Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found
Select Git revision

Target

Select target project
  • briansmith/nettle
  • justus/nettle
  • nettle/nettle
  • michaelweiser/nettle
  • aberaud/nettle
  • npocs/nettle
  • ajlawrence/nettle
  • mhoffmann/nettle
  • lumag/nettle
  • mamonet/nettle
  • devnexen/nettle
  • babelouest/nettle
  • ueno/nettle
  • rth/nettle
  • wiml/nettle
15 results
Select Git revision
Show changes
Hide whitespace changes
Inline Side-by-side
Showing
with 2288 additions and 388 deletions
blowfish-internal.h 0 → 100644
View file @ 53c76a47
/* blowfish-internal.h
Blowfish block cipher.
Copyright (C) 2014 Niels Möller
Copyright (C) 1998, 2001 FSF, Ray Dassen, Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_BLOWFISH_INTERNAL_H_INCLUDED
#define NETTLE_BLOWFISH_INTERNAL_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
extern const struct blowfish_ctx _nettle_blowfish_initial_ctx;
extern void _nettle_blowfish_encround (const struct blowfish_ctx *ctx,
uint32_t * ret_xl, uint32_t * ret_xr);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_BLOWFISH_INTERNAL_H_INCLUDED */
blowfish.c
View file @ 53c76a47
/* blowfish.c /* blowfish.c
*
* The blowfish block cipher. The blowfish block cipher.
*
* For a description of the algorithm, see: Copyright (C) 2014 Niels Möller
Copyright (C) 2010 Simon Josefsson
Copyright (C) 1998, 2001, 2002, 2003 Free Software Foundation, Inc.
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/* For a description of the algorithm, see:
* Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996. * Bruce Schneier: Applied Cryptography. John Wiley & Sons, 1996.
* ISBN 0-471-11709-9. Pages 336 ff. * ISBN 0-471-11709-9. Pages 336 ff.
*/ */
/* NOTE: This file is distributed under the GPL, not the LGPL. */ /* This file is derived from cipher/blowfish.c in Libgcrypt v1.4.6.
The adaption to Nettle was made by Simon Josefsson on 2010-11-23.
/* nettle, low-level cryptographics library Changes include removing the selftest, renaming u32/byte types to
* uint32_t/uint8_t, renaming BLOWFISH_ROUNDS to _BLOWFISH_ROUNDS
* Copyright (C) 1998, 2001 (from Nettle's blowfish.h), dropping the libgcrypt wrapper
* Free Software Foundation, Inc, Ray Dassen, Niels Mller functions, fixing #include's, remove support for non-16 rounds
* (there are no test vectors), adding FOR_BLOCK iterations, and
* This file is part of GNUPG. running indent on the code. */
*
* GNUPG is free software; you can redistribute it and/or modify #if HAVE_CONFIG_H
* it under the terms of the GNU General Public License as published by #include "config.h"
* the Free Software Foundation; either version 2 of the License, or #endif
* (at your option) any later version.
* #include <assert.h>
* GNUPG is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA
*/
#include "blowfish.h" #include "blowfish.h"
#include "blowfish-internal.h"
#include "macros.h" #include "macros.h"
#include <assert.h> /* precomputed S boxes */
const struct blowfish_ctx
/* Initial keysetup state */ _nettle_blowfish_initial_ctx = {
static const struct blowfish_ctx
initial_ctx =
{ /* precomputed S boxes */
{ {
{ { /* ks0 */
0xD1310BA6,0x98DFB5AC,0x2FFD72DB,0xD01ADFB7,0xB8E1AFED,0x6A267E96, 0xD1310BA6, 0x98DFB5AC, 0x2FFD72DB, 0xD01ADFB7, 0xB8E1AFED, 0x6A267E96,
0xBA7C9045,0xF12C7F99,0x24A19947,0xB3916CF7,0x0801F2E2,0x858EFC16, 0xBA7C9045, 0xF12C7F99, 0x24A19947, 0xB3916CF7, 0x0801F2E2, 0x858EFC16,
0x636920D8,0x71574E69,0xA458FEA3,0xF4933D7E,0x0D95748F,0x728EB658, 0x636920D8, 0x71574E69, 0xA458FEA3, 0xF4933D7E, 0x0D95748F, 0x728EB658,
0x718BCD58,0x82154AEE,0x7B54A41D,0xC25A59B5,0x9C30D539,0x2AF26013, 0x718BCD58, 0x82154AEE, 0x7B54A41D, 0xC25A59B5, 0x9C30D539, 0x2AF26013,
0xC5D1B023,0x286085F0,0xCA417918,0xB8DB38EF,0x8E79DCB0,0x603A180E, 0xC5D1B023, 0x286085F0, 0xCA417918, 0xB8DB38EF, 0x8E79DCB0, 0x603A180E,
0x6C9E0E8B,0xB01E8A3E,0xD71577C1,0xBD314B27,0x78AF2FDA,0x55605C60, 0x6C9E0E8B, 0xB01E8A3E, 0xD71577C1, 0xBD314B27, 0x78AF2FDA, 0x55605C60,
0xE65525F3,0xAA55AB94,0x57489862,0x63E81440,0x55CA396A,0x2AAB10B6, 0xE65525F3, 0xAA55AB94, 0x57489862, 0x63E81440, 0x55CA396A, 0x2AAB10B6,
0xB4CC5C34,0x1141E8CE,0xA15486AF,0x7C72E993,0xB3EE1411,0x636FBC2A, 0xB4CC5C34, 0x1141E8CE, 0xA15486AF, 0x7C72E993, 0xB3EE1411, 0x636FBC2A,
0x2BA9C55D,0x741831F6,0xCE5C3E16,0x9B87931E,0xAFD6BA33,0x6C24CF5C, 0x2BA9C55D, 0x741831F6, 0xCE5C3E16, 0x9B87931E, 0xAFD6BA33, 0x6C24CF5C,
0x7A325381,0x28958677,0x3B8F4898,0x6B4BB9AF,0xC4BFE81B,0x66282193, 0x7A325381, 0x28958677, 0x3B8F4898, 0x6B4BB9AF, 0xC4BFE81B, 0x66282193,
0x61D809CC,0xFB21A991,0x487CAC60,0x5DEC8032,0xEF845D5D,0xE98575B1, 0x61D809CC, 0xFB21A991, 0x487CAC60, 0x5DEC8032, 0xEF845D5D, 0xE98575B1,
0xDC262302,0xEB651B88,0x23893E81,0xD396ACC5,0x0F6D6FF3,0x83F44239, 0xDC262302, 0xEB651B88, 0x23893E81, 0xD396ACC5, 0x0F6D6FF3, 0x83F44239,
0x2E0B4482,0xA4842004,0x69C8F04A,0x9E1F9B5E,0x21C66842,0xF6E96C9A, 0x2E0B4482, 0xA4842004, 0x69C8F04A, 0x9E1F9B5E, 0x21C66842, 0xF6E96C9A,
0x670C9C61,0xABD388F0,0x6A51A0D2,0xD8542F68,0x960FA728,0xAB5133A3, 0x670C9C61, 0xABD388F0, 0x6A51A0D2, 0xD8542F68, 0x960FA728, 0xAB5133A3,
0x6EEF0B6C,0x137A3BE4,0xBA3BF050,0x7EFB2A98,0xA1F1651D,0x39AF0176, 0x6EEF0B6C, 0x137A3BE4, 0xBA3BF050, 0x7EFB2A98, 0xA1F1651D, 0x39AF0176,
0x66CA593E,0x82430E88,0x8CEE8619,0x456F9FB4,0x7D84A5C3,0x3B8B5EBE, 0x66CA593E, 0x82430E88, 0x8CEE8619, 0x456F9FB4, 0x7D84A5C3, 0x3B8B5EBE,
0xE06F75D8,0x85C12073,0x401A449F,0x56C16AA6,0x4ED3AA62,0x363F7706, 0xE06F75D8, 0x85C12073, 0x401A449F, 0x56C16AA6, 0x4ED3AA62, 0x363F7706,
0x1BFEDF72,0x429B023D,0x37D0D724,0xD00A1248,0xDB0FEAD3,0x49F1C09B, 0x1BFEDF72, 0x429B023D, 0x37D0D724, 0xD00A1248, 0xDB0FEAD3, 0x49F1C09B,
0x075372C9,0x80991B7B,0x25D479D8,0xF6E8DEF7,0xE3FE501A,0xB6794C3B, 0x075372C9, 0x80991B7B, 0x25D479D8, 0xF6E8DEF7, 0xE3FE501A, 0xB6794C3B,
0x976CE0BD,0x04C006BA,0xC1A94FB6,0x409F60C4,0x5E5C9EC2,0x196A2463, 0x976CE0BD, 0x04C006BA, 0xC1A94FB6, 0x409F60C4, 0x5E5C9EC2, 0x196A2463,
0x68FB6FAF,0x3E6C53B5,0x1339B2EB,0x3B52EC6F,0x6DFC511F,0x9B30952C, 0x68FB6FAF, 0x3E6C53B5, 0x1339B2EB, 0x3B52EC6F, 0x6DFC511F, 0x9B30952C,
0xCC814544,0xAF5EBD09,0xBEE3D004,0xDE334AFD,0x660F2807,0x192E4BB3, 0xCC814544, 0xAF5EBD09, 0xBEE3D004, 0xDE334AFD, 0x660F2807, 0x192E4BB3,
0xC0CBA857,0x45C8740F,0xD20B5F39,0xB9D3FBDB,0x5579C0BD,0x1A60320A, 0xC0CBA857, 0x45C8740F, 0xD20B5F39, 0xB9D3FBDB, 0x5579C0BD, 0x1A60320A,
0xD6A100C6,0x402C7279,0x679F25FE,0xFB1FA3CC,0x8EA5E9F8,0xDB3222F8, 0xD6A100C6, 0x402C7279, 0x679F25FE, 0xFB1FA3CC, 0x8EA5E9F8, 0xDB3222F8,
0x3C7516DF,0xFD616B15,0x2F501EC8,0xAD0552AB,0x323DB5FA,0xFD238760, 0x3C7516DF, 0xFD616B15, 0x2F501EC8, 0xAD0552AB, 0x323DB5FA, 0xFD238760,
0x53317B48,0x3E00DF82,0x9E5C57BB,0xCA6F8CA0,0x1A87562E,0xDF1769DB, 0x53317B48, 0x3E00DF82, 0x9E5C57BB, 0xCA6F8CA0, 0x1A87562E, 0xDF1769DB,
0xD542A8F6,0x287EFFC3,0xAC6732C6,0x8C4F5573,0x695B27B0,0xBBCA58C8, 0xD542A8F6, 0x287EFFC3, 0xAC6732C6, 0x8C4F5573, 0x695B27B0, 0xBBCA58C8,
0xE1FFA35D,0xB8F011A0,0x10FA3D98,0xFD2183B8,0x4AFCB56C,0x2DD1D35B, 0xE1FFA35D, 0xB8F011A0, 0x10FA3D98, 0xFD2183B8, 0x4AFCB56C, 0x2DD1D35B,
0x9A53E479,0xB6F84565,0xD28E49BC,0x4BFB9790,0xE1DDF2DA,0xA4CB7E33, 0x9A53E479, 0xB6F84565, 0xD28E49BC, 0x4BFB9790, 0xE1DDF2DA, 0xA4CB7E33,
0x62FB1341,0xCEE4C6E8,0xEF20CADA,0x36774C01,0xD07E9EFE,0x2BF11FB4, 0x62FB1341, 0xCEE4C6E8, 0xEF20CADA, 0x36774C01, 0xD07E9EFE, 0x2BF11FB4,
0x95DBDA4D,0xAE909198,0xEAAD8E71,0x6B93D5A0,0xD08ED1D0,0xAFC725E0, 0x95DBDA4D, 0xAE909198, 0xEAAD8E71, 0x6B93D5A0, 0xD08ED1D0, 0xAFC725E0,
0x8E3C5B2F,0x8E7594B7,0x8FF6E2FB,0xF2122B64,0x8888B812,0x900DF01C, 0x8E3C5B2F, 0x8E7594B7, 0x8FF6E2FB, 0xF2122B64, 0x8888B812, 0x900DF01C,
0x4FAD5EA0,0x688FC31C,0xD1CFF191,0xB3A8C1AD,0x2F2F2218,0xBE0E1777, 0x4FAD5EA0, 0x688FC31C, 0xD1CFF191, 0xB3A8C1AD, 0x2F2F2218, 0xBE0E1777,
0xEA752DFE,0x8B021FA1,0xE5A0CC0F,0xB56F74E8,0x18ACF3D6,0xCE89E299, 0xEA752DFE, 0x8B021FA1, 0xE5A0CC0F, 0xB56F74E8, 0x18ACF3D6, 0xCE89E299,
0xB4A84FE0,0xFD13E0B7,0x7CC43B81,0xD2ADA8D9,0x165FA266,0x80957705, 0xB4A84FE0, 0xFD13E0B7, 0x7CC43B81, 0xD2ADA8D9, 0x165FA266, 0x80957705,
0x93CC7314,0x211A1477,0xE6AD2065,0x77B5FA86,0xC75442F5,0xFB9D35CF, 0x93CC7314, 0x211A1477, 0xE6AD2065, 0x77B5FA86, 0xC75442F5, 0xFB9D35CF,
0xEBCDAF0C,0x7B3E89A0,0xD6411BD3,0xAE1E7E49,0x00250E2D,0x2071B35E, 0xEBCDAF0C, 0x7B3E89A0, 0xD6411BD3, 0xAE1E7E49, 0x00250E2D, 0x2071B35E,
0x226800BB,0x57B8E0AF,0x2464369B,0xF009B91E,0x5563911D,0x59DFA6AA, 0x226800BB, 0x57B8E0AF, 0x2464369B, 0xF009B91E, 0x5563911D, 0x59DFA6AA,
0x78C14389,0xD95A537F,0x207D5BA2,0x02E5B9C5,0x83260376,0x6295CFA9, 0x78C14389, 0xD95A537F, 0x207D5BA2, 0x02E5B9C5, 0x83260376, 0x6295CFA9,
0x11C81968,0x4E734A41,0xB3472DCA,0x7B14A94A,0x1B510052,0x9A532915, 0x11C81968, 0x4E734A41, 0xB3472DCA, 0x7B14A94A, 0x1B510052, 0x9A532915,
0xD60F573F,0xBC9BC6E4,0x2B60A476,0x81E67400,0x08BA6FB5,0x571BE91F, 0xD60F573F, 0xBC9BC6E4, 0x2B60A476, 0x81E67400, 0x08BA6FB5, 0x571BE91F,
0xF296EC6B,0x2A0DD915,0xB6636521,0xE7B9F9B6,0xFF34052E,0xC5855664, 0xF296EC6B, 0x2A0DD915, 0xB6636521, 0xE7B9F9B6, 0xFF34052E, 0xC5855664,
0x53B02D5D,0xA99F8FA1,0x08BA4799,0x6E85076A 0x53B02D5D, 0xA99F8FA1, 0x08BA4799, 0x6E85076A
}, { },
0x4B7A70E9,0xB5B32944,0xDB75092E,0xC4192623,0xAD6EA6B0,0x49A7DF7D, { /* ks1 */
0x9CEE60B8,0x8FEDB266,0xECAA8C71,0x699A17FF,0x5664526C,0xC2B19EE1, 0x4B7A70E9, 0xB5B32944, 0xDB75092E, 0xC4192623, 0xAD6EA6B0, 0x49A7DF7D,
0x193602A5,0x75094C29,0xA0591340,0xE4183A3E,0x3F54989A,0x5B429D65, 0x9CEE60B8, 0x8FEDB266, 0xECAA8C71, 0x699A17FF, 0x5664526C, 0xC2B19EE1,
0x6B8FE4D6,0x99F73FD6,0xA1D29C07,0xEFE830F5,0x4D2D38E6,0xF0255DC1, 0x193602A5, 0x75094C29, 0xA0591340, 0xE4183A3E, 0x3F54989A, 0x5B429D65,
0x4CDD2086,0x8470EB26,0x6382E9C6,0x021ECC5E,0x09686B3F,0x3EBAEFC9, 0x6B8FE4D6, 0x99F73FD6, 0xA1D29C07, 0xEFE830F5, 0x4D2D38E6, 0xF0255DC1,
0x3C971814,0x6B6A70A1,0x687F3584,0x52A0E286,0xB79C5305,0xAA500737, 0x4CDD2086, 0x8470EB26, 0x6382E9C6, 0x021ECC5E, 0x09686B3F, 0x3EBAEFC9,
0x3E07841C,0x7FDEAE5C,0x8E7D44EC,0x5716F2B8,0xB03ADA37,0xF0500C0D, 0x3C971814, 0x6B6A70A1, 0x687F3584, 0x52A0E286, 0xB79C5305, 0xAA500737,
0xF01C1F04,0x0200B3FF,0xAE0CF51A,0x3CB574B2,0x25837A58,0xDC0921BD, 0x3E07841C, 0x7FDEAE5C, 0x8E7D44EC, 0x5716F2B8, 0xB03ADA37, 0xF0500C0D,
0xD19113F9,0x7CA92FF6,0x94324773,0x22F54701,0x3AE5E581,0x37C2DADC, 0xF01C1F04, 0x0200B3FF, 0xAE0CF51A, 0x3CB574B2, 0x25837A58, 0xDC0921BD,
0xC8B57634,0x9AF3DDA7,0xA9446146,0x0FD0030E,0xECC8C73E,0xA4751E41, 0xD19113F9, 0x7CA92FF6, 0x94324773, 0x22F54701, 0x3AE5E581, 0x37C2DADC,
0xE238CD99,0x3BEA0E2F,0x3280BBA1,0x183EB331,0x4E548B38,0x4F6DB908, 0xC8B57634, 0x9AF3DDA7, 0xA9446146, 0x0FD0030E, 0xECC8C73E, 0xA4751E41,
0x6F420D03,0xF60A04BF,0x2CB81290,0x24977C79,0x5679B072,0xBCAF89AF, 0xE238CD99, 0x3BEA0E2F, 0x3280BBA1, 0x183EB331, 0x4E548B38, 0x4F6DB908,
0xDE9A771F,0xD9930810,0xB38BAE12,0xDCCF3F2E,0x5512721F,0x2E6B7124, 0x6F420D03, 0xF60A04BF, 0x2CB81290, 0x24977C79, 0x5679B072, 0xBCAF89AF,
0x501ADDE6,0x9F84CD87,0x7A584718,0x7408DA17,0xBC9F9ABC,0xE94B7D8C, 0xDE9A771F, 0xD9930810, 0xB38BAE12, 0xDCCF3F2E, 0x5512721F, 0x2E6B7124,
0xEC7AEC3A,0xDB851DFA,0x63094366,0xC464C3D2,0xEF1C1847,0x3215D908, 0x501ADDE6, 0x9F84CD87, 0x7A584718, 0x7408DA17, 0xBC9F9ABC, 0xE94B7D8C,
0xDD433B37,0x24C2BA16,0x12A14D43,0x2A65C451,0x50940002,0x133AE4DD, 0xEC7AEC3A, 0xDB851DFA, 0x63094366, 0xC464C3D2, 0xEF1C1847, 0x3215D908,
0x71DFF89E,0x10314E55,0x81AC77D6,0x5F11199B,0x043556F1,0xD7A3C76B, 0xDD433B37, 0x24C2BA16, 0x12A14D43, 0x2A65C451, 0x50940002, 0x133AE4DD,
0x3C11183B,0x5924A509,0xF28FE6ED,0x97F1FBFA,0x9EBABF2C,0x1E153C6E, 0x71DFF89E, 0x10314E55, 0x81AC77D6, 0x5F11199B, 0x043556F1, 0xD7A3C76B,
0x86E34570,0xEAE96FB1,0x860E5E0A,0x5A3E2AB3,0x771FE71C,0x4E3D06FA, 0x3C11183B, 0x5924A509, 0xF28FE6ED, 0x97F1FBFA, 0x9EBABF2C, 0x1E153C6E,
0x2965DCB9,0x99E71D0F,0x803E89D6,0x5266C825,0x2E4CC978,0x9C10B36A, 0x86E34570, 0xEAE96FB1, 0x860E5E0A, 0x5A3E2AB3, 0x771FE71C, 0x4E3D06FA,
0xC6150EBA,0x94E2EA78,0xA5FC3C53,0x1E0A2DF4,0xF2F74EA7,0x361D2B3D, 0x2965DCB9, 0x99E71D0F, 0x803E89D6, 0x5266C825, 0x2E4CC978, 0x9C10B36A,
0x1939260F,0x19C27960,0x5223A708,0xF71312B6,0xEBADFE6E,0xEAC31F66, 0xC6150EBA, 0x94E2EA78, 0xA5FC3C53, 0x1E0A2DF4, 0xF2F74EA7, 0x361D2B3D,
0xE3BC4595,0xA67BC883,0xB17F37D1,0x018CFF28,0xC332DDEF,0xBE6C5AA5, 0x1939260F, 0x19C27960, 0x5223A708, 0xF71312B6, 0xEBADFE6E, 0xEAC31F66,
0x65582185,0x68AB9802,0xEECEA50F,0xDB2F953B,0x2AEF7DAD,0x5B6E2F84, 0xE3BC4595, 0xA67BC883, 0xB17F37D1, 0x018CFF28, 0xC332DDEF, 0xBE6C5AA5,
0x1521B628,0x29076170,0xECDD4775,0x619F1510,0x13CCA830,0xEB61BD96, 0x65582185, 0x68AB9802, 0xEECEA50F, 0xDB2F953B, 0x2AEF7DAD, 0x5B6E2F84,
0x0334FE1E,0xAA0363CF,0xB5735C90,0x4C70A239,0xD59E9E0B,0xCBAADE14, 0x1521B628, 0x29076170, 0xECDD4775, 0x619F1510, 0x13CCA830, 0xEB61BD96,
0xEECC86BC,0x60622CA7,0x9CAB5CAB,0xB2F3846E,0x648B1EAF,0x19BDF0CA, 0x0334FE1E, 0xAA0363CF, 0xB5735C90, 0x4C70A239, 0xD59E9E0B, 0xCBAADE14,
0xA02369B9,0x655ABB50,0x40685A32,0x3C2AB4B3,0x319EE9D5,0xC021B8F7, 0xEECC86BC, 0x60622CA7, 0x9CAB5CAB, 0xB2F3846E, 0x648B1EAF, 0x19BDF0CA,
0x9B540B19,0x875FA099,0x95F7997E,0x623D7DA8,0xF837889A,0x97E32D77, 0xA02369B9, 0x655ABB50, 0x40685A32, 0x3C2AB4B3, 0x319EE9D5, 0xC021B8F7,
0x11ED935F,0x16681281,0x0E358829,0xC7E61FD6,0x96DEDFA1,0x7858BA99, 0x9B540B19, 0x875FA099, 0x95F7997E, 0x623D7DA8, 0xF837889A, 0x97E32D77,
0x57F584A5,0x1B227263,0x9B83C3FF,0x1AC24696,0xCDB30AEB,0x532E3054, 0x11ED935F, 0x16681281, 0x0E358829, 0xC7E61FD6, 0x96DEDFA1, 0x7858BA99,
0x8FD948E4,0x6DBC3128,0x58EBF2EF,0x34C6FFEA,0xFE28ED61,0xEE7C3C73, 0x57F584A5, 0x1B227263, 0x9B83C3FF, 0x1AC24696, 0xCDB30AEB, 0x532E3054,
0x5D4A14D9,0xE864B7E3,0x42105D14,0x203E13E0,0x45EEE2B6,0xA3AAABEA, 0x8FD948E4, 0x6DBC3128, 0x58EBF2EF, 0x34C6FFEA, 0xFE28ED61, 0xEE7C3C73,
0xDB6C4F15,0xFACB4FD0,0xC742F442,0xEF6ABBB5,0x654F3B1D,0x41CD2105, 0x5D4A14D9, 0xE864B7E3, 0x42105D14, 0x203E13E0, 0x45EEE2B6, 0xA3AAABEA,
0xD81E799E,0x86854DC7,0xE44B476A,0x3D816250,0xCF62A1F2,0x5B8D2646, 0xDB6C4F15, 0xFACB4FD0, 0xC742F442, 0xEF6ABBB5, 0x654F3B1D, 0x41CD2105,
0xFC8883A0,0xC1C7B6A3,0x7F1524C3,0x69CB7492,0x47848A0B,0x5692B285, 0xD81E799E, 0x86854DC7, 0xE44B476A, 0x3D816250, 0xCF62A1F2, 0x5B8D2646,
0x095BBF00,0xAD19489D,0x1462B174,0x23820E00,0x58428D2A,0x0C55F5EA, 0xFC8883A0, 0xC1C7B6A3, 0x7F1524C3, 0x69CB7492, 0x47848A0B, 0x5692B285,
0x1DADF43E,0x233F7061,0x3372F092,0x8D937E41,0xD65FECF1,0x6C223BDB, 0x095BBF00, 0xAD19489D, 0x1462B174, 0x23820E00, 0x58428D2A, 0x0C55F5EA,
0x7CDE3759,0xCBEE7460,0x4085F2A7,0xCE77326E,0xA6078084,0x19F8509E, 0x1DADF43E, 0x233F7061, 0x3372F092, 0x8D937E41, 0xD65FECF1, 0x6C223BDB,
0xE8EFD855,0x61D99735,0xA969A7AA,0xC50C06C2,0x5A04ABFC,0x800BCADC, 0x7CDE3759, 0xCBEE7460, 0x4085F2A7, 0xCE77326E, 0xA6078084, 0x19F8509E,
0x9E447A2E,0xC3453484,0xFDD56705,0x0E1E9EC9,0xDB73DBD3,0x105588CD, 0xE8EFD855, 0x61D99735, 0xA969A7AA, 0xC50C06C2, 0x5A04ABFC, 0x800BCADC,
0x675FDA79,0xE3674340,0xC5C43465,0x713E38D8,0x3D28F89E,0xF16DFF20, 0x9E447A2E, 0xC3453484, 0xFDD56705, 0x0E1E9EC9, 0xDB73DBD3, 0x105588CD,
0x153E21E7,0x8FB03D4A,0xE6E39F2B,0xDB83ADF7 0x675FDA79, 0xE3674340, 0xC5C43465, 0x713E38D8, 0x3D28F89E, 0xF16DFF20,
}, { 0x153E21E7, 0x8FB03D4A, 0xE6E39F2B, 0xDB83ADF7
0xE93D5A68,0x948140F7,0xF64C261C,0x94692934,0x411520F7,0x7602D4F7, },
0xBCF46B2E,0xD4A20068,0xD4082471,0x3320F46A,0x43B7D4B7,0x500061AF, { /* ks2 */
0x1E39F62E,0x97244546,0x14214F74,0xBF8B8840,0x4D95FC1D,0x96B591AF, 0xE93D5A68, 0x948140F7, 0xF64C261C, 0x94692934, 0x411520F7, 0x7602D4F7,
0x70F4DDD3,0x66A02F45,0xBFBC09EC,0x03BD9785,0x7FAC6DD0,0x31CB8504, 0xBCF46B2E, 0xD4A20068, 0xD4082471, 0x3320F46A, 0x43B7D4B7, 0x500061AF,
0x96EB27B3,0x55FD3941,0xDA2547E6,0xABCA0A9A,0x28507825,0x530429F4, 0x1E39F62E, 0x97244546, 0x14214F74, 0xBF8B8840, 0x4D95FC1D, 0x96B591AF,
0x0A2C86DA,0xE9B66DFB,0x68DC1462,0xD7486900,0x680EC0A4,0x27A18DEE, 0x70F4DDD3, 0x66A02F45, 0xBFBC09EC, 0x03BD9785, 0x7FAC6DD0, 0x31CB8504,
0x4F3FFEA2,0xE887AD8C,0xB58CE006,0x7AF4D6B6,0xAACE1E7C,0xD3375FEC, 0x96EB27B3, 0x55FD3941, 0xDA2547E6, 0xABCA0A9A, 0x28507825, 0x530429F4,
0xCE78A399,0x406B2A42,0x20FE9E35,0xD9F385B9,0xEE39D7AB,0x3B124E8B, 0x0A2C86DA, 0xE9B66DFB, 0x68DC1462, 0xD7486900, 0x680EC0A4, 0x27A18DEE,
0x1DC9FAF7,0x4B6D1856,0x26A36631,0xEAE397B2,0x3A6EFA74,0xDD5B4332, 0x4F3FFEA2, 0xE887AD8C, 0xB58CE006, 0x7AF4D6B6, 0xAACE1E7C, 0xD3375FEC,
0x6841E7F7,0xCA7820FB,0xFB0AF54E,0xD8FEB397,0x454056AC,0xBA489527, 0xCE78A399, 0x406B2A42, 0x20FE9E35, 0xD9F385B9, 0xEE39D7AB, 0x3B124E8B,
0x55533A3A,0x20838D87,0xFE6BA9B7,0xD096954B,0x55A867BC,0xA1159A58, 0x1DC9FAF7, 0x4B6D1856, 0x26A36631, 0xEAE397B2, 0x3A6EFA74, 0xDD5B4332,
0xCCA92963,0x99E1DB33,0xA62A4A56,0x3F3125F9,0x5EF47E1C,0x9029317C, 0x6841E7F7, 0xCA7820FB, 0xFB0AF54E, 0xD8FEB397, 0x454056AC, 0xBA489527,
0xFDF8E802,0x04272F70,0x80BB155C,0x05282CE3,0x95C11548,0xE4C66D22, 0x55533A3A, 0x20838D87, 0xFE6BA9B7, 0xD096954B, 0x55A867BC, 0xA1159A58,
0x48C1133F,0xC70F86DC,0x07F9C9EE,0x41041F0F,0x404779A4,0x5D886E17, 0xCCA92963, 0x99E1DB33, 0xA62A4A56, 0x3F3125F9, 0x5EF47E1C, 0x9029317C,
0x325F51EB,0xD59BC0D1,0xF2BCC18F,0x41113564,0x257B7834,0x602A9C60, 0xFDF8E802, 0x04272F70, 0x80BB155C, 0x05282CE3, 0x95C11548, 0xE4C66D22,
0xDFF8E8A3,0x1F636C1B,0x0E12B4C2,0x02E1329E,0xAF664FD1,0xCAD18115, 0x48C1133F, 0xC70F86DC, 0x07F9C9EE, 0x41041F0F, 0x404779A4, 0x5D886E17,
0x6B2395E0,0x333E92E1,0x3B240B62,0xEEBEB922,0x85B2A20E,0xE6BA0D99, 0x325F51EB, 0xD59BC0D1, 0xF2BCC18F, 0x41113564, 0x257B7834, 0x602A9C60,
0xDE720C8C,0x2DA2F728,0xD0127845,0x95B794FD,0x647D0862,0xE7CCF5F0, 0xDFF8E8A3, 0x1F636C1B, 0x0E12B4C2, 0x02E1329E, 0xAF664FD1, 0xCAD18115,
0x5449A36F,0x877D48FA,0xC39DFD27,0xF33E8D1E,0x0A476341,0x992EFF74, 0x6B2395E0, 0x333E92E1, 0x3B240B62, 0xEEBEB922, 0x85B2A20E, 0xE6BA0D99,
0x3A6F6EAB,0xF4F8FD37,0xA812DC60,0xA1EBDDF8,0x991BE14C,0xDB6E6B0D, 0xDE720C8C, 0x2DA2F728, 0xD0127845, 0x95B794FD, 0x647D0862, 0xE7CCF5F0,
0xC67B5510,0x6D672C37,0x2765D43B,0xDCD0E804,0xF1290DC7,0xCC00FFA3, 0x5449A36F, 0x877D48FA, 0xC39DFD27, 0xF33E8D1E, 0x0A476341, 0x992EFF74,
0xB5390F92,0x690FED0B,0x667B9FFB,0xCEDB7D9C,0xA091CF0B,0xD9155EA3, 0x3A6F6EAB, 0xF4F8FD37, 0xA812DC60, 0xA1EBDDF8, 0x991BE14C, 0xDB6E6B0D,
0xBB132F88,0x515BAD24,0x7B9479BF,0x763BD6EB,0x37392EB3,0xCC115979, 0xC67B5510, 0x6D672C37, 0x2765D43B, 0xDCD0E804, 0xF1290DC7, 0xCC00FFA3,
0x8026E297,0xF42E312D,0x6842ADA7,0xC66A2B3B,0x12754CCC,0x782EF11C, 0xB5390F92, 0x690FED0B, 0x667B9FFB, 0xCEDB7D9C, 0xA091CF0B, 0xD9155EA3,
0x6A124237,0xB79251E7,0x06A1BBE6,0x4BFB6350,0x1A6B1018,0x11CAEDFA, 0xBB132F88, 0x515BAD24, 0x7B9479BF, 0x763BD6EB, 0x37392EB3, 0xCC115979,
0x3D25BDD8,0xE2E1C3C9,0x44421659,0x0A121386,0xD90CEC6E,0xD5ABEA2A, 0x8026E297, 0xF42E312D, 0x6842ADA7, 0xC66A2B3B, 0x12754CCC, 0x782EF11C,
0x64AF674E,0xDA86A85F,0xBEBFE988,0x64E4C3FE,0x9DBC8057,0xF0F7C086, 0x6A124237, 0xB79251E7, 0x06A1BBE6, 0x4BFB6350, 0x1A6B1018, 0x11CAEDFA,
0x60787BF8,0x6003604D,0xD1FD8346,0xF6381FB0,0x7745AE04,0xD736FCCC, 0x3D25BDD8, 0xE2E1C3C9, 0x44421659, 0x0A121386, 0xD90CEC6E, 0xD5ABEA2A,
0x83426B33,0xF01EAB71,0xB0804187,0x3C005E5F,0x77A057BE,0xBDE8AE24, 0x64AF674E, 0xDA86A85F, 0xBEBFE988, 0x64E4C3FE, 0x9DBC8057, 0xF0F7C086,
0x55464299,0xBF582E61,0x4E58F48F,0xF2DDFDA2,0xF474EF38,0x8789BDC2, 0x60787BF8, 0x6003604D, 0xD1FD8346, 0xF6381FB0, 0x7745AE04, 0xD736FCCC,
0x5366F9C3,0xC8B38E74,0xB475F255,0x46FCD9B9,0x7AEB2661,0x8B1DDF84, 0x83426B33, 0xF01EAB71, 0xB0804187, 0x3C005E5F, 0x77A057BE, 0xBDE8AE24,
0x846A0E79,0x915F95E2,0x466E598E,0x20B45770,0x8CD55591,0xC902DE4C, 0x55464299, 0xBF582E61, 0x4E58F48F, 0xF2DDFDA2, 0xF474EF38, 0x8789BDC2,
0xB90BACE1,0xBB8205D0,0x11A86248,0x7574A99E,0xB77F19B6,0xE0A9DC09, 0x5366F9C3, 0xC8B38E74, 0xB475F255, 0x46FCD9B9, 0x7AEB2661, 0x8B1DDF84,
0x662D09A1,0xC4324633,0xE85A1F02,0x09F0BE8C,0x4A99A025,0x1D6EFE10, 0x846A0E79, 0x915F95E2, 0x466E598E, 0x20B45770, 0x8CD55591, 0xC902DE4C,
0x1AB93D1D,0x0BA5A4DF,0xA186F20F,0x2868F169,0xDCB7DA83,0x573906FE, 0xB90BACE1, 0xBB8205D0, 0x11A86248, 0x7574A99E, 0xB77F19B6, 0xE0A9DC09,
0xA1E2CE9B,0x4FCD7F52,0x50115E01,0xA70683FA,0xA002B5C4,0x0DE6D027, 0x662D09A1, 0xC4324633, 0xE85A1F02, 0x09F0BE8C, 0x4A99A025, 0x1D6EFE10,
0x9AF88C27,0x773F8641,0xC3604C06,0x61A806B5,0xF0177A28,0xC0F586E0, 0x1AB93D1D, 0x0BA5A4DF, 0xA186F20F, 0x2868F169, 0xDCB7DA83, 0x573906FE,
0x006058AA,0x30DC7D62,0x11E69ED7,0x2338EA63,0x53C2DD94,0xC2C21634, 0xA1E2CE9B, 0x4FCD7F52, 0x50115E01, 0xA70683FA, 0xA002B5C4, 0x0DE6D027,
0xBBCBEE56,0x90BCB6DE,0xEBFC7DA1,0xCE591D76,0x6F05E409,0x4B7C0188, 0x9AF88C27, 0x773F8641, 0xC3604C06, 0x61A806B5, 0xF0177A28, 0xC0F586E0,
0x39720A3D,0x7C927C24,0x86E3725F,0x724D9DB9,0x1AC15BB4,0xD39EB8FC, 0x006058AA, 0x30DC7D62, 0x11E69ED7, 0x2338EA63, 0x53C2DD94, 0xC2C21634,
0xED545578,0x08FCA5B5,0xD83D7CD3,0x4DAD0FC4,0x1E50EF5E,0xB161E6F8, 0xBBCBEE56, 0x90BCB6DE, 0xEBFC7DA1, 0xCE591D76, 0x6F05E409, 0x4B7C0188,
0xA28514D9,0x6C51133C,0x6FD5C7E7,0x56E14EC4,0x362ABFCE,0xDDC6C837, 0x39720A3D, 0x7C927C24, 0x86E3725F, 0x724D9DB9, 0x1AC15BB4, 0xD39EB8FC,
0xD79A3234,0x92638212,0x670EFA8E,0x406000E0 0xED545578, 0x08FCA5B5, 0xD83D7CD3, 0x4DAD0FC4, 0x1E50EF5E, 0xB161E6F8,
}, { 0xA28514D9, 0x6C51133C, 0x6FD5C7E7, 0x56E14EC4, 0x362ABFCE, 0xDDC6C837,
0x3A39CE37,0xD3FAF5CF,0xABC27737,0x5AC52D1B,0x5CB0679E,0x4FA33742, 0xD79A3234, 0x92638212, 0x670EFA8E, 0x406000E0
0xD3822740,0x99BC9BBE,0xD5118E9D,0xBF0F7315,0xD62D1C7E,0xC700C47B, },
0xB78C1B6B,0x21A19045,0xB26EB1BE,0x6A366EB4,0x5748AB2F,0xBC946E79, { /* ks3 */
0xC6A376D2,0x6549C2C8,0x530FF8EE,0x468DDE7D,0xD5730A1D,0x4CD04DC6, 0x3A39CE37, 0xD3FAF5CF, 0xABC27737, 0x5AC52D1B, 0x5CB0679E, 0x4FA33742,
0x2939BBDB,0xA9BA4650,0xAC9526E8,0xBE5EE304,0xA1FAD5F0,0x6A2D519A, 0xD3822740, 0x99BC9BBE, 0xD5118E9D, 0xBF0F7315, 0xD62D1C7E, 0xC700C47B,
0x63EF8CE2,0x9A86EE22,0xC089C2B8,0x43242EF6,0xA51E03AA,0x9CF2D0A4, 0xB78C1B6B, 0x21A19045, 0xB26EB1BE, 0x6A366EB4, 0x5748AB2F, 0xBC946E79,
0x83C061BA,0x9BE96A4D,0x8FE51550,0xBA645BD6,0x2826A2F9,0xA73A3AE1, 0xC6A376D2, 0x6549C2C8, 0x530FF8EE, 0x468DDE7D, 0xD5730A1D, 0x4CD04DC6,
0x4BA99586,0xEF5562E9,0xC72FEFD3,0xF752F7DA,0x3F046F69,0x77FA0A59, 0x2939BBDB, 0xA9BA4650, 0xAC9526E8, 0xBE5EE304, 0xA1FAD5F0, 0x6A2D519A,
0x80E4A915,0x87B08601,0x9B09E6AD,0x3B3EE593,0xE990FD5A,0x9E34D797, 0x63EF8CE2, 0x9A86EE22, 0xC089C2B8, 0x43242EF6, 0xA51E03AA, 0x9CF2D0A4,
0x2CF0B7D9,0x022B8B51,0x96D5AC3A,0x017DA67D,0xD1CF3ED6,0x7C7D2D28, 0x83C061BA, 0x9BE96A4D, 0x8FE51550, 0xBA645BD6, 0x2826A2F9, 0xA73A3AE1,
0x1F9F25CF,0xADF2B89B,0x5AD6B472,0x5A88F54C,0xE029AC71,0xE019A5E6, 0x4BA99586, 0xEF5562E9, 0xC72FEFD3, 0xF752F7DA, 0x3F046F69, 0x77FA0A59,
0x47B0ACFD,0xED93FA9B,0xE8D3C48D,0x283B57CC,0xF8D56629,0x79132E28, 0x80E4A915, 0x87B08601, 0x9B09E6AD, 0x3B3EE593, 0xE990FD5A, 0x9E34D797,
0x785F0191,0xED756055,0xF7960E44,0xE3D35E8C,0x15056DD4,0x88F46DBA, 0x2CF0B7D9, 0x022B8B51, 0x96D5AC3A, 0x017DA67D, 0xD1CF3ED6, 0x7C7D2D28,
0x03A16125,0x0564F0BD,0xC3EB9E15,0x3C9057A2,0x97271AEC,0xA93A072A, 0x1F9F25CF, 0xADF2B89B, 0x5AD6B472, 0x5A88F54C, 0xE029AC71, 0xE019A5E6,
0x1B3F6D9B,0x1E6321F5,0xF59C66FB,0x26DCF319,0x7533D928,0xB155FDF5, 0x47B0ACFD, 0xED93FA9B, 0xE8D3C48D, 0x283B57CC, 0xF8D56629, 0x79132E28,
0x03563482,0x8ABA3CBB,0x28517711,0xC20AD9F8,0xABCC5167,0xCCAD925F, 0x785F0191, 0xED756055, 0xF7960E44, 0xE3D35E8C, 0x15056DD4, 0x88F46DBA,
0x4DE81751,0x3830DC8E,0x379D5862,0x9320F991,0xEA7A90C2,0xFB3E7BCE, 0x03A16125, 0x0564F0BD, 0xC3EB9E15, 0x3C9057A2, 0x97271AEC, 0xA93A072A,
0x5121CE64,0x774FBE32,0xA8B6E37E,0xC3293D46,0x48DE5369,0x6413E680, 0x1B3F6D9B, 0x1E6321F5, 0xF59C66FB, 0x26DCF319, 0x7533D928, 0xB155FDF5,
0xA2AE0810,0xDD6DB224,0x69852DFD,0x09072166,0xB39A460A,0x6445C0DD, 0x03563482, 0x8ABA3CBB, 0x28517711, 0xC20AD9F8, 0xABCC5167, 0xCCAD925F,
0x586CDECF,0x1C20C8AE,0x5BBEF7DD,0x1B588D40,0xCCD2017F,0x6BB4E3BB, 0x4DE81751, 0x3830DC8E, 0x379D5862, 0x9320F991, 0xEA7A90C2, 0xFB3E7BCE,
0xDDA26A7E,0x3A59FF45,0x3E350A44,0xBCB4CDD5,0x72EACEA8,0xFA6484BB, 0x5121CE64, 0x774FBE32, 0xA8B6E37E, 0xC3293D46, 0x48DE5369, 0x6413E680,
0x8D6612AE,0xBF3C6F47,0xD29BE463,0x542F5D9E,0xAEC2771B,0xF64E6370, 0xA2AE0810, 0xDD6DB224, 0x69852DFD, 0x09072166, 0xB39A460A, 0x6445C0DD,
0x740E0D8D,0xE75B1357,0xF8721671,0xAF537D5D,0x4040CB08,0x4EB4E2CC, 0x586CDECF, 0x1C20C8AE, 0x5BBEF7DD, 0x1B588D40, 0xCCD2017F, 0x6BB4E3BB,
0x34D2466A,0x0115AF84,0xE1B00428,0x95983A1D,0x06B89FB4,0xCE6EA048, 0xDDA26A7E, 0x3A59FF45, 0x3E350A44, 0xBCB4CDD5, 0x72EACEA8, 0xFA6484BB,
0x6F3F3B82,0x3520AB82,0x011A1D4B,0x277227F8,0x611560B1,0xE7933FDC, 0x8D6612AE, 0xBF3C6F47, 0xD29BE463, 0x542F5D9E, 0xAEC2771B, 0xF64E6370,
0xBB3A792B,0x344525BD,0xA08839E1,0x51CE794B,0x2F32C9B7,0xA01FBAC9, 0x740E0D8D, 0xE75B1357, 0xF8721671, 0xAF537D5D, 0x4040CB08, 0x4EB4E2CC,
0xE01CC87E,0xBCC7D1F6,0xCF0111C3,0xA1E8AAC7,0x1A908749,0xD44FBD9A, 0x34D2466A, 0x0115AF84, 0xE1B00428, 0x95983A1D, 0x06B89FB4, 0xCE6EA048,
0xD0DADECB,0xD50ADA38,0x0339C32A,0xC6913667,0x8DF9317C,0xE0B12B4F, 0x6F3F3B82, 0x3520AB82, 0x011A1D4B, 0x277227F8, 0x611560B1, 0xE7933FDC,
0xF79E59B7,0x43F5BB3A,0xF2D519FF,0x27D9459C,0xBF97222C,0x15E6FC2A, 0xBB3A792B, 0x344525BD, 0xA08839E1, 0x51CE794B, 0x2F32C9B7, 0xA01FBAC9,
0x0F91FC71,0x9B941525,0xFAE59361,0xCEB69CEB,0xC2A86459,0x12BAA8D1, 0xE01CC87E, 0xBCC7D1F6, 0xCF0111C3, 0xA1E8AAC7, 0x1A908749, 0xD44FBD9A,
0xB6C1075E,0xE3056A0C,0x10D25065,0xCB03A442,0xE0EC6E0E,0x1698DB3B, 0xD0DADECB, 0xD50ADA38, 0x0339C32A, 0xC6913667, 0x8DF9317C, 0xE0B12B4F,
0x4C98A0BE,0x3278E964,0x9F1F9532,0xE0D392DF,0xD3A0342B,0x8971F21E, 0xF79E59B7, 0x43F5BB3A, 0xF2D519FF, 0x27D9459C, 0xBF97222C, 0x15E6FC2A,
0x1B0A7441,0x4BA3348C,0xC5BE7120,0xC37632D8,0xDF359F8D,0x9B992F2E, 0x0F91FC71, 0x9B941525, 0xFAE59361, 0xCEB69CEB, 0xC2A86459, 0x12BAA8D1,
0xE60B6F47,0x0FE3F11D,0xE54CDA54,0x1EDAD891,0xCE6279CF,0xCD3E7E6F, 0xB6C1075E, 0xE3056A0C, 0x10D25065, 0xCB03A442, 0xE0EC6E0E, 0x1698DB3B,
0x1618B166,0xFD2C1D05,0x848FD2C5,0xF6FB2299,0xF523F357,0xA6327623, 0x4C98A0BE, 0x3278E964, 0x9F1F9532, 0xE0D392DF, 0xD3A0342B, 0x8971F21E,
0x93A83531,0x56CCCD02,0xACF08162,0x5A75EBB5,0x6E163697,0x88D273CC, 0x1B0A7441, 0x4BA3348C, 0xC5BE7120, 0xC37632D8, 0xDF359F8D, 0x9B992F2E,
0xDE966292,0x81B949D0,0x4C50901B,0x71C65614,0xE6C6C7BD,0x327A140A, 0xE60B6F47, 0x0FE3F11D, 0xE54CDA54, 0x1EDAD891, 0xCE6279CF, 0xCD3E7E6F,
0x45E1D006,0xC3F27B9A,0xC9AA53FD,0x62A80F00,0xBB25BFE2,0x35BDD2F6, 0x1618B166, 0xFD2C1D05, 0x848FD2C5, 0xF6FB2299, 0xF523F357, 0xA6327623,
0x71126905,0xB2040222,0xB6CBCF7C,0xCD769C2B,0x53113EC0,0x1640E3D3, 0x93A83531, 0x56CCCD02, 0xACF08162, 0x5A75EBB5, 0x6E163697, 0x88D273CC,
0x38ABBD60,0x2547ADF0,0xBA38209C,0xF746CE76,0x77AFA1C5,0x20756060, 0xDE966292, 0x81B949D0, 0x4C50901B, 0x71C65614, 0xE6C6C7BD, 0x327A140A,
0x85CBFE4E,0x8AE88DD8,0x7AAAF9B0,0x4CF9AA7E,0x1948C25C,0x02FB8A8C, 0x45E1D006, 0xC3F27B9A, 0xC9AA53FD, 0x62A80F00, 0xBB25BFE2, 0x35BDD2F6,
0x01C36AE4,0xD6EBE1F9,0x90D4F869,0xA65CDEA0,0x3F09252D,0xC208E69F, 0x71126905, 0xB2040222, 0xB6CBCF7C, 0xCD769C2B, 0x53113EC0, 0x1640E3D3,
0xB74E6132,0xCE77E25B,0x578FDFE3,0x3AC372E6 0x38ABBD60, 0x2547ADF0, 0xBA38209C, 0xF746CE76, 0x77AFA1C5, 0x20756060,
0x85CBFE4E, 0x8AE88DD8, 0x7AAAF9B0, 0x4CF9AA7E, 0x1948C25C, 0x02FB8A8C,
0x01C36AE4, 0xD6EBE1F9, 0x90D4F869, 0xA65CDEA0, 0x3F09252D, 0xC208E69F,
0xB74E6132, 0xCE77E25B, 0x578FDFE3, 0x3AC372E6
} }
}, },
/* p constants */ { /* ps */
{ 0x243F6A88, 0x85A308D3, 0x13198A2E, 0x03707344, 0xA4093822, 0x299F31D0,
0x243F6A88,0x85A308D3,0x13198A2E,0x03707344,0xA4093822,0x299F31D0, 0x082EFA98, 0xEC4E6C89, 0x452821E6, 0x38D01377, 0xBE5466CF, 0x34E90C6C,
0x082EFA98,0xEC4E6C89,0x452821E6,0x38D01377,0xBE5466CF,0x34E90C6C, 0xC0AC29B7, 0xC97C50DD, 0x3F84D5B5, 0xB5470917, 0x9216D5D9, 0x8979FB1B
0xC0AC29B7,0xC97C50DD,0x3F84D5B5,0xB5470917,0x9216D5D9,0x8979FB1B }
},
/* Initial value, reset after key is checked. */
BLOWFISH_WEAK_KEY
}; };
/* It's unfortunate to have to pick the bytes apart in the round /* It's unfortunate to have to pick the bytes apart in the round
* function. Werner's GNUPG code stored took the address of x, and * function. Werner's gnupg/libgcrypt code took the address of x, and
* then read the individual bytes depending on the endianness. But xr * then read the individual bytes depending on the endianness. But
* and xl ought to live in registers, so I'm not sure that really is a * since xr and xl ought to live in registers, copying via memory is a
* good way to do it. */ * bad idea. */
#define F(c, x) \ #define F(c, x) \
((( (c->s[0][(x>>24) &0xff] + c->s[1][(x>>16) & 0xff]) \ ((( (c->s[0][(x>>24) &0xff] + c->s[1][(x>>16) & 0xff]) \
^ c->s[2][(x>>8) & 0xff]) + c->s[3][x & 0xff]) & 0xffffffff) ^ c->s[2][(x>>8) & 0xff]) + c->s[3][x & 0xff]) & 0xffffffff)
#define R(c, l, r, i) do { l ^= c->p[i]; r ^= F(c, l); } while(0) #define R(c, l,r,i) do { l ^= c->p[i]; r ^= F(c,l); } while(0)
static void void
encrypt(struct blowfish_ctx *bc, uint32_t *ret_xl, uint32_t *ret_xr) _nettle_blowfish_encround (const struct blowfish_ctx *ctx, uint32_t * ret_xl,
uint32_t * ret_xr)
{ {
uint32_t xl, xr; uint32_t xl, xr;
xl = *ret_xl; xl = *ret_xl;
xr = *ret_xr; xr = *ret_xr;
R(bc, xl, xr, 0);
R(bc, xr, xl, 1); R (ctx, xl, xr, 0);
R(bc, xl, xr, 2); R (ctx, xr, xl, 1);
R(bc, xr, xl, 3); R (ctx, xl, xr, 2);
R(bc, xl, xr, 4); R (ctx, xr, xl, 3);
R(bc, xr, xl, 5); R (ctx, xl, xr, 4);
R(bc, xl, xr, 6); R (ctx, xr, xl, 5);
R(bc, xr, xl, 7); R (ctx, xl, xr, 6);
R(bc, xl, xr, 8); R (ctx, xr, xl, 7);
R(bc, xr, xl, 9); R (ctx, xl, xr, 8);
R(bc, xl, xr, 10); R (ctx, xr, xl, 9);
R(bc, xr, xl, 11); R (ctx, xl, xr, 10);
R(bc, xl, xr, 12); R (ctx, xr, xl, 11);
R(bc, xr, xl, 13); R (ctx, xl, xr, 12);
R(bc, xl, xr, 14); R (ctx, xr, xl, 13);
R(bc, xr, xl, 15); R (ctx, xl, xr, 14);
R (ctx, xr, xl, 15);
xl ^= bc->p[_BLOWFISH_ROUNDS];
xr ^= bc->p[_BLOWFISH_ROUNDS+1]; xl ^= ctx->p[_BLOWFISH_ROUNDS];
xr ^= ctx->p[_BLOWFISH_ROUNDS + 1];
*ret_xl = xr; *ret_xl = xr;
*ret_xr = xl; *ret_xr = xl;
} }
static void static void
decrypt(struct blowfish_ctx *bc, uint32_t *ret_xl, uint32_t *ret_xr ) decround (const struct blowfish_ctx *ctx, uint32_t * ret_xl, uint32_t * ret_xr)
{ {
uint32_t xl, xr; uint32_t xl, xr;
xl = *ret_xl; xl = *ret_xl;
xr = *ret_xr; xr = *ret_xr;
R(bc, xl, xr, 17); R (ctx, xl, xr, 17);
R(bc, xr, xl, 16); R (ctx, xr, xl, 16);
R(bc, xl, xr, 15); R (ctx, xl, xr, 15);
R(bc, xr, xl, 14); R (ctx, xr, xl, 14);
R(bc, xl, xr, 13); R (ctx, xl, xr, 13);
R(bc, xr, xl, 12); R (ctx, xr, xl, 12);
R(bc, xl, xr, 11); R (ctx, xl, xr, 11);
R(bc, xr, xl, 10); R (ctx, xr, xl, 10);
R(bc, xl, xr, 9); R (ctx, xl, xr, 9);
R(bc, xr, xl, 8); R (ctx, xr, xl, 8);
R(bc, xl, xr, 7); R (ctx, xl, xr, 7);
R(bc, xr, xl, 6); R (ctx, xr, xl, 6);
R(bc, xl, xr, 5); R (ctx, xl, xr, 5);
R(bc, xr, xl, 4); R (ctx, xr, xl, 4);
R(bc, xl, xr, 3); R (ctx, xl, xr, 3);
R(bc, xr, xl, 2); R (ctx, xr, xl, 2);
xl ^= bc->p[1]; xl ^= ctx->p[1];
xr ^= bc->p[0]; xr ^= ctx->p[0];
*ret_xl = xr; *ret_xl = xr;
*ret_xr = xl; *ret_xr = xl;
...@@ -309,113 +331,103 @@ decrypt(struct blowfish_ctx *bc, uint32_t *ret_xl, uint32_t *ret_xr ) ...@@ -309,113 +331,103 @@ decrypt(struct blowfish_ctx *bc, uint32_t *ret_xl, uint32_t *ret_xr )
#undef R #undef R
void void
blowfish_encrypt(struct blowfish_ctx *bc, unsigned length, blowfish_encrypt (const struct blowfish_ctx *ctx,
uint8_t *outbuf, const uint8_t *inbuf) size_t length, uint8_t * dst, const uint8_t * src)
{ {
uint32_t d1, d2; FOR_BLOCKS (length, dst, src, BLOWFISH_BLOCK_SIZE)
{
assert(!bc->status); uint32_t d1, d2;
FOR_BLOCKS(length, outbuf, inbuf, BLOWFISH_BLOCK_SIZE) d1 = READ_UINT32(src);
{ d2 = READ_UINT32(src+4);
d1 = READ_UINT32(inbuf); _nettle_blowfish_encround (ctx, &d1, &d2);
d2 = READ_UINT32(inbuf+ 4); dst[0] = (d1 >> 24) & 0xff;
dst[1] = (d1 >> 16) & 0xff;
encrypt( bc, &d1, &d2 ); dst[2] = (d1 >> 8) & 0xff;
dst[3] = d1 & 0xff;
WRITE_UINT32(outbuf, d1); dst[4] = (d2 >> 24) & 0xff;
WRITE_UINT32(outbuf + 4, d2); dst[5] = (d2 >> 16) & 0xff;
} dst[6] = (d2 >> 8) & 0xff;
dst[7] = d2 & 0xff;
}
} }
void void
blowfish_decrypt(struct blowfish_ctx *bc, unsigned length, blowfish_decrypt (const struct blowfish_ctx *ctx,
uint8_t *outbuf, const uint8_t *inbuf ) size_t length, uint8_t * dst, const uint8_t * src)
{ {
uint32_t d1, d2; FOR_BLOCKS (length, dst, src, BLOWFISH_BLOCK_SIZE)
{
assert(!bc->status); uint32_t d1, d2;
FOR_BLOCKS(length, outbuf, inbuf, BLOWFISH_BLOCK_SIZE) d1 = READ_UINT32(src);
{ d2 = READ_UINT32(src+4);
d1 = READ_UINT32(inbuf); decround (ctx, &d1, &d2);
d2 = READ_UINT32(inbuf+ 4); dst[0] = (d1 >> 24) & 0xff;
dst[1] = (d1 >> 16) & 0xff;
decrypt( bc, &d1, &d2 ); dst[2] = (d1 >> 8) & 0xff;
dst[3] = d1 & 0xff;
WRITE_UINT32(outbuf, d1); dst[4] = (d2 >> 24) & 0xff;
WRITE_UINT32(outbuf + 4, d2); dst[5] = (d2 >> 16) & 0xff;
} dst[6] = (d2 >> 8) & 0xff;
dst[7] = d2 & 0xff;
}
} }
int int
blowfish_set_key(struct blowfish_ctx *ctx, blowfish_set_key (struct blowfish_ctx *ctx,
unsigned keylen, const uint8_t *key) size_t length, const uint8_t * key)
{ {
int i, j; int i, j;
uint32_t data, datal, datar; uint32_t data, datal, datar;
#if 0 *ctx = _nettle_blowfish_initial_ctx;
static int initialized = 0;
if( !initialized ) { for (i = j = 0; i < _BLOWFISH_ROUNDS + 2; i++)
initialized = 1; {
assert(selftest()); data = ((uint32_t) key[j] << 24)
| ((uint32_t) key[(j+1) % length] << 16)
| ((uint32_t) key[(j+2) % length] << 8)
| (uint32_t) key[(j+3) % length];
ctx->p[i] ^= data;
j = (j + 4) % length;
} }
#endif
*ctx = initial_ctx; datal = datar = 0;
for (i = 0; i < _BLOWFISH_ROUNDS + 2; i += 2)
{
_nettle_blowfish_encround (ctx, &datal, &datar);
ctx->p[i] = datal;
ctx->p[i + 1] = datar;
}
for(i=j=0; i < _BLOWFISH_ROUNDS+2; i++ ) for (j = 0; j < 4; j++)
for (i = 0; i < 256; i += 2)
{ {
data = key[j] << 24 | key[(j+1) % keylen] <<16 _nettle_blowfish_encround (ctx, &datal, &datar);
| key[(j+2)%keylen] << 8 | key[(j+3)%keylen]; ctx->s[j][i] = datal;
ctx->s[j][i + 1] = datar;
}
ctx->p[i] ^= data; /* Check for weak key. A weak key is a key in which a value in
j = (j+4) % keylen; the P-array (here c) occurs more than once per table. */
} for (i = 0; i < 255; i++)
{
for (j = i + 1; j < 256; j++)
{
if ((ctx->s[0][i] == ctx->s[0][j])
|| (ctx->s[1][i] == ctx->s[1][j])
|| (ctx->s[2][i] == ctx->s[2][j])
|| (ctx->s[3][i] == ctx->s[3][j]))
return 0;
}
}
datal = datar = 0; return 1;
for(i=0; i < _BLOWFISH_ROUNDS+2; i += 2 ) }
{
encrypt( ctx, &datal, &datar ); int
ctx->p[i] = datal; blowfish128_set_key(struct blowfish_ctx *ctx, const uint8_t *key)
ctx->p[i+1] = datar; {
} return blowfish_set_key (ctx, BLOWFISH128_KEY_SIZE, key);
for(i=0; i < 256; i += 2 )
{
encrypt( ctx, &datal, &datar );
ctx->s[0][i] = datal;
ctx->s[0][i+1] = datar;
}
for(i=0; i < 256; i += 2 )
{
encrypt( ctx, &datal, &datar );
ctx->s[1][i] = datal;
ctx->s[1][i+1] = datar;
}
for(i=0; i < 256; i += 2 )
{
encrypt( ctx, &datal, &datar );
ctx->s[2][i] = datal;
ctx->s[2][i+1] = datar;
}
for(i=0; i < 256; i += 2 )
{
encrypt( ctx, &datal, &datar );
ctx->s[3][i] = datal;
ctx->s[3][i+1] = datar;
}
/* Check for weak key. A weak key is a key in which a value in */
/* the P-array (here c) occurs more than once per table. */
for(i=0; i < 255; i++ )
for( j=i+1; j < 256; j++)
if( (ctx->s[0][i] == ctx->s[0][j]) || (ctx->s[1][i] == ctx->s[1][j]) ||
(ctx->s[2][i] == ctx->s[2][j]) || (ctx->s[3][i] == ctx->s[3][j]) )
return 0;
ctx->status = BLOWFISH_OK;
return 1;
} }
blowfish.h
View file @ 53c76a47
/* blowfish.h /* blowfish.h
*
* Blowfish block cipher. Blowfish block cipher.
*/
Copyright (C) 2014 Niels Möller
/* nettle, low-level cryptographics library Copyright (C) 1998, 2001 FSF, Ray Dassen, Niels Möller
*
* Copyright (C) 1998, 2001 FSF, Ray Dassen, Niels Mller This file is part of GNU Nettle.
*
* The nettle library is free software; you can redistribute it and/or modify GNU Nettle is free software: you can redistribute it and/or
* it under the terms of the GNU Lesser General Public License as published by modify it under the terms of either:
* the Free Software Foundation; either version 2.1 of the License, or (at your
* option) any later version. * the GNU Lesser General Public License as published by the Free
* Software Foundation; either version 3 of the License, or (at your
* The nettle library is distributed in the hope that it will be useful, but option) any later version.
* WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
* or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public or
* License for more details.
* * the GNU General Public License as published by the Free
* You should have received a copy of the GNU Lesser General Public License Software Foundation; either version 2 of the License, or (at your
* along with the nettle library; see the file COPYING.LIB. If not, write to option) any later version.
* the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
* MA 02111-1307, USA. or both in parallel, as here.
*/
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_BLOWFISH_H_INCLUDED #ifndef NETTLE_BLOWFISH_H_INCLUDED
#define NETTLE_BLOWFISH_H_INCLUDED #define NETTLE_BLOWFISH_H_INCLUDED
#include <inttypes.h> #include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define blowfish_set_key nettle_blowfish_set_key
#define blowfish128_set_key nettle_blowfish128_set_key
#define blowfish_encrypt nettle_blowfish_encrypt
#define blowfish_decrypt nettle_blowfish_decrypt
#define blowfish_bcrypt_hash nettle_blowfish_bcrypt_hash
#define blowfish_bcrypt_verify nettle_blowfish_bcrypt_verify
#define BLOWFISH_BLOCK_SIZE 8 #define BLOWFISH_BLOCK_SIZE 8
...@@ -37,30 +58,49 @@ ...@@ -37,30 +58,49 @@
/* Default to 128 bits */ /* Default to 128 bits */
#define BLOWFISH_KEY_SIZE 16 #define BLOWFISH_KEY_SIZE 16
#define BLOWFISH128_KEY_SIZE 16
#define _BLOWFISH_ROUNDS 16 #define _BLOWFISH_ROUNDS 16
enum blowfish_error { BLOWFISH_OK, BLOWFISH_WEAK_KEY }; #define BLOWFISH_BCRYPT_HASH_SIZE (60 + 1) /* Including null-terminator */
#define BLOWFISH_BCRYPT_BINSALT_SIZE 16 /* Binary string size */
struct blowfish_ctx struct blowfish_ctx
{ {
uint32_t s[4][256]; uint32_t s[4][256];
uint32_t p[_BLOWFISH_ROUNDS+2]; uint32_t p[_BLOWFISH_ROUNDS+2];
enum blowfish_error status;
}; };
/* On success, returns 1 and sets ctx->status to BLOWFISH_OK (zero). /* Returns 0 for weak keys, otherwise 1. */
* On error, returns 0 and sets ctx->status to BLOWFISH_WEAK_KEY. */
int int
blowfish_set_key(struct blowfish_ctx *ctx, blowfish_set_key(struct blowfish_ctx *ctx,
unsigned length, const uint8_t *key); size_t length, const uint8_t *key);
int
blowfish128_set_key(struct blowfish_ctx *ctx, const uint8_t *key);
void void
blowfish_encrypt(struct blowfish_ctx *ctx, blowfish_encrypt(const struct blowfish_ctx *ctx,
unsigned length, uint8_t *dst, size_t length, uint8_t *dst,
const uint8_t *src); const uint8_t *src);
void void
blowfish_decrypt(struct blowfish_ctx *ctx, blowfish_decrypt(const struct blowfish_ctx *ctx,
unsigned length, uint8_t *dst, size_t length, uint8_t *dst,
const uint8_t *src); const uint8_t *src);
/* dst parameter must point to a buffer of minimally
* BLOWFISH_BCRYPT_HASH_SIZE bytes */
int
blowfish_bcrypt_hash(uint8_t *dst,
size_t lenkey, const uint8_t *key,
size_t lenscheme, const uint8_t *scheme,
int log2rounds,
const uint8_t *salt);
int
blowfish_bcrypt_verify(size_t lenkey, const uint8_t *key,
size_t lenhashed, const uint8_t *hashed);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_BLOWFISH_H_INCLUDED */ #endif /* NETTLE_BLOWFISH_H_INCLUDED */
bswap-internal.h 0 → 100644
View file @ 53c76a47
/* bswap-internal.h
Copyright (C) 2022 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_BSWAP_INTERNAL_H_INCLUDED
#define NETTLE_BSWAP_INTERNAL_H_INCLUDED
#include "nettle-types.h"
/* Note that these definitions depend config.h, which should be
included first. */
#if HAVE_BUILTIN_BSWAP64
#define nettle_bswap64 __builtin_bswap64
/* Assume bswap32 is also available. */
#define nettle_bswap32 __builtin_bswap32
#else
static inline uint64_t
nettle_bswap64 (uint64_t x)
{
x = (x >> 32) | (x << 32);
x = ((x >> 16) & UINT64_C (0xffff0000ffff))
| ((x & UINT64_C (0xffff0000ffff)) << 16);
x = ((x >> 8) & UINT64_C (0xff00ff00ff00ff))
| ((x & UINT64_C (0xff00ff00ff00ff)) << 8);
return x;
}
static inline uint32_t
nettle_bswap32 (uint32_t x)
{
x = (x << 16) | (x >> 16);
x = ((x & 0x00FF00FF) << 8) | ((x >> 8) & 0x00FF00FF);
return x;
}
#endif
static inline void
nettle_bswap32_n (unsigned n, uint32_t *x)
{
unsigned i;
for (i = 0; i < n; i++)
x[i] = nettle_bswap32 (x[i]);
}
#if WORDS_BIGENDIAN
#define bswap64_if_be nettle_bswap64
#define bswap32_if_be nettle_bswap32
#define bswap64_if_le(x) (x)
#define bswap32_if_le(x) (x)
#define bswap32_n_if_le(n, x)
#else
#define bswap64_if_be(x) (x)
#define bswap32_if_be(x) (x)
#define bswap64_if_le nettle_bswap64
#define bswap32_if_le nettle_bswap32
#define bswap32_n_if_le nettle_bswap32_n
#endif
#endif /* NETTLE_BSWAP_INTERNAL_H_INCLUDED */
buffer-init.c 0 → 100644
View file @ 53c76a47
/* buffer-init.c
Copyright (C) 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <stdlib.h>
#include "buffer.h"
#include "realloc.h"
/* This is in a separate file so that we don't link in realloc in
* programs that don't need it. */
void
nettle_buffer_init(struct nettle_buffer *buffer)
{
nettle_buffer_init_realloc(buffer, NULL, nettle_realloc);
}
buffer.c 0 → 100644
View file @ 53c76a47
/* buffer.c
A bare-bones string stream.
Copyright (C) 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include "buffer.h"
int
nettle_buffer_grow(struct nettle_buffer *buffer,
size_t length)
{
assert(buffer->size <= buffer->alloc);
if (buffer->size + length > buffer->alloc)
{
size_t alloc;
uint8_t *p;
if (!buffer->realloc)
return 0;
alloc = buffer->alloc * 2 + length + 100;
p = buffer->realloc(buffer->realloc_ctx, buffer->contents, alloc);
if (!p)
return 0;
buffer->contents = p;
buffer->alloc = alloc;
}
return 1;
}
void
nettle_buffer_init_realloc(struct nettle_buffer *buffer,
void *realloc_ctx,
nettle_realloc_func *realloc)
{
buffer->contents = NULL;
buffer->alloc = 0;
buffer->realloc = realloc;
buffer->realloc_ctx = realloc_ctx;
buffer->size = 0;
}
void
nettle_buffer_init_size(struct nettle_buffer *buffer,
size_t length, uint8_t *space)
{
buffer->contents = space;
buffer->alloc = length;
buffer->realloc = NULL;
buffer->realloc_ctx = NULL;
buffer->size = 0;
}
void
nettle_buffer_clear(struct nettle_buffer *buffer)
{
if (buffer->realloc)
buffer->realloc(buffer->realloc_ctx, buffer->contents, 0);
buffer->contents = NULL;
buffer->alloc = 0;
buffer->size = 0;
}
void
nettle_buffer_reset(struct nettle_buffer *buffer)
{
buffer->size = 0;
}
uint8_t *
nettle_buffer_space(struct nettle_buffer *buffer,
size_t length)
{
uint8_t *p;
if (!nettle_buffer_grow(buffer, length))
return NULL;
p = buffer->contents + buffer->size;
buffer->size += length;
return p;
}
int
nettle_buffer_write(struct nettle_buffer *buffer,
size_t length, const uint8_t *data)
{
uint8_t *p = nettle_buffer_space(buffer, length);
if (p)
{
memcpy(p, data, length);
return 1;
}
else
return 0;
}
int
nettle_buffer_copy(struct nettle_buffer *dst,
const struct nettle_buffer *src)
{
return nettle_buffer_write(dst, src->size, src->contents);
}
buffer.h 0 → 100644
View file @ 53c76a47
/* buffer.h
A bare-bones string stream.
Copyright (C) 2002 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_BUFFER_H_INCLUDED
#define NETTLE_BUFFER_H_INCLUDED
#include "realloc.h"
#ifdef __cplusplus
extern "C" {
#endif
struct nettle_buffer
{
uint8_t *contents;
/* Allocated size */
size_t alloc;
void *realloc_ctx;
nettle_realloc_func *realloc;
/* Current size */
size_t size;
};
/* Initializes a buffer that uses plain realloc */
void
nettle_buffer_init(struct nettle_buffer *buffer);
void
nettle_buffer_init_realloc(struct nettle_buffer *buffer,
void *realloc_ctx,
nettle_realloc_func *realloc);
/* Initializes a buffer of fix size */
void
nettle_buffer_init_size(struct nettle_buffer *buffer,
size_t length, uint8_t *space);
void
nettle_buffer_clear(struct nettle_buffer *buffer);
/* Resets the buffer, without freeing the buffer space. */
void
nettle_buffer_reset(struct nettle_buffer *buffer);
int
nettle_buffer_grow(struct nettle_buffer *buffer,
size_t length);
#define NETTLE_BUFFER_PUTC(buffer, c) \
( (((buffer)->size < (buffer)->alloc) || nettle_buffer_grow((buffer), 1)) \
&& ((buffer)->contents[(buffer)->size++] = (c), 1) )
int
nettle_buffer_write(struct nettle_buffer *buffer,
size_t length, const uint8_t *data);
/* Like nettle_buffer_write, but instead of copying data to the
* buffer, it returns a pointer to the area where the caller can copy
* the data. The pointer is valid only until the next call that can
* reallocate the buffer. */
uint8_t *
nettle_buffer_space(struct nettle_buffer *buffer,
size_t length);
/* Copy the contents of SRC to the end of DST. */
int
nettle_buffer_copy(struct nettle_buffer *dst,
const struct nettle_buffer *src);
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_BUFFER_H_INCLUDED */
camellia-absorb.c 0 → 100644
View file @ 53c76a47
/* camellia-absorb.c
Final key setup processing for the camellia block cipher.
Copyright (C) 2006,2007 NTT
(Nippon Telegraph and Telephone Corporation).
Copyright (C) 2010 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/*
* Algorithm Specification
* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
*/
/* Based on camellia.c ver 1.2.0, see
http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-LGPL-1.2.0.tar.gz.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
/* For CHAR_BIT, needed by HAVE_NATIVE_64_BIT */
#include <limits.h>
#include "camellia-internal.h"
#include "macros.h"
void
_nettle_camellia_absorb(unsigned nkeys, uint64_t *dst, uint64_t *subkey)
{
uint64_t kw2, kw4;
uint32_t dw, tl, tr;
unsigned i;
/* At this point, the subkey array contains the subkeys as described
in the spec, 26 for short keys and 34 for large keys. */
/* absorb kw2 to other subkeys */
kw2 = subkey[1];
subkey[3] ^= kw2;
subkey[5] ^= kw2;
subkey[7] ^= kw2;
for (i = 8; i < nkeys; i += 8)
{
/* FIXME: gcc for x86_32 is smart enough to fetch the 32 low bits
and xor the result into the 32 high bits, but it still generates
worse code than for explicit 32-bit operations. */
kw2 ^= (kw2 & ~subkey[i+1]) << 32;
dw = (kw2 & subkey[i+1]) >> 32; kw2 ^= ROTL32(1, dw);
subkey[i+3] ^= kw2;
subkey[i+5] ^= kw2;
subkey[i+7] ^= kw2;
}
subkey[i] ^= kw2;
/* absorb kw4 to other subkeys */
kw4 = subkey[nkeys + 1];
for (i = nkeys - 8; i > 0; i -= 8)
{
subkey[i+6] ^= kw4;
subkey[i+4] ^= kw4;
subkey[i+2] ^= kw4;
kw4 ^= (kw4 & ~subkey[i]) << 32;
dw = (kw4 & subkey[i]) >> 32; kw4 ^= ROTL32(1, dw);
}
subkey[6] ^= kw4;
subkey[4] ^= kw4;
subkey[2] ^= kw4;
subkey[0] ^= kw4;
/* key XOR is end of F-function */
dst[0] = subkey[0] ^ subkey[2];
dst[1] = subkey[3];
dst[2] = subkey[2] ^ subkey[4];
dst[3] = subkey[3] ^ subkey[5];
dst[4] = subkey[4] ^ subkey[6];
dst[5] = subkey[5] ^ subkey[7];
for (i = 8; i < nkeys; i += 8)
{
tl = (subkey[i+2] >> 32) ^ (subkey[i+2] & ~subkey[i]);
dw = tl & (subkey[i] >> 32);
tr = subkey[i+2] ^ ROTL32(1, dw);
dst[i-2] = subkey[i-2] ^ ( ((uint64_t) tl << 32) | tr);
dst[i-1] = subkey[i];
dst[i] = subkey[i+1];
tl = (subkey[i-1] >> 32) ^ (subkey[i-1] & ~subkey[i+1]);
dw = tl & (subkey[i+1] >> 32);
tr = subkey[i-1] ^ ROTL32(1, dw);
dst[i+1] = subkey[i+3] ^ ( ((uint64_t) tl << 32) | tr);
dst[i+2] = subkey[i+2] ^ subkey[i+4];
dst[i+3] = subkey[i+3] ^ subkey[i+5];
dst[i+4] = subkey[i+4] ^ subkey[i+6];
dst[i+5] = subkey[i+5] ^ subkey[i+7];
}
dst[i-2] = subkey[i-2];
dst[i-1] = subkey[i] ^ subkey[i-1];
#if !HAVE_NATIVE_64_BIT
for (i = 0; i < nkeys; i += 8)
{
/* apply the inverse of the last half of F-function */
CAMELLIA_F_HALF_INV(dst[i+1]);
CAMELLIA_F_HALF_INV(dst[i+2]);
CAMELLIA_F_HALF_INV(dst[i+3]);
CAMELLIA_F_HALF_INV(dst[i+4]);
CAMELLIA_F_HALF_INV(dst[i+5]);
CAMELLIA_F_HALF_INV(dst[i+6]);
}
#endif
}
camellia-crypt-internal.c 0 → 100644
View file @ 53c76a47
/* camellia-crypt-internal.c
Copyright (C) 2006,2007 NTT
(Nippon Telegraph and Telephone Corporation).
Copyright (C) 2010 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/*
* Algorithm Specification
* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
*/
/* Based on camellia.c ver 1.2.0, see
http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-LGPL-1.2.0.tar.gz.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include <limits.h>
#include "camellia-internal.h"
#include "macros.h"
#define CAMELLIA_FL(x, k) do { \
uint32_t __xl, __xr, __kl, __kr, __t; \
__xl = (x) >> 32; \
__xr = (x) & 0xffffffff; \
__kl = (k) >> 32; \
__kr = (k) & 0xffffffff; \
__t = __xl & __kl; \
__xr ^= ROTL32(1, __t); \
__xl ^= (__xr | __kr); \
(x) = ((uint64_t) __xl << 32) | __xr; \
} while (0)
#define CAMELLIA_FLINV(x, k) do { \
uint32_t __xl, __xr, __kl, __kr, __t; \
__xl = (x) >> 32; \
__xr = (x) & 0xffffffff; \
__kl = (k) >> 32; \
__kr = (k) & 0xffffffff; \
__xl ^= (__xr | __kr); \
__t = __xl & __kl; \
__xr ^= ROTL32(1, __t); \
(x) = ((uint64_t) __xl << 32) | __xr; \
} while (0)
#if HAVE_NATIVE_64_BIT
#define CAMELLIA_ROUNDSM(T, x, k, y) do { \
uint32_t __il, __ir; \
__ir \
= T->sp1110[(x) & 0xff] \
^ T->sp0222[((x) >> 24) & 0xff] \
^ T->sp3033[((x) >> 16) & 0xff] \
^ T->sp4404[((x) >> 8) & 0xff]; \
/* ir == (t6^t7^t8),(t5^t7^t8),(t5^t6^t8),(t5^t6^t7) */ \
__il \
= T->sp1110[ (x) >> 56] \
^ T->sp0222[((x) >> 48) & 0xff] \
^ T->sp3033[((x) >> 40) & 0xff] \
^ T->sp4404[((x) >> 32) & 0xff]; \
/* il == (t1^t3^t4),(t1^t2^t4),(t1^t2^t3),(t2^t3^t4) */ \
__ir ^= __il; \
/* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \
(t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \
== y1,y2,y3,y4 */ \
__il = ROTL32(24, __il); \
/* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \
__il ^= __ir; \
/* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \
(t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7) \
== y5,y6,y7,y8 */ \
y ^= (k); \
y ^= ((uint64_t) __ir << 32) | __il; \
} while (0)
#else /* !HAVE_NATIVE_64_BIT */
#define CAMELLIA_ROUNDSM(T, x, k, y) do { \
uint32_t __il, __ir; \
__ir \
= T->sp1110[(x) & 0xff] \
^ T->sp0222[((x) >> 24) & 0xff] \
^ T->sp3033[((x) >> 16) & 0xff] \
^ T->sp4404[((x) >> 8) & 0xff]; \
/* ir == (t6^t7^t8),(t5^t7^t8),(t5^t6^t8),(t5^t6^t7) */ \
__il \
= T->sp1110[ (x) >> 56] \
^ T->sp0222[((x) >> 48) & 0xff] \
^ T->sp3033[((x) >> 40) & 0xff] \
^ T->sp4404[((x) >> 32) & 0xff]; \
/* il == (t1^t3^t4),(t1^t2^t4),(t1^t2^t3),(t2^t3^t4) */ \
__il ^= (k) >> 32; \
__ir ^= (k) & 0xffffffff; \
__ir ^= __il; \
/* ir == (t1^t3^t4^t6^t7^t8),(t1^t2^t4^t5^t7^t8), \
(t1^t2^t3^t5^t6^t8),(t2^t3^t4^t5^t6^t7) \
== y1,y2,y3,y4 */ \
__il = ROTL32(24, __il); \
/* il == (t2^t3^t4),(t1^t3^t4),(t1^t2^t4),(t1^t2^t3) */ \
__il ^= __ir; \
/* il == (t1^t2^t6^t7^t8),(t2^t3^t5^t7^t8), \
(t3^t4^t5^t6^t8),(t1^t4^t5^t6^t7) \
== y5,y6,y7,y8 */ \
y ^= ((uint64_t) __ir << 32) | __il; \
} while (0)
#endif
void
_nettle_camellia_crypt(unsigned nkeys,
const uint64_t *keys,
const struct camellia_table *T,
size_t length, uint8_t *dst,
const uint8_t *src)
{
FOR_BLOCKS(length, dst, src, CAMELLIA_BLOCK_SIZE)
{
uint64_t i0,i1;
unsigned i;
i0 = READ_UINT64(src);
i1 = READ_UINT64(src + 8);
/* pre whitening but absorb kw2*/
i0 ^= keys[0];
/* main iteration */
CAMELLIA_ROUNDSM(T, i0, keys[1], i1);
CAMELLIA_ROUNDSM(T, i1, keys[2], i0);
CAMELLIA_ROUNDSM(T, i0, keys[3], i1);
CAMELLIA_ROUNDSM(T, i1, keys[4], i0);
CAMELLIA_ROUNDSM(T, i0, keys[5], i1);
CAMELLIA_ROUNDSM(T, i1, keys[6], i0);
for (i = 0; i < nkeys - 8; i+= 8)
{
CAMELLIA_FL(i0, keys[i+7]);
CAMELLIA_FLINV(i1, keys[i+8]);
CAMELLIA_ROUNDSM(T, i0, keys[i+9], i1);
CAMELLIA_ROUNDSM(T, i1, keys[i+10], i0);
CAMELLIA_ROUNDSM(T, i0, keys[i+11], i1);
CAMELLIA_ROUNDSM(T, i1, keys[i+12], i0);
CAMELLIA_ROUNDSM(T, i0, keys[i+13], i1);
CAMELLIA_ROUNDSM(T, i1, keys[i+14], i0);
}
/* post whitening but kw4 */
i1 ^= keys[i+7];
WRITE_UINT64(dst , i1);
WRITE_UINT64(dst + 8, i0);
}
}
camellia-internal.h 0 → 100644
View file @ 53c76a47
/* camellia-internal.h
The camellia block cipher.
Copyright (C) 2006,2007 NTT
(Nippon Telegraph and Telephone Corporation).
Copyright (C) 2010 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/*
* Algorithm Specification
* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
*/
/* Based on camellia.c ver 1.2.0, see
http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-LGPL-1.2.0.tar.gz.
*/
#ifndef NETTLE_CAMELLIA_INTERNAL_H_INCLUDED
#define NETTLE_CAMELLIA_INTERNAL_H_INCLUDED
#include "camellia.h"
/*
* macros
*/
/* Destructive rotation of 128 bit values. */
#define ROTL128(bits, xl, xr) do { \
uint64_t __rol128_t = (xl); \
(xl) = ((xl) << (bits)) | ((xr) >> (64 - (bits))); \
(xr) = ((xr) << (bits)) | (__rol128_t >> (64 - (bits))); \
} while (0)
struct camellia_table
{
uint32_t sp1110[256];
uint32_t sp0222[256];
uint32_t sp3033[256];
uint32_t sp4404[256];
};
/* key constants */
#define SIGMA1 0xA09E667F3BCC908BULL
#define SIGMA2 0xB67AE8584CAA73B2ULL
#define SIGMA3 0xC6EF372FE94F82BEULL
#define SIGMA4 0x54FF53A5F1D36F1CULL
#define SIGMA5 0x10E527FADE682D1DULL
#define SIGMA6 0xB05688C2B3E6C1FDULL
#define CAMELLIA_SP1110(INDEX) (_nettle_camellia_table.sp1110[(int)(INDEX)])
#define CAMELLIA_SP0222(INDEX) (_nettle_camellia_table.sp0222[(int)(INDEX)])
#define CAMELLIA_SP3033(INDEX) (_nettle_camellia_table.sp3033[(int)(INDEX)])
#define CAMELLIA_SP4404(INDEX) (_nettle_camellia_table.sp4404[(int)(INDEX)])
#define CAMELLIA_F(x, k, y) do { \
uint32_t __yl, __yr; \
uint64_t __i = (x) ^ (k); \
__yl \
= CAMELLIA_SP1110( __i & 0xff) \
^ CAMELLIA_SP0222((__i >> 24) & 0xff) \
^ CAMELLIA_SP3033((__i >> 16) & 0xff) \
^ CAMELLIA_SP4404((__i >> 8) & 0xff); \
__yr \
= CAMELLIA_SP1110( __i >> 56) \
^ CAMELLIA_SP0222((__i >> 48) & 0xff) \
^ CAMELLIA_SP3033((__i >> 40) & 0xff) \
^ CAMELLIA_SP4404((__i >> 32) & 0xff); \
__yl ^= __yr; \
__yr = ROTL32(24, __yr); \
__yr ^= __yl; \
(y) = ((uint64_t) __yl << 32) | __yr; \
} while (0)
#if ! HAVE_NATIVE_64_BIT
#define CAMELLIA_F_HALF_INV(x) do { \
uint32_t __t, __w; \
__t = (x) >> 32; \
__w = __t ^(x); \
__w = ROTL32(8, __w); \
(x) = ((uint64_t) __w << 32) | (__t ^ __w); \
} while (0)
#endif
void
_nettle_camellia_crypt(unsigned nkeys, const uint64_t *keys,
const struct camellia_table *T,
size_t length, uint8_t *dst,
const uint8_t *src);
/* The initial NKEYS + 2 subkeys in SUBKEY are reduced to the final
NKEYS subkeys stored in DST. SUBKEY data is modified in the
process. */
void
_nettle_camellia_absorb(unsigned nkeys, uint64_t *dst, uint64_t *subkey);
void
_nettle_camellia_invert_key(unsigned nkeys,
uint64_t *dst, const uint64_t *src);
extern const struct camellia_table _nettle_camellia_table;
#endif /* NETTLE_CAMELLIA_INTERNAL_H_INCLUDED */
camellia-invert-key.c 0 → 100644
View file @ 53c76a47
/* camellia-invert-key.c
Inverting a key means reversing order of subkeys.
Copyright (C) 2010 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "camellia-internal.h"
#define SWAP(a, b) \
do { uint64_t t_swap = (a); (a) = (b); (b) = t_swap; } while(0)
void
_nettle_camellia_invert_key(unsigned nkeys,
uint64_t *dst, const uint64_t *src)
{
unsigned i;
if (dst == src)
for (i = 0; i < nkeys - 1 - i; i++)
SWAP (dst[i], dst[nkeys - 1- i]);
else
for (i = 0; i < nkeys; i++)
dst[i] = src[nkeys - 1 - i];
}
camellia-table.c 0 → 100644
View file @ 53c76a47
/* camellia-table.c
SBOX tables used by both encryption and key setup.
Copyright (C) 2006,2007 NTT
(Nippon Telegraph and Telephone Corporation).
Copyright (C) 2010 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/*
* Algorithm Specification
* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
*/
/* Based on camellia.c ver 1.2.0, see
http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-LGPL-1.2.0.tar.gz.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "camellia-internal.h"
const struct camellia_table _nettle_camellia_table = {
/* sp1110 */
{
0x70707000,0x82828200,0x2c2c2c00,0xececec00,
0xb3b3b300,0x27272700,0xc0c0c000,0xe5e5e500,
0xe4e4e400,0x85858500,0x57575700,0x35353500,
0xeaeaea00,0x0c0c0c00,0xaeaeae00,0x41414100,
0x23232300,0xefefef00,0x6b6b6b00,0x93939300,
0x45454500,0x19191900,0xa5a5a500,0x21212100,
0xededed00,0x0e0e0e00,0x4f4f4f00,0x4e4e4e00,
0x1d1d1d00,0x65656500,0x92929200,0xbdbdbd00,
0x86868600,0xb8b8b800,0xafafaf00,0x8f8f8f00,
0x7c7c7c00,0xebebeb00,0x1f1f1f00,0xcecece00,
0x3e3e3e00,0x30303000,0xdcdcdc00,0x5f5f5f00,
0x5e5e5e00,0xc5c5c500,0x0b0b0b00,0x1a1a1a00,
0xa6a6a600,0xe1e1e100,0x39393900,0xcacaca00,
0xd5d5d500,0x47474700,0x5d5d5d00,0x3d3d3d00,
0xd9d9d900,0x01010100,0x5a5a5a00,0xd6d6d600,
0x51515100,0x56565600,0x6c6c6c00,0x4d4d4d00,
0x8b8b8b00,0x0d0d0d00,0x9a9a9a00,0x66666600,
0xfbfbfb00,0xcccccc00,0xb0b0b000,0x2d2d2d00,
0x74747400,0x12121200,0x2b2b2b00,0x20202000,
0xf0f0f000,0xb1b1b100,0x84848400,0x99999900,
0xdfdfdf00,0x4c4c4c00,0xcbcbcb00,0xc2c2c200,
0x34343400,0x7e7e7e00,0x76767600,0x05050500,
0x6d6d6d00,0xb7b7b700,0xa9a9a900,0x31313100,
0xd1d1d100,0x17171700,0x04040400,0xd7d7d700,
0x14141400,0x58585800,0x3a3a3a00,0x61616100,
0xdedede00,0x1b1b1b00,0x11111100,0x1c1c1c00,
0x32323200,0x0f0f0f00,0x9c9c9c00,0x16161600,
0x53535300,0x18181800,0xf2f2f200,0x22222200,
0xfefefe00,0x44444400,0xcfcfcf00,0xb2b2b200,
0xc3c3c300,0xb5b5b500,0x7a7a7a00,0x91919100,
0x24242400,0x08080800,0xe8e8e800,0xa8a8a800,
0x60606000,0xfcfcfc00,0x69696900,0x50505000,
0xaaaaaa00,0xd0d0d000,0xa0a0a000,0x7d7d7d00,
0xa1a1a100,0x89898900,0x62626200,0x97979700,
0x54545400,0x5b5b5b00,0x1e1e1e00,0x95959500,
0xe0e0e000,0xffffff00,0x64646400,0xd2d2d200,
0x10101000,0xc4c4c400,0x00000000,0x48484800,
0xa3a3a300,0xf7f7f700,0x75757500,0xdbdbdb00,
0x8a8a8a00,0x03030300,0xe6e6e600,0xdadada00,
0x09090900,0x3f3f3f00,0xdddddd00,0x94949400,
0x87878700,0x5c5c5c00,0x83838300,0x02020200,
0xcdcdcd00,0x4a4a4a00,0x90909000,0x33333300,
0x73737300,0x67676700,0xf6f6f600,0xf3f3f300,
0x9d9d9d00,0x7f7f7f00,0xbfbfbf00,0xe2e2e200,
0x52525200,0x9b9b9b00,0xd8d8d800,0x26262600,
0xc8c8c800,0x37373700,0xc6c6c600,0x3b3b3b00,
0x81818100,0x96969600,0x6f6f6f00,0x4b4b4b00,
0x13131300,0xbebebe00,0x63636300,0x2e2e2e00,
0xe9e9e900,0x79797900,0xa7a7a700,0x8c8c8c00,
0x9f9f9f00,0x6e6e6e00,0xbcbcbc00,0x8e8e8e00,
0x29292900,0xf5f5f500,0xf9f9f900,0xb6b6b600,
0x2f2f2f00,0xfdfdfd00,0xb4b4b400,0x59595900,
0x78787800,0x98989800,0x06060600,0x6a6a6a00,
0xe7e7e700,0x46464600,0x71717100,0xbababa00,
0xd4d4d400,0x25252500,0xababab00,0x42424200,
0x88888800,0xa2a2a200,0x8d8d8d00,0xfafafa00,
0x72727200,0x07070700,0xb9b9b900,0x55555500,
0xf8f8f800,0xeeeeee00,0xacacac00,0x0a0a0a00,
0x36363600,0x49494900,0x2a2a2a00,0x68686800,
0x3c3c3c00,0x38383800,0xf1f1f100,0xa4a4a400,
0x40404000,0x28282800,0xd3d3d300,0x7b7b7b00,
0xbbbbbb00,0xc9c9c900,0x43434300,0xc1c1c100,
0x15151500,0xe3e3e300,0xadadad00,0xf4f4f400,
0x77777700,0xc7c7c700,0x80808000,0x9e9e9e00,
},
/* sp0222 */
{
0x00e0e0e0,0x00050505,0x00585858,0x00d9d9d9,
0x00676767,0x004e4e4e,0x00818181,0x00cbcbcb,
0x00c9c9c9,0x000b0b0b,0x00aeaeae,0x006a6a6a,
0x00d5d5d5,0x00181818,0x005d5d5d,0x00828282,
0x00464646,0x00dfdfdf,0x00d6d6d6,0x00272727,
0x008a8a8a,0x00323232,0x004b4b4b,0x00424242,
0x00dbdbdb,0x001c1c1c,0x009e9e9e,0x009c9c9c,
0x003a3a3a,0x00cacaca,0x00252525,0x007b7b7b,
0x000d0d0d,0x00717171,0x005f5f5f,0x001f1f1f,
0x00f8f8f8,0x00d7d7d7,0x003e3e3e,0x009d9d9d,
0x007c7c7c,0x00606060,0x00b9b9b9,0x00bebebe,
0x00bcbcbc,0x008b8b8b,0x00161616,0x00343434,
0x004d4d4d,0x00c3c3c3,0x00727272,0x00959595,
0x00ababab,0x008e8e8e,0x00bababa,0x007a7a7a,
0x00b3b3b3,0x00020202,0x00b4b4b4,0x00adadad,
0x00a2a2a2,0x00acacac,0x00d8d8d8,0x009a9a9a,
0x00171717,0x001a1a1a,0x00353535,0x00cccccc,
0x00f7f7f7,0x00999999,0x00616161,0x005a5a5a,
0x00e8e8e8,0x00242424,0x00565656,0x00404040,
0x00e1e1e1,0x00636363,0x00090909,0x00333333,
0x00bfbfbf,0x00989898,0x00979797,0x00858585,
0x00686868,0x00fcfcfc,0x00ececec,0x000a0a0a,
0x00dadada,0x006f6f6f,0x00535353,0x00626262,
0x00a3a3a3,0x002e2e2e,0x00080808,0x00afafaf,
0x00282828,0x00b0b0b0,0x00747474,0x00c2c2c2,
0x00bdbdbd,0x00363636,0x00222222,0x00383838,
0x00646464,0x001e1e1e,0x00393939,0x002c2c2c,
0x00a6a6a6,0x00303030,0x00e5e5e5,0x00444444,
0x00fdfdfd,0x00888888,0x009f9f9f,0x00656565,
0x00878787,0x006b6b6b,0x00f4f4f4,0x00232323,
0x00484848,0x00101010,0x00d1d1d1,0x00515151,
0x00c0c0c0,0x00f9f9f9,0x00d2d2d2,0x00a0a0a0,
0x00555555,0x00a1a1a1,0x00414141,0x00fafafa,
0x00434343,0x00131313,0x00c4c4c4,0x002f2f2f,
0x00a8a8a8,0x00b6b6b6,0x003c3c3c,0x002b2b2b,
0x00c1c1c1,0x00ffffff,0x00c8c8c8,0x00a5a5a5,
0x00202020,0x00898989,0x00000000,0x00909090,
0x00474747,0x00efefef,0x00eaeaea,0x00b7b7b7,
0x00151515,0x00060606,0x00cdcdcd,0x00b5b5b5,
0x00121212,0x007e7e7e,0x00bbbbbb,0x00292929,
0x000f0f0f,0x00b8b8b8,0x00070707,0x00040404,
0x009b9b9b,0x00949494,0x00212121,0x00666666,
0x00e6e6e6,0x00cecece,0x00ededed,0x00e7e7e7,
0x003b3b3b,0x00fefefe,0x007f7f7f,0x00c5c5c5,
0x00a4a4a4,0x00373737,0x00b1b1b1,0x004c4c4c,
0x00919191,0x006e6e6e,0x008d8d8d,0x00767676,
0x00030303,0x002d2d2d,0x00dedede,0x00969696,
0x00262626,0x007d7d7d,0x00c6c6c6,0x005c5c5c,
0x00d3d3d3,0x00f2f2f2,0x004f4f4f,0x00191919,
0x003f3f3f,0x00dcdcdc,0x00797979,0x001d1d1d,
0x00525252,0x00ebebeb,0x00f3f3f3,0x006d6d6d,
0x005e5e5e,0x00fbfbfb,0x00696969,0x00b2b2b2,
0x00f0f0f0,0x00313131,0x000c0c0c,0x00d4d4d4,
0x00cfcfcf,0x008c8c8c,0x00e2e2e2,0x00757575,
0x00a9a9a9,0x004a4a4a,0x00575757,0x00848484,
0x00111111,0x00454545,0x001b1b1b,0x00f5f5f5,
0x00e4e4e4,0x000e0e0e,0x00737373,0x00aaaaaa,
0x00f1f1f1,0x00dddddd,0x00595959,0x00141414,
0x006c6c6c,0x00929292,0x00545454,0x00d0d0d0,
0x00787878,0x00707070,0x00e3e3e3,0x00494949,
0x00808080,0x00505050,0x00a7a7a7,0x00f6f6f6,
0x00777777,0x00939393,0x00868686,0x00838383,
0x002a2a2a,0x00c7c7c7,0x005b5b5b,0x00e9e9e9,
0x00eeeeee,0x008f8f8f,0x00010101,0x003d3d3d,
},
/* sp3033 */
{
0x38003838,0x41004141,0x16001616,0x76007676,
0xd900d9d9,0x93009393,0x60006060,0xf200f2f2,
0x72007272,0xc200c2c2,0xab00abab,0x9a009a9a,
0x75007575,0x06000606,0x57005757,0xa000a0a0,
0x91009191,0xf700f7f7,0xb500b5b5,0xc900c9c9,
0xa200a2a2,0x8c008c8c,0xd200d2d2,0x90009090,
0xf600f6f6,0x07000707,0xa700a7a7,0x27002727,
0x8e008e8e,0xb200b2b2,0x49004949,0xde00dede,
0x43004343,0x5c005c5c,0xd700d7d7,0xc700c7c7,
0x3e003e3e,0xf500f5f5,0x8f008f8f,0x67006767,
0x1f001f1f,0x18001818,0x6e006e6e,0xaf00afaf,
0x2f002f2f,0xe200e2e2,0x85008585,0x0d000d0d,
0x53005353,0xf000f0f0,0x9c009c9c,0x65006565,
0xea00eaea,0xa300a3a3,0xae00aeae,0x9e009e9e,
0xec00ecec,0x80008080,0x2d002d2d,0x6b006b6b,
0xa800a8a8,0x2b002b2b,0x36003636,0xa600a6a6,
0xc500c5c5,0x86008686,0x4d004d4d,0x33003333,
0xfd00fdfd,0x66006666,0x58005858,0x96009696,
0x3a003a3a,0x09000909,0x95009595,0x10001010,
0x78007878,0xd800d8d8,0x42004242,0xcc00cccc,
0xef00efef,0x26002626,0xe500e5e5,0x61006161,
0x1a001a1a,0x3f003f3f,0x3b003b3b,0x82008282,
0xb600b6b6,0xdb00dbdb,0xd400d4d4,0x98009898,
0xe800e8e8,0x8b008b8b,0x02000202,0xeb00ebeb,
0x0a000a0a,0x2c002c2c,0x1d001d1d,0xb000b0b0,
0x6f006f6f,0x8d008d8d,0x88008888,0x0e000e0e,
0x19001919,0x87008787,0x4e004e4e,0x0b000b0b,
0xa900a9a9,0x0c000c0c,0x79007979,0x11001111,
0x7f007f7f,0x22002222,0xe700e7e7,0x59005959,
0xe100e1e1,0xda00dada,0x3d003d3d,0xc800c8c8,
0x12001212,0x04000404,0x74007474,0x54005454,
0x30003030,0x7e007e7e,0xb400b4b4,0x28002828,
0x55005555,0x68006868,0x50005050,0xbe00bebe,
0xd000d0d0,0xc400c4c4,0x31003131,0xcb00cbcb,
0x2a002a2a,0xad00adad,0x0f000f0f,0xca00caca,
0x70007070,0xff00ffff,0x32003232,0x69006969,
0x08000808,0x62006262,0x00000000,0x24002424,
0xd100d1d1,0xfb00fbfb,0xba00baba,0xed00eded,
0x45004545,0x81008181,0x73007373,0x6d006d6d,
0x84008484,0x9f009f9f,0xee00eeee,0x4a004a4a,
0xc300c3c3,0x2e002e2e,0xc100c1c1,0x01000101,
0xe600e6e6,0x25002525,0x48004848,0x99009999,
0xb900b9b9,0xb300b3b3,0x7b007b7b,0xf900f9f9,
0xce00cece,0xbf00bfbf,0xdf00dfdf,0x71007171,
0x29002929,0xcd00cdcd,0x6c006c6c,0x13001313,
0x64006464,0x9b009b9b,0x63006363,0x9d009d9d,
0xc000c0c0,0x4b004b4b,0xb700b7b7,0xa500a5a5,
0x89008989,0x5f005f5f,0xb100b1b1,0x17001717,
0xf400f4f4,0xbc00bcbc,0xd300d3d3,0x46004646,
0xcf00cfcf,0x37003737,0x5e005e5e,0x47004747,
0x94009494,0xfa00fafa,0xfc00fcfc,0x5b005b5b,
0x97009797,0xfe00fefe,0x5a005a5a,0xac00acac,
0x3c003c3c,0x4c004c4c,0x03000303,0x35003535,
0xf300f3f3,0x23002323,0xb800b8b8,0x5d005d5d,
0x6a006a6a,0x92009292,0xd500d5d5,0x21002121,
0x44004444,0x51005151,0xc600c6c6,0x7d007d7d,
0x39003939,0x83008383,0xdc00dcdc,0xaa00aaaa,
0x7c007c7c,0x77007777,0x56005656,0x05000505,
0x1b001b1b,0xa400a4a4,0x15001515,0x34003434,
0x1e001e1e,0x1c001c1c,0xf800f8f8,0x52005252,
0x20002020,0x14001414,0xe900e9e9,0xbd00bdbd,
0xdd00dddd,0xe400e4e4,0xa100a1a1,0xe000e0e0,
0x8a008a8a,0xf100f1f1,0xd600d6d6,0x7a007a7a,
0xbb00bbbb,0xe300e3e3,0x40004040,0x4f004f4f,
},
/* sp4404 */
{
0x70700070,0x2c2c002c,0xb3b300b3,0xc0c000c0,
0xe4e400e4,0x57570057,0xeaea00ea,0xaeae00ae,
0x23230023,0x6b6b006b,0x45450045,0xa5a500a5,
0xeded00ed,0x4f4f004f,0x1d1d001d,0x92920092,
0x86860086,0xafaf00af,0x7c7c007c,0x1f1f001f,
0x3e3e003e,0xdcdc00dc,0x5e5e005e,0x0b0b000b,
0xa6a600a6,0x39390039,0xd5d500d5,0x5d5d005d,
0xd9d900d9,0x5a5a005a,0x51510051,0x6c6c006c,
0x8b8b008b,0x9a9a009a,0xfbfb00fb,0xb0b000b0,
0x74740074,0x2b2b002b,0xf0f000f0,0x84840084,
0xdfdf00df,0xcbcb00cb,0x34340034,0x76760076,
0x6d6d006d,0xa9a900a9,0xd1d100d1,0x04040004,
0x14140014,0x3a3a003a,0xdede00de,0x11110011,
0x32320032,0x9c9c009c,0x53530053,0xf2f200f2,
0xfefe00fe,0xcfcf00cf,0xc3c300c3,0x7a7a007a,
0x24240024,0xe8e800e8,0x60600060,0x69690069,
0xaaaa00aa,0xa0a000a0,0xa1a100a1,0x62620062,
0x54540054,0x1e1e001e,0xe0e000e0,0x64640064,
0x10100010,0x00000000,0xa3a300a3,0x75750075,
0x8a8a008a,0xe6e600e6,0x09090009,0xdddd00dd,
0x87870087,0x83830083,0xcdcd00cd,0x90900090,
0x73730073,0xf6f600f6,0x9d9d009d,0xbfbf00bf,
0x52520052,0xd8d800d8,0xc8c800c8,0xc6c600c6,
0x81810081,0x6f6f006f,0x13130013,0x63630063,
0xe9e900e9,0xa7a700a7,0x9f9f009f,0xbcbc00bc,
0x29290029,0xf9f900f9,0x2f2f002f,0xb4b400b4,
0x78780078,0x06060006,0xe7e700e7,0x71710071,
0xd4d400d4,0xabab00ab,0x88880088,0x8d8d008d,
0x72720072,0xb9b900b9,0xf8f800f8,0xacac00ac,
0x36360036,0x2a2a002a,0x3c3c003c,0xf1f100f1,
0x40400040,0xd3d300d3,0xbbbb00bb,0x43430043,
0x15150015,0xadad00ad,0x77770077,0x80800080,
0x82820082,0xecec00ec,0x27270027,0xe5e500e5,
0x85850085,0x35350035,0x0c0c000c,0x41410041,
0xefef00ef,0x93930093,0x19190019,0x21210021,
0x0e0e000e,0x4e4e004e,0x65650065,0xbdbd00bd,
0xb8b800b8,0x8f8f008f,0xebeb00eb,0xcece00ce,
0x30300030,0x5f5f005f,0xc5c500c5,0x1a1a001a,
0xe1e100e1,0xcaca00ca,0x47470047,0x3d3d003d,
0x01010001,0xd6d600d6,0x56560056,0x4d4d004d,
0x0d0d000d,0x66660066,0xcccc00cc,0x2d2d002d,
0x12120012,0x20200020,0xb1b100b1,0x99990099,
0x4c4c004c,0xc2c200c2,0x7e7e007e,0x05050005,
0xb7b700b7,0x31310031,0x17170017,0xd7d700d7,
0x58580058,0x61610061,0x1b1b001b,0x1c1c001c,
0x0f0f000f,0x16160016,0x18180018,0x22220022,
0x44440044,0xb2b200b2,0xb5b500b5,0x91910091,
0x08080008,0xa8a800a8,0xfcfc00fc,0x50500050,
0xd0d000d0,0x7d7d007d,0x89890089,0x97970097,
0x5b5b005b,0x95950095,0xffff00ff,0xd2d200d2,
0xc4c400c4,0x48480048,0xf7f700f7,0xdbdb00db,
0x03030003,0xdada00da,0x3f3f003f,0x94940094,
0x5c5c005c,0x02020002,0x4a4a004a,0x33330033,
0x67670067,0xf3f300f3,0x7f7f007f,0xe2e200e2,
0x9b9b009b,0x26260026,0x37370037,0x3b3b003b,
0x96960096,0x4b4b004b,0xbebe00be,0x2e2e002e,
0x79790079,0x8c8c008c,0x6e6e006e,0x8e8e008e,
0xf5f500f5,0xb6b600b6,0xfdfd00fd,0x59590059,
0x98980098,0x6a6a006a,0x46460046,0xbaba00ba,
0x25250025,0x42420042,0xa2a200a2,0xfafa00fa,
0x07070007,0x55550055,0xeeee00ee,0x0a0a000a,
0x49490049,0x68680068,0x38380038,0xa4a400a4,
0x28280028,0x7b7b007b,0xc9c900c9,0xc1c100c1,
0xe3e300e3,0xf4f400f4,0xc7c700c7,0x9e9e009e,
}
};
camellia.h 0 → 100644
View file @ 53c76a47
/* camellia.h
Copyright (C) 2006,2007 NTT
(Nippon Telegraph and Telephone Corporation).
Copyright (C) 2010, 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#ifndef NETTLE_CAMELLIA_H_INCLUDED
#define NETTLE_CAMELLIA_H_INCLUDED
#include "nettle-types.h"
#ifdef __cplusplus
extern "C" {
#endif
/* Name mangling */
#define camellia128_set_encrypt_key nettle_camellia128_set_encrypt_key
#define camellia128_set_decrypt_key nettle_camellia_set_decrypt_key
#define camellia128_invert_key nettle_camellia128_invert_key
#define camellia128_crypt nettle_camellia128_crypt
#define camellia192_set_encrypt_key nettle_camellia192_set_encrypt_key
#define camellia192_set_decrypt_key nettle_camellia192_set_decrypt_key
#define camellia256_set_encrypt_key nettle_camellia256_set_encrypt_key
#define camellia256_set_decrypt_key nettle_camellia256_set_decrypt_key
#define camellia256_invert_key nettle_camellia256_invert_key
#define camellia256_crypt nettle_camellia256_crypt
#define CAMELLIA_BLOCK_SIZE 16
/* Valid key sizes are 128, 192 or 256 bits (16, 24 or 32 bytes) */
#define CAMELLIA128_KEY_SIZE 16
#define CAMELLIA192_KEY_SIZE 24
#define CAMELLIA256_KEY_SIZE 32
/* For 128-bit keys, there are 18 regular rounds, pre- and
post-whitening, and two FL and FLINV rounds, using a total of 26
subkeys, each of 64 bit. For 192- and 256-bit keys, there are 6
additional regular rounds and one additional FL and FLINV, using a
total of 34 subkeys. */
/* The clever combination of subkeys imply one of the pre- and
post-whitening keys is folded with the round keys, so that subkey
#1 and the last one (#25 or #33) is not used. The result is that we
have only 24 or 32 subkeys at the end of key setup. */
#define _CAMELLIA128_NKEYS 24
#define _CAMELLIA256_NKEYS 32
struct camellia128_ctx
{
uint64_t keys[_CAMELLIA128_NKEYS];
};
void
camellia128_set_encrypt_key(struct camellia128_ctx *ctx,
const uint8_t *key);
void
camellia128_set_decrypt_key(struct camellia128_ctx *ctx,
const uint8_t *key);
void
camellia128_invert_key(struct camellia128_ctx *dst,
const struct camellia128_ctx *src);
void
camellia128_crypt(const struct camellia128_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
struct camellia256_ctx
{
uint64_t keys[_CAMELLIA256_NKEYS];
};
void
camellia256_set_encrypt_key(struct camellia256_ctx *ctx,
const uint8_t *key);
void
camellia256_set_decrypt_key(struct camellia256_ctx *ctx,
const uint8_t *key);
void
camellia256_invert_key(struct camellia256_ctx *dst,
const struct camellia256_ctx *src);
void
camellia256_crypt(const struct camellia256_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src);
/* camellia192 is the same as camellia256, except for the key
schedule. */
/* Slightly ugly with a #define on a struct tag, since it might cause
surprises if also used as a name of a variable. */
#define camellia192_ctx camellia256_ctx
void
camellia192_set_encrypt_key(struct camellia256_ctx *ctx,
const uint8_t *key);
void
camellia192_set_decrypt_key(struct camellia256_ctx *ctx,
const uint8_t *key);
#define camellia192_invert_key camellia256_invert_key
#define camellia192_crypt camellia256_crypt
#ifdef __cplusplus
}
#endif
#endif /* NETTLE_CAMELLIA_H_INCLUDED */
camellia128-crypt.c 0 → 100644
View file @ 53c76a47
/* camellia128-crypt.c
Crypt function for the camellia block cipher.
Copyright (C) 2010, 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "camellia-internal.h"
/* The main point on this function is to help the assembler
implementations of _nettle_camellia_crypt to get the table pointer.
For PIC code, the details can be complex and system dependent. */
void
camellia128_crypt(const struct camellia128_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src)
{
assert(!(length % CAMELLIA_BLOCK_SIZE) );
_nettle_camellia_crypt(_CAMELLIA128_NKEYS, ctx->keys,
&_nettle_camellia_table,
length, dst, src);
}
camellia128-meta.c 0 → 100644
View file @ 53c76a47
/* camellia128-meta.c
Copyright (C) 2010, 2013, 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "nettle-meta.h"
#include "camellia.h"
const struct nettle_cipher nettle_camellia128 =
{ "camellia128", sizeof(struct camellia128_ctx),
CAMELLIA_BLOCK_SIZE, CAMELLIA128_KEY_SIZE,
(nettle_set_key_func *) camellia128_set_encrypt_key,
(nettle_set_key_func *) camellia128_set_decrypt_key,
(nettle_cipher_func *) camellia128_crypt,
(nettle_cipher_func *) camellia128_crypt
};
camellia128-set-decrypt-key.c 0 → 100644
View file @ 53c76a47
/* camellia128-set-decrypt-key.c
Inverse key setup for the camellia block cipher.
Copyright (C) 2010, 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include "camellia-internal.h"
void
camellia128_invert_key(struct camellia128_ctx *dst,
const struct camellia128_ctx *src)
{
_nettle_camellia_invert_key (_CAMELLIA128_NKEYS, dst->keys, src->keys);
}
void
camellia128_set_decrypt_key(struct camellia128_ctx *ctx,
const uint8_t *key)
{
camellia128_set_encrypt_key(ctx, key);
camellia128_invert_key(ctx, ctx);
}
camellia128-set-encrypt-key.c 0 → 100644
View file @ 53c76a47
/* camellia128-set-encrypt-key.c
Key setup for the camellia block cipher.
Copyright (C) 2006,2007 NTT
(Nippon Telegraph and Telephone Corporation).
Copyright (C) 2010, 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
/*
* Algorithm Specification
* http://info.isl.ntt.co.jp/crypt/eng/camellia/specifications.html
*/
/* Based on camellia.c ver 1.2.0, see
http://info.isl.ntt.co.jp/crypt/eng/camellia/dl/camellia-LGPL-1.2.0.tar.gz.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include <limits.h>
#include "camellia-internal.h"
#include "macros.h"
void
camellia128_set_encrypt_key (struct camellia128_ctx *ctx,
const uint8_t *key)
{
uint64_t k0, k1;
uint64_t subkey[_CAMELLIA128_NKEYS + 2];
uint64_t w;
k0 = READ_UINT64(key);
k1 = READ_UINT64(key + 8);
/**
* generate KL dependent subkeys
*/
subkey[0] = k0; subkey[1] = k1;
ROTL128(15, k0, k1);
subkey[4] = k0; subkey[5] = k1;
ROTL128(30, k0, k1);
subkey[10] = k0; subkey[11] = k1;
ROTL128(15, k0, k1);
subkey[13] = k1;
ROTL128(17, k0, k1);
subkey[16] = k0; subkey[17] = k1;
ROTL128(17, k0, k1);
subkey[18] = k0; subkey[19] = k1;
ROTL128(17, k0, k1);
subkey[22] = k0; subkey[23] = k1;
/* generate KA. D1 is k0, d2 is k1. */
/* FIXME: Make notation match the spec better. */
/* For the 128-bit case, KR = 0, the construction of KA reduces to:
D1 = KL >> 64;
W = KL & MASK64;
D2 = F(D1, Sigma1);
W = D2 ^ W
D1 = F(W, Sigma2)
D2 = D2 ^ F(D1, Sigma3);
D1 = D1 ^ F(D2, Sigma4);
KA = (D1 << 64) | D2;
*/
k0 = subkey[0]; w = subkey[1];
CAMELLIA_F(k0, SIGMA1, k1);
w ^= k1;
CAMELLIA_F(w, SIGMA2, k0);
CAMELLIA_F(k0, SIGMA3, w);
k1 ^= w;
CAMELLIA_F(k1, SIGMA4, w);
k0 ^= w;
/* generate KA dependent subkeys */
subkey[2] = k0; subkey[3] = k1;
ROTL128(15, k0, k1);
subkey[6] = k0; subkey[7] = k1;
ROTL128(15, k0, k1);
subkey[8] = k0; subkey[9] = k1;
ROTL128(15, k0, k1);
subkey[12] = k0;
ROTL128(15, k0, k1);
subkey[14] = k0; subkey[15] = k1;
ROTL128(34, k0, k1);
subkey[20] = k0; subkey[21] = k1;
ROTL128(17, k0, k1);
subkey[24] = k0; subkey[25] = k1;
/* Common final processing */
_nettle_camellia_absorb (_CAMELLIA128_NKEYS, ctx->keys, subkey);
}
camellia192-meta.c 0 → 100644
View file @ 53c76a47
/* camellia192-meta.c
Copyright (C) 2010, 2013, 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "nettle-meta.h"
#include "camellia.h"
const struct nettle_cipher nettle_camellia192 =
{ "camellia192", sizeof(struct camellia256_ctx),
CAMELLIA_BLOCK_SIZE, CAMELLIA192_KEY_SIZE,
(nettle_set_key_func *) camellia192_set_encrypt_key,
(nettle_set_key_func *) camellia192_set_decrypt_key,
(nettle_cipher_func *) camellia256_crypt,
(nettle_cipher_func *) camellia256_crypt
};
camellia256-crypt.c 0 → 100644
View file @ 53c76a47
/* camellia256-crypt.c
Crypt function for the camellia block cipher.
Copyright (C) 2010, 2013 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "camellia-internal.h"
/* The main point on this function is to help the assembler
implementations of _nettle_camellia_crypt to get the table pointer.
For PIC code, the details can be complex and system dependent. */
void
camellia256_crypt(const struct camellia256_ctx *ctx,
size_t length, uint8_t *dst,
const uint8_t *src)
{
assert(!(length % CAMELLIA_BLOCK_SIZE) );
_nettle_camellia_crypt(_CAMELLIA256_NKEYS, ctx->keys,
&_nettle_camellia_table,
length, dst, src);
}
camellia256-meta.c 0 → 100644
View file @ 53c76a47
/* camellia256-meta.c
Copyright (C) 2010, 2013, 2014 Niels Möller
This file is part of GNU Nettle.
GNU Nettle is free software: you can redistribute it and/or
modify it under the terms of either:
* the GNU Lesser General Public License as published by the Free
Software Foundation; either version 3 of the License, or (at your
option) any later version.
or
* the GNU General Public License as published by the Free
Software Foundation; either version 2 of the License, or (at your
option) any later version.
or both in parallel, as here.
GNU Nettle is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
General Public License for more details.
You should have received copies of the GNU General Public License and
the GNU Lesser General Public License along with this program. If
not, see http://www.gnu.org/licenses/.
*/
#if HAVE_CONFIG_H
# include "config.h"
#endif
#include <assert.h>
#include "nettle-meta.h"
#include "camellia.h"
const struct nettle_cipher nettle_camellia256 =
{ "camellia256", sizeof(struct camellia256_ctx),
CAMELLIA_BLOCK_SIZE, CAMELLIA256_KEY_SIZE,
(nettle_set_key_func *) camellia256_set_encrypt_key,
(nettle_set_key_func *) camellia256_set_decrypt_key,
(nettle_cipher_func *) camellia256_crypt,
(nettle_cipher_func *) camellia256_crypt
};