diff options
Diffstat (limited to 'src')
367 files changed, 31011 insertions, 0 deletions
diff --git a/src/allocation/alloc_mmap/mmap_mem.cpp b/src/allocation/alloc_mmap/mmap_mem.cpp new file mode 100644 index 000000000..e9ea17a53 --- /dev/null +++ b/src/allocation/alloc_mmap/mmap_mem.cpp @@ -0,0 +1,128 @@ +/************************************************* +* Memory Mapping Allocator Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/mmap_mem.h> +#include <cstring> + +#ifndef _XOPEN_SOURCE + #define _XOPEN_SOURCE 500 +#endif + +#ifndef _XOPEN_SOURCE_EXTENDED + #define _XOPEN_SOURCE_EXTENDED 1 +#endif + +#include <sys/types.h> +#include <sys/mman.h> +#include <sys/stat.h> +#include <unistd.h> +#include <stdlib.h> +#include <fcntl.h> + +#ifndef MAP_FAILED + #define MAP_FAILED -1 +#endif + +namespace Botan { + +namespace { + +/************************************************* +* MemoryMapping_Allocator Exception * +*************************************************/ +class MemoryMapping_Failed : public Exception + { + public: + MemoryMapping_Failed(const std::string& msg) : + Exception("MemoryMapping_Allocator: " + msg) {} + }; + +} + +/************************************************* +* Memory Map a File into Memory * +*************************************************/ +void* MemoryMapping_Allocator::alloc_block(u32bit n) + { + class TemporaryFile + { + public: + int get_fd() const { return fd; } + const std::string path() const { return filepath; } + + TemporaryFile(const std::string& base) + { + const std::string path = base + "XXXXXX"; + + filepath = new char[path.length() + 1]; + std::strcpy(filepath, path.c_str()); + + mode_t old_umask = ::umask(077); + fd = ::mkstemp(filepath); + ::umask(old_umask); + } + + ~TemporaryFile() + { + delete[] filepath; + if(fd != -1 && ::close(fd) == -1) + throw MemoryMapping_Failed("Could not close file"); + } + private: + int fd; + char* filepath; + }; + + TemporaryFile file("/tmp/botan_"); + + if(file.get_fd() == -1) + throw MemoryMapping_Failed("Could not create file"); + + if(::unlink(file.path().c_str())) + throw MemoryMapping_Failed("Could not unlink file '" + file.path() + "'"); + + ::lseek(file.get_fd(), n-1, SEEK_SET); + if(::write(file.get_fd(), "\0", 1) != 1) + throw MemoryMapping_Failed("Could not write to file"); + +#ifndef MAP_NOSYNC + #define MAP_NOSYNC 0 +#endif + + void* ptr = ::mmap(0, n, + PROT_READ | PROT_WRITE, + MAP_SHARED | MAP_NOSYNC, + file.get_fd(), 0); + + if(ptr == static_cast<void*>(MAP_FAILED)) + throw MemoryMapping_Failed("Could not map file"); + + return ptr; + } + +/************************************************* +* Remove a Memory Mapping * +*************************************************/ +void MemoryMapping_Allocator::dealloc_block(void* ptr, u32bit n) + { + if(ptr == 0) + return; + + const byte PATTERNS[] = { 0x00, 0xFF, 0xAA, 0x55, 0x73, 0x8C, 0x5F, 0xA0, + 0x6E, 0x91, 0x30, 0xCF, 0xD3, 0x2C, 0xAC, 0x00 }; + + for(u32bit j = 0; j != sizeof(PATTERNS); j++) + { + std::memset(ptr, PATTERNS[j], n); + + if(::msync(ptr, n, MS_SYNC)) + throw MemoryMapping_Failed("Sync operation failed"); + } + + if(::munmap(ptr, n)) + throw MemoryMapping_Failed("Could not unmap file"); + } + +} diff --git a/src/allocation/alloc_mmap/mmap_mem.h b/src/allocation/alloc_mmap/mmap_mem.h new file mode 100644 index 000000000..a6f68d039 --- /dev/null +++ b/src/allocation/alloc_mmap/mmap_mem.h @@ -0,0 +1,27 @@ +/************************************************* +* Memory Mapping Allocator Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_MMAP_ALLOCATOR_H__ +#define BOTAN_MMAP_ALLOCATOR_H__ + +#include <botan/mem_pool.h> + +namespace Botan { + +/************************************************* +* Memory Mapping Allocator * +*************************************************/ +class MemoryMapping_Allocator : public Pooling_Allocator + { + public: + std::string type() const { return "mmap"; } + private: + void* alloc_block(u32bit); + void dealloc_block(void*, u32bit); + }; + +} + +#endif diff --git a/src/allocation/alloc_mmap/modinfo.txt b/src/allocation/alloc_mmap/modinfo.txt new file mode 100644 index 000000000..8cc2b206e --- /dev/null +++ b/src/allocation/alloc_mmap/modinfo.txt @@ -0,0 +1,25 @@ +realname "Disk Based Allocation System" + +define ALLOC_MMAP +modset unix + +load_on auto + +<add> +mmap_mem.cpp +mmap_mem.h +</add> + +<os> +linux +freebsd +openbsd +netbsd +solaris +qnx +darwin +tru64 + +# Only without -ansi, otherwise can't get mkstemp +#cygwin +</os> diff --git a/src/allocation/ml_unix/mlock.cpp b/src/allocation/ml_unix/mlock.cpp new file mode 100644 index 000000000..98214a215 --- /dev/null +++ b/src/allocation/ml_unix/mlock.cpp @@ -0,0 +1,33 @@ +/************************************************* +* Memory Locking Functions Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/util.h> + +#ifndef _POSIX_C_SOURCE + #define _POSIX_C_SOURCE 199309 +#endif + +#include <sys/types.h> +#include <sys/mman.h> + +namespace Botan { + +/************************************************* +* Lock an area of memory into RAM * +*************************************************/ +void lock_mem(void* ptr, u32bit bytes) + { + mlock(ptr, bytes); + } + +/************************************************* +* Unlock a previously locked region of memory * +*************************************************/ +void unlock_mem(void* ptr, u32bit bytes) + { + munlock(ptr, bytes); + } + +} diff --git a/src/allocation/ml_unix/modinfo.txt b/src/allocation/ml_unix/modinfo.txt new file mode 100644 index 000000000..201a30ead --- /dev/null +++ b/src/allocation/ml_unix/modinfo.txt @@ -0,0 +1,25 @@ +realname "Memory Locking for Unix" + +load_on auto + +<replace> +mlock.cpp +</replace> + +<os> +aix +darwin +freebsd +hpux +irix +linux +netbsd +openbsd +qnx +solaris +tru64 +</os> + +<libs> +tru64 -> rt +</libs> diff --git a/src/allocation/ml_win32/mlock.cpp b/src/allocation/ml_win32/mlock.cpp new file mode 100644 index 000000000..8c5919934 --- /dev/null +++ b/src/allocation/ml_win32/mlock.cpp @@ -0,0 +1,27 @@ +/************************************************* +* Memory Locking Functions Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/util.h> +#include <windows.h> + +namespace Botan { + +/************************************************* +* Lock an area of memory into RAM * +*************************************************/ +void lock_mem(void* ptr, u32bit bytes) + { + VirtualLock(ptr, bytes); + } + +/************************************************* +* Unlock a previously locked region of memory * +*************************************************/ +void unlock_mem(void* ptr, u32bit bytes) + { + VirtualUnlock(ptr, bytes); + } + +} diff --git a/src/allocation/ml_win32/modinfo.txt b/src/allocation/ml_win32/modinfo.txt new file mode 100644 index 000000000..92936e1de --- /dev/null +++ b/src/allocation/ml_win32/modinfo.txt @@ -0,0 +1,12 @@ +realname "Memory Locking for Win32" + +load_on auto + +<replace> +mlock.cpp +</replace> + +<os> +windows +cygwin +</os> diff --git a/src/asm/asm_amd64/asm_macr.h b/src/asm/asm_amd64/asm_macr.h new file mode 100644 index 000000000..3cdd42dc6 --- /dev/null +++ b/src/asm/asm_amd64/asm_macr.h @@ -0,0 +1,125 @@ +/************************************************* +* Assembly Macros Header File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_AMD64_ASM_MACROS_H__ +#define BOTAN_AMD64_ASM_MACROS_H__ + +#ifdef __ELF__ +.section .note.GNU-stack,"",%progbits +#endif + +/************************************************* +* General/Global Macros * +*************************************************/ +#define ALIGN .p2align 4,,15 + +#define START_LISTING(FILENAME) \ + .file #FILENAME; \ + .text; \ + ALIGN; + +/************************************************* +* Function Definitions * +*************************************************/ +#define START_FUNCTION(func_name) \ + ALIGN; \ + .global func_name; \ + .type func_name,@function; \ +func_name: + +#define END_FUNCTION(func_name) \ + ret + +/************************************************* +* Conditional Jumps * +*************************************************/ +#define JUMP_IF_ZERO(REG, LABEL) \ + cmp IMM(0), REG; \ + jz LABEL + +#define JUMP_IF_LT(REG, NUM, LABEL) \ + cmp IMM(NUM), REG; \ + jl LABEL + +/************************************************* +* Register Names * +*************************************************/ +#define R0 %rax +#define R1 %rbx +#define R2 %rcx +#define R2_32 %ecx +#define R3 %rdx +#define R3_32 %edx +#define R4 %rsp +#define R5 %rbp +#define R6 %rsi +#define R6_32 %esi +#define R7 %rdi +#define R8 %r8 +#define R9 %r9 +#define R9_32 %r9d +#define R10 %r10 +#define R11 %r11 +#define R12 %r12 +#define R13 %r13 +#define R14 %r14 +#define R15 %r15 +#define R16 %r16 + +#define ARG_1 R7 +#define ARG_2 R6 +#define ARG_2_32 R6_32 +#define ARG_3 R3 +#define ARG_3_32 R3_32 +#define ARG_4 R2 +#define ARG_4_32 R2_32 +#define ARG_5 R8 +#define ARG_6 R9 +#define ARG_6_32 R9_32 + +#define TEMP_1 R10 +#define TEMP_2 R11 +#define TEMP_3 ARG_6 +#define TEMP_4 ARG_5 +#define TEMP_5 ARG_4 +#define TEMP_5_32 ARG_4_32 +#define TEMP_6 ARG_3 +#define TEMP_7 ARG_2 +#define TEMP_8 ARG_1 +#define TEMP_9 R0 + +/************************************************* +* Memory Access Operations * +*************************************************/ +#define ARRAY8(REG, NUM) 8*(NUM)(REG) +#define ARRAY4(REG, NUM) 4*(NUM)(REG) + +#define ASSIGN(TO, FROM) mov FROM, TO + +/************************************************* +* ALU Operations * +*************************************************/ +#define IMM(VAL) $VAL + +#define ADD(TO, FROM) add FROM, TO +#define ADD_LAST_CARRY(REG) adc IMM(0), REG +#define ADD_IMM(TO, NUM) ADD(TO, IMM(NUM)) +#define ADD_W_CARRY(TO1, TO2, FROM) add FROM, TO1; adc IMM(0), TO2; +#define SUB_IMM(TO, NUM) sub IMM(NUM), TO +#define MUL(REG) mul REG + +#define XOR(TO, FROM) xor FROM, TO +#define AND(TO, FROM) and FROM, TO +#define OR(TO, FROM) or FROM, TO +#define NOT(REG) not REG +#define ZEROIZE(REG) XOR(REG, REG) + +#define RETURN_VALUE_IS(V) ASSIGN(%rax, V) + +#define ROTL_IMM(REG, NUM) rol IMM(NUM), REG +#define ROTR_IMM(REG, NUM) ror IMM(NUM), REG +#define ADD3_IMM(TO, FROM, NUM) lea NUM(TO,FROM,1), TO + +#endif diff --git a/src/asm/asm_amd64/modinfo.txt b/src/asm/asm_amd64/modinfo.txt new file mode 100644 index 000000000..30aa5a413 --- /dev/null +++ b/src/asm/asm_amd64/modinfo.txt @@ -0,0 +1,39 @@ +realname "x86-64 Assembler" + +mp_bits 64 + +load_on request + +<replace> +sha160.cpp +</replace> + +<ignore> +#mp_mulop.cpp +#mp_monty.cpp +</ignore> + +<add> +asm_macr.h +#mp_mulop_amd64.S +#mp_monty.S +sha1_asm.S +</add> + +<arch> +amd64 +</arch> + +<cc> +gcc +icc +</cc> + +# ELF systems +<os> +linux +freebsd +netbsd +openbsd +solaris +</os> diff --git a/src/asm/asm_amd64/mp_monty.S b/src/asm/asm_amd64/mp_monty.S new file mode 100644 index 000000000..3dd4040bc --- /dev/null +++ b/src/asm/asm_amd64/mp_monty.S @@ -0,0 +1,397 @@ +/************************************************* +* Montgomery Reduction Source File * +* (C) 2008 Jack Lloyd * +*************************************************/ + +#include <botan/asm_macr.h> + +START_LISTING(mp_monty.S) + +START_FUNCTION(bigint_monty_redc) + pushq %r15 # + pushq %r14 # + pushq %r13 # + pushq %r12 # + pushq %rbp # + pushq %rbx # + + movq %rdi, %r14 # z + movq %rdx, %r12 # x + movl %esi, %ebp # z_size + + xorl %esi, %esi # j.76 + movq %r8, -16(%rsp) # u, u + movl %ecx, %ebx # x_size, x_size + movl %ecx, %r8d # x_size, blocks_of_8 + andl $-8, %r8d #, blocks_of_8 + testl %ecx, %ecx # x_size + je .L3 #, + mov %ecx, %eax # x_size, pretmp.71 + leal 1(%rbx), %r15d #, k.73 + salq $3, %rax #, + xorl %r13d, %r13d # j + movq %rax, -8(%rsp) #, pretmp.21 + .p2align 4,,10 + .p2align 3 +.L11: + mov %r13d, %eax # j, j + movq -16(%rsp), %rdi # u, y + leaq (%r14,%rax,8), %r11 #, z_j + xorl %r9d, %r9d # i + imulq (%r11), %rdi #* z_j, y + xorl %r10d, %r10d # carry + testl %r8d, %r8d # blocks_of_8 + je .L7 #, + .p2align 4,,10 + .p2align 3 +.LOOP_MUL_ADD: + mov %r9d, %ecx # i, i + addl $8, %r9d #, i + salq $3, %rcx #, D.2315 + leaq (%r11,%rcx), %rsi #, tmp130 + leaq (%r12,%rcx), %rcx #, tmp131 + + movq 8*0(%rcx), %rax + mulq %rdi # y + addq %r10, %rax # carry + adcq $0,%rdx + addq 8*0(%rsi), %rax + adcq $0,%rdx + movq %rdx,%r10 # carry + movq %rax, 8*0 (%rsi) + + movq 8*1(%rcx), %rax + mulq %rdi # y + addq %r10, %rax # carry + adcq $0,%rdx + addq 8*1(%rsi), %rax + adcq $0,%rdx + movq %rdx,%r10 # carry + movq %rax, 8*1 (%rsi) + + movq 8*2(%rcx), %rax + mulq %rdi # y + addq %r10, %rax # carry + adcq $0,%rdx + addq 8*2(%rsi), %rax + adcq $0,%rdx + movq %rdx,%r10 # carry + movq %rax, 8*2 (%rsi) + + movq 8*3(%rcx), %rax + mulq %rdi # y + addq %r10, %rax # carry + adcq $0,%rdx + addq 8*3(%rsi), %rax + adcq $0,%rdx + movq %rdx,%r10 # carry + movq %rax, 8*3 (%rsi) + + movq 8*4(%rcx), %rax + mulq %rdi # y + addq %r10, %rax # carry + adcq $0,%rdx + addq 8*4(%rsi), %rax + adcq $0,%rdx + movq %rdx,%r10 # carry + movq %rax, 8*4 (%rsi) + + movq 8*5(%rcx), %rax + mulq %rdi # y + addq %r10, %rax # carry + adcq $0,%rdx + addq 8*5(%rsi), %rax + adcq $0,%rdx + movq %rdx,%r10 # carry + movq %rax, 8*5 (%rsi) + + movq 8*6(%rcx), %rax + mulq %rdi # y + addq %r10, %rax # carry + adcq $0,%rdx + addq 8*6(%rsi), %rax + adcq $0,%rdx + movq %rdx,%r10 # carry + movq %rax, 8*6 (%rsi) + + movq 8*7(%rcx), %rax + mulq %rdi # y + addq %r10, %rax # carry + adcq $0,%rdx + addq 8*7(%rsi), %rax + adcq $0,%rdx + movq %rdx,%r10 # carry + movq %rax, 8*7 (%rsi) + + cmpl %r9d, %r8d # i, blocks_of_8 + jne .LOOP_MUL_ADD #, + cmpl %r8d, %ebx # blocks_of_8, x_size + je .L8 #, +.L7: + movl %r8d, %esi # blocks_of_8, i + .p2align 4,,10 + .p2align 3 +.L5: + mov %esi, %eax # i, i + movq %rdi, %rcx # y, b + leaq (%r11, %rax,8), %r9 #, D.2325 + incl %esi # i + movq (%r12, %rax,8), %rax #* x, tmp133 + + mulq %rcx # b + addq (%r9), %rax #* D.2325, a + adcq $0,%rdx # + addq %r10, %rax # carry, a + adcq $0,%rdx # + + cmpl %esi, %ebx # i, x_size + movq %rdx, %r10 #, carry + movq %rax, (%r9) # a,* D.2325 + jne .L5 #, +.L8: + movq -8(%rsp), %rdx # pretmp.21, + leaq (%r11,%rdx), %rax #, D.2332 + movq (%rax), %rcx #* D.2332, D.2333 + leaq (%r10,%rcx), %rdx #, z_sum + movq %rdx, (%rax) # z_sum,* D.2332 + cmpq %rdx, %rcx # z_sum, D.2333 + jbe .L9 #, + cmpl %ebp, %r15d # z_size, k.73 + je .L9 #, + movl %r15d, %ecx # k.73, k + jmp .L10 # + .p2align 4,,10 + .p2align 3 +.L31: + incl %ecx # k + cmpl %ecx, %ebp # k, z_size + .p2align 4,,4 + .p2align 3 + je .L9 #, +.L10: + mov %ecx, %edx # k, k + leaq (%r11,%rdx,8), %rdx #, D.2342 + movq (%rdx), %rax #* D.2342, tmp136 + incq %rax # D.2344 + movq %rax, (%rdx) # D.2344,* D.2342 + testq %rax, %rax # D.2344 + je .L31 #, +.L9: + incl %r13d # j + decl %ebp # z_size + cmpl %r13d, %ebx # j, x_size + jne .L11 #, + movl %ebx, %esi # x_size, j.76 +.L3: + leal (%rbx,%rbx), %eax #, tmp137 + mov %eax, %eax + leaq (%r14, %rax,8), %rdi #, D.2349 + cmpq $0, (%rdi) #,* D.2349 + jne .L12 #, + testl %ebx, %ebx # x_size + je .L12 #, + leal -1(%rbx), %ecx #, j + leal (%rsi,%rcx), %edx #, tmp141 + mov %ecx, %eax # j, j + movq (%r14,%rdx,8), %rbp #* z, + cmpq %rbp, (%r12, %rax,8) #,* x + jb .L12 #, + ja .L_EXIT #, + leal -2(%rsi,%rbx), %edx #, ivtmp.45 + jmp .L14 # + .p2align 4,,10 + .p2align 3 +.L15: + mov %edx, %eax # ivtmp.45, ivtmp.45 + decl %ecx # j + movq (%r14, %rax,8), %rsi #* z, D.2360 + mov %ecx, %eax # j, j + movq (%r12, %rax,8), %rax #* x, temp.68 + cmpq %rax, %rsi + ja .L12 #, + decl %edx # ivtmp.45 + cmpq %rax, %rsi + jb .L_EXIT #, +.L14: + testl %ecx, %ecx # j + jne .L15 #, +.L12: + xorl %ecx, %ecx # j + xorl %r10d, %r10d # carry + mov %ebx, %esi # x_size, pretmp.19 + testl %r8d, %r8d # blocks_of_8 + je .L17 #, + .p2align 4,,10 + .p2align 3 +.L22: + mov %ecx, %edx # j, D.2375 + addl $8, %ecx #, j + leaq (%rdx,%rsi), %rax #, tmp146 + leaq (%r12,%rdx,8), %rdx #, tmp150 + leaq (%r14, %rax,8), %rax #, tmp148 + + rorq %r10 # carry + + movq 8*0(%rdx), %r10 + sbbq %r10, 8*0(%rax) + + movq 8*1(%rdx), %r10 + sbbq %r10, 8*1(%rax) + + movq 8*2(%rdx), %r10 + sbbq %r10, 8*2(%rax) + + movq 8*3(%rdx), %r10 + sbbq %r10, 8*3(%rax) + + movq 8*4(%rdx), %r10 + sbbq %r10, 8*4(%rax) + + movq 8*5(%rdx), %r10 + sbbq %r10, 8*5(%rax) + + movq 8*6(%rdx), %r10 + sbbq %r10, 8*6(%rax) + + movq 8*7(%rdx), %r10 + sbbq %r10, 8*7(%rax) + + sbbq %r10,%r10 # carry + negq %r10 # carry + + cmpl %ecx, %r8d # j, blocks_of_8 + jne .L22 #, +.L17: + cmpl %r8d, %ebx # blocks_of_8, x_size + je .L19 #, + leal (%r8,%rbx), %r9d #, ivtmp.33 + movl %r8d, %esi # blocks_of_8, j + .p2align 4,,10 + .p2align 3 +.L20: + mov %r9d, %eax # ivtmp.33, ivtmp.33 + mov %esi, %ecx # j, j + leaq (%r14, %rax,8), %rax #, D.2387 + incl %esi # j + movq (%rax), %rdx #* D.2387, tmp153 + incl %r9d # ivtmp.33 + + rorq %r10 # carry + sbbq (%r12,%rcx,8),%rdx #* x, x + sbbq %r10,%r10 # carry + negq %r10 # carry + + cmpl %esi, %ebx # j, x_size + movq %rdx, (%rax) # x,* D.2387 + jne .L20 #, +.L19: + testq %r10, %r10 # carry + je .L_EXIT #, + decq (%rdi) #* D.2349 +.L_EXIT: + popq %rbx # + popq %rbp # + popq %r12 # + popq %r13 # + popq %r14 # + popq %r15 # +END_FUNCTION(bigint_monty_redc) + + +#if 0 + #define Z_ARR ARG_1 // rdi +#define Z_SIZE ARG_2_32 // esi +// X_ARR is ARG_3 == rdx, moved b/c needed for multiply +#define X_SIZE ARG_4_32 // ecx +#define U ARG_5 // r8 + +/* + We need all arguments for a while (we can reuse U eventually) + So only temp registers are + TEMP_1 %r10 + TEMP_2 %r11 + TEMP_3 = ARG_6 = %r9 + void return, so also + R0 %rax (aka TEMP_9) + is free (but needed for multiply) + + Can push: + %rbx (base pointer, callee saved) + %rpb (frame pointer, callee saved) + %r12-%r15 (callee saved) + + Can push base/frame pointers since this is a leaf function + and does not reference any data. +*/ + + push %r12 + push %r13 + push %r14 + push %r15 + +#define LOOP_CTR_I %r12 +#define LOOP_CTR_J %r13 + +#define CARRY TEMP_1 +#define Z_WORD TEMP_2 +#define X_ARR TEMP_3 +#define MUL_LO %rax +#define MUL_HI %rdx + + ASSIGN(X_ARR, ARG_3) + + /* + ZEROIZE(CARRY) + + ASSIGN(LOOP_CTR, X_SIZE) + + JUMP_IF_ZERO(LOOP_CTR, .L_MULADD_DONE) + JUMP_IF_LT(LOOP_CTR, 8, .LOOP_MULADD1) + +#define MULADD_OP(N) \ + ASSIGN(MUL_LO, ARRAY8(X_ARR, N)) ; \ + ASSIGN(Z_WORD, ARRAY8(Z_ARR, N)) ; \ + MUL(Y) ; \ + ADD(Z_WORD, CARRY) ; \ + ASSIGN(CARRY, MUL_HI) ; \ + ADD_LAST_CARRY(CARRY) ; \ + ADD(Z_WORD, MUL_LO) ; \ + ADD_LAST_CARRY(CARRY) ; \ + ASSIGN(ARRAY8(Z_ARR, N), Z_WORD) + +ALIGN +.LOOP_MULADD8: + MULADD_OP(0) + MULADD_OP(1) + MULADD_OP(2) + MULADD_OP(3) + MULADD_OP(4) + MULADD_OP(5) + MULADD_OP(6) + MULADD_OP(7) + + SUB_IMM(LOOP_CTR, 8) + ADD_IMM(Z_ARR, 64) + ADD_IMM(X_ARR, 64) + cmp IMM(8), LOOP_CTR + jge .LOOP_MULADD8 + + JUMP_IF_ZERO(LOOP_CTR, .L_MULADD_DONE) + +ALIGN +.LOOP_MULADD1: + MULADD_OP(0) + + SUB_IMM(LOOP_CTR, 1) + ADD_IMM(Z_ARR, 8) + ADD_IMM(X_ARR, 8) + + cmp IMM(0), LOOP_CTR + jne .LOOP_MULADD1 +*/ + + pop %r15 + pop %r14 + pop %r13 + pop %r12 +#endif diff --git a/src/asm/asm_amd64/mp_mulop_amd64.S b/src/asm/asm_amd64/mp_mulop_amd64.S new file mode 100644 index 000000000..e5bba23fb --- /dev/null +++ b/src/asm/asm_amd64/mp_mulop_amd64.S @@ -0,0 +1,128 @@ +/************************************************* +* Simple O(N^2) Multiplication and Squaring * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#include <botan/asm_macr.h> + +START_LISTING(mp_mulop.S) + +#if 0 +void bigint_simple_sqr(word z[], const word x[], u32bit x_size) + { + const u32bit blocks = x_size - (x_size % 8); + + clear_mem(z, 2*x_size); + + for(u32bit i = 0; i != x_size; ++i) + { + word carry = 0; + + /* + for(u32bit j = 0; j != blocks; j += 8) + carry = word8_madd3(z + i + j, x + j, x[i], carry); + + for(u32bit j = blocks; j != x_size; ++j) + z[i+j] = word_madd3(x[j], x[i], z[i+j], &carry); + */ + + + for(u32bit j = 0; j != x_size; ++j) + z[i+j] = word_madd3(x[j], x[i], z[i+j], &carry); + + for(u32bit j = 0; j != x_size; ++j) + { + dword z = (dword)a * b + c + *d; + *d = (word)(z >> BOTAN_MP_WORD_BITS); + return (word)z; + } + + + + z[i+j] = word_madd3(x[j], x[i], z[i+j], &carry); + + } + + + + z[x_size+i] = carry; + } + } + +#endif + +START_FUNCTION(bigint_simple_sqr) + +#define Z_ARR ARG_1 +#define X_ARR ARG_2 +//#define X_SIZE ARG_3_32 + +#define CARRY TEMP_1 +#define Z_WORD TEMP_2 +#define LOOP_I TEMP_3 +#define LOOP_J TEMP_4 +#define X_SIZE TEMP_5 +#define MUL_LO %rax +// arg 3, xsize +#define MUL_HI %rdx + +// need arg3 == rdx for multiply + ASSIGN(X_SIZE, ARG3_32) + + ZEROIZE(CARRY) + + ZEROIZE(LOOP_I) + +.LOOP_ZEROIZE_Z: + + cmp LOOP_I, X_SIZE + + + + + JUMP_IF_ZERO(LOOP_CTR, .L_MULADD_DONE) + JUMP_IF_LT(LOOP_CTR, 8, .LOOP_MULADD1) + +#define MULADD_OP(N) \ + ASSIGN(MUL_LO, ARRAY8(X_ARR, N)) ; \ + ASSIGN(Z_WORD, ARRAY8(Z_ARR, N)) ; \ + MUL(Y) ; \ + ADD(Z_WORD, CARRY) ; \ + ASSIGN(CARRY, MUL_HI) ; \ + ADD_LAST_CARRY(CARRY) ; \ + ADD(Z_WORD, MUL_LO) ; \ + ADD_LAST_CARRY(CARRY) ; \ + ASSIGN(ARRAY8(Z_ARR, N), Z_WORD) + +.LOOP_MULADD8: + MULADD_OP(0) + MULADD_OP(1) + MULADD_OP(2) + MULADD_OP(3) + MULADD_OP(4) + MULADD_OP(5) + MULADD_OP(6) + MULADD_OP(7) + + SUB_IMM(LOOP_CTR, 8) + ADD_IMM(Z_ARR, 64) + ADD_IMM(X_ARR, 64) + cmp IMM(8), LOOP_CTR + jge .LOOP_MULADD8 + + JUMP_IF_ZERO(LOOP_CTR, .L_MULADD_DONE) + +ALIGN +.LOOP_MULADD1: + MULADD_OP(0) + + SUB_IMM(LOOP_CTR, 1) + ADD_IMM(Z_ARR, 8) + ADD_IMM(X_ARR, 8) + + cmp IMM(0), LOOP_CTR + jne .LOOP_MULADD1 + +.L_MULADD_DONE: + RETURN_VALUE_IS(CARRY) +END_FUNCTION(bigint_simple_square) diff --git a/src/asm/asm_amd64/sha160.cpp b/src/asm/asm_amd64/sha160.cpp new file mode 100644 index 000000000..cfac02f45 --- /dev/null +++ b/src/asm/asm_amd64/sha160.cpp @@ -0,0 +1,52 @@ +/************************************************* +* SHA-160 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/sha160.h> +#include <botan/loadstor.h> + +namespace Botan { + +extern "C" void botan_sha160_asm_amd64(u32bit[5], const byte[64], u32bit[80]); + +/************************************************* +* SHA-160 Compression Function * +*************************************************/ +void SHA_160::hash(const byte input[]) + { + botan_sha160_asm_amd64(digest, input, W); + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void SHA_160::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; ++j) + output[j] = get_byte(j % 4, digest[j/4]); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void SHA_160::clear() throw() + { + MDx_HashFunction::clear(); + W.clear(); + digest[0] = 0x67452301; + digest[1] = 0xEFCDAB89; + digest[2] = 0x98BADCFE; + digest[3] = 0x10325476; + digest[4] = 0xC3D2E1F0; + } + +/************************************************* +* SHA_160 Constructor * +*************************************************/ +SHA_160::SHA_160() : MDx_HashFunction(20, 64, true, true), W(80) + { + clear(); + } + +} diff --git a/src/asm/asm_amd64/sha1_asm.S b/src/asm/asm_amd64/sha1_asm.S new file mode 100644 index 000000000..ecf4a18ce --- /dev/null +++ b/src/asm/asm_amd64/sha1_asm.S @@ -0,0 +1,258 @@ +/************************************************* +* SHA-160 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/asm_macr.h> + +START_LISTING(sha1_asm.S) + +START_FUNCTION(botan_sha160_asm_amd64) + +#define DIGEST_ARR %rdi +#define INPUT %rsi +#define W %rdx +#define LOOP_CTR %eax + +#define A %r8d +#define B %r9d +#define C %r10d +#define D %r11d +#define E %ecx + + ZEROIZE(LOOP_CTR) + +ALIGN; +.LOOP_LOAD_INPUT: + addl $8, %eax + + movq ARRAY8(INPUT, 0), %r8 + movq ARRAY8(INPUT, 1), %r9 + movq ARRAY8(INPUT, 2), %r10 + movq ARRAY8(INPUT, 3), %r11 + + bswap %r8 + bswap %r9 + bswap %r10 + bswap %r11 + + rolq $32, %r8 + rolq $32, %r9 + rolq $32, %r10 + rolq $32, %r11 + + movq %r8, ARRAY8(W, 0) + movq %r9, ARRAY8(W, 1) + movq %r10, ARRAY8(W, 2) + movq %r11, ARRAY8(W, 3) + + addq $32, W + addq $32, INPUT + + cmp IMM(16), LOOP_CTR + jne .LOOP_LOAD_INPUT + +/* +#define A %r8d +#define B %r9d +#define C %r10d +#define D %r11d +#define E %ecx +*/ + +ALIGN; +.LOOP_EXPANSION: + addl $4, LOOP_CTR + + ZEROIZE(A) + ASSIGN(B, ARRAY4(W, -1)) + ASSIGN(C, ARRAY4(W, -2)) + ASSIGN(D, ARRAY4(W, -3)) + + XOR(A, ARRAY4(W, -5)) + XOR(B, ARRAY4(W, -6)) + XOR(C, ARRAY4(W, -7)) + XOR(D, ARRAY4(W, -8)) + + XOR(A, ARRAY4(W, -11)) + XOR(B, ARRAY4(W, -12)) + XOR(C, ARRAY4(W, -13)) + XOR(D, ARRAY4(W, -14)) + + XOR(A, ARRAY4(W, -13)) + XOR(B, ARRAY4(W, -14)) + XOR(C, ARRAY4(W, -15)) + XOR(D, ARRAY4(W, -16)) + + ROTL_IMM(D, 1) + ROTL_IMM(C, 1) + ROTL_IMM(B, 1) + XOR(A, D) + ROTL_IMM(A, 1) + + ASSIGN(ARRAY4(W, 0), D) + ASSIGN(ARRAY4(W, 1), C) + ASSIGN(ARRAY4(W, 2), B) + ASSIGN(ARRAY4(W, 3), A) + + addq $16, W + cmp IMM(80), LOOP_CTR + jne .LOOP_EXPANSION + + subq $320, W + +#define MAGIC1 0x5A827999 +#define MAGIC2 0x6ED9EBA1 +#define MAGIC3 0x8F1BBCDC +#define MAGIC4 0xCA62C1D6 + +#define T %esi +#define T2 %eax + +#define F1(A, B, C, D, E, F, N) \ + ASSIGN(T2, ARRAY4(W, N)) ; \ + ASSIGN(A, F) ; \ + ROTL_IMM(F, 5) ; \ + ADD(F, E) ; \ + ASSIGN(E, C) ; \ + XOR(E, D) ; \ + ADD3_IMM(F, T2, MAGIC1) ; \ + AND(E, B) ; \ + XOR(E, D) ; \ + ROTR_IMM(B, 2) ; \ + ADD(E, F) ; + +#define F2_4(A, B, C, D, E, F, N, MAGIC) \ + ASSIGN(T2, ARRAY4(W, N)) ; \ + ASSIGN(A, F) ; \ + ROTL_IMM(F, 5) ; \ + ADD(F, E) ; \ + ASSIGN(E, B) ; \ + XOR(E, C) ; \ + ADD3_IMM(F, T2, MAGIC) ; \ + XOR(E, D) ; \ + ROTR_IMM(B, 2) ; \ + ADD(E, F) ; + +#define F3(A, B, C, D, E, F, N) \ + ASSIGN(T2, ARRAY4(W, N)) ; \ + ASSIGN(A, F) ; \ + ROTL_IMM(F, 5) ; \ + ADD(F, E) ; \ + ASSIGN(E, B) ; \ + OR(E, C) ; \ + AND(E, D) ; \ + ADD3_IMM(F, T2, MAGIC3) ; \ + ASSIGN(T2, B) ; \ + AND(T2, C) ; \ + OR(E, T2) ; \ + ROTR_IMM(B, 2) ; \ + ADD(E, F) ; + +#define F2(A, B, C, D, E, F, W) \ + F2_4(A, B, C, D, E, F, W, MAGIC2) + +#define F4(A, B, C, D, E, F, W) \ + F2_4(A, B, C, D, E, F, W, MAGIC4) + + ASSIGN(T, ARRAY4(DIGEST_ARR, 0)) + ASSIGN(B, ARRAY4(DIGEST_ARR, 1)) + ASSIGN(C, ARRAY4(DIGEST_ARR, 2)) + ASSIGN(D, ARRAY4(DIGEST_ARR, 3)) + ASSIGN(E, ARRAY4(DIGEST_ARR, 4)) + + /* First Round */ + F1(A, B, C, D, E, T, 0) + F1(T, A, B, C, D, E, 1) + F1(E, T, A, B, C, D, 2) + F1(D, E, T, A, B, C, 3) + F1(C, D, E, T, A, B, 4) + F1(B, C, D, E, T, A, 5) + F1(A, B, C, D, E, T, 6) + F1(T, A, B, C, D, E, 7) + F1(E, T, A, B, C, D, 8) + F1(D, E, T, A, B, C, 9) + F1(C, D, E, T, A, B, 10) + F1(B, C, D, E, T, A, 11) + F1(A, B, C, D, E, T, 12) + F1(T, A, B, C, D, E, 13) + F1(E, T, A, B, C, D, 14) + F1(D, E, T, A, B, C, 15) + F1(C, D, E, T, A, B, 16) + F1(B, C, D, E, T, A, 17) + F1(A, B, C, D, E, T, 18) + F1(T, A, B, C, D, E, 19) + + /* Second Round */ + F2(E, T, A, B, C, D, 20) + F2(D, E, T, A, B, C, 21) + F2(C, D, E, T, A, B, 22) + F2(B, C, D, E, T, A, 23) + F2(A, B, C, D, E, T, 24) + F2(T, A, B, C, D, E, 25) + F2(E, T, A, B, C, D, 26) + F2(D, E, T, A, B, C, 27) + F2(C, D, E, T, A, B, 28) + F2(B, C, D, E, T, A, 29) + F2(A, B, C, D, E, T, 30) + F2(T, A, B, C, D, E, 31) + F2(E, T, A, B, C, D, 32) + F2(D, E, T, A, B, C, 33) + F2(C, D, E, T, A, B, 34) + F2(B, C, D, E, T, A, 35) + F2(A, B, C, D, E, T, 36) + F2(T, A, B, C, D, E, 37) + F2(E, T, A, B, C, D, 38) + F2(D, E, T, A, B, C, 39) + + /* Third Round */ + F3(C, D, E, T, A, B, 40) + F3(B, C, D, E, T, A, 41) + F3(A, B, C, D, E, T, 42) + F3(T, A, B, C, D, E, 43) + F3(E, T, A, B, C, D, 44) + F3(D, E, T, A, B, C, 45) + F3(C, D, E, T, A, B, 46) + F3(B, C, D, E, T, A, 47) + F3(A, B, C, D, E, T, 48) + F3(T, A, B, C, D, E, 49) + F3(E, T, A, B, C, D, 50) + F3(D, E, T, A, B, C, 51) + F3(C, D, E, T, A, B, 52) + F3(B, C, D, E, T, A, 53) + F3(A, B, C, D, E, T, 54) + F3(T, A, B, C, D, E, 55) + F3(E, T, A, B, C, D, 56) + F3(D, E, T, A, B, C, 57) + F3(C, D, E, T, A, B, 58) + F3(B, C, D, E, T, A, 59) + + /* Fourth Round */ + F4(A, B, C, D, E, T, 60) + F4(T, A, B, C, D, E, 61) + F4(E, T, A, B, C, D, 62) + F4(D, E, T, A, B, C, 63) + F4(C, D, E, T, A, B, 64) + F4(B, C, D, E, T, A, 65) + F4(A, B, C, D, E, T, 66) + F4(T, A, B, C, D, E, 67) + F4(E, T, A, B, C, D, 68) + F4(D, E, T, A, B, C, 69) + F4(C, D, E, T, A, B, 70) + F4(B, C, D, E, T, A, 71) + F4(A, B, C, D, E, T, 72) + F4(T, A, B, C, D, E, 73) + F4(E, T, A, B, C, D, 74) + F4(D, E, T, A, B, C, 75) + F4(C, D, E, T, A, B, 76) + F4(B, C, D, E, T, A, 77) + F4(A, B, C, D, E, T, 78) + F4(T, A, B, C, D, E, 79) + + ADD(ARRAY4(DIGEST_ARR, 0), D) + ADD(ARRAY4(DIGEST_ARR, 1), T) + ADD(ARRAY4(DIGEST_ARR, 2), A) + ADD(ARRAY4(DIGEST_ARR, 3), B) + ADD(ARRAY4(DIGEST_ARR, 4), C) + +END_FUNCTION(botan_sha160_asm_amd64) diff --git a/src/asm/asm_ia32/asm_macr.h b/src/asm/asm_ia32/asm_macr.h new file mode 100644 index 000000000..6d5dbb59d --- /dev/null +++ b/src/asm/asm_ia32/asm_macr.h @@ -0,0 +1,131 @@ +/************************************************* +* Assembly Macros Header File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_IA32_ASM_MACROS_H__ +#define BOTAN_IA32_ASM_MACROS_H__ + +#ifdef __ELF__ +.section .note.GNU-stack,"",%progbits +#endif + +/************************************************* +* General/Global Macros * +*************************************************/ +#define ALIGN .p2align 4,,15 + +#define START_LISTING(FILENAME) \ + .file #FILENAME; \ + .text; \ + .p2align 4,,15; + +#ifdef __ELF__ +.section .note.GNU-stack,"",%progbits +#endif + +/************************************************* +* Function Definitions * +*************************************************/ +#define START_FUNCTION(func_name) \ + .align 8; \ + ALIGN; \ + .global func_name; \ + .type func_name,@function; \ +func_name: + +#define END_FUNCTION(func_name) \ + ret + +/************************************************* +* Loop Control * +*************************************************/ +#define START_LOOP(LABEL) \ + ALIGN; \ + LABEL##_LOOP: + +#define LOOP_UNTIL_EQ(REG, NUM, LABEL) \ + cmpl IMM(NUM), REG; \ + jne LABEL##_LOOP + +#define LOOP_UNTIL_LT(REG, NUM, LABEL) \ + cmpl IMM(NUM), REG; \ + jge LABEL##_LOOP + +/************************************************* + Conditional Jumps * +*************************************************/ +#define JUMP_IF_ZERO(REG, LABEL) \ + cmpl IMM(0), REG; \ + jz LABEL + +#define JUMP_IF_LT(REG, NUM, LABEL) \ + cmpl IMM(NUM), REG; \ + jl LABEL + +/************************************************* +* Register Names * +*************************************************/ +#define EAX %eax +#define EBX %ebx +#define ECX %ecx +#define EDX %edx +#define EBP %ebp +#define EDI %edi +#define ESI %esi +#define ESP %esp + +/************************************************* +* Memory Access Operations * +*************************************************/ +#define ARRAY1(REG, NUM) (NUM)(REG) +#define ARRAY4(REG, NUM) 4*(NUM)(REG) +#define ARRAY4_INDIRECT(BASE, OFFSET, NUM) 4*(NUM)(BASE,OFFSET,4) +#define ARG(NUM) 4*(PUSHED) + ARRAY4(ESP, NUM) + +#define ASSIGN(TO, FROM) movl FROM, TO +#define ASSIGN_BYTE(TO, FROM) movzbl FROM, TO + +#define PUSH(REG) pushl REG +#define POP(REG) popl REG + +#define SPILL_REGS() \ + PUSH(EBP) ; \ + PUSH(EDI) ; \ + PUSH(ESI) ; \ + PUSH(EBX) + +#define RESTORE_REGS() \ + POP(EBX) ; \ + POP(ESI) ; \ + POP(EDI) ; \ + POP(EBP) + +/************************************************* +* ALU Operations * +*************************************************/ +#define IMM(VAL) $VAL + +#define ADD(TO, FROM) addl FROM, TO +#define ADD_IMM(TO, NUM) ADD(TO, IMM(NUM)) +#define ADD_W_CARRY(TO1, TO2, FROM) addl FROM, TO1; adcl IMM(0), TO2; +#define SUB_IMM(TO, NUM) subl IMM(NUM), TO +#define ADD2_IMM(TO, FROM, NUM) leal NUM(FROM), TO +#define ADD3_IMM(TO, FROM, NUM) leal NUM(TO,FROM,1), TO +#define MUL(REG) mull REG + +#define SHL_IMM(REG, SHIFT) shll IMM(SHIFT), REG +#define SHR_IMM(REG, SHIFT) shrl IMM(SHIFT), REG +#define SHL2_3(TO, FROM) leal 0(,FROM,8), TO + +#define XOR(TO, FROM) xorl FROM, TO +#define AND(TO, FROM) andl FROM, TO +#define OR(TO, FROM) orl FROM, TO +#define NOT(REG) notl REG +#define ZEROIZE(REG) XOR(REG, REG) + +#define ROTL_IMM(REG, NUM) roll IMM(NUM), REG +#define ROTR_IMM(REG, NUM) rorl IMM(NUM), REG +#define BSWAP(REG) bswapl REG + +#endif diff --git a/src/asm/asm_ia32/md4.cpp b/src/asm/asm_ia32/md4.cpp new file mode 100644 index 000000000..e3dc79012 --- /dev/null +++ b/src/asm/asm_ia32/md4.cpp @@ -0,0 +1,43 @@ +/************************************************* +* MD4 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/md4.h> +#include <botan/loadstor.h> + +namespace Botan { + +extern "C" void md4_core(u32bit[4], const byte[64], u32bit[16]); + +/************************************************* +* MD4 Compression Function * +*************************************************/ +void MD4::hash(const byte input[]) + { + md4_core(digest, input, M); + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void MD4::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; ++j) + output[j] = get_byte(3 - (j % 4), digest[j/4]); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void MD4::clear() throw() + { + MDx_HashFunction::clear(); + M.clear(); + digest[0] = 0x67452301; + digest[1] = 0xEFCDAB89; + digest[2] = 0x98BADCFE; + digest[3] = 0x10325476; + } + +} diff --git a/src/asm/asm_ia32/md4core.S b/src/asm/asm_ia32/md4core.S new file mode 100644 index 000000000..662e9924a --- /dev/null +++ b/src/asm/asm_ia32/md4core.S @@ -0,0 +1,135 @@ +/************************************************* +* MD4 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/asm_macr.h> + +START_LISTING(md4core.S) + +START_FUNCTION(md4_core) + SPILL_REGS() + +#define PUSHED 4 + + ASSIGN(EBP, ARG(2)) /* input block */ + ASSIGN(EDI, ARG(3)) /* expanded words */ + + ZEROIZE(ESI) + +START_LOOP(.LOAD_INPUT) + ADD_IMM(ESI, 4) + + ASSIGN(EAX, ARRAY4(EBP, 0)) + ASSIGN(EBX, ARRAY4(EBP, 1)) + ASSIGN(ECX, ARRAY4(EBP, 2)) + ASSIGN(EDX, ARRAY4(EBP, 3)) + + ADD_IMM(EBP, 16) + + ASSIGN(ARRAY4_INDIRECT(EDI,ESI,-4), EAX) + ASSIGN(ARRAY4_INDIRECT(EDI,ESI,-3), EBX) + ASSIGN(ARRAY4_INDIRECT(EDI,ESI,-2), ECX) + ASSIGN(ARRAY4_INDIRECT(EDI,ESI,-1), EDX) +LOOP_UNTIL_EQ(ESI, 16, .LOAD_INPUT) + + ASSIGN(EBP, ARG(1)) + ASSIGN(EAX, ARRAY4(EBP, 0)) + ASSIGN(EBX, ARRAY4(EBP, 1)) + ASSIGN(ECX, ARRAY4(EBP, 2)) + ASSIGN(EDX, ARRAY4(EBP, 3)) + +#define MSG EDI +#define T1 ESI +#define T2 EBP + +#define FF(A, B, C, D, N, S) \ + ASSIGN(T1, ARRAY4(MSG, N)) ; \ + ASSIGN(T2, C) ; \ + XOR(T2, D) ; \ + AND(T2, B) ; \ + XOR(T2, D) ; \ + ADD(A, T1) ; \ + ADD(A, T2) ; \ + ROTL_IMM(A, S) ; + +#define GG(A, B, C, D, N, S) \ + ASSIGN(T1, ARRAY4(MSG, N)) ; \ + ASSIGN(T2, B) ; \ + OR(T2, C) ; \ + AND(T2, D) ; \ + ADD3_IMM(A, T1, 0x5A827999) ; \ + ASSIGN(T1, B) ; \ + AND(T1, C) ; \ + OR(T2, T1) ; \ + ADD(A, T2) ; \ + ROTL_IMM(A, S) ; + +#define HH(A, B, C, D, N, S) \ + ASSIGN(T1, ARRAY4(MSG, N)) ; \ + ASSIGN(T2, B) ; \ + XOR(T2, C) ; \ + XOR(T2, D) ; \ + ADD3_IMM(A, T1, 0x6ED9EBA1) ; \ + ADD(A, T2) ; \ + ROTL_IMM(A, S) ; + + FF(EAX,EBX,ECX,EDX, 0, 3); + FF(EDX,EAX,EBX,ECX, 1, 7); + FF(ECX,EDX,EAX,EBX, 2,11); + FF(EBX,ECX,EDX,EAX, 3,19); + FF(EAX,EBX,ECX,EDX, 4, 3); + FF(EDX,EAX,EBX,ECX, 5, 7); + FF(ECX,EDX,EAX,EBX, 6,11); + FF(EBX,ECX,EDX,EAX, 7,19); + FF(EAX,EBX,ECX,EDX, 8, 3); + FF(EDX,EAX,EBX,ECX, 9, 7); + FF(ECX,EDX,EAX,EBX,10,11); + FF(EBX,ECX,EDX,EAX,11,19); + FF(EAX,EBX,ECX,EDX,12, 3); + FF(EDX,EAX,EBX,ECX,13, 7); + FF(ECX,EDX,EAX,EBX,14,11); + FF(EBX,ECX,EDX,EAX,15,19); + + GG(EAX,EBX,ECX,EDX, 0, 3); + GG(EDX,EAX,EBX,ECX, 4, 5); + GG(ECX,EDX,EAX,EBX, 8, 9); + GG(EBX,ECX,EDX,EAX,12,13); + GG(EAX,EBX,ECX,EDX, 1, 3); + GG(EDX,EAX,EBX,ECX, 5, 5); + GG(ECX,EDX,EAX,EBX, 9, 9); + GG(EBX,ECX,EDX,EAX,13,13); + GG(EAX,EBX,ECX,EDX, 2, 3); + GG(EDX,EAX,EBX,ECX, 6, 5); + GG(ECX,EDX,EAX,EBX,10, 9); + GG(EBX,ECX,EDX,EAX,14,13); + GG(EAX,EBX,ECX,EDX, 3, 3); + GG(EDX,EAX,EBX,ECX, 7, 5); + GG(ECX,EDX,EAX,EBX,11, 9); + GG(EBX,ECX,EDX,EAX,15,13); + + HH(EAX,EBX,ECX,EDX, 0, 3); + HH(EDX,EAX,EBX,ECX, 8, 9); + HH(ECX,EDX,EAX,EBX, 4,11); + HH(EBX,ECX,EDX,EAX,12,15); + HH(EAX,EBX,ECX,EDX, 2, 3); + HH(EDX,EAX,EBX,ECX,10, 9); + HH(ECX,EDX,EAX,EBX, 6,11); + HH(EBX,ECX,EDX,EAX,14,15); + HH(EAX,EBX,ECX,EDX, 1, 3); + HH(EDX,EAX,EBX,ECX, 9, 9); + HH(ECX,EDX,EAX,EBX, 5,11); + HH(EBX,ECX,EDX,EAX,13,15); + HH(EAX,EBX,ECX,EDX, 3, 3); + HH(EDX,EAX,EBX,ECX,11, 9); + HH(ECX,EDX,EAX,EBX, 7,11); + HH(EBX,ECX,EDX,EAX,15,15); + + ASSIGN(EBP, ARG(1)) + ADD(ARRAY4(EBP, 0), EAX) + ADD(ARRAY4(EBP, 1), EBX) + ADD(ARRAY4(EBP, 2), ECX) + ADD(ARRAY4(EBP, 3), EDX) + + RESTORE_REGS() +END_FUNCTION(md4_core) diff --git a/src/asm/asm_ia32/md5.cpp b/src/asm/asm_ia32/md5.cpp new file mode 100644 index 000000000..cfe48e7e9 --- /dev/null +++ b/src/asm/asm_ia32/md5.cpp @@ -0,0 +1,43 @@ +/************************************************* +* MD5 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/md5.h> +#include <botan/loadstor.h> + +namespace Botan { + +extern "C" void md5_core(u32bit[4], const byte[64], u32bit[16]); + +/************************************************* +* MD5 Compression Function * +*************************************************/ +void MD5::hash(const byte input[]) + { + md5_core(digest, input, M); + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void MD5::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; ++j) + output[j] = get_byte(3 - (j % 4), digest[j/4]); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void MD5::clear() throw() + { + MDx_HashFunction::clear(); + M.clear(); + digest[0] = 0x67452301; + digest[1] = 0xEFCDAB89; + digest[2] = 0x98BADCFE; + digest[3] = 0x10325476; + } + +} diff --git a/src/asm/asm_ia32/md5core.S b/src/asm/asm_ia32/md5core.S new file mode 100644 index 000000000..8ebe469f3 --- /dev/null +++ b/src/asm/asm_ia32/md5core.S @@ -0,0 +1,164 @@ +/************************************************* +* MD5 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/asm_macr.h> + +START_LISTING(md5core.S) + +START_FUNCTION(md5_core) + SPILL_REGS() + +#define PUSHED 4 + + ASSIGN(EBP, ARG(2)) /* input block */ + ASSIGN(EDI, ARG(3)) /* expanded words */ + + ZEROIZE(ESI) + +START_LOOP(.LOAD_INPUT) + ADD_IMM(ESI, 4) + + ASSIGN(EAX, ARRAY4(EBP, 0)) + ASSIGN(EBX, ARRAY4(EBP, 1)) + ASSIGN(ECX, ARRAY4(EBP, 2)) + ASSIGN(EDX, ARRAY4(EBP, 3)) + + ADD_IMM(EBP, 16) + + ASSIGN(ARRAY4_INDIRECT(EDI,ESI,-4), EAX) + ASSIGN(ARRAY4_INDIRECT(EDI,ESI,-3), EBX) + ASSIGN(ARRAY4_INDIRECT(EDI,ESI,-2), ECX) + ASSIGN(ARRAY4_INDIRECT(EDI,ESI,-1), EDX) +LOOP_UNTIL_EQ(ESI, 16, .LOAD_INPUT) + + ASSIGN(EBP, ARG(1)) + ASSIGN(EAX, ARRAY4(EBP, 0)) + ASSIGN(EBX, ARRAY4(EBP, 1)) + ASSIGN(ECX, ARRAY4(EBP, 2)) + ASSIGN(EDX, ARRAY4(EBP, 3)) + +#define MSG EDI +#define T1 ESI +#define T2 EBP + +#define FF(A, B, C, D, N, S, MAGIC) \ + ASSIGN(T1, ARRAY4(MSG, N)) ; \ + ASSIGN(T2, C) ; \ + XOR(T2, D) ; \ + AND(T2, B) ; \ + XOR(T2, D) ; \ + ADD3_IMM(A, T1, MAGIC) ; \ + ADD(A, T2) ; \ + ROTL_IMM(A, S) ; \ + ADD(A, B) ; + +#define GG(A, B, C, D, N, S, MAGIC) \ + ASSIGN(T1, ARRAY4(MSG, N)) ; \ + ASSIGN(T2, B) ; \ + XOR(T2, C) ; \ + AND(T2, D) ; \ + XOR(T2, C) ; \ + ADD3_IMM(A, T1, MAGIC) ; \ + ADD(A, T2) ; \ + ROTL_IMM(A, S) ; \ + ADD(A, B) ; + +#define HH(A, B, C, D, N, S, MAGIC) \ + ASSIGN(T1, ARRAY4(MSG, N)) ; \ + ASSIGN(T2, B) ; \ + XOR(T2, C) ; \ + XOR(T2, D) ; \ + ADD3_IMM(A, T1, MAGIC) ; \ + ADD(A, T2) ; \ + ROTL_IMM(A, S) ; \ + ADD(A, B) ; + +#define II(A, B, C, D, N, S, MAGIC) \ + ASSIGN(T1, ARRAY4(MSG, N)) ; \ + ASSIGN(T2, D) ; \ + NOT(T2) ; \ + OR(T2, B) ; \ + XOR(T2, C) ; \ + ADD3_IMM(A, T1, MAGIC) ; \ + ADD(A, T2) ; \ + ROTL_IMM(A, S) ; \ + ADD(A, B) ; + + FF(EAX,EBX,ECX,EDX, 0, 7,0xD76AA478); + FF(EDX,EAX,EBX,ECX, 1,12,0xE8C7B756); + FF(ECX,EDX,EAX,EBX, 2,17,0x242070DB); + FF(EBX,ECX,EDX,EAX, 3,22,0xC1BDCEEE); + FF(EAX,EBX,ECX,EDX, 4, 7,0xF57C0FAF); + FF(EDX,EAX,EBX,ECX, 5,12,0x4787C62A); + FF(ECX,EDX,EAX,EBX, 6,17,0xA8304613); + FF(EBX,ECX,EDX,EAX, 7,22,0xFD469501); + FF(EAX,EBX,ECX,EDX, 8, 7,0x698098D8); + FF(EDX,EAX,EBX,ECX, 9,12,0x8B44F7AF); + FF(ECX,EDX,EAX,EBX,10,17,0xFFFF5BB1); + FF(EBX,ECX,EDX,EAX,11,22,0x895CD7BE); + FF(EAX,EBX,ECX,EDX,12, 7,0x6B901122); + FF(EDX,EAX,EBX,ECX,13,12,0xFD987193); + FF(ECX,EDX,EAX,EBX,14,17,0xA679438E); + FF(EBX,ECX,EDX,EAX,15,22,0x49B40821); + + GG(EAX,EBX,ECX,EDX, 1, 5,0xF61E2562); + GG(EDX,EAX,EBX,ECX, 6, 9,0xC040B340); + GG(ECX,EDX,EAX,EBX,11,14,0x265E5A51); + GG(EBX,ECX,EDX,EAX, 0,20,0xE9B6C7AA); + GG(EAX,EBX,ECX,EDX, 5, 5,0xD62F105D); + GG(EDX,EAX,EBX,ECX,10, 9,0x02441453); + GG(ECX,EDX,EAX,EBX,15,14,0xD8A1E681); + GG(EBX,ECX,EDX,EAX, 4,20,0xE7D3FBC8); + GG(EAX,EBX,ECX,EDX, 9, 5,0x21E1CDE6); + GG(EDX,EAX,EBX,ECX,14, 9,0xC33707D6); + GG(ECX,EDX,EAX,EBX, 3,14,0xF4D50D87); + GG(EBX,ECX,EDX,EAX, 8,20,0x455A14ED); + GG(EAX,EBX,ECX,EDX,13, 5,0xA9E3E905); + GG(EDX,EAX,EBX,ECX, 2, 9,0xFCEFA3F8); + GG(ECX,EDX,EAX,EBX, 7,14,0x676F02D9); + GG(EBX,ECX,EDX,EAX,12,20,0x8D2A4C8A); + + HH(EAX,EBX,ECX,EDX, 5, 4,0xFFFA3942); + HH(EDX,EAX,EBX,ECX, 8,11,0x8771F681); + HH(ECX,EDX,EAX,EBX,11,16,0x6D9D6122); + HH(EBX,ECX,EDX,EAX,14,23,0xFDE5380C); + HH(EAX,EBX,ECX,EDX, 1, 4,0xA4BEEA44); + HH(EDX,EAX,EBX,ECX, 4,11,0x4BDECFA9); + HH(ECX,EDX,EAX,EBX, 7,16,0xF6BB4B60); + HH(EBX,ECX,EDX,EAX,10,23,0xBEBFBC70); + HH(EAX,EBX,ECX,EDX,13, 4,0x289B7EC6); + HH(EDX,EAX,EBX,ECX, 0,11,0xEAA127FA); + HH(ECX,EDX,EAX,EBX, 3,16,0xD4EF3085); + HH(EBX,ECX,EDX,EAX, 6,23,0x04881D05); + HH(EAX,EBX,ECX,EDX, 9, 4,0xD9D4D039); + HH(EDX,EAX,EBX,ECX,12,11,0xE6DB99E5); + HH(ECX,EDX,EAX,EBX,15,16,0x1FA27CF8); + HH(EBX,ECX,EDX,EAX, 2,23,0xC4AC5665); + + II(EAX,EBX,ECX,EDX, 0, 6,0xF4292244); + II(EDX,EAX,EBX,ECX, 7,10,0x432AFF97); + II(ECX,EDX,EAX,EBX,14,15,0xAB9423A7); + II(EBX,ECX,EDX,EAX, 5,21,0xFC93A039); + II(EAX,EBX,ECX,EDX,12, 6,0x655B59C3); + II(EDX,EAX,EBX,ECX, 3,10,0x8F0CCC92); + II(ECX,EDX,EAX,EBX,10,15,0xFFEFF47D); + II(EBX,ECX,EDX,EAX, 1,21,0x85845DD1); + II(EAX,EBX,ECX,EDX, 8, 6,0x6FA87E4F); + II(EDX,EAX,EBX,ECX,15,10,0xFE2CE6E0); + II(ECX,EDX,EAX,EBX, 6,15,0xA3014314); + II(EBX,ECX,EDX,EAX,13,21,0x4E0811A1); + II(EAX,EBX,ECX,EDX, 4, 6,0xF7537E82); + II(EDX,EAX,EBX,ECX,11,10,0xBD3AF235); + II(ECX,EDX,EAX,EBX, 2,15,0x2AD7D2BB); + II(EBX,ECX,EDX,EAX, 9,21,0xEB86D391); + + ASSIGN(EBP, ARG(1)) + ADD(ARRAY4(EBP, 0), EAX) + ADD(ARRAY4(EBP, 1), EBX) + ADD(ARRAY4(EBP, 2), ECX) + ADD(ARRAY4(EBP, 3), EDX) + + RESTORE_REGS() +END_FUNCTION(md5_core) diff --git a/src/asm/asm_ia32/modinfo.txt b/src/asm/asm_ia32/modinfo.txt new file mode 100644 index 000000000..12c8cd96d --- /dev/null +++ b/src/asm/asm_ia32/modinfo.txt @@ -0,0 +1,43 @@ +realname "x86 Assembler" + +#mp_bits 32 + +load_on asm_ok + +<replace> +md4.cpp +md5.cpp +sha160.cpp +serpent.cpp +</replace> + +<ignore> +#mp_mulop.cpp +</ignore> + +<add> +asm_macr.h +md4core.S +md5core.S +sha1_asm.S +serp_asm.S +#mp_mulop.S +</add> + +<arch> +ia32 +</arch> + +<cc> +gcc +icc +</cc> + +# ELF systems +<os> +linux +freebsd +netbsd +openbsd +solaris +</os> diff --git a/src/asm/asm_ia32/mp_mulop.S b/src/asm/asm_ia32/mp_mulop.S new file mode 100644 index 000000000..a5f0d3b27 --- /dev/null +++ b/src/asm/asm_ia32/mp_mulop.S @@ -0,0 +1,62 @@ +/************************************************* +* Multiply/Add Algorithm Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/asm_macr.h> + +START_LISTING(mp_muladd.S) + +START_FUNCTION(bigint_mul_add_words) + SPILL_REGS() +#define PUSHED 4 + +#define LOOP_CTR ESI + ASSIGN(LOOP_CTR, ARG(3)) /* x_size */ + ZEROIZE(EDI) + + ASSIGN(ECX, ARG(1)) /* z[] */ + ASSIGN(EBX, ARG(2)) /* x[] */ + ASSIGN(EBP, ARG(4)) /* y */ + +#define MULADD_OP(N) \ + ASSIGN(EAX, ARRAY4(EBX, N)) ; \ + MUL(EBP) ; \ + ADD_W_CARRY(EAX, EDX, EDI) ; \ + ASSIGN(EDI, EDX) ; \ + ADD_W_CARRY(ARRAY4(ECX, N), EDI, EAX) ; + + JUMP_IF_ZERO(LOOP_CTR, .MUL_ADD_DONE) + JUMP_IF_LT(LOOP_CTR, 8, .MULADD1_LOOP) + +START_LOOP(.MULADD8) + MULADD_OP(0) + MULADD_OP(1) + MULADD_OP(2) + MULADD_OP(3) + MULADD_OP(4) + MULADD_OP(5) + MULADD_OP(6) + MULADD_OP(7) + + SUB_IMM(LOOP_CTR, 8) + ADD_IMM(EBX, 32) + ADD_IMM(ECX, 32) +LOOP_UNTIL_LT(LOOP_CTR, 8, .MULADD8) + + JUMP_IF_ZERO(LOOP_CTR, .MUL_ADD_DONE) + +START_LOOP(.MULADD1) + MULADD_OP(0) + + SUB_IMM(LOOP_CTR, 1) + ADD_IMM(EBX, 4) + ADD_IMM(ECX, 4) +LOOP_UNTIL_EQ(LOOP_CTR, 0, .MULADD1) + +.MUL_ADD_DONE: + + ASSIGN(EAX, EDI) +#undef PUSHED + RESTORE_REGS() +END_FUNCTION(bigint_mul_add_words) diff --git a/src/asm/asm_ia32/serp_asm.S b/src/asm/asm_ia32/serp_asm.S new file mode 100644 index 000000000..c8915382d --- /dev/null +++ b/src/asm/asm_ia32/serp_asm.S @@ -0,0 +1,667 @@ +/************************************************* +* Serpent Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/asm_macr.h> + +START_LISTING(serp_asm.S) + +#define SBOX_E1(A, B, C, D, T) \ + XOR(D, A) ; \ + ASSIGN(T, B) ; \ + AND(B, D) ; \ + XOR(T, C) ; \ + XOR(B, A) ; \ + OR(A, D) ; \ + XOR(A, T) ; \ + XOR(T, D) ; \ + XOR(D, C) ; \ + OR(C, B) ; \ + XOR(C, T) ; \ + NOT(T) ; \ + OR(T, B) ; \ + XOR(B, D) ; \ + XOR(B, T) ; \ + OR(D, A) ; \ + XOR(B, D) ; \ + XOR(T, D) ; \ + ASSIGN(D, A) ; \ + ASSIGN(A, B) ; \ + ASSIGN(B, T) ; + +#define SBOX_E2(A, B, C, D, T) \ + NOT(A) ; \ + NOT(C) ; \ + ASSIGN(T, A) ; \ + AND(A, B) ; \ + XOR(C, A) ; \ + OR(A, D) ; \ + XOR(D, C) ; \ + XOR(B, A) ; \ + XOR(A, T) ; \ + OR(T, B) ; \ + XOR(B, D) ; \ + OR(C, A) ; \ + AND(C, T) ; \ + XOR(A, B) ; \ + AND(B, C) ; \ + XOR(B, A) ; \ + AND(A, C) ; \ + XOR(T, A) ; \ + ASSIGN(A, C) ; \ + ASSIGN(C, D) ; \ + ASSIGN(D, B) ; \ + ASSIGN(B, T) ; + +#define SBOX_E3(A, B, C, D, T) \ + ASSIGN(T, A) ; \ + AND(A, C) ; \ + XOR(A, D) ; \ + XOR(C, B) ; \ + XOR(C, A) ; \ + OR(D, T) ; \ + XOR(D, B) ; \ + XOR(T, C) ; \ + ASSIGN(B, D) ; \ + OR(D, T) ; \ + XOR(D, A) ; \ + AND(A, B) ; \ + XOR(T, A) ; \ + XOR(B, D) ; \ + XOR(B, T) ; \ + NOT(T) ; \ + ASSIGN(A, C) ; \ + ASSIGN(C, B) ; \ + ASSIGN(B, D) ; \ + ASSIGN(D, T) ; + +#define SBOX_E4(A, B, C, D, T) \ + ASSIGN(T, A) ; \ + OR(A, D) ; \ + XOR(D, B) ; \ + AND(B, T) ; \ + XOR(T, C) ; \ + XOR(C, D) ; \ + AND(D, A) ; \ + OR(T, B) ; \ + XOR(D, T) ; \ + XOR(A, B) ; \ + AND(T, A) ; \ + XOR(B, D) ; \ + XOR(T, C) ; \ + OR(B, A) ; \ + XOR(B, C) ; \ + XOR(A, D) ; \ + ASSIGN(C, B) ; \ + OR(B, D) ; \ + XOR(B, A) ; \ + ASSIGN(A, B) ; \ + ASSIGN(B, C) ; \ + ASSIGN(C, D) ; \ + ASSIGN(D, T) ; + +#define SBOX_E5(A, B, C, D, T) \ + XOR(B, D) ; \ + NOT(D) ; \ + XOR(C, D) ; \ + XOR(D, A) ; \ + ASSIGN(T, B) ; \ + AND(B, D) ; \ + XOR(B, C) ; \ + XOR(T, D) ; \ + XOR(A, T) ; \ + AND(C, T) ; \ + XOR(C, A) ; \ + AND(A, B) ; \ + XOR(D, A) ; \ + OR(T, B) ; \ + XOR(T, A) ; \ + OR(A, D) ; \ + XOR(A, C) ; \ + AND(C, D) ; \ + NOT(A) ; \ + XOR(T, C) ; \ + ASSIGN(C, A) ; \ + ASSIGN(A, B) ; \ + ASSIGN(B, T) ; + +#define SBOX_E6(A, B, C, D, T) \ + XOR(A, B) ; \ + XOR(B, D) ; \ + NOT(D) ; \ + ASSIGN(T, B) ; \ + AND(B, A) ; \ + XOR(C, D) ; \ + XOR(B, C) ; \ + OR(C, T) ; \ + XOR(T, D) ; \ + AND(D, B) ; \ + XOR(D, A) ; \ + XOR(T, B) ; \ + XOR(T, C) ; \ + XOR(C, A) ; \ + AND(A, D) ; \ + NOT(C) ; \ + XOR(A, T) ; \ + OR(T, D) ; \ + XOR(T, C) ; \ + ASSIGN(C, A) ; \ + ASSIGN(A, B) ; \ + ASSIGN(B, D) ; \ + ASSIGN(D, T) ; + +#define SBOX_E7(A, B, C, D, T) \ + NOT(C) ; \ + ASSIGN(T, D) ; \ + AND(D, A) ; \ + XOR(A, T) ; \ + XOR(D, C) ; \ + OR(C, T) ; \ + XOR(B, D) ; \ + XOR(C, A) ; \ + OR(A, B) ; \ + XOR(C, B) ; \ + XOR(T, A) ; \ + OR(A, D) ; \ + XOR(A, C) ; \ + XOR(T, D) ; \ + XOR(T, A) ; \ + NOT(D) ; \ + AND(C, T) ; \ + XOR(C, D) ; \ + ASSIGN(D, C) ; \ + ASSIGN(C, T) ; + +#define SBOX_E8(A, B, C, D, T) \ + ASSIGN(T, B) ; \ + OR(B, C) ; \ + XOR(B, D) ; \ + XOR(T, C) ; \ + XOR(C, B) ; \ + OR(D, T) ; \ + AND(D, A) ; \ + XOR(T, C) ; \ + XOR(D, B) ; \ + OR(B, T) ; \ + XOR(B, A) ; \ + OR(A, T) ; \ + XOR(A, C) ; \ + XOR(B, T) ; \ + XOR(C, B) ; \ + AND(B, A) ; \ + XOR(B, T) ; \ + NOT(C) ; \ + OR(C, A) ; \ + XOR(T, C) ; \ + ASSIGN(C, B) ; \ + ASSIGN(B, D) ; \ + ASSIGN(D, A) ; \ + ASSIGN(A, T) ; + +#define SBOX_D1(A, B, C, D, T) \ + NOT(C) ; \ + ASSIGN(T, B) ; \ + OR(B, A) ; \ + NOT(T) ; \ + XOR(B, C) ; \ + OR(C, T) ; \ + XOR(B, D) ; \ + XOR(A, T) ; \ + XOR(C, A) ; \ + AND(A, D) ; \ + XOR(T, A) ; \ + OR(A, B) ; \ + XOR(A, C) ; \ + XOR(D, T) ; \ + XOR(C, B) ; \ + XOR(D, A) ; \ + XOR(D, B) ; \ + AND(C, D) ; \ + XOR(T, C) ; \ + ASSIGN(C, B) ; \ + ASSIGN(B, T) ; + +#define SBOX_D2(A, B, C, D, T) \ + ASSIGN(T, B) ; \ + XOR(B, D) ; \ + AND(D, B) ; \ + XOR(T, C) ; \ + XOR(D, A) ; \ + OR(A, B) ; \ + XOR(C, D) ; \ + XOR(A, T) ; \ + OR(A, C) ; \ + XOR(B, D) ; \ + XOR(A, B) ; \ + OR(B, D) ; \ + XOR(B, A) ; \ + NOT(T) ; \ + XOR(T, B) ; \ + OR(B, A) ; \ + XOR(B, A) ; \ + OR(B, T) ; \ + XOR(D, B) ; \ + ASSIGN(B, A) ; \ + ASSIGN(A, T) ; \ + ASSIGN(T, D) ; \ + ASSIGN(D, C) ; \ + ASSIGN(C, T) ; + +#define SBOX_D3(A, B, C, D, T) \ + XOR(C, D) ; \ + XOR(D, A) ; \ + ASSIGN(T, D) ; \ + AND(D, C) ; \ + XOR(D, B) ; \ + OR(B, C) ; \ + XOR(B, T) ; \ + AND(T, D) ; \ + XOR(C, D) ; \ + AND(T, A) ; \ + XOR(T, C) ; \ + AND(C, B) ; \ + OR(C, A) ; \ + NOT(D) ; \ + XOR(C, D) ; \ + XOR(A, D) ; \ + AND(A, B) ; \ + XOR(D, T) ; \ + XOR(D, A) ; \ + ASSIGN(A, B) ; \ + ASSIGN(B, T) ; + +#define SBOX_D4(A, B, C, D, T) \ + ASSIGN(T, C) ; \ + XOR(C, B) ; \ + XOR(A, C) ; \ + AND(T, C) ; \ + XOR(T, A) ; \ + AND(A, B) ; \ + XOR(B, D) ; \ + OR(D, T) ; \ + XOR(C, D) ; \ + XOR(A, D) ; \ + XOR(B, T) ; \ + AND(D, C) ; \ + XOR(D, B) ; \ + XOR(B, A) ; \ + OR(B, C) ; \ + XOR(A, D) ; \ + XOR(B, T) ; \ + XOR(A, B) ; \ + ASSIGN(T, A) ; \ + ASSIGN(A, C) ; \ + ASSIGN(C, D) ; \ + ASSIGN(D, T) ; + +#define SBOX_D5(A, B, C, D, T) \ + ASSIGN(T, C) ; \ + AND(C, D) ; \ + XOR(C, B) ; \ + OR(B, D) ; \ + AND(B, A) ; \ + XOR(T, C) ; \ + XOR(T, B) ; \ + AND(B, C) ; \ + NOT(A) ; \ + XOR(D, T) ; \ + XOR(B, D) ; \ + AND(D, A) ; \ + XOR(D, C) ; \ + XOR(A, B) ; \ + AND(C, A) ; \ + XOR(D, A) ; \ + XOR(C, T) ; \ + OR(C, D) ; \ + XOR(D, A) ; \ + XOR(C, B) ; \ + ASSIGN(B, D) ; \ + ASSIGN(D, T) ; + +#define SBOX_D6(A, B, C, D, T) \ + NOT(B) ; \ + ASSIGN(T, D) ; \ + XOR(C, B) ; \ + OR(D, A) ; \ + XOR(D, C) ; \ + OR(C, B) ; \ + AND(C, A) ; \ + XOR(T, D) ; \ + XOR(C, T) ; \ + OR(T, A) ; \ + XOR(T, B) ; \ + AND(B, C) ; \ + XOR(B, D) ; \ + XOR(T, C) ; \ + AND(D, T) ; \ + XOR(T, B) ; \ + XOR(D, T) ; \ + NOT(T) ; \ + XOR(D, A) ; \ + ASSIGN(A, B) ; \ + ASSIGN(B, T) ; \ + ASSIGN(T, D) ; \ + ASSIGN(D, C) ; \ + ASSIGN(C, T) ; + +#define SBOX_D7(A, B, C, D, T) \ + XOR(A, C) ; \ + ASSIGN(T, C) ; \ + AND(C, A) ; \ + XOR(T, D) ; \ + NOT(C) ; \ + XOR(D, B) ; \ + XOR(C, D) ; \ + OR(T, A) ; \ + XOR(A, C) ; \ + XOR(D, T) ; \ + XOR(T, B) ; \ + AND(B, D) ; \ + XOR(B, A) ; \ + XOR(A, D) ; \ + OR(A, C) ; \ + XOR(D, B) ; \ + XOR(T, A) ; \ + ASSIGN(A, B) ; \ + ASSIGN(B, C) ; \ + ASSIGN(C, T) ; + +#define SBOX_D8(A, B, C, D, T) \ + ASSIGN(T, C) ; \ + XOR(C, A) ; \ + AND(A, D) ; \ + OR(T, D) ; \ + NOT(C) ; \ + XOR(D, B) ; \ + OR(B, A) ; \ + XOR(A, C) ; \ + AND(C, T) ; \ + AND(D, T) ; \ + XOR(B, C) ; \ + XOR(C, A) ; \ + OR(A, C) ; \ + XOR(T, B) ; \ + XOR(A, D) ; \ + XOR(D, T) ; \ + OR(T, A) ; \ + XOR(D, C) ; \ + XOR(T, C) ; \ + ASSIGN(C, B) ; \ + ASSIGN(B, A) ; \ + ASSIGN(A, D) ; \ + ASSIGN(D, T) ; + +#define TRANSFORM(A, B, C, D, T) \ + ROTL_IMM(A, 13) ; \ + ROTL_IMM(C, 3) ; \ + SHL2_3(T, A) ; \ + XOR(B, A) ; \ + XOR(D, C) ; \ + XOR(B, C) ; \ + XOR(D, T) ; \ + ROTL_IMM(B, 1) ; \ + ROTL_IMM(D, 7) ; \ + ASSIGN(T, B) ; \ + SHL_IMM(T, 7) ; \ + XOR(A, B) ; \ + XOR(C, D) ; \ + XOR(A, D) ; \ + XOR(C, T) ; \ + ROTL_IMM(A, 5) ; \ + ROTL_IMM(C, 22) ; + +#define I_TRANSFORM(A, B, C, D, T) \ + ROTR_IMM(C, 22) ; \ + ROTR_IMM(A, 5) ; \ + ASSIGN(T, B) ; \ + SHL_IMM(T, 7) ; \ + XOR(A, B) ; \ + XOR(C, D) ; \ + XOR(A, D) ; \ + XOR(C, T) ; \ + ROTR_IMM(D, 7) ; \ + ROTR_IMM(B, 1) ; \ + SHL2_3(T, A) ; \ + XOR(B, C) ; \ + XOR(D, C) ; \ + XOR(B, A) ; \ + XOR(D, T) ; \ + ROTR_IMM(C, 3) ; \ + ROTR_IMM(A, 13) ; + +#define KEY_XOR(A, B, C, D, N) \ + XOR(A, ARRAY4(EDI, (4*N ))) ; \ + XOR(B, ARRAY4(EDI, (4*N+1))) ; \ + XOR(C, ARRAY4(EDI, (4*N+2))) ; \ + XOR(D, ARRAY4(EDI, (4*N+3))) ; + +/************************************************* +* Serpent Encryption * +*************************************************/ +START_FUNCTION(serpent_encrypt) + SPILL_REGS() +#define PUSHED 4 + + ASSIGN(EBP, ARG(1)) /* input block */ + ASSIGN(EAX, ARRAY4(EBP, 0)) + ASSIGN(EBX, ARRAY4(EBP, 1)) + ASSIGN(ECX, ARRAY4(EBP, 2)) + ASSIGN(EDX, ARRAY4(EBP, 3)) + + ASSIGN(EDI, ARG(3)) /* round keys */ + ZEROIZE(EBP) + +#define E_ROUND(A, B, C, D, T, N, SBOX) \ + KEY_XOR(A, B, C, D, N) \ + SBOX(A, B, C, D, T) \ + TRANSFORM(A, B, C, D, T) + + + E_ROUND(EAX, EBX, ECX, EDX, EBP, 0, SBOX_E1) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 1, SBOX_E2) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 2, SBOX_E3) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 3, SBOX_E4) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 4, SBOX_E5) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 5, SBOX_E6) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 6, SBOX_E7) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 7, SBOX_E8) + + E_ROUND(EAX, EBX, ECX, EDX, EBP, 8, SBOX_E1) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 9, SBOX_E2) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 10, SBOX_E3) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 11, SBOX_E4) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 12, SBOX_E5) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 13, SBOX_E6) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 14, SBOX_E7) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 15, SBOX_E8) + + E_ROUND(EAX, EBX, ECX, EDX, EBP, 16, SBOX_E1) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 17, SBOX_E2) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 18, SBOX_E3) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 19, SBOX_E4) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 20, SBOX_E5) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 21, SBOX_E6) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 22, SBOX_E7) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 23, SBOX_E8) + + E_ROUND(EAX, EBX, ECX, EDX, EBP, 24, SBOX_E1) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 25, SBOX_E2) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 26, SBOX_E3) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 27, SBOX_E4) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 28, SBOX_E5) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 29, SBOX_E6) + E_ROUND(EAX, EBX, ECX, EDX, EBP, 30, SBOX_E7) + + KEY_XOR(EAX, EBX, ECX, EDX, 31) + SBOX_E8(EAX, EBX, ECX, EDX, EBP) + KEY_XOR(EAX, EBX, ECX, EDX, 32) + + ASSIGN(EBP, ARG(2)) /* output block */ + ASSIGN(ARRAY4(EBP, 0), EAX) + ASSIGN(ARRAY4(EBP, 1), EBX) + ASSIGN(ARRAY4(EBP, 2), ECX) + ASSIGN(ARRAY4(EBP, 3), EDX) + + RESTORE_REGS() +#undef PUSHED +END_FUNCTION(serpent_encrypt) + +/************************************************* +* Serpent Decryption * +*************************************************/ +START_FUNCTION(serpent_decrypt) + SPILL_REGS() +#define PUSHED 4 + + ASSIGN(EBP, ARG(1)) /* input block */ + ASSIGN(EAX, ARRAY4(EBP, 0)) + ASSIGN(EBX, ARRAY4(EBP, 1)) + ASSIGN(ECX, ARRAY4(EBP, 2)) + ASSIGN(EDX, ARRAY4(EBP, 3)) + + ASSIGN(EDI, ARG(3)) /* round keys */ + + ZEROIZE(EBP) + +#define D_ROUND(A, B, C, D, T, N, SBOX) \ + I_TRANSFORM(A, B, C, D, T) \ + SBOX(A, B, C, D, T) \ + KEY_XOR(A, B, C, D, N) \ + + KEY_XOR(EAX, EBX, ECX, EDX, 32) + SBOX_D8(EAX, EBX, ECX, EDX, EBP) + KEY_XOR(EAX, EBX, ECX, EDX, 31) + + D_ROUND(EAX, EBX, ECX, EDX, EBP, 30, SBOX_D7) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 29, SBOX_D6) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 28, SBOX_D5) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 27, SBOX_D4) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 26, SBOX_D3) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 25, SBOX_D2) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 24, SBOX_D1) + + D_ROUND(EAX, EBX, ECX, EDX, EBP, 23, SBOX_D8) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 22, SBOX_D7) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 21, SBOX_D6) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 20, SBOX_D5) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 19, SBOX_D4) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 18, SBOX_D3) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 17, SBOX_D2) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 16, SBOX_D1) + + D_ROUND(EAX, EBX, ECX, EDX, EBP, 15, SBOX_D8) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 14, SBOX_D7) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 13, SBOX_D6) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 12, SBOX_D5) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 11, SBOX_D4) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 10, SBOX_D3) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 9, SBOX_D2) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 8, SBOX_D1) + + D_ROUND(EAX, EBX, ECX, EDX, EBP, 7, SBOX_D8) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 6, SBOX_D7) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 5, SBOX_D6) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 4, SBOX_D5) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 3, SBOX_D4) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 2, SBOX_D3) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 1, SBOX_D2) + D_ROUND(EAX, EBX, ECX, EDX, EBP, 0, SBOX_D1) + + ASSIGN(EBP, ARG(2)) /* output block */ + ASSIGN(ARRAY4(EBP, 0), EAX) + ASSIGN(ARRAY4(EBP, 1), EBX) + ASSIGN(ARRAY4(EBP, 2), ECX) + ASSIGN(ARRAY4(EBP, 3), EDX) + + RESTORE_REGS() +#undef PUSHED +END_FUNCTION(serpent_decrypt) + +/************************************************* +* Serpent Key Schedule * +*************************************************/ +START_FUNCTION(serpent_key_schedule) + SPILL_REGS() +#define PUSHED 4 + + ASSIGN(EDI, ARG(1)) /* round keys */ + ASSIGN(ESI, IMM(8)) + ADD_IMM(EDI, 32) + +START_LOOP(.EXPANSION) + ASSIGN(EAX, ARRAY4(EDI, -1)) + ASSIGN(EBX, ARRAY4(EDI, -3)) + ASSIGN(ECX, ARRAY4(EDI, -5)) + ASSIGN(EDX, ARRAY4(EDI, -8)) + + ASSIGN(EBP, ESI) + SUB_IMM(EBP, 8) + XOR(EBP, IMM(0x9E3779B9)) + XOR(EAX, EBX) + XOR(ECX, EDX) + XOR(EAX, EBP) + XOR(EAX, ECX) + + ROTL_IMM(EAX, 11) + + ASSIGN(ARRAY4(EDI, 0), EAX) + + ADD_IMM(ESI, 1) + ADD_IMM(EDI, 4) +LOOP_UNTIL_EQ(ESI, 140, .EXPANSION) + + ASSIGN(EDI, ARG(1)) /* round keys */ + +#define LOAD_AND_SBOX(MSG, SBOX) \ + ASSIGN(EAX, ARRAY4(EDI, (4*MSG+ 8))) ; \ + ASSIGN(EBX, ARRAY4(EDI, (4*MSG+ 9))) ; \ + ASSIGN(ECX, ARRAY4(EDI, (4*MSG+10))) ; \ + ASSIGN(EDX, ARRAY4(EDI, (4*MSG+11))) ; \ + SBOX(EAX, EBX, ECX, EDX, EBP) ; \ + ASSIGN(ARRAY4(EDI, (4*MSG+ 8)), EAX) ; \ + ASSIGN(ARRAY4(EDI, (4*MSG+ 9)), EBX) ; \ + ASSIGN(ARRAY4(EDI, (4*MSG+10)), ECX) ; \ + ASSIGN(ARRAY4(EDI, (4*MSG+11)), EDX) + + LOAD_AND_SBOX( 0, SBOX_E4) + LOAD_AND_SBOX( 1, SBOX_E3) + LOAD_AND_SBOX( 2, SBOX_E2) + LOAD_AND_SBOX( 3, SBOX_E1) + + LOAD_AND_SBOX( 4, SBOX_E8) + LOAD_AND_SBOX( 5, SBOX_E7) + LOAD_AND_SBOX( 6, SBOX_E6) + LOAD_AND_SBOX( 7, SBOX_E5) + LOAD_AND_SBOX( 8, SBOX_E4) + LOAD_AND_SBOX( 9, SBOX_E3) + LOAD_AND_SBOX(10, SBOX_E2) + LOAD_AND_SBOX(11, SBOX_E1) + + LOAD_AND_SBOX(12, SBOX_E8) + LOAD_AND_SBOX(13, SBOX_E7) + LOAD_AND_SBOX(14, SBOX_E6) + LOAD_AND_SBOX(15, SBOX_E5) + LOAD_AND_SBOX(16, SBOX_E4) + LOAD_AND_SBOX(17, SBOX_E3) + LOAD_AND_SBOX(18, SBOX_E2) + LOAD_AND_SBOX(19, SBOX_E1) + + LOAD_AND_SBOX(20, SBOX_E8) + LOAD_AND_SBOX(21, SBOX_E7) + LOAD_AND_SBOX(22, SBOX_E6) + LOAD_AND_SBOX(23, SBOX_E5) + LOAD_AND_SBOX(24, SBOX_E4) + LOAD_AND_SBOX(25, SBOX_E3) + LOAD_AND_SBOX(26, SBOX_E2) + LOAD_AND_SBOX(27, SBOX_E1) + + LOAD_AND_SBOX(28, SBOX_E8) + LOAD_AND_SBOX(29, SBOX_E7) + LOAD_AND_SBOX(30, SBOX_E6) + LOAD_AND_SBOX(31, SBOX_E5) + LOAD_AND_SBOX(32, SBOX_E4) + + RESTORE_REGS() +#undef PUSHED +END_FUNCTION(serpent_key_schedule) diff --git a/src/asm/asm_ia32/serpent.cpp b/src/asm/asm_ia32/serpent.cpp new file mode 100644 index 000000000..aacb72b0f --- /dev/null +++ b/src/asm/asm_ia32/serpent.cpp @@ -0,0 +1,49 @@ +/************************************************* +* Serpent Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/serpent.h> +#include <botan/loadstor.h> + +namespace Botan { + +extern "C" { + +void serpent_encrypt(const byte[16], byte[16], const u32bit[132]); +void serpent_decrypt(const byte[16], byte[16], const u32bit[132]); +void serpent_key_schedule(u32bit[140]); + +} + +/************************************************* +* Serpent Encryption * +*************************************************/ +void Serpent::enc(const byte in[], byte out[]) const + { + serpent_encrypt(in, out, round_key); + } + +/************************************************* +* Serpent Decryption * +*************************************************/ +void Serpent::dec(const byte in[], byte out[]) const + { + serpent_decrypt(in, out, round_key); + } + +/************************************************* +* Serpent Key Schedule * +*************************************************/ +void Serpent::key(const byte key[], u32bit length) + { + SecureBuffer<u32bit, 140> W; + for(u32bit j = 0; j != length / 4; ++j) + W[j] = make_u32bit(key[4*j+3], key[4*j+2], key[4*j+1], key[4*j]); + W[length / 4] |= u32bit(1) << ((length%4)*8); + + serpent_key_schedule(W); + round_key.copy(W + 8, 132); + } + +} diff --git a/src/asm/asm_ia32/sha160.cpp b/src/asm/asm_ia32/sha160.cpp new file mode 100644 index 000000000..7725541d5 --- /dev/null +++ b/src/asm/asm_ia32/sha160.cpp @@ -0,0 +1,52 @@ +/************************************************* +* SHA-160 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/sha160.h> +#include <botan/loadstor.h> + +namespace Botan { + +extern "C" void botan_sha160_asm_ia32(u32bit[5], const byte[64], u32bit[81]); + +/************************************************* +* SHA-160 Compression Function * +*************************************************/ +void SHA_160::hash(const byte input[]) + { + botan_sha160_asm_ia32(digest, input, W); + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void SHA_160::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; ++j) + output[j] = get_byte(j % 4, digest[j/4]); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void SHA_160::clear() throw() + { + MDx_HashFunction::clear(); + W.clear(); + digest[0] = 0x67452301; + digest[1] = 0xEFCDAB89; + digest[2] = 0x98BADCFE; + digest[3] = 0x10325476; + digest[4] = 0xC3D2E1F0; + } + +/************************************************* +* SHA_160 Constructor * +*************************************************/ +SHA_160::SHA_160() : MDx_HashFunction(20, 64, true, true), W(81) + { + clear(); + } + +} diff --git a/src/asm/asm_ia32/sha1_asm.S b/src/asm/asm_ia32/sha1_asm.S new file mode 100644 index 000000000..85bc9dc2c --- /dev/null +++ b/src/asm/asm_ia32/sha1_asm.S @@ -0,0 +1,242 @@ +/************************************************* +* SHA-160 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/asm_macr.h> + +START_LISTING(sha1_asm.S) + +START_FUNCTION(botan_sha160_asm_ia32) + SPILL_REGS() + +#define PUSHED 4 + + ASSIGN(EDI, ARG(2)) + ASSIGN(EBP, ARG(3)) + + ZEROIZE(ESI) + +START_LOOP(.LOAD_INPUT) + ADD_IMM(ESI, 4) + + ASSIGN(EAX, ARRAY4(EDI, 0)) + ASSIGN(EBX, ARRAY4(EDI, 1)) + ASSIGN(ECX, ARRAY4(EDI, 2)) + ASSIGN(EDX, ARRAY4(EDI, 3)) + + ADD_IMM(EDI, 16) + + BSWAP(EAX) + BSWAP(EBX) + BSWAP(ECX) + BSWAP(EDX) + + ASSIGN(ARRAY4_INDIRECT(EBP,ESI,-4), EAX) + ASSIGN(ARRAY4_INDIRECT(EBP,ESI,-3), EBX) + ASSIGN(ARRAY4_INDIRECT(EBP,ESI,-2), ECX) + ASSIGN(ARRAY4_INDIRECT(EBP,ESI,-1), EDX) +LOOP_UNTIL_EQ(ESI, 16, .LOAD_INPUT) + + ADD2_IMM(EDI, EBP, 64) + +START_LOOP(.EXPANSION) + ADD_IMM(ESI, 4) + + ZEROIZE(EAX) + ASSIGN(EBX, ARRAY4(EDI, -1)) + ASSIGN(ECX, ARRAY4(EDI, -2)) + ASSIGN(EDX, ARRAY4(EDI, -3)) + + XOR(EAX, ARRAY4(EDI, -5)) + XOR(EBX, ARRAY4(EDI, -6)) + XOR(ECX, ARRAY4(EDI, -7)) + XOR(EDX, ARRAY4(EDI, -8)) + + XOR(EAX, ARRAY4(EDI, -11)) + XOR(EBX, ARRAY4(EDI, -12)) + XOR(ECX, ARRAY4(EDI, -13)) + XOR(EDX, ARRAY4(EDI, -14)) + + XOR(EAX, ARRAY4(EDI, -13)) + XOR(EBX, ARRAY4(EDI, -14)) + XOR(ECX, ARRAY4(EDI, -15)) + XOR(EDX, ARRAY4(EDI, -16)) + + ROTL_IMM(EDX, 1) + ROTL_IMM(ECX, 1) + ROTL_IMM(EBX, 1) + XOR(EAX, EDX) + ROTL_IMM(EAX, 1) + + ASSIGN(ARRAY4(EDI, 0), EDX) + ASSIGN(ARRAY4(EDI, 1), ECX) + ASSIGN(ARRAY4(EDI, 2), EBX) + ASSIGN(ARRAY4(EDI, 3), EAX) + + ADD_IMM(EDI, 16) +LOOP_UNTIL_EQ(ESI, 80, .EXPANSION) + +#define MAGIC1 0x5A827999 +#define MAGIC2 0x6ED9EBA1 +#define MAGIC3 0x8F1BBCDC +#define MAGIC4 0xCA62C1D6 + +#define MSG ESP +#define T2 EBP + +#define F1(A, B, C, D, E, F, N) \ + ASSIGN(T2, ARRAY4(MSG, N)) ; \ + ASSIGN(A, F) ; \ + ROTL_IMM(F, 5) ; \ + ADD(F, E) ; \ + ASSIGN(E, C) ; \ + XOR(E, D) ; \ + ADD3_IMM(F, T2, MAGIC1) ; \ + AND(E, B) ; \ + XOR(E, D) ; \ + ROTR_IMM(B, 2) ; \ + ADD(E, F) ; + +#define F2_4(A, B, C, D, E, F, N, MAGIC) \ + ASSIGN(T2, ARRAY4(MSG, N)) ; \ + ASSIGN(A, F) ; \ + ROTL_IMM(F, 5) ; \ + ADD(F, E) ; \ + ASSIGN(E, B) ; \ + XOR(E, C) ; \ + ADD3_IMM(F, T2, MAGIC) ; \ + XOR(E, D) ; \ + ROTR_IMM(B, 2) ; \ + ADD(E, F) ; + +#define F3(A, B, C, D, E, F, N) \ + ASSIGN(T2, ARRAY4(MSG, N)) ; \ + ASSIGN(A, F) ; \ + ROTL_IMM(F, 5) ; \ + ADD(F, E) ; \ + ASSIGN(E, B) ; \ + OR(E, C) ; \ + AND(E, D) ; \ + ADD3_IMM(F, T2, MAGIC3) ; \ + ASSIGN(T2, B) ; \ + AND(T2, C) ; \ + OR(E, T2) ; \ + ROTR_IMM(B, 2) ; \ + ADD(E, F) ; + +#define F2(A, B, C, D, E, F, MSG) \ + F2_4(A, B, C, D, E, F, MSG, MAGIC2) + +#define F4(A, B, C, D, E, F, MSG) \ + F2_4(A, B, C, D, E, F, MSG, MAGIC4) + + ASSIGN(EAX, ARG(1)) + ASSIGN(EDI, ARRAY4(EAX, 0)) + ASSIGN(EBX, ARRAY4(EAX, 1)) + ASSIGN(ECX, ARRAY4(EAX, 2)) + ASSIGN(EDX, ARRAY4(EAX, 3)) + ASSIGN(ESI, ARRAY4(EAX, 4)) + + ASSIGN(ARRAY4(EBP, 80), ESP) + ASSIGN(ESP, EBP) + + /* First Round */ + F1(EAX, EBX, ECX, EDX, ESI, EDI, 0) + F1(EDI, EAX, EBX, ECX, EDX, ESI, 1) + F1(ESI, EDI, EAX, EBX, ECX, EDX, 2) + F1(EDX, ESI, EDI, EAX, EBX, ECX, 3) + F1(ECX, EDX, ESI, EDI, EAX, EBX, 4) + F1(EBX, ECX, EDX, ESI, EDI, EAX, 5) + F1(EAX, EBX, ECX, EDX, ESI, EDI, 6) + F1(EDI, EAX, EBX, ECX, EDX, ESI, 7) + F1(ESI, EDI, EAX, EBX, ECX, EDX, 8) + F1(EDX, ESI, EDI, EAX, EBX, ECX, 9) + F1(ECX, EDX, ESI, EDI, EAX, EBX, 10) + F1(EBX, ECX, EDX, ESI, EDI, EAX, 11) + F1(EAX, EBX, ECX, EDX, ESI, EDI, 12) + F1(EDI, EAX, EBX, ECX, EDX, ESI, 13) + F1(ESI, EDI, EAX, EBX, ECX, EDX, 14) + F1(EDX, ESI, EDI, EAX, EBX, ECX, 15) + F1(ECX, EDX, ESI, EDI, EAX, EBX, 16) + F1(EBX, ECX, EDX, ESI, EDI, EAX, 17) + F1(EAX, EBX, ECX, EDX, ESI, EDI, 18) + F1(EDI, EAX, EBX, ECX, EDX, ESI, 19) + + /* Second Round */ + F2(ESI, EDI, EAX, EBX, ECX, EDX, 20) + F2(EDX, ESI, EDI, EAX, EBX, ECX, 21) + F2(ECX, EDX, ESI, EDI, EAX, EBX, 22) + F2(EBX, ECX, EDX, ESI, EDI, EAX, 23) + F2(EAX, EBX, ECX, EDX, ESI, EDI, 24) + F2(EDI, EAX, EBX, ECX, EDX, ESI, 25) + F2(ESI, EDI, EAX, EBX, ECX, EDX, 26) + F2(EDX, ESI, EDI, EAX, EBX, ECX, 27) + F2(ECX, EDX, ESI, EDI, EAX, EBX, 28) + F2(EBX, ECX, EDX, ESI, EDI, EAX, 29) + F2(EAX, EBX, ECX, EDX, ESI, EDI, 30) + F2(EDI, EAX, EBX, ECX, EDX, ESI, 31) + F2(ESI, EDI, EAX, EBX, ECX, EDX, 32) + F2(EDX, ESI, EDI, EAX, EBX, ECX, 33) + F2(ECX, EDX, ESI, EDI, EAX, EBX, 34) + F2(EBX, ECX, EDX, ESI, EDI, EAX, 35) + F2(EAX, EBX, ECX, EDX, ESI, EDI, 36) + F2(EDI, EAX, EBX, ECX, EDX, ESI, 37) + F2(ESI, EDI, EAX, EBX, ECX, EDX, 38) + F2(EDX, ESI, EDI, EAX, EBX, ECX, 39) + + /* Third Round */ + F3(ECX, EDX, ESI, EDI, EAX, EBX, 40) + F3(EBX, ECX, EDX, ESI, EDI, EAX, 41) + F3(EAX, EBX, ECX, EDX, ESI, EDI, 42) + F3(EDI, EAX, EBX, ECX, EDX, ESI, 43) + F3(ESI, EDI, EAX, EBX, ECX, EDX, 44) + F3(EDX, ESI, EDI, EAX, EBX, ECX, 45) + F3(ECX, EDX, ESI, EDI, EAX, EBX, 46) + F3(EBX, ECX, EDX, ESI, EDI, EAX, 47) + F3(EAX, EBX, ECX, EDX, ESI, EDI, 48) + F3(EDI, EAX, EBX, ECX, EDX, ESI, 49) + F3(ESI, EDI, EAX, EBX, ECX, EDX, 50) + F3(EDX, ESI, EDI, EAX, EBX, ECX, 51) + F3(ECX, EDX, ESI, EDI, EAX, EBX, 52) + F3(EBX, ECX, EDX, ESI, EDI, EAX, 53) + F3(EAX, EBX, ECX, EDX, ESI, EDI, 54) + F3(EDI, EAX, EBX, ECX, EDX, ESI, 55) + F3(ESI, EDI, EAX, EBX, ECX, EDX, 56) + F3(EDX, ESI, EDI, EAX, EBX, ECX, 57) + F3(ECX, EDX, ESI, EDI, EAX, EBX, 58) + F3(EBX, ECX, EDX, ESI, EDI, EAX, 59) + + /* Fourth Round */ + F4(EAX, EBX, ECX, EDX, ESI, EDI, 60) + F4(EDI, EAX, EBX, ECX, EDX, ESI, 61) + F4(ESI, EDI, EAX, EBX, ECX, EDX, 62) + F4(EDX, ESI, EDI, EAX, EBX, ECX, 63) + F4(ECX, EDX, ESI, EDI, EAX, EBX, 64) + F4(EBX, ECX, EDX, ESI, EDI, EAX, 65) + F4(EAX, EBX, ECX, EDX, ESI, EDI, 66) + F4(EDI, EAX, EBX, ECX, EDX, ESI, 67) + F4(ESI, EDI, EAX, EBX, ECX, EDX, 68) + F4(EDX, ESI, EDI, EAX, EBX, ECX, 69) + F4(ECX, EDX, ESI, EDI, EAX, EBX, 70) + F4(EBX, ECX, EDX, ESI, EDI, EAX, 71) + F4(EAX, EBX, ECX, EDX, ESI, EDI, 72) + F4(EDI, EAX, EBX, ECX, EDX, ESI, 73) + F4(ESI, EDI, EAX, EBX, ECX, EDX, 74) + F4(EDX, ESI, EDI, EAX, EBX, ECX, 75) + F4(ECX, EDX, ESI, EDI, EAX, EBX, 76) + F4(EBX, ECX, EDX, ESI, EDI, EAX, 77) + F4(EAX, EBX, ECX, EDX, ESI, EDI, 78) + F4(EDI, EAX, EBX, ECX, EDX, ESI, 79) + + ASSIGN(ESP, ARRAY4(ESP, 80)) + + ASSIGN(EBP, ARG(1)) + ADD(ARRAY4(EBP, 0), EDX) + ADD(ARRAY4(EBP, 1), EDI) + ADD(ARRAY4(EBP, 2), EAX) + ADD(ARRAY4(EBP, 3), EBX) + ADD(ARRAY4(EBP, 4), ECX) + + RESTORE_REGS() +END_FUNCTION(botan_sha160_asm_ia32) diff --git a/src/asm/mp_amd64/bswap.h b/src/asm/mp_amd64/bswap.h new file mode 100644 index 000000000..3c77b460c --- /dev/null +++ b/src/asm/mp_amd64/bswap.h @@ -0,0 +1,36 @@ +/************************************************* +* Byte Swapping Operations Header File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_BSWAP_H__ +#define BOTAN_BSWAP_H__ + +#include <botan/types.h> +#include <botan/rotate.h> + +namespace Botan { + +/************************************************* +* Byte Swapping Functions * +*************************************************/ +inline u16bit reverse_bytes(u16bit input) + { + return rotate_left(input, 8); + } + +inline u32bit reverse_bytes(u32bit input) + { + asm("bswapl %0" : "=r" (input) : "0" (input)); + return input; + } + +inline u64bit reverse_bytes(u64bit input) + { + asm("bswapq %0" : "=r" (input) : "0" (input)); + return input; + } + +} + +#endif diff --git a/src/asm/mp_amd64/modinfo.txt b/src/asm/mp_amd64/modinfo.txt new file mode 100644 index 000000000..a042a3976 --- /dev/null +++ b/src/asm/mp_amd64/modinfo.txt @@ -0,0 +1,21 @@ +realname "x86-64 MPI Assembler Core" + +mp_bits 64 + +load_on asm_ok + +<replace> +bswap.h +mp_asm.h +mp_asmi.h +#mp_mulop.cpp +</replace> + +<arch> +amd64 +</arch> + +<cc> +gcc +icc +</cc> diff --git a/src/asm/mp_amd64/mp_asm.h b/src/asm/mp_amd64/mp_asm.h new file mode 100644 index 000000000..eca7bae6c --- /dev/null +++ b/src/asm/mp_amd64/mp_asm.h @@ -0,0 +1,67 @@ +/************************************************* +* Lowest Level MPI Algorithms Header File * +* (C) 1999-2008 Jack Lloyd * +* 2006 Luca Piccarreta * +*************************************************/ + +#ifndef BOTAN_MP_ASM_H__ +#define BOTAN_MP_ASM_H__ + +#include <botan/mp_types.h> + +#if (BOTAN_MP_WORD_BITS != 64) + #error The mp_amd64 module requires that BOTAN_MP_WORD_BITS == 64 +#endif + +namespace Botan { + +extern "C" { + +/************************************************* +* Helper Macros for amd64 Assembly * +*************************************************/ +#define ASM(x) x "\n\t" + +/************************************************* +* Word Multiply * +*************************************************/ +inline word word_madd2(word a, word b, word* c) + { + asm( + ASM("mulq %[b]") + ASM("addq %[c],%[a]") + ASM("adcq $0,%[carry]") + + : [a]"=a"(a), [b]"=rm"(b), [carry]"=&d"(*c) + : "0"(a), "1"(b), [c]"g"(*c) : "cc"); + + return a; + } + +/************************************************* +* Word Multiply/Add * +*************************************************/ +inline word word_madd3(word a, word b, word c, word* d) + { + asm( + ASM("mulq %[b]") + + ASM("addq %[c],%[a]") + ASM("adcq $0,%[carry]") + + ASM("addq %[d],%[a]") + ASM("adcq $0,%[carry]") + + : [a]"=a"(a), [b]"=rm"(b), [carry]"=&d"(*d) + : "0"(a), "1"(b), [c]"g"(c), [d]"g"(*d) : "cc"); + + return a; + } + +#undef ASM + +} + +} + +#endif diff --git a/src/asm/mp_amd64/mp_asmi.h b/src/asm/mp_amd64/mp_asmi.h new file mode 100644 index 000000000..16632a38d --- /dev/null +++ b/src/asm/mp_amd64/mp_asmi.h @@ -0,0 +1,233 @@ +/************************************************* +* Lowest Level MPI Algorithms Header File * +* (C) 1999-2007 Jack Lloyd * +* 2006 Luca Piccarreta * +*************************************************/ + +#ifndef BOTAN_MP_ASM_INTERNAL_H__ +#define BOTAN_MP_ASM_INTERNAL_H__ + +#include <botan/mp_asm.h> + +namespace Botan { + +extern "C" { + +/************************************************* +* Helper Macros for amd64 Assembly * +*************************************************/ +#ifndef ASM + #define ASM(x) x "\n\t" +#endif + +#define ADDSUB2_OP(OPERATION, INDEX) \ + ASM("movq 8*" #INDEX "(%[y]), %[carry]") \ + ASM(OPERATION " %[carry], 8*" #INDEX "(%[x])") \ + +#define ADDSUB3_OP(OPERATION, INDEX) \ + ASM("movq 8*" #INDEX "(%[x]), %[carry]") \ + ASM(OPERATION " 8*" #INDEX "(%[y]), %[carry]") \ + ASM("movq %[carry], 8*" #INDEX "(%[z])") \ + +#define LINMUL_OP(WRITE_TO, INDEX) \ + ASM("movq 8*" #INDEX "(%[x]),%%rax") \ + ASM("mulq %[y]") \ + ASM("addq %[carry],%%rax") \ + ASM("adcq $0,%%rdx") \ + ASM("movq %%rdx,%[carry]") \ + ASM("movq %%rax, 8*" #INDEX "(%[" WRITE_TO "])") + +#define MULADD_OP(IGNORED, INDEX) \ + ASM("movq 8*" #INDEX "(%[x]),%%rax") \ + ASM("mulq %[y]") \ + ASM("addq %[carry],%%rax") \ + ASM("adcq $0,%%rdx") \ + ASM("addq 8*" #INDEX "(%[z]),%%rax") \ + ASM("adcq $0,%%rdx") \ + ASM("movq %%rdx,%[carry]") \ + ASM("movq %%rax, 8*" #INDEX " (%[z])") + +#define DO_8_TIMES(MACRO, ARG) \ + MACRO(ARG, 0) \ + MACRO(ARG, 1) \ + MACRO(ARG, 2) \ + MACRO(ARG, 3) \ + MACRO(ARG, 4) \ + MACRO(ARG, 5) \ + MACRO(ARG, 6) \ + MACRO(ARG, 7) + +#define ADD_OR_SUBTRACT(CORE_CODE) \ + ASM("rorq %[carry]") \ + CORE_CODE \ + ASM("sbbq %[carry],%[carry]") \ + ASM("negq %[carry]") + +/************************************************* +* Word Addition * +*************************************************/ +inline word word_add(word x, word y, word* carry) + { + asm( + ADD_OR_SUBTRACT(ASM("adcq %[y],%[x]")) + : [x]"=r"(x), [carry]"=r"(*carry) + : "0"(x), [y]"rm"(y), "1"(*carry) + : "cc"); + return x; + } + +/************************************************* +* Eight Word Block Addition, Two Argument * +*************************************************/ +inline word word8_add2(word x[8], const word y[8], word carry) + { + asm( + ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "adcq")) + : [carry]"=r"(carry) + : [x]"r"(x), [y]"r"(y), "0"(carry) + : "cc", "memory"); + return carry; + } + +/************************************************* +* Eight Word Block Addition, Three Argument * +*************************************************/ +inline word word8_add3(word z[8], const word x[8], const word y[8], word carry) + { + asm( + ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "adcq")) + : [carry]"=r"(carry) + : [x]"r"(x), [y]"r"(y), [z]"r"(z), "0"(carry) + : "cc", "memory"); + return carry; + } + +/************************************************* +* Word Subtraction * +*************************************************/ +inline word word_sub(word x, word y, word* carry) + { + asm( + ADD_OR_SUBTRACT(ASM("sbbq %[y],%[x]")) + : [x]"=r"(x), [carry]"=r"(*carry) + : "0"(x), [y]"rm"(y), "1"(*carry) + : "cc"); + return x; + } + +/************************************************* +* Eight Word Block Subtraction, Two Argument * +*************************************************/ +inline word word8_sub2(word x[8], const word y[8], word carry) + { + asm( + ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "sbbq")) + : [carry]"=r"(carry) + : [x]"r"(x), [y]"r"(y), "0"(carry) + : "cc", "memory"); + return carry; + } + +/************************************************* +* Eight Word Block Subtraction, Three Argument * +*************************************************/ +inline word word8_sub3(word z[8], const word x[8], const word y[8], word carry) + { + asm( + ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "sbbq")) + : [carry]"=r"(carry) + : [x]"r"(x), [y]"r"(y), [z]"r"(z), "0"(carry) + : "cc", "memory"); + return carry; + } + +/************************************************* +* Eight Word Block Linear Multiplication * +*************************************************/ +inline word word8_linmul2(word x[8], word y, word carry) + { + asm( + DO_8_TIMES(LINMUL_OP, "x") + : [carry]"=r"(carry) + : [x]"r"(x), [y]"rm"(y), "0"(carry) + : "cc", "%rax", "%rdx"); + return carry; + } + +/************************************************* +* Eight Word Block Linear Multiplication * +*************************************************/ +inline word word8_linmul3(word z[8], const word x[8], word y, word carry) + { + asm( + DO_8_TIMES(LINMUL_OP, "z") + : [carry]"=r"(carry) + : [z]"r"(z), [x]"r"(x), [y]"rm"(y), "0"(carry) + : "cc", "%rax", "%rdx"); + return carry; + } + +/************************************************* +* Eight Word Block Multiply/Add * +*************************************************/ +inline word word8_madd3(word z[8], const word x[8], word y, word carry) + { + asm( + DO_8_TIMES(MULADD_OP, "") + : [carry]"=r"(carry) + : [z]"r"(z), [x]"r"(x), [y]"rm"(y), "0"(carry) + : "cc", "%rax", "%rdx"); + return carry; + } + +/************************************************* +* Multiply-Add Accumulator * +*************************************************/ +inline void word3_muladd(word* w2, word* w1, word* w0, word x, word y) + { + asm( + ASM("mulq %[y]") + + ASM("addq %[x],%[w0]") + ASM("adcq %[y],%[w1]") + ASM("adcq $0,%[w2]") + + : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2) + : [x]"a"(x), [y]"d"(y), "0"(*w0), "1"(*w1), "2"(*w2) + : "cc"); + } + +/************************************************* +* Multiply-Add Accumulator * +*************************************************/ +inline void word3_muladd_2(word* w2, word* w1, word* w0, word x, word y) + { + asm( + ASM("mulq %[y]") + + ASM("addq %[x],%[w0]") + ASM("adcq %[y],%[w1]") + ASM("adcq $0,%[w2]") + + ASM("addq %[x],%[w0]") + ASM("adcq %[y],%[w1]") + ASM("adcq $0,%[w2]") + + : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2) + : [x]"a"(x), [y]"d"(y), "0"(*w0), "1"(*w1), "2"(*w2) + : "cc"); + } + + +#undef ASM +#undef DO_8_TIMES +#undef ADD_OR_SUBTRACT +#undef ADDSUB2_OP +#undef ADDSUB3_OP +#undef LINMUL_OP +#undef MULADD_OP + +} + +} +#endif diff --git a/src/asm/mp_amd64/mp_mulop.cpp b/src/asm/mp_amd64/mp_mulop.cpp new file mode 100644 index 000000000..d1aa51489 --- /dev/null +++ b/src/asm/mp_amd64/mp_mulop.cpp @@ -0,0 +1,94 @@ +/************************************************* +* Simple O(N^2) Multiplication and Squaring * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#include <botan/mp_asm.h> +#include <botan/mp_asmi.h> +#include <botan/mp_core.h> +#include <botan/mem_ops.h> + +namespace Botan { + +extern "C" { + +/************************************************* +* Simple O(N^2) Multiplication * +*************************************************/ +void bigint_simple_mul(word z[], const word x[], u32bit x_size, + const word y[], u32bit y_size) + { + const u32bit blocks = x_size - (x_size % 8); + + clear_mem(z, x_size + y_size); + + for(u32bit i = 0; i != y_size; ++i) + { + word carry = 0; + + for(u32bit j = 0; j != blocks; j += 8) + carry = word8_madd3(z + i + j, x + j, y[i], carry); + + for(u32bit j = blocks; j != x_size; ++j) + z[i+j] = word_madd3(x[j], y[i], z[i+j], &carry); + + z[x_size+i] = carry; + } + } + +inline word word_sqr(word x, + +/************************************************* +* Simple O(N^2) Squaring + +This is exactly the same algorithm as bigint_simple_mul, +however because C/C++ compilers suck at alias analysis it +is good to have the version where the compiler knows +that x == y +*************************************************/ +void bigint_simple_sqr(word z[], const word x[], u32bit x_size) + { + clear_mem(z, 2*x_size); + + for(u32bit i = 0; i != x_size; ++i) + { + const word x_i = x[i]; + + word carry = z[2*i]; + z[2*i] = word_madd2(x_i, x_i, z[2*i], &carry); + + for(u32bit j = i; j != x_size; ++j) + { + // z[i+j] = z[i+j] + 2 * x[j] * x_i + carry; + + /* + load z[i+j] into register + load x[j] into %hi + mulq %[x_i] -> x[i] * x[j] -> %lo:%hi + shlq %lo, $1 + + // put carry bit (cf) from %lo into %temp + xorl %temp + adcq $0, %temp + + // high bit of lo now in cf + shl %hi, $1 + // add in lowest bid from %lo + orl %temp, %hi + + addq %[c], %[lo] + adcq $0, %[hi] + addq %[z_ij], %[lo] + adcq $0, %[hi] + + */ + + } + + z[x_size+i] = carry; + } + } + +} + +} diff --git a/src/asm/mp_asm64/modinfo.txt b/src/asm/mp_asm64/modinfo.txt new file mode 100644 index 000000000..a9e5d53da --- /dev/null +++ b/src/asm/mp_asm64/modinfo.txt @@ -0,0 +1,25 @@ +realname "64-bit RISC MPI Assembler Core" + +mp_bits 64 + +load_on asm_ok + +<replace> +mp_asm.h +</replace> + +<arch> +alpha +ia64 +mips64 +ppc64 +sparc64 +</arch> + +# The inline asm only works with gcc, but it looks like (at least on +# UltraSPARC), using 64-bit words and the sythensized multiply is a 5 to 25% +# win, so it's probably worth using elsewhere. +<cc> +gcc +sunwspro +</cc> diff --git a/src/asm/mp_asm64/mp_asm.h b/src/asm/mp_asm64/mp_asm.h new file mode 100644 index 000000000..e455b3616 --- /dev/null +++ b/src/asm/mp_asm64/mp_asm.h @@ -0,0 +1,110 @@ +/************************************************* +* MPI Multiply-Add Core Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_MP_MADD_H__ +#define BOTAN_MP_MADD_H__ + +#include <botan/mp_types.h> + +namespace Botan { + +#if (BOTAN_MP_WORD_BITS != 64) + #error The mp_asm64 module requires that BOTAN_MP_WORD_BITS == 64 +#endif + +#if defined(BOTAN_TARGET_ARCH_IS_ALPHA) + +#define BOTAN_WORD_MUL(a,b,z1,z0) do { \ + asm("umulh %1,%2,%0" : "=r" (z0) : "r" (a), "r" (b)); \ + z1 = a * b; \ +} while(0); + +#elif defined(BOTAN_TARGET_ARCH_IS_IA64) + +#define BOTAN_WORD_MUL(a,b,z1,z0) do { \ + asm("xmpy.hu %0=%1,%2" : "=f" (z0) : "f" (a), "f" (b)); \ + z1 = a * b; \ +} while(0); + +#elif defined(BOTAN_TARGET_ARCH_IS_PPC64) + +#define BOTAN_WORD_MUL(a,b,z1,z0) do { \ + asm("mulhdu %0,%1,%2" : "=r" (z0) : "r" (a), "r" (b) : "cc"); \ + z1 = a * b; \ +} while(0); + +#elif defined(BOTAN_TARGET_ARCH_IS_MIPS64) + +#define BOTAN_WORD_MUL(a,b,z1,z0) do { \ + asm("dmultu %2,%3" : "=h" (z0), "=l" (z1) : "r" (a), "r" (b)); \ +} while(0); + +#else + +// Do a 64x64->128 multiply using four 64x64->64 multiplies +// plus some adds and shifts. Last resort for CPUs like UltraSPARC, +// with 64-bit registers/ALU, but no 64x64->128 multiply. +inline void bigint_2word_mul(word a, word b, word* z1, word* z0) + { + const u32bit MP_HWORD_BITS = MP_WORD_BITS / 2; + const word MP_HWORD_MASK = ((word)1 << MP_HWORD_BITS) - 1; + + const word a_hi = (a >> MP_HWORD_BITS); + const word a_lo = (a & MP_HWORD_MASK); + const word b_hi = (b >> MP_HWORD_BITS); + const word b_lo = (b & MP_HWORD_MASK); + + word x0 = a_hi * b_hi; + word x1 = a_lo * b_hi; + word x2 = a_hi * b_lo; + word x3 = a_lo * b_lo; + + x2 += x3 >> (MP_HWORD_BITS); + x2 += x1; + if(x2 < x1) + x0 += ((word)1 << MP_HWORD_BITS); + + *z0 = x0 + (x2 >> MP_HWORD_BITS); + *z1 = ((x2 & MP_HWORD_MASK) << MP_HWORD_BITS) + (x3 & MP_HWORD_MASK); + } + +#define BOTAN_WORD_MUL(a,b,z1,z0) bigint_2word_mul(a, b, &z1, &z0) + +#endif + +/************************************************* +* Word Multiply/Add * +*************************************************/ +inline word word_madd2(word a, word b, word* c) + { + word z0 = 0, z1 = 0; + + BOTAN_WORD_MUL(a, b, z1, z0); + + z1 += *c; if(z1 < *c) z0++; + + *c = z0; + return z1; + } + +/************************************************* +* Word Multiply/Add * +*************************************************/ +inline word word_madd3(word a, word b, word c, word* d) + { + word z0 = 0, z1 = 0; + + BOTAN_WORD_MUL(a, b, z1, z0); + + z1 += c; if(z1 < c) z0++; + z1 += *d; if(z1 < *d) z0++; + + *d = z0; + return z1; + } + +} + +#endif diff --git a/src/asm/mp_ia32/modinfo.txt b/src/asm/mp_ia32/modinfo.txt new file mode 100644 index 000000000..cf4959250 --- /dev/null +++ b/src/asm/mp_ia32/modinfo.txt @@ -0,0 +1,19 @@ +realname "x86 MPI Assembler Core" + +mp_bits 32 + +load_on asm_ok + +<replace> +mp_asm.h +mp_asmi.h +</replace> + +<arch> +ia32 +</arch> + +<cc> +gcc +icc +</cc> diff --git a/src/asm/mp_ia32/mp_asm.h b/src/asm/mp_ia32/mp_asm.h new file mode 100644 index 000000000..b45140321 --- /dev/null +++ b/src/asm/mp_ia32/mp_asm.h @@ -0,0 +1,65 @@ +/************************************************* +* Lowest Level MPI Algorithms Header File * +* (C) 1999-2008 Jack Lloyd * +* 2006 Luca Piccarreta * +*************************************************/ + +#ifndef BOTAN_MP_ASM_H__ +#define BOTAN_MP_ASM_H__ + +#include <botan/mp_types.h> + +#if (BOTAN_MP_WORD_BITS != 32) + #error The mp_ia32 module requires that BOTAN_MP_WORD_BITS == 32 +#endif + +namespace Botan { + +extern "C" { + +/************************************************* +* Helper Macros for x86 Assembly * +*************************************************/ +#define ASM(x) x "\n\t" + +/************************************************* +* Word Multiply * +*************************************************/ +inline word word_madd2(word a, word b, word* c) + { + asm( + ASM("mull %[b]") + ASM("addl %[c],%[a]") + ASM("adcl $0,%[carry]") + + : [a]"=a"(a), [b]"=rm"(b), [carry]"=&d"(*c) + : "0"(a), "1"(b), [c]"g"(*c) : "cc"); + + return a; + } + +/************************************************* +* Word Multiply/Add * +*************************************************/ +inline word word_madd3(word a, word b, word c, word* d) + { + asm( + ASM("mull %[b]") + + ASM("addl %[c],%[a]") + ASM("adcl $0,%[carry]") + + ASM("addl %[d],%[a]") + ASM("adcl $0,%[carry]") + + : [a]"=a"(a), [b]"=rm"(b), [carry]"=&d"(*d) + : "0"(a), "1"(b), [c]"g"(c), [d]"g"(*d) : "cc"); + + return a; + } + +} + +} + +#endif diff --git a/src/asm/mp_ia32/mp_asmi.h b/src/asm/mp_ia32/mp_asmi.h new file mode 100644 index 000000000..9de0c11e3 --- /dev/null +++ b/src/asm/mp_ia32/mp_asmi.h @@ -0,0 +1,225 @@ +/************************************************* +* Lowest Level MPI Algorithms Header File * +* (C) 1999-2007 Jack Lloyd * +* 2006 Luca Piccarreta * +*************************************************/ + +#ifndef BOTAN_MP_ASM_INTERNAL_H__ +#define BOTAN_MP_ASM_INTERNAL_H__ + +#include <botan/mp_asm.h> + +namespace Botan { + +extern "C" { + +/************************************************* +* Helper Macros for x86 Assembly * +*************************************************/ +#ifndef ASM + #define ASM(x) x "\n\t" +#endif + +#define ADDSUB2_OP(OPERATION, INDEX) \ + ASM("movl 4*" #INDEX "(%[y]), %[carry]") \ + ASM(OPERATION " %[carry], 4*" #INDEX "(%[x])") \ + +#define ADDSUB3_OP(OPERATION, INDEX) \ + ASM("movl 4*" #INDEX "(%[x]), %[carry]") \ + ASM(OPERATION " 4*" #INDEX "(%[y]), %[carry]") \ + ASM("movl %[carry], 4*" #INDEX "(%[z])") \ + +#define LINMUL_OP(WRITE_TO, INDEX) \ + ASM("movl 4*" #INDEX "(%[x]),%%eax") \ + ASM("mull %[y]") \ + ASM("addl %[carry],%%eax") \ + ASM("adcl $0,%%edx") \ + ASM("movl %%edx,%[carry]") \ + ASM("movl %%eax, 4*" #INDEX "(%[" WRITE_TO "])") + +#define MULADD_OP(IGNORED, INDEX) \ + ASM("movl 4*" #INDEX "(%[x]),%%eax") \ + ASM("mull %[y]") \ + ASM("addl %[carry],%%eax") \ + ASM("adcl $0,%%edx") \ + ASM("addl 4*" #INDEX "(%[z]),%%eax") \ + ASM("adcl $0,%%edx") \ + ASM("movl %%edx,%[carry]") \ + ASM("movl %%eax, 4*" #INDEX " (%[z])") + +#define DO_8_TIMES(MACRO, ARG) \ + MACRO(ARG, 0) \ + MACRO(ARG, 1) \ + MACRO(ARG, 2) \ + MACRO(ARG, 3) \ + MACRO(ARG, 4) \ + MACRO(ARG, 5) \ + MACRO(ARG, 6) \ + MACRO(ARG, 7) + +#define ADD_OR_SUBTRACT(CORE_CODE) \ + ASM("rorl %[carry]") \ + CORE_CODE \ + ASM("sbbl %[carry],%[carry]") \ + ASM("negl %[carry]") + +/************************************************* +* Word Addition * +*************************************************/ +inline word word_add(word x, word y, word* carry) + { + asm( + ADD_OR_SUBTRACT(ASM("adcl %[y],%[x]")) + : [x]"=r"(x), [carry]"=r"(*carry) + : "0"(x), [y]"rm"(y), "1"(*carry) + : "cc"); + return x; + } + +/************************************************* +* Eight Word Block Addition, Two Argument * +*************************************************/ +inline word word8_add2(word x[8], const word y[8], word carry) + { + asm( + ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "adcl")) + : [carry]"=r"(carry) + : [x]"r"(x), [y]"r"(y), "0"(carry) + : "cc", "memory"); + return carry; + } + +/************************************************* +* Eight Word Block Addition, Three Argument * +*************************************************/ +inline word word8_add3(word z[8], const word x[8], const word y[8], word carry) + { + asm( + ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "adcl")) + : [carry]"=r"(carry) + : [x]"r"(x), [y]"r"(y), [z]"r"(z), "0"(carry) + : "cc", "memory"); + return carry; + } + +/************************************************* +* Word Subtraction * +*************************************************/ +inline word word_sub(word x, word y, word* carry) + { + asm( + ADD_OR_SUBTRACT(ASM("sbbl %[y],%[x]")) + : [x]"=r"(x), [carry]"=r"(*carry) + : "0"(x), [y]"rm"(y), "1"(*carry) + : "cc"); + return x; + } + +/************************************************* +* Eight Word Block Subtraction, Two Argument * +*************************************************/ +inline word word8_sub2(word x[8], const word y[8], word carry) + { + asm( + ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB2_OP, "sbbl")) + : [carry]"=r"(carry) + : [x]"r"(x), [y]"r"(y), "0"(carry) + : "cc", "memory"); + return carry; + } + +/************************************************* +* Eight Word Block Subtraction, Three Argument * +*************************************************/ +inline word word8_sub3(word z[8], const word x[8], const word y[8], word carry) + { + asm( + ADD_OR_SUBTRACT(DO_8_TIMES(ADDSUB3_OP, "sbbl")) + : [carry]"=r"(carry) + : [x]"r"(x), [y]"r"(y), [z]"r"(z), "0"(carry) + : "cc", "memory"); + return carry; + } + +/************************************************* +* Eight Word Block Linear Multiplication * +*************************************************/ +inline word word8_linmul2(word x[8], word y, word carry) + { + asm( + DO_8_TIMES(LINMUL_OP, "x") + : [carry]"=r"(carry) + : [x]"r"(x), [y]"rm"(y), "0"(carry) + : "cc", "%eax", "%edx"); + return carry; + } + +/************************************************* +* Eight Word Block Linear Multiplication * +*************************************************/ +inline word word8_linmul3(word z[8], const word x[8], word y, word carry) + { + asm( + DO_8_TIMES(LINMUL_OP, "z") + : [carry]"=r"(carry) + : [z]"r"(z), [x]"r"(x), [y]"rm"(y), "0"(carry) + : "cc", "%eax", "%edx"); + return carry; + } + +/************************************************* +* Eight Word Block Multiply/Add * +*************************************************/ +inline word word8_madd3(word z[8], const word x[8], word y, word carry) + { + asm( + DO_8_TIMES(MULADD_OP, "") + : [carry]"=r"(carry) + : [z]"r"(z), [x]"r"(x), [y]"rm"(y), "0"(carry) + : "cc", "%eax", "%edx"); + return carry; + } + +/************************************************* +* Multiply-Add Accumulator * +*************************************************/ +inline void word3_muladd(word* w2, word* w1, word* w0, word x, word y) + { + asm( + ASM("mull %[y]") + + ASM("addl %[x],%[w0]") + ASM("adcl %[y],%[w1]") + ASM("adcl $0,%[w2]") + + : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2) + : [x]"a"(x), [y]"d"(y), "0"(*w0), "1"(*w1), "2"(*w2) + : "cc"); + } + +/************************************************* +* Multiply-Add Accumulator * +*************************************************/ +inline void word3_muladd_2(word* w2, word* w1, word* w0, word x, word y) + { + asm( + ASM("mull %[y]") + + ASM("addl %[x],%[w0]") + ASM("adcl %[y],%[w1]") + ASM("adcl $0,%[w2]") + + ASM("addl %[x],%[w0]") + ASM("adcl %[y],%[w1]") + ASM("adcl $0,%[w2]") + + : [w0]"=r"(*w0), [w1]"=r"(*w1), [w2]"=r"(*w2) + : [x]"a"(x), [y]"d"(y), "0"(*w0), "1"(*w1), "2"(*w2) + : "cc"); + } + +} + +} + +#endif diff --git a/src/asm/mp_ia32_msvc/modinfo.txt b/src/asm/mp_ia32_msvc/modinfo.txt new file mode 100644 index 000000000..36d9d0290 --- /dev/null +++ b/src/asm/mp_ia32_msvc/modinfo.txt @@ -0,0 +1,17 @@ +realname "x86 MPI Assembler Core (MSVC)" + +mp_bits 32 + +#load_on asm_ok + +<replace> +mp_asmi.h +</replace> + +<arch> +ia32 +</arch> + +<cc> +msvc +</cc> diff --git a/src/asm/mp_ia32_msvc/mp_asmi.h b/src/asm/mp_ia32_msvc/mp_asmi.h new file mode 100644 index 000000000..5eaa46eb4 --- /dev/null +++ b/src/asm/mp_ia32_msvc/mp_asmi.h @@ -0,0 +1,547 @@ +/************************************************* +* Lowest Level MPI Algorithms Header File * +* (C) 1999-2006 Jack Lloyd * +* 2006 Luca Piccarreta * +*************************************************/ + +#ifndef BOTAN_MP_ASM_INTERNAL_H__ +#define BOTAN_MP_ASM_INTERNAL_H__ + +#include "mp_asm.h" + +namespace Botan { + +extern "C" { + +/************************************************* +* Word Addition * +*************************************************/ +inline word word_add(word x, word y, word* carry) + { + word z = x + y; + word c1 = (z < x); + z += *carry; + *carry = c1 | (z < *carry); + return z; + } + +/************************************************* +* Four Word Block Addition, Two Argument * +*************************************************/ +inline word word4_addcarry(word x[4], word carry) + { + __asm { + mov edx,[x] + xor eax,eax + sub eax,[carry] //force CF=1 iff *carry==1 + adc [edx],0 + mov eax,[esi+4] + adc [edx+4],0 + mov eax,[esi+8] + adc [edx+8],0 + mov eax,[esi+12] + adc [edx+12],0 + sbb eax,eax + neg eax + } + } + +/************************************************* +* Four Word Block Addition, Two Argument * +*************************************************/ +inline word word8_add2(word x[8], const word y[8], word carry) + { + __asm { + mov edx,[x] + mov esi,[y] + xor eax,eax + sub eax,[carry] //force CF=1 iff *carry==1 + mov eax,[esi] + adc [edx],eax + mov eax,[esi+4] + adc [edx+4],eax + mov eax,[esi+8] + adc [edx+8],eax + mov eax,[esi+12] + adc [edx+12],eax + mov eax,[esi+16] + adc [edx+16],eax + mov eax,[esi+20] + adc [edx+20],eax + mov eax,[esi+24] + adc [edx+24],eax + mov eax,[esi+28] + adc [edx+28],eax + sbb eax,eax + neg eax + } + } + +/************************************************* +* Four Word Block Addition, Three Argument * +*************************************************/ +inline word word8_add3(word z[8], const word x[8], const word y[8], word carry) + { + __asm { + mov edi,[x] + mov esi,[y] + mov ebx,[z] + xor eax,eax + sub eax,[carry] //force CF=1 iff *carry==1 + mov eax,[edi] + adc eax,[esi] + mov [ebx],eax + + mov eax,[edi+4] + adc eax,[esi+4] + mov [ebx+4],eax + + mov eax,[edi+8] + adc eax,[esi+8] + mov [ebx+8],eax + + mov eax,[edi+12] + adc eax,[esi+12] + mov [ebx+12],eax + + mov eax,[edi+16] + adc eax,[esi+16] + mov [ebx+16],eax + + mov eax,[edi+20] + adc eax,[esi+20] + mov [ebx+20],eax + + mov eax,[edi+24] + adc eax,[esi+24] + mov [ebx+24],eax + + mov eax,[edi+28] + adc eax,[esi+28] + mov [ebx+28],eax + + sbb eax,eax + neg eax + } + } + +/************************************************* +* Word Subtraction * +*************************************************/ +inline word word_sub(word x, word y, word* carry) + { + word t0 = x - y; + word c1 = (t0 > x); + word z = t0 - *carry; + *carry = c1 | (z > t0); + return z; + } + +/************************************************* +* Four Word Block Subtraction, Two Argument * +*************************************************/ +inline word word8_sub2(word x[8], const word y[8], word carry) + { + _asm { + mov edi,[x] + mov esi,[y] + xor eax,eax + sub eax,[carry] //force CF=1 iff *carry==1 + mov eax,[edi] + sbb eax,[esi] + mov [edi],eax + mov eax,[edi+4] + sbb eax,[esi+4] + mov [edi+4],eax + mov eax,[edi+8] + sbb eax,[esi+8] + mov [edi+8],eax + mov eax,[edi+12] + sbb eax,[esi+12] + mov [edi+12],eax + mov eax,[edi+16] + sbb eax,[esi+16] + mov [edi+16],eax + mov eax,[edi+20] + sbb eax,[esi+20] + mov [edi+20],eax + mov eax,[edi+24] + sbb eax,[esi+24] + mov [edi+24],eax + mov eax,[edi+28] + sbb eax,[esi+28] + mov [edi+28],eax + sbb eax,eax + neg eax + } + } + +/************************************************* +* Four Word Block Subtraction, Three Argument * +*************************************************/ +__forceinline word word8_sub3(word z[8], const word x[8], + const word y[8], word carry) + { + __asm { + mov edi,[x] + mov esi,[y] + xor eax,eax + sub eax,[carry] //force CF=1 iff *carry==1 + mov ebx,[z] + mov eax,[edi] + sbb eax,[esi] + mov [ebx],eax + mov eax,[edi+4] + sbb eax,[esi+4] + mov [ebx+4],eax + mov eax,[edi+8] + sbb eax,[esi+8] + mov [ebx+8],eax + mov eax,[edi+12] + sbb eax,[esi+12] + mov [ebx+12],eax + mov eax,[edi+16] + sbb eax,[esi+16] + mov [ebx+16],eax + mov eax,[edi+20] + sbb eax,[esi+20] + mov [ebx+20],eax + mov eax,[edi+24] + sbb eax,[esi+24] + mov [ebx+24],eax + mov eax,[edi+28] + sbb eax,[esi+28] + mov [ebx+28],eax + sbb eax,eax + neg eax + } + } + +/************************************************* +* Four Word Block Linear Multiplication * +*************************************************/ +inline word word8_linmul2(word x[8], word y, word carry) + { + __asm + { + mov esi,[x] + mov eax,[esi] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,[carry] //sum lo carry + adc edx,0 //sum hi carry + mov ecx,edx //store carry + mov [esi],eax //load a + + mov eax,[esi+4] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,ecx //sum lo carry + adc edx,0 //sum hi carry + mov ecx,edx //store carry + mov [esi+4],eax //load a + + mov eax,[esi+8] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,ecx //sum lo carry + adc edx,0 //sum hi carry + mov ecx,edx //store carry + mov [esi+8],eax //load a + + mov eax,[esi+12] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,ecx //sum lo carry + adc edx,0 //sum hi carry + mov ecx,edx //store carry + mov [esi+12],eax //load a + + mov eax,[esi+16] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,ecx //sum lo carry + adc edx,0 //sum hi carry + mov ecx,edx //store carry + mov [esi+16],eax //load a + + mov eax,[esi+20] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,ecx //sum lo carry + adc edx,0 //sum hi carry + mov ecx,edx //store carry + mov [esi+20],eax //load a + + mov eax,[esi+24] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,ecx //sum lo carry + adc edx,0 //sum hi carry + mov ecx,edx //store carry + mov [esi+24],eax //load a + + mov eax,[esi+28] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,ecx //sum lo carry + adc edx,0 //sum hi carry + mov [esi+28],eax //load a + + mov eax,edx //store carry + } + } + +/************************************************* +* Eight Word Block Linear Multiplication * +*************************************************/ +__forceinline word word8_muladd(word z[8], const word x[8], + word y, word carry) + { + __asm + { + mov esi,[x] + mov ebx,[y] + mov edi,[z] + mov eax,[esi] //load a + mul ebx //edx(hi):eax(lo)=a*b + add eax,[carry] //sum lo carry + adc edx,0 //sum hi carry + add eax,[edi] //sum lo z + adc edx,0 //sum hi z + mov ecx,edx //carry for next block = hi z + mov [edi],eax //save lo z + + mov eax,[esi+4] + mul ebx + add eax,ecx + adc edx,0 + add eax,[edi+4] + adc edx,0 + mov ecx,edx + mov [edi+4],eax + + mov eax,[esi+8] + mul ebx + add eax,ecx + adc edx,0 + add eax,[edi+8] + adc edx,0 + mov ecx,edx + mov [edi+8],eax + + mov eax,[esi+12] + mul ebx + add eax,ecx + adc edx,0 + add eax,[edi+12] + adc edx,0 + mov ecx,edx + mov [edi+12],eax + + mov eax,[esi+16] + mul ebx + add eax,ecx + adc edx,0 + add eax,[edi+16] + adc edx,0 + mov ecx,edx + mov [edi+16],eax + + mov eax,[esi+20] + mul ebx + add eax,ecx + adc edx,0 + add eax,[edi+20] + adc edx,0 + mov ecx,edx + mov [edi+20],eax + + mov eax,[esi+24] + mul ebx + add eax,ecx + adc edx,0 + add eax,[edi+24] + adc edx,0 + mov ecx,edx + mov [edi+24],eax + + mov eax,[esi+28] + mul ebx + add eax,ecx + adc edx,0 + add eax,[edi+28] + adc edx,0 + mov [edi+28],eax + mov eax,edx + } + } + +__forceinline word word8_linmul3(word z[4], const word x[4], word y, word carry) + { + __asm + { +#if 0 + //it's slower!!! + mov edx,[z] + mov eax,[x] + movd mm7,[y] + + movd mm0,[eax] + movd mm1,[eax+4] + movd mm2,[eax+8] + pmuludq mm0,mm7 + pmuludq mm1,mm7 + pmuludq mm2,mm7 + + movd mm6,[carry] + paddq mm0,mm6 + movd [edx],mm0 + + psrlq mm0,32 + paddq mm1,mm0 + movd [edx+4],mm1 + + movd mm3,[eax+12] + psrlq mm1,32 + paddq mm2,mm1 + movd [edx+8],mm2 + + pmuludq mm3,mm7 + movd mm4,[eax+16] + psrlq mm2,32 + paddq mm3,mm2 + movd [edx+12],mm3 + + pmuludq mm4,mm7 + movd mm5,[eax+20] + psrlq mm3,32 + paddq mm4,mm3 + movd [edx+16],mm4 + + pmuludq mm5,mm7 + movd mm0,[eax+24] + psrlq mm4,32 + paddq mm5,mm4 + movd [edx+20],mm5 + + pmuludq mm0,mm7 + movd mm1,[eax+28] + psrlq mm5,32 + paddq mm0,mm5 + movd [edx+24],mm0 + + pmuludq mm1,mm7 + psrlq mm0,32 + paddq mm1,mm0 + movd [edx+28],mm1 + + psrlq mm1,32 + movd eax,mm1 + emms +#else + mov edi,[z] + mov esi,[x] + mov eax,[esi] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,[carry] //sum lo carry + adc edx,0 //sum hi carry + mov ecx,edx //store carry + mov [edi],eax //load a + + mov eax,[esi+4] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,ecx //sum lo carry + adc edx,0 //sum hi carry + mov ecx,edx //store carry + mov [edi+4],eax //load a + + mov eax,[esi+8] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,ecx //sum lo carry + adc edx,0 //sum hi carry + mov ecx,edx //store carry + mov [edi+8],eax //load a + + mov eax,[esi+12] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,ecx //sum lo carry + adc edx,0 //sum hi carry + mov ecx,edx //store carry + mov [edi+12],eax //load a + + mov eax,[esi+16] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,ecx //sum lo carry + adc edx,0 //sum hi carry + mov ecx,edx //store carry + mov [edi+16],eax //load a + + mov eax,[esi+20] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,ecx //sum lo carry + adc edx,0 //sum hi carry + mov ecx,edx //store carry + mov [edi+20],eax //load a + + mov eax,[esi+24] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,ecx //sum lo carry + adc edx,0 //sum hi carry + mov ecx,edx //store carry + mov [edi+24],eax //load a + + mov eax,[esi+28] //load a + mul [y] //edx(hi):eax(lo)=a*b + add eax,ecx //sum lo carry + adc edx,0 //sum hi carry + mov [edi+28],eax //load a + mov eax,edx //store carry +#endif + } + } + +/************************************************* +* Eight Word Block Multiply/Add * +*************************************************/ +inline word word8_madd3(word z[8], const word x[8], word y, word carry) + { + z[0] = word_madd3(x[0], y, z[0], &carry); + z[1] = word_madd3(x[1], y, z[1], &carry); + z[2] = word_madd3(x[2], y, z[2], &carry); + z[3] = word_madd3(x[3], y, z[3], &carry); + z[4] = word_madd3(x[4], y, z[4], &carry); + z[5] = word_madd3(x[5], y, z[5], &carry); + z[6] = word_madd3(x[6], y, z[6], &carry); + z[7] = word_madd3(x[7], y, z[7], &carry); + return carry; + } + +/************************************************* +* Multiply-Add Accumulator * +*************************************************/ +inline void word3_muladd(word* w2, word* w1, word* w0, word a, word b) + { + dword z = (dword)a * b + (*w0); + *w0 = (word)z; //lo + + word t1 = (word)(z >> BOTAN_MP_WORD_BITS); //hi + *w1 += t1; //w1+=lo + *w2 += (*w1 < t1) ? 1 : 0; //w2+=carry + } + +/************************************************* +* Multiply-Add Accumulator * +*************************************************/ +inline void word3_muladd_2(word* w2, word* w1, word* w0, word a, word b) + { + dword z = (dword)a * b; + word t0 = (word)z; + word t1 = (word)(z >> BOTAN_MP_WORD_BITS); + + *w0 += t0; + *w1 += t1 + ((*w0 < t0) ? 1 : 0); + *w2 += (*w1 < t1) ? 1 : 0; + + *w0 += t0; + *w1 += t1 + ((*w0 < t0) ? 1 : 0); + *w2 += (*w1 < t1) ? 1 : 0; + } + +} + +} + +#endif diff --git a/src/asm/sha1_sse2/modinfo.txt b/src/asm/sha1_sse2/modinfo.txt new file mode 100644 index 000000000..e1805260c --- /dev/null +++ b/src/asm/sha1_sse2/modinfo.txt @@ -0,0 +1,22 @@ +realname "SSE2 implementation of SHA-1" + +load_on request + +<replace> +sha160.cpp +sha160.h +</replace> + +<add> +sha1core.cpp +</add> + +<arch> +pentium4 +amd64 +</arch> + +<cc> +gcc +icc +</cc> diff --git a/src/asm/sha1_sse2/sha160.cpp b/src/asm/sha1_sse2/sha160.cpp new file mode 100644 index 000000000..dfb5fdfe5 --- /dev/null +++ b/src/asm/sha1_sse2/sha160.cpp @@ -0,0 +1,52 @@ +/************************************************* +* SHA-160 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/sha160.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +extern "C" void botan_sha1_sse(u32bit[5], const byte[64]); + +/************************************************* +* SHA-160 Compression Function * +*************************************************/ +void SHA_160::hash(const byte input[]) + { + botan_sha1_sse(digest, input); + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void SHA_160::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; ++j) + output[j] = get_byte(j % 4, digest[j/4]); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void SHA_160::clear() throw() + { + MDx_HashFunction::clear(); + digest[0] = 0x67452301; + digest[1] = 0xEFCDAB89; + digest[2] = 0x98BADCFE; + digest[3] = 0x10325476; + digest[4] = 0xC3D2E1F0; + } + +/************************************************* +* SHA_160 Constructor * +*************************************************/ +SHA_160::SHA_160() : MDx_HashFunction(20, 64, true, true) + { + clear(); + } + +} diff --git a/src/asm/sha1_sse2/sha160.h b/src/asm/sha1_sse2/sha160.h new file mode 100644 index 000000000..c6f8482cf --- /dev/null +++ b/src/asm/sha1_sse2/sha160.h @@ -0,0 +1,32 @@ +/************************************************* +* SHA-160 Header File * +* (C) 1999-2007 The Botan Project * +*************************************************/ + +#ifndef BOTAN_SHA_160_H__ +#define BOTAN_SHA_160_H__ + +#include <botan/mdx_hash.h> + +namespace Botan { + +/************************************************* +* SHA-160 * +*************************************************/ +class SHA_160 : public MDx_HashFunction + { + public: + void clear() throw(); + std::string name() const { return "SHA-160"; } + HashFunction* clone() const { return new SHA_160; } + SHA_160(); + private: + void hash(const byte[]); + void copy_out(byte[]); + + SecureBuffer<u32bit, 5> digest; + }; + +} + +#endif diff --git a/src/asm/sha1_sse2/sha1core.cpp b/src/asm/sha1_sse2/sha1core.cpp new file mode 100644 index 000000000..23dbfc5e2 --- /dev/null +++ b/src/asm/sha1_sse2/sha1core.cpp @@ -0,0 +1,327 @@ +/* this code is public domain. + * + * dean gaudet <[email protected]> + * + * this code was inspired by this paper: + * + * SHA: A Design for Parallel Architectures? + * Antoon Bosselaers, Ren�e Govaerts and Joos Vandewalle + * <http://www.esat.kuleuven.ac.be/~cosicart/pdf/AB-9700.pdf> + * + * more information available on this implementation here: + * + * http://arctic.org/~dean/crypto/sha1.html + * + * version: 2 + */ + +/* + * Lightly modified for Botan, tested under GCC 4.1.1 and ICC 9.1 + * on a Linux/Core2 system. + * + */ +#include <botan/types.h> +#include <xmmintrin.h> + +namespace Botan { + +typedef union { + u32bit u32[4]; + __m128i u128; + } v4si __attribute__((aligned(16))); + +static const v4si K00_19 = { { 0x5a827999, 0x5a827999, 0x5a827999, 0x5a827999 } }; +static const v4si K20_39 = { { 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1, 0x6ed9eba1 } }; +static const v4si K40_59 = { { 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc, 0x8f1bbcdc } }; +static const v4si K60_79 = { { 0xca62c1d6, 0xca62c1d6, 0xca62c1d6, 0xca62c1d6 } }; + +#define UNALIGNED 1 +#if UNALIGNED +#define load(p) _mm_loadu_si128(p) +#else +#define load(p) (*p) +#endif + + +/* +the first 16 bytes only need byte swapping + +prepared points to 4x u32bit, 16-byte aligned + +W points to the 4 dwords which need preparing -- +and is overwritten with the swapped bytes +*/ +#define prep00_15(prep, W) do { \ + __m128i r1, r2; \ + \ + r1 = (W); \ + if (1) { \ + r1 = _mm_shufflehi_epi16(r1, _MM_SHUFFLE(2, 3, 0, 1)); \ + r1 = _mm_shufflelo_epi16(r1, _MM_SHUFFLE(2, 3, 0, 1)); \ + r2 = _mm_slli_epi16(r1, 8); \ + r1 = _mm_srli_epi16(r1, 8); \ + r1 = _mm_or_si128(r1, r2); \ + (W) = r1; \ + } \ + (prep).u128 = _mm_add_epi32(K00_19.u128, r1); \ + } while(0) + + + +/* +for each multiple of 4, t, we want to calculate this: + +W[t+0] = rol(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16], 1); +W[t+1] = rol(W[t-2] ^ W[t-7] ^ W[t-13] ^ W[t-15], 1); +W[t+2] = rol(W[t-1] ^ W[t-6] ^ W[t-12] ^ W[t-14], 1); +W[t+3] = rol(W[t] ^ W[t-5] ^ W[t-11] ^ W[t-13], 1); + +we'll actually calculate this: + +W[t+0] = rol(W[t-3] ^ W[t-8] ^ W[t-14] ^ W[t-16], 1); +W[t+1] = rol(W[t-2] ^ W[t-7] ^ W[t-13] ^ W[t-15], 1); +W[t+2] = rol(W[t-1] ^ W[t-6] ^ W[t-12] ^ W[t-14], 1); +W[t+3] = rol( 0 ^ W[t-5] ^ W[t-11] ^ W[t-13], 1); +W[t+3] ^= rol(W[t+0], 1); + +the parameters are: + +W0 = &W[t-16]; +W1 = &W[t-12]; +W2 = &W[t- 8]; +W3 = &W[t- 4]; + +and on output: +prepared = W0 + K +W0 = W[t]..W[t+3] +*/ + +/* note that there is a step here where i want to do a rol by 1, which +* normally would look like this: +* +* r1 = psrld r0,$31 +* r0 = pslld r0,$1 +* r0 = por r0,r1 +* +* but instead i do this: +* +* r1 = pcmpltd r0,zero +* r0 = paddd r0,r0 +* r0 = psub r0,r1 +* +* because pcmpltd and paddd are availabe in both MMX units on +* efficeon, pentium-m, and opteron but shifts are available in +* only one unit. +*/ +#define prep(prep, XW0, XW1, XW2, XW3, K) do { \ + __m128i r0, r1, r2, r3; \ + \ + /* load W[t-4] 16-byte aligned, and shift */ \ + r3 = _mm_srli_si128((XW3), 4); \ + r0 = (XW0); \ + /* get high 64-bits of XW0 into low 64-bits */ \ + r1 = _mm_shuffle_epi32((XW0), _MM_SHUFFLE(1,0,3,2)); \ + /* load high 64-bits of r1 */ \ + r1 = _mm_unpacklo_epi64(r1, (XW1)); \ + r2 = (XW2); \ + \ + r0 = _mm_xor_si128(r1, r0); \ + r2 = _mm_xor_si128(r3, r2); \ + r0 = _mm_xor_si128(r2, r0); \ + /* unrotated W[t]..W[t+2] in r0 ... still need W[t+3] */ \ + \ + r2 = _mm_slli_si128(r0, 12); \ + r1 = _mm_cmplt_epi32(r0, _mm_setzero_si128()); \ + r0 = _mm_add_epi32(r0, r0); /* shift left by 1 */ \ + r0 = _mm_sub_epi32(r0, r1); /* r0 has W[t]..W[t+2] */ \ + \ + r3 = _mm_srli_epi32(r2, 30); \ + r2 = _mm_slli_epi32(r2, 2); \ + \ + r0 = _mm_xor_si128(r0, r3); \ + r0 = _mm_xor_si128(r0, r2); /* r0 now has W[t+3] */ \ + \ + (XW0) = r0; \ + (prep).u128 = _mm_add_epi32(r0, (K).u128); \ + } while(0) + + +static inline u32bit rol(u32bit src, u32bit amt) + { + /* gcc and icc appear to turn this into a rotate */ + return (src << amt) | (src >> (32 - amt)); + } + + +static inline u32bit f00_19(u32bit x, u32bit y, u32bit z) + { + /* FIPS 180-2 says this: (x & y) ^ (~x & z) + * but we can calculate it in fewer steps. + */ + return ((y ^ z) & x) ^ z; + } + + +static inline u32bit f20_39(u32bit x, u32bit y, u32bit z) + { + return (x ^ z) ^ y; + } + + +static inline u32bit f40_59(u32bit x, u32bit y, u32bit z) + { + /* FIPS 180-2 says this: (x & y) ^ (x & z) ^ (y & z) + * but we can calculate it in fewer steps. + */ + return (x & z) | ((x | z) & y); + } + + +static inline u32bit f60_79(u32bit x, u32bit y, u32bit z) + { + return f20_39(x, y, z); + } + +#define step(nn_mm, xa, xb, xc, xd, xe, xt, input) do { \ + (xt) = (input) + f##nn_mm((xb), (xc), (xd)); \ + (xb) = rol((xb), 30); \ + (xt) += ((xe) + rol((xa), 5)); \ + } while(0) + +extern "C" void botan_sha1_sse(u32bit* H, + const u32bit* inputu) + { + const __m128i * input = (const __m128i *)inputu; + __m128i W0, W1, W2, W3; + v4si prep0, prep1, prep2; + u32bit a, b, c, d, e, t; + + a = H[0]; + b = H[1]; + c = H[2]; + d = H[3]; + e = H[4]; + + /* i've tried arranging the SSE2 code to be 4, 8, 12, and 16 + * steps ahead of the integer code. 12 steps ahead seems + * to produce the best performance. -dean + */ + W0 = load(&input[0]); + prep00_15(prep0, W0); /* prepare for 00 through 03 */ + W1 = load(&input[1]); + prep00_15(prep1, W1); /* prepare for 04 through 07 */ + W2 = load(&input[2]); + prep00_15(prep2, W2); /* prepare for 08 through 11 */ + + W3 = load(&input[3]); + step(00_19, a, b, c, d, e, t, prep0.u32[0]); /* 00 */ + step(00_19, t, a, b, c, d, e, prep0.u32[1]); /* 01 */ + step(00_19, e, t, a, b, c, d, prep0.u32[2]); /* 02 */ + step(00_19, d, e, t, a, b, c, prep0.u32[3]); /* 03 */ + prep00_15(prep0, W3); + step(00_19, c, d, e, t, a, b, prep1.u32[0]); /* 04 */ + step(00_19, b, c, d, e, t, a, prep1.u32[1]); /* 05 */ + step(00_19, a, b, c, d, e, t, prep1.u32[2]); /* 06 */ + step(00_19, t, a, b, c, d, e, prep1.u32[3]); /* 07 */ + prep(prep1, W0, W1, W2, W3, K00_19); /* prepare for 16 through 19 */ + step(00_19, e, t, a, b, c, d, prep2.u32[0]); /* 08 */ + step(00_19, d, e, t, a, b, c, prep2.u32[1]); /* 09 */ + step(00_19, c, d, e, t, a, b, prep2.u32[2]); /* 10 */ + step(00_19, b, c, d, e, t, a, prep2.u32[3]); /* 11 */ + prep(prep2, W1, W2, W3, W0, K20_39); /* prepare for 20 through 23 */ + step(00_19, a, b, c, d, e, t, prep0.u32[0]); /* 12 */ + step(00_19, t, a, b, c, d, e, prep0.u32[1]); /* 13 */ + step(00_19, e, t, a, b, c, d, prep0.u32[2]); /* 14 */ + step(00_19, d, e, t, a, b, c, prep0.u32[3]); /* 15 */ + prep(prep0, W2, W3, W0, W1, K20_39); + step(00_19, c, d, e, t, a, b, prep1.u32[0]); /* 16 */ + step(00_19, b, c, d, e, t, a, prep1.u32[1]); /* 17 */ + step(00_19, a, b, c, d, e, t, prep1.u32[2]); /* 18 */ + step(00_19, t, a, b, c, d, e, prep1.u32[3]); /* 19 */ + + prep(prep1, W3, W0, W1, W2, K20_39); + step(20_39, e, t, a, b, c, d, prep2.u32[0]); /* 20 */ + step(20_39, d, e, t, a, b, c, prep2.u32[1]); /* 21 */ + step(20_39, c, d, e, t, a, b, prep2.u32[2]); /* 22 */ + step(20_39, b, c, d, e, t, a, prep2.u32[3]); /* 23 */ + prep(prep2, W0, W1, W2, W3, K20_39); + step(20_39, a, b, c, d, e, t, prep0.u32[0]); /* 24 */ + step(20_39, t, a, b, c, d, e, prep0.u32[1]); /* 25 */ + step(20_39, e, t, a, b, c, d, prep0.u32[2]); /* 26 */ + step(20_39, d, e, t, a, b, c, prep0.u32[3]); /* 27 */ + prep(prep0, W1, W2, W3, W0, K20_39); + step(20_39, c, d, e, t, a, b, prep1.u32[0]); /* 28 */ + step(20_39, b, c, d, e, t, a, prep1.u32[1]); /* 29 */ + step(20_39, a, b, c, d, e, t, prep1.u32[2]); /* 30 */ + step(20_39, t, a, b, c, d, e, prep1.u32[3]); /* 31 */ + prep(prep1, W2, W3, W0, W1, K40_59); + step(20_39, e, t, a, b, c, d, prep2.u32[0]); /* 32 */ + step(20_39, d, e, t, a, b, c, prep2.u32[1]); /* 33 */ + step(20_39, c, d, e, t, a, b, prep2.u32[2]); /* 34 */ + step(20_39, b, c, d, e, t, a, prep2.u32[3]); /* 35 */ + prep(prep2, W3, W0, W1, W2, K40_59); + step(20_39, a, b, c, d, e, t, prep0.u32[0]); /* 36 */ + step(20_39, t, a, b, c, d, e, prep0.u32[1]); /* 37 */ + step(20_39, e, t, a, b, c, d, prep0.u32[2]); /* 38 */ + step(20_39, d, e, t, a, b, c, prep0.u32[3]); /* 39 */ + + prep(prep0, W0, W1, W2, W3, K40_59); + step(40_59, c, d, e, t, a, b, prep1.u32[0]); /* 40 */ + step(40_59, b, c, d, e, t, a, prep1.u32[1]); /* 41 */ + step(40_59, a, b, c, d, e, t, prep1.u32[2]); /* 42 */ + step(40_59, t, a, b, c, d, e, prep1.u32[3]); /* 43 */ + prep(prep1, W1, W2, W3, W0, K40_59); + step(40_59, e, t, a, b, c, d, prep2.u32[0]); /* 44 */ + step(40_59, d, e, t, a, b, c, prep2.u32[1]); /* 45 */ + step(40_59, c, d, e, t, a, b, prep2.u32[2]); /* 46 */ + step(40_59, b, c, d, e, t, a, prep2.u32[3]); /* 47 */ + prep(prep2, W2, W3, W0, W1, K40_59); + step(40_59, a, b, c, d, e, t, prep0.u32[0]); /* 48 */ + step(40_59, t, a, b, c, d, e, prep0.u32[1]); /* 49 */ + step(40_59, e, t, a, b, c, d, prep0.u32[2]); /* 50 */ + step(40_59, d, e, t, a, b, c, prep0.u32[3]); /* 51 */ + prep(prep0, W3, W0, W1, W2, K60_79); + step(40_59, c, d, e, t, a, b, prep1.u32[0]); /* 52 */ + step(40_59, b, c, d, e, t, a, prep1.u32[1]); /* 53 */ + step(40_59, a, b, c, d, e, t, prep1.u32[2]); /* 54 */ + step(40_59, t, a, b, c, d, e, prep1.u32[3]); /* 55 */ + prep(prep1, W0, W1, W2, W3, K60_79); + step(40_59, e, t, a, b, c, d, prep2.u32[0]); /* 56 */ + step(40_59, d, e, t, a, b, c, prep2.u32[1]); /* 57 */ + step(40_59, c, d, e, t, a, b, prep2.u32[2]); /* 58 */ + step(40_59, b, c, d, e, t, a, prep2.u32[3]); /* 59 */ + + prep(prep2, W1, W2, W3, W0, K60_79); + step(60_79, a, b, c, d, e, t, prep0.u32[0]); /* 60 */ + step(60_79, t, a, b, c, d, e, prep0.u32[1]); /* 61 */ + step(60_79, e, t, a, b, c, d, prep0.u32[2]); /* 62 */ + step(60_79, d, e, t, a, b, c, prep0.u32[3]); /* 63 */ + prep(prep0, W2, W3, W0, W1, K60_79); + step(60_79, c, d, e, t, a, b, prep1.u32[0]); /* 64 */ + step(60_79, b, c, d, e, t, a, prep1.u32[1]); /* 65 */ + step(60_79, a, b, c, d, e, t, prep1.u32[2]); /* 66 */ + step(60_79, t, a, b, c, d, e, prep1.u32[3]); /* 67 */ + prep(prep1, W3, W0, W1, W2, K60_79); + step(60_79, e, t, a, b, c, d, prep2.u32[0]); /* 68 */ + step(60_79, d, e, t, a, b, c, prep2.u32[1]); /* 69 */ + step(60_79, c, d, e, t, a, b, prep2.u32[2]); /* 70 */ + step(60_79, b, c, d, e, t, a, prep2.u32[3]); /* 71 */ + + step(60_79, a, b, c, d, e, t, prep0.u32[0]); /* 72 */ + step(60_79, t, a, b, c, d, e, prep0.u32[1]); /* 73 */ + step(60_79, e, t, a, b, c, d, prep0.u32[2]); /* 74 */ + step(60_79, d, e, t, a, b, c, prep0.u32[3]); /* 75 */ + /* no more input to prepare */ + step(60_79, c, d, e, t, a, b, prep1.u32[0]); /* 76 */ + step(60_79, b, c, d, e, t, a, prep1.u32[1]); /* 77 */ + step(60_79, a, b, c, d, e, t, prep1.u32[2]); /* 78 */ + step(60_79, t, a, b, c, d, e, prep1.u32[3]); /* 79 */ + /* e, t, a, b, c, d */ + H[0] += e; + H[1] += t; + H[2] += a; + H[3] += b; + H[4] += c; + } + +} diff --git a/src/checksum/adler32/adler32.cpp b/src/checksum/adler32/adler32.cpp new file mode 100644 index 000000000..b808e3e67 --- /dev/null +++ b/src/checksum/adler32/adler32.cpp @@ -0,0 +1,72 @@ +/************************************************* +* Adler32 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/adler32.h> +#include <botan/loadstor.h> + +namespace Botan { + +/************************************************* +* Adler32 Checksum * +*************************************************/ +void Adler32::hash(const byte input[], u32bit length) + { + u32bit S1x = S1, S2x = S2; + while(length >= 16) + { + S1x += input[ 0]; S2x += S1x; + S1x += input[ 1]; S2x += S1x; + S1x += input[ 2]; S2x += S1x; + S1x += input[ 3]; S2x += S1x; + S1x += input[ 4]; S2x += S1x; + S1x += input[ 5]; S2x += S1x; + S1x += input[ 6]; S2x += S1x; + S1x += input[ 7]; S2x += S1x; + S1x += input[ 8]; S2x += S1x; + S1x += input[ 9]; S2x += S1x; + S1x += input[10]; S2x += S1x; + S1x += input[11]; S2x += S1x; + S1x += input[12]; S2x += S1x; + S1x += input[13]; S2x += S1x; + S1x += input[14]; S2x += S1x; + S1x += input[15]; S2x += S1x; + input += 16; + length -= 16; + } + for(u32bit j = 0; j != length; ++j) + { + S1x += input[j]; S2x += S1x; + } + S1x %= 65521; + S2x %= 65521; + S1 = S1x; + S2 = S2x; + } + +/************************************************* +* Update an Adler32 Checksum * +*************************************************/ +void Adler32::add_data(const byte input[], u32bit length) + { + const u32bit PROCESS_AMOUNT = 5552; + while(length >= PROCESS_AMOUNT) + { + hash(input, PROCESS_AMOUNT); + input += PROCESS_AMOUNT; + length -= PROCESS_AMOUNT; + } + hash(input, length); + } + +/************************************************* +* Finalize an Adler32 Checksum * +*************************************************/ +void Adler32::final_result(byte output[]) + { + store_be(output, S2, S1); + clear(); + } + +} diff --git a/src/checksum/adler32/adler32.h b/src/checksum/adler32/adler32.h new file mode 100644 index 000000000..1abce690c --- /dev/null +++ b/src/checksum/adler32/adler32.h @@ -0,0 +1,33 @@ +/************************************************* +* Adler32 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ADLER32_H__ +#define BOTAN_ADLER32_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* Adler32 * +*************************************************/ +class BOTAN_DLL Adler32 : public HashFunction + { + public: + void clear() throw() { S1 = 1; S2 = 0; } + std::string name() const { return "Adler32"; } + HashFunction* clone() const { return new Adler32; } + Adler32() : HashFunction(4) { clear(); } + ~Adler32() { clear(); } + private: + void add_data(const byte[], u32bit); + void final_result(byte[]); + void hash(const byte[], u32bit); + u16bit S1, S2; + }; + +} + +#endif diff --git a/src/checksum/adler32/modinfo.txt b/src/checksum/adler32/modinfo.txt new file mode 100644 index 000000000..fb0f3c9cb --- /dev/null +++ b/src/checksum/adler32/modinfo.txt @@ -0,0 +1,10 @@ +realname "Adler32" + +define ADLER32 + +load_on auto + +<add> +adler32.cpp +adler32.h +</add> diff --git a/src/checksum/crc24/crc24.cpp b/src/checksum/crc24/crc24.cpp new file mode 100644 index 000000000..eda2c19f2 --- /dev/null +++ b/src/checksum/crc24/crc24.cpp @@ -0,0 +1,98 @@ +/************************************************* +* CRC24 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/crc24.h> +#include <botan/loadstor.h> + +namespace Botan { + +/************************************************* +* Update a CRC24 Checksum * +*************************************************/ +void CRC24::add_data(const byte input[], u32bit length) + { + const u32bit TABLE[256] = { + 0x00000000, 0x00864CFB, 0x008AD50D, 0x000C99F6, 0x0093E6E1, 0x0015AA1A, + 0x001933EC, 0x009F7F17, 0x00A18139, 0x0027CDC2, 0x002B5434, 0x00AD18CF, + 0x003267D8, 0x00B42B23, 0x00B8B2D5, 0x003EFE2E, 0x00C54E89, 0x00430272, + 0x004F9B84, 0x00C9D77F, 0x0056A868, 0x00D0E493, 0x00DC7D65, 0x005A319E, + 0x0064CFB0, 0x00E2834B, 0x00EE1ABD, 0x00685646, 0x00F72951, 0x007165AA, + 0x007DFC5C, 0x00FBB0A7, 0x000CD1E9, 0x008A9D12, 0x008604E4, 0x0000481F, + 0x009F3708, 0x00197BF3, 0x0015E205, 0x0093AEFE, 0x00AD50D0, 0x002B1C2B, + 0x002785DD, 0x00A1C926, 0x003EB631, 0x00B8FACA, 0x00B4633C, 0x00322FC7, + 0x00C99F60, 0x004FD39B, 0x00434A6D, 0x00C50696, 0x005A7981, 0x00DC357A, + 0x00D0AC8C, 0x0056E077, 0x00681E59, 0x00EE52A2, 0x00E2CB54, 0x006487AF, + 0x00FBF8B8, 0x007DB443, 0x00712DB5, 0x00F7614E, 0x0019A3D2, 0x009FEF29, + 0x009376DF, 0x00153A24, 0x008A4533, 0x000C09C8, 0x0000903E, 0x0086DCC5, + 0x00B822EB, 0x003E6E10, 0x0032F7E6, 0x00B4BB1D, 0x002BC40A, 0x00AD88F1, + 0x00A11107, 0x00275DFC, 0x00DCED5B, 0x005AA1A0, 0x00563856, 0x00D074AD, + 0x004F0BBA, 0x00C94741, 0x00C5DEB7, 0x0043924C, 0x007D6C62, 0x00FB2099, + 0x00F7B96F, 0x0071F594, 0x00EE8A83, 0x0068C678, 0x00645F8E, 0x00E21375, + 0x0015723B, 0x00933EC0, 0x009FA736, 0x0019EBCD, 0x008694DA, 0x0000D821, + 0x000C41D7, 0x008A0D2C, 0x00B4F302, 0x0032BFF9, 0x003E260F, 0x00B86AF4, + 0x002715E3, 0x00A15918, 0x00ADC0EE, 0x002B8C15, 0x00D03CB2, 0x00567049, + 0x005AE9BF, 0x00DCA544, 0x0043DA53, 0x00C596A8, 0x00C90F5E, 0x004F43A5, + 0x0071BD8B, 0x00F7F170, 0x00FB6886, 0x007D247D, 0x00E25B6A, 0x00641791, + 0x00688E67, 0x00EEC29C, 0x003347A4, 0x00B50B5F, 0x00B992A9, 0x003FDE52, + 0x00A0A145, 0x0026EDBE, 0x002A7448, 0x00AC38B3, 0x0092C69D, 0x00148A66, + 0x00181390, 0x009E5F6B, 0x0001207C, 0x00876C87, 0x008BF571, 0x000DB98A, + 0x00F6092D, 0x007045D6, 0x007CDC20, 0x00FA90DB, 0x0065EFCC, 0x00E3A337, + 0x00EF3AC1, 0x0069763A, 0x00578814, 0x00D1C4EF, 0x00DD5D19, 0x005B11E2, + 0x00C46EF5, 0x0042220E, 0x004EBBF8, 0x00C8F703, 0x003F964D, 0x00B9DAB6, + 0x00B54340, 0x00330FBB, 0x00AC70AC, 0x002A3C57, 0x0026A5A1, 0x00A0E95A, + 0x009E1774, 0x00185B8F, 0x0014C279, 0x00928E82, 0x000DF195, 0x008BBD6E, + 0x00872498, 0x00016863, 0x00FAD8C4, 0x007C943F, 0x00700DC9, 0x00F64132, + 0x00693E25, 0x00EF72DE, 0x00E3EB28, 0x0065A7D3, 0x005B59FD, 0x00DD1506, + 0x00D18CF0, 0x0057C00B, 0x00C8BF1C, 0x004EF3E7, 0x00426A11, 0x00C426EA, + 0x002AE476, 0x00ACA88D, 0x00A0317B, 0x00267D80, 0x00B90297, 0x003F4E6C, + 0x0033D79A, 0x00B59B61, 0x008B654F, 0x000D29B4, 0x0001B042, 0x0087FCB9, + 0x001883AE, 0x009ECF55, 0x009256A3, 0x00141A58, 0x00EFAAFF, 0x0069E604, + 0x00657FF2, 0x00E33309, 0x007C4C1E, 0x00FA00E5, 0x00F69913, 0x0070D5E8, + 0x004E2BC6, 0x00C8673D, 0x00C4FECB, 0x0042B230, 0x00DDCD27, 0x005B81DC, + 0x0057182A, 0x00D154D1, 0x0026359F, 0x00A07964, 0x00ACE092, 0x002AAC69, + 0x00B5D37E, 0x00339F85, 0x003F0673, 0x00B94A88, 0x0087B4A6, 0x0001F85D, + 0x000D61AB, 0x008B2D50, 0x00145247, 0x00921EBC, 0x009E874A, 0x0018CBB1, + 0x00E37B16, 0x006537ED, 0x0069AE1B, 0x00EFE2E0, 0x00709DF7, 0x00F6D10C, + 0x00FA48FA, 0x007C0401, 0x0042FA2F, 0x00C4B6D4, 0x00C82F22, 0x004E63D9, + 0x00D11CCE, 0x00575035, 0x005BC9C3, 0x00DD8538 }; + + u32bit tmp = crc; + while(length >= 16) + { + tmp = TABLE[((tmp >> 16) ^ input[ 0]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[ 1]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[ 2]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[ 3]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[ 4]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[ 5]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[ 6]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[ 7]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[ 8]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[ 9]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[10]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[11]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[12]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[13]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[14]) & 0xFF] ^ (tmp << 8); + tmp = TABLE[((tmp >> 16) ^ input[15]) & 0xFF] ^ (tmp << 8); + input += 16; + length -= 16; + } + for(u32bit j = 0; j != length; ++j) + tmp = TABLE[((tmp >> 16) ^ input[j]) & 0xFF] ^ (tmp << 8); + crc = tmp; + } + +/************************************************* +* Finalize a CRC24 Checksum * +*************************************************/ +void CRC24::final_result(byte output[]) + { + for(u32bit j = 0; j != 3; ++j) + output[j] = get_byte(j+1, crc); + clear(); + } + +} diff --git a/src/checksum/crc24/crc24.h b/src/checksum/crc24/crc24.h new file mode 100644 index 000000000..919f860ce --- /dev/null +++ b/src/checksum/crc24/crc24.h @@ -0,0 +1,32 @@ +/************************************************* +* CRC24 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_CRC24_H__ +#define BOTAN_CRC24_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* CRC24 * +*************************************************/ +class BOTAN_DLL CRC24 : public HashFunction + { + public: + void clear() throw() { crc = 0xB704CE; } + std::string name() const { return "CRC24"; } + HashFunction* clone() const { return new CRC24; } + CRC24() : HashFunction(3) { clear(); } + ~CRC24() { clear(); } + private: + void add_data(const byte[], u32bit); + void final_result(byte[]); + u32bit crc; + }; + +} + +#endif diff --git a/src/checksum/crc24/modinfo.txt b/src/checksum/crc24/modinfo.txt new file mode 100644 index 000000000..b61cabbc8 --- /dev/null +++ b/src/checksum/crc24/modinfo.txt @@ -0,0 +1,10 @@ +realname "CRC-24" + +define CRC24 + +load_on auto + +<add> +crc24.cpp +crc24.h +</add> diff --git a/src/checksum/crc32/crc32.cpp b/src/checksum/crc32/crc32.cpp new file mode 100644 index 000000000..21af2f13b --- /dev/null +++ b/src/checksum/crc32/crc32.cpp @@ -0,0 +1,100 @@ +/************************************************* +* CRC32 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/crc32.h> +#include <botan/loadstor.h> + +namespace Botan { + +/************************************************* +* Update a CRC32 Checksum * +*************************************************/ +void CRC32::add_data(const byte input[], u32bit length) + { + const u32bit TABLE[256] = { + 0x00000000, 0x77073096, 0xEE0E612C, 0x990951BA, 0x076DC419, 0x706AF48F, + 0xE963A535, 0x9E6495A3, 0x0EDB8832, 0x79DCB8A4, 0xE0D5E91E, 0x97D2D988, + 0x09B64C2B, 0x7EB17CBD, 0xE7B82D07, 0x90BF1D91, 0x1DB71064, 0x6AB020F2, + 0xF3B97148, 0x84BE41DE, 0x1ADAD47D, 0x6DDDE4EB, 0xF4D4B551, 0x83D385C7, + 0x136C9856, 0x646BA8C0, 0xFD62F97A, 0x8A65C9EC, 0x14015C4F, 0x63066CD9, + 0xFA0F3D63, 0x8D080DF5, 0x3B6E20C8, 0x4C69105E, 0xD56041E4, 0xA2677172, + 0x3C03E4D1, 0x4B04D447, 0xD20D85FD, 0xA50AB56B, 0x35B5A8FA, 0x42B2986C, + 0xDBBBC9D6, 0xACBCF940, 0x32D86CE3, 0x45DF5C75, 0xDCD60DCF, 0xABD13D59, + 0x26D930AC, 0x51DE003A, 0xC8D75180, 0xBFD06116, 0x21B4F4B5, 0x56B3C423, + 0xCFBA9599, 0xB8BDA50F, 0x2802B89E, 0x5F058808, 0xC60CD9B2, 0xB10BE924, + 0x2F6F7C87, 0x58684C11, 0xC1611DAB, 0xB6662D3D, 0x76DC4190, 0x01DB7106, + 0x98D220BC, 0xEFD5102A, 0x71B18589, 0x06B6B51F, 0x9FBFE4A5, 0xE8B8D433, + 0x7807C9A2, 0x0F00F934, 0x9609A88E, 0xE10E9818, 0x7F6A0DBB, 0x086D3D2D, + 0x91646C97, 0xE6635C01, 0x6B6B51F4, 0x1C6C6162, 0x856530D8, 0xF262004E, + 0x6C0695ED, 0x1B01A57B, 0x8208F4C1, 0xF50FC457, 0x65B0D9C6, 0x12B7E950, + 0x8BBEB8EA, 0xFCB9887C, 0x62DD1DDF, 0x15DA2D49, 0x8CD37CF3, 0xFBD44C65, + 0x4DB26158, 0x3AB551CE, 0xA3BC0074, 0xD4BB30E2, 0x4ADFA541, 0x3DD895D7, + 0xA4D1C46D, 0xD3D6F4FB, 0x4369E96A, 0x346ED9FC, 0xAD678846, 0xDA60B8D0, + 0x44042D73, 0x33031DE5, 0xAA0A4C5F, 0xDD0D7CC9, 0x5005713C, 0x270241AA, + 0xBE0B1010, 0xC90C2086, 0x5768B525, 0x206F85B3, 0xB966D409, 0xCE61E49F, + 0x5EDEF90E, 0x29D9C998, 0xB0D09822, 0xC7D7A8B4, 0x59B33D17, 0x2EB40D81, + 0xB7BD5C3B, 0xC0BA6CAD, 0xEDB88320, 0x9ABFB3B6, 0x03B6E20C, 0x74B1D29A, + 0xEAD54739, 0x9DD277AF, 0x04DB2615, 0x73DC1683, 0xE3630B12, 0x94643B84, + 0x0D6D6A3E, 0x7A6A5AA8, 0xE40ECF0B, 0x9309FF9D, 0x0A00AE27, 0x7D079EB1, + 0xF00F9344, 0x8708A3D2, 0x1E01F268, 0x6906C2FE, 0xF762575D, 0x806567CB, + 0x196C3671, 0x6E6B06E7, 0xFED41B76, 0x89D32BE0, 0x10DA7A5A, 0x67DD4ACC, + 0xF9B9DF6F, 0x8EBEEFF9, 0x17B7BE43, 0x60B08ED5, 0xD6D6A3E8, 0xA1D1937E, + 0x38D8C2C4, 0x4FDFF252, 0xD1BB67F1, 0xA6BC5767, 0x3FB506DD, 0x48B2364B, + 0xD80D2BDA, 0xAF0A1B4C, 0x36034AF6, 0x41047A60, 0xDF60EFC3, 0xA867DF55, + 0x316E8EEF, 0x4669BE79, 0xCB61B38C, 0xBC66831A, 0x256FD2A0, 0x5268E236, + 0xCC0C7795, 0xBB0B4703, 0x220216B9, 0x5505262F, 0xC5BA3BBE, 0xB2BD0B28, + 0x2BB45A92, 0x5CB36A04, 0xC2D7FFA7, 0xB5D0CF31, 0x2CD99E8B, 0x5BDEAE1D, + 0x9B64C2B0, 0xEC63F226, 0x756AA39C, 0x026D930A, 0x9C0906A9, 0xEB0E363F, + 0x72076785, 0x05005713, 0x95BF4A82, 0xE2B87A14, 0x7BB12BAE, 0x0CB61B38, + 0x92D28E9B, 0xE5D5BE0D, 0x7CDCEFB7, 0x0BDBDF21, 0x86D3D2D4, 0xF1D4E242, + 0x68DDB3F8, 0x1FDA836E, 0x81BE16CD, 0xF6B9265B, 0x6FB077E1, 0x18B74777, + 0x88085AE6, 0xFF0F6A70, 0x66063BCA, 0x11010B5C, 0x8F659EFF, 0xF862AE69, + 0x616BFFD3, 0x166CCF45, 0xA00AE278, 0xD70DD2EE, 0x4E048354, 0x3903B3C2, + 0xA7672661, 0xD06016F7, 0x4969474D, 0x3E6E77DB, 0xAED16A4A, 0xD9D65ADC, + 0x40DF0B66, 0x37D83BF0, 0xA9BCAE53, 0xDEBB9EC5, 0x47B2CF7F, 0x30B5FFE9, + 0xBDBDF21C, 0xCABAC28A, 0x53B39330, 0x24B4A3A6, 0xBAD03605, 0xCDD70693, + 0x54DE5729, 0x23D967BF, 0xB3667A2E, 0xC4614AB8, 0x5D681B02, 0x2A6F2B94, + 0xB40BBE37, 0xC30C8EA1, 0x5A05DF1B, 0x2D02EF8D }; + + u32bit tmp = crc; + while(length >= 16) + { + tmp = TABLE[(tmp ^ input[ 0]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[ 1]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[ 2]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[ 3]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[ 4]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[ 5]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[ 6]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[ 7]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[ 8]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[ 9]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[10]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[11]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[12]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[13]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[14]) & 0xFF] ^ (tmp >> 8); + tmp = TABLE[(tmp ^ input[15]) & 0xFF] ^ (tmp >> 8); + input += 16; + length -= 16; + } + + for(u32bit j = 0; j != length; ++j) + tmp = TABLE[(tmp ^ input[j]) & 0xFF] ^ (tmp >> 8); + + crc = tmp; + } + +/************************************************* +* Finalize a CRC32 Checksum * +*************************************************/ +void CRC32::final_result(byte output[]) + { + crc ^= 0xFFFFFFFF; + store_be(crc, output); + clear(); + } + +} diff --git a/src/checksum/crc32/crc32.h b/src/checksum/crc32/crc32.h new file mode 100644 index 000000000..51939c6e1 --- /dev/null +++ b/src/checksum/crc32/crc32.h @@ -0,0 +1,32 @@ +/************************************************* +* CRC32 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_CRC32_H__ +#define BOTAN_CRC32_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* CRC32 * +*************************************************/ +class BOTAN_DLL CRC32 : public HashFunction + { + public: + void clear() throw() { crc = 0xFFFFFFFF; } + std::string name() const { return "CRC32"; } + HashFunction* clone() const { return new CRC32; } + CRC32() : HashFunction(4) { clear(); } + ~CRC32() { clear(); } + private: + void add_data(const byte[], u32bit); + void final_result(byte[]); + u32bit crc; + }; + +} + +#endif diff --git a/src/checksum/crc32/modinfo.txt b/src/checksum/crc32/modinfo.txt new file mode 100644 index 000000000..17ccca0a3 --- /dev/null +++ b/src/checksum/crc32/modinfo.txt @@ -0,0 +1,10 @@ +realname "CRC-32" + +define CRC32 + +load_on auto + +<add> +crc32.cpp +crc32.h +</add> diff --git a/src/cipher/aes/aes.cpp b/src/cipher/aes/aes.cpp new file mode 100644 index 000000000..24f1f6213 --- /dev/null +++ b/src/cipher/aes/aes.cpp @@ -0,0 +1,208 @@ +/************************************************* +* AES Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/aes.h> +#include <botan/loadstor.h> + +namespace Botan { + +/************************************************* +* AES Encryption * +*************************************************/ +void AES::enc(const byte in[], byte out[]) const + { + const u32bit* TE0 = TE; + const u32bit* TE1 = TE + 256; + const u32bit* TE2 = TE + 512; + const u32bit* TE3 = TE + 768; + + u32bit T0, T1, T2, T3, B0, B1, B2, B3; + B0 = TE0[in[ 0] ^ ME[ 0]] ^ TE1[in[ 5] ^ ME[ 5]] ^ + TE2[in[10] ^ ME[10]] ^ TE3[in[15] ^ ME[15]] ^ EK[0]; + B1 = TE0[in[ 4] ^ ME[ 4]] ^ TE1[in[ 9] ^ ME[ 9]] ^ + TE2[in[14] ^ ME[14]] ^ TE3[in[ 3] ^ ME[ 3]] ^ EK[1]; + B2 = TE0[in[ 8] ^ ME[ 8]] ^ TE1[in[13] ^ ME[13]] ^ + TE2[in[ 2] ^ ME[ 2]] ^ TE3[in[ 7] ^ ME[ 7]] ^ EK[2]; + B3 = TE0[in[12] ^ ME[12]] ^ TE1[in[ 1] ^ ME[ 1]] ^ + TE2[in[ 6] ^ ME[ 6]] ^ TE3[in[11] ^ ME[11]] ^ EK[3]; + for(u32bit j = 1; j != ROUNDS - 1; j += 2) + { + T0 = TE0[get_byte(0, B0)] ^ TE1[get_byte(1, B1)] ^ + TE2[get_byte(2, B2)] ^ TE3[get_byte(3, B3)] ^ EK[4*j+0]; + T1 = TE0[get_byte(0, B1)] ^ TE1[get_byte(1, B2)] ^ + TE2[get_byte(2, B3)] ^ TE3[get_byte(3, B0)] ^ EK[4*j+1]; + T2 = TE0[get_byte(0, B2)] ^ TE1[get_byte(1, B3)] ^ + TE2[get_byte(2, B0)] ^ TE3[get_byte(3, B1)] ^ EK[4*j+2]; + T3 = TE0[get_byte(0, B3)] ^ TE1[get_byte(1, B0)] ^ + TE2[get_byte(2, B1)] ^ TE3[get_byte(3, B2)] ^ EK[4*j+3]; + B0 = TE0[get_byte(0, T0)] ^ TE1[get_byte(1, T1)] ^ + TE2[get_byte(2, T2)] ^ TE3[get_byte(3, T3)] ^ EK[4*j+4]; + B1 = TE0[get_byte(0, T1)] ^ TE1[get_byte(1, T2)] ^ + TE2[get_byte(2, T3)] ^ TE3[get_byte(3, T0)] ^ EK[4*j+5]; + B2 = TE0[get_byte(0, T2)] ^ TE1[get_byte(1, T3)] ^ + TE2[get_byte(2, T0)] ^ TE3[get_byte(3, T1)] ^ EK[4*j+6]; + B3 = TE0[get_byte(0, T3)] ^ TE1[get_byte(1, T0)] ^ + TE2[get_byte(2, T1)] ^ TE3[get_byte(3, T2)] ^ EK[4*j+7]; + } + out[ 0] = SE[get_byte(0, B0)] ^ ME[16]; + out[ 1] = SE[get_byte(1, B1)] ^ ME[17]; + out[ 2] = SE[get_byte(2, B2)] ^ ME[18]; + out[ 3] = SE[get_byte(3, B3)] ^ ME[19]; + out[ 4] = SE[get_byte(0, B1)] ^ ME[20]; + out[ 5] = SE[get_byte(1, B2)] ^ ME[21]; + out[ 6] = SE[get_byte(2, B3)] ^ ME[22]; + out[ 7] = SE[get_byte(3, B0)] ^ ME[23]; + out[ 8] = SE[get_byte(0, B2)] ^ ME[24]; + out[ 9] = SE[get_byte(1, B3)] ^ ME[25]; + out[10] = SE[get_byte(2, B0)] ^ ME[26]; + out[11] = SE[get_byte(3, B1)] ^ ME[27]; + out[12] = SE[get_byte(0, B3)] ^ ME[28]; + out[13] = SE[get_byte(1, B0)] ^ ME[29]; + out[14] = SE[get_byte(2, B1)] ^ ME[30]; + out[15] = SE[get_byte(3, B2)] ^ ME[31]; + } + +/************************************************* +* AES Decryption * +*************************************************/ +void AES::dec(const byte in[], byte out[]) const + { + const u32bit* TD0 = TD; + const u32bit* TD1 = TD + 256; + const u32bit* TD2 = TD + 512; + const u32bit* TD3 = TD + 768; + + u32bit T0, T1, T2, T3, B0, B1, B2, B3; + B0 = TD0[in[ 0] ^ MD[ 0]] ^ TD1[in[13] ^ MD[13]] ^ + TD2[in[10] ^ MD[10]] ^ TD3[in[ 7] ^ MD[ 7]] ^ DK[0]; + B1 = TD0[in[ 4] ^ MD[ 4]] ^ TD1[in[ 1] ^ MD[ 1]] ^ + TD2[in[14] ^ MD[14]] ^ TD3[in[11] ^ MD[11]] ^ DK[1]; + B2 = TD0[in[ 8] ^ MD[ 8]] ^ TD1[in[ 5] ^ MD[ 5]] ^ + TD2[in[ 2] ^ MD[ 2]] ^ TD3[in[15] ^ MD[15]] ^ DK[2]; + B3 = TD0[in[12] ^ MD[12]] ^ TD1[in[ 9] ^ MD[ 9]] ^ + TD2[in[ 6] ^ MD[ 6]] ^ TD3[in[ 3] ^ MD[ 3]] ^ DK[3]; + for(u32bit j = 1; j != ROUNDS - 1; j += 2) + { + T0 = TD0[get_byte(0, B0)] ^ TD1[get_byte(1, B3)] ^ + TD2[get_byte(2, B2)] ^ TD3[get_byte(3, B1)] ^ DK[4*j+0]; + T1 = TD0[get_byte(0, B1)] ^ TD1[get_byte(1, B0)] ^ + TD2[get_byte(2, B3)] ^ TD3[get_byte(3, B2)] ^ DK[4*j+1]; + T2 = TD0[get_byte(0, B2)] ^ TD1[get_byte(1, B1)] ^ + TD2[get_byte(2, B0)] ^ TD3[get_byte(3, B3)] ^ DK[4*j+2]; + T3 = TD0[get_byte(0, B3)] ^ TD1[get_byte(1, B2)] ^ + TD2[get_byte(2, B1)] ^ TD3[get_byte(3, B0)] ^ DK[4*j+3]; + B0 = TD0[get_byte(0, T0)] ^ TD1[get_byte(1, T3)] ^ + TD2[get_byte(2, T2)] ^ TD3[get_byte(3, T1)] ^ DK[4*j+4]; + B1 = TD0[get_byte(0, T1)] ^ TD1[get_byte(1, T0)] ^ + TD2[get_byte(2, T3)] ^ TD3[get_byte(3, T2)] ^ DK[4*j+5]; + B2 = TD0[get_byte(0, T2)] ^ TD1[get_byte(1, T1)] ^ + TD2[get_byte(2, T0)] ^ TD3[get_byte(3, T3)] ^ DK[4*j+6]; + B3 = TD0[get_byte(0, T3)] ^ TD1[get_byte(1, T2)] ^ + TD2[get_byte(2, T1)] ^ TD3[get_byte(3, T0)] ^ DK[4*j+7]; + } + out[ 0] = SD[get_byte(0, B0)] ^ MD[16]; + out[ 1] = SD[get_byte(1, B3)] ^ MD[17]; + out[ 2] = SD[get_byte(2, B2)] ^ MD[18]; + out[ 3] = SD[get_byte(3, B1)] ^ MD[19]; + out[ 4] = SD[get_byte(0, B1)] ^ MD[20]; + out[ 5] = SD[get_byte(1, B0)] ^ MD[21]; + out[ 6] = SD[get_byte(2, B3)] ^ MD[22]; + out[ 7] = SD[get_byte(3, B2)] ^ MD[23]; + out[ 8] = SD[get_byte(0, B2)] ^ MD[24]; + out[ 9] = SD[get_byte(1, B1)] ^ MD[25]; + out[10] = SD[get_byte(2, B0)] ^ MD[26]; + out[11] = SD[get_byte(3, B3)] ^ MD[27]; + out[12] = SD[get_byte(0, B3)] ^ MD[28]; + out[13] = SD[get_byte(1, B2)] ^ MD[29]; + out[14] = SD[get_byte(2, B1)] ^ MD[30]; + out[15] = SD[get_byte(3, B0)] ^ MD[31]; + } + +/************************************************* +* AES Key Schedule * +*************************************************/ +void AES::key(const byte key[], u32bit length) + { + static const u32bit RC[10] = { + 0x01000000, 0x02000000, 0x04000000, 0x08000000, 0x10000000, 0x20000000, + 0x40000000, 0x80000000, 0x1B000000, 0x36000000 }; + ROUNDS = (length / 4) + 6; + + SecureBuffer<u32bit, 64> XEK, XDK; + + const u32bit X = length / 4; + for(u32bit j = 0; j != X; ++j) + XEK[j] = load_be<u32bit>(key, j); + + for(u32bit j = X; j < 4*(ROUNDS+1); j += X) + { + XEK[j] = XEK[j-X] ^ S(rotate_left(XEK[j-1], 8)) ^ RC[(j-X)/X]; + for(u32bit k = 1; k != X; ++k) + { + if(X == 8 && k == 4) + XEK[j+k] = XEK[j+k-X] ^ S(XEK[j+k-1]); + else + XEK[j+k] = XEK[j+k-X] ^ XEK[j+k-1]; + } + } + + for(u32bit j = 0; j != 4*(ROUNDS+1); j += 4) + { + XDK[j ] = XEK[4*ROUNDS-j ]; + XDK[j+1] = XEK[4*ROUNDS-j+1]; + XDK[j+2] = XEK[4*ROUNDS-j+2]; + XDK[j+3] = XEK[4*ROUNDS-j+3]; + } + + for(u32bit j = 4; j != length + 24; ++j) + XDK[j] = TD[SE[get_byte(0, XDK[j])] + 0] ^ + TD[SE[get_byte(1, XDK[j])] + 256] ^ + TD[SE[get_byte(2, XDK[j])] + 512] ^ + TD[SE[get_byte(3, XDK[j])] + 768]; + + for(u32bit j = 0; j != 4; ++j) + for(u32bit k = 0; k != 4; ++k) + { + ME[4*j+k ] = get_byte(k, XEK[j]); + ME[4*j+k+16] = get_byte(k, XEK[j+4*ROUNDS]); + MD[4*j+k ] = get_byte(k, XDK[j]); + MD[4*j+k+16] = get_byte(k, XEK[j]); + } + + EK.copy(XEK + 4, length + 20); + DK.copy(XDK + 4, length + 20); + } + +/************************************************* +* AES Byte Substitution * +*************************************************/ +u32bit AES::S(u32bit input) + { + return make_u32bit(SE[get_byte(0, input)], SE[get_byte(1, input)], + SE[get_byte(2, input)], SE[get_byte(3, input)]); + } + +/************************************************* +* AES Constructor * +*************************************************/ +AES::AES(u32bit key_size) : BlockCipher(16, key_size) + { + if(key_size != 16 && key_size != 24 && key_size != 32) + throw Invalid_Key_Length(name(), key_size); + ROUNDS = (key_size / 4) + 6; + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void AES::clear() throw() + { + EK.clear(); + DK.clear(); + ME.clear(); + MD.clear(); + } + +} diff --git a/src/cipher/aes/aes.h b/src/cipher/aes/aes.h new file mode 100644 index 000000000..5b43735ad --- /dev/null +++ b/src/cipher/aes/aes.h @@ -0,0 +1,74 @@ +/************************************************* +* AES Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_AES_H__ +#define BOTAN_AES_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* AES * +*************************************************/ +class BOTAN_DLL AES : public BlockCipher + { + public: + void clear() throw(); + std::string name() const { return "AES"; } + BlockCipher* clone() const { return new AES; } + AES() : BlockCipher(16, 16, 32, 8) { ROUNDS = 14; } + AES(u32bit); + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + static u32bit S(u32bit); + + static const byte SE[256]; + static const byte SD[256]; + static const u32bit TE[1024]; + static const u32bit TD[1024]; + SecureBuffer<u32bit, 52> EK, DK; + SecureBuffer<byte, 32> ME, MD; + u32bit ROUNDS; + }; + +/************************************************* +* AES-128 * +*************************************************/ +class BOTAN_DLL AES_128 : public AES + { + public: + std::string name() const { return "AES-128"; } + BlockCipher* clone() const { return new AES_128; } + AES_128() : AES(16) {} + }; + +/************************************************* +* AES-192 * +*************************************************/ +class BOTAN_DLL AES_192 : public AES + { + public: + std::string name() const { return "AES-192"; } + BlockCipher* clone() const { return new AES_192; } + AES_192() : AES(24) {} + }; + +/************************************************* +* AES-256 * +*************************************************/ +class BOTAN_DLL AES_256 : public AES + { + public: + std::string name() const { return "AES-256"; } + BlockCipher* clone() const { return new AES_256; } + AES_256() : AES(32) {} + }; + +} + +#endif diff --git a/src/cipher/aes/aes_tab.cpp b/src/cipher/aes/aes_tab.cpp new file mode 100644 index 000000000..3665bb746 --- /dev/null +++ b/src/cipher/aes/aes_tab.cpp @@ -0,0 +1,404 @@ +/************************************************* +* S-Box and Diffusion Tables for AES * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/aes.h> + +namespace Botan { + +const byte AES::SE[256] = { + 0x63, 0x7C, 0x77, 0x7B, 0xF2, 0x6B, 0x6F, 0xC5, 0x30, 0x01, 0x67, 0x2B, + 0xFE, 0xD7, 0xAB, 0x76, 0xCA, 0x82, 0xC9, 0x7D, 0xFA, 0x59, 0x47, 0xF0, + 0xAD, 0xD4, 0xA2, 0xAF, 0x9C, 0xA4, 0x72, 0xC0, 0xB7, 0xFD, 0x93, 0x26, + 0x36, 0x3F, 0xF7, 0xCC, 0x34, 0xA5, 0xE5, 0xF1, 0x71, 0xD8, 0x31, 0x15, + 0x04, 0xC7, 0x23, 0xC3, 0x18, 0x96, 0x05, 0x9A, 0x07, 0x12, 0x80, 0xE2, + 0xEB, 0x27, 0xB2, 0x75, 0x09, 0x83, 0x2C, 0x1A, 0x1B, 0x6E, 0x5A, 0xA0, + 0x52, 0x3B, 0xD6, 0xB3, 0x29, 0xE3, 0x2F, 0x84, 0x53, 0xD1, 0x00, 0xED, + 0x20, 0xFC, 0xB1, 0x5B, 0x6A, 0xCB, 0xBE, 0x39, 0x4A, 0x4C, 0x58, 0xCF, + 0xD0, 0xEF, 0xAA, 0xFB, 0x43, 0x4D, 0x33, 0x85, 0x45, 0xF9, 0x02, 0x7F, + 0x50, 0x3C, 0x9F, 0xA8, 0x51, 0xA3, 0x40, 0x8F, 0x92, 0x9D, 0x38, 0xF5, + 0xBC, 0xB6, 0xDA, 0x21, 0x10, 0xFF, 0xF3, 0xD2, 0xCD, 0x0C, 0x13, 0xEC, + 0x5F, 0x97, 0x44, 0x17, 0xC4, 0xA7, 0x7E, 0x3D, 0x64, 0x5D, 0x19, 0x73, + 0x60, 0x81, 0x4F, 0xDC, 0x22, 0x2A, 0x90, 0x88, 0x46, 0xEE, 0xB8, 0x14, + 0xDE, 0x5E, 0x0B, 0xDB, 0xE0, 0x32, 0x3A, 0x0A, 0x49, 0x06, 0x24, 0x5C, + 0xC2, 0xD3, 0xAC, 0x62, 0x91, 0x95, 0xE4, 0x79, 0xE7, 0xC8, 0x37, 0x6D, + 0x8D, 0xD5, 0x4E, 0xA9, 0x6C, 0x56, 0xF4, 0xEA, 0x65, 0x7A, 0xAE, 0x08, + 0xBA, 0x78, 0x25, 0x2E, 0x1C, 0xA6, 0xB4, 0xC6, 0xE8, 0xDD, 0x74, 0x1F, + 0x4B, 0xBD, 0x8B, 0x8A, 0x70, 0x3E, 0xB5, 0x66, 0x48, 0x03, 0xF6, 0x0E, + 0x61, 0x35, 0x57, 0xB9, 0x86, 0xC1, 0x1D, 0x9E, 0xE1, 0xF8, 0x98, 0x11, + 0x69, 0xD9, 0x8E, 0x94, 0x9B, 0x1E, 0x87, 0xE9, 0xCE, 0x55, 0x28, 0xDF, + 0x8C, 0xA1, 0x89, 0x0D, 0xBF, 0xE6, 0x42, 0x68, 0x41, 0x99, 0x2D, 0x0F, + 0xB0, 0x54, 0xBB, 0x16 }; + +const byte AES::SD[256] = { + 0x52, 0x09, 0x6A, 0xD5, 0x30, 0x36, 0xA5, 0x38, 0xBF, 0x40, 0xA3, 0x9E, + 0x81, 0xF3, 0xD7, 0xFB, 0x7C, 0xE3, 0x39, 0x82, 0x9B, 0x2F, 0xFF, 0x87, + 0x34, 0x8E, 0x43, 0x44, 0xC4, 0xDE, 0xE9, 0xCB, 0x54, 0x7B, 0x94, 0x32, + 0xA6, 0xC2, 0x23, 0x3D, 0xEE, 0x4C, 0x95, 0x0B, 0x42, 0xFA, 0xC3, 0x4E, + 0x08, 0x2E, 0xA1, 0x66, 0x28, 0xD9, 0x24, 0xB2, 0x76, 0x5B, 0xA2, 0x49, + 0x6D, 0x8B, 0xD1, 0x25, 0x72, 0xF8, 0xF6, 0x64, 0x86, 0x68, 0x98, 0x16, + 0xD4, 0xA4, 0x5C, 0xCC, 0x5D, 0x65, 0xB6, 0x92, 0x6C, 0x70, 0x48, 0x50, + 0xFD, 0xED, 0xB9, 0xDA, 0x5E, 0x15, 0x46, 0x57, 0xA7, 0x8D, 0x9D, 0x84, + 0x90, 0xD8, 0xAB, 0x00, 0x8C, 0xBC, 0xD3, 0x0A, 0xF7, 0xE4, 0x58, 0x05, + 0xB8, 0xB3, 0x45, 0x06, 0xD0, 0x2C, 0x1E, 0x8F, 0xCA, 0x3F, 0x0F, 0x02, + 0xC1, 0xAF, 0xBD, 0x03, 0x01, 0x13, 0x8A, 0x6B, 0x3A, 0x91, 0x11, 0x41, + 0x4F, 0x67, 0xDC, 0xEA, 0x97, 0xF2, 0xCF, 0xCE, 0xF0, 0xB4, 0xE6, 0x73, + 0x96, 0xAC, 0x74, 0x22, 0xE7, 0xAD, 0x35, 0x85, 0xE2, 0xF9, 0x37, 0xE8, + 0x1C, 0x75, 0xDF, 0x6E, 0x47, 0xF1, 0x1A, 0x71, 0x1D, 0x29, 0xC5, 0x89, + 0x6F, 0xB7, 0x62, 0x0E, 0xAA, 0x18, 0xBE, 0x1B, 0xFC, 0x56, 0x3E, 0x4B, + 0xC6, 0xD2, 0x79, 0x20, 0x9A, 0xDB, 0xC0, 0xFE, 0x78, 0xCD, 0x5A, 0xF4, + 0x1F, 0xDD, 0xA8, 0x33, 0x88, 0x07, 0xC7, 0x31, 0xB1, 0x12, 0x10, 0x59, + 0x27, 0x80, 0xEC, 0x5F, 0x60, 0x51, 0x7F, 0xA9, 0x19, 0xB5, 0x4A, 0x0D, + 0x2D, 0xE5, 0x7A, 0x9F, 0x93, 0xC9, 0x9C, 0xEF, 0xA0, 0xE0, 0x3B, 0x4D, + 0xAE, 0x2A, 0xF5, 0xB0, 0xC8, 0xEB, 0xBB, 0x3C, 0x83, 0x53, 0x99, 0x61, + 0x17, 0x2B, 0x04, 0x7E, 0xBA, 0x77, 0xD6, 0x26, 0xE1, 0x69, 0x14, 0x63, + 0x55, 0x21, 0x0C, 0x7D }; + +const u32bit AES::TE[1024] = { + 0xC66363A5, 0xF87C7C84, 0xEE777799, 0xF67B7B8D, 0xFFF2F20D, 0xD66B6BBD, + 0xDE6F6FB1, 0x91C5C554, 0x60303050, 0x02010103, 0xCE6767A9, 0x562B2B7D, + 0xE7FEFE19, 0xB5D7D762, 0x4DABABE6, 0xEC76769A, 0x8FCACA45, 0x1F82829D, + 0x89C9C940, 0xFA7D7D87, 0xEFFAFA15, 0xB25959EB, 0x8E4747C9, 0xFBF0F00B, + 0x41ADADEC, 0xB3D4D467, 0x5FA2A2FD, 0x45AFAFEA, 0x239C9CBF, 0x53A4A4F7, + 0xE4727296, 0x9BC0C05B, 0x75B7B7C2, 0xE1FDFD1C, 0x3D9393AE, 0x4C26266A, + 0x6C36365A, 0x7E3F3F41, 0xF5F7F702, 0x83CCCC4F, 0x6834345C, 0x51A5A5F4, + 0xD1E5E534, 0xF9F1F108, 0xE2717193, 0xABD8D873, 0x62313153, 0x2A15153F, + 0x0804040C, 0x95C7C752, 0x46232365, 0x9DC3C35E, 0x30181828, 0x379696A1, + 0x0A05050F, 0x2F9A9AB5, 0x0E070709, 0x24121236, 0x1B80809B, 0xDFE2E23D, + 0xCDEBEB26, 0x4E272769, 0x7FB2B2CD, 0xEA75759F, 0x1209091B, 0x1D83839E, + 0x582C2C74, 0x341A1A2E, 0x361B1B2D, 0xDC6E6EB2, 0xB45A5AEE, 0x5BA0A0FB, + 0xA45252F6, 0x763B3B4D, 0xB7D6D661, 0x7DB3B3CE, 0x5229297B, 0xDDE3E33E, + 0x5E2F2F71, 0x13848497, 0xA65353F5, 0xB9D1D168, 0x00000000, 0xC1EDED2C, + 0x40202060, 0xE3FCFC1F, 0x79B1B1C8, 0xB65B5BED, 0xD46A6ABE, 0x8DCBCB46, + 0x67BEBED9, 0x7239394B, 0x944A4ADE, 0x984C4CD4, 0xB05858E8, 0x85CFCF4A, + 0xBBD0D06B, 0xC5EFEF2A, 0x4FAAAAE5, 0xEDFBFB16, 0x864343C5, 0x9A4D4DD7, + 0x66333355, 0x11858594, 0x8A4545CF, 0xE9F9F910, 0x04020206, 0xFE7F7F81, + 0xA05050F0, 0x783C3C44, 0x259F9FBA, 0x4BA8A8E3, 0xA25151F3, 0x5DA3A3FE, + 0x804040C0, 0x058F8F8A, 0x3F9292AD, 0x219D9DBC, 0x70383848, 0xF1F5F504, + 0x63BCBCDF, 0x77B6B6C1, 0xAFDADA75, 0x42212163, 0x20101030, 0xE5FFFF1A, + 0xFDF3F30E, 0xBFD2D26D, 0x81CDCD4C, 0x180C0C14, 0x26131335, 0xC3ECEC2F, + 0xBE5F5FE1, 0x359797A2, 0x884444CC, 0x2E171739, 0x93C4C457, 0x55A7A7F2, + 0xFC7E7E82, 0x7A3D3D47, 0xC86464AC, 0xBA5D5DE7, 0x3219192B, 0xE6737395, + 0xC06060A0, 0x19818198, 0x9E4F4FD1, 0xA3DCDC7F, 0x44222266, 0x542A2A7E, + 0x3B9090AB, 0x0B888883, 0x8C4646CA, 0xC7EEEE29, 0x6BB8B8D3, 0x2814143C, + 0xA7DEDE79, 0xBC5E5EE2, 0x160B0B1D, 0xADDBDB76, 0xDBE0E03B, 0x64323256, + 0x743A3A4E, 0x140A0A1E, 0x924949DB, 0x0C06060A, 0x4824246C, 0xB85C5CE4, + 0x9FC2C25D, 0xBDD3D36E, 0x43ACACEF, 0xC46262A6, 0x399191A8, 0x319595A4, + 0xD3E4E437, 0xF279798B, 0xD5E7E732, 0x8BC8C843, 0x6E373759, 0xDA6D6DB7, + 0x018D8D8C, 0xB1D5D564, 0x9C4E4ED2, 0x49A9A9E0, 0xD86C6CB4, 0xAC5656FA, + 0xF3F4F407, 0xCFEAEA25, 0xCA6565AF, 0xF47A7A8E, 0x47AEAEE9, 0x10080818, + 0x6FBABAD5, 0xF0787888, 0x4A25256F, 0x5C2E2E72, 0x381C1C24, 0x57A6A6F1, + 0x73B4B4C7, 0x97C6C651, 0xCBE8E823, 0xA1DDDD7C, 0xE874749C, 0x3E1F1F21, + 0x964B4BDD, 0x61BDBDDC, 0x0D8B8B86, 0x0F8A8A85, 0xE0707090, 0x7C3E3E42, + 0x71B5B5C4, 0xCC6666AA, 0x904848D8, 0x06030305, 0xF7F6F601, 0x1C0E0E12, + 0xC26161A3, 0x6A35355F, 0xAE5757F9, 0x69B9B9D0, 0x17868691, 0x99C1C158, + 0x3A1D1D27, 0x279E9EB9, 0xD9E1E138, 0xEBF8F813, 0x2B9898B3, 0x22111133, + 0xD26969BB, 0xA9D9D970, 0x078E8E89, 0x339494A7, 0x2D9B9BB6, 0x3C1E1E22, + 0x15878792, 0xC9E9E920, 0x87CECE49, 0xAA5555FF, 0x50282878, 0xA5DFDF7A, + 0x038C8C8F, 0x59A1A1F8, 0x09898980, 0x1A0D0D17, 0x65BFBFDA, 0xD7E6E631, + 0x844242C6, 0xD06868B8, 0x824141C3, 0x299999B0, 0x5A2D2D77, 0x1E0F0F11, + 0x7BB0B0CB, 0xA85454FC, 0x6DBBBBD6, 0x2C16163A, 0xA5C66363, 0x84F87C7C, + 0x99EE7777, 0x8DF67B7B, 0x0DFFF2F2, 0xBDD66B6B, 0xB1DE6F6F, 0x5491C5C5, + 0x50603030, 0x03020101, 0xA9CE6767, 0x7D562B2B, 0x19E7FEFE, 0x62B5D7D7, + 0xE64DABAB, 0x9AEC7676, 0x458FCACA, 0x9D1F8282, 0x4089C9C9, 0x87FA7D7D, + 0x15EFFAFA, 0xEBB25959, 0xC98E4747, 0x0BFBF0F0, 0xEC41ADAD, 0x67B3D4D4, + 0xFD5FA2A2, 0xEA45AFAF, 0xBF239C9C, 0xF753A4A4, 0x96E47272, 0x5B9BC0C0, + 0xC275B7B7, 0x1CE1FDFD, 0xAE3D9393, 0x6A4C2626, 0x5A6C3636, 0x417E3F3F, + 0x02F5F7F7, 0x4F83CCCC, 0x5C683434, 0xF451A5A5, 0x34D1E5E5, 0x08F9F1F1, + 0x93E27171, 0x73ABD8D8, 0x53623131, 0x3F2A1515, 0x0C080404, 0x5295C7C7, + 0x65462323, 0x5E9DC3C3, 0x28301818, 0xA1379696, 0x0F0A0505, 0xB52F9A9A, + 0x090E0707, 0x36241212, 0x9B1B8080, 0x3DDFE2E2, 0x26CDEBEB, 0x694E2727, + 0xCD7FB2B2, 0x9FEA7575, 0x1B120909, 0x9E1D8383, 0x74582C2C, 0x2E341A1A, + 0x2D361B1B, 0xB2DC6E6E, 0xEEB45A5A, 0xFB5BA0A0, 0xF6A45252, 0x4D763B3B, + 0x61B7D6D6, 0xCE7DB3B3, 0x7B522929, 0x3EDDE3E3, 0x715E2F2F, 0x97138484, + 0xF5A65353, 0x68B9D1D1, 0x00000000, 0x2CC1EDED, 0x60402020, 0x1FE3FCFC, + 0xC879B1B1, 0xEDB65B5B, 0xBED46A6A, 0x468DCBCB, 0xD967BEBE, 0x4B723939, + 0xDE944A4A, 0xD4984C4C, 0xE8B05858, 0x4A85CFCF, 0x6BBBD0D0, 0x2AC5EFEF, + 0xE54FAAAA, 0x16EDFBFB, 0xC5864343, 0xD79A4D4D, 0x55663333, 0x94118585, + 0xCF8A4545, 0x10E9F9F9, 0x06040202, 0x81FE7F7F, 0xF0A05050, 0x44783C3C, + 0xBA259F9F, 0xE34BA8A8, 0xF3A25151, 0xFE5DA3A3, 0xC0804040, 0x8A058F8F, + 0xAD3F9292, 0xBC219D9D, 0x48703838, 0x04F1F5F5, 0xDF63BCBC, 0xC177B6B6, + 0x75AFDADA, 0x63422121, 0x30201010, 0x1AE5FFFF, 0x0EFDF3F3, 0x6DBFD2D2, + 0x4C81CDCD, 0x14180C0C, 0x35261313, 0x2FC3ECEC, 0xE1BE5F5F, 0xA2359797, + 0xCC884444, 0x392E1717, 0x5793C4C4, 0xF255A7A7, 0x82FC7E7E, 0x477A3D3D, + 0xACC86464, 0xE7BA5D5D, 0x2B321919, 0x95E67373, 0xA0C06060, 0x98198181, + 0xD19E4F4F, 0x7FA3DCDC, 0x66442222, 0x7E542A2A, 0xAB3B9090, 0x830B8888, + 0xCA8C4646, 0x29C7EEEE, 0xD36BB8B8, 0x3C281414, 0x79A7DEDE, 0xE2BC5E5E, + 0x1D160B0B, 0x76ADDBDB, 0x3BDBE0E0, 0x56643232, 0x4E743A3A, 0x1E140A0A, + 0xDB924949, 0x0A0C0606, 0x6C482424, 0xE4B85C5C, 0x5D9FC2C2, 0x6EBDD3D3, + 0xEF43ACAC, 0xA6C46262, 0xA8399191, 0xA4319595, 0x37D3E4E4, 0x8BF27979, + 0x32D5E7E7, 0x438BC8C8, 0x596E3737, 0xB7DA6D6D, 0x8C018D8D, 0x64B1D5D5, + 0xD29C4E4E, 0xE049A9A9, 0xB4D86C6C, 0xFAAC5656, 0x07F3F4F4, 0x25CFEAEA, + 0xAFCA6565, 0x8EF47A7A, 0xE947AEAE, 0x18100808, 0xD56FBABA, 0x88F07878, + 0x6F4A2525, 0x725C2E2E, 0x24381C1C, 0xF157A6A6, 0xC773B4B4, 0x5197C6C6, + 0x23CBE8E8, 0x7CA1DDDD, 0x9CE87474, 0x213E1F1F, 0xDD964B4B, 0xDC61BDBD, + 0x860D8B8B, 0x850F8A8A, 0x90E07070, 0x427C3E3E, 0xC471B5B5, 0xAACC6666, + 0xD8904848, 0x05060303, 0x01F7F6F6, 0x121C0E0E, 0xA3C26161, 0x5F6A3535, + 0xF9AE5757, 0xD069B9B9, 0x91178686, 0x5899C1C1, 0x273A1D1D, 0xB9279E9E, + 0x38D9E1E1, 0x13EBF8F8, 0xB32B9898, 0x33221111, 0xBBD26969, 0x70A9D9D9, + 0x89078E8E, 0xA7339494, 0xB62D9B9B, 0x223C1E1E, 0x92158787, 0x20C9E9E9, + 0x4987CECE, 0xFFAA5555, 0x78502828, 0x7AA5DFDF, 0x8F038C8C, 0xF859A1A1, + 0x80098989, 0x171A0D0D, 0xDA65BFBF, 0x31D7E6E6, 0xC6844242, 0xB8D06868, + 0xC3824141, 0xB0299999, 0x775A2D2D, 0x111E0F0F, 0xCB7BB0B0, 0xFCA85454, + 0xD66DBBBB, 0x3A2C1616, 0x63A5C663, 0x7C84F87C, 0x7799EE77, 0x7B8DF67B, + 0xF20DFFF2, 0x6BBDD66B, 0x6FB1DE6F, 0xC55491C5, 0x30506030, 0x01030201, + 0x67A9CE67, 0x2B7D562B, 0xFE19E7FE, 0xD762B5D7, 0xABE64DAB, 0x769AEC76, + 0xCA458FCA, 0x829D1F82, 0xC94089C9, 0x7D87FA7D, 0xFA15EFFA, 0x59EBB259, + 0x47C98E47, 0xF00BFBF0, 0xADEC41AD, 0xD467B3D4, 0xA2FD5FA2, 0xAFEA45AF, + 0x9CBF239C, 0xA4F753A4, 0x7296E472, 0xC05B9BC0, 0xB7C275B7, 0xFD1CE1FD, + 0x93AE3D93, 0x266A4C26, 0x365A6C36, 0x3F417E3F, 0xF702F5F7, 0xCC4F83CC, + 0x345C6834, 0xA5F451A5, 0xE534D1E5, 0xF108F9F1, 0x7193E271, 0xD873ABD8, + 0x31536231, 0x153F2A15, 0x040C0804, 0xC75295C7, 0x23654623, 0xC35E9DC3, + 0x18283018, 0x96A13796, 0x050F0A05, 0x9AB52F9A, 0x07090E07, 0x12362412, + 0x809B1B80, 0xE23DDFE2, 0xEB26CDEB, 0x27694E27, 0xB2CD7FB2, 0x759FEA75, + 0x091B1209, 0x839E1D83, 0x2C74582C, 0x1A2E341A, 0x1B2D361B, 0x6EB2DC6E, + 0x5AEEB45A, 0xA0FB5BA0, 0x52F6A452, 0x3B4D763B, 0xD661B7D6, 0xB3CE7DB3, + 0x297B5229, 0xE33EDDE3, 0x2F715E2F, 0x84971384, 0x53F5A653, 0xD168B9D1, + 0x00000000, 0xED2CC1ED, 0x20604020, 0xFC1FE3FC, 0xB1C879B1, 0x5BEDB65B, + 0x6ABED46A, 0xCB468DCB, 0xBED967BE, 0x394B7239, 0x4ADE944A, 0x4CD4984C, + 0x58E8B058, 0xCF4A85CF, 0xD06BBBD0, 0xEF2AC5EF, 0xAAE54FAA, 0xFB16EDFB, + 0x43C58643, 0x4DD79A4D, 0x33556633, 0x85941185, 0x45CF8A45, 0xF910E9F9, + 0x02060402, 0x7F81FE7F, 0x50F0A050, 0x3C44783C, 0x9FBA259F, 0xA8E34BA8, + 0x51F3A251, 0xA3FE5DA3, 0x40C08040, 0x8F8A058F, 0x92AD3F92, 0x9DBC219D, + 0x38487038, 0xF504F1F5, 0xBCDF63BC, 0xB6C177B6, 0xDA75AFDA, 0x21634221, + 0x10302010, 0xFF1AE5FF, 0xF30EFDF3, 0xD26DBFD2, 0xCD4C81CD, 0x0C14180C, + 0x13352613, 0xEC2FC3EC, 0x5FE1BE5F, 0x97A23597, 0x44CC8844, 0x17392E17, + 0xC45793C4, 0xA7F255A7, 0x7E82FC7E, 0x3D477A3D, 0x64ACC864, 0x5DE7BA5D, + 0x192B3219, 0x7395E673, 0x60A0C060, 0x81981981, 0x4FD19E4F, 0xDC7FA3DC, + 0x22664422, 0x2A7E542A, 0x90AB3B90, 0x88830B88, 0x46CA8C46, 0xEE29C7EE, + 0xB8D36BB8, 0x143C2814, 0xDE79A7DE, 0x5EE2BC5E, 0x0B1D160B, 0xDB76ADDB, + 0xE03BDBE0, 0x32566432, 0x3A4E743A, 0x0A1E140A, 0x49DB9249, 0x060A0C06, + 0x246C4824, 0x5CE4B85C, 0xC25D9FC2, 0xD36EBDD3, 0xACEF43AC, 0x62A6C462, + 0x91A83991, 0x95A43195, 0xE437D3E4, 0x798BF279, 0xE732D5E7, 0xC8438BC8, + 0x37596E37, 0x6DB7DA6D, 0x8D8C018D, 0xD564B1D5, 0x4ED29C4E, 0xA9E049A9, + 0x6CB4D86C, 0x56FAAC56, 0xF407F3F4, 0xEA25CFEA, 0x65AFCA65, 0x7A8EF47A, + 0xAEE947AE, 0x08181008, 0xBAD56FBA, 0x7888F078, 0x256F4A25, 0x2E725C2E, + 0x1C24381C, 0xA6F157A6, 0xB4C773B4, 0xC65197C6, 0xE823CBE8, 0xDD7CA1DD, + 0x749CE874, 0x1F213E1F, 0x4BDD964B, 0xBDDC61BD, 0x8B860D8B, 0x8A850F8A, + 0x7090E070, 0x3E427C3E, 0xB5C471B5, 0x66AACC66, 0x48D89048, 0x03050603, + 0xF601F7F6, 0x0E121C0E, 0x61A3C261, 0x355F6A35, 0x57F9AE57, 0xB9D069B9, + 0x86911786, 0xC15899C1, 0x1D273A1D, 0x9EB9279E, 0xE138D9E1, 0xF813EBF8, + 0x98B32B98, 0x11332211, 0x69BBD269, 0xD970A9D9, 0x8E89078E, 0x94A73394, + 0x9BB62D9B, 0x1E223C1E, 0x87921587, 0xE920C9E9, 0xCE4987CE, 0x55FFAA55, + 0x28785028, 0xDF7AA5DF, 0x8C8F038C, 0xA1F859A1, 0x89800989, 0x0D171A0D, + 0xBFDA65BF, 0xE631D7E6, 0x42C68442, 0x68B8D068, 0x41C38241, 0x99B02999, + 0x2D775A2D, 0x0F111E0F, 0xB0CB7BB0, 0x54FCA854, 0xBBD66DBB, 0x163A2C16, + 0x6363A5C6, 0x7C7C84F8, 0x777799EE, 0x7B7B8DF6, 0xF2F20DFF, 0x6B6BBDD6, + 0x6F6FB1DE, 0xC5C55491, 0x30305060, 0x01010302, 0x6767A9CE, 0x2B2B7D56, + 0xFEFE19E7, 0xD7D762B5, 0xABABE64D, 0x76769AEC, 0xCACA458F, 0x82829D1F, + 0xC9C94089, 0x7D7D87FA, 0xFAFA15EF, 0x5959EBB2, 0x4747C98E, 0xF0F00BFB, + 0xADADEC41, 0xD4D467B3, 0xA2A2FD5F, 0xAFAFEA45, 0x9C9CBF23, 0xA4A4F753, + 0x727296E4, 0xC0C05B9B, 0xB7B7C275, 0xFDFD1CE1, 0x9393AE3D, 0x26266A4C, + 0x36365A6C, 0x3F3F417E, 0xF7F702F5, 0xCCCC4F83, 0x34345C68, 0xA5A5F451, + 0xE5E534D1, 0xF1F108F9, 0x717193E2, 0xD8D873AB, 0x31315362, 0x15153F2A, + 0x04040C08, 0xC7C75295, 0x23236546, 0xC3C35E9D, 0x18182830, 0x9696A137, + 0x05050F0A, 0x9A9AB52F, 0x0707090E, 0x12123624, 0x80809B1B, 0xE2E23DDF, + 0xEBEB26CD, 0x2727694E, 0xB2B2CD7F, 0x75759FEA, 0x09091B12, 0x83839E1D, + 0x2C2C7458, 0x1A1A2E34, 0x1B1B2D36, 0x6E6EB2DC, 0x5A5AEEB4, 0xA0A0FB5B, + 0x5252F6A4, 0x3B3B4D76, 0xD6D661B7, 0xB3B3CE7D, 0x29297B52, 0xE3E33EDD, + 0x2F2F715E, 0x84849713, 0x5353F5A6, 0xD1D168B9, 0x00000000, 0xEDED2CC1, + 0x20206040, 0xFCFC1FE3, 0xB1B1C879, 0x5B5BEDB6, 0x6A6ABED4, 0xCBCB468D, + 0xBEBED967, 0x39394B72, 0x4A4ADE94, 0x4C4CD498, 0x5858E8B0, 0xCFCF4A85, + 0xD0D06BBB, 0xEFEF2AC5, 0xAAAAE54F, 0xFBFB16ED, 0x4343C586, 0x4D4DD79A, + 0x33335566, 0x85859411, 0x4545CF8A, 0xF9F910E9, 0x02020604, 0x7F7F81FE, + 0x5050F0A0, 0x3C3C4478, 0x9F9FBA25, 0xA8A8E34B, 0x5151F3A2, 0xA3A3FE5D, + 0x4040C080, 0x8F8F8A05, 0x9292AD3F, 0x9D9DBC21, 0x38384870, 0xF5F504F1, + 0xBCBCDF63, 0xB6B6C177, 0xDADA75AF, 0x21216342, 0x10103020, 0xFFFF1AE5, + 0xF3F30EFD, 0xD2D26DBF, 0xCDCD4C81, 0x0C0C1418, 0x13133526, 0xECEC2FC3, + 0x5F5FE1BE, 0x9797A235, 0x4444CC88, 0x1717392E, 0xC4C45793, 0xA7A7F255, + 0x7E7E82FC, 0x3D3D477A, 0x6464ACC8, 0x5D5DE7BA, 0x19192B32, 0x737395E6, + 0x6060A0C0, 0x81819819, 0x4F4FD19E, 0xDCDC7FA3, 0x22226644, 0x2A2A7E54, + 0x9090AB3B, 0x8888830B, 0x4646CA8C, 0xEEEE29C7, 0xB8B8D36B, 0x14143C28, + 0xDEDE79A7, 0x5E5EE2BC, 0x0B0B1D16, 0xDBDB76AD, 0xE0E03BDB, 0x32325664, + 0x3A3A4E74, 0x0A0A1E14, 0x4949DB92, 0x06060A0C, 0x24246C48, 0x5C5CE4B8, + 0xC2C25D9F, 0xD3D36EBD, 0xACACEF43, 0x6262A6C4, 0x9191A839, 0x9595A431, + 0xE4E437D3, 0x79798BF2, 0xE7E732D5, 0xC8C8438B, 0x3737596E, 0x6D6DB7DA, + 0x8D8D8C01, 0xD5D564B1, 0x4E4ED29C, 0xA9A9E049, 0x6C6CB4D8, 0x5656FAAC, + 0xF4F407F3, 0xEAEA25CF, 0x6565AFCA, 0x7A7A8EF4, 0xAEAEE947, 0x08081810, + 0xBABAD56F, 0x787888F0, 0x25256F4A, 0x2E2E725C, 0x1C1C2438, 0xA6A6F157, + 0xB4B4C773, 0xC6C65197, 0xE8E823CB, 0xDDDD7CA1, 0x74749CE8, 0x1F1F213E, + 0x4B4BDD96, 0xBDBDDC61, 0x8B8B860D, 0x8A8A850F, 0x707090E0, 0x3E3E427C, + 0xB5B5C471, 0x6666AACC, 0x4848D890, 0x03030506, 0xF6F601F7, 0x0E0E121C, + 0x6161A3C2, 0x35355F6A, 0x5757F9AE, 0xB9B9D069, 0x86869117, 0xC1C15899, + 0x1D1D273A, 0x9E9EB927, 0xE1E138D9, 0xF8F813EB, 0x9898B32B, 0x11113322, + 0x6969BBD2, 0xD9D970A9, 0x8E8E8907, 0x9494A733, 0x9B9BB62D, 0x1E1E223C, + 0x87879215, 0xE9E920C9, 0xCECE4987, 0x5555FFAA, 0x28287850, 0xDFDF7AA5, + 0x8C8C8F03, 0xA1A1F859, 0x89898009, 0x0D0D171A, 0xBFBFDA65, 0xE6E631D7, + 0x4242C684, 0x6868B8D0, 0x4141C382, 0x9999B029, 0x2D2D775A, 0x0F0F111E, + 0xB0B0CB7B, 0x5454FCA8, 0xBBBBD66D, 0x16163A2C }; + +const u32bit AES::TD[1024] = { + 0x51F4A750, 0x7E416553, 0x1A17A4C3, 0x3A275E96, 0x3BAB6BCB, 0x1F9D45F1, + 0xACFA58AB, 0x4BE30393, 0x2030FA55, 0xAD766DF6, 0x88CC7691, 0xF5024C25, + 0x4FE5D7FC, 0xC52ACBD7, 0x26354480, 0xB562A38F, 0xDEB15A49, 0x25BA1B67, + 0x45EA0E98, 0x5DFEC0E1, 0xC32F7502, 0x814CF012, 0x8D4697A3, 0x6BD3F9C6, + 0x038F5FE7, 0x15929C95, 0xBF6D7AEB, 0x955259DA, 0xD4BE832D, 0x587421D3, + 0x49E06929, 0x8EC9C844, 0x75C2896A, 0xF48E7978, 0x99583E6B, 0x27B971DD, + 0xBEE14FB6, 0xF088AD17, 0xC920AC66, 0x7DCE3AB4, 0x63DF4A18, 0xE51A3182, + 0x97513360, 0x62537F45, 0xB16477E0, 0xBB6BAE84, 0xFE81A01C, 0xF9082B94, + 0x70486858, 0x8F45FD19, 0x94DE6C87, 0x527BF8B7, 0xAB73D323, 0x724B02E2, + 0xE31F8F57, 0x6655AB2A, 0xB2EB2807, 0x2FB5C203, 0x86C57B9A, 0xD33708A5, + 0x302887F2, 0x23BFA5B2, 0x02036ABA, 0xED16825C, 0x8ACF1C2B, 0xA779B492, + 0xF307F2F0, 0x4E69E2A1, 0x65DAF4CD, 0x0605BED5, 0xD134621F, 0xC4A6FE8A, + 0x342E539D, 0xA2F355A0, 0x058AE132, 0xA4F6EB75, 0x0B83EC39, 0x4060EFAA, + 0x5E719F06, 0xBD6E1051, 0x3E218AF9, 0x96DD063D, 0xDD3E05AE, 0x4DE6BD46, + 0x91548DB5, 0x71C45D05, 0x0406D46F, 0x605015FF, 0x1998FB24, 0xD6BDE997, + 0x894043CC, 0x67D99E77, 0xB0E842BD, 0x07898B88, 0xE7195B38, 0x79C8EEDB, + 0xA17C0A47, 0x7C420FE9, 0xF8841EC9, 0x00000000, 0x09808683, 0x322BED48, + 0x1E1170AC, 0x6C5A724E, 0xFD0EFFFB, 0x0F853856, 0x3DAED51E, 0x362D3927, + 0x0A0FD964, 0x685CA621, 0x9B5B54D1, 0x24362E3A, 0x0C0A67B1, 0x9357E70F, + 0xB4EE96D2, 0x1B9B919E, 0x80C0C54F, 0x61DC20A2, 0x5A774B69, 0x1C121A16, + 0xE293BA0A, 0xC0A02AE5, 0x3C22E043, 0x121B171D, 0x0E090D0B, 0xF28BC7AD, + 0x2DB6A8B9, 0x141EA9C8, 0x57F11985, 0xAF75074C, 0xEE99DDBB, 0xA37F60FD, + 0xF701269F, 0x5C72F5BC, 0x44663BC5, 0x5BFB7E34, 0x8B432976, 0xCB23C6DC, + 0xB6EDFC68, 0xB8E4F163, 0xD731DCCA, 0x42638510, 0x13972240, 0x84C61120, + 0x854A247D, 0xD2BB3DF8, 0xAEF93211, 0xC729A16D, 0x1D9E2F4B, 0xDCB230F3, + 0x0D8652EC, 0x77C1E3D0, 0x2BB3166C, 0xA970B999, 0x119448FA, 0x47E96422, + 0xA8FC8CC4, 0xA0F03F1A, 0x567D2CD8, 0x223390EF, 0x87494EC7, 0xD938D1C1, + 0x8CCAA2FE, 0x98D40B36, 0xA6F581CF, 0xA57ADE28, 0xDAB78E26, 0x3FADBFA4, + 0x2C3A9DE4, 0x5078920D, 0x6A5FCC9B, 0x547E4662, 0xF68D13C2, 0x90D8B8E8, + 0x2E39F75E, 0x82C3AFF5, 0x9F5D80BE, 0x69D0937C, 0x6FD52DA9, 0xCF2512B3, + 0xC8AC993B, 0x10187DA7, 0xE89C636E, 0xDB3BBB7B, 0xCD267809, 0x6E5918F4, + 0xEC9AB701, 0x834F9AA8, 0xE6956E65, 0xAAFFE67E, 0x21BCCF08, 0xEF15E8E6, + 0xBAE79BD9, 0x4A6F36CE, 0xEA9F09D4, 0x29B07CD6, 0x31A4B2AF, 0x2A3F2331, + 0xC6A59430, 0x35A266C0, 0x744EBC37, 0xFC82CAA6, 0xE090D0B0, 0x33A7D815, + 0xF104984A, 0x41ECDAF7, 0x7FCD500E, 0x1791F62F, 0x764DD68D, 0x43EFB04D, + 0xCCAA4D54, 0xE49604DF, 0x9ED1B5E3, 0x4C6A881B, 0xC12C1FB8, 0x4665517F, + 0x9D5EEA04, 0x018C355D, 0xFA877473, 0xFB0B412E, 0xB3671D5A, 0x92DBD252, + 0xE9105633, 0x6DD64713, 0x9AD7618C, 0x37A10C7A, 0x59F8148E, 0xEB133C89, + 0xCEA927EE, 0xB761C935, 0xE11CE5ED, 0x7A47B13C, 0x9CD2DF59, 0x55F2733F, + 0x1814CE79, 0x73C737BF, 0x53F7CDEA, 0x5FFDAA5B, 0xDF3D6F14, 0x7844DB86, + 0xCAAFF381, 0xB968C43E, 0x3824342C, 0xC2A3405F, 0x161DC372, 0xBCE2250C, + 0x283C498B, 0xFF0D9541, 0x39A80171, 0x080CB3DE, 0xD8B4E49C, 0x6456C190, + 0x7BCB8461, 0xD532B670, 0x486C5C74, 0xD0B85742, 0x5051F4A7, 0x537E4165, + 0xC31A17A4, 0x963A275E, 0xCB3BAB6B, 0xF11F9D45, 0xABACFA58, 0x934BE303, + 0x552030FA, 0xF6AD766D, 0x9188CC76, 0x25F5024C, 0xFC4FE5D7, 0xD7C52ACB, + 0x80263544, 0x8FB562A3, 0x49DEB15A, 0x6725BA1B, 0x9845EA0E, 0xE15DFEC0, + 0x02C32F75, 0x12814CF0, 0xA38D4697, 0xC66BD3F9, 0xE7038F5F, 0x9515929C, + 0xEBBF6D7A, 0xDA955259, 0x2DD4BE83, 0xD3587421, 0x2949E069, 0x448EC9C8, + 0x6A75C289, 0x78F48E79, 0x6B99583E, 0xDD27B971, 0xB6BEE14F, 0x17F088AD, + 0x66C920AC, 0xB47DCE3A, 0x1863DF4A, 0x82E51A31, 0x60975133, 0x4562537F, + 0xE0B16477, 0x84BB6BAE, 0x1CFE81A0, 0x94F9082B, 0x58704868, 0x198F45FD, + 0x8794DE6C, 0xB7527BF8, 0x23AB73D3, 0xE2724B02, 0x57E31F8F, 0x2A6655AB, + 0x07B2EB28, 0x032FB5C2, 0x9A86C57B, 0xA5D33708, 0xF2302887, 0xB223BFA5, + 0xBA02036A, 0x5CED1682, 0x2B8ACF1C, 0x92A779B4, 0xF0F307F2, 0xA14E69E2, + 0xCD65DAF4, 0xD50605BE, 0x1FD13462, 0x8AC4A6FE, 0x9D342E53, 0xA0A2F355, + 0x32058AE1, 0x75A4F6EB, 0x390B83EC, 0xAA4060EF, 0x065E719F, 0x51BD6E10, + 0xF93E218A, 0x3D96DD06, 0xAEDD3E05, 0x464DE6BD, 0xB591548D, 0x0571C45D, + 0x6F0406D4, 0xFF605015, 0x241998FB, 0x97D6BDE9, 0xCC894043, 0x7767D99E, + 0xBDB0E842, 0x8807898B, 0x38E7195B, 0xDB79C8EE, 0x47A17C0A, 0xE97C420F, + 0xC9F8841E, 0x00000000, 0x83098086, 0x48322BED, 0xAC1E1170, 0x4E6C5A72, + 0xFBFD0EFF, 0x560F8538, 0x1E3DAED5, 0x27362D39, 0x640A0FD9, 0x21685CA6, + 0xD19B5B54, 0x3A24362E, 0xB10C0A67, 0x0F9357E7, 0xD2B4EE96, 0x9E1B9B91, + 0x4F80C0C5, 0xA261DC20, 0x695A774B, 0x161C121A, 0x0AE293BA, 0xE5C0A02A, + 0x433C22E0, 0x1D121B17, 0x0B0E090D, 0xADF28BC7, 0xB92DB6A8, 0xC8141EA9, + 0x8557F119, 0x4CAF7507, 0xBBEE99DD, 0xFDA37F60, 0x9FF70126, 0xBC5C72F5, + 0xC544663B, 0x345BFB7E, 0x768B4329, 0xDCCB23C6, 0x68B6EDFC, 0x63B8E4F1, + 0xCAD731DC, 0x10426385, 0x40139722, 0x2084C611, 0x7D854A24, 0xF8D2BB3D, + 0x11AEF932, 0x6DC729A1, 0x4B1D9E2F, 0xF3DCB230, 0xEC0D8652, 0xD077C1E3, + 0x6C2BB316, 0x99A970B9, 0xFA119448, 0x2247E964, 0xC4A8FC8C, 0x1AA0F03F, + 0xD8567D2C, 0xEF223390, 0xC787494E, 0xC1D938D1, 0xFE8CCAA2, 0x3698D40B, + 0xCFA6F581, 0x28A57ADE, 0x26DAB78E, 0xA43FADBF, 0xE42C3A9D, 0x0D507892, + 0x9B6A5FCC, 0x62547E46, 0xC2F68D13, 0xE890D8B8, 0x5E2E39F7, 0xF582C3AF, + 0xBE9F5D80, 0x7C69D093, 0xA96FD52D, 0xB3CF2512, 0x3BC8AC99, 0xA710187D, + 0x6EE89C63, 0x7BDB3BBB, 0x09CD2678, 0xF46E5918, 0x01EC9AB7, 0xA8834F9A, + 0x65E6956E, 0x7EAAFFE6, 0x0821BCCF, 0xE6EF15E8, 0xD9BAE79B, 0xCE4A6F36, + 0xD4EA9F09, 0xD629B07C, 0xAF31A4B2, 0x312A3F23, 0x30C6A594, 0xC035A266, + 0x37744EBC, 0xA6FC82CA, 0xB0E090D0, 0x1533A7D8, 0x4AF10498, 0xF741ECDA, + 0x0E7FCD50, 0x2F1791F6, 0x8D764DD6, 0x4D43EFB0, 0x54CCAA4D, 0xDFE49604, + 0xE39ED1B5, 0x1B4C6A88, 0xB8C12C1F, 0x7F466551, 0x049D5EEA, 0x5D018C35, + 0x73FA8774, 0x2EFB0B41, 0x5AB3671D, 0x5292DBD2, 0x33E91056, 0x136DD647, + 0x8C9AD761, 0x7A37A10C, 0x8E59F814, 0x89EB133C, 0xEECEA927, 0x35B761C9, + 0xEDE11CE5, 0x3C7A47B1, 0x599CD2DF, 0x3F55F273, 0x791814CE, 0xBF73C737, + 0xEA53F7CD, 0x5B5FFDAA, 0x14DF3D6F, 0x867844DB, 0x81CAAFF3, 0x3EB968C4, + 0x2C382434, 0x5FC2A340, 0x72161DC3, 0x0CBCE225, 0x8B283C49, 0x41FF0D95, + 0x7139A801, 0xDE080CB3, 0x9CD8B4E4, 0x906456C1, 0x617BCB84, 0x70D532B6, + 0x74486C5C, 0x42D0B857, 0xA75051F4, 0x65537E41, 0xA4C31A17, 0x5E963A27, + 0x6BCB3BAB, 0x45F11F9D, 0x58ABACFA, 0x03934BE3, 0xFA552030, 0x6DF6AD76, + 0x769188CC, 0x4C25F502, 0xD7FC4FE5, 0xCBD7C52A, 0x44802635, 0xA38FB562, + 0x5A49DEB1, 0x1B6725BA, 0x0E9845EA, 0xC0E15DFE, 0x7502C32F, 0xF012814C, + 0x97A38D46, 0xF9C66BD3, 0x5FE7038F, 0x9C951592, 0x7AEBBF6D, 0x59DA9552, + 0x832DD4BE, 0x21D35874, 0x692949E0, 0xC8448EC9, 0x896A75C2, 0x7978F48E, + 0x3E6B9958, 0x71DD27B9, 0x4FB6BEE1, 0xAD17F088, 0xAC66C920, 0x3AB47DCE, + 0x4A1863DF, 0x3182E51A, 0x33609751, 0x7F456253, 0x77E0B164, 0xAE84BB6B, + 0xA01CFE81, 0x2B94F908, 0x68587048, 0xFD198F45, 0x6C8794DE, 0xF8B7527B, + 0xD323AB73, 0x02E2724B, 0x8F57E31F, 0xAB2A6655, 0x2807B2EB, 0xC2032FB5, + 0x7B9A86C5, 0x08A5D337, 0x87F23028, 0xA5B223BF, 0x6ABA0203, 0x825CED16, + 0x1C2B8ACF, 0xB492A779, 0xF2F0F307, 0xE2A14E69, 0xF4CD65DA, 0xBED50605, + 0x621FD134, 0xFE8AC4A6, 0x539D342E, 0x55A0A2F3, 0xE132058A, 0xEB75A4F6, + 0xEC390B83, 0xEFAA4060, 0x9F065E71, 0x1051BD6E, 0x8AF93E21, 0x063D96DD, + 0x05AEDD3E, 0xBD464DE6, 0x8DB59154, 0x5D0571C4, 0xD46F0406, 0x15FF6050, + 0xFB241998, 0xE997D6BD, 0x43CC8940, 0x9E7767D9, 0x42BDB0E8, 0x8B880789, + 0x5B38E719, 0xEEDB79C8, 0x0A47A17C, 0x0FE97C42, 0x1EC9F884, 0x00000000, + 0x86830980, 0xED48322B, 0x70AC1E11, 0x724E6C5A, 0xFFFBFD0E, 0x38560F85, + 0xD51E3DAE, 0x3927362D, 0xD9640A0F, 0xA621685C, 0x54D19B5B, 0x2E3A2436, + 0x67B10C0A, 0xE70F9357, 0x96D2B4EE, 0x919E1B9B, 0xC54F80C0, 0x20A261DC, + 0x4B695A77, 0x1A161C12, 0xBA0AE293, 0x2AE5C0A0, 0xE0433C22, 0x171D121B, + 0x0D0B0E09, 0xC7ADF28B, 0xA8B92DB6, 0xA9C8141E, 0x198557F1, 0x074CAF75, + 0xDDBBEE99, 0x60FDA37F, 0x269FF701, 0xF5BC5C72, 0x3BC54466, 0x7E345BFB, + 0x29768B43, 0xC6DCCB23, 0xFC68B6ED, 0xF163B8E4, 0xDCCAD731, 0x85104263, + 0x22401397, 0x112084C6, 0x247D854A, 0x3DF8D2BB, 0x3211AEF9, 0xA16DC729, + 0x2F4B1D9E, 0x30F3DCB2, 0x52EC0D86, 0xE3D077C1, 0x166C2BB3, 0xB999A970, + 0x48FA1194, 0x642247E9, 0x8CC4A8FC, 0x3F1AA0F0, 0x2CD8567D, 0x90EF2233, + 0x4EC78749, 0xD1C1D938, 0xA2FE8CCA, 0x0B3698D4, 0x81CFA6F5, 0xDE28A57A, + 0x8E26DAB7, 0xBFA43FAD, 0x9DE42C3A, 0x920D5078, 0xCC9B6A5F, 0x4662547E, + 0x13C2F68D, 0xB8E890D8, 0xF75E2E39, 0xAFF582C3, 0x80BE9F5D, 0x937C69D0, + 0x2DA96FD5, 0x12B3CF25, 0x993BC8AC, 0x7DA71018, 0x636EE89C, 0xBB7BDB3B, + 0x7809CD26, 0x18F46E59, 0xB701EC9A, 0x9AA8834F, 0x6E65E695, 0xE67EAAFF, + 0xCF0821BC, 0xE8E6EF15, 0x9BD9BAE7, 0x36CE4A6F, 0x09D4EA9F, 0x7CD629B0, + 0xB2AF31A4, 0x23312A3F, 0x9430C6A5, 0x66C035A2, 0xBC37744E, 0xCAA6FC82, + 0xD0B0E090, 0xD81533A7, 0x984AF104, 0xDAF741EC, 0x500E7FCD, 0xF62F1791, + 0xD68D764D, 0xB04D43EF, 0x4D54CCAA, 0x04DFE496, 0xB5E39ED1, 0x881B4C6A, + 0x1FB8C12C, 0x517F4665, 0xEA049D5E, 0x355D018C, 0x7473FA87, 0x412EFB0B, + 0x1D5AB367, 0xD25292DB, 0x5633E910, 0x47136DD6, 0x618C9AD7, 0x0C7A37A1, + 0x148E59F8, 0x3C89EB13, 0x27EECEA9, 0xC935B761, 0xE5EDE11C, 0xB13C7A47, + 0xDF599CD2, 0x733F55F2, 0xCE791814, 0x37BF73C7, 0xCDEA53F7, 0xAA5B5FFD, + 0x6F14DF3D, 0xDB867844, 0xF381CAAF, 0xC43EB968, 0x342C3824, 0x405FC2A3, + 0xC372161D, 0x250CBCE2, 0x498B283C, 0x9541FF0D, 0x017139A8, 0xB3DE080C, + 0xE49CD8B4, 0xC1906456, 0x84617BCB, 0xB670D532, 0x5C74486C, 0x5742D0B8, + 0xF4A75051, 0x4165537E, 0x17A4C31A, 0x275E963A, 0xAB6BCB3B, 0x9D45F11F, + 0xFA58ABAC, 0xE303934B, 0x30FA5520, 0x766DF6AD, 0xCC769188, 0x024C25F5, + 0xE5D7FC4F, 0x2ACBD7C5, 0x35448026, 0x62A38FB5, 0xB15A49DE, 0xBA1B6725, + 0xEA0E9845, 0xFEC0E15D, 0x2F7502C3, 0x4CF01281, 0x4697A38D, 0xD3F9C66B, + 0x8F5FE703, 0x929C9515, 0x6D7AEBBF, 0x5259DA95, 0xBE832DD4, 0x7421D358, + 0xE0692949, 0xC9C8448E, 0xC2896A75, 0x8E7978F4, 0x583E6B99, 0xB971DD27, + 0xE14FB6BE, 0x88AD17F0, 0x20AC66C9, 0xCE3AB47D, 0xDF4A1863, 0x1A3182E5, + 0x51336097, 0x537F4562, 0x6477E0B1, 0x6BAE84BB, 0x81A01CFE, 0x082B94F9, + 0x48685870, 0x45FD198F, 0xDE6C8794, 0x7BF8B752, 0x73D323AB, 0x4B02E272, + 0x1F8F57E3, 0x55AB2A66, 0xEB2807B2, 0xB5C2032F, 0xC57B9A86, 0x3708A5D3, + 0x2887F230, 0xBFA5B223, 0x036ABA02, 0x16825CED, 0xCF1C2B8A, 0x79B492A7, + 0x07F2F0F3, 0x69E2A14E, 0xDAF4CD65, 0x05BED506, 0x34621FD1, 0xA6FE8AC4, + 0x2E539D34, 0xF355A0A2, 0x8AE13205, 0xF6EB75A4, 0x83EC390B, 0x60EFAA40, + 0x719F065E, 0x6E1051BD, 0x218AF93E, 0xDD063D96, 0x3E05AEDD, 0xE6BD464D, + 0x548DB591, 0xC45D0571, 0x06D46F04, 0x5015FF60, 0x98FB2419, 0xBDE997D6, + 0x4043CC89, 0xD99E7767, 0xE842BDB0, 0x898B8807, 0x195B38E7, 0xC8EEDB79, + 0x7C0A47A1, 0x420FE97C, 0x841EC9F8, 0x00000000, 0x80868309, 0x2BED4832, + 0x1170AC1E, 0x5A724E6C, 0x0EFFFBFD, 0x8538560F, 0xAED51E3D, 0x2D392736, + 0x0FD9640A, 0x5CA62168, 0x5B54D19B, 0x362E3A24, 0x0A67B10C, 0x57E70F93, + 0xEE96D2B4, 0x9B919E1B, 0xC0C54F80, 0xDC20A261, 0x774B695A, 0x121A161C, + 0x93BA0AE2, 0xA02AE5C0, 0x22E0433C, 0x1B171D12, 0x090D0B0E, 0x8BC7ADF2, + 0xB6A8B92D, 0x1EA9C814, 0xF1198557, 0x75074CAF, 0x99DDBBEE, 0x7F60FDA3, + 0x01269FF7, 0x72F5BC5C, 0x663BC544, 0xFB7E345B, 0x4329768B, 0x23C6DCCB, + 0xEDFC68B6, 0xE4F163B8, 0x31DCCAD7, 0x63851042, 0x97224013, 0xC6112084, + 0x4A247D85, 0xBB3DF8D2, 0xF93211AE, 0x29A16DC7, 0x9E2F4B1D, 0xB230F3DC, + 0x8652EC0D, 0xC1E3D077, 0xB3166C2B, 0x70B999A9, 0x9448FA11, 0xE9642247, + 0xFC8CC4A8, 0xF03F1AA0, 0x7D2CD856, 0x3390EF22, 0x494EC787, 0x38D1C1D9, + 0xCAA2FE8C, 0xD40B3698, 0xF581CFA6, 0x7ADE28A5, 0xB78E26DA, 0xADBFA43F, + 0x3A9DE42C, 0x78920D50, 0x5FCC9B6A, 0x7E466254, 0x8D13C2F6, 0xD8B8E890, + 0x39F75E2E, 0xC3AFF582, 0x5D80BE9F, 0xD0937C69, 0xD52DA96F, 0x2512B3CF, + 0xAC993BC8, 0x187DA710, 0x9C636EE8, 0x3BBB7BDB, 0x267809CD, 0x5918F46E, + 0x9AB701EC, 0x4F9AA883, 0x956E65E6, 0xFFE67EAA, 0xBCCF0821, 0x15E8E6EF, + 0xE79BD9BA, 0x6F36CE4A, 0x9F09D4EA, 0xB07CD629, 0xA4B2AF31, 0x3F23312A, + 0xA59430C6, 0xA266C035, 0x4EBC3774, 0x82CAA6FC, 0x90D0B0E0, 0xA7D81533, + 0x04984AF1, 0xECDAF741, 0xCD500E7F, 0x91F62F17, 0x4DD68D76, 0xEFB04D43, + 0xAA4D54CC, 0x9604DFE4, 0xD1B5E39E, 0x6A881B4C, 0x2C1FB8C1, 0x65517F46, + 0x5EEA049D, 0x8C355D01, 0x877473FA, 0x0B412EFB, 0x671D5AB3, 0xDBD25292, + 0x105633E9, 0xD647136D, 0xD7618C9A, 0xA10C7A37, 0xF8148E59, 0x133C89EB, + 0xA927EECE, 0x61C935B7, 0x1CE5EDE1, 0x47B13C7A, 0xD2DF599C, 0xF2733F55, + 0x14CE7918, 0xC737BF73, 0xF7CDEA53, 0xFDAA5B5F, 0x3D6F14DF, 0x44DB8678, + 0xAFF381CA, 0x68C43EB9, 0x24342C38, 0xA3405FC2, 0x1DC37216, 0xE2250CBC, + 0x3C498B28, 0x0D9541FF, 0xA8017139, 0x0CB3DE08, 0xB4E49CD8, 0x56C19064, + 0xCB84617B, 0x32B670D5, 0x6C5C7448, 0xB85742D0 }; + +} diff --git a/src/cipher/aes/modinfo.txt b/src/cipher/aes/modinfo.txt new file mode 100644 index 000000000..2803ccc4e --- /dev/null +++ b/src/cipher/aes/modinfo.txt @@ -0,0 +1,11 @@ +realname "AES" + +define AES + +load_on auto + +<add> +aes.cpp +aes.h +aes_tab.cpp +</add> diff --git a/src/cipher/arc4/arc4.cpp b/src/cipher/arc4/arc4.cpp new file mode 100644 index 000000000..238567cdc --- /dev/null +++ b/src/cipher/arc4/arc4.cpp @@ -0,0 +1,103 @@ +/************************************************* +* ARC4 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/arc4.h> +#include <botan/xor_buf.h> +#include <botan/parsing.h> + +namespace Botan { + +/************************************************* +* Combine cipher stream with message * +*************************************************/ +void ARC4::cipher(const byte in[], byte out[], u32bit length) + { + while(length >= buffer.size() - position) + { + xor_buf(out, in, buffer.begin() + position, buffer.size() - position); + length -= (buffer.size() - position); + in += (buffer.size() - position); + out += (buffer.size() - position); + generate(); + } + xor_buf(out, in, buffer.begin() + position, length); + position += length; + } + +/************************************************* +* Generate cipher stream * +*************************************************/ +void ARC4::generate() + { + u32bit SX, SY; + for(u32bit j = 0; j != buffer.size(); j += 4) + { + SX = state[X+1]; Y = (Y + SX) % 256; SY = state[Y]; + state[X+1] = SY; state[Y] = SX; + buffer[j] = state[(SX + SY) % 256]; + + SX = state[X+2]; Y = (Y + SX) % 256; SY = state[Y]; + state[X+2] = SY; state[Y] = SX; + buffer[j+1] = state[(SX + SY) % 256]; + + SX = state[X+3]; Y = (Y + SX) % 256; SY = state[Y]; + state[X+3] = SY; state[Y] = SX; + buffer[j+2] = state[(SX + SY) % 256]; + + X = (X + 4) % 256; + SX = state[X]; Y = (Y + SX) % 256; SY = state[Y]; + state[X] = SY; state[Y] = SX; + buffer[j+3] = state[(SX + SY) % 256]; + } + position = 0; + } + +/************************************************* +* ARC4 Key Schedule * +*************************************************/ +void ARC4::key(const byte key[], u32bit length) + { + clear(); + for(u32bit j = 0; j != 256; ++j) + state[j] = j; + for(u32bit j = 0, state_index = 0; j != 256; ++j) + { + state_index = (state_index + key[j % length] + state[j]) % 256; + std::swap(state[j], state[state_index]); + } + for(u32bit j = 0; j <= SKIP; j += buffer.size()) + generate(); + position += (SKIP % buffer.size()); + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string ARC4::name() const + { + if(SKIP == 0) return "ARC4"; + if(SKIP == 256) return "MARK-4"; + else return "RC4_skip(" + to_string(SKIP) + ")"; + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void ARC4::clear() throw() + { + state.clear(); + buffer.clear(); + position = X = Y = 0; + } + +/************************************************* +* ARC4 Constructor * +*************************************************/ +ARC4::ARC4(u32bit s) : StreamCipher(1, 256), SKIP(s) + { + clear(); + } + +} diff --git a/src/cipher/arc4/arc4.h b/src/cipher/arc4/arc4.h new file mode 100644 index 000000000..c99691484 --- /dev/null +++ b/src/cipher/arc4/arc4.h @@ -0,0 +1,38 @@ +/************************************************* +* ARC4 Header File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ARC4_H__ +#define BOTAN_ARC4_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* ARC4 * +*************************************************/ +class BOTAN_DLL ARC4 : public StreamCipher + { + public: + void clear() throw(); + std::string name() const; + StreamCipher* clone() const { return new ARC4(SKIP); } + ARC4(u32bit = 0); + ~ARC4() { clear(); } + private: + void cipher(const byte[], byte[], u32bit); + void key(const byte[], u32bit); + void generate(); + + const u32bit SKIP; + + SecureBuffer<byte, DEFAULT_BUFFERSIZE> buffer; + SecureBuffer<u32bit, 256> state; + u32bit X, Y, position; + }; + +} + +#endif diff --git a/src/cipher/arc4/modinfo.txt b/src/cipher/arc4/modinfo.txt new file mode 100644 index 000000000..00f40a9ed --- /dev/null +++ b/src/cipher/arc4/modinfo.txt @@ -0,0 +1,10 @@ +realname "ARC4" + +define ARC4 + +load_on auto + +<add> +arc4.cpp +arc4.h +</add> diff --git a/src/cipher/blowfish/blfs_tab.cpp b/src/cipher/blowfish/blfs_tab.cpp new file mode 100644 index 000000000..f8fa07ee5 --- /dev/null +++ b/src/cipher/blowfish/blfs_tab.cpp @@ -0,0 +1,188 @@ +/************************************************* +* S-Box and P-Box Tables for Blowfish * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/blowfish.h> + +namespace Botan { + +const u32bit Blowfish::P_INIT[18] = { + 0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344, 0xA4093822, 0x299F31D0, + 0x082EFA98, 0xEC4E6C89, 0x452821E6, 0x38D01377, 0xBE5466CF, 0x34E90C6C, + 0xC0AC29B7, 0xC97C50DD, 0x3F84D5B5, 0xB5470917, 0x9216D5D9, 0x8979FB1B }; + +const u32bit Blowfish::S_INIT[1024] = { + 0xD1310BA6, 0x98DFB5AC, 0x2FFD72DB, 0xD01ADFB7, 0xB8E1AFED, 0x6A267E96, + 0xBA7C9045, 0xF12C7F99, 0x24A19947, 0xB3916CF7, 0x0801F2E2, 0x858EFC16, + 0x636920D8, 0x71574E69, 0xA458FEA3, 0xF4933D7E, 0x0D95748F, 0x728EB658, + 0x718BCD58, 0x82154AEE, 0x7B54A41D, 0xC25A59B5, 0x9C30D539, 0x2AF26013, + 0xC5D1B023, 0x286085F0, 0xCA417918, 0xB8DB38EF, 0x8E79DCB0, 0x603A180E, + 0x6C9E0E8B, 0xB01E8A3E, 0xD71577C1, 0xBD314B27, 0x78AF2FDA, 0x55605C60, + 0xE65525F3, 0xAA55AB94, 0x57489862, 0x63E81440, 0x55CA396A, 0x2AAB10B6, + 0xB4CC5C34, 0x1141E8CE, 0xA15486AF, 0x7C72E993, 0xB3EE1411, 0x636FBC2A, + 0x2BA9C55D, 0x741831F6, 0xCE5C3E16, 0x9B87931E, 0xAFD6BA33, 0x6C24CF5C, + 0x7A325381, 0x28958677, 0x3B8F4898, 0x6B4BB9AF, 0xC4BFE81B, 0x66282193, + 0x61D809CC, 0xFB21A991, 0x487CAC60, 0x5DEC8032, 0xEF845D5D, 0xE98575B1, + 0xDC262302, 0xEB651B88, 0x23893E81, 0xD396ACC5, 0x0F6D6FF3, 0x83F44239, + 0x2E0B4482, 0xA4842004, 0x69C8F04A, 0x9E1F9B5E, 0x21C66842, 0xF6E96C9A, + 0x670C9C61, 0xABD388F0, 0x6A51A0D2, 0xD8542F68, 0x960FA728, 0xAB5133A3, + 0x6EEF0B6C, 0x137A3BE4, 0xBA3BF050, 0x7EFB2A98, 0xA1F1651D, 0x39AF0176, + 0x66CA593E, 0x82430E88, 0x8CEE8619, 0x456F9FB4, 0x7D84A5C3, 0x3B8B5EBE, + 0xE06F75D8, 0x85C12073, 0x401A449F, 0x56C16AA6, 0x4ED3AA62, 0x363F7706, + 0x1BFEDF72, 0x429B023D, 0x37D0D724, 0xD00A1248, 0xDB0FEAD3, 0x49F1C09B, + 0x075372C9, 0x80991B7B, 0x25D479D8, 0xF6E8DEF7, 0xE3FE501A, 0xB6794C3B, + 0x976CE0BD, 0x04C006BA, 0xC1A94FB6, 0x409F60C4, 0x5E5C9EC2, 0x196A2463, + 0x68FB6FAF, 0x3E6C53B5, 0x1339B2EB, 0x3B52EC6F, 0x6DFC511F, 0x9B30952C, + 0xCC814544, 0xAF5EBD09, 0xBEE3D004, 0xDE334AFD, 0x660F2807, 0x192E4BB3, + 0xC0CBA857, 0x45C8740F, 0xD20B5F39, 0xB9D3FBDB, 0x5579C0BD, 0x1A60320A, + 0xD6A100C6, 0x402C7279, 0x679F25FE, 0xFB1FA3CC, 0x8EA5E9F8, 0xDB3222F8, + 0x3C7516DF, 0xFD616B15, 0x2F501EC8, 0xAD0552AB, 0x323DB5FA, 0xFD238760, + 0x53317B48, 0x3E00DF82, 0x9E5C57BB, 0xCA6F8CA0, 0x1A87562E, 0xDF1769DB, + 0xD542A8F6, 0x287EFFC3, 0xAC6732C6, 0x8C4F5573, 0x695B27B0, 0xBBCA58C8, + 0xE1FFA35D, 0xB8F011A0, 0x10FA3D98, 0xFD2183B8, 0x4AFCB56C, 0x2DD1D35B, + 0x9A53E479, 0xB6F84565, 0xD28E49BC, 0x4BFB9790, 0xE1DDF2DA, 0xA4CB7E33, + 0x62FB1341, 0xCEE4C6E8, 0xEF20CADA, 0x36774C01, 0xD07E9EFE, 0x2BF11FB4, + 0x95DBDA4D, 0xAE909198, 0xEAAD8E71, 0x6B93D5A0, 0xD08ED1D0, 0xAFC725E0, + 0x8E3C5B2F, 0x8E7594B7, 0x8FF6E2FB, 0xF2122B64, 0x8888B812, 0x900DF01C, + 0x4FAD5EA0, 0x688FC31C, 0xD1CFF191, 0xB3A8C1AD, 0x2F2F2218, 0xBE0E1777, + 0xEA752DFE, 0x8B021FA1, 0xE5A0CC0F, 0xB56F74E8, 0x18ACF3D6, 0xCE89E299, + 0xB4A84FE0, 0xFD13E0B7, 0x7CC43B81, 0xD2ADA8D9, 0x165FA266, 0x80957705, + 0x93CC7314, 0x211A1477, 0xE6AD2065, 0x77B5FA86, 0xC75442F5, 0xFB9D35CF, + 0xEBCDAF0C, 0x7B3E89A0, 0xD6411BD3, 0xAE1E7E49, 0x00250E2D, 0x2071B35E, + 0x226800BB, 0x57B8E0AF, 0x2464369B, 0xF009B91E, 0x5563911D, 0x59DFA6AA, + 0x78C14389, 0xD95A537F, 0x207D5BA2, 0x02E5B9C5, 0x83260376, 0x6295CFA9, + 0x11C81968, 0x4E734A41, 0xB3472DCA, 0x7B14A94A, 0x1B510052, 0x9A532915, + 0xD60F573F, 0xBC9BC6E4, 0x2B60A476, 0x81E67400, 0x08BA6FB5, 0x571BE91F, + 0xF296EC6B, 0x2A0DD915, 0xB6636521, 0xE7B9F9B6, 0xFF34052E, 0xC5855664, + 0x53B02D5D, 0xA99F8FA1, 0x08BA4799, 0x6E85076A, 0x4B7A70E9, 0xB5B32944, + 0xDB75092E, 0xC4192623, 0xAD6EA6B0, 0x49A7DF7D, 0x9CEE60B8, 0x8FEDB266, + 0xECAA8C71, 0x699A17FF, 0x5664526C, 0xC2B19EE1, 0x193602A5, 0x75094C29, + 0xA0591340, 0xE4183A3E, 0x3F54989A, 0x5B429D65, 0x6B8FE4D6, 0x99F73FD6, + 0xA1D29C07, 0xEFE830F5, 0x4D2D38E6, 0xF0255DC1, 0x4CDD2086, 0x8470EB26, + 0x6382E9C6, 0x021ECC5E, 0x09686B3F, 0x3EBAEFC9, 0x3C971814, 0x6B6A70A1, + 0x687F3584, 0x52A0E286, 0xB79C5305, 0xAA500737, 0x3E07841C, 0x7FDEAE5C, + 0x8E7D44EC, 0x5716F2B8, 0xB03ADA37, 0xF0500C0D, 0xF01C1F04, 0x0200B3FF, + 0xAE0CF51A, 0x3CB574B2, 0x25837A58, 0xDC0921BD, 0xD19113F9, 0x7CA92FF6, + 0x94324773, 0x22F54701, 0x3AE5E581, 0x37C2DADC, 0xC8B57634, 0x9AF3DDA7, + 0xA9446146, 0x0FD0030E, 0xECC8C73E, 0xA4751E41, 0xE238CD99, 0x3BEA0E2F, + 0x3280BBA1, 0x183EB331, 0x4E548B38, 0x4F6DB908, 0x6F420D03, 0xF60A04BF, + 0x2CB81290, 0x24977C79, 0x5679B072, 0xBCAF89AF, 0xDE9A771F, 0xD9930810, + 0xB38BAE12, 0xDCCF3F2E, 0x5512721F, 0x2E6B7124, 0x501ADDE6, 0x9F84CD87, + 0x7A584718, 0x7408DA17, 0xBC9F9ABC, 0xE94B7D8C, 0xEC7AEC3A, 0xDB851DFA, + 0x63094366, 0xC464C3D2, 0xEF1C1847, 0x3215D908, 0xDD433B37, 0x24C2BA16, + 0x12A14D43, 0x2A65C451, 0x50940002, 0x133AE4DD, 0x71DFF89E, 0x10314E55, + 0x81AC77D6, 0x5F11199B, 0x043556F1, 0xD7A3C76B, 0x3C11183B, 0x5924A509, + 0xF28FE6ED, 0x97F1FBFA, 0x9EBABF2C, 0x1E153C6E, 0x86E34570, 0xEAE96FB1, + 0x860E5E0A, 0x5A3E2AB3, 0x771FE71C, 0x4E3D06FA, 0x2965DCB9, 0x99E71D0F, + 0x803E89D6, 0x5266C825, 0x2E4CC978, 0x9C10B36A, 0xC6150EBA, 0x94E2EA78, + 0xA5FC3C53, 0x1E0A2DF4, 0xF2F74EA7, 0x361D2B3D, 0x1939260F, 0x19C27960, + 0x5223A708, 0xF71312B6, 0xEBADFE6E, 0xEAC31F66, 0xE3BC4595, 0xA67BC883, + 0xB17F37D1, 0x018CFF28, 0xC332DDEF, 0xBE6C5AA5, 0x65582185, 0x68AB9802, + 0xEECEA50F, 0xDB2F953B, 0x2AEF7DAD, 0x5B6E2F84, 0x1521B628, 0x29076170, + 0xECDD4775, 0x619F1510, 0x13CCA830, 0xEB61BD96, 0x0334FE1E, 0xAA0363CF, + 0xB5735C90, 0x4C70A239, 0xD59E9E0B, 0xCBAADE14, 0xEECC86BC, 0x60622CA7, + 0x9CAB5CAB, 0xB2F3846E, 0x648B1EAF, 0x19BDF0CA, 0xA02369B9, 0x655ABB50, + 0x40685A32, 0x3C2AB4B3, 0x319EE9D5, 0xC021B8F7, 0x9B540B19, 0x875FA099, + 0x95F7997E, 0x623D7DA8, 0xF837889A, 0x97E32D77, 0x11ED935F, 0x16681281, + 0x0E358829, 0xC7E61FD6, 0x96DEDFA1, 0x7858BA99, 0x57F584A5, 0x1B227263, + 0x9B83C3FF, 0x1AC24696, 0xCDB30AEB, 0x532E3054, 0x8FD948E4, 0x6DBC3128, + 0x58EBF2EF, 0x34C6FFEA, 0xFE28ED61, 0xEE7C3C73, 0x5D4A14D9, 0xE864B7E3, + 0x42105D14, 0x203E13E0, 0x45EEE2B6, 0xA3AAABEA, 0xDB6C4F15, 0xFACB4FD0, + 0xC742F442, 0xEF6ABBB5, 0x654F3B1D, 0x41CD2105, 0xD81E799E, 0x86854DC7, + 0xE44B476A, 0x3D816250, 0xCF62A1F2, 0x5B8D2646, 0xFC8883A0, 0xC1C7B6A3, + 0x7F1524C3, 0x69CB7492, 0x47848A0B, 0x5692B285, 0x095BBF00, 0xAD19489D, + 0x1462B174, 0x23820E00, 0x58428D2A, 0x0C55F5EA, 0x1DADF43E, 0x233F7061, + 0x3372F092, 0x8D937E41, 0xD65FECF1, 0x6C223BDB, 0x7CDE3759, 0xCBEE7460, + 0x4085F2A7, 0xCE77326E, 0xA6078084, 0x19F8509E, 0xE8EFD855, 0x61D99735, + 0xA969A7AA, 0xC50C06C2, 0x5A04ABFC, 0x800BCADC, 0x9E447A2E, 0xC3453484, + 0xFDD56705, 0x0E1E9EC9, 0xDB73DBD3, 0x105588CD, 0x675FDA79, 0xE3674340, + 0xC5C43465, 0x713E38D8, 0x3D28F89E, 0xF16DFF20, 0x153E21E7, 0x8FB03D4A, + 0xE6E39F2B, 0xDB83ADF7, 0xE93D5A68, 0x948140F7, 0xF64C261C, 0x94692934, + 0x411520F7, 0x7602D4F7, 0xBCF46B2E, 0xD4A20068, 0xD4082471, 0x3320F46A, + 0x43B7D4B7, 0x500061AF, 0x1E39F62E, 0x97244546, 0x14214F74, 0xBF8B8840, + 0x4D95FC1D, 0x96B591AF, 0x70F4DDD3, 0x66A02F45, 0xBFBC09EC, 0x03BD9785, + 0x7FAC6DD0, 0x31CB8504, 0x96EB27B3, 0x55FD3941, 0xDA2547E6, 0xABCA0A9A, + 0x28507825, 0x530429F4, 0x0A2C86DA, 0xE9B66DFB, 0x68DC1462, 0xD7486900, + 0x680EC0A4, 0x27A18DEE, 0x4F3FFEA2, 0xE887AD8C, 0xB58CE006, 0x7AF4D6B6, + 0xAACE1E7C, 0xD3375FEC, 0xCE78A399, 0x406B2A42, 0x20FE9E35, 0xD9F385B9, + 0xEE39D7AB, 0x3B124E8B, 0x1DC9FAF7, 0x4B6D1856, 0x26A36631, 0xEAE397B2, + 0x3A6EFA74, 0xDD5B4332, 0x6841E7F7, 0xCA7820FB, 0xFB0AF54E, 0xD8FEB397, + 0x454056AC, 0xBA489527, 0x55533A3A, 0x20838D87, 0xFE6BA9B7, 0xD096954B, + 0x55A867BC, 0xA1159A58, 0xCCA92963, 0x99E1DB33, 0xA62A4A56, 0x3F3125F9, + 0x5EF47E1C, 0x9029317C, 0xFDF8E802, 0x04272F70, 0x80BB155C, 0x05282CE3, + 0x95C11548, 0xE4C66D22, 0x48C1133F, 0xC70F86DC, 0x07F9C9EE, 0x41041F0F, + 0x404779A4, 0x5D886E17, 0x325F51EB, 0xD59BC0D1, 0xF2BCC18F, 0x41113564, + 0x257B7834, 0x602A9C60, 0xDFF8E8A3, 0x1F636C1B, 0x0E12B4C2, 0x02E1329E, + 0xAF664FD1, 0xCAD18115, 0x6B2395E0, 0x333E92E1, 0x3B240B62, 0xEEBEB922, + 0x85B2A20E, 0xE6BA0D99, 0xDE720C8C, 0x2DA2F728, 0xD0127845, 0x95B794FD, + 0x647D0862, 0xE7CCF5F0, 0x5449A36F, 0x877D48FA, 0xC39DFD27, 0xF33E8D1E, + 0x0A476341, 0x992EFF74, 0x3A6F6EAB, 0xF4F8FD37, 0xA812DC60, 0xA1EBDDF8, + 0x991BE14C, 0xDB6E6B0D, 0xC67B5510, 0x6D672C37, 0x2765D43B, 0xDCD0E804, + 0xF1290DC7, 0xCC00FFA3, 0xB5390F92, 0x690FED0B, 0x667B9FFB, 0xCEDB7D9C, + 0xA091CF0B, 0xD9155EA3, 0xBB132F88, 0x515BAD24, 0x7B9479BF, 0x763BD6EB, + 0x37392EB3, 0xCC115979, 0x8026E297, 0xF42E312D, 0x6842ADA7, 0xC66A2B3B, + 0x12754CCC, 0x782EF11C, 0x6A124237, 0xB79251E7, 0x06A1BBE6, 0x4BFB6350, + 0x1A6B1018, 0x11CAEDFA, 0x3D25BDD8, 0xE2E1C3C9, 0x44421659, 0x0A121386, + 0xD90CEC6E, 0xD5ABEA2A, 0x64AF674E, 0xDA86A85F, 0xBEBFE988, 0x64E4C3FE, + 0x9DBC8057, 0xF0F7C086, 0x60787BF8, 0x6003604D, 0xD1FD8346, 0xF6381FB0, + 0x7745AE04, 0xD736FCCC, 0x83426B33, 0xF01EAB71, 0xB0804187, 0x3C005E5F, + 0x77A057BE, 0xBDE8AE24, 0x55464299, 0xBF582E61, 0x4E58F48F, 0xF2DDFDA2, + 0xF474EF38, 0x8789BDC2, 0x5366F9C3, 0xC8B38E74, 0xB475F255, 0x46FCD9B9, + 0x7AEB2661, 0x8B1DDF84, 0x846A0E79, 0x915F95E2, 0x466E598E, 0x20B45770, + 0x8CD55591, 0xC902DE4C, 0xB90BACE1, 0xBB8205D0, 0x11A86248, 0x7574A99E, + 0xB77F19B6, 0xE0A9DC09, 0x662D09A1, 0xC4324633, 0xE85A1F02, 0x09F0BE8C, + 0x4A99A025, 0x1D6EFE10, 0x1AB93D1D, 0x0BA5A4DF, 0xA186F20F, 0x2868F169, + 0xDCB7DA83, 0x573906FE, 0xA1E2CE9B, 0x4FCD7F52, 0x50115E01, 0xA70683FA, + 0xA002B5C4, 0x0DE6D027, 0x9AF88C27, 0x773F8641, 0xC3604C06, 0x61A806B5, + 0xF0177A28, 0xC0F586E0, 0x006058AA, 0x30DC7D62, 0x11E69ED7, 0x2338EA63, + 0x53C2DD94, 0xC2C21634, 0xBBCBEE56, 0x90BCB6DE, 0xEBFC7DA1, 0xCE591D76, + 0x6F05E409, 0x4B7C0188, 0x39720A3D, 0x7C927C24, 0x86E3725F, 0x724D9DB9, + 0x1AC15BB4, 0xD39EB8FC, 0xED545578, 0x08FCA5B5, 0xD83D7CD3, 0x4DAD0FC4, + 0x1E50EF5E, 0xB161E6F8, 0xA28514D9, 0x6C51133C, 0x6FD5C7E7, 0x56E14EC4, + 0x362ABFCE, 0xDDC6C837, 0xD79A3234, 0x92638212, 0x670EFA8E, 0x406000E0, + 0x3A39CE37, 0xD3FAF5CF, 0xABC27737, 0x5AC52D1B, 0x5CB0679E, 0x4FA33742, + 0xD3822740, 0x99BC9BBE, 0xD5118E9D, 0xBF0F7315, 0xD62D1C7E, 0xC700C47B, + 0xB78C1B6B, 0x21A19045, 0xB26EB1BE, 0x6A366EB4, 0x5748AB2F, 0xBC946E79, + 0xC6A376D2, 0x6549C2C8, 0x530FF8EE, 0x468DDE7D, 0xD5730A1D, 0x4CD04DC6, + 0x2939BBDB, 0xA9BA4650, 0xAC9526E8, 0xBE5EE304, 0xA1FAD5F0, 0x6A2D519A, + 0x63EF8CE2, 0x9A86EE22, 0xC089C2B8, 0x43242EF6, 0xA51E03AA, 0x9CF2D0A4, + 0x83C061BA, 0x9BE96A4D, 0x8FE51550, 0xBA645BD6, 0x2826A2F9, 0xA73A3AE1, + 0x4BA99586, 0xEF5562E9, 0xC72FEFD3, 0xF752F7DA, 0x3F046F69, 0x77FA0A59, + 0x80E4A915, 0x87B08601, 0x9B09E6AD, 0x3B3EE593, 0xE990FD5A, 0x9E34D797, + 0x2CF0B7D9, 0x022B8B51, 0x96D5AC3A, 0x017DA67D, 0xD1CF3ED6, 0x7C7D2D28, + 0x1F9F25CF, 0xADF2B89B, 0x5AD6B472, 0x5A88F54C, 0xE029AC71, 0xE019A5E6, + 0x47B0ACFD, 0xED93FA9B, 0xE8D3C48D, 0x283B57CC, 0xF8D56629, 0x79132E28, + 0x785F0191, 0xED756055, 0xF7960E44, 0xE3D35E8C, 0x15056DD4, 0x88F46DBA, + 0x03A16125, 0x0564F0BD, 0xC3EB9E15, 0x3C9057A2, 0x97271AEC, 0xA93A072A, + 0x1B3F6D9B, 0x1E6321F5, 0xF59C66FB, 0x26DCF319, 0x7533D928, 0xB155FDF5, + 0x03563482, 0x8ABA3CBB, 0x28517711, 0xC20AD9F8, 0xABCC5167, 0xCCAD925F, + 0x4DE81751, 0x3830DC8E, 0x379D5862, 0x9320F991, 0xEA7A90C2, 0xFB3E7BCE, + 0x5121CE64, 0x774FBE32, 0xA8B6E37E, 0xC3293D46, 0x48DE5369, 0x6413E680, + 0xA2AE0810, 0xDD6DB224, 0x69852DFD, 0x09072166, 0xB39A460A, 0x6445C0DD, + 0x586CDECF, 0x1C20C8AE, 0x5BBEF7DD, 0x1B588D40, 0xCCD2017F, 0x6BB4E3BB, + 0xDDA26A7E, 0x3A59FF45, 0x3E350A44, 0xBCB4CDD5, 0x72EACEA8, 0xFA6484BB, + 0x8D6612AE, 0xBF3C6F47, 0xD29BE463, 0x542F5D9E, 0xAEC2771B, 0xF64E6370, + 0x740E0D8D, 0xE75B1357, 0xF8721671, 0xAF537D5D, 0x4040CB08, 0x4EB4E2CC, + 0x34D2466A, 0x0115AF84, 0xE1B00428, 0x95983A1D, 0x06B89FB4, 0xCE6EA048, + 0x6F3F3B82, 0x3520AB82, 0x011A1D4B, 0x277227F8, 0x611560B1, 0xE7933FDC, + 0xBB3A792B, 0x344525BD, 0xA08839E1, 0x51CE794B, 0x2F32C9B7, 0xA01FBAC9, + 0xE01CC87E, 0xBCC7D1F6, 0xCF0111C3, 0xA1E8AAC7, 0x1A908749, 0xD44FBD9A, + 0xD0DADECB, 0xD50ADA38, 0x0339C32A, 0xC6913667, 0x8DF9317C, 0xE0B12B4F, + 0xF79E59B7, 0x43F5BB3A, 0xF2D519FF, 0x27D9459C, 0xBF97222C, 0x15E6FC2A, + 0x0F91FC71, 0x9B941525, 0xFAE59361, 0xCEB69CEB, 0xC2A86459, 0x12BAA8D1, + 0xB6C1075E, 0xE3056A0C, 0x10D25065, 0xCB03A442, 0xE0EC6E0E, 0x1698DB3B, + 0x4C98A0BE, 0x3278E964, 0x9F1F9532, 0xE0D392DF, 0xD3A0342B, 0x8971F21E, + 0x1B0A7441, 0x4BA3348C, 0xC5BE7120, 0xC37632D8, 0xDF359F8D, 0x9B992F2E, + 0xE60B6F47, 0x0FE3F11D, 0xE54CDA54, 0x1EDAD891, 0xCE6279CF, 0xCD3E7E6F, + 0x1618B166, 0xFD2C1D05, 0x848FD2C5, 0xF6FB2299, 0xF523F357, 0xA6327623, + 0x93A83531, 0x56CCCD02, 0xACF08162, 0x5A75EBB5, 0x6E163697, 0x88D273CC, + 0xDE966292, 0x81B949D0, 0x4C50901B, 0x71C65614, 0xE6C6C7BD, 0x327A140A, + 0x45E1D006, 0xC3F27B9A, 0xC9AA53FD, 0x62A80F00, 0xBB25BFE2, 0x35BDD2F6, + 0x71126905, 0xB2040222, 0xB6CBCF7C, 0xCD769C2B, 0x53113EC0, 0x1640E3D3, + 0x38ABBD60, 0x2547ADF0, 0xBA38209C, 0xF746CE76, 0x77AFA1C5, 0x20756060, + 0x85CBFE4E, 0x8AE88DD8, 0x7AAAF9B0, 0x4CF9AA7E, 0x1948C25C, 0x02FB8A8C, + 0x01C36AE4, 0xD6EBE1F9, 0x90D4F869, 0xA65CDEA0, 0x3F09252D, 0xC208E69F, + 0xB74E6132, 0xCE77E25B, 0x578FDFE3, 0x3AC372E6 }; + +} diff --git a/src/cipher/blowfish/blowfish.cpp b/src/cipher/blowfish/blowfish.cpp new file mode 100644 index 000000000..ffca9241f --- /dev/null +++ b/src/cipher/blowfish/blowfish.cpp @@ -0,0 +1,123 @@ +/************************************************* +* Blowfish Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/blowfish.h> +#include <botan/loadstor.h> + +namespace Botan { + +/************************************************* +* Blowfish Encryption * +*************************************************/ +void Blowfish::enc(const byte in[], byte out[]) const + { + const u32bit* S1 = S + 0; + const u32bit* S2 = S + 256; + const u32bit* S3 = S + 512; + const u32bit* S4 = S + 768; + + u32bit L = load_be<u32bit>(in, 0); + u32bit R = load_be<u32bit>(in, 1); + + for(u32bit j = 0; j != 16; j += 2) + { + L ^= P[j]; + R ^= ((S1[get_byte(0, L)] + S2[get_byte(1, L)]) ^ + S3[get_byte(2, L)]) + S4[get_byte(3, L)]; + + R ^= P[j+1]; + L ^= ((S1[get_byte(0, R)] + S2[get_byte(1, R)]) ^ + S3[get_byte(2, R)]) + S4[get_byte(3, R)]; + } + + L ^= P[16]; R ^= P[17]; + + store_be(out, R, L); + } + +/************************************************* +* Blowfish Decryption * +*************************************************/ +void Blowfish::dec(const byte in[], byte out[]) const + { + const u32bit* S1 = S + 0; + const u32bit* S2 = S + 256; + const u32bit* S3 = S + 512; + const u32bit* S4 = S + 768; + + u32bit L = load_be<u32bit>(in, 0); + u32bit R = load_be<u32bit>(in, 1); + + for(u32bit j = 17; j != 1; j -= 2) + { + L ^= P[j]; + R ^= ((S1[get_byte(0, L)] + S2[get_byte(1, L)]) ^ + S3[get_byte(2, L)]) + S4[get_byte(3, L)]; + + R ^= P[j-1]; + L ^= ((S1[get_byte(0, R)] + S2[get_byte(1, R)]) ^ + S3[get_byte(2, R)]) + S4[get_byte(3, R)]; + } + + L ^= P[1]; R ^= P[0]; + + store_be(out, R, L); + } + +/************************************************* +* Blowfish Key Schedule * +*************************************************/ +void Blowfish::key(const byte key[], u32bit length) + { + clear(); + + for(u32bit j = 0, k = 0; j != 18; ++j, k += 4) + P[j] ^= make_u32bit(key[(k ) % length], key[(k+1) % length], + key[(k+2) % length], key[(k+3) % length]); + + u32bit L = 0, R = 0; + generate_sbox(P, 18, L, R); + generate_sbox(S, 1024, L, R); + } + +/************************************************* +* Generate one of the Sboxes * +*************************************************/ +void Blowfish::generate_sbox(u32bit Box[], u32bit size, + u32bit& L, u32bit& R) const + { + const u32bit* S1 = S + 0; + const u32bit* S2 = S + 256; + const u32bit* S3 = S + 512; + const u32bit* S4 = S + 768; + + for(u32bit j = 0; j != size; j += 2) + { + for(u32bit k = 0; k != 16; k += 2) + { + L ^= P[k]; + R ^= ((S1[get_byte(0, L)] + S2[get_byte(1, L)]) ^ + S3[get_byte(2, L)]) + S4[get_byte(3, L)]; + + R ^= P[k+1]; + L ^= ((S1[get_byte(0, R)] + S2[get_byte(1, R)]) ^ + S3[get_byte(2, R)]) + S4[get_byte(3, R)]; + } + + u32bit T = R; R = L ^ P[16]; L = T ^ P[17]; + Box[j] = L; Box[j+1] = R; + } + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void Blowfish::clear() throw() + { + P.copy(P_INIT, 18); + S.copy(S_INIT, 1024); + } + +} diff --git a/src/cipher/blowfish/blowfish.h b/src/cipher/blowfish/blowfish.h new file mode 100644 index 000000000..79875ba90 --- /dev/null +++ b/src/cipher/blowfish/blowfish.h @@ -0,0 +1,38 @@ +/************************************************* +* Blowfish Header File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_BLOWFISH_H__ +#define BOTAN_BLOWFISH_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* Blowfish * +*************************************************/ +class BOTAN_DLL Blowfish : public BlockCipher + { + public: + void clear() throw(); + std::string name() const { return "Blowfish"; } + BlockCipher* clone() const { return new Blowfish; } + Blowfish() : BlockCipher(8, 1, 56) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + void generate_sbox(u32bit[], u32bit, u32bit&, u32bit&) const; + + static const u32bit P_INIT[18]; + static const u32bit S_INIT[1024]; + + SecureBuffer<u32bit, 1024> S; + SecureBuffer<u32bit, 18> P; + }; + +} + +#endif diff --git a/src/cipher/blowfish/modinfo.txt b/src/cipher/blowfish/modinfo.txt new file mode 100644 index 000000000..0a9d2adc2 --- /dev/null +++ b/src/cipher/blowfish/modinfo.txt @@ -0,0 +1,11 @@ +realname "Blowfish" + +define BLOWFISH + +load_on auto + +<add> +blfs_tab.cpp +blowfish.cpp +blowfish.h +</add> diff --git a/src/cipher/cast/cast128.cpp b/src/cipher/cast/cast128.cpp new file mode 100644 index 000000000..14e5c9e9d --- /dev/null +++ b/src/cipher/cast/cast128.cpp @@ -0,0 +1,170 @@ +/************************************************* +* CAST-128 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/cast128.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* CAST-128 Round Type 1 * +*************************************************/ +inline void R1(u32bit& L, u32bit R, u32bit MK, u32bit RK) + { + u32bit T = rotate_left(MK + R, RK); + L ^= (CAST_SBOX1[get_byte(0, T)] ^ CAST_SBOX2[get_byte(1, T)]) - + CAST_SBOX3[get_byte(2, T)] + CAST_SBOX4[get_byte(3, T)]; + } + +/************************************************* +* CAST-128 Round Type 2 * +*************************************************/ +inline void R2(u32bit& L, u32bit R, u32bit MK, u32bit RK) + { + u32bit T = rotate_left(MK ^ R, RK); + L ^= (CAST_SBOX1[get_byte(0, T)] - CAST_SBOX2[get_byte(1, T)] + + CAST_SBOX3[get_byte(2, T)]) ^ CAST_SBOX4[get_byte(3, T)]; + } + +/************************************************* +* CAST-128 Round Type 3 * +*************************************************/ +inline void R3(u32bit& L, u32bit R, u32bit MK, u32bit RK) + { + u32bit T = rotate_left(MK - R, RK); + L ^= ((CAST_SBOX1[get_byte(0, T)] + CAST_SBOX2[get_byte(1, T)]) ^ + CAST_SBOX3[get_byte(2, T)]) - CAST_SBOX4[get_byte(3, T)]; + } + +} + +/************************************************* +* CAST-128 Encryption * +*************************************************/ +void CAST_128::enc(const byte in[], byte out[]) const + { + u32bit L = load_be<u32bit>(in, 0); + u32bit R = load_be<u32bit>(in, 1); + + R1(L, R, MK[ 0], RK[ 0]); + R2(R, L, MK[ 1], RK[ 1]); + R3(L, R, MK[ 2], RK[ 2]); + R1(R, L, MK[ 3], RK[ 3]); + R2(L, R, MK[ 4], RK[ 4]); + R3(R, L, MK[ 5], RK[ 5]); + R1(L, R, MK[ 6], RK[ 6]); + R2(R, L, MK[ 7], RK[ 7]); + R3(L, R, MK[ 8], RK[ 8]); + R1(R, L, MK[ 9], RK[ 9]); + R2(L, R, MK[10], RK[10]); + R3(R, L, MK[11], RK[11]); + R1(L, R, MK[12], RK[12]); + R2(R, L, MK[13], RK[13]); + R3(L, R, MK[14], RK[14]); + R1(R, L, MK[15], RK[15]); + + store_be(out, R, L); + } + +/************************************************* +* CAST-128 Decryption * +*************************************************/ +void CAST_128::dec(const byte in[], byte out[]) const + { + u32bit L = load_be<u32bit>(in, 0); + u32bit R = load_be<u32bit>(in, 1); + + R1(L, R, MK[15], RK[15]); + R3(R, L, MK[14], RK[14]); + R2(L, R, MK[13], RK[13]); + R1(R, L, MK[12], RK[12]); + R3(L, R, MK[11], RK[11]); + R2(R, L, MK[10], RK[10]); + R1(L, R, MK[ 9], RK[ 9]); + R3(R, L, MK[ 8], RK[ 8]); + R2(L, R, MK[ 7], RK[ 7]); + R1(R, L, MK[ 6], RK[ 6]); + R3(L, R, MK[ 5], RK[ 5]); + R2(R, L, MK[ 4], RK[ 4]); + R1(L, R, MK[ 3], RK[ 3]); + R3(R, L, MK[ 2], RK[ 2]); + R2(L, R, MK[ 1], RK[ 1]); + R1(R, L, MK[ 0], RK[ 0]); + + store_be(out, R, L); + } + +/************************************************* +* CAST-128 Key Schedule * +*************************************************/ +void CAST_128::key(const byte key[], u32bit length) + { + clear(); + SecureBuffer<u32bit, 4> X; + for(u32bit j = 0; j != length; ++j) + X[j/4] = (X[j/4] << 8) + key[j]; + + key_schedule(MK, X); + key_schedule(RK, X); + + for(u32bit j = 0; j != 16; ++j) + RK[j] %= 32; + } + +/************************************************* +* S-Box Based Key Expansion * +*************************************************/ +void CAST_128::key_schedule(u32bit K[16], u32bit X[4]) + { + class ByteReader + { + public: + byte operator()(u32bit i) { return (X[i/4] >> (8*(3 - (i%4)))); } + ByteReader(const u32bit* x) : X(x) {} + private: + const u32bit* X; + }; + + SecureBuffer<u32bit, 4> Z; + ByteReader x(X), z(Z); + + Z[0] = X[0] ^ S5[x(13)] ^ S6[x(15)] ^ S7[x(12)] ^ S8[x(14)] ^ S7[x( 8)]; + Z[1] = X[2] ^ S5[z( 0)] ^ S6[z( 2)] ^ S7[z( 1)] ^ S8[z( 3)] ^ S8[x(10)]; + Z[2] = X[3] ^ S5[z( 7)] ^ S6[z( 6)] ^ S7[z( 5)] ^ S8[z( 4)] ^ S5[x( 9)]; + Z[3] = X[1] ^ S5[z(10)] ^ S6[z( 9)] ^ S7[z(11)] ^ S8[z( 8)] ^ S6[x(11)]; + K[ 0] = S5[z( 8)] ^ S6[z( 9)] ^ S7[z( 7)] ^ S8[z( 6)] ^ S5[z( 2)]; + K[ 1] = S5[z(10)] ^ S6[z(11)] ^ S7[z( 5)] ^ S8[z( 4)] ^ S6[z( 6)]; + K[ 2] = S5[z(12)] ^ S6[z(13)] ^ S7[z( 3)] ^ S8[z( 2)] ^ S7[z( 9)]; + K[ 3] = S5[z(14)] ^ S6[z(15)] ^ S7[z( 1)] ^ S8[z( 0)] ^ S8[z(12)]; + X[0] = Z[2] ^ S5[z( 5)] ^ S6[z( 7)] ^ S7[z( 4)] ^ S8[z( 6)] ^ S7[z( 0)]; + X[1] = Z[0] ^ S5[x( 0)] ^ S6[x( 2)] ^ S7[x( 1)] ^ S8[x( 3)] ^ S8[z( 2)]; + X[2] = Z[1] ^ S5[x( 7)] ^ S6[x( 6)] ^ S7[x( 5)] ^ S8[x( 4)] ^ S5[z( 1)]; + X[3] = Z[3] ^ S5[x(10)] ^ S6[x( 9)] ^ S7[x(11)] ^ S8[x( 8)] ^ S6[z( 3)]; + K[ 4] = S5[x( 3)] ^ S6[x( 2)] ^ S7[x(12)] ^ S8[x(13)] ^ S5[x( 8)]; + K[ 5] = S5[x( 1)] ^ S6[x( 0)] ^ S7[x(14)] ^ S8[x(15)] ^ S6[x(13)]; + K[ 6] = S5[x( 7)] ^ S6[x( 6)] ^ S7[x( 8)] ^ S8[x( 9)] ^ S7[x( 3)]; + K[ 7] = S5[x( 5)] ^ S6[x( 4)] ^ S7[x(10)] ^ S8[x(11)] ^ S8[x( 7)]; + Z[0] = X[0] ^ S5[x(13)] ^ S6[x(15)] ^ S7[x(12)] ^ S8[x(14)] ^ S7[x( 8)]; + Z[1] = X[2] ^ S5[z( 0)] ^ S6[z( 2)] ^ S7[z( 1)] ^ S8[z( 3)] ^ S8[x(10)]; + Z[2] = X[3] ^ S5[z( 7)] ^ S6[z( 6)] ^ S7[z( 5)] ^ S8[z( 4)] ^ S5[x( 9)]; + Z[3] = X[1] ^ S5[z(10)] ^ S6[z( 9)] ^ S7[z(11)] ^ S8[z( 8)] ^ S6[x(11)]; + K[ 8] = S5[z( 3)] ^ S6[z( 2)] ^ S7[z(12)] ^ S8[z(13)] ^ S5[z( 9)]; + K[ 9] = S5[z( 1)] ^ S6[z( 0)] ^ S7[z(14)] ^ S8[z(15)] ^ S6[z(12)]; + K[10] = S5[z( 7)] ^ S6[z( 6)] ^ S7[z( 8)] ^ S8[z( 9)] ^ S7[z( 2)]; + K[11] = S5[z( 5)] ^ S6[z( 4)] ^ S7[z(10)] ^ S8[z(11)] ^ S8[z( 6)]; + X[0] = Z[2] ^ S5[z( 5)] ^ S6[z( 7)] ^ S7[z( 4)] ^ S8[z( 6)] ^ S7[z( 0)]; + X[1] = Z[0] ^ S5[x( 0)] ^ S6[x( 2)] ^ S7[x( 1)] ^ S8[x( 3)] ^ S8[z( 2)]; + X[2] = Z[1] ^ S5[x( 7)] ^ S6[x( 6)] ^ S7[x( 5)] ^ S8[x( 4)] ^ S5[z( 1)]; + X[3] = Z[3] ^ S5[x(10)] ^ S6[x( 9)] ^ S7[x(11)] ^ S8[x( 8)] ^ S6[z( 3)]; + K[12] = S5[x( 8)] ^ S6[x( 9)] ^ S7[x( 7)] ^ S8[x( 6)] ^ S5[x( 3)]; + K[13] = S5[x(10)] ^ S6[x(11)] ^ S7[x( 5)] ^ S8[x( 4)] ^ S6[x( 7)]; + K[14] = S5[x(12)] ^ S6[x(13)] ^ S7[x( 3)] ^ S8[x( 2)] ^ S7[x( 8)]; + K[15] = S5[x(14)] ^ S6[x(15)] ^ S7[x( 1)] ^ S8[x( 0)] ^ S8[x(13)]; + } + +} diff --git a/src/cipher/cast/cast128.h b/src/cipher/cast/cast128.h new file mode 100644 index 000000000..0a7c53864 --- /dev/null +++ b/src/cipher/cast/cast128.h @@ -0,0 +1,45 @@ +/************************************************* +* CAST-128 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_CAST128_H__ +#define BOTAN_CAST128_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* CAST-128 * +*************************************************/ +class BOTAN_DLL CAST_128 : public BlockCipher + { + public: + void clear() throw() { MK.clear(); RK.clear(); } + std::string name() const { return "CAST-128"; } + BlockCipher* clone() const { return new CAST_128; } + CAST_128() : BlockCipher(8, 11, 16) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + + static void key_schedule(u32bit[16], u32bit[4]); + + static const u32bit S5[256]; + static const u32bit S6[256]; + static const u32bit S7[256]; + static const u32bit S8[256]; + + SecureBuffer<u32bit, 16> MK, RK; + }; + +extern const u32bit CAST_SBOX1[256]; +extern const u32bit CAST_SBOX2[256]; +extern const u32bit CAST_SBOX3[256]; +extern const u32bit CAST_SBOX4[256]; + +} + +#endif diff --git a/src/cipher/cast/cast256.cpp b/src/cipher/cast/cast256.cpp new file mode 100644 index 000000000..24d3e0078 --- /dev/null +++ b/src/cipher/cast/cast256.cpp @@ -0,0 +1,163 @@ +/************************************************* +* CAST-256 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/cast256.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* CAST-256 Round Type 1 * +*************************************************/ +void round1(u32bit& out, u32bit in, u32bit mask, u32bit rot) + { + u32bit temp = rotate_left(mask + in, rot); + out ^= (CAST_SBOX1[get_byte(0, temp)] ^ CAST_SBOX2[get_byte(1, temp)]) - + CAST_SBOX3[get_byte(2, temp)] + CAST_SBOX4[get_byte(3, temp)]; + } + +/************************************************* +* CAST-256 Round Type 2 * +*************************************************/ +void round2(u32bit& out, u32bit in, u32bit mask, u32bit rot) + { + u32bit temp = rotate_left(mask ^ in, rot); + out ^= (CAST_SBOX1[get_byte(0, temp)] - CAST_SBOX2[get_byte(1, temp)] + + CAST_SBOX3[get_byte(2, temp)]) ^ CAST_SBOX4[get_byte(3, temp)]; + } + +/************************************************* +* CAST-256 Round Type 3 * +*************************************************/ +void round3(u32bit& out, u32bit in, u32bit mask, u32bit rot) + { + u32bit temp = rotate_left(mask - in, rot); + out ^= ((CAST_SBOX1[get_byte(0, temp)] + CAST_SBOX2[get_byte(1, temp)]) ^ + CAST_SBOX3[get_byte(2, temp)]) - CAST_SBOX4[get_byte(3, temp)]; + } + +} + +/************************************************* +* CAST-256 Encryption * +*************************************************/ +void CAST_256::enc(const byte in[], byte out[]) const + { + u32bit A = load_be<u32bit>(in, 0); + u32bit B = load_be<u32bit>(in, 1); + u32bit C = load_be<u32bit>(in, 2); + u32bit D = load_be<u32bit>(in, 3); + + round1(C, D, MK[ 0], RK[ 0]); round2(B, C, MK[ 1], RK[ 1]); + round3(A, B, MK[ 2], RK[ 2]); round1(D, A, MK[ 3], RK[ 3]); + round1(C, D, MK[ 4], RK[ 4]); round2(B, C, MK[ 5], RK[ 5]); + round3(A, B, MK[ 6], RK[ 6]); round1(D, A, MK[ 7], RK[ 7]); + round1(C, D, MK[ 8], RK[ 8]); round2(B, C, MK[ 9], RK[ 9]); + round3(A, B, MK[10], RK[10]); round1(D, A, MK[11], RK[11]); + round1(C, D, MK[12], RK[12]); round2(B, C, MK[13], RK[13]); + round3(A, B, MK[14], RK[14]); round1(D, A, MK[15], RK[15]); + round1(C, D, MK[16], RK[16]); round2(B, C, MK[17], RK[17]); + round3(A, B, MK[18], RK[18]); round1(D, A, MK[19], RK[19]); + round1(C, D, MK[20], RK[20]); round2(B, C, MK[21], RK[21]); + round3(A, B, MK[22], RK[22]); round1(D, A, MK[23], RK[23]); + round1(D, A, MK[27], RK[27]); round3(A, B, MK[26], RK[26]); + round2(B, C, MK[25], RK[25]); round1(C, D, MK[24], RK[24]); + round1(D, A, MK[31], RK[31]); round3(A, B, MK[30], RK[30]); + round2(B, C, MK[29], RK[29]); round1(C, D, MK[28], RK[28]); + round1(D, A, MK[35], RK[35]); round3(A, B, MK[34], RK[34]); + round2(B, C, MK[33], RK[33]); round1(C, D, MK[32], RK[32]); + round1(D, A, MK[39], RK[39]); round3(A, B, MK[38], RK[38]); + round2(B, C, MK[37], RK[37]); round1(C, D, MK[36], RK[36]); + round1(D, A, MK[43], RK[43]); round3(A, B, MK[42], RK[42]); + round2(B, C, MK[41], RK[41]); round1(C, D, MK[40], RK[40]); + round1(D, A, MK[47], RK[47]); round3(A, B, MK[46], RK[46]); + round2(B, C, MK[45], RK[45]); round1(C, D, MK[44], RK[44]); + + store_be(out, A, B, C, D); + } + +/************************************************* +* CAST-256 Decryption * +*************************************************/ +void CAST_256::dec(const byte in[], byte out[]) const + { + u32bit A = load_be<u32bit>(in, 0); + u32bit B = load_be<u32bit>(in, 1); + u32bit C = load_be<u32bit>(in, 2); + u32bit D = load_be<u32bit>(in, 3); + + round1(C, D, MK[44], RK[44]); round2(B, C, MK[45], RK[45]); + round3(A, B, MK[46], RK[46]); round1(D, A, MK[47], RK[47]); + round1(C, D, MK[40], RK[40]); round2(B, C, MK[41], RK[41]); + round3(A, B, MK[42], RK[42]); round1(D, A, MK[43], RK[43]); + round1(C, D, MK[36], RK[36]); round2(B, C, MK[37], RK[37]); + round3(A, B, MK[38], RK[38]); round1(D, A, MK[39], RK[39]); + round1(C, D, MK[32], RK[32]); round2(B, C, MK[33], RK[33]); + round3(A, B, MK[34], RK[34]); round1(D, A, MK[35], RK[35]); + round1(C, D, MK[28], RK[28]); round2(B, C, MK[29], RK[29]); + round3(A, B, MK[30], RK[30]); round1(D, A, MK[31], RK[31]); + round1(C, D, MK[24], RK[24]); round2(B, C, MK[25], RK[25]); + round3(A, B, MK[26], RK[26]); round1(D, A, MK[27], RK[27]); + round1(D, A, MK[23], RK[23]); round3(A, B, MK[22], RK[22]); + round2(B, C, MK[21], RK[21]); round1(C, D, MK[20], RK[20]); + round1(D, A, MK[19], RK[19]); round3(A, B, MK[18], RK[18]); + round2(B, C, MK[17], RK[17]); round1(C, D, MK[16], RK[16]); + round1(D, A, MK[15], RK[15]); round3(A, B, MK[14], RK[14]); + round2(B, C, MK[13], RK[13]); round1(C, D, MK[12], RK[12]); + round1(D, A, MK[11], RK[11]); round3(A, B, MK[10], RK[10]); + round2(B, C, MK[ 9], RK[ 9]); round1(C, D, MK[ 8], RK[ 8]); + round1(D, A, MK[ 7], RK[ 7]); round3(A, B, MK[ 6], RK[ 6]); + round2(B, C, MK[ 5], RK[ 5]); round1(C, D, MK[ 4], RK[ 4]); + round1(D, A, MK[ 3], RK[ 3]); round3(A, B, MK[ 2], RK[ 2]); + round2(B, C, MK[ 1], RK[ 1]); round1(C, D, MK[ 0], RK[ 0]); + + store_be(out, A, B, C, D); + } + +/************************************************* +* CAST-256 Key Schedule * +*************************************************/ +void CAST_256::key(const byte key[], u32bit length) + { + SecureBuffer<u32bit, 8> TMP; + for(u32bit j = 0; j != length; ++j) + TMP[j/4] = (TMP[j/4] << 8) + key[j]; + + u32bit A = TMP[0], B = TMP[1], C = TMP[2], D = TMP[3], + E = TMP[4], F = TMP[5], G = TMP[6], H = TMP[7]; + for(u32bit j = 0; j != 48; j += 4) + { + round1(G, H, KEY_MASK[4*j+ 0], KEY_ROT[(4*j+ 0) % 32]); + round2(F, G, KEY_MASK[4*j+ 1], KEY_ROT[(4*j+ 1) % 32]); + round3(E, F, KEY_MASK[4*j+ 2], KEY_ROT[(4*j+ 2) % 32]); + round1(D, E, KEY_MASK[4*j+ 3], KEY_ROT[(4*j+ 3) % 32]); + round2(C, D, KEY_MASK[4*j+ 4], KEY_ROT[(4*j+ 4) % 32]); + round3(B, C, KEY_MASK[4*j+ 5], KEY_ROT[(4*j+ 5) % 32]); + round1(A, B, KEY_MASK[4*j+ 6], KEY_ROT[(4*j+ 6) % 32]); + round2(H, A, KEY_MASK[4*j+ 7], KEY_ROT[(4*j+ 7) % 32]); + round1(G, H, KEY_MASK[4*j+ 8], KEY_ROT[(4*j+ 8) % 32]); + round2(F, G, KEY_MASK[4*j+ 9], KEY_ROT[(4*j+ 9) % 32]); + round3(E, F, KEY_MASK[4*j+10], KEY_ROT[(4*j+10) % 32]); + round1(D, E, KEY_MASK[4*j+11], KEY_ROT[(4*j+11) % 32]); + round2(C, D, KEY_MASK[4*j+12], KEY_ROT[(4*j+12) % 32]); + round3(B, C, KEY_MASK[4*j+13], KEY_ROT[(4*j+13) % 32]); + round1(A, B, KEY_MASK[4*j+14], KEY_ROT[(4*j+14) % 32]); + round2(H, A, KEY_MASK[4*j+15], KEY_ROT[(4*j+15) % 32]); + + RK[j ] = (A % 32); + RK[j+1] = (C % 32); + RK[j+2] = (E % 32); + RK[j+3] = (G % 32); + MK[j ] = H; + MK[j+1] = F; + MK[j+2] = D; + MK[j+3] = B; + } + } + +} diff --git a/src/cipher/cast/cast256.h b/src/cipher/cast/cast256.h new file mode 100644 index 000000000..d4b7c6b18 --- /dev/null +++ b/src/cipher/cast/cast256.h @@ -0,0 +1,42 @@ +/************************************************* +* CAST-256 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_CAST256_H__ +#define BOTAN_CAST256_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* CAST-256 * +*************************************************/ +class BOTAN_DLL CAST_256 : public BlockCipher + { + public: + void clear() throw() { MK.clear(); RK.clear(); } + std::string name() const { return "CAST-256"; } + BlockCipher* clone() const { return new CAST_256; } + CAST_256() : BlockCipher(16, 4, 32, 4) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + + static const u32bit KEY_MASK[192]; + static const byte KEY_ROT[32]; + + SecureBuffer<u32bit, 48> MK; + SecureBuffer<byte, 48> RK; + }; + +extern const u32bit CAST_SBOX1[256]; +extern const u32bit CAST_SBOX2[256]; +extern const u32bit CAST_SBOX3[256]; +extern const u32bit CAST_SBOX4[256]; + +} + +#endif diff --git a/src/cipher/cast/cast_tab.cpp b/src/cipher/cast/cast_tab.cpp new file mode 100644 index 000000000..3edab713f --- /dev/null +++ b/src/cipher/cast/cast_tab.cpp @@ -0,0 +1,410 @@ +/************************************************* +* S-Box Tables for CAST-128 and CAST-256 * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/cast128.h> +#include <botan/cast256.h> + +namespace Botan { + +const u32bit CAST_SBOX1[256] = { + 0x30FB40D4, 0x9FA0FF0B, 0x6BECCD2F, 0x3F258C7A, 0x1E213F2F, 0x9C004DD3, + 0x6003E540, 0xCF9FC949, 0xBFD4AF27, 0x88BBBDB5, 0xE2034090, 0x98D09675, + 0x6E63A0E0, 0x15C361D2, 0xC2E7661D, 0x22D4FF8E, 0x28683B6F, 0xC07FD059, + 0xFF2379C8, 0x775F50E2, 0x43C340D3, 0xDF2F8656, 0x887CA41A, 0xA2D2BD2D, + 0xA1C9E0D6, 0x346C4819, 0x61B76D87, 0x22540F2F, 0x2ABE32E1, 0xAA54166B, + 0x22568E3A, 0xA2D341D0, 0x66DB40C8, 0xA784392F, 0x004DFF2F, 0x2DB9D2DE, + 0x97943FAC, 0x4A97C1D8, 0x527644B7, 0xB5F437A7, 0xB82CBAEF, 0xD751D159, + 0x6FF7F0ED, 0x5A097A1F, 0x827B68D0, 0x90ECF52E, 0x22B0C054, 0xBC8E5935, + 0x4B6D2F7F, 0x50BB64A2, 0xD2664910, 0xBEE5812D, 0xB7332290, 0xE93B159F, + 0xB48EE411, 0x4BFF345D, 0xFD45C240, 0xAD31973F, 0xC4F6D02E, 0x55FC8165, + 0xD5B1CAAD, 0xA1AC2DAE, 0xA2D4B76D, 0xC19B0C50, 0x882240F2, 0x0C6E4F38, + 0xA4E4BFD7, 0x4F5BA272, 0x564C1D2F, 0xC59C5319, 0xB949E354, 0xB04669FE, + 0xB1B6AB8A, 0xC71358DD, 0x6385C545, 0x110F935D, 0x57538AD5, 0x6A390493, + 0xE63D37E0, 0x2A54F6B3, 0x3A787D5F, 0x6276A0B5, 0x19A6FCDF, 0x7A42206A, + 0x29F9D4D5, 0xF61B1891, 0xBB72275E, 0xAA508167, 0x38901091, 0xC6B505EB, + 0x84C7CB8C, 0x2AD75A0F, 0x874A1427, 0xA2D1936B, 0x2AD286AF, 0xAA56D291, + 0xD7894360, 0x425C750D, 0x93B39E26, 0x187184C9, 0x6C00B32D, 0x73E2BB14, + 0xA0BEBC3C, 0x54623779, 0x64459EAB, 0x3F328B82, 0x7718CF82, 0x59A2CEA6, + 0x04EE002E, 0x89FE78E6, 0x3FAB0950, 0x325FF6C2, 0x81383F05, 0x6963C5C8, + 0x76CB5AD6, 0xD49974C9, 0xCA180DCF, 0x380782D5, 0xC7FA5CF6, 0x8AC31511, + 0x35E79E13, 0x47DA91D0, 0xF40F9086, 0xA7E2419E, 0x31366241, 0x051EF495, + 0xAA573B04, 0x4A805D8D, 0x548300D0, 0x00322A3C, 0xBF64CDDF, 0xBA57A68E, + 0x75C6372B, 0x50AFD341, 0xA7C13275, 0x915A0BF5, 0x6B54BFAB, 0x2B0B1426, + 0xAB4CC9D7, 0x449CCD82, 0xF7FBF265, 0xAB85C5F3, 0x1B55DB94, 0xAAD4E324, + 0xCFA4BD3F, 0x2DEAA3E2, 0x9E204D02, 0xC8BD25AC, 0xEADF55B3, 0xD5BD9E98, + 0xE31231B2, 0x2AD5AD6C, 0x954329DE, 0xADBE4528, 0xD8710F69, 0xAA51C90F, + 0xAA786BF6, 0x22513F1E, 0xAA51A79B, 0x2AD344CC, 0x7B5A41F0, 0xD37CFBAD, + 0x1B069505, 0x41ECE491, 0xB4C332E6, 0x032268D4, 0xC9600ACC, 0xCE387E6D, + 0xBF6BB16C, 0x6A70FB78, 0x0D03D9C9, 0xD4DF39DE, 0xE01063DA, 0x4736F464, + 0x5AD328D8, 0xB347CC96, 0x75BB0FC3, 0x98511BFB, 0x4FFBCC35, 0xB58BCF6A, + 0xE11F0ABC, 0xBFC5FE4A, 0xA70AEC10, 0xAC39570A, 0x3F04442F, 0x6188B153, + 0xE0397A2E, 0x5727CB79, 0x9CEB418F, 0x1CACD68D, 0x2AD37C96, 0x0175CB9D, + 0xC69DFF09, 0xC75B65F0, 0xD9DB40D8, 0xEC0E7779, 0x4744EAD4, 0xB11C3274, + 0xDD24CB9E, 0x7E1C54BD, 0xF01144F9, 0xD2240EB1, 0x9675B3FD, 0xA3AC3755, + 0xD47C27AF, 0x51C85F4D, 0x56907596, 0xA5BB15E6, 0x580304F0, 0xCA042CF1, + 0x011A37EA, 0x8DBFAADB, 0x35BA3E4A, 0x3526FFA0, 0xC37B4D09, 0xBC306ED9, + 0x98A52666, 0x5648F725, 0xFF5E569D, 0x0CED63D0, 0x7C63B2CF, 0x700B45E1, + 0xD5EA50F1, 0x85A92872, 0xAF1FBDA7, 0xD4234870, 0xA7870BF3, 0x2D3B4D79, + 0x42E04198, 0x0CD0EDE7, 0x26470DB8, 0xF881814C, 0x474D6AD7, 0x7C0C5E5C, + 0xD1231959, 0x381B7298, 0xF5D2F4DB, 0xAB838653, 0x6E2F1E23, 0x83719C9E, + 0xBD91E046, 0x9A56456E, 0xDC39200C, 0x20C8C571, 0x962BDA1C, 0xE1E696FF, + 0xB141AB08, 0x7CCA89B9, 0x1A69E783, 0x02CC4843, 0xA2F7C579, 0x429EF47D, + 0x427B169C, 0x5AC9F049, 0xDD8F0F00, 0x5C8165BF }; + +const u32bit CAST_SBOX2[256] = { + 0x1F201094, 0xEF0BA75B, 0x69E3CF7E, 0x393F4380, 0xFE61CF7A, 0xEEC5207A, + 0x55889C94, 0x72FC0651, 0xADA7EF79, 0x4E1D7235, 0xD55A63CE, 0xDE0436BA, + 0x99C430EF, 0x5F0C0794, 0x18DCDB7D, 0xA1D6EFF3, 0xA0B52F7B, 0x59E83605, + 0xEE15B094, 0xE9FFD909, 0xDC440086, 0xEF944459, 0xBA83CCB3, 0xE0C3CDFB, + 0xD1DA4181, 0x3B092AB1, 0xF997F1C1, 0xA5E6CF7B, 0x01420DDB, 0xE4E7EF5B, + 0x25A1FF41, 0xE180F806, 0x1FC41080, 0x179BEE7A, 0xD37AC6A9, 0xFE5830A4, + 0x98DE8B7F, 0x77E83F4E, 0x79929269, 0x24FA9F7B, 0xE113C85B, 0xACC40083, + 0xD7503525, 0xF7EA615F, 0x62143154, 0x0D554B63, 0x5D681121, 0xC866C359, + 0x3D63CF73, 0xCEE234C0, 0xD4D87E87, 0x5C672B21, 0x071F6181, 0x39F7627F, + 0x361E3084, 0xE4EB573B, 0x602F64A4, 0xD63ACD9C, 0x1BBC4635, 0x9E81032D, + 0x2701F50C, 0x99847AB4, 0xA0E3DF79, 0xBA6CF38C, 0x10843094, 0x2537A95E, + 0xF46F6FFE, 0xA1FF3B1F, 0x208CFB6A, 0x8F458C74, 0xD9E0A227, 0x4EC73A34, + 0xFC884F69, 0x3E4DE8DF, 0xEF0E0088, 0x3559648D, 0x8A45388C, 0x1D804366, + 0x721D9BFD, 0xA58684BB, 0xE8256333, 0x844E8212, 0x128D8098, 0xFED33FB4, + 0xCE280AE1, 0x27E19BA5, 0xD5A6C252, 0xE49754BD, 0xC5D655DD, 0xEB667064, + 0x77840B4D, 0xA1B6A801, 0x84DB26A9, 0xE0B56714, 0x21F043B7, 0xE5D05860, + 0x54F03084, 0x066FF472, 0xA31AA153, 0xDADC4755, 0xB5625DBF, 0x68561BE6, + 0x83CA6B94, 0x2D6ED23B, 0xECCF01DB, 0xA6D3D0BA, 0xB6803D5C, 0xAF77A709, + 0x33B4A34C, 0x397BC8D6, 0x5EE22B95, 0x5F0E5304, 0x81ED6F61, 0x20E74364, + 0xB45E1378, 0xDE18639B, 0x881CA122, 0xB96726D1, 0x8049A7E8, 0x22B7DA7B, + 0x5E552D25, 0x5272D237, 0x79D2951C, 0xC60D894C, 0x488CB402, 0x1BA4FE5B, + 0xA4B09F6B, 0x1CA815CF, 0xA20C3005, 0x8871DF63, 0xB9DE2FCB, 0x0CC6C9E9, + 0x0BEEFF53, 0xE3214517, 0xB4542835, 0x9F63293C, 0xEE41E729, 0x6E1D2D7C, + 0x50045286, 0x1E6685F3, 0xF33401C6, 0x30A22C95, 0x31A70850, 0x60930F13, + 0x73F98417, 0xA1269859, 0xEC645C44, 0x52C877A9, 0xCDFF33A6, 0xA02B1741, + 0x7CBAD9A2, 0x2180036F, 0x50D99C08, 0xCB3F4861, 0xC26BD765, 0x64A3F6AB, + 0x80342676, 0x25A75E7B, 0xE4E6D1FC, 0x20C710E6, 0xCDF0B680, 0x17844D3B, + 0x31EEF84D, 0x7E0824E4, 0x2CCB49EB, 0x846A3BAE, 0x8FF77888, 0xEE5D60F6, + 0x7AF75673, 0x2FDD5CDB, 0xA11631C1, 0x30F66F43, 0xB3FAEC54, 0x157FD7FA, + 0xEF8579CC, 0xD152DE58, 0xDB2FFD5E, 0x8F32CE19, 0x306AF97A, 0x02F03EF8, + 0x99319AD5, 0xC242FA0F, 0xA7E3EBB0, 0xC68E4906, 0xB8DA230C, 0x80823028, + 0xDCDEF3C8, 0xD35FB171, 0x088A1BC8, 0xBEC0C560, 0x61A3C9E8, 0xBCA8F54D, + 0xC72FEFFA, 0x22822E99, 0x82C570B4, 0xD8D94E89, 0x8B1C34BC, 0x301E16E6, + 0x273BE979, 0xB0FFEAA6, 0x61D9B8C6, 0x00B24869, 0xB7FFCE3F, 0x08DC283B, + 0x43DAF65A, 0xF7E19798, 0x7619B72F, 0x8F1C9BA4, 0xDC8637A0, 0x16A7D3B1, + 0x9FC393B7, 0xA7136EEB, 0xC6BCC63E, 0x1A513742, 0xEF6828BC, 0x520365D6, + 0x2D6A77AB, 0x3527ED4B, 0x821FD216, 0x095C6E2E, 0xDB92F2FB, 0x5EEA29CB, + 0x145892F5, 0x91584F7F, 0x5483697B, 0x2667A8CC, 0x85196048, 0x8C4BACEA, + 0x833860D4, 0x0D23E0F9, 0x6C387E8A, 0x0AE6D249, 0xB284600C, 0xD835731D, + 0xDCB1C647, 0xAC4C56EA, 0x3EBD81B3, 0x230EABB0, 0x6438BC87, 0xF0B5B1FA, + 0x8F5EA2B3, 0xFC184642, 0x0A036B7A, 0x4FB089BD, 0x649DA589, 0xA345415E, + 0x5C038323, 0x3E5D3BB9, 0x43D79572, 0x7E6DD07C, 0x06DFDF1E, 0x6C6CC4EF, + 0x7160A539, 0x73BFBE70, 0x83877605, 0x4523ECF1 }; + +const u32bit CAST_SBOX3[256] = { + 0x8DEFC240, 0x25FA5D9F, 0xEB903DBF, 0xE810C907, 0x47607FFF, 0x369FE44B, + 0x8C1FC644, 0xAECECA90, 0xBEB1F9BF, 0xEEFBCAEA, 0xE8CF1950, 0x51DF07AE, + 0x920E8806, 0xF0AD0548, 0xE13C8D83, 0x927010D5, 0x11107D9F, 0x07647DB9, + 0xB2E3E4D4, 0x3D4F285E, 0xB9AFA820, 0xFADE82E0, 0xA067268B, 0x8272792E, + 0x553FB2C0, 0x489AE22B, 0xD4EF9794, 0x125E3FBC, 0x21FFFCEE, 0x825B1BFD, + 0x9255C5ED, 0x1257A240, 0x4E1A8302, 0xBAE07FFF, 0x528246E7, 0x8E57140E, + 0x3373F7BF, 0x8C9F8188, 0xA6FC4EE8, 0xC982B5A5, 0xA8C01DB7, 0x579FC264, + 0x67094F31, 0xF2BD3F5F, 0x40FFF7C1, 0x1FB78DFC, 0x8E6BD2C1, 0x437BE59B, + 0x99B03DBF, 0xB5DBC64B, 0x638DC0E6, 0x55819D99, 0xA197C81C, 0x4A012D6E, + 0xC5884A28, 0xCCC36F71, 0xB843C213, 0x6C0743F1, 0x8309893C, 0x0FEDDD5F, + 0x2F7FE850, 0xD7C07F7E, 0x02507FBF, 0x5AFB9A04, 0xA747D2D0, 0x1651192E, + 0xAF70BF3E, 0x58C31380, 0x5F98302E, 0x727CC3C4, 0x0A0FB402, 0x0F7FEF82, + 0x8C96FDAD, 0x5D2C2AAE, 0x8EE99A49, 0x50DA88B8, 0x8427F4A0, 0x1EAC5790, + 0x796FB449, 0x8252DC15, 0xEFBD7D9B, 0xA672597D, 0xADA840D8, 0x45F54504, + 0xFA5D7403, 0xE83EC305, 0x4F91751A, 0x925669C2, 0x23EFE941, 0xA903F12E, + 0x60270DF2, 0x0276E4B6, 0x94FD6574, 0x927985B2, 0x8276DBCB, 0x02778176, + 0xF8AF918D, 0x4E48F79E, 0x8F616DDF, 0xE29D840E, 0x842F7D83, 0x340CE5C8, + 0x96BBB682, 0x93B4B148, 0xEF303CAB, 0x984FAF28, 0x779FAF9B, 0x92DC560D, + 0x224D1E20, 0x8437AA88, 0x7D29DC96, 0x2756D3DC, 0x8B907CEE, 0xB51FD240, + 0xE7C07CE3, 0xE566B4A1, 0xC3E9615E, 0x3CF8209D, 0x6094D1E3, 0xCD9CA341, + 0x5C76460E, 0x00EA983B, 0xD4D67881, 0xFD47572C, 0xF76CEDD9, 0xBDA8229C, + 0x127DADAA, 0x438A074E, 0x1F97C090, 0x081BDB8A, 0x93A07EBE, 0xB938CA15, + 0x97B03CFF, 0x3DC2C0F8, 0x8D1AB2EC, 0x64380E51, 0x68CC7BFB, 0xD90F2788, + 0x12490181, 0x5DE5FFD4, 0xDD7EF86A, 0x76A2E214, 0xB9A40368, 0x925D958F, + 0x4B39FFFA, 0xBA39AEE9, 0xA4FFD30B, 0xFAF7933B, 0x6D498623, 0x193CBCFA, + 0x27627545, 0x825CF47A, 0x61BD8BA0, 0xD11E42D1, 0xCEAD04F4, 0x127EA392, + 0x10428DB7, 0x8272A972, 0x9270C4A8, 0x127DE50B, 0x285BA1C8, 0x3C62F44F, + 0x35C0EAA5, 0xE805D231, 0x428929FB, 0xB4FCDF82, 0x4FB66A53, 0x0E7DC15B, + 0x1F081FAB, 0x108618AE, 0xFCFD086D, 0xF9FF2889, 0x694BCC11, 0x236A5CAE, + 0x12DECA4D, 0x2C3F8CC5, 0xD2D02DFE, 0xF8EF5896, 0xE4CF52DA, 0x95155B67, + 0x494A488C, 0xB9B6A80C, 0x5C8F82BC, 0x89D36B45, 0x3A609437, 0xEC00C9A9, + 0x44715253, 0x0A874B49, 0xD773BC40, 0x7C34671C, 0x02717EF6, 0x4FEB5536, + 0xA2D02FFF, 0xD2BF60C4, 0xD43F03C0, 0x50B4EF6D, 0x07478CD1, 0x006E1888, + 0xA2E53F55, 0xB9E6D4BC, 0xA2048016, 0x97573833, 0xD7207D67, 0xDE0F8F3D, + 0x72F87B33, 0xABCC4F33, 0x7688C55D, 0x7B00A6B0, 0x947B0001, 0x570075D2, + 0xF9BB88F8, 0x8942019E, 0x4264A5FF, 0x856302E0, 0x72DBD92B, 0xEE971B69, + 0x6EA22FDE, 0x5F08AE2B, 0xAF7A616D, 0xE5C98767, 0xCF1FEBD2, 0x61EFC8C2, + 0xF1AC2571, 0xCC8239C2, 0x67214CB8, 0xB1E583D1, 0xB7DC3E62, 0x7F10BDCE, + 0xF90A5C38, 0x0FF0443D, 0x606E6DC6, 0x60543A49, 0x5727C148, 0x2BE98A1D, + 0x8AB41738, 0x20E1BE24, 0xAF96DA0F, 0x68458425, 0x99833BE5, 0x600D457D, + 0x282F9350, 0x8334B362, 0xD91D1120, 0x2B6D8DA0, 0x642B1E31, 0x9C305A00, + 0x52BCE688, 0x1B03588A, 0xF7BAEFD5, 0x4142ED9C, 0xA4315C11, 0x83323EC5, + 0xDFEF4636, 0xA133C501, 0xE9D3531C, 0xEE353783 }; + +const u32bit CAST_SBOX4[256] = { + 0x9DB30420, 0x1FB6E9DE, 0xA7BE7BEF, 0xD273A298, 0x4A4F7BDB, 0x64AD8C57, + 0x85510443, 0xFA020ED1, 0x7E287AFF, 0xE60FB663, 0x095F35A1, 0x79EBF120, + 0xFD059D43, 0x6497B7B1, 0xF3641F63, 0x241E4ADF, 0x28147F5F, 0x4FA2B8CD, + 0xC9430040, 0x0CC32220, 0xFDD30B30, 0xC0A5374F, 0x1D2D00D9, 0x24147B15, + 0xEE4D111A, 0x0FCA5167, 0x71FF904C, 0x2D195FFE, 0x1A05645F, 0x0C13FEFE, + 0x081B08CA, 0x05170121, 0x80530100, 0xE83E5EFE, 0xAC9AF4F8, 0x7FE72701, + 0xD2B8EE5F, 0x06DF4261, 0xBB9E9B8A, 0x7293EA25, 0xCE84FFDF, 0xF5718801, + 0x3DD64B04, 0xA26F263B, 0x7ED48400, 0x547EEBE6, 0x446D4CA0, 0x6CF3D6F5, + 0x2649ABDF, 0xAEA0C7F5, 0x36338CC1, 0x503F7E93, 0xD3772061, 0x11B638E1, + 0x72500E03, 0xF80EB2BB, 0xABE0502E, 0xEC8D77DE, 0x57971E81, 0xE14F6746, + 0xC9335400, 0x6920318F, 0x081DBB99, 0xFFC304A5, 0x4D351805, 0x7F3D5CE3, + 0xA6C866C6, 0x5D5BCCA9, 0xDAEC6FEA, 0x9F926F91, 0x9F46222F, 0x3991467D, + 0xA5BF6D8E, 0x1143C44F, 0x43958302, 0xD0214EEB, 0x022083B8, 0x3FB6180C, + 0x18F8931E, 0x281658E6, 0x26486E3E, 0x8BD78A70, 0x7477E4C1, 0xB506E07C, + 0xF32D0A25, 0x79098B02, 0xE4EABB81, 0x28123B23, 0x69DEAD38, 0x1574CA16, + 0xDF871B62, 0x211C40B7, 0xA51A9EF9, 0x0014377B, 0x041E8AC8, 0x09114003, + 0xBD59E4D2, 0xE3D156D5, 0x4FE876D5, 0x2F91A340, 0x557BE8DE, 0x00EAE4A7, + 0x0CE5C2EC, 0x4DB4BBA6, 0xE756BDFF, 0xDD3369AC, 0xEC17B035, 0x06572327, + 0x99AFC8B0, 0x56C8C391, 0x6B65811C, 0x5E146119, 0x6E85CB75, 0xBE07C002, + 0xC2325577, 0x893FF4EC, 0x5BBFC92D, 0xD0EC3B25, 0xB7801AB7, 0x8D6D3B24, + 0x20C763EF, 0xC366A5FC, 0x9C382880, 0x0ACE3205, 0xAAC9548A, 0xECA1D7C7, + 0x041AFA32, 0x1D16625A, 0x6701902C, 0x9B757A54, 0x31D477F7, 0x9126B031, + 0x36CC6FDB, 0xC70B8B46, 0xD9E66A48, 0x56E55A79, 0x026A4CEB, 0x52437EFF, + 0x2F8F76B4, 0x0DF980A5, 0x8674CDE3, 0xEDDA04EB, 0x17A9BE04, 0x2C18F4DF, + 0xB7747F9D, 0xAB2AF7B4, 0xEFC34D20, 0x2E096B7C, 0x1741A254, 0xE5B6A035, + 0x213D42F6, 0x2C1C7C26, 0x61C2F50F, 0x6552DAF9, 0xD2C231F8, 0x25130F69, + 0xD8167FA2, 0x0418F2C8, 0x001A96A6, 0x0D1526AB, 0x63315C21, 0x5E0A72EC, + 0x49BAFEFD, 0x187908D9, 0x8D0DBD86, 0x311170A7, 0x3E9B640C, 0xCC3E10D7, + 0xD5CAD3B6, 0x0CAEC388, 0xF73001E1, 0x6C728AFF, 0x71EAE2A1, 0x1F9AF36E, + 0xCFCBD12F, 0xC1DE8417, 0xAC07BE6B, 0xCB44A1D8, 0x8B9B0F56, 0x013988C3, + 0xB1C52FCA, 0xB4BE31CD, 0xD8782806, 0x12A3A4E2, 0x6F7DE532, 0x58FD7EB6, + 0xD01EE900, 0x24ADFFC2, 0xF4990FC5, 0x9711AAC5, 0x001D7B95, 0x82E5E7D2, + 0x109873F6, 0x00613096, 0xC32D9521, 0xADA121FF, 0x29908415, 0x7FBB977F, + 0xAF9EB3DB, 0x29C9ED2A, 0x5CE2A465, 0xA730F32C, 0xD0AA3FE8, 0x8A5CC091, + 0xD49E2CE7, 0x0CE454A9, 0xD60ACD86, 0x015F1919, 0x77079103, 0xDEA03AF6, + 0x78A8565E, 0xDEE356DF, 0x21F05CBE, 0x8B75E387, 0xB3C50651, 0xB8A5C3EF, + 0xD8EEB6D2, 0xE523BE77, 0xC2154529, 0x2F69EFDF, 0xAFE67AFB, 0xF470C4B2, + 0xF3E0EB5B, 0xD6CC9876, 0x39E4460C, 0x1FDA8538, 0x1987832F, 0xCA007367, + 0xA99144F8, 0x296B299E, 0x492FC295, 0x9266BEAB, 0xB5676E69, 0x9BD3DDDA, + 0xDF7E052F, 0xDB25701C, 0x1B5E51EE, 0xF65324E6, 0x6AFCE36C, 0x0316CC04, + 0x8644213E, 0xB7DC59D0, 0x7965291F, 0xCCD6FD43, 0x41823979, 0x932BCDF6, + 0xB657C34D, 0x4EDFD282, 0x7AE5290C, 0x3CB9536B, 0x851E20FE, 0x9833557E, + 0x13ECF0B0, 0xD3FFB372, 0x3F85C5C1, 0x0AEF7ED2 }; + +const u32bit CAST_128::S5[256] = { + 0x7EC90C04, 0x2C6E74B9, 0x9B0E66DF, 0xA6337911, 0xB86A7FFF, 0x1DD358F5, + 0x44DD9D44, 0x1731167F, 0x08FBF1FA, 0xE7F511CC, 0xD2051B00, 0x735ABA00, + 0x2AB722D8, 0x386381CB, 0xACF6243A, 0x69BEFD7A, 0xE6A2E77F, 0xF0C720CD, + 0xC4494816, 0xCCF5C180, 0x38851640, 0x15B0A848, 0xE68B18CB, 0x4CAADEFF, + 0x5F480A01, 0x0412B2AA, 0x259814FC, 0x41D0EFE2, 0x4E40B48D, 0x248EB6FB, + 0x8DBA1CFE, 0x41A99B02, 0x1A550A04, 0xBA8F65CB, 0x7251F4E7, 0x95A51725, + 0xC106ECD7, 0x97A5980A, 0xC539B9AA, 0x4D79FE6A, 0xF2F3F763, 0x68AF8040, + 0xED0C9E56, 0x11B4958B, 0xE1EB5A88, 0x8709E6B0, 0xD7E07156, 0x4E29FEA7, + 0x6366E52D, 0x02D1C000, 0xC4AC8E05, 0x9377F571, 0x0C05372A, 0x578535F2, + 0x2261BE02, 0xD642A0C9, 0xDF13A280, 0x74B55BD2, 0x682199C0, 0xD421E5EC, + 0x53FB3CE8, 0xC8ADEDB3, 0x28A87FC9, 0x3D959981, 0x5C1FF900, 0xFE38D399, + 0x0C4EFF0B, 0x062407EA, 0xAA2F4FB1, 0x4FB96976, 0x90C79505, 0xB0A8A774, + 0xEF55A1FF, 0xE59CA2C2, 0xA6B62D27, 0xE66A4263, 0xDF65001F, 0x0EC50966, + 0xDFDD55BC, 0x29DE0655, 0x911E739A, 0x17AF8975, 0x32C7911C, 0x89F89468, + 0x0D01E980, 0x524755F4, 0x03B63CC9, 0x0CC844B2, 0xBCF3F0AA, 0x87AC36E9, + 0xE53A7426, 0x01B3D82B, 0x1A9E7449, 0x64EE2D7E, 0xCDDBB1DA, 0x01C94910, + 0xB868BF80, 0x0D26F3FD, 0x9342EDE7, 0x04A5C284, 0x636737B6, 0x50F5B616, + 0xF24766E3, 0x8ECA36C1, 0x136E05DB, 0xFEF18391, 0xFB887A37, 0xD6E7F7D4, + 0xC7FB7DC9, 0x3063FCDF, 0xB6F589DE, 0xEC2941DA, 0x26E46695, 0xB7566419, + 0xF654EFC5, 0xD08D58B7, 0x48925401, 0xC1BACB7F, 0xE5FF550F, 0xB6083049, + 0x5BB5D0E8, 0x87D72E5A, 0xAB6A6EE1, 0x223A66CE, 0xC62BF3CD, 0x9E0885F9, + 0x68CB3E47, 0x086C010F, 0xA21DE820, 0xD18B69DE, 0xF3F65777, 0xFA02C3F6, + 0x407EDAC3, 0xCBB3D550, 0x1793084D, 0xB0D70EBA, 0x0AB378D5, 0xD951FB0C, + 0xDED7DA56, 0x4124BBE4, 0x94CA0B56, 0x0F5755D1, 0xE0E1E56E, 0x6184B5BE, + 0x580A249F, 0x94F74BC0, 0xE327888E, 0x9F7B5561, 0xC3DC0280, 0x05687715, + 0x646C6BD7, 0x44904DB3, 0x66B4F0A3, 0xC0F1648A, 0x697ED5AF, 0x49E92FF6, + 0x309E374F, 0x2CB6356A, 0x85808573, 0x4991F840, 0x76F0AE02, 0x083BE84D, + 0x28421C9A, 0x44489406, 0x736E4CB8, 0xC1092910, 0x8BC95FC6, 0x7D869CF4, + 0x134F616F, 0x2E77118D, 0xB31B2BE1, 0xAA90B472, 0x3CA5D717, 0x7D161BBA, + 0x9CAD9010, 0xAF462BA2, 0x9FE459D2, 0x45D34559, 0xD9F2DA13, 0xDBC65487, + 0xF3E4F94E, 0x176D486F, 0x097C13EA, 0x631DA5C7, 0x445F7382, 0x175683F4, + 0xCDC66A97, 0x70BE0288, 0xB3CDCF72, 0x6E5DD2F3, 0x20936079, 0x459B80A5, + 0xBE60E2DB, 0xA9C23101, 0xEBA5315C, 0x224E42F2, 0x1C5C1572, 0xF6721B2C, + 0x1AD2FFF3, 0x8C25404E, 0x324ED72F, 0x4067B7FD, 0x0523138E, 0x5CA3BC78, + 0xDC0FD66E, 0x75922283, 0x784D6B17, 0x58EBB16E, 0x44094F85, 0x3F481D87, + 0xFCFEAE7B, 0x77B5FF76, 0x8C2302BF, 0xAAF47556, 0x5F46B02A, 0x2B092801, + 0x3D38F5F7, 0x0CA81F36, 0x52AF4A8A, 0x66D5E7C0, 0xDF3B0874, 0x95055110, + 0x1B5AD7A8, 0xF61ED5AD, 0x6CF6E479, 0x20758184, 0xD0CEFA65, 0x88F7BE58, + 0x4A046826, 0x0FF6F8F3, 0xA09C7F70, 0x5346ABA0, 0x5CE96C28, 0xE176EDA3, + 0x6BAC307F, 0x376829D2, 0x85360FA9, 0x17E3FE2A, 0x24B79767, 0xF5A96B20, + 0xD6CD2595, 0x68FF1EBF, 0x7555442C, 0xF19F06BE, 0xF9E0659A, 0xEEB9491D, + 0x34010718, 0xBB30CAB8, 0xE822FE15, 0x88570983, 0x750E6249, 0xDA627E55, + 0x5E76FFA8, 0xB1534546, 0x6D47DE08, 0xEFE9E7D4 }; + +const u32bit CAST_128::S6[256] = { + 0xF6FA8F9D, 0x2CAC6CE1, 0x4CA34867, 0xE2337F7C, 0x95DB08E7, 0x016843B4, + 0xECED5CBC, 0x325553AC, 0xBF9F0960, 0xDFA1E2ED, 0x83F0579D, 0x63ED86B9, + 0x1AB6A6B8, 0xDE5EBE39, 0xF38FF732, 0x8989B138, 0x33F14961, 0xC01937BD, + 0xF506C6DA, 0xE4625E7E, 0xA308EA99, 0x4E23E33C, 0x79CBD7CC, 0x48A14367, + 0xA3149619, 0xFEC94BD5, 0xA114174A, 0xEAA01866, 0xA084DB2D, 0x09A8486F, + 0xA888614A, 0x2900AF98, 0x01665991, 0xE1992863, 0xC8F30C60, 0x2E78EF3C, + 0xD0D51932, 0xCF0FEC14, 0xF7CA07D2, 0xD0A82072, 0xFD41197E, 0x9305A6B0, + 0xE86BE3DA, 0x74BED3CD, 0x372DA53C, 0x4C7F4448, 0xDAB5D440, 0x6DBA0EC3, + 0x083919A7, 0x9FBAEED9, 0x49DBCFB0, 0x4E670C53, 0x5C3D9C01, 0x64BDB941, + 0x2C0E636A, 0xBA7DD9CD, 0xEA6F7388, 0xE70BC762, 0x35F29ADB, 0x5C4CDD8D, + 0xF0D48D8C, 0xB88153E2, 0x08A19866, 0x1AE2EAC8, 0x284CAF89, 0xAA928223, + 0x9334BE53, 0x3B3A21BF, 0x16434BE3, 0x9AEA3906, 0xEFE8C36E, 0xF890CDD9, + 0x80226DAE, 0xC340A4A3, 0xDF7E9C09, 0xA694A807, 0x5B7C5ECC, 0x221DB3A6, + 0x9A69A02F, 0x68818A54, 0xCEB2296F, 0x53C0843A, 0xFE893655, 0x25BFE68A, + 0xB4628ABC, 0xCF222EBF, 0x25AC6F48, 0xA9A99387, 0x53BDDB65, 0xE76FFBE7, + 0xE967FD78, 0x0BA93563, 0x8E342BC1, 0xE8A11BE9, 0x4980740D, 0xC8087DFC, + 0x8DE4BF99, 0xA11101A0, 0x7FD37975, 0xDA5A26C0, 0xE81F994F, 0x9528CD89, + 0xFD339FED, 0xB87834BF, 0x5F04456D, 0x22258698, 0xC9C4C83B, 0x2DC156BE, + 0x4F628DAA, 0x57F55EC5, 0xE2220ABE, 0xD2916EBF, 0x4EC75B95, 0x24F2C3C0, + 0x42D15D99, 0xCD0D7FA0, 0x7B6E27FF, 0xA8DC8AF0, 0x7345C106, 0xF41E232F, + 0x35162386, 0xE6EA8926, 0x3333B094, 0x157EC6F2, 0x372B74AF, 0x692573E4, + 0xE9A9D848, 0xF3160289, 0x3A62EF1D, 0xA787E238, 0xF3A5F676, 0x74364853, + 0x20951063, 0x4576698D, 0xB6FAD407, 0x592AF950, 0x36F73523, 0x4CFB6E87, + 0x7DA4CEC0, 0x6C152DAA, 0xCB0396A8, 0xC50DFE5D, 0xFCD707AB, 0x0921C42F, + 0x89DFF0BB, 0x5FE2BE78, 0x448F4F33, 0x754613C9, 0x2B05D08D, 0x48B9D585, + 0xDC049441, 0xC8098F9B, 0x7DEDE786, 0xC39A3373, 0x42410005, 0x6A091751, + 0x0EF3C8A6, 0x890072D6, 0x28207682, 0xA9A9F7BE, 0xBF32679D, 0xD45B5B75, + 0xB353FD00, 0xCBB0E358, 0x830F220A, 0x1F8FB214, 0xD372CF08, 0xCC3C4A13, + 0x8CF63166, 0x061C87BE, 0x88C98F88, 0x6062E397, 0x47CF8E7A, 0xB6C85283, + 0x3CC2ACFB, 0x3FC06976, 0x4E8F0252, 0x64D8314D, 0xDA3870E3, 0x1E665459, + 0xC10908F0, 0x513021A5, 0x6C5B68B7, 0x822F8AA0, 0x3007CD3E, 0x74719EEF, + 0xDC872681, 0x073340D4, 0x7E432FD9, 0x0C5EC241, 0x8809286C, 0xF592D891, + 0x08A930F6, 0x957EF305, 0xB7FBFFBD, 0xC266E96F, 0x6FE4AC98, 0xB173ECC0, + 0xBC60B42A, 0x953498DA, 0xFBA1AE12, 0x2D4BD736, 0x0F25FAAB, 0xA4F3FCEB, + 0xE2969123, 0x257F0C3D, 0x9348AF49, 0x361400BC, 0xE8816F4A, 0x3814F200, + 0xA3F94043, 0x9C7A54C2, 0xBC704F57, 0xDA41E7F9, 0xC25AD33A, 0x54F4A084, + 0xB17F5505, 0x59357CBE, 0xEDBD15C8, 0x7F97C5AB, 0xBA5AC7B5, 0xB6F6DEAF, + 0x3A479C3A, 0x5302DA25, 0x653D7E6A, 0x54268D49, 0x51A477EA, 0x5017D55B, + 0xD7D25D88, 0x44136C76, 0x0404A8C8, 0xB8E5A121, 0xB81A928A, 0x60ED5869, + 0x97C55B96, 0xEAEC991B, 0x29935913, 0x01FDB7F1, 0x088E8DFA, 0x9AB6F6F5, + 0x3B4CBF9F, 0x4A5DE3AB, 0xE6051D35, 0xA0E1D855, 0xD36B4CF1, 0xF544EDEB, + 0xB0E93524, 0xBEBB8FBD, 0xA2D762CF, 0x49C92F54, 0x38B5F331, 0x7128A454, + 0x48392905, 0xA65B1DB8, 0x851C97BD, 0xD675CF2F }; + +const u32bit CAST_128::S7[256] = { + 0x85E04019, 0x332BF567, 0x662DBFFF, 0xCFC65693, 0x2A8D7F6F, 0xAB9BC912, + 0xDE6008A1, 0x2028DA1F, 0x0227BCE7, 0x4D642916, 0x18FAC300, 0x50F18B82, + 0x2CB2CB11, 0xB232E75C, 0x4B3695F2, 0xB28707DE, 0xA05FBCF6, 0xCD4181E9, + 0xE150210C, 0xE24EF1BD, 0xB168C381, 0xFDE4E789, 0x5C79B0D8, 0x1E8BFD43, + 0x4D495001, 0x38BE4341, 0x913CEE1D, 0x92A79C3F, 0x089766BE, 0xBAEEADF4, + 0x1286BECF, 0xB6EACB19, 0x2660C200, 0x7565BDE4, 0x64241F7A, 0x8248DCA9, + 0xC3B3AD66, 0x28136086, 0x0BD8DFA8, 0x356D1CF2, 0x107789BE, 0xB3B2E9CE, + 0x0502AA8F, 0x0BC0351E, 0x166BF52A, 0xEB12FF82, 0xE3486911, 0xD34D7516, + 0x4E7B3AFF, 0x5F43671B, 0x9CF6E037, 0x4981AC83, 0x334266CE, 0x8C9341B7, + 0xD0D854C0, 0xCB3A6C88, 0x47BC2829, 0x4725BA37, 0xA66AD22B, 0x7AD61F1E, + 0x0C5CBAFA, 0x4437F107, 0xB6E79962, 0x42D2D816, 0x0A961288, 0xE1A5C06E, + 0x13749E67, 0x72FC081A, 0xB1D139F7, 0xF9583745, 0xCF19DF58, 0xBEC3F756, + 0xC06EBA30, 0x07211B24, 0x45C28829, 0xC95E317F, 0xBC8EC511, 0x38BC46E9, + 0xC6E6FA14, 0xBAE8584A, 0xAD4EBC46, 0x468F508B, 0x7829435F, 0xF124183B, + 0x821DBA9F, 0xAFF60FF4, 0xEA2C4E6D, 0x16E39264, 0x92544A8B, 0x009B4FC3, + 0xABA68CED, 0x9AC96F78, 0x06A5B79A, 0xB2856E6E, 0x1AEC3CA9, 0xBE838688, + 0x0E0804E9, 0x55F1BE56, 0xE7E5363B, 0xB3A1F25D, 0xF7DEBB85, 0x61FE033C, + 0x16746233, 0x3C034C28, 0xDA6D0C74, 0x79AAC56C, 0x3CE4E1AD, 0x51F0C802, + 0x98F8F35A, 0x1626A49F, 0xEED82B29, 0x1D382FE3, 0x0C4FB99A, 0xBB325778, + 0x3EC6D97B, 0x6E77A6A9, 0xCB658B5C, 0xD45230C7, 0x2BD1408B, 0x60C03EB7, + 0xB9068D78, 0xA33754F4, 0xF430C87D, 0xC8A71302, 0xB96D8C32, 0xEBD4E7BE, + 0xBE8B9D2D, 0x7979FB06, 0xE7225308, 0x8B75CF77, 0x11EF8DA4, 0xE083C858, + 0x8D6B786F, 0x5A6317A6, 0xFA5CF7A0, 0x5DDA0033, 0xF28EBFB0, 0xF5B9C310, + 0xA0EAC280, 0x08B9767A, 0xA3D9D2B0, 0x79D34217, 0x021A718D, 0x9AC6336A, + 0x2711FD60, 0x438050E3, 0x069908A8, 0x3D7FEDC4, 0x826D2BEF, 0x4EEB8476, + 0x488DCF25, 0x36C9D566, 0x28E74E41, 0xC2610ACA, 0x3D49A9CF, 0xBAE3B9DF, + 0xB65F8DE6, 0x92AEAF64, 0x3AC7D5E6, 0x9EA80509, 0xF22B017D, 0xA4173F70, + 0xDD1E16C3, 0x15E0D7F9, 0x50B1B887, 0x2B9F4FD5, 0x625ABA82, 0x6A017962, + 0x2EC01B9C, 0x15488AA9, 0xD716E740, 0x40055A2C, 0x93D29A22, 0xE32DBF9A, + 0x058745B9, 0x3453DC1E, 0xD699296E, 0x496CFF6F, 0x1C9F4986, 0xDFE2ED07, + 0xB87242D1, 0x19DE7EAE, 0x053E561A, 0x15AD6F8C, 0x66626C1C, 0x7154C24C, + 0xEA082B2A, 0x93EB2939, 0x17DCB0F0, 0x58D4F2AE, 0x9EA294FB, 0x52CF564C, + 0x9883FE66, 0x2EC40581, 0x763953C3, 0x01D6692E, 0xD3A0C108, 0xA1E7160E, + 0xE4F2DFA6, 0x693ED285, 0x74904698, 0x4C2B0EDD, 0x4F757656, 0x5D393378, + 0xA132234F, 0x3D321C5D, 0xC3F5E194, 0x4B269301, 0xC79F022F, 0x3C997E7E, + 0x5E4F9504, 0x3FFAFBBD, 0x76F7AD0E, 0x296693F4, 0x3D1FCE6F, 0xC61E45BE, + 0xD3B5AB34, 0xF72BF9B7, 0x1B0434C0, 0x4E72B567, 0x5592A33D, 0xB5229301, + 0xCFD2A87F, 0x60AEB767, 0x1814386B, 0x30BCC33D, 0x38A0C07D, 0xFD1606F2, + 0xC363519B, 0x589DD390, 0x5479F8E6, 0x1CB8D647, 0x97FD61A9, 0xEA7759F4, + 0x2D57539D, 0x569A58CF, 0xE84E63AD, 0x462E1B78, 0x6580F87E, 0xF3817914, + 0x91DA55F4, 0x40A230F3, 0xD1988F35, 0xB6E318D2, 0x3FFA50BC, 0x3D40F021, + 0xC3C0BDAE, 0x4958C24C, 0x518F36B2, 0x84B1D370, 0x0FEDCE83, 0x878DDADA, + 0xF2A279C7, 0x94E01BE8, 0x90716F4B, 0x954B8AA3 }; + +const u32bit CAST_128::S8[256] = { + 0xE216300D, 0xBBDDFFFC, 0xA7EBDABD, 0x35648095, 0x7789F8B7, 0xE6C1121B, + 0x0E241600, 0x052CE8B5, 0x11A9CFB0, 0xE5952F11, 0xECE7990A, 0x9386D174, + 0x2A42931C, 0x76E38111, 0xB12DEF3A, 0x37DDDDFC, 0xDE9ADEB1, 0x0A0CC32C, + 0xBE197029, 0x84A00940, 0xBB243A0F, 0xB4D137CF, 0xB44E79F0, 0x049EEDFD, + 0x0B15A15D, 0x480D3168, 0x8BBBDE5A, 0x669DED42, 0xC7ECE831, 0x3F8F95E7, + 0x72DF191B, 0x7580330D, 0x94074251, 0x5C7DCDFA, 0xABBE6D63, 0xAA402164, + 0xB301D40A, 0x02E7D1CA, 0x53571DAE, 0x7A3182A2, 0x12A8DDEC, 0xFDAA335D, + 0x176F43E8, 0x71FB46D4, 0x38129022, 0xCE949AD4, 0xB84769AD, 0x965BD862, + 0x82F3D055, 0x66FB9767, 0x15B80B4E, 0x1D5B47A0, 0x4CFDE06F, 0xC28EC4B8, + 0x57E8726E, 0x647A78FC, 0x99865D44, 0x608BD593, 0x6C200E03, 0x39DC5FF6, + 0x5D0B00A3, 0xAE63AFF2, 0x7E8BD632, 0x70108C0C, 0xBBD35049, 0x2998DF04, + 0x980CF42A, 0x9B6DF491, 0x9E7EDD53, 0x06918548, 0x58CB7E07, 0x3B74EF2E, + 0x522FFFB1, 0xD24708CC, 0x1C7E27CD, 0xA4EB215B, 0x3CF1D2E2, 0x19B47A38, + 0x424F7618, 0x35856039, 0x9D17DEE7, 0x27EB35E6, 0xC9AFF67B, 0x36BAF5B8, + 0x09C467CD, 0xC18910B1, 0xE11DBF7B, 0x06CD1AF8, 0x7170C608, 0x2D5E3354, + 0xD4DE495A, 0x64C6D006, 0xBCC0C62C, 0x3DD00DB3, 0x708F8F34, 0x77D51B42, + 0x264F620F, 0x24B8D2BF, 0x15C1B79E, 0x46A52564, 0xF8D7E54E, 0x3E378160, + 0x7895CDA5, 0x859C15A5, 0xE6459788, 0xC37BC75F, 0xDB07BA0C, 0x0676A3AB, + 0x7F229B1E, 0x31842E7B, 0x24259FD7, 0xF8BEF472, 0x835FFCB8, 0x6DF4C1F2, + 0x96F5B195, 0xFD0AF0FC, 0xB0FE134C, 0xE2506D3D, 0x4F9B12EA, 0xF215F225, + 0xA223736F, 0x9FB4C428, 0x25D04979, 0x34C713F8, 0xC4618187, 0xEA7A6E98, + 0x7CD16EFC, 0x1436876C, 0xF1544107, 0xBEDEEE14, 0x56E9AF27, 0xA04AA441, + 0x3CF7C899, 0x92ECBAE6, 0xDD67016D, 0x151682EB, 0xA842EEDF, 0xFDBA60B4, + 0xF1907B75, 0x20E3030F, 0x24D8C29E, 0xE139673B, 0xEFA63FB8, 0x71873054, + 0xB6F2CF3B, 0x9F326442, 0xCB15A4CC, 0xB01A4504, 0xF1E47D8D, 0x844A1BE5, + 0xBAE7DFDC, 0x42CBDA70, 0xCD7DAE0A, 0x57E85B7A, 0xD53F5AF6, 0x20CF4D8C, + 0xCEA4D428, 0x79D130A4, 0x3486EBFB, 0x33D3CDDC, 0x77853B53, 0x37EFFCB5, + 0xC5068778, 0xE580B3E6, 0x4E68B8F4, 0xC5C8B37E, 0x0D809EA2, 0x398FEB7C, + 0x132A4F94, 0x43B7950E, 0x2FEE7D1C, 0x223613BD, 0xDD06CAA2, 0x37DF932B, + 0xC4248289, 0xACF3EBC3, 0x5715F6B7, 0xEF3478DD, 0xF267616F, 0xC148CBE4, + 0x9052815E, 0x5E410FAB, 0xB48A2465, 0x2EDA7FA4, 0xE87B40E4, 0xE98EA084, + 0x5889E9E1, 0xEFD390FC, 0xDD07D35B, 0xDB485694, 0x38D7E5B2, 0x57720101, + 0x730EDEBC, 0x5B643113, 0x94917E4F, 0x503C2FBA, 0x646F1282, 0x7523D24A, + 0xE0779695, 0xF9C17A8F, 0x7A5B2121, 0xD187B896, 0x29263A4D, 0xBA510CDF, + 0x81F47C9F, 0xAD1163ED, 0xEA7B5965, 0x1A00726E, 0x11403092, 0x00DA6D77, + 0x4A0CDD61, 0xAD1F4603, 0x605BDFB0, 0x9EEDC364, 0x22EBE6A8, 0xCEE7D28A, + 0xA0E736A0, 0x5564A6B9, 0x10853209, 0xC7EB8F37, 0x2DE705CA, 0x8951570F, + 0xDF09822B, 0xBD691A6C, 0xAA12E4F2, 0x87451C0F, 0xE0F6A27A, 0x3ADA4819, + 0x4CF1764F, 0x0D771C2B, 0x67CDB156, 0x350D8384, 0x5938FA0F, 0x42399EF3, + 0x36997B07, 0x0E84093D, 0x4AA93E61, 0x8360D87B, 0x1FA98B0C, 0x1149382C, + 0xE97625A5, 0x0614D1B7, 0x0E25244B, 0x0C768347, 0x589E8D82, 0x0D2059D1, + 0xA466BB1E, 0xF8DA0A82, 0x04F19130, 0xBA6E4EC0, 0x99265164, 0x1EE7230D, + 0x50B2AD80, 0xEAEE6801, 0x8DB2A283, 0xEA8BF59E }; + +const u32bit CAST_256::KEY_MASK[192] = { + 0x5A827999, 0xC95C653A, 0x383650DB, 0xA7103C7C, 0x15EA281D, 0x84C413BE, + 0xF39DFF5F, 0x6277EB00, 0xD151D6A1, 0x402BC242, 0xAF05ADE3, 0x1DDF9984, + 0x8CB98525, 0xFB9370C6, 0x6A6D5C67, 0xD9474808, 0x482133A9, 0xB6FB1F4A, + 0x25D50AEB, 0x94AEF68C, 0x0388E22D, 0x7262CDCE, 0xE13CB96F, 0x5016A510, + 0xBEF090B1, 0x2DCA7C52, 0x9CA467F3, 0x0B7E5394, 0x7A583F35, 0xE9322AD6, + 0x580C1677, 0xC6E60218, 0x35BFEDB9, 0xA499D95A, 0x1373C4FB, 0x824DB09C, + 0xF1279C3D, 0x600187DE, 0xCEDB737F, 0x3DB55F20, 0xAC8F4AC1, 0x1B693662, + 0x8A432203, 0xF91D0DA4, 0x67F6F945, 0xD6D0E4E6, 0x45AAD087, 0xB484BC28, + 0x235EA7C9, 0x9238936A, 0x01127F0B, 0x6FEC6AAC, 0xDEC6564D, 0x4DA041EE, + 0xBC7A2D8F, 0x2B541930, 0x9A2E04D1, 0x0907F072, 0x77E1DC13, 0xE6BBC7B4, + 0x5595B355, 0xC46F9EF6, 0x33498A97, 0xA2237638, 0x10FD61D9, 0x7FD74D7A, + 0xEEB1391B, 0x5D8B24BC, 0xCC65105D, 0x3B3EFBFE, 0xAA18E79F, 0x18F2D340, + 0x87CCBEE1, 0xF6A6AA82, 0x65809623, 0xD45A81C4, 0x43346D65, 0xB20E5906, + 0x20E844A7, 0x8FC23048, 0xFE9C1BE9, 0x6D76078A, 0xDC4FF32B, 0x4B29DECC, + 0xBA03CA6D, 0x28DDB60E, 0x97B7A1AF, 0x06918D50, 0x756B78F1, 0xE4456492, + 0x531F5033, 0xC1F93BD4, 0x30D32775, 0x9FAD1316, 0x0E86FEB7, 0x7D60EA58, + 0xEC3AD5F9, 0x5B14C19A, 0xC9EEAD3B, 0x38C898DC, 0xA7A2847D, 0x167C701E, + 0x85565BBF, 0xF4304760, 0x630A3301, 0xD1E41EA2, 0x40BE0A43, 0xAF97F5E4, + 0x1E71E185, 0x8D4BCD26, 0xFC25B8C7, 0x6AFFA468, 0xD9D99009, 0x48B37BAA, + 0xB78D674B, 0x266752EC, 0x95413E8D, 0x041B2A2E, 0x72F515CF, 0xE1CF0170, + 0x50A8ED11, 0xBF82D8B2, 0x2E5CC453, 0x9D36AFF4, 0x0C109B95, 0x7AEA8736, + 0xE9C472D7, 0x589E5E78, 0xC7784A19, 0x365235BA, 0xA52C215B, 0x14060CFC, + 0x82DFF89D, 0xF1B9E43E, 0x6093CFDF, 0xCF6DBB80, 0x3E47A721, 0xAD2192C2, + 0x1BFB7E63, 0x8AD56A04, 0xF9AF55A5, 0x68894146, 0xD7632CE7, 0x463D1888, + 0xB5170429, 0x23F0EFCA, 0x92CADB6B, 0x01A4C70C, 0x707EB2AD, 0xDF589E4E, + 0x4E3289EF, 0xBD0C7590, 0x2BE66131, 0x9AC04CD2, 0x099A3873, 0x78742414, + 0xE74E0FB5, 0x5627FB56, 0xC501E6F7, 0x33DBD298, 0xA2B5BE39, 0x118FA9DA, + 0x8069957B, 0xEF43811C, 0x5E1D6CBD, 0xCCF7585E, 0x3BD143FF, 0xAAAB2FA0, + 0x19851B41, 0x885F06E2, 0xF738F283, 0x6612DE24, 0xD4ECC9C5, 0x43C6B566, + 0xB2A0A107, 0x217A8CA8, 0x90547849, 0xFF2E63EA, 0x6E084F8B, 0xDCE23B2C, + 0x4BBC26CD, 0xBA96126E, 0x296FFE0F, 0x9849E9B0, 0x0723D551, 0x75FDC0F2, + 0xE4D7AC93, 0x53B19834, 0xC28B83D5, 0x31656F76, 0xA03F5B17, 0x0F1946B8 }; + +const byte CAST_256::KEY_ROT[32] = { + 0x13, 0x04, 0x15, 0x06, 0x17, 0x08, 0x19, 0x0A, 0x1B, 0x0C, 0x1D, 0x0E, + 0x1F, 0x10, 0x01, 0x12, 0x03, 0x14, 0x05, 0x16, 0x07, 0x18, 0x09, 0x1A, + 0x0B, 0x1C, 0x0D, 0x1E, 0x0F, 0x00, 0x11, 0x02 }; + +} diff --git a/src/cipher/cast/modinfo.txt b/src/cipher/cast/modinfo.txt new file mode 100644 index 000000000..73d3f900f --- /dev/null +++ b/src/cipher/cast/modinfo.txt @@ -0,0 +1,13 @@ +realname "CAST" + +define CAST + +load_on auto + +<add> +cast128.cpp +cast128.h +cast256.cpp +cast256.h +cast_tab.cpp +</add> diff --git a/src/cipher/des/des.cpp b/src/cipher/des/des.cpp new file mode 100644 index 000000000..d09752854 --- /dev/null +++ b/src/cipher/des/des.cpp @@ -0,0 +1,259 @@ +/************************************************* +* DES Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/des.h> +#include <botan/loadstor.h> +#include <botan/xor_buf.h> + +namespace Botan { + +/************************************************* +* DES Encryption * +*************************************************/ +void DES::enc(const byte in[], byte out[]) const + { + u32bit L = load_be<u32bit>(in, 0), R = load_be<u32bit>(in, 1); + + IP(L, R); + raw_encrypt(L, R); + FP(L, R); + + store_be(out, R, L); + } + +/************************************************* +* DES Decryption * +*************************************************/ +void DES::dec(const byte in[], byte out[]) const + { + u32bit L = load_be<u32bit>(in, 0), R = load_be<u32bit>(in, 1); + + IP(L, R); + raw_decrypt(L, R); + FP(L, R); + + store_be(out, R, L); + } + +/************************************************* +* DES Initial Permutation * +*************************************************/ +void DES::IP(u32bit& L, u32bit& R) + { + u64bit T = (IPTAB1[get_byte(0, L)] ) | (IPTAB1[get_byte(1, L)] << 1) | + (IPTAB1[get_byte(2, L)] << 2) | (IPTAB1[get_byte(3, L)] << 3) | + (IPTAB1[get_byte(0, R)] << 4) | (IPTAB1[get_byte(1, R)] << 5) | + (IPTAB1[get_byte(2, R)] << 6) | (IPTAB2[get_byte(3, R)] ); + L = static_cast<u32bit>(T >> 32); + R = static_cast<u32bit>(T); + } + +/************************************************* +* DES Final Permutation * +*************************************************/ +void DES::FP(u32bit& L, u32bit& R) + { + u64bit T = (FPTAB1[get_byte(0, L)] << 5) | (FPTAB1[get_byte(1, L)] << 3) | + (FPTAB1[get_byte(2, L)] << 1) | (FPTAB2[get_byte(3, L)] << 1) | + (FPTAB1[get_byte(0, R)] << 4) | (FPTAB1[get_byte(1, R)] << 2) | + (FPTAB1[get_byte(2, R)] ) | (FPTAB2[get_byte(3, R)] ); + L = static_cast<u32bit>(T >> 32); + R = static_cast<u32bit>(T); + } + +/************************************************* +* DES Raw Encryption * +*************************************************/ +void DES::raw_encrypt(u32bit& L, u32bit& R) const + { + for(u32bit j = 0; j != 16; j += 2) + { + u32bit T0, T1; + + T0 = rotate_right(R, 4) ^ round_key[2*j]; + T1 = R ^ round_key[2*j + 1]; + + L ^= SPBOX1[get_byte(0, T0)] ^ SPBOX2[get_byte(0, T1)] ^ + SPBOX3[get_byte(1, T0)] ^ SPBOX4[get_byte(1, T1)] ^ + SPBOX5[get_byte(2, T0)] ^ SPBOX6[get_byte(2, T1)] ^ + SPBOX7[get_byte(3, T0)] ^ SPBOX8[get_byte(3, T1)]; + + T0 = rotate_right(L, 4) ^ round_key[2*j + 2]; + T1 = L ^ round_key[2*j + 3]; + + R ^= SPBOX1[get_byte(0, T0)] ^ SPBOX2[get_byte(0, T1)] ^ + SPBOX3[get_byte(1, T0)] ^ SPBOX4[get_byte(1, T1)] ^ + SPBOX5[get_byte(2, T0)] ^ SPBOX6[get_byte(2, T1)] ^ + SPBOX7[get_byte(3, T0)] ^ SPBOX8[get_byte(3, T1)]; + } + } + +/************************************************* +* DES Raw Decryption * +*************************************************/ +void DES::raw_decrypt(u32bit& L, u32bit& R) const + { + for(u32bit j = 16; j != 0; j -= 2) + { + u32bit T0, T1; + + T0 = rotate_right(R, 4) ^ round_key[2*j - 2]; + T1 = R ^ round_key[2*j - 1]; + + L ^= SPBOX1[get_byte(0, T0)] ^ SPBOX2[get_byte(0, T1)] ^ + SPBOX3[get_byte(1, T0)] ^ SPBOX4[get_byte(1, T1)] ^ + SPBOX5[get_byte(2, T0)] ^ SPBOX6[get_byte(2, T1)] ^ + SPBOX7[get_byte(3, T0)] ^ SPBOX8[get_byte(3, T1)]; + + T0 = rotate_right(L, 4) ^ round_key[2*j - 4]; + T1 = L ^ round_key[2*j - 3]; + + R ^= SPBOX1[get_byte(0, T0)] ^ SPBOX2[get_byte(0, T1)] ^ + SPBOX3[get_byte(1, T0)] ^ SPBOX4[get_byte(1, T1)] ^ + SPBOX5[get_byte(2, T0)] ^ SPBOX6[get_byte(2, T1)] ^ + SPBOX7[get_byte(3, T0)] ^ SPBOX8[get_byte(3, T1)]; + } + } + +/************************************************* +* DES Key Schedule * +*************************************************/ +void DES::key(const byte key[], u32bit) + { + static const byte ROT[16] = { 1, 1, 2, 2, 2, 2, 2, 2, + 1, 2, 2, 2, 2, 2, 2, 1 }; + u32bit C = ((key[7] & 0x80) << 20) | ((key[6] & 0x80) << 19) | + ((key[5] & 0x80) << 18) | ((key[4] & 0x80) << 17) | + ((key[3] & 0x80) << 16) | ((key[2] & 0x80) << 15) | + ((key[1] & 0x80) << 14) | ((key[0] & 0x80) << 13) | + ((key[7] & 0x40) << 13) | ((key[6] & 0x40) << 12) | + ((key[5] & 0x40) << 11) | ((key[4] & 0x40) << 10) | + ((key[3] & 0x40) << 9) | ((key[2] & 0x40) << 8) | + ((key[1] & 0x40) << 7) | ((key[0] & 0x40) << 6) | + ((key[7] & 0x20) << 6) | ((key[6] & 0x20) << 5) | + ((key[5] & 0x20) << 4) | ((key[4] & 0x20) << 3) | + ((key[3] & 0x20) << 2) | ((key[2] & 0x20) << 1) | + ((key[1] & 0x20) ) | ((key[0] & 0x20) >> 1) | + ((key[7] & 0x10) >> 1) | ((key[6] & 0x10) >> 2) | + ((key[5] & 0x10) >> 3) | ((key[4] & 0x10) >> 4); + u32bit D = ((key[7] & 0x02) << 26) | ((key[6] & 0x02) << 25) | + ((key[5] & 0x02) << 24) | ((key[4] & 0x02) << 23) | + ((key[3] & 0x02) << 22) | ((key[2] & 0x02) << 21) | + ((key[1] & 0x02) << 20) | ((key[0] & 0x02) << 19) | + ((key[7] & 0x04) << 17) | ((key[6] & 0x04) << 16) | + ((key[5] & 0x04) << 15) | ((key[4] & 0x04) << 14) | + ((key[3] & 0x04) << 13) | ((key[2] & 0x04) << 12) | + ((key[1] & 0x04) << 11) | ((key[0] & 0x04) << 10) | + ((key[7] & 0x08) << 8) | ((key[6] & 0x08) << 7) | + ((key[5] & 0x08) << 6) | ((key[4] & 0x08) << 5) | + ((key[3] & 0x08) << 4) | ((key[2] & 0x08) << 3) | + ((key[1] & 0x08) << 2) | ((key[0] & 0x08) << 1) | + ((key[3] & 0x10) >> 1) | ((key[2] & 0x10) >> 2) | + ((key[1] & 0x10) >> 3) | ((key[0] & 0x10) >> 4); + for(u32bit j = 0; j != 16; ++j) + { + C = ((C << ROT[j]) | (C >> (28-ROT[j]))) & 0x0FFFFFFF; + D = ((D << ROT[j]) | (D >> (28-ROT[j]))) & 0x0FFFFFFF; + round_key[2*j ] = ((C & 0x00000010) << 22) | ((C & 0x00000800) << 17) | + ((C & 0x00000020) << 16) | ((C & 0x00004004) << 15) | + ((C & 0x00000200) << 11) | ((C & 0x00020000) << 10) | + ((C & 0x01000000) >> 6) | ((C & 0x00100000) >> 4) | + ((C & 0x00010000) << 3) | ((C & 0x08000000) >> 2) | + ((C & 0x00800000) << 1) | ((D & 0x00000010) << 8) | + ((D & 0x00000002) << 7) | ((D & 0x00000001) << 2) | + ((D & 0x00000200) ) | ((D & 0x00008000) >> 2) | + ((D & 0x00000088) >> 3) | ((D & 0x00001000) >> 7) | + ((D & 0x00080000) >> 9) | ((D & 0x02020000) >> 14) | + ((D & 0x00400000) >> 21); + round_key[2*j+1] = ((C & 0x00000001) << 28) | ((C & 0x00000082) << 18) | + ((C & 0x00002000) << 14) | ((C & 0x00000100) << 10) | + ((C & 0x00001000) << 9) | ((C & 0x00040000) << 6) | + ((C & 0x02400000) << 4) | ((C & 0x00008000) << 2) | + ((C & 0x00200000) >> 1) | ((C & 0x04000000) >> 10) | + ((D & 0x00000020) << 6) | ((D & 0x00000100) ) | + ((D & 0x00000800) >> 1) | ((D & 0x00000040) >> 3) | + ((D & 0x00010000) >> 4) | ((D & 0x00000400) >> 5) | + ((D & 0x00004000) >> 10) | ((D & 0x04000000) >> 13) | + ((D & 0x00800000) >> 14) | ((D & 0x00100000) >> 18) | + ((D & 0x01000000) >> 24) | ((D & 0x08000000) >> 26); + } + } + +/************************************************* +* TripleDES Encryption * +*************************************************/ +void TripleDES::enc(const byte in[], byte out[]) const + { + u32bit L = load_be<u32bit>(in, 0), R = load_be<u32bit>(in, 1); + + DES::IP(L, R); + des1.raw_encrypt(L, R); + des2.raw_decrypt(R, L); + des3.raw_encrypt(L, R); + DES::FP(L, R); + + store_be(out, R, L); + } + +/************************************************* +* TripleDES Decryption * +*************************************************/ +void TripleDES::dec(const byte in[], byte out[]) const + { + u32bit L = load_be<u32bit>(in, 0), R = load_be<u32bit>(in, 1); + + DES::IP(L, R); + des3.raw_decrypt(L, R); + des2.raw_encrypt(R, L); + des1.raw_decrypt(L, R); + DES::FP(L, R); + + store_be(out, R, L); + } + +/************************************************* +* TripleDES Key Schedule * +*************************************************/ +void TripleDES::key(const byte key[], u32bit length) + { + des1.set_key(key, 8); + des2.set_key(key + 8, 8); + if(length == 24) + des3.set_key(key + 16, 8); + else + des3.set_key(key, 8); + } + +/************************************************* +* DESX Encryption * +*************************************************/ +void DESX::enc(const byte in[], byte out[]) const + { + xor_buf(out, in, K1.begin(), BLOCK_SIZE); + des.encrypt(out); + xor_buf(out, K2.begin(), BLOCK_SIZE); + } + +/************************************************* +* DESX Decryption * +*************************************************/ +void DESX::dec(const byte in[], byte out[]) const + { + xor_buf(out, in, K2.begin(), BLOCK_SIZE); + des.decrypt(out); + xor_buf(out, K1.begin(), BLOCK_SIZE); + } + +/************************************************* +* DESX Key Schedule * +*************************************************/ +void DESX::key(const byte key[], u32bit) + { + K1.copy(key, 8); + des.set_key(key + 8, 8); + K2.copy(key + 16, 8); + } + +} diff --git a/src/cipher/des/des.h b/src/cipher/des/des.h new file mode 100644 index 000000000..3e53a6166 --- /dev/null +++ b/src/cipher/des/des.h @@ -0,0 +1,89 @@ +/************************************************* +* DES Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_DES_H__ +#define BOTAN_DES_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* DES * +*************************************************/ +class BOTAN_DLL DES : public BlockCipher + { + public: + void clear() throw() { round_key.clear(); } + std::string name() const { return "DES"; } + BlockCipher* clone() const { return new DES; } + DES() : BlockCipher(8, 8) {} + private: + friend class TripleDES; + + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + void raw_encrypt(u32bit&, u32bit&) const; + void raw_decrypt(u32bit&, u32bit&) const; + void round(u32bit&, u32bit, u32bit) const; + static void IP(u32bit&, u32bit&); + static void FP(u32bit&, u32bit&); + + static const u32bit SPBOX1[256]; + static const u32bit SPBOX2[256]; + static const u32bit SPBOX3[256]; + static const u32bit SPBOX4[256]; + static const u32bit SPBOX5[256]; + static const u32bit SPBOX6[256]; + static const u32bit SPBOX7[256]; + static const u32bit SPBOX8[256]; + + static const u64bit IPTAB1[256]; + static const u64bit IPTAB2[256]; + static const u64bit FPTAB1[256]; + static const u64bit FPTAB2[256]; + + SecureBuffer<u32bit, 32> round_key; + }; + +/************************************************* +* Triple DES * +*************************************************/ +class BOTAN_DLL TripleDES : public BlockCipher + { + public: + void clear() throw() { des1.clear(); des2.clear(); des3.clear(); } + std::string name() const { return "TripleDES"; } + BlockCipher* clone() const { return new TripleDES; } + TripleDES() : BlockCipher(8, 16, 24, 8) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + DES des1, des2, des3; + }; + +/************************************************* +* DESX * +*************************************************/ +class BOTAN_DLL DESX : public BlockCipher + { + public: + void clear() throw() { des.clear(); K1.clear(); K2.clear(); } + std::string name() const { return "DESX"; } + BlockCipher* clone() const { return new DESX; } + DESX() : BlockCipher(8, 24) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + SecureBuffer<byte, 8> K1, K2; + DES des; + }; + +} + +#endif diff --git a/src/cipher/des/des_tab.cpp b/src/cipher/des/des_tab.cpp new file mode 100644 index 000000000..9788cd8c0 --- /dev/null +++ b/src/cipher/des/des_tab.cpp @@ -0,0 +1,634 @@ +/************************************************* +* Substitution/Permutation Tables for DES * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/des.h> + +namespace Botan { + +const u32bit DES::SPBOX1[256] = { + 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, + 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400, + 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400, + 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404, + 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, + 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000, + 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000, + 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404, + 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, + 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000, + 0x00010004, 0x00010400, 0x00000000, 0x01010004, 0x01010400, 0x00000000, + 0x00010000, 0x01010404, 0x01010004, 0x00010404, 0x00000004, 0x00010000, + 0x00000400, 0x01010400, 0x01010404, 0x00000400, 0x01000404, 0x01010004, + 0x01000000, 0x00000004, 0x00000404, 0x01000400, 0x01000400, 0x00010400, + 0x00010400, 0x01010000, 0x01010000, 0x01000404, 0x00010004, 0x01000004, + 0x01000004, 0x00010004, 0x00000000, 0x00000404, 0x00010404, 0x01000000, + 0x00010000, 0x01010404, 0x00000004, 0x01010000, 0x01010400, 0x01000000, + 0x01000000, 0x00000400, 0x01010004, 0x00010000, 0x00010400, 0x01000004, + 0x00000400, 0x00000004, 0x01000404, 0x00010404, 0x01010404, 0x00010004, + 0x01010000, 0x01000404, 0x01000004, 0x00000404, 0x00010404, 0x01010400, + 0x00000404, 0x01000400, 0x01000400, 0x00000000, 0x00010004, 0x00010400, + 0x00000000, 0x01010004, 0x01010400, 0x00000000, 0x00010000, 0x01010404, + 0x01010004, 0x00010404, 0x00000004, 0x00010000, 0x00000400, 0x01010400, + 0x01010404, 0x00000400, 0x01000404, 0x01010004, 0x01000000, 0x00000004, + 0x00000404, 0x01000400, 0x01000400, 0x00010400, 0x00010400, 0x01010000, + 0x01010000, 0x01000404, 0x00010004, 0x01000004, 0x01000004, 0x00010004, + 0x00000000, 0x00000404, 0x00010404, 0x01000000, 0x00010000, 0x01010404, + 0x00000004, 0x01010000, 0x01010400, 0x01000000, 0x01000000, 0x00000400, + 0x01010004, 0x00010000, 0x00010400, 0x01000004, 0x00000400, 0x00000004, + 0x01000404, 0x00010404, 0x01010404, 0x00010004, 0x01010000, 0x01000404, + 0x01000004, 0x00000404, 0x00010404, 0x01010400, 0x00000404, 0x01000400, + 0x01000400, 0x00000000, 0x00010004, 0x00010400, 0x00000000, 0x01010004, + 0x01010400, 0x00000000, 0x00010000, 0x01010404, 0x01010004, 0x00010404, + 0x00000004, 0x00010000, 0x00000400, 0x01010400, 0x01010404, 0x00000400, + 0x01000404, 0x01010004, 0x01000000, 0x00000004, 0x00000404, 0x01000400, + 0x01000400, 0x00010400, 0x00010400, 0x01010000, 0x01010000, 0x01000404, + 0x00010004, 0x01000004, 0x01000004, 0x00010004, 0x00000000, 0x00000404, + 0x00010404, 0x01000000, 0x00010000, 0x01010404, 0x00000004, 0x01010000, + 0x01010400, 0x01000000, 0x01000000, 0x00000400, 0x01010004, 0x00010000, + 0x00010400, 0x01000004, 0x00000400, 0x00000004, 0x01000404, 0x00010404, + 0x01010404, 0x00010004, 0x01010000, 0x01000404, 0x01000004, 0x00000404, + 0x00010404, 0x01010400, 0x00000404, 0x01000400, 0x01000400, 0x00000000, + 0x00010004, 0x00010400, 0x00000000, 0x01010004 }; + +const u32bit DES::SPBOX2[256] = { + 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, + 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000, + 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020, + 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000, + 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, + 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000, + 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000, + 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000, + 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, + 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020, + 0x80000000, 0x80100020, 0x80108020, 0x00108000, 0x80108020, 0x80008000, + 0x00008000, 0x00108020, 0x00100000, 0x00000020, 0x80100020, 0x80008020, + 0x80000020, 0x80108020, 0x80108000, 0x80000000, 0x80008000, 0x00100000, + 0x00000020, 0x80100020, 0x00108000, 0x00100020, 0x80008020, 0x00000000, + 0x80000000, 0x00008000, 0x00108020, 0x80100000, 0x00100020, 0x80000020, + 0x00000000, 0x00108000, 0x00008020, 0x80108000, 0x80100000, 0x00008020, + 0x00000000, 0x00108020, 0x80100020, 0x00100000, 0x80008020, 0x80100000, + 0x80108000, 0x00008000, 0x80100000, 0x80008000, 0x00000020, 0x80108020, + 0x00108020, 0x00000020, 0x00008000, 0x80000000, 0x00008020, 0x80108000, + 0x00100000, 0x80000020, 0x00100020, 0x80008020, 0x80000020, 0x00100020, + 0x00108000, 0x00000000, 0x80008000, 0x00008020, 0x80000000, 0x80100020, + 0x80108020, 0x00108000, 0x80108020, 0x80008000, 0x00008000, 0x00108020, + 0x00100000, 0x00000020, 0x80100020, 0x80008020, 0x80000020, 0x80108020, + 0x80108000, 0x80000000, 0x80008000, 0x00100000, 0x00000020, 0x80100020, + 0x00108000, 0x00100020, 0x80008020, 0x00000000, 0x80000000, 0x00008000, + 0x00108020, 0x80100000, 0x00100020, 0x80000020, 0x00000000, 0x00108000, + 0x00008020, 0x80108000, 0x80100000, 0x00008020, 0x00000000, 0x00108020, + 0x80100020, 0x00100000, 0x80008020, 0x80100000, 0x80108000, 0x00008000, + 0x80100000, 0x80008000, 0x00000020, 0x80108020, 0x00108020, 0x00000020, + 0x00008000, 0x80000000, 0x00008020, 0x80108000, 0x00100000, 0x80000020, + 0x00100020, 0x80008020, 0x80000020, 0x00100020, 0x00108000, 0x00000000, + 0x80008000, 0x00008020, 0x80000000, 0x80100020, 0x80108020, 0x00108000, + 0x80108020, 0x80008000, 0x00008000, 0x00108020, 0x00100000, 0x00000020, + 0x80100020, 0x80008020, 0x80000020, 0x80108020, 0x80108000, 0x80000000, + 0x80008000, 0x00100000, 0x00000020, 0x80100020, 0x00108000, 0x00100020, + 0x80008020, 0x00000000, 0x80000000, 0x00008000, 0x00108020, 0x80100000, + 0x00100020, 0x80000020, 0x00000000, 0x00108000, 0x00008020, 0x80108000, + 0x80100000, 0x00008020, 0x00000000, 0x00108020, 0x80100020, 0x00100000, + 0x80008020, 0x80100000, 0x80108000, 0x00008000, 0x80100000, 0x80008000, + 0x00000020, 0x80108020, 0x00108020, 0x00000020, 0x00008000, 0x80000000, + 0x00008020, 0x80108000, 0x00100000, 0x80000020, 0x00100020, 0x80008020, + 0x80000020, 0x00100020, 0x00108000, 0x00000000, 0x80008000, 0x00008020, + 0x80000000, 0x80100020, 0x80108020, 0x00108000 }; + +const u32bit DES::SPBOX3[256] = { + 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, + 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000, + 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008, + 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208, + 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, + 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208, + 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008, + 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008, + 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, + 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000, + 0x00020208, 0x00000008, 0x08020008, 0x00020200, 0x00000208, 0x08020200, + 0x00000000, 0x08020008, 0x08000200, 0x00000000, 0x00020208, 0x08000200, + 0x00020008, 0x08000008, 0x08000008, 0x00020000, 0x08020208, 0x00020008, + 0x08020000, 0x00000208, 0x08000000, 0x00000008, 0x08020200, 0x00000200, + 0x00020200, 0x08020000, 0x08020008, 0x00020208, 0x08000208, 0x00020200, + 0x00020000, 0x08000208, 0x00000008, 0x08020208, 0x00000200, 0x08000000, + 0x08020200, 0x08000000, 0x00020008, 0x00000208, 0x00020000, 0x08020200, + 0x08000200, 0x00000000, 0x00000200, 0x00020008, 0x08020208, 0x08000200, + 0x08000008, 0x00000200, 0x00000000, 0x08020008, 0x08000208, 0x00020000, + 0x08000000, 0x08020208, 0x00000008, 0x00020208, 0x00020200, 0x08000008, + 0x08020000, 0x08000208, 0x00000208, 0x08020000, 0x00020208, 0x00000008, + 0x08020008, 0x00020200, 0x00000208, 0x08020200, 0x00000000, 0x08020008, + 0x08000200, 0x00000000, 0x00020208, 0x08000200, 0x00020008, 0x08000008, + 0x08000008, 0x00020000, 0x08020208, 0x00020008, 0x08020000, 0x00000208, + 0x08000000, 0x00000008, 0x08020200, 0x00000200, 0x00020200, 0x08020000, + 0x08020008, 0x00020208, 0x08000208, 0x00020200, 0x00020000, 0x08000208, + 0x00000008, 0x08020208, 0x00000200, 0x08000000, 0x08020200, 0x08000000, + 0x00020008, 0x00000208, 0x00020000, 0x08020200, 0x08000200, 0x00000000, + 0x00000200, 0x00020008, 0x08020208, 0x08000200, 0x08000008, 0x00000200, + 0x00000000, 0x08020008, 0x08000208, 0x00020000, 0x08000000, 0x08020208, + 0x00000008, 0x00020208, 0x00020200, 0x08000008, 0x08020000, 0x08000208, + 0x00000208, 0x08020000, 0x00020208, 0x00000008, 0x08020008, 0x00020200, + 0x00000208, 0x08020200, 0x00000000, 0x08020008, 0x08000200, 0x00000000, + 0x00020208, 0x08000200, 0x00020008, 0x08000008, 0x08000008, 0x00020000, + 0x08020208, 0x00020008, 0x08020000, 0x00000208, 0x08000000, 0x00000008, + 0x08020200, 0x00000200, 0x00020200, 0x08020000, 0x08020008, 0x00020208, + 0x08000208, 0x00020200, 0x00020000, 0x08000208, 0x00000008, 0x08020208, + 0x00000200, 0x08000000, 0x08020200, 0x08000000, 0x00020008, 0x00000208, + 0x00020000, 0x08020200, 0x08000200, 0x00000000, 0x00000200, 0x00020008, + 0x08020208, 0x08000200, 0x08000008, 0x00000200, 0x00000000, 0x08020008, + 0x08000208, 0x00020000, 0x08000000, 0x08020208, 0x00000008, 0x00020208, + 0x00020200, 0x08000008, 0x08020000, 0x08000208, 0x00000208, 0x08020000, + 0x00020208, 0x00000008, 0x08020008, 0x00020200 }; + +const u32bit DES::SPBOX4[256] = { + 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, + 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081, + 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000, + 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080, + 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, + 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081, + 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080, + 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080, + 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, + 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001, + 0x00000080, 0x00800000, 0x00002000, 0x00802080, 0x00802001, 0x00002081, + 0x00002081, 0x00000080, 0x00802080, 0x00800081, 0x00800001, 0x00002001, + 0x00000000, 0x00802000, 0x00802000, 0x00802081, 0x00000081, 0x00000000, + 0x00800080, 0x00800001, 0x00000001, 0x00002000, 0x00800000, 0x00802001, + 0x00000080, 0x00800000, 0x00002001, 0x00002080, 0x00800081, 0x00000001, + 0x00002080, 0x00800080, 0x00002000, 0x00802080, 0x00802081, 0x00000081, + 0x00800080, 0x00800001, 0x00802000, 0x00802081, 0x00000081, 0x00000000, + 0x00000000, 0x00802000, 0x00002080, 0x00800080, 0x00800081, 0x00000001, + 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802081, 0x00000081, + 0x00000001, 0x00002000, 0x00800001, 0x00002001, 0x00802080, 0x00800081, + 0x00002001, 0x00002080, 0x00800000, 0x00802001, 0x00000080, 0x00800000, + 0x00002000, 0x00802080, 0x00802001, 0x00002081, 0x00002081, 0x00000080, + 0x00802080, 0x00800081, 0x00800001, 0x00002001, 0x00000000, 0x00802000, + 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00800080, 0x00800001, + 0x00000001, 0x00002000, 0x00800000, 0x00802001, 0x00000080, 0x00800000, + 0x00002001, 0x00002080, 0x00800081, 0x00000001, 0x00002080, 0x00800080, + 0x00002000, 0x00802080, 0x00802081, 0x00000081, 0x00800080, 0x00800001, + 0x00802000, 0x00802081, 0x00000081, 0x00000000, 0x00000000, 0x00802000, + 0x00002080, 0x00800080, 0x00800081, 0x00000001, 0x00802001, 0x00002081, + 0x00002081, 0x00000080, 0x00802081, 0x00000081, 0x00000001, 0x00002000, + 0x00800001, 0x00002001, 0x00802080, 0x00800081, 0x00002001, 0x00002080, + 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002000, 0x00802080, + 0x00802001, 0x00002081, 0x00002081, 0x00000080, 0x00802080, 0x00800081, + 0x00800001, 0x00002001, 0x00000000, 0x00802000, 0x00802000, 0x00802081, + 0x00000081, 0x00000000, 0x00800080, 0x00800001, 0x00000001, 0x00002000, + 0x00800000, 0x00802001, 0x00000080, 0x00800000, 0x00002001, 0x00002080, + 0x00800081, 0x00000001, 0x00002080, 0x00800080, 0x00002000, 0x00802080, + 0x00802081, 0x00000081, 0x00800080, 0x00800001, 0x00802000, 0x00802081, + 0x00000081, 0x00000000, 0x00000000, 0x00802000, 0x00002080, 0x00800080, + 0x00800081, 0x00000001, 0x00802001, 0x00002081, 0x00002081, 0x00000080, + 0x00802081, 0x00000081, 0x00000001, 0x00002000, 0x00800001, 0x00002001, + 0x00802080, 0x00800081, 0x00002001, 0x00002080, 0x00800000, 0x00802001, + 0x00000080, 0x00800000, 0x00002000, 0x00802080 }; + +const u32bit DES::SPBOX5[256] = { + 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, + 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100, + 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000, + 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100, + 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, + 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000, + 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000, + 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000, + 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, + 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000, + 0x00000000, 0x40080000, 0x02080100, 0x40000100, 0x00000100, 0x02080100, + 0x02080000, 0x42000100, 0x00080000, 0x00000100, 0x40000000, 0x02080000, + 0x40080100, 0x00080000, 0x02000100, 0x40080100, 0x42000100, 0x42080000, + 0x00080100, 0x40000000, 0x02000000, 0x40080000, 0x40080000, 0x00000000, + 0x40000100, 0x42080100, 0x42080100, 0x02000100, 0x42080000, 0x40000100, + 0x00000000, 0x42000000, 0x02080100, 0x02000000, 0x42000000, 0x00080100, + 0x00080000, 0x42000100, 0x00000100, 0x02000000, 0x40000000, 0x02080000, + 0x42000100, 0x40080100, 0x02000100, 0x40000000, 0x42080000, 0x02080100, + 0x40080100, 0x00000100, 0x02000000, 0x42080000, 0x42080100, 0x00080100, + 0x42000000, 0x42080100, 0x02080000, 0x00000000, 0x40080000, 0x42000000, + 0x00080100, 0x02000100, 0x40000100, 0x00080000, 0x00000000, 0x40080000, + 0x02080100, 0x40000100, 0x00000100, 0x02080100, 0x02080000, 0x42000100, + 0x00080000, 0x00000100, 0x40000000, 0x02080000, 0x40080100, 0x00080000, + 0x02000100, 0x40080100, 0x42000100, 0x42080000, 0x00080100, 0x40000000, + 0x02000000, 0x40080000, 0x40080000, 0x00000000, 0x40000100, 0x42080100, + 0x42080100, 0x02000100, 0x42080000, 0x40000100, 0x00000000, 0x42000000, + 0x02080100, 0x02000000, 0x42000000, 0x00080100, 0x00080000, 0x42000100, + 0x00000100, 0x02000000, 0x40000000, 0x02080000, 0x42000100, 0x40080100, + 0x02000100, 0x40000000, 0x42080000, 0x02080100, 0x40080100, 0x00000100, + 0x02000000, 0x42080000, 0x42080100, 0x00080100, 0x42000000, 0x42080100, + 0x02080000, 0x00000000, 0x40080000, 0x42000000, 0x00080100, 0x02000100, + 0x40000100, 0x00080000, 0x00000000, 0x40080000, 0x02080100, 0x40000100, + 0x00000100, 0x02080100, 0x02080000, 0x42000100, 0x00080000, 0x00000100, + 0x40000000, 0x02080000, 0x40080100, 0x00080000, 0x02000100, 0x40080100, + 0x42000100, 0x42080000, 0x00080100, 0x40000000, 0x02000000, 0x40080000, + 0x40080000, 0x00000000, 0x40000100, 0x42080100, 0x42080100, 0x02000100, + 0x42080000, 0x40000100, 0x00000000, 0x42000000, 0x02080100, 0x02000000, + 0x42000000, 0x00080100, 0x00080000, 0x42000100, 0x00000100, 0x02000000, + 0x40000000, 0x02080000, 0x42000100, 0x40080100, 0x02000100, 0x40000000, + 0x42080000, 0x02080100, 0x40080100, 0x00000100, 0x02000000, 0x42080000, + 0x42080100, 0x00080100, 0x42000000, 0x42080100, 0x02080000, 0x00000000, + 0x40080000, 0x42000000, 0x00080100, 0x02000100, 0x40000100, 0x00080000, + 0x00000000, 0x40080000, 0x02080100, 0x40000100 }; + +const u32bit DES::SPBOX6[256] = { + 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, + 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010, + 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010, + 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010, + 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, + 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000, + 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000, + 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000, + 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, + 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000, + 0x20404000, 0x20000000, 0x00400010, 0x20004010, 0x20000010, 0x20400000, + 0x00004000, 0x20404010, 0x20400000, 0x00000010, 0x20404010, 0x00400000, + 0x20004000, 0x00404010, 0x00400000, 0x20000010, 0x00400010, 0x20004000, + 0x20000000, 0x00004010, 0x00000000, 0x00400010, 0x20004010, 0x00004000, + 0x00404000, 0x20004010, 0x00000010, 0x20400010, 0x20400010, 0x00000000, + 0x00404010, 0x20404000, 0x00004010, 0x00404000, 0x20404000, 0x20000000, + 0x20004000, 0x00000010, 0x20400010, 0x00404000, 0x20404010, 0x00400000, + 0x00004010, 0x20000010, 0x00400000, 0x20004000, 0x20000000, 0x00004010, + 0x20000010, 0x20404010, 0x00404000, 0x20400000, 0x00404010, 0x20404000, + 0x00000000, 0x20400010, 0x00000010, 0x00004000, 0x20400000, 0x00404010, + 0x00004000, 0x00400010, 0x20004010, 0x00000000, 0x20404000, 0x20000000, + 0x00400010, 0x20004010, 0x20000010, 0x20400000, 0x00004000, 0x20404010, + 0x20400000, 0x00000010, 0x20404010, 0x00400000, 0x20004000, 0x00404010, + 0x00400000, 0x20000010, 0x00400010, 0x20004000, 0x20000000, 0x00004010, + 0x00000000, 0x00400010, 0x20004010, 0x00004000, 0x00404000, 0x20004010, + 0x00000010, 0x20400010, 0x20400010, 0x00000000, 0x00404010, 0x20404000, + 0x00004010, 0x00404000, 0x20404000, 0x20000000, 0x20004000, 0x00000010, + 0x20400010, 0x00404000, 0x20404010, 0x00400000, 0x00004010, 0x20000010, + 0x00400000, 0x20004000, 0x20000000, 0x00004010, 0x20000010, 0x20404010, + 0x00404000, 0x20400000, 0x00404010, 0x20404000, 0x00000000, 0x20400010, + 0x00000010, 0x00004000, 0x20400000, 0x00404010, 0x00004000, 0x00400010, + 0x20004010, 0x00000000, 0x20404000, 0x20000000, 0x00400010, 0x20004010, + 0x20000010, 0x20400000, 0x00004000, 0x20404010, 0x20400000, 0x00000010, + 0x20404010, 0x00400000, 0x20004000, 0x00404010, 0x00400000, 0x20000010, + 0x00400010, 0x20004000, 0x20000000, 0x00004010, 0x00000000, 0x00400010, + 0x20004010, 0x00004000, 0x00404000, 0x20004010, 0x00000010, 0x20400010, + 0x20400010, 0x00000000, 0x00404010, 0x20404000, 0x00004010, 0x00404000, + 0x20404000, 0x20000000, 0x20004000, 0x00000010, 0x20400010, 0x00404000, + 0x20404010, 0x00400000, 0x00004010, 0x20000010, 0x00400000, 0x20004000, + 0x20000000, 0x00004010, 0x20000010, 0x20404010, 0x00404000, 0x20400000, + 0x00404010, 0x20404000, 0x00000000, 0x20400010, 0x00000010, 0x00004000, + 0x20400000, 0x00404010, 0x00004000, 0x00400010, 0x20004010, 0x00000000, + 0x20404000, 0x20000000, 0x00400010, 0x20004010 }; + +const u32bit DES::SPBOX7[256] = { + 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, + 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002, + 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802, + 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002, + 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, + 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802, + 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000, + 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800, + 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, + 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800, + 0x04000002, 0x04000800, 0x00000800, 0x00200002, 0x00200000, 0x04200002, + 0x04000802, 0x00000000, 0x00000800, 0x04000802, 0x00200802, 0x04200800, + 0x04200802, 0x00200000, 0x00000000, 0x04000002, 0x00000002, 0x04000000, + 0x04200002, 0x00000802, 0x04000800, 0x00200802, 0x00200002, 0x04000800, + 0x04000002, 0x04200000, 0x04200800, 0x00200002, 0x04200000, 0x00000800, + 0x00000802, 0x04200802, 0x00200800, 0x00000002, 0x04000000, 0x00200800, + 0x04000000, 0x00200800, 0x00200000, 0x04000802, 0x04000802, 0x04200002, + 0x04200002, 0x00000002, 0x00200002, 0x04000000, 0x04000800, 0x00200000, + 0x04200800, 0x00000802, 0x00200802, 0x04200800, 0x00000802, 0x04000002, + 0x04200802, 0x04200000, 0x00200800, 0x00000000, 0x00000002, 0x04200802, + 0x00000000, 0x00200802, 0x04200000, 0x00000800, 0x04000002, 0x04000800, + 0x00000800, 0x00200002, 0x00200000, 0x04200002, 0x04000802, 0x00000000, + 0x00000800, 0x04000802, 0x00200802, 0x04200800, 0x04200802, 0x00200000, + 0x00000000, 0x04000002, 0x00000002, 0x04000000, 0x04200002, 0x00000802, + 0x04000800, 0x00200802, 0x00200002, 0x04000800, 0x04000002, 0x04200000, + 0x04200800, 0x00200002, 0x04200000, 0x00000800, 0x00000802, 0x04200802, + 0x00200800, 0x00000002, 0x04000000, 0x00200800, 0x04000000, 0x00200800, + 0x00200000, 0x04000802, 0x04000802, 0x04200002, 0x04200002, 0x00000002, + 0x00200002, 0x04000000, 0x04000800, 0x00200000, 0x04200800, 0x00000802, + 0x00200802, 0x04200800, 0x00000802, 0x04000002, 0x04200802, 0x04200000, + 0x00200800, 0x00000000, 0x00000002, 0x04200802, 0x00000000, 0x00200802, + 0x04200000, 0x00000800, 0x04000002, 0x04000800, 0x00000800, 0x00200002, + 0x00200000, 0x04200002, 0x04000802, 0x00000000, 0x00000800, 0x04000802, + 0x00200802, 0x04200800, 0x04200802, 0x00200000, 0x00000000, 0x04000002, + 0x00000002, 0x04000000, 0x04200002, 0x00000802, 0x04000800, 0x00200802, + 0x00200002, 0x04000800, 0x04000002, 0x04200000, 0x04200800, 0x00200002, + 0x04200000, 0x00000800, 0x00000802, 0x04200802, 0x00200800, 0x00000002, + 0x04000000, 0x00200800, 0x04000000, 0x00200800, 0x00200000, 0x04000802, + 0x04000802, 0x04200002, 0x04200002, 0x00000002, 0x00200002, 0x04000000, + 0x04000800, 0x00200000, 0x04200800, 0x00000802, 0x00200802, 0x04200800, + 0x00000802, 0x04000002, 0x04200802, 0x04200000, 0x00200800, 0x00000000, + 0x00000002, 0x04200802, 0x00000000, 0x00200802, 0x04200000, 0x00000800, + 0x04000002, 0x04000800, 0x00000800, 0x00200002 }; + +const u32bit DES::SPBOX8[256] = { + 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, + 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000, + 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040, + 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000, + 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, + 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000, + 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040, + 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040, + 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, + 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040, + 0x00001040, 0x00040040, 0x10000000, 0x10041000, 0x10001040, 0x00001000, + 0x00040000, 0x10041040, 0x10000000, 0x10001040, 0x00000040, 0x10000000, + 0x00040040, 0x10040000, 0x10041040, 0x00041000, 0x10041000, 0x00041040, + 0x00001000, 0x00000040, 0x10040000, 0x10000040, 0x10001000, 0x00001040, + 0x00041000, 0x00040040, 0x10040040, 0x10041000, 0x00001040, 0x00000000, + 0x00000000, 0x10040040, 0x10000040, 0x10001000, 0x00041040, 0x00040000, + 0x00041040, 0x00040000, 0x10041000, 0x00001000, 0x00000040, 0x10040040, + 0x00001000, 0x00041040, 0x10001000, 0x00000040, 0x10000040, 0x10040000, + 0x10040040, 0x10000000, 0x00040000, 0x10001040, 0x00000000, 0x10041040, + 0x00040040, 0x10000040, 0x10040000, 0x10001000, 0x10001040, 0x00000000, + 0x10041040, 0x00041000, 0x00041000, 0x00001040, 0x00001040, 0x00040040, + 0x10000000, 0x10041000, 0x10001040, 0x00001000, 0x00040000, 0x10041040, + 0x10000000, 0x10001040, 0x00000040, 0x10000000, 0x00040040, 0x10040000, + 0x10041040, 0x00041000, 0x10041000, 0x00041040, 0x00001000, 0x00000040, + 0x10040000, 0x10000040, 0x10001000, 0x00001040, 0x00041000, 0x00040040, + 0x10040040, 0x10041000, 0x00001040, 0x00000000, 0x00000000, 0x10040040, + 0x10000040, 0x10001000, 0x00041040, 0x00040000, 0x00041040, 0x00040000, + 0x10041000, 0x00001000, 0x00000040, 0x10040040, 0x00001000, 0x00041040, + 0x10001000, 0x00000040, 0x10000040, 0x10040000, 0x10040040, 0x10000000, + 0x00040000, 0x10001040, 0x00000000, 0x10041040, 0x00040040, 0x10000040, + 0x10040000, 0x10001000, 0x10001040, 0x00000000, 0x10041040, 0x00041000, + 0x00041000, 0x00001040, 0x00001040, 0x00040040, 0x10000000, 0x10041000, + 0x10001040, 0x00001000, 0x00040000, 0x10041040, 0x10000000, 0x10001040, + 0x00000040, 0x10000000, 0x00040040, 0x10040000, 0x10041040, 0x00041000, + 0x10041000, 0x00041040, 0x00001000, 0x00000040, 0x10040000, 0x10000040, + 0x10001000, 0x00001040, 0x00041000, 0x00040040, 0x10040040, 0x10041000, + 0x00001040, 0x00000000, 0x00000000, 0x10040040, 0x10000040, 0x10001000, + 0x00041040, 0x00040000, 0x00041040, 0x00040000, 0x10041000, 0x00001000, + 0x00000040, 0x10040040, 0x00001000, 0x00041040, 0x10001000, 0x00000040, + 0x10000040, 0x10040000, 0x10040040, 0x10000000, 0x00040000, 0x10001040, + 0x00000000, 0x10041040, 0x00040040, 0x10000040, 0x10040000, 0x10001000, + 0x10001040, 0x00000000, 0x10041040, 0x00041000, 0x00041000, 0x00001040, + 0x00001040, 0x00040040, 0x10000000, 0x10041000 }; + +const u64bit DES::IPTAB1[256] = { +0x0000000000000000, 0x0000000200000000, 0x0000000000000002, 0x0000000200000002, +0x0000020000000000, 0x0000020200000000, 0x0000020000000002, 0x0000020200000002, +0x0000000000000200, 0x0000000200000200, 0x0000000000000202, 0x0000000200000202, +0x0000020000000200, 0x0000020200000200, 0x0000020000000202, 0x0000020200000202, +0x0002000000000000, 0x0002000200000000, 0x0002000000000002, 0x0002000200000002, +0x0002020000000000, 0x0002020200000000, 0x0002020000000002, 0x0002020200000002, +0x0002000000000200, 0x0002000200000200, 0x0002000000000202, 0x0002000200000202, +0x0002020000000200, 0x0002020200000200, 0x0002020000000202, 0x0002020200000202, +0x0000000000020000, 0x0000000200020000, 0x0000000000020002, 0x0000000200020002, +0x0000020000020000, 0x0000020200020000, 0x0000020000020002, 0x0000020200020002, +0x0000000000020200, 0x0000000200020200, 0x0000000000020202, 0x0000000200020202, +0x0000020000020200, 0x0000020200020200, 0x0000020000020202, 0x0000020200020202, +0x0002000000020000, 0x0002000200020000, 0x0002000000020002, 0x0002000200020002, +0x0002020000020000, 0x0002020200020000, 0x0002020000020002, 0x0002020200020002, +0x0002000000020200, 0x0002000200020200, 0x0002000000020202, 0x0002000200020202, +0x0002020000020200, 0x0002020200020200, 0x0002020000020202, 0x0002020200020202, +0x0200000000000000, 0x0200000200000000, 0x0200000000000002, 0x0200000200000002, +0x0200020000000000, 0x0200020200000000, 0x0200020000000002, 0x0200020200000002, +0x0200000000000200, 0x0200000200000200, 0x0200000000000202, 0x0200000200000202, +0x0200020000000200, 0x0200020200000200, 0x0200020000000202, 0x0200020200000202, +0x0202000000000000, 0x0202000200000000, 0x0202000000000002, 0x0202000200000002, +0x0202020000000000, 0x0202020200000000, 0x0202020000000002, 0x0202020200000002, +0x0202000000000200, 0x0202000200000200, 0x0202000000000202, 0x0202000200000202, +0x0202020000000200, 0x0202020200000200, 0x0202020000000202, 0x0202020200000202, +0x0200000000020000, 0x0200000200020000, 0x0200000000020002, 0x0200000200020002, +0x0200020000020000, 0x0200020200020000, 0x0200020000020002, 0x0200020200020002, +0x0200000000020200, 0x0200000200020200, 0x0200000000020202, 0x0200000200020202, +0x0200020000020200, 0x0200020200020200, 0x0200020000020202, 0x0200020200020202, +0x0202000000020000, 0x0202000200020000, 0x0202000000020002, 0x0202000200020002, +0x0202020000020000, 0x0202020200020000, 0x0202020000020002, 0x0202020200020002, +0x0202000000020200, 0x0202000200020200, 0x0202000000020202, 0x0202000200020202, +0x0202020000020200, 0x0202020200020200, 0x0202020000020202, 0x0202020200020202, +0x0000000002000000, 0x0000000202000000, 0x0000000002000002, 0x0000000202000002, +0x0000020002000000, 0x0000020202000000, 0x0000020002000002, 0x0000020202000002, +0x0000000002000200, 0x0000000202000200, 0x0000000002000202, 0x0000000202000202, +0x0000020002000200, 0x0000020202000200, 0x0000020002000202, 0x0000020202000202, +0x0002000002000000, 0x0002000202000000, 0x0002000002000002, 0x0002000202000002, +0x0002020002000000, 0x0002020202000000, 0x0002020002000002, 0x0002020202000002, +0x0002000002000200, 0x0002000202000200, 0x0002000002000202, 0x0002000202000202, +0x0002020002000200, 0x0002020202000200, 0x0002020002000202, 0x0002020202000202, +0x0000000002020000, 0x0000000202020000, 0x0000000002020002, 0x0000000202020002, +0x0000020002020000, 0x0000020202020000, 0x0000020002020002, 0x0000020202020002, +0x0000000002020200, 0x0000000202020200, 0x0000000002020202, 0x0000000202020202, +0x0000020002020200, 0x0000020202020200, 0x0000020002020202, 0x0000020202020202, +0x0002000002020000, 0x0002000202020000, 0x0002000002020002, 0x0002000202020002, +0x0002020002020000, 0x0002020202020000, 0x0002020002020002, 0x0002020202020002, +0x0002000002020200, 0x0002000202020200, 0x0002000002020202, 0x0002000202020202, +0x0002020002020200, 0x0002020202020200, 0x0002020002020202, 0x0002020202020202, +0x0200000002000000, 0x0200000202000000, 0x0200000002000002, 0x0200000202000002, +0x0200020002000000, 0x0200020202000000, 0x0200020002000002, 0x0200020202000002, +0x0200000002000200, 0x0200000202000200, 0x0200000002000202, 0x0200000202000202, +0x0200020002000200, 0x0200020202000200, 0x0200020002000202, 0x0200020202000202, +0x0202000002000000, 0x0202000202000000, 0x0202000002000002, 0x0202000202000002, +0x0202020002000000, 0x0202020202000000, 0x0202020002000002, 0x0202020202000002, +0x0202000002000200, 0x0202000202000200, 0x0202000002000202, 0x0202000202000202, +0x0202020002000200, 0x0202020202000200, 0x0202020002000202, 0x0202020202000202, +0x0200000002020000, 0x0200000202020000, 0x0200000002020002, 0x0200000202020002, +0x0200020002020000, 0x0200020202020000, 0x0200020002020002, 0x0200020202020002, +0x0200000002020200, 0x0200000202020200, 0x0200000002020202, 0x0200000202020202, +0x0200020002020200, 0x0200020202020200, 0x0200020002020202, 0x0200020202020202, +0x0202000002020000, 0x0202000202020000, 0x0202000002020002, 0x0202000202020002, +0x0202020002020000, 0x0202020202020000, 0x0202020002020002, 0x0202020202020002, +0x0202000002020200, 0x0202000202020200, 0x0202000002020202, 0x0202000202020202, +0x0202020002020200, 0x0202020202020200, 0x0202020002020202, 0x0202020202020202 }; + +const u64bit DES::IPTAB2[256] = { +0x0000000000000000, 0x0000010000000000, 0x0000000000000100, 0x0000010000000100, +0x0001000000000000, 0x0001010000000000, 0x0001000000000100, 0x0001010000000100, +0x0000000000010000, 0x0000010000010000, 0x0000000000010100, 0x0000010000010100, +0x0001000000010000, 0x0001010000010000, 0x0001000000010100, 0x0001010000010100, +0x0100000000000000, 0x0100010000000000, 0x0100000000000100, 0x0100010000000100, +0x0101000000000000, 0x0101010000000000, 0x0101000000000100, 0x0101010000000100, +0x0100000000010000, 0x0100010000010000, 0x0100000000010100, 0x0100010000010100, +0x0101000000010000, 0x0101010000010000, 0x0101000000010100, 0x0101010000010100, +0x0000000001000000, 0x0000010001000000, 0x0000000001000100, 0x0000010001000100, +0x0001000001000000, 0x0001010001000000, 0x0001000001000100, 0x0001010001000100, +0x0000000001010000, 0x0000010001010000, 0x0000000001010100, 0x0000010001010100, +0x0001000001010000, 0x0001010001010000, 0x0001000001010100, 0x0001010001010100, +0x0100000001000000, 0x0100010001000000, 0x0100000001000100, 0x0100010001000100, +0x0101000001000000, 0x0101010001000000, 0x0101000001000100, 0x0101010001000100, +0x0100000001010000, 0x0100010001010000, 0x0100000001010100, 0x0100010001010100, +0x0101000001010000, 0x0101010001010000, 0x0101000001010100, 0x0101010001010100, +0x0000000100000000, 0x0000010100000000, 0x0000000100000100, 0x0000010100000100, +0x0001000100000000, 0x0001010100000000, 0x0001000100000100, 0x0001010100000100, +0x0000000100010000, 0x0000010100010000, 0x0000000100010100, 0x0000010100010100, +0x0001000100010000, 0x0001010100010000, 0x0001000100010100, 0x0001010100010100, +0x0100000100000000, 0x0100010100000000, 0x0100000100000100, 0x0100010100000100, +0x0101000100000000, 0x0101010100000000, 0x0101000100000100, 0x0101010100000100, +0x0100000100010000, 0x0100010100010000, 0x0100000100010100, 0x0100010100010100, +0x0101000100010000, 0x0101010100010000, 0x0101000100010100, 0x0101010100010100, +0x0000000101000000, 0x0000010101000000, 0x0000000101000100, 0x0000010101000100, +0x0001000101000000, 0x0001010101000000, 0x0001000101000100, 0x0001010101000100, +0x0000000101010000, 0x0000010101010000, 0x0000000101010100, 0x0000010101010100, +0x0001000101010000, 0x0001010101010000, 0x0001000101010100, 0x0001010101010100, +0x0100000101000000, 0x0100010101000000, 0x0100000101000100, 0x0100010101000100, +0x0101000101000000, 0x0101010101000000, 0x0101000101000100, 0x0101010101000100, +0x0100000101010000, 0x0100010101010000, 0x0100000101010100, 0x0100010101010100, +0x0101000101010000, 0x0101010101010000, 0x0101000101010100, 0x0101010101010100, +0x0000000000000001, 0x0000010000000001, 0x0000000000000101, 0x0000010000000101, +0x0001000000000001, 0x0001010000000001, 0x0001000000000101, 0x0001010000000101, +0x0000000000010001, 0x0000010000010001, 0x0000000000010101, 0x0000010000010101, +0x0001000000010001, 0x0001010000010001, 0x0001000000010101, 0x0001010000010101, +0x0100000000000001, 0x0100010000000001, 0x0100000000000101, 0x0100010000000101, +0x0101000000000001, 0x0101010000000001, 0x0101000000000101, 0x0101010000000101, +0x0100000000010001, 0x0100010000010001, 0x0100000000010101, 0x0100010000010101, +0x0101000000010001, 0x0101010000010001, 0x0101000000010101, 0x0101010000010101, +0x0000000001000001, 0x0000010001000001, 0x0000000001000101, 0x0000010001000101, +0x0001000001000001, 0x0001010001000001, 0x0001000001000101, 0x0001010001000101, +0x0000000001010001, 0x0000010001010001, 0x0000000001010101, 0x0000010001010101, +0x0001000001010001, 0x0001010001010001, 0x0001000001010101, 0x0001010001010101, +0x0100000001000001, 0x0100010001000001, 0x0100000001000101, 0x0100010001000101, +0x0101000001000001, 0x0101010001000001, 0x0101000001000101, 0x0101010001000101, +0x0100000001010001, 0x0100010001010001, 0x0100000001010101, 0x0100010001010101, +0x0101000001010001, 0x0101010001010001, 0x0101000001010101, 0x0101010001010101, +0x0000000100000001, 0x0000010100000001, 0x0000000100000101, 0x0000010100000101, +0x0001000100000001, 0x0001010100000001, 0x0001000100000101, 0x0001010100000101, +0x0000000100010001, 0x0000010100010001, 0x0000000100010101, 0x0000010100010101, +0x0001000100010001, 0x0001010100010001, 0x0001000100010101, 0x0001010100010101, +0x0100000100000001, 0x0100010100000001, 0x0100000100000101, 0x0100010100000101, +0x0101000100000001, 0x0101010100000001, 0x0101000100000101, 0x0101010100000101, +0x0100000100010001, 0x0100010100010001, 0x0100000100010101, 0x0100010100010101, +0x0101000100010001, 0x0101010100010001, 0x0101000100010101, 0x0101010100010101, +0x0000000101000001, 0x0000010101000001, 0x0000000101000101, 0x0000010101000101, +0x0001000101000001, 0x0001010101000001, 0x0001000101000101, 0x0001010101000101, +0x0000000101010001, 0x0000010101010001, 0x0000000101010101, 0x0000010101010101, +0x0001000101010001, 0x0001010101010001, 0x0001000101010101, 0x0001010101010101, +0x0100000101000001, 0x0100010101000001, 0x0100000101000101, 0x0100010101000101, +0x0101000101000001, 0x0101010101000001, 0x0101000101000101, 0x0101010101000101, +0x0100000101010001, 0x0100010101010001, 0x0100000101010101, 0x0100010101010101, +0x0101000101010001, 0x0101010101010001, 0x0101000101010101, 0x0101010101010101 }; + +const u64bit DES::FPTAB1[256] = { +0x0000000000000000, 0x0000000100000000, 0x0000000004000000, 0x0000000104000000, +0x0000000000040000, 0x0000000100040000, 0x0000000004040000, 0x0000000104040000, +0x0000000000000400, 0x0000000100000400, 0x0000000004000400, 0x0000000104000400, +0x0000000000040400, 0x0000000100040400, 0x0000000004040400, 0x0000000104040400, +0x0000000000000004, 0x0000000100000004, 0x0000000004000004, 0x0000000104000004, +0x0000000000040004, 0x0000000100040004, 0x0000000004040004, 0x0000000104040004, +0x0000000000000404, 0x0000000100000404, 0x0000000004000404, 0x0000000104000404, +0x0000000000040404, 0x0000000100040404, 0x0000000004040404, 0x0000000104040404, +0x0400000000000000, 0x0400000100000000, 0x0400000004000000, 0x0400000104000000, +0x0400000000040000, 0x0400000100040000, 0x0400000004040000, 0x0400000104040000, +0x0400000000000400, 0x0400000100000400, 0x0400000004000400, 0x0400000104000400, +0x0400000000040400, 0x0400000100040400, 0x0400000004040400, 0x0400000104040400, +0x0400000000000004, 0x0400000100000004, 0x0400000004000004, 0x0400000104000004, +0x0400000000040004, 0x0400000100040004, 0x0400000004040004, 0x0400000104040004, +0x0400000000000404, 0x0400000100000404, 0x0400000004000404, 0x0400000104000404, +0x0400000000040404, 0x0400000100040404, 0x0400000004040404, 0x0400000104040404, +0x0004000000000000, 0x0004000100000000, 0x0004000004000000, 0x0004000104000000, +0x0004000000040000, 0x0004000100040000, 0x0004000004040000, 0x0004000104040000, +0x0004000000000400, 0x0004000100000400, 0x0004000004000400, 0x0004000104000400, +0x0004000000040400, 0x0004000100040400, 0x0004000004040400, 0x0004000104040400, +0x0004000000000004, 0x0004000100000004, 0x0004000004000004, 0x0004000104000004, +0x0004000000040004, 0x0004000100040004, 0x0004000004040004, 0x0004000104040004, +0x0004000000000404, 0x0004000100000404, 0x0004000004000404, 0x0004000104000404, +0x0004000000040404, 0x0004000100040404, 0x0004000004040404, 0x0004000104040404, +0x0404000000000000, 0x0404000100000000, 0x0404000004000000, 0x0404000104000000, +0x0404000000040000, 0x0404000100040000, 0x0404000004040000, 0x0404000104040000, +0x0404000000000400, 0x0404000100000400, 0x0404000004000400, 0x0404000104000400, +0x0404000000040400, 0x0404000100040400, 0x0404000004040400, 0x0404000104040400, +0x0404000000000004, 0x0404000100000004, 0x0404000004000004, 0x0404000104000004, +0x0404000000040004, 0x0404000100040004, 0x0404000004040004, 0x0404000104040004, +0x0404000000000404, 0x0404000100000404, 0x0404000004000404, 0x0404000104000404, +0x0404000000040404, 0x0404000100040404, 0x0404000004040404, 0x0404000104040404, +0x0000040000000000, 0x0000040100000000, 0x0000040004000000, 0x0000040104000000, +0x0000040000040000, 0x0000040100040000, 0x0000040004040000, 0x0000040104040000, +0x0000040000000400, 0x0000040100000400, 0x0000040004000400, 0x0000040104000400, +0x0000040000040400, 0x0000040100040400, 0x0000040004040400, 0x0000040104040400, +0x0000040000000004, 0x0000040100000004, 0x0000040004000004, 0x0000040104000004, +0x0000040000040004, 0x0000040100040004, 0x0000040004040004, 0x0000040104040004, +0x0000040000000404, 0x0000040100000404, 0x0000040004000404, 0x0000040104000404, +0x0000040000040404, 0x0000040100040404, 0x0000040004040404, 0x0000040104040404, +0x0400040000000000, 0x0400040100000000, 0x0400040004000000, 0x0400040104000000, +0x0400040000040000, 0x0400040100040000, 0x0400040004040000, 0x0400040104040000, +0x0400040000000400, 0x0400040100000400, 0x0400040004000400, 0x0400040104000400, +0x0400040000040400, 0x0400040100040400, 0x0400040004040400, 0x0400040104040400, +0x0400040000000004, 0x0400040100000004, 0x0400040004000004, 0x0400040104000004, +0x0400040000040004, 0x0400040100040004, 0x0400040004040004, 0x0400040104040004, +0x0400040000000404, 0x0400040100000404, 0x0400040004000404, 0x0400040104000404, +0x0400040000040404, 0x0400040100040404, 0x0400040004040404, 0x0400040104040404, +0x0004040000000000, 0x0004040100000000, 0x0004040004000000, 0x0004040104000000, +0x0004040000040000, 0x0004040100040000, 0x0004040004040000, 0x0004040104040000, +0x0004040000000400, 0x0004040100000400, 0x0004040004000400, 0x0004040104000400, +0x0004040000040400, 0x0004040100040400, 0x0004040004040400, 0x0004040104040400, +0x0004040000000004, 0x0004040100000004, 0x0004040004000004, 0x0004040104000004, +0x0004040000040004, 0x0004040100040004, 0x0004040004040004, 0x0004040104040004, +0x0004040000000404, 0x0004040100000404, 0x0004040004000404, 0x0004040104000404, +0x0004040000040404, 0x0004040100040404, 0x0004040004040404, 0x0004040104040404, +0x0404040000000000, 0x0404040100000000, 0x0404040004000000, 0x0404040104000000, +0x0404040000040000, 0x0404040100040000, 0x0404040004040000, 0x0404040104040000, +0x0404040000000400, 0x0404040100000400, 0x0404040004000400, 0x0404040104000400, +0x0404040000040400, 0x0404040100040400, 0x0404040004040400, 0x0404040104040400, +0x0404040000000004, 0x0404040100000004, 0x0404040004000004, 0x0404040104000004, +0x0404040000040004, 0x0404040100040004, 0x0404040004040004, 0x0404040104040004, +0x0404040000000404, 0x0404040100000404, 0x0404040004000404, 0x0404040104000404, +0x0404040000040404, 0x0404040100040404, 0x0404040004040404, 0x0404040104040404 }; + +const u64bit DES::FPTAB2[256] = { +0x0000000000000000, 0x0000004000000000, 0x0000000001000000, 0x0000004001000000, +0x0000000000010000, 0x0000004000010000, 0x0000000001010000, 0x0000004001010000, +0x0000000000000100, 0x0000004000000100, 0x0000000001000100, 0x0000004001000100, +0x0000000000010100, 0x0000004000010100, 0x0000000001010100, 0x0000004001010100, +0x0000000000000001, 0x0000004000000001, 0x0000000001000001, 0x0000004001000001, +0x0000000000010001, 0x0000004000010001, 0x0000000001010001, 0x0000004001010001, +0x0000000000000101, 0x0000004000000101, 0x0000000001000101, 0x0000004001000101, +0x0000000000010101, 0x0000004000010101, 0x0000000001010101, 0x0000004001010101, +0x0100000000000000, 0x0100004000000000, 0x0100000001000000, 0x0100004001000000, +0x0100000000010000, 0x0100004000010000, 0x0100000001010000, 0x0100004001010000, +0x0100000000000100, 0x0100004000000100, 0x0100000001000100, 0x0100004001000100, +0x0100000000010100, 0x0100004000010100, 0x0100000001010100, 0x0100004001010100, +0x0100000000000001, 0x0100004000000001, 0x0100000001000001, 0x0100004001000001, +0x0100000000010001, 0x0100004000010001, 0x0100000001010001, 0x0100004001010001, +0x0100000000000101, 0x0100004000000101, 0x0100000001000101, 0x0100004001000101, +0x0100000000010101, 0x0100004000010101, 0x0100000001010101, 0x0100004001010101, +0x0001000000000000, 0x0001004000000000, 0x0001000001000000, 0x0001004001000000, +0x0001000000010000, 0x0001004000010000, 0x0001000001010000, 0x0001004001010000, +0x0001000000000100, 0x0001004000000100, 0x0001000001000100, 0x0001004001000100, +0x0001000000010100, 0x0001004000010100, 0x0001000001010100, 0x0001004001010100, +0x0001000000000001, 0x0001004000000001, 0x0001000001000001, 0x0001004001000001, +0x0001000000010001, 0x0001004000010001, 0x0001000001010001, 0x0001004001010001, +0x0001000000000101, 0x0001004000000101, 0x0001000001000101, 0x0001004001000101, +0x0001000000010101, 0x0001004000010101, 0x0001000001010101, 0x0001004001010101, +0x0101000000000000, 0x0101004000000000, 0x0101000001000000, 0x0101004001000000, +0x0101000000010000, 0x0101004000010000, 0x0101000001010000, 0x0101004001010000, +0x0101000000000100, 0x0101004000000100, 0x0101000001000100, 0x0101004001000100, +0x0101000000010100, 0x0101004000010100, 0x0101000001010100, 0x0101004001010100, +0x0101000000000001, 0x0101004000000001, 0x0101000001000001, 0x0101004001000001, +0x0101000000010001, 0x0101004000010001, 0x0101000001010001, 0x0101004001010001, +0x0101000000000101, 0x0101004000000101, 0x0101000001000101, 0x0101004001000101, +0x0101000000010101, 0x0101004000010101, 0x0101000001010101, 0x0101004001010101, +0x0000010000000000, 0x0000014000000000, 0x0000010001000000, 0x0000014001000000, +0x0000010000010000, 0x0000014000010000, 0x0000010001010000, 0x0000014001010000, +0x0000010000000100, 0x0000014000000100, 0x0000010001000100, 0x0000014001000100, +0x0000010000010100, 0x0000014000010100, 0x0000010001010100, 0x0000014001010100, +0x0000010000000001, 0x0000014000000001, 0x0000010001000001, 0x0000014001000001, +0x0000010000010001, 0x0000014000010001, 0x0000010001010001, 0x0000014001010001, +0x0000010000000101, 0x0000014000000101, 0x0000010001000101, 0x0000014001000101, +0x0000010000010101, 0x0000014000010101, 0x0000010001010101, 0x0000014001010101, +0x0100010000000000, 0x0100014000000000, 0x0100010001000000, 0x0100014001000000, +0x0100010000010000, 0x0100014000010000, 0x0100010001010000, 0x0100014001010000, +0x0100010000000100, 0x0100014000000100, 0x0100010001000100, 0x0100014001000100, +0x0100010000010100, 0x0100014000010100, 0x0100010001010100, 0x0100014001010100, +0x0100010000000001, 0x0100014000000001, 0x0100010001000001, 0x0100014001000001, +0x0100010000010001, 0x0100014000010001, 0x0100010001010001, 0x0100014001010001, +0x0100010000000101, 0x0100014000000101, 0x0100010001000101, 0x0100014001000101, +0x0100010000010101, 0x0100014000010101, 0x0100010001010101, 0x0100014001010101, +0x0001010000000000, 0x0001014000000000, 0x0001010001000000, 0x0001014001000000, +0x0001010000010000, 0x0001014000010000, 0x0001010001010000, 0x0001014001010000, +0x0001010000000100, 0x0001014000000100, 0x0001010001000100, 0x0001014001000100, +0x0001010000010100, 0x0001014000010100, 0x0001010001010100, 0x0001014001010100, +0x0001010000000001, 0x0001014000000001, 0x0001010001000001, 0x0001014001000001, +0x0001010000010001, 0x0001014000010001, 0x0001010001010001, 0x0001014001010001, +0x0001010000000101, 0x0001014000000101, 0x0001010001000101, 0x0001014001000101, +0x0001010000010101, 0x0001014000010101, 0x0001010001010101, 0x0001014001010101, +0x0101010000000000, 0x0101014000000000, 0x0101010001000000, 0x0101014001000000, +0x0101010000010000, 0x0101014000010000, 0x0101010001010000, 0x0101014001010000, +0x0101010000000100, 0x0101014000000100, 0x0101010001000100, 0x0101014001000100, +0x0101010000010100, 0x0101014000010100, 0x0101010001010100, 0x0101014001010100, +0x0101010000000001, 0x0101014000000001, 0x0101010001000001, 0x0101014001000001, +0x0101010000010001, 0x0101014000010001, 0x0101010001010001, 0x0101014001010001, +0x0101010000000101, 0x0101014000000101, 0x0101010001000101, 0x0101014001000101, +0x0101010000010101, 0x0101014000010101, 0x0101010001010101, 0x0101014001010101 }; + +} diff --git a/src/cipher/des/modinfo.txt b/src/cipher/des/modinfo.txt new file mode 100644 index 000000000..43ea9a0bc --- /dev/null +++ b/src/cipher/des/modinfo.txt @@ -0,0 +1,11 @@ +realname "DES" + +define DES + +load_on auto + +<add> +des.cpp +des.h +des_tab.cpp +</add> diff --git a/src/cipher/gost/gost.cpp b/src/cipher/gost/gost.cpp new file mode 100644 index 000000000..dc2b397e7 --- /dev/null +++ b/src/cipher/gost/gost.cpp @@ -0,0 +1,72 @@ +/************************************************* +* GOST Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/gost.h> +#include <botan/loadstor.h> + +namespace Botan { + +/************************************************* +* GOST Encryption * +*************************************************/ +void GOST::enc(const byte in[], byte out[]) const + { + u32bit N1 = load_le<u32bit>(in, 0), N2 = load_le<u32bit>(in, 1); + + for(u32bit j = 0; j != 32; j += 2) + { + u32bit T0; + + T0 = N1 + EK[j]; + N2 ^= SBOX1[get_byte(0, T0)] | SBOX2[get_byte(1, T0)] | + SBOX3[get_byte(2, T0)] | SBOX4[get_byte(3, T0)]; + + T0 = N2 + EK[j+1]; + N1 ^= SBOX1[get_byte(0, T0)] | SBOX2[get_byte(1, T0)] | + SBOX3[get_byte(2, T0)] | SBOX4[get_byte(3, T0)]; + } + + store_le(out, N2, N1); + } + +/************************************************* +* GOST Decryption * +*************************************************/ +void GOST::dec(const byte in[], byte out[]) const + { + u32bit N1 = load_le<u32bit>(in, 0), N2 = load_le<u32bit>(in, 1); + + for(u32bit j = 0; j != 32; j += 2) + { + u32bit T0; + + T0 = N1 + EK[31-j]; + N2 ^= SBOX1[get_byte(0, T0)] | SBOX2[get_byte(1, T0)] | + SBOX3[get_byte(2, T0)] | SBOX4[get_byte(3, T0)]; + + T0 = N2 + EK[30-j]; + N1 ^= SBOX1[get_byte(0, T0)] | SBOX2[get_byte(1, T0)] | + SBOX3[get_byte(2, T0)] | SBOX4[get_byte(3, T0)]; + } + + store_le(out, N2, N1); + } + +/************************************************* +* GOST Key Schedule * +*************************************************/ +void GOST::key(const byte key[], u32bit) + { + for(u32bit j = 0; j != 8; ++j) + { + u32bit K = load_le<u32bit>(key, j); + EK[j] = EK[j+8] = EK[j+16] = K; + } + + for(u32bit j = 24; j != 32; ++j) + EK[j] = EK[7-(j-24)]; + } + +} diff --git a/src/cipher/gost/gost.h b/src/cipher/gost/gost.h new file mode 100644 index 000000000..d78e3245f --- /dev/null +++ b/src/cipher/gost/gost.h @@ -0,0 +1,38 @@ +/************************************************* +* GOST Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_GOST_H__ +#define BOTAN_GOST_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* GOST * +*************************************************/ +class BOTAN_DLL GOST : public BlockCipher + { + public: + void clear() throw() { EK.clear(); } + std::string name() const { return "GOST"; } + BlockCipher* clone() const { return new GOST; } + GOST() : BlockCipher(8, 32) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + + static const u32bit SBOX1[256]; + static const u32bit SBOX2[256]; + static const u32bit SBOX3[256]; + static const u32bit SBOX4[256]; + + SecureBuffer<u32bit, 32> EK; + }; + +} + +#endif diff --git a/src/cipher/gost/gost_tab.cpp b/src/cipher/gost/gost_tab.cpp new file mode 100644 index 000000000..3ef1a0caf --- /dev/null +++ b/src/cipher/gost/gost_tab.cpp @@ -0,0 +1,190 @@ +/************************************************* +* S-Box Tables for GOST * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/gost.h> + +namespace Botan { + +const u32bit GOST::SBOX1[256] = { + 0x00000270, 0x00000258, 0x00000220, 0x00000260, 0x00000230, 0x00000268, + 0x00000278, 0x00000250, 0x00000210, 0x00000218, 0x00000240, 0x00000208, + 0x00000200, 0x00000238, 0x00000228, 0x00000248, 0x00000570, 0x00000558, + 0x00000520, 0x00000560, 0x00000530, 0x00000568, 0x00000578, 0x00000550, + 0x00000510, 0x00000518, 0x00000540, 0x00000508, 0x00000500, 0x00000538, + 0x00000528, 0x00000548, 0x000004F0, 0x000004D8, 0x000004A0, 0x000004E0, + 0x000004B0, 0x000004E8, 0x000004F8, 0x000004D0, 0x00000490, 0x00000498, + 0x000004C0, 0x00000488, 0x00000480, 0x000004B8, 0x000004A8, 0x000004C8, + 0x00000170, 0x00000158, 0x00000120, 0x00000160, 0x00000130, 0x00000168, + 0x00000178, 0x00000150, 0x00000110, 0x00000118, 0x00000140, 0x00000108, + 0x00000100, 0x00000138, 0x00000128, 0x00000148, 0x000006F0, 0x000006D8, + 0x000006A0, 0x000006E0, 0x000006B0, 0x000006E8, 0x000006F8, 0x000006D0, + 0x00000690, 0x00000698, 0x000006C0, 0x00000688, 0x00000680, 0x000006B8, + 0x000006A8, 0x000006C8, 0x00000470, 0x00000458, 0x00000420, 0x00000460, + 0x00000430, 0x00000468, 0x00000478, 0x00000450, 0x00000410, 0x00000418, + 0x00000440, 0x00000408, 0x00000400, 0x00000438, 0x00000428, 0x00000448, + 0x00000070, 0x00000058, 0x00000020, 0x00000060, 0x00000030, 0x00000068, + 0x00000078, 0x00000050, 0x00000010, 0x00000018, 0x00000040, 0x00000008, + 0x00000000, 0x00000038, 0x00000028, 0x00000048, 0x00000770, 0x00000758, + 0x00000720, 0x00000760, 0x00000730, 0x00000768, 0x00000778, 0x00000750, + 0x00000710, 0x00000718, 0x00000740, 0x00000708, 0x00000700, 0x00000738, + 0x00000728, 0x00000748, 0x00000370, 0x00000358, 0x00000320, 0x00000360, + 0x00000330, 0x00000368, 0x00000378, 0x00000350, 0x00000310, 0x00000318, + 0x00000340, 0x00000308, 0x00000300, 0x00000338, 0x00000328, 0x00000348, + 0x000005F0, 0x000005D8, 0x000005A0, 0x000005E0, 0x000005B0, 0x000005E8, + 0x000005F8, 0x000005D0, 0x00000590, 0x00000598, 0x000005C0, 0x00000588, + 0x00000580, 0x000005B8, 0x000005A8, 0x000005C8, 0x000000F0, 0x000000D8, + 0x000000A0, 0x000000E0, 0x000000B0, 0x000000E8, 0x000000F8, 0x000000D0, + 0x00000090, 0x00000098, 0x000000C0, 0x00000088, 0x00000080, 0x000000B8, + 0x000000A8, 0x000000C8, 0x00000670, 0x00000658, 0x00000620, 0x00000660, + 0x00000630, 0x00000668, 0x00000678, 0x00000650, 0x00000610, 0x00000618, + 0x00000640, 0x00000608, 0x00000600, 0x00000638, 0x00000628, 0x00000648, + 0x000003F0, 0x000003D8, 0x000003A0, 0x000003E0, 0x000003B0, 0x000003E8, + 0x000003F8, 0x000003D0, 0x00000390, 0x00000398, 0x000003C0, 0x00000388, + 0x00000380, 0x000003B8, 0x000003A8, 0x000003C8, 0x000007F0, 0x000007D8, + 0x000007A0, 0x000007E0, 0x000007B0, 0x000007E8, 0x000007F8, 0x000007D0, + 0x00000790, 0x00000798, 0x000007C0, 0x00000788, 0x00000780, 0x000007B8, + 0x000007A8, 0x000007C8, 0x000002F0, 0x000002D8, 0x000002A0, 0x000002E0, + 0x000002B0, 0x000002E8, 0x000002F8, 0x000002D0, 0x00000290, 0x00000298, + 0x000002C0, 0x00000288, 0x00000280, 0x000002B8, 0x000002A8, 0x000002C8, + 0x000001F0, 0x000001D8, 0x000001A0, 0x000001E0, 0x000001B0, 0x000001E8, + 0x000001F8, 0x000001D0, 0x00000190, 0x00000198, 0x000001C0, 0x00000188, + 0x00000180, 0x000001B8, 0x000001A8, 0x000001C8 }; + +const u32bit GOST::SBOX2[256] = { + 0xB8000002, 0xE8000002, 0xD0000002, 0x88000002, 0x80000002, 0xC0000002, + 0xC8000002, 0xF8000002, 0xF0000002, 0xA0000002, 0xB0000002, 0xE0000002, + 0xD8000002, 0x90000002, 0xA8000002, 0x98000002, 0x38000004, 0x68000004, + 0x50000004, 0x08000004, 0x00000004, 0x40000004, 0x48000004, 0x78000004, + 0x70000004, 0x20000004, 0x30000004, 0x60000004, 0x58000004, 0x10000004, + 0x28000004, 0x18000004, 0xB8000000, 0xE8000000, 0xD0000000, 0x88000000, + 0x80000000, 0xC0000000, 0xC8000000, 0xF8000000, 0xF0000000, 0xA0000000, + 0xB0000000, 0xE0000000, 0xD8000000, 0x90000000, 0xA8000000, 0x98000000, + 0xB8000006, 0xE8000006, 0xD0000006, 0x88000006, 0x80000006, 0xC0000006, + 0xC8000006, 0xF8000006, 0xF0000006, 0xA0000006, 0xB0000006, 0xE0000006, + 0xD8000006, 0x90000006, 0xA8000006, 0x98000006, 0x38000005, 0x68000005, + 0x50000005, 0x08000005, 0x00000005, 0x40000005, 0x48000005, 0x78000005, + 0x70000005, 0x20000005, 0x30000005, 0x60000005, 0x58000005, 0x10000005, + 0x28000005, 0x18000005, 0xB8000001, 0xE8000001, 0xD0000001, 0x88000001, + 0x80000001, 0xC0000001, 0xC8000001, 0xF8000001, 0xF0000001, 0xA0000001, + 0xB0000001, 0xE0000001, 0xD8000001, 0x90000001, 0xA8000001, 0x98000001, + 0x38000002, 0x68000002, 0x50000002, 0x08000002, 0x00000002, 0x40000002, + 0x48000002, 0x78000002, 0x70000002, 0x20000002, 0x30000002, 0x60000002, + 0x58000002, 0x10000002, 0x28000002, 0x18000002, 0x38000001, 0x68000001, + 0x50000001, 0x08000001, 0x00000001, 0x40000001, 0x48000001, 0x78000001, + 0x70000001, 0x20000001, 0x30000001, 0x60000001, 0x58000001, 0x10000001, + 0x28000001, 0x18000001, 0x38000007, 0x68000007, 0x50000007, 0x08000007, + 0x00000007, 0x40000007, 0x48000007, 0x78000007, 0x70000007, 0x20000007, + 0x30000007, 0x60000007, 0x58000007, 0x10000007, 0x28000007, 0x18000007, + 0xB8000007, 0xE8000007, 0xD0000007, 0x88000007, 0x80000007, 0xC0000007, + 0xC8000007, 0xF8000007, 0xF0000007, 0xA0000007, 0xB0000007, 0xE0000007, + 0xD8000007, 0x90000007, 0xA8000007, 0x98000007, 0x38000006, 0x68000006, + 0x50000006, 0x08000006, 0x00000006, 0x40000006, 0x48000006, 0x78000006, + 0x70000006, 0x20000006, 0x30000006, 0x60000006, 0x58000006, 0x10000006, + 0x28000006, 0x18000006, 0xB8000003, 0xE8000003, 0xD0000003, 0x88000003, + 0x80000003, 0xC0000003, 0xC8000003, 0xF8000003, 0xF0000003, 0xA0000003, + 0xB0000003, 0xE0000003, 0xD8000003, 0x90000003, 0xA8000003, 0x98000003, + 0x38000003, 0x68000003, 0x50000003, 0x08000003, 0x00000003, 0x40000003, + 0x48000003, 0x78000003, 0x70000003, 0x20000003, 0x30000003, 0x60000003, + 0x58000003, 0x10000003, 0x28000003, 0x18000003, 0x38000000, 0x68000000, + 0x50000000, 0x08000000, 0x00000000, 0x40000000, 0x48000000, 0x78000000, + 0x70000000, 0x20000000, 0x30000000, 0x60000000, 0x58000000, 0x10000000, + 0x28000000, 0x18000000, 0xB8000004, 0xE8000004, 0xD0000004, 0x88000004, + 0x80000004, 0xC0000004, 0xC8000004, 0xF8000004, 0xF0000004, 0xA0000004, + 0xB0000004, 0xE0000004, 0xD8000004, 0x90000004, 0xA8000004, 0x98000004, + 0xB8000005, 0xE8000005, 0xD0000005, 0x88000005, 0x80000005, 0xC0000005, + 0xC8000005, 0xF8000005, 0xF0000005, 0xA0000005, 0xB0000005, 0xE0000005, + 0xD8000005, 0x90000005, 0xA8000005, 0x98000005 }; + +const u32bit GOST::SBOX3[256] = { + 0x03200000, 0x03580000, 0x03500000, 0x03000000, 0x03380000, 0x03100000, + 0x03080000, 0x03680000, 0x03180000, 0x03300000, 0x03400000, 0x03280000, + 0x03480000, 0x03600000, 0x03780000, 0x03700000, 0x06200000, 0x06580000, + 0x06500000, 0x06000000, 0x06380000, 0x06100000, 0x06080000, 0x06680000, + 0x06180000, 0x06300000, 0x06400000, 0x06280000, 0x06480000, 0x06600000, + 0x06780000, 0x06700000, 0x03A00000, 0x03D80000, 0x03D00000, 0x03800000, + 0x03B80000, 0x03900000, 0x03880000, 0x03E80000, 0x03980000, 0x03B00000, + 0x03C00000, 0x03A80000, 0x03C80000, 0x03E00000, 0x03F80000, 0x03F00000, + 0x00A00000, 0x00D80000, 0x00D00000, 0x00800000, 0x00B80000, 0x00900000, + 0x00880000, 0x00E80000, 0x00980000, 0x00B00000, 0x00C00000, 0x00A80000, + 0x00C80000, 0x00E00000, 0x00F80000, 0x00F00000, 0x02A00000, 0x02D80000, + 0x02D00000, 0x02800000, 0x02B80000, 0x02900000, 0x02880000, 0x02E80000, + 0x02980000, 0x02B00000, 0x02C00000, 0x02A80000, 0x02C80000, 0x02E00000, + 0x02F80000, 0x02F00000, 0x07A00000, 0x07D80000, 0x07D00000, 0x07800000, + 0x07B80000, 0x07900000, 0x07880000, 0x07E80000, 0x07980000, 0x07B00000, + 0x07C00000, 0x07A80000, 0x07C80000, 0x07E00000, 0x07F80000, 0x07F00000, + 0x06A00000, 0x06D80000, 0x06D00000, 0x06800000, 0x06B80000, 0x06900000, + 0x06880000, 0x06E80000, 0x06980000, 0x06B00000, 0x06C00000, 0x06A80000, + 0x06C80000, 0x06E00000, 0x06F80000, 0x06F00000, 0x04200000, 0x04580000, + 0x04500000, 0x04000000, 0x04380000, 0x04100000, 0x04080000, 0x04680000, + 0x04180000, 0x04300000, 0x04400000, 0x04280000, 0x04480000, 0x04600000, + 0x04780000, 0x04700000, 0x02200000, 0x02580000, 0x02500000, 0x02000000, + 0x02380000, 0x02100000, 0x02080000, 0x02680000, 0x02180000, 0x02300000, + 0x02400000, 0x02280000, 0x02480000, 0x02600000, 0x02780000, 0x02700000, + 0x05200000, 0x05580000, 0x05500000, 0x05000000, 0x05380000, 0x05100000, + 0x05080000, 0x05680000, 0x05180000, 0x05300000, 0x05400000, 0x05280000, + 0x05480000, 0x05600000, 0x05780000, 0x05700000, 0x04A00000, 0x04D80000, + 0x04D00000, 0x04800000, 0x04B80000, 0x04900000, 0x04880000, 0x04E80000, + 0x04980000, 0x04B00000, 0x04C00000, 0x04A80000, 0x04C80000, 0x04E00000, + 0x04F80000, 0x04F00000, 0x07200000, 0x07580000, 0x07500000, 0x07000000, + 0x07380000, 0x07100000, 0x07080000, 0x07680000, 0x07180000, 0x07300000, + 0x07400000, 0x07280000, 0x07480000, 0x07600000, 0x07780000, 0x07700000, + 0x00200000, 0x00580000, 0x00500000, 0x00000000, 0x00380000, 0x00100000, + 0x00080000, 0x00680000, 0x00180000, 0x00300000, 0x00400000, 0x00280000, + 0x00480000, 0x00600000, 0x00780000, 0x00700000, 0x01A00000, 0x01D80000, + 0x01D00000, 0x01800000, 0x01B80000, 0x01900000, 0x01880000, 0x01E80000, + 0x01980000, 0x01B00000, 0x01C00000, 0x01A80000, 0x01C80000, 0x01E00000, + 0x01F80000, 0x01F00000, 0x05A00000, 0x05D80000, 0x05D00000, 0x05800000, + 0x05B80000, 0x05900000, 0x05880000, 0x05E80000, 0x05980000, 0x05B00000, + 0x05C00000, 0x05A80000, 0x05C80000, 0x05E00000, 0x05F80000, 0x05F00000, + 0x01200000, 0x01580000, 0x01500000, 0x01000000, 0x01380000, 0x01100000, + 0x01080000, 0x01680000, 0x01180000, 0x01300000, 0x01400000, 0x01280000, + 0x01480000, 0x01600000, 0x01780000, 0x01700000 }; + +const u32bit GOST::SBOX4[256] = { + 0x00068800, 0x0006F800, 0x0006E800, 0x00068000, 0x0006A800, 0x0006B800, + 0x0006D000, 0x0006A000, 0x0006C800, 0x00069000, 0x00069800, 0x0006F000, + 0x0006B000, 0x0006D800, 0x0006C000, 0x0006E000, 0x00058800, 0x0005F800, + 0x0005E800, 0x00058000, 0x0005A800, 0x0005B800, 0x0005D000, 0x0005A000, + 0x0005C800, 0x00059000, 0x00059800, 0x0005F000, 0x0005B000, 0x0005D800, + 0x0005C000, 0x0005E000, 0x00020800, 0x00027800, 0x00026800, 0x00020000, + 0x00022800, 0x00023800, 0x00025000, 0x00022000, 0x00024800, 0x00021000, + 0x00021800, 0x00027000, 0x00023000, 0x00025800, 0x00024000, 0x00026000, + 0x00008800, 0x0000F800, 0x0000E800, 0x00008000, 0x0000A800, 0x0000B800, + 0x0000D000, 0x0000A000, 0x0000C800, 0x00009000, 0x00009800, 0x0000F000, + 0x0000B000, 0x0000D800, 0x0000C000, 0x0000E000, 0x00018800, 0x0001F800, + 0x0001E800, 0x00018000, 0x0001A800, 0x0001B800, 0x0001D000, 0x0001A000, + 0x0001C800, 0x00019000, 0x00019800, 0x0001F000, 0x0001B000, 0x0001D800, + 0x0001C000, 0x0001E000, 0x00078800, 0x0007F800, 0x0007E800, 0x00078000, + 0x0007A800, 0x0007B800, 0x0007D000, 0x0007A000, 0x0007C800, 0x00079000, + 0x00079800, 0x0007F000, 0x0007B000, 0x0007D800, 0x0007C000, 0x0007E000, + 0x00028800, 0x0002F800, 0x0002E800, 0x00028000, 0x0002A800, 0x0002B800, + 0x0002D000, 0x0002A000, 0x0002C800, 0x00029000, 0x00029800, 0x0002F000, + 0x0002B000, 0x0002D800, 0x0002C000, 0x0002E000, 0x00048800, 0x0004F800, + 0x0004E800, 0x00048000, 0x0004A800, 0x0004B800, 0x0004D000, 0x0004A000, + 0x0004C800, 0x00049000, 0x00049800, 0x0004F000, 0x0004B000, 0x0004D800, + 0x0004C000, 0x0004E000, 0x00000800, 0x00007800, 0x00006800, 0x00000000, + 0x00002800, 0x00003800, 0x00005000, 0x00002000, 0x00004800, 0x00001000, + 0x00001800, 0x00007000, 0x00003000, 0x00005800, 0x00004000, 0x00006000, + 0x00050800, 0x00057800, 0x00056800, 0x00050000, 0x00052800, 0x00053800, + 0x00055000, 0x00052000, 0x00054800, 0x00051000, 0x00051800, 0x00057000, + 0x00053000, 0x00055800, 0x00054000, 0x00056000, 0x00070800, 0x00077800, + 0x00076800, 0x00070000, 0x00072800, 0x00073800, 0x00075000, 0x00072000, + 0x00074800, 0x00071000, 0x00071800, 0x00077000, 0x00073000, 0x00075800, + 0x00074000, 0x00076000, 0x00038800, 0x0003F800, 0x0003E800, 0x00038000, + 0x0003A800, 0x0003B800, 0x0003D000, 0x0003A000, 0x0003C800, 0x00039000, + 0x00039800, 0x0003F000, 0x0003B000, 0x0003D800, 0x0003C000, 0x0003E000, + 0x00030800, 0x00037800, 0x00036800, 0x00030000, 0x00032800, 0x00033800, + 0x00035000, 0x00032000, 0x00034800, 0x00031000, 0x00031800, 0x00037000, + 0x00033000, 0x00035800, 0x00034000, 0x00036000, 0x00040800, 0x00047800, + 0x00046800, 0x00040000, 0x00042800, 0x00043800, 0x00045000, 0x00042000, + 0x00044800, 0x00041000, 0x00041800, 0x00047000, 0x00043000, 0x00045800, + 0x00044000, 0x00046000, 0x00010800, 0x00017800, 0x00016800, 0x00010000, + 0x00012800, 0x00013800, 0x00015000, 0x00012000, 0x00014800, 0x00011000, + 0x00011800, 0x00017000, 0x00013000, 0x00015800, 0x00014000, 0x00016000, + 0x00060800, 0x00067800, 0x00066800, 0x00060000, 0x00062800, 0x00063800, + 0x00065000, 0x00062000, 0x00064800, 0x00061000, 0x00061800, 0x00067000, + 0x00063000, 0x00065800, 0x00064000, 0x00066000 }; + +} diff --git a/src/cipher/gost/modinfo.txt b/src/cipher/gost/modinfo.txt new file mode 100644 index 000000000..f2b997c08 --- /dev/null +++ b/src/cipher/gost/modinfo.txt @@ -0,0 +1,11 @@ +realname "GOST" + +define GOST + +load_on auto + +<add> +gost.cpp +gost.h +gost_tab.cpp +</add> diff --git a/src/cipher/idea/idea.cpp b/src/cipher/idea/idea.cpp new file mode 100644 index 000000000..a2b076015 --- /dev/null +++ b/src/cipher/idea/idea.cpp @@ -0,0 +1,172 @@ +/************************************************* +* IDEA Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/idea.h> +#include <botan/loadstor.h> + +namespace Botan { + +namespace { + +/************************************************* +* Multiplication modulo 65537 * +*************************************************/ +inline u16bit mul(u16bit x, u16bit y) + { + if(x && y) + { + u32bit T = static_cast<u32bit>(x) * y; + x = static_cast<u16bit>(T >> 16); + y = static_cast<u16bit>(T & 0xFFFF); + return static_cast<u16bit>(y - x + ((y < x) ? 1 : 0)); + } + else + return static_cast<u16bit>(1 - x - y); + } + +/************************************************* +* Find multiplicative inverses modulo 65537 * +*************************************************/ +u16bit mul_inv(u16bit x) + { + if(x <= 1) + return x; + + u16bit t0 = static_cast<u16bit>(65537 / x), t1 = 1; + u16bit y = static_cast<u16bit>(65537 % x); + + while(y != 1) + { + u16bit q = x / y; + x %= y; + t1 += q * t0; + + if(x == 1) + return t1; + + q = y / x; + y %= x; + t0 += q * t1; + } + return (1 - t0); + } + +} + +/************************************************* +* IDEA Encryption * +*************************************************/ +void IDEA::enc(const byte in[], byte out[]) const + { + u16bit X1 = load_be<u16bit>(in, 0); + u16bit X2 = load_be<u16bit>(in, 1); + u16bit X3 = load_be<u16bit>(in, 2); + u16bit X4 = load_be<u16bit>(in, 3); + + for(u32bit j = 0; j != 8; ++j) + { + X1 = mul(X1, EK[6*j+0]); + X2 += EK[6*j+1]; + X3 += EK[6*j+2]; + X4 = mul(X4, EK[6*j+3]); + + u16bit T0 = X3; + X3 = mul(X3 ^ X1, EK[6*j+4]); + + u16bit T1 = X2; + X2 = mul((X2 ^ X4) + X3, EK[6*j+5]); + X3 += X2; + + X1 ^= X2; + X4 ^= X3; + X2 ^= T0; + X3 ^= T1; + } + + X1 = mul(X1, EK[48]); + X2 += EK[50]; + X3 += EK[49]; + X4 = mul(X4, EK[51]); + + store_be(out, X1, X3, X2, X4); + } + +/************************************************* +* IDEA Decryption * +*************************************************/ +void IDEA::dec(const byte in[], byte out[]) const + { + u16bit X1 = load_be<u16bit>(in, 0); + u16bit X2 = load_be<u16bit>(in, 1); + u16bit X3 = load_be<u16bit>(in, 2); + u16bit X4 = load_be<u16bit>(in, 3); + + for(u32bit j = 0; j != 8; ++j) + { + X1 = mul(X1, DK[6*j+0]); + X2 += DK[6*j+1]; + X3 += DK[6*j+2]; + X4 = mul(X4, DK[6*j+3]); + + u16bit T0 = X3; + X3 = mul(X3 ^ X1, DK[6*j+4]); + + u16bit T1 = X2; + X2 = mul((X2 ^ X4) + X3, DK[6*j+5]); + X3 += X2; + + X1 ^= X2; + X4 ^= X3; + X2 ^= T0; + X3 ^= T1; + } + + X1 = mul(X1, DK[48]); + X2 += DK[50]; + X3 += DK[49]; + X4 = mul(X4, DK[51]); + + store_be(out, X1, X3, X2, X4); + } + +/************************************************* +* IDEA Key Schedule * +*************************************************/ +void IDEA::key(const byte key[], u32bit) + { + for(u32bit j = 0; j != 8; ++j) + EK[j] = load_be<u16bit>(key, j); + + for(u32bit j = 1, k = 8, offset = 0; k != 52; j %= 8, ++j, ++k) + { + EK[j+7+offset] = static_cast<u16bit>((EK[(j % 8) + offset] << 9) | + (EK[((j+1) % 8) + offset] >> 7)); + offset += (j == 8) ? 8 : 0; + } + + DK[51] = mul_inv(EK[3]); + DK[50] = -EK[2]; + DK[49] = -EK[1]; + DK[48] = mul_inv(EK[0]); + + for(u32bit j = 1, k = 4, counter = 47; j != 8; ++j, k += 6) + { + DK[counter--] = EK[k+1]; + DK[counter--] = EK[k]; + DK[counter--] = mul_inv(EK[k+5]); + DK[counter--] = -EK[k+3]; + DK[counter--] = -EK[k+4]; + DK[counter--] = mul_inv(EK[k+2]); + } + + DK[5] = EK[47]; + DK[4] = EK[46]; + DK[3] = mul_inv(EK[51]); + DK[2] = -EK[50]; + DK[1] = -EK[49]; + DK[0] = mul_inv(EK[48]); + } + +} diff --git a/src/cipher/idea/idea.h b/src/cipher/idea/idea.h new file mode 100644 index 000000000..4c5e82aca --- /dev/null +++ b/src/cipher/idea/idea.h @@ -0,0 +1,32 @@ +/************************************************* +* IDEA Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_IDEA_H__ +#define BOTAN_IDEA_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* IDEA * +*************************************************/ +class BOTAN_DLL IDEA : public BlockCipher + { + public: + void clear() throw() { EK.clear(); DK.clear(); } + std::string name() const { return "IDEA"; } + BlockCipher* clone() const { return new IDEA; } + IDEA() : BlockCipher(8, 16) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + SecureBuffer<u16bit, 52> EK, DK; + }; + +} + +#endif diff --git a/src/cipher/idea/modinfo.txt b/src/cipher/idea/modinfo.txt new file mode 100644 index 000000000..2da3ffb43 --- /dev/null +++ b/src/cipher/idea/modinfo.txt @@ -0,0 +1,10 @@ +realname "IDEA" + +define IDEA + +load_on auto + +<add> +idea.cpp +idea.h +</add> diff --git a/src/cipher/kasumi/kas_tab.cpp b/src/cipher/kasumi/kas_tab.cpp new file mode 100644 index 000000000..74a7bc06e --- /dev/null +++ b/src/cipher/kasumi/kas_tab.cpp @@ -0,0 +1,82 @@ +/************************************************* +* S-Box Tables for KASUMI * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/kasumi.h> + +namespace Botan { + +const byte KASUMI_SBOX_S7[128] = { + 0x36, 0x32, 0x3E, 0x38, 0x16, 0x22, 0x5E, 0x60, 0x26, 0x06, 0x3F, 0x5D, + 0x02, 0x12, 0x7B, 0x21, 0x37, 0x71, 0x27, 0x72, 0x15, 0x43, 0x41, 0x0C, + 0x2F, 0x49, 0x2E, 0x1B, 0x19, 0x6F, 0x7C, 0x51, 0x35, 0x09, 0x79, 0x4F, + 0x34, 0x3C, 0x3A, 0x30, 0x65, 0x7F, 0x28, 0x78, 0x68, 0x46, 0x47, 0x2B, + 0x14, 0x7A, 0x48, 0x3D, 0x17, 0x6D, 0x0D, 0x64, 0x4D, 0x01, 0x10, 0x07, + 0x52, 0x0A, 0x69, 0x62, 0x75, 0x74, 0x4C, 0x0B, 0x59, 0x6A, 0x00, 0x7D, + 0x76, 0x63, 0x56, 0x45, 0x1E, 0x39, 0x7E, 0x57, 0x70, 0x33, 0x11, 0x05, + 0x5F, 0x0E, 0x5A, 0x54, 0x5B, 0x08, 0x23, 0x67, 0x20, 0x61, 0x1C, 0x42, + 0x66, 0x1F, 0x1A, 0x2D, 0x4B, 0x04, 0x55, 0x5C, 0x25, 0x4A, 0x50, 0x31, + 0x44, 0x1D, 0x73, 0x2C, 0x40, 0x6B, 0x6C, 0x18, 0x6E, 0x53, 0x24, 0x4E, + 0x2A, 0x13, 0x0F, 0x29, 0x58, 0x77, 0x3B, 0x03 }; + +const u16bit KASUMI_SBOX_S9[512] = { + 0x00A7, 0x00EF, 0x00A1, 0x017B, 0x0187, 0x014E, 0x0009, 0x0152, 0x0026, + 0x00E2, 0x0030, 0x0166, 0x01C4, 0x0181, 0x005A, 0x018D, 0x00B7, 0x00FD, + 0x0093, 0x014B, 0x019F, 0x0154, 0x0033, 0x016A, 0x0132, 0x01F4, 0x0106, + 0x0052, 0x00D8, 0x009F, 0x0164, 0x00B1, 0x00AF, 0x00F1, 0x01E9, 0x0025, + 0x00CE, 0x0011, 0x0000, 0x014D, 0x002C, 0x00FE, 0x017A, 0x003A, 0x008F, + 0x00DC, 0x0051, 0x0190, 0x005F, 0x0003, 0x013B, 0x00F5, 0x0036, 0x00EB, + 0x00DA, 0x0195, 0x01D8, 0x0108, 0x00AC, 0x01EE, 0x0173, 0x0122, 0x018F, + 0x004C, 0x00A5, 0x00C5, 0x018B, 0x0079, 0x0101, 0x01E0, 0x01A7, 0x00D4, + 0x00F0, 0x001C, 0x01CE, 0x00B0, 0x0196, 0x01FB, 0x0120, 0x00DF, 0x01F5, + 0x0197, 0x00F9, 0x0109, 0x0059, 0x00BA, 0x00DD, 0x01AC, 0x00A4, 0x004A, + 0x01B8, 0x00C4, 0x01CA, 0x01A5, 0x015E, 0x00A3, 0x00E8, 0x009E, 0x0086, + 0x0162, 0x000D, 0x00FA, 0x01EB, 0x008E, 0x00BF, 0x0045, 0x00C1, 0x01A9, + 0x0098, 0x00E3, 0x016E, 0x0087, 0x0158, 0x012C, 0x0114, 0x00F2, 0x01B5, + 0x0140, 0x0071, 0x0116, 0x000B, 0x00F3, 0x0057, 0x013D, 0x0024, 0x005D, + 0x01F0, 0x001B, 0x01E7, 0x01BE, 0x01E2, 0x0029, 0x0044, 0x009C, 0x01C9, + 0x0083, 0x0146, 0x0193, 0x0153, 0x0014, 0x0027, 0x0073, 0x01BA, 0x007C, + 0x01DB, 0x0180, 0x01FC, 0x0035, 0x0070, 0x00AA, 0x01DF, 0x0097, 0x007E, + 0x00A9, 0x0049, 0x010C, 0x0117, 0x0141, 0x00A8, 0x016C, 0x016B, 0x0124, + 0x002E, 0x01F3, 0x0189, 0x0147, 0x0144, 0x0018, 0x01C8, 0x010B, 0x009D, + 0x01CC, 0x01E8, 0x01AA, 0x0135, 0x00E5, 0x01B7, 0x01FA, 0x00D0, 0x010F, + 0x015D, 0x0191, 0x01B2, 0x00EC, 0x0010, 0x00D1, 0x0167, 0x0034, 0x0038, + 0x0078, 0x00C7, 0x0115, 0x01D1, 0x01A0, 0x00FC, 0x011F, 0x00F6, 0x0006, + 0x0053, 0x0131, 0x01A4, 0x0159, 0x0099, 0x01F6, 0x0041, 0x003D, 0x00F4, + 0x011A, 0x00AD, 0x00DE, 0x01A2, 0x0043, 0x0182, 0x0170, 0x0105, 0x0065, + 0x01DC, 0x0123, 0x00C3, 0x01AE, 0x0031, 0x004F, 0x00A6, 0x014A, 0x0118, + 0x017F, 0x0175, 0x0080, 0x017E, 0x0198, 0x009B, 0x01EF, 0x016F, 0x0184, + 0x0112, 0x006B, 0x01CB, 0x01A1, 0x003E, 0x01C6, 0x0084, 0x00E1, 0x00CB, + 0x013C, 0x00EA, 0x000E, 0x012D, 0x005B, 0x01F7, 0x011E, 0x01A8, 0x00D3, + 0x015B, 0x0133, 0x008C, 0x0176, 0x0023, 0x0067, 0x007D, 0x01AB, 0x0013, + 0x00D6, 0x01C5, 0x0092, 0x01F2, 0x013A, 0x01BC, 0x00E6, 0x0100, 0x0149, + 0x00C6, 0x011D, 0x0032, 0x0074, 0x004E, 0x019A, 0x000A, 0x00CD, 0x01FE, + 0x00AB, 0x00E7, 0x002D, 0x008B, 0x01D3, 0x001D, 0x0056, 0x01F9, 0x0020, + 0x0048, 0x001A, 0x0156, 0x0096, 0x0139, 0x01EA, 0x01AF, 0x00EE, 0x019B, + 0x0145, 0x0095, 0x01D9, 0x0028, 0x0077, 0x00AE, 0x0163, 0x00B9, 0x00E9, + 0x0185, 0x0047, 0x01C0, 0x0111, 0x0174, 0x0037, 0x006E, 0x00B2, 0x0142, + 0x000C, 0x01D5, 0x0188, 0x0171, 0x00BE, 0x0001, 0x006D, 0x0177, 0x0089, + 0x00B5, 0x0058, 0x004B, 0x0134, 0x0104, 0x01E4, 0x0062, 0x0110, 0x0172, + 0x0113, 0x019C, 0x006F, 0x0150, 0x013E, 0x0004, 0x01F8, 0x01EC, 0x0103, + 0x0130, 0x004D, 0x0151, 0x01B3, 0x0015, 0x0165, 0x012F, 0x014C, 0x01E3, + 0x0012, 0x002F, 0x0055, 0x0019, 0x01F1, 0x01DA, 0x0121, 0x0064, 0x010D, + 0x0128, 0x01DE, 0x010E, 0x006A, 0x001F, 0x0068, 0x01B1, 0x0054, 0x019E, + 0x01E6, 0x018A, 0x0060, 0x0063, 0x009A, 0x01FF, 0x0094, 0x019D, 0x0169, + 0x0199, 0x00FF, 0x00A2, 0x00D7, 0x012E, 0x00C9, 0x010A, 0x015F, 0x0157, + 0x0090, 0x01B9, 0x016D, 0x006C, 0x012A, 0x00FB, 0x0022, 0x00B6, 0x01FD, + 0x008A, 0x00D2, 0x014F, 0x0085, 0x0137, 0x0160, 0x0148, 0x008D, 0x018C, + 0x015A, 0x007B, 0x013F, 0x01C2, 0x0119, 0x01AD, 0x00E4, 0x01BB, 0x01E1, + 0x005C, 0x0194, 0x01E5, 0x01A6, 0x00F8, 0x0129, 0x0017, 0x00D5, 0x0082, + 0x01D2, 0x0016, 0x00D9, 0x011B, 0x0046, 0x0126, 0x0168, 0x01A3, 0x007F, + 0x0138, 0x0179, 0x0007, 0x01D4, 0x00C2, 0x0002, 0x0075, 0x0127, 0x01CF, + 0x0102, 0x00E0, 0x01BF, 0x00F7, 0x00BB, 0x0050, 0x018E, 0x011C, 0x0161, + 0x0069, 0x0186, 0x012B, 0x01D7, 0x01D6, 0x00B8, 0x0039, 0x00C8, 0x015C, + 0x003F, 0x00CC, 0x00BC, 0x0021, 0x01C3, 0x0061, 0x001E, 0x0136, 0x00DB, + 0x005E, 0x00A0, 0x0081, 0x01ED, 0x0040, 0x00B3, 0x0107, 0x0066, 0x00BD, + 0x00CF, 0x0072, 0x0192, 0x01B6, 0x01DD, 0x0183, 0x007A, 0x00C0, 0x002A, + 0x017D, 0x0005, 0x0091, 0x0076, 0x00B4, 0x01C1, 0x0125, 0x0143, 0x0088, + 0x017C, 0x002B, 0x0042, 0x003C, 0x01C7, 0x0155, 0x01BD, 0x00CA, 0x01B0, + 0x0008, 0x00ED, 0x000F, 0x0178, 0x01B4, 0x01D0, 0x003B, 0x01CD }; + +} diff --git a/src/cipher/kasumi/kasumi.cpp b/src/cipher/kasumi/kasumi.cpp new file mode 100644 index 000000000..4e2cba27b --- /dev/null +++ b/src/cipher/kasumi/kasumi.cpp @@ -0,0 +1,138 @@ +/************************************************* +* KASUMI Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/kasumi.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* KASUMI FI Function * +*************************************************/ +u16bit FI(u16bit I, u16bit K) + { + u16bit D9 = (I >> 7); + byte D7 = (I & 0x7F); + D9 = KASUMI_SBOX_S9[D9] ^ D7; + D7 = KASUMI_SBOX_S7[D7] ^ (D9 & 0x7F); + + D7 ^= (K >> 9); + D9 = KASUMI_SBOX_S9[D9 ^ (K & 0x1FF)] ^ D7; + D7 = KASUMI_SBOX_S7[D7] ^ (D9 & 0x7F); + return (D7 << 9) | D9; + } + +} + +/************************************************* +* KASUMI Encryption * +*************************************************/ +void KASUMI::enc(const byte in[], byte out[]) const + { + u16bit B0 = load_be<u16bit>(in, 0); + u16bit B1 = load_be<u16bit>(in, 1); + u16bit B2 = load_be<u16bit>(in, 2); + u16bit B3 = load_be<u16bit>(in, 3); + + for(u32bit j = 0; j != 8; j += 2) + { + const u16bit* K = EK + 8*j; + + u16bit R = B1 ^ (rotate_left(B0, 1) & K[0]); + u16bit L = B0 ^ (rotate_left(R, 1) | K[1]); + + L = FI(L ^ K[ 2], K[ 3]) ^ R; + R = FI(R ^ K[ 4], K[ 5]) ^ L; + L = FI(L ^ K[ 6], K[ 7]) ^ R; + + R = B2 ^= R; + L = B3 ^= L; + + R = FI(R ^ K[10], K[11]) ^ L; + L = FI(L ^ K[12], K[13]) ^ R; + R = FI(R ^ K[14], K[15]) ^ L; + + R ^= (rotate_left(L, 1) & K[8]); + L ^= (rotate_left(R, 1) | K[9]); + + B0 ^= L; + B1 ^= R; + } + + store_be(out, B0, B1, B2, B3); + } + +/************************************************* +* KASUMI Decryption * +*************************************************/ +void KASUMI::dec(const byte in[], byte out[]) const + { + u16bit B0 = load_be<u16bit>(in, 0); + u16bit B1 = load_be<u16bit>(in, 1); + u16bit B2 = load_be<u16bit>(in, 2); + u16bit B3 = load_be<u16bit>(in, 3); + + for(u32bit j = 0; j != 8; j += 2) + { + const u16bit* K = EK + 8*(6-j); + + u16bit L = B2, R = B3; + + L = FI(L ^ K[10], K[11]) ^ R; + R = FI(R ^ K[12], K[13]) ^ L; + L = FI(L ^ K[14], K[15]) ^ R; + + L ^= (rotate_left(R, 1) & K[8]); + R ^= (rotate_left(L, 1) | K[9]); + + R = B0 ^= R; + L = B1 ^= L; + + L ^= (rotate_left(R, 1) & K[0]); + R ^= (rotate_left(L, 1) | K[1]); + + R = FI(R ^ K[2], K[3]) ^ L; + L = FI(L ^ K[4], K[5]) ^ R; + R = FI(R ^ K[6], K[7]) ^ L; + + B2 ^= L; + B3 ^= R; + } + + store_be(out, B0, B1, B2, B3); + } + +/************************************************* +* KASUMI Key Schedule * +*************************************************/ +void KASUMI::key(const byte key[], u32bit) + { + static const u16bit RC[] = { 0x0123, 0x4567, 0x89AB, 0xCDEF, + 0xFEDC, 0xBA98, 0x7654, 0x3210 }; + + SecureBuffer<u16bit, 16> K; + for(u32bit j = 0; j != 8; ++j) + { + K[j] = load_be<u16bit>(key, j); + K[j+8] = K[j] ^ RC[j]; + } + + for(u32bit j = 0; j != 8; ++j) + { + EK[8*j ] = rotate_left(K[(j+0) % 8 ], 2); + EK[8*j+1] = rotate_left(K[(j+2) % 8 + 8], 1); + EK[8*j+2] = rotate_left(K[(j+1) % 8 ], 5); + EK[8*j+3] = K[(j+4) % 8 + 8]; + EK[8*j+4] = rotate_left(K[(j+5) % 8 ], 8); + EK[8*j+5] = K[(j+3) % 8 + 8]; + EK[8*j+6] = rotate_left(K[(j+6) % 8 ], 13); + EK[8*j+7] = K[(j+7) % 8 + 8]; + } + } + +} diff --git a/src/cipher/kasumi/kasumi.h b/src/cipher/kasumi/kasumi.h new file mode 100644 index 000000000..58888d909 --- /dev/null +++ b/src/cipher/kasumi/kasumi.h @@ -0,0 +1,38 @@ +/************************************************* +* KASUMI Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_KASUMI_H__ +#define BOTAN_KASUMI_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* KASUMI * +*************************************************/ +class BOTAN_DLL KASUMI : public BlockCipher + { + public: + void clear() throw() { EK.clear(); } + std::string name() const { return "KASUMI"; } + BlockCipher* clone() const { return new KASUMI; } + + KASUMI() : BlockCipher(8, 16) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + + SecureBuffer<u16bit, 64> EK; + }; + +extern const byte KASUMI_SBOX_S7[128]; +extern const u16bit KASUMI_SBOX_S9[512]; + + +} + +#endif diff --git a/src/cipher/kasumi/modinfo.txt b/src/cipher/kasumi/modinfo.txt new file mode 100644 index 000000000..3ca5de20a --- /dev/null +++ b/src/cipher/kasumi/modinfo.txt @@ -0,0 +1,11 @@ +realname "Kasumi" + +define KASUMI + +load_on auto + +<add> +kas_tab.cpp +kasumi.cpp +kasumi.h +</add> diff --git a/src/cipher/lion/lion.cpp b/src/cipher/lion/lion.cpp new file mode 100644 index 000000000..009e98408 --- /dev/null +++ b/src/cipher/lion/lion.cpp @@ -0,0 +1,113 @@ +/************************************************* +* Lion Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/lion.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> +#include <botan/parsing.h> + +namespace Botan { + +/************************************************* +* Lion Encryption * +*************************************************/ +void Lion::enc(const byte in[], byte out[]) const + { + SecureVector<byte> buffer(LEFT_SIZE); + + xor_buf(buffer, in, key1, LEFT_SIZE); + cipher->set_key(buffer, LEFT_SIZE); + cipher->encrypt(in + LEFT_SIZE, out + LEFT_SIZE, RIGHT_SIZE); + + hash->update(out + LEFT_SIZE, RIGHT_SIZE); + hash->final(buffer); + xor_buf(out, in, buffer, LEFT_SIZE); + + xor_buf(buffer, out, key2, LEFT_SIZE); + cipher->set_key(buffer, LEFT_SIZE); + cipher->encrypt(out + LEFT_SIZE, RIGHT_SIZE); + } + +/************************************************* +* Lion Decryption * +*************************************************/ +void Lion::dec(const byte in[], byte out[]) const + { + SecureVector<byte> buffer(LEFT_SIZE); + + xor_buf(buffer, in, key2, LEFT_SIZE); + cipher->set_key(buffer, LEFT_SIZE); + cipher->encrypt(in + LEFT_SIZE, out + LEFT_SIZE, RIGHT_SIZE); + + hash->update(out + LEFT_SIZE, RIGHT_SIZE); + hash->final(buffer); + xor_buf(out, in, buffer, LEFT_SIZE); + + xor_buf(buffer, out, key1, LEFT_SIZE); + cipher->set_key(buffer, LEFT_SIZE); + cipher->encrypt(out + LEFT_SIZE, RIGHT_SIZE); + } + +/************************************************* +* Lion Key Schedule * +*************************************************/ +void Lion::key(const byte key[], u32bit length) + { + clear(); + + key1.copy(key, length / 2); + key2.copy(key + length / 2, length / 2); + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string Lion::name() const + { + return "Lion(" + hash->name() + "," + + cipher->name() + "," + + to_string(BLOCK_SIZE) + ")"; + } + +/************************************************* +* Return a clone of this object * +*************************************************/ +BlockCipher* Lion::clone() const + { + return new Lion(hash->name(), cipher->name(), BLOCK_SIZE); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void Lion::clear() throw() + { + hash->clear(); + cipher->clear(); + key1.clear(); + key2.clear(); + } + +/************************************************* +* Lion Constructor * +*************************************************/ +Lion::Lion(const std::string& hash_name, const std::string& sc_name, + u32bit block_len) : + BlockCipher(block_len, 2, 2*output_length_of(hash_name), 2), + LEFT_SIZE(output_length_of(hash_name)), RIGHT_SIZE(BLOCK_SIZE - LEFT_SIZE) + { + hash = get_hash(hash_name); + cipher = get_stream_cipher(sc_name); + + if(2*LEFT_SIZE + 1 > BLOCK_SIZE) + throw Invalid_Argument(name() + ": Chosen block size is too small"); + if(!cipher->valid_keylength(LEFT_SIZE)) + throw Exception(name() + ": This stream/hash combination is invalid"); + + key1.create(LEFT_SIZE); + key2.create(LEFT_SIZE); + } + +} diff --git a/src/cipher/lion/lion.h b/src/cipher/lion/lion.h new file mode 100644 index 000000000..70018838a --- /dev/null +++ b/src/cipher/lion/lion.h @@ -0,0 +1,36 @@ +/************************************************* +* Lion Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_LION_H__ +#define BOTAN_LION_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* Lion * +*************************************************/ +class BOTAN_DLL Lion : public BlockCipher + { + public: + void clear() throw(); + std::string name() const; + BlockCipher* clone() const; + Lion(const std::string&, const std::string&, u32bit); + ~Lion() { delete hash; delete cipher; } + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + const u32bit LEFT_SIZE, RIGHT_SIZE; + HashFunction* hash; + StreamCipher* cipher; + SecureVector<byte> key1, key2; + }; + +} + +#endif diff --git a/src/cipher/lion/modinfo.txt b/src/cipher/lion/modinfo.txt new file mode 100644 index 000000000..558d71d0c --- /dev/null +++ b/src/cipher/lion/modinfo.txt @@ -0,0 +1,10 @@ +realname "Lion" + +define LION + +load_on auto + +<add> +lion.cpp +lion.h +</add> diff --git a/src/cipher/lubyrack/lubyrack.cpp b/src/cipher/lubyrack/lubyrack.cpp new file mode 100644 index 000000000..c9e6fc531 --- /dev/null +++ b/src/cipher/lubyrack/lubyrack.cpp @@ -0,0 +1,114 @@ +/************************************************* +* Luby-Rackoff Source File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#include <botan/lubyrack.h> +#include <botan/xor_buf.h> + +namespace Botan { + +/************************************************* +* Luby-Rackoff Encryption * +*************************************************/ +void LubyRackoff::enc(const byte in[], byte out[]) const + { + const u32bit len = hash->OUTPUT_LENGTH; + + SecureVector<byte> buffer(len); + hash->update(K1); + hash->update(in, len); + hash->final(buffer); + xor_buf(out + len, in + len, buffer, len); + + hash->update(K2); + hash->update(out + len, len); + hash->final(buffer); + xor_buf(out, in, buffer, len); + + hash->update(K1); + hash->update(out, len); + hash->final(buffer); + xor_buf(out + len, buffer, len); + + hash->update(K2); + hash->update(out + len, len); + hash->final(buffer); + xor_buf(out, buffer, len); + } + +/************************************************* +* Luby-Rackoff Decryption * +*************************************************/ +void LubyRackoff::dec(const byte in[], byte out[]) const + { + const u32bit len = hash->OUTPUT_LENGTH; + + SecureVector<byte> buffer(len); + hash->update(K2); + hash->update(in + len, len); + hash->final(buffer); + xor_buf(out, in, buffer, len); + + hash->update(K1); + hash->update(out, len); + hash->final(buffer); + xor_buf(out + len, in + len, buffer, len); + + hash->update(K2); + hash->update(out + len, len); + hash->final(buffer); + xor_buf(out, buffer, len); + + hash->update(K1); + hash->update(out, len); + hash->final(buffer); + xor_buf(out + len, buffer, len); + } + +/************************************************* +* Luby-Rackoff Key Schedule * +*************************************************/ +void LubyRackoff::key(const byte key[], u32bit length) + { + K1.set(key, length / 2); + K2.set(key + length / 2, length / 2); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void LubyRackoff::clear() throw() + { + K1.clear(); + K2.clear(); + hash->clear(); + } + +/************************************************* +* Return a clone of this object * +*************************************************/ +BlockCipher* LubyRackoff::clone() const + { + return new LubyRackoff(hash->clone()); + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string LubyRackoff::name() const + { + return "Luby-Rackoff(" + hash->name() + ")"; + } + +/************************************************* +* Luby-Rackoff Constructor * +*************************************************/ +LubyRackoff::LubyRackoff(HashFunction* h) : + BlockCipher(2 * (h ? h->OUTPUT_LENGTH: 0), + 2, 32, 2), + hash(h) + { + } + +} diff --git a/src/cipher/lubyrack/lubyrack.h b/src/cipher/lubyrack/lubyrack.h new file mode 100644 index 000000000..2c4813cb6 --- /dev/null +++ b/src/cipher/lubyrack/lubyrack.h @@ -0,0 +1,35 @@ +/************************************************* +* Luby-Rackoff Header File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_LUBY_RACKOFF_H__ +#define BOTAN_LUBY_RACKOFF_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* Luby-Rackoff * +*************************************************/ +class BOTAN_DLL LubyRackoff : public BlockCipher + { + public: + void clear() throw(); + std::string name() const; + BlockCipher* clone() const; + + LubyRackoff(HashFunction* hash); + ~LubyRackoff() { delete hash; } + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + HashFunction* hash; + SecureVector<byte> K1, K2; + }; + +} + +#endif diff --git a/src/cipher/lubyrack/modinfo.txt b/src/cipher/lubyrack/modinfo.txt new file mode 100644 index 000000000..d83df2409 --- /dev/null +++ b/src/cipher/lubyrack/modinfo.txt @@ -0,0 +1,10 @@ +realname "Luby-Rackoff" + +define LUBY_RACKOFF + +load_on auto + +<add> +lubyrack.cpp +lubyrack.h +</add> diff --git a/src/cipher/mars/mars.cpp b/src/cipher/mars/mars.cpp new file mode 100644 index 000000000..cc671fc06 --- /dev/null +++ b/src/cipher/mars/mars.cpp @@ -0,0 +1,274 @@ +/************************************************* +* MARS Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/mars.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* Generate a mask for runs of bits * +*************************************************/ +u32bit gen_mask(u32bit input) + { + u32bit mask = 0; + + for(u32bit j = 2; j != 31; ++j) + { + u32bit region = (input >> (j-1)) & 0x07; + + if(region == 0x00 || region == 0x07) + { + u32bit low = (j < 9) ? 0 : (j - 9); + u32bit high = (j < 23) ? j : 23; + + for(u32bit k = low; k != high; ++k) + { + u32bit value = (input >> k) & 0x3FF; + + if(value == 0 || value == 0x3FF) + { + mask |= 1 << j; + break; + } + } + } + } + + return mask; + } + +} + +/************************************************* +* MARS Encryption * +*************************************************/ +void MARS::enc(const byte in[], byte out[]) const + { + u32bit A = load_le<u32bit>(in, 0) + EK[0]; + u32bit B = load_le<u32bit>(in, 1) + EK[1]; + u32bit C = load_le<u32bit>(in, 2) + EK[2]; + u32bit D = load_le<u32bit>(in, 3) + EK[3]; + + forward_mix(A, B, C, D); + + encrypt_round(A, B, C, D, 0); + encrypt_round(B, C, D, A, 1); + encrypt_round(C, D, A, B, 2); + encrypt_round(D, A, B, C, 3); + encrypt_round(A, B, C, D, 4); + encrypt_round(B, C, D, A, 5); + encrypt_round(C, D, A, B, 6); + encrypt_round(D, A, B, C, 7); + + encrypt_round(A, D, C, B, 8); + encrypt_round(B, A, D, C, 9); + encrypt_round(C, B, A, D, 10); + encrypt_round(D, C, B, A, 11); + encrypt_round(A, D, C, B, 12); + encrypt_round(B, A, D, C, 13); + encrypt_round(C, B, A, D, 14); + encrypt_round(D, C, B, A, 15); + + reverse_mix(A, B, C, D); + + A -= EK[36]; B -= EK[37]; C -= EK[38]; D -= EK[39]; + + store_le(out, A, B, C, D); + } + +/************************************************* +* MARS Decryption * +*************************************************/ +void MARS::dec(const byte in[], byte out[]) const + { + u32bit A = load_le<u32bit>(in, 3) + EK[39]; + u32bit B = load_le<u32bit>(in, 2) + EK[38]; + u32bit C = load_le<u32bit>(in, 1) + EK[37]; + u32bit D = load_le<u32bit>(in, 0) + EK[36]; + + forward_mix(A, B, C, D); + + decrypt_round(A, B, C, D, 15); + decrypt_round(B, C, D, A, 14); + decrypt_round(C, D, A, B, 13); + decrypt_round(D, A, B, C, 12); + decrypt_round(A, B, C, D, 11); + decrypt_round(B, C, D, A, 10); + decrypt_round(C, D, A, B, 9); + decrypt_round(D, A, B, C, 8); + + decrypt_round(A, D, C, B, 7); + decrypt_round(B, A, D, C, 6); + decrypt_round(C, B, A, D, 5); + decrypt_round(D, C, B, A, 4); + decrypt_round(A, D, C, B, 3); + decrypt_round(B, A, D, C, 2); + decrypt_round(C, B, A, D, 1); + decrypt_round(D, C, B, A, 0); + + reverse_mix(A, B, C, D); + + A -= EK[3]; B -= EK[2]; C -= EK[1]; D -= EK[0]; + + store_le(out, D, C, B, A); + } + +/************************************************* +* MARS Forward Mixing Operation * +*************************************************/ +void MARS::forward_mix(u32bit& A, u32bit& B, u32bit& C, u32bit& D) + { + for(u32bit j = 0; j != 2; ++j) + { + B ^= SBOX[get_byte(3, A)]; B += SBOX[get_byte(2, A) + 256]; + C += SBOX[get_byte(1, A)]; D ^= SBOX[get_byte(0, A) + 256]; + A = rotate_right(A, 24) + D; + + C ^= SBOX[get_byte(3, B)]; C += SBOX[get_byte(2, B) + 256]; + D += SBOX[get_byte(1, B)]; A ^= SBOX[get_byte(0, B) + 256]; + B = rotate_right(B, 24) + C; + + D ^= SBOX[get_byte(3, C)]; D += SBOX[get_byte(2, C) + 256]; + A += SBOX[get_byte(1, C)]; B ^= SBOX[get_byte(0, C) + 256]; + C = rotate_right(C, 24); + + A ^= SBOX[get_byte(3, D)]; A += SBOX[get_byte(2, D) + 256]; + B += SBOX[get_byte(1, D)]; C ^= SBOX[get_byte(0, D) + 256]; + D = rotate_right(D, 24); + } + } + +/************************************************* +* MARS Reverse Mixing Operation * +*************************************************/ +void MARS::reverse_mix(u32bit& A, u32bit& B, u32bit& C, u32bit& D) + { + for(u32bit j = 0; j != 2; ++j) + { + B ^= SBOX[get_byte(3, A) + 256]; C -= SBOX[get_byte(0, A)]; + D -= SBOX[get_byte(1, A) + 256]; D ^= SBOX[get_byte(2, A)]; + A = rotate_left(A, 24); + + C ^= SBOX[get_byte(3, B) + 256]; D -= SBOX[get_byte(0, B)]; + A -= SBOX[get_byte(1, B) + 256]; A ^= SBOX[get_byte(2, B)]; + C -= (B = rotate_left(B, 24)); + + D ^= SBOX[get_byte(3, C) + 256]; A -= SBOX[get_byte(0, C)]; + B -= SBOX[get_byte(1, C) + 256]; B ^= SBOX[get_byte(2, C)]; + C = rotate_left(C, 24); + D -= A; + + A ^= SBOX[get_byte(3, D) + 256]; B -= SBOX[get_byte(0, D)]; + C -= SBOX[get_byte(1, D) + 256]; C ^= SBOX[get_byte(2, D)]; + D = rotate_left(D, 24); + } + } + +/************************************************* +* MARS Encryption Round * +*************************************************/ +void MARS::encrypt_round(u32bit& A, u32bit& B, u32bit& C, u32bit& D, + u32bit round) const + { + u32bit X, Y, Z; + X = A + EK[2*round + 4]; + A = rotate_left(A, 13); + Y = A * EK[2*round + 5]; + Z = SBOX[X % 512]; + Y = rotate_left(Y, 5); + Z ^= Y; + C += rotate_left(X, Y % 32); + Y = rotate_left(Y, 5); + Z ^= Y; + D ^= Y; + B += rotate_left(Z, Y % 32); + } + +/************************************************* +* MARS Decryption Round * +*************************************************/ +void MARS::decrypt_round(u32bit& A, u32bit& B, u32bit& C, u32bit& D, + u32bit round) const + { + u32bit X, Y, Z; + Y = A * EK[2*round + 5]; + A = rotate_right(A, 13); + X = A + EK[2*round + 4]; + Z = SBOX[X % 512]; + Y = rotate_left(Y, 5); + Z ^= Y; + C -= rotate_left(X, Y % 32); + Y = rotate_left(Y, 5); + Z ^= Y; + D ^= Y; + B -= rotate_left(Z, Y % 32); + } + +/************************************************* +* MARS Key Schedule * +*************************************************/ +void MARS::key(const byte key[], u32bit length) + { + SecureBuffer<u32bit, 15> T; + for(u32bit j = 0; j != length / 4; ++j) + T[j] = load_le<u32bit>(key, j); + T[length / 4] = length / 4; + + for(u32bit j = 0; j != 4; ++j) + { + T[ 0] ^= rotate_left(T[ 8] ^ T[13], 3) ^ (j ); + T[ 1] ^= rotate_left(T[ 9] ^ T[14], 3) ^ (j + 4); + T[ 2] ^= rotate_left(T[10] ^ T[ 0], 3) ^ (j + 8); + T[ 3] ^= rotate_left(T[11] ^ T[ 1], 3) ^ (j + 12); + T[ 4] ^= rotate_left(T[12] ^ T[ 2], 3) ^ (j + 16); + T[ 5] ^= rotate_left(T[13] ^ T[ 3], 3) ^ (j + 20); + T[ 6] ^= rotate_left(T[14] ^ T[ 4], 3) ^ (j + 24); + T[ 7] ^= rotate_left(T[ 0] ^ T[ 5], 3) ^ (j + 28); + T[ 8] ^= rotate_left(T[ 1] ^ T[ 6], 3) ^ (j + 32); + T[ 9] ^= rotate_left(T[ 2] ^ T[ 7], 3) ^ (j + 36); + T[10] ^= rotate_left(T[ 3] ^ T[ 8], 3) ^ (j + 40); + T[11] ^= rotate_left(T[ 4] ^ T[ 9], 3) ^ (j + 44); + T[12] ^= rotate_left(T[ 5] ^ T[10], 3) ^ (j + 48); + T[13] ^= rotate_left(T[ 6] ^ T[11], 3) ^ (j + 52); + T[14] ^= rotate_left(T[ 7] ^ T[12], 3) ^ (j + 56); + + for(u32bit k = 0; k != 4; ++k) + { + T[ 0] = rotate_left(T[ 0] + SBOX[T[14] % 512], 9); + T[ 1] = rotate_left(T[ 1] + SBOX[T[ 0] % 512], 9); + T[ 2] = rotate_left(T[ 2] + SBOX[T[ 1] % 512], 9); + T[ 3] = rotate_left(T[ 3] + SBOX[T[ 2] % 512], 9); + T[ 4] = rotate_left(T[ 4] + SBOX[T[ 3] % 512], 9); + T[ 5] = rotate_left(T[ 5] + SBOX[T[ 4] % 512], 9); + T[ 6] = rotate_left(T[ 6] + SBOX[T[ 5] % 512], 9); + T[ 7] = rotate_left(T[ 7] + SBOX[T[ 6] % 512], 9); + T[ 8] = rotate_left(T[ 8] + SBOX[T[ 7] % 512], 9); + T[ 9] = rotate_left(T[ 9] + SBOX[T[ 8] % 512], 9); + T[10] = rotate_left(T[10] + SBOX[T[ 9] % 512], 9); + T[11] = rotate_left(T[11] + SBOX[T[10] % 512], 9); + T[12] = rotate_left(T[12] + SBOX[T[11] % 512], 9); + T[13] = rotate_left(T[13] + SBOX[T[12] % 512], 9); + T[14] = rotate_left(T[14] + SBOX[T[13] % 512], 9); + } + + EK[10*j + 0] = T[ 0]; EK[10*j + 1] = T[ 4]; EK[10*j + 2] = T[ 8]; + EK[10*j + 3] = T[12]; EK[10*j + 4] = T[ 1]; EK[10*j + 5] = T[ 5]; + EK[10*j + 6] = T[ 9]; EK[10*j + 7] = T[13]; EK[10*j + 8] = T[ 2]; + EK[10*j + 9] = T[ 6]; + } + + for(u32bit j = 5; j != 37; j += 2) + { + u32bit key3 = EK[j] & 3; + EK[j] |= 3; + EK[j] ^= rotate_left(SBOX[265 + key3], EK[j-1] % 32) & gen_mask(EK[j]); + } + } + +} diff --git a/src/cipher/mars/mars.h b/src/cipher/mars/mars.h new file mode 100644 index 000000000..6e1bc9f34 --- /dev/null +++ b/src/cipher/mars/mars.h @@ -0,0 +1,36 @@ +/************************************************* +* MARS Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_MARS_H__ +#define BOTAN_MARS_H__ + +#include <botan/base.h> + +namespace Botan { + +class BOTAN_DLL MARS : public BlockCipher + { + public: + void clear() throw() { EK.clear(); } + std::string name() const { return "MARS"; } + BlockCipher* clone() const { return new MARS; } + MARS() : BlockCipher(16, 16, 32, 4) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + + void encrypt_round(u32bit&, u32bit&, u32bit&, u32bit&, u32bit) const; + void decrypt_round(u32bit&, u32bit&, u32bit&, u32bit&, u32bit) const; + static void forward_mix(u32bit&, u32bit&, u32bit&, u32bit&); + static void reverse_mix(u32bit&, u32bit&, u32bit&, u32bit&); + + static const u32bit SBOX[512]; + SecureBuffer<u32bit, 40> EK; + }; + +} + +#endif diff --git a/src/cipher/mars/mars_tab.cpp b/src/cipher/mars/mars_tab.cpp new file mode 100644 index 000000000..07381e9cb --- /dev/null +++ b/src/cipher/mars/mars_tab.cpp @@ -0,0 +1,98 @@ +/************************************************* +* S-Box Table for MARS * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/mars.h> + +namespace Botan { + +const u32bit MARS::SBOX[512] = { + 0x09D0C479, 0x28C8FFE0, 0x84AA6C39, 0x9DAD7287, 0x7DFF9BE3, 0xD4268361, + 0xC96DA1D4, 0x7974CC93, 0x85D0582E, 0x2A4B5705, 0x1CA16A62, 0xC3BD279D, + 0x0F1F25E5, 0x5160372F, 0xC695C1FB, 0x4D7FF1E4, 0xAE5F6BF4, 0x0D72EE46, + 0xFF23DE8A, 0xB1CF8E83, 0xF14902E2, 0x3E981E42, 0x8BF53EB6, 0x7F4BF8AC, + 0x83631F83, 0x25970205, 0x76AFE784, 0x3A7931D4, 0x4F846450, 0x5C64C3F6, + 0x210A5F18, 0xC6986A26, 0x28F4E826, 0x3A60A81C, 0xD340A664, 0x7EA820C4, + 0x526687C5, 0x7EDDD12B, 0x32A11D1D, 0x9C9EF086, 0x80F6E831, 0xAB6F04AD, + 0x56FB9B53, 0x8B2E095C, 0xB68556AE, 0xD2250B0D, 0x294A7721, 0xE21FB253, + 0xAE136749, 0xE82AAE86, 0x93365104, 0x99404A66, 0x78A784DC, 0xB69BA84B, + 0x04046793, 0x23DB5C1E, 0x46CAE1D6, 0x2FE28134, 0x5A223942, 0x1863CD5B, + 0xC190C6E3, 0x07DFB846, 0x6EB88816, 0x2D0DCC4A, 0xA4CCAE59, 0x3798670D, + 0xCBFA9493, 0x4F481D45, 0xEAFC8CA8, 0xDB1129D6, 0xB0449E20, 0x0F5407FB, + 0x6167D9A8, 0xD1F45763, 0x4DAA96C3, 0x3BEC5958, 0xABABA014, 0xB6CCD201, + 0x38D6279F, 0x02682215, 0x8F376CD5, 0x092C237E, 0xBFC56593, 0x32889D2C, + 0x854B3E95, 0x05BB9B43, 0x7DCD5DCD, 0xA02E926C, 0xFAE527E5, 0x36A1C330, + 0x3412E1AE, 0xF257F462, 0x3C4F1D71, 0x30A2E809, 0x68E5F551, 0x9C61BA44, + 0x5DED0AB8, 0x75CE09C8, 0x9654F93E, 0x698C0CCA, 0x243CB3E4, 0x2B062B97, + 0x0F3B8D9E, 0x00E050DF, 0xFC5D6166, 0xE35F9288, 0xC079550D, 0x0591AEE8, + 0x8E531E74, 0x75FE3578, 0x2F6D829A, 0xF60B21AE, 0x95E8EB8D, 0x6699486B, + 0x901D7D9B, 0xFD6D6E31, 0x1090ACEF, 0xE0670DD8, 0xDAB2E692, 0xCD6D4365, + 0xE5393514, 0x3AF345F0, 0x6241FC4D, 0x460DA3A3, 0x7BCF3729, 0x8BF1D1E0, + 0x14AAC070, 0x1587ED55, 0x3AFD7D3E, 0xD2F29E01, 0x29A9D1F6, 0xEFB10C53, + 0xCF3B870F, 0xB414935C, 0x664465ED, 0x024ACAC7, 0x59A744C1, 0x1D2936A7, + 0xDC580AA6, 0xCF574CA8, 0x040A7A10, 0x6CD81807, 0x8A98BE4C, 0xACCEA063, + 0xC33E92B5, 0xD1E0E03D, 0xB322517E, 0x2092BD13, 0x386B2C4A, 0x52E8DD58, + 0x58656DFB, 0x50820371, 0x41811896, 0xE337EF7E, 0xD39FB119, 0xC97F0DF6, + 0x68FEA01B, 0xA150A6E5, 0x55258962, 0xEB6FF41B, 0xD7C9CD7A, 0xA619CD9E, + 0xBCF09576, 0x2672C073, 0xF003FB3C, 0x4AB7A50B, 0x1484126A, 0x487BA9B1, + 0xA64FC9C6, 0xF6957D49, 0x38B06A75, 0xDD805FCD, 0x63D094CF, 0xF51C999E, + 0x1AA4D343, 0xB8495294, 0xCE9F8E99, 0xBFFCD770, 0xC7C275CC, 0x378453A7, + 0x7B21BE33, 0x397F41BD, 0x4E94D131, 0x92CC1F98, 0x5915EA51, 0x99F861B7, + 0xC9980A88, 0x1D74FD5F, 0xB0A495F8, 0x614DEED0, 0xB5778EEA, 0x5941792D, + 0xFA90C1F8, 0x33F824B4, 0xC4965372, 0x3FF6D550, 0x4CA5FEC0, 0x8630E964, + 0x5B3FBBD6, 0x7DA26A48, 0xB203231A, 0x04297514, 0x2D639306, 0x2EB13149, + 0x16A45272, 0x532459A0, 0x8E5F4872, 0xF966C7D9, 0x07128DC0, 0x0D44DB62, + 0xAFC8D52D, 0x06316131, 0xD838E7CE, 0x1BC41D00, 0x3A2E8C0F, 0xEA83837E, + 0xB984737D, 0x13BA4891, 0xC4F8B949, 0xA6D6ACB3, 0xA215CDCE, 0x8359838B, + 0x6BD1AA31, 0xF579DD52, 0x21B93F93, 0xF5176781, 0x187DFDDE, 0xE94AEB76, + 0x2B38FD54, 0x431DE1DA, 0xAB394825, 0x9AD3048F, 0xDFEA32AA, 0x659473E3, + 0x623F7863, 0xF3346C59, 0xAB3AB685, 0x3346A90B, 0x6B56443E, 0xC6DE01F8, + 0x8D421FC0, 0x9B0ED10C, 0x88F1A1E9, 0x54C1F029, 0x7DEAD57B, 0x8D7BA426, + 0x4CF5178A, 0x551A7CCA, 0x1A9A5F08, 0xFCD651B9, 0x25605182, 0xE11FC6C3, + 0xB6FD9676, 0x337B3027, 0xB7C8EB14, 0x9E5FD030, 0x6B57E354, 0xAD913CF7, + 0x7E16688D, 0x58872A69, 0x2C2FC7DF, 0xE389CCC6, 0x30738DF1, 0x0824A734, + 0xE1797A8B, 0xA4A8D57B, 0x5B5D193B, 0xC8A8309B, 0x73F9A978, 0x73398D32, + 0x0F59573E, 0xE9DF2B03, 0xE8A5B6C8, 0x848D0704, 0x98DF93C2, 0x720A1DC3, + 0x684F259A, 0x943BA848, 0xA6370152, 0x863B5EA3, 0xD17B978B, 0x6D9B58EF, + 0x0A700DD4, 0xA73D36BF, 0x8E6A0829, 0x8695BC14, 0xE35B3447, 0x933AC568, + 0x8894B022, 0x2F511C27, 0xDDFBCC3C, 0x006662B6, 0x117C83FE, 0x4E12B414, + 0xC2BCA766, 0x3A2FEC10, 0xF4562420, 0x55792E2A, 0x46F5D857, 0xCEDA25CE, + 0xC3601D3B, 0x6C00AB46, 0xEFAC9C28, 0xB3C35047, 0x611DFEE3, 0x257C3207, + 0xFDD58482, 0x3B14D84F, 0x23BECB64, 0xA075F3A3, 0x088F8EAD, 0x07ADF158, + 0x7796943C, 0xFACABF3D, 0xC09730CD, 0xF7679969, 0xDA44E9ED, 0x2C854C12, + 0x35935FA3, 0x2F057D9F, 0x690624F8, 0x1CB0BAFD, 0x7B0DBDC6, 0x810F23BB, + 0xFA929A1A, 0x6D969A17, 0x6742979B, 0x74AC7D05, 0x010E65C4, 0x86A3D963, + 0xF907B5A0, 0xD0042BD3, 0x158D7D03, 0x287A8255, 0xBBA8366F, 0x096EDC33, + 0x21916A7B, 0x77B56B86, 0x951622F9, 0xA6C5E650, 0x8CEA17D1, 0xCD8C62BC, + 0xA3D63433, 0x358A68FD, 0x0F9B9D3C, 0xD6AA295B, 0xFE33384A, 0xC000738E, + 0xCD67EB2F, 0xE2EB6DC2, 0x97338B02, 0x06C9F246, 0x419CF1AD, 0x2B83C045, + 0x3723F18A, 0xCB5B3089, 0x160BEAD7, 0x5D494656, 0x35F8A74B, 0x1E4E6C9E, + 0x000399BD, 0x67466880, 0xB4174831, 0xACF423B2, 0xCA815AB3, 0x5A6395E7, + 0x302A67C5, 0x8BDB446B, 0x108F8FA4, 0x10223EDA, 0x92B8B48B, 0x7F38D0EE, + 0xAB2701D4, 0x0262D415, 0xAF224A30, 0xB3D88ABA, 0xF8B2C3AF, 0xDAF7EF70, + 0xCC97D3B7, 0xE9614B6C, 0x2BAEBFF4, 0x70F687CF, 0x386C9156, 0xCE092EE5, + 0x01E87DA6, 0x6CE91E6A, 0xBB7BCC84, 0xC7922C20, 0x9D3B71FD, 0x060E41C6, + 0xD7590F15, 0x4E03BB47, 0x183C198E, 0x63EEB240, 0x2DDBF49A, 0x6D5CBA54, + 0x923750AF, 0xF9E14236, 0x7838162B, 0x59726C72, 0x81B66760, 0xBB2926C1, + 0x48A0CE0D, 0xA6C0496D, 0xAD43507B, 0x718D496A, 0x9DF057AF, 0x44B1BDE6, + 0x054356DC, 0xDE7CED35, 0xD51A138B, 0x62088CC9, 0x35830311, 0xC96EFCA2, + 0x686F86EC, 0x8E77CB68, 0x63E1D6B8, 0xC80F9778, 0x79C491FD, 0x1B4C67F2, + 0x72698D7D, 0x5E368C31, 0xF7D95E2E, 0xA1D3493F, 0xDCD9433E, 0x896F1552, + 0x4BC4CA7A, 0xA6D1BAF4, 0xA5A96DCC, 0x0BEF8B46, 0xA169FDA7, 0x74DF40B7, + 0x4E208804, 0x9A756607, 0x038E87C8, 0x20211E44, 0x8B7AD4BF, 0xC6403F35, + 0x1848E36D, 0x80BDB038, 0x1E62891C, 0x643D2107, 0xBF04D6F8, 0x21092C8C, + 0xF644F389, 0x0778404E, 0x7B78ADB8, 0xA2C52D53, 0x42157ABE, 0xA2253E2E, + 0x7BF3F4AE, 0x80F594F9, 0x953194E7, 0x77EB92ED, 0xB3816930, 0xDA8D9336, + 0xBF447469, 0xF26D9483, 0xEE6FAED5, 0x71371235, 0xDE425F73, 0xB4E59F43, + 0x7DBE2D4E, 0x2D37B185, 0x49DC9A63, 0x98C39D98, 0x1301C9A2, 0x389B1BBF, + 0x0C18588D, 0xA421C1BA, 0x7AA3865C, 0x71E08558, 0x3C5CFCAA, 0x7D239CA4, + 0x0297D9DD, 0xD7DC2830, 0x4B37802B, 0x7428AB54, 0xAEEE0347, 0x4B3FBB85, + 0x692F2F08, 0x134E578E, 0x36D9E0BF, 0xAE8B5FCF, 0xEDB93ECF, 0x2B27248E, + 0x170EB1EF, 0x7DC57FD6, 0x1E760F16, 0xB1136601, 0x864E1B9B, 0xD7EA7319, + 0x3AB871BD, 0xCFA4D76F, 0xE31BD782, 0x0DBEB469, 0xABB96061, 0x5370F85D, + 0xFFB07E37, 0xDA30D0FB, 0xEBC977B6, 0x0B98B40F, 0x3A4D0FE6, 0xDF4FC26B, + 0x159CF22A, 0xC298D6E2, 0x2B78EF6A, 0x61A94AC0, 0xAB561187, 0x14EEA0F0, + 0xDF0D4164, 0x19AF70EE }; + +} diff --git a/src/cipher/mars/modinfo.txt b/src/cipher/mars/modinfo.txt new file mode 100644 index 000000000..b0ad8af9c --- /dev/null +++ b/src/cipher/mars/modinfo.txt @@ -0,0 +1,11 @@ +realname "MARS" + +define MARS + +load_on auto + +<add> +mars.cpp +mars.h +mars_tab.cpp +</add> diff --git a/src/cipher/misty1/mist_tab.cpp b/src/cipher/misty1/mist_tab.cpp new file mode 100644 index 000000000..b72742fb3 --- /dev/null +++ b/src/cipher/misty1/mist_tab.cpp @@ -0,0 +1,104 @@ +/************************************************* +* S-Box Tables for MISTY1 * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/misty1.h> + +namespace Botan { + +const byte MISTY1_SBOX_S7[128] = { + 0x1B, 0x32, 0x33, 0x5A, 0x3B, 0x10, 0x17, 0x54, 0x5B, 0x1A, 0x72, 0x73, + 0x6B, 0x2C, 0x66, 0x49, 0x1F, 0x24, 0x13, 0x6C, 0x37, 0x2E, 0x3F, 0x4A, + 0x5D, 0x0F, 0x40, 0x56, 0x25, 0x51, 0x1C, 0x04, 0x0B, 0x46, 0x20, 0x0D, + 0x7B, 0x35, 0x44, 0x42, 0x2B, 0x1E, 0x41, 0x14, 0x4B, 0x79, 0x15, 0x6F, + 0x0E, 0x55, 0x09, 0x36, 0x74, 0x0C, 0x67, 0x53, 0x28, 0x0A, 0x7E, 0x38, + 0x02, 0x07, 0x60, 0x29, 0x19, 0x12, 0x65, 0x2F, 0x30, 0x39, 0x08, 0x68, + 0x5F, 0x78, 0x2A, 0x4C, 0x64, 0x45, 0x75, 0x3D, 0x59, 0x48, 0x03, 0x57, + 0x7C, 0x4F, 0x62, 0x3C, 0x1D, 0x21, 0x5E, 0x27, 0x6A, 0x70, 0x4D, 0x3A, + 0x01, 0x6D, 0x6E, 0x63, 0x18, 0x77, 0x23, 0x05, 0x26, 0x76, 0x00, 0x31, + 0x2D, 0x7A, 0x7F, 0x61, 0x50, 0x22, 0x11, 0x06, 0x47, 0x16, 0x52, 0x4E, + 0x71, 0x3E, 0x69, 0x43, 0x34, 0x5C, 0x58, 0x7D }; + +const u16bit MISTY1_SBOX_S9[512] = { + 0x01C3, 0x00CB, 0x0153, 0x019F, 0x01E3, 0x00E9, 0x00FB, 0x0035, 0x0181, + 0x00B9, 0x0117, 0x01EB, 0x0133, 0x0009, 0x002D, 0x00D3, 0x00C7, 0x014A, + 0x0037, 0x007E, 0x00EB, 0x0164, 0x0193, 0x01D8, 0x00A3, 0x011E, 0x0055, + 0x002C, 0x001D, 0x01A2, 0x0163, 0x0118, 0x014B, 0x0152, 0x01D2, 0x000F, + 0x002B, 0x0030, 0x013A, 0x00E5, 0x0111, 0x0138, 0x018E, 0x0063, 0x00E3, + 0x00C8, 0x01F4, 0x001B, 0x0001, 0x009D, 0x00F8, 0x01A0, 0x016D, 0x01F3, + 0x001C, 0x0146, 0x007D, 0x00D1, 0x0082, 0x01EA, 0x0183, 0x012D, 0x00F4, + 0x019E, 0x01D3, 0x00DD, 0x01E2, 0x0128, 0x01E0, 0x00EC, 0x0059, 0x0091, + 0x0011, 0x012F, 0x0026, 0x00DC, 0x00B0, 0x018C, 0x010F, 0x01F7, 0x00E7, + 0x016C, 0x00B6, 0x00F9, 0x00D8, 0x0151, 0x0101, 0x014C, 0x0103, 0x00B8, + 0x0154, 0x012B, 0x01AE, 0x0017, 0x0071, 0x000C, 0x0047, 0x0058, 0x007F, + 0x01A4, 0x0134, 0x0129, 0x0084, 0x015D, 0x019D, 0x01B2, 0x01A3, 0x0048, + 0x007C, 0x0051, 0x01CA, 0x0023, 0x013D, 0x01A7, 0x0165, 0x003B, 0x0042, + 0x00DA, 0x0192, 0x00CE, 0x00C1, 0x006B, 0x009F, 0x01F1, 0x012C, 0x0184, + 0x00FA, 0x0196, 0x01E1, 0x0169, 0x017D, 0x0031, 0x0180, 0x010A, 0x0094, + 0x01DA, 0x0186, 0x013E, 0x011C, 0x0060, 0x0175, 0x01CF, 0x0067, 0x0119, + 0x0065, 0x0068, 0x0099, 0x0150, 0x0008, 0x0007, 0x017C, 0x00B7, 0x0024, + 0x0019, 0x00DE, 0x0127, 0x00DB, 0x00E4, 0x01A9, 0x0052, 0x0109, 0x0090, + 0x019C, 0x01C1, 0x0028, 0x01B3, 0x0135, 0x016A, 0x0176, 0x00DF, 0x01E5, + 0x0188, 0x00C5, 0x016E, 0x01DE, 0x01B1, 0x00C3, 0x01DF, 0x0036, 0x00EE, + 0x01EE, 0x00F0, 0x0093, 0x0049, 0x009A, 0x01B6, 0x0069, 0x0081, 0x0125, + 0x000B, 0x005E, 0x00B4, 0x0149, 0x01C7, 0x0174, 0x003E, 0x013B, 0x01B7, + 0x008E, 0x01C6, 0x00AE, 0x0010, 0x0095, 0x01EF, 0x004E, 0x00F2, 0x01FD, + 0x0085, 0x00FD, 0x00F6, 0x00A0, 0x016F, 0x0083, 0x008A, 0x0156, 0x009B, + 0x013C, 0x0107, 0x0167, 0x0098, 0x01D0, 0x01E9, 0x0003, 0x01FE, 0x00BD, + 0x0122, 0x0089, 0x00D2, 0x018F, 0x0012, 0x0033, 0x006A, 0x0142, 0x00ED, + 0x0170, 0x011B, 0x00E2, 0x014F, 0x0158, 0x0131, 0x0147, 0x005D, 0x0113, + 0x01CD, 0x0079, 0x0161, 0x01A5, 0x0179, 0x009E, 0x01B4, 0x00CC, 0x0022, + 0x0132, 0x001A, 0x00E8, 0x0004, 0x0187, 0x01ED, 0x0197, 0x0039, 0x01BF, + 0x01D7, 0x0027, 0x018B, 0x00C6, 0x009C, 0x00D0, 0x014E, 0x006C, 0x0034, + 0x01F2, 0x006E, 0x00CA, 0x0025, 0x00BA, 0x0191, 0x00FE, 0x0013, 0x0106, + 0x002F, 0x01AD, 0x0172, 0x01DB, 0x00C0, 0x010B, 0x01D6, 0x00F5, 0x01EC, + 0x010D, 0x0076, 0x0114, 0x01AB, 0x0075, 0x010C, 0x01E4, 0x0159, 0x0054, + 0x011F, 0x004B, 0x00C4, 0x01BE, 0x00F7, 0x0029, 0x00A4, 0x000E, 0x01F0, + 0x0077, 0x004D, 0x017A, 0x0086, 0x008B, 0x00B3, 0x0171, 0x00BF, 0x010E, + 0x0104, 0x0097, 0x015B, 0x0160, 0x0168, 0x00D7, 0x00BB, 0x0066, 0x01CE, + 0x00FC, 0x0092, 0x01C5, 0x006F, 0x0016, 0x004A, 0x00A1, 0x0139, 0x00AF, + 0x00F1, 0x0190, 0x000A, 0x01AA, 0x0143, 0x017B, 0x0056, 0x018D, 0x0166, + 0x00D4, 0x01FB, 0x014D, 0x0194, 0x019A, 0x0087, 0x01F8, 0x0123, 0x00A7, + 0x01B8, 0x0141, 0x003C, 0x01F9, 0x0140, 0x002A, 0x0155, 0x011A, 0x01A1, + 0x0198, 0x00D5, 0x0126, 0x01AF, 0x0061, 0x012E, 0x0157, 0x01DC, 0x0072, + 0x018A, 0x00AA, 0x0096, 0x0115, 0x00EF, 0x0045, 0x007B, 0x008D, 0x0145, + 0x0053, 0x005F, 0x0178, 0x00B2, 0x002E, 0x0020, 0x01D5, 0x003F, 0x01C9, + 0x01E7, 0x01AC, 0x0044, 0x0038, 0x0014, 0x00B1, 0x016B, 0x00AB, 0x00B5, + 0x005A, 0x0182, 0x01C8, 0x01D4, 0x0018, 0x0177, 0x0064, 0x00CF, 0x006D, + 0x0100, 0x0199, 0x0130, 0x015A, 0x0005, 0x0120, 0x01BB, 0x01BD, 0x00E0, + 0x004F, 0x00D6, 0x013F, 0x01C4, 0x012A, 0x0015, 0x0006, 0x00FF, 0x019B, + 0x00A6, 0x0043, 0x0088, 0x0050, 0x015F, 0x01E8, 0x0121, 0x0073, 0x017E, + 0x00BC, 0x00C2, 0x00C9, 0x0173, 0x0189, 0x01F5, 0x0074, 0x01CC, 0x01E6, + 0x01A8, 0x0195, 0x001F, 0x0041, 0x000D, 0x01BA, 0x0032, 0x003D, 0x01D1, + 0x0080, 0x00A8, 0x0057, 0x01B9, 0x0162, 0x0148, 0x00D9, 0x0105, 0x0062, + 0x007A, 0x0021, 0x01FF, 0x0112, 0x0108, 0x01C0, 0x00A9, 0x011D, 0x01B0, + 0x01A6, 0x00CD, 0x00F3, 0x005C, 0x0102, 0x005B, 0x01D9, 0x0144, 0x01F6, + 0x00AD, 0x00A5, 0x003A, 0x01CB, 0x0136, 0x017F, 0x0046, 0x00E1, 0x001E, + 0x01DD, 0x00E6, 0x0137, 0x01FA, 0x0185, 0x008C, 0x008F, 0x0040, 0x01B5, + 0x00BE, 0x0078, 0x0000, 0x00AC, 0x0110, 0x015E, 0x0124, 0x0002, 0x01BC, + 0x00A2, 0x00EA, 0x0070, 0x01FC, 0x0116, 0x015C, 0x004C, 0x01C2 }; + +const byte MISTY1::EK_ORDER[100] = { + 0x00, 0x0E, 0x0A, 0x04, 0x00, 0x15, 0x1D, 0x02, 0x11, 0x19, 0x07, 0x13, + 0x1B, 0x04, 0x01, 0x16, 0x1E, 0x03, 0x12, 0x1A, 0x00, 0x14, 0x1C, 0x05, + 0x01, 0x0F, 0x0B, 0x05, 0x02, 0x17, 0x1F, 0x04, 0x13, 0x1B, 0x01, 0x15, + 0x1D, 0x06, 0x03, 0x10, 0x18, 0x05, 0x14, 0x1C, 0x02, 0x16, 0x1E, 0x07, + 0x02, 0x08, 0x0C, 0x06, 0x04, 0x11, 0x19, 0x06, 0x15, 0x1D, 0x03, 0x17, + 0x1F, 0x00, 0x05, 0x12, 0x1A, 0x07, 0x16, 0x1E, 0x04, 0x10, 0x18, 0x01, + 0x03, 0x09, 0x0D, 0x07, 0x06, 0x13, 0x1B, 0x00, 0x17, 0x1F, 0x05, 0x11, + 0x19, 0x02, 0x07, 0x14, 0x1C, 0x01, 0x10, 0x18, 0x06, 0x12, 0x1A, 0x03, + 0x04, 0x0A, 0x0E, 0x00 }; + +const byte MISTY1::DK_ORDER[100] = { + 0x00, 0x0E, 0x0A, 0x04, 0x07, 0x14, 0x1C, 0x01, 0x10, 0x18, 0x06, 0x12, + 0x1A, 0x03, 0x06, 0x13, 0x1B, 0x00, 0x17, 0x1F, 0x05, 0x11, 0x19, 0x02, + 0x07, 0x0D, 0x09, 0x03, 0x05, 0x12, 0x1A, 0x07, 0x16, 0x1E, 0x04, 0x10, + 0x18, 0x01, 0x04, 0x11, 0x19, 0x06, 0x15, 0x1D, 0x03, 0x17, 0x1F, 0x00, + 0x06, 0x0C, 0x08, 0x02, 0x03, 0x10, 0x18, 0x05, 0x14, 0x1C, 0x02, 0x16, + 0x1E, 0x07, 0x02, 0x17, 0x1F, 0x04, 0x13, 0x1B, 0x01, 0x15, 0x1D, 0x06, + 0x05, 0x0B, 0x0F, 0x01, 0x01, 0x16, 0x1E, 0x03, 0x12, 0x1A, 0x00, 0x14, + 0x1C, 0x05, 0x00, 0x15, 0x1D, 0x02, 0x11, 0x19, 0x07, 0x13, 0x1B, 0x04, + 0x04, 0x0A, 0x0E, 0x00 }; + +} diff --git a/src/cipher/misty1/misty1.cpp b/src/cipher/misty1/misty1.cpp new file mode 100644 index 000000000..523d11c84 --- /dev/null +++ b/src/cipher/misty1/misty1.cpp @@ -0,0 +1,148 @@ +/************************************************* +* MISTY1 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/misty1.h> +#include <botan/loadstor.h> +#include <botan/parsing.h> + +namespace Botan { + +namespace { + +/************************************************* +* MISTY1 FI Function * +*************************************************/ +u16bit FI(u16bit input, u16bit key7, u16bit key9) + { + u16bit D9 = input >> 7, D7 = input & 0x7F; + D9 = MISTY1_SBOX_S9[D9] ^ D7; + D7 = (MISTY1_SBOX_S7[D7] ^ key7 ^ D9) & 0x7F; + D9 = MISTY1_SBOX_S9[D9 ^ key9] ^ D7; + return static_cast<u16bit>((D7 << 9) | D9); + } + +} + +/************************************************* +* MISTY1 Encryption * +*************************************************/ +void MISTY1::enc(const byte in[], byte out[]) const + { + u16bit B0 = load_be<u16bit>(in, 0); + u16bit B1 = load_be<u16bit>(in, 1); + u16bit B2 = load_be<u16bit>(in, 2); + u16bit B3 = load_be<u16bit>(in, 3); + + for(u32bit j = 0; j != 12; j += 3) + { + const u16bit* RK = EK + 8 * j; + + B1 ^= B0 & RK[0]; + B0 ^= B1 | RK[1]; + B3 ^= B2 & RK[2]; + B2 ^= B3 | RK[3]; + + u32bit T0, T1; + + T0 = FI(B0 ^ RK[ 4], RK[ 5], RK[ 6]) ^ B1; + T1 = FI(B1 ^ RK[ 7], RK[ 8], RK[ 9]) ^ T0; + T0 = FI(T0 ^ RK[10], RK[11], RK[12]) ^ T1; + + B2 ^= T1 ^ RK[13]; + B3 ^= T0; + + T0 = FI(B2 ^ RK[14], RK[15], RK[16]) ^ B3; + T1 = FI(B3 ^ RK[17], RK[18], RK[19]) ^ T0; + T0 = FI(T0 ^ RK[20], RK[21], RK[22]) ^ T1; + + B0 ^= T1 ^ RK[23]; + B1 ^= T0; + } + + B1 ^= B0 & EK[96]; + B0 ^= B1 | EK[97]; + B3 ^= B2 & EK[98]; + B2 ^= B3 | EK[99]; + + store_be(out, B2, B3, B0, B1); + } + +/************************************************* +* MISTY1 Decryption * +*************************************************/ +void MISTY1::dec(const byte in[], byte out[]) const + { + u16bit B0 = load_be<u16bit>(in, 2); + u16bit B1 = load_be<u16bit>(in, 3); + u16bit B2 = load_be<u16bit>(in, 0); + u16bit B3 = load_be<u16bit>(in, 1); + + for(u32bit j = 0; j != 12; j += 3) + { + const u16bit* RK = DK + 8 * j; + + B2 ^= B3 | RK[0]; + B3 ^= B2 & RK[1]; + B0 ^= B1 | RK[2]; + B1 ^= B0 & RK[3]; + + u32bit T0, T1; + + T0 = FI(B2 ^ RK[ 4], RK[ 5], RK[ 6]) ^ B3; + T1 = FI(B3 ^ RK[ 7], RK[ 8], RK[ 9]) ^ T0; + T0 = FI(T0 ^ RK[10], RK[11], RK[12]) ^ T1; + + B0 ^= T1 ^ RK[13]; + B1 ^= T0; + + T0 = FI(B0 ^ RK[14], RK[15], RK[16]) ^ B1; + T1 = FI(B1 ^ RK[17], RK[18], RK[19]) ^ T0; + T0 = FI(T0 ^ RK[20], RK[21], RK[22]) ^ T1; + + B2 ^= T1 ^ RK[23]; + B3 ^= T0; + } + + B2 ^= B3 | DK[96]; + B3 ^= B2 & DK[97]; + B0 ^= B1 | DK[98]; + B1 ^= B0 & DK[99]; + + store_be(out, B0, B1, B2, B3); + } + +/************************************************* +* MISTY1 Key Schedule * +*************************************************/ +void MISTY1::key(const byte key[], u32bit length) + { + SecureBuffer<u16bit, 32> KS; + for(u32bit j = 0; j != length / 2; ++j) + KS[j] = load_be<u16bit>(key, j); + + for(u32bit j = 0; j != 8; ++j) + { + KS[j+ 8] = FI(KS[j], KS[(j+1) % 8] >> 9, KS[(j+1) % 8] & 0x1FF); + KS[j+16] = KS[j+8] >> 9; + KS[j+24] = KS[j+8] & 0x1FF; + } + for(u32bit j = 0; j != 100; ++j) + { + EK[j] = KS[EK_ORDER[j]]; + DK[j] = KS[DK_ORDER[j]]; + } + } + +/************************************************* +* MISTY1 Constructor * +*************************************************/ +MISTY1::MISTY1(u32bit rounds) : BlockCipher(8, 16) + { + if(rounds != 8) + throw Invalid_Argument("MISTY1: Invalid number of rounds: " + + to_string(rounds)); + } + +} diff --git a/src/cipher/misty1/misty1.h b/src/cipher/misty1/misty1.h new file mode 100644 index 000000000..9e506d536 --- /dev/null +++ b/src/cipher/misty1/misty1.h @@ -0,0 +1,39 @@ +/************************************************* +* MISTY1 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_MISTY1_H__ +#define BOTAN_MISTY1_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* MISTY1 * +*************************************************/ +class BOTAN_DLL MISTY1 : public BlockCipher + { + public: + void clear() throw() { EK.clear(); DK.clear(); } + std::string name() const { return "MISTY1"; } + BlockCipher* clone() const { return new MISTY1; } + MISTY1(u32bit = 8); + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + + static const byte EK_ORDER[100]; + static const byte DK_ORDER[100]; + SecureBuffer<u16bit, 100> EK, DK; + }; + +extern const byte MISTY1_SBOX_S7[128]; +extern const u16bit MISTY1_SBOX_S9[512]; + + +} + +#endif diff --git a/src/cipher/misty1/modinfo.txt b/src/cipher/misty1/modinfo.txt new file mode 100644 index 000000000..36600e5fe --- /dev/null +++ b/src/cipher/misty1/modinfo.txt @@ -0,0 +1,11 @@ +realname "MISTY-1" + +define MISTY1 + +load_on auto + +<add> +mist_tab.cpp +misty1.cpp +misty1.h +</add> diff --git a/src/cipher/noekeon/modinfo.txt b/src/cipher/noekeon/modinfo.txt new file mode 100644 index 000000000..8025c2073 --- /dev/null +++ b/src/cipher/noekeon/modinfo.txt @@ -0,0 +1,10 @@ +realname "Noekeon" + +define NOEKEON + +load_on auto + +<add> +noekeon.cpp +noekeon.h +</add> diff --git a/src/cipher/noekeon/noekeon.cpp b/src/cipher/noekeon/noekeon.cpp new file mode 100644 index 000000000..437972fe5 --- /dev/null +++ b/src/cipher/noekeon/noekeon.cpp @@ -0,0 +1,196 @@ +/************************************************* +* Noekeon Source File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#include <botan/noekeon.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* Noekeon's Theta Operation * +*************************************************/ +inline void theta(u32bit& A0, u32bit& A1, + u32bit& A2, u32bit& A3, + const u32bit EK[4]) + { + u32bit T = A0 ^ A2; + T ^= rotate_left(T, 8) ^ rotate_right(T, 8); + A1 ^= T; + A3 ^= T; + + A0 ^= EK[0]; + A1 ^= EK[1]; + A2 ^= EK[2]; + A3 ^= EK[3]; + + T = A1 ^ A3; + T ^= rotate_left(T, 8) ^ rotate_right(T, 8); + A0 ^= T; + A2 ^= T; + } + +/************************************************* +* Theta With Null Key * +*************************************************/ +inline void theta(u32bit& A0, u32bit& A1, + u32bit& A2, u32bit& A3) + { + u32bit T = A0 ^ A2; + T ^= rotate_left(T, 8) ^ rotate_right(T, 8); + A1 ^= T; + A3 ^= T; + + T = A1 ^ A3; + T ^= rotate_left(T, 8) ^ rotate_right(T, 8); + A0 ^= T; + A2 ^= T; + } + +/************************************************* +* Noekeon's Gamma S-Box Layer * +*************************************************/ +inline void gamma(u32bit& A0, u32bit& A1, u32bit& A2, u32bit& A3) + { + A1 ^= ~A3 & ~A2; + A0 ^= A2 & A1; + + u32bit T = A3; + A3 = A0; + A0 = T; + + A2 ^= A0 ^ A1 ^ A3; + + A1 ^= ~A3 & ~A2; + A0 ^= A2 & A1; + } + +} + +/************************************************* +* Noekeon Round Constants * +*************************************************/ +const byte Noekeon::RC[] = { + 0x80, 0x1B, 0x36, 0x6C, 0xD8, 0xAB, 0x4D, 0x9A, + 0x2F, 0x5E, 0xBC, 0x63, 0xC6, 0x97, 0x35, 0x6A, + 0xD4 }; + +/************************************************* +* Noekeon Encryption * +*************************************************/ +void Noekeon::enc(const byte in[], byte out[]) const + { + u32bit A0 = load_be<u32bit>(in, 0); + u32bit A1 = load_be<u32bit>(in, 1); + u32bit A2 = load_be<u32bit>(in, 2); + u32bit A3 = load_be<u32bit>(in, 3); + + for(u32bit j = 0; j != 16; ++j) + { + A0 ^= RC[j]; + theta(A0, A1, A2, A3, EK); + + A1 = rotate_left(A1, 1); + A2 = rotate_left(A2, 5); + A3 = rotate_left(A3, 2); + + gamma(A0, A1, A2, A3); + + A1 = rotate_right(A1, 1); + A2 = rotate_right(A2, 5); + A3 = rotate_right(A3, 2); + } + + A0 ^= RC[16]; + theta(A0, A1, A2, A3, EK); + + store_be(out, A0, A1, A2, A3); + } + +/************************************************* +* Noekeon Encryption * +*************************************************/ +void Noekeon::dec(const byte in[], byte out[]) const + { + u32bit A0 = load_be<u32bit>(in, 0); + u32bit A1 = load_be<u32bit>(in, 1); + u32bit A2 = load_be<u32bit>(in, 2); + u32bit A3 = load_be<u32bit>(in, 3); + + for(u32bit j = 16; j != 0; --j) + { + theta(A0, A1, A2, A3, DK); + A0 ^= RC[j]; + + A1 = rotate_left(A1, 1); + A2 = rotate_left(A2, 5); + A3 = rotate_left(A3, 2); + + gamma(A0, A1, A2, A3); + + A1 = rotate_right(A1, 1); + A2 = rotate_right(A2, 5); + A3 = rotate_right(A3, 2); + } + + theta(A0, A1, A2, A3, DK); + A0 ^= RC[0]; + + store_be(out, A0, A1, A2, A3); + } + +/************************************************* +* Noekeon Key Schedule * +*************************************************/ +void Noekeon::key(const byte key[], u32bit) + { + u32bit A0 = load_be<u32bit>(key, 0); + u32bit A1 = load_be<u32bit>(key, 1); + u32bit A2 = load_be<u32bit>(key, 2); + u32bit A3 = load_be<u32bit>(key, 3); + + for(u32bit j = 0; j != 16; ++j) + { + A0 ^= RC[j]; + theta(A0, A1, A2, A3); + + A1 = rotate_left(A1, 1); + A2 = rotate_left(A2, 5); + A3 = rotate_left(A3, 2); + + gamma(A0, A1, A2, A3); + + A1 = rotate_right(A1, 1); + A2 = rotate_right(A2, 5); + A3 = rotate_right(A3, 2); + } + + A0 ^= RC[16]; + + DK[0] = A0; + DK[1] = A1; + DK[2] = A2; + DK[3] = A3; + + theta(A0, A1, A2, A3); + + EK[0] = A0; + EK[1] = A1; + EK[2] = A2; + EK[3] = A3; + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void Noekeon::clear() throw() + { + EK.clear(); + DK.clear(); + } + +} diff --git a/src/cipher/noekeon/noekeon.h b/src/cipher/noekeon/noekeon.h new file mode 100644 index 000000000..660ab487a --- /dev/null +++ b/src/cipher/noekeon/noekeon.h @@ -0,0 +1,35 @@ +/************************************************* +* Noekeon Header File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_NOEKEON_H__ +#define BOTAN_NOEKEON_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* Noekeon * +*************************************************/ +class BOTAN_DLL Noekeon : public BlockCipher + { + public: + void clear() throw(); + std::string name() const { return "Noekeon"; } + BlockCipher* clone() const { return new Noekeon; } + Noekeon() : BlockCipher(16, 16) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + + static const byte RC[17]; + + SecureBuffer<u32bit, 4> EK, DK; + }; + +} + +#endif diff --git a/src/cipher/rc2/modinfo.txt b/src/cipher/rc2/modinfo.txt new file mode 100644 index 000000000..099141de7 --- /dev/null +++ b/src/cipher/rc2/modinfo.txt @@ -0,0 +1,10 @@ +realname "RC2" + +define RC2 + +load_on auto + +<add> +rc2.cpp +rc2.h +</add> diff --git a/src/cipher/rc2/rc2.cpp b/src/cipher/rc2/rc2.cpp new file mode 100644 index 000000000..6d764e5c4 --- /dev/null +++ b/src/cipher/rc2/rc2.cpp @@ -0,0 +1,161 @@ +/************************************************* +* RC2 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/rc2.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +/************************************************* +* RC2 Encryption * +*************************************************/ +void RC2::enc(const byte in[], byte out[]) const + { + u16bit R0 = load_le<u16bit>(in, 0); + u16bit R1 = load_le<u16bit>(in, 1); + u16bit R2 = load_le<u16bit>(in, 2); + u16bit R3 = load_le<u16bit>(in, 3); + + for(u32bit j = 0; j != 16; ++j) + { + R0 += (R1 & ~R3) + (R2 & R3) + K[4*j]; + R0 = rotate_left(R0, 1); + + R1 += (R2 & ~R0) + (R3 & R0) + K[4*j + 1]; + R1 = rotate_left(R1, 2); + + R2 += (R3 & ~R1) + (R0 & R1) + K[4*j + 2]; + R2 = rotate_left(R2, 3); + + R3 += (R0 & ~R2) + (R1 & R2) + K[4*j + 3]; + R3 = rotate_left(R3, 5); + + if(j == 4 || j == 10) + { + R0 += K[R3 % 64]; + R1 += K[R0 % 64]; + R2 += K[R1 % 64]; + R3 += K[R2 % 64]; + } + } + + store_le(out, R0, R1, R2, R3); + } + +/************************************************* +* RC2 Decryption * +*************************************************/ +void RC2::dec(const byte in[], byte out[]) const + { + u16bit R0 = load_le<u16bit>(in, 0); + u16bit R1 = load_le<u16bit>(in, 1); + u16bit R2 = load_le<u16bit>(in, 2); + u16bit R3 = load_le<u16bit>(in, 3); + + for(u32bit j = 0; j != 16; ++j) + { + R3 = rotate_right(R3, 5); + R3 -= (R0 & ~R2) + (R1 & R2) + K[63 - (4*j + 0)]; + + R2 = rotate_right(R2, 3); + R2 -= (R3 & ~R1) + (R0 & R1) + K[63 - (4*j + 1)]; + + R1 = rotate_right(R1, 2); + R1 -= (R2 & ~R0) + (R3 & R0) + K[63 - (4*j + 2)]; + + R0 = rotate_right(R0, 1); + R0 -= (R1 & ~R3) + (R2 & R3) + K[63 - (4*j + 3)]; + + if(j == 4 || j == 10) + { + R3 -= K[R2 % 64]; + R2 -= K[R1 % 64]; + R1 -= K[R0 % 64]; + R0 -= K[R3 % 64]; + } + } + + store_le(out, R0, R1, R2, R3); + } + +/************************************************* +* RC2 Key Schedule * +*************************************************/ +void RC2::key(const byte key[], u32bit length) + { + static const byte TABLE[256] = { + 0xD9, 0x78, 0xF9, 0xC4, 0x19, 0xDD, 0xB5, 0xED, 0x28, 0xE9, 0xFD, 0x79, + 0x4A, 0xA0, 0xD8, 0x9D, 0xC6, 0x7E, 0x37, 0x83, 0x2B, 0x76, 0x53, 0x8E, + 0x62, 0x4C, 0x64, 0x88, 0x44, 0x8B, 0xFB, 0xA2, 0x17, 0x9A, 0x59, 0xF5, + 0x87, 0xB3, 0x4F, 0x13, 0x61, 0x45, 0x6D, 0x8D, 0x09, 0x81, 0x7D, 0x32, + 0xBD, 0x8F, 0x40, 0xEB, 0x86, 0xB7, 0x7B, 0x0B, 0xF0, 0x95, 0x21, 0x22, + 0x5C, 0x6B, 0x4E, 0x82, 0x54, 0xD6, 0x65, 0x93, 0xCE, 0x60, 0xB2, 0x1C, + 0x73, 0x56, 0xC0, 0x14, 0xA7, 0x8C, 0xF1, 0xDC, 0x12, 0x75, 0xCA, 0x1F, + 0x3B, 0xBE, 0xE4, 0xD1, 0x42, 0x3D, 0xD4, 0x30, 0xA3, 0x3C, 0xB6, 0x26, + 0x6F, 0xBF, 0x0E, 0xDA, 0x46, 0x69, 0x07, 0x57, 0x27, 0xF2, 0x1D, 0x9B, + 0xBC, 0x94, 0x43, 0x03, 0xF8, 0x11, 0xC7, 0xF6, 0x90, 0xEF, 0x3E, 0xE7, + 0x06, 0xC3, 0xD5, 0x2F, 0xC8, 0x66, 0x1E, 0xD7, 0x08, 0xE8, 0xEA, 0xDE, + 0x80, 0x52, 0xEE, 0xF7, 0x84, 0xAA, 0x72, 0xAC, 0x35, 0x4D, 0x6A, 0x2A, + 0x96, 0x1A, 0xD2, 0x71, 0x5A, 0x15, 0x49, 0x74, 0x4B, 0x9F, 0xD0, 0x5E, + 0x04, 0x18, 0xA4, 0xEC, 0xC2, 0xE0, 0x41, 0x6E, 0x0F, 0x51, 0xCB, 0xCC, + 0x24, 0x91, 0xAF, 0x50, 0xA1, 0xF4, 0x70, 0x39, 0x99, 0x7C, 0x3A, 0x85, + 0x23, 0xB8, 0xB4, 0x7A, 0xFC, 0x02, 0x36, 0x5B, 0x25, 0x55, 0x97, 0x31, + 0x2D, 0x5D, 0xFA, 0x98, 0xE3, 0x8A, 0x92, 0xAE, 0x05, 0xDF, 0x29, 0x10, + 0x67, 0x6C, 0xBA, 0xC9, 0xD3, 0x00, 0xE6, 0xCF, 0xE1, 0x9E, 0xA8, 0x2C, + 0x63, 0x16, 0x01, 0x3F, 0x58, 0xE2, 0x89, 0xA9, 0x0D, 0x38, 0x34, 0x1B, + 0xAB, 0x33, 0xFF, 0xB0, 0xBB, 0x48, 0x0C, 0x5F, 0xB9, 0xB1, 0xCD, 0x2E, + 0xC5, 0xF3, 0xDB, 0x47, 0xE5, 0xA5, 0x9C, 0x77, 0x0A, 0xA6, 0x20, 0x68, + 0xFE, 0x7F, 0xC1, 0xAD }; + + SecureBuffer<byte, 128> L; + L.copy(key, length); + + for(u32bit j = length; j != 128; ++j) + L[j] = TABLE[(L[j-1] + L[j-length]) % 256]; + L[128-length] = TABLE[L[128-length]]; + for(s32bit j = 127-length; j >= 0; --j) + L[j] = TABLE[L[j+1] ^ L[j+length]]; + + for(u32bit j = 0; j != 64; ++j) + K[j] = load_le<u16bit>(L, j); + } + +/************************************************* +* Return the code of the effective key bits * +*************************************************/ +byte RC2::EKB_code(u32bit ekb) + { + const byte EKB[256] = { + 0xBD, 0x56, 0xEA, 0xF2, 0xA2, 0xF1, 0xAC, 0x2A, 0xB0, 0x93, 0xD1, 0x9C, + 0x1B, 0x33, 0xFD, 0xD0, 0x30, 0x04, 0xB6, 0xDC, 0x7D, 0xDF, 0x32, 0x4B, + 0xF7, 0xCB, 0x45, 0x9B, 0x31, 0xBB, 0x21, 0x5A, 0x41, 0x9F, 0xE1, 0xD9, + 0x4A, 0x4D, 0x9E, 0xDA, 0xA0, 0x68, 0x2C, 0xC3, 0x27, 0x5F, 0x80, 0x36, + 0x3E, 0xEE, 0xFB, 0x95, 0x1A, 0xFE, 0xCE, 0xA8, 0x34, 0xA9, 0x13, 0xF0, + 0xA6, 0x3F, 0xD8, 0x0C, 0x78, 0x24, 0xAF, 0x23, 0x52, 0xC1, 0x67, 0x17, + 0xF5, 0x66, 0x90, 0xE7, 0xE8, 0x07, 0xB8, 0x60, 0x48, 0xE6, 0x1E, 0x53, + 0xF3, 0x92, 0xA4, 0x72, 0x8C, 0x08, 0x15, 0x6E, 0x86, 0x00, 0x84, 0xFA, + 0xF4, 0x7F, 0x8A, 0x42, 0x19, 0xF6, 0xDB, 0xCD, 0x14, 0x8D, 0x50, 0x12, + 0xBA, 0x3C, 0x06, 0x4E, 0xEC, 0xB3, 0x35, 0x11, 0xA1, 0x88, 0x8E, 0x2B, + 0x94, 0x99, 0xB7, 0x71, 0x74, 0xD3, 0xE4, 0xBF, 0x3A, 0xDE, 0x96, 0x0E, + 0xBC, 0x0A, 0xED, 0x77, 0xFC, 0x37, 0x6B, 0x03, 0x79, 0x89, 0x62, 0xC6, + 0xD7, 0xC0, 0xD2, 0x7C, 0x6A, 0x8B, 0x22, 0xA3, 0x5B, 0x05, 0x5D, 0x02, + 0x75, 0xD5, 0x61, 0xE3, 0x18, 0x8F, 0x55, 0x51, 0xAD, 0x1F, 0x0B, 0x5E, + 0x85, 0xE5, 0xC2, 0x57, 0x63, 0xCA, 0x3D, 0x6C, 0xB4, 0xC5, 0xCC, 0x70, + 0xB2, 0x91, 0x59, 0x0D, 0x47, 0x20, 0xC8, 0x4F, 0x58, 0xE0, 0x01, 0xE2, + 0x16, 0x38, 0xC4, 0x6F, 0x3B, 0x0F, 0x65, 0x46, 0xBE, 0x7E, 0x2D, 0x7B, + 0x82, 0xF9, 0x40, 0xB5, 0x1D, 0x73, 0xF8, 0xEB, 0x26, 0xC7, 0x87, 0x97, + 0x25, 0x54, 0xB1, 0x28, 0xAA, 0x98, 0x9D, 0xA5, 0x64, 0x6D, 0x7A, 0xD4, + 0x10, 0x81, 0x44, 0xEF, 0x49, 0xD6, 0xAE, 0x2E, 0xDD, 0x76, 0x5C, 0x2F, + 0xA7, 0x1C, 0xC9, 0x09, 0x69, 0x9A, 0x83, 0xCF, 0x29, 0x39, 0xB9, 0xE9, + 0x4C, 0xFF, 0x43, 0xAB }; + + if(ekb < 256) + return EKB[ekb]; + else + throw Encoding_Error("RC2::EKB_code: EKB is too large"); + } + +} diff --git a/src/cipher/rc2/rc2.h b/src/cipher/rc2/rc2.h new file mode 100644 index 000000000..8f46821a4 --- /dev/null +++ b/src/cipher/rc2/rc2.h @@ -0,0 +1,35 @@ +/************************************************* +* RC2 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_RC2_H__ +#define BOTAN_RC2_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* RC2 * +*************************************************/ +class BOTAN_DLL RC2 : public BlockCipher + { + public: + static byte EKB_code(u32bit); + + void clear() throw() { K.clear(); } + std::string name() const { return "RC2"; } + BlockCipher* clone() const { return new RC2; } + RC2() : BlockCipher(8, 1, 32) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + + SecureBuffer<u16bit, 64> K; + }; + +} + +#endif diff --git a/src/cipher/rc5/modinfo.txt b/src/cipher/rc5/modinfo.txt new file mode 100644 index 000000000..4a150c3b0 --- /dev/null +++ b/src/cipher/rc5/modinfo.txt @@ -0,0 +1,10 @@ +realname "RC5" + +define RC5 + +load_on auto + +<add> +rc5.cpp +rc5.h +</add> diff --git a/src/cipher/rc5/rc5.cpp b/src/cipher/rc5/rc5.cpp new file mode 100644 index 000000000..0c0229b6c --- /dev/null +++ b/src/cipher/rc5/rc5.cpp @@ -0,0 +1,101 @@ +/************************************************* +* RC5 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/rc5.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> +#include <botan/parsing.h> +#include <algorithm> + +namespace Botan { + +/************************************************* +* RC5 Encryption * +*************************************************/ +void RC5::enc(const byte in[], byte out[]) const + { + u32bit A = load_le<u32bit>(in, 0), B = load_le<u32bit>(in, 1); + + A += S[0]; B += S[1]; + for(u32bit j = 0; j != ROUNDS; j += 4) + { + A = rotate_left(A ^ B, B % 32) + S[2*j+2]; + B = rotate_left(B ^ A, A % 32) + S[2*j+3]; + A = rotate_left(A ^ B, B % 32) + S[2*j+4]; + B = rotate_left(B ^ A, A % 32) + S[2*j+5]; + A = rotate_left(A ^ B, B % 32) + S[2*j+6]; + B = rotate_left(B ^ A, A % 32) + S[2*j+7]; + A = rotate_left(A ^ B, B % 32) + S[2*j+8]; + B = rotate_left(B ^ A, A % 32) + S[2*j+9]; + } + + store_le(out, A, B); + } + +/************************************************* +* RC5 Decryption * +*************************************************/ +void RC5::dec(const byte in[], byte out[]) const + { + u32bit A = load_le<u32bit>(in, 0), B = load_le<u32bit>(in, 1); + + for(u32bit j = ROUNDS; j != 0; j -= 4) + { + B = rotate_right(B - S[2*j+1], A % 32) ^ A; + A = rotate_right(A - S[2*j ], B % 32) ^ B; + B = rotate_right(B - S[2*j-1], A % 32) ^ A; + A = rotate_right(A - S[2*j-2], B % 32) ^ B; + B = rotate_right(B - S[2*j-3], A % 32) ^ A; + A = rotate_right(A - S[2*j-4], B % 32) ^ B; + B = rotate_right(B - S[2*j-5], A % 32) ^ A; + A = rotate_right(A - S[2*j-6], B % 32) ^ B; + } + B -= S[1]; A -= S[0]; + + store_le(out, A, B); + } + +/************************************************* +* RC5 Key Schedule * +*************************************************/ +void RC5::key(const byte key[], u32bit length) + { + const u32bit WORD_KEYLENGTH = (((length - 1) / 4) + 1), + MIX_ROUNDS = 3*std::max(WORD_KEYLENGTH, S.size()); + S[0] = 0xB7E15163; + for(u32bit j = 1; j != S.size(); ++j) + S[j] = S[j-1] + 0x9E3779B9; + + SecureBuffer<u32bit, 8> K; + for(s32bit j = length-1; j >= 0; --j) + K[j/4] = (K[j/4] << 8) + key[j]; + for(u32bit j = 0, A = 0, B = 0; j != MIX_ROUNDS; ++j) + { + A = rotate_left(S[j % S.size()] + A + B, 3); + B = rotate_left(K[j % WORD_KEYLENGTH] + A + B, (A + B) % 32); + S[j % S.size()] = A; + K[j % WORD_KEYLENGTH] = B; + } + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string RC5::name() const + { + return "RC5(" + to_string(ROUNDS) + ")"; + } + +/************************************************* +* RC5 Constructor * +*************************************************/ +RC5::RC5(u32bit r) : BlockCipher(8, 1, 32), ROUNDS(r) + { + if(ROUNDS < 8 || ROUNDS > 32 || (ROUNDS % 4 != 0)) + throw Invalid_Argument(name() + ": Invalid number of rounds"); + S.create(2*ROUNDS + 2); + } + +} diff --git a/src/cipher/rc5/rc5.h b/src/cipher/rc5/rc5.h new file mode 100644 index 000000000..0827048dc --- /dev/null +++ b/src/cipher/rc5/rc5.h @@ -0,0 +1,33 @@ +/************************************************* +* RC5 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_RC5_H__ +#define BOTAN_RC5_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* RC5 * +*************************************************/ +class BOTAN_DLL RC5 : public BlockCipher + { + public: + void clear() throw() { S.clear(); } + std::string name() const; + BlockCipher* clone() const { return new RC5(ROUNDS); } + RC5(u32bit); + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + SecureVector<u32bit> S; + const u32bit ROUNDS; + }; + +} + +#endif diff --git a/src/cipher/rc6/modinfo.txt b/src/cipher/rc6/modinfo.txt new file mode 100644 index 000000000..1457e78c1 --- /dev/null +++ b/src/cipher/rc6/modinfo.txt @@ -0,0 +1,10 @@ +realname "RC6" + +define RC6 + +load_on auto + +<add> +rc6.cpp +rc6.h +</add> diff --git a/src/cipher/rc6/rc6.cpp b/src/cipher/rc6/rc6.cpp new file mode 100644 index 000000000..67d765222 --- /dev/null +++ b/src/cipher/rc6/rc6.cpp @@ -0,0 +1,120 @@ +/************************************************* +* RC6 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/rc6.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> +#include <algorithm> + +namespace Botan { + +/************************************************* +* RC6 Encryption * +*************************************************/ +void RC6::enc(const byte in[], byte out[]) const + { + u32bit A = load_le<u32bit>(in, 0); + u32bit B = load_le<u32bit>(in, 1); + u32bit C = load_le<u32bit>(in, 2); + u32bit D = load_le<u32bit>(in, 3); + + B += S[0]; D += S[1]; + + for(u32bit j = 0; j != 20; j += 4) + { + u32bit T1, T2; + + T1 = rotate_left(B*(2*B+1), 5); + T2 = rotate_left(D*(2*D+1), 5); + A = rotate_left(A ^ T1, T2 % 32) + S[2*j+2]; + C = rotate_left(C ^ T2, T1 % 32) + S[2*j+3]; + + T1 = rotate_left(C*(2*C+1), 5); + T2 = rotate_left(A*(2*A+1), 5); + B = rotate_left(B ^ T1, T2 % 32) + S[2*j+4]; + D = rotate_left(D ^ T2, T1 % 32) + S[2*j+5]; + + T1 = rotate_left(D*(2*D+1), 5); + T2 = rotate_left(B*(2*B+1), 5); + C = rotate_left(C ^ T1, T2 % 32) + S[2*j+6]; + A = rotate_left(A ^ T2, T1 % 32) + S[2*j+7]; + + T1 = rotate_left(A*(2*A+1), 5); + T2 = rotate_left(C*(2*C+1), 5); + D = rotate_left(D ^ T1, T2 % 32) + S[2*j+8]; + B = rotate_left(B ^ T2, T1 % 32) + S[2*j+9]; + } + + A += S[42]; C += S[43]; + + store_le(out, A, B, C, D); + } + +/************************************************* +* RC6 Decryption * +*************************************************/ +void RC6::dec(const byte in[], byte out[]) const + { + u32bit A = load_le<u32bit>(in, 0); + u32bit B = load_le<u32bit>(in, 1); + u32bit C = load_le<u32bit>(in, 2); + u32bit D = load_le<u32bit>(in, 3); + + C -= S[43]; A -= S[42]; + + for(u32bit j = 0; j != 20; j += 4) + { + u32bit T1, T2; + + T1 = rotate_left(A*(2*A+1), 5); + T2 = rotate_left(C*(2*C+1), 5); + B = rotate_right(B - S[41 - 2*j], T1 % 32) ^ T2; + D = rotate_right(D - S[40 - 2*j], T2 % 32) ^ T1; + + T1 = rotate_left(D*(2*D+1), 5); + T2 = rotate_left(B*(2*B+1), 5); + A = rotate_right(A - S[39 - 2*j], T1 % 32) ^ T2; + C = rotate_right(C - S[38 - 2*j], T2 % 32) ^ T1; + + T1 = rotate_left(C*(2*C+1), 5); + T2 = rotate_left(A*(2*A+1), 5); + D = rotate_right(D - S[37 - 2*j], T1 % 32) ^ T2; + B = rotate_right(B - S[36 - 2*j], T2 % 32) ^ T1; + + T1 = rotate_left(B*(2*B+1), 5); + T2 = rotate_left(D*(2*D+1), 5); + C = rotate_right(C - S[35 - 2*j], T1 % 32) ^ T2; + A = rotate_right(A - S[34 - 2*j], T2 % 32) ^ T1; + } + + D -= S[1]; B -= S[0]; + + store_le(out, A, B, C, D); + } + +/************************************************* +* RC6 Key Schedule * +*************************************************/ +void RC6::key(const byte key[], u32bit length) + { + const u32bit WORD_KEYLENGTH = (((length - 1) / 4) + 1), + MIX_ROUNDS = 3*std::max(WORD_KEYLENGTH, S.size()); + S[0] = 0xB7E15163; + for(u32bit j = 1; j != S.size(); ++j) + S[j] = S[j-1] + 0x9E3779B9; + + SecureBuffer<u32bit, 8> K; + for(s32bit j = length-1; j >= 0; --j) + K[j/4] = (K[j/4] << 8) + key[j]; + for(u32bit j = 0, A = 0, B = 0; j != MIX_ROUNDS; ++j) + { + A = rotate_left(S[j % S.size()] + A + B, 3); + B = rotate_left(K[j % WORD_KEYLENGTH] + A + B, (A + B) % 32); + S[j % S.size()] = A; + K[j % WORD_KEYLENGTH] = B; + } + } + +} diff --git a/src/cipher/rc6/rc6.h b/src/cipher/rc6/rc6.h new file mode 100644 index 000000000..d629b0995 --- /dev/null +++ b/src/cipher/rc6/rc6.h @@ -0,0 +1,33 @@ +/************************************************* +* RC6 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_RC6_H__ +#define BOTAN_RC6_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* RC6 * +*************************************************/ +class BOTAN_DLL RC6 : public BlockCipher + { + public: + void clear() throw() { S.clear(); } + std::string name() const { return "RC6"; } + BlockCipher* clone() const { return new RC6; } + RC6() : BlockCipher(16, 1, 32) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + + SecureBuffer<u32bit, 44> S; + }; + +} + +#endif diff --git a/src/cipher/safer/modinfo.txt b/src/cipher/safer/modinfo.txt new file mode 100644 index 000000000..973cbff19 --- /dev/null +++ b/src/cipher/safer/modinfo.txt @@ -0,0 +1,11 @@ +realname "SAFER" + +define SAFER + +load_on auto + +<add> +safe_tab.cpp +safer_sk.cpp +safer_sk.h +</add> diff --git a/src/cipher/safer/safe_tab.cpp b/src/cipher/safer/safe_tab.cpp new file mode 100644 index 000000000..06de7fa49 --- /dev/null +++ b/src/cipher/safer/safe_tab.cpp @@ -0,0 +1,119 @@ +/************************************************* +* S-Box Tables for SAFER-SK * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/safer_sk.h> + +namespace Botan { + +const byte SAFER_SK::EXP[256] = { + 0x01, 0x2D, 0xE2, 0x93, 0xBE, 0x45, 0x15, 0xAE, 0x78, 0x03, 0x87, 0xA4, + 0xB8, 0x38, 0xCF, 0x3F, 0x08, 0x67, 0x09, 0x94, 0xEB, 0x26, 0xA8, 0x6B, + 0xBD, 0x18, 0x34, 0x1B, 0xBB, 0xBF, 0x72, 0xF7, 0x40, 0x35, 0x48, 0x9C, + 0x51, 0x2F, 0x3B, 0x55, 0xE3, 0xC0, 0x9F, 0xD8, 0xD3, 0xF3, 0x8D, 0xB1, + 0xFF, 0xA7, 0x3E, 0xDC, 0x86, 0x77, 0xD7, 0xA6, 0x11, 0xFB, 0xF4, 0xBA, + 0x92, 0x91, 0x64, 0x83, 0xF1, 0x33, 0xEF, 0xDA, 0x2C, 0xB5, 0xB2, 0x2B, + 0x88, 0xD1, 0x99, 0xCB, 0x8C, 0x84, 0x1D, 0x14, 0x81, 0x97, 0x71, 0xCA, + 0x5F, 0xA3, 0x8B, 0x57, 0x3C, 0x82, 0xC4, 0x52, 0x5C, 0x1C, 0xE8, 0xA0, + 0x04, 0xB4, 0x85, 0x4A, 0xF6, 0x13, 0x54, 0xB6, 0xDF, 0x0C, 0x1A, 0x8E, + 0xDE, 0xE0, 0x39, 0xFC, 0x20, 0x9B, 0x24, 0x4E, 0xA9, 0x98, 0x9E, 0xAB, + 0xF2, 0x60, 0xD0, 0x6C, 0xEA, 0xFA, 0xC7, 0xD9, 0x00, 0xD4, 0x1F, 0x6E, + 0x43, 0xBC, 0xEC, 0x53, 0x89, 0xFE, 0x7A, 0x5D, 0x49, 0xC9, 0x32, 0xC2, + 0xF9, 0x9A, 0xF8, 0x6D, 0x16, 0xDB, 0x59, 0x96, 0x44, 0xE9, 0xCD, 0xE6, + 0x46, 0x42, 0x8F, 0x0A, 0xC1, 0xCC, 0xB9, 0x65, 0xB0, 0xD2, 0xC6, 0xAC, + 0x1E, 0x41, 0x62, 0x29, 0x2E, 0x0E, 0x74, 0x50, 0x02, 0x5A, 0xC3, 0x25, + 0x7B, 0x8A, 0x2A, 0x5B, 0xF0, 0x06, 0x0D, 0x47, 0x6F, 0x70, 0x9D, 0x7E, + 0x10, 0xCE, 0x12, 0x27, 0xD5, 0x4C, 0x4F, 0xD6, 0x79, 0x30, 0x68, 0x36, + 0x75, 0x7D, 0xE4, 0xED, 0x80, 0x6A, 0x90, 0x37, 0xA2, 0x5E, 0x76, 0xAA, + 0xC5, 0x7F, 0x3D, 0xAF, 0xA5, 0xE5, 0x19, 0x61, 0xFD, 0x4D, 0x7C, 0xB7, + 0x0B, 0xEE, 0xAD, 0x4B, 0x22, 0xF5, 0xE7, 0x73, 0x23, 0x21, 0xC8, 0x05, + 0xE1, 0x66, 0xDD, 0xB3, 0x58, 0x69, 0x63, 0x56, 0x0F, 0xA1, 0x31, 0x95, + 0x17, 0x07, 0x3A, 0x28 }; + +const byte SAFER_SK::LOG[512] = { + 0x80, 0x00, 0xB0, 0x09, 0x60, 0xEF, 0xB9, 0xFD, 0x10, 0x12, 0x9F, 0xE4, + 0x69, 0xBA, 0xAD, 0xF8, 0xC0, 0x38, 0xC2, 0x65, 0x4F, 0x06, 0x94, 0xFC, + 0x19, 0xDE, 0x6A, 0x1B, 0x5D, 0x4E, 0xA8, 0x82, 0x70, 0xED, 0xE8, 0xEC, + 0x72, 0xB3, 0x15, 0xC3, 0xFF, 0xAB, 0xB6, 0x47, 0x44, 0x01, 0xAC, 0x25, + 0xC9, 0xFA, 0x8E, 0x41, 0x1A, 0x21, 0xCB, 0xD3, 0x0D, 0x6E, 0xFE, 0x26, + 0x58, 0xDA, 0x32, 0x0F, 0x20, 0xA9, 0x9D, 0x84, 0x98, 0x05, 0x9C, 0xBB, + 0x22, 0x8C, 0x63, 0xE7, 0xC5, 0xE1, 0x73, 0xC6, 0xAF, 0x24, 0x5B, 0x87, + 0x66, 0x27, 0xF7, 0x57, 0xF4, 0x96, 0xB1, 0xB7, 0x5C, 0x8B, 0xD5, 0x54, + 0x79, 0xDF, 0xAA, 0xF6, 0x3E, 0xA3, 0xF1, 0x11, 0xCA, 0xF5, 0xD1, 0x17, + 0x7B, 0x93, 0x83, 0xBC, 0xBD, 0x52, 0x1E, 0xEB, 0xAE, 0xCC, 0xD6, 0x35, + 0x08, 0xC8, 0x8A, 0xB4, 0xE2, 0xCD, 0xBF, 0xD9, 0xD0, 0x50, 0x59, 0x3F, + 0x4D, 0x62, 0x34, 0x0A, 0x48, 0x88, 0xB5, 0x56, 0x4C, 0x2E, 0x6B, 0x9E, + 0xD2, 0x3D, 0x3C, 0x03, 0x13, 0xFB, 0x97, 0x51, 0x75, 0x4A, 0x91, 0x71, + 0x23, 0xBE, 0x76, 0x2A, 0x5F, 0xF9, 0xD4, 0x55, 0x0B, 0xDC, 0x37, 0x31, + 0x16, 0x74, 0xD7, 0x77, 0xA7, 0xE6, 0x07, 0xDB, 0xA4, 0x2F, 0x46, 0xF3, + 0x61, 0x45, 0x67, 0xE3, 0x0C, 0xA2, 0x3B, 0x1C, 0x85, 0x18, 0x04, 0x1D, + 0x29, 0xA0, 0x8F, 0xB2, 0x5A, 0xD8, 0xA6, 0x7E, 0xEE, 0x8D, 0x53, 0x4B, + 0xA1, 0x9A, 0xC1, 0x0E, 0x7A, 0x49, 0xA5, 0x2C, 0x81, 0xC4, 0xC7, 0x36, + 0x2B, 0x7F, 0x43, 0x95, 0x33, 0xF2, 0x6C, 0x68, 0x6D, 0xF0, 0x02, 0x28, + 0xCE, 0xDD, 0x9B, 0xEA, 0x5E, 0x99, 0x7C, 0x14, 0x86, 0xCF, 0xE5, 0x42, + 0xB8, 0x40, 0x78, 0x2D, 0x3A, 0xE9, 0x64, 0x1F, 0x92, 0x90, 0x7D, 0x39, + 0x6F, 0xE0, 0x89, 0x30, 0x80, 0x00, 0xB0, 0x09, 0x60, 0xEF, 0xB9, 0xFD, + 0x10, 0x12, 0x9F, 0xE4, 0x69, 0xBA, 0xAD, 0xF8, 0xC0, 0x38, 0xC2, 0x65, + 0x4F, 0x06, 0x94, 0xFC, 0x19, 0xDE, 0x6A, 0x1B, 0x5D, 0x4E, 0xA8, 0x82, + 0x70, 0xED, 0xE8, 0xEC, 0x72, 0xB3, 0x15, 0xC3, 0xFF, 0xAB, 0xB6, 0x47, + 0x44, 0x01, 0xAC, 0x25, 0xC9, 0xFA, 0x8E, 0x41, 0x1A, 0x21, 0xCB, 0xD3, + 0x0D, 0x6E, 0xFE, 0x26, 0x58, 0xDA, 0x32, 0x0F, 0x20, 0xA9, 0x9D, 0x84, + 0x98, 0x05, 0x9C, 0xBB, 0x22, 0x8C, 0x63, 0xE7, 0xC5, 0xE1, 0x73, 0xC6, + 0xAF, 0x24, 0x5B, 0x87, 0x66, 0x27, 0xF7, 0x57, 0xF4, 0x96, 0xB1, 0xB7, + 0x5C, 0x8B, 0xD5, 0x54, 0x79, 0xDF, 0xAA, 0xF6, 0x3E, 0xA3, 0xF1, 0x11, + 0xCA, 0xF5, 0xD1, 0x17, 0x7B, 0x93, 0x83, 0xBC, 0xBD, 0x52, 0x1E, 0xEB, + 0xAE, 0xCC, 0xD6, 0x35, 0x08, 0xC8, 0x8A, 0xB4, 0xE2, 0xCD, 0xBF, 0xD9, + 0xD0, 0x50, 0x59, 0x3F, 0x4D, 0x62, 0x34, 0x0A, 0x48, 0x88, 0xB5, 0x56, + 0x4C, 0x2E, 0x6B, 0x9E, 0xD2, 0x3D, 0x3C, 0x03, 0x13, 0xFB, 0x97, 0x51, + 0x75, 0x4A, 0x91, 0x71, 0x23, 0xBE, 0x76, 0x2A, 0x5F, 0xF9, 0xD4, 0x55, + 0x0B, 0xDC, 0x37, 0x31, 0x16, 0x74, 0xD7, 0x77, 0xA7, 0xE6, 0x07, 0xDB, + 0xA4, 0x2F, 0x46, 0xF3, 0x61, 0x45, 0x67, 0xE3, 0x0C, 0xA2, 0x3B, 0x1C, + 0x85, 0x18, 0x04, 0x1D, 0x29, 0xA0, 0x8F, 0xB2, 0x5A, 0xD8, 0xA6, 0x7E, + 0xEE, 0x8D, 0x53, 0x4B, 0xA1, 0x9A, 0xC1, 0x0E, 0x7A, 0x49, 0xA5, 0x2C, + 0x81, 0xC4, 0xC7, 0x36, 0x2B, 0x7F, 0x43, 0x95, 0x33, 0xF2, 0x6C, 0x68, + 0x6D, 0xF0, 0x02, 0x28, 0xCE, 0xDD, 0x9B, 0xEA, 0x5E, 0x99, 0x7C, 0x14, + 0x86, 0xCF, 0xE5, 0x42, 0xB8, 0x40, 0x78, 0x2D, 0x3A, 0xE9, 0x64, 0x1F, + 0x92, 0x90, 0x7D, 0x39, 0x6F, 0xE0, 0x89, 0x30 }; + +const byte SAFER_SK::BIAS[208] = { + 0x16, 0x73, 0x3B, 0x1E, 0x8E, 0x70, 0xBD, 0x86, 0x47, 0x7E, 0x24, 0x56, + 0xF1, 0x77, 0x88, 0x46, 0xB1, 0xBA, 0xA3, 0xB7, 0x10, 0x0A, 0xC5, 0x37, + 0xC9, 0x5A, 0x28, 0xAC, 0x64, 0xA5, 0xEC, 0xAB, 0xC6, 0x67, 0x95, 0x58, + 0x0D, 0xF8, 0x9A, 0xF6, 0x66, 0xDC, 0x05, 0x3D, 0xD3, 0x8A, 0xC3, 0xD8, + 0x6A, 0xE9, 0x36, 0x49, 0x43, 0xBF, 0xEB, 0xD4, 0x9B, 0x68, 0xA0, 0x65, + 0x5D, 0x57, 0x92, 0x1F, 0x71, 0x5C, 0xBB, 0x22, 0xC1, 0xBE, 0x7B, 0xBC, + 0x63, 0x94, 0x5F, 0x2A, 0x61, 0xB8, 0x34, 0x32, 0xFD, 0xFB, 0x17, 0x40, + 0xE6, 0x51, 0x1D, 0x41, 0x8F, 0x29, 0xDD, 0x04, 0x80, 0xDE, 0xE7, 0x31, + 0x7F, 0x01, 0xA2, 0xF7, 0x39, 0xDA, 0x6F, 0x23, 0xFE, 0x3A, 0xD0, 0x1C, + 0xD1, 0x30, 0x3E, 0x12, 0xCD, 0x0F, 0xE0, 0xA8, 0xAF, 0x82, 0x59, 0x2C, + 0x7D, 0xAD, 0xB2, 0xEF, 0xC2, 0x87, 0xCE, 0x75, 0x13, 0x02, 0x90, 0x4F, + 0x2E, 0x72, 0x33, 0x85, 0x8D, 0xCF, 0xA9, 0x81, 0xE2, 0xC4, 0x27, 0x2F, + 0x7A, 0x9F, 0x52, 0xE1, 0x15, 0x38, 0x2B, 0xFC, 0x42, 0xC7, 0x08, 0xE4, + 0x09, 0x55, 0x5E, 0x8C, 0x76, 0x60, 0xFF, 0xDF, 0xD7, 0x98, 0xFA, 0x0B, + 0x00, 0x1A, 0xF9, 0xA6, 0xB9, 0xE8, 0x9E, 0x62, 0xD9, 0x91, 0x50, 0xD2, + 0xEE, 0x18, 0xB4, 0x07, 0xEA, 0x5B, 0xA4, 0xC8, 0x0E, 0xCB, 0x48, 0x69, + 0x4E, 0x9C, 0x35, 0x79, 0x45, 0x4D, 0x54, 0xE5, 0x3C, 0x0C, 0x4A, 0x8B, + 0x3F, 0xCC, 0xA7, 0xDB }; + +const byte SAFER_SK::KEY_INDEX[208] = { + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x0B, 0x0C, 0x0D, 0x0E, + 0x0F, 0x10, 0x11, 0x09, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x01, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x09, 0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, + 0x00, 0x01, 0x02, 0x03, 0x0F, 0x10, 0x11, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, + 0x07, 0x08, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x11, 0x09, 0x0A, 0x0B, + 0x0C, 0x0D, 0x0E, 0x0F, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, + 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x02, 0x03, 0x04, 0x05, + 0x06, 0x07, 0x08, 0x00, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x09, 0x0A, + 0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x01, 0x02, 0x0E, 0x0F, 0x10, 0x11, + 0x09, 0x0A, 0x0B, 0x0C, 0x06, 0x07, 0x08, 0x00, 0x01, 0x02, 0x03, 0x04, + 0x10, 0x11, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x08, 0x00, 0x01, 0x02, + 0x03, 0x04, 0x05, 0x06, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, + 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x0B, 0x0C, 0x0D, 0x0E, + 0x0F, 0x10, 0x11, 0x09, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x00, 0x01, + 0x0D, 0x0E, 0x0F, 0x10, 0x11, 0x09, 0x0A, 0x0B, 0x05, 0x06, 0x07, 0x08, + 0x00, 0x01, 0x02, 0x03, 0x0F, 0x10, 0x11, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, + 0x07, 0x08, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x11, 0x09, 0x0A, 0x0B, + 0x0C, 0x0D, 0x0E, 0x0F }; + +} diff --git a/src/cipher/safer/safer_sk.cpp b/src/cipher/safer/safer_sk.cpp new file mode 100644 index 000000000..639130714 --- /dev/null +++ b/src/cipher/safer/safer_sk.cpp @@ -0,0 +1,113 @@ +/************************************************* +* SAFER-SK Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/safer_sk.h> +#include <botan/bit_ops.h> +#include <botan/parsing.h> +#include <botan/rotate.h> + +namespace Botan { + +/************************************************* +* SAFER-SK Encryption * +*************************************************/ +void SAFER_SK::enc(const byte in[], byte out[]) const + { + byte A = in[0], B = in[1], C = in[2], D = in[3], + E = in[4], F = in[5], G = in[6], H = in[7], X, Y; + for(u32bit j = 0; j != 16*ROUNDS; j += 16) + { + A = EXP[A ^ EK[j ]]; B = LOG[B + EK[j+1]]; + C = LOG[C + EK[j+2]]; D = EXP[D ^ EK[j+3]]; + E = EXP[E ^ EK[j+4]]; F = LOG[F + EK[j+5]]; + G = LOG[G + EK[j+6]]; H = EXP[H ^ EK[j+7]]; + A += EK[j+ 8]; B ^= EK[j+ 9]; C ^= EK[j+10]; D += EK[j+11]; + E += EK[j+12]; F ^= EK[j+13]; G ^= EK[j+14]; H += EK[j+15]; + B += A; D += C; F += E; H += G; A += B; C += D; E += F; G += H; + C += A; G += E; D += B; H += F; A += C; E += G; B += D; F += H; + H += D; Y = D + H; D = B + F; X = B + D; B = A + E; + A += B; F = C + G; E = C + F; C = X; G = Y; + } + out[0] = A ^ EK[16*ROUNDS+0]; out[1] = B + EK[16*ROUNDS+1]; + out[2] = C + EK[16*ROUNDS+2]; out[3] = D ^ EK[16*ROUNDS+3]; + out[4] = E ^ EK[16*ROUNDS+4]; out[5] = F + EK[16*ROUNDS+5]; + out[6] = G + EK[16*ROUNDS+6]; out[7] = H ^ EK[16*ROUNDS+7]; + } + +/************************************************* +* SAFER-SK Decryption * +*************************************************/ +void SAFER_SK::dec(const byte in[], byte out[]) const + { + byte A = in[0], B = in[1], C = in[2], D = in[3], + E = in[4], F = in[5], G = in[6], H = in[7]; + A ^= EK[16*ROUNDS+0]; B -= EK[16*ROUNDS+1]; C -= EK[16*ROUNDS+2]; + D ^= EK[16*ROUNDS+3]; E ^= EK[16*ROUNDS+4]; F -= EK[16*ROUNDS+5]; + G -= EK[16*ROUNDS+6]; H ^= EK[16*ROUNDS+7]; + for(s32bit j = 16*(ROUNDS-1); j >= 0; j -= 16) + { + byte T = E; E = B; B = C; C = T; T = F; F = D; D = G; G = T; + A -= E; B -= F; C -= G; D -= H; E -= A; F -= B; G -= C; H -= D; + A -= C; E -= G; B -= D; F -= H; C -= A; G -= E; D -= B; H -= F; + A -= B; C -= D; E -= F; G -= H; B -= A; D -= C; F -= E; H -= G; + A = LOG[A - EK[j+8 ] + 256]; B = EXP[B ^ EK[j+9 ]]; + C = EXP[C ^ EK[j+10]]; D = LOG[D - EK[j+11] + 256]; + E = LOG[E - EK[j+12] + 256]; F = EXP[F ^ EK[j+13]]; + G = EXP[G ^ EK[j+14]]; H = LOG[H - EK[j+15] + 256]; + A ^= EK[j+0]; B -= EK[j+1]; C -= EK[j+2]; D ^= EK[j+3]; + E ^= EK[j+4]; F -= EK[j+5]; G -= EK[j+6]; H ^= EK[j+7]; + } + out[0] = A; out[1] = B; out[2] = C; out[3] = D; + out[4] = E; out[5] = F; out[6] = G; out[7] = H; + } + +/************************************************* +* SAFER-SK Key Schedule * +*************************************************/ +void SAFER_SK::key(const byte key[], u32bit) + { + SecureBuffer<byte, 18> KB; + + for(u32bit j = 0; j != 8; ++j) + { + KB[ 8] ^= KB[j] = rotate_left(key[j], 5); + KB[17] ^= KB[j+9] = EK[j] = key[j+8]; + } + for(u32bit j = 0; j != ROUNDS; ++j) + { + for(u32bit k = 0; k != 18; ++k) + KB[k] = rotate_left(KB[k], 6); + for(u32bit k = 0; k != 16; ++k) + EK[16*j+k+8] = KB[KEY_INDEX[16*j+k]] + BIAS[16*j+k]; + } + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string SAFER_SK::name() const + { + return "SAFER-SK(" + to_string(ROUNDS) + ")"; + } + +/************************************************* +* Return a clone of this object * +*************************************************/ +BlockCipher* SAFER_SK::clone() const + { + return new SAFER_SK(ROUNDS); + } + +/************************************************* +* SAFER-SK Constructor * +*************************************************/ +SAFER_SK::SAFER_SK(u32bit rounds) : BlockCipher(8, 16), + EK(16 * rounds + 8), ROUNDS(rounds) + { + if(ROUNDS > 13 || ROUNDS == 0) + throw Invalid_Argument(name() + ": Invalid number of rounds"); + } + +} diff --git a/src/cipher/safer/safer_sk.h b/src/cipher/safer/safer_sk.h new file mode 100644 index 000000000..1bc65e2f7 --- /dev/null +++ b/src/cipher/safer/safer_sk.h @@ -0,0 +1,38 @@ +/************************************************* +* SAFER-SK Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_SAFER_SK_H__ +#define BOTAN_SAFER_SK_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* SAFER-SK * +*************************************************/ +class BOTAN_DLL SAFER_SK : public BlockCipher + { + public: + void clear() throw() { EK.clear(); } + std::string name() const; + BlockCipher* clone() const; + SAFER_SK(u32bit); + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + + static const byte EXP[256]; + static const byte LOG[512]; + static const byte BIAS[208]; + static const byte KEY_INDEX[208]; + SecureVector<byte> EK; + const u32bit ROUNDS; + }; + +} + +#endif diff --git a/src/cipher/salsa20/modinfo.txt b/src/cipher/salsa20/modinfo.txt new file mode 100644 index 000000000..de1683643 --- /dev/null +++ b/src/cipher/salsa20/modinfo.txt @@ -0,0 +1,10 @@ +realname "Salsa20" + +define SALSA20 + +load_on auto + +<add> +salsa20.cpp +salsa20.h +</add> diff --git a/src/cipher/salsa20/salsa20.cpp b/src/cipher/salsa20/salsa20.cpp new file mode 100644 index 000000000..d11ba8799 --- /dev/null +++ b/src/cipher/salsa20/salsa20.cpp @@ -0,0 +1,208 @@ +/************************************************* +* Salsa20 Source File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#include <botan/salsa20.h> +#include <botan/mem_ops.h> +#include <botan/xor_buf.h> +#include <botan/loadstor.h> +#include <botan/parsing.h> + +namespace Botan { + +namespace { + +/************************************************* +* Generate Salsa20 cipher stream * +*************************************************/ +void salsa20(byte output[64], u32bit input[16]) + { + u32bit x00 = input[0]; + u32bit x01 = input[1]; + u32bit x02 = input[2]; + u32bit x03 = input[3]; + u32bit x04 = input[4]; + u32bit x05 = input[5]; + u32bit x06 = input[6]; + u32bit x07 = input[7]; + u32bit x08 = input[8]; + u32bit x09 = input[9]; + u32bit x10 = input[10]; + u32bit x11 = input[11]; + u32bit x12 = input[12]; + u32bit x13 = input[13]; + u32bit x14 = input[14]; + u32bit x15 = input[15]; + + for(u32bit i = 0; i != 10; ++i) + { + x04 ^= rotate_left(x00 + x12, 7); + x08 ^= rotate_left(x04 + x00, 9); + x12 ^= rotate_left(x08 + x04, 13); + x00 ^= rotate_left(x12 + x08, 18); + x09 ^= rotate_left(x05 + x01, 7); + x13 ^= rotate_left(x09 + x05, 9); + x01 ^= rotate_left(x13 + x09, 13); + x05 ^= rotate_left(x01 + x13, 18); + x14 ^= rotate_left(x10 + x06, 7); + x02 ^= rotate_left(x14 + x10, 9); + x06 ^= rotate_left(x02 + x14, 13); + x10 ^= rotate_left(x06 + x02, 18); + x03 ^= rotate_left(x15 + x11, 7); + x07 ^= rotate_left(x03 + x15, 9); + x11 ^= rotate_left(x07 + x03, 13); + x15 ^= rotate_left(x11 + x07, 18); + + x01 ^= rotate_left(x00 + x03, 7); + x02 ^= rotate_left(x01 + x00, 9); + x03 ^= rotate_left(x02 + x01, 13); + x00 ^= rotate_left(x03 + x02, 18); + x06 ^= rotate_left(x05 + x04, 7); + x07 ^= rotate_left(x06 + x05, 9); + x04 ^= rotate_left(x07 + x06, 13); + x05 ^= rotate_left(x04 + x07, 18); + x11 ^= rotate_left(x10 + x09, 7); + x08 ^= rotate_left(x11 + x10, 9); + x09 ^= rotate_left(x08 + x11, 13); + x10 ^= rotate_left(x09 + x08, 18); + x12 ^= rotate_left(x15 + x14, 7); + x13 ^= rotate_left(x12 + x15, 9); + x14 ^= rotate_left(x13 + x12, 13); + x15 ^= rotate_left(x14 + x13, 18); + } + + store_le(x00 + input[ 0], output + 4 * 0); + store_le(x01 + input[ 1], output + 4 * 1); + store_le(x02 + input[ 2], output + 4 * 2); + store_le(x03 + input[ 3], output + 4 * 3); + store_le(x04 + input[ 4], output + 4 * 4); + store_le(x05 + input[ 5], output + 4 * 5); + store_le(x06 + input[ 6], output + 4 * 6); + store_le(x07 + input[ 7], output + 4 * 7); + store_le(x08 + input[ 8], output + 4 * 8); + store_le(x09 + input[ 9], output + 4 * 9); + store_le(x10 + input[10], output + 4 * 10); + store_le(x11 + input[11], output + 4 * 11); + store_le(x12 + input[12], output + 4 * 12); + store_le(x13 + input[13], output + 4 * 13); + store_le(x14 + input[14], output + 4 * 14); + store_le(x15 + input[15], output + 4 * 15); + + ++input[8]; + if(!input[8]) + ++input[9]; + } + +} + +/************************************************* +* Combine cipher stream with message * +*************************************************/ +void Salsa20::cipher(const byte in[], byte out[], u32bit length) + { + while(length >= buffer.size() - position) + { + xor_buf(out, in, buffer.begin() + position, buffer.size() - position); + length -= (buffer.size() - position); + in += (buffer.size() - position); + out += (buffer.size() - position); + salsa20(buffer.begin(), state); + position = 0; + } + + xor_buf(out, in, buffer.begin() + position, length); + + position += length; + } + +/************************************************* +* Salsa20 Key Schedule * +*************************************************/ +void Salsa20::key(const byte key[], u32bit length) + { + clear(); + + if(length == 16) + { + const u32bit TAU[] = { 0x61707865, 0x3120646e, 0x79622d36, 0x6b206574 }; + + state[0] = TAU[0]; + state[1] = load_le<u32bit>(key, 0); + state[2] = load_le<u32bit>(key, 1); + state[3] = load_le<u32bit>(key, 2); + state[4] = load_le<u32bit>(key, 3); + state[5] = TAU[1]; + state[10] = TAU[2]; + state[11] = load_le<u32bit>(key, 0); + state[12] = load_le<u32bit>(key, 1); + state[13] = load_le<u32bit>(key, 2); + state[14] = load_le<u32bit>(key, 3); + state[15] = TAU[3]; + } + else if(length == 32) + { + const u32bit SIGMA[] = { 0x61707865, 0x3320646e, 0x79622d32, 0x6b206574 }; + + state[0] = SIGMA[0]; + state[1] = load_le<u32bit>(key, 0); + state[2] = load_le<u32bit>(key, 1); + state[3] = load_le<u32bit>(key, 2); + state[4] = load_le<u32bit>(key, 3); + state[5] = SIGMA[1]; + state[10] = SIGMA[2]; + state[11] = load_le<u32bit>(key, 4); + state[12] = load_le<u32bit>(key, 5); + state[13] = load_le<u32bit>(key, 6); + state[14] = load_le<u32bit>(key, 7); + state[15] = SIGMA[3]; + } + + const byte ZERO[8] = { 0 }; + resync(ZERO, sizeof(ZERO)); + } + +/************************************************* +* Return the name of this type * +*************************************************/ +void Salsa20::resync(const byte iv[], u32bit length) + { + if(length != IV_LENGTH) + throw Invalid_IV_Length(name(), length); + + state[6] = load_le<u32bit>(iv, 0); + state[7] = load_le<u32bit>(iv, 1); + state[8] = 0; + state[9] = 0; + + salsa20(buffer.begin(), state); + position = 0; + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string Salsa20::name() const + { + return "Salsa20"; + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void Salsa20::clear() throw() + { + state.clear(); + buffer.clear(); + position = 0; + } + +/************************************************* +* Salsa20 Constructor * +*************************************************/ +Salsa20::Salsa20() : StreamCipher(16, 32, 16, 8) + { + clear(); + } + +} diff --git a/src/cipher/salsa20/salsa20.h b/src/cipher/salsa20/salsa20.h new file mode 100644 index 000000000..e107d8569 --- /dev/null +++ b/src/cipher/salsa20/salsa20.h @@ -0,0 +1,39 @@ +/************************************************* +* Salsa20 Header File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_SALSA20_H__ +#define BOTAN_SALSA20_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* Salsa20 * +*************************************************/ +class BOTAN_DLL Salsa20 : public StreamCipher + { + public: + void clear() throw(); + std::string name() const; + StreamCipher* clone() const { return new Salsa20; } + + void resync(const byte[], u32bit); + + Salsa20(); + ~Salsa20() { clear(); } + private: + void cipher(const byte[], byte[], u32bit); + void key(const byte[], u32bit); + + SecureBuffer<u32bit, 16> state; + + SecureBuffer<byte, 64> buffer; + u32bit position; + }; + +} + +#endif diff --git a/src/cipher/seed/modinfo.txt b/src/cipher/seed/modinfo.txt new file mode 100644 index 000000000..d04979335 --- /dev/null +++ b/src/cipher/seed/modinfo.txt @@ -0,0 +1,11 @@ +realname "SEED" + +define SEED + +load_on auto + +<add> +seed.cpp +seed.h +seed_tab.cpp +</add> diff --git a/src/cipher/seed/seed.cpp b/src/cipher/seed/seed.cpp new file mode 100644 index 000000000..ecb6a86fa --- /dev/null +++ b/src/cipher/seed/seed.cpp @@ -0,0 +1,125 @@ +/************************************************* +* SEED Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/seed.h> +#include <botan/loadstor.h> + +namespace Botan { + +/************************************************* +* SEED G Function * +*************************************************/ +u32bit SEED::G_FUNC::operator()(u32bit X) const + { + return (S0[get_byte(3, X)] ^ S1[get_byte(2, X)] ^ + S2[get_byte(1, X)] ^ S3[get_byte(0, X)]); + } + +/************************************************* +* SEED Encryption * +*************************************************/ +void SEED::enc(const byte in[], byte out[]) const + { + u32bit B0 = load_be<u32bit>(in, 0); + u32bit B1 = load_be<u32bit>(in, 1); + u32bit B2 = load_be<u32bit>(in, 2); + u32bit B3 = load_be<u32bit>(in, 3); + + G_FUNC G; + + for(u32bit j = 0; j != 16; j += 2) + { + u32bit T0, T1; + + T0 = B2 ^ K[2*j]; + T1 = G(B2 ^ B3 ^ K[2*j+1]); + T0 = G(T1 + T0); + T1 = G(T1 + T0); + B1 ^= T1; + B0 ^= T0 + T1; + + T0 = B0 ^ K[2*j+2]; + T1 = G(B0 ^ B1 ^ K[2*j+3]); + T0 = G(T1 + T0); + T1 = G(T1 + T0); + B3 ^= T1; + B2 ^= T0 + T1; + } + + store_be(out, B2, B3, B0, B1); + } + +/************************************************* +* SEED Decryption * +*************************************************/ +void SEED::dec(const byte in[], byte out[]) const + { + u32bit B0 = load_be<u32bit>(in, 0); + u32bit B1 = load_be<u32bit>(in, 1); + u32bit B2 = load_be<u32bit>(in, 2); + u32bit B3 = load_be<u32bit>(in, 3); + + G_FUNC G; + + for(u32bit j = 0; j != 16; j += 2) + { + u32bit T0, T1; + + T0 = B2 ^ K[30-2*j]; + T1 = G(B2 ^ B3 ^ K[31-2*j]); + T0 = G(T1 + T0); + T1 = G(T1 + T0); + B1 ^= T1; + B0 ^= T0 + T1; + + T0 = B0 ^ K[28-2*j]; + T1 = G(B0 ^ B1 ^ K[29-2*j]); + T0 = G(T1 + T0); + T1 = G(T1 + T0); + B3 ^= T1; + B2 ^= T0 + T1; + } + + store_be(out, B2, B3, B0, B1); + } + +/************************************************* +* SEED Key Schedule * +*************************************************/ +void SEED::key(const byte key[], u32bit) + { + const u32bit RC[16] = { + 0x9E3779B9, 0x3C6EF373, 0x78DDE6E6, 0xF1BBCDCC, + 0xE3779B99, 0xC6EF3733, 0x8DDE6E67, 0x1BBCDCCF, + 0x3779B99E, 0x6EF3733C, 0xDDE6E678, 0xBBCDCCF1, + 0x779B99E3, 0xEF3733C6, 0xDE6E678D, 0xBCDCCF1B + }; + + SecureBuffer<u32bit, 4> WK; + + for(u32bit j = 0; j != 4; ++j) + WK[j] = load_be<u32bit>(key, j); + + G_FUNC G; + + for(u32bit j = 0; j != 16; j += 2) + { + K[2*j ] = G(WK[0] + WK[2] - RC[j]); + K[2*j+1] = G(WK[1] - WK[3] + RC[j]) ^ K[2*j]; + + byte T = get_byte(3, WK[0]); + WK[0] = (WK[0] >> 8) | (get_byte(3, WK[1]) << 24); + WK[1] = (WK[1] >> 8) | (T << 24); + + K[2*j+2] = G(WK[0] + WK[2] - RC[j+1]); + K[2*j+3] = G(WK[1] - WK[3] + RC[j+1]) ^ K[2*j+2]; + + T = get_byte(0, WK[3]); + WK[3] = (WK[3] << 8) | get_byte(0, WK[2]); + WK[2] = (WK[2] << 8) | T; + } + } + +} diff --git a/src/cipher/seed/seed.h b/src/cipher/seed/seed.h new file mode 100644 index 000000000..95ddbe1d5 --- /dev/null +++ b/src/cipher/seed/seed.h @@ -0,0 +1,41 @@ +/************************************************* +* SEED Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_SEED_H__ +#define BOTAN_SEED_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* SEED * +*************************************************/ +class BOTAN_DLL SEED : public BlockCipher + { + public: + void clear() throw() { K.clear(); } + std::string name() const { return "SEED"; } + BlockCipher* clone() const { return new SEED; } + SEED() : BlockCipher(16, 16) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + + class G_FUNC + { + public: + u32bit operator()(u32bit) const; + private: + static const u32bit S0[256], S1[256], S2[256], S3[256]; + }; + + SecureBuffer<u32bit, 32> K; + }; + +} + +#endif diff --git a/src/cipher/seed/seed_tab.cpp b/src/cipher/seed/seed_tab.cpp new file mode 100644 index 000000000..5880f0489 --- /dev/null +++ b/src/cipher/seed/seed_tab.cpp @@ -0,0 +1,190 @@ +/************************************************* +* S-Box Tables for SEED * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/seed.h> + +namespace Botan { + +const u32bit SEED::G_FUNC::S0[256] = { + 0x2989A1A8, 0x05858184, 0x16C6D2D4, 0x13C3D3D0, 0x14445054, 0x1D0D111C, + 0x2C8CA0AC, 0x25052124, 0x1D4D515C, 0x03434340, 0x18081018, 0x1E0E121C, + 0x11415150, 0x3CCCF0FC, 0x0ACAC2C8, 0x23436360, 0x28082028, 0x04444044, + 0x20002020, 0x1D8D919C, 0x20C0E0E0, 0x22C2E2E0, 0x08C8C0C8, 0x17071314, + 0x2585A1A4, 0x0F8F838C, 0x03030300, 0x3B4B7378, 0x3B8BB3B8, 0x13031310, + 0x12C2D2D0, 0x2ECEE2EC, 0x30407070, 0x0C8C808C, 0x3F0F333C, 0x2888A0A8, + 0x32023230, 0x1DCDD1DC, 0x36C6F2F4, 0x34447074, 0x2CCCE0EC, 0x15859194, + 0x0B0B0308, 0x17475354, 0x1C4C505C, 0x1B4B5358, 0x3D8DB1BC, 0x01010100, + 0x24042024, 0x1C0C101C, 0x33437370, 0x18889098, 0x10001010, 0x0CCCC0CC, + 0x32C2F2F0, 0x19C9D1D8, 0x2C0C202C, 0x27C7E3E4, 0x32427270, 0x03838380, + 0x1B8B9398, 0x11C1D1D0, 0x06868284, 0x09C9C1C8, 0x20406060, 0x10405050, + 0x2383A3A0, 0x2BCBE3E8, 0x0D0D010C, 0x3686B2B4, 0x1E8E929C, 0x0F4F434C, + 0x3787B3B4, 0x1A4A5258, 0x06C6C2C4, 0x38487078, 0x2686A2A4, 0x12021210, + 0x2F8FA3AC, 0x15C5D1D4, 0x21416160, 0x03C3C3C0, 0x3484B0B4, 0x01414140, + 0x12425250, 0x3D4D717C, 0x0D8D818C, 0x08080008, 0x1F0F131C, 0x19899198, + 0x00000000, 0x19091118, 0x04040004, 0x13435350, 0x37C7F3F4, 0x21C1E1E0, + 0x3DCDF1FC, 0x36467274, 0x2F0F232C, 0x27072324, 0x3080B0B0, 0x0B8B8388, + 0x0E0E020C, 0x2B8BA3A8, 0x2282A2A0, 0x2E4E626C, 0x13839390, 0x0D4D414C, + 0x29496168, 0x3C4C707C, 0x09090108, 0x0A0A0208, 0x3F8FB3BC, 0x2FCFE3EC, + 0x33C3F3F0, 0x05C5C1C4, 0x07878384, 0x14041014, 0x3ECEF2FC, 0x24446064, + 0x1ECED2DC, 0x2E0E222C, 0x0B4B4348, 0x1A0A1218, 0x06060204, 0x21012120, + 0x2B4B6368, 0x26466264, 0x02020200, 0x35C5F1F4, 0x12829290, 0x0A8A8288, + 0x0C0C000C, 0x3383B3B0, 0x3E4E727C, 0x10C0D0D0, 0x3A4A7278, 0x07474344, + 0x16869294, 0x25C5E1E4, 0x26062224, 0x00808080, 0x2D8DA1AC, 0x1FCFD3DC, + 0x2181A1A0, 0x30003030, 0x37073334, 0x2E8EA2AC, 0x36063234, 0x15051114, + 0x22022220, 0x38083038, 0x34C4F0F4, 0x2787A3A4, 0x05454144, 0x0C4C404C, + 0x01818180, 0x29C9E1E8, 0x04848084, 0x17879394, 0x35053134, 0x0BCBC3C8, + 0x0ECEC2CC, 0x3C0C303C, 0x31417170, 0x11011110, 0x07C7C3C4, 0x09898188, + 0x35457174, 0x3BCBF3F8, 0x1ACAD2D8, 0x38C8F0F8, 0x14849094, 0x19495158, + 0x02828280, 0x04C4C0C4, 0x3FCFF3FC, 0x09494148, 0x39093138, 0x27476364, + 0x00C0C0C0, 0x0FCFC3CC, 0x17C7D3D4, 0x3888B0B8, 0x0F0F030C, 0x0E8E828C, + 0x02424240, 0x23032320, 0x11819190, 0x2C4C606C, 0x1BCBD3D8, 0x2484A0A4, + 0x34043034, 0x31C1F1F0, 0x08484048, 0x02C2C2C0, 0x2F4F636C, 0x3D0D313C, + 0x2D0D212C, 0x00404040, 0x3E8EB2BC, 0x3E0E323C, 0x3C8CB0BC, 0x01C1C1C0, + 0x2A8AA2A8, 0x3A8AB2B8, 0x0E4E424C, 0x15455154, 0x3B0B3338, 0x1CCCD0DC, + 0x28486068, 0x3F4F737C, 0x1C8C909C, 0x18C8D0D8, 0x0A4A4248, 0x16465254, + 0x37477374, 0x2080A0A0, 0x2DCDE1EC, 0x06464244, 0x3585B1B4, 0x2B0B2328, + 0x25456164, 0x3ACAF2F8, 0x23C3E3E0, 0x3989B1B8, 0x3181B1B0, 0x1F8F939C, + 0x1E4E525C, 0x39C9F1F8, 0x26C6E2E4, 0x3282B2B0, 0x31013130, 0x2ACAE2E8, + 0x2D4D616C, 0x1F4F535C, 0x24C4E0E4, 0x30C0F0F0, 0x0DCDC1CC, 0x08888088, + 0x16061214, 0x3A0A3238, 0x18485058, 0x14C4D0D4, 0x22426260, 0x29092128, + 0x07070304, 0x33033330, 0x28C8E0E8, 0x1B0B1318, 0x05050104, 0x39497178, + 0x10809090, 0x2A4A6268, 0x2A0A2228, 0x1A8A9298 }; + +const u32bit SEED::G_FUNC::S1[256] = { + 0x38380830, 0xE828C8E0, 0x2C2D0D21, 0xA42686A2, 0xCC0FCFC3, 0xDC1ECED2, + 0xB03383B3, 0xB83888B0, 0xAC2F8FA3, 0x60204060, 0x54154551, 0xC407C7C3, + 0x44044440, 0x6C2F4F63, 0x682B4B63, 0x581B4B53, 0xC003C3C3, 0x60224262, + 0x30330333, 0xB43585B1, 0x28290921, 0xA02080A0, 0xE022C2E2, 0xA42787A3, + 0xD013C3D3, 0x90118191, 0x10110111, 0x04060602, 0x1C1C0C10, 0xBC3C8CB0, + 0x34360632, 0x480B4B43, 0xEC2FCFE3, 0x88088880, 0x6C2C4C60, 0xA82888A0, + 0x14170713, 0xC404C4C0, 0x14160612, 0xF434C4F0, 0xC002C2C2, 0x44054541, + 0xE021C1E1, 0xD416C6D2, 0x3C3F0F33, 0x3C3D0D31, 0x8C0E8E82, 0x98188890, + 0x28280820, 0x4C0E4E42, 0xF436C6F2, 0x3C3E0E32, 0xA42585A1, 0xF839C9F1, + 0x0C0D0D01, 0xDC1FCFD3, 0xD818C8D0, 0x282B0B23, 0x64264662, 0x783A4A72, + 0x24270723, 0x2C2F0F23, 0xF031C1F1, 0x70324272, 0x40024242, 0xD414C4D0, + 0x40014141, 0xC000C0C0, 0x70334373, 0x64274763, 0xAC2C8CA0, 0x880B8B83, + 0xF437C7F3, 0xAC2D8DA1, 0x80008080, 0x1C1F0F13, 0xC80ACAC2, 0x2C2C0C20, + 0xA82A8AA2, 0x34340430, 0xD012C2D2, 0x080B0B03, 0xEC2ECEE2, 0xE829C9E1, + 0x5C1D4D51, 0x94148490, 0x18180810, 0xF838C8F0, 0x54174753, 0xAC2E8EA2, + 0x08080800, 0xC405C5C1, 0x10130313, 0xCC0DCDC1, 0x84068682, 0xB83989B1, + 0xFC3FCFF3, 0x7C3D4D71, 0xC001C1C1, 0x30310131, 0xF435C5F1, 0x880A8A82, + 0x682A4A62, 0xB03181B1, 0xD011C1D1, 0x20200020, 0xD417C7D3, 0x00020202, + 0x20220222, 0x04040400, 0x68284860, 0x70314171, 0x04070703, 0xD81BCBD3, + 0x9C1D8D91, 0x98198991, 0x60214161, 0xBC3E8EB2, 0xE426C6E2, 0x58194951, + 0xDC1DCDD1, 0x50114151, 0x90108090, 0xDC1CCCD0, 0x981A8A92, 0xA02383A3, + 0xA82B8BA3, 0xD010C0D0, 0x80018181, 0x0C0F0F03, 0x44074743, 0x181A0A12, + 0xE023C3E3, 0xEC2CCCE0, 0x8C0D8D81, 0xBC3F8FB3, 0x94168692, 0x783B4B73, + 0x5C1C4C50, 0xA02282A2, 0xA02181A1, 0x60234363, 0x20230323, 0x4C0D4D41, + 0xC808C8C0, 0x9C1E8E92, 0x9C1C8C90, 0x383A0A32, 0x0C0C0C00, 0x2C2E0E22, + 0xB83A8AB2, 0x6C2E4E62, 0x9C1F8F93, 0x581A4A52, 0xF032C2F2, 0x90128292, + 0xF033C3F3, 0x48094941, 0x78384870, 0xCC0CCCC0, 0x14150511, 0xF83BCBF3, + 0x70304070, 0x74354571, 0x7C3F4F73, 0x34350531, 0x10100010, 0x00030303, + 0x64244460, 0x6C2D4D61, 0xC406C6C2, 0x74344470, 0xD415C5D1, 0xB43484B0, + 0xE82ACAE2, 0x08090901, 0x74364672, 0x18190911, 0xFC3ECEF2, 0x40004040, + 0x10120212, 0xE020C0E0, 0xBC3D8DB1, 0x04050501, 0xF83ACAF2, 0x00010101, + 0xF030C0F0, 0x282A0A22, 0x5C1E4E52, 0xA82989A1, 0x54164652, 0x40034343, + 0x84058581, 0x14140410, 0x88098981, 0x981B8B93, 0xB03080B0, 0xE425C5E1, + 0x48084840, 0x78394971, 0x94178793, 0xFC3CCCF0, 0x1C1E0E12, 0x80028282, + 0x20210121, 0x8C0C8C80, 0x181B0B13, 0x5C1F4F53, 0x74374773, 0x54144450, + 0xB03282B2, 0x1C1D0D11, 0x24250521, 0x4C0F4F43, 0x00000000, 0x44064642, + 0xEC2DCDE1, 0x58184850, 0x50124252, 0xE82BCBE3, 0x7C3E4E72, 0xD81ACAD2, + 0xC809C9C1, 0xFC3DCDF1, 0x30300030, 0x94158591, 0x64254561, 0x3C3C0C30, + 0xB43686B2, 0xE424C4E0, 0xB83B8BB3, 0x7C3C4C70, 0x0C0E0E02, 0x50104050, + 0x38390931, 0x24260622, 0x30320232, 0x84048480, 0x68294961, 0x90138393, + 0x34370733, 0xE427C7E3, 0x24240420, 0xA42484A0, 0xC80BCBC3, 0x50134353, + 0x080A0A02, 0x84078783, 0xD819C9D1, 0x4C0C4C40, 0x80038383, 0x8C0F8F83, + 0xCC0ECEC2, 0x383B0B33, 0x480A4A42, 0xB43787B3 }; + +const u32bit SEED::G_FUNC::S2[256] = { + 0xA1A82989, 0x81840585, 0xD2D416C6, 0xD3D013C3, 0x50541444, 0x111C1D0D, + 0xA0AC2C8C, 0x21242505, 0x515C1D4D, 0x43400343, 0x10181808, 0x121C1E0E, + 0x51501141, 0xF0FC3CCC, 0xC2C80ACA, 0x63602343, 0x20282808, 0x40440444, + 0x20202000, 0x919C1D8D, 0xE0E020C0, 0xE2E022C2, 0xC0C808C8, 0x13141707, + 0xA1A42585, 0x838C0F8F, 0x03000303, 0x73783B4B, 0xB3B83B8B, 0x13101303, + 0xD2D012C2, 0xE2EC2ECE, 0x70703040, 0x808C0C8C, 0x333C3F0F, 0xA0A82888, + 0x32303202, 0xD1DC1DCD, 0xF2F436C6, 0x70743444, 0xE0EC2CCC, 0x91941585, + 0x03080B0B, 0x53541747, 0x505C1C4C, 0x53581B4B, 0xB1BC3D8D, 0x01000101, + 0x20242404, 0x101C1C0C, 0x73703343, 0x90981888, 0x10101000, 0xC0CC0CCC, + 0xF2F032C2, 0xD1D819C9, 0x202C2C0C, 0xE3E427C7, 0x72703242, 0x83800383, + 0x93981B8B, 0xD1D011C1, 0x82840686, 0xC1C809C9, 0x60602040, 0x50501040, + 0xA3A02383, 0xE3E82BCB, 0x010C0D0D, 0xB2B43686, 0x929C1E8E, 0x434C0F4F, + 0xB3B43787, 0x52581A4A, 0xC2C406C6, 0x70783848, 0xA2A42686, 0x12101202, + 0xA3AC2F8F, 0xD1D415C5, 0x61602141, 0xC3C003C3, 0xB0B43484, 0x41400141, + 0x52501242, 0x717C3D4D, 0x818C0D8D, 0x00080808, 0x131C1F0F, 0x91981989, + 0x00000000, 0x11181909, 0x00040404, 0x53501343, 0xF3F437C7, 0xE1E021C1, + 0xF1FC3DCD, 0x72743646, 0x232C2F0F, 0x23242707, 0xB0B03080, 0x83880B8B, + 0x020C0E0E, 0xA3A82B8B, 0xA2A02282, 0x626C2E4E, 0x93901383, 0x414C0D4D, + 0x61682949, 0x707C3C4C, 0x01080909, 0x02080A0A, 0xB3BC3F8F, 0xE3EC2FCF, + 0xF3F033C3, 0xC1C405C5, 0x83840787, 0x10141404, 0xF2FC3ECE, 0x60642444, + 0xD2DC1ECE, 0x222C2E0E, 0x43480B4B, 0x12181A0A, 0x02040606, 0x21202101, + 0x63682B4B, 0x62642646, 0x02000202, 0xF1F435C5, 0x92901282, 0x82880A8A, + 0x000C0C0C, 0xB3B03383, 0x727C3E4E, 0xD0D010C0, 0x72783A4A, 0x43440747, + 0x92941686, 0xE1E425C5, 0x22242606, 0x80800080, 0xA1AC2D8D, 0xD3DC1FCF, + 0xA1A02181, 0x30303000, 0x33343707, 0xA2AC2E8E, 0x32343606, 0x11141505, + 0x22202202, 0x30383808, 0xF0F434C4, 0xA3A42787, 0x41440545, 0x404C0C4C, + 0x81800181, 0xE1E829C9, 0x80840484, 0x93941787, 0x31343505, 0xC3C80BCB, + 0xC2CC0ECE, 0x303C3C0C, 0x71703141, 0x11101101, 0xC3C407C7, 0x81880989, + 0x71743545, 0xF3F83BCB, 0xD2D81ACA, 0xF0F838C8, 0x90941484, 0x51581949, + 0x82800282, 0xC0C404C4, 0xF3FC3FCF, 0x41480949, 0x31383909, 0x63642747, + 0xC0C000C0, 0xC3CC0FCF, 0xD3D417C7, 0xB0B83888, 0x030C0F0F, 0x828C0E8E, + 0x42400242, 0x23202303, 0x91901181, 0x606C2C4C, 0xD3D81BCB, 0xA0A42484, + 0x30343404, 0xF1F031C1, 0x40480848, 0xC2C002C2, 0x636C2F4F, 0x313C3D0D, + 0x212C2D0D, 0x40400040, 0xB2BC3E8E, 0x323C3E0E, 0xB0BC3C8C, 0xC1C001C1, + 0xA2A82A8A, 0xB2B83A8A, 0x424C0E4E, 0x51541545, 0x33383B0B, 0xD0DC1CCC, + 0x60682848, 0x737C3F4F, 0x909C1C8C, 0xD0D818C8, 0x42480A4A, 0x52541646, + 0x73743747, 0xA0A02080, 0xE1EC2DCD, 0x42440646, 0xB1B43585, 0x23282B0B, + 0x61642545, 0xF2F83ACA, 0xE3E023C3, 0xB1B83989, 0xB1B03181, 0x939C1F8F, + 0x525C1E4E, 0xF1F839C9, 0xE2E426C6, 0xB2B03282, 0x31303101, 0xE2E82ACA, + 0x616C2D4D, 0x535C1F4F, 0xE0E424C4, 0xF0F030C0, 0xC1CC0DCD, 0x80880888, + 0x12141606, 0x32383A0A, 0x50581848, 0xD0D414C4, 0x62602242, 0x21282909, + 0x03040707, 0x33303303, 0xE0E828C8, 0x13181B0B, 0x01040505, 0x71783949, + 0x90901080, 0x62682A4A, 0x22282A0A, 0x92981A8A }; + +const u32bit SEED::G_FUNC::S3[256] = { + 0x08303838, 0xC8E0E828, 0x0D212C2D, 0x86A2A426, 0xCFC3CC0F, 0xCED2DC1E, + 0x83B3B033, 0x88B0B838, 0x8FA3AC2F, 0x40606020, 0x45515415, 0xC7C3C407, + 0x44404404, 0x4F636C2F, 0x4B63682B, 0x4B53581B, 0xC3C3C003, 0x42626022, + 0x03333033, 0x85B1B435, 0x09212829, 0x80A0A020, 0xC2E2E022, 0x87A3A427, + 0xC3D3D013, 0x81919011, 0x01111011, 0x06020406, 0x0C101C1C, 0x8CB0BC3C, + 0x06323436, 0x4B43480B, 0xCFE3EC2F, 0x88808808, 0x4C606C2C, 0x88A0A828, + 0x07131417, 0xC4C0C404, 0x06121416, 0xC4F0F434, 0xC2C2C002, 0x45414405, + 0xC1E1E021, 0xC6D2D416, 0x0F333C3F, 0x0D313C3D, 0x8E828C0E, 0x88909818, + 0x08202828, 0x4E424C0E, 0xC6F2F436, 0x0E323C3E, 0x85A1A425, 0xC9F1F839, + 0x0D010C0D, 0xCFD3DC1F, 0xC8D0D818, 0x0B23282B, 0x46626426, 0x4A72783A, + 0x07232427, 0x0F232C2F, 0xC1F1F031, 0x42727032, 0x42424002, 0xC4D0D414, + 0x41414001, 0xC0C0C000, 0x43737033, 0x47636427, 0x8CA0AC2C, 0x8B83880B, + 0xC7F3F437, 0x8DA1AC2D, 0x80808000, 0x0F131C1F, 0xCAC2C80A, 0x0C202C2C, + 0x8AA2A82A, 0x04303434, 0xC2D2D012, 0x0B03080B, 0xCEE2EC2E, 0xC9E1E829, + 0x4D515C1D, 0x84909414, 0x08101818, 0xC8F0F838, 0x47535417, 0x8EA2AC2E, + 0x08000808, 0xC5C1C405, 0x03131013, 0xCDC1CC0D, 0x86828406, 0x89B1B839, + 0xCFF3FC3F, 0x4D717C3D, 0xC1C1C001, 0x01313031, 0xC5F1F435, 0x8A82880A, + 0x4A62682A, 0x81B1B031, 0xC1D1D011, 0x00202020, 0xC7D3D417, 0x02020002, + 0x02222022, 0x04000404, 0x48606828, 0x41717031, 0x07030407, 0xCBD3D81B, + 0x8D919C1D, 0x89919819, 0x41616021, 0x8EB2BC3E, 0xC6E2E426, 0x49515819, + 0xCDD1DC1D, 0x41515011, 0x80909010, 0xCCD0DC1C, 0x8A92981A, 0x83A3A023, + 0x8BA3A82B, 0xC0D0D010, 0x81818001, 0x0F030C0F, 0x47434407, 0x0A12181A, + 0xC3E3E023, 0xCCE0EC2C, 0x8D818C0D, 0x8FB3BC3F, 0x86929416, 0x4B73783B, + 0x4C505C1C, 0x82A2A022, 0x81A1A021, 0x43636023, 0x03232023, 0x4D414C0D, + 0xC8C0C808, 0x8E929C1E, 0x8C909C1C, 0x0A32383A, 0x0C000C0C, 0x0E222C2E, + 0x8AB2B83A, 0x4E626C2E, 0x8F939C1F, 0x4A52581A, 0xC2F2F032, 0x82929012, + 0xC3F3F033, 0x49414809, 0x48707838, 0xCCC0CC0C, 0x05111415, 0xCBF3F83B, + 0x40707030, 0x45717435, 0x4F737C3F, 0x05313435, 0x00101010, 0x03030003, + 0x44606424, 0x4D616C2D, 0xC6C2C406, 0x44707434, 0xC5D1D415, 0x84B0B434, + 0xCAE2E82A, 0x09010809, 0x46727436, 0x09111819, 0xCEF2FC3E, 0x40404000, + 0x02121012, 0xC0E0E020, 0x8DB1BC3D, 0x05010405, 0xCAF2F83A, 0x01010001, + 0xC0F0F030, 0x0A22282A, 0x4E525C1E, 0x89A1A829, 0x46525416, 0x43434003, + 0x85818405, 0x04101414, 0x89818809, 0x8B93981B, 0x80B0B030, 0xC5E1E425, + 0x48404808, 0x49717839, 0x87939417, 0xCCF0FC3C, 0x0E121C1E, 0x82828002, + 0x01212021, 0x8C808C0C, 0x0B13181B, 0x4F535C1F, 0x47737437, 0x44505414, + 0x82B2B032, 0x0D111C1D, 0x05212425, 0x4F434C0F, 0x00000000, 0x46424406, + 0xCDE1EC2D, 0x48505818, 0x42525012, 0xCBE3E82B, 0x4E727C3E, 0xCAD2D81A, + 0xC9C1C809, 0xCDF1FC3D, 0x00303030, 0x85919415, 0x45616425, 0x0C303C3C, + 0x86B2B436, 0xC4E0E424, 0x8BB3B83B, 0x4C707C3C, 0x0E020C0E, 0x40505010, + 0x09313839, 0x06222426, 0x02323032, 0x84808404, 0x49616829, 0x83939013, + 0x07333437, 0xC7E3E427, 0x04202424, 0x84A0A424, 0xCBC3C80B, 0x43535013, + 0x0A02080A, 0x87838407, 0xC9D1D819, 0x4C404C0C, 0x83838003, 0x8F838C0F, + 0xCEC2CC0E, 0x0B33383B, 0x4A42480A, 0x87B3B437 }; + +} diff --git a/src/cipher/serpent/modinfo.txt b/src/cipher/serpent/modinfo.txt new file mode 100644 index 000000000..baaccbf01 --- /dev/null +++ b/src/cipher/serpent/modinfo.txt @@ -0,0 +1,10 @@ +realname "Serpent" + +define SERPENT + +load_on auto + +<add> +serpent.cpp +serpent.h +</add> diff --git a/src/cipher/serpent/serpent.cpp b/src/cipher/serpent/serpent.cpp new file mode 100644 index 000000000..997daa8b1 --- /dev/null +++ b/src/cipher/serpent/serpent.cpp @@ -0,0 +1,367 @@ +/************************************************* +* Serpent Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/serpent.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* Serpent Encryption S-Box 1 * +*************************************************/ +inline void SBoxE1(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T3 ^= T0; T4 = T1; T1 &= T3; T4 ^= T2; T1 ^= T0; T0 |= T3; T0 ^= T4; + T4 ^= T3; T3 ^= T2; T2 |= T1; T2 ^= T4; T4 = ~T4; T4 |= T1; T1 ^= T3; + T1 ^= T4; T3 |= T0; T1 ^= T3; T4 ^= T3; + B0 = T1; B1 = T4; B2 = T2; B3 = T0; + } + +/************************************************* +* Serpent Encryption S-Box 2 * +*************************************************/ +inline void SBoxE2(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T0 = ~T0; T2 = ~T2; T4 = T0; T0 &= T1; T2 ^= T0; T0 |= T3; T3 ^= T2; + T1 ^= T0; T0 ^= T4; T4 |= T1; T1 ^= T3; T2 |= T0; T2 &= T4; T0 ^= T1; + T1 &= T2; T1 ^= T0; T0 &= T2; T0 ^= T4; + B0 = T2; B1 = T0; B2 = T3; B3 = T1; + } + +/************************************************* +* Serpent Encryption S-Box 3 * +*************************************************/ +inline void SBoxE3(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T4 = T0; T0 &= T2; T0 ^= T3; T2 ^= T1; T2 ^= T0; T3 |= T4; T3 ^= T1; + T4 ^= T2; T1 = T3; T3 |= T4; T3 ^= T0; T0 &= T1; T4 ^= T0; T1 ^= T3; + T1 ^= T4; T4 = ~T4; + B0 = T2; B1 = T3; B2 = T1; B3 = T4; + } + +/************************************************* +* Serpent Encryption S-Box 4 * +*************************************************/ +inline void SBoxE4(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T4 = T0; T0 |= T3; T3 ^= T1; T1 &= T4; T4 ^= T2; T2 ^= T3; T3 &= T0; + T4 |= T1; T3 ^= T4; T0 ^= T1; T4 &= T0; T1 ^= T3; T4 ^= T2; T1 |= T0; + T1 ^= T2; T0 ^= T3; T2 = T1; T1 |= T3; T1 ^= T0; + B0 = T1; B1 = T2; B2 = T3; B3 = T4; + } + +/************************************************* +* Serpent Encryption S-Box 5 * +*************************************************/ +inline void SBoxE5(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T1 ^= T3; T3 = ~T3; T2 ^= T3; T3 ^= T0; T4 = T1; T1 &= T3; T1 ^= T2; + T4 ^= T3; T0 ^= T4; T2 &= T4; T2 ^= T0; T0 &= T1; T3 ^= T0; T4 |= T1; + T4 ^= T0; T0 |= T3; T0 ^= T2; T2 &= T3; T0 = ~T0; T4 ^= T2; + B0 = T1; B1 = T4; B2 = T0; B3 = T3; + } + +/************************************************* +* Serpent Encryption S-Box 6 * +*************************************************/ +inline void SBoxE6(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T0 ^= T1; T1 ^= T3; T3 = ~T3; T4 = T1; T1 &= T0; T2 ^= T3; T1 ^= T2; + T2 |= T4; T4 ^= T3; T3 &= T1; T3 ^= T0; T4 ^= T1; T4 ^= T2; T2 ^= T0; + T0 &= T3; T2 = ~T2; T0 ^= T4; T4 |= T3; T2 ^= T4; + B0 = T1; B1 = T3; B2 = T0; B3 = T2; + } + +/************************************************* +* Serpent Encryption S-Box 7 * +*************************************************/ +inline void SBoxE7(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T2 = ~T2; T4 = T3; T3 &= T0; T0 ^= T4; T3 ^= T2; T2 |= T4; T1 ^= T3; + T2 ^= T0; T0 |= T1; T2 ^= T1; T4 ^= T0; T0 |= T3; T0 ^= T2; T4 ^= T3; + T4 ^= T0; T3 = ~T3; T2 &= T4; T2 ^= T3; + B0 = T0; B1 = T1; B2 = T4; B3 = T2; + } + +/************************************************* +* Serpent Encryption S-Box 8 * +*************************************************/ +inline void SBoxE8(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T4 = T1; T1 |= T2; T1 ^= T3; T4 ^= T2; T2 ^= T1; T3 |= T4; T3 &= T0; + T4 ^= T2; T3 ^= T1; T1 |= T4; T1 ^= T0; T0 |= T4; T0 ^= T2; T1 ^= T4; + T2 ^= T1; T1 &= T0; T1 ^= T4; T2 = ~T2; T2 |= T0; T4 ^= T2; + B0 = T4; B1 = T3; B2 = T1; B3 = T0; + } + +/************************************************* +* Serpent Decryption S-Box 1 * +*************************************************/ +inline void SBoxD1(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T2 = ~T2; T4 = T1; T1 |= T0; T4 = ~T4; T1 ^= T2; T2 |= T4; T1 ^= T3; + T0 ^= T4; T2 ^= T0; T0 &= T3; T4 ^= T0; T0 |= T1; T0 ^= T2; T3 ^= T4; + T2 ^= T1; T3 ^= T0; T3 ^= T1; T2 &= T3; T4 ^= T2; + B0 = T0; B1 = T4; B2 = T1; B3 = T3; + } + +/************************************************* +* Serpent Decryption S-Box 2 * +*************************************************/ +inline void SBoxD2(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T4 = T1; T1 ^= T3; T3 &= T1; T4 ^= T2; T3 ^= T0; T0 |= T1; T2 ^= T3; + T0 ^= T4; T0 |= T2; T1 ^= T3; T0 ^= T1; T1 |= T3; T1 ^= T0; T4 = ~T4; + T4 ^= T1; T1 |= T0; T1 ^= T0; T1 |= T4; T3 ^= T1; + B0 = T4; B1 = T0; B2 = T3; B3 = T2; + } + +/************************************************* +* Serpent Decryption S-Box 3 * +*************************************************/ +inline void SBoxD3(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T2 ^= T3; T3 ^= T0; T4 = T3; T3 &= T2; T3 ^= T1; T1 |= T2; T1 ^= T4; + T4 &= T3; T2 ^= T3; T4 &= T0; T4 ^= T2; T2 &= T1; T2 |= T0; T3 = ~T3; + T2 ^= T3; T0 ^= T3; T0 &= T1; T3 ^= T4; T3 ^= T0; + B0 = T1; B1 = T4; B2 = T2; B3 = T3; + } + +/************************************************* +* Serpent Decryption S-Box 4 * +*************************************************/ +inline void SBoxD4(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T4 = T2; T2 ^= T1; T0 ^= T2; T4 &= T2; T4 ^= T0; T0 &= T1; T1 ^= T3; + T3 |= T4; T2 ^= T3; T0 ^= T3; T1 ^= T4; T3 &= T2; T3 ^= T1; T1 ^= T0; + T1 |= T2; T0 ^= T3; T1 ^= T4; T0 ^= T1; + B0 = T2; B1 = T1; B2 = T3; B3 = T0; + } + +/************************************************* +* Serpent Decryption S-Box 5 * +*************************************************/ +inline void SBoxD5(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T4 = T2; T2 &= T3; T2 ^= T1; T1 |= T3; T1 &= T0; T4 ^= T2; T4 ^= T1; + T1 &= T2; T0 = ~T0; T3 ^= T4; T1 ^= T3; T3 &= T0; T3 ^= T2; T0 ^= T1; + T2 &= T0; T3 ^= T0; T2 ^= T4; T2 |= T3; T3 ^= T0; T2 ^= T1; + B0 = T0; B1 = T3; B2 = T2; B3 = T4; + } + +/************************************************* +* Serpent Decryption S-Box 6 * +*************************************************/ +inline void SBoxD6(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T1 = ~T1; T4 = T3; T2 ^= T1; T3 |= T0; T3 ^= T2; T2 |= T1; T2 &= T0; + T4 ^= T3; T2 ^= T4; T4 |= T0; T4 ^= T1; T1 &= T2; T1 ^= T3; T4 ^= T2; + T3 &= T4; T4 ^= T1; T3 ^= T4; T4 = ~T4; T3 ^= T0; + B0 = T1; B1 = T4; B2 = T3; B3 = T2; + } + +/************************************************* +* Serpent Decryption S-Box 7 * +*************************************************/ +inline void SBoxD7(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T0 ^= T2; T4 = T2; T2 &= T0; T4 ^= T3; T2 = ~T2; T3 ^= T1; T2 ^= T3; + T4 |= T0; T0 ^= T2; T3 ^= T4; T4 ^= T1; T1 &= T3; T1 ^= T0; T0 ^= T3; + T0 |= T2; T3 ^= T1; T4 ^= T0; + B0 = T1; B1 = T2; B2 = T4; B3 = T3; + } + +/************************************************* +* Serpent Decryption S-Box 8 * +*************************************************/ +inline void SBoxD8(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + u32bit T0 = B0, T1 = B1, T2 = B2, T3 = B3, T4; + T4 = T2; T2 ^= T0; T0 &= T3; T4 |= T3; T2 = ~T2; T3 ^= T1; T1 |= T0; + T0 ^= T2; T2 &= T4; T3 &= T4; T1 ^= T2; T2 ^= T0; T0 |= T2; T4 ^= T1; + T0 ^= T3; T3 ^= T4; T4 |= T0; T3 ^= T2; T4 ^= T2; + B0 = T3; B1 = T0; B2 = T1; B3 = T4; + } + +/************************************************* +* Serpent's Linear Transformation * +*************************************************/ +inline void transform(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + B0 = rotate_left(B0, 13); B2 = rotate_left(B2, 3); + B1 ^= B0 ^ B2; B3 ^= B2 ^ (B0 << 3); + B1 = rotate_left(B1, 1); B3 = rotate_left(B3, 7); + B0 ^= B1 ^ B3; B2 ^= B3 ^ (B1 << 7); + B0 = rotate_left(B0, 5); B2 = rotate_left(B2, 22); + } + +/************************************************* +* Serpent's Inverse Linear Transformation * +*************************************************/ +inline void i_transform(u32bit& B0, u32bit& B1, u32bit& B2, u32bit& B3) + { + B2 = rotate_right(B2, 22); B0 = rotate_right(B0, 5); + B2 ^= B3 ^ (B1 << 7); B0 ^= B1 ^ B3; + B3 = rotate_right(B3, 7); B1 = rotate_right(B1, 1); + B3 ^= B2 ^ (B0 << 3); B1 ^= B0 ^ B2; + B2 = rotate_right(B2, 3); B0 = rotate_right(B0, 13); + } + +} + +/************************************************* +* XOR a key block with a data block * +*************************************************/ +#define key_xor(round, B0, B1, B2, B3) \ + B0 ^= round_key[4*round ]; \ + B1 ^= round_key[4*round+1]; \ + B2 ^= round_key[4*round+2]; \ + B3 ^= round_key[4*round+3]; + +/************************************************* +* Serpent Encryption * +*************************************************/ +void Serpent::enc(const byte in[], byte out[]) const + { + u32bit B0 = load_le<u32bit>(in, 0); + u32bit B1 = load_le<u32bit>(in, 1); + u32bit B2 = load_le<u32bit>(in, 2); + u32bit B3 = load_le<u32bit>(in, 3); + + key_xor( 0,B0,B1,B2,B3); SBoxE1(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor( 1,B0,B1,B2,B3); SBoxE2(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor( 2,B0,B1,B2,B3); SBoxE3(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor( 3,B0,B1,B2,B3); SBoxE4(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor( 4,B0,B1,B2,B3); SBoxE5(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor( 5,B0,B1,B2,B3); SBoxE6(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor( 6,B0,B1,B2,B3); SBoxE7(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor( 7,B0,B1,B2,B3); SBoxE8(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor( 8,B0,B1,B2,B3); SBoxE1(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor( 9,B0,B1,B2,B3); SBoxE2(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(10,B0,B1,B2,B3); SBoxE3(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(11,B0,B1,B2,B3); SBoxE4(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(12,B0,B1,B2,B3); SBoxE5(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(13,B0,B1,B2,B3); SBoxE6(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(14,B0,B1,B2,B3); SBoxE7(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(15,B0,B1,B2,B3); SBoxE8(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(16,B0,B1,B2,B3); SBoxE1(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(17,B0,B1,B2,B3); SBoxE2(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(18,B0,B1,B2,B3); SBoxE3(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(19,B0,B1,B2,B3); SBoxE4(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(20,B0,B1,B2,B3); SBoxE5(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(21,B0,B1,B2,B3); SBoxE6(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(22,B0,B1,B2,B3); SBoxE7(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(23,B0,B1,B2,B3); SBoxE8(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(24,B0,B1,B2,B3); SBoxE1(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(25,B0,B1,B2,B3); SBoxE2(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(26,B0,B1,B2,B3); SBoxE3(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(27,B0,B1,B2,B3); SBoxE4(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(28,B0,B1,B2,B3); SBoxE5(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(29,B0,B1,B2,B3); SBoxE6(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(30,B0,B1,B2,B3); SBoxE7(B0,B1,B2,B3); transform(B0,B1,B2,B3); + key_xor(31,B0,B1,B2,B3); SBoxE8(B0,B1,B2,B3); key_xor(32,B0,B1,B2,B3); + + store_le(out, B0, B1, B2, B3); + } + +/************************************************* +* Serpent Decryption * +*************************************************/ +void Serpent::dec(const byte in[], byte out[]) const + { + u32bit B0 = load_le<u32bit>(in, 0); + u32bit B1 = load_le<u32bit>(in, 1); + u32bit B2 = load_le<u32bit>(in, 2); + u32bit B3 = load_le<u32bit>(in, 3); + + key_xor(32,B0,B1,B2,B3); SBoxD8(B0,B1,B2,B3); key_xor(31,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD7(B0,B1,B2,B3); key_xor(30,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD6(B0,B1,B2,B3); key_xor(29,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD5(B0,B1,B2,B3); key_xor(28,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD4(B0,B1,B2,B3); key_xor(27,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD3(B0,B1,B2,B3); key_xor(26,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD2(B0,B1,B2,B3); key_xor(25,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD1(B0,B1,B2,B3); key_xor(24,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD8(B0,B1,B2,B3); key_xor(23,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD7(B0,B1,B2,B3); key_xor(22,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD6(B0,B1,B2,B3); key_xor(21,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD5(B0,B1,B2,B3); key_xor(20,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD4(B0,B1,B2,B3); key_xor(19,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD3(B0,B1,B2,B3); key_xor(18,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD2(B0,B1,B2,B3); key_xor(17,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD1(B0,B1,B2,B3); key_xor(16,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD8(B0,B1,B2,B3); key_xor(15,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD7(B0,B1,B2,B3); key_xor(14,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD6(B0,B1,B2,B3); key_xor(13,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD5(B0,B1,B2,B3); key_xor(12,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD4(B0,B1,B2,B3); key_xor(11,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD3(B0,B1,B2,B3); key_xor(10,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD2(B0,B1,B2,B3); key_xor( 9,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD1(B0,B1,B2,B3); key_xor( 8,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD8(B0,B1,B2,B3); key_xor( 7,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD7(B0,B1,B2,B3); key_xor( 6,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD6(B0,B1,B2,B3); key_xor( 5,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD5(B0,B1,B2,B3); key_xor( 4,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD4(B0,B1,B2,B3); key_xor( 3,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD3(B0,B1,B2,B3); key_xor( 2,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD2(B0,B1,B2,B3); key_xor( 1,B0,B1,B2,B3); + i_transform(B0,B1,B2,B3); SBoxD1(B0,B1,B2,B3); key_xor( 0,B0,B1,B2,B3); + + store_le(out, B0, B1, B2, B3); + } + +/************************************************* +* Serpent Key Schedule * +*************************************************/ +void Serpent::key(const byte key[], u32bit length) + { + const u32bit PHI = 0x9E3779B9; + + SecureBuffer<u32bit, 140> W; + for(u32bit j = 0; j != length / 4; ++j) + W[j] = load_le<u32bit>(key, j); + + W[length / 4] |= u32bit(1) << ((length%4)*8); + for(u32bit j = 8; j != 140; ++j) + W[j] = rotate_left(W[j-8] ^ W[j-5] ^ W[j-3] ^ W[j-1] ^ PHI ^ (j-8), 11); + SBoxE4(W[ 8],W[ 9],W[ 10],W[ 11]); SBoxE3(W[ 12],W[ 13],W[ 14],W[ 15]); + SBoxE2(W[ 16],W[ 17],W[ 18],W[ 19]); SBoxE1(W[ 20],W[ 21],W[ 22],W[ 23]); + SBoxE8(W[ 24],W[ 25],W[ 26],W[ 27]); SBoxE7(W[ 28],W[ 29],W[ 30],W[ 31]); + SBoxE6(W[ 32],W[ 33],W[ 34],W[ 35]); SBoxE5(W[ 36],W[ 37],W[ 38],W[ 39]); + SBoxE4(W[ 40],W[ 41],W[ 42],W[ 43]); SBoxE3(W[ 44],W[ 45],W[ 46],W[ 47]); + SBoxE2(W[ 48],W[ 49],W[ 50],W[ 51]); SBoxE1(W[ 52],W[ 53],W[ 54],W[ 55]); + SBoxE8(W[ 56],W[ 57],W[ 58],W[ 59]); SBoxE7(W[ 60],W[ 61],W[ 62],W[ 63]); + SBoxE6(W[ 64],W[ 65],W[ 66],W[ 67]); SBoxE5(W[ 68],W[ 69],W[ 70],W[ 71]); + SBoxE4(W[ 72],W[ 73],W[ 74],W[ 75]); SBoxE3(W[ 76],W[ 77],W[ 78],W[ 79]); + SBoxE2(W[ 80],W[ 81],W[ 82],W[ 83]); SBoxE1(W[ 84],W[ 85],W[ 86],W[ 87]); + SBoxE8(W[ 88],W[ 89],W[ 90],W[ 91]); SBoxE7(W[ 92],W[ 93],W[ 94],W[ 95]); + SBoxE6(W[ 96],W[ 97],W[ 98],W[ 99]); SBoxE5(W[100],W[101],W[102],W[103]); + SBoxE4(W[104],W[105],W[106],W[107]); SBoxE3(W[108],W[109],W[110],W[111]); + SBoxE2(W[112],W[113],W[114],W[115]); SBoxE1(W[116],W[117],W[118],W[119]); + SBoxE8(W[120],W[121],W[122],W[123]); SBoxE7(W[124],W[125],W[126],W[127]); + SBoxE6(W[128],W[129],W[130],W[131]); SBoxE5(W[132],W[133],W[134],W[135]); + SBoxE4(W[136],W[137],W[138],W[139]); + round_key.copy(W + 8, 132); + } + +} diff --git a/src/cipher/serpent/serpent.h b/src/cipher/serpent/serpent.h new file mode 100644 index 000000000..685470e4c --- /dev/null +++ b/src/cipher/serpent/serpent.h @@ -0,0 +1,33 @@ +/************************************************* +* Serpent Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_SERPENT_H__ +#define BOTAN_SERPENT_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* Serpent * +*************************************************/ +class BOTAN_DLL Serpent : public BlockCipher + { + public: + void clear() throw() { round_key.clear(); } + std::string name() const { return "Serpent"; } + BlockCipher* clone() const { return new Serpent; } + Serpent() : BlockCipher(16, 16, 32, 8) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + + SecureBuffer<u32bit, 132> round_key; + }; + +} + +#endif diff --git a/src/cipher/skipjack/modinfo.txt b/src/cipher/skipjack/modinfo.txt new file mode 100644 index 000000000..4b38d6d28 --- /dev/null +++ b/src/cipher/skipjack/modinfo.txt @@ -0,0 +1,10 @@ +realname "Skipjack" + +define SKIPJACK + +load_on auto + +<add> +skipjack.cpp +skipjack.h +</add> diff --git a/src/cipher/skipjack/skipjack.cpp b/src/cipher/skipjack/skipjack.cpp new file mode 100644 index 000000000..3cad75436 --- /dev/null +++ b/src/cipher/skipjack/skipjack.cpp @@ -0,0 +1,160 @@ +/************************************************* +* Skipjack Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/skipjack.h> +#include <botan/loadstor.h> + +namespace Botan { + +/************************************************* +* Skipjack Encryption * +*************************************************/ +void Skipjack::enc(const byte in[], byte out[]) const + { + u16bit W1 = load_le<u16bit>(in, 3); + u16bit W2 = load_le<u16bit>(in, 2); + u16bit W3 = load_le<u16bit>(in, 1); + u16bit W4 = load_le<u16bit>(in, 0); + + step_A(W1,W4, 1); step_A(W4,W3, 2); step_A(W3,W2, 3); step_A(W2,W1, 4); + step_A(W1,W4, 5); step_A(W4,W3, 6); step_A(W3,W2, 7); step_A(W2,W1, 8); + + step_B(W1,W2, 9); step_B(W4,W1,10); step_B(W3,W4,11); step_B(W2,W3,12); + step_B(W1,W2,13); step_B(W4,W1,14); step_B(W3,W4,15); step_B(W2,W3,16); + + step_A(W1,W4,17); step_A(W4,W3,18); step_A(W3,W2,19); step_A(W2,W1,20); + step_A(W1,W4,21); step_A(W4,W3,22); step_A(W3,W2,23); step_A(W2,W1,24); + + step_B(W1,W2,25); step_B(W4,W1,26); step_B(W3,W4,27); step_B(W2,W3,28); + step_B(W1,W2,29); step_B(W4,W1,30); step_B(W3,W4,31); step_B(W2,W3,32); + + store_le(out, W4, W3, W2, W1); + } + +/************************************************* +* Skipjack Decryption * +*************************************************/ +void Skipjack::dec(const byte in[], byte out[]) const + { + u16bit W1 = load_le<u16bit>(in, 3); + u16bit W2 = load_le<u16bit>(in, 2); + u16bit W3 = load_le<u16bit>(in, 1); + u16bit W4 = load_le<u16bit>(in, 0); + + step_Bi(W2,W3,32); step_Bi(W3,W4,31); step_Bi(W4,W1,30); step_Bi(W1,W2,29); + step_Bi(W2,W3,28); step_Bi(W3,W4,27); step_Bi(W4,W1,26); step_Bi(W1,W2,25); + + step_Ai(W1,W2,24); step_Ai(W2,W3,23); step_Ai(W3,W4,22); step_Ai(W4,W1,21); + step_Ai(W1,W2,20); step_Ai(W2,W3,19); step_Ai(W3,W4,18); step_Ai(W4,W1,17); + + step_Bi(W2,W3,16); step_Bi(W3,W4,15); step_Bi(W4,W1,14); step_Bi(W1,W2,13); + step_Bi(W2,W3,12); step_Bi(W3,W4,11); step_Bi(W4,W1,10); step_Bi(W1,W2, 9); + + step_Ai(W1,W2, 8); step_Ai(W2,W3, 7); step_Ai(W3,W4, 6); step_Ai(W4,W1, 5); + step_Ai(W1,W2, 4); step_Ai(W2,W3, 3); step_Ai(W3,W4, 2); step_Ai(W4,W1, 1); + + store_le(out, W4, W3, W2, W1); + } + +/************************************************* +* Skipjack Stepping Rule 'A' * +*************************************************/ +void Skipjack::step_A(u16bit& W1, u16bit& W4, u32bit round) const + { + byte G1 = get_byte(0, W1), G2 = get_byte(1, W1), G3; + G3 = FTABLE[(4 * round - 4) % 10][G2] ^ G1; + G1 = FTABLE[(4 * round - 3) % 10][G3] ^ G2; + G2 = FTABLE[(4 * round - 2) % 10][G1] ^ G3; + G3 = FTABLE[(4 * round - 1) % 10][G2] ^ G1; + W1 = make_u16bit(G2, G3); + W4 ^= W1 ^ round; + } + +/************************************************* +* Skipjack Stepping Rule 'B' * +*************************************************/ +void Skipjack::step_B(u16bit& W1, u16bit& W2, u32bit round) const + { + W2 ^= W1 ^ round; + byte G1 = get_byte(0, W1), G2 = get_byte(1, W1), G3; + G3 = FTABLE[(4 * round - 4) % 10][G2] ^ G1; + G1 = FTABLE[(4 * round - 3) % 10][G3] ^ G2; + G2 = FTABLE[(4 * round - 2) % 10][G1] ^ G3; + G3 = FTABLE[(4 * round - 1) % 10][G2] ^ G1; + W1 = make_u16bit(G2, G3); + } + +/************************************************* +* Skipjack Invserse Stepping Rule 'A' * +*************************************************/ +void Skipjack::step_Ai(u16bit& W1, u16bit& W2, u32bit round) const + { + W1 ^= W2 ^ round; + byte G1 = get_byte(1, W2), G2 = get_byte(0, W2), G3; + G3 = FTABLE[(4 * round - 1) % 10][G2] ^ G1; + G1 = FTABLE[(4 * round - 2) % 10][G3] ^ G2; + G2 = FTABLE[(4 * round - 3) % 10][G1] ^ G3; + G3 = FTABLE[(4 * round - 4) % 10][G2] ^ G1; + W2 = make_u16bit(G3, G2); + } + +/************************************************* +* Skipjack Invserse Stepping Rule 'B' * +*************************************************/ +void Skipjack::step_Bi(u16bit& W2, u16bit& W3, u32bit round) const + { + byte G1 = get_byte(1, W2), G2 = get_byte(0, W2), G3; + G3 = FTABLE[(4 * round - 1) % 10][G2] ^ G1; + G1 = FTABLE[(4 * round - 2) % 10][G3] ^ G2; + G2 = FTABLE[(4 * round - 3) % 10][G1] ^ G3; + G3 = FTABLE[(4 * round - 4) % 10][G2] ^ G1; + W2 = make_u16bit(G3, G2); + W3 ^= W2 ^ round; + } + +/************************************************* +* Skipjack Key Schedule * +*************************************************/ +void Skipjack::key(const byte key[], u32bit) + { + static const byte F[256] = { + 0xA3, 0xD7, 0x09, 0x83, 0xF8, 0x48, 0xF6, 0xF4, 0xB3, 0x21, 0x15, 0x78, + 0x99, 0xB1, 0xAF, 0xF9, 0xE7, 0x2D, 0x4D, 0x8A, 0xCE, 0x4C, 0xCA, 0x2E, + 0x52, 0x95, 0xD9, 0x1E, 0x4E, 0x38, 0x44, 0x28, 0x0A, 0xDF, 0x02, 0xA0, + 0x17, 0xF1, 0x60, 0x68, 0x12, 0xB7, 0x7A, 0xC3, 0xE9, 0xFA, 0x3D, 0x53, + 0x96, 0x84, 0x6B, 0xBA, 0xF2, 0x63, 0x9A, 0x19, 0x7C, 0xAE, 0xE5, 0xF5, + 0xF7, 0x16, 0x6A, 0xA2, 0x39, 0xB6, 0x7B, 0x0F, 0xC1, 0x93, 0x81, 0x1B, + 0xEE, 0xB4, 0x1A, 0xEA, 0xD0, 0x91, 0x2F, 0xB8, 0x55, 0xB9, 0xDA, 0x85, + 0x3F, 0x41, 0xBF, 0xE0, 0x5A, 0x58, 0x80, 0x5F, 0x66, 0x0B, 0xD8, 0x90, + 0x35, 0xD5, 0xC0, 0xA7, 0x33, 0x06, 0x65, 0x69, 0x45, 0x00, 0x94, 0x56, + 0x6D, 0x98, 0x9B, 0x76, 0x97, 0xFC, 0xB2, 0xC2, 0xB0, 0xFE, 0xDB, 0x20, + 0xE1, 0xEB, 0xD6, 0xE4, 0xDD, 0x47, 0x4A, 0x1D, 0x42, 0xED, 0x9E, 0x6E, + 0x49, 0x3C, 0xCD, 0x43, 0x27, 0xD2, 0x07, 0xD4, 0xDE, 0xC7, 0x67, 0x18, + 0x89, 0xCB, 0x30, 0x1F, 0x8D, 0xC6, 0x8F, 0xAA, 0xC8, 0x74, 0xDC, 0xC9, + 0x5D, 0x5C, 0x31, 0xA4, 0x70, 0x88, 0x61, 0x2C, 0x9F, 0x0D, 0x2B, 0x87, + 0x50, 0x82, 0x54, 0x64, 0x26, 0x7D, 0x03, 0x40, 0x34, 0x4B, 0x1C, 0x73, + 0xD1, 0xC4, 0xFD, 0x3B, 0xCC, 0xFB, 0x7F, 0xAB, 0xE6, 0x3E, 0x5B, 0xA5, + 0xAD, 0x04, 0x23, 0x9C, 0x14, 0x51, 0x22, 0xF0, 0x29, 0x79, 0x71, 0x7E, + 0xFF, 0x8C, 0x0E, 0xE2, 0x0C, 0xEF, 0xBC, 0x72, 0x75, 0x6F, 0x37, 0xA1, + 0xEC, 0xD3, 0x8E, 0x62, 0x8B, 0x86, 0x10, 0xE8, 0x08, 0x77, 0x11, 0xBE, + 0x92, 0x4F, 0x24, 0xC5, 0x32, 0x36, 0x9D, 0xCF, 0xF3, 0xA6, 0xBB, 0xAC, + 0x5E, 0x6C, 0xA9, 0x13, 0x57, 0x25, 0xB5, 0xE3, 0xBD, 0xA8, 0x3A, 0x01, + 0x05, 0x59, 0x2A, 0x46 }; + + for(u32bit j = 0; j != 10; ++j) + for(u32bit k = 0; k != 256; ++k) + FTABLE[j][k] = F[k ^ key[9-j]]; + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void Skipjack::clear() throw() + { + for(u32bit j = 0; j != 10; ++j) + FTABLE[j].clear(); + } + +} diff --git a/src/cipher/skipjack/skipjack.h b/src/cipher/skipjack/skipjack.h new file mode 100644 index 000000000..240148f19 --- /dev/null +++ b/src/cipher/skipjack/skipjack.h @@ -0,0 +1,36 @@ +/************************************************* +* Skipjack Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_SKIPJACK_H__ +#define BOTAN_SKIPJACK_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* Skipjack * +*************************************************/ +class BOTAN_DLL Skipjack : public BlockCipher + { + public: + void clear() throw(); + std::string name() const { return "Skipjack"; } + BlockCipher* clone() const { return new Skipjack; } + Skipjack() : BlockCipher(8, 10) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + void step_A(u16bit&, u16bit&, u32bit) const; + void step_B(u16bit&, u16bit&, u32bit) const; + void step_Ai(u16bit&, u16bit&, u32bit) const; + void step_Bi(u16bit&, u16bit&, u32bit) const; + SecureBuffer<byte, 256> FTABLE[10]; + }; + +} + +#endif diff --git a/src/cipher/square/modinfo.txt b/src/cipher/square/modinfo.txt new file mode 100644 index 000000000..a20697923 --- /dev/null +++ b/src/cipher/square/modinfo.txt @@ -0,0 +1,11 @@ +realname "Square" + +define SQUARE + +load_on auto + +<add> +sqr_tab.cpp +square.cpp +square.h +</add> diff --git a/src/cipher/square/sqr_tab.cpp b/src/cipher/square/sqr_tab.cpp new file mode 100644 index 000000000..248ace4cd --- /dev/null +++ b/src/cipher/square/sqr_tab.cpp @@ -0,0 +1,458 @@ +/************************************************* +* S-Box and Diffusion Tables for Square * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/square.h> + +namespace Botan { + +const byte Square::SE[256] = { +0xB1, 0xCE, 0xC3, 0x95, 0x5A, 0xAD, 0xE7, 0x02, 0x4D, 0x44, 0xFB, 0x91, 0x0C, +0x87, 0xA1, 0x50, 0xCB, 0x67, 0x54, 0xDD, 0x46, 0x8F, 0xE1, 0x4E, 0xF0, 0xFD, +0xFC, 0xEB, 0xF9, 0xC4, 0x1A, 0x6E, 0x5E, 0xF5, 0xCC, 0x8D, 0x1C, 0x56, 0x43, +0xFE, 0x07, 0x61, 0xF8, 0x75, 0x59, 0xFF, 0x03, 0x22, 0x8A, 0xD1, 0x13, 0xEE, +0x88, 0x00, 0x0E, 0x34, 0x15, 0x80, 0x94, 0xE3, 0xED, 0xB5, 0x53, 0x23, 0x4B, +0x47, 0x17, 0xA7, 0x90, 0x35, 0xAB, 0xD8, 0xB8, 0xDF, 0x4F, 0x57, 0x9A, 0x92, +0xDB, 0x1B, 0x3C, 0xC8, 0x99, 0x04, 0x8E, 0xE0, 0xD7, 0x7D, 0x85, 0xBB, 0x40, +0x2C, 0x3A, 0x45, 0xF1, 0x42, 0x65, 0x20, 0x41, 0x18, 0x72, 0x25, 0x93, 0x70, +0x36, 0x05, 0xF2, 0x0B, 0xA3, 0x79, 0xEC, 0x08, 0x27, 0x31, 0x32, 0xB6, 0x7C, +0xB0, 0x0A, 0x73, 0x5B, 0x7B, 0xB7, 0x81, 0xD2, 0x0D, 0x6A, 0x26, 0x9E, 0x58, +0x9C, 0x83, 0x74, 0xB3, 0xAC, 0x30, 0x7A, 0x69, 0x77, 0x0F, 0xAE, 0x21, 0xDE, +0xD0, 0x2E, 0x97, 0x10, 0xA4, 0x98, 0xA8, 0xD4, 0x68, 0x2D, 0x62, 0x29, 0x6D, +0x16, 0x49, 0x76, 0xC7, 0xE8, 0xC1, 0x96, 0x37, 0xE5, 0xCA, 0xF4, 0xE9, 0x63, +0x12, 0xC2, 0xA6, 0x14, 0xBC, 0xD3, 0x28, 0xAF, 0x2F, 0xE6, 0x24, 0x52, 0xC6, +0xA0, 0x09, 0xBD, 0x8C, 0xCF, 0x5D, 0x11, 0x5F, 0x01, 0xC5, 0x9F, 0x3D, 0xA2, +0x9B, 0xC9, 0x3B, 0xBE, 0x51, 0x19, 0x1F, 0x3F, 0x5C, 0xB2, 0xEF, 0x4A, 0xCD, +0xBF, 0xBA, 0x6F, 0x64, 0xD9, 0xF3, 0x3E, 0xB4, 0xAA, 0xDC, 0xD5, 0x06, 0xC0, +0x7E, 0xF6, 0x66, 0x6C, 0x84, 0x71, 0x38, 0xB9, 0x1D, 0x7F, 0x9D, 0x48, 0x8B, +0x2A, 0xDA, 0xA5, 0x33, 0x82, 0x39, 0xD6, 0x78, 0x86, 0xFA, 0xE4, 0x2B, 0xA9, +0x1E, 0x89, 0x60, 0x6B, 0xEA, 0x55, 0x4C, 0xF7, 0xE2 }; + +const byte Square::SD[256] = { +0x35, 0xBE, 0x07, 0x2E, 0x53, 0x69, 0xDB, 0x28, 0x6F, 0xB7, 0x76, 0x6B, 0x0C, +0x7D, 0x36, 0x8B, 0x92, 0xBC, 0xA9, 0x32, 0xAC, 0x38, 0x9C, 0x42, 0x63, 0xC8, +0x1E, 0x4F, 0x24, 0xE5, 0xF7, 0xC9, 0x61, 0x8D, 0x2F, 0x3F, 0xB3, 0x65, 0x7F, +0x70, 0xAF, 0x9A, 0xEA, 0xF5, 0x5B, 0x98, 0x90, 0xB1, 0x87, 0x71, 0x72, 0xED, +0x37, 0x45, 0x68, 0xA3, 0xE3, 0xEF, 0x5C, 0xC5, 0x50, 0xC1, 0xD6, 0xCA, 0x5A, +0x62, 0x5F, 0x26, 0x09, 0x5D, 0x14, 0x41, 0xE8, 0x9D, 0xCE, 0x40, 0xFD, 0x08, +0x17, 0x4A, 0x0F, 0xC7, 0xB4, 0x3E, 0x12, 0xFC, 0x25, 0x4B, 0x81, 0x2C, 0x04, +0x78, 0xCB, 0xBB, 0x20, 0xBD, 0xF9, 0x29, 0x99, 0xA8, 0xD3, 0x60, 0xDF, 0x11, +0x97, 0x89, 0x7E, 0xFA, 0xE0, 0x9B, 0x1F, 0xD2, 0x67, 0xE2, 0x64, 0x77, 0x84, +0x2B, 0x9E, 0x8A, 0xF1, 0x6D, 0x88, 0x79, 0x74, 0x57, 0xDD, 0xE6, 0x39, 0x7B, +0xEE, 0x83, 0xE1, 0x58, 0xF2, 0x0D, 0x34, 0xF8, 0x30, 0xE9, 0xB9, 0x23, 0x54, +0x15, 0x44, 0x0B, 0x4D, 0x66, 0x3A, 0x03, 0xA2, 0x91, 0x94, 0x52, 0x4C, 0xC3, +0x82, 0xE7, 0x80, 0xC0, 0xB6, 0x0E, 0xC2, 0x6C, 0x93, 0xEC, 0xAB, 0x43, 0x95, +0xF6, 0xD8, 0x46, 0x86, 0x05, 0x8C, 0xB0, 0x75, 0x00, 0xCC, 0x85, 0xD7, 0x3D, +0x73, 0x7A, 0x48, 0xE4, 0xD1, 0x59, 0xAD, 0xB8, 0xC6, 0xD0, 0xDC, 0xA1, 0xAA, +0x02, 0x1D, 0xBF, 0xB5, 0x9F, 0x51, 0xC4, 0xA5, 0x10, 0x22, 0xCF, 0x01, 0xBA, +0x8F, 0x31, 0x7C, 0xAE, 0x96, 0xDA, 0xF0, 0x56, 0x47, 0xD4, 0xEB, 0x4E, 0xD9, +0x13, 0x8E, 0x49, 0x55, 0x16, 0xFF, 0x3B, 0xF4, 0xA4, 0xB2, 0x06, 0xA0, 0xA7, +0xFB, 0x1B, 0x6E, 0x3C, 0x33, 0xCD, 0x18, 0x5E, 0x6A, 0xD5, 0xA6, 0x21, 0xDE, +0xFE, 0x2A, 0x1C, 0xF3, 0x0A, 0x1A, 0x19, 0x27, 0x2D }; + +const byte Square::Log[256] = { +0x00, 0x00, 0x01, 0x86, 0x02, 0x0D, 0x87, 0x4C, 0x03, 0xD2, 0x0E, 0xAE, 0x88, +0x22, 0x4D, 0x93, 0x04, 0x1A, 0xD3, 0xCB, 0x0F, 0x98, 0xAF, 0xA8, 0x89, 0xF0, +0x23, 0x59, 0x4E, 0x35, 0x94, 0x09, 0x05, 0x8F, 0x1B, 0x6E, 0xD4, 0x39, 0xCC, +0xBB, 0x10, 0x68, 0x99, 0x77, 0xB0, 0xDF, 0xA9, 0x72, 0x8A, 0xFA, 0xF1, 0xA0, +0x24, 0x52, 0x5A, 0x60, 0x4F, 0x2F, 0x36, 0xDC, 0x95, 0x32, 0x0A, 0x1F, 0x06, +0xA5, 0x90, 0x49, 0x1C, 0x5D, 0x6F, 0xB8, 0xD5, 0xC1, 0x3A, 0xB5, 0xCD, 0x63, +0xBC, 0x3D, 0x11, 0x44, 0x69, 0x81, 0x9A, 0x27, 0x78, 0xC4, 0xB1, 0xE6, 0xE0, +0xEA, 0xAA, 0x55, 0x73, 0xD8, 0x8B, 0xF6, 0xFB, 0x16, 0xF2, 0xF4, 0xA1, 0x40, +0x25, 0x42, 0x53, 0xE4, 0x5B, 0xA3, 0x61, 0xBF, 0x50, 0xF8, 0x30, 0x2D, 0x37, +0x8D, 0xDD, 0x66, 0x96, 0x18, 0x33, 0xEE, 0x0B, 0xFD, 0x20, 0xD0, 0x07, 0x57, +0xA6, 0xC9, 0x91, 0xAC, 0x4A, 0x84, 0x1D, 0xDA, 0x5E, 0x9E, 0x70, 0x75, 0xB9, +0x6C, 0xD6, 0xE8, 0xC2, 0x7F, 0x3B, 0xB3, 0xB6, 0x47, 0xCE, 0xEC, 0x64, 0x2B, +0xBD, 0xE2, 0x3E, 0x14, 0x12, 0x29, 0x45, 0x7D, 0x6A, 0x9C, 0x82, 0xC7, 0x9B, +0xC6, 0x28, 0x7C, 0x79, 0x7A, 0xC5, 0x7B, 0xB2, 0x46, 0xE7, 0x7E, 0xE1, 0x13, +0xEB, 0x2A, 0xAB, 0x83, 0x56, 0xC8, 0x74, 0x6B, 0xD9, 0x9D, 0x8C, 0x65, 0xF7, +0x2C, 0xFC, 0xCF, 0x17, 0xED, 0xF3, 0x3F, 0xF5, 0x15, 0xA2, 0xBE, 0x41, 0xE3, +0x26, 0xC3, 0x43, 0x80, 0x54, 0xD7, 0xE5, 0xE9, 0x5C, 0xB7, 0xA4, 0x48, 0x62, +0x3C, 0xC0, 0xB4, 0x51, 0x5F, 0xF9, 0x9F, 0x31, 0x1E, 0x2E, 0xDB, 0x38, 0xBA, +0x8E, 0x6D, 0xDE, 0x71, 0x67, 0x76, 0x97, 0xA7, 0x19, 0xCA, 0x34, 0x08, 0xEF, +0x58, 0x0C, 0x4B, 0xFE, 0x85, 0x21, 0x92, 0xD1, 0xAD }; + +const byte Square::ALog[255] = { +0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0xF5, 0x1F, 0x3E, 0x7C, 0xF8, +0x05, 0x0A, 0x14, 0x28, 0x50, 0xA0, 0xB5, 0x9F, 0xCB, 0x63, 0xC6, 0x79, 0xF2, +0x11, 0x22, 0x44, 0x88, 0xE5, 0x3F, 0x7E, 0xFC, 0x0D, 0x1A, 0x34, 0x68, 0xD0, +0x55, 0xAA, 0xA1, 0xB7, 0x9B, 0xC3, 0x73, 0xE6, 0x39, 0x72, 0xE4, 0x3D, 0x7A, +0xF4, 0x1D, 0x3A, 0x74, 0xE8, 0x25, 0x4A, 0x94, 0xDD, 0x4F, 0x9E, 0xC9, 0x67, +0xCE, 0x69, 0xD2, 0x51, 0xA2, 0xB1, 0x97, 0xDB, 0x43, 0x86, 0xF9, 0x07, 0x0E, +0x1C, 0x38, 0x70, 0xE0, 0x35, 0x6A, 0xD4, 0x5D, 0xBA, 0x81, 0xF7, 0x1B, 0x36, +0x6C, 0xD8, 0x45, 0x8A, 0xE1, 0x37, 0x6E, 0xDC, 0x4D, 0x9A, 0xC1, 0x77, 0xEE, +0x29, 0x52, 0xA4, 0xBD, 0x8F, 0xEB, 0x23, 0x46, 0x8C, 0xED, 0x2F, 0x5E, 0xBC, +0x8D, 0xEF, 0x2B, 0x56, 0xAC, 0xAD, 0xAF, 0xAB, 0xA3, 0xB3, 0x93, 0xD3, 0x53, +0xA6, 0xB9, 0x87, 0xFB, 0x03, 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0x75, 0xEA, +0x21, 0x42, 0x84, 0xFD, 0x0F, 0x1E, 0x3C, 0x78, 0xF0, 0x15, 0x2A, 0x54, 0xA8, +0xA5, 0xBF, 0x8B, 0xE3, 0x33, 0x66, 0xCC, 0x6D, 0xDA, 0x41, 0x82, 0xF1, 0x17, +0x2E, 0x5C, 0xB8, 0x85, 0xFF, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x95, 0xDF, 0x4B, +0x96, 0xD9, 0x47, 0x8E, 0xE9, 0x27, 0x4E, 0x9C, 0xCD, 0x6F, 0xDE, 0x49, 0x92, +0xD1, 0x57, 0xAE, 0xA9, 0xA7, 0xBB, 0x83, 0xF3, 0x13, 0x26, 0x4C, 0x98, 0xC5, +0x7F, 0xFE, 0x09, 0x12, 0x24, 0x48, 0x90, 0xD5, 0x5F, 0xBE, 0x89, 0xE7, 0x3B, +0x76, 0xEC, 0x2D, 0x5A, 0xB4, 0x9D, 0xCF, 0x6B, 0xD6, 0x59, 0xB2, 0x91, 0xD7, +0x5B, 0xB6, 0x99, 0xC7, 0x7B, 0xF6, 0x19, 0x32, 0x64, 0xC8, 0x65, 0xCA, 0x61, +0xC2, 0x71, 0xE2, 0x31, 0x62, 0xC4, 0x7D, 0xFA }; + +const u32bit Square::TE0[256] = { +0x97B1B126, 0x69CECEA7, 0x73C3C3B0, 0xDF95954A, 0xB45A5AEE, 0xAFADAD02, +0x3BE7E7DC, 0x04020206, 0x9A4D4DD7, 0x884444CC, 0x03FBFBF8, 0xD7919146, +0x180C0C14, 0xFB87877C, 0xB7A1A116, 0xA05050F0, 0x63CBCBA8, 0xCE6767A9, +0xA85454FC, 0x4FDDDD92, 0x8C4646CA, 0xEB8F8F64, 0x37E1E1D6, 0x9C4E4ED2, +0x15F0F0E5, 0x0FFDFDF2, 0x0DFCFCF1, 0x23EBEBC8, 0x07F9F9FE, 0x7DC4C4B9, +0x341A1A2E, 0xDC6E6EB2, 0xBC5E5EE2, 0x1FF5F5EA, 0x6DCCCCA1, 0xEF8D8D62, +0x381C1C24, 0xAC5656FA, 0x864343C5, 0x09FEFEF7, 0x0E070709, 0xC26161A3, +0x05F8F8FD, 0xEA75759F, 0xB25959EB, 0x0BFFFFF4, 0x06030305, 0x44222266, +0xE18A8A6B, 0x57D1D186, 0x26131335, 0x29EEEEC7, 0xE588886D, 0x00000000, +0x1C0E0E12, 0x6834345C, 0x2A15153F, 0xF5808075, 0xDD949449, 0x33E3E3D0, +0x2FEDEDC2, 0x9FB5B52A, 0xA65353F5, 0x46232365, 0x964B4BDD, 0x8E4747C9, +0x2E171739, 0xBBA7A71C, 0xD5909045, 0x6A35355F, 0xA3ABAB08, 0x45D8D89D, +0x85B8B83D, 0x4BDFDF94, 0x9E4F4FD1, 0xAE5757F9, 0xC19A9A5B, 0xD1929243, +0x43DBDB98, 0x361B1B2D, 0x783C3C44, 0x65C8C8AD, 0xC799995E, 0x0804040C, +0xE98E8E67, 0x35E0E0D5, 0x5BD7D78C, 0xFA7D7D87, 0xFF85857A, 0x83BBBB38, +0x804040C0, 0x582C2C74, 0x743A3A4E, 0x8A4545CF, 0x17F1F1E6, 0x844242C6, +0xCA6565AF, 0x40202060, 0x824141C3, 0x30181828, 0xE4727296, 0x4A25256F, +0xD3939340, 0xE0707090, 0x6C36365A, 0x0A05050F, 0x11F2F2E3, 0x160B0B1D, +0xB3A3A310, 0xF279798B, 0x2DECECC1, 0x10080818, 0x4E272769, 0x62313153, +0x64323256, 0x99B6B62F, 0xF87C7C84, 0x95B0B025, 0x140A0A1E, 0xE6737395, +0xB65B5BED, 0xF67B7B8D, 0x9BB7B72C, 0xF7818176, 0x51D2D283, 0x1A0D0D17, +0xD46A6ABE, 0x4C26266A, 0xC99E9E57, 0xB05858E8, 0xCD9C9C51, 0xF3838370, +0xE874749C, 0x93B3B320, 0xADACAC01, 0x60303050, 0xF47A7A8E, 0xD26969BB, +0xEE777799, 0x1E0F0F11, 0xA9AEAE07, 0x42212163, 0x49DEDE97, 0x55D0D085, +0x5C2E2E72, 0xDB97974C, 0x20101030, 0xBDA4A419, 0xC598985D, 0xA5A8A80D, +0x5DD4D489, 0xD06868B8, 0x5A2D2D77, 0xC46262A6, 0x5229297B, 0xDA6D6DB7, +0x2C16163A, 0x924949DB, 0xEC76769A, 0x7BC7C7BC, 0x25E8E8CD, 0x77C1C1B6, +0xD996964F, 0x6E373759, 0x3FE5E5DA, 0x61CACAAB, 0x1DF4F4E9, 0x27E9E9CE, +0xC66363A5, 0x24121236, 0x71C2C2B3, 0xB9A6A61F, 0x2814143C, 0x8DBCBC31, +0x53D3D380, 0x50282878, 0xABAFAF04, 0x5E2F2F71, 0x39E6E6DF, 0x4824246C, +0xA45252F6, 0x79C6C6BF, 0xB5A0A015, 0x1209091B, 0x8FBDBD32, 0xED8C8C61, +0x6BCFCFA4, 0xBA5D5DE7, 0x22111133, 0xBE5F5FE1, 0x02010103, 0x7FC5C5BA, +0xCB9F9F54, 0x7A3D3D47, 0xB1A2A213, 0xC39B9B58, 0x67C9C9AE, 0x763B3B4D, +0x89BEBE37, 0xA25151F3, 0x3219192B, 0x3E1F1F21, 0x7E3F3F41, 0xB85C5CE4, +0x91B2B223, 0x2BEFEFC4, 0x944A4ADE, 0x6FCDCDA2, 0x8BBFBF34, 0x81BABA3B, +0xDE6F6FB1, 0xC86464AC, 0x47D9D99E, 0x13F3F3E0, 0x7C3E3E42, 0x9DB4B429, +0xA1AAAA0B, 0x4DDCDC91, 0x5FD5D58A, 0x0C06060A, 0x75C0C0B5, 0xFC7E7E82, +0x19F6F6EF, 0xCC6666AA, 0xD86C6CB4, 0xFD848479, 0xE2717193, 0x70383848, +0x87B9B93E, 0x3A1D1D27, 0xFE7F7F81, 0xCF9D9D52, 0x904848D8, 0xE38B8B68, +0x542A2A7E, 0x41DADA9B, 0xBFA5A51A, 0x66333355, 0xF1828273, 0x7239394B, +0x59D6D68F, 0xF0787888, 0xF986867F, 0x01FAFAFB, 0x3DE4E4D9, 0x562B2B7D, +0xA7A9A90E, 0x3C1E1E22, 0xE789896E, 0xC06060A0, 0xD66B6BBD, 0x21EAEACB, +0xAA5555FF, 0x984C4CD4, 0x1BF7F7EC, 0x31E2E2D3 }; + +const u32bit Square::TE1[256] = { +0x2697B1B1, 0xA769CECE, 0xB073C3C3, 0x4ADF9595, 0xEEB45A5A, 0x02AFADAD, +0xDC3BE7E7, 0x06040202, 0xD79A4D4D, 0xCC884444, 0xF803FBFB, 0x46D79191, +0x14180C0C, 0x7CFB8787, 0x16B7A1A1, 0xF0A05050, 0xA863CBCB, 0xA9CE6767, +0xFCA85454, 0x924FDDDD, 0xCA8C4646, 0x64EB8F8F, 0xD637E1E1, 0xD29C4E4E, +0xE515F0F0, 0xF20FFDFD, 0xF10DFCFC, 0xC823EBEB, 0xFE07F9F9, 0xB97DC4C4, +0x2E341A1A, 0xB2DC6E6E, 0xE2BC5E5E, 0xEA1FF5F5, 0xA16DCCCC, 0x62EF8D8D, +0x24381C1C, 0xFAAC5656, 0xC5864343, 0xF709FEFE, 0x090E0707, 0xA3C26161, +0xFD05F8F8, 0x9FEA7575, 0xEBB25959, 0xF40BFFFF, 0x05060303, 0x66442222, +0x6BE18A8A, 0x8657D1D1, 0x35261313, 0xC729EEEE, 0x6DE58888, 0x00000000, +0x121C0E0E, 0x5C683434, 0x3F2A1515, 0x75F58080, 0x49DD9494, 0xD033E3E3, +0xC22FEDED, 0x2A9FB5B5, 0xF5A65353, 0x65462323, 0xDD964B4B, 0xC98E4747, +0x392E1717, 0x1CBBA7A7, 0x45D59090, 0x5F6A3535, 0x08A3ABAB, 0x9D45D8D8, +0x3D85B8B8, 0x944BDFDF, 0xD19E4F4F, 0xF9AE5757, 0x5BC19A9A, 0x43D19292, +0x9843DBDB, 0x2D361B1B, 0x44783C3C, 0xAD65C8C8, 0x5EC79999, 0x0C080404, +0x67E98E8E, 0xD535E0E0, 0x8C5BD7D7, 0x87FA7D7D, 0x7AFF8585, 0x3883BBBB, +0xC0804040, 0x74582C2C, 0x4E743A3A, 0xCF8A4545, 0xE617F1F1, 0xC6844242, +0xAFCA6565, 0x60402020, 0xC3824141, 0x28301818, 0x96E47272, 0x6F4A2525, +0x40D39393, 0x90E07070, 0x5A6C3636, 0x0F0A0505, 0xE311F2F2, 0x1D160B0B, +0x10B3A3A3, 0x8BF27979, 0xC12DECEC, 0x18100808, 0x694E2727, 0x53623131, +0x56643232, 0x2F99B6B6, 0x84F87C7C, 0x2595B0B0, 0x1E140A0A, 0x95E67373, +0xEDB65B5B, 0x8DF67B7B, 0x2C9BB7B7, 0x76F78181, 0x8351D2D2, 0x171A0D0D, +0xBED46A6A, 0x6A4C2626, 0x57C99E9E, 0xE8B05858, 0x51CD9C9C, 0x70F38383, +0x9CE87474, 0x2093B3B3, 0x01ADACAC, 0x50603030, 0x8EF47A7A, 0xBBD26969, +0x99EE7777, 0x111E0F0F, 0x07A9AEAE, 0x63422121, 0x9749DEDE, 0x8555D0D0, +0x725C2E2E, 0x4CDB9797, 0x30201010, 0x19BDA4A4, 0x5DC59898, 0x0DA5A8A8, +0x895DD4D4, 0xB8D06868, 0x775A2D2D, 0xA6C46262, 0x7B522929, 0xB7DA6D6D, +0x3A2C1616, 0xDB924949, 0x9AEC7676, 0xBC7BC7C7, 0xCD25E8E8, 0xB677C1C1, +0x4FD99696, 0x596E3737, 0xDA3FE5E5, 0xAB61CACA, 0xE91DF4F4, 0xCE27E9E9, +0xA5C66363, 0x36241212, 0xB371C2C2, 0x1FB9A6A6, 0x3C281414, 0x318DBCBC, +0x8053D3D3, 0x78502828, 0x04ABAFAF, 0x715E2F2F, 0xDF39E6E6, 0x6C482424, +0xF6A45252, 0xBF79C6C6, 0x15B5A0A0, 0x1B120909, 0x328FBDBD, 0x61ED8C8C, +0xA46BCFCF, 0xE7BA5D5D, 0x33221111, 0xE1BE5F5F, 0x03020101, 0xBA7FC5C5, +0x54CB9F9F, 0x477A3D3D, 0x13B1A2A2, 0x58C39B9B, 0xAE67C9C9, 0x4D763B3B, +0x3789BEBE, 0xF3A25151, 0x2B321919, 0x213E1F1F, 0x417E3F3F, 0xE4B85C5C, +0x2391B2B2, 0xC42BEFEF, 0xDE944A4A, 0xA26FCDCD, 0x348BBFBF, 0x3B81BABA, +0xB1DE6F6F, 0xACC86464, 0x9E47D9D9, 0xE013F3F3, 0x427C3E3E, 0x299DB4B4, +0x0BA1AAAA, 0x914DDCDC, 0x8A5FD5D5, 0x0A0C0606, 0xB575C0C0, 0x82FC7E7E, +0xEF19F6F6, 0xAACC6666, 0xB4D86C6C, 0x79FD8484, 0x93E27171, 0x48703838, +0x3E87B9B9, 0x273A1D1D, 0x81FE7F7F, 0x52CF9D9D, 0xD8904848, 0x68E38B8B, +0x7E542A2A, 0x9B41DADA, 0x1ABFA5A5, 0x55663333, 0x73F18282, 0x4B723939, +0x8F59D6D6, 0x88F07878, 0x7FF98686, 0xFB01FAFA, 0xD93DE4E4, 0x7D562B2B, +0x0EA7A9A9, 0x223C1E1E, 0x6EE78989, 0xA0C06060, 0xBDD66B6B, 0xCB21EAEA, +0xFFAA5555, 0xD4984C4C, 0xEC1BF7F7, 0xD331E2E2 }; + +const u32bit Square::TE2[256] = { +0xB12697B1, 0xCEA769CE, 0xC3B073C3, 0x954ADF95, 0x5AEEB45A, 0xAD02AFAD, +0xE7DC3BE7, 0x02060402, 0x4DD79A4D, 0x44CC8844, 0xFBF803FB, 0x9146D791, +0x0C14180C, 0x877CFB87, 0xA116B7A1, 0x50F0A050, 0xCBA863CB, 0x67A9CE67, +0x54FCA854, 0xDD924FDD, 0x46CA8C46, 0x8F64EB8F, 0xE1D637E1, 0x4ED29C4E, +0xF0E515F0, 0xFDF20FFD, 0xFCF10DFC, 0xEBC823EB, 0xF9FE07F9, 0xC4B97DC4, +0x1A2E341A, 0x6EB2DC6E, 0x5EE2BC5E, 0xF5EA1FF5, 0xCCA16DCC, 0x8D62EF8D, +0x1C24381C, 0x56FAAC56, 0x43C58643, 0xFEF709FE, 0x07090E07, 0x61A3C261, +0xF8FD05F8, 0x759FEA75, 0x59EBB259, 0xFFF40BFF, 0x03050603, 0x22664422, +0x8A6BE18A, 0xD18657D1, 0x13352613, 0xEEC729EE, 0x886DE588, 0x00000000, +0x0E121C0E, 0x345C6834, 0x153F2A15, 0x8075F580, 0x9449DD94, 0xE3D033E3, +0xEDC22FED, 0xB52A9FB5, 0x53F5A653, 0x23654623, 0x4BDD964B, 0x47C98E47, +0x17392E17, 0xA71CBBA7, 0x9045D590, 0x355F6A35, 0xAB08A3AB, 0xD89D45D8, +0xB83D85B8, 0xDF944BDF, 0x4FD19E4F, 0x57F9AE57, 0x9A5BC19A, 0x9243D192, +0xDB9843DB, 0x1B2D361B, 0x3C44783C, 0xC8AD65C8, 0x995EC799, 0x040C0804, +0x8E67E98E, 0xE0D535E0, 0xD78C5BD7, 0x7D87FA7D, 0x857AFF85, 0xBB3883BB, +0x40C08040, 0x2C74582C, 0x3A4E743A, 0x45CF8A45, 0xF1E617F1, 0x42C68442, +0x65AFCA65, 0x20604020, 0x41C38241, 0x18283018, 0x7296E472, 0x256F4A25, +0x9340D393, 0x7090E070, 0x365A6C36, 0x050F0A05, 0xF2E311F2, 0x0B1D160B, +0xA310B3A3, 0x798BF279, 0xECC12DEC, 0x08181008, 0x27694E27, 0x31536231, +0x32566432, 0xB62F99B6, 0x7C84F87C, 0xB02595B0, 0x0A1E140A, 0x7395E673, +0x5BEDB65B, 0x7B8DF67B, 0xB72C9BB7, 0x8176F781, 0xD28351D2, 0x0D171A0D, +0x6ABED46A, 0x266A4C26, 0x9E57C99E, 0x58E8B058, 0x9C51CD9C, 0x8370F383, +0x749CE874, 0xB32093B3, 0xAC01ADAC, 0x30506030, 0x7A8EF47A, 0x69BBD269, +0x7799EE77, 0x0F111E0F, 0xAE07A9AE, 0x21634221, 0xDE9749DE, 0xD08555D0, +0x2E725C2E, 0x974CDB97, 0x10302010, 0xA419BDA4, 0x985DC598, 0xA80DA5A8, +0xD4895DD4, 0x68B8D068, 0x2D775A2D, 0x62A6C462, 0x297B5229, 0x6DB7DA6D, +0x163A2C16, 0x49DB9249, 0x769AEC76, 0xC7BC7BC7, 0xE8CD25E8, 0xC1B677C1, +0x964FD996, 0x37596E37, 0xE5DA3FE5, 0xCAAB61CA, 0xF4E91DF4, 0xE9CE27E9, +0x63A5C663, 0x12362412, 0xC2B371C2, 0xA61FB9A6, 0x143C2814, 0xBC318DBC, +0xD38053D3, 0x28785028, 0xAF04ABAF, 0x2F715E2F, 0xE6DF39E6, 0x246C4824, +0x52F6A452, 0xC6BF79C6, 0xA015B5A0, 0x091B1209, 0xBD328FBD, 0x8C61ED8C, +0xCFA46BCF, 0x5DE7BA5D, 0x11332211, 0x5FE1BE5F, 0x01030201, 0xC5BA7FC5, +0x9F54CB9F, 0x3D477A3D, 0xA213B1A2, 0x9B58C39B, 0xC9AE67C9, 0x3B4D763B, +0xBE3789BE, 0x51F3A251, 0x192B3219, 0x1F213E1F, 0x3F417E3F, 0x5CE4B85C, +0xB22391B2, 0xEFC42BEF, 0x4ADE944A, 0xCDA26FCD, 0xBF348BBF, 0xBA3B81BA, +0x6FB1DE6F, 0x64ACC864, 0xD99E47D9, 0xF3E013F3, 0x3E427C3E, 0xB4299DB4, +0xAA0BA1AA, 0xDC914DDC, 0xD58A5FD5, 0x060A0C06, 0xC0B575C0, 0x7E82FC7E, +0xF6EF19F6, 0x66AACC66, 0x6CB4D86C, 0x8479FD84, 0x7193E271, 0x38487038, +0xB93E87B9, 0x1D273A1D, 0x7F81FE7F, 0x9D52CF9D, 0x48D89048, 0x8B68E38B, +0x2A7E542A, 0xDA9B41DA, 0xA51ABFA5, 0x33556633, 0x8273F182, 0x394B7239, +0xD68F59D6, 0x7888F078, 0x867FF986, 0xFAFB01FA, 0xE4D93DE4, 0x2B7D562B, +0xA90EA7A9, 0x1E223C1E, 0x896EE789, 0x60A0C060, 0x6BBDD66B, 0xEACB21EA, +0x55FFAA55, 0x4CD4984C, 0xF7EC1BF7, 0xE2D331E2 }; + +const u32bit Square::TE3[256] = { +0xB1B12697, 0xCECEA769, 0xC3C3B073, 0x95954ADF, 0x5A5AEEB4, 0xADAD02AF, +0xE7E7DC3B, 0x02020604, 0x4D4DD79A, 0x4444CC88, 0xFBFBF803, 0x919146D7, +0x0C0C1418, 0x87877CFB, 0xA1A116B7, 0x5050F0A0, 0xCBCBA863, 0x6767A9CE, +0x5454FCA8, 0xDDDD924F, 0x4646CA8C, 0x8F8F64EB, 0xE1E1D637, 0x4E4ED29C, +0xF0F0E515, 0xFDFDF20F, 0xFCFCF10D, 0xEBEBC823, 0xF9F9FE07, 0xC4C4B97D, +0x1A1A2E34, 0x6E6EB2DC, 0x5E5EE2BC, 0xF5F5EA1F, 0xCCCCA16D, 0x8D8D62EF, +0x1C1C2438, 0x5656FAAC, 0x4343C586, 0xFEFEF709, 0x0707090E, 0x6161A3C2, +0xF8F8FD05, 0x75759FEA, 0x5959EBB2, 0xFFFFF40B, 0x03030506, 0x22226644, +0x8A8A6BE1, 0xD1D18657, 0x13133526, 0xEEEEC729, 0x88886DE5, 0x00000000, +0x0E0E121C, 0x34345C68, 0x15153F2A, 0x808075F5, 0x949449DD, 0xE3E3D033, +0xEDEDC22F, 0xB5B52A9F, 0x5353F5A6, 0x23236546, 0x4B4BDD96, 0x4747C98E, +0x1717392E, 0xA7A71CBB, 0x909045D5, 0x35355F6A, 0xABAB08A3, 0xD8D89D45, +0xB8B83D85, 0xDFDF944B, 0x4F4FD19E, 0x5757F9AE, 0x9A9A5BC1, 0x929243D1, +0xDBDB9843, 0x1B1B2D36, 0x3C3C4478, 0xC8C8AD65, 0x99995EC7, 0x04040C08, +0x8E8E67E9, 0xE0E0D535, 0xD7D78C5B, 0x7D7D87FA, 0x85857AFF, 0xBBBB3883, +0x4040C080, 0x2C2C7458, 0x3A3A4E74, 0x4545CF8A, 0xF1F1E617, 0x4242C684, +0x6565AFCA, 0x20206040, 0x4141C382, 0x18182830, 0x727296E4, 0x25256F4A, +0x939340D3, 0x707090E0, 0x36365A6C, 0x05050F0A, 0xF2F2E311, 0x0B0B1D16, +0xA3A310B3, 0x79798BF2, 0xECECC12D, 0x08081810, 0x2727694E, 0x31315362, +0x32325664, 0xB6B62F99, 0x7C7C84F8, 0xB0B02595, 0x0A0A1E14, 0x737395E6, +0x5B5BEDB6, 0x7B7B8DF6, 0xB7B72C9B, 0x818176F7, 0xD2D28351, 0x0D0D171A, +0x6A6ABED4, 0x26266A4C, 0x9E9E57C9, 0x5858E8B0, 0x9C9C51CD, 0x838370F3, +0x74749CE8, 0xB3B32093, 0xACAC01AD, 0x30305060, 0x7A7A8EF4, 0x6969BBD2, +0x777799EE, 0x0F0F111E, 0xAEAE07A9, 0x21216342, 0xDEDE9749, 0xD0D08555, +0x2E2E725C, 0x97974CDB, 0x10103020, 0xA4A419BD, 0x98985DC5, 0xA8A80DA5, +0xD4D4895D, 0x6868B8D0, 0x2D2D775A, 0x6262A6C4, 0x29297B52, 0x6D6DB7DA, +0x16163A2C, 0x4949DB92, 0x76769AEC, 0xC7C7BC7B, 0xE8E8CD25, 0xC1C1B677, +0x96964FD9, 0x3737596E, 0xE5E5DA3F, 0xCACAAB61, 0xF4F4E91D, 0xE9E9CE27, +0x6363A5C6, 0x12123624, 0xC2C2B371, 0xA6A61FB9, 0x14143C28, 0xBCBC318D, +0xD3D38053, 0x28287850, 0xAFAF04AB, 0x2F2F715E, 0xE6E6DF39, 0x24246C48, +0x5252F6A4, 0xC6C6BF79, 0xA0A015B5, 0x09091B12, 0xBDBD328F, 0x8C8C61ED, +0xCFCFA46B, 0x5D5DE7BA, 0x11113322, 0x5F5FE1BE, 0x01010302, 0xC5C5BA7F, +0x9F9F54CB, 0x3D3D477A, 0xA2A213B1, 0x9B9B58C3, 0xC9C9AE67, 0x3B3B4D76, +0xBEBE3789, 0x5151F3A2, 0x19192B32, 0x1F1F213E, 0x3F3F417E, 0x5C5CE4B8, +0xB2B22391, 0xEFEFC42B, 0x4A4ADE94, 0xCDCDA26F, 0xBFBF348B, 0xBABA3B81, +0x6F6FB1DE, 0x6464ACC8, 0xD9D99E47, 0xF3F3E013, 0x3E3E427C, 0xB4B4299D, +0xAAAA0BA1, 0xDCDC914D, 0xD5D58A5F, 0x06060A0C, 0xC0C0B575, 0x7E7E82FC, +0xF6F6EF19, 0x6666AACC, 0x6C6CB4D8, 0x848479FD, 0x717193E2, 0x38384870, +0xB9B93E87, 0x1D1D273A, 0x7F7F81FE, 0x9D9D52CF, 0x4848D890, 0x8B8B68E3, +0x2A2A7E54, 0xDADA9B41, 0xA5A51ABF, 0x33335566, 0x828273F1, 0x39394B72, +0xD6D68F59, 0x787888F0, 0x86867FF9, 0xFAFAFB01, 0xE4E4D93D, 0x2B2B7D56, +0xA9A90EA7, 0x1E1E223C, 0x89896EE7, 0x6060A0C0, 0x6B6BBDD6, 0xEAEACB21, +0x5555FFAA, 0x4C4CD498, 0xF7F7EC1B, 0xE2E2D331 }; + +const u32bit Square::TD0[256] = { +0xE368BC02, 0x5585620C, 0x2A3F2331, 0x61AB13F7, 0x98D46D72, 0x21CB9A19, +0x3C22A461, 0x459D3DCD, 0x05FDB423, 0x2BC4075F, 0x9B2C01C0, 0x3DD9800F, +0x486C5C74, 0xF97F7E85, 0xF173AB1F, 0xB6EDDE0E, 0x283C6BED, 0x4997781A, +0x9F2A918D, 0xC9579F33, 0xA907A8AA, 0xA50DED7D, 0x7C422D8F, 0x764DB0C9, +0x4D91E857, 0xCEA963CC, 0xB4EE96D2, 0x3028E1B6, 0x0DF161B9, 0xBD196726, +0x419BAD80, 0xC0A06EC7, 0x5183F241, 0x92DBF034, 0x6FA21EFC, 0x8F32CE4C, +0x13E03373, 0x69A7C66D, 0xE56D6493, 0xBF1A2FFA, 0xBB1CBFB7, 0x587403B5, +0xE76E2C4F, 0x5D89B796, 0xE89C052A, 0x446619A3, 0x342E71FB, 0x0FF22965, +0xFE81827A, 0xB11322F1, 0xA30835EC, 0xCD510F7E, 0xFF7AA614, 0x5C7293F8, +0x2FC29712, 0xF370E3C3, 0x992F491C, 0xD1431568, 0xC2A3261B, 0x88CC32B3, +0x8ACF7A6F, 0xB0E8069F, 0x7A47F51E, 0xD2BB79DA, 0xE6950821, 0x4398E55C, +0xD0B83106, 0x11E37BAF, 0x7E416553, 0xCCAA2B10, 0xD8B4E49C, 0x6456A7D4, +0xFB7C3659, 0x724B2084, 0xEA9F4DF6, 0x6A5FAADF, 0x2DC1DFCE, 0x70486858, +0xCAAFF381, 0x0605D891, 0x5A774B69, 0x94DE28A5, 0x39DF1042, 0x813BC347, +0xFC82CAA6, 0x23C8D2C5, 0x03F86CB2, 0x080CD59A, 0xDAB7AC40, 0x7DB909E1, +0x3824342C, 0xCF5247A2, 0xDCB274D1, 0x63A85B2B, 0x35D55595, 0x479E7511, +0x15E5EBE2, 0x4B9430C6, 0x4A6F14A8, 0x91239C86, 0x4C6ACC39, 0x5F8AFF4A, +0x0406904D, 0xEE99DDBB, 0x1E1152CA, 0xAAFFC418, 0xEB646998, 0x07FEFCFF, +0x8B345E01, 0x567D0EBE, 0xBAE79BD9, 0x4263C132, 0x75B5DC7B, 0x97264417, +0x67AECB66, 0x95250CCB, 0xEC9A9567, 0x57862AD0, 0x60503799, 0xB8E4D305, +0x65AD83BA, 0x19EFAE35, 0xA4F6C913, 0xC15B4AA9, 0x873E1BD6, 0xA0F0595E, +0x18148A5B, 0xAF02703B, 0xAB04E076, 0xDD4950BF, 0xDF4A1863, 0xC6A5B656, +0x853D530A, 0xFA871237, 0x77B694A7, 0x4665517F, 0xED61B109, 0x1BECE6E9, +0xD5458525, 0xF5753B52, 0x7FBA413D, 0x27CE4288, 0xB2EB4E43, 0xD6BDE997, +0x527B9EF3, 0x62537F45, 0x2C3AFBA0, 0x7BBCD170, 0xB91FF76B, 0x121B171D, +0xFD79EEC8, 0x3A277CF0, 0x0C0A45D7, 0x96DD6079, 0x2233F6AB, 0xACFA1C89, +0xC8ACBB5D, 0xA10B7D30, 0xD4BEA14B, 0xBEE10B94, 0x25CD0A54, 0x547E4662, +0xA2F31182, 0x17E6A33E, 0x263566E6, 0xC3580275, 0x83388B9B, 0x7844BDC2, +0x020348DC, 0x4F92A08B, 0x2E39B37C, 0x4E6984E5, 0xF0888F71, 0x362D3927, +0x9CD2FD3F, 0x01FB246E, 0x893716DD, 0x00000000, 0xF68D57E0, 0xE293986C, +0x744EF815, 0x9320D45A, 0xAD0138E7, 0xD3405DB4, 0x1A17C287, 0xB3106A2D, +0x5078D62F, 0xF48E1F3C, 0xA70EA5A1, 0x71B34C36, 0x9AD725AE, 0x5E71DB24, +0x161D8750, 0xEF62F9D5, 0x8D318690, 0x1C121A16, 0xA6F581CF, 0x5B8C6F07, +0x37D61D49, 0x6E593A92, 0x84C67764, 0x86C53FB8, 0xD746CDF9, 0xE090D0B0, +0x29C74F83, 0xE49640FD, 0x0E090D0B, 0x6DA15620, 0x8EC9EA22, 0xDB4C882E, +0xF776738E, 0xB515B2BC, 0x10185FC1, 0x322BA96A, 0x6BA48EB1, 0xAEF95455, +0x406089EE, 0x6655EF08, 0xE9672144, 0x3E21ECBD, 0x2030BE77, 0xF28BC7AD, +0x80C0E729, 0x141ECF8C, 0xBCE24348, 0xC4A6FE8A, 0x31D3C5D8, 0xB716FA60, +0x5380BA9D, 0xD94FC0F2, 0x1DE93E78, 0x24362E3A, 0xE16BF4DE, 0xCB54D7EF, +0x09F7F1F4, 0x82C3AFF5, 0x0BF4B928, 0x9D29D951, 0xC75E9238, 0xF8845AEB, +0x90D8B8E8, 0xDEB13C0D, 0x33D08D04, 0x685CE203, 0xC55DDAE4, 0x3BDC589E, +0x0A0F9D46, 0x3FDAC8D3, 0x598F27DB, 0xA8FC8CC4, 0x79BF99AC, 0x6C5A724E, +0x8CCAA2FE, 0x9ED1B5E3, 0x1FEA76A4, 0x73B004EA }; + +const u32bit Square::TD1[256] = { +0x02E368BC, 0x0C558562, 0x312A3F23, 0xF761AB13, 0x7298D46D, 0x1921CB9A, +0x613C22A4, 0xCD459D3D, 0x2305FDB4, 0x5F2BC407, 0xC09B2C01, 0x0F3DD980, +0x74486C5C, 0x85F97F7E, 0x1FF173AB, 0x0EB6EDDE, 0xED283C6B, 0x1A499778, +0x8D9F2A91, 0x33C9579F, 0xAAA907A8, 0x7DA50DED, 0x8F7C422D, 0xC9764DB0, +0x574D91E8, 0xCCCEA963, 0xD2B4EE96, 0xB63028E1, 0xB90DF161, 0x26BD1967, +0x80419BAD, 0xC7C0A06E, 0x415183F2, 0x3492DBF0, 0xFC6FA21E, 0x4C8F32CE, +0x7313E033, 0x6D69A7C6, 0x93E56D64, 0xFABF1A2F, 0xB7BB1CBF, 0xB5587403, +0x4FE76E2C, 0x965D89B7, 0x2AE89C05, 0xA3446619, 0xFB342E71, 0x650FF229, +0x7AFE8182, 0xF1B11322, 0xECA30835, 0x7ECD510F, 0x14FF7AA6, 0xF85C7293, +0x122FC297, 0xC3F370E3, 0x1C992F49, 0x68D14315, 0x1BC2A326, 0xB388CC32, +0x6F8ACF7A, 0x9FB0E806, 0x1E7A47F5, 0xDAD2BB79, 0x21E69508, 0x5C4398E5, +0x06D0B831, 0xAF11E37B, 0x537E4165, 0x10CCAA2B, 0x9CD8B4E4, 0xD46456A7, +0x59FB7C36, 0x84724B20, 0xF6EA9F4D, 0xDF6A5FAA, 0xCE2DC1DF, 0x58704868, +0x81CAAFF3, 0x910605D8, 0x695A774B, 0xA594DE28, 0x4239DF10, 0x47813BC3, +0xA6FC82CA, 0xC523C8D2, 0xB203F86C, 0x9A080CD5, 0x40DAB7AC, 0xE17DB909, +0x2C382434, 0xA2CF5247, 0xD1DCB274, 0x2B63A85B, 0x9535D555, 0x11479E75, +0xE215E5EB, 0xC64B9430, 0xA84A6F14, 0x8691239C, 0x394C6ACC, 0x4A5F8AFF, +0x4D040690, 0xBBEE99DD, 0xCA1E1152, 0x18AAFFC4, 0x98EB6469, 0xFF07FEFC, +0x018B345E, 0xBE567D0E, 0xD9BAE79B, 0x324263C1, 0x7B75B5DC, 0x17972644, +0x6667AECB, 0xCB95250C, 0x67EC9A95, 0xD057862A, 0x99605037, 0x05B8E4D3, +0xBA65AD83, 0x3519EFAE, 0x13A4F6C9, 0xA9C15B4A, 0xD6873E1B, 0x5EA0F059, +0x5B18148A, 0x3BAF0270, 0x76AB04E0, 0xBFDD4950, 0x63DF4A18, 0x56C6A5B6, +0x0A853D53, 0x37FA8712, 0xA777B694, 0x7F466551, 0x09ED61B1, 0xE91BECE6, +0x25D54585, 0x52F5753B, 0x3D7FBA41, 0x8827CE42, 0x43B2EB4E, 0x97D6BDE9, +0xF3527B9E, 0x4562537F, 0xA02C3AFB, 0x707BBCD1, 0x6BB91FF7, 0x1D121B17, +0xC8FD79EE, 0xF03A277C, 0xD70C0A45, 0x7996DD60, 0xAB2233F6, 0x89ACFA1C, +0x5DC8ACBB, 0x30A10B7D, 0x4BD4BEA1, 0x94BEE10B, 0x5425CD0A, 0x62547E46, +0x82A2F311, 0x3E17E6A3, 0xE6263566, 0x75C35802, 0x9B83388B, 0xC27844BD, +0xDC020348, 0x8B4F92A0, 0x7C2E39B3, 0xE54E6984, 0x71F0888F, 0x27362D39, +0x3F9CD2FD, 0x6E01FB24, 0xDD893716, 0x00000000, 0xE0F68D57, 0x6CE29398, +0x15744EF8, 0x5A9320D4, 0xE7AD0138, 0xB4D3405D, 0x871A17C2, 0x2DB3106A, +0x2F5078D6, 0x3CF48E1F, 0xA1A70EA5, 0x3671B34C, 0xAE9AD725, 0x245E71DB, +0x50161D87, 0xD5EF62F9, 0x908D3186, 0x161C121A, 0xCFA6F581, 0x075B8C6F, +0x4937D61D, 0x926E593A, 0x6484C677, 0xB886C53F, 0xF9D746CD, 0xB0E090D0, +0x8329C74F, 0xFDE49640, 0x0B0E090D, 0x206DA156, 0x228EC9EA, 0x2EDB4C88, +0x8EF77673, 0xBCB515B2, 0xC110185F, 0x6A322BA9, 0xB16BA48E, 0x55AEF954, +0xEE406089, 0x086655EF, 0x44E96721, 0xBD3E21EC, 0x772030BE, 0xADF28BC7, +0x2980C0E7, 0x8C141ECF, 0x48BCE243, 0x8AC4A6FE, 0xD831D3C5, 0x60B716FA, +0x9D5380BA, 0xF2D94FC0, 0x781DE93E, 0x3A24362E, 0xDEE16BF4, 0xEFCB54D7, +0xF409F7F1, 0xF582C3AF, 0x280BF4B9, 0x519D29D9, 0x38C75E92, 0xEBF8845A, +0xE890D8B8, 0x0DDEB13C, 0x0433D08D, 0x03685CE2, 0xE4C55DDA, 0x9E3BDC58, +0x460A0F9D, 0xD33FDAC8, 0xDB598F27, 0xC4A8FC8C, 0xAC79BF99, 0x4E6C5A72, +0xFE8CCAA2, 0xE39ED1B5, 0xA41FEA76, 0xEA73B004 }; + +const u32bit Square::TD2[256] = { +0xBC02E368, 0x620C5585, 0x23312A3F, 0x13F761AB, 0x6D7298D4, 0x9A1921CB, +0xA4613C22, 0x3DCD459D, 0xB42305FD, 0x075F2BC4, 0x01C09B2C, 0x800F3DD9, +0x5C74486C, 0x7E85F97F, 0xAB1FF173, 0xDE0EB6ED, 0x6BED283C, 0x781A4997, +0x918D9F2A, 0x9F33C957, 0xA8AAA907, 0xED7DA50D, 0x2D8F7C42, 0xB0C9764D, +0xE8574D91, 0x63CCCEA9, 0x96D2B4EE, 0xE1B63028, 0x61B90DF1, 0x6726BD19, +0xAD80419B, 0x6EC7C0A0, 0xF2415183, 0xF03492DB, 0x1EFC6FA2, 0xCE4C8F32, +0x337313E0, 0xC66D69A7, 0x6493E56D, 0x2FFABF1A, 0xBFB7BB1C, 0x03B55874, +0x2C4FE76E, 0xB7965D89, 0x052AE89C, 0x19A34466, 0x71FB342E, 0x29650FF2, +0x827AFE81, 0x22F1B113, 0x35ECA308, 0x0F7ECD51, 0xA614FF7A, 0x93F85C72, +0x97122FC2, 0xE3C3F370, 0x491C992F, 0x1568D143, 0x261BC2A3, 0x32B388CC, +0x7A6F8ACF, 0x069FB0E8, 0xF51E7A47, 0x79DAD2BB, 0x0821E695, 0xE55C4398, +0x3106D0B8, 0x7BAF11E3, 0x65537E41, 0x2B10CCAA, 0xE49CD8B4, 0xA7D46456, +0x3659FB7C, 0x2084724B, 0x4DF6EA9F, 0xAADF6A5F, 0xDFCE2DC1, 0x68587048, +0xF381CAAF, 0xD8910605, 0x4B695A77, 0x28A594DE, 0x104239DF, 0xC347813B, +0xCAA6FC82, 0xD2C523C8, 0x6CB203F8, 0xD59A080C, 0xAC40DAB7, 0x09E17DB9, +0x342C3824, 0x47A2CF52, 0x74D1DCB2, 0x5B2B63A8, 0x559535D5, 0x7511479E, +0xEBE215E5, 0x30C64B94, 0x14A84A6F, 0x9C869123, 0xCC394C6A, 0xFF4A5F8A, +0x904D0406, 0xDDBBEE99, 0x52CA1E11, 0xC418AAFF, 0x6998EB64, 0xFCFF07FE, +0x5E018B34, 0x0EBE567D, 0x9BD9BAE7, 0xC1324263, 0xDC7B75B5, 0x44179726, +0xCB6667AE, 0x0CCB9525, 0x9567EC9A, 0x2AD05786, 0x37996050, 0xD305B8E4, +0x83BA65AD, 0xAE3519EF, 0xC913A4F6, 0x4AA9C15B, 0x1BD6873E, 0x595EA0F0, +0x8A5B1814, 0x703BAF02, 0xE076AB04, 0x50BFDD49, 0x1863DF4A, 0xB656C6A5, +0x530A853D, 0x1237FA87, 0x94A777B6, 0x517F4665, 0xB109ED61, 0xE6E91BEC, +0x8525D545, 0x3B52F575, 0x413D7FBA, 0x428827CE, 0x4E43B2EB, 0xE997D6BD, +0x9EF3527B, 0x7F456253, 0xFBA02C3A, 0xD1707BBC, 0xF76BB91F, 0x171D121B, +0xEEC8FD79, 0x7CF03A27, 0x45D70C0A, 0x607996DD, 0xF6AB2233, 0x1C89ACFA, +0xBB5DC8AC, 0x7D30A10B, 0xA14BD4BE, 0x0B94BEE1, 0x0A5425CD, 0x4662547E, +0x1182A2F3, 0xA33E17E6, 0x66E62635, 0x0275C358, 0x8B9B8338, 0xBDC27844, +0x48DC0203, 0xA08B4F92, 0xB37C2E39, 0x84E54E69, 0x8F71F088, 0x3927362D, +0xFD3F9CD2, 0x246E01FB, 0x16DD8937, 0x00000000, 0x57E0F68D, 0x986CE293, +0xF815744E, 0xD45A9320, 0x38E7AD01, 0x5DB4D340, 0xC2871A17, 0x6A2DB310, +0xD62F5078, 0x1F3CF48E, 0xA5A1A70E, 0x4C3671B3, 0x25AE9AD7, 0xDB245E71, +0x8750161D, 0xF9D5EF62, 0x86908D31, 0x1A161C12, 0x81CFA6F5, 0x6F075B8C, +0x1D4937D6, 0x3A926E59, 0x776484C6, 0x3FB886C5, 0xCDF9D746, 0xD0B0E090, +0x4F8329C7, 0x40FDE496, 0x0D0B0E09, 0x56206DA1, 0xEA228EC9, 0x882EDB4C, +0x738EF776, 0xB2BCB515, 0x5FC11018, 0xA96A322B, 0x8EB16BA4, 0x5455AEF9, +0x89EE4060, 0xEF086655, 0x2144E967, 0xECBD3E21, 0xBE772030, 0xC7ADF28B, +0xE72980C0, 0xCF8C141E, 0x4348BCE2, 0xFE8AC4A6, 0xC5D831D3, 0xFA60B716, +0xBA9D5380, 0xC0F2D94F, 0x3E781DE9, 0x2E3A2436, 0xF4DEE16B, 0xD7EFCB54, +0xF1F409F7, 0xAFF582C3, 0xB9280BF4, 0xD9519D29, 0x9238C75E, 0x5AEBF884, +0xB8E890D8, 0x3C0DDEB1, 0x8D0433D0, 0xE203685C, 0xDAE4C55D, 0x589E3BDC, +0x9D460A0F, 0xC8D33FDA, 0x27DB598F, 0x8CC4A8FC, 0x99AC79BF, 0x724E6C5A, +0xA2FE8CCA, 0xB5E39ED1, 0x76A41FEA, 0x04EA73B0 }; + +const u32bit Square::TD3[256] = { +0x68BC02E3, 0x85620C55, 0x3F23312A, 0xAB13F761, 0xD46D7298, 0xCB9A1921, +0x22A4613C, 0x9D3DCD45, 0xFDB42305, 0xC4075F2B, 0x2C01C09B, 0xD9800F3D, +0x6C5C7448, 0x7F7E85F9, 0x73AB1FF1, 0xEDDE0EB6, 0x3C6BED28, 0x97781A49, +0x2A918D9F, 0x579F33C9, 0x07A8AAA9, 0x0DED7DA5, 0x422D8F7C, 0x4DB0C976, +0x91E8574D, 0xA963CCCE, 0xEE96D2B4, 0x28E1B630, 0xF161B90D, 0x196726BD, +0x9BAD8041, 0xA06EC7C0, 0x83F24151, 0xDBF03492, 0xA21EFC6F, 0x32CE4C8F, +0xE0337313, 0xA7C66D69, 0x6D6493E5, 0x1A2FFABF, 0x1CBFB7BB, 0x7403B558, +0x6E2C4FE7, 0x89B7965D, 0x9C052AE8, 0x6619A344, 0x2E71FB34, 0xF229650F, +0x81827AFE, 0x1322F1B1, 0x0835ECA3, 0x510F7ECD, 0x7AA614FF, 0x7293F85C, +0xC297122F, 0x70E3C3F3, 0x2F491C99, 0x431568D1, 0xA3261BC2, 0xCC32B388, +0xCF7A6F8A, 0xE8069FB0, 0x47F51E7A, 0xBB79DAD2, 0x950821E6, 0x98E55C43, +0xB83106D0, 0xE37BAF11, 0x4165537E, 0xAA2B10CC, 0xB4E49CD8, 0x56A7D464, +0x7C3659FB, 0x4B208472, 0x9F4DF6EA, 0x5FAADF6A, 0xC1DFCE2D, 0x48685870, +0xAFF381CA, 0x05D89106, 0x774B695A, 0xDE28A594, 0xDF104239, 0x3BC34781, +0x82CAA6FC, 0xC8D2C523, 0xF86CB203, 0x0CD59A08, 0xB7AC40DA, 0xB909E17D, +0x24342C38, 0x5247A2CF, 0xB274D1DC, 0xA85B2B63, 0xD5559535, 0x9E751147, +0xE5EBE215, 0x9430C64B, 0x6F14A84A, 0x239C8691, 0x6ACC394C, 0x8AFF4A5F, +0x06904D04, 0x99DDBBEE, 0x1152CA1E, 0xFFC418AA, 0x646998EB, 0xFEFCFF07, +0x345E018B, 0x7D0EBE56, 0xE79BD9BA, 0x63C13242, 0xB5DC7B75, 0x26441797, +0xAECB6667, 0x250CCB95, 0x9A9567EC, 0x862AD057, 0x50379960, 0xE4D305B8, +0xAD83BA65, 0xEFAE3519, 0xF6C913A4, 0x5B4AA9C1, 0x3E1BD687, 0xF0595EA0, +0x148A5B18, 0x02703BAF, 0x04E076AB, 0x4950BFDD, 0x4A1863DF, 0xA5B656C6, +0x3D530A85, 0x871237FA, 0xB694A777, 0x65517F46, 0x61B109ED, 0xECE6E91B, +0x458525D5, 0x753B52F5, 0xBA413D7F, 0xCE428827, 0xEB4E43B2, 0xBDE997D6, +0x7B9EF352, 0x537F4562, 0x3AFBA02C, 0xBCD1707B, 0x1FF76BB9, 0x1B171D12, +0x79EEC8FD, 0x277CF03A, 0x0A45D70C, 0xDD607996, 0x33F6AB22, 0xFA1C89AC, +0xACBB5DC8, 0x0B7D30A1, 0xBEA14BD4, 0xE10B94BE, 0xCD0A5425, 0x7E466254, +0xF31182A2, 0xE6A33E17, 0x3566E626, 0x580275C3, 0x388B9B83, 0x44BDC278, +0x0348DC02, 0x92A08B4F, 0x39B37C2E, 0x6984E54E, 0x888F71F0, 0x2D392736, +0xD2FD3F9C, 0xFB246E01, 0x3716DD89, 0x00000000, 0x8D57E0F6, 0x93986CE2, +0x4EF81574, 0x20D45A93, 0x0138E7AD, 0x405DB4D3, 0x17C2871A, 0x106A2DB3, +0x78D62F50, 0x8E1F3CF4, 0x0EA5A1A7, 0xB34C3671, 0xD725AE9A, 0x71DB245E, +0x1D875016, 0x62F9D5EF, 0x3186908D, 0x121A161C, 0xF581CFA6, 0x8C6F075B, +0xD61D4937, 0x593A926E, 0xC6776484, 0xC53FB886, 0x46CDF9D7, 0x90D0B0E0, +0xC74F8329, 0x9640FDE4, 0x090D0B0E, 0xA156206D, 0xC9EA228E, 0x4C882EDB, +0x76738EF7, 0x15B2BCB5, 0x185FC110, 0x2BA96A32, 0xA48EB16B, 0xF95455AE, +0x6089EE40, 0x55EF0866, 0x672144E9, 0x21ECBD3E, 0x30BE7720, 0x8BC7ADF2, +0xC0E72980, 0x1ECF8C14, 0xE24348BC, 0xA6FE8AC4, 0xD3C5D831, 0x16FA60B7, +0x80BA9D53, 0x4FC0F2D9, 0xE93E781D, 0x362E3A24, 0x6BF4DEE1, 0x54D7EFCB, +0xF7F1F409, 0xC3AFF582, 0xF4B9280B, 0x29D9519D, 0x5E9238C7, 0x845AEBF8, +0xD8B8E890, 0xB13C0DDE, 0xD08D0433, 0x5CE20368, 0x5DDAE4C5, 0xDC589E3B, +0x0F9D460A, 0xDAC8D33F, 0x8F27DB59, 0xFC8CC4A8, 0xBF99AC79, 0x5A724E6C, +0xCAA2FE8C, 0xD1B5E39E, 0xEA76A41F, 0xB004EA73 }; + +} diff --git a/src/cipher/square/square.cpp b/src/cipher/square/square.cpp new file mode 100644 index 000000000..f2b15499b --- /dev/null +++ b/src/cipher/square/square.cpp @@ -0,0 +1,185 @@ +/************************************************* +* Square Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/square.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +/************************************************* +* Square Encryption * +*************************************************/ +void Square::enc(const byte in[], byte out[]) const + { + u32bit T0, T1, T2, T3, B0, B1, B2, B3; + B0 = TE0[in[ 0] ^ ME[ 0]] ^ TE1[in[ 4] ^ ME[ 4]] ^ + TE2[in[ 8] ^ ME[ 8]] ^ TE3[in[12] ^ ME[12]] ^ EK[0]; + B1 = TE0[in[ 1] ^ ME[ 1]] ^ TE1[in[ 5] ^ ME[ 5]] ^ + TE2[in[ 9] ^ ME[ 9]] ^ TE3[in[13] ^ ME[13]] ^ EK[1]; + B2 = TE0[in[ 2] ^ ME[ 2]] ^ TE1[in[ 6] ^ ME[ 6]] ^ + TE2[in[10] ^ ME[10]] ^ TE3[in[14] ^ ME[14]] ^ EK[2]; + B3 = TE0[in[ 3] ^ ME[ 3]] ^ TE1[in[ 7] ^ ME[ 7]] ^ + TE2[in[11] ^ ME[11]] ^ TE3[in[15] ^ ME[15]] ^ EK[3]; + for(u32bit j = 1; j != 7; j += 2) + { + T0 = TE0[get_byte(0, B0)] ^ TE1[get_byte(0, B1)] ^ + TE2[get_byte(0, B2)] ^ TE3[get_byte(0, B3)] ^ EK[4*j+0]; + T1 = TE0[get_byte(1, B0)] ^ TE1[get_byte(1, B1)] ^ + TE2[get_byte(1, B2)] ^ TE3[get_byte(1, B3)] ^ EK[4*j+1]; + T2 = TE0[get_byte(2, B0)] ^ TE1[get_byte(2, B1)] ^ + TE2[get_byte(2, B2)] ^ TE3[get_byte(2, B3)] ^ EK[4*j+2]; + T3 = TE0[get_byte(3, B0)] ^ TE1[get_byte(3, B1)] ^ + TE2[get_byte(3, B2)] ^ TE3[get_byte(3, B3)] ^ EK[4*j+3]; + B0 = TE0[get_byte(0, T0)] ^ TE1[get_byte(0, T1)] ^ + TE2[get_byte(0, T2)] ^ TE3[get_byte(0, T3)] ^ EK[4*j+4]; + B1 = TE0[get_byte(1, T0)] ^ TE1[get_byte(1, T1)] ^ + TE2[get_byte(1, T2)] ^ TE3[get_byte(1, T3)] ^ EK[4*j+5]; + B2 = TE0[get_byte(2, T0)] ^ TE1[get_byte(2, T1)] ^ + TE2[get_byte(2, T2)] ^ TE3[get_byte(2, T3)] ^ EK[4*j+6]; + B3 = TE0[get_byte(3, T0)] ^ TE1[get_byte(3, T1)] ^ + TE2[get_byte(3, T2)] ^ TE3[get_byte(3, T3)] ^ EK[4*j+7]; + } + out[ 0] = SE[get_byte(0, B0)] ^ ME[16]; + out[ 1] = SE[get_byte(0, B1)] ^ ME[17]; + out[ 2] = SE[get_byte(0, B2)] ^ ME[18]; + out[ 3] = SE[get_byte(0, B3)] ^ ME[19]; + out[ 4] = SE[get_byte(1, B0)] ^ ME[20]; + out[ 5] = SE[get_byte(1, B1)] ^ ME[21]; + out[ 6] = SE[get_byte(1, B2)] ^ ME[22]; + out[ 7] = SE[get_byte(1, B3)] ^ ME[23]; + out[ 8] = SE[get_byte(2, B0)] ^ ME[24]; + out[ 9] = SE[get_byte(2, B1)] ^ ME[25]; + out[10] = SE[get_byte(2, B2)] ^ ME[26]; + out[11] = SE[get_byte(2, B3)] ^ ME[27]; + out[12] = SE[get_byte(3, B0)] ^ ME[28]; + out[13] = SE[get_byte(3, B1)] ^ ME[29]; + out[14] = SE[get_byte(3, B2)] ^ ME[30]; + out[15] = SE[get_byte(3, B3)] ^ ME[31]; + } + +/************************************************* +* Square Decryption * +*************************************************/ +void Square::dec(const byte in[], byte out[]) const + { + u32bit T0, T1, T2, T3, B0, B1, B2, B3; + B0 = TD0[in[ 0] ^ MD[ 0]] ^ TD1[in[ 4] ^ MD[ 4]] ^ + TD2[in[ 8] ^ MD[ 8]] ^ TD3[in[12] ^ MD[12]] ^ DK[0]; + B1 = TD0[in[ 1] ^ MD[ 1]] ^ TD1[in[ 5] ^ MD[ 5]] ^ + TD2[in[ 9] ^ MD[ 9]] ^ TD3[in[13] ^ MD[13]] ^ DK[1]; + B2 = TD0[in[ 2] ^ MD[ 2]] ^ TD1[in[ 6] ^ MD[ 6]] ^ + TD2[in[10] ^ MD[10]] ^ TD3[in[14] ^ MD[14]] ^ DK[2]; + B3 = TD0[in[ 3] ^ MD[ 3]] ^ TD1[in[ 7] ^ MD[ 7]] ^ + TD2[in[11] ^ MD[11]] ^ TD3[in[15] ^ MD[15]] ^ DK[3]; + for(u32bit j = 1; j != 7; j += 2) + { + T0 = TD0[get_byte(0, B0)] ^ TD1[get_byte(0, B1)] ^ + TD2[get_byte(0, B2)] ^ TD3[get_byte(0, B3)] ^ DK[4*j+0]; + T1 = TD0[get_byte(1, B0)] ^ TD1[get_byte(1, B1)] ^ + TD2[get_byte(1, B2)] ^ TD3[get_byte(1, B3)] ^ DK[4*j+1]; + T2 = TD0[get_byte(2, B0)] ^ TD1[get_byte(2, B1)] ^ + TD2[get_byte(2, B2)] ^ TD3[get_byte(2, B3)] ^ DK[4*j+2]; + T3 = TD0[get_byte(3, B0)] ^ TD1[get_byte(3, B1)] ^ + TD2[get_byte(3, B2)] ^ TD3[get_byte(3, B3)] ^ DK[4*j+3]; + B0 = TD0[get_byte(0, T0)] ^ TD1[get_byte(0, T1)] ^ + TD2[get_byte(0, T2)] ^ TD3[get_byte(0, T3)] ^ DK[4*j+4]; + B1 = TD0[get_byte(1, T0)] ^ TD1[get_byte(1, T1)] ^ + TD2[get_byte(1, T2)] ^ TD3[get_byte(1, T3)] ^ DK[4*j+5]; + B2 = TD0[get_byte(2, T0)] ^ TD1[get_byte(2, T1)] ^ + TD2[get_byte(2, T2)] ^ TD3[get_byte(2, T3)] ^ DK[4*j+6]; + B3 = TD0[get_byte(3, T0)] ^ TD1[get_byte(3, T1)] ^ + TD2[get_byte(3, T2)] ^ TD3[get_byte(3, T3)] ^ DK[4*j+7]; + } + out[ 0] = SD[get_byte(0, B0)] ^ MD[16]; + out[ 1] = SD[get_byte(0, B1)] ^ MD[17]; + out[ 2] = SD[get_byte(0, B2)] ^ MD[18]; + out[ 3] = SD[get_byte(0, B3)] ^ MD[19]; + out[ 4] = SD[get_byte(1, B0)] ^ MD[20]; + out[ 5] = SD[get_byte(1, B1)] ^ MD[21]; + out[ 6] = SD[get_byte(1, B2)] ^ MD[22]; + out[ 7] = SD[get_byte(1, B3)] ^ MD[23]; + out[ 8] = SD[get_byte(2, B0)] ^ MD[24]; + out[ 9] = SD[get_byte(2, B1)] ^ MD[25]; + out[10] = SD[get_byte(2, B2)] ^ MD[26]; + out[11] = SD[get_byte(2, B3)] ^ MD[27]; + out[12] = SD[get_byte(3, B0)] ^ MD[28]; + out[13] = SD[get_byte(3, B1)] ^ MD[29]; + out[14] = SD[get_byte(3, B2)] ^ MD[30]; + out[15] = SD[get_byte(3, B3)] ^ MD[31]; + } + +/************************************************* +* Square Key Schedule * +*************************************************/ +void Square::key(const byte key[], u32bit) + { + SecureBuffer<u32bit, 36> XEK, XDK; + for(u32bit j = 0; j != 4; ++j) + XEK[j] = load_be<u32bit>(key, j); + for(u32bit j = 0; j != 8; ++j) + { + XEK[4*j+4] = XEK[4*j ] ^ rotate_left(XEK[4*j+3], 8) ^ (0x01000000 << j); + XEK[4*j+5] = XEK[4*j+1] ^ XEK[4*j+4]; + XEK[4*j+6] = XEK[4*j+2] ^ XEK[4*j+5]; + XEK[4*j+7] = XEK[4*j+3] ^ XEK[4*j+6]; + XDK.copy(28 - 4*j, XEK + 4*(j+1), 4); + transform(XEK + 4*j); + } + for(u32bit j = 0; j != 4; ++j) + for(u32bit k = 0; k != 4; ++k) + { + ME[4*j+k ] = get_byte(k, XEK[j ]); + ME[4*j+k+16] = get_byte(k, XEK[j+32]); + MD[4*j+k ] = get_byte(k, XDK[j ]); + MD[4*j+k+16] = get_byte(k, XEK[j ]); + } + EK.copy(XEK + 4, 28); + DK.copy(XDK + 4, 28); + } + +/************************************************* +* Square's Inverse Linear Transformation * +*************************************************/ +void Square::transform(u32bit round_key[4]) + { + static const byte G[4][4] = { + { 0x02, 0x01, 0x01, 0x03 }, + { 0x03, 0x02, 0x01, 0x01 }, + { 0x01, 0x03, 0x02, 0x01 }, + { 0x01, 0x01, 0x03, 0x02 } }; + + for(u32bit j = 0; j != 4; ++j) + { + SecureBuffer<byte, 4> A, B; + + store_be(round_key[j], A); + + for(u32bit k = 0; k != 4; ++k) + for(u32bit l = 0; l != 4; ++l) + { + const byte a = A[l]; + const byte b = G[l][k]; + + if(a && b) + B[k] ^= ALog[(Log[a] + Log[b]) % 255]; + } + + round_key[j] = load_be<u32bit>(B.begin(), 0); + } + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void Square::clear() throw() + { + EK.clear(); + DK.clear(); + ME.clear(); + MD.clear(); + } + +} diff --git a/src/cipher/square/square.h b/src/cipher/square/square.h new file mode 100644 index 000000000..efbc6e730 --- /dev/null +++ b/src/cipher/square/square.h @@ -0,0 +1,50 @@ +/************************************************* +* Square Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_SQUARE_H__ +#define BOTAN_SQUARE_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* Square * +*************************************************/ +class BOTAN_DLL Square : public BlockCipher + { + public: + void clear() throw(); + std::string name() const { return "Square"; } + BlockCipher* clone() const { return new Square; } + Square() : BlockCipher(16, 16) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + + static void transform(u32bit[4]); + + static const byte SE[256]; + static const byte SD[256]; + static const byte Log[256]; + static const byte ALog[255]; + + static const u32bit TE0[256]; + static const u32bit TE1[256]; + static const u32bit TE2[256]; + static const u32bit TE3[256]; + static const u32bit TD0[256]; + static const u32bit TD1[256]; + static const u32bit TD2[256]; + static const u32bit TD3[256]; + + SecureBuffer<u32bit, 28> EK, DK; + SecureBuffer<byte, 32> ME, MD; + }; + +} + +#endif diff --git a/src/cipher/tea/modinfo.txt b/src/cipher/tea/modinfo.txt new file mode 100644 index 000000000..6a0e76b15 --- /dev/null +++ b/src/cipher/tea/modinfo.txt @@ -0,0 +1,10 @@ +realname "TEA" + +define TEA + +load_on auto + +<add> +tea.cpp +tea.h +</add> diff --git a/src/cipher/tea/tea.cpp b/src/cipher/tea/tea.cpp new file mode 100644 index 000000000..c5bd1b1fa --- /dev/null +++ b/src/cipher/tea/tea.cpp @@ -0,0 +1,56 @@ +/************************************************* +* TEA Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/tea.h> +#include <botan/loadstor.h> + +namespace Botan { + +/************************************************* +* TEA Encryption * +*************************************************/ +void TEA::enc(const byte in[], byte out[]) const + { + u32bit L = load_be<u32bit>(in, 0), R = load_be<u32bit>(in, 1); + + u32bit S = 0; + for(u32bit j = 0; j != 32; ++j) + { + S += 0x9E3779B9; + L += ((R << 4) + K[0]) ^ (R + S) ^ ((R >> 5) + K[1]); + R += ((L << 4) + K[2]) ^ (L + S) ^ ((L >> 5) + K[3]); + } + + store_be(out, L, R); + } + +/************************************************* +* TEA Decryption * +*************************************************/ +void TEA::dec(const byte in[], byte out[]) const + { + u32bit L = load_be<u32bit>(in, 0), R = load_be<u32bit>(in, 1); + + u32bit S = 0xC6EF3720; + for(u32bit j = 0; j != 32; ++j) + { + R -= ((L << 4) + K[2]) ^ (L + S) ^ ((L >> 5) + K[3]); + L -= ((R << 4) + K[0]) ^ (R + S) ^ ((R >> 5) + K[1]); + S -= 0x9E3779B9; + } + + store_be(out, L, R); + } + +/************************************************* +* TEA Key Schedule * +*************************************************/ +void TEA::key(const byte key[], u32bit) + { + for(u32bit j = 0; j != 4; ++j) + K[j] = load_be<u32bit>(key, j); + } + +} diff --git a/src/cipher/tea/tea.h b/src/cipher/tea/tea.h new file mode 100644 index 000000000..2fc9fe838 --- /dev/null +++ b/src/cipher/tea/tea.h @@ -0,0 +1,32 @@ +/************************************************* +* TEA Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_TEA_H__ +#define BOTAN_TEA_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* TEA * +*************************************************/ +class BOTAN_DLL TEA : public BlockCipher + { + public: + void clear() throw() { K.clear(); } + std::string name() const { return "TEA"; } + BlockCipher* clone() const { return new TEA; } + TEA() : BlockCipher(8, 16) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + SecureBuffer<u32bit, 4> K; + }; + +} + +#endif diff --git a/src/cipher/turing/modinfo.txt b/src/cipher/turing/modinfo.txt new file mode 100644 index 000000000..95ae2cf48 --- /dev/null +++ b/src/cipher/turing/modinfo.txt @@ -0,0 +1,11 @@ +realname "Turing" + +define TURING + +load_on auto + +<add> +tur_tab.cpp +turing.cpp +turing.h +</add> diff --git a/src/cipher/turing/tur_tab.cpp b/src/cipher/turing/tur_tab.cpp new file mode 100644 index 000000000..08793f59d --- /dev/null +++ b/src/cipher/turing/tur_tab.cpp @@ -0,0 +1,104 @@ +/************************************************* +* Tables for Turing * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/turing.h> + +namespace Botan { + +const byte Turing::SBOX[256] = { + 0x61, 0x51, 0xEB, 0x19, 0xB9, 0x5D, 0x60, 0x38, 0x7C, 0xB2, 0x06, 0x12, + 0xC4, 0x5B, 0x16, 0x3B, 0x2B, 0x18, 0x83, 0xB0, 0x7F, 0x75, 0xFA, 0xA0, + 0xE9, 0xDD, 0x6D, 0x7A, 0x6B, 0x68, 0x2D, 0x49, 0xB5, 0x1C, 0x90, 0xF7, + 0xED, 0x9F, 0xE8, 0xCE, 0xAE, 0x77, 0xC2, 0x13, 0xFD, 0xCD, 0x3E, 0xCF, + 0x37, 0x6A, 0xD4, 0xDB, 0x8E, 0x65, 0x1F, 0x1A, 0x87, 0xCB, 0x40, 0x15, + 0x88, 0x0D, 0x35, 0xB3, 0x11, 0x0F, 0xD0, 0x30, 0x48, 0xF9, 0xA8, 0xAC, + 0x85, 0x27, 0x0E, 0x8A, 0xE0, 0x50, 0x64, 0xA7, 0xCC, 0xE4, 0xF1, 0x98, + 0xFF, 0xA1, 0x04, 0xDA, 0xD5, 0xBC, 0x1B, 0xBB, 0xD1, 0xFE, 0x31, 0xCA, + 0xBA, 0xD9, 0x2E, 0xF3, 0x1D, 0x47, 0x4A, 0x3D, 0x71, 0x4C, 0xAB, 0x7D, + 0x8D, 0xC7, 0x59, 0xB8, 0xC1, 0x96, 0x1E, 0xFC, 0x44, 0xC8, 0x7B, 0xDC, + 0x5C, 0x78, 0x2A, 0x9D, 0xA5, 0xF0, 0x73, 0x22, 0x89, 0x05, 0xF4, 0x07, + 0x21, 0x52, 0xA6, 0x28, 0x9A, 0x92, 0x69, 0x8F, 0xC5, 0xC3, 0xF5, 0xE1, + 0xDE, 0xEC, 0x09, 0xF2, 0xD3, 0xAF, 0x34, 0x23, 0xAA, 0xDF, 0x7E, 0x82, + 0x29, 0xC0, 0x24, 0x14, 0x03, 0x32, 0x4E, 0x39, 0x6F, 0xC6, 0xB1, 0x9B, + 0xEA, 0x72, 0x79, 0x41, 0xD8, 0x26, 0x6C, 0x5E, 0x2C, 0xB4, 0xA2, 0x53, + 0x57, 0xE2, 0x9C, 0x86, 0x54, 0x95, 0xB6, 0x80, 0x8C, 0x36, 0x67, 0xBD, + 0x08, 0x93, 0x2F, 0x99, 0x5A, 0xF8, 0x3A, 0xD7, 0x56, 0x84, 0xD2, 0x01, + 0xF6, 0x66, 0x4D, 0x55, 0x8B, 0x0C, 0x0B, 0x46, 0xB7, 0x3C, 0x45, 0x91, + 0xA4, 0xE3, 0x70, 0xD6, 0xFB, 0xE6, 0x10, 0xA9, 0xC9, 0x00, 0x9E, 0xE7, + 0x4F, 0x76, 0x25, 0x3F, 0x5F, 0xA3, 0x33, 0x20, 0x02, 0xEF, 0x62, 0x74, + 0xEE, 0x17, 0x81, 0x42, 0x58, 0x0A, 0x4B, 0x63, 0xE5, 0xBE, 0x6E, 0xAD, + 0xBF, 0x43, 0x94, 0x97 }; + +const byte Turing::OFFSETS[272] = { + 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x0C, 0x0E, 0x0F, + 0x10, 0x00, 0x00, 0x00, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, + 0x0D, 0x00, 0x02, 0x03, 0x04, 0x00, 0x00, 0x00, 0x0A, 0x0B, 0x0C, 0x0D, + 0x0E, 0x0F, 0x10, 0x00, 0x01, 0x05, 0x07, 0x08, 0x09, 0x00, 0x00, 0x00, + 0x0F, 0x10, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x0A, 0x0C, 0x0D, + 0x0E, 0x00, 0x00, 0x00, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0A, + 0x0B, 0x0F, 0x00, 0x01, 0x02, 0x00, 0x00, 0x00, 0x08, 0x09, 0x0A, 0x0B, + 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x03, 0x05, 0x06, 0x07, 0x00, 0x00, 0x00, + 0x0D, 0x0E, 0x0F, 0x10, 0x00, 0x01, 0x02, 0x03, 0x04, 0x08, 0x0A, 0x0B, + 0x0C, 0x00, 0x00, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, + 0x09, 0x0D, 0x0F, 0x10, 0x00, 0x00, 0x00, 0x00, 0x06, 0x07, 0x08, 0x09, + 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x01, 0x03, 0x04, 0x05, 0x00, 0x00, 0x00, + 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x00, 0x01, 0x02, 0x06, 0x08, 0x09, + 0x0A, 0x00, 0x00, 0x00, 0x10, 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, + 0x07, 0x0B, 0x0D, 0x0E, 0x0F, 0x00, 0x00, 0x00, 0x04, 0x05, 0x06, 0x07, + 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x10, 0x01, 0x02, 0x03, 0x00, 0x00, 0x00, + 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x00, 0x04, 0x06, 0x07, + 0x08, 0x00, 0x00, 0x00, 0x0E, 0x0F, 0x10, 0x00, 0x01, 0x02, 0x03, 0x04, + 0x05, 0x09, 0x0B, 0x0C, 0x0D, 0x00, 0x00, 0x00, 0x02, 0x03, 0x04, 0x05, + 0x06, 0x07, 0x08, 0x09, 0x0A, 0x0E, 0x10, 0x00, 0x01, 0x00, 0x00, 0x00, + 0x07, 0x08, 0x09, 0x0A, 0x0B, 0x0C, 0x0D, 0x0E, 0x0F, 0x02, 0x04, 0x05, + 0x06, 0x00, 0x00, 0x00, 0x0C, 0x0D, 0x0E, 0x0F, 0x10, 0x00, 0x01, 0x02, + 0x03, 0x07, 0x09, 0x0A, 0x0B, 0x00, 0x00, 0x00 }; + +const u32bit Turing::Q_BOX[256] = { + 0x1FAA1887, 0x4E5E435C, 0x9165C042, 0x250E6EF4, 0x5957EE20, 0xD484FED3, + 0xA666C502, 0x7E54E8AE, 0xD12EE9D9, 0xFC1F38D4, 0x49829B5D, 0x1B5CDF3C, + 0x74864249, 0xDA2E3963, 0x28F4429F, 0xC8432C35, 0x4AF40325, 0x9FC0DD70, + 0xD8973DED, 0x1A02DC5E, 0xCD175B42, 0xF10012BF, 0x6694D78C, 0xACAAB26B, + 0x4EC11B9A, 0x3F168146, 0xC0EA8EC5, 0xB38AC28F, 0x1FED5C0F, 0xAAB4101C, + 0xEA2DB082, 0x470929E1, 0xE71843DE, 0x508299FC, 0xE72FBC4B, 0x2E3915DD, + 0x9FA803FA, 0x9546B2DE, 0x3C233342, 0x0FCEE7C3, 0x24D607EF, 0x8F97EBAB, + 0xF37F859B, 0xCD1F2E2F, 0xC25B71DA, 0x75E2269A, 0x1E39C3D1, 0xEDA56B36, + 0xF8C9DEF2, 0x46C9FC5F, 0x1827B3A3, 0x70A56DDF, 0x0D25B510, 0x000F85A7, + 0xB2E82E71, 0x68CB8816, 0x8F951E2A, 0x72F5F6AF, 0xE4CBC2B3, 0xD34FF55D, + 0x2E6B6214, 0x220B83E3, 0xD39EA6F5, 0x6FE041AF, 0x6B2F1F17, 0xAD3B99EE, + 0x16A65EC0, 0x757016C6, 0xBA7709A4, 0xB0326E01, 0xF4B280D9, 0x4BFB1418, + 0xD6AFF227, 0xFD548203, 0xF56B9D96, 0x6717A8C0, 0x00D5BF6E, 0x10EE7888, + 0xEDFCFE64, 0x1BA193CD, 0x4B0D0184, 0x89AE4930, 0x1C014F36, 0x82A87088, + 0x5EAD6C2A, 0xEF22C678, 0x31204DE7, 0xC9C2E759, 0xD200248E, 0x303B446B, + 0xB00D9FC2, 0x9914A895, 0x906CC3A1, 0x54FEF170, 0x34C19155, 0xE27B8A66, + 0x131B5E69, 0xC3A8623E, 0x27BDFA35, 0x97F068CC, 0xCA3A6ACD, 0x4B55E936, + 0x86602DB9, 0x51DF13C1, 0x390BB16D, 0x5A80B83C, 0x22B23763, 0x39D8A911, + 0x2CB6BC13, 0xBF5579D7, 0x6C5C2FA8, 0xA8F4196E, 0xBCDB5476, 0x6864A866, + 0x416E16AD, 0x897FC515, 0x956FEB3C, 0xF6C8A306, 0x216799D9, 0x171A9133, + 0x6C2466DD, 0x75EB5DCD, 0xDF118F50, 0xE4AFB226, 0x26B9CEF3, 0xADB36189, + 0x8A7A19B1, 0xE2C73084, 0xF77DED5C, 0x8B8BC58F, 0x06DDE421, 0xB41E47FB, + 0xB1CC715E, 0x68C0FF99, 0x5D122F0F, 0xA4D25184, 0x097A5E6C, 0x0CBF18BC, + 0xC2D7C6E0, 0x8BB7E420, 0xA11F523F, 0x35D9B8A2, 0x03DA1A6B, 0x06888C02, + 0x7DD1E354, 0x6BBA7D79, 0x32CC7753, 0xE52D9655, 0xA9829DA1, 0x301590A7, + 0x9BC1C149, 0x13537F1C, 0xD3779B69, 0x2D71F2B7, 0x183C58FA, 0xACDC4418, + 0x8D8C8C76, 0x2620D9F0, 0x71A80D4D, 0x7A74C473, 0x449410E9, 0xA20E4211, + 0xF9C8082B, 0x0A6B334A, 0xB5F68ED2, 0x8243CC1B, 0x453C0FF3, 0x9BE564A0, + 0x4FF55A4F, 0x8740F8E7, 0xCCA7F15F, 0xE300FE21, 0x786D37D6, 0xDFD506F1, + 0x8EE00973, 0x17BBDE36, 0x7A670FA8, 0x5C31AB9E, 0xD4DAB618, 0xCC1F52F5, + 0xE358EB4F, 0x19B9E343, 0x3A8D77DD, 0xCDB93DA6, 0x140FD52D, 0x395412F8, + 0x2BA63360, 0x37E53AD0, 0x80700F1C, 0x7624ED0B, 0x703DC1EC, 0xB7366795, + 0xD6549D15, 0x66CE46D7, 0xD17ABE76, 0xA448E0A0, 0x28F07C02, 0xC31249B7, + 0x6E9ED6BA, 0xEAA47F78, 0xBBCFFFBD, 0xC507CA84, 0xE965F4DA, 0x8E9F35DA, + 0x6AD2AA44, 0x577452AC, 0xB5D674A7, 0x5461A46A, 0x6763152A, 0x9C12B7AA, + 0x12615927, 0x7B4FB118, 0xC351758D, 0x7E81687B, 0x5F52F0B3, 0x2D4254ED, + 0xD4C77271, 0x0431ACAB, 0xBEF94AEC, 0xFEE994CD, 0x9C4D9E81, 0xED623730, + 0xCF8A21E8, 0x51917F0B, 0xA7A9B5D6, 0xB297ADF8, 0xEED30431, 0x68CAC921, + 0xF1B35D46, 0x7A430A36, 0x51194022, 0x9ABCA65E, 0x85EC70BA, 0x39AEA8CC, + 0x737BAE8B, 0x582924D5, 0x03098A5A, 0x92396B81, 0x18DE2522, 0x745C1CB8, + 0xA1B8FE1D, 0x5DB3C697, 0x29164F83, 0x97C16376, 0x8419224C, 0x21203B35, + 0x833AC0FE, 0xD966A19A, 0xAAF0B24F, 0x40FDA998, 0xE7D52D71, 0x390896A8, + 0xCEE6053F, 0xD0B0D300, 0xFF99CBCC, 0x065E3D40 }; + +} diff --git a/src/cipher/turing/turing.cpp b/src/cipher/turing/turing.cpp new file mode 100644 index 000000000..017b5cf1d --- /dev/null +++ b/src/cipher/turing/turing.cpp @@ -0,0 +1,274 @@ +/************************************************* +* Turing Source File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#include <botan/turing.h> +#include <botan/loadstor.h> +#include <botan/xor_buf.h> + +namespace Botan { + +namespace { + +/************************************************* +* Perform an N-way PHT * +*************************************************/ +inline void PHT(MemoryRegion<u32bit>& buf) + { + u32bit sum = 0; + for(u32bit j = 0; j < buf.size() - 1; ++j) + sum += buf[j]; + buf[buf.size()-1] += sum; + sum = buf[buf.size()-1]; + for(u32bit j = 0; j < buf.size() - 1; ++j) + buf[j] += sum; + } + +/************************************************* +* Turing's polynomial multiplication * +*************************************************/ +inline u32bit mul(u32bit X) + { + static const u32bit MULT_TAB[256] = { + 0x00000000, 0xD02B4367, 0xED5686CE, 0x3D7DC5A9, 0x97AC41D1, 0x478702B6, + 0x7AFAC71F, 0xAAD18478, 0x631582EF, 0xB33EC188, 0x8E430421, 0x5E684746, + 0xF4B9C33E, 0x24928059, 0x19EF45F0, 0xC9C40697, 0xC62A4993, 0x16010AF4, + 0x2B7CCF5D, 0xFB578C3A, 0x51860842, 0x81AD4B25, 0xBCD08E8C, 0x6CFBCDEB, + 0xA53FCB7C, 0x7514881B, 0x48694DB2, 0x98420ED5, 0x32938AAD, 0xE2B8C9CA, + 0xDFC50C63, 0x0FEE4F04, 0xC154926B, 0x117FD10C, 0x2C0214A5, 0xFC2957C2, + 0x56F8D3BA, 0x86D390DD, 0xBBAE5574, 0x6B851613, 0xA2411084, 0x726A53E3, + 0x4F17964A, 0x9F3CD52D, 0x35ED5155, 0xE5C61232, 0xD8BBD79B, 0x089094FC, + 0x077EDBF8, 0xD755989F, 0xEA285D36, 0x3A031E51, 0x90D29A29, 0x40F9D94E, + 0x7D841CE7, 0xADAF5F80, 0x646B5917, 0xB4401A70, 0x893DDFD9, 0x59169CBE, + 0xF3C718C6, 0x23EC5BA1, 0x1E919E08, 0xCEBADD6F, 0xCFA869D6, 0x1F832AB1, + 0x22FEEF18, 0xF2D5AC7F, 0x58042807, 0x882F6B60, 0xB552AEC9, 0x6579EDAE, + 0xACBDEB39, 0x7C96A85E, 0x41EB6DF7, 0x91C02E90, 0x3B11AAE8, 0xEB3AE98F, + 0xD6472C26, 0x066C6F41, 0x09822045, 0xD9A96322, 0xE4D4A68B, 0x34FFE5EC, + 0x9E2E6194, 0x4E0522F3, 0x7378E75A, 0xA353A43D, 0x6A97A2AA, 0xBABCE1CD, + 0x87C12464, 0x57EA6703, 0xFD3BE37B, 0x2D10A01C, 0x106D65B5, 0xC04626D2, + 0x0EFCFBBD, 0xDED7B8DA, 0xE3AA7D73, 0x33813E14, 0x9950BA6C, 0x497BF90B, + 0x74063CA2, 0xA42D7FC5, 0x6DE97952, 0xBDC23A35, 0x80BFFF9C, 0x5094BCFB, + 0xFA453883, 0x2A6E7BE4, 0x1713BE4D, 0xC738FD2A, 0xC8D6B22E, 0x18FDF149, + 0x258034E0, 0xF5AB7787, 0x5F7AF3FF, 0x8F51B098, 0xB22C7531, 0x62073656, + 0xABC330C1, 0x7BE873A6, 0x4695B60F, 0x96BEF568, 0x3C6F7110, 0xEC443277, + 0xD139F7DE, 0x0112B4B9, 0xD31DD2E1, 0x03369186, 0x3E4B542F, 0xEE601748, + 0x44B19330, 0x949AD057, 0xA9E715FE, 0x79CC5699, 0xB008500E, 0x60231369, + 0x5D5ED6C0, 0x8D7595A7, 0x27A411DF, 0xF78F52B8, 0xCAF29711, 0x1AD9D476, + 0x15379B72, 0xC51CD815, 0xF8611DBC, 0x284A5EDB, 0x829BDAA3, 0x52B099C4, + 0x6FCD5C6D, 0xBFE61F0A, 0x7622199D, 0xA6095AFA, 0x9B749F53, 0x4B5FDC34, + 0xE18E584C, 0x31A51B2B, 0x0CD8DE82, 0xDCF39DE5, 0x1249408A, 0xC26203ED, + 0xFF1FC644, 0x2F348523, 0x85E5015B, 0x55CE423C, 0x68B38795, 0xB898C4F2, + 0x715CC265, 0xA1778102, 0x9C0A44AB, 0x4C2107CC, 0xE6F083B4, 0x36DBC0D3, + 0x0BA6057A, 0xDB8D461D, 0xD4630919, 0x04484A7E, 0x39358FD7, 0xE91ECCB0, + 0x43CF48C8, 0x93E40BAF, 0xAE99CE06, 0x7EB28D61, 0xB7768BF6, 0x675DC891, + 0x5A200D38, 0x8A0B4E5F, 0x20DACA27, 0xF0F18940, 0xCD8C4CE9, 0x1DA70F8E, + 0x1CB5BB37, 0xCC9EF850, 0xF1E33DF9, 0x21C87E9E, 0x8B19FAE6, 0x5B32B981, + 0x664F7C28, 0xB6643F4F, 0x7FA039D8, 0xAF8B7ABF, 0x92F6BF16, 0x42DDFC71, + 0xE80C7809, 0x38273B6E, 0x055AFEC7, 0xD571BDA0, 0xDA9FF2A4, 0x0AB4B1C3, + 0x37C9746A, 0xE7E2370D, 0x4D33B375, 0x9D18F012, 0xA06535BB, 0x704E76DC, + 0xB98A704B, 0x69A1332C, 0x54DCF685, 0x84F7B5E2, 0x2E26319A, 0xFE0D72FD, + 0xC370B754, 0x135BF433, 0xDDE1295C, 0x0DCA6A3B, 0x30B7AF92, 0xE09CECF5, + 0x4A4D688D, 0x9A662BEA, 0xA71BEE43, 0x7730AD24, 0xBEF4ABB3, 0x6EDFE8D4, + 0x53A22D7D, 0x83896E1A, 0x2958EA62, 0xF973A905, 0xC40E6CAC, 0x14252FCB, + 0x1BCB60CF, 0xCBE023A8, 0xF69DE601, 0x26B6A566, 0x8C67211E, 0x5C4C6279, + 0x6131A7D0, 0xB11AE4B7, 0x78DEE220, 0xA8F5A147, 0x958864EE, 0x45A32789, + 0xEF72A3F1, 0x3F59E096, 0x0224253F, 0xD20F6658 }; + + return (X << 8) ^ MULT_TAB[(X >> 24) & 0xFF]; + } + +} + +/************************************************* +* Combine cipher stream with message * +*************************************************/ +void Turing::cipher(const byte in[], byte out[], u32bit length) + { + while(length >= buffer.size() - position) + { + xor_buf(out, in, buffer.begin() + position, buffer.size() - position); + length -= (buffer.size() - position); + in += (buffer.size() - position); + out += (buffer.size() - position); + generate(); + } + xor_buf(out, in, buffer.begin() + position, length); + position += length; + } + +/************************************************* +* Generate cipher stream * +*************************************************/ +void Turing::generate() + { + for(u32bit j = 0; j != 17; ++j) + { + const u32bit idx_0 = OFFSETS[16*j]; + const u32bit idx_1 = OFFSETS[16*j+1]; + const u32bit idx_2 = OFFSETS[16*j+2]; + const u32bit idx_3 = OFFSETS[16*j+3]; + const u32bit idx_4 = OFFSETS[16*j+4]; + const u32bit idx_5 = OFFSETS[16*j+5]; + const u32bit idx_6 = OFFSETS[16*j+6]; + const u32bit idx_7 = OFFSETS[16*j+7]; + const u32bit idx_8 = OFFSETS[16*j+8]; + const u32bit idx_12 = OFFSETS[16*j+9]; + const u32bit idx_14 = OFFSETS[16*j+10]; + const u32bit idx_15 = OFFSETS[16*j+11]; + const u32bit idx_16 = OFFSETS[16*j+12]; + + R[idx_0] = mul(R[idx_0]) ^ R[idx_15] ^ R[idx_4]; + + u32bit A = R[idx_0]; + u32bit B = R[idx_14]; + u32bit C = R[idx_7]; + u32bit D = R[idx_2]; + u32bit E = R[idx_1]; + + E += A + B + C + D; + A += E; B += E; C += E; D += E; + + A = S0[get_byte(0, A)] ^ S1[get_byte(1, A)] ^ + S2[get_byte(2, A)] ^ S3[get_byte(3, A)]; + B = S0[get_byte(1, B)] ^ S1[get_byte(2, B)] ^ + S2[get_byte(3, B)] ^ S3[get_byte(0, B)]; + C = S0[get_byte(2, C)] ^ S1[get_byte(3, C)] ^ + S2[get_byte(0, C)] ^ S3[get_byte(1, C)]; + D = S0[get_byte(3, D)] ^ S1[get_byte(0, D)] ^ + S2[get_byte(1, D)] ^ S3[get_byte(2, D)]; + E = S0[get_byte(0, E)] ^ S1[get_byte(1, E)] ^ + S2[get_byte(2, E)] ^ S3[get_byte(3, E)]; + + E += A + B + C + D; + A += E; B += E; C += E; D += E; + + R[idx_1] = mul(R[idx_1]) ^ R[idx_16] ^ R[idx_5]; + R[idx_2] = mul(R[idx_2]) ^ R[idx_0] ^ R[idx_6]; + R[idx_3] = mul(R[idx_3]) ^ R[idx_1] ^ R[idx_7]; + + E += R[idx_4]; + + R[idx_4] = mul(R[idx_4]) ^ R[idx_2] ^ R[idx_8]; + + A += R[idx_1]; + B += R[idx_16]; + C += R[idx_12]; + D += R[idx_5]; + + for(u32bit k = 0; k != 4; ++k) + { + buffer[20*j+k ] = get_byte(k, A); + buffer[20*j+k+ 4] = get_byte(k, B); + buffer[20*j+k+ 8] = get_byte(k, C); + buffer[20*j+k+12] = get_byte(k, D); + buffer[20*j+k+16] = get_byte(k, E); + } + } + + position = 0; + } + +/************************************************* +* Turing's byte mixing step * +*************************************************/ +u32bit Turing::fixedS(u32bit W) + { + for(u32bit j = 0; j != 4; ++j) + { + byte B = SBOX[get_byte(j, W)]; + W ^= rotate_left(Q_BOX[B], j*8); + W &= rotate_right(0x00FFFFFF, j*8); + W |= B << (24-j*8); + } + return W; + } + +/************************************************* +* Generate the expanded Turing Sbox tables * +*************************************************/ +void Turing::gen_sbox(MemoryRegion<u32bit>& S, u32bit which, + const MemoryRegion<u32bit>& K) + { + for(u32bit j = 0; j != 256; ++j) + { + u32bit W = 0, C = j; + + for(u32bit k = 0; k < K.size(); ++k) + { + C = SBOX[get_byte(which, K[k]) ^ C]; + W ^= rotate_left(Q_BOX[C], k + 8*which); + } + S[j] = (W & rotate_right(0x00FFFFFF, 8*which)) | (C << (24 - 8*which)); + } + } + +/************************************************* +* Turing Key Schedule * +*************************************************/ +void Turing::key(const byte key[], u32bit length) + { + K.create(length / 4); + for(u32bit j = 0; j != length; ++j) + K[j/4] = (K[j/4] << 8) + key[j]; + + for(u32bit j = 0; j != K.size(); ++j) + K[j] = fixedS(K[j]); + + PHT(K); + + gen_sbox(S0, 0, K); + gen_sbox(S1, 1, K); + gen_sbox(S2, 2, K); + gen_sbox(S3, 3, K); + + resync(0, 0); + } + +/************************************************* +* Resynchronization * +*************************************************/ +void Turing::resync(const byte iv[], u32bit length) + { + if(length % 4 != 0 || length > 16) + throw Invalid_IV_Length(name(), length); + + SecureVector<u32bit> IV(length / 4); + for(u32bit j = 0; j != length; ++j) + IV[j/4] = (IV[j/4] << 8) + iv[j]; + + for(u32bit j = 0; j != IV.size(); ++j) + R[j] = IV[j] = fixedS(IV[j]); + + for(u32bit j = 0; j != K.size(); ++j) + R[j+IV.size()] = K[j]; + + R[K.size() + IV.size()] = (0x010203 << 8) | (K.size() << 4) | IV.size(); + + for(u32bit j = K.size() + IV.size() + 1; j != 17; ++j) + { + const u32bit W = R[j-K.size()-IV.size()-1] + R[j-1]; + R[j] = S0[get_byte(0, W)] ^ S1[get_byte(1, W)] ^ + S2[get_byte(2, W)] ^ S3[get_byte(3, W)]; + } + + PHT(R); + + generate(); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void Turing::clear() throw() + { + S0.clear(); + S1.clear(); + S2.clear(); + S3.clear(); + + buffer.clear(); + position = 0; + } + +} diff --git a/src/cipher/turing/turing.h b/src/cipher/turing/turing.h new file mode 100644 index 000000000..14b2e6fd6 --- /dev/null +++ b/src/cipher/turing/turing.h @@ -0,0 +1,46 @@ +/************************************************* +* Turing Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_TURING_H__ +#define BOTAN_TURING_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* Turing * +*************************************************/ +class BOTAN_DLL Turing : public StreamCipher + { + public: + void clear() throw(); + std::string name() const { return "Turing"; } + StreamCipher* clone() const { return new Turing; } + Turing() : StreamCipher(4, 32, 4) { position = 0; } + private: + void cipher(const byte[], byte[], u32bit); + void key(const byte[], u32bit); + void resync(const byte[], u32bit); + void generate(); + + static u32bit fixedS(u32bit); + static void gen_sbox(MemoryRegion<u32bit>&, u32bit, + const MemoryRegion<u32bit>&); + + static const u32bit Q_BOX[256]; + static const byte SBOX[256]; + static const byte OFFSETS[272]; + + SecureBuffer<u32bit, 256> S0, S1, S2, S3; + SecureBuffer<u32bit, 17> R; + SecureVector<u32bit> K; + SecureBuffer<byte, 340> buffer; + u32bit position; + }; + +} + +#endif diff --git a/src/cipher/twofish/modinfo.txt b/src/cipher/twofish/modinfo.txt new file mode 100644 index 000000000..35639d858 --- /dev/null +++ b/src/cipher/twofish/modinfo.txt @@ -0,0 +1,11 @@ +realname "Twofish" + +define TWOFISH + +load_on auto + +<add> +two_tab.cpp +twofish.cpp +twofish.h +</add> diff --git a/src/cipher/twofish/two_tab.cpp b/src/cipher/twofish/two_tab.cpp new file mode 100644 index 000000000..7d349312b --- /dev/null +++ b/src/cipher/twofish/two_tab.cpp @@ -0,0 +1,291 @@ +/************************************************* +* S-Box and MDS Tables for Twofish * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/twofish.h> + +namespace Botan { + +const byte Twofish::Q0[256] = { + 0xA9, 0x67, 0xB3, 0xE8, 0x04, 0xFD, 0xA3, 0x76, 0x9A, 0x92, 0x80, 0x78, + 0xE4, 0xDD, 0xD1, 0x38, 0x0D, 0xC6, 0x35, 0x98, 0x18, 0xF7, 0xEC, 0x6C, + 0x43, 0x75, 0x37, 0x26, 0xFA, 0x13, 0x94, 0x48, 0xF2, 0xD0, 0x8B, 0x30, + 0x84, 0x54, 0xDF, 0x23, 0x19, 0x5B, 0x3D, 0x59, 0xF3, 0xAE, 0xA2, 0x82, + 0x63, 0x01, 0x83, 0x2E, 0xD9, 0x51, 0x9B, 0x7C, 0xA6, 0xEB, 0xA5, 0xBE, + 0x16, 0x0C, 0xE3, 0x61, 0xC0, 0x8C, 0x3A, 0xF5, 0x73, 0x2C, 0x25, 0x0B, + 0xBB, 0x4E, 0x89, 0x6B, 0x53, 0x6A, 0xB4, 0xF1, 0xE1, 0xE6, 0xBD, 0x45, + 0xE2, 0xF4, 0xB6, 0x66, 0xCC, 0x95, 0x03, 0x56, 0xD4, 0x1C, 0x1E, 0xD7, + 0xFB, 0xC3, 0x8E, 0xB5, 0xE9, 0xCF, 0xBF, 0xBA, 0xEA, 0x77, 0x39, 0xAF, + 0x33, 0xC9, 0x62, 0x71, 0x81, 0x79, 0x09, 0xAD, 0x24, 0xCD, 0xF9, 0xD8, + 0xE5, 0xC5, 0xB9, 0x4D, 0x44, 0x08, 0x86, 0xE7, 0xA1, 0x1D, 0xAA, 0xED, + 0x06, 0x70, 0xB2, 0xD2, 0x41, 0x7B, 0xA0, 0x11, 0x31, 0xC2, 0x27, 0x90, + 0x20, 0xF6, 0x60, 0xFF, 0x96, 0x5C, 0xB1, 0xAB, 0x9E, 0x9C, 0x52, 0x1B, + 0x5F, 0x93, 0x0A, 0xEF, 0x91, 0x85, 0x49, 0xEE, 0x2D, 0x4F, 0x8F, 0x3B, + 0x47, 0x87, 0x6D, 0x46, 0xD6, 0x3E, 0x69, 0x64, 0x2A, 0xCE, 0xCB, 0x2F, + 0xFC, 0x97, 0x05, 0x7A, 0xAC, 0x7F, 0xD5, 0x1A, 0x4B, 0x0E, 0xA7, 0x5A, + 0x28, 0x14, 0x3F, 0x29, 0x88, 0x3C, 0x4C, 0x02, 0xB8, 0xDA, 0xB0, 0x17, + 0x55, 0x1F, 0x8A, 0x7D, 0x57, 0xC7, 0x8D, 0x74, 0xB7, 0xC4, 0x9F, 0x72, + 0x7E, 0x15, 0x22, 0x12, 0x58, 0x07, 0x99, 0x34, 0x6E, 0x50, 0xDE, 0x68, + 0x65, 0xBC, 0xDB, 0xF8, 0xC8, 0xA8, 0x2B, 0x40, 0xDC, 0xFE, 0x32, 0xA4, + 0xCA, 0x10, 0x21, 0xF0, 0xD3, 0x5D, 0x0F, 0x00, 0x6F, 0x9D, 0x36, 0x42, + 0x4A, 0x5E, 0xC1, 0xE0 }; + +const byte Twofish::Q1[256] = { + 0x75, 0xF3, 0xC6, 0xF4, 0xDB, 0x7B, 0xFB, 0xC8, 0x4A, 0xD3, 0xE6, 0x6B, + 0x45, 0x7D, 0xE8, 0x4B, 0xD6, 0x32, 0xD8, 0xFD, 0x37, 0x71, 0xF1, 0xE1, + 0x30, 0x0F, 0xF8, 0x1B, 0x87, 0xFA, 0x06, 0x3F, 0x5E, 0xBA, 0xAE, 0x5B, + 0x8A, 0x00, 0xBC, 0x9D, 0x6D, 0xC1, 0xB1, 0x0E, 0x80, 0x5D, 0xD2, 0xD5, + 0xA0, 0x84, 0x07, 0x14, 0xB5, 0x90, 0x2C, 0xA3, 0xB2, 0x73, 0x4C, 0x54, + 0x92, 0x74, 0x36, 0x51, 0x38, 0xB0, 0xBD, 0x5A, 0xFC, 0x60, 0x62, 0x96, + 0x6C, 0x42, 0xF7, 0x10, 0x7C, 0x28, 0x27, 0x8C, 0x13, 0x95, 0x9C, 0xC7, + 0x24, 0x46, 0x3B, 0x70, 0xCA, 0xE3, 0x85, 0xCB, 0x11, 0xD0, 0x93, 0xB8, + 0xA6, 0x83, 0x20, 0xFF, 0x9F, 0x77, 0xC3, 0xCC, 0x03, 0x6F, 0x08, 0xBF, + 0x40, 0xE7, 0x2B, 0xE2, 0x79, 0x0C, 0xAA, 0x82, 0x41, 0x3A, 0xEA, 0xB9, + 0xE4, 0x9A, 0xA4, 0x97, 0x7E, 0xDA, 0x7A, 0x17, 0x66, 0x94, 0xA1, 0x1D, + 0x3D, 0xF0, 0xDE, 0xB3, 0x0B, 0x72, 0xA7, 0x1C, 0xEF, 0xD1, 0x53, 0x3E, + 0x8F, 0x33, 0x26, 0x5F, 0xEC, 0x76, 0x2A, 0x49, 0x81, 0x88, 0xEE, 0x21, + 0xC4, 0x1A, 0xEB, 0xD9, 0xC5, 0x39, 0x99, 0xCD, 0xAD, 0x31, 0x8B, 0x01, + 0x18, 0x23, 0xDD, 0x1F, 0x4E, 0x2D, 0xF9, 0x48, 0x4F, 0xF2, 0x65, 0x8E, + 0x78, 0x5C, 0x58, 0x19, 0x8D, 0xE5, 0x98, 0x57, 0x67, 0x7F, 0x05, 0x64, + 0xAF, 0x63, 0xB6, 0xFE, 0xF5, 0xB7, 0x3C, 0xA5, 0xCE, 0xE9, 0x68, 0x44, + 0xE0, 0x4D, 0x43, 0x69, 0x29, 0x2E, 0xAC, 0x15, 0x59, 0xA8, 0x0A, 0x9E, + 0x6E, 0x47, 0xDF, 0x34, 0x35, 0x6A, 0xCF, 0xDC, 0x22, 0xC9, 0xC0, 0x9B, + 0x89, 0xD4, 0xED, 0xAB, 0x12, 0xA2, 0x0D, 0x52, 0xBB, 0x02, 0x2F, 0xA9, + 0xD7, 0x61, 0x1E, 0xB4, 0x50, 0x04, 0xF6, 0xC2, 0x16, 0x25, 0x86, 0x56, + 0x55, 0x09, 0xBE, 0x91 }; + +const byte Twofish::RS[32] = { + 0x01, 0xA4, 0x02, 0xA4, 0xA4, 0x56, 0xA1, 0x55, 0x55, 0x82, 0xFC, 0x87, + 0x87, 0xF3, 0xC1, 0x5A, 0x5A, 0x1E, 0x47, 0x58, 0x58, 0xC6, 0xAE, 0xDB, + 0xDB, 0x68, 0x3D, 0x9E, 0x9E, 0xE5, 0x19, 0x03 }; + +const byte Twofish::EXP_TO_POLY[255] = { + 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80, 0x4D, 0x9A, 0x79, 0xF2, + 0xA9, 0x1F, 0x3E, 0x7C, 0xF8, 0xBD, 0x37, 0x6E, 0xDC, 0xF5, 0xA7, 0x03, + 0x06, 0x0C, 0x18, 0x30, 0x60, 0xC0, 0xCD, 0xD7, 0xE3, 0x8B, 0x5B, 0xB6, + 0x21, 0x42, 0x84, 0x45, 0x8A, 0x59, 0xB2, 0x29, 0x52, 0xA4, 0x05, 0x0A, + 0x14, 0x28, 0x50, 0xA0, 0x0D, 0x1A, 0x34, 0x68, 0xD0, 0xED, 0x97, 0x63, + 0xC6, 0xC1, 0xCF, 0xD3, 0xEB, 0x9B, 0x7B, 0xF6, 0xA1, 0x0F, 0x1E, 0x3C, + 0x78, 0xF0, 0xAD, 0x17, 0x2E, 0x5C, 0xB8, 0x3D, 0x7A, 0xF4, 0xA5, 0x07, + 0x0E, 0x1C, 0x38, 0x70, 0xE0, 0x8D, 0x57, 0xAE, 0x11, 0x22, 0x44, 0x88, + 0x5D, 0xBA, 0x39, 0x72, 0xE4, 0x85, 0x47, 0x8E, 0x51, 0xA2, 0x09, 0x12, + 0x24, 0x48, 0x90, 0x6D, 0xDA, 0xF9, 0xBF, 0x33, 0x66, 0xCC, 0xD5, 0xE7, + 0x83, 0x4B, 0x96, 0x61, 0xC2, 0xC9, 0xDF, 0xF3, 0xAB, 0x1B, 0x36, 0x6C, + 0xD8, 0xFD, 0xB7, 0x23, 0x46, 0x8C, 0x55, 0xAA, 0x19, 0x32, 0x64, 0xC8, + 0xDD, 0xF7, 0xA3, 0x0B, 0x16, 0x2C, 0x58, 0xB0, 0x2D, 0x5A, 0xB4, 0x25, + 0x4A, 0x94, 0x65, 0xCA, 0xD9, 0xFF, 0xB3, 0x2B, 0x56, 0xAC, 0x15, 0x2A, + 0x54, 0xA8, 0x1D, 0x3A, 0x74, 0xE8, 0x9D, 0x77, 0xEE, 0x91, 0x6F, 0xDE, + 0xF1, 0xAF, 0x13, 0x26, 0x4C, 0x98, 0x7D, 0xFA, 0xB9, 0x3F, 0x7E, 0xFC, + 0xB5, 0x27, 0x4E, 0x9C, 0x75, 0xEA, 0x99, 0x7F, 0xFE, 0xB1, 0x2F, 0x5E, + 0xBC, 0x35, 0x6A, 0xD4, 0xE5, 0x87, 0x43, 0x86, 0x41, 0x82, 0x49, 0x92, + 0x69, 0xD2, 0xE9, 0x9F, 0x73, 0xE6, 0x81, 0x4F, 0x9E, 0x71, 0xE2, 0x89, + 0x5F, 0xBE, 0x31, 0x62, 0xC4, 0xC5, 0xC7, 0xC3, 0xCB, 0xDB, 0xFB, 0xBB, + 0x3B, 0x76, 0xEC, 0x95, 0x67, 0xCE, 0xD1, 0xEF, 0x93, 0x6B, 0xD6, 0xE1, + 0x8F, 0x53, 0xA6 }; + +const byte Twofish::POLY_TO_EXP[255] = { + 0x00, 0x01, 0x17, 0x02, 0x2E, 0x18, 0x53, 0x03, 0x6A, 0x2F, 0x93, 0x19, + 0x34, 0x54, 0x45, 0x04, 0x5C, 0x6B, 0xB6, 0x30, 0xA6, 0x94, 0x4B, 0x1A, + 0x8C, 0x35, 0x81, 0x55, 0xAA, 0x46, 0x0D, 0x05, 0x24, 0x5D, 0x87, 0x6C, + 0x9B, 0xB7, 0xC1, 0x31, 0x2B, 0xA7, 0xA3, 0x95, 0x98, 0x4C, 0xCA, 0x1B, + 0xE6, 0x8D, 0x73, 0x36, 0xCD, 0x82, 0x12, 0x56, 0x62, 0xAB, 0xF0, 0x47, + 0x4F, 0x0E, 0xBD, 0x06, 0xD4, 0x25, 0xD2, 0x5E, 0x27, 0x88, 0x66, 0x6D, + 0xD6, 0x9C, 0x79, 0xB8, 0x08, 0xC2, 0xDF, 0x32, 0x68, 0x2C, 0xFD, 0xA8, + 0x8A, 0xA4, 0x5A, 0x96, 0x29, 0x99, 0x22, 0x4D, 0x60, 0xCB, 0xE4, 0x1C, + 0x7B, 0xE7, 0x3B, 0x8E, 0x9E, 0x74, 0xF4, 0x37, 0xD8, 0xCE, 0xF9, 0x83, + 0x6F, 0x13, 0xB2, 0x57, 0xE1, 0x63, 0xDC, 0xAC, 0xC4, 0xF1, 0xAF, 0x48, + 0x0A, 0x50, 0x42, 0x0F, 0xBA, 0xBE, 0xC7, 0x07, 0xDE, 0xD5, 0x78, 0x26, + 0x65, 0xD3, 0xD1, 0x5F, 0xE3, 0x28, 0x21, 0x89, 0x59, 0x67, 0xFC, 0x6E, + 0xB1, 0xD7, 0xF8, 0x9D, 0xF3, 0x7A, 0x3A, 0xB9, 0xC6, 0x09, 0x41, 0xC3, + 0xAE, 0xE0, 0xDB, 0x33, 0x44, 0x69, 0x92, 0x2D, 0x52, 0xFE, 0x16, 0xA9, + 0x0C, 0x8B, 0x80, 0xA5, 0x4A, 0x5B, 0xB5, 0x97, 0xC9, 0x2A, 0xA2, 0x9A, + 0xC0, 0x23, 0x86, 0x4E, 0xBC, 0x61, 0xEF, 0xCC, 0x11, 0xE5, 0x72, 0x1D, + 0x3D, 0x7C, 0xEB, 0xE8, 0xE9, 0x3C, 0xEA, 0x8F, 0x7D, 0x9F, 0xEC, 0x75, + 0x1E, 0xF5, 0x3E, 0x38, 0xF6, 0xD9, 0x3F, 0xCF, 0x76, 0xFA, 0x1F, 0x84, + 0xA0, 0x70, 0xED, 0x14, 0x90, 0xB3, 0x7E, 0x58, 0xFB, 0xE2, 0x20, 0x64, + 0xD0, 0xDD, 0x77, 0xAD, 0xDA, 0xC5, 0x40, 0xF2, 0x39, 0xB0, 0xF7, 0x49, + 0xB4, 0x0B, 0x7F, 0x51, 0x15, 0x43, 0x91, 0x10, 0x71, 0xBB, 0xEE, 0xBF, + 0x85, 0xC8, 0xA1 }; + +const u32bit Twofish::MDS0[256] = { + 0xBCBC3275, 0xECEC21F3, 0x202043C6, 0xB3B3C9F4, 0xDADA03DB, 0x02028B7B, + 0xE2E22BFB, 0x9E9EFAC8, 0xC9C9EC4A, 0xD4D409D3, 0x18186BE6, 0x1E1E9F6B, + 0x98980E45, 0xB2B2387D, 0xA6A6D2E8, 0x2626B74B, 0x3C3C57D6, 0x93938A32, + 0x8282EED8, 0x525298FD, 0x7B7BD437, 0xBBBB3771, 0x5B5B97F1, 0x474783E1, + 0x24243C30, 0x5151E20F, 0xBABAC6F8, 0x4A4AF31B, 0xBFBF4887, 0x0D0D70FA, + 0xB0B0B306, 0x7575DE3F, 0xD2D2FD5E, 0x7D7D20BA, 0x666631AE, 0x3A3AA35B, + 0x59591C8A, 0x00000000, 0xCDCD93BC, 0x1A1AE09D, 0xAEAE2C6D, 0x7F7FABC1, + 0x2B2BC7B1, 0xBEBEB90E, 0xE0E0A080, 0x8A8A105D, 0x3B3B52D2, 0x6464BAD5, + 0xD8D888A0, 0xE7E7A584, 0x5F5FE807, 0x1B1B1114, 0x2C2CC2B5, 0xFCFCB490, + 0x3131272C, 0x808065A3, 0x73732AB2, 0x0C0C8173, 0x79795F4C, 0x6B6B4154, + 0x4B4B0292, 0x53536974, 0x94948F36, 0x83831F51, 0x2A2A3638, 0xC4C49CB0, + 0x2222C8BD, 0xD5D5F85A, 0xBDBDC3FC, 0x48487860, 0xFFFFCE62, 0x4C4C0796, + 0x4141776C, 0xC7C7E642, 0xEBEB24F7, 0x1C1C1410, 0x5D5D637C, 0x36362228, + 0x6767C027, 0xE9E9AF8C, 0x4444F913, 0x1414EA95, 0xF5F5BB9C, 0xCFCF18C7, + 0x3F3F2D24, 0xC0C0E346, 0x7272DB3B, 0x54546C70, 0x29294CCA, 0xF0F035E3, + 0x0808FE85, 0xC6C617CB, 0xF3F34F11, 0x8C8CE4D0, 0xA4A45993, 0xCACA96B8, + 0x68683BA6, 0xB8B84D83, 0x38382820, 0xE5E52EFF, 0xADAD569F, 0x0B0B8477, + 0xC8C81DC3, 0x9999FFCC, 0x5858ED03, 0x19199A6F, 0x0E0E0A08, 0x95957EBF, + 0x70705040, 0xF7F730E7, 0x6E6ECF2B, 0x1F1F6EE2, 0xB5B53D79, 0x09090F0C, + 0x616134AA, 0x57571682, 0x9F9F0B41, 0x9D9D803A, 0x111164EA, 0x2525CDB9, + 0xAFAFDDE4, 0x4545089A, 0xDFDF8DA4, 0xA3A35C97, 0xEAEAD57E, 0x353558DA, + 0xEDEDD07A, 0x4343FC17, 0xF8F8CB66, 0xFBFBB194, 0x3737D3A1, 0xFAFA401D, + 0xC2C2683D, 0xB4B4CCF0, 0x32325DDE, 0x9C9C71B3, 0x5656E70B, 0xE3E3DA72, + 0x878760A7, 0x15151B1C, 0xF9F93AEF, 0x6363BFD1, 0x3434A953, 0x9A9A853E, + 0xB1B1428F, 0x7C7CD133, 0x88889B26, 0x3D3DA65F, 0xA1A1D7EC, 0xE4E4DF76, + 0x8181942A, 0x91910149, 0x0F0FFB81, 0xEEEEAA88, 0x161661EE, 0xD7D77321, + 0x9797F5C4, 0xA5A5A81A, 0xFEFE3FEB, 0x6D6DB5D9, 0x7878AEC5, 0xC5C56D39, + 0x1D1DE599, 0x7676A4CD, 0x3E3EDCAD, 0xCBCB6731, 0xB6B6478B, 0xEFEF5B01, + 0x12121E18, 0x6060C523, 0x6A6AB0DD, 0x4D4DF61F, 0xCECEE94E, 0xDEDE7C2D, + 0x55559DF9, 0x7E7E5A48, 0x2121B24F, 0x03037AF2, 0xA0A02665, 0x5E5E198E, + 0x5A5A6678, 0x65654B5C, 0x62624E58, 0xFDFD4519, 0x0606F48D, 0x404086E5, + 0xF2F2BE98, 0x3333AC57, 0x17179067, 0x05058E7F, 0xE8E85E05, 0x4F4F7D64, + 0x89896AAF, 0x10109563, 0x74742FB6, 0x0A0A75FE, 0x5C5C92F5, 0x9B9B74B7, + 0x2D2D333C, 0x3030D6A5, 0x2E2E49CE, 0x494989E9, 0x46467268, 0x77775544, + 0xA8A8D8E0, 0x9696044D, 0x2828BD43, 0xA9A92969, 0xD9D97929, 0x8686912E, + 0xD1D187AC, 0xF4F44A15, 0x8D8D1559, 0xD6D682A8, 0xB9B9BC0A, 0x42420D9E, + 0xF6F6C16E, 0x2F2FB847, 0xDDDD06DF, 0x23233934, 0xCCCC6235, 0xF1F1C46A, + 0xC1C112CF, 0x8585EBDC, 0x8F8F9E22, 0x7171A1C9, 0x9090F0C0, 0xAAAA539B, + 0x0101F189, 0x8B8BE1D4, 0x4E4E8CED, 0x8E8E6FAB, 0xABABA212, 0x6F6F3EA2, + 0xE6E6540D, 0xDBDBF252, 0x92927BBB, 0xB7B7B602, 0x6969CA2F, 0x3939D9A9, + 0xD3D30CD7, 0xA7A72361, 0xA2A2AD1E, 0xC3C399B4, 0x6C6C4450, 0x07070504, + 0x04047FF6, 0x272746C2, 0xACACA716, 0xD0D07625, 0x50501386, 0xDCDCF756, + 0x84841A55, 0xE1E15109, 0x7A7A25BE, 0x1313EF91 }; + +const u32bit Twofish::MDS1[256] = { + 0xA9D93939, 0x67901717, 0xB3719C9C, 0xE8D2A6A6, 0x04050707, 0xFD985252, + 0xA3658080, 0x76DFE4E4, 0x9A084545, 0x92024B4B, 0x80A0E0E0, 0x78665A5A, + 0xE4DDAFAF, 0xDDB06A6A, 0xD1BF6363, 0x38362A2A, 0x0D54E6E6, 0xC6432020, + 0x3562CCCC, 0x98BEF2F2, 0x181E1212, 0xF724EBEB, 0xECD7A1A1, 0x6C774141, + 0x43BD2828, 0x7532BCBC, 0x37D47B7B, 0x269B8888, 0xFA700D0D, 0x13F94444, + 0x94B1FBFB, 0x485A7E7E, 0xF27A0303, 0xD0E48C8C, 0x8B47B6B6, 0x303C2424, + 0x84A5E7E7, 0x54416B6B, 0xDF06DDDD, 0x23C56060, 0x1945FDFD, 0x5BA33A3A, + 0x3D68C2C2, 0x59158D8D, 0xF321ECEC, 0xAE316666, 0xA23E6F6F, 0x82165757, + 0x63951010, 0x015BEFEF, 0x834DB8B8, 0x2E918686, 0xD9B56D6D, 0x511F8383, + 0x9B53AAAA, 0x7C635D5D, 0xA63B6868, 0xEB3FFEFE, 0xA5D63030, 0xBE257A7A, + 0x16A7ACAC, 0x0C0F0909, 0xE335F0F0, 0x6123A7A7, 0xC0F09090, 0x8CAFE9E9, + 0x3A809D9D, 0xF5925C5C, 0x73810C0C, 0x2C273131, 0x2576D0D0, 0x0BE75656, + 0xBB7B9292, 0x4EE9CECE, 0x89F10101, 0x6B9F1E1E, 0x53A93434, 0x6AC4F1F1, + 0xB499C3C3, 0xF1975B5B, 0xE1834747, 0xE66B1818, 0xBDC82222, 0x450E9898, + 0xE26E1F1F, 0xF4C9B3B3, 0xB62F7474, 0x66CBF8F8, 0xCCFF9999, 0x95EA1414, + 0x03ED5858, 0x56F7DCDC, 0xD4E18B8B, 0x1C1B1515, 0x1EADA2A2, 0xD70CD3D3, + 0xFB2BE2E2, 0xC31DC8C8, 0x8E195E5E, 0xB5C22C2C, 0xE9894949, 0xCF12C1C1, + 0xBF7E9595, 0xBA207D7D, 0xEA641111, 0x77840B0B, 0x396DC5C5, 0xAF6A8989, + 0x33D17C7C, 0xC9A17171, 0x62CEFFFF, 0x7137BBBB, 0x81FB0F0F, 0x793DB5B5, + 0x0951E1E1, 0xADDC3E3E, 0x242D3F3F, 0xCDA47676, 0xF99D5555, 0xD8EE8282, + 0xE5864040, 0xC5AE7878, 0xB9CD2525, 0x4D049696, 0x44557777, 0x080A0E0E, + 0x86135050, 0xE730F7F7, 0xA1D33737, 0x1D40FAFA, 0xAA346161, 0xED8C4E4E, + 0x06B3B0B0, 0x706C5454, 0xB22A7373, 0xD2523B3B, 0x410B9F9F, 0x7B8B0202, + 0xA088D8D8, 0x114FF3F3, 0x3167CBCB, 0xC2462727, 0x27C06767, 0x90B4FCFC, + 0x20283838, 0xF67F0404, 0x60784848, 0xFF2EE5E5, 0x96074C4C, 0x5C4B6565, + 0xB1C72B2B, 0xAB6F8E8E, 0x9E0D4242, 0x9CBBF5F5, 0x52F2DBDB, 0x1BF34A4A, + 0x5FA63D3D, 0x9359A4A4, 0x0ABCB9B9, 0xEF3AF9F9, 0x91EF1313, 0x85FE0808, + 0x49019191, 0xEE611616, 0x2D7CDEDE, 0x4FB22121, 0x8F42B1B1, 0x3BDB7272, + 0x47B82F2F, 0x8748BFBF, 0x6D2CAEAE, 0x46E3C0C0, 0xD6573C3C, 0x3E859A9A, + 0x6929A9A9, 0x647D4F4F, 0x2A948181, 0xCE492E2E, 0xCB17C6C6, 0x2FCA6969, + 0xFCC3BDBD, 0x975CA3A3, 0x055EE8E8, 0x7AD0EDED, 0xAC87D1D1, 0x7F8E0505, + 0xD5BA6464, 0x1AA8A5A5, 0x4BB72626, 0x0EB9BEBE, 0xA7608787, 0x5AF8D5D5, + 0x28223636, 0x14111B1B, 0x3FDE7575, 0x2979D9D9, 0x88AAEEEE, 0x3C332D2D, + 0x4C5F7979, 0x02B6B7B7, 0xB896CACA, 0xDA583535, 0xB09CC4C4, 0x17FC4343, + 0x551A8484, 0x1FF64D4D, 0x8A1C5959, 0x7D38B2B2, 0x57AC3333, 0xC718CFCF, + 0x8DF40606, 0x74695353, 0xB7749B9B, 0xC4F59797, 0x9F56ADAD, 0x72DAE3E3, + 0x7ED5EAEA, 0x154AF4F4, 0x229E8F8F, 0x12A2ABAB, 0x584E6262, 0x07E85F5F, + 0x99E51D1D, 0x34392323, 0x6EC1F6F6, 0x50446C6C, 0xDE5D3232, 0x68724646, + 0x6526A0A0, 0xBC93CDCD, 0xDB03DADA, 0xF8C6BABA, 0xC8FA9E9E, 0xA882D6D6, + 0x2BCF6E6E, 0x40507070, 0xDCEB8585, 0xFE750A0A, 0x328A9393, 0xA48DDFDF, + 0xCA4C2929, 0x10141C1C, 0x2173D7D7, 0xF0CCB4B4, 0xD309D4D4, 0x5D108A8A, + 0x0FE25151, 0x00000000, 0x6F9A1919, 0x9DE01A1A, 0x368F9494, 0x42E6C7C7, + 0x4AECC9C9, 0x5EFDD2D2, 0xC1AB7F7F, 0xE0D8A8A8 }; + +const u32bit Twofish::MDS2[256] = { + 0xBC75BC32, 0xECF3EC21, 0x20C62043, 0xB3F4B3C9, 0xDADBDA03, 0x027B028B, + 0xE2FBE22B, 0x9EC89EFA, 0xC94AC9EC, 0xD4D3D409, 0x18E6186B, 0x1E6B1E9F, + 0x9845980E, 0xB27DB238, 0xA6E8A6D2, 0x264B26B7, 0x3CD63C57, 0x9332938A, + 0x82D882EE, 0x52FD5298, 0x7B377BD4, 0xBB71BB37, 0x5BF15B97, 0x47E14783, + 0x2430243C, 0x510F51E2, 0xBAF8BAC6, 0x4A1B4AF3, 0xBF87BF48, 0x0DFA0D70, + 0xB006B0B3, 0x753F75DE, 0xD25ED2FD, 0x7DBA7D20, 0x66AE6631, 0x3A5B3AA3, + 0x598A591C, 0x00000000, 0xCDBCCD93, 0x1A9D1AE0, 0xAE6DAE2C, 0x7FC17FAB, + 0x2BB12BC7, 0xBE0EBEB9, 0xE080E0A0, 0x8A5D8A10, 0x3BD23B52, 0x64D564BA, + 0xD8A0D888, 0xE784E7A5, 0x5F075FE8, 0x1B141B11, 0x2CB52CC2, 0xFC90FCB4, + 0x312C3127, 0x80A38065, 0x73B2732A, 0x0C730C81, 0x794C795F, 0x6B546B41, + 0x4B924B02, 0x53745369, 0x9436948F, 0x8351831F, 0x2A382A36, 0xC4B0C49C, + 0x22BD22C8, 0xD55AD5F8, 0xBDFCBDC3, 0x48604878, 0xFF62FFCE, 0x4C964C07, + 0x416C4177, 0xC742C7E6, 0xEBF7EB24, 0x1C101C14, 0x5D7C5D63, 0x36283622, + 0x672767C0, 0xE98CE9AF, 0x441344F9, 0x149514EA, 0xF59CF5BB, 0xCFC7CF18, + 0x3F243F2D, 0xC046C0E3, 0x723B72DB, 0x5470546C, 0x29CA294C, 0xF0E3F035, + 0x088508FE, 0xC6CBC617, 0xF311F34F, 0x8CD08CE4, 0xA493A459, 0xCAB8CA96, + 0x68A6683B, 0xB883B84D, 0x38203828, 0xE5FFE52E, 0xAD9FAD56, 0x0B770B84, + 0xC8C3C81D, 0x99CC99FF, 0x580358ED, 0x196F199A, 0x0E080E0A, 0x95BF957E, + 0x70407050, 0xF7E7F730, 0x6E2B6ECF, 0x1FE21F6E, 0xB579B53D, 0x090C090F, + 0x61AA6134, 0x57825716, 0x9F419F0B, 0x9D3A9D80, 0x11EA1164, 0x25B925CD, + 0xAFE4AFDD, 0x459A4508, 0xDFA4DF8D, 0xA397A35C, 0xEA7EEAD5, 0x35DA3558, + 0xED7AEDD0, 0x431743FC, 0xF866F8CB, 0xFB94FBB1, 0x37A137D3, 0xFA1DFA40, + 0xC23DC268, 0xB4F0B4CC, 0x32DE325D, 0x9CB39C71, 0x560B56E7, 0xE372E3DA, + 0x87A78760, 0x151C151B, 0xF9EFF93A, 0x63D163BF, 0x345334A9, 0x9A3E9A85, + 0xB18FB142, 0x7C337CD1, 0x8826889B, 0x3D5F3DA6, 0xA1ECA1D7, 0xE476E4DF, + 0x812A8194, 0x91499101, 0x0F810FFB, 0xEE88EEAA, 0x16EE1661, 0xD721D773, + 0x97C497F5, 0xA51AA5A8, 0xFEEBFE3F, 0x6DD96DB5, 0x78C578AE, 0xC539C56D, + 0x1D991DE5, 0x76CD76A4, 0x3EAD3EDC, 0xCB31CB67, 0xB68BB647, 0xEF01EF5B, + 0x1218121E, 0x602360C5, 0x6ADD6AB0, 0x4D1F4DF6, 0xCE4ECEE9, 0xDE2DDE7C, + 0x55F9559D, 0x7E487E5A, 0x214F21B2, 0x03F2037A, 0xA065A026, 0x5E8E5E19, + 0x5A785A66, 0x655C654B, 0x6258624E, 0xFD19FD45, 0x068D06F4, 0x40E54086, + 0xF298F2BE, 0x335733AC, 0x17671790, 0x057F058E, 0xE805E85E, 0x4F644F7D, + 0x89AF896A, 0x10631095, 0x74B6742F, 0x0AFE0A75, 0x5CF55C92, 0x9BB79B74, + 0x2D3C2D33, 0x30A530D6, 0x2ECE2E49, 0x49E94989, 0x46684672, 0x77447755, + 0xA8E0A8D8, 0x964D9604, 0x284328BD, 0xA969A929, 0xD929D979, 0x862E8691, + 0xD1ACD187, 0xF415F44A, 0x8D598D15, 0xD6A8D682, 0xB90AB9BC, 0x429E420D, + 0xF66EF6C1, 0x2F472FB8, 0xDDDFDD06, 0x23342339, 0xCC35CC62, 0xF16AF1C4, + 0xC1CFC112, 0x85DC85EB, 0x8F228F9E, 0x71C971A1, 0x90C090F0, 0xAA9BAA53, + 0x018901F1, 0x8BD48BE1, 0x4EED4E8C, 0x8EAB8E6F, 0xAB12ABA2, 0x6FA26F3E, + 0xE60DE654, 0xDB52DBF2, 0x92BB927B, 0xB702B7B6, 0x692F69CA, 0x39A939D9, + 0xD3D7D30C, 0xA761A723, 0xA21EA2AD, 0xC3B4C399, 0x6C506C44, 0x07040705, + 0x04F6047F, 0x27C22746, 0xAC16ACA7, 0xD025D076, 0x50865013, 0xDC56DCF7, + 0x8455841A, 0xE109E151, 0x7ABE7A25, 0x139113EF }; + +const u32bit Twofish::MDS3[256] = { + 0xD939A9D9, 0x90176790, 0x719CB371, 0xD2A6E8D2, 0x05070405, 0x9852FD98, + 0x6580A365, 0xDFE476DF, 0x08459A08, 0x024B9202, 0xA0E080A0, 0x665A7866, + 0xDDAFE4DD, 0xB06ADDB0, 0xBF63D1BF, 0x362A3836, 0x54E60D54, 0x4320C643, + 0x62CC3562, 0xBEF298BE, 0x1E12181E, 0x24EBF724, 0xD7A1ECD7, 0x77416C77, + 0xBD2843BD, 0x32BC7532, 0xD47B37D4, 0x9B88269B, 0x700DFA70, 0xF94413F9, + 0xB1FB94B1, 0x5A7E485A, 0x7A03F27A, 0xE48CD0E4, 0x47B68B47, 0x3C24303C, + 0xA5E784A5, 0x416B5441, 0x06DDDF06, 0xC56023C5, 0x45FD1945, 0xA33A5BA3, + 0x68C23D68, 0x158D5915, 0x21ECF321, 0x3166AE31, 0x3E6FA23E, 0x16578216, + 0x95106395, 0x5BEF015B, 0x4DB8834D, 0x91862E91, 0xB56DD9B5, 0x1F83511F, + 0x53AA9B53, 0x635D7C63, 0x3B68A63B, 0x3FFEEB3F, 0xD630A5D6, 0x257ABE25, + 0xA7AC16A7, 0x0F090C0F, 0x35F0E335, 0x23A76123, 0xF090C0F0, 0xAFE98CAF, + 0x809D3A80, 0x925CF592, 0x810C7381, 0x27312C27, 0x76D02576, 0xE7560BE7, + 0x7B92BB7B, 0xE9CE4EE9, 0xF10189F1, 0x9F1E6B9F, 0xA93453A9, 0xC4F16AC4, + 0x99C3B499, 0x975BF197, 0x8347E183, 0x6B18E66B, 0xC822BDC8, 0x0E98450E, + 0x6E1FE26E, 0xC9B3F4C9, 0x2F74B62F, 0xCBF866CB, 0xFF99CCFF, 0xEA1495EA, + 0xED5803ED, 0xF7DC56F7, 0xE18BD4E1, 0x1B151C1B, 0xADA21EAD, 0x0CD3D70C, + 0x2BE2FB2B, 0x1DC8C31D, 0x195E8E19, 0xC22CB5C2, 0x8949E989, 0x12C1CF12, + 0x7E95BF7E, 0x207DBA20, 0x6411EA64, 0x840B7784, 0x6DC5396D, 0x6A89AF6A, + 0xD17C33D1, 0xA171C9A1, 0xCEFF62CE, 0x37BB7137, 0xFB0F81FB, 0x3DB5793D, + 0x51E10951, 0xDC3EADDC, 0x2D3F242D, 0xA476CDA4, 0x9D55F99D, 0xEE82D8EE, + 0x8640E586, 0xAE78C5AE, 0xCD25B9CD, 0x04964D04, 0x55774455, 0x0A0E080A, + 0x13508613, 0x30F7E730, 0xD337A1D3, 0x40FA1D40, 0x3461AA34, 0x8C4EED8C, + 0xB3B006B3, 0x6C54706C, 0x2A73B22A, 0x523BD252, 0x0B9F410B, 0x8B027B8B, + 0x88D8A088, 0x4FF3114F, 0x67CB3167, 0x4627C246, 0xC06727C0, 0xB4FC90B4, + 0x28382028, 0x7F04F67F, 0x78486078, 0x2EE5FF2E, 0x074C9607, 0x4B655C4B, + 0xC72BB1C7, 0x6F8EAB6F, 0x0D429E0D, 0xBBF59CBB, 0xF2DB52F2, 0xF34A1BF3, + 0xA63D5FA6, 0x59A49359, 0xBCB90ABC, 0x3AF9EF3A, 0xEF1391EF, 0xFE0885FE, + 0x01914901, 0x6116EE61, 0x7CDE2D7C, 0xB2214FB2, 0x42B18F42, 0xDB723BDB, + 0xB82F47B8, 0x48BF8748, 0x2CAE6D2C, 0xE3C046E3, 0x573CD657, 0x859A3E85, + 0x29A96929, 0x7D4F647D, 0x94812A94, 0x492ECE49, 0x17C6CB17, 0xCA692FCA, + 0xC3BDFCC3, 0x5CA3975C, 0x5EE8055E, 0xD0ED7AD0, 0x87D1AC87, 0x8E057F8E, + 0xBA64D5BA, 0xA8A51AA8, 0xB7264BB7, 0xB9BE0EB9, 0x6087A760, 0xF8D55AF8, + 0x22362822, 0x111B1411, 0xDE753FDE, 0x79D92979, 0xAAEE88AA, 0x332D3C33, + 0x5F794C5F, 0xB6B702B6, 0x96CAB896, 0x5835DA58, 0x9CC4B09C, 0xFC4317FC, + 0x1A84551A, 0xF64D1FF6, 0x1C598A1C, 0x38B27D38, 0xAC3357AC, 0x18CFC718, + 0xF4068DF4, 0x69537469, 0x749BB774, 0xF597C4F5, 0x56AD9F56, 0xDAE372DA, + 0xD5EA7ED5, 0x4AF4154A, 0x9E8F229E, 0xA2AB12A2, 0x4E62584E, 0xE85F07E8, + 0xE51D99E5, 0x39233439, 0xC1F66EC1, 0x446C5044, 0x5D32DE5D, 0x72466872, + 0x26A06526, 0x93CDBC93, 0x03DADB03, 0xC6BAF8C6, 0xFA9EC8FA, 0x82D6A882, + 0xCF6E2BCF, 0x50704050, 0xEB85DCEB, 0x750AFE75, 0x8A93328A, 0x8DDFA48D, + 0x4C29CA4C, 0x141C1014, 0x73D72173, 0xCCB4F0CC, 0x09D4D309, 0x108A5D10, + 0xE2510FE2, 0x00000000, 0x9A196F9A, 0xE01A9DE0, 0x8F94368F, 0xE6C742E6, + 0xECC94AEC, 0xFDD25EFD, 0xAB7FC1AB, 0xD8A8E0D8 }; + +} diff --git a/src/cipher/twofish/twofish.cpp b/src/cipher/twofish/twofish.cpp new file mode 100644 index 000000000..b2357e347 --- /dev/null +++ b/src/cipher/twofish/twofish.cpp @@ -0,0 +1,216 @@ +/************************************************* +* Twofish Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/twofish.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +/************************************************* +* Twofish Encryption * +*************************************************/ +void Twofish::enc(const byte in[], byte out[]) const + { + u32bit A = load_le<u32bit>(in, 0) ^ round_key[0]; + u32bit B = load_le<u32bit>(in, 1) ^ round_key[1]; + u32bit C = load_le<u32bit>(in, 2) ^ round_key[2]; + u32bit D = load_le<u32bit>(in, 3) ^ round_key[3]; + + for(u32bit j = 0; j != 16; j += 2) + { + u32bit X, Y; + + X = SBox0[get_byte(3, A)] ^ SBox1[get_byte(2, A)] ^ + SBox2[get_byte(1, A)] ^ SBox3[get_byte(0, A)]; + Y = SBox0[get_byte(0, B)] ^ SBox1[get_byte(3, B)] ^ + SBox2[get_byte(2, B)] ^ SBox3[get_byte(1, B)]; + X += Y; + Y += X + round_key[2*j + 9]; + X += round_key[2*j + 8]; + + C = rotate_right(C ^ X, 1); + D = rotate_left(D, 1) ^ Y; + + X = SBox0[get_byte(3, C)] ^ SBox1[get_byte(2, C)] ^ + SBox2[get_byte(1, C)] ^ SBox3[get_byte(0, C)]; + Y = SBox0[get_byte(0, D)] ^ SBox1[get_byte(3, D)] ^ + SBox2[get_byte(2, D)] ^ SBox3[get_byte(1, D)]; + X += Y; + Y += X + round_key[2*j + 11]; + X += round_key[2*j + 10]; + + A = rotate_right(A ^ X, 1); + B = rotate_left(B, 1) ^ Y; + } + + C ^= round_key[4]; + D ^= round_key[5]; + A ^= round_key[6]; + B ^= round_key[7]; + + store_le(out, C, D, A, B); + } + +/************************************************* +* Twofish Decryption * +*************************************************/ +void Twofish::dec(const byte in[], byte out[]) const + { + u32bit A = load_le<u32bit>(in, 0) ^ round_key[4]; + u32bit B = load_le<u32bit>(in, 1) ^ round_key[5]; + u32bit C = load_le<u32bit>(in, 2) ^ round_key[6]; + u32bit D = load_le<u32bit>(in, 3) ^ round_key[7]; + + for(u32bit j = 0; j != 16; j += 2) + { + u32bit X, Y; + + X = SBox0[get_byte(3, A)] ^ SBox1[get_byte(2, A)] ^ + SBox2[get_byte(1, A)] ^ SBox3[get_byte(0, A)]; + Y = SBox0[get_byte(0, B)] ^ SBox1[get_byte(3, B)] ^ + SBox2[get_byte(2, B)] ^ SBox3[get_byte(1, B)]; + X += Y; + Y += X + round_key[39 - 2*j]; + X += round_key[38 - 2*j]; + + C = rotate_left(C, 1) ^ X; + D = rotate_right(D ^ Y, 1); + + X = SBox0[get_byte(3, C)] ^ SBox1[get_byte(2, C)] ^ + SBox2[get_byte(1, C)] ^ SBox3[get_byte(0, C)]; + Y = SBox0[get_byte(0, D)] ^ SBox1[get_byte(3, D)] ^ + SBox2[get_byte(2, D)] ^ SBox3[get_byte(1, D)]; + X += Y; + Y += X + round_key[37 - 2*j]; + X += round_key[36 - 2*j]; + + A = rotate_left(A, 1) ^ X; + B = rotate_right(B ^ Y, 1); + } + + C ^= round_key[0]; + D ^= round_key[1]; + A ^= round_key[2]; + B ^= round_key[3]; + + store_le(out, C, D, A, B); + } + +/************************************************* +* Twofish Key Schedule * +*************************************************/ +void Twofish::key(const byte key[], u32bit length) + { + SecureBuffer<byte, 16> S; + + for(u32bit j = 0; j != length; ++j) + rs_mul(S + 4*(j/8), key[j], j); + + if(length == 16) + { + for(u32bit j = 0; j != 256; ++j) + { + SBox0[j] = MDS0[Q0[Q0[j]^S[ 0]]^S[ 4]]; + SBox1[j] = MDS1[Q0[Q1[j]^S[ 1]]^S[ 5]]; + SBox2[j] = MDS2[Q1[Q0[j]^S[ 2]]^S[ 6]]; + SBox3[j] = MDS3[Q1[Q1[j]^S[ 3]]^S[ 7]]; + } + for(u32bit j = 0; j != 40; j += 2) + { + u32bit X = MDS0[Q0[Q0[j ]^key[ 8]]^key[ 0]] ^ + MDS1[Q0[Q1[j ]^key[ 9]]^key[ 1]] ^ + MDS2[Q1[Q0[j ]^key[10]]^key[ 2]] ^ + MDS3[Q1[Q1[j ]^key[11]]^key[ 3]]; + u32bit Y = MDS0[Q0[Q0[j+1]^key[12]]^key[ 4]] ^ + MDS1[Q0[Q1[j+1]^key[13]]^key[ 5]] ^ + MDS2[Q1[Q0[j+1]^key[14]]^key[ 6]] ^ + MDS3[Q1[Q1[j+1]^key[15]]^key[ 7]]; + Y = rotate_left(Y, 8); X += Y; Y += X; + round_key[j] = X; round_key[j+1] = rotate_left(Y, 9); + } + } + else if(length == 24) + { + for(u32bit j = 0; j != 256; ++j) + { + SBox0[j] = MDS0[Q0[Q0[Q1[j]^S[ 0]]^S[ 4]]^S[ 8]]; + SBox1[j] = MDS1[Q0[Q1[Q1[j]^S[ 1]]^S[ 5]]^S[ 9]]; + SBox2[j] = MDS2[Q1[Q0[Q0[j]^S[ 2]]^S[ 6]]^S[10]]; + SBox3[j] = MDS3[Q1[Q1[Q0[j]^S[ 3]]^S[ 7]]^S[11]]; + } + for(u32bit j = 0; j != 40; j += 2) + { + u32bit X = MDS0[Q0[Q0[Q1[j ]^key[16]]^key[ 8]]^key[ 0]] ^ + MDS1[Q0[Q1[Q1[j ]^key[17]]^key[ 9]]^key[ 1]] ^ + MDS2[Q1[Q0[Q0[j ]^key[18]]^key[10]]^key[ 2]] ^ + MDS3[Q1[Q1[Q0[j ]^key[19]]^key[11]]^key[ 3]]; + u32bit Y = MDS0[Q0[Q0[Q1[j+1]^key[20]]^key[12]]^key[ 4]] ^ + MDS1[Q0[Q1[Q1[j+1]^key[21]]^key[13]]^key[ 5]] ^ + MDS2[Q1[Q0[Q0[j+1]^key[22]]^key[14]]^key[ 6]] ^ + MDS3[Q1[Q1[Q0[j+1]^key[23]]^key[15]]^key[ 7]]; + Y = rotate_left(Y, 8); X += Y; Y += X; + round_key[j] = X; round_key[j+1] = rotate_left(Y, 9); + } + } + else if(length == 32) + { + for(u32bit j = 0; j != 256; ++j) + { + SBox0[j] = MDS0[Q0[Q0[Q1[Q1[j]^S[ 0]]^S[ 4]]^S[ 8]]^S[12]]; + SBox1[j] = MDS1[Q0[Q1[Q1[Q0[j]^S[ 1]]^S[ 5]]^S[ 9]]^S[13]]; + SBox2[j] = MDS2[Q1[Q0[Q0[Q0[j]^S[ 2]]^S[ 6]]^S[10]]^S[14]]; + SBox3[j] = MDS3[Q1[Q1[Q0[Q1[j]^S[ 3]]^S[ 7]]^S[11]]^S[15]]; + } + for(u32bit j = 0; j != 40; j += 2) + { + u32bit X = MDS0[Q0[Q0[Q1[Q1[j ]^key[24]]^key[16]]^key[ 8]]^key[ 0]] ^ + MDS1[Q0[Q1[Q1[Q0[j ]^key[25]]^key[17]]^key[ 9]]^key[ 1]] ^ + MDS2[Q1[Q0[Q0[Q0[j ]^key[26]]^key[18]]^key[10]]^key[ 2]] ^ + MDS3[Q1[Q1[Q0[Q1[j ]^key[27]]^key[19]]^key[11]]^key[ 3]]; + u32bit Y = MDS0[Q0[Q0[Q1[Q1[j+1]^key[28]]^key[20]]^key[12]]^key[ 4]] ^ + MDS1[Q0[Q1[Q1[Q0[j+1]^key[29]]^key[21]]^key[13]]^key[ 5]] ^ + MDS2[Q1[Q0[Q0[Q0[j+1]^key[30]]^key[22]]^key[14]]^key[ 6]] ^ + MDS3[Q1[Q1[Q0[Q1[j+1]^key[31]]^key[23]]^key[15]]^key[ 7]]; + Y = rotate_left(Y, 8); X += Y; Y += X; + round_key[j] = X; round_key[j+1] = rotate_left(Y, 9); + } + } + } + +/************************************************* +* Do one column of the RS matrix multiplcation * +*************************************************/ +void Twofish::rs_mul(byte S[4], byte key, u32bit offset) + { + if(key) + { + byte X = POLY_TO_EXP[key - 1]; + + byte RS1 = RS[(4*offset ) % 32]; + byte RS2 = RS[(4*offset+1) % 32]; + byte RS3 = RS[(4*offset+2) % 32]; + byte RS4 = RS[(4*offset+3) % 32]; + + S[0] ^= EXP_TO_POLY[(X + POLY_TO_EXP[RS1 - 1]) % 255]; + S[1] ^= EXP_TO_POLY[(X + POLY_TO_EXP[RS2 - 1]) % 255]; + S[2] ^= EXP_TO_POLY[(X + POLY_TO_EXP[RS3 - 1]) % 255]; + S[3] ^= EXP_TO_POLY[(X + POLY_TO_EXP[RS4 - 1]) % 255]; + } + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void Twofish::clear() throw() + { + SBox0.clear(); + SBox1.clear(); + SBox2.clear(); + SBox3.clear(); + round_key.clear(); + } + +} diff --git a/src/cipher/twofish/twofish.h b/src/cipher/twofish/twofish.h new file mode 100644 index 000000000..8519a9aa8 --- /dev/null +++ b/src/cipher/twofish/twofish.h @@ -0,0 +1,46 @@ +/************************************************* +* Twofish Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_TWOFISH_H__ +#define BOTAN_TWOFISH_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* Twofish * +*************************************************/ +class BOTAN_DLL Twofish : public BlockCipher + { + public: + void clear() throw(); + std::string name() const { return "Twofish"; } + BlockCipher* clone() const { return new Twofish; } + Twofish() : BlockCipher(16, 16, 32, 8) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + + static void rs_mul(byte[4], byte, u32bit); + + static const u32bit MDS0[256]; + static const u32bit MDS1[256]; + static const u32bit MDS2[256]; + static const u32bit MDS3[256]; + static const byte Q0[256]; + static const byte Q1[256]; + static const byte RS[32]; + static const byte EXP_TO_POLY[255]; + static const byte POLY_TO_EXP[255]; + + SecureBuffer<u32bit, 256> SBox0, SBox1, SBox2, SBox3; + SecureBuffer<u32bit, 40> round_key; + }; + +} + +#endif diff --git a/src/cipher/wid_wake/modinfo.txt b/src/cipher/wid_wake/modinfo.txt new file mode 100644 index 000000000..299ebfdd7 --- /dev/null +++ b/src/cipher/wid_wake/modinfo.txt @@ -0,0 +1,10 @@ +realname "WiderWake" + +define WID_WAKE + +load_on auto + +<add> +wid_wake.cpp +wid_wake.h +</add> diff --git a/src/cipher/wid_wake/wid_wake.cpp b/src/cipher/wid_wake/wid_wake.cpp new file mode 100644 index 000000000..d7ebdece0 --- /dev/null +++ b/src/cipher/wid_wake/wid_wake.cpp @@ -0,0 +1,145 @@ +/************************************************* +* WiderWake Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/wid_wake.h> +#include <botan/loadstor.h> +#include <botan/xor_buf.h> + +namespace Botan { + +/************************************************* +* Combine cipher stream with message * +*************************************************/ +void WiderWake_41_BE::cipher(const byte in[], byte out[], u32bit length) + { + while(length >= buffer.size() - position) + { + xor_buf(out, in, buffer + position, buffer.size() - position); + length -= (buffer.size() - position); + in += (buffer.size() - position); + out += (buffer.size() - position); + generate(buffer.size()); + } + xor_buf(out, in, buffer + position, length); + position += length; + } + +/************************************************* +* Generate cipher stream * +*************************************************/ +void WiderWake_41_BE::generate(u32bit length) + { + u32bit R0 = state[0], R1 = state[1], + R2 = state[2], R3 = state[3], + R4 = state[4]; + + for(u32bit j = 0; j != length; j += 8) + { + u32bit R0a; + + store_be(R3, buffer + j); + + R0a = R4 + R3; R3 += R2; R2 += R1; R1 += R0; + R0a = (R0a >> 8) ^ T[(R0a & 0xFF)]; + R1 = (R1 >> 8) ^ T[(R1 & 0xFF)]; + R2 = (R2 >> 8) ^ T[(R2 & 0xFF)]; + R3 = (R3 >> 8) ^ T[(R3 & 0xFF)]; + R4 = R0; R0 = R0a; + + store_be(R3, buffer + j + 4); + + R0a = R4 + R3; R3 += R2; R2 += R1; R1 += R0; + R0a = (R0a >> 8) ^ T[(R0a & 0xFF)]; + R1 = (R1 >> 8) ^ T[(R1 & 0xFF)]; + R2 = (R2 >> 8) ^ T[(R2 & 0xFF)]; + R3 = (R3 >> 8) ^ T[(R3 & 0xFF)]; + R4 = R0; R0 = R0a; + } + + state[0] = R0; + state[1] = R1; + state[2] = R2; + state[3] = R3; + state[4] = R4; + + position = 0; + } + +/************************************************* +* WiderWake Key Schedule * +*************************************************/ +void WiderWake_41_BE::key(const byte key[], u32bit) + { + for(u32bit j = 0; j != 4; ++j) + t_key[j] = load_be<u32bit>(key, j); + + static const u32bit MAGIC[8] = { + 0x726A8F3B, 0xE69A3B5C, 0xD3C71FE5, 0xAB3C73D2, + 0x4D3A8EB3, 0x0396D6E8, 0x3D4C2F7A, 0x9EE27CF3 }; + + for(u32bit j = 0; j != 4; ++j) + T[j] = t_key[j]; + for(u32bit j = 4; j != 256; ++j) + { + u32bit X = T[j-1] + T[j-4]; + T[j] = (X >> 3) ^ MAGIC[X % 8]; + } + for(u32bit j = 0; j != 23; ++j) + T[j] += T[j+89]; + + u32bit X = T[33]; + u32bit Z = (T[59] | 0x01000001) & 0xFF7FFFFF; + for(u32bit j = 0; j != 256; ++j) + { + X = (X & 0xFF7FFFFF) + Z; + T[j] = (T[j] & 0x00FFFFFF) ^ X; + } + X = (T[X & 0xFF] ^ X) & 0xFF; + Z = T[0]; + T[0] = T[X]; + for(u32bit j = 1; j != 256; ++j) + { + T[X] = T[j]; + X = (T[j ^ X] ^ X) & 0xFF; + T[j] = T[X]; + } + T[X] = Z; + + position = 0; + const byte iv[8] = { 0 }; + resync(iv, 8); + } + +/************************************************* +* Resynchronization * +*************************************************/ +void WiderWake_41_BE::resync(const byte iv[], u32bit length) + { + if(length != 8) + throw Invalid_IV_Length(name(), length); + + for(u32bit j = 0; j != 4; ++j) + state[j] = t_key[j]; + state[4] = load_be<u32bit>(iv, 0); + state[0] ^= state[4]; + state[2] ^= load_be<u32bit>(iv, 1); + + generate(8*4); + generate(buffer.size()); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void WiderWake_41_BE::clear() throw() + { + position = 0; + t_key.clear(); + state.clear(); + T.clear(); + buffer.clear(); + } + +} diff --git a/src/cipher/wid_wake/wid_wake.h b/src/cipher/wid_wake/wid_wake.h new file mode 100644 index 000000000..09171a8f5 --- /dev/null +++ b/src/cipher/wid_wake/wid_wake.h @@ -0,0 +1,39 @@ +/************************************************* +* WiderWake Header File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_WIDER_WAKE_H__ +#define BOTAN_WIDER_WAKE_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* WiderWake4+1-BE * +*************************************************/ +class BOTAN_DLL WiderWake_41_BE : public StreamCipher + { + public: + void clear() throw(); + std::string name() const { return "WiderWake4+1-BE"; } + StreamCipher* clone() const { return new WiderWake_41_BE; } + WiderWake_41_BE() : StreamCipher(16, 16, 1, 8) {} + private: + void cipher(const byte[], byte[], u32bit); + void key(const byte[], u32bit); + void resync(const byte[], u32bit); + + void generate(u32bit); + + SecureBuffer<byte, DEFAULT_BUFFERSIZE> buffer; + SecureBuffer<u32bit, 256> T; + SecureBuffer<u32bit, 5> state; + SecureBuffer<u32bit, 4> t_key; + u32bit position; + }; + +} + +#endif diff --git a/src/cipher/xtea/modinfo.txt b/src/cipher/xtea/modinfo.txt new file mode 100644 index 000000000..0120a3bce --- /dev/null +++ b/src/cipher/xtea/modinfo.txt @@ -0,0 +1,10 @@ +realname "XTEA" + +define XTEA + +load_on auto + +<add> +xtea.cpp +xtea.h +</add> diff --git a/src/cipher/xtea/xtea.cpp b/src/cipher/xtea/xtea.cpp new file mode 100644 index 000000000..db5c7effc --- /dev/null +++ b/src/cipher/xtea/xtea.cpp @@ -0,0 +1,78 @@ +/************************************************* +* XTEA Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/xtea.h> +#include <botan/loadstor.h> +#include <botan/parsing.h> + +namespace Botan { + +/************************************************* +* XTEA Encryption * +*************************************************/ +void XTEA::enc(const byte in[], byte out[]) const + { + u32bit L = load_be<u32bit>(in, 0), R = load_be<u32bit>(in, 1); + + for(u32bit j = 0; j != 32; ++j) + { + L += (((R << 4) ^ (R >> 5)) + R) ^ EK[2*j]; + R += (((L << 4) ^ (L >> 5)) + L) ^ EK[2*j+1]; + } + + store_be(out, L, R); + } + +/************************************************* +* XTEA Decryption * +*************************************************/ +void XTEA::dec(const byte in[], byte out[]) const + { + u32bit L = load_be<u32bit>(in, 0), R = load_be<u32bit>(in, 1); + + for(u32bit j = 32; j > 0; --j) + { + R -= (((L << 4) ^ (L >> 5)) + L) ^ EK[2*j - 1]; + L -= (((R << 4) ^ (R >> 5)) + R) ^ EK[2*j - 2]; + } + + store_be(out, L, R); + } + +/************************************************* +* XTEA Key Schedule * +*************************************************/ +void XTEA::key(const byte key[], u32bit) + { + static const u32bit DELTAS[64] = { + 0x00000000, 0x9E3779B9, 0x9E3779B9, 0x3C6EF372, 0x3C6EF372, 0xDAA66D2B, + 0xDAA66D2B, 0x78DDE6E4, 0x78DDE6E4, 0x1715609D, 0x1715609D, 0xB54CDA56, + 0xB54CDA56, 0x5384540F, 0x5384540F, 0xF1BBCDC8, 0xF1BBCDC8, 0x8FF34781, + 0x8FF34781, 0x2E2AC13A, 0x2E2AC13A, 0xCC623AF3, 0xCC623AF3, 0x6A99B4AC, + 0x6A99B4AC, 0x08D12E65, 0x08D12E65, 0xA708A81E, 0xA708A81E, 0x454021D7, + 0x454021D7, 0xE3779B90, 0xE3779B90, 0x81AF1549, 0x81AF1549, 0x1FE68F02, + 0x1FE68F02, 0xBE1E08BB, 0xBE1E08BB, 0x5C558274, 0x5C558274, 0xFA8CFC2D, + 0xFA8CFC2D, 0x98C475E6, 0x98C475E6, 0x36FBEF9F, 0x36FBEF9F, 0xD5336958, + 0xD5336958, 0x736AE311, 0x736AE311, 0x11A25CCA, 0x11A25CCA, 0xAFD9D683, + 0xAFD9D683, 0x4E11503C, 0x4E11503C, 0xEC48C9F5, 0xEC48C9F5, 0x8A8043AE, + 0x8A8043AE, 0x28B7BD67, 0x28B7BD67, 0xC6EF3720 }; + + static const byte KEY_INDEX[64] = { + 0x00, 0x03, 0x01, 0x02, 0x02, 0x01, 0x03, 0x00, 0x00, 0x00, 0x01, 0x03, + 0x02, 0x02, 0x03, 0x01, 0x00, 0x00, 0x01, 0x00, 0x02, 0x03, 0x03, 0x02, + 0x00, 0x01, 0x01, 0x01, 0x02, 0x00, 0x03, 0x03, 0x00, 0x02, 0x01, 0x01, + 0x02, 0x01, 0x03, 0x00, 0x00, 0x03, 0x01, 0x02, 0x02, 0x01, 0x03, 0x01, + 0x00, 0x00, 0x01, 0x03, 0x02, 0x02, 0x03, 0x02, 0x00, 0x01, 0x01, 0x00, + 0x02, 0x03, 0x03, 0x02 }; + + SecureBuffer<u32bit, 4> UK; + for(u32bit j = 0; j != 4; ++j) + UK[j] = load_be<u32bit>(key, j); + + for(u32bit j = 0; j != 64; ++j) + EK[j] = DELTAS[j] + UK[KEY_INDEX[j]]; + } + +} diff --git a/src/cipher/xtea/xtea.h b/src/cipher/xtea/xtea.h new file mode 100644 index 000000000..193c13bb9 --- /dev/null +++ b/src/cipher/xtea/xtea.h @@ -0,0 +1,32 @@ +/************************************************* +* XTEA Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_XTEA_H__ +#define BOTAN_XTEA_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* XTEA * +*************************************************/ +class BOTAN_DLL XTEA : public BlockCipher + { + public: + void clear() throw() { EK.clear(); } + std::string name() const { return "XTEA"; } + BlockCipher* clone() const { return new XTEA; } + XTEA() : BlockCipher(8, 16) {} + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + SecureBuffer<u32bit, 64> EK; + }; + +} + +#endif diff --git a/src/compression/bzip2/bzip2.cpp b/src/compression/bzip2/bzip2.cpp new file mode 100644 index 000000000..712dacd7d --- /dev/null +++ b/src/compression/bzip2/bzip2.cpp @@ -0,0 +1,271 @@ +/************************************************* +* Bzip Compressor Source File * +* (C) 2001 Peter J Jones * +* 2001-2007 Jack Lloyd * +* 2006 Matt Johnston * +*************************************************/ + +#include <botan/bzip2.h> +#include <map> +#include <cstring> +#define BZ_NO_STDIO +#include <bzlib.h> + +namespace Botan { + +namespace { + +/************************************************* +* Allocation Information for Bzip * +*************************************************/ +class Bzip_Alloc_Info + { + public: + std::map<void*, u32bit> current_allocs; + Allocator* alloc; + + Bzip_Alloc_Info() { alloc = Allocator::get(false); } + }; + +/************************************************* +* Allocation Function for Bzip * +*************************************************/ +void* bzip_malloc(void* info_ptr, int n, int size) + { + Bzip_Alloc_Info* info = static_cast<Bzip_Alloc_Info*>(info_ptr); + void* ptr = info->alloc->allocate(n * size); + info->current_allocs[ptr] = n * size; + return ptr; + } + +/************************************************* +* Allocation Function for Bzip * +*************************************************/ +void bzip_free(void* info_ptr, void* ptr) + { + Bzip_Alloc_Info* info = static_cast<Bzip_Alloc_Info*>(info_ptr); + std::map<void*, u32bit>::const_iterator i = info->current_allocs.find(ptr); + if(i == info->current_allocs.end()) + throw Invalid_Argument("bzip_free: Got pointer not allocated by us"); + info->alloc->deallocate(ptr, i->second); + } + +} + +/************************************************* +* Wrapper Type for Bzip2 Stream * +*************************************************/ +class Bzip_Stream + { + public: + bz_stream stream; + + Bzip_Stream() + { + std::memset(&stream, 0, sizeof(bz_stream)); + stream.bzalloc = bzip_malloc; + stream.bzfree = bzip_free; + stream.opaque = new Bzip_Alloc_Info; + } + ~Bzip_Stream() + { + Bzip_Alloc_Info* info = static_cast<Bzip_Alloc_Info*>(stream.opaque); + delete info; + std::memset(&stream, 0, sizeof(bz_stream)); + } + }; + +/************************************************* +* Bzip_Compression Constructor * +*************************************************/ +Bzip_Compression::Bzip_Compression(u32bit l) : + level((l >= 9) ? 9 : l), buffer(DEFAULT_BUFFERSIZE) + { + bz = 0; + } + +/************************************************* +* Start Compressing with Bzip * +*************************************************/ +void Bzip_Compression::start_msg() + { + clear(); + bz = new Bzip_Stream; + if(BZ2_bzCompressInit(&(bz->stream), level, 0, 0) != BZ_OK) + throw Exception("Bzip_Compression: Memory allocation error"); + } + +/************************************************* +* Compress Input with Bzip * +*************************************************/ +void Bzip_Compression::write(const byte input[], u32bit length) + { + bz->stream.next_in = reinterpret_cast<char*>(const_cast<byte*>(input)); + bz->stream.avail_in = length; + + while(bz->stream.avail_in != 0) + { + bz->stream.next_out = reinterpret_cast<char*>(buffer.begin()); + bz->stream.avail_out = buffer.size(); + BZ2_bzCompress(&(bz->stream), BZ_RUN); + send(buffer, buffer.size() - bz->stream.avail_out); + } + } + +/************************************************* +* Finish Compressing with Bzip * +*************************************************/ +void Bzip_Compression::end_msg() + { + bz->stream.next_in = 0; + bz->stream.avail_in = 0; + + int rc = BZ_OK; + while(rc != BZ_STREAM_END) + { + bz->stream.next_out = reinterpret_cast<char*>(buffer.begin()); + bz->stream.avail_out = buffer.size(); + rc = BZ2_bzCompress(&(bz->stream), BZ_FINISH); + send(buffer, buffer.size() - bz->stream.avail_out); + } + clear(); + } + +/************************************************* +* Flush the Bzip Compressor * +*************************************************/ +void Bzip_Compression::flush() + { + bz->stream.next_in = 0; + bz->stream.avail_in = 0; + + int rc = BZ_OK; + while(rc != BZ_RUN_OK) + { + bz->stream.next_out = reinterpret_cast<char*>(buffer.begin()); + bz->stream.avail_out = buffer.size(); + rc = BZ2_bzCompress(&(bz->stream), BZ_FLUSH); + send(buffer, buffer.size() - bz->stream.avail_out); + } + } + +/************************************************* +* Clean up Compression Context * +*************************************************/ +void Bzip_Compression::clear() + { + if(!bz) return; + BZ2_bzCompressEnd(&(bz->stream)); + delete bz; + bz = 0; + } + +/************************************************* +* Bzip_Decompression Constructor * +*************************************************/ +Bzip_Decompression::Bzip_Decompression(bool s) : + small_mem(s), buffer(DEFAULT_BUFFERSIZE) + { + no_writes = true; + bz = 0; + } + +/************************************************* +* Decompress Input with Bzip * +*************************************************/ +void Bzip_Decompression::write(const byte input_arr[], u32bit length) + { + if(length) no_writes = false; + + char* input = reinterpret_cast<char*>(const_cast<byte*>(input_arr)); + + bz->stream.next_in = input; + bz->stream.avail_in = length; + + while(bz->stream.avail_in != 0) + { + bz->stream.next_out = reinterpret_cast<char*>(buffer.begin()); + bz->stream.avail_out = buffer.size(); + + int rc = BZ2_bzDecompress(&(bz->stream)); + + if(rc != BZ_OK && rc != BZ_STREAM_END) + { + clear(); + if(rc == BZ_DATA_ERROR) + throw Decoding_Error("Bzip_Decompression: Data integrity error"); + if(rc == BZ_DATA_ERROR_MAGIC) + throw Decoding_Error("Bzip_Decompression: Invalid input"); + if(rc == BZ_MEM_ERROR) + throw Exception("Bzip_Decompression: Memory allocation error"); + throw Exception("Bzip_Decompression: Unknown decompress error"); + } + + send(buffer, buffer.size() - bz->stream.avail_out); + + if(rc == BZ_STREAM_END) + { + u32bit read_from_block = length - bz->stream.avail_in; + start_msg(); + bz->stream.next_in = input + read_from_block; + bz->stream.avail_in = length - read_from_block; + input += read_from_block; + length -= read_from_block; + } + } + } + +/************************************************* +* Start Decompressing with Bzip * +*************************************************/ +void Bzip_Decompression::start_msg() + { + clear(); + bz = new Bzip_Stream; + + if(BZ2_bzDecompressInit(&(bz->stream), 0, small_mem) != BZ_OK) + throw Exception("Bzip_Decompression: Memory allocation error"); + + no_writes = true; + } + +/************************************************* +* Finish Decompressing with Bzip * +*************************************************/ +void Bzip_Decompression::end_msg() + { + if(no_writes) return; + bz->stream.next_in = 0; + bz->stream.avail_in = 0; + + int rc = BZ_OK; + while(rc != BZ_STREAM_END) + { + bz->stream.next_out = reinterpret_cast<char*>(buffer.begin()); + bz->stream.avail_out = buffer.size(); + rc = BZ2_bzDecompress(&(bz->stream)); + + if(rc != BZ_OK && rc != BZ_STREAM_END) + { + clear(); + throw Exception("Bzip_Decompression: Error finalizing decompression"); + } + + send(buffer, buffer.size() - bz->stream.avail_out); + } + + clear(); + } + +/************************************************* +* Clean up Decompression Context * +*************************************************/ +void Bzip_Decompression::clear() + { + if(!bz) return; + BZ2_bzDecompressEnd(&(bz->stream)); + delete bz; + bz = 0; + } + +} diff --git a/src/compression/bzip2/bzip2.h b/src/compression/bzip2/bzip2.h new file mode 100644 index 000000000..1244924ca --- /dev/null +++ b/src/compression/bzip2/bzip2.h @@ -0,0 +1,59 @@ +/************************************************* +* Bzip Compressor Header File * +* (C) 2001 Peter J Jones * +* 2001-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_BZIP2_H__ +#define BOTAN_BZIP2_H__ + +#include <botan/filter.h> + +namespace Botan { + +/************************************************* +* Bzip Compression Filter * +*************************************************/ +class Bzip_Compression : public Filter + { + public: + void write(const byte input[], u32bit length); + void start_msg(); + void end_msg(); + + void flush(); + + Bzip_Compression(u32bit = 9); + ~Bzip_Compression() { clear(); } + private: + void clear(); + + const u32bit level; + SecureVector<byte> buffer; + class Bzip_Stream* bz; + }; + +/************************************************* +* Bzip Decompression Filter * +*************************************************/ +class Bzip_Decompression : public Filter + { + public: + void write(const byte input[], u32bit length); + void start_msg(); + void end_msg(); + + Bzip_Decompression(bool = false); + ~Bzip_Decompression() { clear(); } + private: + void clear(); + + const bool small_mem; + SecureVector<byte> buffer; + class Bzip_Stream* bz; + bool no_writes; + }; + +} + +#endif diff --git a/src/compression/bzip2/modinfo.txt b/src/compression/bzip2/modinfo.txt new file mode 100644 index 000000000..efedc097f --- /dev/null +++ b/src/compression/bzip2/modinfo.txt @@ -0,0 +1,17 @@ +# This module was written by Peter J. Jones + +realname "Bzip2 Compressor" + +define COMPRESSOR_BZIP2 +modset compression + +load_on request + +<add> +bzip2.h +bzip2.cpp +</add> + +<libs> +all -> bz2 +</libs> diff --git a/src/compression/zlib/modinfo.txt b/src/compression/zlib/modinfo.txt new file mode 100644 index 000000000..c1f1f998c --- /dev/null +++ b/src/compression/zlib/modinfo.txt @@ -0,0 +1,19 @@ +realname "Zlib Compressor" +#realname "Zlib/Gzip Compressor" + +define COMPRESSOR_ZLIB +#define COMPRESSOR_ZLIB,COMPRESSOR_GZIP + +load_on request +modset compression + +<add> +zlib.h +zlib.cpp +#gzip.h +#gzip.cpp +</add> + +<libs> +all -> z +</libs> diff --git a/src/compression/zlib/zlib.cpp b/src/compression/zlib/zlib.cpp new file mode 100644 index 000000000..36a9640e3 --- /dev/null +++ b/src/compression/zlib/zlib.cpp @@ -0,0 +1,283 @@ +/************************************************* +* Zlib Compressor Source File * +* (C) 2001 Peter J Jones * +* 2001-2007 Jack Lloyd * +* 2006 Matt Johnston * +*************************************************/ + +#include <botan/zlib.h> +#include <cstring> +#include <map> +#include <zlib.h> + +namespace Botan { + +namespace { + +/************************************************* +* Allocation Information for Zlib * +*************************************************/ +class Zlib_Alloc_Info + { + public: + std::map<void*, u32bit> current_allocs; + Allocator* alloc; + + Zlib_Alloc_Info() { alloc = Allocator::get(false); } + }; + +/************************************************* +* Allocation Function for Zlib * +*************************************************/ +void* zlib_malloc(void* info_ptr, unsigned int n, unsigned int size) + { + Zlib_Alloc_Info* info = static_cast<Zlib_Alloc_Info*>(info_ptr); + void* ptr = info->alloc->allocate(n * size); + info->current_allocs[ptr] = n * size; + return ptr; + } + +/************************************************* +* Allocation Function for Zlib * +*************************************************/ +void zlib_free(void* info_ptr, void* ptr) + { + Zlib_Alloc_Info* info = static_cast<Zlib_Alloc_Info*>(info_ptr); + std::map<void*, u32bit>::const_iterator i = info->current_allocs.find(ptr); + if(i == info->current_allocs.end()) + throw Invalid_Argument("zlib_free: Got pointer not allocated by us"); + info->alloc->deallocate(ptr, i->second); + } + +} + +/************************************************* +* Wrapper Type for Zlib z_stream * +*************************************************/ +class Zlib_Stream + { + public: + z_stream stream; + + Zlib_Stream() + { + std::memset(&stream, 0, sizeof(z_stream)); + stream.zalloc = zlib_malloc; + stream.zfree = zlib_free; + stream.opaque = new Zlib_Alloc_Info; + } + ~Zlib_Stream() + { + Zlib_Alloc_Info* info = static_cast<Zlib_Alloc_Info*>(stream.opaque); + delete info; + std::memset(&stream, 0, sizeof(z_stream)); + } + }; + +/************************************************* +* Zlib_Compression Constructor * +*************************************************/ +Zlib_Compression::Zlib_Compression(u32bit l) : + level((l >= 9) ? 9 : l), buffer(DEFAULT_BUFFERSIZE) + { + zlib = 0; + } + +/************************************************* +* Start Compressing with Zlib * +*************************************************/ +void Zlib_Compression::start_msg() + { + clear(); + zlib = new Zlib_Stream; + if(deflateInit(&(zlib->stream), level) != Z_OK) + throw Exception("Zlib_Compression: Memory allocation error"); + } + +/************************************************* +* Compress Input with Zlib * +*************************************************/ +void Zlib_Compression::write(const byte input[], u32bit length) + { + zlib->stream.next_in = static_cast<Bytef*>(const_cast<byte*>(input)); + zlib->stream.avail_in = length; + + while(zlib->stream.avail_in != 0) + { + zlib->stream.next_out = static_cast<Bytef*>(buffer.begin()); + zlib->stream.avail_out = buffer.size(); + deflate(&(zlib->stream), Z_NO_FLUSH); + send(buffer.begin(), buffer.size() - zlib->stream.avail_out); + } + } + +/************************************************* +* Finish Compressing with Zlib * +*************************************************/ +void Zlib_Compression::end_msg() + { + zlib->stream.next_in = 0; + zlib->stream.avail_in = 0; + + int rc = Z_OK; + while(rc != Z_STREAM_END) + { + zlib->stream.next_out = reinterpret_cast<Bytef*>(buffer.begin()); + zlib->stream.avail_out = buffer.size(); + rc = deflate(&(zlib->stream), Z_FINISH); + send(buffer.begin(), buffer.size() - zlib->stream.avail_out); + } + clear(); + } + +/************************************************* +* Flush the Zlib Compressor * +*************************************************/ +void Zlib_Compression::flush() + { + zlib->stream.next_in = 0; + zlib->stream.avail_in = 0; + + while(true) + { + zlib->stream.avail_out = buffer.size(); + + zlib->stream.next_out = reinterpret_cast<Bytef*>(buffer.begin()); + + + deflate(&(zlib->stream), Z_FULL_FLUSH); + send(buffer.begin(), buffer.size() - zlib->stream.avail_out); + if(zlib->stream.avail_out == buffer.size()) break; + } + } + +/************************************************* +* Clean up Compression Context * +*************************************************/ +void Zlib_Compression::clear() + { + if(zlib) + { + deflateEnd(&(zlib->stream)); + delete zlib; + zlib = 0; + } + + buffer.clear(); + } + +/************************************************* +* Zlib_Decompression Constructor * +*************************************************/ +Zlib_Decompression::Zlib_Decompression() : buffer(DEFAULT_BUFFERSIZE) + { + zlib = 0; + no_writes = true; + } + +/************************************************* +* Start Decompressing with Zlib * +*************************************************/ +void Zlib_Decompression::start_msg() + { + clear(); + zlib = new Zlib_Stream; + if(inflateInit(&(zlib->stream)) != Z_OK) + throw Exception("Zlib_Decompression: Memory allocation error"); + } + +/************************************************* +* Decompress Input with Zlib * +*************************************************/ +void Zlib_Decompression::write(const byte input_arr[], u32bit length) + { + if(length) no_writes = false; + + // non-const needed by zlib api :( + Bytef* input = reinterpret_cast<Bytef*>(const_cast<byte*>(input_arr)); + + zlib->stream.next_in = input; + zlib->stream.avail_in = length; + + while(zlib->stream.avail_in != 0) + { + zlib->stream.next_out = reinterpret_cast<Bytef*>(buffer.begin()); + zlib->stream.avail_out = buffer.size(); + + int rc = inflate(&(zlib->stream), Z_SYNC_FLUSH); + + if(rc != Z_OK && rc != Z_STREAM_END) + { + clear(); + if(rc == Z_DATA_ERROR) + throw Decoding_Error("Zlib_Decompression: Data integrity error"); + if(rc == Z_NEED_DICT) + throw Decoding_Error("Zlib_Decompression: Need preset dictionary"); + if(rc == Z_MEM_ERROR) + throw Exception("Zlib_Decompression: Memory allocation error"); + throw Exception("Zlib_Decompression: Unknown decompress error"); + } + + send(buffer.begin(), buffer.size() - zlib->stream.avail_out); + + if(rc == Z_STREAM_END) + { + u32bit read_from_block = length - zlib->stream.avail_in; + start_msg(); + + zlib->stream.next_in = input + read_from_block; + zlib->stream.avail_in = length - read_from_block; + + input += read_from_block; + length -= read_from_block; + } + } + } + +/************************************************* +* Finish Decompressing with Zlib * +*************************************************/ +void Zlib_Decompression::end_msg() + { + if(no_writes) return; + zlib->stream.next_in = 0; + zlib->stream.avail_in = 0; + + int rc = Z_OK; + + while(rc != Z_STREAM_END) + { + zlib->stream.next_out = reinterpret_cast<Bytef*>(buffer.begin()); + zlib->stream.avail_out = buffer.size(); + rc = inflate(&(zlib->stream), Z_SYNC_FLUSH); + + if(rc != Z_OK && rc != Z_STREAM_END) + { + clear(); + throw Exception("Zlib_Decompression: Error finalizing decompression"); + } + + send(buffer.begin(), buffer.size() - zlib->stream.avail_out); + } + + clear(); + } + +/************************************************* +* Clean up Decompression Context * +*************************************************/ +void Zlib_Decompression::clear() + { + no_writes = true; + + if(zlib) + { + inflateEnd(&(zlib->stream)); + delete zlib; + zlib = 0; + } + + buffer.clear(); + } + +} diff --git a/src/compression/zlib/zlib.h b/src/compression/zlib/zlib.h new file mode 100644 index 000000000..c3baea4ee --- /dev/null +++ b/src/compression/zlib/zlib.h @@ -0,0 +1,56 @@ +/************************************************* +* Zlib Compressor Header File * +* (C) 2001 Peter J Jones * +* 2001-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ZLIB_H__ +#define BOTAN_ZLIB_H__ + +#include <botan/filter.h> + +namespace Botan { + +/************************************************* +* Zlib Compression Filter * +*************************************************/ +class Zlib_Compression : public Filter + { + public: + void write(const byte input[], u32bit length); + void start_msg(); + void end_msg(); + + void flush(); + + Zlib_Compression(u32bit = 6); + ~Zlib_Compression() { clear(); } + private: + void clear(); + const u32bit level; + SecureVector<byte> buffer; + class Zlib_Stream* zlib; + }; + +/************************************************* +* Zlib Decompression Filter * +*************************************************/ +class Zlib_Decompression : public Filter + { + public: + void write(const byte input[], u32bit length); + void start_msg(); + void end_msg(); + + Zlib_Decompression(); + ~Zlib_Decompression() { clear(); } + private: + void clear(); + SecureVector<byte> buffer; + class Zlib_Stream* zlib; + bool no_writes; + }; + +} + +#endif diff --git a/src/engine/gnump/eng_gmp.cpp b/src/engine/gnump/eng_gmp.cpp new file mode 100644 index 000000000..a0e18e059 --- /dev/null +++ b/src/engine/gnump/eng_gmp.cpp @@ -0,0 +1,377 @@ +/************************************************* +* GMP Engine Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/eng_gmp.h> +#include <botan/gmp_wrap.h> +#include <gmp.h> + +namespace Botan { + +namespace { + +/************************************************* +* GMP IF Operation * +*************************************************/ +class GMP_IF_Op : public IF_Operation + { + public: + BigInt public_op(const BigInt&) const; + BigInt private_op(const BigInt&) const; + + IF_Operation* clone() const { return new GMP_IF_Op(*this); } + + GMP_IF_Op(const BigInt& e_bn, const BigInt& n_bn, const BigInt&, + const BigInt& p_bn, const BigInt& q_bn, const BigInt& d1_bn, + const BigInt& d2_bn, const BigInt& c_bn) : + e(e_bn), n(n_bn), p(p_bn), q(q_bn), d1(d1_bn), d2(d2_bn), c(c_bn) {} + private: + const GMP_MPZ e, n, p, q, d1, d2, c; + }; + +/************************************************* +* GMP IF Public Operation * +*************************************************/ +BigInt GMP_IF_Op::public_op(const BigInt& i_bn) const + { + GMP_MPZ i(i_bn); + mpz_powm(i.value, i.value, e.value, n.value); + return i.to_bigint(); + } + +/************************************************* +* GMP IF Private Operation * +*************************************************/ +BigInt GMP_IF_Op::private_op(const BigInt& i_bn) const + { + if(mpz_cmp_ui(p.value, 0) == 0) + throw Internal_Error("GMP_IF_Op::private_op: No private key"); + + GMP_MPZ j1, j2, h(i_bn); + + mpz_powm(j1.value, h.value, d1.value, p.value); + mpz_powm(j2.value, h.value, d2.value, q.value); + mpz_sub(h.value, j1.value, j2.value); + mpz_mul(h.value, h.value, c.value); + mpz_mod(h.value, h.value, p.value); + mpz_mul(h.value, h.value, q.value); + mpz_add(h.value, h.value, j2.value); + return h.to_bigint(); + } + +/************************************************* +* GMP DSA Operation * +*************************************************/ +class GMP_DSA_Op : public DSA_Operation + { + public: + bool verify(const byte[], u32bit, const byte[], u32bit) const; + SecureVector<byte> sign(const byte[], u32bit, const BigInt&) const; + + DSA_Operation* clone() const { return new GMP_DSA_Op(*this); } + + GMP_DSA_Op(const DL_Group& group, const BigInt& y1, const BigInt& x1) : + x(x1), y(y1), p(group.get_p()), q(group.get_q()), g(group.get_g()) {} + private: + const GMP_MPZ x, y, p, q, g; + }; + +/************************************************* +* GMP DSA Verify Operation * +*************************************************/ +bool GMP_DSA_Op::verify(const byte msg[], u32bit msg_len, + const byte sig[], u32bit sig_len) const + { + const u32bit q_bytes = q.bytes(); + + if(sig_len != 2*q_bytes || msg_len > q_bytes) + return false; + + GMP_MPZ r(sig, q_bytes); + GMP_MPZ s(sig + q_bytes, q_bytes); + GMP_MPZ i(msg, msg_len); + + if(mpz_cmp_ui(r.value, 0) <= 0 || mpz_cmp(r.value, q.value) >= 0) + return false; + if(mpz_cmp_ui(s.value, 0) <= 0 || mpz_cmp(s.value, q.value) >= 0) + return false; + + if(mpz_invert(s.value, s.value, q.value) == 0) + return false; + + GMP_MPZ si; + mpz_mul(si.value, s.value, i.value); + mpz_mod(si.value, si.value, q.value); + mpz_powm(si.value, g.value, si.value, p.value); + + GMP_MPZ sr; + mpz_mul(sr.value, s.value, r.value); + mpz_mod(sr.value, sr.value, q.value); + mpz_powm(sr.value, y.value, sr.value, p.value); + + mpz_mul(si.value, si.value, sr.value); + mpz_mod(si.value, si.value, p.value); + mpz_mod(si.value, si.value, q.value); + + if(mpz_cmp(si.value, r.value) == 0) + return true; + return false; + } + +/************************************************* +* GMP DSA Sign Operation * +*************************************************/ +SecureVector<byte> GMP_DSA_Op::sign(const byte in[], u32bit length, + const BigInt& k_bn) const + { + if(mpz_cmp_ui(x.value, 0) == 0) + throw Internal_Error("GMP_DSA_Op::sign: No private key"); + + GMP_MPZ i(in, length); + GMP_MPZ k(k_bn); + + GMP_MPZ r; + mpz_powm(r.value, g.value, k.value, p.value); + mpz_mod(r.value, r.value, q.value); + + mpz_invert(k.value, k.value, q.value); + + GMP_MPZ s; + mpz_mul(s.value, x.value, r.value); + mpz_add(s.value, s.value, i.value); + mpz_mul(s.value, s.value, k.value); + mpz_mod(s.value, s.value, q.value); + + if(mpz_cmp_ui(r.value, 0) == 0 || mpz_cmp_ui(s.value, 0) == 0) + throw Internal_Error("GMP_DSA_Op::sign: r or s was zero"); + + const u32bit q_bytes = q.bytes(); + + SecureVector<byte> output(2*q_bytes); + r.encode(output, q_bytes); + s.encode(output + q_bytes, q_bytes); + return output; + } + +/************************************************* +* GMP NR Operation * +*************************************************/ +class GMP_NR_Op : public NR_Operation + { + public: + SecureVector<byte> verify(const byte[], u32bit) const; + SecureVector<byte> sign(const byte[], u32bit, const BigInt&) const; + + NR_Operation* clone() const { return new GMP_NR_Op(*this); } + + GMP_NR_Op(const DL_Group& group, const BigInt& y1, const BigInt& x1) : + x(x1), y(y1), p(group.get_p()), q(group.get_q()), g(group.get_g()) {} + private: + const GMP_MPZ x, y, p, q, g; + }; + +/************************************************* +* GMP NR Verify Operation * +*************************************************/ +SecureVector<byte> GMP_NR_Op::verify(const byte sig[], u32bit sig_len) const + { + const u32bit q_bytes = q.bytes(); + + if(sig_len != 2*q_bytes) + return false; + + GMP_MPZ c(sig, q_bytes); + GMP_MPZ d(sig + q_bytes, q_bytes); + + if(mpz_cmp_ui(c.value, 0) <= 0 || mpz_cmp(c.value, q.value) >= 0 || + mpz_cmp(d.value, q.value) >= 0) + throw Invalid_Argument("GMP_NR_Op::verify: Invalid signature"); + + GMP_MPZ i1, i2; + mpz_powm(i1.value, g.value, d.value, p.value); + mpz_powm(i2.value, y.value, c.value, p.value); + mpz_mul(i1.value, i1.value, i2.value); + mpz_mod(i1.value, i1.value, p.value); + mpz_sub(i1.value, c.value, i1.value); + mpz_mod(i1.value, i1.value, q.value); + return BigInt::encode(i1.to_bigint()); + } + +/************************************************* +* GMP NR Sign Operation * +*************************************************/ +SecureVector<byte> GMP_NR_Op::sign(const byte in[], u32bit length, + const BigInt& k_bn) const + { + if(mpz_cmp_ui(x.value, 0) == 0) + throw Internal_Error("GMP_NR_Op::sign: No private key"); + + GMP_MPZ f(in, length); + GMP_MPZ k(k_bn); + + if(mpz_cmp(f.value, q.value) >= 0) + throw Invalid_Argument("GMP_NR_Op::sign: Input is out of range"); + + GMP_MPZ c, d; + mpz_powm(c.value, g.value, k.value, p.value); + mpz_add(c.value, c.value, f.value); + mpz_mod(c.value, c.value, q.value); + mpz_mul(d.value, x.value, c.value); + mpz_sub(d.value, k.value, d.value); + mpz_mod(d.value, d.value, q.value); + + if(mpz_cmp_ui(c.value, 0) == 0) + throw Internal_Error("Default_NR_Op::sign: c was zero"); + + const u32bit q_bytes = q.bytes(); + SecureVector<byte> output(2*q_bytes); + c.encode(output, q_bytes); + d.encode(output + q_bytes, q_bytes); + return output; + } + +/************************************************* +* GMP ElGamal Operation * +*************************************************/ +class GMP_ELG_Op : public ELG_Operation + { + public: + SecureVector<byte> encrypt(const byte[], u32bit, const BigInt&) const; + BigInt decrypt(const BigInt&, const BigInt&) const; + + ELG_Operation* clone() const { return new GMP_ELG_Op(*this); } + + GMP_ELG_Op(const DL_Group& group, const BigInt& y1, const BigInt& x1) : + x(x1), y(y1), g(group.get_g()), p(group.get_p()) {} + private: + GMP_MPZ x, y, g, p; + }; + +/************************************************* +* GMP ElGamal Encrypt Operation * +*************************************************/ +SecureVector<byte> GMP_ELG_Op::encrypt(const byte in[], u32bit length, + const BigInt& k_bn) const + { + GMP_MPZ i(in, length); + + if(mpz_cmp(i.value, p.value) >= 0) + throw Invalid_Argument("GMP_ELG_Op: Input is too large"); + + GMP_MPZ a, b, k(k_bn); + + mpz_powm(a.value, g.value, k.value, p.value); + mpz_powm(b.value, y.value, k.value, p.value); + mpz_mul(b.value, b.value, i.value); + mpz_mod(b.value, b.value, p.value); + + const u32bit p_bytes = p.bytes(); + SecureVector<byte> output(2*p_bytes); + a.encode(output, p_bytes); + b.encode(output + p_bytes, p_bytes); + return output; + } + +/************************************************* +* GMP ElGamal Decrypt Operation * +*************************************************/ +BigInt GMP_ELG_Op::decrypt(const BigInt& a_bn, const BigInt& b_bn) const + { + if(mpz_cmp_ui(x.value, 0) == 0) + throw Internal_Error("GMP_ELG_Op::decrypt: No private key"); + + GMP_MPZ a(a_bn), b(b_bn); + + if(mpz_cmp(a.value, p.value) >= 0 || mpz_cmp(b.value, p.value) >= 0) + throw Invalid_Argument("GMP_ELG_Op: Invalid message"); + + mpz_powm(a.value, a.value, x.value, p.value); + mpz_invert(a.value, a.value, p.value); + mpz_mul(a.value, a.value, b.value); + mpz_mod(a.value, a.value, p.value); + return a.to_bigint(); + } + +/************************************************* +* GMP DH Operation * +*************************************************/ +class GMP_DH_Op : public DH_Operation + { + public: + BigInt agree(const BigInt& i) const; + DH_Operation* clone() const { return new GMP_DH_Op(*this); } + + GMP_DH_Op(const DL_Group& group, const BigInt& x_bn) : + x(x_bn), p(group.get_p()) {} + private: + GMP_MPZ x, p; + }; + +/************************************************* +* GMP DH Key Agreement Operation * +*************************************************/ +BigInt GMP_DH_Op::agree(const BigInt& i_bn) const + { + GMP_MPZ i(i_bn); + mpz_powm(i.value, i.value, x.value, p.value); + return i.to_bigint(); + } + +} + +/************************************************* +* GMP_Engine Constructor * +*************************************************/ +GMP_Engine::GMP_Engine() + { + set_memory_hooks(); + } + +/************************************************* +* Acquire an IF op * +*************************************************/ +IF_Operation* GMP_Engine::if_op(const BigInt& e, const BigInt& n, + const BigInt& d, const BigInt& p, + const BigInt& q, const BigInt& d1, + const BigInt& d2, const BigInt& c) const + { + return new GMP_IF_Op(e, n, d, p, q, d1, d2, c); + } + +/************************************************* +* Acquire a DSA op * +*************************************************/ +DSA_Operation* GMP_Engine::dsa_op(const DL_Group& group, const BigInt& y, + const BigInt& x) const + { + return new GMP_DSA_Op(group, y, x); + } + +/************************************************* +* Acquire a NR op * +*************************************************/ +NR_Operation* GMP_Engine::nr_op(const DL_Group& group, const BigInt& y, + const BigInt& x) const + { + return new GMP_NR_Op(group, y, x); + } + +/************************************************* +* Acquire an ElGamal op * +*************************************************/ +ELG_Operation* GMP_Engine::elg_op(const DL_Group& group, const BigInt& y, + const BigInt& x) const + { + return new GMP_ELG_Op(group, y, x); + } + +/************************************************* +* Acquire a DH op * +*************************************************/ +DH_Operation* GMP_Engine::dh_op(const DL_Group& group, const BigInt& x) const + { + return new GMP_DH_Op(group, x); + } + +} diff --git a/src/engine/gnump/eng_gmp.h b/src/engine/gnump/eng_gmp.h new file mode 100644 index 000000000..b8b2081fa --- /dev/null +++ b/src/engine/gnump/eng_gmp.h @@ -0,0 +1,43 @@ +/************************************************* +* GMP Engine Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ENGINE_GMP_H__ +#define BOTAN_ENGINE_GMP_H__ + +#include <botan/engine.h> + +namespace Botan { + +/************************************************* +* GMP Engine * +*************************************************/ +class GMP_Engine : public Engine + { + public: + IF_Operation* if_op(const BigInt&, const BigInt&, const BigInt&, + const BigInt&, const BigInt&, const BigInt&, + const BigInt&, const BigInt&) const; + + DSA_Operation* dsa_op(const DL_Group&, const BigInt&, + const BigInt&) const; + + NR_Operation* nr_op(const DL_Group&, const BigInt&, const BigInt&) const; + + ELG_Operation* elg_op(const DL_Group&, const BigInt&, + const BigInt&) const; + + DH_Operation* dh_op(const DL_Group&, const BigInt&) const; + + Modular_Exponentiator* mod_exp(const BigInt&, + Power_Mod::Usage_Hints) const; + + GMP_Engine(); + private: + static void set_memory_hooks(); + }; + +} + +#endif diff --git a/src/engine/gnump/gmp_mem.cpp b/src/engine/gnump/gmp_mem.cpp new file mode 100644 index 000000000..ea8ef4d3b --- /dev/null +++ b/src/engine/gnump/gmp_mem.cpp @@ -0,0 +1,60 @@ +/************************************************* +* GNU MP Memory Handlers Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/eng_gmp.h> +#include <cstring> +#include <gmp.h> + +namespace Botan { + +namespace { + +/************************************************* +* Allocator used by GNU MP * +*************************************************/ +Allocator* gmp_alloc = 0; + +/************************************************* +* Allocation Function for GNU MP * +*************************************************/ +void* gmp_malloc(size_t n) + { + return gmp_alloc->allocate(n); + } + +/************************************************* +* Reallocation Function for GNU MP * +*************************************************/ +void* gmp_realloc(void* ptr, size_t old_n, size_t new_n) + { + void* new_buf = gmp_alloc->allocate(new_n); + std::memcpy(new_buf, ptr, std::min(old_n, new_n)); + gmp_alloc->deallocate(ptr, old_n); + return new_buf; + } + +/************************************************* +* Deallocation Function for GNU MP * +*************************************************/ +void gmp_free(void* ptr, size_t n) + { + gmp_alloc->deallocate(ptr, n); + } + +} + +/************************************************* +* Set the GNU MP memory functions * +*************************************************/ +void GMP_Engine::set_memory_hooks() + { + if(gmp_alloc == 0) + { + gmp_alloc = Allocator::get(true); + mp_set_memory_functions(gmp_malloc, gmp_realloc, gmp_free); + } + } + +} diff --git a/src/engine/gnump/gmp_powm.cpp b/src/engine/gnump/gmp_powm.cpp new file mode 100644 index 000000000..a5e3d1c0d --- /dev/null +++ b/src/engine/gnump/gmp_powm.cpp @@ -0,0 +1,51 @@ +/************************************************* +* GMP Modular Exponentiation Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/eng_gmp.h> +#include <botan/gmp_wrap.h> + +namespace Botan { + +namespace { + +/************************************************* +* GMP Modular Exponentiator * +*************************************************/ +class GMP_Modular_Exponentiator : public Modular_Exponentiator + { + public: + void set_base(const BigInt& b) { base = b; } + void set_exponent(const BigInt& e) { exp = e; } + BigInt execute() const; + Modular_Exponentiator* copy() const + { return new GMP_Modular_Exponentiator(*this); } + + GMP_Modular_Exponentiator(const BigInt& n) : mod(n) {} + private: + GMP_MPZ base, exp, mod; + }; + +/************************************************* +* Compute the result * +*************************************************/ +BigInt GMP_Modular_Exponentiator::execute() const + { + GMP_MPZ r; + mpz_powm(r.value, base.value, exp.value, mod.value); + return r.to_bigint(); + } + +} + +/************************************************* +* Return the GMP-based modular exponentiator * +*************************************************/ +Modular_Exponentiator* GMP_Engine::mod_exp(const BigInt& n, + Power_Mod::Usage_Hints) const + { + return new GMP_Modular_Exponentiator(n); + } + +} diff --git a/src/engine/gnump/gmp_wrap.cpp b/src/engine/gnump/gmp_wrap.cpp new file mode 100644 index 000000000..4c73c2562 --- /dev/null +++ b/src/engine/gnump/gmp_wrap.cpp @@ -0,0 +1,96 @@ +/************************************************* +* GMP Wrapper Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/gmp_wrap.h> + +#define GNU_MP_VERSION_CODE_FOR(a,b,c) ((a << 16) | (b << 8) | (c)) + +#define GNU_MP_VERSION_CODE \ + GNU_MP_VERSION_CODE_FOR(__GNU_MP_VERSION, __GNU_MP_VERSION_MINOR, \ + __GNU_MP_VERSION_PATCHLEVEL) + +#if GNU_MP_VERSION_CODE < GNU_MP_VERSION_CODE_FOR(4,1,0) + #error Your GNU MP install is too old, upgrade to 4.1 or later +#endif + +namespace Botan { + +/************************************************* +* GMP_MPZ Constructor * +*************************************************/ +GMP_MPZ::GMP_MPZ(const BigInt& in) + { + mpz_init(value); + if(in != 0) + mpz_import(value, in.sig_words(), -1, sizeof(word), 0, 0, in.data()); + } + +/************************************************* +* GMP_MPZ Constructor * +*************************************************/ +GMP_MPZ::GMP_MPZ(const byte in[], u32bit length) + { + mpz_init(value); + mpz_import(value, length, 1, 1, 0, 0, in); + } + +/************************************************* +* GMP_MPZ Copy Constructor * +*************************************************/ +GMP_MPZ::GMP_MPZ(const GMP_MPZ& other) + { + mpz_init_set(value, other.value); + } + +/************************************************* +* GMP_MPZ Destructor * +*************************************************/ +GMP_MPZ::~GMP_MPZ() + { + mpz_clear(value); + } + +/************************************************* +* GMP_MPZ Assignment Operator * +*************************************************/ +GMP_MPZ& GMP_MPZ::operator=(const GMP_MPZ& other) + { + mpz_set(value, other.value); + return (*this); + } + +/************************************************* +* Export the mpz_t as a bytestring * +*************************************************/ +void GMP_MPZ::encode(byte out[], u32bit length) const + { + size_t dummy = 0; + mpz_export(out + (length - bytes()), &dummy, 1, 1, 0, 0, value); + } + +/************************************************* +* Return the number of significant bytes * +*************************************************/ +u32bit GMP_MPZ::bytes() const + { + return ((mpz_sizeinbase(value, 2) + 7) / 8); + } + +/************************************************* +* GMP to BigInt Conversions * +*************************************************/ +BigInt GMP_MPZ::to_bigint() const + { + BigInt out(BigInt::Positive, (bytes() + sizeof(word) - 1) / sizeof(word)); + size_t dummy = 0; + mpz_export(out.get_reg(), &dummy, -1, sizeof(word), 0, 0, value); + + if(mpz_sgn(value) < 0) + out.flip_sign(); + + return out; + } + +} diff --git a/src/engine/gnump/gmp_wrap.h b/src/engine/gnump/gmp_wrap.h new file mode 100644 index 000000000..09a8590c4 --- /dev/null +++ b/src/engine/gnump/gmp_wrap.h @@ -0,0 +1,36 @@ +/************************************************* +* GMP MPZ Wrapper Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_GMP_MPZ_WRAP_H__ +#define BOTAN_GMP_MPZ_WRAP_H__ + +#include <botan/bigint.h> +#include <gmp.h> + +namespace Botan { + +/************************************************* +* Lightweight GMP mpz_t Wrapper * +*************************************************/ +class GMP_MPZ + { + public: + mpz_t value; + + BigInt to_bigint() const; + void encode(byte[], u32bit) const; + u32bit bytes() const; + + GMP_MPZ& operator=(const GMP_MPZ&); + + GMP_MPZ(const GMP_MPZ&); + GMP_MPZ(const BigInt& = 0); + GMP_MPZ(const byte[], u32bit); + ~GMP_MPZ(); + }; + +} + +#endif diff --git a/src/engine/gnump/modinfo.txt b/src/engine/gnump/modinfo.txt new file mode 100644 index 000000000..e65e411fd --- /dev/null +++ b/src/engine/gnump/modinfo.txt @@ -0,0 +1,18 @@ +realname "GMP Engine" + +define ENGINE_GNU_MP + +load_on request + +<add> +eng_gmp.cpp +gmp_wrap.cpp +gmp_mem.cpp +gmp_powm.cpp +eng_gmp.h +gmp_wrap.h +</add> + +<libs> +all -> gmp +</libs> diff --git a/src/engine/openssl/bn_powm.cpp b/src/engine/openssl/bn_powm.cpp new file mode 100644 index 000000000..f54411240 --- /dev/null +++ b/src/engine/openssl/bn_powm.cpp @@ -0,0 +1,52 @@ +/************************************************* +* OpenSSL Modular Exponentiation Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/eng_ossl.h> +#include <botan/bn_wrap.h> + +namespace Botan { + +namespace { + +/************************************************* +* OpenSSL Modular Exponentiator * +*************************************************/ +class OpenSSL_Modular_Exponentiator : public Modular_Exponentiator + { + public: + void set_base(const BigInt& b) { base = b; } + void set_exponent(const BigInt& e) { exp = e; } + BigInt execute() const; + Modular_Exponentiator* copy() const + { return new OpenSSL_Modular_Exponentiator(*this); } + + OpenSSL_Modular_Exponentiator(const BigInt& n) : mod(n) {} + private: + OSSL_BN base, exp, mod; + OSSL_BN_CTX ctx; + }; + +/************************************************* +* Compute the result * +*************************************************/ +BigInt OpenSSL_Modular_Exponentiator::execute() const + { + OSSL_BN r; + BN_mod_exp(r.value, base.value, exp.value, mod.value, ctx.value); + return r.to_bigint(); + } + +} + +/************************************************* +* Return the OpenSSL-based modular exponentiator * +*************************************************/ +Modular_Exponentiator* OpenSSL_Engine::mod_exp(const BigInt& n, + Power_Mod::Usage_Hints) const + { + return new OpenSSL_Modular_Exponentiator(n); + } + +} diff --git a/src/engine/openssl/bn_wrap.cpp b/src/engine/openssl/bn_wrap.cpp new file mode 100644 index 000000000..4f7ea0078 --- /dev/null +++ b/src/engine/openssl/bn_wrap.cpp @@ -0,0 +1,114 @@ +/************************************************* +* OpenSSL BN Wrapper Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/bn_wrap.h> + +namespace Botan { + +/************************************************* +* OSSL_BN Constructor * +*************************************************/ +OSSL_BN::OSSL_BN(const BigInt& in) + { + value = BN_new(); + SecureVector<byte> encoding = BigInt::encode(in); + if(in != 0) + BN_bin2bn(encoding, encoding.size(), value); + } + +/************************************************* +* OSSL_BN Constructor * +*************************************************/ +OSSL_BN::OSSL_BN(const byte in[], u32bit length) + { + value = BN_new(); + BN_bin2bn(in, length, value); + } + +/************************************************* +* OSSL_BN Copy Constructor * +*************************************************/ +OSSL_BN::OSSL_BN(const OSSL_BN& other) + { + value = BN_dup(other.value); + } + +/************************************************* +* OSSL_BN Destructor * +*************************************************/ +OSSL_BN::~OSSL_BN() + { + BN_clear_free(value); + } + +/************************************************* +* OSSL_BN Assignment Operator * +*************************************************/ +OSSL_BN& OSSL_BN::operator=(const OSSL_BN& other) + { + BN_copy(value, other.value); + return (*this); + } + +/************************************************* +* Export the BIGNUM as a bytestring * +*************************************************/ +void OSSL_BN::encode(byte out[], u32bit length) const + { + BN_bn2bin(value, out + (length - bytes())); + } + +/************************************************* +* Return the number of significant bytes * +*************************************************/ +u32bit OSSL_BN::bytes() const + { + return BN_num_bytes(value); + } + +/************************************************* +* OpenSSL to BigInt Conversions * +*************************************************/ +BigInt OSSL_BN::to_bigint() const + { + SecureVector<byte> out(bytes()); + BN_bn2bin(value, out); + return BigInt::decode(out); + } + +/************************************************* +* OSSL_BN_CTX Constructor * +*************************************************/ +OSSL_BN_CTX::OSSL_BN_CTX() + { + value = BN_CTX_new(); + } + +/************************************************* +* OSSL_BN_CTX Copy Constructor * +*************************************************/ +OSSL_BN_CTX::OSSL_BN_CTX(const OSSL_BN_CTX&) + { + value = BN_CTX_new(); + } + +/************************************************* +* OSSL_BN_CTX Destructor * +*************************************************/ +OSSL_BN_CTX::~OSSL_BN_CTX() + { + BN_CTX_free(value); + } + +/************************************************* +* OSSL_BN_CTX Assignment Operator * +*************************************************/ +OSSL_BN_CTX& OSSL_BN_CTX::operator=(const OSSL_BN_CTX&) + { + value = BN_CTX_new(); + return (*this); + } + +} diff --git a/src/engine/openssl/bn_wrap.h b/src/engine/openssl/bn_wrap.h new file mode 100644 index 000000000..a42967544 --- /dev/null +++ b/src/engine/openssl/bn_wrap.h @@ -0,0 +1,51 @@ +/************************************************* +* OpenSSL BN Wrapper Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_OPENSSL_BN_WRAP_H__ +#define BOTAN_OPENSSL_BN_WRAP_H__ + +#include <botan/bigint.h> +#include <openssl/bn.h> + +namespace Botan { + +/************************************************* +* Lightweight OpenSSL BN Wrapper * +*************************************************/ +class OSSL_BN + { + public: + BIGNUM* value; + + BigInt to_bigint() const; + void encode(byte[], u32bit) const; + u32bit bytes() const; + + OSSL_BN& operator=(const OSSL_BN&); + + OSSL_BN(const OSSL_BN&); + OSSL_BN(const BigInt& = 0); + OSSL_BN(const byte[], u32bit); + ~OSSL_BN(); + }; + +/************************************************* +* Lightweight OpenSSL BN_CTX Wrapper * +*************************************************/ +class OSSL_BN_CTX + { + public: + BN_CTX* value; + + OSSL_BN_CTX& operator=(const OSSL_BN_CTX&); + + OSSL_BN_CTX(); + OSSL_BN_CTX(const OSSL_BN_CTX&); + ~OSSL_BN_CTX(); + }; + +} + +#endif diff --git a/src/engine/openssl/eng_ossl.cpp b/src/engine/openssl/eng_ossl.cpp new file mode 100644 index 000000000..9421495c2 --- /dev/null +++ b/src/engine/openssl/eng_ossl.cpp @@ -0,0 +1,374 @@ +/************************************************* +* OpenSSL Engine Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/eng_ossl.h> +#include <botan/bn_wrap.h> +#include <openssl/opensslv.h> + +#if OPENSSL_VERSION_NUMBER < 0x0090700F + #error Your OpenSSL install is too old, upgrade to 0.9.7 or later +#endif + +namespace Botan { + +namespace { + +/************************************************* +* OpenSSL IF Operation * +*************************************************/ +class OpenSSL_IF_Op : public IF_Operation + { + public: + BigInt public_op(const BigInt&) const; + BigInt private_op(const BigInt&) const; + + IF_Operation* clone() const { return new OpenSSL_IF_Op(*this); } + + OpenSSL_IF_Op(const BigInt& e_bn, const BigInt& n_bn, const BigInt&, + const BigInt& p_bn, const BigInt& q_bn, const BigInt& d1_bn, + const BigInt& d2_bn, const BigInt& c_bn) : + e(e_bn), n(n_bn), p(p_bn), q(q_bn), d1(d1_bn), d2(d2_bn), c(c_bn) {} + private: + const OSSL_BN e, n, p, q, d1, d2, c; + OSSL_BN_CTX ctx; + }; + +/************************************************* +* OpenSSL IF Public Operation * +*************************************************/ +BigInt OpenSSL_IF_Op::public_op(const BigInt& i_bn) const + { + OSSL_BN i(i_bn), r; + BN_mod_exp(r.value, i.value, e.value, n.value, ctx.value); + return r.to_bigint(); + } + +/************************************************* +* OpenSSL IF Private Operation * +*************************************************/ +BigInt OpenSSL_IF_Op::private_op(const BigInt& i_bn) const + { + if(BN_is_zero(p.value)) + throw Internal_Error("OpenSSL_IF_Op::private_op: No private key"); + + OSSL_BN j1, j2, h(i_bn); + + BN_mod_exp(j1.value, h.value, d1.value, p.value, ctx.value); + BN_mod_exp(j2.value, h.value, d2.value, q.value, ctx.value); + BN_sub(h.value, j1.value, j2.value); + BN_mod_mul(h.value, h.value, c.value, p.value, ctx.value); + BN_mul(h.value, h.value, q.value, ctx.value); + BN_add(h.value, h.value, j2.value); + return h.to_bigint(); + } + +/************************************************* +* OpenSSL DSA Operation * +*************************************************/ +class OpenSSL_DSA_Op : public DSA_Operation + { + public: + bool verify(const byte[], u32bit, const byte[], u32bit) const; + SecureVector<byte> sign(const byte[], u32bit, const BigInt&) const; + + DSA_Operation* clone() const { return new OpenSSL_DSA_Op(*this); } + + OpenSSL_DSA_Op(const DL_Group& group, const BigInt& y1, + const BigInt& x1) : + x(x1), y(y1), p(group.get_p()), q(group.get_q()), g(group.get_g()) {} + private: + const OSSL_BN x, y, p, q, g; + OSSL_BN_CTX ctx; + }; + +/************************************************* +* OpenSSL DSA Verify Operation * +*************************************************/ +bool OpenSSL_DSA_Op::verify(const byte msg[], u32bit msg_len, + const byte sig[], u32bit sig_len) const + { + const u32bit q_bytes = q.bytes(); + + if(sig_len != 2*q_bytes || msg_len > q_bytes) + return false; + + OSSL_BN r(sig, q_bytes); + OSSL_BN s(sig + q_bytes, q_bytes); + OSSL_BN i(msg, msg_len); + + if(BN_is_zero(r.value) || BN_cmp(r.value, q.value) >= 0) + return false; + if(BN_is_zero(s.value) || BN_cmp(s.value, q.value) >= 0) + return false; + + if(BN_mod_inverse(s.value, s.value, q.value, ctx.value) == 0) + return false; + + OSSL_BN si; + BN_mod_mul(si.value, s.value, i.value, q.value, ctx.value); + BN_mod_exp(si.value, g.value, si.value, p.value, ctx.value); + + OSSL_BN sr; + BN_mod_mul(sr.value, s.value, r.value, q.value, ctx.value); + BN_mod_exp(sr.value, y.value, sr.value, p.value, ctx.value); + + BN_mod_mul(si.value, si.value, sr.value, p.value, ctx.value); + BN_nnmod(si.value, si.value, q.value, ctx.value); + + if(BN_cmp(si.value, r.value) == 0) + return true; + return false; + } + +/************************************************* +* OpenSSL DSA Sign Operation * +*************************************************/ +SecureVector<byte> OpenSSL_DSA_Op::sign(const byte in[], u32bit length, + const BigInt& k_bn) const + { + if(BN_is_zero(x.value)) + throw Internal_Error("OpenSSL_DSA_Op::sign: No private key"); + + OSSL_BN i(in, length); + OSSL_BN k(k_bn); + + OSSL_BN r; + BN_mod_exp(r.value, g.value, k.value, p.value, ctx.value); + BN_nnmod(r.value, r.value, q.value, ctx.value); + + BN_mod_inverse(k.value, k.value, q.value, ctx.value); + + OSSL_BN s; + BN_mul(s.value, x.value, r.value, ctx.value); + BN_add(s.value, s.value, i.value); + BN_mod_mul(s.value, s.value, k.value, q.value, ctx.value); + + if(BN_is_zero(r.value) || BN_is_zero(s.value)) + throw Internal_Error("OpenSSL_DSA_Op::sign: r or s was zero"); + + const u32bit q_bytes = q.bytes(); + + SecureVector<byte> output(2*q_bytes); + r.encode(output, q_bytes); + s.encode(output + q_bytes, q_bytes); + return output; + } + +/************************************************* +* OpenSSL NR Operation * +*************************************************/ +class OpenSSL_NR_Op : public NR_Operation + { + public: + SecureVector<byte> verify(const byte[], u32bit) const; + SecureVector<byte> sign(const byte[], u32bit, const BigInt&) const; + + NR_Operation* clone() const { return new OpenSSL_NR_Op(*this); } + + OpenSSL_NR_Op(const DL_Group& group, const BigInt& y1, + const BigInt& x1) : + x(x1), y(y1), p(group.get_p()), q(group.get_q()), g(group.get_g()) {} + private: + const OSSL_BN x, y, p, q, g; + OSSL_BN_CTX ctx; + }; + +/************************************************* +* OpenSSL NR Verify Operation * +*************************************************/ +SecureVector<byte> OpenSSL_NR_Op::verify(const byte sig[], + u32bit sig_len) const + { + const u32bit q_bytes = q.bytes(); + + if(sig_len != 2*q_bytes) + return false; + + OSSL_BN c(sig, q_bytes); + OSSL_BN d(sig + q_bytes, q_bytes); + + if(BN_is_zero(c.value) || BN_cmp(c.value, q.value) >= 0 || + BN_cmp(d.value, q.value) >= 0) + throw Invalid_Argument("OpenSSL_NR_Op::verify: Invalid signature"); + + OSSL_BN i1, i2; + BN_mod_exp(i1.value, g.value, d.value, p.value, ctx.value); + BN_mod_exp(i2.value, y.value, c.value, p.value, ctx.value); + BN_mod_mul(i1.value, i1.value, i2.value, p.value, ctx.value); + BN_sub(i1.value, c.value, i1.value); + BN_nnmod(i1.value, i1.value, q.value, ctx.value); + return BigInt::encode(i1.to_bigint()); + } + +/************************************************* +* OpenSSL NR Sign Operation * +*************************************************/ +SecureVector<byte> OpenSSL_NR_Op::sign(const byte in[], u32bit length, + const BigInt& k_bn) const + { + if(BN_is_zero(x.value)) + throw Internal_Error("OpenSSL_NR_Op::sign: No private key"); + + OSSL_BN f(in, length); + OSSL_BN k(k_bn); + + if(BN_cmp(f.value, q.value) >= 0) + throw Invalid_Argument("OpenSSL_NR_Op::sign: Input is out of range"); + + OSSL_BN c, d; + BN_mod_exp(c.value, g.value, k.value, p.value, ctx.value); + BN_add(c.value, c.value, f.value); + BN_nnmod(c.value, c.value, q.value, ctx.value); + BN_mul(d.value, x.value, c.value, ctx.value); + BN_sub(d.value, k.value, d.value); + BN_nnmod(d.value, d.value, q.value, ctx.value); + + if(BN_is_zero(c.value)) + throw Internal_Error("Default_NR_Op::sign: c was zero"); + + const u32bit q_bytes = q.bytes(); + SecureVector<byte> output(2*q_bytes); + c.encode(output, q_bytes); + d.encode(output + q_bytes, q_bytes); + return output; + } + +/************************************************* +* OpenSSL ElGamal Operation * +*************************************************/ +class OpenSSL_ELG_Op : public ELG_Operation + { + public: + SecureVector<byte> encrypt(const byte[], u32bit, const BigInt&) const; + BigInt decrypt(const BigInt&, const BigInt&) const; + + ELG_Operation* clone() const { return new OpenSSL_ELG_Op(*this); } + OpenSSL_ELG_Op(const DL_Group& group, const BigInt& y1, + const BigInt& x1) : + x(x1), y(y1), g(group.get_g()), p(group.get_p()) {} + private: + OSSL_BN x, y, g, p; + OSSL_BN_CTX ctx; + }; + +/************************************************* +* OpenSSL ElGamal Encrypt Operation * +*************************************************/ +SecureVector<byte> OpenSSL_ELG_Op::encrypt(const byte in[], u32bit length, + const BigInt& k_bn) const + { + OSSL_BN i(in, length); + + if(BN_cmp(i.value, p.value) >= 0) + throw Invalid_Argument("OpenSSL_ELG_Op: Input is too large"); + + OSSL_BN a, b, k(k_bn); + + BN_mod_exp(a.value, g.value, k.value, p.value, ctx.value); + BN_mod_exp(b.value, y.value, k.value, p.value, ctx.value); + BN_mod_mul(b.value, b.value, i.value, p.value, ctx.value); + + const u32bit p_bytes = p.bytes(); + SecureVector<byte> output(2*p_bytes); + a.encode(output, p_bytes); + b.encode(output + p_bytes, p_bytes); + return output; + } + +/************************************************* +* OpenSSL ElGamal Decrypt Operation * +*************************************************/ +BigInt OpenSSL_ELG_Op::decrypt(const BigInt& a_bn, const BigInt& b_bn) const + { + if(BN_is_zero(x.value)) + throw Internal_Error("OpenSSL_ELG_Op::decrypt: No private key"); + + OSSL_BN a(a_bn), b(b_bn), t; + + if(BN_cmp(a.value, p.value) >= 0 || BN_cmp(b.value, p.value) >= 0) + throw Invalid_Argument("OpenSSL_ELG_Op: Invalid message"); + + BN_mod_exp(t.value, a.value, x.value, p.value, ctx.value); + BN_mod_inverse(a.value, t.value, p.value, ctx.value); + BN_mod_mul(a.value, a.value, b.value, p.value, ctx.value); + return a.to_bigint(); + } + +/************************************************* +* OpenSSL DH Operation * +*************************************************/ +class OpenSSL_DH_Op : public DH_Operation + { + public: + BigInt agree(const BigInt& i) const; + DH_Operation* clone() const { return new OpenSSL_DH_Op(*this); } + + OpenSSL_DH_Op(const DL_Group& group, const BigInt& x_bn) : + x(x_bn), p(group.get_p()) {} + private: + OSSL_BN x, p; + OSSL_BN_CTX ctx; + }; + +/************************************************* +* OpenSSL DH Key Agreement Operation * +*************************************************/ +BigInt OpenSSL_DH_Op::agree(const BigInt& i_bn) const + { + OSSL_BN i(i_bn), r; + BN_mod_exp(r.value, i.value, x.value, p.value, ctx.value); + return r.to_bigint(); + } + +} + +/************************************************* +* Acquire an IF op * +*************************************************/ +IF_Operation* OpenSSL_Engine::if_op(const BigInt& e, const BigInt& n, + const BigInt& d, const BigInt& p, + const BigInt& q, const BigInt& d1, + const BigInt& d2, const BigInt& c) const + { + return new OpenSSL_IF_Op(e, n, d, p, q, d1, d2, c); + } + +/************************************************* +* Acquire a DSA op * +*************************************************/ +DSA_Operation* OpenSSL_Engine::dsa_op(const DL_Group& group, const BigInt& y, + const BigInt& x) const + { + return new OpenSSL_DSA_Op(group, y, x); + } + +/************************************************* +* Acquire a NR op * +*************************************************/ +NR_Operation* OpenSSL_Engine::nr_op(const DL_Group& group, const BigInt& y, + const BigInt& x) const + { + return new OpenSSL_NR_Op(group, y, x); + } + +/************************************************* +* Acquire an ElGamal op * +*************************************************/ +ELG_Operation* OpenSSL_Engine::elg_op(const DL_Group& group, const BigInt& y, + const BigInt& x) const + { + return new OpenSSL_ELG_Op(group, y, x); + } + +/************************************************* +* Acquire a DH op * +*************************************************/ +DH_Operation* OpenSSL_Engine::dh_op(const DL_Group& group, + const BigInt& x) const + { + return new OpenSSL_DH_Op(group, x); + } + +} diff --git a/src/engine/openssl/eng_ossl.h b/src/engine/openssl/eng_ossl.h new file mode 100644 index 000000000..40da748db --- /dev/null +++ b/src/engine/openssl/eng_ossl.h @@ -0,0 +1,40 @@ +/************************************************* +* OpenSSL Engine Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ENGINE_OPENSSL_H__ +#define BOTAN_ENGINE_OPENSSL_H__ + +#include <botan/engine.h> +#include <botan/mutex.h> + +namespace Botan { + +/************************************************* +* OpenSSL Engine * +*************************************************/ +class OpenSSL_Engine : public Engine + { + public: + IF_Operation* if_op(const BigInt&, const BigInt&, const BigInt&, + const BigInt&, const BigInt&, const BigInt&, + const BigInt&, const BigInt&) const; + DSA_Operation* dsa_op(const DL_Group&, const BigInt&, + const BigInt&) const; + NR_Operation* nr_op(const DL_Group&, const BigInt&, const BigInt&) const; + ELG_Operation* elg_op(const DL_Group&, const BigInt&, + const BigInt&) const; + DH_Operation* dh_op(const DL_Group&, const BigInt&) const; + + Modular_Exponentiator* mod_exp(const BigInt&, + Power_Mod::Usage_Hints) const; + private: + BlockCipher* find_block_cipher(const std::string&) const; + StreamCipher* find_stream_cipher(const std::string&) const; + HashFunction* find_hash(const std::string&) const; + }; + +} + +#endif diff --git a/src/engine/openssl/modinfo.txt b/src/engine/openssl/modinfo.txt new file mode 100644 index 000000000..7892e8e90 --- /dev/null +++ b/src/engine/openssl/modinfo.txt @@ -0,0 +1,20 @@ +realname "OpenSSL Engine" + +define ENGINE_OPENSSL + +load_on request + +<add> +eng_ossl.cpp +bn_wrap.cpp +bn_powm.cpp +ossl_bc.cpp +ossl_rc4.cpp +ossl_md.cpp +eng_ossl.h +bn_wrap.h +</add> + +<libs> +all -> crypto +</libs> diff --git a/src/engine/openssl/ossl_bc.cpp b/src/engine/openssl/ossl_bc.cpp new file mode 100644 index 000000000..407bb3cde --- /dev/null +++ b/src/engine/openssl/ossl_bc.cpp @@ -0,0 +1,204 @@ +/************************************************* +* OpenSSL Block Cipher Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/eng_ossl.h> +#include <botan/parsing.h> +#include <botan/libstate.h> +#include <openssl/evp.h> + +namespace Botan { + +namespace { + +/************************************************* +* EVP Block Cipher * +*************************************************/ +class EVP_BlockCipher : public BlockCipher + { + public: + void clear() throw(); + std::string name() const { return cipher_name; } + BlockCipher* clone() const; + EVP_BlockCipher(const EVP_CIPHER*, const std::string&); + EVP_BlockCipher(const EVP_CIPHER*, const std::string&, + u32bit, u32bit, u32bit); + + ~EVP_BlockCipher(); + private: + void enc(const byte[], byte[]) const; + void dec(const byte[], byte[]) const; + void key(const byte[], u32bit); + std::string cipher_name; + mutable EVP_CIPHER_CTX encrypt, decrypt; + }; + +/************************************************* +* EVP Block Cipher Constructor * +*************************************************/ +EVP_BlockCipher::EVP_BlockCipher(const EVP_CIPHER* algo, + const std::string& algo_name) : + BlockCipher(EVP_CIPHER_block_size(algo), EVP_CIPHER_key_length(algo)), + cipher_name(algo_name) + { + if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE) + throw Invalid_Argument("EVP_BlockCipher: Non-ECB EVP was passed in"); + + EVP_CIPHER_CTX_init(&encrypt); + EVP_CIPHER_CTX_init(&decrypt); + + EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0); + EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0); + + EVP_CIPHER_CTX_set_padding(&encrypt, 0); + EVP_CIPHER_CTX_set_padding(&decrypt, 0); + } + +/************************************************* +* EVP Block Cipher Constructor * +*************************************************/ +EVP_BlockCipher::EVP_BlockCipher(const EVP_CIPHER* algo, + const std::string& algo_name, + u32bit key_min, u32bit key_max, + u32bit key_mod) : + BlockCipher(EVP_CIPHER_block_size(algo), key_min, key_max, key_mod), + cipher_name(algo_name) + { + if(EVP_CIPHER_mode(algo) != EVP_CIPH_ECB_MODE) + throw Invalid_Argument("EVP_BlockCipher: Non-ECB EVP was passed in"); + + EVP_CIPHER_CTX_init(&encrypt); + EVP_CIPHER_CTX_init(&decrypt); + + EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0); + EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0); + + EVP_CIPHER_CTX_set_padding(&encrypt, 0); + EVP_CIPHER_CTX_set_padding(&decrypt, 0); + } + +/************************************************* +* EVP Block Cipher Destructor * +*************************************************/ +EVP_BlockCipher::~EVP_BlockCipher() + { + EVP_CIPHER_CTX_cleanup(&encrypt); + EVP_CIPHER_CTX_cleanup(&decrypt); + } + +/************************************************* +* Encrypt a block * +*************************************************/ +void EVP_BlockCipher::enc(const byte in[], byte out[]) const + { + int out_len = 0; + EVP_EncryptUpdate(&encrypt, out, &out_len, in, BLOCK_SIZE); + } + +/************************************************* +* Decrypt a block * +*************************************************/ +void EVP_BlockCipher::dec(const byte in[], byte out[]) const + { + int out_len = 0; + EVP_DecryptUpdate(&decrypt, out, &out_len, in, BLOCK_SIZE); + } + +/************************************************* +* Set the key * +*************************************************/ +void EVP_BlockCipher::key(const byte key[], u32bit length) + { + SecureVector<byte> full_key(key, length); + + if(cipher_name == "TripleDES" && length == 16) + full_key.append(key, 8); + else + if(EVP_CIPHER_CTX_set_key_length(&encrypt, length) == 0 || + EVP_CIPHER_CTX_set_key_length(&decrypt, length) == 0) + throw Invalid_Argument("EVP_BlockCipher: Bad key length for " + + cipher_name); + + if(cipher_name == "RC2") + { + EVP_CIPHER_CTX_ctrl(&encrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0); + EVP_CIPHER_CTX_ctrl(&decrypt, EVP_CTRL_SET_RC2_KEY_BITS, length*8, 0); + } + + EVP_EncryptInit_ex(&encrypt, 0, 0, full_key.begin(), 0); + EVP_DecryptInit_ex(&decrypt, 0, 0, full_key.begin(), 0); + } + +/************************************************* +* Return a clone of this object * +*************************************************/ +BlockCipher* EVP_BlockCipher::clone() const + { + return new EVP_BlockCipher(EVP_CIPHER_CTX_cipher(&encrypt), + cipher_name, MINIMUM_KEYLENGTH, + MAXIMUM_KEYLENGTH, KEYLENGTH_MULTIPLE); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void EVP_BlockCipher::clear() throw() + { + const EVP_CIPHER* algo = EVP_CIPHER_CTX_cipher(&encrypt); + + EVP_CIPHER_CTX_cleanup(&encrypt); + EVP_CIPHER_CTX_cleanup(&decrypt); + EVP_CIPHER_CTX_init(&encrypt); + EVP_CIPHER_CTX_init(&decrypt); + EVP_EncryptInit_ex(&encrypt, algo, 0, 0, 0); + EVP_DecryptInit_ex(&decrypt, algo, 0, 0, 0); + EVP_CIPHER_CTX_set_padding(&encrypt, 0); + EVP_CIPHER_CTX_set_padding(&decrypt, 0); + } + +} + +/************************************************* +* Look for an algorithm with this name * +*************************************************/ +BlockCipher* +OpenSSL_Engine::find_block_cipher(const std::string& algo_spec) const + { +#define HANDLE_EVP_CIPHER(NAME, EVP) \ + if(algo_name == NAME) \ + { \ + if(name.size() == 1) \ + return new EVP_BlockCipher(EVP, NAME); \ + throw Invalid_Algorithm_Name(algo_spec); \ + } + +#define HANDLE_EVP_CIPHER_KEYLEN(NAME, EVP, MIN, MAX, MOD) \ + if(algo_name == NAME) \ + { \ + if(name.size() == 1) \ + return new EVP_BlockCipher(EVP, NAME, MIN, MAX, MOD); \ + throw Invalid_Algorithm_Name(algo_spec); \ + } + + std::vector<std::string> name = parse_algorithm_name(algo_spec); + if(name.size() == 0) + return 0; + const std::string algo_name = global_state().deref_alias(name[0]); + + HANDLE_EVP_CIPHER_KEYLEN("Blowfish", EVP_bf_ecb(), 1, 56, 1); + HANDLE_EVP_CIPHER_KEYLEN("CAST-128", EVP_cast5_ecb(), 1, 16, 1); + HANDLE_EVP_CIPHER_KEYLEN("RC2", EVP_rc2_ecb(), 1, 32, 1); + HANDLE_EVP_CIPHER_KEYLEN("TripleDES", EVP_des_ede3_ecb(), 16, 24, 8); + HANDLE_EVP_CIPHER("DES", EVP_des_ecb()); + HANDLE_EVP_CIPHER("AES-128", EVP_aes_128_ecb()); + HANDLE_EVP_CIPHER("AES-192", EVP_aes_192_ecb()); + HANDLE_EVP_CIPHER("AES-256", EVP_aes_256_ecb()); + +#undef HANDLE_EVP_CIPHER +#undef HANDLE_EVP_CIPHER_KEYLEN + + return 0; + } + +} diff --git a/src/engine/openssl/ossl_md.cpp b/src/engine/openssl/ossl_md.cpp new file mode 100644 index 000000000..8e24c7213 --- /dev/null +++ b/src/engine/openssl/ossl_md.cpp @@ -0,0 +1,121 @@ +/************************************************* +* OpenSSL Hash Functions Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/eng_ossl.h> +#include <botan/parsing.h> +#include <botan/libstate.h> +#include <openssl/evp.h> + +namespace Botan { + +namespace { + +/************************************************* +* EVP Hash Function * +*************************************************/ +class EVP_HashFunction : public HashFunction + { + public: + void clear() throw(); + std::string name() const { return algo_name; } + HashFunction* clone() const; + EVP_HashFunction(const EVP_MD*, const std::string&); + ~EVP_HashFunction(); + private: + void add_data(const byte[], u32bit); + void final_result(byte[]); + + std::string algo_name; + EVP_MD_CTX md; + }; + +/************************************************* +* Update an EVP Hash Calculation * +*************************************************/ +void EVP_HashFunction::add_data(const byte input[], u32bit length) + { + EVP_DigestUpdate(&md, input, length); + } + +/************************************************* +* Finalize an EVP Hash Calculation * +*************************************************/ +void EVP_HashFunction::final_result(byte output[]) + { + EVP_DigestFinal_ex(&md, output, 0); + const EVP_MD* algo = EVP_MD_CTX_md(&md); + EVP_DigestInit_ex(&md, algo, 0); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void EVP_HashFunction::clear() throw() + { + const EVP_MD* algo = EVP_MD_CTX_md(&md); + EVP_DigestInit_ex(&md, algo, 0); + } + +/************************************************* +* Return a clone of this object * +*************************************************/ +HashFunction* EVP_HashFunction::clone() const + { + const EVP_MD* algo = EVP_MD_CTX_md(&md); + return new EVP_HashFunction(algo, name()); + } + +/************************************************* +* Create an EVP hash function * +*************************************************/ +EVP_HashFunction::EVP_HashFunction(const EVP_MD* algo, + const std::string& name) : + HashFunction(EVP_MD_size(algo), EVP_MD_block_size(algo)), + algo_name(name) + { + EVP_MD_CTX_init(&md); + EVP_DigestInit_ex(&md, algo, 0); + } + +/************************************************* +* Destroy an EVP hash function * +*************************************************/ +EVP_HashFunction::~EVP_HashFunction() + { + EVP_MD_CTX_cleanup(&md); + } + +} + +/************************************************* +* Look for an algorithm with this name * +*************************************************/ +HashFunction* OpenSSL_Engine::find_hash(const std::string& algo_spec) const + { + std::vector<std::string> name = parse_algorithm_name(algo_spec); + if(name.size() == 0) + return 0; + const std::string algo_name = global_state().deref_alias(name[0]); + +#define HANDLE_EVP_MD(NAME, EVP) \ + if(algo_name == NAME) \ + { \ + if(name.size() == 1) \ + return new EVP_HashFunction(EVP, NAME); \ + throw Invalid_Algorithm_Name(algo_spec); \ + } + + HANDLE_EVP_MD("SHA-160", EVP_sha1()); + HANDLE_EVP_MD("MD2", EVP_md2()); + HANDLE_EVP_MD("MD4", EVP_md4()); + HANDLE_EVP_MD("MD5", EVP_md5()); + HANDLE_EVP_MD("RIPEMD-160", EVP_ripemd160()); + +#undef HANDLE_EVP_MD + + return 0; + } + +} diff --git a/src/engine/openssl/ossl_rc4.cpp b/src/engine/openssl/ossl_rc4.cpp new file mode 100644 index 000000000..eb8e9ded8 --- /dev/null +++ b/src/engine/openssl/ossl_rc4.cpp @@ -0,0 +1,92 @@ +/************************************************* +* OpenSSL ARC4 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/eng_ossl.h> +#include <botan/parsing.h> +#include <botan/libstate.h> +#include <openssl/rc4.h> + +namespace Botan { + +namespace { + +/************************************************* +* OpenSSL ARC4 * +*************************************************/ +class OpenSSL_ARC4 : public StreamCipher + { + public: + void clear() throw() { std::memset(&state, 0, sizeof(state)); } + std::string name() const; + StreamCipher* clone() const { return new OpenSSL_ARC4(SKIP); } + OpenSSL_ARC4(u32bit s = 0) : StreamCipher(1, 32), SKIP(s) { clear(); } + ~OpenSSL_ARC4() { clear(); } + private: + void cipher(const byte[], byte[], u32bit); + void key(const byte[], u32bit); + + const u32bit SKIP; + RC4_KEY state; + }; + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string OpenSSL_ARC4::name() const + { + if(SKIP == 0) return "ARC4"; + if(SKIP == 256) return "MARK-4"; + else return "RC4_skip(" + to_string(SKIP) + ")"; + } + +/************************************************* +* ARC4 Key Schedule * +*************************************************/ +void OpenSSL_ARC4::key(const byte key[], u32bit length) + { + RC4_set_key(&state, length, key); + byte dummy = 0; + for(u32bit j = 0; j != SKIP; j++) + RC4(&state, 1, &dummy, &dummy); + } + +/************************************************* +* ARC4 Encryption * +*************************************************/ +void OpenSSL_ARC4::cipher(const byte in[], byte out[], u32bit length) + { + RC4(&state, length, in, out); + } + +} + +/************************************************* +* Look for an algorithm with this name * +*************************************************/ +StreamCipher* +OpenSSL_Engine::find_stream_cipher(const std::string& algo_spec) const + { + std::vector<std::string> name = parse_algorithm_name(algo_spec); + if(name.size() == 0) + return 0; + const std::string algo_name = global_state().deref_alias(name[0]); + +#define HANDLE_TYPE_ONE_U32BIT(NAME, TYPE, DEFAULT) \ + if(algo_name == NAME) \ + { \ + if(name.size() == 1) \ + return new TYPE(DEFAULT); \ + if(name.size() == 2) \ + return new TYPE(to_u32bit(name[1])); \ + throw Invalid_Algorithm_Name(algo_spec); \ + } + + HANDLE_TYPE_ONE_U32BIT("ARC4", OpenSSL_ARC4, 0); + HANDLE_TYPE_ONE_U32BIT("RC4_drop", OpenSSL_ARC4, 768); + + return 0; + } + +} diff --git a/src/entropy/beos_stats/es_beos.cpp b/src/entropy/beos_stats/es_beos.cpp new file mode 100644 index 000000000..80d5605d0 --- /dev/null +++ b/src/entropy/beos_stats/es_beos.cpp @@ -0,0 +1,65 @@ +/************************************************* +* BeOS EntropySource Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/es_beos.h> +#include <kernel/OS.h> +#include <kernel/image.h> +#include <interface/InterfaceDefs.h> + +namespace Botan { + +/************************************************* +* BeOS Fast Poll * +*************************************************/ +void BeOS_EntropySource::do_fast_poll() + { + system_info info_sys; + get_system_info(&info_sys); + add_bytes(&info_sys, sizeof(system_info)); + + key_info info_key; + get_key_info(&info_key); + add_bytes(&info_key, sizeof(key_info)); + + add_bytes(idle_time()); + } + +/************************************************* +* BeOS Slow Poll * +*************************************************/ +void BeOS_EntropySource::do_slow_poll() + { + team_info info_team; + int32 cookie_team = 0; + + while(get_next_team_info(&cookie_team, &info_team) == B_OK) + { + add_bytes(&info_team, sizeof(team_info)); + + team_id id = info_team.team; + int32 cookie = 0; + + thread_info info_thr; + while(get_next_thread_info(id, &cookie, &info_thr) == B_OK) + add_bytes(&info_thr, sizeof(thread_info)); + + cookie = 0; + image_info info_img; + while(get_next_image_info(id, &cookie, &info_img) == B_OK) + add_bytes(&info_img, sizeof(image_info)); + + cookie = 0; + sem_info info_sem; + while(get_next_sem_info(id, &cookie, &info_sem) == B_OK) + add_bytes(&info_sem, sizeof(sem_info)); + + cookie = 0; + area_info info_area; + while(get_next_area_info(id, &cookie, &info_area) == B_OK) + add_bytes(&info_area, sizeof(area_info)); + } + } + +} diff --git a/src/entropy/beos_stats/es_beos.h b/src/entropy/beos_stats/es_beos.h new file mode 100644 index 000000000..047939c8c --- /dev/null +++ b/src/entropy/beos_stats/es_beos.h @@ -0,0 +1,25 @@ +/************************************************* +* BeOS EntropySource Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ENTROPY_SRC_BEOS_H__ +#define BOTAN_ENTROPY_SRC_BEOS_H__ + +#include <botan/buf_es.h> + +namespace Botan { + +/************************************************* +* BeOS Entropy Source * +*************************************************/ +class BeOS_EntropySource : public Buffered_EntropySource + { + private: + void do_fast_poll(); + void do_slow_poll(); + }; + +} + +#endif diff --git a/src/entropy/beos_stats/modinfo.txt b/src/entropy/beos_stats/modinfo.txt new file mode 100644 index 000000000..a7e62cfb3 --- /dev/null +++ b/src/entropy/beos_stats/modinfo.txt @@ -0,0 +1,19 @@ +realname "BeOS Entropy Source" + +define ENTROPY_SRC_BEOS +modset beos + +load_on auto + +<add> +es_beos.h +es_beos.cpp +</add> + +<os> +beos +</os> + +<libs> +beos -> root,be +</libs> diff --git a/src/entropy/cryptoapi_rng/es_capi.cpp b/src/entropy/cryptoapi_rng/es_capi.cpp new file mode 100644 index 000000000..7d1e0e753 --- /dev/null +++ b/src/entropy/cryptoapi_rng/es_capi.cpp @@ -0,0 +1,87 @@ +/************************************************* +* Win32 CryptoAPI EntropySource Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/es_capi.h> +#include <botan/parsing.h> +#include <windows.h> +#include <wincrypt.h> + +namespace Botan { + +/************************************************* +* Gather Entropy from Win32 CAPI * +*************************************************/ +u32bit Win32_CAPI_EntropySource::slow_poll(byte output[], u32bit length) + { + + class CSP_Handle + { + public: + CSP_Handle(u64bit capi_provider) + { + valid = false; + DWORD prov_type = (DWORD)capi_provider; + + if(CryptAcquireContext(&handle, 0, 0, + prov_type, CRYPT_VERIFYCONTEXT)) + valid = true; + } + + ~CSP_Handle() + { + if(is_valid()) + CryptReleaseContext(handle, 0); + } + + void gen_random(byte out[], u32bit n) const + { + if(is_valid()) + CryptGenRandom(handle, n, out); + } + + bool is_valid() const { return valid; } + + HCRYPTPROV get_handle() const { return handle; } + private: + HCRYPTPROV handle; + bool valid; + }; + + + if(length > 64) + length = 64; + + for(u32bit j = 0; j != prov_types.size(); ++j) + { + CSP_Handle csp(prov_types[j]); + if(!csp.is_valid()) + continue; + + csp.gen_random(output, length); + break; + } + return length; + } + +/************************************************* +* Gather Entropy from Win32 CAPI * +*************************************************/ +Win32_CAPI_EntropySource::Win32_CAPI_EntropySource(const std::string& provs) + { + std::vector<std::string> capi_provs = split_on(provs, ':'); + + for(u32bit j = 0; j != capi_provs.size(); ++j) + { + if(capi_provs[j] == "RSA_FULL") prov_types.push_back(PROV_RSA_FULL); + if(capi_provs[j] == "INTEL_SEC") prov_types.push_back(PROV_INTEL_SEC); + if(capi_provs[j] == "FORTEZZA") prov_types.push_back(PROV_FORTEZZA); + if(capi_provs[j] == "RNG") prov_types.push_back(PROV_RNG); + } + + if(prov_types.size() == 0) + prov_types.push_back(PROV_RSA_FULL); + } + +} diff --git a/src/entropy/cryptoapi_rng/es_capi.h b/src/entropy/cryptoapi_rng/es_capi.h new file mode 100644 index 000000000..68e42cf9c --- /dev/null +++ b/src/entropy/cryptoapi_rng/es_capi.h @@ -0,0 +1,28 @@ +/************************************************* +* Win32 CAPI EntropySource Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ENTROPY_SRC_WIN32_CAPI_H__ +#define BOTAN_ENTROPY_SRC_WIN32_CAPI_H__ + +#include <botan/rng.h> +#include <vector> + +namespace Botan { + +/************************************************* +* Win32 CAPI Entropy Source * +*************************************************/ +class Win32_CAPI_EntropySource : public EntropySource + { + public: + u32bit slow_poll(byte[], u32bit); + Win32_CAPI_EntropySource(const std::string& = ""); + private: + std::vector<u64bit> prov_types; + }; + +} + +#endif diff --git a/src/entropy/cryptoapi_rng/modinfo.txt b/src/entropy/cryptoapi_rng/modinfo.txt new file mode 100644 index 000000000..40104664b --- /dev/null +++ b/src/entropy/cryptoapi_rng/modinfo.txt @@ -0,0 +1,21 @@ +realname "Win32 CryptoAPI Entropy Source" + +define ENTROPY_SRC_CAPI +load_on auto +modset win32 + +<add> +es_capi.h +es_capi.cpp +</add> + +# We'll just assume CAPI is there; this is OK except for 3.x, early versions +# of 95, and maybe NT 3.5 +<os> +windows +cygwin +</os> + +<libs> +windows -> advapi32 +</libs> diff --git a/src/entropy/dev_random/es_dev.cpp b/src/entropy/dev_random/es_dev.cpp new file mode 100644 index 000000000..310620716 --- /dev/null +++ b/src/entropy/dev_random/es_dev.cpp @@ -0,0 +1,112 @@ +/************************************************* +* Device EntropySource Source File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#include <botan/es_dev.h> +#include <sys/select.h> +#include <sys/stat.h> +#include <sys/types.h> +#include <sys/fcntl.h> +#include <unistd.h> + +namespace Botan { + +namespace { + +/************************************************* +* A class handling reading from a device * +*************************************************/ +class Device_Reader + { + public: + typedef int fd_type; + + Device_Reader(fd_type device_fd) : fd(device_fd) {} + ~Device_Reader() { if(fd > 0) { ::close(fd); } } + u32bit get(byte out[], u32bit length); + + static fd_type open(const std::string& pathname); + private: + fd_type fd; + }; + +/************************************************* +* Read from a device file * +*************************************************/ +u32bit Device_Reader::get(byte out[], u32bit length) + { + if(fd < 0) + return 0; + + if(fd >= FD_SETSIZE) + return 0; + + const u32bit READ_WAIT_MS = 10; + + fd_set read_set; + FD_ZERO(&read_set); + FD_SET(fd, &read_set); + + struct ::timeval timeout; + timeout.tv_sec = 0; + timeout.tv_usec = READ_WAIT_MS * 1000; + + if(::select(fd + 1, &read_set, 0, 0, &timeout) < 0) + return 0; + + if(!(FD_ISSET(fd, &read_set))) + return 0; + + const ssize_t got = ::read(fd, out, length); + if(got <= 0) + return 0; + + const u32bit ret = static_cast<u32bit>(got); + + if(ret > length) + return 0; + + return ret; + } + +/************************************************* +* Attempt to open a device * +*************************************************/ +int Device_Reader::open(const std::string& pathname) + { +#ifndef O_NONBLOCK + #define O_NONBLOCK 0 +#endif + +#ifndef O_NOCTTY + #define O_NOCTTY 0 +#endif + + const int flags = O_RDONLY | O_NONBLOCK | O_NOCTTY; + return ::open(pathname.c_str(), flags); + } + +} + +/************************************************* +* Gather entropy from a RNG device * +*************************************************/ +u32bit Device_EntropySource::slow_poll(byte output[], u32bit length) + { + u32bit read = 0; + + for(size_t j = 0; j != fsnames.size(); ++j) + { + Device_Reader reader(Device_Reader::open(fsnames[j])); + + read += reader.get(output + read, length - read); + + if(read == length) + break; + } + + return read; + } + +} diff --git a/src/entropy/dev_random/es_dev.h b/src/entropy/dev_random/es_dev.h new file mode 100644 index 000000000..21d28b9bb --- /dev/null +++ b/src/entropy/dev_random/es_dev.h @@ -0,0 +1,28 @@ +/************************************************* +* Device EntropySource Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ENTROPY_SRC_DEVICE_H__ +#define BOTAN_ENTROPY_SRC_DEVICE_H__ + +#include <botan/rng.h> +#include <vector> + +namespace Botan { + +/************************************************* +* Device Based Entropy Source * +*************************************************/ +class Device_EntropySource : public EntropySource + { + public: + Device_EntropySource(const std::vector<std::string>& fs) : fsnames(fs) {} + u32bit slow_poll(byte[], u32bit); + private: + std::vector<std::string> fsnames; + }; + +} + +#endif diff --git a/src/entropy/dev_random/modinfo.txt b/src/entropy/dev_random/modinfo.txt new file mode 100644 index 000000000..6622886af --- /dev/null +++ b/src/entropy/dev_random/modinfo.txt @@ -0,0 +1,27 @@ +realname "RNG Device Reader" + +define ENTROPY_SRC_DEVICE + +load_on auto +modset unix + +<add> +es_dev.h +es_dev.cpp +</add> + +<os> +aix +beos +cygwin +darwin +freebsd +hpux +irix +linux +netbsd +openbsd +qnx +solaris +tru64 +</os> diff --git a/src/entropy/egd/es_egd.cpp b/src/entropy/egd/es_egd.cpp new file mode 100644 index 000000000..da4aaf847 --- /dev/null +++ b/src/entropy/egd/es_egd.cpp @@ -0,0 +1,76 @@ +/************************************************* +* EGD EntropySource Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/es_egd.h> +#include <botan/bit_ops.h> +#include <botan/parsing.h> +#include <cstring> + +#include <sys/types.h> +#include <sys/socket.h> +#include <sys/un.h> +#include <unistd.h> + +#ifndef PF_LOCAL + #define PF_LOCAL PF_UNIX +#endif + +namespace Botan { + +/************************************************* +* Gather Entropy from EGD * +*************************************************/ +u32bit EGD_EntropySource::do_poll(byte output[], u32bit length, + const std::string& path) const + { + if(length > 128) + length = 128; + + sockaddr_un addr; + std::memset(&addr, 0, sizeof(addr)); + addr.sun_family = PF_LOCAL; + + if(sizeof(addr.sun_path) < path.length() + 1) + throw Exception("EGD_EntropySource: Socket path is too long"); + std::strcpy(addr.sun_path, path.c_str()); + + int fd = ::socket(addr.sun_family, SOCK_STREAM, 0); + if(fd == -1) return 0; + + int len = sizeof(addr.sun_family) + std::strlen(addr.sun_path) + 1; + if(::connect(fd, reinterpret_cast<struct ::sockaddr*>(&addr), len)) + { ::close(fd); return 0; } + + byte buffer[2]; + buffer[0] = 1; + buffer[1] = static_cast<byte>(length); + + if(::write(fd, buffer, 2) != 2) { ::close(fd); return 0; } + if(::read(fd, buffer, 1) != 1) { ::close(fd); return 0; } + + ssize_t count = ::read(fd, output, buffer[0]); + + if(count == -1) { close(fd); return 0; } + + ::close(fd); + + return count; + } + +/************************************************* +* Gather Entropy from EGD * +*************************************************/ +u32bit EGD_EntropySource::slow_poll(byte output[], u32bit length) + { + for(u32bit j = 0; j != paths.size(); j++) + { + u32bit got = do_poll(output, length, paths[j]); + if(got) + return got; + } + return 0; + } + +} diff --git a/src/entropy/egd/es_egd.h b/src/entropy/egd/es_egd.h new file mode 100644 index 000000000..ce6ba9521 --- /dev/null +++ b/src/entropy/egd/es_egd.h @@ -0,0 +1,30 @@ +/************************************************* +* EGD EntropySource Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ENTROPY_SRC_EGD_H__ +#define BOTAN_ENTROPY_SRC_EGD_H__ + +#include <botan/rng.h> +#include <string> +#include <vector> + +namespace Botan { + +/************************************************* +* EGD Entropy Source * +*************************************************/ +class EGD_EntropySource : public EntropySource + { + public: + u32bit slow_poll(byte[], u32bit); + EGD_EntropySource(const std::vector<std::string>& p) : paths(p) {} + private: + u32bit do_poll(byte[], u32bit, const std::string&) const; + const std::vector<std::string> paths; + }; + +} + +#endif diff --git a/src/entropy/egd/modinfo.txt b/src/entropy/egd/modinfo.txt new file mode 100644 index 000000000..6b34f395c --- /dev/null +++ b/src/entropy/egd/modinfo.txt @@ -0,0 +1,31 @@ +realname "EGD Entropy Source" + +define ENTROPY_SRC_EGD + +load_on auto +modset unix + +<add> +es_egd.h +es_egd.cpp +</add> + +<libs> +solaris -> socket +qnx -> socket +</libs> + +<os> +aix +cygwin +darwin +freebsd +hpux +irix +linux +netbsd +openbsd +qnx +solaris +tru64 +</os> diff --git a/src/entropy/proc_walk/es_ftw.cpp b/src/entropy/proc_walk/es_ftw.cpp new file mode 100644 index 000000000..ec11378f8 --- /dev/null +++ b/src/entropy/proc_walk/es_ftw.cpp @@ -0,0 +1,147 @@ +/************************************************* +* FTW EntropySource Source File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#include <botan/es_ftw.h> +#include <botan/util.h> +#include <cstring> +#include <deque> + +#ifndef _POSIX_C_SOURCE + #define _POSIX_C_SOURCE 199309 +#endif + +#include <sys/types.h> +#include <sys/stat.h> +#include <unistd.h> +#include <dirent.h> +#include <fcntl.h> + +namespace Botan { + +namespace { + +class Directory_Walker + { + public: + Directory_Walker(const std::string& root) { add_directory(root); } + ~Directory_Walker(); + + int next_fd(); + private: + void add_directory(const std::string&); + + std::deque<std::pair<DIR*, std::string> > dirs; + }; + +void Directory_Walker::add_directory(const std::string& dirname) + { + DIR* dir = ::opendir(dirname.c_str()); + if(dir) + dirs.push_back(std::make_pair(dir, dirname)); + } + +Directory_Walker::~Directory_Walker() + { + while(dirs.size()) + { + ::closedir(dirs[0].first); + dirs.pop_front(); + } + } + +int Directory_Walker::next_fd() + { + while(dirs.size()) + { + std::pair<DIR*, std::string> dirinfo = dirs[0]; + + struct dirent* entry = ::readdir(dirinfo.first); + + if(!entry) + { + ::closedir(dirinfo.first); + dirs.pop_front(); + continue; + } + + const std::string filename = entry->d_name; + + if(filename == "." || filename == "..") + continue; + + const std::string full_path = dirinfo.second + '/' + filename; + + struct stat stat_buf; + if(::lstat(full_path.c_str(), &stat_buf) == -1) + continue; + + if(S_ISDIR(stat_buf.st_mode)) + add_directory(full_path); + else if(S_ISREG(stat_buf.st_mode)) + { + int fd = ::open(full_path.c_str(), O_RDONLY | O_NOCTTY); + + if(fd > 0) + return fd; + } + } + + return -1; + } + +} + +/************************************************* +* FTW_EntropySource Constructor * +*************************************************/ +FTW_EntropySource::FTW_EntropySource(const std::string& p) : path(p) + { + } + +/************************************************* +* FTW Fast Poll * +*************************************************/ +void FTW_EntropySource::do_fast_poll() + { + poll(32*1024); + } + +/************************************************* +* FTW Slow Poll * +*************************************************/ +void FTW_EntropySource::do_slow_poll() + { + poll(256*1024); + } + +/************************************************* +* FTW Poll * +*************************************************/ +void FTW_EntropySource::poll(u32bit max_read) + { + Directory_Walker dir(path); + SecureVector<byte> read_buf(1024); + + u32bit read_so_far = 0; + while(read_so_far < max_read) + { + int fd = dir.next_fd(); + + if(fd == -1) + break; + + ssize_t got = ::read(fd, read_buf.begin(), read_buf.size()); + + if(got > 0) + { + add_bytes(read_buf, got); + read_so_far += got; + } + + ::close(fd); + } + } + +} diff --git a/src/entropy/proc_walk/es_ftw.h b/src/entropy/proc_walk/es_ftw.h new file mode 100644 index 000000000..a2229ff1f --- /dev/null +++ b/src/entropy/proc_walk/es_ftw.h @@ -0,0 +1,31 @@ +/************************************************* +* File Tree Walking EntropySource Header File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ENTROPY_SRC_FTW_H__ +#define BOTAN_ENTROPY_SRC_FTW_H__ + +#include <botan/buf_es.h> + +namespace Botan { + +/************************************************* +* File Tree Walking Entropy Source * +*************************************************/ +class FTW_EntropySource : public Buffered_EntropySource + { + public: + FTW_EntropySource(const std::string& root_dir); + private: + void do_fast_poll(); + void do_slow_poll(); + + void poll(u32bit max_read); + + const std::string path; + }; + +} + +#endif diff --git a/src/entropy/proc_walk/modinfo.txt b/src/entropy/proc_walk/modinfo.txt new file mode 100644 index 000000000..d932523fd --- /dev/null +++ b/src/entropy/proc_walk/modinfo.txt @@ -0,0 +1,29 @@ +realname "File Tree Walking Entropy Source" + +define ENTROPY_SRC_FTW + +load_on auto +modset unix + +<add> +es_ftw.h +es_ftw.cpp +</add> + +<os> +aix +cygwin +darwin +freebsd +hpux +irix +linux +openbsd +qnx +solaris +tru64 + +# Doesn't build on 2.0.2/x86 due to libc/libstdc++ header issues; no +# big deal since it has /dev/*random +#netbsd +</os> diff --git a/src/entropy/unix_procs/es_unix.cpp b/src/entropy/unix_procs/es_unix.cpp new file mode 100644 index 000000000..c503c20ae --- /dev/null +++ b/src/entropy/unix_procs/es_unix.cpp @@ -0,0 +1,112 @@ +/************************************************* +* Unix EntropySource Source File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#include <botan/es_unix.h> +#include <botan/unix_cmd.h> +#include <botan/parsing.h> +#include <algorithm> +#include <sys/time.h> +#include <sys/stat.h> +#include <sys/resource.h> +#include <unistd.h> + +namespace Botan { + +namespace { + +/************************************************* +* Sort ordering by priority * +*************************************************/ +bool Unix_Program_Cmp(const Unix_Program& a, const Unix_Program& b) + { return (a.priority < b.priority); } + +} + +/************************************************* +* Unix_EntropySource Constructor * +*************************************************/ +Unix_EntropySource::Unix_EntropySource(const std::vector<std::string>& path) : + PATH(path) + { + add_default_sources(sources); + } + +/************************************************* +* Add sources to the list * +*************************************************/ +void Unix_EntropySource::add_sources(const Unix_Program srcs[], u32bit count) + { + sources.insert(sources.end(), srcs, srcs + count); + std::sort(sources.begin(), sources.end(), Unix_Program_Cmp); + } + +/************************************************* +* Unix Fast Poll * +*************************************************/ +void Unix_EntropySource::do_fast_poll() + { + const char* STAT_TARGETS[] = { "/", "/tmp", ".", "..", 0 }; + + for(u32bit j = 0; STAT_TARGETS[j]; j++) + { + struct stat statbuf; + clear_mem(&statbuf, 1); + ::stat(STAT_TARGETS[j], &statbuf); + add_bytes(&statbuf, sizeof(statbuf)); + } + + add_bytes(::getpid()); + add_bytes(::getppid()); + + add_bytes(::getuid()); + add_bytes(::getgid()); + add_bytes(::geteuid()); + add_bytes(::getegid()); + + add_bytes(::getpgrp()); + add_bytes(::getsid(0)); + + struct ::rusage usage; + + clear_mem(&usage, 1); + ::getrusage(RUSAGE_SELF, &usage); + add_bytes(&usage, sizeof(usage)); + + ::getrusage(RUSAGE_CHILDREN, &usage); + add_bytes(&usage, sizeof(usage)); + } + +/************************************************* +* Unix Slow Poll * +*************************************************/ +void Unix_EntropySource::do_slow_poll() + { + const u32bit TRY_TO_GET = 16 * 1024; + const u32bit MINIMAL_WORKING = 32; + + u32bit got = 0; + for(u32bit j = 0; j != sources.size(); j++) + { + DataSource_Command pipe(sources[j].name_and_args, PATH); + SecureVector<byte> buffer(DEFAULT_BUFFERSIZE); + + u32bit got_from_src = 0; + + while(!pipe.end_of_data()) + { + u32bit this_loop = pipe.read(buffer, buffer.size()); + add_bytes(buffer, this_loop); + got_from_src += this_loop; + } + + sources[j].working = (got_from_src >= MINIMAL_WORKING) ? true : false; + got += got_from_src; + + if(got >= TRY_TO_GET) + break; + } + } + +} diff --git a/src/entropy/unix_procs/es_unix.h b/src/entropy/unix_procs/es_unix.h new file mode 100644 index 000000000..d1b1d623e --- /dev/null +++ b/src/entropy/unix_procs/es_unix.h @@ -0,0 +1,35 @@ +/************************************************* +* Unix EntropySource Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ENTROPY_SRC_UNIX_H__ +#define BOTAN_ENTROPY_SRC_UNIX_H__ + +#include <botan/buf_es.h> +#include <botan/unix_cmd.h> +#include <vector> + +namespace Botan { + +/************************************************* +* Unix Entropy Source * +*************************************************/ +class Unix_EntropySource : public Buffered_EntropySource + { + public: + void add_sources(const Unix_Program[], u32bit); + Unix_EntropySource(const std::vector<std::string>& path); + private: + static void add_default_sources(std::vector<Unix_Program>&); + + void do_fast_poll(); + void do_slow_poll(); + + const std::vector<std::string> PATH; + std::vector<Unix_Program> sources; + }; + +} + +#endif diff --git a/src/entropy/unix_procs/modinfo.txt b/src/entropy/unix_procs/modinfo.txt new file mode 100644 index 000000000..f16e21289 --- /dev/null +++ b/src/entropy/unix_procs/modinfo.txt @@ -0,0 +1,29 @@ +realname "Generic Unix Entropy Source" + +define ENTROPY_SRC_UNIX +modset unix,beos + +load_on auto + +<add> +es_unix.cpp +unix_src.cpp +unix_cmd.cpp +es_unix.h +unix_cmd.h +</add> + +<os> +aix +beos +cygwin +darwin +#freebsd +hpux +irix +linux +netbsd +qnx +solaris +tru64 +</os> diff --git a/src/entropy/unix_procs/unix_cmd.cpp b/src/entropy/unix_procs/unix_cmd.cpp new file mode 100644 index 000000000..32829b91b --- /dev/null +++ b/src/entropy/unix_procs/unix_cmd.cpp @@ -0,0 +1,240 @@ +/************************************************* +* Unix Command Execution Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef _XOPEN_SOURCE + #define _XOPEN_SOURCE 500 +#endif + +#ifndef _XOPEN_SOURCE_EXTENDED + #define _XOPEN_SOURCE_EXTENDED 1 +#endif + +#include <botan/unix_cmd.h> +#include <botan/parsing.h> +#include <sys/time.h> +#include <sys/types.h> +#include <sys/wait.h> +#include <stdlib.h> +#include <unistd.h> +#include <signal.h> + +namespace Botan { + +namespace { + +/************************************************* +* Attempt to execute the command * +************************************************/ +void do_exec(const std::vector<std::string>& arg_list, + const std::vector<std::string>& paths) + { + const u32bit args = arg_list.size() - 1; + + const char* arg1 = (args >= 1) ? arg_list[1].c_str() : 0; + const char* arg2 = (args >= 2) ? arg_list[2].c_str() : 0; + const char* arg3 = (args >= 3) ? arg_list[3].c_str() : 0; + const char* arg4 = (args >= 4) ? arg_list[4].c_str() : 0; + + for(u32bit j = 0; j != paths.size(); j++) + { + const std::string full_path = paths[j] + "/" + arg_list[0]; + const char* fsname = full_path.c_str(); + ::execl(fsname, fsname, arg1, arg2, arg3, arg4, NULL); + } + } + +} + +/************************************************* +* Local information about the pipe * +*************************************************/ +struct pipe_wrapper + { + int fd; + pid_t pid; + pipe_wrapper() { fd = -1; pid = 0; } + }; + +/************************************************* +* Read from the pipe * +*************************************************/ +u32bit DataSource_Command::read(byte buf[], u32bit length) + { + if(end_of_data()) + return 0; + + fd_set set; + FD_ZERO(&set); + FD_SET(pipe->fd, &set); + + struct ::timeval tv; + tv.tv_sec = 0; + tv.tv_usec = MAX_BLOCK_USECS; + + ssize_t got = 0; + if(::select(pipe->fd + 1, &set, 0, 0, &tv) == 1) + { + if(FD_ISSET(pipe->fd, &set)) + got = ::read(pipe->fd, buf, length); + } + + if(got <= 0) + { + shutdown_pipe(); + return 0; + } + + return static_cast<u32bit>(got); + } + +/************************************************* +* Peek at the pipe contents * +*************************************************/ +u32bit DataSource_Command::peek(byte[], u32bit, u32bit) const + { + if(end_of_data()) + throw Invalid_State("DataSource_Command: Cannot peek when out of data"); + throw Stream_IO_Error("Cannot peek/seek on a command pipe"); + } + +/************************************************* +* Check if we reached EOF * +*************************************************/ +bool DataSource_Command::end_of_data() const + { + return (pipe) ? false : true; + } + +/************************************************* +* Return the Unix file descriptor of the pipe * +*************************************************/ +int DataSource_Command::fd() const + { + if(!pipe) + return -1; + return pipe->fd; + } + +/************************************************* +* Return a human-readable ID for this stream * +*************************************************/ +std::string DataSource_Command::id() const + { + return "Unix command: " + arg_list[0]; + } + +/************************************************* +* Create the pipe * +*************************************************/ +void DataSource_Command::create_pipe(const std::vector<std::string>& paths) + { + bool found_something = false; + for(u32bit j = 0; j != paths.size(); j++) + { + const std::string full_path = paths[j] + "/" + arg_list[0]; + if(::access(full_path.c_str(), X_OK) == 0) + { + found_something = true; + break; + } + } + if(!found_something) + return; + + int pipe_fd[2]; + if(::pipe(pipe_fd) != 0) + return; + + pid_t pid = ::fork(); + + if(pid == -1) + { + ::close(pipe_fd[0]); + ::close(pipe_fd[1]); + } + else if(pid > 0) + { + pipe = new pipe_wrapper; + pipe->fd = pipe_fd[0]; + pipe->pid = pid; + ::close(pipe_fd[1]); + } + else + { + if(dup2(pipe_fd[1], STDOUT_FILENO) == -1) + ::exit(127); + if(close(pipe_fd[0]) != 0 || close(pipe_fd[1]) != 0) + ::exit(127); + if(close(STDERR_FILENO) != 0) + ::exit(127); + + do_exec(arg_list, paths); + ::exit(127); + } + } + +/************************************************* +* Shutdown the pipe * +*************************************************/ +void DataSource_Command::shutdown_pipe() + { + if(pipe) + { + pid_t reaped = waitpid(pipe->pid, 0, WNOHANG); + + if(reaped == 0) + { + kill(pipe->pid, SIGTERM); + + struct ::timeval tv; + tv.tv_sec = 0; + tv.tv_usec = KILL_WAIT; + select(0, 0, 0, 0, &tv); + + reaped = ::waitpid(pipe->pid, 0, WNOHANG); + + if(reaped == 0) + { + ::kill(pipe->pid, SIGKILL); + do + reaped = ::waitpid(pipe->pid, 0, 0); + while(reaped == -1); + } + } + + ::close(pipe->fd); + delete pipe; + pipe = 0; + } + } + +/************************************************* +* DataSource_Command Constructor * +*************************************************/ +DataSource_Command::DataSource_Command(const std::string& prog_and_args, + const std::vector<std::string>& paths) : + MAX_BLOCK_USECS(100000), KILL_WAIT(10000) + { + arg_list = split_on(prog_and_args, ' '); + + if(arg_list.size() == 0) + throw Invalid_Argument("DataSource_Command: No command given"); + if(arg_list.size() > 5) + throw Invalid_Argument("DataSource_Command: Too many args"); + + pipe = 0; + create_pipe(paths); + } + +/************************************************* +* DataSource_Command Destructor * +*************************************************/ +DataSource_Command::~DataSource_Command() + { + if(!end_of_data()) + shutdown_pipe(); + } + +} diff --git a/src/entropy/unix_procs/unix_cmd.h b/src/entropy/unix_procs/unix_cmd.h new file mode 100644 index 000000000..090dd8fdd --- /dev/null +++ b/src/entropy/unix_procs/unix_cmd.h @@ -0,0 +1,57 @@ +/************************************************* +* Unix Command Execution Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_UNIX_CMD_H__ +#define BOTAN_UNIX_CMD_H__ + +#include <botan/types.h> +#include <botan/data_src.h> +#include <string> +#include <vector> + +namespace Botan { + +/************************************************* +* Unix Program Info * +*************************************************/ +struct Unix_Program + { + Unix_Program(const char* n, u32bit p) + { name_and_args = n; priority = p; working = true; } + + std::string name_and_args; + u32bit priority; + bool working; + }; + +/************************************************* +* Command Output DataSource * +*************************************************/ +class DataSource_Command : public DataSource + { + public: + u32bit read(byte[], u32bit); + u32bit peek(byte[], u32bit, u32bit) const; + bool end_of_data() const; + std::string id() const; + + int fd() const; + + DataSource_Command(const std::string&, + const std::vector<std::string>& paths); + ~DataSource_Command(); + private: + void create_pipe(const std::vector<std::string>&); + void shutdown_pipe(); + + const u32bit MAX_BLOCK_USECS, KILL_WAIT; + + std::vector<std::string> arg_list; + struct pipe_wrapper* pipe; + }; + +} + +#endif diff --git a/src/entropy/unix_procs/unix_src.cpp b/src/entropy/unix_procs/unix_src.cpp new file mode 100644 index 000000000..9d44dbf4f --- /dev/null +++ b/src/entropy/unix_procs/unix_src.cpp @@ -0,0 +1,59 @@ +/************************************************* +* Program List for Unix_EntropySource * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/es_unix.h> + +namespace Botan { + +/************************************************* +* Default Commands for Entropy Gathering * +*************************************************/ +void Unix_EntropySource::add_default_sources(std::vector<Unix_Program>& srcs) + { + srcs.push_back(Unix_Program("vmstat", 1)); + srcs.push_back(Unix_Program("vmstat -s", 1)); + srcs.push_back(Unix_Program("pfstat", 1)); + srcs.push_back(Unix_Program("netstat -in", 1)); + + srcs.push_back(Unix_Program("iostat", 2)); + srcs.push_back(Unix_Program("mpstat", 2)); + srcs.push_back(Unix_Program("nfsstat", 2)); + srcs.push_back(Unix_Program("portstat", 2)); + srcs.push_back(Unix_Program("arp -a -n", 2)); + srcs.push_back(Unix_Program("ifconfig -a", 2)); + srcs.push_back(Unix_Program("pstat -T", 2)); + srcs.push_back(Unix_Program("pstat -s", 2)); + srcs.push_back(Unix_Program("uname -a", 2)); + srcs.push_back(Unix_Program("uptime", 2)); + srcs.push_back(Unix_Program("ipcs -a", 2)); + srcs.push_back(Unix_Program("procinfo -a", 2)); + + srcs.push_back(Unix_Program("sysinfo", 3)); + srcs.push_back(Unix_Program("listarea", 3)); + srcs.push_back(Unix_Program("listdev", 3)); + + srcs.push_back(Unix_Program("who", 3)); + srcs.push_back(Unix_Program("finger", 3)); + srcs.push_back(Unix_Program("netstat -s", 3)); + srcs.push_back(Unix_Program("netstat -an", 3)); + srcs.push_back(Unix_Program("ps -A", 3)); + srcs.push_back(Unix_Program("mailstats", 3)); + srcs.push_back(Unix_Program("rpcinfo -p localhost", 3)); + + srcs.push_back(Unix_Program("dmesg", 4)); + srcs.push_back(Unix_Program("ls -alni /tmp", 4)); + srcs.push_back(Unix_Program("ls -alni /proc", 4)); + srcs.push_back(Unix_Program("df -l", 4)); + srcs.push_back(Unix_Program("last -5", 4)); + srcs.push_back(Unix_Program("pstat -f", 4)); + + srcs.push_back(Unix_Program("ps aux", 5)); + srcs.push_back(Unix_Program("ps -elf", 5)); + + srcs.push_back(Unix_Program("sar -A", 6)); + srcs.push_back(Unix_Program("lsof", 6)); + } + +} diff --git a/src/entropy/win32_stats/es_win32.cpp b/src/entropy/win32_stats/es_win32.cpp new file mode 100644 index 000000000..febed59c0 --- /dev/null +++ b/src/entropy/win32_stats/es_win32.cpp @@ -0,0 +1,109 @@ +/************************************************* +* Win32 EntropySource Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/es_win32.h> +#include <windows.h> +#include <tlhelp32.h> + +namespace Botan { + +/************************************************* +* Win32 Slow Poll * +*************************************************/ +void Win32_EntropySource::do_slow_poll() + { + const u32bit MAX_ITEMS = 256; + + do_fast_poll(); + + HANDLE snapshot = CreateToolhelp32Snapshot(TH32CS_SNAPALL, 0); + +#define TOOLHELP32_ITER(DATA_TYPE, FUNC_FIRST, FUNC_NEXT) \ + { \ + u32bit items = 0; \ + DATA_TYPE info; \ + info.dwSize = sizeof(DATA_TYPE); \ + if(FUNC_FIRST(snapshot, &info)) \ + { \ + do \ + { \ + if(items++ > MAX_ITEMS) break; \ + add_bytes(&info, sizeof(info)); \ + } while(FUNC_NEXT(snapshot, &info)); \ + } \ + } + + TOOLHELP32_ITER(MODULEENTRY32, Module32First, Module32Next); + TOOLHELP32_ITER(PROCESSENTRY32, Process32First, Process32Next); + TOOLHELP32_ITER(THREADENTRY32, Thread32First, Thread32Next); + +#undef TOOLHELP32_ITER + + u32bit heap_lists_found = 0; + HEAPLIST32 heap_list; + heap_list.dwSize = sizeof(HEAPLIST32); + + const u32bit HEAP_LISTS_MAX = 32; + const u32bit HEAP_OBJS_PER_LIST = 128; + if(Heap32ListFirst(snapshot, &heap_list)) + { + do + { + add_bytes(&heap_list, sizeof(HEAPLIST32)); + + if(heap_lists_found++ > HEAP_LISTS_MAX) + break; + + u32bit heap_objs_found = 0; + HEAPENTRY32 heap_entry; + heap_entry.dwSize = sizeof(HEAPENTRY32); + if(Heap32First(&heap_entry, heap_list.th32ProcessID, + heap_list.th32HeapID)) + { + do + { + if(heap_objs_found++ > HEAP_OBJS_PER_LIST) + break; + add_bytes(&heap_entry, sizeof(HEAPENTRY32)); + } while(Heap32Next(&heap_entry)); + } + } while(Heap32ListNext(snapshot, &heap_list)); + } + + CloseHandle(snapshot); + } + +/************************************************* +* Win32 Fast Poll * +*************************************************/ +void Win32_EntropySource::do_fast_poll() + { + add_bytes(GetTickCount()); + add_bytes(GetMessagePos()); + add_bytes(GetMessageTime()); + add_bytes(GetInputState()); + add_bytes(GetCurrentProcessId()); + add_bytes(GetCurrentThreadId()); + + SYSTEM_INFO sys_info; + GetSystemInfo(&sys_info); + add_bytes(&sys_info, sizeof(sys_info)); + + MEMORYSTATUS mem_info; + GlobalMemoryStatus(&mem_info); + add_bytes(&mem_info, sizeof(mem_info)); + + POINT point; + GetCursorPos(&point); + add_bytes(&point, sizeof(point)); + GetCaretPos(&point); + add_bytes(&point, sizeof(point)); + + LARGE_INTEGER perf_counter; + QueryPerformanceCounter(&perf_counter); + add_bytes(&perf_counter, sizeof(perf_counter)); + } + +} diff --git a/src/entropy/win32_stats/es_win32.h b/src/entropy/win32_stats/es_win32.h new file mode 100644 index 000000000..02558b335 --- /dev/null +++ b/src/entropy/win32_stats/es_win32.h @@ -0,0 +1,25 @@ +/************************************************* +* Win32 EntropySource Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ENTROPY_SRC_WIN32_H__ +#define BOTAN_ENTROPY_SRC_WIN32_H__ + +#include <botan/buf_es.h> + +namespace Botan { + +/************************************************* +* Win32 Entropy Source * +*************************************************/ +class Win32_EntropySource : public Buffered_EntropySource + { + private: + void do_fast_poll(); + void do_slow_poll(); + }; + +} + +#endif diff --git a/src/entropy/win32_stats/modinfo.txt b/src/entropy/win32_stats/modinfo.txt new file mode 100644 index 000000000..931760979 --- /dev/null +++ b/src/entropy/win32_stats/modinfo.txt @@ -0,0 +1,23 @@ +realname "Win32 Entropy Source" + +# Probably not much of an issue anymore +#note "This module will not run under NT4" + +define ENTROPY_SRC_WIN32 +modset win32 + +load_on auto + +<add> +es_win32.h +es_win32.cpp +</add> + +<os> +windows +cygwin +</os> + +<libs> +windows -> user32 +</libs> diff --git a/src/hash/fork256/fork256.cpp b/src/hash/fork256/fork256.cpp new file mode 100644 index 000000000..5ac779cab --- /dev/null +++ b/src/hash/fork256/fork256.cpp @@ -0,0 +1,143 @@ +/************************************************* +* FORK-256 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/fork256.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* FORK-256 Step Function * +*************************************************/ +inline void step(u32bit& A, u32bit& B, u32bit& C, u32bit& D, + u32bit& E, u32bit& F, u32bit& G, u32bit& H, + u32bit M1, u32bit M2, u32bit D1, u32bit D2) + { + u32bit T0, T1; + + A += M1; T0 = A + (rotate_left(A, 7) ^ rotate_left(A, 22)); + A += D1; T1 = A ^ (rotate_left(A, 13) + rotate_left(A, 27)); + + B = (B + T0) ^ T1; + C = (C + rotate_left(T0, 5)) ^ rotate_left(T1, 9); + D = (D + rotate_left(T0, 17)) ^ rotate_left(T1, 21); + + E += M2; T0 = E ^ (rotate_left(E, 13) + rotate_left(E, 27)); + E += D2; T1 = E + (rotate_left(E, 7) ^ rotate_left(E, 22)); + + F = (F + T0) ^ T1; + G = (G + rotate_left(T0, 9)) ^ rotate_left(T1, 5); + H = (H + rotate_left(T0, 21)) ^ rotate_left(T1, 17); + } + +} + +/************************************************* +* FORK-256 Compression Function * +*************************************************/ +void FORK_256::hash(const byte input[]) + { + const u32bit DELTA[16] = { + 0x428A2F98, 0x71374491, 0xB5C0FBCF, 0xE9B5DBA5, 0x3956C25B, 0x59F111F1, + 0x923F82A4, 0xAB1C5ED5, 0xD807AA98, 0x12835B01, 0x243185BE, 0x550C7DC3, + 0x72BE5D74, 0x80DEB1FE, 0x9BDC06A7, 0xC19BF174 + }; + + u32bit A1, B1, C1, D1, E1, F1, G1, H1; + u32bit A2, B2, C2, D2, E2, F2, G2, H2; + u32bit A3, B3, C3, D3, E3, F3, G3, H3; + u32bit A4, B4, C4, D4, E4, F4, G4, H4; + + A1 = A2 = A3 = A4 = digest[0]; + B1 = B2 = B3 = B4 = digest[1]; + C1 = C2 = C3 = C4 = digest[2]; + D1 = D2 = D3 = D4 = digest[3]; + E1 = E2 = E3 = E4 = digest[4]; + F1 = F2 = F3 = F4 = digest[5]; + G1 = G2 = G3 = G4 = digest[6]; + H1 = H2 = H3 = H4 = digest[7]; + + for(u32bit j = 0; j != 16; ++j) + M[j] = load_be<u32bit>(input, j); + + step(A1, B1, C1, D1, E1, F1, G1, H1, M[ 0], M[ 1], DELTA[ 0], DELTA[ 1]); + step(A2, B2, C2, D2, E2, F2, G2, H2, M[14], M[15], DELTA[15], DELTA[14]); + step(A3, B3, C3, D3, E3, F3, G3, H3, M[ 7], M[ 6], DELTA[ 1], DELTA[ 0]); + step(A4, B4, C4, D4, E4, F4, G4, H4, M[ 5], M[12], DELTA[14], DELTA[15]); + + step(H1, A1, B1, C1, D1, E1, F1, G1, M[ 2], M[ 3], DELTA[ 2], DELTA[ 3]); + step(H2, A2, B2, C2, D2, E2, F2, G2, M[11], M[ 9], DELTA[13], DELTA[12]); + step(H3, A3, B3, C3, D3, E3, F3, G3, M[10], M[14], DELTA[ 3], DELTA[ 2]); + step(H4, A4, B4, C4, D4, E4, F4, G4, M[ 1], M[ 8], DELTA[12], DELTA[13]); + + step(G1, H1, A1, B1, C1, D1, E1, F1, M[ 4], M[ 5], DELTA[ 4], DELTA[ 5]); + step(G2, H2, A2, B2, C2, D2, E2, F2, M[ 8], M[10], DELTA[11], DELTA[10]); + step(G3, H3, A3, B3, C3, D3, E3, F3, M[13], M[ 2], DELTA[ 5], DELTA[ 4]); + step(G4, H4, A4, B4, C4, D4, E4, F4, M[15], M[ 0], DELTA[10], DELTA[11]); + + step(F1, G1, H1, A1, B1, C1, D1, E1, M[ 6], M[ 7], DELTA[ 6], DELTA[ 7]); + step(F2, G2, H2, A2, B2, C2, D2, E2, M[ 3], M[ 4], DELTA[ 9], DELTA[ 8]); + step(F3, G3, H3, A3, B3, C3, D3, E3, M[ 9], M[12], DELTA[ 7], DELTA[ 6]); + step(F4, G4, H4, A4, B4, C4, D4, E4, M[13], M[11], DELTA[ 8], DELTA[ 9]); + + step(E1, F1, G1, H1, A1, B1, C1, D1, M[ 8], M[ 9], DELTA[ 8], DELTA[ 9]); + step(E2, F2, G2, H2, A2, B2, C2, D2, M[ 2], M[13], DELTA[ 7], DELTA[ 6]); + step(E3, F3, G3, H3, A3, B3, C3, D3, M[11], M[ 4], DELTA[ 9], DELTA[ 8]); + step(E4, F4, G4, H4, A4, B4, C4, D4, M[ 3], M[10], DELTA[ 6], DELTA[ 7]); + + step(D1, E1, F1, G1, H1, A1, B1, C1, M[10], M[11], DELTA[10], DELTA[11]); + step(D2, E2, F2, G2, H2, A2, B2, C2, M[ 0], M[ 5], DELTA[ 5], DELTA[ 4]); + step(D3, E3, F3, G3, H3, A3, B3, C3, M[15], M[ 8], DELTA[11], DELTA[10]); + step(D4, E4, F4, G4, H4, A4, B4, C4, M[ 9], M[ 2], DELTA[ 4], DELTA[ 5]); + + step(C1, D1, E1, F1, G1, H1, A1, B1, M[12], M[13], DELTA[12], DELTA[13]); + step(C2, D2, E2, F2, G2, H2, A2, B2, M[ 6], M[ 7], DELTA[ 3], DELTA[ 2]); + step(C3, D3, E3, F3, G3, H3, A3, B3, M[ 5], M[ 0], DELTA[13], DELTA[12]); + step(C4, D4, E4, F4, G4, H4, A4, B4, M[ 7], M[14], DELTA[ 2], DELTA[ 3]); + + step(B1, C1, D1, E1, F1, G1, H1, A1, M[14], M[15], DELTA[14], DELTA[15]); + step(B2, C2, D2, E2, F2, G2, H2, A2, M[12], M[ 1], DELTA[ 1], DELTA[ 0]); + step(B3, C3, D3, E3, F3, G3, H3, A3, M[ 1], M[ 3], DELTA[15], DELTA[14]); + step(B4, C4, D4, E4, F4, G4, H4, A4, M[ 4], M[ 6], DELTA[ 0], DELTA[ 1]); + + digest[0] += (A1 + A2) ^ (A3 + A4); + digest[1] += (B1 + B2) ^ (B3 + B4); + digest[2] += (C1 + C2) ^ (C3 + C4); + digest[3] += (D1 + D2) ^ (D3 + D4); + digest[4] += (E1 + E2) ^ (E3 + E4); + digest[5] += (F1 + F2) ^ (F3 + F4); + digest[6] += (G1 + G2) ^ (G3 + G4); + digest[7] += (H1 + H2) ^ (H3 + H4); + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void FORK_256::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; j += 4) + store_be(digest[j/4], output + j); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void FORK_256::clear() throw() + { + MDx_HashFunction::clear(); + digest[0] = 0x6A09E667; + digest[1] = 0xBB67AE85; + digest[2] = 0x3C6EF372; + digest[3] = 0xA54FF53A; + digest[4] = 0x510E527F; + digest[5] = 0x9B05688C; + digest[6] = 0x1F83D9AB; + digest[7] = 0x5BE0CD19; + } + +} diff --git a/src/hash/fork256/fork256.h b/src/hash/fork256/fork256.h new file mode 100644 index 000000000..8ad9c1f8d --- /dev/null +++ b/src/hash/fork256/fork256.h @@ -0,0 +1,33 @@ +/************************************************* +* FORK-256 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_FORK_256_H__ +#define BOTAN_FORK_256_H__ + +#include <botan/mdx_hash.h> + +namespace Botan { + +/************************************************* +* FORK-256 * +*************************************************/ +class BOTAN_DLL FORK_256 : public MDx_HashFunction + { + public: + void clear() throw(); + std::string name() const { return "FORK-256"; } + HashFunction* clone() const { return new FORK_256; } + FORK_256() : MDx_HashFunction(32, 64, true, true) { clear(); } + private: + void hash(const byte[]); + void copy_out(byte[]); + + SecureBuffer<u32bit, 8> digest; + SecureBuffer<u32bit, 16> M; + }; + +} + +#endif diff --git a/src/hash/fork256/modinfo.txt b/src/hash/fork256/modinfo.txt new file mode 100644 index 000000000..677834b63 --- /dev/null +++ b/src/hash/fork256/modinfo.txt @@ -0,0 +1,10 @@ +realname "FORK-256" + +define FORK_256 + +load_on auto + +<add> +fork256.cpp +fork256.h +</add> diff --git a/src/hash/has160/has160.cpp b/src/hash/has160/has160.cpp new file mode 100644 index 000000000..422e4916a --- /dev/null +++ b/src/hash/has160/has160.cpp @@ -0,0 +1,142 @@ +/************************************************* +* HAS-160 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/has160.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* HAS-160 F1 Function * +*************************************************/ +inline void F1(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E, + u32bit msg, u32bit rot) + { + E += rotate_left(A, rot) + (D ^ (B & (C ^ D))) + msg; + B = rotate_left(B, 10); + } + +/************************************************* +* HAS-160 F2 Function * +*************************************************/ +inline void F2(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E, + u32bit msg, u32bit rot) + { + E += rotate_left(A, rot) + (B ^ C ^ D) + msg + 0x5A827999; + B = rotate_left(B, 17); + } + +/************************************************* +* HAS-160 F3 Function * +*************************************************/ +inline void F3(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E, + u32bit msg, u32bit rot) + { + E += rotate_left(A, rot) + (C ^ (B | ~D)) + msg + 0x6ED9EBA1; + B = rotate_left(B, 25); + } + +/************************************************* +* HAS-160 F4 Function * +*************************************************/ +inline void F4(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E, + u32bit msg, u32bit rot) + { + E += rotate_left(A, rot) + (B ^ C ^ D) + msg + 0x8F1BBCDC; + B = rotate_left(B, 30); + } + +} + +/************************************************* +* HAS-160 Compression Function * +*************************************************/ +void HAS_160::hash(const byte input[]) + { + for(u32bit j = 0; j != 16; ++j) + X[j] = load_le<u32bit>(input, j); + + u32bit A = digest[0], B = digest[1], C = digest[2], + D = digest[3], E = digest[4]; + + X[16] = X[ 0] ^ X[ 1] ^ X[ 2] ^ X[ 3]; + X[17] = X[ 4] ^ X[ 5] ^ X[ 6] ^ X[ 7]; + X[18] = X[ 8] ^ X[ 9] ^ X[10] ^ X[11]; + X[19] = X[12] ^ X[13] ^ X[14] ^ X[15]; + F1(A,B,C,D,E,X[18], 5); F1(E,A,B,C,D,X[ 0],11); F1(D,E,A,B,C,X[ 1], 7); + F1(C,D,E,A,B,X[ 2],15); F1(B,C,D,E,A,X[ 3], 6); F1(A,B,C,D,E,X[19],13); + F1(E,A,B,C,D,X[ 4], 8); F1(D,E,A,B,C,X[ 5],14); F1(C,D,E,A,B,X[ 6], 7); + F1(B,C,D,E,A,X[ 7],12); F1(A,B,C,D,E,X[16], 9); F1(E,A,B,C,D,X[ 8],11); + F1(D,E,A,B,C,X[ 9], 8); F1(C,D,E,A,B,X[10],15); F1(B,C,D,E,A,X[11], 6); + F1(A,B,C,D,E,X[17],12); F1(E,A,B,C,D,X[12], 9); F1(D,E,A,B,C,X[13],14); + F1(C,D,E,A,B,X[14], 5); F1(B,C,D,E,A,X[15],13); + + X[16] = X[ 3] ^ X[ 6] ^ X[ 9] ^ X[12]; + X[17] = X[ 2] ^ X[ 5] ^ X[ 8] ^ X[15]; + X[18] = X[ 1] ^ X[ 4] ^ X[11] ^ X[14]; + X[19] = X[ 0] ^ X[ 7] ^ X[10] ^ X[13]; + F2(A,B,C,D,E,X[18], 5); F2(E,A,B,C,D,X[ 3],11); F2(D,E,A,B,C,X[ 6], 7); + F2(C,D,E,A,B,X[ 9],15); F2(B,C,D,E,A,X[12], 6); F2(A,B,C,D,E,X[19],13); + F2(E,A,B,C,D,X[15], 8); F2(D,E,A,B,C,X[ 2],14); F2(C,D,E,A,B,X[ 5], 7); + F2(B,C,D,E,A,X[ 8],12); F2(A,B,C,D,E,X[16], 9); F2(E,A,B,C,D,X[11],11); + F2(D,E,A,B,C,X[14], 8); F2(C,D,E,A,B,X[ 1],15); F2(B,C,D,E,A,X[ 4], 6); + F2(A,B,C,D,E,X[17],12); F2(E,A,B,C,D,X[ 7], 9); F2(D,E,A,B,C,X[10],14); + F2(C,D,E,A,B,X[13], 5); F2(B,C,D,E,A,X[ 0],13); + + X[16] = X[ 5] ^ X[ 7] ^ X[12] ^ X[14]; + X[17] = X[ 0] ^ X[ 2] ^ X[ 9] ^ X[11]; + X[18] = X[ 4] ^ X[ 6] ^ X[13] ^ X[15]; + X[19] = X[ 1] ^ X[ 3] ^ X[ 8] ^ X[10]; + F3(A,B,C,D,E,X[18], 5); F3(E,A,B,C,D,X[12],11); F3(D,E,A,B,C,X[ 5], 7); + F3(C,D,E,A,B,X[14],15); F3(B,C,D,E,A,X[ 7], 6); F3(A,B,C,D,E,X[19],13); + F3(E,A,B,C,D,X[ 0], 8); F3(D,E,A,B,C,X[ 9],14); F3(C,D,E,A,B,X[ 2], 7); + F3(B,C,D,E,A,X[11],12); F3(A,B,C,D,E,X[16], 9); F3(E,A,B,C,D,X[ 4],11); + F3(D,E,A,B,C,X[13], 8); F3(C,D,E,A,B,X[ 6],15); F3(B,C,D,E,A,X[15], 6); + F3(A,B,C,D,E,X[17],12); F3(E,A,B,C,D,X[ 8], 9); F3(D,E,A,B,C,X[ 1],14); + F3(C,D,E,A,B,X[10], 5); F3(B,C,D,E,A,X[ 3],13); + + X[16] = X[ 2] ^ X[ 7] ^ X[ 8] ^ X[13]; + X[17] = X[ 3] ^ X[ 4] ^ X[ 9] ^ X[14]; + X[18] = X[ 0] ^ X[ 5] ^ X[10] ^ X[15]; + X[19] = X[ 1] ^ X[ 6] ^ X[11] ^ X[12]; + F4(A,B,C,D,E,X[18], 5); F4(E,A,B,C,D,X[ 7],11); F4(D,E,A,B,C,X[ 2], 7); + F4(C,D,E,A,B,X[13],15); F4(B,C,D,E,A,X[ 8], 6); F4(A,B,C,D,E,X[19],13); + F4(E,A,B,C,D,X[ 3], 8); F4(D,E,A,B,C,X[14],14); F4(C,D,E,A,B,X[ 9], 7); + F4(B,C,D,E,A,X[ 4],12); F4(A,B,C,D,E,X[16], 9); F4(E,A,B,C,D,X[15],11); + F4(D,E,A,B,C,X[10], 8); F4(C,D,E,A,B,X[ 5],15); F4(B,C,D,E,A,X[ 0], 6); + F4(A,B,C,D,E,X[17],12); F4(E,A,B,C,D,X[11], 9); F4(D,E,A,B,C,X[ 6],14); + F4(C,D,E,A,B,X[ 1], 5); F4(B,C,D,E,A,X[12],13); + + digest[0] += A; digest[1] += B; digest[2] += C; + digest[3] += D; digest[4] += E; + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void HAS_160::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; j += 4) + store_le(digest[j/4], output + j); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void HAS_160::clear() throw() + { + MDx_HashFunction::clear(); + X.clear(); + digest[0] = 0x67452301; + digest[1] = 0xEFCDAB89; + digest[2] = 0x98BADCFE; + digest[3] = 0x10325476; + digest[4] = 0xC3D2E1F0; + } + +} diff --git a/src/hash/has160/has160.h b/src/hash/has160/has160.h new file mode 100644 index 000000000..9e35bfdca --- /dev/null +++ b/src/hash/has160/has160.h @@ -0,0 +1,33 @@ +/************************************************* +* HAS-160 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_HAS_160_H__ +#define BOTAN_HAS_160_H__ + +#include <botan/mdx_hash.h> + +namespace Botan { + +/************************************************* +* HAS-160 * +*************************************************/ +class BOTAN_DLL HAS_160 : public MDx_HashFunction + { + public: + void clear() throw(); + std::string name() const { return "HAS-160"; } + HashFunction* clone() const { return new HAS_160; } + HAS_160() : MDx_HashFunction(20, 64, false, true) { clear(); } + private: + void hash(const byte[]); + void copy_out(byte[]); + + SecureBuffer<u32bit, 20> X; + SecureBuffer<u32bit, 5> digest; + }; + +} + +#endif diff --git a/src/hash/has160/modinfo.txt b/src/hash/has160/modinfo.txt new file mode 100644 index 000000000..7574ba293 --- /dev/null +++ b/src/hash/has160/modinfo.txt @@ -0,0 +1,10 @@ +realname "HAS-160" + +define HAS_160 + +load_on auto + +<add> +has160.cpp +has160.h +</add> diff --git a/src/hash/md2/md2.cpp b/src/hash/md2/md2.cpp new file mode 100644 index 000000000..c609eda10 --- /dev/null +++ b/src/hash/md2/md2.cpp @@ -0,0 +1,106 @@ +/************************************************* +* MD2 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/md2.h> +#include <botan/xor_buf.h> + +namespace Botan { + +/************************************************* +* MD2 Compression Function * +*************************************************/ +void MD2::hash(const byte input[]) + { + static const byte SBOX[256] = { + 0x29, 0x2E, 0x43, 0xC9, 0xA2, 0xD8, 0x7C, 0x01, 0x3D, 0x36, 0x54, 0xA1, + 0xEC, 0xF0, 0x06, 0x13, 0x62, 0xA7, 0x05, 0xF3, 0xC0, 0xC7, 0x73, 0x8C, + 0x98, 0x93, 0x2B, 0xD9, 0xBC, 0x4C, 0x82, 0xCA, 0x1E, 0x9B, 0x57, 0x3C, + 0xFD, 0xD4, 0xE0, 0x16, 0x67, 0x42, 0x6F, 0x18, 0x8A, 0x17, 0xE5, 0x12, + 0xBE, 0x4E, 0xC4, 0xD6, 0xDA, 0x9E, 0xDE, 0x49, 0xA0, 0xFB, 0xF5, 0x8E, + 0xBB, 0x2F, 0xEE, 0x7A, 0xA9, 0x68, 0x79, 0x91, 0x15, 0xB2, 0x07, 0x3F, + 0x94, 0xC2, 0x10, 0x89, 0x0B, 0x22, 0x5F, 0x21, 0x80, 0x7F, 0x5D, 0x9A, + 0x5A, 0x90, 0x32, 0x27, 0x35, 0x3E, 0xCC, 0xE7, 0xBF, 0xF7, 0x97, 0x03, + 0xFF, 0x19, 0x30, 0xB3, 0x48, 0xA5, 0xB5, 0xD1, 0xD7, 0x5E, 0x92, 0x2A, + 0xAC, 0x56, 0xAA, 0xC6, 0x4F, 0xB8, 0x38, 0xD2, 0x96, 0xA4, 0x7D, 0xB6, + 0x76, 0xFC, 0x6B, 0xE2, 0x9C, 0x74, 0x04, 0xF1, 0x45, 0x9D, 0x70, 0x59, + 0x64, 0x71, 0x87, 0x20, 0x86, 0x5B, 0xCF, 0x65, 0xE6, 0x2D, 0xA8, 0x02, + 0x1B, 0x60, 0x25, 0xAD, 0xAE, 0xB0, 0xB9, 0xF6, 0x1C, 0x46, 0x61, 0x69, + 0x34, 0x40, 0x7E, 0x0F, 0x55, 0x47, 0xA3, 0x23, 0xDD, 0x51, 0xAF, 0x3A, + 0xC3, 0x5C, 0xF9, 0xCE, 0xBA, 0xC5, 0xEA, 0x26, 0x2C, 0x53, 0x0D, 0x6E, + 0x85, 0x28, 0x84, 0x09, 0xD3, 0xDF, 0xCD, 0xF4, 0x41, 0x81, 0x4D, 0x52, + 0x6A, 0xDC, 0x37, 0xC8, 0x6C, 0xC1, 0xAB, 0xFA, 0x24, 0xE1, 0x7B, 0x08, + 0x0C, 0xBD, 0xB1, 0x4A, 0x78, 0x88, 0x95, 0x8B, 0xE3, 0x63, 0xE8, 0x6D, + 0xE9, 0xCB, 0xD5, 0xFE, 0x3B, 0x00, 0x1D, 0x39, 0xF2, 0xEF, 0xB7, 0x0E, + 0x66, 0x58, 0xD0, 0xE4, 0xA6, 0x77, 0x72, 0xF8, 0xEB, 0x75, 0x4B, 0x0A, + 0x31, 0x44, 0x50, 0xB4, 0x8F, 0xED, 0x1F, 0x1A, 0xDB, 0x99, 0x8D, 0x33, + 0x9F, 0x11, 0x83, 0x14 }; + + X.copy(16, input, HASH_BLOCK_SIZE); + xor_buf(X + 32, X, X + 16, HASH_BLOCK_SIZE); + byte T = 0; + for(u32bit j = 0; j != 18; ++j) + { + for(u32bit k = 0; k != 48; k += 8) + { + T = X[k ] ^= SBOX[T]; T = X[k+1] ^= SBOX[T]; + T = X[k+2] ^= SBOX[T]; T = X[k+3] ^= SBOX[T]; + T = X[k+4] ^= SBOX[T]; T = X[k+5] ^= SBOX[T]; + T = X[k+6] ^= SBOX[T]; T = X[k+7] ^= SBOX[T]; + } + T += j; + } + T = checksum[15]; + for(u32bit j = 0; j != HASH_BLOCK_SIZE; ++j) + T = checksum[j] ^= SBOX[input[j] ^ T]; + } + +/************************************************* +* Update the hash * +*************************************************/ +void MD2::add_data(const byte input[], u32bit length) + { + buffer.copy(position, input, length); + if(position + length >= HASH_BLOCK_SIZE) + { + hash(buffer.begin()); + input += (HASH_BLOCK_SIZE - position); + length -= (HASH_BLOCK_SIZE - position); + while(length >= HASH_BLOCK_SIZE) + { + hash(input); + input += HASH_BLOCK_SIZE; + length -= HASH_BLOCK_SIZE; + } + buffer.copy(input, length); + position = 0; + } + position += length; + } + +/************************************************* +* Finalize a MD2 Hash * +*************************************************/ +void MD2::final_result(byte output[]) + { + for(u32bit j = position; j != HASH_BLOCK_SIZE; ++j) + buffer[j] = static_cast<byte>(HASH_BLOCK_SIZE - position); + hash(buffer); + hash(checksum); + copy_mem(output, X.begin(), OUTPUT_LENGTH); + clear(); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void MD2::clear() throw() + { + X.clear(); + checksum.clear(); + buffer.clear(); + position = 0; + } + +} diff --git a/src/hash/md2/md2.h b/src/hash/md2/md2.h new file mode 100644 index 000000000..2c53d1cf0 --- /dev/null +++ b/src/hash/md2/md2.h @@ -0,0 +1,35 @@ +/************************************************* +* MD2 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_MD2_H__ +#define BOTAN_MD2_H__ + +#include <botan/mdx_hash.h> + +namespace Botan { + +/************************************************* +* MD2 * +*************************************************/ +class BOTAN_DLL MD2 : public HashFunction + { + public: + void clear() throw(); + std::string name() const { return "MD2"; } + HashFunction* clone() const { return new MD2; } + MD2() : HashFunction(16, 16) { clear(); } + private: + void add_data(const byte[], u32bit); + void hash(const byte[]); + void final_result(byte[]); + + SecureBuffer<byte, 48> X; + SecureBuffer<byte, 16> checksum, buffer; + u32bit position; + }; + +} + +#endif diff --git a/src/hash/md2/modinfo.txt b/src/hash/md2/modinfo.txt new file mode 100644 index 000000000..ff33e1eb3 --- /dev/null +++ b/src/hash/md2/modinfo.txt @@ -0,0 +1,10 @@ +realname "MD2" + +define MD2 + +load_on auto + +<add> +md2.cpp +md2.h +</add> diff --git a/src/hash/md4/md4.cpp b/src/hash/md4/md4.cpp new file mode 100644 index 000000000..e2a18f424 --- /dev/null +++ b/src/hash/md4/md4.cpp @@ -0,0 +1,99 @@ +/************************************************* +* MD4 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/md4.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* MD4 FF Function * +*************************************************/ +inline void FF(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit M, byte S) + { + A += (D ^ (B & (C ^ D))) + M; + A = rotate_left(A, S); + } + +/************************************************* +* MD4 GG Function * +*************************************************/ +inline void GG(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit M, byte S) + { + A += ((B & C) | (D & (B | C))) + M + 0x5A827999; + A = rotate_left(A, S); + } + +/************************************************* +* MD4 HH Function * +*************************************************/ +inline void HH(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit M, byte S) + { + A += (B ^ C ^ D) + M + 0x6ED9EBA1; + A = rotate_left(A, S); + } + +} + +/************************************************* +* MD4 Compression Function * +*************************************************/ +void MD4::hash(const byte input[]) + { + for(u32bit j = 0; j != 16; ++j) + M[j] = load_le<u32bit>(input, j); + + u32bit A = digest[0], B = digest[1], C = digest[2], D = digest[3]; + + FF(A,B,C,D,M[ 0], 3); FF(D,A,B,C,M[ 1], 7); FF(C,D,A,B,M[ 2],11); + FF(B,C,D,A,M[ 3],19); FF(A,B,C,D,M[ 4], 3); FF(D,A,B,C,M[ 5], 7); + FF(C,D,A,B,M[ 6],11); FF(B,C,D,A,M[ 7],19); FF(A,B,C,D,M[ 8], 3); + FF(D,A,B,C,M[ 9], 7); FF(C,D,A,B,M[10],11); FF(B,C,D,A,M[11],19); + FF(A,B,C,D,M[12], 3); FF(D,A,B,C,M[13], 7); FF(C,D,A,B,M[14],11); + FF(B,C,D,A,M[15],19); + + GG(A,B,C,D,M[ 0], 3); GG(D,A,B,C,M[ 4], 5); GG(C,D,A,B,M[ 8], 9); + GG(B,C,D,A,M[12],13); GG(A,B,C,D,M[ 1], 3); GG(D,A,B,C,M[ 5], 5); + GG(C,D,A,B,M[ 9], 9); GG(B,C,D,A,M[13],13); GG(A,B,C,D,M[ 2], 3); + GG(D,A,B,C,M[ 6], 5); GG(C,D,A,B,M[10], 9); GG(B,C,D,A,M[14],13); + GG(A,B,C,D,M[ 3], 3); GG(D,A,B,C,M[ 7], 5); GG(C,D,A,B,M[11], 9); + GG(B,C,D,A,M[15],13); + + HH(A,B,C,D,M[ 0], 3); HH(D,A,B,C,M[ 8], 9); HH(C,D,A,B,M[ 4],11); + HH(B,C,D,A,M[12],15); HH(A,B,C,D,M[ 2], 3); HH(D,A,B,C,M[10], 9); + HH(C,D,A,B,M[ 6],11); HH(B,C,D,A,M[14],15); HH(A,B,C,D,M[ 1], 3); + HH(D,A,B,C,M[ 9], 9); HH(C,D,A,B,M[ 5],11); HH(B,C,D,A,M[13],15); + HH(A,B,C,D,M[ 3], 3); HH(D,A,B,C,M[11], 9); HH(C,D,A,B,M[ 7],11); + HH(B,C,D,A,M[15],15); + + digest[0] += A; digest[1] += B; digest[2] += C; digest[3] += D; + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void MD4::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; j += 4) + store_le(digest[j/4], output + j); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void MD4::clear() throw() + { + MDx_HashFunction::clear(); + M.clear(); + digest[0] = 0x67452301; + digest[1] = 0xEFCDAB89; + digest[2] = 0x98BADCFE; + digest[3] = 0x10325476; + } + +} diff --git a/src/hash/md4/md4.h b/src/hash/md4/md4.h new file mode 100644 index 000000000..4bb5e3903 --- /dev/null +++ b/src/hash/md4/md4.h @@ -0,0 +1,33 @@ +/************************************************* +* MD4 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_MD4_H__ +#define BOTAN_MD4_H__ + +#include <botan/mdx_hash.h> + +namespace Botan { + +/************************************************* +* MD4 * +*************************************************/ +class BOTAN_DLL MD4 : public MDx_HashFunction + { + public: + void clear() throw(); + std::string name() const { return "MD4"; } + HashFunction* clone() const { return new MD4; } + MD4() : MDx_HashFunction(16, 64, false, true) { clear(); } + private: + void hash(const byte[]); + void copy_out(byte[]); + + SecureBuffer<u32bit, 48> M; + SecureBuffer<u32bit, 4> digest; + }; + +} + +#endif diff --git a/src/hash/md4/modinfo.txt b/src/hash/md4/modinfo.txt new file mode 100644 index 000000000..6d32dbd90 --- /dev/null +++ b/src/hash/md4/modinfo.txt @@ -0,0 +1,10 @@ +realname "MD4" + +define MD4 + +load_on auto + +<add> +md4.cpp +md4.h +</add> diff --git a/src/hash/md5/md5.cpp b/src/hash/md5/md5.cpp new file mode 100644 index 000000000..2fd75f0fb --- /dev/null +++ b/src/hash/md5/md5.cpp @@ -0,0 +1,127 @@ +/************************************************* +* MD5 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/md5.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* MD5 FF Function * +*************************************************/ +inline void FF(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit msg, + byte S, u32bit magic) + { + A += (D ^ (B & (C ^ D))) + msg + magic; + A = rotate_left(A, S) + B; + } + +/************************************************* +* MD5 GG Function * +*************************************************/ +inline void GG(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit msg, + byte S, u32bit magic) + { + A += (C ^ (D & (B ^ C))) + msg + magic; + A = rotate_left(A, S) + B; + } + +/************************************************* +* MD5 HH Function * +*************************************************/ +inline void HH(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit msg, + byte S, u32bit magic) + { + A += (B ^ C ^ D) + msg + magic; + A = rotate_left(A, S) + B; + } + +/************************************************* +* MD5 II Function * +*************************************************/ +inline void II(u32bit& A, u32bit B, u32bit C, u32bit D, u32bit msg, + byte S, u32bit magic) + { + A += (C ^ (B | ~D)) + msg + magic; + A = rotate_left(A, S) + B; + } + +} + +/************************************************* +* MD5 Compression Function * +*************************************************/ +void MD5::hash(const byte input[]) + { + for(u32bit j = 0; j != 16; ++j) + M[j] = load_le<u32bit>(input, j); + + u32bit A = digest[0], B = digest[1], C = digest[2], D = digest[3]; + + FF(A,B,C,D,M[ 0], 7,0xD76AA478); FF(D,A,B,C,M[ 1],12,0xE8C7B756); + FF(C,D,A,B,M[ 2],17,0x242070DB); FF(B,C,D,A,M[ 3],22,0xC1BDCEEE); + FF(A,B,C,D,M[ 4], 7,0xF57C0FAF); FF(D,A,B,C,M[ 5],12,0x4787C62A); + FF(C,D,A,B,M[ 6],17,0xA8304613); FF(B,C,D,A,M[ 7],22,0xFD469501); + FF(A,B,C,D,M[ 8], 7,0x698098D8); FF(D,A,B,C,M[ 9],12,0x8B44F7AF); + FF(C,D,A,B,M[10],17,0xFFFF5BB1); FF(B,C,D,A,M[11],22,0x895CD7BE); + FF(A,B,C,D,M[12], 7,0x6B901122); FF(D,A,B,C,M[13],12,0xFD987193); + FF(C,D,A,B,M[14],17,0xA679438E); FF(B,C,D,A,M[15],22,0x49B40821); + + GG(A,B,C,D,M[ 1], 5,0xF61E2562); GG(D,A,B,C,M[ 6], 9,0xC040B340); + GG(C,D,A,B,M[11],14,0x265E5A51); GG(B,C,D,A,M[ 0],20,0xE9B6C7AA); + GG(A,B,C,D,M[ 5], 5,0xD62F105D); GG(D,A,B,C,M[10], 9,0x02441453); + GG(C,D,A,B,M[15],14,0xD8A1E681); GG(B,C,D,A,M[ 4],20,0xE7D3FBC8); + GG(A,B,C,D,M[ 9], 5,0x21E1CDE6); GG(D,A,B,C,M[14], 9,0xC33707D6); + GG(C,D,A,B,M[ 3],14,0xF4D50D87); GG(B,C,D,A,M[ 8],20,0x455A14ED); + GG(A,B,C,D,M[13], 5,0xA9E3E905); GG(D,A,B,C,M[ 2], 9,0xFCEFA3F8); + GG(C,D,A,B,M[ 7],14,0x676F02D9); GG(B,C,D,A,M[12],20,0x8D2A4C8A); + + HH(A,B,C,D,M[ 5], 4,0xFFFA3942); HH(D,A,B,C,M[ 8],11,0x8771F681); + HH(C,D,A,B,M[11],16,0x6D9D6122); HH(B,C,D,A,M[14],23,0xFDE5380C); + HH(A,B,C,D,M[ 1], 4,0xA4BEEA44); HH(D,A,B,C,M[ 4],11,0x4BDECFA9); + HH(C,D,A,B,M[ 7],16,0xF6BB4B60); HH(B,C,D,A,M[10],23,0xBEBFBC70); + HH(A,B,C,D,M[13], 4,0x289B7EC6); HH(D,A,B,C,M[ 0],11,0xEAA127FA); + HH(C,D,A,B,M[ 3],16,0xD4EF3085); HH(B,C,D,A,M[ 6],23,0x04881D05); + HH(A,B,C,D,M[ 9], 4,0xD9D4D039); HH(D,A,B,C,M[12],11,0xE6DB99E5); + HH(C,D,A,B,M[15],16,0x1FA27CF8); HH(B,C,D,A,M[ 2],23,0xC4AC5665); + + II(A,B,C,D,M[ 0], 6,0xF4292244); II(D,A,B,C,M[ 7],10,0x432AFF97); + II(C,D,A,B,M[14],15,0xAB9423A7); II(B,C,D,A,M[ 5],21,0xFC93A039); + II(A,B,C,D,M[12], 6,0x655B59C3); II(D,A,B,C,M[ 3],10,0x8F0CCC92); + II(C,D,A,B,M[10],15,0xFFEFF47D); II(B,C,D,A,M[ 1],21,0x85845DD1); + II(A,B,C,D,M[ 8], 6,0x6FA87E4F); II(D,A,B,C,M[15],10,0xFE2CE6E0); + II(C,D,A,B,M[ 6],15,0xA3014314); II(B,C,D,A,M[13],21,0x4E0811A1); + II(A,B,C,D,M[ 4], 6,0xF7537E82); II(D,A,B,C,M[11],10,0xBD3AF235); + II(C,D,A,B,M[ 2],15,0x2AD7D2BB); II(B,C,D,A,M[ 9],21,0xEB86D391); + + digest[0] += A; digest[1] += B; digest[2] += C; digest[3] += D; + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void MD5::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; j += 4) + store_le(digest[j/4], output + j); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void MD5::clear() throw() + { + MDx_HashFunction::clear(); + M.clear(); + digest[0] = 0x67452301; + digest[1] = 0xEFCDAB89; + digest[2] = 0x98BADCFE; + digest[3] = 0x10325476; + } + +} diff --git a/src/hash/md5/md5.h b/src/hash/md5/md5.h new file mode 100644 index 000000000..9634c526d --- /dev/null +++ b/src/hash/md5/md5.h @@ -0,0 +1,33 @@ +/************************************************* +* MD5 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_MD5_H__ +#define BOTAN_MD5_H__ + +#include <botan/mdx_hash.h> + +namespace Botan { + +/************************************************* +* MD5 * +*************************************************/ +class BOTAN_DLL MD5 : public MDx_HashFunction + { + public: + void clear() throw(); + std::string name() const { return "MD5"; } + HashFunction* clone() const { return new MD5; } + MD5() : MDx_HashFunction(16, 64, false, true) { clear(); } + private: + void hash(const byte[]); + void copy_out(byte[]); + + SecureBuffer<u32bit, 16> M; + SecureBuffer<u32bit, 4> digest; + }; + +} + +#endif diff --git a/src/hash/md5/modinfo.txt b/src/hash/md5/modinfo.txt new file mode 100644 index 000000000..fb17add4a --- /dev/null +++ b/src/hash/md5/modinfo.txt @@ -0,0 +1,10 @@ +realname "MD5" + +define MD5 + +load_on auto + +<add> +md5.cpp +md5.h +</add> diff --git a/src/hash/rmd128/modinfo.txt b/src/hash/rmd128/modinfo.txt new file mode 100644 index 000000000..9be80268b --- /dev/null +++ b/src/hash/rmd128/modinfo.txt @@ -0,0 +1,10 @@ +realname "RIPEMD-128" + +define RIPEMD_128 + +load_on auto + +<add> +rmd128.cpp +rmd128.h +</add> diff --git a/src/hash/rmd128/rmd128.cpp b/src/hash/rmd128/rmd128.cpp new file mode 100644 index 000000000..4c33350b6 --- /dev/null +++ b/src/hash/rmd128/rmd128.cpp @@ -0,0 +1,166 @@ +/************************************************* +* RIPEMD-128 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/rmd128.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* RIPEMD-128 F1 Function * +*************************************************/ +inline void F1(u32bit& A, u32bit B, u32bit C, u32bit D, + u32bit msg, u32bit shift) + { + A += (B ^ C ^ D) + msg; + A = rotate_left(A, shift); + } + +/************************************************* +* RIPEMD-128 F2 Function * +*************************************************/ +inline void F2(u32bit& A, u32bit B, u32bit C, u32bit D, + u32bit msg, u32bit shift, u32bit magic) + { + A += (D ^ (B & (C ^ D))) + msg + magic; + A = rotate_left(A, shift); + } + +/************************************************* +* RIPEMD-128 F3 Function * +*************************************************/ +inline void F3(u32bit& A, u32bit B, u32bit C, u32bit D, + u32bit msg, u32bit shift, u32bit magic) + { + A += (D ^ (B | ~C)) + msg + magic; + A = rotate_left(A, shift); + } + +/************************************************* +* RIPEMD-128 F4 Function * +*************************************************/ +inline void F4(u32bit& A, u32bit B, u32bit C, u32bit D, + u32bit msg, u32bit shift, u32bit magic) + { + A += (C ^ (D & (B ^ C))) + msg + magic; + A = rotate_left(A, shift); + } + +} + +/************************************************* +* RIPEMD-128 Compression Function * +*************************************************/ +void RIPEMD_128::hash(const byte input[]) + { + for(u32bit j = 0; j != 16; ++j) + M[j] = load_le<u32bit>(input, j); + + u32bit A1 = digest[0], A2 = A1, B1 = digest[1], B2 = B1, + C1 = digest[2], C2 = C1, D1 = digest[3], D2 = D1; + + const u32bit MAGIC2 = 0x5A827999, MAGIC3 = 0x6ED9EBA1, + MAGIC4 = 0x8F1BBCDC, MAGIC5 = 0x50A28BE6, + MAGIC6 = 0x5C4DD124, MAGIC7 = 0x6D703EF3; + + F1(A1,B1,C1,D1,M[ 0],11 ); F4(A2,B2,C2,D2,M[ 5], 8,MAGIC5); + F1(D1,A1,B1,C1,M[ 1],14 ); F4(D2,A2,B2,C2,M[14], 9,MAGIC5); + F1(C1,D1,A1,B1,M[ 2],15 ); F4(C2,D2,A2,B2,M[ 7], 9,MAGIC5); + F1(B1,C1,D1,A1,M[ 3],12 ); F4(B2,C2,D2,A2,M[ 0],11,MAGIC5); + F1(A1,B1,C1,D1,M[ 4], 5 ); F4(A2,B2,C2,D2,M[ 9],13,MAGIC5); + F1(D1,A1,B1,C1,M[ 5], 8 ); F4(D2,A2,B2,C2,M[ 2],15,MAGIC5); + F1(C1,D1,A1,B1,M[ 6], 7 ); F4(C2,D2,A2,B2,M[11],15,MAGIC5); + F1(B1,C1,D1,A1,M[ 7], 9 ); F4(B2,C2,D2,A2,M[ 4], 5,MAGIC5); + F1(A1,B1,C1,D1,M[ 8],11 ); F4(A2,B2,C2,D2,M[13], 7,MAGIC5); + F1(D1,A1,B1,C1,M[ 9],13 ); F4(D2,A2,B2,C2,M[ 6], 7,MAGIC5); + F1(C1,D1,A1,B1,M[10],14 ); F4(C2,D2,A2,B2,M[15], 8,MAGIC5); + F1(B1,C1,D1,A1,M[11],15 ); F4(B2,C2,D2,A2,M[ 8],11,MAGIC5); + F1(A1,B1,C1,D1,M[12], 6 ); F4(A2,B2,C2,D2,M[ 1],14,MAGIC5); + F1(D1,A1,B1,C1,M[13], 7 ); F4(D2,A2,B2,C2,M[10],14,MAGIC5); + F1(C1,D1,A1,B1,M[14], 9 ); F4(C2,D2,A2,B2,M[ 3],12,MAGIC5); + F1(B1,C1,D1,A1,M[15], 8 ); F4(B2,C2,D2,A2,M[12], 6,MAGIC5); + + F2(A1,B1,C1,D1,M[ 7], 7,MAGIC2); F3(A2,B2,C2,D2,M[ 6], 9,MAGIC6); + F2(D1,A1,B1,C1,M[ 4], 6,MAGIC2); F3(D2,A2,B2,C2,M[11],13,MAGIC6); + F2(C1,D1,A1,B1,M[13], 8,MAGIC2); F3(C2,D2,A2,B2,M[ 3],15,MAGIC6); + F2(B1,C1,D1,A1,M[ 1],13,MAGIC2); F3(B2,C2,D2,A2,M[ 7], 7,MAGIC6); + F2(A1,B1,C1,D1,M[10],11,MAGIC2); F3(A2,B2,C2,D2,M[ 0],12,MAGIC6); + F2(D1,A1,B1,C1,M[ 6], 9,MAGIC2); F3(D2,A2,B2,C2,M[13], 8,MAGIC6); + F2(C1,D1,A1,B1,M[15], 7,MAGIC2); F3(C2,D2,A2,B2,M[ 5], 9,MAGIC6); + F2(B1,C1,D1,A1,M[ 3],15,MAGIC2); F3(B2,C2,D2,A2,M[10],11,MAGIC6); + F2(A1,B1,C1,D1,M[12], 7,MAGIC2); F3(A2,B2,C2,D2,M[14], 7,MAGIC6); + F2(D1,A1,B1,C1,M[ 0],12,MAGIC2); F3(D2,A2,B2,C2,M[15], 7,MAGIC6); + F2(C1,D1,A1,B1,M[ 9],15,MAGIC2); F3(C2,D2,A2,B2,M[ 8],12,MAGIC6); + F2(B1,C1,D1,A1,M[ 5], 9,MAGIC2); F3(B2,C2,D2,A2,M[12], 7,MAGIC6); + F2(A1,B1,C1,D1,M[ 2],11,MAGIC2); F3(A2,B2,C2,D2,M[ 4], 6,MAGIC6); + F2(D1,A1,B1,C1,M[14], 7,MAGIC2); F3(D2,A2,B2,C2,M[ 9],15,MAGIC6); + F2(C1,D1,A1,B1,M[11],13,MAGIC2); F3(C2,D2,A2,B2,M[ 1],13,MAGIC6); + F2(B1,C1,D1,A1,M[ 8],12,MAGIC2); F3(B2,C2,D2,A2,M[ 2],11,MAGIC6); + + F3(A1,B1,C1,D1,M[ 3],11,MAGIC3); F2(A2,B2,C2,D2,M[15], 9,MAGIC7); + F3(D1,A1,B1,C1,M[10],13,MAGIC3); F2(D2,A2,B2,C2,M[ 5], 7,MAGIC7); + F3(C1,D1,A1,B1,M[14], 6,MAGIC3); F2(C2,D2,A2,B2,M[ 1],15,MAGIC7); + F3(B1,C1,D1,A1,M[ 4], 7,MAGIC3); F2(B2,C2,D2,A2,M[ 3],11,MAGIC7); + F3(A1,B1,C1,D1,M[ 9],14,MAGIC3); F2(A2,B2,C2,D2,M[ 7], 8,MAGIC7); + F3(D1,A1,B1,C1,M[15], 9,MAGIC3); F2(D2,A2,B2,C2,M[14], 6,MAGIC7); + F3(C1,D1,A1,B1,M[ 8],13,MAGIC3); F2(C2,D2,A2,B2,M[ 6], 6,MAGIC7); + F3(B1,C1,D1,A1,M[ 1],15,MAGIC3); F2(B2,C2,D2,A2,M[ 9],14,MAGIC7); + F3(A1,B1,C1,D1,M[ 2],14,MAGIC3); F2(A2,B2,C2,D2,M[11],12,MAGIC7); + F3(D1,A1,B1,C1,M[ 7], 8,MAGIC3); F2(D2,A2,B2,C2,M[ 8],13,MAGIC7); + F3(C1,D1,A1,B1,M[ 0],13,MAGIC3); F2(C2,D2,A2,B2,M[12], 5,MAGIC7); + F3(B1,C1,D1,A1,M[ 6], 6,MAGIC3); F2(B2,C2,D2,A2,M[ 2],14,MAGIC7); + F3(A1,B1,C1,D1,M[13], 5,MAGIC3); F2(A2,B2,C2,D2,M[10],13,MAGIC7); + F3(D1,A1,B1,C1,M[11],12,MAGIC3); F2(D2,A2,B2,C2,M[ 0],13,MAGIC7); + F3(C1,D1,A1,B1,M[ 5], 7,MAGIC3); F2(C2,D2,A2,B2,M[ 4], 7,MAGIC7); + F3(B1,C1,D1,A1,M[12], 5,MAGIC3); F2(B2,C2,D2,A2,M[13], 5,MAGIC7); + + F4(A1,B1,C1,D1,M[ 1],11,MAGIC4); F1(A2,B2,C2,D2,M[ 8],15 ); + F4(D1,A1,B1,C1,M[ 9],12,MAGIC4); F1(D2,A2,B2,C2,M[ 6], 5 ); + F4(C1,D1,A1,B1,M[11],14,MAGIC4); F1(C2,D2,A2,B2,M[ 4], 8 ); + F4(B1,C1,D1,A1,M[10],15,MAGIC4); F1(B2,C2,D2,A2,M[ 1],11 ); + F4(A1,B1,C1,D1,M[ 0],14,MAGIC4); F1(A2,B2,C2,D2,M[ 3],14 ); + F4(D1,A1,B1,C1,M[ 8],15,MAGIC4); F1(D2,A2,B2,C2,M[11],14 ); + F4(C1,D1,A1,B1,M[12], 9,MAGIC4); F1(C2,D2,A2,B2,M[15], 6 ); + F4(B1,C1,D1,A1,M[ 4], 8,MAGIC4); F1(B2,C2,D2,A2,M[ 0],14 ); + F4(A1,B1,C1,D1,M[13], 9,MAGIC4); F1(A2,B2,C2,D2,M[ 5], 6 ); + F4(D1,A1,B1,C1,M[ 3],14,MAGIC4); F1(D2,A2,B2,C2,M[12], 9 ); + F4(C1,D1,A1,B1,M[ 7], 5,MAGIC4); F1(C2,D2,A2,B2,M[ 2],12 ); + F4(B1,C1,D1,A1,M[15], 6,MAGIC4); F1(B2,C2,D2,A2,M[13], 9 ); + F4(A1,B1,C1,D1,M[14], 8,MAGIC4); F1(A2,B2,C2,D2,M[ 9],12 ); + F4(D1,A1,B1,C1,M[ 5], 6,MAGIC4); F1(D2,A2,B2,C2,M[ 7], 5 ); + F4(C1,D1,A1,B1,M[ 6], 5,MAGIC4); F1(C2,D2,A2,B2,M[10],15 ); + F4(B1,C1,D1,A1,M[ 2],12,MAGIC4); F1(B2,C2,D2,A2,M[14], 8 ); + + D2 = digest[1] + C1 + D2; digest[1] = digest[2] + D1 + A2; + digest[2] = digest[3] + A1 + B2; digest[3] = digest[0] + B1 + C2; + digest[0] = D2; + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void RIPEMD_128::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; j += 4) + store_le(digest[j/4], output + j); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void RIPEMD_128::clear() throw() + { + MDx_HashFunction::clear(); + M.clear(); + digest[0] = 0x67452301; + digest[1] = 0xEFCDAB89; + digest[2] = 0x98BADCFE; + digest[3] = 0x10325476; + } + +} diff --git a/src/hash/rmd128/rmd128.h b/src/hash/rmd128/rmd128.h new file mode 100644 index 000000000..2cb98e516 --- /dev/null +++ b/src/hash/rmd128/rmd128.h @@ -0,0 +1,33 @@ +/************************************************* +* RIPEMD-128 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_RIPEMD_128_H__ +#define BOTAN_RIPEMD_128_H__ + +#include <botan/mdx_hash.h> + +namespace Botan { + +/************************************************* +* RIPEMD-128 * +*************************************************/ +class BOTAN_DLL RIPEMD_128 : public MDx_HashFunction + { + public: + void clear() throw(); + std::string name() const { return "RIPEMD-128"; } + HashFunction* clone() const { return new RIPEMD_128; } + RIPEMD_128() : MDx_HashFunction(16, 64, false, true) { clear(); } + private: + void hash(const byte[]); + void copy_out(byte[]); + + SecureBuffer<u32bit, 16> M; + SecureBuffer<u32bit, 4> digest; + }; + +} + +#endif diff --git a/src/hash/rmd160/modinfo.txt b/src/hash/rmd160/modinfo.txt new file mode 100644 index 000000000..11183b03e --- /dev/null +++ b/src/hash/rmd160/modinfo.txt @@ -0,0 +1,10 @@ +realname "RIPEMD-160" + +define RIPEMD_160 + +load_on auto + +<add> +rmd160.cpp +rmd160.h +</add> diff --git a/src/hash/rmd160/rmd160.cpp b/src/hash/rmd160/rmd160.cpp new file mode 100644 index 000000000..20c0ad4f1 --- /dev/null +++ b/src/hash/rmd160/rmd160.cpp @@ -0,0 +1,201 @@ +/************************************************* +* RIPEMD-160 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/rmd160.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* RIPEMD-160 F1 Function * +*************************************************/ +inline void F1(u32bit& A, u32bit B, u32bit& C, u32bit D, u32bit E, + u32bit msg, u32bit shift) + { + A += (B ^ C ^ D) + msg; + A = rotate_left(A, shift) + E; + C = rotate_left(C, 10); + } + +/************************************************* +* RIPEMD-160 F2 Function * +*************************************************/ +inline void F2(u32bit& A, u32bit B, u32bit& C, u32bit D, u32bit E, + u32bit msg, u32bit shift, u32bit magic) + { + A += (D ^ (B & (C ^ D))) + msg + magic; + A = rotate_left(A, shift) + E; + C = rotate_left(C, 10); + } + +/************************************************* +* RIPEMD-160 F3 Function * +*************************************************/ +inline void F3(u32bit& A, u32bit B, u32bit& C, u32bit D, u32bit E, + u32bit msg, u32bit shift, u32bit magic) + { + A += (D ^ (B | ~C)) + msg + magic; + A = rotate_left(A, shift) + E; + C = rotate_left(C, 10); + } + +/************************************************* +* RIPEMD-160 F4 Function * +*************************************************/ +inline void F4(u32bit& A, u32bit B, u32bit& C, u32bit D, u32bit E, + u32bit msg, u32bit shift, u32bit magic) + { + A += (C ^ (D & (B ^ C))) + msg + magic; + A = rotate_left(A, shift) + E; + C = rotate_left(C, 10); + } + +/************************************************* +* RIPEMD-160 F5 Function * +*************************************************/ +inline void F5(u32bit& A, u32bit B, u32bit& C, u32bit D, u32bit E, + u32bit msg, u32bit shift, u32bit magic) + { + A += (B ^ (C | ~D)) + msg + magic; + A = rotate_left(A, shift) + E; + C = rotate_left(C, 10); + } + +} + +/************************************************* +* RIPEMD-160 Compression Function * +*************************************************/ +void RIPEMD_160::hash(const byte input[]) + { + for(u32bit j = 0; j != 16; ++j) + M[j] = load_le<u32bit>(input, j); + + u32bit A1 = digest[0], A2 = A1, B1 = digest[1], B2 = B1, + C1 = digest[2], C2 = C1, D1 = digest[3], D2 = D1, + E1 = digest[4], E2 = E1; + + const u32bit MAGIC2 = 0x5A827999, MAGIC3 = 0x6ED9EBA1, + MAGIC4 = 0x8F1BBCDC, MAGIC5 = 0xA953FD4E, + MAGIC6 = 0x50A28BE6, MAGIC7 = 0x5C4DD124, + MAGIC8 = 0x6D703EF3, MAGIC9 = 0x7A6D76E9; + + F1(A1,B1,C1,D1,E1,M[ 0],11 ); F5(A2,B2,C2,D2,E2,M[ 5], 8,MAGIC6); + F1(E1,A1,B1,C1,D1,M[ 1],14 ); F5(E2,A2,B2,C2,D2,M[14], 9,MAGIC6); + F1(D1,E1,A1,B1,C1,M[ 2],15 ); F5(D2,E2,A2,B2,C2,M[ 7], 9,MAGIC6); + F1(C1,D1,E1,A1,B1,M[ 3],12 ); F5(C2,D2,E2,A2,B2,M[ 0],11,MAGIC6); + F1(B1,C1,D1,E1,A1,M[ 4], 5 ); F5(B2,C2,D2,E2,A2,M[ 9],13,MAGIC6); + F1(A1,B1,C1,D1,E1,M[ 5], 8 ); F5(A2,B2,C2,D2,E2,M[ 2],15,MAGIC6); + F1(E1,A1,B1,C1,D1,M[ 6], 7 ); F5(E2,A2,B2,C2,D2,M[11],15,MAGIC6); + F1(D1,E1,A1,B1,C1,M[ 7], 9 ); F5(D2,E2,A2,B2,C2,M[ 4], 5,MAGIC6); + F1(C1,D1,E1,A1,B1,M[ 8],11 ); F5(C2,D2,E2,A2,B2,M[13], 7,MAGIC6); + F1(B1,C1,D1,E1,A1,M[ 9],13 ); F5(B2,C2,D2,E2,A2,M[ 6], 7,MAGIC6); + F1(A1,B1,C1,D1,E1,M[10],14 ); F5(A2,B2,C2,D2,E2,M[15], 8,MAGIC6); + F1(E1,A1,B1,C1,D1,M[11],15 ); F5(E2,A2,B2,C2,D2,M[ 8],11,MAGIC6); + F1(D1,E1,A1,B1,C1,M[12], 6 ); F5(D2,E2,A2,B2,C2,M[ 1],14,MAGIC6); + F1(C1,D1,E1,A1,B1,M[13], 7 ); F5(C2,D2,E2,A2,B2,M[10],14,MAGIC6); + F1(B1,C1,D1,E1,A1,M[14], 9 ); F5(B2,C2,D2,E2,A2,M[ 3],12,MAGIC6); + F1(A1,B1,C1,D1,E1,M[15], 8 ); F5(A2,B2,C2,D2,E2,M[12], 6,MAGIC6); + + F2(E1,A1,B1,C1,D1,M[ 7], 7,MAGIC2); F4(E2,A2,B2,C2,D2,M[ 6], 9,MAGIC7); + F2(D1,E1,A1,B1,C1,M[ 4], 6,MAGIC2); F4(D2,E2,A2,B2,C2,M[11],13,MAGIC7); + F2(C1,D1,E1,A1,B1,M[13], 8,MAGIC2); F4(C2,D2,E2,A2,B2,M[ 3],15,MAGIC7); + F2(B1,C1,D1,E1,A1,M[ 1],13,MAGIC2); F4(B2,C2,D2,E2,A2,M[ 7], 7,MAGIC7); + F2(A1,B1,C1,D1,E1,M[10],11,MAGIC2); F4(A2,B2,C2,D2,E2,M[ 0],12,MAGIC7); + F2(E1,A1,B1,C1,D1,M[ 6], 9,MAGIC2); F4(E2,A2,B2,C2,D2,M[13], 8,MAGIC7); + F2(D1,E1,A1,B1,C1,M[15], 7,MAGIC2); F4(D2,E2,A2,B2,C2,M[ 5], 9,MAGIC7); + F2(C1,D1,E1,A1,B1,M[ 3],15,MAGIC2); F4(C2,D2,E2,A2,B2,M[10],11,MAGIC7); + F2(B1,C1,D1,E1,A1,M[12], 7,MAGIC2); F4(B2,C2,D2,E2,A2,M[14], 7,MAGIC7); + F2(A1,B1,C1,D1,E1,M[ 0],12,MAGIC2); F4(A2,B2,C2,D2,E2,M[15], 7,MAGIC7); + F2(E1,A1,B1,C1,D1,M[ 9],15,MAGIC2); F4(E2,A2,B2,C2,D2,M[ 8],12,MAGIC7); + F2(D1,E1,A1,B1,C1,M[ 5], 9,MAGIC2); F4(D2,E2,A2,B2,C2,M[12], 7,MAGIC7); + F2(C1,D1,E1,A1,B1,M[ 2],11,MAGIC2); F4(C2,D2,E2,A2,B2,M[ 4], 6,MAGIC7); + F2(B1,C1,D1,E1,A1,M[14], 7,MAGIC2); F4(B2,C2,D2,E2,A2,M[ 9],15,MAGIC7); + F2(A1,B1,C1,D1,E1,M[11],13,MAGIC2); F4(A2,B2,C2,D2,E2,M[ 1],13,MAGIC7); + F2(E1,A1,B1,C1,D1,M[ 8],12,MAGIC2); F4(E2,A2,B2,C2,D2,M[ 2],11,MAGIC7); + + F3(D1,E1,A1,B1,C1,M[ 3],11,MAGIC3); F3(D2,E2,A2,B2,C2,M[15], 9,MAGIC8); + F3(C1,D1,E1,A1,B1,M[10],13,MAGIC3); F3(C2,D2,E2,A2,B2,M[ 5], 7,MAGIC8); + F3(B1,C1,D1,E1,A1,M[14], 6,MAGIC3); F3(B2,C2,D2,E2,A2,M[ 1],15,MAGIC8); + F3(A1,B1,C1,D1,E1,M[ 4], 7,MAGIC3); F3(A2,B2,C2,D2,E2,M[ 3],11,MAGIC8); + F3(E1,A1,B1,C1,D1,M[ 9],14,MAGIC3); F3(E2,A2,B2,C2,D2,M[ 7], 8,MAGIC8); + F3(D1,E1,A1,B1,C1,M[15], 9,MAGIC3); F3(D2,E2,A2,B2,C2,M[14], 6,MAGIC8); + F3(C1,D1,E1,A1,B1,M[ 8],13,MAGIC3); F3(C2,D2,E2,A2,B2,M[ 6], 6,MAGIC8); + F3(B1,C1,D1,E1,A1,M[ 1],15,MAGIC3); F3(B2,C2,D2,E2,A2,M[ 9],14,MAGIC8); + F3(A1,B1,C1,D1,E1,M[ 2],14,MAGIC3); F3(A2,B2,C2,D2,E2,M[11],12,MAGIC8); + F3(E1,A1,B1,C1,D1,M[ 7], 8,MAGIC3); F3(E2,A2,B2,C2,D2,M[ 8],13,MAGIC8); + F3(D1,E1,A1,B1,C1,M[ 0],13,MAGIC3); F3(D2,E2,A2,B2,C2,M[12], 5,MAGIC8); + F3(C1,D1,E1,A1,B1,M[ 6], 6,MAGIC3); F3(C2,D2,E2,A2,B2,M[ 2],14,MAGIC8); + F3(B1,C1,D1,E1,A1,M[13], 5,MAGIC3); F3(B2,C2,D2,E2,A2,M[10],13,MAGIC8); + F3(A1,B1,C1,D1,E1,M[11],12,MAGIC3); F3(A2,B2,C2,D2,E2,M[ 0],13,MAGIC8); + F3(E1,A1,B1,C1,D1,M[ 5], 7,MAGIC3); F3(E2,A2,B2,C2,D2,M[ 4], 7,MAGIC8); + F3(D1,E1,A1,B1,C1,M[12], 5,MAGIC3); F3(D2,E2,A2,B2,C2,M[13], 5,MAGIC8); + + F4(C1,D1,E1,A1,B1,M[ 1],11,MAGIC4); F2(C2,D2,E2,A2,B2,M[ 8],15,MAGIC9); + F4(B1,C1,D1,E1,A1,M[ 9],12,MAGIC4); F2(B2,C2,D2,E2,A2,M[ 6], 5,MAGIC9); + F4(A1,B1,C1,D1,E1,M[11],14,MAGIC4); F2(A2,B2,C2,D2,E2,M[ 4], 8,MAGIC9); + F4(E1,A1,B1,C1,D1,M[10],15,MAGIC4); F2(E2,A2,B2,C2,D2,M[ 1],11,MAGIC9); + F4(D1,E1,A1,B1,C1,M[ 0],14,MAGIC4); F2(D2,E2,A2,B2,C2,M[ 3],14,MAGIC9); + F4(C1,D1,E1,A1,B1,M[ 8],15,MAGIC4); F2(C2,D2,E2,A2,B2,M[11],14,MAGIC9); + F4(B1,C1,D1,E1,A1,M[12], 9,MAGIC4); F2(B2,C2,D2,E2,A2,M[15], 6,MAGIC9); + F4(A1,B1,C1,D1,E1,M[ 4], 8,MAGIC4); F2(A2,B2,C2,D2,E2,M[ 0],14,MAGIC9); + F4(E1,A1,B1,C1,D1,M[13], 9,MAGIC4); F2(E2,A2,B2,C2,D2,M[ 5], 6,MAGIC9); + F4(D1,E1,A1,B1,C1,M[ 3],14,MAGIC4); F2(D2,E2,A2,B2,C2,M[12], 9,MAGIC9); + F4(C1,D1,E1,A1,B1,M[ 7], 5,MAGIC4); F2(C2,D2,E2,A2,B2,M[ 2],12,MAGIC9); + F4(B1,C1,D1,E1,A1,M[15], 6,MAGIC4); F2(B2,C2,D2,E2,A2,M[13], 9,MAGIC9); + F4(A1,B1,C1,D1,E1,M[14], 8,MAGIC4); F2(A2,B2,C2,D2,E2,M[ 9],12,MAGIC9); + F4(E1,A1,B1,C1,D1,M[ 5], 6,MAGIC4); F2(E2,A2,B2,C2,D2,M[ 7], 5,MAGIC9); + F4(D1,E1,A1,B1,C1,M[ 6], 5,MAGIC4); F2(D2,E2,A2,B2,C2,M[10],15,MAGIC9); + F4(C1,D1,E1,A1,B1,M[ 2],12,MAGIC4); F2(C2,D2,E2,A2,B2,M[14], 8,MAGIC9); + + F5(B1,C1,D1,E1,A1,M[ 4], 9,MAGIC5); F1(B2,C2,D2,E2,A2,M[12], 8 ); + F5(A1,B1,C1,D1,E1,M[ 0],15,MAGIC5); F1(A2,B2,C2,D2,E2,M[15], 5 ); + F5(E1,A1,B1,C1,D1,M[ 5], 5,MAGIC5); F1(E2,A2,B2,C2,D2,M[10],12 ); + F5(D1,E1,A1,B1,C1,M[ 9],11,MAGIC5); F1(D2,E2,A2,B2,C2,M[ 4], 9 ); + F5(C1,D1,E1,A1,B1,M[ 7], 6,MAGIC5); F1(C2,D2,E2,A2,B2,M[ 1],12 ); + F5(B1,C1,D1,E1,A1,M[12], 8,MAGIC5); F1(B2,C2,D2,E2,A2,M[ 5], 5 ); + F5(A1,B1,C1,D1,E1,M[ 2],13,MAGIC5); F1(A2,B2,C2,D2,E2,M[ 8],14 ); + F5(E1,A1,B1,C1,D1,M[10],12,MAGIC5); F1(E2,A2,B2,C2,D2,M[ 7], 6 ); + F5(D1,E1,A1,B1,C1,M[14], 5,MAGIC5); F1(D2,E2,A2,B2,C2,M[ 6], 8 ); + F5(C1,D1,E1,A1,B1,M[ 1],12,MAGIC5); F1(C2,D2,E2,A2,B2,M[ 2],13 ); + F5(B1,C1,D1,E1,A1,M[ 3],13,MAGIC5); F1(B2,C2,D2,E2,A2,M[13], 6 ); + F5(A1,B1,C1,D1,E1,M[ 8],14,MAGIC5); F1(A2,B2,C2,D2,E2,M[14], 5 ); + F5(E1,A1,B1,C1,D1,M[11],11,MAGIC5); F1(E2,A2,B2,C2,D2,M[ 0],15 ); + F5(D1,E1,A1,B1,C1,M[ 6], 8,MAGIC5); F1(D2,E2,A2,B2,C2,M[ 3],13 ); + F5(C1,D1,E1,A1,B1,M[15], 5,MAGIC5); F1(C2,D2,E2,A2,B2,M[ 9],11 ); + F5(B1,C1,D1,E1,A1,M[13], 6,MAGIC5); F1(B2,C2,D2,E2,A2,M[11],11 ); + + C1 = digest[1] + C1 + D2; digest[1] = digest[2] + D1 + E2; + digest[2] = digest[3] + E1 + A2; digest[3] = digest[4] + A1 + B2; + digest[4] = digest[0] + B1 + C2; digest[0] = C1; + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void RIPEMD_160::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; j += 4) + store_le(digest[j/4], output + j); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void RIPEMD_160::clear() throw() + { + MDx_HashFunction::clear(); + M.clear(); + digest[0] = 0x67452301; + digest[1] = 0xEFCDAB89; + digest[2] = 0x98BADCFE; + digest[3] = 0x10325476; + digest[4] = 0xC3D2E1F0; + } + +} diff --git a/src/hash/rmd160/rmd160.h b/src/hash/rmd160/rmd160.h new file mode 100644 index 000000000..0544f21cc --- /dev/null +++ b/src/hash/rmd160/rmd160.h @@ -0,0 +1,33 @@ +/************************************************* +* RIPEMD-160 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_RIPEMD_160_H__ +#define BOTAN_RIPEMD_160_H__ + +#include <botan/mdx_hash.h> + +namespace Botan { + +/************************************************* +* RIPEMD-160 * +*************************************************/ +class BOTAN_DLL RIPEMD_160 : public MDx_HashFunction + { + public: + void clear() throw(); + std::string name() const { return "RIPEMD-160"; } + HashFunction* clone() const { return new RIPEMD_160; } + RIPEMD_160() : MDx_HashFunction(20, 64, false, true) { clear(); } + private: + void hash(const byte[]); + void copy_out(byte[]); + + SecureBuffer<u32bit, 16> M; + SecureBuffer<u32bit, 5> digest; + }; + +} + +#endif diff --git a/src/hash/sha1/modinfo.txt b/src/hash/sha1/modinfo.txt new file mode 100644 index 000000000..38cea256c --- /dev/null +++ b/src/hash/sha1/modinfo.txt @@ -0,0 +1,10 @@ +realname "SHA-1" + +define SHA1 + +load_on auto + +<add> +sha160.cpp +sha160.h +</add> diff --git a/src/hash/sha1/sha160.cpp b/src/hash/sha1/sha160.cpp new file mode 100644 index 000000000..baafec1db --- /dev/null +++ b/src/hash/sha1/sha160.cpp @@ -0,0 +1,143 @@ +/************************************************* +* SHA-160 Source File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#include <botan/sha160.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* SHA-160 F1 Function * +*************************************************/ +inline void F1(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E, u32bit msg) + { + E += (D ^ (B & (C ^ D))) + msg + 0x5A827999 + rotate_left(A, 5); + B = rotate_left(B, 30); + } + +/************************************************* +* SHA-160 F2 Function * +*************************************************/ +inline void F2(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E, u32bit msg) + { + E += (B ^ C ^ D) + msg + 0x6ED9EBA1 + rotate_left(A, 5); + B = rotate_left(B, 30); + } + +/************************************************* +* SHA-160 F3 Function * +*************************************************/ +inline void F3(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E, u32bit msg) + { + E += ((B & C) | ((B | C) & D)) + msg + 0x8F1BBCDC + rotate_left(A, 5); + B = rotate_left(B, 30); + } + +/************************************************* +* SHA-160 F4 Function * +*************************************************/ +inline void F4(u32bit A, u32bit& B, u32bit C, u32bit D, u32bit& E, u32bit msg) + { + E += (B ^ C ^ D) + msg + 0xCA62C1D6 + rotate_left(A, 5); + B = rotate_left(B, 30); + } + +} + +/************************************************* +* SHA-160 Compression Function * +*************************************************/ +void SHA_160::hash(const byte input[]) + { + for(u32bit j = 0; j != 16; j += 4) + { + W[j ] = load_be<u32bit>(input, j); + W[j+1] = load_be<u32bit>(input, j+1); + W[j+2] = load_be<u32bit>(input, j+2); + W[j+3] = load_be<u32bit>(input, j+3); + } + + for(u32bit j = 16; j != 80; j += 4) + { + W[j ] = rotate_left((W[j-3] ^ W[j-8] ^ W[j-14] ^ W[j-16]), 1); + W[j+1] = rotate_left((W[j-2] ^ W[j-7] ^ W[j-13] ^ W[j-15]), 1); + W[j+2] = rotate_left((W[j-1] ^ W[j-6] ^ W[j-12] ^ W[j-14]), 1); + W[j+3] = rotate_left((W[j ] ^ W[j-5] ^ W[j-11] ^ W[j-13]), 1); + } + + u32bit A = digest[0], B = digest[1], C = digest[2], + D = digest[3], E = digest[4]; + + F1(A,B,C,D,E,W[ 0]); F1(E,A,B,C,D,W[ 1]); F1(D,E,A,B,C,W[ 2]); + F1(C,D,E,A,B,W[ 3]); F1(B,C,D,E,A,W[ 4]); F1(A,B,C,D,E,W[ 5]); + F1(E,A,B,C,D,W[ 6]); F1(D,E,A,B,C,W[ 7]); F1(C,D,E,A,B,W[ 8]); + F1(B,C,D,E,A,W[ 9]); F1(A,B,C,D,E,W[10]); F1(E,A,B,C,D,W[11]); + F1(D,E,A,B,C,W[12]); F1(C,D,E,A,B,W[13]); F1(B,C,D,E,A,W[14]); + F1(A,B,C,D,E,W[15]); F1(E,A,B,C,D,W[16]); F1(D,E,A,B,C,W[17]); + F1(C,D,E,A,B,W[18]); F1(B,C,D,E,A,W[19]); + + F2(A,B,C,D,E,W[20]); F2(E,A,B,C,D,W[21]); F2(D,E,A,B,C,W[22]); + F2(C,D,E,A,B,W[23]); F2(B,C,D,E,A,W[24]); F2(A,B,C,D,E,W[25]); + F2(E,A,B,C,D,W[26]); F2(D,E,A,B,C,W[27]); F2(C,D,E,A,B,W[28]); + F2(B,C,D,E,A,W[29]); F2(A,B,C,D,E,W[30]); F2(E,A,B,C,D,W[31]); + F2(D,E,A,B,C,W[32]); F2(C,D,E,A,B,W[33]); F2(B,C,D,E,A,W[34]); + F2(A,B,C,D,E,W[35]); F2(E,A,B,C,D,W[36]); F2(D,E,A,B,C,W[37]); + F2(C,D,E,A,B,W[38]); F2(B,C,D,E,A,W[39]); + + F3(A,B,C,D,E,W[40]); F3(E,A,B,C,D,W[41]); F3(D,E,A,B,C,W[42]); + F3(C,D,E,A,B,W[43]); F3(B,C,D,E,A,W[44]); F3(A,B,C,D,E,W[45]); + F3(E,A,B,C,D,W[46]); F3(D,E,A,B,C,W[47]); F3(C,D,E,A,B,W[48]); + F3(B,C,D,E,A,W[49]); F3(A,B,C,D,E,W[50]); F3(E,A,B,C,D,W[51]); + F3(D,E,A,B,C,W[52]); F3(C,D,E,A,B,W[53]); F3(B,C,D,E,A,W[54]); + F3(A,B,C,D,E,W[55]); F3(E,A,B,C,D,W[56]); F3(D,E,A,B,C,W[57]); + F3(C,D,E,A,B,W[58]); F3(B,C,D,E,A,W[59]); + + F4(A,B,C,D,E,W[60]); F4(E,A,B,C,D,W[61]); F4(D,E,A,B,C,W[62]); + F4(C,D,E,A,B,W[63]); F4(B,C,D,E,A,W[64]); F4(A,B,C,D,E,W[65]); + F4(E,A,B,C,D,W[66]); F4(D,E,A,B,C,W[67]); F4(C,D,E,A,B,W[68]); + F4(B,C,D,E,A,W[69]); F4(A,B,C,D,E,W[70]); F4(E,A,B,C,D,W[71]); + F4(D,E,A,B,C,W[72]); F4(C,D,E,A,B,W[73]); F4(B,C,D,E,A,W[74]); + F4(A,B,C,D,E,W[75]); F4(E,A,B,C,D,W[76]); F4(D,E,A,B,C,W[77]); + F4(C,D,E,A,B,W[78]); F4(B,C,D,E,A,W[79]); + + digest[0] += A; digest[1] += B; digest[2] += C; + digest[3] += D; digest[4] += E; + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void SHA_160::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; j += 4) + store_be(digest[j/4], output + j); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void SHA_160::clear() throw() + { + MDx_HashFunction::clear(); + W.clear(); + digest[0] = 0x67452301; + digest[1] = 0xEFCDAB89; + digest[2] = 0x98BADCFE; + digest[3] = 0x10325476; + digest[4] = 0xC3D2E1F0; + } + +/************************************************* +* SHA_160 Constructor * +*************************************************/ +SHA_160::SHA_160() : MDx_HashFunction(20, 64, true, true), W(80) + { + clear(); + } + +} diff --git a/src/hash/sha1/sha160.h b/src/hash/sha1/sha160.h new file mode 100644 index 000000000..022ab9514 --- /dev/null +++ b/src/hash/sha1/sha160.h @@ -0,0 +1,33 @@ +/************************************************* +* SHA-160 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_SHA_160_H__ +#define BOTAN_SHA_160_H__ + +#include <botan/mdx_hash.h> + +namespace Botan { + +/************************************************* +* SHA-160 * +*************************************************/ +class BOTAN_DLL SHA_160 : public MDx_HashFunction + { + public: + void clear() throw(); + std::string name() const { return "SHA-160"; } + HashFunction* clone() const { return new SHA_160; } + SHA_160(); + private: + void hash(const byte[]); + void copy_out(byte[]); + + SecureBuffer<u32bit, 5> digest; + SecureVector<u32bit> W; + }; + +} + +#endif diff --git a/src/hash/sha2/modinfo.txt b/src/hash/sha2/modinfo.txt new file mode 100644 index 000000000..c7dc29fac --- /dev/null +++ b/src/hash/sha2/modinfo.txt @@ -0,0 +1,12 @@ +realname "SHA-2 (256, 384, 512)" + +define SHA2 + +load_on auto + +<add> +sha256.cpp +sha256.h +sha_64.cpp +sha_64.h +</add> diff --git a/src/hash/sha2/sha256.cpp b/src/hash/sha2/sha256.cpp new file mode 100644 index 000000000..6031d177f --- /dev/null +++ b/src/hash/sha2/sha256.cpp @@ -0,0 +1,124 @@ +/************************************************* +* SHA-256 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/sha256.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* SHA-256 Rho Function * +*************************************************/ +inline u32bit rho(u32bit X, u32bit rot1, u32bit rot2, u32bit rot3) + { + return (rotate_right(X, rot1) ^ rotate_right(X, rot2) ^ + rotate_right(X, rot3)); + } + +/************************************************* +* SHA-256 Sigma Function * +*************************************************/ +inline u32bit sigma(u32bit X, u32bit rot1, u32bit rot2, u32bit shift) + { + return (rotate_right(X, rot1) ^ rotate_right(X, rot2) ^ (X >> shift)); + } + +/************************************************* +* SHA-256 F1 Function * +*************************************************/ +inline void F1(u32bit A, u32bit B, u32bit C, u32bit& D, + u32bit E, u32bit F, u32bit G, u32bit& H, + u32bit msg, u32bit magic) + { + magic += rho(E, 6, 11, 25) + ((E & F) ^ (~E & G)) + msg; + D += magic + H; + H += magic + rho(A, 2, 13, 22) + ((A & B) ^ (A & C) ^ (B & C)); + } + +} + +/************************************************* +* SHA-256 Compression Function * +*************************************************/ +void SHA_256::hash(const byte input[]) + { + for(u32bit j = 0; j != 16; ++j) + W[j] = load_be<u32bit>(input, j); + for(u32bit j = 16; j != 64; ++j) + W[j] = sigma(W[j- 2], 17, 19, 10) + W[j- 7] + + sigma(W[j-15], 7, 18, 3) + W[j-16]; + + u32bit A = digest[0], B = digest[1], C = digest[2], + D = digest[3], E = digest[4], F = digest[5], + G = digest[6], H = digest[7]; + + F1(A,B,C,D,E,F,G,H,W[ 0],0x428A2F98); F1(H,A,B,C,D,E,F,G,W[ 1],0x71374491); + F1(G,H,A,B,C,D,E,F,W[ 2],0xB5C0FBCF); F1(F,G,H,A,B,C,D,E,W[ 3],0xE9B5DBA5); + F1(E,F,G,H,A,B,C,D,W[ 4],0x3956C25B); F1(D,E,F,G,H,A,B,C,W[ 5],0x59F111F1); + F1(C,D,E,F,G,H,A,B,W[ 6],0x923F82A4); F1(B,C,D,E,F,G,H,A,W[ 7],0xAB1C5ED5); + F1(A,B,C,D,E,F,G,H,W[ 8],0xD807AA98); F1(H,A,B,C,D,E,F,G,W[ 9],0x12835B01); + F1(G,H,A,B,C,D,E,F,W[10],0x243185BE); F1(F,G,H,A,B,C,D,E,W[11],0x550C7DC3); + F1(E,F,G,H,A,B,C,D,W[12],0x72BE5D74); F1(D,E,F,G,H,A,B,C,W[13],0x80DEB1FE); + F1(C,D,E,F,G,H,A,B,W[14],0x9BDC06A7); F1(B,C,D,E,F,G,H,A,W[15],0xC19BF174); + F1(A,B,C,D,E,F,G,H,W[16],0xE49B69C1); F1(H,A,B,C,D,E,F,G,W[17],0xEFBE4786); + F1(G,H,A,B,C,D,E,F,W[18],0x0FC19DC6); F1(F,G,H,A,B,C,D,E,W[19],0x240CA1CC); + F1(E,F,G,H,A,B,C,D,W[20],0x2DE92C6F); F1(D,E,F,G,H,A,B,C,W[21],0x4A7484AA); + F1(C,D,E,F,G,H,A,B,W[22],0x5CB0A9DC); F1(B,C,D,E,F,G,H,A,W[23],0x76F988DA); + F1(A,B,C,D,E,F,G,H,W[24],0x983E5152); F1(H,A,B,C,D,E,F,G,W[25],0xA831C66D); + F1(G,H,A,B,C,D,E,F,W[26],0xB00327C8); F1(F,G,H,A,B,C,D,E,W[27],0xBF597FC7); + F1(E,F,G,H,A,B,C,D,W[28],0xC6E00BF3); F1(D,E,F,G,H,A,B,C,W[29],0xD5A79147); + F1(C,D,E,F,G,H,A,B,W[30],0x06CA6351); F1(B,C,D,E,F,G,H,A,W[31],0x14292967); + F1(A,B,C,D,E,F,G,H,W[32],0x27B70A85); F1(H,A,B,C,D,E,F,G,W[33],0x2E1B2138); + F1(G,H,A,B,C,D,E,F,W[34],0x4D2C6DFC); F1(F,G,H,A,B,C,D,E,W[35],0x53380D13); + F1(E,F,G,H,A,B,C,D,W[36],0x650A7354); F1(D,E,F,G,H,A,B,C,W[37],0x766A0ABB); + F1(C,D,E,F,G,H,A,B,W[38],0x81C2C92E); F1(B,C,D,E,F,G,H,A,W[39],0x92722C85); + F1(A,B,C,D,E,F,G,H,W[40],0xA2BFE8A1); F1(H,A,B,C,D,E,F,G,W[41],0xA81A664B); + F1(G,H,A,B,C,D,E,F,W[42],0xC24B8B70); F1(F,G,H,A,B,C,D,E,W[43],0xC76C51A3); + F1(E,F,G,H,A,B,C,D,W[44],0xD192E819); F1(D,E,F,G,H,A,B,C,W[45],0xD6990624); + F1(C,D,E,F,G,H,A,B,W[46],0xF40E3585); F1(B,C,D,E,F,G,H,A,W[47],0x106AA070); + F1(A,B,C,D,E,F,G,H,W[48],0x19A4C116); F1(H,A,B,C,D,E,F,G,W[49],0x1E376C08); + F1(G,H,A,B,C,D,E,F,W[50],0x2748774C); F1(F,G,H,A,B,C,D,E,W[51],0x34B0BCB5); + F1(E,F,G,H,A,B,C,D,W[52],0x391C0CB3); F1(D,E,F,G,H,A,B,C,W[53],0x4ED8AA4A); + F1(C,D,E,F,G,H,A,B,W[54],0x5B9CCA4F); F1(B,C,D,E,F,G,H,A,W[55],0x682E6FF3); + F1(A,B,C,D,E,F,G,H,W[56],0x748F82EE); F1(H,A,B,C,D,E,F,G,W[57],0x78A5636F); + F1(G,H,A,B,C,D,E,F,W[58],0x84C87814); F1(F,G,H,A,B,C,D,E,W[59],0x8CC70208); + F1(E,F,G,H,A,B,C,D,W[60],0x90BEFFFA); F1(D,E,F,G,H,A,B,C,W[61],0xA4506CEB); + F1(C,D,E,F,G,H,A,B,W[62],0xBEF9A3F7); F1(B,C,D,E,F,G,H,A,W[63],0xC67178F2); + + digest[0] += A; digest[1] += B; digest[2] += C; + digest[3] += D; digest[4] += E; digest[5] += F; + digest[6] += G; digest[7] += H; + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void SHA_256::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; j += 4) + store_be(digest[j/4], output + j); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void SHA_256::clear() throw() + { + MDx_HashFunction::clear(); + W.clear(); + digest[0] = 0x6A09E667; + digest[1] = 0xBB67AE85; + digest[2] = 0x3C6EF372; + digest[3] = 0xA54FF53A; + digest[4] = 0x510E527F; + digest[5] = 0x9B05688C; + digest[6] = 0x1F83D9AB; + digest[7] = 0x5BE0CD19; + } + +} diff --git a/src/hash/sha2/sha256.h b/src/hash/sha2/sha256.h new file mode 100644 index 000000000..cdbe02822 --- /dev/null +++ b/src/hash/sha2/sha256.h @@ -0,0 +1,33 @@ +/************************************************* +* SHA-256 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_SHA_256_H__ +#define BOTAN_SHA_256_H__ + +#include <botan/mdx_hash.h> + +namespace Botan { + +/************************************************* +* SHA-256 * +*************************************************/ +class BOTAN_DLL SHA_256 : public MDx_HashFunction + { + public: + void clear() throw(); + std::string name() const { return "SHA-256"; } + HashFunction* clone() const { return new SHA_256; } + SHA_256() : MDx_HashFunction(32, 64, true, true) { clear(); } + private: + void hash(const byte[]); + void copy_out(byte[]); + + SecureBuffer<u32bit, 64> W; + SecureBuffer<u32bit, 8> digest; + }; + +} + +#endif diff --git a/src/hash/sha2/sha_64.cpp b/src/hash/sha2/sha_64.cpp new file mode 100644 index 000000000..7f4a28fec --- /dev/null +++ b/src/hash/sha2/sha_64.cpp @@ -0,0 +1,197 @@ +/************************************************* +* SHA-{384,512} Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/sha_64.h> +#include <botan/loadstor.h> +#include <botan/bit_ops.h> + +namespace Botan { + +namespace { + +/************************************************* +* SHA-{384,512} Rho Function * +*************************************************/ +inline u64bit rho(u64bit X, u32bit rot1, u32bit rot2, u32bit rot3) + { + return (rotate_right(X, rot1) ^ rotate_right(X, rot2) ^ + rotate_right(X, rot3)); + } + +/************************************************* +* SHA-{384,512} F1 Function * +*************************************************/ +inline void F1(u64bit A, u64bit B, u64bit C, u64bit& D, + u64bit E, u64bit F, u64bit G, u64bit& H, + u64bit msg, u64bit magic) + { + magic += rho(E, 14, 18, 41) + ((E & F) ^ (~E & G)) + msg; + D += magic + H; + H += magic + rho(A, 28, 34, 39) + ((A & B) ^ (A & C) ^ (B & C)); + } + +/************************************************* +* SHA-{384,512} Sigma Function * +*************************************************/ +inline u64bit sigma(u64bit X, u32bit rot1, u32bit rot2, u32bit shift) + { + return (rotate_right(X, rot1) ^ rotate_right(X, rot2) ^ (X >> shift)); + } + +} + +/************************************************* +* SHA-{384,512} Compression Function * +*************************************************/ +void SHA_64_BASE::hash(const byte input[]) + { + for(u32bit j = 0; j != 16; ++j) + W[j] = load_be<u64bit>(input, j); + + for(u32bit j = 16; j != 80; ++j) + W[j] = sigma(W[j- 2], 19, 61, 6) + W[j- 7] + + sigma(W[j-15], 1, 8, 7) + W[j-16]; + + u64bit A = digest[0], B = digest[1], C = digest[2], + D = digest[3], E = digest[4], F = digest[5], + G = digest[6], H = digest[7]; + + F1(A,B,C,D,E,F,G,H,W[ 0],0x428A2F98D728AE22); + F1(H,A,B,C,D,E,F,G,W[ 1],0x7137449123EF65CD); + F1(G,H,A,B,C,D,E,F,W[ 2],0xB5C0FBCFEC4D3B2F); + F1(F,G,H,A,B,C,D,E,W[ 3],0xE9B5DBA58189DBBC); + F1(E,F,G,H,A,B,C,D,W[ 4],0x3956C25BF348B538); + F1(D,E,F,G,H,A,B,C,W[ 5],0x59F111F1B605D019); + F1(C,D,E,F,G,H,A,B,W[ 6],0x923F82A4AF194F9B); + F1(B,C,D,E,F,G,H,A,W[ 7],0xAB1C5ED5DA6D8118); + F1(A,B,C,D,E,F,G,H,W[ 8],0xD807AA98A3030242); + F1(H,A,B,C,D,E,F,G,W[ 9],0x12835B0145706FBE); + F1(G,H,A,B,C,D,E,F,W[10],0x243185BE4EE4B28C); + F1(F,G,H,A,B,C,D,E,W[11],0x550C7DC3D5FFB4E2); + F1(E,F,G,H,A,B,C,D,W[12],0x72BE5D74F27B896F); + F1(D,E,F,G,H,A,B,C,W[13],0x80DEB1FE3B1696B1); + F1(C,D,E,F,G,H,A,B,W[14],0x9BDC06A725C71235); + F1(B,C,D,E,F,G,H,A,W[15],0xC19BF174CF692694); + F1(A,B,C,D,E,F,G,H,W[16],0xE49B69C19EF14AD2); + F1(H,A,B,C,D,E,F,G,W[17],0xEFBE4786384F25E3); + F1(G,H,A,B,C,D,E,F,W[18],0x0FC19DC68B8CD5B5); + F1(F,G,H,A,B,C,D,E,W[19],0x240CA1CC77AC9C65); + F1(E,F,G,H,A,B,C,D,W[20],0x2DE92C6F592B0275); + F1(D,E,F,G,H,A,B,C,W[21],0x4A7484AA6EA6E483); + F1(C,D,E,F,G,H,A,B,W[22],0x5CB0A9DCBD41FBD4); + F1(B,C,D,E,F,G,H,A,W[23],0x76F988DA831153B5); + F1(A,B,C,D,E,F,G,H,W[24],0x983E5152EE66DFAB); + F1(H,A,B,C,D,E,F,G,W[25],0xA831C66D2DB43210); + F1(G,H,A,B,C,D,E,F,W[26],0xB00327C898FB213F); + F1(F,G,H,A,B,C,D,E,W[27],0xBF597FC7BEEF0EE4); + F1(E,F,G,H,A,B,C,D,W[28],0xC6E00BF33DA88FC2); + F1(D,E,F,G,H,A,B,C,W[29],0xD5A79147930AA725); + F1(C,D,E,F,G,H,A,B,W[30],0x06CA6351E003826F); + F1(B,C,D,E,F,G,H,A,W[31],0x142929670A0E6E70); + F1(A,B,C,D,E,F,G,H,W[32],0x27B70A8546D22FFC); + F1(H,A,B,C,D,E,F,G,W[33],0x2E1B21385C26C926); + F1(G,H,A,B,C,D,E,F,W[34],0x4D2C6DFC5AC42AED); + F1(F,G,H,A,B,C,D,E,W[35],0x53380D139D95B3DF); + F1(E,F,G,H,A,B,C,D,W[36],0x650A73548BAF63DE); + F1(D,E,F,G,H,A,B,C,W[37],0x766A0ABB3C77B2A8); + F1(C,D,E,F,G,H,A,B,W[38],0x81C2C92E47EDAEE6); + F1(B,C,D,E,F,G,H,A,W[39],0x92722C851482353B); + F1(A,B,C,D,E,F,G,H,W[40],0xA2BFE8A14CF10364); + F1(H,A,B,C,D,E,F,G,W[41],0xA81A664BBC423001); + F1(G,H,A,B,C,D,E,F,W[42],0xC24B8B70D0F89791); + F1(F,G,H,A,B,C,D,E,W[43],0xC76C51A30654BE30); + F1(E,F,G,H,A,B,C,D,W[44],0xD192E819D6EF5218); + F1(D,E,F,G,H,A,B,C,W[45],0xD69906245565A910); + F1(C,D,E,F,G,H,A,B,W[46],0xF40E35855771202A); + F1(B,C,D,E,F,G,H,A,W[47],0x106AA07032BBD1B8); + F1(A,B,C,D,E,F,G,H,W[48],0x19A4C116B8D2D0C8); + F1(H,A,B,C,D,E,F,G,W[49],0x1E376C085141AB53); + F1(G,H,A,B,C,D,E,F,W[50],0x2748774CDF8EEB99); + F1(F,G,H,A,B,C,D,E,W[51],0x34B0BCB5E19B48A8); + F1(E,F,G,H,A,B,C,D,W[52],0x391C0CB3C5C95A63); + F1(D,E,F,G,H,A,B,C,W[53],0x4ED8AA4AE3418ACB); + F1(C,D,E,F,G,H,A,B,W[54],0x5B9CCA4F7763E373); + F1(B,C,D,E,F,G,H,A,W[55],0x682E6FF3D6B2B8A3); + F1(A,B,C,D,E,F,G,H,W[56],0x748F82EE5DEFB2FC); + F1(H,A,B,C,D,E,F,G,W[57],0x78A5636F43172F60); + F1(G,H,A,B,C,D,E,F,W[58],0x84C87814A1F0AB72); + F1(F,G,H,A,B,C,D,E,W[59],0x8CC702081A6439EC); + F1(E,F,G,H,A,B,C,D,W[60],0x90BEFFFA23631E28); + F1(D,E,F,G,H,A,B,C,W[61],0xA4506CEBDE82BDE9); + F1(C,D,E,F,G,H,A,B,W[62],0xBEF9A3F7B2C67915); + F1(B,C,D,E,F,G,H,A,W[63],0xC67178F2E372532B); + F1(A,B,C,D,E,F,G,H,W[64],0xCA273ECEEA26619C); + F1(H,A,B,C,D,E,F,G,W[65],0xD186B8C721C0C207); + F1(G,H,A,B,C,D,E,F,W[66],0xEADA7DD6CDE0EB1E); + F1(F,G,H,A,B,C,D,E,W[67],0xF57D4F7FEE6ED178); + F1(E,F,G,H,A,B,C,D,W[68],0x06F067AA72176FBA); + F1(D,E,F,G,H,A,B,C,W[69],0x0A637DC5A2C898A6); + F1(C,D,E,F,G,H,A,B,W[70],0x113F9804BEF90DAE); + F1(B,C,D,E,F,G,H,A,W[71],0x1B710B35131C471B); + F1(A,B,C,D,E,F,G,H,W[72],0x28DB77F523047D84); + F1(H,A,B,C,D,E,F,G,W[73],0x32CAAB7B40C72493); + F1(G,H,A,B,C,D,E,F,W[74],0x3C9EBE0A15C9BEBC); + F1(F,G,H,A,B,C,D,E,W[75],0x431D67C49C100D4C); + F1(E,F,G,H,A,B,C,D,W[76],0x4CC5D4BECB3E42B6); + F1(D,E,F,G,H,A,B,C,W[77],0x597F299CFC657E2A); + F1(C,D,E,F,G,H,A,B,W[78],0x5FCB6FAB3AD6FAEC); + F1(B,C,D,E,F,G,H,A,W[79],0x6C44198C4A475817); + + digest[0] += A; digest[1] += B; digest[2] += C; + digest[3] += D; digest[4] += E; digest[5] += F; + digest[6] += G; digest[7] += H; + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void SHA_64_BASE::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; j += 8) + store_be(digest[j/8], output + j); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void SHA_64_BASE::clear() throw() + { + MDx_HashFunction::clear(); + W.clear(); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void SHA_384::clear() throw() + { + SHA_64_BASE::clear(); + digest[0] = 0xCBBB9D5DC1059ED8; + digest[1] = 0x629A292A367CD507; + digest[2] = 0x9159015A3070DD17; + digest[3] = 0x152FECD8F70E5939; + digest[4] = 0x67332667FFC00B31; + digest[5] = 0x8EB44A8768581511; + digest[6] = 0xDB0C2E0D64F98FA7; + digest[7] = 0x47B5481DBEFA4FA4; + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void SHA_512::clear() throw() + { + SHA_64_BASE::clear(); + digest[0] = 0x6A09E667F3BCC908; + digest[1] = 0xBB67AE8584CAA73B; + digest[2] = 0x3C6EF372FE94F82B; + digest[3] = 0xA54FF53A5F1D36F1; + digest[4] = 0x510E527FADE682D1; + digest[5] = 0x9B05688C2B3E6C1F; + digest[6] = 0x1F83D9ABFB41BD6B; + digest[7] = 0x5BE0CD19137E2179; + } + +} diff --git a/src/hash/sha2/sha_64.h b/src/hash/sha2/sha_64.h new file mode 100644 index 000000000..e590d088d --- /dev/null +++ b/src/hash/sha2/sha_64.h @@ -0,0 +1,55 @@ +/************************************************* +* SHA-{384,512} Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_SHA_64BIT_H__ +#define BOTAN_SHA_64BIT_H__ + +#include <botan/mdx_hash.h> + +namespace Botan { + +/************************************************* +* SHA-{384,512} Base * +*************************************************/ +class BOTAN_DLL SHA_64_BASE : public MDx_HashFunction + { + protected: + void clear() throw(); + SHA_64_BASE(u32bit out) : MDx_HashFunction(out, 128, true, true, 16) {} + SecureBuffer<u64bit, 8> digest; + private: + void hash(const byte[]); + void copy_out(byte[]); + + SecureBuffer<u64bit, 80> W; + }; + +/************************************************* +* SHA-384 * +*************************************************/ +class BOTAN_DLL SHA_384 : public SHA_64_BASE + { + public: + void clear() throw(); + std::string name() const { return "SHA-384"; } + HashFunction* clone() const { return new SHA_384; } + SHA_384() : SHA_64_BASE(48) { clear(); } + }; + +/************************************************* +* SHA-512 * +*************************************************/ +class BOTAN_DLL SHA_512 : public SHA_64_BASE + { + public: + void clear() throw(); + std::string name() const { return "SHA-512"; } + HashFunction* clone() const { return new SHA_512; } + SHA_512() : SHA_64_BASE(64) { clear(); } + }; + +} + +#endif diff --git a/src/hash/tiger/modinfo.txt b/src/hash/tiger/modinfo.txt new file mode 100644 index 000000000..e117d6701 --- /dev/null +++ b/src/hash/tiger/modinfo.txt @@ -0,0 +1,11 @@ +realname "Tiger" + +define TIGER + +load_on auto + +<add> +tig_tab.cpp +tiger.cpp +tiger.h +</add> diff --git a/src/hash/tiger/tig_tab.cpp b/src/hash/tiger/tig_tab.cpp new file mode 100644 index 000000000..6d476f4b3 --- /dev/null +++ b/src/hash/tiger/tig_tab.cpp @@ -0,0 +1,362 @@ +/************************************************* +* S-Box Tables for Tiger * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/tiger.h> + +namespace Botan { + +const u64bit Tiger::SBOX1[256] = { + 0x02AAB17CF7E90C5E, 0xAC424B03E243A8EC, 0x72CD5BE30DD5FCD3, + 0x6D019B93F6F97F3A, 0xCD9978FFD21F9193, 0x7573A1C9708029E2, + 0xB164326B922A83C3, 0x46883EEE04915870, 0xEAACE3057103ECE6, + 0xC54169B808A3535C, 0x4CE754918DDEC47C, 0x0AA2F4DFDC0DF40C, + 0x10B76F18A74DBEFA, 0xC6CCB6235AD1AB6A, 0x13726121572FE2FF, + 0x1A488C6F199D921E, 0x4BC9F9F4DA0007CA, 0x26F5E6F6E85241C7, + 0x859079DBEA5947B6, 0x4F1885C5C99E8C92, 0xD78E761EA96F864B, + 0x8E36428C52B5C17D, 0x69CF6827373063C1, 0xB607C93D9BB4C56E, + 0x7D820E760E76B5EA, 0x645C9CC6F07FDC42, 0xBF38A078243342E0, + 0x5F6B343C9D2E7D04, 0xF2C28AEB600B0EC6, 0x6C0ED85F7254BCAC, + 0x71592281A4DB4FE5, 0x1967FA69CE0FED9F, 0xFD5293F8B96545DB, + 0xC879E9D7F2A7600B, 0x860248920193194E, 0xA4F9533B2D9CC0B3, + 0x9053836C15957613, 0xDB6DCF8AFC357BF1, 0x18BEEA7A7A370F57, + 0x037117CA50B99066, 0x6AB30A9774424A35, 0xF4E92F02E325249B, + 0x7739DB07061CCAE1, 0xD8F3B49CECA42A05, 0xBD56BE3F51382F73, + 0x45FAED5843B0BB28, 0x1C813D5C11BF1F83, 0x8AF0E4B6D75FA169, + 0x33EE18A487AD9999, 0x3C26E8EAB1C94410, 0xB510102BC0A822F9, + 0x141EEF310CE6123B, 0xFC65B90059DDB154, 0xE0158640C5E0E607, + 0x884E079826C3A3CF, 0x930D0D9523C535FD, 0x35638D754E9A2B00, + 0x4085FCCF40469DD5, 0xC4B17AD28BE23A4C, 0xCAB2F0FC6A3E6A2E, + 0x2860971A6B943FCD, 0x3DDE6EE212E30446, 0x6222F32AE01765AE, + 0x5D550BB5478308FE, 0xA9EFA98DA0EDA22A, 0xC351A71686C40DA7, + 0x1105586D9C867C84, 0xDCFFEE85FDA22853, 0xCCFBD0262C5EEF76, + 0xBAF294CB8990D201, 0xE69464F52AFAD975, 0x94B013AFDF133E14, + 0x06A7D1A32823C958, 0x6F95FE5130F61119, 0xD92AB34E462C06C0, + 0xED7BDE33887C71D2, 0x79746D6E6518393E, 0x5BA419385D713329, + 0x7C1BA6B948A97564, 0x31987C197BFDAC67, 0xDE6C23C44B053D02, + 0x581C49FED002D64D, 0xDD474D6338261571, 0xAA4546C3E473D062, + 0x928FCE349455F860, 0x48161BBACAAB94D9, 0x63912430770E6F68, + 0x6EC8A5E602C6641C, 0x87282515337DDD2B, 0x2CDA6B42034B701B, + 0xB03D37C181CB096D, 0xE108438266C71C6F, 0x2B3180C7EB51B255, + 0xDF92B82F96C08BBC, 0x5C68C8C0A632F3BA, 0x5504CC861C3D0556, + 0xABBFA4E55FB26B8F, 0x41848B0AB3BACEB4, 0xB334A273AA445D32, + 0xBCA696F0A85AD881, 0x24F6EC65B528D56C, 0x0CE1512E90F4524A, + 0x4E9DD79D5506D35A, 0x258905FAC6CE9779, 0x2019295B3E109B33, + 0xF8A9478B73A054CC, 0x2924F2F934417EB0, 0x3993357D536D1BC4, + 0x38A81AC21DB6FF8B, 0x47C4FBF17D6016BF, 0x1E0FAADD7667E3F5, + 0x7ABCFF62938BEB96, 0xA78DAD948FC179C9, 0x8F1F98B72911E50D, + 0x61E48EAE27121A91, 0x4D62F7AD31859808, 0xECEBA345EF5CEAEB, + 0xF5CEB25EBC9684CE, 0xF633E20CB7F76221, 0xA32CDF06AB8293E4, + 0x985A202CA5EE2CA4, 0xCF0B8447CC8A8FB1, 0x9F765244979859A3, + 0xA8D516B1A1240017, 0x0BD7BA3EBB5DC726, 0xE54BCA55B86ADB39, + 0x1D7A3AFD6C478063, 0x519EC608E7669EDD, 0x0E5715A2D149AA23, + 0x177D4571848FF194, 0xEEB55F3241014C22, 0x0F5E5CA13A6E2EC2, + 0x8029927B75F5C361, 0xAD139FABC3D6E436, 0x0D5DF1A94CCF402F, + 0x3E8BD948BEA5DFC8, 0xA5A0D357BD3FF77E, 0xA2D12E251F74F645, + 0x66FD9E525E81A082, 0x2E0C90CE7F687A49, 0xC2E8BCBEBA973BC5, + 0x000001BCE509745F, 0x423777BBE6DAB3D6, 0xD1661C7EAEF06EB5, + 0xA1781F354DAACFD8, 0x2D11284A2B16AFFC, 0xF1FC4F67FA891D1F, + 0x73ECC25DCB920ADA, 0xAE610C22C2A12651, 0x96E0A810D356B78A, + 0x5A9A381F2FE7870F, 0xD5AD62EDE94E5530, 0xD225E5E8368D1427, + 0x65977B70C7AF4631, 0x99F889B2DE39D74F, 0x233F30BF54E1D143, + 0x9A9675D3D9A63C97, 0x5470554FF334F9A8, 0x166ACB744A4F5688, + 0x70C74CAAB2E4AEAD, 0xF0D091646F294D12, 0x57B82A89684031D1, + 0xEFD95A5A61BE0B6B, 0x2FBD12E969F2F29A, 0x9BD37013FEFF9FE8, + 0x3F9B0404D6085A06, 0x4940C1F3166CFE15, 0x09542C4DCDF3DEFB, + 0xB4C5218385CD5CE3, 0xC935B7DC4462A641, 0x3417F8A68ED3B63F, + 0xB80959295B215B40, 0xF99CDAEF3B8C8572, 0x018C0614F8FCB95D, + 0x1B14ACCD1A3ACDF3, 0x84D471F200BB732D, 0xC1A3110E95E8DA16, + 0x430A7220BF1A82B8, 0xB77E090D39DF210E, 0x5EF4BD9F3CD05E9D, + 0x9D4FF6DA7E57A444, 0xDA1D60E183D4A5F8, 0xB287C38417998E47, + 0xFE3EDC121BB31886, 0xC7FE3CCC980CCBEF, 0xE46FB590189BFD03, + 0x3732FD469A4C57DC, 0x7EF700A07CF1AD65, 0x59C64468A31D8859, + 0x762FB0B4D45B61F6, 0x155BAED099047718, 0x68755E4C3D50BAA6, + 0xE9214E7F22D8B4DF, 0x2ADDBF532EAC95F4, 0x32AE3909B4BD0109, + 0x834DF537B08E3450, 0xFA209DA84220728D, 0x9E691D9B9EFE23F7, + 0x0446D288C4AE8D7F, 0x7B4CC524E169785B, 0x21D87F0135CA1385, + 0xCEBB400F137B8AA5, 0x272E2B66580796BE, 0x3612264125C2B0DE, + 0x057702BDAD1EFBB2, 0xD4BABB8EACF84BE9, 0x91583139641BC67B, + 0x8BDC2DE08036E024, 0x603C8156F49F68ED, 0xF7D236F7DBEF5111, + 0x9727C4598AD21E80, 0xA08A0896670A5FD7, 0xCB4A8F4309EBA9CB, + 0x81AF564B0F7036A1, 0xC0B99AA778199ABD, 0x959F1EC83FC8E952, + 0x8C505077794A81B9, 0x3ACAAF8F056338F0, 0x07B43F50627A6778, + 0x4A44AB49F5ECCC77, 0x3BC3D6E4B679EE98, 0x9CC0D4D1CF14108C, + 0x4406C00B206BC8A0, 0x82A18854C8D72D89, 0x67E366B35C3C432C, + 0xB923DD61102B37F2, 0x56AB2779D884271D, 0xBE83E1B0FF1525AF, + 0xFB7C65D4217E49A9, 0x6BDBE0E76D48E7D4, 0x08DF828745D9179E, + 0x22EA6A9ADD53BD34, 0xE36E141C5622200A, 0x7F805D1B8CB750EE, + 0xAFE5C7A59F58E837, 0xE27F996A4FB1C23C, 0xD3867DFB0775F0D0, + 0xD0E673DE6E88891A, 0x123AEB9EAFB86C25, 0x30F1D5D5C145B895, + 0xBB434A2DEE7269E7, 0x78CB67ECF931FA38, 0xF33B0372323BBF9C, + 0x52D66336FB279C74, 0x505F33AC0AFB4EAA, 0xE8A5CD99A2CCE187, + 0x534974801E2D30BB, 0x8D2D5711D5876D90, 0x1F1A412891BC038E, + 0xD6E2E71D82E56648, 0x74036C3A497732B7, 0x89B67ED96361F5AB, + 0xFFED95D8F1EA02A2, 0xE72B3BD61464D43D, 0xA6300F170BDC4820, + 0xEBC18760ED78A77A }; + +const u64bit Tiger::SBOX2[256] = { + 0xE6A6BE5A05A12138, 0xB5A122A5B4F87C98, 0x563C6089140B6990, + 0x4C46CB2E391F5DD5, 0xD932ADDBC9B79434, 0x08EA70E42015AFF5, + 0xD765A6673E478CF1, 0xC4FB757EAB278D99, 0xDF11C6862D6E0692, + 0xDDEB84F10D7F3B16, 0x6F2EF604A665EA04, 0x4A8E0F0FF0E0DFB3, + 0xA5EDEEF83DBCBA51, 0xFC4F0A2A0EA4371E, 0xE83E1DA85CB38429, + 0xDC8FF882BA1B1CE2, 0xCD45505E8353E80D, 0x18D19A00D4DB0717, + 0x34A0CFEDA5F38101, 0x0BE77E518887CAF2, 0x1E341438B3C45136, + 0xE05797F49089CCF9, 0xFFD23F9DF2591D14, 0x543DDA228595C5CD, + 0x661F81FD99052A33, 0x8736E641DB0F7B76, 0x15227725418E5307, + 0xE25F7F46162EB2FA, 0x48A8B2126C13D9FE, 0xAFDC541792E76EEA, + 0x03D912BFC6D1898F, 0x31B1AAFA1B83F51B, 0xF1AC2796E42AB7D9, + 0x40A3A7D7FCD2EBAC, 0x1056136D0AFBBCC5, 0x7889E1DD9A6D0C85, + 0xD33525782A7974AA, 0xA7E25D09078AC09B, 0xBD4138B3EAC6EDD0, + 0x920ABFBE71EB9E70, 0xA2A5D0F54FC2625C, 0xC054E36B0B1290A3, + 0xF6DD59FF62FE932B, 0x3537354511A8AC7D, 0xCA845E9172FADCD4, + 0x84F82B60329D20DC, 0x79C62CE1CD672F18, 0x8B09A2ADD124642C, + 0xD0C1E96A19D9E726, 0x5A786A9B4BA9500C, 0x0E020336634C43F3, + 0xC17B474AEB66D822, 0x6A731AE3EC9BAAC2, 0x8226667AE0840258, + 0x67D4567691CAECA5, 0x1D94155C4875ADB5, 0x6D00FD985B813FDF, + 0x51286EFCB774CD06, 0x5E8834471FA744AF, 0xF72CA0AEE761AE2E, + 0xBE40E4CDAEE8E09A, 0xE9970BBB5118F665, 0x726E4BEB33DF1964, + 0x703B000729199762, 0x4631D816F5EF30A7, 0xB880B5B51504A6BE, + 0x641793C37ED84B6C, 0x7B21ED77F6E97D96, 0x776306312EF96B73, + 0xAE528948E86FF3F4, 0x53DBD7F286A3F8F8, 0x16CADCE74CFC1063, + 0x005C19BDFA52C6DD, 0x68868F5D64D46AD3, 0x3A9D512CCF1E186A, + 0x367E62C2385660AE, 0xE359E7EA77DCB1D7, 0x526C0773749ABE6E, + 0x735AE5F9D09F734B, 0x493FC7CC8A558BA8, 0xB0B9C1533041AB45, + 0x321958BA470A59BD, 0x852DB00B5F46C393, 0x91209B2BD336B0E5, + 0x6E604F7D659EF19F, 0xB99A8AE2782CCB24, 0xCCF52AB6C814C4C7, + 0x4727D9AFBE11727B, 0x7E950D0C0121B34D, 0x756F435670AD471F, + 0xF5ADD442615A6849, 0x4E87E09980B9957A, 0x2ACFA1DF50AEE355, + 0xD898263AFD2FD556, 0xC8F4924DD80C8FD6, 0xCF99CA3D754A173A, + 0xFE477BACAF91BF3C, 0xED5371F6D690C12D, 0x831A5C285E687094, + 0xC5D3C90A3708A0A4, 0x0F7F903717D06580, 0x19F9BB13B8FDF27F, + 0xB1BD6F1B4D502843, 0x1C761BA38FFF4012, 0x0D1530C4E2E21F3B, + 0x8943CE69A7372C8A, 0xE5184E11FEB5CE66, 0x618BDB80BD736621, + 0x7D29BAD68B574D0B, 0x81BB613E25E6FE5B, 0x071C9C10BC07913F, + 0xC7BEEB7909AC2D97, 0xC3E58D353BC5D757, 0xEB017892F38F61E8, + 0xD4EFFB9C9B1CC21A, 0x99727D26F494F7AB, 0xA3E063A2956B3E03, + 0x9D4A8B9A4AA09C30, 0x3F6AB7D500090FB4, 0x9CC0F2A057268AC0, + 0x3DEE9D2DEDBF42D1, 0x330F49C87960A972, 0xC6B2720287421B41, + 0x0AC59EC07C00369C, 0xEF4EAC49CB353425, 0xF450244EEF0129D8, + 0x8ACC46E5CAF4DEB6, 0x2FFEAB63989263F7, 0x8F7CB9FE5D7A4578, + 0x5BD8F7644E634635, 0x427A7315BF2DC900, 0x17D0C4AA2125261C, + 0x3992486C93518E50, 0xB4CBFEE0A2D7D4C3, 0x7C75D6202C5DDD8D, + 0xDBC295D8E35B6C61, 0x60B369D302032B19, 0xCE42685FDCE44132, + 0x06F3DDB9DDF65610, 0x8EA4D21DB5E148F0, 0x20B0FCE62FCD496F, + 0x2C1B912358B0EE31, 0xB28317B818F5A308, 0xA89C1E189CA6D2CF, + 0x0C6B18576AAADBC8, 0xB65DEAA91299FAE3, 0xFB2B794B7F1027E7, + 0x04E4317F443B5BEB, 0x4B852D325939D0A6, 0xD5AE6BEEFB207FFC, + 0x309682B281C7D374, 0xBAE309A194C3B475, 0x8CC3F97B13B49F05, + 0x98A9422FF8293967, 0x244B16B01076FF7C, 0xF8BF571C663D67EE, + 0x1F0D6758EEE30DA1, 0xC9B611D97ADEB9B7, 0xB7AFD5887B6C57A2, + 0x6290AE846B984FE1, 0x94DF4CDEACC1A5FD, 0x058A5BD1C5483AFF, + 0x63166CC142BA3C37, 0x8DB8526EB2F76F40, 0xE10880036F0D6D4E, + 0x9E0523C9971D311D, 0x45EC2824CC7CD691, 0x575B8359E62382C9, + 0xFA9E400DC4889995, 0xD1823ECB45721568, 0xDAFD983B8206082F, + 0xAA7D29082386A8CB, 0x269FCD4403B87588, 0x1B91F5F728BDD1E0, + 0xE4669F39040201F6, 0x7A1D7C218CF04ADE, 0x65623C29D79CE5CE, + 0x2368449096C00BB1, 0xAB9BF1879DA503BA, 0xBC23ECB1A458058E, + 0x9A58DF01BB401ECC, 0xA070E868A85F143D, 0x4FF188307DF2239E, + 0x14D565B41A641183, 0xEE13337452701602, 0x950E3DCF3F285E09, + 0x59930254B9C80953, 0x3BF299408930DA6D, 0xA955943F53691387, + 0xA15EDECAA9CB8784, 0x29142127352BE9A0, 0x76F0371FFF4E7AFB, + 0x0239F450274F2228, 0xBB073AF01D5E868B, 0xBFC80571C10E96C1, + 0xD267088568222E23, 0x9671A3D48E80B5B0, 0x55B5D38AE193BB81, + 0x693AE2D0A18B04B8, 0x5C48B4ECADD5335F, 0xFD743B194916A1CA, + 0x2577018134BE98C4, 0xE77987E83C54A4AD, 0x28E11014DA33E1B9, + 0x270CC59E226AA213, 0x71495F756D1A5F60, 0x9BE853FB60AFEF77, + 0xADC786A7F7443DBF, 0x0904456173B29A82, 0x58BC7A66C232BD5E, + 0xF306558C673AC8B2, 0x41F639C6B6C9772A, 0x216DEFE99FDA35DA, + 0x11640CC71C7BE615, 0x93C43694565C5527, 0xEA038E6246777839, + 0xF9ABF3CE5A3E2469, 0x741E768D0FD312D2, 0x0144B883CED652C6, + 0xC20B5A5BA33F8552, 0x1AE69633C3435A9D, 0x97A28CA4088CFDEC, + 0x8824A43C1E96F420, 0x37612FA66EEEA746, 0x6B4CB165F9CF0E5A, + 0x43AA1C06A0ABFB4A, 0x7F4DC26FF162796B, 0x6CBACC8E54ED9B0F, + 0xA6B7FFEFD2BB253E, 0x2E25BC95B0A29D4F, 0x86D6A58BDEF1388C, + 0xDED74AC576B6F054, 0x8030BDBC2B45805D, 0x3C81AF70E94D9289, + 0x3EFF6DDA9E3100DB, 0xB38DC39FDFCC8847, 0x123885528D17B87E, + 0xF2DA0ED240B1B642, 0x44CEFADCD54BF9A9, 0x1312200E433C7EE6, + 0x9FFCC84F3A78C748, 0xF0CD1F72248576BB, 0xEC6974053638CFE4, + 0x2BA7B67C0CEC4E4C, 0xAC2F4DF3E5CE32ED, 0xCB33D14326EA4C11, + 0xA4E9044CC77E58BC, 0x5F513293D934FCEF, 0x5DC9645506E55444, + 0x50DE418F317DE40A, 0x388CB31A69DDE259, 0x2DB4A83455820A86, + 0x9010A91E84711AE9, 0x4DF7F0B7B1498371, 0xD62A2EABC0977179, + 0x22FAC097AA8D5C0E }; + +const u64bit Tiger::SBOX3[256] = { + 0xF49FCC2FF1DAF39B, 0x487FD5C66FF29281, 0xE8A30667FCDCA83F, + 0x2C9B4BE3D2FCCE63, 0xDA3FF74B93FBBBC2, 0x2FA165D2FE70BA66, + 0xA103E279970E93D4, 0xBECDEC77B0E45E71, 0xCFB41E723985E497, + 0xB70AAA025EF75017, 0xD42309F03840B8E0, 0x8EFC1AD035898579, + 0x96C6920BE2B2ABC5, 0x66AF4163375A9172, 0x2174ABDCCA7127FB, + 0xB33CCEA64A72FF41, 0xF04A4933083066A5, 0x8D970ACDD7289AF5, + 0x8F96E8E031C8C25E, 0xF3FEC02276875D47, 0xEC7BF310056190DD, + 0xF5ADB0AEBB0F1491, 0x9B50F8850FD58892, 0x4975488358B74DE8, + 0xA3354FF691531C61, 0x0702BBE481D2C6EE, 0x89FB24057DEDED98, + 0xAC3075138596E902, 0x1D2D3580172772ED, 0xEB738FC28E6BC30D, + 0x5854EF8F63044326, 0x9E5C52325ADD3BBE, 0x90AA53CF325C4623, + 0xC1D24D51349DD067, 0x2051CFEEA69EA624, 0x13220F0A862E7E4F, + 0xCE39399404E04864, 0xD9C42CA47086FCB7, 0x685AD2238A03E7CC, + 0x066484B2AB2FF1DB, 0xFE9D5D70EFBF79EC, 0x5B13B9DD9C481854, + 0x15F0D475ED1509AD, 0x0BEBCD060EC79851, 0xD58C6791183AB7F8, + 0xD1187C5052F3EEE4, 0xC95D1192E54E82FF, 0x86EEA14CB9AC6CA2, + 0x3485BEB153677D5D, 0xDD191D781F8C492A, 0xF60866BAA784EBF9, + 0x518F643BA2D08C74, 0x8852E956E1087C22, 0xA768CB8DC410AE8D, + 0x38047726BFEC8E1A, 0xA67738B4CD3B45AA, 0xAD16691CEC0DDE19, + 0xC6D4319380462E07, 0xC5A5876D0BA61938, 0x16B9FA1FA58FD840, + 0x188AB1173CA74F18, 0xABDA2F98C99C021F, 0x3E0580AB134AE816, + 0x5F3B05B773645ABB, 0x2501A2BE5575F2F6, 0x1B2F74004E7E8BA9, + 0x1CD7580371E8D953, 0x7F6ED89562764E30, 0xB15926FF596F003D, + 0x9F65293DA8C5D6B9, 0x6ECEF04DD690F84C, 0x4782275FFF33AF88, + 0xE41433083F820801, 0xFD0DFE409A1AF9B5, 0x4325A3342CDB396B, + 0x8AE77E62B301B252, 0xC36F9E9F6655615A, 0x85455A2D92D32C09, + 0xF2C7DEA949477485, 0x63CFB4C133A39EBA, 0x83B040CC6EBC5462, + 0x3B9454C8FDB326B0, 0x56F56A9E87FFD78C, 0x2DC2940D99F42BC6, + 0x98F7DF096B096E2D, 0x19A6E01E3AD852BF, 0x42A99CCBDBD4B40B, + 0xA59998AF45E9C559, 0x366295E807D93186, 0x6B48181BFAA1F773, + 0x1FEC57E2157A0A1D, 0x4667446AF6201AD5, 0xE615EBCACFB0F075, + 0xB8F31F4F68290778, 0x22713ED6CE22D11E, 0x3057C1A72EC3C93B, + 0xCB46ACC37C3F1F2F, 0xDBB893FD02AAF50E, 0x331FD92E600B9FCF, + 0xA498F96148EA3AD6, 0xA8D8426E8B6A83EA, 0xA089B274B7735CDC, + 0x87F6B3731E524A11, 0x118808E5CBC96749, 0x9906E4C7B19BD394, + 0xAFED7F7E9B24A20C, 0x6509EADEEB3644A7, 0x6C1EF1D3E8EF0EDE, + 0xB9C97D43E9798FB4, 0xA2F2D784740C28A3, 0x7B8496476197566F, + 0x7A5BE3E6B65F069D, 0xF96330ED78BE6F10, 0xEEE60DE77A076A15, + 0x2B4BEE4AA08B9BD0, 0x6A56A63EC7B8894E, 0x02121359BA34FEF4, + 0x4CBF99F8283703FC, 0x398071350CAF30C8, 0xD0A77A89F017687A, + 0xF1C1A9EB9E423569, 0x8C7976282DEE8199, 0x5D1737A5DD1F7ABD, + 0x4F53433C09A9FA80, 0xFA8B0C53DF7CA1D9, 0x3FD9DCBC886CCB77, + 0xC040917CA91B4720, 0x7DD00142F9D1DCDF, 0x8476FC1D4F387B58, + 0x23F8E7C5F3316503, 0x032A2244E7E37339, 0x5C87A5D750F5A74B, + 0x082B4CC43698992E, 0xDF917BECB858F63C, 0x3270B8FC5BF86DDA, + 0x10AE72BB29B5DD76, 0x576AC94E7700362B, 0x1AD112DAC61EFB8F, + 0x691BC30EC5FAA427, 0xFF246311CC327143, 0x3142368E30E53206, + 0x71380E31E02CA396, 0x958D5C960AAD76F1, 0xF8D6F430C16DA536, + 0xC8FFD13F1BE7E1D2, 0x7578AE66004DDBE1, 0x05833F01067BE646, + 0xBB34B5AD3BFE586D, 0x095F34C9A12B97F0, 0x247AB64525D60CA8, + 0xDCDBC6F3017477D1, 0x4A2E14D4DECAD24D, 0xBDB5E6D9BE0A1EEB, + 0x2A7E70F7794301AB, 0xDEF42D8A270540FD, 0x01078EC0A34C22C1, + 0xE5DE511AF4C16387, 0x7EBB3A52BD9A330A, 0x77697857AA7D6435, + 0x004E831603AE4C32, 0xE7A21020AD78E312, 0x9D41A70C6AB420F2, + 0x28E06C18EA1141E6, 0xD2B28CBD984F6B28, 0x26B75F6C446E9D83, + 0xBA47568C4D418D7F, 0xD80BADBFE6183D8E, 0x0E206D7F5F166044, + 0xE258A43911CBCA3E, 0x723A1746B21DC0BC, 0xC7CAA854F5D7CDD3, + 0x7CAC32883D261D9C, 0x7690C26423BA942C, 0x17E55524478042B8, + 0xE0BE477656A2389F, 0x4D289B5E67AB2DA0, 0x44862B9C8FBBFD31, + 0xB47CC8049D141365, 0x822C1B362B91C793, 0x4EB14655FB13DFD8, + 0x1ECBBA0714E2A97B, 0x6143459D5CDE5F14, 0x53A8FBF1D5F0AC89, + 0x97EA04D81C5E5B00, 0x622181A8D4FDB3F3, 0xE9BCD341572A1208, + 0x1411258643CCE58A, 0x9144C5FEA4C6E0A4, 0x0D33D06565CF620F, + 0x54A48D489F219CA1, 0xC43E5EAC6D63C821, 0xA9728B3A72770DAF, + 0xD7934E7B20DF87EF, 0xE35503B61A3E86E5, 0xCAE321FBC819D504, + 0x129A50B3AC60BFA6, 0xCD5E68EA7E9FB6C3, 0xB01C90199483B1C7, + 0x3DE93CD5C295376C, 0xAED52EDF2AB9AD13, 0x2E60F512C0A07884, + 0xBC3D86A3E36210C9, 0x35269D9B163951CE, 0x0C7D6E2AD0CDB5FA, + 0x59E86297D87F5733, 0x298EF221898DB0E7, 0x55000029D1A5AA7E, + 0x8BC08AE1B5061B45, 0xC2C31C2B6C92703A, 0x94CC596BAF25EF42, + 0x0A1D73DB22540456, 0x04B6A0F9D9C4179A, 0xEFFDAFA2AE3D3C60, + 0xF7C8075BB49496C4, 0x9CC5C7141D1CD4E3, 0x78BD1638218E5534, + 0xB2F11568F850246A, 0xEDFABCFA9502BC29, 0x796CE5F2DA23051B, + 0xAAE128B0DC93537C, 0x3A493DA0EE4B29AE, 0xB5DF6B2C416895D7, + 0xFCABBD25122D7F37, 0x70810B58105DC4B1, 0xE10FDD37F7882A90, + 0x524DCAB5518A3F5C, 0x3C9E85878451255B, 0x4029828119BD34E2, + 0x74A05B6F5D3CECCB, 0xB610021542E13ECA, 0x0FF979D12F59E2AC, + 0x6037DA27E4F9CC50, 0x5E92975A0DF1847D, 0xD66DE190D3E623FE, + 0x5032D6B87B568048, 0x9A36B7CE8235216E, 0x80272A7A24F64B4A, + 0x93EFED8B8C6916F7, 0x37DDBFF44CCE1555, 0x4B95DB5D4B99BD25, + 0x92D3FDA169812FC0, 0xFB1A4A9A90660BB6, 0x730C196946A4B9B2, + 0x81E289AA7F49DA68, 0x64669A0F83B1A05F, 0x27B3FF7D9644F48B, + 0xCC6B615C8DB675B3, 0x674F20B9BCEBBE95, 0x6F31238275655982, + 0x5AE488713E45CF05, 0xBF619F9954C21157, 0xEABAC46040A8EAE9, + 0x454C6FE9F2C0C1CD, 0x419CF6496412691C, 0xD3DC3BEF265B0F70, + 0x6D0E60F5C3578A9E }; + +const u64bit Tiger::SBOX4[256] = { + 0x5B0E608526323C55, 0x1A46C1A9FA1B59F5, 0xA9E245A17C4C8FFA, + 0x65CA5159DB2955D7, 0x05DB0A76CE35AFC2, 0x81EAC77EA9113D45, + 0x528EF88AB6AC0A0D, 0xA09EA253597BE3FF, 0x430DDFB3AC48CD56, + 0xC4B3A67AF45CE46F, 0x4ECECFD8FBE2D05E, 0x3EF56F10B39935F0, + 0x0B22D6829CD619C6, 0x17FD460A74DF2069, 0x6CF8CC8E8510ED40, + 0xD6C824BF3A6ECAA7, 0x61243D581A817049, 0x048BACB6BBC163A2, + 0xD9A38AC27D44CC32, 0x7FDDFF5BAAF410AB, 0xAD6D495AA804824B, + 0xE1A6A74F2D8C9F94, 0xD4F7851235DEE8E3, 0xFD4B7F886540D893, + 0x247C20042AA4BFDA, 0x096EA1C517D1327C, 0xD56966B4361A6685, + 0x277DA5C31221057D, 0x94D59893A43ACFF7, 0x64F0C51CCDC02281, + 0x3D33BCC4FF6189DB, 0xE005CB184CE66AF1, 0xFF5CCD1D1DB99BEA, + 0xB0B854A7FE42980F, 0x7BD46A6A718D4B9F, 0xD10FA8CC22A5FD8C, + 0xD31484952BE4BD31, 0xC7FA975FCB243847, 0x4886ED1E5846C407, + 0x28CDDB791EB70B04, 0xC2B00BE2F573417F, 0x5C9590452180F877, + 0x7A6BDDFFF370EB00, 0xCE509E38D6D9D6A4, 0xEBEB0F00647FA702, + 0x1DCC06CF76606F06, 0xE4D9F28BA286FF0A, 0xD85A305DC918C262, + 0x475B1D8732225F54, 0x2D4FB51668CCB5FE, 0xA679B9D9D72BBA20, + 0x53841C0D912D43A5, 0x3B7EAA48BF12A4E8, 0x781E0E47F22F1DDF, + 0xEFF20CE60AB50973, 0x20D261D19DFFB742, 0x16A12B03062A2E39, + 0x1960EB2239650495, 0x251C16FED50EB8B8, 0x9AC0C330F826016E, + 0xED152665953E7671, 0x02D63194A6369570, 0x5074F08394B1C987, + 0x70BA598C90B25CE1, 0x794A15810B9742F6, 0x0D5925E9FCAF8C6C, + 0x3067716CD868744E, 0x910AB077E8D7731B, 0x6A61BBDB5AC42F61, + 0x93513EFBF0851567, 0xF494724B9E83E9D5, 0xE887E1985C09648D, + 0x34B1D3C675370CFD, 0xDC35E433BC0D255D, 0xD0AAB84234131BE0, + 0x08042A50B48B7EAF, 0x9997C4EE44A3AB35, 0x829A7B49201799D0, + 0x263B8307B7C54441, 0x752F95F4FD6A6CA6, 0x927217402C08C6E5, + 0x2A8AB754A795D9EE, 0xA442F7552F72943D, 0x2C31334E19781208, + 0x4FA98D7CEAEE6291, 0x55C3862F665DB309, 0xBD0610175D53B1F3, + 0x46FE6CB840413F27, 0x3FE03792DF0CFA59, 0xCFE700372EB85E8F, + 0xA7BE29E7ADBCE118, 0xE544EE5CDE8431DD, 0x8A781B1B41F1873E, + 0xA5C94C78A0D2F0E7, 0x39412E2877B60728, 0xA1265EF3AFC9A62C, + 0xBCC2770C6A2506C5, 0x3AB66DD5DCE1CE12, 0xE65499D04A675B37, + 0x7D8F523481BFD216, 0x0F6F64FCEC15F389, 0x74EFBE618B5B13C8, + 0xACDC82B714273E1D, 0xDD40BFE003199D17, 0x37E99257E7E061F8, + 0xFA52626904775AAA, 0x8BBBF63A463D56F9, 0xF0013F1543A26E64, + 0xA8307E9F879EC898, 0xCC4C27A4150177CC, 0x1B432F2CCA1D3348, + 0xDE1D1F8F9F6FA013, 0x606602A047A7DDD6, 0xD237AB64CC1CB2C7, + 0x9B938E7225FCD1D3, 0xEC4E03708E0FF476, 0xFEB2FBDA3D03C12D, + 0xAE0BCED2EE43889A, 0x22CB8923EBFB4F43, 0x69360D013CF7396D, + 0x855E3602D2D4E022, 0x073805BAD01F784C, 0x33E17A133852F546, + 0xDF4874058AC7B638, 0xBA92B29C678AA14A, 0x0CE89FC76CFAADCD, + 0x5F9D4E0908339E34, 0xF1AFE9291F5923B9, 0x6E3480F60F4A265F, + 0xEEBF3A2AB29B841C, 0xE21938A88F91B4AD, 0x57DFEFF845C6D3C3, + 0x2F006B0BF62CAAF2, 0x62F479EF6F75EE78, 0x11A55AD41C8916A9, + 0xF229D29084FED453, 0x42F1C27B16B000E6, 0x2B1F76749823C074, + 0x4B76ECA3C2745360, 0x8C98F463B91691BD, 0x14BCC93CF1ADE66A, + 0x8885213E6D458397, 0x8E177DF0274D4711, 0xB49B73B5503F2951, + 0x10168168C3F96B6B, 0x0E3D963B63CAB0AE, 0x8DFC4B5655A1DB14, + 0xF789F1356E14DE5C, 0x683E68AF4E51DAC1, 0xC9A84F9D8D4B0FD9, + 0x3691E03F52A0F9D1, 0x5ED86E46E1878E80, 0x3C711A0E99D07150, + 0x5A0865B20C4E9310, 0x56FBFC1FE4F0682E, 0xEA8D5DE3105EDF9B, + 0x71ABFDB12379187A, 0x2EB99DE1BEE77B9C, 0x21ECC0EA33CF4523, + 0x59A4D7521805C7A1, 0x3896F5EB56AE7C72, 0xAA638F3DB18F75DC, + 0x9F39358DABE9808E, 0xB7DEFA91C00B72AC, 0x6B5541FD62492D92, + 0x6DC6DEE8F92E4D5B, 0x353F57ABC4BEEA7E, 0x735769D6DA5690CE, + 0x0A234AA642391484, 0xF6F9508028F80D9D, 0xB8E319A27AB3F215, + 0x31AD9C1151341A4D, 0x773C22A57BEF5805, 0x45C7561A07968633, + 0xF913DA9E249DBE36, 0xDA652D9B78A64C68, 0x4C27A97F3BC334EF, + 0x76621220E66B17F4, 0x967743899ACD7D0B, 0xF3EE5BCAE0ED6782, + 0x409F753600C879FC, 0x06D09A39B5926DB6, 0x6F83AEB0317AC588, + 0x01E6CA4A86381F21, 0x66FF3462D19F3025, 0x72207C24DDFD3BFB, + 0x4AF6B6D3E2ECE2EB, 0x9C994DBEC7EA08DE, 0x49ACE597B09A8BC4, + 0xB38C4766CF0797BA, 0x131B9373C57C2A75, 0xB1822CCE61931E58, + 0x9D7555B909BA1C0C, 0x127FAFDD937D11D2, 0x29DA3BADC66D92E4, + 0xA2C1D57154C2ECBC, 0x58C5134D82F6FE24, 0x1C3AE3515B62274F, + 0xE907C82E01CB8126, 0xF8ED091913E37FCB, 0x3249D8F9C80046C9, + 0x80CF9BEDE388FB63, 0x1881539A116CF19E, 0x5103F3F76BD52457, + 0x15B7E6F5AE47F7A8, 0xDBD7C6DED47E9CCF, 0x44E55C410228BB1A, + 0xB647D4255EDB4E99, 0x5D11882BB8AAFC30, 0xF5098BBB29D3212A, + 0x8FB5EA14E90296B3, 0x677B942157DD025A, 0xFB58E7C0A390ACB5, + 0x89D3674C83BD4A01, 0x9E2DA4DF4BF3B93B, 0xFCC41E328CAB4829, + 0x03F38C96BA582C52, 0xCAD1BDBD7FD85DB2, 0xBBB442C16082AE83, + 0xB95FE86BA5DA9AB0, 0xB22E04673771A93F, 0x845358C9493152D8, + 0xBE2A488697B4541E, 0x95A2DC2DD38E6966, 0xC02C11AC923C852B, + 0x2388B1990DF2A87B, 0x7C8008FA1B4F37BE, 0x1F70D0C84D54E503, + 0x5490ADEC7ECE57D4, 0x002B3C27D9063A3A, 0x7EAEA3848030A2BF, + 0xC602326DED2003C0, 0x83A7287D69A94086, 0xC57A5FCB30F57A8A, + 0xB56844E479EBE779, 0xA373B40F05DCBCE9, 0xD71A786E88570EE2, + 0x879CBACDBDE8F6A0, 0x976AD1BCC164A32F, 0xAB21E25E9666D78B, + 0x901063AAE5E5C33C, 0x9818B34448698D90, 0xE36487AE3E1E8ABB, + 0xAFBDF931893BDCB4, 0x6345A0DC5FBBD519, 0x8628FE269B9465CA, + 0x1E5D01603F9C51EC, 0x4DE44006A15049B7, 0xBF6C70E5F776CBB1, + 0x411218F2EF552BED, 0xCB0C0708705A36A3, 0xE74D14754F986044, + 0xCD56D9430EA8280E, 0xC12591D7535F5065, 0xC83223F1720AEF96, + 0xC3A0396F7363A51F }; + +} diff --git a/src/hash/tiger/tiger.cpp b/src/hash/tiger/tiger.cpp new file mode 100644 index 000000000..78bba0521 --- /dev/null +++ b/src/hash/tiger/tiger.cpp @@ -0,0 +1,155 @@ +/************************************************* +* Tiger Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/tiger.h> +#include <botan/loadstor.h> +#include <botan/parsing.h> + +namespace Botan { + +/************************************************* +* Tiger Compression Function * +*************************************************/ +void Tiger::hash(const byte input[]) + { + for(u32bit j = 0; j != 8; ++j) + X[j] = load_le<u64bit>(input, j); + + u64bit A = digest[0], B = digest[1], C = digest[2]; + + pass(A, B, C, X, 5); mix(X); + pass(C, A, B, X, 7); mix(X); + pass(B, C, A, X, 9); + + for(u32bit j = 3; j != PASS; ++j) + { + mix(X); + pass(A, B, C, X, 9); + u64bit T = A; A = C; C = B; B = T; + } + + digest[0] ^= A; digest[1] = B - digest[1]; digest[2] += C; + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void Tiger::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; ++j) + output[j] = get_byte(7 - (j % 8), digest[j/8]); + } + +/************************************************* +* Tiger Pass * +*************************************************/ +void Tiger::pass(u64bit& A, u64bit& B, u64bit& C, u64bit X[8], byte mul) + { + C ^= X[0]; + A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^ + SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)]; + B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^ + SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)]; + B *= mul; + + A ^= X[1]; + B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^ + SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)]; + C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^ + SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)]; + C *= mul; + + B ^= X[2]; + C -= SBOX1[get_byte(7, B)] ^ SBOX2[get_byte(5, B)] ^ + SBOX3[get_byte(3, B)] ^ SBOX4[get_byte(1, B)]; + A += SBOX1[get_byte(0, B)] ^ SBOX2[get_byte(2, B)] ^ + SBOX3[get_byte(4, B)] ^ SBOX4[get_byte(6, B)]; + A *= mul; + + C ^= X[3]; + A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^ + SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)]; + B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^ + SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)]; + B *= mul; + + A ^= X[4]; + B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^ + SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)]; + C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^ + SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)]; + C *= mul; + + B ^= X[5]; + C -= SBOX1[get_byte(7, B)] ^ SBOX2[get_byte(5, B)] ^ + SBOX3[get_byte(3, B)] ^ SBOX4[get_byte(1, B)]; + A += SBOX1[get_byte(0, B)] ^ SBOX2[get_byte(2, B)] ^ + SBOX3[get_byte(4, B)] ^ SBOX4[get_byte(6, B)]; + A *= mul; + + C ^= X[6]; + A -= SBOX1[get_byte(7, C)] ^ SBOX2[get_byte(5, C)] ^ + SBOX3[get_byte(3, C)] ^ SBOX4[get_byte(1, C)]; + B += SBOX1[get_byte(0, C)] ^ SBOX2[get_byte(2, C)] ^ + SBOX3[get_byte(4, C)] ^ SBOX4[get_byte(6, C)]; + B *= mul; + + A ^= X[7]; + B -= SBOX1[get_byte(7, A)] ^ SBOX2[get_byte(5, A)] ^ + SBOX3[get_byte(3, A)] ^ SBOX4[get_byte(1, A)]; + C += SBOX1[get_byte(0, A)] ^ SBOX2[get_byte(2, A)] ^ + SBOX3[get_byte(4, A)] ^ SBOX4[get_byte(6, A)]; + C *= mul; + } + +/************************************************* +* Tiger Mixing Function * +*************************************************/ +void Tiger::mix(u64bit X[8]) + { + X[0] -= X[7] ^ 0xA5A5A5A5A5A5A5A5; X[1] ^= X[0]; + X[2] += X[1]; X[3] -= X[2] ^ ((~X[1]) << 19); X[4] ^= X[3]; + X[5] += X[4]; X[6] -= X[5] ^ ((~X[4]) >> 23); X[7] ^= X[6]; + X[0] += X[7]; X[1] -= X[0] ^ ((~X[7]) << 19); X[2] ^= X[1]; + X[3] += X[2]; X[4] -= X[3] ^ ((~X[2]) >> 23); X[5] ^= X[4]; + X[6] += X[5]; X[7] -= X[6] ^ 0x0123456789ABCDEF; + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void Tiger::clear() throw() + { + MDx_HashFunction::clear(); + X.clear(); + digest[0] = 0x0123456789ABCDEF; + digest[1] = 0xFEDCBA9876543210; + digest[2] = 0xF096A5B4C3B2E187; + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string Tiger::name() const + { + return "Tiger(" + to_string(OUTPUT_LENGTH) + "," + to_string(PASS) + ")"; + } + +/************************************************* +* Tiger Constructor * +*************************************************/ +Tiger::Tiger(u32bit hashlen, u32bit pass) : + MDx_HashFunction(hashlen, 64, false, false), PASS(pass) + { + if(OUTPUT_LENGTH != 16 && OUTPUT_LENGTH != 20 && OUTPUT_LENGTH != 24) + throw Invalid_Argument("Tiger: Illegal hash output size: " + + to_string(OUTPUT_LENGTH)); + if(PASS < 3) + throw Invalid_Argument("Tiger: Invalid number of passes: " + + to_string(PASS)); + clear(); + } + +} diff --git a/src/hash/tiger/tiger.h b/src/hash/tiger/tiger.h new file mode 100644 index 000000000..4c95fa784 --- /dev/null +++ b/src/hash/tiger/tiger.h @@ -0,0 +1,42 @@ +/************************************************* +* Tiger Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_TIGER_H__ +#define BOTAN_TIGER_H__ + +#include <botan/mdx_hash.h> + +namespace Botan { + +/************************************************* +* Tiger * +*************************************************/ +class BOTAN_DLL Tiger : public MDx_HashFunction + { + public: + void clear() throw(); + std::string name() const; + HashFunction* clone() const { return new Tiger(OUTPUT_LENGTH); } + Tiger(u32bit = 24, u32bit = 3); + private: + void hash(const byte[]); + void copy_out(byte[]); + + static void pass(u64bit&, u64bit&, u64bit&, u64bit[8], byte); + static void mix(u64bit[8]); + + static const u64bit SBOX1[256]; + static const u64bit SBOX2[256]; + static const u64bit SBOX3[256]; + static const u64bit SBOX4[256]; + + SecureBuffer<u64bit, 8> X; + SecureBuffer<u64bit, 3> digest; + const u32bit PASS; + }; + +} + +#endif diff --git a/src/hash/whirlpool/modinfo.txt b/src/hash/whirlpool/modinfo.txt new file mode 100644 index 000000000..9d069efee --- /dev/null +++ b/src/hash/whirlpool/modinfo.txt @@ -0,0 +1,11 @@ +realname "Whirlpool" + +define WHIRLPOOL + +load_on auto + +<add> +whrl_tab.cpp +whrlpool.cpp +whrlpool.h +</add> diff --git a/src/hash/whirlpool/whrl_tab.cpp b/src/hash/whirlpool/whrl_tab.cpp new file mode 100644 index 000000000..bd616ca27 --- /dev/null +++ b/src/hash/whirlpool/whrl_tab.cpp @@ -0,0 +1,538 @@ +/************************************************* +* Diffusion Tables for Whirlpool * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/whrlpool.h> + +namespace Botan { + +const u64bit Whirlpool::C0[256] = { +0x18186018C07830D8, 0x23238C2305AF4626, 0xC6C63FC67EF991B8, 0xE8E887E8136FCDFB, +0x878726874CA113CB, 0xB8B8DAB8A9626D11, 0x0101040108050209, 0x4F4F214F426E9E0D, +0x3636D836ADEE6C9B, 0xA6A6A2A6590451FF, 0xD2D26FD2DEBDB90C, 0xF5F5F3F5FB06F70E, +0x7979F979EF80F296, 0x6F6FA16F5FCEDE30, 0x91917E91FCEF3F6D, 0x52525552AA07A4F8, +0x60609D6027FDC047, 0xBCBCCABC89766535, 0x9B9B569BACCD2B37, 0x8E8E028E048C018A, +0xA3A3B6A371155BD2, 0x0C0C300C603C186C, 0x7B7BF17BFF8AF684, 0x3535D435B5E16A80, +0x1D1D741DE8693AF5, 0xE0E0A7E05347DDB3, 0xD7D77BD7F6ACB321, 0xC2C22FC25EED999C, +0x2E2EB82E6D965C43, 0x4B4B314B627A9629, 0xFEFEDFFEA321E15D, 0x575741578216AED5, +0x15155415A8412ABD, 0x7777C1779FB6EEE8, 0x3737DC37A5EB6E92, 0xE5E5B3E57B56D79E, +0x9F9F469F8CD92313, 0xF0F0E7F0D317FD23, 0x4A4A354A6A7F9420, 0xDADA4FDA9E95A944, +0x58587D58FA25B0A2, 0xC9C903C906CA8FCF, 0x2929A429558D527C, 0x0A0A280A5022145A, +0xB1B1FEB1E14F7F50, 0xA0A0BAA0691A5DC9, 0x6B6BB16B7FDAD614, 0x85852E855CAB17D9, +0xBDBDCEBD8173673C, 0x5D5D695DD234BA8F, 0x1010401080502090, 0xF4F4F7F4F303F507, +0xCBCB0BCB16C08BDD, 0x3E3EF83EEDC67CD3, 0x0505140528110A2D, 0x676781671FE6CE78, +0xE4E4B7E47353D597, 0x27279C2725BB4E02, 0x4141194132588273, 0x8B8B168B2C9D0BA7, +0xA7A7A6A7510153F6, 0x7D7DE97DCF94FAB2, 0x95956E95DCFB3749, 0xD8D847D88E9FAD56, +0xFBFBCBFB8B30EB70, 0xEEEE9FEE2371C1CD, 0x7C7CED7CC791F8BB, 0x6666856617E3CC71, +0xDDDD53DDA68EA77B, 0x17175C17B84B2EAF, 0x4747014702468E45, 0x9E9E429E84DC211A, +0xCACA0FCA1EC589D4, 0x2D2DB42D75995A58, 0xBFBFC6BF9179632E, 0x07071C07381B0E3F, +0xADAD8EAD012347AC, 0x5A5A755AEA2FB4B0, 0x838336836CB51BEF, 0x3333CC3385FF66B6, +0x636391633FF2C65C, 0x02020802100A0412, 0xAAAA92AA39384993, 0x7171D971AFA8E2DE, +0xC8C807C80ECF8DC6, 0x19196419C87D32D1, 0x494939497270923B, 0xD9D943D9869AAF5F, +0xF2F2EFF2C31DF931, 0xE3E3ABE34B48DBA8, 0x5B5B715BE22AB6B9, 0x88881A8834920DBC, +0x9A9A529AA4C8293E, 0x262698262DBE4C0B, 0x3232C8328DFA64BF, 0xB0B0FAB0E94A7D59, +0xE9E983E91B6ACFF2, 0x0F0F3C0F78331E77, 0xD5D573D5E6A6B733, 0x80803A8074BA1DF4, +0xBEBEC2BE997C6127, 0xCDCD13CD26DE87EB, 0x3434D034BDE46889, 0x48483D487A759032, +0xFFFFDBFFAB24E354, 0x7A7AF57AF78FF48D, 0x90907A90F4EA3D64, 0x5F5F615FC23EBE9D, +0x202080201DA0403D, 0x6868BD6867D5D00F, 0x1A1A681AD07234CA, 0xAEAE82AE192C41B7, +0xB4B4EAB4C95E757D, 0x54544D549A19A8CE, 0x93937693ECE53B7F, 0x222288220DAA442F, +0x64648D6407E9C863, 0xF1F1E3F1DB12FF2A, 0x7373D173BFA2E6CC, 0x12124812905A2482, +0x40401D403A5D807A, 0x0808200840281048, 0xC3C32BC356E89B95, 0xECEC97EC337BC5DF, +0xDBDB4BDB9690AB4D, 0xA1A1BEA1611F5FC0, 0x8D8D0E8D1C830791, 0x3D3DF43DF5C97AC8, +0x97976697CCF1335B, 0x0000000000000000, 0xCFCF1BCF36D483F9, 0x2B2BAC2B4587566E, +0x7676C57697B3ECE1, 0x8282328264B019E6, 0xD6D67FD6FEA9B128, 0x1B1B6C1BD87736C3, +0xB5B5EEB5C15B7774, 0xAFAF86AF112943BE, 0x6A6AB56A77DFD41D, 0x50505D50BA0DA0EA, +0x45450945124C8A57, 0xF3F3EBF3CB18FB38, 0x3030C0309DF060AD, 0xEFEF9BEF2B74C3C4, +0x3F3FFC3FE5C37EDA, 0x55554955921CAAC7, 0xA2A2B2A2791059DB, 0xEAEA8FEA0365C9E9, +0x656589650FECCA6A, 0xBABAD2BAB9686903, 0x2F2FBC2F65935E4A, 0xC0C027C04EE79D8E, +0xDEDE5FDEBE81A160, 0x1C1C701CE06C38FC, 0xFDFDD3FDBB2EE746, 0x4D4D294D52649A1F, +0x92927292E4E03976, 0x7575C9758FBCEAFA, 0x06061806301E0C36, 0x8A8A128A249809AE, +0xB2B2F2B2F940794B, 0xE6E6BFE66359D185, 0x0E0E380E70361C7E, 0x1F1F7C1FF8633EE7, +0x6262956237F7C455, 0xD4D477D4EEA3B53A, 0xA8A89AA829324D81, 0x96966296C4F43152, +0xF9F9C3F99B3AEF62, 0xC5C533C566F697A3, 0x2525942535B14A10, 0x59597959F220B2AB, +0x84842A8454AE15D0, 0x7272D572B7A7E4C5, 0x3939E439D5DD72EC, 0x4C4C2D4C5A619816, +0x5E5E655ECA3BBC94, 0x7878FD78E785F09F, 0x3838E038DDD870E5, 0x8C8C0A8C14860598, +0xD1D163D1C6B2BF17, 0xA5A5AEA5410B57E4, 0xE2E2AFE2434DD9A1, 0x616199612FF8C24E, +0xB3B3F6B3F1457B42, 0x2121842115A54234, 0x9C9C4A9C94D62508, 0x1E1E781EF0663CEE, +0x4343114322528661, 0xC7C73BC776FC93B1, 0xFCFCD7FCB32BE54F, 0x0404100420140824, +0x51515951B208A2E3, 0x99995E99BCC72F25, 0x6D6DA96D4FC4DA22, 0x0D0D340D68391A65, +0xFAFACFFA8335E979, 0xDFDF5BDFB684A369, 0x7E7EE57ED79BFCA9, 0x242490243DB44819, +0x3B3BEC3BC5D776FE, 0xABAB96AB313D4B9A, 0xCECE1FCE3ED181F0, 0x1111441188552299, +0x8F8F068F0C890383, 0x4E4E254E4A6B9C04, 0xB7B7E6B7D1517366, 0xEBEB8BEB0B60CBE0, +0x3C3CF03CFDCC78C1, 0x81813E817CBF1FFD, 0x94946A94D4FE3540, 0xF7F7FBF7EB0CF31C, +0xB9B9DEB9A1676F18, 0x13134C13985F268B, 0x2C2CB02C7D9C5851, 0xD3D36BD3D6B8BB05, +0xE7E7BBE76B5CD38C, 0x6E6EA56E57CBDC39, 0xC4C437C46EF395AA, 0x03030C03180F061B, +0x565645568A13ACDC, 0x44440D441A49885E, 0x7F7FE17FDF9EFEA0, 0xA9A99EA921374F88, +0x2A2AA82A4D825467, 0xBBBBD6BBB16D6B0A, 0xC1C123C146E29F87, 0x53535153A202A6F1, +0xDCDC57DCAE8BA572, 0x0B0B2C0B58271653, 0x9D9D4E9D9CD32701, 0x6C6CAD6C47C1D82B, +0x3131C43195F562A4, 0x7474CD7487B9E8F3, 0xF6F6FFF6E309F115, 0x464605460A438C4C, +0xACAC8AAC092645A5, 0x89891E893C970FB5, 0x14145014A04428B4, 0xE1E1A3E15B42DFBA, +0x16165816B04E2CA6, 0x3A3AE83ACDD274F7, 0x6969B9696FD0D206, 0x09092409482D1241, +0x7070DD70A7ADE0D7, 0xB6B6E2B6D954716F, 0xD0D067D0CEB7BD1E, 0xEDED93ED3B7EC7D6, +0xCCCC17CC2EDB85E2, 0x424215422A578468, 0x98985A98B4C22D2C, 0xA4A4AAA4490E55ED, +0x2828A0285D885075, 0x5C5C6D5CDA31B886, 0xF8F8C7F8933FED6B, 0x8686228644A411C2 }; + +const u64bit Whirlpool::C1[256] = { +0xD818186018C07830, 0x2623238C2305AF46, 0xB8C6C63FC67EF991, 0xFBE8E887E8136FCD, +0xCB878726874CA113, 0x11B8B8DAB8A9626D, 0x0901010401080502, 0x0D4F4F214F426E9E, +0x9B3636D836ADEE6C, 0xFFA6A6A2A6590451, 0x0CD2D26FD2DEBDB9, 0x0EF5F5F3F5FB06F7, +0x967979F979EF80F2, 0x306F6FA16F5FCEDE, 0x6D91917E91FCEF3F, 0xF852525552AA07A4, +0x4760609D6027FDC0, 0x35BCBCCABC897665, 0x379B9B569BACCD2B, 0x8A8E8E028E048C01, +0xD2A3A3B6A371155B, 0x6C0C0C300C603C18, 0x847B7BF17BFF8AF6, 0x803535D435B5E16A, +0xF51D1D741DE8693A, 0xB3E0E0A7E05347DD, 0x21D7D77BD7F6ACB3, 0x9CC2C22FC25EED99, +0x432E2EB82E6D965C, 0x294B4B314B627A96, 0x5DFEFEDFFEA321E1, 0xD5575741578216AE, +0xBD15155415A8412A, 0xE87777C1779FB6EE, 0x923737DC37A5EB6E, 0x9EE5E5B3E57B56D7, +0x139F9F469F8CD923, 0x23F0F0E7F0D317FD, 0x204A4A354A6A7F94, 0x44DADA4FDA9E95A9, +0xA258587D58FA25B0, 0xCFC9C903C906CA8F, 0x7C2929A429558D52, 0x5A0A0A280A502214, +0x50B1B1FEB1E14F7F, 0xC9A0A0BAA0691A5D, 0x146B6BB16B7FDAD6, 0xD985852E855CAB17, +0x3CBDBDCEBD817367, 0x8F5D5D695DD234BA, 0x9010104010805020, 0x07F4F4F7F4F303F5, +0xDDCBCB0BCB16C08B, 0xD33E3EF83EEDC67C, 0x2D0505140528110A, 0x78676781671FE6CE, +0x97E4E4B7E47353D5, 0x0227279C2725BB4E, 0x7341411941325882, 0xA78B8B168B2C9D0B, +0xF6A7A7A6A7510153, 0xB27D7DE97DCF94FA, 0x4995956E95DCFB37, 0x56D8D847D88E9FAD, +0x70FBFBCBFB8B30EB, 0xCDEEEE9FEE2371C1, 0xBB7C7CED7CC791F8, 0x716666856617E3CC, +0x7BDDDD53DDA68EA7, 0xAF17175C17B84B2E, 0x454747014702468E, 0x1A9E9E429E84DC21, +0xD4CACA0FCA1EC589, 0x582D2DB42D75995A, 0x2EBFBFC6BF917963, 0x3F07071C07381B0E, +0xACADAD8EAD012347, 0xB05A5A755AEA2FB4, 0xEF838336836CB51B, 0xB63333CC3385FF66, +0x5C636391633FF2C6, 0x1202020802100A04, 0x93AAAA92AA393849, 0xDE7171D971AFA8E2, +0xC6C8C807C80ECF8D, 0xD119196419C87D32, 0x3B49493949727092, 0x5FD9D943D9869AAF, +0x31F2F2EFF2C31DF9, 0xA8E3E3ABE34B48DB, 0xB95B5B715BE22AB6, 0xBC88881A8834920D, +0x3E9A9A529AA4C829, 0x0B262698262DBE4C, 0xBF3232C8328DFA64, 0x59B0B0FAB0E94A7D, +0xF2E9E983E91B6ACF, 0x770F0F3C0F78331E, 0x33D5D573D5E6A6B7, 0xF480803A8074BA1D, +0x27BEBEC2BE997C61, 0xEBCDCD13CD26DE87, 0x893434D034BDE468, 0x3248483D487A7590, +0x54FFFFDBFFAB24E3, 0x8D7A7AF57AF78FF4, 0x6490907A90F4EA3D, 0x9D5F5F615FC23EBE, +0x3D202080201DA040, 0x0F6868BD6867D5D0, 0xCA1A1A681AD07234, 0xB7AEAE82AE192C41, +0x7DB4B4EAB4C95E75, 0xCE54544D549A19A8, 0x7F93937693ECE53B, 0x2F222288220DAA44, +0x6364648D6407E9C8, 0x2AF1F1E3F1DB12FF, 0xCC7373D173BFA2E6, 0x8212124812905A24, +0x7A40401D403A5D80, 0x4808082008402810, 0x95C3C32BC356E89B, 0xDFECEC97EC337BC5, +0x4DDBDB4BDB9690AB, 0xC0A1A1BEA1611F5F, 0x918D8D0E8D1C8307, 0xC83D3DF43DF5C97A, +0x5B97976697CCF133, 0x0000000000000000, 0xF9CFCF1BCF36D483, 0x6E2B2BAC2B458756, +0xE17676C57697B3EC, 0xE68282328264B019, 0x28D6D67FD6FEA9B1, 0xC31B1B6C1BD87736, +0x74B5B5EEB5C15B77, 0xBEAFAF86AF112943, 0x1D6A6AB56A77DFD4, 0xEA50505D50BA0DA0, +0x5745450945124C8A, 0x38F3F3EBF3CB18FB, 0xAD3030C0309DF060, 0xC4EFEF9BEF2B74C3, +0xDA3F3FFC3FE5C37E, 0xC755554955921CAA, 0xDBA2A2B2A2791059, 0xE9EAEA8FEA0365C9, +0x6A656589650FECCA, 0x03BABAD2BAB96869, 0x4A2F2FBC2F65935E, 0x8EC0C027C04EE79D, +0x60DEDE5FDEBE81A1, 0xFC1C1C701CE06C38, 0x46FDFDD3FDBB2EE7, 0x1F4D4D294D52649A, +0x7692927292E4E039, 0xFA7575C9758FBCEA, 0x3606061806301E0C, 0xAE8A8A128A249809, +0x4BB2B2F2B2F94079, 0x85E6E6BFE66359D1, 0x7E0E0E380E70361C, 0xE71F1F7C1FF8633E, +0x556262956237F7C4, 0x3AD4D477D4EEA3B5, 0x81A8A89AA829324D, 0x5296966296C4F431, +0x62F9F9C3F99B3AEF, 0xA3C5C533C566F697, 0x102525942535B14A, 0xAB59597959F220B2, +0xD084842A8454AE15, 0xC57272D572B7A7E4, 0xEC3939E439D5DD72, 0x164C4C2D4C5A6198, +0x945E5E655ECA3BBC, 0x9F7878FD78E785F0, 0xE53838E038DDD870, 0x988C8C0A8C148605, +0x17D1D163D1C6B2BF, 0xE4A5A5AEA5410B57, 0xA1E2E2AFE2434DD9, 0x4E616199612FF8C2, +0x42B3B3F6B3F1457B, 0x342121842115A542, 0x089C9C4A9C94D625, 0xEE1E1E781EF0663C, +0x6143431143225286, 0xB1C7C73BC776FC93, 0x4FFCFCD7FCB32BE5, 0x2404041004201408, +0xE351515951B208A2, 0x2599995E99BCC72F, 0x226D6DA96D4FC4DA, 0x650D0D340D68391A, +0x79FAFACFFA8335E9, 0x69DFDF5BDFB684A3, 0xA97E7EE57ED79BFC, 0x19242490243DB448, +0xFE3B3BEC3BC5D776, 0x9AABAB96AB313D4B, 0xF0CECE1FCE3ED181, 0x9911114411885522, +0x838F8F068F0C8903, 0x044E4E254E4A6B9C, 0x66B7B7E6B7D15173, 0xE0EBEB8BEB0B60CB, +0xC13C3CF03CFDCC78, 0xFD81813E817CBF1F, 0x4094946A94D4FE35, 0x1CF7F7FBF7EB0CF3, +0x18B9B9DEB9A1676F, 0x8B13134C13985F26, 0x512C2CB02C7D9C58, 0x05D3D36BD3D6B8BB, +0x8CE7E7BBE76B5CD3, 0x396E6EA56E57CBDC, 0xAAC4C437C46EF395, 0x1B03030C03180F06, +0xDC565645568A13AC, 0x5E44440D441A4988, 0xA07F7FE17FDF9EFE, 0x88A9A99EA921374F, +0x672A2AA82A4D8254, 0x0ABBBBD6BBB16D6B, 0x87C1C123C146E29F, 0xF153535153A202A6, +0x72DCDC57DCAE8BA5, 0x530B0B2C0B582716, 0x019D9D4E9D9CD327, 0x2B6C6CAD6C47C1D8, +0xA43131C43195F562, 0xF37474CD7487B9E8, 0x15F6F6FFF6E309F1, 0x4C464605460A438C, +0xA5ACAC8AAC092645, 0xB589891E893C970F, 0xB414145014A04428, 0xBAE1E1A3E15B42DF, +0xA616165816B04E2C, 0xF73A3AE83ACDD274, 0x066969B9696FD0D2, 0x4109092409482D12, +0xD77070DD70A7ADE0, 0x6FB6B6E2B6D95471, 0x1ED0D067D0CEB7BD, 0xD6EDED93ED3B7EC7, +0xE2CCCC17CC2EDB85, 0x68424215422A5784, 0x2C98985A98B4C22D, 0xEDA4A4AAA4490E55, +0x752828A0285D8850, 0x865C5C6D5CDA31B8, 0x6BF8F8C7F8933FED, 0xC28686228644A411 }; + +const u64bit Whirlpool::C2[256] = { +0x30D818186018C078, 0x462623238C2305AF, 0x91B8C6C63FC67EF9, 0xCDFBE8E887E8136F, +0x13CB878726874CA1, 0x6D11B8B8DAB8A962, 0x0209010104010805, 0x9E0D4F4F214F426E, +0x6C9B3636D836ADEE, 0x51FFA6A6A2A65904, 0xB90CD2D26FD2DEBD, 0xF70EF5F5F3F5FB06, +0xF2967979F979EF80, 0xDE306F6FA16F5FCE, 0x3F6D91917E91FCEF, 0xA4F852525552AA07, +0xC04760609D6027FD, 0x6535BCBCCABC8976, 0x2B379B9B569BACCD, 0x018A8E8E028E048C, +0x5BD2A3A3B6A37115, 0x186C0C0C300C603C, 0xF6847B7BF17BFF8A, 0x6A803535D435B5E1, +0x3AF51D1D741DE869, 0xDDB3E0E0A7E05347, 0xB321D7D77BD7F6AC, 0x999CC2C22FC25EED, +0x5C432E2EB82E6D96, 0x96294B4B314B627A, 0xE15DFEFEDFFEA321, 0xAED5575741578216, +0x2ABD15155415A841, 0xEEE87777C1779FB6, 0x6E923737DC37A5EB, 0xD79EE5E5B3E57B56, +0x23139F9F469F8CD9, 0xFD23F0F0E7F0D317, 0x94204A4A354A6A7F, 0xA944DADA4FDA9E95, +0xB0A258587D58FA25, 0x8FCFC9C903C906CA, 0x527C2929A429558D, 0x145A0A0A280A5022, +0x7F50B1B1FEB1E14F, 0x5DC9A0A0BAA0691A, 0xD6146B6BB16B7FDA, 0x17D985852E855CAB, +0x673CBDBDCEBD8173, 0xBA8F5D5D695DD234, 0x2090101040108050, 0xF507F4F4F7F4F303, +0x8BDDCBCB0BCB16C0, 0x7CD33E3EF83EEDC6, 0x0A2D050514052811, 0xCE78676781671FE6, +0xD597E4E4B7E47353, 0x4E0227279C2725BB, 0x8273414119413258, 0x0BA78B8B168B2C9D, +0x53F6A7A7A6A75101, 0xFAB27D7DE97DCF94, 0x374995956E95DCFB, 0xAD56D8D847D88E9F, +0xEB70FBFBCBFB8B30, 0xC1CDEEEE9FEE2371, 0xF8BB7C7CED7CC791, 0xCC716666856617E3, +0xA77BDDDD53DDA68E, 0x2EAF17175C17B84B, 0x8E45474701470246, 0x211A9E9E429E84DC, +0x89D4CACA0FCA1EC5, 0x5A582D2DB42D7599, 0x632EBFBFC6BF9179, 0x0E3F07071C07381B, +0x47ACADAD8EAD0123, 0xB4B05A5A755AEA2F, 0x1BEF838336836CB5, 0x66B63333CC3385FF, +0xC65C636391633FF2, 0x041202020802100A, 0x4993AAAA92AA3938, 0xE2DE7171D971AFA8, +0x8DC6C8C807C80ECF, 0x32D119196419C87D, 0x923B494939497270, 0xAF5FD9D943D9869A, +0xF931F2F2EFF2C31D, 0xDBA8E3E3ABE34B48, 0xB6B95B5B715BE22A, 0x0DBC88881A883492, +0x293E9A9A529AA4C8, 0x4C0B262698262DBE, 0x64BF3232C8328DFA, 0x7D59B0B0FAB0E94A, +0xCFF2E9E983E91B6A, 0x1E770F0F3C0F7833, 0xB733D5D573D5E6A6, 0x1DF480803A8074BA, +0x6127BEBEC2BE997C, 0x87EBCDCD13CD26DE, 0x68893434D034BDE4, 0x903248483D487A75, +0xE354FFFFDBFFAB24, 0xF48D7A7AF57AF78F, 0x3D6490907A90F4EA, 0xBE9D5F5F615FC23E, +0x403D202080201DA0, 0xD00F6868BD6867D5, 0x34CA1A1A681AD072, 0x41B7AEAE82AE192C, +0x757DB4B4EAB4C95E, 0xA8CE54544D549A19, 0x3B7F93937693ECE5, 0x442F222288220DAA, +0xC86364648D6407E9, 0xFF2AF1F1E3F1DB12, 0xE6CC7373D173BFA2, 0x248212124812905A, +0x807A40401D403A5D, 0x1048080820084028, 0x9B95C3C32BC356E8, 0xC5DFECEC97EC337B, +0xAB4DDBDB4BDB9690, 0x5FC0A1A1BEA1611F, 0x07918D8D0E8D1C83, 0x7AC83D3DF43DF5C9, +0x335B97976697CCF1, 0x0000000000000000, 0x83F9CFCF1BCF36D4, 0x566E2B2BAC2B4587, +0xECE17676C57697B3, 0x19E68282328264B0, 0xB128D6D67FD6FEA9, 0x36C31B1B6C1BD877, +0x7774B5B5EEB5C15B, 0x43BEAFAF86AF1129, 0xD41D6A6AB56A77DF, 0xA0EA50505D50BA0D, +0x8A5745450945124C, 0xFB38F3F3EBF3CB18, 0x60AD3030C0309DF0, 0xC3C4EFEF9BEF2B74, +0x7EDA3F3FFC3FE5C3, 0xAAC755554955921C, 0x59DBA2A2B2A27910, 0xC9E9EAEA8FEA0365, +0xCA6A656589650FEC, 0x6903BABAD2BAB968, 0x5E4A2F2FBC2F6593, 0x9D8EC0C027C04EE7, +0xA160DEDE5FDEBE81, 0x38FC1C1C701CE06C, 0xE746FDFDD3FDBB2E, 0x9A1F4D4D294D5264, +0x397692927292E4E0, 0xEAFA7575C9758FBC, 0x0C3606061806301E, 0x09AE8A8A128A2498, +0x794BB2B2F2B2F940, 0xD185E6E6BFE66359, 0x1C7E0E0E380E7036, 0x3EE71F1F7C1FF863, +0xC4556262956237F7, 0xB53AD4D477D4EEA3, 0x4D81A8A89AA82932, 0x315296966296C4F4, +0xEF62F9F9C3F99B3A, 0x97A3C5C533C566F6, 0x4A102525942535B1, 0xB2AB59597959F220, +0x15D084842A8454AE, 0xE4C57272D572B7A7, 0x72EC3939E439D5DD, 0x98164C4C2D4C5A61, +0xBC945E5E655ECA3B, 0xF09F7878FD78E785, 0x70E53838E038DDD8, 0x05988C8C0A8C1486, +0xBF17D1D163D1C6B2, 0x57E4A5A5AEA5410B, 0xD9A1E2E2AFE2434D, 0xC24E616199612FF8, +0x7B42B3B3F6B3F145, 0x42342121842115A5, 0x25089C9C4A9C94D6, 0x3CEE1E1E781EF066, +0x8661434311432252, 0x93B1C7C73BC776FC, 0xE54FFCFCD7FCB32B, 0x0824040410042014, +0xA2E351515951B208, 0x2F2599995E99BCC7, 0xDA226D6DA96D4FC4, 0x1A650D0D340D6839, +0xE979FAFACFFA8335, 0xA369DFDF5BDFB684, 0xFCA97E7EE57ED79B, 0x4819242490243DB4, +0x76FE3B3BEC3BC5D7, 0x4B9AABAB96AB313D, 0x81F0CECE1FCE3ED1, 0x2299111144118855, +0x03838F8F068F0C89, 0x9C044E4E254E4A6B, 0x7366B7B7E6B7D151, 0xCBE0EBEB8BEB0B60, +0x78C13C3CF03CFDCC, 0x1FFD81813E817CBF, 0x354094946A94D4FE, 0xF31CF7F7FBF7EB0C, +0x6F18B9B9DEB9A167, 0x268B13134C13985F, 0x58512C2CB02C7D9C, 0xBB05D3D36BD3D6B8, +0xD38CE7E7BBE76B5C, 0xDC396E6EA56E57CB, 0x95AAC4C437C46EF3, 0x061B03030C03180F, +0xACDC565645568A13, 0x885E44440D441A49, 0xFEA07F7FE17FDF9E, 0x4F88A9A99EA92137, +0x54672A2AA82A4D82, 0x6B0ABBBBD6BBB16D, 0x9F87C1C123C146E2, 0xA6F153535153A202, +0xA572DCDC57DCAE8B, 0x16530B0B2C0B5827, 0x27019D9D4E9D9CD3, 0xD82B6C6CAD6C47C1, +0x62A43131C43195F5, 0xE8F37474CD7487B9, 0xF115F6F6FFF6E309, 0x8C4C464605460A43, +0x45A5ACAC8AAC0926, 0x0FB589891E893C97, 0x28B414145014A044, 0xDFBAE1E1A3E15B42, +0x2CA616165816B04E, 0x74F73A3AE83ACDD2, 0xD2066969B9696FD0, 0x124109092409482D, +0xE0D77070DD70A7AD, 0x716FB6B6E2B6D954, 0xBD1ED0D067D0CEB7, 0xC7D6EDED93ED3B7E, +0x85E2CCCC17CC2EDB, 0x8468424215422A57, 0x2D2C98985A98B4C2, 0x55EDA4A4AAA4490E, +0x50752828A0285D88, 0xB8865C5C6D5CDA31, 0xED6BF8F8C7F8933F, 0x11C28686228644A4 }; + +const u64bit Whirlpool::C3[256] = { +0x7830D818186018C0, 0xAF462623238C2305, 0xF991B8C6C63FC67E, 0x6FCDFBE8E887E813, +0xA113CB878726874C, 0x626D11B8B8DAB8A9, 0x0502090101040108, 0x6E9E0D4F4F214F42, +0xEE6C9B3636D836AD, 0x0451FFA6A6A2A659, 0xBDB90CD2D26FD2DE, 0x06F70EF5F5F3F5FB, +0x80F2967979F979EF, 0xCEDE306F6FA16F5F, 0xEF3F6D91917E91FC, 0x07A4F852525552AA, +0xFDC04760609D6027, 0x766535BCBCCABC89, 0xCD2B379B9B569BAC, 0x8C018A8E8E028E04, +0x155BD2A3A3B6A371, 0x3C186C0C0C300C60, 0x8AF6847B7BF17BFF, 0xE16A803535D435B5, +0x693AF51D1D741DE8, 0x47DDB3E0E0A7E053, 0xACB321D7D77BD7F6, 0xED999CC2C22FC25E, +0x965C432E2EB82E6D, 0x7A96294B4B314B62, 0x21E15DFEFEDFFEA3, 0x16AED55757415782, +0x412ABD15155415A8, 0xB6EEE87777C1779F, 0xEB6E923737DC37A5, 0x56D79EE5E5B3E57B, +0xD923139F9F469F8C, 0x17FD23F0F0E7F0D3, 0x7F94204A4A354A6A, 0x95A944DADA4FDA9E, +0x25B0A258587D58FA, 0xCA8FCFC9C903C906, 0x8D527C2929A42955, 0x22145A0A0A280A50, +0x4F7F50B1B1FEB1E1, 0x1A5DC9A0A0BAA069, 0xDAD6146B6BB16B7F, 0xAB17D985852E855C, +0x73673CBDBDCEBD81, 0x34BA8F5D5D695DD2, 0x5020901010401080, 0x03F507F4F4F7F4F3, +0xC08BDDCBCB0BCB16, 0xC67CD33E3EF83EED, 0x110A2D0505140528, 0xE6CE78676781671F, +0x53D597E4E4B7E473, 0xBB4E0227279C2725, 0x5882734141194132, 0x9D0BA78B8B168B2C, +0x0153F6A7A7A6A751, 0x94FAB27D7DE97DCF, 0xFB374995956E95DC, 0x9FAD56D8D847D88E, +0x30EB70FBFBCBFB8B, 0x71C1CDEEEE9FEE23, 0x91F8BB7C7CED7CC7, 0xE3CC716666856617, +0x8EA77BDDDD53DDA6, 0x4B2EAF17175C17B8, 0x468E454747014702, 0xDC211A9E9E429E84, +0xC589D4CACA0FCA1E, 0x995A582D2DB42D75, 0x79632EBFBFC6BF91, 0x1B0E3F07071C0738, +0x2347ACADAD8EAD01, 0x2FB4B05A5A755AEA, 0xB51BEF838336836C, 0xFF66B63333CC3385, +0xF2C65C636391633F, 0x0A04120202080210, 0x384993AAAA92AA39, 0xA8E2DE7171D971AF, +0xCF8DC6C8C807C80E, 0x7D32D119196419C8, 0x70923B4949394972, 0x9AAF5FD9D943D986, +0x1DF931F2F2EFF2C3, 0x48DBA8E3E3ABE34B, 0x2AB6B95B5B715BE2, 0x920DBC88881A8834, +0xC8293E9A9A529AA4, 0xBE4C0B262698262D, 0xFA64BF3232C8328D, 0x4A7D59B0B0FAB0E9, +0x6ACFF2E9E983E91B, 0x331E770F0F3C0F78, 0xA6B733D5D573D5E6, 0xBA1DF480803A8074, +0x7C6127BEBEC2BE99, 0xDE87EBCDCD13CD26, 0xE468893434D034BD, 0x75903248483D487A, +0x24E354FFFFDBFFAB, 0x8FF48D7A7AF57AF7, 0xEA3D6490907A90F4, 0x3EBE9D5F5F615FC2, +0xA0403D202080201D, 0xD5D00F6868BD6867, 0x7234CA1A1A681AD0, 0x2C41B7AEAE82AE19, +0x5E757DB4B4EAB4C9, 0x19A8CE54544D549A, 0xE53B7F93937693EC, 0xAA442F222288220D, +0xE9C86364648D6407, 0x12FF2AF1F1E3F1DB, 0xA2E6CC7373D173BF, 0x5A24821212481290, +0x5D807A40401D403A, 0x2810480808200840, 0xE89B95C3C32BC356, 0x7BC5DFECEC97EC33, +0x90AB4DDBDB4BDB96, 0x1F5FC0A1A1BEA161, 0x8307918D8D0E8D1C, 0xC97AC83D3DF43DF5, +0xF1335B97976697CC, 0x0000000000000000, 0xD483F9CFCF1BCF36, 0x87566E2B2BAC2B45, +0xB3ECE17676C57697, 0xB019E68282328264, 0xA9B128D6D67FD6FE, 0x7736C31B1B6C1BD8, +0x5B7774B5B5EEB5C1, 0x2943BEAFAF86AF11, 0xDFD41D6A6AB56A77, 0x0DA0EA50505D50BA, +0x4C8A574545094512, 0x18FB38F3F3EBF3CB, 0xF060AD3030C0309D, 0x74C3C4EFEF9BEF2B, +0xC37EDA3F3FFC3FE5, 0x1CAAC75555495592, 0x1059DBA2A2B2A279, 0x65C9E9EAEA8FEA03, +0xECCA6A656589650F, 0x686903BABAD2BAB9, 0x935E4A2F2FBC2F65, 0xE79D8EC0C027C04E, +0x81A160DEDE5FDEBE, 0x6C38FC1C1C701CE0, 0x2EE746FDFDD3FDBB, 0x649A1F4D4D294D52, +0xE0397692927292E4, 0xBCEAFA7575C9758F, 0x1E0C360606180630, 0x9809AE8A8A128A24, +0x40794BB2B2F2B2F9, 0x59D185E6E6BFE663, 0x361C7E0E0E380E70, 0x633EE71F1F7C1FF8, +0xF7C4556262956237, 0xA3B53AD4D477D4EE, 0x324D81A8A89AA829, 0xF4315296966296C4, +0x3AEF62F9F9C3F99B, 0xF697A3C5C533C566, 0xB14A102525942535, 0x20B2AB59597959F2, +0xAE15D084842A8454, 0xA7E4C57272D572B7, 0xDD72EC3939E439D5, 0x6198164C4C2D4C5A, +0x3BBC945E5E655ECA, 0x85F09F7878FD78E7, 0xD870E53838E038DD, 0x8605988C8C0A8C14, +0xB2BF17D1D163D1C6, 0x0B57E4A5A5AEA541, 0x4DD9A1E2E2AFE243, 0xF8C24E616199612F, +0x457B42B3B3F6B3F1, 0xA542342121842115, 0xD625089C9C4A9C94, 0x663CEE1E1E781EF0, +0x5286614343114322, 0xFC93B1C7C73BC776, 0x2BE54FFCFCD7FCB3, 0x1408240404100420, +0x08A2E351515951B2, 0xC72F2599995E99BC, 0xC4DA226D6DA96D4F, 0x391A650D0D340D68, +0x35E979FAFACFFA83, 0x84A369DFDF5BDFB6, 0x9BFCA97E7EE57ED7, 0xB44819242490243D, +0xD776FE3B3BEC3BC5, 0x3D4B9AABAB96AB31, 0xD181F0CECE1FCE3E, 0x5522991111441188, +0x8903838F8F068F0C, 0x6B9C044E4E254E4A, 0x517366B7B7E6B7D1, 0x60CBE0EBEB8BEB0B, +0xCC78C13C3CF03CFD, 0xBF1FFD81813E817C, 0xFE354094946A94D4, 0x0CF31CF7F7FBF7EB, +0x676F18B9B9DEB9A1, 0x5F268B13134C1398, 0x9C58512C2CB02C7D, 0xB8BB05D3D36BD3D6, +0x5CD38CE7E7BBE76B, 0xCBDC396E6EA56E57, 0xF395AAC4C437C46E, 0x0F061B03030C0318, +0x13ACDC565645568A, 0x49885E44440D441A, 0x9EFEA07F7FE17FDF, 0x374F88A9A99EA921, +0x8254672A2AA82A4D, 0x6D6B0ABBBBD6BBB1, 0xE29F87C1C123C146, 0x02A6F153535153A2, +0x8BA572DCDC57DCAE, 0x2716530B0B2C0B58, 0xD327019D9D4E9D9C, 0xC1D82B6C6CAD6C47, +0xF562A43131C43195, 0xB9E8F37474CD7487, 0x09F115F6F6FFF6E3, 0x438C4C464605460A, +0x2645A5ACAC8AAC09, 0x970FB589891E893C, 0x4428B414145014A0, 0x42DFBAE1E1A3E15B, +0x4E2CA616165816B0, 0xD274F73A3AE83ACD, 0xD0D2066969B9696F, 0x2D12410909240948, +0xADE0D77070DD70A7, 0x54716FB6B6E2B6D9, 0xB7BD1ED0D067D0CE, 0x7EC7D6EDED93ED3B, +0xDB85E2CCCC17CC2E, 0x578468424215422A, 0xC22D2C98985A98B4, 0x0E55EDA4A4AAA449, +0x8850752828A0285D, 0x31B8865C5C6D5CDA, 0x3FED6BF8F8C7F893, 0xA411C28686228644 }; + +const u64bit Whirlpool::C4[256] = { +0xC07830D818186018, 0x05AF462623238C23, 0x7EF991B8C6C63FC6, 0x136FCDFBE8E887E8, +0x4CA113CB87872687, 0xA9626D11B8B8DAB8, 0x0805020901010401, 0x426E9E0D4F4F214F, +0xADEE6C9B3636D836, 0x590451FFA6A6A2A6, 0xDEBDB90CD2D26FD2, 0xFB06F70EF5F5F3F5, +0xEF80F2967979F979, 0x5FCEDE306F6FA16F, 0xFCEF3F6D91917E91, 0xAA07A4F852525552, +0x27FDC04760609D60, 0x89766535BCBCCABC, 0xACCD2B379B9B569B, 0x048C018A8E8E028E, +0x71155BD2A3A3B6A3, 0x603C186C0C0C300C, 0xFF8AF6847B7BF17B, 0xB5E16A803535D435, +0xE8693AF51D1D741D, 0x5347DDB3E0E0A7E0, 0xF6ACB321D7D77BD7, 0x5EED999CC2C22FC2, +0x6D965C432E2EB82E, 0x627A96294B4B314B, 0xA321E15DFEFEDFFE, 0x8216AED557574157, +0xA8412ABD15155415, 0x9FB6EEE87777C177, 0xA5EB6E923737DC37, 0x7B56D79EE5E5B3E5, +0x8CD923139F9F469F, 0xD317FD23F0F0E7F0, 0x6A7F94204A4A354A, 0x9E95A944DADA4FDA, +0xFA25B0A258587D58, 0x06CA8FCFC9C903C9, 0x558D527C2929A429, 0x5022145A0A0A280A, +0xE14F7F50B1B1FEB1, 0x691A5DC9A0A0BAA0, 0x7FDAD6146B6BB16B, 0x5CAB17D985852E85, +0x8173673CBDBDCEBD, 0xD234BA8F5D5D695D, 0x8050209010104010, 0xF303F507F4F4F7F4, +0x16C08BDDCBCB0BCB, 0xEDC67CD33E3EF83E, 0x28110A2D05051405, 0x1FE6CE7867678167, +0x7353D597E4E4B7E4, 0x25BB4E0227279C27, 0x3258827341411941, 0x2C9D0BA78B8B168B, +0x510153F6A7A7A6A7, 0xCF94FAB27D7DE97D, 0xDCFB374995956E95, 0x8E9FAD56D8D847D8, +0x8B30EB70FBFBCBFB, 0x2371C1CDEEEE9FEE, 0xC791F8BB7C7CED7C, 0x17E3CC7166668566, +0xA68EA77BDDDD53DD, 0xB84B2EAF17175C17, 0x02468E4547470147, 0x84DC211A9E9E429E, +0x1EC589D4CACA0FCA, 0x75995A582D2DB42D, 0x9179632EBFBFC6BF, 0x381B0E3F07071C07, +0x012347ACADAD8EAD, 0xEA2FB4B05A5A755A, 0x6CB51BEF83833683, 0x85FF66B63333CC33, +0x3FF2C65C63639163, 0x100A041202020802, 0x39384993AAAA92AA, 0xAFA8E2DE7171D971, +0x0ECF8DC6C8C807C8, 0xC87D32D119196419, 0x7270923B49493949, 0x869AAF5FD9D943D9, +0xC31DF931F2F2EFF2, 0x4B48DBA8E3E3ABE3, 0xE22AB6B95B5B715B, 0x34920DBC88881A88, +0xA4C8293E9A9A529A, 0x2DBE4C0B26269826, 0x8DFA64BF3232C832, 0xE94A7D59B0B0FAB0, +0x1B6ACFF2E9E983E9, 0x78331E770F0F3C0F, 0xE6A6B733D5D573D5, 0x74BA1DF480803A80, +0x997C6127BEBEC2BE, 0x26DE87EBCDCD13CD, 0xBDE468893434D034, 0x7A75903248483D48, +0xAB24E354FFFFDBFF, 0xF78FF48D7A7AF57A, 0xF4EA3D6490907A90, 0xC23EBE9D5F5F615F, +0x1DA0403D20208020, 0x67D5D00F6868BD68, 0xD07234CA1A1A681A, 0x192C41B7AEAE82AE, +0xC95E757DB4B4EAB4, 0x9A19A8CE54544D54, 0xECE53B7F93937693, 0x0DAA442F22228822, +0x07E9C86364648D64, 0xDB12FF2AF1F1E3F1, 0xBFA2E6CC7373D173, 0x905A248212124812, +0x3A5D807A40401D40, 0x4028104808082008, 0x56E89B95C3C32BC3, 0x337BC5DFECEC97EC, +0x9690AB4DDBDB4BDB, 0x611F5FC0A1A1BEA1, 0x1C8307918D8D0E8D, 0xF5C97AC83D3DF43D, +0xCCF1335B97976697, 0x0000000000000000, 0x36D483F9CFCF1BCF, 0x4587566E2B2BAC2B, +0x97B3ECE17676C576, 0x64B019E682823282, 0xFEA9B128D6D67FD6, 0xD87736C31B1B6C1B, +0xC15B7774B5B5EEB5, 0x112943BEAFAF86AF, 0x77DFD41D6A6AB56A, 0xBA0DA0EA50505D50, +0x124C8A5745450945, 0xCB18FB38F3F3EBF3, 0x9DF060AD3030C030, 0x2B74C3C4EFEF9BEF, +0xE5C37EDA3F3FFC3F, 0x921CAAC755554955, 0x791059DBA2A2B2A2, 0x0365C9E9EAEA8FEA, +0x0FECCA6A65658965, 0xB9686903BABAD2BA, 0x65935E4A2F2FBC2F, 0x4EE79D8EC0C027C0, +0xBE81A160DEDE5FDE, 0xE06C38FC1C1C701C, 0xBB2EE746FDFDD3FD, 0x52649A1F4D4D294D, +0xE4E0397692927292, 0x8FBCEAFA7575C975, 0x301E0C3606061806, 0x249809AE8A8A128A, +0xF940794BB2B2F2B2, 0x6359D185E6E6BFE6, 0x70361C7E0E0E380E, 0xF8633EE71F1F7C1F, +0x37F7C45562629562, 0xEEA3B53AD4D477D4, 0x29324D81A8A89AA8, 0xC4F4315296966296, +0x9B3AEF62F9F9C3F9, 0x66F697A3C5C533C5, 0x35B14A1025259425, 0xF220B2AB59597959, +0x54AE15D084842A84, 0xB7A7E4C57272D572, 0xD5DD72EC3939E439, 0x5A6198164C4C2D4C, +0xCA3BBC945E5E655E, 0xE785F09F7878FD78, 0xDDD870E53838E038, 0x148605988C8C0A8C, +0xC6B2BF17D1D163D1, 0x410B57E4A5A5AEA5, 0x434DD9A1E2E2AFE2, 0x2FF8C24E61619961, +0xF1457B42B3B3F6B3, 0x15A5423421218421, 0x94D625089C9C4A9C, 0xF0663CEE1E1E781E, +0x2252866143431143, 0x76FC93B1C7C73BC7, 0xB32BE54FFCFCD7FC, 0x2014082404041004, +0xB208A2E351515951, 0xBCC72F2599995E99, 0x4FC4DA226D6DA96D, 0x68391A650D0D340D, +0x8335E979FAFACFFA, 0xB684A369DFDF5BDF, 0xD79BFCA97E7EE57E, 0x3DB4481924249024, +0xC5D776FE3B3BEC3B, 0x313D4B9AABAB96AB, 0x3ED181F0CECE1FCE, 0x8855229911114411, +0x0C8903838F8F068F, 0x4A6B9C044E4E254E, 0xD1517366B7B7E6B7, 0x0B60CBE0EBEB8BEB, +0xFDCC78C13C3CF03C, 0x7CBF1FFD81813E81, 0xD4FE354094946A94, 0xEB0CF31CF7F7FBF7, +0xA1676F18B9B9DEB9, 0x985F268B13134C13, 0x7D9C58512C2CB02C, 0xD6B8BB05D3D36BD3, +0x6B5CD38CE7E7BBE7, 0x57CBDC396E6EA56E, 0x6EF395AAC4C437C4, 0x180F061B03030C03, +0x8A13ACDC56564556, 0x1A49885E44440D44, 0xDF9EFEA07F7FE17F, 0x21374F88A9A99EA9, +0x4D8254672A2AA82A, 0xB16D6B0ABBBBD6BB, 0x46E29F87C1C123C1, 0xA202A6F153535153, +0xAE8BA572DCDC57DC, 0x582716530B0B2C0B, 0x9CD327019D9D4E9D, 0x47C1D82B6C6CAD6C, +0x95F562A43131C431, 0x87B9E8F37474CD74, 0xE309F115F6F6FFF6, 0x0A438C4C46460546, +0x092645A5ACAC8AAC, 0x3C970FB589891E89, 0xA04428B414145014, 0x5B42DFBAE1E1A3E1, +0xB04E2CA616165816, 0xCDD274F73A3AE83A, 0x6FD0D2066969B969, 0x482D124109092409, +0xA7ADE0D77070DD70, 0xD954716FB6B6E2B6, 0xCEB7BD1ED0D067D0, 0x3B7EC7D6EDED93ED, +0x2EDB85E2CCCC17CC, 0x2A57846842421542, 0xB4C22D2C98985A98, 0x490E55EDA4A4AAA4, +0x5D8850752828A028, 0xDA31B8865C5C6D5C, 0x933FED6BF8F8C7F8, 0x44A411C286862286 }; + +const u64bit Whirlpool::C5[256] = { +0x18C07830D8181860, 0x2305AF462623238C, 0xC67EF991B8C6C63F, 0xE8136FCDFBE8E887, +0x874CA113CB878726, 0xB8A9626D11B8B8DA, 0x0108050209010104, 0x4F426E9E0D4F4F21, +0x36ADEE6C9B3636D8, 0xA6590451FFA6A6A2, 0xD2DEBDB90CD2D26F, 0xF5FB06F70EF5F5F3, +0x79EF80F2967979F9, 0x6F5FCEDE306F6FA1, 0x91FCEF3F6D91917E, 0x52AA07A4F8525255, +0x6027FDC04760609D, 0xBC89766535BCBCCA, 0x9BACCD2B379B9B56, 0x8E048C018A8E8E02, +0xA371155BD2A3A3B6, 0x0C603C186C0C0C30, 0x7BFF8AF6847B7BF1, 0x35B5E16A803535D4, +0x1DE8693AF51D1D74, 0xE05347DDB3E0E0A7, 0xD7F6ACB321D7D77B, 0xC25EED999CC2C22F, +0x2E6D965C432E2EB8, 0x4B627A96294B4B31, 0xFEA321E15DFEFEDF, 0x578216AED5575741, +0x15A8412ABD151554, 0x779FB6EEE87777C1, 0x37A5EB6E923737DC, 0xE57B56D79EE5E5B3, +0x9F8CD923139F9F46, 0xF0D317FD23F0F0E7, 0x4A6A7F94204A4A35, 0xDA9E95A944DADA4F, +0x58FA25B0A258587D, 0xC906CA8FCFC9C903, 0x29558D527C2929A4, 0x0A5022145A0A0A28, +0xB1E14F7F50B1B1FE, 0xA0691A5DC9A0A0BA, 0x6B7FDAD6146B6BB1, 0x855CAB17D985852E, +0xBD8173673CBDBDCE, 0x5DD234BA8F5D5D69, 0x1080502090101040, 0xF4F303F507F4F4F7, +0xCB16C08BDDCBCB0B, 0x3EEDC67CD33E3EF8, 0x0528110A2D050514, 0x671FE6CE78676781, +0xE47353D597E4E4B7, 0x2725BB4E0227279C, 0x4132588273414119, 0x8B2C9D0BA78B8B16, +0xA7510153F6A7A7A6, 0x7DCF94FAB27D7DE9, 0x95DCFB374995956E, 0xD88E9FAD56D8D847, +0xFB8B30EB70FBFBCB, 0xEE2371C1CDEEEE9F, 0x7CC791F8BB7C7CED, 0x6617E3CC71666685, +0xDDA68EA77BDDDD53, 0x17B84B2EAF17175C, 0x4702468E45474701, 0x9E84DC211A9E9E42, +0xCA1EC589D4CACA0F, 0x2D75995A582D2DB4, 0xBF9179632EBFBFC6, 0x07381B0E3F07071C, +0xAD012347ACADAD8E, 0x5AEA2FB4B05A5A75, 0x836CB51BEF838336, 0x3385FF66B63333CC, +0x633FF2C65C636391, 0x02100A0412020208, 0xAA39384993AAAA92, 0x71AFA8E2DE7171D9, +0xC80ECF8DC6C8C807, 0x19C87D32D1191964, 0x497270923B494939, 0xD9869AAF5FD9D943, +0xF2C31DF931F2F2EF, 0xE34B48DBA8E3E3AB, 0x5BE22AB6B95B5B71, 0x8834920DBC88881A, +0x9AA4C8293E9A9A52, 0x262DBE4C0B262698, 0x328DFA64BF3232C8, 0xB0E94A7D59B0B0FA, +0xE91B6ACFF2E9E983, 0x0F78331E770F0F3C, 0xD5E6A6B733D5D573, 0x8074BA1DF480803A, +0xBE997C6127BEBEC2, 0xCD26DE87EBCDCD13, 0x34BDE468893434D0, 0x487A75903248483D, +0xFFAB24E354FFFFDB, 0x7AF78FF48D7A7AF5, 0x90F4EA3D6490907A, 0x5FC23EBE9D5F5F61, +0x201DA0403D202080, 0x6867D5D00F6868BD, 0x1AD07234CA1A1A68, 0xAE192C41B7AEAE82, +0xB4C95E757DB4B4EA, 0x549A19A8CE54544D, 0x93ECE53B7F939376, 0x220DAA442F222288, +0x6407E9C86364648D, 0xF1DB12FF2AF1F1E3, 0x73BFA2E6CC7373D1, 0x12905A2482121248, +0x403A5D807A40401D, 0x0840281048080820, 0xC356E89B95C3C32B, 0xEC337BC5DFECEC97, +0xDB9690AB4DDBDB4B, 0xA1611F5FC0A1A1BE, 0x8D1C8307918D8D0E, 0x3DF5C97AC83D3DF4, +0x97CCF1335B979766, 0x0000000000000000, 0xCF36D483F9CFCF1B, 0x2B4587566E2B2BAC, +0x7697B3ECE17676C5, 0x8264B019E6828232, 0xD6FEA9B128D6D67F, 0x1BD87736C31B1B6C, +0xB5C15B7774B5B5EE, 0xAF112943BEAFAF86, 0x6A77DFD41D6A6AB5, 0x50BA0DA0EA50505D, +0x45124C8A57454509, 0xF3CB18FB38F3F3EB, 0x309DF060AD3030C0, 0xEF2B74C3C4EFEF9B, +0x3FE5C37EDA3F3FFC, 0x55921CAAC7555549, 0xA2791059DBA2A2B2, 0xEA0365C9E9EAEA8F, +0x650FECCA6A656589, 0xBAB9686903BABAD2, 0x2F65935E4A2F2FBC, 0xC04EE79D8EC0C027, +0xDEBE81A160DEDE5F, 0x1CE06C38FC1C1C70, 0xFDBB2EE746FDFDD3, 0x4D52649A1F4D4D29, +0x92E4E03976929272, 0x758FBCEAFA7575C9, 0x06301E0C36060618, 0x8A249809AE8A8A12, +0xB2F940794BB2B2F2, 0xE66359D185E6E6BF, 0x0E70361C7E0E0E38, 0x1FF8633EE71F1F7C, +0x6237F7C455626295, 0xD4EEA3B53AD4D477, 0xA829324D81A8A89A, 0x96C4F43152969662, +0xF99B3AEF62F9F9C3, 0xC566F697A3C5C533, 0x2535B14A10252594, 0x59F220B2AB595979, +0x8454AE15D084842A, 0x72B7A7E4C57272D5, 0x39D5DD72EC3939E4, 0x4C5A6198164C4C2D, +0x5ECA3BBC945E5E65, 0x78E785F09F7878FD, 0x38DDD870E53838E0, 0x8C148605988C8C0A, +0xD1C6B2BF17D1D163, 0xA5410B57E4A5A5AE, 0xE2434DD9A1E2E2AF, 0x612FF8C24E616199, +0xB3F1457B42B3B3F6, 0x2115A54234212184, 0x9C94D625089C9C4A, 0x1EF0663CEE1E1E78, +0x4322528661434311, 0xC776FC93B1C7C73B, 0xFCB32BE54FFCFCD7, 0x0420140824040410, +0x51B208A2E3515159, 0x99BCC72F2599995E, 0x6D4FC4DA226D6DA9, 0x0D68391A650D0D34, +0xFA8335E979FAFACF, 0xDFB684A369DFDF5B, 0x7ED79BFCA97E7EE5, 0x243DB44819242490, +0x3BC5D776FE3B3BEC, 0xAB313D4B9AABAB96, 0xCE3ED181F0CECE1F, 0x1188552299111144, +0x8F0C8903838F8F06, 0x4E4A6B9C044E4E25, 0xB7D1517366B7B7E6, 0xEB0B60CBE0EBEB8B, +0x3CFDCC78C13C3CF0, 0x817CBF1FFD81813E, 0x94D4FE354094946A, 0xF7EB0CF31CF7F7FB, +0xB9A1676F18B9B9DE, 0x13985F268B13134C, 0x2C7D9C58512C2CB0, 0xD3D6B8BB05D3D36B, +0xE76B5CD38CE7E7BB, 0x6E57CBDC396E6EA5, 0xC46EF395AAC4C437, 0x03180F061B03030C, +0x568A13ACDC565645, 0x441A49885E44440D, 0x7FDF9EFEA07F7FE1, 0xA921374F88A9A99E, +0x2A4D8254672A2AA8, 0xBBB16D6B0ABBBBD6, 0xC146E29F87C1C123, 0x53A202A6F1535351, +0xDCAE8BA572DCDC57, 0x0B582716530B0B2C, 0x9D9CD327019D9D4E, 0x6C47C1D82B6C6CAD, +0x3195F562A43131C4, 0x7487B9E8F37474CD, 0xF6E309F115F6F6FF, 0x460A438C4C464605, +0xAC092645A5ACAC8A, 0x893C970FB589891E, 0x14A04428B4141450, 0xE15B42DFBAE1E1A3, +0x16B04E2CA6161658, 0x3ACDD274F73A3AE8, 0x696FD0D2066969B9, 0x09482D1241090924, +0x70A7ADE0D77070DD, 0xB6D954716FB6B6E2, 0xD0CEB7BD1ED0D067, 0xED3B7EC7D6EDED93, +0xCC2EDB85E2CCCC17, 0x422A578468424215, 0x98B4C22D2C98985A, 0xA4490E55EDA4A4AA, +0x285D8850752828A0, 0x5CDA31B8865C5C6D, 0xF8933FED6BF8F8C7, 0x8644A411C2868622 }; + +const u64bit Whirlpool::C6[256] = { +0x6018C07830D81818, 0x8C2305AF46262323, 0x3FC67EF991B8C6C6, 0x87E8136FCDFBE8E8, +0x26874CA113CB8787, 0xDAB8A9626D11B8B8, 0x0401080502090101, 0x214F426E9E0D4F4F, +0xD836ADEE6C9B3636, 0xA2A6590451FFA6A6, 0x6FD2DEBDB90CD2D2, 0xF3F5FB06F70EF5F5, +0xF979EF80F2967979, 0xA16F5FCEDE306F6F, 0x7E91FCEF3F6D9191, 0x5552AA07A4F85252, +0x9D6027FDC0476060, 0xCABC89766535BCBC, 0x569BACCD2B379B9B, 0x028E048C018A8E8E, +0xB6A371155BD2A3A3, 0x300C603C186C0C0C, 0xF17BFF8AF6847B7B, 0xD435B5E16A803535, +0x741DE8693AF51D1D, 0xA7E05347DDB3E0E0, 0x7BD7F6ACB321D7D7, 0x2FC25EED999CC2C2, +0xB82E6D965C432E2E, 0x314B627A96294B4B, 0xDFFEA321E15DFEFE, 0x41578216AED55757, +0x5415A8412ABD1515, 0xC1779FB6EEE87777, 0xDC37A5EB6E923737, 0xB3E57B56D79EE5E5, +0x469F8CD923139F9F, 0xE7F0D317FD23F0F0, 0x354A6A7F94204A4A, 0x4FDA9E95A944DADA, +0x7D58FA25B0A25858, 0x03C906CA8FCFC9C9, 0xA429558D527C2929, 0x280A5022145A0A0A, +0xFEB1E14F7F50B1B1, 0xBAA0691A5DC9A0A0, 0xB16B7FDAD6146B6B, 0x2E855CAB17D98585, +0xCEBD8173673CBDBD, 0x695DD234BA8F5D5D, 0x4010805020901010, 0xF7F4F303F507F4F4, +0x0BCB16C08BDDCBCB, 0xF83EEDC67CD33E3E, 0x140528110A2D0505, 0x81671FE6CE786767, +0xB7E47353D597E4E4, 0x9C2725BB4E022727, 0x1941325882734141, 0x168B2C9D0BA78B8B, +0xA6A7510153F6A7A7, 0xE97DCF94FAB27D7D, 0x6E95DCFB37499595, 0x47D88E9FAD56D8D8, +0xCBFB8B30EB70FBFB, 0x9FEE2371C1CDEEEE, 0xED7CC791F8BB7C7C, 0x856617E3CC716666, +0x53DDA68EA77BDDDD, 0x5C17B84B2EAF1717, 0x014702468E454747, 0x429E84DC211A9E9E, +0x0FCA1EC589D4CACA, 0xB42D75995A582D2D, 0xC6BF9179632EBFBF, 0x1C07381B0E3F0707, +0x8EAD012347ACADAD, 0x755AEA2FB4B05A5A, 0x36836CB51BEF8383, 0xCC3385FF66B63333, +0x91633FF2C65C6363, 0x0802100A04120202, 0x92AA39384993AAAA, 0xD971AFA8E2DE7171, +0x07C80ECF8DC6C8C8, 0x6419C87D32D11919, 0x39497270923B4949, 0x43D9869AAF5FD9D9, +0xEFF2C31DF931F2F2, 0xABE34B48DBA8E3E3, 0x715BE22AB6B95B5B, 0x1A8834920DBC8888, +0x529AA4C8293E9A9A, 0x98262DBE4C0B2626, 0xC8328DFA64BF3232, 0xFAB0E94A7D59B0B0, +0x83E91B6ACFF2E9E9, 0x3C0F78331E770F0F, 0x73D5E6A6B733D5D5, 0x3A8074BA1DF48080, +0xC2BE997C6127BEBE, 0x13CD26DE87EBCDCD, 0xD034BDE468893434, 0x3D487A7590324848, +0xDBFFAB24E354FFFF, 0xF57AF78FF48D7A7A, 0x7A90F4EA3D649090, 0x615FC23EBE9D5F5F, +0x80201DA0403D2020, 0xBD6867D5D00F6868, 0x681AD07234CA1A1A, 0x82AE192C41B7AEAE, +0xEAB4C95E757DB4B4, 0x4D549A19A8CE5454, 0x7693ECE53B7F9393, 0x88220DAA442F2222, +0x8D6407E9C8636464, 0xE3F1DB12FF2AF1F1, 0xD173BFA2E6CC7373, 0x4812905A24821212, +0x1D403A5D807A4040, 0x2008402810480808, 0x2BC356E89B95C3C3, 0x97EC337BC5DFECEC, +0x4BDB9690AB4DDBDB, 0xBEA1611F5FC0A1A1, 0x0E8D1C8307918D8D, 0xF43DF5C97AC83D3D, +0x6697CCF1335B9797, 0x0000000000000000, 0x1BCF36D483F9CFCF, 0xAC2B4587566E2B2B, +0xC57697B3ECE17676, 0x328264B019E68282, 0x7FD6FEA9B128D6D6, 0x6C1BD87736C31B1B, +0xEEB5C15B7774B5B5, 0x86AF112943BEAFAF, 0xB56A77DFD41D6A6A, 0x5D50BA0DA0EA5050, +0x0945124C8A574545, 0xEBF3CB18FB38F3F3, 0xC0309DF060AD3030, 0x9BEF2B74C3C4EFEF, +0xFC3FE5C37EDA3F3F, 0x4955921CAAC75555, 0xB2A2791059DBA2A2, 0x8FEA0365C9E9EAEA, +0x89650FECCA6A6565, 0xD2BAB9686903BABA, 0xBC2F65935E4A2F2F, 0x27C04EE79D8EC0C0, +0x5FDEBE81A160DEDE, 0x701CE06C38FC1C1C, 0xD3FDBB2EE746FDFD, 0x294D52649A1F4D4D, +0x7292E4E039769292, 0xC9758FBCEAFA7575, 0x1806301E0C360606, 0x128A249809AE8A8A, +0xF2B2F940794BB2B2, 0xBFE66359D185E6E6, 0x380E70361C7E0E0E, 0x7C1FF8633EE71F1F, +0x956237F7C4556262, 0x77D4EEA3B53AD4D4, 0x9AA829324D81A8A8, 0x6296C4F431529696, +0xC3F99B3AEF62F9F9, 0x33C566F697A3C5C5, 0x942535B14A102525, 0x7959F220B2AB5959, +0x2A8454AE15D08484, 0xD572B7A7E4C57272, 0xE439D5DD72EC3939, 0x2D4C5A6198164C4C, +0x655ECA3BBC945E5E, 0xFD78E785F09F7878, 0xE038DDD870E53838, 0x0A8C148605988C8C, +0x63D1C6B2BF17D1D1, 0xAEA5410B57E4A5A5, 0xAFE2434DD9A1E2E2, 0x99612FF8C24E6161, +0xF6B3F1457B42B3B3, 0x842115A542342121, 0x4A9C94D625089C9C, 0x781EF0663CEE1E1E, +0x1143225286614343, 0x3BC776FC93B1C7C7, 0xD7FCB32BE54FFCFC, 0x1004201408240404, +0x5951B208A2E35151, 0x5E99BCC72F259999, 0xA96D4FC4DA226D6D, 0x340D68391A650D0D, +0xCFFA8335E979FAFA, 0x5BDFB684A369DFDF, 0xE57ED79BFCA97E7E, 0x90243DB448192424, +0xEC3BC5D776FE3B3B, 0x96AB313D4B9AABAB, 0x1FCE3ED181F0CECE, 0x4411885522991111, +0x068F0C8903838F8F, 0x254E4A6B9C044E4E, 0xE6B7D1517366B7B7, 0x8BEB0B60CBE0EBEB, +0xF03CFDCC78C13C3C, 0x3E817CBF1FFD8181, 0x6A94D4FE35409494, 0xFBF7EB0CF31CF7F7, +0xDEB9A1676F18B9B9, 0x4C13985F268B1313, 0xB02C7D9C58512C2C, 0x6BD3D6B8BB05D3D3, +0xBBE76B5CD38CE7E7, 0xA56E57CBDC396E6E, 0x37C46EF395AAC4C4, 0x0C03180F061B0303, +0x45568A13ACDC5656, 0x0D441A49885E4444, 0xE17FDF9EFEA07F7F, 0x9EA921374F88A9A9, +0xA82A4D8254672A2A, 0xD6BBB16D6B0ABBBB, 0x23C146E29F87C1C1, 0x5153A202A6F15353, +0x57DCAE8BA572DCDC, 0x2C0B582716530B0B, 0x4E9D9CD327019D9D, 0xAD6C47C1D82B6C6C, +0xC43195F562A43131, 0xCD7487B9E8F37474, 0xFFF6E309F115F6F6, 0x05460A438C4C4646, +0x8AAC092645A5ACAC, 0x1E893C970FB58989, 0x5014A04428B41414, 0xA3E15B42DFBAE1E1, +0x5816B04E2CA61616, 0xE83ACDD274F73A3A, 0xB9696FD0D2066969, 0x2409482D12410909, +0xDD70A7ADE0D77070, 0xE2B6D954716FB6B6, 0x67D0CEB7BD1ED0D0, 0x93ED3B7EC7D6EDED, +0x17CC2EDB85E2CCCC, 0x15422A5784684242, 0x5A98B4C22D2C9898, 0xAAA4490E55EDA4A4, +0xA0285D8850752828, 0x6D5CDA31B8865C5C, 0xC7F8933FED6BF8F8, 0x228644A411C28686 }; + +const u64bit Whirlpool::C7[256] = { +0x186018C07830D818, 0x238C2305AF462623, 0xC63FC67EF991B8C6, 0xE887E8136FCDFBE8, +0x8726874CA113CB87, 0xB8DAB8A9626D11B8, 0x0104010805020901, 0x4F214F426E9E0D4F, +0x36D836ADEE6C9B36, 0xA6A2A6590451FFA6, 0xD26FD2DEBDB90CD2, 0xF5F3F5FB06F70EF5, +0x79F979EF80F29679, 0x6FA16F5FCEDE306F, 0x917E91FCEF3F6D91, 0x525552AA07A4F852, +0x609D6027FDC04760, 0xBCCABC89766535BC, 0x9B569BACCD2B379B, 0x8E028E048C018A8E, +0xA3B6A371155BD2A3, 0x0C300C603C186C0C, 0x7BF17BFF8AF6847B, 0x35D435B5E16A8035, +0x1D741DE8693AF51D, 0xE0A7E05347DDB3E0, 0xD77BD7F6ACB321D7, 0xC22FC25EED999CC2, +0x2EB82E6D965C432E, 0x4B314B627A96294B, 0xFEDFFEA321E15DFE, 0x5741578216AED557, +0x155415A8412ABD15, 0x77C1779FB6EEE877, 0x37DC37A5EB6E9237, 0xE5B3E57B56D79EE5, +0x9F469F8CD923139F, 0xF0E7F0D317FD23F0, 0x4A354A6A7F94204A, 0xDA4FDA9E95A944DA, +0x587D58FA25B0A258, 0xC903C906CA8FCFC9, 0x29A429558D527C29, 0x0A280A5022145A0A, +0xB1FEB1E14F7F50B1, 0xA0BAA0691A5DC9A0, 0x6BB16B7FDAD6146B, 0x852E855CAB17D985, +0xBDCEBD8173673CBD, 0x5D695DD234BA8F5D, 0x1040108050209010, 0xF4F7F4F303F507F4, +0xCB0BCB16C08BDDCB, 0x3EF83EEDC67CD33E, 0x05140528110A2D05, 0x6781671FE6CE7867, +0xE4B7E47353D597E4, 0x279C2725BB4E0227, 0x4119413258827341, 0x8B168B2C9D0BA78B, +0xA7A6A7510153F6A7, 0x7DE97DCF94FAB27D, 0x956E95DCFB374995, 0xD847D88E9FAD56D8, +0xFBCBFB8B30EB70FB, 0xEE9FEE2371C1CDEE, 0x7CED7CC791F8BB7C, 0x66856617E3CC7166, +0xDD53DDA68EA77BDD, 0x175C17B84B2EAF17, 0x47014702468E4547, 0x9E429E84DC211A9E, +0xCA0FCA1EC589D4CA, 0x2DB42D75995A582D, 0xBFC6BF9179632EBF, 0x071C07381B0E3F07, +0xAD8EAD012347ACAD, 0x5A755AEA2FB4B05A, 0x8336836CB51BEF83, 0x33CC3385FF66B633, +0x6391633FF2C65C63, 0x020802100A041202, 0xAA92AA39384993AA, 0x71D971AFA8E2DE71, +0xC807C80ECF8DC6C8, 0x196419C87D32D119, 0x4939497270923B49, 0xD943D9869AAF5FD9, +0xF2EFF2C31DF931F2, 0xE3ABE34B48DBA8E3, 0x5B715BE22AB6B95B, 0x881A8834920DBC88, +0x9A529AA4C8293E9A, 0x2698262DBE4C0B26, 0x32C8328DFA64BF32, 0xB0FAB0E94A7D59B0, +0xE983E91B6ACFF2E9, 0x0F3C0F78331E770F, 0xD573D5E6A6B733D5, 0x803A8074BA1DF480, +0xBEC2BE997C6127BE, 0xCD13CD26DE87EBCD, 0x34D034BDE4688934, 0x483D487A75903248, +0xFFDBFFAB24E354FF, 0x7AF57AF78FF48D7A, 0x907A90F4EA3D6490, 0x5F615FC23EBE9D5F, +0x2080201DA0403D20, 0x68BD6867D5D00F68, 0x1A681AD07234CA1A, 0xAE82AE192C41B7AE, +0xB4EAB4C95E757DB4, 0x544D549A19A8CE54, 0x937693ECE53B7F93, 0x2288220DAA442F22, +0x648D6407E9C86364, 0xF1E3F1DB12FF2AF1, 0x73D173BFA2E6CC73, 0x124812905A248212, +0x401D403A5D807A40, 0x0820084028104808, 0xC32BC356E89B95C3, 0xEC97EC337BC5DFEC, +0xDB4BDB9690AB4DDB, 0xA1BEA1611F5FC0A1, 0x8D0E8D1C8307918D, 0x3DF43DF5C97AC83D, +0x976697CCF1335B97, 0x0000000000000000, 0xCF1BCF36D483F9CF, 0x2BAC2B4587566E2B, +0x76C57697B3ECE176, 0x82328264B019E682, 0xD67FD6FEA9B128D6, 0x1B6C1BD87736C31B, +0xB5EEB5C15B7774B5, 0xAF86AF112943BEAF, 0x6AB56A77DFD41D6A, 0x505D50BA0DA0EA50, +0x450945124C8A5745, 0xF3EBF3CB18FB38F3, 0x30C0309DF060AD30, 0xEF9BEF2B74C3C4EF, +0x3FFC3FE5C37EDA3F, 0x554955921CAAC755, 0xA2B2A2791059DBA2, 0xEA8FEA0365C9E9EA, +0x6589650FECCA6A65, 0xBAD2BAB9686903BA, 0x2FBC2F65935E4A2F, 0xC027C04EE79D8EC0, +0xDE5FDEBE81A160DE, 0x1C701CE06C38FC1C, 0xFDD3FDBB2EE746FD, 0x4D294D52649A1F4D, +0x927292E4E0397692, 0x75C9758FBCEAFA75, 0x061806301E0C3606, 0x8A128A249809AE8A, +0xB2F2B2F940794BB2, 0xE6BFE66359D185E6, 0x0E380E70361C7E0E, 0x1F7C1FF8633EE71F, +0x62956237F7C45562, 0xD477D4EEA3B53AD4, 0xA89AA829324D81A8, 0x966296C4F4315296, +0xF9C3F99B3AEF62F9, 0xC533C566F697A3C5, 0x25942535B14A1025, 0x597959F220B2AB59, +0x842A8454AE15D084, 0x72D572B7A7E4C572, 0x39E439D5DD72EC39, 0x4C2D4C5A6198164C, +0x5E655ECA3BBC945E, 0x78FD78E785F09F78, 0x38E038DDD870E538, 0x8C0A8C148605988C, +0xD163D1C6B2BF17D1, 0xA5AEA5410B57E4A5, 0xE2AFE2434DD9A1E2, 0x6199612FF8C24E61, +0xB3F6B3F1457B42B3, 0x21842115A5423421, 0x9C4A9C94D625089C, 0x1E781EF0663CEE1E, +0x4311432252866143, 0xC73BC776FC93B1C7, 0xFCD7FCB32BE54FFC, 0x0410042014082404, +0x515951B208A2E351, 0x995E99BCC72F2599, 0x6DA96D4FC4DA226D, 0x0D340D68391A650D, +0xFACFFA8335E979FA, 0xDF5BDFB684A369DF, 0x7EE57ED79BFCA97E, 0x2490243DB4481924, +0x3BEC3BC5D776FE3B, 0xAB96AB313D4B9AAB, 0xCE1FCE3ED181F0CE, 0x1144118855229911, +0x8F068F0C8903838F, 0x4E254E4A6B9C044E, 0xB7E6B7D1517366B7, 0xEB8BEB0B60CBE0EB, +0x3CF03CFDCC78C13C, 0x813E817CBF1FFD81, 0x946A94D4FE354094, 0xF7FBF7EB0CF31CF7, +0xB9DEB9A1676F18B9, 0x134C13985F268B13, 0x2CB02C7D9C58512C, 0xD36BD3D6B8BB05D3, +0xE7BBE76B5CD38CE7, 0x6EA56E57CBDC396E, 0xC437C46EF395AAC4, 0x030C03180F061B03, +0x5645568A13ACDC56, 0x440D441A49885E44, 0x7FE17FDF9EFEA07F, 0xA99EA921374F88A9, +0x2AA82A4D8254672A, 0xBBD6BBB16D6B0ABB, 0xC123C146E29F87C1, 0x535153A202A6F153, +0xDC57DCAE8BA572DC, 0x0B2C0B582716530B, 0x9D4E9D9CD327019D, 0x6CAD6C47C1D82B6C, +0x31C43195F562A431, 0x74CD7487B9E8F374, 0xF6FFF6E309F115F6, 0x4605460A438C4C46, +0xAC8AAC092645A5AC, 0x891E893C970FB589, 0x145014A04428B414, 0xE1A3E15B42DFBAE1, +0x165816B04E2CA616, 0x3AE83ACDD274F73A, 0x69B9696FD0D20669, 0x092409482D124109, +0x70DD70A7ADE0D770, 0xB6E2B6D954716FB6, 0xD067D0CEB7BD1ED0, 0xED93ED3B7EC7D6ED, +0xCC17CC2EDB85E2CC, 0x4215422A57846842, 0x985A98B4C22D2C98, 0xA4AAA4490E55EDA4, +0x28A0285D88507528, 0x5C6D5CDA31B8865C, 0xF8C7F8933FED6BF8, 0x86228644A411C286 }; + +} diff --git a/src/hash/whirlpool/whrlpool.cpp b/src/hash/whirlpool/whrlpool.cpp new file mode 100644 index 000000000..9319a8b2a --- /dev/null +++ b/src/hash/whirlpool/whrlpool.cpp @@ -0,0 +1,140 @@ +/************************************************* +* Whirlpool Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/whrlpool.h> +#include <botan/loadstor.h> + +namespace Botan { + +/************************************************* +* Whirlpool Compression Function * +*************************************************/ +void Whirlpool::hash(const byte in[]) + { + static const u64bit RC[10] = { + 0x1823C6E887B8014F, 0x36A6D2F5796F9152, + 0x60BC9B8EA30C7B35, 0x1DE0D7C22E4BFE57, + 0x157737E59FF04ADA, 0x58C9290AB1A06B85, + 0xBD5D10F4CB3E0567, 0xE427418BA77D95D8, + 0xFBEE7C66DD17479E, 0xCA2DBF07AD5A8333 + }; + + for(u32bit j = 0; j != 8; ++j) + M[j] = load_be<u64bit>(in, j); + + u64bit K0, K1, K2, K3, K4, K5, K6, K7; + K0 = digest[0]; K1 = digest[1]; K2 = digest[2]; K3 = digest[3]; + K4 = digest[4]; K5 = digest[5]; K6 = digest[6]; K7 = digest[7]; + + u64bit B0, B1, B2, B3, B4, B5, B6, B7; + B0 = K0 ^ M[0]; B1 = K1 ^ M[1]; B2 = K2 ^ M[2]; B3 = K3 ^ M[3]; + B4 = K4 ^ M[4]; B5 = K5 ^ M[5]; B6 = K6 ^ M[6]; B7 = K7 ^ M[7]; + + for(u32bit j = 0; j != 10; ++j) + { + u64bit T0, T1, T2, T3, T4, T5, T6, T7; + T0 = C0[get_byte(0, K0)] ^ C1[get_byte(1, K7)] ^ + C2[get_byte(2, K6)] ^ C3[get_byte(3, K5)] ^ + C4[get_byte(4, K4)] ^ C5[get_byte(5, K3)] ^ + C6[get_byte(6, K2)] ^ C7[get_byte(7, K1)] ^ RC[j]; + T1 = C0[get_byte(0, K1)] ^ C1[get_byte(1, K0)] ^ + C2[get_byte(2, K7)] ^ C3[get_byte(3, K6)] ^ + C4[get_byte(4, K5)] ^ C5[get_byte(5, K4)] ^ + C6[get_byte(6, K3)] ^ C7[get_byte(7, K2)]; + T2 = C0[get_byte(0, K2)] ^ C1[get_byte(1, K1)] ^ + C2[get_byte(2, K0)] ^ C3[get_byte(3, K7)] ^ + C4[get_byte(4, K6)] ^ C5[get_byte(5, K5)] ^ + C6[get_byte(6, K4)] ^ C7[get_byte(7, K3)]; + T3 = C0[get_byte(0, K3)] ^ C1[get_byte(1, K2)] ^ + C2[get_byte(2, K1)] ^ C3[get_byte(3, K0)] ^ + C4[get_byte(4, K7)] ^ C5[get_byte(5, K6)] ^ + C6[get_byte(6, K5)] ^ C7[get_byte(7, K4)]; + T4 = C0[get_byte(0, K4)] ^ C1[get_byte(1, K3)] ^ + C2[get_byte(2, K2)] ^ C3[get_byte(3, K1)] ^ + C4[get_byte(4, K0)] ^ C5[get_byte(5, K7)] ^ + C6[get_byte(6, K6)] ^ C7[get_byte(7, K5)]; + T5 = C0[get_byte(0, K5)] ^ C1[get_byte(1, K4)] ^ + C2[get_byte(2, K3)] ^ C3[get_byte(3, K2)] ^ + C4[get_byte(4, K1)] ^ C5[get_byte(5, K0)] ^ + C6[get_byte(6, K7)] ^ C7[get_byte(7, K6)]; + T6 = C0[get_byte(0, K6)] ^ C1[get_byte(1, K5)] ^ + C2[get_byte(2, K4)] ^ C3[get_byte(3, K3)] ^ + C4[get_byte(4, K2)] ^ C5[get_byte(5, K1)] ^ + C6[get_byte(6, K0)] ^ C7[get_byte(7, K7)]; + T7 = C0[get_byte(0, K7)] ^ C1[get_byte(1, K6)] ^ + C2[get_byte(2, K5)] ^ C3[get_byte(3, K4)] ^ + C4[get_byte(4, K3)] ^ C5[get_byte(5, K2)] ^ + C6[get_byte(6, K1)] ^ C7[get_byte(7, K0)]; + + K0 = T0; K1 = T1; K2 = T2; K3 = T3; + K4 = T4; K5 = T5; K6 = T6; K7 = T7; + + T0 = C0[get_byte(0, B0)] ^ C1[get_byte(1, B7)] ^ + C2[get_byte(2, B6)] ^ C3[get_byte(3, B5)] ^ + C4[get_byte(4, B4)] ^ C5[get_byte(5, B3)] ^ + C6[get_byte(6, B2)] ^ C7[get_byte(7, B1)] ^ K0; + T1 = C0[get_byte(0, B1)] ^ C1[get_byte(1, B0)] ^ + C2[get_byte(2, B7)] ^ C3[get_byte(3, B6)] ^ + C4[get_byte(4, B5)] ^ C5[get_byte(5, B4)] ^ + C6[get_byte(6, B3)] ^ C7[get_byte(7, B2)] ^ K1; + T2 = C0[get_byte(0, B2)] ^ C1[get_byte(1, B1)] ^ + C2[get_byte(2, B0)] ^ C3[get_byte(3, B7)] ^ + C4[get_byte(4, B6)] ^ C5[get_byte(5, B5)] ^ + C6[get_byte(6, B4)] ^ C7[get_byte(7, B3)] ^ K2; + T3 = C0[get_byte(0, B3)] ^ C1[get_byte(1, B2)] ^ + C2[get_byte(2, B1)] ^ C3[get_byte(3, B0)] ^ + C4[get_byte(4, B7)] ^ C5[get_byte(5, B6)] ^ + C6[get_byte(6, B5)] ^ C7[get_byte(7, B4)] ^ K3; + T4 = C0[get_byte(0, B4)] ^ C1[get_byte(1, B3)] ^ + C2[get_byte(2, B2)] ^ C3[get_byte(3, B1)] ^ + C4[get_byte(4, B0)] ^ C5[get_byte(5, B7)] ^ + C6[get_byte(6, B6)] ^ C7[get_byte(7, B5)] ^ K4; + T5 = C0[get_byte(0, B5)] ^ C1[get_byte(1, B4)] ^ + C2[get_byte(2, B3)] ^ C3[get_byte(3, B2)] ^ + C4[get_byte(4, B1)] ^ C5[get_byte(5, B0)] ^ + C6[get_byte(6, B7)] ^ C7[get_byte(7, B6)] ^ K5; + T6 = C0[get_byte(0, B6)] ^ C1[get_byte(1, B5)] ^ + C2[get_byte(2, B4)] ^ C3[get_byte(3, B3)] ^ + C4[get_byte(4, B2)] ^ C5[get_byte(5, B1)] ^ + C6[get_byte(6, B0)] ^ C7[get_byte(7, B7)] ^ K6; + T7 = C0[get_byte(0, B7)] ^ C1[get_byte(1, B6)] ^ + C2[get_byte(2, B5)] ^ C3[get_byte(3, B4)] ^ + C4[get_byte(4, B3)] ^ C5[get_byte(5, B2)] ^ + C6[get_byte(6, B1)] ^ C7[get_byte(7, B0)] ^ K7; + + B0 = T0; B1 = T1; B2 = T2; B3 = T3; + B4 = T4; B5 = T5; B6 = T6; B7 = T7; + } + + digest[0] ^= B0 ^ M[0]; + digest[1] ^= B1 ^ M[1]; + digest[2] ^= B2 ^ M[2]; + digest[3] ^= B3 ^ M[3]; + digest[4] ^= B4 ^ M[4]; + digest[5] ^= B5 ^ M[5]; + digest[6] ^= B6 ^ M[6]; + digest[7] ^= B7 ^ M[7]; + } + +/************************************************* +* Copy out the digest * +*************************************************/ +void Whirlpool::copy_out(byte output[]) + { + for(u32bit j = 0; j != OUTPUT_LENGTH; j += 8) + store_be(digest[j/8], output + j); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void Whirlpool::clear() throw() + { + MDx_HashFunction::clear(); + M.clear(); + digest.clear(); + } + +} diff --git a/src/hash/whirlpool/whrlpool.h b/src/hash/whirlpool/whrlpool.h new file mode 100644 index 000000000..22f747520 --- /dev/null +++ b/src/hash/whirlpool/whrlpool.h @@ -0,0 +1,40 @@ +/************************************************* +* Whirlpool Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_WHIRLPOOL_H__ +#define BOTAN_WHIRLPOOL_H__ + +#include <botan/mdx_hash.h> + +namespace Botan { + +/************************************************* +* Whirlpool * +*************************************************/ +class BOTAN_DLL Whirlpool : public MDx_HashFunction + { + public: + void clear() throw(); + std::string name() const { return "Whirlpool"; } + HashFunction* clone() const { return new Whirlpool; } + Whirlpool() : MDx_HashFunction(64, 64, true, true, 32) { clear(); } + private: + void hash(const byte[]); + void copy_out(byte[]); + + static const u64bit C0[256]; + static const u64bit C1[256]; + static const u64bit C2[256]; + static const u64bit C3[256]; + static const u64bit C4[256]; + static const u64bit C5[256]; + static const u64bit C6[256]; + static const u64bit C7[256]; + SecureBuffer<u64bit, 8> M, digest; + }; + +} + +#endif diff --git a/src/io/fd_unix/fd_unix.cpp b/src/io/fd_unix/fd_unix.cpp new file mode 100644 index 000000000..ac88ac391 --- /dev/null +++ b/src/io/fd_unix/fd_unix.cpp @@ -0,0 +1,50 @@ +/************************************************* +* Pipe I/O for Unix Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/pipe.h> +#include <unistd.h> + +namespace Botan { + +/************************************************* +* Write data from a pipe into a Unix fd * +*************************************************/ +int operator<<(int fd, Pipe& pipe) + { + SecureVector<byte> buffer(DEFAULT_BUFFERSIZE); + while(pipe.remaining()) + { + u32bit got = pipe.read(buffer, buffer.size()); + u32bit position = 0; + while(got) + { + ssize_t ret = write(fd, buffer + position, got); + if(ret == -1) + throw Stream_IO_Error("Pipe output operator (unixfd) has failed"); + position += ret; + got -= ret; + } + } + return fd; + } + +/************************************************* +* Read data from a Unix fd into a pipe * +*************************************************/ +int operator>>(int fd, Pipe& pipe) + { + SecureVector<byte> buffer(DEFAULT_BUFFERSIZE); + while(true) + { + ssize_t ret = read(fd, buffer, buffer.size()); + if(ret == 0) break; + if(ret == -1) + throw Stream_IO_Error("Pipe input operator (unixfd) has failed"); + pipe.write(buffer, ret); + } + return fd; + } + +} diff --git a/src/io/fd_unix/fd_unix.h b/src/io/fd_unix/fd_unix.h new file mode 100644 index 000000000..cbe93dfe0 --- /dev/null +++ b/src/io/fd_unix/fd_unix.h @@ -0,0 +1,21 @@ +/************************************************* +* Pipe I/O for Unix Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_PIPE_UNIXFD_H__ +#define BOTAN_PIPE_UNIXFD_H__ + +#include <botan/pipe.h> + +namespace Botan { + +/************************************************* +* Unix I/O Operators for Pipe * +*************************************************/ +int operator<<(int, Pipe&); +int operator>>(int, Pipe&); + +} + +#endif diff --git a/src/io/fd_unix/modinfo.txt b/src/io/fd_unix/modinfo.txt new file mode 100644 index 000000000..e1f30ea28 --- /dev/null +++ b/src/io/fd_unix/modinfo.txt @@ -0,0 +1,27 @@ +realname "Unix I/O support for Pipe" + +define PIPE_UNIXFD_IO +modset unix,beos + +load_on auto + +<add> +fd_unix.h +fd_unix.cpp +</add> + +<os> +aix +beos +cygwin +darwin +freebsd +hpux +irix +linux +netbsd +openbsd +qnx +solaris +tru64 +</os> diff --git a/src/kdf/kdf1/kdf1.cpp b/src/kdf/kdf1/kdf1.cpp new file mode 100644 index 000000000..aac32db80 --- /dev/null +++ b/src/kdf/kdf1/kdf1.cpp @@ -0,0 +1,35 @@ +/************************************************* +* KDF1 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/kdf1.h> +#include <botan/lookup.h> +#include <memory> + +namespace Botan { + +/************************************************* +* KDF1 Key Derivation Mechanism * +*************************************************/ +SecureVector<byte> KDF1::derive(u32bit, + const byte secret[], u32bit secret_len, + const byte P[], u32bit P_len) const + { + std::auto_ptr<HashFunction> hash(get_hash(hash_name)); + + hash->update(secret, secret_len); + hash->update(P, P_len); + return hash->final(); + } + +/************************************************* +* KDF1 Constructor * +*************************************************/ +KDF1::KDF1(const std::string& h_name) : hash_name(h_name) + { + if(!have_hash(hash_name)) + throw Algorithm_Not_Found(hash_name); + } + +} diff --git a/src/kdf/kdf1/kdf1.h b/src/kdf/kdf1/kdf1.h new file mode 100644 index 000000000..ebc1979fc --- /dev/null +++ b/src/kdf/kdf1/kdf1.h @@ -0,0 +1,29 @@ +/************************************************* +* KDF1 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_KDF1_H__ +#define BOTAN_KDF1_H__ + +#include <botan/pk_util.h> + +namespace Botan { + +/************************************************* +* KDF1 * +*************************************************/ +class BOTAN_DLL KDF1 : public KDF + { + public: + SecureVector<byte> derive(u32bit, const byte[], u32bit, + const byte[], u32bit) const; + + KDF1(const std::string&); + private: + const std::string hash_name; + }; + +} + +#endif diff --git a/src/kdf/kdf1/modinfo.txt b/src/kdf/kdf1/modinfo.txt new file mode 100644 index 000000000..802df67d0 --- /dev/null +++ b/src/kdf/kdf1/modinfo.txt @@ -0,0 +1,10 @@ +realname "KDF1" + +define KDF1 + +load_on auto + +<add> +kdf1.h +kdf1.cpp +</add> diff --git a/src/kdf/kdf2/kdf2.cpp b/src/kdf/kdf2/kdf2.cpp new file mode 100644 index 000000000..fa975ccb9 --- /dev/null +++ b/src/kdf/kdf2/kdf2.cpp @@ -0,0 +1,51 @@ +/************************************************* +* KDF2 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/kdf2.h> +#include <botan/lookup.h> +#include <botan/loadstor.h> +#include <memory> + +namespace Botan { + +/************************************************* +* KDF2 Key Derivation Mechanism * +*************************************************/ +SecureVector<byte> KDF2::derive(u32bit out_len, + const byte secret[], u32bit secret_len, + const byte P[], u32bit P_len) const + { + SecureVector<byte> output; + u32bit counter = 1; + + std::auto_ptr<HashFunction> hash(get_hash(hash_name)); + while(out_len && counter) + { + hash->update(secret, secret_len); + for(u32bit j = 0; j != 4; ++j) + hash->update(get_byte(j, counter)); + hash->update(P, P_len); + SecureVector<byte> hash_result = hash->final(); + + u32bit added = std::min(hash_result.size(), out_len); + output.append(hash_result, added); + out_len -= added; + + ++counter; + } + + return output; + } + +/************************************************* +* KDF2 Constructor * +*************************************************/ +KDF2::KDF2(const std::string& h_name) : hash_name(h_name) + { + if(!have_hash(hash_name)) + throw Algorithm_Not_Found(hash_name); + } + +} diff --git a/src/kdf/kdf2/kdf2.h b/src/kdf/kdf2/kdf2.h new file mode 100644 index 000000000..003f0fc45 --- /dev/null +++ b/src/kdf/kdf2/kdf2.h @@ -0,0 +1,29 @@ +/************************************************* +* KDF2 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_KDF2_H__ +#define BOTAN_KDF2_H__ + +#include <botan/pk_util.h> + +namespace Botan { + +/************************************************* +* KDF2 * +*************************************************/ +class BOTAN_DLL KDF2 : public KDF + { + public: + SecureVector<byte> derive(u32bit, const byte[], u32bit, + const byte[], u32bit) const; + + KDF2(const std::string&); + private: + const std::string hash_name; + }; + +} + +#endif diff --git a/src/kdf/kdf2/modinfo.txt b/src/kdf/kdf2/modinfo.txt new file mode 100644 index 000000000..7fceffb18 --- /dev/null +++ b/src/kdf/kdf2/modinfo.txt @@ -0,0 +1,10 @@ +realname "KDF2" + +define KDF2 + +load_on auto + +<add> +kdf2.cpp +kdf2.h +</add> diff --git a/src/kdf/pbkdf1/modinfo.txt b/src/kdf/pbkdf1/modinfo.txt new file mode 100644 index 000000000..3c1ae802c --- /dev/null +++ b/src/kdf/pbkdf1/modinfo.txt @@ -0,0 +1,10 @@ +realname "Pbkdf1" + +define PBKDF1 + +load_on auto + +<add> +pbkdf1.cpp +pbkdf1.h +</add> diff --git a/src/kdf/pbkdf1/pbkdf1.cpp b/src/kdf/pbkdf1/pbkdf1.cpp new file mode 100644 index 000000000..70cff9eee --- /dev/null +++ b/src/kdf/pbkdf1/pbkdf1.cpp @@ -0,0 +1,57 @@ +/************************************************* +* PBKDF1 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/pbkdf1.h> +#include <botan/lookup.h> +#include <memory> + +namespace Botan { + +/************************************************* +* Return a PKCS#5 PBKDF1 derived key * +*************************************************/ +OctetString PKCS5_PBKDF1::derive(u32bit key_len, + const std::string& passphrase, + const byte salt[], u32bit salt_size, + u32bit iterations) const + { + if(iterations == 0) + throw Invalid_Argument("PKCS#5 PBKDF1: Invalid iteration count"); + + std::auto_ptr<HashFunction> hash(get_hash(hash_name)); + if(key_len > hash->OUTPUT_LENGTH) + throw Exception("PKCS#5 PBKDF1: Requested output length too long"); + + hash->update(passphrase); + hash->update(salt, salt_size); + SecureVector<byte> key = hash->final(); + + for(u32bit j = 1; j != iterations; ++j) + { + hash->update(key); + hash->final(key); + } + + return OctetString(key, std::min(key_len, key.size())); + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string PKCS5_PBKDF1::name() const + { + return "PBKDF1(" + hash_name + ")"; + } + +/************************************************* +* PKCS5_PBKDF1 Constructor * +*************************************************/ +PKCS5_PBKDF1::PKCS5_PBKDF1(const std::string& h_name) : hash_name(h_name) + { + if(!have_hash(hash_name)) + throw Algorithm_Not_Found(hash_name); + } + +} diff --git a/src/kdf/pbkdf1/pbkdf1.h b/src/kdf/pbkdf1/pbkdf1.h new file mode 100644 index 000000000..3608bb470 --- /dev/null +++ b/src/kdf/pbkdf1/pbkdf1.h @@ -0,0 +1,30 @@ +/************************************************* +* PBKDF1 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_PBKDF1_H__ +#define BOTAN_PBKDF1_H__ + +#include <botan/s2k.h> + +namespace Botan { + +/************************************************* +* PKCS #5 PBKDF1 * +*************************************************/ +class BOTAN_DLL PKCS5_PBKDF1 : public S2K + { + public: + std::string name() const; + S2K* clone() const { return new PKCS5_PBKDF1(hash_name); } + PKCS5_PBKDF1(const std::string&); + private: + OctetString derive(u32bit, const std::string&, + const byte[], u32bit, u32bit) const; + const std::string hash_name; + }; + +} + +#endif diff --git a/src/kdf/pbkdf2/modinfo.txt b/src/kdf/pbkdf2/modinfo.txt new file mode 100644 index 000000000..e51a331c6 --- /dev/null +++ b/src/kdf/pbkdf2/modinfo.txt @@ -0,0 +1,10 @@ +realname "Pbkdf2" + +define PBKDF2 + +load_on auto + +<add> +pbkdf2.cpp +pbkdf2.h +</add> diff --git a/src/kdf/pbkdf2/pbkdf2.cpp b/src/kdf/pbkdf2/pbkdf2.cpp new file mode 100644 index 000000000..09d51d2a6 --- /dev/null +++ b/src/kdf/pbkdf2/pbkdf2.cpp @@ -0,0 +1,81 @@ +/************************************************* +* PBKDF2 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/pbkdf2.h> +#include <botan/loadstor.h> +#include <botan/hmac.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> + +namespace Botan { + +/************************************************* +* Return a PKCS#5 PBKDF2 derived key * +*************************************************/ +OctetString PKCS5_PBKDF2::derive(u32bit key_len, + const std::string& passphrase, + const byte salt[], u32bit salt_size, + u32bit iterations) const + { + if(iterations == 0) + throw Invalid_Argument("PKCS#5 PBKDF2: Invalid iteration count"); + + if(passphrase.length() == 0) + throw Invalid_Argument("PKCS#5 PBKDF2: Empty passphrase is invalid"); + + HMAC hmac(hash_name); + + hmac.set_key(reinterpret_cast<const byte*>(passphrase.data()), + passphrase.length()); + + SecureVector<byte> key(key_len); + + byte* T = key.begin(); + + u32bit counter = 1; + while(key_len) + { + u32bit T_size = std::min(hmac.OUTPUT_LENGTH, key_len); + SecureVector<byte> U(hmac.OUTPUT_LENGTH); + + hmac.update(salt, salt_size); + for(u32bit j = 0; j != 4; ++j) + hmac.update(get_byte(j, counter)); + hmac.final(U); + xor_buf(T, U, T_size); + + for(u32bit j = 1; j != iterations; ++j) + { + hmac.update(U); + hmac.final(U); + xor_buf(T, U, T_size); + } + + key_len -= T_size; + T += T_size; + ++counter; + } + + return key; + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string PKCS5_PBKDF2::name() const + { + return "PBKDF2(" + hash_name + ")"; + } + +/************************************************* +* PKCS5_PBKDF2 Constructor * +*************************************************/ +PKCS5_PBKDF2::PKCS5_PBKDF2(const std::string& h_name) : hash_name(h_name) + { + if(!have_hash(hash_name)) + throw Algorithm_Not_Found(hash_name); + } + +} diff --git a/src/kdf/pbkdf2/pbkdf2.h b/src/kdf/pbkdf2/pbkdf2.h new file mode 100644 index 000000000..dc6e41b9e --- /dev/null +++ b/src/kdf/pbkdf2/pbkdf2.h @@ -0,0 +1,30 @@ +/************************************************* +* PBKDF2 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_PBKDF2_H__ +#define BOTAN_PBKDF2_H__ + +#include <botan/s2k.h> + +namespace Botan { + +/************************************************* +* PKCS #5 PBKDF2 * +*************************************************/ +class BOTAN_DLL PKCS5_PBKDF2 : public S2K + { + public: + std::string name() const; + S2K* clone() const { return new PKCS5_PBKDF2(hash_name); } + PKCS5_PBKDF2(const std::string&); + private: + OctetString derive(u32bit, const std::string&, + const byte[], u32bit, u32bit) const; + const std::string hash_name; + }; + +} + +#endif diff --git a/src/kdf/pgps2k/modinfo.txt b/src/kdf/pgps2k/modinfo.txt new file mode 100644 index 000000000..a3d5a146f --- /dev/null +++ b/src/kdf/pgps2k/modinfo.txt @@ -0,0 +1,10 @@ +realname "Pgps2k" + +define PGPS2K + +load_on auto + +<add> +pgp_s2k.cpp +pgp_s2k.h +</add> diff --git a/src/kdf/pgps2k/pgp_s2k.cpp b/src/kdf/pgps2k/pgp_s2k.cpp new file mode 100644 index 000000000..66a243e45 --- /dev/null +++ b/src/kdf/pgps2k/pgp_s2k.cpp @@ -0,0 +1,82 @@ +/************************************************* +* OpenPGP S2K Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/pgp_s2k.h> +#include <botan/lookup.h> +#include <algorithm> +#include <memory> + +namespace Botan { + +/************************************************* +* Derive a key using the OpenPGP S2K algorithm * +*************************************************/ +OctetString OpenPGP_S2K::derive(u32bit key_len, const std::string& passphrase, + const byte salt_buf[], u32bit salt_size, + u32bit iterations) const + { + SecureVector<byte> key(key_len), hash_buf; + + u32bit pass = 0, generated = 0, + total_size = passphrase.size() + salt_size; + u32bit to_hash = std::max(iterations, total_size); + + std::auto_ptr<HashFunction> hash(get_hash(hash_name)); + + hash->clear(); + while(key_len > generated) + { + for(u32bit j = 0; j != pass; ++j) + hash->update(0); + + u32bit left = to_hash; + while(left >= total_size) + { + hash->update(salt_buf, salt_size); + hash->update(passphrase); + left -= total_size; + } + if(left <= salt_size) + hash->update(salt_buf, left); + else + { + hash->update(salt_buf, salt_size); + left -= salt_size; + hash->update(reinterpret_cast<const byte*>(passphrase.data()), left); + } + + hash_buf = hash->final(); + key.copy(generated, hash_buf, hash->OUTPUT_LENGTH); + generated += hash->OUTPUT_LENGTH; + ++pass; + } + + return key; + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string OpenPGP_S2K::name() const + { + return "OpenPGP-S2K(" + hash_name + ")"; + } + +/************************************************* +* Return a clone of this object * +*************************************************/ +S2K* OpenPGP_S2K::clone() const + { + return new OpenPGP_S2K(hash_name); + } + +/************************************************* +* OpenPGP S2K Constructor * +*************************************************/ +OpenPGP_S2K::OpenPGP_S2K(const std::string& h) : hash_name(h) + { + } + +} diff --git a/src/kdf/pgps2k/pgp_s2k.h b/src/kdf/pgps2k/pgp_s2k.h new file mode 100644 index 000000000..cd263a735 --- /dev/null +++ b/src/kdf/pgps2k/pgp_s2k.h @@ -0,0 +1,30 @@ +/************************************************* +* OpenPGP S2K Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_OPENPGP_S2K_H__ +#define BOTAN_OPENPGP_S2K_H__ + +#include <botan/s2k.h> + +namespace Botan { + +/************************************************* +* OpenPGP S2K * +*************************************************/ +class BOTAN_DLL OpenPGP_S2K : public S2K + { + public: + std::string name() const; + S2K* clone() const; + OpenPGP_S2K(const std::string&); + private: + OctetString derive(u32bit, const std::string&, + const byte[], u32bit, u32bit) const; + const std::string hash_name; + }; + +} + +#endif diff --git a/src/kdf/sslv3/modinfo.txt b/src/kdf/sslv3/modinfo.txt new file mode 100644 index 000000000..c41b59b12 --- /dev/null +++ b/src/kdf/sslv3/modinfo.txt @@ -0,0 +1,10 @@ +realname "SSLv3 PRF" + +define SSL_V3_PRF + +load_on auto + +<add> +prf_ssl3.h +prf_ssl3.cpp +</add> diff --git a/src/kdf/sslv3/prf_ssl3.cpp b/src/kdf/sslv3/prf_ssl3.cpp new file mode 100644 index 000000000..b241bf60f --- /dev/null +++ b/src/kdf/sslv3/prf_ssl3.cpp @@ -0,0 +1,71 @@ +/************************************************* +* SSLv3 PRF Source File * +* (C) 2004-2006 Jack Lloyd * +*************************************************/ + +#include <botan/prf_ssl3.h> +#include <botan/lookup.h> +#include <memory> + +namespace Botan { + +namespace { + +/************************************************* +* Return the next inner hash * +*************************************************/ +OctetString next_hash(u32bit where, u32bit want, + HashFunction* md5, HashFunction* sha1, + const byte secret[], u32bit secret_len, + const byte seed[], u32bit seed_len) + { + if(want > md5->OUTPUT_LENGTH) + throw Internal_Error("SSL3_PRF:next_hash: want is too big"); + + const byte ASCII_A_CHAR = 0x41; + + for(u32bit j = 0; j != where + 1; j++) + sha1->update(ASCII_A_CHAR + where); + sha1->update(secret, secret_len); + sha1->update(seed, seed_len); + SecureVector<byte> sha1_hash = sha1->final(); + + md5->update(secret, secret_len); + md5->update(sha1_hash); + SecureVector<byte> md5_hash = md5->final(); + + return OctetString(md5_hash, want); + } + +} + +/************************************************* +* SSL3 PRF * +*************************************************/ +SecureVector<byte> SSL3_PRF::derive(u32bit key_len, + const byte secret[], u32bit secret_len, + const byte seed[], u32bit seed_len) const + { + if(key_len > 416) + throw Internal_Error("SSL3_PRF: Requested key length is too large"); + + std::auto_ptr<HashFunction> md5(get_hash("MD5")); + std::auto_ptr<HashFunction> sha1(get_hash("SHA-1")); + + OctetString output; + + int counter = 0; + while(key_len) + { + const u32bit produce = std::min(key_len, md5->OUTPUT_LENGTH); + + output = output + next_hash(counter++, produce, md5.get(), sha1.get(), + secret, secret_len, seed, seed_len); + + key_len -= produce; + } + + return output.bits_of(); + } + +} diff --git a/src/kdf/sslv3/prf_ssl3.h b/src/kdf/sslv3/prf_ssl3.h new file mode 100644 index 000000000..951ccfe92 --- /dev/null +++ b/src/kdf/sslv3/prf_ssl3.h @@ -0,0 +1,25 @@ +/************************************************* +* SSLv3 PRF Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_SSLV3_PRF_H__ +#define BOTAN_SSLV3_PRF_H__ + +#include <botan/pk_util.h> + +namespace Botan { + +/************************************************* +* SSL3 PRF * +*************************************************/ +class BOTAN_DLL SSL3_PRF : public KDF + { + public: + SecureVector<byte> derive(u32bit, const byte[], u32bit, + const byte[], u32bit) const; + }; + +} + +#endif diff --git a/src/kdf/tlsv1/modinfo.txt b/src/kdf/tlsv1/modinfo.txt new file mode 100644 index 000000000..9f05f8729 --- /dev/null +++ b/src/kdf/tlsv1/modinfo.txt @@ -0,0 +1,10 @@ +realname "TLS v1.0 PRF" + +define TLS_V10_PRF + +load_on auto + +<add> +prf_tls.h +prf_tls.cpp +</add> diff --git a/src/kdf/tlsv1/prf_tls.cpp b/src/kdf/tlsv1/prf_tls.cpp new file mode 100644 index 000000000..e035ac85e --- /dev/null +++ b/src/kdf/tlsv1/prf_tls.cpp @@ -0,0 +1,63 @@ +/************************************************* +* TLS PRF Source File * +* (C) 2004-2006 Jack Lloyd * +*************************************************/ + +#include <botan/prf_tls.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> +#include <botan/hmac.h> + +namespace Botan { + +/************************************************* +* TLS PRF * +*************************************************/ +SecureVector<byte> TLS_PRF::derive(u32bit key_len, + const byte secret[], u32bit secret_len, + const byte seed[], u32bit seed_len) const + { + u32bit S1_len = (secret_len + 1) / 2, + S2_len = (secret_len + 1) / 2; + const byte* S1 = secret; + const byte* S2 = secret + (secret_len - S2_len); + + SecureVector<byte> key1, key2; + key1 = P_hash("MD5", key_len, S1, S1_len, seed, seed_len); + key2 = P_hash("SHA-1", key_len, S2, S2_len, seed, seed_len); + + xor_buf(key1.begin(), key2.begin(), key2.size()); + + return key1; + } + +/************************************************* +* TLS PRF P_hash function * +*************************************************/ +SecureVector<byte> TLS_PRF::P_hash(const std::string& hash, u32bit len, + const byte secret[], u32bit secret_len, + const byte seed[], u32bit seed_len) const + { + SecureVector<byte> out; + + HMAC hmac(hash); + hmac.set_key(secret, secret_len); + + SecureVector<byte> A(seed, seed_len); + while(len) + { + const u32bit this_block_len = std::min(hmac.OUTPUT_LENGTH, len); + + A = hmac.process(A); + + hmac.update(A); + hmac.update(seed, seed_len); + SecureVector<byte> block = hmac.final(); + + out.append(block, this_block_len); + len -= this_block_len; + } + return out; + } + +} diff --git a/src/kdf/tlsv1/prf_tls.h b/src/kdf/tlsv1/prf_tls.h new file mode 100644 index 000000000..ebd0815ca --- /dev/null +++ b/src/kdf/tlsv1/prf_tls.h @@ -0,0 +1,29 @@ +/************************************************* +* TLS v1.0 PRF Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_TLS_PRF__ +#define BOTAN_TLS_PRF__ + +#include <botan/pk_util.h> + +namespace Botan { + +/************************************************* +* TLS PRF * +*************************************************/ +class BOTAN_DLL TLS_PRF : public KDF + { + public: + SecureVector<byte> derive(u32bit, const byte[], u32bit, + const byte[], u32bit) const; + private: + SecureVector<byte> P_hash(const std::string&, u32bit, + const byte[], u32bit, + const byte[], u32bit) const; + }; + +} + +#endif diff --git a/src/kdf/x942/modinfo.txt b/src/kdf/x942/modinfo.txt new file mode 100644 index 000000000..32057fe94 --- /dev/null +++ b/src/kdf/x942/modinfo.txt @@ -0,0 +1,10 @@ +realname "X942 PRF" + +define X942_PRF + +load_on auto + +<add> +prf_x942.cpp +prf_x942.h +</add> diff --git a/src/kdf/x942/prf_x942.cpp b/src/kdf/x942/prf_x942.cpp new file mode 100644 index 000000000..3a7298771 --- /dev/null +++ b/src/kdf/x942/prf_x942.cpp @@ -0,0 +1,89 @@ +/************************************************* +* X9.42 PRF Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/prf_x942.h> +#include <botan/der_enc.h> +#include <botan/oids.h> +#include <botan/lookup.h> +#include <botan/loadstor.h> +#include <algorithm> +#include <memory> + +namespace Botan { + +namespace { + +/************************************************* +* Encode an integer as an OCTET STRING * +*************************************************/ +MemoryVector<byte> encode_x942_int(u32bit n) + { + byte n_buf[4] = { 0 }; + store_be(n, n_buf); + return DER_Encoder().encode(n_buf, 4, OCTET_STRING).get_contents(); + } + +} + +/************************************************* +* X9.42 PRF * +*************************************************/ +SecureVector<byte> X942_PRF::derive(u32bit key_len, + const byte secret[], u32bit secret_len, + const byte salt[], u32bit salt_len) const + { + std::auto_ptr<HashFunction> hash(get_hash("SHA-1")); + const OID kek_algo(key_wrap_oid); + + SecureVector<byte> key; + u32bit counter = 1; + + while(key.size() != key_len && counter) + { + hash->update(secret, secret_len); + + hash->update( + DER_Encoder().start_cons(SEQUENCE) + + .start_cons(SEQUENCE) + .encode(kek_algo) + .raw_bytes(encode_x942_int(counter)) + .end_cons() + + .encode_if(salt_len != 0, + DER_Encoder() + .start_explicit(0) + .encode(salt, salt_len, OCTET_STRING) + .end_explicit() + ) + + .start_explicit(2) + .raw_bytes(encode_x942_int(8 * key_len)) + .end_explicit() + + .end_cons().get_contents() + ); + + SecureVector<byte> digest = hash->final(); + key.append(digest, std::min(digest.size(), key_len - key.size())); + + ++counter; + } + + return key; + } + +/************************************************* +* X9.42 Constructor * +*************************************************/ +X942_PRF::X942_PRF(const std::string& oid) + { + if(OIDS::have_oid(oid)) + key_wrap_oid = OIDS::lookup(oid).as_string(); + else + key_wrap_oid = oid; + } + +} diff --git a/src/kdf/x942/prf_x942.h b/src/kdf/x942/prf_x942.h new file mode 100644 index 000000000..9b78d1f86 --- /dev/null +++ b/src/kdf/x942/prf_x942.h @@ -0,0 +1,29 @@ +/************************************************* +* X9.42 PRF Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ANSI_X942_PRF_H__ +#define BOTAN_ANSI_X942_PRF_H__ + +#include <botan/pk_util.h> + +namespace Botan { + +/************************************************* +* X9.42 PRF * +*************************************************/ +class BOTAN_DLL X942_PRF : public KDF + { + public: + SecureVector<byte> derive(u32bit, const byte[], u32bit, + const byte[], u32bit) const; + + X942_PRF(const std::string&); + private: + std::string key_wrap_oid; + }; + +} + +#endif diff --git a/src/mac/cbc_mac/cbc_mac.cpp b/src/mac/cbc_mac/cbc_mac.cpp new file mode 100644 index 000000000..d5275b0ed --- /dev/null +++ b/src/mac/cbc_mac/cbc_mac.cpp @@ -0,0 +1,109 @@ +/************************************************* +* CBC-MAC Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/cbc_mac.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> +#include <algorithm> + +namespace Botan { + +/************************************************* +* Update an CBC-MAC Calculation * +*************************************************/ +void CBC_MAC::add_data(const byte input[], u32bit length) + { + u32bit xored = std::min(OUTPUT_LENGTH - position, length); + xor_buf(state + position, input, xored); + position += xored; + + if(position < OUTPUT_LENGTH) + return; + + e->encrypt(state); + input += xored; + length -= xored; + while(length >= OUTPUT_LENGTH) + { + xor_buf(state, input, OUTPUT_LENGTH); + e->encrypt(state); + input += OUTPUT_LENGTH; + length -= OUTPUT_LENGTH; + } + + xor_buf(state, input, length); + position = length; + } + +/************************************************* +* Finalize an CBC-MAC Calculation * +*************************************************/ +void CBC_MAC::final_result(byte mac[]) + { + if(position) + e->encrypt(state); + + copy_mem(mac, state.begin(), state.size()); + state.clear(); + position = 0; + } + +/************************************************* +* CBC-MAC Key Schedule * +*************************************************/ +void CBC_MAC::key(const byte key[], u32bit length) + { + e->set_key(key, length); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void CBC_MAC::clear() throw() + { + e->clear(); + state.clear(); + position = 0; + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string CBC_MAC::name() const + { + return "CBC-MAC(" + e->name() + ")"; + } + +/************************************************* +* Return a clone of this object * +*************************************************/ +MessageAuthenticationCode* CBC_MAC::clone() const + { + return new CBC_MAC(e->name()); + } + +/************************************************* +* CBC-MAC Constructor * +*************************************************/ +CBC_MAC::CBC_MAC(const std::string& cipher) : + MessageAuthenticationCode(block_size_of(cipher), + min_keylength_of(cipher), + max_keylength_of(cipher), + keylength_multiple_of(cipher)), + state(block_size_of(cipher)) + { + e = get_block_cipher(cipher); + position = 0; + } + +/************************************************* +* CBC-MAC Destructor * +*************************************************/ +CBC_MAC::~CBC_MAC() + { + delete e; + } + +} diff --git a/src/mac/cbc_mac/cbc_mac.h b/src/mac/cbc_mac/cbc_mac.h new file mode 100644 index 000000000..a5646d07a --- /dev/null +++ b/src/mac/cbc_mac/cbc_mac.h @@ -0,0 +1,36 @@ +/************************************************* +* CBC-MAC Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_CBC_MAC__ +#define BOTAN_CBC_MAC__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* CBC-MAC * +*************************************************/ +class BOTAN_DLL CBC_MAC : public MessageAuthenticationCode + { + public: + void clear() throw(); + std::string name() const; + MessageAuthenticationCode* clone() const; + CBC_MAC(const std::string&); + ~CBC_MAC(); + private: + void add_data(const byte[], u32bit); + void final_result(byte[]); + void key(const byte[], u32bit); + + BlockCipher* e; + SecureVector<byte> state; + u32bit position; + }; + +} + +#endif diff --git a/src/mac/cbc_mac/modinfo.txt b/src/mac/cbc_mac/modinfo.txt new file mode 100644 index 000000000..3a7a6e781 --- /dev/null +++ b/src/mac/cbc_mac/modinfo.txt @@ -0,0 +1,10 @@ +realname "CBC-MAC" + +define CBC_MAC + +load_on auto + +<add> +cbc_mac.cpp +cbc_mac.h +</add> diff --git a/src/mac/cmac/cmac.cpp b/src/mac/cmac/cmac.cpp new file mode 100644 index 000000000..5a99f93b1 --- /dev/null +++ b/src/mac/cmac/cmac.cpp @@ -0,0 +1,152 @@ +/************************************************* +* CMAC Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/cmac.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> + +namespace Botan { + +/************************************************* +* Perform CMAC's multiplication in GF(2^n) * +*************************************************/ +SecureVector<byte> CMAC::poly_double(const MemoryRegion<byte>& in, + byte polynomial) + { + const bool do_xor = (in[0] & 0x80) ? true : false; + + SecureVector<byte> out = in; + + byte carry = 0; + for(u32bit j = out.size(); j != 0; --j) + { + byte temp = out[j-1]; + out[j-1] = (temp << 1) | carry; + carry = (temp >> 7); + } + + if(do_xor) + out[out.size()-1] ^= polynomial; + + return out; + } + +/************************************************* +* Update an CMAC Calculation * +*************************************************/ +void CMAC::add_data(const byte input[], u32bit length) + { + buffer.copy(position, input, length); + if(position + length > OUTPUT_LENGTH) + { + xor_buf(state, buffer, OUTPUT_LENGTH); + e->encrypt(state); + input += (OUTPUT_LENGTH - position); + length -= (OUTPUT_LENGTH - position); + while(length > OUTPUT_LENGTH) + { + xor_buf(state, input, OUTPUT_LENGTH); + e->encrypt(state); + input += OUTPUT_LENGTH; + length -= OUTPUT_LENGTH; + } + buffer.copy(input, length); + position = 0; + } + position += length; + } + +/************************************************* +* Finalize an CMAC Calculation * +*************************************************/ +void CMAC::final_result(byte mac[]) + { + xor_buf(state, buffer, position); + + if(position == OUTPUT_LENGTH) + { + xor_buf(state, B, OUTPUT_LENGTH); + } + else + { + state[position] ^= 0x80; + xor_buf(state, P, OUTPUT_LENGTH); + } + + e->encrypt(state); + + for(u32bit j = 0; j != OUTPUT_LENGTH; ++j) + mac[j] = state[j]; + + state.clear(); + buffer.clear(); + position = 0; + } + +/************************************************* +* CMAC Key Schedule * +*************************************************/ +void CMAC::key(const byte key[], u32bit length) + { + clear(); + e->set_key(key, length); + e->encrypt(B); + B = poly_double(B, polynomial); + P = poly_double(B, polynomial); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void CMAC::clear() throw() + { + e->clear(); + state.clear(); + buffer.clear(); + B.clear(); + P.clear(); + position = 0; + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string CMAC::name() const + { + return "CMAC(" + e->name() + ")"; + } + +/************************************************* +* Return a clone of this object * +*************************************************/ +MessageAuthenticationCode* CMAC::clone() const + { + return new CMAC(e->name()); + } + +/************************************************* +* CMAC Constructor * +*************************************************/ +CMAC::CMAC(const std::string& bc_name) : + MessageAuthenticationCode(block_size_of(bc_name), + min_keylength_of(bc_name), + max_keylength_of(bc_name), + keylength_multiple_of(bc_name)) + { + e = get_block_cipher(bc_name); + + if(e->BLOCK_SIZE == 16) polynomial = 0x87; + else if(e->BLOCK_SIZE == 8) polynomial = 0x1B; + else + throw Invalid_Argument("CMAC cannot use the cipher " + e->name()); + + state.create(OUTPUT_LENGTH); + buffer.create(OUTPUT_LENGTH); + B.create(OUTPUT_LENGTH); + P.create(OUTPUT_LENGTH); + position = 0; + } + +} diff --git a/src/mac/cmac/cmac.h b/src/mac/cmac/cmac.h new file mode 100644 index 000000000..c7f107258 --- /dev/null +++ b/src/mac/cmac/cmac.h @@ -0,0 +1,41 @@ +/************************************************* +* CMAC Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_CMAC_H__ +#define BOTAN_CMAC_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* CMAC * +*************************************************/ +class BOTAN_DLL CMAC : public MessageAuthenticationCode + { + public: + void clear() throw(); + std::string name() const; + MessageAuthenticationCode* clone() const; + + static SecureVector<byte> poly_double(const MemoryRegion<byte>& in, + byte polynomial); + + CMAC(const std::string&); + ~CMAC() { delete e; } + private: + void add_data(const byte[], u32bit); + void final_result(byte[]); + void key(const byte[], u32bit); + + BlockCipher* e; + SecureVector<byte> buffer, state, B, P; + u32bit position; + byte polynomial; + }; + +} + +#endif diff --git a/src/mac/cmac/modinfo.txt b/src/mac/cmac/modinfo.txt new file mode 100644 index 000000000..5188af0c0 --- /dev/null +++ b/src/mac/cmac/modinfo.txt @@ -0,0 +1,10 @@ +realname "CMAC" + +define CMAC + +load_on auto + +<add> +cmac.cpp +cmac.h +</add> diff --git a/src/mac/hmac/hmac.cpp b/src/mac/hmac/hmac.cpp new file mode 100644 index 000000000..b8c76e8f6 --- /dev/null +++ b/src/mac/hmac/hmac.cpp @@ -0,0 +1,97 @@ +/************************************************* +* HMAC Source File * +* (C) 1999-2007 Jack Lloyd * +* 2007 Yves Jerschow * +*************************************************/ + +#include <botan/hmac.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> + +namespace Botan { + +/************************************************* +* Update a HMAC Calculation * +*************************************************/ +void HMAC::add_data(const byte input[], u32bit length) + { + hash->update(input, length); + } + +/************************************************* +* Finalize a HMAC Calculation * +*************************************************/ +void HMAC::final_result(byte mac[]) + { + hash->final(mac); + hash->update(o_key); + hash->update(mac, OUTPUT_LENGTH); + hash->final(mac); + hash->update(i_key); + } + +/************************************************* +* HMAC Key Schedule * +*************************************************/ +void HMAC::key(const byte key[], u32bit length) + { + hash->clear(); + std::fill(i_key.begin(), i_key.end(), 0x36); + std::fill(o_key.begin(), o_key.end(), 0x5C); + + if(length > hash->HASH_BLOCK_SIZE) + { + SecureVector<byte> hmac_key = hash->process(key, length); + xor_buf(i_key, hmac_key, hmac_key.size()); + xor_buf(o_key, hmac_key, hmac_key.size()); + } + else + { + xor_buf(i_key, key, length); + xor_buf(o_key, key, length); + } + + hash->update(i_key); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void HMAC::clear() throw() + { + hash->clear(); + i_key.clear(); + o_key.clear(); + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string HMAC::name() const + { + return "HMAC(" + hash->name() + ")"; + } + +/************************************************* +* Return a clone of this object * +*************************************************/ +MessageAuthenticationCode* HMAC::clone() const + { + return new HMAC(hash->name()); + } + +/************************************************* +* HMAC Constructor * +*************************************************/ +HMAC::HMAC(const std::string& hash_name) : + MessageAuthenticationCode(output_length_of(hash_name), + 1, 2*block_size_of(hash_name)), + hash(get_hash(hash_name)) + { + if(hash->HASH_BLOCK_SIZE == 0) + throw Invalid_Argument("HMAC cannot be used with " + hash->name()); + i_key.create(hash->HASH_BLOCK_SIZE); + o_key.create(hash->HASH_BLOCK_SIZE); + } + +} diff --git a/src/mac/hmac/hmac.h b/src/mac/hmac/hmac.h new file mode 100644 index 000000000..62529cf13 --- /dev/null +++ b/src/mac/hmac/hmac.h @@ -0,0 +1,34 @@ +/************************************************* +* HMAC Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_HMAC_H__ +#define BOTAN_HMAC_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* HMAC * +*************************************************/ +class BOTAN_DLL HMAC : public MessageAuthenticationCode + { + public: + void clear() throw(); + std::string name() const; + MessageAuthenticationCode* clone() const; + HMAC(const std::string&); + ~HMAC() { delete hash; } + private: + void add_data(const byte[], u32bit); + void final_result(byte[]); + void key(const byte[], u32bit); + HashFunction* hash; + SecureVector<byte> i_key, o_key; + }; + +} + +#endif diff --git a/src/mac/hmac/modinfo.txt b/src/mac/hmac/modinfo.txt new file mode 100644 index 000000000..534d2e036 --- /dev/null +++ b/src/mac/hmac/modinfo.txt @@ -0,0 +1,10 @@ +realname "HMAC" + +define HMAC + +load_on auto + +<add> +hmac.cpp +hmac.h +</add> diff --git a/src/mac/ssl3mac/modinfo.txt b/src/mac/ssl3mac/modinfo.txt new file mode 100644 index 000000000..d7a86e571 --- /dev/null +++ b/src/mac/ssl3mac/modinfo.txt @@ -0,0 +1,10 @@ +realname "SSLv3 MAC" + +define SSL3_MAC + +load_on auto + +<add> +ssl3_mac.cpp +ssl3_mac.h +</add> diff --git a/src/mac/ssl3mac/ssl3_mac.cpp b/src/mac/ssl3mac/ssl3_mac.cpp new file mode 100644 index 000000000..ceb04bf44 --- /dev/null +++ b/src/mac/ssl3mac/ssl3_mac.cpp @@ -0,0 +1,88 @@ +/************************************************* +* SSL3-MAC Source File * +* (C) 1999-2004 Jack Lloyd * +*************************************************/ + +#include <botan/ssl3_mac.h> +#include <botan/lookup.h> + +namespace Botan { + +/************************************************* +* Update a SSL3-MAC Calculation * +*************************************************/ +void SSL3_MAC::add_data(const byte input[], u32bit length) + { + hash->update(input, length); + } + +/************************************************* +* Finalize a SSL3-MAC Calculation * +*************************************************/ +void SSL3_MAC::final_result(byte mac[]) + { + hash->final(mac); + hash->update(o_key); + hash->update(mac, OUTPUT_LENGTH); + hash->final(mac); + hash->update(i_key); + } + +/************************************************* +* SSL3-MAC Key Schedule * +*************************************************/ +void SSL3_MAC::key(const byte key[], u32bit length) + { + hash->clear(); + std::fill(i_key.begin(), i_key.end(), 0x36); + std::fill(o_key.begin(), o_key.end(), 0x5C); + + i_key.copy(key, length); + o_key.copy(key, length); + hash->update(i_key); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void SSL3_MAC::clear() throw() + { + hash->clear(); + i_key.clear(); + o_key.clear(); + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string SSL3_MAC::name() const + { + return "SSL3-MAC(" + hash->name() + ")"; + } + +/************************************************* +* Return a clone of this object * +*************************************************/ +MessageAuthenticationCode* SSL3_MAC::clone() const + { + return new SSL3_MAC(hash->name()); + } + +/************************************************* +* SSL3-MAC Constructor * +*************************************************/ +SSL3_MAC::SSL3_MAC(const std::string& hash_name) : + MessageAuthenticationCode(output_length_of(hash_name), + output_length_of(hash_name)), + hash(get_hash(hash_name)) + { + if(hash->name() != "MD5" && hash->name() != "SHA-160") + throw Invalid_Argument("SSL3-MAC cannot be used with " + hash->name()); + + const u32bit INNER_HASH_LENGTH = (hash->name() == "MD5") ? 64 : 60; + + i_key.create(INNER_HASH_LENGTH); + o_key.create(INNER_HASH_LENGTH); + } + +} diff --git a/src/mac/ssl3mac/ssl3_mac.h b/src/mac/ssl3mac/ssl3_mac.h new file mode 100644 index 000000000..8ab08c97d --- /dev/null +++ b/src/mac/ssl3mac/ssl3_mac.h @@ -0,0 +1,34 @@ +/************************************************* +* SSL3-MAC Header File * +* (C) 1999-2004 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_SSL3_MAC_H__ +#define BOTAN_SSL3_MAC_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* SSL3-MAC * +*************************************************/ +class SSL3_MAC : public MessageAuthenticationCode + { + public: + void clear() throw(); + std::string name() const; + MessageAuthenticationCode* clone() const; + SSL3_MAC(const std::string&); + ~SSL3_MAC() { delete hash; } + private: + void add_data(const byte[], u32bit); + void final_result(byte[]); + void key(const byte[], u32bit); + HashFunction* hash; + SecureVector<byte> i_key, o_key; + }; + +} + +#endif diff --git a/src/mac/x919_mac/modinfo.txt b/src/mac/x919_mac/modinfo.txt new file mode 100644 index 000000000..24c78b1c6 --- /dev/null +++ b/src/mac/x919_mac/modinfo.txt @@ -0,0 +1,10 @@ +realname "ANSI X9.19 MAC" + +define ANSI_X919_MAC + +load_on auto + +<add> +x919_mac.cpp +x919_mac.h +</add> diff --git a/src/mac/x919_mac/x919_mac.cpp b/src/mac/x919_mac/x919_mac.cpp new file mode 100644 index 000000000..92ec7b7b8 --- /dev/null +++ b/src/mac/x919_mac/x919_mac.cpp @@ -0,0 +1,92 @@ +/************************************************* +* ANSI X9.19 MAC Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/x919_mac.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> +#include <algorithm> + +namespace Botan { + +/************************************************* +* Update an ANSI X9.19 MAC Calculation * +*************************************************/ +void ANSI_X919_MAC::add_data(const byte input[], u32bit length) + { + u32bit xored = std::min(8 - position, length); + xor_buf(state + position, input, xored); + position += xored; + + if(position < 8) return; + + e->encrypt(state); + input += xored; + length -= xored; + while(length >= 8) + { + xor_buf(state, input, 8); + e->encrypt(state); + input += 8; + length -= 8; + } + + xor_buf(state, input, length); + position = length; + } + +/************************************************* +* Finalize an ANSI X9.19 MAC Calculation * +*************************************************/ +void ANSI_X919_MAC::final_result(byte mac[]) + { + if(position) + e->encrypt(state); + d->decrypt(state, mac); + e->encrypt(mac); + state.clear(); + position = 0; + } + +/************************************************* +* ANSI X9.19 MAC Key Schedule * +*************************************************/ +void ANSI_X919_MAC::key(const byte key[], u32bit length) + { + e->set_key(key, 8); + if(length == 8) d->set_key(key, 8); + else d->set_key(key + 8, 8); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void ANSI_X919_MAC::clear() throw() + { + e->clear(); + d->clear(); + state.clear(); + position = 0; + } + +/************************************************* +* ANSI X9.19 MAC Constructor * +*************************************************/ +ANSI_X919_MAC::ANSI_X919_MAC() : MessageAuthenticationCode(8, 8, 16, 8) + { + e = get_block_cipher("DES"); + d = get_block_cipher("DES"); + position = 0; + } + +/************************************************* +* ANSI X9.19 MAC Destructor * +*************************************************/ +ANSI_X919_MAC::~ANSI_X919_MAC() + { + delete e; + delete d; + } + +} diff --git a/src/mac/x919_mac/x919_mac.h b/src/mac/x919_mac/x919_mac.h new file mode 100644 index 000000000..bedb2cf58 --- /dev/null +++ b/src/mac/x919_mac/x919_mac.h @@ -0,0 +1,36 @@ +/************************************************* +* ANSI X9.19 MAC Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ANSI_X919_MAC_H__ +#define BOTAN_ANSI_X919_MAC_H__ + +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* ANSI X9.19 MAC * +*************************************************/ +class BOTAN_DLL ANSI_X919_MAC : public MessageAuthenticationCode + { + public: + void clear() throw(); + std::string name() const { return "X9.19-MAC"; } + MessageAuthenticationCode* clone() const { return new ANSI_X919_MAC; } + ANSI_X919_MAC(); + ~ANSI_X919_MAC(); + private: + void add_data(const byte[], u32bit); + void final_result(byte[]); + void key(const byte[], u32bit); + BlockCipher* e; + BlockCipher* d; + SecureBuffer<byte, 8> state; + u32bit position; + }; + +} + +#endif diff --git a/src/modes/cbc/cbc.cpp b/src/modes/cbc/cbc.cpp new file mode 100644 index 000000000..9ad598bed --- /dev/null +++ b/src/modes/cbc/cbc.cpp @@ -0,0 +1,157 @@ +/************************************************* +* CBC Mode Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/cbc.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> +#include <algorithm> + +namespace Botan { + +/************************************************* +* CBC Encryption Constructor * +*************************************************/ +CBC_Encryption::CBC_Encryption(const std::string& cipher_name, + const std::string& padding_name) : + BlockCipherMode(cipher_name, "CBC", block_size_of(cipher_name)), + padder(get_bc_pad(padding_name)) + { + if(!padder->valid_blocksize(BLOCK_SIZE)) + throw Invalid_Block_Size(name(), padder->name()); + } + +/************************************************* +* CBC Encryption Constructor * +*************************************************/ +CBC_Encryption::CBC_Encryption(const std::string& cipher_name, + const std::string& padding_name, + const SymmetricKey& key, + const InitializationVector& iv) : + BlockCipherMode(cipher_name, "CBC", block_size_of(cipher_name)), + padder(get_bc_pad(padding_name)) + { + if(!padder->valid_blocksize(BLOCK_SIZE)) + throw Invalid_Block_Size(name(), padder->name()); + set_key(key); + set_iv(iv); + } + +/************************************************* +* Encrypt in CBC mode * +*************************************************/ +void CBC_Encryption::write(const byte input[], u32bit length) + { + while(length) + { + u32bit xored = std::min(BLOCK_SIZE - position, length); + xor_buf(state + position, input, xored); + input += xored; + length -= xored; + position += xored; + if(position == BLOCK_SIZE) + { + cipher->encrypt(state); + send(state, BLOCK_SIZE); + position = 0; + } + } + } + +/************************************************* +* Finish encrypting in CBC mode * +*************************************************/ +void CBC_Encryption::end_msg() + { + SecureVector<byte> padding(BLOCK_SIZE); + padder->pad(padding, padding.size(), position); + write(padding, padder->pad_bytes(BLOCK_SIZE, position)); + if(position != 0) + throw Exception(name() + ": Did not pad to full blocksize"); + } + +/************************************************* +* Return a CBC mode name * +*************************************************/ +std::string CBC_Encryption::name() const + { + return (cipher->name() + "/" + mode_name + "/" + padder->name()); + } + +/************************************************* +* CBC Decryption Constructor * +*************************************************/ +CBC_Decryption::CBC_Decryption(const std::string& cipher_name, + const std::string& padding_name) : + BlockCipherMode(cipher_name, "CBC", block_size_of(cipher_name)), + padder(get_bc_pad(padding_name)) + { + if(!padder->valid_blocksize(BLOCK_SIZE)) + throw Invalid_Block_Size(name(), padder->name()); + temp.create(BLOCK_SIZE); + } + +/************************************************* +* CBC Decryption Constructor * +*************************************************/ +CBC_Decryption::CBC_Decryption(const std::string& cipher_name, + const std::string& padding_name, + const SymmetricKey& key, + const InitializationVector& iv) : + BlockCipherMode(cipher_name, "CBC", block_size_of(cipher_name)), + padder(get_bc_pad(padding_name)) + { + if(!padder->valid_blocksize(BLOCK_SIZE)) + throw Invalid_Block_Size(name(), padder->name()); + temp.create(BLOCK_SIZE); + set_key(key); + set_iv(iv); + } + +/************************************************* +* Decrypt in CBC mode * +*************************************************/ +void CBC_Decryption::write(const byte input[], u32bit length) + { + while(length) + { + if(position == BLOCK_SIZE) + { + cipher->decrypt(buffer, temp); + xor_buf(temp, state, BLOCK_SIZE); + send(temp, BLOCK_SIZE); + state = buffer; + position = 0; + } + u32bit added = std::min(BLOCK_SIZE - position, length); + buffer.copy(position, input, added); + input += added; + length -= added; + position += added; + } + } + +/************************************************* +* Finish decrypting in CBC mode * +*************************************************/ +void CBC_Decryption::end_msg() + { + if(position != BLOCK_SIZE) + throw Decoding_Error(name()); + cipher->decrypt(buffer, temp); + xor_buf(temp, state, BLOCK_SIZE); + send(temp, padder->unpad(temp, BLOCK_SIZE)); + state = buffer; + position = 0; + } + +/************************************************* +* Return a CBC mode name * +*************************************************/ +std::string CBC_Decryption::name() const + { + return (cipher->name() + "/" + mode_name + "/" + padder->name()); + } + +} diff --git a/src/modes/cbc/cbc.h b/src/modes/cbc/cbc.h new file mode 100644 index 000000000..a0a30f90f --- /dev/null +++ b/src/modes/cbc/cbc.h @@ -0,0 +1,49 @@ +/************************************************* +* CBC Mode Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_CBC_H__ +#define BOTAN_CBC_H__ + +#include <botan/modebase.h> +#include <botan/mode_pad.h> + +namespace Botan { + +/************************************************* +* CBC Encryption * +*************************************************/ +class BOTAN_DLL CBC_Encryption : public BlockCipherMode + { + public: + CBC_Encryption(const std::string&, const std::string&); + CBC_Encryption(const std::string&, const std::string&, + const SymmetricKey&, const InitializationVector&); + private: + std::string name() const; + void write(const byte[], u32bit); + void end_msg(); + const BlockCipherModePaddingMethod* padder; + }; + +/************************************************* +* CBC Decryption * +*************************************************/ +class BOTAN_DLL CBC_Decryption : public BlockCipherMode + { + public: + CBC_Decryption(const std::string&, const std::string&); + CBC_Decryption(const std::string&, const std::string&, + const SymmetricKey&, const InitializationVector&); + private: + std::string name() const; + void write(const byte[], u32bit); + void end_msg(); + const BlockCipherModePaddingMethod* padder; + SecureVector<byte> temp; + }; + +} + +#endif diff --git a/src/modes/cbc/modinfo.txt b/src/modes/cbc/modinfo.txt new file mode 100644 index 000000000..4ebc7730a --- /dev/null +++ b/src/modes/cbc/modinfo.txt @@ -0,0 +1,10 @@ +realname "CBC block cipher mode" + +define CBC + +load_on auto + +<add> +cbc.cpp +cbc.h +</add> diff --git a/src/modes/cfb/cfb.cpp b/src/modes/cfb/cfb.cpp new file mode 100644 index 000000000..dbfbff6ae --- /dev/null +++ b/src/modes/cfb/cfb.cpp @@ -0,0 +1,142 @@ +/************************************************* +* CFB Mode Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/cfb.h> +#include <botan/lookup.h> +#include <botan/parsing.h> +#include <botan/xor_buf.h> +#include <algorithm> + +namespace Botan { + +namespace { + +/************************************************* +* Check the feedback size * +*************************************************/ +void check_feedback(u32bit BLOCK_SIZE, u32bit FEEDBACK_SIZE, u32bit bits, + const std::string& name) + { + if(FEEDBACK_SIZE == 0 || FEEDBACK_SIZE > BLOCK_SIZE || bits % 8 != 0) + throw Invalid_Argument(name + ": Invalid feedback size " + + to_string(bits)); + } + +} + +/************************************************* +* CFB Encryption Constructor * +*************************************************/ +CFB_Encryption::CFB_Encryption(const std::string& cipher_name, + u32bit fback_bits) : + BlockCipherMode(cipher_name, "CFB", block_size_of(cipher_name), 1), + FEEDBACK_SIZE(fback_bits ? fback_bits / 8: BLOCK_SIZE) + { + check_feedback(BLOCK_SIZE, FEEDBACK_SIZE, fback_bits, name()); + } + +/************************************************* +* CFB Encryption Constructor * +*************************************************/ +CFB_Encryption::CFB_Encryption(const std::string& cipher_name, + const SymmetricKey& key, + const InitializationVector& iv, + u32bit fback_bits) : + BlockCipherMode(cipher_name, "CFB", block_size_of(cipher_name), 1), + FEEDBACK_SIZE(fback_bits ? fback_bits / 8: BLOCK_SIZE) + { + check_feedback(BLOCK_SIZE, FEEDBACK_SIZE, fback_bits, name()); + set_key(key); + set_iv(iv); + } + +/************************************************* +* Encrypt data in CFB mode * +*************************************************/ +void CFB_Encryption::write(const byte input[], u32bit length) + { + while(length) + { + u32bit xored = std::min(FEEDBACK_SIZE - position, length); + xor_buf(buffer + position, input, xored); + send(buffer + position, xored); + input += xored; + length -= xored; + position += xored; + if(position == FEEDBACK_SIZE) + feedback(); + } + } + +/************************************************* +* Do the feedback * +*************************************************/ +void CFB_Encryption::feedback() + { + for(u32bit j = 0; j != BLOCK_SIZE - FEEDBACK_SIZE; ++j) + state[j] = state[j + FEEDBACK_SIZE]; + state.copy(BLOCK_SIZE - FEEDBACK_SIZE, buffer, FEEDBACK_SIZE); + cipher->encrypt(state, buffer); + position = 0; + } + +/************************************************* +* CFB Decryption Constructor * +*************************************************/ +CFB_Decryption::CFB_Decryption(const std::string& cipher_name, + u32bit fback_bits) : + BlockCipherMode(cipher_name, "CFB", block_size_of(cipher_name), 1), + FEEDBACK_SIZE(fback_bits ? fback_bits / 8 : BLOCK_SIZE) + { + check_feedback(BLOCK_SIZE, FEEDBACK_SIZE, fback_bits, name()); + } + +/************************************************* +* CFB Decryption Constructor * +*************************************************/ +CFB_Decryption::CFB_Decryption(const std::string& cipher_name, + const SymmetricKey& key, + const InitializationVector& iv, + u32bit fback_bits) : + BlockCipherMode(cipher_name, "CFB", block_size_of(cipher_name), 1), + FEEDBACK_SIZE(fback_bits ? fback_bits / 8 : BLOCK_SIZE) + { + check_feedback(BLOCK_SIZE, FEEDBACK_SIZE, fback_bits, name()); + set_key(key); + set_iv(iv); + } + +/************************************************* +* Decrypt data in CFB mode * +*************************************************/ +void CFB_Decryption::write(const byte input[], u32bit length) + { + while(length) + { + u32bit xored = std::min(FEEDBACK_SIZE - position, length); + xor_buf(buffer + position, input, xored); + send(buffer + position, xored); + buffer.copy(position, input, xored); + input += xored; + length -= xored; + position += xored; + if(position == FEEDBACK_SIZE) + feedback(); + } + } + +/************************************************* +* Do the feedback * +*************************************************/ +void CFB_Decryption::feedback() + { + for(u32bit j = 0; j != BLOCK_SIZE - FEEDBACK_SIZE; ++j) + state[j] = state[j + FEEDBACK_SIZE]; + state.copy(BLOCK_SIZE - FEEDBACK_SIZE, buffer, FEEDBACK_SIZE); + cipher->encrypt(state, buffer); + position = 0; + } + +} diff --git a/src/modes/cfb/cfb.h b/src/modes/cfb/cfb.h new file mode 100644 index 000000000..e8133bcf4 --- /dev/null +++ b/src/modes/cfb/cfb.h @@ -0,0 +1,45 @@ +/************************************************* +* CFB Mode Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_CFB_H__ +#define BOTAN_CFB_H__ + +#include <botan/modebase.h> + +namespace Botan { + +/************************************************* +* CFB Encryption * +*************************************************/ +class BOTAN_DLL CFB_Encryption : public BlockCipherMode + { + public: + CFB_Encryption(const std::string&, u32bit = 0); + CFB_Encryption(const std::string&, const SymmetricKey&, + const InitializationVector&, u32bit = 0); + private: + void write(const byte[], u32bit); + void feedback(); + const u32bit FEEDBACK_SIZE; + }; + +/************************************************* +* CFB Decryption * +*************************************************/ +class BOTAN_DLL CFB_Decryption : public BlockCipherMode + { + public: + CFB_Decryption(const std::string&, u32bit = 0); + CFB_Decryption(const std::string&, const SymmetricKey&, + const InitializationVector&, u32bit = 0); + private: + void write(const byte[], u32bit); + void feedback(); + const u32bit FEEDBACK_SIZE; + }; + +} + +#endif diff --git a/src/modes/cfb/modinfo.txt b/src/modes/cfb/modinfo.txt new file mode 100644 index 000000000..edce3a7e3 --- /dev/null +++ b/src/modes/cfb/modinfo.txt @@ -0,0 +1,10 @@ +realname "CFB block cipher mode" + +define CFB + +load_on auto + +<add> +cfb.cpp +cfb.h +</add> diff --git a/src/modes/ctr/ctr.cpp b/src/modes/ctr/ctr.cpp new file mode 100644 index 000000000..8b8c5f35f --- /dev/null +++ b/src/modes/ctr/ctr.cpp @@ -0,0 +1,74 @@ +/************************************************* +* CTR Mode Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/ctr.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> +#include <algorithm> + +namespace Botan { + +/************************************************* +* CTR-BE Constructor * +*************************************************/ +CTR_BE::CTR_BE(const std::string& cipher_name) : + BlockCipherMode(cipher_name, "CTR-BE", block_size_of(cipher_name), 1) + { + } + +/************************************************* +* CTR-BE Constructor * +*************************************************/ +CTR_BE::CTR_BE(const std::string& cipher_name, const SymmetricKey& key, + const InitializationVector& iv) : + BlockCipherMode(cipher_name, "CTR-BE", block_size_of(cipher_name), 1) + { + set_key(key); + set_iv(iv); + } + +/************************************************* +* CTR-BE Encryption/Decryption * +*************************************************/ +void CTR_BE::write(const byte input[], u32bit length) + { + u32bit copied = std::min(BLOCK_SIZE - position, length); + xor_buf(buffer + position, input, copied); + send(buffer + position, copied); + input += copied; + length -= copied; + position += copied; + + if(position == BLOCK_SIZE) + increment_counter(); + + while(length >= BLOCK_SIZE) + { + xor_buf(buffer, input, BLOCK_SIZE); + send(buffer, BLOCK_SIZE); + + input += BLOCK_SIZE; + length -= BLOCK_SIZE; + increment_counter(); + } + + xor_buf(buffer + position, input, length); + send(buffer + position, length); + position += length; + } + +/************************************************* +* Increment the counter and update the buffer * +*************************************************/ +void CTR_BE::increment_counter() + { + for(s32bit j = BLOCK_SIZE - 1; j >= 0; --j) + if(++state[j]) + break; + cipher->encrypt(state, buffer); + position = 0; + } + +} diff --git a/src/modes/ctr/ctr.h b/src/modes/ctr/ctr.h new file mode 100644 index 000000000..c3217a5d1 --- /dev/null +++ b/src/modes/ctr/ctr.h @@ -0,0 +1,29 @@ +/************************************************* +* CTR Mode Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_CTR_H__ +#define BOTAN_CTR_H__ + +#include <botan/modebase.h> + +namespace Botan { + +/************************************************* +* CTR-BE Mode * +*************************************************/ +class BOTAN_DLL CTR_BE : public BlockCipherMode + { + public: + CTR_BE(const std::string&); + CTR_BE(const std::string&, + const SymmetricKey&, const InitializationVector&); + private: + void write(const byte[], u32bit); + void increment_counter(); + }; + +} + +#endif diff --git a/src/modes/ctr/modinfo.txt b/src/modes/ctr/modinfo.txt new file mode 100644 index 000000000..912b80f51 --- /dev/null +++ b/src/modes/ctr/modinfo.txt @@ -0,0 +1,10 @@ +realname "CTR block cipher mode" + +define CTR + +load_on auto + +<add> +ctr.cpp +ctr.h +</add> diff --git a/src/modes/cts/cts.cpp b/src/modes/cts/cts.cpp new file mode 100644 index 000000000..8af775713 --- /dev/null +++ b/src/modes/cts/cts.cpp @@ -0,0 +1,175 @@ +/************************************************* +* CTS Mode Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/cts.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> +#include <algorithm> + +namespace Botan { + +/************************************************* +* CTS Encryption Constructor * +*************************************************/ +CTS_Encryption::CTS_Encryption(const std::string& cipher_name) : + BlockCipherMode(cipher_name, "CTS", block_size_of(cipher_name), 0, 2) + { + } + +/************************************************* +* CTS Encryption Constructor * +*************************************************/ +CTS_Encryption::CTS_Encryption(const std::string& cipher_name, + const SymmetricKey& key, + const InitializationVector& iv) : + BlockCipherMode(cipher_name, "CTS", block_size_of(cipher_name), 0, 2) + { + set_key(key); + set_iv(iv); + } + +/************************************************* +* Encrypt a block * +*************************************************/ +void CTS_Encryption::encrypt(const byte block[]) + { + xor_buf(state, block, BLOCK_SIZE); + cipher->encrypt(state); + send(state, BLOCK_SIZE); + } + +/************************************************* +* Encrypt in CTS mode * +*************************************************/ +void CTS_Encryption::write(const byte input[], u32bit length) + { + u32bit copied = std::min(BUFFER_SIZE - position, length); + buffer.copy(position, input, copied); + length -= copied; + input += copied; + position += copied; + + if(length == 0) return; + + encrypt(buffer); + if(length > BLOCK_SIZE) + { + encrypt(buffer + BLOCK_SIZE); + while(length > 2*BLOCK_SIZE) + { + encrypt(input); + length -= BLOCK_SIZE; + input += BLOCK_SIZE; + } + position = 0; + } + else + { + copy_mem(buffer.begin(), buffer + BLOCK_SIZE, BLOCK_SIZE); + position = BLOCK_SIZE; + } + buffer.copy(position, input, length); + position += length; + } + +/************************************************* +* Finish encrypting in CTS mode * +*************************************************/ +void CTS_Encryption::end_msg() + { + if(position < BLOCK_SIZE + 1) + throw Exception("CTS_Encryption: insufficient data to encrypt"); + xor_buf(state, buffer, BLOCK_SIZE); + cipher->encrypt(state); + SecureVector<byte> cn = state; + clear_mem(buffer + position, BUFFER_SIZE - position); + encrypt(buffer + BLOCK_SIZE); + send(cn, position - BLOCK_SIZE); + } + +/************************************************* +* CTS Decryption Constructor * +*************************************************/ +CTS_Decryption::CTS_Decryption(const std::string& cipher_name) : + BlockCipherMode(cipher_name, "CTS", block_size_of(cipher_name), 0, 2) + { + temp.create(BLOCK_SIZE); + } + +/************************************************* +* CTS Decryption Constructor * +*************************************************/ +CTS_Decryption::CTS_Decryption(const std::string& cipher_name, + const SymmetricKey& key, + const InitializationVector& iv) : + BlockCipherMode(cipher_name, "CTS", block_size_of(cipher_name), 0, 2) + { + temp.create(BLOCK_SIZE); + set_key(key); + set_iv(iv); + } + +/************************************************* +* Decrypt a block * +*************************************************/ +void CTS_Decryption::decrypt(const byte block[]) + { + cipher->decrypt(block, temp); + xor_buf(temp, state, BLOCK_SIZE); + send(temp, BLOCK_SIZE); + state.copy(block, BLOCK_SIZE); + } + +/************************************************* +* Decrypt in CTS mode * +*************************************************/ +void CTS_Decryption::write(const byte input[], u32bit length) + { + u32bit copied = std::min(BUFFER_SIZE - position, length); + buffer.copy(position, input, copied); + length -= copied; + input += copied; + position += copied; + + if(length == 0) return; + + decrypt(buffer); + if(length > BLOCK_SIZE) + { + decrypt(buffer + BLOCK_SIZE); + while(length > 2*BLOCK_SIZE) + { + decrypt(input); + length -= BLOCK_SIZE; + input += BLOCK_SIZE; + } + position = 0; + } + else + { + copy_mem(buffer.begin(), buffer + BLOCK_SIZE, BLOCK_SIZE); + position = BLOCK_SIZE; + } + buffer.copy(position, input, length); + position += length; + } + +/************************************************* +* Finish decrypting in CTS mode * +*************************************************/ +void CTS_Decryption::end_msg() + { + cipher->decrypt(buffer, temp); + xor_buf(temp, buffer + BLOCK_SIZE, position - BLOCK_SIZE); + SecureVector<byte> xn = temp; + copy_mem(buffer + position, xn + (position - BLOCK_SIZE), + BUFFER_SIZE - position); + cipher->decrypt(buffer + BLOCK_SIZE, temp); + xor_buf(temp, state, BLOCK_SIZE); + send(temp, BLOCK_SIZE); + send(xn, position - BLOCK_SIZE); + } + +} diff --git a/src/modes/cts/cts.h b/src/modes/cts/cts.h new file mode 100644 index 000000000..6a07c4eb2 --- /dev/null +++ b/src/modes/cts/cts.h @@ -0,0 +1,46 @@ +/************************************************* +* CTS Mode Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_CTS_H__ +#define BOTAN_CTS_H__ + +#include <botan/modebase.h> + +namespace Botan { + +/************************************************* +* CTS Encryption * +*************************************************/ +class BOTAN_DLL CTS_Encryption : public BlockCipherMode + { + public: + CTS_Encryption(const std::string&); + CTS_Encryption(const std::string&, + const SymmetricKey&, const InitializationVector&); + private: + void write(const byte[], u32bit); + void end_msg(); + void encrypt(const byte[]); + }; + +/************************************************* +* CTS Decryption * +*************************************************/ +class BOTAN_DLL CTS_Decryption : public BlockCipherMode + { + public: + CTS_Decryption(const std::string&); + CTS_Decryption(const std::string&, + const SymmetricKey&, const InitializationVector&); + private: + void write(const byte[], u32bit); + void end_msg(); + void decrypt(const byte[]); + SecureVector<byte> temp; + }; + +} + +#endif diff --git a/src/modes/cts/modinfo.txt b/src/modes/cts/modinfo.txt new file mode 100644 index 000000000..9f36221b4 --- /dev/null +++ b/src/modes/cts/modinfo.txt @@ -0,0 +1,10 @@ +realname "CTS block cipher mode" + +define CTS + +load_on auto + +<add> +cts.cpp +cts.h +</add> diff --git a/src/modes/eax/eax.cpp b/src/modes/eax/eax.cpp new file mode 100644 index 000000000..f246a9dea --- /dev/null +++ b/src/modes/eax/eax.cpp @@ -0,0 +1,194 @@ +/************************************************* +* EAX Mode Encryption Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/eax.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> +#include <botan/parsing.h> +#include <algorithm> + +namespace Botan { + +namespace { + +/************************************************* +* EAX MAC-based PRF * +*************************************************/ +SecureVector<byte> eax_prf(byte tag, u32bit BLOCK_SIZE, + MessageAuthenticationCode* mac, + const byte in[], u32bit length) + { + for(u32bit j = 0; j != BLOCK_SIZE - 1; ++j) + mac->update(0); + mac->update(tag); + mac->update(in, length); + return mac->final(); + } + +} + +/************************************************* +* EAX_Base Constructor * +*************************************************/ +EAX_Base::EAX_Base(const std::string& cipher_name, + u32bit tag_size) : + TAG_SIZE(tag_size ? tag_size / 8 : block_size_of(cipher_name)), + BLOCK_SIZE(block_size_of(cipher_name)) + { + const std::string mac_name = "CMAC(" + cipher_name + ")"; + + cipher = get_block_cipher(cipher_name); + mac = get_mac(mac_name); + + if(tag_size % 8 != 0 || TAG_SIZE == 0 || TAG_SIZE > mac->OUTPUT_LENGTH) + throw Invalid_Argument(name() + ": Bad tag size " + to_string(tag_size)); + + state.create(BLOCK_SIZE); + buffer.create(BLOCK_SIZE); + position = 0; + } + +/************************************************* +* Check if a keylength is valid for EAX * +*************************************************/ +bool EAX_Base::valid_keylength(u32bit n) const + { + if(!cipher->valid_keylength(n)) + return false; + if(!mac->valid_keylength(n)) + return false; + return true; + } + +/************************************************* +* Set the EAX key * +*************************************************/ +void EAX_Base::set_key(const SymmetricKey& key) + { + cipher->set_key(key); + mac->set_key(key); + header_mac = eax_prf(1, BLOCK_SIZE, mac, 0, 0); + } + +/************************************************* +* Do setup at the start of each message * +*************************************************/ +void EAX_Base::start_msg() + { + for(u32bit j = 0; j != BLOCK_SIZE - 1; ++j) + mac->update(0); + mac->update(2); + } + +/************************************************* +* Set the EAX nonce * +*************************************************/ +void EAX_Base::set_iv(const InitializationVector& iv) + { + nonce_mac = eax_prf(0, BLOCK_SIZE, mac, iv.begin(), iv.length()); + state = nonce_mac; + cipher->encrypt(state, buffer); + } + +/************************************************* +* Set the EAX header * +*************************************************/ +void EAX_Base::set_header(const byte header[], u32bit length) + { + header_mac = eax_prf(1, BLOCK_SIZE, mac, header, length); + } + +/************************************************* +* Return the name of this cipher mode * +*************************************************/ +std::string EAX_Base::name() const + { + return (cipher->name() + "/EAX"); + } + +/************************************************* +* Increment the counter and update the buffer * +*************************************************/ +void EAX_Base::increment_counter() + { + for(s32bit j = BLOCK_SIZE - 1; j >= 0; --j) + if(++state[j]) + break; + cipher->encrypt(state, buffer); + position = 0; + } + +/************************************************* +* EAX_Encryption Constructor * +*************************************************/ +EAX_Encryption::EAX_Encryption(const std::string& cipher_name, + u32bit tag_size) : + EAX_Base(cipher_name, tag_size) + { + } + +/************************************************* +* EAX_Encryption Constructor * +*************************************************/ +EAX_Encryption::EAX_Encryption(const std::string& cipher_name, + const SymmetricKey& key, + const InitializationVector& iv, + u32bit tag_size) : + EAX_Base(cipher_name, tag_size) + { + set_key(key); + set_iv(iv); + } + +/************************************************* +* Encrypt in EAX mode * +*************************************************/ +void EAX_Encryption::write(const byte input[], u32bit length) + { + u32bit copied = std::min(BLOCK_SIZE - position, length); + xor_buf(buffer + position, input, copied); + send(buffer + position, copied); + mac->update(buffer + position, copied); + input += copied; + length -= copied; + position += copied; + + if(position == BLOCK_SIZE) + increment_counter(); + + while(length >= BLOCK_SIZE) + { + xor_buf(buffer, input, BLOCK_SIZE); + send(buffer, BLOCK_SIZE); + mac->update(buffer, BLOCK_SIZE); + + input += BLOCK_SIZE; + length -= BLOCK_SIZE; + increment_counter(); + } + + xor_buf(buffer + position, input, length); + send(buffer + position, length); + mac->update(buffer + position, length); + position += length; + } + +/************************************************* +* Finish encrypting in EAX mode * +*************************************************/ +void EAX_Encryption::end_msg() + { + SecureVector<byte> data_mac = mac->final(); + xor_buf(data_mac, nonce_mac, data_mac.size()); + xor_buf(data_mac, header_mac, data_mac.size()); + + send(data_mac, TAG_SIZE); + + state.clear(); + buffer.clear(); + position = 0; + } + +} diff --git a/src/modes/eax/eax.h b/src/modes/eax/eax.h new file mode 100644 index 000000000..676e5334e --- /dev/null +++ b/src/modes/eax/eax.h @@ -0,0 +1,72 @@ +/************************************************* +* EAX Mode Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_EAX_H__ +#define BOTAN_EAX_H__ + +#include <botan/basefilt.h> + +namespace Botan { + +/************************************************* +* EAX Base Class * +*************************************************/ +class BOTAN_DLL EAX_Base : public Keyed_Filter + { + public: + void set_key(const SymmetricKey&); + void set_iv(const InitializationVector&); + void set_header(const byte[], u32bit); + std::string name() const; + + bool valid_keylength(u32bit) const; + + ~EAX_Base() { delete cipher; delete mac; } + protected: + EAX_Base(const std::string&, u32bit); + void start_msg(); + void increment_counter(); + + const u32bit TAG_SIZE, BLOCK_SIZE; + BlockCipher* cipher; + MessageAuthenticationCode* mac; + SecureVector<byte> nonce_mac, header_mac, state, buffer; + u32bit position; + }; + +/************************************************* +* EAX Encryption * +*************************************************/ +class BOTAN_DLL EAX_Encryption : public EAX_Base + { + public: + EAX_Encryption(const std::string&, u32bit = 0); + EAX_Encryption(const std::string&, const SymmetricKey&, + const InitializationVector&, u32bit = 0); + private: + void write(const byte[], u32bit); + void end_msg(); + }; + +/************************************************* +* EAX Decryption * +*************************************************/ +class BOTAN_DLL EAX_Decryption : public EAX_Base + { + public: + EAX_Decryption(const std::string&, u32bit = 0); + EAX_Decryption(const std::string&, const SymmetricKey&, + const InitializationVector&, u32bit = 0); + private: + void write(const byte[], u32bit); + void do_write(const byte[], u32bit); + void end_msg(); + SecureVector<byte> queue; + u32bit queue_start, queue_end; + }; + +} + +#endif diff --git a/src/modes/eax/eax_dec.cpp b/src/modes/eax/eax_dec.cpp new file mode 100644 index 000000000..70cdd9863 --- /dev/null +++ b/src/modes/eax/eax_dec.cpp @@ -0,0 +1,126 @@ +/************************************************* +* EAX Mode Encryption Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/eax.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> +#include <botan/parsing.h> +#include <algorithm> + +namespace Botan { + +/************************************************* +* EAX_Decryption Constructor * +*************************************************/ +EAX_Decryption::EAX_Decryption(const std::string& cipher_name, + u32bit tag_size) : + EAX_Base(cipher_name, tag_size) + { + queue.create(2*TAG_SIZE + DEFAULT_BUFFERSIZE); + queue_start = queue_end = 0; + } + +/************************************************* +* EAX_Decryption Constructor * +*************************************************/ +EAX_Decryption::EAX_Decryption(const std::string& cipher_name, + const SymmetricKey& key, + const InitializationVector& iv, + u32bit tag_size) : + EAX_Base(cipher_name, tag_size) + { + set_key(key); + set_iv(iv); + queue.create(2*TAG_SIZE + DEFAULT_BUFFERSIZE); + queue_start = queue_end = 0; + } + +/************************************************* +* Decrypt in EAX mode * +*************************************************/ +void EAX_Decryption::write(const byte input[], u32bit length) + { + while(length) + { + const u32bit copied = std::min(length, queue.size() - queue_end); + + queue.copy(queue_end, input, copied); + input += copied; + length -= copied; + queue_end += copied; + + SecureVector<byte> block_buf(cipher->BLOCK_SIZE); + while((queue_end - queue_start) > TAG_SIZE) + { + u32bit removed = (queue_end - queue_start) - TAG_SIZE; + do_write(queue + queue_start, removed); + queue_start += removed; + } + + if(queue_start + TAG_SIZE == queue_end && + queue_start >= queue.size() / 2) + { + SecureVector<byte> queue_data(TAG_SIZE); + queue_data.copy(queue + queue_start, TAG_SIZE); + queue.copy(queue_data, TAG_SIZE); + queue_start = 0; + queue_end = TAG_SIZE; + } + } + } + +/************************************************* +* Decrypt in EAX mode * +*************************************************/ +void EAX_Decryption::do_write(const byte input[], u32bit length) + { + mac->update(input, length); + + u32bit copied = std::min(BLOCK_SIZE - position, length); + xor_buf(buffer + position, input, copied); + send(buffer + position, copied); + input += copied; + length -= copied; + position += copied; + + if(position == BLOCK_SIZE) + increment_counter(); + + while(length >= BLOCK_SIZE) + { + xor_buf(buffer, input, BLOCK_SIZE); + send(buffer, BLOCK_SIZE); + + input += BLOCK_SIZE; + length -= BLOCK_SIZE; + increment_counter(); + } + + xor_buf(buffer + position, input, length); + send(buffer + position, length); + position += length; + } + +/************************************************* +* Finish decrypting in EAX mode * +*************************************************/ +void EAX_Decryption::end_msg() + { + if((queue_end - queue_start) != TAG_SIZE) + throw Integrity_Failure(name() + ": Message authentication failure"); + + SecureVector<byte> data_mac = mac->final(); + + for(u32bit j = 0; j != TAG_SIZE; ++j) + if(queue[queue_start+j] != (data_mac[j] ^ nonce_mac[j] ^ header_mac[j])) + throw Integrity_Failure(name() + ": Message authentication failure"); + + state.clear(); + buffer.clear(); + position = 0; + queue_start = queue_end = 0; + } + +} diff --git a/src/modes/eax/modinfo.txt b/src/modes/eax/modinfo.txt new file mode 100644 index 000000000..7d5f7e98c --- /dev/null +++ b/src/modes/eax/modinfo.txt @@ -0,0 +1,11 @@ +realname "EAX block cipher mode" + +define EAX + +load_on auto + +<add> +eax.cpp +eax.h +eax_dec.cpp +</add> diff --git a/src/modes/ecb/ecb.cpp b/src/modes/ecb/ecb.cpp new file mode 100644 index 000000000..8effac1d5 --- /dev/null +++ b/src/modes/ecb/ecb.cpp @@ -0,0 +1,152 @@ +/************************************************* +* ECB Mode Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/ecb.h> +#include <botan/lookup.h> + +namespace Botan { + +/************************************************* +* ECB Constructor * +*************************************************/ +ECB::ECB(const std::string& cipher_name, const std::string& padding_name) : + BlockCipherMode(cipher_name, "ECB", 0), padder(get_bc_pad(padding_name)) + { + } + +/************************************************* +* Verify the IV is not set * +*************************************************/ +bool ECB::valid_iv_size(u32bit iv_size) const + { + if(iv_size == 0) + return true; + return false; + } + +/************************************************* +* Return an ECB mode name * +*************************************************/ +std::string ECB::name() const + { + return (cipher->name() + "/" + mode_name + "/" + padder->name()); + } + +/************************************************* +* ECB Encryption Constructor * +*************************************************/ +ECB_Encryption::ECB_Encryption(const std::string& cipher_name, + const std::string& padding_name) : + ECB(cipher_name, padding_name) + { + } + +/************************************************* +* ECB Encryption Constructor * +*************************************************/ +ECB_Encryption::ECB_Encryption(const std::string& cipher_name, + const std::string& padding_name, + const SymmetricKey& key) : + ECB(cipher_name, padding_name) + { + set_key(key); + } + +/************************************************* +* Encrypt in ECB mode * +*************************************************/ +void ECB_Encryption::write(const byte input[], u32bit length) + { + buffer.copy(position, input, length); + if(position + length >= BLOCK_SIZE) + { + cipher->encrypt(buffer); + send(buffer, BLOCK_SIZE); + input += (BLOCK_SIZE - position); + length -= (BLOCK_SIZE - position); + while(length >= BLOCK_SIZE) + { + cipher->encrypt(input, buffer); + send(buffer, BLOCK_SIZE); + input += BLOCK_SIZE; + length -= BLOCK_SIZE; + } + buffer.copy(input, length); + position = 0; + } + position += length; + } + +/************************************************* +* Finish encrypting in ECB mode * +*************************************************/ +void ECB_Encryption::end_msg() + { + SecureVector<byte> padding(BLOCK_SIZE); + padder->pad(padding, padding.size(), position); + write(padding, padder->pad_bytes(BLOCK_SIZE, position)); + if(position != 0) + throw Encoding_Error(name() + ": Did not pad to full blocksize"); + } + +/************************************************* +* ECB Decryption Constructor * +*************************************************/ +ECB_Decryption::ECB_Decryption(const std::string& cipher_name, + const std::string& padding_name) : + ECB(cipher_name, padding_name) + { + } + +/************************************************* +* ECB Decryption Constructor * +*************************************************/ +ECB_Decryption::ECB_Decryption(const std::string& cipher_name, + const std::string& padding_name, + const SymmetricKey& key) : + ECB(cipher_name, padding_name) + { + set_key(key); + } + +/************************************************* +* Decrypt in ECB mode * +*************************************************/ +void ECB_Decryption::write(const byte input[], u32bit length) + { + buffer.copy(position, input, length); + if(position + length > BLOCK_SIZE) + { + cipher->decrypt(buffer); + send(buffer, BLOCK_SIZE); + input += (BLOCK_SIZE - position); + length -= (BLOCK_SIZE - position); + while(length > BLOCK_SIZE) + { + cipher->decrypt(input, buffer); + send(buffer, BLOCK_SIZE); + input += BLOCK_SIZE; + length -= BLOCK_SIZE; + } + buffer.copy(input, length); + position = 0; + } + position += length; + } + +/************************************************* +* Finish decrypting in ECB mode * +*************************************************/ +void ECB_Decryption::end_msg() + { + if(position != BLOCK_SIZE) + throw Decoding_Error(name()); + cipher->decrypt(buffer); + send(buffer, padder->unpad(buffer, BLOCK_SIZE)); + state = buffer; + position = 0; + } + +} diff --git a/src/modes/ecb/ecb.h b/src/modes/ecb/ecb.h new file mode 100644 index 000000000..b730a4fd4 --- /dev/null +++ b/src/modes/ecb/ecb.h @@ -0,0 +1,57 @@ +/************************************************* +* ECB Mode Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ECB_H__ +#define BOTAN_ECB_H__ + +#include <botan/modebase.h> +#include <botan/mode_pad.h> + +namespace Botan { + +/************************************************* +* ECB * +*************************************************/ +class BOTAN_DLL ECB : public BlockCipherMode + { + protected: + ECB(const std::string&, const std::string&); + std::string name() const; + const BlockCipherModePaddingMethod* padder; + private: + bool valid_iv_size(u32bit) const; + }; + +/************************************************* +* ECB Encryption * +*************************************************/ +class BOTAN_DLL ECB_Encryption : public ECB + { + public: + ECB_Encryption(const std::string&, const std::string&); + ECB_Encryption(const std::string&, const std::string&, + const SymmetricKey&); + private: + void write(const byte[], u32bit); + void end_msg(); + }; + +/************************************************* +* ECB Decryption * +*************************************************/ +class BOTAN_DLL ECB_Decryption : public ECB + { + public: + ECB_Decryption(const std::string&, const std::string&); + ECB_Decryption(const std::string&, const std::string&, + const SymmetricKey&); + private: + void write(const byte[], u32bit); + void end_msg(); + }; + +} + +#endif diff --git a/src/modes/ecb/modinfo.txt b/src/modes/ecb/modinfo.txt new file mode 100644 index 000000000..fb0c8b7c6 --- /dev/null +++ b/src/modes/ecb/modinfo.txt @@ -0,0 +1,10 @@ +realname "ECB block cipher mode" + +define ECB + +load_on auto + +<add> +ecb.cpp +ecb.h +</add> diff --git a/src/modes/ofb/modinfo.txt b/src/modes/ofb/modinfo.txt new file mode 100644 index 000000000..38a15d0b6 --- /dev/null +++ b/src/modes/ofb/modinfo.txt @@ -0,0 +1,10 @@ +realname "OFB block cipher mode" + +define OFB + +load_on auto + +<add> +ofb.cpp +ofb.h +</add> diff --git a/src/modes/ofb/ofb.cpp b/src/modes/ofb/ofb.cpp new file mode 100644 index 000000000..db254d329 --- /dev/null +++ b/src/modes/ofb/ofb.cpp @@ -0,0 +1,65 @@ +/************************************************* +* OFB Mode Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/ofb.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> +#include <algorithm> + +namespace Botan { + +/************************************************* +* OFB Constructor * +*************************************************/ +OFB::OFB(const std::string& cipher_name) : + BlockCipherMode(cipher_name, "OFB", block_size_of(cipher_name), 2) + { + } + +/************************************************* +* OFB Constructor * +*************************************************/ +OFB::OFB(const std::string& cipher_name, const SymmetricKey& key, + const InitializationVector& iv) : + BlockCipherMode(cipher_name, "OFB", block_size_of(cipher_name), 2) + { + set_key(key); + set_iv(iv); + } + +/************************************************* +* OFB Encryption/Decryption * +*************************************************/ +void OFB::write(const byte input[], u32bit length) + { + u32bit copied = std::min(BLOCK_SIZE - position, length); + xor_buf(buffer, input, state + position, copied); + send(buffer, copied); + input += copied; + length -= copied; + position += copied; + + if(position == BLOCK_SIZE) + { + cipher->encrypt(state); + position = 0; + } + + while(length >= BLOCK_SIZE) + { + xor_buf(buffer, input, state, BLOCK_SIZE); + send(buffer, BLOCK_SIZE); + + input += BLOCK_SIZE; + length -= BLOCK_SIZE; + cipher->encrypt(state); + } + + xor_buf(buffer, input, state + position, length); + send(buffer, length); + position += length; + } + +} diff --git a/src/modes/ofb/ofb.h b/src/modes/ofb/ofb.h new file mode 100644 index 000000000..3bf6f9883 --- /dev/null +++ b/src/modes/ofb/ofb.h @@ -0,0 +1,28 @@ +/************************************************* +* OFB Mode Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_OFB_H__ +#define BOTAN_OFB_H__ + +#include <botan/modebase.h> + +namespace Botan { + +/************************************************* +* OFB Mode * +*************************************************/ +class BOTAN_DLL OFB : public BlockCipherMode + { + public: + OFB(const std::string&); + OFB(const std::string&, + const SymmetricKey&, const InitializationVector&); + private: + void write(const byte[], u32bit); + }; + +} + +#endif diff --git a/src/mutex/pthreads/modinfo.txt b/src/mutex/pthreads/modinfo.txt new file mode 100644 index 000000000..88de70de0 --- /dev/null +++ b/src/mutex/pthreads/modinfo.txt @@ -0,0 +1,29 @@ +realname "Pthread Mutex" + +define MUTEX_PTHREAD + +load_on auto + +<add> +mux_pthr.cpp +mux_pthr.h +</add> + +<libs> +all!qnx,freebsd,openbsd,netbsd -> pthread +</libs> + +<os> +aix +cygwin +darwin +freebsd +hpux +irix +linux +netbsd +openbsd +qnx +solaris +tru64 +</os> diff --git a/src/mutex/pthreads/mux_pthr.cpp b/src/mutex/pthreads/mux_pthr.cpp new file mode 100644 index 000000000..d003fa298 --- /dev/null +++ b/src/mutex/pthreads/mux_pthr.cpp @@ -0,0 +1,56 @@ +/************************************************* +* Pthread Mutex Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/mux_pthr.h> +#include <botan/exceptn.h> + +#ifndef _POSIX_C_SOURCE + #define _POSIX_C_SOURCE 199506 +#endif + +#include <pthread.h> + +namespace Botan { + +/************************************************* +* Pthread Mutex Factory * +*************************************************/ +Mutex* Pthread_Mutex_Factory::make() + { + + class Pthread_Mutex : public Mutex + { + public: + void lock() + { + if(pthread_mutex_lock(&mutex) != 0) + throw Exception("Pthread_Mutex::lock: Error occured"); + } + + void unlock() + { + if(pthread_mutex_unlock(&mutex) != 0) + throw Exception("Pthread_Mutex::unlock: Error occured"); + } + + Pthread_Mutex() + { + if(pthread_mutex_init(&mutex, 0) != 0) + throw Exception("Pthread_Mutex: initialization failed"); + } + + ~Pthread_Mutex() + { + if(pthread_mutex_destroy(&mutex) != 0) + throw Invalid_State("~Pthread_Mutex: mutex is still locked"); + } + private: + pthread_mutex_t mutex; + }; + + return new Pthread_Mutex(); + } + +} diff --git a/src/mutex/pthreads/mux_pthr.h b/src/mutex/pthreads/mux_pthr.h new file mode 100644 index 000000000..efdabfed4 --- /dev/null +++ b/src/mutex/pthreads/mux_pthr.h @@ -0,0 +1,24 @@ +/************************************************* +* Pthread Mutex Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_MUTEX_PTHREAD_H__ +#define BOTAN_MUTEX_PTHREAD_H__ + +#include <botan/mutex.h> + +namespace Botan { + +/************************************************* +* Pthread Mutex Factory * +*************************************************/ +class Pthread_Mutex_Factory : public Mutex_Factory + { + public: + Mutex* make(); + }; + +} + +#endif diff --git a/src/mutex/qt_mutex/modinfo.txt b/src/mutex/qt_mutex/modinfo.txt new file mode 100644 index 000000000..a21108c79 --- /dev/null +++ b/src/mutex/qt_mutex/modinfo.txt @@ -0,0 +1,18 @@ +realname "Qt Mutex" + +define MUTEX_QT + +note "You'll probably have to add -I/-L flags to the Makefile to find Qt" + +load_on request + +<add> +mux_qt.cpp +mux_qt.h +</add> + +# I think we want to always use qt-mt, not qt -- not much point in supporting +# mutexes in a single threaded application, after all. +<libs> +all -> qt-mt +</libs> diff --git a/src/mutex/qt_mutex/mux_qt.cpp b/src/mutex/qt_mutex/mux_qt.cpp new file mode 100644 index 000000000..421b771c7 --- /dev/null +++ b/src/mutex/qt_mutex/mux_qt.cpp @@ -0,0 +1,33 @@ +/************************************************* +* Qt Thread Mutex Source File * +* (C) 2004-2007 Justin Karneges * +* 2004-2007 Jack Lloyd * +*************************************************/ + +#include <botan/mux_qt.h> +#include <qmutex.h> + +#if !defined(QT_THREAD_SUPPORT) + #error Your version of Qt does not support threads or mutexes +#endif + +namespace Botan { + +/************************************************* +* Qt Mutex Factory * +*************************************************/ +Mutex* Qt_Mutex_Factory::make() + { + class Qt_Mutex : public Mutex + { + public: + void lock() { mutex.lock(); } + void unlock() { mutex.unlock(); } + private: + QMutex mutex; + }; + + return new Qt_Mutex(); + } + +} diff --git a/src/mutex/qt_mutex/mux_qt.h b/src/mutex/qt_mutex/mux_qt.h new file mode 100644 index 000000000..fffdc78ae --- /dev/null +++ b/src/mutex/qt_mutex/mux_qt.h @@ -0,0 +1,25 @@ +/************************************************* +* Qt Mutex Header File * +* (C) 2004-2007 Justin Karneges * +* 2004-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_MUTEX_QT_H__ +#define BOTAN_MUTEX_QT_H__ + +#include <botan/mutex.h> + +namespace Botan { + +/************************************************* +* Qt Mutex * +*************************************************/ +class Qt_Mutex_Factory : public Mutex_Factory + { + public: + Mutex* make(); + }; + +} + +#endif diff --git a/src/mutex/win32_crit_section/modinfo.txt b/src/mutex/win32_crit_section/modinfo.txt new file mode 100644 index 000000000..d235ff73c --- /dev/null +++ b/src/mutex/win32_crit_section/modinfo.txt @@ -0,0 +1,16 @@ +realname "Win32 Mutex" + +define MUTEX_WIN32 +modset win32 + +load_on auto + +<add> +mux_win32.cpp +mux_win32.h +</add> + +<os> +cygwin +windows +</os> diff --git a/src/mutex/win32_crit_section/mux_win32.cpp b/src/mutex/win32_crit_section/mux_win32.cpp new file mode 100644 index 000000000..622a707fa --- /dev/null +++ b/src/mutex/win32_crit_section/mux_win32.cpp @@ -0,0 +1,32 @@ +/************************************************* +* Win32 Mutex Source File * +* (C) 2006 Luca Piccarreta * +* 2006-2007 Jack Lloyd * +*************************************************/ + +#include <botan/mux_win32.h> +#include <windows.h> + +namespace Botan { + +/************************************************* +* Win32 Mutex Factory * +*************************************************/ +Mutex* Win32_Mutex_Factory::make() + { + class Win32_Mutex : public Mutex + { + public: + void lock() { EnterCriticalSection(&mutex); } + void unlock() { LeaveCriticalSection(&mutex); } + + Win32_Mutex() { InitializeCriticalSection(&mutex); } + ~Win32_Mutex() { DeleteCriticalSection(&mutex); } + private: + CRITICAL_SECTION mutex; + }; + + return new Win32_Mutex(); + } + +} diff --git a/src/mutex/win32_crit_section/mux_win32.h b/src/mutex/win32_crit_section/mux_win32.h new file mode 100644 index 000000000..20b245967 --- /dev/null +++ b/src/mutex/win32_crit_section/mux_win32.h @@ -0,0 +1,24 @@ +/************************************************* +* Win32 Mutex Header File * +* (C) 2006 Luca Piccarreta * +* 2006-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_MUTEX_WIN32_H__ +#define BOTAN_MUTEX_WIN32_H__ + +#include <botan/mutex.h> + +namespace Botan { + +/************************************************* +* Win32 Mutex Factory * +*************************************************/ +class Win32_Mutex_Factory : public Mutex_Factory + { + public: + Mutex* make(); + }; +} + +#endif diff --git a/src/pk/dlies/dlies.cpp b/src/pk/dlies/dlies.cpp new file mode 100644 index 000000000..2a2f33925 --- /dev/null +++ b/src/pk/dlies/dlies.cpp @@ -0,0 +1,129 @@ +/************************************************* +* DLIES Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/dlies.h> +#include <botan/lookup.h> +#include <botan/look_pk.h> +#include <botan/xor_buf.h> +#include <memory> + +namespace Botan { + +/************************************************* +* DLIES_Encryptor Constructor * +*************************************************/ +DLIES_Encryptor::DLIES_Encryptor(const PK_Key_Agreement_Key& k, + const std::string& kdf, + const std::string& mac, u32bit mk_len) : + key(k), kdf_algo(kdf), mac_algo(mac), MAC_KEYLEN(mk_len) + { + } + +/************************************************* +* DLIES Encryption * +*************************************************/ +SecureVector<byte> DLIES_Encryptor::enc(const byte in[], u32bit length, + RandomNumberGenerator&) const + { + if(length > maximum_input_size()) + throw Invalid_Argument("DLIES: Plaintext too large"); + if(other_key.is_empty()) + throw Invalid_State("DLIES: The other key was never set"); + + std::auto_ptr<KDF> kdf(get_kdf(kdf_algo)); + std::auto_ptr<MessageAuthenticationCode> mac(get_mac(mac_algo)); + + MemoryVector<byte> v = key.public_value(); + + SecureVector<byte> out(v.size() + length + mac->OUTPUT_LENGTH); + out.copy(v, v.size()); + out.copy(v.size(), in, length); + + SecureVector<byte> vz(v, key.derive_key(other_key, other_key.size())); + + const u32bit K_LENGTH = length + MAC_KEYLEN; + OctetString K = kdf->derive_key(K_LENGTH, vz, vz.size()); + if(K.length() != K_LENGTH) + throw Encoding_Error("DLIES: KDF did not provide sufficient output"); + byte* C = out + v.size(); + + xor_buf(C, K.begin() + MAC_KEYLEN, length); + mac->set_key(K.begin(), MAC_KEYLEN); + + mac->update(C, length); + for(u32bit j = 0; j != 8; ++j) + mac->update(0); + + mac->final(C + length); + + return out; + } + +/************************************************* +* Set the other parties public key * +*************************************************/ +void DLIES_Encryptor::set_other_key(const MemoryRegion<byte>& ok) + { + other_key = ok; + } + +/************************************************* +* Return the max size, in bytes, of a message * +*************************************************/ +u32bit DLIES_Encryptor::maximum_input_size() const + { + return 32; + } + +/************************************************* +* DLIES_Decryptor Constructor * +*************************************************/ +DLIES_Decryptor::DLIES_Decryptor(const PK_Key_Agreement_Key& k, + const std::string& kdf, + const std::string& mac, u32bit mk_len) : + key(k), kdf_algo(kdf), mac_algo(mac), + MAC_KEYLEN(mk_len), PUBLIC_LEN(key.public_value().size()) + { + } + +/************************************************* +* DLIES Decryption * +*************************************************/ +SecureVector<byte> DLIES_Decryptor::dec(const byte msg[], u32bit length) const + { + std::auto_ptr<MessageAuthenticationCode> mac(get_mac(mac_algo)); + + if(length < PUBLIC_LEN + mac->OUTPUT_LENGTH) + throw Decoding_Error("DLIES decryption: ciphertext is too short"); + + std::auto_ptr<KDF> kdf(get_kdf(kdf_algo)); + + const u32bit CIPHER_LEN = length - PUBLIC_LEN - mac->OUTPUT_LENGTH; + + SecureVector<byte> v(msg, PUBLIC_LEN); + SecureVector<byte> C(msg + PUBLIC_LEN, CIPHER_LEN); + SecureVector<byte> T(msg + PUBLIC_LEN + CIPHER_LEN, mac->OUTPUT_LENGTH); + + SecureVector<byte> vz(v, key.derive_key(v, v.size())); + + const u32bit K_LENGTH = C.size() + MAC_KEYLEN; + OctetString K = kdf->derive_key(K_LENGTH, vz, vz.size()); + if(K.length() != K_LENGTH) + throw Encoding_Error("DLIES: KDF did not provide sufficient output"); + + mac->set_key(K.begin(), MAC_KEYLEN); + mac->update(C); + for(u32bit j = 0; j != 8; ++j) + mac->update(0); + SecureVector<byte> T2 = mac->final(); + if(T != T2) + throw Integrity_Failure("DLIES: message authentication failed"); + + xor_buf(C, K.begin() + MAC_KEYLEN, C.size()); + + return C; + } + +} diff --git a/src/pk/dlies/dlies.h b/src/pk/dlies/dlies.h new file mode 100644 index 000000000..ef0f4d493 --- /dev/null +++ b/src/pk/dlies/dlies.h @@ -0,0 +1,53 @@ +/************************************************* +* DLIES Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_DLIES_H__ +#define BOTAN_DLIES_H__ + +#include <botan/pubkey.h> + +namespace Botan { + +/************************************************* +* DLIES Encryption * +*************************************************/ +class BOTAN_DLL DLIES_Encryptor : public PK_Encryptor + { + public: + DLIES_Encryptor(const PK_Key_Agreement_Key&, + const std::string& = "KDF2(SHA-160)", + const std::string& = "HMAC(SHA-160)", u32bit = 20); + void set_other_key(const MemoryRegion<byte>&); + private: + SecureVector<byte> enc(const byte[], u32bit, + RandomNumberGenerator&) const; + u32bit maximum_input_size() const; + const PK_Key_Agreement_Key& key; + SecureVector<byte> other_key; + const std::string kdf_algo; + const std::string mac_algo; + const u32bit MAC_KEYLEN; + }; + +/************************************************* +* DLIES Decryption * +*************************************************/ +class BOTAN_DLL DLIES_Decryptor : public PK_Decryptor + { + public: + DLIES_Decryptor(const PK_Key_Agreement_Key&, + const std::string& = "KDF2(SHA-160)", + const std::string& = "HMAC(SHA-160)", u32bit = 20); + private: + SecureVector<byte> dec(const byte[], u32bit) const; + const PK_Key_Agreement_Key& key; + const std::string kdf_algo; + const std::string mac_algo; + const u32bit MAC_KEYLEN, PUBLIC_LEN; + }; + +} + +#endif diff --git a/src/pk/dlies/modinfo.txt b/src/pk/dlies/modinfo.txt new file mode 100644 index 000000000..995dbe8a2 --- /dev/null +++ b/src/pk/dlies/modinfo.txt @@ -0,0 +1,10 @@ +realname "DLIES" + +define DLIES + +load_on auto + +<add> +dlies.cpp +dlies.h +</add> diff --git a/src/pk_pad/eme1/eme1.cpp b/src/pk_pad/eme1/eme1.cpp new file mode 100644 index 000000000..2ca10c166 --- /dev/null +++ b/src/pk_pad/eme1/eme1.cpp @@ -0,0 +1,95 @@ +/************************************************* +* EME1 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/eme1.h> +#include <botan/lookup.h> +#include <memory> + +namespace Botan { + +/************************************************* +* EME1 Pad Operation * +*************************************************/ +SecureVector<byte> EME1::pad(const byte in[], u32bit in_length, + u32bit key_length, + RandomNumberGenerator& rng) const + { + key_length /= 8; + + if(in_length > key_length - 2*HASH_LENGTH - 1) + throw Exception("EME1: Input is too large"); + + SecureVector<byte> out(key_length); + + out.clear(); + + rng.randomize(out, HASH_LENGTH); + + out.copy(HASH_LENGTH, Phash, Phash.size()); + out[out.size() - in_length - 1] = 0x01; + out.copy(out.size() - in_length, in, in_length); + mgf->mask(out, HASH_LENGTH, out + HASH_LENGTH, out.size() - HASH_LENGTH); + mgf->mask(out + HASH_LENGTH, out.size() - HASH_LENGTH, out, HASH_LENGTH); + + return out; + } + +/************************************************* +* EME1 Unpad Operation * +*************************************************/ +SecureVector<byte> EME1::unpad(const byte in[], u32bit in_length, + u32bit key_length) const + { + key_length /= 8; + if(in_length > key_length) + throw Decoding_Error("Invalid EME1 encoding"); + + SecureVector<byte> tmp(key_length); + tmp.copy(key_length - in_length, in, in_length); + + mgf->mask(tmp + HASH_LENGTH, tmp.size() - HASH_LENGTH, tmp, HASH_LENGTH); + mgf->mask(tmp, HASH_LENGTH, tmp + HASH_LENGTH, tmp.size() - HASH_LENGTH); + + for(u32bit j = 0; j != Phash.size(); ++j) + if(tmp[j+HASH_LENGTH] != Phash[j]) + throw Decoding_Error("Invalid EME1 encoding"); + + for(u32bit j = HASH_LENGTH + Phash.size(); j != tmp.size(); ++j) + { + if(tmp[j] && tmp[j] != 0x01) + throw Decoding_Error("Invalid EME1 encoding"); + if(tmp[j] && tmp[j] == 0x01) + { + SecureVector<byte> retval(tmp + j + 1, tmp.size() - j - 1); + return retval; + } + } + throw Decoding_Error("Invalid EME1 encoding"); + } + +/************************************************* +* Return the max input size for a given key size * +*************************************************/ +u32bit EME1::maximum_input_size(u32bit keybits) const + { + if(keybits / 8 > 2*HASH_LENGTH + 1) + return ((keybits / 8) - 2*HASH_LENGTH - 1); + else + return 0; + } + +/************************************************* +* EME1 Constructor * +*************************************************/ +EME1::EME1(const std::string& hash_name, const std::string& mgf_name, + const std::string& P) : + HASH_LENGTH(output_length_of(hash_name)) + { + mgf = get_mgf(mgf_name + "(" + hash_name + ")"); + std::auto_ptr<HashFunction> hash(get_hash(hash_name)); + Phash = hash->process(P); + } + +} diff --git a/src/pk_pad/eme1/eme1.h b/src/pk_pad/eme1/eme1.h new file mode 100644 index 000000000..2a0ac92c4 --- /dev/null +++ b/src/pk_pad/eme1/eme1.h @@ -0,0 +1,35 @@ +/************************************************* +* EME1 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_EME1_H__ +#define BOTAN_EME1_H__ + +#include <botan/pk_util.h> + +namespace Botan { + +/************************************************* +* EME1 * +*************************************************/ +class BOTAN_DLL EME1 : public EME + { + public: + u32bit maximum_input_size(u32bit) const; + + EME1(const std::string&, const std::string&, const std::string& = ""); + ~EME1() { delete mgf; } + private: + SecureVector<byte> pad(const byte[], u32bit, u32bit, + RandomNumberGenerator&) const; + SecureVector<byte> unpad(const byte[], u32bit, u32bit) const; + + const u32bit HASH_LENGTH; + SecureVector<byte> Phash; + MGF* mgf; + }; + +} + +#endif diff --git a/src/pk_pad/eme1/modinfo.txt b/src/pk_pad/eme1/modinfo.txt new file mode 100644 index 000000000..5383d59b6 --- /dev/null +++ b/src/pk_pad/eme1/modinfo.txt @@ -0,0 +1,10 @@ +realname "EME1" + +define EME1 + +load_on auto + +<add> +eme1.h +eme1.cpp +</add> diff --git a/src/pk_pad/eme_pkcs/eme_pkcs.cpp b/src/pk_pad/eme_pkcs/eme_pkcs.cpp new file mode 100644 index 000000000..494f238b4 --- /dev/null +++ b/src/pk_pad/eme_pkcs/eme_pkcs.cpp @@ -0,0 +1,68 @@ +/************************************************* +* PKCS1 EME Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/eme_pkcs.h> + +namespace Botan { + +/************************************************* +* PKCS1 Pad Operation * +*************************************************/ +SecureVector<byte> EME_PKCS1v15::pad(const byte in[], u32bit inlen, + u32bit olen, + RandomNumberGenerator& rng) const + { + olen /= 8; + + if(olen < 10) + throw Encoding_Error("PKCS1: Output space too small"); + if(inlen > olen - 10) + throw Encoding_Error("PKCS1: Input is too large"); + + SecureVector<byte> out(olen); + + out[0] = 0x02; + for(u32bit j = 1; j != olen - inlen - 1; ++j) + while(out[j] == 0) + out[j] = rng.next_byte(); + out.copy(olen - inlen, in, inlen); + + return out; + } + +/************************************************* +* PKCS1 Unpad Operation * +*************************************************/ +SecureVector<byte> EME_PKCS1v15::unpad(const byte in[], u32bit inlen, + u32bit key_len) const + { + if(inlen != key_len / 8 || inlen < 10 || in[0] != 0x02) + throw Decoding_Error("PKCS1::unpad"); + + u32bit seperator = 0; + for(u32bit j = 0; j != inlen; ++j) + if(in[j] == 0) + { + seperator = j; + break; + } + if(seperator < 9) + throw Decoding_Error("PKCS1::unpad"); + + return SecureVector<byte>(in + seperator + 1, inlen - seperator - 1); + } + +/************************************************* +* Return the max input size for a given key size * +*************************************************/ +u32bit EME_PKCS1v15::maximum_input_size(u32bit keybits) const + { + if(keybits / 8 > 10) + return ((keybits / 8) - 10); + else + return 0; + } + +} diff --git a/src/pk_pad/eme_pkcs/eme_pkcs.h b/src/pk_pad/eme_pkcs/eme_pkcs.h new file mode 100644 index 000000000..9ec500c54 --- /dev/null +++ b/src/pk_pad/eme_pkcs/eme_pkcs.h @@ -0,0 +1,28 @@ +/************************************************* +* EME PKCS#1 v1.5 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_EME_PKCS1_H__ +#define BOTAN_EME_PKCS1_H__ + +#include <botan/pk_util.h> + +namespace Botan { + +/************************************************* +* EME_PKCS1v15 * +*************************************************/ +class BOTAN_DLL EME_PKCS1v15 : public EME + { + public: + u32bit maximum_input_size(u32bit) const; + private: + SecureVector<byte> pad(const byte[], u32bit, u32bit, + RandomNumberGenerator&) const; + SecureVector<byte> unpad(const byte[], u32bit, u32bit) const; + }; + +} + +#endif diff --git a/src/pk_pad/eme_pkcs/modinfo.txt b/src/pk_pad/eme_pkcs/modinfo.txt new file mode 100644 index 000000000..88d9caf17 --- /dev/null +++ b/src/pk_pad/eme_pkcs/modinfo.txt @@ -0,0 +1,10 @@ +realname "PKCSv1 v1.5 EME" + +define EME_PKCS1v15 + +load_on auto + +<add> +eme_pkcs.h +eme_pkcs.cpp +</add> diff --git a/src/pk_pad/emsa1/emsa1.cpp b/src/pk_pad/emsa1/emsa1.cpp new file mode 100644 index 000000000..15d53f6e5 --- /dev/null +++ b/src/pk_pad/emsa1/emsa1.cpp @@ -0,0 +1,112 @@ +/************************************************* +* EMSA1 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/emsa1.h> +#include <botan/lookup.h> + +namespace Botan { + +namespace { + +SecureVector<byte> emsa1_encoding(const MemoryRegion<byte>& msg, + u32bit output_bits) + { + if(8*msg.size() <= output_bits) + return msg; + + u32bit shift = 8*msg.size() - output_bits; + + u32bit byte_shift = shift / 8, bit_shift = shift % 8; + SecureVector<byte> digest(msg.size() - byte_shift); + + for(u32bit j = 0; j != msg.size() - byte_shift; ++j) + digest[j] = msg[j]; + + if(bit_shift) + { + byte carry = 0; + for(u32bit j = 0; j != digest.size(); ++j) + { + byte temp = digest[j]; + digest[j] = (temp >> bit_shift) | carry; + carry = (temp << (8 - bit_shift)); + } + } + return digest; + } + +} + +/************************************************* +* EMSA1 Update Operation * +*************************************************/ +void EMSA1::update(const byte input[], u32bit length) + { + hash->update(input, length); + } + +/************************************************* +* Return the raw (unencoded) data * +*************************************************/ +SecureVector<byte> EMSA1::raw_data() + { + return hash->final(); + } + +/************************************************* +* EMSA1 Encode Operation * +*************************************************/ +SecureVector<byte> EMSA1::encoding_of(const MemoryRegion<byte>& msg, + u32bit output_bits, + RandomNumberGenerator&) + { + if(msg.size() != hash->OUTPUT_LENGTH) + throw Encoding_Error("EMSA1::encoding_of: Invalid size for input"); + return emsa1_encoding(msg, output_bits); + } + +/************************************************* +* EMSA1 Decode/Verify Operation * +*************************************************/ +bool EMSA1::verify(const MemoryRegion<byte>& coded, + const MemoryRegion<byte>& raw, u32bit key_bits) throw() + { + try { + if(raw.size() != hash->OUTPUT_LENGTH) + throw Encoding_Error("EMSA1::encoding_of: Invalid size for input"); + + SecureVector<byte> our_coding = emsa1_encoding(raw, key_bits); + + if(our_coding == coded) return true; + if(our_coding[0] != 0) return false; + if(our_coding.size() <= coded.size()) return false; + + u32bit offset = 0; + while(our_coding[offset] == 0 && offset < our_coding.size()) + ++offset; + if(our_coding.size() - offset != coded.size()) + return false; + + for(u32bit j = 0; j != coded.size(); ++j) + if(coded[j] != our_coding[j+offset]) + return false; + + return true; + } + catch(Invalid_Argument) + { + return false; + } + } + +/************************************************* +* EMSA1 Constructor * +*************************************************/ +EMSA1::EMSA1(const std::string& hash_name) : + hash(get_hash(hash_name)) + { + } + +} diff --git a/src/pk_pad/emsa1/emsa1.h b/src/pk_pad/emsa1/emsa1.h new file mode 100644 index 000000000..f8d7ac043 --- /dev/null +++ b/src/pk_pad/emsa1/emsa1.h @@ -0,0 +1,36 @@ +/************************************************* +* EMSA1 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_EMSA1_H__ +#define BOTAN_EMSA1_H__ + +#include <botan/pk_util.h> + +namespace Botan { + +/************************************************* +* EMSA1 * +*************************************************/ +class BOTAN_DLL EMSA1 : public EMSA + { + public: + EMSA1(const std::string&); + ~EMSA1() { delete hash; } + private: + void update(const byte[], u32bit); + SecureVector<byte> raw_data(); + + SecureVector<byte> encoding_of(const MemoryRegion<byte>&, u32bit, + RandomNumberGenerator& rng); + + bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + u32bit) throw(); + + HashFunction* hash; + }; + +} + +#endif diff --git a/src/pk_pad/emsa1/modinfo.txt b/src/pk_pad/emsa1/modinfo.txt new file mode 100644 index 000000000..4040dd580 --- /dev/null +++ b/src/pk_pad/emsa1/modinfo.txt @@ -0,0 +1,10 @@ +realname "EMSA1" + +define EMSA1 + +load_on auto + +<add> +emsa1.h +emsa1.cpp +</add> diff --git a/src/pk_pad/emsa2/emsa2.cpp b/src/pk_pad/emsa2/emsa2.cpp new file mode 100644 index 000000000..24292d390 --- /dev/null +++ b/src/pk_pad/emsa2/emsa2.cpp @@ -0,0 +1,106 @@ +/************************************************* +* EMSA2 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/emsa2.h> +#include <botan/hash_id.h> +#include <botan/lookup.h> + +namespace Botan { + +namespace { + +/************************************************* +* EMSA2 Encode Operation * +*************************************************/ +SecureVector<byte> emsa2_encoding(const MemoryRegion<byte>& msg, + u32bit output_bits, + const MemoryRegion<byte>& empty_hash, + byte hash_id) + { + const u32bit HASH_SIZE = empty_hash.size(); + + u32bit output_length = (output_bits + 1) / 8; + + if(msg.size() != HASH_SIZE) + throw Encoding_Error("EMSA2::encoding_of: Bad input length"); + if(output_length < HASH_SIZE + 4) + throw Encoding_Error("EMSA2::encoding_of: Output length is too small"); + + bool empty = true; + for(u32bit j = 0; j != HASH_SIZE; ++j) + if(empty_hash[j] != msg[j]) + empty = false; + + SecureVector<byte> output(output_length); + + output[0] = (empty ? 0x4B : 0x6B); + output[output_length - 3 - HASH_SIZE] = 0xBA; + set_mem(output + 1, output_length - 4 - HASH_SIZE, 0xBB); + output.copy(output_length - (HASH_SIZE + 2), msg, msg.size()); + output[output_length-2] = hash_id; + output[output_length-1] = 0xCC; + + return output; + } + +} + +/************************************************* +* EMSA2 Update Operation * +*************************************************/ +void EMSA2::update(const byte input[], u32bit length) + { + hash->update(input, length); + } + +/************************************************* +* Return the raw (unencoded) data * +*************************************************/ +SecureVector<byte> EMSA2::raw_data() + { + return hash->final(); + } + +/************************************************* +* EMSA2 Encode Operation * +*************************************************/ +SecureVector<byte> EMSA2::encoding_of(const MemoryRegion<byte>& msg, + u32bit output_bits, + RandomNumberGenerator&) + { + return emsa2_encoding(msg, output_bits, empty_hash, hash_id); + } + +/************************************************* +* EMSA2 Verify Operation * +*************************************************/ +bool EMSA2::verify(const MemoryRegion<byte>& coded, + const MemoryRegion<byte>& raw, + u32bit key_bits) throw() + { + try + { + return (coded == emsa2_encoding(raw, key_bits, + empty_hash, hash_id)); + } + catch(...) + { + return false; + } + } + +/************************************************* +* EMSA2 Constructor * +*************************************************/ +EMSA2::EMSA2(const std::string& hash_name) + { + hash_id = ieee1363_hash_id(hash_name); + if(hash_id == 0) + throw Encoding_Error("EMSA2 cannot be used with " + hash->name()); + hash = get_hash(hash_name); + empty_hash = hash->final(); + } + +} diff --git a/src/pk_pad/emsa2/emsa2.h b/src/pk_pad/emsa2/emsa2.h new file mode 100644 index 000000000..5db9593f8 --- /dev/null +++ b/src/pk_pad/emsa2/emsa2.h @@ -0,0 +1,38 @@ +/************************************************* +* EMSA2 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_EMSA2_H__ +#define BOTAN_EMSA2_H__ + +#include <botan/pk_util.h> + +namespace Botan { + +/************************************************* +* EMSA2 * +*************************************************/ +class BOTAN_DLL EMSA2 : public EMSA + { + public: + EMSA2(const std::string&); + ~EMSA2() { delete hash; } + private: + void update(const byte[], u32bit); + SecureVector<byte> raw_data(); + + SecureVector<byte> encoding_of(const MemoryRegion<byte>&, u32bit, + RandomNumberGenerator& rng); + + bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + u32bit) throw(); + + SecureVector<byte> empty_hash; + HashFunction* hash; + byte hash_id; + }; + +} + +#endif diff --git a/src/pk_pad/emsa2/modinfo.txt b/src/pk_pad/emsa2/modinfo.txt new file mode 100644 index 000000000..8d14da548 --- /dev/null +++ b/src/pk_pad/emsa2/modinfo.txt @@ -0,0 +1,10 @@ +realname "EMSA2" + +define EMSA2 + +load_on auto + +<add> +emsa2.h +emsa2.cpp +</add> diff --git a/src/pk_pad/emsa3/emsa3.cpp b/src/pk_pad/emsa3/emsa3.cpp new file mode 100644 index 000000000..60880d1aa --- /dev/null +++ b/src/pk_pad/emsa3/emsa3.cpp @@ -0,0 +1,97 @@ +/************************************************* +* EMSA3 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/emsa3.h> +#include <botan/hash_id.h> +#include <botan/lookup.h> + +namespace Botan { + +namespace { + +/************************************************* +* EMSA3 Encode Operation * +*************************************************/ +SecureVector<byte> emsa3_encoding(const MemoryRegion<byte>& msg, + u32bit output_bits, + const MemoryRegion<byte>& hash_id, + u32bit hash_size) + { + if(msg.size() != hash_size) + throw Encoding_Error("EMSA3::encoding_of: Bad input length"); + + u32bit output_length = output_bits / 8; + if(output_length < hash_id.size() + hash_size + 10) + throw Encoding_Error("EMSA3::pad: Output length is too small"); + + SecureVector<byte> T(output_length); + const u32bit P_LENGTH = output_length - hash_size - hash_id.size() - 2; + + T[0] = 0x01; + set_mem(T+1, P_LENGTH, 0xFF); + T[P_LENGTH+1] = 0x00; + T.copy(P_LENGTH+2, hash_id, hash_id.size()); + T.copy(output_length-hash_size, msg, msg.size()); + return T; + } + +} + +/************************************************* +* EMSA3 Update Operation * +*************************************************/ +void EMSA3::update(const byte input[], u32bit length) + { + hash->update(input, length); + } + +/************************************************* +* Return the raw (unencoded) data * +*************************************************/ +SecureVector<byte> EMSA3::raw_data() + { + return hash->final(); + } + +/************************************************* +* EMSA3 Encode Operation * +*************************************************/ +SecureVector<byte> EMSA3::encoding_of(const MemoryRegion<byte>& msg, + u32bit output_bits, + RandomNumberGenerator&) + { + return emsa3_encoding(msg, output_bits, hash_id, + hash->OUTPUT_LENGTH); + } + +/************************************************* +* Default signature decoding * +*************************************************/ +bool EMSA3::verify(const MemoryRegion<byte>& coded, + const MemoryRegion<byte>& raw, + u32bit key_bits) throw() + { + try + { + return (coded == emsa3_encoding(raw, key_bits, + hash_id, + hash->OUTPUT_LENGTH)); + } + catch(...) + { + return false; + } + } + +/************************************************* +* EMSA3 Constructor * +*************************************************/ +EMSA3::EMSA3(const std::string& hash_name) + { + hash_id = pkcs_hash_id(hash_name); + hash = get_hash(hash_name); + } + +} diff --git a/src/pk_pad/emsa3/emsa3.h b/src/pk_pad/emsa3/emsa3.h new file mode 100644 index 000000000..fa8521216 --- /dev/null +++ b/src/pk_pad/emsa3/emsa3.h @@ -0,0 +1,38 @@ +/************************************************* +* EMSA3 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_EMSA3_H__ +#define BOTAN_EMSA3_H__ + +#include <botan/pk_util.h> + +namespace Botan { + +/************************************************* +* EMSA3 * +*************************************************/ +class BOTAN_DLL EMSA3 : public EMSA + { + public: + EMSA3(const std::string&); + ~EMSA3() { delete hash; } + private: + void update(const byte[], u32bit); + + SecureVector<byte> raw_data(); + + SecureVector<byte> encoding_of(const MemoryRegion<byte>&, u32bit, + RandomNumberGenerator& rng); + + bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + u32bit) throw(); + + HashFunction* hash; + SecureVector<byte> hash_id; + }; + +} + +#endif diff --git a/src/pk_pad/emsa3/modinfo.txt b/src/pk_pad/emsa3/modinfo.txt new file mode 100644 index 000000000..926f9a4e8 --- /dev/null +++ b/src/pk_pad/emsa3/modinfo.txt @@ -0,0 +1,10 @@ +realname "EMSA3" + +define EMSA3 + +load_on auto + +<add> +emsa3.h +emsa3.cpp +</add> diff --git a/src/pk_pad/emsa4/emsa4.cpp b/src/pk_pad/emsa4/emsa4.cpp new file mode 100644 index 000000000..9821c1f13 --- /dev/null +++ b/src/pk_pad/emsa4/emsa4.cpp @@ -0,0 +1,144 @@ +/************************************************* +* EMSA4 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/emsa4.h> +#include <botan/lookup.h> +#include <botan/look_pk.h> +#include <botan/bit_ops.h> + +namespace Botan { + +/************************************************* +* EMSA4 Update Operation * +*************************************************/ +void EMSA4::update(const byte input[], u32bit length) + { + hash->update(input, length); + } + +/************************************************* +* Return the raw (unencoded) data * +*************************************************/ +SecureVector<byte> EMSA4::raw_data() + { + return hash->final(); + } + +/************************************************* +* EMSA4 Encode Operation * +*************************************************/ +SecureVector<byte> EMSA4::encoding_of(const MemoryRegion<byte>& msg, + u32bit output_bits, + RandomNumberGenerator& rng) + { + const u32bit HASH_SIZE = hash->OUTPUT_LENGTH; + + if(msg.size() != HASH_SIZE) + throw Encoding_Error("EMSA4::encoding_of: Bad input length"); + if(output_bits < 8*HASH_SIZE + 8*SALT_SIZE + 9) + throw Encoding_Error("EMSA4::encoding_of: Output length is too small"); + + const u32bit output_length = (output_bits + 7) / 8; + + SecureVector<byte> salt(SALT_SIZE); + rng.randomize(salt, SALT_SIZE); + + for(u32bit j = 0; j != 8; ++j) + hash->update(0); + hash->update(msg); + hash->update(salt, SALT_SIZE); + SecureVector<byte> H = hash->final(); + + SecureVector<byte> EM(output_length); + + EM[output_length - HASH_SIZE - SALT_SIZE - 2] = 0x01; + EM.copy(output_length - 1 - HASH_SIZE - SALT_SIZE, salt, SALT_SIZE); + mgf->mask(H, HASH_SIZE, EM, output_length - HASH_SIZE - 1); + EM[0] &= 0xFF >> (8 * ((output_bits + 7) / 8) - output_bits); + EM.copy(output_length - 1 - HASH_SIZE, H, HASH_SIZE); + EM[output_length-1] = 0xBC; + + return EM; + } + +/************************************************* +* EMSA4 Decode/Verify Operation * +*************************************************/ +bool EMSA4::verify(const MemoryRegion<byte>& const_coded, + const MemoryRegion<byte>& raw, u32bit key_bits) throw() + { + const u32bit HASH_SIZE = hash->OUTPUT_LENGTH; + const u32bit KEY_BYTES = (key_bits + 7) / 8; + + if(key_bits < 8*HASH_SIZE + 9) + return false; + if(raw.size() != HASH_SIZE) + return false; + if(const_coded.size() > KEY_BYTES) + return false; + if(const_coded[const_coded.size()-1] != 0xBC) + return false; + + SecureVector<byte> coded = const_coded; + if(coded.size() < KEY_BYTES) + { + SecureVector<byte> temp(KEY_BYTES); + temp.copy(KEY_BYTES - coded.size(), coded, coded.size()); + coded = temp; + } + + const u32bit TOP_BITS = 8 * ((key_bits + 7) / 8) - key_bits; + if(TOP_BITS > 8 - high_bit(coded[0])) + return false; + + SecureVector<byte> DB(coded.begin(), coded.size() - HASH_SIZE - 1); + SecureVector<byte> H(coded + coded.size() - HASH_SIZE - 1, HASH_SIZE); + + mgf->mask(H, H.size(), DB, coded.size() - H.size() - 1); + DB[0] &= 0xFF >> TOP_BITS; + + u32bit salt_offset = 0; + for(u32bit j = 0; j != DB.size(); ++j) + { + if(DB[j] == 0x01) + { salt_offset = j + 1; break; } + if(DB[j]) + return false; + } + if(salt_offset == 0) + return false; + + SecureVector<byte> salt(DB + salt_offset, DB.size() - salt_offset); + + for(u32bit j = 0; j != 8; ++j) + hash->update(0); + hash->update(raw); + hash->update(salt); + SecureVector<byte> H2 = hash->final(); + + return (H == H2); + } + +/************************************************* +* EMSA4 Constructor * +*************************************************/ +EMSA4::EMSA4(const std::string& hash_name, const std::string& mgf_name) : + SALT_SIZE(output_length_of(hash_name)) + { + hash = get_hash(hash_name); + mgf = get_mgf(mgf_name + "(" + hash_name + ")"); + } + +/************************************************* +* EMSA4 Constructor * +*************************************************/ +EMSA4::EMSA4(const std::string& hash_name, const std::string& mgf_name, + u32bit salt_size) : SALT_SIZE(salt_size) + { + hash = get_hash(hash_name); + mgf = get_mgf(mgf_name + "(" + hash_name + ")"); + } + +} diff --git a/src/pk_pad/emsa4/emsa4.h b/src/pk_pad/emsa4/emsa4.h new file mode 100644 index 000000000..f4d4a4b6d --- /dev/null +++ b/src/pk_pad/emsa4/emsa4.h @@ -0,0 +1,38 @@ +/************************************************* +* EMSA4 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_EMSA4_H__ +#define BOTAN_EMSA4_H__ + +#include <botan/pk_util.h> + +namespace Botan { + +/************************************************* +* EMSA4 * +*************************************************/ +class BOTAN_DLL EMSA4 : public EMSA + { + public: + EMSA4(const std::string&, const std::string&); + EMSA4(const std::string&, const std::string&, u32bit); + ~EMSA4() { delete hash; delete mgf; } + private: + void update(const byte[], u32bit); + SecureVector<byte> raw_data(); + + SecureVector<byte> encoding_of(const MemoryRegion<byte>&, u32bit, + RandomNumberGenerator& rng); + bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + u32bit) throw(); + + const u32bit SALT_SIZE; + HashFunction* hash; + const MGF* mgf; + }; + +} + +#endif diff --git a/src/pk_pad/emsa4/modinfo.txt b/src/pk_pad/emsa4/modinfo.txt new file mode 100644 index 000000000..39a34c619 --- /dev/null +++ b/src/pk_pad/emsa4/modinfo.txt @@ -0,0 +1,10 @@ +realname "EMSA4" + +define EMSA4 + +load_on auto + +<add> +emsa4.h +emsa4.cpp +</add> diff --git a/src/pk_pad/emsa_raw/emsa_raw.cpp b/src/pk_pad/emsa_raw/emsa_raw.cpp new file mode 100644 index 000000000..c10bb4890 --- /dev/null +++ b/src/pk_pad/emsa_raw/emsa_raw.cpp @@ -0,0 +1,48 @@ +/************************************************* +* EMSA-Raw Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/emsa_raw.h> + +namespace Botan { + +/************************************************* +* EMSA-Raw Encode Operation * +*************************************************/ +void EMSA_Raw::update(const byte input[], u32bit length) + { + message.append(input, length); + } + +/************************************************* +* Return the raw (unencoded) data * +*************************************************/ +SecureVector<byte> EMSA_Raw::raw_data() + { + SecureVector<byte> buf = message; + message.destroy(); + return buf; + } + +/************************************************* +* EMSA-Raw Encode Operation * +*************************************************/ +SecureVector<byte> EMSA_Raw::encoding_of(const MemoryRegion<byte>& msg, + u32bit, + RandomNumberGenerator&) + { + return msg; + } + +/************************************************* +* EMSA-Raw Verify Operation * +*************************************************/ +bool EMSA_Raw::verify(const MemoryRegion<byte>& coded, + const MemoryRegion<byte>& raw, + u32bit) throw() + { + return (coded == raw); + } + +} diff --git a/src/pk_pad/emsa_raw/emsa_raw.h b/src/pk_pad/emsa_raw/emsa_raw.h new file mode 100644 index 000000000..a9e21d0e0 --- /dev/null +++ b/src/pk_pad/emsa_raw/emsa_raw.h @@ -0,0 +1,32 @@ +/************************************************* +* EMSA-Raw Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_EMSA_RAW_H__ +#define BOTAN_EMSA_RAW_H__ + +#include <botan/pk_util.h> + +namespace Botan { + +/************************************************* +* EMSA-Raw * +*************************************************/ +class BOTAN_DLL EMSA_Raw : public EMSA + { + private: + void update(const byte[], u32bit); + SecureVector<byte> raw_data(); + + SecureVector<byte> encoding_of(const MemoryRegion<byte>&, u32bit, + RandomNumberGenerator&); + bool verify(const MemoryRegion<byte>&, const MemoryRegion<byte>&, + u32bit) throw(); + + SecureVector<byte> message; + }; + +} + +#endif diff --git a/src/pk_pad/emsa_raw/modinfo.txt b/src/pk_pad/emsa_raw/modinfo.txt new file mode 100644 index 000000000..2a88d10fa --- /dev/null +++ b/src/pk_pad/emsa_raw/modinfo.txt @@ -0,0 +1,10 @@ +realname "EMSA-Raw" + +define EMSA_RAW + +load_on auto + +<add> +emsa_raw.h +emsa_raw.cpp +</add> diff --git a/src/rng/randpool/modinfo.txt b/src/rng/randpool/modinfo.txt new file mode 100644 index 000000000..1b2f79b56 --- /dev/null +++ b/src/rng/randpool/modinfo.txt @@ -0,0 +1,10 @@ +realname "Randpool RNG" + +define RANDPOOL + +load_on auto + +<add> +randpool.cpp +randpool.h +</add> diff --git a/src/rng/randpool/randpool.cpp b/src/rng/randpool/randpool.cpp new file mode 100644 index 000000000..69ef3b9e7 --- /dev/null +++ b/src/rng/randpool/randpool.cpp @@ -0,0 +1,223 @@ +/************************************************* +* Randpool Source File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#include <botan/randpool.h> +#include <botan/lookup.h> +#include <botan/loadstor.h> +#include <botan/xor_buf.h> +#include <botan/util.h> +#include <botan/stl_util.h> +#include <algorithm> + +namespace Botan { + +namespace { + +/************************************************* +* PRF based on a MAC * +*************************************************/ +enum RANDPOOL_PRF_TAG { + CIPHER_KEY = 0, + MAC_KEY = 1, + GEN_OUTPUT = 2 +}; + +} + +/************************************************* +* Generate a buffer of random bytes * +*************************************************/ +void Randpool::randomize(byte out[], u32bit length) + { + if(!is_seeded()) + { + reseed(); + + if(!is_seeded()) + throw PRNG_Unseeded(name()); + } + + update_buffer(); + while(length) + { + const u32bit copied = std::min(length, buffer.size()); + copy_mem(out, buffer.begin(), copied); + out += copied; + length -= copied; + update_buffer(); + } + } + +/************************************************* +* Refill the output buffer * +*************************************************/ +void Randpool::update_buffer() + { + const u64bit timestamp = system_time(); + + for(u32bit j = 0; j != counter.size(); ++j) + if(++counter[j]) + break; + store_be(timestamp, counter + 4); + + mac->update(static_cast<byte>(GEN_OUTPUT)); + mac->update(counter, counter.size()); + SecureVector<byte> mac_val = mac->final(); + + for(u32bit j = 0; j != mac_val.size(); ++j) + buffer[j % buffer.size()] ^= mac_val[j]; + cipher->encrypt(buffer); + + if(counter[0] % ITERATIONS_BEFORE_RESEED == 0) + mix_pool(); + } + +/************************************************* +* Mix the entropy pool * +*************************************************/ +void Randpool::mix_pool() + { + const u32bit BLOCK_SIZE = cipher->BLOCK_SIZE; + + mac->update(static_cast<byte>(MAC_KEY)); + mac->update(pool, pool.size()); + mac->set_key(mac->final()); + + mac->update(static_cast<byte>(CIPHER_KEY)); + mac->update(pool, pool.size()); + cipher->set_key(mac->final()); + + xor_buf(pool, buffer, BLOCK_SIZE); + cipher->encrypt(pool); + for(u32bit j = 1; j != POOL_BLOCKS; ++j) + { + const byte* previous_block = pool + BLOCK_SIZE*(j-1); + byte* this_block = pool + BLOCK_SIZE*j; + xor_buf(this_block, previous_block, BLOCK_SIZE); + cipher->encrypt(this_block); + } + + update_buffer(); + } + +/************************************************* +* Reseed the internal state * +*************************************************/ +void Randpool::reseed() + { + SecureVector<byte> buffer(1024); + u32bit gathered_entropy = 0; + + for(u32bit j = 0; j != entropy_sources.size(); ++j) + { + u32bit got = entropy_sources[j]->slow_poll(buffer, buffer.size()); + + mac->update(buffer, got); + + gathered_entropy += entropy_estimate(buffer, got); + if(gathered_entropy > 512) + break; + } + + SecureVector<byte> mac_val = mac->final(); + xor_buf(pool, mac_val, mac_val.size()); + mix_pool(); + + entropy += gathered_entropy; + } + +/************************************************* +* Add user-supplied entropy * +*************************************************/ +void Randpool::add_entropy(const byte input[], u32bit length) + { + SecureVector<byte> mac_val = mac->process(input, length); + xor_buf(pool, mac_val, mac_val.size()); + mix_pool(); + + entropy += entropy_estimate(input, length); + } + +/************************************************* +* Add another entropy source to the list * +*************************************************/ +void Randpool::add_entropy_source(EntropySource* src) + { + entropy_sources.push_back(src); + } + +/************************************************* +* Check if the the pool is seeded * +*************************************************/ +bool Randpool::is_seeded() const + { + return (entropy >= 384); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void Randpool::clear() throw() + { + cipher->clear(); + mac->clear(); + pool.clear(); + buffer.clear(); + counter.clear(); + entropy = 0; + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string Randpool::name() const + { + return "Randpool(" + cipher->name() + "," + mac->name() + ")"; + } + +/************************************************* +* Randpool Constructor * +*************************************************/ +Randpool::Randpool(const std::string& cipher_name, + const std::string& mac_name) : + ITERATIONS_BEFORE_RESEED(128), POOL_BLOCKS(32) + { + cipher = get_block_cipher(cipher_name); + mac = get_mac(mac_name); + + const u32bit BLOCK_SIZE = cipher->BLOCK_SIZE; + const u32bit OUTPUT_LENGTH = mac->OUTPUT_LENGTH; + + if(OUTPUT_LENGTH < BLOCK_SIZE || + !cipher->valid_keylength(OUTPUT_LENGTH) || + !mac->valid_keylength(OUTPUT_LENGTH)) + { + delete cipher; + delete mac; + throw Internal_Error("Randpool: Invalid algorithm combination " + + cipher_name + "/" + mac_name); + } + + buffer.create(BLOCK_SIZE); + pool.create(POOL_BLOCKS * BLOCK_SIZE); + counter.create(12); + entropy = 0; + } + +/************************************************* +* Randpool Destructor * +*************************************************/ +Randpool::~Randpool() + { + delete cipher; + delete mac; + + std::for_each(entropy_sources.begin(), entropy_sources.end(), + del_fun<EntropySource>()); + + entropy = 0; + } + +} diff --git a/src/rng/randpool/randpool.h b/src/rng/randpool/randpool.h new file mode 100644 index 000000000..b68dec765 --- /dev/null +++ b/src/rng/randpool/randpool.h @@ -0,0 +1,47 @@ +/************************************************* +* Randpool Header File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_RANDPOOL_H__ +#define BOTAN_RANDPOOL_H__ + +#include <botan/rng.h> +#include <botan/base.h> +#include <vector> + +namespace Botan { + +/************************************************* +* Randpool * +*************************************************/ +class BOTAN_DLL Randpool : public RandomNumberGenerator + { + public: + void randomize(byte[], u32bit); + bool is_seeded() const; + void clear() throw(); + std::string name() const; + + void reseed(); + void add_entropy_source(EntropySource*); + void add_entropy(const byte[], u32bit); + + Randpool(const std::string&, const std::string&); + ~Randpool(); + private: + void update_buffer(); + void mix_pool(); + + const u32bit ITERATIONS_BEFORE_RESEED, POOL_BLOCKS; + BlockCipher* cipher; + MessageAuthenticationCode* mac; + + std::vector<EntropySource*> entropy_sources; + SecureVector<byte> pool, buffer, counter; + u32bit entropy; + }; + +} + +#endif diff --git a/src/rng/x931_rng/modinfo.txt b/src/rng/x931_rng/modinfo.txt new file mode 100644 index 000000000..79e436822 --- /dev/null +++ b/src/rng/x931_rng/modinfo.txt @@ -0,0 +1,14 @@ +realname "ANSI X9.31 PRNG" + +define X931_RNG + +load_on auto + +<add> +x931_rng.cpp +x931_rng.h +</add> + +<requires> +randpool +</requires> diff --git a/src/rng/x931_rng/x931_rng.cpp b/src/rng/x931_rng/x931_rng.cpp new file mode 100644 index 000000000..f4b0f71a9 --- /dev/null +++ b/src/rng/x931_rng/x931_rng.cpp @@ -0,0 +1,142 @@ +/************************************************* +* ANSI X9.31 RNG Source File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#include <botan/x931_rng.h> +#include <botan/lookup.h> +#include <botan/xor_buf.h> +#include <algorithm> + +namespace Botan { + +/************************************************* +* Generate a buffer of random bytes * +*************************************************/ +void ANSI_X931_RNG::randomize(byte out[], u32bit length) + { + if(!is_seeded()) + reseed(); + + while(length) + { + if(position == R.size()) + update_buffer(); + + const u32bit copied = std::min(length, R.size() - position); + + copy_mem(out, R + position, copied); + out += copied; + length -= copied; + position += copied; + } + } + +/************************************************* +* Refill the internal state * +*************************************************/ +void ANSI_X931_RNG::update_buffer() + { + SecureVector<byte> DT(cipher->BLOCK_SIZE); + + prng->randomize(DT, DT.size()); + cipher->encrypt(DT); + + xor_buf(R, V, DT, cipher->BLOCK_SIZE); + cipher->encrypt(R); + + xor_buf(V, R, DT, cipher->BLOCK_SIZE); + cipher->encrypt(V); + + position = 0; + } + +/************************************************* +* Reseed the internal state * +*************************************************/ +void ANSI_X931_RNG::reseed() + { + prng->reseed(); + + SecureVector<byte> key(cipher->MAXIMUM_KEYLENGTH); + prng->randomize(key, key.size()); + cipher->set_key(key, key.size()); + + if(V.size() != cipher->BLOCK_SIZE) + V.create(cipher->BLOCK_SIZE); + prng->randomize(V, V.size()); + + update_buffer(); + } + +/************************************************* +* Add a entropy source to the underlying PRNG * +*************************************************/ +void ANSI_X931_RNG::add_entropy_source(EntropySource* src) + { + prng->add_entropy_source(src); + } + +/************************************************* +* Add some entropy to the underlying PRNG * +*************************************************/ +void ANSI_X931_RNG::add_entropy(const byte input[], u32bit length) + { + prng->add_entropy(input, length); + } + +/************************************************* +* Check if the the PRNG is seeded * +*************************************************/ +bool ANSI_X931_RNG::is_seeded() const + { + return V.has_items(); + } + +/************************************************* +* Clear memory of sensitive data * +*************************************************/ +void ANSI_X931_RNG::clear() throw() + { + cipher->clear(); + prng->clear(); + R.clear(); + V.destroy(); + + position = 0; + } + +/************************************************* +* Return the name of this type * +*************************************************/ +std::string ANSI_X931_RNG::name() const + { + return "X9.31(" + cipher->name() + ")"; + } + +/************************************************* +* ANSI X931 RNG Constructor * +*************************************************/ +ANSI_X931_RNG::ANSI_X931_RNG(const std::string& cipher_name, + RandomNumberGenerator* prng_ptr) + { + if(!prng_ptr) + throw Invalid_Argument("ANSI_X931_RNG constructor: NULL prng"); + + prng = prng_ptr; + cipher = get_block_cipher(cipher_name); + + R.create(cipher->BLOCK_SIZE); + position = 0; + } + +/************************************************* +* ANSI X931 RNG Destructor * +*************************************************/ +ANSI_X931_RNG::~ANSI_X931_RNG() + { + delete cipher; + delete prng; + } + +} diff --git a/src/rng/x931_rng/x931_rng.h b/src/rng/x931_rng/x931_rng.h new file mode 100644 index 000000000..7914b605d --- /dev/null +++ b/src/rng/x931_rng/x931_rng.h @@ -0,0 +1,42 @@ +/************************************************* +* ANSI X9.31 RNG Header File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_ANSI_X931_RNG_H__ +#define BOTAN_ANSI_X931_RNG_H__ + +#include <botan/rng.h> +#include <botan/base.h> + +namespace Botan { + +/************************************************* +* ANSI X9.31 RNG * +*************************************************/ +class BOTAN_DLL ANSI_X931_RNG : public RandomNumberGenerator + { + public: + void randomize(byte[], u32bit); + bool is_seeded() const; + void clear() throw(); + std::string name() const; + + void reseed(); + void add_entropy_source(EntropySource*); + void add_entropy(const byte[], u32bit); + + ANSI_X931_RNG(const std::string&, RandomNumberGenerator*); + ~ANSI_X931_RNG(); + private: + void update_buffer(); + + BlockCipher* cipher; + RandomNumberGenerator* prng; + SecureVector<byte> V, R; + u32bit position; + }; + +} + +#endif diff --git a/src/timer/cpu_counter/modinfo.txt b/src/timer/cpu_counter/modinfo.txt new file mode 100644 index 000000000..d5583c0d7 --- /dev/null +++ b/src/timer/cpu_counter/modinfo.txt @@ -0,0 +1,31 @@ +realname "Hardware Timer" + +define TIMER_HARDWARE + +load_on asm_ok + +<add> +tm_hard.cpp +tm_hard.h +</add> + +<cc> +gcc +</cc> + +<arch> +# RDTSC: Pentium and up +i586 +i686 +athlon +pentium4 +amd64 + +ppc # PPC timebase register +ppc64 # PPC timebase register +alpha # rpcc +sparc64 # %tick register +ia64 # ar.itc +s390x +hppa +</arch> diff --git a/src/timer/cpu_counter/tm_hard.cpp b/src/timer/cpu_counter/tm_hard.cpp new file mode 100644 index 000000000..2f7516930 --- /dev/null +++ b/src/timer/cpu_counter/tm_hard.cpp @@ -0,0 +1,49 @@ +/************************************************* +* Hardware Timer Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/tm_hard.h> + +namespace Botan { + +/************************************************* +* Get the timestamp * +*************************************************/ +u64bit Hardware_Timer::clock() const + { + u64bit rtc = 0; + +#if defined(BOTAN_TARGET_ARCH_IS_IA32) || defined(BOTAN_TARGET_ARCH_IS_AMD64) + u32bit rtc_low = 0, rtc_high = 0; + asm volatile("rdtsc" : "=d" (rtc_high), "=a" (rtc_low)); + rtc = (static_cast<u64bit>(rtc_high) << 32) | rtc_low; + +#elif defined(BOTAN_TARGET_ARCH_IS_PPC) || defined(BOTAN_TARGET_ARCH_IS_PPC64) + u32bit rtc_low = 0, rtc_high = 0; + asm volatile("mftbu %0; mftb %1" : "=r" (rtc_high), "=r" (rtc_low)); + rtc = (static_cast<u64bit>(rtc_high) << 32) | rtc_low; + +#elif defined(BOTAN_TARGET_ARCH_IS_ALPHA) + asm volatile("rpcc %0" : "=r" (rtc)); + +#elif defined(BOTAN_TARGET_ARCH_IS_SPARC64) + asm volatile("rd %%tick, %0" : "=r" (rtc)); + +#elif defined(BOTAN_TARGET_ARCH_IS_IA64) + asm volatile("mov %0=ar.itc" : "=r" (rtc)); + +#elif defined(BOTAN_TARGET_ARCH_IS_S390X) + asm volatile("stck 0(%0)" : : "a" (&rtc) : "memory", "cc"); + +#elif defined(BOTAN_TARGET_ARCH_IS_HPPA) + asm volatile("mfctl 16,%0" : "=r" (rtc)); // 64-bit only? + +#else + #error "Unsure how to access hardware timer on this system" +#endif + + return rtc; + } + +} diff --git a/src/timer/cpu_counter/tm_hard.h b/src/timer/cpu_counter/tm_hard.h new file mode 100644 index 000000000..678513f81 --- /dev/null +++ b/src/timer/cpu_counter/tm_hard.h @@ -0,0 +1,24 @@ +/************************************************* +* Hardware Timer Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_TIMER_HARDWARE_H__ +#define BOTAN_TIMER_HARDWARE_H__ + +#include <botan/timers.h> + +namespace Botan { + +/************************************************* +* Hardware Timer * +*************************************************/ +class Hardware_Timer : public Timer + { + public: + u64bit clock() const; + }; + +} + +#endif diff --git a/src/timer/gettimeofday/modinfo.txt b/src/timer/gettimeofday/modinfo.txt new file mode 100644 index 000000000..495914589 --- /dev/null +++ b/src/timer/gettimeofday/modinfo.txt @@ -0,0 +1,27 @@ +realname "Unix Timer" + +define TIMER_UNIX + +load_on auto +modset unix,beos + +<add> +tm_unix.cpp +tm_unix.h +</add> + +<os> +aix +beos +cygwin +darwin +freebsd +hpux +irix +linux +netbsd +openbsd +qnx +solaris +tru64 +</os> diff --git a/src/timer/gettimeofday/tm_unix.cpp b/src/timer/gettimeofday/tm_unix.cpp new file mode 100644 index 000000000..654297753 --- /dev/null +++ b/src/timer/gettimeofday/tm_unix.cpp @@ -0,0 +1,22 @@ +/************************************************* +* Unix Timer Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/tm_unix.h> +#include <botan/util.h> +#include <sys/time.h> + +namespace Botan { + +/************************************************* +* Get the timestamp * +*************************************************/ +u64bit Unix_Timer::clock() const + { + struct ::timeval tv; + ::gettimeofday(&tv, 0); + return combine_timers(tv.tv_sec, tv.tv_usec, 1000000); + } + +} diff --git a/src/timer/gettimeofday/tm_unix.h b/src/timer/gettimeofday/tm_unix.h new file mode 100644 index 000000000..fd24a1563 --- /dev/null +++ b/src/timer/gettimeofday/tm_unix.h @@ -0,0 +1,24 @@ +/************************************************* +* Unix Timer Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_TIMER_UNIX_H__ +#define BOTAN_TIMER_UNIX_H__ + +#include <botan/timers.h> + +namespace Botan { + +/************************************************* +* Unix Timer * +*************************************************/ +class Unix_Timer : public Timer + { + public: + u64bit clock() const; + }; + +} + +#endif diff --git a/src/timer/posix_rt/modinfo.txt b/src/timer/posix_rt/modinfo.txt new file mode 100644 index 000000000..e9298a81c --- /dev/null +++ b/src/timer/posix_rt/modinfo.txt @@ -0,0 +1,23 @@ +realname "POSIX Timer" + +define TIMER_POSIX + +load_on auto + +<add> +tm_posix.cpp +tm_posix.h +</add> + +<libs> +linux -> rt +</libs> + +# The *BSDs put clock_gettime in sys/time.h, not time.h like POSIX says +<os> +cygwin +linux +#freebsd +#netbsd +#openbsd +</os> diff --git a/src/timer/posix_rt/tm_posix.cpp b/src/timer/posix_rt/tm_posix.cpp new file mode 100644 index 000000000..601b2b43d --- /dev/null +++ b/src/timer/posix_rt/tm_posix.cpp @@ -0,0 +1,31 @@ +/************************************************* +* POSIX Timer Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/tm_posix.h> +#include <botan/util.h> + +#ifndef _POSIX_C_SOURCE + #define _POSIX_C_SOURCE 199309 +#endif + +#include <time.h> + +#ifndef CLOCK_REALTIME + #define CLOCK_REALTIME 0 +#endif + +namespace Botan { + +/************************************************* +* Get the timestamp * +*************************************************/ +u64bit POSIX_Timer::clock() const + { + struct ::timespec tv; + ::clock_gettime(CLOCK_REALTIME, &tv); + return combine_timers(tv.tv_sec, tv.tv_nsec, 1000000000); + } + +} diff --git a/src/timer/posix_rt/tm_posix.h b/src/timer/posix_rt/tm_posix.h new file mode 100644 index 000000000..fc3ccdc74 --- /dev/null +++ b/src/timer/posix_rt/tm_posix.h @@ -0,0 +1,24 @@ +/************************************************* +* POSIX Timer Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_TIMER_POSIX_H__ +#define BOTAN_TIMER_POSIX_H__ + +#include <botan/timers.h> + +namespace Botan { + +/************************************************* +* POSIX Timer * +*************************************************/ +class POSIX_Timer : public Timer + { + public: + u64bit clock() const; + }; + +} + +#endif diff --git a/src/timer/win32_query_perf_ctr/modinfo.txt b/src/timer/win32_query_perf_ctr/modinfo.txt new file mode 100644 index 000000000..74c4a59ea --- /dev/null +++ b/src/timer/win32_query_perf_ctr/modinfo.txt @@ -0,0 +1,20 @@ +realname "Win32 Timer" + +define TIMER_WIN32 +modset win32 + +load_on auto + +<add> +tm_win32.cpp +tm_win32.h +</add> + +<os> +cygwin +windows +</os> + +<libs> +windows -> user32 +</libs> diff --git a/src/timer/win32_query_perf_ctr/tm_win32.cpp b/src/timer/win32_query_perf_ctr/tm_win32.cpp new file mode 100644 index 000000000..58f7b0f55 --- /dev/null +++ b/src/timer/win32_query_perf_ctr/tm_win32.cpp @@ -0,0 +1,21 @@ +/************************************************* +* Win32 Timer Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/tm_win32.h> +#include <windows.h> + +namespace Botan { + +/************************************************* +* Get the timestamp * +*************************************************/ +u64bit Win32_Timer::clock() const + { + LARGE_INTEGER tv; + ::QueryPerformanceCounter(&tv); + return tv.QuadPart; + } + +} diff --git a/src/timer/win32_query_perf_ctr/tm_win32.h b/src/timer/win32_query_perf_ctr/tm_win32.h new file mode 100644 index 000000000..67b045e78 --- /dev/null +++ b/src/timer/win32_query_perf_ctr/tm_win32.h @@ -0,0 +1,24 @@ +/************************************************* +* Win32 Timer Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_TIMER_WIN32_H__ +#define BOTAN_TIMER_WIN32_H__ + +#include <botan/timers.h> + +namespace Botan { + +/************************************************* +* Win32 Timer * +*************************************************/ +class Win32_Timer : public Timer + { + public: + u64bit clock() const; + }; + +} + +#endif diff --git a/src/x509/certstor.cpp b/src/x509/certstor.cpp new file mode 100644 index 000000000..2b51590ad --- /dev/null +++ b/src/x509/certstor.cpp @@ -0,0 +1,46 @@ +/************************************************* +* Certificate Store Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/certstor.h> + +namespace Botan { + +/************************************************* +* Search by name * +*************************************************/ +std::vector<X509_Certificate> +Certificate_Store::by_name(const std::string&) const + { + return std::vector<X509_Certificate>(); + } + +/************************************************* +* Search by email * +*************************************************/ +std::vector<X509_Certificate> +Certificate_Store::by_email(const std::string&) const + { + return std::vector<X509_Certificate>(); + } + +/************************************************* +* Search by X.500 distinguished name * +*************************************************/ +std::vector<X509_Certificate> +Certificate_Store::by_dn(const X509_DN&) const + { + return std::vector<X509_Certificate>(); + } + +/************************************************* +* Find any CRLs that might be useful * +*************************************************/ +std::vector<X509_CRL> +Certificate_Store::get_crls_for(const X509_Certificate&) const + { + return std::vector<X509_CRL>(); + } + +} diff --git a/src/x509/certstor.h b/src/x509/certstor.h new file mode 100644 index 000000000..ca0480496 --- /dev/null +++ b/src/x509/certstor.h @@ -0,0 +1,37 @@ +/************************************************* +* Certificate Store Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_CERT_STORE_H__ +#define BOTAN_CERT_STORE_H__ + +#include <botan/x509cert.h> +#include <botan/x509_crl.h> + +namespace Botan { + +/************************************************* +* Certificate Store Interface * +*************************************************/ +class BOTAN_DLL Certificate_Store + { + public: + virtual std::vector<X509_Certificate> + by_SKID(const MemoryRegion<byte>&) const = 0; + + virtual std::vector<X509_Certificate> by_name(const std::string&) const; + virtual std::vector<X509_Certificate> by_email(const std::string&) const; + virtual std::vector<X509_Certificate> by_dn(const X509_DN&) const; + + virtual std::vector<X509_CRL> + get_crls_for(const X509_Certificate&) const; + + virtual Certificate_Store* clone() const = 0; + + virtual ~Certificate_Store() {} + }; + +} + +#endif diff --git a/src/x509/crl_ent.cpp b/src/x509/crl_ent.cpp new file mode 100644 index 000000000..4a85b99c2 --- /dev/null +++ b/src/x509/crl_ent.cpp @@ -0,0 +1,111 @@ +/************************************************* +* CRL Entry Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/crl_ent.h> +#include <botan/x509_ext.h> +#include <botan/der_enc.h> +#include <botan/ber_dec.h> +#include <botan/bigint.h> +#include <botan/libstate.h> +#include <botan/oids.h> +#include <botan/util.h> + +namespace Botan { + +/************************************************* +* Create a CRL_Entry * +*************************************************/ +CRL_Entry::CRL_Entry() + { + reason = UNSPECIFIED; + } + +/************************************************* +* Create a CRL_Entry * +*************************************************/ +CRL_Entry::CRL_Entry(const X509_Certificate& cert, CRL_Code why) + { + serial = cert.serial_number(); + time = X509_Time(system_time()); + reason = why; + } + +/************************************************* +* Compare two CRL_Entrys for equality * +*************************************************/ +bool operator==(const CRL_Entry& a1, const CRL_Entry& a2) + { + if(a1.serial_number() != a2.serial_number()) + return false; + if(a1.expire_time() != a2.expire_time()) + return false; + if(a1.reason_code() != a2.reason_code()) + return false; + return true; + } + +/************************************************* +* Compare two CRL_Entrys for inequality * +*************************************************/ +bool operator!=(const CRL_Entry& a1, const CRL_Entry& a2) + { + return !(a1 == a2); + } + +/************************************************* +* Compare two CRL_Entrys * +*************************************************/ +bool operator<(const CRL_Entry& a1, const CRL_Entry& a2) + { + return (a1.expire_time().cmp(a2.expire_time()) < 0); + } + +/************************************************* +* DER encode a CRL_Entry * +*************************************************/ +void CRL_Entry::encode_into(DER_Encoder& der) const + { + Extensions extensions; + + extensions.add(new Cert_Extension::CRL_ReasonCode(reason)); + + der.start_cons(SEQUENCE) + .encode(BigInt::decode(serial, serial.size())) + .encode(time) + .encode(extensions) + .end_cons(); + } + +/************************************************* +* Decode a BER encoded CRL_Entry * +*************************************************/ +void CRL_Entry::decode_from(BER_Decoder& source) + { + BigInt serial_number_bn; + + source.start_cons(SEQUENCE) + .decode(serial_number_bn) + .decode(time); + + if(source.more_items()) + { + std::string action = + global_state().option("x509/crl/unknown_critical"); + + if(action != "throw" && action != "ignore") + throw Invalid_Argument("Bad setting x509/crl/unknown_critical: " + + action); + + Extensions extensions(action == "throw"); + source.decode(extensions); + Data_Store info; + extensions.contents_to(info, info); + reason = CRL_Code(info.get1_u32bit("X509v3.CRLReasonCode")); + } + + serial = BigInt::encode(serial_number_bn); + } + +} diff --git a/src/x509/crl_ent.h b/src/x509/crl_ent.h new file mode 100644 index 000000000..05a9338b3 --- /dev/null +++ b/src/x509/crl_ent.h @@ -0,0 +1,44 @@ +/************************************************* +* CRL Entry Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_CRL_ENTRY_H__ +#define BOTAN_CRL_ENTRY_H__ + +#include <botan/x509cert.h> + +namespace Botan { + +/************************************************* +* CRL Entry * +*************************************************/ +class BOTAN_DLL CRL_Entry : public ASN1_Object + { + public: + void encode_into(class DER_Encoder&) const; + void decode_from(class BER_Decoder&); + + MemoryVector<byte> serial_number() const { return serial; } + X509_Time expire_time() const { return time; } + CRL_Code reason_code() const { return reason; } + + CRL_Entry(); + CRL_Entry(const X509_Certificate&, CRL_Code = UNSPECIFIED); + + private: + MemoryVector<byte> serial; + X509_Time time; + CRL_Code reason; + }; + +/************************************************* +* Comparison Operations * +*************************************************/ +BOTAN_DLL bool operator==(const CRL_Entry&, const CRL_Entry&); +BOTAN_DLL bool operator!=(const CRL_Entry&, const CRL_Entry&); +BOTAN_DLL bool operator<(const CRL_Entry&, const CRL_Entry&); + +} + +#endif diff --git a/src/x509/modinfo.txt b/src/x509/modinfo.txt new file mode 100644 index 000000000..162d3931b --- /dev/null +++ b/src/x509/modinfo.txt @@ -0,0 +1,31 @@ +realname "X.509" + +define X509 + +load_on auto + +<add> +certstor.h +certstor.cpp +crl_ent.cpp +crl_ent.h +pkcs10.h +pkcs10.cpp +x509_ca.cpp +x509_ca.h +x509_crl.cpp +x509_crl.h +x509_ext.cpp +x509_ext.h +x509_obj.cpp +x509_obj.h +x509cert.cpp +x509cert.h +x509find.cpp +x509find.h +x509opt.cpp +x509self.cpp +x509self.h +x509stor.cpp +x509stor.h +</add> diff --git a/src/x509/pkcs10.cpp b/src/x509/pkcs10.cpp new file mode 100644 index 000000000..bd21cca7d --- /dev/null +++ b/src/x509/pkcs10.cpp @@ -0,0 +1,198 @@ +/************************************************* +* PKCS #10 Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/pkcs10.h> +#include <botan/der_enc.h> +#include <botan/ber_dec.h> +#include <botan/parsing.h> +#include <botan/x509stor.h> +#include <botan/x509_ext.h> +#include <botan/oids.h> +#include <botan/pem.h> + +namespace Botan { + +/************************************************* +* PKCS10_Request Constructor * +*************************************************/ +PKCS10_Request::PKCS10_Request(DataSource& in) : + X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") + { + do_decode(); + } + +/************************************************* +* PKCS10_Request Constructor * +*************************************************/ +PKCS10_Request::PKCS10_Request(const std::string& in) : + X509_Object(in, "CERTIFICATE REQUEST/NEW CERTIFICATE REQUEST") + { + do_decode(); + } + +/************************************************* +* Deocde the CertificateRequestInfo * +*************************************************/ +void PKCS10_Request::force_decode() + { + BER_Decoder cert_req_info(tbs_bits); + + u32bit version; + cert_req_info.decode(version); + if(version != 0) + throw Decoding_Error("Unknown version code in PKCS #10 request: " + + to_string(version)); + + X509_DN dn_subject; + cert_req_info.decode(dn_subject); + + info.add(dn_subject.contents()); + + BER_Object public_key = cert_req_info.get_next_object(); + if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED) + throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for public key", + public_key.type_tag, public_key.class_tag); + + info.add("X509.Certificate.public_key", + PEM_Code::encode( + ASN1::put_in_sequence(public_key.value), + "PUBLIC KEY" + ) + ); + + BER_Object attr_bits = cert_req_info.get_next_object(); + + if(attr_bits.type_tag == 0 && + attr_bits.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) + { + BER_Decoder attributes(attr_bits.value); + while(attributes.more_items()) + { + Attribute attr; + attributes.decode(attr); + handle_attribute(attr); + } + attributes.verify_end(); + } + else if(attr_bits.type_tag != NO_OBJECT) + throw BER_Bad_Tag("PKCS10_Request: Unexpected tag for attributes", + attr_bits.type_tag, attr_bits.class_tag); + + cert_req_info.verify_end(); + + X509_Code sig_check = X509_Store::check_sig(*this, subject_public_key()); + if(sig_check != VERIFIED) + throw Decoding_Error("PKCS #10 request: Bad signature detected"); + } + +/************************************************* +* Handle attributes in a PKCS #10 request * +*************************************************/ +void PKCS10_Request::handle_attribute(const Attribute& attr) + { + BER_Decoder value(attr.parameters); + + if(attr.oid == OIDS::lookup("PKCS9.EmailAddress")) + { + ASN1_String email; + value.decode(email); + info.add("RFC822", email.value()); + } + else if(attr.oid == OIDS::lookup("PKCS9.ChallengePassword")) + { + ASN1_String challenge_password; + value.decode(challenge_password); + info.add("PKCS9.ChallengePassword", challenge_password.value()); + } + else if(attr.oid == OIDS::lookup("PKCS9.ExtensionRequest")) + { + Extensions extensions; + value.decode(extensions).verify_end(); + + Data_Store issuer_info; + extensions.contents_to(info, issuer_info); + } + } + +/************************************************* +* Return the challenge password (if any) * +*************************************************/ +std::string PKCS10_Request::challenge_password() const + { + return info.get1("PKCS9.ChallengePassword"); + } + +/************************************************* +* Return the name of the requestor * +*************************************************/ +X509_DN PKCS10_Request::subject_dn() const + { + return create_dn(info); + } + +/************************************************* +* Return the public key of the requestor * +*************************************************/ +MemoryVector<byte> PKCS10_Request::raw_public_key() const + { + DataSource_Memory source(info.get1("X509.Certificate.public_key")); + return PEM_Code::decode_check_label(source, "PUBLIC KEY"); + } + +/************************************************* +* Return the public key of the requestor * +*************************************************/ +Public_Key* PKCS10_Request::subject_public_key() const + { + DataSource_Memory source(info.get1("X509.Certificate.public_key")); + return X509::load_key(source); + } + +/************************************************* +* Return the alternative names of the requestor * +*************************************************/ +AlternativeName PKCS10_Request::subject_alt_name() const + { + return create_alt_name(info); + } + +/************************************************* +* Return the key constraints (if any) * +*************************************************/ +Key_Constraints PKCS10_Request::constraints() const + { + return Key_Constraints(info.get1_u32bit("X509v3.KeyUsage", NO_CONSTRAINTS)); + } + +/************************************************* +* Return the extendend key constraints (if any) * +*************************************************/ +std::vector<OID> PKCS10_Request::ex_constraints() const + { + std::vector<std::string> oids = info.get("X509v3.ExtendedKeyUsage"); + + std::vector<OID> result; + for(u32bit j = 0; j != oids.size(); ++j) + result.push_back(OID(oids[j])); + return result; + } + +/************************************************* +* Return is a CA certificate is requested * +*************************************************/ +bool PKCS10_Request::is_CA() const + { + return info.get1_u32bit("X509v3.BasicConstraints.is_ca"); + } + +/************************************************* +* Return the desired path limit (if any) * +*************************************************/ +u32bit PKCS10_Request::path_limit() const + { + return info.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0); + } + +} diff --git a/src/x509/pkcs10.h b/src/x509/pkcs10.h new file mode 100644 index 000000000..f688688ee --- /dev/null +++ b/src/x509/pkcs10.h @@ -0,0 +1,46 @@ +/************************************************* +* PKCS #10 Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_PKCS10_H__ +#define BOTAN_PKCS10_H__ + +#include <botan/x509_obj.h> +#include <botan/pkcs8.h> +#include <botan/datastor.h> +#include <vector> + +namespace Botan { + +/************************************************* +* PKCS #10 Certificate Request * +*************************************************/ +class BOTAN_DLL PKCS10_Request : public X509_Object + { + public: + Public_Key* subject_public_key() const; + + MemoryVector<byte> raw_public_key() const; + X509_DN subject_dn() const; + AlternativeName subject_alt_name() const; + Key_Constraints constraints() const; + std::vector<OID> ex_constraints() const; + + bool is_CA() const; + u32bit path_limit() const; + + std::string challenge_password() const; + + PKCS10_Request(DataSource&); + PKCS10_Request(const std::string&); + private: + void force_decode(); + void handle_attribute(const Attribute&); + + Data_Store info; + }; + +} + +#endif diff --git a/src/x509/x509_ca.cpp b/src/x509/x509_ca.cpp new file mode 100644 index 000000000..d455e4988 --- /dev/null +++ b/src/x509/x509_ca.cpp @@ -0,0 +1,288 @@ +/************************************************* +* X.509 Certificate Authority Source File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#include <botan/x509_ca.h> +#include <botan/x509stor.h> +#include <botan/der_enc.h> +#include <botan/ber_dec.h> +#include <botan/libstate.h> +#include <botan/lookup.h> +#include <botan/look_pk.h> +#include <botan/numthry.h> +#include <botan/parsing.h> +#include <botan/oids.h> +#include <botan/util.h> +#include <algorithm> +#include <typeinfo> +#include <iterator> +#include <memory> +#include <set> + +namespace Botan { + +/************************************************* +* Load the certificate and private key * +*************************************************/ +X509_CA::X509_CA(const X509_Certificate& c, + const Private_Key& key) : cert(c) + { + const Private_Key* key_pointer = &key; + if(!dynamic_cast<const PK_Signing_Key*>(key_pointer)) + throw Invalid_Argument("X509_CA: " + key.algo_name() + " cannot sign"); + + if(!cert.is_CA_cert()) + throw Invalid_Argument("X509_CA: This certificate is not for a CA"); + + signer = choose_sig_format(key, ca_sig_algo); + } + +/************************************************* +* Sign a PKCS #10 certificate request * +*************************************************/ +X509_Certificate X509_CA::sign_request(const PKCS10_Request& req, + RandomNumberGenerator& rng, + const X509_Time& not_before, + const X509_Time& not_after) + { + Key_Constraints constraints; + if(req.is_CA()) + constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN); + else + { + std::auto_ptr<Public_Key> key(req.subject_public_key()); + constraints = X509::find_constraints(*key, req.constraints()); + } + + Extensions extensions; + + extensions.add(new Cert_Extension::Authority_Key_ID(cert.subject_key_id())); + extensions.add(new Cert_Extension::Subject_Key_ID(req.raw_public_key())); + + extensions.add( + new Cert_Extension::Basic_Constraints(req.is_CA(), req.path_limit())); + + extensions.add(new Cert_Extension::Key_Usage(constraints)); + extensions.add( + new Cert_Extension::Extended_Key_Usage(req.ex_constraints())); + + extensions.add( + new Cert_Extension::Subject_Alternative_Name(req.subject_alt_name())); + + return make_cert(signer, rng, ca_sig_algo, req.raw_public_key(), + not_before, not_after, + cert.subject_dn(), req.subject_dn(), + extensions); + } + +/************************************************* +* Create a new certificate * +*************************************************/ +X509_Certificate X509_CA::make_cert(PK_Signer* signer, + RandomNumberGenerator& rng, + const AlgorithmIdentifier& sig_algo, + const MemoryRegion<byte>& pub_key, + const X509_Time& not_before, + const X509_Time& not_after, + const X509_DN& issuer_dn, + const X509_DN& subject_dn, + const Extensions& extensions) + { + const u32bit X509_CERT_VERSION = 3; + const u32bit SERIAL_BITS = 128; + + BigInt serial_no(rng, SERIAL_BITS); + + DataSource_Memory source(X509_Object::make_signed(signer, rng, sig_algo, + DER_Encoder().start_cons(SEQUENCE) + .start_explicit(0) + .encode(X509_CERT_VERSION-1) + .end_explicit() + + .encode(serial_no) + + .encode(sig_algo) + .encode(issuer_dn) + + .start_cons(SEQUENCE) + .encode(not_before) + .encode(not_after) + .end_cons() + + .encode(subject_dn) + .raw_bytes(pub_key) + + .start_explicit(3) + .start_cons(SEQUENCE) + .encode(extensions) + .end_cons() + .end_explicit() + .end_cons() + .get_contents() + )); + + return X509_Certificate(source); + } + +/************************************************* +* Create a new, empty CRL * +*************************************************/ +X509_CRL X509_CA::new_crl(RandomNumberGenerator& rng, + u32bit next_update) const + { + std::vector<CRL_Entry> empty; + return make_crl(empty, 1, next_update, rng); + } + +/************************************************* +* Update a CRL with new entries * +*************************************************/ +X509_CRL X509_CA::update_crl(const X509_CRL& crl, + const std::vector<CRL_Entry>& new_revoked, + RandomNumberGenerator& rng, + u32bit next_update) const + { + std::vector<CRL_Entry> already_revoked = crl.get_revoked(); + std::vector<CRL_Entry> all_revoked; + + X509_Store store; + store.add_cert(cert, true); + if(store.add_crl(crl) != VERIFIED) + throw Invalid_Argument("X509_CA::update_crl: Invalid CRL provided"); + + std::set<SecureVector<byte> > removed_from_crl; + for(u32bit j = 0; j != new_revoked.size(); ++j) + { + if(new_revoked[j].reason_code() == DELETE_CRL_ENTRY) + removed_from_crl.insert(new_revoked[j].serial_number()); + else + all_revoked.push_back(new_revoked[j]); + } + + for(u32bit j = 0; j != already_revoked.size(); ++j) + { + std::set<SecureVector<byte> >::const_iterator i; + i = removed_from_crl.find(already_revoked[j].serial_number()); + + if(i == removed_from_crl.end()) + all_revoked.push_back(already_revoked[j]); + } + std::sort(all_revoked.begin(), all_revoked.end()); + + std::vector<CRL_Entry> cert_list; + std::unique_copy(all_revoked.begin(), all_revoked.end(), + std::back_inserter(cert_list)); + + return make_crl(cert_list, crl.crl_number() + 1, next_update, rng); + } + +/************************************************* +* Create a CRL * +*************************************************/ +X509_CRL X509_CA::make_crl(const std::vector<CRL_Entry>& revoked, + u32bit crl_number, u32bit next_update, + RandomNumberGenerator& rng) const + { + const u32bit X509_CRL_VERSION = 2; + + if(next_update == 0) + next_update = timespec_to_u32bit( + global_state().option("x509/crl/next_update")); + + // Totally stupid: ties encoding logic to the return of std::time!! + const u64bit current_time = system_time(); + + Extensions extensions; + extensions.add( + new Cert_Extension::Authority_Key_ID(cert.subject_key_id())); + extensions.add(new Cert_Extension::CRL_Number(crl_number)); + + DataSource_Memory source(X509_Object::make_signed(signer, rng, ca_sig_algo, + DER_Encoder().start_cons(SEQUENCE) + .encode(X509_CRL_VERSION-1) + .encode(ca_sig_algo) + .encode(cert.issuer_dn()) + .encode(X509_Time(current_time)) + .encode(X509_Time(current_time + next_update)) + .encode_if(revoked.size() > 0, + DER_Encoder() + .start_cons(SEQUENCE) + .encode_list(revoked) + .end_cons() + ) + .start_explicit(0) + .start_cons(SEQUENCE) + .encode(extensions) + .end_cons() + .end_explicit() + .end_cons() + .get_contents() + )); + + return X509_CRL(source); + } + +/************************************************* +* Return the CA's certificate * +*************************************************/ +X509_Certificate X509_CA::ca_certificate() const + { + return cert; + } + +/************************************************* +* X509_CA Destructor * +*************************************************/ +X509_CA::~X509_CA() + { + delete signer; + } + +/************************************************* +* Choose a signing format for the key * +*************************************************/ +PK_Signer* choose_sig_format(const Private_Key& key, + AlgorithmIdentifier& sig_algo) + { + std::string padding; + Signature_Format format; + + const std::string algo_name = key.algo_name(); + + if(algo_name == "RSA") + { + std::string hash = global_state().option("x509/ca/rsa_hash"); + + if(hash == "") + throw Invalid_State("No value set for x509/ca/rsa_hash"); + + hash = global_state().deref_alias(hash); + + padding = "EMSA3(" + hash + ")"; + format = IEEE_1363; + } + else if(algo_name == "DSA") + { + std::string hash = global_state().deref_alias("SHA-1"); + padding = "EMSA1(" + hash + ")"; + format = DER_SEQUENCE; + } + else + throw Invalid_Argument("Unknown X.509 signing key type: " + algo_name); + + sig_algo.oid = OIDS::lookup(algo_name + "/" + padding); + + std::auto_ptr<X509_Encoder> encoding(key.x509_encoder()); + if(!encoding.get()) + throw Encoding_Error("Key " + algo_name + " does not support " + "X.509 encoding"); + + sig_algo.parameters = encoding->alg_id().parameters; + + const PK_Signing_Key& sig_key = dynamic_cast<const PK_Signing_Key&>(key); + + return get_pk_signer(sig_key, padding, format); + } + +} diff --git a/src/x509/x509_ca.h b/src/x509/x509_ca.h new file mode 100644 index 000000000..969e62558 --- /dev/null +++ b/src/x509/x509_ca.h @@ -0,0 +1,68 @@ +/************************************************* +* X.509 Certificate Authority Header File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_X509_CA_H__ +#define BOTAN_X509_CA_H__ + +#include <botan/x509cert.h> +#include <botan/x509_crl.h> +#include <botan/x509_ext.h> +#include <botan/pkcs8.h> +#include <botan/pkcs10.h> +#include <botan/pubkey.h> + +namespace Botan { + +/************************************************* +* X.509 Certificate Authority * +*************************************************/ +class BOTAN_DLL X509_CA + { + public: + X509_Certificate sign_request(const PKCS10_Request& req, + RandomNumberGenerator& rng, + const X509_Time& not_before, + const X509_Time& not_after); + + X509_Certificate ca_certificate() const; + + X509_CRL new_crl(RandomNumberGenerator& rng, u32bit = 0) const; + X509_CRL update_crl(const X509_CRL&, + const std::vector<CRL_Entry>&, + RandomNumberGenerator& rng, + u32bit = 0) const; + + static X509_Certificate make_cert(PK_Signer*, + RandomNumberGenerator&, + const AlgorithmIdentifier&, + const MemoryRegion<byte>&, + const X509_Time&, const X509_Time&, + const X509_DN&, const X509_DN&, + const Extensions&); + + X509_CA(const X509_Certificate&, const Private_Key&); + ~X509_CA(); + private: + X509_CA(const X509_CA&) {} + X509_CA& operator=(const X509_CA&) { return (*this); } + + X509_CRL make_crl(const std::vector<CRL_Entry>&, + u32bit, u32bit, RandomNumberGenerator&) const; + + AlgorithmIdentifier ca_sig_algo; + X509_Certificate cert; + PK_Signer* signer; + }; + +/************************************************* +* Choose a signing format for the key * +*************************************************/ +BOTAN_DLL PK_Signer* choose_sig_format(const Private_Key&, + AlgorithmIdentifier&); + + +} + +#endif diff --git a/src/x509/x509_crl.cpp b/src/x509/x509_crl.cpp new file mode 100644 index 000000000..306c78bd1 --- /dev/null +++ b/src/x509/x509_crl.cpp @@ -0,0 +1,149 @@ +/************************************************* +* X.509 CRL Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/x509_crl.h> +#include <botan/x509_ext.h> +#include <botan/ber_dec.h> +#include <botan/parsing.h> +#include <botan/bigint.h> +#include <botan/libstate.h> +#include <botan/oids.h> + +namespace Botan { + +/************************************************* +* Load a X.509 CRL * +*************************************************/ +X509_CRL::X509_CRL(DataSource& in) : X509_Object(in, "X509 CRL/CRL") + { + do_decode(); + } + +/************************************************* +* Load a X.509 CRL * +*************************************************/ +X509_CRL::X509_CRL(const std::string& in) : X509_Object(in, "CRL/X509 CRL") + { + do_decode(); + } + +/************************************************* +* Decode the TBSCertList data * +*************************************************/ +void X509_CRL::force_decode() + { + BER_Decoder tbs_crl(tbs_bits); + + u32bit version; + tbs_crl.decode_optional(version, INTEGER, UNIVERSAL); + + if(version != 0 && version != 1) + throw X509_CRL_Error("Unknown X.509 CRL version " + + to_string(version+1)); + + AlgorithmIdentifier sig_algo_inner; + tbs_crl.decode(sig_algo_inner); + + if(sig_algo != sig_algo_inner) + throw X509_CRL_Error("Algorithm identifier mismatch"); + + X509_DN dn_issuer; + tbs_crl.decode(dn_issuer); + info.add(dn_issuer.contents()); + + X509_Time start, end; + tbs_crl.decode(start).decode(end); + info.add("X509.CRL.start", start.readable_string()); + info.add("X509.CRL.end", end.readable_string()); + + BER_Object next = tbs_crl.get_next_object(); + + if(next.type_tag == SEQUENCE && next.class_tag == CONSTRUCTED) + { + BER_Decoder cert_list(next.value); + + while(cert_list.more_items()) + { + CRL_Entry entry; + cert_list.decode(entry); + revoked.push_back(entry); + } + next = tbs_crl.get_next_object(); + } + + if(next.type_tag == 0 && + next.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) + { + BER_Decoder crl_options(next.value); + + std::string action = global_state().option("x509/crl/unknown_critical"); + if(action != "throw" && action != "ignore") + throw Invalid_Argument("Bad value of x509/crl/unknown_critical: " + + action); + + Extensions extensions(action == "throw"); + + crl_options.decode(extensions).verify_end(); + + extensions.contents_to(info, info); + + next = tbs_crl.get_next_object(); + } + + if(next.type_tag != NO_OBJECT) + throw X509_CRL_Error("Unknown tag in CRL"); + + tbs_crl.verify_end(); + } + +/************************************************* +* Return the list of revoked certificates * +*************************************************/ +std::vector<CRL_Entry> X509_CRL::get_revoked() const + { + return revoked; + } + +/************************************************* +* Return the distinguished name of the issuer * +*************************************************/ +X509_DN X509_CRL::issuer_dn() const + { + return create_dn(info); + } + +/************************************************* +* Return the key identifier of the issuer * +*************************************************/ +MemoryVector<byte> X509_CRL::authority_key_id() const + { + return info.get1_memvec("X509v3.AuthorityKeyIdentifier"); + } + +/************************************************* +* Return the CRL number of this CRL * +*************************************************/ +u32bit X509_CRL::crl_number() const + { + return info.get1_u32bit("X509v3.CRLNumber"); + } + +/************************************************* +* Return the issue data of the CRL * +*************************************************/ +X509_Time X509_CRL::this_update() const + { + return info.get1("X509.CRL.start"); + } + +/************************************************* +* Return the date when a new CRL will be issued * +*************************************************/ +X509_Time X509_CRL::next_update() const + { + return info.get1("X509.CRL.end"); + } + +} diff --git a/src/x509/x509_crl.h b/src/x509/x509_crl.h new file mode 100644 index 000000000..f7623b940 --- /dev/null +++ b/src/x509/x509_crl.h @@ -0,0 +1,46 @@ +/************************************************* +* X.509 CRL Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_X509_CRL_H__ +#define BOTAN_X509_CRL_H__ + +#include <botan/x509_obj.h> +#include <botan/crl_ent.h> +#include <vector> + +namespace Botan { + +/************************************************* +* X.509 CRL * +*************************************************/ +class BOTAN_DLL X509_CRL : public X509_Object + { + public: + struct X509_CRL_Error : public Exception + { + X509_CRL_Error(const std::string& error) : + Exception("X509_CRL: " + error) {} + }; + + std::vector<CRL_Entry> get_revoked() const; + + X509_DN issuer_dn() const; + MemoryVector<byte> authority_key_id() const; + + u32bit crl_number() const; + X509_Time this_update() const; + X509_Time next_update() const; + + X509_CRL(DataSource&); + X509_CRL(const std::string&); + private: + void force_decode(); + std::vector<CRL_Entry> revoked; + Data_Store info; + }; + +} + +#endif diff --git a/src/x509/x509_ext.cpp b/src/x509/x509_ext.cpp new file mode 100644 index 000000000..3595a0492 --- /dev/null +++ b/src/x509/x509_ext.cpp @@ -0,0 +1,579 @@ +/************************************************* +* X.509 Certificate Extensions Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/x509_ext.h> +#include <botan/der_enc.h> +#include <botan/ber_dec.h> +#include <botan/lookup.h> +#include <botan/oids.h> +#include <botan/libstate.h> +#include <botan/bit_ops.h> +#include <algorithm> +#include <memory> + +namespace Botan { + +/************************************************* +* List of X.509 Certificate Extensions * +*************************************************/ +Certificate_Extension* Extensions::get_extension(const OID& oid) + { +#define X509_EXTENSION(NAME, TYPE) \ + if(OIDS::name_of(oid, NAME)) \ + return new Cert_Extension::TYPE(); + + X509_EXTENSION("X509v3.KeyUsage", Key_Usage); + X509_EXTENSION("X509v3.BasicConstraints", Basic_Constraints); + X509_EXTENSION("X509v3.SubjectKeyIdentifier", Subject_Key_ID); + X509_EXTENSION("X509v3.AuthorityKeyIdentifier", Authority_Key_ID); + X509_EXTENSION("X509v3.ExtendedKeyUsage", Extended_Key_Usage); + X509_EXTENSION("X509v3.IssuerAlternativeName", Issuer_Alternative_Name); + X509_EXTENSION("X509v3.SubjectAlternativeName", Subject_Alternative_Name); + X509_EXTENSION("X509v3.CRLNumber", CRL_Number); + X509_EXTENSION("X509v3.CertificatePolicies", Certificate_Policies); + + return 0; + } + +/************************************************* +* Extensions Copy Constructor * +*************************************************/ +Extensions::Extensions(const Extensions& extensions) : ASN1_Object() + { + *this = extensions; + } + +/************************************************* +* Extensions Assignment Operator * +*************************************************/ +Extensions& Extensions::operator=(const Extensions& other) + { + for(u32bit j = 0; j != extensions.size(); ++j) + delete extensions[j]; + extensions.clear(); + + for(u32bit j = 0; j != other.extensions.size(); ++j) + extensions.push_back(other.extensions[j]->copy()); + + return (*this); + } + +/************************************************* +* Return the OID of this extension * +*************************************************/ +OID Certificate_Extension::oid_of() const + { + return OIDS::lookup(oid_name()); + } + +/************************************************* +* Encode an Extensions list * +*************************************************/ +void Extensions::encode_into(DER_Encoder& to_object) const + { + for(u32bit j = 0; j != extensions.size(); ++j) + { + const Certificate_Extension* ext = extensions[j]; + + std::string setting; + + if(ext->config_id() != "") + setting = global_state().option("x509/exts/" + ext->config_id()); + + if(setting == "") + setting = "yes"; + + if(setting != "yes" && setting != "no" && setting != "critical") + throw Invalid_Argument("X509_CA:: Invalid value for option " + "x509/exts/" + ext->config_id() + " of " + + setting); + + bool is_critical = (setting == "critical"); + bool should_encode = ext->should_encode() && (setting != "no"); + + if(should_encode) + { + to_object.start_cons(SEQUENCE) + .encode(ext->oid_of()) + .encode_optional(is_critical, false) + .encode(ext->encode_inner(), OCTET_STRING) + .end_cons(); + } + } + } + +/************************************************* +* Decode a list of Extensions * +*************************************************/ +void Extensions::decode_from(BER_Decoder& from_source) + { + for(u32bit j = 0; j != extensions.size(); ++j) + delete extensions[j]; + extensions.clear(); + + BER_Decoder sequence = from_source.start_cons(SEQUENCE); + while(sequence.more_items()) + { + OID oid; + MemoryVector<byte> value; + bool critical; + + sequence.start_cons(SEQUENCE) + .decode(oid) + .decode_optional(critical, BOOLEAN, UNIVERSAL, false) + .decode(value, OCTET_STRING) + .verify_end() + .end_cons(); + + Certificate_Extension* ext = get_extension(oid); + + if(!ext) + { + if(!critical || !should_throw) + continue; + + throw Decoding_Error("Encountered unknown X.509 extension marked " + "as critical; OID = " + oid.as_string()); + } + + ext->decode_inner(value); + + extensions.push_back(ext); + } + sequence.verify_end(); + } + +/************************************************* +* Write the extensions to an info store * +*************************************************/ +void Extensions::contents_to(Data_Store& subject_info, + Data_Store& issuer_info) const + { + for(u32bit j = 0; j != extensions.size(); ++j) + extensions[j]->contents_to(subject_info, issuer_info); + } + +/************************************************* +* Delete an Extensions list * +*************************************************/ +Extensions::~Extensions() + { + for(u32bit j = 0; j != extensions.size(); ++j) + delete extensions[j]; + } + +namespace Cert_Extension { + +/************************************************* +* Checked accessor for the path_limit member * +*************************************************/ +u32bit Basic_Constraints::get_path_limit() const + { + if(!is_ca) + throw Invalid_State("Basic_Constraints::get_path_limit: Not a CA"); + return path_limit; + } + +/************************************************* +* Encode the extension * +*************************************************/ +MemoryVector<byte> Basic_Constraints::encode_inner() const + { + return DER_Encoder() + .start_cons(SEQUENCE) + .encode_if(is_ca, + DER_Encoder() + .encode(is_ca) + .encode_optional(path_limit, NO_CERT_PATH_LIMIT) + ) + .end_cons() + .get_contents(); + } + +/************************************************* +* Decode the extension * +*************************************************/ +void Basic_Constraints::decode_inner(const MemoryRegion<byte>& in) + { + BER_Decoder(in) + .start_cons(SEQUENCE) + .decode_optional(is_ca, BOOLEAN, UNIVERSAL, false) + .decode_optional(path_limit, INTEGER, UNIVERSAL, NO_CERT_PATH_LIMIT) + .verify_end() + .end_cons(); + + if(is_ca == false) + path_limit = 0; + } + +/************************************************* +* Return a textual representation * +*************************************************/ +void Basic_Constraints::contents_to(Data_Store& subject, Data_Store&) const + { + subject.add("X509v3.BasicConstraints.is_ca", (is_ca ? 1 : 0)); + subject.add("X509v3.BasicConstraints.path_constraint", path_limit); + } + +/************************************************* +* Encode the extension * +*************************************************/ +MemoryVector<byte> Key_Usage::encode_inner() const + { + if(constraints == NO_CONSTRAINTS) + throw Encoding_Error("Cannot encode zero usage constraints"); + + const u32bit unused_bits = low_bit(constraints) - 1; + + SecureVector<byte> der; + der.append(BIT_STRING); + der.append(2 + ((unused_bits < 8) ? 1 : 0)); + der.append(unused_bits % 8); + der.append((constraints >> 8) & 0xFF); + if(constraints & 0xFF) + der.append(constraints & 0xFF); + + return der; + } + +/************************************************* +* Decode the extension * +*************************************************/ +void Key_Usage::decode_inner(const MemoryRegion<byte>& in) + { + BER_Decoder ber(in); + + BER_Object obj = ber.get_next_object(); + + if(obj.type_tag != BIT_STRING || obj.class_tag != UNIVERSAL) + throw BER_Bad_Tag("Bad tag for usage constraint", + obj.type_tag, obj.class_tag); + + if(obj.value.size() != 2 && obj.value.size() != 3) + throw BER_Decoding_Error("Bad size for BITSTRING in usage constraint"); + + if(obj.value[0] >= 8) + throw BER_Decoding_Error("Invalid unused bits in usage constraint"); + + obj.value[obj.value.size()-1] &= (0xFF << obj.value[0]); + + u16bit usage = 0; + for(u32bit j = 1; j != obj.value.size(); ++j) + usage = (obj.value[j] << 8) | usage; + + constraints = Key_Constraints(usage); + } + +/************************************************* +* Return a textual representation * +*************************************************/ +void Key_Usage::contents_to(Data_Store& subject, Data_Store&) const + { + subject.add("X509v3.KeyUsage", constraints); + } + +/************************************************* +* Encode the extension * +*************************************************/ +MemoryVector<byte> Subject_Key_ID::encode_inner() const + { + return DER_Encoder().encode(key_id, OCTET_STRING).get_contents(); + } + +/************************************************* +* Decode the extension * +*************************************************/ +void Subject_Key_ID::decode_inner(const MemoryRegion<byte>& in) + { + BER_Decoder(in).decode(key_id, OCTET_STRING).verify_end(); + } + +/************************************************* +* Return a textual representation * +*************************************************/ +void Subject_Key_ID::contents_to(Data_Store& subject, Data_Store&) const + { + subject.add("X509v3.SubjectKeyIdentifier", key_id); + } + +/************************************************* +* Subject_Key_ID Constructor * +*************************************************/ +Subject_Key_ID::Subject_Key_ID(const MemoryRegion<byte>& pub_key) + { + std::auto_ptr<HashFunction> hash(get_hash("SHA-1")); + key_id = hash->process(pub_key); + } + +/************************************************* +* Encode the extension * +*************************************************/ +MemoryVector<byte> Authority_Key_ID::encode_inner() const + { + return DER_Encoder() + .start_cons(SEQUENCE) + .encode(key_id, OCTET_STRING, ASN1_Tag(0), CONTEXT_SPECIFIC) + .end_cons() + .get_contents(); + } + +/************************************************* +* Decode the extension * +*************************************************/ +void Authority_Key_ID::decode_inner(const MemoryRegion<byte>& in) + { + BER_Decoder(in) + .start_cons(SEQUENCE) + .decode_optional_string(key_id, OCTET_STRING, 0); + } + +/************************************************* +* Return a textual representation * +*************************************************/ +void Authority_Key_ID::contents_to(Data_Store&, Data_Store& issuer) const + { + if(key_id.size()) + issuer.add("X509v3.AuthorityKeyIdentifier", key_id); + } + +/************************************************* +* Encode the extension * +*************************************************/ +MemoryVector<byte> Alternative_Name::encode_inner() const + { + return DER_Encoder().encode(alt_name).get_contents(); + } + +/************************************************* +* Decode the extension * +*************************************************/ +void Alternative_Name::decode_inner(const MemoryRegion<byte>& in) + { + BER_Decoder(in).decode(alt_name); + } + +/************************************************* +* Return a textual representation * +*************************************************/ +void Alternative_Name::contents_to(Data_Store& subject_info, + Data_Store& issuer_info) const + { + std::multimap<std::string, std::string> contents = + get_alt_name().contents(); + + if(oid_name_str == "X509v3.SubjectAlternativeName") + subject_info.add(contents); + else if(oid_name_str == "X509v3.IssuerAlternativeName") + issuer_info.add(contents); + else + throw Internal_Error("In Alternative_Name, unknown type " + + oid_name_str); + } + +/************************************************* +* Alternative_Name Constructor * +*************************************************/ +Alternative_Name::Alternative_Name(const AlternativeName& alt_name, + const std::string& oid_name_str, + const std::string& config_name_str) + { + this->alt_name = alt_name; + this->oid_name_str = oid_name_str; + this->config_name_str = config_name_str; + } + +/************************************************* +* Subject_Alternative_Name Constructor * +*************************************************/ +Subject_Alternative_Name::Subject_Alternative_Name( + const AlternativeName& name) : + + Alternative_Name(name, "X509v3.SubjectAlternativeName", + "subject_alternative_name") + { + } + +/************************************************* +* Issuer_Alternative_Name Constructor * +*************************************************/ +Issuer_Alternative_Name::Issuer_Alternative_Name(const AlternativeName& name) : + Alternative_Name(name, "X509v3.IssuerAlternativeName", + "issuer_alternative_name") + { + } + +/************************************************* +* Encode the extension * +*************************************************/ +MemoryVector<byte> Extended_Key_Usage::encode_inner() const + { + return DER_Encoder() + .start_cons(SEQUENCE) + .encode_list(oids) + .end_cons() + .get_contents(); + } + +/************************************************* +* Decode the extension * +*************************************************/ +void Extended_Key_Usage::decode_inner(const MemoryRegion<byte>& in) + { + BER_Decoder(in) + .start_cons(SEQUENCE) + .decode_list(oids) + .end_cons(); + } + +/************************************************* +* Return a textual representation * +*************************************************/ +void Extended_Key_Usage::contents_to(Data_Store& subject, Data_Store&) const + { + for(u32bit j = 0; j != oids.size(); ++j) + subject.add("X509v3.ExtendedKeyUsage", oids[j].as_string()); + } + +namespace { + +/************************************************* +* A policy specifier * +*************************************************/ +class Policy_Information : public ASN1_Object + { + public: + OID oid; + + void encode_into(DER_Encoder& codec) const + { + codec.start_cons(SEQUENCE) + .encode(oid) + .end_cons(); + } + + void decode_from(BER_Decoder& codec) + { + codec.start_cons(SEQUENCE) + .decode(oid) + .discard_remaining() + .end_cons(); + } + }; + +} + +/************************************************* +* Encode the extension * +*************************************************/ +MemoryVector<byte> Certificate_Policies::encode_inner() const + { + throw Exception("Certificate_Policies::encode_inner: Bugged"); + + std::vector<Policy_Information> policies; + + return DER_Encoder() + .start_cons(SEQUENCE) + .encode_list(policies) + .end_cons() + .get_contents(); + } + +/************************************************* +* Decode the extension * +*************************************************/ +void Certificate_Policies::decode_inner(const MemoryRegion<byte>& in) + { + std::vector<Policy_Information> policies; + + BER_Decoder(in) + .start_cons(SEQUENCE) + .decode_list(policies) + .end_cons(); + } + +/************************************************* +* Return a textual representation * +*************************************************/ +void Certificate_Policies::contents_to(Data_Store& info, Data_Store&) const + { + for(u32bit j = 0; j != oids.size(); ++j) + info.add("X509v3.ExtendedKeyUsage", oids[j].as_string()); + } + +/************************************************* +* Checked accessor for the crl_number member * +*************************************************/ +u32bit CRL_Number::get_crl_number() const + { + if(!has_value) + throw Invalid_State("CRL_Number::get_crl_number: Not set"); + return crl_number; + } + +/************************************************* +* Copy a CRL_Number extension * +*************************************************/ +CRL_Number* CRL_Number::copy() const + { + if(!has_value) + throw Invalid_State("CRL_Number::copy: Not set"); + return new CRL_Number(crl_number); + } + +/************************************************* +* Encode the extension * +*************************************************/ +MemoryVector<byte> CRL_Number::encode_inner() const + { + return DER_Encoder().encode(crl_number).get_contents(); + } + +/************************************************* +* Decode the extension * +*************************************************/ +void CRL_Number::decode_inner(const MemoryRegion<byte>& in) + { + BER_Decoder(in).decode(crl_number); + } + +/************************************************* +* Return a textual representation * +*************************************************/ +void CRL_Number::contents_to(Data_Store& info, Data_Store&) const + { + info.add("X509v3.CRLNumber", crl_number); + } + +/************************************************* +* Encode the extension * +*************************************************/ +MemoryVector<byte> CRL_ReasonCode::encode_inner() const + { + return DER_Encoder() + .encode(static_cast<u32bit>(reason), ENUMERATED, UNIVERSAL) + .get_contents(); + } + +/************************************************* +* Decode the extension * +*************************************************/ +void CRL_ReasonCode::decode_inner(const MemoryRegion<byte>& in) + { + u32bit reason_code = 0; + BER_Decoder(in).decode(reason_code, ENUMERATED, UNIVERSAL); + reason = static_cast<CRL_Code>(reason_code); + } + +/************************************************* +* Return a textual representation * +*************************************************/ +void CRL_ReasonCode::contents_to(Data_Store& info, Data_Store&) const + { + info.add("X509v3.CRLReasonCode", reason); + } + +} + +} diff --git a/src/x509/x509_ext.h b/src/x509/x509_ext.h new file mode 100644 index 000000000..5b302df0d --- /dev/null +++ b/src/x509/x509_ext.h @@ -0,0 +1,315 @@ +/************************************************* +* X.509 Certificate Extensions Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_X509_EXTENSIONS_H__ +#define BOTAN_X509_EXTENSIONS_H__ + +#include <botan/asn1_int.h> +#include <botan/asn1_oid.h> +#include <botan/asn1_obj.h> +#include <botan/datastor.h> +#include <botan/enums.h> + +namespace Botan { + +/************************************************* +* X.509 Certificate Extension * +*************************************************/ +class BOTAN_DLL Certificate_Extension + { + public: + OID oid_of() const; + + virtual Certificate_Extension* copy() const = 0; + + virtual void contents_to(Data_Store&, Data_Store&) const = 0; + virtual std::string config_id() const = 0; + virtual std::string oid_name() const = 0; + + virtual ~Certificate_Extension() {} + protected: + friend class Extensions; + virtual bool should_encode() const { return true; } + virtual MemoryVector<byte> encode_inner() const = 0; + virtual void decode_inner(const MemoryRegion<byte>&) = 0; + }; + +/************************************************* +* X.509 Certificate Extension List * +*************************************************/ +class BOTAN_DLL Extensions : public ASN1_Object + { + public: + void encode_into(class DER_Encoder&) const; + void decode_from(class BER_Decoder&); + + void contents_to(Data_Store&, Data_Store&) const; + + void add(Certificate_Extension* extn) + { extensions.push_back(extn); } + + Extensions& operator=(const Extensions&); + + Extensions(const Extensions&); + Extensions(bool st = true) : should_throw(st) {} + ~Extensions(); + private: + static Certificate_Extension* get_extension(const OID&); + + std::vector<Certificate_Extension*> extensions; + bool should_throw; + }; + +namespace Cert_Extension { + +/************************************************* +* Basic Constraints Extension * +*************************************************/ +class BOTAN_DLL Basic_Constraints : public Certificate_Extension + { + public: + Basic_Constraints* copy() const + { return new Basic_Constraints(is_ca, path_limit); } + + Basic_Constraints(bool ca = false, u32bit limit = 0) : + is_ca(ca), path_limit(limit) {} + + bool get_is_ca() const { return is_ca; } + u32bit get_path_limit() const; + private: + std::string config_id() const { return "basic_constraints"; } + std::string oid_name() const { return "X509v3.BasicConstraints"; } + + MemoryVector<byte> encode_inner() const; + void decode_inner(const MemoryRegion<byte>&); + void contents_to(Data_Store&, Data_Store&) const; + + bool is_ca; + u32bit path_limit; + }; + +/************************************************* +* Key Usage Constraints Extension * +*************************************************/ +class BOTAN_DLL Key_Usage : public Certificate_Extension + { + public: + Key_Usage* copy() const { return new Key_Usage(constraints); } + + Key_Usage(Key_Constraints c = NO_CONSTRAINTS) : constraints(c) {} + + Key_Constraints get_constraints() const { return constraints; } + private: + std::string config_id() const { return "key_usage"; } + std::string oid_name() const { return "X509v3.KeyUsage"; } + + bool should_encode() const { return (constraints != NO_CONSTRAINTS); } + MemoryVector<byte> encode_inner() const; + void decode_inner(const MemoryRegion<byte>&); + void contents_to(Data_Store&, Data_Store&) const; + + Key_Constraints constraints; + }; + +/************************************************* +* Subject Key Identifier Extension * +*************************************************/ +class BOTAN_DLL Subject_Key_ID : public Certificate_Extension + { + public: + Subject_Key_ID* copy() const { return new Subject_Key_ID(key_id); } + + Subject_Key_ID() {} + Subject_Key_ID(const MemoryRegion<byte>&); + + MemoryVector<byte> get_key_id() const { return key_id; } + private: + std::string config_id() const { return "subject_key_id"; } + std::string oid_name() const { return "X509v3.SubjectKeyIdentifier"; } + + bool should_encode() const { return (key_id.size() > 0); } + MemoryVector<byte> encode_inner() const; + void decode_inner(const MemoryRegion<byte>&); + void contents_to(Data_Store&, Data_Store&) const; + + MemoryVector<byte> key_id; + }; + +/************************************************* +* Authority Key Identifier Extension * +*************************************************/ +class BOTAN_DLL Authority_Key_ID : public Certificate_Extension + { + public: + Authority_Key_ID* copy() const { return new Authority_Key_ID(key_id); } + + Authority_Key_ID() {} + Authority_Key_ID(const MemoryRegion<byte>& k) : key_id(k) {} + + MemoryVector<byte> get_key_id() const { return key_id; } + private: + std::string config_id() const { return "authority_key_id"; } + std::string oid_name() const { return "X509v3.AuthorityKeyIdentifier"; } + + bool should_encode() const { return (key_id.size() > 0); } + MemoryVector<byte> encode_inner() const; + void decode_inner(const MemoryRegion<byte>&); + void contents_to(Data_Store&, Data_Store&) const; + + MemoryVector<byte> key_id; + }; + +/************************************************* +* Alternative Name Extension Base Class * +*************************************************/ +class BOTAN_DLL Alternative_Name : public Certificate_Extension + { + public: + AlternativeName get_alt_name() const { return alt_name; } + + protected: + Alternative_Name(const AlternativeName&, + const std::string&, const std::string&); + + Alternative_Name(const std::string&, const std::string&); + private: + std::string config_id() const { return config_name_str; } + std::string oid_name() const { return oid_name_str; } + + bool should_encode() const { return alt_name.has_items(); } + MemoryVector<byte> encode_inner() const; + void decode_inner(const MemoryRegion<byte>&); + void contents_to(Data_Store&, Data_Store&) const; + + std::string config_name_str, oid_name_str; + AlternativeName alt_name; + }; + +/************************************************* +* Subject Alternative Name Extension * +*************************************************/ +class BOTAN_DLL Subject_Alternative_Name : public Alternative_Name + { + public: + Subject_Alternative_Name* copy() const + { return new Subject_Alternative_Name(get_alt_name()); } + + Subject_Alternative_Name(const AlternativeName& = AlternativeName()); + }; + +/************************************************* +* Issuer Alternative Name Extension * +*************************************************/ +class BOTAN_DLL Issuer_Alternative_Name : public Alternative_Name + { + public: + Issuer_Alternative_Name* copy() const + { return new Issuer_Alternative_Name(get_alt_name()); } + + Issuer_Alternative_Name(const AlternativeName& = AlternativeName()); + }; + +/************************************************* +* Extended Key Usage Extension * +*************************************************/ +class BOTAN_DLL Extended_Key_Usage : public Certificate_Extension + { + public: + Extended_Key_Usage* copy() const { return new Extended_Key_Usage(oids); } + + Extended_Key_Usage() {} + Extended_Key_Usage(const std::vector<OID>& o) : oids(o) {} + + std::vector<OID> get_oids() const { return oids; } + private: + std::string config_id() const { return "extended_key_usage"; } + std::string oid_name() const { return "X509v3.ExtendedKeyUsage"; } + + bool should_encode() const { return (oids.size() > 0); } + MemoryVector<byte> encode_inner() const; + void decode_inner(const MemoryRegion<byte>&); + void contents_to(Data_Store&, Data_Store&) const; + + std::vector<OID> oids; + }; + +/************************************************* +* Certificate Policies Extension * +*************************************************/ +class BOTAN_DLL Certificate_Policies : public Certificate_Extension + { + public: + Certificate_Policies* copy() const + { return new Certificate_Policies(oids); } + + Certificate_Policies() {} + Certificate_Policies(const std::vector<OID>& o) : oids(o) {} + + std::vector<OID> get_oids() const { return oids; } + private: + std::string config_id() const { return "policy_info"; } + std::string oid_name() const { return "X509v3.CertificatePolicies"; } + + bool should_encode() const { return (oids.size() > 0); } + MemoryVector<byte> encode_inner() const; + void decode_inner(const MemoryRegion<byte>&); + void contents_to(Data_Store&, Data_Store&) const; + + std::vector<OID> oids; + }; + +/************************************************* +* CRL Number Extension * +*************************************************/ +class BOTAN_DLL CRL_Number : public Certificate_Extension + { + public: + CRL_Number* copy() const; + + CRL_Number() : has_value(false), crl_number(0) {} + CRL_Number(u32bit n) : has_value(true), crl_number(n) {} + + u32bit get_crl_number() const; + private: + std::string config_id() const { return "crl_number"; } + std::string oid_name() const { return "X509v3.CRLNumber"; } + + bool should_encode() const { return has_value; } + MemoryVector<byte> encode_inner() const; + void decode_inner(const MemoryRegion<byte>&); + void contents_to(Data_Store&, Data_Store&) const; + + bool has_value; + u32bit crl_number; + }; + +/************************************************* +* CRL Entry Reason Code Extension * +*************************************************/ +class BOTAN_DLL CRL_ReasonCode : public Certificate_Extension + { + public: + CRL_ReasonCode* copy() const { return new CRL_ReasonCode(reason); } + + CRL_ReasonCode(CRL_Code r = UNSPECIFIED) : reason(r) {} + + CRL_Code get_reason() const { return reason; } + private: + std::string config_id() const { return "crl_reason"; } + std::string oid_name() const { return "X509v3.ReasonCode"; } + + bool should_encode() const { return (reason != UNSPECIFIED); } + MemoryVector<byte> encode_inner() const; + void decode_inner(const MemoryRegion<byte>&); + void contents_to(Data_Store&, Data_Store&) const; + + CRL_Code reason; + }; + +} + +} + +#endif diff --git a/src/x509/x509_obj.cpp b/src/x509/x509_obj.cpp new file mode 100644 index 000000000..e78790949 --- /dev/null +++ b/src/x509/x509_obj.cpp @@ -0,0 +1,233 @@ +/************************************************* +* X.509 SIGNED Object Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/x509_obj.h> +#include <botan/x509_key.h> +#include <botan/look_pk.h> +#include <botan/oids.h> +#include <botan/der_enc.h> +#include <botan/ber_dec.h> +#include <botan/parsing.h> +#include <botan/pem.h> +#include <algorithm> +#include <memory> + +namespace Botan { + +/************************************************* +* Create a generic X.509 object * +*************************************************/ +X509_Object::X509_Object(DataSource& stream, const std::string& labels) + { + init(stream, labels); + } + +/************************************************* +* Createa a generic X.509 object * +*************************************************/ +X509_Object::X509_Object(const std::string& file, const std::string& labels) + { + DataSource_Stream stream(file, true); + init(stream, labels); + } + +/************************************************* +* Read a PEM or BER X.509 object * +*************************************************/ +void X509_Object::init(DataSource& in, const std::string& labels) + { + PEM_labels_allowed = split_on(labels, '/'); + if(PEM_labels_allowed.size() < 1) + throw Invalid_Argument("Bad labels argument to X509_Object"); + + PEM_label_pref = PEM_labels_allowed[0]; + std::sort(PEM_labels_allowed.begin(), PEM_labels_allowed.end()); + + try { + if(ASN1::maybe_BER(in) && !PEM_Code::matches(in)) + decode_info(in); + else + { + std::string got_label; + DataSource_Memory ber(PEM_Code::decode(in, got_label)); + + if(!std::binary_search(PEM_labels_allowed.begin(), + PEM_labels_allowed.end(), got_label)) + throw Decoding_Error("Invalid PEM label: " + got_label); + decode_info(ber); + } + } + catch(Decoding_Error) + { + throw Decoding_Error(PEM_label_pref + " decoding failed"); + } + } + +/************************************************* +* Read a BER encoded X.509 object * +*************************************************/ +void X509_Object::decode_info(DataSource& source) + { + BER_Decoder(source) + .start_cons(SEQUENCE) + .start_cons(SEQUENCE) + .raw_bytes(tbs_bits) + .end_cons() + .decode(sig_algo) + .decode(sig, BIT_STRING) + .verify_end() + .end_cons(); + } + +/************************************************* +* Return a BER or PEM encoded X.509 object * +*************************************************/ +void X509_Object::encode(Pipe& out, X509_Encoding encoding) const + { + SecureVector<byte> der = DER_Encoder() + .start_cons(SEQUENCE) + .start_cons(SEQUENCE) + .raw_bytes(tbs_bits) + .end_cons() + .encode(sig_algo) + .encode(sig, BIT_STRING) + .end_cons() + .get_contents(); + + if(encoding == PEM) + out.write(PEM_Code::encode(der, PEM_label_pref)); + else + out.write(der); + } + +/************************************************* +* Return a BER encoded X.509 object * +*************************************************/ +SecureVector<byte> X509_Object::BER_encode() const + { + Pipe ber; + ber.start_msg(); + encode(ber, RAW_BER); + ber.end_msg(); + return ber.read_all(); + } + +/************************************************* +* Return a PEM encoded X.509 object * +*************************************************/ +std::string X509_Object::PEM_encode() const + { + Pipe pem; + pem.start_msg(); + encode(pem, PEM); + pem.end_msg(); + return pem.read_all_as_string(); + } + +/************************************************* +* Return the TBS data * +*************************************************/ +SecureVector<byte> X509_Object::tbs_data() const + { + return ASN1::put_in_sequence(tbs_bits); + } + +/************************************************* +* Return the signature of this object * +*************************************************/ +SecureVector<byte> X509_Object::signature() const + { + return sig; + } + +/************************************************* +* Return the algorithm used to sign this object * +*************************************************/ +AlgorithmIdentifier X509_Object::signature_algorithm() const + { + return sig_algo; + } + +/************************************************* +* Check the signature on an object * +*************************************************/ +bool X509_Object::check_signature(Public_Key& pub_key) const + { + try { + std::vector<std::string> sig_info = + split_on(OIDS::lookup(sig_algo.oid), '/'); + + if(sig_info.size() != 2 || sig_info[0] != pub_key.algo_name()) + return false; + + std::string padding = sig_info[1]; + Signature_Format format = + (pub_key.message_parts() >= 2) ? DER_SEQUENCE : IEEE_1363; + + std::auto_ptr<PK_Verifier> verifier; + + if(dynamic_cast<PK_Verifying_with_MR_Key*>(&pub_key)) + { + PK_Verifying_with_MR_Key& sig_key = + dynamic_cast<PK_Verifying_with_MR_Key&>(pub_key); + verifier.reset(get_pk_verifier(sig_key, padding, format)); + } + else if(dynamic_cast<PK_Verifying_wo_MR_Key*>(&pub_key)) + { + PK_Verifying_wo_MR_Key& sig_key = + dynamic_cast<PK_Verifying_wo_MR_Key&>(pub_key); + verifier.reset(get_pk_verifier(sig_key, padding, format)); + } + else + return false; + + return verifier->verify_message(tbs_data(), signature()); + } + catch(...) + { + return false; + } + } + +/************************************************* +* Apply the X.509 SIGNED macro * +*************************************************/ +MemoryVector<byte> X509_Object::make_signed(PK_Signer* signer, + RandomNumberGenerator& rng, + const AlgorithmIdentifier& algo, + const MemoryRegion<byte>& tbs_bits) + { + return DER_Encoder() + .start_cons(SEQUENCE) + .raw_bytes(tbs_bits) + .encode(algo) + .encode(signer->sign_message(tbs_bits, rng), BIT_STRING) + .end_cons() + .get_contents(); + } + +/************************************************* +* Try to decode the actual information * +*************************************************/ +void X509_Object::do_decode() + { + try { + force_decode(); + } + catch(Decoding_Error& e) + { + const std::string what = e.what(); + throw Decoding_Error(PEM_label_pref + " decoding failed (" + + what.substr(23, std::string::npos) + ")"); + } + catch(Invalid_Argument& e) + { + const std::string what = e.what(); + throw Decoding_Error(PEM_label_pref + " decoding failed (" + + what.substr(7, std::string::npos) + ")"); + } + } + +} diff --git a/src/x509/x509_obj.h b/src/x509/x509_obj.h new file mode 100644 index 000000000..8808fd686 --- /dev/null +++ b/src/x509/x509_obj.h @@ -0,0 +1,56 @@ +/************************************************* +* X.509 SIGNED Object Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_X509_OBJECT_H__ +#define BOTAN_X509_OBJECT_H__ + +#include <botan/asn1_obj.h> +#include <botan/pipe.h> +#include <botan/enums.h> +#include <botan/rng.h> +#include <vector> + +namespace Botan { + +/************************************************* +* Generic X.509 SIGNED Object * +*************************************************/ +class BOTAN_DLL X509_Object + { + public: + SecureVector<byte> tbs_data() const; + SecureVector<byte> signature() const; + AlgorithmIdentifier signature_algorithm() const; + + static MemoryVector<byte> make_signed(class PK_Signer*, + RandomNumberGenerator&, + const AlgorithmIdentifier&, + const MemoryRegion<byte>&); + + bool check_signature(class Public_Key&) const; + + void encode(Pipe&, X509_Encoding = PEM) const; + SecureVector<byte> BER_encode() const; + std::string PEM_encode() const; + + X509_Object(DataSource&, const std::string&); + X509_Object(const std::string&, const std::string&); + virtual ~X509_Object() {} + protected: + void do_decode(); + X509_Object() {} + AlgorithmIdentifier sig_algo; + SecureVector<byte> tbs_bits, sig; + private: + virtual void force_decode() = 0; + void init(DataSource&, const std::string&); + void decode_info(DataSource&); + std::vector<std::string> PEM_labels_allowed; + std::string PEM_label_pref; + }; + +} + +#endif diff --git a/src/x509/x509cert.cpp b/src/x509/x509cert.cpp new file mode 100644 index 000000000..b24e6a036 --- /dev/null +++ b/src/x509/x509cert.cpp @@ -0,0 +1,364 @@ +/************************************************* +* X.509 Certificates Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/x509cert.h> +#include <botan/x509_ext.h> +#include <botan/der_enc.h> +#include <botan/ber_dec.h> +#include <botan/stl_util.h> +#include <botan/parsing.h> +#include <botan/bigint.h> +#include <botan/oids.h> +#include <botan/pem.h> +#include <algorithm> + +namespace Botan { + +namespace { + +/************************************************* +* Lookup each OID in the vector * +*************************************************/ +std::vector<std::string> lookup_oids(const std::vector<std::string>& in) + { + std::vector<std::string> out; + + std::vector<std::string>::const_iterator i = in.begin(); + while(i != in.end()) + { + out.push_back(OIDS::lookup(OID(*i))); + ++i; + } + return out; + } + +} + +/************************************************* +* X509_Certificate Constructor * +*************************************************/ +X509_Certificate::X509_Certificate(DataSource& in) : + X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") + { + self_signed = false; + do_decode(); + } + +/************************************************* +* X509_Certificate Constructor * +*************************************************/ +X509_Certificate::X509_Certificate(const std::string& in) : + X509_Object(in, "CERTIFICATE/X509 CERTIFICATE") + { + self_signed = false; + do_decode(); + } + +/************************************************* +* Decode the TBSCertificate data * +*************************************************/ +void X509_Certificate::force_decode() + { + u32bit version; + BigInt serial_bn; + AlgorithmIdentifier sig_algo_inner; + X509_DN dn_issuer, dn_subject; + X509_Time start, end; + + BER_Decoder tbs_cert(tbs_bits); + + tbs_cert.decode_optional(version, ASN1_Tag(0), + ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) + .decode(serial_bn) + .decode(sig_algo_inner) + .decode(dn_issuer) + .start_cons(SEQUENCE) + .decode(start) + .decode(end) + .verify_end() + .end_cons() + .decode(dn_subject); + + if(version > 2) + throw Decoding_Error("Unknown X.509 cert version " + to_string(version)); + if(sig_algo != sig_algo_inner) + throw Decoding_Error("Algorithm identifier mismatch"); + + self_signed = (dn_subject == dn_issuer); + + subject.add(dn_subject.contents()); + issuer.add(dn_issuer.contents()); + + BER_Object public_key = tbs_cert.get_next_object(); + if(public_key.type_tag != SEQUENCE || public_key.class_tag != CONSTRUCTED) + throw BER_Bad_Tag("X509_Certificate: Unexpected tag for public key", + public_key.type_tag, public_key.class_tag); + + MemoryVector<byte> v2_issuer_key_id, v2_subject_key_id; + + tbs_cert.decode_optional_string(v2_issuer_key_id, BIT_STRING, 1); + tbs_cert.decode_optional_string(v2_subject_key_id, BIT_STRING, 2); + + BER_Object v3_exts_data = tbs_cert.get_next_object(); + if(v3_exts_data.type_tag == 3 && + v3_exts_data.class_tag == ASN1_Tag(CONSTRUCTED | CONTEXT_SPECIFIC)) + { + Extensions extensions; + + BER_Decoder(v3_exts_data.value).decode(extensions).verify_end(); + + extensions.contents_to(subject, issuer); + } + else if(v3_exts_data.type_tag != NO_OBJECT) + throw BER_Bad_Tag("Unknown tag in X.509 cert", + v3_exts_data.type_tag, v3_exts_data.class_tag); + + if(tbs_cert.more_items()) + throw Decoding_Error("TBSCertificate has more items that expected"); + + subject.add("X509.Certificate.version", version); + subject.add("X509.Certificate.serial", BigInt::encode(serial_bn)); + subject.add("X509.Certificate.start", start.readable_string()); + subject.add("X509.Certificate.end", end.readable_string()); + + issuer.add("X509.Certificate.v2.key_id", v2_issuer_key_id); + subject.add("X509.Certificate.v2.key_id", v2_subject_key_id); + + subject.add("X509.Certificate.public_key", + PEM_Code::encode( + ASN1::put_in_sequence(public_key.value), + "PUBLIC KEY" + ) + ); + + if(is_CA_cert() && + !subject.has_value("X509v3.BasicConstraints.path_constraint")) + { + u32bit limit = (x509_version() < 3) ? NO_CERT_PATH_LIMIT : 0; + subject.add("X509v3.BasicConstraints.path_constraint", limit); + } + } + +/************************************************* +* Return the X.509 version in use * +*************************************************/ +u32bit X509_Certificate::x509_version() const + { + return (subject.get1_u32bit("X509.Certificate.version") + 1); + } + +/************************************************* +* Return the time this cert becomes valid * +*************************************************/ +std::string X509_Certificate::start_time() const + { + return subject.get1("X509.Certificate.start"); + } + +/************************************************* +* Return the time this cert becomes invalid * +*************************************************/ +std::string X509_Certificate::end_time() const + { + return subject.get1("X509.Certificate.end"); + } + +/************************************************* +* Return information about the subject * +*************************************************/ +std::vector<std::string> +X509_Certificate::subject_info(const std::string& what) const + { + return subject.get(X509_DN::deref_info_field(what)); + } + +/************************************************* +* Return information about the issuer * +*************************************************/ +std::vector<std::string> +X509_Certificate::issuer_info(const std::string& what) const + { + return issuer.get(X509_DN::deref_info_field(what)); + } + +/************************************************* +* Return the public key in this certificate * +*************************************************/ +Public_Key* X509_Certificate::subject_public_key() const + { + DataSource_Memory source(subject.get1("X509.Certificate.public_key")); + return X509::load_key(source); + } + +/************************************************* +* Check if the certificate is for a CA * +*************************************************/ +bool X509_Certificate::is_CA_cert() const + { + if(!subject.get1_u32bit("X509v3.BasicConstraints.is_ca")) + return false; + if((constraints() & KEY_CERT_SIGN) || (constraints() == NO_CONSTRAINTS)) + return true; + return false; + } + +/************************************************* +* Return the path length constraint * +*************************************************/ +u32bit X509_Certificate::path_limit() const + { + return subject.get1_u32bit("X509v3.BasicConstraints.path_constraint", 0); + } + +/************************************************* +* Return the key usage constraints * +*************************************************/ +Key_Constraints X509_Certificate::constraints() const + { + return Key_Constraints(subject.get1_u32bit("X509v3.KeyUsage", + NO_CONSTRAINTS)); + } + +/************************************************* +* Return the list of extended key usage OIDs * +*************************************************/ +std::vector<std::string> X509_Certificate::ex_constraints() const + { + return lookup_oids(subject.get("X509v3.ExtendedKeyUsage")); + } + +/************************************************* +* Return the list of certificate policies * +*************************************************/ +std::vector<std::string> X509_Certificate::policies() const + { + return lookup_oids(subject.get("X509v3.CertificatePolicies")); + } + +/************************************************* +* Return the authority key id * +*************************************************/ +MemoryVector<byte> X509_Certificate::authority_key_id() const + { + return issuer.get1_memvec("X509v3.AuthorityKeyIdentifier"); + } + +/************************************************* +* Return the subject key id * +*************************************************/ +MemoryVector<byte> X509_Certificate::subject_key_id() const + { + return subject.get1_memvec("X509v3.SubjectKeyIdentifier"); + } + +/************************************************* +* Return the certificate serial number * +*************************************************/ +MemoryVector<byte> X509_Certificate::serial_number() const + { + return subject.get1_memvec("X509.Certificate.serial"); + } + +/************************************************* +* Return the distinguished name of the issuer * +*************************************************/ +X509_DN X509_Certificate::issuer_dn() const + { + return create_dn(issuer); + } + +/************************************************* +* Return the distinguished name of the subject * +*************************************************/ +X509_DN X509_Certificate::subject_dn() const + { + return create_dn(subject); + } + +/************************************************* +* Compare two certificates for equality * +*************************************************/ +bool X509_Certificate::operator==(const X509_Certificate& other) const + { + return (sig == other.sig && + sig_algo == other.sig_algo && + self_signed == other.self_signed && + issuer == other.issuer && + subject == other.subject); + } + +/************************************************* +* X.509 Certificate Comparison * +*************************************************/ +bool operator!=(const X509_Certificate& cert1, const X509_Certificate& cert2) + { + return !(cert1 == cert2); + } + +/************************************************* +* Create and populate a X509_DN * +*************************************************/ +X509_DN create_dn(const Data_Store& info) + { + class DN_Matcher : public Data_Store::Matcher + { + public: + bool operator()(const std::string& key, const std::string&) const + { + if(key.find("X520.") != std::string::npos) + return true; + return false; + } + }; + + std::multimap<std::string, std::string> names = + info.search_with(DN_Matcher()); + + X509_DN dn; + + std::multimap<std::string, std::string>::iterator j; + for(j = names.begin(); j != names.end(); ++j) + dn.add_attribute(j->first, j->second); + + return dn; + } + +/************************************************* +* Create and populate an AlternativeName * +*************************************************/ +AlternativeName create_alt_name(const Data_Store& info) + { + class AltName_Matcher : public Data_Store::Matcher + { + public: + bool operator()(const std::string& key, const std::string&) const + { + for(u32bit j = 0; j != matches.size(); ++j) + if(key.compare(matches[j]) == 0) + return true; + return false; + } + + AltName_Matcher(const std::string& match_any_of) + { + matches = split_on(match_any_of, '/'); + } + private: + std::vector<std::string> matches; + }; + + std::multimap<std::string, std::string> names = + info.search_with(AltName_Matcher("RFC822/DNS/URI/IP")); + + AlternativeName alt_name; + + std::multimap<std::string, std::string>::iterator j; + for(j = names.begin(); j != names.end(); ++j) + alt_name.add_attribute(j->first, j->second); + + return alt_name; + } + +} diff --git a/src/x509/x509cert.h b/src/x509/x509cert.h new file mode 100644 index 000000000..c8dc2c435 --- /dev/null +++ b/src/x509/x509cert.h @@ -0,0 +1,72 @@ +/************************************************* +* X.509 Certificates Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_X509_CERTS_H__ +#define BOTAN_X509_CERTS_H__ + +#include <botan/x509_obj.h> +#include <botan/x509_key.h> +#include <botan/datastor.h> +#include <botan/enums.h> +#include <map> + +namespace Botan { + +/************************************************* +* X.509 Certificate * +*************************************************/ +class BOTAN_DLL X509_Certificate : public X509_Object + { + public: + Public_Key* subject_public_key() const; + + X509_DN issuer_dn() const; + X509_DN subject_dn() const; + std::vector<std::string> subject_info(const std::string&) const; + std::vector<std::string> issuer_info(const std::string&) const; + + std::string start_time() const; + std::string end_time() const; + + u32bit x509_version() const; + MemoryVector<byte> serial_number() const; + + MemoryVector<byte> authority_key_id() const; + MemoryVector<byte> subject_key_id() const; + bool is_self_signed() const { return self_signed; } + bool is_CA_cert() const; + + u32bit path_limit() const; + Key_Constraints constraints() const; + std::vector<std::string> ex_constraints() const; + std::vector<std::string> policies() const; + + bool operator==(const X509_Certificate&) const; + + X509_Certificate(DataSource&); + X509_Certificate(const std::string&); + private: + void force_decode(); + friend class X509_CA; + X509_Certificate() {} + + Data_Store subject, issuer; + bool self_signed; + }; + +/************************************************* +* X.509 Certificate Comparison * +*************************************************/ +BOTAN_DLL bool operator!=(const X509_Certificate&, const X509_Certificate&); + +/************************************************* +* Data Store Extraction Operations * +*************************************************/ +BOTAN_DLL X509_DN create_dn(const Data_Store&); +BOTAN_DLL AlternativeName create_alt_name(const Data_Store&); + +} + +#endif diff --git a/src/x509/x509find.cpp b/src/x509/x509find.cpp new file mode 100644 index 000000000..83d02449d --- /dev/null +++ b/src/x509/x509find.cpp @@ -0,0 +1,109 @@ +/************************************************* +* X.509 Certificate Store Searching Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/x509find.h> +#include <botan/charset.h> +#include <algorithm> + +namespace Botan { + +namespace { + +/************************************************* +* Compare based on case-insensive substrings * +*************************************************/ +bool substring_match(const std::string& searching_for, + const std::string& found) + { + if(std::search(found.begin(), found.end(), searching_for.begin(), + searching_for.end(), Charset::caseless_cmp) != found.end()) + return true; + return false; + } + +/************************************************* +* Compare based on case-insensive match * +*************************************************/ +bool ignore_case(const std::string& searching_for, const std::string& found) + { + if(searching_for.size() != found.size()) + return false; + + return std::equal(found.begin(), found.end(), + searching_for.begin(), Charset::caseless_cmp); + } + +} + +/************************************************* +* Search based on the contents of a DN entry * +*************************************************/ +bool DN_Check::match(const X509_Certificate& cert) const + { + std::vector<std::string> info = cert.subject_info(dn_entry); + + for(u32bit j = 0; j != info.size(); ++j) + if(compare(info[j], looking_for)) + return true; + return false; + } + +/************************************************* +* DN_Check Constructor * +*************************************************/ +DN_Check::DN_Check(const std::string& dn_entry, const std::string& looking_for, + compare_fn func) + { + this->dn_entry = dn_entry; + this->looking_for = looking_for; + compare = func; + } + +/************************************************* +* DN_Check Constructor * +*************************************************/ +DN_Check::DN_Check(const std::string& dn_entry, const std::string& looking_for, + Search_Type method) + { + this->dn_entry = dn_entry; + this->looking_for = looking_for; + + if(method == SUBSTRING_MATCHING) + compare = &substring_match; + else if(method == IGNORE_CASE) + compare = &ignore_case; + else + throw Invalid_Argument("Unknown method argument to DN_Check()"); + } + +/************************************************* +* Match by issuer and serial number * +*************************************************/ +bool IandS_Match::match(const X509_Certificate& cert) const + { + if(cert.serial_number() != serial) + return false; + return (cert.issuer_dn() == issuer); + } + +/************************************************* +* IandS_Match Constructor * +*************************************************/ +IandS_Match::IandS_Match(const X509_DN& issuer, + const MemoryRegion<byte>& serial) + { + this->issuer = issuer; + this->serial = serial; + } + +/************************************************* +* Match by subject key identifier * +*************************************************/ +bool SKID_Match::match(const X509_Certificate& cert) const + { + return (cert.subject_key_id() == skid); + } + +} diff --git a/src/x509/x509find.h b/src/x509/x509find.h new file mode 100644 index 000000000..65781199f --- /dev/null +++ b/src/x509/x509find.h @@ -0,0 +1,58 @@ +/************************************************* +* X.509 Certificate Store Searching Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_X509_CERT_STORE_SEARCH_H__ +#define BOTAN_X509_CERT_STORE_SEARCH_H__ + +#include <botan/x509stor.h> + +namespace Botan { + +/************************************************* +* Search based on the contents of a DN entry * +*************************************************/ +class BOTAN_DLL DN_Check : public X509_Store::Search_Func + { + public: + typedef bool (*compare_fn)(const std::string&, const std::string&); + enum Search_Type { SUBSTRING_MATCHING, IGNORE_CASE }; + + bool match(const X509_Certificate& cert) const; + + DN_Check(const std::string&, const std::string&, compare_fn); + DN_Check(const std::string&, const std::string&, Search_Type); + private: + std::string dn_entry, looking_for; + compare_fn compare; + }; + +/************************************************* +* Search for a certificate by issuer/serial * +*************************************************/ +class BOTAN_DLL IandS_Match : public X509_Store::Search_Func + { + public: + bool match(const X509_Certificate& cert) const; + IandS_Match(const X509_DN&, const MemoryRegion<byte>&); + private: + X509_DN issuer; + MemoryVector<byte> serial; + }; + +/************************************************* +* Search for a certificate by subject keyid * +*************************************************/ +class BOTAN_DLL SKID_Match : public X509_Store::Search_Func + { + public: + bool match(const X509_Certificate& cert) const; + SKID_Match(const MemoryRegion<byte>& s) : skid(s) {} + private: + MemoryVector<byte> skid; + }; + +} + +#endif diff --git a/src/x509/x509opt.cpp b/src/x509/x509opt.cpp new file mode 100644 index 000000000..716884ed5 --- /dev/null +++ b/src/x509/x509opt.cpp @@ -0,0 +1,106 @@ +/************************************************* +* X.509 Certificate Options Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/x509self.h> +#include <botan/util.h> +#include <botan/parsing.h> +#include <botan/oids.h> +#include <ctime> + +namespace Botan { + +/************************************************* +* Set when the certificate should become valid * +*************************************************/ +void X509_Cert_Options::not_before(const std::string& time_string) + { + start = X509_Time(time_string); + } + +/************************************************* +* Set when the certificate should expire * +*************************************************/ +void X509_Cert_Options::not_after(const std::string& time_string) + { + end = X509_Time(time_string); + } + +/************************************************* +* Set key constraint information * +*************************************************/ +void X509_Cert_Options::add_constraints(Key_Constraints usage) + { + constraints = usage; + } + +/************************************************* +* Set key constraint information * +*************************************************/ +void X509_Cert_Options::add_ex_constraint(const OID& oid) + { + ex_constraints.push_back(oid); + } + +/************************************************* +* Set key constraint information * +*************************************************/ +void X509_Cert_Options::add_ex_constraint(const std::string& oid_str) + { + ex_constraints.push_back(OIDS::lookup(oid_str)); + } + +/************************************************* +* Mark this certificate for CA usage * +*************************************************/ +void X509_Cert_Options::CA_key(u32bit limit) + { + is_CA = true; + path_limit = limit; + } + +/************************************************* +* Do basic sanity checks * +*************************************************/ +void X509_Cert_Options::sanity_check() const + { + if(common_name == "" || country == "") + throw Encoding_Error("X.509 certificate: name and country MUST be set"); + if(country.size() != 2) + throw Encoding_Error("Invalid ISO country code: " + country); + if(start >= end) + throw Encoding_Error("X509_Cert_Options: invalid time constraints"); + } + +/************************************************* +* Initialize the certificate options * +*************************************************/ +X509_Cert_Options::X509_Cert_Options(const std::string& initial_opts, + u32bit expiration_time_in_seconds) + { + is_CA = false; + path_limit = 0; + constraints = NO_CONSTRAINTS; + + const u32bit now = system_time(); + + start = X509_Time(now); + end = X509_Time(now + expiration_time_in_seconds); + + if(initial_opts == "") + return; + + std::vector<std::string> parsed = split_on(initial_opts, '/'); + + if(parsed.size() > 4) + throw Invalid_Argument("X.509 cert options: Too many names: " + + initial_opts); + + if(parsed.size() >= 1) common_name = parsed[0]; + if(parsed.size() >= 2) country = parsed[1]; + if(parsed.size() >= 3) organization = parsed[2]; + if(parsed.size() == 4) org_unit = parsed[3]; + } + +} diff --git a/src/x509/x509self.cpp b/src/x509/x509self.cpp new file mode 100644 index 000000000..6c3baae9b --- /dev/null +++ b/src/x509/x509self.cpp @@ -0,0 +1,174 @@ +/************************************************* +* PKCS #10/Self Signed Cert Creation Source File * +* (C) 1999-2008 Jack Lloyd * +*************************************************/ + +#include <botan/x509self.h> +#include <botan/x509_ext.h> +#include <botan/x509_ca.h> +#include <botan/der_enc.h> +#include <botan/look_pk.h> +#include <botan/oids.h> +#include <botan/pipe.h> +#include <memory> + +namespace Botan { + +namespace { + +/************************************************* +* Shared setup for self-signed items * +*************************************************/ +MemoryVector<byte> shared_setup(const X509_Cert_Options& opts, + const Private_Key& key) + { + const Private_Key* key_pointer = &key; + if(!dynamic_cast<const PK_Signing_Key*>(key_pointer)) + throw Invalid_Argument("Key type " + key.algo_name() + " cannot sign"); + + opts.sanity_check(); + + Pipe key_encoder; + key_encoder.start_msg(); + X509::encode(key, key_encoder, RAW_BER); + key_encoder.end_msg(); + + return key_encoder.read_all(); + } + +/************************************************* +* Load information from the X509_Cert_Options * +*************************************************/ +void load_info(const X509_Cert_Options& opts, X509_DN& subject_dn, + AlternativeName& subject_alt) + { + subject_dn.add_attribute("X520.CommonName", opts.common_name); + subject_dn.add_attribute("X520.Country", opts.country); + subject_dn.add_attribute("X520.State", opts.state); + subject_dn.add_attribute("X520.Locality", opts.locality); + subject_dn.add_attribute("X520.Organization", opts.organization); + subject_dn.add_attribute("X520.OrganizationalUnit", opts.org_unit); + subject_dn.add_attribute("X520.SerialNumber", opts.serial_number); + subject_alt = AlternativeName(opts.email, opts.uri, opts.dns, opts.ip); + subject_alt.add_othername(OIDS::lookup("PKIX.XMPPAddr"), + opts.xmpp, UTF8_STRING); + } + +} + +namespace X509 { + +/************************************************* +* Create a new self-signed X.509 certificate * +*************************************************/ +X509_Certificate create_self_signed_cert(const X509_Cert_Options& opts, + const Private_Key& key, + RandomNumberGenerator& rng) + { + AlgorithmIdentifier sig_algo; + X509_DN subject_dn; + AlternativeName subject_alt; + + MemoryVector<byte> pub_key = shared_setup(opts, key); + std::auto_ptr<PK_Signer> signer(choose_sig_format(key, sig_algo)); + load_info(opts, subject_dn, subject_alt); + + Key_Constraints constraints; + if(opts.is_CA) + constraints = Key_Constraints(KEY_CERT_SIGN | CRL_SIGN); + else + constraints = find_constraints(key, opts.constraints); + + Extensions extensions; + + extensions.add(new Cert_Extension::Subject_Key_ID(pub_key)); + extensions.add(new Cert_Extension::Key_Usage(constraints)); + extensions.add( + new Cert_Extension::Extended_Key_Usage(opts.ex_constraints)); + extensions.add( + new Cert_Extension::Subject_Alternative_Name(subject_alt)); + extensions.add( + new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit)); + + return X509_CA::make_cert(signer.get(), rng, sig_algo, pub_key, + opts.start, opts.end, + subject_dn, subject_dn, + extensions); + } + +/************************************************* +* Create a PKCS #10 certificate request * +*************************************************/ +PKCS10_Request create_cert_req(const X509_Cert_Options& opts, + const Private_Key& key, + RandomNumberGenerator& rng) + { + AlgorithmIdentifier sig_algo; + X509_DN subject_dn; + AlternativeName subject_alt; + + MemoryVector<byte> pub_key = shared_setup(opts, key); + std::auto_ptr<PK_Signer> signer(choose_sig_format(key, sig_algo)); + load_info(opts, subject_dn, subject_alt); + + const u32bit PKCS10_VERSION = 0; + + Extensions extensions; + + extensions.add( + new Cert_Extension::Basic_Constraints(opts.is_CA, opts.path_limit)); + extensions.add( + new Cert_Extension::Key_Usage( + opts.is_CA ? Key_Constraints(KEY_CERT_SIGN | CRL_SIGN) : + find_constraints(key, opts.constraints) + ) + ); + extensions.add( + new Cert_Extension::Extended_Key_Usage(opts.ex_constraints)); + extensions.add( + new Cert_Extension::Subject_Alternative_Name(subject_alt)); + + DER_Encoder tbs_req; + + tbs_req.start_cons(SEQUENCE) + .encode(PKCS10_VERSION) + .encode(subject_dn) + .raw_bytes(pub_key) + .start_explicit(0); + + if(opts.challenge != "") + { + ASN1_String challenge(opts.challenge, DIRECTORY_STRING); + + tbs_req.encode( + Attribute("PKCS9.ChallengePassword", + DER_Encoder().encode(challenge).get_contents() + ) + ); + } + + tbs_req.encode( + Attribute("PKCS9.ExtensionRequest", + DER_Encoder() + .start_cons(SEQUENCE) + .encode(extensions) + .end_cons() + .get_contents() + ) + ) + .end_explicit() + .end_cons(); + + DataSource_Memory source( + X509_Object::make_signed(signer.get(), + rng, + sig_algo, + tbs_req.get_contents()) + ); + + return PKCS10_Request(source); + } + +} + +} diff --git a/src/x509/x509self.h b/src/x509/x509self.h new file mode 100644 index 000000000..2f83a12be --- /dev/null +++ b/src/x509/x509self.h @@ -0,0 +1,75 @@ +/************************************************* +* X.509 Self-Signed Certificate Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_X509_SELF_H__ +#define BOTAN_X509_SELF_H__ + +#include <botan/x509cert.h> +#include <botan/pkcs8.h> +#include <botan/pkcs10.h> + +namespace Botan { + +/************************************************* +* Options for X.509 Certificates * +*************************************************/ +class BOTAN_DLL X509_Cert_Options + { + public: + std::string common_name; + std::string country; + std::string organization; + std::string org_unit; + std::string locality; + std::string state; + std::string serial_number; + + std::string email, uri, dns, ip, xmpp; + + std::string challenge; + + X509_Time start, end; + + bool is_CA; + u32bit path_limit; + Key_Constraints constraints; + std::vector<OID> ex_constraints; + + void sanity_check() const; + + void CA_key(u32bit = 8); + void not_before(const std::string&); + void not_after(const std::string&); + + void add_constraints(Key_Constraints); + void add_ex_constraint(const OID&); + void add_ex_constraint(const std::string&); + + X509_Cert_Options(const std::string& = "", + u32bit expire = 365 * 24 * 60 * 60); + }; + +namespace X509 { + +/************************************************* +* Create a self-signed X.509 certificate * +*************************************************/ +BOTAN_DLL X509_Certificate +create_self_signed_cert(const X509_Cert_Options&, + const Private_Key&, + RandomNumberGenerator& rng); + +/************************************************* +* Create a PKCS #10 certificate request * +*************************************************/ +BOTAN_DLL PKCS10_Request create_cert_req(const X509_Cert_Options&, + const Private_Key&, + RandomNumberGenerator& rng); + +} + +} + +#endif diff --git a/src/x509/x509stor.cpp b/src/x509/x509stor.cpp new file mode 100644 index 000000000..f050b33b1 --- /dev/null +++ b/src/x509/x509stor.cpp @@ -0,0 +1,693 @@ +/************************************************* +* X.509 Certificate Store Source File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#include <botan/x509stor.h> +#include <botan/parsing.h> +#include <botan/pubkey.h> +#include <botan/look_pk.h> +#include <botan/oids.h> +#include <botan/util.h> +#include <algorithm> +#include <memory> + +namespace Botan { + +namespace { + +/************************************************* +* Do a validity check * +*************************************************/ +s32bit validity_check(const X509_Time& start, const X509_Time& end, + u64bit current_time, u32bit slack) + { + const s32bit NOT_YET_VALID = -1, VALID_TIME = 0, EXPIRED = 1; + + if(start.cmp(current_time + slack) > 0) + return NOT_YET_VALID; + if(end.cmp(current_time - slack) < 0) + return EXPIRED; + return VALID_TIME; + } + +/************************************************* +* Compare the value of unique ID fields * +*************************************************/ +bool compare_ids(const MemoryVector<byte>& id1, + const MemoryVector<byte>& id2) + { + if(!id1.size() || !id2.size()) + return true; + return (id1 == id2); + } + +/************************************************* +* Check a particular usage restriction * +*************************************************/ +bool check_usage(const X509_Certificate& cert, X509_Store::Cert_Usage usage, + X509_Store::Cert_Usage check_for, Key_Constraints constraints) + { + if((usage & check_for) == 0) + return true; + if(cert.constraints() == NO_CONSTRAINTS) + return true; + if(cert.constraints() & constraints) + return true; + return false; + } + +/************************************************* +* Check a particular usage restriction * +*************************************************/ +bool check_usage(const X509_Certificate& cert, X509_Store::Cert_Usage usage, + X509_Store::Cert_Usage check_for, + const std::string& usage_oid) + { + if((usage & check_for) == 0) + return true; + + const std::vector<std::string> constraints = cert.ex_constraints(); + + if(constraints.empty()) + return true; + + return std::binary_search(constraints.begin(), constraints.end(), + usage_oid); + } + +/************************************************* +* Check the usage restrictions * +*************************************************/ +X509_Code usage_check(const X509_Certificate& cert, + X509_Store::Cert_Usage usage) + { + if(usage == X509_Store::ANY) + return VERIFIED; + + if(!check_usage(cert, usage, X509_Store::CRL_SIGNING, CRL_SIGN)) + return CA_CERT_NOT_FOR_CRL_ISSUER; + + if(!check_usage(cert, usage, X509_Store::TLS_SERVER, "PKIX.ServerAuth")) + return INVALID_USAGE; + if(!check_usage(cert, usage, X509_Store::TLS_CLIENT, "PKIX.ClientAuth")) + return INVALID_USAGE; + if(!check_usage(cert, usage, X509_Store::CODE_SIGNING, "PKIX.CodeSigning")) + return INVALID_USAGE; + if(!check_usage(cert, usage, X509_Store::EMAIL_PROTECTION, + "PKIX.EmailProtection")) + return INVALID_USAGE; + if(!check_usage(cert, usage, X509_Store::TIME_STAMPING, + "PKIX.TimeStamping")) + return INVALID_USAGE; + + return VERIFIED; + } + +} + +/************************************************* +* Define equality for revocation data * +*************************************************/ +bool X509_Store::CRL_Data::operator==(const CRL_Data& other) const + { + if(issuer != other.issuer) + return false; + if(serial != other.serial) + return false; + return compare_ids(auth_key_id, other.auth_key_id); + } + +/************************************************* +* Define inequality for revocation data * +*************************************************/ +bool X509_Store::CRL_Data::operator!=(const CRL_Data& other) const + { + return !((*this) == other); + } + +/************************************************* +* Define an ordering for revocation data * +*************************************************/ +bool X509_Store::CRL_Data::operator<(const X509_Store::CRL_Data& other) const + { + if(*this == other) + return false; + + const MemoryVector<byte>& serial1 = serial; + const MemoryVector<byte>& key_id1 = auth_key_id; + const MemoryVector<byte>& serial2 = other.serial; + const MemoryVector<byte>& key_id2 = other.auth_key_id; + + if(compare_ids(key_id1, key_id2) == false) + { + if(std::lexicographical_compare(key_id1.begin(), key_id1.end(), + key_id2.begin(), key_id2.end())) + return true; + + if(std::lexicographical_compare(key_id2.begin(), key_id2.end(), + key_id1.begin(), key_id1.end())) + return false; + } + + if(compare_ids(serial1, serial2) == false) + { + if(std::lexicographical_compare(serial1.begin(), serial1.end(), + serial2.begin(), serial2.end())) + return true; + + if(std::lexicographical_compare(serial2.begin(), serial2.end(), + serial1.begin(), serial1.end())) + return false; + } + + return (issuer < other.issuer); + } + +/************************************************* +* X509_Store Constructor * +*************************************************/ +X509_Store::X509_Store(u32bit slack, u32bit cache_timeout) + { + revoked_info_valid = true; + + validation_cache_timeout = cache_timeout; + time_slack = slack; + } + +/************************************************* +* X509_Store Copy Constructor * +*************************************************/ +X509_Store::X509_Store(const X509_Store& other) + { + certs = other.certs; + revoked = other.revoked; + revoked_info_valid = other.revoked_info_valid; + for(u32bit j = 0; j != other.stores.size(); ++j) + stores[j] = other.stores[j]->clone(); + time_slack = other.time_slack; + } + +/************************************************* +* X509_Store Destructor * +*************************************************/ +X509_Store::~X509_Store() + { + for(u32bit j = 0; j != stores.size(); ++j) + delete stores[j]; + } + +/************************************************* +* Verify a certificate's authenticity * +*************************************************/ +X509_Code X509_Store::validate_cert(const X509_Certificate& cert, + Cert_Usage cert_usage) + { + recompute_revoked_info(); + + std::vector<u32bit> indexes; + X509_Code chaining_result = construct_cert_chain(cert, indexes); + if(chaining_result != VERIFIED) + return chaining_result; + + const u64bit current_time = system_time(); + + s32bit time_check = validity_check(cert.start_time(), cert.end_time(), + current_time, time_slack); + if(time_check < 0) return CERT_NOT_YET_VALID; + else if(time_check > 0) return CERT_HAS_EXPIRED; + + X509_Code sig_check_result = check_sig(cert, certs[indexes[0]]); + if(sig_check_result != VERIFIED) + return sig_check_result; + + if(is_revoked(cert)) + return CERT_IS_REVOKED; + + for(u32bit j = 0; j != indexes.size() - 1; ++j) + { + const X509_Certificate& current_cert = certs[indexes[j]].cert; + + time_check = validity_check(current_cert.start_time(), + current_cert.end_time(), + current_time, + time_slack); + + if(time_check < 0) return CERT_NOT_YET_VALID; + else if(time_check > 0) return CERT_HAS_EXPIRED; + + sig_check_result = check_sig(certs[indexes[j]], certs[indexes[j+1]]); + if(sig_check_result != VERIFIED) + return sig_check_result; + } + + return usage_check(cert, cert_usage); + } + +/************************************************* +* Find this certificate * +*************************************************/ +u32bit X509_Store::find_cert(const X509_DN& subject_dn, + const MemoryRegion<byte>& subject_key_id) const + { + for(u32bit j = 0; j != certs.size(); ++j) + { + const X509_Certificate& this_cert = certs[j].cert; + if(compare_ids(this_cert.subject_key_id(), subject_key_id) && + this_cert.subject_dn() == subject_dn) + return j; + } + return NO_CERT_FOUND; + } + +/************************************************* +* Find the parent of this certificate * +*************************************************/ +u32bit X509_Store::find_parent_of(const X509_Certificate& cert) + { + const X509_DN issuer_dn = cert.issuer_dn(); + const MemoryVector<byte> auth_key_id = cert.authority_key_id(); + + u32bit index = find_cert(issuer_dn, auth_key_id); + + if(index != NO_CERT_FOUND) + return index; + + if(auth_key_id.size()) + { + for(u32bit j = 0; j != stores.size(); ++j) + { + std::vector<X509_Certificate> got = stores[j]->by_SKID(auth_key_id); + + if(got.empty()) + continue; + + for(u32bit k = 0; k != got.size(); ++k) + add_cert(got[k]); + return find_cert(issuer_dn, auth_key_id); + } + } + + return NO_CERT_FOUND; + } + +/************************************************* +* Construct a chain of certificate relationships * +*************************************************/ +X509_Code X509_Store::construct_cert_chain(const X509_Certificate& end_cert, + std::vector<u32bit>& indexes, + bool need_full_chain) + { + u32bit parent = find_parent_of(end_cert); + + while(true) + { + if(parent == NO_CERT_FOUND) + return CERT_ISSUER_NOT_FOUND; + indexes.push_back(parent); + + if(certs[parent].is_verified(validation_cache_timeout)) + if(certs[parent].verify_result() != VERIFIED) + return certs[parent].verify_result(); + + const X509_Certificate& parent_cert = certs[parent].cert; + if(!parent_cert.is_CA_cert()) + return CA_CERT_NOT_FOR_CERT_ISSUER; + + if(certs[parent].is_trusted()) + break; + if(parent_cert.is_self_signed()) + return CANNOT_ESTABLISH_TRUST; + + if(parent_cert.path_limit() < indexes.size() - 1) + return CERT_CHAIN_TOO_LONG; + + parent = find_parent_of(parent_cert); + } + + if(need_full_chain) + return VERIFIED; + + while(true) + { + if(indexes.size() < 2) + break; + + const u32bit cert = indexes.back(); + + if(certs[cert].is_verified(validation_cache_timeout)) + { + if(certs[cert].verify_result() != VERIFIED) + throw Internal_Error("X509_Store::construct_cert_chain"); + indexes.pop_back(); + } + else + break; + } + + const u32bit last_cert = indexes.back(); + const u32bit parent_of_last_cert = find_parent_of(certs[last_cert].cert); + if(parent_of_last_cert == NO_CERT_FOUND) + return CERT_ISSUER_NOT_FOUND; + indexes.push_back(parent_of_last_cert); + + return VERIFIED; + } + +/************************************************* +* Check the CAs signature on a certificate * +*************************************************/ +X509_Code X509_Store::check_sig(const Cert_Info& cert_info, + const Cert_Info& ca_cert_info) const + { + if(cert_info.is_verified(validation_cache_timeout)) + return cert_info.verify_result(); + + const X509_Certificate& cert = cert_info.cert; + const X509_Certificate& ca_cert = ca_cert_info.cert; + + X509_Code verify_code = check_sig(cert, ca_cert.subject_public_key()); + + cert_info.set_result(verify_code); + + return verify_code; + } + +/************************************************* +* Check a CA's signature * +*************************************************/ +X509_Code X509_Store::check_sig(const X509_Object& object, Public_Key* key) + { + std::auto_ptr<Public_Key> pub_key(key); + std::auto_ptr<PK_Verifier> verifier; + + try { + std::vector<std::string> sig_info = + split_on(OIDS::lookup(object.signature_algorithm().oid), '/'); + + if(sig_info.size() != 2 || sig_info[0] != pub_key->algo_name()) + return SIGNATURE_ERROR; + + std::string padding = sig_info[1]; + Signature_Format format; + if(key->message_parts() >= 2) format = DER_SEQUENCE; + else format = IEEE_1363; + + if(dynamic_cast<PK_Verifying_with_MR_Key*>(pub_key.get())) + { + PK_Verifying_with_MR_Key* sig_key = + dynamic_cast<PK_Verifying_with_MR_Key*>(pub_key.get()); + verifier.reset(get_pk_verifier(*sig_key, padding, format)); + } + else if(dynamic_cast<PK_Verifying_wo_MR_Key*>(pub_key.get())) + { + PK_Verifying_wo_MR_Key* sig_key = + dynamic_cast<PK_Verifying_wo_MR_Key*>(pub_key.get()); + verifier.reset(get_pk_verifier(*sig_key, padding, format)); + } + else + return CA_CERT_CANNOT_SIGN; + + bool valid = verifier->verify_message(object.tbs_data(), + object.signature()); + + if(valid) + return VERIFIED; + else + return SIGNATURE_ERROR; + } + catch(Decoding_Error) { return CERT_FORMAT_ERROR; } + catch(Exception) {} + + return UNKNOWN_X509_ERROR; + } + +/************************************************* +* Recompute the revocation status of the certs * +*************************************************/ +void X509_Store::recompute_revoked_info() const + { + if(revoked_info_valid) + return; + + for(u32bit j = 0; j != certs.size(); ++j) + { + if((certs[j].is_verified(validation_cache_timeout)) && + (certs[j].verify_result() != VERIFIED)) + continue; + + if(is_revoked(certs[j].cert)) + certs[j].set_result(CERT_IS_REVOKED); + } + + revoked_info_valid = true; + } + +/************************************************* +* Check if a certificate is revoked * +*************************************************/ +bool X509_Store::is_revoked(const X509_Certificate& cert) const + { + CRL_Data revoked_info; + revoked_info.issuer = cert.issuer_dn(); + revoked_info.serial = cert.serial_number(); + revoked_info.auth_key_id = cert.authority_key_id(); + + if(std::binary_search(revoked.begin(), revoked.end(), revoked_info)) + return true; + return false; + } + +/************************************************* +* Retrieve all the certificates in the store * +*************************************************/ +std::vector<X509_Certificate> +X509_Store::get_certs(const Search_Func& search) const + { + std::vector<X509_Certificate> found_certs; + for(u32bit j = 0; j != certs.size(); ++j) + { + if(search.match(certs[j].cert)) + found_certs.push_back(certs[j].cert); + } + return found_certs; + } + +/************************************************* +* Construct a path back to a root for this cert * +*************************************************/ +std::vector<X509_Certificate> +X509_Store::get_cert_chain(const X509_Certificate& cert) + { + std::vector<X509_Certificate> result; + std::vector<u32bit> indexes; + X509_Code chaining_result = construct_cert_chain(cert, indexes, true); + + if(chaining_result != VERIFIED) + throw Invalid_State("X509_Store::get_cert_chain: Can't construct chain"); + + for(u32bit j = 0; j != indexes.size(); ++j) + result.push_back(certs[indexes[j]].cert); + return result; + } + +/************************************************* +* Add a certificate store to the list of stores * +*************************************************/ +void X509_Store::add_new_certstore(Certificate_Store* certstore) + { + stores.push_back(certstore); + } + +/************************************************* +* Add a certificate to the store * +*************************************************/ +void X509_Store::add_cert(const X509_Certificate& cert, bool trusted) + { + if(trusted && !cert.is_self_signed()) + throw Invalid_Argument("X509_Store: Trusted certs must be self-signed"); + + if(find_cert(cert.subject_dn(), cert.subject_key_id()) == NO_CERT_FOUND) + { + revoked_info_valid = false; + Cert_Info info(cert, trusted); + certs.push_back(info); + } + else if(trusted) + { + for(u32bit j = 0; j != certs.size(); ++j) + { + const X509_Certificate& this_cert = certs[j].cert; + if(this_cert == cert) + certs[j].trusted = trusted; + } + } + } + +/************************************************* +* Add one or more certificates to the store * +*************************************************/ +void X509_Store::do_add_certs(DataSource& source, bool trusted) + { + while(!source.end_of_data()) + { + try { + X509_Certificate cert(source); + add_cert(cert, trusted); + } + catch(Decoding_Error) {} + catch(Invalid_Argument) {} + } + } + +/************************************************* +* Add one or more certificates to the store * +*************************************************/ +void X509_Store::add_certs(DataSource& source) + { + do_add_certs(source, false); + } + +/************************************************* +* Add one or more certificates to the store * +*************************************************/ +void X509_Store::add_trusted_certs(DataSource& source) + { + do_add_certs(source, true); + } + +/************************************************* +* Add one or more certificates to the store * +*************************************************/ +X509_Code X509_Store::add_crl(const X509_CRL& crl) + { + s32bit time_check = validity_check(crl.this_update(), crl.next_update(), + system_time(), time_slack); + + if(time_check < 0) return CRL_NOT_YET_VALID; + else if(time_check > 0) return CRL_HAS_EXPIRED; + + u32bit cert_index = NO_CERT_FOUND; + + for(u32bit j = 0; j != certs.size(); ++j) + { + const X509_Certificate& this_cert = certs[j].cert; + if(compare_ids(this_cert.subject_key_id(), crl.authority_key_id())) + { + if(this_cert.subject_dn() == crl.issuer_dn()) + cert_index = j; + } + } + + if(cert_index == NO_CERT_FOUND) + return CRL_ISSUER_NOT_FOUND; + + const X509_Certificate& ca_cert = certs[cert_index].cert; + + X509_Code verify_result = validate_cert(ca_cert, CRL_SIGNING); + if(verify_result != VERIFIED) + return verify_result; + + verify_result = check_sig(crl, ca_cert.subject_public_key()); + if(verify_result != VERIFIED) + return verify_result; + + std::vector<CRL_Entry> revoked_certs = crl.get_revoked(); + + for(u32bit j = 0; j != revoked_certs.size(); ++j) + { + CRL_Data revoked_info; + revoked_info.issuer = crl.issuer_dn(); + revoked_info.serial = revoked_certs[j].serial_number(); + revoked_info.auth_key_id = crl.authority_key_id(); + + std::vector<CRL_Data>::iterator p = + std::find(revoked.begin(), revoked.end(), revoked_info); + + if(revoked_certs[j].reason_code() == REMOVE_FROM_CRL) + { + if(p == revoked.end()) continue; + revoked.erase(p); + } + else + { + if(p != revoked.end()) continue; + revoked.push_back(revoked_info); + } + } + + std::sort(revoked.begin(), revoked.end()); + revoked_info_valid = false; + + return VERIFIED; + } + +/************************************************* +* PEM encode the set of certificates * +*************************************************/ +std::string X509_Store::PEM_encode() const + { + std::string cert_store; + for(u32bit j = 0; j != certs.size(); ++j) + cert_store += certs[j].cert.PEM_encode(); + return cert_store; + } + +/************************************************* +* Create a Cert_Info structure * +*************************************************/ +X509_Store::Cert_Info::Cert_Info(const X509_Certificate& c, + bool t) : cert(c), trusted(t) + { + checked = false; + result = UNKNOWN_X509_ERROR; + last_checked = 0; + } + +/************************************************* +* Return the verification results * +*************************************************/ +X509_Code X509_Store::Cert_Info::verify_result() const + { + if(!checked) + throw Invalid_State("Cert_Info::verify_result() called; not checked"); + return result; + } + +/************************************************* +* Set the verification results * +*************************************************/ +void X509_Store::Cert_Info::set_result(X509_Code code) const + { + result = code; + last_checked = system_time(); + checked = true; + } + +/************************************************* +* Check if this certificate can be trusted * +*************************************************/ +bool X509_Store::Cert_Info::is_trusted() const + { + return trusted; + } + +/************************************************* +* Check if this certificate has been verified * +*************************************************/ +bool X509_Store::Cert_Info::is_verified(u32bit timeout) const + { + if(!checked) + return false; + if(result != VERIFIED && result != CERT_NOT_YET_VALID) + return true; + + const u64bit current_time = system_time(); + + if(current_time > last_checked + timeout) + checked = false; + + return checked; + } + +} diff --git a/src/x509/x509stor.h b/src/x509/x509stor.h new file mode 100644 index 000000000..3f3f38ea0 --- /dev/null +++ b/src/x509/x509stor.h @@ -0,0 +1,137 @@ +/************************************************* +* X.509 Certificate Store Header File * +* (C) 1999-2007 Jack Lloyd * +*************************************************/ + +#ifndef BOTAN_X509_CERT_STORE_H__ +#define BOTAN_X509_CERT_STORE_H__ + +#include <botan/x509cert.h> +#include <botan/x509_crl.h> +#include <botan/certstor.h> + +namespace Botan { + +/************************************************* +* X.509 Certificate Validation Result * +*************************************************/ +enum X509_Code { + VERIFIED, + UNKNOWN_X509_ERROR, + CANNOT_ESTABLISH_TRUST, + CERT_CHAIN_TOO_LONG, + SIGNATURE_ERROR, + POLICY_ERROR, + INVALID_USAGE, + + CERT_FORMAT_ERROR, + CERT_ISSUER_NOT_FOUND, + CERT_NOT_YET_VALID, + CERT_HAS_EXPIRED, + CERT_IS_REVOKED, + + CRL_FORMAT_ERROR, + CRL_ISSUER_NOT_FOUND, + CRL_NOT_YET_VALID, + CRL_HAS_EXPIRED, + + CA_CERT_CANNOT_SIGN, + CA_CERT_NOT_FOR_CERT_ISSUER, + CA_CERT_NOT_FOR_CRL_ISSUER +}; + +/************************************************* +* X.509 Certificate Store * +*************************************************/ +class BOTAN_DLL X509_Store + { + public: + class BOTAN_DLL Search_Func + { + public: + virtual bool match(const X509_Certificate&) const = 0; + virtual ~Search_Func() {} + }; + + enum Cert_Usage { + ANY = 0x00, + TLS_SERVER = 0x01, + TLS_CLIENT = 0x02, + CODE_SIGNING = 0x04, + EMAIL_PROTECTION = 0x08, + TIME_STAMPING = 0x10, + CRL_SIGNING = 0x20 + }; + + X509_Code validate_cert(const X509_Certificate&, Cert_Usage = ANY); + + std::vector<X509_Certificate> get_certs(const Search_Func&) const; + std::vector<X509_Certificate> get_cert_chain(const X509_Certificate&); + std::string PEM_encode() const; + + X509_Code add_crl(const X509_CRL&); + void add_cert(const X509_Certificate&, bool = false); + void add_certs(DataSource&); + void add_trusted_certs(DataSource&); + + void add_new_certstore(Certificate_Store*); + + static X509_Code check_sig(const X509_Object&, Public_Key*); + + X509_Store(u32bit time_slack = 24*60*60, + u32bit cache_results = 30*60); + + X509_Store(const X509_Store&); + ~X509_Store(); + private: + X509_Store& operator=(const X509_Store&) { return (*this); } + + class BOTAN_DLL Cert_Info + { + public: + bool is_verified(u32bit timeout) const; + bool is_trusted() const; + X509_Code verify_result() const; + void set_result(X509_Code) const; + Cert_Info(const X509_Certificate&, bool = false); + + X509_Certificate cert; + bool trusted; + private: + mutable bool checked; + mutable X509_Code result; + mutable u64bit last_checked; + }; + + class BOTAN_DLL CRL_Data + { + public: + X509_DN issuer; + MemoryVector<byte> serial, auth_key_id; + bool operator==(const CRL_Data&) const; + bool operator!=(const CRL_Data&) const; + bool operator<(const CRL_Data&) const; + }; + + u32bit find_cert(const X509_DN&, const MemoryRegion<byte>&) const; + X509_Code check_sig(const Cert_Info&, const Cert_Info&) const; + void recompute_revoked_info() const; + + void do_add_certs(DataSource&, bool); + X509_Code construct_cert_chain(const X509_Certificate&, + std::vector<u32bit>&, bool = false); + + u32bit find_parent_of(const X509_Certificate&); + bool is_revoked(const X509_Certificate&) const; + + static const u32bit NO_CERT_FOUND = 0xFFFFFFFF; + std::vector<Cert_Info> certs; + std::vector<CRL_Data> revoked; + std::vector<Certificate_Store*> stores; + u32bit time_slack, validation_cache_timeout; + mutable bool revoked_info_valid; + }; + +} + +#endif |