4*j+2];
+ T3 = TD0[get_byte(0, B3)] ^ TD1[get_byte(1, B2)] ^
+ TD2[get_byte(2, B1)] ^ TD3[get_byte(3, B0)] ^ DK[4*j+3];
+ B0 = TD0[get_byte(0, T0)] ^ TD1[get_byte(1, T3)] ^
+ TD2[get_byte(2, T2)] ^ TD3[get_byte(3, T1)] ^ DK[4*j+4];
+ B1 = TD0[get_byte(0, T1)] ^ TD1[get_byte(1, T0)] ^
+ TD2[get_byte(2, T3)] ^ TD3[get_byte(3, T2)] ^ DK[4*j+5];
+ B2 = TD0[get_byte(0, T2)] ^ TD1[get_byte(1, T1)] ^
+ TD2[get_byte(2, T0)] ^ TD3[get_byte(3, T3)] ^ DK[4*j+6];
+ B3 = TD0[get_byte(0, T3)] ^ TD1[get_byte(1, T2)] ^
+ TD2[get_byte(2, T1)] ^ TD3[get_byte(3, T0)] ^ DK[4*j+7];
+ }
+ out[ 0] = SD[get_byte(0, B0)] ^ MD[16];
+ out[ 1] = SD[get_byte(1, B3)] ^ MD[17];
+ out[ 2] = SD[get_byte(2, B2)] ^ MD[18];
+ out[ 3] = SD[get_byte(3, B1)] ^ MD[19];
+ out[ 4] = SD[get_byte(0, B1)] ^ MD[20];
+ out[ 5] = SD[get_byte(1, B0)] ^ MD[21];
+ out[ 6] = SD[get_byte(2, B3)] ^ MD[22];
+ out[ 7] = SD[get_byte(3, B2)] ^ MD[23];
+ out[ 8] = SD[get_byte(0, B2)] ^ MD[24];
+ out[ 9] = SD[get_byte(1, B1)] ^ MD[25];
+ out[10] = SD[get_byte(2, B0)] ^ MD[26];
+ out[11] = SD[get_byte(3, B3)] ^ MD[27];
+ out[12] = SD[get_byte(0, B3)] ^ MD[28];
+ out[13] = SD[get_byte(1, B2)] ^ MD[29];
+ out[14] = SD[get_byte(2, B1)] ^ MD[30];
+ out[15] = SD[get_byte(3, B0)] ^ MD[31];
+ }
+
+/*************************************************
+* AES Key Schedule *
+*************************************************/
+void AES::key(const byte key[], u32bit length)
+ {
+ static const u32bit RC[10] = {
+ 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000,
+ 0x40000000, 0x80000000, 0x1B000000, 0x36000000 };
+ ROUNDS = (length / 4) + 6;
+
+ SecureBuffer<u32bit, 64> XEK, XDK;
+
+ const u32bit X = length / 4;
+ for(u32bit j = 0; j != X; ++j)
+ XEK[j] = make_u32bit(key[4*j], key[4*j+1], key[4*j+2], key[4*j+3]);
+ for(u32bit j = X; j < 4*(ROUNDS+1); j += X)
+ {
+ XEK[j] = XEK[j-X] ^ S(rotate_left(XEK[j-1], 8)) ^ RC[(j-X)/X];
+ for(u32bit k = 1; k != X; ++k)
+ {
+ if(X == 8 && k == 4)
+ XEK[j+k] = XEK[j+k-X] ^ S(XEK[j+k-1]);
+ else
+ XEK[j+k] = XEK[j+k-X] ^ XEK[j+k-1];
+ }
+ }
+
+ for(u32bit j = 0; j != 4*(ROUNDS+1); j += 4)
+ {
+ XDK[j ] = XEK[4*ROUNDS-j ];
+ XDK[j+1] = XEK[4*ROUNDS-j+1];
+ XDK[j+2] = XEK[4*ROUNDS-j+2];
+ XDK[j+3] = XEK[4*ROUNDS-j+3];
+ }
+ for(u32bit j = 4; j != length + 24; ++j)
+ XDK[j] = TD0[SE[get_byte(0, XDK[j])]] ^ TD1[SE[get_byte(1, XDK[j])]] ^
+ TD2[SE[get_byte(2, XDK[j])]] ^ TD3[SE[get_byte(3, XDK[j])]];
+
+ for(u32bit j = 0; j != 4; ++j)
+ for(u32bit k = 0; k != 4; ++k)
+ {
+ ME[4*j+k ] = get_byte(k, XEK[j]);
+ ME[4*j+k+16] = get_byte(k, XEK[j+4*ROUNDS]);
+ MD[4*j+k ] = get_byte(k, XDK[j]);
+ MD[4*j+k+16] = get_byte(k, XEK[j]);
+ }
+
+ EK.copy(XEK + 4, length + 20);
+ DK.copy(XDK + 4, length + 20);
+ }
+
+/*************************************************
+* AES Byte Substitution *
+*************************************************/
+u32bit AES::S(u32bit input)
+ {
+ return make_u32bit(SE[get_byte(0, input)], SE[get_byte(1, input)],
+ SE[get_byte(2, input)], SE[get_byte(3, input)]);
+ }
+
+/*************************************************
+* AES Constructor *
+*************************************************/
+AES::AES(u32bit key_size) : BlockCipher(16, key_size)
+ {
+ if(key_size != 16 && key_size != 24 && key_size != 32)
+ throw Invalid_Argument("AES: Bad key size " + to_string(key_size));
+ ROUNDS = (key_size / 4) + 6;
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void AES::clear() throw()
+ {
+ EK.clear();
+ DK.clear();
+ ME.clear();
+ MD.clear();
+ }
+
+}
diff --git a/src/aes_tab.cpp b/src/aes_tab.cpp
new file mode 100644
index 000000000..a19751b52
--- /dev/null
+++ b/src/aes_tab.cpp
@@ -0,0 +1,418 @@
+/*************************************************
+* S-Box and Diffusion Tables for AES *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/aes.h>
+
+namespace Botan {
+
+const byte AES::SE[256] = {
+ 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B,
+ 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0,
+ 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 0xB7, 0xFD, 0x93, 0x26,
+ 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15,
+ 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2,
+ 0xEB, 0x27, 0xB2, 0x75, 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0,
+ 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 0x53, 0xD1, 0x00, 0xED,
+ 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF,
+ 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F,
+ 0x50, 0x3C, 0x9F, 0xA8, 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5,
+ 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 0xCD, 0x0C, 0x13, 0xEC,
+ 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73,
+ 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14,
+ 0xDE, 0x5E, 0x0B, 0xDB, 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C,
+ 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 0xE7, 0xC8, 0x37, 0x6D,
+ 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08,
+ 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F,
+ 0x4B, 0xBD, 0x8B, 0x8A, 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E,
+ 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 0xE1, 0xF8, 0x98, 0x11,
+ 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF,
+ 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F,
+ 0xB0, 0x54, 0xBB, 0x16 };
+
+const byte AES::SD[256] = {
+ 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E,
+ 0x81, 0xF3, 0xD7, 0xFB, 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87,
+ 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, 0x54, 0x7B, 0x94, 0x32,
+ 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E,
+ 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49,
+ 0x6D, 0x8B, 0xD1, 0x25, 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16,
+ 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, 0x6C, 0x70, 0x48, 0x50,
+ 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84,
+ 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05,
+ 0xB8, 0xB3, 0x45, 0x06, 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02,
+ 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, 0x3A, 0x91, 0x11, 0x41,
+ 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73,
+ 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8,
+ 0x1C, 0x75, 0xDF, 0x6E, 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89,
+ 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, 0xFC, 0x56, 0x3E, 0x4B,
+ 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4,
+ 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59,
+ 0x27, 0x80, 0xEC, 0x5F, 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D,
+ 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, 0xA0, 0xE0, 0x3B, 0x4D,
+ 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61,
+ 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63,
+ 0x55, 0x21, 0x0C, 0x7D };
+
+const u32bit AES::TE0[256] = {
+ 0xC66363A5, 0xF87C7C84, 0xEE777799, 0xF67B7B8D, 0xFFF2F20D, 0xD66B6BBD,
+ 0xDE6F6FB1, 0x91C5C554, 0x60303050, 0x02010103, 0xCE6767A9, 0x562B2B7D,
+ 0xE7FEFE19, 0xB5D7D762, 0x4DABABE6, 0xEC76769A, 0x8FCACA45, 0x1F82829D,
+ 0x89C9C940, 0xFA7D7D87, 0xEFFAFA15, 0xB25959EB, 0x8E4747C9, 0xFBF0F00B,
+ 0x41ADADEC, 0xB3D4D467, 0x5FA2A2FD, 0x45AFAFEA, 0x239C9CBF, 0x53A4A4F7,
+ 0xE4727296, 0x9BC0C05B, 0x75B7B7C2, 0xE1FDFD1C, 0x3D9393AE, 0x4C26266A,
+ 0x6C36365A, 0x7E3F3F41, 0xF5F7F702, 0x83CCCC4F, 0x6834345C, 0x51A5A5F4,
+ 0xD1E5E534, 0xF9F1F108, 0xE2717193, 0xABD8D873, 0x62313153, 0x2A15153F,
+ 0x0804040C, 0x95C7C752, 0x46232365, 0x9DC3C35E, 0x30181828, 0x379696A1,
+ 0x0A05050F, 0x2F9A9AB5, 0x0E070709, 0x24121236, 0x1B80809B, 0xDFE2E23D,
+ 0xCDEBEB26, 0x4E272769, 0x7FB2B2CD, 0xEA75759F, 0x1209091B, 0x1D83839E,
+ 0x582C2C74, 0x341A1A2E, 0x361B1B2D, 0xDC6E6EB2, 0xB45A5AEE, 0x5BA0A0FB,
+ 0xA45252F6, 0x763B3B4D, 0xB7D6D661, 0x7DB3B3CE, 0x5229297B, 0xDDE3E33E,
+ 0x5E2F2F71, 0x13848497, 0xA65353F5, 0xB9D1D168, 0x00000000, 0xC1EDED2C,
+ 0x40202060, 0xE3FCFC1F, 0x79B1B1C8, 0xB65B5BED, 0xD46A6ABE, 0x8DCBCB46,
+ 0x67BEBED9, 0x7239394B, 0x944A4ADE, 0x984C4CD4, 0xB05858E8, 0x85CFCF4A,
+ 0xBBD0D06B, 0xC5EFEF2A, 0x4FAAAAE5, 0xEDFBFB16, 0x864343C5, 0x9A4D4DD7,
+ 0x66333355, 0x11858594, 0x8A4545CF, 0xE9F9F910, 0x04020206, 0xFE7F7F81,
+ 0xA05050F0, 0x783C3C44, 0x259F9FBA, 0x4BA8A8E3, 0xA25151F3, 0x5DA3A3FE,
+ 0x804040C0, 0x058F8F8A, 0x3F9292AD, 0x219D9DBC, 0x70383848, 0xF1F5F504,
+ 0x63BCBCDF, 0x77B6B6C1, 0xAFDADA75, 0x42212163, 0x20101030, 0xE5FFFF1A,
+ 0xFDF3F30E, 0xBFD2D26D, 0x81CDCD4C, 0x180C0C14, 0x26131335, 0xC3ECEC2F,
+ 0xBE5F5FE1, 0x359797A2, 0x884444CC, 0x2E171739, 0x93C4C457, 0x55A7A7F2,
+ 0xFC7E7E82, 0x7A3D3D47, 0xC86464AC, 0xBA5D5DE7, 0x3219192B, 0xE6737395,
+ 0xC06060A0, 0x19818198, 0x9E4F4FD1, 0xA3DCDC7F, 0x44222266, 0x542A2A7E,
+ 0x3B9090AB, 0x0B888883, 0x8C4646CA, 0xC7EEEE29, 0x6BB8B8D3, 0x2814143C,
+ 0xA7DEDE79, 0xBC5E5EE2, 0x160B0B1D, 0xADDBDB76, 0xDBE0E03B, 0x64323256,
+ 0x743A3A4E, 0x140A0A1E, 0x924949DB, 0x0C06060A, 0x4824246C, 0xB85C5CE4,
+ 0x9FC2C25D, 0xBDD3D36E, 0x43ACACEF, 0xC46262A6, 0x399191A8, 0x319595A4,
+ 0xD3E4E437, 0xF279798B, 0xD5E7E732, 0x8BC8C843, 0x6E373759, 0xDA6D6DB7,
+ 0x018D8D8C, 0xB1D5D564, 0x9C4E4ED2, 0x49A9A9E0, 0xD86C6CB4, 0xAC5656FA,
+ 0xF3F4F407, 0xCFEAEA25, 0xCA6565AF, 0xF47A7A8E, 0x47AEAEE9, 0x10080818,
+ 0x6FBABAD5, 0xF0787888, 0x4A25256F, 0x5C2E2E72, 0x381C1C24, 0x57A6A6F1,
+ 0x73B4B4C7, 0x97C6C651, 0xCBE8E823, 0xA1DDDD7C, 0xE874749C, 0x3E1F1F21,
+ 0x964B4BDD, 0x61BDBDDC, 0x0D8B8B86, 0x0F8A8A85, 0xE0707090, 0x7C3E3E42,
+ 0x71B5B5C4, 0xCC6666AA, 0x904848D8, 0x06030305, 0xF7F6F601, 0x1C0E0E12,
+ 0xC26161A3, 0x6A35355F, 0xAE5757F9, 0x69B9B9D0, 0x17868691, 0x99C1C158,
+ 0x3A1D1D27, 0x279E9EB9, 0xD9E1E138, 0xEBF8F813, 0x2B9898B3, 0x22111133,
+ 0xD26969BB, 0xA9D9D970, 0x078E8E89, 0x339494A7, 0x2D9B9BB6, 0x3C1E1E22,
+ 0x15878792, 0xC9E9E920, 0x87CECE49, 0xAA5555FF, 0x50282878, 0xA5DFDF7A,
+ 0x038C8C8F, 0x59A1A1F8, 0x09898980, 0x1A0D0D17, 0x65BFBFDA, 0xD7E6E631,
+ 0x844242C6, 0xD06868B8, 0x824141C3, 0x299999B0, 0x5A2D2D77, 0x1E0F0F11,
+ 0x7BB0B0CB, 0xA85454FC, 0x6DBBBBD6, 0x2C16163A };
+
+const u32bit AES::TE1[256] = {
+ 0xA5C66363, 0x84F87C7C, 0x99EE7777, 0x8DF67B7B, 0x0DFFF2F2, 0xBDD66B6B,
+ 0xB1DE6F6F, 0x5491C5C5, 0x50603030, 0x03020101, 0xA9CE6767, 0x7D562B2B,
+ 0x19E7FEFE, 0x62B5D7D7, 0xE64DABAB, 0x9AEC7676, 0x458FCACA, 0x9D1F8282,
+ 0x4089C9C9, 0x87FA7D7D, 0x15EFFAFA, 0xEBB25959, 0xC98E4747, 0x0BFBF0F0,
+ 0xEC41ADAD, 0x67B3D4D4, 0xFD5FA2A2, 0xEA45AFAF, 0xBF239C9C, 0xF753A4A4,
+ 0x96E47272, 0x5B9BC0C0, 0xC275B7B7, 0x1CE1FDFD, 0xAE3D9393, 0x6A4C2626,
+ 0x5A6C3636, 0x417E3F3F, 0x02F5F7F7, 0x4F83CCCC, 0x5C683434, 0xF451A5A5,
+ 0x34D1E5E5, 0x08F9F1F1, 0x93E27171, 0x73ABD8D8, 0x53623131, 0x3F2A1515,
+ 0x0C080404, 0x5295C7C7, 0x65462323, 0x5E9DC3C3, 0x28301818, 0xA1379696,
+ 0x0F0A0505, 0xB52F9A9A, 0x090E0707, 0x36241212, 0x9B1B8080, 0x3DDFE2E2,
+ 0x26CDEBEB, 0x694E2727, 0xCD7FB2B2, 0x9FEA7575, 0x1B120909, 0x9E1D8383,
+ 0x74582C2C, 0x2E341A1A, 0x2D361B1B, 0xB2DC6E6E, 0xEEB45A5A, 0xFB5BA0A0,
+ 0xF6A45252, 0x4D763B3B, 0x61B7D6D6, 0xCE7DB3B3, 0x7B522929, 0x3EDDE3E3,
+ 0x715E2F2F, 0x97138484, 0xF5A65353, 0x68B9D1D1, 0x00000000, 0x2CC1EDED,
+ 0x60402020, 0x1FE3FCFC, 0xC879B1B1, 0xEDB65B5B, 0xBED46A6A, 0x468DCBCB,
+ 0xD967BEBE, 0x4B723939, 0xDE944A4A, 0xD4984C4C, 0xE8B05858, 0x4A85CFCF,
+ 0x6BBBD0D0, 0x2AC5EFEF, 0xE54FAAAA, 0x16EDFBFB, 0xC5864343, 0xD79A4D4D,
+ 0x55663333, 0x94118585, 0xCF8A4545, 0x10E9F9F9, 0x06040202, 0x81FE7F7F,
+ 0xF0A05050, 0x44783C3C, 0xBA259F9F, 0xE34BA8A8, 0xF3A25151, 0xFE5DA3A3,
+ 0xC0804040, 0x8A058F8F, 0xAD3F9292, 0xBC219D9D, 0x48703838, 0x04F1F5F5,
+ 0xDF63BCBC, 0xC177B6B6, 0x75AFDADA, 0x63422121, 0x30201010, 0x1AE5FFFF,
+ 0x0EFDF3F3, 0x6DBFD2D2, 0x4C81CDCD, 0x14180C0C, 0x35261313, 0x2FC3ECEC,
+ 0xE1BE5F5F, 0xA2359797, 0xCC884444, 0x392E1717, 0x5793C4C4, 0xF255A7A7,
+ 0x82FC7E7E, 0x477A3D3D, 0xACC86464, 0xE7BA5D5D, 0x2B321919, 0x95E67373,
+ 0xA0C06060, 0x98198181, 0xD19E4F4F, 0x7FA3DCDC, 0x66442222, 0x7E542A2A,
+ 0xAB3B9090, 0x830B8888, 0xCA8C4646, 0x29C7EEEE, 0xD36BB8B8, 0x3C281414,
+ 0x79A7DEDE, 0xE2BC5E5E, 0x1D160B0B, 0x76ADDBDB, 0x3BDBE0E0, 0x56643232,
+ 0x4E743A3A, 0x1E140A0A, 0xDB924949, 0x0A0C0606, 0x6C482424, 0xE4B85C5C,
+ 0x5D9FC2C2, 0x6EBDD3D3, 0xEF43ACAC, 0xA6C46262, 0xA8399191, 0xA4319595,
+ 0x37D3E4E4, 0x8BF27979, 0x32D5E7E7, 0x438BC8C8, 0x596E3737, 0xB7DA6D6D,
+ 0x8C018D8D, 0x64B1D5D5, 0xD29C4E4E, 0xE049A9A9, 0xB4D86C6C, 0xFAAC5656,
+ 0x07F3F4F4, 0x25CFEAEA, 0xAFCA6565, 0x8EF47A7A, 0xE947AEAE, 0x18100808,
+ 0xD56FBABA, 0x88F07878, 0x6F4A2525, 0x725C2E2E, 0x24381C1C, 0xF157A6A6,
+ 0xC773B4B4, 0x5197C6C6, 0x23CBE8E8, 0x7CA1DDDD, 0x9CE87474, 0x213E1F1F,
+ 0xDD964B4B, 0xDC61BDBD, 0x860D8B8B, 0x850F8A8A, 0x90E07070, 0x427C3E3E,
+ 0xC471B5B5, 0xAACC6666, 0xD8904848, 0x05060303, 0x01F7F6F6, 0x121C0E0E,
+ 0xA3C26161, 0x5F6A3535, 0xF9AE5757, 0xD069B9B9, 0x91178686, 0x5899C1C1,
+ 0x273A1D1D, 0xB9279E9E, 0x38D9E1E1, 0x13EBF8F8, 0xB32B9898, 0x33221111,
+ 0xBBD26969, 0x70A9D9D9, 0x89078E8E, 0xA7339494, 0xB62D9B9B, 0x223C1E1E,
+ 0x92158787, 0x20C9E9E9, 0x4987CECE, 0xFFAA5555, 0x78502828, 0x7AA5DFDF,
+ 0x8F038C8C, 0xF859A1A1, 0x80098989, 0x171A0D0D, 0xDA65BFBF, 0x31D7E6E6,
+ 0xC6844242, 0xB8D06868, 0xC3824141, 0xB0299999, 0x775A2D2D, 0x111E0F0F,
+ 0xCB7BB0B0, 0xFCA85454, 0xD66DBBBB, 0x3A2C1616 };
+
+const u32bit AES::TE2[256] = {
+ 0x63A5C663, 0x7C84F87C, 0x7799EE77, 0x7B8DF67B, 0xF20DFFF2, 0x6BBDD66B,
+ 0x6FB1DE6F, 0xC55491C5, 0x30506030, 0x01030201, 0x67A9CE67, 0x2B7D562B,
+ 0xFE19E7FE, 0xD762B5D7, 0xABE64DAB, 0x769AEC76, 0xCA458FCA, 0x829D1F82,
+ 0xC94089C9, 0x7D87FA7D, 0xFA15EFFA, 0x59EBB259, 0x47C98E47, 0xF00BFBF0,
+ 0xADEC41AD, 0xD467B3D4, 0xA2FD5FA2, 0xAFEA45AF, 0x9CBF239C, 0xA4F753A4,
+ 0x7296E472, 0xC05B9BC0, 0xB7C275B7, 0xFD1CE1FD, 0x93AE3D93, 0x266A4C26,
+ 0x365A6C36, 0x3F417E3F, 0xF702F5F7, 0xCC4F83CC, 0x345C6834, 0xA5F451A5,
+ 0xE534D1E5, 0xF108F9F1, 0x7193E271, 0xD873ABD8, 0x31536231, 0x153F2A15,
+ 0x040C0804, 0xC75295C7, 0x23654623, 0xC35E9DC3, 0x18283018, 0x96A13796,
+ 0x050F0A05, 0x9AB52F9A, 0x07090E07, 0x12362412, 0x809B1B80, 0xE23DDFE2,
+ 0xEB26CDEB, 0x27694E27, 0xB2CD7FB2, 0x759FEA75, 0x091B1209, 0x839E1D83,
+ 0x2C74582C, 0x1A2E341A, 0x1B2D361B, 0x6EB2DC6E, 0x5AEEB45A, 0xA0FB5BA0,
+ 0x52F6A452, 0x3B4D763B, 0xD661B7D6, 0xB3CE7DB3, 0x297B5229, 0xE33EDDE3,
+ 0x2F715E2F, 0x84971384, 0x53F5A653, 0xD168B9D1, 0x00000000, 0xED2CC1ED,
+ 0x20604020, 0xFC1FE3FC, 0xB1C879B1, 0x5BEDB65B, 0x6ABED46A, 0xCB468DCB,
+ 0xBED967BE, 0x394B7239, 0x4ADE944A, 0x4CD4984C, 0x58E8B058, 0xCF4A85CF,
+ 0xD06BBBD0, 0xEF2AC5EF, 0xAAE54FAA, 0xFB16EDFB, 0x43C58643, 0x4DD79A4D,
+ 0x33556633, 0x85941185, 0x45CF8A45, 0xF910E9F9, 0x02060402, 0x7F81FE7F,
+ 0x50F0A050, 0x3C44783C, 0x9FBA259F, 0xA8E34BA8, 0x51F3A251, 0xA3FE5DA3,
+ 0x40C08040, 0x8F8A058F, 0x92AD3F92, 0x9DBC219D, 0x38487038, 0xF504F1F5,
+ 0xBCDF63BC, 0xB6C177B6, 0xDA75AFDA, 0x21634221, 0x10302010, 0xFF1AE5FF,
+ 0xF30EFDF3, 0xD26DBFD2, 0xCD4C81CD, 0x0C14180C, 0x13352613, 0xEC2FC3EC,
+ 0x5FE1BE5F, 0x97A23597, 0x44CC8844, 0x17392E17, 0xC45793C4, 0xA7F255A7,
+ 0x7E82FC7E, 0x3D477A3D, 0x64ACC864, 0x5DE7BA5D, 0x192B3219, 0x7395E673,
+ 0x60A0C060, 0x81981981, 0x4FD19E4F, 0xDC7FA3DC, 0x22664422, 0x2A7E542A,
+ 0x90AB3B90, 0x88830B88, 0x46CA8C46, 0xEE29C7EE, 0xB8D36BB8, 0x143C2814,
+ 0xDE79A7DE, 0x5EE2BC5E, 0x0B1D160B, 0xDB76ADDB, 0xE03BDBE0, 0x32566432,
+ 0x3A4E743A, 0x0A1E140A, 0x49DB9249, 0x060A0C06, 0x246C4824, 0x5CE4B85C,
+ 0xC25D9FC2, 0xD36EBDD3, 0xACEF43AC, 0x62A6C462, 0x91A83991, 0x95A43195,
+ 0xE437D3E4, 0x798BF279, 0xE732D5E7, 0xC8438BC8, 0x37596E37, 0x6DB7DA6D,
+ 0x8D8C018D, 0xD564B1D5, 0x4ED29C4E, 0xA9E049A9, 0x6CB4D86C, 0x56FAAC56,
+ 0xF407F3F4, 0xEA25CFEA, 0x65AFCA65, 0x7A8EF47A, 0xAEE947AE, 0x08181008,
+ 0xBAD56FBA, 0x7888F078, 0x256F4A25, 0x2E725C2E, 0x1C24381C, 0xA6F157A6,
+ 0xB4C773B4, 0xC65197C6, 0xE823CBE8, 0xDD7CA1DD, 0x749CE874, 0x1F213E1F,
+ 0x4BDD964B, 0xBDDC61BD, 0x8B860D8B, 0x8A850F8A, 0x7090E070, 0x3E427C3E,
+ 0xB5C471B5, 0x66AACC66, 0x48D89048, 0x03050603, 0xF601F7F6, 0x0E121C0E,
+ 0x61A3C261, 0x355F6A35, 0x57F9AE57, 0xB9D069B9, 0x86911786, 0xC15899C1,
+ 0x1D273A1D, 0x9EB9279E, 0xE138D9E1, 0xF813EBF8, 0x98B32B98, 0x11332211,
+ 0x69BBD269, 0xD970A9D9, 0x8E89078E, 0x94A73394, 0x9BB62D9B, 0x1E223C1E,
+ 0x87921587, 0xE920C9E9, 0xCE4987CE, 0x55FFAA55, 0x28785028, 0xDF7AA5DF,
+ 0x8C8F038C, 0xA1F859A1, 0x89800989, 0x0D171A0D, 0xBFDA65BF, 0xE631D7E6,
+ 0x42C68442, 0x68B8D068, 0x41C38241, 0x99B02999, 0x2D775A2D, 0x0F111E0F,
+ 0xB0CB7BB0, 0x54FCA854, 0xBBD66DBB, 0x163A2C16 };
+
+const u32bit AES::TE3[256] = {
+ 0x6363A5C6, 0x7C7C84F8, 0x777799EE, 0x7B7B8DF6, 0xF2F20DFF, 0x6B6BBDD6,
+ 0x6F6FB1DE, 0xC5C55491, 0x30305060, 0x01010302, 0x6767A9CE, 0x2B2B7D56,
+ 0xFEFE19E7, 0xD7D762B5, 0xABABE64D, 0x76769AEC, 0xCACA458F, 0x82829D1F,
+ 0xC9C94089, 0x7D7D87FA, 0xFAFA15EF, 0x5959EBB2, 0x4747C98E, 0xF0F00BFB,
+ 0xADADEC41, 0xD4D467B3, 0xA2A2FD5F, 0xAFAFEA45, 0x9C9CBF23, 0xA4A4F753,
+ 0x727296E4, 0xC0C05B9B, 0xB7B7C275, 0xFDFD1CE1, 0x9393AE3D, 0x26266A4C,
+ 0x36365A6C, 0x3F3F417E, 0xF7F702F5, 0xCCCC4F83, 0x34345C68, 0xA5A5F451,
+ 0xE5E534D1, 0xF1F108F9, 0x717193E2, 0xD8D873AB, 0x31315362, 0x15153F2A,
+ 0x04040C08, 0xC7C75295, 0x23236546, 0xC3C35E9D, 0x18182830, 0x9696A137,
+ 0x05050F0A, 0x9A9AB52F, 0x0707090E, 0x12123624, 0x80809B1B, 0xE2E23DDF,
+ 0xEBEB26CD, 0x2727694E, 0xB2B2CD7F, 0x75759FEA, 0x09091B12, 0x83839E1D,
+ 0x2C2C7458, 0x1A1A2E34, 0x1B1B2D36, 0x6E6EB2DC, 0x5A5AEEB4, 0xA0A0FB5B,
+ 0x5252F6A4, 0x3B3B4D76, 0xD6D661B7, 0xB3B3CE7D, 0x29297B52, 0xE3E33EDD,
+ 0x2F2F715E, 0x84849713, 0x5353F5A6, 0xD1D168B9, 0x00000000, 0xEDED2CC1,
+ 0x20206040, 0xFCFC1FE3, 0xB1B1C879, 0x5B5BEDB6, 0x6A6ABED4, 0xCBCB468D,
+ 0xBEBED967, 0x39394B72, 0x4A4ADE94, 0x4C4CD498, 0x5858E8B0, 0xCFCF4A85,
+ 0xD0D06BBB, 0xEFEF2AC5, 0xAAAAE54F, 0xFBFB16ED, 0x4343C586, 0x4D4DD79A,
+ 0x33335566, 0x85859411, 0x4545CF8A, 0xF9F910E9, 0x02020604, 0x7F7F81FE,
+ 0x5050F0A0, 0x3C3C4478, 0x9F9FBA25, 0xA8A8E34B, 0x5151F3A2, 0xA3A3FE5D,
+ 0x4040C080, 0x8F8F8A05, 0x9292AD3F, 0x9D9DBC21, 0x38384870, 0xF5F504F1,
+ 0xBCBCDF63, 0xB6B6C177, 0xDADA75AF, 0x21216342, 0x10103020, 0xFFFF1AE5,
+ 0xF3F30EFD, 0xD2D26DBF, 0xCDCD4C81, 0x0C0C1418, 0x13133526, 0xECEC2FC3,
+ 0x5F5FE1BE, 0x9797A235, 0x4444CC88, 0x1717392E, 0xC4C45793, 0xA7A7F255,
+ 0x7E7E82FC, 0x3D3D477A, 0x6464ACC8, 0x5D5DE7BA, 0x19192B32, 0x737395E6,
+ 0x6060A0C0, 0x81819819, 0x4F4FD19E, 0xDCDC7FA3, 0x22226644, 0x2A2A7E54,
+ 0x9090AB3B, 0x8888830B, 0x4646CA8C, 0xEEEE29C7, 0xB8B8D36B, 0x14143C28,
+ 0xDEDE79A7, 0x5E5EE2BC, 0x0B0B1D16, 0xDBDB76AD, 0xE0E03BDB, 0x32325664,
+ 0x3A3A4E74, 0x0A0A1E14, 0x4949DB92, 0x06060A0C, 0x24246C48, 0x5C5CE4B8,
+ 0xC2C25D9F, 0xD3D36EBD, 0xACACEF43, 0x6262A6C4, 0x9191A839, 0x9595A431,
+ 0xE4E437D3, 0x79798BF2, 0xE7E732D5, 0xC8C8438B, 0x3737596E, 0x6D6DB7DA,
+ 0x8D8D8C01, 0xD5D564B1, 0x4E4ED29C, 0xA9A9E049, 0x6C6CB4D8, 0x5656FAAC,
+ 0xF4F407F3, 0xEAEA25CF, 0x6565AFCA, 0x7A7A8EF4, 0xAEAEE947, 0x08081810,
+ 0xBABAD56F, 0x787888F0, 0x25256F4A, 0x2E2E725C, 0x1C1C2438, 0xA6A6F157,
+ 0xB4B4C773, 0xC6C65197, 0xE8E823CB, 0xDDDD7CA1, 0x74749CE8, 0x1F1F213E,
+ 0x4B4BDD96, 0xBDBDDC61, 0x8B8B860D, 0x8A8A850F, 0x707090E0, 0x3E3E427C,
+ 0xB5B5C471, 0x6666AACC, 0x4848D890, 0x03030506, 0xF6F601F7, 0x0E0E121C,
+ 0x6161A3C2, 0x35355F6A, 0x5757F9AE, 0xB9B9D069, 0x86869117, 0xC1C15899,
+ 0x1D1D273A, 0x9E9EB927, 0xE1E138D9, 0xF8F813EB, 0x9898B32B, 0x11113322,
+ 0x6969BBD2, 0xD9D970A9, 0x8E8E8907, 0x9494A733, 0x9B9BB62D, 0x1E1E223C,
+ 0x87879215, 0xE9E920C9, 0xCECE4987, 0x5555FFAA, 0x28287850, 0xDFDF7AA5,
+ 0x8C8C8F03, 0xA1A1F859, 0x89898009, 0x0D0D171A, 0xBFBFDA65, 0xE6E631D7,
+ 0x4242C684, 0x6868B8D0, 0x4141C382, 0x9999B029, 0x2D2D775A, 0x0F0F111E,
+ 0xB0B0CB7B, 0x5454FCA8, 0xBBBBD66D, 0x16163A2C };
+
+const u32bit AES::TD0[256] = {
+ 0x51F4A750, 0x7E416553, 0x1A17A4C3, 0x3A275E96, 0x3BAB6BCB, 0x1F9D45F1,
+ 0xACFA58AB, 0x4BE30393, 0x2030FA55, 0xAD766DF6, 0x88CC7691, 0xF5024C25,
+ 0x4FE5D7FC, 0xC52ACBD7, 0x26354480, 0xB562A38F, 0xDEB15A49, 0x25BA1B67,
+ 0x45EA0E98, 0x5DFEC0E1, 0xC32F7502, 0x814CF012, 0x8D4697A3, 0x6BD3F9C6,
+ 0x038F5FE7, 0x15929C95, 0xBF6D7AEB, 0x955259DA, 0xD4BE832D, 0x587421D3,
+ 0x49E06929, 0x8EC9C844, 0x75C2896A, 0xF48E7978, 0x99583E6B, 0x27B971DD,
+ 0xBEE14FB6, 0xF088AD17, 0xC920AC66, 0x7DCE3AB4, 0x63DF4A18, 0xE51A3182,
+ 0x97513360, 0x62537F45, 0xB16477E0, 0xBB6BAE84, 0xFE81A01C, 0xF9082B94,
+ 0x70486858, 0x8F45FD19, 0x94DE6C87, 0x527BF8B7, 0xAB73D323, 0x724B02E2,
+ 0xE31F8F57, 0x6655AB2A, 0xB2EB2807, 0x2FB5C203, 0x86C57B9A, 0xD33708A5,
+ 0x302887F2, 0x23BFA5B2, 0x02036ABA, 0xED16825C, 0x8ACF1C2B, 0xA779B492,
+ 0xF307F2F0, 0x4E69E2A1, 0x65DAF4CD, 0x0605BED5, 0xD134621F, 0xC4A6FE8A,
+ 0x342E539D, 0xA2F355A0, 0x058AE132, 0xA4F6EB75, 0x0B83EC39, 0x4060EFAA,
+ 0x5E719F06, 0xBD6E1051, 0x3E218AF9, 0x96DD063D, 0xDD3E05AE, 0x4DE6BD46,
+ 0x91548DB5, 0x71C45D05, 0x0406D46F, 0x605015FF, 0x1998FB24, 0xD6BDE997,
+ 0x894043CC, 0x67D99E77, 0xB0E842BD, 0x07898B88, 0xE7195B38, 0x79C8EEDB,
+ 0xA17C0A47, 0x7C420FE9, 0xF8841EC9, 0x00000000, 0x09808683, 0x322BED48,
+ 0x1E1170AC, 0x6C5A724E, 0xFD0EFFFB, 0x0F853856, 0x3DAED51E, 0x362D3927,
+ 0x0A0FD964, 0x685CA621, 0x9B5B54D1, 0x24362E3A, 0x0C0A67B1, 0x9357E70F,
+ 0xB4EE96D2, 0x1B9B919E, 0x80C0C54F, 0x61DC20A2, 0x5A774B69, 0x1C121A16,
+ 0xE293BA0A, 0xC0A02AE5, 0x3C22E043, 0x121B171D, 0x0E090D0B, 0xF28BC7AD,
+ 0x2DB6A8B9, 0x141EA9C8, 0x57F11985, 0xAF75074C, 0xEE99DDBB, 0xA37F60FD,
+ 0xF701269F, 0x5C72F5BC, 0x44663BC5, 0x5BFB7E34, 0x8B432976, 0xCB23C6DC,
+ 0xB6EDFC68, 0xB8E4F163, 0xD731DCCA, 0x42638510, 0x13972240, 0x84C61120,
+ 0x854A247D, 0xD2BB3DF8, 0xAEF93211, 0xC729A16D, 0x1D9E2F4B, 0xDCB230F3,
+ 0x0D8652EC, 0x77C1E3D0, 0x2BB3166C, 0xA970B999, 0x119448FA, 0x47E96422,
+ 0xA8FC8CC4, 0xA0F03F1A, 0x567D2CD8, 0x223390EF, 0x87494EC7, 0xD938D1C1,
+ 0x8CCAA2FE, 0x98D40B36, 0xA6F581CF, 0xA57ADE28, 0xDAB78E26, 0x3FADBFA4,
+ 0x2C3A9DE4, 0x5078920D, 0x6A5FCC9B, 0x547E4662, 0xF68D13C2, 0x90D8B8E8,
+ 0x2E39F75E, 0x82C3AFF5, 0x9F5D80BE, 0x69D0937C, 0x6FD52DA9, 0xCF2512B3,
+ 0xC8AC993B, 0x10187DA7, 0xE89C636E, 0xDB3BBB7B, 0xCD267809, 0x6E5918F4,
+ 0xEC9AB701, 0x834F9AA8, 0xE6956E65, 0xAAFFE67E, 0x21BCCF08, 0xEF15E8E6,
+ 0xBAE79BD9, 0x4A6F36CE, 0xEA9F09D4, 0x29B07CD6, 0x31A4B2AF, 0x2A3F2331,
+ 0xC6A59430, 0x35A266C0, 0x744EBC37, 0xFC82CAA6, 0xE090D0B0, 0x33A7D815,
+ 0xF104984A, 0x41ECDAF7, 0x7FCD500E, 0x1791F62F, 0x764DD68D, 0x43EFB04D,
+ 0xCCAA4D54, 0xE49604DF, 0x9ED1B5E3, 0x4C6A881B, 0xC12C1FB8, 0x4665517F,
+ 0x9D5EEA04, 0x018C355D, 0xFA877473, 0xFB0B412E, 0xB3671D5A, 0x92DBD252,
+ 0xE9105633, 0x6DD64713, 0x9AD7618C, 0x37A10C7A, 0x59F8148E, 0xEB133C89,
+ 0xCEA927EE, 0xB761C935, 0xE11CE5ED, 0x7A47B13C, 0x9CD2DF59, 0x55F2733F,
+ 0x1814CE79, 0x73C737BF, 0x53F7CDEA, 0x5FFDAA5B, 0xDF3D6F14, 0x7844DB86,
+ 0xCAAFF381, 0xB968C43E, 0x3824342C, 0xC2A3405F, 0x161DC372, 0xBCE2250C,
+ 0x283C498B, 0xFF0D9541, 0x39A80171, 0x080CB3DE, 0xD8B4E49C, 0x6456C190,
+ 0x7BCB8461, 0xD532B670, 0x486C5C74, 0xD0B85742 };
+
+const u32bit AES::TD1[256] = {
+ 0x5051F4A7, 0x537E4165, 0xC31A17A4, 0x963A275E, 0xCB3BAB6B, 0xF11F9D45,
+ 0xABACFA58, 0x934BE303, 0x552030FA, 0xF6AD766D, 0x9188CC76, 0x25F5024C,
+ 0xFC4FE5D7, 0xD7C52ACB, 0x80263544, 0x8FB562A3, 0x49DEB15A, 0x6725BA1B,
+ 0x9845EA0E, 0xE15DFEC0, 0x02C32F75, 0x12814CF0, 0xA38D4697, 0xC66BD3F9,
+ 0xE7038F5F, 0x9515929C, 0xEBBF6D7A, 0xDA955259, 0x2DD4BE83, 0xD3587421,
+ 0x2949E069, 0x448EC9C8, 0x6A75C289, 0x78F48E79, 0x6B99583E, 0xDD27B971,
+ 0xB6BEE14F, 0x17F088AD, 0x66C920AC, 0xB47DCE3A, 0x1863DF4A, 0x82E51A31,
+ 0x60975133, 0x4562537F, 0xE0B16477, 0x84BB6BAE, 0x1CFE81A0, 0x94F9082B,
+ 0x58704868, 0x198F45FD, 0x8794DE6C, 0xB7527BF8, 0x23AB73D3, 0xE2724B02,
+ 0x57E31F8F, 0x2A6655AB, 0x07B2EB28, 0x032FB5C2, 0x9A86C57B, 0xA5D33708,
+ 0xF2302887, 0xB223BFA5, 0xBA02036A, 0x5CED1682, 0x2B8ACF1C, 0x92A779B4,
+ 0xF0F307F2, 0xA14E69E2, 0xCD65DAF4, 0xD50605BE, 0x1FD13462, 0x8AC4A6FE,
+ 0x9D342E53, 0xA0A2F355, 0x32058AE1, 0x75A4F6EB, 0x390B83EC, 0xAA4060EF,
+ 0x065E719F, 0x51BD6E10, 0xF93E218A, 0x3D96DD06, 0xAEDD3E05, 0x464DE6BD,
+ 0xB591548D, 0x0571C45D, 0x6F0406D4, 0xFF605015, 0x241998FB, 0x97D6BDE9,
+ 0xCC894043, 0x7767D99E, 0xBDB0E842, 0x8807898B, 0x38E7195B, 0xDB79C8EE,
+ 0x47A17C0A, 0xE97C420F, 0xC9F8841E, 0x00000000, 0x83098086, 0x48322BED,
+ 0xAC1E1170, 0x4E6C5A72, 0xFBFD0EFF, 0x560F8538, 0x1E3DAED5, 0x27362D39,
+ 0x640A0FD9, 0x21685CA6, 0xD19B5B54, 0x3A24362E, 0xB10C0A67, 0x0F9357E7,
+ 0xD2B4EE96, 0x9E1B9B91, 0x4F80C0C5, 0xA261DC20, 0x695A774B, 0x161C121A,
+ 0x0AE293BA, 0xE5C0A02A, 0x433C22E0, 0x1D121B17, 0x0B0E090D, 0xADF28BC7,
+ 0xB92DB6A8, 0xC8141EA9, 0x8557F119, 0x4CAF7507, 0xBBEE99DD, 0xFDA37F60,
+ 0x9FF70126, 0xBC5C72F5, 0xC544663B, 0x345BFB7E, 0x768B4329, 0xDCCB23C6,
+ 0x68B6EDFC, 0x63B8E4F1, 0xCAD731DC, 0x10426385, 0x40139722, 0x2084C611,
+ 0x7D854A24, 0xF8D2BB3D, 0x11AEF932, 0x6DC729A1, 0x4B1D9E2F, 0xF3DCB230,
+ 0xEC0D8652, 0xD077C1E3, 0x6C2BB316, 0x99A970B9, 0xFA119448, 0x2247E964,
+ 0xC4A8FC8C, 0x1AA0F03F, 0xD8567D2C, 0xEF223390, 0xC787494E, 0xC1D938D1,
+ 0xFE8CCAA2, 0x3698D40B, 0xCFA6F581, 0x28A57ADE, 0x26DAB78E, 0xA43FADBF,
+ 0xE42C3A9D, 0x0D507892, 0x9B6A5FCC, 0x62547E46, 0xC2F68D13, 0xE890D8B8,
+ 0x5E2E39F7, 0xF582C3AF, 0xBE9F5D80, 0x7C69D093, 0xA96FD52D, 0xB3CF2512,
+ 0x3BC8AC99, 0xA710187D, 0x6EE89C63, 0x7BDB3BBB, 0x09CD2678, 0xF46E5918,
+ 0x01EC9AB7, 0xA8834F9A, 0x65E6956E, 0x7EAAFFE6, 0x0821BCCF, 0xE6EF15E8,
+ 0xD9BAE79B, 0xCE4A6F36, 0xD4EA9F09, 0xD629B07C, 0xAF31A4B2, 0x312A3F23,
+ 0x30C6A594, 0xC035A266, 0x37744EBC, 0xA6FC82CA, 0xB0E090D0, 0x1533A7D8,
+ 0x4AF10498, 0xF741ECDA, 0x0E7FCD50, 0x2F1791F6, 0x8D764DD6, 0x4D43EFB0,
+ 0x54CCAA4D, 0xDFE49604, 0xE39ED1B5, 0x1B4C6A88, 0xB8C12C1F, 0x7F466551,
+ 0x049D5EEA, 0x5D018C35, 0x73FA8774, 0x2EFB0B41, 0x5AB3671D, 0x5292DBD2,
+ 0x33E91056, 0x136DD647, 0x8C9AD761, 0x7A37A10C, 0x8E59F814, 0x89EB133C,
+ 0xEECEA927, 0x35B761C9, 0xEDE11CE5, 0x3C7A47B1, 0x599CD2DF, 0x3F55F273,
+ 0x791814CE, 0xBF73C737, 0xEA53F7CD, 0x5B5FFDAA, 0x14DF3D6F, 0x867844DB,
+ 0x81CAAFF3, 0x3EB968C4, 0x2C382434, 0x5FC2A340, 0x72161DC3, 0x0CBCE225,
+ 0x8B283C49, 0x41FF0D95, 0x7139A801, 0xDE080CB3, 0x9CD8B4E4, 0x906456C1,
+ 0x617BCB84, 0x70D532B6, 0x74486C5C, 0x42D0B857 };
+
+const u32bit AES::TD2[256] = {
+ 0xA75051F4, 0x65537E41, 0xA4C31A17, 0x5E963A27, 0x6BCB3BAB, 0x45F11F9D,
+ 0x58ABACFA, 0x03934BE3, 0xFA552030, 0x6DF6AD76, 0x769188CC, 0x4C25F502,
+ 0xD7FC4FE5, 0xCBD7C52A, 0x44802635, 0xA38FB562, 0x5A49DEB1, 0x1B6725BA,
+ 0x0E9845EA, 0xC0E15DFE, 0x7502C32F, 0xF012814C, 0x97A38D46, 0xF9C66BD3,
+ 0x5FE7038F, 0x9C951592, 0x7AEBBF6D, 0x59DA9552, 0x832DD4BE, 0x21D35874,
+ 0x692949E0, 0xC8448EC9, 0x896A75C2, 0x7978F48E, 0x3E6B9958, 0x71DD27B9,
+ 0x4FB6BEE1, 0xAD17F088, 0xAC66C920, 0x3AB47DCE, 0x4A1863DF, 0x3182E51A,
+ 0x33609751, 0x7F456253, 0x77E0B164, 0xAE84BB6B, 0xA01CFE81, 0x2B94F908,
+ 0x68587048, 0xFD198F45, 0x6C8794DE, 0xF8B7527B, 0xD323AB73, 0x02E2724B,
+ 0x8F57E31F, 0xAB2A6655, 0x2807B2EB, 0xC2032FB5, 0x7B9A86C5, 0x08A5D337,
+ 0x87F23028, 0xA5B223BF, 0x6ABA0203, 0x825CED16, 0x1C2B8ACF, 0xB492A779,
+ 0xF2F0F307, 0xE2A14E69, 0xF4CD65DA, 0xBED50605, 0x621FD134, 0xFE8AC4A6,
+ 0x539D342E, 0x55A0A2F3, 0xE132058A, 0xEB75A4F6, 0xEC390B83, 0xEFAA4060,
+ 0x9F065E71, 0x1051BD6E, 0x8AF93E21, 0x063D96DD, 0x05AEDD3E, 0xBD464DE6,
+ 0x8DB59154, 0x5D0571C4, 0xD46F0406, 0x15FF6050, 0xFB241998, 0xE997D6BD,
+ 0x43CC8940, 0x9E7767D9, 0x42BDB0E8, 0x8B880789, 0x5B38E719, 0xEEDB79C8,
+ 0x0A47A17C, 0x0FE97C42, 0x1EC9F884, 0x00000000, 0x86830980, 0xED48322B,
+ 0x70AC1E11, 0x724E6C5A, 0xFFFBFD0E, 0x38560F85, 0xD51E3DAE, 0x3927362D,
+ 0xD9640A0F, 0xA621685C, 0x54D19B5B, 0x2E3A2436, 0x67B10C0A, 0xE70F9357,
+ 0x96D2B4EE, 0x919E1B9B, 0xC54F80C0, 0x20A261DC, 0x4B695A77, 0x1A161C12,
+ 0xBA0AE293, 0x2AE5C0A0, 0xE0433C22, 0x171D121B, 0x0D0B0E09, 0xC7ADF28B,
+ 0xA8B92DB6, 0xA9C8141E, 0x198557F1, 0x074CAF75, 0xDDBBEE99, 0x60FDA37F,
+ 0x269FF701, 0xF5BC5C72, 0x3BC54466, 0x7E345BFB, 0x29768B43, 0xC6DCCB23,
+ 0xFC68B6ED, 0xF163B8E4, 0xDCCAD731, 0x85104263, 0x22401397, 0x112084C6,
+ 0x247D854A, 0x3DF8D2BB, 0x3211AEF9, 0xA16DC729, 0x2F4B1D9E, 0x30F3DCB2,
+ 0x52EC0D86, 0xE3D077C1, 0x166C2BB3, 0xB999A970, 0x48FA1194, 0x642247E9,
+ 0x8CC4A8FC, 0x3F1AA0F0, 0x2CD8567D, 0x90EF2233, 0x4EC78749, 0xD1C1D938,
+ 0xA2FE8CCA, 0x0B3698D4, 0x81CFA6F5, 0xDE28A57A, 0x8E26DAB7, 0xBFA43FAD,
+ 0x9DE42C3A, 0x920D5078, 0xCC9B6A5F, 0x4662547E, 0x13C2F68D, 0xB8E890D8,
+ 0xF75E2E39, 0xAFF582C3, 0x80BE9F5D, 0x937C69D0, 0x2DA96FD5, 0x12B3CF25,
+ 0x993BC8AC, 0x7DA71018, 0x636EE89C, 0xBB7BDB3B, 0x7809CD26, 0x18F46E59,
+ 0xB701EC9A, 0x9AA8834F, 0x6E65E695, 0xE67EAAFF, 0xCF0821BC, 0xE8E6EF15,
+ 0x9BD9BAE7, 0x36CE4A6F, 0x09D4EA9F, 0x7CD629B0, 0xB2AF31A4, 0x23312A3F,
+ 0x9430C6A5, 0x66C035A2, 0xBC37744E, 0xCAA6FC82, 0xD0B0E090, 0xD81533A7,
+ 0x984AF104, 0xDAF741EC, 0x500E7FCD, 0xF62F1791, 0xD68D764D, 0xB04D43EF,
+ 0x4D54CCAA, 0x04DFE496, 0xB5E39ED1, 0x881B4C6A, 0x1FB8C12C, 0x517F4665,
+ 0xEA049D5E, 0x355D018C, 0x7473FA87, 0x412EFB0B, 0x1D5AB367, 0xD25292DB,
+ 0x5633E910, 0x47136DD6, 0x618C9AD7, 0x0C7A37A1, 0x148E59F8, 0x3C89EB13,
+ 0x27EECEA9, 0xC935B761, 0xE5EDE11C, 0xB13C7A47, 0xDF599CD2, 0x733F55F2,
+ 0xCE791814, 0x37BF73C7, 0xCDEA53F7, 0xAA5B5FFD, 0x6F14DF3D, 0xDB867844,
+ 0xF381CAAF, 0xC43EB968, 0x342C3824, 0x405FC2A3, 0xC372161D, 0x250CBCE2,
+ 0x498B283C, 0x9541FF0D, 0x017139A8, 0xB3DE080C, 0xE49CD8B4, 0xC1906456,
+ 0x84617BCB, 0xB670D532, 0x5C74486C, 0x5742D0B8 };
+
+const u32bit AES::TD3[256] = {
+ 0xF4A75051, 0x4165537E, 0x17A4C31A, 0x275E963A, 0xAB6BCB3B, 0x9D45F11F,
+ 0xFA58ABAC, 0xE303934B, 0x30FA5520, 0x766DF6AD, 0xCC769188, 0x024C25F5,
+ 0xE5D7FC4F, 0x2ACBD7C5, 0x35448026, 0x62A38FB5, 0xB15A49DE, 0xBA1B6725,
+ 0xEA0E9845, 0xFEC0E15D, 0x2F7502C3, 0x4CF01281, 0x4697A38D, 0xD3F9C66B,
+ 0x8F5FE703, 0x929C9515, 0x6D7AEBBF, 0x5259DA95, 0xBE832DD4, 0x7421D358,
+ 0xE0692949, 0xC9C8448E, 0xC2896A75, 0x8E7978F4, 0x583E6B99, 0xB971DD27,
+ 0xE14FB6BE, 0x88AD17F0, 0x20AC66C9, 0xCE3AB47D, 0xDF4A1863, 0x1A3182E5,
+ 0x51336097, 0x537F4562, 0x6477E0B1, 0x6BAE84BB, 0x81A01CFE, 0x082B94F9,
+ 0x48685870, 0x45FD198F, 0xDE6C8794, 0x7BF8B752, 0x73D323AB, 0x4B02E272,
+ 0x1F8F57E3, 0x55AB2A66, 0xEB2807B2, 0xB5C2032F, 0xC57B9A86, 0x3708A5D3,
+ 0x2887F230, 0xBFA5B223, 0x036ABA02, 0x16825CED, 0xCF1C2B8A, 0x79B492A7,
+ 0x07F2F0F3, 0x69E2A14E, 0xDAF4CD65, 0x05BED506, 0x34621FD1, 0xA6FE8AC4,
+ 0x2E539D34, 0xF355A0A2, 0x8AE13205, 0xF6EB75A4, 0x83EC390B, 0x60EFAA40,
+ 0x719F065E, 0x6E1051BD, 0x218AF93E, 0xDD063D96, 0x3E05AEDD, 0xE6BD464D,
+ 0x548DB591, 0xC45D0571, 0x06D46F04, 0x5015FF60, 0x98FB2419, 0xBDE997D6,
+ 0x4043CC89, 0xD99E7767, 0xE842BDB0, 0x898B8807, 0x195B38E7, 0xC8EEDB79,
+ 0x7C0A47A1, 0x420FE97C, 0x841EC9F8, 0x00000000, 0x80868309, 0x2BED4832,
+ 0x1170AC1E, 0x5A724E6C, 0x0EFFFBFD, 0x8538560F, 0xAED51E3D, 0x2D392736,
+ 0x0FD9640A, 0x5CA62168, 0x5B54D19B, 0x362E3A24, 0x0A67B10C, 0x57E70F93,
+ 0xEE96D2B4, 0x9B919E1B, 0xC0C54F80, 0xDC20A261, 0x774B695A, 0x121A161C,
+ 0x93BA0AE2, 0xA02AE5C0, 0x22E0433C, 0x1B171D12, 0x090D0B0E, 0x8BC7ADF2,
+ 0xB6A8B92D, 0x1EA9C814, 0xF1198557, 0x75074CAF, 0x99DDBBEE, 0x7F60FDA3,
+ 0x01269FF7, 0x72F5BC5C, 0x663BC544, 0xFB7E345B, 0x4329768B, 0x23C6DCCB,
+ 0xEDFC68B6, 0xE4F163B8, 0x31DCCAD7, 0x63851042, 0x97224013, 0xC6112084,
+ 0x4A247D85, 0xBB3DF8D2, 0xF93211AE, 0x29A16DC7, 0x9E2F4B1D, 0xB230F3DC,
+ 0x8652EC0D, 0xC1E3D077, 0xB3166C2B, 0x70B999A9, 0x9448FA11, 0xE9642247,
+ 0xFC8CC4A8, 0xF03F1AA0, 0x7D2CD856, 0x3390EF22, 0x494EC787, 0x38D1C1D9,
+ 0xCAA2FE8C, 0xD40B3698, 0xF581CFA6, 0x7ADE28A5, 0xB78E26DA, 0xADBFA43F,
+ 0x3A9DE42C, 0x78920D50, 0x5FCC9B6A, 0x7E466254, 0x8D13C2F6, 0xD8B8E890,
+ 0x39F75E2E, 0xC3AFF582, 0x5D80BE9F, 0xD0937C69, 0xD52DA96F, 0x2512B3CF,
+ 0xAC993BC8, 0x187DA710, 0x9C636EE8, 0x3BBB7BDB, 0x267809CD, 0x5918F46E,
+ 0x9AB701EC, 0x4F9AA883, 0x956E65E6, 0xFFE67EAA, 0xBCCF0821, 0x15E8E6EF,
+ 0xE79BD9BA, 0x6F36CE4A, 0x9F09D4EA, 0xB07CD629, 0xA4B2AF31, 0x3F23312A,
+ 0xA59430C6, 0xA266C035, 0x4EBC3774, 0x82CAA6FC, 0x90D0B0E0, 0xA7D81533,
+ 0x04984AF1, 0xECDAF741, 0xCD500E7F, 0x91F62F17, 0x4DD68D76, 0xEFB04D43,
+ 0xAA4D54CC, 0x9604DFE4, 0xD1B5E39E, 0x6A881B4C, 0x2C1FB8C1, 0x65517F46,
+ 0x5EEA049D, 0x8C355D01, 0x877473FA, 0x0B412EFB, 0x671D5AB3, 0xDBD25292,
+ 0x105633E9, 0xD647136D, 0xD7618C9A, 0xA10C7A37, 0xF8148E59, 0x133C89EB,
+ 0xA927EECE, 0x61C935B7, 0x1CE5EDE1, 0x47B13C7A, 0xD2DF599C, 0xF2733F55,
+ 0x14CE7918, 0xC737BF73, 0xF7CDEA53, 0xFDAA5B5F, 0x3D6F14DF, 0x44DB8678,
+ 0xAFF381CA, 0x68C43EB9, 0x24342C38, 0xA3405FC2, 0x1DC37216, 0xE2250CBC,
+ 0x3C498B28, 0x0D9541FF, 0xA8017139, 0x0CB3DE08, 0xB4E49CD8, 0x56C19064,
+ 0xCB84617B, 0x32B670D5, 0x6C5C7448, 0xB85742D0 };
+
+}
diff --git a/src/allocate.cpp b/src/allocate.cpp
new file mode 100644
index 000000000..62b201249
--- /dev/null
+++ b/src/allocate.cpp
@@ -0,0 +1,25 @@
+/*************************************************
+* Allocator Factory Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/allocate.h>
+#include <botan/libstate.h>
+#include <botan/mutex.h>
+#include <map>
+
+namespace Botan {
+
+/*************************************************
+* Get an allocator *
+*************************************************/
+Allocator* get_allocator(const std::string& type)
+ {
+ Allocator* alloc = global_state().get_allocator(type);
+ if(alloc)
+ return alloc;
+
+ throw Exception("Couldn't find an allocator to use in get_allocator");
+ }
+
+}
diff --git a/src/arc4.cpp b/src/arc4.cpp
new file mode 100644
index 000000000..69c3eaf83
--- /dev/null
+++ b/src/arc4.cpp
@@ -0,0 +1,103 @@
+/*************************************************
+* ARC4 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/arc4.h>
+#include <botan/bit_ops.h>
+#include <botan/parsing.h>
+
+namespace Botan {
+
+/*************************************************
+* Combine cipher stream with message *
+*************************************************/
+void ARC4::cipher(const byte in[], byte out[], u32bit length)
+ {
+ while(length >= buffer.size() - position)
+ {
+ xor_buf(out, in, buffer.begin() + position, buffer.size() - position);
+ length -= (buffer.size() - position);
+ in += (buffer.size() - position);
+ out += (buffer.size() - position);
+ generate();
+ }
+ xor_buf(out, in, buffer.begin() + position, length);
+ position += length;
+ }
+
+/*************************************************
+* Generate cipher stream *
+*************************************************/
+void ARC4::generate()
+ {
+ u32bit SX, SY;
+ for(u32bit j = 0; j != buffer.size(); j += 4)
+ {
+ SX = state[X+1]; Y = (Y + SX) % 256; SY = state[Y];
+ state[X+1] = SY; state[Y] = SX;
+ buffer[j] = state[(SX + SY) % 256];
+
+ SX = state[X+2]; Y = (Y + SX) % 256; SY = state[Y];
+ state[X+2] = SY; state[Y] = SX;
+ buffer[j+1] = state[(SX + SY) % 256];
+
+ SX = state[X+3]; Y = (Y + SX) % 256; SY = state[Y];
+ state[X+3] = SY; state[Y] = SX;
+ buffer[j+2] = state[(SX + SY) % 256];
+
+ X = (X + 4) % 256;
+ SX = state[X]; Y = (Y + SX) % 256; SY = state[Y];
+ state[X] = SY; state[Y] = SX;
+ buffer[j+3] = state[(SX + SY) % 256];
+ }
+ position = 0;
+ }
+
+/*************************************************
+* ARC4 Key Schedule *
+*************************************************/
+void ARC4::key(const byte key[], u32bit length)
+ {
+ clear();
+ for(u32bit j = 0; j != 256; ++j)
+ state[j] = j;
+ for(u32bit j = 0, state_index = 0; j != 256; ++j)
+ {
+ state_index = (state_index + key[j % length] + state[j]) % 256;
+ std::swap(state[j], state[state_index]);
+ }
+ for(u32bit j = 0; j <= SKIP; j += buffer.size())
+ generate();
+ position += (SKIP % buffer.size());
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string ARC4::name() const
+ {
+ if(SKIP == 0) return "ARC4";
+ if(SKIP == 256) return "MARK-4";
+ else return "RC4_skip(" + to_string(SKIP) + ")";
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void ARC4::clear() throw()
+ {
+ state.clear();
+ buffer.clear();
+ position = X = Y = 0;
+ }
+
+/*************************************************
+* ARC4 Constructor *
+*************************************************/
+ARC4::ARC4(u32bit s) : StreamCipher(1, 32), SKIP(s)
+ {
+ clear();
+ }
+
+}
diff --git a/src/asn1_alg.cpp b/src/asn1_alg.cpp
new file mode 100644
index 000000000..4dd5af88e
--- /dev/null
+++ b/src/asn1_alg.cpp
@@ -0,0 +1,71 @@
+/*************************************************
+* Algorithm Identifier Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/asn1_obj.h>
+#include <botan/oids.h>
+
+namespace Botan {
+
+/*************************************************
+* Create an AlgorithmIdentifier *
+*************************************************/
+AlgorithmIdentifier::AlgorithmIdentifier(const OID& alg_id,
+ const MemoryRegion<byte>& param) :
+ oid(alg_id), parameters(param) { }
+
+/*************************************************
+* Create an AlgorithmIdentifier *
+*************************************************/
+AlgorithmIdentifier::AlgorithmIdentifier(const std::string& alg_id,
+ const MemoryRegion<byte>& param) :
+ oid(OIDS::lookup(alg_id)), parameters(param) { }
+
+/*************************************************
+* DER encode an AlgorithmIdentifier *
+*************************************************/
+void AlgorithmIdentifier::encode_into(DER_Encoder& der) const
+ {
+ der.start_sequence()
+ .encode(oid)
+ .add_raw_octets(parameters)
+ .end_sequence();
+ }
+
+/*************************************************
+* Compare two AlgorithmIdentifiers *
+*************************************************/
+bool operator==(const AlgorithmIdentifier& a1, const AlgorithmIdentifier& a2)
+ {
+ if(a1.oid != a2.oid)
+ return false;
+ if(a1.parameters != a2.parameters)
+ return false;
+ return true;
+ }
+
+/*************************************************
+* Compare two AlgorithmIdentifiers *
+*************************************************/
+bool operator!=(const AlgorithmIdentifier& a1, const AlgorithmIdentifier& a2)
+ {
+ return !(a1 == a2);
+ }
+
+namespace BER {
+
+/*************************************************
+* Decode a BER encoded AlgorithmIdentifier *
+*************************************************/
+void decode(BER_Decoder& source, AlgorithmIdentifier& alg_id)
+ {
+ BER_Decoder sequence = BER::get_subsequence(source);
+ BER::decode(sequence, alg_id.oid);
+ alg_id.parameters = sequence.get_remaining();
+ sequence.verify_end();
+ }
+
+}
+
+}
diff --git a/src/asn1_alt.cpp b/src/asn1_alt.cpp
new file mode 100644
index 000000000..930f9d3a9
--- /dev/null
+++ b/src/asn1_alt.cpp
@@ -0,0 +1,182 @@
+/*************************************************
+* AlternativeName Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/asn1_obj.h>
+#include <botan/stl_util.h>
+#include <botan/charset.h>
+
+namespace Botan {
+
+/*************************************************
+* Create an AlternativeName *
+*************************************************/
+AlternativeName::AlternativeName(const std::string& email_addr,
+ const std::string& uri,
+ const std::string& dns)
+ {
+ add_attribute("RFC822", email_addr);
+ add_attribute("DNS", dns);
+ add_attribute("URI", uri);
+ }
+
+/*************************************************
+* Add an attribute to an alternative name *
+*************************************************/
+void AlternativeName::add_attribute(const std::string& type,
+ const std::string& str)
+ {
+ if(type == "" || str == "")
+ return;
+
+ typedef std::multimap<std::string, std::string>::iterator iter;
+ std::pair<iter, iter> range = alt_info.equal_range(type);
+ for(iter j = range.first; j != range.second; ++j)
+ if(j->second == str)
+ return;
+
+ multimap_insert(alt_info, type, str);
+ }
+
+/*************************************************
+* Add an OtherName field *
+*************************************************/
+void AlternativeName::add_othername(const OID& oid, const std::string& value,
+ ASN1_Tag type)
+ {
+ if(value == "")
+ return;
+ multimap_insert(othernames, oid, ASN1_String(value, type));
+ }
+
+/*************************************************
+* Get the attributes of this alternative name *
+*************************************************/
+std::multimap<std::string, std::string> AlternativeName::get_attributes() const
+ {
+ return alt_info;
+ }
+
+/*************************************************
+* Get the otherNames *
+*************************************************/
+std::multimap<OID, ASN1_String> AlternativeName::get_othernames() const
+ {
+ return othernames;
+ }
+
+/*************************************************
+* Return if this object has anything useful *
+*************************************************/
+bool AlternativeName::has_items() const
+ {
+ return (alt_info.size() > 0 || othernames.size() > 0);
+ }
+
+namespace {
+
+/*************************************************
+* DER encode an AlternativeName entry *
+*************************************************/
+void encode_entries(DER_Encoder& encoder,
+ const std::multimap<std::string, std::string>& attr,
+ const std::string& type, ASN1_Tag tagging)
+ {
+ typedef std::multimap<std::string, std::string>::const_iterator iter;
+
+ std::pair<iter, iter> range = attr.equal_range(type);
+ for(iter j = range.first; j != range.second; ++j)
+ {
+ ASN1_String asn1_string(j->second, IA5_STRING);
+ DER::encode(encoder, asn1_string, tagging, CONTEXT_SPECIFIC);
+ }
+ }
+
+}
+
+/*************************************************
+* DER encode an AlternativeName extension *
+*************************************************/
+void AlternativeName::encode_into(DER_Encoder& der) const
+ {
+ der.start_sequence();
+
+ encode_entries(der, alt_info, "RFC822", ASN1_Tag(1));
+ encode_entries(der, alt_info, "DNS", ASN1_Tag(2));
+ encode_entries(der, alt_info, "URI", ASN1_Tag(6));
+
+ std::multimap<OID, ASN1_String>::const_iterator i;
+ for(i = othernames.begin(); i != othernames.end(); ++i)
+ {
+ der.start_explicit(ASN1_Tag(0))
+ .encode(i->first)
+ .start_explicit(ASN1_Tag(0))
+ .encode(i->second)
+ .end_explicit(ASN1_Tag(0))
+ .end_explicit(ASN1_Tag(0));
+ }
+
+ der.end_sequence();
+ }
+
+namespace BER {
+
+/*************************************************
+* Decode a BER encoded AlternativeName *
+*************************************************/
+void decode(BER_Decoder& source, AlternativeName& alt_name)
+ {
+ BER_Decoder names = BER::get_subsequence(source);
+ while(names.more_items())
+ {
+ BER_Object obj = names.get_next_object();
+ if((obj.class_tag != CONTEXT_SPECIFIC) &&
+ (obj.class_tag != (CONTEXT_SPECIFIC | CONSTRUCTED)))
+ continue;
+
+ ASN1_Tag tag = obj.type_tag;
+
+ if(tag == 0)
+ {
+ BER_Decoder othername(obj.value);
+
+ OID oid;
+ BER::decode(othername, oid);
+ if(othername.more_items())
+ {
+ BER_Object othername_value_outer = othername.get_next_object();
+ othername.verify_end();
+
+ if(othername_value_outer.type_tag != ASN1_Tag(0) ||
+ othername_value_outer.class_tag !=
+ (CONTEXT_SPECIFIC | CONSTRUCTED)
+ )
+ throw Decoding_Error("Invalid tags on otherName value");
+
+ BER_Decoder othername_value_inner(othername_value_outer.value);
+
+ BER_Object value = othername_value_inner.get_next_object();
+ othername_value_inner.verify_end();
+
+ ASN1_Tag value_type = value.type_tag;
+
+ if(is_string_type(value_type) && value.class_tag == UNIVERSAL)
+ alt_name.add_othername(oid, BER::to_string(value), value_type);
+ }
+ }
+ else if(tag == 1 || tag == 2 || tag == 6)
+ {
+ const std::string value = iso2local(BER::to_string(obj));
+
+ if(tag == 1) alt_name.add_attribute("RFC822", value);
+ if(tag == 2) alt_name.add_attribute("DNS", value);
+ if(tag == 6) alt_name.add_attribute("URI", value);
+ }
+
+ }
+ }
+
+}
+
+}
diff --git a/src/asn1_att.cpp b/src/asn1_att.cpp
new file mode 100644
index 000000000..58ed761b4
--- /dev/null
+++ b/src/asn1_att.cpp
@@ -0,0 +1,62 @@
+/*************************************************
+* Attribute Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/asn1_obj.h>
+#include <botan/oids.h>
+
+namespace Botan {
+
+/*************************************************
+* Create an Attribute *
+*************************************************/
+Attribute::Attribute(const OID& attr_oid, const MemoryRegion<byte>& attr_value)
+ {
+ oid = attr_oid;
+ parameters = attr_value;
+ }
+
+/*************************************************
+* Create an Attribute *
+*************************************************/
+Attribute::Attribute(const std::string& attr_oid,
+ const MemoryRegion<byte>& attr_value)
+ {
+ oid = OIDS::lookup(attr_oid);
+ parameters = attr_value;
+ }
+
+/*************************************************
+* DER encode a Attribute *
+*************************************************/
+void Attribute::encode_into(DER_Encoder& der) const
+ {
+ der.start_sequence()
+ .encode(oid)
+ .start_set()
+ .add_raw_octets(parameters)
+ .end_set()
+ .end_sequence();
+ }
+
+namespace BER {
+
+/*************************************************
+* Decode a BER encoded Attribute *
+*************************************************/
+void decode(BER_Decoder& source, Attribute& attr)
+ {
+ BER_Decoder decoder = BER::get_subsequence(source);
+ BER::decode(decoder, attr.oid);
+
+ BER_Decoder attributes = BER::get_subset(decoder);
+ attr.parameters = attributes.get_remaining();
+ attributes.verify_end();
+
+ decoder.verify_end();
+ }
+
+}
+
+}
diff --git a/src/asn1_dn.cpp b/src/asn1_dn.cpp
new file mode 100644
index 000000000..22ce980f6
--- /dev/null
+++ b/src/asn1_dn.cpp
@@ -0,0 +1,285 @@
+/*************************************************
+* X509_DN Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/asn1_obj.h>
+#include <botan/parsing.h>
+#include <botan/stl_util.h>
+#include <botan/oids.h>
+
+namespace Botan {
+
+/*************************************************
+* Create an empty X509_DN *
+*************************************************/
+X509_DN::X509_DN()
+ {
+ }
+
+/*************************************************
+* Create an X509_DN *
+*************************************************/
+X509_DN::X509_DN(const std::multimap<OID, std::string>& args)
+ {
+ std::multimap<OID, std::string>::const_iterator j;
+ for(j = args.begin(); j != args.end(); ++j)
+ add_attribute(j->first, j->second);
+ }
+
+/*************************************************
+* Create an X509_DN *
+*************************************************/
+X509_DN::X509_DN(const std::multimap<std::string, std::string>& args)
+ {
+ std::multimap<std::string, std::string>::const_iterator j;
+ for(j = args.begin(); j != args.end(); ++j)
+ add_attribute(OIDS::lookup(j->first), j->second);
+ }
+
+/*************************************************
+* Add an attribute to a X509_DN *
+*************************************************/
+void X509_DN::add_attribute(const std::string& type,
+ const std::string& str)
+ {
+ OID oid = OIDS::lookup(type);
+ add_attribute(oid, str);
+ }
+
+/*************************************************
+* Add an attribute to a X509_DN *
+*************************************************/
+void X509_DN::add_attribute(const OID& oid, const std::string& str)
+ {
+ if(str == "")
+ return;
+
+ typedef std::multimap<OID, ASN1_String>::iterator rdn_iter;
+
+ std::pair<rdn_iter, rdn_iter> range = dn_info.equal_range(oid);
+ for(rdn_iter j = range.first; j != range.second; ++j)
+ if(j->second.value() == str)
+ return;
+
+ multimap_insert(dn_info, oid, ASN1_String(str));
+ dn_bits.destroy();
+ }
+
+/*************************************************
+* Get the attributes of this X509_DN *
+*************************************************/
+std::multimap<OID, std::string> X509_DN::get_attributes() const
+ {
+ typedef std::multimap<OID, ASN1_String>::const_iterator rdn_iter;
+
+ std::multimap<OID, std::string> retval;
+ for(rdn_iter j = dn_info.begin(); j != dn_info.end(); ++j)
+ multimap_insert(retval, j->first, j->second.value());
+ return retval;
+ }
+
+/*************************************************
+* Get a single attribute type *
+*************************************************/
+std::vector<std::string> X509_DN::get_attribute(const std::string& attr) const
+ {
+ typedef std::multimap<OID, ASN1_String>::const_iterator rdn_iter;
+
+ const OID oid = OIDS::lookup(deref_info_field(attr));
+ std::pair<rdn_iter, rdn_iter> range = dn_info.equal_range(oid);
+
+ std::vector<std::string> values;
+ for(rdn_iter j = range.first; j != range.second; ++j)
+ values.push_back(j->second.value());
+ return values;
+ }
+
+/*************************************************
+* Handle the decoding operation of a DN *
+*************************************************/
+void X509_DN::do_decode(const MemoryRegion<byte>& bits)
+ {
+ BER_Decoder sequence(bits);
+
+ while(sequence.more_items())
+ {
+ BER_Decoder rdn = BER::get_subset(sequence);
+ while(rdn.more_items())
+ {
+ OID oid;
+ ASN1_String str;
+
+ BER_Decoder ava = BER::get_subsequence(rdn);
+ BER::decode(ava, oid);
+ BER::decode(ava, str);
+ ava.verify_end();
+
+ add_attribute(oid, str.value());
+ }
+ }
+
+ dn_bits = bits;
+ }
+
+/*************************************************
+* Return the BER encoded data, if any *
+*************************************************/
+SecureVector<byte> X509_DN::get_bits() const
+ {
+ return dn_bits;
+ }
+
+/*************************************************
+* Deref aliases in a subject/issuer info request *
+*************************************************/
+std::string X509_DN::deref_info_field(const std::string& info)
+ {
+ if(info == "Name" || info == "CommonName") return "X520.CommonName";
+ if(info == "SerialNumber") return "X520.SerialNumber";
+ if(info == "Country") return "X520.Country";
+ if(info == "Organization") return "X520.Organization";
+ if(info == "Organizational Unit") return "X520.OrganizationalUnit";
+ if(info == "Locality") return "X520.Locality";
+ if(info == "State" || info == "Province") return "X520.State";
+ if(info == "Email") return "RFC822";
+ return info;
+ }
+
+/*************************************************
+* Compare two X509_DNs for equality *
+*************************************************/
+bool operator==(const X509_DN& dn1, const X509_DN& dn2)
+ {
+ typedef std::multimap<OID, std::string>::const_iterator rdn_iter;
+
+ std::multimap<OID, std::string> attr1 = dn1.get_attributes();
+ std::multimap<OID, std::string> attr2 = dn2.get_attributes();
+
+ if(attr1.size() != attr2.size()) return false;
+
+ rdn_iter p1 = attr1.begin();
+ rdn_iter p2 = attr2.begin();
+
+ while(true)
+ {
+ if(p1 == attr1.end() && p2 == attr2.end())
+ break;
+ if(p1 == attr1.end()) return false;
+ if(p2 == attr2.end()) return false;
+ if(p1->first != p2->first) return false;
+ if(!x500_name_cmp(p1->second, p2->second))
+ return false;
+ ++p1;
+ ++p2;
+ }
+ return true;
+ }
+
+/*************************************************
+* Compare two X509_DNs for inequality *
+*************************************************/
+bool operator!=(const X509_DN& dn1, const X509_DN& dn2)
+ {
+ return !(dn1 == dn2);
+ }
+
+/*************************************************
+* Compare two X509_DNs *
+*************************************************/
+bool operator<(const X509_DN& dn1, const X509_DN& dn2)
+ {
+ typedef std::multimap<OID, std::string>::const_iterator rdn_iter;
+
+ std::multimap<OID, std::string> attr1 = dn1.get_attributes();
+ std::multimap<OID, std::string> attr2 = dn2.get_attributes();
+
+ if(attr1.size() < attr2.size()) return true;
+ if(attr1.size() > attr2.size()) return false;
+
+ for(rdn_iter p1 = attr1.begin(); p1 != attr1.end(); ++p1)
+ {
+ std::multimap<OID, std::string>::const_iterator p2;
+ p2 = attr2.find(p1->first);
+ if(p2 == attr2.end()) return false;
+ if(p1->second > p2->second) return false;
+ if(p1->second < p2->second) return true;
+ }
+ return false;
+ }
+
+namespace {
+
+/*************************************************
+* DER encode a RelativeDistinguishedName *
+*************************************************/
+void do_ava(DER_Encoder& encoder,
+ const std::multimap<OID, std::string>& dn_info,
+ ASN1_Tag string_type, const std::string& oid_str,
+ bool must_exist = false)
+ {
+ typedef std::multimap<OID, std::string>::const_iterator rdn_iter;
+
+ const OID oid = OIDS::lookup(oid_str);
+ const bool exists = (dn_info.find(oid) != dn_info.end());
+
+ if(!exists && must_exist)
+ throw Encoding_Error("X509_DN: No entry for " + oid_str);
+ if(!exists) return;
+
+ std::pair<rdn_iter, rdn_iter> range = dn_info.equal_range(oid);
+
+ for(rdn_iter j = range.first; j != range.second; ++j)
+ {
+ encoder.start_set()
+ .start_sequence()
+ .encode(oid)
+ .encode(ASN1_String(j->second, string_type))
+ .end_sequence()
+ .end_set();
+ }
+ }
+
+}
+
+/*************************************************
+* DER encode a DistinguishedName *
+*************************************************/
+void X509_DN::encode_into(DER_Encoder& der) const
+ {
+ std::multimap<OID, std::string> dn_info = get_attributes();
+
+ der.start_sequence();
+
+ if(dn_bits.has_items())
+ der.add_raw_octets(dn_bits);
+ else
+ {
+ do_ava(der, dn_info, PRINTABLE_STRING, "X520.Country", true);
+ do_ava(der, dn_info, DIRECTORY_STRING, "X520.State");
+ do_ava(der, dn_info, DIRECTORY_STRING, "X520.Locality");
+ do_ava(der, dn_info, DIRECTORY_STRING, "X520.Organization");
+ do_ava(der, dn_info, DIRECTORY_STRING, "X520.OrganizationalUnit");
+ do_ava(der, dn_info, DIRECTORY_STRING, "X520.CommonName", true);
+ do_ava(der, dn_info, PRINTABLE_STRING, "X520.SerialNumber");
+ }
+
+ der.end_sequence();
+ }
+
+namespace BER {
+
+/*************************************************
+* Decode a BER encoded DistinguishedName *
+*************************************************/
+void decode(BER_Decoder& source, X509_DN& dn)
+ {
+ dn = X509_DN();
+ BER_Decoder sequence = BER::get_subsequence(source);
+ SecureVector<byte> bits = sequence.get_remaining();
+ dn.do_decode(bits);
+ }
+
+}
+
+}
diff --git a/src/asn1_ext.cpp b/src/asn1_ext.cpp
new file mode 100644
index 000000000..44deeaf8a
--- /dev/null
+++ b/src/asn1_ext.cpp
@@ -0,0 +1,70 @@
+/*************************************************
+* Extension Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/asn1_obj.h>
+#include <botan/oids.h>
+
+namespace Botan {
+
+/*************************************************
+* Create an Extension *
+*************************************************/
+Extension::Extension(const OID& extn_oid, const MemoryRegion<byte>& extn_value)
+ {
+ oid = extn_oid;
+ value = extn_value;
+ critical = false;
+ }
+
+/*************************************************
+* Create an Extension *
+*************************************************/
+Extension::Extension(const std::string& extn_oid,
+ const MemoryRegion<byte>& extn_value)
+ {
+ oid = OIDS::lookup(extn_oid);
+ value = extn_value;
+ critical = false;
+ }
+
+/*************************************************
+* DER encode a Extension *
+*************************************************/
+void Extension::encode_into(DER_Encoder& der) const
+ {
+ der.start_sequence();
+ der.encode(oid);
+ if(critical)
+ der.encode(true);
+ // der.encode_with_default(critical, false);
+ der.encode(value, OCTET_STRING);
+ der.end_sequence();
+ }
+
+namespace BER {
+
+/*************************************************
+* Decode a BER encoded Extension *
+*************************************************/
+void decode(BER_Decoder& ber, Extension& extn)
+ {
+#if 1
+ BER_Decoder extension = BER::get_subsequence(ber);
+ BER::decode(extension, extn.oid);
+ BER::decode_optional(extension, extn.critical, BOOLEAN, UNIVERSAL, false);
+ extension.decode(extn.value, OCTET_STRING);
+ extension.verify_end();
+#else
+ ber.start_subsequence()
+ .decode(extn.oid)
+ .decode_optional(extn.critical, BOOLEAN, UNIVERSAL, false)
+ .decode(extn.value, OCTET_STRING)
+ .end_subsequence();
+#endif
+ }
+
+}
+
+}
diff --git a/src/asn1_int.cpp b/src/asn1_int.cpp
new file mode 100644
index 000000000..324187eff
--- /dev/null
+++ b/src/asn1_int.cpp
@@ -0,0 +1,56 @@
+/*************************************************
+* ASN.1 Internals Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/asn1_int.h>
+#include <botan/der_enc.h>
+#include <botan/data_src.h>
+#include <botan/parsing.h>
+
+namespace Botan {
+
+/*************************************************
+* BER Decoding Exceptions *
+*************************************************/
+BER_Decoding_Error::BER_Decoding_Error(const std::string& str) :
+ Decoding_Error("BER: " + str) {}
+
+BER_Bad_Tag::BER_Bad_Tag(const std::string& str, ASN1_Tag tag) :
+ BER_Decoding_Error(str + ": " + to_string(tag)) {}
+
+BER_Bad_Tag::BER_Bad_Tag(const std::string& str,
+ ASN1_Tag tag1, ASN1_Tag tag2) :
+ BER_Decoding_Error(str + ": " + to_string(tag1) + "/" + to_string(tag2)) {}
+
+namespace ASN1 {
+
+/*************************************************
+* Put some arbitrary bytes into a SEQUENCE *
+*************************************************/
+SecureVector<byte> put_in_sequence(const MemoryRegion<byte>& contents)
+ {
+ DER_Encoder encoder;
+ encoder.start_sequence();
+ encoder.add_raw_octets(contents);
+ encoder.end_sequence();
+ return encoder.get_contents();
+ }
+
+/*************************************************
+* Do heuristic tests for BER data *
+*************************************************/
+bool maybe_BER(DataSource& source)
+ {
+ byte first_byte;
+ if(!source.peek_byte(first_byte))
+ throw Stream_IO_Error("ASN1::maybe_BER: Source was empty");
+
+ if(first_byte == (SEQUENCE | CONSTRUCTED))
+ return true;
+ return false;
+ }
+
+}
+
+}
diff --git a/src/asn1_ku.cpp b/src/asn1_ku.cpp
new file mode 100644
index 000000000..626074e7c
--- /dev/null
+++ b/src/asn1_ku.cpp
@@ -0,0 +1,41 @@
+/*************************************************
+* KeyUsage Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/asn1_obj.h>
+#include <botan/asn1_int.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace BER {
+
+/*************************************************
+* Decode a BER encoded KeyUsage *
+*************************************************/
+void decode(BER_Decoder& source, Key_Constraints& key_usage)
+ {
+ BER_Object obj = source.get_next_object();
+
+ if(obj.type_tag != BIT_STRING || obj.class_tag != UNIVERSAL)
+ throw BER_Bad_Tag("Bad tag for usage constraint",
+ obj.type_tag, obj.class_tag);
+ if(obj.value.size() != 2 && obj.value.size() != 3)
+ throw BER_Decoding_Error("Bad size for BITSTRING in usage constraint");
+ if(obj.value[0] >= 8)
+ throw BER_Decoding_Error("Invalid unused bits in usage constraint");
+
+ const byte mask = (0xFF << obj.value[0]);
+ obj.value[obj.value.size()-1] &= mask;
+
+ u16bit usage = 0;
+ for(u32bit j = 1; j != obj.value.size(); ++j)
+ usage = (obj.value[j] << 8) | usage;
+
+ key_usage = Key_Constraints(usage);
+ }
+
+}
+
+}
diff --git a/src/asn1_oid.cpp b/src/asn1_oid.cpp
new file mode 100644
index 000000000..413beedcf
--- /dev/null
+++ b/src/asn1_oid.cpp
@@ -0,0 +1,178 @@
+/*************************************************
+* ASN.1 OID Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/asn1_oid.h>
+#include <botan/asn1_int.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
+#include <botan/bit_ops.h>
+#include <botan/parsing.h>
+
+namespace Botan {
+
+/*************************************************
+* ASN.1 OID Constructor *
+*************************************************/
+OID::OID(const std::string& oid_str)
+ {
+ if(oid_str != "")
+ {
+ id = parse_asn1_oid(oid_str);
+ if(id.size() < 2 || id[0] > 2)
+ throw Invalid_OID(oid_str);
+ if((id[0] == 0 || id[0] == 1) && id[1] > 39)
+ throw Invalid_OID(oid_str);
+ }
+ }
+
+/*************************************************
+* Clear the current OID *
+*************************************************/
+void OID::clear()
+ {
+ id.clear();
+ }
+
+/*************************************************
+* Return this OID as a string *
+*************************************************/
+std::string OID::as_string() const
+ {
+ std::string oid_str;
+ for(u32bit j = 0; j != id.size(); ++j)
+ {
+ oid_str += to_string(id[j]);
+ if(j != id.size() - 1)
+ oid_str += '.';
+ }
+ return oid_str;
+ }
+
+/*************************************************
+* OID equality comparison *
+*************************************************/
+bool OID::operator==(const OID& oid) const
+ {
+ if(id.size() != oid.id.size())
+ return false;
+ for(u32bit j = 0; j != id.size(); ++j)
+ if(id[j] != oid.id[j])
+ return false;
+ return true;
+ }
+
+/*************************************************
+* Append another component to the OID *
+*************************************************/
+OID& OID::operator+=(u32bit component)
+ {
+ id.push_back(component);
+ return (*this);
+ }
+
+/*************************************************
+* Append another component to the OID *
+*************************************************/
+OID operator+(const OID& oid, u32bit component)
+ {
+ OID new_oid(oid);
+ new_oid += component;
+ return new_oid;
+ }
+
+/*************************************************
+* OID inequality comparison *
+*************************************************/
+bool operator!=(const OID& a, const OID& b)
+ {
+ return !(a == b);
+ }
+
+/*************************************************
+* Compare two OIDs *
+*************************************************/
+bool operator<(const OID& a, const OID& b)
+ {
+ std::vector<u32bit> oid1 = a.get_id();
+ std::vector<u32bit> oid2 = b.get_id();
+
+ if(oid1.size() < oid2.size())
+ return true;
+ if(oid1.size() > oid2.size())
+ return false;
+ for(u32bit j = 0; j != oid1.size(); ++j)
+ {
+ if(oid1[j] < oid2[j])
+ return true;
+ if(oid1[j] > oid2[j])
+ return false;
+ }
+ return false;
+ }
+
+/*************************************************
+* DER encode an OBJECT IDENTIFIER *
+*************************************************/
+void OID::encode_into(DER_Encoder& der) const
+ {
+ if(id.size() < 2)
+ throw Invalid_Argument("OID::encode_into: OID is invalid");
+
+ MemoryVector<byte> encoding;
+ encoding.append(40 * id[0] + id[1]);
+
+ for(u32bit j = 2; j != id.size(); ++j)
+ {
+ if(id[j] == 0)
+ encoding.append(0);
+ else
+ {
+ u32bit blocks = high_bit(id[j]) + 6;
+ blocks = (blocks - (blocks % 7)) / 7;
+
+ for(u32bit k = 0; k != blocks - 1; ++k)
+ encoding.append(0x80 | ((id[j] >> 7*(blocks-k-1)) & 0x7F));
+ encoding.append(id[j] & 0x7F);
+ }
+ }
+ der.add_object(OBJECT_ID, UNIVERSAL, encoding);
+ }
+
+namespace BER {
+
+/*************************************************
+* Decode a BER encoded OBJECT IDENTIFIER *
+*************************************************/
+void decode(BER_Decoder& decoder, OID& oid)
+ {
+ BER_Object obj = decoder.get_next_object();
+ if(obj.type_tag != OBJECT_ID || obj.class_tag != UNIVERSAL)
+ throw BER_Bad_Tag("Error decoding OID, unknown tag",
+ obj.type_tag, obj.class_tag);
+ if(obj.value.size() < 2)
+ throw BER_Decoding_Error("OID encoding is too short");
+
+ oid.clear();
+ oid += (obj.value[0] / 40);
+ oid += (obj.value[0] % 40);
+
+ u32bit j = 0;
+ while(j != obj.value.size() - 1)
+ {
+ u32bit component = 0;
+ while(j != obj.value.size() - 1)
+ {
+ ++j;
+ component = (component << 7) + (obj.value[j] & 0x7F);
+ if(!(obj.value[j] & 0x80))
+ break;
+ }
+ oid += component;
+ }
+ }
+
+}
+
+}
diff --git a/src/asn1_str.cpp b/src/asn1_str.cpp
new file mode 100644
index 000000000..ced252b49
--- /dev/null
+++ b/src/asn1_str.cpp
@@ -0,0 +1,211 @@
+/*************************************************
+* Simple ASN.1 String Types Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/asn1_obj.h>
+#include <botan/asn1_int.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
+#include <botan/charset.h>
+#include <botan/parsing.h>
+#include <botan/conf.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Choose an encoding for the string *
+*************************************************/
+ASN1_Tag choose_encoding(const std::string& str)
+ {
+ static const byte IS_PRINTABLE[256] = {
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00,
+ 0x00, 0x01, 0x00, 0x01, 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01,
+ 0x01, 0x01, 0x01, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00 };
+
+ for(u32bit j = 0; j != str.size(); ++j)
+ if(!IS_PRINTABLE[(byte)str[j]])
+ {
+ const std::string type = Config::get_string("x509/ca/str_type");
+ if(type == "utf8") return UTF8_STRING;
+ if(type == "latin1") return T61_STRING;
+ throw Invalid_Argument("Bad setting for x509/ca/str_type: " + type);
+ }
+ return PRINTABLE_STRING;
+ }
+
+}
+
+/*************************************************
+* Check if type is a known ASN.1 string type *
+*************************************************/
+bool is_string_type(ASN1_Tag tag)
+ {
+ if(tag == NUMERIC_STRING || tag == PRINTABLE_STRING ||
+ tag == VISIBLE_STRING || tag == T61_STRING || tag == IA5_STRING ||
+ tag == UTF8_STRING || tag == BMP_STRING)
+ return true;
+ return false;
+ }
+
+/*************************************************
+* Create an ASN1_String *
+*************************************************/
+ASN1_String::ASN1_String(const std::string& str, ASN1_Tag t) : tag(t)
+ {
+ iso_8859_str = local2iso(str);
+ if(tag == DIRECTORY_STRING)
+ tag = choose_encoding(iso_8859_str);
+
+ if(tag != NUMERIC_STRING &&
+ tag != PRINTABLE_STRING &&
+ tag != VISIBLE_STRING &&
+ tag != T61_STRING &&
+ tag != IA5_STRING &&
+ tag != UTF8_STRING &&
+ tag != BMP_STRING)
+ throw Invalid_Argument("ASN1_String: Unknown string type " +
+ to_string(tag));
+ }
+
+/*************************************************
+* Create an ASN1_String *
+*************************************************/
+ASN1_String::ASN1_String(const std::string& str)
+ {
+ iso_8859_str = local2iso(str);
+ tag = choose_encoding(iso_8859_str);
+ }
+
+/*************************************************
+* Return this string in ISO 8859-1 encoding *
+*************************************************/
+std::string ASN1_String::iso_8859() const
+ {
+ return iso_8859_str;
+ }
+
+/*************************************************
+* Return this string in local encoding *
+*************************************************/
+std::string ASN1_String::value() const
+ {
+ return iso2local(iso_8859_str);
+ }
+
+/*************************************************
+* Return the type of this string object *
+*************************************************/
+ASN1_Tag ASN1_String::tagging() const
+ {
+ return tag;
+ }
+
+/*************************************************
+* DER encode an ASN1_String *
+*************************************************/
+void ASN1_String::encode_into(DER_Encoder& encoder) const
+ {
+ std::string value = iso_8859();
+ if(tagging() == UTF8_STRING)
+ value = iso2utf(value);
+ encoder.add_object(tagging(), UNIVERSAL, value);
+ }
+
+namespace DER {
+
+/*************************************************
+* DER encode an ASN1_String *
+*************************************************/
+void encode(DER_Encoder& encoder, const ASN1_String& string,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ if(string.tagging() == UTF8_STRING)
+ encoder.add_object(type_tag, class_tag, iso2utf(string.iso_8859()));
+ else
+ encoder.add_object(type_tag, class_tag, string.iso_8859());
+ }
+
+}
+
+namespace BER {
+
+namespace {
+
+/*************************************************
+* Do any UTF-8/Unicode decoding needed *
+*************************************************/
+std::string convert_string(BER_Object obj, ASN1_Tag type)
+ {
+ if(type == BMP_STRING)
+ {
+ if(obj.value.size() % 2 == 1)
+ throw BER_Decoding_Error("BMP STRING has an odd number of bytes");
+
+ std::string value;
+ for(u32bit j = 0; j != obj.value.size(); j += 2)
+ {
+ const byte c1 = obj.value[j];
+ const byte c2 = obj.value[j+1];
+
+ if(c1 != 0)
+ throw BER_Decoding_Error("BMP STRING has non-Latin1 characters");
+
+ value += (char)c2;
+ }
+ return iso2local(value);
+ }
+ else if(type == UTF8_STRING)
+ return iso2local(utf2iso(BER::to_string(obj)));
+ else
+ return iso2local(BER::to_string(obj));
+ }
+
+}
+
+/*************************************************
+* Decode a BER encoded ASN1_String *
+*************************************************/
+void decode(BER_Decoder& source, ASN1_String& string,
+ ASN1_Tag expected_tag, ASN1_Tag real_tag)
+ {
+ BER_Object obj = source.get_next_object();
+ if(obj.type_tag != expected_tag)
+ throw BER_Bad_Tag("Unexpected string tag", obj.type_tag);
+
+ string = ASN1_String(convert_string(obj, real_tag), real_tag);
+ }
+
+/*************************************************
+* Decode a BER encoded ASN1_String *
+*************************************************/
+void decode(BER_Decoder& source, ASN1_String& string)
+ {
+ BER_Object obj = source.get_next_object();
+ string = ASN1_String(convert_string(obj, obj.type_tag), obj.type_tag);
+ }
+
+}
+
+}
diff --git a/src/asn1_tm.cpp b/src/asn1_tm.cpp
new file mode 100644
index 000000000..af4eaa1b4
--- /dev/null
+++ b/src/asn1_tm.cpp
@@ -0,0 +1,298 @@
+/*************************************************
+* X.509 Time Types Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/asn1_obj.h>
+#include <botan/charset.h>
+#include <botan/parsing.h>
+#include <botan/conf.h>
+#include <ctime>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Convert a time_t to a struct tm *
+*************************************************/
+std::tm get_tm(u64bit timer)
+ {
+ std::time_t time_val = (std::time_t)timer;
+
+ if((u64bit)time_val != timer)
+ throw Encoding_Error("X509_Time: time_t overflow with time value " +
+ to_string(timer));
+
+ std::tm* tm_p = std::gmtime(&time_val);
+ if(tm_p == 0)
+ throw Encoding_Error("X509_Time: gmtime could not encode " +
+ to_string(timer));
+ return (*tm_p);
+ }
+
+}
+
+/*************************************************
+* Create an X509_Time *
+*************************************************/
+X509_Time::X509_Time(const std::string& time_str)
+ {
+ if(time_str == "")
+ {
+ year = month = day = hour = minute = second = 0;
+ return;
+ }
+
+ std::vector<std::string> params;
+ std::string current;
+
+ for(u32bit j = 0; j != time_str.size(); ++j)
+ {
+ if(is_digit(time_str[j]))
+ current += time_str[j];
+ else
+ {
+ if(current != "")
+ params.push_back(current);
+ current = "";
+ }
+ }
+ if(current != "")
+ params.push_back(current);
+
+ if(params.size() < 3 || params.size() > 6)
+ throw Invalid_Argument("Invalid time specification " + time_str);
+
+ year = to_u32bit(params[0]);
+ month = to_u32bit(params[1]);
+ day = to_u32bit(params[2]);
+ hour = (params.size() >= 4) ? to_u32bit(params[3]) : 0;
+ minute = (params.size() >= 5) ? to_u32bit(params[4]) : 0;
+ second = (params.size() == 6) ? to_u32bit(params[5]) : 0;
+
+ if(year >= 2050)
+ tag = GENERALIZED_TIME;
+ else
+ tag = UTC_TIME;
+
+ if(!passes_sanity_check())
+ throw Invalid_Argument("Invalid time specification " + time_str);
+ }
+
+/*************************************************
+* Create an X509_Time *
+*************************************************/
+X509_Time::X509_Time(u64bit timer)
+ {
+ std::tm time_info = get_tm(timer);
+
+ year = time_info.tm_year + 1900;
+ month = time_info.tm_mon + 1;
+ day = time_info.tm_mday;
+ hour = time_info.tm_hour;
+ minute = time_info.tm_min;
+ second = time_info.tm_sec;
+
+ if(year >= 2050)
+ tag = GENERALIZED_TIME;
+ else
+ tag = UTC_TIME;
+ }
+
+/*************************************************
+* Create an X509_Time *
+*************************************************/
+X509_Time::X509_Time(const std::string& t_spec, ASN1_Tag t) : tag(t)
+ {
+ if(tag != GENERALIZED_TIME && tag != UTC_TIME)
+ throw Invalid_Argument("X509_Time: Invalid tag " + to_string(tag));
+ if(tag == GENERALIZED_TIME && t_spec.size() != 13 && t_spec.size() != 15)
+ throw Invalid_Argument("Invalid GeneralizedTime: " + t_spec);
+ if(tag == UTC_TIME && t_spec.size() != 11 && t_spec.size() != 13)
+ throw Invalid_Argument("Invalid UTCTime: " + t_spec);
+ if(t_spec[t_spec.size()-1] != 'Z')
+ throw Invalid_Argument("Invalid time encoding: " + t_spec);
+
+ const u32bit YEAR_SIZE = (tag == UTC_TIME) ? 2 : 4;
+
+ std::vector<std::string> params;
+ std::string current;
+
+ for(u32bit j = 0; j != YEAR_SIZE; ++j)
+ current += t_spec[j];
+ params.push_back(current);
+ current = "";
+
+ for(u32bit j = YEAR_SIZE; j != t_spec.size() - 1; ++j)
+ {
+ current += t_spec[j];
+ if(current.size() == 2)
+ {
+ params.push_back(current);
+ current = "";
+ }
+ }
+
+ year = to_u32bit(params[0]);
+ month = to_u32bit(params[1]);
+ day = to_u32bit(params[2]);
+ hour = to_u32bit(params[3]);
+ minute = to_u32bit(params[4]);
+ second = (params.size() == 6) ? to_u32bit(params[5]) : 0;
+
+ if(tag == UTC_TIME)
+ {
+ if(year >= 50) year += 1900;
+ else year += 2000;
+ }
+
+ if(!passes_sanity_check())
+ throw Invalid_Argument("Invalid time specification " + t_spec);
+ }
+
+/*************************************************
+* DER encode a X509_Time *
+*************************************************/
+void X509_Time::encode_into(DER_Encoder& der) const
+ {
+ if(tag != GENERALIZED_TIME && tag != UTC_TIME)
+ throw Invalid_Argument("X509_Time: Bad encoding tag");
+ der.add_object(tag, UNIVERSAL, local2iso(as_string()));
+ }
+
+/*************************************************
+* Return a string representation of the time *
+*************************************************/
+std::string X509_Time::as_string() const
+ {
+ if(time_is_set() == false)
+ throw Invalid_State("X509_Time::as_string: No time set");
+
+ std::string asn1rep;
+ if(tag == GENERALIZED_TIME)
+ asn1rep = to_string(year, 4);
+ else
+ {
+ if(year < 1950 || year >= 2050)
+ throw Encoding_Error("X509_Time: The time " + readable_string() +
+ " cannot be encoded as a UTCTime");
+ u32bit asn1year = (year >= 2000) ? (year - 2000) : (year - 1900);
+ asn1rep = to_string(asn1year, 2);
+ }
+ asn1rep += to_string(month, 2) + to_string(day, 2);
+ asn1rep += to_string(hour, 2) + to_string(minute, 2) + to_string(second, 2);
+ asn1rep += "Z";
+ return asn1rep;
+ }
+
+/*************************************************
+* Return if the time has been set somehow *
+*************************************************/
+bool X509_Time::time_is_set() const
+ {
+ return (year != 0);
+ }
+
+/*************************************************
+* Return a human readable string representation *
+*************************************************/
+std::string X509_Time::readable_string() const
+ {
+ if(time_is_set() == false)
+ throw Invalid_State("X509_Time::readable_string: No time set");
+
+ std::string readable;
+ readable += to_string(year, 4) + "/";
+ readable += to_string(month ) + "/";
+ readable += to_string(day ) + " ";
+ readable += to_string(hour ) + ":";
+ readable += to_string(minute, 2) + ":";
+ readable += to_string(second, 2) + " UTC";
+ return readable;
+ }
+
+/*************************************************
+* Do a general sanity check on the time *
+*************************************************/
+bool X509_Time::passes_sanity_check() const
+ {
+ if(year < 1950 || year > 2100)
+ return false;
+ if(month == 0 || month > 12)
+ return false;
+ if(day == 0 || day > 31)
+ return false;
+ if(hour >= 24 || minute > 60 || second > 60)
+ return false;
+ return true;
+ }
+
+/*************************************************
+* Compare this time against another *
+*************************************************/
+s32bit X509_Time::cmp(const X509_Time& other) const
+ {
+ if(time_is_set() == false)
+ throw Invalid_State("X509_Time::cmp: No time set");
+
+ const s32bit EARLIER = -1, LATER = 1, SAME_TIME = 0;
+
+ if(year < other.year) return EARLIER;
+ if(year > other.year) return LATER;
+ if(month < other.month) return EARLIER;
+ if(month > other.month) return LATER;
+ if(day < other.day) return EARLIER;
+ if(day > other.day) return LATER;
+ if(hour < other.hour) return EARLIER;
+ if(hour > other.hour) return LATER;
+ if(minute < other.minute) return EARLIER;
+ if(minute > other.minute) return LATER;
+ if(second < other.second) return EARLIER;
+ if(second > other.second) return LATER;
+
+ return SAME_TIME;
+ }
+
+/*************************************************
+* Compare two X509_Times for in various ways *
+*************************************************/
+bool operator==(const X509_Time& t1, const X509_Time& t2)
+ { return (t1.cmp(t2) == 0); }
+bool operator!=(const X509_Time& t1, const X509_Time& t2)
+ { return (t1.cmp(t2) != 0); }
+bool operator<=(const X509_Time& t1, const X509_Time& t2)
+ { return (t1.cmp(t2) <= 0); }
+bool operator>=(const X509_Time& t1, const X509_Time& t2)
+ { return (t1.cmp(t2) >= 0); }
+
+/*************************************************
+* Do a validity check *
+*************************************************/
+s32bit validity_check(const X509_Time& start, const X509_Time& end,
+ u64bit current_time)
+ {
+ const u32bit ALLOWABLE_SLIP = Config::get_time("x509/validity_slack");
+ const s32bit NOT_YET_VALID = -1, VALID_TIME = 0, EXPIRED = 1;
+
+ if(start.cmp(current_time + ALLOWABLE_SLIP) > 0)
+ return NOT_YET_VALID;
+ if(end.cmp(current_time - ALLOWABLE_SLIP) < 0)
+ return EXPIRED;
+ return VALID_TIME;
+ }
+
+namespace BER {
+
+/*************************************************
+* Decode a BER encoded X509_Time *
+*************************************************/
+void decode(BER_Decoder& source, X509_Time& time)
+ {
+ BER_Object ber_time = source.get_next_object();
+ time = X509_Time(iso2local(BER::to_string(ber_time)), ber_time.type_tag);
+ }
+
+}
+
+}
diff --git a/src/base.cpp b/src/base.cpp
new file mode 100644
index 000000000..b0f1eac80
--- /dev/null
+++ b/src/base.cpp
@@ -0,0 +1,262 @@
+/*************************************************
+* Base Classes Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/base.h>
+#include <botan/version.h>
+#include <botan/parsing.h>
+#include <botan/util.h>
+#include <botan/conf.h>
+
+namespace Botan {
+
+/*************************************************
+* SymmetricAlgorithm Constructor *
+*************************************************/
+SymmetricAlgorithm::SymmetricAlgorithm(u32bit key_min, u32bit key_max,
+ u32bit key_mod) :
+ MAXIMUM_KEYLENGTH(key_max ? key_max : key_min),
+ MINIMUM_KEYLENGTH(key_min),
+ KEYLENGTH_MULTIPLE(key_mod)
+ {
+ }
+
+/*************************************************
+* Query if the keylength is valid *
+*************************************************/
+bool SymmetricAlgorithm::valid_keylength(u32bit length) const
+ {
+ return ((length >= MINIMUM_KEYLENGTH) &&
+ (length <= MAXIMUM_KEYLENGTH) &&
+ (length % KEYLENGTH_MULTIPLE == 0));
+ }
+
+/*************************************************
+* Set the key *
+*************************************************/
+void SymmetricAlgorithm::set_key(const SymmetricKey& algo_key)
+ throw(Invalid_Key_Length)
+ {
+ set_key(algo_key.begin(), algo_key.length());
+ }
+
+/*************************************************
+* Set the key *
+*************************************************/
+void SymmetricAlgorithm::set_key(const byte algo_key[], u32bit length)
+ throw(Invalid_Key_Length)
+ {
+ if(!valid_keylength(length))
+ throw Invalid_Key_Length(name(), length);
+ key(algo_key, length);
+ }
+
+/*************************************************
+* BlockCipher Constructor *
+*************************************************/
+BlockCipher::BlockCipher(u32bit block, u32bit key_min, u32bit key_max,
+ u32bit key_mod) :
+ SymmetricAlgorithm(key_min, key_max, key_mod),
+ BLOCK_SIZE(block)
+ {
+ }
+
+/*************************************************
+* StreamCipher Constructor *
+*************************************************/
+StreamCipher::StreamCipher(u32bit key_min, u32bit key_max, u32bit key_mod,
+ u32bit iv_len) :
+ SymmetricAlgorithm(key_min, key_max, key_mod), IV_LENGTH(iv_len)
+ {
+ }
+
+/*************************************************
+* BufferedComputation Constructor *
+*************************************************/
+BufferedComputation::BufferedComputation(u32bit olen) : OUTPUT_LENGTH(olen)
+ {
+ }
+
+/*************************************************
+* HashFunction Constructor *
+*************************************************/
+HashFunction::HashFunction(u32bit hlen, u32bit blen) :
+ BufferedComputation(hlen), HASH_BLOCK_SIZE(blen)
+ {
+ }
+
+/*************************************************
+* MessageAuthenticationCode Constructor *
+*************************************************/
+MessageAuthenticationCode::MessageAuthenticationCode(u32bit mlen,
+ u32bit key_min,
+ u32bit key_max,
+ u32bit key_mod) :
+ BufferedComputation(mlen),
+ SymmetricAlgorithm(key_min, key_max, key_mod)
+ {
+ }
+
+/*************************************************
+* Default MAC verification operation *
+*************************************************/
+bool MessageAuthenticationCode::verify_mac(const byte mac[], u32bit length)
+ {
+ SecureVector<byte> our_mac = final();
+ if(our_mac.size() != length)
+ return false;
+ for(u32bit j = 0; j != length; ++j)
+ if(mac[j] != our_mac[j])
+ return false;
+ return true;
+ }
+
+/*************************************************
+* Default StreamCipher Resync Operation *
+*************************************************/
+void StreamCipher::resync(const byte[], u32bit length)
+ {
+ if(length)
+ throw Exception("The stream cipher " + name() +
+ " does not support resyncronization");
+ }
+
+/*************************************************
+* Default StreamCipher Seek Operation *
+*************************************************/
+void StreamCipher::seek(u32bit)
+ {
+ throw Exception("The stream cipher " + name() + " does not support seek()");
+ }
+
+/*************************************************
+* Hashing/MACing *
+*************************************************/
+void BufferedComputation::update(const byte in[], u32bit n)
+ {
+ add_data(in, n);
+ }
+
+/*************************************************
+* Hashing/MACing *
+*************************************************/
+void BufferedComputation::update(const MemoryRegion<byte>& in)
+ {
+ add_data(in, in.size());
+ }
+
+/*************************************************
+* Hashing/MACing *
+*************************************************/
+void BufferedComputation::update(const std::string& str)
+ {
+ update((const byte*)str.c_str(), str.size());
+ }
+
+/*************************************************
+* Hashing/MACing *
+*************************************************/
+void BufferedComputation::update(byte in)
+ {
+ update(&in, 1);
+ }
+
+/*************************************************
+* Hashing/MACing *
+*************************************************/
+SecureVector<byte> BufferedComputation::final()
+ {
+ SecureVector<byte> output(OUTPUT_LENGTH);
+ final_result(output);
+ return output;
+ }
+
+/*************************************************
+* Hashing/MACing *
+*************************************************/
+SecureVector<byte> BufferedComputation::process(const byte in[], u32bit len)
+ {
+ update(in, len);
+ return final();
+ }
+
+/*************************************************
+* Hashing/MACing *
+*************************************************/
+SecureVector<byte> BufferedComputation::process(const MemoryRegion<byte>& in)
+ {
+ update(in, in.size());
+ return final();
+ }
+
+/*************************************************
+* Hashing/MACing *
+*************************************************/
+SecureVector<byte> BufferedComputation::process(const std::string& in)
+ {
+ update(in);
+ return final();
+ }
+
+/*************************************************
+* Default fast poll for EntropySources *
+*************************************************/
+u32bit EntropySource::fast_poll(byte buf[], u32bit len)
+ {
+ return slow_poll(buf, len);
+ }
+
+/*************************************************
+* Add entropy to internal state *
+*************************************************/
+void RandomNumberGenerator::add_entropy(const byte random[], u32bit length)
+ {
+ add_randomness(random, length);
+ }
+
+/*************************************************
+* Add entropy to internal state *
+*************************************************/
+u32bit RandomNumberGenerator::add_entropy(EntropySource& source,
+ bool slow_poll)
+ {
+ u32bit poll_for = 0;
+
+ if(slow_poll)
+ poll_for = Config::get_u32bit("rng/slow_poll_request");
+ else
+ poll_for = Config::get_u32bit("rng/fast_poll_request");
+
+ SecureVector<byte> buffer(poll_for ? poll_for : 256);
+
+ u32bit bytes_gathered = 0;
+
+ if(slow_poll)
+ bytes_gathered = source.slow_poll(buffer, buffer.size());
+ else
+ bytes_gathered = source.fast_poll(buffer, buffer.size());
+
+ add_entropy(buffer, bytes_gathered);
+
+ return entropy_estimate(buffer, bytes_gathered);
+ }
+
+/*************************************************
+* Return the version as a string *
+*************************************************/
+std::string version_string()
+ {
+ return "Botan " + to_string(version_major()) + "." +
+ to_string(version_minor()) + "." +
+ to_string(version_patch());
+ }
+
+/*************************************************
+* Return parts of the version as integers *
+*************************************************/
+u32bit version_major() { return BOTAN_VERSION_MAJOR; }
+u32bit version_minor() { return BOTAN_VERSION_MINOR; }
+u32bit version_patch() { return BOTAN_VERSION_PATCH; }
+
+}
diff --git a/src/base64.cpp b/src/base64.cpp
new file mode 100644
index 000000000..22c6d78c5
--- /dev/null
+++ b/src/base64.cpp
@@ -0,0 +1,218 @@
+/*************************************************
+* Base64 Encoder/Decoder Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/base64.h>
+#include <botan/charset.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* Base64_Encoder Constructor *
+*************************************************/
+Base64_Encoder::Base64_Encoder(bool breaks, u32bit length) :
+ line_length(breaks ? length : 0)
+ {
+ in.create(48);
+ out.create(4);
+
+ counter = position = 0;
+ }
+
+/*************************************************
+* Base64 Encoding Operation *
+*************************************************/
+void Base64_Encoder::encode(const byte in[3], byte out[4])
+ {
+ out[0] = BIN_TO_BASE64[((in[0] & 0xFC) >> 2)];
+ out[1] = BIN_TO_BASE64[((in[0] & 0x03) << 4) | (in[1] >> 4)];
+ out[2] = BIN_TO_BASE64[((in[1] & 0x0F) << 2) | (in[2] >> 6)];
+ out[3] = BIN_TO_BASE64[((in[2] & 0x3F) )];
+ }
+
+/*************************************************
+* Encode and send a block *
+*************************************************/
+void Base64_Encoder::encode_and_send(const byte block[], u32bit length)
+ {
+ for(u32bit j = 0; j != length; j += 3)
+ {
+ encode(block + j, out);
+ do_output(out, 4);
+ }
+ }
+
+/*************************************************
+* Handle the output *
+*************************************************/
+void Base64_Encoder::do_output(const byte input[], u32bit length)
+ {
+ if(line_length == 0)
+ send(input, length);
+ else
+ {
+ u32bit remaining = length, offset = 0;
+ while(remaining)
+ {
+ u32bit sent = std::min(line_length - counter, remaining);
+ send(input + offset, sent);
+ counter += sent;
+ remaining -= sent;
+ offset += sent;
+ if(counter == line_length)
+ {
+ send('\n');
+ counter = 0;
+ }
+ }
+ }
+ }
+
+/*************************************************
+* Convert some data into Base64 *
+*************************************************/
+void Base64_Encoder::write(const byte input[], u32bit length)
+ {
+ in.copy(position, input, length);
+ if(position + length >= in.size())
+ {
+ encode_and_send(in, in.size());
+ input += (in.size() - position);
+ length -= (in.size() - position);
+ while(length >= in.size())
+ {
+ encode_and_send(input, in.size());
+ input += in.size();
+ length -= in.size();
+ }
+ in.copy(input, length);
+ position = 0;
+ }
+ position += length;
+ }
+
+/*************************************************
+* Flush buffers *
+*************************************************/
+void Base64_Encoder::end_msg()
+ {
+ u32bit start_of_last_block = 3 * (position / 3),
+ left_over = position % 3;
+ encode_and_send(in, start_of_last_block);
+
+ if(left_over)
+ {
+ SecureBuffer<byte, 3> remainder(in + start_of_last_block, left_over);
+
+ encode(remainder, out);
+
+ u32bit empty_bits = 8 * (3 - left_over), index = 4 - 1;
+ while(empty_bits >= 8)
+ {
+ out[index--] = '=';
+ empty_bits -= 6;
+ }
+
+ do_output(out, 4);
+ }
+
+ if(counter && line_length)
+ send('\n');
+
+ counter = position = 0;
+ }
+
+/*************************************************
+* Base64_Decoder Constructor *
+*************************************************/
+Base64_Decoder::Base64_Decoder(Decoder_Checking c) : checking(c)
+ {
+ in.create(48);
+ out.create(3);
+ position = 0;
+ }
+
+/*************************************************
+* Check if a character is a valid Base64 char *
+*************************************************/
+bool Base64_Decoder::is_valid(byte in)
+ {
+ return (BASE64_TO_BIN[in] != 0x80);
+ }
+
+/*************************************************
+* Base64 Decoding Operation *
+*************************************************/
+void Base64_Decoder::decode(const byte in[4], byte out[3])
+ {
+ out[0] = (byte)((BASE64_TO_BIN[in[0]] << 2) | (BASE64_TO_BIN[in[1]] >> 4));
+ out[1] = (byte)((BASE64_TO_BIN[in[1]] << 4) | (BASE64_TO_BIN[in[2]] >> 2));
+ out[2] = (byte)((BASE64_TO_BIN[in[2]] << 6) | (BASE64_TO_BIN[in[3]]));
+ }
+
+/*************************************************
+* Decode and send a block *
+*************************************************/
+void Base64_Decoder::decode_and_send(const byte block[], u32bit length)
+ {
+ for(u32bit j = 0; j != length; j += 4)
+ {
+ decode(block + j, out);
+ send(out, 3);
+ }
+ }
+
+/*************************************************
+* Handle processing an invalid character *
+*************************************************/
+void Base64_Decoder::handle_bad_char(byte c)
+ {
+ if(checking == NONE) return;
+ if((checking == IGNORE_WS) && is_space(c)) return;
+ throw Decoding_Error("Base64_Decoder: Invalid base64 character: " + c);
+ }
+
+/*************************************************
+* Convert some data from Base64 *
+*************************************************/
+void Base64_Decoder::write(const byte input[], u32bit length)
+ {
+ for(u32bit j = 0; j != length; ++j)
+ {
+ if(is_valid(input[j]))
+ in[position++] = input[j];
+ else
+ handle_bad_char(input[j]);
+
+ if(position == in.size())
+ {
+ decode_and_send(in, in.size());
+ position = 0;
+ }
+ }
+ }
+
+/*************************************************
+* Flush buffers *
+*************************************************/
+void Base64_Decoder::end_msg()
+ {
+ if(position != 0)
+ {
+ u32bit start_of_last_block = 4 * (position / 4),
+ left_over = position % 4;
+ decode_and_send(in, start_of_last_block);
+
+ if(left_over)
+ {
+ SecureBuffer<byte, 4> remainder(in + start_of_last_block, left_over);
+ decode(remainder, out);
+ send(out, ((left_over == 1) ? (1) : (left_over - 1)));
+ }
+ }
+ position = 0;
+ }
+
+}
diff --git a/src/basefilt.cpp b/src/basefilt.cpp
new file mode 100644
index 000000000..061206ae0
--- /dev/null
+++ b/src/basefilt.cpp
@@ -0,0 +1,72 @@
+/*************************************************
+* Basic Filters Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/basefilt.h>
+
+namespace Botan {
+
+/*************************************************
+* Chain Constructor *
+*************************************************/
+Chain::Chain(Filter* f1, Filter* f2, Filter* f3, Filter* f4)
+ {
+ if(f1) { attach(f1); incr_owns(); }
+ if(f2) { attach(f2); incr_owns(); }
+ if(f3) { attach(f3); incr_owns(); }
+ if(f4) { attach(f4); incr_owns(); }
+ }
+
+/*************************************************
+* Chain Constructor *
+*************************************************/
+Chain::Chain(Filter* filters[], u32bit count)
+ {
+ for(u32bit j = 0; j != count; ++j)
+ if(filters[j])
+ {
+ attach(filters[j]);
+ incr_owns();
+ }
+ }
+
+/*************************************************
+* Fork Constructor *
+*************************************************/
+Fork::Fork(Filter* f1, Filter* f2, Filter* f3, Filter* f4)
+ {
+ Filter* filters[4] = { f1, f2, f3, f4 };
+ set_next(filters, 4);
+ }
+
+/*************************************************
+* Fork Constructor *
+*************************************************/
+Fork::Fork(Filter* filters[], u32bit count)
+ {
+ set_next(filters, count);
+ }
+
+/*************************************************
+* Set the algorithm key *
+*************************************************/
+void Keyed_Filter::set_key(const SymmetricKey& key)
+ {
+ if(base_ptr)
+ base_ptr->set_key(key);
+ else
+ throw Invalid_State("Keyed_Filter::set_key: No base algorithm set");
+ }
+
+/*************************************************
+* Check if a keylength is valid *
+*************************************************/
+bool Keyed_Filter::valid_keylength(u32bit n) const
+ {
+ if(base_ptr)
+ return base_ptr->valid_keylength(n);
+ throw Invalid_State("Keyed_Filter::valid_keylength: No base algorithm set");
+ }
+
+}
diff --git a/src/ber_code.cpp b/src/ber_code.cpp
new file mode 100644
index 000000000..43ec17207
--- /dev/null
+++ b/src/ber_code.cpp
@@ -0,0 +1,237 @@
+/*************************************************
+* BER Decoding Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/ber_dec.h>
+#include <botan/asn1_int.h>
+#include <botan/parsing.h>
+#include <botan/bigint.h>
+
+#include <assert.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Check an object's type and size *
+*************************************************/
+void check_object(const BER_Object& obj,
+ ASN1_Tag type_tag, ASN1_Tag class_tag,
+ u32bit length = 0, bool check_length = false)
+ {
+ if(obj.type_tag != type_tag || obj.class_tag != class_tag)
+ throw BER_Decoding_Error("Tag mismatch when decoding");
+ if(check_length && obj.value.size() != length)
+ throw BER_Decoding_Error("Incorrect size for type");
+ }
+
+}
+
+/*************************************************
+* Decode a BER encoded NULL *
+*************************************************/
+BER_Decoder& BER_Decoder::decode_null()
+ {
+ check_object(get_next_object(), NULL_TAG, UNIVERSAL, 0, true);
+ return (*this);
+ }
+
+/*************************************************
+* Decode a BER encoded BOOLEAN *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(bool& out)
+ {
+ return decode(out, BOOLEAN, UNIVERSAL);
+ }
+
+/*************************************************
+* Decode a small BER encoded INTEGER *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(u32bit& out)
+ {
+ return decode(out, INTEGER, UNIVERSAL);
+ }
+
+/*************************************************
+* Decode a BER encoded INTEGER *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(BigInt& out)
+ {
+ return decode(out, INTEGER, UNIVERSAL);
+ }
+
+/*************************************************
+* Decode a BER encoded BOOLEAN *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(bool& out,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ BER_Object obj = get_next_object();
+ check_object(obj, type_tag, class_tag, 1, true);
+ out = (obj.value[0]) ? true : false;
+ return (*this);
+ }
+
+/*************************************************
+* Decode a small BER encoded INTEGER *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(u32bit& out,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ BigInt integer;
+ decode(integer, type_tag, class_tag);
+ out = integer.to_u32bit();
+ return (*this);
+ }
+
+/*************************************************
+* Decode a BER encoded INTEGER *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(BigInt& out,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ BER_Object obj = get_next_object();
+ check_object(obj, type_tag, class_tag);
+
+ if(obj.value.is_empty())
+ out = 0;
+ else
+ {
+ const bool negative = (obj.value[0] & 0x80) ? true : false;
+
+ if(negative)
+ {
+ for(u32bit j = obj.value.size(); j > 0; --j)
+ if(obj.value[j-1]--)
+ break;
+ for(u32bit j = 0; j != obj.value.size(); ++j)
+ obj.value[j] = ~obj.value[j];
+ }
+
+ out = BigInt(obj.value, obj.value.size());
+
+ if(negative)
+ out.flip_sign();
+ }
+
+ return (*this);
+ }
+
+/*************************************************
+* BER decode a BIT STRING or OCTET STRING *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(MemoryRegion<byte>& out, ASN1_Tag real_type)
+ {
+ return decode(out, real_type, real_type, UNIVERSAL);
+ }
+
+/*************************************************
+* BER decode a BIT STRING or OCTET STRING *
+*************************************************/
+BER_Decoder& BER_Decoder::decode(MemoryRegion<byte>& buffer,
+ ASN1_Tag real_type,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ if(real_type != OCTET_STRING && real_type != BIT_STRING)
+ throw BER_Bad_Tag("Bad tag for {BIT,OCTET} STRING", real_type);
+
+ BER_Object obj = get_next_object();
+ check_object(obj, type_tag, class_tag);
+
+ if(real_type == OCTET_STRING)
+ buffer = obj.value;
+ else
+ {
+ if(obj.value[0] >= 8)
+ throw BER_Decoding_Error("Bad number of unused bits in BIT STRING");
+ buffer.set(obj.value + 1, obj.value.size() - 1);
+ }
+ return (*this);
+ }
+
+namespace BER {
+
+/*************************************************
+* Decode and return a BER encoded SEQUENCE *
+*************************************************/
+BER_Decoder get_subsequence(BER_Decoder& decoder)
+ {
+ return get_subsequence(decoder, SEQUENCE, CONSTRUCTED);
+ }
+
+/*************************************************
+* Decode and return a BER encoded SET *
+*************************************************/
+BER_Decoder get_subset(BER_Decoder& decoder)
+ {
+ return get_subset(decoder, SET, CONSTRUCTED);
+ }
+
+/*************************************************
+* Decode and return a BER encoded SEQUENCE *
+*************************************************/
+BER_Decoder get_subsequence(BER_Decoder& decoder,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ BER_Object obj = decoder.get_next_object();
+ check_object(obj, type_tag, ASN1_Tag(class_tag | CONSTRUCTED));
+ return BER_Decoder(obj.value, obj.value.size());
+ }
+
+/*************************************************
+* Decode and return a BER encoded SET *
+*************************************************/
+BER_Decoder get_subset(BER_Decoder& decoder,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ BER_Object obj = decoder.get_next_object();
+ check_object(obj, type_tag, ASN1_Tag(class_tag | CONSTRUCTED));
+ return BER_Decoder(obj.value, obj.value.size());
+ }
+
+/*************************************************
+* Convert a BER object into a string object *
+*************************************************/
+std::string to_string(const BER_Object& obj)
+ {
+ std::string str((const char*)obj.value.begin(), obj.value.size());
+ return str;
+ }
+
+/*************************************************
+* Decode an OPTIONAL string type *
+*************************************************/
+bool decode_optional_string(BER_Decoder& in, MemoryRegion<byte>& out,
+ ASN1_Tag real_type,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ BER_Object obj = in.get_next_object();
+
+ if(obj.type_tag == type_tag && obj.class_tag == class_tag)
+ {
+ if(class_tag & CONSTRUCTED)
+ {
+ BER_Decoder stored_value(obj.value);
+ stored_value.decode(out, real_type);
+ stored_value.verify_end();
+ }
+ else
+ {
+ in.push_back(obj);
+ in.decode(out, real_type, type_tag, class_tag);
+ }
+ return true;
+ }
+ else
+ {
+ out.clear();
+ in.push_back(obj);
+ return false;
+ }
+ }
+
+}
+
+}
diff --git a/src/ber_dec.cpp b/src/ber_dec.cpp
new file mode 100644
index 000000000..f9550fc83
--- /dev/null
+++ b/src/ber_dec.cpp
@@ -0,0 +1,270 @@
+/*************************************************
+* BER Decoder Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/ber_dec.h>
+#include <botan/asn1_int.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* BER decode an ASN.1 type tag *
+*************************************************/
+u32bit decode_tag(DataSource* ber, ASN1_Tag& type_tag, ASN1_Tag& class_tag)
+ {
+ byte b;
+ if(!ber->read_byte(b))
+ {
+ class_tag = type_tag = NO_OBJECT;
+ return 0;
+ }
+
+ if((b & 0x1F) != 0x1F)
+ {
+ type_tag = ASN1_Tag(b & 0x1F);
+ class_tag = ASN1_Tag(b & 0xE0);
+ return 1;
+ }
+
+ u32bit tag_bytes = 1;
+ class_tag = ASN1_Tag(b & 0xE0);
+
+ u32bit tag_buf = 0;
+ while(true)
+ {
+ if(!ber->read_byte(b))
+ throw BER_Decoding_Error("Long-form tag truncated");
+ if(tag_buf & 0xFF000000)
+ throw BER_Decoding_Error("Long-form tag overflowed 32 bits");
+ ++tag_bytes;
+ tag_buf = (tag_buf << 7) | (b & 0x7F);
+ if((b & 0x80) == 0) break;
+ }
+ type_tag = ASN1_Tag(tag_buf);
+ return tag_bytes;
+ }
+
+/*************************************************
+* Find the EOC marker *
+*************************************************/
+u32bit find_eoc(DataSource*);
+
+/*************************************************
+* BER decode an ASN.1 length field *
+*************************************************/
+u32bit decode_length(DataSource* ber, u32bit& field_size)
+ {
+ byte b;
+ if(!ber->read_byte(b))
+ throw BER_Decoding_Error("Length field not found");
+ field_size = 1;
+ if((b & 0x80) == 0)
+ return b;
+
+ field_size += (b & 0x7F);
+ if(field_size == 1) return find_eoc(ber);
+ if(field_size > 5)
+ throw BER_Decoding_Error("Length field is too large");
+
+ u32bit length = 0;
+
+ for(u32bit j = 0; j != field_size - 1; ++j)
+ {
+ if(get_byte(0, length) != 0)
+ throw BER_Decoding_Error("Field length overflow");
+ if(!ber->read_byte(b))
+ throw BER_Decoding_Error("Corrupted length field");
+ length = (length << 8) | b;
+ }
+ return length;
+ }
+
+/*************************************************
+* BER decode an ASN.1 length field *
+*************************************************/
+u32bit decode_length(DataSource* ber)
+ {
+ u32bit dummy;
+ return decode_length(ber, dummy);
+ }
+
+/*************************************************
+* Find the EOC marker *
+*************************************************/
+u32bit find_eoc(DataSource* ber)
+ {
+ SecureVector<byte> buffer(DEFAULT_BUFFERSIZE), data;
+
+ while(true)
+ {
+ const u32bit got = ber->peek(buffer, buffer.size(), data.size());
+ if(got == 0)
+ break;
+ data.append(buffer, got);
+ }
+
+ DataSource_Memory source(data);
+ data.destroy();
+
+ u32bit length = 0;
+ while(true)
+ {
+ ASN1_Tag type_tag, class_tag;
+ u32bit tag_size = decode_tag(&source, type_tag, class_tag);
+ if(type_tag == NO_OBJECT)
+ break;
+
+ u32bit length_size = 0;
+ u32bit item_size = decode_length(&source, length_size);
+ source.discard_next(item_size);
+
+ length += item_size + length_size + tag_size;
+
+ if(type_tag == EOC)
+ break;
+ }
+ return length;
+ }
+
+}
+
+/*************************************************
+* Check if more objects are there *
+*************************************************/
+bool BER_Decoder::more_items() const
+ {
+ if(source->end_of_data() && (pushed.type_tag == NO_OBJECT))
+ return false;
+ return true;
+ }
+
+/*************************************************
+* Verify that no bytes remain in the source *
+*************************************************/
+void BER_Decoder::verify_end() const
+ {
+ if(!source->end_of_data() || (pushed.type_tag != NO_OBJECT))
+ throw Invalid_State("BER_Decoder::verify_end called, but data remains");
+ }
+
+/*************************************************
+* Return all the bytes remaining in the source *
+*************************************************/
+SecureVector<byte> BER_Decoder::get_remaining()
+ {
+ SecureVector<byte> out;
+ byte buf;
+ while(source->read_byte(buf))
+ out.append(buf);
+ return out;
+ }
+
+/*************************************************
+* Discard all the bytes remaining in the source *
+*************************************************/
+void BER_Decoder::discard_remaining()
+ {
+ byte buf;
+ while(source->read_byte(buf))
+ ;
+ }
+
+/*************************************************
+* Return the BER encoding of the next object *
+*************************************************/
+BER_Object BER_Decoder::get_next_object()
+ {
+ BER_Object next;
+
+ if(pushed.type_tag != NO_OBJECT)
+ {
+ next = pushed;
+ pushed.class_tag = pushed.type_tag = NO_OBJECT;
+ return next;
+ }
+
+ decode_tag(source, next.type_tag, next.class_tag);
+ if(next.type_tag == NO_OBJECT)
+ return next;
+
+ u32bit length = decode_length(source);
+ next.value.create(length);
+ if(source->read(next.value, length) != length)
+ throw BER_Decoding_Error("Value truncated");
+
+ if(next.type_tag == EOC && next.class_tag == UNIVERSAL)
+ return get_next_object();
+
+ return next;
+ }
+
+/*************************************************
+* Push a object back into the stream *
+*************************************************/
+void BER_Decoder::push_back(const BER_Object& obj)
+ {
+ if(pushed.type_tag != NO_OBJECT)
+ throw Invalid_State("BER_Decoder: Only one push back is allowed");
+ pushed = obj;
+ }
+
+/*************************************************
+* BER_Decoder Constructor *
+*************************************************/
+BER_Decoder::BER_Decoder(DataSource& src)
+ {
+ source = &src;
+ owns = false;
+ pushed.type_tag = pushed.class_tag = NO_OBJECT;
+ }
+
+/*************************************************
+* BER_Decoder Constructor *
+ *************************************************/
+BER_Decoder::BER_Decoder(const byte data[], u32bit length)
+ {
+ source = new DataSource_Memory(data, length);
+ owns = true;
+ pushed.type_tag = pushed.class_tag = NO_OBJECT;
+ }
+
+/*************************************************
+* BER_Decoder Constructor *
+*************************************************/
+BER_Decoder::BER_Decoder(const MemoryRegion<byte>& data)
+ {
+ source = new DataSource_Memory(data);
+ owns = true;
+ pushed.type_tag = pushed.class_tag = NO_OBJECT;
+ }
+
+/*************************************************
+* BER_Decoder Copy Constructor *
+*************************************************/
+BER_Decoder::BER_Decoder(const BER_Decoder& other)
+ {
+ source = other.source;
+ owns = false;
+ if(other.owns)
+ {
+ other.owns = false;
+ owns = true;
+ }
+ pushed.type_tag = pushed.class_tag = NO_OBJECT;
+ }
+
+/*************************************************
+* BER_Decoder Destructor *
+*************************************************/
+BER_Decoder::~BER_Decoder()
+ {
+ if(owns)
+ delete source;
+ source = 0;
+ }
+
+}
diff --git a/src/big_base.cpp b/src/big_base.cpp
new file mode 100644
index 000000000..943ae0c1e
--- /dev/null
+++ b/src/big_base.cpp
@@ -0,0 +1,380 @@
+/*************************************************
+* BigInt Base Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/bigint.h>
+#include <botan/mp_core.h>
+#include <botan/bit_ops.h>
+#include <botan/parsing.h>
+#include <botan/util.h>
+
+#include <assert.h>
+
+namespace Botan {
+
+/*************************************************
+* Construct a BigInt from a regular number *
+*************************************************/
+BigInt::BigInt(u64bit n)
+ {
+ set_sign(Positive);
+
+ if(n == 0)
+ return;
+
+ const u32bit limbs_needed = sizeof(u64bit) / sizeof(word);
+
+ reg.create(4*limbs_needed);
+ for(u32bit j = 0; j != limbs_needed; ++j)
+ reg[j] = (word)((n >> (j*MP_WORD_BITS)) & MP_WORD_MASK);
+ }
+
+/*************************************************
+* Construct a BigInt of the specified size *
+*************************************************/
+BigInt::BigInt(Sign s, u32bit size)
+ {
+ reg.create(round_up(size, 8));
+ signedness = s;
+ }
+
+/*************************************************
+* Construct a BigInt from a "raw" BigInt *
+*************************************************/
+BigInt::BigInt(const BigInt& b)
+ {
+ const u32bit b_words = b.sig_words();
+
+ if(b_words)
+ {
+ reg.create(round_up(b_words, 8));
+ reg.copy(b.data(), b_words);
+ set_sign(b.sign());
+ }
+ else
+ {
+ reg.create(2);
+ set_sign(Positive);
+ }
+ }
+
+/*************************************************
+* Construct a BigInt from a string *
+*************************************************/
+BigInt::BigInt(const std::string& str)
+ {
+ Base base = Decimal;
+ u32bit markers = 0;
+ bool negative = false;
+ if(str.length() > 0 && str[0] == '-') { markers += 1; negative = true; }
+
+ if(str.length() > markers + 2 && str[markers ] == '0' &&
+ str[markers + 1] == 'x')
+ { markers += 2; base = Hexadecimal; }
+ else if(str.length() > markers + 1 && str[markers] == '0')
+ { markers += 1; base = Octal; }
+
+ *this = decode((const byte*)str.data() + markers,
+ str.length() - markers, base);
+
+ if(negative) set_sign(Negative);
+ else set_sign(Positive);
+ }
+
+/*************************************************
+* Construct a BigInt from an encoded BigInt *
+*************************************************/
+BigInt::BigInt(const byte input[], u32bit length, Base base)
+ {
+ set_sign(Positive);
+ *this = decode(input, length, base);
+ }
+
+/*************************************************
+* Swap this BigInt with another *
+*************************************************/
+void BigInt::swap(BigInt& other)
+ {
+ std::swap(reg, other.reg);
+ std::swap(signedness, other.signedness);
+ }
+
+/*************************************************
+* Grow the internal storage *
+*************************************************/
+void BigInt::grow_reg(u32bit n) const
+ {
+ reg.grow_to(round_up(size() + n, 8));
+ }
+
+/*************************************************
+* Grow the internal storage *
+*************************************************/
+void BigInt::grow_to(u32bit n) const
+ {
+ if(n > size())
+ reg.grow_to(round_up(n, 8));
+ }
+
+/*************************************************
+* Comparison Function *
+*************************************************/
+s32bit BigInt::cmp(const BigInt& n, bool check_signs) const
+ {
+ if(check_signs)
+ {
+ if(n.is_positive() && this->is_negative()) return -1;
+ if(n.is_negative() && this->is_positive()) return 1;
+ if(n.is_negative() && this->is_negative())
+ return (-bigint_cmp(data(), sig_words(), n.data(), n.sig_words()));
+ }
+ return bigint_cmp(data(), sig_words(), n.data(), n.sig_words());
+ }
+
+/*************************************************
+* Convert this number to a u32bit, if possible *
+*************************************************/
+u32bit BigInt::to_u32bit() const
+ {
+ if(is_negative())
+ throw Encoding_Error("BigInt::to_u32bit: Number is negative");
+ if(bits() >= 32)
+ throw Encoding_Error("BigInt::to_u32bit: Number is too big to convert");
+
+ u32bit out = 0;
+ for(u32bit j = 0; j != 4; ++j)
+ out = (out << 8) | byte_at(3-j);
+ return out;
+ }
+
+/*************************************************
+* Return byte n of this number *
+*************************************************/
+byte BigInt::byte_at(u32bit n) const
+ {
+ const u32bit WORD_BYTES = sizeof(word);
+ u32bit word_num = n / WORD_BYTES, byte_num = n % WORD_BYTES;
+ if(word_num >= size())
+ return 0;
+ else
+ return get_byte(WORD_BYTES - byte_num - 1, reg[word_num]);
+ }
+
+/*************************************************
+* Return bit n of this number *
+*************************************************/
+bool BigInt::get_bit(u32bit n) const
+ {
+ return ((word_at(n / MP_WORD_BITS) >> (n % MP_WORD_BITS)) & 1);
+ }
+
+/*************************************************
+* Return bits {offset...offset+length} *
+*************************************************/
+u32bit BigInt::get_substring(u32bit offset, u32bit length) const
+ {
+ if(length > 32)
+ throw Invalid_Argument("BigInt::get_substring: Substring size too big");
+
+ u64bit piece = 0;
+ for(u32bit j = 0; j != 8; ++j)
+ piece = (piece << 8) | byte_at((offset / 8) + (7-j));
+
+ u64bit mask = (1 << length) - 1;
+ u32bit shift = (offset % 8);
+
+ return ((piece >> shift) & mask);
+ }
+
+/*************************************************
+* Set bit number n *
+*************************************************/
+void BigInt::set_bit(u32bit n)
+ {
+ const u32bit which = n / MP_WORD_BITS;
+ const word mask = (word)1 << (n % MP_WORD_BITS);
+ if(which >= size()) grow_to(which + 1);
+ reg[which] |= mask;
+ }
+
+/*************************************************
+* Clear bit number n *
+*************************************************/
+void BigInt::clear_bit(u32bit n)
+ {
+ const u32bit which = n / MP_WORD_BITS;
+ const word mask = (word)1 << (n % MP_WORD_BITS);
+ if(which < size())
+ reg[which] &= ~mask;
+ }
+
+/*************************************************
+* Clear all but the lowest n bits *
+*************************************************/
+void BigInt::mask_bits(u32bit n)
+ {
+ if(n == 0) { clear(); return; }
+ if(n >= bits()) return;
+
+ const u32bit top_word = n / MP_WORD_BITS;
+ const word mask = ((word)1 << (n % MP_WORD_BITS)) - 1;
+
+ if(top_word < size())
+ for(u32bit j = top_word + 1; j != size(); ++j)
+ reg[j] = 0;
+
+ reg[top_word] &= mask;
+ }
+
+/*************************************************
+* Count the significant words *
+*************************************************/
+u32bit BigInt::sig_words() const
+ {
+ const word* x = data();
+ u32bit top_set = size();
+
+ while(top_set >= 4)
+ {
+ word sum = x[top_set-1] | x[top_set-2] | x[top_set-3] | x[top_set-4];
+ if(sum) break;
+ else top_set -= 4;
+ }
+ while(top_set && (x[top_set-1] == 0))
+ top_set--;
+ return top_set;
+ }
+
+/*************************************************
+* Count how many bytes are being used *
+*************************************************/
+u32bit BigInt::bytes() const
+ {
+ return (bits() + 7) / 8;
+ }
+
+/*************************************************
+* Count how many bits are being used *
+*************************************************/
+u32bit BigInt::bits() const
+ {
+ if(sig_words() == 0)
+ return 0;
+
+ u32bit full_words = sig_words() - 1, top_bits = MP_WORD_BITS;
+ word top_word = word_at(full_words), mask = MP_WORD_TOP_BIT;
+
+ while(top_bits && ((top_word & mask) == 0))
+ { mask >>= 1; top_bits--; }
+
+ return (full_words * MP_WORD_BITS + top_bits);
+ }
+
+/*************************************************
+* Calcluate the size in a certain base *
+*************************************************/
+u32bit BigInt::encoded_size(Base base) const
+ {
+ static const double LOG_2_BASE_10 = 0.30102999566;
+
+ if(base == Binary)
+ return bytes();
+ else if(base == Hexadecimal)
+ return 2*bytes();
+ else if(base == Octal)
+ return ((bits() + 2) / 3);
+ else if(base == Decimal)
+ return (u32bit)((bits() * LOG_2_BASE_10) + 1);
+ else
+ throw Invalid_Argument("Unknown base for BigInt encoding");
+ }
+
+/*************************************************
+* Return true if this number is zero *
+*************************************************/
+bool BigInt::is_zero() const
+ {
+ for(u32bit j = 0; j != size(); ++j)
+ if(reg[j]) return false;
+ return true;
+ }
+
+/*************************************************
+* Set the sign *
+*************************************************/
+void BigInt::set_sign(Sign s)
+ {
+ if(is_zero())
+ signedness = Positive;
+ else
+ signedness = s;
+ }
+
+/*************************************************
+* Reverse the value of the sign flag *
+*************************************************/
+void BigInt::flip_sign()
+ {
+ set_sign(reverse_sign());
+ }
+
+/*************************************************
+* Return the opposite value of the current sign *
+*************************************************/
+BigInt::Sign BigInt::reverse_sign() const
+ {
+ if(sign() == Positive)
+ return Negative;
+ return Positive;
+ }
+
+/*************************************************
+* Return the negation of this number *
+*************************************************/
+BigInt BigInt::operator-() const
+ {
+ BigInt x = (*this);
+ x.flip_sign();
+ return x;
+ }
+
+/*************************************************
+* Return the absolute value of this number *
+*************************************************/
+BigInt BigInt::abs() const
+ {
+ BigInt x = (*this);
+ x.set_sign(Positive);
+ return x;
+ }
+
+/*************************************************
+* Encode this number into bytes *
+*************************************************/
+void BigInt::binary_encode(byte output[]) const
+ {
+ const u32bit sig_bytes = bytes();
+ for(u32bit j = 0; j != sig_bytes; ++j)
+ output[sig_bytes-j-1] = byte_at(j);
+ }
+
+/*************************************************
+* Set this number to the value in buf *
+*************************************************/
+void BigInt::binary_decode(const byte buf[], u32bit length)
+ {
+ const u32bit WORD_BYTES = sizeof(word);
+ reg.create(round_up((length / WORD_BYTES) + 1, 8));
+
+ for(u32bit j = 0; j != length / WORD_BYTES; ++j)
+ {
+ u32bit top = length - WORD_BYTES*j;
+ for(u32bit k = WORD_BYTES; k > 0; --k)
+ reg[j] = (reg[j] << 8) | buf[top - k];
+ }
+ for(u32bit j = 0; j != length % WORD_BYTES; ++j)
+ reg[length / WORD_BYTES] = (reg[length / WORD_BYTES] << 8) | buf[j];
+ }
+
+}
diff --git a/src/big_code.cpp b/src/big_code.cpp
new file mode 100644
index 000000000..235665f7f
--- /dev/null
+++ b/src/big_code.cpp
@@ -0,0 +1,144 @@
+/*************************************************
+* BigInt Encoding/Decoding Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/bigint.h>
+#include <botan/numthry.h>
+#include <botan/charset.h>
+#include <botan/hex.h>
+
+namespace Botan {
+
+/*************************************************
+* Encode a BigInt *
+*************************************************/
+void BigInt::encode(byte output[], const BigInt& n, Base base)
+ {
+ if(base == Binary)
+ n.binary_encode(output);
+ else if(base == Hexadecimal)
+ {
+ SecureVector<byte> binary(n.encoded_size(Binary));
+ n.binary_encode(binary);
+ for(u32bit j = 0; j != binary.size(); ++j)
+ Hex_Encoder::encode(binary[j], output + 2*j);
+ }
+ else if(base == Octal)
+ {
+ BigInt copy = n;
+ const u32bit output_size = n.encoded_size(Octal);
+ for(u32bit j = 0; j != output_size; ++j)
+ {
+ output[output_size - 1 - j] = digit2char(copy % 8);
+ copy /= 8;
+ }
+ }
+ else if(base == Decimal)
+ {
+ BigInt copy = n;
+ BigInt remainder;
+ copy.set_sign(Positive);
+ const u32bit output_size = n.encoded_size(Decimal);
+ for(u32bit j = 0; j != output_size; ++j)
+ {
+ divide(copy, 10, copy, remainder);
+ output[output_size - 1 - j] = digit2char(remainder.word_at(0));
+ if(copy.is_zero())
+ break;
+ }
+ }
+ else
+ throw Invalid_Argument("Unknown BigInt encoding method");
+ }
+
+/*************************************************
+* Encode a BigInt *
+*************************************************/
+SecureVector<byte> BigInt::encode(const BigInt& n, Base base)
+ {
+ SecureVector<byte> output(n.encoded_size(base));
+ encode(output, n, base);
+ if(base != Binary)
+ for(u32bit j = 0; j != output.size(); ++j)
+ if(output[j] == 0)
+ output[j] = '0';
+ return output;
+ }
+
+/*************************************************
+* Encode a BigInt, with leading 0s if needed *
+*************************************************/
+SecureVector<byte> BigInt::encode_1363(const BigInt& n, u32bit bytes)
+ {
+ const u32bit n_bytes = n.bytes();
+ if(n_bytes > bytes)
+ throw Encoding_Error("encode_1363: n is too large to encode properly");
+
+ const u32bit leading_0s = bytes - n_bytes;
+
+ SecureVector<byte> output(bytes);
+ encode(output + leading_0s, n, Binary);
+ return output;
+ }
+
+/*************************************************
+* Decode a BigInt *
+*************************************************/
+BigInt BigInt::decode(const MemoryRegion<byte>& buf, Base base)
+ {
+ return BigInt::decode(buf, buf.size(), base);
+ }
+
+/*************************************************
+* Decode a BigInt *
+*************************************************/
+BigInt BigInt::decode(const byte buf[], u32bit length, Base base)
+ {
+ BigInt r;
+ if(base == Binary)
+ r.binary_decode(buf, length);
+ else if(base == Hexadecimal)
+ {
+ SecureVector<byte> hex;
+ for(u32bit j = 0; j != length; ++j)
+ if(Hex_Decoder::is_valid(buf[j]))
+ hex.append(buf[j]);
+
+ u32bit offset = (hex.size() % 2);
+ SecureVector<byte> binary(hex.size() / 2 + offset);
+
+ if(offset)
+ {
+ byte temp[2] = { '0', hex[0] };
+ binary[0] = Hex_Decoder::decode(temp);
+ }
+
+ for(u32bit j = offset; j != binary.size(); ++j)
+ binary[j] = Hex_Decoder::decode(hex+2*j-offset);
+ r.binary_decode(binary, binary.size());
+ }
+ else if(base == Decimal || base == Octal)
+ {
+ const u32bit RADIX = ((base == Decimal) ? 10 : 8);
+ for(u32bit j = 0; j != length; ++j)
+ {
+ byte x = char2digit(buf[j]);
+ if(x >= RADIX)
+ {
+ if(RADIX == 10)
+ throw Invalid_Argument("BigInt: Invalid decimal string");
+ else
+ throw Invalid_Argument("BigInt: Invalid octal string");
+ }
+
+ r *= RADIX;
+ r += x;
+ }
+ }
+ else
+ throw Invalid_Argument("Unknown BigInt decoding method");
+ return r;
+ }
+
+}
diff --git a/src/big_io.cpp b/src/big_io.cpp
new file mode 100644
index 000000000..270886d73
--- /dev/null
+++ b/src/big_io.cpp
@@ -0,0 +1,52 @@
+/*************************************************
+* BigInt Input/Output Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/bigint.h>
+#include <iostream>
+
+namespace Botan {
+
+/*************************************************
+* Write the BigInt into a stream *
+*************************************************/
+std::ostream& operator<<(std::ostream& stream, const BigInt& n)
+ {
+ BigInt::Base base = BigInt::Decimal;
+ if(stream.flags() & std::ios::hex)
+ base = BigInt::Hexadecimal;
+ else if(stream.flags() & std::ios::oct)
+ base = BigInt::Octal;
+
+ if(n == 0)
+ stream.write("0", 1);
+ else
+ {
+ if(n < 0)
+ stream.write("-", 1);
+ SecureVector<byte> buffer = BigInt::encode(n, base);
+ u32bit skip = 0;
+ while(buffer[skip] == '0' && skip < buffer.size())
+ ++skip;
+ stream.write((const char*)buffer.begin() + skip, buffer.size() - skip);
+ }
+ if(!stream.good())
+ throw Stream_IO_Error("BigInt output operator has failed");
+ return stream;
+ }
+
+/*************************************************
+* Read the BigInt from a stream *
+*************************************************/
+std::istream& operator>>(std::istream& stream, BigInt& n)
+ {
+ std::string str;
+ std::getline(stream, str);
+ if(stream.bad() || (stream.fail() && !stream.eof()))
+ throw Stream_IO_Error("BigInt input operator has failed");
+ n = BigInt(str);
+ return stream;
+ }
+
+}
diff --git a/src/big_ops2.cpp b/src/big_ops2.cpp
new file mode 100644
index 000000000..eeb0c7771
--- /dev/null
+++ b/src/big_ops2.cpp
@@ -0,0 +1,224 @@
+/*************************************************
+* BigInt Assignment Operators Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/bigint.h>
+#include <botan/numthry.h>
+#include <botan/mp_core.h>
+#include <botan/bit_ops.h>
+#include <botan/util.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* Addition Operator *
+*************************************************/
+BigInt& BigInt::operator+=(const BigInt& y)
+ {
+ const u32bit x_sw = sig_words(), y_sw = y.sig_words();
+
+ const u32bit reg_size = std::max(x_sw, y_sw) + 1;
+ grow_to(reg_size);
+
+ if((sign() == y.sign()))
+ bigint_add2(get_reg(), reg_size - 1, y.data(), y_sw);
+ else
+ {
+ s32bit relative_size = bigint_cmp(data(), x_sw, y.data(), y_sw);
+
+ if(relative_size < 0)
+ {
+ SecureVector<word> z(reg_size - 1);
+ bigint_sub3(z, y.data(), reg_size - 1, data(), x_sw);
+ copy_mem(reg.begin(), z.begin(), z.size());
+ set_sign(y.sign());
+ }
+ else if(relative_size == 0)
+ {
+ reg.clear();
+ set_sign(Positive);
+ }
+ else if(relative_size > 0)
+ bigint_sub2(get_reg(), x_sw, y.data(), y_sw);
+ }
+
+ return (*this);
+ }
+
+/*************************************************
+* Subtraction Operator *
+*************************************************/
+BigInt& BigInt::operator-=(const BigInt& y)
+ {
+ const u32bit x_sw = sig_words(), y_sw = y.sig_words();
+
+ s32bit relative_size = bigint_cmp(data(), x_sw, y.data(), y_sw);
+
+ const u32bit reg_size = std::max(x_sw, y_sw) + 1;
+ grow_to(reg_size);
+
+ if(relative_size < 0)
+ {
+ if(sign() == y.sign())
+ {
+ SecureVector<word> z(reg_size - 1);
+ bigint_sub3(z, y.data(), reg_size - 1, data(), x_sw);
+ copy_mem(reg.begin(), z.begin(), z.size());
+ }
+ else
+ bigint_add2(get_reg(), reg_size - 1, y.data(), y_sw);
+
+ set_sign(y.reverse_sign());
+ }
+ else if(relative_size == 0)
+ {
+ if(sign() == y.sign())
+ {
+ reg.clear();
+ set_sign(Positive);
+ }
+ else
+ bigint_shl1(get_reg(), x_sw, 0, 1);
+ }
+ else if(relative_size > 0)
+ {
+ if(sign() == y.sign())
+ bigint_sub2(get_reg(), x_sw, y.data(), y_sw);
+ else
+ bigint_add2(get_reg(), reg_size - 1, y.data(), y_sw);
+ }
+
+ return (*this);
+ }
+
+/*************************************************
+* Multiplication Operator *
+*************************************************/
+BigInt& BigInt::operator*=(const BigInt& y)
+ {
+ const u32bit x_sw = sig_words(), y_sw = y.sig_words();
+ set_sign((sign() == y.sign()) ? Positive : Negative);
+
+ if(x_sw == 0 || y_sw == 0)
+ {
+ reg.clear();
+ set_sign(Positive);
+ }
+ else if(x_sw == 1 && y_sw)
+ {
+ grow_to(y_sw + 2);
+ bigint_linmul3(get_reg(), y.data(), y_sw, word_at(0));
+ }
+ else if(y_sw == 1 && x_sw)
+ {
+ grow_to(x_sw + 2);
+ bigint_linmul2(get_reg(), x_sw, y.word_at(0));
+ }
+ else
+ {
+ grow_to(size() + y.size());
+
+ SecureVector<word> z(data(), x_sw);
+ SecureVector<word> workspace(size());
+
+ bigint_mul(get_reg(), size(), workspace,
+ z, z.size(), x_sw,
+ y.data(), y.size(), y_sw);
+ }
+
+ return (*this);
+ }
+
+/*************************************************
+* Division Operator *
+*************************************************/
+BigInt& BigInt::operator/=(const BigInt& y)
+ {
+ if(y.sig_words() == 1 && power_of_2(y.word_at(0)))
+ (*this) >>= (y.bits() - 1);
+ else
+ (*this) = (*this) / y;
+ return (*this);
+ }
+
+/*************************************************
+* Modulo Operator *
+*************************************************/
+BigInt& BigInt::operator%=(const BigInt& mod)
+ {
+ return (*this = (*this) % mod);
+ }
+
+/*************************************************
+* Modulo Operator *
+*************************************************/
+word BigInt::operator%=(word mod)
+ {
+ if(mod == 0)
+ throw BigInt::DivideByZero();
+ if(power_of_2(mod))
+ {
+ word result = (word_at(0) & (mod - 1));
+ clear();
+ grow_to(2);
+ reg[0] = result;
+ return result;
+ }
+
+ word remainder = 0;
+
+ for(u32bit j = sig_words(); j > 0; --j)
+ remainder = bigint_modop(remainder, word_at(j-1), mod);
+ clear();
+ grow_to(2);
+
+ if(remainder && sign() == BigInt::Negative)
+ reg[0] = mod - remainder;
+ else
+ reg[0] = remainder;
+
+ set_sign(BigInt::Positive);
+
+ return word_at(0);
+ }
+
+/*************************************************
+* Left Shift Operator *
+*************************************************/
+BigInt& BigInt::operator<<=(u32bit shift)
+ {
+ if(shift)
+ {
+ const u32bit shift_words = shift / MP_WORD_BITS,
+ shift_bits = shift % MP_WORD_BITS,
+ words = sig_words();
+
+ grow_to(words + shift_words + (shift_bits ? 1 : 0));
+ bigint_shl1(get_reg(), words, shift_words, shift_bits);
+ }
+
+ return (*this);
+ }
+
+/*************************************************
+* Right Shift Operator *
+*************************************************/
+BigInt& BigInt::operator>>=(u32bit shift)
+ {
+ if(shift)
+ {
+ const u32bit shift_words = shift / MP_WORD_BITS,
+ shift_bits = shift % MP_WORD_BITS;
+
+ bigint_shr1(get_reg(), sig_words(), shift_words, shift_bits);
+
+ if(is_zero())
+ set_sign(Positive);
+ }
+
+ return (*this);
+ }
+
+}
diff --git a/src/big_ops3.cpp b/src/big_ops3.cpp
new file mode 100644
index 000000000..27fa06671
--- /dev/null
+++ b/src/big_ops3.cpp
@@ -0,0 +1,188 @@
+/*************************************************
+* BigInt Binary Operators Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/bigint.h>
+#include <botan/numthry.h>
+#include <botan/mp_core.h>
+#include <botan/bit_ops.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* Addition Operator *
+*************************************************/
+BigInt operator+(const BigInt& x, const BigInt& y)
+ {
+ const u32bit x_sw = x.sig_words(), y_sw = y.sig_words();
+
+ BigInt z(x.sign(), std::max(x_sw, y_sw) + 1);
+
+ if((x.sign() == y.sign()))
+ bigint_add3(z.get_reg(), x.data(), x_sw, y.data(), y_sw);
+ else
+ {
+ s32bit relative_size = bigint_cmp(x.data(), x_sw, y.data(), y_sw);
+
+ if(relative_size < 0)
+ {
+ bigint_sub3(z.get_reg(), y.data(), y_sw, x.data(), x_sw);
+ z.set_sign(y.sign());
+ }
+ else if(relative_size == 0)
+ z.set_sign(BigInt::Positive);
+ else if(relative_size > 0)
+ bigint_sub3(z.get_reg(), x.data(), x_sw, y.data(), y_sw);
+ }
+
+ return z;
+ }
+
+/*************************************************
+* Subtraction Operator *
+*************************************************/
+BigInt operator-(const BigInt& x, const BigInt& y)
+ {
+ const u32bit x_sw = x.sig_words(), y_sw = y.sig_words();
+
+ s32bit relative_size = bigint_cmp(x.data(), x_sw, y.data(), y_sw);
+
+ BigInt z(BigInt::Positive, std::max(x_sw, y_sw) + 1);
+
+ if(relative_size < 0)
+ {
+ if(x.sign() == y.sign())
+ bigint_sub3(z.get_reg(), y.data(), y_sw, x.data(), x_sw);
+ else
+ bigint_add3(z.get_reg(), x.data(), x_sw, y.data(), y_sw);
+ z.set_sign(y.reverse_sign());
+ }
+ else if(relative_size == 0)
+ {
+ if(x.sign() != y.sign())
+ bigint_shl2(z.get_reg(), x.data(), x_sw, 0, 1);
+ }
+ else if(relative_size > 0)
+ {
+ if(x.sign() == y.sign())
+ bigint_sub3(z.get_reg(), x.data(), x_sw, y.data(), y_sw);
+ else
+ bigint_add3(z.get_reg(), x.data(), x_sw, y.data(), y_sw);
+ z.set_sign(x.sign());
+ }
+ return z;
+ }
+
+/*************************************************
+* Multiplication Operator *
+*************************************************/
+BigInt operator*(const BigInt& x, const BigInt& y)
+ {
+ const u32bit x_sw = x.sig_words(), y_sw = y.sig_words();
+
+ BigInt z(BigInt::Positive, x.size() + y.size());
+
+ if(x_sw == 1 && y_sw)
+ bigint_linmul3(z.get_reg(), y.data(), y_sw, x.word_at(0));
+ else if(y_sw == 1 && x_sw)
+ bigint_linmul3(z.get_reg(), x.data(), x_sw, y.word_at(0));
+ else if(x_sw && y_sw)
+ {
+ SecureVector<word> workspace(z.size());
+ bigint_mul(z.get_reg(), z.size(), workspace,
+ x.data(), x.size(), x_sw,
+ y.data(), y.size(), y_sw);
+ }
+
+ if(x_sw && y_sw && x.sign() != y.sign())
+ z.flip_sign();
+ return z;
+ }
+
+/*************************************************
+* Division Operator *
+*************************************************/
+BigInt operator/(const BigInt& x, const BigInt& y)
+ {
+ BigInt q, r;
+ divide(x, y, q, r);
+ return q;
+ }
+
+/*************************************************
+* Modulo Operator *
+*************************************************/
+BigInt operator%(const BigInt& n, const BigInt& mod)
+ {
+ if(mod.is_zero())
+ throw BigInt::DivideByZero();
+ if(mod.is_negative())
+ throw Invalid_Argument("BigInt::operator%: modulus must be > 0");
+ if(n.is_positive() && mod.is_positive() && n < mod)
+ return n;
+
+ BigInt q, r;
+ divide(n, mod, q, r);
+ return r;
+ }
+
+/*************************************************
+* Modulo Operator *
+*************************************************/
+word operator%(const BigInt& n, word mod)
+ {
+ if(mod == 0)
+ throw BigInt::DivideByZero();
+ if(power_of_2(mod))
+ return (n.word_at(0) & (mod - 1));
+
+ word remainder = 0;
+
+ for(u32bit j = n.sig_words(); j > 0; --j)
+ remainder = bigint_modop(remainder, n.word_at(j-1), mod);
+
+ if(remainder && n.sign() == BigInt::Negative)
+ return mod - remainder;
+ return remainder;
+ }
+
+/*************************************************
+* Left Shift Operator *
+*************************************************/
+BigInt operator<<(const BigInt& x, u32bit shift)
+ {
+ if(shift == 0)
+ return x;
+
+ const u32bit shift_words = shift / MP_WORD_BITS,
+ shift_bits = shift % MP_WORD_BITS;
+
+ const u32bit x_sw = x.sig_words();
+
+ BigInt y(x.sign(), x_sw + shift_words + (shift_bits ? 1 : 0));
+ bigint_shl2(y.get_reg(), x.data(), x_sw, shift_words, shift_bits);
+ return y;
+ }
+
+/*************************************************
+* Right Shift Operator *
+*************************************************/
+BigInt operator>>(const BigInt& x, u32bit shift)
+ {
+ if(shift == 0)
+ return x;
+ if(x.bits() <= shift)
+ return 0;
+
+ const u32bit shift_words = shift / MP_WORD_BITS,
+ shift_bits = shift % MP_WORD_BITS,
+ x_sw = x.sig_words();
+
+ BigInt y(x.sign(), x_sw - shift_words);
+ bigint_shr2(y.get_reg(), x.data(), x_sw, shift_words, shift_bits);
+ return y;
+ }
+
+}
diff --git a/src/big_rand.cpp b/src/big_rand.cpp
new file mode 100644
index 000000000..2cb4cfd77
--- /dev/null
+++ b/src/big_rand.cpp
@@ -0,0 +1,86 @@
+/*************************************************
+* BigInt Random Generation Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/bigint.h>
+#include <botan/parsing.h>
+#include <botan/numthry.h>
+#include <botan/rng.h>
+
+namespace Botan {
+
+/*************************************************
+* Construct a BigInt of a specific form *
+*************************************************/
+BigInt::BigInt(NumberType type, u32bit bits)
+ {
+ set_sign(Positive);
+ if(type == Random && bits)
+ randomize(bits);
+ else if(type == Power2)
+ set_bit(bits);
+ else
+ throw Invalid_Argument("BigInt(NumberType): Unknown type");
+ }
+
+/*************************************************
+* Randomize this number *
+*************************************************/
+void BigInt::randomize(u32bit bitsize)
+ {
+ set_sign(Positive);
+
+ if(bitsize == 0)
+ clear();
+ else
+ {
+ SecureVector<byte> array((bitsize + 7) / 8);
+ Global_RNG::randomize(array, array.size());
+ if(bitsize % 8)
+ array[0] &= 0xFF >> (8 - (bitsize % 8));
+ array[0] |= 0x80 >> ((bitsize % 8) ? (8 - bitsize % 8) : 0);
+ binary_decode(array, array.size());
+ }
+ }
+
+/*************************************************
+* Generate a random integer *
+*************************************************/
+BigInt random_integer(u32bit bits)
+ {
+ BigInt x;
+ x.randomize(bits);
+ return x;
+ }
+
+/*************************************************
+* Generate a random integer within given range *
+*************************************************/
+BigInt random_integer(const BigInt& min, const BigInt& max)
+ {
+ BigInt range = max - min;
+
+ if(range <= 0)
+ throw Invalid_Argument("random_integer: invalid min/max values");
+
+ return (min + (random_integer(range.bits() + 2) % range));
+ }
+
+/*************************************************
+* Generate a random safe prime *
+*************************************************/
+BigInt random_safe_prime(u32bit bits)
+ {
+ if(bits <= 64)
+ throw Invalid_Argument("random_safe_prime: Can't make a prime of " +
+ to_string(bits) + " bits");
+
+ BigInt p;
+ do
+ p = (random_prime(bits - 1) << 1) + 1;
+ while(!is_prime(p));
+ return p;
+ }
+
+}
diff --git a/src/bit_ops.cpp b/src/bit_ops.cpp
new file mode 100644
index 000000000..e9263941d
--- /dev/null
+++ b/src/bit_ops.cpp
@@ -0,0 +1,98 @@
+/*************************************************
+* Bit/Word Operations Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* XOR arrays together *
+*************************************************/
+void xor_buf(byte data[], const byte mask[], u32bit length)
+ {
+ while(length >= 8)
+ {
+ data[0] ^= mask[0]; data[1] ^= mask[1];
+ data[2] ^= mask[2]; data[3] ^= mask[3];
+ data[4] ^= mask[4]; data[5] ^= mask[5];
+ data[6] ^= mask[6]; data[7] ^= mask[7];
+ data += 8; mask += 8; length -= 8;
+ }
+ for(u32bit j = 0; j != length; ++j)
+ data[j] ^= mask[j];
+ }
+
+void xor_buf(byte out[], const byte in[], const byte mask[], u32bit length)
+ {
+ while(length >= 8)
+ {
+ out[0] = in[0] ^ mask[0]; out[1] = in[1] ^ mask[1];
+ out[2] = in[2] ^ mask[2]; out[3] = in[3] ^ mask[3];
+ out[4] = in[4] ^ mask[4]; out[5] = in[5] ^ mask[5];
+ out[6] = in[6] ^ mask[6]; out[7] = in[7] ^ mask[7];
+ in += 8; out += 8; mask += 8; length -= 8;
+ }
+ for(u32bit j = 0; j != length; ++j)
+ out[j] = in[j] ^ mask[j];
+ }
+
+/*************************************************
+* Return true iff arg is 2**n for some n > 0 *
+*************************************************/
+bool power_of_2(u64bit arg)
+ {
+ if(arg == 0 || arg == 1)
+ return false;
+ if((arg & (arg-1)) == 0)
+ return true;
+ return false;
+ }
+
+/*************************************************
+* Return the index of the highest set bit *
+*************************************************/
+u32bit high_bit(u64bit n)
+ {
+ for(u32bit count = 64; count > 0; --count)
+ if((n >> (count - 1)) & 0x01)
+ return count;
+ return 0;
+ }
+
+/*************************************************
+* Return the index of the lowest set bit *
+*************************************************/
+u32bit low_bit(u64bit n)
+ {
+ for(u32bit count = 0; count != 64; ++count)
+ if((n >> count) & 0x01)
+ return (count + 1);
+ return 0;
+ }
+
+/*************************************************
+* Return the number of significant bytes in n *
+*************************************************/
+u32bit significant_bytes(u64bit n)
+ {
+ for(u32bit j = 0; j != 8; ++j)
+ if(get_byte(j, n))
+ return 8-j;
+ return 0;
+ }
+
+/*************************************************
+* Return the Hamming weight of n *
+*************************************************/
+u32bit hamming_weight(u64bit n)
+ {
+ u32bit weight = 0;
+ for(u32bit j = 0; j != 64; ++j)
+ if((n >> j) & 0x01)
+ ++weight;
+ return weight;
+ }
+
+}
diff --git a/src/blfs_tab.cpp b/src/blfs_tab.cpp
new file mode 100644
index 000000000..be3baa9c9
--- /dev/null
+++ b/src/blfs_tab.cpp
@@ -0,0 +1,195 @@
+/*************************************************
+* S-Box and P-Box Tables for Blowfish *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/blowfish.h>
+
+namespace Botan {
+
+const u32bit Blowfish::PBOX[18] = {
+ 0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344, 0xA4093822, 0x299F31D0,
+ 0x082EFA98, 0xEC4E6C89, 0x452821E6, 0x38D01377, 0xBE5466CF, 0x34E90C6C,
+ 0xC0AC29B7, 0xC97C50DD, 0x3F84D5B5, 0xB5470917, 0x9216D5D9, 0x8979FB1B };
+
+const u32bit Blowfish::SBOX1[256] = {
+ 0xD1310BA6, 0x98DFB5AC, 0x2FFD72DB, 0xD01ADFB7, 0xB8E1AFED, 0x6A267E96,
+ 0xBA7C9045, 0xF12C7F99, 0x24A19947, 0xB3916CF7, 0x0801F2E2, 0x858EFC16,
+ 0x636920D8, 0x71574E69, 0xA458FEA3, 0xF4933D7E, 0x0D95748F, 0x728EB658,
+ 0x718BCD58, 0x82154AEE, 0x7B54A41D, 0xC25A59B5, 0x9C30D539, 0x2AF26013,
+ 0xC5D1B023, 0x286085F0, 0xCA417918, 0xB8DB38EF, 0x8E79DCB0, 0x603A180E,
+ 0x6C9E0E8B, 0xB01E8A3E, 0xD71577C1, 0xBD314B27, 0x78AF2FDA, 0x55605C60,
+ 0xE65525F3, 0xAA55AB94, 0x57489862, 0x63E81440, 0x55CA396A, 0x2AAB10B6,
+ 0xB4CC5C34, 0x1141E8CE, 0xA15486AF, 0x7C72E993, 0xB3EE1411, 0x636FBC2A,
+ 0x2BA9C55D, 0x741831F6, 0xCE5C3E16, 0x9B87931E, 0xAFD6BA33, 0x6C24CF5C,
+ 0x7A325381, 0x28958677, 0x3B8F4898, 0x6B4BB9AF, 0xC4BFE81B, 0x66282193,
+ 0x61D809CC, 0xFB21A991, 0x487CAC60, 0x5DEC8032, 0xEF845D5D, 0xE98575B1,
+ 0xDC262302, 0xEB651B88, 0x23893E81, 0xD396ACC5, 0x0F6D6FF3, 0x83F44239,
+ 0x2E0B4482, 0xA4842004, 0x69C8F04A, 0x9E1F9B5E, 0x21C66842, 0xF6E96C9A,
+ 0x670C9C61, 0xABD388F0, 0x6A51A0D2, 0xD8542F68, 0x960FA728, 0xAB5133A3,
+ 0x6EEF0B6C, 0x137A3BE4, 0xBA3BF050, 0x7EFB2A98, 0xA1F1651D, 0x39AF0176,
+ 0x66CA593E, 0x82430E88, 0x8CEE8619, 0x456F9FB4, 0x7D84A5C3, 0x3B8B5EBE,
+ 0xE06F75D8, 0x85C12073, 0x401A449F, 0x56C16AA6, 0x4ED3AA62, 0x363F7706,
+ 0x1BFEDF72, 0x429B023D, 0x37D0D724, 0xD00A1248, 0xDB0FEAD3, 0x49F1C09B,
+ 0x075372C9, 0x80991B7B, 0x25D479D8, 0xF6E8DEF7, 0xE3FE501A, 0xB6794C3B,
+ 0x976CE0BD, 0x04C006BA, 0xC1A94FB6, 0x409F60C4, 0x5E5C9EC2, 0x196A2463,
+ 0x68FB6FAF, 0x3E6C53B5, 0x1339B2EB, 0x3B52EC6F, 0x6DFC511F, 0x9B30952C,
+ 0xCC814544, 0xAF5EBD09, 0xBEE3D004, 0xDE334AFD, 0x660F2807, 0x192E4BB3,
+ 0xC0CBA857, 0x45C8740F, 0xD20B5F39, 0xB9D3FBDB, 0x5579C0BD, 0x1A60320A,
+ 0xD6A100C6, 0x402C7279, 0x679F25FE, 0xFB1FA3CC, 0x8EA5E9F8, 0xDB3222F8,
+ 0x3C7516DF, 0xFD616B15, 0x2F501EC8, 0xAD0552AB, 0x323DB5FA, 0xFD238760,
+ 0x53317B48, 0x3E00DF82, 0x9E5C57BB, 0xCA6F8CA0, 0x1A87562E, 0xDF1769DB,
+ 0xD542A8F6, 0x287EFFC3, 0xAC6732C6, 0x8C4F5573, 0x695B27B0, 0xBBCA58C8,
+ 0xE1FFA35D, 0xB8F011A0, 0x10FA3D98, 0xFD2183B8, 0x4AFCB56C, 0x2DD1D35B,
+ 0x9A53E479, 0xB6F84565, 0xD28E49BC, 0x4BFB9790, 0xE1DDF2DA, 0xA4CB7E33,
+ 0x62FB1341, 0xCEE4C6E8, 0xEF20CADA, 0x36774C01, 0xD07E9EFE, 0x2BF11FB4,
+ 0x95DBDA4D, 0xAE909198, 0xEAAD8E71, 0x6B93D5A0, 0xD08ED1D0, 0xAFC725E0,
+ 0x8E3C5B2F, 0x8E7594B7, 0x8FF6E2FB, 0xF2122B64, 0x8888B812, 0x900DF01C,
+ 0x4FAD5EA0, 0x688FC31C, 0xD1CFF191, 0xB3A8C1AD, 0x2F2F2218, 0xBE0E1777,
+ 0xEA752DFE, 0x8B021FA1, 0xE5A0CC0F, 0xB56F74E8, 0x18ACF3D6, 0xCE89E299,
+ 0xB4A84FE0, 0xFD13E0B7, 0x7CC43B81, 0xD2ADA8D9, 0x165FA266, 0x80957705,
+ 0x93CC7314, 0x211A1477, 0xE6AD2065, 0x77B5FA86, 0xC75442F5, 0xFB9D35CF,
+ 0xEBCDAF0C, 0x7B3E89A0, 0xD6411BD3, 0xAE1E7E49, 0x00250E2D, 0x2071B35E,
+ 0x226800BB, 0x57B8E0AF, 0x2464369B, 0xF009B91E, 0x5563911D, 0x59DFA6AA,
+ 0x78C14389, 0xD95A537F, 0x207D5BA2, 0x02E5B9C5, 0x83260376, 0x6295CFA9,
+ 0x11C81968, 0x4E734A41, 0xB3472DCA, 0x7B14A94A, 0x1B510052, 0x9A532915,
+ 0xD60F573F, 0xBC9BC6E4, 0x2B60A476, 0x81E67400, 0x08BA6FB5, 0x571BE91F,
+ 0xF296EC6B, 0x2A0DD915, 0xB6636521, 0xE7B9F9B6, 0xFF34052E, 0xC5855664,
+ 0x53B02D5D, 0xA99F8FA1, 0x08BA4799, 0x6E85076A };
+
+const u32bit Blowfish::SBOX2[256] = {
+ 0x4B7A70E9, 0xB5B32944, 0xDB75092E, 0xC4192623, 0xAD6EA6B0, 0x49A7DF7D,
+ 0x9CEE60B8, 0x8FEDB266, 0xECAA8C71, 0x699A17FF, 0x5664526C, 0xC2B19EE1,
+ 0x193602A5, 0x75094C29, 0xA0591340, 0xE4183A3E, 0x3F54989A, 0x5B429D65,
+ 0x6B8FE4D6, 0x99F73FD6, 0xA1D29C07, 0xEFE830F5, 0x4D2D38E6, 0xF0255DC1,
+ 0x4CDD2086, 0x8470EB26, 0x6382E9C6, 0x021ECC5E, 0x09686B3F, 0x3EBAEFC9,
+ 0x3C971814, 0x6B6A70A1, 0x687F3584, 0x52A0E286, 0xB79C5305, 0xAA500737,
+ 0x3E07841C, 0x7FDEAE5C, 0x8E7D44EC, 0x5716F2B8, 0xB03ADA37, 0xF0500C0D,
+ 0xF01C1F04, 0x0200B3FF, 0xAE0CF51A, 0x3CB574B2, 0x25837A58, 0xDC0921BD,
+ 0xD19113F9, 0x7CA92FF6, 0x94324773, 0x22F54701, 0x3AE5E581, 0x37C2DADC,
+ 0xC8B57634, 0x9AF3DDA7, 0xA9446146, 0x0FD0030E, 0xECC8C73E, 0xA4751E41,
+ 0xE238CD99, 0x3BEA0E2F, 0x3280BBA1, 0x183EB331, 0x4E548B38, 0x4F6DB908,
+ 0x6F420D03, 0xF60A04BF, 0x2CB81290, 0x24977C79, 0x5679B072, 0xBCAF89AF,
+ 0xDE9A771F, 0xD9930810, 0xB38BAE12, 0xDCCF3F2E, 0x5512721F, 0x2E6B7124,
+ 0x501ADDE6, 0x9F84CD87, 0x7A584718, 0x7408DA17, 0xBC9F9ABC, 0xE94B7D8C,
+ 0xEC7AEC3A, 0xDB851DFA, 0x63094366, 0xC464C3D2, 0xEF1C1847, 0x3215D908,
+ 0xDD433B37, 0x24C2BA16, 0x12A14D43, 0x2A65C451, 0x50940002, 0x133AE4DD,
+ 0x71DFF89E, 0x10314E55, 0x81AC77D6, 0x5F11199B, 0x043556F1, 0xD7A3C76B,
+ 0x3C11183B, 0x5924A509, 0xF28FE6ED, 0x97F1FBFA, 0x9EBABF2C, 0x1E153C6E,
+ 0x86E34570, 0xEAE96FB1, 0x860E5E0A, 0x5A3E2AB3, 0x771FE71C, 0x4E3D06FA,
+ 0x2965DCB9, 0x99E71D0F, 0x803E89D6, 0x5266C825, 0x2E4CC978, 0x9C10B36A,
+ 0xC6150EBA, 0x94E2EA78, 0xA5FC3C53, 0x1E0A2DF4, 0xF2F74EA7, 0x361D2B3D,
+ 0x1939260F, 0x19C27960, 0x5223A708, 0xF71312B6, 0xEBADFE6E, 0xEAC31F66,
+ 0xE3BC4595, 0xA67BC883, 0xB17F37D1, 0x018CFF28, 0xC332DDEF, 0xBE6C5AA5,
+ 0x65582185, 0x68AB9802, 0xEECEA50F, 0xDB2F953B, 0x2AEF7DAD, 0x5B6E2F84,
+ 0x1521B628, 0x29076170, 0xECDD4775, 0x619F1510, 0x13CCA830, 0xEB61BD96,
+ 0x0334FE1E, 0xAA0363CF, 0xB5735C90, 0x4C70A239, 0xD59E9E0B, 0xCBAADE14,
+ 0xEECC86BC, 0x60622CA7, 0x9CAB5CAB, 0xB2F3846E, 0x648B1EAF, 0x19BDF0CA,
+ 0xA02369B9, 0x655ABB50, 0x40685A32, 0x3C2AB4B3, 0x319EE9D5, 0xC021B8F7,
+ 0x9B540B19, 0x875FA099, 0x95F7997E, 0x623D7DA8, 0xF837889A, 0x97E32D77,
+ 0x11ED935F, 0x16681281, 0x0E358829, 0xC7E61FD6, 0x96DEDFA1, 0x7858BA99,
+ 0x57F584A5, 0x1B227263, 0x9B83C3FF, 0x1AC24696, 0xCDB30AEB, 0x532E3054,
+ 0x8FD948E4, 0x6DBC3128, 0x58EBF2EF, 0x34C6FFEA, 0xFE28ED61, 0xEE7C3C73,
+ 0x5D4A14D9, 0xE864B7E3, 0x42105D14, 0x203E13E0, 0x45EEE2B6, 0xA3AAABEA,
+ 0xDB6C4F15, 0xFACB4FD0, 0xC742F442, 0xEF6ABBB5, 0x654F3B1D, 0x41CD2105,
+ 0xD81E799E, 0x86854DC7, 0xE44B476A, 0x3D816250, 0xCF62A1F2, 0x5B8D2646,
+ 0xFC8883A0, 0xC1C7B6A3, 0x7F1524C3, 0x69CB7492, 0x47848A0B, 0x5692B285,
+ 0x095BBF00, 0xAD19489D, 0x1462B174, 0x23820E00, 0x58428D2A, 0x0C55F5EA,
+ 0x1DADF43E, 0x233F7061, 0x3372F092, 0x8D937E41, 0xD65FECF1, 0x6C223BDB,
+ 0x7CDE3759, 0xCBEE7460, 0x4085F2A7, 0xCE77326E, 0xA6078084, 0x19F8509E,
+ 0xE8EFD855, 0x61D99735, 0xA969A7AA, 0xC50C06C2, 0x5A04ABFC, 0x800BCADC,
+ 0x9E447A2E, 0xC3453484, 0xFDD56705, 0x0E1E9EC9, 0xDB73DBD3, 0x105588CD,
+ 0x675FDA79, 0xE3674340, 0xC5C43465, 0x713E38D8, 0x3D28F89E, 0xF16DFF20,
+ 0x153E21E7, 0x8FB03D4A, 0xE6E39F2B, 0xDB83ADF7 };
+
+const u32bit Blowfish::SBOX3[256] = {
+ 0xE93D5A68, 0x948140F7, 0xF64C261C, 0x94692934, 0x411520F7, 0x7602D4F7,
+ 0xBCF46B2E, 0xD4A20068, 0xD4082471, 0x3320F46A, 0x43B7D4B7, 0x500061AF,
+ 0x1E39F62E, 0x97244546, 0x14214F74, 0xBF8B8840, 0x4D95FC1D, 0x96B591AF,
+ 0x70F4DDD3, 0x66A02F45, 0xBFBC09EC, 0x03BD9785, 0x7FAC6DD0, 0x31CB8504,
+ 0x96EB27B3, 0x55FD3941, 0xDA2547E6, 0xABCA0A9A, 0x28507825, 0x530429F4,
+ 0x0A2C86DA, 0xE9B66DFB, 0x68DC1462, 0xD7486900, 0x680EC0A4, 0x27A18DEE,
+ 0x4F3FFEA2, 0xE887AD8C, 0xB58CE006, 0x7AF4D6B6, 0xAACE1E7C, 0xD3375FEC,
+ 0xCE78A399, 0x406B2A42, 0x20FE9E35, 0xD9F385B9, 0xEE39D7AB, 0x3B124E8B,
+ 0x1DC9FAF7, 0x4B6D1856, 0x26A36631, 0xEAE397B2, 0x3A6EFA74, 0xDD5B4332,
+ 0x6841E7F7, 0xCA7820FB, 0xFB0AF54E, 0xD8FEB397, 0x454056AC, 0xBA489527,
+ 0x55533A3A, 0x20838D87, 0xFE6BA9B7, 0xD096954B, 0x55A867BC, 0xA1159A58,
+ 0xCCA92963, 0x99E1DB33, 0xA62A4A56, 0x3F3125F9, 0x5EF47E1C, 0x9029317C,
+ 0xFDF8E802, 0x04272F70, 0x80BB155C, 0x05282CE3, 0x95C11548, 0xE4C66D22,
+ 0x48C1133F, 0xC70F86DC, 0x07F9C9EE, 0x41041F0F, 0x404779A4, 0x5D886E17,
+ 0x325F51EB, 0xD59BC0D1, 0xF2BCC18F, 0x41113564, 0x257B7834, 0x602A9C60,
+ 0xDFF8E8A3, 0x1F636C1B, 0x0E12B4C2, 0x02E1329E, 0xAF664FD1, 0xCAD18115,
+ 0x6B2395E0, 0x333E92E1, 0x3B240B62, 0xEEBEB922, 0x85B2A20E, 0xE6BA0D99,
+ 0xDE720C8C, 0x2DA2F728, 0xD0127845, 0x95B794FD, 0x647D0862, 0xE7CCF5F0,
+ 0x5449A36F, 0x877D48FA, 0xC39DFD27, 0xF33E8D1E, 0x0A476341, 0x992EFF74,
+ 0x3A6F6EAB, 0xF4F8FD37, 0xA812DC60, 0xA1EBDDF8, 0x991BE14C, 0xDB6E6B0D,
+ 0xC67B5510, 0x6D672C37, 0x2765D43B, 0xDCD0E804, 0xF1290DC7, 0xCC00FFA3,
+ 0xB5390F92, 0x690FED0B, 0x667B9FFB, 0xCEDB7D9C, 0xA091CF0B, 0xD9155EA3,
+ 0xBB132F88, 0x515BAD24, 0x7B9479BF, 0x763BD6EB, 0x37392EB3, 0xCC115979,
+ 0x8026E297, 0xF42E312D, 0x6842ADA7, 0xC66A2B3B, 0x12754CCC, 0x782EF11C,
+ 0x6A124237, 0xB79251E7, 0x06A1BBE6, 0x4BFB6350, 0x1A6B1018, 0x11CAEDFA,
+ 0x3D25BDD8, 0xE2E1C3C9, 0x44421659, 0x0A121386, 0xD90CEC6E, 0xD5ABEA2A,
+ 0x64AF674E, 0xDA86A85F, 0xBEBFE988, 0x64E4C3FE, 0x9DBC8057, 0xF0F7C086,
+ 0x60787BF8, 0x6003604D, 0xD1FD8346, 0xF6381FB0, 0x7745AE04, 0xD736FCCC,
+ 0x83426B33, 0xF01EAB71, 0xB0804187, 0x3C005E5F, 0x77A057BE, 0xBDE8AE24,
+ 0x55464299, 0xBF582E61, 0x4E58F48F, 0xF2DDFDA2, 0xF474EF38, 0x8789BDC2,
+ 0x5366F9C3, 0xC8B38E74, 0xB475F255, 0x46FCD9B9, 0x7AEB2661, 0x8B1DDF84,
+ 0x846A0E79, 0x915F95E2, 0x466E598E, 0x20B45770, 0x8CD55591, 0xC902DE4C,
+ 0xB90BACE1, 0xBB8205D0, 0x11A86248, 0x7574A99E, 0xB77F19B6, 0xE0A9DC09,
+ 0x662D09A1, 0xC4324633, 0xE85A1F02, 0x09F0BE8C, 0x4A99A025, 0x1D6EFE10,
+ 0x1AB93D1D, 0x0BA5A4DF, 0xA186F20F, 0x2868F169, 0xDCB7DA83, 0x573906FE,
+ 0xA1E2CE9B, 0x4FCD7F52, 0x50115E01, 0xA70683FA, 0xA002B5C4, 0x0DE6D027,
+ 0x9AF88C27, 0x773F8641, 0xC3604C06, 0x61A806B5, 0xF0177A28, 0xC0F586E0,
+ 0x006058AA, 0x30DC7D62, 0x11E69ED7, 0x2338EA63, 0x53C2DD94, 0xC2C21634,
+ 0xBBCBEE56, 0x90BCB6DE, 0xEBFC7DA1, 0xCE591D76, 0x6F05E409, 0x4B7C0188,
+ 0x39720A3D, 0x7C927C24, 0x86E3725F, 0x724D9DB9, 0x1AC15BB4, 0xD39EB8FC,
+ 0xED545578, 0x08FCA5B5, 0xD83D7CD3, 0x4DAD0FC4, 0x1E50EF5E, 0xB161E6F8,
+ 0xA28514D9, 0x6C51133C, 0x6FD5C7E7, 0x56E14EC4, 0x362ABFCE, 0xDDC6C837,
+ 0xD79A3234, 0x92638212, 0x670EFA8E, 0x406000E0 };
+
+const u32bit Blowfish::SBOX4[256] = {
+ 0x3A39CE37, 0xD3FAF5CF, 0xABC27737, 0x5AC52D1B, 0x5CB0679E, 0x4FA33742,
+ 0xD3822740, 0x99BC9BBE, 0xD5118E9D, 0xBF0F7315, 0xD62D1C7E, 0xC700C47B,
+ 0xB78C1B6B, 0x21A19045, 0xB26EB1BE, 0x6A366EB4, 0x5748AB2F, 0xBC946E79,
+ 0xC6A376D2, 0x6549C2C8, 0x530FF8EE, 0x468DDE7D, 0xD5730A1D, 0x4CD04DC6,
+ 0x2939BBDB, 0xA9BA4650, 0xAC9526E8, 0xBE5EE304, 0xA1FAD5F0, 0x6A2D519A,
+ 0x63EF8CE2, 0x9A86EE22, 0xC089C2B8, 0x43242EF6, 0xA51E03AA, 0x9CF2D0A4,
+ 0x83C061BA, 0x9BE96A4D, 0x8FE51550, 0xBA645BD6, 0x2826A2F9, 0xA73A3AE1,
+ 0x4BA99586, 0xEF5562E9, 0xC72FEFD3, 0xF752F7DA, 0x3F046F69, 0x77FA0A59,
+ 0x80E4A915, 0x87B08601, 0x9B09E6AD, 0x3B3EE593, 0xE990FD5A, 0x9E34D797,
+ 0x2CF0B7D9, 0x022B8B51, 0x96D5AC3A, 0x017DA67D, 0xD1CF3ED6, 0x7C7D2D28,
+ 0x1F9F25CF, 0xADF2B89B, 0x5AD6B472, 0x5A88F54C, 0xE029AC71, 0xE019A5E6,
+ 0x47B0ACFD, 0xED93FA9B, 0xE8D3C48D, 0x283B57CC, 0xF8D56629, 0x79132E28,
+ 0x785F0191, 0xED756055, 0xF7960E44, 0xE3D35E8C, 0x15056DD4, 0x88F46DBA,
+ 0x03A16125, 0x0564F0BD, 0xC3EB9E15, 0x3C9057A2, 0x97271AEC, 0xA93A072A,
+ 0x1B3F6D9B, 0x1E6321F5, 0xF59C66FB, 0x26DCF319, 0x7533D928, 0xB155FDF5,
+ 0x03563482, 0x8ABA3CBB, 0x28517711, 0xC20AD9F8, 0xABCC5167, 0xCCAD925F,
+ 0x4DE81751, 0x3830DC8E, 0x379D5862, 0x9320F991, 0xEA7A90C2, 0xFB3E7BCE,
+ 0x5121CE64, 0x774FBE32, 0xA8B6E37E, 0xC3293D46, 0x48DE5369, 0x6413E680,
+ 0xA2AE0810, 0xDD6DB224, 0x69852DFD, 0x09072166, 0xB39A460A, 0x6445C0DD,
+ 0x586CDECF, 0x1C20C8AE, 0x5BBEF7DD, 0x1B588D40, 0xCCD2017F, 0x6BB4E3BB,
+ 0xDDA26A7E, 0x3A59FF45, 0x3E350A44, 0xBCB4CDD5, 0x72EACEA8, 0xFA6484BB,
+ 0x8D6612AE, 0xBF3C6F47, 0xD29BE463, 0x542F5D9E, 0xAEC2771B, 0xF64E6370,
+ 0x740E0D8D, 0xE75B1357, 0xF8721671, 0xAF537D5D, 0x4040CB08, 0x4EB4E2CC,
+ 0x34D2466A, 0x0115AF84, 0xE1B00428, 0x95983A1D, 0x06B89FB4, 0xCE6EA048,
+ 0x6F3F3B82, 0x3520AB82, 0x011A1D4B, 0x277227F8, 0x611560B1, 0xE7933FDC,
+ 0xBB3A792B, 0x344525BD, 0xA08839E1, 0x51CE794B, 0x2F32C9B7, 0xA01FBAC9,
+ 0xE01CC87E, 0xBCC7D1F6, 0xCF0111C3, 0xA1E8AAC7, 0x1A908749, 0xD44FBD9A,
+ 0xD0DADECB, 0xD50ADA38, 0x0339C32A, 0xC6913667, 0x8DF9317C, 0xE0B12B4F,
+ 0xF79E59B7, 0x43F5BB3A, 0xF2D519FF, 0x27D9459C, 0xBF97222C, 0x15E6FC2A,
+ 0x0F91FC71, 0x9B941525, 0xFAE59361, 0xCEB69CEB, 0xC2A86459, 0x12BAA8D1,
+ 0xB6C1075E, 0xE3056A0C, 0x10D25065, 0xCB03A442, 0xE0EC6E0E, 0x1698DB3B,
+ 0x4C98A0BE, 0x3278E964, 0x9F1F9532, 0xE0D392DF, 0xD3A0342B, 0x8971F21E,
+ 0x1B0A7441, 0x4BA3348C, 0xC5BE7120, 0xC37632D8, 0xDF359F8D, 0x9B992F2E,
+ 0xE60B6F47, 0x0FE3F11D, 0xE54CDA54, 0x1EDAD891, 0xCE6279CF, 0xCD3E7E6F,
+ 0x1618B166, 0xFD2C1D05, 0x848FD2C5, 0xF6FB2299, 0xF523F357, 0xA6327623,
+ 0x93A83531, 0x56CCCD02, 0xACF08162, 0x5A75EBB5, 0x6E163697, 0x88D273CC,
+ 0xDE966292, 0x81B949D0, 0x4C50901B, 0x71C65614, 0xE6C6C7BD, 0x327A140A,
+ 0x45E1D006, 0xC3F27B9A, 0xC9AA53FD, 0x62A80F00, 0xBB25BFE2, 0x35BDD2F6,
+ 0x71126905, 0xB2040222, 0xB6CBCF7C, 0xCD769C2B, 0x53113EC0, 0x1640E3D3,
+ 0x38ABBD60, 0x2547ADF0, 0xBA38209C, 0xF746CE76, 0x77AFA1C5, 0x20756060,
+ 0x85CBFE4E, 0x8AE88DD8, 0x7AAAF9B0, 0x4CF9AA7E, 0x1948C25C, 0x02FB8A8C,
+ 0x01C36AE4, 0xD6EBE1F9, 0x90D4F869, 0xA65CDEA0, 0x3F09252D, 0xC208E69F,
+ 0xB74E6132, 0xCE77E25B, 0x578FDFE3, 0x3AC372E6 };
+
+}
diff --git a/src/blinding.cpp b/src/blinding.cpp
new file mode 100644
index 000000000..816968ae4
--- /dev/null
+++ b/src/blinding.cpp
@@ -0,0 +1,47 @@
+/*************************************************
+* Blinder Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/blinding.h>
+#include <botan/numthry.h>
+
+namespace Botan {
+
+/*************************************************
+* Blinder Constructor *
+*************************************************/
+Blinder::Blinder(const BigInt& e, const BigInt& d, const BigInt& n)
+ {
+ if(e < 1 || d < 1 || n < 1)
+ throw Invalid_Argument("Blinder: Arguments too small");
+
+ reducer = Modular_Reducer(n);
+ this->e = e;
+ this->d = d;
+ }
+
+/*************************************************
+* Blind a number *
+*************************************************/
+BigInt Blinder::blind(const BigInt& i) const
+ {
+ if(!reducer.initialized())
+ return i;
+
+ e = reducer.square(e);
+ d = reducer.square(d);
+ return reducer.multiply(i, e);
+ }
+
+/*************************************************
+* Unblind a number *
+*************************************************/
+BigInt Blinder::unblind(const BigInt& i) const
+ {
+ if(!reducer.initialized())
+ return i;
+ return reducer.multiply(i, d);
+ }
+
+}
diff --git a/src/blowfish.cpp b/src/blowfish.cpp
new file mode 100644
index 000000000..9dabb4c38
--- /dev/null
+++ b/src/blowfish.cpp
@@ -0,0 +1,118 @@
+/*************************************************
+* Blowfish Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/blowfish.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* Blowfish Encryption *
+*************************************************/
+void Blowfish::enc(const byte in[], byte out[]) const
+ {
+ u32bit L = make_u32bit(in[0], in[1], in[2], in[3]),
+ R = make_u32bit(in[4], in[5], in[6], in[7]);
+
+ for(u32bit j = 0; j != 16; j += 2)
+ {
+ L ^= P[j];
+ R ^= ((S1[get_byte(0, L)] + S2[get_byte(1, L)]) ^
+ S3[get_byte(2, L)]) + S4[get_byte(3, L)];
+
+ R ^= P[j+1];
+ L ^= ((S1[get_byte(0, R)] + S2[get_byte(1, R)]) ^
+ S3[get_byte(2, R)]) + S4[get_byte(3, R)];
+ }
+
+ L ^= P[16]; R ^= P[17];
+
+ out[0] = get_byte(0, R); out[1] = get_byte(1, R);
+ out[2] = get_byte(2, R); out[3] = get_byte(3, R);
+ out[4] = get_byte(0, L); out[5] = get_byte(1, L);
+ out[6] = get_byte(2, L); out[7] = get_byte(3, L);
+ }
+
+/*************************************************
+* Blowfish Decryption *
+*************************************************/
+void Blowfish::dec(const byte in[], byte out[]) const
+ {
+ u32bit L = make_u32bit(in[0], in[1], in[2], in[3]),
+ R = make_u32bit(in[4], in[5], in[6], in[7]);
+
+ for(u32bit j = 17; j != 1; j -= 2)
+ {
+ L ^= P[j];
+ R ^= ((S1[get_byte(0, L)] + S2[get_byte(1, L)]) ^
+ S3[get_byte(2, L)]) + S4[get_byte(3, L)];
+
+ R ^= P[j-1];
+ L ^= ((S1[get_byte(0, R)] + S2[get_byte(1, R)]) ^
+ S3[get_byte(2, R)]) + S4[get_byte(3, R)];
+ }
+
+ L ^= P[1]; R ^= P[0];
+
+ out[0] = get_byte(0, R); out[1] = get_byte(1, R);
+ out[2] = get_byte(2, R); out[3] = get_byte(3, R);
+ out[4] = get_byte(0, L); out[5] = get_byte(1, L);
+ out[6] = get_byte(2, L); out[7] = get_byte(3, L);
+ }
+
+/*************************************************
+* Blowfish Key Schedule *
+*************************************************/
+void Blowfish::key(const byte key[], u32bit length)
+ {
+ clear();
+ for(u32bit j = 0, k = 0; j != 18; ++j, k += 4)
+ P[j] ^= make_u32bit(key[(k ) % length], key[(k+1) % length],
+ key[(k+2) % length], key[(k+3) % length]);
+ u32bit L = 0, R = 0;
+ generate_sbox(P, 18, L, R);
+ generate_sbox(S1, 256, L, R);
+ generate_sbox(S2, 256, L, R);
+ generate_sbox(S3, 256, L, R);
+ generate_sbox(S4, 256, L, R);
+ }
+
+/*************************************************
+* Generate one of the Sboxes *
+*************************************************/
+void Blowfish::generate_sbox(u32bit Box[], u32bit size,
+ u32bit& L, u32bit& R) const
+ {
+ for(u32bit j = 0; j != size; j += 2)
+ {
+ for(u32bit k = 0; k != 16; k += 2)
+ {
+ L ^= P[k];
+ R ^= ((S1[get_byte(0, L)] + S2[get_byte(1, L)]) ^
+ S3[get_byte(2, L)]) + S4[get_byte(3, L)];
+
+ R ^= P[k+1];
+ L ^= ((S1[get_byte(0, R)] + S2[get_byte(1, R)]) ^
+ S3[get_byte(2, R)]) + S4[get_byte(3, R)];
+ }
+
+ u32bit T = R; R = L ^ P[16]; L = T ^ P[17];
+ Box[j] = L; Box[j+1] = R;
+ }
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void Blowfish::clear() throw()
+ {
+ P.copy(PBOX, 18);
+ S1.copy(SBOX1, 256);
+ S2.copy(SBOX2, 256);
+ S3.copy(SBOX3, 256);
+ S4.copy(SBOX4, 256);
+ }
+
+}
diff --git a/src/buf_es.cpp b/src/buf_es.cpp
new file mode 100644
index 000000000..415a5c13a
--- /dev/null
+++ b/src/buf_es.cpp
@@ -0,0 +1,95 @@
+/*************************************************
+* Buffered EntropySource Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/buf_es.h>
+#include <botan/bit_ops.h>
+#include <botan/util.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* Buffered_EntropySource Constructor *
+*************************************************/
+Buffered_EntropySource::Buffered_EntropySource() : buffer(256)
+ {
+ read_pos = write_pos = 0;
+ done_slow_poll = false;
+ }
+
+/*************************************************
+* Fast Poll *
+*************************************************/
+u32bit Buffered_EntropySource::fast_poll(byte out[], u32bit length)
+ {
+ if(!done_slow_poll) { do_slow_poll(); done_slow_poll = true; }
+
+ do_fast_poll();
+ return copy_out(out, length, buffer.size() / 4);
+ }
+
+/*************************************************
+* Slow Poll *
+*************************************************/
+u32bit Buffered_EntropySource::slow_poll(byte out[], u32bit length)
+ {
+ do_slow_poll();
+ return copy_out(out, length, buffer.size());
+ }
+
+/*************************************************
+* Default fast poll operation *
+*************************************************/
+void Buffered_EntropySource::do_fast_poll()
+ {
+ return do_slow_poll();
+ }
+
+/*************************************************
+* Add entropy to the internal buffer *
+*************************************************/
+void Buffered_EntropySource::add_bytes(const void* entropy_ptr, u32bit length)
+ {
+ const byte* bytes = (const byte*)entropy_ptr;
+ while(length)
+ {
+ u32bit copied = std::min(length, buffer.size() - write_pos);
+ xor_buf(buffer + write_pos, bytes, copied);
+ bytes += copied;
+ length -= copied;
+ write_pos = (write_pos + copied) % buffer.size();
+ }
+ }
+
+/*************************************************
+* Add entropy to the internal buffer *
+*************************************************/
+void Buffered_EntropySource::add_bytes(u64bit entropy)
+ {
+ add_bytes((const void*)&entropy, 8);
+ }
+
+/*************************************************
+* Add entropy to the internal buffer *
+*************************************************/
+void Buffered_EntropySource::add_timestamp()
+ {
+ add_bytes(system_clock());
+ }
+
+/*************************************************
+* Take entropy from the internal buffer *
+*************************************************/
+u32bit Buffered_EntropySource::copy_out(byte out[], u32bit length,
+ u32bit max_read)
+ {
+ length = std::min(length, max_read);
+ u32bit copied = std::min(length, buffer.size() - read_pos);
+ xor_buf(out, buffer + read_pos, copied);
+ read_pos = (read_pos + copied) % buffer.size();
+ return copied;
+ }
+
+}
diff --git a/src/buf_filt.cpp b/src/buf_filt.cpp
new file mode 100644
index 000000000..a6df82074
--- /dev/null
+++ b/src/buf_filt.cpp
@@ -0,0 +1,68 @@
+/*************************************************
+* Buffering Filter Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/buf_filt.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* Buffering_Filter Constructor *
+*************************************************/
+Buffering_Filter::Buffering_Filter(u32bit b, u32bit i) : INITIAL_BLOCK_SIZE(i),
+ BLOCK_SIZE(b)
+ {
+ initial_block_pos = block_pos = 0;
+ initial.create(INITIAL_BLOCK_SIZE);
+ block.create(BLOCK_SIZE);
+ }
+
+/*************************************************
+* Reset the Buffering Filter *
+*************************************************/
+void Buffering_Filter::end_msg()
+ {
+ if(initial_block_pos != INITIAL_BLOCK_SIZE)
+ throw Exception("Buffering_Filter: Not enough data for first block");
+ final_block(block, block_pos);
+ initial_block_pos = block_pos = 0;
+ initial.clear();
+ block.clear();
+ }
+
+/*************************************************
+* Buffer input into blocks *
+*************************************************/
+void Buffering_Filter::write(const byte input[], u32bit length)
+ {
+ if(initial_block_pos != INITIAL_BLOCK_SIZE)
+ {
+ u32bit copied = std::min(INITIAL_BLOCK_SIZE - initial_block_pos, length);
+ initial.copy(initial_block_pos, input, copied);
+ input += copied;
+ length -= copied;
+ initial_block_pos += copied;
+ if(initial_block_pos == INITIAL_BLOCK_SIZE)
+ initial_block(initial);
+ }
+ block.copy(block_pos, input, length);
+ if(block_pos + length >= BLOCK_SIZE)
+ {
+ main_block(block);
+ input += (BLOCK_SIZE - block_pos);
+ length -= (BLOCK_SIZE - block_pos);
+ while(length >= BLOCK_SIZE)
+ {
+ main_block(input);
+ input += BLOCK_SIZE;
+ length -= BLOCK_SIZE;
+ }
+ block.copy(input, length);
+ block_pos = 0;
+ }
+ block_pos += length;
+ }
+
+}
diff --git a/src/cast128.cpp b/src/cast128.cpp
new file mode 100644
index 000000000..02f50fb48
--- /dev/null
+++ b/src/cast128.cpp
@@ -0,0 +1,175 @@
+/*************************************************
+* CAST-128 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/cast128.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* CAST-128 Round Type 1 *
+*************************************************/
+inline void R1(u32bit& L, u32bit R, u32bit MK, u32bit RK)
+ {
+ u32bit T = rotate_left(MK + R, RK);
+ L ^= (CAST_SBOX1[get_byte(0, T)] ^ CAST_SBOX2[get_byte(1, T)]) -
+ CAST_SBOX3[get_byte(2, T)] + CAST_SBOX4[get_byte(3, T)];
+ }
+
+/*************************************************
+* CAST-128 Round Type 2 *
+*************************************************/
+inline void R2(u32bit& L, u32bit R, u32bit MK, u32bit RK)
+ {
+ u32bit T = rotate_left(MK ^ R, RK);
+ L ^= (CAST_SBOX1[get_byte(0, T)] - CAST_SBOX2[get_byte(1, T)] +
+ CAST_SBOX3[get_byte(2, T)]) ^ CAST_SBOX4[get_byte(3, T)];
+ }
+
+/*************************************************
+* CAST-128 Round Type 3 *
+*************************************************/
+inline void R3(u32bit& L, u32bit R, u32bit MK, u32bit RK)
+ {
+ u32bit T = rotate_left(MK - R, RK);
+ L ^= ((CAST_SBOX1[get_byte(0, T)] + CAST_SBOX2[get_byte(1, T)]) ^
+ CAST_SBOX3[get_byte(2, T)]) - CAST_SBOX4[get_byte(3, T)];
+ }
+
+}
+
+/*************************************************
+* CAST-128 Encryption *
+*************************************************/
+void CAST_128::enc(const byte in[], byte out[]) const
+ {
+ u32bit L = make_u32bit(in[0], in[1], in[2], in[3]),
+ R = make_u32bit(in[4], in[5], in[6], in[7]);
+
+ R1(L, R, MK[ 0], RK[ 0]);
+ R2(R, L, MK[ 1], RK[ 1]);
+ R3(L, R, MK[ 2], RK[ 2]);
+ R1(R, L, MK[ 3], RK[ 3]);
+ R2(L, R, MK[ 4], RK[ 4]);
+ R3(R, L, MK[ 5], RK[ 5]);
+ R1(L, R, MK[ 6], RK[ 6]);
+ R2(R, L, MK[ 7], RK[ 7]);
+ R3(L, R, MK[ 8], RK[ 8]);
+ R1(R, L, MK[ 9], RK[ 9]);
+ R2(L, R, MK[10], RK[10]);
+ R3(R, L, MK[11], RK[11]);
+ R1(L, R, MK[12], RK[12]);
+ R2(R, L, MK[13], RK[13]);
+ R3(L, R, MK[14], RK[14]);
+ R1(R, L, MK[15], RK[15]);
+
+ out[0] = get_byte(0, R); out[1] = get_byte(1, R);
+ out[2] = get_byte(2, R); out[3] = get_byte(3, R);
+ out[4] = get_byte(0, L); out[5] = get_byte(1, L);
+ out[6] = get_byte(2, L); out[7] = get_byte(3, L);
+ }
+
+/*************************************************
+* CAST-128 Decryption *
+*************************************************/
+void CAST_128::dec(const byte in[], byte out[]) const
+ {
+ u32bit L = make_u32bit(in[0], in[1], in[2], in[3]),
+ R = make_u32bit(in[4], in[5], in[6], in[7]);
+
+ R1(L, R, MK[15], RK[15]);
+ R3(R, L, MK[14], RK[14]);
+ R2(L, R, MK[13], RK[13]);
+ R1(R, L, MK[12], RK[12]);
+ R3(L, R, MK[11], RK[11]);
+ R2(R, L, MK[10], RK[10]);
+ R1(L, R, MK[ 9], RK[ 9]);
+ R3(R, L, MK[ 8], RK[ 8]);
+ R2(L, R, MK[ 7], RK[ 7]);
+ R1(R, L, MK[ 6], RK[ 6]);
+ R3(L, R, MK[ 5], RK[ 5]);
+ R2(R, L, MK[ 4], RK[ 4]);
+ R1(L, R, MK[ 3], RK[ 3]);
+ R3(R, L, MK[ 2], RK[ 2]);
+ R2(L, R, MK[ 1], RK[ 1]);
+ R1(R, L, MK[ 0], RK[ 0]);
+
+ out[0] = get_byte(0, R); out[1] = get_byte(1, R);
+ out[2] = get_byte(2, R); out[3] = get_byte(3, R);
+ out[4] = get_byte(0, L); out[5] = get_byte(1, L);
+ out[6] = get_byte(2, L); out[7] = get_byte(3, L);
+ }
+
+/*************************************************
+* CAST-128 Key Schedule *
+*************************************************/
+void CAST_128::key(const byte key[], u32bit length)
+ {
+ clear();
+ SecureBuffer<u32bit, 4> X;
+ for(u32bit j = 0; j != length; ++j)
+ X[j/4] = (X[j/4] << 8) + key[j];
+
+ key_schedule(MK, X);
+ key_schedule(RK, X);
+
+ for(u32bit j = 0; j != 16; ++j)
+ RK[j] %= 32;
+ }
+
+/*************************************************
+* S-Box Based Key Expansion *
+*************************************************/
+void CAST_128::key_schedule(u32bit K[16], u32bit X[4])
+ {
+ class ByteReader
+ {
+ public:
+ byte operator()(u32bit i) { return (X[i/4] >> (8*(3 - (i%4)))); }
+ ByteReader(u32bit* x) : X(x) {}
+ private:
+ u32bit* X;
+ };
+
+ SecureBuffer<u32bit, 4> Z;
+ ByteReader x(X), z(Z);
+
+ Z[0] = X[0] ^ S5[x(13)] ^ S6[x(15)] ^ S7[x(12)] ^ S8[x(14)] ^ S7[x( 8)];
+ Z[1] = X[2] ^ S5[z( 0)] ^ S6[z( 2)] ^ S7[z( 1)] ^ S8[z( 3)] ^ S8[x(10)];
+ Z[2] = X[3] ^ S5[z( 7)] ^ S6[z( 6)] ^ S7[z( 5)] ^ S8[z( 4)] ^ S5[x( 9)];
+ Z[3] = X[1] ^ S5[z(10)] ^ S6[z( 9)] ^ S7[z(11)] ^ S8[z( 8)] ^ S6[x(11)];
+ K[ 0] = S5[z( 8)] ^ S6[z( 9)] ^ S7[z( 7)] ^ S8[z( 6)] ^ S5[z( 2)];
+ K[ 1] = S5[z(10)] ^ S6[z(11)] ^ S7[z( 5)] ^ S8[z( 4)] ^ S6[z( 6)];
+ K[ 2] = S5[z(12)] ^ S6[z(13)] ^ S7[z( 3)] ^ S8[z( 2)] ^ S7[z( 9)];
+ K[ 3] = S5[z(14)] ^ S6[z(15)] ^ S7[z( 1)] ^ S8[z( 0)] ^ S8[z(12)];
+ X[0] = Z[2] ^ S5[z( 5)] ^ S6[z( 7)] ^ S7[z( 4)] ^ S8[z( 6)] ^ S7[z( 0)];
+ X[1] = Z[0] ^ S5[x( 0)] ^ S6[x( 2)] ^ S7[x( 1)] ^ S8[x( 3)] ^ S8[z( 2)];
+ X[2] = Z[1] ^ S5[x( 7)] ^ S6[x( 6)] ^ S7[x( 5)] ^ S8[x( 4)] ^ S5[z( 1)];
+ X[3] = Z[3] ^ S5[x(10)] ^ S6[x( 9)] ^ S7[x(11)] ^ S8[x( 8)] ^ S6[z( 3)];
+ K[ 4] = S5[x( 3)] ^ S6[x( 2)] ^ S7[x(12)] ^ S8[x(13)] ^ S5[x( 8)];
+ K[ 5] = S5[x( 1)] ^ S6[x( 0)] ^ S7[x(14)] ^ S8[x(15)] ^ S6[x(13)];
+ K[ 6] = S5[x( 7)] ^ S6[x( 6)] ^ S7[x( 8)] ^ S8[x( 9)] ^ S7[x( 3)];
+ K[ 7] = S5[x( 5)] ^ S6[x( 4)] ^ S7[x(10)] ^ S8[x(11)] ^ S8[x( 7)];
+ Z[0] = X[0] ^ S5[x(13)] ^ S6[x(15)] ^ S7[x(12)] ^ S8[x(14)] ^ S7[x( 8)];
+ Z[1] = X[2] ^ S5[z( 0)] ^ S6[z( 2)] ^ S7[z( 1)] ^ S8[z( 3)] ^ S8[x(10)];
+ Z[2] = X[3] ^ S5[z( 7)] ^ S6[z( 6)] ^ S7[z( 5)] ^ S8[z( 4)] ^ S5[x( 9)];
+ Z[3] = X[1] ^ S5[z(10)] ^ S6[z( 9)] ^ S7[z(11)] ^ S8[z( 8)] ^ S6[x(11)];
+ K[ 8] = S5[z( 3)] ^ S6[z( 2)] ^ S7[z(12)] ^ S8[z(13)] ^ S5[z( 9)];
+ K[ 9] = S5[z( 1)] ^ S6[z( 0)] ^ S7[z(14)] ^ S8[z(15)] ^ S6[z(12)];
+ K[10] = S5[z( 7)] ^ S6[z( 6)] ^ S7[z( 8)] ^ S8[z( 9)] ^ S7[z( 2)];
+ K[11] = S5[z( 5)] ^ S6[z( 4)] ^ S7[z(10)] ^ S8[z(11)] ^ S8[z( 6)];
+ X[0] = Z[2] ^ S5[z( 5)] ^ S6[z( 7)] ^ S7[z( 4)] ^ S8[z( 6)] ^ S7[z( 0)];
+ X[1] = Z[0] ^ S5[x( 0)] ^ S6[x( 2)] ^ S7[x( 1)] ^ S8[x( 3)] ^ S8[z( 2)];
+ X[2] = Z[1] ^ S5[x( 7)] ^ S6[x( 6)] ^ S7[x( 5)] ^ S8[x( 4)] ^ S5[z( 1)];
+ X[3] = Z[3] ^ S5[x(10)] ^ S6[x( 9)] ^ S7[x(11)] ^ S8[x( 8)] ^ S6[z( 3)];
+ K[12] = S5[x( 8)] ^ S6[x( 9)] ^ S7[x( 7)] ^ S8[x( 6)] ^ S5[x( 3)];
+ K[13] = S5[x(10)] ^ S6[x(11)] ^ S7[x( 5)] ^ S8[x( 4)] ^ S6[x( 7)];
+ K[14] = S5[x(12)] ^ S6[x(13)] ^ S7[x( 3)] ^ S8[x( 2)] ^ S7[x( 8)];
+ K[15] = S5[x(14)] ^ S6[x(15)] ^ S7[x( 1)] ^ S8[x( 0)] ^ S8[x(13)];
+ }
+
+}
diff --git a/src/cast256.cpp b/src/cast256.cpp
new file mode 100644
index 000000000..81befe611
--- /dev/null
+++ b/src/cast256.cpp
@@ -0,0 +1,168 @@
+/*************************************************
+* CAST-256 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/cast256.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* CAST-256 Encryption *
+*************************************************/
+void CAST_256::enc(const byte in[], byte out[]) const
+ {
+ u32bit A = make_u32bit(in[ 0], in[ 1], in[ 2], in[ 3]),
+ B = make_u32bit(in[ 4], in[ 5], in[ 6], in[ 7]),
+ C = make_u32bit(in[ 8], in[ 9], in[10], in[11]),
+ D = make_u32bit(in[12], in[13], in[14], in[15]);
+ round1(C, D, MK[ 0], RK[ 0]); round2(B, C, MK[ 1], RK[ 1]);
+ round3(A, B, MK[ 2], RK[ 2]); round1(D, A, MK[ 3], RK[ 3]);
+ round1(C, D, MK[ 4], RK[ 4]); round2(B, C, MK[ 5], RK[ 5]);
+ round3(A, B, MK[ 6], RK[ 6]); round1(D, A, MK[ 7], RK[ 7]);
+ round1(C, D, MK[ 8], RK[ 8]); round2(B, C, MK[ 9], RK[ 9]);
+ round3(A, B, MK[10], RK[10]); round1(D, A, MK[11], RK[11]);
+ round1(C, D, MK[12], RK[12]); round2(B, C, MK[13], RK[13]);
+ round3(A, B, MK[14], RK[14]); round1(D, A, MK[15], RK[15]);
+ round1(C, D, MK[16], RK[16]); round2(B, C, MK[17], RK[17]);
+ round3(A, B, MK[18], RK[18]); round1(D, A, MK[19], RK[19]);
+ round1(C, D, MK[20], RK[20]); round2(B, C, MK[21], RK[21]);
+ round3(A, B, MK[22], RK[22]); round1(D, A, MK[23], RK[23]);
+ round1(D, A, MK[27], RK[27]); round3(A, B, MK[26], RK[26]);
+ round2(B, C, MK[25], RK[25]); round1(C, D, MK[24], RK[24]);
+ round1(D, A, MK[31], RK[31]); round3(A, B, MK[30], RK[30]);
+ round2(B, C, MK[29], RK[29]); round1(C, D, MK[28], RK[28]);
+ round1(D, A, MK[35], RK[35]); round3(A, B, MK[34], RK[34]);
+ round2(B, C, MK[33], RK[33]); round1(C, D, MK[32], RK[32]);
+ round1(D, A, MK[39], RK[39]); round3(A, B, MK[38], RK[38]);
+ round2(B, C, MK[37], RK[37]); round1(C, D, MK[36], RK[36]);
+ round1(D, A, MK[43], RK[43]); round3(A, B, MK[42], RK[42]);
+ round2(B, C, MK[41], RK[41]); round1(C, D, MK[40], RK[40]);
+ round1(D, A, MK[47], RK[47]); round3(A, B, MK[46], RK[46]);
+ round2(B, C, MK[45], RK[45]); round1(C, D, MK[44], RK[44]);
+ out[ 0] = get_byte(0, A); out[ 1] = get_byte(1, A);
+ out[ 2] = get_byte(2, A); out[ 3] = get_byte(3, A);
+ out[ 4] = get_byte(0, B); out[ 5] = get_byte(1, B);
+ out[ 6] = get_byte(2, B); out[ 7] = get_byte(3, B);
+ out[ 8] = get_byte(0, C); out[ 9] = get_byte(1, C);
+ out[10] = get_byte(2, C); out[11] = get_byte(3, C);
+ out[12] = get_byte(0, D); out[13] = get_byte(1, D);
+ out[14] = get_byte(2, D); out[15] = get_byte(3, D);
+ }
+
+/*************************************************
+* CAST-256 Decryption *
+*************************************************/
+void CAST_256::dec(const byte in[], byte out[]) const
+ {
+ u32bit A = make_u32bit(in[ 0], in[ 1], in[ 2], in[ 3]),
+ B = make_u32bit(in[ 4], in[ 5], in[ 6], in[ 7]),
+ C = make_u32bit(in[ 8], in[ 9], in[10], in[11]),
+ D = make_u32bit(in[12], in[13], in[14], in[15]);
+ round1(C, D, MK[44], RK[44]); round2(B, C, MK[45], RK[45]);
+ round3(A, B, MK[46], RK[46]); round1(D, A, MK[47], RK[47]);
+ round1(C, D, MK[40], RK[40]); round2(B, C, MK[41], RK[41]);
+ round3(A, B, MK[42], RK[42]); round1(D, A, MK[43], RK[43]);
+ round1(C, D, MK[36], RK[36]); round2(B, C, MK[37], RK[37]);
+ round3(A, B, MK[38], RK[38]); round1(D, A, MK[39], RK[39]);
+ round1(C, D, MK[32], RK[32]); round2(B, C, MK[33], RK[33]);
+ round3(A, B, MK[34], RK[34]); round1(D, A, MK[35], RK[35]);
+ round1(C, D, MK[28], RK[28]); round2(B, C, MK[29], RK[29]);
+ round3(A, B, MK[30], RK[30]); round1(D, A, MK[31], RK[31]);
+ round1(C, D, MK[24], RK[24]); round2(B, C, MK[25], RK[25]);
+ round3(A, B, MK[26], RK[26]); round1(D, A, MK[27], RK[27]);
+ round1(D, A, MK[23], RK[23]); round3(A, B, MK[22], RK[22]);
+ round2(B, C, MK[21], RK[21]); round1(C, D, MK[20], RK[20]);
+ round1(D, A, MK[19], RK[19]); round3(A, B, MK[18], RK[18]);
+ round2(B, C, MK[17], RK[17]); round1(C, D, MK[16], RK[16]);
+ round1(D, A, MK[15], RK[15]); round3(A, B, MK[14], RK[14]);
+ round2(B, C, MK[13], RK[13]); round1(C, D, MK[12], RK[12]);
+ round1(D, A, MK[11], RK[11]); round3(A, B, MK[10], RK[10]);
+ round2(B, C, MK[ 9], RK[ 9]); round1(C, D, MK[ 8], RK[ 8]);
+ round1(D, A, MK[ 7], RK[ 7]); round3(A, B, MK[ 6], RK[ 6]);
+ round2(B, C, MK[ 5], RK[ 5]); round1(C, D, MK[ 4], RK[ 4]);
+ round1(D, A, MK[ 3], RK[ 3]); round3(A, B, MK[ 2], RK[ 2]);
+ round2(B, C, MK[ 1], RK[ 1]); round1(C, D, MK[ 0], RK[ 0]);
+ out[ 0] = get_byte(0, A); out[ 1] = get_byte(1, A);
+ out[ 2] = get_byte(2, A); out[ 3] = get_byte(3, A);
+ out[ 4] = get_byte(0, B); out[ 5] = get_byte(1, B);
+ out[ 6] = get_byte(2, B); out[ 7] = get_byte(3, B);
+ out[ 8] = get_byte(0, C); out[ 9] = get_byte(1, C);
+ out[10] = get_byte(2, C); out[11] = get_byte(3, C);
+ out[12] = get_byte(0, D); out[13] = get_byte(1, D);
+ out[14] = get_byte(2, D); out[15] = get_byte(3, D);
+ }
+
+/*************************************************
+* CAST-256 Round Type 1 *
+*************************************************/
+void CAST_256::round1(u32bit& out, u32bit in, u32bit mask, u32bit rot) const
+ {
+ u32bit temp = rotate_left(mask + in, rot);
+ out ^= (CAST_SBOX1[get_byte(0, temp)] ^ CAST_SBOX2[get_byte(1, temp)]) -
+ CAST_SBOX3[get_byte(2, temp)] + CAST_SBOX4[get_byte(3, temp)];
+ }
+
+/*************************************************
+* CAST-256 Round Type 2 *
+*************************************************/
+void CAST_256::round2(u32bit& out, u32bit in, u32bit mask, u32bit rot) const
+ {
+ u32bit temp = rotate_left(mask ^ in, rot);
+ out ^= (CAST_SBOX1[get_byte(0, temp)] - CAST_SBOX2[get_byte(1, temp)] +
+ CAST_SBOX3[get_byte(2, temp)]) ^ CAST_SBOX4[get_byte(3, temp)];
+ }
+
+/*************************************************
+* CAST-256 Round Type 3 *
+*************************************************/
+void CAST_256::round3(u32bit& out, u32bit in, u32bit mask, u32bit rot) const
+ {
+ u32bit temp = rotate_left(mask - in, rot);
+ out ^= ((CAST_SBOX1[get_byte(0, temp)] + CAST_SBOX2[get_byte(1, temp)]) ^
+ CAST_SBOX3[get_byte(2, temp)]) - CAST_SBOX4[get_byte(3, temp)];
+ }
+
+/*************************************************
+* CAST-256 Key Schedule *
+*************************************************/
+void CAST_256::key(const byte key[], u32bit length)
+ {
+ SecureBuffer<u32bit, 8> TMP;
+ for(u32bit j = 0; j != length; ++j)
+ TMP[j/4] = (TMP[j/4] << 8) + key[j];
+
+ u32bit A = TMP[0], B = TMP[1], C = TMP[2], D = TMP[3],
+ E = TMP[4], F = TMP[5], G = TMP[6], H = TMP[7];
+ for(u32bit j = 0; j != 48; j += 4)
+ {
+ round1(G, H, KEY_MASK[4*j+ 0], KEY_ROT[(4*j+ 0) % 32]);
+ round2(F, G, KEY_MASK[4*j+ 1], KEY_ROT[(4*j+ 1) % 32]);
+ round3(E, F, KEY_MASK[4*j+ 2], KEY_ROT[(4*j+ 2) % 32]);
+ round1(D, E, KEY_MASK[4*j+ 3], KEY_ROT[(4*j+ 3) % 32]);
+ round2(C, D, KEY_MASK[4*j+ 4], KEY_ROT[(4*j+ 4) % 32]);
+ round3(B, C, KEY_MASK[4*j+ 5], KEY_ROT[(4*j+ 5) % 32]);
+ round1(A, B, KEY_MASK[4*j+ 6], KEY_ROT[(4*j+ 6) % 32]);
+ round2(H, A, KEY_MASK[4*j+ 7], KEY_ROT[(4*j+ 7) % 32]);
+ round1(G, H, KEY_MASK[4*j+ 8], KEY_ROT[(4*j+ 8) % 32]);
+ round2(F, G, KEY_MASK[4*j+ 9], KEY_ROT[(4*j+ 9) % 32]);
+ round3(E, F, KEY_MASK[4*j+10], KEY_ROT[(4*j+10) % 32]);
+ round1(D, E, KEY_MASK[4*j+11], KEY_ROT[(4*j+11) % 32]);
+ round2(C, D, KEY_MASK[4*j+12], KEY_ROT[(4*j+12) % 32]);
+ round3(B, C, KEY_MASK[4*j+13], KEY_ROT[(4*j+13) % 32]);
+ round1(A, B, KEY_MASK[4*j+14], KEY_ROT[(4*j+14) % 32]);
+ round2(H, A, KEY_MASK[4*j+15], KEY_ROT[(4*j+15) % 32]);
+
+ RK[j ] = (A % 32);
+ RK[j+1] = (C % 32);
+ RK[j+2] = (E % 32);
+ RK[j+3] = (G % 32);
+ MK[j ] = H;
+ MK[j+1] = F;
+ MK[j+2] = D;
+ MK[j+3] = B;
+ }
+ }
+
+}
diff --git a/src/cast_tab.cpp b/src/cast_tab.cpp
new file mode 100644
index 000000000..65b14c5ea
--- /dev/null
+++ b/src/cast_tab.cpp
@@ -0,0 +1,410 @@
+/*************************************************
+* S-Box Tables for CAST-128 and CAST-256 *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/cast128.h>
+#include <botan/cast256.h>
+
+namespace Botan {
+
+const u32bit CAST_SBOX1[256] = {
+ 0x30FB40D4, 0x9FA0FF0B, 0x6BECCD2F, 0x3F258C7A, 0x1E213F2F, 0x9C004DD3,
+ 0x6003E540, 0xCF9FC949, 0xBFD4AF27, 0x88BBBDB5, 0xE2034090, 0x98D09675,
+ 0x6E63A0E0, 0x15C361D2, 0xC2E7661D, 0x22D4FF8E, 0x28683B6F, 0xC07FD059,
+ 0xFF2379C8, 0x775F50E2, 0x43C340D3, 0xDF2F8656, 0x887CA41A, 0xA2D2BD2D,
+ 0xA1C9E0D6, 0x346C4819, 0x61B76D87, 0x22540F2F, 0x2ABE32E1, 0xAA54166B,
+ 0x22568E3A, 0xA2D341D0, 0x66DB40C8, 0xA784392F, 0x004DFF2F, 0x2DB9D2DE,
+ 0x97943FAC, 0x4A97C1D8, 0x527644B7, 0xB5F437A7, 0xB82CBAEF, 0xD751D159,
+ 0x6FF7F0ED, 0x5A097A1F, 0x827B68D0, 0x90ECF52E, 0x22B0C054, 0xBC8E5935,
+ 0x4B6D2F7F, 0x50BB64A2, 0xD2664910, 0xBEE5812D, 0xB7332290, 0xE93B159F,
+ 0xB48EE411, 0x4BFF345D, 0xFD45C240, 0xAD31973F, 0xC4F6D02E, 0x55FC8165,
+ 0xD5B1CAAD, 0xA1AC2DAE, 0xA2D4B76D, 0xC19B0C50, 0x882240F2, 0x0C6E4F38,
+ 0xA4E4BFD7, 0x4F5BA272, 0x564C1D2F, 0xC59C5319, 0xB949E354, 0xB04669FE,
+ 0xB1B6AB8A, 0xC71358DD, 0x6385C545, 0x110F935D, 0x57538AD5, 0x6A390493,
+ 0xE63D37E0, 0x2A54F6B3, 0x3A787D5F, 0x6276A0B5, 0x19A6FCDF, 0x7A42206A,
+ 0x29F9D4D5, 0xF61B1891, 0xBB72275E, 0xAA508167, 0x38901091, 0xC6B505EB,
+ 0x84C7CB8C, 0x2AD75A0F, 0x874A1427, 0xA2D1936B, 0x2AD286AF, 0xAA56D291,
+ 0xD7894360, 0x425C750D, 0x93B39E26, 0x187184C9, 0x6C00B32D, 0x73E2BB14,
+ 0xA0BEBC3C, 0x54623779, 0x64459EAB, 0x3F328B82, 0x7718CF82, 0x59A2CEA6,
+ 0x04EE002E, 0x89FE78E6, 0x3FAB0950, 0x325FF6C2, 0x81383F05, 0x6963C5C8,
+ 0x76CB5AD6, 0xD49974C9, 0xCA180DCF, 0x380782D5, 0xC7FA5CF6, 0x8AC31511,
+ 0x35E79E13, 0x47DA91D0, 0xF40F9086, 0xA7E2419E, 0x31366241, 0x051EF495,
+ 0xAA573B04, 0x4A805D8D, 0x548300D0, 0x00322A3C, 0xBF64CDDF, 0xBA57A68E,
+ 0x75C6372B, 0x50AFD341, 0xA7C13275, 0x915A0BF5, 0x6B54BFAB, 0x2B0B1426,
+ 0xAB4CC9D7, 0x449CCD82, 0xF7FBF265, 0xAB85C5F3, 0x1B55DB94, 0xAAD4E324,
+ 0xCFA4BD3F, 0x2DEAA3E2, 0x9E204D02, 0xC8BD25AC, 0xEADF55B3, 0xD5BD9E98,
+ 0xE31231B2, 0x2AD5AD6C, 0x954329DE, 0xADBE4528, 0xD8710F69, 0xAA51C90F,
+ 0xAA786BF6, 0x22513F1E, 0xAA51A79B, 0x2AD344CC, 0x7B5A41F0, 0xD37CFBAD,
+ 0x1B069505, 0x41ECE491, 0xB4C332E6, 0x032268D4, 0xC9600ACC, 0xCE387E6D,
+ 0xBF6BB16C, 0x6A70FB78, 0x0D03D9C9, 0xD4DF39DE, 0xE01063DA, 0x4736F464,
+ 0x5AD328D8, 0xB347CC96, 0x75BB0FC3, 0x98511BFB, 0x4FFBCC35, 0xB58BCF6A,
+ 0xE11F0ABC, 0xBFC5FE4A, 0xA70AEC10, 0xAC39570A, 0x3F04442F, 0x6188B153,
+ 0xE0397A2E, 0x5727CB79, 0x9CEB418F, 0x1CACD68D, 0x2AD37C96, 0x0175CB9D,
+ 0xC69DFF09, 0xC75B65F0, 0xD9DB40D8, 0xEC0E7779, 0x4744EAD4, 0xB11C3274,
+ 0xDD24CB9E, 0x7E1C54BD, 0xF01144F9, 0xD2240EB1, 0x9675B3FD, 0xA3AC3755,
+ 0xD47C27AF, 0x51C85F4D, 0x56907596, 0xA5BB15E6, 0x580304F0, 0xCA042CF1,
+ 0x011A37EA, 0x8DBFAADB, 0x35BA3E4A, 0x3526FFA0, 0xC37B4D09, 0xBC306ED9,
+ 0x98A52666, 0x5648F725, 0xFF5E569D, 0x0CED63D0, 0x7C63B2CF, 0x700B45E1,
+ 0xD5EA50F1, 0x85A92872, 0xAF1FBDA7, 0xD4234870, 0xA7870BF3, 0x2D3B4D79,
+ 0x42E04198, 0x0CD0EDE7, 0x26470DB8, 0xF881814C, 0x474D6AD7, 0x7C0C5E5C,
+ 0xD1231959, 0x381B7298, 0xF5D2F4DB, 0xAB838653, 0x6E2F1E23, 0x83719C9E,
+ 0xBD91E046, 0x9A56456E, 0xDC39200C, 0x20C8C571, 0x962BDA1C, 0xE1E696FF,
+ 0xB141AB08, 0x7CCA89B9, 0x1A69E783, 0x02CC4843, 0xA2F7C579, 0x429EF47D,
+ 0x427B169C, 0x5AC9F049, 0xDD8F0F00, 0x5C8165BF };
+
+const u32bit CAST_SBOX2[256] = {
+ 0x1F201094, 0xEF0BA75B, 0x69E3CF7E, 0x393F4380, 0xFE61CF7A, 0xEEC5207A,
+ 0x55889C94, 0x72FC0651, 0xADA7EF79, 0x4E1D7235, 0xD55A63CE, 0xDE0436BA,
+ 0x99C430EF, 0x5F0C0794, 0x18DCDB7D, 0xA1D6EFF3, 0xA0B52F7B, 0x59E83605,
+ 0xEE15B094, 0xE9FFD909, 0xDC440086, 0xEF944459, 0xBA83CCB3, 0xE0C3CDFB,
+ 0xD1DA4181, 0x3B092AB1, 0xF997F1C1, 0xA5E6CF7B, 0x01420DDB, 0xE4E7EF5B,
+ 0x25A1FF41, 0xE180F806, 0x1FC41080, 0x179BEE7A, 0xD37AC6A9, 0xFE5830A4,
+ 0x98DE8B7F, 0x77E83F4E, 0x79929269, 0x24FA9F7B, 0xE113C85B, 0xACC40083,
+ 0xD7503525, 0xF7EA615F, 0x62143154, 0x0D554B63, 0x5D681121, 0xC866C359,
+ 0x3D63CF73, 0xCEE234C0, 0xD4D87E87, 0x5C672B21, 0x071F6181, 0x39F7627F,
+ 0x361E3084, 0xE4EB573B, 0x602F64A4, 0xD63ACD9C, 0x1BBC4635, 0x9E81032D,
+ 0x2701F50C, 0x99847AB4, 0xA0E3DF79, 0xBA6CF38C, 0x10843094, 0x2537A95E,
+ 0xF46F6FFE, 0xA1FF3B1F, 0x208CFB6A, 0x8F458C74, 0xD9E0A227, 0x4EC73A34,
+ 0xFC884F69, 0x3E4DE8DF, 0xEF0E0088, 0x3559648D, 0x8A45388C, 0x1D804366,
+ 0x721D9BFD, 0xA58684BB, 0xE8256333, 0x844E8212, 0x128D8098, 0xFED33FB4,
+ 0xCE280AE1, 0x27E19BA5, 0xD5A6C252, 0xE49754BD, 0xC5D655DD, 0xEB667064,
+ 0x77840B4D, 0xA1B6A801, 0x84DB26A9, 0xE0B56714, 0x21F043B7, 0xE5D05860,
+ 0x54F03084, 0x066FF472, 0xA31AA153, 0xDADC4755, 0xB5625DBF, 0x68561BE6,
+ 0x83CA6B94, 0x2D6ED23B, 0xECCF01DB, 0xA6D3D0BA, 0xB6803D5C, 0xAF77A709,
+ 0x33B4A34C, 0x397BC8D6, 0x5EE22B95, 0x5F0E5304, 0x81ED6F61, 0x20E74364,
+ 0xB45E1378, 0xDE18639B, 0x881CA122, 0xB96726D1, 0x8049A7E8, 0x22B7DA7B,
+ 0x5E552D25, 0x5272D237, 0x79D2951C, 0xC60D894C, 0x488CB402, 0x1BA4FE5B,
+ 0xA4B09F6B, 0x1CA815CF, 0xA20C3005, 0x8871DF63, 0xB9DE2FCB, 0x0CC6C9E9,
+ 0x0BEEFF53, 0xE3214517, 0xB4542835, 0x9F63293C, 0xEE41E729, 0x6E1D2D7C,
+ 0x50045286, 0x1E6685F3, 0xF33401C6, 0x30A22C95, 0x31A70850, 0x60930F13,
+ 0x73F98417, 0xA1269859, 0xEC645C44, 0x52C877A9, 0xCDFF33A6, 0xA02B1741,
+ 0x7CBAD9A2, 0x2180036F, 0x50D99C08, 0xCB3F4861, 0xC26BD765, 0x64A3F6AB,
+ 0x80342676, 0x25A75E7B, 0xE4E6D1FC, 0x20C710E6, 0xCDF0B680, 0x17844D3B,
+ 0x31EEF84D, 0x7E0824E4, 0x2CCB49EB, 0x846A3BAE, 0x8FF77888, 0xEE5D60F6,
+ 0x7AF75673, 0x2FDD5CDB, 0xA11631C1, 0x30F66F43, 0xB3FAEC54, 0x157FD7FA,
+ 0xEF8579CC, 0xD152DE58, 0xDB2FFD5E, 0x8F32CE19, 0x306AF97A, 0x02F03EF8,
+ 0x99319AD5, 0xC242FA0F, 0xA7E3EBB0, 0xC68E4906, 0xB8DA230C, 0x80823028,
+ 0xDCDEF3C8, 0xD35FB171, 0x088A1BC8, 0xBEC0C560, 0x61A3C9E8, 0xBCA8F54D,
+ 0xC72FEFFA, 0x22822E99, 0x82C570B4, 0xD8D94E89, 0x8B1C34BC, 0x301E16E6,
+ 0x273BE979, 0xB0FFEAA6, 0x61D9B8C6, 0x00B24869, 0xB7FFCE3F, 0x08DC283B,
+ 0x43DAF65A, 0xF7E19798, 0x7619B72F, 0x8F1C9BA4, 0xDC8637A0, 0x16A7D3B1,
+ 0x9FC393B7, 0xA7136EEB, 0xC6BCC63E, 0x1A513742, 0xEF6828BC, 0x520365D6,
+ 0x2D6A77AB, 0x3527ED4B, 0x821FD216, 0x095C6E2E, 0xDB92F2FB, 0x5EEA29CB,
+ 0x145892F5, 0x91584F7F, 0x5483697B, 0x2667A8CC, 0x85196048, 0x8C4BACEA,
+ 0x833860D4, 0x0D23E0F9, 0x6C387E8A, 0x0AE6D249, 0xB284600C, 0xD835731D,
+ 0xDCB1C647, 0xAC4C56EA, 0x3EBD81B3, 0x230EABB0, 0x6438BC87, 0xF0B5B1FA,
+ 0x8F5EA2B3, 0xFC184642, 0x0A036B7A, 0x4FB089BD, 0x649DA589, 0xA345415E,
+ 0x5C038323, 0x3E5D3BB9, 0x43D79572, 0x7E6DD07C, 0x06DFDF1E, 0x6C6CC4EF,
+ 0x7160A539, 0x73BFBE70, 0x83877605, 0x4523ECF1 };
+
+const u32bit CAST_SBOX3[256] = {
+ 0x8DEFC240, 0x25FA5D9F, 0xEB903DBF, 0xE810C907, 0x47607FFF, 0x369FE44B,
+ 0x8C1FC644, 0xAECECA90, 0xBEB1F9BF, 0xEEFBCAEA, 0xE8CF1950, 0x51DF07AE,
+ 0x920E8806, 0xF0AD0548, 0xE13C8D83, 0x927010D5, 0x11107D9F, 0x07647DB9,
+ 0xB2E3E4D4, 0x3D4F285E, 0xB9AFA820, 0xFADE82E0, 0xA067268B, 0x8272792E,
+ 0x553FB2C0, 0x489AE22B, 0xD4EF9794, 0x125E3FBC, 0x21FFFCEE, 0x825B1BFD,
+ 0x9255C5ED, 0x1257A240, 0x4E1A8302, 0xBAE07FFF, 0x528246E7, 0x8E57140E,
+ 0x3373F7BF, 0x8C9F8188, 0xA6FC4EE8, 0xC982B5A5, 0xA8C01DB7, 0x579FC264,
+ 0x67094F31, 0xF2BD3F5F, 0x40FFF7C1, 0x1FB78DFC, 0x8E6BD2C1, 0x437BE59B,
+ 0x99B03DBF, 0xB5DBC64B, 0x638DC0E6, 0x55819D99, 0xA197C81C, 0x4A012D6E,
+ 0xC5884A28, 0xCCC36F71, 0xB843C213, 0x6C0743F1, 0x8309893C, 0x0FEDDD5F,
+ 0x2F7FE850, 0xD7C07F7E, 0x02507FBF, 0x5AFB9A04, 0xA747D2D0, 0x1651192E,
+ 0xAF70BF3E, 0x58C31380, 0x5F98302E, 0x727CC3C4, 0x0A0FB402, 0x0F7FEF82,
+ 0x8C96FDAD, 0x5D2C2AAE, 0x8EE99A49, 0x50DA88B8, 0x8427F4A0, 0x1EAC5790,
+ 0x796FB449, 0x8252DC15, 0xEFBD7D9B, 0xA672597D, 0xADA840D8, 0x45F54504,
+ 0xFA5D7403, 0xE83EC305, 0x4F91751A, 0x925669C2, 0x23EFE941, 0xA903F12E,
+ 0x60270DF2, 0x0276E4B6, 0x94FD6574, 0x927985B2, 0x8276DBCB, 0x02778176,
+ 0xF8AF918D, 0x4E48F79E, 0x8F616DDF, 0xE29D840E, 0x842F7D83, 0x340CE5C8,
+ 0x96BBB682, 0x93B4B148, 0xEF303CAB, 0x984FAF28, 0x779FAF9B, 0x92DC560D,
+ 0x224D1E20, 0x8437AA88, 0x7D29DC96, 0x2756D3DC, 0x8B907CEE, 0xB51FD240,
+ 0xE7C07CE3, 0xE566B4A1, 0xC3E9615E, 0x3CF8209D, 0x6094D1E3, 0xCD9CA341,
+ 0x5C76460E, 0x00EA983B, 0xD4D67881, 0xFD47572C, 0xF76CEDD9, 0xBDA8229C,
+ 0x127DADAA, 0x438A074E, 0x1F97C090, 0x081BDB8A, 0x93A07EBE, 0xB938CA15,
+ 0x97B03CFF, 0x3DC2C0F8, 0x8D1AB2EC, 0x64380E51, 0x68CC7BFB, 0xD90F2788,
+ 0x12490181, 0x5DE5FFD4, 0xDD7EF86A, 0x76A2E214, 0xB9A40368, 0x925D958F,
+ 0x4B39FFFA, 0xBA39AEE9, 0xA4FFD30B, 0xFAF7933B, 0x6D498623, 0x193CBCFA,
+ 0x27627545, 0x825CF47A, 0x61BD8BA0, 0xD11E42D1, 0xCEAD04F4, 0x127EA392,
+ 0x10428DB7, 0x8272A972, 0x9270C4A8, 0x127DE50B, 0x285BA1C8, 0x3C62F44F,
+ 0x35C0EAA5, 0xE805D231, 0x428929FB, 0xB4FCDF82, 0x4FB66A53, 0x0E7DC15B,
+ 0x1F081FAB, 0x108618AE, 0xFCFD086D, 0xF9FF2889, 0x694BCC11, 0x236A5CAE,
+ 0x12DECA4D, 0x2C3F8CC5, 0xD2D02DFE, 0xF8EF5896, 0xE4CF52DA, 0x95155B67,
+ 0x494A488C, 0xB9B6A80C, 0x5C8F82BC, 0x89D36B45, 0x3A609437, 0xEC00C9A9,
+ 0x44715253, 0x0A874B49, 0xD773BC40, 0x7C34671C, 0x02717EF6, 0x4FEB5536,
+ 0xA2D02FFF, 0xD2BF60C4, 0xD43F03C0, 0x50B4EF6D, 0x07478CD1, 0x006E1888,
+ 0xA2E53F55, 0xB9E6D4BC, 0xA2048016, 0x97573833, 0xD7207D67, 0xDE0F8F3D,
+ 0x72F87B33, 0xABCC4F33, 0x7688C55D, 0x7B00A6B0, 0x947B0001, 0x570075D2,
+ 0xF9BB88F8, 0x8942019E, 0x4264A5FF, 0x856302E0, 0x72DBD92B, 0xEE971B69,
+ 0x6EA22FDE, 0x5F08AE2B, 0xAF7A616D, 0xE5C98767, 0xCF1FEBD2, 0x61EFC8C2,
+ 0xF1AC2571, 0xCC8239C2, 0x67214CB8, 0xB1E583D1, 0xB7DC3E62, 0x7F10BDCE,
+ 0xF90A5C38, 0x0FF0443D, 0x606E6DC6, 0x60543A49, 0x5727C148, 0x2BE98A1D,
+ 0x8AB41738, 0x20E1BE24, 0xAF96DA0F, 0x68458425, 0x99833BE5, 0x600D457D,
+ 0x282F9350, 0x8334B362, 0xD91D1120, 0x2B6D8DA0, 0x642B1E31, 0x9C305A00,
+ 0x52BCE688, 0x1B03588A, 0xF7BAEFD5, 0x4142ED9C, 0xA4315C11, 0x83323EC5,
+ 0xDFEF4636, 0xA133C501, 0xE9D3531C, 0xEE353783 };
+
+const u32bit CAST_SBOX4[256] = {
+ 0x9DB30420, 0x1FB6E9DE, 0xA7BE7BEF, 0xD273A298, 0x4A4F7BDB, 0x64AD8C57,
+ 0x85510443, 0xFA020ED1, 0x7E287AFF, 0xE60FB663, 0x095F35A1, 0x79EBF120,
+ 0xFD059D43, 0x6497B7B1, 0xF3641F63, 0x241E4ADF, 0x28147F5F, 0x4FA2B8CD,
+ 0xC9430040, 0x0CC32220, 0xFDD30B30, 0xC0A5374F, 0x1D2D00D9, 0x24147B15,
+ 0xEE4D111A, 0x0FCA5167, 0x71FF904C, 0x2D195FFE, 0x1A05645F, 0x0C13FEFE,
+ 0x081B08CA, 0x05170121, 0x80530100, 0xE83E5EFE, 0xAC9AF4F8, 0x7FE72701,
+ 0xD2B8EE5F, 0x06DF4261, 0xBB9E9B8A, 0x7293EA25, 0xCE84FFDF, 0xF5718801,
+ 0x3DD64B04, 0xA26F263B, 0x7ED48400, 0x547EEBE6, 0x446D4CA0, 0x6CF3D6F5,
+ 0x2649ABDF, 0xAEA0C7F5, 0x36338CC1, 0x503F7E93, 0xD3772061, 0x11B638E1,
+ 0x72500E03, 0xF80EB2BB, 0xABE0502E, 0xEC8D77DE, 0x57971E81, 0xE14F6746,
+ 0xC9335400, 0x6920318F, 0x081DBB99, 0xFFC304A5, 0x4D351805, 0x7F3D5CE3,
+ 0xA6C866C6, 0x5D5BCCA9, 0xDAEC6FEA, 0x9F926F91, 0x9F46222F, 0x3991467D,
+ 0xA5BF6D8E, 0x1143C44F, 0x43958302, 0xD0214EEB, 0x022083B8, 0x3FB6180C,
+ 0x18F8931E, 0x281658E6, 0x26486E3E, 0x8BD78A70, 0x7477E4C1, 0xB506E07C,
+ 0xF32D0A25, 0x79098B02, 0xE4EABB81, 0x28123B23, 0x69DEAD38, 0x1574CA16,
+ 0xDF871B62, 0x211C40B7, 0xA51A9EF9, 0x0014377B, 0x041E8AC8, 0x09114003,
+ 0xBD59E4D2, 0xE3D156D5, 0x4FE876D5, 0x2F91A340, 0x557BE8DE, 0x00EAE4A7,
+ 0x0CE5C2EC, 0x4DB4BBA6, 0xE756BDFF, 0xDD3369AC, 0xEC17B035, 0x06572327,
+ 0x99AFC8B0, 0x56C8C391, 0x6B65811C, 0x5E146119, 0x6E85CB75, 0xBE07C002,
+ 0xC2325577, 0x893FF4EC, 0x5BBFC92D, 0xD0EC3B25, 0xB7801AB7, 0x8D6D3B24,
+ 0x20C763EF, 0xC366A5FC, 0x9C382880, 0x0ACE3205, 0xAAC9548A, 0xECA1D7C7,
+ 0x041AFA32, 0x1D16625A, 0x6701902C, 0x9B757A54, 0x31D477F7, 0x9126B031,
+ 0x36CC6FDB, 0xC70B8B46, 0xD9E66A48, 0x56E55A79, 0x026A4CEB, 0x52437EFF,
+ 0x2F8F76B4, 0x0DF980A5, 0x8674CDE3, 0xEDDA04EB, 0x17A9BE04, 0x2C18F4DF,
+ 0xB7747F9D, 0xAB2AF7B4, 0xEFC34D20, 0x2E096B7C, 0x1741A254, 0xE5B6A035,
+ 0x213D42F6, 0x2C1C7C26, 0x61C2F50F, 0x6552DAF9, 0xD2C231F8, 0x25130F69,
+ 0xD8167FA2, 0x0418F2C8, 0x001A96A6, 0x0D1526AB, 0x63315C21, 0x5E0A72EC,
+ 0x49BAFEFD, 0x187908D9, 0x8D0DBD86, 0x311170A7, 0x3E9B640C, 0xCC3E10D7,
+ 0xD5CAD3B6, 0x0CAEC388, 0xF73001E1, 0x6C728AFF, 0x71EAE2A1, 0x1F9AF36E,
+ 0xCFCBD12F, 0xC1DE8417, 0xAC07BE6B, 0xCB44A1D8, 0x8B9B0F56, 0x013988C3,
+ 0xB1C52FCA, 0xB4BE31CD, 0xD8782806, 0x12A3A4E2, 0x6F7DE532, 0x58FD7EB6,
+ 0xD01EE900, 0x24ADFFC2, 0xF4990FC5, 0x9711AAC5, 0x001D7B95, 0x82E5E7D2,
+ 0x109873F6, 0x00613096, 0xC32D9521, 0xADA121FF, 0x29908415, 0x7FBB977F,
+ 0xAF9EB3DB, 0x29C9ED2A, 0x5CE2A465, 0xA730F32C, 0xD0AA3FE8, 0x8A5CC091,
+ 0xD49E2CE7, 0x0CE454A9, 0xD60ACD86, 0x015F1919, 0x77079103, 0xDEA03AF6,
+ 0x78A8565E, 0xDEE356DF, 0x21F05CBE, 0x8B75E387, 0xB3C50651, 0xB8A5C3EF,
+ 0xD8EEB6D2, 0xE523BE77, 0xC2154529, 0x2F69EFDF, 0xAFE67AFB, 0xF470C4B2,
+ 0xF3E0EB5B, 0xD6CC9876, 0x39E4460C, 0x1FDA8538, 0x1987832F, 0xCA007367,
+ 0xA99144F8, 0x296B299E, 0x492FC295, 0x9266BEAB, 0xB5676E69, 0x9BD3DDDA,
+ 0xDF7E052F, 0xDB25701C, 0x1B5E51EE, 0xF65324E6, 0x6AFCE36C, 0x0316CC04,
+ 0x8644213E, 0xB7DC59D0, 0x7965291F, 0xCCD6FD43, 0x41823979, 0x932BCDF6,
+ 0xB657C34D, 0x4EDFD282, 0x7AE5290C, 0x3CB9536B, 0x851E20FE, 0x9833557E,
+ 0x13ECF0B0, 0xD3FFB372, 0x3F85C5C1, 0x0AEF7ED2 };
+
+const u32bit CAST_128::S5[256] = {
+ 0x7EC90C04, 0x2C6E74B9, 0x9B0E66DF, 0xA6337911, 0xB86A7FFF, 0x1DD358F5,
+ 0x44DD9D44, 0x1731167F, 0x08FBF1FA, 0xE7F511CC, 0xD2051B00, 0x735ABA00,
+ 0x2AB722D8, 0x386381CB, 0xACF6243A, 0x69BEFD7A, 0xE6A2E77F, 0xF0C720CD,
+ 0xC4494816, 0xCCF5C180, 0x38851640, 0x15B0A848, 0xE68B18CB, 0x4CAADEFF,
+ 0x5F480A01, 0x0412B2AA, 0x259814FC, 0x41D0EFE2, 0x4E40B48D, 0x248EB6FB,
+ 0x8DBA1CFE, 0x41A99B02, 0x1A550A04, 0xBA8F65CB, 0x7251F4E7, 0x95A51725,
+ 0xC106ECD7, 0x97A5980A, 0xC539B9AA, 0x4D79FE6A, 0xF2F3F763, 0x68AF8040,
+ 0xED0C9E56, 0x11B4958B, 0xE1EB5A88, 0x8709E6B0, 0xD7E07156, 0x4E29FEA7,
+ 0x6366E52D, 0x02D1C000, 0xC4AC8E05, 0x9377F571, 0x0C05372A, 0x578535F2,
+ 0x2261BE02, 0xD642A0C9, 0xDF13A280, 0x74B55BD2, 0x682199C0, 0xD421E5EC,
+ 0x53FB3CE8, 0xC8ADEDB3, 0x28A87FC9, 0x3D959981, 0x5C1FF900, 0xFE38D399,
+ 0x0C4EFF0B, 0x062407EA, 0xAA2F4FB1, 0x4FB96976, 0x90C79505, 0xB0A8A774,
+ 0xEF55A1FF, 0xE59CA2C2, 0xA6B62D27, 0xE66A4263, 0xDF65001F, 0x0EC50966,
+ 0xDFDD55BC, 0x29DE0655, 0x911E739A, 0x17AF8975, 0x32C7911C, 0x89F89468,
+ 0x0D01E980, 0x524755F4, 0x03B63CC9, 0x0CC844B2, 0xBCF3F0AA, 0x87AC36E9,
+ 0xE53A7426, 0x01B3D82B, 0x1A9E7449, 0x64EE2D7E, 0xCDDBB1DA, 0x01C94910,
+ 0xB868BF80, 0x0D26F3FD, 0x9342EDE7, 0x04A5C284, 0x636737B6, 0x50F5B616,
+ 0xF24766E3, 0x8ECA36C1, 0x136E05DB, 0xFEF18391, 0xFB887A37, 0xD6E7F7D4,
+ 0xC7FB7DC9, 0x3063FCDF, 0xB6F589DE, 0xEC2941DA, 0x26E46695, 0xB7566419,
+ 0xF654EFC5, 0xD08D58B7, 0x48925401, 0xC1BACB7F, 0xE5FF550F, 0xB6083049,
+ 0x5BB5D0E8, 0x87D72E5A, 0xAB6A6EE1, 0x223A66CE, 0xC62BF3CD, 0x9E0885F9,
+ 0x68CB3E47, 0x086C010F, 0xA21DE820, 0xD18B69DE, 0xF3F65777, 0xFA02C3F6,
+ 0x407EDAC3, 0xCBB3D550, 0x1793084D, 0xB0D70EBA, 0x0AB378D5, 0xD951FB0C,
+ 0xDED7DA56, 0x4124BBE4, 0x94CA0B56, 0x0F5755D1, 0xE0E1E56E, 0x6184B5BE,
+ 0x580A249F, 0x94F74BC0, 0xE327888E, 0x9F7B5561, 0xC3DC0280, 0x05687715,
+ 0x646C6BD7, 0x44904DB3, 0x66B4F0A3, 0xC0F1648A, 0x697ED5AF, 0x49E92FF6,
+ 0x309E374F, 0x2CB6356A, 0x85808573, 0x4991F840, 0x76F0AE02, 0x083BE84D,
+ 0x28421C9A, 0x44489406, 0x736E4CB8, 0xC1092910, 0x8BC95FC6, 0x7D869CF4,
+ 0x134F616F, 0x2E77118D, 0xB31B2BE1, 0xAA90B472, 0x3CA5D717, 0x7D161BBA,
+ 0x9CAD9010, 0xAF462BA2, 0x9FE459D2, 0x45D34559, 0xD9F2DA13, 0xDBC65487,
+ 0xF3E4F94E, 0x176D486F, 0x097C13EA, 0x631DA5C7, 0x445F7382, 0x175683F4,
+ 0xCDC66A97, 0x70BE0288, 0xB3CDCF72, 0x6E5DD2F3, 0x20936079, 0x459B80A5,
+ 0xBE60E2DB, 0xA9C23101, 0xEBA5315C, 0x224E42F2, 0x1C5C1572, 0xF6721B2C,
+ 0x1AD2FFF3, 0x8C25404E, 0x324ED72F, 0x4067B7FD, 0x0523138E, 0x5CA3BC78,
+ 0xDC0FD66E, 0x75922283, 0x784D6B17, 0x58EBB16E, 0x44094F85, 0x3F481D87,
+ 0xFCFEAE7B, 0x77B5FF76, 0x8C2302BF, 0xAAF47556, 0x5F46B02A, 0x2B092801,
+ 0x3D38F5F7, 0x0CA81F36, 0x52AF4A8A, 0x66D5E7C0, 0xDF3B0874, 0x95055110,
+ 0x1B5AD7A8, 0xF61ED5AD, 0x6CF6E479, 0x20758184, 0xD0CEFA65, 0x88F7BE58,
+ 0x4A046826, 0x0FF6F8F3, 0xA09C7F70, 0x5346ABA0, 0x5CE96C28, 0xE176EDA3,
+ 0x6BAC307F, 0x376829D2, 0x85360FA9, 0x17E3FE2A, 0x24B79767, 0xF5A96B20,
+ 0xD6CD2595, 0x68FF1EBF, 0x7555442C, 0xF19F06BE, 0xF9E0659A, 0xEEB9491D,
+ 0x34010718, 0xBB30CAB8, 0xE822FE15, 0x88570983, 0x750E6249, 0xDA627E55,
+ 0x5E76FFA8, 0xB1534546, 0x6D47DE08, 0xEFE9E7D4 };
+
+const u32bit CAST_128::S6[256] = {
+ 0xF6FA8F9D, 0x2CAC6CE1, 0x4CA34867, 0xE2337F7C, 0x95DB08E7, 0x016843B4,
+ 0xECED5CBC, 0x325553AC, 0xBF9F0960, 0xDFA1E2ED, 0x83F0579D, 0x63ED86B9,
+ 0x1AB6A6B8, 0xDE5EBE39, 0xF38FF732, 0x8989B138, 0x33F14961, 0xC01937BD,
+ 0xF506C6DA, 0xE4625E7E, 0xA308EA99, 0x4E23E33C, 0x79CBD7CC, 0x48A14367,
+ 0xA3149619, 0xFEC94BD5, 0xA114174A, 0xEAA01866, 0xA084DB2D, 0x09A8486F,
+ 0xA888614A, 0x2900AF98, 0x01665991, 0xE1992863, 0xC8F30C60, 0x2E78EF3C,
+ 0xD0D51932, 0xCF0FEC14, 0xF7CA07D2, 0xD0A82072, 0xFD41197E, 0x9305A6B0,
+ 0xE86BE3DA, 0x74BED3CD, 0x372DA53C, 0x4C7F4448, 0xDAB5D440, 0x6DBA0EC3,
+ 0x083919A7, 0x9FBAEED9, 0x49DBCFB0, 0x4E670C53, 0x5C3D9C01, 0x64BDB941,
+ 0x2C0E636A, 0xBA7DD9CD, 0xEA6F7388, 0xE70BC762, 0x35F29ADB, 0x5C4CDD8D,
+ 0xF0D48D8C, 0xB88153E2, 0x08A19866, 0x1AE2EAC8, 0x284CAF89, 0xAA928223,
+ 0x9334BE53, 0x3B3A21BF, 0x16434BE3, 0x9AEA3906, 0xEFE8C36E, 0xF890CDD9,
+ 0x80226DAE, 0xC340A4A3, 0xDF7E9C09, 0xA694A807, 0x5B7C5ECC, 0x221DB3A6,
+ 0x9A69A02F, 0x68818A54, 0xCEB2296F, 0x53C0843A, 0xFE893655, 0x25BFE68A,
+ 0xB4628ABC, 0xCF222EBF, 0x25AC6F48, 0xA9A99387, 0x53BDDB65, 0xE76FFBE7,
+ 0xE967FD78, 0x0BA93563, 0x8E342BC1, 0xE8A11BE9, 0x4980740D, 0xC8087DFC,
+ 0x8DE4BF99, 0xA11101A0, 0x7FD37975, 0xDA5A26C0, 0xE81F994F, 0x9528CD89,
+ 0xFD339FED, 0xB87834BF, 0x5F04456D, 0x22258698, 0xC9C4C83B, 0x2DC156BE,
+ 0x4F628DAA, 0x57F55EC5, 0xE2220ABE, 0xD2916EBF, 0x4EC75B95, 0x24F2C3C0,
+ 0x42D15D99, 0xCD0D7FA0, 0x7B6E27FF, 0xA8DC8AF0, 0x7345C106, 0xF41E232F,
+ 0x35162386, 0xE6EA8926, 0x3333B094, 0x157EC6F2, 0x372B74AF, 0x692573E4,
+ 0xE9A9D848, 0xF3160289, 0x3A62EF1D, 0xA787E238, 0xF3A5F676, 0x74364853,
+ 0x20951063, 0x4576698D, 0xB6FAD407, 0x592AF950, 0x36F73523, 0x4CFB6E87,
+ 0x7DA4CEC0, 0x6C152DAA, 0xCB0396A8, 0xC50DFE5D, 0xFCD707AB, 0x0921C42F,
+ 0x89DFF0BB, 0x5FE2BE78, 0x448F4F33, 0x754613C9, 0x2B05D08D, 0x48B9D585,
+ 0xDC049441, 0xC8098F9B, 0x7DEDE786, 0xC39A3373, 0x42410005, 0x6A091751,
+ 0x0EF3C8A6, 0x890072D6, 0x28207682, 0xA9A9F7BE, 0xBF32679D, 0xD45B5B75,
+ 0xB353FD00, 0xCBB0E358, 0x830F220A, 0x1F8FB214, 0xD372CF08, 0xCC3C4A13,
+ 0x8CF63166, 0x061C87BE, 0x88C98F88, 0x6062E397, 0x47CF8E7A, 0xB6C85283,
+ 0x3CC2ACFB, 0x3FC06976, 0x4E8F0252, 0x64D8314D, 0xDA3870E3, 0x1E665459,
+ 0xC10908F0, 0x513021A5, 0x6C5B68B7, 0x822F8AA0, 0x3007CD3E, 0x74719EEF,
+ 0xDC872681, 0x073340D4, 0x7E432FD9, 0x0C5EC241, 0x8809286C, 0xF592D891,
+ 0x08A930F6, 0x957EF305, 0xB7FBFFBD, 0xC266E96F, 0x6FE4AC98, 0xB173ECC0,
+ 0xBC60B42A, 0x953498DA, 0xFBA1AE12, 0x2D4BD736, 0x0F25FAAB, 0xA4F3FCEB,
+ 0xE2969123, 0x257F0C3D, 0x9348AF49, 0x361400BC, 0xE8816F4A, 0x3814F200,
+ 0xA3F94043, 0x9C7A54C2, 0xBC704F57, 0xDA41E7F9, 0xC25AD33A, 0x54F4A084,
+ 0xB17F5505, 0x59357CBE, 0xEDBD15C8, 0x7F97C5AB, 0xBA5AC7B5, 0xB6F6DEAF,
+ 0x3A479C3A, 0x5302DA25, 0x653D7E6A, 0x54268D49, 0x51A477EA, 0x5017D55B,
+ 0xD7D25D88, 0x44136C76, 0x0404A8C8, 0xB8E5A121, 0xB81A928A, 0x60ED5869,
+ 0x97C55B96, 0xEAEC991B, 0x29935913, 0x01FDB7F1, 0x088E8DFA, 0x9AB6F6F5,
+ 0x3B4CBF9F, 0x4A5DE3AB, 0xE6051D35, 0xA0E1D855, 0xD36B4CF1, 0xF544EDEB,
+ 0xB0E93524, 0xBEBB8FBD, 0xA2D762CF, 0x49C92F54, 0x38B5F331, 0x7128A454,
+ 0x48392905, 0xA65B1DB8, 0x851C97BD, 0xD675CF2F };
+
+const u32bit CAST_128::S7[256] = {
+ 0x85E04019, 0x332BF567, 0x662DBFFF, 0xCFC65693, 0x2A8D7F6F, 0xAB9BC912,
+ 0xDE6008A1, 0x2028DA1F, 0x0227BCE7, 0x4D642916, 0x18FAC300, 0x50F18B82,
+ 0x2CB2CB11, 0xB232E75C, 0x4B3695F2, 0xB28707DE, 0xA05FBCF6, 0xCD4181E9,
+ 0xE150210C, 0xE24EF1BD, 0xB168C381, 0xFDE4E789, 0x5C79B0D8, 0x1E8BFD43,
+ 0x4D495001, 0x38BE4341, 0x913CEE1D, 0x92A79C3F, 0x089766BE, 0xBAEEADF4,
+ 0x1286BECF, 0xB6EACB19, 0x2660C200, 0x7565BDE4, 0x64241F7A, 0x8248DCA9,
+ 0xC3B3AD66, 0x28136086, 0x0BD8DFA8, 0x356D1CF2, 0x107789BE, 0xB3B2E9CE,
+ 0x0502AA8F, 0x0BC0351E, 0x166BF52A, 0xEB12FF82, 0xE3486911, 0xD34D7516,
+ 0x4E7B3AFF, 0x5F43671B, 0x9CF6E037, 0x4981AC83, 0x334266CE, 0x8C9341B7,
+ 0xD0D854C0, 0xCB3A6C88, 0x47BC2829, 0x4725BA37, 0xA66AD22B, 0x7AD61F1E,
+ 0x0C5CBAFA, 0x4437F107, 0xB6E79962, 0x42D2D816, 0x0A961288, 0xE1A5C06E,
+ 0x13749E67, 0x72FC081A, 0xB1D139F7, 0xF9583745, 0xCF19DF58, 0xBEC3F756,
+ 0xC06EBA30, 0x07211B24, 0x45C28829, 0xC95E317F, 0xBC8EC511, 0x38BC46E9,
+ 0xC6E6FA14, 0xBAE8584A, 0xAD4EBC46, 0x468F508B, 0x7829435F, 0xF124183B,
+ 0x821DBA9F, 0xAFF60FF4, 0xEA2C4E6D, 0x16E39264, 0x92544A8B, 0x009B4FC3,
+ 0xABA68CED, 0x9AC96F78, 0x06A5B79A, 0xB2856E6E, 0x1AEC3CA9, 0xBE838688,
+ 0x0E0804E9, 0x55F1BE56, 0xE7E5363B, 0xB3A1F25D, 0xF7DEBB85, 0x61FE033C,
+ 0x16746233, 0x3C034C28, 0xDA6D0C74, 0x79AAC56C, 0x3CE4E1AD, 0x51F0C802,
+ 0x98F8F35A, 0x1626A49F, 0xEED82B29, 0x1D382FE3, 0x0C4FB99A, 0xBB325778,
+ 0x3EC6D97B, 0x6E77A6A9, 0xCB658B5C, 0xD45230C7, 0x2BD1408B, 0x60C03EB7,
+ 0xB9068D78, 0xA33754F4, 0xF430C87D, 0xC8A71302, 0xB96D8C32, 0xEBD4E7BE,
+ 0xBE8B9D2D, 0x7979FB06, 0xE7225308, 0x8B75CF77, 0x11EF8DA4, 0xE083C858,
+ 0x8D6B786F, 0x5A6317A6, 0xFA5CF7A0, 0x5DDA0033, 0xF28EBFB0, 0xF5B9C310,
+ 0xA0EAC280, 0x08B9767A, 0xA3D9D2B0, 0x79D34217, 0x021A718D, 0x9AC6336A,
+ 0x2711FD60, 0x438050E3, 0x069908A8, 0x3D7FEDC4, 0x826D2BEF, 0x4EEB8476,
+ 0x488DCF25, 0x36C9D566, 0x28E74E41, 0xC2610ACA, 0x3D49A9CF, 0xBAE3B9DF,
+ 0xB65F8DE6, 0x92AEAF64, 0x3AC7D5E6, 0x9EA80509, 0xF22B017D, 0xA4173F70,
+ 0xDD1E16C3, 0x15E0D7F9, 0x50B1B887, 0x2B9F4FD5, 0x625ABA82, 0x6A017962,
+ 0x2EC01B9C, 0x15488AA9, 0xD716E740, 0x40055A2C, 0x93D29A22, 0xE32DBF9A,
+ 0x058745B9, 0x3453DC1E, 0xD699296E, 0x496CFF6F, 0x1C9F4986, 0xDFE2ED07,
+ 0xB87242D1, 0x19DE7EAE, 0x053E561A, 0x15AD6F8C, 0x66626C1C, 0x7154C24C,
+ 0xEA082B2A, 0x93EB2939, 0x17DCB0F0, 0x58D4F2AE, 0x9EA294FB, 0x52CF564C,
+ 0x9883FE66, 0x2EC40581, 0x763953C3, 0x01D6692E, 0xD3A0C108, 0xA1E7160E,
+ 0xE4F2DFA6, 0x693ED285, 0x74904698, 0x4C2B0EDD, 0x4F757656, 0x5D393378,
+ 0xA132234F, 0x3D321C5D, 0xC3F5E194, 0x4B269301, 0xC79F022F, 0x3C997E7E,
+ 0x5E4F9504, 0x3FFAFBBD, 0x76F7AD0E, 0x296693F4, 0x3D1FCE6F, 0xC61E45BE,
+ 0xD3B5AB34, 0xF72BF9B7, 0x1B0434C0, 0x4E72B567, 0x5592A33D, 0xB5229301,
+ 0xCFD2A87F, 0x60AEB767, 0x1814386B, 0x30BCC33D, 0x38A0C07D, 0xFD1606F2,
+ 0xC363519B, 0x589DD390, 0x5479F8E6, 0x1CB8D647, 0x97FD61A9, 0xEA7759F4,
+ 0x2D57539D, 0x569A58CF, 0xE84E63AD, 0x462E1B78, 0x6580F87E, 0xF3817914,
+ 0x91DA55F4, 0x40A230F3, 0xD1988F35, 0xB6E318D2, 0x3FFA50BC, 0x3D40F021,
+ 0xC3C0BDAE, 0x4958C24C, 0x518F36B2, 0x84B1D370, 0x0FEDCE83, 0x878DDADA,
+ 0xF2A279C7, 0x94E01BE8, 0x90716F4B, 0x954B8AA3 };
+
+const u32bit CAST_128::S8[256] = {
+ 0xE216300D, 0xBBDDFFFC, 0xA7EBDABD, 0x35648095, 0x7789F8B7, 0xE6C1121B,
+ 0x0E241600, 0x052CE8B5, 0x11A9CFB0, 0xE5952F11, 0xECE7990A, 0x9386D174,
+ 0x2A42931C, 0x76E38111, 0xB12DEF3A, 0x37DDDDFC, 0xDE9ADEB1, 0x0A0CC32C,
+ 0xBE197029, 0x84A00940, 0xBB243A0F, 0xB4D137CF, 0xB44E79F0, 0x049EEDFD,
+ 0x0B15A15D, 0x480D3168, 0x8BBBDE5A, 0x669DED42, 0xC7ECE831, 0x3F8F95E7,
+ 0x72DF191B, 0x7580330D, 0x94074251, 0x5C7DCDFA, 0xABBE6D63, 0xAA402164,
+ 0xB301D40A, 0x02E7D1CA, 0x53571DAE, 0x7A3182A2, 0x12A8DDEC, 0xFDAA335D,
+ 0x176F43E8, 0x71FB46D4, 0x38129022, 0xCE949AD4, 0xB84769AD, 0x965BD862,
+ 0x82F3D055, 0x66FB9767, 0x15B80B4E, 0x1D5B47A0, 0x4CFDE06F, 0xC28EC4B8,
+ 0x57E8726E, 0x647A78FC, 0x99865D44, 0x608BD593, 0x6C200E03, 0x39DC5FF6,
+ 0x5D0B00A3, 0xAE63AFF2, 0x7E8BD632, 0x70108C0C, 0xBBD35049, 0x2998DF04,
+ 0x980CF42A, 0x9B6DF491, 0x9E7EDD53, 0x06918548, 0x58CB7E07, 0x3B74EF2E,
+ 0x522FFFB1, 0xD24708CC, 0x1C7E27CD, 0xA4EB215B, 0x3CF1D2E2, 0x19B47A38,
+ 0x424F7618, 0x35856039, 0x9D17DEE7, 0x27EB35E6, 0xC9AFF67B, 0x36BAF5B8,
+ 0x09C467CD, 0xC18910B1, 0xE11DBF7B, 0x06CD1AF8, 0x7170C608, 0x2D5E3354,
+ 0xD4DE495A, 0x64C6D006, 0xBCC0C62C, 0x3DD00DB3, 0x708F8F34, 0x77D51B42,
+ 0x264F620F, 0x24B8D2BF, 0x15C1B79E, 0x46A52564, 0xF8D7E54E, 0x3E378160,
+ 0x7895CDA5, 0x859C15A5, 0xE6459788, 0xC37BC75F, 0xDB07BA0C, 0x0676A3AB,
+ 0x7F229B1E, 0x31842E7B, 0x24259FD7, 0xF8BEF472, 0x835FFCB8, 0x6DF4C1F2,
+ 0x96F5B195, 0xFD0AF0FC, 0xB0FE134C, 0xE2506D3D, 0x4F9B12EA, 0xF215F225,
+ 0xA223736F, 0x9FB4C428, 0x25D04979, 0x34C713F8, 0xC4618187, 0xEA7A6E98,
+ 0x7CD16EFC, 0x1436876C, 0xF1544107, 0xBEDEEE14, 0x56E9AF27, 0xA04AA441,
+ 0x3CF7C899, 0x92ECBAE6, 0xDD67016D, 0x151682EB, 0xA842EEDF, 0xFDBA60B4,
+ 0xF1907B75, 0x20E3030F, 0x24D8C29E, 0xE139673B, 0xEFA63FB8, 0x71873054,
+ 0xB6F2CF3B, 0x9F326442, 0xCB15A4CC, 0xB01A4504, 0xF1E47D8D, 0x844A1BE5,
+ 0xBAE7DFDC, 0x42CBDA70, 0xCD7DAE0A, 0x57E85B7A, 0xD53F5AF6, 0x20CF4D8C,
+ 0xCEA4D428, 0x79D130A4, 0x3486EBFB, 0x33D3CDDC, 0x77853B53, 0x37EFFCB5,
+ 0xC5068778, 0xE580B3E6, 0x4E68B8F4, 0xC5C8B37E, 0x0D809EA2, 0x398FEB7C,
+ 0x132A4F94, 0x43B7950E, 0x2FEE7D1C, 0x223613BD, 0xDD06CAA2, 0x37DF932B,
+ 0xC4248289, 0xACF3EBC3, 0x5715F6B7, 0xEF3478DD, 0xF267616F, 0xC148CBE4,
+ 0x9052815E, 0x5E410FAB, 0xB48A2465, 0x2EDA7FA4, 0xE87B40E4, 0xE98EA084,
+ 0x5889E9E1, 0xEFD390FC, 0xDD07D35B, 0xDB485694, 0x38D7E5B2, 0x57720101,
+ 0x730EDEBC, 0x5B643113, 0x94917E4F, 0x503C2FBA, 0x646F1282, 0x7523D24A,
+ 0xE0779695, 0xF9C17A8F, 0x7A5B2121, 0xD187B896, 0x29263A4D, 0xBA510CDF,
+ 0x81F47C9F, 0xAD1163ED, 0xEA7B5965, 0x1A00726E, 0x11403092, 0x00DA6D77,
+ 0x4A0CDD61, 0xAD1F4603, 0x605BDFB0, 0x9EEDC364, 0x22EBE6A8, 0xCEE7D28A,
+ 0xA0E736A0, 0x5564A6B9, 0x10853209, 0xC7EB8F37, 0x2DE705CA, 0x8951570F,
+ 0xDF09822B, 0xBD691A6C, 0xAA12E4F2, 0x87451C0F, 0xE0F6A27A, 0x3ADA4819,
+ 0x4CF1764F, 0x0D771C2B, 0x67CDB156, 0x350D8384, 0x5938FA0F, 0x42399EF3,
+ 0x36997B07, 0x0E84093D, 0x4AA93E61, 0x8360D87B, 0x1FA98B0C, 0x1149382C,
+ 0xE97625A5, 0x0614D1B7, 0x0E25244B, 0x0C768347, 0x589E8D82, 0x0D2059D1,
+ 0xA466BB1E, 0xF8DA0A82, 0x04F19130, 0xBA6E4EC0, 0x99265164, 0x1EE7230D,
+ 0x50B2AD80, 0xEAEE6801, 0x8DB2A283, 0xEA8BF59E };
+
+const u32bit CAST_256::KEY_MASK[192] = {
+ 0x5A827999, 0xC95C653A, 0x383650DB, 0xA7103C7C, 0x15EA281D, 0x84C413BE,
+ 0xF39DFF5F, 0x6277EB00, 0xD151D6A1, 0x402BC242, 0xAF05ADE3, 0x1DDF9984,
+ 0x8CB98525, 0xFB9370C6, 0x6A6D5C67, 0xD9474808, 0x482133A9, 0xB6FB1F4A,
+ 0x25D50AEB, 0x94AEF68C, 0x0388E22D, 0x7262CDCE, 0xE13CB96F, 0x5016A510,
+ 0xBEF090B1, 0x2DCA7C52, 0x9CA467F3, 0x0B7E5394, 0x7A583F35, 0xE9322AD6,
+ 0x580C1677, 0xC6E60218, 0x35BFEDB9, 0xA499D95A, 0x1373C4FB, 0x824DB09C,
+ 0xF1279C3D, 0x600187DE, 0xCEDB737F, 0x3DB55F20, 0xAC8F4AC1, 0x1B693662,
+ 0x8A432203, 0xF91D0DA4, 0x67F6F945, 0xD6D0E4E6, 0x45AAD087, 0xB484BC28,
+ 0x235EA7C9, 0x9238936A, 0x01127F0B, 0x6FEC6AAC, 0xDEC6564D, 0x4DA041EE,
+ 0xBC7A2D8F, 0x2B541930, 0x9A2E04D1, 0x0907F072, 0x77E1DC13, 0xE6BBC7B4,
+ 0x5595B355, 0xC46F9EF6, 0x33498A97, 0xA2237638, 0x10FD61D9, 0x7FD74D7A,
+ 0xEEB1391B, 0x5D8B24BC, 0xCC65105D, 0x3B3EFBFE, 0xAA18E79F, 0x18F2D340,
+ 0x87CCBEE1, 0xF6A6AA82, 0x65809623, 0xD45A81C4, 0x43346D65, 0xB20E5906,
+ 0x20E844A7, 0x8FC23048, 0xFE9C1BE9, 0x6D76078A, 0xDC4FF32B, 0x4B29DECC,
+ 0xBA03CA6D, 0x28DDB60E, 0x97B7A1AF, 0x06918D50, 0x756B78F1, 0xE4456492,
+ 0x531F5033, 0xC1F93BD4, 0x30D32775, 0x9FAD1316, 0x0E86FEB7, 0x7D60EA58,
+ 0xEC3AD5F9, 0x5B14C19A, 0xC9EEAD3B, 0x38C898DC, 0xA7A2847D, 0x167C701E,
+ 0x85565BBF, 0xF4304760, 0x630A3301, 0xD1E41EA2, 0x40BE0A43, 0xAF97F5E4,
+ 0x1E71E185, 0x8D4BCD26, 0xFC25B8C7, 0x6AFFA468, 0xD9D99009, 0x48B37BAA,
+ 0xB78D674B, 0x266752EC, 0x95413E8D, 0x041B2A2E, 0x72F515CF, 0xE1CF0170,
+ 0x50A8ED11, 0xBF82D8B2, 0x2E5CC453, 0x9D36AFF4, 0x0C109B95, 0x7AEA8736,
+ 0xE9C472D7, 0x589E5E78, 0xC7784A19, 0x365235BA, 0xA52C215B, 0x14060CFC,
+ 0x82DFF89D, 0xF1B9E43E, 0x6093CFDF, 0xCF6DBB80, 0x3E47A721, 0xAD2192C2,
+ 0x1BFB7E63, 0x8AD56A04, 0xF9AF55A5, 0x68894146, 0xD7632CE7, 0x463D1888,
+ 0xB5170429, 0x23F0EFCA, 0x92CADB6B, 0x01A4C70C, 0x707EB2AD, 0xDF589E4E,
+ 0x4E3289EF, 0xBD0C7590, 0x2BE66131, 0x9AC04CD2, 0x099A3873, 0x78742414,
+ 0xE74E0FB5, 0x5627FB56, 0xC501E6F7, 0x33DBD298, 0xA2B5BE39, 0x118FA9DA,
+ 0x8069957B, 0xEF43811C, 0x5E1D6CBD, 0xCCF7585E, 0x3BD143FF, 0xAAAB2FA0,
+ 0x19851B41, 0x885F06E2, 0xF738F283, 0x6612DE24, 0xD4ECC9C5, 0x43C6B566,
+ 0xB2A0A107, 0x217A8CA8, 0x90547849, 0xFF2E63EA, 0x6E084F8B, 0xDCE23B2C,
+ 0x4BBC26CD, 0xBA96126E, 0x296FFE0F, 0x9849E9B0, 0x0723D551, 0x75FDC0F2,
+ 0xE4D7AC93, 0x53B19834, 0xC28B83D5, 0x31656F76, 0xA03F5B17, 0x0F1946B8 };
+
+const byte CAST_256::KEY_ROT[32] = {
+ 0x13, 0x04, 0x15, 0x06, 0x17, 0x08, 0x19, 0x0A, 0x1B, 0x0C, 0x1D, 0x0E,
+ 0x1F, 0x10, 0x01, 0x12, 0x03, 0x14, 0x05, 0x16, 0x07, 0x18, 0x09, 0x1A,
+ 0x0B, 0x1C, 0x0D, 0x1E, 0x0F, 0x00, 0x11, 0x02 };
+
+}
diff --git a/src/cbc.cpp b/src/cbc.cpp
new file mode 100644
index 000000000..1638b9d11
--- /dev/null
+++ b/src/cbc.cpp
@@ -0,0 +1,157 @@
+/*************************************************
+* CBC Mode Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/cbc.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* CBC Encryption Constructor *
+*************************************************/
+CBC_Encryption::CBC_Encryption(const std::string& cipher_name,
+ const std::string& padding_name) :
+ BlockCipherMode(cipher_name, "CBC", block_size_of(cipher_name)),
+ padder(get_bc_pad(padding_name))
+ {
+ if(!padder->valid_blocksize(BLOCK_SIZE))
+ throw Invalid_Block_Size(name(), padder->name());
+ }
+
+/*************************************************
+* CBC Encryption Constructor *
+*************************************************/
+CBC_Encryption::CBC_Encryption(const std::string& cipher_name,
+ const std::string& padding_name,
+ const SymmetricKey& key,
+ const InitializationVector& iv) :
+ BlockCipherMode(cipher_name, "CBC", block_size_of(cipher_name)),
+ padder(get_bc_pad(padding_name))
+ {
+ if(!padder->valid_blocksize(BLOCK_SIZE))
+ throw Invalid_Block_Size(name(), padder->name());
+ set_key(key);
+ set_iv(iv);
+ }
+
+/*************************************************
+* Encrypt in CBC mode *
+*************************************************/
+void CBC_Encryption::write(const byte input[], u32bit length)
+ {
+ while(length)
+ {
+ u32bit xored = std::min(BLOCK_SIZE - position, length);
+ xor_buf(state + position, input, xored);
+ input += xored;
+ length -= xored;
+ position += xored;
+ if(position == BLOCK_SIZE)
+ {
+ cipher->encrypt(state);
+ send(state, BLOCK_SIZE);
+ position = 0;
+ }
+ }
+ }
+
+/*************************************************
+* Finish encrypting in CBC mode *
+*************************************************/
+void CBC_Encryption::end_msg()
+ {
+ SecureVector<byte> padding(BLOCK_SIZE);
+ padder->pad(padding, padding.size(), position);
+ write(padding, padder->pad_bytes(BLOCK_SIZE, position));
+ if(position != 0)
+ throw Exception(name() + ": Did not pad to full blocksize");
+ }
+
+/*************************************************
+* Return a CBC mode name *
+*************************************************/
+std::string CBC_Encryption::name() const
+ {
+ return (cipher->name() + "/" + mode_name + "/" + padder->name());
+ }
+
+/*************************************************
+* CBC Decryption Constructor *
+*************************************************/
+CBC_Decryption::CBC_Decryption(const std::string& cipher_name,
+ const std::string& padding_name) :
+ BlockCipherMode(cipher_name, "CBC", block_size_of(cipher_name)),
+ padder(get_bc_pad(padding_name))
+ {
+ if(!padder->valid_blocksize(BLOCK_SIZE))
+ throw Invalid_Block_Size(name(), padder->name());
+ temp.create(BLOCK_SIZE);
+ }
+
+/*************************************************
+* CBC Decryption Constructor *
+*************************************************/
+CBC_Decryption::CBC_Decryption(const std::string& cipher_name,
+ const std::string& padding_name,
+ const SymmetricKey& key,
+ const InitializationVector& iv) :
+ BlockCipherMode(cipher_name, "CBC", block_size_of(cipher_name)),
+ padder(get_bc_pad(padding_name))
+ {
+ if(!padder->valid_blocksize(BLOCK_SIZE))
+ throw Invalid_Block_Size(name(), padder->name());
+ temp.create(BLOCK_SIZE);
+ set_key(key);
+ set_iv(iv);
+ }
+
+/*************************************************
+* Decrypt in CBC mode *
+*************************************************/
+void CBC_Decryption::write(const byte input[], u32bit length)
+ {
+ while(length)
+ {
+ if(position == BLOCK_SIZE)
+ {
+ cipher->decrypt(buffer, temp);
+ xor_buf(temp, state, BLOCK_SIZE);
+ send(temp, BLOCK_SIZE);
+ state = buffer;
+ position = 0;
+ }
+ u32bit added = std::min(BLOCK_SIZE - position, length);
+ buffer.copy(position, input, added);
+ input += added;
+ length -= added;
+ position += added;
+ }
+ }
+
+/*************************************************
+* Finish decrypting in CBC mode *
+*************************************************/
+void CBC_Decryption::end_msg()
+ {
+ if(position != BLOCK_SIZE)
+ throw Decoding_Error(name());
+ cipher->decrypt(buffer, temp);
+ xor_buf(temp, state, BLOCK_SIZE);
+ send(temp, padder->unpad(temp, BLOCK_SIZE));
+ state = buffer;
+ position = 0;
+ }
+
+/*************************************************
+* Return a CBC mode name *
+*************************************************/
+std::string CBC_Decryption::name() const
+ {
+ return (cipher->name() + "/" + mode_name + "/" + padder->name());
+ }
+
+}
diff --git a/src/certstore.cpp b/src/certstore.cpp
new file mode 100644
index 000000000..a300ccbea
--- /dev/null
+++ b/src/certstore.cpp
@@ -0,0 +1,46 @@
+/*************************************************
+* Certificate Store Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/certstor.h>
+
+namespace Botan {
+
+/*************************************************
+* Search by name *
+*************************************************/
+std::vector<X509_Certificate>
+Certificate_Store::by_name(const std::string&) const
+ {
+ return std::vector<X509_Certificate>();
+ }
+
+/*************************************************
+* Search by email *
+*************************************************/
+std::vector<X509_Certificate>
+Certificate_Store::by_email(const std::string&) const
+ {
+ return std::vector<X509_Certificate>();
+ }
+
+/*************************************************
+* Search by X.500 distinguished name *
+*************************************************/
+std::vector<X509_Certificate>
+Certificate_Store::by_dn(const X509_DN&) const
+ {
+ return std::vector<X509_Certificate>();
+ }
+
+/*************************************************
+* Find any CRLs that might be useful *
+*************************************************/
+std::vector<X509_CRL>
+Certificate_Store::get_crls_for(const X509_Certificate&) const
+ {
+ return std::vector<X509_CRL>();
+ }
+
+}
diff --git a/src/cfb.cpp b/src/cfb.cpp
new file mode 100644
index 000000000..e02c51af5
--- /dev/null
+++ b/src/cfb.cpp
@@ -0,0 +1,142 @@
+/*************************************************
+* CFB Mode Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/cfb.h>
+#include <botan/lookup.h>
+#include <botan/parsing.h>
+#include <botan/bit_ops.h>
+#include <algorithm>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Check the feedback size *
+*************************************************/
+void check_feedback(u32bit BLOCK_SIZE, u32bit FEEDBACK_SIZE, u32bit bits,
+ const std::string& name)
+ {
+ if(FEEDBACK_SIZE == 0 || FEEDBACK_SIZE > BLOCK_SIZE || bits % 8 != 0)
+ throw Invalid_Argument(name + ": Invalid feedback size " +
+ to_string(bits));
+ }
+
+}
+
+/*************************************************
+* CFB Encryption Constructor *
+*************************************************/
+CFB_Encryption::CFB_Encryption(const std::string& cipher_name,
+ u32bit fback_bits) :
+ BlockCipherMode(cipher_name, "CFB", block_size_of(cipher_name), 1),
+ FEEDBACK_SIZE(fback_bits ? fback_bits / 8: BLOCK_SIZE)
+ {
+ check_feedback(BLOCK_SIZE, FEEDBACK_SIZE, fback_bits, name());
+ }
+
+/*************************************************
+* CFB Encryption Constructor *
+*************************************************/
+CFB_Encryption::CFB_Encryption(const std::string& cipher_name,
+ const SymmetricKey& key,
+ const InitializationVector& iv,
+ u32bit fback_bits) :
+ BlockCipherMode(cipher_name, "CFB", block_size_of(cipher_name), 1),
+ FEEDBACK_SIZE(fback_bits ? fback_bits / 8: BLOCK_SIZE)
+ {
+ check_feedback(BLOCK_SIZE, FEEDBACK_SIZE, fback_bits, name());
+ set_key(key);
+ set_iv(iv);
+ }
+
+/*************************************************
+* Encrypt data in CFB mode *
+*************************************************/
+void CFB_Encryption::write(const byte input[], u32bit length)
+ {
+ while(length)
+ {
+ u32bit xored = std::min(FEEDBACK_SIZE - position, length);
+ xor_buf(buffer + position, input, xored);
+ send(buffer + position, xored);
+ input += xored;
+ length -= xored;
+ position += xored;
+ if(position == FEEDBACK_SIZE)
+ feedback();
+ }
+ }
+
+/*************************************************
+* Do the feedback *
+*************************************************/
+void CFB_Encryption::feedback()
+ {
+ for(u32bit j = 0; j != BLOCK_SIZE - FEEDBACK_SIZE; ++j)
+ state[j] = state[j + FEEDBACK_SIZE];
+ state.copy(BLOCK_SIZE - FEEDBACK_SIZE, buffer, FEEDBACK_SIZE);
+ cipher->encrypt(state, buffer);
+ position = 0;
+ }
+
+/*************************************************
+* CFB Decryption Constructor *
+*************************************************/
+CFB_Decryption::CFB_Decryption(const std::string& cipher_name,
+ u32bit fback_bits) :
+ BlockCipherMode(cipher_name, "CFB", block_size_of(cipher_name), 1),
+ FEEDBACK_SIZE(fback_bits ? fback_bits / 8 : BLOCK_SIZE)
+ {
+ check_feedback(BLOCK_SIZE, FEEDBACK_SIZE, fback_bits, name());
+ }
+
+/*************************************************
+* CFB Decryption Constructor *
+*************************************************/
+CFB_Decryption::CFB_Decryption(const std::string& cipher_name,
+ const SymmetricKey& key,
+ const InitializationVector& iv,
+ u32bit fback_bits) :
+ BlockCipherMode(cipher_name, "CFB", block_size_of(cipher_name), 1),
+ FEEDBACK_SIZE(fback_bits ? fback_bits / 8 : BLOCK_SIZE)
+ {
+ check_feedback(BLOCK_SIZE, FEEDBACK_SIZE, fback_bits, name());
+ set_key(key);
+ set_iv(iv);
+ }
+
+/*************************************************
+* Decrypt data in CFB mode *
+*************************************************/
+void CFB_Decryption::write(const byte input[], u32bit length)
+ {
+ while(length)
+ {
+ u32bit xored = std::min(FEEDBACK_SIZE - position, length);
+ xor_buf(buffer + position, input, xored);
+ send(buffer + position, xored);
+ buffer.copy(position, input, xored);
+ input += xored;
+ length -= xored;
+ position += xored;
+ if(position == FEEDBACK_SIZE)
+ feedback();
+ }
+ }
+
+/*************************************************
+* Do the feedback *
+*************************************************/
+void CFB_Decryption::feedback()
+ {
+ for(u32bit j = 0; j != BLOCK_SIZE - FEEDBACK_SIZE; ++j)
+ state[j] = state[j + FEEDBACK_SIZE];
+ state.copy(BLOCK_SIZE - FEEDBACK_SIZE, buffer, FEEDBACK_SIZE);
+ cipher->encrypt(state, buffer);
+ position = 0;
+ }
+
+}
diff --git a/src/charset.cpp b/src/charset.cpp
new file mode 100644
index 000000000..7aeccaf98
--- /dev/null
+++ b/src/charset.cpp
@@ -0,0 +1,167 @@
+/*************************************************
+* Character Set Handling Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/charset.h>
+#include <botan/hex.h>
+#include <botan/base64.h>
+#include <ctype.h>
+
+namespace Botan {
+
+/*************************************************
+* Check if a character represents a digit *
+*************************************************/
+bool is_digit(char c)
+ {
+ if(c == '0' || c == '1' || c == '2' || c == '3' || c == '4' ||
+ c == '5' || c == '6' || c == '7' || c == '8' || c == '9')
+ return true;
+ return false;
+ }
+
+/*************************************************
+* Check if a character represents whitespace *
+*************************************************/
+bool is_space(char c)
+ {
+ if(c == ' ' || c == '\t' || c == '\n' || c == '\r')
+ return true;
+ return false;
+ }
+
+/*************************************************
+* Convert a character to a digit *
+*************************************************/
+byte char2digit(char c)
+ {
+ if(c == '0') return 0;
+ if(c == '1') return 1;
+ if(c == '2') return 2;
+ if(c == '3') return 3;
+ if(c == '4') return 4;
+ if(c == '5') return 5;
+ if(c == '6') return 6;
+ if(c == '7') return 7;
+ if(c == '8') return 8;
+ if(c == '9') return 9;
+
+ throw Invalid_Argument("char2digit: Input is not a digit character");
+ }
+
+/*************************************************
+* Convert a digit to a character *
+*************************************************/
+char digit2char(byte b)
+ {
+ if(b == 0) return '0';
+ if(b == 1) return '1';
+ if(b == 2) return '2';
+ if(b == 3) return '3';
+ if(b == 4) return '4';
+ if(b == 5) return '5';
+ if(b == 6) return '6';
+ if(b == 7) return '7';
+ if(b == 8) return '8';
+ if(b == 9) return '9';
+
+ throw Invalid_Argument("digit2char: Input is not a digit");
+ }
+
+/*************************************************
+* Return the lower-case representation *
+*************************************************/
+char to_lower(char c)
+ {
+ return tolower((unsigned char)c);
+ }
+
+/*************************************************
+* Convert from local charset to ISO 8859-1 *
+*************************************************/
+std::string local2iso(const std::string& str)
+ {
+ return str;
+ }
+
+/*************************************************
+* Convert from ISO 8859-1 to local charset *
+*************************************************/
+std::string iso2local(const std::string& str)
+ {
+ return str;
+ }
+
+/*************************************************
+* Hex Encoder Lookup Tables *
+*************************************************/
+const byte Hex_Encoder::BIN_TO_HEX_UPPER[16] = {
+0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x41, 0x42, 0x43,
+0x44, 0x45, 0x46 };
+
+const byte Hex_Encoder::BIN_TO_HEX_LOWER[16] = {
+0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x61, 0x62, 0x63,
+0x64, 0x65, 0x66 };
+
+/*************************************************
+* Base64 Encoder Lookup Table *
+*************************************************/
+const byte Base64_Encoder::BIN_TO_BASE64[64] = {
+0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47, 0x48, 0x49, 0x4A, 0x4B, 0x4C, 0x4D,
+0x4E, 0x4F, 0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57, 0x58, 0x59, 0x5A,
+0x61, 0x62, 0x63, 0x64, 0x65, 0x66, 0x67, 0x68, 0x69, 0x6A, 0x6B, 0x6C, 0x6D,
+0x6E, 0x6F, 0x70, 0x71, 0x72, 0x73, 0x74, 0x75, 0x76, 0x77, 0x78, 0x79, 0x7A,
+0x30, 0x31, 0x32, 0x33, 0x34, 0x35, 0x36, 0x37, 0x38, 0x39, 0x2B, 0x2F };
+
+/*************************************************
+* Hex Decoder Lookup Table *
+*************************************************/
+const byte Hex_Decoder::HEX_TO_BIN[256] = {
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x00, 0x01, 0x02, 0x03,
+0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80 };
+
+/*************************************************
+* Base64 Decoder Lookup Table *
+*************************************************/
+const byte Base64_Decoder::BASE64_TO_BIN[256] = {
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x3E, 0x80, 0x80, 0x80, 0x3F, 0x34, 0x35, 0x36, 0x37,
+0x38, 0x39, 0x3A, 0x3B, 0x3C, 0x3D, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x1A, 0x1B, 0x1C, 0x1D, 0x1E, 0x1F, 0x20,
+0x21, 0x22, 0x23, 0x24, 0x25, 0x26, 0x27, 0x28, 0x29, 0x2A, 0x2B, 0x2C, 0x2D,
+0x2E, 0x2F, 0x30, 0x31, 0x32, 0x33, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80,
+0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80, 0x80 };
+
+}
diff --git a/src/cmac.cpp b/src/cmac.cpp
new file mode 100644
index 000000000..6562a5559
--- /dev/null
+++ b/src/cmac.cpp
@@ -0,0 +1,153 @@
+/*************************************************
+* CMAC Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/cmac.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Perform CMAC's multiplication in GF(2^n) *
+*************************************************/
+SecureVector<byte> poly_double(const MemoryRegion<byte>& in, byte polynomial)
+ {
+ const bool do_xor = (in[0] & 0x80) ? true : false;
+
+ SecureVector<byte> out = in;
+
+ byte carry = 0;
+ for(u32bit j = out.size(); j != 0; --j)
+ {
+ byte temp = out[j-1];
+ out[j-1] = (temp << 1) | carry;
+ carry = (temp >> 7);
+ }
+
+ if(do_xor)
+ out[out.size()-1] ^= polynomial;
+
+ return out;
+ }
+
+}
+
+/*************************************************
+* Update an CMAC Calculation *
+*************************************************/
+void CMAC::add_data(const byte input[], u32bit length)
+ {
+ buffer.copy(position, input, length);
+ if(position + length > OUTPUT_LENGTH)
+ {
+ xor_buf(state, buffer, OUTPUT_LENGTH);
+ e->encrypt(state);
+ input += (OUTPUT_LENGTH - position);
+ length -= (OUTPUT_LENGTH - position);
+ while(length > OUTPUT_LENGTH)
+ {
+ xor_buf(state, input, OUTPUT_LENGTH);
+ e->encrypt(state);
+ input += OUTPUT_LENGTH;
+ length -= OUTPUT_LENGTH;
+ }
+ buffer.copy(input, length);
+ position = 0;
+ }
+ position += length;
+ }
+
+/*************************************************
+* Finalize an CMAC Calculation *
+*************************************************/
+void CMAC::final_result(byte mac[])
+ {
+ if(position == OUTPUT_LENGTH)
+ xor_buf(buffer, B, OUTPUT_LENGTH);
+ else
+ {
+ buffer[position] = 0x80;
+ for(u32bit j = position+1; j != OUTPUT_LENGTH; ++j)
+ buffer[j] = 0;
+ xor_buf(buffer, P, OUTPUT_LENGTH);
+ }
+ xor_buf(state, buffer, OUTPUT_LENGTH);
+ e->encrypt(state);
+
+ for(u32bit j = 0; j != OUTPUT_LENGTH; ++j)
+ mac[j] = state[j];
+
+ state.clear();
+ buffer.clear();
+ position = 0;
+ }
+
+/*************************************************
+* CMAC Key Schedule *
+*************************************************/
+void CMAC::key(const byte key[], u32bit length)
+ {
+ clear();
+ e->set_key(key, length);
+ e->encrypt(B);
+ B = poly_double(B, polynomial);
+ P = poly_double(B, polynomial);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void CMAC::clear() throw()
+ {
+ e->clear();
+ state.clear();
+ buffer.clear();
+ B.clear();
+ P.clear();
+ position = 0;
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string CMAC::name() const
+ {
+ return "CMAC(" + e->name() + ")";
+ }
+
+/*************************************************
+* Return a clone of this object *
+*************************************************/
+MessageAuthenticationCode* CMAC::clone() const
+ {
+ return new CMAC(e->name());
+ }
+
+/*************************************************
+* CMAC Constructor *
+*************************************************/
+CMAC::CMAC(const std::string& bc_name) :
+ MessageAuthenticationCode(block_size_of(bc_name),
+ min_keylength_of(bc_name),
+ max_keylength_of(bc_name),
+ keylength_multiple_of(bc_name))
+ {
+ e = get_block_cipher(bc_name);
+
+ if(e->BLOCK_SIZE == 16) polynomial = 0x87;
+ else if(e->BLOCK_SIZE == 8) polynomial = 0x1B;
+ else
+ throw Invalid_Argument("CMAC cannot use the cipher " + e->name());
+
+ state.create(OUTPUT_LENGTH);
+ buffer.create(OUTPUT_LENGTH);
+ B.create(OUTPUT_LENGTH);
+ P.create(OUTPUT_LENGTH);
+ position = 0;
+ }
+
+}
diff --git a/src/conf.cpp b/src/conf.cpp
new file mode 100644
index 000000000..6fa616b3c
--- /dev/null
+++ b/src/conf.cpp
@@ -0,0 +1,153 @@
+/*************************************************
+* Configuration Handling Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/conf.h>
+#include <botan/libstate.h>
+#include <botan/lookup.h>
+#include <botan/charset.h>
+#include <botan/parsing.h>
+#include <string>
+
+namespace Botan {
+
+namespace Config {
+
+/*************************************************
+* Set an option *
+*************************************************/
+void set(const std::string& name, const std::string& value, bool overwrite)
+ {
+ global_state().set_option("conf", name, value, overwrite);
+ }
+
+/*************************************************
+* Get the value of an option as a string *
+*************************************************/
+std::string get_string(const std::string& name)
+ {
+ return global_state().get_option("conf", name);
+ }
+
+/*************************************************
+* Get the value as a list of strings *
+*************************************************/
+std::vector<std::string> get_list(const std::string& name)
+ {
+ return split_on(get_string(name), ':');
+ }
+
+/*************************************************
+* Get the value as a u32bit *
+*************************************************/
+u32bit get_u32bit(const std::string& name)
+ {
+ return parse_expr(get_string(name));
+ }
+
+/*************************************************
+* Get the value as a time *
+*************************************************/
+u32bit get_time(const std::string& name)
+ {
+ const std::string timespec = get_string(name);
+ if(timespec == "")
+ return 0;
+
+ const char suffix = timespec[timespec.size()-1];
+ std::string value = timespec.substr(0, timespec.size()-1);
+
+ u32bit scale = 1;
+
+ if(is_digit(suffix))
+ value += suffix;
+ else if(suffix == 's')
+ scale = 1;
+ else if(suffix == 'm')
+ scale = 60;
+ else if(suffix == 'h')
+ scale = 60 * 60;
+ else if(suffix == 'd')
+ scale = 24 * 60 * 60;
+ else if(suffix == 'y')
+ scale = 365 * 24 * 60 * 60;
+ else
+ throw Decoding_Error("Config::get_time: Unknown time value " + value);
+
+ return scale * to_u32bit(value);
+ }
+
+/*************************************************
+* Get the value as a boolean *
+*************************************************/
+bool get_bool(const std::string& name)
+ {
+ const std::string value = get_string(name);
+ if(value == "0" || value == "false")
+ return false;
+ if(value == "1" || value == "true")
+ return true;
+ throw Decoding_Error("Config::get_bool: Unknown boolean value " + value);
+ }
+
+/*************************************************
+* Choose the signature format for a PK algorithm *
+*************************************************/
+void choose_sig_format(const std::string& algo_name, std::string& padding,
+ Signature_Format& format)
+ {
+ std::string dummy;
+ choose_sig_format(algo_name, padding, dummy, format);
+ }
+
+/*************************************************
+* Choose the signature format for a PK algorithm *
+*************************************************/
+void choose_sig_format(const std::string& algo_name, std::string& padding,
+ std::string& hash, Signature_Format& format)
+ {
+ if(algo_name == "RSA")
+ {
+ hash = deref_alias(get_string("x509/ca/rsa_hash"));
+ if(hash == "")
+ throw Invalid_State("No value set for x509/ca/rsa_hash");
+
+ padding = "EMSA3(" + hash + ")";
+ format = IEEE_1363;
+ }
+ else if(algo_name == "DSA")
+ {
+ hash = deref_alias("SHA-1");
+ padding = "EMSA1(" + hash + ")";
+ format = DER_SEQUENCE;
+ }
+ else
+ throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name);
+ }
+
+}
+
+/*************************************************
+* Add an alias for an algorithm *
+*************************************************/
+void add_alias(const std::string& alias, const std::string& official_name)
+ {
+ if(alias == "" || official_name == "")
+ return;
+
+ global_state().set_option("alias", alias, official_name);
+ }
+
+/*************************************************
+* Dereference an alias *
+*************************************************/
+std::string deref_alias(const std::string& name)
+ {
+ std::string result = name;
+ while(global_state().option_set("alias", result))
+ result = global_state().get_option("alias", result);
+ return result;
+ }
+
+}
diff --git a/src/crc24.cpp b/src/crc24.cpp
new file mode 100644
index 000000000..aaeee9401
--- /dev/null
+++ b/src/crc24.cpp
@@ -0,0 +1,98 @@
+/*************************************************
+* CRC24 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/crc24.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* Update a CRC24 Checksum *
+*************************************************/
+void CRC24::add_data(const byte input[], u32bit length)
+ {
+ const u32bit TABLE[256] = {
+ 0x00000000, 0x00864CFB, 0x008AD50D, 0x000C99F6, 0x0093E6E1, 0x0015AA1A,
+ 0x001933EC, 0x009F7F17, 0x00A18139, 0x0027CDC2, 0x002B5434, 0x00AD18CF,
+ 0x003267D8, 0x00B42B23, 0x00B8B2D5, 0x003EFE2E, 0x00C54E89, 0x00430272,
+ 0x004F9B84, 0x00C9D77F, 0x0056A868, 0x00D0E493, 0x00DC7D65, 0x005A319E,
+ 0x0064CFB0, 0x00E2834B, 0x00EE1ABD, 0x00685646, 0x00F72951, 0x007165AA,
+ 0x007DFC5C, 0x00FBB0A7, 0x000CD1E9, 0x008A9D12, 0x008604E4, 0x0000481F,
+ 0x009F3708, 0x00197BF3, 0x0015E205, 0x0093AEFE, 0x00AD50D0, 0x002B1C2B,
+ 0x002785DD, 0x00A1C926, 0x003EB631, 0x00B8FACA, 0x00B4633C, 0x00322FC7,
+ 0x00C99F60, 0x004FD39B, 0x00434A6D, 0x00C50696, 0x005A7981, 0x00DC357A,
+ 0x00D0AC8C, 0x0056E077, 0x00681E59, 0x00EE52A2, 0x00E2CB54, 0x006487AF,
+ 0x00FBF8B8, 0x007DB443, 0x00712DB5, 0x00F7614E, 0x0019A3D2, 0x009FEF29,
+ 0x009376DF, 0x00153A24, 0x008A4533, 0x000C09C8, 0x0000903E, 0x0086DCC5,
+ 0x00B822EB, 0x003E6E10, 0x0032F7E6, 0x00B4BB1D, 0x002BC40A, 0x00AD88F1,
+ 0x00A11107, 0x00275DFC, 0x00DCED5B, 0x005AA1A0, 0x00563856, 0x00D074AD,
+ 0x004F0BBA, 0x00C94741, 0x00C5DEB7, 0x0043924C, 0x007D6C62, 0x00FB2099,
+ 0x00F7B96F, 0x0071F594, 0x00EE8A83, 0x0068C678, 0x00645F8E, 0x00E21375,
+ 0x0015723B, 0x00933EC0, 0x009FA736, 0x0019EBCD, 0x008694DA, 0x0000D821,
+ 0x000C41D7, 0x008A0D2C, 0x00B4F302, 0x0032BFF9, 0x003E260F, 0x00B86AF4,
+ 0x002715E3, 0x00A15918, 0x00ADC0EE, 0x002B8C15, 0x00D03CB2, 0x00567049,
+ 0x005AE9BF, 0x00DCA544, 0x0043DA53, 0x00C596A8, 0x00C90F5E, 0x004F43A5,
+ 0x0071BD8B, 0x00F7F170, 0x00FB6886, 0x007D247D, 0x00E25B6A, 0x00641791,
+ 0x00688E67, 0x00EEC29C, 0x003347A4, 0x00B50B5F, 0x00B992A9, 0x003FDE52,
+ 0x00A0A145, 0x0026EDBE, 0x002A7448, 0x00AC38B3, 0x0092C69D, 0x00148A66,
+ 0x00181390, 0x009E5F6B, 0x0001207C, 0x00876C87, 0x008BF571, 0x000DB98A,
+ 0x00F6092D, 0x007045D6, 0x007CDC20, 0x00FA90DB, 0x0065EFCC, 0x00E3A337,
+ 0x00EF3AC1, 0x0069763A, 0x00578814, 0x00D1C4EF, 0x00DD5D19, 0x005B11E2,
+ 0x00C46EF5, 0x0042220E, 0x004EBBF8, 0x00C8F703, 0x003F964D, 0x00B9DAB6,
+ 0x00B54340, 0x00330FBB, 0x00AC70AC, 0x002A3C57, 0x0026A5A1, 0x00A0E95A,
+ 0x009E1774, 0x00185B8F, 0x0014C279, 0x00928E82, 0x000DF195, 0x008BBD6E,
+ 0x00872498, 0x00016863, 0x00FAD8C4, 0x007C943F, 0x00700DC9, 0x00F64132,
+ 0x00693E25, 0x00EF72DE, 0x00E3EB28, 0x0065A7D3, 0x005B59FD, 0x00DD1506,
+ 0x00D18CF0, 0x0057C00B, 0x00C8BF1C, 0x004EF3E7, 0x00426A11, 0x00C426EA,
+ 0x002AE476, 0x00ACA88D, 0x00A0317B, 0x00267D80, 0x00B90297, 0x003F4E6C,
+ 0x0033D79A, 0x00B59B61, 0x008B654F, 0x000D29B4, 0x0001B042, 0x0087FCB9,
+ 0x001883AE, 0x009ECF55, 0x009256A3, 0x00141A58, 0x00EFAAFF, 0x0069E604,
+ 0x00657FF2, 0x00E33309, 0x007C4C1E, 0x00FA00E5, 0x00F69913, 0x0070D5E8,
+ 0x004E2BC6, 0x00C8673D, 0x00C4FECB, 0x0042B230, 0x00DDCD27, 0x005B81DC,
+ 0x0057182A, 0x00D154D1, 0x0026359F, 0x00A07964, 0x00ACE092, 0x002AAC69,
+ 0x00B5D37E, 0x00339F85, 0x003F0673, 0x00B94A88, 0x0087B4A6, 0x0001F85D,
+ 0x000D61AB, 0x008B2D50, 0x00145247, 0x00921EBC, 0x009E874A, 0x0018CBB1,
+ 0x00E37B16, 0x006537ED, 0x0069AE1B, 0x00EFE2E0, 0x00709DF7, 0x00F6D10C,
+ 0x00FA48FA, 0x007C0401, 0x0042FA2F, 0x00C4B6D4, 0x00C82F22, 0x004E63D9,
+ 0x00D11CCE, 0x00575035, 0x005BC9C3, 0x00DD8538 };
+
+ u32bit tmp = crc;
+ while(length >= 16)
+ {
+ tmp = TABLE[((tmp >> 16) ^ input[ 0]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[ 1]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[ 2]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[ 3]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[ 4]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[ 5]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[ 6]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[ 7]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[ 8]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[ 9]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[10]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[11]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[12]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[13]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[14]) & 0xFF] ^ (tmp << 8);
+ tmp = TABLE[((tmp >> 16) ^ input[15]) & 0xFF] ^ (tmp << 8);
+ input += 16;
+ length -= 16;
+ }
+ for(u32bit j = 0; j != length; ++j)
+ tmp = TABLE[((tmp >> 16) ^ input[j]) & 0xFF] ^ (tmp << 8);
+ crc = tmp;
+ }
+
+/*************************************************
+* Finalize a CRC24 Checksum *
+*************************************************/
+void CRC24::final_result(byte output[])
+ {
+ for(u32bit j = 0; j != 3; ++j)
+ output[j] = get_byte(j+1, crc);
+ clear();
+ }
+
+}
diff --git a/src/crc32.cpp b/src/crc32.cpp
new file mode 100644
index 000000000..c4a76d6fb
--- /dev/null
+++ b/src/crc32.cpp
@@ -0,0 +1,101 @@
+/*************************************************
+* CRC32 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/crc32.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* Update a CRC32 Checksum *
+*************************************************/
+void CRC32::add_data(const byte input[], u32bit length)
+ {
+ const u32bit TABLE[256] = {
+ 0x00000000, 0x77073096, 0xEE0E612C, 0x990951BA, 0x076DC419, 0x706AF48F,
+ 0xE963A535, 0x9E6495A3, 0x0EDB8832, 0x79DCB8A4, 0xE0D5E91E, 0x97D2D988,
+ 0x09B64C2B, 0x7EB17CBD, 0xE7B82D07, 0x90BF1D91, 0x1DB71064, 0x6AB020F2,
+ 0xF3B97148, 0x84BE41DE, 0x1ADAD47D, 0x6DDDE4EB, 0xF4D4B551, 0x83D385C7,
+ 0x136C9856, 0x646BA8C0, 0xFD62F97A, 0x8A65C9EC, 0x14015C4F, 0x63066CD9,
+ 0xFA0F3D63, 0x8D080DF5, 0x3B6E20C8, 0x4C69105E, 0xD56041E4, 0xA2677172,
+ 0x3C03E4D1, 0x4B04D447, 0xD20D85FD, 0xA50AB56B, 0x35B5A8FA, 0x42B2986C,
+ 0xDBBBC9D6, 0xACBCF940, 0x32D86CE3, 0x45DF5C75, 0xDCD60DCF, 0xABD13D59,
+ 0x26D930AC, 0x51DE003A, 0xC8D75180, 0xBFD06116, 0x21B4F4B5, 0x56B3C423,
+ 0xCFBA9599, 0xB8BDA50F, 0x2802B89E, 0x5F058808, 0xC60CD9B2, 0xB10BE924,
+ 0x2F6F7C87, 0x58684C11, 0xC1611DAB, 0xB6662D3D, 0x76DC4190, 0x01DB7106,
+ 0x98D220BC, 0xEFD5102A, 0x71B18589, 0x06B6B51F, 0x9FBFE4A5, 0xE8B8D433,
+ 0x7807C9A2, 0x0F00F934, 0x9609A88E, 0xE10E9818, 0x7F6A0DBB, 0x086D3D2D,
+ 0x91646C97, 0xE6635C01, 0x6B6B51F4, 0x1C6C6162, 0x856530D8, 0xF262004E,
+ 0x6C0695ED, 0x1B01A57B, 0x8208F4C1, 0xF50FC457, 0x65B0D9C6, 0x12B7E950,
+ 0x8BBEB8EA, 0xFCB9887C, 0x62DD1DDF, 0x15DA2D49, 0x8CD37CF3, 0xFBD44C65,
+ 0x4DB26158, 0x3AB551CE, 0xA3BC0074, 0xD4BB30E2, 0x4ADFA541, 0x3DD895D7,
+ 0xA4D1C46D, 0xD3D6F4FB, 0x4369E96A, 0x346ED9FC, 0xAD678846, 0xDA60B8D0,
+ 0x44042D73, 0x33031DE5, 0xAA0A4C5F, 0xDD0D7CC9, 0x5005713C, 0x270241AA,
+ 0xBE0B1010, 0xC90C2086, 0x5768B525, 0x206F85B3, 0xB966D409, 0xCE61E49F,
+ 0x5EDEF90E, 0x29D9C998, 0xB0D09822, 0xC7D7A8B4, 0x59B33D17, 0x2EB40D81,
+ 0xB7BD5C3B, 0xC0BA6CAD, 0xEDB88320, 0x9ABFB3B6, 0x03B6E20C, 0x74B1D29A,
+ 0xEAD54739, 0x9DD277AF, 0x04DB2615, 0x73DC1683, 0xE3630B12, 0x94643B84,
+ 0x0D6D6A3E, 0x7A6A5AA8, 0xE40ECF0B, 0x9309FF9D, 0x0A00AE27, 0x7D079EB1,
+ 0xF00F9344, 0x8708A3D2, 0x1E01F268, 0x6906C2FE, 0xF762575D, 0x806567CB,
+ 0x196C3671, 0x6E6B06E7, 0xFED41B76, 0x89D32BE0, 0x10DA7A5A, 0x67DD4ACC,
+ 0xF9B9DF6F, 0x8EBEEFF9, 0x17B7BE43, 0x60B08ED5, 0xD6D6A3E8, 0xA1D1937E,
+ 0x38D8C2C4, 0x4FDFF252, 0xD1BB67F1, 0xA6BC5767, 0x3FB506DD, 0x48B2364B,
+ 0xD80D2BDA, 0xAF0A1B4C, 0x36034AF6, 0x41047A60, 0xDF60EFC3, 0xA867DF55,
+ 0x316E8EEF, 0x4669BE79, 0xCB61B38C, 0xBC66831A, 0x256FD2A0, 0x5268E236,
+ 0xCC0C7795, 0xBB0B4703, 0x220216B9, 0x5505262F, 0xC5BA3BBE, 0xB2BD0B28,
+ 0x2BB45A92, 0x5CB36A04, 0xC2D7FFA7, 0xB5D0CF31, 0x2CD99E8B, 0x5BDEAE1D,
+ 0x9B64C2B0, 0xEC63F226, 0x756AA39C, 0x026D930A, 0x9C0906A9, 0xEB0E363F,
+ 0x72076785, 0x05005713, 0x95BF4A82, 0xE2B87A14, 0x7BB12BAE, 0x0CB61B38,
+ 0x92D28E9B, 0xE5D5BE0D, 0x7CDCEFB7, 0x0BDBDF21, 0x86D3D2D4, 0xF1D4E242,
+ 0x68DDB3F8, 0x1FDA836E, 0x81BE16CD, 0xF6B9265B, 0x6FB077E1, 0x18B74777,
+ 0x88085AE6, 0xFF0F6A70, 0x66063BCA, 0x11010B5C, 0x8F659EFF, 0xF862AE69,
+ 0x616BFFD3, 0x166CCF45, 0xA00AE278, 0xD70DD2EE, 0x4E048354, 0x3903B3C2,
+ 0xA7672661, 0xD06016F7, 0x4969474D, 0x3E6E77DB, 0xAED16A4A, 0xD9D65ADC,
+ 0x40DF0B66, 0x37D83BF0, 0xA9BCAE53, 0xDEBB9EC5, 0x47B2CF7F, 0x30B5FFE9,
+ 0xBDBDF21C, 0xCABAC28A, 0x53B39330, 0x24B4A3A6, 0xBAD03605, 0xCDD70693,
+ 0x54DE5729, 0x23D967BF, 0xB3667A2E, 0xC4614AB8, 0x5D681B02, 0x2A6F2B94,
+ 0xB40BBE37, 0xC30C8EA1, 0x5A05DF1B, 0x2D02EF8D };
+
+ u32bit tmp = crc;
+ while(length >= 16)
+ {
+ tmp = TABLE[(tmp ^ input[ 0]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[ 1]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[ 2]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[ 3]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[ 4]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[ 5]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[ 6]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[ 7]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[ 8]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[ 9]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[10]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[11]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[12]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[13]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[14]) & 0xFF] ^ (tmp >> 8);
+ tmp = TABLE[(tmp ^ input[15]) & 0xFF] ^ (tmp >> 8);
+ input += 16;
+ length -= 16;
+ }
+
+ for(u32bit j = 0; j != length; ++j)
+ tmp = TABLE[(tmp ^ input[j]) & 0xFF] ^ (tmp >> 8);
+
+ crc = tmp;
+ }
+
+/*************************************************
+* Finalize a CRC32 Checksum *
+*************************************************/
+void CRC32::final_result(byte output[])
+ {
+ crc ^= 0xFFFFFFFF;
+ for(u32bit j = 0; j != 4; ++j)
+ output[j] = get_byte(j, crc);
+ clear();
+ }
+
+}
diff --git a/src/crl_ent.cpp b/src/crl_ent.cpp
new file mode 100644
index 000000000..086dd496b
--- /dev/null
+++ b/src/crl_ent.cpp
@@ -0,0 +1,165 @@
+/*************************************************
+* CRL Entry Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/crl_ent.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
+#include <botan/conf.h>
+#include <botan/oids.h>
+#include <botan/x509_crl.h>
+#include <botan/util.h>
+
+namespace Botan {
+
+/*************************************************
+* Create a CRL_Entry *
+*************************************************/
+CRL_Entry::CRL_Entry()
+ {
+ reason = UNSPECIFIED;
+ }
+
+/*************************************************
+* Create a CRL_Entry *
+*************************************************/
+CRL_Entry::CRL_Entry(const X509_Certificate& cert, CRL_Code why)
+ {
+ serial = cert.serial_number();
+ time = X509_Time(system_time());
+ reason = why;
+ }
+
+/*************************************************
+* Compare two CRL_Entrys for equality *
+*************************************************/
+bool operator==(const CRL_Entry& a1, const CRL_Entry& a2)
+ {
+ if(a1.serial != a2.serial)
+ return false;
+ if(a1.time != a2.time)
+ return false;
+ if(a1.reason != a2.reason)
+ return false;
+ return true;
+ }
+
+/*************************************************
+* Compare two CRL_Entrys for inequality *
+*************************************************/
+bool operator!=(const CRL_Entry& a1, const CRL_Entry& a2)
+ {
+ return !(a1 == a2);
+ }
+
+/*************************************************
+* Compare two CRL_Entrys *
+*************************************************/
+bool operator<(const CRL_Entry& a1, const CRL_Entry& a2)
+ {
+ return (a1.time.cmp(a2.time) < 0);
+ }
+
+namespace DER {
+
+/*************************************************
+* DER encode an CRL_Entry *
+*************************************************/
+void encode(DER_Encoder& der, const CRL_Entry& crl_ent)
+ {
+ der.start_sequence()
+ .encode(BigInt::decode(crl_ent.serial, crl_ent.serial.size()))
+ .encode(crl_ent.time)
+ .start_sequence();
+
+ if(crl_ent.reason != UNSPECIFIED)
+ {
+#if 1
+ der.start_sequence()
+ .encode(OIDS::lookup("X509v3.ReasonCode"))
+ .encode(
+ DER_Encoder()
+ .encode((u32bit)crl_ent.reason, ENUMERATED, UNIVERSAL)
+ .get_contents(),
+ OCTET_STRING)
+ .end_sequence();
+#else
+ DER_Encoder v2_ext;
+ v2_ext.encode((u32bit)crl_ent.reason, ENUMERATED, UNIVERSAL);
+ der.encode(Extension("X509v3.ReasonCode", v2_ext.get_contents()));
+#endif
+ }
+
+ der.end_sequence()
+ .end_sequence();
+ }
+
+}
+
+namespace BER {
+
+namespace {
+
+/*************************************************
+* Decode a CRL entry extension *
+*************************************************/
+void handle_crl_entry_extension(CRL_Entry& crl_ent, const Extension& extn)
+ {
+ BER_Decoder value(extn.value);
+
+ if(extn.oid == OIDS::lookup("X509v3.ReasonCode"))
+ {
+ u32bit reason_code;
+ value.decode(reason_code, ENUMERATED, UNIVERSAL);
+ crl_ent.reason = CRL_Code(reason_code);
+ }
+ else
+ {
+ if(extn.critical)
+ {
+ std::string action = Config::get_string("x509/crl/unknown_critical");
+ if(action == "throw")
+ throw Decoding_Error("Unknown critical CRL entry extension " +
+ extn.oid.as_string());
+ else if(action != "ignore")
+ throw Invalid_Argument("Bad value of x509/crl/unknown_critical: "
+ + action);
+ }
+ return;
+ }
+
+ value.verify_end();
+ }
+
+}
+
+/*************************************************
+* Decode a BER encoded CRL_Entry *
+*************************************************/
+void decode(BER_Decoder& source, CRL_Entry& crl_ent)
+ {
+ BigInt serial_number;
+
+ BER_Decoder sequence = BER::get_subsequence(source);
+ sequence.decode(serial_number);
+ crl_ent.serial = BigInt::encode(serial_number);
+ BER::decode(sequence, crl_ent.time);
+
+ if(sequence.more_items())
+ {
+ BER_Decoder crl_entry_exts = BER::get_subsequence(sequence);
+ while(crl_entry_exts.more_items())
+ {
+ Extension extn;
+ BER::decode(crl_entry_exts, extn);
+ handle_crl_entry_extension(crl_ent, extn);
+ }
+ }
+
+ sequence.verify_end();
+ }
+
+}
+
+}
diff --git a/src/ctr.cpp b/src/ctr.cpp
new file mode 100644
index 000000000..f9c07eda8
--- /dev/null
+++ b/src/ctr.cpp
@@ -0,0 +1,74 @@
+/*************************************************
+* CTR Mode Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/ctr.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* CTR-BE Constructor *
+*************************************************/
+CTR_BE::CTR_BE(const std::string& cipher_name) :
+ BlockCipherMode(cipher_name, "CTR-BE", block_size_of(cipher_name), 1)
+ {
+ }
+
+/*************************************************
+* CTR-BE Constructor *
+*************************************************/
+CTR_BE::CTR_BE(const std::string& cipher_name, const SymmetricKey& key,
+ const InitializationVector& iv) :
+ BlockCipherMode(cipher_name, "CTR-BE", block_size_of(cipher_name), 1)
+ {
+ set_key(key);
+ set_iv(iv);
+ }
+
+/*************************************************
+* CTR-BE Encryption/Decryption *
+*************************************************/
+void CTR_BE::write(const byte input[], u32bit length)
+ {
+ u32bit copied = std::min(BLOCK_SIZE - position, length);
+ xor_buf(buffer + position, input, copied);
+ send(buffer + position, copied);
+ input += copied;
+ length -= copied;
+ position += copied;
+
+ if(position == BLOCK_SIZE)
+ increment_counter();
+
+ while(length >= BLOCK_SIZE)
+ {
+ xor_buf(buffer, input, BLOCK_SIZE);
+ send(buffer, BLOCK_SIZE);
+
+ input += BLOCK_SIZE;
+ length -= BLOCK_SIZE;
+ increment_counter();
+ }
+
+ xor_buf(buffer + position, input, length);
+ send(buffer + position, length);
+ position += length;
+ }
+
+/*************************************************
+* Increment the counter and update the buffer *
+*************************************************/
+void CTR_BE::increment_counter()
+ {
+ for(s32bit j = BLOCK_SIZE - 1; j >= 0; --j)
+ if(++state[j])
+ break;
+ cipher->encrypt(state, buffer);
+ position = 0;
+ }
+
+}
diff --git a/src/cts.cpp b/src/cts.cpp
new file mode 100644
index 000000000..673df84b8
--- /dev/null
+++ b/src/cts.cpp
@@ -0,0 +1,175 @@
+/*************************************************
+* CTS Mode Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/cts.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* CTS Encryption Constructor *
+*************************************************/
+CTS_Encryption::CTS_Encryption(const std::string& cipher_name) :
+ BlockCipherMode(cipher_name, "CTS", block_size_of(cipher_name), 0, 2)
+ {
+ }
+
+/*************************************************
+* CTS Encryption Constructor *
+*************************************************/
+CTS_Encryption::CTS_Encryption(const std::string& cipher_name,
+ const SymmetricKey& key,
+ const InitializationVector& iv) :
+ BlockCipherMode(cipher_name, "CTS", block_size_of(cipher_name), 0, 2)
+ {
+ set_key(key);
+ set_iv(iv);
+ }
+
+/*************************************************
+* Encrypt a block *
+*************************************************/
+void CTS_Encryption::encrypt(const byte block[])
+ {
+ xor_buf(state, block, BLOCK_SIZE);
+ cipher->encrypt(state);
+ send(state, BLOCK_SIZE);
+ }
+
+/*************************************************
+* Encrypt in CTS mode *
+*************************************************/
+void CTS_Encryption::write(const byte input[], u32bit length)
+ {
+ u32bit copied = std::min(BUFFER_SIZE - position, length);
+ buffer.copy(position, input, copied);
+ length -= copied;
+ input += copied;
+ position += copied;
+
+ if(length == 0) return;
+
+ encrypt(buffer);
+ if(length > BLOCK_SIZE)
+ {
+ encrypt(buffer + BLOCK_SIZE);
+ while(length > 2*BLOCK_SIZE)
+ {
+ encrypt(input);
+ length -= BLOCK_SIZE;
+ input += BLOCK_SIZE;
+ }
+ position = 0;
+ }
+ else
+ {
+ copy_mem(buffer.begin(), buffer + BLOCK_SIZE, BLOCK_SIZE);
+ position = BLOCK_SIZE;
+ }
+ buffer.copy(position, input, length);
+ position += length;
+ }
+
+/*************************************************
+* Finish encrypting in CTS mode *
+*************************************************/
+void CTS_Encryption::end_msg()
+ {
+ if(position < BLOCK_SIZE + 1)
+ throw Exception("CTS_Encryption: insufficient data to encrypt");
+ xor_buf(state, buffer, BLOCK_SIZE);
+ cipher->encrypt(state);
+ SecureVector<byte> cn = state;
+ clear_mem(buffer + position, BUFFER_SIZE - position);
+ encrypt(buffer + BLOCK_SIZE);
+ send(cn, position - BLOCK_SIZE);
+ }
+
+/*************************************************
+* CTS Decryption Constructor *
+*************************************************/
+CTS_Decryption::CTS_Decryption(const std::string& cipher_name) :
+ BlockCipherMode(cipher_name, "CTS", block_size_of(cipher_name), 0, 2)
+ {
+ temp.create(BLOCK_SIZE);
+ }
+
+/*************************************************
+* CTS Decryption Constructor *
+*************************************************/
+CTS_Decryption::CTS_Decryption(const std::string& cipher_name,
+ const SymmetricKey& key,
+ const InitializationVector& iv) :
+ BlockCipherMode(cipher_name, "CTS", block_size_of(cipher_name), 0, 2)
+ {
+ temp.create(BLOCK_SIZE);
+ set_key(key);
+ set_iv(iv);
+ }
+
+/*************************************************
+* Decrypt a block *
+*************************************************/
+void CTS_Decryption::decrypt(const byte block[])
+ {
+ cipher->decrypt(block, temp);
+ xor_buf(temp, state, BLOCK_SIZE);
+ send(temp, BLOCK_SIZE);
+ state.copy(block, BLOCK_SIZE);
+ }
+
+/*************************************************
+* Decrypt in CTS mode *
+*************************************************/
+void CTS_Decryption::write(const byte input[], u32bit length)
+ {
+ u32bit copied = std::min(BUFFER_SIZE - position, length);
+ buffer.copy(position, input, copied);
+ length -= copied;
+ input += copied;
+ position += copied;
+
+ if(length == 0) return;
+
+ decrypt(buffer);
+ if(length > BLOCK_SIZE)
+ {
+ decrypt(buffer + BLOCK_SIZE);
+ while(length > 2*BLOCK_SIZE)
+ {
+ decrypt(input);
+ length -= BLOCK_SIZE;
+ input += BLOCK_SIZE;
+ }
+ position = 0;
+ }
+ else
+ {
+ copy_mem(buffer.begin(), buffer + BLOCK_SIZE, BLOCK_SIZE);
+ position = BLOCK_SIZE;
+ }
+ buffer.copy(position, input, length);
+ position += length;
+ }
+
+/*************************************************
+* Finish decrypting in CTS mode *
+*************************************************/
+void CTS_Decryption::end_msg()
+ {
+ cipher->decrypt(buffer, temp);
+ xor_buf(temp, buffer + BLOCK_SIZE, position - BLOCK_SIZE);
+ SecureVector<byte> xn = temp;
+ copy_mem(buffer + position, xn + (position - BLOCK_SIZE),
+ BUFFER_SIZE - position);
+ cipher->decrypt(buffer + BLOCK_SIZE, temp);
+ xor_buf(temp, state, BLOCK_SIZE);
+ send(temp, BLOCK_SIZE);
+ send(xn, position - BLOCK_SIZE);
+ }
+
+}
diff --git a/src/data_snk.cpp b/src/data_snk.cpp
new file mode 100644
index 000000000..0c7e18984
--- /dev/null
+++ b/src/data_snk.cpp
@@ -0,0 +1,56 @@
+/*************************************************
+* DataSink Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/data_snk.h>
+#include <fstream>
+
+namespace Botan {
+
+/*************************************************
+* Write to a stream *
+*************************************************/
+void DataSink_Stream::write(const byte out[], u32bit length)
+ {
+ sink->write((const char*)out, length);
+ if(!sink->good())
+ throw Stream_IO_Error("DataSink_Stream: Failure writing to " + fsname);
+ }
+
+/*************************************************
+* DataSink_Stream Constructor *
+*************************************************/
+DataSink_Stream::DataSink_Stream(std::ostream& stream) : fsname("std::ostream")
+ {
+ sink = &stream;
+ owns = false;
+ }
+
+/*************************************************
+* DataSink_Stream Constructor *
+*************************************************/
+DataSink_Stream::DataSink_Stream(const std::string& file,
+ bool use_binary) : fsname(file)
+ {
+ if(use_binary)
+ sink = new std::ofstream(fsname.c_str(), std::ios::binary);
+ else
+ sink = new std::ofstream(fsname.c_str());
+
+ if(!sink->good())
+ throw Stream_IO_Error("DataSink_Stream: Failure opening " + fsname);
+ owns = true;
+ }
+
+/*************************************************
+* DataSink_Stream Destructor *
+*************************************************/
+DataSink_Stream::~DataSink_Stream()
+ {
+ if(owns)
+ delete sink;
+ sink = 0;
+ }
+
+}
diff --git a/src/data_src.cpp b/src/data_src.cpp
new file mode 100644
index 000000000..ef9d5fa1f
--- /dev/null
+++ b/src/data_src.cpp
@@ -0,0 +1,188 @@
+/*************************************************
+* DataSource Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/data_src.h>
+#include <fstream>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* Read a single byte from the DataSource *
+*************************************************/
+u32bit DataSource::read_byte(byte& out)
+ {
+ return read(&out, 1);
+ }
+
+/*************************************************
+* Peek a single byte from the DataSource *
+*************************************************/
+u32bit DataSource::peek_byte(byte& out) const
+ {
+ return peek(&out, 1, 0);
+ }
+
+/*************************************************
+* Discard the next N bytes of the data *
+*************************************************/
+u32bit DataSource::discard_next(u32bit n)
+ {
+ u32bit discarded = 0;
+ byte dummy;
+ for(u32bit j = 0; j != n; ++j)
+ discarded = read_byte(dummy);
+ return discarded;
+ }
+
+/*************************************************
+* Read from a memory buffer *
+*************************************************/
+u32bit DataSource_Memory::read(byte out[], u32bit length)
+ {
+ u32bit got = std::min(source.size() - offset, length);
+ copy_mem(out, source + offset, got);
+ offset += got;
+ return got;
+ }
+
+/*************************************************
+* Peek into a memory buffer *
+*************************************************/
+u32bit DataSource_Memory::peek(byte out[], u32bit length,
+ u32bit peek_offset) const
+ {
+ const u32bit bytes_left = source.size() - offset;
+ if(peek_offset >= bytes_left) return 0;
+
+ u32bit got = std::min(bytes_left - peek_offset, length);
+ copy_mem(out, source + offset + peek_offset, got);
+ return got;
+ }
+
+/*************************************************
+* Check if the memory buffer is empty *
+*************************************************/
+bool DataSource_Memory::end_of_data() const
+ {
+ return (offset == source.size());
+ }
+
+/*************************************************
+* DataSource_Memory Constructor *
+*************************************************/
+DataSource_Memory::DataSource_Memory(const byte in[], u32bit length)
+ {
+ source.set(in, length);
+ offset = 0;
+ }
+
+/*************************************************
+* DataSource_Memory Constructor *
+*************************************************/
+DataSource_Memory::DataSource_Memory(const MemoryRegion<byte>& in)
+ {
+ source = in;
+ offset = 0;
+ }
+
+/*************************************************
+* DataSource_Memory Constructor *
+*************************************************/
+DataSource_Memory::DataSource_Memory(const std::string& in)
+ {
+ source.set((const byte*)in.c_str(), in.length());
+ offset = 0;
+ }
+
+/*************************************************
+* Read from a stream *
+*************************************************/
+u32bit DataSource_Stream::read(byte out[], u32bit length)
+ {
+ source->read((char*)out, length);
+ if(source->bad())
+ throw Stream_IO_Error("DataSource_Stream::read: Source failure");
+
+ u32bit got = source->gcount();
+ total_read += got;
+ return (u32bit)got;
+ }
+
+/*************************************************
+* Peek into a stream *
+*************************************************/
+u32bit DataSource_Stream::peek(byte out[], u32bit length, u32bit offset) const
+ {
+ if(end_of_data())
+ throw Invalid_State("DataSource_Stream: Cannot peek when out of data");
+
+ u32bit got = 0;
+
+ if(offset)
+ {
+ SecureVector<byte> buf(offset);
+ source->read((char*)buf.begin(), buf.size());
+ if(source->bad())
+ throw Stream_IO_Error("DataSource_Stream::peek: Source failure");
+ got = source->gcount();
+ }
+
+ if(got == offset)
+ {
+ source->read((char*)out, length);
+ if(source->bad())
+ throw Stream_IO_Error("DataSource_Stream::peek: Source failure");
+ got = source->gcount();
+ }
+
+ if(source->eof())
+ source->clear();
+ source->seekg(total_read, std::ios::beg);
+
+ return got;
+ }
+
+/*************************************************
+* Check if the stream is empty or in error *
+*************************************************/
+bool DataSource_Stream::end_of_data() const
+ {
+ return (!source->good());
+ }
+
+/*************************************************
+* Return a human-readable ID for this stream *
+*************************************************/
+std::string DataSource_Stream::id() const
+ {
+ return fsname;
+ }
+
+/*************************************************
+* DataSource_Stream Constructor *
+*************************************************/
+DataSource_Stream::DataSource_Stream(const std::string& file,
+ bool use_binary) : fsname(file)
+ {
+ if(use_binary)
+ source = new std::ifstream(fsname.c_str(), std::ios::binary);
+ else
+ source = new std::ifstream(fsname.c_str());
+
+ if(!source->good())
+ throw Stream_IO_Error("DataSource_Stream: Failure opening " + fsname);
+ total_read = 0;
+ }
+
+/*************************************************
+* DataSource_Stream Destructor *
+*************************************************/
+DataSource_Stream::~DataSource_Stream()
+ {
+ delete source;
+ }
+
+}
diff --git a/src/datastor.cpp b/src/datastor.cpp
new file mode 100644
index 000000000..2b7255112
--- /dev/null
+++ b/src/datastor.cpp
@@ -0,0 +1,164 @@
+/*************************************************
+* Data Store Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/datastor.h>
+#include <botan/filters.h>
+#include <botan/parsing.h>
+#include <botan/stl_util.h>
+
+namespace Botan {
+
+/*************************************************
+* Default Matcher transform operation (identity) *
+*************************************************/
+std::pair<std::string, std::string>
+Data_Store::Matcher::transform(const std::string& key,
+ const std::string& value) const
+ {
+ return std::make_pair(key, value);
+ }
+
+/*************************************************
+* Data_Store Equality Comparison *
+*************************************************/
+bool Data_Store::operator==(const Data_Store& other) const
+ {
+ return (contents == other.contents);
+ }
+
+/*************************************************
+* Search based on an arbitrary predicate *
+*************************************************/
+std::multimap<std::string, std::string>
+Data_Store::get(const Matcher& matcher) const
+ {
+ std::multimap<std::string, std::string> out;
+
+ std::multimap<std::string, std::string>::const_iterator i;
+ i = contents.begin();
+ while(i != contents.end())
+ {
+ if(matcher(i->first, i->second))
+ out.insert(matcher.transform(i->first, i->second));
+ ++i;
+ }
+
+ return out;
+ }
+
+/*************************************************
+* Search based on an key equality *
+*************************************************/
+std::vector<std::string> Data_Store::get(const std::string& looking_for) const
+ {
+ std::vector<std::string> out;
+
+ std::multimap<std::string, std::string>::const_iterator i;
+ i = contents.begin();
+ while(i != contents.end())
+ {
+ if(i->first == looking_for)
+ out.push_back(i->second);
+ ++i;
+ }
+
+ return out;
+ }
+
+/*************************************************
+* Get a single atom *
+*************************************************/
+std::string Data_Store::get1(const std::string& key) const
+ {
+ std::vector<std::string> vals = get(key);
+
+ if(vals.empty())
+ throw Invalid_State("Data_Store::get1: Not values for " + key);
+ if(vals.size() > 1)
+ throw Invalid_State("Data_Store::get1: More than one value for " + key);
+
+ return vals.at(0);
+ }
+
+/*************************************************
+* Get a single MemoryVector atom *
+*************************************************/
+MemoryVector<byte>
+Data_Store::get1_memvec(const std::string& key) const
+ {
+ std::vector<std::string> vals = get(key);
+
+ if(vals.size() > 1)
+ throw Invalid_State("Data_Store::get1_memvec: Multiple values for " +
+ key);
+
+ if(vals.empty())
+ return MemoryVector<byte>();
+
+ Pipe pipe(new Hex_Decoder(FULL_CHECK));
+ pipe.start_msg();
+ if(vals.size())
+ pipe.write(vals[0]);
+ pipe.end_msg();
+ return pipe.read_all();
+ }
+
+/*************************************************
+* Get a single u32bit atom *
+*************************************************/
+u32bit Data_Store::get1_u32bit(const std::string& key,
+ u32bit default_val) const
+ {
+ std::vector<std::string> vals = get(key);
+
+ if(vals.empty())
+ return default_val;
+ else if(vals.size() > 1)
+ throw Invalid_State("Data_Store::get1_u32bit: Multiple values for " +
+ key);
+
+ return to_u32bit(vals[0]);
+ }
+
+/*************************************************
+* Insert a single key and value *
+*************************************************/
+void Data_Store::add(const std::string& key, const std::string& val)
+ {
+ multimap_insert(contents, key, val);
+ }
+
+/*************************************************
+* Insert a single key and value *
+*************************************************/
+void Data_Store::add(const std::string& key, u32bit val)
+ {
+ add(key, to_string(val));
+ }
+
+/*************************************************
+* Insert a single key and value *
+*************************************************/
+void Data_Store::add(const std::string& key, const MemoryRegion<byte>& val)
+ {
+ Pipe pipe(new Hex_Encoder);
+ pipe.process_msg(val);
+ add(key, pipe.read_all_as_string());
+ }
+
+/*************************************************
+* Insert a mapping of key/value pairs *
+*************************************************/
+void Data_Store::add(const std::multimap<std::string, std::string>& in)
+ {
+ std::multimap<std::string, std::string>::const_iterator i = in.begin();
+ while(i != in.end())
+ {
+ contents.insert(*i);
+ ++i;
+ }
+ }
+
+}
diff --git a/src/def_alg.cpp b/src/def_alg.cpp
new file mode 100644
index 000000000..9b87f6c2a
--- /dev/null
+++ b/src/def_alg.cpp
@@ -0,0 +1,267 @@
+/*************************************************
+* Default Engine Algorithms Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/eng_def.h>
+#include <botan/lookup.h>
+#include <botan/parsing.h>
+
+#include <botan/aes.h>
+#include <botan/blowfish.h>
+#include <botan/cast128.h>
+#include <botan/cast256.h>
+#include <botan/des.h>
+#include <botan/gost.h>
+#include <botan/idea.h>
+#include <botan/kasumi.h>
+#include <botan/lion.h>
+#include <botan/lubyrack.h>
+#include <botan/mars.h>
+#include <botan/misty1.h>
+#include <botan/rc2.h>
+#include <botan/rc5.h>
+#include <botan/rc6.h>
+#include <botan/safer_sk.h>
+#include <botan/seed.h>
+#include <botan/serpent.h>
+#include <botan/skipjack.h>
+#include <botan/square.h>
+#include <botan/tea.h>
+#include <botan/twofish.h>
+#include <botan/xtea.h>
+
+#include <botan/arc4.h>
+#include <botan/turing.h>
+#include <botan/wid_wake.h>
+
+#include <botan/adler32.h>
+#include <botan/crc24.h>
+#include <botan/crc32.h>
+#include <botan/fork256.h>
+#include <botan/has160.h>
+#include <botan/md2.h>
+#include <botan/md4.h>
+#include <botan/md5.h>
+#include <botan/rmd128.h>
+#include <botan/rmd160.h>
+#include <botan/sha160.h>
+#include <botan/sha256.h>
+#include <botan/sha_64.h>
+#include <botan/tiger.h>
+#include <botan/whrlpool.h>
+#include <botan/par_hash.h>
+
+#include <botan/cmac.h>
+#include <botan/hmac.h>
+#include <botan/x919_mac.h>
+
+#include <botan/mode_pad.h>
+#include <botan/pgp_s2k.h>
+#include <botan/pkcs5.h>
+
+namespace Botan {
+
+/*************************************************
+* Some macros to simplify control flow *
+*************************************************/
+#define HANDLE_TYPE_NO_ARGS(NAME, TYPE) \
+ if(algo_name == NAME) \
+ { \
+ if(name.size() == 1) \
+ return new TYPE; \
+ throw Invalid_Algorithm_Name(algo_spec); \
+ }
+
+#define HANDLE_TYPE_ONE_U32BIT(NAME, TYPE, DEFAULT) \
+ if(algo_name == NAME) \
+ { \
+ if(name.size() == 1) \
+ return new TYPE(DEFAULT); \
+ if(name.size() == 2) \
+ return new TYPE(to_u32bit(name[1])); \
+ throw Invalid_Algorithm_Name(algo_spec); \
+ }
+
+#define HANDLE_TYPE_TWO_U32BIT(NAME, TYPE, DEFAULT) \
+ if(algo_name == NAME) \
+ { \
+ if(name.size() == 1) \
+ return new TYPE(DEFAULT); \
+ if(name.size() == 2) \
+ return new TYPE(to_u32bit(name[1])); \
+ if(name.size() == 3) \
+ return new TYPE(to_u32bit(name[1]), to_u32bit(name[2])); \
+ throw Invalid_Algorithm_Name(algo_spec); \
+ }
+
+#define HANDLE_TYPE_ONE_STRING(NAME, TYPE) \
+ if(algo_name == NAME) \
+ { \
+ if(name.size() == 2) \
+ return new TYPE(name[1]); \
+ throw Invalid_Algorithm_Name(algo_spec); \
+ }
+
+/*************************************************
+* Look for an algorithm with this name *
+*************************************************/
+BlockCipher*
+Default_Engine::find_block_cipher(const std::string& algo_spec) const
+ {
+ std::vector<std::string> name = parse_algorithm_name(algo_spec);
+ if(name.size() == 0)
+ return 0;
+ const std::string algo_name = deref_alias(name[0]);
+
+ HANDLE_TYPE_NO_ARGS("AES", AES);
+ HANDLE_TYPE_NO_ARGS("AES-128", AES_128);
+ HANDLE_TYPE_NO_ARGS("AES-192", AES_192);
+ HANDLE_TYPE_NO_ARGS("AES-256", AES_256);
+ HANDLE_TYPE_NO_ARGS("Blowfish", Blowfish);
+ HANDLE_TYPE_NO_ARGS("CAST-128", CAST_128);
+ HANDLE_TYPE_NO_ARGS("CAST-256", CAST_256);
+ HANDLE_TYPE_NO_ARGS("DES", DES);
+ HANDLE_TYPE_NO_ARGS("DESX", DESX);
+ HANDLE_TYPE_NO_ARGS("TripleDES", TripleDES);
+ HANDLE_TYPE_NO_ARGS("GOST", GOST);
+ HANDLE_TYPE_NO_ARGS("IDEA", IDEA);
+ HANDLE_TYPE_NO_ARGS("KASUMI", KASUMI);
+ HANDLE_TYPE_ONE_STRING("Luby-Rackoff", LubyRackoff);
+ HANDLE_TYPE_NO_ARGS("MARS", MARS);
+ HANDLE_TYPE_ONE_U32BIT("MISTY1", MISTY1, 8);
+ HANDLE_TYPE_NO_ARGS("RC2", RC2);
+ HANDLE_TYPE_ONE_U32BIT("RC5", RC5, 12);
+ HANDLE_TYPE_NO_ARGS("RC6", RC6);
+ HANDLE_TYPE_ONE_U32BIT("SAFER-SK", SAFER_SK, 10);
+ HANDLE_TYPE_NO_ARGS("SEED", SEED);
+ HANDLE_TYPE_NO_ARGS("Serpent", Serpent);
+ HANDLE_TYPE_NO_ARGS("Skipjack", Skipjack);
+ HANDLE_TYPE_NO_ARGS("Square", Square);
+ HANDLE_TYPE_NO_ARGS("TEA", TEA);
+ HANDLE_TYPE_NO_ARGS("Twofish", Twofish);
+ HANDLE_TYPE_NO_ARGS("XTEA", XTEA);
+
+ if(algo_name == "Lion")
+ {
+ if(name.size() != 4)
+ throw Invalid_Algorithm_Name(algo_spec);
+ return new Lion(name[1], name[2], to_u32bit(name[3]));
+ }
+ return 0;
+ }
+
+/*************************************************
+* Look for an algorithm with this name *
+*************************************************/
+StreamCipher*
+Default_Engine::find_stream_cipher(const std::string& algo_spec) const
+ {
+ std::vector<std::string> name = parse_algorithm_name(algo_spec);
+ if(name.size() == 0)
+ return 0;
+ const std::string algo_name = deref_alias(name[0]);
+
+ HANDLE_TYPE_ONE_U32BIT("ARC4", ARC4, 0);
+ HANDLE_TYPE_ONE_U32BIT("RC4_drop", ARC4, 768);
+ HANDLE_TYPE_NO_ARGS("Turing", Turing);
+ HANDLE_TYPE_NO_ARGS("WiderWake4+1-BE", WiderWake_41_BE);
+
+ return 0;
+ }
+
+/*************************************************
+* Look for an algorithm with this name *
+*************************************************/
+HashFunction*
+Default_Engine::find_hash(const std::string& algo_spec) const
+ {
+ std::vector<std::string> name = parse_algorithm_name(algo_spec);
+ if(name.size() == 0)
+ return 0;
+ const std::string algo_name = deref_alias(name[0]);
+
+ HANDLE_TYPE_NO_ARGS("Adler32", Adler32);
+ HANDLE_TYPE_NO_ARGS("CRC24", CRC24);
+ HANDLE_TYPE_NO_ARGS("CRC32", CRC32);
+ HANDLE_TYPE_NO_ARGS("FORK-256", FORK_256);
+ HANDLE_TYPE_NO_ARGS("HAS-160", HAS_160);
+ HANDLE_TYPE_NO_ARGS("MD2", MD2);
+ HANDLE_TYPE_NO_ARGS("MD4", MD4);
+ HANDLE_TYPE_NO_ARGS("MD5", MD5);
+ HANDLE_TYPE_NO_ARGS("RIPEMD-128", RIPEMD_128);
+ HANDLE_TYPE_NO_ARGS("RIPEMD-160", RIPEMD_160);
+ HANDLE_TYPE_NO_ARGS("SHA-160", SHA_160);
+ HANDLE_TYPE_NO_ARGS("SHA-256", SHA_256);
+ HANDLE_TYPE_NO_ARGS("SHA-384", SHA_384);
+ HANDLE_TYPE_NO_ARGS("SHA-512", SHA_512);
+ HANDLE_TYPE_TWO_U32BIT("Tiger", Tiger, 24);
+ HANDLE_TYPE_NO_ARGS("Whirlpool", Whirlpool);
+
+ if(algo_name == "Parallel")
+ {
+ if(name.size() < 2)
+ throw Invalid_Algorithm_Name(algo_spec);
+ name.erase(name.begin());
+ return new Parallel(name);
+ }
+ return 0;
+ }
+
+/*************************************************
+* Look for an algorithm with this name *
+*************************************************/
+MessageAuthenticationCode*
+Default_Engine::find_mac(const std::string& algo_spec) const
+ {
+ std::vector<std::string> name = parse_algorithm_name(algo_spec);
+ if(name.size() == 0)
+ return 0;
+ const std::string algo_name = deref_alias(name[0]);
+
+ HANDLE_TYPE_ONE_STRING("CMAC", CMAC);
+ HANDLE_TYPE_ONE_STRING("HMAC", HMAC);
+ HANDLE_TYPE_NO_ARGS("X9.19-MAC", ANSI_X919_MAC);
+
+ return 0;
+ }
+
+/*************************************************
+* Look for an algorithm with this name *
+*************************************************/
+S2K* Default_Engine::find_s2k(const std::string& algo_spec) const
+ {
+ std::vector<std::string> name = parse_algorithm_name(algo_spec);
+ if(name.size() == 0)
+ return 0;
+
+ const std::string algo_name = deref_alias(name[0]);
+
+ HANDLE_TYPE_ONE_STRING("PBKDF1", PKCS5_PBKDF1);
+ HANDLE_TYPE_ONE_STRING("PBKDF2", PKCS5_PBKDF2);
+ HANDLE_TYPE_ONE_STRING("OpenPGP-S2K", OpenPGP_S2K);
+
+ return 0;
+ }
+
+/*************************************************
+* Look for an algorithm with this name *
+*************************************************/
+BlockCipherModePaddingMethod*
+Default_Engine::find_bc_pad(const std::string& algo_spec) const
+ {
+ std::vector<std::string> name = parse_algorithm_name(algo_spec);
+ if(name.size() == 0)
+ return 0;
+
+ const std::string algo_name = deref_alias(name[0]);
+
+ HANDLE_TYPE_NO_ARGS("PKCS7", PKCS7_Padding);
+ HANDLE_TYPE_NO_ARGS("OneAndZeros", OneAndZeros_Padding);
+ HANDLE_TYPE_NO_ARGS("X9.23", ANSI_X923_Padding);
+ HANDLE_TYPE_NO_ARGS("NoPadding", Null_Padding);
+
+ return 0;
+ }
+
+}
diff --git a/src/def_mode.cpp b/src/def_mode.cpp
new file mode 100644
index 000000000..ca9692128
--- /dev/null
+++ b/src/def_mode.cpp
@@ -0,0 +1,134 @@
+/*************************************************
+* Default Engine Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/eng_def.h>
+#include <botan/parsing.h>
+#include <botan/filters.h>
+#include <botan/lookup.h>
+#include <botan/ecb.h>
+#include <botan/cbc.h>
+#include <botan/cts.h>
+#include <botan/cfb.h>
+#include <botan/ofb.h>
+#include <botan/ctr.h>
+#include <botan/eax.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Get a cipher object *
+*************************************************/
+Keyed_Filter* do_get_cipher(const std::string& algo_spec,
+ Cipher_Dir direction)
+ {
+ std::vector<std::string> algo_parts = split_on(algo_spec, '/');
+ if(algo_parts.empty())
+ throw Invalid_Algorithm_Name(algo_spec);
+
+ const std::string cipher = algo_parts[0];
+
+ if(have_stream_cipher(cipher))
+ {
+ if(algo_parts.size() == 1)
+ return new StreamCipher_Filter(cipher);
+ return 0;
+ }
+ else if(have_block_cipher(cipher))
+ {
+ if(algo_parts.size() != 2 && algo_parts.size() != 3)
+ return 0;
+
+ std::string mode = algo_parts[1];
+ u32bit bits = 0;
+
+ if(mode.find("CFB") != std::string::npos ||
+ mode.find("EAX") != std::string::npos)
+ {
+ std::vector<std::string> algo_info = parse_algorithm_name(mode);
+ mode = algo_info[0];
+ if(algo_info.size() == 1)
+ bits = 8*block_size_of(cipher);
+ else if(algo_info.size() == 2)
+ bits = to_u32bit(algo_info[1]);
+ else
+ throw Invalid_Algorithm_Name(algo_spec);
+ }
+
+ std::string padding;
+ if(algo_parts.size() == 3)
+ padding = algo_parts[2];
+ else
+ padding = (mode == "CBC") ? "PKCS7" : "NoPadding";
+
+ if(mode == "ECB" && padding == "CTS")
+ return 0;
+ else if((mode != "CBC" && mode != "ECB") && padding != "NoPadding")
+ throw Invalid_Algorithm_Name(algo_spec);
+
+ if(mode == "OFB") return new OFB(cipher);
+ else if(mode == "CTR-BE") return new CTR_BE(cipher);
+ else if(mode == "ECB" || mode == "CBC" || mode == "CTS" ||
+ mode == "CFB" || mode == "EAX")
+ {
+ if(mode == "ECB")
+ {
+ if(direction == ENCRYPTION)
+ return new ECB_Encryption(cipher, padding);
+ else
+ return new ECB_Decryption(cipher, padding);
+ }
+ else if(mode == "CFB")
+ {
+ if(direction == ENCRYPTION)
+ return new CFB_Encryption(cipher, bits);
+ else
+ return new CFB_Decryption(cipher, bits);
+ }
+ else if(mode == "CBC")
+ {
+ if(padding == "CTS")
+ {
+ if(direction == ENCRYPTION)
+ return new CTS_Encryption(cipher);
+ else
+ return new CTS_Decryption(cipher);
+ }
+ if(direction == ENCRYPTION)
+ return new CBC_Encryption(cipher, padding);
+ else
+ return new CBC_Decryption(cipher, padding);
+ }
+ else if(mode == "EAX")
+ {
+ if(direction == ENCRYPTION)
+ return new EAX_Encryption(cipher, bits);
+ else
+ return new EAX_Decryption(cipher, bits);
+ }
+ else
+ throw Internal_Error("get_mode: " + cipher + "/"
+ + mode + "/" + padding);
+ }
+ else
+ return 0;
+ }
+
+ return 0;
+ }
+
+}
+
+/*************************************************
+* Get a cipher object *
+*************************************************/
+Keyed_Filter* Default_Engine::get_cipher(const std::string& algo_spec,
+ Cipher_Dir direction)
+ {
+ return do_get_cipher(algo_spec, direction);
+ }
+
+}
diff --git a/src/def_ops.cpp b/src/def_ops.cpp
new file mode 100644
index 000000000..d17bb41b3
--- /dev/null
+++ b/src/def_ops.cpp
@@ -0,0 +1,355 @@
+/*************************************************
+* Default Engine PK Operations Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/eng_def.h>
+#include <botan/pow_mod.h>
+#include <botan/numthry.h>
+#include <botan/reducer.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Default IF Operation *
+*************************************************/
+class Default_IF_Op : public IF_Operation
+ {
+ public:
+ BigInt public_op(const BigInt& i) const
+ { return powermod_e_n(i); }
+ BigInt private_op(const BigInt&) const;
+
+ IF_Operation* clone() const { return new Default_IF_Op(*this); }
+
+ Default_IF_Op(const BigInt&, const BigInt&, const BigInt&,
+ const BigInt&, const BigInt&, const BigInt&,
+ const BigInt&, const BigInt&);
+ private:
+ Fixed_Exponent_Power_Mod powermod_e_n, powermod_d1_p, powermod_d2_q;
+ Modular_Reducer reducer;
+ BigInt c, q;
+ };
+
+/*************************************************
+* Default_IF_Op Constructor *
+*************************************************/
+Default_IF_Op::Default_IF_Op(const BigInt& e, const BigInt& n, const BigInt&,
+ const BigInt& p, const BigInt& q,
+ const BigInt& d1, const BigInt& d2,
+ const BigInt& c)
+ {
+ powermod_e_n = Fixed_Exponent_Power_Mod(e, n);
+
+ if(d1 != 0 && d2 != 0 && p != 0 && q != 0)
+ {
+ powermod_d1_p = Fixed_Exponent_Power_Mod(d1, p);
+ powermod_d2_q = Fixed_Exponent_Power_Mod(d2, q);
+ reducer = Modular_Reducer(p);
+ this->c = c;
+ this->q = q;
+ }
+ }
+
+/*************************************************
+* Default IF Private Operation *
+*************************************************/
+BigInt Default_IF_Op::private_op(const BigInt& i) const
+ {
+ if(q == 0)
+ throw Internal_Error("Default_IF_Op::private_op: No private key");
+
+ BigInt j1 = powermod_d1_p(i);
+ BigInt j2 = powermod_d2_q(i);
+ j1 = reducer.reduce(sub_mul(j1, j2, c));
+ return mul_add(j1, q, j2);
+ }
+
+/*************************************************
+* Default DSA Operation *
+*************************************************/
+class Default_DSA_Op : public DSA_Operation
+ {
+ public:
+ bool verify(const byte[], u32bit, const byte[], u32bit) const;
+ SecureVector<byte> sign(const byte[], u32bit, const BigInt&) const;
+
+ DSA_Operation* clone() const { return new Default_DSA_Op(*this); }
+
+ Default_DSA_Op(const DL_Group&, const BigInt&, const BigInt&);
+ private:
+ const BigInt x, y;
+ const DL_Group group;
+ Fixed_Base_Power_Mod powermod_g_p, powermod_y_p;
+ Modular_Reducer reduce_p, reduce_q;
+ };
+
+/*************************************************
+* Default_DSA_Op Constructor *
+*************************************************/
+Default_DSA_Op::Default_DSA_Op(const DL_Group& grp, const BigInt& y1,
+ const BigInt& x1) : x(x1), y(y1), group(grp)
+ {
+ powermod_g_p = Fixed_Base_Power_Mod(group.get_g(), group.get_p());
+ powermod_y_p = Fixed_Base_Power_Mod(y, group.get_p());
+ reduce_p = Modular_Reducer(group.get_p());
+ reduce_q = Modular_Reducer(group.get_q());
+ }
+
+/*************************************************
+* Default DSA Verify Operation *
+*************************************************/
+bool Default_DSA_Op::verify(const byte msg[], u32bit msg_len,
+ const byte sig[], u32bit sig_len) const
+ {
+ const BigInt& q = group.get_q();
+
+ if(sig_len != 2*q.bytes() || msg_len > q.bytes())
+ return false;
+
+ BigInt r(sig, q.bytes());
+ BigInt s(sig + q.bytes(), q.bytes());
+ BigInt i(msg, msg_len);
+
+ if(r <= 0 || r >= q || s <= 0 || s >= q)
+ return false;
+
+ s = inverse_mod(s, q);
+ s = reduce_p.multiply(powermod_g_p(reduce_q.multiply(s, i)),
+ powermod_y_p(reduce_q.multiply(s, r)));
+
+ return (reduce_q.reduce(s) == r);
+ }
+
+/*************************************************
+* Default DSA Sign Operation *
+*************************************************/
+SecureVector<byte> Default_DSA_Op::sign(const byte in[], u32bit length,
+ const BigInt& k) const
+ {
+ if(x == 0)
+ throw Internal_Error("Default_DSA_Op::sign: No private key");
+
+ const BigInt& q = group.get_q();
+ BigInt i(in, length);
+
+ BigInt r = reduce_q.reduce(powermod_g_p(k));
+ BigInt s = reduce_q.multiply(inverse_mod(k, q), mul_add(x, r, i));
+
+ if(r.is_zero() || s.is_zero())
+ throw Internal_Error("Default_DSA_Op::sign: r or s was zero");
+
+ SecureVector<byte> output(2*q.bytes());
+ r.binary_encode(output + (output.size() / 2 - r.bytes()));
+ s.binary_encode(output + (output.size() - s.bytes()));
+ return output;
+ }
+
+/*************************************************
+* Default NR Operation *
+*************************************************/
+class Default_NR_Op : public NR_Operation
+ {
+ public:
+ SecureVector<byte> verify(const byte[], u32bit) const;
+ SecureVector<byte> sign(const byte[], u32bit, const BigInt&) const;
+
+ NR_Operation* clone() const { return new Default_NR_Op(*this); }
+
+ Default_NR_Op(const DL_Group&, const BigInt&, const BigInt&);
+ private:
+ const BigInt x, y;
+ const DL_Group group;
+ Fixed_Base_Power_Mod powermod_g_p, powermod_y_p;
+ Modular_Reducer reducer_p, reducer_q;
+ };
+
+/*************************************************
+* Default_NR_Op Constructor *
+*************************************************/
+Default_NR_Op::Default_NR_Op(const DL_Group& grp, const BigInt& y1,
+ const BigInt& x1) : x(x1), y(y1), group(grp)
+ {
+ powermod_g_p = Fixed_Base_Power_Mod(group.get_g(), group.get_p());
+ powermod_y_p = Fixed_Base_Power_Mod(y, group.get_p());
+ reducer_p = Modular_Reducer(group.get_p());
+ reducer_q = Modular_Reducer(group.get_q());
+ }
+
+/*************************************************
+* Default NR Verify Operation *
+*************************************************/
+SecureVector<byte> Default_NR_Op::verify(const byte in[], u32bit length) const
+ {
+ const BigInt& q = group.get_q();
+
+ if(length != 2*q.bytes())
+ return false;
+
+ BigInt c(in, q.bytes());
+ BigInt d(in + q.bytes(), q.bytes());
+
+ if(c.is_zero() || c >= q || d >= q)
+ throw Invalid_Argument("Default_NR_Op::verify: Invalid signature");
+
+ BigInt i = reducer_p.multiply(powermod_g_p(d), powermod_y_p(c));
+ return BigInt::encode(reducer_q.reduce(c - i));
+ }
+
+/*************************************************
+* Default NR Sign Operation *
+*************************************************/
+SecureVector<byte> Default_NR_Op::sign(const byte in[], u32bit length,
+ const BigInt& k) const
+ {
+ if(x == 0)
+ throw Internal_Error("Default_NR_Op::sign: No private key");
+
+ const BigInt& q = group.get_q();
+
+ BigInt f(in, length);
+
+ if(f >= q)
+ throw Invalid_Argument("Default_NR_Op::sign: Input is out of range");
+
+ BigInt c = reducer_q.reduce(powermod_g_p(k) + f);
+ if(c.is_zero())
+ throw Internal_Error("Default_NR_Op::sign: c was zero");
+ BigInt d = reducer_q.reduce(k - x * c);
+
+ SecureVector<byte> output(2*q.bytes());
+ c.binary_encode(output + (output.size() / 2 - c.bytes()));
+ d.binary_encode(output + (output.size() - d.bytes()));
+ return output;
+ }
+
+/*************************************************
+* Default ElGamal Operation *
+*************************************************/
+class Default_ELG_Op : public ELG_Operation
+ {
+ public:
+ SecureVector<byte> encrypt(const byte[], u32bit, const BigInt&) const;
+ BigInt decrypt(const BigInt&, const BigInt&) const;
+
+ ELG_Operation* clone() const { return new Default_ELG_Op(*this); }
+
+ Default_ELG_Op(const DL_Group&, const BigInt&, const BigInt&);
+ private:
+ const BigInt p;
+ Fixed_Base_Power_Mod powermod_g_p, powermod_y_p;
+ Fixed_Exponent_Power_Mod powermod_x_p;
+ Modular_Reducer reducer_p;
+ };
+
+/*************************************************
+* Default_ELG_Op Constructor *
+*************************************************/
+Default_ELG_Op::Default_ELG_Op(const DL_Group& group, const BigInt& y,
+ const BigInt& x) : p(group.get_p())
+ {
+ powermod_g_p = Fixed_Base_Power_Mod(group.get_g(), p);
+ powermod_y_p = Fixed_Base_Power_Mod(y, p);
+ reducer_p = Modular_Reducer(p);
+
+ if(x != 0)
+ powermod_x_p = Fixed_Exponent_Power_Mod(x, p);
+ }
+
+/*************************************************
+* Default ElGamal Encrypt Operation *
+*************************************************/
+SecureVector<byte> Default_ELG_Op::encrypt(const byte in[], u32bit length,
+ const BigInt& k) const
+ {
+ BigInt m(in, length);
+ if(m >= p)
+ throw Invalid_Argument("Default_ELG_Op::encrypt: Input is too large");
+
+ BigInt a = powermod_g_p(k);
+ BigInt b = reducer_p.multiply(m, powermod_y_p(k));
+
+ SecureVector<byte> output(2*p.bytes());
+ a.binary_encode(output + (p.bytes() - a.bytes()));
+ b.binary_encode(output + output.size() / 2 + (p.bytes() - b.bytes()));
+ return output;
+ }
+
+/*************************************************
+* Default ElGamal Decrypt Operation *
+*************************************************/
+BigInt Default_ELG_Op::decrypt(const BigInt& a, const BigInt& b) const
+ {
+ if(a >= p || b >= p)
+ throw Invalid_Argument("Default_ELG_Op: Invalid message");
+
+ return reducer_p.multiply(b, inverse_mod(powermod_x_p(a), p));
+ }
+
+/*************************************************
+* Default DH Operation *
+*************************************************/
+class Default_DH_Op : public DH_Operation
+ {
+ public:
+ BigInt agree(const BigInt& i) const { return powermod_x_p(i); }
+ DH_Operation* clone() const { return new Default_DH_Op(*this); }
+
+ Default_DH_Op(const DL_Group& group, const BigInt& x) :
+ powermod_x_p(x, group.get_p()) {}
+ private:
+ const Fixed_Exponent_Power_Mod powermod_x_p;
+ };
+
+}
+
+/*************************************************
+* Acquire an IF op *
+*************************************************/
+IF_Operation* Default_Engine::if_op(const BigInt& e, const BigInt& n,
+ const BigInt& d, const BigInt& p,
+ const BigInt& q, const BigInt& d1,
+ const BigInt& d2, const BigInt& c) const
+ {
+ return new Default_IF_Op(e, n, d, p, q, d1, d2, c);
+ }
+
+/*************************************************
+* Acquire a DSA op *
+*************************************************/
+DSA_Operation* Default_Engine::dsa_op(const DL_Group& group, const BigInt& y,
+ const BigInt& x) const
+ {
+ return new Default_DSA_Op(group, y, x);
+ }
+
+/*************************************************
+* Acquire a NR op *
+*************************************************/
+NR_Operation* Default_Engine::nr_op(const DL_Group& group, const BigInt& y,
+ const BigInt& x) const
+ {
+ return new Default_NR_Op(group, y, x);
+ }
+
+/*************************************************
+* Acquire an ElGamal op *
+*************************************************/
+ELG_Operation* Default_Engine::elg_op(const DL_Group& group, const BigInt& y,
+ const BigInt& x) const
+ {
+ return new Default_ELG_Op(group, y, x);
+ }
+
+/*************************************************
+* Acquire a DH op *
+*************************************************/
+DH_Operation* Default_Engine::dh_op(const DL_Group& group,
+ const BigInt& x) const
+ {
+ return new Default_DH_Op(group, x);
+ }
+
+}
diff --git a/src/def_powm.cpp b/src/def_powm.cpp
new file mode 100644
index 000000000..62014e41c
--- /dev/null
+++ b/src/def_powm.cpp
@@ -0,0 +1,22 @@
+/*************************************************
+* Modular Exponentiation Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/eng_def.h>
+#include <botan/def_powm.h>
+
+namespace Botan {
+
+/*************************************************
+* Choose a modular exponentation algorithm *
+*************************************************/
+Modular_Exponentiator*
+Default_Engine::mod_exp(const BigInt& n, Power_Mod::Usage_Hints hints) const
+ {
+ if(n.is_odd())
+ return new Montgomery_Exponentiator(n, hints);
+ return new Fixed_Window_Exponentiator(n, hints);
+ }
+
+}
diff --git a/src/defalloc.cpp b/src/defalloc.cpp
new file mode 100644
index 000000000..ad54fb3ca
--- /dev/null
+++ b/src/defalloc.cpp
@@ -0,0 +1,81 @@
+/*************************************************
+* Basic Allocators Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/defalloc.h>
+#include <botan/util.h>
+#include <cstdlib>
+#include <cstring>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Perform Memory Allocation *
+*************************************************/
+void* do_malloc(u32bit n, bool do_lock)
+ {
+ void* ptr = std::malloc(n);
+
+ if(!ptr)
+ return 0;
+
+ if(do_lock)
+ lock_mem(ptr, n);
+
+ std::memset(ptr, 0, n);
+ return ptr;
+ }
+
+/*************************************************
+* Perform Memory Deallocation *
+*************************************************/
+void do_free(void* ptr, u32bit n, bool do_lock)
+ {
+ if(!ptr)
+ return;
+
+ std::memset(ptr, 0, n);
+ if(do_lock)
+ unlock_mem(ptr, n);
+
+ std::free(ptr);
+ }
+
+}
+
+/*************************************************
+* Malloc_Allocator's Allocation *
+*************************************************/
+void* Malloc_Allocator::alloc_block(u32bit n)
+ {
+ return do_malloc(n, false);
+ }
+
+/*************************************************
+* Malloc_Allocator's Deallocation *
+*************************************************/
+void Malloc_Allocator::dealloc_block(void* ptr, u32bit n)
+ {
+ do_free(ptr, n, false);
+ }
+
+/*************************************************
+* Locking_Allocator's Allocation *
+*************************************************/
+void* Locking_Allocator::alloc_block(u32bit n)
+ {
+ return do_malloc(n, true);
+ }
+
+/*************************************************
+* Locking_Allocator's Deallocation *
+*************************************************/
+void Locking_Allocator::dealloc_block(void* ptr, u32bit n)
+ {
+ do_free(ptr, n, true);
+ }
+
+}
diff --git a/src/der_enc.cpp b/src/der_enc.cpp
new file mode 100644
index 000000000..c4a7245ff
--- /dev/null
+++ b/src/der_enc.cpp
@@ -0,0 +1,479 @@
+/*************************************************
+* DER Encoder Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/der_enc.h>
+#include <botan/asn1_int.h>
+#include <botan/bigint.h>
+#include <botan/bit_ops.h>
+#include <botan/parsing.h>
+#include <algorithm>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* DER encode an ASN.1 type tag *
+*************************************************/
+SecureVector<byte> encode_tag(ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ if((class_tag | 0xE0) != 0xE0)
+ throw Encoding_Error("DER_Encoder: Invalid class tag " +
+ to_string(class_tag));
+
+ SecureVector<byte> encoded_tag;
+ if(type_tag <= 30)
+ encoded_tag.append((byte)(type_tag | class_tag));
+ else
+ {
+ u32bit blocks = high_bit(type_tag) + 6;
+ blocks = (blocks - (blocks % 7)) / 7;
+
+ encoded_tag.append(class_tag | 0x1F);
+ for(u32bit k = 0; k != blocks - 1; ++k)
+ encoded_tag.append(0x80 | ((type_tag >> 7*(blocks-k-1)) & 0x7F));
+ encoded_tag.append(type_tag & 0x7F);
+ }
+
+ return encoded_tag;
+ }
+
+/*************************************************
+* DER encode an ASN.1 length field *
+*************************************************/
+SecureVector<byte> encode_length(u32bit length)
+ {
+ SecureVector<byte> encoded_length;
+ if(length <= 127)
+ encoded_length.append((byte)length);
+ else
+ {
+ const u32bit top_byte = significant_bytes(length);
+ encoded_length.append((byte)(0x80 | top_byte));
+ for(u32bit j = 4-top_byte; j != 4; ++j)
+ encoded_length.append(get_byte(j, length));
+ }
+ return encoded_length;
+ }
+
+/*************************************************
+* A comparison functor for sorting SET objects *
+*************************************************/
+class DER_Cmp
+ {
+ public:
+ bool operator()(const MemoryRegion<byte>&,
+ const MemoryRegion<byte>&) const;
+ };
+
+/*************************************************
+* Compare two encodings, as specified by X.690 *
+*************************************************/
+bool DER_Cmp::operator()(const MemoryRegion<byte>& a,
+ const MemoryRegion<byte>& b) const
+ {
+ if(a.size() < b.size()) return true;
+ if(a.size() > b.size()) return false;
+
+ for(u32bit j = 0; j != a.size(); ++j)
+ {
+ if(a[j] < b[j]) return true;
+ if(a[j] > b[j]) return false;
+ }
+ return false;
+ }
+
+}
+
+/*************************************************
+* Return the encoded SEQUENCE/SET *
+*************************************************/
+SecureVector<byte> DER_Encoder::DER_Sequence::get_contents()
+ {
+ const ASN1_Tag real_class_tag = ASN1_Tag(class_tag | CONSTRUCTED);
+
+ SecureVector<byte> encoded_tag = encode_tag(type_tag, real_class_tag);
+
+ if(is_a_set)
+ {
+ std::sort(set_contents.begin(), set_contents.end(), DER_Cmp());
+ for(u32bit j = 0; j != set_contents.size(); ++j)
+ contents.append(set_contents[j]);
+ set_contents.clear();
+ }
+
+ SecureVector<byte> encoded_length = encode_length(contents.size());
+
+ SecureVector<byte> retval;
+ retval.append(encoded_tag);
+ retval.append(encoded_length);
+ retval.append(contents);
+ contents.destroy();
+ return retval;
+ }
+
+/*************************************************
+* Add an encoded value to the SEQUENCE/SET *
+*************************************************/
+void DER_Encoder::DER_Sequence::add_bytes(const byte data[], u32bit length)
+ {
+ if(is_a_set)
+ {
+ set_contents.push_back(SecureVector<byte>(data, length));
+ }
+ else
+ contents.append(data, length);
+ }
+
+/*************************************************
+* Return the type and class taggings *
+*************************************************/
+ASN1_Tag DER_Encoder::DER_Sequence::tag_of() const
+ {
+ return ASN1_Tag(type_tag | class_tag);
+ }
+
+/*************************************************
+* DER_Sequence Constructor *
+*************************************************/
+DER_Encoder::DER_Sequence::DER_Sequence(ASN1_Tag t1, ASN1_Tag t2, bool b) :
+ type_tag(t1), class_tag(t2), is_a_set(b)
+ {
+ }
+
+/*************************************************
+* Return the encoded contents *
+*************************************************/
+SecureVector<byte> DER_Encoder::get_contents()
+ {
+ if(sequence_level != 0)
+ throw Invalid_State("DER_Encoder: Sequence hasn't been marked done");
+
+ SecureVector<byte> retval;
+ retval = contents;
+ contents.destroy();
+ return retval;
+ }
+
+/*************************************************
+* Start a new ASN.1 SEQUENCE/SET/EXPLICIT *
+*************************************************/
+DER_Encoder& DER_Encoder::start_cons(ASN1_Tag type_tag, ASN1_Tag class_tag,
+ bool is_a_set)
+ {
+ ++sequence_level;
+ subsequences.push_back(DER_Sequence(type_tag, class_tag, is_a_set));
+ return (*this);
+ }
+
+/*************************************************
+* Finish the current ASN.1 SEQUENCE/SET/EXPLICIT *
+*************************************************/
+DER_Encoder& DER_Encoder::end_cons(ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ if(sequence_level == 0)
+ throw Invalid_State("DER_Encoder::end_cons: No such sequence");
+ sequence_level--;
+ if(subsequences[sequence_level].tag_of() != ASN1_Tag(type_tag | class_tag))
+ throw Invalid_Argument("DER_Encoder::end_cons: Tag mismatch");
+
+ SecureVector<byte> seq = subsequences[sequence_level].get_contents();
+ subsequences.pop_back();
+ add_raw_octets(seq);
+ return (*this);
+ }
+
+/*************************************************
+* Start a new ASN.1 SEQUENCE *
+*************************************************/
+DER_Encoder& DER_Encoder::start_sequence(ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ return start_cons(type_tag, class_tag, false);
+ }
+
+/*************************************************
+* Finish the current ASN.1 SEQUENCE *
+*************************************************/
+DER_Encoder& DER_Encoder::end_sequence(ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ return end_cons(type_tag, class_tag);
+ }
+
+/*************************************************
+* Start a new ASN.1 SET *
+*************************************************/
+DER_Encoder& DER_Encoder::start_set(ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ return start_cons(type_tag, class_tag, true);
+ }
+
+/*************************************************
+* Finish the current ASN.1 SET *
+*************************************************/
+DER_Encoder& DER_Encoder::end_set(ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ return end_cons(type_tag, class_tag);
+ }
+
+/*************************************************
+* Start a new ASN.1 SEQUENCE *
+*************************************************/
+DER_Encoder& DER_Encoder::start_sequence()
+ {
+ return start_sequence(SEQUENCE, UNIVERSAL);
+ }
+
+/*************************************************
+* Finish the current ASN.1 SEQUENCE *
+*************************************************/
+DER_Encoder& DER_Encoder::end_sequence()
+ {
+ return end_sequence(SEQUENCE, UNIVERSAL);
+ }
+
+/*************************************************
+* Start a new ASN.1 SET *
+*************************************************/
+DER_Encoder& DER_Encoder::start_set()
+ {
+ return start_set(SET, UNIVERSAL);
+ }
+
+/*************************************************
+* Finish the current ASN.1 SET *
+*************************************************/
+DER_Encoder& DER_Encoder::end_set()
+ {
+ return end_set(SET, UNIVERSAL);
+ }
+
+/*************************************************
+* Start a new ASN.1 EXPLICIT encoding *
+*************************************************/
+DER_Encoder& DER_Encoder::start_explicit(ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ return start_cons(type_tag, class_tag, false);
+ }
+
+/*************************************************
+* Finish the current ASN.1 EXPLICIT encoding *
+*************************************************/
+DER_Encoder& DER_Encoder::end_explicit(ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ return end_cons(type_tag, class_tag);
+ }
+
+/*************************************************
+* Write raw octets into the stream *
+*************************************************/
+DER_Encoder& DER_Encoder::add_raw_octets(const MemoryRegion<byte>& octets)
+ {
+ return add_raw_octets(octets.begin(), octets.size());
+ }
+
+/*************************************************
+* Write raw octets into the stream *
+*************************************************/
+DER_Encoder& DER_Encoder::add_raw_octets(const byte octets[], u32bit length)
+ {
+ if(sequence_level == 0)
+ contents.append(octets, length);
+ else
+ subsequences[sequence_level-1].add_bytes(octets, length);
+ return (*this);
+ }
+
+/*************************************************
+* Encode a NULL object *
+*************************************************/
+DER_Encoder& DER_Encoder::encode_null()
+ {
+ return add_object(NULL_TAG, UNIVERSAL, 0, 0);
+ }
+
+/*************************************************
+* DER encode a BOOLEAN *
+*************************************************/
+DER_Encoder& DER_Encoder::encode(bool is_true)
+ {
+ return encode(is_true, BOOLEAN, UNIVERSAL);
+ }
+
+/*************************************************
+* DER encode a small INTEGER *
+*************************************************/
+DER_Encoder& DER_Encoder::encode(u32bit n)
+ {
+ return encode(BigInt(n), INTEGER, UNIVERSAL);
+ }
+
+/*************************************************
+* DER encode a small INTEGER *
+*************************************************/
+DER_Encoder& DER_Encoder::encode(const BigInt& n)
+ {
+ return encode(n, INTEGER, UNIVERSAL);
+ }
+
+/*************************************************
+* DER encode an OCTET STRING or BIT STRING *
+*************************************************/
+DER_Encoder& DER_Encoder::encode(const MemoryRegion<byte>& octets,
+ ASN1_Tag real_type)
+ {
+ return encode(octets.begin(), octets.size(),
+ real_type, real_type, UNIVERSAL);
+ }
+
+/*************************************************
+* Encode this object *
+*************************************************/
+DER_Encoder& DER_Encoder::encode(const byte octets[], u32bit length,
+ ASN1_Tag real_type)
+ {
+ return encode(octets, length, real_type, real_type, UNIVERSAL);
+ }
+
+/*************************************************
+* DER encode a BOOLEAN *
+*************************************************/
+DER_Encoder& DER_Encoder::encode(bool is_true,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ byte val = is_true ? 0xFF : 0x00;
+ return add_object(type_tag, class_tag, &val, 1);
+ }
+
+/*************************************************
+* DER encode a small INTEGER *
+*************************************************/
+DER_Encoder& DER_Encoder::encode(u32bit n,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ return encode(BigInt(n), type_tag, class_tag);
+ }
+
+/*************************************************
+* DER encode an INTEGER *
+*************************************************/
+DER_Encoder& DER_Encoder::encode(const BigInt& n,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ if(n == 0)
+ return add_object(type_tag, class_tag, 0);
+
+ bool extra_zero = (n.bits() % 8 == 0);
+ SecureVector<byte> contents(extra_zero + n.bytes());
+ BigInt::encode(contents.begin() + extra_zero, n);
+ if(n < 0)
+ {
+ for(u32bit j = 0; j != contents.size(); ++j)
+ contents[j] = ~contents[j];
+ for(u32bit j = contents.size(); j > 0; --j)
+ if(++contents[j-1])
+ break;
+ }
+
+ return add_object(type_tag, class_tag, contents);
+ }
+
+/*************************************************
+* DER encode an OCTET STRING or BIT STRING *
+*************************************************/
+DER_Encoder& DER_Encoder::encode(const MemoryRegion<byte>& octets,
+ ASN1_Tag real_type,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ return encode(octets.begin(), octets.size(),
+ real_type, type_tag, class_tag);
+ }
+
+/*************************************************
+* DER encode an OCTET STRING or BIT STRING *
+*************************************************/
+DER_Encoder& DER_Encoder::encode(const byte octets[], u32bit length,
+ ASN1_Tag real_type,
+ ASN1_Tag type_tag, ASN1_Tag class_tag)
+ {
+ if(real_type != OCTET_STRING && real_type != BIT_STRING)
+ throw Invalid_Argument("DER_Encoder: Invalid tag for byte/bit string");
+
+ if(real_type == BIT_STRING)
+ {
+ SecureVector<byte> encoded;
+ encoded.append(0);
+ encoded.append(octets, length);
+ return add_object(type_tag, class_tag, encoded);
+ }
+ else
+ return add_object(type_tag, class_tag, octets, length);
+ }
+
+/*************************************************
+* Request for an object to encode itself *
+*************************************************/
+DER_Encoder& DER_Encoder::encode(const ASN1_Object& obj)
+ {
+ obj.encode_into(*this);
+ return (*this);
+ }
+
+/*************************************************
+* Write the encoding of the octet(s) *
+*************************************************/
+DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag,
+ const byte rep[], u32bit length)
+ {
+ SecureVector<byte> encoded_tag = encode_tag(type_tag, class_tag);
+ SecureVector<byte> encoded_length = encode_length(length);
+
+ SecureVector<byte> buffer;
+ buffer.append(encoded_tag);
+ buffer.append(encoded_length);
+ buffer.append(rep, length);
+
+ return add_raw_octets(buffer);
+ }
+
+/*************************************************
+* Write the encoding of the octet(s) *
+*************************************************/
+DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag,
+ const MemoryRegion<byte>& rep_buf)
+ {
+ const byte* rep = rep_buf.begin();
+ const u32bit rep_len = rep_buf.size();
+ return add_object(type_tag, class_tag, rep, rep_len);
+ }
+
+/*************************************************
+* Write the encoding of the octet(s) *
+*************************************************/
+DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag, ASN1_Tag class_tag,
+ const std::string& rep_str)
+ {
+ const byte* rep = (const byte*)rep_str.c_str();
+ const u32bit rep_len = rep_str.size();
+ return add_object(type_tag, class_tag, rep, rep_len);
+ }
+
+/*************************************************
+* Write the encoding of the octet *
+*************************************************/
+DER_Encoder& DER_Encoder::add_object(ASN1_Tag type_tag,
+ ASN1_Tag class_tag, byte rep)
+ {
+ return add_object(type_tag, class_tag, &rep, 1);
+ }
+
+/*************************************************
+* DER_Encoder Constructor *
+*************************************************/
+DER_Encoder::DER_Encoder()
+ {
+ sequence_level = 0;
+ }
+
+}
diff --git a/src/des.cpp b/src/des.cpp
new file mode 100644
index 000000000..9cbfe28aa
--- /dev/null
+++ b/src/des.cpp
@@ -0,0 +1,274 @@
+/*************************************************
+* DES Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/des.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* DES Encryption *
+*************************************************/
+void DES::enc(const byte in[], byte out[]) const
+ {
+ u32bit L = make_u32bit(in[0], in[1], in[2], in[3]),
+ R = make_u32bit(in[4], in[5], in[6], in[7]);
+
+ IP(L, R);
+ raw_encrypt(L, R);
+ FP(L, R);
+
+ out[0] = get_byte(0, R); out[1] = get_byte(1, R);
+ out[2] = get_byte(2, R); out[3] = get_byte(3, R);
+ out[4] = get_byte(0, L); out[5] = get_byte(1, L);
+ out[6] = get_byte(2, L); out[7] = get_byte(3, L);
+ }
+
+/*************************************************
+* DES Decryption *
+*************************************************/
+void DES::dec(const byte in[], byte out[]) const
+ {
+ u32bit L = make_u32bit(in[0], in[1], in[2], in[3]),
+ R = make_u32bit(in[4], in[5], in[6], in[7]);
+
+ IP(L, R);
+ raw_decrypt(L, R);
+ FP(L, R);
+
+ out[0] = get_byte(0, R); out[1] = get_byte(1, R);
+ out[2] = get_byte(2, R); out[3] = get_byte(3, R);
+ out[4] = get_byte(0, L); out[5] = get_byte(1, L);
+ out[6] = get_byte(2, L); out[7] = get_byte(3, L);
+ }
+
+/*************************************************
+* DES Initial Permutation *
+*************************************************/
+void DES::IP(u32bit& L, u32bit& R)
+ {
+ u64bit T = (IPTAB1[get_byte(0, L)] ) | (IPTAB1[get_byte(1, L)] << 1) |
+ (IPTAB1[get_byte(2, L)] << 2) | (IPTAB1[get_byte(3, L)] << 3) |
+ (IPTAB1[get_byte(0, R)] << 4) | (IPTAB1[get_byte(1, R)] << 5) |
+ (IPTAB1[get_byte(2, R)] << 6) | (IPTAB2[get_byte(3, R)] );
+ L = (u32bit)((T >> 32) & 0xFFFFFFFF);
+ R = (u32bit)((T ) & 0xFFFFFFFF);
+ }
+
+/*************************************************
+* DES Final Permutation *
+*************************************************/
+void DES::FP(u32bit& L, u32bit& R)
+ {
+ u64bit T = (FPTAB1[get_byte(0, L)] << 5) | (FPTAB1[get_byte(1, L)] << 3) |
+ (FPTAB1[get_byte(2, L)] << 1) | (FPTAB2[get_byte(3, L)] << 1) |
+ (FPTAB1[get_byte(0, R)] << 4) | (FPTAB1[get_byte(1, R)] << 2) |
+ (FPTAB1[get_byte(2, R)] ) | (FPTAB2[get_byte(3, R)] );
+ L = (u32bit)((T >> 32) & 0xFFFFFFFF);
+ R = (u32bit)((T ) & 0xFFFFFFFF);
+ }
+
+/*************************************************
+* DES Raw Encryption *
+*************************************************/
+void DES::raw_encrypt(u32bit& L, u32bit& R) const
+ {
+ for(u32bit j = 0; j != 16; j += 2)
+ {
+ u32bit T0, T1;
+
+ T0 = rotate_right(R, 4) ^ round_key[2*j];
+ T1 = R ^ round_key[2*j + 1];
+
+ L ^= SPBOX1[get_byte(0, T0)] ^ SPBOX2[get_byte(0, T1)] ^
+ SPBOX3[get_byte(1, T0)] ^ SPBOX4[get_byte(1, T1)] ^
+ SPBOX5[get_byte(2, T0)] ^ SPBOX6[get_byte(2, T1)] ^
+ SPBOX7[get_byte(3, T0)] ^ SPBOX8[get_byte(3, T1)];
+
+ T0 = rotate_right(L, 4) ^ round_key[2*j + 2];
+ T1 = L ^ round_key[2*j + 3];
+
+ R ^= SPBOX1[get_byte(0, T0)] ^ SPBOX2[get_byte(0, T1)] ^
+ SPBOX3[get_byte(1, T0)] ^ SPBOX4[get_byte(1, T1)] ^
+ SPBOX5[get_byte(2, T0)] ^ SPBOX6[get_byte(2, T1)] ^
+ SPBOX7[get_byte(3, T0)] ^ SPBOX8[get_byte(3, T1)];
+ }
+ }
+
+/*************************************************
+* DES Raw Decryption *
+*************************************************/
+void DES::raw_decrypt(u32bit& L, u32bit& R) const
+ {
+ for(u32bit j = 16; j != 0; j -= 2)
+ {
+ u32bit T0, T1;
+
+ T0 = rotate_right(R, 4) ^ round_key[2*j - 2];
+ T1 = R ^ round_key[2*j - 1];
+
+ L ^= SPBOX1[get_byte(0, T0)] ^ SPBOX2[get_byte(0, T1)] ^
+ SPBOX3[get_byte(1, T0)] ^ SPBOX4[get_byte(1, T1)] ^
+ SPBOX5[get_byte(2, T0)] ^ SPBOX6[get_byte(2, T1)] ^
+ SPBOX7[get_byte(3, T0)] ^ SPBOX8[get_byte(3, T1)];
+
+ T0 = rotate_right(L, 4) ^ round_key[2*j - 4];
+ T1 = L ^ round_key[2*j - 3];
+
+ R ^= SPBOX1[get_byte(0, T0)] ^ SPBOX2[get_byte(0, T1)] ^
+ SPBOX3[get_byte(1, T0)] ^ SPBOX4[get_byte(1, T1)] ^
+ SPBOX5[get_byte(2, T0)] ^ SPBOX6[get_byte(2, T1)] ^
+ SPBOX7[get_byte(3, T0)] ^ SPBOX8[get_byte(3, T1)];
+ }
+ }
+
+/*************************************************
+* DES Key Schedule *
+*************************************************/
+void DES::key(const byte key[], u32bit)
+ {
+ static const byte ROT[16] = { 1, 1, 2, 2, 2, 2, 2, 2,
+ 1, 2, 2, 2, 2, 2, 2, 1 };
+ u32bit C = ((key[7] & 0x80) << 20) | ((key[6] & 0x80) << 19) |
+ ((key[5] & 0x80) << 18) | ((key[4] & 0x80) << 17) |
+ ((key[3] & 0x80) << 16) | ((key[2] & 0x80) << 15) |
+ ((key[1] & 0x80) << 14) | ((key[0] & 0x80) << 13) |
+ ((key[7] & 0x40) << 13) | ((key[6] & 0x40) << 12) |
+ ((key[5] & 0x40) << 11) | ((key[4] & 0x40) << 10) |
+ ((key[3] & 0x40) << 9) | ((key[2] & 0x40) << 8) |
+ ((key[1] & 0x40) << 7) | ((key[0] & 0x40) << 6) |
+ ((key[7] & 0x20) << 6) | ((key[6] & 0x20) << 5) |
+ ((key[5] & 0x20) << 4) | ((key[4] & 0x20) << 3) |
+ ((key[3] & 0x20) << 2) | ((key[2] & 0x20) << 1) |
+ ((key[1] & 0x20) ) | ((key[0] & 0x20) >> 1) |
+ ((key[7] & 0x10) >> 1) | ((key[6] & 0x10) >> 2) |
+ ((key[5] & 0x10) >> 3) | ((key[4] & 0x10) >> 4);
+ u32bit D = ((key[7] & 0x02) << 26) | ((key[6] & 0x02) << 25) |
+ ((key[5] & 0x02) << 24) | ((key[4] & 0x02) << 23) |
+ ((key[3] & 0x02) << 22) | ((key[2] & 0x02) << 21) |
+ ((key[1] & 0x02) << 20) | ((key[0] & 0x02) << 19) |
+ ((key[7] & 0x04) << 17) | ((key[6] & 0x04) << 16) |
+ ((key[5] & 0x04) << 15) | ((key[4] & 0x04) << 14) |
+ ((key[3] & 0x04) << 13) | ((key[2] & 0x04) << 12) |
+ ((key[1] & 0x04) << 11) | ((key[0] & 0x04) << 10) |
+ ((key[7] & 0x08) << 8) | ((key[6] & 0x08) << 7) |
+ ((key[5] & 0x08) << 6) | ((key[4] & 0x08) << 5) |
+ ((key[3] & 0x08) << 4) | ((key[2] & 0x08) << 3) |
+ ((key[1] & 0x08) << 2) | ((key[0] & 0x08) << 1) |
+ ((key[3] & 0x10) >> 1) | ((key[2] & 0x10) >> 2) |
+ ((key[1] & 0x10) >> 3) | ((key[0] & 0x10) >> 4);
+ for(u32bit j = 0; j != 16; ++j)
+ {
+ C = ((C << ROT[j]) | (C >> (28-ROT[j]))) & 0x0FFFFFFF;
+ D = ((D << ROT[j]) | (D >> (28-ROT[j]))) & 0x0FFFFFFF;
+ round_key[2*j ] = ((C & 0x00000010) << 22) | ((C & 0x00000800) << 17) |
+ ((C & 0x00000020) << 16) | ((C & 0x00004004) << 15) |
+ ((C & 0x00000200) << 11) | ((C & 0x00020000) << 10) |
+ ((C & 0x01000000) >> 6) | ((C & 0x00100000) >> 4) |
+ ((C & 0x00010000) << 3) | ((C & 0x08000000) >> 2) |
+ ((C & 0x00800000) << 1) | ((D & 0x00000010) << 8) |
+ ((D & 0x00000002) << 7) | ((D & 0x00000001) << 2) |
+ ((D & 0x00000200) ) | ((D & 0x00008000) >> 2) |
+ ((D & 0x00000088) >> 3) | ((D & 0x00001000) >> 7) |
+ ((D & 0x00080000) >> 9) | ((D & 0x02020000) >> 14) |
+ ((D & 0x00400000) >> 21);
+ round_key[2*j+1] = ((C & 0x00000001) << 28) | ((C & 0x00000082) << 18) |
+ ((C & 0x00002000) << 14) | ((C & 0x00000100) << 10) |
+ ((C & 0x00001000) << 9) | ((C & 0x00040000) << 6) |
+ ((C & 0x02400000) << 4) | ((C & 0x00008000) << 2) |
+ ((C & 0x00200000) >> 1) | ((C & 0x04000000) >> 10) |
+ ((D & 0x00000020) << 6) | ((D & 0x00000100) ) |
+ ((D & 0x00000800) >> 1) | ((D & 0x00000040) >> 3) |
+ ((D & 0x00010000) >> 4) | ((D & 0x00000400) >> 5) |
+ ((D & 0x00004000) >> 10) | ((D & 0x04000000) >> 13) |
+ ((D & 0x00800000) >> 14) | ((D & 0x00100000) >> 18) |
+ ((D & 0x01000000) >> 24) | ((D & 0x08000000) >> 26);
+ }
+ }
+
+/*************************************************
+* TripleDES Encryption *
+*************************************************/
+void TripleDES::enc(const byte in[], byte out[]) const
+ {
+ u32bit L = make_u32bit(in[0], in[1], in[2], in[3]),
+ R = make_u32bit(in[4], in[5], in[6], in[7]);
+
+ DES::IP(L, R);
+ des1.raw_encrypt(L, R);
+ des2.raw_decrypt(R, L);
+ des3.raw_encrypt(L, R);
+ DES::FP(L, R);
+
+ out[0] = get_byte(0, R); out[1] = get_byte(1, R);
+ out[2] = get_byte(2, R); out[3] = get_byte(3, R);
+ out[4] = get_byte(0, L); out[5] = get_byte(1, L);
+ out[6] = get_byte(2, L); out[7] = get_byte(3, L);
+ }
+
+/*************************************************
+* TripleDES Decryption *
+*************************************************/
+void TripleDES::dec(const byte in[], byte out[]) const
+ {
+ u32bit L = make_u32bit(in[0], in[1], in[2], in[3]),
+ R = make_u32bit(in[4], in[5], in[6], in[7]);
+
+ DES::IP(L, R);
+ des3.raw_decrypt(L, R);
+ des2.raw_encrypt(R, L);
+ des1.raw_decrypt(L, R);
+ DES::FP(L, R);
+
+ out[0] = get_byte(0, R); out[1] = get_byte(1, R);
+ out[2] = get_byte(2, R); out[3] = get_byte(3, R);
+ out[4] = get_byte(0, L); out[5] = get_byte(1, L);
+ out[6] = get_byte(2, L); out[7] = get_byte(3, L);
+ }
+
+/*************************************************
+* TripleDES Key Schedule *
+*************************************************/
+void TripleDES::key(const byte key[], u32bit length)
+ {
+ des1.set_key(key, 8);
+ des2.set_key(key + 8, 8);
+ if(length == 24)
+ des3.set_key(key + 16, 8);
+ else
+ des3.set_key(key, 8);
+ }
+
+/*************************************************
+* DESX Encryption *
+*************************************************/
+void DESX::enc(const byte in[], byte out[]) const
+ {
+ xor_buf(out, in, K1.begin(), BLOCK_SIZE);
+ des.encrypt(out);
+ xor_buf(out, K2.begin(), BLOCK_SIZE);
+ }
+
+/*************************************************
+* DESX Decryption *
+*************************************************/
+void DESX::dec(const byte in[], byte out[]) const
+ {
+ xor_buf(out, in, K2.begin(), BLOCK_SIZE);
+ des.decrypt(out);
+ xor_buf(out, K1.begin(), BLOCK_SIZE);
+ }
+
+/*************************************************
+* DESX Key Schedule *
+*************************************************/
+void DESX::key(const byte key[], u32bit)
+ {
+ K1.copy(key, 8);
+ des.set_key(key + 8, 8);
+ K2.copy(key + 16, 8);
+ }
+
+}
diff --git a/src/des_tab.cpp b/src/des_tab.cpp
new file mode 100644
index 000000000..1f9c9a194
--- /dev/null
+++ b/src/des_tab.cpp
@@ -0,0 +1,634 @@
+/*************************************************
+* Substitution/Permutation Tables for DES *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/des.h>
+
+namespace Botan {
+
+const u32bit DES::SPBOX1[256] = {
+ 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404,
+ 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400,
+ 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400,
+ 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
+ 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404,
+ 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000,
+ 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000,
+ 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
+ 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404,
+ 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000,
+ 0x00010004, 0x00010400, 0x00000000, 0x01010004, 0x01010400, 0x00000000,
+ 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000,
+ 0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004,
+ 0x01000000, 0x00000004, 0x00000404, 0x01000400, 0x01000400, 0x00010400,
+ 0x00010400, 0x01010000, 0x01010000, 0x01000404, 0x00010004, 0x01000004,
+ 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000,
+ 0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000,
+ 0x01000000, 0x00000400, 0x01010004, 0x00010000, 0x00010400, 0x01000004,
+ 0x00000400, 0x00000004, 0x01000404, 0x00010404, 0x01010404, 0x00010004,
+ 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400,
+ 0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400,
+ 0x00000000, 0x01010004, 0x01010400, 0x00000000, 0x00010000, 0x01010404,
+ 0x01010004, 0x00010404, 0x00000004, 0x00010000, 0x00000400, 0x01010400,
+ 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004,
+ 0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000,
+ 0x01010000, 0x01000404, 0x00010004, 0x01000004, 0x01000004, 0x00010004,
+ 0x00000000, 0x00000404, 0x00010404, 0x01000000, 0x00010000, 0x01010404,
+ 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400,
+ 0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004,
+ 0x01000404, 0x00010404, 0x01010404, 0x00010004, 0x01010000, 0x01000404,
+ 0x01000004, 0x00000404, 0x00010404, 0x01010400, 0x00000404, 0x01000400,
+ 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004,
+ 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404,
+ 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400,
+ 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400,
+ 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404,
+ 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404,
+ 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000,
+ 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000,
+ 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404,
+ 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404,
+ 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000,
+ 0x00010004, 0x00010400, 0x00000000, 0x01010004 };
+
+const u32bit DES::SPBOX2[256] = {
+ 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020,
+ 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000,
+ 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020,
+ 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
+ 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000,
+ 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000,
+ 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000,
+ 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
+ 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020,
+ 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020,
+ 0x80000000, 0x80100020, 0x80108020, 0x00108000, 0x80108020, 0x80008000,
+ 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020,
+ 0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000,
+ 0x00000020, 0x80100020, 0x00108000, 0x00100020, 0x80008020, 0x00000000,
+ 0x80000000, 0x00008000, 0x00108020, 0x80100000, 0x00100020, 0x80000020,
+ 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020,
+ 0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000,
+ 0x80108000, 0x00008000, 0x80100000, 0x80008000, 0x00000020, 0x80108020,
+ 0x00108020, 0x00000020, 0x00008000, 0x80000000, 0x00008020, 0x80108000,
+ 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020,
+ 0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020,
+ 0x80108020, 0x00108000, 0x80108020, 0x80008000, 0x00008000, 0x00108020,
+ 0x00100000, 0x00000020, 0x80100020, 0x80008020, 0x80000020, 0x80108020,
+ 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020,
+ 0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000,
+ 0x00108020, 0x80100000, 0x00100020, 0x80000020, 0x00000000, 0x00108000,
+ 0x00008020, 0x80108000, 0x80100000, 0x00008020, 0x00000000, 0x00108020,
+ 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000,
+ 0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020,
+ 0x00008000, 0x80000000, 0x00008020, 0x80108000, 0x00100000, 0x80000020,
+ 0x00100020, 0x80008020, 0x80000020, 0x00100020, 0x00108000, 0x00000000,
+ 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000,
+ 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020,
+ 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000,
+ 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020,
+ 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000,
+ 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000,
+ 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000,
+ 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000,
+ 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000,
+ 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020,
+ 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020,
+ 0x80000000, 0x80100020, 0x80108020, 0x00108000 };
+
+const u32bit DES::SPBOX3[256] = {
+ 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000,
+ 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000,
+ 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008,
+ 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
+ 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208,
+ 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208,
+ 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008,
+ 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
+ 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208,
+ 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000,
+ 0x00020208, 0x00000008, 0x08020008, 0x00020200, 0x00000208, 0x08020200,
+ 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200,
+ 0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008,
+ 0x08020000, 0x00000208, 0x08000000, 0x00000008, 0x08020200, 0x00000200,
+ 0x00020200, 0x08020000, 0x08020008, 0x00020208, 0x08000208, 0x00020200,
+ 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000,
+ 0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200,
+ 0x08000200, 0x00000000, 0x00000200, 0x00020008, 0x08020208, 0x08000200,
+ 0x08000008, 0x00000200, 0x00000000, 0x08020008, 0x08000208, 0x00020000,
+ 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008,
+ 0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008,
+ 0x08020008, 0x00020200, 0x00000208, 0x08020200, 0x00000000, 0x08020008,
+ 0x08000200, 0x00000000, 0x00020208, 0x08000200, 0x00020008, 0x08000008,
+ 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208,
+ 0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000,
+ 0x08020008, 0x00020208, 0x08000208, 0x00020200, 0x00020000, 0x08000208,
+ 0x00000008, 0x08020208, 0x00000200, 0x08000000, 0x08020200, 0x08000000,
+ 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000,
+ 0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200,
+ 0x00000000, 0x08020008, 0x08000208, 0x00020000, 0x08000000, 0x08020208,
+ 0x00000008, 0x00020208, 0x00020200, 0x08000008, 0x08020000, 0x08000208,
+ 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200,
+ 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000,
+ 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000,
+ 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008,
+ 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208,
+ 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208,
+ 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208,
+ 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008,
+ 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008,
+ 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208,
+ 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000,
+ 0x00020208, 0x00000008, 0x08020008, 0x00020200 };
+
+const u32bit DES::SPBOX4[256] = {
+ 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081,
+ 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081,
+ 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000,
+ 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
+ 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080,
+ 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081,
+ 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080,
+ 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
+ 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001,
+ 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001,
+ 0x00000080, 0x00800000, 0x00002000, 0x00802080, 0x00802001, 0x00002081,
+ 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001,
+ 0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000,
+ 0x00800080, 0x00800001, 0x00000001, 0x00002000, 0x00800000, 0x00802001,
+ 0x00000080, 0x00800000, 0x00002001, 0x00002080, 0x00800081, 0x00000001,
+ 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081,
+ 0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000,
+ 0x00000000, 0x00802000, 0x00002080, 0x00800080, 0x00800081, 0x00000001,
+ 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802081, 0x00000081,
+ 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081,
+ 0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000,
+ 0x00002000, 0x00802080, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
+ 0x00802080, 0x00800081, 0x00800001, 0x00002001, 0x00000000, 0x00802000,
+ 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001,
+ 0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000,
+ 0x00002001, 0x00002080, 0x00800081, 0x00000001, 0x00002080, 0x00800080,
+ 0x00002000, 0x00802080, 0x00802081, 0x00000081, 0x00800080, 0x00800001,
+ 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000,
+ 0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081,
+ 0x00002081, 0x00000080, 0x00802081, 0x00000081, 0x00000001, 0x00002000,
+ 0x00800001, 0x00002001, 0x00802080, 0x00800081, 0x00002001, 0x00002080,
+ 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080,
+ 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081,
+ 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081,
+ 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000,
+ 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080,
+ 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080,
+ 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081,
+ 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080,
+ 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080,
+ 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001,
+ 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001,
+ 0x00000080, 0x00800000, 0x00002000, 0x00802080 };
+
+const u32bit DES::SPBOX5[256] = {
+ 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100,
+ 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100,
+ 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000,
+ 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
+ 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000,
+ 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000,
+ 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000,
+ 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
+ 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000,
+ 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000,
+ 0x00000000, 0x40080000, 0x02080100, 0x40000100, 0x00000100, 0x02080100,
+ 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000,
+ 0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000,
+ 0x00080100, 0x40000000, 0x02000000, 0x40080000, 0x40080000, 0x00000000,
+ 0x40000100, 0x42080100, 0x42080100, 0x02000100, 0x42080000, 0x40000100,
+ 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100,
+ 0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000,
+ 0x42000100, 0x40080100, 0x02000100, 0x40000000, 0x42080000, 0x02080100,
+ 0x40080100, 0x00000100, 0x02000000, 0x42080000, 0x42080100, 0x00080100,
+ 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000,
+ 0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000,
+ 0x02080100, 0x40000100, 0x00000100, 0x02080100, 0x02080000, 0x42000100,
+ 0x00080000, 0x00000100, 0x40000000, 0x02080000, 0x40080100, 0x00080000,
+ 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000,
+ 0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100,
+ 0x42080100, 0x02000100, 0x42080000, 0x40000100, 0x00000000, 0x42000000,
+ 0x02080100, 0x02000000, 0x42000000, 0x00080100, 0x00080000, 0x42000100,
+ 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100,
+ 0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100,
+ 0x02000000, 0x42080000, 0x42080100, 0x00080100, 0x42000000, 0x42080100,
+ 0x02080000, 0x00000000, 0x40080000, 0x42000000, 0x00080100, 0x02000100,
+ 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100,
+ 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100,
+ 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100,
+ 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000,
+ 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100,
+ 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000,
+ 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000,
+ 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000,
+ 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000,
+ 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000,
+ 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000,
+ 0x00000000, 0x40080000, 0x02080100, 0x40000100 };
+
+const u32bit DES::SPBOX6[256] = {
+ 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010,
+ 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010,
+ 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010,
+ 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
+ 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000,
+ 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000,
+ 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000,
+ 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
+ 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000,
+ 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000,
+ 0x20404000, 0x20000000, 0x00400010, 0x20004010, 0x20000010, 0x20400000,
+ 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000,
+ 0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000,
+ 0x20000000, 0x00004010, 0x00000000, 0x00400010, 0x20004010, 0x00004000,
+ 0x00404000, 0x20004010, 0x00000010, 0x20400010, 0x20400010, 0x00000000,
+ 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000,
+ 0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000,
+ 0x00004010, 0x20000010, 0x00400000, 0x20004000, 0x20000000, 0x00004010,
+ 0x20000010, 0x20404010, 0x00404000, 0x20400000, 0x00404010, 0x20404000,
+ 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010,
+ 0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000,
+ 0x00400010, 0x20004010, 0x20000010, 0x20400000, 0x00004000, 0x20404010,
+ 0x20400000, 0x00000010, 0x20404010, 0x00400000, 0x20004000, 0x00404010,
+ 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010,
+ 0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010,
+ 0x00000010, 0x20400010, 0x20400010, 0x00000000, 0x00404010, 0x20404000,
+ 0x00004010, 0x00404000, 0x20404000, 0x20000000, 0x20004000, 0x00000010,
+ 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010,
+ 0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010,
+ 0x00404000, 0x20400000, 0x00404010, 0x20404000, 0x00000000, 0x20400010,
+ 0x00000010, 0x00004000, 0x20400000, 0x00404010, 0x00004000, 0x00400010,
+ 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010,
+ 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010,
+ 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010,
+ 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010,
+ 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010,
+ 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000,
+ 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000,
+ 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000,
+ 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000,
+ 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000,
+ 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000,
+ 0x20404000, 0x20000000, 0x00400010, 0x20004010 };
+
+const u32bit DES::SPBOX7[256] = {
+ 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802,
+ 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002,
+ 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802,
+ 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
+ 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002,
+ 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802,
+ 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000,
+ 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
+ 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000,
+ 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800,
+ 0x04000002, 0x04000800, 0x00000800, 0x00200002, 0x00200000, 0x04200002,
+ 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800,
+ 0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000,
+ 0x04200002, 0x00000802, 0x04000800, 0x00200802, 0x00200002, 0x04000800,
+ 0x04000002, 0x04200000, 0x04200800, 0x00200002, 0x04200000, 0x00000800,
+ 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800,
+ 0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002,
+ 0x04200002, 0x00000002, 0x00200002, 0x04000000, 0x04000800, 0x00200000,
+ 0x04200800, 0x00000802, 0x00200802, 0x04200800, 0x00000802, 0x04000002,
+ 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802,
+ 0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800,
+ 0x00000800, 0x00200002, 0x00200000, 0x04200002, 0x04000802, 0x00000000,
+ 0x00000800, 0x04000802, 0x00200802, 0x04200800, 0x04200802, 0x00200000,
+ 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802,
+ 0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000,
+ 0x04200800, 0x00200002, 0x04200000, 0x00000800, 0x00000802, 0x04200802,
+ 0x00200800, 0x00000002, 0x04000000, 0x00200800, 0x04000000, 0x00200800,
+ 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002,
+ 0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802,
+ 0x00200802, 0x04200800, 0x00000802, 0x04000002, 0x04200802, 0x04200000,
+ 0x00200800, 0x00000000, 0x00000002, 0x04200802, 0x00000000, 0x00200802,
+ 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002,
+ 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802,
+ 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002,
+ 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802,
+ 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002,
+ 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002,
+ 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802,
+ 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000,
+ 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800,
+ 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000,
+ 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800,
+ 0x04000002, 0x04000800, 0x00000800, 0x00200002 };
+
+const u32bit DES::SPBOX8[256] = {
+ 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040,
+ 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000,
+ 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040,
+ 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
+ 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000,
+ 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000,
+ 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040,
+ 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
+ 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000,
+ 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040,
+ 0x00001040, 0x00040040, 0x10000000, 0x10041000, 0x10001040, 0x00001000,
+ 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000,
+ 0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040,
+ 0x00001000, 0x00000040, 0x10040000, 0x10000040, 0x10001000, 0x00001040,
+ 0x00041000, 0x00040040, 0x10040040, 0x10041000, 0x00001040, 0x00000000,
+ 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000,
+ 0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040,
+ 0x00001000, 0x00041040, 0x10001000, 0x00000040, 0x10000040, 0x10040000,
+ 0x10040040, 0x10000000, 0x00040000, 0x10001040, 0x00000000, 0x10041040,
+ 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000,
+ 0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040,
+ 0x10000000, 0x10041000, 0x10001040, 0x00001000, 0x00040000, 0x10041040,
+ 0x10000000, 0x10001040, 0x00000040, 0x10000000, 0x00040040, 0x10040000,
+ 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040,
+ 0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040,
+ 0x10040040, 0x10041000, 0x00001040, 0x00000000, 0x00000000, 0x10040040,
+ 0x10000040, 0x10001000, 0x00041040, 0x00040000, 0x00041040, 0x00040000,
+ 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040,
+ 0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000,
+ 0x00040000, 0x10001040, 0x00000000, 0x10041040, 0x00040040, 0x10000040,
+ 0x10040000, 0x10001000, 0x10001040, 0x00000000, 0x10041040, 0x00041000,
+ 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000,
+ 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040,
+ 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000,
+ 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040,
+ 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000,
+ 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000,
+ 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000,
+ 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040,
+ 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040,
+ 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000,
+ 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040,
+ 0x00001040, 0x00040040, 0x10000000, 0x10041000 };
+
+const u64bit DES::IPTAB1[256] = {
+0x0000000000000000, 0x0000000200000000, 0x0000000000000002, 0x0000000200000002,
+0x0000020000000000, 0x0000020200000000, 0x0000020000000002, 0x0000020200000002,
+0x0000000000000200, 0x0000000200000200, 0x0000000000000202, 0x0000000200000202,
+0x0000020000000200, 0x0000020200000200, 0x0000020000000202, 0x0000020200000202,
+0x0002000000000000, 0x0002000200000000, 0x0002000000000002, 0x0002000200000002,
+0x0002020000000000, 0x0002020200000000, 0x0002020000000002, 0x0002020200000002,
+0x0002000000000200, 0x0002000200000200, 0x0002000000000202, 0x0002000200000202,
+0x0002020000000200, 0x0002020200000200, 0x0002020000000202, 0x0002020200000202,
+0x0000000000020000, 0x0000000200020000, 0x0000000000020002, 0x0000000200020002,
+0x0000020000020000, 0x0000020200020000, 0x0000020000020002, 0x0000020200020002,
+0x0000000000020200, 0x0000000200020200, 0x0000000000020202, 0x0000000200020202,
+0x0000020000020200, 0x0000020200020200, 0x0000020000020202, 0x0000020200020202,
+0x0002000000020000, 0x0002000200020000, 0x0002000000020002, 0x0002000200020002,
+0x0002020000020000, 0x0002020200020000, 0x0002020000020002, 0x0002020200020002,
+0x0002000000020200, 0x0002000200020200, 0x0002000000020202, 0x0002000200020202,
+0x0002020000020200, 0x0002020200020200, 0x0002020000020202, 0x0002020200020202,
+0x0200000000000000, 0x0200000200000000, 0x0200000000000002, 0x0200000200000002,
+0x0200020000000000, 0x0200020200000000, 0x0200020000000002, 0x0200020200000002,
+0x0200000000000200, 0x0200000200000200, 0x0200000000000202, 0x0200000200000202,
+0x0200020000000200, 0x0200020200000200, 0x0200020000000202, 0x0200020200000202,
+0x0202000000000000, 0x0202000200000000, 0x0202000000000002, 0x0202000200000002,
+0x0202020000000000, 0x0202020200000000, 0x0202020000000002, 0x0202020200000002,
+0x0202000000000200, 0x0202000200000200, 0x0202000000000202, 0x0202000200000202,
+0x0202020000000200, 0x0202020200000200, 0x0202020000000202, 0x0202020200000202,
+0x0200000000020000, 0x0200000200020000, 0x0200000000020002, 0x0200000200020002,
+0x0200020000020000, 0x0200020200020000, 0x0200020000020002, 0x0200020200020002,
+0x0200000000020200, 0x0200000200020200, 0x0200000000020202, 0x0200000200020202,
+0x0200020000020200, 0x0200020200020200, 0x0200020000020202, 0x0200020200020202,
+0x0202000000020000, 0x0202000200020000, 0x0202000000020002, 0x0202000200020002,
+0x0202020000020000, 0x0202020200020000, 0x0202020000020002, 0x0202020200020002,
+0x0202000000020200, 0x0202000200020200, 0x0202000000020202, 0x0202000200020202,
+0x0202020000020200, 0x0202020200020200, 0x0202020000020202, 0x0202020200020202,
+0x0000000002000000, 0x0000000202000000, 0x0000000002000002, 0x0000000202000002,
+0x0000020002000000, 0x0000020202000000, 0x0000020002000002, 0x0000020202000002,
+0x0000000002000200, 0x0000000202000200, 0x0000000002000202, 0x0000000202000202,
+0x0000020002000200, 0x0000020202000200, 0x0000020002000202, 0x0000020202000202,
+0x0002000002000000, 0x0002000202000000, 0x0002000002000002, 0x0002000202000002,
+0x0002020002000000, 0x0002020202000000, 0x0002020002000002, 0x0002020202000002,
+0x0002000002000200, 0x0002000202000200, 0x0002000002000202, 0x0002000202000202,
+0x0002020002000200, 0x0002020202000200, 0x0002020002000202, 0x0002020202000202,
+0x0000000002020000, 0x0000000202020000, 0x0000000002020002, 0x0000000202020002,
+0x0000020002020000, 0x0000020202020000, 0x0000020002020002, 0x0000020202020002,
+0x0000000002020200, 0x0000000202020200, 0x0000000002020202, 0x0000000202020202,
+0x0000020002020200, 0x0000020202020200, 0x0000020002020202, 0x0000020202020202,
+0x0002000002020000, 0x0002000202020000, 0x0002000002020002, 0x0002000202020002,
+0x0002020002020000, 0x0002020202020000, 0x0002020002020002, 0x0002020202020002,
+0x0002000002020200, 0x0002000202020200, 0x0002000002020202, 0x0002000202020202,
+0x0002020002020200, 0x0002020202020200, 0x0002020002020202, 0x0002020202020202,
+0x0200000002000000, 0x0200000202000000, 0x0200000002000002, 0x0200000202000002,
+0x0200020002000000, 0x0200020202000000, 0x0200020002000002, 0x0200020202000002,
+0x0200000002000200, 0x0200000202000200, 0x0200000002000202, 0x0200000202000202,
+0x0200020002000200, 0x0200020202000200, 0x0200020002000202, 0x0200020202000202,
+0x0202000002000000, 0x0202000202000000, 0x0202000002000002, 0x0202000202000002,
+0x0202020002000000, 0x0202020202000000, 0x0202020002000002, 0x0202020202000002,
+0x0202000002000200, 0x0202000202000200, 0x0202000002000202, 0x0202000202000202,
+0x0202020002000200, 0x0202020202000200, 0x0202020002000202, 0x0202020202000202,
+0x0200000002020000, 0x0200000202020000, 0x0200000002020002, 0x0200000202020002,
+0x0200020002020000, 0x0200020202020000, 0x0200020002020002, 0x0200020202020002,
+0x0200000002020200, 0x0200000202020200, 0x0200000002020202, 0x0200000202020202,
+0x0200020002020200, 0x0200020202020200, 0x0200020002020202, 0x0200020202020202,
+0x0202000002020000, 0x0202000202020000, 0x0202000002020002, 0x0202000202020002,
+0x0202020002020000, 0x0202020202020000, 0x0202020002020002, 0x0202020202020002,
+0x0202000002020200, 0x0202000202020200, 0x0202000002020202, 0x0202000202020202,
+0x0202020002020200, 0x0202020202020200, 0x0202020002020202, 0x0202020202020202 };
+
+const u64bit DES::IPTAB2[256] = {
+0x0000000000000000, 0x0000010000000000, 0x0000000000000100, 0x0000010000000100,
+0x0001000000000000, 0x0001010000000000, 0x0001000000000100, 0x0001010000000100,
+0x0000000000010000, 0x0000010000010000, 0x0000000000010100, 0x0000010000010100,
+0x0001000000010000, 0x0001010000010000, 0x0001000000010100, 0x0001010000010100,
+0x0100000000000000, 0x0100010000000000, 0x0100000000000100, 0x0100010000000100,
+0x0101000000000000, 0x0101010000000000, 0x0101000000000100, 0x0101010000000100,
+0x0100000000010000, 0x0100010000010000, 0x0100000000010100, 0x0100010000010100,
+0x0101000000010000, 0x0101010000010000, 0x0101000000010100, 0x0101010000010100,
+0x0000000001000000, 0x0000010001000000, 0x0000000001000100, 0x0000010001000100,
+0x0001000001000000, 0x0001010001000000, 0x0001000001000100, 0x0001010001000100,
+0x0000000001010000, 0x0000010001010000, 0x0000000001010100, 0x0000010001010100,
+0x0001000001010000, 0x0001010001010000, 0x0001000001010100, 0x0001010001010100,
+0x0100000001000000, 0x0100010001000000, 0x0100000001000100, 0x0100010001000100,
+0x0101000001000000, 0x0101010001000000, 0x0101000001000100, 0x0101010001000100,
+0x0100000001010000, 0x0100010001010000, 0x0100000001010100, 0x0100010001010100,
+0x0101000001010000, 0x0101010001010000, 0x0101000001010100, 0x0101010001010100,
+0x0000000100000000, 0x0000010100000000, 0x0000000100000100, 0x0000010100000100,
+0x0001000100000000, 0x0001010100000000, 0x0001000100000100, 0x0001010100000100,
+0x0000000100010000, 0x0000010100010000, 0x0000000100010100, 0x0000010100010100,
+0x0001000100010000, 0x0001010100010000, 0x0001000100010100, 0x0001010100010100,
+0x0100000100000000, 0x0100010100000000, 0x0100000100000100, 0x0100010100000100,
+0x0101000100000000, 0x0101010100000000, 0x0101000100000100, 0x0101010100000100,
+0x0100000100010000, 0x0100010100010000, 0x0100000100010100, 0x0100010100010100,
+0x0101000100010000, 0x0101010100010000, 0x0101000100010100, 0x0101010100010100,
+0x0000000101000000, 0x0000010101000000, 0x0000000101000100, 0x0000010101000100,
+0x0001000101000000, 0x0001010101000000, 0x0001000101000100, 0x0001010101000100,
+0x0000000101010000, 0x0000010101010000, 0x0000000101010100, 0x0000010101010100,
+0x0001000101010000, 0x0001010101010000, 0x0001000101010100, 0x0001010101010100,
+0x0100000101000000, 0x0100010101000000, 0x0100000101000100, 0x0100010101000100,
+0x0101000101000000, 0x0101010101000000, 0x0101000101000100, 0x0101010101000100,
+0x0100000101010000, 0x0100010101010000, 0x0100000101010100, 0x0100010101010100,
+0x0101000101010000, 0x0101010101010000, 0x0101000101010100, 0x0101010101010100,
+0x0000000000000001, 0x0000010000000001, 0x0000000000000101, 0x0000010000000101,
+0x0001000000000001, 0x0001010000000001, 0x0001000000000101, 0x0001010000000101,
+0x0000000000010001, 0x0000010000010001, 0x0000000000010101, 0x0000010000010101,
+0x0001000000010001, 0x0001010000010001, 0x0001000000010101, 0x0001010000010101,
+0x0100000000000001, 0x0100010000000001, 0x0100000000000101, 0x0100010000000101,
+0x0101000000000001, 0x0101010000000001, 0x0101000000000101, 0x0101010000000101,
+0x0100000000010001, 0x0100010000010001, 0x0100000000010101, 0x0100010000010101,
+0x0101000000010001, 0x0101010000010001, 0x0101000000010101, 0x0101010000010101,
+0x0000000001000001, 0x0000010001000001, 0x0000000001000101, 0x0000010001000101,
+0x0001000001000001, 0x0001010001000001, 0x0001000001000101, 0x0001010001000101,
+0x0000000001010001, 0x0000010001010001, 0x0000000001010101, 0x0000010001010101,
+0x0001000001010001, 0x0001010001010001, 0x0001000001010101, 0x0001010001010101,
+0x0100000001000001, 0x0100010001000001, 0x0100000001000101, 0x0100010001000101,
+0x0101000001000001, 0x0101010001000001, 0x0101000001000101, 0x0101010001000101,
+0x0100000001010001, 0x0100010001010001, 0x0100000001010101, 0x0100010001010101,
+0x0101000001010001, 0x0101010001010001, 0x0101000001010101, 0x0101010001010101,
+0x0000000100000001, 0x0000010100000001, 0x0000000100000101, 0x0000010100000101,
+0x0001000100000001, 0x0001010100000001, 0x0001000100000101, 0x0001010100000101,
+0x0000000100010001, 0x0000010100010001, 0x0000000100010101, 0x0000010100010101,
+0x0001000100010001, 0x0001010100010001, 0x0001000100010101, 0x0001010100010101,
+0x0100000100000001, 0x0100010100000001, 0x0100000100000101, 0x0100010100000101,
+0x0101000100000001, 0x0101010100000001, 0x0101000100000101, 0x0101010100000101,
+0x0100000100010001, 0x0100010100010001, 0x0100000100010101, 0x0100010100010101,
+0x0101000100010001, 0x0101010100010001, 0x0101000100010101, 0x0101010100010101,
+0x0000000101000001, 0x0000010101000001, 0x0000000101000101, 0x0000010101000101,
+0x0001000101000001, 0x0001010101000001, 0x0001000101000101, 0x0001010101000101,
+0x0000000101010001, 0x0000010101010001, 0x0000000101010101, 0x0000010101010101,
+0x0001000101010001, 0x0001010101010001, 0x0001000101010101, 0x0001010101010101,
+0x0100000101000001, 0x0100010101000001, 0x0100000101000101, 0x0100010101000101,
+0x0101000101000001, 0x0101010101000001, 0x0101000101000101, 0x0101010101000101,
+0x0100000101010001, 0x0100010101010001, 0x0100000101010101, 0x0100010101010101,
+0x0101000101010001, 0x0101010101010001, 0x0101000101010101, 0x0101010101010101 };
+
+const u64bit DES::FPTAB1[256] = {
+0x0000000000000000, 0x0000000100000000, 0x0000000004000000, 0x0000000104000000,
+0x0000000000040000, 0x0000000100040000, 0x0000000004040000, 0x0000000104040000,
+0x0000000000000400, 0x0000000100000400, 0x0000000004000400, 0x0000000104000400,
+0x0000000000040400, 0x0000000100040400, 0x0000000004040400, 0x0000000104040400,
+0x0000000000000004, 0x0000000100000004, 0x0000000004000004, 0x0000000104000004,
+0x0000000000040004, 0x0000000100040004, 0x0000000004040004, 0x0000000104040004,
+0x0000000000000404, 0x0000000100000404, 0x0000000004000404, 0x0000000104000404,
+0x0000000000040404, 0x0000000100040404, 0x0000000004040404, 0x0000000104040404,
+0x0400000000000000, 0x0400000100000000, 0x0400000004000000, 0x0400000104000000,
+0x0400000000040000, 0x0400000100040000, 0x0400000004040000, 0x0400000104040000,
+0x0400000000000400, 0x0400000100000400, 0x0400000004000400, 0x0400000104000400,
+0x0400000000040400, 0x0400000100040400, 0x0400000004040400, 0x0400000104040400,
+0x0400000000000004, 0x0400000100000004, 0x0400000004000004, 0x0400000104000004,
+0x0400000000040004, 0x0400000100040004, 0x0400000004040004, 0x0400000104040004,
+0x0400000000000404, 0x0400000100000404, 0x0400000004000404, 0x0400000104000404,
+0x0400000000040404, 0x0400000100040404, 0x0400000004040404, 0x0400000104040404,
+0x0004000000000000, 0x0004000100000000, 0x0004000004000000, 0x0004000104000000,
+0x0004000000040000, 0x0004000100040000, 0x0004000004040000, 0x0004000104040000,
+0x0004000000000400, 0x0004000100000400, 0x0004000004000400, 0x0004000104000400,
+0x0004000000040400, 0x0004000100040400, 0x0004000004040400, 0x0004000104040400,
+0x0004000000000004, 0x0004000100000004, 0x0004000004000004, 0x0004000104000004,
+0x0004000000040004, 0x0004000100040004, 0x0004000004040004, 0x0004000104040004,
+0x0004000000000404, 0x0004000100000404, 0x0004000004000404, 0x0004000104000404,
+0x0004000000040404, 0x0004000100040404, 0x0004000004040404, 0x0004000104040404,
+0x0404000000000000, 0x0404000100000000, 0x0404000004000000, 0x0404000104000000,
+0x0404000000040000, 0x0404000100040000, 0x0404000004040000, 0x0404000104040000,
+0x0404000000000400, 0x0404000100000400, 0x0404000004000400, 0x0404000104000400,
+0x0404000000040400, 0x0404000100040400, 0x0404000004040400, 0x0404000104040400,
+0x0404000000000004, 0x0404000100000004, 0x0404000004000004, 0x0404000104000004,
+0x0404000000040004, 0x0404000100040004, 0x0404000004040004, 0x0404000104040004,
+0x0404000000000404, 0x0404000100000404, 0x0404000004000404, 0x0404000104000404,
+0x0404000000040404, 0x0404000100040404, 0x0404000004040404, 0x0404000104040404,
+0x0000040000000000, 0x0000040100000000, 0x0000040004000000, 0x0000040104000000,
+0x0000040000040000, 0x0000040100040000, 0x0000040004040000, 0x0000040104040000,
+0x0000040000000400, 0x0000040100000400, 0x0000040004000400, 0x0000040104000400,
+0x0000040000040400, 0x0000040100040400, 0x0000040004040400, 0x0000040104040400,
+0x0000040000000004, 0x0000040100000004, 0x0000040004000004, 0x0000040104000004,
+0x0000040000040004, 0x0000040100040004, 0x0000040004040004, 0x0000040104040004,
+0x0000040000000404, 0x0000040100000404, 0x0000040004000404, 0x0000040104000404,
+0x0000040000040404, 0x0000040100040404, 0x0000040004040404, 0x0000040104040404,
+0x0400040000000000, 0x0400040100000000, 0x0400040004000000, 0x0400040104000000,
+0x0400040000040000, 0x0400040100040000, 0x0400040004040000, 0x0400040104040000,
+0x0400040000000400, 0x0400040100000400, 0x0400040004000400, 0x0400040104000400,
+0x0400040000040400, 0x0400040100040400, 0x0400040004040400, 0x0400040104040400,
+0x0400040000000004, 0x0400040100000004, 0x0400040004000004, 0x0400040104000004,
+0x0400040000040004, 0x0400040100040004, 0x0400040004040004, 0x0400040104040004,
+0x0400040000000404, 0x0400040100000404, 0x0400040004000404, 0x0400040104000404,
+0x0400040000040404, 0x0400040100040404, 0x0400040004040404, 0x0400040104040404,
+0x0004040000000000, 0x0004040100000000, 0x0004040004000000, 0x0004040104000000,
+0x0004040000040000, 0x0004040100040000, 0x0004040004040000, 0x0004040104040000,
+0x0004040000000400, 0x0004040100000400, 0x0004040004000400, 0x0004040104000400,
+0x0004040000040400, 0x0004040100040400, 0x0004040004040400, 0x0004040104040400,
+0x0004040000000004, 0x0004040100000004, 0x0004040004000004, 0x0004040104000004,
+0x0004040000040004, 0x0004040100040004, 0x0004040004040004, 0x0004040104040004,
+0x0004040000000404, 0x0004040100000404, 0x0004040004000404, 0x0004040104000404,
+0x0004040000040404, 0x0004040100040404, 0x0004040004040404, 0x0004040104040404,
+0x0404040000000000, 0x0404040100000000, 0x0404040004000000, 0x0404040104000000,
+0x0404040000040000, 0x0404040100040000, 0x0404040004040000, 0x0404040104040000,
+0x0404040000000400, 0x0404040100000400, 0x0404040004000400, 0x0404040104000400,
+0x0404040000040400, 0x0404040100040400, 0x0404040004040400, 0x0404040104040400,
+0x0404040000000004, 0x0404040100000004, 0x0404040004000004, 0x0404040104000004,
+0x0404040000040004, 0x0404040100040004, 0x0404040004040004, 0x0404040104040004,
+0x0404040000000404, 0x0404040100000404, 0x0404040004000404, 0x0404040104000404,
+0x0404040000040404, 0x0404040100040404, 0x0404040004040404, 0x0404040104040404 };
+
+const u64bit DES::FPTAB2[256] = {
+0x0000000000000000, 0x0000004000000000, 0x0000000001000000, 0x0000004001000000,
+0x0000000000010000, 0x0000004000010000, 0x0000000001010000, 0x0000004001010000,
+0x0000000000000100, 0x0000004000000100, 0x0000000001000100, 0x0000004001000100,
+0x0000000000010100, 0x0000004000010100, 0x0000000001010100, 0x0000004001010100,
+0x0000000000000001, 0x0000004000000001, 0x0000000001000001, 0x0000004001000001,
+0x0000000000010001, 0x0000004000010001, 0x0000000001010001, 0x0000004001010001,
+0x0000000000000101, 0x0000004000000101, 0x0000000001000101, 0x0000004001000101,
+0x0000000000010101, 0x0000004000010101, 0x0000000001010101, 0x0000004001010101,
+0x0100000000000000, 0x0100004000000000, 0x0100000001000000, 0x0100004001000000,
+0x0100000000010000, 0x0100004000010000, 0x0100000001010000, 0x0100004001010000,
+0x0100000000000100, 0x0100004000000100, 0x0100000001000100, 0x0100004001000100,
+0x0100000000010100, 0x0100004000010100, 0x0100000001010100, 0x0100004001010100,
+0x0100000000000001, 0x0100004000000001, 0x0100000001000001, 0x0100004001000001,
+0x0100000000010001, 0x0100004000010001, 0x0100000001010001, 0x0100004001010001,
+0x0100000000000101, 0x0100004000000101, 0x0100000001000101, 0x0100004001000101,
+0x0100000000010101, 0x0100004000010101, 0x0100000001010101, 0x0100004001010101,
+0x0001000000000000, 0x0001004000000000, 0x0001000001000000, 0x0001004001000000,
+0x0001000000010000, 0x0001004000010000, 0x0001000001010000, 0x0001004001010000,
+0x0001000000000100, 0x0001004000000100, 0x0001000001000100, 0x0001004001000100,
+0x0001000000010100, 0x0001004000010100, 0x0001000001010100, 0x0001004001010100,
+0x0001000000000001, 0x0001004000000001, 0x0001000001000001, 0x0001004001000001,
+0x0001000000010001, 0x0001004000010001, 0x0001000001010001, 0x0001004001010001,
+0x0001000000000101, 0x0001004000000101, 0x0001000001000101, 0x0001004001000101,
+0x0001000000010101, 0x0001004000010101, 0x0001000001010101, 0x0001004001010101,
+0x0101000000000000, 0x0101004000000000, 0x0101000001000000, 0x0101004001000000,
+0x0101000000010000, 0x0101004000010000, 0x0101000001010000, 0x0101004001010000,
+0x0101000000000100, 0x0101004000000100, 0x0101000001000100, 0x0101004001000100,
+0x0101000000010100, 0x0101004000010100, 0x0101000001010100, 0x0101004001010100,
+0x0101000000000001, 0x0101004000000001, 0x0101000001000001, 0x0101004001000001,
+0x0101000000010001, 0x0101004000010001, 0x0101000001010001, 0x0101004001010001,
+0x0101000000000101, 0x0101004000000101, 0x0101000001000101, 0x0101004001000101,
+0x0101000000010101, 0x0101004000010101, 0x0101000001010101, 0x0101004001010101,
+0x0000010000000000, 0x0000014000000000, 0x0000010001000000, 0x0000014001000000,
+0x0000010000010000, 0x0000014000010000, 0x0000010001010000, 0x0000014001010000,
+0x0000010000000100, 0x0000014000000100, 0x0000010001000100, 0x0000014001000100,
+0x0000010000010100, 0x0000014000010100, 0x0000010001010100, 0x0000014001010100,
+0x0000010000000001, 0x0000014000000001, 0x0000010001000001, 0x0000014001000001,
+0x0000010000010001, 0x0000014000010001, 0x0000010001010001, 0x0000014001010001,
+0x0000010000000101, 0x0000014000000101, 0x0000010001000101, 0x0000014001000101,
+0x0000010000010101, 0x0000014000010101, 0x0000010001010101, 0x0000014001010101,
+0x0100010000000000, 0x0100014000000000, 0x0100010001000000, 0x0100014001000000,
+0x0100010000010000, 0x0100014000010000, 0x0100010001010000, 0x0100014001010000,
+0x0100010000000100, 0x0100014000000100, 0x0100010001000100, 0x0100014001000100,
+0x0100010000010100, 0x0100014000010100, 0x0100010001010100, 0x0100014001010100,
+0x0100010000000001, 0x0100014000000001, 0x0100010001000001, 0x0100014001000001,
+0x0100010000010001, 0x0100014000010001, 0x0100010001010001, 0x0100014001010001,
+0x0100010000000101, 0x0100014000000101, 0x0100010001000101, 0x0100014001000101,
+0x0100010000010101, 0x0100014000010101, 0x0100010001010101, 0x0100014001010101,
+0x0001010000000000, 0x0001014000000000, 0x0001010001000000, 0x0001014001000000,
+0x0001010000010000, 0x0001014000010000, 0x0001010001010000, 0x0001014001010000,
+0x0001010000000100, 0x0001014000000100, 0x0001010001000100, 0x0001014001000100,
+0x0001010000010100, 0x0001014000010100, 0x0001010001010100, 0x0001014001010100,
+0x0001010000000001, 0x0001014000000001, 0x0001010001000001, 0x0001014001000001,
+0x0001010000010001, 0x0001014000010001, 0x0001010001010001, 0x0001014001010001,
+0x0001010000000101, 0x0001014000000101, 0x0001010001000101, 0x0001014001000101,
+0x0001010000010101, 0x0001014000010101, 0x0001010001010101, 0x0001014001010101,
+0x0101010000000000, 0x0101014000000000, 0x0101010001000000, 0x0101014001000000,
+0x0101010000010000, 0x0101014000010000, 0x0101010001010000, 0x0101014001010000,
+0x0101010000000100, 0x0101014000000100, 0x0101010001000100, 0x0101014001000100,
+0x0101010000010100, 0x0101014000010100, 0x0101010001010100, 0x0101014001010100,
+0x0101010000000001, 0x0101014000000001, 0x0101010001000001, 0x0101014001000001,
+0x0101010000010001, 0x0101014000010001, 0x0101010001010001, 0x0101014001010001,
+0x0101010000000101, 0x0101014000000101, 0x0101010001000101, 0x0101014001000101,
+0x0101010000010101, 0x0101014000010101, 0x0101010001010101, 0x0101014001010101 };
+
+}
diff --git a/src/dh.cpp b/src/dh.cpp
new file mode 100644
index 000000000..cdcd17e50
--- /dev/null
+++ b/src/dh.cpp
@@ -0,0 +1,112 @@
+/*************************************************
+* Diffie-Hellman Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/dh.h>
+#include <botan/numthry.h>
+#include <botan/util.h>
+
+namespace Botan {
+
+/*************************************************
+* DH_PublicKey Constructor *
+*************************************************/
+DH_PublicKey::DH_PublicKey(const DL_Group& grp, const BigInt& y1)
+ {
+ group = grp;
+ y = y1;
+ X509_load_hook();
+ }
+
+/*************************************************
+* Algorithm Specific X.509 Initialization Code *
+*************************************************/
+void DH_PublicKey::X509_load_hook()
+ {
+ check_loaded_public();
+ }
+
+/*************************************************
+* Return the public value for key agreement *
+*************************************************/
+MemoryVector<byte> DH_PublicKey::public_value() const
+ {
+ return BigInt::encode_1363(y, group_p().bytes());
+ }
+
+/*************************************************
+* Create a DH private key *
+*************************************************/
+DH_PrivateKey::DH_PrivateKey(const DL_Group& grp)
+ {
+ group = grp;
+
+ const BigInt& p = group_p();
+ x = random_integer(2 * dl_work_factor(p.bits()));
+
+ PKCS8_load_hook();
+ check_generated_private();
+ }
+
+/*************************************************
+* DH_PrivateKey Constructor *
+*************************************************/
+DH_PrivateKey::DH_PrivateKey(const DL_Group& grp, const BigInt& x1,
+ const BigInt& y1)
+ {
+ group = grp;
+ y = y1;
+ x = x1;
+
+ PKCS8_load_hook();
+ check_loaded_private();
+ }
+
+/*************************************************
+* Algorithm Specific PKCS #8 Initialization Code *
+*************************************************/
+void DH_PrivateKey::PKCS8_load_hook()
+ {
+ if(y == 0)
+ y = power_mod(group_g(), x, group_p());
+ core = DH_Core(group, x);
+ }
+
+/*************************************************
+* Return the public value for key agreement *
+*************************************************/
+MemoryVector<byte> DH_PrivateKey::public_value() const
+ {
+ return DH_PublicKey::public_value();
+ }
+
+/*************************************************
+* Derive a key *
+*************************************************/
+SecureVector<byte> DH_PrivateKey::derive_key(const byte w[],
+ u32bit w_len) const
+ {
+ return derive_key(BigInt::decode(w, w_len));
+ }
+
+/*************************************************
+* Derive a key *
+*************************************************/
+SecureVector<byte> DH_PrivateKey::derive_key(const DH_PublicKey& key) const
+ {
+ return derive_key(key.get_y());
+ }
+
+/*************************************************
+* Derive a key *
+*************************************************/
+SecureVector<byte> DH_PrivateKey::derive_key(const BigInt& w) const
+ {
+ const BigInt& p = group_p();
+ if(w <= 1 || w >= p-1)
+ throw Invalid_Argument(algo_name() + "::derive_key: Invalid key input");
+ return BigInt::encode_1363(core.agree(w), p.bytes());
+ }
+
+}
diff --git a/src/divide.cpp b/src/divide.cpp
new file mode 100644
index 000000000..043d6cb52
--- /dev/null
+++ b/src/divide.cpp
@@ -0,0 +1,104 @@
+/*************************************************
+* Division Algorithm Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/numthry.h>
+#include <botan/mp_core.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Handle signed operands, if necessary *
+*************************************************/
+void sign_fixup(const BigInt& x, const BigInt& y, BigInt& q, BigInt& r)
+ {
+ if(x.sign() == BigInt::Negative)
+ {
+ q.flip_sign();
+ if(r.is_nonzero()) { --q; r = y.abs() - r; }
+ }
+ if(y.sign() == BigInt::Negative)
+ q.flip_sign();
+ }
+
+}
+
+/*************************************************
+* Solve x = q * y + r *
+*************************************************/
+void divide(const BigInt& x, const BigInt& y_arg, BigInt& q, BigInt& r)
+ {
+ if(y_arg.is_zero())
+ throw BigInt::DivideByZero();
+
+ BigInt y = y_arg;
+ const u32bit y_words = y.sig_words();
+ r = x;
+
+ r.set_sign(BigInt::Positive);
+ y.set_sign(BigInt::Positive);
+
+ s32bit compare = r.cmp(y);
+
+ if(compare < 0)
+ q = 0;
+ else if(compare == 0)
+ {
+ q = 1;
+ r = 0;
+ }
+ else
+ {
+ u32bit shifts = 0;
+ word y_top = y[y.sig_words()-1];
+ while(y_top < MP_WORD_TOP_BIT) { y_top <<= 1; ++shifts; }
+ y <<= shifts;
+ r <<= shifts;
+
+ const u32bit n = r.sig_words() - 1, t = y_words - 1;
+
+ q.get_reg().create(n - t + 1);
+ if(n <= t)
+ {
+ while(r > y) { r -= y; q++; }
+ r >>= shifts;
+ sign_fixup(x, y_arg, q, r);
+ return;
+ }
+
+ BigInt temp = y << (MP_WORD_BITS * (n-t));
+
+ while(r >= temp) { r -= temp; ++q[n-t]; }
+
+ for(u32bit j = n; j != t; --j)
+ {
+ const word x_j0 = r.word_at(j);
+ const word x_j1 = r.word_at(j-1);
+ const word y_t = y.word_at(t);
+
+ if(x_j0 == y_t)
+ q[j-t-1] = MP_WORD_MAX;
+ else
+ q[j-t-1] = bigint_divop(x_j0, x_j1, y_t);
+
+ while(bigint_divcore(q[j-t-1], y_t, y.word_at(t-1),
+ x_j0, x_j1, r.word_at(j-2)))
+ --q[j-t-1];
+
+ r -= (q[j-t-1] * y) << (MP_WORD_BITS * (j-t-1));
+ if(r.is_negative())
+ {
+ r += y << (MP_WORD_BITS * (j-t-1));
+ --q[j-t-1];
+ }
+ }
+ r >>= shifts;
+ }
+
+ sign_fixup(x, y_arg, q, r);
+ }
+
+}
diff --git a/src/dl_algo.cpp b/src/dl_algo.cpp
new file mode 100644
index 000000000..e29696200
--- /dev/null
+++ b/src/dl_algo.cpp
@@ -0,0 +1,106 @@
+/*************************************************
+* DL Scheme Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/dl_algo.h>
+#include <botan/numthry.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
+
+namespace Botan {
+
+/*************************************************
+* Return the X.509 public key encoding *
+*************************************************/
+MemoryVector<byte> DL_Scheme_PublicKey::DER_encode_pub() const
+ {
+ DER_Encoder der;
+ der.encode(y);
+ return der.get_contents();
+ }
+
+/*************************************************
+* Return the X.509 parameters encoding *
+*************************************************/
+MemoryVector<byte> DL_Scheme_PublicKey::DER_encode_params() const
+ {
+ return group.DER_encode(group_format());
+ }
+
+/*************************************************
+* Decode X.509 public key encoding *
+*************************************************/
+void DL_Scheme_PublicKey::BER_decode_pub(DataSource& source)
+ {
+ BER_Decoder(source).decode(y);
+
+ if(y < 2 || y >= group_p())
+ throw Invalid_Argument(algo_name() + ": Invalid public key");
+ X509_load_hook();
+ }
+
+/*************************************************
+* Decode X.509 algorithm parameters *
+*************************************************/
+void DL_Scheme_PublicKey::BER_decode_params(DataSource& source)
+ {
+ group.BER_decode(source, group_format());
+ }
+
+/*************************************************
+* Return the PKCS #8 private key encoding *
+*************************************************/
+SecureVector<byte> DL_Scheme_PrivateKey::DER_encode_priv() const
+ {
+ DER_Encoder der;
+ der.encode(x);
+ return der.get_contents();
+ }
+
+/*************************************************
+* Decode a PKCS #8 private key encoding *
+*************************************************/
+void DL_Scheme_PrivateKey::BER_decode_priv(DataSource& source)
+ {
+ BER_Decoder(source).decode(x);
+
+ PKCS8_load_hook();
+ check_loaded_private();
+ }
+
+/*************************************************
+* Check Public DL Parameters *
+*************************************************/
+bool DL_Scheme_PublicKey::check_key(bool strong) const
+ {
+ if(y < 2 || y >= group_p())
+ return false;
+ if(!group.verify_group(strong))
+ return false;
+ return true;
+ }
+
+/*************************************************
+* Check DL Scheme Private Parameters *
+*************************************************/
+bool DL_Scheme_PrivateKey::check_key(bool strong) const
+ {
+ const BigInt& p = group_p();
+ const BigInt& g = group_g();
+
+ if(y < 2 || y >= p || x < 2 || x >= p)
+ return false;
+ if(!group.verify_group(strong))
+ return false;
+
+ if(!strong)
+ return true;
+
+ if(y != power_mod(g, x, p))
+ return false;
+
+ return true;
+ }
+
+}
diff --git a/src/dl_group.cpp b/src/dl_group.cpp
new file mode 100644
index 000000000..f54ceac22
--- /dev/null
+++ b/src/dl_group.cpp
@@ -0,0 +1,317 @@
+/*************************************************
+* Discrete Logarithm Parameters Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/dl_group.h>
+#include <botan/libstate.h>
+#include <botan/parsing.h>
+#include <botan/numthry.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
+#include <botan/pipe.h>
+#include <botan/util.h>
+#include <botan/pem.h>
+
+namespace Botan {
+
+/*************************************************
+* DL_Group Constructor *
+*************************************************/
+DL_Group::DL_Group()
+ {
+ initialized = false;
+ }
+
+/*************************************************
+* DL_Group Constructor *
+*************************************************/
+DL_Group::DL_Group(const std::string& type)
+ {
+ DataSource_Memory pem(global_state().get_option("dl", type));
+ PEM_decode(pem);
+ }
+
+/*************************************************
+* DL_Group Constructor *
+*************************************************/
+DL_Group::DL_Group(u32bit pbits, PrimeType type)
+ {
+ if(pbits < 512)
+ throw Invalid_Argument("DL_Group: prime size " + to_string(pbits) +
+ " is too small");
+
+ if(type == Strong)
+ {
+ p = random_safe_prime(pbits);
+ q = (p - 1) / 2;
+ g = 2;
+ }
+ else if(type == Prime_Subgroup || type == DSA_Kosherizer)
+ {
+ if(type == Prime_Subgroup)
+ {
+ const u32bit qbits = 2 * dl_work_factor(pbits);
+ q = random_prime(qbits);
+ BigInt X;
+ while(p.bits() != pbits || !is_prime(p))
+ {
+ X = random_integer(pbits);
+ p = X - (X % (2*q) - 1);
+ }
+ }
+ else
+ generate_dsa_primes(p, q, pbits);
+
+ g = make_dsa_generator(p, q);
+ }
+
+ initialized = true;
+ }
+
+/*************************************************
+* DL_Group Constructor *
+*************************************************/
+DL_Group::DL_Group(const MemoryRegion<byte>& seed, u32bit pbits, u32bit start)
+ {
+ if(!generate_dsa_primes(p, q, seed.begin(), seed.size(), pbits, start))
+ throw Invalid_Argument("DL_Group: The seed/counter given does not "
+ "generate a DSA group");
+
+ g = make_dsa_generator(p, q);
+
+ initialized = true;
+ }
+
+/*************************************************
+* DL_Group Constructor *
+*************************************************/
+DL_Group::DL_Group(const BigInt& p1, const BigInt& g1)
+ {
+ initialize(p1, 0, g1);
+ }
+
+/*************************************************
+* DL_Group Constructor *
+*************************************************/
+DL_Group::DL_Group(const BigInt& p1, const BigInt& q1, const BigInt& g1)
+ {
+ initialize(p1, q1, g1);
+ }
+
+/*************************************************
+* DL_Group Initializer *
+*************************************************/
+void DL_Group::initialize(const BigInt& p1, const BigInt& q1, const BigInt& g1)
+ {
+ if(p1 < 3)
+ throw Invalid_Argument("DL_Group: Prime invalid");
+ if(g1 < 2 || g1 >= p1)
+ throw Invalid_Argument("DL_Group: Generator invalid");
+ if(q1 < 0 || q1 >= p1)
+ throw Invalid_Argument("DL_Group: Subgroup invalid");
+
+ p = p1;
+ g = g1;
+ q = q1;
+
+ if(q == 0 && check_prime((p - 1) / 2))
+ q = (p - 1) / 2;
+
+ initialized = true;
+ }
+
+/*************************************************
+* Verify that the group has been set *
+*************************************************/
+void DL_Group::init_check() const
+ {
+ if(!initialized)
+ throw Invalid_State("DLP group cannot be used uninitialized");
+ }
+
+/*************************************************
+* Verify the parameters *
+*************************************************/
+bool DL_Group::verify_group(bool strong) const
+ {
+ init_check();
+
+ if(g < 2 || p < 3 || q < 0)
+ return false;
+ if((q != 0) && ((p - 1) % q != 0))
+ return false;
+
+ if(!strong)
+ return true;
+
+ if(!check_prime(p))
+ return false;
+ if((q > 0) && !check_prime(q))
+ return false;
+ return true;
+ }
+
+/*************************************************
+* Return the prime *
+*************************************************/
+const BigInt& DL_Group::get_p() const
+ {
+ init_check();
+ return p;
+ }
+
+/*************************************************
+* Return the generator *
+*************************************************/
+const BigInt& DL_Group::get_g() const
+ {
+ init_check();
+ return g;
+ }
+
+/*************************************************
+* Return the subgroup *
+*************************************************/
+const BigInt& DL_Group::get_q() const
+ {
+ init_check();
+ if(q == 0)
+ throw Format_Error("DLP group has no q prime specified");
+ return q;
+ }
+
+/*************************************************
+* DER encode the parameters *
+*************************************************/
+SecureVector<byte> DL_Group::DER_encode(Format format) const
+ {
+ init_check();
+
+ if((q == 0) && (format != PKCS_3))
+ throw Encoding_Error("The ANSI DL parameter formats require a subgroup");
+
+ if(format == ANSI_X9_57)
+ {
+ return DER_Encoder()
+ .start_sequence()
+ .encode(p)
+ .encode(q)
+ .encode(g)
+ .end_sequence()
+ .get_contents();
+ }
+ else if(format == ANSI_X9_42)
+ {
+ return DER_Encoder()
+ .start_sequence()
+ .encode(p)
+ .encode(g)
+ .encode(q)
+ .end_sequence()
+ .get_contents();
+ }
+ else if(format == PKCS_3)
+ {
+ return DER_Encoder()
+ .start_sequence()
+ .encode(p)
+ .encode(g)
+ .end_sequence()
+ .get_contents();
+ }
+
+ throw Invalid_Argument("Unknown DL_Group encoding " + to_string(format));
+ }
+
+/*************************************************
+* PEM encode the parameters *
+*************************************************/
+std::string DL_Group::PEM_encode(Format format) const
+ {
+ SecureVector<byte> encoding = DER_encode(format);
+ if(format == PKCS_3)
+ return PEM_Code::encode(encoding, "DH PARAMETERS");
+ else if(format == ANSI_X9_57)
+ return PEM_Code::encode(encoding, "DSA PARAMETERS");
+ else if(format == ANSI_X9_42)
+ return PEM_Code::encode(encoding, "X942 DH PARAMETERS");
+ else
+ throw Invalid_Argument("Unknown DL_Group encoding " + to_string(format));
+ }
+
+/*************************************************
+* Decode BER encoded parameters *
+*************************************************/
+void DL_Group::BER_decode(DataSource& source, Format format)
+ {
+ BigInt new_p, new_q, new_g;
+
+ BER_Decoder decoder(source);
+ BER_Decoder ber = BER::get_subsequence(decoder);
+
+ if(format == ANSI_X9_57)
+ {
+ ber.decode(new_p)
+ .decode(new_q)
+ .decode(new_g)
+ .verify_end();
+ }
+ else if(format == ANSI_X9_42)
+ {
+ ber.decode(new_p)
+ .decode(new_g)
+ .decode(new_q)
+ .discard_remaining();
+ }
+ else if(format == PKCS_3)
+ {
+ ber.decode(new_p)
+ .decode(new_g)
+ .discard_remaining();
+ }
+ else
+ throw Invalid_Argument("Unknown DL_Group encoding " + to_string(format));
+
+ initialize(new_p, new_q, new_g);
+ }
+
+/*************************************************
+* Decode PEM encoded parameters *
+*************************************************/
+void DL_Group::PEM_decode(DataSource& source)
+ {
+ std::string label;
+ DataSource_Memory ber(PEM_Code::decode(source, label));
+
+ if(label == "DH PARAMETERS")
+ BER_decode(ber, PKCS_3);
+ else if(label == "DSA PARAMETERS")
+ BER_decode(ber, ANSI_X9_57);
+ else if(label == "X942 DH PARAMETERS")
+ BER_decode(ber, ANSI_X9_42);
+ else
+ throw Decoding_Error("DL_Group: Invalid PEM label " + label);
+ }
+
+/*************************************************
+* Create a random DSA-style generator *
+*************************************************/
+BigInt DL_Group::make_dsa_generator(const BigInt& p, const BigInt& q)
+ {
+ BigInt g, e = (p - 1) / q;
+
+ for(u32bit j = 0; j != PRIME_TABLE_SIZE; ++j)
+ {
+ g = power_mod(PRIMES[j], e, p);
+ if(g != 1)
+ break;
+ }
+
+ if(g == 1)
+ throw Exception("DL_Group: Couldn't create a suitable generator");
+
+ return g;
+ }
+
+}
diff --git a/src/dlies.cpp b/src/dlies.cpp
new file mode 100644
index 000000000..c9f7c6950
--- /dev/null
+++ b/src/dlies.cpp
@@ -0,0 +1,128 @@
+/*************************************************
+* DLIES Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/dlies.h>
+#include <botan/lookup.h>
+#include <botan/look_pk.h>
+#include <botan/bit_ops.h>
+#include <memory>
+
+namespace Botan {
+
+/*************************************************
+* DLIES_Encryptor Constructor *
+*************************************************/
+DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& k,
+ const std::string& kdf,
+ const std::string& mac, u32bit mk_len) :
+ key(k), kdf_algo(kdf), mac_algo(mac), MAC_KEYLEN(mk_len)
+ {
+ }
+
+/*************************************************
+* DLIES Encryption *
+*************************************************/
+SecureVector<byte> DLIES_Encryptor::enc(const byte in[], u32bit length) const
+ {
+ if(length > maximum_input_size())
+ throw Invalid_Argument("DLIES: Plaintext too large");
+ if(other_key.is_empty())
+ throw Invalid_State("DLIES: The other key was never set");
+
+ std::auto_ptr<KDF> kdf(get_kdf(kdf_algo));
+ std::auto_ptr<MessageAuthenticationCode> mac(get_mac(mac_algo));
+
+ MemoryVector<byte> v = key.public_value();
+
+ SecureVector<byte> out(v.size() + length + mac->OUTPUT_LENGTH);
+ out.copy(v, v.size());
+ out.copy(v.size(), in, length);
+
+ SecureVector<byte> vz(v, key.derive_key(other_key, other_key.size()));
+
+ const u32bit K_LENGTH = length + MAC_KEYLEN;
+ OctetString K = kdf->derive_key(K_LENGTH, vz, vz.size());
+ if(K.length() != K_LENGTH)
+ throw Encoding_Error("DLIES: KDF did not provide sufficient output");
+ byte* C = out + v.size();
+
+ xor_buf(C, K.begin() + MAC_KEYLEN, length);
+ mac->set_key(K.begin(), MAC_KEYLEN);
+
+ mac->update(C, length);
+ for(u32bit j = 0; j != 8; ++j)
+ mac->update(0);
+
+ mac->final(C + length);
+
+ return out;
+ }
+
+/*************************************************
+* Set the other parties public key *
+*************************************************/
+void DLIES_Encryptor::set_other_key(const MemoryRegion<byte>& ok)
+ {
+ other_key = ok;
+ }
+
+/*************************************************
+* Return the max size, in bytes, of a message *
+*************************************************/
+u32bit DLIES_Encryptor::maximum_input_size() const
+ {
+ return 32;
+ }
+
+/*************************************************
+* DLIES_Decryptor Constructor *
+*************************************************/
+DLIES_Decryptor::DLIES_Decryptor(const PK_Key_Agreement_Key& k,
+ const std::string& kdf,
+ const std::string& mac, u32bit mk_len) :
+ key(k), kdf_algo(kdf), mac_algo(mac),
+ MAC_KEYLEN(mk_len), PUBLIC_LEN(key.public_value().size())
+ {
+ }
+
+/*************************************************
+* DLIES Decryption *
+*************************************************/
+SecureVector<byte> DLIES_Decryptor::dec(const byte msg[], u32bit length) const
+ {
+ std::auto_ptr<MessageAuthenticationCode> mac(get_mac(mac_algo));
+
+ if(length < PUBLIC_LEN + mac->OUTPUT_LENGTH)
+ throw Decoding_Error("DLIES decryption: ciphertext is too short");
+
+ std::auto_ptr<KDF> kdf(get_kdf(kdf_algo));
+
+ const u32bit CIPHER_LEN = length - PUBLIC_LEN - mac->OUTPUT_LENGTH;
+
+ SecureVector<byte> v(msg, PUBLIC_LEN);
+ SecureVector<byte> C(msg + PUBLIC_LEN, CIPHER_LEN);
+ SecureVector<byte> T(msg + PUBLIC_LEN + CIPHER_LEN, mac->OUTPUT_LENGTH);
+
+ SecureVector<byte> vz(v, key.derive_key(v, v.size()));
+
+ const u32bit K_LENGTH = C.size() + MAC_KEYLEN;
+ OctetString K = kdf->derive_key(K_LENGTH, vz, vz.size());
+ if(K.length() != K_LENGTH)
+ throw Encoding_Error("DLIES: KDF did not provide sufficient output");
+
+ mac->set_key(K.begin(), MAC_KEYLEN);
+ mac->update(C);
+ for(u32bit j = 0; j != 8; ++j)
+ mac->update(0);
+ SecureVector<byte> T2 = mac->final();
+ if(T != T2)
+ throw Integrity_Failure("DLIES: message authentication failed");
+
+ xor_buf(C, K.begin() + MAC_KEYLEN, C.size());
+
+ return C;
+ }
+
+}
diff --git a/src/dsa.cpp b/src/dsa.cpp
new file mode 100644
index 000000000..d3fc9107a
--- /dev/null
+++ b/src/dsa.cpp
@@ -0,0 +1,131 @@
+/*************************************************
+* DSA Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/dsa.h>
+#include <botan/numthry.h>
+#include <botan/keypair.h>
+
+namespace Botan {
+
+/*************************************************
+* DSA_PublicKey Constructor *
+*************************************************/
+DSA_PublicKey::DSA_PublicKey(const DL_Group& grp, const BigInt& y1)
+ {
+ group = grp;
+ y = y1;
+ X509_load_hook();
+ }
+
+/*************************************************
+* Algorithm Specific X.509 Initialization Code *
+*************************************************/
+void DSA_PublicKey::X509_load_hook()
+ {
+ core = DSA_Core(group, y);
+ check_loaded_public();
+ }
+
+/*************************************************
+* DSA Verification Function *
+*************************************************/
+bool DSA_PublicKey::verify(const byte msg[], u32bit msg_len,
+ const byte sig[], u32bit sig_len) const
+ {
+ return core.verify(msg, msg_len, sig, sig_len);
+ }
+
+/*************************************************
+* Return the maximum input size in bits *
+*************************************************/
+u32bit DSA_PublicKey::max_input_bits() const
+ {
+ return group_q().bits();
+ }
+
+/*************************************************
+* Return the size of each portion of the sig *
+*************************************************/
+u32bit DSA_PublicKey::message_part_size() const
+ {
+ return group_q().bytes();
+ }
+
+/*************************************************
+* Create a DSA private key *
+*************************************************/
+DSA_PrivateKey::DSA_PrivateKey(const DL_Group& grp)
+ {
+ group = grp;
+ x = random_integer(2, group_q() - 1);
+
+ PKCS8_load_hook();
+ check_generated_private();
+ }
+
+/*************************************************
+* DSA_PrivateKey Constructor *
+*************************************************/
+DSA_PrivateKey::DSA_PrivateKey(const DL_Group& grp, const BigInt& x1,
+ const BigInt& y1)
+ {
+ group = grp;
+ y = y1;
+ x = x1;
+
+ PKCS8_load_hook();
+ check_loaded_private();
+ }
+
+/*************************************************
+* Algorithm Specific PKCS #8 Initialization Code *
+*************************************************/
+void DSA_PrivateKey::PKCS8_load_hook()
+ {
+ if(y == 0)
+ y = power_mod(group_g(), x, group_p());
+ core = DSA_Core(group, y, x);
+ }
+
+/*************************************************
+* DSA Signature Operation *
+*************************************************/
+SecureVector<byte> DSA_PrivateKey::sign(const byte in[], u32bit length) const
+ {
+ const BigInt& q = group_q();
+
+ BigInt k;
+ do
+ k.randomize(q.bits());
+ while(k >= q);
+
+ return core.sign(in, length, k);
+ }
+
+/*************************************************
+* Check Private DSA Parameters *
+*************************************************/
+bool DSA_PrivateKey::check_key(bool strong) const
+ {
+ if(!DL_Scheme_PrivateKey::check_key(strong) || x >= group_q())
+ return false;
+
+ if(!strong)
+ return true;
+
+ try {
+ KeyPair::check_key(get_pk_signer(*this, "EMSA1(SHA-1)"),
+ get_pk_verifier(*this, "EMSA1(SHA-1)")
+ );
+ }
+ catch(Self_Test_Failure)
+ {
+ return false;
+ }
+
+ return true;
+ }
+
+}
diff --git a/src/eax.cpp b/src/eax.cpp
new file mode 100644
index 000000000..8c01c76de
--- /dev/null
+++ b/src/eax.cpp
@@ -0,0 +1,306 @@
+/*************************************************
+* EAX Mode Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/eax.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+#include <botan/parsing.h>
+#include <algorithm>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* EAX MAC-based PRF *
+*************************************************/
+SecureVector<byte> eax_prf(byte tag, u32bit BLOCK_SIZE,
+ MessageAuthenticationCode* mac,
+ const byte in[], u32bit length)
+ {
+ for(u32bit j = 0; j != BLOCK_SIZE - 1; ++j)
+ mac->update(0);
+ mac->update(tag);
+ mac->update(in, length);
+ return mac->final();
+ }
+
+}
+
+/*************************************************
+* EAX_Base Constructor *
+*************************************************/
+EAX_Base::EAX_Base(const std::string& cipher_name,
+ u32bit tag_size) :
+ TAG_SIZE(tag_size ? tag_size / 8 : block_size_of(cipher_name)),
+ BLOCK_SIZE(block_size_of(cipher_name))
+ {
+ const std::string mac_name = "CMAC(" + cipher_name + ")";
+
+ cipher = get_block_cipher(cipher_name);
+ mac = get_mac(mac_name);
+
+ if(tag_size % 8 != 0 || TAG_SIZE == 0 || TAG_SIZE > mac->OUTPUT_LENGTH)
+ throw Invalid_Argument(name() + ": Bad tag size " + to_string(tag_size));
+
+ state.create(BLOCK_SIZE);
+ buffer.create(BLOCK_SIZE);
+ position = 0;
+ }
+
+/*************************************************
+* Check if a keylength is valid for EAX *
+*************************************************/
+bool EAX_Base::valid_keylength(u32bit n) const
+ {
+ if(!cipher->valid_keylength(n))
+ return false;
+ if(!mac->valid_keylength(n))
+ return false;
+ return true;
+ }
+
+/*************************************************
+* Set the EAX key *
+*************************************************/
+void EAX_Base::set_key(const SymmetricKey& key)
+ {
+ cipher->set_key(key);
+ mac->set_key(key);
+ header_mac = eax_prf(1, BLOCK_SIZE, mac, 0, 0);
+ }
+
+/*************************************************
+* Do setup at the start of each message *
+*************************************************/
+void EAX_Base::start_msg()
+ {
+ for(u32bit j = 0; j != BLOCK_SIZE - 1; ++j)
+ mac->update(0);
+ mac->update(2);
+ }
+
+/*************************************************
+* Set the EAX nonce *
+*************************************************/
+void EAX_Base::set_iv(const InitializationVector& iv)
+ {
+ nonce_mac = eax_prf(0, BLOCK_SIZE, mac, iv.begin(), iv.length());
+ state = nonce_mac;
+ cipher->encrypt(state, buffer);
+ }
+
+/*************************************************
+* Set the EAX header *
+*************************************************/
+void EAX_Base::set_header(const byte header[], u32bit length)
+ {
+ header_mac = eax_prf(1, BLOCK_SIZE, mac, header, length);
+ }
+
+/*************************************************
+* Return the name of this cipher mode *
+*************************************************/
+std::string EAX_Base::name() const
+ {
+ return (cipher->name() + "/EAX");
+ }
+
+/*************************************************
+* Increment the counter and update the buffer *
+*************************************************/
+void EAX_Base::increment_counter()
+ {
+ for(s32bit j = BLOCK_SIZE - 1; j >= 0; --j)
+ if(++state[j])
+ break;
+ cipher->encrypt(state, buffer);
+ position = 0;
+ }
+
+/*************************************************
+* EAX_Encryption Constructor *
+*************************************************/
+EAX_Encryption::EAX_Encryption(const std::string& cipher_name,
+ u32bit tag_size) :
+ EAX_Base(cipher_name, tag_size)
+ {
+ }
+
+/*************************************************
+* EAX_Encryption Constructor *
+*************************************************/
+EAX_Encryption::EAX_Encryption(const std::string& cipher_name,
+ const SymmetricKey& key,
+ const InitializationVector& iv,
+ u32bit tag_size) :
+ EAX_Base(cipher_name, tag_size)
+ {
+ set_key(key);
+ set_iv(iv);
+ }
+
+/*************************************************
+* Encrypt in EAX mode *
+*************************************************/
+void EAX_Encryption::write(const byte input[], u32bit length)
+ {
+ u32bit copied = std::min(BLOCK_SIZE - position, length);
+ xor_buf(buffer + position, input, copied);
+ send(buffer + position, copied);
+ mac->update(buffer + position, copied);
+ input += copied;
+ length -= copied;
+ position += copied;
+
+ if(position == BLOCK_SIZE)
+ increment_counter();
+
+ while(length >= BLOCK_SIZE)
+ {
+ xor_buf(buffer, input, BLOCK_SIZE);
+ send(buffer, BLOCK_SIZE);
+ mac->update(buffer, BLOCK_SIZE);
+
+ input += BLOCK_SIZE;
+ length -= BLOCK_SIZE;
+ increment_counter();
+ }
+
+ xor_buf(buffer + position, input, length);
+ send(buffer + position, length);
+ mac->update(buffer + position, length);
+ position += length;
+ }
+
+/*************************************************
+* Finish encrypting in EAX mode *
+*************************************************/
+void EAX_Encryption::end_msg()
+ {
+ SecureVector<byte> data_mac = mac->final();
+ xor_buf(data_mac, nonce_mac, data_mac.size());
+ xor_buf(data_mac, header_mac, data_mac.size());
+
+ send(data_mac, TAG_SIZE);
+
+ state.clear();
+ buffer.clear();
+ position = 0;
+ }
+
+/*************************************************
+* EAX_Decryption Constructor *
+*************************************************/
+EAX_Decryption::EAX_Decryption(const std::string& cipher_name,
+ u32bit tag_size) :
+ EAX_Base(cipher_name, tag_size)
+ {
+ queue.create(2*TAG_SIZE + DEFAULT_BUFFERSIZE);
+ queue_start = queue_end = 0;
+ }
+
+/*************************************************
+* EAX_Decryption Constructor *
+*************************************************/
+EAX_Decryption::EAX_Decryption(const std::string& cipher_name,
+ const SymmetricKey& key,
+ const InitializationVector& iv,
+ u32bit tag_size) :
+ EAX_Base(cipher_name, tag_size)
+ {
+ set_key(key);
+ set_iv(iv);
+ queue.create(2*TAG_SIZE + DEFAULT_BUFFERSIZE);
+ queue_start = queue_end = 0;
+ }
+
+/*************************************************
+* Decrypt in EAX mode *
+*************************************************/
+void EAX_Decryption::write(const byte input[], u32bit length)
+ {
+ while(length)
+ {
+ const u32bit copied = std::min(length, queue.size() - queue_end);
+
+ queue.copy(queue_end, input, copied);
+ input += copied;
+ length -= copied;
+ queue_end += copied;
+
+ SecureVector<byte> block_buf(cipher->BLOCK_SIZE);
+ while((queue_end - queue_start) > TAG_SIZE)
+ {
+ u32bit removed = (queue_end - queue_start) - TAG_SIZE;
+ do_write(queue + queue_start, removed);
+ queue_start += removed;
+ }
+
+ if(queue_start + TAG_SIZE == queue_end &&
+ queue_start >= queue.size() / 2)
+ {
+ SecureVector<byte> queue_data(TAG_SIZE);
+ queue_data.copy(queue + queue_start, TAG_SIZE);
+ queue.copy(queue_data, TAG_SIZE);
+ queue_start = 0;
+ queue_end = TAG_SIZE;
+ }
+ }
+ }
+
+/*************************************************
+* Decrypt in EAX mode *
+*************************************************/
+void EAX_Decryption::do_write(const byte input[], u32bit length)
+ {
+ mac->update(input, length);
+
+ u32bit copied = std::min(BLOCK_SIZE - position, length);
+ xor_buf(buffer + position, input, copied);
+ send(buffer + position, copied);
+ input += copied;
+ length -= copied;
+ position += copied;
+
+ if(position == BLOCK_SIZE)
+ increment_counter();
+
+ while(length >= BLOCK_SIZE)
+ {
+ xor_buf(buffer, input, BLOCK_SIZE);
+ send(buffer, BLOCK_SIZE);
+
+ input += BLOCK_SIZE;
+ length -= BLOCK_SIZE;
+ increment_counter();
+ }
+
+ xor_buf(buffer + position, input, length);
+ send(buffer + position, length);
+ position += length;
+ }
+
+/*************************************************
+* Finish decrypting in EAX mode *
+*************************************************/
+void EAX_Decryption::end_msg()
+ {
+ if((queue_end - queue_start) != TAG_SIZE)
+ throw Integrity_Failure(name() + ": Message authentication failure");
+
+ SecureVector<byte> data_mac = mac->final();
+
+ for(u32bit j = 0; j != TAG_SIZE; ++j)
+ if(queue[queue_start+j] != (data_mac[j] ^ nonce_mac[j] ^ header_mac[j]))
+ throw Integrity_Failure(name() + ": Message authentication failure");
+
+ state.clear();
+ buffer.clear();
+ position = 0;
+ queue_start = queue_end = 0;
+ }
+
+}
diff --git a/src/ecb.cpp b/src/ecb.cpp
new file mode 100644
index 000000000..d402a8447
--- /dev/null
+++ b/src/ecb.cpp
@@ -0,0 +1,152 @@
+/*************************************************
+* ECB Mode Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/ecb.h>
+#include <botan/lookup.h>
+
+namespace Botan {
+
+/*************************************************
+* ECB Constructor *
+*************************************************/
+ECB::ECB(const std::string& cipher_name, const std::string& padding_name) :
+ BlockCipherMode(cipher_name, "ECB", 0), padder(get_bc_pad(padding_name))
+ {
+ }
+
+/*************************************************
+* Verify the IV is not set *
+*************************************************/
+bool ECB::valid_iv_size(u32bit iv_size) const
+ {
+ if(iv_size == 0)
+ return true;
+ return false;
+ }
+
+/*************************************************
+* Return an ECB mode name *
+*************************************************/
+std::string ECB::name() const
+ {
+ return (cipher->name() + "/" + mode_name + "/" + padder->name());
+ }
+
+/*************************************************
+* ECB Encryption Constructor *
+*************************************************/
+ECB_Encryption::ECB_Encryption(const std::string& cipher_name,
+ const std::string& padding_name) :
+ ECB(cipher_name, padding_name)
+ {
+ }
+
+/*************************************************
+* ECB Encryption Constructor *
+*************************************************/
+ECB_Encryption::ECB_Encryption(const std::string& cipher_name,
+ const std::string& padding_name,
+ const SymmetricKey& key) :
+ ECB(cipher_name, padding_name)
+ {
+ set_key(key);
+ }
+
+/*************************************************
+* Encrypt in ECB mode *
+*************************************************/
+void ECB_Encryption::write(const byte input[], u32bit length)
+ {
+ buffer.copy(position, input, length);
+ if(position + length >= BLOCK_SIZE)
+ {
+ cipher->encrypt(buffer);
+ send(buffer, BLOCK_SIZE);
+ input += (BLOCK_SIZE - position);
+ length -= (BLOCK_SIZE - position);
+ while(length >= BLOCK_SIZE)
+ {
+ cipher->encrypt(input, buffer);
+ send(buffer, BLOCK_SIZE);
+ input += BLOCK_SIZE;
+ length -= BLOCK_SIZE;
+ }
+ buffer.copy(input, length);
+ position = 0;
+ }
+ position += length;
+ }
+
+/*************************************************
+* Finish encrypting in ECB mode *
+*************************************************/
+void ECB_Encryption::end_msg()
+ {
+ SecureVector<byte> padding(BLOCK_SIZE);
+ padder->pad(padding, padding.size(), position);
+ write(padding, padder->pad_bytes(BLOCK_SIZE, position));
+ if(position != 0)
+ throw Encoding_Error(name() + ": Did not pad to full blocksize");
+ }
+
+/*************************************************
+* ECB Decryption Constructor *
+*************************************************/
+ECB_Decryption::ECB_Decryption(const std::string& cipher_name,
+ const std::string& padding_name) :
+ ECB(cipher_name, padding_name)
+ {
+ }
+
+/*************************************************
+* ECB Decryption Constructor *
+*************************************************/
+ECB_Decryption::ECB_Decryption(const std::string& cipher_name,
+ const std::string& padding_name,
+ const SymmetricKey& key) :
+ ECB(cipher_name, padding_name)
+ {
+ set_key(key);
+ }
+
+/*************************************************
+* Decrypt in ECB mode *
+*************************************************/
+void ECB_Decryption::write(const byte input[], u32bit length)
+ {
+ buffer.copy(position, input, length);
+ if(position + length > BLOCK_SIZE)
+ {
+ cipher->decrypt(buffer);
+ send(buffer, BLOCK_SIZE);
+ input += (BLOCK_SIZE - position);
+ length -= (BLOCK_SIZE - position);
+ while(length > BLOCK_SIZE)
+ {
+ cipher->decrypt(input, buffer);
+ send(buffer, BLOCK_SIZE);
+ input += BLOCK_SIZE;
+ length -= BLOCK_SIZE;
+ }
+ buffer.copy(input, length);
+ position = 0;
+ }
+ position += length;
+ }
+
+/*************************************************
+* Finish decrypting in ECB mode *
+*************************************************/
+void ECB_Decryption::end_msg()
+ {
+ if(position != BLOCK_SIZE)
+ throw Decoding_Error(name());
+ cipher->decrypt(buffer);
+ send(buffer, padder->unpad(buffer, BLOCK_SIZE));
+ state = buffer;
+ position = 0;
+ }
+
+}
diff --git a/src/elgamal.cpp b/src/elgamal.cpp
new file mode 100644
index 000000000..152aeb4dc
--- /dev/null
+++ b/src/elgamal.cpp
@@ -0,0 +1,120 @@
+/*************************************************
+* ElGamal Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/elgamal.h>
+#include <botan/numthry.h>
+#include <botan/keypair.h>
+#include <botan/util.h>
+
+namespace Botan {
+
+/*************************************************
+* ElGamal_PublicKey Constructor *
+*************************************************/
+ElGamal_PublicKey::ElGamal_PublicKey(const DL_Group& grp, const BigInt& y1)
+ {
+ group = grp;
+ y = y1;
+ X509_load_hook();
+ }
+
+/*************************************************
+* Algorithm Specific X.509 Initialization Code *
+*************************************************/
+void ElGamal_PublicKey::X509_load_hook()
+ {
+ core = ELG_Core(group, y);
+ check_loaded_public();
+ }
+
+/*************************************************
+* ElGamal Encryption Function *
+*************************************************/
+SecureVector<byte> ElGamal_PublicKey::encrypt(const byte in[],
+ u32bit length) const
+ {
+ BigInt k = random_integer(2 * dl_work_factor(group_p().bits()));
+ return core.encrypt(in, length, k);
+ }
+
+/*************************************************
+* Return the maximum input size in bits *
+*************************************************/
+u32bit ElGamal_PublicKey::max_input_bits() const
+ {
+ return (group_p().bits() - 1);
+ }
+
+/*************************************************
+* ElGamal_PrivateKey Constructor *
+*************************************************/
+ElGamal_PrivateKey::ElGamal_PrivateKey(const DL_Group& grp)
+ {
+ group = grp;
+
+ x = random_integer(2 * dl_work_factor(group_p().bits()));
+
+ PKCS8_load_hook();
+ check_generated_private();
+ }
+
+/*************************************************
+* ElGamal_PrivateKey Constructor *
+*************************************************/
+ElGamal_PrivateKey::ElGamal_PrivateKey(const DL_Group& grp, const BigInt& x1,
+ const BigInt& y1)
+ {
+ group = grp;
+ y = y1;
+ x = x1;
+
+ PKCS8_load_hook();
+ check_loaded_private();
+ }
+
+/*************************************************
+* Algorithm Specific PKCS #8 Initialization Code *
+*************************************************/
+void ElGamal_PrivateKey::PKCS8_load_hook()
+ {
+ if(y == 0)
+ y = power_mod(group_g(), x, group_p());
+ core = ELG_Core(group, y, x);
+ }
+
+/*************************************************
+* ElGamal Decryption Function *
+*************************************************/
+SecureVector<byte> ElGamal_PrivateKey::decrypt(const byte in[],
+ u32bit length) const
+ {
+ return core.decrypt(in, length);
+ }
+
+/*************************************************
+* Check Private ElGamal Parameters *
+*************************************************/
+bool ElGamal_PrivateKey::check_key(bool strong) const
+ {
+ if(!DL_Scheme_PrivateKey::check_key(strong))
+ return false;
+
+ if(!strong)
+ return true;
+
+ try {
+ KeyPair::check_key(get_pk_encryptor(*this, "EME1(SHA-1)"),
+ get_pk_decryptor(*this, "EME1(SHA-1)")
+ );
+ }
+ catch(Self_Test_Failure)
+ {
+ return false;
+ }
+
+ return true;
+ }
+
+}
diff --git a/src/eme1.cpp b/src/eme1.cpp
new file mode 100644
index 000000000..1b5dd3128
--- /dev/null
+++ b/src/eme1.cpp
@@ -0,0 +1,96 @@
+/*************************************************
+* EME1 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/eme.h>
+#include <botan/rng.h>
+#include <botan/lookup.h>
+#include <botan/look_pk.h>
+#include <memory>
+
+namespace Botan {
+
+/*************************************************
+* EME1 Pad Operation *
+*************************************************/
+SecureVector<byte> EME1::pad(const byte in[], u32bit in_length,
+ u32bit key_length) const
+ {
+ key_length /= 8;
+
+ if(in_length > key_length - 2*HASH_LENGTH - 1)
+ throw Exception("EME1: Input is too large");
+
+ SecureVector<byte> out(key_length);
+
+ out.clear();
+
+ Global_RNG::randomize(out, HASH_LENGTH);
+
+ out.copy(HASH_LENGTH, Phash, Phash.size());
+ out[out.size() - in_length - 1] = 0x01;
+ out.copy(out.size() - in_length, in, in_length);
+ mgf->mask(out, HASH_LENGTH, out + HASH_LENGTH, out.size() - HASH_LENGTH);
+ mgf->mask(out + HASH_LENGTH, out.size() - HASH_LENGTH, out, HASH_LENGTH);
+
+ return out;
+ }
+
+/*************************************************
+* EME1 Unpad Operation *
+*************************************************/
+SecureVector<byte> EME1::unpad(const byte in[], u32bit in_length,
+ u32bit key_length) const
+ {
+ key_length /= 8;
+ if(in_length > key_length)
+ throw Decoding_Error("Invalid EME1 encoding");
+
+ SecureVector<byte> tmp(key_length);
+ tmp.copy(key_length - in_length, in, in_length);
+
+ mgf->mask(tmp + HASH_LENGTH, tmp.size() - HASH_LENGTH, tmp, HASH_LENGTH);
+ mgf->mask(tmp, HASH_LENGTH, tmp + HASH_LENGTH, tmp.size() - HASH_LENGTH);
+
+ for(u32bit j = 0; j != Phash.size(); ++j)
+ if(tmp[j+HASH_LENGTH] != Phash[j])
+ throw Decoding_Error("Invalid EME1 encoding");
+
+ for(u32bit j = HASH_LENGTH + Phash.size(); j != tmp.size(); ++j)
+ {
+ if(tmp[j] && tmp[j] != 0x01)
+ throw Decoding_Error("Invalid EME1 encoding");
+ if(tmp[j] && tmp[j] == 0x01)
+ {
+ SecureVector<byte> retval(tmp + j + 1, tmp.size() - j - 1);
+ return retval;
+ }
+ }
+ throw Decoding_Error("Invalid EME1 encoding");
+ }
+
+/*************************************************
+* Return the max input size for a given key size *
+*************************************************/
+u32bit EME1::maximum_input_size(u32bit keybits) const
+ {
+ if(keybits / 8 > 2*HASH_LENGTH + 1)
+ return ((keybits / 8) - 2*HASH_LENGTH - 1);
+ else
+ return 0;
+ }
+
+/*************************************************
+* EME1 Constructor *
+*************************************************/
+EME1::EME1(const std::string& hash_name, const std::string& mgf_name,
+ const std::string& P) :
+ HASH_LENGTH(output_length_of(hash_name))
+ {
+ mgf = get_mgf(mgf_name + "(" + hash_name + ")");
+ std::auto_ptr<HashFunction> hash(get_hash(hash_name));
+ Phash = hash->process(P);
+ }
+
+}
diff --git a/src/eme_pkcs.cpp b/src/eme_pkcs.cpp
new file mode 100644
index 000000000..22a2521ad
--- /dev/null
+++ b/src/eme_pkcs.cpp
@@ -0,0 +1,68 @@
+/*************************************************
+* PKCS1 EME Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/eme.h>
+#include <botan/rng.h>
+
+namespace Botan {
+
+/*************************************************
+* PKCS1 Pad Operation *
+*************************************************/
+SecureVector<byte> EME_PKCS1v15::pad(const byte in[], u32bit inlen,
+ u32bit olen) const
+ {
+ olen /= 8;
+
+ if(olen < 10)
+ throw Encoding_Error("PKCS1: Output space too small");
+ if(inlen > olen - 10)
+ throw Encoding_Error("PKCS1: Input is too large");
+
+ SecureVector<byte> out(olen);
+
+ out[0] = 0x02;
+ for(u32bit j = 1; j != olen - inlen - 1; ++j)
+ while(out[j] == 0)
+ out[j] = Global_RNG::random();
+ out.copy(olen - inlen, in, inlen);
+
+ return out;
+ }
+
+/*************************************************
+* PKCS1 Unpad Operation *
+*************************************************/
+SecureVector<byte> EME_PKCS1v15::unpad(const byte in[], u32bit inlen,
+ u32bit key_len) const
+ {
+ if(inlen != key_len / 8 || inlen < 10 || in[0] != 0x02)
+ throw Decoding_Error("PKCS1::unpad");
+
+ u32bit seperator = 0;
+ for(u32bit j = 0; j != inlen; ++j)
+ if(in[j] == 0)
+ {
+ seperator = j;
+ break;
+ }
+ if(seperator < 9)
+ throw Decoding_Error("PKCS1::unpad");
+
+ return SecureVector<byte>(in + seperator + 1, inlen - seperator - 1);
+ }
+
+/*************************************************
+* Return the max input size for a given key size *
+*************************************************/
+u32bit EME_PKCS1v15::maximum_input_size(u32bit keybits) const
+ {
+ if(keybits / 8 > 10)
+ return ((keybits / 8) - 10);
+ else
+ return 0;
+ }
+
+}
diff --git a/src/emsa1.cpp b/src/emsa1.cpp
new file mode 100644
index 000000000..047d6bdbf
--- /dev/null
+++ b/src/emsa1.cpp
@@ -0,0 +1,98 @@
+/*************************************************
+* EMSA1 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/emsa.h>
+#include <botan/lookup.h>
+
+namespace Botan {
+
+/*************************************************
+* EMSA1 Update Operation *
+*************************************************/
+void EMSA1::update(const byte input[], u32bit length)
+ {
+ hash->update(input, length);
+ }
+
+/*************************************************
+* Return the raw (unencoded) data *
+*************************************************/
+SecureVector<byte> EMSA1::raw_data()
+ {
+ return hash->final();
+ }
+
+/*************************************************
+* EMSA1 Encode Operation *
+*************************************************/
+SecureVector<byte> EMSA1::encoding_of(const MemoryRegion<byte>& msg,
+ u32bit output_bits)
+ {
+ if(msg.size() != hash->OUTPUT_LENGTH)
+ throw Invalid_Argument("EMSA1::encoding_of: Invalid size for input");
+ if(8*msg.size() <= output_bits)
+ return msg;
+
+ u32bit shift = 8*msg.size() - output_bits;
+
+ u32bit byte_shift = shift / 8, bit_shift = shift % 8;
+ SecureVector<byte> digest(msg.size() - byte_shift);
+
+ for(u32bit j = 0; j != msg.size() - byte_shift; ++j)
+ digest[j] = msg[j];
+
+ if(bit_shift)
+ {
+ byte carry = 0;
+ for(u32bit j = 0; j != digest.size(); ++j)
+ {
+ byte temp = digest[j];
+ digest[j] = (temp >> bit_shift) | carry;
+ carry = (temp << (8 - bit_shift));
+ }
+ }
+ return digest;
+ }
+
+/*************************************************
+* EMSA1 Decode/Verify Operation *
+*************************************************/
+bool EMSA1::verify(const MemoryRegion<byte>& coded,
+ const MemoryRegion<byte>& raw, u32bit key_bits) throw()
+ {
+ try {
+ SecureVector<byte> our_coding = encoding_of(raw, key_bits);
+
+ if(our_coding == coded) return true;
+ if(our_coding[0] != 0) return false;
+ if(our_coding.size() <= coded.size()) return false;
+
+ u32bit offset = 0;
+ while(our_coding[offset] == 0 && offset < our_coding.size())
+ ++offset;
+ if(our_coding.size() - offset != coded.size())
+ return false;
+
+ for(u32bit j = 0; j != coded.size(); ++j)
+ if(coded[j] != our_coding[j+offset])
+ return false;
+
+ return true;
+ }
+ catch(Invalid_Argument)
+ {
+ return false;
+ }
+ }
+
+/*************************************************
+* EMSA1 Constructor *
+*************************************************/
+EMSA1::EMSA1(const std::string& hash_name) :
+ hash(get_hash(hash_name))
+ {
+ }
+
+}
diff --git a/src/emsa2.cpp b/src/emsa2.cpp
new file mode 100644
index 000000000..ab805f335
--- /dev/null
+++ b/src/emsa2.cpp
@@ -0,0 +1,70 @@
+/*************************************************
+* EMSA2 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/emsa.h>
+#include <botan/hash_id.h>
+#include <botan/lookup.h>
+
+namespace Botan {
+
+/*************************************************
+* EMSA2 Update Operation *
+*************************************************/
+void EMSA2::update(const byte input[], u32bit length)
+ {
+ hash->update(input, length);
+ }
+
+/*************************************************
+* Return the raw (unencoded) data *
+*************************************************/
+SecureVector<byte> EMSA2::raw_data()
+ {
+ return hash->final();
+ }
+
+/*************************************************
+* EMSA2 Encode Operation *
+*************************************************/
+SecureVector<byte> EMSA2::encoding_of(const MemoryRegion<byte>& msg,
+ u32bit output_bits)
+ {
+ u32bit output_length = (output_bits + 1) / 8;
+
+ if(msg.size() != hash->OUTPUT_LENGTH)
+ throw Invalid_Argument("EMSA2::encoding_of: Bad input length");
+ if(output_length < hash->OUTPUT_LENGTH + 4)
+ throw Invalid_Argument("EMSA2::encoding_of: Output length is too small");
+
+ bool empty = true;
+ for(u32bit j = 0; j != hash->OUTPUT_LENGTH; ++j)
+ if(empty_hash[j] != msg[j])
+ empty = false;
+
+ SecureVector<byte> output(output_length);
+
+ output[0] = (empty ? 0x4B : 0x6B);
+ output[output_length - 3 - hash->OUTPUT_LENGTH] = 0xBA;
+ set_mem(output + 1, output_length - 4 - hash->OUTPUT_LENGTH, 0xBB);
+ output.copy(output_length-2-hash->OUTPUT_LENGTH, msg, msg.size());
+ output[output_length-2] = hash_id;
+ output[output_length-1] = 0xCC;
+
+ return output;
+ }
+
+/*************************************************
+* EMSA2 Constructor *
+*************************************************/
+EMSA2::EMSA2(const std::string& hash_name)
+ {
+ hash_id = ieee1363_hash_id(hash_name);
+ if(hash_id == 0)
+ throw Invalid_Argument("EMSA2 cannot be used with " + hash->name());
+ hash = get_hash(hash_name);
+ empty_hash = hash->final();
+ }
+
+}
diff --git a/src/emsa3.cpp b/src/emsa3.cpp
new file mode 100644
index 000000000..566e55c62
--- /dev/null
+++ b/src/emsa3.cpp
@@ -0,0 +1,62 @@
+/*************************************************
+* EMSA3 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/emsa.h>
+#include <botan/hash_id.h>
+#include <botan/lookup.h>
+
+namespace Botan {
+
+/*************************************************
+* EMSA3 Update Operation *
+*************************************************/
+void EMSA3::update(const byte input[], u32bit length)
+ {
+ hash->update(input, length);
+ }
+
+/*************************************************
+* Return the raw (unencoded) data *
+*************************************************/
+SecureVector<byte> EMSA3::raw_data()
+ {
+ return hash->final();
+ }
+
+/*************************************************
+* EMSA3 Encode Operation *
+*************************************************/
+SecureVector<byte> EMSA3::encoding_of(const MemoryRegion<byte>& msg,
+ u32bit output_bits)
+ {
+ if(msg.size() != hash->OUTPUT_LENGTH)
+ throw Invalid_Argument("EMSA3::encoding_of: Bad input length");
+
+ u32bit output_length = output_bits / 8;
+ if(output_length < hash_id.size() + hash->OUTPUT_LENGTH + 10)
+ throw Invalid_Argument("EMSA3::pad: Output length is too small");
+
+ SecureVector<byte> T(output_length);
+ const u32bit P_LENGTH = output_length - hash->OUTPUT_LENGTH -
+ hash_id.size() - 2;
+
+ T[0] = 0x01;
+ set_mem(T+1, P_LENGTH, 0xFF);
+ T[P_LENGTH+1] = 0x00;
+ T.copy(P_LENGTH+2, hash_id, hash_id.size());
+ T.copy(output_length-hash->OUTPUT_LENGTH, msg, msg.size());
+ return T;
+ }
+
+/*************************************************
+* EMSA3 Constructor *
+*************************************************/
+EMSA3::EMSA3(const std::string& hash_name)
+ {
+ hash_id = pkcs_hash_id(hash_name);
+ hash = get_hash(hash_name);
+ }
+
+}
diff --git a/src/emsa4.cpp b/src/emsa4.cpp
new file mode 100644
index 000000000..075089239
--- /dev/null
+++ b/src/emsa4.cpp
@@ -0,0 +1,144 @@
+/*************************************************
+* EMSA4 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/emsa.h>
+#include <botan/lookup.h>
+#include <botan/look_pk.h>
+#include <botan/bit_ops.h>
+#include <botan/rng.h>
+
+namespace Botan {
+
+/*************************************************
+* EMSA4 Update Operation *
+*************************************************/
+void EMSA4::update(const byte input[], u32bit length)
+ {
+ hash->update(input, length);
+ }
+
+/*************************************************
+* Return the raw (unencoded) data *
+*************************************************/
+SecureVector<byte> EMSA4::raw_data()
+ {
+ return hash->final();
+ }
+
+/*************************************************
+* EMSA4 Encode Operation *
+*************************************************/
+SecureVector<byte> EMSA4::encoding_of(const MemoryRegion<byte>& msg,
+ u32bit output_bits)
+ {
+ const u32bit HASH_SIZE = hash->OUTPUT_LENGTH;
+
+ if(msg.size() != HASH_SIZE)
+ throw Invalid_Argument("EMSA4::encoding_of: Bad input length");
+ if(output_bits < 8*HASH_SIZE + 8*SALT_SIZE + 9)
+ throw Invalid_Argument("EMSA4::encoding_of: Output length is too small");
+
+ const u32bit output_length = (output_bits + 7) / 8;
+
+ SecureVector<byte> salt(SALT_SIZE);
+ Global_RNG::randomize(salt, SALT_SIZE);
+
+ for(u32bit j = 0; j != 8; ++j)
+ hash->update(0);
+ hash->update(msg);
+ hash->update(salt, SALT_SIZE);
+ SecureVector<byte> H = hash->final();
+
+ SecureVector<byte> EM(output_length);
+
+ EM[output_length - HASH_SIZE - SALT_SIZE - 2] = 0x01;
+ EM.copy(output_length - 1 - HASH_SIZE - SALT_SIZE, salt, SALT_SIZE);
+ mgf->mask(H, HASH_SIZE, EM, output_length - HASH_SIZE - 1);
+ EM[0] &= 0xFF >> (8 * ((output_bits + 7) / 8) - output_bits);
+ EM.copy(output_length - 1 - HASH_SIZE, H, HASH_SIZE);
+ EM[output_length-1] = 0xBC;
+
+ return EM;
+ }
+
+/*************************************************
+* EMSA4 Decode/Verify Operation *
+*************************************************/
+bool EMSA4::verify(const MemoryRegion<byte>& const_coded,
+ const MemoryRegion<byte>& raw, u32bit key_bits) throw()
+ {
+ const u32bit HASH_SIZE = hash->OUTPUT_LENGTH;
+ const u32bit KEY_BYTES = (key_bits + 7) / 8;
+
+ if(key_bits < 8*HASH_SIZE + 9)
+ return false;
+ if(raw.size() != HASH_SIZE)
+ return false;
+ if(const_coded.size() > KEY_BYTES)
+ return false;
+ if(const_coded[const_coded.size()-1] != 0xBC)
+ return false;
+
+ SecureVector<byte> coded = const_coded;
+ if(coded.size() < KEY_BYTES)
+ {
+ SecureVector<byte> temp(KEY_BYTES);
+ temp.copy(KEY_BYTES - coded.size(), coded, coded.size());
+ coded = temp;
+ }
+
+ const u32bit TOP_BITS = 8 * ((key_bits + 7) / 8) - key_bits;
+ if(TOP_BITS > 8 - high_bit(coded[0]))
+ return false;
+
+ SecureVector<byte> DB(coded.begin(), coded.size() - HASH_SIZE - 1);
+ SecureVector<byte> H(coded + coded.size() - HASH_SIZE - 1, HASH_SIZE);
+
+ mgf->mask(H, H.size(), DB, coded.size() - H.size() - 1);
+ DB[0] &= 0xFF >> TOP_BITS;
+
+ u32bit salt_offset = 0;
+ for(u32bit j = 0; j != DB.size(); ++j)
+ {
+ if(DB[j] == 0x01)
+ { salt_offset = j + 1; break; }
+ if(DB[j])
+ return false;
+ }
+ if(salt_offset == 0)
+ return false;
+
+ SecureVector<byte> salt(DB + salt_offset, DB.size() - salt_offset);
+
+ for(u32bit j = 0; j != 8; ++j)
+ hash->update(0);
+ hash->update(raw);
+ hash->update(salt);
+ SecureVector<byte> H2 = hash->final();
+
+ return (H == H2);
+ }
+
+/*************************************************
+* EMSA4 Constructor *
+*************************************************/
+EMSA4::EMSA4(const std::string& hash_name, const std::string& mgf_name) :
+ SALT_SIZE(output_length_of(hash_name))
+ {
+ hash = get_hash(hash_name);
+ mgf = get_mgf(mgf_name + "(" + hash_name + ")");
+ }
+
+/*************************************************
+* EMSA4 Constructor *
+*************************************************/
+EMSA4::EMSA4(const std::string& hash_name, const std::string& mgf_name,
+ u32bit salt_size) : SALT_SIZE(salt_size)
+ {
+ hash = get_hash(hash_name);
+ mgf = get_mgf(mgf_name + "(" + hash_name + ")");
+ }
+
+}
diff --git a/src/emsa_raw.cpp b/src/emsa_raw.cpp
new file mode 100644
index 000000000..23c57d88a
--- /dev/null
+++ b/src/emsa_raw.cpp
@@ -0,0 +1,37 @@
+/*************************************************
+* EMSA-Raw Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/emsa.h>
+
+namespace Botan {
+
+/*************************************************
+* EMSA-Raw Encode Operation *
+*************************************************/
+void EMSA_Raw::update(const byte input[], u32bit length)
+ {
+ message.append(input, length);
+ }
+
+/*************************************************
+* Return the raw (unencoded) data *
+*************************************************/
+SecureVector<byte> EMSA_Raw::raw_data()
+ {
+ SecureVector<byte> buf = message;
+ message.destroy();
+ return buf;
+ }
+
+/*************************************************
+* EMSA-Raw Encode Operation *
+*************************************************/
+SecureVector<byte> EMSA_Raw::encoding_of(const MemoryRegion<byte>& msg,
+ u32bit)
+ {
+ return msg;
+ }
+
+}
diff --git a/src/eng_base.cpp b/src/eng_base.cpp
new file mode 100644
index 000000000..ac0ba7b8d
--- /dev/null
+++ b/src/eng_base.cpp
@@ -0,0 +1,345 @@
+/*************************************************
+* Basic No-Op Engine Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/engine.h>
+#include <botan/libstate.h>
+#include <botan/stl_util.h>
+#include <botan/lookup.h>
+
+namespace Botan {
+
+/*************************************************
+* Basic No-Op Engine Implementation *
+*************************************************/
+IF_Operation* Engine::if_op(const BigInt&, const BigInt&, const BigInt&,
+ const BigInt&, const BigInt&, const BigInt&,
+ const BigInt&, const BigInt&) const
+ {
+ return 0;
+ }
+
+/*************************************************
+* Basic No-Op Engine Implementation *
+*************************************************/
+DSA_Operation* Engine::dsa_op(const DL_Group&, const BigInt&,
+ const BigInt&) const
+ {
+ return 0;
+ }
+
+/*************************************************
+* Basic No-Op Engine Implementation *
+*************************************************/
+NR_Operation* Engine::nr_op(const DL_Group&, const BigInt&,
+ const BigInt&) const
+ {
+ return 0;
+ }
+
+/*************************************************
+* Basic No-Op Engine Implementation *
+*************************************************/
+ELG_Operation* Engine::elg_op(const DL_Group&, const BigInt&,
+ const BigInt&) const
+ {
+ return 0;
+ }
+
+/*************************************************
+* Basic No-Op Engine Implementation *
+*************************************************/
+DH_Operation* Engine::dh_op(const DL_Group&, const BigInt&) const
+ {
+ return 0;
+ }
+
+/*************************************************
+* Basic No-Op Engine Implementation *
+*************************************************/
+Modular_Exponentiator* Engine::mod_exp(const BigInt&,
+ Power_Mod::Usage_Hints) const
+ {
+ return 0;
+ }
+
+/*************************************************
+* Get an algorithm out of the table *
+*************************************************/
+Algorithm* Engine::get_algo(const std::string& type,
+ const std::string& name) const
+ {
+ Mutex_Holder lock(mappings[type].first);
+ return search_map(mappings[type].second, name);
+ }
+
+/*************************************************
+* Add an algorithm to the appropriate table *
+*************************************************/
+void Engine::add_algo(const std::string& type, Algorithm* algo) const
+ {
+ if(!algo)
+ return;
+
+ Mutex_Holder lock(mappings[type].first);
+
+ std::map<std::string, Algorithm*>& map = mappings[type].second;
+
+ const std::string algo_name = algo->name();
+
+ if(map.find(algo_name) != map.end())
+ delete map[algo_name];
+ map[algo_name] = algo;
+ }
+
+/*************************************************
+* Acquire a BlockCipher *
+*************************************************/
+const BlockCipher* Engine::block_cipher(const std::string& name) const
+ {
+ const std::string real_name = deref_alias(name);
+
+ Algorithm* got = get_algo("block_cipher", real_name);
+
+ if(got)
+ return dynamic_cast<BlockCipher*>(got);
+
+ BlockCipher* to_return = find_block_cipher(real_name);
+ add_algorithm(to_return);
+ return to_return;
+ }
+
+/*************************************************
+* Acquire a StreamCipher *
+*************************************************/
+const StreamCipher* Engine::stream_cipher(const std::string& name) const
+ {
+ const std::string real_name = deref_alias(name);
+
+ Algorithm* got = get_algo("stream_cipher", real_name);
+
+ if(got)
+ return dynamic_cast<StreamCipher*>(got);
+
+ StreamCipher* to_return = find_stream_cipher(real_name);
+ add_algorithm(to_return);
+ return to_return;
+ }
+
+/*************************************************
+* Acquire a HashFunction *
+*************************************************/
+const HashFunction* Engine::hash(const std::string& name) const
+ {
+ const std::string real_name = deref_alias(name);
+
+ Algorithm* got = get_algo("hash_func", real_name);
+
+ if(got)
+ return dynamic_cast<HashFunction*>(got);
+
+ HashFunction* to_return = find_hash(real_name);
+ add_algorithm(to_return);
+ return to_return;
+ }
+
+/*************************************************
+* Acquire a MessageAuthenticationCode *
+*************************************************/
+const MessageAuthenticationCode* Engine::mac(const std::string& name) const
+ {
+ const std::string real_name = deref_alias(name);
+
+ Algorithm* got = get_algo("mac_func", real_name);
+
+ if(got)
+ return dynamic_cast<MessageAuthenticationCode*>(got);
+
+ MessageAuthenticationCode* to_return = find_mac(real_name);
+ add_algorithm(to_return);
+ return to_return;
+ }
+
+/*************************************************
+* Acquire a S2K object *
+*************************************************/
+const S2K* Engine::s2k(const std::string& name) const
+ {
+ const std::string real_name = deref_alias(name);
+
+ Algorithm* got = get_algo("s2k_func", real_name);
+
+ if(got)
+ return dynamic_cast<S2K*>(got);
+
+ S2K* to_return = find_s2k(real_name);
+ add_algorithm(to_return);
+ return to_return;
+ }
+
+/*************************************************
+* Acquire a cipher padding object *
+*************************************************/
+const BlockCipherModePaddingMethod*
+Engine::bc_pad(const std::string& name) const
+ {
+ const std::string real_name = deref_alias(name);
+
+ Algorithm* got = get_algo("bc_pad", real_name);
+
+ if(got)
+ return dynamic_cast<BlockCipherModePaddingMethod*>(got);
+
+ BlockCipherModePaddingMethod* to_return =
+ find_bc_pad(real_name);
+
+ add_algorithm(to_return);
+ return to_return;
+ }
+
+/*************************************************
+* Add a block cipher to the lookup table *
+*************************************************/
+void Engine::add_algorithm(BlockCipher* algo) const
+ {
+ add_algo("block_cipher", algo);
+ }
+
+/*************************************************
+* Add a stream cipher to the lookup table *
+*************************************************/
+void Engine::add_algorithm(StreamCipher* algo) const
+ {
+ add_algo("stream_cipher", algo);
+ }
+
+/*************************************************
+* Add a hash function to the lookup table *
+*************************************************/
+void Engine::add_algorithm(HashFunction* algo) const
+ {
+ add_algo("hash_func", algo);
+ }
+
+/*************************************************
+* Add a MAC to the lookup table *
+*************************************************/
+void Engine::add_algorithm(MessageAuthenticationCode* algo) const
+ {
+ add_algo("mac_func", algo);
+ }
+
+/*************************************************
+* Add a S2K to the lookup table *
+*************************************************/
+void Engine::add_algorithm(S2K* algo) const
+ {
+ add_algo("s2k_func", algo);
+ }
+
+/*************************************************
+* Add a cipher pad method to the lookup table *
+*************************************************/
+void Engine::add_algorithm(BlockCipherModePaddingMethod* algo) const
+ {
+ add_algo("bc_pad", algo);
+ }
+
+/*************************************************
+* Create an Engine *
+*************************************************/
+Engine::Engine()
+ {
+ const std::string TYPES[] = {
+ "block_cipher", "stream_cipher", "hash_func", "mac_func",
+ "s2k_func", "bc_pad", ""
+ };
+
+ for(u32bit j = 0; TYPES[j] != ""; ++j)
+ {
+ mappings[TYPES[j]] =
+ std::make_pair(global_state().get_mutex(),
+ std::map<std::string, Algorithm*>());
+ }
+ }
+
+/*************************************************
+* Destroy an Engine *
+*************************************************/
+Engine::~Engine()
+ {
+ std::map<std::string, mutex_map_pair>::iterator i = mappings.begin();
+ while(i != mappings.end())
+ {
+ delete i->second.first;
+
+ std::map<std::string, Algorithm*>::iterator j =
+ i->second.second.begin();
+ while(j != i->second.second.end())
+ {
+ delete j->second;
+ ++j;
+ }
+
+ ++i;
+ }
+ }
+
+/*************************************************
+* Basic No-Op Engine Implementation *
+*************************************************/
+BlockCipher* Engine::find_block_cipher(const std::string&) const
+ {
+ return 0;
+ }
+
+/*************************************************
+* Basic No-Op Engine Implementation *
+*************************************************/
+StreamCipher* Engine::find_stream_cipher(const std::string&) const
+ {
+ return 0;
+ }
+
+/*************************************************
+* Basic No-Op Engine Implementation *
+*************************************************/
+HashFunction* Engine::find_hash(const std::string&) const
+ {
+ return 0;
+ }
+
+/*************************************************
+* Basic No-Op Engine Implementation *
+*************************************************/
+MessageAuthenticationCode* Engine::find_mac(const std::string&) const
+ {
+ return 0;
+ }
+
+/*************************************************
+* Basic No-Op Engine Implementation *
+*************************************************/
+S2K* Engine::find_s2k(const std::string&) const
+ {
+ return 0;
+ }
+
+/*************************************************
+* Basic No-Op Engine Implementation *
+*************************************************/
+BlockCipherModePaddingMethod* Engine::find_bc_pad(const std::string&) const
+ {
+ return 0;
+ }
+
+/*************************************************
+* Basic No-Op Engine Implementation *
+*************************************************/
+Keyed_Filter* Engine::get_cipher(const std::string&, Cipher_Dir)
+ {
+ return 0;
+ }
+
+}
diff --git a/src/engine.cpp b/src/engine.cpp
new file mode 100644
index 000000000..ded54cda8
--- /dev/null
+++ b/src/engine.cpp
@@ -0,0 +1,361 @@
+/*************************************************
+* Engine Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/engine.h>
+#include <botan/libstate.h>
+#include <botan/eng_def.h>
+
+namespace Botan {
+
+namespace Engine_Core {
+
+/*************************************************
+* Acquire an IF op *
+*************************************************/
+IF_Operation* if_op(const BigInt& e, const BigInt& n, const BigInt& d,
+ const BigInt& p, const BigInt& q, const BigInt& d1,
+ const BigInt& d2, const BigInt& c)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(const Engine* engine = i.next())
+ {
+ IF_Operation* op = engine->if_op(e, n, d, p, q, d1, d2, c);
+ if(op)
+ return op;
+ }
+
+ throw Lookup_Error("Engine_Core::if_op: Unable to find a working engine");
+ }
+
+/*************************************************
+* Acquire a DSA op *
+*************************************************/
+DSA_Operation* dsa_op(const DL_Group& group, const BigInt& y, const BigInt& x)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(const Engine* engine = i.next())
+ {
+ DSA_Operation* op = engine->dsa_op(group, y, x);
+ if(op)
+ return op;
+ }
+
+ throw Lookup_Error("Engine_Core::dsa_op: Unable to find a working engine");
+ }
+
+/*************************************************
+* Acquire a NR op *
+*************************************************/
+NR_Operation* nr_op(const DL_Group& group, const BigInt& y, const BigInt& x)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(const Engine* engine = i.next())
+ {
+ NR_Operation* op = engine->nr_op(group, y, x);
+ if(op)
+ return op;
+ }
+
+ throw Lookup_Error("Engine_Core::nr_op: Unable to find a working engine");
+ }
+
+/*************************************************
+* Acquire an ElGamal op *
+*************************************************/
+ELG_Operation* elg_op(const DL_Group& group, const BigInt& y, const BigInt& x)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(const Engine* engine = i.next())
+ {
+ ELG_Operation* op = engine->elg_op(group, y, x);
+ if(op)
+ return op;
+ }
+
+ throw Lookup_Error("Engine_Core::elg_op: Unable to find a working engine");
+ }
+
+/*************************************************
+* Acquire a DH op *
+*************************************************/
+DH_Operation* dh_op(const DL_Group& group, const BigInt& x)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(const Engine* engine = i.next())
+ {
+ DH_Operation* op = engine->dh_op(group, x);
+ if(op)
+ return op;
+ }
+
+ throw Lookup_Error("Engine_Core::dh_op: Unable to find a working engine");
+ }
+
+/*************************************************
+* Acquire a modular exponentiator *
+*************************************************/
+Modular_Exponentiator* mod_exp(const BigInt& n, Power_Mod::Usage_Hints hints)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(const Engine* engine = i.next())
+ {
+ Modular_Exponentiator* op = engine->mod_exp(n, hints);
+
+ if(op)
+ return op;
+ }
+
+ throw Lookup_Error("Engine_Core::mod_exp: Unable to find a working engine");
+ }
+
+}
+
+/*************************************************
+* Acquire a block cipher *
+*************************************************/
+const BlockCipher* retrieve_block_cipher(const std::string& name)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(const Engine* engine = i.next())
+ {
+ const BlockCipher* algo = engine->block_cipher(name);
+ if(algo)
+ return algo;
+ }
+
+ return 0;
+ }
+
+/*************************************************
+* Acquire a stream cipher *
+*************************************************/
+const StreamCipher* retrieve_stream_cipher(const std::string& name)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(const Engine* engine = i.next())
+ {
+ const StreamCipher* algo = engine->stream_cipher(name);
+ if(algo)
+ return algo;
+ }
+
+ return 0;
+ }
+
+/*************************************************
+* Acquire a hash function *
+*************************************************/
+const HashFunction* retrieve_hash(const std::string& name)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(const Engine* engine = i.next())
+ {
+ const HashFunction* algo = engine->hash(name);
+ if(algo)
+ return algo;
+ }
+
+ return 0;
+ }
+
+/*************************************************
+* Acquire an authentication code *
+*************************************************/
+const MessageAuthenticationCode* retrieve_mac(const std::string& name)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(const Engine* engine = i.next())
+ {
+ const MessageAuthenticationCode* algo = engine->mac(name);
+ if(algo)
+ return algo;
+ }
+
+ return 0;
+ }
+
+/*************************************************
+* Acquire a string-to-key algorithm *
+*************************************************/
+const S2K* retrieve_s2k(const std::string& name)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(const Engine* engine = i.next())
+ {
+ const S2K* algo = engine->s2k(name);
+ if(algo)
+ return algo;
+ }
+
+ return 0;
+ }
+
+/*************************************************
+* Retrieve a block cipher padding method *
+*************************************************/
+const BlockCipherModePaddingMethod* retrieve_bc_pad(const std::string& name)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(const Engine* engine = i.next())
+ {
+ const BlockCipherModePaddingMethod* algo = engine->bc_pad(name);
+ if(algo)
+ return algo;
+ }
+
+ return 0;
+ }
+
+/*************************************************
+* Add a new block cipher *
+*************************************************/
+void add_algorithm(BlockCipher* algo)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(Engine* engine_base = i.next())
+ {
+ Default_Engine* engine = dynamic_cast<Default_Engine*>(engine_base);
+ if(engine)
+ {
+ engine->add_algorithm(algo);
+ return;
+ }
+ }
+
+ throw Invalid_State("add_algorithm: Couldn't find the Default_Engine");
+ }
+
+/*************************************************
+* Add a new stream cipher *
+*************************************************/
+void add_algorithm(StreamCipher* algo)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(Engine* engine_base = i.next())
+ {
+ Default_Engine* engine = dynamic_cast<Default_Engine*>(engine_base);
+ if(engine)
+ {
+ engine->add_algorithm(algo);
+ return;
+ }
+ }
+
+ throw Invalid_State("add_algorithm: Couldn't find the Default_Engine");
+ }
+
+/*************************************************
+* Add a new hash function *
+*************************************************/
+void add_algorithm(HashFunction* algo)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(Engine* engine_base = i.next())
+ {
+ Default_Engine* engine = dynamic_cast<Default_Engine*>(engine_base);
+ if(engine)
+ {
+ engine->add_algorithm(algo);
+ return;
+ }
+ }
+
+ throw Invalid_State("add_algorithm: Couldn't find the Default_Engine");
+ }
+
+/*************************************************
+* Add a new authentication code *
+*************************************************/
+void add_algorithm(MessageAuthenticationCode* algo)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(Engine* engine_base = i.next())
+ {
+ Default_Engine* engine = dynamic_cast<Default_Engine*>(engine_base);
+ if(engine)
+ {
+ engine->add_algorithm(algo);
+ return;
+ }
+ }
+
+ throw Invalid_State("add_algorithm: Couldn't find the Default_Engine");
+ }
+
+/*************************************************
+* Add a padding method to the lookup table *
+*************************************************/
+void add_algorithm(BlockCipherModePaddingMethod* algo)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(Engine* engine_base = i.next())
+ {
+ Default_Engine* engine = dynamic_cast<Default_Engine*>(engine_base);
+ if(engine)
+ {
+ engine->add_algorithm(algo);
+ return;
+ }
+ }
+
+ throw Invalid_State("add_algorithm: Couldn't find the Default_Engine");
+ }
+
+/*************************************************
+* Get a cipher object *
+*************************************************/
+Keyed_Filter* get_cipher(const std::string& algo_spec, Cipher_Dir direction)
+ {
+ Library_State::Engine_Iterator i(global_state());
+
+ while(Engine* engine = i.next())
+ {
+ Keyed_Filter* algo = engine->get_cipher(algo_spec, direction);
+ if(algo)
+ return algo;
+ }
+
+ throw Algorithm_Not_Found(algo_spec);
+ }
+
+/*************************************************
+* Get a cipher object *
+*************************************************/
+Keyed_Filter* get_cipher(const std::string& algo_spec, const SymmetricKey& key,
+ const InitializationVector& iv, Cipher_Dir direction)
+ {
+ Keyed_Filter* cipher = get_cipher(algo_spec, direction);
+ cipher->set_key(key);
+ cipher->set_iv(iv);
+ return cipher;
+ }
+
+/*************************************************
+* Get a cipher object *
+*************************************************/
+Keyed_Filter* get_cipher(const std::string& algo_spec, const SymmetricKey& key,
+ Cipher_Dir direction)
+ {
+ return get_cipher(algo_spec, key, InitializationVector(), direction);
+ }
+
+}
diff --git a/src/es_file.cpp b/src/es_file.cpp
new file mode 100644
index 000000000..8d2ea80fc
--- /dev/null
+++ b/src/es_file.cpp
@@ -0,0 +1,33 @@
+/*************************************************
+* File EntropySource Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/es_file.h>
+#include <botan/conf.h>
+#include <fstream>
+
+namespace Botan {
+
+/*************************************************
+* Gather Entropy from Randomness Source *
+*************************************************/
+u32bit File_EntropySource::slow_poll(byte output[], u32bit length)
+ {
+ std::vector<std::string> sources = Config::get_list("rng/es_files");
+
+ u32bit read = 0;
+ for(u32bit j = 0; j != sources.size(); ++j)
+ {
+ std::ifstream random_source(sources[j].c_str(), std::ios::binary);
+ if(!random_source) continue;
+ random_source.read((char*)output + read, length);
+ read += random_source.gcount();
+ length -= random_source.gcount();
+ if(length == 0)
+ break;
+ }
+ return read;
+ }
+
+}
diff --git a/src/exceptn.cpp b/src/exceptn.cpp
new file mode 100644
index 000000000..4c72e9ef3
--- /dev/null
+++ b/src/exceptn.cpp
@@ -0,0 +1,70 @@
+/*************************************************
+* Exceptions Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/exceptn.h>
+#include <botan/parsing.h>
+
+namespace Botan {
+
+/*************************************************
+* Constructor for Invalid_Key_Length *
+*************************************************/
+Invalid_Key_Length::Invalid_Key_Length(const std::string& name, u32bit length)
+ {
+ set_msg(name + " cannot accept a key of length " + to_string(length));
+ }
+
+/*************************************************
+* Constructor for Invalid_Block_Size *
+*************************************************/
+Invalid_Block_Size::Invalid_Block_Size(const std::string& mode,
+ const std::string& pad)
+ {
+ set_msg("Padding method " + pad + " cannot be used with " + mode);
+ }
+
+/*************************************************
+* Constructor for Invalid_IV_Length *
+*************************************************/
+Invalid_IV_Length::Invalid_IV_Length(const std::string& mode, u32bit bad_len)
+ {
+ set_msg("IV length " + to_string(bad_len) + " is invalid for " + mode);
+ }
+
+/*************************************************
+* Constructor for Invalid_Message_Number *
+*************************************************/
+Invalid_Message_Number::Invalid_Message_Number(const std::string& where,
+ u32bit message_no)
+ {
+ set_msg("Pipe::" + where + ": Invalid message number " +
+ to_string(message_no));
+ }
+
+/*************************************************
+* Constructor for Algorithm_Not_Found *
+*************************************************/
+Algorithm_Not_Found::Algorithm_Not_Found(const std::string& name)
+ {
+ set_msg("Could not find any algorithm named \"" + name + "\"");
+ }
+
+/*************************************************
+* Constructor for Invalid_Algorithm_Name *
+*************************************************/
+Invalid_Algorithm_Name::Invalid_Algorithm_Name(const std::string& name)
+ {
+ set_msg("Invalid algorithm name: " + name);
+ }
+
+/*************************************************
+* Constructor for Config_Error *
+*************************************************/
+Config_Error::Config_Error(const std::string& err, u32bit line)
+ {
+ set_msg("Config error at line " + to_string(line) + ": " + err);
+ }
+
+}
diff --git a/src/filter.cpp b/src/filter.cpp
new file mode 100644
index 000000000..4ed9d0041
--- /dev/null
+++ b/src/filter.cpp
@@ -0,0 +1,127 @@
+/*************************************************
+* Filter Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/filter.h>
+#include <botan/secqueue.h>
+#include <botan/ui.h>
+
+namespace Botan {
+
+/*************************************************
+* Filter Constructor *
+*************************************************/
+Filter::Filter()
+ {
+ next.resize(1);
+ port_num = 0;
+ filter_owns = 0;
+ owned = false;
+ }
+
+/*************************************************
+* Send data to all ports *
+*************************************************/
+void Filter::send(const byte input[], u32bit length)
+ {
+ UI::pulse(UI::PIPE_WRITE);
+
+ bool nothing_attached = true;
+ for(u32bit j = 0; j != total_ports(); ++j)
+ if(next[j])
+ {
+ if(write_queue.has_items())
+ next[j]->write(write_queue, write_queue.size());
+ next[j]->write(input, length);
+ nothing_attached = false;
+ }
+ if(nothing_attached)
+ write_queue.append(input, length);
+ else if(write_queue.has_items())
+ write_queue.destroy();
+ }
+
+/*************************************************
+* Start a new message *
+*************************************************/
+void Filter::new_msg()
+ {
+ start_msg();
+ for(u32bit j = 0; j != total_ports(); ++j)
+ if(next[j])
+ next[j]->new_msg();
+ }
+
+/*************************************************
+* End the current message *
+*************************************************/
+void Filter::finish_msg()
+ {
+ end_msg();
+ for(u32bit j = 0; j != total_ports(); ++j)
+ if(next[j])
+ next[j]->finish_msg();
+ }
+
+/*************************************************
+* Attach a filter to the current port *
+*************************************************/
+void Filter::attach(Filter* new_filter)
+ {
+ if(new_filter)
+ {
+ Filter* last = this;
+ while(last->get_next())
+ last = last->get_next();
+ last->next[last->current_port()] = new_filter;
+ }
+ }
+
+/*************************************************
+* Set the active port on a filter *
+*************************************************/
+void Filter::set_port(u32bit new_port)
+ {
+ if(new_port >= total_ports())
+ throw Invalid_Argument("Filter: Invalid port number");
+ port_num = new_port;
+ }
+
+/*************************************************
+* Return the next Filter in the logical chain *
+*************************************************/
+Filter* Filter::get_next() const
+ {
+ if(port_num < next.size())
+ return next[port_num];
+ return 0;
+ }
+
+/*************************************************
+* Set the next Filters *
+*************************************************/
+void Filter::set_next(Filter* filters[], u32bit size)
+ {
+ while(size && filters && filters[size-1] == 0)
+ --size;
+
+ next.clear();
+ next.resize(size);
+
+ port_num = 0;
+ filter_owns = 0;
+
+ for(u32bit j = 0; j != size; ++j)
+ next[j] = filters[j];
+ }
+
+/*************************************************
+* Return the total number of ports *
+*************************************************/
+u32bit Filter::total_ports() const
+ {
+ return next.size();
+ }
+
+}
diff --git a/src/filters.cpp b/src/filters.cpp
new file mode 100644
index 000000000..aadc32c4e
--- /dev/null
+++ b/src/filters.cpp
@@ -0,0 +1,96 @@
+/*************************************************
+* Filters Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/filters.h>
+#include <botan/lookup.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* StreamCipher_Filter Constructor *
+*************************************************/
+StreamCipher_Filter::StreamCipher_Filter(const std::string& sc_name) :
+ buffer(DEFAULT_BUFFERSIZE)
+ {
+ base_ptr = cipher = get_stream_cipher(sc_name);
+ }
+
+/*************************************************
+* Set the IV of a stream cipher *
+*************************************************/
+void StreamCipher_Filter::set_iv(const InitializationVector& iv)
+ {
+ cipher->resync(iv.begin(), iv.length());
+ }
+
+/*************************************************
+* Write data into a StreamCipher_Filter *
+*************************************************/
+void StreamCipher_Filter::write(const byte input[], u32bit length)
+ {
+ while(length)
+ {
+ u32bit copied = std::min(length, buffer.size());
+ cipher->encrypt(input, buffer, copied);
+ send(buffer, copied);
+ input += copied;
+ length -= copied;
+ }
+ }
+
+/*************************************************
+* Hash_Filter Constructor *
+*************************************************/
+Hash_Filter::Hash_Filter(const std::string& hash_name, u32bit len) :
+ OUTPUT_LENGTH(len)
+ {
+ hash = get_hash(hash_name);
+ }
+
+/*************************************************
+* Complete a calculation by a Hash_Filter *
+*************************************************/
+void Hash_Filter::end_msg()
+ {
+ SecureVector<byte> output = hash->final();
+ if(OUTPUT_LENGTH)
+ send(output, std::min(OUTPUT_LENGTH, output.size()));
+ else
+ send(output);
+ }
+
+/*************************************************
+* MAC_Filter Constructor *
+*************************************************/
+MAC_Filter::MAC_Filter(const std::string& mac_name, u32bit len) :
+ OUTPUT_LENGTH(len)
+ {
+ base_ptr = mac = get_mac(mac_name);
+ }
+
+/*************************************************
+* MAC_Filter Constructor *
+*************************************************/
+MAC_Filter::MAC_Filter(const std::string& mac_name, const SymmetricKey& key,
+ u32bit len) : OUTPUT_LENGTH(len)
+ {
+ base_ptr = mac = get_mac(mac_name);
+ mac->set_key(key);
+ }
+
+/*************************************************
+* Complete a calculation by a MAC_Filter *
+*************************************************/
+void MAC_Filter::end_msg()
+ {
+ SecureVector<byte> output = mac->final();
+ if(OUTPUT_LENGTH)
+ send(output, std::min(OUTPUT_LENGTH, output.size()));
+ else
+ send(output);
+ }
+
+}
diff --git a/src/fips140.cpp b/src/fips140.cpp
new file mode 100644
index 000000000..714b8b4be
--- /dev/null
+++ b/src/fips140.cpp
@@ -0,0 +1,178 @@
+/*************************************************
+* FIPS-140 Self Tests Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/fips140.h>
+#include <botan/lookup.h>
+
+namespace Botan {
+
+namespace FIPS140 {
+
+namespace {
+
+/*************************************************
+* Perform a Known Answer Test *
+*************************************************/
+void do_kat(const std::string& in, const std::string& out,
+ const std::string& algo_name, Filter* filter)
+ {
+ if(out.length())
+ {
+ Pipe pipe(new Hex_Decoder, filter, new Hex_Encoder);
+ pipe.process_msg(in);
+
+ if(out != pipe.read_all_as_string())
+ throw Self_Test_Failure("FIPS-140 " + algo_name + " test");
+ }
+ }
+
+/*************************************************
+* Perform a KAT for a cipher *
+*************************************************/
+void cipher_kat(const std::string& in, const std::string& out,
+ const std::string& key, const std::string& iv,
+ const std::string& cipher)
+ {
+ do_kat(in, out, cipher, get_cipher(cipher, key, iv, ENCRYPTION));
+ do_kat(out, in, cipher, get_cipher(cipher, key, iv, DECRYPTION));
+ }
+
+/*************************************************
+* Perform a KAT for a cipher *
+*************************************************/
+void cipher_kat(const std::string& cipher, const std::string& key,
+ const std::string& iv, const std::string& in,
+ const std::string& ecb_out, const std::string& cbc_out,
+ const std::string& cfb_out, const std::string& ofb_out,
+ const std::string& ctr_out)
+ {
+ if(!have_block_cipher(cipher))
+ return;
+
+ cipher_kat(in, ecb_out, key, "", cipher + "/ECB");
+ cipher_kat(in, cbc_out, key, iv, cipher + "/CBC/NoPadding");
+ cipher_kat(in, cfb_out, key, iv, cipher + "/CFB");
+ cipher_kat(in, ofb_out, key, iv, cipher + "/OFB");
+ cipher_kat(in, ctr_out, key, iv, cipher + "/CTR-BE");
+ }
+
+/*************************************************
+* Perform a KAT for a hash *
+*************************************************/
+void hash_kat(const std::string& hash, const std::string& in,
+ const std::string& out)
+ {
+ if(!have_hash(hash))
+ return;
+ do_kat(in, out, hash, new Hash_Filter(hash));
+ }
+
+/*************************************************
+* Perform a KAT for a MAC *
+*************************************************/
+void mac_kat(const std::string& mac, const std::string& in,
+ const std::string& out, const std::string& key)
+ {
+ if(!have_mac(mac))
+ return;
+ do_kat(in, out, mac, new MAC_Filter(mac, key));
+ }
+
+}
+
+/*************************************************
+* Perform FIPS 140 Self Tests *
+*************************************************/
+bool passes_self_tests()
+ {
+ try {
+ cipher_kat("DES", "0123456789ABCDEF", "1234567890ABCDEF",
+ "4E6F77206973207468652074696D6520666F7220616C6C20",
+ "3FA40E8A984D48156A271787AB8883F9893D51EC4B563B53",
+ "E5C7CDDE872BF27C43E934008C389C0F683788499A7C05F6",
+ "F3096249C7F46E51A69E839B1A92F78403467133898EA622",
+ "F3096249C7F46E5135F24A242EEB3D3F3D6D5BE3255AF8C3",
+ "F3096249C7F46E51163A8CA0FFC94C27FA2F80F480B86F75");
+
+ cipher_kat("TripleDES",
+ "385D7189A5C3D485E1370AA5D408082B5CCCCB5E19F2D90E",
+ "C141B5FCCD28DC8A",
+ "6E1BD7C6120947A464A6AAB293A0F89A563D8D40D3461B68",
+ "64EAAD4ACBB9CEAD6C7615E7C7E4792FE587D91F20C7D2F4",
+ "6235A461AFD312973E3B4F7AA7D23E34E03371F8E8C376C9",
+ "E26BA806A59B0330DE40CA38E77A3E494BE2B212F6DD624B",
+ "E26BA806A59B03307DE2BCC25A08BA40A8BA335F5D604C62",
+ "E26BA806A59B03303C62C2EFF32D3ACDD5D5F35EBCC53371");
+
+ cipher_kat("Skipjack", "1555E5531C3A169B2D65", "6EC9795701F49864",
+ "00AFA48E9621E52E8CBDA312660184EDDB1F33D9DACDA8DA",
+ "DBEC73562EFCAEB56204EB8AE9557EBF77473FBB52D17CD1",
+ "0C7B0B74E21F99B8F2C8DF37879F6C044967F42A796DCA8B",
+ "79FDDA9724E36CC2E023E9A5C717A8A8A7FDA465CADCBF63",
+ "79FDDA9724E36CC26CACBD83C1ABC06EAF5B249BE5B1E040",
+ "79FDDA9724E36CC211B0AEC607B95A96BCDA318440B82F49");
+
+ cipher_kat("AES",
+ "2B7E151628AED2A6ABF7158809CF4F3C",
+ "000102030405060708090A0B0C0D0E0F",
+ "6BC1BEE22E409F96E93D7E117393172A"
+ "AE2D8A571E03AC9C9EB76FAC45AF8E51",
+ "3AD77BB40D7A3660A89ECAF32466EF97"
+ "F5D3D58503B9699DE785895A96FDBAAF",
+ "7649ABAC8119B246CEE98E9B12E9197D"
+ "5086CB9B507219EE95DB113A917678B2",
+ "3B3FD92EB72DAD20333449F8E83CFB4A"
+ "C8A64537A0B3A93FCDE3CDAD9F1CE58B",
+ "3B3FD92EB72DAD20333449F8E83CFB4A"
+ "7789508D16918F03F53C52DAC54ED825",
+ "3B3FD92EB72DAD20333449F8E83CFB4A"
+ "010C041999E03F36448624483E582D0E");
+
+ hash_kat("SHA-1", "", "DA39A3EE5E6B4B0D3255BFEF95601890AFD80709");
+ hash_kat("SHA-1", "616263", "A9993E364706816ABA3E25717850C26C9CD0D89D");
+ hash_kat("SHA-1",
+ "6162636462636465636465666465666765666768666768696768696A"
+ "68696A6B696A6B6C6A6B6C6D6B6C6D6E6C6D6E6F6D6E6F706E6F7071",
+ "84983E441C3BD26EBAAE4AA1F95129E5E54670F1");
+
+ mac_kat("HMAC(SHA-1)", "4869205468657265",
+ "B617318655057264E28BC0B6FB378C8EF146BE00",
+ "0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B0B");
+
+ mac_kat("X9.19-MAC",
+ "31311C3931383237333634351C1C35383134333237361C1C3B3132333435"
+ "36373839303132333435363D3939313231303030303F1C30303031323530"
+ "301C393738363533343132343837363932331C", "C209CCB78EE1B606",
+ "0123456789ABCDEFFEDCBA9876543210");
+ }
+ catch(std::exception)
+ {
+ return false;
+ }
+
+ return true;
+ }
+
+/*************************************************
+* Check a SHA-1 EDC *
+*************************************************/
+bool good_edc(const std::string& filename, const std::string& edc)
+ {
+ if(filename == "" || edc == "")
+ return false;
+
+ Pipe pipe1(new Hash_Filter("SHA-1"));
+ Pipe pipe2(new Hex_Decoder);
+
+ DataSource_Stream in(filename, true);
+ pipe1.process_msg(in);
+ pipe2.process_msg(edc);
+
+ return (pipe1.read_all() == pipe2.read_all());
+ }
+
+}
+
+}
diff --git a/src/fork256.cpp b/src/fork256.cpp
new file mode 100644
index 000000000..82dd04b65
--- /dev/null
+++ b/src/fork256.cpp
@@ -0,0 +1,142 @@
+/*************************************************
+* FORK-256 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/fork256.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* FORK-256 Step Function *
+*************************************************/
+inline void step(u32bit& A, u32bit& B, u32bit& C, u32bit& D,
+ u32bit& E, u32bit& F, u32bit& G, u32bit& H,
+ u32bit M1, u32bit M2, u32bit D1, u32bit D2)
+ {
+ u32bit T0, T1;
+
+ A += M1; T0 = A + (rotate_left(A, 7) ^ rotate_left(A, 22));
+ A += D1; T1 = A ^ (rotate_left(A, 13) + rotate_left(A, 27));
+
+ B = (B + T0) ^ T1;
+ C = (C + rotate_left(T0, 5)) ^ rotate_left(T1, 9);
+ D = (D + rotate_left(T0, 17)) ^ rotate_left(T1, 21);
+
+ E += M2; T0 = E ^ (rotate_left(E, 13) + rotate_left(E, 27));
+ E += D2; T1 = E + (rotate_left(E, 7) ^ rotate_left(E, 22));
+
+ F = (F + T0) ^ T1;
+ G = (G + rotate_left(T0, 9)) ^ rotate_left(T1, 5);
+ H = (H + rotate_left(T0, 21)) ^ rotate_left(T1, 17);
+ }
+
+}
+
+/*************************************************
+* FORK-256 Compression Function *
+*************************************************/
+void FORK_256::hash(const byte input[])
+ {
+ const u32bit DELTA[16] = {
+ 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1,
+ 0x923F82A4, 0xAB1C5ED5, 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3,
+ 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174
+ };
+
+ u32bit A1, B1, C1, D1, E1, F1, G1, H1;
+ u32bit A2, B2, C2, D2, E2, F2, G2, H2;
+ u32bit A3, B3, C3, D3, E3, F3, G3, H3;
+ u32bit A4, B4, C4, D4, E4, F4, G4, H4;
+
+ A1 = A2 = A3 = A4 = digest[0];
+ B1 = B2 = B3 = B4 = digest[1];
+ C1 = C2 = C3 = C4 = digest[2];
+ D1 = D2 = D3 = D4 = digest[3];
+ E1 = E2 = E3 = E4 = digest[4];
+ F1 = F2 = F3 = F4 = digest[5];
+ G1 = G2 = G3 = G4 = digest[6];
+ H1 = H2 = H3 = H4 = digest[7];
+
+ for(u32bit j = 0; j != 16; ++j)
+ M[j] = make_u32bit(input[4*j], input[4*j+1], input[4*j+2], input[4*j+3]);
+
+ step(A1, B1, C1, D1, E1, F1, G1, H1, M[ 0], M[ 1], DELTA[ 0], DELTA[ 1]);
+ step(A2, B2, C2, D2, E2, F2, G2, H2, M[14], M[15], DELTA[15], DELTA[14]);
+ step(A3, B3, C3, D3, E3, F3, G3, H3, M[ 7], M[ 6], DELTA[ 1], DELTA[ 0]);
+ step(A4, B4, C4, D4, E4, F4, G4, H4, M[ 5], M[12], DELTA[14], DELTA[15]);
+
+ step(H1, A1, B1, C1, D1, E1, F1, G1, M[ 2], M[ 3], DELTA[ 2], DELTA[ 3]);
+ step(H2, A2, B2, C2, D2, E2, F2, G2, M[11], M[ 9], DELTA[13], DELTA[12]);
+ step(H3, A3, B3, C3, D3, E3, F3, G3, M[10], M[14], DELTA[ 3], DELTA[ 2]);
+ step(H4, A4, B4, C4, D4, E4, F4, G4, M[ 1], M[ 8], DELTA[12], DELTA[13]);
+
+ step(G1, H1, A1, B1, C1, D1, E1, F1, M[ 4], M[ 5], DELTA[ 4], DELTA[ 5]);
+ step(G2, H2, A2, B2, C2, D2, E2, F2, M[ 8], M[10], DELTA[11], DELTA[10]);
+ step(G3, H3, A3, B3, C3, D3, E3, F3, M[13], M[ 2], DELTA[ 5], DELTA[ 4]);
+ step(G4, H4, A4, B4, C4, D4, E4, F4, M[15], M[ 0], DELTA[10], DELTA[11]);
+
+ step(F1, G1, H1, A1, B1, C1, D1, E1, M[ 6], M[ 7], DELTA[ 6], DELTA[ 7]);
+ step(F2, G2, H2, A2, B2, C2, D2, E2, M[ 3], M[ 4], DELTA[ 9], DELTA[ 8]);
+ step(F3, G3, H3, A3, B3, C3, D3, E3, M[ 9], M[12], DELTA[ 7], DELTA[ 6]);
+ step(F4, G4, H4, A4, B4, C4, D4, E4, M[13], M[11], DELTA[ 8], DELTA[ 9]);
+
+ step(E1, F1, G1, H1, A1, B1, C1, D1, M[ 8], M[ 9], DELTA[ 8], DELTA[ 9]);
+ step(E2, F2, G2, H2, A2, B2, C2, D2, M[ 2], M[13], DELTA[ 7], DELTA[ 6]);
+ step(E3, F3, G3, H3, A3, B3, C3, D3, M[11], M[ 4], DELTA[ 9], DELTA[ 8]);
+ step(E4, F4, G4, H4, A4, B4, C4, D4, M[ 3], M[10], DELTA[ 6], DELTA[ 7]);
+
+ step(D1, E1, F1, G1, H1, A1, B1, C1, M[10], M[11], DELTA[10], DELTA[11]);
+ step(D2, E2, F2, G2, H2, A2, B2, C2, M[ 0], M[ 5], DELTA[ 5], DELTA[ 4]);
+ step(D3, E3, F3, G3, H3, A3, B3, C3, M[15], M[ 8], DELTA[11], DELTA[10]);
+ step(D4, E4, F4, G4, H4, A4, B4, C4, M[ 9], M[ 2], DELTA[ 4], DELTA[ 5]);
+
+ step(C1, D1, E1, F1, G1, H1, A1, B1, M[12], M[13], DELTA[12], DELTA[13]);
+ step(C2, D2, E2, F2, G2, H2, A2, B2, M[ 6], M[ 7], DELTA[ 3], DELTA[ 2]);
+ step(C3, D3, E3, F3, G3, H3, A3, B3, M[ 5], M[ 0], DELTA[13], DELTA[12]);
+ step(C4, D4, E4, F4, G4, H4, A4, B4, M[ 7], M[14], DELTA[ 2], DELTA[ 3]);
+
+ step(B1, C1, D1, E1, F1, G1, H1, A1, M[14], M[15], DELTA[14], DELTA[15]);
+ step(B2, C2, D2, E2, F2, G2, H2, A2, M[12], M[ 1], DELTA[ 1], DELTA[ 0]);
+ step(B3, C3, D3, E3, F3, G3, H3, A3, M[ 1], M[ 3], DELTA[15], DELTA[14]);
+ step(B4, C4, D4, E4, F4, G4, H4, A4, M[ 4], M[ 6], DELTA[ 0], DELTA[ 1]);
+
+ digest[0] += (A1 + A2) ^ (A3 + A4);
+ digest[1] += (B1 + B2) ^ (B3 + B4);
+ digest[2] += (C1 + C2) ^ (C3 + C4);
+ digest[3] += (D1 + D2) ^ (D3 + D4);
+ digest[4] += (E1 + E2) ^ (E3 + E4);
+ digest[5] += (F1 + F2) ^ (F3 + F4);
+ digest[6] += (G1 + G2) ^ (G3 + G4);
+ digest[7] += (H1 + H2) ^ (H3 + H4);
+ }
+
+/*************************************************
+* Copy out the digest *
+*************************************************/
+void FORK_256::copy_out(byte output[])
+ {
+ for(u32bit j = 0; j != OUTPUT_LENGTH; ++j)
+ output[j] = get_byte(j % 4, digest[j/4]);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void FORK_256::clear() throw()
+ {
+ MDx_HashFunction::clear();
+ digest[0] = 0x6A09E667;
+ digest[1] = 0xBB67AE85;
+ digest[2] = 0x3C6EF372;
+ digest[3] = 0xA54FF53A;
+ digest[4] = 0x510E527F;
+ digest[5] = 0x9B05688C;
+ digest[6] = 0x1F83D9AB;
+ digest[7] = 0x5BE0CD19;
+ }
+
+}
diff --git a/src/get_algo.cpp b/src/get_algo.cpp
new file mode 100644
index 000000000..9efc4dcc5
--- /dev/null
+++ b/src/get_algo.cpp
@@ -0,0 +1,236 @@
+/*************************************************
+* Algorithm Retrieval Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/lookup.h>
+
+namespace Botan {
+
+/*************************************************
+* Get a block cipher by name *
+*************************************************/
+BlockCipher* get_block_cipher(const std::string& name)
+ {
+ const BlockCipher* cipher = retrieve_block_cipher(name);
+ if(cipher)
+ return cipher->clone();
+ throw Algorithm_Not_Found(name);
+ }
+
+/*************************************************
+* Get a stream cipher by name *
+*************************************************/
+StreamCipher* get_stream_cipher(const std::string& name)
+ {
+ const StreamCipher* cipher = retrieve_stream_cipher(name);
+ if(cipher)
+ return cipher->clone();
+ throw Algorithm_Not_Found(name);
+ }
+
+/*************************************************
+* Get a hash function by name *
+*************************************************/
+HashFunction* get_hash(const std::string& name)
+ {
+ const HashFunction* hash = retrieve_hash(name);
+ if(hash)
+ return hash->clone();
+ throw Algorithm_Not_Found(name);
+ }
+
+/*************************************************
+* Get a MAC by name *
+*************************************************/
+MessageAuthenticationCode* get_mac(const std::string& name)
+ {
+ const MessageAuthenticationCode* mac = retrieve_mac(name);
+ if(mac)
+ return mac->clone();
+ throw Algorithm_Not_Found(name);
+ }
+
+/*************************************************
+* Get a S2K algorithm by name *
+*************************************************/
+S2K* get_s2k(const std::string& name)
+ {
+ const S2K* s2k = retrieve_s2k(name);
+ if(s2k)
+ return s2k->clone();
+ throw Algorithm_Not_Found(name);
+ }
+
+/*************************************************
+* Get a block cipher padding method by name *
+*************************************************/
+const BlockCipherModePaddingMethod* get_bc_pad(const std::string& name)
+ {
+ const BlockCipherModePaddingMethod* pad = retrieve_bc_pad(name);
+ if(pad)
+ return pad;
+ throw Algorithm_Not_Found(name);
+ }
+
+/*************************************************
+* Query if an algorithm exists *
+*************************************************/
+bool have_algorithm(const std::string& name)
+ {
+ if(retrieve_block_cipher(name))
+ return true;
+ if(retrieve_stream_cipher(name))
+ return true;
+ if(retrieve_hash(name))
+ return true;
+ if(retrieve_mac(name))
+ return true;
+ return false;
+ }
+
+/*************************************************
+* Query if Botan has the named block cipher *
+*************************************************/
+bool have_block_cipher(const std::string& name)
+ {
+ return (retrieve_block_cipher(name) != 0);
+ }
+
+/*************************************************
+* Query if Botan has the named stream cipher *
+*************************************************/
+bool have_stream_cipher(const std::string& name)
+ {
+ return (retrieve_stream_cipher(name) != 0);
+ }
+
+/*************************************************
+* Query if Botan has the named hash function *
+*************************************************/
+bool have_hash(const std::string& name)
+ {
+ return (retrieve_hash(name) != 0);
+ }
+
+/*************************************************
+* Query if Botan has the named MAC *
+*************************************************/
+bool have_mac(const std::string& name)
+ {
+ return (retrieve_mac(name) != 0);
+ }
+
+/*************************************************
+* Query the block size of a cipher or hash *
+*************************************************/
+u32bit block_size_of(const std::string& name)
+ {
+ const BlockCipher* cipher = retrieve_block_cipher(name);
+ if(cipher)
+ return cipher->BLOCK_SIZE;
+
+ const HashFunction* hash = retrieve_hash(name);
+ if(hash)
+ return hash->HASH_BLOCK_SIZE;
+
+ throw Algorithm_Not_Found(name);
+ }
+
+/*************************************************
+* Query the OUTPUT_LENGTH of a hash or MAC *
+*************************************************/
+u32bit output_length_of(const std::string& name)
+ {
+ const HashFunction* hash = retrieve_hash(name);
+ if(hash)
+ return hash->OUTPUT_LENGTH;
+
+ const MessageAuthenticationCode* mac = retrieve_mac(name);
+ if(mac)
+ return mac->OUTPUT_LENGTH;
+
+ throw Algorithm_Not_Found(name);
+ }
+
+/*************************************************
+* Check if a keylength is valid for this algo *
+*************************************************/
+bool valid_keylength_for(u32bit key_len, const std::string& name)
+ {
+ const BlockCipher* bc = retrieve_block_cipher(name);
+ if(bc)
+ return bc->valid_keylength(key_len);
+
+ const StreamCipher* sc = retrieve_stream_cipher(name);
+ if(sc)
+ return sc->valid_keylength(key_len);
+
+ const MessageAuthenticationCode* mac = retrieve_mac(name);
+ if(mac)
+ return mac->valid_keylength(key_len);
+
+ throw Algorithm_Not_Found(name);
+ }
+
+/*************************************************
+* Query the MINIMUM_KEYLENGTH of an algorithm *
+*************************************************/
+u32bit min_keylength_of(const std::string& name)
+ {
+ const BlockCipher* bc = retrieve_block_cipher(name);
+ if(bc)
+ return bc->MINIMUM_KEYLENGTH;
+
+ const StreamCipher* sc = retrieve_stream_cipher(name);
+ if(sc)
+ return sc->MINIMUM_KEYLENGTH;
+
+ const MessageAuthenticationCode* mac = retrieve_mac(name);
+ if(mac)
+ return mac->MINIMUM_KEYLENGTH;
+
+ throw Algorithm_Not_Found(name);
+ }
+
+/*************************************************
+* Query the MAXIMUM_KEYLENGTH of an algorithm *
+*************************************************/
+u32bit max_keylength_of(const std::string& name)
+ {
+ const BlockCipher* bc = retrieve_block_cipher(name);
+ if(bc)
+ return bc->MAXIMUM_KEYLENGTH;
+
+ const StreamCipher* sc = retrieve_stream_cipher(name);
+ if(sc)
+ return sc->MAXIMUM_KEYLENGTH;
+
+ const MessageAuthenticationCode* mac = retrieve_mac(name);
+ if(mac)
+ return mac->MAXIMUM_KEYLENGTH;
+
+ throw Algorithm_Not_Found(name);
+ }
+
+/*************************************************
+* Query the KEYLENGTH_MULTIPLE of an algorithm *
+*************************************************/
+u32bit keylength_multiple_of(const std::string& name)
+ {
+ const BlockCipher* bc = retrieve_block_cipher(name);
+ if(bc)
+ return bc->KEYLENGTH_MULTIPLE;
+
+ const StreamCipher* sc = retrieve_stream_cipher(name);
+ if(sc)
+ return sc->KEYLENGTH_MULTIPLE;
+
+ const MessageAuthenticationCode* mac = retrieve_mac(name);
+ if(mac)
+ return mac->KEYLENGTH_MULTIPLE;
+
+ throw Algorithm_Not_Found(name);
+ }
+
+}
diff --git a/src/get_enc.cpp b/src/get_enc.cpp
new file mode 100644
index 000000000..8d1369328
--- /dev/null
+++ b/src/get_enc.cpp
@@ -0,0 +1,133 @@
+/*************************************************
+* EMSA/EME/KDF/MGF Retrieval Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/lookup.h>
+#include <botan/parsing.h>
+#include <botan/emsa.h>
+#include <botan/eme.h>
+#include <botan/kdf.h>
+#include <botan/mgf1.h>
+#include <botan/util.h>
+
+namespace Botan {
+
+/*************************************************
+* Get an EMSA by name *
+*************************************************/
+EMSA* get_emsa(const std::string& algo_spec)
+ {
+ std::vector<std::string> name = parse_algorithm_name(algo_spec);
+ const std::string emsa_name = deref_alias(name[0]);
+
+ if(emsa_name == "Raw")
+ {
+ if(name.size() == 1)
+ return new EMSA_Raw;
+ }
+ else if(emsa_name == "EMSA1")
+ {
+ if(name.size() == 2)
+ return new EMSA1(name[1]);
+ }
+ else if(emsa_name == "EMSA2")
+ {
+ if(name.size() == 2)
+ return new EMSA2(name[1]);
+ }
+ else if(emsa_name == "EMSA3")
+ {
+ if(name.size() == 2)
+ return new EMSA3(name[1]);
+ }
+ else if(emsa_name == "EMSA4")
+ {
+ if(name.size() == 2)
+ return new EMSA4(name[1], "MGF1");
+ if(name.size() == 3)
+ return new EMSA4(name[1], name[2]);
+ if(name.size() == 4)
+ return new EMSA4(name[1], name[2], to_u32bit(name[3]));
+ }
+ else
+ throw Algorithm_Not_Found(algo_spec);
+
+ throw Invalid_Algorithm_Name(algo_spec);
+ }
+
+/*************************************************
+* Get an EME by name *
+*************************************************/
+EME* get_eme(const std::string& algo_spec)
+ {
+ std::vector<std::string> name = parse_algorithm_name(algo_spec);
+ const std::string eme_name = deref_alias(name[0]);
+
+ if(eme_name == "PKCS1v15")
+ {
+ if(name.size() == 1)
+ return new EME_PKCS1v15;
+ }
+ else if(eme_name == "EME1")
+ {
+ if(name.size() == 2)
+ return new EME1(name[1], "MGF1");
+ if(name.size() == 3)
+ return new EME1(name[1], name[2]);
+ }
+ else
+ throw Algorithm_Not_Found(algo_spec);
+
+ throw Invalid_Algorithm_Name(algo_spec);
+ }
+
+/*************************************************
+* Get an KDF by name *
+*************************************************/
+KDF* get_kdf(const std::string& algo_spec)
+ {
+ std::vector<std::string> name = parse_algorithm_name(algo_spec);
+ const std::string kdf_name = deref_alias(name[0]);
+
+ if(kdf_name == "KDF1")
+ {
+ if(name.size() == 2)
+ return new KDF1(name[1]);
+ }
+ else if(kdf_name == "KDF2")
+ {
+ if(name.size() == 2)
+ return new KDF2(name[1]);
+ }
+ else if(kdf_name == "X9.42-PRF")
+ {
+ if(name.size() == 2)
+ return new X942_PRF(name[1]);
+ }
+ else
+ throw Algorithm_Not_Found(algo_spec);
+
+ throw Invalid_Algorithm_Name(algo_spec);
+ }
+
+/*************************************************
+* Get a MGF by name *
+*************************************************/
+MGF* get_mgf(const std::string& algo_spec)
+ {
+ std::vector<std::string> name = parse_algorithm_name(algo_spec);
+ const std::string mgf_name = deref_alias(name[0]);
+
+ if(mgf_name == "MGF1")
+ {
+ if(name.size() == 2)
+ return new MGF1(name[1]);
+ }
+ else
+ throw Algorithm_Not_Found(algo_spec);
+
+ throw Invalid_Algorithm_Name(algo_spec);
+ }
+
+}
diff --git a/src/get_pbe.cpp b/src/get_pbe.cpp
new file mode 100644
index 000000000..a0dee425c
--- /dev/null
+++ b/src/get_pbe.cpp
@@ -0,0 +1,71 @@
+/*************************************************
+* PBE Retrieval Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/oids.h>
+#include <botan/lookup.h>
+#include <botan/pbe_pkcs.h>
+#include <botan/parsing.h>
+
+namespace Botan {
+
+/*************************************************
+* Get an encryption PBE, set new parameters *
+*************************************************/
+PBE* get_pbe(const std::string& pbe_name)
+ {
+ std::vector<std::string> algo_name;
+ algo_name = parse_algorithm_name(pbe_name);
+
+ if(algo_name.size() != 3)
+ throw Invalid_Algorithm_Name(pbe_name);
+
+ const std::string pbe = algo_name[0];
+ const std::string digest = algo_name[1];
+ const std::string cipher = algo_name[2];
+
+ PBE* pbe_obj = 0;
+
+ if(pbe == "PBE-PKCS5v15")
+ pbe_obj = new PBE_PKCS5v15(digest, cipher, ENCRYPTION);
+ else if(pbe == "PBE-PKCS5v20")
+ pbe_obj = new PBE_PKCS5v20(digest, cipher);
+
+ if(!pbe_obj)
+ throw Algorithm_Not_Found(pbe_name);
+
+ pbe_obj->new_params();
+
+ return pbe_obj;
+ }
+
+/*************************************************
+* Get a decryption PBE, decode parameters *
+*************************************************/
+PBE* get_pbe(const OID& pbe_oid, DataSource& params)
+ {
+ std::vector<std::string> algo_name;
+ algo_name = parse_algorithm_name(OIDS::lookup(pbe_oid));
+
+ if(algo_name.size() < 1)
+ throw Invalid_Algorithm_Name(pbe_oid.as_string());
+ const std::string pbe_algo = algo_name[0];
+
+ if(pbe_algo == "PBE-PKCS5v15")
+ {
+ if(algo_name.size() != 3)
+ throw Invalid_Algorithm_Name(pbe_oid.as_string());
+ const std::string digest = algo_name[1];
+ const std::string cipher = algo_name[2];
+ PBE* pbe = new PBE_PKCS5v15(digest, cipher, DECRYPTION);
+ pbe->decode_params(params);
+ return pbe;
+ }
+ else if(pbe_algo == "PBE-PKCS5v20")
+ return new PBE_PKCS5v20(params);
+
+ throw Algorithm_Not_Found(pbe_oid.as_string());
+ }
+
+}
diff --git a/src/gost.cpp b/src/gost.cpp
new file mode 100644
index 000000000..6e6026580
--- /dev/null
+++ b/src/gost.cpp
@@ -0,0 +1,80 @@
+/*************************************************
+* GOST Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/gost.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* GOST Encryption *
+*************************************************/
+void GOST::enc(const byte in[], byte out[]) const
+ {
+ u32bit N1 = make_u32bit(in[3], in[2], in[1], in[0]),
+ N2 = make_u32bit(in[7], in[6], in[5], in[4]);
+
+ for(u32bit j = 0; j != 32; j += 2)
+ {
+ u32bit T0;
+
+ T0 = N1 + EK[j];
+ N2 ^= SBOX1[get_byte(0, T0)] | SBOX2[get_byte(1, T0)] |
+ SBOX3[get_byte(2, T0)] | SBOX4[get_byte(3, T0)];
+
+ T0 = N2 + EK[j+1];
+ N1 ^= SBOX1[get_byte(0, T0)] | SBOX2[get_byte(1, T0)] |
+ SBOX3[get_byte(2, T0)] | SBOX4[get_byte(3, T0)];
+ }
+
+ out[0] = get_byte(3, N2); out[1] = get_byte(2, N2);
+ out[2] = get_byte(1, N2); out[3] = get_byte(0, N2);
+ out[4] = get_byte(3, N1); out[5] = get_byte(2, N1);
+ out[6] = get_byte(1, N1); out[7] = get_byte(0, N1);
+ }
+
+/*************************************************
+* GOST Decryption *
+*************************************************/
+void GOST::dec(const byte in[], byte out[]) const
+ {
+ u32bit N1 = make_u32bit(in[3], in[2], in[1], in[0]),
+ N2 = make_u32bit(in[7], in[6], in[5], in[4]);
+
+ for(u32bit j = 0; j != 32; j += 2)
+ {
+ u32bit T0;
+
+ T0 = N1 + EK[31-j];
+ N2 ^= SBOX1[get_byte(0, T0)] | SBOX2[get_byte(1, T0)] |
+ SBOX3[get_byte(2, T0)] | SBOX4[get_byte(3, T0)];
+
+ T0 = N2 + EK[30-j];
+ N1 ^= SBOX1[get_byte(0, T0)] | SBOX2[get_byte(1, T0)] |
+ SBOX3[get_byte(2, T0)] | SBOX4[get_byte(3, T0)];
+ }
+
+ out[0] = get_byte(3, N2); out[1] = get_byte(2, N2);
+ out[2] = get_byte(1, N2); out[3] = get_byte(0, N2);
+ out[4] = get_byte(3, N1); out[5] = get_byte(2, N1);
+ out[6] = get_byte(1, N1); out[7] = get_byte(0, N1);
+ }
+
+/*************************************************
+* GOST Key Schedule *
+*************************************************/
+void GOST::key(const byte key[], u32bit)
+ {
+ for(u32bit j = 0; j != 8; ++j)
+ {
+ u32bit K = make_u32bit(key[4*j+3], key[4*j+2], key[4*j+1], key[4*j]);
+ EK[j] = EK[j+8] = EK[j+16] = K;
+ }
+
+ for(u32bit j = 24; j != 32; ++j)
+ EK[j] = EK[7-(j-24)];
+ }
+
+}
diff --git a/src/gost_tab.cpp b/src/gost_tab.cpp
new file mode 100644
index 000000000..ae3d2d5b2
--- /dev/null
+++ b/src/gost_tab.cpp
@@ -0,0 +1,190 @@
+/*************************************************
+* S-Box Tables for GOST *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/gost.h>
+
+namespace Botan {
+
+const u32bit GOST::SBOX1[256] = {
+ 0x00000270, 0x00000258, 0x00000220, 0x00000260, 0x00000230, 0x00000268,
+ 0x00000278, 0x00000250, 0x00000210, 0x00000218, 0x00000240, 0x00000208,
+ 0x00000200, 0x00000238, 0x00000228, 0x00000248, 0x00000570, 0x00000558,
+ 0x00000520, 0x00000560, 0x00000530, 0x00000568, 0x00000578, 0x00000550,
+ 0x00000510, 0x00000518, 0x00000540, 0x00000508, 0x00000500, 0x00000538,
+ 0x00000528, 0x00000548, 0x000004F0, 0x000004D8, 0x000004A0, 0x000004E0,
+ 0x000004B0, 0x000004E8, 0x000004F8, 0x000004D0, 0x00000490, 0x00000498,
+ 0x000004C0, 0x00000488, 0x00000480, 0x000004B8, 0x000004A8, 0x000004C8,
+ 0x00000170, 0x00000158, 0x00000120, 0x00000160, 0x00000130, 0x00000168,
+ 0x00000178, 0x00000150, 0x00000110, 0x00000118, 0x00000140, 0x00000108,
+ 0x00000100, 0x00000138, 0x00000128, 0x00000148, 0x000006F0, 0x000006D8,
+ 0x000006A0, 0x000006E0, 0x000006B0, 0x000006E8, 0x000006F8, 0x000006D0,
+ 0x00000690, 0x00000698, 0x000006C0, 0x00000688, 0x00000680, 0x000006B8,
+ 0x000006A8, 0x000006C8, 0x00000470, 0x00000458, 0x00000420, 0x00000460,
+ 0x00000430, 0x00000468, 0x00000478, 0x00000450, 0x00000410, 0x00000418,
+ 0x00000440, 0x00000408, 0x00000400, 0x00000438, 0x00000428, 0x00000448,
+ 0x00000070, 0x00000058, 0x00000020, 0x00000060, 0x00000030, 0x00000068,
+ 0x00000078, 0x00000050, 0x00000010, 0x00000018, 0x00000040, 0x00000008,
+ 0x00000000, 0x00000038, 0x00000028, 0x00000048, 0x00000770, 0x00000758,
+ 0x00000720, 0x00000760, 0x00000730, 0x00000768, 0x00000778, 0x00000750,
+ 0x00000710, 0x00000718, 0x00000740, 0x00000708, 0x00000700, 0x00000738,
+ 0x00000728, 0x00000748, 0x00000370, 0x00000358, 0x00000320, 0x00000360,
+ 0x00000330, 0x00000368, 0x00000378, 0x00000350, 0x00000310, 0x00000318,
+ 0x00000340, 0x00000308, 0x00000300, 0x00000338, 0x00000328, 0x00000348,
+ 0x000005F0, 0x000005D8, 0x000005A0, 0x000005E0, 0x000005B0, 0x000005E8,
+ 0x000005F8, 0x000005D0, 0x00000590, 0x00000598, 0x000005C0, 0x00000588,
+ 0x00000580, 0x000005B8, 0x000005A8, 0x000005C8, 0x000000F0, 0x000000D8,
+ 0x000000A0, 0x000000E0, 0x000000B0, 0x000000E8, 0x000000F8, 0x000000D0,
+ 0x00000090, 0x00000098, 0x000000C0, 0x00000088, 0x00000080, 0x000000B8,
+ 0x000000A8, 0x000000C8, 0x00000670, 0x00000658, 0x00000620, 0x00000660,
+ 0x00000630, 0x00000668, 0x00000678, 0x00000650, 0x00000610, 0x00000618,
+ 0x00000640, 0x00000608, 0x00000600, 0x00000638, 0x00000628, 0x00000648,
+ 0x000003F0, 0x000003D8, 0x000003A0, 0x000003E0, 0x000003B0, 0x000003E8,
+ 0x000003F8, 0x000003D0, 0x00000390, 0x00000398, 0x000003C0, 0x00000388,
+ 0x00000380, 0x000003B8, 0x000003A8, 0x000003C8, 0x000007F0, 0x000007D8,
+ 0x000007A0, 0x000007E0, 0x000007B0, 0x000007E8, 0x000007F8, 0x000007D0,
+ 0x00000790, 0x00000798, 0x000007C0, 0x00000788, 0x00000780, 0x000007B8,
+ 0x000007A8, 0x000007C8, 0x000002F0, 0x000002D8, 0x000002A0, 0x000002E0,
+ 0x000002B0, 0x000002E8, 0x000002F8, 0x000002D0, 0x00000290, 0x00000298,
+ 0x000002C0, 0x00000288, 0x00000280, 0x000002B8, 0x000002A8, 0x000002C8,
+ 0x000001F0, 0x000001D8, 0x000001A0, 0x000001E0, 0x000001B0, 0x000001E8,
+ 0x000001F8, 0x000001D0, 0x00000190, 0x00000198, 0x000001C0, 0x00000188,
+ 0x00000180, 0x000001B8, 0x000001A8, 0x000001C8 };
+
+const u32bit GOST::SBOX2[256] = {
+ 0xB8000002, 0xE8000002, 0xD0000002, 0x88000002, 0x80000002, 0xC0000002,
+ 0xC8000002, 0xF8000002, 0xF0000002, 0xA0000002, 0xB0000002, 0xE0000002,
+ 0xD8000002, 0x90000002, 0xA8000002, 0x98000002, 0x38000004, 0x68000004,
+ 0x50000004, 0x08000004, 0x00000004, 0x40000004, 0x48000004, 0x78000004,
+ 0x70000004, 0x20000004, 0x30000004, 0x60000004, 0x58000004, 0x10000004,
+ 0x28000004, 0x18000004, 0xB8000000, 0xE8000000, 0xD0000000, 0x88000000,
+ 0x80000000, 0xC0000000, 0xC8000000, 0xF8000000, 0xF0000000, 0xA0000000,
+ 0xB0000000, 0xE0000000, 0xD8000000, 0x90000000, 0xA8000000, 0x98000000,
+ 0xB8000006, 0xE8000006, 0xD0000006, 0x88000006, 0x80000006, 0xC0000006,
+ 0xC8000006, 0xF8000006, 0xF0000006, 0xA0000006, 0xB0000006, 0xE0000006,
+ 0xD8000006, 0x90000006, 0xA8000006, 0x98000006, 0x38000005, 0x68000005,
+ 0x50000005, 0x08000005, 0x00000005, 0x40000005, 0x48000005, 0x78000005,
+ 0x70000005, 0x20000005, 0x30000005, 0x60000005, 0x58000005, 0x10000005,
+ 0x28000005, 0x18000005, 0xB8000001, 0xE8000001, 0xD0000001, 0x88000001,
+ 0x80000001, 0xC0000001, 0xC8000001, 0xF8000001, 0xF0000001, 0xA0000001,
+ 0xB0000001, 0xE0000001, 0xD8000001, 0x90000001, 0xA8000001, 0x98000001,
+ 0x38000002, 0x68000002, 0x50000002, 0x08000002, 0x00000002, 0x40000002,
+ 0x48000002, 0x78000002, 0x70000002, 0x20000002, 0x30000002, 0x60000002,
+ 0x58000002, 0x10000002, 0x28000002, 0x18000002, 0x38000001, 0x68000001,
+ 0x50000001, 0x08000001, 0x00000001, 0x40000001, 0x48000001, 0x78000001,
+ 0x70000001, 0x20000001, 0x30000001, 0x60000001, 0x58000001, 0x10000001,
+ 0x28000001, 0x18000001, 0x38000007, 0x68000007, 0x50000007, 0x08000007,
+ 0x00000007, 0x40000007, 0x48000007, 0x78000007, 0x70000007, 0x20000007,
+ 0x30000007, 0x60000007, 0x58000007, 0x10000007, 0x28000007, 0x18000007,
+ 0xB8000007, 0xE8000007, 0xD0000007, 0x88000007, 0x80000007, 0xC0000007,
+ 0xC8000007, 0xF8000007, 0xF0000007, 0xA0000007, 0xB0000007, 0xE0000007,
+ 0xD8000007, 0x90000007, 0xA8000007, 0x98000007, 0x38000006, 0x68000006,
+ 0x50000006, 0x08000006, 0x00000006, 0x40000006, 0x48000006, 0x78000006,
+ 0x70000006, 0x20000006, 0x30000006, 0x60000006, 0x58000006, 0x10000006,
+ 0x28000006, 0x18000006, 0xB8000003, 0xE8000003, 0xD0000003, 0x88000003,
+ 0x80000003, 0xC0000003, 0xC8000003, 0xF8000003, 0xF0000003, 0xA0000003,
+ 0xB0000003, 0xE0000003, 0xD8000003, 0x90000003, 0xA8000003, 0x98000003,
+ 0x38000003, 0x68000003, 0x50000003, 0x08000003, 0x00000003, 0x40000003,
+ 0x48000003, 0x78000003, 0x70000003, 0x20000003, 0x30000003, 0x60000003,
+ 0x58000003, 0x10000003, 0x28000003, 0x18000003, 0x38000000, 0x68000000,
+ 0x50000000, 0x08000000, 0x00000000, 0x40000000, 0x48000000, 0x78000000,
+ 0x70000000, 0x20000000, 0x30000000, 0x60000000, 0x58000000, 0x10000000,
+ 0x28000000, 0x18000000, 0xB8000004, 0xE8000004, 0xD0000004, 0x88000004,
+ 0x80000004, 0xC0000004, 0xC8000004, 0xF8000004, 0xF0000004, 0xA0000004,
+ 0xB0000004, 0xE0000004, 0xD8000004, 0x90000004, 0xA8000004, 0x98000004,
+ 0xB8000005, 0xE8000005, 0xD0000005, 0x88000005, 0x80000005, 0xC0000005,
+ 0xC8000005, 0xF8000005, 0xF0000005, 0xA0000005, 0xB0000005, 0xE0000005,
+ 0xD8000005, 0x90000005, 0xA8000005, 0x98000005 };
+
+const u32bit GOST::SBOX3[256] = {
+ 0x03200000, 0x03580000, 0x03500000, 0x03000000, 0x03380000, 0x03100000,
+ 0x03080000, 0x03680000, 0x03180000, 0x03300000, 0x03400000, 0x03280000,
+ 0x03480000, 0x03600000, 0x03780000, 0x03700000, 0x06200000, 0x06580000,
+ 0x06500000, 0x06000000, 0x06380000, 0x06100000, 0x06080000, 0x06680000,
+ 0x06180000, 0x06300000, 0x06400000, 0x06280000, 0x06480000, 0x06600000,
+ 0x06780000, 0x06700000, 0x03A00000, 0x03D80000, 0x03D00000, 0x03800000,
+ 0x03B80000, 0x03900000, 0x03880000, 0x03E80000, 0x03980000, 0x03B00000,
+ 0x03C00000, 0x03A80000, 0x03C80000, 0x03E00000, 0x03F80000, 0x03F00000,
+ 0x00A00000, 0x00D80000, 0x00D00000, 0x00800000, 0x00B80000, 0x00900000,
+ 0x00880000, 0x00E80000, 0x00980000, 0x00B00000, 0x00C00000, 0x00A80000,
+ 0x00C80000, 0x00E00000, 0x00F80000, 0x00F00000, 0x02A00000, 0x02D80000,
+ 0x02D00000, 0x02800000, 0x02B80000, 0x02900000, 0x02880000, 0x02E80000,
+ 0x02980000, 0x02B00000, 0x02C00000, 0x02A80000, 0x02C80000, 0x02E00000,
+ 0x02F80000, 0x02F00000, 0x07A00000, 0x07D80000, 0x07D00000, 0x07800000,
+ 0x07B80000, 0x07900000, 0x07880000, 0x07E80000, 0x07980000, 0x07B00000,
+ 0x07C00000, 0x07A80000, 0x07C80000, 0x07E00000, 0x07F80000, 0x07F00000,
+ 0x06A00000, 0x06D80000, 0x06D00000, 0x06800000, 0x06B80000, 0x06900000,
+ 0x06880000, 0x06E80000, 0x06980000, 0x06B00000, 0x06C00000, 0x06A80000,
+ 0x06C80000, 0x06E00000, 0x06F80000, 0x06F00000, 0x04200000, 0x04580000,
+ 0x04500000, 0x04000000, 0x04380000, 0x04100000, 0x04080000, 0x04680000,
+ 0x04180000, 0x04300000, 0x04400000, 0x04280000, 0x04480000, 0x04600000,
+ 0x04780000, 0x04700000, 0x02200000, 0x02580000, 0x02500000, 0x02000000,
+ 0x02380000, 0x02100000, 0x02080000, 0x02680000, 0x02180000, 0x02300000,
+ 0x02400000, 0x02280000, 0x02480000, 0x02600000, 0x02780000, 0x02700000,
+ 0x05200000, 0x05580000, 0x05500000, 0x05000000, 0x05380000, 0x05100000,
+ 0x05080000, 0x05680000, 0x05180000, 0x05300000, 0x05400000, 0x05280000,
+ 0x05480000, 0x05600000, 0x05780000, 0x05700000, 0x04A00000, 0x04D80000,
+ 0x04D00000, 0x04800000, 0x04B80000, 0x04900000, 0x04880000, 0x04E80000,
+ 0x04980000, 0x04B00000, 0x04C00000, 0x04A80000, 0x04C80000, 0x04E00000,
+ 0x04F80000, 0x04F00000, 0x07200000, 0x07580000, 0x07500000, 0x07000000,
+ 0x07380000, 0x07100000, 0x07080000, 0x07680000, 0x07180000, 0x07300000,
+ 0x07400000, 0x07280000, 0x07480000, 0x07600000, 0x07780000, 0x07700000,
+ 0x00200000, 0x00580000, 0x00500000, 0x00000000, 0x00380000, 0x00100000,
+ 0x00080000, 0x00680000, 0x00180000, 0x00300000, 0x00400000, 0x00280000,
+ 0x00480000, 0x00600000, 0x00780000, 0x00700000, 0x01A00000, 0x01D80000,
+ 0x01D00000, 0x01800000, 0x01B80000, 0x01900000, 0x01880000, 0x01E80000,
+ 0x01980000, 0x01B00000, 0x01C00000, 0x01A80000, 0x01C80000, 0x01E00000,
+ 0x01F80000, 0x01F00000, 0x05A00000, 0x05D80000, 0x05D00000, 0x05800000,
+ 0x05B80000, 0x05900000, 0x05880000, 0x05E80000, 0x05980000, 0x05B00000,
+ 0x05C00000, 0x05A80000, 0x05C80000, 0x05E00000, 0x05F80000, 0x05F00000,
+ 0x01200000, 0x01580000, 0x01500000, 0x01000000, 0x01380000, 0x01100000,
+ 0x01080000, 0x01680000, 0x01180000, 0x01300000, 0x01400000, 0x01280000,
+ 0x01480000, 0x01600000, 0x01780000, 0x01700000 };
+
+const u32bit GOST::SBOX4[256] = {
+ 0x00068800, 0x0006F800, 0x0006E800, 0x00068000, 0x0006A800, 0x0006B800,
+ 0x0006D000, 0x0006A000, 0x0006C800, 0x00069000, 0x00069800, 0x0006F000,
+ 0x0006B000, 0x0006D800, 0x0006C000, 0x0006E000, 0x00058800, 0x0005F800,
+ 0x0005E800, 0x00058000, 0x0005A800, 0x0005B800, 0x0005D000, 0x0005A000,
+ 0x0005C800, 0x00059000, 0x00059800, 0x0005F000, 0x0005B000, 0x0005D800,
+ 0x0005C000, 0x0005E000, 0x00020800, 0x00027800, 0x00026800, 0x00020000,
+ 0x00022800, 0x00023800, 0x00025000, 0x00022000, 0x00024800, 0x00021000,
+ 0x00021800, 0x00027000, 0x00023000, 0x00025800, 0x00024000, 0x00026000,
+ 0x00008800, 0x0000F800, 0x0000E800, 0x00008000, 0x0000A800, 0x0000B800,
+ 0x0000D000, 0x0000A000, 0x0000C800, 0x00009000, 0x00009800, 0x0000F000,
+ 0x0000B000, 0x0000D800, 0x0000C000, 0x0000E000, 0x00018800, 0x0001F800,
+ 0x0001E800, 0x00018000, 0x0001A800, 0x0001B800, 0x0001D000, 0x0001A000,
+ 0x0001C800, 0x00019000, 0x00019800, 0x0001F000, 0x0001B000, 0x0001D800,
+ 0x0001C000, 0x0001E000, 0x00078800, 0x0007F800, 0x0007E800, 0x00078000,
+ 0x0007A800, 0x0007B800, 0x0007D000, 0x0007A000, 0x0007C800, 0x00079000,
+ 0x00079800, 0x0007F000, 0x0007B000, 0x0007D800, 0x0007C000, 0x0007E000,
+ 0x00028800, 0x0002F800, 0x0002E800, 0x00028000, 0x0002A800, 0x0002B800,
+ 0x0002D000, 0x0002A000, 0x0002C800, 0x00029000, 0x00029800, 0x0002F000,
+ 0x0002B000, 0x0002D800, 0x0002C000, 0x0002E000, 0x00048800, 0x0004F800,
+ 0x0004E800, 0x00048000, 0x0004A800, 0x0004B800, 0x0004D000, 0x0004A000,
+ 0x0004C800, 0x00049000, 0x00049800, 0x0004F000, 0x0004B000, 0x0004D800,
+ 0x0004C000, 0x0004E000, 0x00000800, 0x00007800, 0x00006800, 0x00000000,
+ 0x00002800, 0x00003800, 0x00005000, 0x00002000, 0x00004800, 0x00001000,
+ 0x00001800, 0x00007000, 0x00003000, 0x00005800, 0x00004000, 0x00006000,
+ 0x00050800, 0x00057800, 0x00056800, 0x00050000, 0x00052800, 0x00053800,
+ 0x00055000, 0x00052000, 0x00054800, 0x00051000, 0x00051800, 0x00057000,
+ 0x00053000, 0x00055800, 0x00054000, 0x00056000, 0x00070800, 0x00077800,
+ 0x00076800, 0x00070000, 0x00072800, 0x00073800, 0x00075000, 0x00072000,
+ 0x00074800, 0x00071000, 0x00071800, 0x00077000, 0x00073000, 0x00075800,
+ 0x00074000, 0x00076000, 0x00038800, 0x0003F800, 0x0003E800, 0x00038000,
+ 0x0003A800, 0x0003B800, 0x0003D000, 0x0003A000, 0x0003C800, 0x00039000,
+ 0x00039800, 0x0003F000, 0x0003B000, 0x0003D800, 0x0003C000, 0x0003E000,
+ 0x00030800, 0x00037800, 0x00036800, 0x00030000, 0x00032800, 0x00033800,
+ 0x00035000, 0x00032000, 0x00034800, 0x00031000, 0x00031800, 0x00037000,
+ 0x00033000, 0x00035800, 0x00034000, 0x00036000, 0x00040800, 0x00047800,
+ 0x00046800, 0x00040000, 0x00042800, 0x00043800, 0x00045000, 0x00042000,
+ 0x00044800, 0x00041000, 0x00041800, 0x00047000, 0x00043000, 0x00045800,
+ 0x00044000, 0x00046000, 0x00010800, 0x00017800, 0x00016800, 0x00010000,
+ 0x00012800, 0x00013800, 0x00015000, 0x00012000, 0x00014800, 0x00011000,
+ 0x00011800, 0x00017000, 0x00013000, 0x00015800, 0x00014000, 0x00016000,
+ 0x00060800, 0x00067800, 0x00066800, 0x00060000, 0x00062800, 0x00063800,
+ 0x00065000, 0x00062000, 0x00064800, 0x00061000, 0x00061800, 0x00067000,
+ 0x00063000, 0x00065800, 0x00064000, 0x00066000 };
+
+}
diff --git a/src/has160.cpp b/src/has160.cpp
new file mode 100644
index 000000000..3e5aae10c
--- /dev/null
+++ b/src/has160.cpp
@@ -0,0 +1,141 @@
+/*************************************************
+* HAS-160 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/has160.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* HAS-160 F1 Function *
+*************************************************/
+inline void F1(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E,
+ u32bit msg, u32bit rot)
+ {
+ E += rotate_left(A, rot) + (D ^ (B & (C ^ D))) + msg;
+ B = rotate_left(B, 10);
+ }
+
+/*************************************************
+* HAS-160 F2 Function *
+*************************************************/
+inline void F2(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E,
+ u32bit msg, u32bit rot)
+ {
+ E += rotate_left(A, rot) + (B ^ C ^ D) + msg + 0x5A827999;
+ B = rotate_left(B, 17);
+ }
+
+/*************************************************
+* HAS-160 F3 Function *
+*************************************************/
+inline void F3(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E,
+ u32bit msg, u32bit rot)
+ {
+ E += rotate_left(A, rot) + (C ^ (B | ~D)) + msg + 0x6ED9EBA1;
+ B = rotate_left(B, 25);
+ }
+
+/*************************************************
+* HAS-160 F4 Function *
+*************************************************/
+inline void F4(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E,
+ u32bit msg, u32bit rot)
+ {
+ E += rotate_left(A, rot) + (B ^ C ^ D) + msg + 0x8F1BBCDC;
+ B = rotate_left(B, 30);
+ }
+
+}
+
+/*************************************************
+* HAS-160 Compression Function *
+*************************************************/
+void HAS_160::hash(const byte input[])
+ {
+ for(u32bit j = 0; j != 16; ++j)
+ X[j] = make_u32bit(input[4*j+3], input[4*j+2], input[4*j+1], input[4*j]);
+
+ u32bit A = digest[0], B = digest[1], C = digest[2],
+ D = digest[3], E = digest[4];
+
+ X[16] = X[ 0] ^ X[ 1] ^ X[ 2] ^ X[ 3];
+ X[17] = X[ 4] ^ X[ 5] ^ X[ 6] ^ X[ 7];
+ X[18] = X[ 8] ^ X[ 9] ^ X[10] ^ X[11];
+ X[19] = X[12] ^ X[13] ^ X[14] ^ X[15];
+ F1(A,B,C,D,E,X[18], 5); F1(E,A,B,C,D,X[ 0],11); F1(D,E,A,B,C,X[ 1], 7);
+ F1(C,D,E,A,B,X[ 2],15); F1(B,C,D,E,A,X[ 3], 6); F1(A,B,C,D,E,X[19],13);
+ F1(E,A,B,C,D,X[ 4], 8); F1(D,E,A,B,C,X[ 5],14); F1(C,D,E,A,B,X[ 6], 7);
+ F1(B,C,D,E,A,X[ 7],12); F1(A,B,C,D,E,X[16], 9); F1(E,A,B,C,D,X[ 8],11);
+ F1(D,E,A,B,C,X[ 9], 8); F1(C,D,E,A,B,X[10],15); F1(B,C,D,E,A,X[11], 6);
+ F1(A,B,C,D,E,X[17],12); F1(E,A,B,C,D,X[12], 9); F1(D,E,A,B,C,X[13],14);
+ F1(C,D,E,A,B,X[14], 5); F1(B,C,D,E,A,X[15],13);
+
+ X[16] = X[ 3] ^ X[ 6] ^ X[ 9] ^ X[12];
+ X[17] = X[ 2] ^ X[ 5] ^ X[ 8] ^ X[15];
+ X[18] = X[ 1] ^ X[ 4] ^ X[11] ^ X[14];
+ X[19] = X[ 0] ^ X[ 7] ^ X[10] ^ X[13];
+ F2(A,B,C,D,E,X[18], 5); F2(E,A,B,C,D,X[ 3],11); F2(D,E,A,B,C,X[ 6], 7);
+ F2(C,D,E,A,B,X[ 9],15); F2(B,C,D,E,A,X[12], 6); F2(A,B,C,D,E,X[19],13);
+ F2(E,A,B,C,D,X[15], 8); F2(D,E,A,B,C,X[ 2],14); F2(C,D,E,A,B,X[ 5], 7);
+ F2(B,C,D,E,A,X[ 8],12); F2(A,B,C,D,E,X[16], 9); F2(E,A,B,C,D,X[11],11);
+ F2(D,E,A,B,C,X[14], 8); F2(C,D,E,A,B,X[ 1],15); F2(B,C,D,E,A,X[ 4], 6);
+ F2(A,B,C,D,E,X[17],12); F2(E,A,B,C,D,X[ 7], 9); F2(D,E,A,B,C,X[10],14);
+ F2(C,D,E,A,B,X[13], 5); F2(B,C,D,E,A,X[ 0],13);
+
+ X[16] = X[ 5] ^ X[ 7] ^ X[12] ^ X[14];
+ X[17] = X[ 0] ^ X[ 2] ^ X[ 9] ^ X[11];
+ X[18] = X[ 4] ^ X[ 6] ^ X[13] ^ X[15];
+ X[19] = X[ 1] ^ X[ 3] ^ X[ 8] ^ X[10];
+ F3(A,B,C,D,E,X[18], 5); F3(E,A,B,C,D,X[12],11); F3(D,E,A,B,C,X[ 5], 7);
+ F3(C,D,E,A,B,X[14],15); F3(B,C,D,E,A,X[ 7], 6); F3(A,B,C,D,E,X[19],13);
+ F3(E,A,B,C,D,X[ 0], 8); F3(D,E,A,B,C,X[ 9],14); F3(C,D,E,A,B,X[ 2], 7);
+ F3(B,C,D,E,A,X[11],12); F3(A,B,C,D,E,X[16], 9); F3(E,A,B,C,D,X[ 4],11);
+ F3(D,E,A,B,C,X[13], 8); F3(C,D,E,A,B,X[ 6],15); F3(B,C,D,E,A,X[15], 6);
+ F3(A,B,C,D,E,X[17],12); F3(E,A,B,C,D,X[ 8], 9); F3(D,E,A,B,C,X[ 1],14);
+ F3(C,D,E,A,B,X[10], 5); F3(B,C,D,E,A,X[ 3],13);
+
+ X[16] = X[ 2] ^ X[ 7] ^ X[ 8] ^ X[13];
+ X[17] = X[ 3] ^ X[ 4] ^ X[ 9] ^ X[14];
+ X[18] = X[ 0] ^ X[ 5] ^ X[10] ^ X[15];
+ X[19] = X[ 1] ^ X[ 6] ^ X[11] ^ X[12];
+ F4(A,B,C,D,E,X[18], 5); F4(E,A,B,C,D,X[ 7],11); F4(D,E,A,B,C,X[ 2], 7);
+ F4(C,D,E,A,B,X[13],15); F4(B,C,D,E,A,X[ 8], 6); F4(A,B,C,D,E,X[19],13);
+ F4(E,A,B,C,D,X[ 3], 8); F4(D,E,A,B,C,X[14],14); F4(C,D,E,A,B,X[ 9], 7);
+ F4(B,C,D,E,A,X[ 4],12); F4(A,B,C,D,E,X[16], 9); F4(E,A,B,C,D,X[15],11);
+ F4(D,E,A,B,C,X[10], 8); F4(C,D,E,A,B,X[ 5],15); F4(B,C,D,E,A,X[ 0], 6);
+ F4(A,B,C,D,E,X[17],12); F4(E,A,B,C,D,X[11], 9); F4(D,E,A,B,C,X[ 6],14);
+ F4(C,D,E,A,B,X[ 1], 5); F4(B,C,D,E,A,X[12],13);
+
+ digest[0] += A; digest[1] += B; digest[2] += C;
+ digest[3] += D; digest[4] += E;
+ }
+
+/*************************************************
+* Copy out the digest *
+*************************************************/
+void HAS_160::copy_out(byte output[])
+ {
+ for(u32bit j = 0; j != OUTPUT_LENGTH; ++j)
+ output[j] = get_byte(3 - (j % 4), digest[j/4]);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void HAS_160::clear() throw()
+ {
+ MDx_HashFunction::clear();
+ X.clear();
+ digest[0] = 0x67452301;
+ digest[1] = 0xEFCDAB89;
+ digest[2] = 0x98BADCFE;
+ digest[3] = 0x10325476;
+ digest[4] = 0xC3D2E1F0;
+ }
+
+}
diff --git a/src/hash_id.cpp b/src/hash_id.cpp
new file mode 100644
index 000000000..bc5c64b98
--- /dev/null
+++ b/src/hash_id.cpp
@@ -0,0 +1,105 @@
+/*************************************************
+* Hash Function Identification Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/hash_id.h>
+#include <botan/lookup.h>
+
+namespace Botan {
+
+namespace PKCS_IDS {
+
+const byte MD2_ID[] = {
+0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86,
+0xF7, 0x0D, 0x02, 0x02, 0x05, 0x00, 0x04, 0x10 };
+
+const byte MD5_ID[] = {
+0x30, 0x20, 0x30, 0x0C, 0x06, 0x08, 0x2A, 0x86, 0x48, 0x86,
+0xF7, 0x0D, 0x02, 0x05, 0x05, 0x00, 0x04, 0x10 };
+
+const byte RIPEMD_128_ID[] = {
+0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02,
+0x02, 0x05, 0x00, 0x04, 0x14 };
+
+const byte RIPEMD_160_ID[] = {
+0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x24, 0x03, 0x02,
+0x01, 0x05, 0x00, 0x04, 0x14 };
+
+const byte SHA_160_ID[] = {
+0x30, 0x21, 0x30, 0x09, 0x06, 0x05, 0x2B, 0x0E, 0x03, 0x02,
+0x1A, 0x05, 0x00, 0x04, 0x14 };
+
+const byte SHA_256_ID[] = {
+0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
+0x65, 0x03, 0x04, 0x02, 0x01, 0x05, 0x00, 0x04, 0x20 };
+
+const byte SHA_384_ID[] = {
+0x30, 0x41, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
+0x65, 0x03, 0x04, 0x02, 0x02, 0x05, 0x00, 0x04, 0x30 };
+
+const byte SHA_512_ID[] = {
+0x30, 0x31, 0x30, 0x0D, 0x06, 0x09, 0x60, 0x86, 0x48, 0x01,
+0x65, 0x03, 0x04, 0x02, 0x03, 0x05, 0x00, 0x04, 0x40 };
+
+const byte TIGER_ID[] = {
+0x30, 0x29, 0x30, 0x0D, 0x06, 0x09, 0x2B, 0x06, 0x01, 0x04,
+0x01, 0xDA, 0x47, 0x0C, 0x02, 0x05, 0x00, 0x04, 0x18 };
+
+}
+
+/*************************************************
+* Return the HashID, as specified by PKCS *
+*************************************************/
+MemoryVector<byte> pkcs_hash_id(const std::string& name_or_alias)
+ {
+ const std::string name = deref_alias(name_or_alias);
+
+ MemoryVector<byte> out;
+
+ if(name == "Parallel(MD5,SHA-160)")
+ return out;
+
+ if(name == "MD2")
+ out.set(PKCS_IDS::MD2_ID, sizeof(PKCS_IDS::MD2_ID));
+ else if(name == "MD5")
+ out.set(PKCS_IDS::MD5_ID, sizeof(PKCS_IDS::MD5_ID));
+ else if(name == "RIPEMD-128")
+ out.set(PKCS_IDS::RIPEMD_128_ID, sizeof(PKCS_IDS::RIPEMD_128_ID));
+ else if(name == "RIPEMD-160")
+ out.set(PKCS_IDS::RIPEMD_160_ID, sizeof(PKCS_IDS::RIPEMD_160_ID));
+ else if(name == "SHA-160")
+ out.set(PKCS_IDS::SHA_160_ID, sizeof(PKCS_IDS::SHA_160_ID));
+ else if(name == "SHA-256")
+ out.set(PKCS_IDS::SHA_256_ID, sizeof(PKCS_IDS::SHA_256_ID));
+ else if(name == "SHA-384")
+ out.set(PKCS_IDS::SHA_384_ID, sizeof(PKCS_IDS::SHA_384_ID));
+ else if(name == "SHA-512")
+ out.set(PKCS_IDS::SHA_512_ID, sizeof(PKCS_IDS::SHA_512_ID));
+ else if(name == "Tiger(24,3)")
+ out.set(PKCS_IDS::TIGER_ID, sizeof(PKCS_IDS::TIGER_ID));
+
+ if(out.size())
+ return out;
+
+ throw Invalid_Argument("No PKCS #1 identifier for " + name_or_alias);
+ }
+
+/*************************************************
+* Return the HashID, as specified by IEEE 1363 *
+*************************************************/
+byte ieee1363_hash_id(const std::string& name_or_alias)
+ {
+ const std::string name = deref_alias(name_or_alias);
+
+ if(name == "RIPEMD-160") return 0x31;
+ if(name == "RIPEMD-128") return 0x32;
+ if(name == "SHA-160") return 0x33;
+ if(name == "SHA-256") return 0x34;
+ if(name == "SHA-512") return 0x35;
+ if(name == "SHA-384") return 0x36;
+ if(name == "Whirlpool") return 0x37;
+ return 0;
+ }
+
+}
diff --git a/src/hex.cpp b/src/hex.cpp
new file mode 100644
index 000000000..d6b710656
--- /dev/null
+++ b/src/hex.cpp
@@ -0,0 +1,185 @@
+/*************************************************
+* Hex Encoder/Decoder Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/hex.h>
+#include <botan/bit_ops.h>
+#include <botan/parsing.h>
+#include <botan/charset.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* Hex_Encoder Constructor *
+*************************************************/
+Hex_Encoder::Hex_Encoder(bool breaks, u32bit length, Case c) :
+ casing(c), line_length(breaks ? length : 0)
+ {
+ in.create(64);
+ out.create(2*in.size());
+ counter = position = 0;
+ }
+
+/*************************************************
+* Hex_Encoder Constructor *
+*************************************************/
+Hex_Encoder::Hex_Encoder(Case c) : casing(c), line_length(0)
+ {
+ in.create(64);
+ out.create(2*in.size());
+ counter = position = 0;
+ }
+
+/*************************************************
+* Hex Encoding Operation *
+*************************************************/
+void Hex_Encoder::encode(byte in, byte out[2], Hex_Encoder::Case casing)
+ {
+ const byte* BIN_TO_HEX = ((casing == Uppercase) ? BIN_TO_HEX_UPPER :
+ BIN_TO_HEX_LOWER);
+
+ out[0] = BIN_TO_HEX[((in >> 4) & 0x0F)];
+ out[1] = BIN_TO_HEX[((in ) & 0x0F)];
+ }
+
+/*************************************************
+* Encode and send a block *
+*************************************************/
+void Hex_Encoder::encode_and_send(const byte block[], u32bit length)
+ {
+ for(u32bit j = 0; j != length; ++j)
+ encode(block[j], out + 2*j, casing);
+
+ if(line_length == 0)
+ send(out, 2*length);
+ else
+ {
+ u32bit remaining = 2*length, offset = 0;
+ while(remaining)
+ {
+ u32bit sent = std::min(line_length - counter, remaining);
+ send(out + offset, sent);
+ counter += sent;
+ remaining -= sent;
+ offset += sent;
+ if(counter == line_length)
+ {
+ send('\n');
+ counter = 0;
+ }
+ }
+ }
+ }
+
+/*************************************************
+* Convert some data into hex format *
+*************************************************/
+void Hex_Encoder::write(const byte input[], u32bit length)
+ {
+ in.copy(position, input, length);
+ if(position + length >= in.size())
+ {
+ encode_and_send(in, in.size());
+ input += (in.size() - position);
+ length -= (in.size() - position);
+ while(length >= in.size())
+ {
+ encode_and_send(input, in.size());
+ input += in.size();
+ length -= in.size();
+ }
+ in.copy(input, length);
+ position = 0;
+ }
+ position += length;
+ }
+
+/*************************************************
+* Flush buffers *
+*************************************************/
+void Hex_Encoder::end_msg()
+ {
+ encode_and_send(in, position);
+ if(counter && line_length)
+ send('\n');
+ counter = position = 0;
+ }
+
+/*************************************************
+* Hex_Decoder Constructor *
+*************************************************/
+Hex_Decoder::Hex_Decoder(Decoder_Checking c) : checking(c)
+ {
+ in.create(64);
+ out.create(in.size() / 2);
+ position = 0;
+ }
+
+/*************************************************
+* Check if a character is a valid hex char *
+*************************************************/
+bool Hex_Decoder::is_valid(byte in)
+ {
+ return (HEX_TO_BIN[in] != 0x80);
+ }
+
+/*************************************************
+* Handle processing an invalid character *
+*************************************************/
+void Hex_Decoder::handle_bad_char(byte c)
+ {
+ if(checking == NONE) return;
+ if((checking == IGNORE_WS) && is_space(c)) return;
+ throw Decoding_Error("Hex_Decoder: Invalid hex character: " +
+ to_string(c));
+ }
+
+/*************************************************
+* Hex Decoding Operation *
+*************************************************/
+byte Hex_Decoder::decode(const byte hex[2])
+ {
+ return (byte)((HEX_TO_BIN[hex[0]] << 4) | HEX_TO_BIN[hex[1]]);
+ }
+
+/*************************************************
+* Decode and send a block *
+*************************************************/
+void Hex_Decoder::decode_and_send(const byte block[], u32bit length)
+ {
+ for(u32bit j = 0; j != length / 2; ++j)
+ out[j] = decode(block + 2*j);
+ send(out, length / 2);
+ }
+
+/*************************************************
+* Convert some data from hex format *
+*************************************************/
+void Hex_Decoder::write(const byte input[], u32bit length)
+ {
+ for(u32bit j = 0; j != length; ++j)
+ {
+ if(is_valid(input[j]))
+ in[position++] = input[j];
+ else
+ handle_bad_char(input[j]);
+ if(position == in.size())
+ {
+ decode_and_send(in, in.size());
+ position = 0;
+ }
+ }
+ }
+
+/*************************************************
+* Flush buffers *
+*************************************************/
+void Hex_Decoder::end_msg()
+ {
+ decode_and_send(in, position);
+ position = 0;
+ }
+
+}
diff --git a/src/hmac.cpp b/src/hmac.cpp
new file mode 100644
index 000000000..1cac5faa2
--- /dev/null
+++ b/src/hmac.cpp
@@ -0,0 +1,90 @@
+/*************************************************
+* HMAC Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/hmac.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* Update a HMAC Calculation *
+*************************************************/
+void HMAC::add_data(const byte input[], u32bit length)
+ {
+ hash->update(input, length);
+ }
+
+/*************************************************
+* Finalize a HMAC Calculation *
+*************************************************/
+void HMAC::final_result(byte mac[])
+ {
+ hash->final(mac);
+ hash->update(o_key);
+ hash->update(mac, OUTPUT_LENGTH);
+ hash->final(mac);
+ hash->update(i_key);
+ }
+
+/*************************************************
+* HMAC Key Schedule *
+*************************************************/
+void HMAC::key(const byte key[], u32bit length)
+ {
+ hash->clear();
+ std::fill(i_key.begin(), i_key.end(), 0x36);
+ std::fill(o_key.begin(), o_key.end(), 0x5C);
+
+ SecureVector<byte> hmac_key(key, length);
+ if(hmac_key.size() > hash->HASH_BLOCK_SIZE)
+ hmac_key = hash->process(hmac_key);
+
+ xor_buf(i_key, hmac_key, hmac_key.size());
+ xor_buf(o_key, hmac_key, hmac_key.size());
+ hash->update(i_key);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void HMAC::clear() throw()
+ {
+ hash->clear();
+ i_key.clear();
+ o_key.clear();
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string HMAC::name() const
+ {
+ return "HMAC(" + hash->name() + ")";
+ }
+
+/*************************************************
+* Return a clone of this object *
+*************************************************/
+MessageAuthenticationCode* HMAC::clone() const
+ {
+ return new HMAC(hash->name());
+ }
+
+/*************************************************
+* HMAC Constructor *
+*************************************************/
+HMAC::HMAC(const std::string& hash_name) :
+ MessageAuthenticationCode(output_length_of(hash_name),
+ 1, 2*block_size_of(hash_name)),
+ hash(get_hash(hash_name))
+ {
+ if(hash->HASH_BLOCK_SIZE == 0)
+ throw Invalid_Argument("HMAC cannot be used with " + hash->name());
+ i_key.create(hash->HASH_BLOCK_SIZE);
+ o_key.create(hash->HASH_BLOCK_SIZE);
+ }
+
+}
diff --git a/src/idea.cpp b/src/idea.cpp
new file mode 100644
index 000000000..d1cb4dd2c
--- /dev/null
+++ b/src/idea.cpp
@@ -0,0 +1,156 @@
+/*************************************************
+* IDEA Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/idea.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Multiplication modulo 65537 *
+*************************************************/
+inline void mul(u16bit& a, u16bit b)
+ {
+ if(a && b)
+ {
+ u32bit temp = (u32bit)a * b;
+ a = (u16bit)(temp >> 16);
+ b = (u16bit)(temp & 0xFFFF);
+ a = (u16bit)(b - a + ((b < a) ? 1 : 0));
+ }
+ else
+ a = (u16bit)(1 - a - b);
+ }
+
+}
+
+/*************************************************
+* IDEA Encryption *
+*************************************************/
+void IDEA::enc(const byte in[], byte out[]) const
+ {
+ u16bit X1 = make_u16bit(in[0], in[1]), X2 = make_u16bit(in[2], in[3]),
+ X3 = make_u16bit(in[4], in[5]), X4 = make_u16bit(in[6], in[7]);
+
+ for(u32bit j = 0; j != 8; ++j)
+ {
+ mul(X1, EK[6*j+0]);
+ X2 += EK[6*j+1];
+ X3 += EK[6*j+2];
+ mul(X4, EK[6*j+3]);
+ u16bit T0 = X3;
+ X3 ^= X1;
+ mul(X3, EK[6*j+4]);
+ u16bit T1 = X2;
+ X2 = (u16bit)((X2 ^ X4) + X3);
+ mul(X2, EK[6*j+5]);
+ X3 += X2;
+ X1 ^= X2;
+ X4 ^= X3;
+ X2 ^= T0;
+ X3 ^= T1;
+ }
+
+ mul(X1, EK[48]); X2 += EK[50]; X3 += EK[49]; mul(X4, EK[51]);
+
+ out[0] = get_byte(0, X1); out[1] = get_byte(1, X1);
+ out[2] = get_byte(0, X3); out[3] = get_byte(1, X3);
+ out[4] = get_byte(0, X2); out[5] = get_byte(1, X2);
+ out[6] = get_byte(0, X4); out[7] = get_byte(1, X4);
+ }
+
+/*************************************************
+* IDEA Decryption *
+*************************************************/
+void IDEA::dec(const byte in[], byte out[]) const
+ {
+ u16bit X1 = make_u16bit(in[0], in[1]), X2 = make_u16bit(in[2], in[3]),
+ X3 = make_u16bit(in[4], in[5]), X4 = make_u16bit(in[6], in[7]);
+ for(u32bit j = 0; j != 8; ++j)
+ {
+ mul(X1, DK[6*j+0]);
+ X2 += DK[6*j+1];
+ X3 += DK[6*j+2];
+ mul(X4, DK[6*j+3]);
+ u16bit T0 = X3;
+ X3 ^= X1;
+ mul(X3, DK[6*j+4]);
+ u16bit T1 = X2;
+ X2 = (u16bit)((X2 ^ X4) + X3);
+ mul(X2, DK[6*j+5]);
+ X3 += X2;
+ X1 ^= X2;
+ X4 ^= X3;
+ X2 ^= T0;
+ X3 ^= T1;
+ }
+
+ mul(X1, DK[48]); X2 += DK[50]; X3 += DK[49]; mul(X4, DK[51]);
+
+ out[0] = get_byte(0, X1); out[1] = get_byte(1, X1);
+ out[2] = get_byte(0, X3); out[3] = get_byte(1, X3);
+ out[4] = get_byte(0, X2); out[5] = get_byte(1, X2);
+ out[6] = get_byte(0, X4); out[7] = get_byte(1, X4);
+ }
+
+/*************************************************
+* Find multiplicative inverses modulo 65537 *
+*************************************************/
+u16bit IDEA::mul_inv(u16bit x)
+ {
+ if(x <= 1)
+ return x;
+ u16bit t0 = (u16bit)(65537 / x), t1 = 1, y = (u16bit)(65537 % x);
+ while(y != 1)
+ {
+ u16bit q = (u16bit)(x / y);
+ x %= y;
+ t1 += (u16bit)(q * t0);
+ if(x == 1)
+ return t1;
+ q = (u16bit)(y / x);
+ y %= x;
+ t0 += (u16bit)(q * t1);
+ }
+ return (u16bit)(1 - t0);
+ }
+
+/*************************************************
+* IDEA Key Schedule *
+*************************************************/
+void IDEA::key(const byte key[], u32bit)
+ {
+ for(u32bit j = 0; j != 8; ++j)
+ EK[j] = make_u16bit(key[2*j], key[2*j+1]);
+ for(u32bit j = 1, k = 8, offset = 0; k != 52; j %= 8, ++j, ++k)
+ {
+ EK[j+7+offset] = (u16bit)((EK[(j % 8) + offset] << 9) |
+ (EK[((j+1) % 8) + offset] >> 7));
+ offset += (j == 8) ? 8 : 0;
+ }
+ DK[51] = mul_inv(EK[3]);
+ DK[50] = (u16bit)-EK[2];
+ DK[49] = (u16bit)-EK[1];
+ DK[48] = mul_inv(EK[0]);
+ for(u32bit j = 1, k = 4, counter = 47; j != 8; ++j, k += 6)
+ {
+ DK[counter--] = EK[k+1];
+ DK[counter--] = EK[k];
+ DK[counter--] = mul_inv(EK[k+5]);
+ DK[counter--] = (u16bit)-EK[k+3];
+ DK[counter--] = (u16bit)-EK[k+4];
+ DK[counter--] = mul_inv(EK[k+2]);
+ }
+ DK[5] = EK[47];
+ DK[4] = EK[46];
+ DK[3] = mul_inv(EK[51]);
+ DK[2] = (u16bit)-EK[50];
+ DK[1] = (u16bit)-EK[49];
+ DK[0] = mul_inv(EK[48]);
+ }
+
+}
diff --git a/src/if_algo.cpp b/src/if_algo.cpp
new file mode 100644
index 000000000..8c6a8654e
--- /dev/null
+++ b/src/if_algo.cpp
@@ -0,0 +1,157 @@
+/*************************************************
+* IF Scheme Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/if_algo.h>
+#include <botan/numthry.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
+
+namespace Botan {
+
+/*************************************************
+* Return the X.509 public key encoding *
+*************************************************/
+MemoryVector<byte> IF_Scheme_PublicKey::DER_encode_pub() const
+ {
+ return DER_Encoder()
+ .start_sequence()
+ .encode(n)
+ .encode(e)
+ .end_sequence()
+ .get_contents();
+ }
+
+/*************************************************
+* Return the X.509 parameters encoding *
+*************************************************/
+MemoryVector<byte> IF_Scheme_PublicKey::DER_encode_params() const
+ {
+ return DER_Encoder().encode_null().get_contents();
+ }
+
+/*************************************************
+* Decode X.509 public key encoding *
+*************************************************/
+void IF_Scheme_PublicKey::BER_decode_pub(DataSource& source)
+ {
+ BER_Decoder decoder(source);
+ BER_Decoder ber = BER::get_subsequence(decoder);
+
+ ber.decode(n)
+ .decode(e)
+ .verify_end();
+
+ X509_load_hook();
+ }
+
+/*************************************************
+* Decode X.509 algorithm parameters *
+*************************************************/
+void IF_Scheme_PublicKey::BER_decode_params(DataSource& source)
+ {
+ byte dummy = 0;
+ while(!source.end_of_data())
+ source.read_byte(dummy);
+ }
+
+/*************************************************
+* Return the PKCS #1 private key encoding *
+*************************************************/
+SecureVector<byte> IF_Scheme_PrivateKey::DER_encode_priv() const
+ {
+ return DER_Encoder()
+ .start_sequence()
+ .encode((u32bit)0)
+ .encode(n)
+ .encode(e)
+ .encode(d)
+ .encode(p)
+ .encode(q)
+ .encode(d1)
+ .encode(d2)
+ .encode(c)
+ .end_sequence()
+ .get_contents();
+ }
+
+/*************************************************
+* Decode a PKCS #1 private key encoding *
+*************************************************/
+void IF_Scheme_PrivateKey::BER_decode_priv(DataSource& source)
+ {
+ u32bit version;
+
+ BER_Decoder decoder(source);
+ BER_Decoder ber = BER::get_subsequence(decoder);
+
+ ber.decode(version)
+ .decode(n)
+ .decode(e)
+ .decode(d)
+ .decode(p)
+ .decode(q)
+ .decode(d1)
+ .decode(d2)
+ .decode(c)
+ .verify_end();
+
+ if(version != 0)
+ throw Decoding_Error(algo_name() + ": Unknown PKCS #1 key version");
+
+ PKCS8_load_hook();
+ check_loaded_private();
+ }
+
+/*************************************************
+* Algorithm Specific X.509 Initialization Code *
+*************************************************/
+void IF_Scheme_PublicKey::X509_load_hook()
+ {
+ core = IF_Core(e, n);
+ check_loaded_public();
+ }
+
+/*************************************************
+* Algorithm Specific PKCS #8 Initialization Code *
+*************************************************/
+void IF_Scheme_PrivateKey::PKCS8_load_hook()
+ {
+ if(n == 0) n = p * q;
+ if(d1 == 0) d1 = d % (p - 1);
+ if(d2 == 0) d2 = d % (q - 1);
+ if(c == 0) c = inverse_mod(q, p);
+
+ core = IF_Core(e, n, d, p, q, d1, d2, c);
+ }
+
+/*************************************************
+* Check IF Scheme Public Parameters *
+*************************************************/
+bool IF_Scheme_PublicKey::check_key(bool) const
+ {
+ if(n < 35 || n.is_even() || e < 2)
+ return false;
+ return true;
+ }
+
+/*************************************************
+* Check IF Scheme Private Parameters *
+*************************************************/
+bool IF_Scheme_PrivateKey::check_key(bool strong) const
+ {
+ if(n < 35 || n.is_even() || e < 2 || d < 2 || p < 3 || q < 3 || p*q != n)
+ return false;
+
+ if(!strong)
+ return true;
+
+ if(d1 != d % (p - 1) || d2 != d % (q - 1) || c != inverse_mod(q, p))
+ return false;
+ if(!check_prime(p) || !check_prime(q))
+ return false;
+ return true;
+ }
+
+}
diff --git a/src/inifile.cpp b/src/inifile.cpp
new file mode 100644
index 000000000..44830ef22
--- /dev/null
+++ b/src/inifile.cpp
@@ -0,0 +1,150 @@
+/*************************************************
+* Configuration Reader Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/conf.h>
+#include <botan/libstate.h>
+#include <botan/charset.h>
+#include <botan/parsing.h>
+#include <fstream>
+#include <map>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Strip comments and whitespace from line *
+*************************************************/
+std::string strip_whitespace(const std::string& line)
+ {
+ bool is_escaped = false, in_quote = false, in_string = false;
+ std::string new_line;
+
+ for(std::string::const_iterator j = line.begin(); j != line.end(); ++j)
+ {
+ const char c = *j;
+
+ if(c == '"' && !is_escaped && !in_string)
+ { in_quote = !in_quote; continue; }
+ if(c == '\'' && !is_escaped && !in_quote)
+ { in_string = !in_string; continue; }
+ if(c == '#' && !is_escaped && !in_quote && !in_string)
+ return new_line;
+ if(c == '\\' && !is_escaped) { is_escaped = true; continue; }
+
+ if(is_space(c) && !in_quote && !in_string && !is_escaped)
+ continue;
+
+ new_line += c;
+ is_escaped = false;
+ }
+
+ return new_line;
+ }
+
+/*************************************************
+* Do variable interpolation *
+*************************************************/
+std::string interpolate(const std::string& value,
+ const std::map<std::string, std::string>& variables)
+ {
+ std::string variable, suffix;
+
+ if(value.find('.') == std::string::npos)
+ variable = value;
+ else
+ {
+ variable = value.substr(0, value.find('.'));
+ suffix = value.substr(value.find('.'), std::string::npos);
+ }
+
+ if(variables.find(variable) != variables.end())
+ {
+ const std::string result = variables.find(variable)->second;
+ if(variable == result)
+ return value;
+ return interpolate(result, variables) + suffix;
+ }
+ return value;
+ }
+
+}
+
+namespace Config {
+
+/*************************************************
+* Load a configuration file *
+*************************************************/
+void load(const std::string& fsname)
+ {
+ load(fsname, global_state());
+ }
+
+/*************************************************
+* Load a configuration file *
+*************************************************/
+void load(const std::string& fsname, Library_State& state)
+ {
+ std::ifstream config(fsname.c_str());
+
+ if(!config)
+ throw Config_Error("Could not open config file " + fsname);
+
+ u32bit line_no = 0;
+ std::string line, section;
+ std::map<std::string, std::string> variables;
+
+ while(std::getline(config, line))
+ {
+ ++line_no;
+
+ line = strip_whitespace(line);
+
+ if(line == "")
+ continue;
+
+ if(line[0] == '[' && line[line.size()-1] == ']')
+ {
+ section = line.substr(1, line.size() - 2);
+ if(section == "")
+ throw Config_Error("Empty section name", line_no);
+ continue;
+ }
+
+ if(section == "")
+ throw Config_Error("Section must be set before assignment", line_no);
+
+ std::vector<std::string> name_and_value;
+ try {
+ name_and_value = split_on(line, '=');
+ }
+ catch(Format_Error)
+ {
+ throw Config_Error("Bad assignment: " + line, line_no);
+ }
+
+ if(name_and_value.size() != 2)
+ throw Config_Error("Bad line: " + line, line_no);
+ const std::string name = name_and_value[0];
+ const std::string value = interpolate(name_and_value[1], variables);
+
+ if(variables.find(name) == variables.end())
+ variables[name] = value;
+
+ if(section == "oids")
+ {
+ state.set_option("oid2str", name, value, false);
+ state.set_option("str2oid", value, name, false);
+ }
+ else if(section == "aliases")
+ state.set_option("alias", name, value);
+ else
+ state.set_option("conf", section + '/' + name, value);
+ }
+ }
+
+}
+
+}
diff --git a/src/init_def.cpp b/src/init_def.cpp
new file mode 100644
index 000000000..3b071d7eb
--- /dev/null
+++ b/src/init_def.cpp
@@ -0,0 +1,149 @@
+/*************************************************
+* Default Initialization Function Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/init.h>
+#include <botan/libstate.h>
+#include <botan/modules.h>
+#include <botan/conf.h>
+#include <botan/parsing.h>
+#include <botan/defalloc.h>
+#include <botan/eng_def.h>
+#include <botan/fips140.h>
+#include <botan/x931_rng.h>
+
+namespace Botan {
+
+/*************************************************
+* Library Initialization *
+*************************************************/
+LibraryInitializer::LibraryInitializer(const std::string& arg_string)
+ {
+ Init::initialize(arg_string);
+ }
+
+/*************************************************
+* Library Shutdown *
+*************************************************/
+LibraryInitializer::~LibraryInitializer()
+ {
+ Init::deinitialize();
+ }
+
+namespace Init {
+
+namespace {
+
+/*************************************************
+* Parse the options string *
+*************************************************/
+std::map<std::string, std::string> parse_args(const std::string& arg_string)
+ {
+ std::map<std::string, std::string> arg_map;
+ std::vector<std::string> args = split_on(arg_string, ' ');
+ for(u32bit j = 0; j != args.size(); ++j)
+ {
+ if(args[j].find('=') == std::string::npos)
+ arg_map[args[j]] = "";
+ else
+ {
+ std::vector<std::string> name_and_value = split_on(args[j], '=');
+ arg_map[name_and_value[0]] = name_and_value[1];
+ }
+ }
+
+ return arg_map;
+ }
+
+/*************************************************
+* Check if an option is set in the argument *
+*************************************************/
+bool arg_set(const std::map<std::string, std::string>& args,
+ const std::string& option)
+ {
+ return (args.find(option) != args.end());
+ }
+
+}
+
+/*************************************************
+* Library Initialization *
+*************************************************/
+void initialize(const std::string& arg_string)
+ {
+ std::map<std::string, std::string> args = parse_args(arg_string);
+
+ Mutex_Factory* mutex_factory = 0;
+ if(arg_set(args, "thread_safe"))
+ {
+ mutex_factory = Modules::get_mutex_factory();
+ if(!mutex_factory)
+ throw Exception("LibraryInitializer: thread safety impossible");
+ }
+
+ set_global_state(new Library_State(mutex_factory,
+ Modules::get_timer()));
+
+ global_state().add_allocator("malloc", new Malloc_Allocator);
+ global_state().add_allocator("locking", new Locking_Allocator);
+
+ if(arg_set(args, "secure_memory"))
+ {
+ std::map<std::string, Allocator*> allocators = Modules::get_allocators();
+ for(std::map<std::string, Allocator*>::iterator i = allocators.begin();
+ i != allocators.end(); ++i)
+ global_state().add_allocator(i->first, i->second);
+ }
+
+ if(arg_set(args, "config") && args["config"] != "")
+ Config::load(args["config"], global_state());
+
+ if(arg_set(args, "use_engines"))
+ {
+ std::vector<Engine*> engines = Modules::get_engines();
+ for(u32bit j = 0; j != engines.size(); ++j)
+ global_state().add_engine(engines[j]);
+ }
+ global_state().add_engine(new Default_Engine);
+
+ global_state().set_prng(new ANSI_X931_RNG);
+ std::vector<EntropySource*> sources = Modules::get_entropy_sources();
+ for(u32bit j = 0; j != sources.size(); ++j)
+ global_state().add_entropy_source(sources[j], true);
+
+ const u32bit min_entropy = Config::get_u32bit("rng/min_entropy");
+
+ if(min_entropy != 0 && !arg_set(args, "no_rng_seed"))
+ {
+ u32bit total_bits = 0;
+ for(u32bit j = 0; j != 4; ++j)
+ {
+ total_bits += global_state().seed_prng(true,
+ min_entropy - total_bits);
+ if(total_bits >= min_entropy)
+ break;
+ }
+
+ if(total_bits < min_entropy)
+ throw PRNG_Unseeded("Unable to collect sufficient entropy");
+ }
+
+ if(!FIPS140::passes_self_tests())
+ {
+ set_global_state(0);
+ throw Self_Test_Failure("FIPS-140 startup tests");
+ }
+ }
+
+/*************************************************
+* Library Shutdown *
+*************************************************/
+void deinitialize()
+ {
+ set_global_state(0);
+ }
+
+}
+
+}
diff --git a/src/jacobi.cpp b/src/jacobi.cpp
new file mode 100644
index 000000000..4e8ab61f0
--- /dev/null
+++ b/src/jacobi.cpp
@@ -0,0 +1,51 @@
+/*************************************************
+* Jacobi Function Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/numthry.h>
+
+namespace Botan {
+
+/*************************************************
+* Calculate the Jacobi symbol *
+*************************************************/
+s32bit jacobi(const BigInt& a, const BigInt& n)
+ {
+ if(a.is_negative())
+ throw Invalid_Argument("jacobi: first argument must be non-negative");
+ if(n.is_even() || n < 2)
+ throw Invalid_Argument("jacobi: second argument must be odd and > 1");
+
+ BigInt x = a, y = n;
+ s32bit J = 1;
+
+ while(y > 1)
+ {
+ x %= y;
+ if(x > y / 2)
+ {
+ x = y - x;
+ if(y % 4 == 3)
+ J = -J;
+ }
+ if(x.is_zero())
+ return 0;
+
+ u32bit shifts = low_zero_bits(x);
+ x >>= shifts;
+ if(shifts % 2)
+ {
+ word y_mod_8 = y % 8;
+ if(y_mod_8 == 3 || y_mod_8 == 5)
+ J = -J;
+ }
+
+ if(x % 4 == 3 && y % 4 == 3)
+ J = -J;
+ std::swap(x, y);
+ }
+ return J;
+ }
+
+}
diff --git a/src/kas_tab.cpp b/src/kas_tab.cpp
new file mode 100644
index 000000000..4172ad114
--- /dev/null
+++ b/src/kas_tab.cpp
@@ -0,0 +1,82 @@
+/*************************************************
+* S-Box Tables for KASUMI *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/kasumi.h>
+
+namespace Botan {
+
+const byte KASUMI_SBOX_S7[128] = {
+ 0x36, 0x32, 0x3E, 0x38, 0x16, 0x22, 0x5E, 0x60, 0x26, 0x06, 0x3F, 0x5D,
+ 0x02, 0x12, 0x7B, 0x21, 0x37, 0x71, 0x27, 0x72, 0x15, 0x43, 0x41, 0x0C,
+ 0x2F, 0x49, 0x2E, 0x1B, 0x19, 0x6F, 0x7C, 0x51, 0x35, 0x09, 0x79, 0x4F,
+ 0x34, 0x3C, 0x3A, 0x30, 0x65, 0x7F, 0x28, 0x78, 0x68, 0x46, 0x47, 0x2B,
+ 0x14, 0x7A, 0x48, 0x3D, 0x17, 0x6D, 0x0D, 0x64, 0x4D, 0x01, 0x10, 0x07,
+ 0x52, 0x0A, 0x69, 0x62, 0x75, 0x74, 0x4C, 0x0B, 0x59, 0x6A, 0x00, 0x7D,
+ 0x76, 0x63, 0x56, 0x45, 0x1E, 0x39, 0x7E, 0x57, 0x70, 0x33, 0x11, 0x05,
+ 0x5F, 0x0E, 0x5A, 0x54, 0x5B, 0x08, 0x23, 0x67, 0x20, 0x61, 0x1C, 0x42,
+ 0x66, 0x1F, 0x1A, 0x2D, 0x4B, 0x04, 0x55, 0x5C, 0x25, 0x4A, 0x50, 0x31,
+ 0x44, 0x1D, 0x73, 0x2C, 0x40, 0x6B, 0x6C, 0x18, 0x6E, 0x53, 0x24, 0x4E,
+ 0x2A, 0x13, 0x0F, 0x29, 0x58, 0x77, 0x3B, 0x03 };
+
+const u16bit KASUMI_SBOX_S9[512] = {
+ 0x00A7, 0x00EF, 0x00A1, 0x017B, 0x0187, 0x014E, 0x0009, 0x0152, 0x0026,
+ 0x00E2, 0x0030, 0x0166, 0x01C4, 0x0181, 0x005A, 0x018D, 0x00B7, 0x00FD,
+ 0x0093, 0x014B, 0x019F, 0x0154, 0x0033, 0x016A, 0x0132, 0x01F4, 0x0106,
+ 0x0052, 0x00D8, 0x009F, 0x0164, 0x00B1, 0x00AF, 0x00F1, 0x01E9, 0x0025,
+ 0x00CE, 0x0011, 0x0000, 0x014D, 0x002C, 0x00FE, 0x017A, 0x003A, 0x008F,
+ 0x00DC, 0x0051, 0x0190, 0x005F, 0x0003, 0x013B, 0x00F5, 0x0036, 0x00EB,
+ 0x00DA, 0x0195, 0x01D8, 0x0108, 0x00AC, 0x01EE, 0x0173, 0x0122, 0x018F,
+ 0x004C, 0x00A5, 0x00C5, 0x018B, 0x0079, 0x0101, 0x01E0, 0x01A7, 0x00D4,
+ 0x00F0, 0x001C, 0x01CE, 0x00B0, 0x0196, 0x01FB, 0x0120, 0x00DF, 0x01F5,
+ 0x0197, 0x00F9, 0x0109, 0x0059, 0x00BA, 0x00DD, 0x01AC, 0x00A4, 0x004A,
+ 0x01B8, 0x00C4, 0x01CA, 0x01A5, 0x015E, 0x00A3, 0x00E8, 0x009E, 0x0086,
+ 0x0162, 0x000D, 0x00FA, 0x01EB, 0x008E, 0x00BF, 0x0045, 0x00C1, 0x01A9,
+ 0x0098, 0x00E3, 0x016E, 0x0087, 0x0158, 0x012C, 0x0114, 0x00F2, 0x01B5,
+ 0x0140, 0x0071, 0x0116, 0x000B, 0x00F3, 0x0057, 0x013D, 0x0024, 0x005D,
+ 0x01F0, 0x001B, 0x01E7, 0x01BE, 0x01E2, 0x0029, 0x0044, 0x009C, 0x01C9,
+ 0x0083, 0x0146, 0x0193, 0x0153, 0x0014, 0x0027, 0x0073, 0x01BA, 0x007C,
+ 0x01DB, 0x0180, 0x01FC, 0x0035, 0x0070, 0x00AA, 0x01DF, 0x0097, 0x007E,
+ 0x00A9, 0x0049, 0x010C, 0x0117, 0x0141, 0x00A8, 0x016C, 0x016B, 0x0124,
+ 0x002E, 0x01F3, 0x0189, 0x0147, 0x0144, 0x0018, 0x01C8, 0x010B, 0x009D,
+ 0x01CC, 0x01E8, 0x01AA, 0x0135, 0x00E5, 0x01B7, 0x01FA, 0x00D0, 0x010F,
+ 0x015D, 0x0191, 0x01B2, 0x00EC, 0x0010, 0x00D1, 0x0167, 0x0034, 0x0038,
+ 0x0078, 0x00C7, 0x0115, 0x01D1, 0x01A0, 0x00FC, 0x011F, 0x00F6, 0x0006,
+ 0x0053, 0x0131, 0x01A4, 0x0159, 0x0099, 0x01F6, 0x0041, 0x003D, 0x00F4,
+ 0x011A, 0x00AD, 0x00DE, 0x01A2, 0x0043, 0x0182, 0x0170, 0x0105, 0x0065,
+ 0x01DC, 0x0123, 0x00C3, 0x01AE, 0x0031, 0x004F, 0x00A6, 0x014A, 0x0118,
+ 0x017F, 0x0175, 0x0080, 0x017E, 0x0198, 0x009B, 0x01EF, 0x016F, 0x0184,
+ 0x0112, 0x006B, 0x01CB, 0x01A1, 0x003E, 0x01C6, 0x0084, 0x00E1, 0x00CB,
+ 0x013C, 0x00EA, 0x000E, 0x012D, 0x005B, 0x01F7, 0x011E, 0x01A8, 0x00D3,
+ 0x015B, 0x0133, 0x008C, 0x0176, 0x0023, 0x0067, 0x007D, 0x01AB, 0x0013,
+ 0x00D6, 0x01C5, 0x0092, 0x01F2, 0x013A, 0x01BC, 0x00E6, 0x0100, 0x0149,
+ 0x00C6, 0x011D, 0x0032, 0x0074, 0x004E, 0x019A, 0x000A, 0x00CD, 0x01FE,
+ 0x00AB, 0x00E7, 0x002D, 0x008B, 0x01D3, 0x001D, 0x0056, 0x01F9, 0x0020,
+ 0x0048, 0x001A, 0x0156, 0x0096, 0x0139, 0x01EA, 0x01AF, 0x00EE, 0x019B,
+ 0x0145, 0x0095, 0x01D9, 0x0028, 0x0077, 0x00AE, 0x0163, 0x00B9, 0x00E9,
+ 0x0185, 0x0047, 0x01C0, 0x0111, 0x0174, 0x0037, 0x006E, 0x00B2, 0x0142,
+ 0x000C, 0x01D5, 0x0188, 0x0171, 0x00BE, 0x0001, 0x006D, 0x0177, 0x0089,
+ 0x00B5, 0x0058, 0x004B, 0x0134, 0x0104, 0x01E4, 0x0062, 0x0110, 0x0172,
+ 0x0113, 0x019C, 0x006F, 0x0150, 0x013E, 0x0004, 0x01F8, 0x01EC, 0x0103,
+ 0x0130, 0x004D, 0x0151, 0x01B3, 0x0015, 0x0165, 0x012F, 0x014C, 0x01E3,
+ 0x0012, 0x002F, 0x0055, 0x0019, 0x01F1, 0x01DA, 0x0121, 0x0064, 0x010D,
+ 0x0128, 0x01DE, 0x010E, 0x006A, 0x001F, 0x0068, 0x01B1, 0x0054, 0x019E,
+ 0x01E6, 0x018A, 0x0060, 0x0063, 0x009A, 0x01FF, 0x0094, 0x019D, 0x0169,
+ 0x0199, 0x00FF, 0x00A2, 0x00D7, 0x012E, 0x00C9, 0x010A, 0x015F, 0x0157,
+ 0x0090, 0x01B9, 0x016D, 0x006C, 0x012A, 0x00FB, 0x0022, 0x00B6, 0x01FD,
+ 0x008A, 0x00D2, 0x014F, 0x0085, 0x0137, 0x0160, 0x0148, 0x008D, 0x018C,
+ 0x015A, 0x007B, 0x013F, 0x01C2, 0x0119, 0x01AD, 0x00E4, 0x01BB, 0x01E1,
+ 0x005C, 0x0194, 0x01E5, 0x01A6, 0x00F8, 0x0129, 0x0017, 0x00D5, 0x0082,
+ 0x01D2, 0x0016, 0x00D9, 0x011B, 0x0046, 0x0126, 0x0168, 0x01A3, 0x007F,
+ 0x0138, 0x0179, 0x0007, 0x01D4, 0x00C2, 0x0002, 0x0075, 0x0127, 0x01CF,
+ 0x0102, 0x00E0, 0x01BF, 0x00F7, 0x00BB, 0x0050, 0x018E, 0x011C, 0x0161,
+ 0x0069, 0x0186, 0x012B, 0x01D7, 0x01D6, 0x00B8, 0x0039, 0x00C8, 0x015C,
+ 0x003F, 0x00CC, 0x00BC, 0x0021, 0x01C3, 0x0061, 0x001E, 0x0136, 0x00DB,
+ 0x005E, 0x00A0, 0x0081, 0x01ED, 0x0040, 0x00B3, 0x0107, 0x0066, 0x00BD,
+ 0x00CF, 0x0072, 0x0192, 0x01B6, 0x01DD, 0x0183, 0x007A, 0x00C0, 0x002A,
+ 0x017D, 0x0005, 0x0091, 0x0076, 0x00B4, 0x01C1, 0x0125, 0x0143, 0x0088,
+ 0x017C, 0x002B, 0x0042, 0x003C, 0x01C7, 0x0155, 0x01BD, 0x00CA, 0x01B0,
+ 0x0008, 0x00ED, 0x000F, 0x0178, 0x01B4, 0x01D0, 0x003B, 0x01CD };
+
+}
diff --git a/src/kasumi.cpp b/src/kasumi.cpp
new file mode 100644
index 000000000..b7d6c63d8
--- /dev/null
+++ b/src/kasumi.cpp
@@ -0,0 +1,139 @@
+/*************************************************
+* KASUMI Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/kasumi.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* KASUMI FI Function *
+*************************************************/
+u16bit FI(u16bit I, u16bit K)
+ {
+ u16bit D9 = (I >> 7);
+ byte D7 = (I & 0x7F);
+ D9 = KASUMI_SBOX_S9[D9] ^ D7;
+ D7 = KASUMI_SBOX_S7[D7] ^ (D9 & 0x7F);
+
+ D7 ^= (K >> 9);
+ D9 = KASUMI_SBOX_S9[D9 ^ (K & 0x1FF)] ^ D7;
+ D7 = KASUMI_SBOX_S7[D7] ^ (D9 & 0x7F);
+ return (D7 << 9) | D9;
+ }
+
+}
+
+/*************************************************
+* KASUMI Encryption *
+*************************************************/
+void KASUMI::enc(const byte in[], byte out[]) const
+ {
+ u16bit B0 = make_u16bit(in[0], in[1]), B1 = make_u16bit(in[2], in[3]),
+ B2 = make_u16bit(in[4], in[5]), B3 = make_u16bit(in[6], in[7]);
+
+ for(u32bit j = 0; j != 8; j += 2)
+ {
+ const u16bit* K = EK + 8*j;
+
+ u16bit R = B1 ^ (rotate_left(B0, 1) & K[0]);
+ u16bit L = B0 ^ (rotate_left(R, 1) | K[1]);
+
+ L = FI(L ^ K[ 2], K[ 3]) ^ R;
+ R = FI(R ^ K[ 4], K[ 5]) ^ L;
+ L = FI(L ^ K[ 6], K[ 7]) ^ R;
+
+ R = B2 ^= R;
+ L = B3 ^= L;
+
+ R = FI(R ^ K[10], K[11]) ^ L;
+ L = FI(L ^ K[12], K[13]) ^ R;
+ R = FI(R ^ K[14], K[15]) ^ L;
+
+ R ^= (rotate_left(L, 1) & K[8]);
+ L ^= (rotate_left(R, 1) | K[9]);
+
+ B0 ^= L;
+ B1 ^= R;
+ }
+
+ out[0] = get_byte(0, B0); out[1] = get_byte(1, B0);
+ out[2] = get_byte(0, B1); out[3] = get_byte(1, B1);
+ out[4] = get_byte(0, B2); out[5] = get_byte(1, B2);
+ out[6] = get_byte(0, B3); out[7] = get_byte(1, B3);
+ }
+
+/*************************************************
+* KASUMI Decryption *
+*************************************************/
+void KASUMI::dec(const byte in[], byte out[]) const
+ {
+ u16bit B0 = make_u16bit(in[0], in[1]), B1 = make_u16bit(in[2], in[3]),
+ B2 = make_u16bit(in[4], in[5]), B3 = make_u16bit(in[6], in[7]);
+
+ for(u32bit j = 0; j != 8; j += 2)
+ {
+ const u16bit* K = EK + 8*(6-j);
+
+ u16bit L = B2, R = B3;
+
+ L = FI(L ^ K[10], K[11]) ^ R;
+ R = FI(R ^ K[12], K[13]) ^ L;
+ L = FI(L ^ K[14], K[15]) ^ R;
+
+ L ^= (rotate_left(R, 1) & K[8]);
+ R ^= (rotate_left(L, 1) | K[9]);
+
+ R = B0 ^= R;
+ L = B1 ^= L;
+
+ L ^= (rotate_left(R, 1) & K[0]);
+ R ^= (rotate_left(L, 1) | K[1]);
+
+ R = FI(R ^ K[2], K[3]) ^ L;
+ L = FI(L ^ K[4], K[5]) ^ R;
+ R = FI(R ^ K[6], K[7]) ^ L;
+
+ B2 ^= L;
+ B3 ^= R;
+ }
+
+ out[0] = get_byte(0, B0); out[1] = get_byte(1, B0);
+ out[2] = get_byte(0, B1); out[3] = get_byte(1, B1);
+ out[4] = get_byte(0, B2); out[5] = get_byte(1, B2);
+ out[6] = get_byte(0, B3); out[7] = get_byte(1, B3);
+ }
+
+/*************************************************
+* KASUMI Key Schedule *
+*************************************************/
+void KASUMI::key(const byte key[], u32bit)
+ {
+ static const u16bit RC[] = { 0x0123, 0x4567, 0x89AB, 0xCDEF,
+ 0xFEDC, 0xBA98, 0x7654, 0x3210 };
+
+ SecureBuffer<u16bit, 16> K;
+ for(u32bit j = 0; j != 8; ++j)
+ {
+ K[j] = make_u16bit(key[2*j], key[2*j+1]);
+ K[j+8] = K[j] ^ RC[j];
+ }
+
+ for(u32bit j = 0; j != 8; ++j)
+ {
+ EK[8*j ] = rotate_left(K[(j+0) % 8 ], 2);
+ EK[8*j+1] = rotate_left(K[(j+2) % 8 + 8], 1);
+ EK[8*j+2] = rotate_left(K[(j+1) % 8 ], 5);
+ EK[8*j+3] = K[(j+4) % 8 + 8];
+ EK[8*j+4] = rotate_left(K[(j+5) % 8 ], 8);
+ EK[8*j+5] = K[(j+3) % 8 + 8];
+ EK[8*j+6] = rotate_left(K[(j+6) % 8 ], 13);
+ EK[8*j+7] = K[(j+7) % 8 + 8];
+ }
+ }
+
+}
diff --git a/src/kdf.cpp b/src/kdf.cpp
new file mode 100644
index 000000000..c9a86796f
--- /dev/null
+++ b/src/kdf.cpp
@@ -0,0 +1,75 @@
+/*************************************************
+* KDF1/KDF2 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/kdf.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+#include <algorithm>
+#include <memory>
+
+namespace Botan {
+
+/*************************************************
+* KDF1 Key Derivation Mechanism *
+*************************************************/
+SecureVector<byte> KDF1::derive(u32bit,
+ const byte secret[], u32bit secret_len,
+ const byte P[], u32bit P_len) const
+ {
+ std::auto_ptr<HashFunction> hash(get_hash(hash_name));
+
+ hash->update(secret, secret_len);
+ hash->update(P, P_len);
+ return hash->final();
+ }
+
+/*************************************************
+* KDF1 Constructor *
+*************************************************/
+KDF1::KDF1(const std::string& h_name) : hash_name(h_name)
+ {
+ if(!have_hash(hash_name))
+ throw Algorithm_Not_Found(hash_name);
+ }
+
+/*************************************************
+* KDF2 Key Derivation Mechanism *
+*************************************************/
+SecureVector<byte> KDF2::derive(u32bit out_len,
+ const byte secret[], u32bit secret_len,
+ const byte P[], u32bit P_len) const
+ {
+ SecureVector<byte> output;
+ u32bit counter = 1;
+
+ std::auto_ptr<HashFunction> hash(get_hash(hash_name));
+ while(out_len)
+ {
+ hash->update(secret, secret_len);
+ for(u32bit j = 0; j != 4; ++j)
+ hash->update(get_byte(j, counter));
+ hash->update(P, P_len);
+ SecureVector<byte> hash_result = hash->final();
+
+ u32bit added = std::min(hash_result.size(), out_len);
+ output.append(hash_result, added);
+ out_len -= added;
+
+ ++counter;
+ }
+
+ return output;
+ }
+
+/*************************************************
+* KDF2 Constructor *
+*************************************************/
+KDF2::KDF2(const std::string& h_name) : hash_name(h_name)
+ {
+ if(!have_hash(hash_name))
+ throw Algorithm_Not_Found(hash_name);
+ }
+
+}
diff --git a/src/keypair.cpp b/src/keypair.cpp
new file mode 100644
index 000000000..11ddbd811
--- /dev/null
+++ b/src/keypair.cpp
@@ -0,0 +1,58 @@
+/*************************************************
+* Keypair Checks Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/keypair.h>
+#include <botan/look_pk.h>
+#include <botan/rng.h>
+#include <memory>
+
+namespace Botan {
+
+namespace KeyPair {
+
+/*************************************************
+* Check an encryption key pair for consistency *
+*************************************************/
+void check_key(PK_Encryptor* encryptor, PK_Decryptor* decryptor)
+ {
+ std::auto_ptr<PK_Encryptor> enc(encryptor);
+ std::auto_ptr<PK_Decryptor> dec(decryptor);
+
+ SecureVector<byte> message(enc->maximum_input_size() - 1);
+ Global_RNG::randomize(message, message.size());
+
+ SecureVector<byte> ciphertext = enc->encrypt(message);
+ if(ciphertext == message)
+ throw Self_Test_Failure("Encryption key pair consistency failure");
+
+ SecureVector<byte> message2 = dec->decrypt(ciphertext);
+ if(message != message2)
+ throw Self_Test_Failure("Encryption key pair consistency failure");
+ }
+
+/*************************************************
+* Check a signature key pair for consistency *
+*************************************************/
+void check_key(PK_Signer* signer, PK_Verifier* verifier)
+ {
+ std::auto_ptr<PK_Signer> sig(signer);
+ std::auto_ptr<PK_Verifier> ver(verifier);
+
+ SecureVector<byte> message(16);
+ Global_RNG::randomize(message, message.size());
+
+ SecureVector<byte> signature = sig->sign_message(message);
+
+ if(!ver->verify_message(message, signature))
+ throw Self_Test_Failure("Signature key pair consistency failure");
+
+ ++message[0];
+ if(ver->verify_message(message, signature))
+ throw Self_Test_Failure("Signature key pair consistency failure");
+ }
+
+}
+
+}
diff --git a/src/libstate.cpp b/src/libstate.cpp
new file mode 100644
index 000000000..4990938f3
--- /dev/null
+++ b/src/libstate.cpp
@@ -0,0 +1,314 @@
+/*************************************************
+* Library Internal/Global State Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/libstate.h>
+#include <botan/stl_util.h>
+#include <botan/engine.h>
+#include <botan/mutex.h>
+#include <botan/timers.h>
+
+namespace Botan {
+
+/*************************************************
+* Botan's global state *
+*************************************************/
+Library_State* global_lib_state = 0;
+
+Library_State& global_state()
+ {
+ if(!global_lib_state)
+ throw Invalid_State("Library was not intialized correctly");
+ return (*global_lib_state);
+ }
+
+void set_global_state(Library_State* new_state)
+ {
+ delete global_lib_state;
+ global_lib_state = new_state;
+ }
+
+namespace {
+
+/*************************************************
+* Named Mutex Holder *
+*************************************************/
+class Named_Mutex_Holder
+ {
+ public:
+ Named_Mutex_Holder(const std::map<std::string, Mutex*>& mutexes,
+ const std::string& name)
+ {
+ mux = search_map<std::string, Mutex*>(mutexes, name, 0);
+
+ if(!mux)
+ throw Invalid_Argument("Named_Mutex_Holder: mutex not found");
+
+ mux->lock();
+ }
+
+ ~Named_Mutex_Holder() { mux->unlock(); }
+ private:
+ Mutex* mux;
+ };
+
+}
+
+/*************************************************
+* Increment the Engine iterator *
+*************************************************/
+Engine* Library_State::Engine_Iterator::next()
+ {
+ return lib.get_engine_n(n++);
+ }
+
+/*************************************************
+* Get a new mutex object *
+*************************************************/
+Mutex* Library_State::get_mutex()
+ {
+ return mutex_factory->make();
+ }
+
+/*************************************************
+* Get an allocator by its name *
+*************************************************/
+Allocator* Library_State::get_allocator(const std::string& type) const
+ {
+ Named_Mutex_Holder lock(locks, "allocator");
+
+ if(type != "")
+ return search_map<std::string, Allocator*>(alloc_factory, type, 0);
+
+ if(!cached_default_allocator)
+ {
+ const std::string key_name = "conf/base/default_allocator";
+
+ Named_Mutex_Holder lock(locks, "settings");
+ std::string chosen = search_map(settings, key_name);
+
+ if(chosen == "")
+ chosen = "malloc";
+
+ cached_default_allocator =
+ search_map<std::string, Allocator*>(alloc_factory, chosen, 0);
+ }
+
+ return cached_default_allocator;
+ }
+
+/*************************************************
+* Create a new name to object mapping *
+*************************************************/
+void Library_State::add_allocator(const std::string& type,
+ Allocator* allocator)
+ {
+ Named_Mutex_Holder lock(locks, "allocator");
+
+ allocator->init();
+ if(alloc_factory[type])
+ delete alloc_factory[type];
+ alloc_factory[type] = allocator;
+ }
+
+/*************************************************
+* Read a high resolution clock *
+*************************************************/
+u64bit Library_State::system_clock() const
+ {
+ return timer->clock();
+ }
+
+/*************************************************
+* Set the global PRNG *
+*************************************************/
+void Library_State::set_prng(RandomNumberGenerator* new_rng)
+ {
+ Named_Mutex_Holder lock(locks, "rng");
+
+ delete rng;
+ rng = new_rng;
+ }
+
+/*************************************************
+* Get bytes from the global PRNG *
+*************************************************/
+void Library_State::randomize(byte out[], u32bit length)
+ {
+ Named_Mutex_Holder lock(locks, "rng");
+
+ rng->randomize(out, length);
+ }
+
+/*************************************************
+* Add a new entropy source to use *
+*************************************************/
+void Library_State::add_entropy_source(EntropySource* src, bool last_in_list)
+ {
+ Named_Mutex_Holder lock(locks, "rng");
+
+ if(last_in_list)
+ entropy_sources.push_back(src);
+ else
+ entropy_sources.insert(entropy_sources.begin(), src);
+ }
+
+/*************************************************
+* Add some bytes of entropy to the global PRNG *
+*************************************************/
+void Library_State::add_entropy(const byte in[], u32bit length)
+ {
+ Named_Mutex_Holder lock(locks, "rng");
+
+ rng->add_entropy(in, length);
+ }
+
+/*************************************************
+* Add some bytes of entropy to the global PRNG *
+*************************************************/
+void Library_State::add_entropy(EntropySource& source, bool slow_poll)
+ {
+ Named_Mutex_Holder lock(locks, "rng");
+
+ rng->add_entropy(source, slow_poll);
+ }
+
+/*************************************************
+* Gather entropy for our PRNG object *
+*************************************************/
+u32bit Library_State::seed_prng(bool slow_poll, u32bit bits_to_get)
+ {
+ Named_Mutex_Holder lock(locks, "rng");
+
+ u32bit bits = 0;
+ for(u32bit j = 0; j != entropy_sources.size(); ++j)
+ {
+ bits += rng->add_entropy(*(entropy_sources[j]), slow_poll);
+
+ if(bits_to_get && bits >= bits_to_get)
+ return bits;
+ }
+
+ return bits;
+ }
+
+/*************************************************
+* Set a named option *
+*************************************************/
+void Library_State::set_option(const std::string& section,
+ const std::string& name,
+ const std::string& value,
+ bool overwrite)
+ {
+ Named_Mutex_Holder lock(locks, "settings");
+
+ std::map<std::string, std::string>::const_iterator i = settings.find(name);
+
+ if(overwrite || i == settings.end() || i->second == "")
+ {
+ const std::string full_name = section + "/" + name;
+ settings[full_name] = value;
+
+ if(full_name == "base/default_allocator")
+ cached_default_allocator = 0;
+ }
+ }
+
+/*************************************************
+* Get the value of the named option *
+*************************************************/
+std::string Library_State::get_option(const std::string& section,
+ const std::string& name) const
+ {
+ Named_Mutex_Holder lock(locks, "settings");
+
+ return search_map<std::string, std::string>(settings,
+ section + "/" + name, "");
+ }
+
+/*************************************************
+* See if a particular option has been set *
+*************************************************/
+bool Library_State::option_set(const std::string& section,
+ const std::string& name) const
+ {
+ Named_Mutex_Holder lock(locks, "settings");
+
+ return search_map(settings, section + "/" + name, false, true);
+ }
+
+/*************************************************
+* Get an engine out of the list *
+*************************************************/
+Engine* Library_State::get_engine_n(u32bit n) const
+ {
+ Named_Mutex_Holder lock(locks, "engine");
+
+ if(n >= engines.size())
+ return 0;
+ return engines[n];
+ }
+
+/*************************************************
+* Add a new engine to the list *
+*************************************************/
+void Library_State::add_engine(Engine* engine)
+ {
+ Named_Mutex_Holder lock(locks, "engine");
+ engines.push_back(engine);
+ }
+
+/*************************************************
+* Library_State Constructor *
+*************************************************/
+Library_State::Library_State(Mutex_Factory* mutex_factory, Timer* timer)
+ {
+ if(!mutex_factory)
+ mutex_factory = new Mutex_Factory;
+ if(!timer)
+ timer = new Timer;
+
+ this->mutex_factory = mutex_factory;
+ this->timer = timer;
+
+ locks["settings"] = get_mutex();
+ locks["allocator"] = get_mutex();
+ locks["rng"] = get_mutex();
+ locks["engine"] = get_mutex();
+ rng = 0;
+ cached_default_allocator = 0;
+
+ set_default_policy();
+ }
+
+/*************************************************
+* Library_State Destructor *
+*************************************************/
+Library_State::~Library_State()
+ {
+ cached_default_allocator = 0;
+ delete rng;
+
+ for(u32bit j = 0; j != entropy_sources.size(); ++j)
+ delete entropy_sources[j];
+
+ for(u32bit j = 0; j != engines.size(); ++j)
+ delete engines[j];
+
+ for(std::map<std::string, Allocator*>::iterator j = alloc_factory.begin();
+ j != alloc_factory.end(); ++j)
+ {
+ j->second->destroy();
+ delete j->second;
+ }
+
+ delete mutex_factory;
+ delete timer;
+
+ for(std::map<std::string, Mutex*>::iterator j = locks.begin();
+ j != locks.end(); ++j)
+ delete j->second;
+ }
+
+}
diff --git a/src/lion.cpp b/src/lion.cpp
new file mode 100644
index 000000000..612cb231e
--- /dev/null
+++ b/src/lion.cpp
@@ -0,0 +1,113 @@
+/*************************************************
+* Lion Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/lion.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+#include <botan/parsing.h>
+
+namespace Botan {
+
+/*************************************************
+* Lion Encryption *
+*************************************************/
+void Lion::enc(const byte in[], byte out[]) const
+ {
+ SecureVector<byte> buffer(LEFT_SIZE);
+
+ xor_buf(buffer, in, key1, LEFT_SIZE);
+ cipher->set_key(buffer, LEFT_SIZE);
+ cipher->encrypt(in + LEFT_SIZE, out + LEFT_SIZE, RIGHT_SIZE);
+
+ hash->update(out + LEFT_SIZE, RIGHT_SIZE);
+ hash->final(buffer);
+ xor_buf(out, in, buffer, LEFT_SIZE);
+
+ xor_buf(buffer, out, key2, LEFT_SIZE);
+ cipher->set_key(buffer, LEFT_SIZE);
+ cipher->encrypt(out + LEFT_SIZE, RIGHT_SIZE);
+ }
+
+/*************************************************
+* Lion Decryption *
+*************************************************/
+void Lion::dec(const byte in[], byte out[]) const
+ {
+ SecureVector<byte> buffer(LEFT_SIZE);
+
+ xor_buf(buffer, in, key2, LEFT_SIZE);
+ cipher->set_key(buffer, LEFT_SIZE);
+ cipher->encrypt(in + LEFT_SIZE, out + LEFT_SIZE, RIGHT_SIZE);
+
+ hash->update(out + LEFT_SIZE, RIGHT_SIZE);
+ hash->final(buffer);
+ xor_buf(out, in, buffer, LEFT_SIZE);
+
+ xor_buf(buffer, out, key1, LEFT_SIZE);
+ cipher->set_key(buffer, LEFT_SIZE);
+ cipher->encrypt(out + LEFT_SIZE, RIGHT_SIZE);
+ }
+
+/*************************************************
+* Lion Key Schedule *
+*************************************************/
+void Lion::key(const byte key[], u32bit length)
+ {
+ clear();
+
+ key1.copy(key, length / 2);
+ key2.copy(key + length / 2, length / 2);
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string Lion::name() const
+ {
+ return "Lion(" + hash->name() + "," +
+ cipher->name() + "," +
+ to_string(BLOCK_SIZE) + ")";
+ }
+
+/*************************************************
+* Return a clone of this object *
+*************************************************/
+BlockCipher* Lion::clone() const
+ {
+ return new Lion(hash->name(), cipher->name(), BLOCK_SIZE);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void Lion::clear() throw()
+ {
+ hash->clear();
+ cipher->clear();
+ key1.clear();
+ key2.clear();
+ }
+
+/*************************************************
+* Lion Constructor *
+*************************************************/
+Lion::Lion(const std::string& hash_name, const std::string& sc_name,
+ u32bit block_len) :
+ BlockCipher(block_len, 2, 2*output_length_of(hash_name), 2),
+ LEFT_SIZE(output_length_of(hash_name)), RIGHT_SIZE(BLOCK_SIZE - LEFT_SIZE)
+ {
+ hash = get_hash(hash_name);
+ cipher = get_stream_cipher(sc_name);
+
+ if(2*LEFT_SIZE + 1 > BLOCK_SIZE)
+ throw Invalid_Argument(name() + ": Chosen block size is too small");
+ if(!cipher->valid_keylength(LEFT_SIZE))
+ throw Exception(name() + ": This stream/hash combination is invalid");
+
+ key1.create(LEFT_SIZE);
+ key2.create(LEFT_SIZE);
+ }
+
+}
diff --git a/src/look_pk.cpp b/src/look_pk.cpp
new file mode 100644
index 000000000..80552b728
--- /dev/null
+++ b/src/look_pk.cpp
@@ -0,0 +1,74 @@
+/*************************************************
+* PK Algorithm Lookup Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/look_pk.h>
+#include <botan/lookup.h>
+
+namespace Botan {
+
+/*************************************************
+* Get a PK_Encryptor object *
+*************************************************/
+PK_Encryptor* get_pk_encryptor(const PK_Encrypting_Key& key,
+ const std::string& eme)
+ {
+ return new PK_Encryptor_MR_with_EME(key, eme);
+ }
+
+/*************************************************
+* Get a PK_Decryptor object *
+*************************************************/
+PK_Decryptor* get_pk_decryptor(const PK_Decrypting_Key& key,
+ const std::string& eme)
+ {
+ return new PK_Decryptor_MR_with_EME(key, eme);
+ }
+
+/*************************************************
+* Get a PK_Signer object *
+*************************************************/
+PK_Signer* get_pk_signer(const PK_Signing_Key& key,
+ const std::string& encoding,
+ Signature_Format sig_format)
+ {
+ PK_Signer* signer = new PK_Signer(key, encoding);
+ signer->set_output_format(sig_format);
+ return signer;
+ }
+
+/*************************************************
+* Get a PK_Verifier object *
+*************************************************/
+PK_Verifier* get_pk_verifier(const PK_Verifying_with_MR_Key& key,
+ const std::string& encoding,
+ Signature_Format sig_format)
+ {
+ PK_Verifier* verifier = new PK_Verifier_with_MR(key, encoding);
+ verifier->set_input_format(sig_format);
+ return verifier;
+ }
+
+/*************************************************
+* Get a PK_Verifier object *
+*************************************************/
+PK_Verifier* get_pk_verifier(const PK_Verifying_wo_MR_Key& key,
+ const std::string& encoding,
+ Signature_Format sig_format)
+ {
+ PK_Verifier* verifier = new PK_Verifier_wo_MR(key, encoding);
+ verifier->set_input_format(sig_format);
+ return verifier;
+ }
+
+/*************************************************
+* Get a PK_Key_Agreement object *
+*************************************************/
+PK_Key_Agreement* get_pk_kas(const PK_Key_Agreement_Key& key,
+ const std::string& kdf)
+ {
+ return new PK_Key_Agreement(key, kdf);
+ }
+
+}
diff --git a/src/lubyrack.cpp b/src/lubyrack.cpp
new file mode 100644
index 000000000..0c3d4b284
--- /dev/null
+++ b/src/lubyrack.cpp
@@ -0,0 +1,114 @@
+/*************************************************
+* Luby-Rackoff Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/lubyrack.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* Luby-Rackoff Encryption *
+*************************************************/
+void LubyRackoff::enc(const byte in[], byte out[]) const
+ {
+ const u32bit OUTPUT_LENGTH = hash->OUTPUT_LENGTH;
+
+ SecureVector<byte> buffer(OUTPUT_LENGTH);
+ hash->update(K1);
+ hash->update(in, OUTPUT_LENGTH);
+ hash->final(buffer);
+ xor_buf(out + OUTPUT_LENGTH, in + OUTPUT_LENGTH, buffer, OUTPUT_LENGTH);
+
+ hash->update(K2);
+ hash->update(out + OUTPUT_LENGTH, OUTPUT_LENGTH);
+ hash->final(buffer);
+ xor_buf(out, in, buffer, OUTPUT_LENGTH);
+
+ hash->update(K1);
+ hash->update(out, OUTPUT_LENGTH);
+ hash->final(buffer);
+ xor_buf(out + OUTPUT_LENGTH, buffer, OUTPUT_LENGTH);
+
+ hash->update(K2);
+ hash->update(out + OUTPUT_LENGTH, OUTPUT_LENGTH);
+ hash->final(buffer);
+ xor_buf(out, buffer, OUTPUT_LENGTH);
+ }
+
+/*************************************************
+* Luby-Rackoff Decryption *
+*************************************************/
+void LubyRackoff::dec(const byte in[], byte out[]) const
+ {
+ const u32bit OUTPUT_LENGTH = hash->OUTPUT_LENGTH;
+
+ SecureVector<byte> buffer(OUTPUT_LENGTH);
+ hash->update(K2);
+ hash->update(in + OUTPUT_LENGTH, OUTPUT_LENGTH);
+ hash->final(buffer);
+ xor_buf(out, in, buffer, OUTPUT_LENGTH);
+
+ hash->update(K1);
+ hash->update(out, OUTPUT_LENGTH);
+ hash->final(buffer);
+ xor_buf(out + OUTPUT_LENGTH, in + OUTPUT_LENGTH, buffer, OUTPUT_LENGTH);
+
+ hash->update(K2);
+ hash->update(out + OUTPUT_LENGTH, OUTPUT_LENGTH);
+ hash->final(buffer);
+ xor_buf(out, buffer, OUTPUT_LENGTH);
+
+ hash->update(K1);
+ hash->update(out, OUTPUT_LENGTH);
+ hash->final(buffer);
+ xor_buf(out + OUTPUT_LENGTH, buffer, OUTPUT_LENGTH);
+ }
+
+/*************************************************
+* Luby-Rackoff Key Schedule *
+*************************************************/
+void LubyRackoff::key(const byte key[], u32bit length)
+ {
+ K1.set(key, length / 2);
+ K2.set(key + length / 2, length / 2);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void LubyRackoff::clear() throw()
+ {
+ K1.clear();
+ K2.clear();
+ hash->clear();
+ }
+
+/*************************************************
+* Return a clone of this object *
+*************************************************/
+BlockCipher* LubyRackoff::clone() const
+ {
+ return new LubyRackoff(hash->name());
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string LubyRackoff::name() const
+ {
+ return "Luby-Rackoff(" + hash->name() + ")";
+ }
+
+/*************************************************
+* Luby-Rackoff Constructor *
+*************************************************/
+LubyRackoff::LubyRackoff(const std::string& hash_name) :
+ BlockCipher(2*output_length_of(hash_name), 2, 32, 2),
+ hash(get_hash(hash_name))
+ {
+ }
+
+}
diff --git a/src/make_prm.cpp b/src/make_prm.cpp
new file mode 100644
index 000000000..2874cb365
--- /dev/null
+++ b/src/make_prm.cpp
@@ -0,0 +1,177 @@
+/*************************************************
+* Prime Generation Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/numthry.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+#include <botan/parsing.h>
+#include <botan/rng.h>
+#include <botan/ui.h>
+#include <algorithm>
+#include <memory>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Increment the seed by one *
+*************************************************/
+void increment(SecureVector<byte>& seed)
+ {
+ for(u32bit j = seed.size(); j > 0; --j)
+ if(++seed[j-1])
+ break;
+ }
+
+}
+
+/*************************************************
+* Attempt DSA prime generation with given seed *
+*************************************************/
+bool generate_dsa_primes(BigInt& p, BigInt& q, const byte const_seed[],
+ u32bit seed_len, u32bit pbits, u32bit counter_start)
+ {
+ if(seed_len < 20)
+ throw Invalid_Argument("DSA prime generation needs a seed "
+ "at least 160 bits long");
+ if((pbits % 64 != 0) || (pbits > 1024) || (pbits < 512))
+ throw Invalid_Argument("DSA prime generation algorithm does not support "
+ "prime size " + to_string(pbits));
+
+ std::auto_ptr<HashFunction> sha1(get_hash("SHA-1"));
+
+ SecureVector<byte> seed(const_seed, seed_len);
+
+ SecureVector<byte> qhash = sha1->process(seed);
+ increment(seed);
+ SecureVector<byte> qhash2 = sha1->process(seed);
+ xor_buf(qhash, qhash2, qhash.size());
+
+ qhash[0] |= 0x80;
+ qhash[19] |= 0x01;
+ q.binary_decode(qhash, qhash.size());
+ if(!is_prime(q))
+ return false;
+ UI::pulse(UI::PRIME_FOUND);
+
+ u32bit n = (pbits-1) / 160, b = (pbits-1) % 160;
+ SecureVector<byte> W(20 * (n+1));
+ BigInt X;
+
+ for(u32bit j = 0; j != counter_start; ++j)
+ for(u32bit k = 0; k != n + 1; ++k)
+ increment(seed);
+
+ for(u32bit j = 0; j != 4096 - counter_start; ++j)
+ {
+ UI::pulse(UI::PRIME_SEARCHING);
+
+ for(u32bit k = 0; k != n + 1; ++k)
+ {
+ increment(seed);
+ sha1->update(seed);
+ sha1->final(W + 20 * (n-k));
+ }
+ X.binary_decode(W + (20 - 1 - b/8), W.size() - (20 - 1 - b/8));
+ X.set_bit(pbits-1);
+
+ p = X - (X % (2*q) - 1);
+
+ if(p.bits() == pbits && is_prime(p))
+ {
+ UI::pulse(UI::PRIME_FOUND);
+ return true;
+ }
+ }
+ return false;
+ }
+
+/*************************************************
+* Generate DSA Primes *
+*************************************************/
+SecureVector<byte> generate_dsa_primes(BigInt& p, BigInt& q, u32bit pbits)
+ {
+ SecureVector<byte> seed(20);
+
+ while(true)
+ {
+ Global_RNG::randomize(seed, seed.size());
+ UI::pulse(UI::PRIME_SEARCHING);
+ if(generate_dsa_primes(p, q, seed, seed.size(), pbits))
+ return seed;
+ }
+ }
+
+/*************************************************
+* Generate a random prime *
+*************************************************/
+BigInt random_prime(u32bit bits, const BigInt& coprime,
+ u32bit equiv, u32bit modulo)
+ {
+ if(bits <= 48)
+ throw Invalid_Argument("random_prime: Can't make a prime of " +
+ to_string(bits) + " bits");
+
+ if(coprime <= 0)
+ throw Invalid_Argument("random_prime: coprime must be > 0");
+ if(modulo % 2 == 1 || modulo == 0)
+ throw Invalid_Argument("random_prime: Invalid modulo value");
+ if(equiv >= modulo || equiv % 2 == 0)
+ throw Invalid_Argument("random_prime: equiv must be < modulo, and odd");
+
+ while(true)
+ {
+ UI::pulse(UI::PRIME_SEARCHING);
+
+ BigInt p = random_integer(bits);
+ p.set_bit(bits - 2);
+ p.set_bit(0);
+
+ if(p % modulo != equiv)
+ p += (modulo - p % modulo) + equiv;
+
+ const u32bit sieve_size = std::min(bits / 2, PRIME_TABLE_SIZE);
+ SecureVector<u32bit> sieve(sieve_size);
+
+ for(u32bit j = 0; j != sieve.size(); ++j)
+ {
+ sieve[j] = p % PRIMES[j];
+ UI::pulse(UI::PRIME_SIEVING);
+ }
+
+ u32bit counter = 0;
+ while(true)
+ {
+ if(counter == 4096 || p.bits() > bits)
+ break;
+
+ UI::pulse(UI::PRIME_SEARCHING);
+
+ bool passes_sieve = true;
+ ++counter;
+ p += modulo;
+
+ for(u32bit j = 0; j != sieve.size(); ++j)
+ {
+ sieve[j] = (sieve[j] + modulo) % PRIMES[j];
+ UI::pulse(UI::PRIME_SIEVING);
+ if(sieve[j] == 0)
+ passes_sieve = false;
+ }
+
+ if(!passes_sieve || gcd(p - 1, coprime) != 1)
+ continue;
+ UI::pulse(UI::PRIME_PASSED_SIEVE);
+ if(passes_mr_tests(p))
+ {
+ UI::pulse(UI::PRIME_FOUND);
+ return p;
+ }
+ }
+ }
+ }
+
+}
diff --git a/src/mars.cpp b/src/mars.cpp
new file mode 100644
index 000000000..06b143e72
--- /dev/null
+++ b/src/mars.cpp
@@ -0,0 +1,287 @@
+/*************************************************
+* MARS Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/mars.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Generate a mask for runs of bits *
+*************************************************/
+u32bit gen_mask(u32bit input)
+ {
+ u32bit mask = 0;
+
+ for(u32bit j = 2; j != 31; ++j)
+ {
+ u32bit region = (input >> (j-1)) & 0x07;
+
+ if(region == 0x00 || region == 0x07)
+ {
+ u32bit low = (j < 9) ? 0 : (j - 9);
+ u32bit high = (j < 23) ? j : 23;
+
+ for(u32bit k = low; k != high; ++k)
+ {
+ u32bit value = (input >> k) & 0x3FF;
+
+ if(value == 0 || value == 0x3FF)
+ {
+ mask |= 1 << j;
+ break;
+ }
+ }
+ }
+ }
+
+ return mask;
+ }
+
+}
+
+/*************************************************
+* MARS Encryption *
+*************************************************/
+void MARS::enc(const byte in[], byte out[]) const
+ {
+ u32bit A = make_u32bit(in[ 3], in[ 2], in[ 1], in[ 0]) + EK[0],
+ B = make_u32bit(in[ 7], in[ 6], in[ 5], in[ 4]) + EK[1],
+ C = make_u32bit(in[11], in[10], in[ 9], in[ 8]) + EK[2],
+ D = make_u32bit(in[15], in[14], in[13], in[12]) + EK[3];
+
+ forward_mix(A, B, C, D);
+
+ encrypt_round(A, B, C, D, 0);
+ encrypt_round(B, C, D, A, 1);
+ encrypt_round(C, D, A, B, 2);
+ encrypt_round(D, A, B, C, 3);
+ encrypt_round(A, B, C, D, 4);
+ encrypt_round(B, C, D, A, 5);
+ encrypt_round(C, D, A, B, 6);
+ encrypt_round(D, A, B, C, 7);
+
+ encrypt_round(A, D, C, B, 8);
+ encrypt_round(B, A, D, C, 9);
+ encrypt_round(C, B, A, D, 10);
+ encrypt_round(D, C, B, A, 11);
+ encrypt_round(A, D, C, B, 12);
+ encrypt_round(B, A, D, C, 13);
+ encrypt_round(C, B, A, D, 14);
+ encrypt_round(D, C, B, A, 15);
+
+ reverse_mix(A, B, C, D);
+
+ A -= EK[36]; B -= EK[37]; C -= EK[38]; D -= EK[39];
+
+ out[ 0] = get_byte(3, A); out[ 1] = get_byte(2, A);
+ out[ 2] = get_byte(1, A); out[ 3] = get_byte(0, A);
+ out[ 4] = get_byte(3, B); out[ 5] = get_byte(2, B);
+ out[ 6] = get_byte(1, B); out[ 7] = get_byte(0, B);
+ out[ 8] = get_byte(3, C); out[ 9] = get_byte(2, C);
+ out[10] = get_byte(1, C); out[11] = get_byte(0, C);
+ out[12] = get_byte(3, D); out[13] = get_byte(2, D);
+ out[14] = get_byte(1, D); out[15] = get_byte(0, D);
+ }
+
+/*************************************************
+* MARS Decryption *
+*************************************************/
+void MARS::dec(const byte in[], byte out[]) const
+ {
+ u32bit D = make_u32bit(in[ 3], in[ 2], in[ 1], in[ 0]) + EK[36],
+ C = make_u32bit(in[ 7], in[ 6], in[ 5], in[ 4]) + EK[37],
+ B = make_u32bit(in[11], in[10], in[ 9], in[ 8]) + EK[38],
+ A = make_u32bit(in[15], in[14], in[13], in[12]) + EK[39];
+
+ forward_mix(A, B, C, D);
+
+ decrypt_round(A, B, C, D, 15);
+ decrypt_round(B, C, D, A, 14);
+ decrypt_round(C, D, A, B, 13);
+ decrypt_round(D, A, B, C, 12);
+ decrypt_round(A, B, C, D, 11);
+ decrypt_round(B, C, D, A, 10);
+ decrypt_round(C, D, A, B, 9);
+ decrypt_round(D, A, B, C, 8);
+
+ decrypt_round(A, D, C, B, 7);
+ decrypt_round(B, A, D, C, 6);
+ decrypt_round(C, B, A, D, 5);
+ decrypt_round(D, C, B, A, 4);
+ decrypt_round(A, D, C, B, 3);
+ decrypt_round(B, A, D, C, 2);
+ decrypt_round(C, B, A, D, 1);
+ decrypt_round(D, C, B, A, 0);
+
+ reverse_mix(A, B, C, D);
+
+ A -= EK[3]; B -= EK[2]; C -= EK[1]; D -= EK[0];
+
+ out[ 0] = get_byte(3, D); out[ 1] = get_byte(2, D);
+ out[ 2] = get_byte(1, D); out[ 3] = get_byte(0, D);
+ out[ 4] = get_byte(3, C); out[ 5] = get_byte(2, C);
+ out[ 6] = get_byte(1, C); out[ 7] = get_byte(0, C);
+ out[ 8] = get_byte(3, B); out[ 9] = get_byte(2, B);
+ out[10] = get_byte(1, B); out[11] = get_byte(0, B);
+ out[12] = get_byte(3, A); out[13] = get_byte(2, A);
+ out[14] = get_byte(1, A); out[15] = get_byte(0, A);
+ }
+
+/*************************************************
+* MARS Forward Mixing Operation *
+*************************************************/
+void MARS::forward_mix(u32bit& A, u32bit& B, u32bit& C, u32bit& D)
+ {
+ for(u32bit j = 0; j != 2; ++j)
+ {
+ B ^= SBOX[get_byte(3, A)]; B += SBOX[get_byte(2, A) + 256];
+ C += SBOX[get_byte(1, A)]; D ^= SBOX[get_byte(0, A) + 256];
+ A = rotate_right(A, 24) + D;
+
+ C ^= SBOX[get_byte(3, B)]; C += SBOX[get_byte(2, B) + 256];
+ D += SBOX[get_byte(1, B)]; A ^= SBOX[get_byte(0, B) + 256];
+ B = rotate_right(B, 24) + C;
+
+ D ^= SBOX[get_byte(3, C)]; D += SBOX[get_byte(2, C) + 256];
+ A += SBOX[get_byte(1, C)]; B ^= SBOX[get_byte(0, C) + 256];
+ C = rotate_right(C, 24);
+
+ A ^= SBOX[get_byte(3, D)]; A += SBOX[get_byte(2, D) + 256];
+ B += SBOX[get_byte(1, D)]; C ^= SBOX[get_byte(0, D) + 256];
+ D = rotate_right(D, 24);
+ }
+ }
+
+/*************************************************
+* MARS Reverse Mixing Operation *
+*************************************************/
+void MARS::reverse_mix(u32bit& A, u32bit& B, u32bit& C, u32bit& D)
+ {
+ for(u32bit j = 0; j != 2; ++j)
+ {
+ B ^= SBOX[get_byte(3, A) + 256]; C -= SBOX[get_byte(0, A)];
+ D -= SBOX[get_byte(1, A) + 256]; D ^= SBOX[get_byte(2, A)];
+ A = rotate_left(A, 24);
+
+ C ^= SBOX[get_byte(3, B) + 256]; D -= SBOX[get_byte(0, B)];
+ A -= SBOX[get_byte(1, B) + 256]; A ^= SBOX[get_byte(2, B)];
+ C -= (B = rotate_left(B, 24));
+
+ D ^= SBOX[get_byte(3, C) + 256]; A -= SBOX[get_byte(0, C)];
+ B -= SBOX[get_byte(1, C) + 256]; B ^= SBOX[get_byte(2, C)];
+ C = rotate_left(C, 24);
+ D -= A;
+
+ A ^= SBOX[get_byte(3, D) + 256]; B -= SBOX[get_byte(0, D)];
+ C -= SBOX[get_byte(1, D) + 256]; C ^= SBOX[get_byte(2, D)];
+ D = rotate_left(D, 24);
+ }
+ }
+
+/*************************************************
+* MARS Encryption Round *
+*************************************************/
+void MARS::encrypt_round(u32bit& A, u32bit& B, u32bit& C, u32bit& D,
+ u32bit round) const
+ {
+ u32bit X, Y, Z;
+ X = A + EK[2*round + 4];
+ A = rotate_left(A, 13);
+ Y = A * EK[2*round + 5];
+ Z = SBOX[X % 512];
+ Y = rotate_left(Y, 5);
+ Z ^= Y;
+ C += rotate_left(X, Y % 32);
+ Y = rotate_left(Y, 5);
+ Z ^= Y;
+ D ^= Y;
+ B += rotate_left(Z, Y % 32);
+ }
+
+/*************************************************
+* MARS Decryption Round *
+*************************************************/
+void MARS::decrypt_round(u32bit& A, u32bit& B, u32bit& C, u32bit& D,
+ u32bit round) const
+ {
+ u32bit X, Y, Z;
+ Y = A * EK[2*round + 5];
+ A = rotate_right(A, 13);
+ X = A + EK[2*round + 4];
+ Z = SBOX[X % 512];
+ Y = rotate_left(Y, 5);
+ Z ^= Y;
+ C -= rotate_left(X, Y % 32);
+ Y = rotate_left(Y, 5);
+ Z ^= Y;
+ D ^= Y;
+ B -= rotate_left(Z, Y % 32);
+ }
+
+/*************************************************
+* MARS Key Schedule *
+*************************************************/
+void MARS::key(const byte key[], u32bit length)
+ {
+ SecureBuffer<u32bit, 15> T;
+ for(u32bit j = 0; j != length / 4; ++j)
+ T[j] = make_u32bit(key[4*j+3], key[4*j+2], key[4*j+1], key[4*j]);
+ T[length / 4] = length / 4;
+
+ for(u32bit j = 0; j != 4; ++j)
+ {
+ T[ 0] ^= rotate_left(T[ 8] ^ T[13], 3) ^ (j );
+ T[ 1] ^= rotate_left(T[ 9] ^ T[14], 3) ^ (j + 4);
+ T[ 2] ^= rotate_left(T[10] ^ T[ 0], 3) ^ (j + 8);
+ T[ 3] ^= rotate_left(T[11] ^ T[ 1], 3) ^ (j + 12);
+ T[ 4] ^= rotate_left(T[12] ^ T[ 2], 3) ^ (j + 16);
+ T[ 5] ^= rotate_left(T[13] ^ T[ 3], 3) ^ (j + 20);
+ T[ 6] ^= rotate_left(T[14] ^ T[ 4], 3) ^ (j + 24);
+ T[ 7] ^= rotate_left(T[ 0] ^ T[ 5], 3) ^ (j + 28);
+ T[ 8] ^= rotate_left(T[ 1] ^ T[ 6], 3) ^ (j + 32);
+ T[ 9] ^= rotate_left(T[ 2] ^ T[ 7], 3) ^ (j + 36);
+ T[10] ^= rotate_left(T[ 3] ^ T[ 8], 3) ^ (j + 40);
+ T[11] ^= rotate_left(T[ 4] ^ T[ 9], 3) ^ (j + 44);
+ T[12] ^= rotate_left(T[ 5] ^ T[10], 3) ^ (j + 48);
+ T[13] ^= rotate_left(T[ 6] ^ T[11], 3) ^ (j + 52);
+ T[14] ^= rotate_left(T[ 7] ^ T[12], 3) ^ (j + 56);
+
+ for(u32bit k = 0; k != 4; ++k)
+ {
+ T[ 0] = rotate_left(T[ 0] + SBOX[T[14] % 512], 9);
+ T[ 1] = rotate_left(T[ 1] + SBOX[T[ 0] % 512], 9);
+ T[ 2] = rotate_left(T[ 2] + SBOX[T[ 1] % 512], 9);
+ T[ 3] = rotate_left(T[ 3] + SBOX[T[ 2] % 512], 9);
+ T[ 4] = rotate_left(T[ 4] + SBOX[T[ 3] % 512], 9);
+ T[ 5] = rotate_left(T[ 5] + SBOX[T[ 4] % 512], 9);
+ T[ 6] = rotate_left(T[ 6] + SBOX[T[ 5] % 512], 9);
+ T[ 7] = rotate_left(T[ 7] + SBOX[T[ 6] % 512], 9);
+ T[ 8] = rotate_left(T[ 8] + SBOX[T[ 7] % 512], 9);
+ T[ 9] = rotate_left(T[ 9] + SBOX[T[ 8] % 512], 9);
+ T[10] = rotate_left(T[10] + SBOX[T[ 9] % 512], 9);
+ T[11] = rotate_left(T[11] + SBOX[T[10] % 512], 9);
+ T[12] = rotate_left(T[12] + SBOX[T[11] % 512], 9);
+ T[13] = rotate_left(T[13] + SBOX[T[12] % 512], 9);
+ T[14] = rotate_left(T[14] + SBOX[T[13] % 512], 9);
+ }
+
+ EK[10*j + 0] = T[ 0]; EK[10*j + 1] = T[ 4]; EK[10*j + 2] = T[ 8];
+ EK[10*j + 3] = T[12]; EK[10*j + 4] = T[ 1]; EK[10*j + 5] = T[ 5];
+ EK[10*j + 6] = T[ 9]; EK[10*j + 7] = T[13]; EK[10*j + 8] = T[ 2];
+ EK[10*j + 9] = T[ 6];
+ }
+
+ for(u32bit j = 5; j != 37; j += 2)
+ {
+ u32bit key3 = EK[j] & 3;
+ EK[j] |= 3;
+ EK[j] ^= rotate_left(SBOX[265 + key3], EK[j-1] % 32) & gen_mask(EK[j]);
+ }
+ }
+
+}
diff --git a/src/mars_tab.cpp b/src/mars_tab.cpp
new file mode 100644
index 000000000..36c172f5a
--- /dev/null
+++ b/src/mars_tab.cpp
@@ -0,0 +1,98 @@
+/*************************************************
+* S-Box Table for MARS *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/mars.h>
+
+namespace Botan {
+
+const u32bit MARS::SBOX[512] = {
+ 0x09D0C479, 0x28C8FFE0, 0x84AA6C39, 0x9DAD7287, 0x7DFF9BE3, 0xD4268361,
+ 0xC96DA1D4, 0x7974CC93, 0x85D0582E, 0x2A4B5705, 0x1CA16A62, 0xC3BD279D,
+ 0x0F1F25E5, 0x5160372F, 0xC695C1FB, 0x4D7FF1E4, 0xAE5F6BF4, 0x0D72EE46,
+ 0xFF23DE8A, 0xB1CF8E83, 0xF14902E2, 0x3E981E42, 0x8BF53EB6, 0x7F4BF8AC,
+ 0x83631F83, 0x25970205, 0x76AFE784, 0x3A7931D4, 0x4F846450, 0x5C64C3F6,
+ 0x210A5F18, 0xC6986A26, 0x28F4E826, 0x3A60A81C, 0xD340A664, 0x7EA820C4,
+ 0x526687C5, 0x7EDDD12B, 0x32A11D1D, 0x9C9EF086, 0x80F6E831, 0xAB6F04AD,
+ 0x56FB9B53, 0x8B2E095C, 0xB68556AE, 0xD2250B0D, 0x294A7721, 0xE21FB253,
+ 0xAE136749, 0xE82AAE86, 0x93365104, 0x99404A66, 0x78A784DC, 0xB69BA84B,
+ 0x04046793, 0x23DB5C1E, 0x46CAE1D6, 0x2FE28134, 0x5A223942, 0x1863CD5B,
+ 0xC190C6E3, 0x07DFB846, 0x6EB88816, 0x2D0DCC4A, 0xA4CCAE59, 0x3798670D,
+ 0xCBFA9493, 0x4F481D45, 0xEAFC8CA8, 0xDB1129D6, 0xB0449E20, 0x0F5407FB,
+ 0x6167D9A8, 0xD1F45763, 0x4DAA96C3, 0x3BEC5958, 0xABABA014, 0xB6CCD201,
+ 0x38D6279F, 0x02682215, 0x8F376CD5, 0x092C237E, 0xBFC56593, 0x32889D2C,
+ 0x854B3E95, 0x05BB9B43, 0x7DCD5DCD, 0xA02E926C, 0xFAE527E5, 0x36A1C330,
+ 0x3412E1AE, 0xF257F462, 0x3C4F1D71, 0x30A2E809, 0x68E5F551, 0x9C61BA44,
+ 0x5DED0AB8, 0x75CE09C8, 0x9654F93E, 0x698C0CCA, 0x243CB3E4, 0x2B062B97,
+ 0x0F3B8D9E, 0x00E050DF, 0xFC5D6166, 0xE35F9288, 0xC079550D, 0x0591AEE8,
+ 0x8E531E74, 0x75FE3578, 0x2F6D829A, 0xF60B21AE, 0x95E8EB8D, 0x6699486B,
+ 0x901D7D9B, 0xFD6D6E31, 0x1090ACEF, 0xE0670DD8, 0xDAB2E692, 0xCD6D4365,
+ 0xE5393514, 0x3AF345F0, 0x6241FC4D, 0x460DA3A3, 0x7BCF3729, 0x8BF1D1E0,
+ 0x14AAC070, 0x1587ED55, 0x3AFD7D3E, 0xD2F29E01, 0x29A9D1F6, 0xEFB10C53,
+ 0xCF3B870F, 0xB414935C, 0x664465ED, 0x024ACAC7, 0x59A744C1, 0x1D2936A7,
+ 0xDC580AA6, 0xCF574CA8, 0x040A7A10, 0x6CD81807, 0x8A98BE4C, 0xACCEA063,
+ 0xC33E92B5, 0xD1E0E03D, 0xB322517E, 0x2092BD13, 0x386B2C4A, 0x52E8DD58,
+ 0x58656DFB, 0x50820371, 0x41811896, 0xE337EF7E, 0xD39FB119, 0xC97F0DF6,
+ 0x68FEA01B, 0xA150A6E5, 0x55258962, 0xEB6FF41B, 0xD7C9CD7A, 0xA619CD9E,
+ 0xBCF09576, 0x2672C073, 0xF003FB3C, 0x4AB7A50B, 0x1484126A, 0x487BA9B1,
+ 0xA64FC9C6, 0xF6957D49, 0x38B06A75, 0xDD805FCD, 0x63D094CF, 0xF51C999E,
+ 0x1AA4D343, 0xB8495294, 0xCE9F8E99, 0xBFFCD770, 0xC7C275CC, 0x378453A7,
+ 0x7B21BE33, 0x397F41BD, 0x4E94D131, 0x92CC1F98, 0x5915EA51, 0x99F861B7,
+ 0xC9980A88, 0x1D74FD5F, 0xB0A495F8, 0x614DEED0, 0xB5778EEA, 0x5941792D,
+ 0xFA90C1F8, 0x33F824B4, 0xC4965372, 0x3FF6D550, 0x4CA5FEC0, 0x8630E964,
+ 0x5B3FBBD6, 0x7DA26A48, 0xB203231A, 0x04297514, 0x2D639306, 0x2EB13149,
+ 0x16A45272, 0x532459A0, 0x8E5F4872, 0xF966C7D9, 0x07128DC0, 0x0D44DB62,
+ 0xAFC8D52D, 0x06316131, 0xD838E7CE, 0x1BC41D00, 0x3A2E8C0F, 0xEA83837E,
+ 0xB984737D, 0x13BA4891, 0xC4F8B949, 0xA6D6ACB3, 0xA215CDCE, 0x8359838B,
+ 0x6BD1AA31, 0xF579DD52, 0x21B93F93, 0xF5176781, 0x187DFDDE, 0xE94AEB76,
+ 0x2B38FD54, 0x431DE1DA, 0xAB394825, 0x9AD3048F, 0xDFEA32AA, 0x659473E3,
+ 0x623F7863, 0xF3346C59, 0xAB3AB685, 0x3346A90B, 0x6B56443E, 0xC6DE01F8,
+ 0x8D421FC0, 0x9B0ED10C, 0x88F1A1E9, 0x54C1F029, 0x7DEAD57B, 0x8D7BA426,
+ 0x4CF5178A, 0x551A7CCA, 0x1A9A5F08, 0xFCD651B9, 0x25605182, 0xE11FC6C3,
+ 0xB6FD9676, 0x337B3027, 0xB7C8EB14, 0x9E5FD030, 0x6B57E354, 0xAD913CF7,
+ 0x7E16688D, 0x58872A69, 0x2C2FC7DF, 0xE389CCC6, 0x30738DF1, 0x0824A734,
+ 0xE1797A8B, 0xA4A8D57B, 0x5B5D193B, 0xC8A8309B, 0x73F9A978, 0x73398D32,
+ 0x0F59573E, 0xE9DF2B03, 0xE8A5B6C8, 0x848D0704, 0x98DF93C2, 0x720A1DC3,
+ 0x684F259A, 0x943BA848, 0xA6370152, 0x863B5EA3, 0xD17B978B, 0x6D9B58EF,
+ 0x0A700DD4, 0xA73D36BF, 0x8E6A0829, 0x8695BC14, 0xE35B3447, 0x933AC568,
+ 0x8894B022, 0x2F511C27, 0xDDFBCC3C, 0x006662B6, 0x117C83FE, 0x4E12B414,
+ 0xC2BCA766, 0x3A2FEC10, 0xF4562420, 0x55792E2A, 0x46F5D857, 0xCEDA25CE,
+ 0xC3601D3B, 0x6C00AB46, 0xEFAC9C28, 0xB3C35047, 0x611DFEE3, 0x257C3207,
+ 0xFDD58482, 0x3B14D84F, 0x23BECB64, 0xA075F3A3, 0x088F8EAD, 0x07ADF158,
+ 0x7796943C, 0xFACABF3D, 0xC09730CD, 0xF7679969, 0xDA44E9ED, 0x2C854C12,
+ 0x35935FA3, 0x2F057D9F, 0x690624F8, 0x1CB0BAFD, 0x7B0DBDC6, 0x810F23BB,
+ 0xFA929A1A, 0x6D969A17, 0x6742979B, 0x74AC7D05, 0x010E65C4, 0x86A3D963,
+ 0xF907B5A0, 0xD0042BD3, 0x158D7D03, 0x287A8255, 0xBBA8366F, 0x096EDC33,
+ 0x21916A7B, 0x77B56B86, 0x951622F9, 0xA6C5E650, 0x8CEA17D1, 0xCD8C62BC,
+ 0xA3D63433, 0x358A68FD, 0x0F9B9D3C, 0xD6AA295B, 0xFE33384A, 0xC000738E,
+ 0xCD67EB2F, 0xE2EB6DC2, 0x97338B02, 0x06C9F246, 0x419CF1AD, 0x2B83C045,
+ 0x3723F18A, 0xCB5B3089, 0x160BEAD7, 0x5D494656, 0x35F8A74B, 0x1E4E6C9E,
+ 0x000399BD, 0x67466880, 0xB4174831, 0xACF423B2, 0xCA815AB3, 0x5A6395E7,
+ 0x302A67C5, 0x8BDB446B, 0x108F8FA4, 0x10223EDA, 0x92B8B48B, 0x7F38D0EE,
+ 0xAB2701D4, 0x0262D415, 0xAF224A30, 0xB3D88ABA, 0xF8B2C3AF, 0xDAF7EF70,
+ 0xCC97D3B7, 0xE9614B6C, 0x2BAEBFF4, 0x70F687CF, 0x386C9156, 0xCE092EE5,
+ 0x01E87DA6, 0x6CE91E6A, 0xBB7BCC84, 0xC7922C20, 0x9D3B71FD, 0x060E41C6,
+ 0xD7590F15, 0x4E03BB47, 0x183C198E, 0x63EEB240, 0x2DDBF49A, 0x6D5CBA54,
+ 0x923750AF, 0xF9E14236, 0x7838162B, 0x59726C72, 0x81B66760, 0xBB2926C1,
+ 0x48A0CE0D, 0xA6C0496D, 0xAD43507B, 0x718D496A, 0x9DF057AF, 0x44B1BDE6,
+ 0x054356DC, 0xDE7CED35, 0xD51A138B, 0x62088CC9, 0x35830311, 0xC96EFCA2,
+ 0x686F86EC, 0x8E77CB68, 0x63E1D6B8, 0xC80F9778, 0x79C491FD, 0x1B4C67F2,
+ 0x72698D7D, 0x5E368C31, 0xF7D95E2E, 0xA1D3493F, 0xDCD9433E, 0x896F1552,
+ 0x4BC4CA7A, 0xA6D1BAF4, 0xA5A96DCC, 0x0BEF8B46, 0xA169FDA7, 0x74DF40B7,
+ 0x4E208804, 0x9A756607, 0x038E87C8, 0x20211E44, 0x8B7AD4BF, 0xC6403F35,
+ 0x1848E36D, 0x80BDB038, 0x1E62891C, 0x643D2107, 0xBF04D6F8, 0x21092C8C,
+ 0xF644F389, 0x0778404E, 0x7B78ADB8, 0xA2C52D53, 0x42157ABE, 0xA2253E2E,
+ 0x7BF3F4AE, 0x80F594F9, 0x953194E7, 0x77EB92ED, 0xB3816930, 0xDA8D9336,
+ 0xBF447469, 0xF26D9483, 0xEE6FAED5, 0x71371235, 0xDE425F73, 0xB4E59F43,
+ 0x7DBE2D4E, 0x2D37B185, 0x49DC9A63, 0x98C39D98, 0x1301C9A2, 0x389B1BBF,
+ 0x0C18588D, 0xA421C1BA, 0x7AA3865C, 0x71E08558, 0x3C5CFCAA, 0x7D239CA4,
+ 0x0297D9DD, 0xD7DC2830, 0x4B37802B, 0x7428AB54, 0xAEEE0347, 0x4B3FBB85,
+ 0x692F2F08, 0x134E578E, 0x36D9E0BF, 0xAE8B5FCF, 0xEDB93ECF, 0x2B27248E,
+ 0x170EB1EF, 0x7DC57FD6, 0x1E760F16, 0xB1136601, 0x864E1B9B, 0xD7EA7319,
+ 0x3AB871BD, 0xCFA4D76F, 0xE31BD782, 0x0DBEB469, 0xABB96061, 0x5370F85D,
+ 0xFFB07E37, 0xDA30D0FB, 0xEBC977B6, 0x0B98B40F, 0x3A4D0FE6, 0xDF4FC26B,
+ 0x159CF22A, 0xC298D6E2, 0x2B78EF6A, 0x61A94AC0, 0xAB561187, 0x14EEA0F0,
+ 0xDF0D4164, 0x19AF70EE };
+
+}
diff --git a/src/md2.cpp b/src/md2.cpp
new file mode 100644
index 000000000..6660dccb3
--- /dev/null
+++ b/src/md2.cpp
@@ -0,0 +1,106 @@
+/*************************************************
+* MD2 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/md2.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* MD2 Compression Function *
+*************************************************/
+void MD2::hash(const byte input[])
+ {
+ static const byte SBOX[256] = {
+ 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, 0x54, 0xA1,
+ 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C,
+ 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA, 0x1E, 0x9B, 0x57, 0x3C,
+ 0xFD, 0xD4, 0xE0, 0x16, 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12,
+ 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, 0xA0, 0xFB, 0xF5, 0x8E,
+ 0xBB, 0x2F, 0xEE, 0x7A, 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F,
+ 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, 0x80, 0x7F, 0x5D, 0x9A,
+ 0x5A, 0x90, 0x32, 0x27, 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03,
+ 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1, 0xD7, 0x5E, 0x92, 0x2A,
+ 0xAC, 0x56, 0xAA, 0xC6, 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6,
+ 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, 0x45, 0x9D, 0x70, 0x59,
+ 0x64, 0x71, 0x87, 0x20, 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02,
+ 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6, 0x1C, 0x46, 0x61, 0x69,
+ 0x34, 0x40, 0x7E, 0x0F, 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A,
+ 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, 0x2C, 0x53, 0x0D, 0x6E,
+ 0x85, 0x28, 0x84, 0x09, 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52,
+ 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, 0x24, 0xE1, 0x7B, 0x08,
+ 0x0C, 0xBD, 0xB1, 0x4A, 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D,
+ 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39, 0xF2, 0xEF, 0xB7, 0x0E,
+ 0x66, 0x58, 0xD0, 0xE4, 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A,
+ 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99, 0x8D, 0x33,
+ 0x9F, 0x11, 0x83, 0x14 };
+
+ X.copy(16, input, HASH_BLOCK_SIZE);
+ xor_buf(X + 32, X, X + 16, HASH_BLOCK_SIZE);
+ byte T = 0;
+ for(u32bit j = 0; j != 18; ++j)
+ {
+ for(u32bit k = 0; k != 48; k += 8)
+ {
+ T = X[k ] ^= SBOX[T]; T = X[k+1] ^= SBOX[T];
+ T = X[k+2] ^= SBOX[T]; T = X[k+3] ^= SBOX[T];
+ T = X[k+4] ^= SBOX[T]; T = X[k+5] ^= SBOX[T];
+ T = X[k+6] ^= SBOX[T]; T = X[k+7] ^= SBOX[T];
+ }
+ T += j;
+ }
+ T = checksum[15];
+ for(u32bit j = 0; j != HASH_BLOCK_SIZE; ++j)
+ T = checksum[j] ^= SBOX[input[j] ^ T];
+ }
+
+/*************************************************
+* Update the hash *
+*************************************************/
+void MD2::add_data(const byte input[], u32bit length)
+ {
+ buffer.copy(position, input, length);
+ if(position + length >= HASH_BLOCK_SIZE)
+ {
+ hash(buffer.begin());
+ input += (HASH_BLOCK_SIZE - position);
+ length -= (HASH_BLOCK_SIZE - position);
+ while(length >= HASH_BLOCK_SIZE)
+ {
+ hash(input);
+ input += HASH_BLOCK_SIZE;
+ length -= HASH_BLOCK_SIZE;
+ }
+ buffer.copy(input, length);
+ position = 0;
+ }
+ position += length;
+ }
+
+/*************************************************
+* Finalize a MD2 Hash *
+*************************************************/
+void MD2::final_result(byte output[])
+ {
+ for(u32bit j = position; j != HASH_BLOCK_SIZE; ++j)
+ buffer[j] = (byte)(HASH_BLOCK_SIZE - position);
+ hash(buffer);
+ hash(checksum);
+ copy_mem(output, X.begin(), OUTPUT_LENGTH);
+ clear();
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void MD2::clear() throw()
+ {
+ X.clear();
+ checksum.clear();
+ buffer.clear();
+ position = 0;
+ }
+
+}
diff --git a/src/md4.cpp b/src/md4.cpp
new file mode 100644
index 000000000..72d0a1923
--- /dev/null
+++ b/src/md4.cpp
@@ -0,0 +1,98 @@
+/*************************************************
+* MD4 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/md4.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* MD4 FF Function *
+*************************************************/
+inline void FF(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit M, byte S)
+ {
+ A += (D ^ (B & (C ^ D))) + M;
+ A = rotate_left(A, S);
+ }
+
+/*************************************************
+* MD4 GG Function *
+*************************************************/
+inline void GG(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit M, byte S)
+ {
+ A += ((B & C) | (D & (B | C))) + M + 0x5A827999;
+ A = rotate_left(A, S);
+ }
+
+/*************************************************
+* MD4 HH Function *
+*************************************************/
+inline void HH(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit M, byte S)
+ {
+ A += (B ^ C ^ D) + M + 0x6ED9EBA1;
+ A = rotate_left(A, S);
+ }
+
+}
+
+/*************************************************
+* MD4 Compression Function *
+*************************************************/
+void MD4::hash(const byte input[])
+ {
+ for(u32bit j = 0; j != 16; ++j)
+ M[j] = make_u32bit(input[4*j+3], input[4*j+2], input[4*j+1], input[4*j]);
+
+ u32bit A = digest[0], B = digest[1], C = digest[2], D = digest[3];
+
+ FF(A,B,C,D,M[ 0], 3); FF(D,A,B,C,M[ 1], 7); FF(C,D,A,B,M[ 2],11);
+ FF(B,C,D,A,M[ 3],19); FF(A,B,C,D,M[ 4], 3); FF(D,A,B,C,M[ 5], 7);
+ FF(C,D,A,B,M[ 6],11); FF(B,C,D,A,M[ 7],19); FF(A,B,C,D,M[ 8], 3);
+ FF(D,A,B,C,M[ 9], 7); FF(C,D,A,B,M[10],11); FF(B,C,D,A,M[11],19);
+ FF(A,B,C,D,M[12], 3); FF(D,A,B,C,M[13], 7); FF(C,D,A,B,M[14],11);
+ FF(B,C,D,A,M[15],19);
+
+ GG(A,B,C,D,M[ 0], 3); GG(D,A,B,C,M[ 4], 5); GG(C,D,A,B,M[ 8], 9);
+ GG(B,C,D,A,M[12],13); GG(A,B,C,D,M[ 1], 3); GG(D,A,B,C,M[ 5], 5);
+ GG(C,D,A,B,M[ 9], 9); GG(B,C,D,A,M[13],13); GG(A,B,C,D,M[ 2], 3);
+ GG(D,A,B,C,M[ 6], 5); GG(C,D,A,B,M[10], 9); GG(B,C,D,A,M[14],13);
+ GG(A,B,C,D,M[ 3], 3); GG(D,A,B,C,M[ 7], 5); GG(C,D,A,B,M[11], 9);
+ GG(B,C,D,A,M[15],13);
+
+ HH(A,B,C,D,M[ 0], 3); HH(D,A,B,C,M[ 8], 9); HH(C,D,A,B,M[ 4],11);
+ HH(B,C,D,A,M[12],15); HH(A,B,C,D,M[ 2], 3); HH(D,A,B,C,M[10], 9);
+ HH(C,D,A,B,M[ 6],11); HH(B,C,D,A,M[14],15); HH(A,B,C,D,M[ 1], 3);
+ HH(D,A,B,C,M[ 9], 9); HH(C,D,A,B,M[ 5],11); HH(B,C,D,A,M[13],15);
+ HH(A,B,C,D,M[ 3], 3); HH(D,A,B,C,M[11], 9); HH(C,D,A,B,M[ 7],11);
+ HH(B,C,D,A,M[15],15);
+
+ digest[0] += A; digest[1] += B; digest[2] += C; digest[3] += D;
+ }
+
+/*************************************************
+* Copy out the digest *
+*************************************************/
+void MD4::copy_out(byte output[])
+ {
+ for(u32bit j = 0; j != OUTPUT_LENGTH; ++j)
+ output[j] = get_byte(3 - (j % 4), digest[j/4]);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void MD4::clear() throw()
+ {
+ MDx_HashFunction::clear();
+ M.clear();
+ digest[0] = 0x67452301;
+ digest[1] = 0xEFCDAB89;
+ digest[2] = 0x98BADCFE;
+ digest[3] = 0x10325476;
+ }
+
+}
diff --git a/src/md5.cpp b/src/md5.cpp
new file mode 100644
index 000000000..7aedc7b51
--- /dev/null
+++ b/src/md5.cpp
@@ -0,0 +1,126 @@
+/*************************************************
+* MD5 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/md5.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* MD5 FF Function *
+*************************************************/
+inline void FF(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit msg,
+ byte S, u32bit magic)
+ {
+ A += (D ^ (B & (C ^ D))) + msg + magic;
+ A = rotate_left(A, S) + B;
+ }
+
+/*************************************************
+* MD5 GG Function *
+*************************************************/
+inline void GG(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit msg,
+ byte S, u32bit magic)
+ {
+ A += (C ^ (D & (B ^ C))) + msg + magic;
+ A = rotate_left(A, S) + B;
+ }
+
+/*************************************************
+* MD5 HH Function *
+*************************************************/
+inline void HH(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit msg,
+ byte S, u32bit magic)
+ {
+ A += (B ^ C ^ D) + msg + magic;
+ A = rotate_left(A, S) + B;
+ }
+
+/*************************************************
+* MD5 II Function *
+*************************************************/
+inline void II(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit msg,
+ byte S, u32bit magic)
+ {
+ A += (C ^ (B | ~D)) + msg + magic;
+ A = rotate_left(A, S) + B;
+ }
+
+}
+
+/*************************************************
+* MD5 Compression Function *
+*************************************************/
+void MD5::hash(const byte input[])
+ {
+ for(u32bit j = 0; j != 16; ++j)
+ M[j] = make_u32bit(input[4*j+3], input[4*j+2], input[4*j+1], input[4*j]);
+
+ u32bit A = digest[0], B = digest[1], C = digest[2], D = digest[3];
+
+ FF(A,B,C,D,M[ 0], 7,0xD76AA478); FF(D,A,B,C,M[ 1],12,0xE8C7B756);
+ FF(C,D,A,B,M[ 2],17,0x242070DB); FF(B,C,D,A,M[ 3],22,0xC1BDCEEE);
+ FF(A,B,C,D,M[ 4], 7,0xF57C0FAF); FF(D,A,B,C,M[ 5],12,0x4787C62A);
+ FF(C,D,A,B,M[ 6],17,0xA8304613); FF(B,C,D,A,M[ 7],22,0xFD469501);
+ FF(A,B,C,D,M[ 8], 7,0x698098D8); FF(D,A,B,C,M[ 9],12,0x8B44F7AF);
+ FF(C,D,A,B,M[10],17,0xFFFF5BB1); FF(B,C,D,A,M[11],22,0x895CD7BE);
+ FF(A,B,C,D,M[12], 7,0x6B901122); FF(D,A,B,C,M[13],12,0xFD987193);
+ FF(C,D,A,B,M[14],17,0xA679438E); FF(B,C,D,A,M[15],22,0x49B40821);
+
+ GG(A,B,C,D,M[ 1], 5,0xF61E2562); GG(D,A,B,C,M[ 6], 9,0xC040B340);
+ GG(C,D,A,B,M[11],14,0x265E5A51); GG(B,C,D,A,M[ 0],20,0xE9B6C7AA);
+ GG(A,B,C,D,M[ 5], 5,0xD62F105D); GG(D,A,B,C,M[10], 9,0x02441453);
+ GG(C,D,A,B,M[15],14,0xD8A1E681); GG(B,C,D,A,M[ 4],20,0xE7D3FBC8);
+ GG(A,B,C,D,M[ 9], 5,0x21E1CDE6); GG(D,A,B,C,M[14], 9,0xC33707D6);
+ GG(C,D,A,B,M[ 3],14,0xF4D50D87); GG(B,C,D,A,M[ 8],20,0x455A14ED);
+ GG(A,B,C,D,M[13], 5,0xA9E3E905); GG(D,A,B,C,M[ 2], 9,0xFCEFA3F8);
+ GG(C,D,A,B,M[ 7],14,0x676F02D9); GG(B,C,D,A,M[12],20,0x8D2A4C8A);
+
+ HH(A,B,C,D,M[ 5], 4,0xFFFA3942); HH(D,A,B,C,M[ 8],11,0x8771F681);
+ HH(C,D,A,B,M[11],16,0x6D9D6122); HH(B,C,D,A,M[14],23,0xFDE5380C);
+ HH(A,B,C,D,M[ 1], 4,0xA4BEEA44); HH(D,A,B,C,M[ 4],11,0x4BDECFA9);
+ HH(C,D,A,B,M[ 7],16,0xF6BB4B60); HH(B,C,D,A,M[10],23,0xBEBFBC70);
+ HH(A,B,C,D,M[13], 4,0x289B7EC6); HH(D,A,B,C,M[ 0],11,0xEAA127FA);
+ HH(C,D,A,B,M[ 3],16,0xD4EF3085); HH(B,C,D,A,M[ 6],23,0x04881D05);
+ HH(A,B,C,D,M[ 9], 4,0xD9D4D039); HH(D,A,B,C,M[12],11,0xE6DB99E5);
+ HH(C,D,A,B,M[15],16,0x1FA27CF8); HH(B,C,D,A,M[ 2],23,0xC4AC5665);
+
+ II(A,B,C,D,M[ 0], 6,0xF4292244); II(D,A,B,C,M[ 7],10,0x432AFF97);
+ II(C,D,A,B,M[14],15,0xAB9423A7); II(B,C,D,A,M[ 5],21,0xFC93A039);
+ II(A,B,C,D,M[12], 6,0x655B59C3); II(D,A,B,C,M[ 3],10,0x8F0CCC92);
+ II(C,D,A,B,M[10],15,0xFFEFF47D); II(B,C,D,A,M[ 1],21,0x85845DD1);
+ II(A,B,C,D,M[ 8], 6,0x6FA87E4F); II(D,A,B,C,M[15],10,0xFE2CE6E0);
+ II(C,D,A,B,M[ 6],15,0xA3014314); II(B,C,D,A,M[13],21,0x4E0811A1);
+ II(A,B,C,D,M[ 4], 6,0xF7537E82); II(D,A,B,C,M[11],10,0xBD3AF235);
+ II(C,D,A,B,M[ 2],15,0x2AD7D2BB); II(B,C,D,A,M[ 9],21,0xEB86D391);
+
+ digest[0] += A; digest[1] += B; digest[2] += C; digest[3] += D;
+ }
+
+/*************************************************
+* Copy out the digest *
+*************************************************/
+void MD5::copy_out(byte output[])
+ {
+ for(u32bit j = 0; j != OUTPUT_LENGTH; ++j)
+ output[j] = get_byte(3 - (j % 4), digest[j/4]);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void MD5::clear() throw()
+ {
+ MDx_HashFunction::clear();
+ M.clear();
+ digest[0] = 0x67452301;
+ digest[1] = 0xEFCDAB89;
+ digest[2] = 0x98BADCFE;
+ digest[3] = 0x10325476;
+ }
+
+}
diff --git a/src/mdx_hash.cpp b/src/mdx_hash.cpp
new file mode 100644
index 000000000..93fbff1e8
--- /dev/null
+++ b/src/mdx_hash.cpp
@@ -0,0 +1,92 @@
+/*************************************************
+* MDx Hash Function Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/mdx_hash.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* MDx_HashFunction Constructor *
+*************************************************/
+MDx_HashFunction::MDx_HashFunction(u32bit hash_len, u32bit block_len,
+ bool byte_end, bool bit_end,
+ u32bit cnt_size) :
+ HashFunction(hash_len, block_len), buffer(block_len),
+ BIG_BYTE_ENDIAN(byte_end), BIG_BIT_ENDIAN(bit_end), COUNT_SIZE(cnt_size)
+ {
+ if(COUNT_SIZE >= OUTPUT_LENGTH || COUNT_SIZE >= HASH_BLOCK_SIZE)
+ throw Invalid_Argument("MDx_HashFunction: COUNT_SIZE is too big");
+ count = position = 0;
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void MDx_HashFunction::clear() throw()
+ {
+ buffer.clear();
+ count = position = 0;
+ }
+
+/*************************************************
+* Update the hash *
+*************************************************/
+void MDx_HashFunction::add_data(const byte input[], u32bit length)
+ {
+ count += length;
+ buffer.copy(position, input, length);
+ if(position + length >= HASH_BLOCK_SIZE)
+ {
+ hash(buffer.begin());
+ input += (HASH_BLOCK_SIZE - position);
+ length -= (HASH_BLOCK_SIZE - position);
+ while(length >= HASH_BLOCK_SIZE)
+ {
+ hash(input);
+ input += HASH_BLOCK_SIZE;
+ length -= HASH_BLOCK_SIZE;
+ }
+ buffer.copy(input, length);
+ position = 0;
+ }
+ position += length;
+ }
+
+/*************************************************
+* Finalize a Hash *
+*************************************************/
+void MDx_HashFunction::final_result(byte output[])
+ {
+ buffer[position] = (BIG_BIT_ENDIAN ? 0x80 : 0x01);
+ for(u32bit j = position+1; j != HASH_BLOCK_SIZE; ++j)
+ buffer[j] = 0;
+ if(position >= HASH_BLOCK_SIZE - COUNT_SIZE)
+ {
+ hash(buffer);
+ buffer.clear();
+ }
+ write_count(buffer + HASH_BLOCK_SIZE - COUNT_SIZE);
+
+ hash(buffer);
+ copy_out(output);
+ clear();
+ }
+
+/*************************************************
+* Write the count bits to the buffer *
+*************************************************/
+void MDx_HashFunction::write_count(byte out[])
+ {
+ if(COUNT_SIZE < 8)
+ throw Invalid_State("MDx_HashFunction::write_count: COUNT_SIZE < 8");
+ for(u32bit j = 0; j != 8; ++j)
+ {
+ const u32bit choose = (BIG_BYTE_ENDIAN ? (j % 8) : (7 - (j % 8)));
+ out[j+COUNT_SIZE-8] = get_byte(choose, 8 * count);
+ }
+ }
+
+}
diff --git a/src/mem_pool.cpp b/src/mem_pool.cpp
new file mode 100644
index 000000000..b157c1e59
--- /dev/null
+++ b/src/mem_pool.cpp
@@ -0,0 +1,302 @@
+/*************************************************
+* Pooling Allocator Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/mem_pool.h>
+#include <botan/libstate.h>
+#include <botan/conf.h>
+#include <botan/bit_ops.h>
+#include <botan/util.h>
+#include <algorithm>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Decide how much memory to allocate at once *
+*************************************************/
+u32bit choose_pref_size(u32bit provided)
+ {
+ if(provided)
+ return provided;
+
+ u32bit result = Config::get_u32bit("base/memory_chunk");
+ if(result)
+ return result;
+
+ return 16*1024;
+ }
+
+}
+
+/*************************************************
+* Memory_Block Constructor *
+*************************************************/
+Pooling_Allocator::Memory_Block::Memory_Block(void* buf, u32bit map_size,
+ u32bit block_size)
+ {
+ buffer = static_cast<byte*>(buf);
+ bitmap = 0;
+ this->block_size = block_size;
+
+ buffer_end = buffer + (block_size * BITMAP_SIZE);
+
+ clear_mem(buffer, block_size * BITMAP_SIZE);
+
+ if(map_size != BITMAP_SIZE)
+ throw Invalid_Argument("Memory_Block: Bad bitmap size");
+ }
+
+/*************************************************
+* Compare a Memory_Block with a void pointer *
+*************************************************/
+bool Pooling_Allocator::Memory_Block::operator<(const void* other) const
+ {
+ if(buffer <= other && other < buffer_end)
+ return false;
+ return (buffer < other);
+ }
+
+/*************************************************
+* Compare two Memory_Block objects *
+*************************************************/
+bool Pooling_Allocator::Memory_Block::operator<(const Memory_Block& blk) const
+ {
+ return (buffer < blk.buffer);
+ }
+
+/*************************************************
+* See if ptr is contained by this block *
+*************************************************/
+bool Pooling_Allocator::Memory_Block::contains(void* ptr,
+ u32bit length) const throw()
+ {
+ return ((buffer <= ptr) &&
+ (buffer_end >= (byte*)ptr + length * block_size));
+ }
+
+/*************************************************
+* Allocate some memory, if possible *
+*************************************************/
+byte* Pooling_Allocator::Memory_Block::alloc(u32bit n) throw()
+ {
+ if(n == 0 || n > BITMAP_SIZE)
+ return 0;
+
+ if(n == BITMAP_SIZE)
+ {
+ if(bitmap)
+ return 0;
+ else
+ {
+ bitmap = ~bitmap;
+ return buffer;
+ }
+ }
+
+ bitmap_type mask = ((bitmap_type)1 << n) - 1;
+ u32bit offset = 0;
+
+ while(bitmap & mask)
+ {
+ mask <<= 1;
+ ++offset;
+
+ if((bitmap & mask) == 0)
+ break;
+ if(mask >> 63)
+ break;
+ }
+
+ if(bitmap & mask)
+ return 0;
+
+ bitmap |= mask;
+ return buffer + offset * block_size;
+ }
+
+/*************************************************
+* Mark this memory as free, if we own it *
+*************************************************/
+void Pooling_Allocator::Memory_Block::free(void* ptr, u32bit blocks) throw()
+ {
+ clear_mem((byte*)ptr, blocks * block_size);
+
+ const u32bit offset = ((byte*)ptr - buffer) / block_size;
+
+ if(offset == 0 && blocks == BITMAP_SIZE)
+ bitmap = ~bitmap;
+ else
+ {
+ for(u32bit j = 0; j != blocks; ++j)
+ bitmap &= ~((bitmap_type)1 << (j+offset));
+ }
+ }
+
+/*************************************************
+* Pooling_Allocator Constructor *
+*************************************************/
+Pooling_Allocator::Pooling_Allocator(u32bit p_size, bool) :
+ PREF_SIZE(choose_pref_size(p_size)), BLOCK_SIZE(64)
+ {
+ mutex = global_state().get_mutex();
+ last_used = blocks.begin();
+ }
+
+/*************************************************
+* Pooling_Allocator Destructor *
+*************************************************/
+Pooling_Allocator::~Pooling_Allocator()
+ {
+ delete mutex;
+ if(blocks.size())
+ throw Invalid_State("Pooling_Allocator: Never released memory");
+ }
+
+/*************************************************
+* Allocate some initial buffers *
+*************************************************/
+void Pooling_Allocator::init()
+ {
+ Mutex_Holder lock(mutex);
+
+ get_more_core(PREF_SIZE);
+ }
+
+/*************************************************
+* Free all remaining memory *
+*************************************************/
+void Pooling_Allocator::destroy()
+ {
+ Mutex_Holder lock(mutex);
+
+ blocks.clear();
+
+ for(u32bit j = 0; j != allocated.size(); ++j)
+ dealloc_block(allocated[j].first, allocated[j].second);
+ allocated.clear();
+ }
+
+/*************************************************
+* Allocation *
+*************************************************/
+void* Pooling_Allocator::allocate(u32bit n)
+ {
+ const u32bit BITMAP_SIZE = Memory_Block::bitmap_size();
+
+ Mutex_Holder lock(mutex);
+
+ if(n <= BITMAP_SIZE * BLOCK_SIZE)
+ {
+ const u32bit block_no = round_up(n, BLOCK_SIZE) / BLOCK_SIZE;
+
+ byte* mem = allocate_blocks(block_no);
+ if(mem)
+ return mem;
+
+ get_more_core(PREF_SIZE);
+
+ mem = allocate_blocks(block_no);
+ if(mem)
+ return mem;
+
+ throw Memory_Exhaustion();
+ }
+
+ void* new_buf = alloc_block(n);
+ if(new_buf)
+ return new_buf;
+
+ throw Memory_Exhaustion();
+ }
+
+/*************************************************
+* Deallocation *
+*************************************************/
+void Pooling_Allocator::deallocate(void* ptr, u32bit n)
+ {
+ const u32bit BITMAP_SIZE = Memory_Block::bitmap_size();
+
+ if(ptr == 0 && n == 0)
+ return;
+
+ Mutex_Holder lock(mutex);
+
+ if(n > BITMAP_SIZE * BLOCK_SIZE)
+ dealloc_block(ptr, n);
+ else
+ {
+ const u32bit block_no = round_up(n, BLOCK_SIZE) / BLOCK_SIZE;
+
+ std::vector<Memory_Block>::iterator i =
+ std::lower_bound(blocks.begin(), blocks.end(), ptr);
+
+ if(i != blocks.end() && i->contains((byte*)ptr, block_no))
+ i->free(ptr, block_no);
+ else
+ throw Invalid_State("Pointer released to the wrong allocator");
+ }
+ }
+
+/*************************************************
+* Try to get some memory from an existing block *
+*************************************************/
+byte* Pooling_Allocator::allocate_blocks(u32bit n)
+ {
+ if(blocks.empty())
+ return 0;
+
+ std::vector<Memory_Block>::iterator i = last_used;
+
+ do
+ {
+ i++;
+ if(i == blocks.end())
+ i = blocks.begin();
+
+ byte* mem = i->alloc(n);
+ if(mem)
+ {
+ last_used = i;
+ return mem;
+ }
+ }
+ while(i != last_used);
+
+ return 0;
+ }
+
+/*************************************************
+* Allocate more memory for the pool *
+*************************************************/
+void Pooling_Allocator::get_more_core(u32bit in_bytes)
+ {
+ const u32bit BITMAP_SIZE = Memory_Block::bitmap_size();
+
+ const u32bit TOTAL_BLOCK_SIZE = BLOCK_SIZE * BITMAP_SIZE;
+
+ const u32bit in_blocks = round_up(in_bytes, BLOCK_SIZE) / TOTAL_BLOCK_SIZE;
+ const u32bit to_allocate = in_blocks * TOTAL_BLOCK_SIZE;
+
+ void* ptr = alloc_block(to_allocate);
+ if(ptr == 0)
+ throw Memory_Exhaustion();
+
+ allocated.push_back(std::make_pair(ptr, to_allocate));
+
+ for(u32bit j = 0; j != in_blocks; ++j)
+ {
+ byte* byte_ptr = static_cast<byte*>(ptr);
+
+ blocks.push_back(
+ Memory_Block(byte_ptr + j * TOTAL_BLOCK_SIZE, BITMAP_SIZE, BLOCK_SIZE)
+ );
+ }
+
+ std::sort(blocks.begin(), blocks.end());
+ last_used = std::lower_bound(blocks.begin(), blocks.end(), ptr);
+ }
+
+}
diff --git a/src/mgf1.cpp b/src/mgf1.cpp
new file mode 100644
index 000000000..b922c8987
--- /dev/null
+++ b/src/mgf1.cpp
@@ -0,0 +1,49 @@
+/*************************************************
+* MGF1 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/mgf1.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+#include <algorithm>
+#include <memory>
+
+namespace Botan {
+
+/*************************************************
+* MGF1 Mask Generation Function *
+*************************************************/
+void MGF1::mask(const byte in[], u32bit in_len, byte out[],
+ u32bit out_len) const
+ {
+ u32bit counter = 0;
+
+ std::auto_ptr<HashFunction> hash(get_hash(hash_name));
+
+ while(out_len)
+ {
+ hash->update(in, in_len);
+ for(u32bit j = 0; j != 4; ++j)
+ hash->update(get_byte(j, counter));
+ SecureVector<byte> buffer = hash->final();
+
+ u32bit xored = std::min(buffer.size(), out_len);
+ xor_buf(out, buffer.begin(), xored);
+ out += xored;
+ out_len -= xored;
+
+ ++counter;
+ }
+ }
+
+/*************************************************
+* MGF1 Constructor *
+*************************************************/
+MGF1::MGF1(const std::string& h_name) : hash_name(h_name)
+ {
+ if(!have_hash(hash_name))
+ throw Algorithm_Not_Found(hash_name);
+ }
+
+}
diff --git a/src/mist_tab.cpp b/src/mist_tab.cpp
new file mode 100644
index 000000000..d42dc1dd1
--- /dev/null
+++ b/src/mist_tab.cpp
@@ -0,0 +1,104 @@
+/*************************************************
+* S-Box Tables for MISTY1 *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/misty1.h>
+
+namespace Botan {
+
+const byte MISTY1_SBOX_S7[128] = {
+ 0x1B, 0x32, 0x33, 0x5A, 0x3B, 0x10, 0x17, 0x54, 0x5B, 0x1A, 0x72, 0x73,
+ 0x6B, 0x2C, 0x66, 0x49, 0x1F, 0x24, 0x13, 0x6C, 0x37, 0x2E, 0x3F, 0x4A,
+ 0x5D, 0x0F, 0x40, 0x56, 0x25, 0x51, 0x1C, 0x04, 0x0B, 0x46, 0x20, 0x0D,
+ 0x7B, 0x35, 0x44, 0x42, 0x2B, 0x1E, 0x41, 0x14, 0x4B, 0x79, 0x15, 0x6F,
+ 0x0E, 0x55, 0x09, 0x36, 0x74, 0x0C, 0x67, 0x53, 0x28, 0x0A, 0x7E, 0x38,
+ 0x02, 0x07, 0x60, 0x29, 0x19, 0x12, 0x65, 0x2F, 0x30, 0x39, 0x08, 0x68,
+ 0x5F, 0x78, 0x2A, 0x4C, 0x64, 0x45, 0x75, 0x3D, 0x59, 0x48, 0x03, 0x57,
+ 0x7C, 0x4F, 0x62, 0x3C, 0x1D, 0x21, 0x5E, 0x27, 0x6A, 0x70, 0x4D, 0x3A,
+ 0x01, 0x6D, 0x6E, 0x63, 0x18, 0x77, 0x23, 0x05, 0x26, 0x76, 0x00, 0x31,
+ 0x2D, 0x7A, 0x7F, 0x61, 0x50, 0x22, 0x11, 0x06, 0x47, 0x16, 0x52, 0x4E,
+ 0x71, 0x3E, 0x69, 0x43, 0x34, 0x5C, 0x58, 0x7D };
+
+const u16bit MISTY1_SBOX_S9[512] = {
+ 0x01C3, 0x00CB, 0x0153, 0x019F, 0x01E3, 0x00E9, 0x00FB, 0x0035, 0x0181,
+ 0x00B9, 0x0117, 0x01EB, 0x0133, 0x0009, 0x002D, 0x00D3, 0x00C7, 0x014A,
+ 0x0037, 0x007E, 0x00EB, 0x0164, 0x0193, 0x01D8, 0x00A3, 0x011E, 0x0055,
+ 0x002C, 0x001D, 0x01A2, 0x0163, 0x0118, 0x014B, 0x0152, 0x01D2, 0x000F,
+ 0x002B, 0x0030, 0x013A, 0x00E5, 0x0111, 0x0138, 0x018E, 0x0063, 0x00E3,
+ 0x00C8, 0x01F4, 0x001B, 0x0001, 0x009D, 0x00F8, 0x01A0, 0x016D, 0x01F3,
+ 0x001C, 0x0146, 0x007D, 0x00D1, 0x0082, 0x01EA, 0x0183, 0x012D, 0x00F4,
+ 0x019E, 0x01D3, 0x00DD, 0x01E2, 0x0128, 0x01E0, 0x00EC, 0x0059, 0x0091,
+ 0x0011, 0x012F, 0x0026, 0x00DC, 0x00B0, 0x018C, 0x010F, 0x01F7, 0x00E7,
+ 0x016C, 0x00B6, 0x00F9, 0x00D8, 0x0151, 0x0101, 0x014C, 0x0103, 0x00B8,
+ 0x0154, 0x012B, 0x01AE, 0x0017, 0x0071, 0x000C, 0x0047, 0x0058, 0x007F,
+ 0x01A4, 0x0134, 0x0129, 0x0084, 0x015D, 0x019D, 0x01B2, 0x01A3, 0x0048,
+ 0x007C, 0x0051, 0x01CA, 0x0023, 0x013D, 0x01A7, 0x0165, 0x003B, 0x0042,
+ 0x00DA, 0x0192, 0x00CE, 0x00C1, 0x006B, 0x009F, 0x01F1, 0x012C, 0x0184,
+ 0x00FA, 0x0196, 0x01E1, 0x0169, 0x017D, 0x0031, 0x0180, 0x010A, 0x0094,
+ 0x01DA, 0x0186, 0x013E, 0x011C, 0x0060, 0x0175, 0x01CF, 0x0067, 0x0119,
+ 0x0065, 0x0068, 0x0099, 0x0150, 0x0008, 0x0007, 0x017C, 0x00B7, 0x0024,
+ 0x0019, 0x00DE, 0x0127, 0x00DB, 0x00E4, 0x01A9, 0x0052, 0x0109, 0x0090,
+ 0x019C, 0x01C1, 0x0028, 0x01B3, 0x0135, 0x016A, 0x0176, 0x00DF, 0x01E5,
+ 0x0188, 0x00C5, 0x016E, 0x01DE, 0x01B1, 0x00C3, 0x01DF, 0x0036, 0x00EE,
+ 0x01EE, 0x00F0, 0x0093, 0x0049, 0x009A, 0x01B6, 0x0069, 0x0081, 0x0125,
+ 0x000B, 0x005E, 0x00B4, 0x0149, 0x01C7, 0x0174, 0x003E, 0x013B, 0x01B7,
+ 0x008E, 0x01C6, 0x00AE, 0x0010, 0x0095, 0x01EF, 0x004E, 0x00F2, 0x01FD,
+ 0x0085, 0x00FD, 0x00F6, 0x00A0, 0x016F, 0x0083, 0x008A, 0x0156, 0x009B,
+ 0x013C, 0x0107, 0x0167, 0x0098, 0x01D0, 0x01E9, 0x0003, 0x01FE, 0x00BD,
+ 0x0122, 0x0089, 0x00D2, 0x018F, 0x0012, 0x0033, 0x006A, 0x0142, 0x00ED,
+ 0x0170, 0x011B, 0x00E2, 0x014F, 0x0158, 0x0131, 0x0147, 0x005D, 0x0113,
+ 0x01CD, 0x0079, 0x0161, 0x01A5, 0x0179, 0x009E, 0x01B4, 0x00CC, 0x0022,
+ 0x0132, 0x001A, 0x00E8, 0x0004, 0x0187, 0x01ED, 0x0197, 0x0039, 0x01BF,
+ 0x01D7, 0x0027, 0x018B, 0x00C6, 0x009C, 0x00D0, 0x014E, 0x006C, 0x0034,
+ 0x01F2, 0x006E, 0x00CA, 0x0025, 0x00BA, 0x0191, 0x00FE, 0x0013, 0x0106,
+ 0x002F, 0x01AD, 0x0172, 0x01DB, 0x00C0, 0x010B, 0x01D6, 0x00F5, 0x01EC,
+ 0x010D, 0x0076, 0x0114, 0x01AB, 0x0075, 0x010C, 0x01E4, 0x0159, 0x0054,
+ 0x011F, 0x004B, 0x00C4, 0x01BE, 0x00F7, 0x0029, 0x00A4, 0x000E, 0x01F0,
+ 0x0077, 0x004D, 0x017A, 0x0086, 0x008B, 0x00B3, 0x0171, 0x00BF, 0x010E,
+ 0x0104, 0x0097, 0x015B, 0x0160, 0x0168, 0x00D7, 0x00BB, 0x0066, 0x01CE,
+ 0x00FC, 0x0092, 0x01C5, 0x006F, 0x0016, 0x004A, 0x00A1, 0x0139, 0x00AF,
+ 0x00F1, 0x0190, 0x000A, 0x01AA, 0x0143, 0x017B, 0x0056, 0x018D, 0x0166,
+ 0x00D4, 0x01FB, 0x014D, 0x0194, 0x019A, 0x0087, 0x01F8, 0x0123, 0x00A7,
+ 0x01B8, 0x0141, 0x003C, 0x01F9, 0x0140, 0x002A, 0x0155, 0x011A, 0x01A1,
+ 0x0198, 0x00D5, 0x0126, 0x01AF, 0x0061, 0x012E, 0x0157, 0x01DC, 0x0072,
+ 0x018A, 0x00AA, 0x0096, 0x0115, 0x00EF, 0x0045, 0x007B, 0x008D, 0x0145,
+ 0x0053, 0x005F, 0x0178, 0x00B2, 0x002E, 0x0020, 0x01D5, 0x003F, 0x01C9,
+ 0x01E7, 0x01AC, 0x0044, 0x0038, 0x0014, 0x00B1, 0x016B, 0x00AB, 0x00B5,
+ 0x005A, 0x0182, 0x01C8, 0x01D4, 0x0018, 0x0177, 0x0064, 0x00CF, 0x006D,
+ 0x0100, 0x0199, 0x0130, 0x015A, 0x0005, 0x0120, 0x01BB, 0x01BD, 0x00E0,
+ 0x004F, 0x00D6, 0x013F, 0x01C4, 0x012A, 0x0015, 0x0006, 0x00FF, 0x019B,
+ 0x00A6, 0x0043, 0x0088, 0x0050, 0x015F, 0x01E8, 0x0121, 0x0073, 0x017E,
+ 0x00BC, 0x00C2, 0x00C9, 0x0173, 0x0189, 0x01F5, 0x0074, 0x01CC, 0x01E6,
+ 0x01A8, 0x0195, 0x001F, 0x0041, 0x000D, 0x01BA, 0x0032, 0x003D, 0x01D1,
+ 0x0080, 0x00A8, 0x0057, 0x01B9, 0x0162, 0x0148, 0x00D9, 0x0105, 0x0062,
+ 0x007A, 0x0021, 0x01FF, 0x0112, 0x0108, 0x01C0, 0x00A9, 0x011D, 0x01B0,
+ 0x01A6, 0x00CD, 0x00F3, 0x005C, 0x0102, 0x005B, 0x01D9, 0x0144, 0x01F6,
+ 0x00AD, 0x00A5, 0x003A, 0x01CB, 0x0136, 0x017F, 0x0046, 0x00E1, 0x001E,
+ 0x01DD, 0x00E6, 0x0137, 0x01FA, 0x0185, 0x008C, 0x008F, 0x0040, 0x01B5,
+ 0x00BE, 0x0078, 0x0000, 0x00AC, 0x0110, 0x015E, 0x0124, 0x0002, 0x01BC,
+ 0x00A2, 0x00EA, 0x0070, 0x01FC, 0x0116, 0x015C, 0x004C, 0x01C2 };
+
+const byte MISTY1::EK_ORDER[100] = {
+ 0x00, 0x0E, 0x0A, 0x04, 0x00, 0x15, 0x1D, 0x02, 0x11, 0x19, 0x07, 0x13,
+ 0x1B, 0x04, 0x01, 0x16, 0x1E, 0x03, 0x12, 0x1A, 0x00, 0x14, 0x1C, 0x05,
+ 0x01, 0x0F, 0x0B, 0x05, 0x02, 0x17, 0x1F, 0x04, 0x13, 0x1B, 0x01, 0x15,
+ 0x1D, 0x06, 0x03, 0x10, 0x18, 0x05, 0x14, 0x1C, 0x02, 0x16, 0x1E, 0x07,
+ 0x02, 0x08, 0x0C, 0x06, 0x04, 0x11, 0x19, 0x06, 0x15, 0x1D, 0x03, 0x17,
+ 0x1F, 0x00, 0x05, 0x12, 0x1A, 0x07, 0x16, 0x1E, 0x04, 0x10, 0x18, 0x01,
+ 0x03, 0x09, 0x0D, 0x07, 0x06, 0x13, 0x1B, 0x00, 0x17, 0x1F, 0x05, 0x11,
+ 0x19, 0x02, 0x07, 0x14, 0x1C, 0x01, 0x10, 0x18, 0x06, 0x12, 0x1A, 0x03,
+ 0x04, 0x0A, 0x0E, 0x00 };
+
+const byte MISTY1::DK_ORDER[100] = {
+ 0x00, 0x0E, 0x0A, 0x04, 0x07, 0x14, 0x1C, 0x01, 0x10, 0x18, 0x06, 0x12,
+ 0x1A, 0x03, 0x06, 0x13, 0x1B, 0x00, 0x17, 0x1F, 0x05, 0x11, 0x19, 0x02,
+ 0x07, 0x0D, 0x09, 0x03, 0x05, 0x12, 0x1A, 0x07, 0x16, 0x1E, 0x04, 0x10,
+ 0x18, 0x01, 0x04, 0x11, 0x19, 0x06, 0x15, 0x1D, 0x03, 0x17, 0x1F, 0x00,
+ 0x06, 0x0C, 0x08, 0x02, 0x03, 0x10, 0x18, 0x05, 0x14, 0x1C, 0x02, 0x16,
+ 0x1E, 0x07, 0x02, 0x17, 0x1F, 0x04, 0x13, 0x1B, 0x01, 0x15, 0x1D, 0x06,
+ 0x05, 0x0B, 0x0F, 0x01, 0x01, 0x16, 0x1E, 0x03, 0x12, 0x1A, 0x00, 0x14,
+ 0x1C, 0x05, 0x00, 0x15, 0x1D, 0x02, 0x11, 0x19, 0x07, 0x13, 0x1B, 0x04,
+ 0x04, 0x0A, 0x0E, 0x00 };
+
+}
diff --git a/src/misty1.cpp b/src/misty1.cpp
new file mode 100644
index 000000000..53c12a5cf
--- /dev/null
+++ b/src/misty1.cpp
@@ -0,0 +1,149 @@
+/*************************************************
+* MISTY1 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/misty1.h>
+#include <botan/bit_ops.h>
+#include <botan/parsing.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* MISTY1 FI Function *
+*************************************************/
+u16bit FI(u16bit input, u16bit key7, u16bit key9)
+ {
+ u16bit D9 = input >> 7, D7 = input & 0x7F;
+ D9 = MISTY1_SBOX_S9[D9] ^ D7;
+ D7 = (MISTY1_SBOX_S7[D7] ^ key7 ^ D9) & 0x7F;
+ D9 = MISTY1_SBOX_S9[D9 ^ key9] ^ D7;
+ return (u16bit)((D7 << 9) | D9);
+ }
+
+}
+
+/*************************************************
+* MISTY1 Encryption *
+*************************************************/
+void MISTY1::enc(const byte in[], byte out[]) const
+ {
+ u16bit B0 = make_u16bit(in[0], in[1]), B1 = make_u16bit(in[2], in[3]),
+ B2 = make_u16bit(in[4], in[5]), B3 = make_u16bit(in[6], in[7]);
+
+ for(u32bit j = 0; j != 12; j += 3)
+ {
+ const u16bit* RK = EK + 8 * j;
+
+ B1 ^= B0 & RK[0];
+ B0 ^= B1 | RK[1];
+ B3 ^= B2 & RK[2];
+ B2 ^= B3 | RK[3];
+
+ u32bit T0, T1;
+
+ T0 = FI(B0 ^ RK[ 4], RK[ 5], RK[ 6]) ^ B1;
+ T1 = FI(B1 ^ RK[ 7], RK[ 8], RK[ 9]) ^ T0;
+ T0 = FI(T0 ^ RK[10], RK[11], RK[12]) ^ T1;
+
+ B2 ^= T1 ^ RK[13];
+ B3 ^= T0;
+
+ T0 = FI(B2 ^ RK[14], RK[15], RK[16]) ^ B3;
+ T1 = FI(B3 ^ RK[17], RK[18], RK[19]) ^ T0;
+ T0 = FI(T0 ^ RK[20], RK[21], RK[22]) ^ T1;
+
+ B0 ^= T1 ^ RK[23];
+ B1 ^= T0;
+ }
+
+ B1 ^= B0 & EK[96];
+ B0 ^= B1 | EK[97];
+ B3 ^= B2 & EK[98];
+ B2 ^= B3 | EK[99];
+
+ out[0] = get_byte(0, B2); out[1] = get_byte(1, B2);
+ out[2] = get_byte(0, B3); out[3] = get_byte(1, B3);
+ out[4] = get_byte(0, B0); out[5] = get_byte(1, B0);
+ out[6] = get_byte(0, B1); out[7] = get_byte(1, B1);
+ }
+
+/*************************************************
+* MISTY1 Decryption *
+*************************************************/
+void MISTY1::dec(const byte in[], byte out[]) const
+ {
+ u16bit B0 = make_u16bit(in[4], in[5]), B1 = make_u16bit(in[6], in[7]),
+ B2 = make_u16bit(in[0], in[1]), B3 = make_u16bit(in[2], in[3]);
+
+ for(u32bit j = 0; j != 12; j += 3)
+ {
+ const u16bit* RK = DK + 8 * j;
+
+ B2 ^= B3 | RK[0];
+ B3 ^= B2 & RK[1];
+ B0 ^= B1 | RK[2];
+ B1 ^= B0 & RK[3];
+
+ u32bit T0, T1;
+
+ T0 = FI(B2 ^ RK[ 4], RK[ 5], RK[ 6]) ^ B3;
+ T1 = FI(B3 ^ RK[ 7], RK[ 8], RK[ 9]) ^ T0;
+ T0 = FI(T0 ^ RK[10], RK[11], RK[12]) ^ T1;
+
+ B0 ^= T1 ^ RK[13];
+ B1 ^= T0;
+
+ T0 = FI(B0 ^ RK[14], RK[15], RK[16]) ^ B1;
+ T1 = FI(B1 ^ RK[17], RK[18], RK[19]) ^ T0;
+ T0 = FI(T0 ^ RK[20], RK[21], RK[22]) ^ T1;
+
+ B2 ^= T1 ^ RK[23];
+ B3 ^= T0;
+ }
+
+ B2 ^= B3 | DK[96];
+ B3 ^= B2 & DK[97];
+ B0 ^= B1 | DK[98];
+ B1 ^= B0 & DK[99];
+
+ out[0] = get_byte(0, B0); out[1] = get_byte(1, B0);
+ out[2] = get_byte(0, B1); out[3] = get_byte(1, B1);
+ out[4] = get_byte(0, B2); out[5] = get_byte(1, B2);
+ out[6] = get_byte(0, B3); out[7] = get_byte(1, B3);
+ }
+
+/*************************************************
+* MISTY1 Key Schedule *
+*************************************************/
+void MISTY1::key(const byte key[], u32bit length)
+ {
+ SecureBuffer<u16bit, 32> KS;
+ for(u32bit j = 0; j != length / 2; ++j)
+ KS[j] = make_u16bit(key[2*j], key[2*j+1]);
+ for(u32bit j = 0; j != 8; ++j)
+ {
+ KS[j+ 8] = FI(KS[j], KS[(j+1) % 8] >> 9, KS[(j+1) % 8] & 0x1FF);
+ KS[j+16] = KS[j+8] >> 9;
+ KS[j+24] = KS[j+8] & 0x1FF;
+ }
+ for(u32bit j = 0; j != 100; ++j)
+ {
+ EK[j] = KS[EK_ORDER[j]];
+ DK[j] = KS[DK_ORDER[j]];
+ }
+ }
+
+/*************************************************
+* MISTY1 Constructor *
+*************************************************/
+MISTY1::MISTY1(u32bit rounds) : BlockCipher(8, 16)
+ {
+ if(rounds != 8)
+ throw Invalid_Argument("MISTY1: Invalid number of rounds: "
+ + to_string(rounds));
+ }
+
+}
diff --git a/src/mlock.cpp b/src/mlock.cpp
new file mode 100644
index 000000000..c4f8c2e70
--- /dev/null
+++ b/src/mlock.cpp
@@ -0,0 +1,24 @@
+/*************************************************
+* Memory Locking Functions Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/util.h>
+
+namespace Botan {
+
+/*************************************************
+* Lock an area of memory into RAM *
+*************************************************/
+void lock_mem(void*, u32bit)
+ {
+ }
+
+/*************************************************
+* Unlock a previously locked region of memory *
+*************************************************/
+void unlock_mem(void*, u32bit)
+ {
+ }
+
+}
diff --git a/src/mode_pad.cpp b/src/mode_pad.cpp
new file mode 100644
index 000000000..7fbcb2fc4
--- /dev/null
+++ b/src/mode_pad.cpp
@@ -0,0 +1,125 @@
+/*************************************************
+* CBC Padding Methods Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/mode_pad.h>
+#include <botan/util.h>
+
+namespace Botan {
+
+/*************************************************
+* Default amount of padding *
+*************************************************/
+u32bit BlockCipherModePaddingMethod::pad_bytes(u32bit bs, u32bit pos) const
+ {
+ return (bs - pos);
+ }
+
+/*************************************************
+* Pad with PKCS #7 Method *
+*************************************************/
+void PKCS7_Padding::pad(byte block[], u32bit size, u32bit position) const
+ {
+ for(u32bit j = 0; j != size; ++j)
+ block[j] = (size-position);
+ }
+
+/*************************************************
+* Unpad with PKCS #7 Method *
+*************************************************/
+u32bit PKCS7_Padding::unpad(const byte block[], u32bit size) const
+ {
+ u32bit position = block[size-1];
+ if(position > size)
+ throw Decoding_Error(name());
+ for(u32bit j = size-position; j != size-1; ++j)
+ if(block[j] != position)
+ throw Decoding_Error(name());
+ return (size-position);
+ }
+
+/*************************************************
+* Query if the size is valid for this method *
+*************************************************/
+bool PKCS7_Padding::valid_blocksize(u32bit size) const
+ {
+ if(size > 0 && size < 256)
+ return true;
+ else
+ return false;
+ }
+
+/*************************************************
+* Pad with ANSI X9.23 Method *
+*************************************************/
+void ANSI_X923_Padding::pad(byte block[], u32bit size, u32bit position) const
+ {
+ for(u32bit j = 0; j != size-position; ++j)
+ block[j] = 0;
+ block[size-position-1] = (size-position);
+ }
+
+/*************************************************
+* Unpad with ANSI X9.23 Method *
+*************************************************/
+u32bit ANSI_X923_Padding::unpad(const byte block[], u32bit size) const
+ {
+ u32bit position = block[size-1];
+ if(position > size)
+ throw Decoding_Error(name());
+ for(u32bit j = size-position; j != size-1; ++j)
+ if(block[j] != 0)
+ throw Decoding_Error(name());
+ return (size-position);
+ }
+
+/*************************************************
+* Query if the size is valid for this method *
+*************************************************/
+bool ANSI_X923_Padding::valid_blocksize(u32bit size) const
+ {
+ if(size > 0 && size < 256)
+ return true;
+ else
+ return false;
+ }
+
+/*************************************************
+* Pad with One and Zeros Method *
+*************************************************/
+void OneAndZeros_Padding::pad(byte block[], u32bit size, u32bit) const
+ {
+ block[0] = 0x80;
+ for(u32bit j = 1; j != size; ++j)
+ block[j] = 0x00;
+ }
+
+/*************************************************
+* Unpad with One and Zeros Method *
+*************************************************/
+u32bit OneAndZeros_Padding::unpad(const byte block[], u32bit size) const
+ {
+ while(size)
+ {
+ if(block[size-1] == 0x80)
+ break;
+ if(block[size-1] != 0x00)
+ throw Decoding_Error(name());
+ size--;
+ }
+ if(!size)
+ throw Decoding_Error(name());
+ return (size-1);
+ }
+
+/*************************************************
+* Query if the size is valid for this method *
+*************************************************/
+bool OneAndZeros_Padding::valid_blocksize(u32bit size) const
+ {
+ if(size) return true;
+ else return false;
+ }
+
+}
diff --git a/src/modebase.cpp b/src/modebase.cpp
new file mode 100644
index 000000000..7c85e81d4
--- /dev/null
+++ b/src/modebase.cpp
@@ -0,0 +1,53 @@
+/*************************************************
+* Block Cipher Mode Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/modebase.h>
+#include <botan/lookup.h>
+
+namespace Botan {
+
+/*************************************************
+* Block Cipher Mode Constructor *
+*************************************************/
+BlockCipherMode::BlockCipherMode(const std::string& cipher_name,
+ const std::string& cipher_mode_name,
+ u32bit iv_size, u32bit iv_meth,
+ u32bit buf_mult) :
+ BLOCK_SIZE(block_size_of(cipher_name)), BUFFER_SIZE(buf_mult * BLOCK_SIZE),
+ IV_METHOD(iv_meth), mode_name(cipher_mode_name)
+ {
+ base_ptr = cipher = get_block_cipher(cipher_name);
+ buffer.create(BUFFER_SIZE);
+ state.create(iv_size);
+ position = 0;
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string BlockCipherMode::name() const
+ {
+ return (cipher->name() + "/" + mode_name);
+ }
+
+/*************************************************
+* Set the IV *
+*************************************************/
+void BlockCipherMode::set_iv(const InitializationVector& new_iv)
+ {
+ if(new_iv.length() != state.size())
+ throw Invalid_IV_Length(name(), new_iv.length());
+
+ state = new_iv.bits_of();
+ buffer.clear();
+ position = 0;
+
+ if(IV_METHOD == 1)
+ cipher->encrypt(state, buffer);
+ else if(IV_METHOD == 2)
+ cipher->encrypt(state);
+ }
+
+}
diff --git a/src/modules.cpp b/src/modules.cpp
new file mode 100644
index 000000000..33731100c
--- /dev/null
+++ b/src/modules.cpp
@@ -0,0 +1,187 @@
+/*************************************************
+* Module Factory Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/modules.h>
+#include <botan/es_file.h>
+
+#if defined(BOTAN_EXT_MUTEX_PTHREAD)
+ #include <botan/mux_pthr.h>
+#elif defined(BOTAN_EXT_MUTEX_WIN32)
+ #include <botan/mux_win32.h>
+#elif defined(BOTAN_EXT_MUTEX_QT)
+ #include <botan/mux_qt.h>
+#endif
+
+#if defined(BOTAN_EXT_ALLOC_MMAP)
+ #include <botan/mmap_mem.h>
+#endif
+
+#if defined(BOTAN_EXT_TIMER_HARDWARE)
+ #include <botan/tm_hard.h>
+#elif defined(BOTAN_EXT_TIMER_POSIX)
+ #include <botan/tm_posix.h>
+#elif defined(BOTAN_EXT_TIMER_UNIX)
+ #include <botan/tm_unix.h>
+#elif defined(BOTAN_EXT_TIMER_WIN32)
+ #include <botan/tm_win32.h>
+#endif
+
+#if defined(BOTAN_EXT_ENGINE_AEP)
+ #include <botan/eng_aep.h>
+#endif
+
+#if defined(BOTAN_EXT_ENGINE_GNU_MP)
+ #include <botan/eng_gmp.h>
+#endif
+
+#if defined(BOTAN_EXT_ENGINE_OPENSSL)
+ #include <botan/eng_ossl.h>
+#endif
+
+#if defined(BOTAN_EXT_ENTROPY_SRC_AEP)
+ #include <botan/es_aep.h>
+#endif
+
+#if defined(BOTAN_EXT_ENTROPY_SRC_EGD)
+ #include <botan/es_egd.h>
+#endif
+
+#if defined(BOTAN_EXT_ENTROPY_SRC_UNIX)
+ #include <botan/es_unix.h>
+#endif
+
+#if defined(BOTAN_EXT_ENTROPY_SRC_BEOS)
+ #include <botan/es_beos.h>
+#endif
+
+#if defined(BOTAN_EXT_ENTROPY_SRC_CAPI)
+ #include <botan/es_capi.h>
+#endif
+
+#if defined(BOTAN_EXT_ENTROPY_SRC_WIN32)
+ #include <botan/es_win32.h>
+#endif
+
+#if defined(BOTAN_EXT_ENTROPY_SRC_FTW)
+ #include <botan/es_ftw.h>
+#endif
+
+namespace Botan {
+
+namespace Modules {
+
+/*************************************************
+* Register a mutex type, if possible *
+*************************************************/
+Mutex_Factory* get_mutex_factory()
+ {
+#if defined(BOTAN_EXT_MUTEX_PTHREAD)
+ return new Pthread_Mutex_Factory;
+#elif defined(BOTAN_EXT_MUTEX_WIN32)
+ return new Win32_Mutex_Factory;
+#elif defined(BOTAN_EXT_MUTEX_QT)
+ return new Qt_Mutex_Factory;
+#endif
+
+ return 0;
+ }
+
+/*************************************************
+* Find a high resolution timer, if possible *
+*************************************************/
+Timer* get_timer()
+ {
+#if defined(BOTAN_EXT_TIMER_HARDWARE)
+ return new Hardware_Timer;
+#elif defined(BOTAN_EXT_TIMER_POSIX)
+ return new POSIX_Timer;
+#elif defined(BOTAN_EXT_TIMER_UNIX)
+ return new Unix_Timer;
+#elif defined(BOTAN_EXT_TIMER_WIN32)
+ return new Win32_Timer;
+#endif
+
+ return 0;
+ }
+
+/*************************************************
+* Find any usable allocators *
+*************************************************/
+std::map<std::string, Allocator*> get_allocators()
+ {
+ std::map<std::string, Allocator*> allocators;
+
+#if defined(BOTAN_EXT_ALLOC_MMAP)
+ allocators["mmap"] = new MemoryMapping_Allocator;
+#endif
+
+ return allocators;
+ }
+
+/*************************************************
+* Register any usable entropy sources *
+*************************************************/
+std::vector<EntropySource*> get_entropy_sources()
+ {
+ std::vector<EntropySource*> sources;
+
+ sources.push_back(new File_EntropySource);
+
+#if defined(BOTAN_EXT_ENTROPY_SRC_AEP)
+ sources.push_back(new AEP_EntropySource);
+#endif
+
+#if defined(BOTAN_EXT_ENTROPY_SRC_EGD)
+ sources.push_back(new EGD_EntropySource);
+#endif
+
+#if defined(BOTAN_EXT_ENTROPY_SRC_CAPI)
+ sources.push_back(new Win32_CAPI_EntropySource);
+#endif
+
+#if defined(BOTAN_EXT_ENTROPY_SRC_WIN32)
+ sources.push_back(new Win32_EntropySource);
+#endif
+
+#if defined(BOTAN_EXT_ENTROPY_SRC_UNIX)
+ sources.push_back(new Unix_EntropySource);
+#endif
+
+#if defined(BOTAN_EXT_ENTROPY_SRC_BEOS)
+ sources.push_back(new BeOS_EntropySource);
+#endif
+
+#if defined(BOTAN_EXT_ENTROPY_SRC_FTW)
+ sources.push_back(new FTW_EntropySource);
+#endif
+
+ return sources;
+ }
+
+/*************************************************
+* Find any usable engines *
+*************************************************/
+std::vector<Engine*> get_engines()
+ {
+ std::vector<Engine*> engines;
+
+#if defined(BOTAN_EXT_ENGINE_AEP)
+ engines.push_back(new AEP_Engine);
+#endif
+
+#if defined(BOTAN_EXT_ENGINE_GNU_MP)
+ engines.push_back(new GMP_Engine);
+#endif
+
+#if defined(BOTAN_EXT_ENGINE_OPENSSL)
+ engines.push_back(new OpenSSL_Engine);
+#endif
+
+ return engines;
+ }
+
+}
+
+}
diff --git a/src/mp_asm.cpp b/src/mp_asm.cpp
new file mode 100644
index 000000000..ec2e31011
--- /dev/null
+++ b/src/mp_asm.cpp
@@ -0,0 +1,237 @@
+/*************************************************
+* Lowest Level MPI Algorithms Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/mp_asm.h>
+#include <botan/mp_asmi.h>
+#include <botan/mp_core.h>
+#include <botan/mem_ops.h>
+
+namespace Botan {
+
+extern "C" {
+
+/*************************************************
+* Two Operand Addition, No Carry *
+*************************************************/
+word bigint_add2_nc(word x[], u32bit x_size, const word y[], u32bit y_size)
+ {
+ word carry = 0;
+
+ const u32bit blocks = y_size - (y_size % 8);
+
+ for(u32bit j = 0; j != blocks; j += 8)
+ carry = word8_add2(x + j, y + j, carry);
+
+ for(u32bit j = blocks; j != y_size; ++j)
+ x[j] = word_add(x[j], y[j], &carry);
+
+ if(!carry)
+ return 0;
+
+ for(u32bit j = y_size; j != x_size; ++j)
+ if(++x[j])
+ return 0;
+
+ return 1;
+ }
+
+/*************************************************
+* Three Operand Addition, No Carry *
+*************************************************/
+word bigint_add3_nc(word z[], const word x[], u32bit x_size,
+ const word y[], u32bit y_size)
+ {
+ if(x_size < y_size)
+ { return bigint_add3_nc(z, y, y_size, x, x_size); }
+
+ word carry = 0;
+
+ const u32bit blocks = y_size - (y_size % 8);
+
+ for(u32bit j = 0; j != blocks; j += 8)
+ carry = word8_add3(z + j, x + j, y + j, carry);
+
+ for(u32bit j = blocks; j != y_size; ++j)
+ z[j] = word_add(x[j], y[j], &carry);
+
+ for(u32bit j = y_size; j != x_size; ++j)
+ {
+ word x_j = x[j] + carry;
+ if(carry && x_j)
+ carry = 0;
+ z[j] = x_j;
+ }
+
+ return carry;
+ }
+
+/*************************************************
+* Two Operand Addition *
+*************************************************/
+void bigint_add2(word x[], u32bit x_size, const word y[], u32bit y_size)
+ {
+ if(bigint_add2_nc(x, x_size, y, y_size))
+ ++x[x_size];
+ }
+
+/*************************************************
+* Three Operand Addition *
+*************************************************/
+void bigint_add3(word z[], const word x[], u32bit x_size,
+ const word y[], u32bit y_size)
+ {
+ if(bigint_add3_nc(z, x, x_size, y, y_size))
+ ++z[(x_size > y_size ? x_size : y_size)];
+ }
+
+/*************************************************
+* Two Operand Subtraction *
+*************************************************/
+void bigint_sub2(word x[], u32bit x_size, const word y[], u32bit y_size)
+ {
+ word carry = 0;
+
+ const u32bit blocks = y_size - (y_size % 8);
+
+ for(u32bit j = 0; j != blocks; j += 8)
+ carry = word8_sub2(x + j, y + j, carry);
+
+ for(u32bit j = blocks; j != y_size; ++j)
+ x[j] = word_sub(x[j], y[j], &carry);
+
+ if(!carry) return;
+
+ for(u32bit j = y_size; j != x_size; ++j)
+ {
+ --x[j];
+ if(x[j] != MP_WORD_MAX) return;
+ }
+ }
+
+/*************************************************
+* Three Operand Subtraction *
+*************************************************/
+void bigint_sub3(word z[], const word x[], u32bit x_size,
+ const word y[], u32bit y_size)
+ {
+ word carry = 0;
+
+ const u32bit blocks = y_size - (y_size % 8);
+
+ for(u32bit j = 0; j != blocks; j += 8)
+ carry = word8_sub3(z + j, x + j, y + j, carry);
+
+ for(u32bit j = blocks; j != y_size; ++j)
+ z[j] = word_sub(x[j], y[j], &carry);
+
+ for(u32bit j = y_size; j != x_size; ++j)
+ {
+ word x_j = x[j] - carry;
+ if(carry && x_j != MP_WORD_MAX)
+ carry = 0;
+ z[j] = x_j;
+ }
+ }
+
+/*************************************************
+* Two Operand Linear Multiply *
+*************************************************/
+void bigint_linmul2(word x[], u32bit x_size, word y)
+ {
+ const u32bit blocks = x_size - (x_size % 8);
+
+ word carry = 0;
+
+ for(u32bit j = 0; j != blocks; j += 8)
+ carry = word8_linmul2(x + j, y, carry);
+
+ for(u32bit j = blocks; j != x_size; ++j)
+ x[j] = word_madd2(x[j], y, carry, &carry);
+
+ x[x_size] = carry;
+ }
+
+/*************************************************
+* Three Operand Linear Multiply *
+*************************************************/
+void bigint_linmul3(word z[], const word x[], u32bit x_size, word y)
+ {
+ const u32bit blocks = x_size - (x_size % 8);
+
+ word carry = 0;
+
+ for(u32bit j = 0; j != blocks; j += 8)
+ carry = word8_linmul3(z + j, x + j, y, carry);
+
+ for(u32bit j = blocks; j != x_size; ++j)
+ z[j] = word_madd2(x[j], y, carry, &carry);
+
+ z[x_size] = carry;
+ }
+
+/*************************************************
+* Simple O(N^2) Multiplication *
+*************************************************/
+void bigint_simple_mul(word z[], const word x[], u32bit x_size,
+ const word y[], u32bit y_size)
+ {
+ const u32bit blocks = y_size - (y_size % 8);
+
+ clear_mem(z, x_size + y_size);
+
+ for(u32bit j = 0; j != x_size; ++j)
+ {
+ const word x_j = x[j];
+ word carry = 0;
+
+ for(u32bit k = 0; k != blocks; k += 8)
+ carry = word8_madd3(z + j + k, y + k, x_j, carry);
+
+ for(u32bit k = blocks; k != y_size; ++k)
+ z[j+k] = word_madd3(x_j, y[k], z[j+k], carry, &carry);
+
+ z[j+y_size] = carry;
+ }
+ }
+
+/*************************************************
+* Montgomery Reduction Algorithm *
+*************************************************/
+void montgomery_reduce(word z[], u32bit z_size,
+ const word x[], u32bit x_size, word u)
+ {
+ for(u32bit j = 0; j != x_size; ++j)
+ {
+ word* z_j = z + j;
+
+ const word y = z_j[0] * u;
+ word carry = 0;
+
+ const u32bit blocks = x_size - (x_size % 8);
+
+ for(u32bit k = 0; k != blocks; k += 8)
+ carry = word8_madd3(z_j + k, x + k, y, carry);
+
+ for(u32bit k = blocks; k != x_size; ++k)
+ z_j[k] = word_madd3(x[k], y, z_j[k], carry, &carry);
+
+ word carry2 = 0;
+ z_j[x_size] = word_add(z_j[x_size], carry, &carry2);
+ carry = carry2;
+
+ for(u32bit k = x_size + 1; carry && k != z_size - j; ++k)
+ {
+ ++z_j[k];
+ carry = !z_j[k];
+ }
+ }
+
+ if(bigint_cmp(z + x_size, x_size + 1, x, x_size) >= 0)
+ bigint_sub2(z + x_size, x_size + 1, x, x_size);
+ }
+
+}
+
+}
diff --git a/src/mp_comba.cpp b/src/mp_comba.cpp
new file mode 100644
index 000000000..450d955a7
--- /dev/null
+++ b/src/mp_comba.cpp
@@ -0,0 +1,384 @@
+/*************************************************
+* Comba Multiplication and Squaring Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/mp_core.h>
+#include <botan/mp_asm.h>
+
+namespace Botan {
+
+extern "C" {
+
+/*************************************************
+* Comba 4x4 Multiplication *
+*************************************************/
+void bigint_comba_mul4(word z[8], const word x[4], const word y[4])
+ {
+ word w2 = 0, w1 = 0, w0 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[0]);
+ z[0] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[0]);
+ z[1] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[0]);
+ z[2] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[0]);
+ z[3] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[1], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[1]);
+ z[4] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[2], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[2]);
+ z[5] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[3], y[3]);
+ z[6] = w0;
+ z[7] = w1;
+ }
+
+/*************************************************
+* Comba 6x6 Multiplication *
+*************************************************/
+void bigint_comba_mul6(word z[12], const word x[6], const word y[6])
+ {
+ word w2 = 0, w1 = 0, w0 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[0]);
+ z[0] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[0]);
+ z[1] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[0]);
+ z[2] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[0]);
+ z[3] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[4]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[4], y[0]);
+ z[4] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[5]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[4]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[4], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[5], y[0]);
+ z[5] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[1], y[5]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[4]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[4], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[5], y[1]);
+ z[6] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[2], y[5]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[4]);
+ word3_muladd(&w2, &w1, &w0, x[4], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[5], y[2]);
+ z[7] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[3], y[5]);
+ word3_muladd(&w2, &w1, &w0, x[4], y[4]);
+ word3_muladd(&w2, &w1, &w0, x[5], y[3]);
+ z[8] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[4], y[5]);
+ word3_muladd(&w2, &w1, &w0, x[5], y[4]);
+ z[9] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[5], y[5]);
+ z[10] = w0;
+ z[11] = w1;
+ }
+
+/*************************************************
+* Comba 8x8 Multiplication *
+*************************************************/
+void bigint_comba_mul8(word z[16], const word x[8], const word y[8])
+ {
+ word w2 = 0, w1 = 0, w0 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[0]);
+ z[0] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[0]);
+ z[1] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[0]);
+ z[2] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[0]);
+ z[3] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[4]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[4], y[0]);
+ z[4] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[5]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[4]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[4], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[5], y[0]);
+ z[5] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[6]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[5]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[4]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[4], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[5], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[6], y[0]);
+ z[6] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], y[7]);
+ word3_muladd(&w2, &w1, &w0, x[1], y[6]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[5]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[4]);
+ word3_muladd(&w2, &w1, &w0, x[4], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[5], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[6], y[1]);
+ word3_muladd(&w2, &w1, &w0, x[7], y[0]);
+ z[7] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[1], y[7]);
+ word3_muladd(&w2, &w1, &w0, x[2], y[6]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[5]);
+ word3_muladd(&w2, &w1, &w0, x[4], y[4]);
+ word3_muladd(&w2, &w1, &w0, x[5], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[6], y[2]);
+ word3_muladd(&w2, &w1, &w0, x[7], y[1]);
+ z[8] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[2], y[7]);
+ word3_muladd(&w2, &w1, &w0, x[3], y[6]);
+ word3_muladd(&w2, &w1, &w0, x[4], y[5]);
+ word3_muladd(&w2, &w1, &w0, x[5], y[4]);
+ word3_muladd(&w2, &w1, &w0, x[6], y[3]);
+ word3_muladd(&w2, &w1, &w0, x[7], y[2]);
+ z[9] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[3], y[7]);
+ word3_muladd(&w2, &w1, &w0, x[4], y[6]);
+ word3_muladd(&w2, &w1, &w0, x[5], y[5]);
+ word3_muladd(&w2, &w1, &w0, x[6], y[4]);
+ word3_muladd(&w2, &w1, &w0, x[7], y[3]);
+ z[10] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[4], y[7]);
+ word3_muladd(&w2, &w1, &w0, x[5], y[6]);
+ word3_muladd(&w2, &w1, &w0, x[6], y[5]);
+ word3_muladd(&w2, &w1, &w0, x[7], y[4]);
+ z[11] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[5], y[7]);
+ word3_muladd(&w2, &w1, &w0, x[6], y[6]);
+ word3_muladd(&w2, &w1, &w0, x[7], y[5]);
+ z[12] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[6], y[7]);
+ word3_muladd(&w2, &w1, &w0, x[7], y[6]);
+ z[13] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[7], y[7]);
+ z[14] = w0;
+ z[15] = w1;
+ }
+
+/*************************************************
+* Comba 4x4 Squaring *
+*************************************************/
+void bigint_comba_sqr4(word z[8], const word x[4])
+ {
+ word w2 = 0, w1 = 0, w0 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], x[0]);
+ z[0] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[1]);
+ z[1] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[2]);
+ word3_muladd(&w2, &w1, &w0, x[1], x[1]);
+ z[2] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[3]);
+ word3_muladd_2(&w2, &w1, &w0, x[1], x[2]);
+ z[3] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[1], x[3]);
+ word3_muladd(&w2, &w1, &w0, x[2], x[2]);
+ z[4] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[2], x[3]);
+ z[5] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[3], x[3]);
+ z[6] = w0;
+ z[7] = w1;
+ }
+
+/*************************************************
+* Comba 6x6 Squaring *
+*************************************************/
+void bigint_comba_sqr6(word z[12], const word x[6])
+ {
+ word w2 = 0, w1 = 0, w0 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], x[0]);
+ z[0] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[1]);
+ z[1] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[2]);
+ word3_muladd(&w2, &w1, &w0, x[1], x[1]);
+ z[2] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[3]);
+ word3_muladd_2(&w2, &w1, &w0, x[1], x[2]);
+ z[3] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[4]);
+ word3_muladd_2(&w2, &w1, &w0, x[1], x[3]);
+ word3_muladd(&w2, &w1, &w0, x[2], x[2]);
+ z[4] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[5]);
+ word3_muladd_2(&w2, &w1, &w0, x[1], x[4]);
+ word3_muladd_2(&w2, &w1, &w0, x[2], x[3]);
+ z[5] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[1], x[5]);
+ word3_muladd_2(&w2, &w1, &w0, x[2], x[4]);
+ word3_muladd(&w2, &w1, &w0, x[3], x[3]);
+ z[6] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[2], x[5]);
+ word3_muladd_2(&w2, &w1, &w0, x[3], x[4]);
+ z[7] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[3], x[5]);
+ word3_muladd(&w2, &w1, &w0, x[4], x[4]);
+ z[8] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[4], x[5]);
+ z[9] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[5], x[5]);
+ z[10] = w0;
+ z[11] = w1;
+ }
+
+/*************************************************
+* Comba 8x8 Squaring *
+*************************************************/
+void bigint_comba_sqr8(word z[16], const word x[8])
+ {
+ word w2 = 0, w1 = 0, w0 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[0], x[0]);
+ z[0] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[1]);
+ z[1] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[2]);
+ word3_muladd(&w2, &w1, &w0, x[1], x[1]);
+ z[2] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[3]);
+ word3_muladd_2(&w2, &w1, &w0, x[1], x[2]);
+ z[3] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[4]);
+ word3_muladd_2(&w2, &w1, &w0, x[1], x[3]);
+ word3_muladd(&w2, &w1, &w0, x[2], x[2]);
+ z[4] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[5]);
+ word3_muladd_2(&w2, &w1, &w0, x[1], x[4]);
+ word3_muladd_2(&w2, &w1, &w0, x[2], x[3]);
+ z[5] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[6]);
+ word3_muladd_2(&w2, &w1, &w0, x[1], x[5]);
+ word3_muladd_2(&w2, &w1, &w0, x[2], x[4]);
+ word3_muladd(&w2, &w1, &w0, x[3], x[3]);
+ z[6] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[0], x[7]);
+ word3_muladd_2(&w2, &w1, &w0, x[1], x[6]);
+ word3_muladd_2(&w2, &w1, &w0, x[2], x[5]);
+ word3_muladd_2(&w2, &w1, &w0, x[3], x[4]);
+ z[7] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[1], x[7]);
+ word3_muladd_2(&w2, &w1, &w0, x[2], x[6]);
+ word3_muladd_2(&w2, &w1, &w0, x[3], x[5]);
+ word3_muladd(&w2, &w1, &w0, x[4], x[4]);
+ z[8] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[2], x[7]);
+ word3_muladd_2(&w2, &w1, &w0, x[3], x[6]);
+ word3_muladd_2(&w2, &w1, &w0, x[4], x[5]);
+ z[9] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[3], x[7]);
+ word3_muladd_2(&w2, &w1, &w0, x[4], x[6]);
+ word3_muladd(&w2, &w1, &w0, x[5], x[5]);
+ z[10] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[4], x[7]);
+ word3_muladd_2(&w2, &w1, &w0, x[5], x[6]);
+ z[11] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[5], x[7]);
+ word3_muladd(&w2, &w1, &w0, x[6], x[6]);
+ z[12] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd_2(&w2, &w1, &w0, x[6], x[7]);
+ z[13] = w0; w0 = w1; w1 = w2; w2 = 0;
+
+ word3_muladd(&w2, &w1, &w0, x[7], x[7]);
+ z[14] = w0;
+ z[15] = w1;
+ }
+
+}
+
+}
diff --git a/src/mp_misc.cpp b/src/mp_misc.cpp
new file mode 100644
index 000000000..4b5cf1fc9
--- /dev/null
+++ b/src/mp_misc.cpp
@@ -0,0 +1,117 @@
+/*************************************************
+* MP Misc Functions Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/mp_core.h>
+#include <botan/mp_asm.h>
+
+namespace Botan {
+
+extern "C" {
+
+/*************************************************
+* Core Division Operation *
+*************************************************/
+u32bit bigint_divcore(word q, word y1, word y2,
+ word x1, word x2, word x3)
+ {
+ word y0 = 0;
+ y2 = word_madd2(q, y2, 0, &y0);
+ y1 = word_madd2(q, y1, y0, &y0);
+
+ if(y0 > x1) return 1;
+ if(y0 < x1) return 0;
+ if(y1 > x2) return 1;
+ if(y1 < x2) return 0;
+ if(y2 > x3) return 1;
+ if(y2 < x3) return 0;
+ return 0;
+ }
+
+/*************************************************
+* Compare two MP integers *
+*************************************************/
+s32bit bigint_cmp(const word x[], u32bit x_size,
+ const word y[], u32bit y_size)
+ {
+ if(x_size < y_size) { return (-bigint_cmp(y, y_size, x, x_size)); }
+
+ while(x_size > y_size)
+ {
+ if(x[x_size-1])
+ return 1;
+ x_size--;
+ }
+ for(u32bit j = x_size; j > 0; --j)
+ {
+ if(x[j-1] > y[j-1]) return 1;
+ if(x[j-1] < y[j-1]) return -1;
+ }
+ return 0;
+ }
+
+/*************************************************
+* Do a 2-word/1-word Division *
+*************************************************/
+word bigint_divop(word n1, word n0, word d)
+ {
+ word high = n1 % d;
+ word quotient = 0;
+ for(u32bit j = 0; j != MP_WORD_BITS; ++j)
+ {
+ const word mask = (word)1 << (MP_WORD_BITS-1-j);
+ const bool high_top_bit = (high & MP_WORD_TOP_BIT) ? true : false;
+
+ high = (high << 1) | ((n0 & mask) >> (MP_WORD_BITS-1-j));
+
+ if(high_top_bit || high >= d)
+ {
+ high -= d;
+ quotient |= mask;
+ }
+ }
+ return quotient;
+ }
+
+/*************************************************
+* Do a 2-word/1-word Modulo *
+*************************************************/
+word bigint_modop(word n1, word n0, word d)
+ {
+ word z = bigint_divop(n1, n0, d);
+ word dummy = 0;
+ z = word_madd2(z, d, 0, &dummy);
+ return (n0-z);
+ }
+
+/*************************************************
+* Do a word*word->2-word Multiply *
+*************************************************/
+void bigint_wordmul(word a, word b, word* out_low, word* out_high)
+ {
+ const u32bit MP_HWORD_BITS = MP_WORD_BITS / 2;
+ const word MP_HWORD_MASK = ((word)1 << MP_HWORD_BITS) - 1;
+
+ const word a_hi = (a >> MP_HWORD_BITS);
+ const word a_lo = (a & MP_HWORD_MASK);
+ const word b_hi = (b >> MP_HWORD_BITS);
+ const word b_lo = (b & MP_HWORD_MASK);
+
+ word x0 = a_hi * b_hi;
+ word x1 = a_lo * b_hi;
+ word x2 = a_hi * b_lo;
+ word x3 = a_lo * b_lo;
+
+ x2 += x3 >> (MP_HWORD_BITS);
+ x2 += x1;
+ if(x2 < x1)
+ x0 += ((word)1 << MP_HWORD_BITS);
+
+ *out_high = x0 + (x2 >> MP_HWORD_BITS);
+ *out_low = ((x2 & MP_HWORD_MASK) << MP_HWORD_BITS) + (x3 & MP_HWORD_MASK);
+ }
+
+}
+
+}
diff --git a/src/mp_mul.cpp b/src/mp_mul.cpp
new file mode 100644
index 000000000..f020dff64
--- /dev/null
+++ b/src/mp_mul.cpp
@@ -0,0 +1,170 @@
+/*************************************************
+* Karatsuba Multiplication Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/mp_core.h>
+#include <botan/mem_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Karatsuba Multiplication Operation *
+*************************************************/
+void karatsuba_mul(word z[], const word x[], const word y[], u32bit N,
+ word workspace[])
+ {
+ const u32bit KARATSUBA_MUL_LOWER_SIZE = BOTAN_KARAT_MUL_THRESHOLD;
+
+ if(N == 6)
+ bigint_comba_mul6(z, x, y);
+ else if(N == 8)
+ bigint_comba_mul8(z, x, y);
+ else if(N < KARATSUBA_MUL_LOWER_SIZE || N % 2)
+ bigint_simple_mul(z, x, N, y, N);
+ else
+ {
+ const u32bit N2 = N / 2;
+
+ const word* x0 = x;
+ const word* x1 = x + N2;
+ const word* y0 = y;
+ const word* y1 = y + N2;
+ word* z0 = z;
+ word* z1 = z + N;
+
+ const s32bit cmp0 = bigint_cmp(x0, N2, x1, N2);
+ const s32bit cmp1 = bigint_cmp(y1, N2, y0, N2);
+
+ clear_mem(workspace, 2*N);
+
+ if(cmp0 && cmp1)
+ {
+ if(cmp0 > 0)
+ bigint_sub3(z0, x0, N2, x1, N2);
+ else
+ bigint_sub3(z0, x1, N2, x0, N2);
+
+ if(cmp1 > 0)
+ bigint_sub3(z1, y1, N2, y0, N2);
+ else
+ bigint_sub3(z1, y0, N2, y1, N2);
+
+ karatsuba_mul(workspace, z0, z1, N2, workspace+N);
+ }
+
+ karatsuba_mul(z0, x0, y0, N2, workspace+N);
+ karatsuba_mul(z1, x1, y1, N2, workspace+N);
+
+ word carry = bigint_add3_nc(workspace+N, z0, N, z1, N);
+ carry += bigint_add2_nc(z + N2, N, workspace + N, N);
+ bigint_add2_nc(z + N + N2, N2, &carry, 1);
+
+ if((cmp0 == cmp1) || (cmp0 == 0) || (cmp1 == 0))
+ bigint_add2(z + N2, 2*N-N2, workspace, N);
+ else
+ bigint_sub2(z + N2, 2*N-N2, workspace, N);
+ }
+ }
+
+/*************************************************
+* Pick a good size for the Karatsuba multiply *
+*************************************************/
+u32bit karatsuba_size(u32bit z_size,
+ u32bit x_size, u32bit x_sw,
+ u32bit y_size, u32bit y_sw)
+ {
+ if(x_sw > y_size || y_sw > x_size)
+ return 0;
+ if(((x_size == x_sw) && (x_size % 2)) ||
+ ((y_size == y_sw) && (y_size % 2)))
+ return 0;
+
+ u32bit start = (x_sw > y_sw) ? x_sw : y_sw;
+ u32bit end = (x_size < y_size) ? x_size : y_size;
+
+ if(end < start)
+ return 0;
+
+ if(start == end)
+ {
+ if(start % 2)
+ return 0;
+ return start;
+ }
+
+ for(u32bit j = start; j <= end; ++j)
+ {
+ if(j % 2)
+ continue;
+
+ if(2*j > z_size)
+ return 0;
+
+ if(x_sw <= j && j <= x_size && y_sw <= j && j <= y_size)
+ {
+ if(j % 4 == 2 &&
+ (j+2) <= x_size && (j+2) <= y_size && 2*(j+2) <= z_size)
+ return j+2;
+ return j;
+ }
+ }
+
+ return 0;
+ }
+
+/*************************************************
+* Handle small operand multiplies *
+*************************************************/
+void handle_small_mul(word z[], u32bit z_size,
+ const word x[], u32bit x_size, u32bit x_sw,
+ const word y[], u32bit y_size, u32bit y_sw)
+ {
+ if(x_sw == 1) bigint_linmul3(z, y, y_sw, x[0]);
+ else if(y_sw == 1) bigint_linmul3(z, x, x_sw, y[0]);
+
+ else if(x_sw <= 4 && y_sw <= 4 &&
+ x_size >= 4 && y_size >= 4 && z_size >= 8)
+ bigint_comba_mul4(z, x, y);
+
+ else if(x_sw <= 6 && y_sw <= 6 &&
+ x_size >= 6 && y_size >= 6 && z_size >= 12)
+ bigint_comba_mul6(z, x, y);
+
+ else if(x_sw <= 8 && y_sw <= 8 &&
+ x_size >= 8 && y_size >= 8 && z_size >= 16)
+ bigint_comba_mul8(z, x, y);
+
+ else
+ bigint_simple_mul(z, x, x_sw, y, y_sw);
+ }
+
+}
+
+/*************************************************
+* Multiplication Algorithm Dispatcher *
+*************************************************/
+void bigint_mul(word z[], u32bit z_size, word workspace[],
+ const word x[], u32bit x_size, u32bit x_sw,
+ const word y[], u32bit y_size, u32bit y_sw)
+ {
+ if(x_size <= 8 || y_size <= 8)
+ {
+ handle_small_mul(z, z_size, x, x_size, x_sw, y, y_size, y_sw);
+ return;
+ }
+
+ const u32bit N = karatsuba_size(z_size, x_size, x_sw, y_size, y_sw);
+
+ if(N)
+ {
+ clear_mem(workspace, 2*N);
+ karatsuba_mul(z, x, y, N, workspace);
+ }
+ else
+ bigint_simple_mul(z, x, x_sw, y, y_sw);
+ }
+
+}
diff --git a/src/mp_numth.cpp b/src/mp_numth.cpp
new file mode 100644
index 000000000..8ad7a37e9
--- /dev/null
+++ b/src/mp_numth.cpp
@@ -0,0 +1,69 @@
+/*************************************************
+* Fused and Important MP Algorithms Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/numthry.h>
+#include <botan/mp_core.h>
+#include <botan/util.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* Square a BigInt *
+*************************************************/
+BigInt square(const BigInt& x)
+ {
+ const u32bit x_sw = x.sig_words();
+
+ BigInt z(BigInt::Positive, round_up(2*x_sw, 16));
+ SecureVector<word> workspace(z.size());
+
+ bigint_sqr(z.get_reg(), z.size(), workspace,
+ x.data(), x.size(), x_sw);
+ return z;
+ }
+
+/*************************************************
+* Multiply-Add Operation *
+*************************************************/
+BigInt mul_add(const BigInt& a, const BigInt& b, const BigInt& c)
+ {
+ if(c.is_negative() || c.is_zero())
+ throw Invalid_Argument("mul_add: Third argument must be > 0");
+
+ BigInt::Sign sign = BigInt::Positive;
+ if(a.sign() != b.sign())
+ sign = BigInt::Negative;
+
+ const u32bit a_sw = a.sig_words();
+ const u32bit b_sw = b.sig_words();
+ const u32bit c_sw = c.sig_words();
+
+ BigInt r(sign, std::max(a.size() + b.size(), c_sw) + 1);
+ SecureVector<word> workspace(r.size());
+
+ bigint_mul(r.get_reg(), r.size(), workspace,
+ a.data(), a.size(), a_sw,
+ b.data(), b.size(), b_sw);
+ const u32bit r_size = std::max(r.sig_words(), c_sw);
+ bigint_add2(r.get_reg(), r_size, c.data(), c_sw);
+ return r;
+ }
+
+/*************************************************
+* Subtract-Multiply Operation *
+*************************************************/
+BigInt sub_mul(const BigInt& a, const BigInt& b, const BigInt& c)
+ {
+ if(a.is_negative() || b.is_negative())
+ throw Invalid_Argument("sub_mul: First two arguments must be >= 0");
+
+ BigInt r = a;
+ r -= b;
+ r *= c;
+ return r;
+ }
+
+}
diff --git a/src/mp_shift.cpp b/src/mp_shift.cpp
new file mode 100644
index 000000000..a7ed06caa
--- /dev/null
+++ b/src/mp_shift.cpp
@@ -0,0 +1,109 @@
+/*************************************************
+* MP Shift Algorithms Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/mp_core.h>
+#include <botan/mem_ops.h>
+
+namespace Botan {
+
+extern "C" {
+
+/*************************************************
+* Single Operand Left Shift *
+*************************************************/
+void bigint_shl1(word x[], u32bit x_size, u32bit word_shift, u32bit bit_shift)
+ {
+ if(word_shift)
+ {
+ for(u32bit j = 1; j != x_size + 1; ++j)
+ x[(x_size - j) + word_shift] = x[x_size - j];
+ clear_mem(x, word_shift);
+ }
+
+ if(bit_shift)
+ {
+ word carry = 0;
+ for(u32bit j = word_shift; j != x_size + word_shift + 1; ++j)
+ {
+ word temp = x[j];
+ x[j] = (temp << bit_shift) | carry;
+ carry = (temp >> (MP_WORD_BITS - bit_shift));
+ }
+ }
+ }
+
+/*************************************************
+* Single Operand Right Shift *
+*************************************************/
+void bigint_shr1(word x[], u32bit x_size, u32bit word_shift, u32bit bit_shift)
+ {
+ if(x_size < word_shift)
+ {
+ clear_mem(x, x_size);
+ return;
+ }
+
+ for(u32bit j = 0; j != x_size - word_shift; ++j)
+ x[j] = x[j + word_shift];
+ for(u32bit j = x_size - word_shift; j != x_size; ++j)
+ x[j] = 0;
+
+ if(bit_shift)
+ {
+ word carry = 0;
+ for(u32bit j = x_size - word_shift; j > 0; --j)
+ {
+ word temp = x[j-1];
+ x[j-1] = (temp >> bit_shift) | carry;
+ carry = (temp << (MP_WORD_BITS - bit_shift));
+ }
+ }
+ }
+
+/*************************************************
+* Two Operand Left Shift *
+*************************************************/
+void bigint_shl2(word y[], const word x[], u32bit x_size,
+ u32bit word_shift, u32bit bit_shift)
+ {
+ for(u32bit j = 0; j != x_size; ++j)
+ y[j + word_shift] = x[j];
+ if(bit_shift)
+ {
+ word carry = 0;
+ for(u32bit j = word_shift; j != x_size + word_shift + 1; ++j)
+ {
+ word temp = y[j];
+ y[j] = (temp << bit_shift) | carry;
+ carry = (temp >> (MP_WORD_BITS - bit_shift));
+ }
+ }
+ }
+
+/*************************************************
+* Two Operand Right Shift *
+*************************************************/
+void bigint_shr2(word y[], const word x[], u32bit x_size,
+ u32bit word_shift, u32bit bit_shift)
+ {
+ if(x_size < word_shift) return;
+
+ for(u32bit j = 0; j != x_size - word_shift; ++j)
+ y[j] = x[j + word_shift];
+ if(bit_shift)
+ {
+ word carry = 0;
+ for(u32bit j = x_size - word_shift; j > 0; --j)
+ {
+ word temp = y[j-1];
+ y[j-1] = (temp >> bit_shift) | carry;
+ carry = (temp << (MP_WORD_BITS - bit_shift));
+ }
+ }
+ }
+
+}
+
+}
diff --git a/src/mp_sqr.cpp b/src/mp_sqr.cpp
new file mode 100644
index 000000000..4d1c1504a
--- /dev/null
+++ b/src/mp_sqr.cpp
@@ -0,0 +1,134 @@
+/*************************************************
+* Karatsuba Squaring Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/mp_core.h>
+#include <botan/mem_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Karatsuba Squaring Operation *
+*************************************************/
+void karatsuba_sqr(word z[], const word x[], u32bit N, word workspace[])
+ {
+ const u32bit KARATSUBA_SQR_LOWER_SIZE = BOTAN_KARAT_SQR_THRESHOLD;
+
+ if(N == 6)
+ bigint_comba_sqr6(z, x);
+ else if(N == 8)
+ bigint_comba_sqr8(z, x);
+ else if(N < KARATSUBA_SQR_LOWER_SIZE || N % 2)
+ bigint_simple_mul(z, x, N, x, N);
+ else
+ {
+ const u32bit N2 = N / 2;
+
+ const word* x0 = x;
+ const word* x1 = x + N2;
+ word* z0 = z;
+ word* z1 = z + N;
+
+ const s32bit cmp = bigint_cmp(x0, N2, x1, N2);
+
+ clear_mem(workspace, 2*N);
+
+ if(cmp)
+ {
+ if(cmp > 0)
+ bigint_sub3(z0, x0, N2, x1, N2);
+ else
+ bigint_sub3(z0, x1, N2, x0, N2);
+
+ karatsuba_sqr(workspace, z0, N2, workspace+N);
+ }
+
+ karatsuba_sqr(z0, x0, N2, workspace+N);
+ karatsuba_sqr(z1, x1, N2, workspace+N);
+
+ word carry = bigint_add3_nc(workspace+N, z0, N, z1, N);
+ carry += bigint_add2_nc(z + N2, N, workspace + N, N);
+ bigint_add2_nc(z + N + N2, N2, &carry, 1);
+
+ if(cmp == 0)
+ bigint_add2(z + N2, 2*N-N2, workspace, N);
+ else
+ bigint_sub2(z + N2, 2*N-N2, workspace, N);
+ }
+ }
+
+/*************************************************
+* Pick a good size for the Karatsuba squaring *
+*************************************************/
+u32bit karatsuba_size(u32bit z_size, u32bit x_size, u32bit x_sw)
+ {
+ if(x_sw == x_size)
+ {
+ if(x_sw % 2)
+ return 0;
+ return x_sw;
+ }
+
+ for(u32bit j = x_sw; j <= x_size; ++j)
+ {
+ if(j % 2)
+ continue;
+
+ if(2*j > z_size)
+ return 0;
+
+ if(j % 4 == 2 && (j+2) <= x_size && 2*(j+2) <= z_size)
+ return j+2;
+ return j;
+ }
+
+ return 0;
+ }
+
+/*************************************************
+* Handle small operand squarings *
+*************************************************/
+void handle_small_sqr(word z[], u32bit z_size,
+ const word x[], u32bit x_size, u32bit x_sw)
+ {
+ if(x_sw == 1)
+ bigint_linmul3(z, x, x_sw, x[0]);
+ else if(x_sw <= 4 && x_size >= 4 && z_size >= 8)
+ bigint_comba_sqr4(z, x);
+ else if(x_sw <= 6 && x_size >= 6 && z_size >= 12)
+ bigint_comba_sqr6(z, x);
+ else if(x_sw <= 8 && x_size >= 8 && z_size >= 16)
+ bigint_comba_sqr8(z, x);
+ else
+ bigint_simple_mul(z, x, x_sw, x, x_sw);
+ }
+
+}
+
+/*************************************************
+* Squaring Algorithm Dispatcher *
+*************************************************/
+void bigint_sqr(word z[], u32bit z_size, word workspace[],
+ const word x[], u32bit x_size, u32bit x_sw)
+ {
+ if(x_size <= 8 || x_size <= 8)
+ {
+ handle_small_sqr(z, z_size, x, x_size, x_sw);
+ return;
+ }
+
+ const u32bit N = karatsuba_size(z_size, x_size, x_sw);
+
+ if(N)
+ {
+ clear_mem(workspace, 2*N);
+ karatsuba_sqr(z, x, N, workspace);
+ }
+ else
+ bigint_simple_mul(z, x, x_sw, x, x_sw);
+ }
+
+}
diff --git a/src/mutex.cpp b/src/mutex.cpp
new file mode 100644
index 000000000..1b6c7b2d6
--- /dev/null
+++ b/src/mutex.cpp
@@ -0,0 +1,73 @@
+/*************************************************
+* Mutex Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/mutex.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Default Mutex *
+*************************************************/
+class Default_Mutex : public Mutex
+ {
+ public:
+ void lock();
+ void unlock();
+ Default_Mutex() { locked = false; }
+ private:
+ bool locked;
+ };
+
+/*************************************************
+* Lock the mutex *
+*************************************************/
+void Default_Mutex::lock()
+ {
+ if(locked)
+ throw Internal_Error("Default_Mutex::lock: Mutex is already locked");
+ locked = true;
+ }
+
+/*************************************************
+* Unlock the mutex *
+*************************************************/
+void Default_Mutex::unlock()
+ {
+ if(!locked)
+ throw Internal_Error("Default_Mutex::unlock: Mutex is already unlocked");
+ locked = false;
+ }
+
+}
+
+/*************************************************
+* Mutex_Holder Constructor *
+*************************************************/
+Mutex_Holder::Mutex_Holder(Mutex* m) : mux(m)
+ {
+ if(!mux)
+ throw Invalid_Argument("Mutex_Holder: Argument was NULL");
+ mux->lock();
+ }
+
+/*************************************************
+* Mutex_Holder Destructor *
+*************************************************/
+Mutex_Holder::~Mutex_Holder()
+ {
+ mux->unlock();
+ }
+
+/*************************************************
+* Default Mutex Factory *
+*************************************************/
+Mutex* Mutex_Factory::make()
+ {
+ return new Default_Mutex;
+ }
+
+}
diff --git a/src/nr.cpp b/src/nr.cpp
new file mode 100644
index 000000000..d6e436015
--- /dev/null
+++ b/src/nr.cpp
@@ -0,0 +1,130 @@
+/*************************************************
+* Nyberg-Rueppel Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/nr.h>
+#include <botan/numthry.h>
+#include <botan/keypair.h>
+
+namespace Botan {
+
+/*************************************************
+* NR_PublicKey Constructor *
+*************************************************/
+NR_PublicKey::NR_PublicKey(const DL_Group& grp, const BigInt& y1)
+ {
+ group = grp;
+ y = y1;
+ X509_load_hook();
+ }
+
+/*************************************************
+* Algorithm Specific X.509 Initialization Code *
+*************************************************/
+void NR_PublicKey::X509_load_hook()
+ {
+ core = NR_Core(group, y);
+ check_loaded_public();
+ }
+
+/*************************************************
+* Nyberg-Rueppel Verification Function *
+*************************************************/
+SecureVector<byte> NR_PublicKey::verify(const byte sig[], u32bit sig_len) const
+ {
+ return core.verify(sig, sig_len);
+ }
+
+/*************************************************
+* Return the maximum input size in bits *
+*************************************************/
+u32bit NR_PublicKey::max_input_bits() const
+ {
+ return (group_q().bits() - 1);
+ }
+
+/*************************************************
+* Return the size of each portion of the sig *
+*************************************************/
+u32bit NR_PublicKey::message_part_size() const
+ {
+ return group_q().bytes();
+ }
+
+/*************************************************
+* Create a NR private key *
+*************************************************/
+NR_PrivateKey::NR_PrivateKey(const DL_Group& grp)
+ {
+ group = grp;
+ x = random_integer(2, group_q() - 1);
+
+ PKCS8_load_hook();
+ check_generated_private();
+ }
+
+/*************************************************
+* NR_PrivateKey Constructor *
+*************************************************/
+NR_PrivateKey::NR_PrivateKey(const DL_Group& grp, const BigInt& x1,
+ const BigInt& y1)
+ {
+ group = grp;
+ y = y1;
+ x = x1;
+
+ PKCS8_load_hook();
+ check_loaded_private();
+ }
+
+/*************************************************
+* Algorithm Specific PKCS #8 Initialization Code *
+*************************************************/
+void NR_PrivateKey::PKCS8_load_hook()
+ {
+ if(y == 0)
+ y = power_mod(group_g(), x, group_p());
+ core = NR_Core(group, y, x);
+ }
+
+/*************************************************
+* Nyberg-Rueppel Signature Operation *
+*************************************************/
+SecureVector<byte> NR_PrivateKey::sign(const byte in[], u32bit length) const
+ {
+ const BigInt& q = group_q();
+
+ BigInt k;
+ do
+ k.randomize(q.bits());
+ while(k >= q);
+
+ return core.sign(in, length, k);
+ }
+
+/*************************************************
+* Check Private Nyberg-Rueppel Parameters *
+*************************************************/
+bool NR_PrivateKey::check_key(bool strong) const
+ {
+ if(!DL_Scheme_PrivateKey::check_key(strong) || x >= group_q())
+ return false;
+
+ if(!strong)
+ return true;
+
+ try {
+ KeyPair::check_key(get_pk_signer(*this, "EMSA1(SHA-1)"),
+ get_pk_verifier(*this, "EMSA1(SHA-1)")
+ );
+ }
+ catch(Self_Test_Failure)
+ {
+ return false;
+ }
+
+ return true;
+ }
+
+}
diff --git a/src/numthry.cpp b/src/numthry.cpp
new file mode 100644
index 000000000..382150906
--- /dev/null
+++ b/src/numthry.cpp
@@ -0,0 +1,323 @@
+/*************************************************
+* Number Theory Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/numthry.h>
+#include <botan/ui.h>
+#include <algorithm>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Miller-Rabin Iterations *
+*************************************************/
+u32bit miller_rabin_test_iterations(u32bit bits, bool verify)
+ {
+ struct mapping { u32bit bits; u32bit verify_iter; u32bit check_iter; };
+
+ static const mapping tests[] = {
+ { 50, 55, 25 },
+ { 100, 38, 22 },
+ { 160, 32, 18 },
+ { 163, 31, 17 },
+ { 168, 30, 16 },
+ { 177, 29, 16 },
+ { 181, 28, 15 },
+ { 185, 27, 15 },
+ { 190, 26, 15 },
+ { 195, 25, 14 },
+ { 201, 24, 14 },
+ { 208, 23, 14 },
+ { 215, 22, 13 },
+ { 222, 21, 13 },
+ { 231, 20, 13 },
+ { 241, 19, 12 },
+ { 252, 18, 12 },
+ { 264, 17, 12 },
+ { 278, 16, 11 },
+ { 294, 15, 10 },
+ { 313, 14, 9 },
+ { 334, 13, 8 },
+ { 360, 12, 8 },
+ { 392, 11, 7 },
+ { 430, 10, 7 },
+ { 479, 9, 6 },
+ { 542, 8, 6 },
+ { 626, 7, 5 },
+ { 746, 6, 4 },
+ { 926, 5, 3 },
+ { 1232, 4, 2 },
+ { 1853, 3, 2 },
+ { 0, 0, 0 }
+ };
+
+ for(u32bit j = 0; tests[j].bits; ++j)
+ {
+ if(bits <= tests[j].bits)
+ if(verify)
+ return tests[j].verify_iter;
+ else
+ return tests[j].check_iter;
+ }
+ return 2;
+ }
+
+}
+
+/*************************************************
+* Return the number of 0 bits at the end of n *
+*************************************************/
+u32bit low_zero_bits(const BigInt& n)
+ {
+ if(n.is_zero()) return 0;
+
+ u32bit bits = 0, max_bits = n.bits();
+ while((n.get_bit(bits) == 0) && bits < max_bits)
+ ++bits;
+ return bits;
+ }
+
+/*************************************************
+* Calculate the GCD *
+*************************************************/
+BigInt gcd(const BigInt& a, const BigInt& b)
+ {
+ if(a.is_zero() || b.is_zero()) return 0;
+ if(a == 1 || b == 1) return 1;
+
+ BigInt x = a, y = b;
+ x.set_sign(BigInt::Positive);
+ y.set_sign(BigInt::Positive);
+ u32bit shift = std::min(low_zero_bits(x), low_zero_bits(y));
+
+ x >>= shift;
+ y >>= shift;
+
+ while(x.is_nonzero())
+ {
+ x >>= low_zero_bits(x);
+ y >>= low_zero_bits(y);
+ if(x >= y) { x -= y; x >>= 1; }
+ else { y -= x; y >>= 1; }
+ }
+
+ return (y << shift);
+ }
+
+/*************************************************
+* Calculate the LCM *
+*************************************************/
+BigInt lcm(const BigInt& a, const BigInt& b)
+ {
+ return ((a * b) / gcd(a, b));
+ }
+
+/*************************************************
+* Find the Modular Inverse *
+*************************************************/
+BigInt inverse_mod(const BigInt& n, const BigInt& mod)
+ {
+ if(mod.is_zero())
+ throw BigInt::DivideByZero();
+ if(mod.is_negative() || n.is_negative())
+ throw Invalid_Argument("inverse_mod: arguments must be non-negative");
+
+ if(n.is_zero() || (n.is_even() && mod.is_even()))
+ return 0;
+
+ BigInt x = mod, y = n, u = mod, v = n;
+ BigInt A = 1, B = 0, C = 0, D = 1;
+
+ while(u.is_nonzero())
+ {
+ u32bit zero_bits = low_zero_bits(u);
+ u >>= zero_bits;
+ for(u32bit j = 0; j != zero_bits; ++j)
+ {
+ if(A.is_odd() || B.is_odd())
+ { A += y; B -= x; }
+ A >>= 1; B >>= 1;
+ }
+
+ zero_bits = low_zero_bits(v);
+ v >>= zero_bits;
+ for(u32bit j = 0; j != zero_bits; ++j)
+ {
+ if(C.is_odd() || D.is_odd())
+ { C += y; D -= x; }
+ C >>= 1; D >>= 1;
+ }
+
+ if(u >= v) { u -= v; A -= C; B -= D; }
+ else { v -= u; C -= A; D -= B; }
+ }
+
+ if(v != 1)
+ return 0;
+
+ while(D.is_negative()) D += mod;
+ while(D >= mod) D -= mod;
+
+ return D;
+ }
+
+/*************************************************
+* Modular Exponentiation *
+*************************************************/
+BigInt power_mod(const BigInt& base, const BigInt& exp, const BigInt& mod)
+ {
+ Power_Mod pow_mod(mod);
+ pow_mod.set_base(base);
+ pow_mod.set_exponent(exp);
+ return pow_mod.execute();
+ }
+
+/*************************************************
+* Do simple tests of primality *
+*************************************************/
+s32bit simple_primality_tests(const BigInt& n)
+ {
+ const s32bit NOT_PRIME = -1, UNKNOWN = 0, PRIME = 1;
+
+ if(n == 2)
+ return PRIME;
+ if(n <= 1 || n.is_even())
+ return NOT_PRIME;
+
+ if(n <= PRIMES[PRIME_TABLE_SIZE-1])
+ {
+ const word num = n.word_at(0);
+ for(u32bit j = 0; PRIMES[j]; ++j)
+ {
+ if(num == PRIMES[j]) return PRIME;
+ if(num < PRIMES[j]) return NOT_PRIME;
+ }
+ return NOT_PRIME;
+ }
+
+ u32bit check_first = std::min(n.bits() / 32, PRIME_PRODUCTS_TABLE_SIZE);
+ for(u32bit j = 0; j != check_first; ++j)
+ if(gcd(n, PRIME_PRODUCTS[j]) != 1)
+ return NOT_PRIME;
+
+ return UNKNOWN;
+ }
+
+/*************************************************
+* Fast check of primality *
+*************************************************/
+bool check_prime(const BigInt& n)
+ {
+ return run_primality_tests(n, 0);
+ }
+
+/*************************************************
+* Test for primality *
+*************************************************/
+bool is_prime(const BigInt& n)
+ {
+ return run_primality_tests(n, 1);
+ }
+
+/*************************************************
+* Verify primality *
+*************************************************/
+bool verify_prime(const BigInt& n)
+ {
+ return run_primality_tests(n, 2);
+ }
+
+/*************************************************
+* Verify primality *
+*************************************************/
+bool run_primality_tests(const BigInt& n, u32bit level)
+ {
+ s32bit simple_tests = simple_primality_tests(n);
+ if(simple_tests) return (simple_tests == 1) ? true : false;
+ return passes_mr_tests(n, level);
+ }
+
+/*************************************************
+* Test for primaility using Miller-Rabin *
+*************************************************/
+bool passes_mr_tests(const BigInt& n, u32bit level)
+ {
+ const u32bit PREF_NONCE_BITS = 40;
+
+ if(level > 2)
+ level = 2;
+
+ MillerRabin_Test mr(n);
+
+ if(!mr.passes_test(2))
+ return false;
+
+ if(level == 0)
+ return true;
+
+ const u32bit NONCE_BITS = std::min(n.bits() - 1, PREF_NONCE_BITS);
+
+ const bool verify = (level == 2);
+
+ u32bit tests = miller_rabin_test_iterations(n.bits(), verify);
+
+ BigInt nonce;
+ for(u32bit j = 0; j != tests; ++j)
+ {
+ if(verify) nonce = random_integer(NONCE_BITS);
+ else nonce = PRIMES[j];
+
+ if(!mr.passes_test(nonce))
+ return false;
+ }
+ return true;
+ }
+
+/*************************************************
+* Miller-Rabin Test *
+*************************************************/
+bool MillerRabin_Test::passes_test(const BigInt& a)
+ {
+ if(a < 2 || a >= n_minus_1)
+ throw Invalid_Argument("Bad size for nonce in Miller-Rabin test");
+
+ UI::pulse(UI::PRIME_TESTING);
+
+ BigInt y = pow_mod(a);
+ if(y == 1 || y == n_minus_1)
+ return true;
+
+ for(u32bit j = 1; j != s; ++j)
+ {
+ UI::pulse(UI::PRIME_TESTING);
+ y = reducer.square(y);
+
+ if(y == 1)
+ return false;
+ if(y == n_minus_1)
+ return true;
+ }
+ return false;
+ }
+
+/*************************************************
+* Miller-Rabin Constructor *
+*************************************************/
+MillerRabin_Test::MillerRabin_Test(const BigInt& num)
+ {
+ if(num.is_even() || num < 3)
+ throw Invalid_Argument("MillerRabin_Test: Invalid number for testing");
+
+ n = num;
+ n_minus_1 = n - 1;
+ s = low_zero_bits(n_minus_1);
+ r = n_minus_1 >> s;
+
+ pow_mod = Fixed_Exponent_Power_Mod(r, n);
+ reducer = Modular_Reducer(n);
+ }
+
+}
diff --git a/src/ofb.cpp b/src/ofb.cpp
new file mode 100644
index 000000000..af0c6067d
--- /dev/null
+++ b/src/ofb.cpp
@@ -0,0 +1,65 @@
+/*************************************************
+* OFB Mode Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/ofb.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* OFB Constructor *
+*************************************************/
+OFB::OFB(const std::string& cipher_name) :
+ BlockCipherMode(cipher_name, "OFB", block_size_of(cipher_name), 2)
+ {
+ }
+
+/*************************************************
+* OFB Constructor *
+*************************************************/
+OFB::OFB(const std::string& cipher_name, const SymmetricKey& key,
+ const InitializationVector& iv) :
+ BlockCipherMode(cipher_name, "OFB", block_size_of(cipher_name), 2)
+ {
+ set_key(key);
+ set_iv(iv);
+ }
+
+/*************************************************
+* OFB Encryption/Decryption *
+*************************************************/
+void OFB::write(const byte input[], u32bit length)
+ {
+ u32bit copied = std::min(BLOCK_SIZE - position, length);
+ xor_buf(buffer, input, state + position, copied);
+ send(buffer, copied);
+ input += copied;
+ length -= copied;
+ position += copied;
+
+ if(position == BLOCK_SIZE)
+ {
+ cipher->encrypt(state);
+ position = 0;
+ }
+
+ while(length >= BLOCK_SIZE)
+ {
+ xor_buf(buffer, input, state, BLOCK_SIZE);
+ send(buffer, BLOCK_SIZE);
+
+ input += BLOCK_SIZE;
+ length -= BLOCK_SIZE;
+ cipher->encrypt(state);
+ }
+
+ xor_buf(buffer, input, state + position, length);
+ send(buffer, length);
+ position += length;
+ }
+
+}
diff --git a/src/oids.cpp b/src/oids.cpp
new file mode 100644
index 000000000..df6a09f94
--- /dev/null
+++ b/src/oids.cpp
@@ -0,0 +1,52 @@
+/*************************************************
+* OID Registry Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/oids.h>
+#include <botan/libstate.h>
+
+namespace Botan {
+
+namespace OIDS {
+
+/*************************************************
+* Register an OID to string mapping *
+*************************************************/
+void add_oid(const OID& oid, const std::string& name)
+ {
+ const std::string oid_str = oid.as_string();
+
+ if(!global_state().option_set("oid2str", oid_str))
+ global_state().set_option("oid2str", oid_str, name);
+ if(!global_state().option_set("str2oid", name))
+ global_state().set_option("str2oid", name, oid_str);
+ }
+
+/*************************************************
+* Do an OID to string lookup *
+*************************************************/
+std::string lookup(const OID& oid)
+ {
+ return global_state().get_option("oid2str", oid.as_string());
+ }
+
+/*************************************************
+* Do a string to OID lookup *
+*************************************************/
+OID lookup(const std::string& name)
+ {
+ return OID(global_state().get_option("str2oid", name));
+ }
+
+/*************************************************
+* Check to see if an OID exists in the table *
+*************************************************/
+bool have_oid(const std::string& name)
+ {
+ return global_state().option_set("str2oid", name);
+ }
+
+}
+
+}
diff --git a/src/openpgp.cpp b/src/openpgp.cpp
new file mode 100644
index 000000000..fec292d1e
--- /dev/null
+++ b/src/openpgp.cpp
@@ -0,0 +1,194 @@
+/*************************************************
+* OpenPGP Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/openpgp.h>
+#include <botan/filters.h>
+#include <botan/charset.h>
+
+namespace Botan {
+
+namespace OpenPGP {
+
+/*************************************************
+* OpenPGP Base64 encoding *
+*************************************************/
+std::string encode(const byte input[], u32bit length,
+ const std::string& label,
+ const std::map<std::string, std::string>& headers)
+ {
+ const std::string PGP_HEADER = "-----BEGIN PGP " + label + "-----\n";
+ const std::string PGP_TRAILER = "-----END PGP " + label + "-----\n";
+ const u32bit PGP_WIDTH = 64;
+
+ std::string pgp_encoded = PGP_HEADER;
+
+ if(headers.find("Version") != headers.end())
+ pgp_encoded += "Version: " + headers.find("Version")->second + '\n';
+
+ std::map<std::string, std::string>::const_iterator i = headers.begin();
+ while(i != headers.end())
+ {
+ if(i->first != "Version")
+ pgp_encoded += i->first + ": " + i->second + '\n';
+ ++i;
+ }
+ pgp_encoded += '\n';
+
+ Pipe pipe(new Fork(
+ new Base64_Encoder(true, PGP_WIDTH),
+ new Chain(new Hash_Filter("CRC24"), new Base64_Encoder)
+ )
+ );
+
+ pipe.process_msg(input, length);
+
+ pgp_encoded += pipe.read_all_as_string(0);
+ pgp_encoded += '=' + pipe.read_all_as_string(1) + '\n';
+ pgp_encoded += PGP_TRAILER;
+
+ return pgp_encoded;
+ }
+
+/*************************************************
+* OpenPGP Base64 encoding *
+*************************************************/
+std::string encode(const byte input[], u32bit length,
+ const std::string& type)
+ {
+ std::map<std::string, std::string> empty;
+ return encode(input, length, type, empty);
+ }
+
+/*************************************************
+* OpenPGP Base64 decoding *
+*************************************************/
+SecureVector<byte> decode(DataSource& source, std::string& label,
+ std::map<std::string, std::string>& headers)
+ {
+ const u32bit RANDOM_CHAR_LIMIT = 5;
+
+ const std::string PGP_HEADER1 = "-----BEGIN PGP ";
+ const std::string PGP_HEADER2 = "-----";
+ u32bit position = 0;
+
+ while(position != PGP_HEADER1.length())
+ {
+ byte b;
+ if(!source.read_byte(b))
+ throw Decoding_Error("PGP: No PGP header found");
+ if(b == PGP_HEADER1[position])
+ ++position;
+ else if(position >= RANDOM_CHAR_LIMIT)
+ throw Decoding_Error("PGP: Malformed PGP header");
+ else
+ position = 0;
+ }
+ position = 0;
+ while(position != PGP_HEADER2.length())
+ {
+ byte b;
+ if(!source.read_byte(b))
+ throw Decoding_Error("PGP: No PGP header found");
+ if(b == PGP_HEADER2[position])
+ ++position;
+ else if(position)
+ throw Decoding_Error("PGP: Malformed PGP header");
+
+ if(position == 0)
+ label += (char)b;
+ }
+
+ headers.clear();
+ bool end_of_headers = false;
+ while(!end_of_headers)
+ {
+ std::string this_header;
+ byte b = 0;
+ while(b != '\n')
+ {
+ if(!source.read_byte(b))
+ throw Decoding_Error("PGP: Bad armor header");
+ if(b != '\n')
+ this_header += (char)b;
+ }
+
+ end_of_headers = true;
+ for(u32bit j = 0; j != this_header.length(); ++j)
+ if(!is_space(this_header[j]))
+ end_of_headers = false;
+
+ if(!end_of_headers)
+ {
+ std::string::size_type pos = this_header.find(": ");
+ if(pos == std::string::npos)
+ throw Decoding_Error("OpenPGP: Bad headers");
+
+ std::string key = this_header.substr(0, pos);
+ std::string value = this_header.substr(pos + 2, std::string::npos);
+ headers[key] = value;
+ }
+ }
+
+ Pipe base64(new Base64_Decoder,
+ new Fork(0,
+ new Chain(new Hash_Filter("CRC24"),
+ new Base64_Encoder)
+ )
+ );
+ base64.start_msg();
+
+ const std::string PGP_TRAILER = "-----END PGP " + label + "-----";
+ position = 0;
+ bool newline_seen = 0;
+ std::string crc;
+ while(position != PGP_TRAILER.length())
+ {
+ byte b;
+ if(!source.read_byte(b))
+ throw Decoding_Error("PGP: No PGP trailer found");
+ if(b == PGP_TRAILER[position])
+ ++position;
+ else if(position)
+ throw Decoding_Error("PGP: Malformed PGP trailer");
+
+ if(b == '=' && newline_seen)
+ {
+ while(b != '\n')
+ {
+ if(!source.read_byte(b))
+ throw Decoding_Error("PGP: Bad CRC tail");
+ if(b != '\n')
+ crc += (char)b;
+ }
+ }
+ else if(b == '\n')
+ newline_seen = true;
+ else if(position == 0)
+ {
+ base64.write(b);
+ newline_seen = false;
+ }
+ }
+ base64.end_msg();
+
+ if(crc != "" && crc != base64.read_all_as_string(1))
+ throw Decoding_Error("PGP: Corrupt CRC");
+
+ return base64.read_all();
+ }
+
+/*************************************************
+* OpenPGP Base64 decoding *
+*************************************************/
+SecureVector<byte> decode(DataSource& source, std::string& label)
+ {
+ std::map<std::string, std::string> ignored;
+ return decode(source, label, ignored);
+ }
+
+}
+
+}
+
diff --git a/src/out_buf.cpp b/src/out_buf.cpp
new file mode 100644
index 000000000..054cb50a4
--- /dev/null
+++ b/src/out_buf.cpp
@@ -0,0 +1,115 @@
+/*************************************************
+* Pipe Output Buffer Source file *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/out_buf.h>
+#include <botan/secqueue.h>
+
+namespace Botan {
+
+/*************************************************
+* Read data from a message *
+*************************************************/
+u32bit Output_Buffers::read(byte output[], u32bit length, u32bit msg)
+ {
+ SecureQueue* q = get(msg);
+ if(q)
+ return q->read(output, length);
+ return 0;
+ }
+
+/*************************************************
+* Peek at data in a message *
+*************************************************/
+u32bit Output_Buffers::peek(byte output[], u32bit length,
+ u32bit stream_offset, u32bit msg) const
+ {
+ SecureQueue* q = get(msg);
+ if(q)
+ return q->peek(output, length, stream_offset);
+ return 0;
+ }
+
+/*************************************************
+* Check available bytes in a message *
+*************************************************/
+u32bit Output_Buffers::remaining(u32bit msg) const
+ {
+ SecureQueue* q = get(msg);
+ if(q)
+ return q->size();
+ return 0;
+ }
+
+/*************************************************
+* Add a new output queue *
+*************************************************/
+void Output_Buffers::add(SecureQueue* queue)
+ {
+ if(!queue)
+ throw Internal_Error("Output_Buffers::add: Argument was NULL");
+
+ if(buffers.size() == buffers.max_size())
+ throw Internal_Error("Output_Buffers::add: No more room in container");
+
+ buffers.push_back(queue);
+ }
+
+/*************************************************
+* Retire old output queues *
+*************************************************/
+void Output_Buffers::retire()
+ {
+ while(buffers.size())
+ {
+ if(buffers[0] == 0 || buffers[0]->size() == 0)
+ {
+ delete buffers[0];
+ buffers.pop_front();
+ ++offset;
+ }
+ else
+ break;
+ }
+ }
+
+/*************************************************
+* Get a particular output queue *
+*************************************************/
+SecureQueue* Output_Buffers::get(u32bit msg) const
+ {
+ if(msg < offset)
+ return 0;
+ if(msg > message_count())
+ throw Internal_Error("Output_Buffers::get: msg > size");
+
+ return buffers[msg-offset];
+ }
+
+/*************************************************
+* Return the total number of messages *
+*************************************************/
+u32bit Output_Buffers::message_count() const
+ {
+ return (buffers.size() + offset);
+ }
+
+/*************************************************
+* Output_Buffers Constructor *
+*************************************************/
+Output_Buffers::Output_Buffers()
+ {
+ offset = 0;
+ }
+
+/*************************************************
+* Output_Buffers Destructor *
+*************************************************/
+Output_Buffers::~Output_Buffers()
+ {
+ for(u32bit j = 0; j != buffers.size(); ++j)
+ delete buffers[j];
+ }
+
+}
diff --git a/src/par_hash.cpp b/src/par_hash.cpp
new file mode 100644
index 000000000..18a7b3a0e
--- /dev/null
+++ b/src/par_hash.cpp
@@ -0,0 +1,102 @@
+/*************************************************
+* Parallel Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/par_hash.h>
+#include <botan/lookup.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Return the sum of the hash sizes *
+*************************************************/
+u32bit sum_of_hash_lengths(const std::vector<std::string>& names)
+ {
+ u32bit sum = 0;
+ for(u32bit j = 0; j != names.size(); ++j)
+ sum += output_length_of(names[j]);
+ return sum;
+ }
+
+}
+
+/*************************************************
+* Update the hash *
+*************************************************/
+void Parallel::add_data(const byte input[], u32bit length)
+ {
+ for(u32bit j = 0; j != hashes.size(); ++j)
+ hashes[j]->update(input, length);
+ }
+
+/*************************************************
+* Finalize the hash *
+*************************************************/
+void Parallel::final_result(byte hash[])
+ {
+ u32bit offset = 0;
+ for(u32bit j = 0; j != hashes.size(); ++j)
+ {
+ hashes[j]->final(hash + offset);
+ offset += hashes[j]->OUTPUT_LENGTH;
+ }
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string Parallel::name() const
+ {
+ std::string hash_names;
+ for(u32bit j = 0; j != hashes.size(); ++j)
+ {
+ if(j)
+ hash_names += ',';
+ hash_names += hashes[j]->name();
+ }
+ return "Parallel(" + hash_names + ")";
+ }
+
+/*************************************************
+* Return a clone of this object *
+*************************************************/
+HashFunction* Parallel::clone() const
+ {
+ std::vector<std::string> names;
+ for(u32bit j = 0; j != hashes.size(); ++j)
+ names.push_back(hashes[j]->name());
+ return new Parallel(names);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void Parallel::clear() throw()
+ {
+ for(u32bit j = 0; j != hashes.size(); ++j)
+ hashes[j]->clear();
+ }
+
+/*************************************************
+* Parallel Constructor *
+*************************************************/
+Parallel::Parallel(const std::vector<std::string>& names) :
+ HashFunction(sum_of_hash_lengths(names))
+ {
+ for(u32bit j = 0; j != names.size(); ++j)
+ hashes.push_back(get_hash(names[j]));
+ }
+
+/*************************************************
+* Parallel Destructor *
+*************************************************/
+Parallel::~Parallel()
+ {
+ for(u32bit j = 0; j != hashes.size(); ++j)
+ delete hashes[j];
+ }
+
+}
diff --git a/src/parsing.cpp b/src/parsing.cpp
new file mode 100644
index 000000000..574b7eaec
--- /dev/null
+++ b/src/parsing.cpp
@@ -0,0 +1,296 @@
+/*************************************************
+* Parser Functions Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/parsing.h>
+#include <botan/exceptn.h>
+#include <botan/charset.h>
+
+namespace Botan {
+
+/*************************************************
+* Convert a string into an integer *
+*************************************************/
+u32bit to_u32bit(const std::string& number)
+ {
+ u32bit n = 0;
+
+ for(std::string::const_iterator j = number.begin(); j != number.end(); ++j)
+ {
+ const u32bit OVERFLOW_MARK = 0xFFFFFFFF / 10;
+
+ byte digit = char2digit(*j);
+
+ if((n > OVERFLOW_MARK) || (n == OVERFLOW_MARK && digit > 5))
+ throw Decoding_Error("to_u32bit: Integer overflow");
+ n *= 10;
+ n += digit;
+ }
+ return n;
+ }
+
+
+/*************************************************
+* Convert an integer into a string *
+*************************************************/
+std::string to_string(u64bit n, u32bit min_len)
+ {
+ std::string lenstr;
+ if(n)
+ {
+ while(n > 0)
+ {
+ lenstr = digit2char(n % 10) + lenstr;
+ n /= 10;
+ }
+ }
+ else
+ lenstr = "0";
+
+ while(lenstr.size() < min_len)
+ lenstr = "0" + lenstr;
+
+ return lenstr;
+ }
+
+/*************************************************
+* Parse a SCAN-style algorithm name *
+*************************************************/
+std::vector<std::string> parse_algorithm_name(const std::string& namex)
+ {
+ if(namex.find('(') == std::string::npos &&
+ namex.find(')') == std::string::npos)
+ return std::vector<std::string>(1, namex);
+
+ std::string name = namex, substring;
+ std::vector<std::string> elems;
+ u32bit level = 0;
+
+ elems.push_back(name.substr(0, name.find('(')));
+ name = name.substr(name.find('('));
+
+ for(std::string::const_iterator j = name.begin(); j != name.end(); ++j)
+ {
+ char c = *j;
+
+ if(c == '(')
+ ++level;
+ if(c == ')')
+ {
+ if(level == 1 && j == name.end() - 1)
+ {
+ if(elems.size() == 1)
+ elems.push_back(substring.substr(1));
+ else
+ elems.push_back(substring);
+ return elems;
+ }
+
+ if(level == 0 || (level == 1 && j != name.end() - 1))
+ throw Invalid_Algorithm_Name(namex);
+ --level;
+ }
+
+ if(c == ',' && level == 1)
+ {
+ if(elems.size() == 1)
+ elems.push_back(substring.substr(1));
+ else
+ elems.push_back(substring);
+ substring = "";
+ }
+ else
+ substring += c;
+ }
+
+ if(substring != "")
+ throw Invalid_Algorithm_Name(namex);
+
+ return elems;
+ }
+
+/*************************************************
+* Split the string on slashes *
+*************************************************/
+std::vector<std::string> split_on(const std::string& str, char delim)
+ {
+ std::vector<std::string> elems;
+ if(str == "") return elems;
+
+ std::string substr;
+ for(std::string::const_iterator j = str.begin(); j != str.end(); ++j)
+ {
+ if(*j == delim)
+ {
+ if(substr != "")
+ elems.push_back(substr);
+ substr = "";
+ }
+ else
+ substr += *j;
+ }
+
+ if(substr == "")
+ throw Format_Error("Unable to split string: " + str);
+ elems.push_back(substr);
+
+ return elems;
+ }
+
+/*************************************************
+* Parse an ASN.1 OID string *
+*************************************************/
+std::vector<u32bit> parse_asn1_oid(const std::string& oid)
+ {
+ std::string substring;
+ std::vector<u32bit> oid_elems;
+
+ for(std::string::const_iterator j = oid.begin(); j != oid.end(); ++j)
+ {
+ char c = *j;
+
+ if(c == '.')
+ {
+ if(substring == "")
+ throw Invalid_OID(oid);
+ oid_elems.push_back(to_u32bit(substring));
+ substring = "";
+ }
+ else
+ substring += c;
+ }
+
+ if(substring == "")
+ throw Invalid_OID(oid);
+ oid_elems.push_back(to_u32bit(substring));
+
+ if(oid_elems.size() < 2)
+ throw Invalid_OID(oid);
+
+ return oid_elems;
+ }
+
+/*************************************************
+* X.500 String Comparison *
+*************************************************/
+bool x500_name_cmp(const std::string& name1, const std::string& name2)
+ {
+ std::string::const_iterator p1 = name1.begin();
+ std::string::const_iterator p2 = name2.begin();
+
+ while((p1 != name1.end()) && is_space(*p1)) ++p1;
+ while((p2 != name2.end()) && is_space(*p2)) ++p2;
+
+ while(p1 != name1.end() && p2 != name2.end())
+ {
+ if(is_space(*p1))
+ {
+ if(!is_space(*p2))
+ return false;
+
+ while((p1 != name1.end()) && is_space(*p1)) ++p1;
+ while((p2 != name2.end()) && is_space(*p2)) ++p2;
+
+ if(p1 == name1.end() && p2 == name2.end())
+ return true;
+ }
+
+ if(to_lower(*p1) != to_lower(*p2))
+ return false;
+ ++p1;
+ ++p2;
+ }
+
+ while((p1 != name1.end()) && is_space(*p1)) ++p1;
+ while((p2 != name2.end()) && is_space(*p2)) ++p2;
+
+ if((p1 != name1.end()) || (p2 != name2.end()))
+ return false;
+ return true;
+ }
+
+/*************************************************
+* Convert from UTF-8 to ISO 8859-1 *
+*************************************************/
+std::string utf2iso(const std::string& utf8)
+ {
+ std::string iso8859;
+
+ u32bit position = 0;
+ while(position != utf8.size())
+ {
+ const byte c1 = (byte)utf8[position++];
+
+ if(c1 <= 0x7F)
+ iso8859 += (char)c1;
+ else if(c1 >= 0xC0 && c1 <= 0xC7)
+ {
+ if(position == utf8.size())
+ throw Decoding_Error("UTF-8: sequence truncated");
+
+ const byte c2 = (byte)utf8[position++];
+ const byte iso_char = ((c1 & 0x07) << 6) | (c2 & 0x3F);
+
+ if(iso_char <= 0x7F)
+ throw Decoding_Error("UTF-8: sequence longer than needed");
+
+ iso8859 += (char)iso_char;
+ }
+ else
+ throw Decoding_Error("UTF-8: Unicode chars not in Latin1 used");
+ }
+
+ return iso8859;
+ }
+
+/*************************************************
+* Convert from ISO 8859-1 to UTF-8 *
+*************************************************/
+std::string iso2utf(const std::string& iso8859)
+ {
+ std::string utf8;
+ for(u32bit j = 0; j != iso8859.size(); ++j)
+ {
+ const byte c = (byte)iso8859[j];
+
+ if(c <= 0x7F)
+ utf8 += (char)c;
+ else
+ {
+ utf8 += (char)(0xC0 | (c >> 6));
+ utf8 += (char)(0x80 | (c & 0x3F));
+ }
+ }
+ return utf8;
+ }
+
+/*************************************************
+* Parse and compute an arithmetic expression *
+*************************************************/
+u32bit parse_expr(const std::string& expr)
+ {
+ const bool have_add = (expr.find('+') != std::string::npos);
+ const bool have_mul = (expr.find('*') != std::string::npos);
+
+ if(have_add)
+ {
+ std::vector<std::string> sub_expr = split_on(expr, '+');
+ u32bit result = 0;
+ for(u32bit j = 0; j != sub_expr.size(); ++j)
+ result += parse_expr(sub_expr[j]);
+ return result;
+ }
+ else if(have_mul)
+ {
+ std::vector<std::string> sub_expr = split_on(expr, '*');
+ u32bit result = 1;
+ for(u32bit j = 0; j != sub_expr.size(); ++j)
+ result *= parse_expr(sub_expr[j]);
+ return result;
+ }
+ else
+ return to_u32bit(expr);
+ }
+
+}
diff --git a/src/pbes1.cpp b/src/pbes1.cpp
new file mode 100644
index 000000000..d99e9a1fd
--- /dev/null
+++ b/src/pbes1.cpp
@@ -0,0 +1,168 @@
+/*************************************************
+* PKCS #5 PBES1 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pbe_pkcs.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
+#include <botan/parsing.h>
+#include <botan/lookup.h>
+#include <botan/rng.h>
+#include <algorithm>
+#include <memory>
+
+namespace Botan {
+
+/*************************************************
+* Encrypt some bytes using PBES1 *
+*************************************************/
+void PBE_PKCS5v15::write(const byte input[], u32bit length)
+ {
+ while(length)
+ {
+ u32bit put = std::min(DEFAULT_BUFFERSIZE, length);
+ pipe.write(input, length);
+ flush_pipe(true);
+ length -= put;
+ }
+ }
+
+/*************************************************
+* Start encrypting with PBES1 *
+*************************************************/
+void PBE_PKCS5v15::start_msg()
+ {
+ pipe.append(get_cipher(cipher, key, iv, direction));
+ pipe.start_msg();
+ if(pipe.message_count() > 1)
+ pipe.set_default_msg(pipe.default_msg() + 1);
+ }
+
+/*************************************************
+* Finish encrypting with PBES1 *
+*************************************************/
+void PBE_PKCS5v15::end_msg()
+ {
+ pipe.end_msg();
+ flush_pipe(false);
+ pipe.reset();
+ }
+
+/*************************************************
+* Flush the pipe *
+*************************************************/
+void PBE_PKCS5v15::flush_pipe(bool safe_to_skip)
+ {
+ if(safe_to_skip && pipe.remaining() < 64)
+ return;
+
+ SecureVector<byte> buffer(DEFAULT_BUFFERSIZE);
+ while(pipe.remaining())
+ {
+ u32bit got = pipe.read(buffer, buffer.size());
+ send(buffer, got);
+ }
+ }
+
+/*************************************************
+* Set the passphrase to use *
+*************************************************/
+void PBE_PKCS5v15::set_key(const std::string& passphrase)
+ {
+ std::auto_ptr<S2K> pbkdf(get_s2k("PBKDF1(" + digest + ")"));
+ pbkdf->set_iterations(iterations);
+ pbkdf->change_salt(salt, salt.size());
+ SymmetricKey key_and_iv = pbkdf->derive_key(16, passphrase);
+
+ key.set(key_and_iv.begin(), 8);
+ iv.set(key_and_iv.begin() + 8, 8);
+ }
+
+/*************************************************
+* Create a new set of PBES1 parameters *
+*************************************************/
+void PBE_PKCS5v15::new_params()
+ {
+ iterations = 2048;
+ salt.create(8);
+ Global_RNG::randomize(salt, salt.size());
+ }
+
+/*************************************************
+* Encode PKCS#5 PBES1 parameters *
+*************************************************/
+MemoryVector<byte> PBE_PKCS5v15::encode_params() const
+ {
+ DER_Encoder der;
+
+ der.start_sequence()
+ .encode(salt, OCTET_STRING)
+ .encode(iterations)
+ .end_sequence();
+
+ return der.get_contents();
+ }
+
+/*************************************************
+* Decode PKCS#5 PBES1 parameters *
+*************************************************/
+void PBE_PKCS5v15::decode_params(DataSource& source)
+ {
+ BER_Decoder decoder(source);
+ BER_Decoder sequence = BER::get_subsequence(decoder);
+ sequence.decode(salt, OCTET_STRING);
+ sequence.decode(iterations);
+ sequence.verify_end();
+
+ if(salt.size() != 8)
+ throw Decoding_Error("PBES1: Encoded salt is not 8 octets");
+ }
+
+/*************************************************
+* Return an OID for this PBES1 type *
+*************************************************/
+OID PBE_PKCS5v15::get_oid() const
+ {
+ const OID base_pbes1_oid("1.2.840.113549.1.5");
+ if(cipher == "DES/CBC" && digest == "MD2")
+ return (base_pbes1_oid + 1);
+ else if(cipher == "DES/CBC" && digest == "MD5")
+ return (base_pbes1_oid + 3);
+ else if(cipher == "DES/CBC" && digest == "SHA-160")
+ return (base_pbes1_oid + 10);
+ else if(cipher == "RC2/CBC" && digest == "MD2")
+ return (base_pbes1_oid + 4);
+ else if(cipher == "RC2/CBC" && digest == "MD5")
+ return (base_pbes1_oid + 6);
+ else if(cipher == "RC2/CBC" && digest == "SHA-160")
+ return (base_pbes1_oid + 11);
+ else
+ throw Internal_Error("PBE-PKCS5 v1.5: get_oid() has run out of options");
+ }
+
+/*************************************************
+* PKCS#5 v1.5 PBE Constructor *
+*************************************************/
+PBE_PKCS5v15::PBE_PKCS5v15(const std::string& d_algo,
+ const std::string& c_algo, Cipher_Dir dir) :
+ direction(dir), digest(deref_alias(d_algo)), cipher(c_algo)
+ {
+ std::vector<std::string> cipher_spec = split_on(c_algo, '/');
+ if(cipher_spec.size() != 2)
+ throw Invalid_Argument("PBE-PKCS5 v1.5: Invalid cipher spec " + c_algo);
+ const std::string cipher_algo = deref_alias(cipher_spec[0]);
+ const std::string cipher_mode = cipher_spec[1];
+
+ if(!have_block_cipher(cipher_algo))
+ throw Algorithm_Not_Found(cipher_algo);
+ if(!have_hash(digest))
+ throw Algorithm_Not_Found(digest);
+
+ if((cipher_algo != "DES" && cipher_algo != "RC2") || (cipher_mode != "CBC"))
+ throw Invalid_Argument("PBE-PKCS5 v1.5: Invalid cipher " + cipher);
+ if(digest != "MD2" && digest != "MD5" && digest != "SHA-160")
+ throw Invalid_Argument("PBE-PKCS5 v1.5: Invalid digest " + digest);
+ }
+
+}
diff --git a/src/pbes2.cpp b/src/pbes2.cpp
new file mode 100644
index 000000000..036acb675
--- /dev/null
+++ b/src/pbes2.cpp
@@ -0,0 +1,227 @@
+/*************************************************
+* PKCS #5 PBES2 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pbe_pkcs.h>
+#include <botan/parsing.h>
+#include <botan/lookup.h>
+#include <botan/rng.h>
+#include <botan/asn1_obj.h>
+#include <botan/oids.h>
+#include <algorithm>
+#include <memory>
+
+namespace Botan {
+
+/*************************************************
+* Encrypt some bytes using PBES2 *
+*************************************************/
+void PBE_PKCS5v20::write(const byte input[], u32bit length)
+ {
+ while(length)
+ {
+ u32bit put = std::min(DEFAULT_BUFFERSIZE, length);
+ pipe.write(input, length);
+ flush_pipe(true);
+ length -= put;
+ }
+ }
+
+/*************************************************
+* Start encrypting with PBES2 *
+*************************************************/
+void PBE_PKCS5v20::start_msg()
+ {
+ pipe.append(get_cipher(cipher, key, iv, direction));
+ pipe.start_msg();
+ if(pipe.message_count() > 1)
+ pipe.set_default_msg(pipe.default_msg() + 1);
+ }
+
+/*************************************************
+* Finish encrypting with PBES2 *
+*************************************************/
+void PBE_PKCS5v20::end_msg()
+ {
+ pipe.end_msg();
+ flush_pipe(false);
+ pipe.reset();
+ }
+
+/*************************************************
+* Flush the pipe *
+*************************************************/
+void PBE_PKCS5v20::flush_pipe(bool safe_to_skip)
+ {
+ if(safe_to_skip && pipe.remaining() < 64)
+ return;
+
+ SecureVector<byte> buffer(DEFAULT_BUFFERSIZE);
+ while(pipe.remaining())
+ {
+ u32bit got = pipe.read(buffer, buffer.size());
+ send(buffer, got);
+ }
+ }
+
+/*************************************************
+* Set the passphrase to use *
+*************************************************/
+void PBE_PKCS5v20::set_key(const std::string& passphrase)
+ {
+ std::auto_ptr<S2K> pbkdf(get_s2k("PBKDF2(" + digest + ")"));
+ pbkdf->set_iterations(iterations);
+ pbkdf->change_salt(salt, salt.size());
+ key = pbkdf->derive_key(key_length, passphrase).bits_of();
+ }
+
+/*************************************************
+* Create a new set of PBES2 parameters *
+*************************************************/
+void PBE_PKCS5v20::new_params()
+ {
+ iterations = 2048;
+ key_length = max_keylength_of(cipher_algo);
+ salt.create(8);
+ iv.create(block_size_of(cipher_algo));
+ Global_RNG::randomize(salt, salt.size());
+ Global_RNG::randomize(iv, iv.size());
+ }
+
+/*************************************************
+* Encode PKCS#5 PBES2 parameters *
+*************************************************/
+MemoryVector<byte> PBE_PKCS5v20::encode_params() const
+ {
+ return DER_Encoder()
+ .start_sequence()
+ .encode(
+ AlgorithmIdentifier("PKCS5.PBKDF2",
+ DER_Encoder()
+ .start_sequence()
+ .encode(salt, OCTET_STRING)
+ .encode(iterations)
+ .encode(key_length)
+ .end_sequence()
+ .get_contents()
+ )
+ )
+ .encode(
+ AlgorithmIdentifier(cipher,
+ DER_Encoder()
+ .encode(iv, OCTET_STRING)
+ .get_contents()
+ )
+ )
+ .end_sequence()
+ .get_contents();
+ }
+
+/*************************************************
+* Decode PKCS#5 PBES2 parameters *
+*************************************************/
+void PBE_PKCS5v20::decode_params(DataSource& source)
+ {
+ AlgorithmIdentifier kdf_algo, enc_algo;
+
+ BER_Decoder decoder(source);
+ BER_Decoder sequence = BER::get_subsequence(decoder);
+ BER::decode(sequence, kdf_algo);
+ BER::decode(sequence, enc_algo);
+ sequence.verify_end();
+
+ if(kdf_algo.oid == OIDS::lookup("PKCS5.PBKDF2"))
+ {
+ digest = "SHA-160";
+ BER_Decoder pbkdf2_params(kdf_algo.parameters);
+ BER_Decoder algo_params = BER::get_subsequence(pbkdf2_params);
+ algo_params.decode(salt, OCTET_STRING);
+ algo_params.decode(iterations);
+ BER::decode_optional(algo_params, key_length, INTEGER, UNIVERSAL);
+
+ algo_params.verify_end();
+ }
+ else
+ throw Decoding_Error("PBE-PKCS5 v2.0: Unknown KDF algorithm " +
+ kdf_algo.oid.as_string());
+
+ cipher = OIDS::lookup(enc_algo.oid);
+ std::vector<std::string> cipher_spec = split_on(cipher, '/');
+ if(cipher_spec.size() != 2)
+ throw Decoding_Error("PBE-PKCS5 v2.0: Invalid cipher spec " + cipher);
+ cipher_algo = deref_alias(cipher_spec[0]);
+
+ if(!known_cipher(cipher_algo) || cipher_spec[1] != "CBC")
+ throw Decoding_Error("PBE-PKCS5 v2.0: Don't know param format for " +
+ cipher);
+
+#if 0
+ BER_Decoder algo_params(enc_algo.parameters);
+ algo_params.decode(iv, OCTET_STRING);
+#else
+ BER_Decoder(enc_algo.parameters).decode(iv, OCTET_STRING).verify_end();
+#endif
+
+ if(key_length == 0)
+ key_length = max_keylength_of(cipher_algo);
+
+ if(salt.size() < 8)
+ throw Decoding_Error("PBE-PKCS5 v2.0: Encoded salt is too small");
+ }
+
+/*************************************************
+* Return an OID for PBES2 *
+*************************************************/
+OID PBE_PKCS5v20::get_oid() const
+ {
+ return OIDS::lookup("PBE-PKCS5v20");
+ }
+
+/*************************************************
+* Check if this is a known PBES2 cipher *
+*************************************************/
+bool PBE_PKCS5v20::known_cipher(const std::string& algo) const
+ {
+ if(algo == "AES-128" || algo == "AES-192" || algo == "AES-256")
+ return true;
+ if(algo == "DES" || algo == "TripleDES")
+ return true;
+ return false;
+ }
+
+/*************************************************
+* PKCS#5 v2.0 PBE Constructor *
+*************************************************/
+PBE_PKCS5v20::PBE_PKCS5v20(const std::string& d_algo,
+ const std::string& c_algo) :
+ direction(ENCRYPTION), digest(deref_alias(d_algo)), cipher(c_algo)
+ {
+ std::vector<std::string> cipher_spec = split_on(cipher, '/');
+ if(cipher_spec.size() != 2)
+ throw Invalid_Argument("PBE-PKCS5 v2.0: Invalid cipher spec " + cipher);
+ cipher_algo = deref_alias(cipher_spec[0]);
+ const std::string cipher_mode = cipher_spec[1];
+
+ if(!have_block_cipher(cipher_algo))
+ throw Algorithm_Not_Found(cipher_algo);
+ if(!have_hash(digest))
+ throw Algorithm_Not_Found(digest);
+
+ if(!known_cipher(cipher_algo))
+ throw Invalid_Argument("PBE-PKCS5 v2.0: Invalid cipher " + cipher);
+ if(cipher_mode != "CBC")
+ throw Invalid_Argument("PBE-PKCS5 v2.0: Invalid cipher " + cipher);
+ if(digest != "SHA-160")
+ throw Invalid_Argument("PBE-PKCS5 v2.0: Invalid digest " + digest);
+ }
+
+/*************************************************
+* PKCS#5 v2.0 PBE Constructor *
+*************************************************/
+PBE_PKCS5v20::PBE_PKCS5v20(DataSource& params) : direction(DECRYPTION)
+ {
+ decode_params(params);
+ }
+
+}
diff --git a/src/pem.cpp b/src/pem.cpp
new file mode 100644
index 000000000..f34f22a67
--- /dev/null
+++ b/src/pem.cpp
@@ -0,0 +1,145 @@
+/*************************************************
+* PEM Encoding/Decoding Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pem.h>
+#include <botan/conf.h>
+#include <botan/filters.h>
+#include <botan/parsing.h>
+
+namespace Botan {
+
+namespace PEM_Code {
+
+/*************************************************
+* PEM encode BER/DER-encoded objects *
+*************************************************/
+std::string encode(const byte der[], u32bit length, const std::string& label)
+ {
+ const u32bit PEM_WIDTH = Config::get_u32bit("pem/width");
+
+ if(PEM_WIDTH < 50 || PEM_WIDTH > 76)
+ throw Encoding_Error("PEM: Invalid line width " + to_string(PEM_WIDTH));
+
+ const std::string PEM_HEADER = "-----BEGIN " + label + "-----\n";
+ const std::string PEM_TRAILER = "-----END " + label + "-----\n";
+
+ Pipe pipe(new Base64_Encoder(true, PEM_WIDTH));
+ pipe.process_msg(der, length);
+ return (PEM_HEADER + pipe.read_all_as_string() + PEM_TRAILER);
+ }
+
+/*************************************************
+* PEM encode BER/DER-encoded objects *
+*************************************************/
+std::string encode(const MemoryRegion<byte>& data, const std::string& label)
+ {
+ return encode(data, data.size(), label);
+ }
+
+/*************************************************
+* Decode PEM down to raw BER/DER *
+*************************************************/
+SecureVector<byte> decode_check_label(DataSource& source,
+ const std::string& label_want)
+ {
+ std::string label_got;
+ SecureVector<byte> ber = decode(source, label_got);
+ if(label_got != label_want)
+ throw Decoding_Error("PEM: Label mismatch, wanted " + label_want +
+ ", got " + label_got);
+ return ber;
+ }
+
+/*************************************************
+* Decode PEM down to raw BER/DER *
+*************************************************/
+SecureVector<byte> decode(DataSource& source, std::string& label)
+ {
+ const u32bit RANDOM_CHAR_LIMIT = Config::get_u32bit("pem/forgive");
+
+ const std::string PEM_HEADER1 = "-----BEGIN ";
+ const std::string PEM_HEADER2 = "-----";
+ u32bit position = 0;
+
+ while(position != PEM_HEADER1.length())
+ {
+ byte b;
+ if(!source.read_byte(b))
+ throw Decoding_Error("PEM: No PEM header found");
+ if(b == PEM_HEADER1[position])
+ ++position;
+ else if(position >= RANDOM_CHAR_LIMIT)
+ throw Decoding_Error("PEM: Malformed PEM header");
+ else
+ position = 0;
+ }
+ position = 0;
+ while(position != PEM_HEADER2.length())
+ {
+ byte b;
+ if(!source.read_byte(b))
+ throw Decoding_Error("PEM: No PEM header found");
+ if(b == PEM_HEADER2[position])
+ ++position;
+ else if(position)
+ throw Decoding_Error("PEM: Malformed PEM header");
+
+ if(position == 0)
+ label += (char)b;
+ }
+
+ Pipe base64(new Base64_Decoder);
+ base64.start_msg();
+
+ const std::string PEM_TRAILER = "-----END " + label + "-----";
+ position = 0;
+ while(position != PEM_TRAILER.length())
+ {
+ byte b;
+ if(!source.read_byte(b))
+ throw Decoding_Error("PEM: No PEM trailer found");
+ if(b == PEM_TRAILER[position])
+ ++position;
+ else if(position)
+ throw Decoding_Error("PEM: Malformed PEM trailer");
+
+ if(position == 0)
+ base64.write(b);
+ }
+ base64.end_msg();
+ return base64.read_all();
+ }
+
+/*************************************************
+* Search for a PEM signature *
+*************************************************/
+bool matches(DataSource& source, const std::string& extra)
+ {
+ const u32bit PEM_SEARCH_RANGE = Config::get_u32bit("pem/search");
+ const std::string PEM_HEADER = "-----BEGIN " + extra;
+
+ SecureVector<byte> search_buf(PEM_SEARCH_RANGE);
+ u32bit got = source.peek(search_buf, search_buf.size(), 0);
+
+ if(got < PEM_HEADER.length())
+ return false;
+
+ u32bit index = 0;
+
+ for(u32bit j = 0; j != got; ++j)
+ {
+ if(search_buf[j] == PEM_HEADER[index])
+ ++index;
+ else
+ index = 0;
+ if(index == PEM_HEADER.size())
+ return true;
+ }
+ return false;
+ }
+
+}
+
+}
diff --git a/src/pgp_s2k.cpp b/src/pgp_s2k.cpp
new file mode 100644
index 000000000..6d812d1c4
--- /dev/null
+++ b/src/pgp_s2k.cpp
@@ -0,0 +1,82 @@
+/*************************************************
+* OpenPGP S2K Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pgp_s2k.h>
+#include <botan/lookup.h>
+#include <algorithm>
+#include <memory>
+
+namespace Botan {
+
+/*************************************************
+* Derive a key using the OpenPGP S2K algorithm *
+*************************************************/
+OctetString OpenPGP_S2K::derive(u32bit key_len, const std::string& passphrase,
+ const byte salt_buf[], u32bit salt_size,
+ u32bit iterations) const
+ {
+ SecureVector<byte> key(key_len), hash_buf;
+
+ u32bit pass = 0, generated = 0,
+ total_size = passphrase.size() + salt_size;
+ u32bit to_hash = std::max(iterations, total_size);
+
+ std::auto_ptr<HashFunction> hash(get_hash(hash_name));
+
+ hash->clear();
+ while(key_len > generated)
+ {
+ for(u32bit j = 0; j != pass; ++j)
+ hash->update(0);
+
+ u32bit left = to_hash;
+ while(left >= total_size)
+ {
+ hash->update(salt_buf, salt_size);
+ hash->update(passphrase);
+ left -= total_size;
+ }
+ if(left <= salt_size)
+ hash->update(salt_buf, left);
+ else
+ {
+ hash->update(salt_buf, salt_size);
+ left -= salt_size;
+ hash->update((const byte*)passphrase.c_str(), left);
+ }
+
+ hash_buf = hash->final();
+ key.copy(generated, hash_buf, hash->OUTPUT_LENGTH);
+ generated += hash->OUTPUT_LENGTH;
+ ++pass;
+ }
+
+ return key;
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string OpenPGP_S2K::name() const
+ {
+ return "OpenPGP-S2K(" + hash_name + ")";
+ }
+
+/*************************************************
+* Return a clone of this object *
+*************************************************/
+S2K* OpenPGP_S2K::clone() const
+ {
+ return new OpenPGP_S2K(hash_name);
+ }
+
+/*************************************************
+* OpenPGP S2K Constructor *
+*************************************************/
+OpenPGP_S2K::OpenPGP_S2K(const std::string& h) : hash_name(h)
+ {
+ }
+
+}
diff --git a/src/pipe.cpp b/src/pipe.cpp
new file mode 100644
index 000000000..8e1f46f00
--- /dev/null
+++ b/src/pipe.cpp
@@ -0,0 +1,284 @@
+/*************************************************
+* Pipe Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pipe.h>
+#include <botan/out_buf.h>
+#include <botan/secqueue.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* A Filter that does nothing *
+*************************************************/
+class Null_Filter : public Filter
+ {
+ public:
+ void write(const byte input[], u32bit length)
+ { send(input, length); }
+ };
+
+}
+
+/*************************************************
+* Pipe Constructor *
+*************************************************/
+Pipe::Pipe(Filter* f1, Filter* f2, Filter* f3, Filter* f4)
+ {
+ init();
+ append(f1);
+ append(f2);
+ append(f3);
+ append(f4);
+ }
+
+/*************************************************
+* Pipe Constructor *
+*************************************************/
+Pipe::Pipe(Filter* filter_array[], u32bit count)
+ {
+ init();
+ for(u32bit j = 0; j != count; ++j)
+ append(filter_array[j]);
+ }
+
+/*************************************************
+* Pipe Destructor *
+*************************************************/
+Pipe::~Pipe()
+ {
+ destruct(pipe);
+ delete outputs;
+ }
+
+/*************************************************
+* Initialize the Pipe *
+*************************************************/
+void Pipe::init()
+ {
+ outputs = new Output_Buffers;
+ pipe = 0;
+ default_read = 0;
+ inside_msg = false;
+ }
+
+/*************************************************
+* Reset the Pipe *
+*************************************************/
+void Pipe::reset()
+ {
+ if(inside_msg)
+ throw Invalid_State("Pipe cannot be reset while it is processing");
+ destruct(pipe);
+ pipe = 0;
+ inside_msg = false;
+ }
+
+/*************************************************
+* Destroy the Pipe *
+*************************************************/
+void Pipe::destruct(Filter* to_kill)
+ {
+ if(!to_kill || dynamic_cast<SecureQueue*>(to_kill))
+ return;
+ for(u32bit j = 0; j != to_kill->total_ports(); ++j)
+ destruct(to_kill->next[j]);
+ delete to_kill;
+ }
+
+/*************************************************
+* Test if the Pipe has any data in it *
+*************************************************/
+bool Pipe::end_of_data() const
+ {
+ return (remaining() == 0);
+ }
+
+/*************************************************
+* Set the default read message *
+*************************************************/
+void Pipe::set_default_msg(u32bit msg)
+ {
+ if(msg >= message_count())
+ throw Invalid_Argument("Pipe::set_default_msg: msg number is too high");
+ default_read = msg;
+ }
+
+/*************************************************
+* Process a full message at once *
+*************************************************/
+void Pipe::process_msg(const byte input[], u32bit length)
+ {
+ start_msg();
+ write(input, length);
+ end_msg();
+ }
+
+/*************************************************
+* Process a full message at once *
+*************************************************/
+void Pipe::process_msg(const MemoryRegion<byte>& input)
+ {
+ process_msg(input.begin(), input.size());
+ }
+
+/*************************************************
+* Process a full message at once *
+*************************************************/
+void Pipe::process_msg(const std::string& input)
+ {
+ process_msg((const byte*)input.c_str(), input.length());
+ }
+
+/*************************************************
+* Process a full message at once *
+*************************************************/
+void Pipe::process_msg(DataSource& input)
+ {
+ start_msg();
+ write(input);
+ end_msg();
+ }
+
+/*************************************************
+* Start a new message *
+*************************************************/
+void Pipe::start_msg()
+ {
+ if(inside_msg)
+ throw Invalid_State("Pipe::start_msg: Message was already started");
+ if(pipe == 0)
+ pipe = new Null_Filter;
+ find_endpoints(pipe);
+ pipe->new_msg();
+ inside_msg = true;
+ }
+
+/*************************************************
+* End the current message *
+*************************************************/
+void Pipe::end_msg()
+ {
+ if(!inside_msg)
+ throw Invalid_State("Pipe::end_msg: Message was already ended");
+ pipe->finish_msg();
+ clear_endpoints(pipe);
+ if(dynamic_cast<Null_Filter*>(pipe))
+ {
+ delete pipe;
+ pipe = 0;
+ }
+ inside_msg = false;
+
+ outputs->retire();
+ }
+
+/*************************************************
+* Find the endpoints of the Pipe *
+*************************************************/
+void Pipe::find_endpoints(Filter* f)
+ {
+ for(u32bit j = 0; j != f->total_ports(); ++j)
+ if(f->next[j] && !dynamic_cast<SecureQueue*>(f->next[j]))
+ find_endpoints(f->next[j]);
+ else
+ {
+ SecureQueue* q = new SecureQueue;
+ f->next[j] = q;
+ outputs->add(q);
+ }
+ }
+
+/*************************************************
+* Remove the SecureQueues attached to the Filter *
+*************************************************/
+void Pipe::clear_endpoints(Filter* f)
+ {
+ if(!f) return;
+ for(u32bit j = 0; j != f->total_ports(); ++j)
+ {
+ if(f->next[j] && dynamic_cast<SecureQueue*>(f->next[j]))
+ f->next[j] = 0;
+ clear_endpoints(f->next[j]);
+ }
+ }
+
+/*************************************************
+* Append a Filter to the Pipe *
+*************************************************/
+void Pipe::append(Filter* filter)
+ {
+ if(inside_msg)
+ throw Invalid_State("Cannot append to a Pipe while it is processing");
+ if(!filter)
+ return;
+ if(dynamic_cast<SecureQueue*>(filter))
+ throw Invalid_Argument("Pipe::append: SecureQueue cannot be used");
+ if(filter->owned)
+ throw Invalid_Argument("Filters cannot be shared among multiple Pipes");
+
+ filter->owned = true;
+
+ if(!pipe) pipe = filter;
+ else pipe->attach(filter);
+ }
+
+/*************************************************
+* Prepend a Filter to the Pipe *
+*************************************************/
+void Pipe::prepend(Filter* filter)
+ {
+ if(inside_msg)
+ throw Invalid_State("Cannot prepend to a Pipe while it is processing");
+ if(!filter)
+ return;
+ if(dynamic_cast<SecureQueue*>(filter))
+ throw Invalid_Argument("Pipe::prepend: SecureQueue cannot be used");
+ if(filter->owned)
+ throw Invalid_Argument("Filters cannot be shared among multiple Pipes");
+
+ filter->owned = true;
+
+ if(pipe) filter->attach(pipe);
+ pipe = filter;
+ }
+
+/*************************************************
+* Pop a Filter off the Pipe *
+*************************************************/
+void Pipe::pop()
+ {
+ if(inside_msg)
+ throw Invalid_State("Cannot pop off a Pipe while it is processing");
+
+ if(!pipe)
+ return;
+
+ if(pipe->total_ports() > 1)
+ throw Invalid_State("Cannot pop off a Filter with multiple ports");
+
+ Filter* f = pipe;
+ u32bit owns = f->owns();
+ pipe = pipe->next[0];
+ delete f;
+
+ while(owns--)
+ {
+ f = pipe;
+ pipe = pipe->next[0];
+ delete f;
+ }
+ }
+
+/*************************************************
+* Return the number of messages in this Pipe *
+*************************************************/
+u32bit Pipe::message_count() const
+ {
+ return outputs->message_count();
+ }
+
+}
diff --git a/src/pipe_io.cpp b/src/pipe_io.cpp
new file mode 100644
index 000000000..ae3a8825f
--- /dev/null
+++ b/src/pipe_io.cpp
@@ -0,0 +1,43 @@
+/*************************************************
+* Pipe I/O Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pipe.h>
+#include <iostream>
+
+namespace Botan {
+
+/*************************************************
+* Write data from a pipe into an ostream *
+*************************************************/
+std::ostream& operator<<(std::ostream& stream, Pipe& pipe)
+ {
+ SecureVector<byte> buffer(DEFAULT_BUFFERSIZE);
+ while(stream.good() && pipe.remaining())
+ {
+ u32bit got = pipe.read(buffer, buffer.size());
+ stream.write((const char*)buffer.begin(), got);
+ }
+ if(!stream.good())
+ throw Stream_IO_Error("Pipe output operator (iostream) has failed");
+ return stream;
+ }
+
+/*************************************************
+* Read data from an istream into a pipe *
+*************************************************/
+std::istream& operator>>(std::istream& stream, Pipe& pipe)
+ {
+ SecureVector<byte> buffer(DEFAULT_BUFFERSIZE);
+ while(stream.good())
+ {
+ stream.read((char*)buffer.begin(), buffer.size());
+ pipe.write(buffer, stream.gcount());
+ }
+ if(stream.bad() || (stream.fail() && !stream.eof()))
+ throw Stream_IO_Error("Pipe input operator (iostream) has failed");
+ return stream;
+ }
+
+}
diff --git a/src/pipe_rw.cpp b/src/pipe_rw.cpp
new file mode 100644
index 000000000..8906a0c4d
--- /dev/null
+++ b/src/pipe_rw.cpp
@@ -0,0 +1,164 @@
+/*************************************************
+* Pipe Reading/Writing Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pipe.h>
+#include <botan/out_buf.h>
+#include <botan/secqueue.h>
+
+namespace Botan {
+
+/*************************************************
+* Look up the canonical ID for a queue *
+*************************************************/
+u32bit Pipe::get_message_no(const std::string& func_name, u32bit msg) const
+ {
+ if(msg == DEFAULT_MESSAGE)
+ msg = default_msg();
+ else if(msg == LAST_MESSAGE)
+ msg = message_count() - 1;
+
+ if(msg >= message_count())
+ throw Invalid_Message_Number(func_name, msg);
+
+ return msg;
+ }
+
+/*************************************************
+* Write into a Pipe *
+*************************************************/
+void Pipe::write(const byte input[], u32bit length)
+ {
+ if(!inside_msg)
+ throw Exception("Cannot write to a Pipe while it is not processing");
+ pipe->write(input, length);
+ }
+
+/*************************************************
+* Write into a Pipe *
+*************************************************/
+void Pipe::write(const MemoryRegion<byte>& input)
+ {
+ write(input.begin(), input.size());
+ }
+
+/*************************************************
+* Write a string into a Pipe *
+*************************************************/
+void Pipe::write(const std::string& str)
+ {
+ write((const byte*)str.c_str(), str.size());
+ }
+
+/*************************************************
+* Write a single byte into a Pipe *
+*************************************************/
+void Pipe::write(byte input)
+ {
+ write(&input, 1);
+ }
+
+/*************************************************
+* Write the contents of a DataSource into a Pipe *
+*************************************************/
+void Pipe::write(DataSource& source)
+ {
+ SecureVector<byte> buffer(DEFAULT_BUFFERSIZE);
+ while(!source.end_of_data())
+ {
+ u32bit got = source.read(buffer, buffer.size());
+ write(buffer, got);
+ }
+ }
+
+/*************************************************
+* Read some data from the pipe *
+*************************************************/
+u32bit Pipe::read(byte output[], u32bit length, u32bit msg)
+ {
+ return outputs->read(output, length, get_message_no("read", msg));
+ }
+
+/*************************************************
+* Read some data from the pipe *
+*************************************************/
+u32bit Pipe::read(byte output[], u32bit length)
+ {
+ return read(output, length, DEFAULT_MESSAGE);
+ }
+
+/*************************************************
+* Read a single byte from the pipe *
+*************************************************/
+u32bit Pipe::read(byte& out, u32bit msg)
+ {
+ return read(&out, 1, msg);
+ }
+
+/*************************************************
+* Return all data in the pipe *
+*************************************************/
+SecureVector<byte> Pipe::read_all(u32bit msg)
+ {
+ msg = ((msg != DEFAULT_MESSAGE) ? msg : default_msg());
+ SecureVector<byte> buffer(remaining(msg));
+ read(buffer, buffer.size(), msg);
+ return buffer;
+ }
+
+/*************************************************
+* Return all data in the pipe as a string *
+*************************************************/
+std::string Pipe::read_all_as_string(u32bit msg)
+ {
+ msg = ((msg != DEFAULT_MESSAGE) ? msg : default_msg());
+ SecureVector<byte> buffer(DEFAULT_BUFFERSIZE);
+ std::string str;
+ str.reserve(remaining(msg));
+
+ while(true)
+ {
+ u32bit got = read(buffer, buffer.size(), msg);
+ if(got == 0)
+ break;
+ str.append((const char*)buffer.begin(), got);
+ }
+
+ return str;
+ }
+
+/*************************************************
+* Find out how many bytes are ready to read *
+*************************************************/
+u32bit Pipe::remaining(u32bit msg) const
+ {
+ return outputs->remaining(get_message_no("remaining", msg));
+ }
+
+/*************************************************
+* Peek at some data in the pipe *
+*************************************************/
+u32bit Pipe::peek(byte output[], u32bit length,
+ u32bit offset, u32bit msg) const
+ {
+ return outputs->peek(output, length, offset, get_message_no("peek", msg));
+ }
+
+/*************************************************
+* Peek at some data in the pipe *
+*************************************************/
+u32bit Pipe::peek(byte output[], u32bit length, u32bit offset) const
+ {
+ return peek(output, length, offset, DEFAULT_MESSAGE);
+ }
+
+/*************************************************
+* Peek at a byte in the pipe *
+*************************************************/
+u32bit Pipe::peek(byte& out, u32bit offset, u32bit msg) const
+ {
+ return peek(&out, 1, offset, msg);
+ }
+
+}
diff --git a/src/pk_algs.cpp b/src/pk_algs.cpp
new file mode 100644
index 000000000..e042a84f4
--- /dev/null
+++ b/src/pk_algs.cpp
@@ -0,0 +1,46 @@
+/*************************************************
+* PK Key Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pk_algs.h>
+#include <botan/rsa.h>
+#include <botan/dsa.h>
+#include <botan/dh.h>
+#include <botan/nr.h>
+#include <botan/rw.h>
+#include <botan/elgamal.h>
+
+namespace Botan {
+
+/*************************************************
+* Get an PK public key object *
+*************************************************/
+X509_PublicKey* get_public_key(const std::string& alg_name)
+ {
+ if(alg_name == "RSA") return new RSA_PublicKey;
+ else if(alg_name == "DSA") return new DSA_PublicKey;
+ else if(alg_name == "DH") return new DH_PublicKey;
+ else if(alg_name == "NR") return new NR_PublicKey;
+ else if(alg_name == "RW") return new RW_PublicKey;
+ else if(alg_name == "ELG") return new ElGamal_PublicKey;
+ else
+ return 0;
+ }
+
+/*************************************************
+* Get an PK private key object *
+*************************************************/
+PKCS8_PrivateKey* get_private_key(const std::string& alg_name)
+ {
+ if(alg_name == "RSA") return new RSA_PrivateKey;
+ else if(alg_name == "DSA") return new DSA_PrivateKey;
+ else if(alg_name == "DH") return new DH_PrivateKey;
+ else if(alg_name == "NR") return new NR_PrivateKey;
+ else if(alg_name == "RW") return new RW_PrivateKey;
+ else if(alg_name == "ELG") return new ElGamal_PrivateKey;
+ else
+ return 0;
+ }
+
+}
diff --git a/src/pk_core.cpp b/src/pk_core.cpp
new file mode 100644
index 000000000..72bc475fa
--- /dev/null
+++ b/src/pk_core.cpp
@@ -0,0 +1,289 @@
+/*************************************************
+* PK Algorithm Core Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pk_core.h>
+#include <botan/numthry.h>
+#include <botan/engine.h>
+#include <botan/conf.h>
+#include <algorithm>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Return a new blinding factor *
+*************************************************/
+BigInt blinding_factor(u32bit modulus_size)
+ {
+ const u32bit BLINDING_BITS = Config::get_u32bit("pk/blinder_size");
+ if(BLINDING_BITS == 0)
+ return 0;
+ return random_integer(std::min(modulus_size - 1, BLINDING_BITS));
+ }
+
+}
+
+/*************************************************
+* IF_Core Constructor *
+*************************************************/
+IF_Core::IF_Core(const BigInt& e, const BigInt& n, const BigInt& d,
+ const BigInt& p, const BigInt& q,
+ const BigInt& d1, const BigInt& d2, const BigInt& c)
+ {
+ op = Engine_Core::if_op(e, n, d, p, q, d1, d2, c);
+
+ if(d != 0)
+ {
+ BigInt k = blinding_factor(n.bits());
+ if(k != 0)
+ blinder = Blinder(power_mod(k, e, n), inverse_mod(k, n), n);
+ }
+ }
+
+/*************************************************
+* IF_Core Copy Constructor *
+*************************************************/
+IF_Core::IF_Core(const IF_Core& core)
+ {
+ op = 0;
+ if(core.op)
+ op = core.op->clone();
+ blinder = core.blinder;
+ }
+
+/*************************************************
+* IF_Core Assignment Operator *
+*************************************************/
+IF_Core& IF_Core::operator=(const IF_Core& core)
+ {
+ delete op;
+ if(core.op)
+ op = core.op->clone();
+ blinder = core.blinder;
+ return (*this);
+ }
+
+/*************************************************
+* IF Public Operation *
+*************************************************/
+BigInt IF_Core::public_op(const BigInt& i) const
+ {
+ return op->public_op(i);
+ }
+
+/*************************************************
+* IF Private Operation *
+*************************************************/
+BigInt IF_Core::private_op(const BigInt& i) const
+ {
+ return blinder.unblind(op->private_op(blinder.blind(i)));
+ }
+
+/*************************************************
+* DSA_Core Constructor *
+*************************************************/
+DSA_Core::DSA_Core(const DL_Group& group, const BigInt& y, const BigInt& x)
+ {
+ op = Engine_Core::dsa_op(group, y, x);
+ }
+
+/*************************************************
+* DSA_Core Copy Constructor *
+*************************************************/
+DSA_Core::DSA_Core(const DSA_Core& core)
+ {
+ op = 0;
+ if(core.op)
+ op = core.op->clone();
+ }
+
+/*************************************************
+* DSA_Core Assignment Operator *
+*************************************************/
+DSA_Core& DSA_Core::operator=(const DSA_Core& core)
+ {
+ delete op;
+ if(core.op)
+ op = core.op->clone();
+ return (*this);
+ }
+
+/*************************************************
+* DSA Verification Operation *
+*************************************************/
+bool DSA_Core::verify(const byte msg[], u32bit msg_length,
+ const byte sig[], u32bit sig_length) const
+ {
+ return op->verify(msg, msg_length, sig, sig_length);
+ }
+
+/*************************************************
+* DSA Signature Operation *
+*************************************************/
+SecureVector<byte> DSA_Core::sign(const byte in[], u32bit length,
+ const BigInt& k) const
+ {
+ return op->sign(in, length, k);
+ }
+
+/*************************************************
+* NR_Core Constructor *
+*************************************************/
+NR_Core::NR_Core(const DL_Group& group, const BigInt& y, const BigInt& x)
+ {
+ op = Engine_Core::nr_op(group, y, x);
+ }
+
+/*************************************************
+* NR_Core Copy Constructor *
+*************************************************/
+NR_Core::NR_Core(const NR_Core& core)
+ {
+ op = 0;
+ if(core.op)
+ op = core.op->clone();
+ }
+
+/*************************************************
+* NR_Core Assignment Operator *
+*************************************************/
+NR_Core& NR_Core::operator=(const NR_Core& core)
+ {
+ delete op;
+ if(core.op)
+ op = core.op->clone();
+ return (*this);
+ }
+
+/*************************************************
+* NR Verification Operation *
+*************************************************/
+SecureVector<byte> NR_Core::verify(const byte in[], u32bit length) const
+ {
+ return op->verify(in, length);
+ }
+
+/*************************************************
+* NR Signature Operation *
+*************************************************/
+SecureVector<byte> NR_Core::sign(const byte in[], u32bit length,
+ const BigInt& k) const
+ {
+ return op->sign(in, length, k);
+ }
+
+/*************************************************
+* ELG_Core Constructor *
+*************************************************/
+ELG_Core::ELG_Core(const DL_Group& group, const BigInt& y, const BigInt& x)
+ {
+ op = Engine_Core::elg_op(group, y, x);
+
+ p_bytes = 0;
+ if(x != 0)
+ {
+ const BigInt& p = group.get_p();
+ p_bytes = group.get_p().bytes();
+
+ BigInt k = blinding_factor(p.bits());
+ if(k != 0)
+ blinder = Blinder(k, power_mod(k, x, p), p);
+ }
+ }
+
+/*************************************************
+* ELG_Core Copy Constructor *
+*************************************************/
+ELG_Core::ELG_Core(const ELG_Core& core)
+ {
+ op = 0;
+ if(core.op)
+ op = core.op->clone();
+ blinder = core.blinder;
+ p_bytes = core.p_bytes;
+ }
+
+/*************************************************
+* ELG_Core Assignment Operator *
+*************************************************/
+ELG_Core& ELG_Core::operator=(const ELG_Core& core)
+ {
+ delete op;
+ if(core.op)
+ op = core.op->clone();
+ blinder = core.blinder;
+ p_bytes = core.p_bytes;
+ return (*this);
+ }
+
+/*************************************************
+* ElGamal Encrypt Operation *
+*************************************************/
+SecureVector<byte> ELG_Core::encrypt(const byte in[], u32bit length,
+ const BigInt& k) const
+ {
+ return op->encrypt(in, length, k);
+ }
+
+/*************************************************
+* ElGamal Decrypt Operation *
+*************************************************/
+SecureVector<byte> ELG_Core::decrypt(const byte in[], u32bit length) const
+ {
+ if(length != 2*p_bytes)
+ throw Invalid_Argument("ELG_Core::decrypt: Invalid message");
+
+ BigInt a(in, p_bytes);
+ BigInt b(in + p_bytes, p_bytes);
+
+ return BigInt::encode(blinder.unblind(op->decrypt(blinder.blind(a), b)));
+ }
+
+/*************************************************
+* DH_Core Constructor *
+*************************************************/
+DH_Core::DH_Core(const DL_Group& group, const BigInt& x)
+ {
+ op = Engine_Core::dh_op(group, x);
+
+ const BigInt& p = group.get_p();
+ BigInt k = blinding_factor(p.bits());
+ if(k != 0)
+ blinder = Blinder(k, power_mod(inverse_mod(k, p), x, p), p);
+ }
+
+/*************************************************
+* DH_Core Copy Constructor *
+*************************************************/
+DH_Core::DH_Core(const DH_Core& core)
+ {
+ op = 0;
+ if(core.op)
+ op = core.op->clone();
+ blinder = core.blinder;
+ }
+
+/*************************************************
+* DH_Core Assignment Operator *
+*************************************************/
+DH_Core& DH_Core::operator=(const DH_Core& core)
+ {
+ delete op;
+ if(core.op)
+ op = core.op->clone();
+ blinder = core.blinder;
+ return (*this);
+ }
+
+/*************************************************
+* DH Operation *
+*************************************************/
+BigInt DH_Core::agree(const BigInt& i) const
+ {
+ return blinder.unblind(op->agree(blinder.blind(i)));
+ }
+
+}
diff --git a/src/pk_filts.cpp b/src/pk_filts.cpp
new file mode 100644
index 000000000..038360e2f
--- /dev/null
+++ b/src/pk_filts.cpp
@@ -0,0 +1,113 @@
+/*************************************************
+* PK Filters Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pk_filts.h>
+
+namespace Botan {
+
+/*************************************************
+* Append to the buffer *
+*************************************************/
+void PK_Encryptor_Filter::write(const byte input[], u32bit length)
+ {
+ buffer.append(input, length);
+ }
+
+/*************************************************
+* Encrypt the message *
+*************************************************/
+void PK_Encryptor_Filter::end_msg()
+ {
+ send(cipher->encrypt(buffer, buffer.size()));
+ buffer.destroy();
+ }
+
+/*************************************************
+* Append to the buffer *
+*************************************************/
+void PK_Decryptor_Filter::write(const byte input[], u32bit length)
+ {
+ buffer.append(input, length);
+ }
+
+/*************************************************
+* Decrypt the message *
+*************************************************/
+void PK_Decryptor_Filter::end_msg()
+ {
+ send(cipher->decrypt(buffer, buffer.size()));
+ buffer.destroy();
+ }
+
+/*************************************************
+* Add more data *
+*************************************************/
+void PK_Signer_Filter::write(const byte input[], u32bit length)
+ {
+ signer->update(input, length);
+ }
+
+/*************************************************
+* Sign the message *
+*************************************************/
+void PK_Signer_Filter::end_msg()
+ {
+ send(signer->signature());
+ }
+
+/*************************************************
+* Add more data *
+*************************************************/
+void PK_Verifier_Filter::write(const byte input[], u32bit length)
+ {
+ verifier->update(input, length);
+ }
+
+/*************************************************
+* Verify the message *
+*************************************************/
+void PK_Verifier_Filter::end_msg()
+ {
+ if(signature.is_empty())
+ throw Exception("PK_Verifier_Filter: No signature to check against");
+ bool is_valid = verifier->check_signature(signature, signature.size());
+ send((is_valid ? 1 : 0));
+ }
+
+/*************************************************
+* Set the signature to check *
+*************************************************/
+void PK_Verifier_Filter::set_signature(const byte sig[], u32bit length)
+ {
+ signature.set(sig, length);
+ }
+
+/*************************************************
+* Set the signature to check *
+*************************************************/
+void PK_Verifier_Filter::set_signature(const MemoryRegion<byte>& sig)
+ {
+ signature = sig;
+ }
+
+/*************************************************
+* PK_Verifier_Filter Constructor *
+*************************************************/
+PK_Verifier_Filter::PK_Verifier_Filter(PK_Verifier* v, const byte sig[],
+ u32bit length) :
+ verifier(v), signature(sig, length)
+ {
+ }
+
+/*************************************************
+* PK_Verifier_Filter Constructor *
+*************************************************/
+PK_Verifier_Filter::PK_Verifier_Filter(PK_Verifier* v,
+ const MemoryRegion<byte>& sig) :
+ verifier(v), signature(sig)
+ {
+ }
+
+}
diff --git a/src/pk_keys.cpp b/src/pk_keys.cpp
new file mode 100644
index 000000000..6d6f784b2
--- /dev/null
+++ b/src/pk_keys.cpp
@@ -0,0 +1,68 @@
+/*************************************************
+* PK Key Types Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pk_keys.h>
+#include <botan/conf.h>
+#include <botan/oids.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Find out how much testing should be performed *
+*************************************************/
+bool key_check_level(const std::string& type)
+ {
+ const std::string setting = Config::get_string("pk/test/" + type);
+ if(setting == "basic")
+ return false;
+ return true;
+ }
+
+}
+
+/*************************************************
+* Default OID access *
+*************************************************/
+OID PK_Key::get_oid() const
+ {
+ try {
+ return OIDS::lookup(algo_name());
+ }
+ catch(Lookup_Error)
+ {
+ throw Lookup_Error("PK algo " + algo_name() + " has no defined OIDs");
+ }
+ }
+
+/*************************************************
+* Run checks on a loaded public key *
+*************************************************/
+void PK_Key::check_loaded_public() const
+ {
+ if(!check_key(key_check_level("public")))
+ throw Invalid_Argument(algo_name() + ": Invalid public key");
+ }
+
+/*************************************************
+* Run checks on a loaded private key *
+*************************************************/
+void PK_Key::check_loaded_private() const
+ {
+ if(!check_key(key_check_level("private")))
+ throw Invalid_Argument(algo_name() + ": Invalid private key");
+ }
+
+/*************************************************
+* Run checks on a generated private key *
+*************************************************/
+void PK_Key::check_generated_private() const
+ {
+ if(!check_key(key_check_level("private_gen")))
+ throw Self_Test_Failure(algo_name() + " private key generation failed");
+ }
+
+}
diff --git a/src/pk_util.cpp b/src/pk_util.cpp
new file mode 100644
index 000000000..04b952bd8
--- /dev/null
+++ b/src/pk_util.cpp
@@ -0,0 +1,116 @@
+/*************************************************
+* PK Utility Classes Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pk_util.h>
+
+namespace Botan {
+
+/*************************************************
+* Encode a message *
+*************************************************/
+SecureVector<byte> EME::encode(const byte msg[], u32bit msg_len,
+ u32bit key_bits) const
+ {
+ return pad(msg, msg_len, key_bits);
+ }
+
+/*************************************************
+* Encode a message *
+*************************************************/
+SecureVector<byte> EME::encode(const MemoryRegion<byte>& msg,
+ u32bit key_bits) const
+ {
+ return pad(msg, msg.size(), key_bits);
+ }
+
+/*************************************************
+* Decode a message *
+*************************************************/
+SecureVector<byte> EME::decode(const byte msg[], u32bit msg_len,
+ u32bit key_bits) const
+ {
+ return unpad(msg, msg_len, key_bits);
+ }
+
+/*************************************************
+* Decode a message *
+*************************************************/
+SecureVector<byte> EME::decode(const MemoryRegion<byte>& msg,
+ u32bit key_bits) const
+ {
+ return unpad(msg, msg.size(), key_bits);
+ }
+
+/*************************************************
+* Default signature decoding *
+*************************************************/
+bool EMSA::verify(const MemoryRegion<byte>& coded,
+ const MemoryRegion<byte>& raw,
+ u32bit key_bits) throw()
+ {
+ try {
+ return (coded == encoding_of(raw, key_bits));
+ }
+ catch(Invalid_Argument)
+ {
+ return false;
+ }
+ }
+
+/*************************************************
+* Derive a key *
+*************************************************/
+SecureVector<byte> KDF::derive_key(u32bit key_len,
+ const MemoryRegion<byte>& secret,
+ const std::string& salt) const
+ {
+ return derive_key(key_len, secret, secret.size(),
+ (const byte*)salt.c_str(), salt.length());
+ }
+
+/*************************************************
+* Derive a key *
+*************************************************/
+SecureVector<byte> KDF::derive_key(u32bit key_len,
+ const MemoryRegion<byte>& secret,
+ const byte salt[], u32bit salt_len) const
+ {
+ return derive_key(key_len, secret.begin(), secret.size(),
+ salt, salt_len);
+ }
+
+/*************************************************
+* Derive a key *
+*************************************************/
+SecureVector<byte> KDF::derive_key(u32bit key_len,
+ const MemoryRegion<byte>& secret,
+ const MemoryRegion<byte>& salt) const
+ {
+ return derive_key(key_len, secret.begin(), secret.size(),
+ salt.begin(), salt.size());
+ }
+
+/*************************************************
+* Derive a key *
+*************************************************/
+SecureVector<byte> KDF::derive_key(u32bit key_len,
+ const byte secret[], u32bit secret_len,
+ const std::string& salt) const
+ {
+ return derive_key(key_len, secret, secret_len,
+ (const byte*)salt.c_str(), salt.length());
+ }
+
+/*************************************************
+* Derive a key *
+*************************************************/
+SecureVector<byte> KDF::derive_key(u32bit key_len,
+ const byte secret[], u32bit secret_len,
+ const byte salt[], u32bit salt_len) const
+ {
+ return derive(key_len, secret, secret_len, salt, salt_len);
+ }
+
+}
diff --git a/src/pkcs10.cpp b/src/pkcs10.cpp
new file mode 100644
index 000000000..a567f5a00
--- /dev/null
+++ b/src/pkcs10.cpp
@@ -0,0 +1,228 @@
+/*************************************************
+* PKCS #10 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pkcs10.h>
+#include <botan/asn1_int.h>
+#include <botan/parsing.h>
+#include <botan/x509stor.h>
+#include <botan/oids.h>
+
+namespace Botan {
+
+/*************************************************
+* PKCS10_Request Constructor *
+*************************************************/
+PKCS10_Request::PKCS10_Request(DataSource& in) :
+ X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
+ {
+ is_ca = false;
+ max_path_len = 0;
+ constraints_value = NO_CONSTRAINTS;
+
+ do_decode();
+ }
+
+/*************************************************
+* PKCS10_Request Constructor *
+*************************************************/
+PKCS10_Request::PKCS10_Request(const std::string& in) :
+ X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST")
+ {
+ is_ca = false;
+ max_path_len = 0;
+
+ do_decode();
+ }
+
+/*************************************************
+* Deocde the CertificateRequestInfo *
+*************************************************/
+void PKCS10_Request::force_decode()
+ {
+ BER_Decoder cert_req_info(tbs_bits);
+
+ u32bit version;
+ cert_req_info.decode(version);
+ if(version != 0)
+ throw Decoding_Error("Unknown version code in PKCS #10 request: " +
+ to_string(version));
+
+ BER::decode(cert_req_info, dn);
+
+ BER_Object public_key = cert_req_info.get_next_object();
+ if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED)
+ throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for public key",
+ public_key.type_tag, public_key.class_tag);
+ pub_key = ASN1::put_in_sequence(public_key.value);
+
+ BER_Object attr_bits = cert_req_info.get_next_object();
+
+ if(attr_bits.type_tag == 0 &&
+ attr_bits.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
+ {
+ BER_Decoder attributes(attr_bits.value);
+ while(attributes.more_items())
+ {
+ Attribute attr;
+ BER::decode(attributes, attr);
+ handle_attribute(attr);
+ }
+ attributes.verify_end();
+ }
+ else if(attr_bits.type_tag != NO_OBJECT)
+ throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for attributes",
+ attr_bits.type_tag, attr_bits.class_tag);
+
+ cert_req_info.verify_end();
+
+ std::vector<std::string> emails = dn.get_attribute("PKCS9.EmailAddress");
+ for(u32bit j = 0; j != emails.size(); ++j)
+ subject_alt.add_attribute("RFC822", emails[j]);
+
+ X509_Code sig_check = X509_Store::check_sig(*this, subject_public_key());
+ if(sig_check != VERIFIED)
+ throw Decoding_Error("PKCS #10 request: Bad signature detected");
+ }
+
+/*************************************************
+* Handle attributes in a PKCS #10 request *
+*************************************************/
+void PKCS10_Request::handle_attribute(const Attribute& attr)
+ {
+ BER_Decoder value(attr.parameters);
+
+ if(attr.oid == OIDS::lookup("PKCS9.EmailAddress"))
+ {
+ ASN1_String email;
+ BER::decode(value, email);
+ subject_alt.add_attribute("RFC822", email.value());
+ }
+ else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword"))
+ {
+ ASN1_String challenge_password;
+ BER::decode(value, challenge_password);
+ challenge = challenge_password.value();
+ }
+ else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest"))
+ {
+ BER_Decoder sequence = BER::get_subsequence(value);
+
+ while(sequence.more_items())
+ {
+ Extension extn;
+ BER::decode(sequence, extn);
+ handle_v3_extension(extn);
+ }
+ sequence.verify_end();
+ }
+ }
+
+/*************************************************
+* Decode a requested X.509v3 extension *
+*************************************************/
+void PKCS10_Request::handle_v3_extension(const Extension& extn)
+ {
+ BER_Decoder value(extn.value);
+
+ if(extn.oid == OIDS::lookup("X509v3.KeyUsage"))
+ BER::decode(value, constraints_value);
+ else if(extn.oid == OIDS::lookup("X509v3.ExtendedKeyUsage"))
+ {
+ BER_Decoder key_usage = BER::get_subsequence(value);
+ while(key_usage.more_items())
+ {
+ OID usage_oid;
+ BER::decode(key_usage, usage_oid);
+ ex_constraints_list.push_back(usage_oid);
+ }
+ }
+ else if(extn.oid == OIDS::lookup("X509v3.BasicConstraints"))
+ {
+ BER_Decoder constraints = BER::get_subsequence(value);
+ BER::decode_optional(constraints, is_ca, BOOLEAN, UNIVERSAL, false);
+ BER::decode_optional(constraints, max_path_len,
+ INTEGER, UNIVERSAL, NO_CERT_PATH_LIMIT);
+ }
+ else if(extn.oid == OIDS::lookup("X509v3.SubjectAlternativeName"))
+ BER::decode(value, subject_alt);
+ else
+ return;
+
+ value.verify_end();
+ }
+
+/*************************************************
+* Return the public key of the requestor *
+*************************************************/
+MemoryVector<byte> PKCS10_Request::raw_public_key() const
+ {
+ return pub_key;
+ }
+
+/*************************************************
+* Return the public key of the requestor *
+*************************************************/
+X509_PublicKey* PKCS10_Request::subject_public_key() const
+ {
+ return X509::load_key(pub_key);
+ }
+
+/*************************************************
+* Return the name of the requestor *
+*************************************************/
+X509_DN PKCS10_Request::subject_dn() const
+ {
+ return dn;
+ }
+
+/*************************************************
+* Return the alternative names of the requestor *
+*************************************************/
+AlternativeName PKCS10_Request::subject_alt_name() const
+ {
+ return subject_alt;
+ }
+
+/*************************************************
+* Return the challenge password (if any) *
+*************************************************/
+std::string PKCS10_Request::challenge_password() const
+ {
+ return challenge;
+ }
+
+/*************************************************
+* Return the key constraints (if any) *
+*************************************************/
+Key_Constraints PKCS10_Request::constraints() const
+ {
+ return constraints_value;
+ }
+
+/*************************************************
+* Return the extendend key constraints (if any) *
+*************************************************/
+std::vector<OID> PKCS10_Request::ex_constraints() const
+ {
+ return ex_constraints_list;
+ }
+
+/*************************************************
+* Return is a CA certificate is requested *
+*************************************************/
+bool PKCS10_Request::is_CA() const
+ {
+ return is_ca;
+ }
+
+/*************************************************
+* Return the desired path limit (if any) *
+*************************************************/
+u32bit PKCS10_Request::path_limit() const
+ {
+ return max_path_len;
+ }
+
+}
diff --git a/src/pkcs5.cpp b/src/pkcs5.cpp
new file mode 100644
index 000000000..fb47b9942
--- /dev/null
+++ b/src/pkcs5.cpp
@@ -0,0 +1,124 @@
+/*************************************************
+* PKCS #5 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pkcs5.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+#include <botan/hmac.h>
+#include <algorithm>
+#include <memory>
+
+namespace Botan {
+
+/*************************************************
+* Return a PKCS#5 PBKDF1 derived key *
+*************************************************/
+OctetString PKCS5_PBKDF1::derive(u32bit key_len,
+ const std::string& passphrase,
+ const byte salt[], u32bit salt_size,
+ u32bit iterations) const
+ {
+ if(iterations == 0)
+ throw Invalid_Argument("PKCS#5 PBKDF1: Invalid iteration count");
+
+ std::auto_ptr<HashFunction> hash(get_hash(hash_name));
+ if(key_len > hash->OUTPUT_LENGTH)
+ throw Exception("PKCS#5 PBKDF1: Requested output length too long");
+
+ hash->update(passphrase);
+ hash->update(salt, salt_size);
+ SecureVector<byte> key = hash->final();
+
+ for(u32bit j = 1; j != iterations; ++j)
+ {
+ hash->update(key);
+ hash->final(key);
+ }
+
+ return OctetString(key, std::min(key_len, key.size()));
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string PKCS5_PBKDF1::name() const
+ {
+ return "PBKDF1(" + hash_name + ")";
+ }
+
+/*************************************************
+* PKCS5_PBKDF1 Constructor *
+*************************************************/
+PKCS5_PBKDF1::PKCS5_PBKDF1(const std::string& h_name) : hash_name(h_name)
+ {
+ if(!have_hash(hash_name))
+ throw Algorithm_Not_Found(hash_name);
+ }
+
+/*************************************************
+* Return a PKCS#5 PBKDF2 derived key *
+*************************************************/
+OctetString PKCS5_PBKDF2::derive(u32bit key_len,
+ const std::string& passphrase,
+ const byte salt[], u32bit salt_size,
+ u32bit iterations) const
+ {
+ if(iterations == 0)
+ throw Invalid_Argument("PKCS#5 PBKDF2: Invalid iteration count");
+
+ if(passphrase.length() == 0)
+ throw Invalid_Argument("PKCS#5 PBKDF2: Empty passphrase is invalid");
+
+ HMAC hmac(hash_name);
+ hmac.set_key((const byte*)passphrase.c_str(), passphrase.length());
+ SecureVector<byte> key(key_len);
+
+ byte* T = key.begin();
+
+ u32bit counter = 1;
+ while(key_len)
+ {
+ u32bit T_size = std::min(hmac.OUTPUT_LENGTH, key_len);
+ SecureVector<byte> U(hmac.OUTPUT_LENGTH);
+
+ hmac.update(salt, salt_size);
+ for(u32bit j = 0; j != 4; ++j)
+ hmac.update(get_byte(j, counter));
+ hmac.final(U);
+ xor_buf(T, U, T_size);
+
+ for(u32bit j = 1; j != iterations; ++j)
+ {
+ hmac.update(U);
+ hmac.final(U);
+ xor_buf(T, U, T_size);
+ }
+
+ key_len -= T_size;
+ T += T_size;
+ ++counter;
+ }
+
+ return key;
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string PKCS5_PBKDF2::name() const
+ {
+ return "PBKDF2(" + hash_name + ")";
+ }
+
+/*************************************************
+* PKCS5_PBKDF2 Constructor *
+*************************************************/
+PKCS5_PBKDF2::PKCS5_PBKDF2(const std::string& h_name) : hash_name(h_name)
+ {
+ if(!have_hash(hash_name))
+ throw Algorithm_Not_Found(hash_name);
+ }
+
+}
diff --git a/src/pkcs8.cpp b/src/pkcs8.cpp
new file mode 100644
index 000000000..2888774dd
--- /dev/null
+++ b/src/pkcs8.cpp
@@ -0,0 +1,294 @@
+/*************************************************
+* PKCS #8 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pkcs8.h>
+#include <botan/asn1_obj.h>
+#include <botan/pk_algs.h>
+#include <botan/conf.h>
+#include <botan/oids.h>
+#include <botan/pem.h>
+#include <botan/pbe.h>
+#include <memory>
+
+namespace Botan {
+
+namespace PKCS8 {
+
+namespace {
+
+/*************************************************
+* Get info from an EncryptedPrivateKeyInfo *
+*************************************************/
+SecureVector<byte> PKCS8_extract(DataSource& source,
+ AlgorithmIdentifier& alg_id)
+ {
+ SecureVector<byte> enc_pkcs8_key;
+
+ try {
+ BER_Decoder decoder(source);
+ BER_Decoder sequence = BER::get_subsequence(decoder);
+ BER::decode(sequence, alg_id);
+ sequence.decode(enc_pkcs8_key, OCTET_STRING);
+ sequence.verify_end();
+ }
+ catch(Decoding_Error)
+ {
+ throw PKCS8_Exception("Private key decoding failed");
+ }
+
+ return enc_pkcs8_key;
+ }
+
+/*************************************************
+* PEM decode and/or decrypt a private key *
+*************************************************/
+SecureVector<byte> PKCS8_decode(DataSource& source, const User_Interface& ui,
+ AlgorithmIdentifier& pk_alg_id)
+ {
+ AlgorithmIdentifier pbe_alg_id;
+ SecureVector<byte> key_data, key;
+ bool is_encrypted = true;
+
+ try {
+ if(ASN1::maybe_BER(source) && !PEM_Code::matches(source))
+ key_data = PKCS8_extract(source, pbe_alg_id);
+ else
+ {
+ std::string label;
+ key_data = PEM_Code::decode(source, label);
+ if(label == "PRIVATE KEY")
+ is_encrypted = false;
+ else if(label == "ENCRYPTED PRIVATE KEY")
+ {
+ DataSource_Memory key_source(key_data);
+ key_data = PKCS8_extract(key_source, pbe_alg_id);
+ }
+ else
+ throw PKCS8_Exception("Unknown PEM label " + label);
+ }
+
+ if(key_data.is_empty())
+ throw PKCS8_Exception("No key data found");
+ }
+ catch(Decoding_Error)
+ {
+ throw Decoding_Error("PKCS #8 private key decoding failed");
+ }
+
+ if(!is_encrypted)
+ key = key_data;
+
+ const u32bit max_tries = Config::get_u32bit("base/pkcs8_tries");
+ u32bit tries = 0;
+ while(true)
+ {
+ try {
+ if(max_tries && tries >= max_tries)
+ break;
+
+ if(is_encrypted)
+ {
+ DataSource_Memory params(pbe_alg_id.parameters);
+ PBE* pbe = get_pbe(pbe_alg_id.oid, params);
+
+ User_Interface::UI_Result result = User_Interface::OK;
+ const std::string passphrase =
+ ui.get_passphrase("PKCS #8 private key", source.id(), result);
+
+ if(result == User_Interface::CANCEL_ACTION)
+ break;
+
+ pbe->set_key(passphrase);
+ Pipe decryptor(pbe);
+ decryptor.process_msg(key_data, key_data.size());
+ key = decryptor.read_all();
+ }
+
+ u32bit version;
+ BER_Decoder decoder(key);
+ BER_Decoder sequence = BER::get_subsequence(decoder);
+ sequence.decode(version);
+ if(version != 0)
+ throw Decoding_Error("PKCS #8: Unknown version number");
+
+ BER::decode(sequence, pk_alg_id);
+ sequence.decode(key, OCTET_STRING);
+ sequence.discard_remaining();
+ sequence.verify_end();
+
+ break;
+ }
+ catch(Decoding_Error)
+ {
+ ++tries;
+ }
+ }
+
+ if(key.is_empty())
+ throw Decoding_Error("PKCS #8 private key decoding failed");
+ return key;
+ }
+
+}
+
+/*************************************************
+* DER or PEM encode a PKCS #8 private key *
+*************************************************/
+void encode(const PKCS8_PrivateKey& key, Pipe& pipe, X509_Encoding encoding)
+ {
+ const u32bit PKCS8_VERSION = 0;
+
+ AlgorithmIdentifier alg_id(key.get_oid(), key.DER_encode_params());
+
+ SecureVector<byte> contents =
+ DER_Encoder()
+ .start_sequence()
+ .encode(PKCS8_VERSION)
+ .encode(alg_id)
+ .encode(key.DER_encode_priv(), OCTET_STRING)
+ .end_sequence()
+ .get_contents();
+
+ if(encoding == PEM)
+ pipe.write(PEM_Code::encode(contents, "PRIVATE KEY"));
+ else
+ pipe.write(contents);
+ }
+
+/*************************************************
+* Encode and encrypt a PKCS #8 private key *
+*************************************************/
+void encrypt_key(const PKCS8_PrivateKey& key, Pipe& pipe,
+ const std::string& pass, const std::string& pbe_algo,
+ X509_Encoding encoding)
+ {
+ const std::string DEFAULT_PBE = Config::get_string("base/default_pbe");
+
+ Pipe raw_key;
+ raw_key.start_msg();
+ encode(key, raw_key, RAW_BER);
+ raw_key.end_msg();
+
+ PBE* pbe = get_pbe(((pbe_algo != "") ? pbe_algo : DEFAULT_PBE));
+ pbe->set_key(pass);
+
+ Pipe key_encrytor(pbe);
+ key_encrytor.process_msg(raw_key);
+
+ SecureVector<byte> enc_key =
+ DER_Encoder()
+ .start_sequence()
+ .encode(AlgorithmIdentifier(pbe->get_oid(), pbe->encode_params()))
+ .encode(key_encrytor.read_all(), OCTET_STRING)
+ .end_sequence()
+ .get_contents();
+
+ if(encoding == PEM)
+ pipe.write(PEM_Code::encode(enc_key, "ENCRYPTED PRIVATE KEY"));
+ else
+ pipe.write(enc_key);
+ }
+
+/*************************************************
+* PEM encode a PKCS #8 private key *
+*************************************************/
+std::string PEM_encode(const PKCS8_PrivateKey& key)
+ {
+ Pipe pem;
+ pem.start_msg();
+ encode(key, pem, PEM);
+ pem.end_msg();
+ return pem.read_all_as_string();
+ }
+
+/*************************************************
+* Encrypt and PEM encode a PKCS #8 private key *
+*************************************************/
+std::string PEM_encode(const PKCS8_PrivateKey& key, const std::string& pass,
+ const std::string& pbe_algo)
+ {
+ if(pass == "")
+ return PEM_encode(key);
+
+ Pipe pem;
+ pem.start_msg();
+ encrypt_key(key, pem, pass, pbe_algo, PEM);
+ pem.end_msg();
+ return pem.read_all_as_string();
+ }
+
+/*************************************************
+* Extract a private key and return it *
+*************************************************/
+PKCS8_PrivateKey* load_key(DataSource& source, const User_Interface& ui)
+ {
+ AlgorithmIdentifier alg_id;
+
+ SecureVector<byte> pkcs8_key = PKCS8_decode(source, ui, alg_id);
+
+ const std::string alg_name = OIDS::lookup(alg_id.oid);
+ if(alg_name == "" || alg_name == alg_id.oid.as_string())
+ throw PKCS8_Exception("Unknown algorithm OID: " +
+ alg_id.oid.as_string());
+
+ std::auto_ptr<PKCS8_PrivateKey> key(get_private_key(alg_name));
+
+ if(!key.get())
+ throw PKCS8_Exception("Unknown PK algorithm/OID: " + alg_name + ", " +
+ alg_id.oid.as_string());
+
+ Pipe output;
+ output.process_msg(alg_id.parameters);
+ output.process_msg(pkcs8_key);
+ key->BER_decode_params(output);
+ output.set_default_msg(1);
+ key->BER_decode_priv(output);
+
+ return key.release();
+ }
+
+/*************************************************
+* Extract a private key and return it *
+*************************************************/
+PKCS8_PrivateKey* load_key(const std::string& fsname, const User_Interface& ui)
+ {
+ DataSource_Stream source(fsname, true);
+ return PKCS8::load_key(source, ui);
+ }
+
+/*************************************************
+* Extract a private key and return it *
+*************************************************/
+PKCS8_PrivateKey* load_key(DataSource& source, const std::string& pass)
+ {
+ return PKCS8::load_key(source, User_Interface(pass));
+ }
+
+/*************************************************
+* Extract a private key and return it *
+*************************************************/
+PKCS8_PrivateKey* load_key(const std::string& fsname, const std::string& pass)
+ {
+ return PKCS8::load_key(fsname, User_Interface(pass));
+ }
+
+/*************************************************
+* Make a copy of this private key *
+*************************************************/
+PKCS8_PrivateKey* copy_key(const PKCS8_PrivateKey& key)
+ {
+ Pipe bits;
+
+ bits.start_msg();
+ PKCS8::encode(key, bits);
+ bits.end_msg();
+
+ DataSource_Memory source(bits.read_all());
+ return PKCS8::load_key(source);
+ }
+
+}
+
+}
diff --git a/src/policy.cpp b/src/policy.cpp
new file mode 100644
index 000000000..72f751560
--- /dev/null
+++ b/src/policy.cpp
@@ -0,0 +1,374 @@
+/*************************************************
+* Default Policy Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/libstate.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* OID loading helper function *
+*************************************************/
+void add_oid(Library_State* state,
+ const std::string& oid_str,
+ const std::string& name)
+ {
+ if(!state->option_set("oid2str", oid_str))
+ state->set_option("oid2str", oid_str, name);
+ if(!state->option_set("str2oid", name))
+ state->set_option("str2oid", name, oid_str);
+ }
+
+/*************************************************
+* Load all of the default OIDs *
+*************************************************/
+void set_default_oids(Library_State* state)
+ {
+ add_oid(state, "1.2.840.113549.1.1.1", "RSA");
+ add_oid(state, "2.5.8.1.1", "RSA");
+ add_oid(state, "1.2.840.10040.4.1", "DSA");
+ add_oid(state, "1.2.840.10046.2.1", "DH");
+ add_oid(state, "1.3.6.1.4.1.3029.1.2.1", "ELG");
+
+ add_oid(state, "1.3.14.3.2.7", "DES/CBC");
+ add_oid(state, "1.2.840.113549.3.7", "TripleDES/CBC");
+ add_oid(state, "1.2.840.113549.3.2", "RC2/CBC");
+ add_oid(state, "1.2.840.113533.7.66.10", "CAST-128/CBC");
+ add_oid(state, "2.16.840.1.101.3.4.1.2", "AES-128/CBC");
+ add_oid(state, "2.16.840.1.101.3.4.1.22", "AES-192/CBC");
+ add_oid(state, "2.16.840.1.101.3.4.1.42", "AES-256/CBC");
+
+ add_oid(state, "1.2.840.113549.2.5", "MD5");
+ add_oid(state, "1.3.14.3.2.26", "SHA-160");
+ add_oid(state, "1.3.6.1.4.1.11591.12.2", "Tiger(24,3)");
+
+ add_oid(state, "1.2.840.113549.1.9.16.3.6", "KeyWrap.TripleDES");
+ add_oid(state, "1.2.840.113549.1.9.16.3.7", "KeyWrap.RC2");
+ add_oid(state, "1.2.840.113533.7.66.15", "KeyWrap.CAST-128");
+ add_oid(state, "2.16.840.1.101.3.4.1.5", "KeyWrap.AES-128");
+ add_oid(state, "2.16.840.1.101.3.4.1.25", "KeyWrap.AES-192");
+ add_oid(state, "2.16.840.1.101.3.4.1.45", "KeyWrap.AES-256");
+
+ add_oid(state, "1.2.840.113549.1.9.16.3.8", "Compression.Zlib");
+
+ add_oid(state, "1.2.840.113549.1.1.1", "RSA/EME-PKCS1-v1_5");
+ add_oid(state, "1.2.840.113549.1.1.2", "RSA/EMSA3(MD2)");
+ add_oid(state, "1.2.840.113549.1.1.4", "RSA/EMSA3(MD5)");
+ add_oid(state, "1.2.840.113549.1.1.5", "RSA/EMSA3(SHA-160)");
+ add_oid(state, "1.2.840.113549.1.1.11", "RSA/EMSA3(SHA-256)");
+ add_oid(state, "1.2.840.113549.1.1.12", "RSA/EMSA3(SHA-384)");
+ add_oid(state, "1.2.840.113549.1.1.13", "RSA/EMSA3(SHA-512)");
+ add_oid(state, "1.3.36.3.3.1.2", "RSA/EMSA3(RIPEMD-160)");
+ add_oid(state, "1.2.840.10040.4.3", "DSA/EMSA1(SHA-160)");
+
+ add_oid(state, "2.5.4.3", "X520.CommonName");
+ add_oid(state, "2.5.4.4", "X520.Surname");
+ add_oid(state, "2.5.4.5", "X520.SerialNumber");
+ add_oid(state, "2.5.4.6", "X520.Country");
+ add_oid(state, "2.5.4.7", "X520.Locality");
+ add_oid(state, "2.5.4.8", "X520.State");
+ add_oid(state, "2.5.4.10", "X520.Organization");
+ add_oid(state, "2.5.4.11", "X520.OrganizationalUnit");
+ add_oid(state, "2.5.4.12", "X520.Title");
+ add_oid(state, "2.5.4.42", "X520.GivenName");
+ add_oid(state, "2.5.4.43", "X520.Initials");
+ add_oid(state, "2.5.4.44", "X520.GenerationalQualifier");
+ add_oid(state, "2.5.4.46", "X520.DNQualifier");
+ add_oid(state, "2.5.4.65", "X520.Pseudonym");
+
+ add_oid(state, "1.2.840.113549.1.5.12", "PKCS5.PBKDF2");
+ add_oid(state, "1.2.840.113549.1.5.1", "PBE-PKCS5v15(MD2,DES/CBC)");
+ add_oid(state, "1.2.840.113549.1.5.4", "PBE-PKCS5v15(MD2,RC2/CBC)");
+ add_oid(state, "1.2.840.113549.1.5.3", "PBE-PKCS5v15(MD5,DES/CBC)");
+ add_oid(state, "1.2.840.113549.1.5.6", "PBE-PKCS5v15(MD5,RC2/CBC)");
+ add_oid(state, "1.2.840.113549.1.5.10", "PBE-PKCS5v15(SHA-160,DES/CBC)");
+ add_oid(state, "1.2.840.113549.1.5.11", "PBE-PKCS5v15(SHA-160,RC2/CBC)");
+ add_oid(state, "1.2.840.113549.1.5.13", "PBE-PKCS5v20");
+
+ add_oid(state, "1.2.840.113549.1.9.1", "PKCS9.EmailAddress");
+ add_oid(state, "1.2.840.113549.1.9.2", "PKCS9.UnstructuredName");
+ add_oid(state, "1.2.840.113549.1.9.3", "PKCS9.ContentType");
+ add_oid(state, "1.2.840.113549.1.9.4", "PKCS9.MessageDigest");
+ add_oid(state, "1.2.840.113549.1.9.7", "PKCS9.ChallengePassword");
+ add_oid(state, "1.2.840.113549.1.9.14", "PKCS9.ExtensionRequest");
+
+ add_oid(state, "1.2.840.113549.1.7.1", "CMS.DataContent");
+ add_oid(state, "1.2.840.113549.1.7.2", "CMS.SignedData");
+ add_oid(state, "1.2.840.113549.1.7.3", "CMS.EnvelopedData");
+ add_oid(state, "1.2.840.113549.1.7.5", "CMS.DigestedData");
+ add_oid(state, "1.2.840.113549.1.7.6", "CMS.EncryptedData");
+ add_oid(state, "1.2.840.113549.1.9.16.1.2", "CMS.AuthenticatedData");
+ add_oid(state, "1.2.840.113549.1.9.16.1.9", "CMS.CompressedData");
+
+ add_oid(state, "2.5.29.14", "X509v3.SubjectKeyIdentifier");
+ add_oid(state, "2.5.29.15", "X509v3.KeyUsage");
+ add_oid(state, "2.5.29.17", "X509v3.SubjectAlternativeName");
+ add_oid(state, "2.5.29.18", "X509v3.IssuerAlternativeName");
+ add_oid(state, "2.5.29.19", "X509v3.BasicConstraints");
+ add_oid(state, "2.5.29.20", "X509v3.CRLNumber");
+ add_oid(state, "2.5.29.21", "X509v3.ReasonCode");
+ add_oid(state, "2.5.29.23", "X509v3.HoldInstructionCode");
+ add_oid(state, "2.5.29.24", "X509v3.InvalidityDate");
+ add_oid(state, "2.5.29.32", "X509v3.CertificatePolicies");
+ add_oid(state, "2.5.29.35", "X509v3.AuthorityKeyIdentifier");
+ add_oid(state, "2.5.29.36", "X509v3.PolicyConstraints");
+ add_oid(state, "2.5.29.37", "X509v3.ExtendedKeyUsage");
+
+ add_oid(state, "2.5.29.32.0", "X509v3.AnyPolicy");
+
+ add_oid(state, "1.3.6.1.5.5.7.3.1", "PKIX.ServerAuth");
+ add_oid(state, "1.3.6.1.5.5.7.3.2", "PKIX.ClientAuth");
+ add_oid(state, "1.3.6.1.5.5.7.3.3", "PKIX.CodeSigning");
+ add_oid(state, "1.3.6.1.5.5.7.3.4", "PKIX.EmailProtection");
+ add_oid(state, "1.3.6.1.5.5.7.3.5", "PKIX.IPsecEndSystem");
+ add_oid(state, "1.3.6.1.5.5.7.3.6", "PKIX.IPsecTunnel");
+ add_oid(state, "1.3.6.1.5.5.7.3.7", "PKIX.IPsecUser");
+ add_oid(state, "1.3.6.1.5.5.7.3.8", "PKIX.TimeStamping");
+ add_oid(state, "1.3.6.1.5.5.7.3.9", "PKIX.OCSPSigning");
+
+ add_oid(state, "1.3.6.1.5.5.7.8.5", "PKIX.XMPPAddr");
+ }
+
+/*************************************************
+* Set the default algorithm aliases *
+*************************************************/
+void set_default_aliases(Library_State* state)
+ {
+ state->set_option("alias", "OpenPGP.Cipher.1", "IDEA");
+ state->set_option("alias", "OpenPGP.Cipher.2", "TripleDES");
+ state->set_option("alias", "OpenPGP.Cipher.3", "CAST-128");
+ state->set_option("alias", "OpenPGP.Cipher.4", "Blowfish");
+ state->set_option("alias", "OpenPGP.Cipher.5", "SAFER-SK(13)");
+ state->set_option("alias", "OpenPGP.Cipher.7", "AES-128");
+ state->set_option("alias", "OpenPGP.Cipher.8", "AES-192");
+ state->set_option("alias", "OpenPGP.Cipher.9", "AES-256");
+ state->set_option("alias", "OpenPGP.Cipher.10", "Twofish");
+
+ state->set_option("alias", "OpenPGP.Digest.1", "MD5");
+ state->set_option("alias", "OpenPGP.Digest.2", "SHA-1");
+ state->set_option("alias", "OpenPGP.Digest.3", "RIPEMD-160");
+ state->set_option("alias", "OpenPGP.Digest.5", "MD2");
+ state->set_option("alias", "OpenPGP.Digest.6", "Tiger(24,3)");
+ state->set_option("alias", "OpenPGP.Digest.7", "HAVAL(20,5)");
+ state->set_option("alias", "OpenPGP.Digest.8", "SHA-256");
+
+ state->set_option("alias", "TLS.Digest.0", "Parallel(MD5,SHA-160)");
+
+ state->set_option("alias", "EME-PKCS1-v1_5", "PKCS1v15");
+ state->set_option("alias", "OAEP-MGF1", "EME1");
+ state->set_option("alias", "EME-OAEP", "EME1");
+ state->set_option("alias", "X9.31", "EMSA2");
+ state->set_option("alias", "EMSA-PKCS1-v1_5", "EMSA3");
+ state->set_option("alias", "PSS-MGF1", "EMSA4");
+ state->set_option("alias", "EMSA-PSS", "EMSA4");
+
+ state->set_option("alias", "Rijndael", "AES");
+ state->set_option("alias", "3DES", "TripleDES");
+ state->set_option("alias", "DES-EDE", "TripleDES");
+ state->set_option("alias", "CAST5", "CAST-128");
+ state->set_option("alias", "SHA1", "SHA-160");
+ state->set_option("alias", "SHA-1", "SHA-160");
+ state->set_option("alias", "SEAL", "SEAL-3.0-BE");
+ state->set_option("alias", "MARK-4", "ARC4(256)");
+ state->set_option("alias", "OMAC", "CMAC");
+ }
+
+/*************************************************
+* Set the default configuration toggles *
+*************************************************/
+void set_default_config(Library_State* state)
+ {
+ state->set_option("conf", "base/memory_chunk", "64*1024");
+ state->set_option("conf", "base/pkcs8_tries", "3");
+ state->set_option("conf", "base/default_pbe",
+ "PBE-PKCS5v20(SHA-1,TripleDES/CBC)");
+ state->set_option("conf", "base/default_allocator", "malloc");
+
+ state->set_option("conf", "pk/blinder_size", "64");
+ state->set_option("conf", "pk/test/public", "basic");
+ state->set_option("conf", "pk/test/private", "basic");
+ state->set_option("conf", "pk/test/private_gen", "all");
+
+ state->set_option("conf", "pem/search", "4*1024");
+ state->set_option("conf", "pem/forgive", "8");
+ state->set_option("conf", "pem/width", "64");
+
+ state->set_option("conf", "rng/min_entropy", "256", false);
+ state->set_option("conf", "rng/ms_capi_prov_type", "INTEL_SEC:RSA_FULL");
+ state->set_option("conf", "rng/unix_path", "/usr/ucb:/usr/etc:/etc");
+ state->set_option("conf", "rng/es_files", "/dev/urandom:/dev/random");
+ state->set_option("conf", "rng/egd_path",
+ "/var/run/egd-pool:/dev/egd-pool");
+ state->set_option("conf", "rng/slow_poll_request", "256");
+ state->set_option("conf", "rng/fast_poll_request", "64");
+
+ state->set_option("conf", "x509/validity_slack", "24h");
+ state->set_option("conf", "x509/v1_assume_ca", "false");
+ state->set_option("conf", "x509/cache_verify_results", "30m");
+
+ state->set_option("conf", "x509/ca/allow_ca", "false");
+ state->set_option("conf", "x509/ca/basic_constraints", "always");
+ state->set_option("conf", "x509/ca/default_expire", "1y");
+ state->set_option("conf", "x509/ca/signing_offset", "30s");
+ state->set_option("conf", "x509/ca/rsa_hash", "SHA-1");
+ state->set_option("conf", "x509/ca/str_type", "latin1");
+
+ state->set_option("conf", "x509/crl/unknown_critical", "ignore");
+ state->set_option("conf", "x509/crl/next_update", "7d");
+
+ state->set_option("conf", "x509/exts/basic_constraints", "critical");
+ state->set_option("conf", "x509/exts/subject_key_id", "yes");
+ state->set_option("conf", "x509/exts/authority_key_id", "yes");
+ state->set_option("conf", "x509/exts/subject_alternative_name", "yes");
+ state->set_option("conf", "x509/exts/issuer_alternative_name", "no");
+ state->set_option("conf", "x509/exts/key_usage", "critical");
+ state->set_option("conf", "x509/exts/extended_key_usage", "yes");
+ state->set_option("conf", "x509/exts/crl_number", "yes");
+
+ }
+
+/*************************************************
+* Set the built-in discrete log groups *
+*************************************************/
+void set_default_dl_groups(Library_State* state)
+ {
+ state->set_option("dl", "modp/ietf/768",
+ "-----BEGIN X942 DH PARAMETERS-----"
+ "MIHIAmEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxObIlFK"
+ "CHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjo2IP//"
+ "////////AgECAmB//////////+SH7VEQtGEaYmMxRcBuDmiUgScERTPmOgEF31Md"
+ "ic2RKKUEPMcaAm73yozZ5p0hjZgVhTb5L4obp/Catrao4SLyQtq7MS8/Y3omIXTT"
+ "HRsQf/////////8="
+ "-----END X942 DH PARAMETERS-----");
+
+ state->set_option("dl", "modp/ietf/1024",
+ "-----BEGIN X942 DH PARAMETERS-----"
+ "MIIBCgKBgQD//////////8kP2qIhaMI0xMZii4DcHNEpAk4IimfMdAILvqY7E5si"
+ "UUoIeY40BN3vlRmzzTpDGzArCm3yXxQ3T+E1bW1RwkXkhbV2Yl5+xvRMQummN+1r"
+ "C/9ctvQGt+3uOGv7Womfpa6fJBF8Sx/mSShmUezmU4H//////////wIBAgKBgH//"
+ "////////5IftURC0YRpiYzFFwG4OaJSBJwRFM+Y6AQXfUx2JzZEopQQ8xxoCbvfK"
+ "jNnmnSGNmBWFNvkvihun8Jq2tqjhIvJC2rsxLz9jeiYhdNMb9rWF/65begNb9vcc"
+ "Nf2tRM/S10+SCL4lj/MklDMo9nMpwP//////////"
+ "-----END X942 DH PARAMETERS-----");
+
+ state->set_option("dl", "modp/ietf/1536",
+ "-----BEGIN X942 DH PARAMETERS-----"
+ "MIIBigKBwQD//////////8kP2qIhaMI0xMZii4DcHNEpAk4IimfMdAILvqY7E5si"
+ "UUoIeY40BN3vlRmzzTpDGzArCm3yXxQ3T+E1bW1RwkXkhbV2Yl5+xvRMQummN+1r"
+ "C/9ctvQGt+3uOGv7Womfpa6fJBF8Sx/mSShmUezkWz3CAHy4oWO/BZjaSDYcVdOa"
+ "aRY/qP0kz1+DZV0j3KOtlhxi81YghVK7ntUpB3CWlm1nDDVOSryYBPF0bAjKI3Mn"
+ "//////////8CAQICgcB//////////+SH7VEQtGEaYmMxRcBuDmiUgScERTPmOgEF"
+ "31Mdic2RKKUEPMcaAm73yozZ5p0hjZgVhTb5L4obp/Catrao4SLyQtq7MS8/Y3om"
+ "IXTTG/a1hf+uW3oDW/b3HDX9rUTP0tdPkgi+JY/zJJQzKPZyLZ7hAD5cULHfgsxt"
+ "JBsOKunNNIsf1H6SZ6/Bsq6R7lHWyw4xeasQQqldz2qUg7hLSzazhhqnJV5MAni6"
+ "NgRlEbmT//////////8="
+ "-----END X942 DH PARAMETERS-----");
+
+ state->set_option("dl", "modp/ietf/2048",
+ "-----BEGIN X942 DH PARAMETERS-----"
+ "MIICDAKCAQEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb"
+ "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft"
+ "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT"
+ "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh"
+ "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq"
+ "5RXSJhiY+gUQFXKOWoqsqmj//////////wIBAgKCAQB//////////+SH7VEQtGEa"
+ "YmMxRcBuDmiUgScERTPmOgEF31Mdic2RKKUEPMcaAm73yozZ5p0hjZgVhTb5L4ob"
+ "p/Catrao4SLyQtq7MS8/Y3omIXTTG/a1hf+uW3oDW/b3HDX9rUTP0tdPkgi+JY/z"
+ "JJQzKPZyLZ7hAD5cULHfgsxtJBsOKunNNIsf1H6SZ6/Bsq6R7lHWyw4xeasQQqld"
+ "z2qUg7hLSzazhhqnJV5MAni6NgRlDBC+GUgvIxcbZx3xzzuWDAdDAc2TwdF2A9FH"
+ "2uKu+DemKWTvFeX7SqwLjBzKpL51SrVyiukTDEx9AogKuUctRVZVNH//////////"
+ "-----END X942 DH PARAMETERS-----");
+
+ state->set_option("dl", "modp/ietf/3072",
+ "-----BEGIN X942 DH PARAMETERS-----"
+ "MIIDDAKCAYEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb"
+ "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft"
+ "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT"
+ "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh"
+ "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq"
+ "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM"
+ "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq"
+ "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqTrS"
+ "yv//////////AgECAoIBgH//////////5IftURC0YRpiYzFFwG4OaJSBJwRFM+Y6"
+ "AQXfUx2JzZEopQQ8xxoCbvfKjNnmnSGNmBWFNvkvihun8Jq2tqjhIvJC2rsxLz9j"
+ "eiYhdNMb9rWF/65begNb9vccNf2tRM/S10+SCL4lj/MklDMo9nItnuEAPlxQsd+C"
+ "zG0kGw4q6c00ix/UfpJnr8GyrpHuUdbLDjF5qxBCqV3PapSDuEtLNrOGGqclXkwC"
+ "eLo2BGUMEL4ZSC8jFxtnHfHPO5YMB0MBzZPB0XYD0Ufa4q74N6YpZO8V5ftKrAuM"
+ "HMqkvnVKtXKK6RMMTH0CiAq5Ry1FVWIW1pmLhoIoPRnUKpDV745dMnZ9woIsbfeF"
+ "RXU4q66DBj7Zy4fC03DyY9X610ZthJnrj0ZKcCUSsM7ncekTDWl3NfiX/QNsxQQy"
+ "bDsBOZ9kNTIpD5WMC72QBl3wi6u9MK62O4TEYF1so3EEcSfQOnLVmKHtrf5wfohH"
+ "JcFokFSdaWV//////////w=="
+ "-----END X942 DH PARAMETERS-----");
+
+ state->set_option("dl", "modp/ietf/4096",
+ "-----BEGIN X942 DH PARAMETERS-----"
+ "MIIEDAKCAgEA///////////JD9qiIWjCNMTGYouA3BzRKQJOCIpnzHQCC76mOxOb"
+ "IlFKCHmONATd75UZs806QxswKwpt8l8UN0/hNW1tUcJF5IW1dmJefsb0TELppjft"
+ "awv/XLb0Brft7jhr+1qJn6WunyQRfEsf5kkoZlHs5Fs9wgB8uKFjvwWY2kg2HFXT"
+ "mmkWP6j9JM9fg2VdI9yjrZYcYvNWIIVSu57VKQdwlpZtZww1Tkq8mATxdGwIyhgh"
+ "fDKQXkYuNs474553LBgOhgObJ4Oi7Aeij7XFXfBvTFLJ3ivL9pVYFxg5lUl86pVq"
+ "5RXSJhiY+gUQFXKOWoqqxC2tMxcNBFB6M6hVIavfHLpk7PuFBFjb7wqK6nFXXQYM"
+ "fbOXD4Wm4eTHq/WujNsJM9cejJTgSiVhnc7j0iYa0u5r8S/6BtmKCGTYdgJzPshq"
+ "ZFIfKxgXeyAMu+EXV3phXWx3CYjAutlG4gjiT6B05asxQ9tb/OD9EI5LgtEgqSEI"
+ "ARpyPBKnh+bXiHGaEL26WyaZwycYavTiPBqUaDS2FQvaJYPpyirUTOjbu8LbBN6O"
+ "+S6O/BQfvsqmKHxZR05rwF2ZspZPoJDDoiM7oYZRW+ftH2EpcM7i16+4G912IXBI"
+ "HNAGkSfVsFqpk7TqmI2P3cGG/7fckKbAj030Nck0BjGZ//////////8CAQICggIA"
+ "f//////////kh+1RELRhGmJjMUXAbg5olIEnBEUz5joBBd9THYnNkSilBDzHGgJu"
+ "98qM2eadIY2YFYU2+S+KG6fwmra2qOEi8kLauzEvP2N6JiF00xv2tYX/rlt6A1v2"
+ "9xw1/a1Ez9LXT5IIviWP8ySUMyj2ci2e4QA+XFCx34LMbSQbDirpzTSLH9R+kmev"
+ "wbKuke5R1ssOMXmrEEKpXc9qlIO4S0s2s4YapyVeTAJ4ujYEZQwQvhlILyMXG2cd"
+ "8c87lgwHQwHNk8HRdgPRR9rirvg3pilk7xXl+0qsC4wcyqS+dUq1corpEwxMfQKI"
+ "CrlHLUVVYhbWmYuGgig9GdQqkNXvjl0ydn3Cgixt94VFdTirroMGPtnLh8LTcPJj"
+ "1frXRm2EmeuPRkpwJRKwzudx6RMNaXc1+Jf9A2zFBDJsOwE5n2Q1MikPlYwLvZAG"
+ "XfCLq70wrrY7hMRgXWyjcQRxJ9A6ctWYoe2t/nB+iEclwWiQVJCEAI05HglTw/Nr"
+ "xDjNCF7dLZNM4ZOMNXpxHg1KNBpbCoXtEsH05RVqJnRt3eFtgm9HfJdHfgoP32VT"
+ "FD4so6c14C7M2Usn0Ehh0RGd0MMorfP2j7CUuGdxa9fcDe67ELgkDmgDSJPq2C1U"
+ "ydp1TEbH7uDDf9vuSFNgR6b6GuSaAxjM//////////8="
+ "-----END X942 DH PARAMETERS-----");
+
+ state->set_option("dl", "dsa/jce/512",
+ "-----BEGIN DSA PARAMETERS-----"
+ "MIGdAkEA/KaCzo4Syrom78z3EQ5SbbB4sF7ey80etKII864WF64B81uRpH5t9jQT"
+ "xeEu0ImbzRMqzVDZkVG9xD7nN1kuFwIVAJYu3cw2nLqOuyYO5rahJtk0bjjFAkEA"
+ "3gtU76vylwh+5iPVylWIxkgo70/eT/uuHs0gBndrBbEbgeo83pvDlkwWh8UyW/Q9"
+ "fM76DQqGvl3/3dDRFD3NdQ=="
+ "-----END DSA PARAMETERS-----");
+
+ state->set_option("dl", "dsa/jce/768",
+ "-----BEGIN DSA PARAMETERS-----"
+ "MIHdAmEA6eZCWZ01XzfJf/01ZxILjiXJzUPpJ7OpZw++xdiQFBki0sOzrSSACTeZ"
+ "hp0ehGqrSfqwrSbSzmoiIZ1HC859d31KIfvpwnC1f2BwAvPO+Dk2lM9F7jaIwRqM"
+ "VqsSej2vAhUAnNvYTJ8awvOND4D0KrlS5zOL9RECYQDe7p717RUWzn5pXmcrjO5F"
+ "5s17NuDmOF+JS6hhY/bz5sbU6KgRRtQBfe/dccvZD6Akdlm4i3zByJT0gmn9Txqs"
+ "CjBTjf9rP8ds+xMcnnlltYhYqwpDtVczWRKoqlR/lWg="
+ "-----END DSA PARAMETERS-----");
+
+ state->set_option("dl", "dsa/jce/1024",
+ "-----BEGIN DSA PARAMETERS-----"
+ "MIIBHgKBgQD9f1OBHXUSKVLfSpwu7OTn9hG3UjzvRADDHj+AtlEmaUVdQCJR+1k9"
+ "jVj6v8X1ujD2y5tVbNeBO4AdNG/yZmC3a5lQpaSfn+gEexAiwk+7qdf+t8Yb+DtX"
+ "58aophUPBPuD9tPFHsMCNVQTWhaRMvZ1864rYdcq7/IiAxmd0UgBxwIVAJdgUI8V"
+ "IwvMspK5gqLrhAvwWBz1AoGARpYDUS4wJ4zTlHWV2yLuyYJqYyKtyXNE9B10DDJX"
+ "JMj577qn1NgD/4xgnc0QDrxb38+tfGpCX66nhuogUOvpg1HqH9of3yTWlHqmuaoj"
+ "dmlTgC9NfUqOy6BtGXaKJJH/sW0O+cQ6mbX3FnL/bwoktETQc20E04oaEyLa9s3Y"
+ "jJ0="
+ "-----END DSA PARAMETERS-----");
+ }
+
+}
+
+/*************************************************
+* Set the default policy *
+*************************************************/
+void Library_State::set_default_policy()
+ {
+ set_default_config(this);
+ set_default_aliases(this);
+ set_default_oids(this);
+ set_default_dl_groups(this);
+ }
+
+}
diff --git a/src/pow_mod.cpp b/src/pow_mod.cpp
new file mode 100644
index 000000000..316ed114c
--- /dev/null
+++ b/src/pow_mod.cpp
@@ -0,0 +1,155 @@
+/*************************************************
+* Modular Exponentiation Proxy Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pow_mod.h>
+#include <botan/engine.h>
+
+namespace Botan {
+
+/*************************************************
+* Power_Mod Constructor *
+*************************************************/
+Power_Mod::Power_Mod(const BigInt& n, Usage_Hints hints)
+ {
+ core = 0;
+ set_modulus(n, hints);
+ }
+
+/*************************************************
+* Power_Mod Copy Constructor *
+*************************************************/
+Power_Mod::Power_Mod(const Power_Mod& other)
+ {
+ core = 0;
+ if(other.core)
+ core = other.core->copy();
+ }
+
+/*************************************************
+* Power_Mod Assignment Operator *
+*************************************************/
+Power_Mod& Power_Mod::operator=(const Power_Mod& other)
+ {
+ delete core;
+ core = 0;
+ if(other.core)
+ core = other.core->copy();
+ return (*this);
+ }
+
+/*************************************************
+* Power_Mod Destructor *
+*************************************************/
+Power_Mod::~Power_Mod()
+ {
+ delete core;
+ }
+
+/*************************************************
+* Set the modulus *
+*************************************************/
+void Power_Mod::set_modulus(const BigInt& n, Usage_Hints hints) const
+ {
+ delete core;
+ core = ((n == 0) ? 0 : Engine_Core::mod_exp(n, hints));
+ }
+
+/*************************************************
+* Set the base *
+*************************************************/
+void Power_Mod::set_base(const BigInt& b) const
+ {
+ if(b.is_zero() || b.is_negative())
+ throw Invalid_Argument("Power_Mod::set_base: arg must be > 0");
+
+ if(!core)
+ throw Internal_Error("Power_Mod::set_base: core was NULL");
+ core->set_base(b);
+ }
+
+/*************************************************
+* Set the exponent *
+*************************************************/
+void Power_Mod::set_exponent(const BigInt& e) const
+ {
+ if(e.is_negative())
+ throw Invalid_Argument("Power_Mod::set_exponent: arg must be > 0");
+
+ if(!core)
+ throw Internal_Error("Power_Mod::set_exponent: core was NULL");
+ core->set_exponent(e);
+ }
+
+/*************************************************
+* Compute the result *
+*************************************************/
+BigInt Power_Mod::execute() const
+ {
+ if(!core)
+ throw Internal_Error("Power_Mod::execute: core was NULL");
+ return core->execute();
+ }
+
+namespace {
+
+/*************************************************
+* Choose potentially useful hints *
+*************************************************/
+Power_Mod::Usage_Hints choose_base_hints(const BigInt& b, const BigInt& n)
+ {
+ if(b == 2)
+ return Power_Mod::Usage_Hints(Power_Mod::BASE_IS_2 |
+ Power_Mod::BASE_IS_SMALL);
+
+ const u32bit b_bits = b.bits();
+ const u32bit n_bits = n.bits();
+
+ if(b_bits < n_bits / 32)
+ return Power_Mod::BASE_IS_SMALL;
+ if(b_bits > n_bits / 4)
+ return Power_Mod::BASE_IS_LARGE;
+
+ return Power_Mod::NO_HINTS;
+ }
+
+/*************************************************
+* Choose potentially useful hints *
+*************************************************/
+Power_Mod::Usage_Hints choose_exp_hints(const BigInt& e, const BigInt& n)
+ {
+ const u32bit e_bits = e.bits();
+ const u32bit n_bits = n.bits();
+
+ if(e_bits < n_bits / 32)
+ return Power_Mod::BASE_IS_SMALL;
+ if(e_bits > n_bits / 4)
+ return Power_Mod::BASE_IS_LARGE;
+ return Power_Mod::NO_HINTS;
+ }
+
+}
+
+/*************************************************
+* Fixed_Exponent_Power_Mod Constructor *
+*************************************************/
+Fixed_Exponent_Power_Mod::Fixed_Exponent_Power_Mod(const BigInt& e,
+ const BigInt& n,
+ Usage_Hints hints) :
+ Power_Mod(n, Usage_Hints(hints | EXP_IS_FIXED | choose_exp_hints(e, n)))
+ {
+ set_exponent(e);
+ }
+
+/*************************************************
+* Fixed_Base_Power_Mod Constructor *
+*************************************************/
+Fixed_Base_Power_Mod::Fixed_Base_Power_Mod(const BigInt& b, const BigInt& n,
+ Usage_Hints hints) :
+ Power_Mod(n, Usage_Hints(hints | BASE_IS_FIXED | choose_base_hints(b, n)))
+ {
+ set_base(b);
+ }
+
+}
diff --git a/src/powm_fw.cpp b/src/powm_fw.cpp
new file mode 100644
index 000000000..16f9c6623
--- /dev/null
+++ b/src/powm_fw.cpp
@@ -0,0 +1,102 @@
+/*************************************************
+* Fixed Window Exponentiation Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/def_powm.h>
+#include <botan/numthry.h>
+#include <vector>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Try to choose a good window size *
+*************************************************/
+u32bit choose_window_bits(u32bit exp_bits, u32bit,
+ Power_Mod::Usage_Hints hints)
+ {
+ static const u32bit wsize[][2] = {
+ { 2048, 7 }, { 1024, 6 }, { 256, 5 }, { 128, 4 }, { 64, 3 }, { 0, 0 }
+ };
+
+ u32bit window_bits = 3;
+
+ if(exp_bits)
+ {
+ for(u32bit j = 0; wsize[j][0]; ++j)
+ {
+ if(exp_bits >= wsize[j][0])
+ {
+ window_bits += wsize[j][1];
+ break;
+ }
+ }
+ }
+
+ if(hints & Power_Mod::EXP_IS_FIXED)
+ window_bits += 2;
+ if(hints & Power_Mod::EXP_IS_LARGE)
+ window_bits += 2;
+ if(hints & Power_Mod::BASE_IS_FIXED)
+ ++window_bits;
+
+ return window_bits;
+ }
+
+}
+
+/*************************************************
+* Set the exponent *
+*************************************************/
+void Fixed_Window_Exponentiator::set_exponent(const BigInt& e)
+ {
+ exp = e;
+ }
+
+/*************************************************
+* Set the base *
+*************************************************/
+void Fixed_Window_Exponentiator::set_base(const BigInt& base)
+ {
+ window_bits = choose_window_bits(exp.bits(), base.bits(), hints);
+
+ g.resize((1 << window_bits) - 1);
+ g[0] = base;
+ for(u32bit j = 1; j != g.size(); ++j)
+ g[j] = reducer.multiply(g[j-1], g[0]);
+ }
+
+/*************************************************
+* Compute the result *
+*************************************************/
+BigInt Fixed_Window_Exponentiator::execute() const
+ {
+ const u32bit exp_nibbles = (exp.bits() + window_bits - 1) / window_bits;
+
+ BigInt x = 1;
+ for(u32bit j = exp_nibbles; j > 0; --j)
+ {
+ for(u32bit k = 0; k != window_bits; ++k)
+ x = reducer.square(x);
+
+ u32bit nibble = exp.get_substring(window_bits*(j-1), window_bits);
+ if(nibble)
+ x = reducer.multiply(x, g.at(nibble-1));
+ }
+ return x;
+ }
+
+/*************************************************
+* Fixed_Window_Exponentiator Constructor *
+*************************************************/
+Fixed_Window_Exponentiator::Fixed_Window_Exponentiator(const BigInt& n,
+ Power_Mod::Usage_Hints hints)
+ {
+ reducer = Modular_Reducer(n);
+ this->hints = hints;
+ window_bits = 0;
+ }
+
+}
diff --git a/src/powm_mnt.cpp b/src/powm_mnt.cpp
new file mode 100644
index 000000000..c90cb7e20
--- /dev/null
+++ b/src/powm_mnt.cpp
@@ -0,0 +1,174 @@
+/*************************************************
+* Montgomery Exponentiation Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/def_powm.h>
+#include <botan/numthry.h>
+#include <botan/mp_core.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Try to choose a good window size *
+*************************************************/
+u32bit choose_window_bits(u32bit exp_bits, u32bit,
+ Power_Mod::Usage_Hints hints)
+ {
+ static const u32bit wsize[][2] = {
+ { 2048, 4 }, { 1024, 3 }, { 256, 2 }, { 128, 1 }, { 0, 0 }
+ };
+
+ u32bit window_bits = 1;
+
+ if(exp_bits)
+ {
+ for(u32bit j = 0; wsize[j][0]; ++j)
+ {
+ if(exp_bits >= wsize[j][0])
+ {
+ window_bits += wsize[j][1];
+ break;
+ }
+ }
+ }
+
+ if(hints & Power_Mod::BASE_IS_FIXED)
+ window_bits += 2;
+ if(hints & Power_Mod::EXP_IS_LARGE)
+ ++window_bits;
+
+ return window_bits;
+ }
+
+}
+
+/*************************************************
+* Set the exponent *
+*************************************************/
+void Montgomery_Exponentiator::set_exponent(const BigInt& exp)
+ {
+ this->exp = exp;
+ exp_bits = exp.bits();
+ }
+
+/*************************************************
+* Set the base *
+*************************************************/
+void Montgomery_Exponentiator::set_base(const BigInt& base)
+ {
+ window_bits = choose_window_bits(exp.bits(), base.bits(), hints);
+
+ g.resize((1 << window_bits) - 1);
+
+ SecureVector<word> z(2 * (mod_words + 1));
+ SecureVector<word> workspace(z.size());
+
+ g[0] = (base >= modulus) ? (base % modulus) : base;
+ bigint_mul(z.begin(), z.size(), workspace,
+ g[0].data(), g[0].size(), g[0].sig_words(),
+ R2.data(), R2.size(), R2.sig_words());
+
+ montgomery_reduce(z.begin(), z.size(), modulus.data(), mod_words,
+ mod_prime);
+ g[0].get_reg().set(z + mod_words, mod_words + 1);
+
+ const BigInt& x = g[0];
+ const u32bit x_sig = x.sig_words();
+
+ for(u32bit j = 1; j != g.size(); ++j)
+ {
+ const BigInt& y = g[j-1];
+ const u32bit y_sig = y.sig_words();
+
+ z.clear();
+ bigint_mul(z.begin(), z.size(), workspace,
+ x.data(), x.size(), x_sig,
+ y.data(), y.size(), y_sig);
+
+ montgomery_reduce(z.begin(), z.size(), modulus.data(), mod_words,
+ mod_prime);
+
+ g[j].get_reg().set(z + mod_words, mod_words + 1);
+ }
+ }
+
+/*************************************************
+* Compute the result *
+*************************************************/
+BigInt Montgomery_Exponentiator::execute() const
+ {
+ const u32bit exp_nibbles = (exp_bits + window_bits - 1) / window_bits;
+
+ BigInt x = R_mod;
+ SecureVector<word> z(2 * (mod_words + 1));
+ SecureVector<word> workspace(2 * (mod_words + 1));
+
+ for(u32bit j = exp_nibbles; j > 0; --j)
+ {
+ for(u32bit k = 0; k != window_bits; ++k)
+ {
+ z.clear();
+ bigint_sqr(z.begin(), z.size(), workspace,
+ x.data(), x.size(), x.sig_words());
+
+ montgomery_reduce(z.begin(), z.size(), modulus.data(), mod_words,
+ mod_prime);
+ x.get_reg().set(z + mod_words, mod_words + 1);
+ }
+
+ u32bit nibble = exp.get_substring(window_bits*(j-1), window_bits);
+ if(nibble)
+ {
+ const BigInt& y = g.at(nibble-1);
+
+ z.clear();
+ bigint_mul(z.begin(), z.size(), workspace,
+ x.data(), x.size(), x.sig_words(),
+ y.data(), y.size(), y.sig_words());
+
+ montgomery_reduce(z.begin(), z.size(), modulus.data(), mod_words,
+ mod_prime);
+ x.get_reg().set(z + mod_words, mod_words + 1);
+ }
+ }
+
+ z.clear();
+ z.copy(x.data(), x.size());
+
+ montgomery_reduce(z.begin(), z.size(), modulus.data(), mod_words,
+ mod_prime);
+ x.get_reg().set(z + mod_words, mod_words + 1);
+ return x;
+ }
+
+/*************************************************
+* Montgomery_Exponentiator Constructor *
+*************************************************/
+Montgomery_Exponentiator::Montgomery_Exponentiator(const BigInt& mod,
+ Power_Mod::Usage_Hints hints)
+ {
+ if(!mod.is_positive())
+ throw Exception("Montgomery_Exponentiator: modulus must be positive");
+ if(mod.is_even())
+ throw Exception("Montgomery_Exponentiator: modulus must be odd");
+
+ window_bits = 0;
+ this->hints = hints;
+ modulus = mod;
+
+ mod_words = modulus.sig_words();
+
+ BigInt mod_prime_bn(BigInt::Power2, MP_WORD_BITS);
+ mod_prime = (mod_prime_bn - inverse_mod(modulus, mod_prime_bn)).word_at(0);
+
+ R_mod = BigInt(BigInt::Power2, MP_WORD_BITS * mod_words);
+ R_mod %= modulus;
+
+ R2 = BigInt(BigInt::Power2, 2 * MP_WORD_BITS * mod_words);
+ R2 %= modulus;
+ }
+
+}
diff --git a/src/prf_x942.cpp b/src/prf_x942.cpp
new file mode 100644
index 000000000..59a0d96c6
--- /dev/null
+++ b/src/prf_x942.cpp
@@ -0,0 +1,91 @@
+/*************************************************
+* X9.42 PRF Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/kdf.h>
+#include <botan/der_enc.h>
+#include <botan/oids.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+#include <algorithm>
+#include <memory>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Encode an integer as an OCTET STRING *
+*************************************************/
+MemoryVector<byte> encode_x942_int(u32bit n)
+ {
+ byte n_buf[4];
+ for(u32bit j = 0; j != 4; ++j)
+ n_buf[j] = get_byte(j, n);
+
+ DER_Encoder encoder;
+ encoder.encode(n_buf, 4, OCTET_STRING);
+ return encoder.get_contents();
+ }
+
+}
+
+/*************************************************
+* X9.42 PRF *
+*************************************************/
+SecureVector<byte> X942_PRF::derive(u32bit key_len,
+ const byte secret[], u32bit secret_len,
+ const byte salt[], u32bit salt_len) const
+ {
+ std::auto_ptr<HashFunction> hash(get_hash("SHA-1"));
+ const OID kek_algo(key_wrap_oid);
+
+ SecureVector<byte> key;
+ u32bit counter = 1;
+
+ while(key.size() != key_len)
+ {
+ DER_Encoder encoder;
+
+ encoder.start_sequence()
+ .start_sequence()
+ .encode(kek_algo)
+ .add_raw_octets(encode_x942_int(counter))
+ .end_sequence();
+
+ if(salt_len)
+ {
+ encoder.start_explicit(ASN1_Tag(0));
+ encoder.encode(salt, salt_len, OCTET_STRING);
+ encoder.end_explicit(ASN1_Tag(0));
+ }
+
+ encoder.start_explicit(ASN1_Tag(2))
+ .add_raw_octets(encode_x942_int(8 * key_len))
+ .end_explicit(ASN1_Tag(2))
+ .end_sequence();
+
+ hash->update(secret, secret_len);
+ hash->update(encoder.get_contents());
+ SecureVector<byte> digest = hash->final();
+ key.append(digest, std::min(digest.size(), key_len - key.size()));
+
+ ++counter;
+ }
+
+ return key;
+ }
+
+/*************************************************
+* X9.42 Constructor *
+*************************************************/
+X942_PRF::X942_PRF(const std::string& oid)
+ {
+ if(OIDS::have_oid(oid))
+ key_wrap_oid = OIDS::lookup(oid).as_string();
+ else
+ key_wrap_oid = oid;
+ }
+
+}
diff --git a/src/primes.cpp b/src/primes.cpp
new file mode 100644
index 000000000..aab422c21
--- /dev/null
+++ b/src/primes.cpp
@@ -0,0 +1,673 @@
+/*************************************************
+* Small Primes Table *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/numthry.h>
+
+namespace Botan {
+
+const u16bit PRIMES[PRIME_TABLE_SIZE+1] = {
+ 3, 5, 7, 11, 13, 17, 19, 23, 29, 31, 37,
+ 41, 43, 47, 53, 59, 61, 67, 71, 73, 79, 83,
+ 89, 97, 101, 103, 107, 109, 113, 127, 131, 137, 139,
+ 149, 151, 157, 163, 167, 173, 179, 181, 191, 193, 197,
+ 199, 211, 223, 227, 229, 233, 239, 241, 251, 257, 263,
+ 269, 271, 277, 281, 283, 293, 307, 311, 313, 317, 331,
+ 337, 347, 349, 353, 359, 367, 373, 379, 383, 389, 397,
+ 401, 409, 419, 421, 431, 433, 439, 443, 449, 457, 461,
+ 463, 467, 479, 487, 491, 499, 503, 509, 521, 523, 541,
+ 547, 557, 563, 569, 571, 577, 587, 593, 599, 601, 607,
+ 613, 617, 619, 631, 641, 643, 647, 653, 659, 661, 673,
+ 677, 683, 691, 701, 709, 719, 727, 733, 739, 743, 751,
+ 757, 761, 769, 773, 787, 797, 809, 811, 821, 823, 827,
+ 829, 839, 853, 857, 859, 863, 877, 881, 883, 887, 907,
+ 911, 919, 929, 937, 941, 947, 953, 967, 971, 977, 983,
+ 991, 997, 1009, 1013, 1019, 1021, 1031, 1033, 1039, 1049, 1051,
+ 1061, 1063, 1069, 1087, 1091, 1093, 1097, 1103, 1109, 1117, 1123,
+ 1129, 1151, 1153, 1163, 1171, 1181, 1187, 1193, 1201, 1213, 1217,
+ 1223, 1229, 1231, 1237, 1249, 1259, 1277, 1279, 1283, 1289, 1291,
+ 1297, 1301, 1303, 1307, 1319, 1321, 1327, 1361, 1367, 1373, 1381,
+ 1399, 1409, 1423, 1427, 1429, 1433, 1439, 1447, 1451, 1453, 1459,
+ 1471, 1481, 1483, 1487, 1489, 1493, 1499, 1511, 1523, 1531, 1543,
+ 1549, 1553, 1559, 1567, 1571, 1579, 1583, 1597, 1601, 1607, 1609,
+ 1613, 1619, 1621, 1627, 1637, 1657, 1663, 1667, 1669, 1693, 1697,
+ 1699, 1709, 1721, 1723, 1733, 1741, 1747, 1753, 1759, 1777, 1783,
+ 1787, 1789, 1801, 1811, 1823, 1831, 1847, 1861, 1867, 1871, 1873,
+ 1877, 1879, 1889, 1901, 1907, 1913, 1931, 1933, 1949, 1951, 1973,
+ 1979, 1987, 1993, 1997, 1999, 2003, 2011, 2017, 2027, 2029, 2039,
+ 2053, 2063, 2069, 2081, 2083, 2087, 2089, 2099, 2111, 2113, 2129,
+ 2131, 2137, 2141, 2143, 2153, 2161, 2179, 2203, 2207, 2213, 2221,
+ 2237, 2239, 2243, 2251, 2267, 2269, 2273, 2281, 2287, 2293, 2297,
+ 2309, 2311, 2333, 2339, 2341, 2347, 2351, 2357, 2371, 2377, 2381,
+ 2383, 2389, 2393, 2399, 2411, 2417, 2423, 2437, 2441, 2447, 2459,
+ 2467, 2473, 2477, 2503, 2521, 2531, 2539, 2543, 2549, 2551, 2557,
+ 2579, 2591, 2593, 2609, 2617, 2621, 2633, 2647, 2657, 2659, 2663,
+ 2671, 2677, 2683, 2687, 2689, 2693, 2699, 2707, 2711, 2713, 2719,
+ 2729, 2731, 2741, 2749, 2753, 2767, 2777, 2789, 2791, 2797, 2801,
+ 2803, 2819, 2833, 2837, 2843, 2851, 2857, 2861, 2879, 2887, 2897,
+ 2903, 2909, 2917, 2927, 2939, 2953, 2957, 2963, 2969, 2971, 2999,
+ 3001, 3011, 3019, 3023, 3037, 3041, 3049, 3061, 3067, 3079, 3083,
+ 3089, 3109, 3119, 3121, 3137, 3163, 3167, 3169, 3181, 3187, 3191,
+ 3203, 3209, 3217, 3221, 3229, 3251, 3253, 3257, 3259, 3271, 3299,
+ 3301, 3307, 3313, 3319, 3323, 3329, 3331, 3343, 3347, 3359, 3361,
+ 3371, 3373, 3389, 3391, 3407, 3413, 3433, 3449, 3457, 3461, 3463,
+ 3467, 3469, 3491, 3499, 3511, 3517, 3527, 3529, 3533, 3539, 3541,
+ 3547, 3557, 3559, 3571, 3581, 3583, 3593, 3607, 3613, 3617, 3623,
+ 3631, 3637, 3643, 3659, 3671, 3673, 3677, 3691, 3697, 3701, 3709,
+ 3719, 3727, 3733, 3739, 3761, 3767, 3769, 3779, 3793, 3797, 3803,
+ 3821, 3823, 3833, 3847, 3851, 3853, 3863, 3877, 3881, 3889, 3907,
+ 3911, 3917, 3919, 3923, 3929, 3931, 3943, 3947, 3967, 3989, 4001,
+ 4003, 4007, 4013, 4019, 4021, 4027, 4049, 4051, 4057, 4073, 4079,
+ 4091, 4093, 4099, 4111, 4127, 4129, 4133, 4139, 4153, 4157, 4159,
+ 4177, 4201, 4211, 4217, 4219, 4229, 4231, 4241, 4243, 4253, 4259,
+ 4261, 4271, 4273, 4283, 4289, 4297, 4327, 4337, 4339, 4349, 4357,
+ 4363, 4373, 4391, 4397, 4409, 4421, 4423, 4441, 4447, 4451, 4457,
+ 4463, 4481, 4483, 4493, 4507, 4513, 4517, 4519, 4523, 4547, 4549,
+ 4561, 4567, 4583, 4591, 4597, 4603, 4621, 4637, 4639, 4643, 4649,
+ 4651, 4657, 4663, 4673, 4679, 4691, 4703, 4721, 4723, 4729, 4733,
+ 4751, 4759, 4783, 4787, 4789, 4793, 4799, 4801, 4813, 4817, 4831,
+ 4861, 4871, 4877, 4889, 4903, 4909, 4919, 4931, 4933, 4937, 4943,
+ 4951, 4957, 4967, 4969, 4973, 4987, 4993, 4999, 5003, 5009, 5011,
+ 5021, 5023, 5039, 5051, 5059, 5077, 5081, 5087, 5099, 5101, 5107,
+ 5113, 5119, 5147, 5153, 5167, 5171, 5179, 5189, 5197, 5209, 5227,
+ 5231, 5233, 5237, 5261, 5273, 5279, 5281, 5297, 5303, 5309, 5323,
+ 5333, 5347, 5351, 5381, 5387, 5393, 5399, 5407, 5413, 5417, 5419,
+ 5431, 5437, 5441, 5443, 5449, 5471, 5477, 5479, 5483, 5501, 5503,
+ 5507, 5519, 5521, 5527, 5531, 5557, 5563, 5569, 5573, 5581, 5591,
+ 5623, 5639, 5641, 5647, 5651, 5653, 5657, 5659, 5669, 5683, 5689,
+ 5693, 5701, 5711, 5717, 5737, 5741, 5743, 5749, 5779, 5783, 5791,
+ 5801, 5807, 5813, 5821, 5827, 5839, 5843, 5849, 5851, 5857, 5861,
+ 5867, 5869, 5879, 5881, 5897, 5903, 5923, 5927, 5939, 5953, 5981,
+ 5987, 6007, 6011, 6029, 6037, 6043, 6047, 6053, 6067, 6073, 6079,
+ 6089, 6091, 6101, 6113, 6121, 6131, 6133, 6143, 6151, 6163, 6173,
+ 6197, 6199, 6203, 6211, 6217, 6221, 6229, 6247, 6257, 6263, 6269,
+ 6271, 6277, 6287, 6299, 6301, 6311, 6317, 6323, 6329, 6337, 6343,
+ 6353, 6359, 6361, 6367, 6373, 6379, 6389, 6397, 6421, 6427, 6449,
+ 6451, 6469, 6473, 6481, 6491, 6521, 6529, 6547, 6551, 6553, 6563,
+ 6569, 6571, 6577, 6581, 6599, 6607, 6619, 6637, 6653, 6659, 6661,
+ 6673, 6679, 6689, 6691, 6701, 6703, 6709, 6719, 6733, 6737, 6761,
+ 6763, 6779, 6781, 6791, 6793, 6803, 6823, 6827, 6829, 6833, 6841,
+ 6857, 6863, 6869, 6871, 6883, 6899, 6907, 6911, 6917, 6947, 6949,
+ 6959, 6961, 6967, 6971, 6977, 6983, 6991, 6997, 7001, 7013, 7019,
+ 7027, 7039, 7043, 7057, 7069, 7079, 7103, 7109, 7121, 7127, 7129,
+ 7151, 7159, 7177, 7187, 7193, 7207, 7211, 7213, 7219, 7229, 7237,
+ 7243, 7247, 7253, 7283, 7297, 7307, 7309, 7321, 7331, 7333, 7349,
+ 7351, 7369, 7393, 7411, 7417, 7433, 7451, 7457, 7459, 7477, 7481,
+ 7487, 7489, 7499, 7507, 7517, 7523, 7529, 7537, 7541, 7547, 7549,
+ 7559, 7561, 7573, 7577, 7583, 7589, 7591, 7603, 7607, 7621, 7639,
+ 7643, 7649, 7669, 7673, 7681, 7687, 7691, 7699, 7703, 7717, 7723,
+ 7727, 7741, 7753, 7757, 7759, 7789, 7793, 7817, 7823, 7829, 7841,
+ 7853, 7867, 7873, 7877, 7879, 7883, 7901, 7907, 7919, 7927, 7933,
+ 7937, 7949, 7951, 7963, 7993, 8009, 8011, 8017, 8039, 8053, 8059,
+ 8069, 8081, 8087, 8089, 8093, 8101, 8111, 8117, 8123, 8147, 8161,
+ 8167, 8171, 8179, 8191, 8209, 8219, 8221, 8231, 8233, 8237, 8243,
+ 8263, 8269, 8273, 8287, 8291, 8293, 8297, 8311, 8317, 8329, 8353,
+ 8363, 8369, 8377, 8387, 8389, 8419, 8423, 8429, 8431, 8443, 8447,
+ 8461, 8467, 8501, 8513, 8521, 8527, 8537, 8539, 8543, 8563, 8573,
+ 8581, 8597, 8599, 8609, 8623, 8627, 8629, 8641, 8647, 8663, 8669,
+ 8677, 8681, 8689, 8693, 8699, 8707, 8713, 8719, 8731, 8737, 8741,
+ 8747, 8753, 8761, 8779, 8783, 8803, 8807, 8819, 8821, 8831, 8837,
+ 8839, 8849, 8861, 8863, 8867, 8887, 8893, 8923, 8929, 8933, 8941,
+ 8951, 8963, 8969, 8971, 8999, 9001, 9007, 9011, 9013, 9029, 9041,
+ 9043, 9049, 9059, 9067, 9091, 9103, 9109, 9127, 9133, 9137, 9151,
+ 9157, 9161, 9173, 9181, 9187, 9199, 9203, 9209, 9221, 9227, 9239,
+ 9241, 9257, 9277, 9281, 9283, 9293, 9311, 9319, 9323, 9337, 9341,
+ 9343, 9349, 9371, 9377, 9391, 9397, 9403, 9413, 9419, 9421, 9431,
+ 9433, 9437, 9439, 9461, 9463, 9467, 9473, 9479, 9491, 9497, 9511,
+ 9521, 9533, 9539, 9547, 9551, 9587, 9601, 9613, 9619, 9623, 9629,
+ 9631, 9643, 9649, 9661, 9677, 9679, 9689, 9697, 9719, 9721, 9733,
+ 9739, 9743, 9749, 9767, 9769, 9781, 9787, 9791, 9803, 9811, 9817,
+ 9829, 9833, 9839, 9851, 9857, 9859, 9871, 9883, 9887, 9901, 9907,
+ 9923, 9929, 9931, 9941, 9949, 9967, 9973, 10007, 10009, 10037, 10039,
+10061, 10067, 10069, 10079, 10091, 10093, 10099, 10103, 10111, 10133, 10139,
+10141, 10151, 10159, 10163, 10169, 10177, 10181, 10193, 10211, 10223, 10243,
+10247, 10253, 10259, 10267, 10271, 10273, 10289, 10301, 10303, 10313, 10321,
+10331, 10333, 10337, 10343, 10357, 10369, 10391, 10399, 10427, 10429, 10433,
+10453, 10457, 10459, 10463, 10477, 10487, 10499, 10501, 10513, 10529, 10531,
+10559, 10567, 10589, 10597, 10601, 10607, 10613, 10627, 10631, 10639, 10651,
+10657, 10663, 10667, 10687, 10691, 10709, 10711, 10723, 10729, 10733, 10739,
+10753, 10771, 10781, 10789, 10799, 10831, 10837, 10847, 10853, 10859, 10861,
+10867, 10883, 10889, 10891, 10903, 10909, 10937, 10939, 10949, 10957, 10973,
+10979, 10987, 10993, 11003, 11027, 11047, 11057, 11059, 11069, 11071, 11083,
+11087, 11093, 11113, 11117, 11119, 11131, 11149, 11159, 11161, 11171, 11173,
+11177, 11197, 11213, 11239, 11243, 11251, 11257, 11261, 11273, 11279, 11287,
+11299, 11311, 11317, 11321, 11329, 11351, 11353, 11369, 11383, 11393, 11399,
+11411, 11423, 11437, 11443, 11447, 11467, 11471, 11483, 11489, 11491, 11497,
+11503, 11519, 11527, 11549, 11551, 11579, 11587, 11593, 11597, 11617, 11621,
+11633, 11657, 11677, 11681, 11689, 11699, 11701, 11717, 11719, 11731, 11743,
+11777, 11779, 11783, 11789, 11801, 11807, 11813, 11821, 11827, 11831, 11833,
+11839, 11863, 11867, 11887, 11897, 11903, 11909, 11923, 11927, 11933, 11939,
+11941, 11953, 11959, 11969, 11971, 11981, 11987, 12007, 12011, 12037, 12041,
+12043, 12049, 12071, 12073, 12097, 12101, 12107, 12109, 12113, 12119, 12143,
+12149, 12157, 12161, 12163, 12197, 12203, 12211, 12227, 12239, 12241, 12251,
+12253, 12263, 12269, 12277, 12281, 12289, 12301, 12323, 12329, 12343, 12347,
+12373, 12377, 12379, 12391, 12401, 12409, 12413, 12421, 12433, 12437, 12451,
+12457, 12473, 12479, 12487, 12491, 12497, 12503, 12511, 12517, 12527, 12539,
+12541, 12547, 12553, 12569, 12577, 12583, 12589, 12601, 12611, 12613, 12619,
+12637, 12641, 12647, 12653, 12659, 12671, 12689, 12697, 12703, 12713, 12721,
+12739, 12743, 12757, 12763, 12781, 12791, 12799, 12809, 12821, 12823, 12829,
+12841, 12853, 12889, 12893, 12899, 12907, 12911, 12917, 12919, 12923, 12941,
+12953, 12959, 12967, 12973, 12979, 12983, 13001, 13003, 13007, 13009, 13033,
+13037, 13043, 13049, 13063, 13093, 13099, 13103, 13109, 13121, 13127, 13147,
+13151, 13159, 13163, 13171, 13177, 13183, 13187, 13217, 13219, 13229, 13241,
+13249, 13259, 13267, 13291, 13297, 13309, 13313, 13327, 13331, 13337, 13339,
+13367, 13381, 13397, 13399, 13411, 13417, 13421, 13441, 13451, 13457, 13463,
+13469, 13477, 13487, 13499, 13513, 13523, 13537, 13553, 13567, 13577, 13591,
+13597, 13613, 13619, 13627, 13633, 13649, 13669, 13679, 13681, 13687, 13691,
+13693, 13697, 13709, 13711, 13721, 13723, 13729, 13751, 13757, 13759, 13763,
+13781, 13789, 13799, 13807, 13829, 13831, 13841, 13859, 13873, 13877, 13879,
+13883, 13901, 13903, 13907, 13913, 13921, 13931, 13933, 13963, 13967, 13997,
+13999, 14009, 14011, 14029, 14033, 14051, 14057, 14071, 14081, 14083, 14087,
+14107, 14143, 14149, 14153, 14159, 14173, 14177, 14197, 14207, 14221, 14243,
+14249, 14251, 14281, 14293, 14303, 14321, 14323, 14327, 14341, 14347, 14369,
+14387, 14389, 14401, 14407, 14411, 14419, 14423, 14431, 14437, 14447, 14449,
+14461, 14479, 14489, 14503, 14519, 14533, 14537, 14543, 14549, 14551, 14557,
+14561, 14563, 14591, 14593, 14621, 14627, 14629, 14633, 14639, 14653, 14657,
+14669, 14683, 14699, 14713, 14717, 14723, 14731, 14737, 14741, 14747, 14753,
+14759, 14767, 14771, 14779, 14783, 14797, 14813, 14821, 14827, 14831, 14843,
+14851, 14867, 14869, 14879, 14887, 14891, 14897, 14923, 14929, 14939, 14947,
+14951, 14957, 14969, 14983, 15013, 15017, 15031, 15053, 15061, 15073, 15077,
+15083, 15091, 15101, 15107, 15121, 15131, 15137, 15139, 15149, 15161, 15173,
+15187, 15193, 15199, 15217, 15227, 15233, 15241, 15259, 15263, 15269, 15271,
+15277, 15287, 15289, 15299, 15307, 15313, 15319, 15329, 15331, 15349, 15359,
+15361, 15373, 15377, 15383, 15391, 15401, 15413, 15427, 15439, 15443, 15451,
+15461, 15467, 15473, 15493, 15497, 15511, 15527, 15541, 15551, 15559, 15569,
+15581, 15583, 15601, 15607, 15619, 15629, 15641, 15643, 15647, 15649, 15661,
+15667, 15671, 15679, 15683, 15727, 15731, 15733, 15737, 15739, 15749, 15761,
+15767, 15773, 15787, 15791, 15797, 15803, 15809, 15817, 15823, 15859, 15877,
+15881, 15887, 15889, 15901, 15907, 15913, 15919, 15923, 15937, 15959, 15971,
+15973, 15991, 16001, 16007, 16033, 16057, 16061, 16063, 16067, 16069, 16073,
+16087, 16091, 16097, 16103, 16111, 16127, 16139, 16141, 16183, 16187, 16189,
+16193, 16217, 16223, 16229, 16231, 16249, 16253, 16267, 16273, 16301, 16319,
+16333, 16339, 16349, 16361, 16363, 16369, 16381, 16411, 16417, 16421, 16427,
+16433, 16447, 16451, 16453, 16477, 16481, 16487, 16493, 16519, 16529, 16547,
+16553, 16561, 16567, 16573, 16603, 16607, 16619, 16631, 16633, 16649, 16651,
+16657, 16661, 16673, 16691, 16693, 16699, 16703, 16729, 16741, 16747, 16759,
+16763, 16787, 16811, 16823, 16829, 16831, 16843, 16871, 16879, 16883, 16889,
+16901, 16903, 16921, 16927, 16931, 16937, 16943, 16963, 16979, 16981, 16987,
+16993, 17011, 17021, 17027, 17029, 17033, 17041, 17047, 17053, 17077, 17093,
+17099, 17107, 17117, 17123, 17137, 17159, 17167, 17183, 17189, 17191, 17203,
+17207, 17209, 17231, 17239, 17257, 17291, 17293, 17299, 17317, 17321, 17327,
+17333, 17341, 17351, 17359, 17377, 17383, 17387, 17389, 17393, 17401, 17417,
+17419, 17431, 17443, 17449, 17467, 17471, 17477, 17483, 17489, 17491, 17497,
+17509, 17519, 17539, 17551, 17569, 17573, 17579, 17581, 17597, 17599, 17609,
+17623, 17627, 17657, 17659, 17669, 17681, 17683, 17707, 17713, 17729, 17737,
+17747, 17749, 17761, 17783, 17789, 17791, 17807, 17827, 17837, 17839, 17851,
+17863, 17881, 17891, 17903, 17909, 17911, 17921, 17923, 17929, 17939, 17957,
+17959, 17971, 17977, 17981, 17987, 17989, 18013, 18041, 18043, 18047, 18049,
+18059, 18061, 18077, 18089, 18097, 18119, 18121, 18127, 18131, 18133, 18143,
+18149, 18169, 18181, 18191, 18199, 18211, 18217, 18223, 18229, 18233, 18251,
+18253, 18257, 18269, 18287, 18289, 18301, 18307, 18311, 18313, 18329, 18341,
+18353, 18367, 18371, 18379, 18397, 18401, 18413, 18427, 18433, 18439, 18443,
+18451, 18457, 18461, 18481, 18493, 18503, 18517, 18521, 18523, 18539, 18541,
+18553, 18583, 18587, 18593, 18617, 18637, 18661, 18671, 18679, 18691, 18701,
+18713, 18719, 18731, 18743, 18749, 18757, 18773, 18787, 18793, 18797, 18803,
+18839, 18859, 18869, 18899, 18911, 18913, 18917, 18919, 18947, 18959, 18973,
+18979, 19001, 19009, 19013, 19031, 19037, 19051, 19069, 19073, 19079, 19081,
+19087, 19121, 19139, 19141, 19157, 19163, 19181, 19183, 19207, 19211, 19213,
+19219, 19231, 19237, 19249, 19259, 19267, 19273, 19289, 19301, 19309, 19319,
+19333, 19373, 19379, 19381, 19387, 19391, 19403, 19417, 19421, 19423, 19427,
+19429, 19433, 19441, 19447, 19457, 19463, 19469, 19471, 19477, 19483, 19489,
+19501, 19507, 19531, 19541, 19543, 19553, 19559, 19571, 19577, 19583, 19597,
+19603, 19609, 19661, 19681, 19687, 19697, 19699, 19709, 19717, 19727, 19739,
+19751, 19753, 19759, 19763, 19777, 19793, 19801, 19813, 19819, 19841, 19843,
+19853, 19861, 19867, 19889, 19891, 19913, 19919, 19927, 19937, 19949, 19961,
+19963, 19973, 19979, 19991, 19993, 19997, 20011, 20021, 20023, 20029, 20047,
+20051, 20063, 20071, 20089, 20101, 20107, 20113, 20117, 20123, 20129, 20143,
+20147, 20149, 20161, 20173, 20177, 20183, 20201, 20219, 20231, 20233, 20249,
+20261, 20269, 20287, 20297, 20323, 20327, 20333, 20341, 20347, 20353, 20357,
+20359, 20369, 20389, 20393, 20399, 20407, 20411, 20431, 20441, 20443, 20477,
+20479, 20483, 20507, 20509, 20521, 20533, 20543, 20549, 20551, 20563, 20593,
+20599, 20611, 20627, 20639, 20641, 20663, 20681, 20693, 20707, 20717, 20719,
+20731, 20743, 20747, 20749, 20753, 20759, 20771, 20773, 20789, 20807, 20809,
+20849, 20857, 20873, 20879, 20887, 20897, 20899, 20903, 20921, 20929, 20939,
+20947, 20959, 20963, 20981, 20983, 21001, 21011, 21013, 21017, 21019, 21023,
+21031, 21059, 21061, 21067, 21089, 21101, 21107, 21121, 21139, 21143, 21149,
+21157, 21163, 21169, 21179, 21187, 21191, 21193, 21211, 21221, 21227, 21247,
+21269, 21277, 21283, 21313, 21317, 21319, 21323, 21341, 21347, 21377, 21379,
+21383, 21391, 21397, 21401, 21407, 21419, 21433, 21467, 21481, 21487, 21491,
+21493, 21499, 21503, 21517, 21521, 21523, 21529, 21557, 21559, 21563, 21569,
+21577, 21587, 21589, 21599, 21601, 21611, 21613, 21617, 21647, 21649, 21661,
+21673, 21683, 21701, 21713, 21727, 21737, 21739, 21751, 21757, 21767, 21773,
+21787, 21799, 21803, 21817, 21821, 21839, 21841, 21851, 21859, 21863, 21871,
+21881, 21893, 21911, 21929, 21937, 21943, 21961, 21977, 21991, 21997, 22003,
+22013, 22027, 22031, 22037, 22039, 22051, 22063, 22067, 22073, 22079, 22091,
+22093, 22109, 22111, 22123, 22129, 22133, 22147, 22153, 22157, 22159, 22171,
+22189, 22193, 22229, 22247, 22259, 22271, 22273, 22277, 22279, 22283, 22291,
+22303, 22307, 22343, 22349, 22367, 22369, 22381, 22391, 22397, 22409, 22433,
+22441, 22447, 22453, 22469, 22481, 22483, 22501, 22511, 22531, 22541, 22543,
+22549, 22567, 22571, 22573, 22613, 22619, 22621, 22637, 22639, 22643, 22651,
+22669, 22679, 22691, 22697, 22699, 22709, 22717, 22721, 22727, 22739, 22741,
+22751, 22769, 22777, 22783, 22787, 22807, 22811, 22817, 22853, 22859, 22861,
+22871, 22877, 22901, 22907, 22921, 22937, 22943, 22961, 22963, 22973, 22993,
+23003, 23011, 23017, 23021, 23027, 23029, 23039, 23041, 23053, 23057, 23059,
+23063, 23071, 23081, 23087, 23099, 23117, 23131, 23143, 23159, 23167, 23173,
+23189, 23197, 23201, 23203, 23209, 23227, 23251, 23269, 23279, 23291, 23293,
+23297, 23311, 23321, 23327, 23333, 23339, 23357, 23369, 23371, 23399, 23417,
+23431, 23447, 23459, 23473, 23497, 23509, 23531, 23537, 23539, 23549, 23557,
+23561, 23563, 23567, 23581, 23593, 23599, 23603, 23609, 23623, 23627, 23629,
+23633, 23663, 23669, 23671, 23677, 23687, 23689, 23719, 23741, 23743, 23747,
+23753, 23761, 23767, 23773, 23789, 23801, 23813, 23819, 23827, 23831, 23833,
+23857, 23869, 23873, 23879, 23887, 23893, 23899, 23909, 23911, 23917, 23929,
+23957, 23971, 23977, 23981, 23993, 24001, 24007, 24019, 24023, 24029, 24043,
+24049, 24061, 24071, 24077, 24083, 24091, 24097, 24103, 24107, 24109, 24113,
+24121, 24133, 24137, 24151, 24169, 24179, 24181, 24197, 24203, 24223, 24229,
+24239, 24247, 24251, 24281, 24317, 24329, 24337, 24359, 24371, 24373, 24379,
+24391, 24407, 24413, 24419, 24421, 24439, 24443, 24469, 24473, 24481, 24499,
+24509, 24517, 24527, 24533, 24547, 24551, 24571, 24593, 24611, 24623, 24631,
+24659, 24671, 24677, 24683, 24691, 24697, 24709, 24733, 24749, 24763, 24767,
+24781, 24793, 24799, 24809, 24821, 24841, 24847, 24851, 24859, 24877, 24889,
+24907, 24917, 24919, 24923, 24943, 24953, 24967, 24971, 24977, 24979, 24989,
+25013, 25031, 25033, 25037, 25057, 25073, 25087, 25097, 25111, 25117, 25121,
+25127, 25147, 25153, 25163, 25169, 25171, 25183, 25189, 25219, 25229, 25237,
+25243, 25247, 25253, 25261, 25301, 25303, 25307, 25309, 25321, 25339, 25343,
+25349, 25357, 25367, 25373, 25391, 25409, 25411, 25423, 25439, 25447, 25453,
+25457, 25463, 25469, 25471, 25523, 25537, 25541, 25561, 25577, 25579, 25583,
+25589, 25601, 25603, 25609, 25621, 25633, 25639, 25643, 25657, 25667, 25673,
+25679, 25693, 25703, 25717, 25733, 25741, 25747, 25759, 25763, 25771, 25793,
+25799, 25801, 25819, 25841, 25847, 25849, 25867, 25873, 25889, 25903, 25913,
+25919, 25931, 25933, 25939, 25943, 25951, 25969, 25981, 25997, 25999, 26003,
+26017, 26021, 26029, 26041, 26053, 26083, 26099, 26107, 26111, 26113, 26119,
+26141, 26153, 26161, 26171, 26177, 26183, 26189, 26203, 26209, 26227, 26237,
+26249, 26251, 26261, 26263, 26267, 26293, 26297, 26309, 26317, 26321, 26339,
+26347, 26357, 26371, 26387, 26393, 26399, 26407, 26417, 26423, 26431, 26437,
+26449, 26459, 26479, 26489, 26497, 26501, 26513, 26539, 26557, 26561, 26573,
+26591, 26597, 26627, 26633, 26641, 26647, 26669, 26681, 26683, 26687, 26693,
+26699, 26701, 26711, 26713, 26717, 26723, 26729, 26731, 26737, 26759, 26777,
+26783, 26801, 26813, 26821, 26833, 26839, 26849, 26861, 26863, 26879, 26881,
+26891, 26893, 26903, 26921, 26927, 26947, 26951, 26953, 26959, 26981, 26987,
+26993, 27011, 27017, 27031, 27043, 27059, 27061, 27067, 27073, 27077, 27091,
+27103, 27107, 27109, 27127, 27143, 27179, 27191, 27197, 27211, 27239, 27241,
+27253, 27259, 27271, 27277, 27281, 27283, 27299, 27329, 27337, 27361, 27367,
+27397, 27407, 27409, 27427, 27431, 27437, 27449, 27457, 27479, 27481, 27487,
+27509, 27527, 27529, 27539, 27541, 27551, 27581, 27583, 27611, 27617, 27631,
+27647, 27653, 27673, 27689, 27691, 27697, 27701, 27733, 27737, 27739, 27743,
+27749, 27751, 27763, 27767, 27773, 27779, 27791, 27793, 27799, 27803, 27809,
+27817, 27823, 27827, 27847, 27851, 27883, 27893, 27901, 27917, 27919, 27941,
+27943, 27947, 27953, 27961, 27967, 27983, 27997, 28001, 28019, 28027, 28031,
+28051, 28057, 28069, 28081, 28087, 28097, 28099, 28109, 28111, 28123, 28151,
+28163, 28181, 28183, 28201, 28211, 28219, 28229, 28277, 28279, 28283, 28289,
+28297, 28307, 28309, 28319, 28349, 28351, 28387, 28393, 28403, 28409, 28411,
+28429, 28433, 28439, 28447, 28463, 28477, 28493, 28499, 28513, 28517, 28537,
+28541, 28547, 28549, 28559, 28571, 28573, 28579, 28591, 28597, 28603, 28607,
+28619, 28621, 28627, 28631, 28643, 28649, 28657, 28661, 28663, 28669, 28687,
+28697, 28703, 28711, 28723, 28729, 28751, 28753, 28759, 28771, 28789, 28793,
+28807, 28813, 28817, 28837, 28843, 28859, 28867, 28871, 28879, 28901, 28909,
+28921, 28927, 28933, 28949, 28961, 28979, 29009, 29017, 29021, 29023, 29027,
+29033, 29059, 29063, 29077, 29101, 29123, 29129, 29131, 29137, 29147, 29153,
+29167, 29173, 29179, 29191, 29201, 29207, 29209, 29221, 29231, 29243, 29251,
+29269, 29287, 29297, 29303, 29311, 29327, 29333, 29339, 29347, 29363, 29383,
+29387, 29389, 29399, 29401, 29411, 29423, 29429, 29437, 29443, 29453, 29473,
+29483, 29501, 29527, 29531, 29537, 29567, 29569, 29573, 29581, 29587, 29599,
+29611, 29629, 29633, 29641, 29663, 29669, 29671, 29683, 29717, 29723, 29741,
+29753, 29759, 29761, 29789, 29803, 29819, 29833, 29837, 29851, 29863, 29867,
+29873, 29879, 29881, 29917, 29921, 29927, 29947, 29959, 29983, 29989, 30011,
+30013, 30029, 30047, 30059, 30071, 30089, 30091, 30097, 30103, 30109, 30113,
+30119, 30133, 30137, 30139, 30161, 30169, 30181, 30187, 30197, 30203, 30211,
+30223, 30241, 30253, 30259, 30269, 30271, 30293, 30307, 30313, 30319, 30323,
+30341, 30347, 30367, 30389, 30391, 30403, 30427, 30431, 30449, 30467, 30469,
+30491, 30493, 30497, 30509, 30517, 30529, 30539, 30553, 30557, 30559, 30577,
+30593, 30631, 30637, 30643, 30649, 30661, 30671, 30677, 30689, 30697, 30703,
+30707, 30713, 30727, 30757, 30763, 30773, 30781, 30803, 30809, 30817, 30829,
+30839, 30841, 30851, 30853, 30859, 30869, 30871, 30881, 30893, 30911, 30931,
+30937, 30941, 30949, 30971, 30977, 30983, 31013, 31019, 31033, 31039, 31051,
+31063, 31069, 31079, 31081, 31091, 31121, 31123, 31139, 31147, 31151, 31153,
+31159, 31177, 31181, 31183, 31189, 31193, 31219, 31223, 31231, 31237, 31247,
+31249, 31253, 31259, 31267, 31271, 31277, 31307, 31319, 31321, 31327, 31333,
+31337, 31357, 31379, 31387, 31391, 31393, 31397, 31469, 31477, 31481, 31489,
+31511, 31513, 31517, 31531, 31541, 31543, 31547, 31567, 31573, 31583, 31601,
+31607, 31627, 31643, 31649, 31657, 31663, 31667, 31687, 31699, 31721, 31723,
+31727, 31729, 31741, 31751, 31769, 31771, 31793, 31799, 31817, 31847, 31849,
+31859, 31873, 31883, 31891, 31907, 31957, 31963, 31973, 31981, 31991, 32003,
+32009, 32027, 32029, 32051, 32057, 32059, 32063, 32069, 32077, 32083, 32089,
+32099, 32117, 32119, 32141, 32143, 32159, 32173, 32183, 32189, 32191, 32203,
+32213, 32233, 32237, 32251, 32257, 32261, 32297, 32299, 32303, 32309, 32321,
+32323, 32327, 32341, 32353, 32359, 32363, 32369, 32371, 32377, 32381, 32401,
+32411, 32413, 32423, 32429, 32441, 32443, 32467, 32479, 32491, 32497, 32503,
+32507, 32531, 32533, 32537, 32561, 32563, 32569, 32573, 32579, 32587, 32603,
+32609, 32611, 32621, 32633, 32647, 32653, 32687, 32693, 32707, 32713, 32717,
+32719, 32749, 32771, 32779, 32783, 32789, 32797, 32801, 32803, 32831, 32833,
+32839, 32843, 32869, 32887, 32909, 32911, 32917, 32933, 32939, 32941, 32957,
+32969, 32971, 32983, 32987, 32993, 32999, 33013, 33023, 33029, 33037, 33049,
+33053, 33071, 33073, 33083, 33091, 33107, 33113, 33119, 33149, 33151, 33161,
+33179, 33181, 33191, 33199, 33203, 33211, 33223, 33247, 33287, 33289, 33301,
+33311, 33317, 33329, 33331, 33343, 33347, 33349, 33353, 33359, 33377, 33391,
+33403, 33409, 33413, 33427, 33457, 33461, 33469, 33479, 33487, 33493, 33503,
+33521, 33529, 33533, 33547, 33563, 33569, 33577, 33581, 33587, 33589, 33599,
+33601, 33613, 33617, 33619, 33623, 33629, 33637, 33641, 33647, 33679, 33703,
+33713, 33721, 33739, 33749, 33751, 33757, 33767, 33769, 33773, 33791, 33797,
+33809, 33811, 33827, 33829, 33851, 33857, 33863, 33871, 33889, 33893, 33911,
+33923, 33931, 33937, 33941, 33961, 33967, 33997, 34019, 34031, 34033, 34039,
+34057, 34061, 34123, 34127, 34129, 34141, 34147, 34157, 34159, 34171, 34183,
+34211, 34213, 34217, 34231, 34253, 34259, 34261, 34267, 34273, 34283, 34297,
+34301, 34303, 34313, 34319, 34327, 34337, 34351, 34361, 34367, 34369, 34381,
+34403, 34421, 34429, 34439, 34457, 34469, 34471, 34483, 34487, 34499, 34501,
+34511, 34513, 34519, 34537, 34543, 34549, 34583, 34589, 34591, 34603, 34607,
+34613, 34631, 34649, 34651, 34667, 34673, 34679, 34687, 34693, 34703, 34721,
+34729, 34739, 34747, 34757, 34759, 34763, 34781, 34807, 34819, 34841, 34843,
+34847, 34849, 34871, 34877, 34883, 34897, 34913, 34919, 34939, 34949, 34961,
+34963, 34981, 35023, 35027, 35051, 35053, 35059, 35069, 35081, 35083, 35089,
+35099, 35107, 35111, 35117, 35129, 35141, 35149, 35153, 35159, 35171, 35201,
+35221, 35227, 35251, 35257, 35267, 35279, 35281, 35291, 35311, 35317, 35323,
+35327, 35339, 35353, 35363, 35381, 35393, 35401, 35407, 35419, 35423, 35437,
+35447, 35449, 35461, 35491, 35507, 35509, 35521, 35527, 35531, 35533, 35537,
+35543, 35569, 35573, 35591, 35593, 35597, 35603, 35617, 35671, 35677, 35729,
+35731, 35747, 35753, 35759, 35771, 35797, 35801, 35803, 35809, 35831, 35837,
+35839, 35851, 35863, 35869, 35879, 35897, 35899, 35911, 35923, 35933, 35951,
+35963, 35969, 35977, 35983, 35993, 35999, 36007, 36011, 36013, 36017, 36037,
+36061, 36067, 36073, 36083, 36097, 36107, 36109, 36131, 36137, 36151, 36161,
+36187, 36191, 36209, 36217, 36229, 36241, 36251, 36263, 36269, 36277, 36293,
+36299, 36307, 36313, 36319, 36341, 36343, 36353, 36373, 36383, 36389, 36433,
+36451, 36457, 36467, 36469, 36473, 36479, 36493, 36497, 36523, 36527, 36529,
+36541, 36551, 36559, 36563, 36571, 36583, 36587, 36599, 36607, 36629, 36637,
+36643, 36653, 36671, 36677, 36683, 36691, 36697, 36709, 36713, 36721, 36739,
+36749, 36761, 36767, 36779, 36781, 36787, 36791, 36793, 36809, 36821, 36833,
+36847, 36857, 36871, 36877, 36887, 36899, 36901, 36913, 36919, 36923, 36929,
+36931, 36943, 36947, 36973, 36979, 36997, 37003, 37013, 37019, 37021, 37039,
+37049, 37057, 37061, 37087, 37097, 37117, 37123, 37139, 37159, 37171, 37181,
+37189, 37199, 37201, 37217, 37223, 37243, 37253, 37273, 37277, 37307, 37309,
+37313, 37321, 37337, 37339, 37357, 37361, 37363, 37369, 37379, 37397, 37409,
+37423, 37441, 37447, 37463, 37483, 37489, 37493, 37501, 37507, 37511, 37517,
+37529, 37537, 37547, 37549, 37561, 37567, 37571, 37573, 37579, 37589, 37591,
+37607, 37619, 37633, 37643, 37649, 37657, 37663, 37691, 37693, 37699, 37717,
+37747, 37781, 37783, 37799, 37811, 37813, 37831, 37847, 37853, 37861, 37871,
+37879, 37889, 37897, 37907, 37951, 37957, 37963, 37967, 37987, 37991, 37993,
+37997, 38011, 38039, 38047, 38053, 38069, 38083, 38113, 38119, 38149, 38153,
+38167, 38177, 38183, 38189, 38197, 38201, 38219, 38231, 38237, 38239, 38261,
+38273, 38281, 38287, 38299, 38303, 38317, 38321, 38327, 38329, 38333, 38351,
+38371, 38377, 38393, 38431, 38447, 38449, 38453, 38459, 38461, 38501, 38543,
+38557, 38561, 38567, 38569, 38593, 38603, 38609, 38611, 38629, 38639, 38651,
+38653, 38669, 38671, 38677, 38693, 38699, 38707, 38711, 38713, 38723, 38729,
+38737, 38747, 38749, 38767, 38783, 38791, 38803, 38821, 38833, 38839, 38851,
+38861, 38867, 38873, 38891, 38903, 38917, 38921, 38923, 38933, 38953, 38959,
+38971, 38977, 38993, 39019, 39023, 39041, 39043, 39047, 39079, 39089, 39097,
+39103, 39107, 39113, 39119, 39133, 39139, 39157, 39161, 39163, 39181, 39191,
+39199, 39209, 39217, 39227, 39229, 39233, 39239, 39241, 39251, 39293, 39301,
+39313, 39317, 39323, 39341, 39343, 39359, 39367, 39371, 39373, 39383, 39397,
+39409, 39419, 39439, 39443, 39451, 39461, 39499, 39503, 39509, 39511, 39521,
+39541, 39551, 39563, 39569, 39581, 39607, 39619, 39623, 39631, 39659, 39667,
+39671, 39679, 39703, 39709, 39719, 39727, 39733, 39749, 39761, 39769, 39779,
+39791, 39799, 39821, 39827, 39829, 39839, 39841, 39847, 39857, 39863, 39869,
+39877, 39883, 39887, 39901, 39929, 39937, 39953, 39971, 39979, 39983, 39989,
+40009, 40013, 40031, 40037, 40039, 40063, 40087, 40093, 40099, 40111, 40123,
+40127, 40129, 40151, 40153, 40163, 40169, 40177, 40189, 40193, 40213, 40231,
+40237, 40241, 40253, 40277, 40283, 40289, 40343, 40351, 40357, 40361, 40387,
+40423, 40427, 40429, 40433, 40459, 40471, 40483, 40487, 40493, 40499, 40507,
+40519, 40529, 40531, 40543, 40559, 40577, 40583, 40591, 40597, 40609, 40627,
+40637, 40639, 40693, 40697, 40699, 40709, 40739, 40751, 40759, 40763, 40771,
+40787, 40801, 40813, 40819, 40823, 40829, 40841, 40847, 40849, 40853, 40867,
+40879, 40883, 40897, 40903, 40927, 40933, 40939, 40949, 40961, 40973, 40993,
+41011, 41017, 41023, 41039, 41047, 41051, 41057, 41077, 41081, 41113, 41117,
+41131, 41141, 41143, 41149, 41161, 41177, 41179, 41183, 41189, 41201, 41203,
+41213, 41221, 41227, 41231, 41233, 41243, 41257, 41263, 41269, 41281, 41299,
+41333, 41341, 41351, 41357, 41381, 41387, 41389, 41399, 41411, 41413, 41443,
+41453, 41467, 41479, 41491, 41507, 41513, 41519, 41521, 41539, 41543, 41549,
+41579, 41593, 41597, 41603, 41609, 41611, 41617, 41621, 41627, 41641, 41647,
+41651, 41659, 41669, 41681, 41687, 41719, 41729, 41737, 41759, 41761, 41771,
+41777, 41801, 41809, 41813, 41843, 41849, 41851, 41863, 41879, 41887, 41893,
+41897, 41903, 41911, 41927, 41941, 41947, 41953, 41957, 41959, 41969, 41981,
+41983, 41999, 42013, 42017, 42019, 42023, 42043, 42061, 42071, 42073, 42083,
+42089, 42101, 42131, 42139, 42157, 42169, 42179, 42181, 42187, 42193, 42197,
+42209, 42221, 42223, 42227, 42239, 42257, 42281, 42283, 42293, 42299, 42307,
+42323, 42331, 42337, 42349, 42359, 42373, 42379, 42391, 42397, 42403, 42407,
+42409, 42433, 42437, 42443, 42451, 42457, 42461, 42463, 42467, 42473, 42487,
+42491, 42499, 42509, 42533, 42557, 42569, 42571, 42577, 42589, 42611, 42641,
+42643, 42649, 42667, 42677, 42683, 42689, 42697, 42701, 42703, 42709, 42719,
+42727, 42737, 42743, 42751, 42767, 42773, 42787, 42793, 42797, 42821, 42829,
+42839, 42841, 42853, 42859, 42863, 42899, 42901, 42923, 42929, 42937, 42943,
+42953, 42961, 42967, 42979, 42989, 43003, 43013, 43019, 43037, 43049, 43051,
+43063, 43067, 43093, 43103, 43117, 43133, 43151, 43159, 43177, 43189, 43201,
+43207, 43223, 43237, 43261, 43271, 43283, 43291, 43313, 43319, 43321, 43331,
+43391, 43397, 43399, 43403, 43411, 43427, 43441, 43451, 43457, 43481, 43487,
+43499, 43517, 43541, 43543, 43573, 43577, 43579, 43591, 43597, 43607, 43609,
+43613, 43627, 43633, 43649, 43651, 43661, 43669, 43691, 43711, 43717, 43721,
+43753, 43759, 43777, 43781, 43783, 43787, 43789, 43793, 43801, 43853, 43867,
+43889, 43891, 43913, 43933, 43943, 43951, 43961, 43963, 43969, 43973, 43987,
+43991, 43997, 44017, 44021, 44027, 44029, 44041, 44053, 44059, 44071, 44087,
+44089, 44101, 44111, 44119, 44123, 44129, 44131, 44159, 44171, 44179, 44189,
+44201, 44203, 44207, 44221, 44249, 44257, 44263, 44267, 44269, 44273, 44279,
+44281, 44293, 44351, 44357, 44371, 44381, 44383, 44389, 44417, 44449, 44453,
+44483, 44491, 44497, 44501, 44507, 44519, 44531, 44533, 44537, 44543, 44549,
+44563, 44579, 44587, 44617, 44621, 44623, 44633, 44641, 44647, 44651, 44657,
+44683, 44687, 44699, 44701, 44711, 44729, 44741, 44753, 44771, 44773, 44777,
+44789, 44797, 44809, 44819, 44839, 44843, 44851, 44867, 44879, 44887, 44893,
+44909, 44917, 44927, 44939, 44953, 44959, 44963, 44971, 44983, 44987, 45007,
+45013, 45053, 45061, 45077, 45083, 45119, 45121, 45127, 45131, 45137, 45139,
+45161, 45179, 45181, 45191, 45197, 45233, 45247, 45259, 45263, 45281, 45289,
+45293, 45307, 45317, 45319, 45329, 45337, 45341, 45343, 45361, 45377, 45389,
+45403, 45413, 45427, 45433, 45439, 45481, 45491, 45497, 45503, 45523, 45533,
+45541, 45553, 45557, 45569, 45587, 45589, 45599, 45613, 45631, 45641, 45659,
+45667, 45673, 45677, 45691, 45697, 45707, 45737, 45751, 45757, 45763, 45767,
+45779, 45817, 45821, 45823, 45827, 45833, 45841, 45853, 45863, 45869, 45887,
+45893, 45943, 45949, 45953, 45959, 45971, 45979, 45989, 46021, 46027, 46049,
+46051, 46061, 46073, 46091, 46093, 46099, 46103, 46133, 46141, 46147, 46153,
+46171, 46181, 46183, 46187, 46199, 46219, 46229, 46237, 46261, 46271, 46273,
+46279, 46301, 46307, 46309, 46327, 46337, 46349, 46351, 46381, 46399, 46411,
+46439, 46441, 46447, 46451, 46457, 46471, 46477, 46489, 46499, 46507, 46511,
+46523, 46549, 46559, 46567, 46573, 46589, 46591, 46601, 46619, 46633, 46639,
+46643, 46649, 46663, 46679, 46681, 46687, 46691, 46703, 46723, 46727, 46747,
+46751, 46757, 46769, 46771, 46807, 46811, 46817, 46819, 46829, 46831, 46853,
+46861, 46867, 46877, 46889, 46901, 46919, 46933, 46957, 46993, 46997, 47017,
+47041, 47051, 47057, 47059, 47087, 47093, 47111, 47119, 47123, 47129, 47137,
+47143, 47147, 47149, 47161, 47189, 47207, 47221, 47237, 47251, 47269, 47279,
+47287, 47293, 47297, 47303, 47309, 47317, 47339, 47351, 47353, 47363, 47381,
+47387, 47389, 47407, 47417, 47419, 47431, 47441, 47459, 47491, 47497, 47501,
+47507, 47513, 47521, 47527, 47533, 47543, 47563, 47569, 47581, 47591, 47599,
+47609, 47623, 47629, 47639, 47653, 47657, 47659, 47681, 47699, 47701, 47711,
+47713, 47717, 47737, 47741, 47743, 47777, 47779, 47791, 47797, 47807, 47809,
+47819, 47837, 47843, 47857, 47869, 47881, 47903, 47911, 47917, 47933, 47939,
+47947, 47951, 47963, 47969, 47977, 47981, 48017, 48023, 48029, 48049, 48073,
+48079, 48091, 48109, 48119, 48121, 48131, 48157, 48163, 48179, 48187, 48193,
+48197, 48221, 48239, 48247, 48259, 48271, 48281, 48299, 48311, 48313, 48337,
+48341, 48353, 48371, 48383, 48397, 48407, 48409, 48413, 48437, 48449, 48463,
+48473, 48479, 48481, 48487, 48491, 48497, 48523, 48527, 48533, 48539, 48541,
+48563, 48571, 48589, 48593, 48611, 48619, 48623, 48647, 48649, 48661, 48673,
+48677, 48679, 48731, 48733, 48751, 48757, 48761, 48767, 48779, 48781, 48787,
+48799, 48809, 48817, 48821, 48823, 48847, 48857, 48859, 48869, 48871, 48883,
+48889, 48907, 48947, 48953, 48973, 48989, 48991, 49003, 49009, 49019, 49031,
+49033, 49037, 49043, 49057, 49069, 49081, 49103, 49109, 49117, 49121, 49123,
+49139, 49157, 49169, 49171, 49177, 49193, 49199, 49201, 49207, 49211, 49223,
+49253, 49261, 49277, 49279, 49297, 49307, 49331, 49333, 49339, 49363, 49367,
+49369, 49391, 49393, 49409, 49411, 49417, 49429, 49433, 49451, 49459, 49463,
+49477, 49481, 49499, 49523, 49529, 49531, 49537, 49547, 49549, 49559, 49597,
+49603, 49613, 49627, 49633, 49639, 49663, 49667, 49669, 49681, 49697, 49711,
+49727, 49739, 49741, 49747, 49757, 49783, 49787, 49789, 49801, 49807, 49811,
+49823, 49831, 49843, 49853, 49871, 49877, 49891, 49919, 49921, 49927, 49937,
+49939, 49943, 49957, 49991, 49993, 49999, 50021, 50023, 50033, 50047, 50051,
+50053, 50069, 50077, 50087, 50093, 50101, 50111, 50119, 50123, 50129, 50131,
+50147, 50153, 50159, 50177, 50207, 50221, 50227, 50231, 50261, 50263, 50273,
+50287, 50291, 50311, 50321, 50329, 50333, 50341, 50359, 50363, 50377, 50383,
+50387, 50411, 50417, 50423, 50441, 50459, 50461, 50497, 50503, 50513, 50527,
+50539, 50543, 50549, 50551, 50581, 50587, 50591, 50593, 50599, 50627, 50647,
+50651, 50671, 50683, 50707, 50723, 50741, 50753, 50767, 50773, 50777, 50789,
+50821, 50833, 50839, 50849, 50857, 50867, 50873, 50891, 50893, 50909, 50923,
+50929, 50951, 50957, 50969, 50971, 50989, 50993, 51001, 51031, 51043, 51047,
+51059, 51061, 51071, 51109, 51131, 51133, 51137, 51151, 51157, 51169, 51193,
+51197, 51199, 51203, 51217, 51229, 51239, 51241, 51257, 51263, 51283, 51287,
+51307, 51329, 51341, 51343, 51347, 51349, 51361, 51383, 51407, 51413, 51419,
+51421, 51427, 51431, 51437, 51439, 51449, 51461, 51473, 51479, 51481, 51487,
+51503, 51511, 51517, 51521, 51539, 51551, 51563, 51577, 51581, 51593, 51599,
+51607, 51613, 51631, 51637, 51647, 51659, 51673, 51679, 51683, 51691, 51713,
+51719, 51721, 51749, 51767, 51769, 51787, 51797, 51803, 51817, 51827, 51829,
+51839, 51853, 51859, 51869, 51871, 51893, 51899, 51907, 51913, 51929, 51941,
+51949, 51971, 51973, 51977, 51991, 52009, 52021, 52027, 52051, 52057, 52067,
+52069, 52081, 52103, 52121, 52127, 52147, 52153, 52163, 52177, 52181, 52183,
+52189, 52201, 52223, 52237, 52249, 52253, 52259, 52267, 52289, 52291, 52301,
+52313, 52321, 52361, 52363, 52369, 52379, 52387, 52391, 52433, 52453, 52457,
+52489, 52501, 52511, 52517, 52529, 52541, 52543, 52553, 52561, 52567, 52571,
+52579, 52583, 52609, 52627, 52631, 52639, 52667, 52673, 52691, 52697, 52709,
+52711, 52721, 52727, 52733, 52747, 52757, 52769, 52783, 52807, 52813, 52817,
+52837, 52859, 52861, 52879, 52883, 52889, 52901, 52903, 52919, 52937, 52951,
+52957, 52963, 52967, 52973, 52981, 52999, 53003, 53017, 53047, 53051, 53069,
+53077, 53087, 53089, 53093, 53101, 53113, 53117, 53129, 53147, 53149, 53161,
+53171, 53173, 53189, 53197, 53201, 53231, 53233, 53239, 53267, 53269, 53279,
+53281, 53299, 53309, 53323, 53327, 53353, 53359, 53377, 53381, 53401, 53407,
+53411, 53419, 53437, 53441, 53453, 53479, 53503, 53507, 53527, 53549, 53551,
+53569, 53591, 53593, 53597, 53609, 53611, 53617, 53623, 53629, 53633, 53639,
+53653, 53657, 53681, 53693, 53699, 53717, 53719, 53731, 53759, 53773, 53777,
+53783, 53791, 53813, 53819, 53831, 53849, 53857, 53861, 53881, 53887, 53891,
+53897, 53899, 53917, 53923, 53927, 53939, 53951, 53959, 53987, 53993, 54001,
+54011, 54013, 54037, 54049, 54059, 54083, 54091, 54101, 54121, 54133, 54139,
+54151, 54163, 54167, 54181, 54193, 54217, 54251, 54269, 54277, 54287, 54293,
+54311, 54319, 54323, 54331, 54347, 54361, 54367, 54371, 54377, 54401, 54403,
+54409, 54413, 54419, 54421, 54437, 54443, 54449, 54469, 54493, 54497, 54499,
+54503, 54517, 54521, 54539, 54541, 54547, 54559, 54563, 54577, 54581, 54583,
+54601, 54617, 54623, 54629, 54631, 54647, 54667, 54673, 54679, 54709, 54713,
+54721, 54727, 54751, 54767, 54773, 54779, 54787, 54799, 54829, 54833, 54851,
+54869, 54877, 54881, 54907, 54917, 54919, 54941, 54949, 54959, 54973, 54979,
+54983, 55001, 55009, 55021, 55049, 55051, 55057, 55061, 55073, 55079, 55103,
+55109, 55117, 55127, 55147, 55163, 55171, 55201, 55207, 55213, 55217, 55219,
+55229, 55243, 55249, 55259, 55291, 55313, 55331, 55333, 55337, 55339, 55343,
+55351, 55373, 55381, 55399, 55411, 55439, 55441, 55457, 55469, 55487, 55501,
+55511, 55529, 55541, 55547, 55579, 55589, 55603, 55609, 55619, 55621, 55631,
+55633, 55639, 55661, 55663, 55667, 55673, 55681, 55691, 55697, 55711, 55717,
+55721, 55733, 55763, 55787, 55793, 55799, 55807, 55813, 55817, 55819, 55823,
+55829, 55837, 55843, 55849, 55871, 55889, 55897, 55901, 55903, 55921, 55927,
+55931, 55933, 55949, 55967, 55987, 55997, 56003, 56009, 56039, 56041, 56053,
+56081, 56087, 56093, 56099, 56101, 56113, 56123, 56131, 56149, 56167, 56171,
+56179, 56197, 56207, 56209, 56237, 56239, 56249, 56263, 56267, 56269, 56299,
+56311, 56333, 56359, 56369, 56377, 56383, 56393, 56401, 56417, 56431, 56437,
+56443, 56453, 56467, 56473, 56477, 56479, 56489, 56501, 56503, 56509, 56519,
+56527, 56531, 56533, 56543, 56569, 56591, 56597, 56599, 56611, 56629, 56633,
+56659, 56663, 56671, 56681, 56687, 56701, 56711, 56713, 56731, 56737, 56747,
+56767, 56773, 56779, 56783, 56807, 56809, 56813, 56821, 56827, 56843, 56857,
+56873, 56891, 56893, 56897, 56909, 56911, 56921, 56923, 56929, 56941, 56951,
+56957, 56963, 56983, 56989, 56993, 56999, 57037, 57041, 57047, 57059, 57073,
+57077, 57089, 57097, 57107, 57119, 57131, 57139, 57143, 57149, 57163, 57173,
+57179, 57191, 57193, 57203, 57221, 57223, 57241, 57251, 57259, 57269, 57271,
+57283, 57287, 57301, 57329, 57331, 57347, 57349, 57367, 57373, 57383, 57389,
+57397, 57413, 57427, 57457, 57467, 57487, 57493, 57503, 57527, 57529, 57557,
+57559, 57571, 57587, 57593, 57601, 57637, 57641, 57649, 57653, 57667, 57679,
+57689, 57697, 57709, 57713, 57719, 57727, 57731, 57737, 57751, 57773, 57781,
+57787, 57791, 57793, 57803, 57809, 57829, 57839, 57847, 57853, 57859, 57881,
+57899, 57901, 57917, 57923, 57943, 57947, 57973, 57977, 57991, 58013, 58027,
+58031, 58043, 58049, 58057, 58061, 58067, 58073, 58099, 58109, 58111, 58129,
+58147, 58151, 58153, 58169, 58171, 58189, 58193, 58199, 58207, 58211, 58217,
+58229, 58231, 58237, 58243, 58271, 58309, 58313, 58321, 58337, 58363, 58367,
+58369, 58379, 58391, 58393, 58403, 58411, 58417, 58427, 58439, 58441, 58451,
+58453, 58477, 58481, 58511, 58537, 58543, 58549, 58567, 58573, 58579, 58601,
+58603, 58613, 58631, 58657, 58661, 58679, 58687, 58693, 58699, 58711, 58727,
+58733, 58741, 58757, 58763, 58771, 58787, 58789, 58831, 58889, 58897, 58901,
+58907, 58909, 58913, 58921, 58937, 58943, 58963, 58967, 58979, 58991, 58997,
+59009, 59011, 59021, 59023, 59029, 59051, 59053, 59063, 59069, 59077, 59083,
+59093, 59107, 59113, 59119, 59123, 59141, 59149, 59159, 59167, 59183, 59197,
+59207, 59209, 59219, 59221, 59233, 59239, 59243, 59263, 59273, 59281, 59333,
+59341, 59351, 59357, 59359, 59369, 59377, 59387, 59393, 59399, 59407, 59417,
+59419, 59441, 59443, 59447, 59453, 59467, 59471, 59473, 59497, 59509, 59513,
+59539, 59557, 59561, 59567, 59581, 59611, 59617, 59621, 59627, 59629, 59651,
+59659, 59663, 59669, 59671, 59693, 59699, 59707, 59723, 59729, 59743, 59747,
+59753, 59771, 59779, 59791, 59797, 59809, 59833, 59863, 59879, 59887, 59921,
+59929, 59951, 59957, 59971, 59981, 59999, 60013, 60017, 60029, 60037, 60041,
+60077, 60083, 60089, 60091, 60101, 60103, 60107, 60127, 60133, 60139, 60149,
+60161, 60167, 60169, 60209, 60217, 60223, 60251, 60257, 60259, 60271, 60289,
+60293, 60317, 60331, 60337, 60343, 60353, 60373, 60383, 60397, 60413, 60427,
+60443, 60449, 60457, 60493, 60497, 60509, 60521, 60527, 60539, 60589, 60601,
+60607, 60611, 60617, 60623, 60631, 60637, 60647, 60649, 60659, 60661, 60679,
+60689, 60703, 60719, 60727, 60733, 60737, 60757, 60761, 60763, 60773, 60779,
+60793, 60811, 60821, 60859, 60869, 60887, 60889, 60899, 60901, 60913, 60917,
+60919, 60923, 60937, 60943, 60953, 60961, 61001, 61007, 61027, 61031, 61043,
+61051, 61057, 61091, 61099, 61121, 61129, 61141, 61151, 61153, 61169, 61211,
+61223, 61231, 61253, 61261, 61283, 61291, 61297, 61331, 61333, 61339, 61343,
+61357, 61363, 61379, 61381, 61403, 61409, 61417, 61441, 61463, 61469, 61471,
+61483, 61487, 61493, 61507, 61511, 61519, 61543, 61547, 61553, 61559, 61561,
+61583, 61603, 61609, 61613, 61627, 61631, 61637, 61643, 61651, 61657, 61667,
+61673, 61681, 61687, 61703, 61717, 61723, 61729, 61751, 61757, 61781, 61813,
+61819, 61837, 61843, 61861, 61871, 61879, 61909, 61927, 61933, 61949, 61961,
+61967, 61979, 61981, 61987, 61991, 62003, 62011, 62017, 62039, 62047, 62053,
+62057, 62071, 62081, 62099, 62119, 62129, 62131, 62137, 62141, 62143, 62171,
+62189, 62191, 62201, 62207, 62213, 62219, 62233, 62273, 62297, 62299, 62303,
+62311, 62323, 62327, 62347, 62351, 62383, 62401, 62417, 62423, 62459, 62467,
+62473, 62477, 62483, 62497, 62501, 62507, 62533, 62539, 62549, 62563, 62581,
+62591, 62597, 62603, 62617, 62627, 62633, 62639, 62653, 62659, 62683, 62687,
+62701, 62723, 62731, 62743, 62753, 62761, 62773, 62791, 62801, 62819, 62827,
+62851, 62861, 62869, 62873, 62897, 62903, 62921, 62927, 62929, 62939, 62969,
+62971, 62981, 62983, 62987, 62989, 63029, 63031, 63059, 63067, 63073, 63079,
+63097, 63103, 63113, 63127, 63131, 63149, 63179, 63197, 63199, 63211, 63241,
+63247, 63277, 63281, 63299, 63311, 63313, 63317, 63331, 63337, 63347, 63353,
+63361, 63367, 63377, 63389, 63391, 63397, 63409, 63419, 63421, 63439, 63443,
+63463, 63467, 63473, 63487, 63493, 63499, 63521, 63527, 63533, 63541, 63559,
+63577, 63587, 63589, 63599, 63601, 63607, 63611, 63617, 63629, 63647, 63649,
+63659, 63667, 63671, 63689, 63691, 63697, 63703, 63709, 63719, 63727, 63737,
+63743, 63761, 63773, 63781, 63793, 63799, 63803, 63809, 63823, 63839, 63841,
+63853, 63857, 63863, 63901, 63907, 63913, 63929, 63949, 63977, 63997, 64007,
+64013, 64019, 64033, 64037, 64063, 64067, 64081, 64091, 64109, 64123, 64151,
+64153, 64157, 64171, 64187, 64189, 64217, 64223, 64231, 64237, 64271, 64279,
+64283, 64301, 64303, 64319, 64327, 64333, 64373, 64381, 64399, 64403, 64433,
+64439, 64451, 64453, 64483, 64489, 64499, 64513, 64553, 64567, 64577, 64579,
+64591, 64601, 64609, 64613, 64621, 64627, 64633, 64661, 64663, 64667, 64679,
+64693, 64709, 64717, 64747, 64763, 64781, 64783, 64793, 64811, 64817, 64849,
+64853, 64871, 64877, 64879, 64891, 64901, 64919, 64921, 64927, 64937, 64951,
+64969, 64997, 65003, 65011, 65027, 65029, 65033, 65053, 65063, 65071, 65089,
+65099, 65101, 65111, 65119, 65123, 65129, 65141, 65147, 65167, 65171, 65173,
+65179, 65183, 65203, 65213, 65239, 65257, 65267, 65269, 65287, 65293, 65309,
+65323, 65327, 65353, 65357, 65371, 65381, 65393, 65407, 65413, 65419, 65423,
+65437, 65447, 65449, 65479, 65497, 65519, 65521, 0 };
+
+const u64bit PRIME_PRODUCTS[PRIME_PRODUCTS_TABLE_SIZE] = {
+0xE221F97C30E94E1D, 0xE5B65ED6608B952D, 0xF4521CE5D3CA44EF, 0xF3EF021E44A7EEC3,
+0xF330D66E4349E591, 0x6F6B8463BEE90825, 0xD41D1350609EC855, 0x28681D7AA3190143,
+0x2FA51D379842A4AF, 0x84AE694AFD8B0547, 0xC7AC609EF16A407B, 0xCA376556426DE0FD,
+0x466324A8372A45D5, 0xAD7D2FB14BF7DC0B, 0x7BCD9BF6C6C26323, 0x74709A2A2637FA55,
+0x1D640B8FE0CA4311, 0xC93804EEC683CB2D, 0xB10594307EA0B7AD, 0xDE0244E8F6D2DC17,
+0x61DE0343443ED4C5, 0xCF8D577CE72384BB, 0x217168EC6F4A928B, 0xF5446BCD87F96E6B,
+0xF7E12D023D06E73D, 0x457CBC7E43B62C3F, 0x5AE2F68DB28800BF, 0x7500EDA80A9C8EA7,
+0x8DBC07E86DC4A37F, 0x9E40BF0300CA232D, 0xC0A9D8342259FCD1, 0xDFE8B5D19367A1C5,
+0xFBC11439E02B209D, 0xDA0AC1EC9E251F43, 0xAB4E5F28D129622F, 0xEBF5FBCBF5587CBD,
+0xE26B31744B05DC9D, 0xE1580FBB4592700B, 0x6539F95C9D74F439, 0xB185EF6E9070A559,
+0x699ECA919029B14B, 0xEBBFC2CC1B0DEE0F, 0x8E19279CEAF709FB, 0xFA3F354C954330EF,
+0xAE9362C721216DEF, 0xF44253878D02F03D, 0xC2D98B01DFE4F3A9, 0xE4A3E0F9407ED71F,
+0xAE2E9D8F67A52865, 0xF7DEE3EE2D340885, 0xCC1D2DEA66C3C841, 0xA827E8CE4BF5EB07,
+0xDF26E6009081BE79, 0x1969811A2B7A6A93, 0x88D31B077DEEB8A3, 0xA15E37A8F401B5C1,
+0xB27BF45E6508617B, 0xE23D5CA287D9A531, 0xD33CEF8D08A70D3F, 0xF26E164CB7B477D5,
+0xF070DAE24D8CEDA9, 0x4F580C6048999F4D, 0xFBC528EEE00D6CFB, 0xE47E34CA3E3EAC63,
+0xE2421086C3D09FE5, 0xC35091E86806D213, 0x1F29F3BD0BE9FAB3, 0xFA21995FB84F5A83,
+0xBBF6D8395F7047C7, 0xBC28039A69726205, 0xF0324199A11B5D45, 0x969FA74E537EBE09,
+0xA474F6C127403A9D, 0xEBB6153629ECDEA7, 0xC96E2D7B65D2277B, 0xD2B89C851CD9291F,
+0xEABE76C706F0C3E5, 0xB997188EA5B710D3, 0xB5B20274A0DABB6F, 0x89D99F7F39AB2B9B,
+0x138C3AC887043CCD, 0xC6D3E2761D16233F, 0x507C4D00D6B6027F, 0xBF363571906180F3,
+0x89FEA18355BD571D, 0xF55905D2F8949905, 0x65F170475F041C6F, 0x94C6E638460936A1,
+0x809F449762D125EF, 0xAC4BC4C3547A71E1, 0xF9315948183BDBC5, 0xC383E883DEA0349B,
+0xBC33CFE86CA38435, 0xC413C74E3F6F847B, 0xE25488813C3CE121, 0xFD33CDA8A0333BEF,
+0xEDCCA470B26DA57F, 0x383533808BD74477, 0x3AC02A15FC89C54D, 0x3E12CC83606624F3,
+0xAB899B62C0938D01, 0x429DC254C5490571, 0xF5554C6D540DB6A9, 0xFE3F5CCCBAFFDC95,
+0xF20E8ABC0340C14F, 0xBD633919AA5AB02F, 0x532A1FA4D0775045, 0x9F3F943B5D1E6679,
+0xA14E33555E99605D, 0xC48A6E1EC3CF4793, 0xD00AC683F6B64DB9, 0xB7316C602F3F2DDB,
+0xABF8EF8B5CABB03D, 0xFFCAA72EE6539255, 0xC1CB903C8D764FB7, 0x80300B3B06A6F3F3,
+0xC7471C73A380A4AF, 0x892E6D86008F82E3, 0x8D040C52D7C6AB79, 0xD35DE032B89A6907,
+0xD1CD5A93959C1185, 0xB87C36644FB9B3B7, 0xA827E6B6DE68593F, 0xAC16DC9E966EA68F,
+0xB3E87100AC54DE6D, 0xB98014BDAE7021B1, 0xBE350E0F484524D1, 0xC6172BCEA3A11C9B,
+0xCC01BFD8F5EE2EC3, 0xD1B284C91EED248B, 0xFDFF2DE1B95F5687, 0xE21A13779E0CCDC7,
+0xE68E732A2ABED62F, 0xEC8F38C8B28E0493, 0xF52BDF080F7ABA6F, 0xFF40ECA3CCA22CE5,
+0x215D0693AD933EB1, 0xBE2B9B2F8ECD578D, 0x843F6BF5D2BBF979, 0xCACD47144DAADA59,
+0xF19D26474F170045, 0x7A6BA19CE2FBBCD9, 0x525620BB14320123, 0xEBABCCACEACE2A81,
+0xDAD688DAC863D2F3, 0x70CF888F6F02D4BB, 0xD3EBE9A16C01996F, 0xED449526CBEBE513,
+0x991DD50C7F17A1B7, 0xD1F37E54FC6589EF, 0xB1B72FDE0EA34AFF, 0xBF1D75BDDED44FD1,
+0xD101DC5EAA25201B, 0xDF60F18616AD8EFB, 0xED74888F36648FBB, 0xFD5051BD895D6539,
+0xCCEBE44FA3E6B1BD, 0xD52A16F9E33265CB, 0xEDD3384401AD1267, 0xF3CC98549791076F,
+0x6EF7899720A0A93B, 0x7DB9EF3F5256F38F, 0x9273910ABDE6E503, 0xA3B446CA98554091,
+0xB13C2BDE8958E05D, 0xBEFA82CB25F97AF1, 0xCDC1FE0211DF150F, 0xE32387464B225385,
+0xF154C4C2CA8EABF9, 0xCF4E11D8E56F6957, 0xF7BBB96118B42F15, 0x535138221347C85D,
+0x4FFC85B96C562A71, 0x6C6FD444704EE9A9, 0x81319E967E1AABB3, 0x948BE6486434303B,
+0xAADD17A4C60E2449, 0xD619D14A9A0B5FBD, 0xE2FB3F507D8C64B5, 0xFCFCE80D5BB997DF,
+0xB08106E9D93A99AD, 0x238E12AE75BF1861, 0xE0F83D2ED5DC8AC3, 0x681FF3CFE90D481B,
+0x805517DDD3E296E7, 0x9BDBC365E2E9E57F, 0xBAE52C39C9082107, 0xF09928EC4A4C1503,
+0xF26340D17F990C75, 0x97299F4F32B7DB6B, 0xC6E38417C7E30011, 0xF582B6E0E6B7830F,
+0xD0D046F74D1ED633, 0xBEE06A041F778E5D, 0xDBE53BF49C3CF227, 0xF9F4E4C91D1537F1,
+0xA838BFF645C41F0F, 0x458809A605C2264B, 0x62C07D00B5C7B939, 0x8F303208051AF4EF,
+0xCE366281B21E7AFD, 0xE750611EA0BE8B55, 0xAACF9921F54349DD, 0xB9499C919BEDEB2D,
+0x8B5E2D6A7C0FED8D, 0xB31C12531D85C86B, 0xE2F81DD567C198ED, 0xFCBF50872C7A85B7,
+0xA7C97479B562C749, 0xDBBB14BBF9B4AC85, 0xC69D26F25DEA581D, 0xFA3CC64F8D79398D,
+0x8703AEE0630C7FEF, 0xB272C207BD08D637, 0xC50A96A2C6C59C23, 0xFB6694D346303AB1,
+0x93F2BA15512C7BE9, 0x7ED5EB28F50A553F, 0xB9BB9C7AA9343BD3, 0xE711EA83362E3FEB,
+0xC417BB9B3F863C89, 0x96A88B47EE3AAB49, 0xDF3ED601F5DCCE23, 0xB211874BB8720877,
+0x6F3E9B69CB1BDCDB, 0x9B295CC8FEBC20D5, 0xE56F23F76A71387F, 0xEA78F5BB0CD1565F,
+0xA4A428E418FD2B17, 0xDEEF3C10065A26E1, 0x2D1E8F5735933B8D, 0xF362A62EB7E3B551,
+0xF62327AE7D4E70A5, 0x28B86F69D6FCA5B5, 0x87C63FAA3E25406B, 0xD659246185DA101D,
+0xC10B2CF6559274B7, 0x727BF31FFF9B208B, 0xEA55235C4B98064D, 0xFBCD0B3F56EABA75,
+0xFB0D12857E554175, 0xECC6FD2C8F45CC2F, 0xFAE200BB2687381B, 0x7C0001DFD91FDB5B,
+0xDEE61AC82000895B, 0x9536C4399D4F3FB7, 0xA8F1E698E4A3297F, 0xFA61F6759A6CEE8F,
+0xCBAE83BF32730B03, 0xDC7C6D1FB9E1633B, 0xF12CAF2A95AA8807, 0xDF9CC7A9C8FFEF4D,
+0xD0744F8438C2E907, 0xB0DA65AB5BB20619, 0x1C0C79A379CFBF8D, 0x93AC2BC1F9EC0E29 };
+
+}
diff --git a/src/pubkey.cpp b/src/pubkey.cpp
new file mode 100644
index 000000000..75772fd47
--- /dev/null
+++ b/src/pubkey.cpp
@@ -0,0 +1,393 @@
+/*************************************************
+* Public Key Base Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/pubkey.h>
+#include <botan/parsing.h>
+#include <botan/bit_ops.h>
+#include <botan/lookup.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
+#include <memory>
+
+namespace Botan {
+
+/*************************************************
+* Encrypt a message *
+*************************************************/
+SecureVector<byte> PK_Encryptor::encrypt(const byte in[], u32bit len) const
+ {
+ return enc(in, len);
+ }
+
+/*************************************************
+* Encrypt a message *
+*************************************************/
+SecureVector<byte> PK_Encryptor::encrypt(const MemoryRegion<byte>& in) const
+ {
+ return enc(in.begin(), in.size());
+ }
+
+/*************************************************
+* Decrypt a message *
+*************************************************/
+SecureVector<byte> PK_Decryptor::decrypt(const byte in[], u32bit len) const
+ {
+ return dec(in, len);
+ }
+
+/*************************************************
+* Decrypt a message *
+*************************************************/
+SecureVector<byte> PK_Decryptor::decrypt(const MemoryRegion<byte>& in) const
+ {
+ return dec(in.begin(), in.size());
+ }
+
+/*************************************************
+* PK_Encryptor_MR_with_EME Constructor *
+*************************************************/
+PK_Encryptor_MR_with_EME::PK_Encryptor_MR_with_EME(const PK_Encrypting_Key& k,
+ const std::string& eme) :
+ key(k), encoder((eme == "Raw") ? 0 : get_eme(eme))
+ {
+ }
+
+/*************************************************
+* Encrypt a message *
+*************************************************/
+SecureVector<byte> PK_Encryptor_MR_with_EME::enc(const byte msg[],
+ u32bit length) const
+ {
+ SecureVector<byte> message;
+ if(encoder) message = encoder->encode(msg, length, key.max_input_bits());
+ else message.set(msg, length);
+
+ if(8*(message.size() - 1) + high_bit(message[0]) > key.max_input_bits())
+ throw Exception("PK_Encryptor_MR_with_EME: Input is too large");
+
+ return key.encrypt(message, message.size());
+ }
+
+/*************************************************
+* Return the max size, in bytes, of a message *
+*************************************************/
+u32bit PK_Encryptor_MR_with_EME::maximum_input_size() const
+ {
+ if(!encoder)
+ return (key.max_input_bits() / 8);
+ else
+ return encoder->maximum_input_size(key.max_input_bits());
+ }
+
+/*************************************************
+* PK_Decryptor_MR_with_EME Constructor *
+*************************************************/
+PK_Decryptor_MR_with_EME::PK_Decryptor_MR_with_EME(const PK_Decrypting_Key& k,
+ const std::string& eme) :
+ key(k), encoder((eme == "Raw") ? 0 : get_eme(eme))
+ {
+ }
+
+/*************************************************
+* Decrypt a message *
+*************************************************/
+SecureVector<byte> PK_Decryptor_MR_with_EME::dec(const byte msg[],
+ u32bit length) const
+ {
+ try {
+ SecureVector<byte> decrypted = key.decrypt(msg, length);
+ if(encoder)
+ return encoder->decode(decrypted, key.max_input_bits());
+ else
+ return decrypted;
+ }
+ catch(Invalid_Argument)
+ {
+ throw Exception("PK_Decryptor_MR_with_EME: Input is invalid");
+ }
+ catch(Decoding_Error)
+ {
+ throw Exception("PK_Decryptor_MR_with_EME: Input is invalid");
+ }
+ }
+
+/*************************************************
+* PK_Signer Constructor *
+*************************************************/
+PK_Signer::PK_Signer(const PK_Signing_Key& k, const std::string& emsa_name) :
+ key(k), emsa(get_emsa(emsa_name))
+ {
+ sig_format = IEEE_1363;
+ }
+
+/*************************************************
+* Set the signature format *
+*************************************************/
+void PK_Signer::set_output_format(Signature_Format format)
+ {
+ if(key.message_parts() == 1 && format != IEEE_1363)
+ throw Invalid_State("PK_Signer: Cannot set the output format for " +
+ key.algo_name() + " keys");
+ sig_format = format;
+ }
+
+/*************************************************
+* Sign a message *
+*************************************************/
+SecureVector<byte> PK_Signer::sign_message(const byte msg[], u32bit length)
+ {
+ update(msg, length);
+ return signature();
+ }
+
+/*************************************************
+* Sign a message *
+*************************************************/
+SecureVector<byte> PK_Signer::sign_message(const MemoryRegion<byte>& msg)
+ {
+ return sign_message(msg, msg.size());
+ }
+
+/*************************************************
+* Add more to the message to be signed *
+*************************************************/
+void PK_Signer::update(const byte in[], u32bit length)
+ {
+ emsa->update(in, length);
+ }
+
+/*************************************************
+* Add more to the message to be signed *
+*************************************************/
+void PK_Signer::update(byte in)
+ {
+ update(&in, 1);
+ }
+
+/*************************************************
+* Add more to the message to be signed *
+*************************************************/
+void PK_Signer::update(const MemoryRegion<byte>& in)
+ {
+ update(in, in.size());
+ }
+
+/*************************************************
+* Create a signature *
+*************************************************/
+SecureVector<byte> PK_Signer::signature()
+ {
+ SecureVector<byte> encoded = emsa->encoding_of(emsa->raw_data(),
+ key.max_input_bits());
+ SecureVector<byte> plain_sig = key.sign(encoded, encoded.size());
+
+ if(key.message_parts() == 1 || sig_format == IEEE_1363)
+ return plain_sig;
+
+ if(sig_format == DER_SEQUENCE)
+ {
+ if(plain_sig.size() % key.message_parts())
+ throw Encoding_Error("PK_Signer: strange signature size found");
+ const u32bit SIZE_OF_PART = plain_sig.size() / key.message_parts();
+
+ std::vector<BigInt> sig_parts(key.message_parts());
+ for(u32bit j = 0; j != sig_parts.size(); ++j)
+ sig_parts[j].binary_decode(plain_sig + SIZE_OF_PART*j, SIZE_OF_PART);
+
+ DER_Encoder der_sig;
+ der_sig.start_sequence();
+ for(u32bit j = 0; j != sig_parts.size(); ++j)
+ der_sig.encode(sig_parts[j]);
+ der_sig.end_sequence();
+
+ return der_sig.get_contents();
+ }
+ else
+ throw Encoding_Error("PK_Signer: Unknown signature format " +
+ to_string(sig_format));
+ }
+
+/*************************************************
+* PK_Verifier Constructor *
+*************************************************/
+PK_Verifier::PK_Verifier(const PK_Key& k, const std::string& emsa_name) :
+ emsa(get_emsa(emsa_name)), key(k)
+ {
+ sig_format = IEEE_1363;
+ }
+
+/*************************************************
+* Set the signature format *
+*************************************************/
+void PK_Verifier::set_input_format(Signature_Format format)
+ {
+ if(key.message_parts() == 1 && format != IEEE_1363)
+ throw Invalid_State("PK_Verifier: This algorithm always uses IEEE 1363");
+ sig_format = format;
+ }
+
+/*************************************************
+* Verify a message *
+*************************************************/
+bool PK_Verifier::verify_message(const MemoryRegion<byte>& msg,
+ const MemoryRegion<byte>& sig)
+ {
+ return verify_message(msg, msg.size(), sig, sig.size());
+ }
+
+/*************************************************
+* Verify a message *
+*************************************************/
+bool PK_Verifier::verify_message(const byte msg[], u32bit msg_length,
+ const byte sig[], u32bit sig_length)
+ {
+ update(msg, msg_length);
+ return check_signature(sig, sig_length);
+ }
+
+/*************************************************
+* Append to the message *
+*************************************************/
+void PK_Verifier::update(const byte in[], u32bit length)
+ {
+ emsa->update(in, length);
+ }
+
+/*************************************************
+* Append to the message *
+*************************************************/
+void PK_Verifier::update(byte in)
+ {
+ update(&in, 1);
+ }
+
+/*************************************************
+* Append to the message *
+*************************************************/
+void PK_Verifier::update(const MemoryRegion<byte>& in)
+ {
+ update(in, in.size());
+ }
+
+/*************************************************
+* Check a signature *
+*************************************************/
+bool PK_Verifier::check_signature(const MemoryRegion<byte>& sig)
+ {
+ return check_signature(sig, sig.size());
+ }
+
+/*************************************************
+* Check a signature *
+*************************************************/
+bool PK_Verifier::check_signature(const byte sig[], u32bit length)
+ {
+ try {
+ if(sig_format == IEEE_1363)
+ return validate_signature(emsa->raw_data(), sig, length);
+ else if(sig_format == DER_SEQUENCE)
+ {
+ BER_Decoder decoder(sig, length);
+ BER_Decoder ber_sig = BER::get_subsequence(decoder);
+
+ u32bit count = 0;
+ SecureVector<byte> real_sig;
+ while(ber_sig.more_items())
+ {
+ BigInt sig_part;
+ ber_sig.decode(sig_part);
+ real_sig.append(BigInt::encode_1363(sig_part,
+ key.message_part_size()));
+ ++count;
+ }
+ if(count != key.message_parts())
+ throw Decoding_Error("PK_Verifier: signature size invalid");
+
+ return validate_signature(emsa->raw_data(),
+ real_sig, real_sig.size());
+ }
+ else
+ throw Decoding_Error("PK_Verifier: Unknown signature format " +
+ to_string(sig_format));
+ }
+ catch(Invalid_Argument) { return false; }
+ catch(Decoding_Error) { return false; }
+ }
+
+/*************************************************
+* PK_Verifier_with_MR Constructor *
+*************************************************/
+PK_Verifier_with_MR::PK_Verifier_with_MR(const PK_Verifying_with_MR_Key& k,
+ const std::string& emsa_name) :
+ PK_Verifier(k, emsa_name), key(k)
+ {
+ }
+
+/*************************************************
+* Verify a signature *
+*************************************************/
+bool PK_Verifier_with_MR::validate_signature(const MemoryRegion<byte>& msg,
+ const byte sig[], u32bit sig_len)
+ {
+ SecureVector<byte> output_of_key = key.verify(sig, sig_len);
+ return emsa->verify(output_of_key, msg, key.max_input_bits());
+ }
+
+/*************************************************
+* PK_Verifier_wo_MR Constructor *
+*************************************************/
+PK_Verifier_wo_MR::PK_Verifier_wo_MR(const PK_Verifying_wo_MR_Key& k,
+ const std::string& emsa_name) :
+ PK_Verifier(k, emsa_name), key(k)
+ {
+ }
+
+/*************************************************
+* Verify a signature *
+*************************************************/
+bool PK_Verifier_wo_MR::validate_signature(const MemoryRegion<byte>& msg,
+ const byte sig[], u32bit sig_len)
+ {
+ SecureVector<byte> encoded = emsa->encoding_of(msg, key.max_input_bits());
+ return key.verify(encoded, encoded.size(), sig, sig_len);
+ }
+
+/*************************************************
+* PK_Key_Agreement Constructor *
+*************************************************/
+PK_Key_Agreement::PK_Key_Agreement(const PK_Key_Agreement_Key& k,
+ const std::string& k_name) :
+ key(k), kdf_name(k_name)
+ {
+ }
+
+/*************************************************
+* Perform Key Agreement Operation *
+*************************************************/
+SymmetricKey PK_Key_Agreement::derive_key(u32bit key_len,
+ const byte in[], u32bit in_len,
+ const std::string& params) const
+ {
+ return derive_key(key_len, in, in_len,
+ (const byte*)params.c_str(), params.length());
+ }
+
+/*************************************************
+* Perform Key Agreement Operation *
+*************************************************/
+SymmetricKey PK_Key_Agreement::derive_key(u32bit key_len, const byte in[],
+ u32bit in_len, const byte params[],
+ u32bit params_len) const
+ {
+ std::auto_ptr<KDF> kdf((kdf_name == "Raw") ? 0 : get_kdf(kdf_name));
+ OctetString z = key.derive_key(in, in_len);
+
+ if(kdf.get())
+ z = kdf->derive_key(key_len, z.bits_of(), params, params_len);
+
+ return z;
+ }
+
+}
diff --git a/src/randpool.cpp b/src/randpool.cpp
new file mode 100644
index 000000000..5dd4988da
--- /dev/null
+++ b/src/randpool.cpp
@@ -0,0 +1,189 @@
+/*************************************************
+* Randpool Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/randpool.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+#include <botan/util.h>
+#include <algorithm>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* PRF based on a MAC *
+*************************************************/
+enum RANDPOOL_PRF_TAG {
+ USER_INPUT = 0,
+ CIPHER_KEY = 1,
+ MAC_KEY = 2,
+ GEN_OUTPUT = 3
+};
+
+SecureVector<byte> randpool_prf(MessageAuthenticationCode* mac,
+ RANDPOOL_PRF_TAG tag,
+ const byte in[], u32bit length)
+ {
+ mac->update((byte)tag);
+ mac->update(in, length);
+ return mac->final();
+ }
+
+}
+
+/*************************************************
+* Generate a buffer of random bytes *
+*************************************************/
+void Randpool::randomize(byte out[], u32bit length) throw(PRNG_Unseeded)
+ {
+ if(!is_seeded())
+ throw PRNG_Unseeded(name());
+
+ update_buffer();
+ while(length)
+ {
+ const u32bit copied = std::min(length, buffer.size());
+ copy_mem(out, buffer.begin(), copied);
+ out += copied;
+ length -= copied;
+ update_buffer();
+ }
+ }
+
+/*************************************************
+* Refill the output buffer *
+*************************************************/
+void Randpool::update_buffer()
+ {
+ const u64bit timestamp = system_clock();
+
+ for(u32bit j = 0; j != counter.size(); ++j)
+ if(++counter[j])
+ break;
+ for(u32bit j = 0; j != 8; ++j)
+ counter[j+4] = get_byte(j, timestamp);
+
+ SecureVector<byte> mac_val = randpool_prf(mac, GEN_OUTPUT,
+ counter, counter.size());
+
+ for(u32bit j = 0; j != mac_val.size(); ++j)
+ buffer[j % buffer.size()] ^= mac_val[j];
+ cipher->encrypt(buffer);
+
+ if(counter[0] % ITERATIONS_BEFORE_RESEED == 0)
+ {
+ mix_pool();
+ update_buffer();
+ }
+ }
+
+/*************************************************
+* Mix the entropy pool *
+*************************************************/
+void Randpool::mix_pool()
+ {
+ const u32bit BLOCK_SIZE = cipher->BLOCK_SIZE;
+
+ mac->set_key(randpool_prf(mac, MAC_KEY, pool, pool.size()));
+ cipher->set_key(randpool_prf(mac, CIPHER_KEY, pool, pool.size()));
+
+ xor_buf(pool, buffer, BLOCK_SIZE);
+ cipher->encrypt(pool);
+ for(u32bit j = 1; j != POOL_BLOCKS; ++j)
+ {
+ const byte* previous_block = pool + BLOCK_SIZE*(j-1);
+ byte* this_block = pool + BLOCK_SIZE*j;
+ xor_buf(this_block, previous_block, BLOCK_SIZE);
+ cipher->encrypt(this_block);
+ }
+ }
+
+/*************************************************
+* Add entropy to the internal state *
+*************************************************/
+void Randpool::add_randomness(const byte data[], u32bit length)
+ {
+ u32bit this_entropy = entropy_estimate(data, length);
+ entropy += std::min(this_entropy, 8*mac->OUTPUT_LENGTH);
+ entropy = std::min(entropy, 8 * pool.size());
+
+ SecureVector<byte> mac_val = randpool_prf(mac, USER_INPUT, data, length);
+ xor_buf(pool, mac_val, mac_val.size());
+ mix_pool();
+ }
+
+/*************************************************
+* Check if the the pool is seeded *
+*************************************************/
+bool Randpool::is_seeded() const
+ {
+ return (entropy >= 256);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void Randpool::clear() throw()
+ {
+ cipher->clear();
+ mac->clear();
+ pool.clear();
+ buffer.clear();
+ counter.clear();
+ entropy = 0;
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string Randpool::name() const
+ {
+ return "Randpool(" + cipher->name() + "," + mac->name() + ")";
+ }
+
+/*************************************************
+* Randpool Constructor *
+*************************************************/
+Randpool::Randpool() : ITERATIONS_BEFORE_RESEED(8), POOL_BLOCKS(32)
+ {
+ const std::string CIPHER_NAME = "AES-256";
+ const std::string MAC_NAME = "HMAC(SHA-256)";
+
+ cipher = get_block_cipher(CIPHER_NAME);
+ mac = get_mac(MAC_NAME);
+
+ const u32bit BLOCK_SIZE = cipher->BLOCK_SIZE;
+ const u32bit OUTPUT_LENGTH = mac->OUTPUT_LENGTH;
+
+ if(OUTPUT_LENGTH < BLOCK_SIZE ||
+ !cipher->valid_keylength(OUTPUT_LENGTH) ||
+ !mac->valid_keylength(OUTPUT_LENGTH))
+ {
+ delete cipher;
+ delete mac;
+ throw Internal_Error("Randpool: Invalid algorithm combination " +
+ CIPHER_NAME + "/" + MAC_NAME);
+ }
+
+ buffer.create(BLOCK_SIZE);
+ pool.create(POOL_BLOCKS * BLOCK_SIZE);
+ counter.create(12);
+ entropy = 0;
+
+ mix_pool();
+ }
+
+/*************************************************
+* Randpool Destructor *
+*************************************************/
+Randpool::~Randpool()
+ {
+ delete cipher;
+ delete mac;
+ entropy = 0;
+ }
+
+}
diff --git a/src/rc2.cpp b/src/rc2.cpp
new file mode 100644
index 000000000..c5df72878
--- /dev/null
+++ b/src/rc2.cpp
@@ -0,0 +1,166 @@
+/*************************************************
+* RC2 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/rc2.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* RC2 Encryption *
+*************************************************/
+void RC2::enc(const byte in[], byte out[]) const
+ {
+ u16bit R0 = make_u16bit(in[1], in[0]), R1 = make_u16bit(in[3], in[2]),
+ R2 = make_u16bit(in[5], in[4]), R3 = make_u16bit(in[7], in[6]);
+ mix(R0, R1, R2, R3, 0); mix(R0, R1, R2, R3, 1); mix(R0, R1, R2, R3, 2);
+ mix(R0, R1, R2, R3, 3); mix(R0, R1, R2, R3, 4); mash(R0, R1, R2, R3);
+ mix(R0, R1, R2, R3, 5); mix(R0, R1, R2, R3, 6); mix(R0, R1, R2, R3, 7);
+ mix(R0, R1, R2, R3, 8); mix(R0, R1, R2, R3, 9); mix(R0, R1, R2, R3,10);
+ mash(R0, R1, R2, R3); mix(R0, R1, R2, R3,11); mix(R0, R1, R2, R3,12);
+ mix(R0, R1, R2, R3,13); mix(R0, R1, R2, R3,14); mix(R0, R1, R2, R3,15);
+ out[0] = get_byte(1, R0); out[1] = get_byte(0, R0);
+ out[2] = get_byte(1, R1); out[3] = get_byte(0, R1);
+ out[4] = get_byte(1, R2); out[5] = get_byte(0, R2);
+ out[6] = get_byte(1, R3); out[7] = get_byte(0, R3);
+ }
+
+/*************************************************
+* RC2 Decryption *
+*************************************************/
+void RC2::dec(const byte in[], byte out[]) const
+ {
+ u16bit R0 = make_u16bit(in[1], in[0]), R1 = make_u16bit(in[3], in[2]),
+ R2 = make_u16bit(in[5], in[4]), R3 = make_u16bit(in[7], in[6]);
+ rmix(R0, R1, R2, R3,15); rmix(R0, R1, R2, R3,14); rmix(R0, R1, R2, R3,13);
+ rmix(R0, R1, R2, R3,12); rmix(R0, R1, R2, R3,11); rmash(R0, R1, R2, R3);
+ rmix(R0, R1, R2, R3,10); rmix(R0, R1, R2, R3, 9); rmix(R0, R1, R2, R3, 8);
+ rmix(R0, R1, R2, R3, 7); rmix(R0, R1, R2, R3, 6); rmix(R0, R1, R2, R3, 5);
+ rmash(R0, R1, R2, R3); rmix(R0, R1, R2, R3, 4); rmix(R0, R1, R2, R3, 3);
+ rmix(R0, R1, R2, R3, 2); rmix(R0, R1, R2, R3, 1); rmix(R0, R1, R2, R3, 0);
+ out[0] = get_byte(1, R0); out[1] = get_byte(0, R0);
+ out[2] = get_byte(1, R1); out[3] = get_byte(0, R1);
+ out[4] = get_byte(1, R2); out[5] = get_byte(0, R2);
+ out[6] = get_byte(1, R3); out[7] = get_byte(0, R3);
+ }
+
+/*************************************************
+* RC2 Mix Function *
+*************************************************/
+void RC2::mix(u16bit& R0, u16bit& R1, u16bit& R2,
+ u16bit& R3, u32bit round) const
+ {
+ R0 += (R1 & ~R3) + (R2 & R3) + K[4*round ]; R0 = rotate_left(R0, 1);
+ R1 += (R2 & ~R0) + (R3 & R0) + K[4*round + 1]; R1 = rotate_left(R1, 2);
+ R2 += (R3 & ~R1) + (R0 & R1) + K[4*round + 2]; R2 = rotate_left(R2, 3);
+ R3 += (R0 & ~R2) + (R1 & R2) + K[4*round + 3]; R3 = rotate_left(R3, 5);
+ }
+
+/*************************************************
+* RC2 R-Mix Function *
+*************************************************/
+void RC2::rmix(u16bit& R0, u16bit& R1, u16bit& R2,
+ u16bit& R3, u32bit round) const
+ {
+ R3 = rotate_right(R3, 5); R3 -= (R0 & ~R2) + (R1 & R2) + K[4*round + 3];
+ R2 = rotate_right(R2, 3); R2 -= (R3 & ~R1) + (R0 & R1) + K[4*round + 2];
+ R1 = rotate_right(R1, 2); R1 -= (R2 & ~R0) + (R3 & R0) + K[4*round + 1];
+ R0 = rotate_right(R0, 1); R0 -= (R1 & ~R3) + (R2 & R3) + K[4*round + 0];
+ }
+
+/*************************************************
+* RC2 Mash Function *
+*************************************************/
+void RC2::mash(u16bit& R0, u16bit& R1, u16bit& R2, u16bit& R3) const
+ {
+ R0 += K[R3 % 64]; R1 += K[R0 % 64]; R2 += K[R1 % 64]; R3 += K[R2 % 64];
+ }
+
+/*************************************************
+* RC2 R-Mash Function *
+*************************************************/
+void RC2::rmash(u16bit& R0, u16bit& R1, u16bit& R2, u16bit& R3) const
+ {
+ R3 -= K[R2 % 64]; R2 -= K[R1 % 64]; R1 -= K[R0 % 64]; R0 -= K[R3 % 64];
+ }
+
+/*************************************************
+* RC2 Key Schedule *
+*************************************************/
+void RC2::key(const byte key[], u32bit length)
+ {
+ static const byte TABLE[256] = {
+ 0xD9, 0x78, 0xF9, 0xC4, 0x19, 0xDD, 0xB5, 0xED, 0x28, 0xE9, 0xFD, 0x79,
+ 0x4A, 0xA0, 0xD8, 0x9D, 0xC6, 0x7E, 0x37, 0x83, 0x2B, 0x76, 0x53, 0x8E,
+ 0x62, 0x4C, 0x64, 0x88, 0x44, 0x8B, 0xFB, 0xA2, 0x17, 0x9A, 0x59, 0xF5,
+ 0x87, 0xB3, 0x4F, 0x13, 0x61, 0x45, 0x6D, 0x8D, 0x09, 0x81, 0x7D, 0x32,
+ 0xBD, 0x8F, 0x40, 0xEB, 0x86, 0xB7, 0x7B, 0x0B, 0xF0, 0x95, 0x21, 0x22,
+ 0x5C, 0x6B, 0x4E, 0x82, 0x54, 0xD6, 0x65, 0x93, 0xCE, 0x60, 0xB2, 0x1C,
+ 0x73, 0x56, 0xC0, 0x14, 0xA7, 0x8C, 0xF1, 0xDC, 0x12, 0x75, 0xCA, 0x1F,
+ 0x3B, 0xBE, 0xE4, 0xD1, 0x42, 0x3D, 0xD4, 0x30, 0xA3, 0x3C, 0xB6, 0x26,
+ 0x6F, 0xBF, 0x0E, 0xDA, 0x46, 0x69, 0x07, 0x57, 0x27, 0xF2, 0x1D, 0x9B,
+ 0xBC, 0x94, 0x43, 0x03, 0xF8, 0x11, 0xC7, 0xF6, 0x90, 0xEF, 0x3E, 0xE7,
+ 0x06, 0xC3, 0xD5, 0x2F, 0xC8, 0x66, 0x1E, 0xD7, 0x08, 0xE8, 0xEA, 0xDE,
+ 0x80, 0x52, 0xEE, 0xF7, 0x84, 0xAA, 0x72, 0xAC, 0x35, 0x4D, 0x6A, 0x2A,
+ 0x96, 0x1A, 0xD2, 0x71, 0x5A, 0x15, 0x49, 0x74, 0x4B, 0x9F, 0xD0, 0x5E,
+ 0x04, 0x18, 0xA4, 0xEC, 0xC2, 0xE0, 0x41, 0x6E, 0x0F, 0x51, 0xCB, 0xCC,
+ 0x24, 0x91, 0xAF, 0x50, 0xA1, 0xF4, 0x70, 0x39, 0x99, 0x7C, 0x3A, 0x85,
+ 0x23, 0xB8, 0xB4, 0x7A, 0xFC, 0x02, 0x36, 0x5B, 0x25, 0x55, 0x97, 0x31,
+ 0x2D, 0x5D, 0xFA, 0x98, 0xE3, 0x8A, 0x92, 0xAE, 0x05, 0xDF, 0x29, 0x10,
+ 0x67, 0x6C, 0xBA, 0xC9, 0xD3, 0x00, 0xE6, 0xCF, 0xE1, 0x9E, 0xA8, 0x2C,
+ 0x63, 0x16, 0x01, 0x3F, 0x58, 0xE2, 0x89, 0xA9, 0x0D, 0x38, 0x34, 0x1B,
+ 0xAB, 0x33, 0xFF, 0xB0, 0xBB, 0x48, 0x0C, 0x5F, 0xB9, 0xB1, 0xCD, 0x2E,
+ 0xC5, 0xF3, 0xDB, 0x47, 0xE5, 0xA5, 0x9C, 0x77, 0x0A, 0xA6, 0x20, 0x68,
+ 0xFE, 0x7F, 0xC1, 0xAD };
+
+ SecureBuffer<byte, 128> L;
+ L.copy(key, length);
+
+ for(u32bit j = length; j != 128; ++j)
+ L[j] = TABLE[(L[j-1] + L[j-length]) % 256];
+ L[128-length] = TABLE[L[128-length]];
+ for(s32bit j = 127-length; j >= 0; --j)
+ L[j] = TABLE[L[j+1] ^ L[j+length]];
+
+ for(u32bit j = 0; j != 64; ++j)
+ K[j] = make_u16bit(L[2*j+1], L[2*j]);
+ }
+
+/*************************************************
+* Return the code of the effective key bits *
+*************************************************/
+byte RC2::EKB_code(u32bit ekb)
+ {
+ const byte EKB[256] = {
+ 0xBD, 0x56, 0xEA, 0xF2, 0xA2, 0xF1, 0xAC, 0x2A, 0xB0, 0x93, 0xD1, 0x9C,
+ 0x1B, 0x33, 0xFD, 0xD0, 0x30, 0x04, 0xB6, 0xDC, 0x7D, 0xDF, 0x32, 0x4B,
+ 0xF7, 0xCB, 0x45, 0x9B, 0x31, 0xBB, 0x21, 0x5A, 0x41, 0x9F, 0xE1, 0xD9,
+ 0x4A, 0x4D, 0x9E, 0xDA, 0xA0, 0x68, 0x2C, 0xC3, 0x27, 0x5F, 0x80, 0x36,
+ 0x3E, 0xEE, 0xFB, 0x95, 0x1A, 0xFE, 0xCE, 0xA8, 0x34, 0xA9, 0x13, 0xF0,
+ 0xA6, 0x3F, 0xD8, 0x0C, 0x78, 0x24, 0xAF, 0x23, 0x52, 0xC1, 0x67, 0x17,
+ 0xF5, 0x66, 0x90, 0xE7, 0xE8, 0x07, 0xB8, 0x60, 0x48, 0xE6, 0x1E, 0x53,
+ 0xF3, 0x92, 0xA4, 0x72, 0x8C, 0x08, 0x15, 0x6E, 0x86, 0x00, 0x84, 0xFA,
+ 0xF4, 0x7F, 0x8A, 0x42, 0x19, 0xF6, 0xDB, 0xCD, 0x14, 0x8D, 0x50, 0x12,
+ 0xBA, 0x3C, 0x06, 0x4E, 0xEC, 0xB3, 0x35, 0x11, 0xA1, 0x88, 0x8E, 0x2B,
+ 0x94, 0x99, 0xB7, 0x71, 0x74, 0xD3, 0xE4, 0xBF, 0x3A, 0xDE, 0x96, 0x0E,
+ 0xBC, 0x0A, 0xED, 0x77, 0xFC, 0x37, 0x6B, 0x03, 0x79, 0x89, 0x62, 0xC6,
+ 0xD7, 0xC0, 0xD2, 0x7C, 0x6A, 0x8B, 0x22, 0xA3, 0x5B, 0x05, 0x5D, 0x02,
+ 0x75, 0xD5, 0x61, 0xE3, 0x18, 0x8F, 0x55, 0x51, 0xAD, 0x1F, 0x0B, 0x5E,
+ 0x85, 0xE5, 0xC2, 0x57, 0x63, 0xCA, 0x3D, 0x6C, 0xB4, 0xC5, 0xCC, 0x70,
+ 0xB2, 0x91, 0x59, 0x0D, 0x47, 0x20, 0xC8, 0x4F, 0x58, 0xE0, 0x01, 0xE2,
+ 0x16, 0x38, 0xC4, 0x6F, 0x3B, 0x0F, 0x65, 0x46, 0xBE, 0x7E, 0x2D, 0x7B,
+ 0x82, 0xF9, 0x40, 0xB5, 0x1D, 0x73, 0xF8, 0xEB, 0x26, 0xC7, 0x87, 0x97,
+ 0x25, 0x54, 0xB1, 0x28, 0xAA, 0x98, 0x9D, 0xA5, 0x64, 0x6D, 0x7A, 0xD4,
+ 0x10, 0x81, 0x44, 0xEF, 0x49, 0xD6, 0xAE, 0x2E, 0xDD, 0x76, 0x5C, 0x2F,
+ 0xA7, 0x1C, 0xC9, 0x09, 0x69, 0x9A, 0x83, 0xCF, 0x29, 0x39, 0xB9, 0xE9,
+ 0x4C, 0xFF, 0x43, 0xAB };
+
+ if(ekb < 256)
+ return EKB[ekb];
+ else
+ throw Encoding_Error("RC2::EKB_code: EKB is too large");
+ }
+
+}
diff --git a/src/rc5.cpp b/src/rc5.cpp
new file mode 100644
index 000000000..f475a26ad
--- /dev/null
+++ b/src/rc5.cpp
@@ -0,0 +1,104 @@
+/*************************************************
+* RC5 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/rc5.h>
+#include <botan/bit_ops.h>
+#include <botan/parsing.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* RC5 Encryption *
+*************************************************/
+void RC5::enc(const byte in[], byte out[]) const
+ {
+ u32bit A = make_u32bit(in[3], in[2], in[1], in[0]),
+ B = make_u32bit(in[7], in[6], in[5], in[4]);
+ A += S[0]; B += S[1];
+ for(u32bit j = 0; j != ROUNDS; j += 4)
+ {
+ A = rotate_left(A ^ B, B % 32) + S[2*j+2];
+ B = rotate_left(B ^ A, A % 32) + S[2*j+3];
+ A = rotate_left(A ^ B, B % 32) + S[2*j+4];
+ B = rotate_left(B ^ A, A % 32) + S[2*j+5];
+ A = rotate_left(A ^ B, B % 32) + S[2*j+6];
+ B = rotate_left(B ^ A, A % 32) + S[2*j+7];
+ A = rotate_left(A ^ B, B % 32) + S[2*j+8];
+ B = rotate_left(B ^ A, A % 32) + S[2*j+9];
+ }
+ out[0] = get_byte(3, A); out[1] = get_byte(2, A);
+ out[2] = get_byte(1, A); out[3] = get_byte(0, A);
+ out[4] = get_byte(3, B); out[5] = get_byte(2, B);
+ out[6] = get_byte(1, B); out[7] = get_byte(0, B);
+ }
+
+/*************************************************
+* RC5 Decryption *
+*************************************************/
+void RC5::dec(const byte in[], byte out[]) const
+ {
+ u32bit A = make_u32bit(in[3], in[2], in[1], in[0]),
+ B = make_u32bit(in[7], in[6], in[5], in[4]);
+ for(u32bit j = ROUNDS; j != 0; j -= 4)
+ {
+ B = rotate_right(B - S[2*j+1], A % 32) ^ A;
+ A = rotate_right(A - S[2*j ], B % 32) ^ B;
+ B = rotate_right(B - S[2*j-1], A % 32) ^ A;
+ A = rotate_right(A - S[2*j-2], B % 32) ^ B;
+ B = rotate_right(B - S[2*j-3], A % 32) ^ A;
+ A = rotate_right(A - S[2*j-4], B % 32) ^ B;
+ B = rotate_right(B - S[2*j-5], A % 32) ^ A;
+ A = rotate_right(A - S[2*j-6], B % 32) ^ B;
+ }
+ B -= S[1]; A -= S[0];
+ out[0] = get_byte(3, A); out[1] = get_byte(2, A);
+ out[2] = get_byte(1, A); out[3] = get_byte(0, A);
+ out[4] = get_byte(3, B); out[5] = get_byte(2, B);
+ out[6] = get_byte(1, B); out[7] = get_byte(0, B);
+ }
+
+/*************************************************
+* RC5 Key Schedule *
+*************************************************/
+void RC5::key(const byte key[], u32bit length)
+ {
+ const u32bit WORD_KEYLENGTH = (((length - 1) / 4) + 1),
+ MIX_ROUNDS = 3*std::max(WORD_KEYLENGTH, S.size());
+ S[0] = 0xB7E15163;
+ for(u32bit j = 1; j != S.size(); ++j)
+ S[j] = S[j-1] + 0x9E3779B9;
+
+ SecureBuffer<u32bit, 8> K;
+ for(s32bit j = length-1; j >= 0; --j)
+ K[j/4] = (K[j/4] << 8) + key[j];
+ for(u32bit j = 0, A = 0, B = 0; j != MIX_ROUNDS; ++j)
+ {
+ A = rotate_left(S[j % S.size()] + A + B, 3);
+ B = rotate_left(K[j % WORD_KEYLENGTH] + A + B, (A + B) % 32);
+ S[j % S.size()] = A;
+ K[j % WORD_KEYLENGTH] = B;
+ }
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string RC5::name() const
+ {
+ return "RC5(" + to_string(ROUNDS) + ")";
+ }
+
+/*************************************************
+* RC5 Constructor *
+*************************************************/
+RC5::RC5(u32bit r) : BlockCipher(8, 1, 32), ROUNDS(r)
+ {
+ if(ROUNDS < 8 || ROUNDS > 32 || (ROUNDS % 4 != 0))
+ throw Invalid_Argument(name() + ": Invalid number of rounds");
+ S.create(2*ROUNDS + 2);
+ }
+
+}
diff --git a/src/rc6.cpp b/src/rc6.cpp
new file mode 100644
index 000000000..92b56d8e8
--- /dev/null
+++ b/src/rc6.cpp
@@ -0,0 +1,133 @@
+/*************************************************
+* RC6 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/rc6.h>
+#include <botan/bit_ops.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* RC6 Encryption *
+*************************************************/
+void RC6::enc(const byte in[], byte out[]) const
+ {
+ u32bit A = make_u32bit(in[ 3], in[ 2], in[ 1], in[ 0]),
+ B = make_u32bit(in[ 7], in[ 6], in[ 5], in[ 4]),
+ C = make_u32bit(in[11], in[10], in[ 9], in[ 8]),
+ D = make_u32bit(in[15], in[14], in[13], in[12]);
+
+ B += S[0]; D += S[1];
+
+ for(u32bit j = 0; j != 20; j += 4)
+ {
+ u32bit T1, T2;
+
+ T1 = rotate_left(B*(2*B+1), 5);
+ T2 = rotate_left(D*(2*D+1), 5);
+ A = rotate_left(A ^ T1, T2 % 32) + S[2*j+2];
+ C = rotate_left(C ^ T2, T1 % 32) + S[2*j+3];
+
+ T1 = rotate_left(C*(2*C+1), 5);
+ T2 = rotate_left(A*(2*A+1), 5);
+ B = rotate_left(B ^ T1, T2 % 32) + S[2*j+4];
+ D = rotate_left(D ^ T2, T1 % 32) + S[2*j+5];
+
+ T1 = rotate_left(D*(2*D+1), 5);
+ T2 = rotate_left(B*(2*B+1), 5);
+ C = rotate_left(C ^ T1, T2 % 32) + S[2*j+6];
+ A = rotate_left(A ^ T2, T1 % 32) + S[2*j+7];
+
+ T1 = rotate_left(A*(2*A+1), 5);
+ T2 = rotate_left(C*(2*C+1), 5);
+ D = rotate_left(D ^ T1, T2 % 32) + S[2*j+8];
+ B = rotate_left(B ^ T2, T1 % 32) + S[2*j+9];
+ }
+
+ A += S[42]; C += S[43];
+
+ out[ 0] = get_byte(3, A); out[ 1] = get_byte(2, A);
+ out[ 2] = get_byte(1, A); out[ 3] = get_byte(0, A);
+ out[ 4] = get_byte(3, B); out[ 5] = get_byte(2, B);
+ out[ 6] = get_byte(1, B); out[ 7] = get_byte(0, B);
+ out[ 8] = get_byte(3, C); out[ 9] = get_byte(2, C);
+ out[10] = get_byte(1, C); out[11] = get_byte(0, C);
+ out[12] = get_byte(3, D); out[13] = get_byte(2, D);
+ out[14] = get_byte(1, D); out[15] = get_byte(0, D);
+ }
+
+/*************************************************
+* RC6 Decryption *
+*************************************************/
+void RC6::dec(const byte in[], byte out[]) const
+ {
+ u32bit A = make_u32bit(in[ 3], in[ 2], in[ 1], in[ 0]),
+ B = make_u32bit(in[ 7], in[ 6], in[ 5], in[ 4]),
+ C = make_u32bit(in[11], in[10], in[ 9], in[ 8]),
+ D = make_u32bit(in[15], in[14], in[13], in[12]);
+
+ C -= S[43]; A -= S[42];
+
+ for(u32bit j = 0; j != 20; j += 4)
+ {
+ u32bit T1, T2;
+
+ T1 = rotate_left(A*(2*A+1), 5);
+ T2 = rotate_left(C*(2*C+1), 5);
+ B = rotate_right(B - S[41 - 2*j], T1 % 32) ^ T2;
+ D = rotate_right(D - S[40 - 2*j], T2 % 32) ^ T1;
+
+ T1 = rotate_left(D*(2*D+1), 5);
+ T2 = rotate_left(B*(2*B+1), 5);
+ A = rotate_right(A - S[39 - 2*j], T1 % 32) ^ T2;
+ C = rotate_right(C - S[38 - 2*j], T2 % 32) ^ T1;
+
+ T1 = rotate_left(C*(2*C+1), 5);
+ T2 = rotate_left(A*(2*A+1), 5);
+ D = rotate_right(D - S[37 - 2*j], T1 % 32) ^ T2;
+ B = rotate_right(B - S[36 - 2*j], T2 % 32) ^ T1;
+
+ T1 = rotate_left(B*(2*B+1), 5);
+ T2 = rotate_left(D*(2*D+1), 5);
+ C = rotate_right(C - S[35 - 2*j], T1 % 32) ^ T2;
+ A = rotate_right(A - S[34 - 2*j], T2 % 32) ^ T1;
+ }
+
+ D -= S[1]; B -= S[0];
+
+ out[ 0] = get_byte(3, A); out[ 1] = get_byte(2, A);
+ out[ 2] = get_byte(1, A); out[ 3] = get_byte(0, A);
+ out[ 4] = get_byte(3, B); out[ 5] = get_byte(2, B);
+ out[ 6] = get_byte(1, B); out[ 7] = get_byte(0, B);
+ out[ 8] = get_byte(3, C); out[ 9] = get_byte(2, C);
+ out[10] = get_byte(1, C); out[11] = get_byte(0, C);
+ out[12] = get_byte(3, D); out[13] = get_byte(2, D);
+ out[14] = get_byte(1, D); out[15] = get_byte(0, D);
+ }
+
+/*************************************************
+* RC6 Key Schedule *
+*************************************************/
+void RC6::key(const byte key[], u32bit length)
+ {
+ const u32bit WORD_KEYLENGTH = (((length - 1) / 4) + 1),
+ MIX_ROUNDS = 3*std::max(WORD_KEYLENGTH, S.size());
+ S[0] = 0xB7E15163;
+ for(u32bit j = 1; j != S.size(); ++j)
+ S[j] = S[j-1] + 0x9E3779B9;
+
+ SecureBuffer<u32bit, 8> K;
+ for(s32bit j = length-1; j >= 0; --j)
+ K[j/4] = (K[j/4] << 8) + key[j];
+ for(u32bit j = 0, A = 0, B = 0; j != MIX_ROUNDS; ++j)
+ {
+ A = rotate_left(S[j % S.size()] + A + B, 3);
+ B = rotate_left(K[j % WORD_KEYLENGTH] + A + B, (A + B) % 32);
+ S[j % S.size()] = A;
+ K[j % WORD_KEYLENGTH] = B;
+ }
+ }
+
+}
diff --git a/src/reducer.cpp b/src/reducer.cpp
new file mode 100644
index 000000000..fc869f1e7
--- /dev/null
+++ b/src/reducer.cpp
@@ -0,0 +1,96 @@
+/*************************************************
+* Modular Reducer Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/reducer.h>
+#include <botan/bit_ops.h>
+#include <botan/numthry.h>
+#include <botan/mp_core.h>
+
+namespace Botan {
+
+/*************************************************
+* Modular_Reducer Constructor *
+*************************************************/
+Modular_Reducer::Modular_Reducer(const BigInt& mod)
+ {
+ if(mod <= 0)
+ throw Invalid_Argument("Modular_Reducer: modulus must be positive");
+
+ modulus = mod;
+ mod_words = modulus.sig_words();
+
+ modulus_2 = Botan::square(modulus);
+ mod2_words = modulus_2.sig_words();
+
+ mu = BigInt(BigInt::Power2, 2 * MP_WORD_BITS * mod_words) / modulus;
+ mu_words = mu.sig_words();
+ }
+
+/*************************************************
+* Barrett Reduction *
+*************************************************/
+BigInt Modular_Reducer::reduce(const BigInt& x) const
+ {
+ if(mod_words == 0)
+ throw Invalid_State("Modular_Reducer: Never initalized");
+
+ BigInt t1 = x;
+ t1.set_sign(BigInt::Positive);
+
+ if(t1 < modulus)
+ {
+ if(x.is_negative() && t1.is_nonzero())
+ return modulus - t1;
+ return x;
+ }
+
+ if(t1 >= modulus_2)
+ return (x % modulus);
+
+ t1 >>= (MP_WORD_BITS * (mod_words - 1));
+ t1 *= mu;
+ t1 >>= (MP_WORD_BITS * (mod_words + 1));
+
+ t1 *= modulus;
+ t1.mask_bits(MP_WORD_BITS * (mod_words+1));
+
+ BigInt t2 = x;
+ t2.set_sign(BigInt::Positive);
+ t2.mask_bits(MP_WORD_BITS * (mod_words+1));
+
+ t1 = t2 - t1;
+
+ if(t1.is_negative())
+ {
+ BigInt b_to_k1(BigInt::Power2, MP_WORD_BITS * (mod_words+1));
+ t1 += b_to_k1;
+ }
+
+ while(t1 >= modulus)
+ t1 -= modulus;
+
+ if(x.is_negative() && t1.is_nonzero())
+ t1 = modulus - t1;
+
+ return t1;
+ }
+
+/*************************************************
+* Multiply, followed by a reduction *
+*************************************************/
+BigInt Modular_Reducer::multiply(const BigInt& x, const BigInt& y) const
+ {
+ return reduce(x * y);
+ }
+
+/*************************************************
+* Square, followed by a reduction *
+*************************************************/
+BigInt Modular_Reducer::square(const BigInt& x) const
+ {
+ return reduce(Botan::square(x));
+ }
+
+}
diff --git a/src/rmd128.cpp b/src/rmd128.cpp
new file mode 100644
index 000000000..ae41fb5cc
--- /dev/null
+++ b/src/rmd128.cpp
@@ -0,0 +1,165 @@
+/*************************************************
+* RIPEMD-128 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/rmd128.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* RIPEMD-128 F1 Function *
+*************************************************/
+inline void F1(u32bit& A, u32bit B, u32bit C, u32bit D,
+ u32bit msg, u32bit shift)
+ {
+ A += (B ^ C ^ D) + msg;
+ A = rotate_left(A, shift);
+ }
+
+/*************************************************
+* RIPEMD-128 F2 Function *
+*************************************************/
+inline void F2(u32bit& A, u32bit B, u32bit C, u32bit D,
+ u32bit msg, u32bit shift, u32bit magic)
+ {
+ A += (D ^ (B & (C ^ D))) + msg + magic;
+ A = rotate_left(A, shift);
+ }
+
+/*************************************************
+* RIPEMD-128 F3 Function *
+*************************************************/
+inline void F3(u32bit& A, u32bit B, u32bit C, u32bit D,
+ u32bit msg, u32bit shift, u32bit magic)
+ {
+ A += (D ^ (B | ~C)) + msg + magic;
+ A = rotate_left(A, shift);
+ }
+
+/*************************************************
+* RIPEMD-128 F4 Function *
+*************************************************/
+inline void F4(u32bit& A, u32bit B, u32bit C, u32bit D,
+ u32bit msg, u32bit shift, u32bit magic)
+ {
+ A += (C ^ (D & (B ^ C))) + msg + magic;
+ A = rotate_left(A, shift);
+ }
+
+}
+
+/*************************************************
+* RIPEMD-128 Compression Function *
+*************************************************/
+void RIPEMD_128::hash(const byte input[])
+ {
+ for(u32bit j = 0; j != 16; ++j)
+ M[j] = make_u32bit(input[4*j+3], input[4*j+2], input[4*j+1], input[4*j]);
+
+ u32bit A1 = digest[0], A2 = A1, B1 = digest[1], B2 = B1,
+ C1 = digest[2], C2 = C1, D1 = digest[3], D2 = D1;
+
+ const u32bit MAGIC2 = 0x5A827999, MAGIC3 = 0x6ED9EBA1,
+ MAGIC4 = 0x8F1BBCDC, MAGIC5 = 0x50A28BE6,
+ MAGIC6 = 0x5C4DD124, MAGIC7 = 0x6D703EF3;
+
+ F1(A1,B1,C1,D1,M[ 0],11 ); F4(A2,B2,C2,D2,M[ 5], 8,MAGIC5);
+ F1(D1,A1,B1,C1,M[ 1],14 ); F4(D2,A2,B2,C2,M[14], 9,MAGIC5);
+ F1(C1,D1,A1,B1,M[ 2],15 ); F4(C2,D2,A2,B2,M[ 7], 9,MAGIC5);
+ F1(B1,C1,D1,A1,M[ 3],12 ); F4(B2,C2,D2,A2,M[ 0],11,MAGIC5);
+ F1(A1,B1,C1,D1,M[ 4], 5 ); F4(A2,B2,C2,D2,M[ 9],13,MAGIC5);
+ F1(D1,A1,B1,C1,M[ 5], 8 ); F4(D2,A2,B2,C2,M[ 2],15,MAGIC5);
+ F1(C1,D1,A1,B1,M[ 6], 7 ); F4(C2,D2,A2,B2,M[11],15,MAGIC5);
+ F1(B1,C1,D1,A1,M[ 7], 9 ); F4(B2,C2,D2,A2,M[ 4], 5,MAGIC5);
+ F1(A1,B1,C1,D1,M[ 8],11 ); F4(A2,B2,C2,D2,M[13], 7,MAGIC5);
+ F1(D1,A1,B1,C1,M[ 9],13 ); F4(D2,A2,B2,C2,M[ 6], 7,MAGIC5);
+ F1(C1,D1,A1,B1,M[10],14 ); F4(C2,D2,A2,B2,M[15], 8,MAGIC5);
+ F1(B1,C1,D1,A1,M[11],15 ); F4(B2,C2,D2,A2,M[ 8],11,MAGIC5);
+ F1(A1,B1,C1,D1,M[12], 6 ); F4(A2,B2,C2,D2,M[ 1],14,MAGIC5);
+ F1(D1,A1,B1,C1,M[13], 7 ); F4(D2,A2,B2,C2,M[10],14,MAGIC5);
+ F1(C1,D1,A1,B1,M[14], 9 ); F4(C2,D2,A2,B2,M[ 3],12,MAGIC5);
+ F1(B1,C1,D1,A1,M[15], 8 ); F4(B2,C2,D2,A2,M[12], 6,MAGIC5);
+
+ F2(A1,B1,C1,D1,M[ 7], 7,MAGIC2); F3(A2,B2,C2,D2,M[ 6], 9,MAGIC6);
+ F2(D1,A1,B1,C1,M[ 4], 6,MAGIC2); F3(D2,A2,B2,C2,M[11],13,MAGIC6);
+ F2(C1,D1,A1,B1,M[13], 8,MAGIC2); F3(C2,D2,A2,B2,M[ 3],15,MAGIC6);
+ F2(B1,C1,D1,A1,M[ 1],13,MAGIC2); F3(B2,C2,D2,A2,M[ 7], 7,MAGIC6);
+ F2(A1,B1,C1,D1,M[10],11,MAGIC2); F3(A2,B2,C2,D2,M[ 0],12,MAGIC6);
+ F2(D1,A1,B1,C1,M[ 6], 9,MAGIC2); F3(D2,A2,B2,C2,M[13], 8,MAGIC6);
+ F2(C1,D1,A1,B1,M[15], 7,MAGIC2); F3(C2,D2,A2,B2,M[ 5], 9,MAGIC6);
+ F2(B1,C1,D1,A1,M[ 3],15,MAGIC2); F3(B2,C2,D2,A2,M[10],11,MAGIC6);
+ F2(A1,B1,C1,D1,M[12], 7,MAGIC2); F3(A2,B2,C2,D2,M[14], 7,MAGIC6);
+ F2(D1,A1,B1,C1,M[ 0],12,MAGIC2); F3(D2,A2,B2,C2,M[15], 7,MAGIC6);
+ F2(C1,D1,A1,B1,M[ 9],15,MAGIC2); F3(C2,D2,A2,B2,M[ 8],12,MAGIC6);
+ F2(B1,C1,D1,A1,M[ 5], 9,MAGIC2); F3(B2,C2,D2,A2,M[12], 7,MAGIC6);
+ F2(A1,B1,C1,D1,M[ 2],11,MAGIC2); F3(A2,B2,C2,D2,M[ 4], 6,MAGIC6);
+ F2(D1,A1,B1,C1,M[14], 7,MAGIC2); F3(D2,A2,B2,C2,M[ 9],15,MAGIC6);
+ F2(C1,D1,A1,B1,M[11],13,MAGIC2); F3(C2,D2,A2,B2,M[ 1],13,MAGIC6);
+ F2(B1,C1,D1,A1,M[ 8],12,MAGIC2); F3(B2,C2,D2,A2,M[ 2],11,MAGIC6);
+
+ F3(A1,B1,C1,D1,M[ 3],11,MAGIC3); F2(A2,B2,C2,D2,M[15], 9,MAGIC7);
+ F3(D1,A1,B1,C1,M[10],13,MAGIC3); F2(D2,A2,B2,C2,M[ 5], 7,MAGIC7);
+ F3(C1,D1,A1,B1,M[14], 6,MAGIC3); F2(C2,D2,A2,B2,M[ 1],15,MAGIC7);
+ F3(B1,C1,D1,A1,M[ 4], 7,MAGIC3); F2(B2,C2,D2,A2,M[ 3],11,MAGIC7);
+ F3(A1,B1,C1,D1,M[ 9],14,MAGIC3); F2(A2,B2,C2,D2,M[ 7], 8,MAGIC7);
+ F3(D1,A1,B1,C1,M[15], 9,MAGIC3); F2(D2,A2,B2,C2,M[14], 6,MAGIC7);
+ F3(C1,D1,A1,B1,M[ 8],13,MAGIC3); F2(C2,D2,A2,B2,M[ 6], 6,MAGIC7);
+ F3(B1,C1,D1,A1,M[ 1],15,MAGIC3); F2(B2,C2,D2,A2,M[ 9],14,MAGIC7);
+ F3(A1,B1,C1,D1,M[ 2],14,MAGIC3); F2(A2,B2,C2,D2,M[11],12,MAGIC7);
+ F3(D1,A1,B1,C1,M[ 7], 8,MAGIC3); F2(D2,A2,B2,C2,M[ 8],13,MAGIC7);
+ F3(C1,D1,A1,B1,M[ 0],13,MAGIC3); F2(C2,D2,A2,B2,M[12], 5,MAGIC7);
+ F3(B1,C1,D1,A1,M[ 6], 6,MAGIC3); F2(B2,C2,D2,A2,M[ 2],14,MAGIC7);
+ F3(A1,B1,C1,D1,M[13], 5,MAGIC3); F2(A2,B2,C2,D2,M[10],13,MAGIC7);
+ F3(D1,A1,B1,C1,M[11],12,MAGIC3); F2(D2,A2,B2,C2,M[ 0],13,MAGIC7);
+ F3(C1,D1,A1,B1,M[ 5], 7,MAGIC3); F2(C2,D2,A2,B2,M[ 4], 7,MAGIC7);
+ F3(B1,C1,D1,A1,M[12], 5,MAGIC3); F2(B2,C2,D2,A2,M[13], 5,MAGIC7);
+
+ F4(A1,B1,C1,D1,M[ 1],11,MAGIC4); F1(A2,B2,C2,D2,M[ 8],15 );
+ F4(D1,A1,B1,C1,M[ 9],12,MAGIC4); F1(D2,A2,B2,C2,M[ 6], 5 );
+ F4(C1,D1,A1,B1,M[11],14,MAGIC4); F1(C2,D2,A2,B2,M[ 4], 8 );
+ F4(B1,C1,D1,A1,M[10],15,MAGIC4); F1(B2,C2,D2,A2,M[ 1],11 );
+ F4(A1,B1,C1,D1,M[ 0],14,MAGIC4); F1(A2,B2,C2,D2,M[ 3],14 );
+ F4(D1,A1,B1,C1,M[ 8],15,MAGIC4); F1(D2,A2,B2,C2,M[11],14 );
+ F4(C1,D1,A1,B1,M[12], 9,MAGIC4); F1(C2,D2,A2,B2,M[15], 6 );
+ F4(B1,C1,D1,A1,M[ 4], 8,MAGIC4); F1(B2,C2,D2,A2,M[ 0],14 );
+ F4(A1,B1,C1,D1,M[13], 9,MAGIC4); F1(A2,B2,C2,D2,M[ 5], 6 );
+ F4(D1,A1,B1,C1,M[ 3],14,MAGIC4); F1(D2,A2,B2,C2,M[12], 9 );
+ F4(C1,D1,A1,B1,M[ 7], 5,MAGIC4); F1(C2,D2,A2,B2,M[ 2],12 );
+ F4(B1,C1,D1,A1,M[15], 6,MAGIC4); F1(B2,C2,D2,A2,M[13], 9 );
+ F4(A1,B1,C1,D1,M[14], 8,MAGIC4); F1(A2,B2,C2,D2,M[ 9],12 );
+ F4(D1,A1,B1,C1,M[ 5], 6,MAGIC4); F1(D2,A2,B2,C2,M[ 7], 5 );
+ F4(C1,D1,A1,B1,M[ 6], 5,MAGIC4); F1(C2,D2,A2,B2,M[10],15 );
+ F4(B1,C1,D1,A1,M[ 2],12,MAGIC4); F1(B2,C2,D2,A2,M[14], 8 );
+
+ D2 = digest[1] + C1 + D2; digest[1] = digest[2] + D1 + A2;
+ digest[2] = digest[3] + A1 + B2; digest[3] = digest[0] + B1 + C2;
+ digest[0] = D2;
+ }
+
+/*************************************************
+* Copy out the digest *
+*************************************************/
+void RIPEMD_128::copy_out(byte output[])
+ {
+ for(u32bit j = 0; j != OUTPUT_LENGTH; ++j)
+ output[j] = get_byte(3 - (j % 4), digest[j/4]);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void RIPEMD_128::clear() throw()
+ {
+ MDx_HashFunction::clear();
+ M.clear();
+ digest[0] = 0x67452301;
+ digest[1] = 0xEFCDAB89;
+ digest[2] = 0x98BADCFE;
+ digest[3] = 0x10325476;
+ }
+
+}
diff --git a/src/rmd160.cpp b/src/rmd160.cpp
new file mode 100644
index 000000000..c8d787212
--- /dev/null
+++ b/src/rmd160.cpp
@@ -0,0 +1,200 @@
+/*************************************************
+* RIPEMD-160 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/rmd160.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* RIPEMD-160 F1 Function *
+*************************************************/
+inline void F1(u32bit& A, u32bit B, u32bit& C, u32bit D, u32bit E,
+ u32bit msg, u32bit shift)
+ {
+ A += (B ^ C ^ D) + msg;
+ A = rotate_left(A, shift) + E;
+ C = rotate_left(C, 10);
+ }
+
+/*************************************************
+* RIPEMD-160 F2 Function *
+*************************************************/
+inline void F2(u32bit& A, u32bit B, u32bit& C, u32bit D, u32bit E,
+ u32bit msg, u32bit shift, u32bit magic)
+ {
+ A += (D ^ (B & (C ^ D))) + msg + magic;
+ A = rotate_left(A, shift) + E;
+ C = rotate_left(C, 10);
+ }
+
+/*************************************************
+* RIPEMD-160 F3 Function *
+*************************************************/
+inline void F3(u32bit& A, u32bit B, u32bit& C, u32bit D, u32bit E,
+ u32bit msg, u32bit shift, u32bit magic)
+ {
+ A += (D ^ (B | ~C)) + msg + magic;
+ A = rotate_left(A, shift) + E;
+ C = rotate_left(C, 10);
+ }
+
+/*************************************************
+* RIPEMD-160 F4 Function *
+*************************************************/
+inline void F4(u32bit& A, u32bit B, u32bit& C, u32bit D, u32bit E,
+ u32bit msg, u32bit shift, u32bit magic)
+ {
+ A += (C ^ (D & (B ^ C))) + msg + magic;
+ A = rotate_left(A, shift) + E;
+ C = rotate_left(C, 10);
+ }
+
+/*************************************************
+* RIPEMD-160 F5 Function *
+*************************************************/
+inline void F5(u32bit& A, u32bit B, u32bit& C, u32bit D, u32bit E,
+ u32bit msg, u32bit shift, u32bit magic)
+ {
+ A += (B ^ (C | ~D)) + msg + magic;
+ A = rotate_left(A, shift) + E;
+ C = rotate_left(C, 10);
+ }
+
+}
+
+/*************************************************
+* RIPEMD-160 Compression Function *
+*************************************************/
+void RIPEMD_160::hash(const byte input[])
+ {
+ for(u32bit j = 0; j != 16; ++j)
+ M[j] = make_u32bit(input[4*j+3], input[4*j+2], input[4*j+1], input[4*j]);
+
+ u32bit A1 = digest[0], A2 = A1, B1 = digest[1], B2 = B1,
+ C1 = digest[2], C2 = C1, D1 = digest[3], D2 = D1,
+ E1 = digest[4], E2 = E1;
+
+ const u32bit MAGIC2 = 0x5A827999, MAGIC3 = 0x6ED9EBA1,
+ MAGIC4 = 0x8F1BBCDC, MAGIC5 = 0xA953FD4E,
+ MAGIC6 = 0x50A28BE6, MAGIC7 = 0x5C4DD124,
+ MAGIC8 = 0x6D703EF3, MAGIC9 = 0x7A6D76E9;
+
+ F1(A1,B1,C1,D1,E1,M[ 0],11 ); F5(A2,B2,C2,D2,E2,M[ 5], 8,MAGIC6);
+ F1(E1,A1,B1,C1,D1,M[ 1],14 ); F5(E2,A2,B2,C2,D2,M[14], 9,MAGIC6);
+ F1(D1,E1,A1,B1,C1,M[ 2],15 ); F5(D2,E2,A2,B2,C2,M[ 7], 9,MAGIC6);
+ F1(C1,D1,E1,A1,B1,M[ 3],12 ); F5(C2,D2,E2,A2,B2,M[ 0],11,MAGIC6);
+ F1(B1,C1,D1,E1,A1,M[ 4], 5 ); F5(B2,C2,D2,E2,A2,M[ 9],13,MAGIC6);
+ F1(A1,B1,C1,D1,E1,M[ 5], 8 ); F5(A2,B2,C2,D2,E2,M[ 2],15,MAGIC6);
+ F1(E1,A1,B1,C1,D1,M[ 6], 7 ); F5(E2,A2,B2,C2,D2,M[11],15,MAGIC6);
+ F1(D1,E1,A1,B1,C1,M[ 7], 9 ); F5(D2,E2,A2,B2,C2,M[ 4], 5,MAGIC6);
+ F1(C1,D1,E1,A1,B1,M[ 8],11 ); F5(C2,D2,E2,A2,B2,M[13], 7,MAGIC6);
+ F1(B1,C1,D1,E1,A1,M[ 9],13 ); F5(B2,C2,D2,E2,A2,M[ 6], 7,MAGIC6);
+ F1(A1,B1,C1,D1,E1,M[10],14 ); F5(A2,B2,C2,D2,E2,M[15], 8,MAGIC6);
+ F1(E1,A1,B1,C1,D1,M[11],15 ); F5(E2,A2,B2,C2,D2,M[ 8],11,MAGIC6);
+ F1(D1,E1,A1,B1,C1,M[12], 6 ); F5(D2,E2,A2,B2,C2,M[ 1],14,MAGIC6);
+ F1(C1,D1,E1,A1,B1,M[13], 7 ); F5(C2,D2,E2,A2,B2,M[10],14,MAGIC6);
+ F1(B1,C1,D1,E1,A1,M[14], 9 ); F5(B2,C2,D2,E2,A2,M[ 3],12,MAGIC6);
+ F1(A1,B1,C1,D1,E1,M[15], 8 ); F5(A2,B2,C2,D2,E2,M[12], 6,MAGIC6);
+
+ F2(E1,A1,B1,C1,D1,M[ 7], 7,MAGIC2); F4(E2,A2,B2,C2,D2,M[ 6], 9,MAGIC7);
+ F2(D1,E1,A1,B1,C1,M[ 4], 6,MAGIC2); F4(D2,E2,A2,B2,C2,M[11],13,MAGIC7);
+ F2(C1,D1,E1,A1,B1,M[13], 8,MAGIC2); F4(C2,D2,E2,A2,B2,M[ 3],15,MAGIC7);
+ F2(B1,C1,D1,E1,A1,M[ 1],13,MAGIC2); F4(B2,C2,D2,E2,A2,M[ 7], 7,MAGIC7);
+ F2(A1,B1,C1,D1,E1,M[10],11,MAGIC2); F4(A2,B2,C2,D2,E2,M[ 0],12,MAGIC7);
+ F2(E1,A1,B1,C1,D1,M[ 6], 9,MAGIC2); F4(E2,A2,B2,C2,D2,M[13], 8,MAGIC7);
+ F2(D1,E1,A1,B1,C1,M[15], 7,MAGIC2); F4(D2,E2,A2,B2,C2,M[ 5], 9,MAGIC7);
+ F2(C1,D1,E1,A1,B1,M[ 3],15,MAGIC2); F4(C2,D2,E2,A2,B2,M[10],11,MAGIC7);
+ F2(B1,C1,D1,E1,A1,M[12], 7,MAGIC2); F4(B2,C2,D2,E2,A2,M[14], 7,MAGIC7);
+ F2(A1,B1,C1,D1,E1,M[ 0],12,MAGIC2); F4(A2,B2,C2,D2,E2,M[15], 7,MAGIC7);
+ F2(E1,A1,B1,C1,D1,M[ 9],15,MAGIC2); F4(E2,A2,B2,C2,D2,M[ 8],12,MAGIC7);
+ F2(D1,E1,A1,B1,C1,M[ 5], 9,MAGIC2); F4(D2,E2,A2,B2,C2,M[12], 7,MAGIC7);
+ F2(C1,D1,E1,A1,B1,M[ 2],11,MAGIC2); F4(C2,D2,E2,A2,B2,M[ 4], 6,MAGIC7);
+ F2(B1,C1,D1,E1,A1,M[14], 7,MAGIC2); F4(B2,C2,D2,E2,A2,M[ 9],15,MAGIC7);
+ F2(A1,B1,C1,D1,E1,M[11],13,MAGIC2); F4(A2,B2,C2,D2,E2,M[ 1],13,MAGIC7);
+ F2(E1,A1,B1,C1,D1,M[ 8],12,MAGIC2); F4(E2,A2,B2,C2,D2,M[ 2],11,MAGIC7);
+
+ F3(D1,E1,A1,B1,C1,M[ 3],11,MAGIC3); F3(D2,E2,A2,B2,C2,M[15], 9,MAGIC8);
+ F3(C1,D1,E1,A1,B1,M[10],13,MAGIC3); F3(C2,D2,E2,A2,B2,M[ 5], 7,MAGIC8);
+ F3(B1,C1,D1,E1,A1,M[14], 6,MAGIC3); F3(B2,C2,D2,E2,A2,M[ 1],15,MAGIC8);
+ F3(A1,B1,C1,D1,E1,M[ 4], 7,MAGIC3); F3(A2,B2,C2,D2,E2,M[ 3],11,MAGIC8);
+ F3(E1,A1,B1,C1,D1,M[ 9],14,MAGIC3); F3(E2,A2,B2,C2,D2,M[ 7], 8,MAGIC8);
+ F3(D1,E1,A1,B1,C1,M[15], 9,MAGIC3); F3(D2,E2,A2,B2,C2,M[14], 6,MAGIC8);
+ F3(C1,D1,E1,A1,B1,M[ 8],13,MAGIC3); F3(C2,D2,E2,A2,B2,M[ 6], 6,MAGIC8);
+ F3(B1,C1,D1,E1,A1,M[ 1],15,MAGIC3); F3(B2,C2,D2,E2,A2,M[ 9],14,MAGIC8);
+ F3(A1,B1,C1,D1,E1,M[ 2],14,MAGIC3); F3(A2,B2,C2,D2,E2,M[11],12,MAGIC8);
+ F3(E1,A1,B1,C1,D1,M[ 7], 8,MAGIC3); F3(E2,A2,B2,C2,D2,M[ 8],13,MAGIC8);
+ F3(D1,E1,A1,B1,C1,M[ 0],13,MAGIC3); F3(D2,E2,A2,B2,C2,M[12], 5,MAGIC8);
+ F3(C1,D1,E1,A1,B1,M[ 6], 6,MAGIC3); F3(C2,D2,E2,A2,B2,M[ 2],14,MAGIC8);
+ F3(B1,C1,D1,E1,A1,M[13], 5,MAGIC3); F3(B2,C2,D2,E2,A2,M[10],13,MAGIC8);
+ F3(A1,B1,C1,D1,E1,M[11],12,MAGIC3); F3(A2,B2,C2,D2,E2,M[ 0],13,MAGIC8);
+ F3(E1,A1,B1,C1,D1,M[ 5], 7,MAGIC3); F3(E2,A2,B2,C2,D2,M[ 4], 7,MAGIC8);
+ F3(D1,E1,A1,B1,C1,M[12], 5,MAGIC3); F3(D2,E2,A2,B2,C2,M[13], 5,MAGIC8);
+
+ F4(C1,D1,E1,A1,B1,M[ 1],11,MAGIC4); F2(C2,D2,E2,A2,B2,M[ 8],15,MAGIC9);
+ F4(B1,C1,D1,E1,A1,M[ 9],12,MAGIC4); F2(B2,C2,D2,E2,A2,M[ 6], 5,MAGIC9);
+ F4(A1,B1,C1,D1,E1,M[11],14,MAGIC4); F2(A2,B2,C2,D2,E2,M[ 4], 8,MAGIC9);
+ F4(E1,A1,B1,C1,D1,M[10],15,MAGIC4); F2(E2,A2,B2,C2,D2,M[ 1],11,MAGIC9);
+ F4(D1,E1,A1,B1,C1,M[ 0],14,MAGIC4); F2(D2,E2,A2,B2,C2,M[ 3],14,MAGIC9);
+ F4(C1,D1,E1,A1,B1,M[ 8],15,MAGIC4); F2(C2,D2,E2,A2,B2,M[11],14,MAGIC9);
+ F4(B1,C1,D1,E1,A1,M[12], 9,MAGIC4); F2(B2,C2,D2,E2,A2,M[15], 6,MAGIC9);
+ F4(A1,B1,C1,D1,E1,M[ 4], 8,MAGIC4); F2(A2,B2,C2,D2,E2,M[ 0],14,MAGIC9);
+ F4(E1,A1,B1,C1,D1,M[13], 9,MAGIC4); F2(E2,A2,B2,C2,D2,M[ 5], 6,MAGIC9);
+ F4(D1,E1,A1,B1,C1,M[ 3],14,MAGIC4); F2(D2,E2,A2,B2,C2,M[12], 9,MAGIC9);
+ F4(C1,D1,E1,A1,B1,M[ 7], 5,MAGIC4); F2(C2,D2,E2,A2,B2,M[ 2],12,MAGIC9);
+ F4(B1,C1,D1,E1,A1,M[15], 6,MAGIC4); F2(B2,C2,D2,E2,A2,M[13], 9,MAGIC9);
+ F4(A1,B1,C1,D1,E1,M[14], 8,MAGIC4); F2(A2,B2,C2,D2,E2,M[ 9],12,MAGIC9);
+ F4(E1,A1,B1,C1,D1,M[ 5], 6,MAGIC4); F2(E2,A2,B2,C2,D2,M[ 7], 5,MAGIC9);
+ F4(D1,E1,A1,B1,C1,M[ 6], 5,MAGIC4); F2(D2,E2,A2,B2,C2,M[10],15,MAGIC9);
+ F4(C1,D1,E1,A1,B1,M[ 2],12,MAGIC4); F2(C2,D2,E2,A2,B2,M[14], 8,MAGIC9);
+
+ F5(B1,C1,D1,E1,A1,M[ 4], 9,MAGIC5); F1(B2,C2,D2,E2,A2,M[12], 8 );
+ F5(A1,B1,C1,D1,E1,M[ 0],15,MAGIC5); F1(A2,B2,C2,D2,E2,M[15], 5 );
+ F5(E1,A1,B1,C1,D1,M[ 5], 5,MAGIC5); F1(E2,A2,B2,C2,D2,M[10],12 );
+ F5(D1,E1,A1,B1,C1,M[ 9],11,MAGIC5); F1(D2,E2,A2,B2,C2,M[ 4], 9 );
+ F5(C1,D1,E1,A1,B1,M[ 7], 6,MAGIC5); F1(C2,D2,E2,A2,B2,M[ 1],12 );
+ F5(B1,C1,D1,E1,A1,M[12], 8,MAGIC5); F1(B2,C2,D2,E2,A2,M[ 5], 5 );
+ F5(A1,B1,C1,D1,E1,M[ 2],13,MAGIC5); F1(A2,B2,C2,D2,E2,M[ 8],14 );
+ F5(E1,A1,B1,C1,D1,M[10],12,MAGIC5); F1(E2,A2,B2,C2,D2,M[ 7], 6 );
+ F5(D1,E1,A1,B1,C1,M[14], 5,MAGIC5); F1(D2,E2,A2,B2,C2,M[ 6], 8 );
+ F5(C1,D1,E1,A1,B1,M[ 1],12,MAGIC5); F1(C2,D2,E2,A2,B2,M[ 2],13 );
+ F5(B1,C1,D1,E1,A1,M[ 3],13,MAGIC5); F1(B2,C2,D2,E2,A2,M[13], 6 );
+ F5(A1,B1,C1,D1,E1,M[ 8],14,MAGIC5); F1(A2,B2,C2,D2,E2,M[14], 5 );
+ F5(E1,A1,B1,C1,D1,M[11],11,MAGIC5); F1(E2,A2,B2,C2,D2,M[ 0],15 );
+ F5(D1,E1,A1,B1,C1,M[ 6], 8,MAGIC5); F1(D2,E2,A2,B2,C2,M[ 3],13 );
+ F5(C1,D1,E1,A1,B1,M[15], 5,MAGIC5); F1(C2,D2,E2,A2,B2,M[ 9],11 );
+ F5(B1,C1,D1,E1,A1,M[13], 6,MAGIC5); F1(B2,C2,D2,E2,A2,M[11],11 );
+
+ C1 = digest[1] + C1 + D2; digest[1] = digest[2] + D1 + E2;
+ digest[2] = digest[3] + E1 + A2; digest[3] = digest[4] + A1 + B2;
+ digest[4] = digest[0] + B1 + C2; digest[0] = C1;
+ }
+
+/*************************************************
+* Copy out the digest *
+*************************************************/
+void RIPEMD_160::copy_out(byte output[])
+ {
+ for(u32bit j = 0; j != OUTPUT_LENGTH; ++j)
+ output[j] = get_byte(3 - (j % 4), digest[j/4]);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void RIPEMD_160::clear() throw()
+ {
+ MDx_HashFunction::clear();
+ M.clear();
+ digest[0] = 0x67452301;
+ digest[1] = 0xEFCDAB89;
+ digest[2] = 0x98BADCFE;
+ digest[3] = 0x10325476;
+ digest[4] = 0xC3D2E1F0;
+ }
+
+}
diff --git a/src/rng.cpp b/src/rng.cpp
new file mode 100644
index 000000000..05c5c5e74
--- /dev/null
+++ b/src/rng.cpp
@@ -0,0 +1,65 @@
+/*************************************************
+* Global RNG Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/rng.h>
+#include <botan/libstate.h>
+
+namespace Botan {
+
+namespace Global_RNG {
+
+/*************************************************
+* Get random bits from the global RNG *
+*************************************************/
+void randomize(byte output[], u32bit size)
+ {
+ global_state().randomize(output, size);
+ }
+
+/*************************************************
+* Get random bits from the global RNG *
+*************************************************/
+byte random()
+ {
+ byte ret = 0;
+ randomize(&ret, 1);
+ return ret;
+ }
+
+/*************************************************
+* Add entropy to the global RNG *
+*************************************************/
+void add_entropy(const byte entropy[], u32bit size)
+ {
+ global_state().add_entropy(entropy, size);
+ }
+
+/*************************************************
+* Add entropy to the global RNG *
+*************************************************/
+void add_entropy(EntropySource& src, bool slow_poll)
+ {
+ global_state().add_entropy(src, slow_poll);
+ }
+
+/*************************************************
+* Add an EntropySource to the RNG seed list *
+*************************************************/
+void add_es(EntropySource* src, bool last)
+ {
+ global_state().add_entropy_source(src, last);
+ }
+
+/*************************************************
+* Seed the global RNG *
+*************************************************/
+u32bit seed(bool slow_poll, u32bit bits_to_get)
+ {
+ return global_state().seed_prng(slow_poll, bits_to_get);
+ }
+
+}
+
+}
diff --git a/src/rsa.cpp b/src/rsa.cpp
new file mode 100644
index 000000000..c11733aa3
--- /dev/null
+++ b/src/rsa.cpp
@@ -0,0 +1,156 @@
+/*************************************************
+* RSA Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/rsa.h>
+#include <botan/numthry.h>
+#include <botan/keypair.h>
+#include <botan/parsing.h>
+
+namespace Botan {
+
+/*************************************************
+* RSA_PublicKey Constructor *
+*************************************************/
+RSA_PublicKey::RSA_PublicKey(const BigInt& mod, const BigInt& exp)
+ {
+ n = mod;
+ e = exp;
+ X509_load_hook();
+ }
+
+/*************************************************
+* RSA Public Operation *
+*************************************************/
+BigInt RSA_PublicKey::public_op(const BigInt& i) const
+ {
+ if(i >= n)
+ throw Invalid_Argument(algo_name() + "::public_op: input is too large");
+ return core.public_op(i);
+ }
+
+/*************************************************
+* RSA Encryption Function *
+*************************************************/
+SecureVector<byte> RSA_PublicKey::encrypt(const byte in[], u32bit len) const
+ {
+ BigInt i(in, len);
+ return BigInt::encode_1363(public_op(i), n.bytes());
+ }
+
+/*************************************************
+* RSA Verification Function *
+*************************************************/
+SecureVector<byte> RSA_PublicKey::verify(const byte in[], u32bit len) const
+ {
+ BigInt i(in, len);
+ return BigInt::encode(public_op(i));
+ }
+
+/*************************************************
+* Create a RSA private key *
+*************************************************/
+RSA_PrivateKey::RSA_PrivateKey(u32bit bits, u32bit exp)
+ {
+ if(bits < 128)
+ throw Invalid_Argument(algo_name() + ": Can't make a key that is only " +
+ to_string(bits) + " bits long");
+ if(exp < 3 || exp % 2 == 0)
+ throw Invalid_Argument(algo_name() + ": Invalid encryption exponent");
+
+ e = exp;
+ p = random_prime((bits + 1) / 2, e);
+ q = random_prime(bits - p.bits(), e);
+ d = inverse_mod(e, lcm(p - 1, q - 1));
+
+ PKCS8_load_hook();
+ check_generated_private();
+
+ if(n.bits() != bits)
+ throw Self_Test_Failure(algo_name() + " private key generation failed");
+ }
+
+/*************************************************
+* RSA_PrivateKey Constructor *
+*************************************************/
+RSA_PrivateKey::RSA_PrivateKey(const BigInt& prime1, const BigInt& prime2,
+ const BigInt& exp, const BigInt& d_exp,
+ const BigInt& mod)
+ {
+ p = prime1;
+ q = prime2;
+ e = exp;
+ d = d_exp;
+ n = mod;
+
+ if(d == 0)
+ d = inverse_mod(e, lcm(p - 1, q - 1));
+
+ PKCS8_load_hook();
+ check_loaded_private();
+ }
+
+/*************************************************
+* RSA Private Operation *
+*************************************************/
+BigInt RSA_PrivateKey::private_op(const byte in[], u32bit length) const
+ {
+ BigInt i(in, length);
+ if(i >= n)
+ throw Invalid_Argument(algo_name() + "::private_op: input is too large");
+
+ BigInt r = core.private_op(i);
+ if(i != public_op(r))
+ throw Self_Test_Failure(algo_name() + " private operation check failed");
+ return r;
+ }
+
+/*************************************************
+* RSA Decryption Operation *
+*************************************************/
+SecureVector<byte> RSA_PrivateKey::decrypt(const byte in[], u32bit len) const
+ {
+ return BigInt::encode(private_op(in, len));
+ }
+
+/*************************************************
+* RSA Signature Operation *
+*************************************************/
+SecureVector<byte> RSA_PrivateKey::sign(const byte in[], u32bit len) const
+ {
+ return BigInt::encode_1363(private_op(in, len), n.bytes());
+ }
+
+/*************************************************
+* Check Private RSA Parameters *
+*************************************************/
+bool RSA_PrivateKey::check_key(bool strong) const
+ {
+ if(!IF_Scheme_PrivateKey::check_key(strong))
+ return false;
+
+ if(!strong)
+ return true;
+
+ if((e * d) % lcm(p - 1, q - 1) != 1)
+ return false;
+
+ try {
+ KeyPair::check_key(get_pk_encryptor(*this, "EME1(SHA-1)"),
+ get_pk_decryptor(*this, "EME1(SHA-1)")
+ );
+
+ KeyPair::check_key(get_pk_signer(*this, "EMSA4(SHA-1)"),
+ get_pk_verifier(*this, "EMSA4(SHA-1)")
+ );
+ }
+ catch(Self_Test_Failure)
+ {
+ return false;
+ }
+
+ return true;
+ }
+
+}
diff --git a/src/rw.cpp b/src/rw.cpp
new file mode 100644
index 000000000..9ab43cde9
--- /dev/null
+++ b/src/rw.cpp
@@ -0,0 +1,142 @@
+/*************************************************
+* Rabin-Williams Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/rw.h>
+#include <botan/numthry.h>
+#include <botan/keypair.h>
+#include <botan/parsing.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* RW_PublicKey Constructor *
+*************************************************/
+RW_PublicKey::RW_PublicKey(const BigInt& mod, const BigInt& exp)
+ {
+ n = mod;
+ e = exp;
+ X509_load_hook();
+ }
+
+/*************************************************
+* Rabin-Williams Public Operation *
+*************************************************/
+BigInt RW_PublicKey::public_op(const BigInt& i) const
+ {
+ if((i > (n >> 1)) || i.is_negative())
+ throw Invalid_Argument(algo_name() + "::public_op: i > n / 2 || i < 0");
+
+ BigInt r = core.public_op(i);
+ if(r % 16 == 12) return r;
+ if(r % 8 == 6) return 2*r;
+
+ r = n - r;
+ if(r % 16 == 12) return r;
+ if(r % 8 == 6) return 2*r;
+
+ throw Invalid_Argument(algo_name() + "::public_op: Invalid input");
+ }
+
+/*************************************************
+* Rabin-Williams Verification Function *
+*************************************************/
+SecureVector<byte> RW_PublicKey::verify(const byte in[], u32bit len) const
+ {
+ BigInt i(in, len);
+ return BigInt::encode(public_op(i));
+ }
+
+/*************************************************
+* Create a Rabin-Williams private key *
+*************************************************/
+RW_PrivateKey::RW_PrivateKey(u32bit bits, u32bit exp)
+ {
+ if(bits < 512)
+ throw Invalid_Argument(algo_name() + ": Can't make a key that is only " +
+ to_string(bits) + " bits long");
+ if(exp < 2 || exp % 2 == 1)
+ throw Invalid_Argument(algo_name() + ": Invalid encryption exponent");
+
+ e = exp;
+ p = random_prime((bits + 1) / 2, e / 2, 3, 4);
+ q = random_prime(bits - p.bits(), e / 2, ((p % 8 == 3) ? 7 : 3), 8);
+ d = inverse_mod(e, lcm(p - 1, q - 1) >> 1);
+
+ PKCS8_load_hook();
+ check_generated_private();
+
+ if(n.bits() != bits)
+ throw Self_Test_Failure(algo_name() + " private key generation failed");
+ }
+
+/*************************************************
+* RW_PrivateKey Constructor *
+*************************************************/
+RW_PrivateKey::RW_PrivateKey(const BigInt& prime1, const BigInt& prime2,
+ const BigInt& exp, const BigInt& d_exp,
+ const BigInt& mod)
+ {
+ p = prime1;
+ q = prime2;
+ e = exp;
+ d = d_exp;
+ n = mod;
+
+ if(d == 0)
+ d = inverse_mod(e, lcm(p - 1, q - 1) >> 1);
+
+ PKCS8_load_hook();
+ check_loaded_private();
+ }
+
+/*************************************************
+* Rabin-Williams Signature Operation *
+*************************************************/
+SecureVector<byte> RW_PrivateKey::sign(const byte in[], u32bit len) const
+ {
+ BigInt i(in, len);
+ if(i >= n || i % 16 != 12)
+ throw Invalid_Argument(algo_name() + "::sign: Invalid input");
+
+ BigInt r;
+ if(jacobi(i, n) == 1) r = core.private_op(i);
+ else r = core.private_op(i >> 1);
+
+ r = std::min(r, n - r);
+ if(i != public_op(r))
+ throw Self_Test_Failure(algo_name() + " private operation check failed");
+
+ return BigInt::encode_1363(r, n.bytes());
+ }
+
+/*************************************************
+* Check Private Rabin-Williams Parameters *
+*************************************************/
+bool RW_PrivateKey::check_key(bool strong) const
+ {
+ if(!IF_Scheme_PrivateKey::check_key(strong))
+ return false;
+
+ if(!strong)
+ return true;
+
+ if((e * d) % (lcm(p - 1, q - 1) / 2) != 1)
+ return false;
+
+ try {
+ KeyPair::check_key(get_pk_signer(*this, "EMSA2(SHA-1)"),
+ get_pk_verifier(*this, "EMSA2(SHA-1)")
+ );
+ }
+ catch(Self_Test_Failure)
+ {
+ return false;
+ }
+
+ return true;
+ }
+
+}
diff --git a/src/s2k.cpp b/src/s2k.cpp
new file mode 100644
index 000000000..aa8beb212
--- /dev/null
+++ b/src/s2k.cpp
@@ -0,0 +1,53 @@
+/*************************************************
+* S2K Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/s2k.h>
+#include <botan/rng.h>
+
+namespace Botan {
+
+/*************************************************
+* Derive a key from a passphrase *
+*************************************************/
+OctetString S2K::derive_key(u32bit key_len,
+ const std::string& passphrase) const
+ {
+ return derive(key_len, passphrase, salt, salt.size(), iterations());
+ }
+
+/*************************************************
+* Set the number of iterations *
+*************************************************/
+void S2K::set_iterations(u32bit i)
+ {
+ iter = i;
+ }
+
+/*************************************************
+* Change the salt *
+*************************************************/
+void S2K::change_salt(const byte new_salt[], u32bit length)
+ {
+ salt.set(new_salt, length);
+ }
+
+/*************************************************
+* Change the salt *
+*************************************************/
+void S2K::change_salt(const MemoryRegion<byte>& new_salt)
+ {
+ change_salt(new_salt.begin(), new_salt.size());
+ }
+
+/*************************************************
+* Create a new random salt *
+*************************************************/
+void S2K::new_random_salt(u32bit length)
+ {
+ salt.create(length);
+ Global_RNG::randomize(salt, length);
+ }
+
+}
diff --git a/src/safe_tab.cpp b/src/safe_tab.cpp
new file mode 100644
index 000000000..12e6f4d60
--- /dev/null
+++ b/src/safe_tab.cpp
@@ -0,0 +1,119 @@
+/*************************************************
+* S-Box Tables for SAFER-SK *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/safer_sk.h>
+
+namespace Botan {
+
+const byte SAFER_SK::EXP[256] = {
+ 0x01, 0x2D, 0xE2, 0x93, 0xBE, 0x45, 0x15, 0xAE, 0x78, 0x03, 0x87, 0xA4,
+ 0xB8, 0x38, 0xCF, 0x3F, 0x08, 0x67, 0x09, 0x94, 0xEB, 0x26, 0xA8, 0x6B,
+ 0xBD, 0x18, 0x34, 0x1B, 0xBB, 0xBF, 0x72, 0xF7, 0x40, 0x35, 0x48, 0x9C,
+ 0x51, 0x2F, 0x3B, 0x55, 0xE3, 0xC0, 0x9F, 0xD8, 0xD3, 0xF3, 0x8D, 0xB1,
+ 0xFF, 0xA7, 0x3E, 0xDC, 0x86, 0x77, 0xD7, 0xA6, 0x11, 0xFB, 0xF4, 0xBA,
+ 0x92, 0x91, 0x64, 0x83, 0xF1, 0x33, 0xEF, 0xDA, 0x2C, 0xB5, 0xB2, 0x2B,
+ 0x88, 0xD1, 0x99, 0xCB, 0x8C, 0x84, 0x1D, 0x14, 0x81, 0x97, 0x71, 0xCA,
+ 0x5F, 0xA3, 0x8B, 0x57, 0x3C, 0x82, 0xC4, 0x52, 0x5C, 0x1C, 0xE8, 0xA0,
+ 0x04, 0xB4, 0x85, 0x4A, 0xF6, 0x13, 0x54, 0xB6, 0xDF, 0x0C, 0x1A, 0x8E,
+ 0xDE, 0xE0, 0x39, 0xFC, 0x20, 0x9B, 0x24, 0x4E, 0xA9, 0x98, 0x9E, 0xAB,
+ 0xF2, 0x60, 0xD0, 0x6C, 0xEA, 0xFA, 0xC7, 0xD9, 0x00, 0xD4, 0x1F, 0x6E,
+ 0x43, 0xBC, 0xEC, 0x53, 0x89, 0xFE, 0x7A, 0x5D, 0x49, 0xC9, 0x32, 0xC2,
+ 0xF9, 0x9A, 0xF8, 0x6D, 0x16, 0xDB, 0x59, 0x96, 0x44, 0xE9, 0xCD, 0xE6,
+ 0x46, 0x42, 0x8F, 0x0A, 0xC1, 0xCC, 0xB9, 0x65, 0xB0, 0xD2, 0xC6, 0xAC,
+ 0x1E, 0x41, 0x62, 0x29, 0x2E, 0x0E, 0x74, 0x50, 0x02, 0x5A, 0xC3, 0x25,
+ 0x7B, 0x8A, 0x2A, 0x5B, 0xF0, 0x06, 0x0D, 0x47, 0x6F, 0x70, 0x9D, 0x7E,
+ 0x10, 0xCE, 0x12, 0x27, 0xD5, 0x4C, 0x4F, 0xD6, 0x79, 0x30, 0x68, 0x36,
+ 0x75, 0x7D, 0xE4, 0xED, 0x80, 0x6A, 0x90, 0x37, 0xA2, 0x5E, 0x76, 0xAA,
+ 0xC5, 0x7F, 0x3D, 0xAF, 0xA5, 0xE5, 0x19, 0x61, 0xFD, 0x4D, 0x7C, 0xB7,
+ 0x0B, 0xEE, 0xAD, 0x4B, 0x22, 0xF5, 0xE7, 0x73, 0x23, 0x21, 0xC8, 0x05,
+ 0xE1, 0x66, 0xDD, 0xB3, 0x58, 0x69, 0x63, 0x56, 0x0F, 0xA1, 0x31, 0x95,
+ 0x17, 0x07, 0x3A, 0x28 };
+
+const byte SAFER_SK::LOG[512] = {
+ 0x80, 0x00, 0xB0, 0x09, 0x60, 0xEF, 0xB9, 0xFD, 0x10, 0x12, 0x9F, 0xE4,
+ 0x69, 0xBA, 0xAD, 0xF8, 0xC0, 0x38, 0xC2, 0x65, 0x4F, 0x06, 0x94, 0xFC,
+ 0x19, 0xDE, 0x6A, 0x1B, 0x5D, 0x4E, 0xA8, 0x82, 0x70, 0xED, 0xE8, 0xEC,
+ 0x72, 0xB3, 0x15, 0xC3, 0xFF, 0xAB, 0xB6, 0x47, 0x44, 0x01, 0xAC, 0x25,
+ 0xC9, 0xFA, 0x8E, 0x41, 0x1A, 0x21, 0xCB, 0xD3, 0x0D, 0x6E, 0xFE, 0x26,
+ 0x58, 0xDA, 0x32, 0x0F, 0x20, 0xA9, 0x9D, 0x84, 0x98, 0x05, 0x9C, 0xBB,
+ 0x22, 0x8C, 0x63, 0xE7, 0xC5, 0xE1, 0x73, 0xC6, 0xAF, 0x24, 0x5B, 0x87,
+ 0x66, 0x27, 0xF7, 0x57, 0xF4, 0x96, 0xB1, 0xB7, 0x5C, 0x8B, 0xD5, 0x54,
+ 0x79, 0xDF, 0xAA, 0xF6, 0x3E, 0xA3, 0xF1, 0x11, 0xCA, 0xF5, 0xD1, 0x17,
+ 0x7B, 0x93, 0x83, 0xBC, 0xBD, 0x52, 0x1E, 0xEB, 0xAE, 0xCC, 0xD6, 0x35,
+ 0x08, 0xC8, 0x8A, 0xB4, 0xE2, 0xCD, 0xBF, 0xD9, 0xD0, 0x50, 0x59, 0x3F,
+ 0x4D, 0x62, 0x34, 0x0A, 0x48, 0x88, 0xB5, 0x56, 0x4C, 0x2E, 0x6B, 0x9E,
+ 0xD2, 0x3D, 0x3C, 0x03, 0x13, 0xFB, 0x97, 0x51, 0x75, 0x4A, 0x91, 0x71,
+ 0x23, 0xBE, 0x76, 0x2A, 0x5F, 0xF9, 0xD4, 0x55, 0x0B, 0xDC, 0x37, 0x31,
+ 0x16, 0x74, 0xD7, 0x77, 0xA7, 0xE6, 0x07, 0xDB, 0xA4, 0x2F, 0x46, 0xF3,
+ 0x61, 0x45, 0x67, 0xE3, 0x0C, 0xA2, 0x3B, 0x1C, 0x85, 0x18, 0x04, 0x1D,
+ 0x29, 0xA0, 0x8F, 0xB2, 0x5A, 0xD8, 0xA6, 0x7E, 0xEE, 0x8D, 0x53, 0x4B,
+ 0xA1, 0x9A, 0xC1, 0x0E, 0x7A, 0x49, 0xA5, 0x2C, 0x81, 0xC4, 0xC7, 0x36,
+ 0x2B, 0x7F, 0x43, 0x95, 0x33, 0xF2, 0x6C, 0x68, 0x6D, 0xF0, 0x02, 0x28,
+ 0xCE, 0xDD, 0x9B, 0xEA, 0x5E, 0x99, 0x7C, 0x14, 0x86, 0xCF, 0xE5, 0x42,
+ 0xB8, 0x40, 0x78, 0x2D, 0x3A, 0xE9, 0x64, 0x1F, 0x92, 0x90, 0x7D, 0x39,
+ 0x6F, 0xE0, 0x89, 0x30, 0x80, 0x00, 0xB0, 0x09, 0x60, 0xEF, 0xB9, 0xFD,
+ 0x10, 0x12, 0x9F, 0xE4, 0x69, 0xBA, 0xAD, 0xF8, 0xC0, 0x38, 0xC2, 0x65,
+ 0x4F, 0x06, 0x94, 0xFC, 0x19, 0xDE, 0x6A, 0x1B, 0x5D, 0x4E, 0xA8, 0x82,
+ 0x70, 0xED, 0xE8, 0xEC, 0x72, 0xB3, 0x15, 0xC3, 0xFF, 0xAB, 0xB6, 0x47,
+ 0x44, 0x01, 0xAC, 0x25, 0xC9, 0xFA, 0x8E, 0x41, 0x1A, 0x21, 0xCB, 0xD3,
+ 0x0D, 0x6E, 0xFE, 0x26, 0x58, 0xDA, 0x32, 0x0F, 0x20, 0xA9, 0x9D, 0x84,
+ 0x98, 0x05, 0x9C, 0xBB, 0x22, 0x8C, 0x63, 0xE7, 0xC5, 0xE1, 0x73, 0xC6,
+ 0xAF, 0x24, 0x5B, 0x87, 0x66, 0x27, 0xF7, 0x57, 0xF4, 0x96, 0xB1, 0xB7,
+ 0x5C, 0x8B, 0xD5, 0x54, 0x79, 0xDF, 0xAA, 0xF6, 0x3E, 0xA3, 0xF1, 0x11,
+ 0xCA, 0xF5, 0xD1, 0x17, 0x7B, 0x93, 0x83, 0xBC, 0xBD, 0x52, 0x1E, 0xEB,
+ 0xAE, 0xCC, 0xD6, 0x35, 0x08, 0xC8, 0x8A, 0xB4, 0xE2, 0xCD, 0xBF, 0xD9,
+ 0xD0, 0x50, 0x59, 0x3F, 0x4D, 0x62, 0x34, 0x0A, 0x48, 0x88, 0xB5, 0x56,
+ 0x4C, 0x2E, 0x6B, 0x9E, 0xD2, 0x3D, 0x3C, 0x03, 0x13, 0xFB, 0x97, 0x51,
+ 0x75, 0x4A, 0x91, 0x71, 0x23, 0xBE, 0x76, 0x2A, 0x5F, 0xF9, 0xD4, 0x55,
+ 0x0B, 0xDC, 0x37, 0x31, 0x16, 0x74, 0xD7, 0x77, 0xA7, 0xE6, 0x07, 0xDB,
+ 0xA4, 0x2F, 0x46, 0xF3, 0x61, 0x45, 0x67, 0xE3, 0x0C, 0xA2, 0x3B, 0x1C,
+ 0x85, 0x18, 0x04, 0x1D, 0x29, 0xA0, 0x8F, 0xB2, 0x5A, 0xD8, 0xA6, 0x7E,
+ 0xEE, 0x8D, 0x53, 0x4B, 0xA1, 0x9A, 0xC1, 0x0E, 0x7A, 0x49, 0xA5, 0x2C,
+ 0x81, 0xC4, 0xC7, 0x36, 0x2B, 0x7F, 0x43, 0x95, 0x33, 0xF2, 0x6C, 0x68,
+ 0x6D, 0xF0, 0x02, 0x28, 0xCE, 0xDD, 0x9B, 0xEA, 0x5E, 0x99, 0x7C, 0x14,
+ 0x86, 0xCF, 0xE5, 0x42, 0xB8, 0x40, 0x78, 0x2D, 0x3A, 0xE9, 0x64, 0x1F,
+ 0x92, 0x90, 0x7D, 0x39, 0x6F, 0xE0, 0x89, 0x30 };
+
+const byte SAFER_SK::BIAS[208] = {
+ 0x16, 0x73, 0x3B, 0x1E, 0x8E, 0x70, 0xBD, 0x86, 0x47, 0x7E, 0x24, 0x56,
+ 0xF1, 0x77, 0x88, 0x46, 0xB1, 0xBA, 0xA3, 0xB7, 0x10, 0x0A, 0xC5, 0x37,
+ 0xC9, 0x5A, 0x28, 0xAC, 0x64, 0xA5, 0xEC, 0xAB, 0xC6, 0x67, 0x95, 0x58,
+ 0x0D, 0xF8, 0x9A, 0xF6, 0x66, 0xDC, 0x05, 0x3D, 0xD3, 0x8A, 0xC3, 0xD8,
+ 0x6A, 0xE9, 0x36, 0x49, 0x43, 0xBF, 0xEB, 0xD4, 0x9B, 0x68, 0xA0, 0x65,
+ 0x5D, 0x57, 0x92, 0x1F, 0x71, 0x5C, 0xBB, 0x22, 0xC1, 0xBE, 0x7B, 0xBC,
+ 0x63, 0x94, 0x5F, 0x2A, 0x61, 0xB8, 0x34, 0x32, 0xFD, 0xFB, 0x17, 0x40,
+ 0xE6, 0x51, 0x1D, 0x41, 0x8F, 0x29, 0xDD, 0x04, 0x80, 0xDE, 0xE7, 0x31,
+ 0x7F, 0x01, 0xA2, 0xF7, 0x39, 0xDA, 0x6F, 0x23, 0xFE, 0x3A, 0xD0, 0x1C,
+ 0xD1, 0x30, 0x3E, 0x12, 0xCD, 0x0F, 0xE0, 0xA8, 0xAF, 0x82, 0x59, 0x2C,
+ 0x7D, 0xAD, 0xB2, 0xEF, 0xC2, 0x87, 0xCE, 0x75, 0x13, 0x02, 0x90, 0x4F,
+ 0x2E, 0x72, 0x33, 0x85, 0x8D, 0xCF, 0xA9, 0x81, 0xE2, 0xC4, 0x27, 0x2F,
+ 0x7A, 0x9F, 0x52, 0xE1, 0x15, 0x38, 0x2B, 0xFC, 0x42, 0xC7, 0x08, 0xE4,
+ 0x09, 0x55, 0x5E, 0x8C, 0x76, 0x60, 0xFF, 0xDF, 0xD7, 0x98, 0xFA, 0x0B,
+ 0x00, 0x1A, 0xF9, 0xA6, 0xB9, 0xE8, 0x9E, 0x62, 0xD9, 0x91, 0x50, 0xD2,
+ 0xEE, 0x18, 0xB4, 0x07, 0xEA, 0x5B, 0xA4, 0xC8, 0x0E, 0xCB, 0x48, 0x69,
+ 0x4E, 0x9C, 0x35, 0x79, 0x45, 0x4D, 0x54, 0xE5, 0x3C, 0x0C, 0x4A, 0x8B,
+ 0x3F, 0xCC, 0xA7, 0xDB };
+
+const byte SAFER_SK::KEY_INDEX[208] = {
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x0B, 0x0C, 0x0D, 0x0E,
+ 0x0F, 0x10, 0x11, 0x09, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x01,
+ 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x09, 0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08,
+ 0x00, 0x01, 0x02, 0x03, 0x0F, 0x10, 0x11, 0x09, 0x0A, 0x0B, 0x0C, 0x0D,
+ 0x07, 0x08, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x11, 0x09, 0x0A, 0x0B,
+ 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
+ 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x02, 0x03, 0x04, 0x05,
+ 0x06, 0x07, 0x08, 0x00, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x09, 0x0A,
+ 0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x01, 0x02, 0x0E, 0x0F, 0x10, 0x11,
+ 0x09, 0x0A, 0x0B, 0x0C, 0x06, 0x07, 0x08, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x10, 0x11, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x08, 0x00, 0x01, 0x02,
+ 0x03, 0x04, 0x05, 0x06, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10,
+ 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x0B, 0x0C, 0x0D, 0x0E,
+ 0x0F, 0x10, 0x11, 0x09, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x01,
+ 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x09, 0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08,
+ 0x00, 0x01, 0x02, 0x03, 0x0F, 0x10, 0x11, 0x09, 0x0A, 0x0B, 0x0C, 0x0D,
+ 0x07, 0x08, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x11, 0x09, 0x0A, 0x0B,
+ 0x0C, 0x0D, 0x0E, 0x0F };
+
+}
diff --git a/src/safer_sk.cpp b/src/safer_sk.cpp
new file mode 100644
index 000000000..6e7f298a4
--- /dev/null
+++ b/src/safer_sk.cpp
@@ -0,0 +1,112 @@
+/*************************************************
+* SAFER-SK Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/safer_sk.h>
+#include <botan/bit_ops.h>
+#include <botan/parsing.h>
+
+namespace Botan {
+
+/*************************************************
+* SAFER-SK Encryption *
+*************************************************/
+void SAFER_SK::enc(const byte in[], byte out[]) const
+ {
+ byte A = in[0], B = in[1], C = in[2], D = in[3],
+ E = in[4], F = in[5], G = in[6], H = in[7], X, Y;
+ for(u32bit j = 0; j != 16*ROUNDS; j += 16)
+ {
+ A = EXP[A ^ EK[j ]]; B = LOG[B + EK[j+1]];
+ C = LOG[C + EK[j+2]]; D = EXP[D ^ EK[j+3]];
+ E = EXP[E ^ EK[j+4]]; F = LOG[F + EK[j+5]];
+ G = LOG[G + EK[j+6]]; H = EXP[H ^ EK[j+7]];
+ A += EK[j+ 8]; B ^= EK[j+ 9]; C ^= EK[j+10]; D += EK[j+11];
+ E += EK[j+12]; F ^= EK[j+13]; G ^= EK[j+14]; H += EK[j+15];
+ B += A; D += C; F += E; H += G; A += B; C += D; E += F; G += H;
+ C += A; G += E; D += B; H += F; A += C; E += G; B += D; F += H;
+ H += D; Y = D + H; D = B + F; X = B + D; B = A + E;
+ A += B; F = C + G; E = C + F; C = X; G = Y;
+ }
+ out[0] = A ^ EK[16*ROUNDS+0]; out[1] = B + EK[16*ROUNDS+1];
+ out[2] = C + EK[16*ROUNDS+2]; out[3] = D ^ EK[16*ROUNDS+3];
+ out[4] = E ^ EK[16*ROUNDS+4]; out[5] = F + EK[16*ROUNDS+5];
+ out[6] = G + EK[16*ROUNDS+6]; out[7] = H ^ EK[16*ROUNDS+7];
+ }
+
+/*************************************************
+* SAFER-SK Decryption *
+*************************************************/
+void SAFER_SK::dec(const byte in[], byte out[]) const
+ {
+ byte A = in[0], B = in[1], C = in[2], D = in[3],
+ E = in[4], F = in[5], G = in[6], H = in[7];
+ A ^= EK[16*ROUNDS+0]; B -= EK[16*ROUNDS+1]; C -= EK[16*ROUNDS+2];
+ D ^= EK[16*ROUNDS+3]; E ^= EK[16*ROUNDS+4]; F -= EK[16*ROUNDS+5];
+ G -= EK[16*ROUNDS+6]; H ^= EK[16*ROUNDS+7];
+ for(s32bit j = 16*(ROUNDS-1); j >= 0; j -= 16)
+ {
+ byte T = E; E = B; B = C; C = T; T = F; F = D; D = G; G = T;
+ A -= E; B -= F; C -= G; D -= H; E -= A; F -= B; G -= C; H -= D;
+ A -= C; E -= G; B -= D; F -= H; C -= A; G -= E; D -= B; H -= F;
+ A -= B; C -= D; E -= F; G -= H; B -= A; D -= C; F -= E; H -= G;
+ A = LOG[A - EK[j+8 ] + 256]; B = EXP[B ^ EK[j+9 ]];
+ C = EXP[C ^ EK[j+10]]; D = LOG[D - EK[j+11] + 256];
+ E = LOG[E - EK[j+12] + 256]; F = EXP[F ^ EK[j+13]];
+ G = EXP[G ^ EK[j+14]]; H = LOG[H - EK[j+15] + 256];
+ A ^= EK[j+0]; B -= EK[j+1]; C -= EK[j+2]; D ^= EK[j+3];
+ E ^= EK[j+4]; F -= EK[j+5]; G -= EK[j+6]; H ^= EK[j+7];
+ }
+ out[0] = A; out[1] = B; out[2] = C; out[3] = D;
+ out[4] = E; out[5] = F; out[6] = G; out[7] = H;
+ }
+
+/*************************************************
+* SAFER-SK Key Schedule *
+*************************************************/
+void SAFER_SK::key(const byte key[], u32bit)
+ {
+ SecureBuffer<byte, 18> KB;
+
+ for(u32bit j = 0; j != 8; ++j)
+ {
+ KB[ 8] ^= KB[j] = rotate_left(key[j], 5);
+ KB[17] ^= KB[j+9] = EK[j] = key[j+8];
+ }
+ for(u32bit j = 0; j != ROUNDS; ++j)
+ {
+ for(u32bit k = 0; k != 18; ++k)
+ KB[k] = rotate_left(KB[k], 6);
+ for(u32bit k = 0; k != 16; ++k)
+ EK[16*j+k+8] = KB[KEY_INDEX[16*j+k]] + BIAS[16*j+k];
+ }
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string SAFER_SK::name() const
+ {
+ return "SAFER-SK(" + to_string(ROUNDS) + ")";
+ }
+
+/*************************************************
+* Return a clone of this object *
+*************************************************/
+BlockCipher* SAFER_SK::clone() const
+ {
+ return new SAFER_SK(ROUNDS);
+ }
+
+/*************************************************
+* SAFER-SK Constructor *
+*************************************************/
+SAFER_SK::SAFER_SK(u32bit rounds) : BlockCipher(8, 16),
+ EK(16 * rounds + 8), ROUNDS(rounds)
+ {
+ if(ROUNDS > 13 || ROUNDS == 0)
+ throw Invalid_Argument(name() + ": Invalid number of rounds");
+ }
+
+}
diff --git a/src/secqueue.cpp b/src/secqueue.cpp
new file mode 100644
index 000000000..da7c10d20
--- /dev/null
+++ b/src/secqueue.cpp
@@ -0,0 +1,203 @@
+/*************************************************
+* SecureQueue Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/secqueue.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* SecureQueueNode *
+*************************************************/
+class SecureQueueNode
+ {
+ public:
+ u32bit write(const byte input[], u32bit length)
+ {
+ u32bit copied = std::min(length, buffer.size() - end);
+ copy_mem(buffer + end, input, copied);
+ end += copied;
+ return copied;
+ }
+ u32bit read(byte output[], u32bit length)
+ {
+ u32bit copied = std::min(length, end - start);
+ copy_mem(output, buffer + start, copied);
+ start += copied;
+ return copied;
+ }
+ u32bit peek(byte output[], u32bit length, u32bit offset = 0)
+ {
+ const u32bit left = end - start;
+ if(offset >= left) return 0;
+ u32bit copied = std::min(length, left - offset);
+ copy_mem(output, buffer + start + offset, copied);
+ return copied;
+ }
+ u32bit size() const { return (end - start); }
+ SecureQueueNode() { next = 0; start = end = 0; }
+ ~SecureQueueNode() { next = 0; start = end = 0; }
+ private:
+ friend class SecureQueue;
+ SecureQueueNode* next;
+ SecureBuffer<byte, DEFAULT_BUFFERSIZE> buffer;
+ u32bit start, end;
+ };
+
+/*************************************************
+* Create a SecureQueue *
+*************************************************/
+SecureQueue::SecureQueue()
+ {
+ set_next(0, 0);
+ head = tail = new SecureQueueNode;
+ }
+
+/*************************************************
+* Copy a SecureQueue *
+*************************************************/
+SecureQueue::SecureQueue(const SecureQueue& input) :
+ Fanout_Filter(), DataSource()
+ {
+ set_next(0, 0);
+
+ head = tail = new SecureQueueNode;
+ SecureQueueNode* temp = input.head;
+ while(temp)
+ {
+ write(temp->buffer + temp->start, temp->end - temp->start);
+ temp = temp->next;
+ }
+ }
+
+/*************************************************
+* Destroy this SecureQueue *
+*************************************************/
+void SecureQueue::destroy()
+ {
+ SecureQueueNode* temp = head;
+ while(temp)
+ {
+ SecureQueueNode* holder = temp->next;
+ delete temp;
+ temp = holder;
+ }
+ head = tail = 0;
+ }
+
+/*************************************************
+* Copy a SecureQueue *
+*************************************************/
+SecureQueue& SecureQueue::operator=(const SecureQueue& input)
+ {
+ destroy();
+ head = tail = new SecureQueueNode;
+ SecureQueueNode* temp = input.head;
+ while(temp)
+ {
+ write(temp->buffer + temp->start, temp->end - temp->start);
+ temp = temp->next;
+ }
+ return (*this);
+ }
+
+/*************************************************
+* Add some bytes to the queue *
+*************************************************/
+void SecureQueue::write(const byte input[], u32bit length)
+ {
+ if(!head)
+ head = tail = new SecureQueueNode;
+ while(length)
+ {
+ const u32bit n = tail->write(input, length);
+ input += n;
+ length -= n;
+ if(length)
+ {
+ tail->next = new SecureQueueNode;
+ tail = tail->next;
+ }
+ }
+ }
+
+/*************************************************
+* Read some bytes from the queue *
+*************************************************/
+u32bit SecureQueue::read(byte output[], u32bit length)
+ {
+ u32bit got = 0;
+ while(length && head)
+ {
+ const u32bit n = head->read(output, length);
+ output += n;
+ got += n;
+ length -= n;
+ if(head->size() == 0)
+ {
+ SecureQueueNode* holder = head->next;
+ delete head;
+ head = holder;
+ }
+ }
+ return got;
+ }
+
+/*************************************************
+* Read data, but do not remove it from queue *
+*************************************************/
+u32bit SecureQueue::peek(byte output[], u32bit length, u32bit offset) const
+ {
+ SecureQueueNode* current = head;
+
+ while(offset && current)
+ {
+ if(offset >= current->size())
+ {
+ offset -= current->size();
+ current = current->next;
+ }
+ else
+ break;
+ }
+
+ u32bit got = 0;
+ while(length && current)
+ {
+ const u32bit n = current->peek(output, length, offset);
+ offset = 0;
+ output += n;
+ got += n;
+ length -= n;
+ current = current->next;
+ }
+ return got;
+ }
+
+/*************************************************
+* Return how many bytes the queue holds *
+*************************************************/
+u32bit SecureQueue::size() const
+ {
+ SecureQueueNode* current = head;
+ u32bit count = 0;
+
+ while(current)
+ {
+ count += current->size();
+ current = current->next;
+ }
+ return count;
+ }
+
+/*************************************************
+* Test if the queue has any data in it *
+*************************************************/
+bool SecureQueue::end_of_data() const
+ {
+ return (size() == 0);
+ }
+
+}
diff --git a/src/seed.cpp b/src/seed.cpp
new file mode 100644
index 000000000..24bc2fe3e
--- /dev/null
+++ b/src/seed.cpp
@@ -0,0 +1,134 @@
+/*************************************************
+* SEED Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/seed.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* SEED G Function *
+*************************************************/
+u32bit SEED::G_FUNC::operator()(u32bit X) const
+ {
+ return (S0[get_byte(3, X)] ^ S1[get_byte(2, X)] ^
+ S2[get_byte(1, X)] ^ S3[get_byte(0, X)]);
+ }
+
+
+/*************************************************
+* SEED Encryption *
+*************************************************/
+void SEED::enc(const byte in[], byte out[]) const
+ {
+ u32bit B0 = make_u32bit(in[ 0], in[ 1], in[ 2], in[ 3]),
+ B1 = make_u32bit(in[ 4], in[ 5], in[ 6], in[ 7]),
+ B2 = make_u32bit(in[ 8], in[ 9], in[10], in[11]),
+ B3 = make_u32bit(in[12], in[13], in[14], in[15]);
+
+ G_FUNC G;
+
+ for(u32bit j = 0; j != 16; j += 2)
+ {
+ u32bit T0, T1;
+
+ T0 = B2 ^ K[2*j];
+ T1 = G(T0 ^ B3 ^ K[2*j+1]);
+ T0 = G(T1 + T0);
+ B1 ^= (T1 = G(T1 + T0));
+
+ T0 = (B0 ^= T0 + T1) ^ K[2*j+2];
+ T1 = G(T0 ^ B1 ^ K[2*j+3]);
+ T0 = G(T1 + T0);
+ B3 ^= (T1 = G(T1 + T0));
+ B2 ^= T0 + T1;
+ }
+
+ out[ 0] = get_byte(0, B2); out[ 1] = get_byte(1, B2);
+ out[ 2] = get_byte(2, B2); out[ 3] = get_byte(3, B2);
+ out[ 4] = get_byte(0, B3); out[ 5] = get_byte(1, B3);
+ out[ 6] = get_byte(2, B3); out[ 7] = get_byte(3, B3);
+ out[ 8] = get_byte(0, B0); out[ 9] = get_byte(1, B0);
+ out[10] = get_byte(2, B0); out[11] = get_byte(3, B0);
+ out[12] = get_byte(0, B1); out[13] = get_byte(1, B1);
+ out[14] = get_byte(2, B1); out[15] = get_byte(3, B1);
+ }
+
+/*************************************************
+* SEED Decryption *
+*************************************************/
+void SEED::dec(const byte in[], byte out[]) const
+ {
+ u32bit B0 = make_u32bit(in[ 0], in[ 1], in[ 2], in[ 3]),
+ B1 = make_u32bit(in[ 4], in[ 5], in[ 6], in[ 7]),
+ B2 = make_u32bit(in[ 8], in[ 9], in[10], in[11]),
+ B3 = make_u32bit(in[12], in[13], in[14], in[15]);
+
+ G_FUNC G;
+
+ for(u32bit j = 0; j != 16; j += 2)
+ {
+ u32bit T0, T1;
+
+ T0 = B2 ^ K[30-2*j];
+ T1 = G(T0 ^ B3 ^ K[31-2*j]);
+ T0 = G(T1 + T0);
+ B1 ^= (T1 = G(T1 + T0));
+
+ T0 = (B0 ^= T0 + T1) ^ K[28-2*j];
+ T1 = G(T0 ^ B1 ^ K[29-2*j]);
+ T0 = G(T1 + T0);
+ B3 ^= (T1 = G(T1 + T0));
+ B2 ^= T0 + T1;
+ }
+
+ out[ 0] = get_byte(0, B2); out[ 1] = get_byte(1, B2);
+ out[ 2] = get_byte(2, B2); out[ 3] = get_byte(3, B2);
+ out[ 4] = get_byte(0, B3); out[ 5] = get_byte(1, B3);
+ out[ 6] = get_byte(2, B3); out[ 7] = get_byte(3, B3);
+ out[ 8] = get_byte(0, B0); out[ 9] = get_byte(1, B0);
+ out[10] = get_byte(2, B0); out[11] = get_byte(3, B0);
+ out[12] = get_byte(0, B1); out[13] = get_byte(1, B1);
+ out[14] = get_byte(2, B1); out[15] = get_byte(3, B1);
+ }
+
+/*************************************************
+* SEED Key Schedule *
+*************************************************/
+void SEED::key(const byte key[], u32bit)
+ {
+ const u32bit RC[16] = {
+ 0x9E3779B9, 0x3C6EF373, 0x78DDE6E6, 0xF1BBCDCC,
+ 0xE3779B99, 0xC6EF3733, 0x8DDE6E67, 0x1BBCDCCF,
+ 0x3779B99E, 0x6EF3733C, 0xDDE6E678, 0xBBCDCCF1,
+ 0x779B99E3, 0xEF3733C6, 0xDE6E678D, 0xBCDCCF1B
+ };
+
+ SecureBuffer<u32bit, 4> WK;
+
+ for(u32bit j = 0; j != 4; ++j)
+ WK[j] = make_u32bit(key[4*j], key[4*j+1], key[4*j+2], key[4*j+3]);
+
+ G_FUNC G;
+
+ for(u32bit j = 0; j != 16; j += 2)
+ {
+ K[2*j ] = G(WK[0] + WK[2] - RC[j]);
+ K[2*j+1] = G(WK[1] - WK[3] + RC[j]);
+
+ byte T = get_byte(3, WK[0]);
+ WK[0] = (WK[0] >> 8) | (get_byte(3, WK[1]) << 24);
+ WK[1] = (WK[1] >> 8) | (T << 24);
+
+ K[2*j+2] = G(WK[0] + WK[2] - RC[j+1]);
+ K[2*j+3] = G(WK[1] - WK[3] + RC[j+1]);
+
+ T = get_byte(0, WK[3]);
+ WK[3] = (WK[3] << 8) | get_byte(0, WK[2]);
+ WK[2] = (WK[2] << 8) | T;
+ }
+ }
+
+}
diff --git a/src/seed_tab.cpp b/src/seed_tab.cpp
new file mode 100644
index 000000000..9c3e4334b
--- /dev/null
+++ b/src/seed_tab.cpp
@@ -0,0 +1,190 @@
+/*************************************************
+* S-Box Tables for SEED *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/seed.h>
+
+namespace Botan {
+
+const u32bit SEED::G_FUNC::S0[256] = {
+ 0x2989A1A8, 0x05858184, 0x16C6D2D4, 0x13C3D3D0, 0x14445054, 0x1D0D111C,
+ 0x2C8CA0AC, 0x25052124, 0x1D4D515C, 0x03434340, 0x18081018, 0x1E0E121C,
+ 0x11415150, 0x3CCCF0FC, 0x0ACAC2C8, 0x23436360, 0x28082028, 0x04444044,
+ 0x20002020, 0x1D8D919C, 0x20C0E0E0, 0x22C2E2E0, 0x08C8C0C8, 0x17071314,
+ 0x2585A1A4, 0x0F8F838C, 0x03030300, 0x3B4B7378, 0x3B8BB3B8, 0x13031310,
+ 0x12C2D2D0, 0x2ECEE2EC, 0x30407070, 0x0C8C808C, 0x3F0F333C, 0x2888A0A8,
+ 0x32023230, 0x1DCDD1DC, 0x36C6F2F4, 0x34447074, 0x2CCCE0EC, 0x15859194,
+ 0x0B0B0308, 0x17475354, 0x1C4C505C, 0x1B4B5358, 0x3D8DB1BC, 0x01010100,
+ 0x24042024, 0x1C0C101C, 0x33437370, 0x18889098, 0x10001010, 0x0CCCC0CC,
+ 0x32C2F2F0, 0x19C9D1D8, 0x2C0C202C, 0x27C7E3E4, 0x32427270, 0x03838380,
+ 0x1B8B9398, 0x11C1D1D0, 0x06868284, 0x09C9C1C8, 0x20406060, 0x10405050,
+ 0x2383A3A0, 0x2BCBE3E8, 0x0D0D010C, 0x3686B2B4, 0x1E8E929C, 0x0F4F434C,
+ 0x3787B3B4, 0x1A4A5258, 0x06C6C2C4, 0x38487078, 0x2686A2A4, 0x12021210,
+ 0x2F8FA3AC, 0x15C5D1D4, 0x21416160, 0x03C3C3C0, 0x3484B0B4, 0x01414140,
+ 0x12425250, 0x3D4D717C, 0x0D8D818C, 0x08080008, 0x1F0F131C, 0x19899198,
+ 0x00000000, 0x19091118, 0x04040004, 0x13435350, 0x37C7F3F4, 0x21C1E1E0,
+ 0x3DCDF1FC, 0x36467274, 0x2F0F232C, 0x27072324, 0x3080B0B0, 0x0B8B8388,
+ 0x0E0E020C, 0x2B8BA3A8, 0x2282A2A0, 0x2E4E626C, 0x13839390, 0x0D4D414C,
+ 0x29496168, 0x3C4C707C, 0x09090108, 0x0A0A0208, 0x3F8FB3BC, 0x2FCFE3EC,
+ 0x33C3F3F0, 0x05C5C1C4, 0x07878384, 0x14041014, 0x3ECEF2FC, 0x24446064,
+ 0x1ECED2DC, 0x2E0E222C, 0x0B4B4348, 0x1A0A1218, 0x06060204, 0x21012120,
+ 0x2B4B6368, 0x26466264, 0x02020200, 0x35C5F1F4, 0x12829290, 0x0A8A8288,
+ 0x0C0C000C, 0x3383B3B0, 0x3E4E727C, 0x10C0D0D0, 0x3A4A7278, 0x07474344,
+ 0x16869294, 0x25C5E1E4, 0x26062224, 0x00808080, 0x2D8DA1AC, 0x1FCFD3DC,
+ 0x2181A1A0, 0x30003030, 0x37073334, 0x2E8EA2AC, 0x36063234, 0x15051114,
+ 0x22022220, 0x38083038, 0x34C4F0F4, 0x2787A3A4, 0x05454144, 0x0C4C404C,
+ 0x01818180, 0x29C9E1E8, 0x04848084, 0x17879394, 0x35053134, 0x0BCBC3C8,
+ 0x0ECEC2CC, 0x3C0C303C, 0x31417170, 0x11011110, 0x07C7C3C4, 0x09898188,
+ 0x35457174, 0x3BCBF3F8, 0x1ACAD2D8, 0x38C8F0F8, 0x14849094, 0x19495158,
+ 0x02828280, 0x04C4C0C4, 0x3FCFF3FC, 0x09494148, 0x39093138, 0x27476364,
+ 0x00C0C0C0, 0x0FCFC3CC, 0x17C7D3D4, 0x3888B0B8, 0x0F0F030C, 0x0E8E828C,
+ 0x02424240, 0x23032320, 0x11819190, 0x2C4C606C, 0x1BCBD3D8, 0x2484A0A4,
+ 0x34043034, 0x31C1F1F0, 0x08484048, 0x02C2C2C0, 0x2F4F636C, 0x3D0D313C,
+ 0x2D0D212C, 0x00404040, 0x3E8EB2BC, 0x3E0E323C, 0x3C8CB0BC, 0x01C1C1C0,
+ 0x2A8AA2A8, 0x3A8AB2B8, 0x0E4E424C, 0x15455154, 0x3B0B3338, 0x1CCCD0DC,
+ 0x28486068, 0x3F4F737C, 0x1C8C909C, 0x18C8D0D8, 0x0A4A4248, 0x16465254,
+ 0x37477374, 0x2080A0A0, 0x2DCDE1EC, 0x06464244, 0x3585B1B4, 0x2B0B2328,
+ 0x25456164, 0x3ACAF2F8, 0x23C3E3E0, 0x3989B1B8, 0x3181B1B0, 0x1F8F939C,
+ 0x1E4E525C, 0x39C9F1F8, 0x26C6E2E4, 0x3282B2B0, 0x31013130, 0x2ACAE2E8,
+ 0x2D4D616C, 0x1F4F535C, 0x24C4E0E4, 0x30C0F0F0, 0x0DCDC1CC, 0x08888088,
+ 0x16061214, 0x3A0A3238, 0x18485058, 0x14C4D0D4, 0x22426260, 0x29092128,
+ 0x07070304, 0x33033330, 0x28C8E0E8, 0x1B0B1318, 0x05050104, 0x39497178,
+ 0x10809090, 0x2A4A6268, 0x2A0A2228, 0x1A8A9298 };
+
+const u32bit SEED::G_FUNC::S1[256] = {
+ 0x38380830, 0xE828C8E0, 0x2C2D0D21, 0xA42686A2, 0xCC0FCFC3, 0xDC1ECED2,
+ 0xB03383B3, 0xB83888B0, 0xAC2F8FA3, 0x60204060, 0x54154551, 0xC407C7C3,
+ 0x44044440, 0x6C2F4F63, 0x682B4B63, 0x581B4B53, 0xC003C3C3, 0x60224262,
+ 0x30330333, 0xB43585B1, 0x28290921, 0xA02080A0, 0xE022C2E2, 0xA42787A3,
+ 0xD013C3D3, 0x90118191, 0x10110111, 0x04060602, 0x1C1C0C10, 0xBC3C8CB0,
+ 0x34360632, 0x480B4B43, 0xEC2FCFE3, 0x88088880, 0x6C2C4C60, 0xA82888A0,
+ 0x14170713, 0xC404C4C0, 0x14160612, 0xF434C4F0, 0xC002C2C2, 0x44054541,
+ 0xE021C1E1, 0xD416C6D2, 0x3C3F0F33, 0x3C3D0D31, 0x8C0E8E82, 0x98188890,
+ 0x28280820, 0x4C0E4E42, 0xF436C6F2, 0x3C3E0E32, 0xA42585A1, 0xF839C9F1,
+ 0x0C0D0D01, 0xDC1FCFD3, 0xD818C8D0, 0x282B0B23, 0x64264662, 0x783A4A72,
+ 0x24270723, 0x2C2F0F23, 0xF031C1F1, 0x70324272, 0x40024242, 0xD414C4D0,
+ 0x40014141, 0xC000C0C0, 0x70334373, 0x64274763, 0xAC2C8CA0, 0x880B8B83,
+ 0xF437C7F3, 0xAC2D8DA1, 0x80008080, 0x1C1F0F13, 0xC80ACAC2, 0x2C2C0C20,
+ 0xA82A8AA2, 0x34340430, 0xD012C2D2, 0x080B0B03, 0xEC2ECEE2, 0xE829C9E1,
+ 0x5C1D4D51, 0x94148490, 0x18180810, 0xF838C8F0, 0x54174753, 0xAC2E8EA2,
+ 0x08080800, 0xC405C5C1, 0x10130313, 0xCC0DCDC1, 0x84068682, 0xB83989B1,
+ 0xFC3FCFF3, 0x7C3D4D71, 0xC001C1C1, 0x30310131, 0xF435C5F1, 0x880A8A82,
+ 0x682A4A62, 0xB03181B1, 0xD011C1D1, 0x20200020, 0xD417C7D3, 0x00020202,
+ 0x20220222, 0x04040400, 0x68284860, 0x70314171, 0x04070703, 0xD81BCBD3,
+ 0x9C1D8D91, 0x98198991, 0x60214161, 0xBC3E8EB2, 0xE426C6E2, 0x58194951,
+ 0xDC1DCDD1, 0x50114151, 0x90108090, 0xDC1CCCD0, 0x981A8A92, 0xA02383A3,
+ 0xA82B8BA3, 0xD010C0D0, 0x80018181, 0x0C0F0F03, 0x44074743, 0x181A0A12,
+ 0xE023C3E3, 0xEC2CCCE0, 0x8C0D8D81, 0xBC3F8FB3, 0x94168692, 0x783B4B73,
+ 0x5C1C4C50, 0xA02282A2, 0xA02181A1, 0x60234363, 0x20230323, 0x4C0D4D41,
+ 0xC808C8C0, 0x9C1E8E92, 0x9C1C8C90, 0x383A0A32, 0x0C0C0C00, 0x2C2E0E22,
+ 0xB83A8AB2, 0x6C2E4E62, 0x9C1F8F93, 0x581A4A52, 0xF032C2F2, 0x90128292,
+ 0xF033C3F3, 0x48094941, 0x78384870, 0xCC0CCCC0, 0x14150511, 0xF83BCBF3,
+ 0x70304070, 0x74354571, 0x7C3F4F73, 0x34350531, 0x10100010, 0x00030303,
+ 0x64244460, 0x6C2D4D61, 0xC406C6C2, 0x74344470, 0xD415C5D1, 0xB43484B0,
+ 0xE82ACAE2, 0x08090901, 0x74364672, 0x18190911, 0xFC3ECEF2, 0x40004040,
+ 0x10120212, 0xE020C0E0, 0xBC3D8DB1, 0x04050501, 0xF83ACAF2, 0x00010101,
+ 0xF030C0F0, 0x282A0A22, 0x5C1E4E52, 0xA82989A1, 0x54164652, 0x40034343,
+ 0x84058581, 0x14140410, 0x88098981, 0x981B8B93, 0xB03080B0, 0xE425C5E1,
+ 0x48084840, 0x78394971, 0x94178793, 0xFC3CCCF0, 0x1C1E0E12, 0x80028282,
+ 0x20210121, 0x8C0C8C80, 0x181B0B13, 0x5C1F4F53, 0x74374773, 0x54144450,
+ 0xB03282B2, 0x1C1D0D11, 0x24250521, 0x4C0F4F43, 0x00000000, 0x44064642,
+ 0xEC2DCDE1, 0x58184850, 0x50124252, 0xE82BCBE3, 0x7C3E4E72, 0xD81ACAD2,
+ 0xC809C9C1, 0xFC3DCDF1, 0x30300030, 0x94158591, 0x64254561, 0x3C3C0C30,
+ 0xB43686B2, 0xE424C4E0, 0xB83B8BB3, 0x7C3C4C70, 0x0C0E0E02, 0x50104050,
+ 0x38390931, 0x24260622, 0x30320232, 0x84048480, 0x68294961, 0x90138393,
+ 0x34370733, 0xE427C7E3, 0x24240420, 0xA42484A0, 0xC80BCBC3, 0x50134353,
+ 0x080A0A02, 0x84078783, 0xD819C9D1, 0x4C0C4C40, 0x80038383, 0x8C0F8F83,
+ 0xCC0ECEC2, 0x383B0B33, 0x480A4A42, 0xB43787B3 };
+
+const u32bit SEED::G_FUNC::S2[256] = {
+ 0xA1A82989, 0x81840585, 0xD2D416C6, 0xD3D013C3, 0x50541444, 0x111C1D0D,
+ 0xA0AC2C8C, 0x21242505, 0x515C1D4D, 0x43400343, 0x10181808, 0x121C1E0E,
+ 0x51501141, 0xF0FC3CCC, 0xC2C80ACA, 0x63602343, 0x20282808, 0x40440444,
+ 0x20202000, 0x919C1D8D, 0xE0E020C0, 0xE2E022C2, 0xC0C808C8, 0x13141707,
+ 0xA1A42585, 0x838C0F8F, 0x03000303, 0x73783B4B, 0xB3B83B8B, 0x13101303,
+ 0xD2D012C2, 0xE2EC2ECE, 0x70703040, 0x808C0C8C, 0x333C3F0F, 0xA0A82888,
+ 0x32303202, 0xD1DC1DCD, 0xF2F436C6, 0x70743444, 0xE0EC2CCC, 0x91941585,
+ 0x03080B0B, 0x53541747, 0x505C1C4C, 0x53581B4B, 0xB1BC3D8D, 0x01000101,
+ 0x20242404, 0x101C1C0C, 0x73703343, 0x90981888, 0x10101000, 0xC0CC0CCC,
+ 0xF2F032C2, 0xD1D819C9, 0x202C2C0C, 0xE3E427C7, 0x72703242, 0x83800383,
+ 0x93981B8B, 0xD1D011C1, 0x82840686, 0xC1C809C9, 0x60602040, 0x50501040,
+ 0xA3A02383, 0xE3E82BCB, 0x010C0D0D, 0xB2B43686, 0x929C1E8E, 0x434C0F4F,
+ 0xB3B43787, 0x52581A4A, 0xC2C406C6, 0x70783848, 0xA2A42686, 0x12101202,
+ 0xA3AC2F8F, 0xD1D415C5, 0x61602141, 0xC3C003C3, 0xB0B43484, 0x41400141,
+ 0x52501242, 0x717C3D4D, 0x818C0D8D, 0x00080808, 0x131C1F0F, 0x91981989,
+ 0x00000000, 0x11181909, 0x00040404, 0x53501343, 0xF3F437C7, 0xE1E021C1,
+ 0xF1FC3DCD, 0x72743646, 0x232C2F0F, 0x23242707, 0xB0B03080, 0x83880B8B,
+ 0x020C0E0E, 0xA3A82B8B, 0xA2A02282, 0x626C2E4E, 0x93901383, 0x414C0D4D,
+ 0x61682949, 0x707C3C4C, 0x01080909, 0x02080A0A, 0xB3BC3F8F, 0xE3EC2FCF,
+ 0xF3F033C3, 0xC1C405C5, 0x83840787, 0x10141404, 0xF2FC3ECE, 0x60642444,
+ 0xD2DC1ECE, 0x222C2E0E, 0x43480B4B, 0x12181A0A, 0x02040606, 0x21202101,
+ 0x63682B4B, 0x62642646, 0x02000202, 0xF1F435C5, 0x92901282, 0x82880A8A,
+ 0x000C0C0C, 0xB3B03383, 0x727C3E4E, 0xD0D010C0, 0x72783A4A, 0x43440747,
+ 0x92941686, 0xE1E425C5, 0x22242606, 0x80800080, 0xA1AC2D8D, 0xD3DC1FCF,
+ 0xA1A02181, 0x30303000, 0x33343707, 0xA2AC2E8E, 0x32343606, 0x11141505,
+ 0x22202202, 0x30383808, 0xF0F434C4, 0xA3A42787, 0x41440545, 0x404C0C4C,
+ 0x81800181, 0xE1E829C9, 0x80840484, 0x93941787, 0x31343505, 0xC3C80BCB,
+ 0xC2CC0ECE, 0x303C3C0C, 0x71703141, 0x11101101, 0xC3C407C7, 0x81880989,
+ 0x71743545, 0xF3F83BCB, 0xD2D81ACA, 0xF0F838C8, 0x90941484, 0x51581949,
+ 0x82800282, 0xC0C404C4, 0xF3FC3FCF, 0x41480949, 0x31383909, 0x63642747,
+ 0xC0C000C0, 0xC3CC0FCF, 0xD3D417C7, 0xB0B83888, 0x030C0F0F, 0x828C0E8E,
+ 0x42400242, 0x23202303, 0x91901181, 0x606C2C4C, 0xD3D81BCB, 0xA0A42484,
+ 0x30343404, 0xF1F031C1, 0x40480848, 0xC2C002C2, 0x636C2F4F, 0x313C3D0D,
+ 0x212C2D0D, 0x40400040, 0xB2BC3E8E, 0x323C3E0E, 0xB0BC3C8C, 0xC1C001C1,
+ 0xA2A82A8A, 0xB2B83A8A, 0x424C0E4E, 0x51541545, 0x33383B0B, 0xD0DC1CCC,
+ 0x60682848, 0x737C3F4F, 0x909C1C8C, 0xD0D818C8, 0x42480A4A, 0x52541646,
+ 0x73743747, 0xA0A02080, 0xE1EC2DCD, 0x42440646, 0xB1B43585, 0x23282B0B,
+ 0x61642545, 0xF2F83ACA, 0xE3E023C3, 0xB1B83989, 0xB1B03181, 0x939C1F8F,
+ 0x525C1E4E, 0xF1F839C9, 0xE2E426C6, 0xB2B03282, 0x31303101, 0xE2E82ACA,
+ 0x616C2D4D, 0x535C1F4F, 0xE0E424C4, 0xF0F030C0, 0xC1CC0DCD, 0x80880888,
+ 0x12141606, 0x32383A0A, 0x50581848, 0xD0D414C4, 0x62602242, 0x21282909,
+ 0x03040707, 0x33303303, 0xE0E828C8, 0x13181B0B, 0x01040505, 0x71783949,
+ 0x90901080, 0x62682A4A, 0x22282A0A, 0x92981A8A };
+
+const u32bit SEED::G_FUNC::S3[256] = {
+ 0x08303838, 0xC8E0E828, 0x0D212C2D, 0x86A2A426, 0xCFC3CC0F, 0xCED2DC1E,
+ 0x83B3B033, 0x88B0B838, 0x8FA3AC2F, 0x40606020, 0x45515415, 0xC7C3C407,
+ 0x44404404, 0x4F636C2F, 0x4B63682B, 0x4B53581B, 0xC3C3C003, 0x42626022,
+ 0x03333033, 0x85B1B435, 0x09212829, 0x80A0A020, 0xC2E2E022, 0x87A3A427,
+ 0xC3D3D013, 0x81919011, 0x01111011, 0x06020406, 0x0C101C1C, 0x8CB0BC3C,
+ 0x06323436, 0x4B43480B, 0xCFE3EC2F, 0x88808808, 0x4C606C2C, 0x88A0A828,
+ 0x07131417, 0xC4C0C404, 0x06121416, 0xC4F0F434, 0xC2C2C002, 0x45414405,
+ 0xC1E1E021, 0xC6D2D416, 0x0F333C3F, 0x0D313C3D, 0x8E828C0E, 0x88909818,
+ 0x08202828, 0x4E424C0E, 0xC6F2F436, 0x0E323C3E, 0x85A1A425, 0xC9F1F839,
+ 0x0D010C0D, 0xCFD3DC1F, 0xC8D0D818, 0x0B23282B, 0x46626426, 0x4A72783A,
+ 0x07232427, 0x0F232C2F, 0xC1F1F031, 0x42727032, 0x42424002, 0xC4D0D414,
+ 0x41414001, 0xC0C0C000, 0x43737033, 0x47636427, 0x8CA0AC2C, 0x8B83880B,
+ 0xC7F3F437, 0x8DA1AC2D, 0x80808000, 0x0F131C1F, 0xCAC2C80A, 0x0C202C2C,
+ 0x8AA2A82A, 0x04303434, 0xC2D2D012, 0x0B03080B, 0xCEE2EC2E, 0xC9E1E829,
+ 0x4D515C1D, 0x84909414, 0x08101818, 0xC8F0F838, 0x47535417, 0x8EA2AC2E,
+ 0x08000808, 0xC5C1C405, 0x03131013, 0xCDC1CC0D, 0x86828406, 0x89B1B839,
+ 0xCFF3FC3F, 0x4D717C3D, 0xC1C1C001, 0x01313031, 0xC5F1F435, 0x8A82880A,
+ 0x4A62682A, 0x81B1B031, 0xC1D1D011, 0x00202020, 0xC7D3D417, 0x02020002,
+ 0x02222022, 0x04000404, 0x48606828, 0x41717031, 0x07030407, 0xCBD3D81B,
+ 0x8D919C1D, 0x89919819, 0x41616021, 0x8EB2BC3E, 0xC6E2E426, 0x49515819,
+ 0xCDD1DC1D, 0x41515011, 0x80909010, 0xCCD0DC1C, 0x8A92981A, 0x83A3A023,
+ 0x8BA3A82B, 0xC0D0D010, 0x81818001, 0x0F030C0F, 0x47434407, 0x0A12181A,
+ 0xC3E3E023, 0xCCE0EC2C, 0x8D818C0D, 0x8FB3BC3F, 0x86929416, 0x4B73783B,
+ 0x4C505C1C, 0x82A2A022, 0x81A1A021, 0x43636023, 0x03232023, 0x4D414C0D,
+ 0xC8C0C808, 0x8E929C1E, 0x8C909C1C, 0x0A32383A, 0x0C000C0C, 0x0E222C2E,
+ 0x8AB2B83A, 0x4E626C2E, 0x8F939C1F, 0x4A52581A, 0xC2F2F032, 0x82929012,
+ 0xC3F3F033, 0x49414809, 0x48707838, 0xCCC0CC0C, 0x05111415, 0xCBF3F83B,
+ 0x40707030, 0x45717435, 0x4F737C3F, 0x05313435, 0x00101010, 0x03030003,
+ 0x44606424, 0x4D616C2D, 0xC6C2C406, 0x44707434, 0xC5D1D415, 0x84B0B434,
+ 0xCAE2E82A, 0x09010809, 0x46727436, 0x09111819, 0xCEF2FC3E, 0x40404000,
+ 0x02121012, 0xC0E0E020, 0x8DB1BC3D, 0x05010405, 0xCAF2F83A, 0x01010001,
+ 0xC0F0F030, 0x0A22282A, 0x4E525C1E, 0x89A1A829, 0x46525416, 0x43434003,
+ 0x85818405, 0x04101414, 0x89818809, 0x8B93981B, 0x80B0B030, 0xC5E1E425,
+ 0x48404808, 0x49717839, 0x87939417, 0xCCF0FC3C, 0x0E121C1E, 0x82828002,
+ 0x01212021, 0x8C808C0C, 0x0B13181B, 0x4F535C1F, 0x47737437, 0x44505414,
+ 0x82B2B032, 0x0D111C1D, 0x05212425, 0x4F434C0F, 0x00000000, 0x46424406,
+ 0xCDE1EC2D, 0x48505818, 0x42525012, 0xCBE3E82B, 0x4E727C3E, 0xCAD2D81A,
+ 0xC9C1C809, 0xCDF1FC3D, 0x00303030, 0x85919415, 0x45616425, 0x0C303C3C,
+ 0x86B2B436, 0xC4E0E424, 0x8BB3B83B, 0x4C707C3C, 0x0E020C0E, 0x40505010,
+ 0x09313839, 0x06222426, 0x02323032, 0x84808404, 0x49616829, 0x83939013,
+ 0x07333437, 0xC7E3E427, 0x04202424, 0x84A0A424, 0xCBC3C80B, 0x43535013,
+ 0x0A02080A, 0x87838407, 0xC9D1D819, 0x4C404C0C, 0x83838003, 0x8F838C0F,
+ 0xCEC2CC0E, 0x0B33383B, 0x4A42480A, 0x87B3B437 };
+
+}
diff --git a/src/serpent.cpp b/src/serpent.cpp
new file mode 100644
index 000000000..db68aac53
--- /dev/null
+++ b/src/serpent.cpp
@@ -0,0 +1,376 @@
+/*************************************************
+* Serpent Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/serpent.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Serpent Encryption S-Box 1 *
+*************************************************/
+inline void SBoxE1(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T3 ^= T0; T4 = T1; T1 &= T3; T4 ^= T2; T1 ^= T0; T0 |= T3; T0 ^= T4;
+ T4 ^= T3; T3 ^= T2; T2 |= T1; T2 ^= T4; T4 = ~T4; T4 |= T1; T1 ^= T3;
+ T1 ^= T4; T3 |= T0; T1 ^= T3; T4 ^= T3;
+ B0 = T1; B1 = T4; B2 = T2; B3 = T0;
+ }
+
+/*************************************************
+* Serpent Encryption S-Box 2 *
+*************************************************/
+inline void SBoxE2(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T0 = ~T0; T2 = ~T2; T4 = T0; T0 &= T1; T2 ^= T0; T0 |= T3; T3 ^= T2;
+ T1 ^= T0; T0 ^= T4; T4 |= T1; T1 ^= T3; T2 |= T0; T2 &= T4; T0 ^= T1;
+ T1 &= T2; T1 ^= T0; T0 &= T2; T0 ^= T4;
+ B0 = T2; B1 = T0; B2 = T3; B3 = T1;
+ }
+
+/*************************************************
+* Serpent Encryption S-Box 3 *
+*************************************************/
+inline void SBoxE3(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T4 = T0; T0 &= T2; T0 ^= T3; T2 ^= T1; T2 ^= T0; T3 |= T4; T3 ^= T1;
+ T4 ^= T2; T1 = T3; T3 |= T4; T3 ^= T0; T0 &= T1; T4 ^= T0; T1 ^= T3;
+ T1 ^= T4; T4 = ~T4;
+ B0 = T2; B1 = T3; B2 = T1; B3 = T4;
+ }
+
+/*************************************************
+* Serpent Encryption S-Box 4 *
+*************************************************/
+inline void SBoxE4(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T4 = T0; T0 |= T3; T3 ^= T1; T1 &= T4; T4 ^= T2; T2 ^= T3; T3 &= T0;
+ T4 |= T1; T3 ^= T4; T0 ^= T1; T4 &= T0; T1 ^= T3; T4 ^= T2; T1 |= T0;
+ T1 ^= T2; T0 ^= T3; T2 = T1; T1 |= T3; T1 ^= T0;
+ B0 = T1; B1 = T2; B2 = T3; B3 = T4;
+ }
+
+/*************************************************
+* Serpent Encryption S-Box 5 *
+*************************************************/
+inline void SBoxE5(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T1 ^= T3; T3 = ~T3; T2 ^= T3; T3 ^= T0; T4 = T1; T1 &= T3; T1 ^= T2;
+ T4 ^= T3; T0 ^= T4; T2 &= T4; T2 ^= T0; T0 &= T1; T3 ^= T0; T4 |= T1;
+ T4 ^= T0; T0 |= T3; T0 ^= T2; T2 &= T3; T0 = ~T0; T4 ^= T2;
+ B0 = T1; B1 = T4; B2 = T0; B3 = T3;
+ }
+
+/*************************************************
+* Serpent Encryption S-Box 6 *
+*************************************************/
+inline void SBoxE6(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T0 ^= T1; T1 ^= T3; T3 = ~T3; T4 = T1; T1 &= T0; T2 ^= T3; T1 ^= T2;
+ T2 |= T4; T4 ^= T3; T3 &= T1; T3 ^= T0; T4 ^= T1; T4 ^= T2; T2 ^= T0;
+ T0 &= T3; T2 = ~T2; T0 ^= T4; T4 |= T3; T2 ^= T4;
+ B0 = T1; B1 = T3; B2 = T0; B3 = T2;
+ }
+
+/*************************************************
+* Serpent Encryption S-Box 7 *
+*************************************************/
+inline void SBoxE7(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T2 = ~T2; T4 = T3; T3 &= T0; T0 ^= T4; T3 ^= T2; T2 |= T4; T1 ^= T3;
+ T2 ^= T0; T0 |= T1; T2 ^= T1; T4 ^= T0; T0 |= T3; T0 ^= T2; T4 ^= T3;
+ T4 ^= T0; T3 = ~T3; T2 &= T4; T2 ^= T3;
+ B0 = T0; B1 = T1; B2 = T4; B3 = T2;
+ }
+
+/*************************************************
+* Serpent Encryption S-Box 8 *
+*************************************************/
+inline void SBoxE8(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T4 = T1; T1 |= T2; T1 ^= T3; T4 ^= T2; T2 ^= T1; T3 |= T4; T3 &= T0;
+ T4 ^= T2; T3 ^= T1; T1 |= T4; T1 ^= T0; T0 |= T4; T0 ^= T2; T1 ^= T4;
+ T2 ^= T1; T1 &= T0; T1 ^= T4; T2 = ~T2; T2 |= T0; T4 ^= T2;
+ B0 = T4; B1 = T3; B2 = T1; B3 = T0;
+ }
+
+/*************************************************
+* Serpent Decryption S-Box 1 *
+*************************************************/
+inline void SBoxD1(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T2 = ~T2; T4 = T1; T1 |= T0; T4 = ~T4; T1 ^= T2; T2 |= T4; T1 ^= T3;
+ T0 ^= T4; T2 ^= T0; T0 &= T3; T4 ^= T0; T0 |= T1; T0 ^= T2; T3 ^= T4;
+ T2 ^= T1; T3 ^= T0; T3 ^= T1; T2 &= T3; T4 ^= T2;
+ B0 = T0; B1 = T4; B2 = T1; B3 = T3;
+ }
+
+/*************************************************
+* Serpent Decryption S-Box 2 *
+*************************************************/
+inline void SBoxD2(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T4 = T1; T1 ^= T3; T3 &= T1; T4 ^= T2; T3 ^= T0; T0 |= T1; T2 ^= T3;
+ T0 ^= T4; T0 |= T2; T1 ^= T3; T0 ^= T1; T1 |= T3; T1 ^= T0; T4 = ~T4;
+ T4 ^= T1; T1 |= T0; T1 ^= T0; T1 |= T4; T3 ^= T1;
+ B0 = T4; B1 = T0; B2 = T3; B3 = T2;
+ }
+
+/*************************************************
+* Serpent Decryption S-Box 3 *
+*************************************************/
+inline void SBoxD3(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T2 ^= T3; T3 ^= T0; T4 = T3; T3 &= T2; T3 ^= T1; T1 |= T2; T1 ^= T4;
+ T4 &= T3; T2 ^= T3; T4 &= T0; T4 ^= T2; T2 &= T1; T2 |= T0; T3 = ~T3;
+ T2 ^= T3; T0 ^= T3; T0 &= T1; T3 ^= T4; T3 ^= T0;
+ B0 = T1; B1 = T4; B2 = T2; B3 = T3;
+ }
+
+/*************************************************
+* Serpent Decryption S-Box 4 *
+*************************************************/
+inline void SBoxD4(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T4 = T2; T2 ^= T1; T0 ^= T2; T4 &= T2; T4 ^= T0; T0 &= T1; T1 ^= T3;
+ T3 |= T4; T2 ^= T3; T0 ^= T3; T1 ^= T4; T3 &= T2; T3 ^= T1; T1 ^= T0;
+ T1 |= T2; T0 ^= T3; T1 ^= T4; T0 ^= T1;
+ B0 = T2; B1 = T1; B2 = T3; B3 = T0;
+ }
+
+/*************************************************
+* Serpent Decryption S-Box 5 *
+*************************************************/
+inline void SBoxD5(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T4 = T2; T2 &= T3; T2 ^= T1; T1 |= T3; T1 &= T0; T4 ^= T2; T4 ^= T1;
+ T1 &= T2; T0 = ~T0; T3 ^= T4; T1 ^= T3; T3 &= T0; T3 ^= T2; T0 ^= T1;
+ T2 &= T0; T3 ^= T0; T2 ^= T4; T2 |= T3; T3 ^= T0; T2 ^= T1;
+ B0 = T0; B1 = T3; B2 = T2; B3 = T4;
+ }
+
+/*************************************************
+* Serpent Decryption S-Box 6 *
+*************************************************/
+inline void SBoxD6(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T1 = ~T1; T4 = T3; T2 ^= T1; T3 |= T0; T3 ^= T2; T2 |= T1; T2 &= T0;
+ T4 ^= T3; T2 ^= T4; T4 |= T0; T4 ^= T1; T1 &= T2; T1 ^= T3; T4 ^= T2;
+ T3 &= T4; T4 ^= T1; T3 ^= T4; T4 = ~T4; T3 ^= T0;
+ B0 = T1; B1 = T4; B2 = T3; B3 = T2;
+ }
+
+/*************************************************
+* Serpent Decryption S-Box 7 *
+*************************************************/
+inline void SBoxD7(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T0 ^= T2; T4 = T2; T2 &= T0; T4 ^= T3; T2 = ~T2; T3 ^= T1; T2 ^= T3;
+ T4 |= T0; T0 ^= T2; T3 ^= T4; T4 ^= T1; T1 &= T3; T1 ^= T0; T0 ^= T3;
+ T0 |= T2; T3 ^= T1; T4 ^= T0;
+ B0 = T1; B1 = T2; B2 = T4; B3 = T3;
+ }
+
+/*************************************************
+* Serpent Decryption S-Box 8 *
+*************************************************/
+inline void SBoxD8(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4;
+ T4 = T2; T2 ^= T0; T0 &= T3; T4 |= T3; T2 = ~T2; T3 ^= T1; T1 |= T0;
+ T0 ^= T2; T2 &= T4; T3 &= T4; T1 ^= T2; T2 ^= T0; T0 |= T2; T4 ^= T1;
+ T0 ^= T3; T3 ^= T4; T4 |= T0; T3 ^= T2; T4 ^= T2;
+ B0 = T3; B1 = T0; B2 = T1; B3 = T4;
+ }
+
+/*************************************************
+* Serpent's Linear Transformation *
+*************************************************/
+inline void transform(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ B0 = rotate_left(B0, 13); B2 = rotate_left(B2, 3);
+ B1 ^= B0 ^ B2; B3 ^= B2 ^ (B0 << 3);
+ B1 = rotate_left(B1, 1); B3 = rotate_left(B3, 7);
+ B0 ^= B1 ^ B3; B2 ^= B3 ^ (B1 << 7);
+ B0 = rotate_left(B0, 5); B2 = rotate_left(B2, 22);
+ }
+
+/*************************************************
+* Serpent's Inverse Linear Transformation *
+*************************************************/
+inline void i_transform(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3)
+ {
+ B2 = rotate_right(B2, 22); B0 = rotate_right(B0, 5);
+ B2 ^= B3 ^ (B1 << 7); B0 ^= B1 ^ B3;
+ B3 = rotate_right(B3, 7); B1 = rotate_right(B1, 1);
+ B3 ^= B2 ^ (B0 << 3); B1 ^= B0 ^ B2;
+ B2 = rotate_right(B2, 3); B0 = rotate_right(B0, 13);
+ }
+
+}
+
+/*************************************************
+* XOR a key block with a data block *
+*************************************************/
+inline void Serpent::key_xor(u32bit round, u32bit& B0, u32bit& B1,
+ u32bit& B2, u32bit& B3) const
+ {
+ B0 ^= round_key[4*round ]; B1 ^= round_key[4*round+1];
+ B2 ^= round_key[4*round+2]; B3 ^= round_key[4*round+3];
+ }
+
+/*************************************************
+* Serpent Encryption *
+*************************************************/
+void Serpent::enc(const byte in[], byte out[]) const
+ {
+ u32bit B0 = make_u32bit(in[ 3], in[ 2], in[ 1], in[ 0]),
+ B1 = make_u32bit(in[ 7], in[ 6], in[ 5], in[ 4]),
+ B2 = make_u32bit(in[11], in[10], in[ 9], in[ 8]),
+ B3 = make_u32bit(in[15], in[14], in[13], in[12]);
+ key_xor( 0,B0,B1,B2,B3); SBoxE1(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor( 1,B0,B1,B2,B3); SBoxE2(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor( 2,B0,B1,B2,B3); SBoxE3(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor( 3,B0,B1,B2,B3); SBoxE4(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor( 4,B0,B1,B2,B3); SBoxE5(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor( 5,B0,B1,B2,B3); SBoxE6(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor( 6,B0,B1,B2,B3); SBoxE7(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor( 7,B0,B1,B2,B3); SBoxE8(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor( 8,B0,B1,B2,B3); SBoxE1(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor( 9,B0,B1,B2,B3); SBoxE2(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(10,B0,B1,B2,B3); SBoxE3(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(11,B0,B1,B2,B3); SBoxE4(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(12,B0,B1,B2,B3); SBoxE5(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(13,B0,B1,B2,B3); SBoxE6(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(14,B0,B1,B2,B3); SBoxE7(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(15,B0,B1,B2,B3); SBoxE8(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(16,B0,B1,B2,B3); SBoxE1(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(17,B0,B1,B2,B3); SBoxE2(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(18,B0,B1,B2,B3); SBoxE3(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(19,B0,B1,B2,B3); SBoxE4(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(20,B0,B1,B2,B3); SBoxE5(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(21,B0,B1,B2,B3); SBoxE6(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(22,B0,B1,B2,B3); SBoxE7(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(23,B0,B1,B2,B3); SBoxE8(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(24,B0,B1,B2,B3); SBoxE1(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(25,B0,B1,B2,B3); SBoxE2(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(26,B0,B1,B2,B3); SBoxE3(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(27,B0,B1,B2,B3); SBoxE4(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(28,B0,B1,B2,B3); SBoxE5(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(29,B0,B1,B2,B3); SBoxE6(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(30,B0,B1,B2,B3); SBoxE7(B0,B1,B2,B3); transform(B0,B1,B2,B3);
+ key_xor(31,B0,B1,B2,B3); SBoxE8(B0,B1,B2,B3); key_xor(32,B0,B1,B2,B3);
+ out[ 0] = get_byte(3, B0); out[ 1] = get_byte(2, B0);
+ out[ 2] = get_byte(1, B0); out[ 3] = get_byte(0, B0);
+ out[ 4] = get_byte(3, B1); out[ 5] = get_byte(2, B1);
+ out[ 6] = get_byte(1, B1); out[ 7] = get_byte(0, B1);
+ out[ 8] = get_byte(3, B2); out[ 9] = get_byte(2, B2);
+ out[10] = get_byte(1, B2); out[11] = get_byte(0, B2);
+ out[12] = get_byte(3, B3); out[13] = get_byte(2, B3);
+ out[14] = get_byte(1, B3); out[15] = get_byte(0, B3);
+ }
+
+/*************************************************
+* Serpent Decryption *
+*************************************************/
+void Serpent::dec(const byte in[], byte out[]) const
+ {
+ u32bit B0 = make_u32bit(in[ 3], in[ 2], in[ 1], in[ 0]),
+ B1 = make_u32bit(in[ 7], in[ 6], in[ 5], in[ 4]),
+ B2 = make_u32bit(in[11], in[10], in[ 9], in[ 8]),
+ B3 = make_u32bit(in[15], in[14], in[13], in[12]);
+ key_xor(32,B0,B1,B2,B3); SBoxD8(B0,B1,B2,B3); key_xor(31,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD7(B0,B1,B2,B3); key_xor(30,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD6(B0,B1,B2,B3); key_xor(29,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD5(B0,B1,B2,B3); key_xor(28,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD4(B0,B1,B2,B3); key_xor(27,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD3(B0,B1,B2,B3); key_xor(26,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD2(B0,B1,B2,B3); key_xor(25,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD1(B0,B1,B2,B3); key_xor(24,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD8(B0,B1,B2,B3); key_xor(23,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD7(B0,B1,B2,B3); key_xor(22,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD6(B0,B1,B2,B3); key_xor(21,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD5(B0,B1,B2,B3); key_xor(20,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD4(B0,B1,B2,B3); key_xor(19,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD3(B0,B1,B2,B3); key_xor(18,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD2(B0,B1,B2,B3); key_xor(17,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD1(B0,B1,B2,B3); key_xor(16,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD8(B0,B1,B2,B3); key_xor(15,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD7(B0,B1,B2,B3); key_xor(14,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD6(B0,B1,B2,B3); key_xor(13,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD5(B0,B1,B2,B3); key_xor(12,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD4(B0,B1,B2,B3); key_xor(11,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD3(B0,B1,B2,B3); key_xor(10,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD2(B0,B1,B2,B3); key_xor( 9,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD1(B0,B1,B2,B3); key_xor( 8,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD8(B0,B1,B2,B3); key_xor( 7,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD7(B0,B1,B2,B3); key_xor( 6,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD6(B0,B1,B2,B3); key_xor( 5,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD5(B0,B1,B2,B3); key_xor( 4,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD4(B0,B1,B2,B3); key_xor( 3,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD3(B0,B1,B2,B3); key_xor( 2,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD2(B0,B1,B2,B3); key_xor( 1,B0,B1,B2,B3);
+ i_transform(B0,B1,B2,B3); SBoxD1(B0,B1,B2,B3); key_xor( 0,B0,B1,B2,B3);
+ out[ 0] = get_byte(3, B0); out[ 1] = get_byte(2, B0);
+ out[ 2] = get_byte(1, B0); out[ 3] = get_byte(0, B0);
+ out[ 4] = get_byte(3, B1); out[ 5] = get_byte(2, B1);
+ out[ 6] = get_byte(1, B1); out[ 7] = get_byte(0, B1);
+ out[ 8] = get_byte(3, B2); out[ 9] = get_byte(2, B2);
+ out[10] = get_byte(1, B2); out[11] = get_byte(0, B2);
+ out[12] = get_byte(3, B3); out[13] = get_byte(2, B3);
+ out[14] = get_byte(1, B3); out[15] = get_byte(0, B3);
+ }
+
+/*************************************************
+* Serpent Key Schedule *
+*************************************************/
+void Serpent::key(const byte key[], u32bit length)
+ {
+ const u32bit PHI = 0x9E3779B9;
+
+ SecureBuffer<u32bit, 140> W;
+ for(u32bit j = 0; j != length / 4; ++j)
+ W[j] = make_u32bit(key[4*j+3], key[4*j+2], key[4*j+1], key[4*j]);
+ W[length / 4] |= u32bit(1) << ((length%4)*8);
+ for(u32bit j = 8; j != 140; ++j)
+ W[j] = rotate_left(W[j-8] ^ W[j-5] ^ W[j-3] ^ W[j-1] ^ PHI ^ (j-8), 11);
+ SBoxE4(W[ 8],W[ 9],W[ 10],W[ 11]); SBoxE3(W[ 12],W[ 13],W[ 14],W[ 15]);
+ SBoxE2(W[ 16],W[ 17],W[ 18],W[ 19]); SBoxE1(W[ 20],W[ 21],W[ 22],W[ 23]);
+ SBoxE8(W[ 24],W[ 25],W[ 26],W[ 27]); SBoxE7(W[ 28],W[ 29],W[ 30],W[ 31]);
+ SBoxE6(W[ 32],W[ 33],W[ 34],W[ 35]); SBoxE5(W[ 36],W[ 37],W[ 38],W[ 39]);
+ SBoxE4(W[ 40],W[ 41],W[ 42],W[ 43]); SBoxE3(W[ 44],W[ 45],W[ 46],W[ 47]);
+ SBoxE2(W[ 48],W[ 49],W[ 50],W[ 51]); SBoxE1(W[ 52],W[ 53],W[ 54],W[ 55]);
+ SBoxE8(W[ 56],W[ 57],W[ 58],W[ 59]); SBoxE7(W[ 60],W[ 61],W[ 62],W[ 63]);
+ SBoxE6(W[ 64],W[ 65],W[ 66],W[ 67]); SBoxE5(W[ 68],W[ 69],W[ 70],W[ 71]);
+ SBoxE4(W[ 72],W[ 73],W[ 74],W[ 75]); SBoxE3(W[ 76],W[ 77],W[ 78],W[ 79]);
+ SBoxE2(W[ 80],W[ 81],W[ 82],W[ 83]); SBoxE1(W[ 84],W[ 85],W[ 86],W[ 87]);
+ SBoxE8(W[ 88],W[ 89],W[ 90],W[ 91]); SBoxE7(W[ 92],W[ 93],W[ 94],W[ 95]);
+ SBoxE6(W[ 96],W[ 97],W[ 98],W[ 99]); SBoxE5(W[100],W[101],W[102],W[103]);
+ SBoxE4(W[104],W[105],W[106],W[107]); SBoxE3(W[108],W[109],W[110],W[111]);
+ SBoxE2(W[112],W[113],W[114],W[115]); SBoxE1(W[116],W[117],W[118],W[119]);
+ SBoxE8(W[120],W[121],W[122],W[123]); SBoxE7(W[124],W[125],W[126],W[127]);
+ SBoxE6(W[128],W[129],W[130],W[131]); SBoxE5(W[132],W[133],W[134],W[135]);
+ SBoxE4(W[136],W[137],W[138],W[139]);
+ round_key.copy(W + 8, 132);
+ }
+
+}
diff --git a/src/sha160.cpp b/src/sha160.cpp
new file mode 100644
index 000000000..4ffb34fa2
--- /dev/null
+++ b/src/sha160.cpp
@@ -0,0 +1,122 @@
+/*************************************************
+* SHA-160 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/sha160.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* SHA-160 F1 Function *
+*************************************************/
+inline void F1(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E, u32bit msg)
+ {
+ E += (D ^ (B & (C ^ D))) + msg + 0x5A827999 + rotate_left(A, 5);
+ B = rotate_left(B, 30);
+ }
+
+/*************************************************
+* SHA-160 F2 Function *
+*************************************************/
+inline void F2(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E, u32bit msg)
+ {
+ E += (B ^ C ^ D) + msg + 0x6ED9EBA1 + rotate_left(A, 5);
+ B = rotate_left(B, 30);
+ }
+
+/*************************************************
+* SHA-160 F3 Function *
+*************************************************/
+inline void F3(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E, u32bit msg)
+ {
+ E += ((B & C) | ((B | C) & D)) + msg + 0x8F1BBCDC + rotate_left(A, 5);
+ B = rotate_left(B, 30);
+ }
+
+/*************************************************
+* SHA-160 F4 Function *
+*************************************************/
+inline void F4(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E, u32bit msg)
+ {
+ E += (B ^ C ^ D) + msg + 0xCA62C1D6 + rotate_left(A, 5);
+ B = rotate_left(B, 30);
+ }
+
+}
+
+/*************************************************
+* SHA-160 Compression Function *
+*************************************************/
+void SHA_160::hash(const byte input[])
+ {
+ for(u32bit j = 0; j != 16; ++j)
+ W[j] = make_u32bit(input[4*j], input[4*j+1], input[4*j+2], input[4*j+3]);
+ for(u32bit j = 16; j != 80; ++j)
+ W[j] = rotate_left((W[j-3] ^ W[j-8] ^ W[j-14] ^ W[j-16]), 1);
+
+ u32bit A = digest[0], B = digest[1], C = digest[2],
+ D = digest[3], E = digest[4];
+
+ F1(A,B,C,D,E,W[ 0]); F1(E,A,B,C,D,W[ 1]); F1(D,E,A,B,C,W[ 2]);
+ F1(C,D,E,A,B,W[ 3]); F1(B,C,D,E,A,W[ 4]); F1(A,B,C,D,E,W[ 5]);
+ F1(E,A,B,C,D,W[ 6]); F1(D,E,A,B,C,W[ 7]); F1(C,D,E,A,B,W[ 8]);
+ F1(B,C,D,E,A,W[ 9]); F1(A,B,C,D,E,W[10]); F1(E,A,B,C,D,W[11]);
+ F1(D,E,A,B,C,W[12]); F1(C,D,E,A,B,W[13]); F1(B,C,D,E,A,W[14]);
+ F1(A,B,C,D,E,W[15]); F1(E,A,B,C,D,W[16]); F1(D,E,A,B,C,W[17]);
+ F1(C,D,E,A,B,W[18]); F1(B,C,D,E,A,W[19]);
+
+ F2(A,B,C,D,E,W[20]); F2(E,A,B,C,D,W[21]); F2(D,E,A,B,C,W[22]);
+ F2(C,D,E,A,B,W[23]); F2(B,C,D,E,A,W[24]); F2(A,B,C,D,E,W[25]);
+ F2(E,A,B,C,D,W[26]); F2(D,E,A,B,C,W[27]); F2(C,D,E,A,B,W[28]);
+ F2(B,C,D,E,A,W[29]); F2(A,B,C,D,E,W[30]); F2(E,A,B,C,D,W[31]);
+ F2(D,E,A,B,C,W[32]); F2(C,D,E,A,B,W[33]); F2(B,C,D,E,A,W[34]);
+ F2(A,B,C,D,E,W[35]); F2(E,A,B,C,D,W[36]); F2(D,E,A,B,C,W[37]);
+ F2(C,D,E,A,B,W[38]); F2(B,C,D,E,A,W[39]);
+
+ F3(A,B,C,D,E,W[40]); F3(E,A,B,C,D,W[41]); F3(D,E,A,B,C,W[42]);
+ F3(C,D,E,A,B,W[43]); F3(B,C,D,E,A,W[44]); F3(A,B,C,D,E,W[45]);
+ F3(E,A,B,C,D,W[46]); F3(D,E,A,B,C,W[47]); F3(C,D,E,A,B,W[48]);
+ F3(B,C,D,E,A,W[49]); F3(A,B,C,D,E,W[50]); F3(E,A,B,C,D,W[51]);
+ F3(D,E,A,B,C,W[52]); F3(C,D,E,A,B,W[53]); F3(B,C,D,E,A,W[54]);
+ F3(A,B,C,D,E,W[55]); F3(E,A,B,C,D,W[56]); F3(D,E,A,B,C,W[57]);
+ F3(C,D,E,A,B,W[58]); F3(B,C,D,E,A,W[59]);
+
+ F4(A,B,C,D,E,W[60]); F4(E,A,B,C,D,W[61]); F4(D,E,A,B,C,W[62]);
+ F4(C,D,E,A,B,W[63]); F4(B,C,D,E,A,W[64]); F4(A,B,C,D,E,W[65]);
+ F4(E,A,B,C,D,W[66]); F4(D,E,A,B,C,W[67]); F4(C,D,E,A,B,W[68]);
+ F4(B,C,D,E,A,W[69]); F4(A,B,C,D,E,W[70]); F4(E,A,B,C,D,W[71]);
+ F4(D,E,A,B,C,W[72]); F4(C,D,E,A,B,W[73]); F4(B,C,D,E,A,W[74]);
+ F4(A,B,C,D,E,W[75]); F4(E,A,B,C,D,W[76]); F4(D,E,A,B,C,W[77]);
+ F4(C,D,E,A,B,W[78]); F4(B,C,D,E,A,W[79]);
+
+ digest[0] += A; digest[1] += B; digest[2] += C;
+ digest[3] += D; digest[4] += E;
+ }
+
+/*************************************************
+* Copy out the digest *
+*************************************************/
+void SHA_160::copy_out(byte output[])
+ {
+ for(u32bit j = 0; j != OUTPUT_LENGTH; ++j)
+ output[j] = get_byte(j % 4, digest[j/4]);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void SHA_160::clear() throw()
+ {
+ MDx_HashFunction::clear();
+ digest[0] = 0x67452301;
+ digest[1] = 0xEFCDAB89;
+ digest[2] = 0x98BADCFE;
+ digest[3] = 0x10325476;
+ digest[4] = 0xC3D2E1F0;
+ }
+
+}
diff --git a/src/sha256.cpp b/src/sha256.cpp
new file mode 100644
index 000000000..a22ab9f40
--- /dev/null
+++ b/src/sha256.cpp
@@ -0,0 +1,123 @@
+/*************************************************
+* SHA-256 Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/sha256.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* SHA-256 Rho Function *
+*************************************************/
+inline u32bit rho(u32bit X, u32bit rot1, u32bit rot2, u32bit rot3)
+ {
+ return (rotate_right(X, rot1) ^ rotate_right(X, rot2) ^
+ rotate_right(X, rot3));
+ }
+
+/*************************************************
+* SHA-256 Sigma Function *
+*************************************************/
+inline u32bit sigma(u32bit X, u32bit rot1, u32bit rot2, u32bit shift)
+ {
+ return (rotate_right(X, rot1) ^ rotate_right(X, rot2) ^ (X >> shift));
+ }
+
+/*************************************************
+* SHA-256 F1 Function *
+*************************************************/
+inline void F1(u32bit A, u32bit B, u32bit C, u32bit& D,
+ u32bit E, u32bit F, u32bit G, u32bit& H,
+ u32bit msg, u32bit magic)
+ {
+ magic += rho(E, 6, 11, 25) + ((E & F) ^ (~E & G)) + msg;
+ D += magic + H;
+ H += magic + rho(A, 2, 13, 22) + ((A & B) ^ (A & C) ^ (B & C));
+ }
+
+}
+
+/*************************************************
+* SHA-256 Compression Function *
+*************************************************/
+void SHA_256::hash(const byte input[])
+ {
+ for(u32bit j = 0; j != 16; ++j)
+ W[j] = make_u32bit(input[4*j], input[4*j+1], input[4*j+2], input[4*j+3]);
+ for(u32bit j = 16; j != 64; ++j)
+ W[j] = sigma(W[j- 2], 17, 19, 10) + W[j- 7] +
+ sigma(W[j-15], 7, 18, 3) + W[j-16];
+
+ u32bit A = digest[0], B = digest[1], C = digest[2],
+ D = digest[3], E = digest[4], F = digest[5],
+ G = digest[6], H = digest[7];
+
+ F1(A,B,C,D,E,F,G,H,W[ 0],0x428A2F98); F1(H,A,B,C,D,E,F,G,W[ 1],0x71374491);
+ F1(G,H,A,B,C,D,E,F,W[ 2],0xB5C0FBCF); F1(F,G,H,A,B,C,D,E,W[ 3],0xE9B5DBA5);
+ F1(E,F,G,H,A,B,C,D,W[ 4],0x3956C25B); F1(D,E,F,G,H,A,B,C,W[ 5],0x59F111F1);
+ F1(C,D,E,F,G,H,A,B,W[ 6],0x923F82A4); F1(B,C,D,E,F,G,H,A,W[ 7],0xAB1C5ED5);
+ F1(A,B,C,D,E,F,G,H,W[ 8],0xD807AA98); F1(H,A,B,C,D,E,F,G,W[ 9],0x12835B01);
+ F1(G,H,A,B,C,D,E,F,W[10],0x243185BE); F1(F,G,H,A,B,C,D,E,W[11],0x550C7DC3);
+ F1(E,F,G,H,A,B,C,D,W[12],0x72BE5D74); F1(D,E,F,G,H,A,B,C,W[13],0x80DEB1FE);
+ F1(C,D,E,F,G,H,A,B,W[14],0x9BDC06A7); F1(B,C,D,E,F,G,H,A,W[15],0xC19BF174);
+ F1(A,B,C,D,E,F,G,H,W[16],0xE49B69C1); F1(H,A,B,C,D,E,F,G,W[17],0xEFBE4786);
+ F1(G,H,A,B,C,D,E,F,W[18],0x0FC19DC6); F1(F,G,H,A,B,C,D,E,W[19],0x240CA1CC);
+ F1(E,F,G,H,A,B,C,D,W[20],0x2DE92C6F); F1(D,E,F,G,H,A,B,C,W[21],0x4A7484AA);
+ F1(C,D,E,F,G,H,A,B,W[22],0x5CB0A9DC); F1(B,C,D,E,F,G,H,A,W[23],0x76F988DA);
+ F1(A,B,C,D,E,F,G,H,W[24],0x983E5152); F1(H,A,B,C,D,E,F,G,W[25],0xA831C66D);
+ F1(G,H,A,B,C,D,E,F,W[26],0xB00327C8); F1(F,G,H,A,B,C,D,E,W[27],0xBF597FC7);
+ F1(E,F,G,H,A,B,C,D,W[28],0xC6E00BF3); F1(D,E,F,G,H,A,B,C,W[29],0xD5A79147);
+ F1(C,D,E,F,G,H,A,B,W[30],0x06CA6351); F1(B,C,D,E,F,G,H,A,W[31],0x14292967);
+ F1(A,B,C,D,E,F,G,H,W[32],0x27B70A85); F1(H,A,B,C,D,E,F,G,W[33],0x2E1B2138);
+ F1(G,H,A,B,C,D,E,F,W[34],0x4D2C6DFC); F1(F,G,H,A,B,C,D,E,W[35],0x53380D13);
+ F1(E,F,G,H,A,B,C,D,W[36],0x650A7354); F1(D,E,F,G,H,A,B,C,W[37],0x766A0ABB);
+ F1(C,D,E,F,G,H,A,B,W[38],0x81C2C92E); F1(B,C,D,E,F,G,H,A,W[39],0x92722C85);
+ F1(A,B,C,D,E,F,G,H,W[40],0xA2BFE8A1); F1(H,A,B,C,D,E,F,G,W[41],0xA81A664B);
+ F1(G,H,A,B,C,D,E,F,W[42],0xC24B8B70); F1(F,G,H,A,B,C,D,E,W[43],0xC76C51A3);
+ F1(E,F,G,H,A,B,C,D,W[44],0xD192E819); F1(D,E,F,G,H,A,B,C,W[45],0xD6990624);
+ F1(C,D,E,F,G,H,A,B,W[46],0xF40E3585); F1(B,C,D,E,F,G,H,A,W[47],0x106AA070);
+ F1(A,B,C,D,E,F,G,H,W[48],0x19A4C116); F1(H,A,B,C,D,E,F,G,W[49],0x1E376C08);
+ F1(G,H,A,B,C,D,E,F,W[50],0x2748774C); F1(F,G,H,A,B,C,D,E,W[51],0x34B0BCB5);
+ F1(E,F,G,H,A,B,C,D,W[52],0x391C0CB3); F1(D,E,F,G,H,A,B,C,W[53],0x4ED8AA4A);
+ F1(C,D,E,F,G,H,A,B,W[54],0x5B9CCA4F); F1(B,C,D,E,F,G,H,A,W[55],0x682E6FF3);
+ F1(A,B,C,D,E,F,G,H,W[56],0x748F82EE); F1(H,A,B,C,D,E,F,G,W[57],0x78A5636F);
+ F1(G,H,A,B,C,D,E,F,W[58],0x84C87814); F1(F,G,H,A,B,C,D,E,W[59],0x8CC70208);
+ F1(E,F,G,H,A,B,C,D,W[60],0x90BEFFFA); F1(D,E,F,G,H,A,B,C,W[61],0xA4506CEB);
+ F1(C,D,E,F,G,H,A,B,W[62],0xBEF9A3F7); F1(B,C,D,E,F,G,H,A,W[63],0xC67178F2);
+
+ digest[0] += A; digest[1] += B; digest[2] += C;
+ digest[3] += D; digest[4] += E; digest[5] += F;
+ digest[6] += G; digest[7] += H;
+ }
+
+/*************************************************
+* Copy out the digest *
+*************************************************/
+void SHA_256::copy_out(byte output[])
+ {
+ for(u32bit j = 0; j != OUTPUT_LENGTH; ++j)
+ output[j] = get_byte(j % 4, digest[j/4]);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void SHA_256::clear() throw()
+ {
+ MDx_HashFunction::clear();
+ W.clear();
+ digest[0] = 0x6A09E667;
+ digest[1] = 0xBB67AE85;
+ digest[2] = 0x3C6EF372;
+ digest[3] = 0xA54FF53A;
+ digest[4] = 0x510E527F;
+ digest[5] = 0x9B05688C;
+ digest[6] = 0x1F83D9AB;
+ digest[7] = 0x5BE0CD19;
+ }
+
+}
diff --git a/src/sha_64.cpp b/src/sha_64.cpp
new file mode 100644
index 000000000..a24e13d26
--- /dev/null
+++ b/src/sha_64.cpp
@@ -0,0 +1,197 @@
+/*************************************************
+* SHA-{384,512} Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/sha_64.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* SHA-{384,512} Rho Function *
+*************************************************/
+inline u64bit rho(u64bit X, u32bit rot1, u32bit rot2, u32bit rot3)
+ {
+ return (rotate_right(X, rot1) ^ rotate_right(X, rot2) ^
+ rotate_right(X, rot3));
+ }
+
+/*************************************************
+* SHA-{384,512} F1 Function *
+*************************************************/
+inline void F1(u64bit A, u64bit B, u64bit C, u64bit& D,
+ u64bit E, u64bit F, u64bit G, u64bit& H,
+ u64bit msg, u64bit magic)
+ {
+ magic += rho(E, 14, 18, 41) + ((E & F) ^ (~E & G)) + msg;
+ D += magic + H;
+ H += magic + rho(A, 28, 34, 39) + ((A & B) ^ (A & C) ^ (B & C));
+ }
+
+/*************************************************
+* SHA-{384,512} Sigma Function *
+*************************************************/
+inline u64bit sigma(u64bit X, u32bit rot1, u32bit rot2, u32bit shift)
+ {
+ return (rotate_right(X, rot1) ^ rotate_right(X, rot2) ^ (X >> shift));
+ }
+
+}
+
+/*************************************************
+* SHA-{384,512} Compression Function *
+*************************************************/
+void SHA_64_BASE::hash(const byte input[])
+ {
+ for(u32bit j = 0; j != 16; ++j)
+ W[j] = make_u64bit(input[8*j ], input[8*j+1], input[8*j+2],
+ input[8*j+3], input[8*j+4], input[8*j+5],
+ input[8*j+6], input[8*j+7]);
+ for(u32bit j = 16; j != 80; ++j)
+ W[j] = sigma(W[j- 2], 19, 61, 6) + W[j- 7] +
+ sigma(W[j-15], 1, 8, 7) + W[j-16];
+
+ u64bit A = digest[0], B = digest[1], C = digest[2],
+ D = digest[3], E = digest[4], F = digest[5],
+ G = digest[6], H = digest[7];
+
+ F1(A,B,C,D,E,F,G,H,W[ 0],0x428A2F98D728AE22);
+ F1(H,A,B,C,D,E,F,G,W[ 1],0x7137449123EF65CD);
+ F1(G,H,A,B,C,D,E,F,W[ 2],0xB5C0FBCFEC4D3B2F);
+ F1(F,G,H,A,B,C,D,E,W[ 3],0xE9B5DBA58189DBBC);
+ F1(E,F,G,H,A,B,C,D,W[ 4],0x3956C25BF348B538);
+ F1(D,E,F,G,H,A,B,C,W[ 5],0x59F111F1B605D019);
+ F1(C,D,E,F,G,H,A,B,W[ 6],0x923F82A4AF194F9B);
+ F1(B,C,D,E,F,G,H,A,W[ 7],0xAB1C5ED5DA6D8118);
+ F1(A,B,C,D,E,F,G,H,W[ 8],0xD807AA98A3030242);
+ F1(H,A,B,C,D,E,F,G,W[ 9],0x12835B0145706FBE);
+ F1(G,H,A,B,C,D,E,F,W[10],0x243185BE4EE4B28C);
+ F1(F,G,H,A,B,C,D,E,W[11],0x550C7DC3D5FFB4E2);
+ F1(E,F,G,H,A,B,C,D,W[12],0x72BE5D74F27B896F);
+ F1(D,E,F,G,H,A,B,C,W[13],0x80DEB1FE3B1696B1);
+ F1(C,D,E,F,G,H,A,B,W[14],0x9BDC06A725C71235);
+ F1(B,C,D,E,F,G,H,A,W[15],0xC19BF174CF692694);
+ F1(A,B,C,D,E,F,G,H,W[16],0xE49B69C19EF14AD2);
+ F1(H,A,B,C,D,E,F,G,W[17],0xEFBE4786384F25E3);
+ F1(G,H,A,B,C,D,E,F,W[18],0x0FC19DC68B8CD5B5);
+ F1(F,G,H,A,B,C,D,E,W[19],0x240CA1CC77AC9C65);
+ F1(E,F,G,H,A,B,C,D,W[20],0x2DE92C6F592B0275);
+ F1(D,E,F,G,H,A,B,C,W[21],0x4A7484AA6EA6E483);
+ F1(C,D,E,F,G,H,A,B,W[22],0x5CB0A9DCBD41FBD4);
+ F1(B,C,D,E,F,G,H,A,W[23],0x76F988DA831153B5);
+ F1(A,B,C,D,E,F,G,H,W[24],0x983E5152EE66DFAB);
+ F1(H,A,B,C,D,E,F,G,W[25],0xA831C66D2DB43210);
+ F1(G,H,A,B,C,D,E,F,W[26],0xB00327C898FB213F);
+ F1(F,G,H,A,B,C,D,E,W[27],0xBF597FC7BEEF0EE4);
+ F1(E,F,G,H,A,B,C,D,W[28],0xC6E00BF33DA88FC2);
+ F1(D,E,F,G,H,A,B,C,W[29],0xD5A79147930AA725);
+ F1(C,D,E,F,G,H,A,B,W[30],0x06CA6351E003826F);
+ F1(B,C,D,E,F,G,H,A,W[31],0x142929670A0E6E70);
+ F1(A,B,C,D,E,F,G,H,W[32],0x27B70A8546D22FFC);
+ F1(H,A,B,C,D,E,F,G,W[33],0x2E1B21385C26C926);
+ F1(G,H,A,B,C,D,E,F,W[34],0x4D2C6DFC5AC42AED);
+ F1(F,G,H,A,B,C,D,E,W[35],0x53380D139D95B3DF);
+ F1(E,F,G,H,A,B,C,D,W[36],0x650A73548BAF63DE);
+ F1(D,E,F,G,H,A,B,C,W[37],0x766A0ABB3C77B2A8);
+ F1(C,D,E,F,G,H,A,B,W[38],0x81C2C92E47EDAEE6);
+ F1(B,C,D,E,F,G,H,A,W[39],0x92722C851482353B);
+ F1(A,B,C,D,E,F,G,H,W[40],0xA2BFE8A14CF10364);
+ F1(H,A,B,C,D,E,F,G,W[41],0xA81A664BBC423001);
+ F1(G,H,A,B,C,D,E,F,W[42],0xC24B8B70D0F89791);
+ F1(F,G,H,A,B,C,D,E,W[43],0xC76C51A30654BE30);
+ F1(E,F,G,H,A,B,C,D,W[44],0xD192E819D6EF5218);
+ F1(D,E,F,G,H,A,B,C,W[45],0xD69906245565A910);
+ F1(C,D,E,F,G,H,A,B,W[46],0xF40E35855771202A);
+ F1(B,C,D,E,F,G,H,A,W[47],0x106AA07032BBD1B8);
+ F1(A,B,C,D,E,F,G,H,W[48],0x19A4C116B8D2D0C8);
+ F1(H,A,B,C,D,E,F,G,W[49],0x1E376C085141AB53);
+ F1(G,H,A,B,C,D,E,F,W[50],0x2748774CDF8EEB99);
+ F1(F,G,H,A,B,C,D,E,W[51],0x34B0BCB5E19B48A8);
+ F1(E,F,G,H,A,B,C,D,W[52],0x391C0CB3C5C95A63);
+ F1(D,E,F,G,H,A,B,C,W[53],0x4ED8AA4AE3418ACB);
+ F1(C,D,E,F,G,H,A,B,W[54],0x5B9CCA4F7763E373);
+ F1(B,C,D,E,F,G,H,A,W[55],0x682E6FF3D6B2B8A3);
+ F1(A,B,C,D,E,F,G,H,W[56],0x748F82EE5DEFB2FC);
+ F1(H,A,B,C,D,E,F,G,W[57],0x78A5636F43172F60);
+ F1(G,H,A,B,C,D,E,F,W[58],0x84C87814A1F0AB72);
+ F1(F,G,H,A,B,C,D,E,W[59],0x8CC702081A6439EC);
+ F1(E,F,G,H,A,B,C,D,W[60],0x90BEFFFA23631E28);
+ F1(D,E,F,G,H,A,B,C,W[61],0xA4506CEBDE82BDE9);
+ F1(C,D,E,F,G,H,A,B,W[62],0xBEF9A3F7B2C67915);
+ F1(B,C,D,E,F,G,H,A,W[63],0xC67178F2E372532B);
+ F1(A,B,C,D,E,F,G,H,W[64],0xCA273ECEEA26619C);
+ F1(H,A,B,C,D,E,F,G,W[65],0xD186B8C721C0C207);
+ F1(G,H,A,B,C,D,E,F,W[66],0xEADA7DD6CDE0EB1E);
+ F1(F,G,H,A,B,C,D,E,W[67],0xF57D4F7FEE6ED178);
+ F1(E,F,G,H,A,B,C,D,W[68],0x06F067AA72176FBA);
+ F1(D,E,F,G,H,A,B,C,W[69],0x0A637DC5A2C898A6);
+ F1(C,D,E,F,G,H,A,B,W[70],0x113F9804BEF90DAE);
+ F1(B,C,D,E,F,G,H,A,W[71],0x1B710B35131C471B);
+ F1(A,B,C,D,E,F,G,H,W[72],0x28DB77F523047D84);
+ F1(H,A,B,C,D,E,F,G,W[73],0x32CAAB7B40C72493);
+ F1(G,H,A,B,C,D,E,F,W[74],0x3C9EBE0A15C9BEBC);
+ F1(F,G,H,A,B,C,D,E,W[75],0x431D67C49C100D4C);
+ F1(E,F,G,H,A,B,C,D,W[76],0x4CC5D4BECB3E42B6);
+ F1(D,E,F,G,H,A,B,C,W[77],0x597F299CFC657E2A);
+ F1(C,D,E,F,G,H,A,B,W[78],0x5FCB6FAB3AD6FAEC);
+ F1(B,C,D,E,F,G,H,A,W[79],0x6C44198C4A475817);
+
+ digest[0] += A; digest[1] += B; digest[2] += C;
+ digest[3] += D; digest[4] += E; digest[5] += F;
+ digest[6] += G; digest[7] += H;
+ }
+
+/*************************************************
+* Copy out the digest *
+*************************************************/
+void SHA_64_BASE::copy_out(byte output[])
+ {
+ for(u32bit j = 0; j != OUTPUT_LENGTH; ++j)
+ output[j] = get_byte(j % 8, digest[j/8]);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void SHA_64_BASE::clear() throw()
+ {
+ MDx_HashFunction::clear();
+ W.clear();
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void SHA_384::clear() throw()
+ {
+ SHA_64_BASE::clear();
+ digest[0] = 0xCBBB9D5DC1059ED8;
+ digest[1] = 0x629A292A367CD507;
+ digest[2] = 0x9159015A3070DD17;
+ digest[3] = 0x152FECD8F70E5939;
+ digest[4] = 0x67332667FFC00B31;
+ digest[5] = 0x8EB44A8768581511;
+ digest[6] = 0xDB0C2E0D64F98FA7;
+ digest[7] = 0x47B5481DBEFA4FA4;
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void SHA_512::clear() throw()
+ {
+ SHA_64_BASE::clear();
+ digest[0] = 0x6A09E667F3BCC908;
+ digest[1] = 0xBB67AE8584CAA73B;
+ digest[2] = 0x3C6EF372FE94F82B;
+ digest[3] = 0xA54FF53A5F1D36F1;
+ digest[4] = 0x510E527FADE682D1;
+ digest[5] = 0x9B05688C2B3E6C1F;
+ digest[6] = 0x1F83D9ABFB41BD6B;
+ digest[7] = 0x5BE0CD19137E2179;
+ }
+
+}
diff --git a/src/skipjack.cpp b/src/skipjack.cpp
new file mode 100644
index 000000000..7220e478b
--- /dev/null
+++ b/src/skipjack.cpp
@@ -0,0 +1,162 @@
+/*************************************************
+* Skipjack Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/skipjack.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* Skipjack Encryption *
+*************************************************/
+void Skipjack::enc(const byte in[], byte out[]) const
+ {
+ u16bit W1 = make_u16bit(in[7], in[6]), W2 = make_u16bit(in[5], in[4]),
+ W3 = make_u16bit(in[3], in[2]), W4 = make_u16bit(in[1], in[0]);
+
+ step_A(W1,W4, 1); step_A(W4,W3, 2); step_A(W3,W2, 3); step_A(W2,W1, 4);
+ step_A(W1,W4, 5); step_A(W4,W3, 6); step_A(W3,W2, 7); step_A(W2,W1, 8);
+
+ step_B(W1,W2, 9); step_B(W4,W1,10); step_B(W3,W4,11); step_B(W2,W3,12);
+ step_B(W1,W2,13); step_B(W4,W1,14); step_B(W3,W4,15); step_B(W2,W3,16);
+
+ step_A(W1,W4,17); step_A(W4,W3,18); step_A(W3,W2,19); step_A(W2,W1,20);
+ step_A(W1,W4,21); step_A(W4,W3,22); step_A(W3,W2,23); step_A(W2,W1,24);
+
+ step_B(W1,W2,25); step_B(W4,W1,26); step_B(W3,W4,27); step_B(W2,W3,28);
+ step_B(W1,W2,29); step_B(W4,W1,30); step_B(W3,W4,31); step_B(W2,W3,32);
+
+ out[0] = get_byte(1, W4); out[1] = get_byte(0, W4);
+ out[2] = get_byte(1, W3); out[3] = get_byte(0, W3);
+ out[4] = get_byte(1, W2); out[5] = get_byte(0, W2);
+ out[6] = get_byte(1, W1); out[7] = get_byte(0, W1);
+ }
+
+/*************************************************
+* Skipjack Decryption *
+*************************************************/
+void Skipjack::dec(const byte in[], byte out[]) const
+ {
+ u16bit W1 = make_u16bit(in[7], in[6]), W2 = make_u16bit(in[5], in[4]),
+ W3 = make_u16bit(in[3], in[2]), W4 = make_u16bit(in[1], in[0]);
+
+ step_Bi(W2,W3,32); step_Bi(W3,W4,31); step_Bi(W4,W1,30); step_Bi(W1,W2,29);
+ step_Bi(W2,W3,28); step_Bi(W3,W4,27); step_Bi(W4,W1,26); step_Bi(W1,W2,25);
+
+ step_Ai(W1,W2,24); step_Ai(W2,W3,23); step_Ai(W3,W4,22); step_Ai(W4,W1,21);
+ step_Ai(W1,W2,20); step_Ai(W2,W3,19); step_Ai(W3,W4,18); step_Ai(W4,W1,17);
+
+ step_Bi(W2,W3,16); step_Bi(W3,W4,15); step_Bi(W4,W1,14); step_Bi(W1,W2,13);
+ step_Bi(W2,W3,12); step_Bi(W3,W4,11); step_Bi(W4,W1,10); step_Bi(W1,W2, 9);
+
+ step_Ai(W1,W2, 8); step_Ai(W2,W3, 7); step_Ai(W3,W4, 6); step_Ai(W4,W1, 5);
+ step_Ai(W1,W2, 4); step_Ai(W2,W3, 3); step_Ai(W3,W4, 2); step_Ai(W4,W1, 1);
+
+ out[0] = get_byte(1, W4); out[1] = get_byte(0, W4);
+ out[2] = get_byte(1, W3); out[3] = get_byte(0, W3);
+ out[4] = get_byte(1, W2); out[5] = get_byte(0, W2);
+ out[6] = get_byte(1, W1); out[7] = get_byte(0, W1);
+ }
+
+/*************************************************
+* Skipjack Stepping Rule 'A' *
+*************************************************/
+void Skipjack::step_A(u16bit& W1, u16bit& W4, u32bit round) const
+ {
+ byte G1 = get_byte(0, W1), G2 = get_byte(1, W1), G3;
+ G3 = FTABLE[(4 * round - 4) % 10][G2] ^ G1;
+ G1 = FTABLE[(4 * round - 3) % 10][G3] ^ G2;
+ G2 = FTABLE[(4 * round - 2) % 10][G1] ^ G3;
+ G3 = FTABLE[(4 * round - 1) % 10][G2] ^ G1;
+ W1 = make_u16bit(G2, G3);
+ W4 ^= W1 ^ round;
+ }
+
+/*************************************************
+* Skipjack Stepping Rule 'B' *
+*************************************************/
+void Skipjack::step_B(u16bit& W1, u16bit& W2, u32bit round) const
+ {
+ W2 ^= W1 ^ round;
+ byte G1 = get_byte(0, W1), G2 = get_byte(1, W1), G3;
+ G3 = FTABLE[(4 * round - 4) % 10][G2] ^ G1;
+ G1 = FTABLE[(4 * round - 3) % 10][G3] ^ G2;
+ G2 = FTABLE[(4 * round - 2) % 10][G1] ^ G3;
+ G3 = FTABLE[(4 * round - 1) % 10][G2] ^ G1;
+ W1 = make_u16bit(G2, G3);
+ }
+
+/*************************************************
+* Skipjack Invserse Stepping Rule 'A' *
+*************************************************/
+void Skipjack::step_Ai(u16bit& W1, u16bit& W2, u32bit round) const
+ {
+ W1 ^= W2 ^ round;
+ byte G1 = get_byte(1, W2), G2 = get_byte(0, W2), G3;
+ G3 = FTABLE[(4 * round - 1) % 10][G2] ^ G1;
+ G1 = FTABLE[(4 * round - 2) % 10][G3] ^ G2;
+ G2 = FTABLE[(4 * round - 3) % 10][G1] ^ G3;
+ G3 = FTABLE[(4 * round - 4) % 10][G2] ^ G1;
+ W2 = make_u16bit(G3, G2);
+ }
+
+/*************************************************
+* Skipjack Invserse Stepping Rule 'B' *
+*************************************************/
+void Skipjack::step_Bi(u16bit& W2, u16bit& W3, u32bit round) const
+ {
+ byte G1 = get_byte(1, W2), G2 = get_byte(0, W2), G3;
+ G3 = FTABLE[(4 * round - 1) % 10][G2] ^ G1;
+ G1 = FTABLE[(4 * round - 2) % 10][G3] ^ G2;
+ G2 = FTABLE[(4 * round - 3) % 10][G1] ^ G3;
+ G3 = FTABLE[(4 * round - 4) % 10][G2] ^ G1;
+ W2 = make_u16bit(G3, G2);
+ W3 ^= W2 ^ round;
+ }
+
+/*************************************************
+* Skipjack Key Schedule *
+*************************************************/
+void Skipjack::key(const byte key[], u32bit)
+ {
+ static const byte F[256] = {
+ 0xA3, 0xD7, 0x09, 0x83, 0xF8, 0x48, 0xF6, 0xF4, 0xB3, 0x21, 0x15, 0x78,
+ 0x99, 0xB1, 0xAF, 0xF9, 0xE7, 0x2D, 0x4D, 0x8A, 0xCE, 0x4C, 0xCA, 0x2E,
+ 0x52, 0x95, 0xD9, 0x1E, 0x4E, 0x38, 0x44, 0x28, 0x0A, 0xDF, 0x02, 0xA0,
+ 0x17, 0xF1, 0x60, 0x68, 0x12, 0xB7, 0x7A, 0xC3, 0xE9, 0xFA, 0x3D, 0x53,
+ 0x96, 0x84, 0x6B, 0xBA, 0xF2, 0x63, 0x9A, 0x19, 0x7C, 0xAE, 0xE5, 0xF5,
+ 0xF7, 0x16, 0x6A, 0xA2, 0x39, 0xB6, 0x7B, 0x0F, 0xC1, 0x93, 0x81, 0x1B,
+ 0xEE, 0xB4, 0x1A, 0xEA, 0xD0, 0x91, 0x2F, 0xB8, 0x55, 0xB9, 0xDA, 0x85,
+ 0x3F, 0x41, 0xBF, 0xE0, 0x5A, 0x58, 0x80, 0x5F, 0x66, 0x0B, 0xD8, 0x90,
+ 0x35, 0xD5, 0xC0, 0xA7, 0x33, 0x06, 0x65, 0x69, 0x45, 0x00, 0x94, 0x56,
+ 0x6D, 0x98, 0x9B, 0x76, 0x97, 0xFC, 0xB2, 0xC2, 0xB0, 0xFE, 0xDB, 0x20,
+ 0xE1, 0xEB, 0xD6, 0xE4, 0xDD, 0x47, 0x4A, 0x1D, 0x42, 0xED, 0x9E, 0x6E,
+ 0x49, 0x3C, 0xCD, 0x43, 0x27, 0xD2, 0x07, 0xD4, 0xDE, 0xC7, 0x67, 0x18,
+ 0x89, 0xCB, 0x30, 0x1F, 0x8D, 0xC6, 0x8F, 0xAA, 0xC8, 0x74, 0xDC, 0xC9,
+ 0x5D, 0x5C, 0x31, 0xA4, 0x70, 0x88, 0x61, 0x2C, 0x9F, 0x0D, 0x2B, 0x87,
+ 0x50, 0x82, 0x54, 0x64, 0x26, 0x7D, 0x03, 0x40, 0x34, 0x4B, 0x1C, 0x73,
+ 0xD1, 0xC4, 0xFD, 0x3B, 0xCC, 0xFB, 0x7F, 0xAB, 0xE6, 0x3E, 0x5B, 0xA5,
+ 0xAD, 0x04, 0x23, 0x9C, 0x14, 0x51, 0x22, 0xF0, 0x29, 0x79, 0x71, 0x7E,
+ 0xFF, 0x8C, 0x0E, 0xE2, 0x0C, 0xEF, 0xBC, 0x72, 0x75, 0x6F, 0x37, 0xA1,
+ 0xEC, 0xD3, 0x8E, 0x62, 0x8B, 0x86, 0x10, 0xE8, 0x08, 0x77, 0x11, 0xBE,
+ 0x92, 0x4F, 0x24, 0xC5, 0x32, 0x36, 0x9D, 0xCF, 0xF3, 0xA6, 0xBB, 0xAC,
+ 0x5E, 0x6C, 0xA9, 0x13, 0x57, 0x25, 0xB5, 0xE3, 0xBD, 0xA8, 0x3A, 0x01,
+ 0x05, 0x59, 0x2A, 0x46 };
+
+ for(u32bit j = 0; j != 10; ++j)
+ for(u32bit k = 0; k != 256; ++k)
+ FTABLE[j][k] = F[k ^ key[9-j]];
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void Skipjack::clear() throw()
+ {
+ for(u32bit j = 0; j != 10; ++j)
+ FTABLE[j].clear();
+ }
+
+}
diff --git a/src/sqr_tab.cpp b/src/sqr_tab.cpp
new file mode 100644
index 000000000..324b3e6fe
--- /dev/null
+++ b/src/sqr_tab.cpp
@@ -0,0 +1,458 @@
+/*************************************************
+* S-Box and Diffusion Tables for Square *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/square.h>
+
+namespace Botan {
+
+const byte Square::SE[256] = {
+0xB1, 0xCE, 0xC3, 0x95, 0x5A, 0xAD, 0xE7, 0x02, 0x4D, 0x44, 0xFB, 0x91, 0x0C,
+0x87, 0xA1, 0x50, 0xCB, 0x67, 0x54, 0xDD, 0x46, 0x8F, 0xE1, 0x4E, 0xF0, 0xFD,
+0xFC, 0xEB, 0xF9, 0xC4, 0x1A, 0x6E, 0x5E, 0xF5, 0xCC, 0x8D, 0x1C, 0x56, 0x43,
+0xFE, 0x07, 0x61, 0xF8, 0x75, 0x59, 0xFF, 0x03, 0x22, 0x8A, 0xD1, 0x13, 0xEE,
+0x88, 0x00, 0x0E, 0x34, 0x15, 0x80, 0x94, 0xE3, 0xED, 0xB5, 0x53, 0x23, 0x4B,
+0x47, 0x17, 0xA7, 0x90, 0x35, 0xAB, 0xD8, 0xB8, 0xDF, 0x4F, 0x57, 0x9A, 0x92,
+0xDB, 0x1B, 0x3C, 0xC8, 0x99, 0x04, 0x8E, 0xE0, 0xD7, 0x7D, 0x85, 0xBB, 0x40,
+0x2C, 0x3A, 0x45, 0xF1, 0x42, 0x65, 0x20, 0x41, 0x18, 0x72, 0x25, 0x93, 0x70,
+0x36, 0x05, 0xF2, 0x0B, 0xA3, 0x79, 0xEC, 0x08, 0x27, 0x31, 0x32, 0xB6, 0x7C,
+0xB0, 0x0A, 0x73, 0x5B, 0x7B, 0xB7, 0x81, 0xD2, 0x0D, 0x6A, 0x26, 0x9E, 0x58,
+0x9C, 0x83, 0x74, 0xB3, 0xAC, 0x30, 0x7A, 0x69, 0x77, 0x0F, 0xAE, 0x21, 0xDE,
+0xD0, 0x2E, 0x97, 0x10, 0xA4, 0x98, 0xA8, 0xD4, 0x68, 0x2D, 0x62, 0x29, 0x6D,
+0x16, 0x49, 0x76, 0xC7, 0xE8, 0xC1, 0x96, 0x37, 0xE5, 0xCA, 0xF4, 0xE9, 0x63,
+0x12, 0xC2, 0xA6, 0x14, 0xBC, 0xD3, 0x28, 0xAF, 0x2F, 0xE6, 0x24, 0x52, 0xC6,
+0xA0, 0x09, 0xBD, 0x8C, 0xCF, 0x5D, 0x11, 0x5F, 0x01, 0xC5, 0x9F, 0x3D, 0xA2,
+0x9B, 0xC9, 0x3B, 0xBE, 0x51, 0x19, 0x1F, 0x3F, 0x5C, 0xB2, 0xEF, 0x4A, 0xCD,
+0xBF, 0xBA, 0x6F, 0x64, 0xD9, 0xF3, 0x3E, 0xB4, 0xAA, 0xDC, 0xD5, 0x06, 0xC0,
+0x7E, 0xF6, 0x66, 0x6C, 0x84, 0x71, 0x38, 0xB9, 0x1D, 0x7F, 0x9D, 0x48, 0x8B,
+0x2A, 0xDA, 0xA5, 0x33, 0x82, 0x39, 0xD6, 0x78, 0x86, 0xFA, 0xE4, 0x2B, 0xA9,
+0x1E, 0x89, 0x60, 0x6B, 0xEA, 0x55, 0x4C, 0xF7, 0xE2 };
+
+const byte Square::SD[256] = {
+0x35, 0xBE, 0x07, 0x2E, 0x53, 0x69, 0xDB, 0x28, 0x6F, 0xB7, 0x76, 0x6B, 0x0C,
+0x7D, 0x36, 0x8B, 0x92, 0xBC, 0xA9, 0x32, 0xAC, 0x38, 0x9C, 0x42, 0x63, 0xC8,
+0x1E, 0x4F, 0x24, 0xE5, 0xF7, 0xC9, 0x61, 0x8D, 0x2F, 0x3F, 0xB3, 0x65, 0x7F,
+0x70, 0xAF, 0x9A, 0xEA, 0xF5, 0x5B, 0x98, 0x90, 0xB1, 0x87, 0x71, 0x72, 0xED,
+0x37, 0x45, 0x68, 0xA3, 0xE3, 0xEF, 0x5C, 0xC5, 0x50, 0xC1, 0xD6, 0xCA, 0x5A,
+0x62, 0x5F, 0x26, 0x09, 0x5D, 0x14, 0x41, 0xE8, 0x9D, 0xCE, 0x40, 0xFD, 0x08,
+0x17, 0x4A, 0x0F, 0xC7, 0xB4, 0x3E, 0x12, 0xFC, 0x25, 0x4B, 0x81, 0x2C, 0x04,
+0x78, 0xCB, 0xBB, 0x20, 0xBD, 0xF9, 0x29, 0x99, 0xA8, 0xD3, 0x60, 0xDF, 0x11,
+0x97, 0x89, 0x7E, 0xFA, 0xE0, 0x9B, 0x1F, 0xD2, 0x67, 0xE2, 0x64, 0x77, 0x84,
+0x2B, 0x9E, 0x8A, 0xF1, 0x6D, 0x88, 0x79, 0x74, 0x57, 0xDD, 0xE6, 0x39, 0x7B,
+0xEE, 0x83, 0xE1, 0x58, 0xF2, 0x0D, 0x34, 0xF8, 0x30, 0xE9, 0xB9, 0x23, 0x54,
+0x15, 0x44, 0x0B, 0x4D, 0x66, 0x3A, 0x03, 0xA2, 0x91, 0x94, 0x52, 0x4C, 0xC3,
+0x82, 0xE7, 0x80, 0xC0, 0xB6, 0x0E, 0xC2, 0x6C, 0x93, 0xEC, 0xAB, 0x43, 0x95,
+0xF6, 0xD8, 0x46, 0x86, 0x05, 0x8C, 0xB0, 0x75, 0x00, 0xCC, 0x85, 0xD7, 0x3D,
+0x73, 0x7A, 0x48, 0xE4, 0xD1, 0x59, 0xAD, 0xB8, 0xC6, 0xD0, 0xDC, 0xA1, 0xAA,
+0x02, 0x1D, 0xBF, 0xB5, 0x9F, 0x51, 0xC4, 0xA5, 0x10, 0x22, 0xCF, 0x01, 0xBA,
+0x8F, 0x31, 0x7C, 0xAE, 0x96, 0xDA, 0xF0, 0x56, 0x47, 0xD4, 0xEB, 0x4E, 0xD9,
+0x13, 0x8E, 0x49, 0x55, 0x16, 0xFF, 0x3B, 0xF4, 0xA4, 0xB2, 0x06, 0xA0, 0xA7,
+0xFB, 0x1B, 0x6E, 0x3C, 0x33, 0xCD, 0x18, 0x5E, 0x6A, 0xD5, 0xA6, 0x21, 0xDE,
+0xFE, 0x2A, 0x1C, 0xF3, 0x0A, 0x1A, 0x19, 0x27, 0x2D };
+
+const byte Square::Log[256] = {
+0x00, 0x00, 0x01, 0x86, 0x02, 0x0D, 0x87, 0x4C, 0x03, 0xD2, 0x0E, 0xAE, 0x88,
+0x22, 0x4D, 0x93, 0x04, 0x1A, 0xD3, 0xCB, 0x0F, 0x98, 0xAF, 0xA8, 0x89, 0xF0,
+0x23, 0x59, 0x4E, 0x35, 0x94, 0x09, 0x05, 0x8F, 0x1B, 0x6E, 0xD4, 0x39, 0xCC,
+0xBB, 0x10, 0x68, 0x99, 0x77, 0xB0, 0xDF, 0xA9, 0x72, 0x8A, 0xFA, 0xF1, 0xA0,
+0x24, 0x52, 0x5A, 0x60, 0x4F, 0x2F, 0x36, 0xDC, 0x95, 0x32, 0x0A, 0x1F, 0x06,
+0xA5, 0x90, 0x49, 0x1C, 0x5D, 0x6F, 0xB8, 0xD5, 0xC1, 0x3A, 0xB5, 0xCD, 0x63,
+0xBC, 0x3D, 0x11, 0x44, 0x69, 0x81, 0x9A, 0x27, 0x78, 0xC4, 0xB1, 0xE6, 0xE0,
+0xEA, 0xAA, 0x55, 0x73, 0xD8, 0x8B, 0xF6, 0xFB, 0x16, 0xF2, 0xF4, 0xA1, 0x40,
+0x25, 0x42, 0x53, 0xE4, 0x5B, 0xA3, 0x61, 0xBF, 0x50, 0xF8, 0x30, 0x2D, 0x37,
+0x8D, 0xDD, 0x66, 0x96, 0x18, 0x33, 0xEE, 0x0B, 0xFD, 0x20, 0xD0, 0x07, 0x57,
+0xA6, 0xC9, 0x91, 0xAC, 0x4A, 0x84, 0x1D, 0xDA, 0x5E, 0x9E, 0x70, 0x75, 0xB9,
+0x6C, 0xD6, 0xE8, 0xC2, 0x7F, 0x3B, 0xB3, 0xB6, 0x47, 0xCE, 0xEC, 0x64, 0x2B,
+0xBD, 0xE2, 0x3E, 0x14, 0x12, 0x29, 0x45, 0x7D, 0x6A, 0x9C, 0x82, 0xC7, 0x9B,
+0xC6, 0x28, 0x7C, 0x79, 0x7A, 0xC5, 0x7B, 0xB2, 0x46, 0xE7, 0x7E, 0xE1, 0x13,
+0xEB, 0x2A, 0xAB, 0x83, 0x56, 0xC8, 0x74, 0x6B, 0xD9, 0x9D, 0x8C, 0x65, 0xF7,
+0x2C, 0xFC, 0xCF, 0x17, 0xED, 0xF3, 0x3F, 0xF5, 0x15, 0xA2, 0xBE, 0x41, 0xE3,
+0x26, 0xC3, 0x43, 0x80, 0x54, 0xD7, 0xE5, 0xE9, 0x5C, 0xB7, 0xA4, 0x48, 0x62,
+0x3C, 0xC0, 0xB4, 0x51, 0x5F, 0xF9, 0x9F, 0x31, 0x1E, 0x2E, 0xDB, 0x38, 0xBA,
+0x8E, 0x6D, 0xDE, 0x71, 0x67, 0x76, 0x97, 0xA7, 0x19, 0xCA, 0x34, 0x08, 0xEF,
+0x58, 0x0C, 0x4B, 0xFE, 0x85, 0x21, 0x92, 0xD1, 0xAD };
+
+const byte Square::ALog[255] = {
+0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0xF5, 0x1F, 0x3E, 0x7C, 0xF8,
+0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0xB5, 0x9F, 0xCB, 0x63, 0xC6, 0x79, 0xF2,
+0x11, 0x22, 0x44, 0x88, 0xE5, 0x3F, 0x7E, 0xFC, 0x0D, 0x1A, 0x34, 0x68, 0xD0,
+0x55, 0xAA, 0xA1, 0xB7, 0x9B, 0xC3, 0x73, 0xE6, 0x39, 0x72, 0xE4, 0x3D, 0x7A,
+0xF4, 0x1D, 0x3A, 0x74, 0xE8, 0x25, 0x4A, 0x94, 0xDD, 0x4F, 0x9E, 0xC9, 0x67,
+0xCE, 0x69, 0xD2, 0x51, 0xA2, 0xB1, 0x97, 0xDB, 0x43, 0x86, 0xF9, 0x07, 0x0E,
+0x1C, 0x38, 0x70, 0xE0, 0x35, 0x6A, 0xD4, 0x5D, 0xBA, 0x81, 0xF7, 0x1B, 0x36,
+0x6C, 0xD8, 0x45, 0x8A, 0xE1, 0x37, 0x6E, 0xDC, 0x4D, 0x9A, 0xC1, 0x77, 0xEE,
+0x29, 0x52, 0xA4, 0xBD, 0x8F, 0xEB, 0x23, 0x46, 0x8C, 0xED, 0x2F, 0x5E, 0xBC,
+0x8D, 0xEF, 0x2B, 0x56, 0xAC, 0xAD, 0xAF, 0xAB, 0xA3, 0xB3, 0x93, 0xD3, 0x53,
+0xA6, 0xB9, 0x87, 0xFB, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0x75, 0xEA,
+0x21, 0x42, 0x84, 0xFD, 0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0x15, 0x2A, 0x54, 0xA8,
+0xA5, 0xBF, 0x8B, 0xE3, 0x33, 0x66, 0xCC, 0x6D, 0xDA, 0x41, 0x82, 0xF1, 0x17,
+0x2E, 0x5C, 0xB8, 0x85, 0xFF, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x95, 0xDF, 0x4B,
+0x96, 0xD9, 0x47, 0x8E, 0xE9, 0x27, 0x4E, 0x9C, 0xCD, 0x6F, 0xDE, 0x49, 0x92,
+0xD1, 0x57, 0xAE, 0xA9, 0xA7, 0xBB, 0x83, 0xF3, 0x13, 0x26, 0x4C, 0x98, 0xC5,
+0x7F, 0xFE, 0x09, 0x12, 0x24, 0x48, 0x90, 0xD5, 0x5F, 0xBE, 0x89, 0xE7, 0x3B,
+0x76, 0xEC, 0x2D, 0x5A, 0xB4, 0x9D, 0xCF, 0x6B, 0xD6, 0x59, 0xB2, 0x91, 0xD7,
+0x5B, 0xB6, 0x99, 0xC7, 0x7B, 0xF6, 0x19, 0x32, 0x64, 0xC8, 0x65, 0xCA, 0x61,
+0xC2, 0x71, 0xE2, 0x31, 0x62, 0xC4, 0x7D, 0xFA };
+
+const u32bit Square::TE0[256] = {
+0x97B1B126, 0x69CECEA7, 0x73C3C3B0, 0xDF95954A, 0xB45A5AEE, 0xAFADAD02,
+0x3BE7E7DC, 0x04020206, 0x9A4D4DD7, 0x884444CC, 0x03FBFBF8, 0xD7919146,
+0x180C0C14, 0xFB87877C, 0xB7A1A116, 0xA05050F0, 0x63CBCBA8, 0xCE6767A9,
+0xA85454FC, 0x4FDDDD92, 0x8C4646CA, 0xEB8F8F64, 0x37E1E1D6, 0x9C4E4ED2,
+0x15F0F0E5, 0x0FFDFDF2, 0x0DFCFCF1, 0x23EBEBC8, 0x07F9F9FE, 0x7DC4C4B9,
+0x341A1A2E, 0xDC6E6EB2, 0xBC5E5EE2, 0x1FF5F5EA, 0x6DCCCCA1, 0xEF8D8D62,
+0x381C1C24, 0xAC5656FA, 0x864343C5, 0x09FEFEF7, 0x0E070709, 0xC26161A3,
+0x05F8F8FD, 0xEA75759F, 0xB25959EB, 0x0BFFFFF4, 0x06030305, 0x44222266,
+0xE18A8A6B, 0x57D1D186, 0x26131335, 0x29EEEEC7, 0xE588886D, 0x00000000,
+0x1C0E0E12, 0x6834345C, 0x2A15153F, 0xF5808075, 0xDD949449, 0x33E3E3D0,
+0x2FEDEDC2, 0x9FB5B52A, 0xA65353F5, 0x46232365, 0x964B4BDD, 0x8E4747C9,
+0x2E171739, 0xBBA7A71C, 0xD5909045, 0x6A35355F, 0xA3ABAB08, 0x45D8D89D,
+0x85B8B83D, 0x4BDFDF94, 0x9E4F4FD1, 0xAE5757F9, 0xC19A9A5B, 0xD1929243,
+0x43DBDB98, 0x361B1B2D, 0x783C3C44, 0x65C8C8AD, 0xC799995E, 0x0804040C,
+0xE98E8E67, 0x35E0E0D5, 0x5BD7D78C, 0xFA7D7D87, 0xFF85857A, 0x83BBBB38,
+0x804040C0, 0x582C2C74, 0x743A3A4E, 0x8A4545CF, 0x17F1F1E6, 0x844242C6,
+0xCA6565AF, 0x40202060, 0x824141C3, 0x30181828, 0xE4727296, 0x4A25256F,
+0xD3939340, 0xE0707090, 0x6C36365A, 0x0A05050F, 0x11F2F2E3, 0x160B0B1D,
+0xB3A3A310, 0xF279798B, 0x2DECECC1, 0x10080818, 0x4E272769, 0x62313153,
+0x64323256, 0x99B6B62F, 0xF87C7C84, 0x95B0B025, 0x140A0A1E, 0xE6737395,
+0xB65B5BED, 0xF67B7B8D, 0x9BB7B72C, 0xF7818176, 0x51D2D283, 0x1A0D0D17,
+0xD46A6ABE, 0x4C26266A, 0xC99E9E57, 0xB05858E8, 0xCD9C9C51, 0xF3838370,
+0xE874749C, 0x93B3B320, 0xADACAC01, 0x60303050, 0xF47A7A8E, 0xD26969BB,
+0xEE777799, 0x1E0F0F11, 0xA9AEAE07, 0x42212163, 0x49DEDE97, 0x55D0D085,
+0x5C2E2E72, 0xDB97974C, 0x20101030, 0xBDA4A419, 0xC598985D, 0xA5A8A80D,
+0x5DD4D489, 0xD06868B8, 0x5A2D2D77, 0xC46262A6, 0x5229297B, 0xDA6D6DB7,
+0x2C16163A, 0x924949DB, 0xEC76769A, 0x7BC7C7BC, 0x25E8E8CD, 0x77C1C1B6,
+0xD996964F, 0x6E373759, 0x3FE5E5DA, 0x61CACAAB, 0x1DF4F4E9, 0x27E9E9CE,
+0xC66363A5, 0x24121236, 0x71C2C2B3, 0xB9A6A61F, 0x2814143C, 0x8DBCBC31,
+0x53D3D380, 0x50282878, 0xABAFAF04, 0x5E2F2F71, 0x39E6E6DF, 0x4824246C,
+0xA45252F6, 0x79C6C6BF, 0xB5A0A015, 0x1209091B, 0x8FBDBD32, 0xED8C8C61,
+0x6BCFCFA4, 0xBA5D5DE7, 0x22111133, 0xBE5F5FE1, 0x02010103, 0x7FC5C5BA,
+0xCB9F9F54, 0x7A3D3D47, 0xB1A2A213, 0xC39B9B58, 0x67C9C9AE, 0x763B3B4D,
+0x89BEBE37, 0xA25151F3, 0x3219192B, 0x3E1F1F21, 0x7E3F3F41, 0xB85C5CE4,
+0x91B2B223, 0x2BEFEFC4, 0x944A4ADE, 0x6FCDCDA2, 0x8BBFBF34, 0x81BABA3B,
+0xDE6F6FB1, 0xC86464AC, 0x47D9D99E, 0x13F3F3E0, 0x7C3E3E42, 0x9DB4B429,
+0xA1AAAA0B, 0x4DDCDC91, 0x5FD5D58A, 0x0C06060A, 0x75C0C0B5, 0xFC7E7E82,
+0x19F6F6EF, 0xCC6666AA, 0xD86C6CB4, 0xFD848479, 0xE2717193, 0x70383848,
+0x87B9B93E, 0x3A1D1D27, 0xFE7F7F81, 0xCF9D9D52, 0x904848D8, 0xE38B8B68,
+0x542A2A7E, 0x41DADA9B, 0xBFA5A51A, 0x66333355, 0xF1828273, 0x7239394B,
+0x59D6D68F, 0xF0787888, 0xF986867F, 0x01FAFAFB, 0x3DE4E4D9, 0x562B2B7D,
+0xA7A9A90E, 0x3C1E1E22, 0xE789896E, 0xC06060A0, 0xD66B6BBD, 0x21EAEACB,
+0xAA5555FF, 0x984C4CD4, 0x1BF7F7EC, 0x31E2E2D3 };
+
+const u32bit Square::TE1[256] = {
+0x2697B1B1, 0xA769CECE, 0xB073C3C3, 0x4ADF9595, 0xEEB45A5A, 0x02AFADAD,
+0xDC3BE7E7, 0x06040202, 0xD79A4D4D, 0xCC884444, 0xF803FBFB, 0x46D79191,
+0x14180C0C, 0x7CFB8787, 0x16B7A1A1, 0xF0A05050, 0xA863CBCB, 0xA9CE6767,
+0xFCA85454, 0x924FDDDD, 0xCA8C4646, 0x64EB8F8F, 0xD637E1E1, 0xD29C4E4E,
+0xE515F0F0, 0xF20FFDFD, 0xF10DFCFC, 0xC823EBEB, 0xFE07F9F9, 0xB97DC4C4,
+0x2E341A1A, 0xB2DC6E6E, 0xE2BC5E5E, 0xEA1FF5F5, 0xA16DCCCC, 0x62EF8D8D,
+0x24381C1C, 0xFAAC5656, 0xC5864343, 0xF709FEFE, 0x090E0707, 0xA3C26161,
+0xFD05F8F8, 0x9FEA7575, 0xEBB25959, 0xF40BFFFF, 0x05060303, 0x66442222,
+0x6BE18A8A, 0x8657D1D1, 0x35261313, 0xC729EEEE, 0x6DE58888, 0x00000000,
+0x121C0E0E, 0x5C683434, 0x3F2A1515, 0x75F58080, 0x49DD9494, 0xD033E3E3,
+0xC22FEDED, 0x2A9FB5B5, 0xF5A65353, 0x65462323, 0xDD964B4B, 0xC98E4747,
+0x392E1717, 0x1CBBA7A7, 0x45D59090, 0x5F6A3535, 0x08A3ABAB, 0x9D45D8D8,
+0x3D85B8B8, 0x944BDFDF, 0xD19E4F4F, 0xF9AE5757, 0x5BC19A9A, 0x43D19292,
+0x9843DBDB, 0x2D361B1B, 0x44783C3C, 0xAD65C8C8, 0x5EC79999, 0x0C080404,
+0x67E98E8E, 0xD535E0E0, 0x8C5BD7D7, 0x87FA7D7D, 0x7AFF8585, 0x3883BBBB,
+0xC0804040, 0x74582C2C, 0x4E743A3A, 0xCF8A4545, 0xE617F1F1, 0xC6844242,
+0xAFCA6565, 0x60402020, 0xC3824141, 0x28301818, 0x96E47272, 0x6F4A2525,
+0x40D39393, 0x90E07070, 0x5A6C3636, 0x0F0A0505, 0xE311F2F2, 0x1D160B0B,
+0x10B3A3A3, 0x8BF27979, 0xC12DECEC, 0x18100808, 0x694E2727, 0x53623131,
+0x56643232, 0x2F99B6B6, 0x84F87C7C, 0x2595B0B0, 0x1E140A0A, 0x95E67373,
+0xEDB65B5B, 0x8DF67B7B, 0x2C9BB7B7, 0x76F78181, 0x8351D2D2, 0x171A0D0D,
+0xBED46A6A, 0x6A4C2626, 0x57C99E9E, 0xE8B05858, 0x51CD9C9C, 0x70F38383,
+0x9CE87474, 0x2093B3B3, 0x01ADACAC, 0x50603030, 0x8EF47A7A, 0xBBD26969,
+0x99EE7777, 0x111E0F0F, 0x07A9AEAE, 0x63422121, 0x9749DEDE, 0x8555D0D0,
+0x725C2E2E, 0x4CDB9797, 0x30201010, 0x19BDA4A4, 0x5DC59898, 0x0DA5A8A8,
+0x895DD4D4, 0xB8D06868, 0x775A2D2D, 0xA6C46262, 0x7B522929, 0xB7DA6D6D,
+0x3A2C1616, 0xDB924949, 0x9AEC7676, 0xBC7BC7C7, 0xCD25E8E8, 0xB677C1C1,
+0x4FD99696, 0x596E3737, 0xDA3FE5E5, 0xAB61CACA, 0xE91DF4F4, 0xCE27E9E9,
+0xA5C66363, 0x36241212, 0xB371C2C2, 0x1FB9A6A6, 0x3C281414, 0x318DBCBC,
+0x8053D3D3, 0x78502828, 0x04ABAFAF, 0x715E2F2F, 0xDF39E6E6, 0x6C482424,
+0xF6A45252, 0xBF79C6C6, 0x15B5A0A0, 0x1B120909, 0x328FBDBD, 0x61ED8C8C,
+0xA46BCFCF, 0xE7BA5D5D, 0x33221111, 0xE1BE5F5F, 0x03020101, 0xBA7FC5C5,
+0x54CB9F9F, 0x477A3D3D, 0x13B1A2A2, 0x58C39B9B, 0xAE67C9C9, 0x4D763B3B,
+0x3789BEBE, 0xF3A25151, 0x2B321919, 0x213E1F1F, 0x417E3F3F, 0xE4B85C5C,
+0x2391B2B2, 0xC42BEFEF, 0xDE944A4A, 0xA26FCDCD, 0x348BBFBF, 0x3B81BABA,
+0xB1DE6F6F, 0xACC86464, 0x9E47D9D9, 0xE013F3F3, 0x427C3E3E, 0x299DB4B4,
+0x0BA1AAAA, 0x914DDCDC, 0x8A5FD5D5, 0x0A0C0606, 0xB575C0C0, 0x82FC7E7E,
+0xEF19F6F6, 0xAACC6666, 0xB4D86C6C, 0x79FD8484, 0x93E27171, 0x48703838,
+0x3E87B9B9, 0x273A1D1D, 0x81FE7F7F, 0x52CF9D9D, 0xD8904848, 0x68E38B8B,
+0x7E542A2A, 0x9B41DADA, 0x1ABFA5A5, 0x55663333, 0x73F18282, 0x4B723939,
+0x8F59D6D6, 0x88F07878, 0x7FF98686, 0xFB01FAFA, 0xD93DE4E4, 0x7D562B2B,
+0x0EA7A9A9, 0x223C1E1E, 0x6EE78989, 0xA0C06060, 0xBDD66B6B, 0xCB21EAEA,
+0xFFAA5555, 0xD4984C4C, 0xEC1BF7F7, 0xD331E2E2 };
+
+const u32bit Square::TE2[256] = {
+0xB12697B1, 0xCEA769CE, 0xC3B073C3, 0x954ADF95, 0x5AEEB45A, 0xAD02AFAD,
+0xE7DC3BE7, 0x02060402, 0x4DD79A4D, 0x44CC8844, 0xFBF803FB, 0x9146D791,
+0x0C14180C, 0x877CFB87, 0xA116B7A1, 0x50F0A050, 0xCBA863CB, 0x67A9CE67,
+0x54FCA854, 0xDD924FDD, 0x46CA8C46, 0x8F64EB8F, 0xE1D637E1, 0x4ED29C4E,
+0xF0E515F0, 0xFDF20FFD, 0xFCF10DFC, 0xEBC823EB, 0xF9FE07F9, 0xC4B97DC4,
+0x1A2E341A, 0x6EB2DC6E, 0x5EE2BC5E, 0xF5EA1FF5, 0xCCA16DCC, 0x8D62EF8D,
+0x1C24381C, 0x56FAAC56, 0x43C58643, 0xFEF709FE, 0x07090E07, 0x61A3C261,
+0xF8FD05F8, 0x759FEA75, 0x59EBB259, 0xFFF40BFF, 0x03050603, 0x22664422,
+0x8A6BE18A, 0xD18657D1, 0x13352613, 0xEEC729EE, 0x886DE588, 0x00000000,
+0x0E121C0E, 0x345C6834, 0x153F2A15, 0x8075F580, 0x9449DD94, 0xE3D033E3,
+0xEDC22FED, 0xB52A9FB5, 0x53F5A653, 0x23654623, 0x4BDD964B, 0x47C98E47,
+0x17392E17, 0xA71CBBA7, 0x9045D590, 0x355F6A35, 0xAB08A3AB, 0xD89D45D8,
+0xB83D85B8, 0xDF944BDF, 0x4FD19E4F, 0x57F9AE57, 0x9A5BC19A, 0x9243D192,
+0xDB9843DB, 0x1B2D361B, 0x3C44783C, 0xC8AD65C8, 0x995EC799, 0x040C0804,
+0x8E67E98E, 0xE0D535E0, 0xD78C5BD7, 0x7D87FA7D, 0x857AFF85, 0xBB3883BB,
+0x40C08040, 0x2C74582C, 0x3A4E743A, 0x45CF8A45, 0xF1E617F1, 0x42C68442,
+0x65AFCA65, 0x20604020, 0x41C38241, 0x18283018, 0x7296E472, 0x256F4A25,
+0x9340D393, 0x7090E070, 0x365A6C36, 0x050F0A05, 0xF2E311F2, 0x0B1D160B,
+0xA310B3A3, 0x798BF279, 0xECC12DEC, 0x08181008, 0x27694E27, 0x31536231,
+0x32566432, 0xB62F99B6, 0x7C84F87C, 0xB02595B0, 0x0A1E140A, 0x7395E673,
+0x5BEDB65B, 0x7B8DF67B, 0xB72C9BB7, 0x8176F781, 0xD28351D2, 0x0D171A0D,
+0x6ABED46A, 0x266A4C26, 0x9E57C99E, 0x58E8B058, 0x9C51CD9C, 0x8370F383,
+0x749CE874, 0xB32093B3, 0xAC01ADAC, 0x30506030, 0x7A8EF47A, 0x69BBD269,
+0x7799EE77, 0x0F111E0F, 0xAE07A9AE, 0x21634221, 0xDE9749DE, 0xD08555D0,
+0x2E725C2E, 0x974CDB97, 0x10302010, 0xA419BDA4, 0x985DC598, 0xA80DA5A8,
+0xD4895DD4, 0x68B8D068, 0x2D775A2D, 0x62A6C462, 0x297B5229, 0x6DB7DA6D,
+0x163A2C16, 0x49DB9249, 0x769AEC76, 0xC7BC7BC7, 0xE8CD25E8, 0xC1B677C1,
+0x964FD996, 0x37596E37, 0xE5DA3FE5, 0xCAAB61CA, 0xF4E91DF4, 0xE9CE27E9,
+0x63A5C663, 0x12362412, 0xC2B371C2, 0xA61FB9A6, 0x143C2814, 0xBC318DBC,
+0xD38053D3, 0x28785028, 0xAF04ABAF, 0x2F715E2F, 0xE6DF39E6, 0x246C4824,
+0x52F6A452, 0xC6BF79C6, 0xA015B5A0, 0x091B1209, 0xBD328FBD, 0x8C61ED8C,
+0xCFA46BCF, 0x5DE7BA5D, 0x11332211, 0x5FE1BE5F, 0x01030201, 0xC5BA7FC5,
+0x9F54CB9F, 0x3D477A3D, 0xA213B1A2, 0x9B58C39B, 0xC9AE67C9, 0x3B4D763B,
+0xBE3789BE, 0x51F3A251, 0x192B3219, 0x1F213E1F, 0x3F417E3F, 0x5CE4B85C,
+0xB22391B2, 0xEFC42BEF, 0x4ADE944A, 0xCDA26FCD, 0xBF348BBF, 0xBA3B81BA,
+0x6FB1DE6F, 0x64ACC864, 0xD99E47D9, 0xF3E013F3, 0x3E427C3E, 0xB4299DB4,
+0xAA0BA1AA, 0xDC914DDC, 0xD58A5FD5, 0x060A0C06, 0xC0B575C0, 0x7E82FC7E,
+0xF6EF19F6, 0x66AACC66, 0x6CB4D86C, 0x8479FD84, 0x7193E271, 0x38487038,
+0xB93E87B9, 0x1D273A1D, 0x7F81FE7F, 0x9D52CF9D, 0x48D89048, 0x8B68E38B,
+0x2A7E542A, 0xDA9B41DA, 0xA51ABFA5, 0x33556633, 0x8273F182, 0x394B7239,
+0xD68F59D6, 0x7888F078, 0x867FF986, 0xFAFB01FA, 0xE4D93DE4, 0x2B7D562B,
+0xA90EA7A9, 0x1E223C1E, 0x896EE789, 0x60A0C060, 0x6BBDD66B, 0xEACB21EA,
+0x55FFAA55, 0x4CD4984C, 0xF7EC1BF7, 0xE2D331E2 };
+
+const u32bit Square::TE3[256] = {
+0xB1B12697, 0xCECEA769, 0xC3C3B073, 0x95954ADF, 0x5A5AEEB4, 0xADAD02AF,
+0xE7E7DC3B, 0x02020604, 0x4D4DD79A, 0x4444CC88, 0xFBFBF803, 0x919146D7,
+0x0C0C1418, 0x87877CFB, 0xA1A116B7, 0x5050F0A0, 0xCBCBA863, 0x6767A9CE,
+0x5454FCA8, 0xDDDD924F, 0x4646CA8C, 0x8F8F64EB, 0xE1E1D637, 0x4E4ED29C,
+0xF0F0E515, 0xFDFDF20F, 0xFCFCF10D, 0xEBEBC823, 0xF9F9FE07, 0xC4C4B97D,
+0x1A1A2E34, 0x6E6EB2DC, 0x5E5EE2BC, 0xF5F5EA1F, 0xCCCCA16D, 0x8D8D62EF,
+0x1C1C2438, 0x5656FAAC, 0x4343C586, 0xFEFEF709, 0x0707090E, 0x6161A3C2,
+0xF8F8FD05, 0x75759FEA, 0x5959EBB2, 0xFFFFF40B, 0x03030506, 0x22226644,
+0x8A8A6BE1, 0xD1D18657, 0x13133526, 0xEEEEC729, 0x88886DE5, 0x00000000,
+0x0E0E121C, 0x34345C68, 0x15153F2A, 0x808075F5, 0x949449DD, 0xE3E3D033,
+0xEDEDC22F, 0xB5B52A9F, 0x5353F5A6, 0x23236546, 0x4B4BDD96, 0x4747C98E,
+0x1717392E, 0xA7A71CBB, 0x909045D5, 0x35355F6A, 0xABAB08A3, 0xD8D89D45,
+0xB8B83D85, 0xDFDF944B, 0x4F4FD19E, 0x5757F9AE, 0x9A9A5BC1, 0x929243D1,
+0xDBDB9843, 0x1B1B2D36, 0x3C3C4478, 0xC8C8AD65, 0x99995EC7, 0x04040C08,
+0x8E8E67E9, 0xE0E0D535, 0xD7D78C5B, 0x7D7D87FA, 0x85857AFF, 0xBBBB3883,
+0x4040C080, 0x2C2C7458, 0x3A3A4E74, 0x4545CF8A, 0xF1F1E617, 0x4242C684,
+0x6565AFCA, 0x20206040, 0x4141C382, 0x18182830, 0x727296E4, 0x25256F4A,
+0x939340D3, 0x707090E0, 0x36365A6C, 0x05050F0A, 0xF2F2E311, 0x0B0B1D16,
+0xA3A310B3, 0x79798BF2, 0xECECC12D, 0x08081810, 0x2727694E, 0x31315362,
+0x32325664, 0xB6B62F99, 0x7C7C84F8, 0xB0B02595, 0x0A0A1E14, 0x737395E6,
+0x5B5BEDB6, 0x7B7B8DF6, 0xB7B72C9B, 0x818176F7, 0xD2D28351, 0x0D0D171A,
+0x6A6ABED4, 0x26266A4C, 0x9E9E57C9, 0x5858E8B0, 0x9C9C51CD, 0x838370F3,
+0x74749CE8, 0xB3B32093, 0xACAC01AD, 0x30305060, 0x7A7A8EF4, 0x6969BBD2,
+0x777799EE, 0x0F0F111E, 0xAEAE07A9, 0x21216342, 0xDEDE9749, 0xD0D08555,
+0x2E2E725C, 0x97974CDB, 0x10103020, 0xA4A419BD, 0x98985DC5, 0xA8A80DA5,
+0xD4D4895D, 0x6868B8D0, 0x2D2D775A, 0x6262A6C4, 0x29297B52, 0x6D6DB7DA,
+0x16163A2C, 0x4949DB92, 0x76769AEC, 0xC7C7BC7B, 0xE8E8CD25, 0xC1C1B677,
+0x96964FD9, 0x3737596E, 0xE5E5DA3F, 0xCACAAB61, 0xF4F4E91D, 0xE9E9CE27,
+0x6363A5C6, 0x12123624, 0xC2C2B371, 0xA6A61FB9, 0x14143C28, 0xBCBC318D,
+0xD3D38053, 0x28287850, 0xAFAF04AB, 0x2F2F715E, 0xE6E6DF39, 0x24246C48,
+0x5252F6A4, 0xC6C6BF79, 0xA0A015B5, 0x09091B12, 0xBDBD328F, 0x8C8C61ED,
+0xCFCFA46B, 0x5D5DE7BA, 0x11113322, 0x5F5FE1BE, 0x01010302, 0xC5C5BA7F,
+0x9F9F54CB, 0x3D3D477A, 0xA2A213B1, 0x9B9B58C3, 0xC9C9AE67, 0x3B3B4D76,
+0xBEBE3789, 0x5151F3A2, 0x19192B32, 0x1F1F213E, 0x3F3F417E, 0x5C5CE4B8,
+0xB2B22391, 0xEFEFC42B, 0x4A4ADE94, 0xCDCDA26F, 0xBFBF348B, 0xBABA3B81,
+0x6F6FB1DE, 0x6464ACC8, 0xD9D99E47, 0xF3F3E013, 0x3E3E427C, 0xB4B4299D,
+0xAAAA0BA1, 0xDCDC914D, 0xD5D58A5F, 0x06060A0C, 0xC0C0B575, 0x7E7E82FC,
+0xF6F6EF19, 0x6666AACC, 0x6C6CB4D8, 0x848479FD, 0x717193E2, 0x38384870,
+0xB9B93E87, 0x1D1D273A, 0x7F7F81FE, 0x9D9D52CF, 0x4848D890, 0x8B8B68E3,
+0x2A2A7E54, 0xDADA9B41, 0xA5A51ABF, 0x33335566, 0x828273F1, 0x39394B72,
+0xD6D68F59, 0x787888F0, 0x86867FF9, 0xFAFAFB01, 0xE4E4D93D, 0x2B2B7D56,
+0xA9A90EA7, 0x1E1E223C, 0x89896EE7, 0x6060A0C0, 0x6B6BBDD6, 0xEAEACB21,
+0x5555FFAA, 0x4C4CD498, 0xF7F7EC1B, 0xE2E2D331 };
+
+const u32bit Square::TD0[256] = {
+0xE368BC02, 0x5585620C, 0x2A3F2331, 0x61AB13F7, 0x98D46D72, 0x21CB9A19,
+0x3C22A461, 0x459D3DCD, 0x05FDB423, 0x2BC4075F, 0x9B2C01C0, 0x3DD9800F,
+0x486C5C74, 0xF97F7E85, 0xF173AB1F, 0xB6EDDE0E, 0x283C6BED, 0x4997781A,
+0x9F2A918D, 0xC9579F33, 0xA907A8AA, 0xA50DED7D, 0x7C422D8F, 0x764DB0C9,
+0x4D91E857, 0xCEA963CC, 0xB4EE96D2, 0x3028E1B6, 0x0DF161B9, 0xBD196726,
+0x419BAD80, 0xC0A06EC7, 0x5183F241, 0x92DBF034, 0x6FA21EFC, 0x8F32CE4C,
+0x13E03373, 0x69A7C66D, 0xE56D6493, 0xBF1A2FFA, 0xBB1CBFB7, 0x587403B5,
+0xE76E2C4F, 0x5D89B796, 0xE89C052A, 0x446619A3, 0x342E71FB, 0x0FF22965,
+0xFE81827A, 0xB11322F1, 0xA30835EC, 0xCD510F7E, 0xFF7AA614, 0x5C7293F8,
+0x2FC29712, 0xF370E3C3, 0x992F491C, 0xD1431568, 0xC2A3261B, 0x88CC32B3,
+0x8ACF7A6F, 0xB0E8069F, 0x7A47F51E, 0xD2BB79DA, 0xE6950821, 0x4398E55C,
+0xD0B83106, 0x11E37BAF, 0x7E416553, 0xCCAA2B10, 0xD8B4E49C, 0x6456A7D4,
+0xFB7C3659, 0x724B2084, 0xEA9F4DF6, 0x6A5FAADF, 0x2DC1DFCE, 0x70486858,
+0xCAAFF381, 0x0605D891, 0x5A774B69, 0x94DE28A5, 0x39DF1042, 0x813BC347,
+0xFC82CAA6, 0x23C8D2C5, 0x03F86CB2, 0x080CD59A, 0xDAB7AC40, 0x7DB909E1,
+0x3824342C, 0xCF5247A2, 0xDCB274D1, 0x63A85B2B, 0x35D55595, 0x479E7511,
+0x15E5EBE2, 0x4B9430C6, 0x4A6F14A8, 0x91239C86, 0x4C6ACC39, 0x5F8AFF4A,
+0x0406904D, 0xEE99DDBB, 0x1E1152CA, 0xAAFFC418, 0xEB646998, 0x07FEFCFF,
+0x8B345E01, 0x567D0EBE, 0xBAE79BD9, 0x4263C132, 0x75B5DC7B, 0x97264417,
+0x67AECB66, 0x95250CCB, 0xEC9A9567, 0x57862AD0, 0x60503799, 0xB8E4D305,
+0x65AD83BA, 0x19EFAE35, 0xA4F6C913, 0xC15B4AA9, 0x873E1BD6, 0xA0F0595E,
+0x18148A5B, 0xAF02703B, 0xAB04E076, 0xDD4950BF, 0xDF4A1863, 0xC6A5B656,
+0x853D530A, 0xFA871237, 0x77B694A7, 0x4665517F, 0xED61B109, 0x1BECE6E9,
+0xD5458525, 0xF5753B52, 0x7FBA413D, 0x27CE4288, 0xB2EB4E43, 0xD6BDE997,
+0x527B9EF3, 0x62537F45, 0x2C3AFBA0, 0x7BBCD170, 0xB91FF76B, 0x121B171D,
+0xFD79EEC8, 0x3A277CF0, 0x0C0A45D7, 0x96DD6079, 0x2233F6AB, 0xACFA1C89,
+0xC8ACBB5D, 0xA10B7D30, 0xD4BEA14B, 0xBEE10B94, 0x25CD0A54, 0x547E4662,
+0xA2F31182, 0x17E6A33E, 0x263566E6, 0xC3580275, 0x83388B9B, 0x7844BDC2,
+0x020348DC, 0x4F92A08B, 0x2E39B37C, 0x4E6984E5, 0xF0888F71, 0x362D3927,
+0x9CD2FD3F, 0x01FB246E, 0x893716DD, 0x00000000, 0xF68D57E0, 0xE293986C,
+0x744EF815, 0x9320D45A, 0xAD0138E7, 0xD3405DB4, 0x1A17C287, 0xB3106A2D,
+0x5078D62F, 0xF48E1F3C, 0xA70EA5A1, 0x71B34C36, 0x9AD725AE, 0x5E71DB24,
+0x161D8750, 0xEF62F9D5, 0x8D318690, 0x1C121A16, 0xA6F581CF, 0x5B8C6F07,
+0x37D61D49, 0x6E593A92, 0x84C67764, 0x86C53FB8, 0xD746CDF9, 0xE090D0B0,
+0x29C74F83, 0xE49640FD, 0x0E090D0B, 0x6DA15620, 0x8EC9EA22, 0xDB4C882E,
+0xF776738E, 0xB515B2BC, 0x10185FC1, 0x322BA96A, 0x6BA48EB1, 0xAEF95455,
+0x406089EE, 0x6655EF08, 0xE9672144, 0x3E21ECBD, 0x2030BE77, 0xF28BC7AD,
+0x80C0E729, 0x141ECF8C, 0xBCE24348, 0xC4A6FE8A, 0x31D3C5D8, 0xB716FA60,
+0x5380BA9D, 0xD94FC0F2, 0x1DE93E78, 0x24362E3A, 0xE16BF4DE, 0xCB54D7EF,
+0x09F7F1F4, 0x82C3AFF5, 0x0BF4B928, 0x9D29D951, 0xC75E9238, 0xF8845AEB,
+0x90D8B8E8, 0xDEB13C0D, 0x33D08D04, 0x685CE203, 0xC55DDAE4, 0x3BDC589E,
+0x0A0F9D46, 0x3FDAC8D3, 0x598F27DB, 0xA8FC8CC4, 0x79BF99AC, 0x6C5A724E,
+0x8CCAA2FE, 0x9ED1B5E3, 0x1FEA76A4, 0x73B004EA };
+
+const u32bit Square::TD1[256] = {
+0x02E368BC, 0x0C558562, 0x312A3F23, 0xF761AB13, 0x7298D46D, 0x1921CB9A,
+0x613C22A4, 0xCD459D3D, 0x2305FDB4, 0x5F2BC407, 0xC09B2C01, 0x0F3DD980,
+0x74486C5C, 0x85F97F7E, 0x1FF173AB, 0x0EB6EDDE, 0xED283C6B, 0x1A499778,
+0x8D9F2A91, 0x33C9579F, 0xAAA907A8, 0x7DA50DED, 0x8F7C422D, 0xC9764DB0,
+0x574D91E8, 0xCCCEA963, 0xD2B4EE96, 0xB63028E1, 0xB90DF161, 0x26BD1967,
+0x80419BAD, 0xC7C0A06E, 0x415183F2, 0x3492DBF0, 0xFC6FA21E, 0x4C8F32CE,
+0x7313E033, 0x6D69A7C6, 0x93E56D64, 0xFABF1A2F, 0xB7BB1CBF, 0xB5587403,
+0x4FE76E2C, 0x965D89B7, 0x2AE89C05, 0xA3446619, 0xFB342E71, 0x650FF229,
+0x7AFE8182, 0xF1B11322, 0xECA30835, 0x7ECD510F, 0x14FF7AA6, 0xF85C7293,
+0x122FC297, 0xC3F370E3, 0x1C992F49, 0x68D14315, 0x1BC2A326, 0xB388CC32,
+0x6F8ACF7A, 0x9FB0E806, 0x1E7A47F5, 0xDAD2BB79, 0x21E69508, 0x5C4398E5,
+0x06D0B831, 0xAF11E37B, 0x537E4165, 0x10CCAA2B, 0x9CD8B4E4, 0xD46456A7,
+0x59FB7C36, 0x84724B20, 0xF6EA9F4D, 0xDF6A5FAA, 0xCE2DC1DF, 0x58704868,
+0x81CAAFF3, 0x910605D8, 0x695A774B, 0xA594DE28, 0x4239DF10, 0x47813BC3,
+0xA6FC82CA, 0xC523C8D2, 0xB203F86C, 0x9A080CD5, 0x40DAB7AC, 0xE17DB909,
+0x2C382434, 0xA2CF5247, 0xD1DCB274, 0x2B63A85B, 0x9535D555, 0x11479E75,
+0xE215E5EB, 0xC64B9430, 0xA84A6F14, 0x8691239C, 0x394C6ACC, 0x4A5F8AFF,
+0x4D040690, 0xBBEE99DD, 0xCA1E1152, 0x18AAFFC4, 0x98EB6469, 0xFF07FEFC,
+0x018B345E, 0xBE567D0E, 0xD9BAE79B, 0x324263C1, 0x7B75B5DC, 0x17972644,
+0x6667AECB, 0xCB95250C, 0x67EC9A95, 0xD057862A, 0x99605037, 0x05B8E4D3,
+0xBA65AD83, 0x3519EFAE, 0x13A4F6C9, 0xA9C15B4A, 0xD6873E1B, 0x5EA0F059,
+0x5B18148A, 0x3BAF0270, 0x76AB04E0, 0xBFDD4950, 0x63DF4A18, 0x56C6A5B6,
+0x0A853D53, 0x37FA8712, 0xA777B694, 0x7F466551, 0x09ED61B1, 0xE91BECE6,
+0x25D54585, 0x52F5753B, 0x3D7FBA41, 0x8827CE42, 0x43B2EB4E, 0x97D6BDE9,
+0xF3527B9E, 0x4562537F, 0xA02C3AFB, 0x707BBCD1, 0x6BB91FF7, 0x1D121B17,
+0xC8FD79EE, 0xF03A277C, 0xD70C0A45, 0x7996DD60, 0xAB2233F6, 0x89ACFA1C,
+0x5DC8ACBB, 0x30A10B7D, 0x4BD4BEA1, 0x94BEE10B, 0x5425CD0A, 0x62547E46,
+0x82A2F311, 0x3E17E6A3, 0xE6263566, 0x75C35802, 0x9B83388B, 0xC27844BD,
+0xDC020348, 0x8B4F92A0, 0x7C2E39B3, 0xE54E6984, 0x71F0888F, 0x27362D39,
+0x3F9CD2FD, 0x6E01FB24, 0xDD893716, 0x00000000, 0xE0F68D57, 0x6CE29398,
+0x15744EF8, 0x5A9320D4, 0xE7AD0138, 0xB4D3405D, 0x871A17C2, 0x2DB3106A,
+0x2F5078D6, 0x3CF48E1F, 0xA1A70EA5, 0x3671B34C, 0xAE9AD725, 0x245E71DB,
+0x50161D87, 0xD5EF62F9, 0x908D3186, 0x161C121A, 0xCFA6F581, 0x075B8C6F,
+0x4937D61D, 0x926E593A, 0x6484C677, 0xB886C53F, 0xF9D746CD, 0xB0E090D0,
+0x8329C74F, 0xFDE49640, 0x0B0E090D, 0x206DA156, 0x228EC9EA, 0x2EDB4C88,
+0x8EF77673, 0xBCB515B2, 0xC110185F, 0x6A322BA9, 0xB16BA48E, 0x55AEF954,
+0xEE406089, 0x086655EF, 0x44E96721, 0xBD3E21EC, 0x772030BE, 0xADF28BC7,
+0x2980C0E7, 0x8C141ECF, 0x48BCE243, 0x8AC4A6FE, 0xD831D3C5, 0x60B716FA,
+0x9D5380BA, 0xF2D94FC0, 0x781DE93E, 0x3A24362E, 0xDEE16BF4, 0xEFCB54D7,
+0xF409F7F1, 0xF582C3AF, 0x280BF4B9, 0x519D29D9, 0x38C75E92, 0xEBF8845A,
+0xE890D8B8, 0x0DDEB13C, 0x0433D08D, 0x03685CE2, 0xE4C55DDA, 0x9E3BDC58,
+0x460A0F9D, 0xD33FDAC8, 0xDB598F27, 0xC4A8FC8C, 0xAC79BF99, 0x4E6C5A72,
+0xFE8CCAA2, 0xE39ED1B5, 0xA41FEA76, 0xEA73B004 };
+
+const u32bit Square::TD2[256] = {
+0xBC02E368, 0x620C5585, 0x23312A3F, 0x13F761AB, 0x6D7298D4, 0x9A1921CB,
+0xA4613C22, 0x3DCD459D, 0xB42305FD, 0x075F2BC4, 0x01C09B2C, 0x800F3DD9,
+0x5C74486C, 0x7E85F97F, 0xAB1FF173, 0xDE0EB6ED, 0x6BED283C, 0x781A4997,
+0x918D9F2A, 0x9F33C957, 0xA8AAA907, 0xED7DA50D, 0x2D8F7C42, 0xB0C9764D,
+0xE8574D91, 0x63CCCEA9, 0x96D2B4EE, 0xE1B63028, 0x61B90DF1, 0x6726BD19,
+0xAD80419B, 0x6EC7C0A0, 0xF2415183, 0xF03492DB, 0x1EFC6FA2, 0xCE4C8F32,
+0x337313E0, 0xC66D69A7, 0x6493E56D, 0x2FFABF1A, 0xBFB7BB1C, 0x03B55874,
+0x2C4FE76E, 0xB7965D89, 0x052AE89C, 0x19A34466, 0x71FB342E, 0x29650FF2,
+0x827AFE81, 0x22F1B113, 0x35ECA308, 0x0F7ECD51, 0xA614FF7A, 0x93F85C72,
+0x97122FC2, 0xE3C3F370, 0x491C992F, 0x1568D143, 0x261BC2A3, 0x32B388CC,
+0x7A6F8ACF, 0x069FB0E8, 0xF51E7A47, 0x79DAD2BB, 0x0821E695, 0xE55C4398,
+0x3106D0B8, 0x7BAF11E3, 0x65537E41, 0x2B10CCAA, 0xE49CD8B4, 0xA7D46456,
+0x3659FB7C, 0x2084724B, 0x4DF6EA9F, 0xAADF6A5F, 0xDFCE2DC1, 0x68587048,
+0xF381CAAF, 0xD8910605, 0x4B695A77, 0x28A594DE, 0x104239DF, 0xC347813B,
+0xCAA6FC82, 0xD2C523C8, 0x6CB203F8, 0xD59A080C, 0xAC40DAB7, 0x09E17DB9,
+0x342C3824, 0x47A2CF52, 0x74D1DCB2, 0x5B2B63A8, 0x559535D5, 0x7511479E,
+0xEBE215E5, 0x30C64B94, 0x14A84A6F, 0x9C869123, 0xCC394C6A, 0xFF4A5F8A,
+0x904D0406, 0xDDBBEE99, 0x52CA1E11, 0xC418AAFF, 0x6998EB64, 0xFCFF07FE,
+0x5E018B34, 0x0EBE567D, 0x9BD9BAE7, 0xC1324263, 0xDC7B75B5, 0x44179726,
+0xCB6667AE, 0x0CCB9525, 0x9567EC9A, 0x2AD05786, 0x37996050, 0xD305B8E4,
+0x83BA65AD, 0xAE3519EF, 0xC913A4F6, 0x4AA9C15B, 0x1BD6873E, 0x595EA0F0,
+0x8A5B1814, 0x703BAF02, 0xE076AB04, 0x50BFDD49, 0x1863DF4A, 0xB656C6A5,
+0x530A853D, 0x1237FA87, 0x94A777B6, 0x517F4665, 0xB109ED61, 0xE6E91BEC,
+0x8525D545, 0x3B52F575, 0x413D7FBA, 0x428827CE, 0x4E43B2EB, 0xE997D6BD,
+0x9EF3527B, 0x7F456253, 0xFBA02C3A, 0xD1707BBC, 0xF76BB91F, 0x171D121B,
+0xEEC8FD79, 0x7CF03A27, 0x45D70C0A, 0x607996DD, 0xF6AB2233, 0x1C89ACFA,
+0xBB5DC8AC, 0x7D30A10B, 0xA14BD4BE, 0x0B94BEE1, 0x0A5425CD, 0x4662547E,
+0x1182A2F3, 0xA33E17E6, 0x66E62635, 0x0275C358, 0x8B9B8338, 0xBDC27844,
+0x48DC0203, 0xA08B4F92, 0xB37C2E39, 0x84E54E69, 0x8F71F088, 0x3927362D,
+0xFD3F9CD2, 0x246E01FB, 0x16DD8937, 0x00000000, 0x57E0F68D, 0x986CE293,
+0xF815744E, 0xD45A9320, 0x38E7AD01, 0x5DB4D340, 0xC2871A17, 0x6A2DB310,
+0xD62F5078, 0x1F3CF48E, 0xA5A1A70E, 0x4C3671B3, 0x25AE9AD7, 0xDB245E71,
+0x8750161D, 0xF9D5EF62, 0x86908D31, 0x1A161C12, 0x81CFA6F5, 0x6F075B8C,
+0x1D4937D6, 0x3A926E59, 0x776484C6, 0x3FB886C5, 0xCDF9D746, 0xD0B0E090,
+0x4F8329C7, 0x40FDE496, 0x0D0B0E09, 0x56206DA1, 0xEA228EC9, 0x882EDB4C,
+0x738EF776, 0xB2BCB515, 0x5FC11018, 0xA96A322B, 0x8EB16BA4, 0x5455AEF9,
+0x89EE4060, 0xEF086655, 0x2144E967, 0xECBD3E21, 0xBE772030, 0xC7ADF28B,
+0xE72980C0, 0xCF8C141E, 0x4348BCE2, 0xFE8AC4A6, 0xC5D831D3, 0xFA60B716,
+0xBA9D5380, 0xC0F2D94F, 0x3E781DE9, 0x2E3A2436, 0xF4DEE16B, 0xD7EFCB54,
+0xF1F409F7, 0xAFF582C3, 0xB9280BF4, 0xD9519D29, 0x9238C75E, 0x5AEBF884,
+0xB8E890D8, 0x3C0DDEB1, 0x8D0433D0, 0xE203685C, 0xDAE4C55D, 0x589E3BDC,
+0x9D460A0F, 0xC8D33FDA, 0x27DB598F, 0x8CC4A8FC, 0x99AC79BF, 0x724E6C5A,
+0xA2FE8CCA, 0xB5E39ED1, 0x76A41FEA, 0x04EA73B0 };
+
+const u32bit Square::TD3[256] = {
+0x68BC02E3, 0x85620C55, 0x3F23312A, 0xAB13F761, 0xD46D7298, 0xCB9A1921,
+0x22A4613C, 0x9D3DCD45, 0xFDB42305, 0xC4075F2B, 0x2C01C09B, 0xD9800F3D,
+0x6C5C7448, 0x7F7E85F9, 0x73AB1FF1, 0xEDDE0EB6, 0x3C6BED28, 0x97781A49,
+0x2A918D9F, 0x579F33C9, 0x07A8AAA9, 0x0DED7DA5, 0x422D8F7C, 0x4DB0C976,
+0x91E8574D, 0xA963CCCE, 0xEE96D2B4, 0x28E1B630, 0xF161B90D, 0x196726BD,
+0x9BAD8041, 0xA06EC7C0, 0x83F24151, 0xDBF03492, 0xA21EFC6F, 0x32CE4C8F,
+0xE0337313, 0xA7C66D69, 0x6D6493E5, 0x1A2FFABF, 0x1CBFB7BB, 0x7403B558,
+0x6E2C4FE7, 0x89B7965D, 0x9C052AE8, 0x6619A344, 0x2E71FB34, 0xF229650F,
+0x81827AFE, 0x1322F1B1, 0x0835ECA3, 0x510F7ECD, 0x7AA614FF, 0x7293F85C,
+0xC297122F, 0x70E3C3F3, 0x2F491C99, 0x431568D1, 0xA3261BC2, 0xCC32B388,
+0xCF7A6F8A, 0xE8069FB0, 0x47F51E7A, 0xBB79DAD2, 0x950821E6, 0x98E55C43,
+0xB83106D0, 0xE37BAF11, 0x4165537E, 0xAA2B10CC, 0xB4E49CD8, 0x56A7D464,
+0x7C3659FB, 0x4B208472, 0x9F4DF6EA, 0x5FAADF6A, 0xC1DFCE2D, 0x48685870,
+0xAFF381CA, 0x05D89106, 0x774B695A, 0xDE28A594, 0xDF104239, 0x3BC34781,
+0x82CAA6FC, 0xC8D2C523, 0xF86CB203, 0x0CD59A08, 0xB7AC40DA, 0xB909E17D,
+0x24342C38, 0x5247A2CF, 0xB274D1DC, 0xA85B2B63, 0xD5559535, 0x9E751147,
+0xE5EBE215, 0x9430C64B, 0x6F14A84A, 0x239C8691, 0x6ACC394C, 0x8AFF4A5F,
+0x06904D04, 0x99DDBBEE, 0x1152CA1E, 0xFFC418AA, 0x646998EB, 0xFEFCFF07,
+0x345E018B, 0x7D0EBE56, 0xE79BD9BA, 0x63C13242, 0xB5DC7B75, 0x26441797,
+0xAECB6667, 0x250CCB95, 0x9A9567EC, 0x862AD057, 0x50379960, 0xE4D305B8,
+0xAD83BA65, 0xEFAE3519, 0xF6C913A4, 0x5B4AA9C1, 0x3E1BD687, 0xF0595EA0,
+0x148A5B18, 0x02703BAF, 0x04E076AB, 0x4950BFDD, 0x4A1863DF, 0xA5B656C6,
+0x3D530A85, 0x871237FA, 0xB694A777, 0x65517F46, 0x61B109ED, 0xECE6E91B,
+0x458525D5, 0x753B52F5, 0xBA413D7F, 0xCE428827, 0xEB4E43B2, 0xBDE997D6,
+0x7B9EF352, 0x537F4562, 0x3AFBA02C, 0xBCD1707B, 0x1FF76BB9, 0x1B171D12,
+0x79EEC8FD, 0x277CF03A, 0x0A45D70C, 0xDD607996, 0x33F6AB22, 0xFA1C89AC,
+0xACBB5DC8, 0x0B7D30A1, 0xBEA14BD4, 0xE10B94BE, 0xCD0A5425, 0x7E466254,
+0xF31182A2, 0xE6A33E17, 0x3566E626, 0x580275C3, 0x388B9B83, 0x44BDC278,
+0x0348DC02, 0x92A08B4F, 0x39B37C2E, 0x6984E54E, 0x888F71F0, 0x2D392736,
+0xD2FD3F9C, 0xFB246E01, 0x3716DD89, 0x00000000, 0x8D57E0F6, 0x93986CE2,
+0x4EF81574, 0x20D45A93, 0x0138E7AD, 0x405DB4D3, 0x17C2871A, 0x106A2DB3,
+0x78D62F50, 0x8E1F3CF4, 0x0EA5A1A7, 0xB34C3671, 0xD725AE9A, 0x71DB245E,
+0x1D875016, 0x62F9D5EF, 0x3186908D, 0x121A161C, 0xF581CFA6, 0x8C6F075B,
+0xD61D4937, 0x593A926E, 0xC6776484, 0xC53FB886, 0x46CDF9D7, 0x90D0B0E0,
+0xC74F8329, 0x9640FDE4, 0x090D0B0E, 0xA156206D, 0xC9EA228E, 0x4C882EDB,
+0x76738EF7, 0x15B2BCB5, 0x185FC110, 0x2BA96A32, 0xA48EB16B, 0xF95455AE,
+0x6089EE40, 0x55EF0866, 0x672144E9, 0x21ECBD3E, 0x30BE7720, 0x8BC7ADF2,
+0xC0E72980, 0x1ECF8C14, 0xE24348BC, 0xA6FE8AC4, 0xD3C5D831, 0x16FA60B7,
+0x80BA9D53, 0x4FC0F2D9, 0xE93E781D, 0x362E3A24, 0x6BF4DEE1, 0x54D7EFCB,
+0xF7F1F409, 0xC3AFF582, 0xF4B9280B, 0x29D9519D, 0x5E9238C7, 0x845AEBF8,
+0xD8B8E890, 0xB13C0DDE, 0xD08D0433, 0x5CE20368, 0x5DDAE4C5, 0xDC589E3B,
+0x0F9D460A, 0xDAC8D33F, 0x8F27DB59, 0xFC8CC4A8, 0xBF99AC79, 0x5A724E6C,
+0xCAA2FE8C, 0xD1B5E39E, 0xEA76A41F, 0xB004EA73 };
+
+}
diff --git a/src/square.cpp b/src/square.cpp
new file mode 100644
index 000000000..c01baa077
--- /dev/null
+++ b/src/square.cpp
@@ -0,0 +1,186 @@
+/*************************************************
+* Square Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/square.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* Square Encryption *
+*************************************************/
+void Square::enc(const byte in[], byte out[]) const
+ {
+ u32bit T0, T1, T2, T3, B0, B1, B2, B3;
+ B0 = TE0[in[ 0] ^ ME[ 0]] ^ TE1[in[ 4] ^ ME[ 4]] ^
+ TE2[in[ 8] ^ ME[ 8]] ^ TE3[in[12] ^ ME[12]] ^ EK[0];
+ B1 = TE0[in[ 1] ^ ME[ 1]] ^ TE1[in[ 5] ^ ME[ 5]] ^
+ TE2[in[ 9] ^ ME[ 9]] ^ TE3[in[13] ^ ME[13]] ^ EK[1];
+ B2 = TE0[in[ 2] ^ ME[ 2]] ^ TE1[in[ 6] ^ ME[ 6]] ^
+ TE2[in[10] ^ ME[10]] ^ TE3[in[14] ^ ME[14]] ^ EK[2];
+ B3 = TE0[in[ 3] ^ ME[ 3]] ^ TE1[in[ 7] ^ ME[ 7]] ^
+ TE2[in[11] ^ ME[11]] ^ TE3[in[15] ^ ME[15]] ^ EK[3];
+ for(u32bit j = 1; j != 7; j += 2)
+ {
+ T0 = TE0[get_byte(0, B0)] ^ TE1[get_byte(0, B1)] ^
+ TE2[get_byte(0, B2)] ^ TE3[get_byte(0, B3)] ^ EK[4*j+0];
+ T1 = TE0[get_byte(1, B0)] ^ TE1[get_byte(1, B1)] ^
+ TE2[get_byte(1, B2)] ^ TE3[get_byte(1, B3)] ^ EK[4*j+1];
+ T2 = TE0[get_byte(2, B0)] ^ TE1[get_byte(2, B1)] ^
+ TE2[get_byte(2, B2)] ^ TE3[get_byte(2, B3)] ^ EK[4*j+2];
+ T3 = TE0[get_byte(3, B0)] ^ TE1[get_byte(3, B1)] ^
+ TE2[get_byte(3, B2)] ^ TE3[get_byte(3, B3)] ^ EK[4*j+3];
+ B0 = TE0[get_byte(0, T0)] ^ TE1[get_byte(0, T1)] ^
+ TE2[get_byte(0, T2)] ^ TE3[get_byte(0, T3)] ^ EK[4*j+4];
+ B1 = TE0[get_byte(1, T0)] ^ TE1[get_byte(1, T1)] ^
+ TE2[get_byte(1, T2)] ^ TE3[get_byte(1, T3)] ^ EK[4*j+5];
+ B2 = TE0[get_byte(2, T0)] ^ TE1[get_byte(2, T1)] ^
+ TE2[get_byte(2, T2)] ^ TE3[get_byte(2, T3)] ^ EK[4*j+6];
+ B3 = TE0[get_byte(3, T0)] ^ TE1[get_byte(3, T1)] ^
+ TE2[get_byte(3, T2)] ^ TE3[get_byte(3, T3)] ^ EK[4*j+7];
+ }
+ out[ 0] = SE[get_byte(0, B0)] ^ ME[16];
+ out[ 1] = SE[get_byte(0, B1)] ^ ME[17];
+ out[ 2] = SE[get_byte(0, B2)] ^ ME[18];
+ out[ 3] = SE[get_byte(0, B3)] ^ ME[19];
+ out[ 4] = SE[get_byte(1, B0)] ^ ME[20];
+ out[ 5] = SE[get_byte(1, B1)] ^ ME[21];
+ out[ 6] = SE[get_byte(1, B2)] ^ ME[22];
+ out[ 7] = SE[get_byte(1, B3)] ^ ME[23];
+ out[ 8] = SE[get_byte(2, B0)] ^ ME[24];
+ out[ 9] = SE[get_byte(2, B1)] ^ ME[25];
+ out[10] = SE[get_byte(2, B2)] ^ ME[26];
+ out[11] = SE[get_byte(2, B3)] ^ ME[27];
+ out[12] = SE[get_byte(3, B0)] ^ ME[28];
+ out[13] = SE[get_byte(3, B1)] ^ ME[29];
+ out[14] = SE[get_byte(3, B2)] ^ ME[30];
+ out[15] = SE[get_byte(3, B3)] ^ ME[31];
+ }
+
+/*************************************************
+* Square Decryption *
+*************************************************/
+void Square::dec(const byte in[], byte out[]) const
+ {
+ u32bit T0, T1, T2, T3, B0, B1, B2, B3;
+ B0 = TD0[in[ 0] ^ MD[ 0]] ^ TD1[in[ 4] ^ MD[ 4]] ^
+ TD2[in[ 8] ^ MD[ 8]] ^ TD3[in[12] ^ MD[12]] ^ DK[0];
+ B1 = TD0[in[ 1] ^ MD[ 1]] ^ TD1[in[ 5] ^ MD[ 5]] ^
+ TD2[in[ 9] ^ MD[ 9]] ^ TD3[in[13] ^ MD[13]] ^ DK[1];
+ B2 = TD0[in[ 2] ^ MD[ 2]] ^ TD1[in[ 6] ^ MD[ 6]] ^
+ TD2[in[10] ^ MD[10]] ^ TD3[in[14] ^ MD[14]] ^ DK[2];
+ B3 = TD0[in[ 3] ^ MD[ 3]] ^ TD1[in[ 7] ^ MD[ 7]] ^
+ TD2[in[11] ^ MD[11]] ^ TD3[in[15] ^ MD[15]] ^ DK[3];
+ for(u32bit j = 1; j != 7; j += 2)
+ {
+ T0 = TD0[get_byte(0, B0)] ^ TD1[get_byte(0, B1)] ^
+ TD2[get_byte(0, B2)] ^ TD3[get_byte(0, B3)] ^ DK[4*j+0];
+ T1 = TD0[get_byte(1, B0)] ^ TD1[get_byte(1, B1)] ^
+ TD2[get_byte(1, B2)] ^ TD3[get_byte(1, B3)] ^ DK[4*j+1];
+ T2 = TD0[get_byte(2, B0)] ^ TD1[get_byte(2, B1)] ^
+ TD2[get_byte(2, B2)] ^ TD3[get_byte(2, B3)] ^ DK[4*j+2];
+ T3 = TD0[get_byte(3, B0)] ^ TD1[get_byte(3, B1)] ^
+ TD2[get_byte(3, B2)] ^ TD3[get_byte(3, B3)] ^ DK[4*j+3];
+ B0 = TD0[get_byte(0, T0)] ^ TD1[get_byte(0, T1)] ^
+ TD2[get_byte(0, T2)] ^ TD3[get_byte(0, T3)] ^ DK[4*j+4];
+ B1 = TD0[get_byte(1, T0)] ^ TD1[get_byte(1, T1)] ^
+ TD2[get_byte(1, T2)] ^ TD3[get_byte(1, T3)] ^ DK[4*j+5];
+ B2 = TD0[get_byte(2, T0)] ^ TD1[get_byte(2, T1)] ^
+ TD2[get_byte(2, T2)] ^ TD3[get_byte(2, T3)] ^ DK[4*j+6];
+ B3 = TD0[get_byte(3, T0)] ^ TD1[get_byte(3, T1)] ^
+ TD2[get_byte(3, T2)] ^ TD3[get_byte(3, T3)] ^ DK[4*j+7];
+ }
+ out[ 0] = SD[get_byte(0, B0)] ^ MD[16];
+ out[ 1] = SD[get_byte(0, B1)] ^ MD[17];
+ out[ 2] = SD[get_byte(0, B2)] ^ MD[18];
+ out[ 3] = SD[get_byte(0, B3)] ^ MD[19];
+ out[ 4] = SD[get_byte(1, B0)] ^ MD[20];
+ out[ 5] = SD[get_byte(1, B1)] ^ MD[21];
+ out[ 6] = SD[get_byte(1, B2)] ^ MD[22];
+ out[ 7] = SD[get_byte(1, B3)] ^ MD[23];
+ out[ 8] = SD[get_byte(2, B0)] ^ MD[24];
+ out[ 9] = SD[get_byte(2, B1)] ^ MD[25];
+ out[10] = SD[get_byte(2, B2)] ^ MD[26];
+ out[11] = SD[get_byte(2, B3)] ^ MD[27];
+ out[12] = SD[get_byte(3, B0)] ^ MD[28];
+ out[13] = SD[get_byte(3, B1)] ^ MD[29];
+ out[14] = SD[get_byte(3, B2)] ^ MD[30];
+ out[15] = SD[get_byte(3, B3)] ^ MD[31];
+ }
+
+/*************************************************
+* Square Key Schedule *
+*************************************************/
+void Square::key(const byte key[], u32bit)
+ {
+ SecureBuffer<u32bit, 36> XEK, XDK;
+ for(u32bit j = 0; j != 4; ++j)
+ XEK[j] = make_u32bit(key[4*j], key[4*j+1], key[4*j+2], key[4*j+3]);
+ for(u32bit j = 0; j != 8; ++j)
+ {
+ XEK[4*j+4] = XEK[4*j ] ^ rotate_left(XEK[4*j+3], 8) ^ (0x01000000 << j);
+ XEK[4*j+5] = XEK[4*j+1] ^ XEK[4*j+4];
+ XEK[4*j+6] = XEK[4*j+2] ^ XEK[4*j+5];
+ XEK[4*j+7] = XEK[4*j+3] ^ XEK[4*j+6];
+ XDK.copy(28 - 4*j, XEK + 4*(j+1), 4);
+ transform(XEK + 4*j);
+ }
+ for(u32bit j = 0; j != 4; ++j)
+ for(u32bit k = 0; k != 4; ++k)
+ {
+ ME[4*j+k ] = get_byte(k, XEK[j ]);
+ ME[4*j+k+16] = get_byte(k, XEK[j+32]);
+ MD[4*j+k ] = get_byte(k, XDK[j ]);
+ MD[4*j+k+16] = get_byte(k, XEK[j ]);
+ }
+ EK.copy(XEK + 4, 28);
+ DK.copy(XDK + 4, 28);
+ }
+
+/*************************************************
+* Square's Inverse Linear Transformation *
+*************************************************/
+void Square::transform(u32bit round_key[4])
+ {
+ static const byte G[4][4] = {
+ { 0x02, 0x01, 0x01, 0x03 },
+ { 0x03, 0x02, 0x01, 0x01 },
+ { 0x01, 0x03, 0x02, 0x01 },
+ { 0x01, 0x01, 0x03, 0x02 } };
+ SecureBuffer<byte, 4> A[4], B[4];
+ for(u32bit j = 0; j != 4; ++j)
+ for(u32bit k = 0; k != 4; ++k)
+ A[j][k] = get_byte(k, round_key[j]);
+ for(u32bit j = 0; j != 4; ++j)
+ for(u32bit k = 0; k != 4; ++k)
+ for(u32bit l = 0; l != 4; ++l)
+ B[j][k] ^= mul(A[j][l], G[l][k]);
+ for(u32bit j = 0; j != 4; ++j)
+ round_key[j] = make_u32bit(B[j][0], B[j][1], B[j][2], B[j][3]);
+ }
+
+/*************************************************
+* Multiply in GF(2^8) *
+*************************************************/
+byte Square::mul(byte a, byte b)
+ {
+ if(a && b)
+ return ALog[(Log[a] + Log[b]) % 255];
+ else
+ return 0;
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void Square::clear() throw()
+ {
+ EK.clear();
+ DK.clear();
+ ME.clear();
+ MD.clear();
+ }
+
+}
diff --git a/src/symkey.cpp b/src/symkey.cpp
new file mode 100644
index 000000000..abf94f6d9
--- /dev/null
+++ b/src/symkey.cpp
@@ -0,0 +1,138 @@
+/*************************************************
+* OctetString Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/symkey.h>
+#include <botan/bit_ops.h>
+#include <botan/pipe.h>
+#include <botan/hex.h>
+#include <botan/rng.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* Create an OctetString from RNG output *
+*************************************************/
+void OctetString::change(u32bit length)
+ {
+ bits.create(length);
+ Global_RNG::randomize(bits, length);
+ }
+
+/*************************************************
+* Create an OctetString from a hex string *
+*************************************************/
+void OctetString::change(const std::string& hex_string)
+ {
+ SecureVector<byte> hex;
+ for(u32bit j = 0; j != hex_string.length(); ++j)
+ if(Hex_Decoder::is_valid(hex_string[j]))
+ hex.append(hex_string[j]);
+
+ if(hex.size() % 2 != 0)
+ throw Invalid_Argument("OctetString: hex string must encode full bytes");
+ bits.create(hex.size() / 2);
+ for(u32bit j = 0; j != bits.size(); ++j)
+ bits[j] = Hex_Decoder::decode(hex.begin() + 2*j);
+ }
+
+/*************************************************
+* Create an OctetString from a byte string *
+*************************************************/
+void OctetString::change(const byte in[], u32bit n)
+ {
+ bits.create(n);
+ bits.copy(in, n);
+ }
+
+/*************************************************
+* Set the parity of each key byte to odd *
+*************************************************/
+void OctetString::set_odd_parity()
+ {
+ const byte ODD_PARITY[256] = {
+ 0x01, 0x01, 0x02, 0x02, 0x04, 0x04, 0x07, 0x07, 0x08, 0x08, 0x0B, 0x0B,
+ 0x0D, 0x0D, 0x0E, 0x0E, 0x10, 0x10, 0x13, 0x13, 0x15, 0x15, 0x16, 0x16,
+ 0x19, 0x19, 0x1A, 0x1A, 0x1C, 0x1C, 0x1F, 0x1F, 0x20, 0x20, 0x23, 0x23,
+ 0x25, 0x25, 0x26, 0x26, 0x29, 0x29, 0x2A, 0x2A, 0x2C, 0x2C, 0x2F, 0x2F,
+ 0x31, 0x31, 0x32, 0x32, 0x34, 0x34, 0x37, 0x37, 0x38, 0x38, 0x3B, 0x3B,
+ 0x3D, 0x3D, 0x3E, 0x3E, 0x40, 0x40, 0x43, 0x43, 0x45, 0x45, 0x46, 0x46,
+ 0x49, 0x49, 0x4A, 0x4A, 0x4C, 0x4C, 0x4F, 0x4F, 0x51, 0x51, 0x52, 0x52,
+ 0x54, 0x54, 0x57, 0x57, 0x58, 0x58, 0x5B, 0x5B, 0x5D, 0x5D, 0x5E, 0x5E,
+ 0x61, 0x61, 0x62, 0x62, 0x64, 0x64, 0x67, 0x67, 0x68, 0x68, 0x6B, 0x6B,
+ 0x6D, 0x6D, 0x6E, 0x6E, 0x70, 0x70, 0x73, 0x73, 0x75, 0x75, 0x76, 0x76,
+ 0x79, 0x79, 0x7A, 0x7A, 0x7C, 0x7C, 0x7F, 0x7F, 0x80, 0x80, 0x83, 0x83,
+ 0x85, 0x85, 0x86, 0x86, 0x89, 0x89, 0x8A, 0x8A, 0x8C, 0x8C, 0x8F, 0x8F,
+ 0x91, 0x91, 0x92, 0x92, 0x94, 0x94, 0x97, 0x97, 0x98, 0x98, 0x9B, 0x9B,
+ 0x9D, 0x9D, 0x9E, 0x9E, 0xA1, 0xA1, 0xA2, 0xA2, 0xA4, 0xA4, 0xA7, 0xA7,
+ 0xA8, 0xA8, 0xAB, 0xAB, 0xAD, 0xAD, 0xAE, 0xAE, 0xB0, 0xB0, 0xB3, 0xB3,
+ 0xB5, 0xB5, 0xB6, 0xB6, 0xB9, 0xB9, 0xBA, 0xBA, 0xBC, 0xBC, 0xBF, 0xBF,
+ 0xC1, 0xC1, 0xC2, 0xC2, 0xC4, 0xC4, 0xC7, 0xC7, 0xC8, 0xC8, 0xCB, 0xCB,
+ 0xCD, 0xCD, 0xCE, 0xCE, 0xD0, 0xD0, 0xD3, 0xD3, 0xD5, 0xD5, 0xD6, 0xD6,
+ 0xD9, 0xD9, 0xDA, 0xDA, 0xDC, 0xDC, 0xDF, 0xDF, 0xE0, 0xE0, 0xE3, 0xE3,
+ 0xE5, 0xE5, 0xE6, 0xE6, 0xE9, 0xE9, 0xEA, 0xEA, 0xEC, 0xEC, 0xEF, 0xEF,
+ 0xF1, 0xF1, 0xF2, 0xF2, 0xF4, 0xF4, 0xF7, 0xF7, 0xF8, 0xF8, 0xFB, 0xFB,
+ 0xFD, 0xFD, 0xFE, 0xFE };
+
+ for(u32bit j = 0; j != bits.size(); ++j)
+ bits[j] = ODD_PARITY[bits[j]];
+ }
+
+/*************************************************
+* Hex encode an OctetString *
+*************************************************/
+std::string OctetString::as_string() const
+ {
+ Pipe pipe(new Hex_Encoder);
+ pipe.process_msg(bits);
+ return pipe.read_all_as_string();
+ }
+
+/*************************************************
+* XOR Operation for OctetStrings *
+*************************************************/
+OctetString& OctetString::operator^=(const OctetString& k)
+ {
+ if(&k == this) { bits.clear(); return (*this); }
+ xor_buf(bits.begin(), k.begin(), std::min(length(), k.length()));
+ return (*this);
+ }
+
+/*************************************************
+* Equality Operation for OctetStrings *
+*************************************************/
+bool operator==(const OctetString& s1, const OctetString& s2)
+ {
+ return (s1.bits_of() == s2.bits_of());
+ }
+
+/*************************************************
+* Unequality Operation for OctetStrings *
+*************************************************/
+bool operator!=(const OctetString& s1, const OctetString& s2)
+ {
+ return !(s1 == s2);
+ }
+
+/*************************************************
+* Append Operation for OctetStrings *
+*************************************************/
+OctetString operator+(const OctetString& k1, const OctetString& k2)
+ {
+ return OctetString(SecureVector<byte>(k1.bits_of(), k2.bits_of()));
+ }
+
+/*************************************************
+* XOR Operation for OctetStrings *
+*************************************************/
+OctetString operator^(const OctetString& k1, const OctetString& k2)
+ {
+ SecureVector<byte> ret(std::max(k1.length(), k2.length()));
+ ret.copy(k1.begin(), k1.length());
+ xor_buf(ret, k2.begin(), k2.length());
+ return OctetString(ret);
+ }
+
+}
diff --git a/src/tea.cpp b/src/tea.cpp
new file mode 100644
index 000000000..364b3c527
--- /dev/null
+++ b/src/tea.cpp
@@ -0,0 +1,60 @@
+/*************************************************
+* TEA Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/tea.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* TEA Encryption *
+*************************************************/
+void TEA::enc(const byte in[], byte out[]) const
+ {
+ u32bit left = make_u32bit(in[0], in[1], in[2], in[3]),
+ right = make_u32bit(in[4], in[5], in[6], in[7]);
+ u32bit sum = 0;
+ for(u32bit j = 0; j != 32; ++j)
+ {
+ sum += 0x9E3779B9;
+ left += ((right << 4) + K[0]) ^ (right + sum) ^ ((right >> 5) + K[1]);
+ right += ((left << 4) + K[2]) ^ (left + sum) ^ ((left >> 5) + K[3]);
+ }
+ out[0] = get_byte(0, left); out[1] = get_byte(1, left);
+ out[2] = get_byte(2, left); out[3] = get_byte(3, left);
+ out[4] = get_byte(0, right); out[5] = get_byte(1, right);
+ out[6] = get_byte(2, right); out[7] = get_byte(3, right);
+ }
+
+/*************************************************
+* TEA Decryption *
+*************************************************/
+void TEA::dec(const byte in[], byte out[]) const
+ {
+ u32bit left = make_u32bit(in[0], in[1], in[2], in[3]),
+ right = make_u32bit(in[4], in[5], in[6], in[7]);
+ u32bit sum = 0xC6EF3720;
+ for(u32bit j = 0; j != 32; ++j)
+ {
+ right -= ((left << 4) + K[2]) ^ (left + sum) ^ ((left >> 5) + K[3]);
+ left -= ((right << 4) + K[0]) ^ (right + sum) ^ ((right >> 5) + K[1]);
+ sum -= 0x9E3779B9;
+ }
+ out[0] = get_byte(0, left); out[1] = get_byte(1, left);
+ out[2] = get_byte(2, left); out[3] = get_byte(3, left);
+ out[4] = get_byte(0, right); out[5] = get_byte(1, right);
+ out[6] = get_byte(2, right); out[7] = get_byte(3, right);
+ }
+
+/*************************************************
+* TEA Key Schedule *
+*************************************************/
+void TEA::key(const byte key[], u32bit)
+ {
+ for(u32bit j = 0; j != 4; ++j)
+ K[j] = make_u32bit(key[4*j], key[4*j+1], key[4*j+2], key[4*j+3]);
+ }
+
+}
diff --git a/src/tig_tab.cpp b/src/tig_tab.cpp
new file mode 100644
index 000000000..08b7bb7e5
--- /dev/null
+++ b/src/tig_tab.cpp
@@ -0,0 +1,362 @@
+/*************************************************
+* S-Box Tables for Tiger *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/tiger.h>
+
+namespace Botan {
+
+const u64bit Tiger::SBOX1[256] = {
+ 0x02AAB17CF7E90C5E, 0xAC424B03E243A8EC, 0x72CD5BE30DD5FCD3,
+ 0x6D019B93F6F97F3A, 0xCD9978FFD21F9193, 0x7573A1C9708029E2,
+ 0xB164326B922A83C3, 0x46883EEE04915870, 0xEAACE3057103ECE6,
+ 0xC54169B808A3535C, 0x4CE754918DDEC47C, 0x0AA2F4DFDC0DF40C,
+ 0x10B76F18A74DBEFA, 0xC6CCB6235AD1AB6A, 0x13726121572FE2FF,
+ 0x1A488C6F199D921E, 0x4BC9F9F4DA0007CA, 0x26F5E6F6E85241C7,
+ 0x859079DBEA5947B6, 0x4F1885C5C99E8C92, 0xD78E761EA96F864B,
+ 0x8E36428C52B5C17D, 0x69CF6827373063C1, 0xB607C93D9BB4C56E,
+ 0x7D820E760E76B5EA, 0x645C9CC6F07FDC42, 0xBF38A078243342E0,
+ 0x5F6B343C9D2E7D04, 0xF2C28AEB600B0EC6, 0x6C0ED85F7254BCAC,
+ 0x71592281A4DB4FE5, 0x1967FA69CE0FED9F, 0xFD5293F8B96545DB,
+ 0xC879E9D7F2A7600B, 0x860248920193194E, 0xA4F9533B2D9CC0B3,
+ 0x9053836C15957613, 0xDB6DCF8AFC357BF1, 0x18BEEA7A7A370F57,
+ 0x037117CA50B99066, 0x6AB30A9774424A35, 0xF4E92F02E325249B,
+ 0x7739DB07061CCAE1, 0xD8F3B49CECA42A05, 0xBD56BE3F51382F73,
+ 0x45FAED5843B0BB28, 0x1C813D5C11BF1F83, 0x8AF0E4B6D75FA169,
+ 0x33EE18A487AD9999, 0x3C26E8EAB1C94410, 0xB510102BC0A822F9,
+ 0x141EEF310CE6123B, 0xFC65B90059DDB154, 0xE0158640C5E0E607,
+ 0x884E079826C3A3CF, 0x930D0D9523C535FD, 0x35638D754E9A2B00,
+ 0x4085FCCF40469DD5, 0xC4B17AD28BE23A4C, 0xCAB2F0FC6A3E6A2E,
+ 0x2860971A6B943FCD, 0x3DDE6EE212E30446, 0x6222F32AE01765AE,
+ 0x5D550BB5478308FE, 0xA9EFA98DA0EDA22A, 0xC351A71686C40DA7,
+ 0x1105586D9C867C84, 0xDCFFEE85FDA22853, 0xCCFBD0262C5EEF76,
+ 0xBAF294CB8990D201, 0xE69464F52AFAD975, 0x94B013AFDF133E14,
+ 0x06A7D1A32823C958, 0x6F95FE5130F61119, 0xD92AB34E462C06C0,
+ 0xED7BDE33887C71D2, 0x79746D6E6518393E, 0x5BA419385D713329,
+ 0x7C1BA6B948A97564, 0x31987C197BFDAC67, 0xDE6C23C44B053D02,
+ 0x581C49FED002D64D, 0xDD474D6338261571, 0xAA4546C3E473D062,
+ 0x928FCE349455F860, 0x48161BBACAAB94D9, 0x63912430770E6F68,
+ 0x6EC8A5E602C6641C, 0x87282515337DDD2B, 0x2CDA6B42034B701B,
+ 0xB03D37C181CB096D, 0xE108438266C71C6F, 0x2B3180C7EB51B255,
+ 0xDF92B82F96C08BBC, 0x5C68C8C0A632F3BA, 0x5504CC861C3D0556,
+ 0xABBFA4E55FB26B8F, 0x41848B0AB3BACEB4, 0xB334A273AA445D32,
+ 0xBCA696F0A85AD881, 0x24F6EC65B528D56C, 0x0CE1512E90F4524A,
+ 0x4E9DD79D5506D35A, 0x258905FAC6CE9779, 0x2019295B3E109B33,
+ 0xF8A9478B73A054CC, 0x2924F2F934417EB0, 0x3993357D536D1BC4,
+ 0x38A81AC21DB6FF8B, 0x47C4FBF17D6016BF, 0x1E0FAADD7667E3F5,
+ 0x7ABCFF62938BEB96, 0xA78DAD948FC179C9, 0x8F1F98B72911E50D,
+ 0x61E48EAE27121A91, 0x4D62F7AD31859808, 0xECEBA345EF5CEAEB,
+ 0xF5CEB25EBC9684CE, 0xF633E20CB7F76221, 0xA32CDF06AB8293E4,
+ 0x985A202CA5EE2CA4, 0xCF0B8447CC8A8FB1, 0x9F765244979859A3,
+ 0xA8D516B1A1240017, 0x0BD7BA3EBB5DC726, 0xE54BCA55B86ADB39,
+ 0x1D7A3AFD6C478063, 0x519EC608E7669EDD, 0x0E5715A2D149AA23,
+ 0x177D4571848FF194, 0xEEB55F3241014C22, 0x0F5E5CA13A6E2EC2,
+ 0x8029927B75F5C361, 0xAD139FABC3D6E436, 0x0D5DF1A94CCF402F,
+ 0x3E8BD948BEA5DFC8, 0xA5A0D357BD3FF77E, 0xA2D12E251F74F645,
+ 0x66FD9E525E81A082, 0x2E0C90CE7F687A49, 0xC2E8BCBEBA973BC5,
+ 0x000001BCE509745F, 0x423777BBE6DAB3D6, 0xD1661C7EAEF06EB5,
+ 0xA1781F354DAACFD8, 0x2D11284A2B16AFFC, 0xF1FC4F67FA891D1F,
+ 0x73ECC25DCB920ADA, 0xAE610C22C2A12651, 0x96E0A810D356B78A,
+ 0x5A9A381F2FE7870F, 0xD5AD62EDE94E5530, 0xD225E5E8368D1427,
+ 0x65977B70C7AF4631, 0x99F889B2DE39D74F, 0x233F30BF54E1D143,
+ 0x9A9675D3D9A63C97, 0x5470554FF334F9A8, 0x166ACB744A4F5688,
+ 0x70C74CAAB2E4AEAD, 0xF0D091646F294D12, 0x57B82A89684031D1,
+ 0xEFD95A5A61BE0B6B, 0x2FBD12E969F2F29A, 0x9BD37013FEFF9FE8,
+ 0x3F9B0404D6085A06, 0x4940C1F3166CFE15, 0x09542C4DCDF3DEFB,
+ 0xB4C5218385CD5CE3, 0xC935B7DC4462A641, 0x3417F8A68ED3B63F,
+ 0xB80959295B215B40, 0xF99CDAEF3B8C8572, 0x018C0614F8FCB95D,
+ 0x1B14ACCD1A3ACDF3, 0x84D471F200BB732D, 0xC1A3110E95E8DA16,
+ 0x430A7220BF1A82B8, 0xB77E090D39DF210E, 0x5EF4BD9F3CD05E9D,
+ 0x9D4FF6DA7E57A444, 0xDA1D60E183D4A5F8, 0xB287C38417998E47,
+ 0xFE3EDC121BB31886, 0xC7FE3CCC980CCBEF, 0xE46FB590189BFD03,
+ 0x3732FD469A4C57DC, 0x7EF700A07CF1AD65, 0x59C64468A31D8859,
+ 0x762FB0B4D45B61F6, 0x155BAED099047718, 0x68755E4C3D50BAA6,
+ 0xE9214E7F22D8B4DF, 0x2ADDBF532EAC95F4, 0x32AE3909B4BD0109,
+ 0x834DF537B08E3450, 0xFA209DA84220728D, 0x9E691D9B9EFE23F7,
+ 0x0446D288C4AE8D7F, 0x7B4CC524E169785B, 0x21D87F0135CA1385,
+ 0xCEBB400F137B8AA5, 0x272E2B66580796BE, 0x3612264125C2B0DE,
+ 0x057702BDAD1EFBB2, 0xD4BABB8EACF84BE9, 0x91583139641BC67B,
+ 0x8BDC2DE08036E024, 0x603C8156F49F68ED, 0xF7D236F7DBEF5111,
+ 0x9727C4598AD21E80, 0xA08A0896670A5FD7, 0xCB4A8F4309EBA9CB,
+ 0x81AF564B0F7036A1, 0xC0B99AA778199ABD, 0x959F1EC83FC8E952,
+ 0x8C505077794A81B9, 0x3ACAAF8F056338F0, 0x07B43F50627A6778,
+ 0x4A44AB49F5ECCC77, 0x3BC3D6E4B679EE98, 0x9CC0D4D1CF14108C,
+ 0x4406C00B206BC8A0, 0x82A18854C8D72D89, 0x67E366B35C3C432C,
+ 0xB923DD61102B37F2, 0x56AB2779D884271D, 0xBE83E1B0FF1525AF,
+ 0xFB7C65D4217E49A9, 0x6BDBE0E76D48E7D4, 0x08DF828745D9179E,
+ 0x22EA6A9ADD53BD34, 0xE36E141C5622200A, 0x7F805D1B8CB750EE,
+ 0xAFE5C7A59F58E837, 0xE27F996A4FB1C23C, 0xD3867DFB0775F0D0,
+ 0xD0E673DE6E88891A, 0x123AEB9EAFB86C25, 0x30F1D5D5C145B895,
+ 0xBB434A2DEE7269E7, 0x78CB67ECF931FA38, 0xF33B0372323BBF9C,
+ 0x52D66336FB279C74, 0x505F33AC0AFB4EAA, 0xE8A5CD99A2CCE187,
+ 0x534974801E2D30BB, 0x8D2D5711D5876D90, 0x1F1A412891BC038E,
+ 0xD6E2E71D82E56648, 0x74036C3A497732B7, 0x89B67ED96361F5AB,
+ 0xFFED95D8F1EA02A2, 0xE72B3BD61464D43D, 0xA6300F170BDC4820,
+ 0xEBC18760ED78A77A };
+
+const u64bit Tiger::SBOX2[256] = {
+ 0xE6A6BE5A05A12138, 0xB5A122A5B4F87C98, 0x563C6089140B6990,
+ 0x4C46CB2E391F5DD5, 0xD932ADDBC9B79434, 0x08EA70E42015AFF5,
+ 0xD765A6673E478CF1, 0xC4FB757EAB278D99, 0xDF11C6862D6E0692,
+ 0xDDEB84F10D7F3B16, 0x6F2EF604A665EA04, 0x4A8E0F0FF0E0DFB3,
+ 0xA5EDEEF83DBCBA51, 0xFC4F0A2A0EA4371E, 0xE83E1DA85CB38429,
+ 0xDC8FF882BA1B1CE2, 0xCD45505E8353E80D, 0x18D19A00D4DB0717,
+ 0x34A0CFEDA5F38101, 0x0BE77E518887CAF2, 0x1E341438B3C45136,
+ 0xE05797F49089CCF9, 0xFFD23F9DF2591D14, 0x543DDA228595C5CD,
+ 0x661F81FD99052A33, 0x8736E641DB0F7B76, 0x15227725418E5307,
+ 0xE25F7F46162EB2FA, 0x48A8B2126C13D9FE, 0xAFDC541792E76EEA,
+ 0x03D912BFC6D1898F, 0x31B1AAFA1B83F51B, 0xF1AC2796E42AB7D9,
+ 0x40A3A7D7FCD2EBAC, 0x1056136D0AFBBCC5, 0x7889E1DD9A6D0C85,
+ 0xD33525782A7974AA, 0xA7E25D09078AC09B, 0xBD4138B3EAC6EDD0,
+ 0x920ABFBE71EB9E70, 0xA2A5D0F54FC2625C, 0xC054E36B0B1290A3,
+ 0xF6DD59FF62FE932B, 0x3537354511A8AC7D, 0xCA845E9172FADCD4,
+ 0x84F82B60329D20DC, 0x79C62CE1CD672F18, 0x8B09A2ADD124642C,
+ 0xD0C1E96A19D9E726, 0x5A786A9B4BA9500C, 0x0E020336634C43F3,
+ 0xC17B474AEB66D822, 0x6A731AE3EC9BAAC2, 0x8226667AE0840258,
+ 0x67D4567691CAECA5, 0x1D94155C4875ADB5, 0x6D00FD985B813FDF,
+ 0x51286EFCB774CD06, 0x5E8834471FA744AF, 0xF72CA0AEE761AE2E,
+ 0xBE40E4CDAEE8E09A, 0xE9970BBB5118F665, 0x726E4BEB33DF1964,
+ 0x703B000729199762, 0x4631D816F5EF30A7, 0xB880B5B51504A6BE,
+ 0x641793C37ED84B6C, 0x7B21ED77F6E97D96, 0x776306312EF96B73,
+ 0xAE528948E86FF3F4, 0x53DBD7F286A3F8F8, 0x16CADCE74CFC1063,
+ 0x005C19BDFA52C6DD, 0x68868F5D64D46AD3, 0x3A9D512CCF1E186A,
+ 0x367E62C2385660AE, 0xE359E7EA77DCB1D7, 0x526C0773749ABE6E,
+ 0x735AE5F9D09F734B, 0x493FC7CC8A558BA8, 0xB0B9C1533041AB45,
+ 0x321958BA470A59BD, 0x852DB00B5F46C393, 0x91209B2BD336B0E5,
+ 0x6E604F7D659EF19F, 0xB99A8AE2782CCB24, 0xCCF52AB6C814C4C7,
+ 0x4727D9AFBE11727B, 0x7E950D0C0121B34D, 0x756F435670AD471F,
+ 0xF5ADD442615A6849, 0x4E87E09980B9957A, 0x2ACFA1DF50AEE355,
+ 0xD898263AFD2FD556, 0xC8F4924DD80C8FD6, 0xCF99CA3D754A173A,
+ 0xFE477BACAF91BF3C, 0xED5371F6D690C12D, 0x831A5C285E687094,
+ 0xC5D3C90A3708A0A4, 0x0F7F903717D06580, 0x19F9BB13B8FDF27F,
+ 0xB1BD6F1B4D502843, 0x1C761BA38FFF4012, 0x0D1530C4E2E21F3B,
+ 0x8943CE69A7372C8A, 0xE5184E11FEB5CE66, 0x618BDB80BD736621,
+ 0x7D29BAD68B574D0B, 0x81BB613E25E6FE5B, 0x071C9C10BC07913F,
+ 0xC7BEEB7909AC2D97, 0xC3E58D353BC5D757, 0xEB017892F38F61E8,
+ 0xD4EFFB9C9B1CC21A, 0x99727D26F494F7AB, 0xA3E063A2956B3E03,
+ 0x9D4A8B9A4AA09C30, 0x3F6AB7D500090FB4, 0x9CC0F2A057268AC0,
+ 0x3DEE9D2DEDBF42D1, 0x330F49C87960A972, 0xC6B2720287421B41,
+ 0x0AC59EC07C00369C, 0xEF4EAC49CB353425, 0xF450244EEF0129D8,
+ 0x8ACC46E5CAF4DEB6, 0x2FFEAB63989263F7, 0x8F7CB9FE5D7A4578,
+ 0x5BD8F7644E634635, 0x427A7315BF2DC900, 0x17D0C4AA2125261C,
+ 0x3992486C93518E50, 0xB4CBFEE0A2D7D4C3, 0x7C75D6202C5DDD8D,
+ 0xDBC295D8E35B6C61, 0x60B369D302032B19, 0xCE42685FDCE44132,
+ 0x06F3DDB9DDF65610, 0x8EA4D21DB5E148F0, 0x20B0FCE62FCD496F,
+ 0x2C1B912358B0EE31, 0xB28317B818F5A308, 0xA89C1E189CA6D2CF,
+ 0x0C6B18576AAADBC8, 0xB65DEAA91299FAE3, 0xFB2B794B7F1027E7,
+ 0x04E4317F443B5BEB, 0x4B852D325939D0A6, 0xD5AE6BEEFB207FFC,
+ 0x309682B281C7D374, 0xBAE309A194C3B475, 0x8CC3F97B13B49F05,
+ 0x98A9422FF8293967, 0x244B16B01076FF7C, 0xF8BF571C663D67EE,
+ 0x1F0D6758EEE30DA1, 0xC9B611D97ADEB9B7, 0xB7AFD5887B6C57A2,
+ 0x6290AE846B984FE1, 0x94DF4CDEACC1A5FD, 0x058A5BD1C5483AFF,
+ 0x63166CC142BA3C37, 0x8DB8526EB2F76F40, 0xE10880036F0D6D4E,
+ 0x9E0523C9971D311D, 0x45EC2824CC7CD691, 0x575B8359E62382C9,
+ 0xFA9E400DC4889995, 0xD1823ECB45721568, 0xDAFD983B8206082F,
+ 0xAA7D29082386A8CB, 0x269FCD4403B87588, 0x1B91F5F728BDD1E0,
+ 0xE4669F39040201F6, 0x7A1D7C218CF04ADE, 0x65623C29D79CE5CE,
+ 0x2368449096C00BB1, 0xAB9BF1879DA503BA, 0xBC23ECB1A458058E,
+ 0x9A58DF01BB401ECC, 0xA070E868A85F143D, 0x4FF188307DF2239E,
+ 0x14D565B41A641183, 0xEE13337452701602, 0x950E3DCF3F285E09,
+ 0x59930254B9C80953, 0x3BF299408930DA6D, 0xA955943F53691387,
+ 0xA15EDECAA9CB8784, 0x29142127352BE9A0, 0x76F0371FFF4E7AFB,
+ 0x0239F450274F2228, 0xBB073AF01D5E868B, 0xBFC80571C10E96C1,
+ 0xD267088568222E23, 0x9671A3D48E80B5B0, 0x55B5D38AE193BB81,
+ 0x693AE2D0A18B04B8, 0x5C48B4ECADD5335F, 0xFD743B194916A1CA,
+ 0x2577018134BE98C4, 0xE77987E83C54A4AD, 0x28E11014DA33E1B9,
+ 0x270CC59E226AA213, 0x71495F756D1A5F60, 0x9BE853FB60AFEF77,
+ 0xADC786A7F7443DBF, 0x0904456173B29A82, 0x58BC7A66C232BD5E,
+ 0xF306558C673AC8B2, 0x41F639C6B6C9772A, 0x216DEFE99FDA35DA,
+ 0x11640CC71C7BE615, 0x93C43694565C5527, 0xEA038E6246777839,
+ 0xF9ABF3CE5A3E2469, 0x741E768D0FD312D2, 0x0144B883CED652C6,
+ 0xC20B5A5BA33F8552, 0x1AE69633C3435A9D, 0x97A28CA4088CFDEC,
+ 0x8824A43C1E96F420, 0x37612FA66EEEA746, 0x6B4CB165F9CF0E5A,
+ 0x43AA1C06A0ABFB4A, 0x7F4DC26FF162796B, 0x6CBACC8E54ED9B0F,
+ 0xA6B7FFEFD2BB253E, 0x2E25BC95B0A29D4F, 0x86D6A58BDEF1388C,
+ 0xDED74AC576B6F054, 0x8030BDBC2B45805D, 0x3C81AF70E94D9289,
+ 0x3EFF6DDA9E3100DB, 0xB38DC39FDFCC8847, 0x123885528D17B87E,
+ 0xF2DA0ED240B1B642, 0x44CEFADCD54BF9A9, 0x1312200E433C7EE6,
+ 0x9FFCC84F3A78C748, 0xF0CD1F72248576BB, 0xEC6974053638CFE4,
+ 0x2BA7B67C0CEC4E4C, 0xAC2F4DF3E5CE32ED, 0xCB33D14326EA4C11,
+ 0xA4E9044CC77E58BC, 0x5F513293D934FCEF, 0x5DC9645506E55444,
+ 0x50DE418F317DE40A, 0x388CB31A69DDE259, 0x2DB4A83455820A86,
+ 0x9010A91E84711AE9, 0x4DF7F0B7B1498371, 0xD62A2EABC0977179,
+ 0x22FAC097AA8D5C0E };
+
+const u64bit Tiger::SBOX3[256] = {
+ 0xF49FCC2FF1DAF39B, 0x487FD5C66FF29281, 0xE8A30667FCDCA83F,
+ 0x2C9B4BE3D2FCCE63, 0xDA3FF74B93FBBBC2, 0x2FA165D2FE70BA66,
+ 0xA103E279970E93D4, 0xBECDEC77B0E45E71, 0xCFB41E723985E497,
+ 0xB70AAA025EF75017, 0xD42309F03840B8E0, 0x8EFC1AD035898579,
+ 0x96C6920BE2B2ABC5, 0x66AF4163375A9172, 0x2174ABDCCA7127FB,
+ 0xB33CCEA64A72FF41, 0xF04A4933083066A5, 0x8D970ACDD7289AF5,
+ 0x8F96E8E031C8C25E, 0xF3FEC02276875D47, 0xEC7BF310056190DD,
+ 0xF5ADB0AEBB0F1491, 0x9B50F8850FD58892, 0x4975488358B74DE8,
+ 0xA3354FF691531C61, 0x0702BBE481D2C6EE, 0x89FB24057DEDED98,
+ 0xAC3075138596E902, 0x1D2D3580172772ED, 0xEB738FC28E6BC30D,
+ 0x5854EF8F63044326, 0x9E5C52325ADD3BBE, 0x90AA53CF325C4623,
+ 0xC1D24D51349DD067, 0x2051CFEEA69EA624, 0x13220F0A862E7E4F,
+ 0xCE39399404E04864, 0xD9C42CA47086FCB7, 0x685AD2238A03E7CC,
+ 0x066484B2AB2FF1DB, 0xFE9D5D70EFBF79EC, 0x5B13B9DD9C481854,
+ 0x15F0D475ED1509AD, 0x0BEBCD060EC79851, 0xD58C6791183AB7F8,
+ 0xD1187C5052F3EEE4, 0xC95D1192E54E82FF, 0x86EEA14CB9AC6CA2,
+ 0x3485BEB153677D5D, 0xDD191D781F8C492A, 0xF60866BAA784EBF9,
+ 0x518F643BA2D08C74, 0x8852E956E1087C22, 0xA768CB8DC410AE8D,
+ 0x38047726BFEC8E1A, 0xA67738B4CD3B45AA, 0xAD16691CEC0DDE19,
+ 0xC6D4319380462E07, 0xC5A5876D0BA61938, 0x16B9FA1FA58FD840,
+ 0x188AB1173CA74F18, 0xABDA2F98C99C021F, 0x3E0580AB134AE816,
+ 0x5F3B05B773645ABB, 0x2501A2BE5575F2F6, 0x1B2F74004E7E8BA9,
+ 0x1CD7580371E8D953, 0x7F6ED89562764E30, 0xB15926FF596F003D,
+ 0x9F65293DA8C5D6B9, 0x6ECEF04DD690F84C, 0x4782275FFF33AF88,
+ 0xE41433083F820801, 0xFD0DFE409A1AF9B5, 0x4325A3342CDB396B,
+ 0x8AE77E62B301B252, 0xC36F9E9F6655615A, 0x85455A2D92D32C09,
+ 0xF2C7DEA949477485, 0x63CFB4C133A39EBA, 0x83B040CC6EBC5462,
+ 0x3B9454C8FDB326B0, 0x56F56A9E87FFD78C, 0x2DC2940D99F42BC6,
+ 0x98F7DF096B096E2D, 0x19A6E01E3AD852BF, 0x42A99CCBDBD4B40B,
+ 0xA59998AF45E9C559, 0x366295E807D93186, 0x6B48181BFAA1F773,
+ 0x1FEC57E2157A0A1D, 0x4667446AF6201AD5, 0xE615EBCACFB0F075,
+ 0xB8F31F4F68290778, 0x22713ED6CE22D11E, 0x3057C1A72EC3C93B,
+ 0xCB46ACC37C3F1F2F, 0xDBB893FD02AAF50E, 0x331FD92E600B9FCF,
+ 0xA498F96148EA3AD6, 0xA8D8426E8B6A83EA, 0xA089B274B7735CDC,
+ 0x87F6B3731E524A11, 0x118808E5CBC96749, 0x9906E4C7B19BD394,
+ 0xAFED7F7E9B24A20C, 0x6509EADEEB3644A7, 0x6C1EF1D3E8EF0EDE,
+ 0xB9C97D43E9798FB4, 0xA2F2D784740C28A3, 0x7B8496476197566F,
+ 0x7A5BE3E6B65F069D, 0xF96330ED78BE6F10, 0xEEE60DE77A076A15,
+ 0x2B4BEE4AA08B9BD0, 0x6A56A63EC7B8894E, 0x02121359BA34FEF4,
+ 0x4CBF99F8283703FC, 0x398071350CAF30C8, 0xD0A77A89F017687A,
+ 0xF1C1A9EB9E423569, 0x8C7976282DEE8199, 0x5D1737A5DD1F7ABD,
+ 0x4F53433C09A9FA80, 0xFA8B0C53DF7CA1D9, 0x3FD9DCBC886CCB77,
+ 0xC040917CA91B4720, 0x7DD00142F9D1DCDF, 0x8476FC1D4F387B58,
+ 0x23F8E7C5F3316503, 0x032A2244E7E37339, 0x5C87A5D750F5A74B,
+ 0x082B4CC43698992E, 0xDF917BECB858F63C, 0x3270B8FC5BF86DDA,
+ 0x10AE72BB29B5DD76, 0x576AC94E7700362B, 0x1AD112DAC61EFB8F,
+ 0x691BC30EC5FAA427, 0xFF246311CC327143, 0x3142368E30E53206,
+ 0x71380E31E02CA396, 0x958D5C960AAD76F1, 0xF8D6F430C16DA536,
+ 0xC8FFD13F1BE7E1D2, 0x7578AE66004DDBE1, 0x05833F01067BE646,
+ 0xBB34B5AD3BFE586D, 0x095F34C9A12B97F0, 0x247AB64525D60CA8,
+ 0xDCDBC6F3017477D1, 0x4A2E14D4DECAD24D, 0xBDB5E6D9BE0A1EEB,
+ 0x2A7E70F7794301AB, 0xDEF42D8A270540FD, 0x01078EC0A34C22C1,
+ 0xE5DE511AF4C16387, 0x7EBB3A52BD9A330A, 0x77697857AA7D6435,
+ 0x004E831603AE4C32, 0xE7A21020AD78E312, 0x9D41A70C6AB420F2,
+ 0x28E06C18EA1141E6, 0xD2B28CBD984F6B28, 0x26B75F6C446E9D83,
+ 0xBA47568C4D418D7F, 0xD80BADBFE6183D8E, 0x0E206D7F5F166044,
+ 0xE258A43911CBCA3E, 0x723A1746B21DC0BC, 0xC7CAA854F5D7CDD3,
+ 0x7CAC32883D261D9C, 0x7690C26423BA942C, 0x17E55524478042B8,
+ 0xE0BE477656A2389F, 0x4D289B5E67AB2DA0, 0x44862B9C8FBBFD31,
+ 0xB47CC8049D141365, 0x822C1B362B91C793, 0x4EB14655FB13DFD8,
+ 0x1ECBBA0714E2A97B, 0x6143459D5CDE5F14, 0x53A8FBF1D5F0AC89,
+ 0x97EA04D81C5E5B00, 0x622181A8D4FDB3F3, 0xE9BCD341572A1208,
+ 0x1411258643CCE58A, 0x9144C5FEA4C6E0A4, 0x0D33D06565CF620F,
+ 0x54A48D489F219CA1, 0xC43E5EAC6D63C821, 0xA9728B3A72770DAF,
+ 0xD7934E7B20DF87EF, 0xE35503B61A3E86E5, 0xCAE321FBC819D504,
+ 0x129A50B3AC60BFA6, 0xCD5E68EA7E9FB6C3, 0xB01C90199483B1C7,
+ 0x3DE93CD5C295376C, 0xAED52EDF2AB9AD13, 0x2E60F512C0A07884,
+ 0xBC3D86A3E36210C9, 0x35269D9B163951CE, 0x0C7D6E2AD0CDB5FA,
+ 0x59E86297D87F5733, 0x298EF221898DB0E7, 0x55000029D1A5AA7E,
+ 0x8BC08AE1B5061B45, 0xC2C31C2B6C92703A, 0x94CC596BAF25EF42,
+ 0x0A1D73DB22540456, 0x04B6A0F9D9C4179A, 0xEFFDAFA2AE3D3C60,
+ 0xF7C8075BB49496C4, 0x9CC5C7141D1CD4E3, 0x78BD1638218E5534,
+ 0xB2F11568F850246A, 0xEDFABCFA9502BC29, 0x796CE5F2DA23051B,
+ 0xAAE128B0DC93537C, 0x3A493DA0EE4B29AE, 0xB5DF6B2C416895D7,
+ 0xFCABBD25122D7F37, 0x70810B58105DC4B1, 0xE10FDD37F7882A90,
+ 0x524DCAB5518A3F5C, 0x3C9E85878451255B, 0x4029828119BD34E2,
+ 0x74A05B6F5D3CECCB, 0xB610021542E13ECA, 0x0FF979D12F59E2AC,
+ 0x6037DA27E4F9CC50, 0x5E92975A0DF1847D, 0xD66DE190D3E623FE,
+ 0x5032D6B87B568048, 0x9A36B7CE8235216E, 0x80272A7A24F64B4A,
+ 0x93EFED8B8C6916F7, 0x37DDBFF44CCE1555, 0x4B95DB5D4B99BD25,
+ 0x92D3FDA169812FC0, 0xFB1A4A9A90660BB6, 0x730C196946A4B9B2,
+ 0x81E289AA7F49DA68, 0x64669A0F83B1A05F, 0x27B3FF7D9644F48B,
+ 0xCC6B615C8DB675B3, 0x674F20B9BCEBBE95, 0x6F31238275655982,
+ 0x5AE488713E45CF05, 0xBF619F9954C21157, 0xEABAC46040A8EAE9,
+ 0x454C6FE9F2C0C1CD, 0x419CF6496412691C, 0xD3DC3BEF265B0F70,
+ 0x6D0E60F5C3578A9E };
+
+const u64bit Tiger::SBOX4[256] = {
+ 0x5B0E608526323C55, 0x1A46C1A9FA1B59F5, 0xA9E245A17C4C8FFA,
+ 0x65CA5159DB2955D7, 0x05DB0A76CE35AFC2, 0x81EAC77EA9113D45,
+ 0x528EF88AB6AC0A0D, 0xA09EA253597BE3FF, 0x430DDFB3AC48CD56,
+ 0xC4B3A67AF45CE46F, 0x4ECECFD8FBE2D05E, 0x3EF56F10B39935F0,
+ 0x0B22D6829CD619C6, 0x17FD460A74DF2069, 0x6CF8CC8E8510ED40,
+ 0xD6C824BF3A6ECAA7, 0x61243D581A817049, 0x048BACB6BBC163A2,
+ 0xD9A38AC27D44CC32, 0x7FDDFF5BAAF410AB, 0xAD6D495AA804824B,
+ 0xE1A6A74F2D8C9F94, 0xD4F7851235DEE8E3, 0xFD4B7F886540D893,
+ 0x247C20042AA4BFDA, 0x096EA1C517D1327C, 0xD56966B4361A6685,
+ 0x277DA5C31221057D, 0x94D59893A43ACFF7, 0x64F0C51CCDC02281,
+ 0x3D33BCC4FF6189DB, 0xE005CB184CE66AF1, 0xFF5CCD1D1DB99BEA,
+ 0xB0B854A7FE42980F, 0x7BD46A6A718D4B9F, 0xD10FA8CC22A5FD8C,
+ 0xD31484952BE4BD31, 0xC7FA975FCB243847, 0x4886ED1E5846C407,
+ 0x28CDDB791EB70B04, 0xC2B00BE2F573417F, 0x5C9590452180F877,
+ 0x7A6BDDFFF370EB00, 0xCE509E38D6D9D6A4, 0xEBEB0F00647FA702,
+ 0x1DCC06CF76606F06, 0xE4D9F28BA286FF0A, 0xD85A305DC918C262,
+ 0x475B1D8732225F54, 0x2D4FB51668CCB5FE, 0xA679B9D9D72BBA20,
+ 0x53841C0D912D43A5, 0x3B7EAA48BF12A4E8, 0x781E0E47F22F1DDF,
+ 0xEFF20CE60AB50973, 0x20D261D19DFFB742, 0x16A12B03062A2E39,
+ 0x1960EB2239650495, 0x251C16FED50EB8B8, 0x9AC0C330F826016E,
+ 0xED152665953E7671, 0x02D63194A6369570, 0x5074F08394B1C987,
+ 0x70BA598C90B25CE1, 0x794A15810B9742F6, 0x0D5925E9FCAF8C6C,
+ 0x3067716CD868744E, 0x910AB077E8D7731B, 0x6A61BBDB5AC42F61,
+ 0x93513EFBF0851567, 0xF494724B9E83E9D5, 0xE887E1985C09648D,
+ 0x34B1D3C675370CFD, 0xDC35E433BC0D255D, 0xD0AAB84234131BE0,
+ 0x08042A50B48B7EAF, 0x9997C4EE44A3AB35, 0x829A7B49201799D0,
+ 0x263B8307B7C54441, 0x752F95F4FD6A6CA6, 0x927217402C08C6E5,
+ 0x2A8AB754A795D9EE, 0xA442F7552F72943D, 0x2C31334E19781208,
+ 0x4FA98D7CEAEE6291, 0x55C3862F665DB309, 0xBD0610175D53B1F3,
+ 0x46FE6CB840413F27, 0x3FE03792DF0CFA59, 0xCFE700372EB85E8F,
+ 0xA7BE29E7ADBCE118, 0xE544EE5CDE8431DD, 0x8A781B1B41F1873E,
+ 0xA5C94C78A0D2F0E7, 0x39412E2877B60728, 0xA1265EF3AFC9A62C,
+ 0xBCC2770C6A2506C5, 0x3AB66DD5DCE1CE12, 0xE65499D04A675B37,
+ 0x7D8F523481BFD216, 0x0F6F64FCEC15F389, 0x74EFBE618B5B13C8,
+ 0xACDC82B714273E1D, 0xDD40BFE003199D17, 0x37E99257E7E061F8,
+ 0xFA52626904775AAA, 0x8BBBF63A463D56F9, 0xF0013F1543A26E64,
+ 0xA8307E9F879EC898, 0xCC4C27A4150177CC, 0x1B432F2CCA1D3348,
+ 0xDE1D1F8F9F6FA013, 0x606602A047A7DDD6, 0xD237AB64CC1CB2C7,
+ 0x9B938E7225FCD1D3, 0xEC4E03708E0FF476, 0xFEB2FBDA3D03C12D,
+ 0xAE0BCED2EE43889A, 0x22CB8923EBFB4F43, 0x69360D013CF7396D,
+ 0x855E3602D2D4E022, 0x073805BAD01F784C, 0x33E17A133852F546,
+ 0xDF4874058AC7B638, 0xBA92B29C678AA14A, 0x0CE89FC76CFAADCD,
+ 0x5F9D4E0908339E34, 0xF1AFE9291F5923B9, 0x6E3480F60F4A265F,
+ 0xEEBF3A2AB29B841C, 0xE21938A88F91B4AD, 0x57DFEFF845C6D3C3,
+ 0x2F006B0BF62CAAF2, 0x62F479EF6F75EE78, 0x11A55AD41C8916A9,
+ 0xF229D29084FED453, 0x42F1C27B16B000E6, 0x2B1F76749823C074,
+ 0x4B76ECA3C2745360, 0x8C98F463B91691BD, 0x14BCC93CF1ADE66A,
+ 0x8885213E6D458397, 0x8E177DF0274D4711, 0xB49B73B5503F2951,
+ 0x10168168C3F96B6B, 0x0E3D963B63CAB0AE, 0x8DFC4B5655A1DB14,
+ 0xF789F1356E14DE5C, 0x683E68AF4E51DAC1, 0xC9A84F9D8D4B0FD9,
+ 0x3691E03F52A0F9D1, 0x5ED86E46E1878E80, 0x3C711A0E99D07150,
+ 0x5A0865B20C4E9310, 0x56FBFC1FE4F0682E, 0xEA8D5DE3105EDF9B,
+ 0x71ABFDB12379187A, 0x2EB99DE1BEE77B9C, 0x21ECC0EA33CF4523,
+ 0x59A4D7521805C7A1, 0x3896F5EB56AE7C72, 0xAA638F3DB18F75DC,
+ 0x9F39358DABE9808E, 0xB7DEFA91C00B72AC, 0x6B5541FD62492D92,
+ 0x6DC6DEE8F92E4D5B, 0x353F57ABC4BEEA7E, 0x735769D6DA5690CE,
+ 0x0A234AA642391484, 0xF6F9508028F80D9D, 0xB8E319A27AB3F215,
+ 0x31AD9C1151341A4D, 0x773C22A57BEF5805, 0x45C7561A07968633,
+ 0xF913DA9E249DBE36, 0xDA652D9B78A64C68, 0x4C27A97F3BC334EF,
+ 0x76621220E66B17F4, 0x967743899ACD7D0B, 0xF3EE5BCAE0ED6782,
+ 0x409F753600C879FC, 0x06D09A39B5926DB6, 0x6F83AEB0317AC588,
+ 0x01E6CA4A86381F21, 0x66FF3462D19F3025, 0x72207C24DDFD3BFB,
+ 0x4AF6B6D3E2ECE2EB, 0x9C994DBEC7EA08DE, 0x49ACE597B09A8BC4,
+ 0xB38C4766CF0797BA, 0x131B9373C57C2A75, 0xB1822CCE61931E58,
+ 0x9D7555B909BA1C0C, 0x127FAFDD937D11D2, 0x29DA3BADC66D92E4,
+ 0xA2C1D57154C2ECBC, 0x58C5134D82F6FE24, 0x1C3AE3515B62274F,
+ 0xE907C82E01CB8126, 0xF8ED091913E37FCB, 0x3249D8F9C80046C9,
+ 0x80CF9BEDE388FB63, 0x1881539A116CF19E, 0x5103F3F76BD52457,
+ 0x15B7E6F5AE47F7A8, 0xDBD7C6DED47E9CCF, 0x44E55C410228BB1A,
+ 0xB647D4255EDB4E99, 0x5D11882BB8AAFC30, 0xF5098BBB29D3212A,
+ 0x8FB5EA14E90296B3, 0x677B942157DD025A, 0xFB58E7C0A390ACB5,
+ 0x89D3674C83BD4A01, 0x9E2DA4DF4BF3B93B, 0xFCC41E328CAB4829,
+ 0x03F38C96BA582C52, 0xCAD1BDBD7FD85DB2, 0xBBB442C16082AE83,
+ 0xB95FE86BA5DA9AB0, 0xB22E04673771A93F, 0x845358C9493152D8,
+ 0xBE2A488697B4541E, 0x95A2DC2DD38E6966, 0xC02C11AC923C852B,
+ 0x2388B1990DF2A87B, 0x7C8008FA1B4F37BE, 0x1F70D0C84D54E503,
+ 0x5490ADEC7ECE57D4, 0x002B3C27D9063A3A, 0x7EAEA3848030A2BF,
+ 0xC602326DED2003C0, 0x83A7287D69A94086, 0xC57A5FCB30F57A8A,
+ 0xB56844E479EBE779, 0xA373B40F05DCBCE9, 0xD71A786E88570EE2,
+ 0x879CBACDBDE8F6A0, 0x976AD1BCC164A32F, 0xAB21E25E9666D78B,
+ 0x901063AAE5E5C33C, 0x9818B34448698D90, 0xE36487AE3E1E8ABB,
+ 0xAFBDF931893BDCB4, 0x6345A0DC5FBBD519, 0x8628FE269B9465CA,
+ 0x1E5D01603F9C51EC, 0x4DE44006A15049B7, 0xBF6C70E5F776CBB1,
+ 0x411218F2EF552BED, 0xCB0C0708705A36A3, 0xE74D14754F986044,
+ 0xCD56D9430EA8280E, 0xC12591D7535F5065, 0xC83223F1720AEF96,
+ 0xC3A0396F7363A51F };
+
+}
diff --git a/src/tiger.cpp b/src/tiger.cpp
new file mode 100644
index 000000000..e8ecb9f3f
--- /dev/null
+++ b/src/tiger.cpp
@@ -0,0 +1,122 @@
+/*************************************************
+* Tiger Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/tiger.h>
+#include <botan/bit_ops.h>
+#include <botan/parsing.h>
+
+namespace Botan {
+
+/*************************************************
+* Tiger Compression Function *
+*************************************************/
+void Tiger::hash(const byte input[])
+ {
+ for(u32bit j = 0; j != 8; ++j)
+ X[j] = make_u64bit(input[8*j+7], input[8*j+6], input[8*j+5],
+ input[8*j+4], input[8*j+3], input[8*j+2],
+ input[8*j+1], input[8*j]);
+ u64bit A = digest[0], B = digest[1], C = digest[2];
+
+ pass(A, B, C, X, 5); mix(X);
+ pass(C, A, B, X, 7); mix(X);
+ pass(B, C, A, X, 9);
+
+ for(u32bit j = 3; j != PASS; ++j)
+ {
+ mix(X);
+ pass(A, B, C, X, 9);
+ u64bit T = A; A = C; C = B; B = T;
+ }
+
+ digest[0] ^= A; digest[1] = B - digest[1]; digest[2] += C;
+ }
+
+/*************************************************
+* Copy out the digest *
+*************************************************/
+void Tiger::copy_out(byte output[])
+ {
+ for(u32bit j = 0; j != OUTPUT_LENGTH; ++j)
+ output[j] = get_byte(7 - (j % 8), digest[j/8]);
+ }
+
+/*************************************************
+* Tiger Pass *
+*************************************************/
+void Tiger::pass(u64bit& A, u64bit& B, u64bit& C, u64bit X[8], byte mul)
+ {
+ round(A, B, C, X[0], mul);
+ round(B, C, A, X[1], mul);
+ round(C, A, B, X[2], mul);
+ round(A, B, C, X[3], mul);
+ round(B, C, A, X[4], mul);
+ round(C, A, B, X[5], mul);
+ round(A, B, C, X[6], mul);
+ round(B, C, A, X[7], mul);
+ }
+
+/*************************************************
+* Tiger Mixing Function *
+*************************************************/
+void Tiger::mix(u64bit X[8])
+ {
+ X[0] -= X[7] ^ 0xA5A5A5A5A5A5A5A5; X[1] ^= X[0];
+ X[2] += X[1]; X[3] -= X[2] ^ ((~X[1]) << 19); X[4] ^= X[3];
+ X[5] += X[4]; X[6] -= X[5] ^ ((~X[4]) >> 23); X[7] ^= X[6];
+ X[0] += X[7]; X[1] -= X[0] ^ ((~X[7]) << 19); X[2] ^= X[1];
+ X[3] += X[2]; X[4] -= X[3] ^ ((~X[2]) >> 23); X[5] ^= X[4];
+ X[6] += X[5]; X[7] -= X[6] ^ 0x0123456789ABCDEF;
+ }
+
+/*************************************************
+* Tiger Round *
+*************************************************/
+void Tiger::round(u64bit& A, u64bit& B, u64bit& C, u64bit msg, byte mul)
+ {
+ C ^= msg;
+ A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^
+ SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)];
+ B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^
+ SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)];
+ B *= mul;
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void Tiger::clear() throw()
+ {
+ MDx_HashFunction::clear();
+ X.clear();
+ digest[0] = 0x0123456789ABCDEF;
+ digest[1] = 0xFEDCBA9876543210;
+ digest[2] = 0xF096A5B4C3B2E187;
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string Tiger::name() const
+ {
+ return "Tiger(" + to_string(OUTPUT_LENGTH) + "," + to_string(PASS) + ")";
+ }
+
+/*************************************************
+* Tiger Constructor *
+*************************************************/
+Tiger::Tiger(u32bit hashlen, u32bit pass) :
+ MDx_HashFunction(hashlen, 64, false, false), PASS(pass)
+ {
+ if(OUTPUT_LENGTH != 16 && OUTPUT_LENGTH != 20 && OUTPUT_LENGTH != 24)
+ throw Invalid_Argument("Tiger: Illegal hash output size: " +
+ to_string(OUTPUT_LENGTH));
+ if(PASS < 3)
+ throw Invalid_Argument("Tiger: Invalid number of passes: "
+ + to_string(PASS));
+ clear();
+ }
+
+}
diff --git a/src/timers.cpp b/src/timers.cpp
new file mode 100644
index 000000000..1bed0e51d
--- /dev/null
+++ b/src/timers.cpp
@@ -0,0 +1,44 @@
+/*************************************************
+* Timestamp Functions Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/timers.h>
+#include <botan/libstate.h>
+#include <botan/util.h>
+#include <ctime>
+
+namespace Botan {
+
+/*************************************************
+* Timer Access Functions *
+*************************************************/
+u64bit system_time()
+ {
+ return std::time(0);
+ }
+
+u64bit system_clock()
+ {
+ return global_state().system_clock();
+ }
+
+/*************************************************
+* Default Timer clock reading *
+*************************************************/
+u64bit Timer::clock() const
+ {
+ return combine_timers(std::time(0), std::clock(), CLOCKS_PER_SEC);
+ }
+
+/*************************************************
+* Combine a two time values into a single one *
+*************************************************/
+u64bit combine_timers(u32bit seconds, u32bit parts, u32bit parts_hz)
+ {
+ const u64bit NANOSECONDS_UNITS = 1000000000;
+ parts *= (NANOSECONDS_UNITS / parts_hz);
+ return ((seconds * NANOSECONDS_UNITS) + parts);
+ }
+
+}
diff --git a/src/tur_tab.cpp b/src/tur_tab.cpp
new file mode 100644
index 000000000..11c4610b4
--- /dev/null
+++ b/src/tur_tab.cpp
@@ -0,0 +1,104 @@
+/*************************************************
+* Tables for Turing *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/turing.h>
+
+namespace Botan {
+
+const byte Turing::SBOX[256] = {
+ 0x61, 0x51, 0xEB, 0x19, 0xB9, 0x5D, 0x60, 0x38, 0x7C, 0xB2, 0x06, 0x12,
+ 0xC4, 0x5B, 0x16, 0x3B, 0x2B, 0x18, 0x83, 0xB0, 0x7F, 0x75, 0xFA, 0xA0,
+ 0xE9, 0xDD, 0x6D, 0x7A, 0x6B, 0x68, 0x2D, 0x49, 0xB5, 0x1C, 0x90, 0xF7,
+ 0xED, 0x9F, 0xE8, 0xCE, 0xAE, 0x77, 0xC2, 0x13, 0xFD, 0xCD, 0x3E, 0xCF,
+ 0x37, 0x6A, 0xD4, 0xDB, 0x8E, 0x65, 0x1F, 0x1A, 0x87, 0xCB, 0x40, 0x15,
+ 0x88, 0x0D, 0x35, 0xB3, 0x11, 0x0F, 0xD0, 0x30, 0x48, 0xF9, 0xA8, 0xAC,
+ 0x85, 0x27, 0x0E, 0x8A, 0xE0, 0x50, 0x64, 0xA7, 0xCC, 0xE4, 0xF1, 0x98,
+ 0xFF, 0xA1, 0x04, 0xDA, 0xD5, 0xBC, 0x1B, 0xBB, 0xD1, 0xFE, 0x31, 0xCA,
+ 0xBA, 0xD9, 0x2E, 0xF3, 0x1D, 0x47, 0x4A, 0x3D, 0x71, 0x4C, 0xAB, 0x7D,
+ 0x8D, 0xC7, 0x59, 0xB8, 0xC1, 0x96, 0x1E, 0xFC, 0x44, 0xC8, 0x7B, 0xDC,
+ 0x5C, 0x78, 0x2A, 0x9D, 0xA5, 0xF0, 0x73, 0x22, 0x89, 0x05, 0xF4, 0x07,
+ 0x21, 0x52, 0xA6, 0x28, 0x9A, 0x92, 0x69, 0x8F, 0xC5, 0xC3, 0xF5, 0xE1,
+ 0xDE, 0xEC, 0x09, 0xF2, 0xD3, 0xAF, 0x34, 0x23, 0xAA, 0xDF, 0x7E, 0x82,
+ 0x29, 0xC0, 0x24, 0x14, 0x03, 0x32, 0x4E, 0x39, 0x6F, 0xC6, 0xB1, 0x9B,
+ 0xEA, 0x72, 0x79, 0x41, 0xD8, 0x26, 0x6C, 0x5E, 0x2C, 0xB4, 0xA2, 0x53,
+ 0x57, 0xE2, 0x9C, 0x86, 0x54, 0x95, 0xB6, 0x80, 0x8C, 0x36, 0x67, 0xBD,
+ 0x08, 0x93, 0x2F, 0x99, 0x5A, 0xF8, 0x3A, 0xD7, 0x56, 0x84, 0xD2, 0x01,
+ 0xF6, 0x66, 0x4D, 0x55, 0x8B, 0x0C, 0x0B, 0x46, 0xB7, 0x3C, 0x45, 0x91,
+ 0xA4, 0xE3, 0x70, 0xD6, 0xFB, 0xE6, 0x10, 0xA9, 0xC9, 0x00, 0x9E, 0xE7,
+ 0x4F, 0x76, 0x25, 0x3F, 0x5F, 0xA3, 0x33, 0x20, 0x02, 0xEF, 0x62, 0x74,
+ 0xEE, 0x17, 0x81, 0x42, 0x58, 0x0A, 0x4B, 0x63, 0xE5, 0xBE, 0x6E, 0xAD,
+ 0xBF, 0x43, 0x94, 0x97 };
+
+const byte Turing::OFFSETS[272] = {
+ 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x0C, 0x0E, 0x0F,
+ 0x10, 0x00, 0x00, 0x00, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C,
+ 0x0D, 0x00, 0x02, 0x03, 0x04, 0x00, 0x00, 0x00, 0x0A, 0x0B, 0x0C, 0x0D,
+ 0x0E, 0x0F, 0x10, 0x00, 0x01, 0x05, 0x07, 0x08, 0x09, 0x00, 0x00, 0x00,
+ 0x0F, 0x10, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x0A, 0x0C, 0x0D,
+ 0x0E, 0x00, 0x00, 0x00, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A,
+ 0x0B, 0x0F, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x08, 0x09, 0x0A, 0x0B,
+ 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x03, 0x05, 0x06, 0x07, 0x00, 0x00, 0x00,
+ 0x0D, 0x0E, 0x0F, 0x10, 0x00, 0x01, 0x02, 0x03, 0x04, 0x08, 0x0A, 0x0B,
+ 0x0C, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08,
+ 0x09, 0x0D, 0x0F, 0x10, 0x00, 0x00, 0x00, 0x00, 0x06, 0x07, 0x08, 0x09,
+ 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x01, 0x03, 0x04, 0x05, 0x00, 0x00, 0x00,
+ 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x00, 0x01, 0x02, 0x06, 0x08, 0x09,
+ 0x0A, 0x00, 0x00, 0x00, 0x10, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06,
+ 0x07, 0x0B, 0x0D, 0x0E, 0x0F, 0x00, 0x00, 0x00, 0x04, 0x05, 0x06, 0x07,
+ 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x10, 0x01, 0x02, 0x03, 0x00, 0x00, 0x00,
+ 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x00, 0x04, 0x06, 0x07,
+ 0x08, 0x00, 0x00, 0x00, 0x0E, 0x0F, 0x10, 0x00, 0x01, 0x02, 0x03, 0x04,
+ 0x05, 0x09, 0x0B, 0x0C, 0x0D, 0x00, 0x00, 0x00, 0x02, 0x03, 0x04, 0x05,
+ 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0E, 0x10, 0x00, 0x01, 0x00, 0x00, 0x00,
+ 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x02, 0x04, 0x05,
+ 0x06, 0x00, 0x00, 0x00, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x00, 0x01, 0x02,
+ 0x03, 0x07, 0x09, 0x0A, 0x0B, 0x00, 0x00, 0x00 };
+
+const u32bit Turing::Q_BOX[256] = {
+ 0x1FAA1887, 0x4E5E435C, 0x9165C042, 0x250E6EF4, 0x5957EE20, 0xD484FED3,
+ 0xA666C502, 0x7E54E8AE, 0xD12EE9D9, 0xFC1F38D4, 0x49829B5D, 0x1B5CDF3C,
+ 0x74864249, 0xDA2E3963, 0x28F4429F, 0xC8432C35, 0x4AF40325, 0x9FC0DD70,
+ 0xD8973DED, 0x1A02DC5E, 0xCD175B42, 0xF10012BF, 0x6694D78C, 0xACAAB26B,
+ 0x4EC11B9A, 0x3F168146, 0xC0EA8EC5, 0xB38AC28F, 0x1FED5C0F, 0xAAB4101C,
+ 0xEA2DB082, 0x470929E1, 0xE71843DE, 0x508299FC, 0xE72FBC4B, 0x2E3915DD,
+ 0x9FA803FA, 0x9546B2DE, 0x3C233342, 0x0FCEE7C3, 0x24D607EF, 0x8F97EBAB,
+ 0xF37F859B, 0xCD1F2E2F, 0xC25B71DA, 0x75E2269A, 0x1E39C3D1, 0xEDA56B36,
+ 0xF8C9DEF2, 0x46C9FC5F, 0x1827B3A3, 0x70A56DDF, 0x0D25B510, 0x000F85A7,
+ 0xB2E82E71, 0x68CB8816, 0x8F951E2A, 0x72F5F6AF, 0xE4CBC2B3, 0xD34FF55D,
+ 0x2E6B6214, 0x220B83E3, 0xD39EA6F5, 0x6FE041AF, 0x6B2F1F17, 0xAD3B99EE,
+ 0x16A65EC0, 0x757016C6, 0xBA7709A4, 0xB0326E01, 0xF4B280D9, 0x4BFB1418,
+ 0xD6AFF227, 0xFD548203, 0xF56B9D96, 0x6717A8C0, 0x00D5BF6E, 0x10EE7888,
+ 0xEDFCFE64, 0x1BA193CD, 0x4B0D0184, 0x89AE4930, 0x1C014F36, 0x82A87088,
+ 0x5EAD6C2A, 0xEF22C678, 0x31204DE7, 0xC9C2E759, 0xD200248E, 0x303B446B,
+ 0xB00D9FC2, 0x9914A895, 0x906CC3A1, 0x54FEF170, 0x34C19155, 0xE27B8A66,
+ 0x131B5E69, 0xC3A8623E, 0x27BDFA35, 0x97F068CC, 0xCA3A6ACD, 0x4B55E936,
+ 0x86602DB9, 0x51DF13C1, 0x390BB16D, 0x5A80B83C, 0x22B23763, 0x39D8A911,
+ 0x2CB6BC13, 0xBF5579D7, 0x6C5C2FA8, 0xA8F4196E, 0xBCDB5476, 0x6864A866,
+ 0x416E16AD, 0x897FC515, 0x956FEB3C, 0xF6C8A306, 0x216799D9, 0x171A9133,
+ 0x6C2466DD, 0x75EB5DCD, 0xDF118F50, 0xE4AFB226, 0x26B9CEF3, 0xADB36189,
+ 0x8A7A19B1, 0xE2C73084, 0xF77DED5C, 0x8B8BC58F, 0x06DDE421, 0xB41E47FB,
+ 0xB1CC715E, 0x68C0FF99, 0x5D122F0F, 0xA4D25184, 0x097A5E6C, 0x0CBF18BC,
+ 0xC2D7C6E0, 0x8BB7E420, 0xA11F523F, 0x35D9B8A2, 0x03DA1A6B, 0x06888C02,
+ 0x7DD1E354, 0x6BBA7D79, 0x32CC7753, 0xE52D9655, 0xA9829DA1, 0x301590A7,
+ 0x9BC1C149, 0x13537F1C, 0xD3779B69, 0x2D71F2B7, 0x183C58FA, 0xACDC4418,
+ 0x8D8C8C76, 0x2620D9F0, 0x71A80D4D, 0x7A74C473, 0x449410E9, 0xA20E4211,
+ 0xF9C8082B, 0x0A6B334A, 0xB5F68ED2, 0x8243CC1B, 0x453C0FF3, 0x9BE564A0,
+ 0x4FF55A4F, 0x8740F8E7, 0xCCA7F15F, 0xE300FE21, 0x786D37D6, 0xDFD506F1,
+ 0x8EE00973, 0x17BBDE36, 0x7A670FA8, 0x5C31AB9E, 0xD4DAB618, 0xCC1F52F5,
+ 0xE358EB4F, 0x19B9E343, 0x3A8D77DD, 0xCDB93DA6, 0x140FD52D, 0x395412F8,
+ 0x2BA63360, 0x37E53AD0, 0x80700F1C, 0x7624ED0B, 0x703DC1EC, 0xB7366795,
+ 0xD6549D15, 0x66CE46D7, 0xD17ABE76, 0xA448E0A0, 0x28F07C02, 0xC31249B7,
+ 0x6E9ED6BA, 0xEAA47F78, 0xBBCFFFBD, 0xC507CA84, 0xE965F4DA, 0x8E9F35DA,
+ 0x6AD2AA44, 0x577452AC, 0xB5D674A7, 0x5461A46A, 0x6763152A, 0x9C12B7AA,
+ 0x12615927, 0x7B4FB118, 0xC351758D, 0x7E81687B, 0x5F52F0B3, 0x2D4254ED,
+ 0xD4C77271, 0x0431ACAB, 0xBEF94AEC, 0xFEE994CD, 0x9C4D9E81, 0xED623730,
+ 0xCF8A21E8, 0x51917F0B, 0xA7A9B5D6, 0xB297ADF8, 0xEED30431, 0x68CAC921,
+ 0xF1B35D46, 0x7A430A36, 0x51194022, 0x9ABCA65E, 0x85EC70BA, 0x39AEA8CC,
+ 0x737BAE8B, 0x582924D5, 0x03098A5A, 0x92396B81, 0x18DE2522, 0x745C1CB8,
+ 0xA1B8FE1D, 0x5DB3C697, 0x29164F83, 0x97C16376, 0x8419224C, 0x21203B35,
+ 0x833AC0FE, 0xD966A19A, 0xAAF0B24F, 0x40FDA998, 0xE7D52D71, 0x390896A8,
+ 0xCEE6053F, 0xD0B0D300, 0xFF99CBCC, 0x065E3D40 };
+
+}
diff --git a/src/turing.cpp b/src/turing.cpp
new file mode 100644
index 000000000..b43041405
--- /dev/null
+++ b/src/turing.cpp
@@ -0,0 +1,273 @@
+/*************************************************
+* Turing Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/turing.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Perform an N-way PHT *
+*************************************************/
+inline void PHT(MemoryRegion<u32bit>& buf)
+ {
+ u32bit sum = 0;
+ for(u32bit j = 0; j < buf.size() - 1; ++j)
+ sum += buf[j];
+ buf[buf.size()-1] += sum;
+ sum = buf[buf.size()-1];
+ for(u32bit j = 0; j < buf.size() - 1; ++j)
+ buf[j] += sum;
+ }
+
+/*************************************************
+* Turing's polynomial multiplication *
+*************************************************/
+inline u32bit mul(u32bit X)
+ {
+ static const u32bit MULT_TAB[256] = {
+ 0x00000000, 0xD02B4367, 0xED5686CE, 0x3D7DC5A9, 0x97AC41D1, 0x478702B6,
+ 0x7AFAC71F, 0xAAD18478, 0x631582EF, 0xB33EC188, 0x8E430421, 0x5E684746,
+ 0xF4B9C33E, 0x24928059, 0x19EF45F0, 0xC9C40697, 0xC62A4993, 0x16010AF4,
+ 0x2B7CCF5D, 0xFB578C3A, 0x51860842, 0x81AD4B25, 0xBCD08E8C, 0x6CFBCDEB,
+ 0xA53FCB7C, 0x7514881B, 0x48694DB2, 0x98420ED5, 0x32938AAD, 0xE2B8C9CA,
+ 0xDFC50C63, 0x0FEE4F04, 0xC154926B, 0x117FD10C, 0x2C0214A5, 0xFC2957C2,
+ 0x56F8D3BA, 0x86D390DD, 0xBBAE5574, 0x6B851613, 0xA2411084, 0x726A53E3,
+ 0x4F17964A, 0x9F3CD52D, 0x35ED5155, 0xE5C61232, 0xD8BBD79B, 0x089094FC,
+ 0x077EDBF8, 0xD755989F, 0xEA285D36, 0x3A031E51, 0x90D29A29, 0x40F9D94E,
+ 0x7D841CE7, 0xADAF5F80, 0x646B5917, 0xB4401A70, 0x893DDFD9, 0x59169CBE,
+ 0xF3C718C6, 0x23EC5BA1, 0x1E919E08, 0xCEBADD6F, 0xCFA869D6, 0x1F832AB1,
+ 0x22FEEF18, 0xF2D5AC7F, 0x58042807, 0x882F6B60, 0xB552AEC9, 0x6579EDAE,
+ 0xACBDEB39, 0x7C96A85E, 0x41EB6DF7, 0x91C02E90, 0x3B11AAE8, 0xEB3AE98F,
+ 0xD6472C26, 0x066C6F41, 0x09822045, 0xD9A96322, 0xE4D4A68B, 0x34FFE5EC,
+ 0x9E2E6194, 0x4E0522F3, 0x7378E75A, 0xA353A43D, 0x6A97A2AA, 0xBABCE1CD,
+ 0x87C12464, 0x57EA6703, 0xFD3BE37B, 0x2D10A01C, 0x106D65B5, 0xC04626D2,
+ 0x0EFCFBBD, 0xDED7B8DA, 0xE3AA7D73, 0x33813E14, 0x9950BA6C, 0x497BF90B,
+ 0x74063CA2, 0xA42D7FC5, 0x6DE97952, 0xBDC23A35, 0x80BFFF9C, 0x5094BCFB,
+ 0xFA453883, 0x2A6E7BE4, 0x1713BE4D, 0xC738FD2A, 0xC8D6B22E, 0x18FDF149,
+ 0x258034E0, 0xF5AB7787, 0x5F7AF3FF, 0x8F51B098, 0xB22C7531, 0x62073656,
+ 0xABC330C1, 0x7BE873A6, 0x4695B60F, 0x96BEF568, 0x3C6F7110, 0xEC443277,
+ 0xD139F7DE, 0x0112B4B9, 0xD31DD2E1, 0x03369186, 0x3E4B542F, 0xEE601748,
+ 0x44B19330, 0x949AD057, 0xA9E715FE, 0x79CC5699, 0xB008500E, 0x60231369,
+ 0x5D5ED6C0, 0x8D7595A7, 0x27A411DF, 0xF78F52B8, 0xCAF29711, 0x1AD9D476,
+ 0x15379B72, 0xC51CD815, 0xF8611DBC, 0x284A5EDB, 0x829BDAA3, 0x52B099C4,
+ 0x6FCD5C6D, 0xBFE61F0A, 0x7622199D, 0xA6095AFA, 0x9B749F53, 0x4B5FDC34,
+ 0xE18E584C, 0x31A51B2B, 0x0CD8DE82, 0xDCF39DE5, 0x1249408A, 0xC26203ED,
+ 0xFF1FC644, 0x2F348523, 0x85E5015B, 0x55CE423C, 0x68B38795, 0xB898C4F2,
+ 0x715CC265, 0xA1778102, 0x9C0A44AB, 0x4C2107CC, 0xE6F083B4, 0x36DBC0D3,
+ 0x0BA6057A, 0xDB8D461D, 0xD4630919, 0x04484A7E, 0x39358FD7, 0xE91ECCB0,
+ 0x43CF48C8, 0x93E40BAF, 0xAE99CE06, 0x7EB28D61, 0xB7768BF6, 0x675DC891,
+ 0x5A200D38, 0x8A0B4E5F, 0x20DACA27, 0xF0F18940, 0xCD8C4CE9, 0x1DA70F8E,
+ 0x1CB5BB37, 0xCC9EF850, 0xF1E33DF9, 0x21C87E9E, 0x8B19FAE6, 0x5B32B981,
+ 0x664F7C28, 0xB6643F4F, 0x7FA039D8, 0xAF8B7ABF, 0x92F6BF16, 0x42DDFC71,
+ 0xE80C7809, 0x38273B6E, 0x055AFEC7, 0xD571BDA0, 0xDA9FF2A4, 0x0AB4B1C3,
+ 0x37C9746A, 0xE7E2370D, 0x4D33B375, 0x9D18F012, 0xA06535BB, 0x704E76DC,
+ 0xB98A704B, 0x69A1332C, 0x54DCF685, 0x84F7B5E2, 0x2E26319A, 0xFE0D72FD,
+ 0xC370B754, 0x135BF433, 0xDDE1295C, 0x0DCA6A3B, 0x30B7AF92, 0xE09CECF5,
+ 0x4A4D688D, 0x9A662BEA, 0xA71BEE43, 0x7730AD24, 0xBEF4ABB3, 0x6EDFE8D4,
+ 0x53A22D7D, 0x83896E1A, 0x2958EA62, 0xF973A905, 0xC40E6CAC, 0x14252FCB,
+ 0x1BCB60CF, 0xCBE023A8, 0xF69DE601, 0x26B6A566, 0x8C67211E, 0x5C4C6279,
+ 0x6131A7D0, 0xB11AE4B7, 0x78DEE220, 0xA8F5A147, 0x958864EE, 0x45A32789,
+ 0xEF72A3F1, 0x3F59E096, 0x0224253F, 0xD20F6658 };
+
+ return (X << 8) ^ MULT_TAB[(X >> 24) & 0xFF];
+ }
+
+}
+
+/*************************************************
+* Combine cipher stream with message *
+*************************************************/
+void Turing::cipher(const byte in[], byte out[], u32bit length)
+ {
+ while(length >= buffer.size() - position)
+ {
+ xor_buf(out, in, buffer.begin() + position, buffer.size() - position);
+ length -= (buffer.size() - position);
+ in += (buffer.size() - position);
+ out += (buffer.size() - position);
+ generate();
+ }
+ xor_buf(out, in, buffer.begin() + position, length);
+ position += length;
+ }
+
+/*************************************************
+* Generate cipher stream *
+*************************************************/
+void Turing::generate()
+ {
+ for(u32bit j = 0; j != 17; ++j)
+ {
+ const u32bit offset_0 = OFFSETS[16*j];
+ const u32bit offset_1 = OFFSETS[16*j+1];
+ const u32bit offset_2 = OFFSETS[16*j+2];
+ const u32bit offset_3 = OFFSETS[16*j+3];
+ const u32bit offset_4 = OFFSETS[16*j+4];
+ const u32bit offset_5 = OFFSETS[16*j+5];
+ const u32bit offset_6 = OFFSETS[16*j+6];
+ const u32bit offset_7 = OFFSETS[16*j+7];
+ const u32bit offset_8 = OFFSETS[16*j+8];
+ const u32bit offset_12 = OFFSETS[16*j+9];
+ const u32bit offset_14 = OFFSETS[16*j+10];
+ const u32bit offset_15 = OFFSETS[16*j+11];
+ const u32bit offset_16 = OFFSETS[16*j+12];
+
+ R[offset_0] = mul(R[offset_0]) ^ R[offset_15] ^ R[offset_4];
+
+ u32bit A = R[offset_0];
+ u32bit B = R[offset_14];
+ u32bit C = R[offset_7];
+ u32bit D = R[offset_2];
+ u32bit E = R[offset_1];
+
+ E += A + B + C + D;
+ A += E; B += E; C += E; D += E;
+
+ A = S0[get_byte(0, A)] ^ S1[get_byte(1, A)] ^
+ S2[get_byte(2, A)] ^ S3[get_byte(3, A)];
+ B = S0[get_byte(1, B)] ^ S1[get_byte(2, B)] ^
+ S2[get_byte(3, B)] ^ S3[get_byte(0, B)];
+ C = S0[get_byte(2, C)] ^ S1[get_byte(3, C)] ^
+ S2[get_byte(0, C)] ^ S3[get_byte(1, C)];
+ D = S0[get_byte(3, D)] ^ S1[get_byte(0, D)] ^
+ S2[get_byte(1, D)] ^ S3[get_byte(2, D)];
+ E = S0[get_byte(0, E)] ^ S1[get_byte(1, E)] ^
+ S2[get_byte(2, E)] ^ S3[get_byte(3, E)];
+
+ E += A + B + C + D;
+ A += E; B += E; C += E; D += E;
+
+ R[offset_1] = mul(R[offset_1]) ^ R[offset_16] ^ R[offset_5];
+ R[offset_2] = mul(R[offset_2]) ^ R[offset_0] ^ R[offset_6];
+ R[offset_3] = mul(R[offset_3]) ^ R[offset_1] ^ R[offset_7];
+
+ E += R[offset_4];
+
+ R[offset_4] = mul(R[offset_4]) ^ R[offset_2] ^ R[offset_8];
+
+ A += R[offset_1];
+ B += R[offset_16];
+ C += R[offset_12];
+ D += R[offset_5];
+
+ for(u32bit k = 0; k != 4; ++k)
+ {
+ buffer[20*j+k ] = get_byte(k, A);
+ buffer[20*j+k+ 4] = get_byte(k, B);
+ buffer[20*j+k+ 8] = get_byte(k, C);
+ buffer[20*j+k+12] = get_byte(k, D);
+ buffer[20*j+k+16] = get_byte(k, E);
+ }
+ }
+
+ position = 0;
+ }
+
+/*************************************************
+*
+*************************************************/
+u32bit Turing::fixedS(u32bit W)
+ {
+ for(u32bit j = 0; j != 4; ++j)
+ {
+ byte B = SBOX[get_byte(j, W)];
+ W ^= rotate_left(Q_BOX[B], j*8);
+ W &= rotate_right(0x00FFFFFF, j*8);
+ W |= B << (24-j*8);
+ }
+ return W;
+ }
+
+/*************************************************
+* Generate the expanded Turing Sbox tables *
+*************************************************/
+void Turing::gen_sbox(MemoryRegion<u32bit>& S, u32bit which,
+ const MemoryRegion<u32bit>& K)
+ {
+ for(u32bit j = 0; j != 256; ++j)
+ {
+ u32bit W = 0, C = j;
+
+ for(u32bit k = 0; k < K.size(); ++k)
+ {
+ C = SBOX[get_byte(which, K[k]) ^ C];
+ W ^= rotate_left(Q_BOX[C], k + 8*which);
+ }
+ S[j] = (W & rotate_right(0x00FFFFFF, 8*which)) | (C << (24 - 8*which));
+ }
+ }
+
+/*************************************************
+* Turing Key Schedule *
+*************************************************/
+void Turing::key(const byte key[], u32bit length)
+ {
+ K.create(length / 4);
+ for(u32bit j = 0; j != length; ++j)
+ K[j/4] = (K[j/4] << 8) + key[j];
+
+ for(u32bit j = 0; j != K.size(); ++j)
+ K[j] = fixedS(K[j]);
+
+ PHT(K);
+
+ gen_sbox(S0, 0, K);
+ gen_sbox(S1, 1, K);
+ gen_sbox(S2, 2, K);
+ gen_sbox(S3, 3, K);
+
+ resync(0, 0);
+ }
+
+/*************************************************
+* Resynchronization *
+*************************************************/
+void Turing::resync(const byte iv[], u32bit length)
+ {
+ if(length % 4 != 0 || length > 16)
+ throw Invalid_IV_Length(name(), length);
+
+ SecureVector<u32bit> IV(length / 4);
+ for(u32bit j = 0; j != length; ++j)
+ IV[j/4] = (IV[j/4] << 8) + iv[j];
+
+ for(u32bit j = 0; j != IV.size(); ++j)
+ R[j] = IV[j] = fixedS(IV[j]);
+
+ for(u32bit j = 0; j != K.size(); ++j)
+ R[j+IV.size()] = K[j];
+
+ R[K.size() + IV.size()] = (0x010203 << 8) | (K.size() << 4) | IV.size();
+
+ for(u32bit j = K.size() + IV.size() + 1; j != 17; ++j)
+ {
+ const u32bit W = R[j-K.size()-IV.size()-1] + R[j-1];
+ R[j] = S0[get_byte(0, W)] ^ S1[get_byte(1, W)] ^
+ S2[get_byte(2, W)] ^ S3[get_byte(3, W)];
+ }
+
+ PHT(R);
+
+ generate();
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void Turing::clear() throw()
+ {
+ S0.clear();
+ S1.clear();
+ S2.clear();
+ S3.clear();
+
+ buffer.clear();
+ position = 0;
+ }
+
+}
diff --git a/src/two_tab.cpp b/src/two_tab.cpp
new file mode 100644
index 000000000..0ad0aeb8f
--- /dev/null
+++ b/src/two_tab.cpp
@@ -0,0 +1,291 @@
+/*************************************************
+* S-Box and MDS Tables for Twofish *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/twofish.h>
+
+namespace Botan {
+
+const byte Twofish::Q0[256] = {
+ 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78,
+ 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C,
+ 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30,
+ 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82,
+ 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE,
+ 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B,
+ 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45,
+ 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7,
+ 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF,
+ 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8,
+ 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED,
+ 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90,
+ 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B,
+ 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B,
+ 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F,
+ 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A,
+ 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17,
+ 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72,
+ 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68,
+ 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4,
+ 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42,
+ 0x4A, 0x5E, 0xC1, 0xE0 };
+
+const byte Twofish::Q1[256] = {
+ 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B,
+ 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1,
+ 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B,
+ 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5,
+ 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54,
+ 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96,
+ 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7,
+ 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8,
+ 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF,
+ 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9,
+ 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D,
+ 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E,
+ 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21,
+ 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01,
+ 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E,
+ 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64,
+ 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44,
+ 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E,
+ 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B,
+ 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9,
+ 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56,
+ 0x55, 0x09, 0xBE, 0x91 };
+
+const byte Twofish::RS[32] = {
+ 0x01, 0xA4, 0x02, 0xA4, 0xA4, 0x56, 0xA1, 0x55, 0x55, 0x82, 0xFC, 0x87,
+ 0x87, 0xF3, 0xC1, 0x5A, 0x5A, 0x1E, 0x47, 0x58, 0x58, 0xC6, 0xAE, 0xDB,
+ 0xDB, 0x68, 0x3D, 0x9E, 0x9E, 0xE5, 0x19, 0x03 };
+
+const byte Twofish::EXP_TO_POLY[255] = {
+ 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2,
+ 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03,
+ 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6,
+ 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A,
+ 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63,
+ 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C,
+ 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07,
+ 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88,
+ 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12,
+ 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7,
+ 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C,
+ 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8,
+ 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25,
+ 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A,
+ 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE,
+ 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC,
+ 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E,
+ 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92,
+ 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89,
+ 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB,
+ 0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1,
+ 0x8F, 0x53, 0xA6 };
+
+const byte Twofish::POLY_TO_EXP[255] = {
+ 0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19,
+ 0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A,
+ 0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C,
+ 0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B,
+ 0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47,
+ 0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D,
+ 0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8,
+ 0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C,
+ 0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83,
+ 0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48,
+ 0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26,
+ 0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E,
+ 0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3,
+ 0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9,
+ 0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A,
+ 0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D,
+ 0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75,
+ 0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84,
+ 0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64,
+ 0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49,
+ 0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF,
+ 0x85, 0xC8, 0xA1 };
+
+const u32bit Twofish::MDS0[256] = {
+ 0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B,
+ 0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B,
+ 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32,
+ 0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1,
+ 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA,
+ 0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B,
+ 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1,
+ 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5,
+ 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490,
+ 0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154,
+ 0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0,
+ 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796,
+ 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228,
+ 0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7,
+ 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3,
+ 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8,
+ 0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477,
+ 0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF,
+ 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C,
+ 0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9,
+ 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA,
+ 0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D,
+ 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72,
+ 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E,
+ 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76,
+ 0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321,
+ 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39,
+ 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01,
+ 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D,
+ 0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E,
+ 0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5,
+ 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64,
+ 0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7,
+ 0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544,
+ 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E,
+ 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E,
+ 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A,
+ 0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B,
+ 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2,
+ 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9,
+ 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504,
+ 0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756,
+ 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91 };
+
+const u32bit Twofish::MDS1[256] = {
+ 0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252,
+ 0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A,
+ 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020,
+ 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141,
+ 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444,
+ 0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424,
+ 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A,
+ 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757,
+ 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383,
+ 0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A,
+ 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9,
+ 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656,
+ 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1,
+ 0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898,
+ 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414,
+ 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3,
+ 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1,
+ 0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989,
+ 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5,
+ 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282,
+ 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E,
+ 0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E,
+ 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202,
+ 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC,
+ 0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565,
+ 0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A,
+ 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808,
+ 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272,
+ 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A,
+ 0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969,
+ 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505,
+ 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5,
+ 0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D,
+ 0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343,
+ 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF,
+ 0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3,
+ 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F,
+ 0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646,
+ 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6,
+ 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF,
+ 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A,
+ 0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7,
+ 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8 };
+
+const u32bit Twofish::MDS2[256] = {
+ 0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B,
+ 0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F,
+ 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A,
+ 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783,
+ 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70,
+ 0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3,
+ 0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB,
+ 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA,
+ 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4,
+ 0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41,
+ 0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C,
+ 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07,
+ 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622,
+ 0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18,
+ 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035,
+ 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96,
+ 0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84,
+ 0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E,
+ 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F,
+ 0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD,
+ 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558,
+ 0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40,
+ 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA,
+ 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85,
+ 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF,
+ 0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773,
+ 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D,
+ 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B,
+ 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C,
+ 0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19,
+ 0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086,
+ 0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D,
+ 0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74,
+ 0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755,
+ 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691,
+ 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D,
+ 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4,
+ 0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53,
+ 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E,
+ 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9,
+ 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705,
+ 0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7,
+ 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF };
+
+const u32bit Twofish::MDS3[256] = {
+ 0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98,
+ 0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866,
+ 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643,
+ 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77,
+ 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9,
+ 0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C,
+ 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3,
+ 0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216,
+ 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F,
+ 0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25,
+ 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF,
+ 0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7,
+ 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4,
+ 0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E,
+ 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA,
+ 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C,
+ 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12,
+ 0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A,
+ 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D,
+ 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE,
+ 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A,
+ 0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C,
+ 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B,
+ 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4,
+ 0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B,
+ 0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3,
+ 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE,
+ 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB,
+ 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85,
+ 0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA,
+ 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E,
+ 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8,
+ 0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33,
+ 0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC,
+ 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718,
+ 0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA,
+ 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8,
+ 0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872,
+ 0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882,
+ 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D,
+ 0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10,
+ 0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6,
+ 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8 };
+
+}
diff --git a/src/twofish.cpp b/src/twofish.cpp
new file mode 100644
index 000000000..766bc9b0b
--- /dev/null
+++ b/src/twofish.cpp
@@ -0,0 +1,227 @@
+/*************************************************
+* Twofish Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/twofish.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* Twofish Encryption *
+*************************************************/
+void Twofish::enc(const byte in[], byte out[]) const
+ {
+ u32bit A = make_u32bit(in[ 3], in[ 2], in[ 1], in[ 0]),
+ B = make_u32bit(in[ 7], in[ 6], in[ 5], in[ 4]),
+ C = make_u32bit(in[11], in[10], in[ 9], in[ 8]),
+ D = make_u32bit(in[15], in[14], in[13], in[12]);
+
+ A ^= round_key[0]; B ^= round_key[1]; C ^= round_key[2]; D ^= round_key[3];
+
+ for(u32bit j = 0; j != 16; j += 2)
+ {
+ u32bit X, Y;
+
+ X = SBox0[get_byte(3, A)] ^ SBox1[get_byte(2, A)] ^
+ SBox2[get_byte(1, A)] ^ SBox3[get_byte(0, A)];
+ Y = SBox0[get_byte(0, B)] ^ SBox1[get_byte(3, B)] ^
+ SBox2[get_byte(2, B)] ^ SBox3[get_byte(1, B)];
+ X += Y;
+ Y += X + round_key[2*j + 9];
+ X += round_key[2*j + 8];
+
+ C = rotate_right(C ^ X, 1);
+ D = rotate_left(D, 1) ^ Y;
+
+ X = SBox0[get_byte(3, C)] ^ SBox1[get_byte(2, C)] ^
+ SBox2[get_byte(1, C)] ^ SBox3[get_byte(0, C)];
+ Y = SBox0[get_byte(0, D)] ^ SBox1[get_byte(3, D)] ^
+ SBox2[get_byte(2, D)] ^ SBox3[get_byte(1, D)];
+ X += Y;
+ Y += X + round_key[2*j + 11];
+ X += round_key[2*j + 10];
+
+ A = rotate_right(A ^ X, 1);
+ B = rotate_left(B, 1) ^ Y;
+ }
+
+ C ^= round_key[4]; D ^= round_key[5]; A ^= round_key[6]; B ^= round_key[7];
+
+ out[ 0] = get_byte(3, C); out[ 1] = get_byte(2, C);
+ out[ 2] = get_byte(1, C); out[ 3] = get_byte(0, C);
+ out[ 4] = get_byte(3, D); out[ 5] = get_byte(2, D);
+ out[ 6] = get_byte(1, D); out[ 7] = get_byte(0, D);
+ out[ 8] = get_byte(3, A); out[ 9] = get_byte(2, A);
+ out[10] = get_byte(1, A); out[11] = get_byte(0, A);
+ out[12] = get_byte(3, B); out[13] = get_byte(2, B);
+ out[14] = get_byte(1, B); out[15] = get_byte(0, B);
+ }
+
+/*************************************************
+* Twofish Decryption *
+*************************************************/
+void Twofish::dec(const byte in[], byte out[]) const
+ {
+ u32bit A = make_u32bit(in[ 3], in[ 2], in[ 1], in[ 0]),
+ B = make_u32bit(in[ 7], in[ 6], in[ 5], in[ 4]),
+ C = make_u32bit(in[11], in[10], in[ 9], in[ 8]),
+ D = make_u32bit(in[15], in[14], in[13], in[12]);
+
+ A ^= round_key[4]; B ^= round_key[5]; C ^= round_key[6]; D ^= round_key[7];
+
+ for(u32bit j = 0; j != 16; j += 2)
+ {
+ u32bit X, Y;
+
+ X = SBox0[get_byte(3, A)] ^ SBox1[get_byte(2, A)] ^
+ SBox2[get_byte(1, A)] ^ SBox3[get_byte(0, A)];
+ Y = SBox0[get_byte(0, B)] ^ SBox1[get_byte(3, B)] ^
+ SBox2[get_byte(2, B)] ^ SBox3[get_byte(1, B)];
+ X += Y;
+ Y += X + round_key[39 - 2*j];
+ X += round_key[38 - 2*j];
+
+ C = rotate_left(C, 1) ^ X;
+ D = rotate_right(D ^ Y, 1);
+
+ X = SBox0[get_byte(3, C)] ^ SBox1[get_byte(2, C)] ^
+ SBox2[get_byte(1, C)] ^ SBox3[get_byte(0, C)];
+ Y = SBox0[get_byte(0, D)] ^ SBox1[get_byte(3, D)] ^
+ SBox2[get_byte(2, D)] ^ SBox3[get_byte(1, D)];
+ X += Y;
+ Y += X + round_key[37 - 2*j];
+ X += round_key[36 - 2*j];
+
+ A = rotate_left(A, 1) ^ X;
+ B = rotate_right(B ^ Y, 1);
+ }
+
+ C ^= round_key[0]; D ^= round_key[1]; A ^= round_key[2]; B ^= round_key[3];
+
+ out[ 0] = get_byte(3, C); out[ 1] = get_byte(2, C);
+ out[ 2] = get_byte(1, C); out[ 3] = get_byte(0, C);
+ out[ 4] = get_byte(3, D); out[ 5] = get_byte(2, D);
+ out[ 6] = get_byte(1, D); out[ 7] = get_byte(0, D);
+ out[ 8] = get_byte(3, A); out[ 9] = get_byte(2, A);
+ out[10] = get_byte(1, A); out[11] = get_byte(0, A);
+ out[12] = get_byte(3, B); out[13] = get_byte(2, B);
+ out[14] = get_byte(1, B); out[15] = get_byte(0, B);
+ }
+
+/*************************************************
+* Twofish Key Schedule *
+*************************************************/
+void Twofish::key(const byte key[], u32bit length)
+ {
+ SecureBuffer<byte, 16> S;
+
+ for(u32bit j = 0; j != length; ++j)
+ rs_mul(S + 4*(j/8), key[j], j);
+
+ if(length == 16)
+ {
+ for(u32bit j = 0; j != 256; ++j)
+ {
+ SBox0[j] = MDS0[Q0[Q0[j]^S[ 0]]^S[ 4]];
+ SBox1[j] = MDS1[Q0[Q1[j]^S[ 1]]^S[ 5]];
+ SBox2[j] = MDS2[Q1[Q0[j]^S[ 2]]^S[ 6]];
+ SBox3[j] = MDS3[Q1[Q1[j]^S[ 3]]^S[ 7]];
+ }
+ for(u32bit j = 0; j != 40; j += 2)
+ {
+ u32bit X = MDS0[Q0[Q0[j ]^key[ 8]]^key[ 0]] ^
+ MDS1[Q0[Q1[j ]^key[ 9]]^key[ 1]] ^
+ MDS2[Q1[Q0[j ]^key[10]]^key[ 2]] ^
+ MDS3[Q1[Q1[j ]^key[11]]^key[ 3]];
+ u32bit Y = MDS0[Q0[Q0[j+1]^key[12]]^key[ 4]] ^
+ MDS1[Q0[Q1[j+1]^key[13]]^key[ 5]] ^
+ MDS2[Q1[Q0[j+1]^key[14]]^key[ 6]] ^
+ MDS3[Q1[Q1[j+1]^key[15]]^key[ 7]];
+ Y = rotate_left(Y, 8); X += Y; Y += X;
+ round_key[j] = X; round_key[j+1] = rotate_left(Y, 9);
+ }
+ }
+ else if(length == 24)
+ {
+ for(u32bit j = 0; j != 256; ++j)
+ {
+ SBox0[j] = MDS0[Q0[Q0[Q1[j]^S[ 0]]^S[ 4]]^S[ 8]];
+ SBox1[j] = MDS1[Q0[Q1[Q1[j]^S[ 1]]^S[ 5]]^S[ 9]];
+ SBox2[j] = MDS2[Q1[Q0[Q0[j]^S[ 2]]^S[ 6]]^S[10]];
+ SBox3[j] = MDS3[Q1[Q1[Q0[j]^S[ 3]]^S[ 7]]^S[11]];
+ }
+ for(u32bit j = 0; j != 40; j += 2)
+ {
+ u32bit X = MDS0[Q0[Q0[Q1[j ]^key[16]]^key[ 8]]^key[ 0]] ^
+ MDS1[Q0[Q1[Q1[j ]^key[17]]^key[ 9]]^key[ 1]] ^
+ MDS2[Q1[Q0[Q0[j ]^key[18]]^key[10]]^key[ 2]] ^
+ MDS3[Q1[Q1[Q0[j ]^key[19]]^key[11]]^key[ 3]];
+ u32bit Y = MDS0[Q0[Q0[Q1[j+1]^key[20]]^key[12]]^key[ 4]] ^
+ MDS1[Q0[Q1[Q1[j+1]^key[21]]^key[13]]^key[ 5]] ^
+ MDS2[Q1[Q0[Q0[j+1]^key[22]]^key[14]]^key[ 6]] ^
+ MDS3[Q1[Q1[Q0[j+1]^key[23]]^key[15]]^key[ 7]];
+ Y = rotate_left(Y, 8); X += Y; Y += X;
+ round_key[j] = X; round_key[j+1] = rotate_left(Y, 9);
+ }
+ }
+ else if(length == 32)
+ {
+ for(u32bit j = 0; j != 256; ++j)
+ {
+ SBox0[j] = MDS0[Q0[Q0[Q1[Q1[j]^S[ 0]]^S[ 4]]^S[ 8]]^S[12]];
+ SBox1[j] = MDS1[Q0[Q1[Q1[Q0[j]^S[ 1]]^S[ 5]]^S[ 9]]^S[13]];
+ SBox2[j] = MDS2[Q1[Q0[Q0[Q0[j]^S[ 2]]^S[ 6]]^S[10]]^S[14]];
+ SBox3[j] = MDS3[Q1[Q1[Q0[Q1[j]^S[ 3]]^S[ 7]]^S[11]]^S[15]];
+ }
+ for(u32bit j = 0; j != 40; j += 2)
+ {
+ u32bit X = MDS0[Q0[Q0[Q1[Q1[j ]^key[24]]^key[16]]^key[ 8]]^key[ 0]] ^
+ MDS1[Q0[Q1[Q1[Q0[j ]^key[25]]^key[17]]^key[ 9]]^key[ 1]] ^
+ MDS2[Q1[Q0[Q0[Q0[j ]^key[26]]^key[18]]^key[10]]^key[ 2]] ^
+ MDS3[Q1[Q1[Q0[Q1[j ]^key[27]]^key[19]]^key[11]]^key[ 3]];
+ u32bit Y = MDS0[Q0[Q0[Q1[Q1[j+1]^key[28]]^key[20]]^key[12]]^key[ 4]] ^
+ MDS1[Q0[Q1[Q1[Q0[j+1]^key[29]]^key[21]]^key[13]]^key[ 5]] ^
+ MDS2[Q1[Q0[Q0[Q0[j+1]^key[30]]^key[22]]^key[14]]^key[ 6]] ^
+ MDS3[Q1[Q1[Q0[Q1[j+1]^key[31]]^key[23]]^key[15]]^key[ 7]];
+ Y = rotate_left(Y, 8); X += Y; Y += X;
+ round_key[j] = X; round_key[j+1] = rotate_left(Y, 9);
+ }
+ }
+ }
+
+/*************************************************
+* Do one column of the RS matrix multiplcation *
+*************************************************/
+void Twofish::rs_mul(byte S[4], byte key, u32bit offset)
+ {
+ if(key)
+ {
+ byte X = POLY_TO_EXP[key - 1];
+
+ byte RS1 = RS[(4*offset ) % 32];
+ byte RS2 = RS[(4*offset+1) % 32];
+ byte RS3 = RS[(4*offset+2) % 32];
+ byte RS4 = RS[(4*offset+3) % 32];
+
+ S[0] ^= EXP_TO_POLY[(X + POLY_TO_EXP[RS1 - 1]) % 255];
+ S[1] ^= EXP_TO_POLY[(X + POLY_TO_EXP[RS2 - 1]) % 255];
+ S[2] ^= EXP_TO_POLY[(X + POLY_TO_EXP[RS3 - 1]) % 255];
+ S[3] ^= EXP_TO_POLY[(X + POLY_TO_EXP[RS4 - 1]) % 255];
+ }
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void Twofish::clear() throw()
+ {
+ SBox0.clear();
+ SBox1.clear();
+ SBox2.clear();
+ SBox3.clear();
+ round_key.clear();
+ }
+
+}
diff --git a/src/ui.cpp b/src/ui.cpp
new file mode 100644
index 000000000..f8ce0c544
--- /dev/null
+++ b/src/ui.cpp
@@ -0,0 +1,62 @@
+/*************************************************
+* User Interface Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/ui.h>
+
+namespace Botan {
+
+/*************************************************
+* Get a passphrase from the user *
+*************************************************/
+std::string User_Interface::get_passphrase(const std::string&,
+ const std::string&,
+ UI_Result& action) const
+ {
+ action = OK;
+
+ if(!first_try)
+ action = CANCEL_ACTION;
+
+ return preset_passphrase;
+ }
+
+/*************************************************
+* User_Interface Constructor *
+*************************************************/
+User_Interface::User_Interface(const std::string& preset) :
+ preset_passphrase(preset)
+ {
+ first_try = true;
+ }
+
+namespace UI {
+
+/*************************************************
+* The current pulse function *
+*************************************************/
+pulse_func pulse_f = 0;
+void* pulse_f_data = 0;
+
+/*************************************************
+* Set the UI pulse function *
+*************************************************/
+void set_pulse(pulse_func p, void* p_data)
+ {
+ pulse_f = p;
+ pulse_f_data = p_data;
+ }
+
+/*************************************************
+* Call the UI pulse function *
+*************************************************/
+void pulse(Pulse_Type type)
+ {
+ if(pulse_f)
+ pulse_f(type, pulse_f_data);
+ }
+
+}
+
+}
diff --git a/src/util.cpp b/src/util.cpp
new file mode 100644
index 000000000..9f6d08a81
--- /dev/null
+++ b/src/util.cpp
@@ -0,0 +1,81 @@
+/*************************************************
+* Utility Functions Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/util.h>
+#include <botan/bit_ops.h>
+#include <algorithm>
+#include <cmath>
+
+namespace Botan {
+
+/*************************************************
+* Round up n to multiple of align_to *
+*************************************************/
+u32bit round_up(u32bit n, u32bit align_to)
+ {
+ if(n % align_to || n == 0)
+ n += align_to - (n % align_to);
+ return n;
+ }
+
+/*************************************************
+* Round down n to multiple of align_to *
+*************************************************/
+u32bit round_down(u32bit n, u32bit align_to)
+ {
+ return (n - (n % align_to));
+ }
+
+/*************************************************
+* Return the work required for solving DL *
+*************************************************/
+u32bit dl_work_factor(u32bit n_bits)
+ {
+ const u32bit MIN_ESTIMATE = 64;
+
+ if(n_bits < 32)
+ return 0;
+
+ const double log_x = n_bits / 1.44;
+
+ u32bit estimate = (u32bit)(2.76 * std::pow(log_x, 1.0/3.0) *
+ std::pow(std::log(log_x), 2.0/3.0));
+
+ return std::max(estimate, MIN_ESTIMATE);
+ }
+
+/*************************************************
+* Estimate the entropy of the buffer *
+*************************************************/
+u32bit entropy_estimate(const byte buffer[], u32bit length)
+ {
+ if(length <= 4)
+ return 0;
+
+ u32bit estimate = 0;
+ byte last = 0, last_delta = 0, last_delta2 = 0;
+
+ for(u32bit j = 0; j != length; ++j)
+ {
+ byte delta = last ^ buffer[j];
+ last = buffer[j];
+
+ byte delta2 = delta ^ last_delta;
+ last_delta = delta;
+
+ byte delta3 = delta2 ^ last_delta2;
+ last_delta2 = delta2;
+
+ byte min_delta = delta;
+ if(min_delta > delta2) min_delta = delta2;
+ if(min_delta > delta3) min_delta = delta3;
+
+ estimate += hamming_weight(min_delta);
+ }
+
+ return (estimate / 2);
+ }
+
+}
diff --git a/src/whrl_tab.cpp b/src/whrl_tab.cpp
new file mode 100644
index 000000000..8af174717
--- /dev/null
+++ b/src/whrl_tab.cpp
@@ -0,0 +1,538 @@
+/*************************************************
+* Diffusion Tables for Whirlpool *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/whrlpool.h>
+
+namespace Botan {
+
+const u64bit Whirlpool::C0[256] = {
+0x18186018C07830D8, 0x23238C2305AF4626, 0xC6C63FC67EF991B8, 0xE8E887E8136FCDFB,
+0x878726874CA113CB, 0xB8B8DAB8A9626D11, 0x0101040108050209, 0x4F4F214F426E9E0D,
+0x3636D836ADEE6C9B, 0xA6A6A2A6590451FF, 0xD2D26FD2DEBDB90C, 0xF5F5F3F5FB06F70E,
+0x7979F979EF80F296, 0x6F6FA16F5FCEDE30, 0x91917E91FCEF3F6D, 0x52525552AA07A4F8,
+0x60609D6027FDC047, 0xBCBCCABC89766535, 0x9B9B569BACCD2B37, 0x8E8E028E048C018A,
+0xA3A3B6A371155BD2, 0x0C0C300C603C186C, 0x7B7BF17BFF8AF684, 0x3535D435B5E16A80,
+0x1D1D741DE8693AF5, 0xE0E0A7E05347DDB3, 0xD7D77BD7F6ACB321, 0xC2C22FC25EED999C,
+0x2E2EB82E6D965C43, 0x4B4B314B627A9629, 0xFEFEDFFEA321E15D, 0x575741578216AED5,
+0x15155415A8412ABD, 0x7777C1779FB6EEE8, 0x3737DC37A5EB6E92, 0xE5E5B3E57B56D79E,
+0x9F9F469F8CD92313, 0xF0F0E7F0D317FD23, 0x4A4A354A6A7F9420, 0xDADA4FDA9E95A944,
+0x58587D58FA25B0A2, 0xC9C903C906CA8FCF, 0x2929A429558D527C, 0x0A0A280A5022145A,
+0xB1B1FEB1E14F7F50, 0xA0A0BAA0691A5DC9, 0x6B6BB16B7FDAD614, 0x85852E855CAB17D9,
+0xBDBDCEBD8173673C, 0x5D5D695DD234BA8F, 0x1010401080502090, 0xF4F4F7F4F303F507,
+0xCBCB0BCB16C08BDD, 0x3E3EF83EEDC67CD3, 0x0505140528110A2D, 0x676781671FE6CE78,
+0xE4E4B7E47353D597, 0x27279C2725BB4E02, 0x4141194132588273, 0x8B8B168B2C9D0BA7,
+0xA7A7A6A7510153F6, 0x7D7DE97DCF94FAB2, 0x95956E95DCFB3749, 0xD8D847D88E9FAD56,
+0xFBFBCBFB8B30EB70, 0xEEEE9FEE2371C1CD, 0x7C7CED7CC791F8BB, 0x6666856617E3CC71,
+0xDDDD53DDA68EA77B, 0x17175C17B84B2EAF, 0x4747014702468E45, 0x9E9E429E84DC211A,
+0xCACA0FCA1EC589D4, 0x2D2DB42D75995A58, 0xBFBFC6BF9179632E, 0x07071C07381B0E3F,
+0xADAD8EAD012347AC, 0x5A5A755AEA2FB4B0, 0x838336836CB51BEF, 0x3333CC3385FF66B6,
+0x636391633FF2C65C, 0x02020802100A0412, 0xAAAA92AA39384993, 0x7171D971AFA8E2DE,
+0xC8C807C80ECF8DC6, 0x19196419C87D32D1, 0x494939497270923B, 0xD9D943D9869AAF5F,
+0xF2F2EFF2C31DF931, 0xE3E3ABE34B48DBA8, 0x5B5B715BE22AB6B9, 0x88881A8834920DBC,
+0x9A9A529AA4C8293E, 0x262698262DBE4C0B, 0x3232C8328DFA64BF, 0xB0B0FAB0E94A7D59,
+0xE9E983E91B6ACFF2, 0x0F0F3C0F78331E77, 0xD5D573D5E6A6B733, 0x80803A8074BA1DF4,
+0xBEBEC2BE997C6127, 0xCDCD13CD26DE87EB, 0x3434D034BDE46889, 0x48483D487A759032,
+0xFFFFDBFFAB24E354, 0x7A7AF57AF78FF48D, 0x90907A90F4EA3D64, 0x5F5F615FC23EBE9D,
+0x202080201DA0403D, 0x6868BD6867D5D00F, 0x1A1A681AD07234CA, 0xAEAE82AE192C41B7,
+0xB4B4EAB4C95E757D, 0x54544D549A19A8CE, 0x93937693ECE53B7F, 0x222288220DAA442F,
+0x64648D6407E9C863, 0xF1F1E3F1DB12FF2A, 0x7373D173BFA2E6CC, 0x12124812905A2482,
+0x40401D403A5D807A, 0x0808200840281048, 0xC3C32BC356E89B95, 0xECEC97EC337BC5DF,
+0xDBDB4BDB9690AB4D, 0xA1A1BEA1611F5FC0, 0x8D8D0E8D1C830791, 0x3D3DF43DF5C97AC8,
+0x97976697CCF1335B, 0x0000000000000000, 0xCFCF1BCF36D483F9, 0x2B2BAC2B4587566E,
+0x7676C57697B3ECE1, 0x8282328264B019E6, 0xD6D67FD6FEA9B128, 0x1B1B6C1BD87736C3,
+0xB5B5EEB5C15B7774, 0xAFAF86AF112943BE, 0x6A6AB56A77DFD41D, 0x50505D50BA0DA0EA,
+0x45450945124C8A57, 0xF3F3EBF3CB18FB38, 0x3030C0309DF060AD, 0xEFEF9BEF2B74C3C4,
+0x3F3FFC3FE5C37EDA, 0x55554955921CAAC7, 0xA2A2B2A2791059DB, 0xEAEA8FEA0365C9E9,
+0x656589650FECCA6A, 0xBABAD2BAB9686903, 0x2F2FBC2F65935E4A, 0xC0C027C04EE79D8E,
+0xDEDE5FDEBE81A160, 0x1C1C701CE06C38FC, 0xFDFDD3FDBB2EE746, 0x4D4D294D52649A1F,
+0x92927292E4E03976, 0x7575C9758FBCEAFA, 0x06061806301E0C36, 0x8A8A128A249809AE,
+0xB2B2F2B2F940794B, 0xE6E6BFE66359D185, 0x0E0E380E70361C7E, 0x1F1F7C1FF8633EE7,
+0x6262956237F7C455, 0xD4D477D4EEA3B53A, 0xA8A89AA829324D81, 0x96966296C4F43152,
+0xF9F9C3F99B3AEF62, 0xC5C533C566F697A3, 0x2525942535B14A10, 0x59597959F220B2AB,
+0x84842A8454AE15D0, 0x7272D572B7A7E4C5, 0x3939E439D5DD72EC, 0x4C4C2D4C5A619816,
+0x5E5E655ECA3BBC94, 0x7878FD78E785F09F, 0x3838E038DDD870E5, 0x8C8C0A8C14860598,
+0xD1D163D1C6B2BF17, 0xA5A5AEA5410B57E4, 0xE2E2AFE2434DD9A1, 0x616199612FF8C24E,
+0xB3B3F6B3F1457B42, 0x2121842115A54234, 0x9C9C4A9C94D62508, 0x1E1E781EF0663CEE,
+0x4343114322528661, 0xC7C73BC776FC93B1, 0xFCFCD7FCB32BE54F, 0x0404100420140824,
+0x51515951B208A2E3, 0x99995E99BCC72F25, 0x6D6DA96D4FC4DA22, 0x0D0D340D68391A65,
+0xFAFACFFA8335E979, 0xDFDF5BDFB684A369, 0x7E7EE57ED79BFCA9, 0x242490243DB44819,
+0x3B3BEC3BC5D776FE, 0xABAB96AB313D4B9A, 0xCECE1FCE3ED181F0, 0x1111441188552299,
+0x8F8F068F0C890383, 0x4E4E254E4A6B9C04, 0xB7B7E6B7D1517366, 0xEBEB8BEB0B60CBE0,
+0x3C3CF03CFDCC78C1, 0x81813E817CBF1FFD, 0x94946A94D4FE3540, 0xF7F7FBF7EB0CF31C,
+0xB9B9DEB9A1676F18, 0x13134C13985F268B, 0x2C2CB02C7D9C5851, 0xD3D36BD3D6B8BB05,
+0xE7E7BBE76B5CD38C, 0x6E6EA56E57CBDC39, 0xC4C437C46EF395AA, 0x03030C03180F061B,
+0x565645568A13ACDC, 0x44440D441A49885E, 0x7F7FE17FDF9EFEA0, 0xA9A99EA921374F88,
+0x2A2AA82A4D825467, 0xBBBBD6BBB16D6B0A, 0xC1C123C146E29F87, 0x53535153A202A6F1,
+0xDCDC57DCAE8BA572, 0x0B0B2C0B58271653, 0x9D9D4E9D9CD32701, 0x6C6CAD6C47C1D82B,
+0x3131C43195F562A4, 0x7474CD7487B9E8F3, 0xF6F6FFF6E309F115, 0x464605460A438C4C,
+0xACAC8AAC092645A5, 0x89891E893C970FB5, 0x14145014A04428B4, 0xE1E1A3E15B42DFBA,
+0x16165816B04E2CA6, 0x3A3AE83ACDD274F7, 0x6969B9696FD0D206, 0x09092409482D1241,
+0x7070DD70A7ADE0D7, 0xB6B6E2B6D954716F, 0xD0D067D0CEB7BD1E, 0xEDED93ED3B7EC7D6,
+0xCCCC17CC2EDB85E2, 0x424215422A578468, 0x98985A98B4C22D2C, 0xA4A4AAA4490E55ED,
+0x2828A0285D885075, 0x5C5C6D5CDA31B886, 0xF8F8C7F8933FED6B, 0x8686228644A411C2 };
+
+const u64bit Whirlpool::C1[256] = {
+0xD818186018C07830, 0x2623238C2305AF46, 0xB8C6C63FC67EF991, 0xFBE8E887E8136FCD,
+0xCB878726874CA113, 0x11B8B8DAB8A9626D, 0x0901010401080502, 0x0D4F4F214F426E9E,
+0x9B3636D836ADEE6C, 0xFFA6A6A2A6590451, 0x0CD2D26FD2DEBDB9, 0x0EF5F5F3F5FB06F7,
+0x967979F979EF80F2, 0x306F6FA16F5FCEDE, 0x6D91917E91FCEF3F, 0xF852525552AA07A4,
+0x4760609D6027FDC0, 0x35BCBCCABC897665, 0x379B9B569BACCD2B, 0x8A8E8E028E048C01,
+0xD2A3A3B6A371155B, 0x6C0C0C300C603C18, 0x847B7BF17BFF8AF6, 0x803535D435B5E16A,
+0xF51D1D741DE8693A, 0xB3E0E0A7E05347DD, 0x21D7D77BD7F6ACB3, 0x9CC2C22FC25EED99,
+0x432E2EB82E6D965C, 0x294B4B314B627A96, 0x5DFEFEDFFEA321E1, 0xD5575741578216AE,
+0xBD15155415A8412A, 0xE87777C1779FB6EE, 0x923737DC37A5EB6E, 0x9EE5E5B3E57B56D7,
+0x139F9F469F8CD923, 0x23F0F0E7F0D317FD, 0x204A4A354A6A7F94, 0x44DADA4FDA9E95A9,
+0xA258587D58FA25B0, 0xCFC9C903C906CA8F, 0x7C2929A429558D52, 0x5A0A0A280A502214,
+0x50B1B1FEB1E14F7F, 0xC9A0A0BAA0691A5D, 0x146B6BB16B7FDAD6, 0xD985852E855CAB17,
+0x3CBDBDCEBD817367, 0x8F5D5D695DD234BA, 0x9010104010805020, 0x07F4F4F7F4F303F5,
+0xDDCBCB0BCB16C08B, 0xD33E3EF83EEDC67C, 0x2D0505140528110A, 0x78676781671FE6CE,
+0x97E4E4B7E47353D5, 0x0227279C2725BB4E, 0x7341411941325882, 0xA78B8B168B2C9D0B,
+0xF6A7A7A6A7510153, 0xB27D7DE97DCF94FA, 0x4995956E95DCFB37, 0x56D8D847D88E9FAD,
+0x70FBFBCBFB8B30EB, 0xCDEEEE9FEE2371C1, 0xBB7C7CED7CC791F8, 0x716666856617E3CC,
+0x7BDDDD53DDA68EA7, 0xAF17175C17B84B2E, 0x454747014702468E, 0x1A9E9E429E84DC21,
+0xD4CACA0FCA1EC589, 0x582D2DB42D75995A, 0x2EBFBFC6BF917963, 0x3F07071C07381B0E,
+0xACADAD8EAD012347, 0xB05A5A755AEA2FB4, 0xEF838336836CB51B, 0xB63333CC3385FF66,
+0x5C636391633FF2C6, 0x1202020802100A04, 0x93AAAA92AA393849, 0xDE7171D971AFA8E2,
+0xC6C8C807C80ECF8D, 0xD119196419C87D32, 0x3B49493949727092, 0x5FD9D943D9869AAF,
+0x31F2F2EFF2C31DF9, 0xA8E3E3ABE34B48DB, 0xB95B5B715BE22AB6, 0xBC88881A8834920D,
+0x3E9A9A529AA4C829, 0x0B262698262DBE4C, 0xBF3232C8328DFA64, 0x59B0B0FAB0E94A7D,
+0xF2E9E983E91B6ACF, 0x770F0F3C0F78331E, 0x33D5D573D5E6A6B7, 0xF480803A8074BA1D,
+0x27BEBEC2BE997C61, 0xEBCDCD13CD26DE87, 0x893434D034BDE468, 0x3248483D487A7590,
+0x54FFFFDBFFAB24E3, 0x8D7A7AF57AF78FF4, 0x6490907A90F4EA3D, 0x9D5F5F615FC23EBE,
+0x3D202080201DA040, 0x0F6868BD6867D5D0, 0xCA1A1A681AD07234, 0xB7AEAE82AE192C41,
+0x7DB4B4EAB4C95E75, 0xCE54544D549A19A8, 0x7F93937693ECE53B, 0x2F222288220DAA44,
+0x6364648D6407E9C8, 0x2AF1F1E3F1DB12FF, 0xCC7373D173BFA2E6, 0x8212124812905A24,
+0x7A40401D403A5D80, 0x4808082008402810, 0x95C3C32BC356E89B, 0xDFECEC97EC337BC5,
+0x4DDBDB4BDB9690AB, 0xC0A1A1BEA1611F5F, 0x918D8D0E8D1C8307, 0xC83D3DF43DF5C97A,
+0x5B97976697CCF133, 0x0000000000000000, 0xF9CFCF1BCF36D483, 0x6E2B2BAC2B458756,
+0xE17676C57697B3EC, 0xE68282328264B019, 0x28D6D67FD6FEA9B1, 0xC31B1B6C1BD87736,
+0x74B5B5EEB5C15B77, 0xBEAFAF86AF112943, 0x1D6A6AB56A77DFD4, 0xEA50505D50BA0DA0,
+0x5745450945124C8A, 0x38F3F3EBF3CB18FB, 0xAD3030C0309DF060, 0xC4EFEF9BEF2B74C3,
+0xDA3F3FFC3FE5C37E, 0xC755554955921CAA, 0xDBA2A2B2A2791059, 0xE9EAEA8FEA0365C9,
+0x6A656589650FECCA, 0x03BABAD2BAB96869, 0x4A2F2FBC2F65935E, 0x8EC0C027C04EE79D,
+0x60DEDE5FDEBE81A1, 0xFC1C1C701CE06C38, 0x46FDFDD3FDBB2EE7, 0x1F4D4D294D52649A,
+0x7692927292E4E039, 0xFA7575C9758FBCEA, 0x3606061806301E0C, 0xAE8A8A128A249809,
+0x4BB2B2F2B2F94079, 0x85E6E6BFE66359D1, 0x7E0E0E380E70361C, 0xE71F1F7C1FF8633E,
+0x556262956237F7C4, 0x3AD4D477D4EEA3B5, 0x81A8A89AA829324D, 0x5296966296C4F431,
+0x62F9F9C3F99B3AEF, 0xA3C5C533C566F697, 0x102525942535B14A, 0xAB59597959F220B2,
+0xD084842A8454AE15, 0xC57272D572B7A7E4, 0xEC3939E439D5DD72, 0x164C4C2D4C5A6198,
+0x945E5E655ECA3BBC, 0x9F7878FD78E785F0, 0xE53838E038DDD870, 0x988C8C0A8C148605,
+0x17D1D163D1C6B2BF, 0xE4A5A5AEA5410B57, 0xA1E2E2AFE2434DD9, 0x4E616199612FF8C2,
+0x42B3B3F6B3F1457B, 0x342121842115A542, 0x089C9C4A9C94D625, 0xEE1E1E781EF0663C,
+0x6143431143225286, 0xB1C7C73BC776FC93, 0x4FFCFCD7FCB32BE5, 0x2404041004201408,
+0xE351515951B208A2, 0x2599995E99BCC72F, 0x226D6DA96D4FC4DA, 0x650D0D340D68391A,
+0x79FAFACFFA8335E9, 0x69DFDF5BDFB684A3, 0xA97E7EE57ED79BFC, 0x19242490243DB448,
+0xFE3B3BEC3BC5D776, 0x9AABAB96AB313D4B, 0xF0CECE1FCE3ED181, 0x9911114411885522,
+0x838F8F068F0C8903, 0x044E4E254E4A6B9C, 0x66B7B7E6B7D15173, 0xE0EBEB8BEB0B60CB,
+0xC13C3CF03CFDCC78, 0xFD81813E817CBF1F, 0x4094946A94D4FE35, 0x1CF7F7FBF7EB0CF3,
+0x18B9B9DEB9A1676F, 0x8B13134C13985F26, 0x512C2CB02C7D9C58, 0x05D3D36BD3D6B8BB,
+0x8CE7E7BBE76B5CD3, 0x396E6EA56E57CBDC, 0xAAC4C437C46EF395, 0x1B03030C03180F06,
+0xDC565645568A13AC, 0x5E44440D441A4988, 0xA07F7FE17FDF9EFE, 0x88A9A99EA921374F,
+0x672A2AA82A4D8254, 0x0ABBBBD6BBB16D6B, 0x87C1C123C146E29F, 0xF153535153A202A6,
+0x72DCDC57DCAE8BA5, 0x530B0B2C0B582716, 0x019D9D4E9D9CD327, 0x2B6C6CAD6C47C1D8,
+0xA43131C43195F562, 0xF37474CD7487B9E8, 0x15F6F6FFF6E309F1, 0x4C464605460A438C,
+0xA5ACAC8AAC092645, 0xB589891E893C970F, 0xB414145014A04428, 0xBAE1E1A3E15B42DF,
+0xA616165816B04E2C, 0xF73A3AE83ACDD274, 0x066969B9696FD0D2, 0x4109092409482D12,
+0xD77070DD70A7ADE0, 0x6FB6B6E2B6D95471, 0x1ED0D067D0CEB7BD, 0xD6EDED93ED3B7EC7,
+0xE2CCCC17CC2EDB85, 0x68424215422A5784, 0x2C98985A98B4C22D, 0xEDA4A4AAA4490E55,
+0x752828A0285D8850, 0x865C5C6D5CDA31B8, 0x6BF8F8C7F8933FED, 0xC28686228644A411 };
+
+const u64bit Whirlpool::C2[256] = {
+0x30D818186018C078, 0x462623238C2305AF, 0x91B8C6C63FC67EF9, 0xCDFBE8E887E8136F,
+0x13CB878726874CA1, 0x6D11B8B8DAB8A962, 0x0209010104010805, 0x9E0D4F4F214F426E,
+0x6C9B3636D836ADEE, 0x51FFA6A6A2A65904, 0xB90CD2D26FD2DEBD, 0xF70EF5F5F3F5FB06,
+0xF2967979F979EF80, 0xDE306F6FA16F5FCE, 0x3F6D91917E91FCEF, 0xA4F852525552AA07,
+0xC04760609D6027FD, 0x6535BCBCCABC8976, 0x2B379B9B569BACCD, 0x018A8E8E028E048C,
+0x5BD2A3A3B6A37115, 0x186C0C0C300C603C, 0xF6847B7BF17BFF8A, 0x6A803535D435B5E1,
+0x3AF51D1D741DE869, 0xDDB3E0E0A7E05347, 0xB321D7D77BD7F6AC, 0x999CC2C22FC25EED,
+0x5C432E2EB82E6D96, 0x96294B4B314B627A, 0xE15DFEFEDFFEA321, 0xAED5575741578216,
+0x2ABD15155415A841, 0xEEE87777C1779FB6, 0x6E923737DC37A5EB, 0xD79EE5E5B3E57B56,
+0x23139F9F469F8CD9, 0xFD23F0F0E7F0D317, 0x94204A4A354A6A7F, 0xA944DADA4FDA9E95,
+0xB0A258587D58FA25, 0x8FCFC9C903C906CA, 0x527C2929A429558D, 0x145A0A0A280A5022,
+0x7F50B1B1FEB1E14F, 0x5DC9A0A0BAA0691A, 0xD6146B6BB16B7FDA, 0x17D985852E855CAB,
+0x673CBDBDCEBD8173, 0xBA8F5D5D695DD234, 0x2090101040108050, 0xF507F4F4F7F4F303,
+0x8BDDCBCB0BCB16C0, 0x7CD33E3EF83EEDC6, 0x0A2D050514052811, 0xCE78676781671FE6,
+0xD597E4E4B7E47353, 0x4E0227279C2725BB, 0x8273414119413258, 0x0BA78B8B168B2C9D,
+0x53F6A7A7A6A75101, 0xFAB27D7DE97DCF94, 0x374995956E95DCFB, 0xAD56D8D847D88E9F,
+0xEB70FBFBCBFB8B30, 0xC1CDEEEE9FEE2371, 0xF8BB7C7CED7CC791, 0xCC716666856617E3,
+0xA77BDDDD53DDA68E, 0x2EAF17175C17B84B, 0x8E45474701470246, 0x211A9E9E429E84DC,
+0x89D4CACA0FCA1EC5, 0x5A582D2DB42D7599, 0x632EBFBFC6BF9179, 0x0E3F07071C07381B,
+0x47ACADAD8EAD0123, 0xB4B05A5A755AEA2F, 0x1BEF838336836CB5, 0x66B63333CC3385FF,
+0xC65C636391633FF2, 0x041202020802100A, 0x4993AAAA92AA3938, 0xE2DE7171D971AFA8,
+0x8DC6C8C807C80ECF, 0x32D119196419C87D, 0x923B494939497270, 0xAF5FD9D943D9869A,
+0xF931F2F2EFF2C31D, 0xDBA8E3E3ABE34B48, 0xB6B95B5B715BE22A, 0x0DBC88881A883492,
+0x293E9A9A529AA4C8, 0x4C0B262698262DBE, 0x64BF3232C8328DFA, 0x7D59B0B0FAB0E94A,
+0xCFF2E9E983E91B6A, 0x1E770F0F3C0F7833, 0xB733D5D573D5E6A6, 0x1DF480803A8074BA,
+0x6127BEBEC2BE997C, 0x87EBCDCD13CD26DE, 0x68893434D034BDE4, 0x903248483D487A75,
+0xE354FFFFDBFFAB24, 0xF48D7A7AF57AF78F, 0x3D6490907A90F4EA, 0xBE9D5F5F615FC23E,
+0x403D202080201DA0, 0xD00F6868BD6867D5, 0x34CA1A1A681AD072, 0x41B7AEAE82AE192C,
+0x757DB4B4EAB4C95E, 0xA8CE54544D549A19, 0x3B7F93937693ECE5, 0x442F222288220DAA,
+0xC86364648D6407E9, 0xFF2AF1F1E3F1DB12, 0xE6CC7373D173BFA2, 0x248212124812905A,
+0x807A40401D403A5D, 0x1048080820084028, 0x9B95C3C32BC356E8, 0xC5DFECEC97EC337B,
+0xAB4DDBDB4BDB9690, 0x5FC0A1A1BEA1611F, 0x07918D8D0E8D1C83, 0x7AC83D3DF43DF5C9,
+0x335B97976697CCF1, 0x0000000000000000, 0x83F9CFCF1BCF36D4, 0x566E2B2BAC2B4587,
+0xECE17676C57697B3, 0x19E68282328264B0, 0xB128D6D67FD6FEA9, 0x36C31B1B6C1BD877,
+0x7774B5B5EEB5C15B, 0x43BEAFAF86AF1129, 0xD41D6A6AB56A77DF, 0xA0EA50505D50BA0D,
+0x8A5745450945124C, 0xFB38F3F3EBF3CB18, 0x60AD3030C0309DF0, 0xC3C4EFEF9BEF2B74,
+0x7EDA3F3FFC3FE5C3, 0xAAC755554955921C, 0x59DBA2A2B2A27910, 0xC9E9EAEA8FEA0365,
+0xCA6A656589650FEC, 0x6903BABAD2BAB968, 0x5E4A2F2FBC2F6593, 0x9D8EC0C027C04EE7,
+0xA160DEDE5FDEBE81, 0x38FC1C1C701CE06C, 0xE746FDFDD3FDBB2E, 0x9A1F4D4D294D5264,
+0x397692927292E4E0, 0xEAFA7575C9758FBC, 0x0C3606061806301E, 0x09AE8A8A128A2498,
+0x794BB2B2F2B2F940, 0xD185E6E6BFE66359, 0x1C7E0E0E380E7036, 0x3EE71F1F7C1FF863,
+0xC4556262956237F7, 0xB53AD4D477D4EEA3, 0x4D81A8A89AA82932, 0x315296966296C4F4,
+0xEF62F9F9C3F99B3A, 0x97A3C5C533C566F6, 0x4A102525942535B1, 0xB2AB59597959F220,
+0x15D084842A8454AE, 0xE4C57272D572B7A7, 0x72EC3939E439D5DD, 0x98164C4C2D4C5A61,
+0xBC945E5E655ECA3B, 0xF09F7878FD78E785, 0x70E53838E038DDD8, 0x05988C8C0A8C1486,
+0xBF17D1D163D1C6B2, 0x57E4A5A5AEA5410B, 0xD9A1E2E2AFE2434D, 0xC24E616199612FF8,
+0x7B42B3B3F6B3F145, 0x42342121842115A5, 0x25089C9C4A9C94D6, 0x3CEE1E1E781EF066,
+0x8661434311432252, 0x93B1C7C73BC776FC, 0xE54FFCFCD7FCB32B, 0x0824040410042014,
+0xA2E351515951B208, 0x2F2599995E99BCC7, 0xDA226D6DA96D4FC4, 0x1A650D0D340D6839,
+0xE979FAFACFFA8335, 0xA369DFDF5BDFB684, 0xFCA97E7EE57ED79B, 0x4819242490243DB4,
+0x76FE3B3BEC3BC5D7, 0x4B9AABAB96AB313D, 0x81F0CECE1FCE3ED1, 0x2299111144118855,
+0x03838F8F068F0C89, 0x9C044E4E254E4A6B, 0x7366B7B7E6B7D151, 0xCBE0EBEB8BEB0B60,
+0x78C13C3CF03CFDCC, 0x1FFD81813E817CBF, 0x354094946A94D4FE, 0xF31CF7F7FBF7EB0C,
+0x6F18B9B9DEB9A167, 0x268B13134C13985F, 0x58512C2CB02C7D9C, 0xBB05D3D36BD3D6B8,
+0xD38CE7E7BBE76B5C, 0xDC396E6EA56E57CB, 0x95AAC4C437C46EF3, 0x061B03030C03180F,
+0xACDC565645568A13, 0x885E44440D441A49, 0xFEA07F7FE17FDF9E, 0x4F88A9A99EA92137,
+0x54672A2AA82A4D82, 0x6B0ABBBBD6BBB16D, 0x9F87C1C123C146E2, 0xA6F153535153A202,
+0xA572DCDC57DCAE8B, 0x16530B0B2C0B5827, 0x27019D9D4E9D9CD3, 0xD82B6C6CAD6C47C1,
+0x62A43131C43195F5, 0xE8F37474CD7487B9, 0xF115F6F6FFF6E309, 0x8C4C464605460A43,
+0x45A5ACAC8AAC0926, 0x0FB589891E893C97, 0x28B414145014A044, 0xDFBAE1E1A3E15B42,
+0x2CA616165816B04E, 0x74F73A3AE83ACDD2, 0xD2066969B9696FD0, 0x124109092409482D,
+0xE0D77070DD70A7AD, 0x716FB6B6E2B6D954, 0xBD1ED0D067D0CEB7, 0xC7D6EDED93ED3B7E,
+0x85E2CCCC17CC2EDB, 0x8468424215422A57, 0x2D2C98985A98B4C2, 0x55EDA4A4AAA4490E,
+0x50752828A0285D88, 0xB8865C5C6D5CDA31, 0xED6BF8F8C7F8933F, 0x11C28686228644A4 };
+
+const u64bit Whirlpool::C3[256] = {
+0x7830D818186018C0, 0xAF462623238C2305, 0xF991B8C6C63FC67E, 0x6FCDFBE8E887E813,
+0xA113CB878726874C, 0x626D11B8B8DAB8A9, 0x0502090101040108, 0x6E9E0D4F4F214F42,
+0xEE6C9B3636D836AD, 0x0451FFA6A6A2A659, 0xBDB90CD2D26FD2DE, 0x06F70EF5F5F3F5FB,
+0x80F2967979F979EF, 0xCEDE306F6FA16F5F, 0xEF3F6D91917E91FC, 0x07A4F852525552AA,
+0xFDC04760609D6027, 0x766535BCBCCABC89, 0xCD2B379B9B569BAC, 0x8C018A8E8E028E04,
+0x155BD2A3A3B6A371, 0x3C186C0C0C300C60, 0x8AF6847B7BF17BFF, 0xE16A803535D435B5,
+0x693AF51D1D741DE8, 0x47DDB3E0E0A7E053, 0xACB321D7D77BD7F6, 0xED999CC2C22FC25E,
+0x965C432E2EB82E6D, 0x7A96294B4B314B62, 0x21E15DFEFEDFFEA3, 0x16AED55757415782,
+0x412ABD15155415A8, 0xB6EEE87777C1779F, 0xEB6E923737DC37A5, 0x56D79EE5E5B3E57B,
+0xD923139F9F469F8C, 0x17FD23F0F0E7F0D3, 0x7F94204A4A354A6A, 0x95A944DADA4FDA9E,
+0x25B0A258587D58FA, 0xCA8FCFC9C903C906, 0x8D527C2929A42955, 0x22145A0A0A280A50,
+0x4F7F50B1B1FEB1E1, 0x1A5DC9A0A0BAA069, 0xDAD6146B6BB16B7F, 0xAB17D985852E855C,
+0x73673CBDBDCEBD81, 0x34BA8F5D5D695DD2, 0x5020901010401080, 0x03F507F4F4F7F4F3,
+0xC08BDDCBCB0BCB16, 0xC67CD33E3EF83EED, 0x110A2D0505140528, 0xE6CE78676781671F,
+0x53D597E4E4B7E473, 0xBB4E0227279C2725, 0x5882734141194132, 0x9D0BA78B8B168B2C,
+0x0153F6A7A7A6A751, 0x94FAB27D7DE97DCF, 0xFB374995956E95DC, 0x9FAD56D8D847D88E,
+0x30EB70FBFBCBFB8B, 0x71C1CDEEEE9FEE23, 0x91F8BB7C7CED7CC7, 0xE3CC716666856617,
+0x8EA77BDDDD53DDA6, 0x4B2EAF17175C17B8, 0x468E454747014702, 0xDC211A9E9E429E84,
+0xC589D4CACA0FCA1E, 0x995A582D2DB42D75, 0x79632EBFBFC6BF91, 0x1B0E3F07071C0738,
+0x2347ACADAD8EAD01, 0x2FB4B05A5A755AEA, 0xB51BEF838336836C, 0xFF66B63333CC3385,
+0xF2C65C636391633F, 0x0A04120202080210, 0x384993AAAA92AA39, 0xA8E2DE7171D971AF,
+0xCF8DC6C8C807C80E, 0x7D32D119196419C8, 0x70923B4949394972, 0x9AAF5FD9D943D986,
+0x1DF931F2F2EFF2C3, 0x48DBA8E3E3ABE34B, 0x2AB6B95B5B715BE2, 0x920DBC88881A8834,
+0xC8293E9A9A529AA4, 0xBE4C0B262698262D, 0xFA64BF3232C8328D, 0x4A7D59B0B0FAB0E9,
+0x6ACFF2E9E983E91B, 0x331E770F0F3C0F78, 0xA6B733D5D573D5E6, 0xBA1DF480803A8074,
+0x7C6127BEBEC2BE99, 0xDE87EBCDCD13CD26, 0xE468893434D034BD, 0x75903248483D487A,
+0x24E354FFFFDBFFAB, 0x8FF48D7A7AF57AF7, 0xEA3D6490907A90F4, 0x3EBE9D5F5F615FC2,
+0xA0403D202080201D, 0xD5D00F6868BD6867, 0x7234CA1A1A681AD0, 0x2C41B7AEAE82AE19,
+0x5E757DB4B4EAB4C9, 0x19A8CE54544D549A, 0xE53B7F93937693EC, 0xAA442F222288220D,
+0xE9C86364648D6407, 0x12FF2AF1F1E3F1DB, 0xA2E6CC7373D173BF, 0x5A24821212481290,
+0x5D807A40401D403A, 0x2810480808200840, 0xE89B95C3C32BC356, 0x7BC5DFECEC97EC33,
+0x90AB4DDBDB4BDB96, 0x1F5FC0A1A1BEA161, 0x8307918D8D0E8D1C, 0xC97AC83D3DF43DF5,
+0xF1335B97976697CC, 0x0000000000000000, 0xD483F9CFCF1BCF36, 0x87566E2B2BAC2B45,
+0xB3ECE17676C57697, 0xB019E68282328264, 0xA9B128D6D67FD6FE, 0x7736C31B1B6C1BD8,
+0x5B7774B5B5EEB5C1, 0x2943BEAFAF86AF11, 0xDFD41D6A6AB56A77, 0x0DA0EA50505D50BA,
+0x4C8A574545094512, 0x18FB38F3F3EBF3CB, 0xF060AD3030C0309D, 0x74C3C4EFEF9BEF2B,
+0xC37EDA3F3FFC3FE5, 0x1CAAC75555495592, 0x1059DBA2A2B2A279, 0x65C9E9EAEA8FEA03,
+0xECCA6A656589650F, 0x686903BABAD2BAB9, 0x935E4A2F2FBC2F65, 0xE79D8EC0C027C04E,
+0x81A160DEDE5FDEBE, 0x6C38FC1C1C701CE0, 0x2EE746FDFDD3FDBB, 0x649A1F4D4D294D52,
+0xE0397692927292E4, 0xBCEAFA7575C9758F, 0x1E0C360606180630, 0x9809AE8A8A128A24,
+0x40794BB2B2F2B2F9, 0x59D185E6E6BFE663, 0x361C7E0E0E380E70, 0x633EE71F1F7C1FF8,
+0xF7C4556262956237, 0xA3B53AD4D477D4EE, 0x324D81A8A89AA829, 0xF4315296966296C4,
+0x3AEF62F9F9C3F99B, 0xF697A3C5C533C566, 0xB14A102525942535, 0x20B2AB59597959F2,
+0xAE15D084842A8454, 0xA7E4C57272D572B7, 0xDD72EC3939E439D5, 0x6198164C4C2D4C5A,
+0x3BBC945E5E655ECA, 0x85F09F7878FD78E7, 0xD870E53838E038DD, 0x8605988C8C0A8C14,
+0xB2BF17D1D163D1C6, 0x0B57E4A5A5AEA541, 0x4DD9A1E2E2AFE243, 0xF8C24E616199612F,
+0x457B42B3B3F6B3F1, 0xA542342121842115, 0xD625089C9C4A9C94, 0x663CEE1E1E781EF0,
+0x5286614343114322, 0xFC93B1C7C73BC776, 0x2BE54FFCFCD7FCB3, 0x1408240404100420,
+0x08A2E351515951B2, 0xC72F2599995E99BC, 0xC4DA226D6DA96D4F, 0x391A650D0D340D68,
+0x35E979FAFACFFA83, 0x84A369DFDF5BDFB6, 0x9BFCA97E7EE57ED7, 0xB44819242490243D,
+0xD776FE3B3BEC3BC5, 0x3D4B9AABAB96AB31, 0xD181F0CECE1FCE3E, 0x5522991111441188,
+0x8903838F8F068F0C, 0x6B9C044E4E254E4A, 0x517366B7B7E6B7D1, 0x60CBE0EBEB8BEB0B,
+0xCC78C13C3CF03CFD, 0xBF1FFD81813E817C, 0xFE354094946A94D4, 0x0CF31CF7F7FBF7EB,
+0x676F18B9B9DEB9A1, 0x5F268B13134C1398, 0x9C58512C2CB02C7D, 0xB8BB05D3D36BD3D6,
+0x5CD38CE7E7BBE76B, 0xCBDC396E6EA56E57, 0xF395AAC4C437C46E, 0x0F061B03030C0318,
+0x13ACDC565645568A, 0x49885E44440D441A, 0x9EFEA07F7FE17FDF, 0x374F88A9A99EA921,
+0x8254672A2AA82A4D, 0x6D6B0ABBBBD6BBB1, 0xE29F87C1C123C146, 0x02A6F153535153A2,
+0x8BA572DCDC57DCAE, 0x2716530B0B2C0B58, 0xD327019D9D4E9D9C, 0xC1D82B6C6CAD6C47,
+0xF562A43131C43195, 0xB9E8F37474CD7487, 0x09F115F6F6FFF6E3, 0x438C4C464605460A,
+0x2645A5ACAC8AAC09, 0x970FB589891E893C, 0x4428B414145014A0, 0x42DFBAE1E1A3E15B,
+0x4E2CA616165816B0, 0xD274F73A3AE83ACD, 0xD0D2066969B9696F, 0x2D12410909240948,
+0xADE0D77070DD70A7, 0x54716FB6B6E2B6D9, 0xB7BD1ED0D067D0CE, 0x7EC7D6EDED93ED3B,
+0xDB85E2CCCC17CC2E, 0x578468424215422A, 0xC22D2C98985A98B4, 0x0E55EDA4A4AAA449,
+0x8850752828A0285D, 0x31B8865C5C6D5CDA, 0x3FED6BF8F8C7F893, 0xA411C28686228644 };
+
+const u64bit Whirlpool::C4[256] = {
+0xC07830D818186018, 0x05AF462623238C23, 0x7EF991B8C6C63FC6, 0x136FCDFBE8E887E8,
+0x4CA113CB87872687, 0xA9626D11B8B8DAB8, 0x0805020901010401, 0x426E9E0D4F4F214F,
+0xADEE6C9B3636D836, 0x590451FFA6A6A2A6, 0xDEBDB90CD2D26FD2, 0xFB06F70EF5F5F3F5,
+0xEF80F2967979F979, 0x5FCEDE306F6FA16F, 0xFCEF3F6D91917E91, 0xAA07A4F852525552,
+0x27FDC04760609D60, 0x89766535BCBCCABC, 0xACCD2B379B9B569B, 0x048C018A8E8E028E,
+0x71155BD2A3A3B6A3, 0x603C186C0C0C300C, 0xFF8AF6847B7BF17B, 0xB5E16A803535D435,
+0xE8693AF51D1D741D, 0x5347DDB3E0E0A7E0, 0xF6ACB321D7D77BD7, 0x5EED999CC2C22FC2,
+0x6D965C432E2EB82E, 0x627A96294B4B314B, 0xA321E15DFEFEDFFE, 0x8216AED557574157,
+0xA8412ABD15155415, 0x9FB6EEE87777C177, 0xA5EB6E923737DC37, 0x7B56D79EE5E5B3E5,
+0x8CD923139F9F469F, 0xD317FD23F0F0E7F0, 0x6A7F94204A4A354A, 0x9E95A944DADA4FDA,
+0xFA25B0A258587D58, 0x06CA8FCFC9C903C9, 0x558D527C2929A429, 0x5022145A0A0A280A,
+0xE14F7F50B1B1FEB1, 0x691A5DC9A0A0BAA0, 0x7FDAD6146B6BB16B, 0x5CAB17D985852E85,
+0x8173673CBDBDCEBD, 0xD234BA8F5D5D695D, 0x8050209010104010, 0xF303F507F4F4F7F4,
+0x16C08BDDCBCB0BCB, 0xEDC67CD33E3EF83E, 0x28110A2D05051405, 0x1FE6CE7867678167,
+0x7353D597E4E4B7E4, 0x25BB4E0227279C27, 0x3258827341411941, 0x2C9D0BA78B8B168B,
+0x510153F6A7A7A6A7, 0xCF94FAB27D7DE97D, 0xDCFB374995956E95, 0x8E9FAD56D8D847D8,
+0x8B30EB70FBFBCBFB, 0x2371C1CDEEEE9FEE, 0xC791F8BB7C7CED7C, 0x17E3CC7166668566,
+0xA68EA77BDDDD53DD, 0xB84B2EAF17175C17, 0x02468E4547470147, 0x84DC211A9E9E429E,
+0x1EC589D4CACA0FCA, 0x75995A582D2DB42D, 0x9179632EBFBFC6BF, 0x381B0E3F07071C07,
+0x012347ACADAD8EAD, 0xEA2FB4B05A5A755A, 0x6CB51BEF83833683, 0x85FF66B63333CC33,
+0x3FF2C65C63639163, 0x100A041202020802, 0x39384993AAAA92AA, 0xAFA8E2DE7171D971,
+0x0ECF8DC6C8C807C8, 0xC87D32D119196419, 0x7270923B49493949, 0x869AAF5FD9D943D9,
+0xC31DF931F2F2EFF2, 0x4B48DBA8E3E3ABE3, 0xE22AB6B95B5B715B, 0x34920DBC88881A88,
+0xA4C8293E9A9A529A, 0x2DBE4C0B26269826, 0x8DFA64BF3232C832, 0xE94A7D59B0B0FAB0,
+0x1B6ACFF2E9E983E9, 0x78331E770F0F3C0F, 0xE6A6B733D5D573D5, 0x74BA1DF480803A80,
+0x997C6127BEBEC2BE, 0x26DE87EBCDCD13CD, 0xBDE468893434D034, 0x7A75903248483D48,
+0xAB24E354FFFFDBFF, 0xF78FF48D7A7AF57A, 0xF4EA3D6490907A90, 0xC23EBE9D5F5F615F,
+0x1DA0403D20208020, 0x67D5D00F6868BD68, 0xD07234CA1A1A681A, 0x192C41B7AEAE82AE,
+0xC95E757DB4B4EAB4, 0x9A19A8CE54544D54, 0xECE53B7F93937693, 0x0DAA442F22228822,
+0x07E9C86364648D64, 0xDB12FF2AF1F1E3F1, 0xBFA2E6CC7373D173, 0x905A248212124812,
+0x3A5D807A40401D40, 0x4028104808082008, 0x56E89B95C3C32BC3, 0x337BC5DFECEC97EC,
+0x9690AB4DDBDB4BDB, 0x611F5FC0A1A1BEA1, 0x1C8307918D8D0E8D, 0xF5C97AC83D3DF43D,
+0xCCF1335B97976697, 0x0000000000000000, 0x36D483F9CFCF1BCF, 0x4587566E2B2BAC2B,
+0x97B3ECE17676C576, 0x64B019E682823282, 0xFEA9B128D6D67FD6, 0xD87736C31B1B6C1B,
+0xC15B7774B5B5EEB5, 0x112943BEAFAF86AF, 0x77DFD41D6A6AB56A, 0xBA0DA0EA50505D50,
+0x124C8A5745450945, 0xCB18FB38F3F3EBF3, 0x9DF060AD3030C030, 0x2B74C3C4EFEF9BEF,
+0xE5C37EDA3F3FFC3F, 0x921CAAC755554955, 0x791059DBA2A2B2A2, 0x0365C9E9EAEA8FEA,
+0x0FECCA6A65658965, 0xB9686903BABAD2BA, 0x65935E4A2F2FBC2F, 0x4EE79D8EC0C027C0,
+0xBE81A160DEDE5FDE, 0xE06C38FC1C1C701C, 0xBB2EE746FDFDD3FD, 0x52649A1F4D4D294D,
+0xE4E0397692927292, 0x8FBCEAFA7575C975, 0x301E0C3606061806, 0x249809AE8A8A128A,
+0xF940794BB2B2F2B2, 0x6359D185E6E6BFE6, 0x70361C7E0E0E380E, 0xF8633EE71F1F7C1F,
+0x37F7C45562629562, 0xEEA3B53AD4D477D4, 0x29324D81A8A89AA8, 0xC4F4315296966296,
+0x9B3AEF62F9F9C3F9, 0x66F697A3C5C533C5, 0x35B14A1025259425, 0xF220B2AB59597959,
+0x54AE15D084842A84, 0xB7A7E4C57272D572, 0xD5DD72EC3939E439, 0x5A6198164C4C2D4C,
+0xCA3BBC945E5E655E, 0xE785F09F7878FD78, 0xDDD870E53838E038, 0x148605988C8C0A8C,
+0xC6B2BF17D1D163D1, 0x410B57E4A5A5AEA5, 0x434DD9A1E2E2AFE2, 0x2FF8C24E61619961,
+0xF1457B42B3B3F6B3, 0x15A5423421218421, 0x94D625089C9C4A9C, 0xF0663CEE1E1E781E,
+0x2252866143431143, 0x76FC93B1C7C73BC7, 0xB32BE54FFCFCD7FC, 0x2014082404041004,
+0xB208A2E351515951, 0xBCC72F2599995E99, 0x4FC4DA226D6DA96D, 0x68391A650D0D340D,
+0x8335E979FAFACFFA, 0xB684A369DFDF5BDF, 0xD79BFCA97E7EE57E, 0x3DB4481924249024,
+0xC5D776FE3B3BEC3B, 0x313D4B9AABAB96AB, 0x3ED181F0CECE1FCE, 0x8855229911114411,
+0x0C8903838F8F068F, 0x4A6B9C044E4E254E, 0xD1517366B7B7E6B7, 0x0B60CBE0EBEB8BEB,
+0xFDCC78C13C3CF03C, 0x7CBF1FFD81813E81, 0xD4FE354094946A94, 0xEB0CF31CF7F7FBF7,
+0xA1676F18B9B9DEB9, 0x985F268B13134C13, 0x7D9C58512C2CB02C, 0xD6B8BB05D3D36BD3,
+0x6B5CD38CE7E7BBE7, 0x57CBDC396E6EA56E, 0x6EF395AAC4C437C4, 0x180F061B03030C03,
+0x8A13ACDC56564556, 0x1A49885E44440D44, 0xDF9EFEA07F7FE17F, 0x21374F88A9A99EA9,
+0x4D8254672A2AA82A, 0xB16D6B0ABBBBD6BB, 0x46E29F87C1C123C1, 0xA202A6F153535153,
+0xAE8BA572DCDC57DC, 0x582716530B0B2C0B, 0x9CD327019D9D4E9D, 0x47C1D82B6C6CAD6C,
+0x95F562A43131C431, 0x87B9E8F37474CD74, 0xE309F115F6F6FFF6, 0x0A438C4C46460546,
+0x092645A5ACAC8AAC, 0x3C970FB589891E89, 0xA04428B414145014, 0x5B42DFBAE1E1A3E1,
+0xB04E2CA616165816, 0xCDD274F73A3AE83A, 0x6FD0D2066969B969, 0x482D124109092409,
+0xA7ADE0D77070DD70, 0xD954716FB6B6E2B6, 0xCEB7BD1ED0D067D0, 0x3B7EC7D6EDED93ED,
+0x2EDB85E2CCCC17CC, 0x2A57846842421542, 0xB4C22D2C98985A98, 0x490E55EDA4A4AAA4,
+0x5D8850752828A028, 0xDA31B8865C5C6D5C, 0x933FED6BF8F8C7F8, 0x44A411C286862286 };
+
+const u64bit Whirlpool::C5[256] = {
+0x18C07830D8181860, 0x2305AF462623238C, 0xC67EF991B8C6C63F, 0xE8136FCDFBE8E887,
+0x874CA113CB878726, 0xB8A9626D11B8B8DA, 0x0108050209010104, 0x4F426E9E0D4F4F21,
+0x36ADEE6C9B3636D8, 0xA6590451FFA6A6A2, 0xD2DEBDB90CD2D26F, 0xF5FB06F70EF5F5F3,
+0x79EF80F2967979F9, 0x6F5FCEDE306F6FA1, 0x91FCEF3F6D91917E, 0x52AA07A4F8525255,
+0x6027FDC04760609D, 0xBC89766535BCBCCA, 0x9BACCD2B379B9B56, 0x8E048C018A8E8E02,
+0xA371155BD2A3A3B6, 0x0C603C186C0C0C30, 0x7BFF8AF6847B7BF1, 0x35B5E16A803535D4,
+0x1DE8693AF51D1D74, 0xE05347DDB3E0E0A7, 0xD7F6ACB321D7D77B, 0xC25EED999CC2C22F,
+0x2E6D965C432E2EB8, 0x4B627A96294B4B31, 0xFEA321E15DFEFEDF, 0x578216AED5575741,
+0x15A8412ABD151554, 0x779FB6EEE87777C1, 0x37A5EB6E923737DC, 0xE57B56D79EE5E5B3,
+0x9F8CD923139F9F46, 0xF0D317FD23F0F0E7, 0x4A6A7F94204A4A35, 0xDA9E95A944DADA4F,
+0x58FA25B0A258587D, 0xC906CA8FCFC9C903, 0x29558D527C2929A4, 0x0A5022145A0A0A28,
+0xB1E14F7F50B1B1FE, 0xA0691A5DC9A0A0BA, 0x6B7FDAD6146B6BB1, 0x855CAB17D985852E,
+0xBD8173673CBDBDCE, 0x5DD234BA8F5D5D69, 0x1080502090101040, 0xF4F303F507F4F4F7,
+0xCB16C08BDDCBCB0B, 0x3EEDC67CD33E3EF8, 0x0528110A2D050514, 0x671FE6CE78676781,
+0xE47353D597E4E4B7, 0x2725BB4E0227279C, 0x4132588273414119, 0x8B2C9D0BA78B8B16,
+0xA7510153F6A7A7A6, 0x7DCF94FAB27D7DE9, 0x95DCFB374995956E, 0xD88E9FAD56D8D847,
+0xFB8B30EB70FBFBCB, 0xEE2371C1CDEEEE9F, 0x7CC791F8BB7C7CED, 0x6617E3CC71666685,
+0xDDA68EA77BDDDD53, 0x17B84B2EAF17175C, 0x4702468E45474701, 0x9E84DC211A9E9E42,
+0xCA1EC589D4CACA0F, 0x2D75995A582D2DB4, 0xBF9179632EBFBFC6, 0x07381B0E3F07071C,
+0xAD012347ACADAD8E, 0x5AEA2FB4B05A5A75, 0x836CB51BEF838336, 0x3385FF66B63333CC,
+0x633FF2C65C636391, 0x02100A0412020208, 0xAA39384993AAAA92, 0x71AFA8E2DE7171D9,
+0xC80ECF8DC6C8C807, 0x19C87D32D1191964, 0x497270923B494939, 0xD9869AAF5FD9D943,
+0xF2C31DF931F2F2EF, 0xE34B48DBA8E3E3AB, 0x5BE22AB6B95B5B71, 0x8834920DBC88881A,
+0x9AA4C8293E9A9A52, 0x262DBE4C0B262698, 0x328DFA64BF3232C8, 0xB0E94A7D59B0B0FA,
+0xE91B6ACFF2E9E983, 0x0F78331E770F0F3C, 0xD5E6A6B733D5D573, 0x8074BA1DF480803A,
+0xBE997C6127BEBEC2, 0xCD26DE87EBCDCD13, 0x34BDE468893434D0, 0x487A75903248483D,
+0xFFAB24E354FFFFDB, 0x7AF78FF48D7A7AF5, 0x90F4EA3D6490907A, 0x5FC23EBE9D5F5F61,
+0x201DA0403D202080, 0x6867D5D00F6868BD, 0x1AD07234CA1A1A68, 0xAE192C41B7AEAE82,
+0xB4C95E757DB4B4EA, 0x549A19A8CE54544D, 0x93ECE53B7F939376, 0x220DAA442F222288,
+0x6407E9C86364648D, 0xF1DB12FF2AF1F1E3, 0x73BFA2E6CC7373D1, 0x12905A2482121248,
+0x403A5D807A40401D, 0x0840281048080820, 0xC356E89B95C3C32B, 0xEC337BC5DFECEC97,
+0xDB9690AB4DDBDB4B, 0xA1611F5FC0A1A1BE, 0x8D1C8307918D8D0E, 0x3DF5C97AC83D3DF4,
+0x97CCF1335B979766, 0x0000000000000000, 0xCF36D483F9CFCF1B, 0x2B4587566E2B2BAC,
+0x7697B3ECE17676C5, 0x8264B019E6828232, 0xD6FEA9B128D6D67F, 0x1BD87736C31B1B6C,
+0xB5C15B7774B5B5EE, 0xAF112943BEAFAF86, 0x6A77DFD41D6A6AB5, 0x50BA0DA0EA50505D,
+0x45124C8A57454509, 0xF3CB18FB38F3F3EB, 0x309DF060AD3030C0, 0xEF2B74C3C4EFEF9B,
+0x3FE5C37EDA3F3FFC, 0x55921CAAC7555549, 0xA2791059DBA2A2B2, 0xEA0365C9E9EAEA8F,
+0x650FECCA6A656589, 0xBAB9686903BABAD2, 0x2F65935E4A2F2FBC, 0xC04EE79D8EC0C027,
+0xDEBE81A160DEDE5F, 0x1CE06C38FC1C1C70, 0xFDBB2EE746FDFDD3, 0x4D52649A1F4D4D29,
+0x92E4E03976929272, 0x758FBCEAFA7575C9, 0x06301E0C36060618, 0x8A249809AE8A8A12,
+0xB2F940794BB2B2F2, 0xE66359D185E6E6BF, 0x0E70361C7E0E0E38, 0x1FF8633EE71F1F7C,
+0x6237F7C455626295, 0xD4EEA3B53AD4D477, 0xA829324D81A8A89A, 0x96C4F43152969662,
+0xF99B3AEF62F9F9C3, 0xC566F697A3C5C533, 0x2535B14A10252594, 0x59F220B2AB595979,
+0x8454AE15D084842A, 0x72B7A7E4C57272D5, 0x39D5DD72EC3939E4, 0x4C5A6198164C4C2D,
+0x5ECA3BBC945E5E65, 0x78E785F09F7878FD, 0x38DDD870E53838E0, 0x8C148605988C8C0A,
+0xD1C6B2BF17D1D163, 0xA5410B57E4A5A5AE, 0xE2434DD9A1E2E2AF, 0x612FF8C24E616199,
+0xB3F1457B42B3B3F6, 0x2115A54234212184, 0x9C94D625089C9C4A, 0x1EF0663CEE1E1E78,
+0x4322528661434311, 0xC776FC93B1C7C73B, 0xFCB32BE54FFCFCD7, 0x0420140824040410,
+0x51B208A2E3515159, 0x99BCC72F2599995E, 0x6D4FC4DA226D6DA9, 0x0D68391A650D0D34,
+0xFA8335E979FAFACF, 0xDFB684A369DFDF5B, 0x7ED79BFCA97E7EE5, 0x243DB44819242490,
+0x3BC5D776FE3B3BEC, 0xAB313D4B9AABAB96, 0xCE3ED181F0CECE1F, 0x1188552299111144,
+0x8F0C8903838F8F06, 0x4E4A6B9C044E4E25, 0xB7D1517366B7B7E6, 0xEB0B60CBE0EBEB8B,
+0x3CFDCC78C13C3CF0, 0x817CBF1FFD81813E, 0x94D4FE354094946A, 0xF7EB0CF31CF7F7FB,
+0xB9A1676F18B9B9DE, 0x13985F268B13134C, 0x2C7D9C58512C2CB0, 0xD3D6B8BB05D3D36B,
+0xE76B5CD38CE7E7BB, 0x6E57CBDC396E6EA5, 0xC46EF395AAC4C437, 0x03180F061B03030C,
+0x568A13ACDC565645, 0x441A49885E44440D, 0x7FDF9EFEA07F7FE1, 0xA921374F88A9A99E,
+0x2A4D8254672A2AA8, 0xBBB16D6B0ABBBBD6, 0xC146E29F87C1C123, 0x53A202A6F1535351,
+0xDCAE8BA572DCDC57, 0x0B582716530B0B2C, 0x9D9CD327019D9D4E, 0x6C47C1D82B6C6CAD,
+0x3195F562A43131C4, 0x7487B9E8F37474CD, 0xF6E309F115F6F6FF, 0x460A438C4C464605,
+0xAC092645A5ACAC8A, 0x893C970FB589891E, 0x14A04428B4141450, 0xE15B42DFBAE1E1A3,
+0x16B04E2CA6161658, 0x3ACDD274F73A3AE8, 0x696FD0D2066969B9, 0x09482D1241090924,
+0x70A7ADE0D77070DD, 0xB6D954716FB6B6E2, 0xD0CEB7BD1ED0D067, 0xED3B7EC7D6EDED93,
+0xCC2EDB85E2CCCC17, 0x422A578468424215, 0x98B4C22D2C98985A, 0xA4490E55EDA4A4AA,
+0x285D8850752828A0, 0x5CDA31B8865C5C6D, 0xF8933FED6BF8F8C7, 0x8644A411C2868622 };
+
+const u64bit Whirlpool::C6[256] = {
+0x6018C07830D81818, 0x8C2305AF46262323, 0x3FC67EF991B8C6C6, 0x87E8136FCDFBE8E8,
+0x26874CA113CB8787, 0xDAB8A9626D11B8B8, 0x0401080502090101, 0x214F426E9E0D4F4F,
+0xD836ADEE6C9B3636, 0xA2A6590451FFA6A6, 0x6FD2DEBDB90CD2D2, 0xF3F5FB06F70EF5F5,
+0xF979EF80F2967979, 0xA16F5FCEDE306F6F, 0x7E91FCEF3F6D9191, 0x5552AA07A4F85252,
+0x9D6027FDC0476060, 0xCABC89766535BCBC, 0x569BACCD2B379B9B, 0x028E048C018A8E8E,
+0xB6A371155BD2A3A3, 0x300C603C186C0C0C, 0xF17BFF8AF6847B7B, 0xD435B5E16A803535,
+0x741DE8693AF51D1D, 0xA7E05347DDB3E0E0, 0x7BD7F6ACB321D7D7, 0x2FC25EED999CC2C2,
+0xB82E6D965C432E2E, 0x314B627A96294B4B, 0xDFFEA321E15DFEFE, 0x41578216AED55757,
+0x5415A8412ABD1515, 0xC1779FB6EEE87777, 0xDC37A5EB6E923737, 0xB3E57B56D79EE5E5,
+0x469F8CD923139F9F, 0xE7F0D317FD23F0F0, 0x354A6A7F94204A4A, 0x4FDA9E95A944DADA,
+0x7D58FA25B0A25858, 0x03C906CA8FCFC9C9, 0xA429558D527C2929, 0x280A5022145A0A0A,
+0xFEB1E14F7F50B1B1, 0xBAA0691A5DC9A0A0, 0xB16B7FDAD6146B6B, 0x2E855CAB17D98585,
+0xCEBD8173673CBDBD, 0x695DD234BA8F5D5D, 0x4010805020901010, 0xF7F4F303F507F4F4,
+0x0BCB16C08BDDCBCB, 0xF83EEDC67CD33E3E, 0x140528110A2D0505, 0x81671FE6CE786767,
+0xB7E47353D597E4E4, 0x9C2725BB4E022727, 0x1941325882734141, 0x168B2C9D0BA78B8B,
+0xA6A7510153F6A7A7, 0xE97DCF94FAB27D7D, 0x6E95DCFB37499595, 0x47D88E9FAD56D8D8,
+0xCBFB8B30EB70FBFB, 0x9FEE2371C1CDEEEE, 0xED7CC791F8BB7C7C, 0x856617E3CC716666,
+0x53DDA68EA77BDDDD, 0x5C17B84B2EAF1717, 0x014702468E454747, 0x429E84DC211A9E9E,
+0x0FCA1EC589D4CACA, 0xB42D75995A582D2D, 0xC6BF9179632EBFBF, 0x1C07381B0E3F0707,
+0x8EAD012347ACADAD, 0x755AEA2FB4B05A5A, 0x36836CB51BEF8383, 0xCC3385FF66B63333,
+0x91633FF2C65C6363, 0x0802100A04120202, 0x92AA39384993AAAA, 0xD971AFA8E2DE7171,
+0x07C80ECF8DC6C8C8, 0x6419C87D32D11919, 0x39497270923B4949, 0x43D9869AAF5FD9D9,
+0xEFF2C31DF931F2F2, 0xABE34B48DBA8E3E3, 0x715BE22AB6B95B5B, 0x1A8834920DBC8888,
+0x529AA4C8293E9A9A, 0x98262DBE4C0B2626, 0xC8328DFA64BF3232, 0xFAB0E94A7D59B0B0,
+0x83E91B6ACFF2E9E9, 0x3C0F78331E770F0F, 0x73D5E6A6B733D5D5, 0x3A8074BA1DF48080,
+0xC2BE997C6127BEBE, 0x13CD26DE87EBCDCD, 0xD034BDE468893434, 0x3D487A7590324848,
+0xDBFFAB24E354FFFF, 0xF57AF78FF48D7A7A, 0x7A90F4EA3D649090, 0x615FC23EBE9D5F5F,
+0x80201DA0403D2020, 0xBD6867D5D00F6868, 0x681AD07234CA1A1A, 0x82AE192C41B7AEAE,
+0xEAB4C95E757DB4B4, 0x4D549A19A8CE5454, 0x7693ECE53B7F9393, 0x88220DAA442F2222,
+0x8D6407E9C8636464, 0xE3F1DB12FF2AF1F1, 0xD173BFA2E6CC7373, 0x4812905A24821212,
+0x1D403A5D807A4040, 0x2008402810480808, 0x2BC356E89B95C3C3, 0x97EC337BC5DFECEC,
+0x4BDB9690AB4DDBDB, 0xBEA1611F5FC0A1A1, 0x0E8D1C8307918D8D, 0xF43DF5C97AC83D3D,
+0x6697CCF1335B9797, 0x0000000000000000, 0x1BCF36D483F9CFCF, 0xAC2B4587566E2B2B,
+0xC57697B3ECE17676, 0x328264B019E68282, 0x7FD6FEA9B128D6D6, 0x6C1BD87736C31B1B,
+0xEEB5C15B7774B5B5, 0x86AF112943BEAFAF, 0xB56A77DFD41D6A6A, 0x5D50BA0DA0EA5050,
+0x0945124C8A574545, 0xEBF3CB18FB38F3F3, 0xC0309DF060AD3030, 0x9BEF2B74C3C4EFEF,
+0xFC3FE5C37EDA3F3F, 0x4955921CAAC75555, 0xB2A2791059DBA2A2, 0x8FEA0365C9E9EAEA,
+0x89650FECCA6A6565, 0xD2BAB9686903BABA, 0xBC2F65935E4A2F2F, 0x27C04EE79D8EC0C0,
+0x5FDEBE81A160DEDE, 0x701CE06C38FC1C1C, 0xD3FDBB2EE746FDFD, 0x294D52649A1F4D4D,
+0x7292E4E039769292, 0xC9758FBCEAFA7575, 0x1806301E0C360606, 0x128A249809AE8A8A,
+0xF2B2F940794BB2B2, 0xBFE66359D185E6E6, 0x380E70361C7E0E0E, 0x7C1FF8633EE71F1F,
+0x956237F7C4556262, 0x77D4EEA3B53AD4D4, 0x9AA829324D81A8A8, 0x6296C4F431529696,
+0xC3F99B3AEF62F9F9, 0x33C566F697A3C5C5, 0x942535B14A102525, 0x7959F220B2AB5959,
+0x2A8454AE15D08484, 0xD572B7A7E4C57272, 0xE439D5DD72EC3939, 0x2D4C5A6198164C4C,
+0x655ECA3BBC945E5E, 0xFD78E785F09F7878, 0xE038DDD870E53838, 0x0A8C148605988C8C,
+0x63D1C6B2BF17D1D1, 0xAEA5410B57E4A5A5, 0xAFE2434DD9A1E2E2, 0x99612FF8C24E6161,
+0xF6B3F1457B42B3B3, 0x842115A542342121, 0x4A9C94D625089C9C, 0x781EF0663CEE1E1E,
+0x1143225286614343, 0x3BC776FC93B1C7C7, 0xD7FCB32BE54FFCFC, 0x1004201408240404,
+0x5951B208A2E35151, 0x5E99BCC72F259999, 0xA96D4FC4DA226D6D, 0x340D68391A650D0D,
+0xCFFA8335E979FAFA, 0x5BDFB684A369DFDF, 0xE57ED79BFCA97E7E, 0x90243DB448192424,
+0xEC3BC5D776FE3B3B, 0x96AB313D4B9AABAB, 0x1FCE3ED181F0CECE, 0x4411885522991111,
+0x068F0C8903838F8F, 0x254E4A6B9C044E4E, 0xE6B7D1517366B7B7, 0x8BEB0B60CBE0EBEB,
+0xF03CFDCC78C13C3C, 0x3E817CBF1FFD8181, 0x6A94D4FE35409494, 0xFBF7EB0CF31CF7F7,
+0xDEB9A1676F18B9B9, 0x4C13985F268B1313, 0xB02C7D9C58512C2C, 0x6BD3D6B8BB05D3D3,
+0xBBE76B5CD38CE7E7, 0xA56E57CBDC396E6E, 0x37C46EF395AAC4C4, 0x0C03180F061B0303,
+0x45568A13ACDC5656, 0x0D441A49885E4444, 0xE17FDF9EFEA07F7F, 0x9EA921374F88A9A9,
+0xA82A4D8254672A2A, 0xD6BBB16D6B0ABBBB, 0x23C146E29F87C1C1, 0x5153A202A6F15353,
+0x57DCAE8BA572DCDC, 0x2C0B582716530B0B, 0x4E9D9CD327019D9D, 0xAD6C47C1D82B6C6C,
+0xC43195F562A43131, 0xCD7487B9E8F37474, 0xFFF6E309F115F6F6, 0x05460A438C4C4646,
+0x8AAC092645A5ACAC, 0x1E893C970FB58989, 0x5014A04428B41414, 0xA3E15B42DFBAE1E1,
+0x5816B04E2CA61616, 0xE83ACDD274F73A3A, 0xB9696FD0D2066969, 0x2409482D12410909,
+0xDD70A7ADE0D77070, 0xE2B6D954716FB6B6, 0x67D0CEB7BD1ED0D0, 0x93ED3B7EC7D6EDED,
+0x17CC2EDB85E2CCCC, 0x15422A5784684242, 0x5A98B4C22D2C9898, 0xAAA4490E55EDA4A4,
+0xA0285D8850752828, 0x6D5CDA31B8865C5C, 0xC7F8933FED6BF8F8, 0x228644A411C28686 };
+
+const u64bit Whirlpool::C7[256] = {
+0x186018C07830D818, 0x238C2305AF462623, 0xC63FC67EF991B8C6, 0xE887E8136FCDFBE8,
+0x8726874CA113CB87, 0xB8DAB8A9626D11B8, 0x0104010805020901, 0x4F214F426E9E0D4F,
+0x36D836ADEE6C9B36, 0xA6A2A6590451FFA6, 0xD26FD2DEBDB90CD2, 0xF5F3F5FB06F70EF5,
+0x79F979EF80F29679, 0x6FA16F5FCEDE306F, 0x917E91FCEF3F6D91, 0x525552AA07A4F852,
+0x609D6027FDC04760, 0xBCCABC89766535BC, 0x9B569BACCD2B379B, 0x8E028E048C018A8E,
+0xA3B6A371155BD2A3, 0x0C300C603C186C0C, 0x7BF17BFF8AF6847B, 0x35D435B5E16A8035,
+0x1D741DE8693AF51D, 0xE0A7E05347DDB3E0, 0xD77BD7F6ACB321D7, 0xC22FC25EED999CC2,
+0x2EB82E6D965C432E, 0x4B314B627A96294B, 0xFEDFFEA321E15DFE, 0x5741578216AED557,
+0x155415A8412ABD15, 0x77C1779FB6EEE877, 0x37DC37A5EB6E9237, 0xE5B3E57B56D79EE5,
+0x9F469F8CD923139F, 0xF0E7F0D317FD23F0, 0x4A354A6A7F94204A, 0xDA4FDA9E95A944DA,
+0x587D58FA25B0A258, 0xC903C906CA8FCFC9, 0x29A429558D527C29, 0x0A280A5022145A0A,
+0xB1FEB1E14F7F50B1, 0xA0BAA0691A5DC9A0, 0x6BB16B7FDAD6146B, 0x852E855CAB17D985,
+0xBDCEBD8173673CBD, 0x5D695DD234BA8F5D, 0x1040108050209010, 0xF4F7F4F303F507F4,
+0xCB0BCB16C08BDDCB, 0x3EF83EEDC67CD33E, 0x05140528110A2D05, 0x6781671FE6CE7867,
+0xE4B7E47353D597E4, 0x279C2725BB4E0227, 0x4119413258827341, 0x8B168B2C9D0BA78B,
+0xA7A6A7510153F6A7, 0x7DE97DCF94FAB27D, 0x956E95DCFB374995, 0xD847D88E9FAD56D8,
+0xFBCBFB8B30EB70FB, 0xEE9FEE2371C1CDEE, 0x7CED7CC791F8BB7C, 0x66856617E3CC7166,
+0xDD53DDA68EA77BDD, 0x175C17B84B2EAF17, 0x47014702468E4547, 0x9E429E84DC211A9E,
+0xCA0FCA1EC589D4CA, 0x2DB42D75995A582D, 0xBFC6BF9179632EBF, 0x071C07381B0E3F07,
+0xAD8EAD012347ACAD, 0x5A755AEA2FB4B05A, 0x8336836CB51BEF83, 0x33CC3385FF66B633,
+0x6391633FF2C65C63, 0x020802100A041202, 0xAA92AA39384993AA, 0x71D971AFA8E2DE71,
+0xC807C80ECF8DC6C8, 0x196419C87D32D119, 0x4939497270923B49, 0xD943D9869AAF5FD9,
+0xF2EFF2C31DF931F2, 0xE3ABE34B48DBA8E3, 0x5B715BE22AB6B95B, 0x881A8834920DBC88,
+0x9A529AA4C8293E9A, 0x2698262DBE4C0B26, 0x32C8328DFA64BF32, 0xB0FAB0E94A7D59B0,
+0xE983E91B6ACFF2E9, 0x0F3C0F78331E770F, 0xD573D5E6A6B733D5, 0x803A8074BA1DF480,
+0xBEC2BE997C6127BE, 0xCD13CD26DE87EBCD, 0x34D034BDE4688934, 0x483D487A75903248,
+0xFFDBFFAB24E354FF, 0x7AF57AF78FF48D7A, 0x907A90F4EA3D6490, 0x5F615FC23EBE9D5F,
+0x2080201DA0403D20, 0x68BD6867D5D00F68, 0x1A681AD07234CA1A, 0xAE82AE192C41B7AE,
+0xB4EAB4C95E757DB4, 0x544D549A19A8CE54, 0x937693ECE53B7F93, 0x2288220DAA442F22,
+0x648D6407E9C86364, 0xF1E3F1DB12FF2AF1, 0x73D173BFA2E6CC73, 0x124812905A248212,
+0x401D403A5D807A40, 0x0820084028104808, 0xC32BC356E89B95C3, 0xEC97EC337BC5DFEC,
+0xDB4BDB9690AB4DDB, 0xA1BEA1611F5FC0A1, 0x8D0E8D1C8307918D, 0x3DF43DF5C97AC83D,
+0x976697CCF1335B97, 0x0000000000000000, 0xCF1BCF36D483F9CF, 0x2BAC2B4587566E2B,
+0x76C57697B3ECE176, 0x82328264B019E682, 0xD67FD6FEA9B128D6, 0x1B6C1BD87736C31B,
+0xB5EEB5C15B7774B5, 0xAF86AF112943BEAF, 0x6AB56A77DFD41D6A, 0x505D50BA0DA0EA50,
+0x450945124C8A5745, 0xF3EBF3CB18FB38F3, 0x30C0309DF060AD30, 0xEF9BEF2B74C3C4EF,
+0x3FFC3FE5C37EDA3F, 0x554955921CAAC755, 0xA2B2A2791059DBA2, 0xEA8FEA0365C9E9EA,
+0x6589650FECCA6A65, 0xBAD2BAB9686903BA, 0x2FBC2F65935E4A2F, 0xC027C04EE79D8EC0,
+0xDE5FDEBE81A160DE, 0x1C701CE06C38FC1C, 0xFDD3FDBB2EE746FD, 0x4D294D52649A1F4D,
+0x927292E4E0397692, 0x75C9758FBCEAFA75, 0x061806301E0C3606, 0x8A128A249809AE8A,
+0xB2F2B2F940794BB2, 0xE6BFE66359D185E6, 0x0E380E70361C7E0E, 0x1F7C1FF8633EE71F,
+0x62956237F7C45562, 0xD477D4EEA3B53AD4, 0xA89AA829324D81A8, 0x966296C4F4315296,
+0xF9C3F99B3AEF62F9, 0xC533C566F697A3C5, 0x25942535B14A1025, 0x597959F220B2AB59,
+0x842A8454AE15D084, 0x72D572B7A7E4C572, 0x39E439D5DD72EC39, 0x4C2D4C5A6198164C,
+0x5E655ECA3BBC945E, 0x78FD78E785F09F78, 0x38E038DDD870E538, 0x8C0A8C148605988C,
+0xD163D1C6B2BF17D1, 0xA5AEA5410B57E4A5, 0xE2AFE2434DD9A1E2, 0x6199612FF8C24E61,
+0xB3F6B3F1457B42B3, 0x21842115A5423421, 0x9C4A9C94D625089C, 0x1E781EF0663CEE1E,
+0x4311432252866143, 0xC73BC776FC93B1C7, 0xFCD7FCB32BE54FFC, 0x0410042014082404,
+0x515951B208A2E351, 0x995E99BCC72F2599, 0x6DA96D4FC4DA226D, 0x0D340D68391A650D,
+0xFACFFA8335E979FA, 0xDF5BDFB684A369DF, 0x7EE57ED79BFCA97E, 0x2490243DB4481924,
+0x3BEC3BC5D776FE3B, 0xAB96AB313D4B9AAB, 0xCE1FCE3ED181F0CE, 0x1144118855229911,
+0x8F068F0C8903838F, 0x4E254E4A6B9C044E, 0xB7E6B7D1517366B7, 0xEB8BEB0B60CBE0EB,
+0x3CF03CFDCC78C13C, 0x813E817CBF1FFD81, 0x946A94D4FE354094, 0xF7FBF7EB0CF31CF7,
+0xB9DEB9A1676F18B9, 0x134C13985F268B13, 0x2CB02C7D9C58512C, 0xD36BD3D6B8BB05D3,
+0xE7BBE76B5CD38CE7, 0x6EA56E57CBDC396E, 0xC437C46EF395AAC4, 0x030C03180F061B03,
+0x5645568A13ACDC56, 0x440D441A49885E44, 0x7FE17FDF9EFEA07F, 0xA99EA921374F88A9,
+0x2AA82A4D8254672A, 0xBBD6BBB16D6B0ABB, 0xC123C146E29F87C1, 0x535153A202A6F153,
+0xDC57DCAE8BA572DC, 0x0B2C0B582716530B, 0x9D4E9D9CD327019D, 0x6CAD6C47C1D82B6C,
+0x31C43195F562A431, 0x74CD7487B9E8F374, 0xF6FFF6E309F115F6, 0x4605460A438C4C46,
+0xAC8AAC092645A5AC, 0x891E893C970FB589, 0x145014A04428B414, 0xE1A3E15B42DFBAE1,
+0x165816B04E2CA616, 0x3AE83ACDD274F73A, 0x69B9696FD0D20669, 0x092409482D124109,
+0x70DD70A7ADE0D770, 0xB6E2B6D954716FB6, 0xD067D0CEB7BD1ED0, 0xED93ED3B7EC7D6ED,
+0xCC17CC2EDB85E2CC, 0x4215422A57846842, 0x985A98B4C22D2C98, 0xA4AAA4490E55EDA4,
+0x28A0285D88507528, 0x5C6D5CDA31B8865C, 0xF8C7F8933FED6BF8, 0x86228644A411C286 };
+
+}
diff --git a/src/whrlpool.cpp b/src/whrlpool.cpp
new file mode 100644
index 000000000..1d8e43f46
--- /dev/null
+++ b/src/whrlpool.cpp
@@ -0,0 +1,141 @@
+/*************************************************
+* Whirlpool Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/whrlpool.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* Whirlpool Compression Function *
+*************************************************/
+void Whirlpool::hash(const byte in[])
+ {
+ static const u64bit RC[10] = {
+ 0x1823C6E887B8014F, 0x36A6D2F5796F9152,
+ 0x60BC9B8EA30C7B35, 0x1DE0D7C22E4BFE57,
+ 0x157737E59FF04ADA, 0x58C9290AB1A06B85,
+ 0xBD5D10F4CB3E0567, 0xE427418BA77D95D8,
+ 0xFBEE7C66DD17479E, 0xCA2DBF07AD5A8333
+ };
+
+ for(u32bit j = 0; j != 8; ++j)
+ M[j] = make_u64bit(in[8*j+0], in[8*j+1], in[8*j+2], in[8*j+3],
+ in[8*j+4], in[8*j+5], in[8*j+6], in[8*j+7]);
+
+ u64bit K0, K1, K2, K3, K4, K5, K6, K7;
+ K0 = digest[0]; K1 = digest[1]; K2 = digest[2]; K3 = digest[3];
+ K4 = digest[4]; K5 = digest[5]; K6 = digest[6]; K7 = digest[7];
+
+ u64bit B0, B1, B2, B3, B4, B5, B6, B7;
+ B0 = K0 ^ M[0]; B1 = K1 ^ M[1]; B2 = K2 ^ M[2]; B3 = K3 ^ M[3];
+ B4 = K4 ^ M[4]; B5 = K5 ^ M[5]; B6 = K6 ^ M[6]; B7 = K7 ^ M[7];
+
+ for(u32bit j = 0; j != 10; ++j)
+ {
+ u64bit T0, T1, T2, T3, T4, T5, T6, T7;
+ T0 = C0[get_byte(0, K0)] ^ C1[get_byte(1, K7)] ^
+ C2[get_byte(2, K6)] ^ C3[get_byte(3, K5)] ^
+ C4[get_byte(4, K4)] ^ C5[get_byte(5, K3)] ^
+ C6[get_byte(6, K2)] ^ C7[get_byte(7, K1)] ^ RC[j];
+ T1 = C0[get_byte(0, K1)] ^ C1[get_byte(1, K0)] ^
+ C2[get_byte(2, K7)] ^ C3[get_byte(3, K6)] ^
+ C4[get_byte(4, K5)] ^ C5[get_byte(5, K4)] ^
+ C6[get_byte(6, K3)] ^ C7[get_byte(7, K2)];
+ T2 = C0[get_byte(0, K2)] ^ C1[get_byte(1, K1)] ^
+ C2[get_byte(2, K0)] ^ C3[get_byte(3, K7)] ^
+ C4[get_byte(4, K6)] ^ C5[get_byte(5, K5)] ^
+ C6[get_byte(6, K4)] ^ C7[get_byte(7, K3)];
+ T3 = C0[get_byte(0, K3)] ^ C1[get_byte(1, K2)] ^
+ C2[get_byte(2, K1)] ^ C3[get_byte(3, K0)] ^
+ C4[get_byte(4, K7)] ^ C5[get_byte(5, K6)] ^
+ C6[get_byte(6, K5)] ^ C7[get_byte(7, K4)];
+ T4 = C0[get_byte(0, K4)] ^ C1[get_byte(1, K3)] ^
+ C2[get_byte(2, K2)] ^ C3[get_byte(3, K1)] ^
+ C4[get_byte(4, K0)] ^ C5[get_byte(5, K7)] ^
+ C6[get_byte(6, K6)] ^ C7[get_byte(7, K5)];
+ T5 = C0[get_byte(0, K5)] ^ C1[get_byte(1, K4)] ^
+ C2[get_byte(2, K3)] ^ C3[get_byte(3, K2)] ^
+ C4[get_byte(4, K1)] ^ C5[get_byte(5, K0)] ^
+ C6[get_byte(6, K7)] ^ C7[get_byte(7, K6)];
+ T6 = C0[get_byte(0, K6)] ^ C1[get_byte(1, K5)] ^
+ C2[get_byte(2, K4)] ^ C3[get_byte(3, K3)] ^
+ C4[get_byte(4, K2)] ^ C5[get_byte(5, K1)] ^
+ C6[get_byte(6, K0)] ^ C7[get_byte(7, K7)];
+ T7 = C0[get_byte(0, K7)] ^ C1[get_byte(1, K6)] ^
+ C2[get_byte(2, K5)] ^ C3[get_byte(3, K4)] ^
+ C4[get_byte(4, K3)] ^ C5[get_byte(5, K2)] ^
+ C6[get_byte(6, K1)] ^ C7[get_byte(7, K0)];
+
+ K0 = T0; K1 = T1; K2 = T2; K3 = T3;
+ K4 = T4; K5 = T5; K6 = T6; K7 = T7;
+
+ T0 = C0[get_byte(0, B0)] ^ C1[get_byte(1, B7)] ^
+ C2[get_byte(2, B6)] ^ C3[get_byte(3, B5)] ^
+ C4[get_byte(4, B4)] ^ C5[get_byte(5, B3)] ^
+ C6[get_byte(6, B2)] ^ C7[get_byte(7, B1)] ^ K0;
+ T1 = C0[get_byte(0, B1)] ^ C1[get_byte(1, B0)] ^
+ C2[get_byte(2, B7)] ^ C3[get_byte(3, B6)] ^
+ C4[get_byte(4, B5)] ^ C5[get_byte(5, B4)] ^
+ C6[get_byte(6, B3)] ^ C7[get_byte(7, B2)] ^ K1;
+ T2 = C0[get_byte(0, B2)] ^ C1[get_byte(1, B1)] ^
+ C2[get_byte(2, B0)] ^ C3[get_byte(3, B7)] ^
+ C4[get_byte(4, B6)] ^ C5[get_byte(5, B5)] ^
+ C6[get_byte(6, B4)] ^ C7[get_byte(7, B3)] ^ K2;
+ T3 = C0[get_byte(0, B3)] ^ C1[get_byte(1, B2)] ^
+ C2[get_byte(2, B1)] ^ C3[get_byte(3, B0)] ^
+ C4[get_byte(4, B7)] ^ C5[get_byte(5, B6)] ^
+ C6[get_byte(6, B5)] ^ C7[get_byte(7, B4)] ^ K3;
+ T4 = C0[get_byte(0, B4)] ^ C1[get_byte(1, B3)] ^
+ C2[get_byte(2, B2)] ^ C3[get_byte(3, B1)] ^
+ C4[get_byte(4, B0)] ^ C5[get_byte(5, B7)] ^
+ C6[get_byte(6, B6)] ^ C7[get_byte(7, B5)] ^ K4;
+ T5 = C0[get_byte(0, B5)] ^ C1[get_byte(1, B4)] ^
+ C2[get_byte(2, B3)] ^ C3[get_byte(3, B2)] ^
+ C4[get_byte(4, B1)] ^ C5[get_byte(5, B0)] ^
+ C6[get_byte(6, B7)] ^ C7[get_byte(7, B6)] ^ K5;
+ T6 = C0[get_byte(0, B6)] ^ C1[get_byte(1, B5)] ^
+ C2[get_byte(2, B4)] ^ C3[get_byte(3, B3)] ^
+ C4[get_byte(4, B2)] ^ C5[get_byte(5, B1)] ^
+ C6[get_byte(6, B0)] ^ C7[get_byte(7, B7)] ^ K6;
+ T7 = C0[get_byte(0, B7)] ^ C1[get_byte(1, B6)] ^
+ C2[get_byte(2, B5)] ^ C3[get_byte(3, B4)] ^
+ C4[get_byte(4, B3)] ^ C5[get_byte(5, B2)] ^
+ C6[get_byte(6, B1)] ^ C7[get_byte(7, B0)] ^ K7;
+
+ B0 = T0; B1 = T1; B2 = T2; B3 = T3;
+ B4 = T4; B5 = T5; B6 = T6; B7 = T7;
+ }
+
+ digest[0] ^= B0 ^ M[0];
+ digest[1] ^= B1 ^ M[1];
+ digest[2] ^= B2 ^ M[2];
+ digest[3] ^= B3 ^ M[3];
+ digest[4] ^= B4 ^ M[4];
+ digest[5] ^= B5 ^ M[5];
+ digest[6] ^= B6 ^ M[6];
+ digest[7] ^= B7 ^ M[7];
+ }
+
+/*************************************************
+* Copy out the digest *
+*************************************************/
+void Whirlpool::copy_out(byte output[])
+ {
+ for(u32bit j = 0; j != OUTPUT_LENGTH; ++j)
+ output[j] = get_byte(j % 8, digest[j/8]);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void Whirlpool::clear() throw()
+ {
+ MDx_HashFunction::clear();
+ M.clear();
+ digest.clear();
+ }
+
+}
diff --git a/src/wid_wake.cpp b/src/wid_wake.cpp
new file mode 100644
index 000000000..b09ffa2a9
--- /dev/null
+++ b/src/wid_wake.cpp
@@ -0,0 +1,139 @@
+/*************************************************
+* WiderWake Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/wid_wake.h>
+#include <botan/bit_ops.h>
+
+namespace Botan {
+
+/*************************************************
+* Combine cipher stream with message *
+*************************************************/
+void WiderWake_41_BE::cipher(const byte in[], byte out[], u32bit length)
+ {
+ while(length >= buffer.size() - position)
+ {
+ xor_buf(out, in, buffer + position, buffer.size() - position);
+ length -= (buffer.size() - position);
+ in += (buffer.size() - position);
+ out += (buffer.size() - position);
+ generate(buffer.size());
+ }
+ xor_buf(out, in, buffer + position, length);
+ position += length;
+ }
+
+/*************************************************
+* Generate cipher stream *
+*************************************************/
+void WiderWake_41_BE::generate(u32bit length)
+ {
+ u32bit R0 = state[0], R1 = state[1], R2 = state[2],
+ R3 = state[3], R4 = state[4];
+
+ for(u32bit j = 0; j != length; j += 8)
+ {
+ u32bit R0a;
+
+ buffer[j+0] = get_byte(0, R3); buffer[j+1] = get_byte(1, R3);
+ buffer[j+2] = get_byte(2, R3); buffer[j+3] = get_byte(3, R3);
+
+ R0a = R4 + R3; R3 += R2; R2 += R1; R1 += R0;
+ R0a = (R0a >> 8) ^ T[(R0a & 0xFF)];
+ R1 = (R1 >> 8) ^ T[(R1 & 0xFF)];
+ R2 = (R2 >> 8) ^ T[(R2 & 0xFF)];
+ R3 = (R3 >> 8) ^ T[(R3 & 0xFF)];
+ R4 = R0; R0 = R0a;
+
+ buffer[j+4] = get_byte(0, R3); buffer[j+5] = get_byte(1, R3);
+ buffer[j+6] = get_byte(2, R3); buffer[j+7] = get_byte(3, R3);
+
+ R0a = R4 + R3; R3 += R2; R2 += R1; R1 += R0;
+ R0a = (R0a >> 8) ^ T[(R0a & 0xFF)];
+ R1 = (R1 >> 8) ^ T[(R1 & 0xFF)];
+ R2 = (R2 >> 8) ^ T[(R2 & 0xFF)];
+ R3 = (R3 >> 8) ^ T[(R3 & 0xFF)];
+ R4 = R0; R0 = R0a;
+ }
+ state[0] = R0; state[1] = R1; state[2] = R2; state[3] = R3; state[4] = R4;
+ position = 0;
+ }
+
+/*************************************************
+* WiderWake Key Schedule *
+*************************************************/
+void WiderWake_41_BE::key(const byte key[], u32bit)
+ {
+ for(u32bit j = 0; j != 4; ++j)
+ t_key[j] = make_u32bit(key[4*j], key[4*j+1], key[4*j+2], key[4*j+3]);
+
+ static const u32bit MAGIC[8] = {
+ 0x726A8F3B, 0xE69A3B5C, 0xD3C71FE5, 0xAB3C73D2,
+ 0x4D3A8EB3, 0x0396D6E8, 0x3D4C2F7A, 0x9EE27CF3 };
+
+ for(u32bit j = 0; j != 4; ++j)
+ T[j] = t_key[j];
+ for(u32bit j = 4; j != 256; ++j)
+ {
+ u32bit X = T[j-1] + T[j-4];
+ T[j] = (X >> 3) ^ MAGIC[X % 8];
+ }
+ for(u32bit j = 0; j != 23; ++j)
+ T[j] += T[j+89];
+
+ u32bit X = T[33];
+ u32bit Z = (T[59] | 0x01000001) & 0xFF7FFFFF;
+ for(u32bit j = 0; j != 256; ++j)
+ {
+ X = (X & 0xFF7FFFFF) + Z;
+ T[j] = (T[j] & 0x00FFFFFF) ^ X;
+ }
+ X = (T[X & 0xFF] ^ X) & 0xFF;
+ Z = T[0];
+ T[0] = T[X];
+ for(u32bit j = 1; j != 256; ++j)
+ {
+ T[X] = T[j];
+ X = (T[j ^ X] ^ X) & 0xFF;
+ T[j] = T[X];
+ }
+ T[X] = Z;
+
+ position = 0;
+ const byte iv[8] = { 0 };
+ resync(iv, 8);
+ }
+
+/*************************************************
+* Resynchronization *
+*************************************************/
+void WiderWake_41_BE::resync(const byte iv[], u32bit length)
+ {
+ if(length != 8)
+ throw Invalid_IV_Length(name(), length);
+
+ for(u32bit j = 0; j != 4; ++j)
+ state[j] = t_key[j];
+ state[4] = make_u32bit(iv[0], iv[1], iv[2], iv[3]);
+ state[0] ^= state[4];
+ state[2] ^= make_u32bit(iv[4], iv[5], iv[6], iv[7]);
+
+ generate(8*4);
+ generate(buffer.size());
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void WiderWake_41_BE::clear() throw()
+ {
+ position = 0;
+ t_key.clear();
+ state.clear();
+ T.clear();
+ buffer.clear();
+ }
+
+}
diff --git a/src/x509_ca.cpp b/src/x509_ca.cpp
new file mode 100644
index 000000000..eed733f17
--- /dev/null
+++ b/src/x509_ca.cpp
@@ -0,0 +1,287 @@
+/*************************************************
+* X.509 Certificate Authority Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/x509_ca.h>
+#include <botan/x509_ext.h>
+#include <botan/x509stor.h>
+#include <botan/conf.h>
+#include <botan/lookup.h>
+#include <botan/look_pk.h>
+#include <botan/numthry.h>
+#include <botan/oids.h>
+#include <botan/util.h>
+#include <algorithm>
+#include <memory>
+#include <set>
+
+namespace Botan {
+
+/*************************************************
+* Load the certificate and private key *
+*************************************************/
+X509_CA::X509_CA(const X509_Certificate& c,
+ const PKCS8_PrivateKey& key) : cert(c)
+ {
+ const PKCS8_PrivateKey* key_pointer = &key;
+ if(!dynamic_cast<const PK_Signing_Key*>(key_pointer))
+ throw Invalid_Argument("X509_CA: " + key.algo_name() + " cannot sign");
+
+ if(!cert.is_CA_cert())
+ throw Invalid_Argument("X509_CA: This certificate is not for a CA");
+
+ std::string padding;
+ Signature_Format format;
+
+ Config::choose_sig_format(key.algo_name(), padding, format);
+
+ ca_sig_algo.oid = OIDS::lookup(key.algo_name() + "/" + padding);
+ ca_sig_algo.parameters = key.DER_encode_params();
+
+ const PK_Signing_Key& sig_key = dynamic_cast<const PK_Signing_Key&>(key);
+ signer = get_pk_signer(sig_key, padding, format);
+ }
+
+/*************************************************
+* Sign a PKCS #10 certificate request *
+*************************************************/
+X509_Certificate X509_CA::sign_request(const PKCS10_Request& req,
+ u32bit expire_time) const
+ {
+ if(req.is_CA() && !Config::get_bool("x509/ca/allow_ca"))
+ throw Policy_Violation("X509_CA: Attempted to sign new CA certificate");
+
+ Key_Constraints constraints;
+ if(req.is_CA())
+ constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);
+ else
+ {
+ std::auto_ptr<X509_PublicKey> key(req.subject_public_key());
+ constraints = X509::find_constraints(*key, req.constraints());
+ }
+
+ if(expire_time == 0)
+ expire_time = Config::get_time("x509/ca/default_expire");
+
+ const u64bit current_time = system_time();
+
+ X509_Time not_before(current_time);
+ X509_Time not_after(current_time + expire_time);
+
+ return make_cert(signer, ca_sig_algo, req.raw_public_key(),
+ cert.subject_key_id(), not_before, not_after,
+ cert.subject_dn(), req.subject_dn(),
+ req.is_CA(), req.path_limit(), req.subject_alt_name(),
+ AlternativeName(), constraints, req.ex_constraints());
+ }
+
+/*************************************************
+* Create a new certificate *
+*************************************************/
+X509_Certificate X509_CA::make_cert(PK_Signer* signer,
+ const AlgorithmIdentifier& sig_algo,
+ const MemoryRegion<byte>& pub_key,
+ const MemoryRegion<byte>& auth_key_id,
+ const X509_Time& not_before,
+ const X509_Time& not_after,
+ const X509_DN& issuer_dn,
+ const X509_DN& subject_dn,
+ bool is_CA, u32bit path_limit,
+ const AlternativeName& subject_alt,
+ const AlternativeName& issuer_alt,
+ Key_Constraints constraints,
+ const std::vector<OID>& ex_constraints)
+ {
+ const u32bit X509_CERT_VERSION = 2;
+ const u32bit SERIAL_BITS = 128;
+
+ Extensions extensions;
+
+ extensions.add(new Cert_Extension::Subject_Key_ID(pub_key));
+ extensions.add(new Cert_Extension::Authority_Key_ID(auth_key_id));
+
+ extensions.add(
+ new Cert_Extension::Basic_Constraints(is_CA, path_limit));
+
+ extensions.add(new Cert_Extension::Key_Usage(constraints));
+ extensions.add(
+ new Cert_Extension::Extended_Key_Usage(ex_constraints));
+
+ extensions.add(
+ new Cert_Extension::Alternative_Name(subject_alt,
+ "X509v3.SubjectAlternativeName",
+ "subject_alternative_name")
+ );
+
+ extensions.add(
+ new Cert_Extension::Alternative_Name(issuer_alt,
+ "X509v3.IssuerAlternativeName",
+ "issuer_alternative_name")
+ );
+
+ MemoryVector<byte> tbs_bits =
+ DER_Encoder().start_sequence()
+ .start_explicit(ASN1_Tag(0))
+ .encode(X509_CERT_VERSION)
+ .end_explicit(ASN1_Tag(0))
+
+ .encode(random_integer(SERIAL_BITS))
+ .encode(sig_algo)
+ .encode(issuer_dn)
+
+ .start_sequence()
+ .encode(not_before)
+ .encode(not_after)
+ .end_sequence()
+
+ .encode(subject_dn)
+ .add_raw_octets(pub_key)
+
+ .start_explicit(ASN1_Tag(3))
+ .start_sequence()
+ .encode(extensions)
+ .end_sequence()
+ .end_explicit(ASN1_Tag(3))
+ .end_sequence()
+ .get_contents();
+
+ DataSource_Memory source(
+ DER_Encoder()
+ .start_sequence()
+ .add_raw_octets(tbs_bits)
+ .encode(sig_algo)
+ .encode(signer->sign_message(tbs_bits), BIT_STRING)
+ .end_sequence()
+ .get_contents()
+ );
+
+ return X509_Certificate(source);
+ }
+
+/*************************************************
+* Create a new, empty CRL *
+*************************************************/
+X509_CRL X509_CA::new_crl(u32bit next_update) const
+ {
+ std::vector<CRL_Entry> empty;
+ return make_crl(empty, 1, next_update);
+ }
+
+/*************************************************
+* Update a CRL with new entries *
+*************************************************/
+X509_CRL X509_CA::update_crl(const X509_CRL& crl,
+ const std::vector<CRL_Entry>& new_revoked,
+ u32bit next_update) const
+ {
+ std::vector<CRL_Entry> already_revoked = crl.get_revoked();
+ std::vector<CRL_Entry> all_revoked;
+
+ X509_Store store;
+ store.add_cert(cert, true);
+ if(store.add_crl(crl) != VERIFIED)
+ throw Invalid_Argument("X509_CA::update_crl: Invalid CRL provided");
+
+ std::set<SecureVector<byte> > removed_from_crl;
+ for(u32bit j = 0; j != new_revoked.size(); ++j)
+ {
+ if(new_revoked[j].reason == DELETE_CRL_ENTRY)
+ removed_from_crl.insert(new_revoked[j].serial);
+ else
+ all_revoked.push_back(new_revoked[j]);
+ }
+
+ for(u32bit j = 0; j != already_revoked.size(); ++j)
+ {
+ std::set<SecureVector<byte> >::const_iterator i;
+ i = removed_from_crl.find(already_revoked[j].serial);
+
+ if(i == removed_from_crl.end())
+ all_revoked.push_back(already_revoked[j]);
+ }
+ std::sort(all_revoked.begin(), all_revoked.end());
+
+ std::vector<CRL_Entry> cert_list;
+ std::unique_copy(all_revoked.begin(), all_revoked.end(),
+ std::back_inserter(cert_list));
+
+ return make_crl(cert_list, crl.crl_number() + 1, next_update);
+ }
+
+/*************************************************
+* Create a CRL *
+*************************************************/
+X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked,
+ u32bit crl_number, u32bit next_update) const
+ {
+ const u32bit X509_CRL_VERSION = 1;
+
+ if(next_update == 0)
+ next_update = Config::get_time("x509/crl/next_update");
+
+ const u64bit current_time = system_time();
+
+ Extensions extensions;
+ extensions.add(new Cert_Extension::Authority_Key_ID(cert.subject_key_id()));
+ extensions.add(new Cert_Extension::CRL_Number(crl_number));
+
+ DER_Encoder tbs_crl;
+
+ tbs_crl
+ .start_sequence()
+ .encode(X509_CRL_VERSION)
+ .encode(ca_sig_algo)
+ .encode(cert.subject_dn())
+ .encode(X509_Time(current_time))
+ .encode(X509_Time(current_time + next_update));
+
+ if(revoked.size())
+ {
+ tbs_crl.start_sequence();
+ for(u32bit j = 0; j != revoked.size(); ++j)
+ DER::encode(tbs_crl, revoked[j]);
+ tbs_crl.end_sequence();
+ }
+
+ tbs_crl
+ .start_explicit(ASN1_Tag(0))
+ .start_sequence()
+ .encode(extensions)
+ .end_sequence()
+ .end_explicit(ASN1_Tag(0))
+ .end_sequence();
+
+ MemoryVector<byte> tbs_bits = tbs_crl.get_contents();
+ MemoryVector<byte> sig = signer->sign_message(tbs_bits);
+
+ DataSource_Memory source(
+ DER_Encoder()
+ .start_sequence()
+ .add_raw_octets(tbs_bits)
+ .encode(ca_sig_algo)
+ .encode(sig, BIT_STRING)
+ .end_sequence()
+ .get_contents()
+ );
+
+ return X509_CRL(source);
+ }
+
+/*************************************************
+* Return the CA's certificate *
+*************************************************/
+X509_Certificate X509_CA::ca_certificate() const
+ {
+ return cert;
+ }
+
+/*************************************************
+* X509_CA Destructor *
+*************************************************/
+X509_CA::~X509_CA()
+ {
+ delete signer;
+ }
+
+}
diff --git a/src/x509_crl.cpp b/src/x509_crl.cpp
new file mode 100644
index 000000000..520932dba
--- /dev/null
+++ b/src/x509_crl.cpp
@@ -0,0 +1,174 @@
+/*************************************************
+* X.509 CRL Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/x509_crl.h>
+#include <botan/parsing.h>
+#include <botan/bigint.h>
+#include <botan/conf.h>
+#include <botan/oids.h>
+
+namespace Botan {
+
+/*************************************************
+* Load a X.509 CRL *
+*************************************************/
+X509_CRL::X509_CRL(DataSource& in) : X509_Object(in, "X509 CRL/CRL")
+ {
+ version = crl_count = 0;
+
+ do_decode();
+ }
+
+/*************************************************
+* Load a X.509 CRL *
+*************************************************/
+X509_CRL::X509_CRL(const std::string& in) : X509_Object(in, "CRL/X509 CRL")
+ {
+ version = crl_count = 0;
+
+ do_decode();
+ }
+
+/*************************************************
+* Decode the TBSCertList data *
+*************************************************/
+void X509_CRL::force_decode()
+ {
+ BER_Decoder tbs_crl(tbs_bits);
+
+ BER::decode_optional(tbs_crl, version, INTEGER, UNIVERSAL);
+
+ if(version != 0 && version != 1)
+ throw X509_CRL_Error("Unknown X.509 CRL version " +
+ to_string(version+1));
+
+ AlgorithmIdentifier sig_algo_inner;
+ BER::decode(tbs_crl, sig_algo_inner);
+
+ if(sig_algo != sig_algo_inner)
+ throw X509_CRL_Error("Algorithm identifier mismatch");
+
+ BER::decode(tbs_crl, issuer);
+ BER::decode(tbs_crl, start);
+ BER::decode(tbs_crl, end);
+
+ BER_Object next = tbs_crl.get_next_object();
+
+ if(next.type_tag == SEQUENCE && next.class_tag == CONSTRUCTED)
+ {
+ BER_Decoder cert_list(next.value);
+
+ while(cert_list.more_items())
+ {
+ CRL_Entry entry;
+ BER::decode(cert_list, entry);
+ revoked.push_back(entry);
+ }
+ next = tbs_crl.get_next_object();
+ }
+
+ if(next.type_tag == 0 &&
+ next.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
+ {
+ BER_Decoder crl_options(next.value);
+ BER_Decoder sequence = BER::get_subsequence(crl_options);
+
+ while(sequence.more_items())
+ {
+ Extension extn;
+ BER::decode(sequence, extn);
+ handle_crl_extension(extn);
+ }
+ next = tbs_crl.get_next_object();
+ }
+
+ if(next.type_tag != NO_OBJECT)
+ throw X509_CRL_Error("Unknown tag in CRL");
+
+ tbs_crl.verify_end();
+ }
+
+/*************************************************
+* Decode a CRL extension *
+*************************************************/
+void X509_CRL::handle_crl_extension(const Extension& extn)
+ {
+ BER_Decoder value(extn.value);
+
+ if(extn.oid == OIDS::lookup("X509v3.AuthorityKeyIdentifier"))
+ {
+ BER_Decoder key_id = BER::get_subsequence(value);
+ BER::decode_optional_string(key_id, issuer_key_id, OCTET_STRING,
+ ASN1_Tag(0), CONTEXT_SPECIFIC);
+ }
+ else if(extn.oid == OIDS::lookup("X509v3.CRLNumber"))
+ value.decode(crl_count);
+ else
+ {
+ if(extn.critical)
+ {
+ std::string action = Config::get_string("x509/crl/unknown_critical");
+ if(action == "throw")
+ throw X509_CRL_Error("Unknown critical CRL extension " +
+ extn.oid.as_string());
+ else if(action != "ignore")
+ throw Invalid_Argument("Bad value of x509/crl/unknown_critical: "
+ + action);
+ }
+ return;
+ }
+
+ value.verify_end();
+ }
+
+/*************************************************
+* Return the list of revoked certificates *
+*************************************************/
+std::vector<CRL_Entry> X509_CRL::get_revoked() const
+ {
+ return revoked;
+ }
+
+/*************************************************
+* Return the distinguished name of the issuer *
+*************************************************/
+X509_DN X509_CRL::issuer_dn() const
+ {
+ return issuer;
+ }
+
+/*************************************************
+* Return the key identifier of the issuer *
+*************************************************/
+MemoryVector<byte> X509_CRL::authority_key_id() const
+ {
+ return issuer_key_id;
+ }
+
+/*************************************************
+* Return the CRL number of this CRL *
+*************************************************/
+u32bit X509_CRL::crl_number() const
+ {
+ return crl_count;
+ }
+
+/*************************************************
+* Return the issue data of the CRL *
+*************************************************/
+X509_Time X509_CRL::this_update() const
+ {
+ return start;
+ }
+
+/*************************************************
+* Return the date when a new CRL will be issued *
+*************************************************/
+X509_Time X509_CRL::next_update() const
+ {
+ return end;
+ }
+
+}
diff --git a/src/x509_ext.cpp b/src/x509_ext.cpp
new file mode 100644
index 000000000..b814d3c43
--- /dev/null
+++ b/src/x509_ext.cpp
@@ -0,0 +1,357 @@
+/*************************************************
+* X.509 Certificate Extensions Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/x509_ext.h>
+#include <botan/der_enc.h>
+#include <botan/ber_dec.h>
+#include <botan/x509cert.h>
+#include <botan/lookup.h>
+#include <botan/oids.h>
+#include <botan/conf.h>
+#include <botan/bit_ops.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* Encode a Certificate Extension *
+*************************************************/
+void Certificate_Extension::encode_into(DER_Encoder& der,
+ bool is_critical) const
+ {
+ if(should_encode())
+ {
+#if 0
+ der.start_seqeuence()
+ .encode(oid_of())
+ .encode_optional(is_critical, false)
+ .encode(encode_inner(), OCTET_STRING)
+ .end_sequence();
+#else
+ der.start_sequence();
+ der.encode(oid_of());
+ if(is_critical)
+ der.encode(is_critical);
+ der.encode(encode_inner(), OCTET_STRING);
+ der.end_sequence();
+#endif
+ }
+ }
+
+/*************************************************
+* Decode a Certificate Extension *
+*************************************************/
+void Certificate_Extension::decode_from(BER_Decoder& ber)
+ {
+ MemoryVector<byte> value;
+ OID oid;
+
+#if 0
+ ber.start_sequence()
+ .decode(oid)
+ .decode_optional(is_critical, false)
+ .decode(value, OCTET_STRING)
+ .end_sequence();
+#else
+ BER_Decoder extension = BER::get_subsequence(ber);
+ BER::decode(extension, oid);
+ BER::decode_optional(extension, critical, BOOLEAN, UNIVERSAL, false);
+ extension.decode(value, OCTET_STRING);
+ extension.verify_end();
+#endif
+
+ decode_inner(value);
+ }
+
+/*************************************************
+* Encode a Certificate Extension *
+*************************************************/
+void Certificate_Extension::encode_into(DER_Encoder& der) const
+ {
+ encode_into(der, critical);
+ }
+
+/*************************************************
+* Return the OID of this extension *
+*************************************************/
+OID Certificate_Extension::oid_of() const
+ {
+ return OIDS::lookup(oid_name());
+ }
+
+/*************************************************
+* Encode a Certificate Extension *
+*************************************************/
+void Certificate_Extension::maybe_add(class DER_Encoder& der) const
+ {
+ const std::string opt_name = "x509/exts/" + config_id();
+ std::string setting = Config::get_string(opt_name);
+
+ if(setting != "no")
+ encode_into(der, critical || (setting == "critical"));
+ }
+
+/*************************************************
+* Encode an Extensions list *
+*************************************************/
+void Extensions::encode_into(class DER_Encoder& to_object) const
+ {
+ for(u32bit j = 0; j != extensions.size(); ++j)
+ extensions[j]->maybe_add(to_object);
+ }
+
+/*************************************************
+* Delete an Extensions list *
+*************************************************/
+Extensions::~Extensions()
+ {
+ for(u32bit j = 0; j != extensions.size(); ++j)
+ delete extensions[j];
+ }
+
+namespace Cert_Extension {
+
+/*************************************************
+* Encode the extension *
+*************************************************/
+MemoryVector<byte> Basic_Constraints::encode_inner() const
+ {
+ DER_Encoder der;
+
+ der.start_sequence();
+ if(is_ca)
+ {
+ der.encode(true);
+ if(path_limit != NO_CERT_PATH_LIMIT)
+ der.encode(path_limit);
+ }
+ der.end_sequence();
+
+ return der.get_contents();
+ }
+
+/*************************************************
+* Decode the extension *
+*************************************************/
+void Basic_Constraints::decode_inner(const MemoryRegion<byte>& in)
+ {
+ BER_Decoder ber(in);
+
+ BER_Decoder basic_constraints = BER::get_subsequence(ber);
+ BER::decode_optional(basic_constraints, is_ca,
+ BOOLEAN, UNIVERSAL, false);
+ BER::decode_optional(basic_constraints, path_limit,
+ INTEGER, UNIVERSAL, NO_CERT_PATH_LIMIT);
+ basic_constraints.verify_end();
+ }
+
+/*************************************************
+* Basic_Constraints Constructor *
+*************************************************/
+Basic_Constraints::Basic_Constraints(bool is_ca, u32bit path_limit)
+ {
+ this->is_ca = is_ca;
+ this->path_limit = path_limit;
+ }
+
+/*************************************************
+* Encode the extension *
+*************************************************/
+MemoryVector<byte> Key_Usage::encode_inner() const
+ {
+ if(constraints == NO_CONSTRAINTS)
+ throw Encoding_Error("Cannot encode zero usage constraints");
+
+ const u32bit unused_bits = low_bit(constraints) - 1;
+
+ SecureVector<byte> der;
+ der.append(BIT_STRING);
+ der.append(2 + ((unused_bits < 8) ? 1 : 0));
+ der.append(unused_bits % 8);
+ der.append((constraints >> 8) & 0xFF);
+ if(constraints & 0xFF)
+ der.append(constraints & 0xFF);
+
+ return der;
+ }
+
+/*************************************************
+* Decode the extension *
+*************************************************/
+void Key_Usage::decode_inner(const MemoryRegion<byte>& in)
+ {
+ BER_Decoder ber(in);
+
+ BER_Object obj = ber.get_next_object();
+
+ if(obj.type_tag != BIT_STRING || obj.class_tag != UNIVERSAL)
+ throw BER_Bad_Tag("Bad tag for usage constraint",
+ obj.type_tag, obj.class_tag);
+
+ if(obj.value.size() != 2 && obj.value.size() != 3)
+ throw BER_Decoding_Error("Bad size for BITSTRING in usage constraint");
+
+ if(obj.value[0] >= 8)
+ throw BER_Decoding_Error("Invalid unused bits in usage constraint");
+
+ obj.value[obj.value.size()-1] &= (0xFF << obj.value[0]);
+
+ u16bit usage = 0;
+ for(u32bit j = 1; j != obj.value.size(); ++j)
+ usage = (obj.value[j] << 8) | usage;
+
+ constraints = Key_Constraints(usage);
+ }
+
+/*************************************************
+* Key_Usage Constructor *
+*************************************************/
+Key_Usage::Key_Usage(Key_Constraints constraints)
+ {
+ this->constraints = constraints;
+ }
+
+/*************************************************
+* Encode the extension *
+*************************************************/
+MemoryVector<byte> Subject_Key_ID::encode_inner() const
+ {
+ return DER_Encoder().encode(key_id, OCTET_STRING).get_contents();
+ }
+
+/*************************************************
+* Decode the extension *
+*************************************************/
+void Subject_Key_ID::decode_inner(const MemoryRegion<byte>& in)
+ {
+ BER_Decoder(in).decode(key_id, OCTET_STRING).verify_end();
+ }
+
+/*************************************************
+* Subject_Key_ID Constructor *
+*************************************************/
+Subject_Key_ID::Subject_Key_ID(const MemoryRegion<byte>& pub_key)
+ {
+ std::auto_ptr<HashFunction> hash(get_hash("SHA-1"));
+ key_id = hash->process(pub_key);
+ }
+
+/*************************************************
+* Encode the extension *
+*************************************************/
+MemoryVector<byte> Authority_Key_ID::encode_inner() const
+ {
+ return DER_Encoder()
+ .start_sequence()
+ .encode(key_id, OCTET_STRING, ASN1_Tag(0), CONTEXT_SPECIFIC)
+ .end_sequence()
+ .get_contents();
+ }
+
+/*************************************************
+* Decode the extension *
+*************************************************/
+void Authority_Key_ID::decode_inner(const MemoryRegion<byte>& in)
+ {
+ BER_Decoder ber(in);
+
+ }
+
+/*************************************************
+* Authority_Key_ID Constructor *
+*************************************************/
+Authority_Key_ID::Authority_Key_ID(const MemoryRegion<byte>& key_id)
+ {
+ this->key_id = key_id;
+ }
+
+/*************************************************
+* Encode the extension *
+*************************************************/
+MemoryVector<byte> Alternative_Name::encode_inner() const
+ {
+ return DER_Encoder().encode(alt_name).get_contents();
+ }
+
+/*************************************************
+* Decode the extension *
+*************************************************/
+void Alternative_Name::decode_inner(const MemoryRegion<byte>& in)
+ {
+ BER_Decoder ber(in);
+
+ }
+
+/*************************************************
+* Alternative_Name Constructor *
+*************************************************/
+Alternative_Name::Alternative_Name(const AlternativeName& alt_name,
+ const std::string& oid_name_str,
+ const std::string& config_name_str)
+ {
+ this->alt_name = alt_name;
+ this->oid_name_str = oid_name_str;
+ this->config_name_str = config_name_str;
+ }
+
+/*************************************************
+* Encode the extension *
+*************************************************/
+MemoryVector<byte> Extended_Key_Usage::encode_inner() const
+ {
+ DER_Encoder der;
+
+ der.start_sequence();
+ for(u32bit j = 0; j != oids.size(); ++j)
+ der.encode(oids[j]);
+ der.end_sequence();
+
+ return der.get_contents();
+ }
+
+/*************************************************
+* Decode the extension *
+*************************************************/
+void Extended_Key_Usage::decode_inner(const MemoryRegion<byte>& in)
+ {
+ BER_Decoder ber(in);
+
+ }
+
+/*************************************************
+* Extended_Key_Usage Constructor *
+*************************************************/
+Extended_Key_Usage::Extended_Key_Usage(const std::vector<OID>& oids)
+ {
+ this->oids = oids;
+ }
+
+/*************************************************
+* Encode the extension *
+*************************************************/
+MemoryVector<byte> CRL_Number::encode_inner() const
+ {
+ return DER_Encoder().encode(crl_number).get_contents();
+ }
+
+/*************************************************
+* Decode the extension *
+*************************************************/
+void CRL_Number::decode_inner(const MemoryRegion<byte>& in)
+ {
+ BER_Decoder ber(in);
+
+ }
+
+/*************************************************
+* CRL_Number Constructor *
+*************************************************/
+CRL_Number::CRL_Number(u32bit n) : crl_number(n)
+ {
+ }
+
+}
+
+}
diff --git a/src/x509_key.cpp b/src/x509_key.cpp
new file mode 100644
index 000000000..118242b4e
--- /dev/null
+++ b/src/x509_key.cpp
@@ -0,0 +1,197 @@
+/*************************************************
+* X.509 Public Key Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/x509_key.h>
+#include <botan/filters.h>
+#include <botan/asn1_obj.h>
+#include <botan/pk_algs.h>
+#include <botan/oids.h>
+#include <botan/pem.h>
+#include <memory>
+
+namespace Botan {
+
+/*************************************************
+* Compute the key id *
+*************************************************/
+u64bit X509_PublicKey::key_id() const
+ {
+ Pipe pipe(new Hash_Filter("SHA-1", 8));
+
+ pipe.start_msg();
+ pipe.write(algo_name());
+ pipe.write(DER_encode_pub());
+ pipe.write(DER_encode_params());
+ pipe.end_msg();
+
+ SecureVector<byte> output = pipe.read_all();
+
+ if(output.size() != 8)
+ throw Internal_Error("X509_PublicKey::key_id: Incorrect output size");
+
+ u64bit id = 0;
+ for(u32bit j = 0; j != 8; ++j)
+ id = (id << 8) | output[j];
+ return id;
+ }
+
+namespace X509 {
+
+namespace {
+
+/*************************************************
+* Extract the fields of a subjectPublicKeyInfo *
+*************************************************/
+void X509_extract_info(DataSource& source, AlgorithmIdentifier& alg_id,
+ MemoryVector<byte>& key)
+ {
+ BER_Decoder decoder(source);
+ BER_Decoder sequence = BER::get_subsequence(decoder);
+ BER::decode(sequence, alg_id);
+ sequence.decode(key, BIT_STRING);
+ sequence.verify_end();
+ }
+
+}
+
+/*************************************************
+* DER or PEM encode a X.509 public key *
+*************************************************/
+void encode(const X509_PublicKey& key, Pipe& pipe, X509_Encoding encoding)
+ {
+ AlgorithmIdentifier alg_id(key.get_oid(), key.DER_encode_params());
+
+ MemoryVector<byte> der =
+ DER_Encoder()
+ .start_sequence()
+ .encode(alg_id)
+ .encode(key.DER_encode_pub(), BIT_STRING)
+ .end_sequence()
+ .get_contents();
+
+ if(encoding == PEM)
+ pipe.write(PEM_Code::encode(der, "PUBLIC KEY"));
+ else
+ pipe.write(der);
+ }
+
+/*************************************************
+* PEM encode a X.509 public key *
+*************************************************/
+std::string PEM_encode(const X509_PublicKey& key)
+ {
+ Pipe pem;
+ pem.start_msg();
+ encode(key, pem, PEM);
+ pem.end_msg();
+ return pem.read_all_as_string();
+ }
+
+/*************************************************
+* Extract a public key and return it *
+*************************************************/
+X509_PublicKey* load_key(DataSource& source)
+ {
+ try {
+ AlgorithmIdentifier alg_id;
+ MemoryVector<byte> key;
+
+ if(ASN1::maybe_BER(source) && !PEM_Code::matches(source))
+ X509_extract_info(source, alg_id, key);
+ else
+ {
+ DataSource_Memory ber(
+ PEM_Code::decode_check_label(source, "PUBLIC KEY")
+ );
+ X509_extract_info(ber, alg_id, key);
+ }
+
+ if(key.is_empty())
+ throw Decoding_Error("X.509 public key decoding failed");
+
+ const std::string alg_name = OIDS::lookup(alg_id.oid);
+ if(alg_name == "")
+ throw Decoding_Error("Unknown algorithm OID: " +
+ alg_id.oid.as_string());
+
+ std::auto_ptr<X509_PublicKey> key_obj(get_public_key(alg_name));
+ if(!key_obj.get())
+ throw Decoding_Error("Unknown PK algorithm/OID: " + alg_name + ", " +
+ alg_id.oid.as_string());
+
+ Pipe output;
+ output.process_msg(alg_id.parameters);
+ output.process_msg(key);
+ key_obj->BER_decode_params(output);
+ output.set_default_msg(1);
+ key_obj->BER_decode_pub(output);
+
+ return key_obj.release();
+ }
+ catch(Decoding_Error)
+ {
+ throw Decoding_Error("X.509 public key decoding failed");
+ }
+ }
+
+/*************************************************
+* Extract a public key and return it *
+*************************************************/
+X509_PublicKey* load_key(const std::string& fsname)
+ {
+ DataSource_Stream source(fsname, true);
+ return X509::load_key(source);
+ }
+
+/*************************************************
+* Extract a public key and return it *
+*************************************************/
+X509_PublicKey* load_key(const MemoryRegion<byte>& mem)
+ {
+ DataSource_Memory source(mem);
+ return X509::load_key(source);
+ }
+
+/*************************************************
+* Make a copy of this public key *
+*************************************************/
+X509_PublicKey* copy_key(const X509_PublicKey& key)
+ {
+ Pipe bits;
+ bits.start_msg();
+ X509::encode(key, bits, RAW_BER);
+ bits.end_msg();
+ DataSource_Memory source(bits.read_all());
+ return X509::load_key(source);
+ }
+
+/*************************************************
+* Find the allowable key constraints *
+*************************************************/
+Key_Constraints find_constraints(const X509_PublicKey& pub_key,
+ Key_Constraints limits)
+ {
+ const X509_PublicKey* key = &pub_key;
+ u32bit constraints = 0;
+
+ if(dynamic_cast<const PK_Encrypting_Key*>(key))
+ constraints |= KEY_ENCIPHERMENT;
+
+ if(dynamic_cast<const PK_Key_Agreement_Key*>(key))
+ constraints |= KEY_AGREEMENT;
+
+ if(dynamic_cast<const PK_Verifying_wo_MR_Key*>(key) ||
+ dynamic_cast<const PK_Verifying_with_MR_Key*>(key))
+ constraints |= DIGITAL_SIGNATURE | NON_REPUDIATION;
+
+ if(limits)
+ constraints &= limits;
+
+ return Key_Constraints(constraints);
+ }
+
+}
+
+}
diff --git a/src/x509_obj.cpp b/src/x509_obj.cpp
new file mode 100644
index 000000000..ae545c134
--- /dev/null
+++ b/src/x509_obj.cpp
@@ -0,0 +1,165 @@
+/*************************************************
+* X.509 SIGNED Object Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/x509_obj.h>
+#include <botan/parsing.h>
+#include <botan/pem.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* Create a generic X.509 object *
+*************************************************/
+X509_Object::X509_Object(DataSource& stream, const std::string& labels)
+ {
+ init(stream, labels);
+ }
+
+/*************************************************
+* Createa a generic X.509 object *
+*************************************************/
+X509_Object::X509_Object(const std::string& file, const std::string& labels)
+ {
+ DataSource_Stream stream(file, true);
+ init(stream, labels);
+ }
+
+/*************************************************
+* Read a PEM or BER X.509 object *
+*************************************************/
+void X509_Object::init(DataSource& in, const std::string& labels)
+ {
+ PEM_labels_allowed = split_on(labels, '/');
+ if(PEM_labels_allowed.size() < 1)
+ throw Invalid_Argument("Bad labels argument to X509_Object");
+
+ PEM_label_pref = PEM_labels_allowed[0];
+ std::sort(PEM_labels_allowed.begin(), PEM_labels_allowed.end());
+
+ try {
+ if(ASN1::maybe_BER(in) && !PEM_Code::matches(in))
+ decode_info(in);
+ else
+ {
+ std::string got_label;
+ DataSource_Memory ber(PEM_Code::decode(in, got_label));
+
+ if(!std::binary_search(PEM_labels_allowed.begin(),
+ PEM_labels_allowed.end(), got_label))
+ throw Decoding_Error("Invalid PEM label: " + got_label);
+ decode_info(ber);
+ }
+ }
+ catch(Decoding_Error)
+ {
+ throw Decoding_Error(PEM_label_pref + " decoding failed");
+ }
+ }
+
+/*************************************************
+* Read a BER encoded X.509 object *
+*************************************************/
+void X509_Object::decode_info(DataSource& source)
+ {
+ BER_Decoder ber(source);
+ BER_Decoder sequence = BER::get_subsequence(ber);
+ tbs_bits = BER::get_subsequence(sequence).get_remaining();
+
+ BER::decode(sequence, sig_algo);
+ sequence.decode(sig, BIT_STRING);
+ sequence.verify_end();
+ }
+
+/*************************************************
+* Return a BER or PEM encoded X.509 object *
+*************************************************/
+void X509_Object::encode(Pipe& out, X509_Encoding encoding) const
+ {
+ SecureVector<byte> der =
+ DER_Encoder().start_sequence()
+ .add_raw_octets(tbs_data())
+ .encode(sig_algo)
+ .encode(sig, BIT_STRING)
+ .end_sequence()
+ .get_contents();
+
+ if(encoding == PEM)
+ out.write(PEM_Code::encode(der, PEM_label_pref));
+ else
+ out.write(der);
+ }
+
+/*************************************************
+* Return a BER encoded X.509 object *
+*************************************************/
+SecureVector<byte> X509_Object::BER_encode() const
+ {
+ Pipe ber;
+ ber.start_msg();
+ encode(ber, RAW_BER);
+ ber.end_msg();
+ return ber.read_all();
+ }
+
+/*************************************************
+* Return a PEM encoded X.509 object *
+*************************************************/
+std::string X509_Object::PEM_encode() const
+ {
+ Pipe pem;
+ pem.start_msg();
+ encode(pem, PEM);
+ pem.end_msg();
+ return pem.read_all_as_string();
+ }
+
+/*************************************************
+* Return the TBS data *
+*************************************************/
+SecureVector<byte> X509_Object::tbs_data() const
+ {
+ return ASN1::put_in_sequence(tbs_bits);
+ }
+
+/*************************************************
+* Return the signature of this object *
+*************************************************/
+SecureVector<byte> X509_Object::signature() const
+ {
+ return sig;
+ }
+
+/*************************************************
+* Return the algorithm used to sign this object *
+*************************************************/
+AlgorithmIdentifier X509_Object::signature_algorithm() const
+ {
+ return sig_algo;
+ }
+
+/*************************************************
+* Try to decode the actual information *
+*************************************************/
+void X509_Object::do_decode()
+ {
+ try {
+ force_decode();
+ }
+ catch(Decoding_Error& e)
+ {
+ const std::string what = e.what();
+ throw Decoding_Error(PEM_label_pref + " decoding failed (" +
+ what.substr(23, std::string::npos) + ")");
+ }
+ catch(Invalid_Argument& e)
+ {
+ const std::string what = e.what();
+ throw Decoding_Error(PEM_label_pref + " decoding failed (" +
+ what.substr(7, std::string::npos) + ")");
+ }
+ }
+
+}
diff --git a/src/x509cert.cpp b/src/x509cert.cpp
new file mode 100644
index 000000000..143cc84b0
--- /dev/null
+++ b/src/x509cert.cpp
@@ -0,0 +1,471 @@
+/*************************************************
+* X.509 Certificates Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/x509cert.h>
+#include <botan/asn1_int.h>
+#include <botan/stl_util.h>
+#include <botan/parsing.h>
+#include <botan/bigint.h>
+#include <botan/conf.h>
+#include <botan/oids.h>
+#include <botan/pem.h>
+#include <algorithm>
+
+#include <assert.h>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Get information from the DistinguishedName *
+*************************************************/
+void load_info(std::multimap<std::string, std::string>& names,
+ const X509_DN& dn_info)
+ {
+ typedef std::multimap<OID, std::string>::const_iterator rdn_iter;
+ std::multimap<OID, std::string> attr = dn_info.get_attributes();
+
+ for(rdn_iter j = attr.begin(); j != attr.end(); ++j)
+ {
+ const std::string oid_name = OIDS::lookup(j->first);
+
+ if(oid_name == "PKCS9.EmailAddress")
+ multimap_insert(names, std::string("RFC822"), j->second);
+ else
+ multimap_insert(names, oid_name, j->second);
+ }
+ }
+
+/*************************************************
+* Get information from the alternative name *
+*************************************************/
+void load_info(std::multimap<std::string, std::string>& names,
+ const AlternativeName& alt_info)
+ {
+ typedef std::multimap<std::string, std::string>::const_iterator rdn_iter;
+ std::multimap<std::string, std::string> attr = alt_info.get_attributes();
+
+ for(rdn_iter j = attr.begin(); j != attr.end(); ++j)
+ multimap_insert(names, j->first, j->second);
+
+ typedef std::multimap<OID, ASN1_String>::const_iterator on_iter;
+ std::multimap<OID, ASN1_String> othernames = alt_info.get_othernames();
+ for(on_iter j = othernames.begin(); j != othernames.end(); ++j)
+ multimap_insert(names, OIDS::lookup(j->first), j->second.value());
+ }
+
+/*************************************************
+* Get some information from names *
+*************************************************/
+std::string get_info(const std::multimap<std::string, std::string>& names,
+ const std::string& info)
+ {
+ typedef std::multimap<std::string, std::string>::const_iterator rdn_iter;
+
+ const std::string what = X509_DN::deref_info_field(info);
+ std::pair<rdn_iter, rdn_iter> range = names.equal_range(what);
+
+ std::vector<std::string> results;
+ for(rdn_iter j = range.first; j != range.second; ++j)
+ {
+ if(std::find(results.begin(), results.end(), j->second) == results.end())
+ results.push_back(j->second);
+ }
+
+ std::string value;
+ for(u32bit j = 0; j != results.size(); ++j)
+ value += results[j] + '/';
+ if(value.size())
+ value.erase(value.size() - 1, 1);
+ return value;
+ }
+
+/*************************************************
+* Create and populate a X509_DN *
+*************************************************/
+X509_DN create_dn(const std::multimap<std::string, std::string>& names)
+ {
+ typedef std::multimap<std::string, std::string>::const_iterator rdn_iter;
+
+ X509_DN new_dn;
+ for(rdn_iter j = names.begin(); j != names.end(); ++j)
+ {
+ const std::string oid = j->first;
+ const std::string value = j->second;
+ if(!OIDS::have_oid(oid))
+ continue;
+ new_dn.add_attribute(oid, j->second);
+ }
+ return new_dn;
+ }
+
+}
+
+/*************************************************
+* X509_Certificate Constructor *
+*************************************************/
+X509_Certificate::X509_Certificate(DataSource& in) :
+ X509_Object(in, "CERTIFICATE/X509 CERTIFICATE")
+ {
+ is_ca = false;
+ do_decode();
+ }
+
+/*************************************************
+* X509_Certificate Constructor *
+*************************************************/
+X509_Certificate::X509_Certificate(const std::string& in) :
+ X509_Object(in, "CERTIFICATE/X509 CERTIFICATE")
+ {
+ is_ca = false;
+ do_decode();
+ }
+
+/*************************************************
+* Decode the TBSCertificate data *
+*************************************************/
+void X509_Certificate::force_decode()
+ {
+ BER_Decoder tbs_cert(tbs_bits);
+
+ u32bit version;
+ BER::decode_optional(tbs_cert, version, ASN1_Tag(0),
+ ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC));
+ if(version > 2)
+ throw Decoding_Error("Unknown X.509 cert version " + to_string(version));
+ if(version < 2)
+ {
+ is_ca = Config::get_bool("x509/v1_assume_ca");
+ info.add("X509v3.BasicConstraints.path_constraint", NO_CERT_PATH_LIMIT);
+ }
+
+ BigInt serial_bn;
+ tbs_cert.decode(serial_bn);
+
+ AlgorithmIdentifier sig_algo_inner;
+ BER::decode(tbs_cert, sig_algo_inner);
+
+ if(sig_algo != sig_algo_inner)
+ throw Decoding_Error("Algorithm identifier mismatch");
+
+ X509_DN dn_issuer;
+ BER::decode(tbs_cert, dn_issuer);
+ load_info(issuer, dn_issuer);
+
+ X509_Time start, end;
+
+ BER_Decoder validity = BER::get_subsequence(tbs_cert);
+ BER::decode(validity, start);
+ BER::decode(validity, end);
+ validity.verify_end();
+
+ X509_DN dn_subject;
+ BER::decode(tbs_cert, dn_subject);
+ load_info(subject, dn_subject);
+
+ BER_Object public_key = tbs_cert.get_next_object();
+ if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED)
+ throw BER_Bad_Tag("X509_Certificate: Unexpected tag for public key",
+ public_key.type_tag, public_key.class_tag);
+
+ MemoryVector<byte> v2_issuer_key_id, v2_subject_key_id;
+
+ BER::decode_optional_string(tbs_cert, v2_issuer_key_id, BIT_STRING,
+ ASN1_Tag(1), CONTEXT_SPECIFIC);
+ BER::decode_optional_string(tbs_cert, v2_subject_key_id, BIT_STRING,
+ ASN1_Tag(2), CONTEXT_SPECIFIC);
+
+ BER_Object v3_exts_data = tbs_cert.get_next_object();
+ if(v3_exts_data.type_tag == 3 &&
+ v3_exts_data.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC))
+ {
+ BER_Decoder v3_exts_decoder(v3_exts_data.value);
+ BER_Decoder sequence = BER::get_subsequence(v3_exts_decoder);
+
+ while(sequence.more_items())
+ {
+ Extension extn;
+ BER::decode(sequence, extn);
+ handle_v3_extension(extn);
+ }
+ sequence.verify_end();
+ v3_exts_decoder.verify_end();
+ }
+ else if(v3_exts_data.type_tag != NO_OBJECT)
+ throw BER_Bad_Tag("Unknown tag in X.509 cert",
+ v3_exts_data.type_tag, v3_exts_data.class_tag);
+
+ if(tbs_cert.more_items())
+ throw Decoding_Error("TBSCertificate has more items that expected");
+
+ info.add("X509.Certificate.version", version);
+ info.add("X509.Certificate.serial", BigInt::encode(serial_bn));
+ info.add("X509.Certificate.start", start.readable_string());
+ info.add("X509.Certificate.end", end.readable_string());
+
+ info.add("X509.Certificate.v2.issuer_key_id", v2_issuer_key_id);
+ info.add("X509.Certificate.v2.subject_key_id", v2_subject_key_id);
+
+ info.add("X509.Certificate.public_key",
+ PEM_Code::encode(
+ ASN1::put_in_sequence(public_key.value),
+ "PUBLIC KEY"
+ )
+ );
+ }
+
+/*************************************************
+* Decode a particular v3 extension *
+*************************************************/
+void X509_Certificate::handle_v3_extension(const Extension& extn)
+ {
+ BER_Decoder value(extn.value);
+
+ if(extn.oid == OIDS::lookup("X509v3.KeyUsage"))
+ {
+ Key_Constraints constraints;
+ BER::decode(value, constraints);
+
+ if(constraints != NO_CONSTRAINTS)
+ info.add("X509v3.KeyUsage", constraints);
+ }
+ else if(extn.oid == OIDS::lookup("X509v3.ExtendedKeyUsage"))
+ {
+ BER_Decoder key_usage = BER::get_subsequence(value);
+ while(key_usage.more_items())
+ {
+ OID usage_oid;
+ BER::decode(key_usage, usage_oid);
+ info.add("X509v3.ExtendedKeyUsage", usage_oid.as_string());
+ }
+ }
+ else if(extn.oid == OIDS::lookup("X509v3.BasicConstraints"))
+ {
+ u32bit max_path_len = 0;
+ BER_Decoder basic_constraints = BER::get_subsequence(value);
+ BER::decode_optional(basic_constraints, is_ca,
+ BOOLEAN, UNIVERSAL, false);
+ BER::decode_optional(basic_constraints, max_path_len,
+ INTEGER, UNIVERSAL, NO_CERT_PATH_LIMIT);
+
+ info.add("X509v3.BasicConstraints.is_ca", is_ca);
+ info.add("X509v3.BasicConstraints.path_constraint", max_path_len);
+ }
+ else if(extn.oid == OIDS::lookup("X509v3.SubjectKeyIdentifier"))
+ {
+ MemoryVector<byte> v3_subject_key_id;
+ value.decode(v3_subject_key_id, OCTET_STRING);
+ info.add("X509v3.SubjectKeyIdentifier", v3_subject_key_id);
+ }
+ else if(extn.oid == OIDS::lookup("X509v3.AuthorityKeyIdentifier"))
+ {
+ MemoryVector<byte> v3_issuer_key_id;
+ BER_Decoder key_id = BER::get_subsequence(value);
+ BER::decode_optional_string(key_id, v3_issuer_key_id, OCTET_STRING,
+ ASN1_Tag(0), CONTEXT_SPECIFIC);
+
+ info.add("X509v3.AuthorityKeyIdentifier", v3_issuer_key_id);
+ }
+ else if(extn.oid == OIDS::lookup("X509v3.SubjectAlternativeName"))
+ {
+ AlternativeName alt_name;
+ BER::decode(value, alt_name);
+ load_info(subject, alt_name);
+ }
+ else if(extn.oid == OIDS::lookup("X509v3.IssuerAlternativeName"))
+ {
+ AlternativeName alt_name;
+ BER::decode(value, alt_name);
+ load_info(issuer, alt_name);
+ }
+ else if(extn.oid == OIDS::lookup("X509v3.CertificatePolicies"))
+ {
+ BER_Decoder ber_policies = BER::get_subsequence(value);
+ while(ber_policies.more_items())
+ {
+ OID oid;
+ BER_Decoder policy = BER::get_subsequence(ber_policies);
+ BER::decode(policy, oid);
+
+ if(extn.critical && policy.more_items())
+ throw Decoding_Error("X.509 v3 critical policy has qualifiers");
+
+ info.add("X509v3.CertificatePolicies", oid.as_string());
+ }
+ }
+ else
+ {
+ if(extn.critical)
+ throw Decoding_Error("Unknown critical X.509 v3 extension: " +
+ extn.oid.as_string());
+ return;
+ }
+
+ value.verify_end();
+ }
+
+/*************************************************
+* Return the X.509 version in use *
+*************************************************/
+u32bit X509_Certificate::x509_version() const
+ {
+ return (info.get1_u32bit("X509.Certificate.version") + 1);
+ }
+
+/*************************************************
+* Return the time this cert becomes valid *
+*************************************************/
+std::string X509_Certificate::start_time() const
+ {
+ return info.get1("X509.Certificate.start");
+ }
+
+/*************************************************
+* Return the time this cert becomes invalid *
+*************************************************/
+std::string X509_Certificate::end_time() const
+ {
+ return info.get1("X509.Certificate.end");
+ }
+
+/*************************************************
+* Return information about the subject *
+*************************************************/
+std::string X509_Certificate::subject_info(const std::string& info) const
+ {
+ return get_info(subject, info);
+ }
+
+/*************************************************
+* Return information about the issuer *
+*************************************************/
+std::string X509_Certificate::issuer_info(const std::string& info) const
+ {
+ return get_info(issuer, info);
+ }
+
+/*************************************************
+* Return the public key in this certificate *
+*************************************************/
+X509_PublicKey* X509_Certificate::subject_public_key() const
+ {
+ DataSource_Memory source(info.get1("X509.Certificate.public_key"));
+ return X509::load_key(source);
+ }
+
+/*************************************************
+* Check if the certificate is self-signed *
+*************************************************/
+bool X509_Certificate::self_signed() const
+ {
+ return (create_dn(issuer) == create_dn(subject));
+ }
+
+/*************************************************
+* Check if the certificate is for a CA *
+*************************************************/
+bool X509_Certificate::is_CA_cert() const
+ {
+ if(!is_ca) return false;
+ if((constraints() & KEY_CERT_SIGN) ||
+ (constraints() == NO_CONSTRAINTS))
+ return true;
+ return false;
+ }
+
+/*************************************************
+* Return the path length constraint *
+*************************************************/
+u32bit X509_Certificate::path_limit() const
+ {
+ return info.get1_u32bit("X509v3.BasicConstraints.path_constraint");
+ }
+
+/*************************************************
+* Return the key usage constraints *
+*************************************************/
+Key_Constraints X509_Certificate::constraints() const
+ {
+ return Key_Constraints(info.get1_u32bit("X509v3.KeyUsage"));
+ }
+
+/*************************************************
+* Return the list of extended key usage OIDs *
+*************************************************/
+std::vector<std::string> X509_Certificate::ex_constraints() const
+ {
+ return info.get("X509v3.ExtendedKeyUsage");
+ }
+
+/*************************************************
+* Return the list of certificate policies *
+*************************************************/
+std::vector<std::string> X509_Certificate::policies() const
+ {
+ return info.get("X509v3.CertificatePolicies");
+ }
+
+/*************************************************
+* Return the authority key id *
+*************************************************/
+MemoryVector<byte> X509_Certificate::authority_key_id() const
+ {
+ return info.get1_memvec("X509v3.AuthorityKeyIdentifier");
+ }
+
+/*************************************************
+* Return the subject key id *
+*************************************************/
+MemoryVector<byte> X509_Certificate::subject_key_id() const
+ {
+ return info.get1_memvec("X509v3.SubjectKeyIdentifier");
+ }
+
+/*************************************************
+* Return the certificate serial number *
+*************************************************/
+MemoryVector<byte> X509_Certificate::serial_number() const
+ {
+ return info.get1_memvec("X509.Certificate.serial");
+ }
+
+/*************************************************
+* Return the distinguished name of the issuer *
+*************************************************/
+X509_DN X509_Certificate::issuer_dn() const
+ {
+ return create_dn(issuer);
+ }
+
+/*************************************************
+* Return the distinguished name of the subject *
+*************************************************/
+X509_DN X509_Certificate::subject_dn() const
+ {
+ return create_dn(subject);
+ }
+
+/*************************************************
+* Compare two certificates for equality *
+*************************************************/
+bool X509_Certificate::operator==(const X509_Certificate& cert) const
+ {
+ if(sig != cert.sig || sig_algo != cert.sig_algo)
+ return false;
+ if(issuer != cert.issuer || subject != cert.subject)
+ return false;
+ return (info == cert.info);
+ }
+
+/*************************************************
+* X.509 Certificate Comparison *
+*************************************************/
+bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2)
+ {
+ return !(cert1 == cert2);
+ }
+
+}
diff --git a/src/x509find.cpp b/src/x509find.cpp
new file mode 100644
index 000000000..a50ce0bfa
--- /dev/null
+++ b/src/x509find.cpp
@@ -0,0 +1,188 @@
+/*************************************************
+* X.509 Certificate Store Searching Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/x509stor.h>
+#include <botan/charset.h>
+#include <algorithm>
+#include <memory>
+
+namespace Botan {
+
+namespace X509_Store_Search {
+
+namespace {
+
+/*************************************************
+* Comparison Function Pointer *
+*************************************************/
+typedef bool (*compare_fn)(const std::string&, const std::string&);
+
+/*************************************************
+* Predicate for caseless searching *
+*************************************************/
+bool caseless_cmp(char a, char b)
+ {
+ return (to_lower(a) == to_lower(b));
+ }
+
+/*************************************************
+* Compare based on case-insensive substrings *
+*************************************************/
+bool substring_match(const std::string& searching_for,
+ const std::string& found)
+ {
+ if(std::search(found.begin(), found.end(), searching_for.begin(),
+ searching_for.end(), caseless_cmp) != found.end())
+ return true;
+ return false;
+ }
+
+/*************************************************
+* Compare based on case-insensive match *
+*************************************************/
+bool ignore_case(const std::string& searching_for, const std::string& found)
+ {
+ if(searching_for.size() != found.size())
+ return false;
+
+ return std::equal(found.begin(), found.end(),
+ searching_for.begin(), caseless_cmp);
+ }
+
+/*************************************************
+* Search based on the contents of a DN entry *
+*************************************************/
+class DN_Check : public X509_Store::Search_Func
+ {
+ public:
+ bool match(const X509_Certificate& cert) const
+ {
+ return compare(looking_for, cert.subject_info(dn_entry));
+ }
+
+ DN_Check(const std::string& entry, const std::string& target,
+ compare_fn func) :
+ compare(func), dn_entry(entry), looking_for(target) {}
+ private:
+ compare_fn compare;
+ const std::string dn_entry;
+ const std::string looking_for;
+ };
+
+/*************************************************
+* Search based on the key id *
+*************************************************/
+class KeyID_Match : public X509_Store::Search_Func
+ {
+ public:
+ bool match(const X509_Certificate& cert) const
+ {
+ std::auto_ptr<X509_PublicKey> key(cert.subject_public_key());
+ return (key->key_id() == key_id);
+ }
+ KeyID_Match(u64bit id) : key_id(id) {}
+ private:
+ u64bit key_id;
+ };
+
+/*************************************************
+* Search based on the issuer and serial number *
+*************************************************/
+class IandS_Match : public X509_Store::Search_Func
+ {
+ public:
+ bool match(const X509_Certificate& cert) const
+ {
+ if(cert.serial_number() != serial)
+ return false;
+ return (cert.issuer_dn() == issuer);
+ }
+ IandS_Match(const X509_DN& i, const MemoryRegion<byte>& s) :
+ issuer(i), serial(s) {}
+ private:
+ X509_DN issuer;
+ MemoryVector<byte> serial;
+ };
+
+/*************************************************
+* Search based on the subject key id *
+*************************************************/
+class SKID_Match : public X509_Store::Search_Func
+ {
+ public:
+ bool match(const X509_Certificate& cert) const
+ {
+ return (cert.subject_key_id() == skid);
+ }
+ SKID_Match(const MemoryRegion<byte>& s) : skid(s) {}
+ private:
+ MemoryVector<byte> skid;
+ };
+
+}
+
+/*************************************************
+* Search for a certificate by email address *
+*************************************************/
+std::vector<X509_Certificate> by_email(const X509_Store& store,
+ const std::string& email)
+ {
+ DN_Check search_params("RFC822", email, ignore_case);
+ return store.get_certs(search_params);
+ }
+
+/*************************************************
+* Search for a certificate by CommonName *
+*************************************************/
+std::vector<X509_Certificate> by_name(const X509_Store& store,
+ const std::string& name)
+ {
+ DN_Check search_params("CommonName", name, substring_match);
+ return store.get_certs(search_params);
+ }
+
+/*************************************************
+* Search for a certificate by DNS name *
+*************************************************/
+std::vector<X509_Certificate> by_dns(const X509_Store& store,
+ const std::string& dns)
+ {
+ DN_Check search_params("DNS", dns, ignore_case);
+ return store.get_certs(search_params);
+ }
+
+/*************************************************
+* Search for a certificate by key id *
+*************************************************/
+std::vector<X509_Certificate> by_keyid(const X509_Store& store, u64bit key_id)
+ {
+ KeyID_Match search_params(key_id);
+ return store.get_certs(search_params);
+ }
+
+/*************************************************
+* Search for a certificate by issuer/serial *
+*************************************************/
+std::vector<X509_Certificate> by_iands(const X509_Store& store,
+ const X509_DN& issuer,
+ const MemoryRegion<byte>& serial)
+ {
+ IandS_Match search_params(issuer, serial);
+ return store.get_certs(search_params);
+ }
+
+/*************************************************
+* Search for a certificate by subject keyid *
+*************************************************/
+std::vector<X509_Certificate> by_SKID(const X509_Store& store,
+ const MemoryRegion<byte>& skid)
+ {
+ SKID_Match search_params(skid);
+ return store.get_certs(search_params);
+ }
+
+}
+
+}
diff --git a/src/x509opt.cpp b/src/x509opt.cpp
new file mode 100644
index 000000000..b2e6027b6
--- /dev/null
+++ b/src/x509opt.cpp
@@ -0,0 +1,109 @@
+/*************************************************
+* X.509 Certificate Options Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/x509self.h>
+#include <botan/util.h>
+#include <botan/parsing.h>
+#include <botan/oids.h>
+#include <botan/conf.h>
+#include <ctime>
+
+namespace Botan {
+
+/*************************************************
+* Set when the certificate should become valid *
+*************************************************/
+void X509_Cert_Options::not_before(const std::string& time_string)
+ {
+ start = X509_Time(time_string);
+ }
+
+/*************************************************
+* Set when the certificate should expire *
+*************************************************/
+void X509_Cert_Options::not_after(const std::string& time_string)
+ {
+ end = X509_Time(time_string);
+ }
+
+/*************************************************
+* Set key constraint information *
+*************************************************/
+void X509_Cert_Options::add_constraints(Key_Constraints usage)
+ {
+ constraints = usage;
+ }
+
+/*************************************************
+* Set key constraint information *
+*************************************************/
+void X509_Cert_Options::add_ex_constraint(const OID& oid)
+ {
+ ex_constraints.push_back(oid);
+ }
+
+/*************************************************
+* Set key constraint information *
+*************************************************/
+void X509_Cert_Options::add_ex_constraint(const std::string& oid_str)
+ {
+ ex_constraints.push_back(OIDS::lookup(oid_str));
+ }
+
+/*************************************************
+* Mark this certificate for CA usage *
+*************************************************/
+void X509_Cert_Options::CA_key(u32bit limit)
+ {
+ is_CA = true;
+ path_limit = limit;
+ }
+
+/*************************************************
+* Do basic sanity checks *
+*************************************************/
+void X509_Cert_Options::sanity_check() const
+ {
+ if(common_name == "" || country == "")
+ throw Encoding_Error("X.509 certificate: name and country MUST be set");
+ if(country.size() != 2)
+ throw Encoding_Error("Invalid ISO country code: " + country);
+ if(start >= end)
+ throw Encoding_Error("X509_Cert_Options: invalid time constraints");
+ }
+
+/*************************************************
+* Initialize the certificate options *
+*************************************************/
+X509_Cert_Options::X509_Cert_Options(const std::string& initial_opts)
+ {
+ const u32bit DEFAULT_EXPIRE = Config::get_time("x509/ca/default_expire");
+ const u32bit OFFSET_FROM_NOW = Config::get_time("x509/ca/signing_offset");
+
+ is_CA = false;
+ path_limit = 0;
+ constraints = NO_CONSTRAINTS;
+
+ const u64bit current_time = system_time();
+
+ start = X509_Time(current_time - OFFSET_FROM_NOW);
+ end = X509_Time(current_time - OFFSET_FROM_NOW + DEFAULT_EXPIRE);
+
+ if(initial_opts == "")
+ return;
+
+ std::vector<std::string> parsed = split_on(initial_opts, '/');
+
+ if(parsed.size() > 4)
+ throw Invalid_Argument("X.509 cert options: Too many names: "
+ + initial_opts);
+
+ if(parsed.size() >= 1) common_name = parsed[0];
+ if(parsed.size() >= 2) country = parsed[1];
+ if(parsed.size() >= 3) organization = parsed[2];
+ if(parsed.size() == 4) org_unit = parsed[3];
+ }
+
+}
diff --git a/src/x509self.cpp b/src/x509self.cpp
new file mode 100644
index 000000000..281251bef
--- /dev/null
+++ b/src/x509self.cpp
@@ -0,0 +1,198 @@
+/*************************************************
+* PKCS #10/Self Signed Cert Creation Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/x509self.h>
+#include <botan/x509_ext.h>
+#include <botan/x509_ca.h>
+#include <botan/conf.h>
+#include <botan/look_pk.h>
+#include <botan/oids.h>
+#include <botan/pipe.h>
+#include <memory>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Shared setup for self-signed items *
+*************************************************/
+MemoryVector<byte> shared_setup(const X509_Cert_Options& opts,
+ const PKCS8_PrivateKey& key)
+ {
+ const PKCS8_PrivateKey* key_pointer = &key;
+ if(!dynamic_cast<const PK_Signing_Key*>(key_pointer))
+ throw Invalid_Argument("Key type " + key.algo_name() + " cannot sign");
+
+ opts.sanity_check();
+
+ Pipe key_encoder;
+ key_encoder.start_msg();
+ X509::encode(key, key_encoder, RAW_BER);
+ key_encoder.end_msg();
+
+ return key_encoder.read_all();
+ }
+
+/*************************************************
+* Load information from the X509_Cert_Options *
+*************************************************/
+void load_info(const X509_Cert_Options& opts, X509_DN& subject_dn,
+ AlternativeName& subject_alt)
+ {
+ subject_dn.add_attribute("X520.CommonName", opts.common_name);
+ subject_dn.add_attribute("X520.Country", opts.country);
+ subject_dn.add_attribute("X520.State", opts.state);
+ subject_dn.add_attribute("X520.Locality", opts.locality);
+ subject_dn.add_attribute("X520.Organization", opts.organization);
+ subject_dn.add_attribute("X520.OrganizationalUnit", opts.org_unit);
+ subject_dn.add_attribute("X520.SerialNumber", opts.serial_number);
+ subject_alt = AlternativeName(opts.email, opts.uri, opts.dns);
+ subject_alt.add_othername(OIDS::lookup("PKIX.XMPPAddr"),
+ opts.xmpp, UTF8_STRING);
+ }
+
+/*************************************************
+* Choose a signing format for the key *
+*************************************************/
+PK_Signer* choose_sig_format(const PKCS8_PrivateKey& key,
+ AlgorithmIdentifier& sig_algo)
+ {
+ std::string padding;
+ Signature_Format format;
+ Config::choose_sig_format(key.algo_name(), padding, format);
+
+ sig_algo.oid = OIDS::lookup(key.algo_name() + "/" + padding);
+ sig_algo.parameters = key.DER_encode_params();
+
+ const PK_Signing_Key& sig_key = dynamic_cast<const PK_Signing_Key&>(key);
+
+ return get_pk_signer(sig_key, padding, format);
+ }
+
+}
+
+namespace X509 {
+
+/*************************************************
+* Create a new self-signed X.509 certificate *
+*************************************************/
+X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts,
+ const PKCS8_PrivateKey& key)
+ {
+ AlgorithmIdentifier sig_algo;
+ X509_DN subject_dn;
+ AlternativeName subject_alt;
+
+ MemoryVector<byte> pub_key = shared_setup(opts, key);
+ std::auto_ptr<PK_Signer> signer(choose_sig_format(key, sig_algo));
+ load_info(opts, subject_dn, subject_alt);
+
+ Key_Constraints constraints;
+ if(opts.is_CA)
+ constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN);
+ else
+ constraints = find_constraints(key, opts.constraints);
+
+ return X509_CA::make_cert(signer.get(), sig_algo, pub_key,
+ MemoryVector<byte>(), opts.start, opts.end,
+ subject_dn, subject_dn,
+ opts.is_CA, opts.path_limit,
+ subject_alt, subject_alt,
+ constraints, opts.ex_constraints);
+ }
+
+/*************************************************
+* Create a PKCS #10 certificate request *
+*************************************************/
+PKCS10_Request create_cert_req(const X509_Cert_Options& opts,
+ const PKCS8_PrivateKey& key)
+ {
+ AlgorithmIdentifier sig_algo;
+ X509_DN subject_dn;
+ AlternativeName subject_alt;
+
+ MemoryVector<byte> pub_key = shared_setup(opts, key);
+ std::auto_ptr<PK_Signer> signer(choose_sig_format(key, sig_algo));
+ load_info(opts, subject_dn, subject_alt);
+
+ const u32bit PKCS10_VERSION = 0;
+
+ Extensions extensions;
+
+ extensions.add(
+ new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit));
+ extensions.add(
+ new Cert_Extension::Key_Usage(
+ opts.is_CA ? Key_Constraints(KEY_CERT_SIGN | CRL_SIGN) :
+ find_constraints(key, opts.constraints)
+ )
+ );
+ extensions.add(
+ new Cert_Extension::Extended_Key_Usage(opts.ex_constraints));
+ extensions.add(
+ new Cert_Extension::Alternative_Name(subject_alt,
+ "X509v3.SubjectAlternativeName",
+ "subject_alternative_name")
+ );
+
+ DER_Encoder tbs_req;
+
+ tbs_req.start_sequence()
+ .encode(PKCS10_VERSION)
+ .encode(subject_dn)
+ .add_raw_octets(pub_key)
+ .start_explicit(ASN1_Tag(0));
+
+ if(opts.challenge != "")
+ {
+ ASN1_String challenge(opts.challenge, DIRECTORY_STRING);
+
+#if 0
+ DER_Encoder attr_encoder;
+ attr_encoder.encode(challenge);
+ tbs_req.encode(
+ Attribute("PKCS9.ChallengePassword", attr_encoder.get_contents())
+ );
+#else
+ tbs_req.encode(
+ Attribute("PKCS9.ChallengePassword",
+ DER_Encoder().encode(challenge).get_contents()
+ )
+ );
+#endif
+ }
+
+ tbs_req.encode(
+ Attribute("PKCS9.ExtensionRequest",
+ DER_Encoder()
+ .start_sequence()
+ .encode(extensions)
+ .end_sequence()
+ .get_contents()
+ )
+ )
+ .end_explicit(ASN1_Tag(0))
+ .end_sequence();
+
+ MemoryVector<byte> tbs_bits = tbs_req.get_contents();
+ MemoryVector<byte> sig = signer->sign_message(tbs_bits);
+
+ DataSource_Memory source(
+ DER_Encoder()
+ .start_sequence()
+ .add_raw_octets(tbs_bits)
+ .encode(sig_algo)
+ .encode(sig, BIT_STRING)
+ .end_sequence()
+ .get_contents()
+ );
+
+ return PKCS10_Request(source);
+ }
+
+}
+
+}
diff --git a/src/x509stor.cpp b/src/x509stor.cpp
new file mode 100644
index 000000000..ee89a5d97
--- /dev/null
+++ b/src/x509stor.cpp
@@ -0,0 +1,670 @@
+/*************************************************
+* X.509 Certificate Store Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/x509stor.h>
+#include <botan/parsing.h>
+#include <botan/pubkey.h>
+#include <botan/look_pk.h>
+#include <botan/oids.h>
+#include <botan/conf.h>
+#include <botan/util.h>
+#include <algorithm>
+#include <memory>
+
+namespace Botan {
+
+namespace {
+
+/*************************************************
+* Compare the value of unique ID fields *
+*************************************************/
+bool compare_ids(const MemoryVector<byte>& id1,
+ const MemoryVector<byte>& id2)
+ {
+ if(!id1.size() || !id2.size())
+ return true;
+ return (id1 == id2);
+ }
+
+/*************************************************
+* Check a particular usage restriction *
+*************************************************/
+bool check_usage(const X509_Certificate& cert, X509_Store::Cert_Usage usage,
+ X509_Store::Cert_Usage check_for, Key_Constraints constraints)
+ {
+ if((usage & check_for) == 0)
+ return true;
+ if(cert.constraints() == NO_CONSTRAINTS)
+ return true;
+ if(cert.constraints() & constraints)
+ return true;
+ return false;
+ }
+
+/*************************************************
+* Check a particular usage restriction *
+*************************************************/
+bool check_usage(const X509_Certificate& cert, X509_Store::Cert_Usage usage,
+ X509_Store::Cert_Usage check_for,
+ const std::string& usage_oid)
+ {
+ if((usage & check_for) == 0)
+ return true;
+
+ const std::vector<std::string> constraints = cert.ex_constraints();
+
+ if(constraints.empty())
+ return true;
+
+ return std::binary_search(constraints.begin(), constraints.end(),
+ usage_oid);
+ }
+
+/*************************************************
+* Check the usage restrictions *
+*************************************************/
+X509_Code usage_check(const X509_Certificate& cert,
+ X509_Store::Cert_Usage usage)
+ {
+ if(usage == X509_Store::ANY)
+ return VERIFIED;
+
+ if(!check_usage(cert, usage, X509_Store::CRL_SIGNING, CRL_SIGN))
+ return CA_CERT_NOT_FOR_CRL_ISSUER;
+
+ if(!check_usage(cert, usage, X509_Store::TLS_SERVER, "PKIX.ServerAuth"))
+ return INVALID_USAGE;
+ if(!check_usage(cert, usage, X509_Store::TLS_CLIENT, "PKIX.ClientAuth"))
+ return INVALID_USAGE;
+ if(!check_usage(cert, usage, X509_Store::CODE_SIGNING, "PKIX.CodeSigning"))
+ return INVALID_USAGE;
+ if(!check_usage(cert, usage, X509_Store::EMAIL_PROTECTION,
+ "PKIX.EmailProtection"))
+ return INVALID_USAGE;
+ if(!check_usage(cert, usage, X509_Store::TIME_STAMPING,
+ "PKIX.TimeStamping"))
+ return INVALID_USAGE;
+
+ return VERIFIED;
+ }
+
+}
+
+/*************************************************
+* Define equality for revocation data *
+*************************************************/
+bool X509_Store::CRL_Data::operator==(const CRL_Data& other) const
+ {
+ if(issuer != other.issuer)
+ return false;
+ if(serial != other.serial)
+ return false;
+ return compare_ids(auth_key_id, other.auth_key_id);
+ }
+
+/*************************************************
+* Define inequality for revocation data *
+*************************************************/
+bool X509_Store::CRL_Data::operator!=(const CRL_Data& other) const
+ {
+ return !((*this) == other);
+ }
+
+/*************************************************
+* Define an ordering for revocation data *
+*************************************************/
+bool X509_Store::CRL_Data::operator<(const X509_Store::CRL_Data& other) const
+ {
+ if(*this == other)
+ return false;
+
+ const MemoryVector<byte>& serial1 = serial;
+ const MemoryVector<byte>& key_id1 = auth_key_id;
+ const MemoryVector<byte>& serial2 = other.serial;
+ const MemoryVector<byte>& key_id2 = other.auth_key_id;
+
+ if(compare_ids(key_id1, key_id2) == false)
+ {
+ if(std::lexicographical_compare(key_id1.begin(), key_id1.end(),
+ key_id2.begin(), key_id2.end()))
+ return true;
+
+ if(std::lexicographical_compare(key_id2.begin(), key_id2.end(),
+ key_id1.begin(), key_id1.end()))
+ return false;
+ }
+
+ if(compare_ids(serial1, serial2) == false)
+ {
+ if(std::lexicographical_compare(serial1.begin(), serial1.end(),
+ serial2.begin(), serial2.end()))
+ return true;
+
+ if(std::lexicographical_compare(serial2.begin(), serial2.end(),
+ serial1.begin(), serial1.end()))
+ return false;
+ }
+
+ return (issuer < other.issuer);
+ }
+
+/*************************************************
+* X509_Store Constructor *
+*************************************************/
+X509_Store::X509_Store()
+ {
+ revoked_info_valid = true;
+ }
+
+/*************************************************
+* X509_Store Copy Constructor *
+*************************************************/
+X509_Store::X509_Store(const X509_Store& store)
+ {
+ certs = store.certs;
+ revoked = store.revoked;
+ revoked_info_valid = store.revoked_info_valid;
+ for(u32bit j = 0; j != store.stores.size(); ++j)
+ stores[j] = store.stores[j]->clone();
+ }
+
+/*************************************************
+* X509_Store Destructor *
+*************************************************/
+X509_Store::~X509_Store()
+ {
+ for(u32bit j = 0; j != stores.size(); ++j)
+ delete stores[j];
+ }
+
+/*************************************************
+* Verify a certificate's authenticity *
+*************************************************/
+X509_Code X509_Store::validate_cert(const X509_Certificate& cert,
+ Cert_Usage cert_usage)
+ {
+ recompute_revoked_info();
+
+ std::vector<u32bit> indexes;
+ X509_Code chaining_result = construct_cert_chain(cert, indexes);
+ if(chaining_result != VERIFIED)
+ return chaining_result;
+
+ const u64bit current_time = system_time();
+
+ s32bit time_check = validity_check(cert.start_time(), cert.end_time(),
+ current_time);
+ if(time_check < 0) return CERT_NOT_YET_VALID;
+ else if(time_check > 0) return CERT_HAS_EXPIRED;
+
+ X509_Code sig_check_result = check_sig(cert, certs[indexes[0]]);
+ if(sig_check_result != VERIFIED)
+ return sig_check_result;
+
+ if(is_revoked(cert))
+ return CERT_IS_REVOKED;
+
+ for(u32bit j = 0; j != indexes.size() - 1; ++j)
+ {
+ const X509_Certificate& current_cert = certs[indexes[j]].cert;
+ time_check = validity_check(current_cert.start_time(),
+ current_cert.end_time(), current_time);
+ if(time_check < 0) return CERT_NOT_YET_VALID;
+ else if(time_check > 0) return CERT_HAS_EXPIRED;
+
+ sig_check_result = check_sig(certs[indexes[j]], certs[indexes[j+1]]);
+ if(sig_check_result != VERIFIED)
+ return sig_check_result;
+ }
+
+ return usage_check(cert, cert_usage);
+ }
+
+/*************************************************
+* Find this certificate *
+*************************************************/
+u32bit X509_Store::find_cert(const X509_DN& subject_dn,
+ const MemoryRegion<byte>& subject_key_id) const
+ {
+ for(u32bit j = 0; j != certs.size(); ++j)
+ {
+ const X509_Certificate& this_cert = certs[j].cert;
+ if(compare_ids(this_cert.subject_key_id(), subject_key_id) &&
+ this_cert.subject_dn() == subject_dn)
+ return j;
+ }
+ return NO_CERT_FOUND;
+ }
+
+/*************************************************
+* Find the parent of this certificate *
+*************************************************/
+u32bit X509_Store::find_parent_of(const X509_Certificate& cert)
+ {
+ const X509_DN issuer_dn = cert.issuer_dn();
+ const MemoryVector<byte> auth_key_id = cert.authority_key_id();
+
+ u32bit index = find_cert(issuer_dn, auth_key_id);
+
+ if(index != NO_CERT_FOUND)
+ return index;
+
+ if(auth_key_id.size())
+ {
+ for(u32bit j = 0; j != stores.size(); ++j)
+ {
+ std::vector<X509_Certificate> got = stores[j]->by_SKID(auth_key_id);
+
+ if(got.empty())
+ continue;
+
+ for(u32bit k = 0; k != got.size(); ++k)
+ add_cert(got[k]);
+ return find_cert(issuer_dn, auth_key_id);
+ }
+ }
+
+ return NO_CERT_FOUND;
+ }
+
+/*************************************************
+* Construct a chain of certificate relationships *
+*************************************************/
+X509_Code X509_Store::construct_cert_chain(const X509_Certificate& end_cert,
+ std::vector<u32bit>& indexes,
+ bool need_full_chain)
+ {
+ u32bit parent = find_parent_of(end_cert);
+
+ while(true)
+ {
+ if(parent == NO_CERT_FOUND)
+ return CERT_ISSUER_NOT_FOUND;
+ indexes.push_back(parent);
+
+ if(certs[parent].is_verified())
+ if(certs[parent].verify_result() != VERIFIED)
+ return certs[parent].verify_result();
+
+ const X509_Certificate& parent_cert = certs[parent].cert;
+ if(!parent_cert.is_CA_cert())
+ return CA_CERT_NOT_FOR_CERT_ISSUER;
+
+ if(certs[parent].is_trusted())
+ break;
+ if(parent_cert.self_signed())
+ return CANNOT_ESTABLISH_TRUST;
+
+ if(parent_cert.path_limit() < indexes.size() - 1)
+ return CERT_CHAIN_TOO_LONG;
+
+ parent = find_parent_of(parent_cert);
+ }
+
+ if(need_full_chain)
+ return VERIFIED;
+
+ while(true)
+ {
+ if(indexes.size() < 2)
+ break;
+
+ const u32bit cert = indexes.back();
+
+ if(certs[cert].is_verified())
+ {
+ if(certs[cert].verify_result() != VERIFIED)
+ throw Internal_Error("X509_Store::construct_cert_chain");
+ indexes.pop_back();
+ }
+ else
+ break;
+ }
+
+ const u32bit last_cert = indexes.back();
+ const u32bit parent_of_last_cert = find_parent_of(certs[last_cert].cert);
+ if(parent_of_last_cert == NO_CERT_FOUND)
+ return CERT_ISSUER_NOT_FOUND;
+ indexes.push_back(parent_of_last_cert);
+
+ return VERIFIED;
+ }
+
+/*************************************************
+* Check the CAs signature on a certificate *
+*************************************************/
+X509_Code X509_Store::check_sig(const Cert_Info& cert_info,
+ const Cert_Info& ca_cert_info) const
+ {
+ if(cert_info.is_verified())
+ return cert_info.verify_result();
+
+ const X509_Certificate& cert = cert_info.cert;
+ const X509_Certificate& ca_cert = ca_cert_info.cert;
+
+ X509_Code verify_code = check_sig(cert, ca_cert.subject_public_key());
+
+ cert_info.set_result(verify_code);
+
+ return verify_code;
+ }
+
+/*************************************************
+* Check a CA's signature *
+*************************************************/
+X509_Code X509_Store::check_sig(const X509_Object& object, X509_PublicKey* key)
+ {
+ std::auto_ptr<X509_PublicKey> pub_key(key);
+ std::auto_ptr<PK_Verifier> verifier;
+
+ try {
+ std::vector<std::string> sig_info =
+ split_on(OIDS::lookup(object.signature_algorithm().oid), '/');
+
+ if(sig_info.size() != 2 || sig_info[0] != pub_key->algo_name())
+ return SIGNATURE_ERROR;
+
+ std::string padding = sig_info[1];
+ Signature_Format format;
+ if(key->message_parts() >= 2) format = DER_SEQUENCE;
+ else format = IEEE_1363;
+
+ if(dynamic_cast<PK_Verifying_with_MR_Key*>(pub_key.get()))
+ {
+ PK_Verifying_with_MR_Key* sig_key =
+ dynamic_cast<PK_Verifying_with_MR_Key*>(pub_key.get());
+ verifier.reset(get_pk_verifier(*sig_key, padding, format));
+ }
+ else if(dynamic_cast<PK_Verifying_wo_MR_Key*>(pub_key.get()))
+ {
+ PK_Verifying_wo_MR_Key* sig_key =
+ dynamic_cast<PK_Verifying_wo_MR_Key*>(pub_key.get());
+ verifier.reset(get_pk_verifier(*sig_key, padding, format));
+ }
+ else
+ return CA_CERT_CANNOT_SIGN;
+
+ bool valid = verifier->verify_message(object.tbs_data(),
+ object.signature());
+
+ if(valid)
+ return VERIFIED;
+ else
+ return SIGNATURE_ERROR;
+ }
+ catch(Decoding_Error) { return CERT_FORMAT_ERROR; }
+ catch(Exception) {}
+
+ return UNKNOWN_X509_ERROR;
+ }
+
+/*************************************************
+* Recompute the revocation status of the certs *
+*************************************************/
+void X509_Store::recompute_revoked_info() const
+ {
+ if(revoked_info_valid)
+ return;
+
+ for(u32bit j = 0; j != certs.size(); ++j)
+ {
+ if((certs[j].is_verified()) && (certs[j].verify_result() != VERIFIED))
+ continue;
+
+ if(is_revoked(certs[j].cert))
+ certs[j].set_result(CERT_IS_REVOKED);
+ }
+
+ revoked_info_valid = true;
+ }
+
+/*************************************************
+* Check if a certificate is revoked *
+*************************************************/
+bool X509_Store::is_revoked(const X509_Certificate& cert) const
+ {
+ CRL_Data revoked_info;
+ revoked_info.issuer = cert.issuer_dn();
+ revoked_info.serial = cert.serial_number();
+ revoked_info.auth_key_id = cert.authority_key_id();
+
+ if(std::binary_search(revoked.begin(), revoked.end(), revoked_info))
+ return true;
+ return false;
+ }
+
+/*************************************************
+* Retrieve all the certificates in the store *
+*************************************************/
+std::vector<X509_Certificate>
+X509_Store::get_certs(const Search_Func& search) const
+ {
+ std::vector<X509_Certificate> found_certs;
+ for(u32bit j = 0; j != certs.size(); ++j)
+ {
+ if(search.match(certs[j].cert))
+ found_certs.push_back(certs[j].cert);
+ }
+ return found_certs;
+ }
+
+/*************************************************
+* Construct a path back to a root for this cert *
+*************************************************/
+std::vector<X509_Certificate>
+X509_Store::get_cert_chain(const X509_Certificate& cert)
+ {
+ std::vector<X509_Certificate> result;
+ std::vector<u32bit> indexes;
+ X509_Code chaining_result = construct_cert_chain(cert, indexes, true);
+
+ if(chaining_result != VERIFIED)
+ throw Invalid_State("X509_Store::get_cert_chain: Can't construct chain");
+
+ for(u32bit j = 0; j != indexes.size(); ++j)
+ result.push_back(certs[indexes[j]].cert);
+ return result;
+ }
+
+/*************************************************
+* Add a certificate store to the list of stores *
+*************************************************/
+void X509_Store::add_new_certstore(Certificate_Store* certstore)
+ {
+ stores.push_back(certstore);
+ }
+
+/*************************************************
+* Add a certificate to the store *
+*************************************************/
+void X509_Store::add_cert(const X509_Certificate& cert, bool trusted)
+ {
+ if(trusted && !cert.self_signed())
+ throw Invalid_Argument("X509_Store: Trusted certs must be self-signed");
+
+ if(find_cert(cert.subject_dn(), cert.subject_key_id()) == NO_CERT_FOUND)
+ {
+ revoked_info_valid = false;
+ Cert_Info info(cert, trusted);
+ certs.push_back(info);
+ }
+ else if(trusted)
+ {
+ for(u32bit j = 0; j != certs.size(); ++j)
+ {
+ const X509_Certificate& this_cert = certs[j].cert;
+ if(this_cert == cert)
+ certs[j].trusted = trusted;
+ }
+ }
+ }
+
+/*************************************************
+* Add one or more certificates to the store *
+*************************************************/
+void X509_Store::do_add_certs(DataSource& source, bool trusted)
+ {
+ while(!source.end_of_data())
+ {
+ try {
+ X509_Certificate cert(source);
+ add_cert(cert, trusted);
+ }
+ catch(Decoding_Error) {}
+ catch(Invalid_Argument) {}
+ }
+ }
+
+/*************************************************
+* Add one or more certificates to the store *
+*************************************************/
+void X509_Store::add_certs(DataSource& source)
+ {
+ do_add_certs(source, false);
+ }
+
+/*************************************************
+* Add one or more certificates to the store *
+*************************************************/
+void X509_Store::add_trusted_certs(DataSource& source)
+ {
+ do_add_certs(source, true);
+ }
+
+/*************************************************
+* Add one or more certificates to the store *
+*************************************************/
+X509_Code X509_Store::add_crl(const X509_CRL& crl)
+ {
+ s32bit time_check = validity_check(crl.this_update(), crl.next_update(),
+ system_time());
+ if(time_check < 0) return CRL_NOT_YET_VALID;
+ else if(time_check > 0) return CRL_HAS_EXPIRED;
+
+ u32bit cert_index = NO_CERT_FOUND;
+
+ for(u32bit j = 0; j != certs.size(); ++j)
+ {
+ const X509_Certificate& this_cert = certs[j].cert;
+ if(compare_ids(this_cert.subject_key_id(), crl.authority_key_id()))
+ {
+ if(this_cert.subject_dn() == crl.issuer_dn())
+ cert_index = j;
+ }
+ }
+
+ if(cert_index == NO_CERT_FOUND)
+ return CRL_ISSUER_NOT_FOUND;
+
+ const X509_Certificate& ca_cert = certs[cert_index].cert;
+
+ X509_Code verify_result = validate_cert(ca_cert, CRL_SIGNING);
+ if(verify_result != VERIFIED)
+ return verify_result;
+
+ verify_result = check_sig(crl, ca_cert.subject_public_key());
+ if(verify_result != VERIFIED)
+ return verify_result;
+
+ std::vector<CRL_Entry> revoked_certs = crl.get_revoked();
+
+ for(u32bit j = 0; j != revoked_certs.size(); ++j)
+ {
+ CRL_Data revoked_info;
+ revoked_info.issuer = crl.issuer_dn();
+ revoked_info.serial = revoked_certs[j].serial;
+ revoked_info.auth_key_id = crl.authority_key_id();
+
+ std::vector<CRL_Data>::iterator p =
+ std::find(revoked.begin(), revoked.end(), revoked_info);
+
+ if(revoked_certs[j].reason == REMOVE_FROM_CRL)
+ {
+ if(p == revoked.end()) continue;
+ revoked.erase(p);
+ }
+ else
+ {
+ if(p != revoked.end()) continue;
+ revoked.push_back(revoked_info);
+ }
+ }
+
+ std::sort(revoked.begin(), revoked.end());
+ revoked_info_valid = false;
+
+ return VERIFIED;
+ }
+
+/*************************************************
+* PEM encode the set of certificates *
+*************************************************/
+std::string X509_Store::PEM_encode() const
+ {
+ std::string cert_store;
+ for(u32bit j = 0; j != certs.size(); ++j)
+ cert_store += certs[j].cert.PEM_encode();
+ return cert_store;
+ }
+
+/*************************************************
+* Create a Cert_Info structure *
+*************************************************/
+X509_Store::Cert_Info::Cert_Info(const X509_Certificate& c,
+ bool t) : cert(c), trusted(t)
+ {
+ checked = false;
+ result = UNKNOWN_X509_ERROR;
+ last_checked = 0;
+ }
+
+/*************************************************
+* Return the verification results *
+*************************************************/
+X509_Code X509_Store::Cert_Info::verify_result() const
+ {
+ if(!checked)
+ throw Invalid_State("Cert_Info::verify_result() called; not checked");
+ return result;
+ }
+
+/*************************************************
+* Set the verification results *
+*************************************************/
+void X509_Store::Cert_Info::set_result(X509_Code code) const
+ {
+ result = code;
+ last_checked = system_time();
+ checked = true;
+ }
+
+/*************************************************
+* Check if this certificate can be trusted *
+*************************************************/
+bool X509_Store::Cert_Info::is_trusted() const
+ {
+ return trusted;
+ }
+
+/*************************************************
+* Check if this certificate has been verified *
+*************************************************/
+bool X509_Store::Cert_Info::is_verified() const
+ {
+ if(!checked)
+ return false;
+ if(result != VERIFIED && result != CERT_NOT_YET_VALID)
+ return true;
+
+ const u32bit CACHE_TIME = Config::get_time("x509/cache_verify_results");
+ const u64bit current_time = system_time();
+
+ if(current_time > last_checked + CACHE_TIME)
+ checked = false;
+
+ return checked;
+ }
+
+}
diff --git a/src/x919_mac.cpp b/src/x919_mac.cpp
new file mode 100644
index 000000000..8e43a5742
--- /dev/null
+++ b/src/x919_mac.cpp
@@ -0,0 +1,92 @@
+/*************************************************
+* ANSI X9.19 MAC Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/x919_mac.h>
+#include <botan/lookup.h>
+#include <botan/bit_ops.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* Update an ANSI X9.19 MAC Calculation *
+*************************************************/
+void ANSI_X919_MAC::add_data(const byte input[], u32bit length)
+ {
+ u32bit xored = std::min(8 - position, length);
+ xor_buf(state + position, input, xored);
+ position += xored;
+
+ if(position < 8) return;
+
+ e->encrypt(state);
+ input += xored;
+ length -= xored;
+ while(length >= 8)
+ {
+ xor_buf(state, input, 8);
+ e->encrypt(state);
+ input += 8;
+ length -= 8;
+ }
+
+ xor_buf(state, input, length);
+ position = length;
+ }
+
+/*************************************************
+* Finalize an ANSI X9.19 MAC Calculation *
+*************************************************/
+void ANSI_X919_MAC::final_result(byte mac[])
+ {
+ if(position)
+ e->encrypt(state);
+ d->decrypt(state, mac);
+ e->encrypt(mac);
+ state.clear();
+ position = 0;
+ }
+
+/*************************************************
+* ANSI X9.19 MAC Key Schedule *
+*************************************************/
+void ANSI_X919_MAC::key(const byte key[], u32bit length)
+ {
+ e->set_key(key, 8);
+ if(length == 8) d->set_key(key, 8);
+ else d->set_key(key + 8, 8);
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void ANSI_X919_MAC::clear() throw()
+ {
+ e->clear();
+ d->clear();
+ state.clear();
+ position = 0;
+ }
+
+/*************************************************
+* ANSI X9.19 MAC Constructor *
+*************************************************/
+ANSI_X919_MAC::ANSI_X919_MAC() : MessageAuthenticationCode(8, 8, 16, 8)
+ {
+ e = get_block_cipher("DES");
+ d = get_block_cipher("DES");
+ position = 0;
+ }
+
+/*************************************************
+* ANSI X9.19 MAC Destructor *
+*************************************************/
+ANSI_X919_MAC::~ANSI_X919_MAC()
+ {
+ delete e;
+ delete d;
+ }
+
+}
diff --git a/src/x931_rng.cpp b/src/x931_rng.cpp
new file mode 100644
index 000000000..ab16c7bba
--- /dev/null
+++ b/src/x931_rng.cpp
@@ -0,0 +1,136 @@
+/*************************************************
+* ANSI X9.31 RNG Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/x931_rng.h>
+#include <botan/lookup.h>
+#include <botan/randpool.h>
+#include <botan/bit_ops.h>
+#include <algorithm>
+
+namespace Botan {
+
+/*************************************************
+* Generate a buffer of random bytes *
+*************************************************/
+void ANSI_X931_RNG::randomize(byte out[], u32bit length) throw(PRNG_Unseeded)
+ {
+ if(!is_seeded())
+ throw PRNG_Unseeded(name());
+
+ while(length)
+ {
+ const u32bit copied = std::min(length, R.size() - position);
+
+ copy_mem(out, R + position, copied);
+ out += copied;
+ length -= copied;
+ position += copied;
+
+ if(position == R.size())
+ {
+ update_buffer();
+ position = 0;
+ }
+ }
+ }
+
+/*************************************************
+* Refill the internal state *
+*************************************************/
+void ANSI_X931_RNG::update_buffer()
+ {
+ const u32bit BLOCK_SIZE = cipher->BLOCK_SIZE;
+
+ SecureVector<byte> DT(BLOCK_SIZE);
+
+ prng->randomize(DT, DT.size());
+ cipher->encrypt(DT);
+
+ xor_buf(R, V, DT, BLOCK_SIZE);
+ cipher->encrypt(R);
+
+ xor_buf(V, R, DT, BLOCK_SIZE);
+ cipher->encrypt(V);
+ }
+
+/*************************************************
+* Add entropy to internal state *
+*************************************************/
+void ANSI_X931_RNG::add_randomness(const byte data[], u32bit length)
+ {
+ prng->add_entropy(data, length);
+
+ if(is_seeded())
+ {
+ SecureVector<byte> key(cipher->MAXIMUM_KEYLENGTH);
+ prng->randomize(key, key.size());
+ cipher->set_key(key, key.size());
+
+ prng->randomize(V, V.size());
+
+ update_buffer();
+ }
+ }
+
+/*************************************************
+* Check if the the PRNG is seeded *
+*************************************************/
+bool ANSI_X931_RNG::is_seeded() const
+ {
+ return prng->is_seeded();
+ }
+
+/*************************************************
+* Clear memory of sensitive data *
+*************************************************/
+void ANSI_X931_RNG::clear() throw()
+ {
+ cipher->clear();
+ prng->clear();
+ R.clear();
+ V.clear();
+
+ position = 0;
+ }
+
+/*************************************************
+* Return the name of this type *
+*************************************************/
+std::string ANSI_X931_RNG::name() const
+ {
+ return "X9.31(" + cipher->name() + ")";
+ }
+
+/*************************************************
+* ANSI X931 RNG Constructor *
+*************************************************/
+ANSI_X931_RNG::ANSI_X931_RNG(const std::string& cipher_name,
+ RandomNumberGenerator* prng_ptr)
+ {
+ if(cipher_name == "")
+ cipher = get_block_cipher("AES-256");
+ else
+ cipher = get_block_cipher(cipher_name);
+
+ const u32bit BLOCK_SIZE = cipher->BLOCK_SIZE;
+
+ V.create(BLOCK_SIZE);
+ R.create(BLOCK_SIZE);
+
+ prng = (prng_ptr ? prng_ptr : new Randpool);
+
+ position = 0;
+ }
+
+/*************************************************
+* ANSI X931 RNG Destructor *
+*************************************************/
+ANSI_X931_RNG::~ANSI_X931_RNG()
+ {
+ delete cipher;
+ delete prng;
+ }
+
+}
diff --git a/src/xtea.cpp b/src/xtea.cpp
new file mode 100644
index 000000000..064066dc9
--- /dev/null
+++ b/src/xtea.cpp
@@ -0,0 +1,81 @@
+/*************************************************
+* XTEA Source File *
+* (C) 1999-2006 The Botan Project *
+*************************************************/
+
+#include <botan/xtea.h>
+#include <botan/bit_ops.h>
+#include <botan/parsing.h>
+
+namespace Botan {
+
+/*************************************************
+* XTEA Encryption *
+*************************************************/
+void XTEA::enc(const byte in[], byte out[]) const
+ {
+ u32bit left = make_u32bit(in[0], in[1], in[2], in[3]),
+ right = make_u32bit(in[4], in[5], in[6], in[7]);
+ for(u32bit j = 0; j != 32; ++j)
+ {
+ left += (((right << 4) ^ (right >> 5)) + right) ^ EK[2*j];
+ right += (((left << 4) ^ (left >> 5)) + left) ^ EK[2*j+1];
+ }
+ out[0] = get_byte(0, left); out[1] = get_byte(1, left);
+ out[2] = get_byte(2, left); out[3] = get_byte(3, left);
+ out[4] = get_byte(0, right); out[5] = get_byte(1, right);
+ out[6] = get_byte(2, right); out[7] = get_byte(3, right);
+ }
+
+/*************************************************
+* XTEA Decryption *
+*************************************************/
+void XTEA::dec(const byte in[], byte out[]) const
+ {
+ u32bit left = make_u32bit(in[0], in[1], in[2], in[3]),
+ right = make_u32bit(in[4], in[5], in[6], in[7]);
+ for(u32bit j = 32; j > 0; --j)
+ {
+ right -= (((left << 4) ^ (left >> 5)) + left) ^ EK[2*j - 1];
+ left -= (((right << 4) ^ (right >> 5)) + right) ^ EK[2*j - 2];
+ }
+ out[0] = get_byte(0, left); out[1] = get_byte(1, left);
+ out[2] = get_byte(2, left); out[3] = get_byte(3, left);
+ out[4] = get_byte(0, right); out[5] = get_byte(1, right);
+ out[6] = get_byte(2, right); out[7] = get_byte(3, right);
+ }
+
+/*************************************************
+* XTEA Key Schedule *
+*************************************************/
+void XTEA::key(const byte key[], u32bit)
+ {
+ static const u32bit DELTAS[64] = {
+ 0x00000000, 0x9E3779B9, 0x9E3779B9, 0x3C6EF372, 0x3C6EF372, 0xDAA66D2B,
+ 0xDAA66D2B, 0x78DDE6E4, 0x78DDE6E4, 0x1715609D, 0x1715609D, 0xB54CDA56,
+ 0xB54CDA56, 0x5384540F, 0x5384540F, 0xF1BBCDC8, 0xF1BBCDC8, 0x8FF34781,
+ 0x8FF34781, 0x2E2AC13A, 0x2E2AC13A, 0xCC623AF3, 0xCC623AF3, 0x6A99B4AC,
+ 0x6A99B4AC, 0x08D12E65, 0x08D12E65, 0xA708A81E, 0xA708A81E, 0x454021D7,
+ 0x454021D7, 0xE3779B90, 0xE3779B90, 0x81AF1549, 0x81AF1549, 0x1FE68F02,
+ 0x1FE68F02, 0xBE1E08BB, 0xBE1E08BB, 0x5C558274, 0x5C558274, 0xFA8CFC2D,
+ 0xFA8CFC2D, 0x98C475E6, 0x98C475E6, 0x36FBEF9F, 0x36FBEF9F, 0xD5336958,
+ 0xD5336958, 0x736AE311, 0x736AE311, 0x11A25CCA, 0x11A25CCA, 0xAFD9D683,
+ 0xAFD9D683, 0x4E11503C, 0x4E11503C, 0xEC48C9F5, 0xEC48C9F5, 0x8A8043AE,
+ 0x8A8043AE, 0x28B7BD67, 0x28B7BD67, 0xC6EF3720 };
+
+ static const byte KEY_INDEX[64] = {
+ 0x00, 0x03, 0x01, 0x02, 0x02, 0x01, 0x03, 0x00, 0x00, 0x00, 0x01, 0x03,
+ 0x02, 0x02, 0x03, 0x01, 0x00, 0x00, 0x01, 0x00, 0x02, 0x03, 0x03, 0x02,
+ 0x00, 0x01, 0x01, 0x01, 0x02, 0x00, 0x03, 0x03, 0x00, 0x02, 0x01, 0x01,
+ 0x02, 0x01, 0x03, 0x00, 0x00, 0x03, 0x01, 0x02, 0x02, 0x01, 0x03, 0x01,
+ 0x00, 0x00, 0x01, 0x03, 0x02, 0x02, 0x03, 0x02, 0x00, 0x01, 0x01, 0x00,
+ 0x02, 0x03, 0x03, 0x02 };
+
+ SecureBuffer<u32bit, 4> UK;
+ for(u32bit j = 0; j != 4; ++j)
+ UK[j] = make_u32bit(key[4*j], key[4*j+1], key[4*j+2], key[4*j+3]);
+ for(u32bit j = 0; j != 64; ++j)
+ EK[j] = DELTAS[j] + UK[KEY_INDEX[j]];
+ }
+
+}
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-01 11:33:43 +0000