Public/VeraCrypt
1
0
Fork 0
mirror of https://github.com/veracrypt/VeraCrypt.git synced 2025-11-12 03:18:26 -06:00
Code Activity

Normalize all line terminators

Browse Source
This commit is contained in:
David Foerster
2016-05-10 20:20:14 +02:00
parent 98b04198c6
commit fc37cc4a02
297 changed files with 202290 additions and 202290 deletions
Download Patch File Download Diff File Expand all files Collapse all files

430
src/Crypto/Aes.h
View File

@@ -1,215 +1,215 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software is allowed (with or without
changes) provided that:
1. source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
2. binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation;
3. the name of the copyright holder is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
This file contains the definitions required to use AES in C. See aesopt.h
for optimisation details.
*/
/* Adapted for TrueCrypt */
#ifndef _AES_H
#define _AES_H
#include "Common/Tcdefs.h"
#ifndef EXIT_SUCCESS
#define EXIT_SUCCESS 0
#define EXIT_FAILURE 1
#endif
#define INT_RETURN int
#if defined(__cplusplus)
extern "C"
{
#endif
// #define AES_128 /* define if AES with 128 bit keys is needed */
// #define AES_192 /* define if AES with 192 bit keys is needed */
#define AES_256 /* define if AES with 256 bit keys is needed */
// #define AES_VAR /* define if a variable key size is needed */
// #define AES_MODES /* define if support is needed for modes */
/* The following must also be set in assembler files if being used */
#define AES_ENCRYPT /* if support for encryption is needed */
#define AES_DECRYPT /* if support for decryption is needed */
#define AES_ERR_CHK /* for parameter checks & error return codes */
#define AES_REV_DKS /* define to reverse decryption key schedule */
#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */
#define N_COLS 4 /* the number of columns in the state */
/* The key schedule length is 11, 13 or 15 16-byte blocks for 128, */
/* 192 or 256-bit keys respectively. That is 176, 208 or 240 bytes */
/* or 44, 52 or 60 32-bit words. */
#if defined( AES_VAR ) || defined( AES_256 )
#define KS_LENGTH 60
#elif defined( AES_192 )
#define KS_LENGTH 52
#else
#define KS_LENGTH 44
#endif
#if defined( AES_ERR_CHK )
#define AES_RETURN INT_RETURN
#else
#define AES_RETURN VOID_RETURN
#endif
/* the character array 'inf' in the following structures is used */
/* to hold AES context information. This AES code uses cx->inf.b[0] */
/* to hold the number of rounds multiplied by 16. The other three */
/* elements can be used by code that implements additional modes */
typedef union
{ uint_32t l;
uint_8t b[4];
} aes_inf;
typedef struct
{ uint_32t ks[KS_LENGTH];
aes_inf inf;
} aes_encrypt_ctx;
typedef struct
{ uint_32t ks[KS_LENGTH];
aes_inf inf;
} aes_decrypt_ctx;
/* This routine must be called before first use if non-static */
/* tables are being used */
AES_RETURN aes_init(void);
/* Key lengths in the range 16 <= key_len <= 32 are given in bytes, */
/* those in the range 128 <= key_len <= 256 are given in bits */
#if defined( AES_ENCRYPT )
#if defined(AES_128) || defined(AES_VAR)
AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_192) || defined(AES_VAR)
AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_256) || defined(AES_VAR)
AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_VAR)
AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1]);
#endif
AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1]);
#endif
#if defined( AES_DECRYPT )
#if defined(AES_128) || defined(AES_VAR)
AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_192) || defined(AES_VAR)
AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_256) || defined(AES_VAR)
AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_VAR)
AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1]);
#endif
AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_MODES)
/* Multiple calls to the following subroutines for multiple block */
/* ECB, CBC, CFB, OFB and CTR mode encryption can be used to handle */
/* long messages incremantally provided that the context AND the iv */
/* are preserved between all such calls. For the ECB and CBC modes */
/* each individual call within a series of incremental calls must */
/* process only full blocks (i.e. len must be a multiple of 16) but */
/* the CFB, OFB and CTR mode calls can handle multiple incremental */
/* calls of any length. Each mode is reset when a new AES key is */
/* set but ECB and CBC operations can be reset without setting a */
/* new key by setting a new IV value. To reset CFB, OFB and CTR */
/* without setting the key, aes_mode_reset() must be called and the */
/* IV must be set. NOTE: All these calls update the IV on exit so */
/* this has to be reset if a new operation with the same IV as the */
/* previous one is required (or decryption follows encryption with */
/* the same IV array). */
AES_RETURN aes_test_alignment_detection(unsigned int n);
AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_encrypt_ctx cx[1]);
AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_decrypt_ctx cx[1]);
AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_encrypt_ctx cx[1]);
AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_decrypt_ctx cx[1]);
AES_RETURN aes_mode_reset(aes_encrypt_ctx cx[1]);
AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
#define aes_ofb_encrypt aes_ofb_crypt
#define aes_ofb_decrypt aes_ofb_crypt
AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
typedef void cbuf_inc(unsigned char *cbuf);
#define aes_ctr_encrypt aes_ctr_crypt
#define aes_ctr_decrypt aes_ctr_crypt
AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1]);
#endif
#if defined(__cplusplus)
}
#endif
#endif
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software is allowed (with or without
changes) provided that:
1. source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
2. binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation;
3. the name of the copyright holder is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
This file contains the definitions required to use AES in C. See aesopt.h
for optimisation details.
*/
/* Adapted for TrueCrypt */
#ifndef _AES_H
#define _AES_H
#include "Common/Tcdefs.h"
#ifndef EXIT_SUCCESS
#define EXIT_SUCCESS 0
#define EXIT_FAILURE 1
#endif
#define INT_RETURN int
#if defined(__cplusplus)
extern "C"
{
#endif
// #define AES_128 /* define if AES with 128 bit keys is needed */
// #define AES_192 /* define if AES with 192 bit keys is needed */
#define AES_256 /* define if AES with 256 bit keys is needed */
// #define AES_VAR /* define if a variable key size is needed */
// #define AES_MODES /* define if support is needed for modes */
/* The following must also be set in assembler files if being used */
#define AES_ENCRYPT /* if support for encryption is needed */
#define AES_DECRYPT /* if support for decryption is needed */
#define AES_ERR_CHK /* for parameter checks & error return codes */
#define AES_REV_DKS /* define to reverse decryption key schedule */
#define AES_BLOCK_SIZE 16 /* the AES block size in bytes */
#define N_COLS 4 /* the number of columns in the state */
/* The key schedule length is 11, 13 or 15 16-byte blocks for 128, */
/* 192 or 256-bit keys respectively. That is 176, 208 or 240 bytes */
/* or 44, 52 or 60 32-bit words. */
#if defined( AES_VAR ) || defined( AES_256 )
#define KS_LENGTH 60
#elif defined( AES_192 )
#define KS_LENGTH 52
#else
#define KS_LENGTH 44
#endif
#if defined( AES_ERR_CHK )
#define AES_RETURN INT_RETURN
#else
#define AES_RETURN VOID_RETURN
#endif
/* the character array 'inf' in the following structures is used */
/* to hold AES context information. This AES code uses cx->inf.b[0] */
/* to hold the number of rounds multiplied by 16. The other three */
/* elements can be used by code that implements additional modes */
typedef union
{ uint_32t l;
uint_8t b[4];
} aes_inf;
typedef struct
{ uint_32t ks[KS_LENGTH];
aes_inf inf;
} aes_encrypt_ctx;
typedef struct
{ uint_32t ks[KS_LENGTH];
aes_inf inf;
} aes_decrypt_ctx;
/* This routine must be called before first use if non-static */
/* tables are being used */
AES_RETURN aes_init(void);
/* Key lengths in the range 16 <= key_len <= 32 are given in bytes, */
/* those in the range 128 <= key_len <= 256 are given in bits */
#if defined( AES_ENCRYPT )
#if defined(AES_128) || defined(AES_VAR)
AES_RETURN aes_encrypt_key128(const unsigned char *key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_192) || defined(AES_VAR)
AES_RETURN aes_encrypt_key192(const unsigned char *key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_256) || defined(AES_VAR)
AES_RETURN aes_encrypt_key256(const unsigned char *key, aes_encrypt_ctx cx[1]);
#endif
#if defined(AES_VAR)
AES_RETURN aes_encrypt_key(const unsigned char *key, int key_len, aes_encrypt_ctx cx[1]);
#endif
AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1]);
#endif
#if defined( AES_DECRYPT )
#if defined(AES_128) || defined(AES_VAR)
AES_RETURN aes_decrypt_key128(const unsigned char *key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_192) || defined(AES_VAR)
AES_RETURN aes_decrypt_key192(const unsigned char *key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_256) || defined(AES_VAR)
AES_RETURN aes_decrypt_key256(const unsigned char *key, aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_VAR)
AES_RETURN aes_decrypt_key(const unsigned char *key, int key_len, aes_decrypt_ctx cx[1]);
#endif
AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1]);
#endif
#if defined(AES_MODES)
/* Multiple calls to the following subroutines for multiple block */
/* ECB, CBC, CFB, OFB and CTR mode encryption can be used to handle */
/* long messages incremantally provided that the context AND the iv */
/* are preserved between all such calls. For the ECB and CBC modes */
/* each individual call within a series of incremental calls must */
/* process only full blocks (i.e. len must be a multiple of 16) but */
/* the CFB, OFB and CTR mode calls can handle multiple incremental */
/* calls of any length. Each mode is reset when a new AES key is */
/* set but ECB and CBC operations can be reset without setting a */
/* new key by setting a new IV value. To reset CFB, OFB and CTR */
/* without setting the key, aes_mode_reset() must be called and the */
/* IV must be set. NOTE: All these calls update the IV on exit so */
/* this has to be reset if a new operation with the same IV as the */
/* previous one is required (or decryption follows encryption with */
/* the same IV array). */
AES_RETURN aes_test_alignment_detection(unsigned int n);
AES_RETURN aes_ecb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_encrypt_ctx cx[1]);
AES_RETURN aes_ecb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, const aes_decrypt_ctx cx[1]);
AES_RETURN aes_cbc_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_encrypt_ctx cx[1]);
AES_RETURN aes_cbc_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, const aes_decrypt_ctx cx[1]);
AES_RETURN aes_mode_reset(aes_encrypt_ctx cx[1]);
AES_RETURN aes_cfb_encrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
AES_RETURN aes_cfb_decrypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
#define aes_ofb_encrypt aes_ofb_crypt
#define aes_ofb_decrypt aes_ofb_crypt
AES_RETURN aes_ofb_crypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *iv, aes_encrypt_ctx cx[1]);
typedef void cbuf_inc(unsigned char *cbuf);
#define aes_ctr_encrypt aes_ctr_crypt
#define aes_ctr_decrypt aes_ctr_crypt
AES_RETURN aes_ctr_crypt(const unsigned char *ibuf, unsigned char *obuf,
int len, unsigned char *cbuf, cbuf_inc ctr_inc, aes_encrypt_ctx cx[1]);
#endif
#if defined(__cplusplus)
}
#endif
#endif

1906
src/Crypto/AesSmall.c
View File

File diff suppressed because it is too large Load Diff

338
src/Crypto/AesSmall.h
View File

@@ -1,169 +1,169 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 09/09/2006
This is an AES implementation that uses only 8-bit byte operations on the
cipher state.
*/
#ifndef AES_H
#define AES_H
#if defined(__cplusplus)
extern "C"
{
#endif
/* This provides speed optimisation opportunities if 32-bit word
operations are available
*/
#if 1
# define HAVE_UINT_32T
#endif
#if 1
# define AES_ENC_PREKEYED /* AES encryption with a precomputed key schedule */
#endif
#if 1
# define AES_DEC_PREKEYED /* AES decryption with a precomputed key schedule */
#endif
#if 0
# define AES_ENC_128_OTFK /* AES encryption with 'on the fly' 128 bit keying */
#endif
#if 0
# define AES_DEC_128_OTFK /* AES decryption with 'on the fly' 128 bit keying */
#endif
#if 0
# define AES_ENC_256_OTFK /* AES encryption with 'on the fly' 256 bit keying */
#endif
#if 0
# define AES_DEC_256_OTFK /* AES decryption with 'on the fly' 256 bit keying */
#endif
#define N_ROW 4
#define N_COL 4
#define N_BLOCK (N_ROW * N_COL)
#define N_MAX_ROUNDS 14
typedef unsigned char uint_8t;
typedef uint_8t return_type;
typedef uint_8t length_type;
typedef uint_8t uint_type;
typedef unsigned char uint_8t;
typedef struct
{ uint_8t ksch[(N_MAX_ROUNDS + 1) * N_BLOCK];
uint_8t rnd;
} aes_context;
/* The following calls are for a precomputed key schedule
NOTE: If the length_type used for the key length is an
unsigned 8-bit character, a key length of 256 bits must
be entered as a length in bytes (valid inputs are hence
128, 192, 16, 24 and 32).
*/
#if defined( AES_ENC_PREKEYED ) || defined( AES_DEC_PREKEYED )
return_type aes_set_key( const unsigned char key[],
length_type keylen,
aes_context ctx[1] );
#endif
#if defined( AES_ENC_PREKEYED )
return_type aes_encrypt( const unsigned char in[N_BLOCK],
unsigned char out[N_BLOCK],
const aes_context ctx[1] );
#endif
#if defined( AES_DEC_PREKEYED )
return_type aes_decrypt( const unsigned char in[N_BLOCK],
unsigned char out[N_BLOCK],
const aes_context ctx[1] );
#endif
/* The following calls are for 'on the fly' keying. In this case the
encryption and decryption keys are different.
The encryption subroutines take a key in an array of bytes in
key[L] where L is 16, 24 or 32 bytes for key lengths of 128,
192, and 256 bits respectively. They then encrypts the input
data, in[] with this key and put the reult in the output array
out[]. In addition, the second key array, o_key[L], is used
to output the key that is needed by the decryption subroutine
to reverse the encryption operation. The two key arrays can
be the same array but in this case the original key will be
overwritten.
In the same way, the decryption subroutines output keys that
can be used to reverse their effect when used for encryption.
Only 128 and 256 bit keys are supported in these 'on the fly'
modes.
*/
#if defined( AES_ENC_128_OTFK )
void aes_encrypt_128( const unsigned char in[N_BLOCK],
unsigned char out[N_BLOCK],
const unsigned char key[N_BLOCK],
uint_8t o_key[N_BLOCK] );
#endif
#if defined( AES_DEC_128_OTFK )
void aes_decrypt_128( const unsigned char in[N_BLOCK],
unsigned char out[N_BLOCK],
const unsigned char key[N_BLOCK],
unsigned char o_key[N_BLOCK] );
#endif
#if defined( AES_ENC_256_OTFK )
void aes_encrypt_256( const unsigned char in[N_BLOCK],
unsigned char out[N_BLOCK],
const unsigned char key[2 * N_BLOCK],
unsigned char o_key[2 * N_BLOCK] );
#endif
#if defined( AES_DEC_256_OTFK )
void aes_decrypt_256( const unsigned char in[N_BLOCK],
unsigned char out[N_BLOCK],
const unsigned char key[2 * N_BLOCK],
unsigned char o_key[2 * N_BLOCK] );
#endif
#if defined(__cplusplus)
}
#endif
#endif
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2006, Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software in both source and binary
form is allowed (with or without changes) provided that:
1. distributions of this source code include the above copyright
notice, this list of conditions and the following disclaimer;
2. distributions in binary form include the above copyright
notice, this list of conditions and the following disclaimer
in the documentation and/or other associated materials;
3. the copyright holder's name is not used to endorse products
built using this software without specific written permission.
ALTERNATIVELY, provided that this notice is retained in full, this product
may be distributed under the terms of the GNU General Public License (GPL),
in which case the provisions of the GPL apply INSTEAD OF those given above.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue 09/09/2006
This is an AES implementation that uses only 8-bit byte operations on the
cipher state.
*/
#ifndef AES_H
#define AES_H
#if defined(__cplusplus)
extern "C"
{
#endif
/* This provides speed optimisation opportunities if 32-bit word
operations are available
*/
#if 1
# define HAVE_UINT_32T
#endif
#if 1
# define AES_ENC_PREKEYED /* AES encryption with a precomputed key schedule */
#endif
#if 1
# define AES_DEC_PREKEYED /* AES decryption with a precomputed key schedule */
#endif
#if 0
# define AES_ENC_128_OTFK /* AES encryption with 'on the fly' 128 bit keying */
#endif
#if 0
# define AES_DEC_128_OTFK /* AES decryption with 'on the fly' 128 bit keying */
#endif
#if 0
# define AES_ENC_256_OTFK /* AES encryption with 'on the fly' 256 bit keying */
#endif
#if 0
# define AES_DEC_256_OTFK /* AES decryption with 'on the fly' 256 bit keying */
#endif
#define N_ROW 4
#define N_COL 4
#define N_BLOCK (N_ROW * N_COL)
#define N_MAX_ROUNDS 14
typedef unsigned char uint_8t;
typedef uint_8t return_type;
typedef uint_8t length_type;
typedef uint_8t uint_type;
typedef unsigned char uint_8t;
typedef struct
{ uint_8t ksch[(N_MAX_ROUNDS + 1) * N_BLOCK];
uint_8t rnd;
} aes_context;
/* The following calls are for a precomputed key schedule
NOTE: If the length_type used for the key length is an
unsigned 8-bit character, a key length of 256 bits must
be entered as a length in bytes (valid inputs are hence
128, 192, 16, 24 and 32).
*/
#if defined( AES_ENC_PREKEYED ) || defined( AES_DEC_PREKEYED )
return_type aes_set_key( const unsigned char key[],
length_type keylen,
aes_context ctx[1] );
#endif
#if defined( AES_ENC_PREKEYED )
return_type aes_encrypt( const unsigned char in[N_BLOCK],
unsigned char out[N_BLOCK],
const aes_context ctx[1] );
#endif
#if defined( AES_DEC_PREKEYED )
return_type aes_decrypt( const unsigned char in[N_BLOCK],
unsigned char out[N_BLOCK],
const aes_context ctx[1] );
#endif
/* The following calls are for 'on the fly' keying. In this case the
encryption and decryption keys are different.
The encryption subroutines take a key in an array of bytes in
key[L] where L is 16, 24 or 32 bytes for key lengths of 128,
192, and 256 bits respectively. They then encrypts the input
data, in[] with this key and put the reult in the output array
out[]. In addition, the second key array, o_key[L], is used
to output the key that is needed by the decryption subroutine
to reverse the encryption operation. The two key arrays can
be the same array but in this case the original key will be
overwritten.
In the same way, the decryption subroutines output keys that
can be used to reverse their effect when used for encryption.
Only 128 and 256 bit keys are supported in these 'on the fly'
modes.
*/
#if defined( AES_ENC_128_OTFK )
void aes_encrypt_128( const unsigned char in[N_BLOCK],
unsigned char out[N_BLOCK],
const unsigned char key[N_BLOCK],
uint_8t o_key[N_BLOCK] );
#endif
#if defined( AES_DEC_128_OTFK )
void aes_decrypt_128( const unsigned char in[N_BLOCK],
unsigned char out[N_BLOCK],
const unsigned char key[N_BLOCK],
unsigned char o_key[N_BLOCK] );
#endif
#if defined( AES_ENC_256_OTFK )
void aes_encrypt_256( const unsigned char in[N_BLOCK],
unsigned char out[N_BLOCK],
const unsigned char key[2 * N_BLOCK],
unsigned char o_key[2 * N_BLOCK] );
#endif
#if defined( AES_DEC_256_OTFK )
void aes_decrypt_256( const unsigned char in[N_BLOCK],
unsigned char out[N_BLOCK],
const unsigned char key[2 * N_BLOCK],
unsigned char o_key[2 * N_BLOCK] );
#endif
#if defined(__cplusplus)
}
#endif
#endif

2888
src/Crypto/AesSmall_x86.asm
View File

File diff suppressed because it is too large Load Diff

660
src/Crypto/Aes_hw_cpu.asm
View File

@@ -1,330 +1,330 @@
;
; Copyright (c) 2010 TrueCrypt Developers Association. All rights reserved.
;
; Governed by the TrueCrypt License 3.0 the full text of which is contained in
; the file License.txt included in TrueCrypt binary and source code distribution
; packages.
;
%ifidn __BITS__, 16
%define R e
%elifidn __BITS__, 32
%define R e
%elifidn __BITS__, 64
%define R r
%endif
%macro export_function 1-2 0
%ifdef MS_STDCALL
global %1@%2
export _%1@%2
%1@%2:
%elifidn __BITS__, 16
global _%1
_%1:
%else
global %1
%1:
%endif
%endmacro
%macro aes_function_entry 1
; void (const byte *ks, byte *data);
export_function %1, 8
%ifidn __BITS__, 32
mov ecx, [esp + 4 + 4 * 0]
mov edx, [esp + 4 + 4 * 1]
%elifidn __BITS__, 64
%ifnidn __OUTPUT_FORMAT__, win64
mov rcx, rdi
mov rdx, rsi
%endif
%endif
; ecx/rcx = ks
; edx/rdx = data
%endmacro
%macro aes_function_exit 0
; void (const byte *, byte *);
%ifdef MS_STDCALL
ret 8
%else
ret
%endif
%endmacro
%macro push_xmm 2
sub rsp, 16 * (%2 - %1 + 1)
%assign stackoffset 0
%assign regnumber %1
%rep (%2 - %1 + 1)
movdqu [rsp + 16 * stackoffset], xmm%[regnumber]
%assign stackoffset stackoffset+1
%assign regnumber regnumber+1
%endrep
%endmacro
%macro pop_xmm 2
%assign stackoffset 0
%assign regnumber %1
%rep (%2 - %1 + 1)
movdqu xmm%[regnumber], [rsp + 16 * stackoffset]
%assign stackoffset stackoffset+1
%assign regnumber regnumber+1
%endrep
add rsp, 16 * (%2 - %1 + 1)
%endmacro
%macro aes_hw_cpu 2
%define OPERATION %1
%define BLOCK_COUNT %2
; Load data blocks
%assign block 1
%rep BLOCK_COUNT
movdqu xmm%[block], [%[R]dx + 16 * (block - 1)]
%assign block block+1
%endrep
; Encrypt/decrypt data blocks
%assign round 0
%rep 15
movdqu xmm0, [%[R]cx + 16 * round]
%assign block 1
%rep BLOCK_COUNT
%if round = 0
pxor xmm%[block], xmm0
%else
%if round < 14
aes%[OPERATION] xmm%[block], xmm0
%else
aes%[OPERATION]last xmm%[block], xmm0
%endif
%endif
%assign block block+1
%endrep
%assign round round+1
%endrep
; Store data blocks
%assign block 1
%rep BLOCK_COUNT
movdqu [%[R]dx + 16 * (block - 1)], xmm%[block]
%assign block block+1
%endrep
%undef OPERATION
%undef BLOCK_COUNT
%endmacro
%macro aes_hw_cpu_32_blocks 1
%define OPERATION_32_BLOCKS %1
%ifidn __BITS__, 64
%define MAX_REG_BLOCK_COUNT 15
%else
%define MAX_REG_BLOCK_COUNT 7
%endif
%ifidn __OUTPUT_FORMAT__, win64
%if MAX_REG_BLOCK_COUNT > 5
push_xmm 6, MAX_REG_BLOCK_COUNT
%endif
%endif
mov eax, 32 / MAX_REG_BLOCK_COUNT
.1:
aes_hw_cpu %[OPERATION_32_BLOCKS], MAX_REG_BLOCK_COUNT
add %[R]dx, 16 * MAX_REG_BLOCK_COUNT
dec eax
jnz .1
%if (32 % MAX_REG_BLOCK_COUNT) != 0
aes_hw_cpu %[OPERATION_32_BLOCKS], (32 % MAX_REG_BLOCK_COUNT)
%endif
%ifidn __OUTPUT_FORMAT__, win64
%if MAX_REG_BLOCK_COUNT > 5
pop_xmm 6, MAX_REG_BLOCK_COUNT
%endif
%endif
%undef OPERATION_32_BLOCKS
%undef MAX_REG_BLOCK_COUNT
%endmacro
%ifidn __BITS__, 16
USE16
SEGMENT _TEXT PUBLIC CLASS=CODE USE16
SEGMENT _DATA PUBLIC CLASS=DATA USE16
GROUP DGROUP _TEXT _DATA
SECTION _TEXT
%else
SECTION .text
%endif
; void aes_hw_cpu_enable_sse ();
export_function aes_hw_cpu_enable_sse
mov %[R]ax, cr4
or ax, 1 << 9
mov cr4, %[R]ax
ret
%ifidn __BITS__, 16
; byte is_aes_hw_cpu_supported ();
export_function is_aes_hw_cpu_supported
mov eax, 1
cpuid
mov eax, ecx
shr eax, 25
and al, 1
ret
; void aes_hw_cpu_decrypt (const byte *ks, byte *data);
export_function aes_hw_cpu_decrypt
mov ax, -16
jmp aes_hw_cpu_encrypt_decrypt
; void aes_hw_cpu_encrypt (const byte *ks, byte *data);
export_function aes_hw_cpu_encrypt
mov ax, 16
aes_hw_cpu_encrypt_decrypt:
push bp
mov bp, sp
push di
push si
mov si, [bp + 4] ; ks
mov di, [bp + 4 + 2] ; data
movdqu xmm0, [si]
movdqu xmm1, [di]
pxor xmm1, xmm0
mov cx, 13
.round1_13:
add si, ax
movdqu xmm0, [si]
cmp ax, 0
jl .decrypt
aesenc xmm1, xmm0
jmp .2
.decrypt:
aesdec xmm1, xmm0
.2:
loop .round1_13
add si, ax
movdqu xmm0, [si]
cmp ax, 0
jl .decrypt_last
aesenclast xmm1, xmm0
jmp .3
.decrypt_last:
aesdeclast xmm1, xmm0
.3:
movdqu [di], xmm1
pop si
pop di
pop bp
ret
%else ; __BITS__ != 16
; byte is_aes_hw_cpu_supported ();
export_function is_aes_hw_cpu_supported
push %[R]bx
mov eax, 1
cpuid
mov eax, ecx
shr eax, 25
and eax, 1
pop %[R]bx
ret
; void aes_hw_cpu_decrypt (const byte *ks, byte *data);
aes_function_entry aes_hw_cpu_decrypt
aes_hw_cpu dec, 1
aes_function_exit
; void aes_hw_cpu_decrypt_32_blocks (const byte *ks, byte *data);
aes_function_entry aes_hw_cpu_decrypt_32_blocks
aes_hw_cpu_32_blocks dec
aes_function_exit
; void aes_hw_cpu_encrypt (const byte *ks, byte *data);
aes_function_entry aes_hw_cpu_encrypt
aes_hw_cpu enc, 1
aes_function_exit
; void aes_hw_cpu_encrypt_32_blocks (const byte *ks, byte *data);
aes_function_entry aes_hw_cpu_encrypt_32_blocks
aes_hw_cpu_32_blocks enc
aes_function_exit
%endif ; __BITS__ != 16
;
; Copyright (c) 2010 TrueCrypt Developers Association. All rights reserved.
;
; Governed by the TrueCrypt License 3.0 the full text of which is contained in
; the file License.txt included in TrueCrypt binary and source code distribution
; packages.
;
%ifidn __BITS__, 16
%define R e
%elifidn __BITS__, 32
%define R e
%elifidn __BITS__, 64
%define R r
%endif
%macro export_function 1-2 0
%ifdef MS_STDCALL
global %1@%2
export _%1@%2
%1@%2:
%elifidn __BITS__, 16
global _%1
_%1:
%else
global %1
%1:
%endif
%endmacro
%macro aes_function_entry 1
; void (const byte *ks, byte *data);
export_function %1, 8
%ifidn __BITS__, 32
mov ecx, [esp + 4 + 4 * 0]
mov edx, [esp + 4 + 4 * 1]
%elifidn __BITS__, 64
%ifnidn __OUTPUT_FORMAT__, win64
mov rcx, rdi
mov rdx, rsi
%endif
%endif
; ecx/rcx = ks
; edx/rdx = data
%endmacro
%macro aes_function_exit 0
; void (const byte *, byte *);
%ifdef MS_STDCALL
ret 8
%else
ret
%endif
%endmacro
%macro push_xmm 2
sub rsp, 16 * (%2 - %1 + 1)
%assign stackoffset 0
%assign regnumber %1
%rep (%2 - %1 + 1)
movdqu [rsp + 16 * stackoffset], xmm%[regnumber]
%assign stackoffset stackoffset+1
%assign regnumber regnumber+1
%endrep
%endmacro
%macro pop_xmm 2
%assign stackoffset 0
%assign regnumber %1
%rep (%2 - %1 + 1)
movdqu xmm%[regnumber], [rsp + 16 * stackoffset]
%assign stackoffset stackoffset+1
%assign regnumber regnumber+1
%endrep
add rsp, 16 * (%2 - %1 + 1)
%endmacro
%macro aes_hw_cpu 2
%define OPERATION %1
%define BLOCK_COUNT %2
; Load data blocks
%assign block 1
%rep BLOCK_COUNT
movdqu xmm%[block], [%[R]dx + 16 * (block - 1)]
%assign block block+1
%endrep
; Encrypt/decrypt data blocks
%assign round 0
%rep 15
movdqu xmm0, [%[R]cx + 16 * round]
%assign block 1
%rep BLOCK_COUNT
%if round = 0
pxor xmm%[block], xmm0
%else
%if round < 14
aes%[OPERATION] xmm%[block], xmm0
%else
aes%[OPERATION]last xmm%[block], xmm0
%endif
%endif
%assign block block+1
%endrep
%assign round round+1
%endrep
; Store data blocks
%assign block 1
%rep BLOCK_COUNT
movdqu [%[R]dx + 16 * (block - 1)], xmm%[block]
%assign block block+1
%endrep
%undef OPERATION
%undef BLOCK_COUNT
%endmacro
%macro aes_hw_cpu_32_blocks 1
%define OPERATION_32_BLOCKS %1
%ifidn __BITS__, 64
%define MAX_REG_BLOCK_COUNT 15
%else
%define MAX_REG_BLOCK_COUNT 7
%endif
%ifidn __OUTPUT_FORMAT__, win64
%if MAX_REG_BLOCK_COUNT > 5
push_xmm 6, MAX_REG_BLOCK_COUNT
%endif
%endif
mov eax, 32 / MAX_REG_BLOCK_COUNT
.1:
aes_hw_cpu %[OPERATION_32_BLOCKS], MAX_REG_BLOCK_COUNT
add %[R]dx, 16 * MAX_REG_BLOCK_COUNT
dec eax
jnz .1
%if (32 % MAX_REG_BLOCK_COUNT) != 0
aes_hw_cpu %[OPERATION_32_BLOCKS], (32 % MAX_REG_BLOCK_COUNT)
%endif
%ifidn __OUTPUT_FORMAT__, win64
%if MAX_REG_BLOCK_COUNT > 5
pop_xmm 6, MAX_REG_BLOCK_COUNT
%endif
%endif
%undef OPERATION_32_BLOCKS
%undef MAX_REG_BLOCK_COUNT
%endmacro
%ifidn __BITS__, 16
USE16
SEGMENT _TEXT PUBLIC CLASS=CODE USE16
SEGMENT _DATA PUBLIC CLASS=DATA USE16
GROUP DGROUP _TEXT _DATA
SECTION _TEXT
%else
SECTION .text
%endif
; void aes_hw_cpu_enable_sse ();
export_function aes_hw_cpu_enable_sse
mov %[R]ax, cr4
or ax, 1 << 9
mov cr4, %[R]ax
ret
%ifidn __BITS__, 16
; byte is_aes_hw_cpu_supported ();
export_function is_aes_hw_cpu_supported
mov eax, 1
cpuid
mov eax, ecx
shr eax, 25
and al, 1
ret
; void aes_hw_cpu_decrypt (const byte *ks, byte *data);
export_function aes_hw_cpu_decrypt
mov ax, -16
jmp aes_hw_cpu_encrypt_decrypt
; void aes_hw_cpu_encrypt (const byte *ks, byte *data);
export_function aes_hw_cpu_encrypt
mov ax, 16
aes_hw_cpu_encrypt_decrypt:
push bp
mov bp, sp
push di
push si
mov si, [bp + 4] ; ks
mov di, [bp + 4 + 2] ; data
movdqu xmm0, [si]
movdqu xmm1, [di]
pxor xmm1, xmm0
mov cx, 13
.round1_13:
add si, ax
movdqu xmm0, [si]
cmp ax, 0
jl .decrypt
aesenc xmm1, xmm0
jmp .2
.decrypt:
aesdec xmm1, xmm0
.2:
loop .round1_13
add si, ax
movdqu xmm0, [si]
cmp ax, 0
jl .decrypt_last
aesenclast xmm1, xmm0
jmp .3
.decrypt_last:
aesdeclast xmm1, xmm0
.3:
movdqu [di], xmm1
pop si
pop di
pop bp
ret
%else ; __BITS__ != 16
; byte is_aes_hw_cpu_supported ();
export_function is_aes_hw_cpu_supported
push %[R]bx
mov eax, 1
cpuid
mov eax, ecx
shr eax, 25
and eax, 1
pop %[R]bx
ret
; void aes_hw_cpu_decrypt (const byte *ks, byte *data);
aes_function_entry aes_hw_cpu_decrypt
aes_hw_cpu dec, 1
aes_function_exit
; void aes_hw_cpu_decrypt_32_blocks (const byte *ks, byte *data);
aes_function_entry aes_hw_cpu_decrypt_32_blocks
aes_hw_cpu_32_blocks dec
aes_function_exit
; void aes_hw_cpu_encrypt (const byte *ks, byte *data);
aes_function_entry aes_hw_cpu_encrypt
aes_hw_cpu enc, 1
aes_function_exit
; void aes_hw_cpu_encrypt_32_blocks (const byte *ks, byte *data);
aes_function_entry aes_hw_cpu_encrypt_32_blocks
aes_hw_cpu_32_blocks enc
aes_function_exit
%endif ; __BITS__ != 16

48
src/Crypto/Aes_hw_cpu.h
View File

@@ -8,27 +8,27 @@
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages.
*/
#ifndef TC_HEADER_Crypto_Aes_Hw_Cpu
#define TC_HEADER_Crypto_Aes_Hw_Cpu
#include "Common/Tcdefs.h"
#if defined(__cplusplus)
extern "C"
{
#endif
byte is_aes_hw_cpu_supported ();
void aes_hw_cpu_enable_sse ();
void aes_hw_cpu_decrypt (const byte *ks, byte *data);
void aes_hw_cpu_decrypt_32_blocks (const byte *ks, byte *data);
void aes_hw_cpu_encrypt (const byte *ks, byte *data);
void aes_hw_cpu_encrypt_32_blocks (const byte *ks, byte *data);
#if defined(__cplusplus)
}
#endif
#endif // TC_HEADER_Crypto_Aes_Hw_Cpu
*/
#ifndef TC_HEADER_Crypto_Aes_Hw_Cpu
#define TC_HEADER_Crypto_Aes_Hw_Cpu
#include "Common/Tcdefs.h"
#if defined(__cplusplus)
extern "C"
{
#endif
byte is_aes_hw_cpu_supported ();
void aes_hw_cpu_enable_sse ();
void aes_hw_cpu_decrypt (const byte *ks, byte *data);
void aes_hw_cpu_decrypt_32_blocks (const byte *ks, byte *data);
void aes_hw_cpu_encrypt (const byte *ks, byte *data);
void aes_hw_cpu_encrypt_32_blocks (const byte *ks, byte *data);
#if defined(__cplusplus)
}
#endif
#endif // TC_HEADER_Crypto_Aes_Hw_Cpu

1814
src/Crypto/Aes_x64.asm
View File

File diff suppressed because it is too large Load Diff

1292
src/Crypto/Aes_x86.asm
View File

File diff suppressed because it is too large Load Diff

622
src/Crypto/Aescrypt.c
View File

@@ -1,311 +1,311 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software is allowed (with or without
changes) provided that:
1. source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
2. binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation;
3. the name of the copyright holder is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
*/
#include "Aesopt.h"
#include "Aestab.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c])
#define so(y,x,c) word_out(y, c, s(x,c))
#if defined(ARRAYS)
#define locals(y,x) x[4],y[4]
#else
#define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3
#endif
#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
s(y,2) = s(x,2); s(y,3) = s(x,3);
#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3)
#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3)
#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3)
#if ( FUNCS_IN_C & ENCRYPTION_IN_C )
/* Visual C++ .Net v7.1 provides the fastest encryption code when using
Pentium optimiation with small code but this is poor for decryption
so we need to control this with the following VC++ pragmas
*/
#if defined( _MSC_VER ) && !defined( _WIN64 )
#pragma optimize( "s", on )
#endif
/* Given the column (c) of the output state variable, the following
macros give the input state variables which are needed in its
computation for each row (r) of the state. All the alternative
macros give the same end values but expand into different ways
of calculating these values. In particular the complex macro
used for dynamically variable block sizes is designed to expand
to a compile time constant whenever possible but will expand to
conditional clauses on some branches (I am grateful to Frank
Yellin for this construction)
*/
#define fwd_var(x,r,c)\
( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
: r == 1 ? ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))\
: r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
: ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2)))
#if defined(FT4_SET)
#undef dec_fmvars
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,n),fwd_var,rf1,c))
#elif defined(FT1_SET)
#undef dec_fmvars
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(f,n),fwd_var,rf1,c))
#else
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ fwd_mcol(no_table(x,t_use(s,box),fwd_var,rf1,c)))
#endif
#if defined(FL4_SET)
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,l),fwd_var,rf1,c))
#elif defined(FL1_SET)
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(f,l),fwd_var,rf1,c))
#else
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(s,box),fwd_var,rf1,c))
#endif
AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1])
{ uint_32t locals(b0, b1);
const uint_32t *kp;
#if defined( dec_fmvars )
dec_fmvars; /* declare variables for fwd_mcol() if needed */
#endif
#if defined( AES_ERR_CHK )
if( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 )
return EXIT_FAILURE;
#endif
kp = cx->ks;
state_in(b0, in, kp);
#if (ENC_UNROLL == FULL)
switch(cx->inf.b[0])
{
case 14 * 16:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
kp += 2 * N_COLS;
case 12 * 16:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
kp += 2 * N_COLS;
case 10 * 16:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
round(fwd_rnd, b1, b0, kp + 3 * N_COLS);
round(fwd_rnd, b0, b1, kp + 4 * N_COLS);
round(fwd_rnd, b1, b0, kp + 5 * N_COLS);
round(fwd_rnd, b0, b1, kp + 6 * N_COLS);
round(fwd_rnd, b1, b0, kp + 7 * N_COLS);
round(fwd_rnd, b0, b1, kp + 8 * N_COLS);
round(fwd_rnd, b1, b0, kp + 9 * N_COLS);
round(fwd_lrnd, b0, b1, kp +10 * N_COLS);
}
#else
#if (ENC_UNROLL == PARTIAL)
{ uint_32t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1; ++rnd)
{
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
kp += N_COLS;
round(fwd_rnd, b0, b1, kp);
}
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
#else
{ uint_32t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1; ++rnd)
{
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
l_copy(b0, b1);
}
#endif
kp += N_COLS;
round(fwd_lrnd, b0, b1, kp);
}
#endif
state_out(out, b0);
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
}
#endif
#if ( FUNCS_IN_C & DECRYPTION_IN_C)
/* Visual C++ .Net v7.1 provides the fastest encryption code when using
Pentium optimiation with small code but this is poor for decryption
so we need to control this with the following VC++ pragmas
*/
#if defined( _MSC_VER ) && !defined( _WIN64 )
#pragma optimize( "t", on )
#endif
/* Given the column (c) of the output state variable, the following
macros give the input state variables which are needed in its
computation for each row (r) of the state. All the alternative
macros give the same end values but expand into different ways
of calculating these values. In particular the complex macro
used for dynamically variable block sizes is designed to expand
to a compile time constant whenever possible but will expand to
conditional clauses on some branches (I am grateful to Frank
Yellin for this construction)
*/
#define inv_var(x,r,c)\
( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
: r == 1 ? ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2))\
: r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
: ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0)))
#if defined(IT4_SET)
#undef dec_imvars
#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,n),inv_var,rf1,c))
#elif defined(IT1_SET)
#undef dec_imvars
#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(i,n),inv_var,rf1,c))
#else
#define inv_rnd(y,x,k,c) (s(y,c) = inv_mcol((k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c)))
#endif
#if defined(IL4_SET)
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,l),inv_var,rf1,c))
#elif defined(IL1_SET)
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(i,l),inv_var,rf1,c))
#else
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c))
#endif
/* This code can work with the decryption key schedule in the */
/* order that is used for encrytpion (where the 1st decryption */
/* round key is at the high end ot the schedule) or with a key */
/* schedule that has been reversed to put the 1st decryption */
/* round key at the low end of the schedule in memory (when */
/* AES_REV_DKS is defined) */
#ifdef AES_REV_DKS
#define key_ofs 0
#define rnd_key(n) (kp + n * N_COLS)
#else
#define key_ofs 1
#define rnd_key(n) (kp - n * N_COLS)
#endif
AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1])
{ uint_32t locals(b0, b1);
#if defined( dec_imvars )
dec_imvars; /* declare variables for inv_mcol() if needed */
#endif
const uint_32t *kp;
#if defined( AES_ERR_CHK )
if( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 )
return EXIT_FAILURE;
#endif
kp = cx->ks + (key_ofs ? (cx->inf.b[0] >> 2) : 0);
state_in(b0, in, kp);
#if (DEC_UNROLL == FULL)
kp = cx->ks + (key_ofs ? 0 : (cx->inf.b[0] >> 2));
switch(cx->inf.b[0])
{
case 14 * 16:
round(inv_rnd, b1, b0, rnd_key(-13));
round(inv_rnd, b0, b1, rnd_key(-12));
case 12 * 16:
round(inv_rnd, b1, b0, rnd_key(-11));
round(inv_rnd, b0, b1, rnd_key(-10));
case 10 * 16:
round(inv_rnd, b1, b0, rnd_key(-9));
round(inv_rnd, b0, b1, rnd_key(-8));
round(inv_rnd, b1, b0, rnd_key(-7));
round(inv_rnd, b0, b1, rnd_key(-6));
round(inv_rnd, b1, b0, rnd_key(-5));
round(inv_rnd, b0, b1, rnd_key(-4));
round(inv_rnd, b1, b0, rnd_key(-3));
round(inv_rnd, b0, b1, rnd_key(-2));
round(inv_rnd, b1, b0, rnd_key(-1));
round(inv_lrnd, b0, b1, rnd_key( 0));
}
#else
#if (DEC_UNROLL == PARTIAL)
{ uint_32t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1; ++rnd)
{
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
kp = rnd_key(1);
round(inv_rnd, b0, b1, kp);
}
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
#else
{ uint_32t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1; ++rnd)
{
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
l_copy(b0, b1);
}
#endif
kp = rnd_key(1);
round(inv_lrnd, b0, b1, kp);
}
#endif
state_out(out, b0);
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
}
#endif
#if defined(__cplusplus)
}
#endif
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software is allowed (with or without
changes) provided that:
1. source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
2. binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation;
3. the name of the copyright holder is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
*/
#include "Aesopt.h"
#include "Aestab.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#define si(y,x,k,c) (s(y,c) = word_in(x, c) ^ (k)[c])
#define so(y,x,c) word_out(y, c, s(x,c))
#if defined(ARRAYS)
#define locals(y,x) x[4],y[4]
#else
#define locals(y,x) x##0,x##1,x##2,x##3,y##0,y##1,y##2,y##3
#endif
#define l_copy(y, x) s(y,0) = s(x,0); s(y,1) = s(x,1); \
s(y,2) = s(x,2); s(y,3) = s(x,3);
#define state_in(y,x,k) si(y,x,k,0); si(y,x,k,1); si(y,x,k,2); si(y,x,k,3)
#define state_out(y,x) so(y,x,0); so(y,x,1); so(y,x,2); so(y,x,3)
#define round(rm,y,x,k) rm(y,x,k,0); rm(y,x,k,1); rm(y,x,k,2); rm(y,x,k,3)
#if ( FUNCS_IN_C & ENCRYPTION_IN_C )
/* Visual C++ .Net v7.1 provides the fastest encryption code when using
Pentium optimiation with small code but this is poor for decryption
so we need to control this with the following VC++ pragmas
*/
#if defined( _MSC_VER ) && !defined( _WIN64 )
#pragma optimize( "s", on )
#endif
/* Given the column (c) of the output state variable, the following
macros give the input state variables which are needed in its
computation for each row (r) of the state. All the alternative
macros give the same end values but expand into different ways
of calculating these values. In particular the complex macro
used for dynamically variable block sizes is designed to expand
to a compile time constant whenever possible but will expand to
conditional clauses on some branches (I am grateful to Frank
Yellin for this construction)
*/
#define fwd_var(x,r,c)\
( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
: r == 1 ? ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0))\
: r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
: ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2)))
#if defined(FT4_SET)
#undef dec_fmvars
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,n),fwd_var,rf1,c))
#elif defined(FT1_SET)
#undef dec_fmvars
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(f,n),fwd_var,rf1,c))
#else
#define fwd_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ fwd_mcol(no_table(x,t_use(s,box),fwd_var,rf1,c)))
#endif
#if defined(FL4_SET)
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(f,l),fwd_var,rf1,c))
#elif defined(FL1_SET)
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(f,l),fwd_var,rf1,c))
#else
#define fwd_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(s,box),fwd_var,rf1,c))
#endif
AES_RETURN aes_encrypt(const unsigned char *in, unsigned char *out, const aes_encrypt_ctx cx[1])
{ uint_32t locals(b0, b1);
const uint_32t *kp;
#if defined( dec_fmvars )
dec_fmvars; /* declare variables for fwd_mcol() if needed */
#endif
#if defined( AES_ERR_CHK )
if( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 )
return EXIT_FAILURE;
#endif
kp = cx->ks;
state_in(b0, in, kp);
#if (ENC_UNROLL == FULL)
switch(cx->inf.b[0])
{
case 14 * 16:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
kp += 2 * N_COLS;
case 12 * 16:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
kp += 2 * N_COLS;
case 10 * 16:
round(fwd_rnd, b1, b0, kp + 1 * N_COLS);
round(fwd_rnd, b0, b1, kp + 2 * N_COLS);
round(fwd_rnd, b1, b0, kp + 3 * N_COLS);
round(fwd_rnd, b0, b1, kp + 4 * N_COLS);
round(fwd_rnd, b1, b0, kp + 5 * N_COLS);
round(fwd_rnd, b0, b1, kp + 6 * N_COLS);
round(fwd_rnd, b1, b0, kp + 7 * N_COLS);
round(fwd_rnd, b0, b1, kp + 8 * N_COLS);
round(fwd_rnd, b1, b0, kp + 9 * N_COLS);
round(fwd_lrnd, b0, b1, kp +10 * N_COLS);
}
#else
#if (ENC_UNROLL == PARTIAL)
{ uint_32t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1; ++rnd)
{
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
kp += N_COLS;
round(fwd_rnd, b0, b1, kp);
}
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
#else
{ uint_32t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1; ++rnd)
{
kp += N_COLS;
round(fwd_rnd, b1, b0, kp);
l_copy(b0, b1);
}
#endif
kp += N_COLS;
round(fwd_lrnd, b0, b1, kp);
}
#endif
state_out(out, b0);
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
}
#endif
#if ( FUNCS_IN_C & DECRYPTION_IN_C)
/* Visual C++ .Net v7.1 provides the fastest encryption code when using
Pentium optimiation with small code but this is poor for decryption
so we need to control this with the following VC++ pragmas
*/
#if defined( _MSC_VER ) && !defined( _WIN64 )
#pragma optimize( "t", on )
#endif
/* Given the column (c) of the output state variable, the following
macros give the input state variables which are needed in its
computation for each row (r) of the state. All the alternative
macros give the same end values but expand into different ways
of calculating these values. In particular the complex macro
used for dynamically variable block sizes is designed to expand
to a compile time constant whenever possible but will expand to
conditional clauses on some branches (I am grateful to Frank
Yellin for this construction)
*/
#define inv_var(x,r,c)\
( r == 0 ? ( c == 0 ? s(x,0) : c == 1 ? s(x,1) : c == 2 ? s(x,2) : s(x,3))\
: r == 1 ? ( c == 0 ? s(x,3) : c == 1 ? s(x,0) : c == 2 ? s(x,1) : s(x,2))\
: r == 2 ? ( c == 0 ? s(x,2) : c == 1 ? s(x,3) : c == 2 ? s(x,0) : s(x,1))\
: ( c == 0 ? s(x,1) : c == 1 ? s(x,2) : c == 2 ? s(x,3) : s(x,0)))
#if defined(IT4_SET)
#undef dec_imvars
#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,n),inv_var,rf1,c))
#elif defined(IT1_SET)
#undef dec_imvars
#define inv_rnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,upr,t_use(i,n),inv_var,rf1,c))
#else
#define inv_rnd(y,x,k,c) (s(y,c) = inv_mcol((k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c)))
#endif
#if defined(IL4_SET)
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ four_tables(x,t_use(i,l),inv_var,rf1,c))
#elif defined(IL1_SET)
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ one_table(x,ups,t_use(i,l),inv_var,rf1,c))
#else
#define inv_lrnd(y,x,k,c) (s(y,c) = (k)[c] ^ no_table(x,t_use(i,box),inv_var,rf1,c))
#endif
/* This code can work with the decryption key schedule in the */
/* order that is used for encrytpion (where the 1st decryption */
/* round key is at the high end ot the schedule) or with a key */
/* schedule that has been reversed to put the 1st decryption */
/* round key at the low end of the schedule in memory (when */
/* AES_REV_DKS is defined) */
#ifdef AES_REV_DKS
#define key_ofs 0
#define rnd_key(n) (kp + n * N_COLS)
#else
#define key_ofs 1
#define rnd_key(n) (kp - n * N_COLS)
#endif
AES_RETURN aes_decrypt(const unsigned char *in, unsigned char *out, const aes_decrypt_ctx cx[1])
{ uint_32t locals(b0, b1);
#if defined( dec_imvars )
dec_imvars; /* declare variables for inv_mcol() if needed */
#endif
const uint_32t *kp;
#if defined( AES_ERR_CHK )
if( cx->inf.b[0] != 10 * 16 && cx->inf.b[0] != 12 * 16 && cx->inf.b[0] != 14 * 16 )
return EXIT_FAILURE;
#endif
kp = cx->ks + (key_ofs ? (cx->inf.b[0] >> 2) : 0);
state_in(b0, in, kp);
#if (DEC_UNROLL == FULL)
kp = cx->ks + (key_ofs ? 0 : (cx->inf.b[0] >> 2));
switch(cx->inf.b[0])
{
case 14 * 16:
round(inv_rnd, b1, b0, rnd_key(-13));
round(inv_rnd, b0, b1, rnd_key(-12));
case 12 * 16:
round(inv_rnd, b1, b0, rnd_key(-11));
round(inv_rnd, b0, b1, rnd_key(-10));
case 10 * 16:
round(inv_rnd, b1, b0, rnd_key(-9));
round(inv_rnd, b0, b1, rnd_key(-8));
round(inv_rnd, b1, b0, rnd_key(-7));
round(inv_rnd, b0, b1, rnd_key(-6));
round(inv_rnd, b1, b0, rnd_key(-5));
round(inv_rnd, b0, b1, rnd_key(-4));
round(inv_rnd, b1, b0, rnd_key(-3));
round(inv_rnd, b0, b1, rnd_key(-2));
round(inv_rnd, b1, b0, rnd_key(-1));
round(inv_lrnd, b0, b1, rnd_key( 0));
}
#else
#if (DEC_UNROLL == PARTIAL)
{ uint_32t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 5) - 1; ++rnd)
{
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
kp = rnd_key(1);
round(inv_rnd, b0, b1, kp);
}
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
#else
{ uint_32t rnd;
for(rnd = 0; rnd < (cx->inf.b[0] >> 4) - 1; ++rnd)
{
kp = rnd_key(1);
round(inv_rnd, b1, b0, kp);
l_copy(b0, b1);
}
#endif
kp = rnd_key(1);
round(inv_lrnd, b0, b1, kp);
}
#endif
state_out(out, b0);
#if defined( AES_ERR_CHK )
return EXIT_SUCCESS;
#endif
}
#endif
#if defined(__cplusplus)
}
#endif

1146
src/Crypto/Aeskey.c
View File

File diff suppressed because it is too large Load Diff

1468
src/Crypto/Aesopt.h
View File

File diff suppressed because it is too large Load Diff

856
src/Crypto/Aestab.c
View File

@@ -1,428 +1,428 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software is allowed (with or without
changes) provided that:
1. source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
2. binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation;
3. the name of the copyright holder is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
*/
/* Adapted for TrueCrypt:
- Added run-time table generator for Aes_x86_v2.asm
*/
#define DO_TABLES
#include "Aes.h"
#include "Aesopt.h"
#if defined(FIXED_TABLES)
#define sb_data(w) {\
w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) }
#define isb_data(w) {\
w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d) }
#define mm_data(w) {\
w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) }
#define rc_data(w) {\
w(0x01), w(0x02), w(0x04), w(0x08), w(0x10),w(0x20), w(0x40), w(0x80),\
w(0x1b), w(0x36) }
#define h0(x) (x)
#define w0(p) bytes2word(p, 0, 0, 0)
#define w1(p) bytes2word(0, p, 0, 0)
#define w2(p) bytes2word(0, 0, p, 0)
#define w3(p) bytes2word(0, 0, 0, p)
#define u0(p) bytes2word(f2(p), p, p, f3(p))
#define u1(p) bytes2word(f3(p), f2(p), p, p)
#define u2(p) bytes2word(p, f3(p), f2(p), p)
#define u3(p) bytes2word(p, p, f3(p), f2(p))
#define v0(p) bytes2word(fe(p), f9(p), fd(p), fb(p))
#define v1(p) bytes2word(fb(p), fe(p), f9(p), fd(p))
#define v2(p) bytes2word(fd(p), fb(p), fe(p), f9(p))
#define v3(p) bytes2word(f9(p), fd(p), fb(p), fe(p))
#endif
#if defined(FIXED_TABLES) || !defined(FF_TABLES)
#define f2(x) ((x<<1) ^ (((x>>7) & 1) * WPOLY))
#define f4(x) ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
#define f8(x) ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \
^ (((x>>5) & 4) * WPOLY))
#define f3(x) (f2(x) ^ x)
#define f9(x) (f8(x) ^ x)
#define fb(x) (f8(x) ^ f2(x) ^ x)
#define fd(x) (f8(x) ^ f4(x) ^ x)
#define fe(x) (f8(x) ^ f4(x) ^ f2(x))
#else
#define f2(x) ((x) ? pow[log[x] + 0x19] : 0)
#define f3(x) ((x) ? pow[log[x] + 0x01] : 0)
#define f9(x) ((x) ? pow[log[x] + 0xc7] : 0)
#define fb(x) ((x) ? pow[log[x] + 0x68] : 0)
#define fd(x) ((x) ? pow[log[x] + 0xee] : 0)
#define fe(x) ((x) ? pow[log[x] + 0xdf] : 0)
#define fi(x) ((x) ? pow[ 255 - log[x]] : 0)
#endif
#include "Aestab.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#if defined(FIXED_TABLES)
/* implemented in case of wrong call for fixed tables */
AES_RETURN aes_init(void)
{
return EXIT_SUCCESS;
}
#else /* dynamic table generation */
#if !defined(FF_TABLES)
/* Generate the tables for the dynamic table option
It will generally be sensible to use tables to compute finite
field multiplies and inverses but where memory is scarse this
code might sometimes be better. But it only has effect during
initialisation so its pretty unimportant in overall terms.
*/
/* return 2 ^ (n - 1) where n is the bit number of the highest bit
set in x with x in the range 1 < x < 0x00000200. This form is
used so that locals within fi can be bytes rather than words
*/
static uint_8t hibit(const uint_32t x)
{ uint_8t r = (uint_8t)((x >> 1) | (x >> 2));
r |= (r >> 2);
r |= (r >> 4);
return (r + 1) >> 1;
}
/* return the inverse of the finite field element x */
static uint_8t fi(const uint_8t x)
{ uint_8t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
if(x < 2) return x;
for(;;)
{
if(!n1) return v1;
while(n2 >= n1)
{
n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2);
}
if(!n2) return v2;
while(n1 >= n2)
{
n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1);
}
}
}
#endif
/* The forward and inverse affine transformations used in the S-box */
#define fwd_affine(x) \
(w = (uint_32t)x, w ^= (w<<1)^(w<<2)^(w<<3)^(w<<4), 0x63^(uint_8t)(w^(w>>8)))
#define inv_affine(x) \
(w = (uint_32t)x, w = (w<<1)^(w<<3)^(w<<6), 0x05^(uint_8t)(w^(w>>8)))
static int init = 0;
#ifdef TC_WINDOWS_BOOT
#pragma optimize ("l", on)
uint_8t aes_enc_tab[256][8];
uint_8t aes_dec_tab[256][8];
#endif
AES_RETURN aes_init(void)
{ uint_32t i, w;
#ifdef TC_WINDOWS_BOOT
if (init)
return EXIT_SUCCESS;
for (i = 0; i < 256; ++i)
{
uint_8t x = fwd_affine(fi((uint_8t)i));
aes_enc_tab[i][0] = 0;
aes_enc_tab[i][1] = x;
aes_enc_tab[i][2] = x;
aes_enc_tab[i][3] = f3(x);
aes_enc_tab[i][4] = f2(x);
aes_enc_tab[i][5] = x;
aes_enc_tab[i][6] = x;
aes_enc_tab[i][7] = f3(x);
x = fi((uint_8t)inv_affine((uint_8t)i));
aes_dec_tab[i][0] = fe(x);
aes_dec_tab[i][1] = f9(x);
aes_dec_tab[i][2] = fd(x);
aes_dec_tab[i][3] = fb(x);
aes_dec_tab[i][4] = fe(x);
aes_dec_tab[i][5] = f9(x);
aes_dec_tab[i][6] = fd(x);
aes_dec_tab[i][7] = x;
}
#else // TC_WINDOWS_BOOT
#if defined(FF_TABLES)
uint_8t pow[512], log[256];
if(init)
return EXIT_SUCCESS;
/* log and power tables for GF(2^8) finite field with
WPOLY as modular polynomial - the simplest primitive
root is 0x03, used here to generate the tables
*/
i = 0; w = 1;
do
{
pow[i] = (uint_8t)w;
pow[i + 255] = (uint_8t)w;
log[w] = (uint_8t)i++;
w ^= (w << 1) ^ (w & 0x80 ? WPOLY : 0);
}
while (w != 1);
#else
if(init)
return EXIT_SUCCESS;
#endif
for(i = 0, w = 1; i < RC_LENGTH; ++i)
{
t_set(r,c)[i] = bytes2word(w, 0, 0, 0);
w = f2(w);
}
for(i = 0; i < 256; ++i)
{ uint_8t b;
b = fwd_affine(fi((uint_8t)i));
w = bytes2word(f2(b), b, b, f3(b));
#if defined( SBX_SET )
t_set(s,box)[i] = b;
#endif
#if defined( FT1_SET ) /* tables for a normal encryption round */
t_set(f,n)[i] = w;
#endif
#if defined( FT4_SET )
t_set(f,n)[0][i] = w;
t_set(f,n)[1][i] = upr(w,1);
t_set(f,n)[2][i] = upr(w,2);
t_set(f,n)[3][i] = upr(w,3);
#endif
w = bytes2word(b, 0, 0, 0);
#if defined( FL1_SET ) /* tables for last encryption round (may also */
t_set(f,l)[i] = w; /* be used in the key schedule) */
#endif
#if defined( FL4_SET )
t_set(f,l)[0][i] = w;
t_set(f,l)[1][i] = upr(w,1);
t_set(f,l)[2][i] = upr(w,2);
t_set(f,l)[3][i] = upr(w,3);
#endif
#if defined( LS1_SET ) /* table for key schedule if t_set(f,l) above is*/
t_set(l,s)[i] = w; /* not of the required form */
#endif
#if defined( LS4_SET )
t_set(l,s)[0][i] = w;
t_set(l,s)[1][i] = upr(w,1);
t_set(l,s)[2][i] = upr(w,2);
t_set(l,s)[3][i] = upr(w,3);
#endif
b = fi(inv_affine((uint_8t)i));
w = bytes2word(fe(b), f9(b), fd(b), fb(b));
#if defined( IM1_SET ) /* tables for the inverse mix column operation */
t_set(i,m)[b] = w;
#endif
#if defined( IM4_SET )
t_set(i,m)[0][b] = w;
t_set(i,m)[1][b] = upr(w,1);
t_set(i,m)[2][b] = upr(w,2);
t_set(i,m)[3][b] = upr(w,3);
#endif
#if defined( ISB_SET )
t_set(i,box)[i] = b;
#endif
#if defined( IT1_SET ) /* tables for a normal decryption round */
t_set(i,n)[i] = w;
#endif
#if defined( IT4_SET )
t_set(i,n)[0][i] = w;
t_set(i,n)[1][i] = upr(w,1);
t_set(i,n)[2][i] = upr(w,2);
t_set(i,n)[3][i] = upr(w,3);
#endif
w = bytes2word(b, 0, 0, 0);
#if defined( IL1_SET ) /* tables for last decryption round */
t_set(i,l)[i] = w;
#endif
#if defined( IL4_SET )
t_set(i,l)[0][i] = w;
t_set(i,l)[1][i] = upr(w,1);
t_set(i,l)[2][i] = upr(w,2);
t_set(i,l)[3][i] = upr(w,3);
#endif
}
#endif // TC_WINDOWS_BOOT
init = 1;
return EXIT_SUCCESS;
}
#endif
#if defined(__cplusplus)
}
#endif
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software is allowed (with or without
changes) provided that:
1. source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
2. binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation;
3. the name of the copyright holder is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
*/
/* Adapted for TrueCrypt:
- Added run-time table generator for Aes_x86_v2.asm
*/
#define DO_TABLES
#include "Aes.h"
#include "Aesopt.h"
#if defined(FIXED_TABLES)
#define sb_data(w) {\
w(0x63), w(0x7c), w(0x77), w(0x7b), w(0xf2), w(0x6b), w(0x6f), w(0xc5),\
w(0x30), w(0x01), w(0x67), w(0x2b), w(0xfe), w(0xd7), w(0xab), w(0x76),\
w(0xca), w(0x82), w(0xc9), w(0x7d), w(0xfa), w(0x59), w(0x47), w(0xf0),\
w(0xad), w(0xd4), w(0xa2), w(0xaf), w(0x9c), w(0xa4), w(0x72), w(0xc0),\
w(0xb7), w(0xfd), w(0x93), w(0x26), w(0x36), w(0x3f), w(0xf7), w(0xcc),\
w(0x34), w(0xa5), w(0xe5), w(0xf1), w(0x71), w(0xd8), w(0x31), w(0x15),\
w(0x04), w(0xc7), w(0x23), w(0xc3), w(0x18), w(0x96), w(0x05), w(0x9a),\
w(0x07), w(0x12), w(0x80), w(0xe2), w(0xeb), w(0x27), w(0xb2), w(0x75),\
w(0x09), w(0x83), w(0x2c), w(0x1a), w(0x1b), w(0x6e), w(0x5a), w(0xa0),\
w(0x52), w(0x3b), w(0xd6), w(0xb3), w(0x29), w(0xe3), w(0x2f), w(0x84),\
w(0x53), w(0xd1), w(0x00), w(0xed), w(0x20), w(0xfc), w(0xb1), w(0x5b),\
w(0x6a), w(0xcb), w(0xbe), w(0x39), w(0x4a), w(0x4c), w(0x58), w(0xcf),\
w(0xd0), w(0xef), w(0xaa), w(0xfb), w(0x43), w(0x4d), w(0x33), w(0x85),\
w(0x45), w(0xf9), w(0x02), w(0x7f), w(0x50), w(0x3c), w(0x9f), w(0xa8),\
w(0x51), w(0xa3), w(0x40), w(0x8f), w(0x92), w(0x9d), w(0x38), w(0xf5),\
w(0xbc), w(0xb6), w(0xda), w(0x21), w(0x10), w(0xff), w(0xf3), w(0xd2),\
w(0xcd), w(0x0c), w(0x13), w(0xec), w(0x5f), w(0x97), w(0x44), w(0x17),\
w(0xc4), w(0xa7), w(0x7e), w(0x3d), w(0x64), w(0x5d), w(0x19), w(0x73),\
w(0x60), w(0x81), w(0x4f), w(0xdc), w(0x22), w(0x2a), w(0x90), w(0x88),\
w(0x46), w(0xee), w(0xb8), w(0x14), w(0xde), w(0x5e), w(0x0b), w(0xdb),\
w(0xe0), w(0x32), w(0x3a), w(0x0a), w(0x49), w(0x06), w(0x24), w(0x5c),\
w(0xc2), w(0xd3), w(0xac), w(0x62), w(0x91), w(0x95), w(0xe4), w(0x79),\
w(0xe7), w(0xc8), w(0x37), w(0x6d), w(0x8d), w(0xd5), w(0x4e), w(0xa9),\
w(0x6c), w(0x56), w(0xf4), w(0xea), w(0x65), w(0x7a), w(0xae), w(0x08),\
w(0xba), w(0x78), w(0x25), w(0x2e), w(0x1c), w(0xa6), w(0xb4), w(0xc6),\
w(0xe8), w(0xdd), w(0x74), w(0x1f), w(0x4b), w(0xbd), w(0x8b), w(0x8a),\
w(0x70), w(0x3e), w(0xb5), w(0x66), w(0x48), w(0x03), w(0xf6), w(0x0e),\
w(0x61), w(0x35), w(0x57), w(0xb9), w(0x86), w(0xc1), w(0x1d), w(0x9e),\
w(0xe1), w(0xf8), w(0x98), w(0x11), w(0x69), w(0xd9), w(0x8e), w(0x94),\
w(0x9b), w(0x1e), w(0x87), w(0xe9), w(0xce), w(0x55), w(0x28), w(0xdf),\
w(0x8c), w(0xa1), w(0x89), w(0x0d), w(0xbf), w(0xe6), w(0x42), w(0x68),\
w(0x41), w(0x99), w(0x2d), w(0x0f), w(0xb0), w(0x54), w(0xbb), w(0x16) }
#define isb_data(w) {\
w(0x52), w(0x09), w(0x6a), w(0xd5), w(0x30), w(0x36), w(0xa5), w(0x38),\
w(0xbf), w(0x40), w(0xa3), w(0x9e), w(0x81), w(0xf3), w(0xd7), w(0xfb),\
w(0x7c), w(0xe3), w(0x39), w(0x82), w(0x9b), w(0x2f), w(0xff), w(0x87),\
w(0x34), w(0x8e), w(0x43), w(0x44), w(0xc4), w(0xde), w(0xe9), w(0xcb),\
w(0x54), w(0x7b), w(0x94), w(0x32), w(0xa6), w(0xc2), w(0x23), w(0x3d),\
w(0xee), w(0x4c), w(0x95), w(0x0b), w(0x42), w(0xfa), w(0xc3), w(0x4e),\
w(0x08), w(0x2e), w(0xa1), w(0x66), w(0x28), w(0xd9), w(0x24), w(0xb2),\
w(0x76), w(0x5b), w(0xa2), w(0x49), w(0x6d), w(0x8b), w(0xd1), w(0x25),\
w(0x72), w(0xf8), w(0xf6), w(0x64), w(0x86), w(0x68), w(0x98), w(0x16),\
w(0xd4), w(0xa4), w(0x5c), w(0xcc), w(0x5d), w(0x65), w(0xb6), w(0x92),\
w(0x6c), w(0x70), w(0x48), w(0x50), w(0xfd), w(0xed), w(0xb9), w(0xda),\
w(0x5e), w(0x15), w(0x46), w(0x57), w(0xa7), w(0x8d), w(0x9d), w(0x84),\
w(0x90), w(0xd8), w(0xab), w(0x00), w(0x8c), w(0xbc), w(0xd3), w(0x0a),\
w(0xf7), w(0xe4), w(0x58), w(0x05), w(0xb8), w(0xb3), w(0x45), w(0x06),\
w(0xd0), w(0x2c), w(0x1e), w(0x8f), w(0xca), w(0x3f), w(0x0f), w(0x02),\
w(0xc1), w(0xaf), w(0xbd), w(0x03), w(0x01), w(0x13), w(0x8a), w(0x6b),\
w(0x3a), w(0x91), w(0x11), w(0x41), w(0x4f), w(0x67), w(0xdc), w(0xea),\
w(0x97), w(0xf2), w(0xcf), w(0xce), w(0xf0), w(0xb4), w(0xe6), w(0x73),\
w(0x96), w(0xac), w(0x74), w(0x22), w(0xe7), w(0xad), w(0x35), w(0x85),\
w(0xe2), w(0xf9), w(0x37), w(0xe8), w(0x1c), w(0x75), w(0xdf), w(0x6e),\
w(0x47), w(0xf1), w(0x1a), w(0x71), w(0x1d), w(0x29), w(0xc5), w(0x89),\
w(0x6f), w(0xb7), w(0x62), w(0x0e), w(0xaa), w(0x18), w(0xbe), w(0x1b),\
w(0xfc), w(0x56), w(0x3e), w(0x4b), w(0xc6), w(0xd2), w(0x79), w(0x20),\
w(0x9a), w(0xdb), w(0xc0), w(0xfe), w(0x78), w(0xcd), w(0x5a), w(0xf4),\
w(0x1f), w(0xdd), w(0xa8), w(0x33), w(0x88), w(0x07), w(0xc7), w(0x31),\
w(0xb1), w(0x12), w(0x10), w(0x59), w(0x27), w(0x80), w(0xec), w(0x5f),\
w(0x60), w(0x51), w(0x7f), w(0xa9), w(0x19), w(0xb5), w(0x4a), w(0x0d),\
w(0x2d), w(0xe5), w(0x7a), w(0x9f), w(0x93), w(0xc9), w(0x9c), w(0xef),\
w(0xa0), w(0xe0), w(0x3b), w(0x4d), w(0xae), w(0x2a), w(0xf5), w(0xb0),\
w(0xc8), w(0xeb), w(0xbb), w(0x3c), w(0x83), w(0x53), w(0x99), w(0x61),\
w(0x17), w(0x2b), w(0x04), w(0x7e), w(0xba), w(0x77), w(0xd6), w(0x26),\
w(0xe1), w(0x69), w(0x14), w(0x63), w(0x55), w(0x21), w(0x0c), w(0x7d) }
#define mm_data(w) {\
w(0x00), w(0x01), w(0x02), w(0x03), w(0x04), w(0x05), w(0x06), w(0x07),\
w(0x08), w(0x09), w(0x0a), w(0x0b), w(0x0c), w(0x0d), w(0x0e), w(0x0f),\
w(0x10), w(0x11), w(0x12), w(0x13), w(0x14), w(0x15), w(0x16), w(0x17),\
w(0x18), w(0x19), w(0x1a), w(0x1b), w(0x1c), w(0x1d), w(0x1e), w(0x1f),\
w(0x20), w(0x21), w(0x22), w(0x23), w(0x24), w(0x25), w(0x26), w(0x27),\
w(0x28), w(0x29), w(0x2a), w(0x2b), w(0x2c), w(0x2d), w(0x2e), w(0x2f),\
w(0x30), w(0x31), w(0x32), w(0x33), w(0x34), w(0x35), w(0x36), w(0x37),\
w(0x38), w(0x39), w(0x3a), w(0x3b), w(0x3c), w(0x3d), w(0x3e), w(0x3f),\
w(0x40), w(0x41), w(0x42), w(0x43), w(0x44), w(0x45), w(0x46), w(0x47),\
w(0x48), w(0x49), w(0x4a), w(0x4b), w(0x4c), w(0x4d), w(0x4e), w(0x4f),\
w(0x50), w(0x51), w(0x52), w(0x53), w(0x54), w(0x55), w(0x56), w(0x57),\
w(0x58), w(0x59), w(0x5a), w(0x5b), w(0x5c), w(0x5d), w(0x5e), w(0x5f),\
w(0x60), w(0x61), w(0x62), w(0x63), w(0x64), w(0x65), w(0x66), w(0x67),\
w(0x68), w(0x69), w(0x6a), w(0x6b), w(0x6c), w(0x6d), w(0x6e), w(0x6f),\
w(0x70), w(0x71), w(0x72), w(0x73), w(0x74), w(0x75), w(0x76), w(0x77),\
w(0x78), w(0x79), w(0x7a), w(0x7b), w(0x7c), w(0x7d), w(0x7e), w(0x7f),\
w(0x80), w(0x81), w(0x82), w(0x83), w(0x84), w(0x85), w(0x86), w(0x87),\
w(0x88), w(0x89), w(0x8a), w(0x8b), w(0x8c), w(0x8d), w(0x8e), w(0x8f),\
w(0x90), w(0x91), w(0x92), w(0x93), w(0x94), w(0x95), w(0x96), w(0x97),\
w(0x98), w(0x99), w(0x9a), w(0x9b), w(0x9c), w(0x9d), w(0x9e), w(0x9f),\
w(0xa0), w(0xa1), w(0xa2), w(0xa3), w(0xa4), w(0xa5), w(0xa6), w(0xa7),\
w(0xa8), w(0xa9), w(0xaa), w(0xab), w(0xac), w(0xad), w(0xae), w(0xaf),\
w(0xb0), w(0xb1), w(0xb2), w(0xb3), w(0xb4), w(0xb5), w(0xb6), w(0xb7),\
w(0xb8), w(0xb9), w(0xba), w(0xbb), w(0xbc), w(0xbd), w(0xbe), w(0xbf),\
w(0xc0), w(0xc1), w(0xc2), w(0xc3), w(0xc4), w(0xc5), w(0xc6), w(0xc7),\
w(0xc8), w(0xc9), w(0xca), w(0xcb), w(0xcc), w(0xcd), w(0xce), w(0xcf),\
w(0xd0), w(0xd1), w(0xd2), w(0xd3), w(0xd4), w(0xd5), w(0xd6), w(0xd7),\
w(0xd8), w(0xd9), w(0xda), w(0xdb), w(0xdc), w(0xdd), w(0xde), w(0xdf),\
w(0xe0), w(0xe1), w(0xe2), w(0xe3), w(0xe4), w(0xe5), w(0xe6), w(0xe7),\
w(0xe8), w(0xe9), w(0xea), w(0xeb), w(0xec), w(0xed), w(0xee), w(0xef),\
w(0xf0), w(0xf1), w(0xf2), w(0xf3), w(0xf4), w(0xf5), w(0xf6), w(0xf7),\
w(0xf8), w(0xf9), w(0xfa), w(0xfb), w(0xfc), w(0xfd), w(0xfe), w(0xff) }
#define rc_data(w) {\
w(0x01), w(0x02), w(0x04), w(0x08), w(0x10),w(0x20), w(0x40), w(0x80),\
w(0x1b), w(0x36) }
#define h0(x) (x)
#define w0(p) bytes2word(p, 0, 0, 0)
#define w1(p) bytes2word(0, p, 0, 0)
#define w2(p) bytes2word(0, 0, p, 0)
#define w3(p) bytes2word(0, 0, 0, p)
#define u0(p) bytes2word(f2(p), p, p, f3(p))
#define u1(p) bytes2word(f3(p), f2(p), p, p)
#define u2(p) bytes2word(p, f3(p), f2(p), p)
#define u3(p) bytes2word(p, p, f3(p), f2(p))
#define v0(p) bytes2word(fe(p), f9(p), fd(p), fb(p))
#define v1(p) bytes2word(fb(p), fe(p), f9(p), fd(p))
#define v2(p) bytes2word(fd(p), fb(p), fe(p), f9(p))
#define v3(p) bytes2word(f9(p), fd(p), fb(p), fe(p))
#endif
#if defined(FIXED_TABLES) || !defined(FF_TABLES)
#define f2(x) ((x<<1) ^ (((x>>7) & 1) * WPOLY))
#define f4(x) ((x<<2) ^ (((x>>6) & 1) * WPOLY) ^ (((x>>6) & 2) * WPOLY))
#define f8(x) ((x<<3) ^ (((x>>5) & 1) * WPOLY) ^ (((x>>5) & 2) * WPOLY) \
^ (((x>>5) & 4) * WPOLY))
#define f3(x) (f2(x) ^ x)
#define f9(x) (f8(x) ^ x)
#define fb(x) (f8(x) ^ f2(x) ^ x)
#define fd(x) (f8(x) ^ f4(x) ^ x)
#define fe(x) (f8(x) ^ f4(x) ^ f2(x))
#else
#define f2(x) ((x) ? pow[log[x] + 0x19] : 0)
#define f3(x) ((x) ? pow[log[x] + 0x01] : 0)
#define f9(x) ((x) ? pow[log[x] + 0xc7] : 0)
#define fb(x) ((x) ? pow[log[x] + 0x68] : 0)
#define fd(x) ((x) ? pow[log[x] + 0xee] : 0)
#define fe(x) ((x) ? pow[log[x] + 0xdf] : 0)
#define fi(x) ((x) ? pow[ 255 - log[x]] : 0)
#endif
#include "Aestab.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#if defined(FIXED_TABLES)
/* implemented in case of wrong call for fixed tables */
AES_RETURN aes_init(void)
{
return EXIT_SUCCESS;
}
#else /* dynamic table generation */
#if !defined(FF_TABLES)
/* Generate the tables for the dynamic table option
It will generally be sensible to use tables to compute finite
field multiplies and inverses but where memory is scarse this
code might sometimes be better. But it only has effect during
initialisation so its pretty unimportant in overall terms.
*/
/* return 2 ^ (n - 1) where n is the bit number of the highest bit
set in x with x in the range 1 < x < 0x00000200. This form is
used so that locals within fi can be bytes rather than words
*/
static uint_8t hibit(const uint_32t x)
{ uint_8t r = (uint_8t)((x >> 1) | (x >> 2));
r |= (r >> 2);
r |= (r >> 4);
return (r + 1) >> 1;
}
/* return the inverse of the finite field element x */
static uint_8t fi(const uint_8t x)
{ uint_8t p1 = x, p2 = BPOLY, n1 = hibit(x), n2 = 0x80, v1 = 1, v2 = 0;
if(x < 2) return x;
for(;;)
{
if(!n1) return v1;
while(n2 >= n1)
{
n2 /= n1; p2 ^= p1 * n2; v2 ^= v1 * n2; n2 = hibit(p2);
}
if(!n2) return v2;
while(n1 >= n2)
{
n1 /= n2; p1 ^= p2 * n1; v1 ^= v2 * n1; n1 = hibit(p1);
}
}
}
#endif
/* The forward and inverse affine transformations used in the S-box */
#define fwd_affine(x) \
(w = (uint_32t)x, w ^= (w<<1)^(w<<2)^(w<<3)^(w<<4), 0x63^(uint_8t)(w^(w>>8)))
#define inv_affine(x) \
(w = (uint_32t)x, w = (w<<1)^(w<<3)^(w<<6), 0x05^(uint_8t)(w^(w>>8)))
static int init = 0;
#ifdef TC_WINDOWS_BOOT
#pragma optimize ("l", on)
uint_8t aes_enc_tab[256][8];
uint_8t aes_dec_tab[256][8];
#endif
AES_RETURN aes_init(void)
{ uint_32t i, w;
#ifdef TC_WINDOWS_BOOT
if (init)
return EXIT_SUCCESS;
for (i = 0; i < 256; ++i)
{
uint_8t x = fwd_affine(fi((uint_8t)i));
aes_enc_tab[i][0] = 0;
aes_enc_tab[i][1] = x;
aes_enc_tab[i][2] = x;
aes_enc_tab[i][3] = f3(x);
aes_enc_tab[i][4] = f2(x);
aes_enc_tab[i][5] = x;
aes_enc_tab[i][6] = x;
aes_enc_tab[i][7] = f3(x);
x = fi((uint_8t)inv_affine((uint_8t)i));
aes_dec_tab[i][0] = fe(x);
aes_dec_tab[i][1] = f9(x);
aes_dec_tab[i][2] = fd(x);
aes_dec_tab[i][3] = fb(x);
aes_dec_tab[i][4] = fe(x);
aes_dec_tab[i][5] = f9(x);
aes_dec_tab[i][6] = fd(x);
aes_dec_tab[i][7] = x;
}
#else // TC_WINDOWS_BOOT
#if defined(FF_TABLES)
uint_8t pow[512], log[256];
if(init)
return EXIT_SUCCESS;
/* log and power tables for GF(2^8) finite field with
WPOLY as modular polynomial - the simplest primitive
root is 0x03, used here to generate the tables
*/
i = 0; w = 1;
do
{
pow[i] = (uint_8t)w;
pow[i + 255] = (uint_8t)w;
log[w] = (uint_8t)i++;
w ^= (w << 1) ^ (w & 0x80 ? WPOLY : 0);
}
while (w != 1);
#else
if(init)
return EXIT_SUCCESS;
#endif
for(i = 0, w = 1; i < RC_LENGTH; ++i)
{
t_set(r,c)[i] = bytes2word(w, 0, 0, 0);
w = f2(w);
}
for(i = 0; i < 256; ++i)
{ uint_8t b;
b = fwd_affine(fi((uint_8t)i));
w = bytes2word(f2(b), b, b, f3(b));
#if defined( SBX_SET )
t_set(s,box)[i] = b;
#endif
#if defined( FT1_SET ) /* tables for a normal encryption round */
t_set(f,n)[i] = w;
#endif
#if defined( FT4_SET )
t_set(f,n)[0][i] = w;
t_set(f,n)[1][i] = upr(w,1);
t_set(f,n)[2][i] = upr(w,2);
t_set(f,n)[3][i] = upr(w,3);
#endif
w = bytes2word(b, 0, 0, 0);
#if defined( FL1_SET ) /* tables for last encryption round (may also */
t_set(f,l)[i] = w; /* be used in the key schedule) */
#endif
#if defined( FL4_SET )
t_set(f,l)[0][i] = w;
t_set(f,l)[1][i] = upr(w,1);
t_set(f,l)[2][i] = upr(w,2);
t_set(f,l)[3][i] = upr(w,3);
#endif
#if defined( LS1_SET ) /* table for key schedule if t_set(f,l) above is*/
t_set(l,s)[i] = w; /* not of the required form */
#endif
#if defined( LS4_SET )
t_set(l,s)[0][i] = w;
t_set(l,s)[1][i] = upr(w,1);
t_set(l,s)[2][i] = upr(w,2);
t_set(l,s)[3][i] = upr(w,3);
#endif
b = fi(inv_affine((uint_8t)i));
w = bytes2word(fe(b), f9(b), fd(b), fb(b));
#if defined( IM1_SET ) /* tables for the inverse mix column operation */
t_set(i,m)[b] = w;
#endif
#if defined( IM4_SET )
t_set(i,m)[0][b] = w;
t_set(i,m)[1][b] = upr(w,1);
t_set(i,m)[2][b] = upr(w,2);
t_set(i,m)[3][b] = upr(w,3);
#endif
#if defined( ISB_SET )
t_set(i,box)[i] = b;
#endif
#if defined( IT1_SET ) /* tables for a normal decryption round */
t_set(i,n)[i] = w;
#endif
#if defined( IT4_SET )
t_set(i,n)[0][i] = w;
t_set(i,n)[1][i] = upr(w,1);
t_set(i,n)[2][i] = upr(w,2);
t_set(i,n)[3][i] = upr(w,3);
#endif
w = bytes2word(b, 0, 0, 0);
#if defined( IL1_SET ) /* tables for last decryption round */
t_set(i,l)[i] = w;
#endif
#if defined( IL4_SET )
t_set(i,l)[0][i] = w;
t_set(i,l)[1][i] = upr(w,1);
t_set(i,l)[2][i] = upr(w,2);
t_set(i,l)[3][i] = upr(w,3);
#endif
}
#endif // TC_WINDOWS_BOOT
init = 1;
return EXIT_SUCCESS;
}
#endif
#if defined(__cplusplus)
}
#endif

348
src/Crypto/Aestab.h
View File

@@ -1,174 +1,174 @@
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software is allowed (with or without
changes) provided that:
1. source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
2. binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation;
3. the name of the copyright holder is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
This file contains the code for declaring the tables needed to implement
AES. The file aesopt.h is assumed to be included before this header file.
If there are no global variables, the definitions here can be used to put
the AES tables in a structure so that a pointer can then be added to the
AES context to pass them to the AES routines that need them. If this
facility is used, the calling program has to ensure that this pointer is
managed appropriately. In particular, the value of the t_dec(in,it) item
in the table structure must be set to zero in order to ensure that the
tables are initialised. In practice the three code sequences in aeskey.c
that control the calls to aes_init() and the aes_init() routine itself will
have to be changed for a specific implementation. If global variables are
available it will generally be preferable to use them with the precomputed
FIXED_TABLES option that uses static global tables.
The following defines can be used to control the way the tables
are defined, initialised and used in embedded environments that
require special features for these purposes
the 't_dec' construction is used to declare fixed table arrays
the 't_set' construction is used to set fixed table values
the 't_use' construction is used to access fixed table values
256 byte tables:
t_xxx(s,box) => forward S box
t_xxx(i,box) => inverse S box
256 32-bit word OR 4 x 256 32-bit word tables:
t_xxx(f,n) => forward normal round
t_xxx(f,l) => forward last round
t_xxx(i,n) => inverse normal round
t_xxx(i,l) => inverse last round
t_xxx(l,s) => key schedule table
t_xxx(i,m) => key schedule table
Other variables and tables:
t_xxx(r,c) => the rcon table
*/
#if !defined( _AESTAB_H )
#define _AESTAB_H
#define t_dec(m,n) t_##m##n
#define t_set(m,n) t_##m##n
#define t_use(m,n) t_##m##n
#if defined(FIXED_TABLES)
# if !defined( __GNUC__ ) && (defined( __MSDOS__ ) || defined( __WIN16__ ))
/* make tables far data to avoid using too much DGROUP space (PG) */
# define CONST const far
# else
# define CONST const
# endif
#else
# define CONST
#endif
#if defined(__cplusplus)
# define EXTERN extern "C"
#elif defined(DO_TABLES)
# define EXTERN
#else
# define EXTERN extern
#endif
#if defined(_MSC_VER) && defined(TABLE_ALIGN)
#define ALIGN __declspec(align(TABLE_ALIGN))
#else
#define ALIGN
#endif
#if defined( __WATCOMC__ ) && ( __WATCOMC__ >= 1100 )
# define XP_DIR __cdecl
#else
# define XP_DIR
#endif
#if defined(DO_TABLES) && defined(FIXED_TABLES)
#define d_1(t,n,b,e) EXTERN ALIGN CONST XP_DIR t n[256] = b(e)
#define d_4(t,n,b,e,f,g,h) EXTERN ALIGN CONST XP_DIR t n[4][256] = { b(e), b(f), b(g), b(h) }
EXTERN ALIGN CONST uint_32t t_dec(r,c)[RC_LENGTH] = rc_data(w0);
#else
#define d_1(t,n,b,e) EXTERN ALIGN CONST XP_DIR t n[256]
#define d_4(t,n,b,e,f,g,h) EXTERN ALIGN CONST XP_DIR t n[4][256]
EXTERN ALIGN CONST uint_32t t_dec(r,c)[RC_LENGTH];
#endif
#if defined( SBX_SET )
d_1(uint_8t, t_dec(s,box), sb_data, h0);
#endif
#if defined( ISB_SET )
d_1(uint_8t, t_dec(i,box), isb_data, h0);
#endif
#if defined( FT1_SET )
d_1(uint_32t, t_dec(f,n), sb_data, u0);
#endif
#if defined( FT4_SET )
d_4(uint_32t, t_dec(f,n), sb_data, u0, u1, u2, u3);
#endif
#if defined( FL1_SET )
d_1(uint_32t, t_dec(f,l), sb_data, w0);
#endif
#if defined( FL4_SET )
d_4(uint_32t, t_dec(f,l), sb_data, w0, w1, w2, w3);
#endif
#if defined( IT1_SET )
d_1(uint_32t, t_dec(i,n), isb_data, v0);
#endif
#if defined( IT4_SET )
d_4(uint_32t, t_dec(i,n), isb_data, v0, v1, v2, v3);
#endif
#if defined( IL1_SET )
d_1(uint_32t, t_dec(i,l), isb_data, w0);
#endif
#if defined( IL4_SET )
d_4(uint_32t, t_dec(i,l), isb_data, w0, w1, w2, w3);
#endif
#if defined( LS1_SET )
#if defined( FL1_SET )
#undef LS1_SET
#else
d_1(uint_32t, t_dec(l,s), sb_data, w0);
#endif
#endif
#if defined( LS4_SET )
#if defined( FL4_SET )
#undef LS4_SET
#else
d_4(uint_32t, t_dec(l,s), sb_data, w0, w1, w2, w3);
#endif
#endif
#if defined( IM1_SET )
d_1(uint_32t, t_dec(i,m), mm_data, v0);
#endif
#if defined( IM4_SET )
d_4(uint_32t, t_dec(i,m), mm_data, v0, v1, v2, v3);
#endif
#endif
/*
---------------------------------------------------------------------------
Copyright (c) 1998-2007, Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software is allowed (with or without
changes) provided that:
1. source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
2. binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation;
3. the name of the copyright holder is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 20/12/2007
This file contains the code for declaring the tables needed to implement
AES. The file aesopt.h is assumed to be included before this header file.
If there are no global variables, the definitions here can be used to put
the AES tables in a structure so that a pointer can then be added to the
AES context to pass them to the AES routines that need them. If this
facility is used, the calling program has to ensure that this pointer is
managed appropriately. In particular, the value of the t_dec(in,it) item
in the table structure must be set to zero in order to ensure that the
tables are initialised. In practice the three code sequences in aeskey.c
that control the calls to aes_init() and the aes_init() routine itself will
have to be changed for a specific implementation. If global variables are
available it will generally be preferable to use them with the precomputed
FIXED_TABLES option that uses static global tables.
The following defines can be used to control the way the tables
are defined, initialised and used in embedded environments that
require special features for these purposes
the 't_dec' construction is used to declare fixed table arrays
the 't_set' construction is used to set fixed table values
the 't_use' construction is used to access fixed table values
256 byte tables:
t_xxx(s,box) => forward S box
t_xxx(i,box) => inverse S box
256 32-bit word OR 4 x 256 32-bit word tables:
t_xxx(f,n) => forward normal round
t_xxx(f,l) => forward last round
t_xxx(i,n) => inverse normal round
t_xxx(i,l) => inverse last round
t_xxx(l,s) => key schedule table
t_xxx(i,m) => key schedule table
Other variables and tables:
t_xxx(r,c) => the rcon table
*/
#if !defined( _AESTAB_H )
#define _AESTAB_H
#define t_dec(m,n) t_##m##n
#define t_set(m,n) t_##m##n
#define t_use(m,n) t_##m##n
#if defined(FIXED_TABLES)
# if !defined( __GNUC__ ) && (defined( __MSDOS__ ) || defined( __WIN16__ ))
/* make tables far data to avoid using too much DGROUP space (PG) */
# define CONST const far
# else
# define CONST const
# endif
#else
# define CONST
#endif
#if defined(__cplusplus)
# define EXTERN extern "C"
#elif defined(DO_TABLES)
# define EXTERN
#else
# define EXTERN extern
#endif
#if defined(_MSC_VER) && defined(TABLE_ALIGN)
#define ALIGN __declspec(align(TABLE_ALIGN))
#else
#define ALIGN
#endif
#if defined( __WATCOMC__ ) && ( __WATCOMC__ >= 1100 )
# define XP_DIR __cdecl
#else
# define XP_DIR
#endif
#if defined(DO_TABLES) && defined(FIXED_TABLES)
#define d_1(t,n,b,e) EXTERN ALIGN CONST XP_DIR t n[256] = b(e)
#define d_4(t,n,b,e,f,g,h) EXTERN ALIGN CONST XP_DIR t n[4][256] = { b(e), b(f), b(g), b(h) }
EXTERN ALIGN CONST uint_32t t_dec(r,c)[RC_LENGTH] = rc_data(w0);
#else
#define d_1(t,n,b,e) EXTERN ALIGN CONST XP_DIR t n[256]
#define d_4(t,n,b,e,f,g,h) EXTERN ALIGN CONST XP_DIR t n[4][256]
EXTERN ALIGN CONST uint_32t t_dec(r,c)[RC_LENGTH];
#endif
#if defined( SBX_SET )
d_1(uint_8t, t_dec(s,box), sb_data, h0);
#endif
#if defined( ISB_SET )
d_1(uint_8t, t_dec(i,box), isb_data, h0);
#endif
#if defined( FT1_SET )
d_1(uint_32t, t_dec(f,n), sb_data, u0);
#endif
#if defined( FT4_SET )
d_4(uint_32t, t_dec(f,n), sb_data, u0, u1, u2, u3);
#endif
#if defined( FL1_SET )
d_1(uint_32t, t_dec(f,l), sb_data, w0);
#endif
#if defined( FL4_SET )
d_4(uint_32t, t_dec(f,l), sb_data, w0, w1, w2, w3);
#endif
#if defined( IT1_SET )
d_1(uint_32t, t_dec(i,n), isb_data, v0);
#endif
#if defined( IT4_SET )
d_4(uint_32t, t_dec(i,n), isb_data, v0, v1, v2, v3);
#endif
#if defined( IL1_SET )
d_1(uint_32t, t_dec(i,l), isb_data, w0);
#endif
#if defined( IL4_SET )
d_4(uint_32t, t_dec(i,l), isb_data, w0, w1, w2, w3);
#endif
#if defined( LS1_SET )
#if defined( FL1_SET )
#undef LS1_SET
#else
d_1(uint_32t, t_dec(l,s), sb_data, w0);
#endif
#endif
#if defined( LS4_SET )
#if defined( FL4_SET )
#undef LS4_SET
#else
d_4(uint_32t, t_dec(l,s), sb_data, w0, w1, w2, w3);
#endif
#endif
#if defined( IM1_SET )
d_1(uint_32t, t_dec(i,m), mm_data, v0);
#endif
#if defined( IM4_SET )
d_4(uint_32t, t_dec(i,m), mm_data, v0, v1, v2, v3);
#endif
#endif

1034
src/Crypto/Crypto.vcproj
View File

File diff suppressed because it is too large Load Diff

2
src/Crypto/Makefile
View File

@@ -1 +1 @@
!INCLUDE $(NTMAKEENV)\makefile.def
!INCLUDE $(NTMAKEENV)\makefile.def

30
src/Crypto/Makefile.inc
View File

@@ -1,15 +1,15 @@
TC_ASFLAGS = -Xvc -Ox
!if "$(TC_ARCH)" == "x86"
TC_ASFLAGS = $(TC_ASFLAGS) -f win32 --prefix _ -D MS_STDCALL -D DLL_EXPORT
!else
TC_ASFLAGS = $(TC_ASFLAGS) -f win64
!endif
TC_ASM_ERR_LOG = ..\Driver\build_errors_asm.log
"$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).obj": Aes_$(TC_ARCH).asm
nasm.exe $(TC_ASFLAGS) -o "$@" -l "$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).lst" Aes_$(TC_ARCH).asm 2>$(TC_ASM_ERR_LOG)
"$(OBJ_PATH)\$(O)\Aes_hw_cpu.obj": Aes_hw_cpu.asm
nasm.exe $(TC_ASFLAGS) -o "$@" -l "$(OBJ_PATH)\$(O)\Aes_hw_cpu.lst" Aes_hw_cpu.asm 2>$(TC_ASM_ERR_LOG)
TC_ASFLAGS = -Xvc -Ox
!if "$(TC_ARCH)" == "x86"
TC_ASFLAGS = $(TC_ASFLAGS) -f win32 --prefix _ -D MS_STDCALL -D DLL_EXPORT
!else
TC_ASFLAGS = $(TC_ASFLAGS) -f win64
!endif
TC_ASM_ERR_LOG = ..\Driver\build_errors_asm.log
"$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).obj": Aes_$(TC_ARCH).asm
nasm.exe $(TC_ASFLAGS) -o "$@" -l "$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).lst" Aes_$(TC_ARCH).asm 2>$(TC_ASM_ERR_LOG)
"$(OBJ_PATH)\$(O)\Aes_hw_cpu.obj": Aes_hw_cpu.asm
nasm.exe $(TC_ASFLAGS) -o "$@" -l "$(OBJ_PATH)\$(O)\Aes_hw_cpu.lst" Aes_hw_cpu.asm 2>$(TC_ASM_ERR_LOG)

996
src/Crypto/Rmd160.c
View File

@@ -1,498 +1,498 @@
// RIPEMD-160 written and placed in the public domain by Wei Dai
/*
* This code implements the MD4 message-digest algorithm.
* The algorithm is due to Ron Rivest. This code was
* written by Colin Plumb in 1993, no copyright is claimed.
* This code is in the public domain; do with it what you wish.
*/
/* Adapted for TrueCrypt */
/* Adapted for VeraCrypt */
#include <memory.h>
#include "Common/Tcdefs.h"
#include "Common/Endian.h"
#include "Rmd160.h"
#define F(x, y, z) (x ^ y ^ z)
#define G(x, y, z) (z ^ (x & (y^z)))
#define H(x, y, z) (z ^ (x | ~y))
#define I(x, y, z) (y ^ (z & (x^y)))
#define J(x, y, z) (x ^ (y | ~z))
#define PUT_64BIT_LE(cp, value) do { \
(cp)[7] = (byte) ((value) >> 56); \
(cp)[6] = (byte) ((value) >> 48); \
(cp)[5] = (byte) ((value) >> 40); \
(cp)[4] = (byte) ((value) >> 32); \
(cp)[3] = (byte) ((value) >> 24); \
(cp)[2] = (byte) ((value) >> 16); \
(cp)[1] = (byte) ((value) >> 8); \
(cp)[0] = (byte) (value); } while (0)
#define PUT_32BIT_LE(cp, value) do { \
(cp)[3] = (byte) ((value) >> 24); \
(cp)[2] = (byte) ((value) >> 16); \
(cp)[1] = (byte) ((value) >> 8); \
(cp)[0] = (byte) (value); } while (0)
#ifndef TC_MINIMIZE_CODE_SIZE
static byte PADDING[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
#else
static byte PADDING[64];
#endif
void RMD160Init (RMD160_CTX *ctx)
{
ctx->count = 0;
ctx->state[0] = 0x67452301;
ctx->state[1] = 0xefcdab89;
ctx->state[2] = 0x98badcfe;
ctx->state[3] = 0x10325476;
ctx->state[4] = 0xc3d2e1f0;
PADDING[0] = 0x80;
}
/*
* Update context to reflect the concatenation of another buffer full
* of bytes.
*/
void RMD160Update (RMD160_CTX *ctx, const unsigned char *input, unsigned __int32 lenArg)
{
#ifndef TC_WINDOWS_BOOT
uint64 len = lenArg;
#else
uint32 len = lenArg;
#endif
unsigned int have, need;
/* Check how many bytes we already have and how many more we need. */
have = (unsigned int) ((ctx->count) & (RIPEMD160_BLOCK_LENGTH - 1));
need = RIPEMD160_BLOCK_LENGTH - have;
/* Update bitcount */
ctx->count += len;
if (len >= need) {
if (have != 0) {
memcpy (ctx->buffer + have, input, (size_t) need);
RMD160Transform ((uint32 *) ctx->state, (const uint32 *) ctx->buffer);
input += need;
len -= need;
have = 0;
}
/* Process data in RIPEMD160_BLOCK_LENGTH-byte chunks. */
while (len >= RIPEMD160_BLOCK_LENGTH) {
RMD160Transform ((uint32 *) ctx->state, (const uint32 *) input);
input += RIPEMD160_BLOCK_LENGTH;
len -= RIPEMD160_BLOCK_LENGTH;
}
}
/* Handle any remaining bytes of data. */
if (len != 0)
memcpy (ctx->buffer + have, input, (size_t) len);
}
/*
* Pad pad to 64-byte boundary with the bit pattern
* 1 0* (64-bit count of bits processed, MSB-first)
*/
static void RMD160Pad(RMD160_CTX *ctx)
{
byte count[8];
uint32 padlen;
/* Convert count to 8 bytes in little endian order. */
#ifndef TC_WINDOWS_BOOT
uint64 bitcount = ctx->count << 3;
PUT_64BIT_LE(count, bitcount);
#else
*(uint32 *) (count + 4) = 0;
*(uint32 *) (count + 0) = ctx->count << 3;
#endif
/* Pad out to 56 mod 64. */
padlen = RIPEMD160_BLOCK_LENGTH -
(uint32)((ctx->count) & (RIPEMD160_BLOCK_LENGTH - 1));
if (padlen < 1 + 8)
padlen += RIPEMD160_BLOCK_LENGTH;
RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
RMD160Update(ctx, count, 8);
}
/*
* Final wrapup--call RMD160Pad, fill in digest and zero out ctx.
*/
void RMD160Final(unsigned char *digest, RMD160_CTX *ctx)
{
int i;
RMD160Pad(ctx);
if (digest) {
for (i = 0; i < 5; i++)
PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
#ifndef TC_WINDOWS_BOOT
burn (ctx, sizeof(*ctx));
#endif
}
}
#ifndef TC_MINIMIZE_CODE_SIZE
#define word32 unsigned __int32
#define k0 0
#define k1 0x5a827999UL
#define k2 0x6ed9eba1UL
#define k3 0x8f1bbcdcUL
#define k4 0xa953fd4eUL
#define k5 0x50a28be6UL
#define k6 0x5c4dd124UL
#define k7 0x6d703ef3UL
#define k8 0x7a6d76e9UL
#define k9 0
static word32 rotlFixed (word32 x, unsigned int y)
{
return (word32)((x<<y) | (x>>(sizeof(word32)*8-y)));
}
#define Subround(f, a, b, c, d, e, x, s, k) \
a += f(b, c, d) + x + k;\
a = rotlFixed((word32)a, s) + e;\
c = rotlFixed((word32)c, 10U)
void RMD160Transform (unsigned __int32 *digest, const unsigned __int32 *data)
{
#if BYTE_ORDER == LITTLE_ENDIAN
const word32 *X = data;
#else
word32 X[16];
int i;
#endif
word32 a1, b1, c1, d1, e1, a2, b2, c2, d2, e2;
a1 = a2 = digest[0];
b1 = b2 = digest[1];
c1 = c2 = digest[2];
d1 = d2 = digest[3];
e1 = e2 = digest[4];
#if BYTE_ORDER == BIG_ENDIAN
for (i = 0; i < 16; i++)
{
X[i] = LE32 (data[i]);
}
#endif
Subround(F, a1, b1, c1, d1, e1, X[ 0], 11, k0);
Subround(F, e1, a1, b1, c1, d1, X[ 1], 14, k0);
Subround(F, d1, e1, a1, b1, c1, X[ 2], 15, k0);
Subround(F, c1, d1, e1, a1, b1, X[ 3], 12, k0);
Subround(F, b1, c1, d1, e1, a1, X[ 4], 5, k0);
Subround(F, a1, b1, c1, d1, e1, X[ 5], 8, k0);
Subround(F, e1, a1, b1, c1, d1, X[ 6], 7, k0);
Subround(F, d1, e1, a1, b1, c1, X[ 7], 9, k0);
Subround(F, c1, d1, e1, a1, b1, X[ 8], 11, k0);
Subround(F, b1, c1, d1, e1, a1, X[ 9], 13, k0);
Subround(F, a1, b1, c1, d1, e1, X[10], 14, k0);
Subround(F, e1, a1, b1, c1, d1, X[11], 15, k0);
Subround(F, d1, e1, a1, b1, c1, X[12], 6, k0);
Subround(F, c1, d1, e1, a1, b1, X[13], 7, k0);
Subround(F, b1, c1, d1, e1, a1, X[14], 9, k0);
Subround(F, a1, b1, c1, d1, e1, X[15], 8, k0);
Subround(G, e1, a1, b1, c1, d1, X[ 7], 7, k1);
Subround(G, d1, e1, a1, b1, c1, X[ 4], 6, k1);
Subround(G, c1, d1, e1, a1, b1, X[13], 8, k1);
Subround(G, b1, c1, d1, e1, a1, X[ 1], 13, k1);
Subround(G, a1, b1, c1, d1, e1, X[10], 11, k1);
Subround(G, e1, a1, b1, c1, d1, X[ 6], 9, k1);
Subround(G, d1, e1, a1, b1, c1, X[15], 7, k1);
Subround(G, c1, d1, e1, a1, b1, X[ 3], 15, k1);
Subround(G, b1, c1, d1, e1, a1, X[12], 7, k1);
Subround(G, a1, b1, c1, d1, e1, X[ 0], 12, k1);
Subround(G, e1, a1, b1, c1, d1, X[ 9], 15, k1);
Subround(G, d1, e1, a1, b1, c1, X[ 5], 9, k1);
Subround(G, c1, d1, e1, a1, b1, X[ 2], 11, k1);
Subround(G, b1, c1, d1, e1, a1, X[14], 7, k1);
Subround(G, a1, b1, c1, d1, e1, X[11], 13, k1);
Subround(G, e1, a1, b1, c1, d1, X[ 8], 12, k1);
Subround(H, d1, e1, a1, b1, c1, X[ 3], 11, k2);
Subround(H, c1, d1, e1, a1, b1, X[10], 13, k2);
Subround(H, b1, c1, d1, e1, a1, X[14], 6, k2);
Subround(H, a1, b1, c1, d1, e1, X[ 4], 7, k2);
Subround(H, e1, a1, b1, c1, d1, X[ 9], 14, k2);
Subround(H, d1, e1, a1, b1, c1, X[15], 9, k2);
Subround(H, c1, d1, e1, a1, b1, X[ 8], 13, k2);
Subround(H, b1, c1, d1, e1, a1, X[ 1], 15, k2);
Subround(H, a1, b1, c1, d1, e1, X[ 2], 14, k2);
Subround(H, e1, a1, b1, c1, d1, X[ 7], 8, k2);
Subround(H, d1, e1, a1, b1, c1, X[ 0], 13, k2);
Subround(H, c1, d1, e1, a1, b1, X[ 6], 6, k2);
Subround(H, b1, c1, d1, e1, a1, X[13], 5, k2);
Subround(H, a1, b1, c1, d1, e1, X[11], 12, k2);
Subround(H, e1, a1, b1, c1, d1, X[ 5], 7, k2);
Subround(H, d1, e1, a1, b1, c1, X[12], 5, k2);
Subround(I, c1, d1, e1, a1, b1, X[ 1], 11, k3);
Subround(I, b1, c1, d1, e1, a1, X[ 9], 12, k3);
Subround(I, a1, b1, c1, d1, e1, X[11], 14, k3);
Subround(I, e1, a1, b1, c1, d1, X[10], 15, k3);
Subround(I, d1, e1, a1, b1, c1, X[ 0], 14, k3);
Subround(I, c1, d1, e1, a1, b1, X[ 8], 15, k3);
Subround(I, b1, c1, d1, e1, a1, X[12], 9, k3);
Subround(I, a1, b1, c1, d1, e1, X[ 4], 8, k3);
Subround(I, e1, a1, b1, c1, d1, X[13], 9, k3);
Subround(I, d1, e1, a1, b1, c1, X[ 3], 14, k3);
Subround(I, c1, d1, e1, a1, b1, X[ 7], 5, k3);
Subround(I, b1, c1, d1, e1, a1, X[15], 6, k3);
Subround(I, a1, b1, c1, d1, e1, X[14], 8, k3);
Subround(I, e1, a1, b1, c1, d1, X[ 5], 6, k3);
Subround(I, d1, e1, a1, b1, c1, X[ 6], 5, k3);
Subround(I, c1, d1, e1, a1, b1, X[ 2], 12, k3);
Subround(J, b1, c1, d1, e1, a1, X[ 4], 9, k4);
Subround(J, a1, b1, c1, d1, e1, X[ 0], 15, k4);
Subround(J, e1, a1, b1, c1, d1, X[ 5], 5, k4);
Subround(J, d1, e1, a1, b1, c1, X[ 9], 11, k4);
Subround(J, c1, d1, e1, a1, b1, X[ 7], 6, k4);
Subround(J, b1, c1, d1, e1, a1, X[12], 8, k4);
Subround(J, a1, b1, c1, d1, e1, X[ 2], 13, k4);
Subround(J, e1, a1, b1, c1, d1, X[10], 12, k4);
Subround(J, d1, e1, a1, b1, c1, X[14], 5, k4);
Subround(J, c1, d1, e1, a1, b1, X[ 1], 12, k4);
Subround(J, b1, c1, d1, e1, a1, X[ 3], 13, k4);
Subround(J, a1, b1, c1, d1, e1, X[ 8], 14, k4);
Subround(J, e1, a1, b1, c1, d1, X[11], 11, k4);
Subround(J, d1, e1, a1, b1, c1, X[ 6], 8, k4);
Subround(J, c1, d1, e1, a1, b1, X[15], 5, k4);
Subround(J, b1, c1, d1, e1, a1, X[13], 6, k4);
Subround(J, a2, b2, c2, d2, e2, X[ 5], 8, k5);
Subround(J, e2, a2, b2, c2, d2, X[14], 9, k5);
Subround(J, d2, e2, a2, b2, c2, X[ 7], 9, k5);
Subround(J, c2, d2, e2, a2, b2, X[ 0], 11, k5);
Subround(J, b2, c2, d2, e2, a2, X[ 9], 13, k5);
Subround(J, a2, b2, c2, d2, e2, X[ 2], 15, k5);
Subround(J, e2, a2, b2, c2, d2, X[11], 15, k5);
Subround(J, d2, e2, a2, b2, c2, X[ 4], 5, k5);
Subround(J, c2, d2, e2, a2, b2, X[13], 7, k5);
Subround(J, b2, c2, d2, e2, a2, X[ 6], 7, k5);
Subround(J, a2, b2, c2, d2, e2, X[15], 8, k5);
Subround(J, e2, a2, b2, c2, d2, X[ 8], 11, k5);
Subround(J, d2, e2, a2, b2, c2, X[ 1], 14, k5);
Subround(J, c2, d2, e2, a2, b2, X[10], 14, k5);
Subround(J, b2, c2, d2, e2, a2, X[ 3], 12, k5);
Subround(J, a2, b2, c2, d2, e2, X[12], 6, k5);
Subround(I, e2, a2, b2, c2, d2, X[ 6], 9, k6);
Subround(I, d2, e2, a2, b2, c2, X[11], 13, k6);
Subround(I, c2, d2, e2, a2, b2, X[ 3], 15, k6);
Subround(I, b2, c2, d2, e2, a2, X[ 7], 7, k6);
Subround(I, a2, b2, c2, d2, e2, X[ 0], 12, k6);
Subround(I, e2, a2, b2, c2, d2, X[13], 8, k6);
Subround(I, d2, e2, a2, b2, c2, X[ 5], 9, k6);
Subround(I, c2, d2, e2, a2, b2, X[10], 11, k6);
Subround(I, b2, c2, d2, e2, a2, X[14], 7, k6);
Subround(I, a2, b2, c2, d2, e2, X[15], 7, k6);
Subround(I, e2, a2, b2, c2, d2, X[ 8], 12, k6);
Subround(I, d2, e2, a2, b2, c2, X[12], 7, k6);
Subround(I, c2, d2, e2, a2, b2, X[ 4], 6, k6);
Subround(I, b2, c2, d2, e2, a2, X[ 9], 15, k6);
Subround(I, a2, b2, c2, d2, e2, X[ 1], 13, k6);
Subround(I, e2, a2, b2, c2, d2, X[ 2], 11, k6);
Subround(H, d2, e2, a2, b2, c2, X[15], 9, k7);
Subround(H, c2, d2, e2, a2, b2, X[ 5], 7, k7);
Subround(H, b2, c2, d2, e2, a2, X[ 1], 15, k7);
Subround(H, a2, b2, c2, d2, e2, X[ 3], 11, k7);
Subround(H, e2, a2, b2, c2, d2, X[ 7], 8, k7);
Subround(H, d2, e2, a2, b2, c2, X[14], 6, k7);
Subround(H, c2, d2, e2, a2, b2, X[ 6], 6, k7);
Subround(H, b2, c2, d2, e2, a2, X[ 9], 14, k7);
Subround(H, a2, b2, c2, d2, e2, X[11], 12, k7);
Subround(H, e2, a2, b2, c2, d2, X[ 8], 13, k7);
Subround(H, d2, e2, a2, b2, c2, X[12], 5, k7);
Subround(H, c2, d2, e2, a2, b2, X[ 2], 14, k7);
Subround(H, b2, c2, d2, e2, a2, X[10], 13, k7);
Subround(H, a2, b2, c2, d2, e2, X[ 0], 13, k7);
Subround(H, e2, a2, b2, c2, d2, X[ 4], 7, k7);
Subround(H, d2, e2, a2, b2, c2, X[13], 5, k7);
Subround(G, c2, d2, e2, a2, b2, X[ 8], 15, k8);
Subround(G, b2, c2, d2, e2, a2, X[ 6], 5, k8);
Subround(G, a2, b2, c2, d2, e2, X[ 4], 8, k8);
Subround(G, e2, a2, b2, c2, d2, X[ 1], 11, k8);
Subround(G, d2, e2, a2, b2, c2, X[ 3], 14, k8);
Subround(G, c2, d2, e2, a2, b2, X[11], 14, k8);
Subround(G, b2, c2, d2, e2, a2, X[15], 6, k8);
Subround(G, a2, b2, c2, d2, e2, X[ 0], 14, k8);
Subround(G, e2, a2, b2, c2, d2, X[ 5], 6, k8);
Subround(G, d2, e2, a2, b2, c2, X[12], 9, k8);
Subround(G, c2, d2, e2, a2, b2, X[ 2], 12, k8);
Subround(G, b2, c2, d2, e2, a2, X[13], 9, k8);
Subround(G, a2, b2, c2, d2, e2, X[ 9], 12, k8);
Subround(G, e2, a2, b2, c2, d2, X[ 7], 5, k8);
Subround(G, d2, e2, a2, b2, c2, X[10], 15, k8);
Subround(G, c2, d2, e2, a2, b2, X[14], 8, k8);
Subround(F, b2, c2, d2, e2, a2, X[12], 8, k9);
Subround(F, a2, b2, c2, d2, e2, X[15], 5, k9);
Subround(F, e2, a2, b2, c2, d2, X[10], 12, k9);
Subround(F, d2, e2, a2, b2, c2, X[ 4], 9, k9);
Subround(F, c2, d2, e2, a2, b2, X[ 1], 12, k9);
Subround(F, b2, c2, d2, e2, a2, X[ 5], 5, k9);
Subround(F, a2, b2, c2, d2, e2, X[ 8], 14, k9);
Subround(F, e2, a2, b2, c2, d2, X[ 7], 6, k9);
Subround(F, d2, e2, a2, b2, c2, X[ 6], 8, k9);
Subround(F, c2, d2, e2, a2, b2, X[ 2], 13, k9);
Subround(F, b2, c2, d2, e2, a2, X[13], 6, k9);
Subround(F, a2, b2, c2, d2, e2, X[14], 5, k9);
Subround(F, e2, a2, b2, c2, d2, X[ 0], 15, k9);
Subround(F, d2, e2, a2, b2, c2, X[ 3], 13, k9);
Subround(F, c2, d2, e2, a2, b2, X[ 9], 11, k9);
Subround(F, b2, c2, d2, e2, a2, X[11], 11, k9);
c1 = digest[1] + c1 + d2;
digest[1] = digest[2] + d1 + e2;
digest[2] = digest[3] + e1 + a2;
digest[3] = digest[4] + a1 + b2;
digest[4] = digest[0] + b1 + c2;
digest[0] = c1;
}
#else // TC_MINIMIZE_CODE_SIZE
/*
Derived from source code of TrueCrypt 7.1a, which is
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages.
*/
#pragma optimize ("tl", on)
typedef unsigned __int32 uint32;
typedef unsigned __int8 byte;
#include <stdlib.h>
#pragma intrinsic (_lrotl)
static const byte OrderTab[] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13,
5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
};
static const byte RolTab[] = {
11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6,
8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
};
static const uint32 KTab[] = {
0x00000000UL,
0x5A827999UL,
0x6ED9EBA1UL,
0x8F1BBCDCUL,
0xA953FD4EUL,
0x50A28BE6UL,
0x5C4DD124UL,
0x6D703EF3UL,
0x7A6D76E9UL,
0x00000000UL
};
void RMD160Transform (unsigned __int32 *state, const unsigned __int32 *data)
{
uint32 a, b, c, d, e;
uint32 a2, b2, c2, d2, e2;
byte pos;
uint32 tmp;
a = state[0];
b = state[1];
c = state[2];
d = state[3];
e = state[4];
for (pos = 0; pos < 160; ++pos)
{
tmp = a + data[OrderTab[pos]] + KTab[pos >> 4];
switch (pos >> 4)
{
case 0: case 9: tmp += F (b, c, d); break;
case 1: case 8: tmp += G (b, c, d); break;
case 2: case 7: tmp += H (b, c, d); break;
case 3: case 6: tmp += I (b, c, d); break;
case 4: case 5: tmp += J (b, c, d); break;
}
tmp = _lrotl (tmp, RolTab[pos]) + e;
a = e;
e = d;
d = _lrotl (c, 10);
c = b;
b = tmp;
if (pos == 79)
{
a2 = a;
b2 = b;
c2 = c;
d2 = d;
e2 = e;
a = state[0];
b = state[1];
c = state[2];
d = state[3];
e = state[4];
}
}
tmp = state[1] + c2 + d;
state[1] = state[2] + d2 + e;
state[2] = state[3] + e2 + a;
state[3] = state[4] + a2 + b;
state[4] = state[0] + b2 + c;
state[0] = tmp;
}
#endif // TC_MINIMIZE_CODE_SIZE
// RIPEMD-160 written and placed in the public domain by Wei Dai
/*
* This code implements the MD4 message-digest algorithm.
* The algorithm is due to Ron Rivest. This code was
* written by Colin Plumb in 1993, no copyright is claimed.
* This code is in the public domain; do with it what you wish.
*/
/* Adapted for TrueCrypt */
/* Adapted for VeraCrypt */
#include <memory.h>
#include "Common/Tcdefs.h"
#include "Common/Endian.h"
#include "Rmd160.h"
#define F(x, y, z) (x ^ y ^ z)
#define G(x, y, z) (z ^ (x & (y^z)))
#define H(x, y, z) (z ^ (x | ~y))
#define I(x, y, z) (y ^ (z & (x^y)))
#define J(x, y, z) (x ^ (y | ~z))
#define PUT_64BIT_LE(cp, value) do { \
(cp)[7] = (byte) ((value) >> 56); \
(cp)[6] = (byte) ((value) >> 48); \
(cp)[5] = (byte) ((value) >> 40); \
(cp)[4] = (byte) ((value) >> 32); \
(cp)[3] = (byte) ((value) >> 24); \
(cp)[2] = (byte) ((value) >> 16); \
(cp)[1] = (byte) ((value) >> 8); \
(cp)[0] = (byte) (value); } while (0)
#define PUT_32BIT_LE(cp, value) do { \
(cp)[3] = (byte) ((value) >> 24); \
(cp)[2] = (byte) ((value) >> 16); \
(cp)[1] = (byte) ((value) >> 8); \
(cp)[0] = (byte) (value); } while (0)
#ifndef TC_MINIMIZE_CODE_SIZE
static byte PADDING[64] = {
0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0
};
#else
static byte PADDING[64];
#endif
void RMD160Init (RMD160_CTX *ctx)
{
ctx->count = 0;
ctx->state[0] = 0x67452301;
ctx->state[1] = 0xefcdab89;
ctx->state[2] = 0x98badcfe;
ctx->state[3] = 0x10325476;
ctx->state[4] = 0xc3d2e1f0;
PADDING[0] = 0x80;
}
/*
* Update context to reflect the concatenation of another buffer full
* of bytes.
*/
void RMD160Update (RMD160_CTX *ctx, const unsigned char *input, unsigned __int32 lenArg)
{
#ifndef TC_WINDOWS_BOOT
uint64 len = lenArg;
#else
uint32 len = lenArg;
#endif
unsigned int have, need;
/* Check how many bytes we already have and how many more we need. */
have = (unsigned int) ((ctx->count) & (RIPEMD160_BLOCK_LENGTH - 1));
need = RIPEMD160_BLOCK_LENGTH - have;
/* Update bitcount */
ctx->count += len;
if (len >= need) {
if (have != 0) {
memcpy (ctx->buffer + have, input, (size_t) need);
RMD160Transform ((uint32 *) ctx->state, (const uint32 *) ctx->buffer);
input += need;
len -= need;
have = 0;
}
/* Process data in RIPEMD160_BLOCK_LENGTH-byte chunks. */
while (len >= RIPEMD160_BLOCK_LENGTH) {
RMD160Transform ((uint32 *) ctx->state, (const uint32 *) input);
input += RIPEMD160_BLOCK_LENGTH;
len -= RIPEMD160_BLOCK_LENGTH;
}
}
/* Handle any remaining bytes of data. */
if (len != 0)
memcpy (ctx->buffer + have, input, (size_t) len);
}
/*
* Pad pad to 64-byte boundary with the bit pattern
* 1 0* (64-bit count of bits processed, MSB-first)
*/
static void RMD160Pad(RMD160_CTX *ctx)
{
byte count[8];
uint32 padlen;
/* Convert count to 8 bytes in little endian order. */
#ifndef TC_WINDOWS_BOOT
uint64 bitcount = ctx->count << 3;
PUT_64BIT_LE(count, bitcount);
#else
*(uint32 *) (count + 4) = 0;
*(uint32 *) (count + 0) = ctx->count << 3;
#endif
/* Pad out to 56 mod 64. */
padlen = RIPEMD160_BLOCK_LENGTH -
(uint32)((ctx->count) & (RIPEMD160_BLOCK_LENGTH - 1));
if (padlen < 1 + 8)
padlen += RIPEMD160_BLOCK_LENGTH;
RMD160Update(ctx, PADDING, padlen - 8); /* padlen - 8 <= 64 */
RMD160Update(ctx, count, 8);
}
/*
* Final wrapup--call RMD160Pad, fill in digest and zero out ctx.
*/
void RMD160Final(unsigned char *digest, RMD160_CTX *ctx)
{
int i;
RMD160Pad(ctx);
if (digest) {
for (i = 0; i < 5; i++)
PUT_32BIT_LE(digest + i * 4, ctx->state[i]);
#ifndef TC_WINDOWS_BOOT
burn (ctx, sizeof(*ctx));
#endif
}
}
#ifndef TC_MINIMIZE_CODE_SIZE
#define word32 unsigned __int32
#define k0 0
#define k1 0x5a827999UL
#define k2 0x6ed9eba1UL
#define k3 0x8f1bbcdcUL
#define k4 0xa953fd4eUL
#define k5 0x50a28be6UL
#define k6 0x5c4dd124UL
#define k7 0x6d703ef3UL
#define k8 0x7a6d76e9UL
#define k9 0
static word32 rotlFixed (word32 x, unsigned int y)
{
return (word32)((x<<y) | (x>>(sizeof(word32)*8-y)));
}
#define Subround(f, a, b, c, d, e, x, s, k) \
a += f(b, c, d) + x + k;\
a = rotlFixed((word32)a, s) + e;\
c = rotlFixed((word32)c, 10U)
void RMD160Transform (unsigned __int32 *digest, const unsigned __int32 *data)
{
#if BYTE_ORDER == LITTLE_ENDIAN
const word32 *X = data;
#else
word32 X[16];
int i;
#endif
word32 a1, b1, c1, d1, e1, a2, b2, c2, d2, e2;
a1 = a2 = digest[0];
b1 = b2 = digest[1];
c1 = c2 = digest[2];
d1 = d2 = digest[3];
e1 = e2 = digest[4];
#if BYTE_ORDER == BIG_ENDIAN
for (i = 0; i < 16; i++)
{
X[i] = LE32 (data[i]);
}
#endif
Subround(F, a1, b1, c1, d1, e1, X[ 0], 11, k0);
Subround(F, e1, a1, b1, c1, d1, X[ 1], 14, k0);
Subround(F, d1, e1, a1, b1, c1, X[ 2], 15, k0);
Subround(F, c1, d1, e1, a1, b1, X[ 3], 12, k0);
Subround(F, b1, c1, d1, e1, a1, X[ 4], 5, k0);
Subround(F, a1, b1, c1, d1, e1, X[ 5], 8, k0);
Subround(F, e1, a1, b1, c1, d1, X[ 6], 7, k0);
Subround(F, d1, e1, a1, b1, c1, X[ 7], 9, k0);
Subround(F, c1, d1, e1, a1, b1, X[ 8], 11, k0);
Subround(F, b1, c1, d1, e1, a1, X[ 9], 13, k0);
Subround(F, a1, b1, c1, d1, e1, X[10], 14, k0);
Subround(F, e1, a1, b1, c1, d1, X[11], 15, k0);
Subround(F, d1, e1, a1, b1, c1, X[12], 6, k0);
Subround(F, c1, d1, e1, a1, b1, X[13], 7, k0);
Subround(F, b1, c1, d1, e1, a1, X[14], 9, k0);
Subround(F, a1, b1, c1, d1, e1, X[15], 8, k0);
Subround(G, e1, a1, b1, c1, d1, X[ 7], 7, k1);
Subround(G, d1, e1, a1, b1, c1, X[ 4], 6, k1);
Subround(G, c1, d1, e1, a1, b1, X[13], 8, k1);
Subround(G, b1, c1, d1, e1, a1, X[ 1], 13, k1);
Subround(G, a1, b1, c1, d1, e1, X[10], 11, k1);
Subround(G, e1, a1, b1, c1, d1, X[ 6], 9, k1);
Subround(G, d1, e1, a1, b1, c1, X[15], 7, k1);
Subround(G, c1, d1, e1, a1, b1, X[ 3], 15, k1);
Subround(G, b1, c1, d1, e1, a1, X[12], 7, k1);
Subround(G, a1, b1, c1, d1, e1, X[ 0], 12, k1);
Subround(G, e1, a1, b1, c1, d1, X[ 9], 15, k1);
Subround(G, d1, e1, a1, b1, c1, X[ 5], 9, k1);
Subround(G, c1, d1, e1, a1, b1, X[ 2], 11, k1);
Subround(G, b1, c1, d1, e1, a1, X[14], 7, k1);
Subround(G, a1, b1, c1, d1, e1, X[11], 13, k1);
Subround(G, e1, a1, b1, c1, d1, X[ 8], 12, k1);
Subround(H, d1, e1, a1, b1, c1, X[ 3], 11, k2);
Subround(H, c1, d1, e1, a1, b1, X[10], 13, k2);
Subround(H, b1, c1, d1, e1, a1, X[14], 6, k2);
Subround(H, a1, b1, c1, d1, e1, X[ 4], 7, k2);
Subround(H, e1, a1, b1, c1, d1, X[ 9], 14, k2);
Subround(H, d1, e1, a1, b1, c1, X[15], 9, k2);
Subround(H, c1, d1, e1, a1, b1, X[ 8], 13, k2);
Subround(H, b1, c1, d1, e1, a1, X[ 1], 15, k2);
Subround(H, a1, b1, c1, d1, e1, X[ 2], 14, k2);
Subround(H, e1, a1, b1, c1, d1, X[ 7], 8, k2);
Subround(H, d1, e1, a1, b1, c1, X[ 0], 13, k2);
Subround(H, c1, d1, e1, a1, b1, X[ 6], 6, k2);
Subround(H, b1, c1, d1, e1, a1, X[13], 5, k2);
Subround(H, a1, b1, c1, d1, e1, X[11], 12, k2);
Subround(H, e1, a1, b1, c1, d1, X[ 5], 7, k2);
Subround(H, d1, e1, a1, b1, c1, X[12], 5, k2);
Subround(I, c1, d1, e1, a1, b1, X[ 1], 11, k3);
Subround(I, b1, c1, d1, e1, a1, X[ 9], 12, k3);
Subround(I, a1, b1, c1, d1, e1, X[11], 14, k3);
Subround(I, e1, a1, b1, c1, d1, X[10], 15, k3);
Subround(I, d1, e1, a1, b1, c1, X[ 0], 14, k3);
Subround(I, c1, d1, e1, a1, b1, X[ 8], 15, k3);
Subround(I, b1, c1, d1, e1, a1, X[12], 9, k3);
Subround(I, a1, b1, c1, d1, e1, X[ 4], 8, k3);
Subround(I, e1, a1, b1, c1, d1, X[13], 9, k3);
Subround(I, d1, e1, a1, b1, c1, X[ 3], 14, k3);
Subround(I, c1, d1, e1, a1, b1, X[ 7], 5, k3);
Subround(I, b1, c1, d1, e1, a1, X[15], 6, k3);
Subround(I, a1, b1, c1, d1, e1, X[14], 8, k3);
Subround(I, e1, a1, b1, c1, d1, X[ 5], 6, k3);
Subround(I, d1, e1, a1, b1, c1, X[ 6], 5, k3);
Subround(I, c1, d1, e1, a1, b1, X[ 2], 12, k3);
Subround(J, b1, c1, d1, e1, a1, X[ 4], 9, k4);
Subround(J, a1, b1, c1, d1, e1, X[ 0], 15, k4);
Subround(J, e1, a1, b1, c1, d1, X[ 5], 5, k4);
Subround(J, d1, e1, a1, b1, c1, X[ 9], 11, k4);
Subround(J, c1, d1, e1, a1, b1, X[ 7], 6, k4);
Subround(J, b1, c1, d1, e1, a1, X[12], 8, k4);
Subround(J, a1, b1, c1, d1, e1, X[ 2], 13, k4);
Subround(J, e1, a1, b1, c1, d1, X[10], 12, k4);
Subround(J, d1, e1, a1, b1, c1, X[14], 5, k4);
Subround(J, c1, d1, e1, a1, b1, X[ 1], 12, k4);
Subround(J, b1, c1, d1, e1, a1, X[ 3], 13, k4);
Subround(J, a1, b1, c1, d1, e1, X[ 8], 14, k4);
Subround(J, e1, a1, b1, c1, d1, X[11], 11, k4);
Subround(J, d1, e1, a1, b1, c1, X[ 6], 8, k4);
Subround(J, c1, d1, e1, a1, b1, X[15], 5, k4);
Subround(J, b1, c1, d1, e1, a1, X[13], 6, k4);
Subround(J, a2, b2, c2, d2, e2, X[ 5], 8, k5);
Subround(J, e2, a2, b2, c2, d2, X[14], 9, k5);
Subround(J, d2, e2, a2, b2, c2, X[ 7], 9, k5);
Subround(J, c2, d2, e2, a2, b2, X[ 0], 11, k5);
Subround(J, b2, c2, d2, e2, a2, X[ 9], 13, k5);
Subround(J, a2, b2, c2, d2, e2, X[ 2], 15, k5);
Subround(J, e2, a2, b2, c2, d2, X[11], 15, k5);
Subround(J, d2, e2, a2, b2, c2, X[ 4], 5, k5);
Subround(J, c2, d2, e2, a2, b2, X[13], 7, k5);
Subround(J, b2, c2, d2, e2, a2, X[ 6], 7, k5);
Subround(J, a2, b2, c2, d2, e2, X[15], 8, k5);
Subround(J, e2, a2, b2, c2, d2, X[ 8], 11, k5);
Subround(J, d2, e2, a2, b2, c2, X[ 1], 14, k5);
Subround(J, c2, d2, e2, a2, b2, X[10], 14, k5);
Subround(J, b2, c2, d2, e2, a2, X[ 3], 12, k5);
Subround(J, a2, b2, c2, d2, e2, X[12], 6, k5);
Subround(I, e2, a2, b2, c2, d2, X[ 6], 9, k6);
Subround(I, d2, e2, a2, b2, c2, X[11], 13, k6);
Subround(I, c2, d2, e2, a2, b2, X[ 3], 15, k6);
Subround(I, b2, c2, d2, e2, a2, X[ 7], 7, k6);
Subround(I, a2, b2, c2, d2, e2, X[ 0], 12, k6);
Subround(I, e2, a2, b2, c2, d2, X[13], 8, k6);
Subround(I, d2, e2, a2, b2, c2, X[ 5], 9, k6);
Subround(I, c2, d2, e2, a2, b2, X[10], 11, k6);
Subround(I, b2, c2, d2, e2, a2, X[14], 7, k6);
Subround(I, a2, b2, c2, d2, e2, X[15], 7, k6);
Subround(I, e2, a2, b2, c2, d2, X[ 8], 12, k6);
Subround(I, d2, e2, a2, b2, c2, X[12], 7, k6);
Subround(I, c2, d2, e2, a2, b2, X[ 4], 6, k6);
Subround(I, b2, c2, d2, e2, a2, X[ 9], 15, k6);
Subround(I, a2, b2, c2, d2, e2, X[ 1], 13, k6);
Subround(I, e2, a2, b2, c2, d2, X[ 2], 11, k6);
Subround(H, d2, e2, a2, b2, c2, X[15], 9, k7);
Subround(H, c2, d2, e2, a2, b2, X[ 5], 7, k7);
Subround(H, b2, c2, d2, e2, a2, X[ 1], 15, k7);
Subround(H, a2, b2, c2, d2, e2, X[ 3], 11, k7);
Subround(H, e2, a2, b2, c2, d2, X[ 7], 8, k7);
Subround(H, d2, e2, a2, b2, c2, X[14], 6, k7);
Subround(H, c2, d2, e2, a2, b2, X[ 6], 6, k7);
Subround(H, b2, c2, d2, e2, a2, X[ 9], 14, k7);
Subround(H, a2, b2, c2, d2, e2, X[11], 12, k7);
Subround(H, e2, a2, b2, c2, d2, X[ 8], 13, k7);
Subround(H, d2, e2, a2, b2, c2, X[12], 5, k7);
Subround(H, c2, d2, e2, a2, b2, X[ 2], 14, k7);
Subround(H, b2, c2, d2, e2, a2, X[10], 13, k7);
Subround(H, a2, b2, c2, d2, e2, X[ 0], 13, k7);
Subround(H, e2, a2, b2, c2, d2, X[ 4], 7, k7);
Subround(H, d2, e2, a2, b2, c2, X[13], 5, k7);
Subround(G, c2, d2, e2, a2, b2, X[ 8], 15, k8);
Subround(G, b2, c2, d2, e2, a2, X[ 6], 5, k8);
Subround(G, a2, b2, c2, d2, e2, X[ 4], 8, k8);
Subround(G, e2, a2, b2, c2, d2, X[ 1], 11, k8);
Subround(G, d2, e2, a2, b2, c2, X[ 3], 14, k8);
Subround(G, c2, d2, e2, a2, b2, X[11], 14, k8);
Subround(G, b2, c2, d2, e2, a2, X[15], 6, k8);
Subround(G, a2, b2, c2, d2, e2, X[ 0], 14, k8);
Subround(G, e2, a2, b2, c2, d2, X[ 5], 6, k8);
Subround(G, d2, e2, a2, b2, c2, X[12], 9, k8);
Subround(G, c2, d2, e2, a2, b2, X[ 2], 12, k8);
Subround(G, b2, c2, d2, e2, a2, X[13], 9, k8);
Subround(G, a2, b2, c2, d2, e2, X[ 9], 12, k8);
Subround(G, e2, a2, b2, c2, d2, X[ 7], 5, k8);
Subround(G, d2, e2, a2, b2, c2, X[10], 15, k8);
Subround(G, c2, d2, e2, a2, b2, X[14], 8, k8);
Subround(F, b2, c2, d2, e2, a2, X[12], 8, k9);
Subround(F, a2, b2, c2, d2, e2, X[15], 5, k9);
Subround(F, e2, a2, b2, c2, d2, X[10], 12, k9);
Subround(F, d2, e2, a2, b2, c2, X[ 4], 9, k9);
Subround(F, c2, d2, e2, a2, b2, X[ 1], 12, k9);
Subround(F, b2, c2, d2, e2, a2, X[ 5], 5, k9);
Subround(F, a2, b2, c2, d2, e2, X[ 8], 14, k9);
Subround(F, e2, a2, b2, c2, d2, X[ 7], 6, k9);
Subround(F, d2, e2, a2, b2, c2, X[ 6], 8, k9);
Subround(F, c2, d2, e2, a2, b2, X[ 2], 13, k9);
Subround(F, b2, c2, d2, e2, a2, X[13], 6, k9);
Subround(F, a2, b2, c2, d2, e2, X[14], 5, k9);
Subround(F, e2, a2, b2, c2, d2, X[ 0], 15, k9);
Subround(F, d2, e2, a2, b2, c2, X[ 3], 13, k9);
Subround(F, c2, d2, e2, a2, b2, X[ 9], 11, k9);
Subround(F, b2, c2, d2, e2, a2, X[11], 11, k9);
c1 = digest[1] + c1 + d2;
digest[1] = digest[2] + d1 + e2;
digest[2] = digest[3] + e1 + a2;
digest[3] = digest[4] + a1 + b2;
digest[4] = digest[0] + b1 + c2;
digest[0] = c1;
}
#else // TC_MINIMIZE_CODE_SIZE
/*
Derived from source code of TrueCrypt 7.1a, which is
Copyright (c) 2008-2012 TrueCrypt Developers Association and which is governed
by the TrueCrypt License 3.0.
Modifications and additions to the original source code (contained in this file)
and all other portions of this file are Copyright (c) 2013-2016 IDRIX
and are governed by the Apache License 2.0 the full text of which is
contained in the file License.txt included in VeraCrypt binary and source
code distribution packages.
*/
#pragma optimize ("tl", on)
typedef unsigned __int32 uint32;
typedef unsigned __int8 byte;
#include <stdlib.h>
#pragma intrinsic (_lrotl)
static const byte OrderTab[] = {
0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15,
7, 4, 13, 1, 10, 6, 15, 3, 12, 0, 9, 5, 2, 14, 11, 8,
3, 10, 14, 4, 9, 15, 8, 1, 2, 7, 0, 6, 13, 11, 5, 12,
1, 9, 11, 10, 0, 8, 12, 4, 13, 3, 7, 15, 14, 5, 6, 2,
4, 0, 5, 9, 7, 12, 2, 10, 14, 1, 3, 8, 11, 6, 15, 13,
5, 14, 7, 0, 9, 2, 11, 4, 13, 6, 15, 8, 1, 10, 3, 12,
6, 11, 3, 7, 0, 13, 5, 10, 14, 15, 8, 12, 4, 9, 1, 2,
15, 5, 1, 3, 7, 14, 6, 9, 11, 8, 12, 2, 10, 0, 4, 13,
8, 6, 4, 1, 3, 11, 15, 0, 5, 12, 2, 13, 9, 7, 10, 14,
12, 15, 10, 4, 1, 5, 8, 7, 6, 2, 13, 14, 0, 3, 9, 11
};
static const byte RolTab[] = {
11, 14, 15, 12, 5, 8, 7, 9, 11, 13, 14, 15, 6, 7, 9, 8,
7, 6, 8, 13, 11, 9, 7, 15, 7, 12, 15, 9, 11, 7, 13, 12,
11, 13, 6, 7, 14, 9, 13, 15, 14, 8, 13, 6, 5, 12, 7, 5,
11, 12, 14, 15, 14, 15, 9, 8, 9, 14, 5, 6, 8, 6, 5, 12,
9, 15, 5, 11, 6, 8, 13, 12, 5, 12, 13, 14, 11, 8, 5, 6,
8, 9, 9, 11, 13, 15, 15, 5, 7, 7, 8, 11, 14, 14, 12, 6,
9, 13, 15, 7, 12, 8, 9, 11, 7, 7, 12, 7, 6, 15, 13, 11,
9, 7, 15, 11, 8, 6, 6, 14, 12, 13, 5, 14, 13, 13, 7, 5,
15, 5, 8, 11, 14, 14, 6, 14, 6, 9, 12, 9, 12, 5, 15, 8,
8, 5, 12, 9, 12, 5, 14, 6, 8, 13, 6, 5, 15, 13, 11, 11
};
static const uint32 KTab[] = {
0x00000000UL,
0x5A827999UL,
0x6ED9EBA1UL,
0x8F1BBCDCUL,
0xA953FD4EUL,
0x50A28BE6UL,
0x5C4DD124UL,
0x6D703EF3UL,
0x7A6D76E9UL,
0x00000000UL
};
void RMD160Transform (unsigned __int32 *state, const unsigned __int32 *data)
{
uint32 a, b, c, d, e;
uint32 a2, b2, c2, d2, e2;
byte pos;
uint32 tmp;
a = state[0];
b = state[1];
c = state[2];
d = state[3];
e = state[4];
for (pos = 0; pos < 160; ++pos)
{
tmp = a + data[OrderTab[pos]] + KTab[pos >> 4];
switch (pos >> 4)
{
case 0: case 9: tmp += F (b, c, d); break;
case 1: case 8: tmp += G (b, c, d); break;
case 2: case 7: tmp += H (b, c, d); break;
case 3: case 6: tmp += I (b, c, d); break;
case 4: case 5: tmp += J (b, c, d); break;
}
tmp = _lrotl (tmp, RolTab[pos]) + e;
a = e;
e = d;
d = _lrotl (c, 10);
c = b;
b = tmp;
if (pos == 79)
{
a2 = a;
b2 = b;
c2 = c;
d2 = d;
e2 = e;
a = state[0];
b = state[1];
c = state[2];
d = state[3];
e = state[4];
}
}
tmp = state[1] + c2 + d;
state[1] = state[2] + d2 + e;
state[2] = state[3] + e2 + a;
state[3] = state[4] + a2 + b;
state[4] = state[0] + b2 + c;
state[0] = tmp;
}
#endif // TC_MINIMIZE_CODE_SIZE

66
src/Crypto/Rmd160.h
View File

@@ -1,33 +1,33 @@
#ifndef TC_HEADER_Crypto_Ripemd160
#define TC_HEADER_Crypto_Ripemd160
#include "Common/Tcdefs.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#define RIPEMD160_BLOCK_LENGTH 64
typedef struct RMD160Context
{
unsigned __int32 state[5];
#ifndef TC_WINDOWS_BOOT
uint64 count;
#else
uint32 count;
#endif
unsigned char buffer[RIPEMD160_BLOCK_LENGTH];
} RMD160_CTX;
void RMD160Init (RMD160_CTX *ctx);
void RMD160Transform (unsigned __int32 *state, const unsigned __int32 *data);
void RMD160Update (RMD160_CTX *ctx, const unsigned char *input, unsigned __int32 len);
void RMD160Final (unsigned char *digest, RMD160_CTX *ctx);
#if defined(__cplusplus)
}
#endif
#endif // TC_HEADER_Crypto_Ripemd160
#ifndef TC_HEADER_Crypto_Ripemd160
#define TC_HEADER_Crypto_Ripemd160
#include "Common/Tcdefs.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#define RIPEMD160_BLOCK_LENGTH 64
typedef struct RMD160Context
{
unsigned __int32 state[5];
#ifndef TC_WINDOWS_BOOT
uint64 count;
#else
uint32 count;
#endif
unsigned char buffer[RIPEMD160_BLOCK_LENGTH];
} RMD160_CTX;
void RMD160Init (RMD160_CTX *ctx);
void RMD160Transform (unsigned __int32 *state, const unsigned __int32 *data);
void RMD160Update (RMD160_CTX *ctx, const unsigned char *input, unsigned __int32 len);
void RMD160Final (unsigned char *digest, RMD160_CTX *ctx);
#if defined(__cplusplus)
}
#endif
#endif // TC_HEADER_Crypto_Ripemd160

1876
src/Crypto/Serpent.c
View File

File diff suppressed because it is too large Load Diff

40
src/Crypto/Serpent.h
View File

@@ -1,20 +1,20 @@
#ifndef HEADER_Crypto_Serpent
#define HEADER_Crypto_Serpent
#include "Common/Tcdefs.h"
#ifdef __cplusplus
extern "C"
{
#endif
/* userKey is always 32-bytes long */
void serpent_set_key(const unsigned __int8 userKey[], unsigned __int8 *ks);
void serpent_encrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);
void serpent_decrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);
#ifdef __cplusplus
}
#endif
#endif // HEADER_Crypto_Serpent
#ifndef HEADER_Crypto_Serpent
#define HEADER_Crypto_Serpent
#include "Common/Tcdefs.h"
#ifdef __cplusplus
extern "C"
{
#endif
/* userKey is always 32-bytes long */
void serpent_set_key(const unsigned __int8 userKey[], unsigned __int8 *ks);
void serpent_encrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);
void serpent_decrypt(const unsigned __int8 *inBlock, unsigned __int8 *outBlock, unsigned __int8 *ks);
#ifdef __cplusplus
}
#endif
#endif // HEADER_Crypto_Serpent

1506
src/Crypto/Sha2.c
View File

File diff suppressed because it is too large Load Diff

310
src/Crypto/Sha2.h
View File

@@ -1,155 +1,155 @@
/*
---------------------------------------------------------------------------
Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software is allowed (with or without
changes) provided that:
1. source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
2. binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation;
3. the name of the copyright holder is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 01/08/2005
*/
#ifndef _SHA2_H
#define _SHA2_H
#include "Common/Tcdefs.h"
#include "Common/Endian.h"
#define SHA_64BIT
/* define the hash functions that you need */
#define SHA_2 /* for dynamic hash length */
#define SHA_224
#define SHA_256
#ifdef SHA_64BIT
# define SHA_384
# define SHA_512
# define NEED_UINT_64T
#endif
#ifndef EXIT_SUCCESS
#define EXIT_SUCCESS 0
#define EXIT_FAILURE 1
#endif
#define li_64(h) 0x##h##ull
#define VOID_RETURN void
#define INT_RETURN int
#if defined(__cplusplus)
extern "C"
{
#endif
/* Note that the following function prototypes are the same */
/* for both the bit and byte oriented implementations. But */
/* the length fields are in bytes or bits as is appropriate */
/* for the version used. Bit sequences are arrays of bytes */
/* in which bit sequence indexes increase from the most to */
/* the least significant end of each byte */
#define SHA224_DIGEST_SIZE 28
#define SHA224_BLOCK_SIZE 64
#define SHA256_DIGEST_SIZE 32
#define SHA256_BLOCK_SIZE 64
/* type to hold the SHA256 (and SHA224) context */
typedef struct
{ uint_32t count[2];
uint_32t hash[8];
uint_32t wbuf[16];
} sha256_ctx;
typedef sha256_ctx sha224_ctx;
VOID_RETURN sha256_compile(sha256_ctx ctx[1]);
VOID_RETURN sha224_begin(sha224_ctx ctx[1]);
#define sha224_hash sha256_hash
VOID_RETURN sha224_end(unsigned char hval[], sha224_ctx ctx[1]);
VOID_RETURN sha224(unsigned char hval[], const unsigned char data[], unsigned long len);
VOID_RETURN sha256_begin(sha256_ctx ctx[1]);
VOID_RETURN sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1]);
VOID_RETURN sha256_end(unsigned char hval[], sha256_ctx ctx[1]);
VOID_RETURN sha256(unsigned char hval[], const unsigned char data[], unsigned long len);
#ifndef SHA_64BIT
typedef struct
{ union
{ sha256_ctx ctx256[1];
} uu[1];
uint_32t sha2_len;
} sha2_ctx;
#define SHA2_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
#else
#define SHA384_DIGEST_SIZE 48
#define SHA384_BLOCK_SIZE 128
#define SHA512_DIGEST_SIZE 64
#define SHA512_BLOCK_SIZE 128
#define SHA2_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
/* type to hold the SHA384 (and SHA512) context */
typedef struct
{ uint_64t count[2];
uint_64t hash[8];
uint_64t wbuf[16];
} sha512_ctx;
typedef sha512_ctx sha384_ctx;
typedef struct
{ union
{ sha256_ctx ctx256[1];
sha512_ctx ctx512[1];
} uu[1];
uint_32t sha2_len;
} sha2_ctx;
VOID_RETURN sha512_compile(sha512_ctx ctx[1]);
VOID_RETURN sha384_begin(sha384_ctx ctx[1]);
#define sha384_hash sha512_hash
VOID_RETURN sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
VOID_RETURN sha384(unsigned char hval[], const unsigned char data[], unsigned long len);
VOID_RETURN sha512_begin(sha512_ctx ctx[1]);
VOID_RETURN sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1]);
VOID_RETURN sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
VOID_RETURN sha512(unsigned char hval[], const unsigned char data[], unsigned long len);
INT_RETURN sha2_begin(unsigned long size, sha2_ctx ctx[1]);
VOID_RETURN sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1]);
VOID_RETURN sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
INT_RETURN sha2(unsigned char hval[], unsigned long size, const unsigned char data[], unsigned long len);
#endif
#if defined(__cplusplus)
}
#endif
#endif
/*
---------------------------------------------------------------------------
Copyright (c) 2002, Dr Brian Gladman, Worcester, UK. All rights reserved.
LICENSE TERMS
The free distribution and use of this software is allowed (with or without
changes) provided that:
1. source code distributions include the above copyright notice, this
list of conditions and the following disclaimer;
2. binary distributions include the above copyright notice, this list
of conditions and the following disclaimer in their documentation;
3. the name of the copyright holder is not used to endorse products
built using this software without specific written permission.
DISCLAIMER
This software is provided 'as is' with no explicit or implied warranties
in respect of its properties, including, but not limited to, correctness
and/or fitness for purpose.
---------------------------------------------------------------------------
Issue Date: 01/08/2005
*/
#ifndef _SHA2_H
#define _SHA2_H
#include "Common/Tcdefs.h"
#include "Common/Endian.h"
#define SHA_64BIT
/* define the hash functions that you need */
#define SHA_2 /* for dynamic hash length */
#define SHA_224
#define SHA_256
#ifdef SHA_64BIT
# define SHA_384
# define SHA_512
# define NEED_UINT_64T
#endif
#ifndef EXIT_SUCCESS
#define EXIT_SUCCESS 0
#define EXIT_FAILURE 1
#endif
#define li_64(h) 0x##h##ull
#define VOID_RETURN void
#define INT_RETURN int
#if defined(__cplusplus)
extern "C"
{
#endif
/* Note that the following function prototypes are the same */
/* for both the bit and byte oriented implementations. But */
/* the length fields are in bytes or bits as is appropriate */
/* for the version used. Bit sequences are arrays of bytes */
/* in which bit sequence indexes increase from the most to */
/* the least significant end of each byte */
#define SHA224_DIGEST_SIZE 28
#define SHA224_BLOCK_SIZE 64
#define SHA256_DIGEST_SIZE 32
#define SHA256_BLOCK_SIZE 64
/* type to hold the SHA256 (and SHA224) context */
typedef struct
{ uint_32t count[2];
uint_32t hash[8];
uint_32t wbuf[16];
} sha256_ctx;
typedef sha256_ctx sha224_ctx;
VOID_RETURN sha256_compile(sha256_ctx ctx[1]);
VOID_RETURN sha224_begin(sha224_ctx ctx[1]);
#define sha224_hash sha256_hash
VOID_RETURN sha224_end(unsigned char hval[], sha224_ctx ctx[1]);
VOID_RETURN sha224(unsigned char hval[], const unsigned char data[], unsigned long len);
VOID_RETURN sha256_begin(sha256_ctx ctx[1]);
VOID_RETURN sha256_hash(const unsigned char data[], unsigned long len, sha256_ctx ctx[1]);
VOID_RETURN sha256_end(unsigned char hval[], sha256_ctx ctx[1]);
VOID_RETURN sha256(unsigned char hval[], const unsigned char data[], unsigned long len);
#ifndef SHA_64BIT
typedef struct
{ union
{ sha256_ctx ctx256[1];
} uu[1];
uint_32t sha2_len;
} sha2_ctx;
#define SHA2_MAX_DIGEST_SIZE SHA256_DIGEST_SIZE
#else
#define SHA384_DIGEST_SIZE 48
#define SHA384_BLOCK_SIZE 128
#define SHA512_DIGEST_SIZE 64
#define SHA512_BLOCK_SIZE 128
#define SHA2_MAX_DIGEST_SIZE SHA512_DIGEST_SIZE
/* type to hold the SHA384 (and SHA512) context */
typedef struct
{ uint_64t count[2];
uint_64t hash[8];
uint_64t wbuf[16];
} sha512_ctx;
typedef sha512_ctx sha384_ctx;
typedef struct
{ union
{ sha256_ctx ctx256[1];
sha512_ctx ctx512[1];
} uu[1];
uint_32t sha2_len;
} sha2_ctx;
VOID_RETURN sha512_compile(sha512_ctx ctx[1]);
VOID_RETURN sha384_begin(sha384_ctx ctx[1]);
#define sha384_hash sha512_hash
VOID_RETURN sha384_end(unsigned char hval[], sha384_ctx ctx[1]);
VOID_RETURN sha384(unsigned char hval[], const unsigned char data[], unsigned long len);
VOID_RETURN sha512_begin(sha512_ctx ctx[1]);
VOID_RETURN sha512_hash(const unsigned char data[], unsigned long len, sha512_ctx ctx[1]);
VOID_RETURN sha512_end(unsigned char hval[], sha512_ctx ctx[1]);
VOID_RETURN sha512(unsigned char hval[], const unsigned char data[], unsigned long len);
INT_RETURN sha2_begin(unsigned long size, sha2_ctx ctx[1]);
VOID_RETURN sha2_hash(const unsigned char data[], unsigned long len, sha2_ctx ctx[1]);
VOID_RETURN sha2_end(unsigned char hval[], sha2_ctx ctx[1]);
INT_RETURN sha2(unsigned char hval[], unsigned long size, const unsigned char data[], unsigned long len);
#endif
#if defined(__cplusplus)
}
#endif
#endif

468
src/Crypto/Sha2Small.c
View File

@@ -10,237 +10,237 @@
*
*/
/* Adapted for VeraCrypt */
#include <memory.h>
#include "Common/Tcdefs.h"
#include "Common/Endian.h"
#include "Sha2Small.h"
#pragma optimize ("tl", on)
typedef unsigned __int32 uint32;
typedef unsigned __int8 byte;
#include <stdlib.h>
#pragma intrinsic(_lrotr)
#define RORc(x,n) _lrotr(x,n)
/******************************************************************************/
/*
The K array
*/
static const uint32 K[64] = {
0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
};
/*
Various logical functions
*/
#define Ch(x,y,z) (z ^ (x & (y ^ z)))
#define Maj(x,y,z) (((x | y) & z) | (x & y))
#define S(x, n) RORc((x),(n))
#define R(x, n) ((x)>>(n))
#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
#define STORE32H(x, y, i) { \
(y)[i] = (unsigned char)(((x)>>24)); \
(y)[i+1] = (unsigned char)(((x)>>16)); \
(y)[i+2] = (unsigned char)(((x)>>8)); \
(y)[i+3] = (unsigned char)((x)); \
}
#define LOAD32H(x, y, i) { \
x = ((unsigned long)((y)[i])<<24) | \
((unsigned long)((y)[i+1])<<16) | \
((unsigned long)((y)[i+2])<<8) | \
((unsigned long)((y)[i+3])); \
}
/*
compress 512-bits
*/
static void sha256_compress(sha256_ctx * ctx, unsigned char *buf)
{
uint32 S[8], W[64], t0, t1;
uint32 t, w2, w15;
int i;
/*
copy state into S
*/
for (i = 0; i < 8; i++) {
S[i] = ctx->state[i];
}
/*
copy the state into 512-bits into W[0..15]
*/
for (i = 0; i < 16; i++) {
LOAD32H(W[i], buf , (4*i));
}
/*
fill W[16..63]
*/
for (i = 16; i < 64; i++) {
w2 = W[i - 2];
w15 = W[i - 15];
W[i] = Gamma1(w2) + W[i - 7] + Gamma0(w15) + W[i - 16];
}
/*
Compress
*/
#define RND(a,b,c,d,e,f,g,h,i) \
t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \
t1 = Sigma0(a) + Maj(a, b, c); \
d += t0; \
h = t0 + t1;
for (i = 0; i < 64; ++i) {
RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i);
t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4];
S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t;
}
/*
feedback
*/
for (i = 0; i < 8; i++) {
ctx->state[i] += S[i];
}
}
/*
init the sha256 state
*/
VOID_RETURN sha256_begin(sha256_ctx* ctx)
{
ctx->curlen = 0;
ctx->state[0] = 0x6A09E667UL;
ctx->state[1] = 0xBB67AE85UL;
ctx->state[2] = 0x3C6EF372UL;
ctx->state[3] = 0xA54FF53AUL;
ctx->state[4] = 0x510E527FUL;
ctx->state[5] = 0x9B05688CUL;
ctx->state[6] = 0x1F83D9ABUL;
ctx->state[7] = 0x5BE0CD19UL;
ctx->highLength = 0;
ctx->lowLength = 0;
}
VOID_RETURN sha256_hash(unsigned char* data, unsigned int len, sha256_ctx* ctx)
{
uint32 n;
while (len > 0) {
if (ctx->curlen == 0 && len >= 64) {
sha256_compress(ctx, (unsigned char *)data);
n = ctx->lowLength + 512;
if (n < ctx->lowLength) {
ctx->highLength++;
}
ctx->lowLength = n;
data += 64;
len -= 64;
} else {
n = min(len, 64 - ctx->curlen);
memcpy(ctx->buf + ctx->curlen, data, (size_t)n);
ctx->curlen += (unsigned int) n;
data += (unsigned int) n;
len -= (unsigned int) n;
if (ctx->curlen == 64) {
sha256_compress (ctx, ctx->buf);
n = ctx->lowLength + 512;
if (n < ctx->lowLength) {
ctx->highLength++;
}
ctx->lowLength = n;
ctx->curlen = 0;
}
}
}
return;
}
VOID_RETURN sha256_end(unsigned char* hval, sha256_ctx* ctx)
{
int i;
uint32 n;
/*
increase the length of the message
*/
n = ctx->lowLength + (ctx->curlen << 3);
if (n < ctx->lowLength) {
ctx->highLength++;
}
ctx->highLength += (ctx->curlen >> 29);
ctx->lowLength = n;
/*
append the '1' bit
*/
ctx->buf[ctx->curlen++] = (unsigned char)0x80;
/*
if the length is currently above 56 bytes we append zeros then compress.
Then we can fall back to padding zeros and length encoding like normal.
*/
if (ctx->curlen > 56) {
while (ctx->curlen < 64) {
ctx->buf[ctx->curlen++] = (unsigned char)0;
}
sha256_compress(ctx, ctx->buf);
ctx->curlen = 0;
}
/*
pad upto 56 bytes of zeroes
*/
while (ctx->curlen < 56) {
ctx->buf[ctx->curlen++] = (unsigned char)0;
}
/*
store length
*/
STORE32H(ctx->highLength, ctx->buf, 56);
STORE32H(ctx->lowLength, ctx->buf, 60);
sha256_compress(ctx, ctx->buf);
/*
copy output
*/
for (i = 0; i < 8; i++) {
STORE32H(ctx->state[i], hval, (4*i));
}
}
/******************************************************************************/
/* Adapted for VeraCrypt */
#include <memory.h>
#include "Common/Tcdefs.h"
#include "Common/Endian.h"
#include "Sha2Small.h"
#pragma optimize ("tl", on)
typedef unsigned __int32 uint32;
typedef unsigned __int8 byte;
#include <stdlib.h>
#pragma intrinsic(_lrotr)
#define RORc(x,n) _lrotr(x,n)
/******************************************************************************/
/*
The K array
*/
static const uint32 K[64] = {
0x428a2f98UL, 0x71374491UL, 0xb5c0fbcfUL, 0xe9b5dba5UL, 0x3956c25bUL,
0x59f111f1UL, 0x923f82a4UL, 0xab1c5ed5UL, 0xd807aa98UL, 0x12835b01UL,
0x243185beUL, 0x550c7dc3UL, 0x72be5d74UL, 0x80deb1feUL, 0x9bdc06a7UL,
0xc19bf174UL, 0xe49b69c1UL, 0xefbe4786UL, 0x0fc19dc6UL, 0x240ca1ccUL,
0x2de92c6fUL, 0x4a7484aaUL, 0x5cb0a9dcUL, 0x76f988daUL, 0x983e5152UL,
0xa831c66dUL, 0xb00327c8UL, 0xbf597fc7UL, 0xc6e00bf3UL, 0xd5a79147UL,
0x06ca6351UL, 0x14292967UL, 0x27b70a85UL, 0x2e1b2138UL, 0x4d2c6dfcUL,
0x53380d13UL, 0x650a7354UL, 0x766a0abbUL, 0x81c2c92eUL, 0x92722c85UL,
0xa2bfe8a1UL, 0xa81a664bUL, 0xc24b8b70UL, 0xc76c51a3UL, 0xd192e819UL,
0xd6990624UL, 0xf40e3585UL, 0x106aa070UL, 0x19a4c116UL, 0x1e376c08UL,
0x2748774cUL, 0x34b0bcb5UL, 0x391c0cb3UL, 0x4ed8aa4aUL, 0x5b9cca4fUL,
0x682e6ff3UL, 0x748f82eeUL, 0x78a5636fUL, 0x84c87814UL, 0x8cc70208UL,
0x90befffaUL, 0xa4506cebUL, 0xbef9a3f7UL, 0xc67178f2UL
};
/*
Various logical functions
*/
#define Ch(x,y,z) (z ^ (x & (y ^ z)))
#define Maj(x,y,z) (((x | y) & z) | (x & y))
#define S(x, n) RORc((x),(n))
#define R(x, n) ((x)>>(n))
#define Sigma0(x) (S(x, 2) ^ S(x, 13) ^ S(x, 22))
#define Sigma1(x) (S(x, 6) ^ S(x, 11) ^ S(x, 25))
#define Gamma0(x) (S(x, 7) ^ S(x, 18) ^ R(x, 3))
#define Gamma1(x) (S(x, 17) ^ S(x, 19) ^ R(x, 10))
#define STORE32H(x, y, i) { \
(y)[i] = (unsigned char)(((x)>>24)); \
(y)[i+1] = (unsigned char)(((x)>>16)); \
(y)[i+2] = (unsigned char)(((x)>>8)); \
(y)[i+3] = (unsigned char)((x)); \
}
#define LOAD32H(x, y, i) { \
x = ((unsigned long)((y)[i])<<24) | \
((unsigned long)((y)[i+1])<<16) | \
((unsigned long)((y)[i+2])<<8) | \
((unsigned long)((y)[i+3])); \
}
/*
compress 512-bits
*/
static void sha256_compress(sha256_ctx * ctx, unsigned char *buf)
{
uint32 S[8], W[64], t0, t1;
uint32 t, w2, w15;
int i;
/*
copy state into S
*/
for (i = 0; i < 8; i++) {
S[i] = ctx->state[i];
}
/*
copy the state into 512-bits into W[0..15]
*/
for (i = 0; i < 16; i++) {
LOAD32H(W[i], buf , (4*i));
}
/*
fill W[16..63]
*/
for (i = 16; i < 64; i++) {
w2 = W[i - 2];
w15 = W[i - 15];
W[i] = Gamma1(w2) + W[i - 7] + Gamma0(w15) + W[i - 16];
}
/*
Compress
*/
#define RND(a,b,c,d,e,f,g,h,i) \
t0 = h + Sigma1(e) + Ch(e, f, g) + K[i] + W[i]; \
t1 = Sigma0(a) + Maj(a, b, c); \
d += t0; \
h = t0 + t1;
for (i = 0; i < 64; ++i) {
RND(S[0],S[1],S[2],S[3],S[4],S[5],S[6],S[7],i);
t = S[7]; S[7] = S[6]; S[6] = S[5]; S[5] = S[4];
S[4] = S[3]; S[3] = S[2]; S[2] = S[1]; S[1] = S[0]; S[0] = t;
}
/*
feedback
*/
for (i = 0; i < 8; i++) {
ctx->state[i] += S[i];
}
}
/*
init the sha256 state
*/
VOID_RETURN sha256_begin(sha256_ctx* ctx)
{
ctx->curlen = 0;
ctx->state[0] = 0x6A09E667UL;
ctx->state[1] = 0xBB67AE85UL;
ctx->state[2] = 0x3C6EF372UL;
ctx->state[3] = 0xA54FF53AUL;
ctx->state[4] = 0x510E527FUL;
ctx->state[5] = 0x9B05688CUL;
ctx->state[6] = 0x1F83D9ABUL;
ctx->state[7] = 0x5BE0CD19UL;
ctx->highLength = 0;
ctx->lowLength = 0;
}
VOID_RETURN sha256_hash(unsigned char* data, unsigned int len, sha256_ctx* ctx)
{
uint32 n;
while (len > 0) {
if (ctx->curlen == 0 && len >= 64) {
sha256_compress(ctx, (unsigned char *)data);
n = ctx->lowLength + 512;
if (n < ctx->lowLength) {
ctx->highLength++;
}
ctx->lowLength = n;
data += 64;
len -= 64;
} else {
n = min(len, 64 - ctx->curlen);
memcpy(ctx->buf + ctx->curlen, data, (size_t)n);
ctx->curlen += (unsigned int) n;
data += (unsigned int) n;
len -= (unsigned int) n;
if (ctx->curlen == 64) {
sha256_compress (ctx, ctx->buf);
n = ctx->lowLength + 512;
if (n < ctx->lowLength) {
ctx->highLength++;
}
ctx->lowLength = n;
ctx->curlen = 0;
}
}
}
return;
}
VOID_RETURN sha256_end(unsigned char* hval, sha256_ctx* ctx)
{
int i;
uint32 n;
/*
increase the length of the message
*/
n = ctx->lowLength + (ctx->curlen << 3);
if (n < ctx->lowLength) {
ctx->highLength++;
}
ctx->highLength += (ctx->curlen >> 29);
ctx->lowLength = n;
/*
append the '1' bit
*/
ctx->buf[ctx->curlen++] = (unsigned char)0x80;
/*
if the length is currently above 56 bytes we append zeros then compress.
Then we can fall back to padding zeros and length encoding like normal.
*/
if (ctx->curlen > 56) {
while (ctx->curlen < 64) {
ctx->buf[ctx->curlen++] = (unsigned char)0;
}
sha256_compress(ctx, ctx->buf);
ctx->curlen = 0;
}
/*
pad upto 56 bytes of zeroes
*/
while (ctx->curlen < 56) {
ctx->buf[ctx->curlen++] = (unsigned char)0;
}
/*
store length
*/
STORE32H(ctx->highLength, ctx->buf, 56);
STORE32H(ctx->lowLength, ctx->buf, 60);
sha256_compress(ctx, ctx->buf);
/*
copy output
*/
for (i = 0; i < 8; i++) {
STORE32H(ctx->state[i], hval, (4*i));
}
}
/******************************************************************************/

26
src/Crypto/Sha2Small.h
View File

@@ -12,21 +12,21 @@
/* Adapted for VeraCrypt */
#ifndef _SHA2_SMALL_H
#ifndef _SHA2_SMALL_H
#define _SHA2_SMALL_H
#include "Common/Tcdefs.h"
#include "Common/Tcdefs.h"
#include "Common/Endian.h"
#define SHA256_DIGEST_SIZE 32
#define SHA256_DIGEST_SIZE 32
#define SHA256_BLOCK_SIZE 64
#define VOID_RETURN void
#define INT_RETURN int
#if defined(__cplusplus)
extern "C"
{
#define VOID_RETURN void
#define INT_RETURN int
#if defined(__cplusplus)
extern "C"
{
#endif
typedef struct {
@@ -40,12 +40,12 @@ typedef struct {
/******************************************************************************/
VOID_RETURN sha256_begin(sha256_ctx* ctx);
VOID_RETURN sha256_hash(unsigned char* data, unsigned int len, sha256_ctx* ctx);
VOID_RETURN sha256_begin(sha256_ctx* ctx);
VOID_RETURN sha256_hash(unsigned char* data, unsigned int len, sha256_ctx* ctx);
VOID_RETURN sha256_end(unsigned char* hval, sha256_ctx* ctx);
#if defined(__cplusplus)
}
#if defined(__cplusplus)
}
#endif
/******************************************************************************/

40
src/Crypto/Sources
View File

@@ -1,20 +1,20 @@
TARGETNAME=Crypto
TARGETTYPE=DRIVER_LIBRARY
INCLUDES = ..
NTTARGETFILES = \
"$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).obj" \
"$(OBJ_PATH)\$(O)\Aes_hw_cpu.obj"
SOURCES = \
Aes_$(TC_ARCH).asm \
Aes_hw_cpu.asm \
Aeskey.c \
Aestab.c \
cpu.c \
Rmd160.c \
Serpent.c \
Sha2.c \
Twofish.c \
Whirlpool.c
TARGETNAME=Crypto
TARGETTYPE=DRIVER_LIBRARY
INCLUDES = ..
NTTARGETFILES = \
"$(OBJ_PATH)\$(O)\Aes_$(TC_ARCH).obj" \
"$(OBJ_PATH)\$(O)\Aes_hw_cpu.obj"
SOURCES = \
Aes_$(TC_ARCH).asm \
Aes_hw_cpu.asm \
Aeskey.c \
Aestab.c \
cpu.c \
Rmd160.c \
Serpent.c \
Sha2.c \
Twofish.c \
Whirlpool.c

1098
src/Crypto/Twofish.c
View File

File diff suppressed because it is too large Load Diff

112
src/Crypto/Twofish.h
View File

@@ -1,56 +1,56 @@
#ifndef TWOFISH_H
#define TWOFISH_H
#include "Common/Tcdefs.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#ifndef u4byte
#define u4byte unsigned __int32
#endif
#ifndef u1byte
#define u1byte unsigned char
#endif
#ifndef extract_byte
#define extract_byte(x,n) ((u1byte)((x) >> (8 * n)))
#endif
#ifndef rotl
#ifdef _WIN32
#include <stdlib.h>
#pragma intrinsic(_lrotr,_lrotl)
#define rotr(x,n) _lrotr(x,n)
#define rotl(x,n) _lrotl(x,n)
#else
#define rotr(x,n) (((x)>>(n))|((x)<<(32-(n))))
#define rotl(x,n) (((x)<<(n))|((x)>>(32-(n))))
#endif
#endif
typedef struct
{
u4byte l_key[40];
u4byte s_key[4];
#if !defined (TC_MINIMIZE_CODE_SIZE) || defined (TC_WINDOWS_BOOT_TWOFISH)
u4byte mk_tab[4 * 256];
#endif
u4byte k_len;
} TwofishInstance;
#define TWOFISH_KS sizeof(TwofishInstance)
/* in_key must be 32-bytes long */
u4byte * twofish_set_key(TwofishInstance *instance, const u4byte in_key[]);
void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[]);
void twofish_decrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[4]);
#if defined(__cplusplus)
}
#endif
#endif // TWOFISH_H
#ifndef TWOFISH_H
#define TWOFISH_H
#include "Common/Tcdefs.h"
#if defined(__cplusplus)
extern "C"
{
#endif
#ifndef u4byte
#define u4byte unsigned __int32
#endif
#ifndef u1byte
#define u1byte unsigned char
#endif
#ifndef extract_byte
#define extract_byte(x,n) ((u1byte)((x) >> (8 * n)))
#endif
#ifndef rotl
#ifdef _WIN32
#include <stdlib.h>
#pragma intrinsic(_lrotr,_lrotl)
#define rotr(x,n) _lrotr(x,n)
#define rotl(x,n) _lrotl(x,n)
#else
#define rotr(x,n) (((x)>>(n))|((x)<<(32-(n))))
#define rotl(x,n) (((x)<<(n))|((x)>>(32-(n))))
#endif
#endif
typedef struct
{
u4byte l_key[40];
u4byte s_key[4];
#if !defined (TC_MINIMIZE_CODE_SIZE) || defined (TC_WINDOWS_BOOT_TWOFISH)
u4byte mk_tab[4 * 256];
#endif
u4byte k_len;
} TwofishInstance;
#define TWOFISH_KS sizeof(TwofishInstance)
/* in_key must be 32-bytes long */
u4byte * twofish_set_key(TwofishInstance *instance, const u4byte in_key[]);
void twofish_encrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[]);
void twofish_decrypt(TwofishInstance *instance, const u4byte in_blk[4], u4byte out_blk[4]);
#if defined(__cplusplus)
}
#endif
#endif // TWOFISH_H

54
src/Crypto/Whirlpool.h
View File

@@ -1,27 +1,27 @@
#ifndef WHIRLPOOL_H
#define WHIRLPOOL_H 1
#include "Common/Tcdefs.h"
#include "config.h"
typedef struct WHIRLPOOL_CTX {
uint64 countLo;
uint64 countHi;
CRYPTOPP_ALIGN_DATA(16) uint64 data[8];
CRYPTOPP_ALIGN_DATA(16) uint64 state[8];
} WHIRLPOOL_CTX;
// -------------
#if defined(__cplusplus)
extern "C" {
#endif
void WHIRLPOOL_add(const unsigned char * source, unsigned __int32 sourceBits, WHIRLPOOL_CTX * const ctx);
void WHIRLPOOL_finalize(WHIRLPOOL_CTX* const ctx, unsigned char * result);
void WHIRLPOOL_init(WHIRLPOOL_CTX* const ctx);
#if defined(__cplusplus)
}
#endif
#endif /* WHIRLPOOL_H */
#ifndef WHIRLPOOL_H
#define WHIRLPOOL_H 1
#include "Common/Tcdefs.h"
#include "config.h"
typedef struct WHIRLPOOL_CTX {
uint64 countLo;
uint64 countHi;
CRYPTOPP_ALIGN_DATA(16) uint64 data[8];
CRYPTOPP_ALIGN_DATA(16) uint64 state[8];
} WHIRLPOOL_CTX;
// -------------
#if defined(__cplusplus)
extern "C" {
#endif
void WHIRLPOOL_add(const unsigned char * source, unsigned __int32 sourceBits, WHIRLPOOL_CTX * const ctx);
void WHIRLPOOL_finalize(WHIRLPOOL_CTX* const ctx, unsigned char * result);
void WHIRLPOOL_init(WHIRLPOOL_CTX* const ctx);
#if defined(__cplusplus)
}
#endif
#endif /* WHIRLPOOL_H */

462
src/Crypto/cpu.c
View File

@@ -1,231 +1,231 @@
/* cpu.c - written and placed in the public domain by Wei Dai */
#include "cpu.h"
#include "misc.h"
#ifndef EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER 1
#endif
#ifndef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
#include <signal.h>
#include <setjmp.h>
#endif
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
#include <emmintrin.h>
#endif
#ifdef CRYPTOPP_CPUID_AVAILABLE
#if _MSC_VER >= 1400 && CRYPTOPP_BOOL_X64
int CpuId(uint32 input, uint32 output[4])
{
__cpuid((int *)output, input);
return 1;
}
#else
#ifndef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
#if defined(__cplusplus)
extern "C" {
#endif
typedef void (*SigHandler)(int);
static jmp_buf s_jmpNoCPUID;
static void SigIllHandlerCPUID(int p)
{
longjmp(s_jmpNoCPUID, 1);
}
#if CRYPTOPP_BOOL_X64 == 0
static jmp_buf s_jmpNoSSE2;
static void SigIllHandlerSSE2(int p)
{
longjmp(s_jmpNoSSE2, 1);
}
#endif
#if defined(__cplusplus)
}
#endif
#endif
int CpuId(uint32 input, uint32 output[4])
{
#ifdef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
__try
{
__asm
{
mov eax, input
mov ecx, 0
cpuid
mov edi, output
mov [edi], eax
mov [edi+4], ebx
mov [edi+8], ecx
mov [edi+12], edx
}
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
return 0;
}
// function 0 returns the highest basic function understood in EAX
if(input == 0)
return !!output[0]? 1 : 0;
return 1;
#else
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24
// http://stackoverflow.com/q/7721854
volatile int result = 1;
SigHandler oldHandler = signal(SIGILL, SigIllHandlerCPUID);
if (oldHandler == SIG_ERR)
result = 0;
if (setjmp(s_jmpNoCPUID))
result = 0;
else
{
asm volatile
(
// save ebx in case -fPIC is being used
// TODO: this might need an early clobber on EDI.
#if CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64
"pushq %%rbx; cpuid; mov %%ebx, %%edi; popq %%rbx"
#else
"push %%ebx; cpuid; mov %%ebx, %%edi; pop %%ebx"
#endif
: "=a" (output[0]), "=D" (output[1]), "=c" (output[2]), "=d" (output[3])
: "a" (input), "c" (0)
);
}
signal(SIGILL, oldHandler);
return result;
#endif
}
#endif
static int TrySSE2()
{
#if CRYPTOPP_BOOL_X64
return 1;
#elif defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY)
__try
{
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
AS2(por xmm0, xmm0) // executing SSE2 instruction
#elif CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
__m128i x = _mm_setzero_si128();
return _mm_cvtsi128_si32(x) == 0 ? 1 : 0;
#endif
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
return 0;
}
return 1;
#else
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24
// http://stackoverflow.com/q/7721854
volatile int result = 1;
SigHandler oldHandler = signal(SIGILL, SigIllHandlerSSE2);
if (oldHandler == SIG_ERR)
return 0;
if (setjmp(s_jmpNoSSE2))
result = 1;
else
{
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
__asm __volatile ("por %xmm0, %xmm0");
#elif CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
__m128i x = _mm_setzero_si128();
result = _mm_cvtsi128_si32(x) == 0? 1 : 0;
#endif
}
signal(SIGILL, oldHandler);
return result;
#endif
}
int g_x86DetectionDone = 0;
int g_hasISSE = 0, g_hasSSE2 = 0, g_hasSSSE3 = 0, g_hasMMX = 0, g_hasAESNI = 0, g_hasCLMUL = 0, g_isP4 = 0;
uint32 g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE;
VC_INLINE int IsIntel(const uint32 output[4])
{
// This is the "GenuineIntel" string
return (output[1] /*EBX*/ == 0x756e6547) &&
(output[2] /*ECX*/ == 0x6c65746e) &&
(output[3] /*EDX*/ == 0x49656e69);
}
VC_INLINE int IsAMD(const uint32 output[4])
{
// This is the "AuthenticAMD" string
return (output[1] /*EBX*/ == 0x68747541) &&
(output[2] /*ECX*/ == 0x69746E65) &&
(output[3] /*EDX*/ == 0x444D4163);
}
void DetectX86Features()
{
uint32 cpuid[4], cpuid1[4];
if (!CpuId(0, cpuid))
return;
if (!CpuId(1, cpuid1))
return;
g_hasMMX = (cpuid1[3] & (1 << 23)) != 0;
if ((cpuid1[3] & (1 << 26)) != 0)
g_hasSSE2 = TrySSE2();
g_hasSSSE3 = g_hasSSE2 && (cpuid1[2] & (1<<9));
g_hasAESNI = g_hasSSE2 && (cpuid1[2] & (1<<25));
g_hasCLMUL = g_hasSSE2 && (cpuid1[2] & (1<<1));
if ((cpuid1[3] & (1 << 25)) != 0)
g_hasISSE = 1;
else
{
uint32 cpuid2[4];
CpuId(0x080000000, cpuid2);
if (cpuid2[0] >= 0x080000001)
{
CpuId(0x080000001, cpuid2);
g_hasISSE = (cpuid2[3] & (1 << 22)) != 0;
}
}
if (IsIntel(cpuid))
{
g_isP4 = ((cpuid1[0] >> 8) & 0xf) == 0xf;
g_cacheLineSize = 8 * GETBYTE(cpuid1[1], 1);
}
else if (IsAMD(cpuid))
{
CpuId(0x80000005, cpuid);
g_cacheLineSize = GETBYTE(cpuid[2], 0);
}
if (!g_cacheLineSize)
g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE;
*((volatile int*)&g_x86DetectionDone) = 1;
}
#endif
/* cpu.c - written and placed in the public domain by Wei Dai */
#include "cpu.h"
#include "misc.h"
#ifndef EXCEPTION_EXECUTE_HANDLER
#define EXCEPTION_EXECUTE_HANDLER 1
#endif
#ifndef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
#include <signal.h>
#include <setjmp.h>
#endif
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
#include <emmintrin.h>
#endif
#ifdef CRYPTOPP_CPUID_AVAILABLE
#if _MSC_VER >= 1400 && CRYPTOPP_BOOL_X64
int CpuId(uint32 input, uint32 output[4])
{
__cpuid((int *)output, input);
return 1;
}
#else
#ifndef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
#if defined(__cplusplus)
extern "C" {
#endif
typedef void (*SigHandler)(int);
static jmp_buf s_jmpNoCPUID;
static void SigIllHandlerCPUID(int p)
{
longjmp(s_jmpNoCPUID, 1);
}
#if CRYPTOPP_BOOL_X64 == 0
static jmp_buf s_jmpNoSSE2;
static void SigIllHandlerSSE2(int p)
{
longjmp(s_jmpNoSSE2, 1);
}
#endif
#if defined(__cplusplus)
}
#endif
#endif
int CpuId(uint32 input, uint32 output[4])
{
#ifdef CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
__try
{
__asm
{
mov eax, input
mov ecx, 0
cpuid
mov edi, output
mov [edi], eax
mov [edi+4], ebx
mov [edi+8], ecx
mov [edi+12], edx
}
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
return 0;
}
// function 0 returns the highest basic function understood in EAX
if(input == 0)
return !!output[0]? 1 : 0;
return 1;
#else
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24
// http://stackoverflow.com/q/7721854
volatile int result = 1;
SigHandler oldHandler = signal(SIGILL, SigIllHandlerCPUID);
if (oldHandler == SIG_ERR)
result = 0;
if (setjmp(s_jmpNoCPUID))
result = 0;
else
{
asm volatile
(
// save ebx in case -fPIC is being used
// TODO: this might need an early clobber on EDI.
#if CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64
"pushq %%rbx; cpuid; mov %%ebx, %%edi; popq %%rbx"
#else
"push %%ebx; cpuid; mov %%ebx, %%edi; pop %%ebx"
#endif
: "=a" (output[0]), "=D" (output[1]), "=c" (output[2]), "=d" (output[3])
: "a" (input), "c" (0)
);
}
signal(SIGILL, oldHandler);
return result;
#endif
}
#endif
static int TrySSE2()
{
#if CRYPTOPP_BOOL_X64
return 1;
#elif defined(CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY)
__try
{
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
AS2(por xmm0, xmm0) // executing SSE2 instruction
#elif CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
__m128i x = _mm_setzero_si128();
return _mm_cvtsi128_si32(x) == 0 ? 1 : 0;
#endif
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
return 0;
}
return 1;
#else
// longjmp and clobber warnings. Volatile is required.
// http://github.com/weidai11/cryptopp/issues/24
// http://stackoverflow.com/q/7721854
volatile int result = 1;
SigHandler oldHandler = signal(SIGILL, SigIllHandlerSSE2);
if (oldHandler == SIG_ERR)
return 0;
if (setjmp(s_jmpNoSSE2))
result = 1;
else
{
#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE
__asm __volatile ("por %xmm0, %xmm0");
#elif CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
__m128i x = _mm_setzero_si128();
result = _mm_cvtsi128_si32(x) == 0? 1 : 0;
#endif
}
signal(SIGILL, oldHandler);
return result;
#endif
}
int g_x86DetectionDone = 0;
int g_hasISSE = 0, g_hasSSE2 = 0, g_hasSSSE3 = 0, g_hasMMX = 0, g_hasAESNI = 0, g_hasCLMUL = 0, g_isP4 = 0;
uint32 g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE;
VC_INLINE int IsIntel(const uint32 output[4])
{
// This is the "GenuineIntel" string
return (output[1] /*EBX*/ == 0x756e6547) &&
(output[2] /*ECX*/ == 0x6c65746e) &&
(output[3] /*EDX*/ == 0x49656e69);
}
VC_INLINE int IsAMD(const uint32 output[4])
{
// This is the "AuthenticAMD" string
return (output[1] /*EBX*/ == 0x68747541) &&
(output[2] /*ECX*/ == 0x69746E65) &&
(output[3] /*EDX*/ == 0x444D4163);
}
void DetectX86Features()
{
uint32 cpuid[4], cpuid1[4];
if (!CpuId(0, cpuid))
return;
if (!CpuId(1, cpuid1))
return;
g_hasMMX = (cpuid1[3] & (1 << 23)) != 0;
if ((cpuid1[3] & (1 << 26)) != 0)
g_hasSSE2 = TrySSE2();
g_hasSSSE3 = g_hasSSE2 && (cpuid1[2] & (1<<9));
g_hasAESNI = g_hasSSE2 && (cpuid1[2] & (1<<25));
g_hasCLMUL = g_hasSSE2 && (cpuid1[2] & (1<<1));
if ((cpuid1[3] & (1 << 25)) != 0)
g_hasISSE = 1;
else
{
uint32 cpuid2[4];
CpuId(0x080000000, cpuid2);
if (cpuid2[0] >= 0x080000001)
{
CpuId(0x080000001, cpuid2);
g_hasISSE = (cpuid2[3] & (1 << 22)) != 0;
}
}
if (IsIntel(cpuid))
{
g_isP4 = ((cpuid1[0] >> 8) & 0xf) == 0xf;
g_cacheLineSize = 8 * GETBYTE(cpuid1[1], 1);
}
else if (IsAMD(cpuid))
{
CpuId(0x80000005, cpuid);
g_cacheLineSize = GETBYTE(cpuid[2], 0);
}
if (!g_cacheLineSize)
g_cacheLineSize = CRYPTOPP_L1_CACHE_LINE_SIZE;
*((volatile int*)&g_x86DetectionDone) = 1;
}
#endif

616
src/Crypto/cpu.h
View File

@@ -1,308 +1,308 @@
#ifndef CRYPTOPP_CPU_H
#define CRYPTOPP_CPU_H
#include "Common/Tcdefs.h"
#include "config.h"
#ifdef CRYPTOPP_GENERATE_X64_MASM
#define CRYPTOPP_X86_ASM_AVAILABLE
#define CRYPTOPP_BOOL_X64 1
#define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 1
#else
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
#include <emmintrin.h>
#endif
#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
#if defined(__SSSE3__) || defined(__INTEL_COMPILER)
#ifdef TC_WINDOWS_DRIVER
extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b);
#else
#include <tmmintrin.h>
#endif
#endif
#if defined(__SSE4_1__) || defined(__INTEL_COMPILER)
#ifdef TC_WINDOWS_DRIVER
extern int _mm_extract_epi32(__m128i src, const int ndx);
extern __m128i _mm_insert_epi32(__m128i dst, int s, const int ndx);
#else
#include <smmintrin.h>
#endif
#endif
#if (defined(__AES__) && defined(__PCLMUL__)) || defined(__INTEL_COMPILER)
#ifdef TC_WINDOWS_DRIVER
extern __m128i _mm_clmulepi64_si128(__m128i v1, __m128i v2,
const int imm8);
extern __m128i _mm_aeskeygenassist_si128(__m128i ckey, const int rcon);
extern __m128i _mm_aesimc_si128(__m128i v);
extern __m128i _mm_aesenc_si128(__m128i v, __m128i rkey);
extern __m128i _mm_aesenclast_si128(__m128i v, __m128i rkey);
extern __m128i _mm_aesdec_si128(__m128i v, __m128i rkey);
extern __m128i _mm_aesdeclast_si128(__m128i v, __m128i rkey);
#else
#include <wmmintrin.h>
#endif
#endif
#endif
#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64
#define CRYPTOPP_CPUID_AVAILABLE
#if defined(__cplusplus)
extern "C" {
#endif
// these should not be used directly
extern int g_x86DetectionDone;
extern int g_hasSSSE3;
extern int g_hasAESNI;
extern int g_hasCLMUL;
extern int g_isP4;
extern uint32 g_cacheLineSize;
void DetectX86Features(); // must be called at the start of the program/driver
int CpuId(uint32 input, uint32 *output);
#if CRYPTOPP_BOOL_X64
#define HasSSE2() 1
#define HasISSE() 1
#define HasMMX() 1
#else
extern int g_hasSSE2;
extern int g_hasISSE;
extern int g_hasMMX;
#define HasSSE2() g_hasSSE2
#define HasISSE() g_hasISSE
#define HasMMX() g_hasMMX
#endif
#define HasSSSE3() g_hasSSSE3
#define HasAESNI() g_hasAESNI
#define HasCLMUL() g_hasCLMUL
#define IsP4() g_isP4
#define GetCacheLineSize() g_cacheLineSize
#if defined(__cplusplus)
}
#endif
#else
#define GetCacheLineSize() CRYPTOPP_L1_CACHE_LINE_SIZE
#endif
#endif
#ifdef CRYPTOPP_GENERATE_X64_MASM
#define AS1(x) x*newline*
#define AS2(x, y) x, y*newline*
#define AS3(x, y, z) x, y, z*newline*
#define ASS(x, y, a, b, c, d) x, y, a*64+b*16+c*4+d*newline*
#define ASL(x) label##x:*newline*
#define ASJ(x, y, z) x label##y*newline*
#define ASC(x, y) x label##y*newline*
#define AS_HEX(y) 0##y##h
#elif defined(_MSC_VER) || defined(__BORLANDC__)
#define CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
#define AS1(x) __asm {x}
#define AS2(x, y) __asm {x, y}
#define AS3(x, y, z) __asm {x, y, z}
#define ASS(x, y, a, b, c, d) __asm {x, y, (a)*64+(b)*16+(c)*4+(d)}
#define ASL(x) __asm {label##x:}
#define ASJ(x, y, z) __asm {x label##y}
#define ASC(x, y) __asm {x label##y}
#define CRYPTOPP_NAKED __declspec(naked)
#define AS_HEX(y) 0x##y
#else
#define CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
#if defined(CRYPTOPP_CLANG_VERSION) || defined(CRYPTOPP_APPLE_CLANG_VERSION)
#define NEW_LINE "\n"
#define INTEL_PREFIX ".intel_syntax;"
#define INTEL_NOPREFIX ".intel_syntax;"
#define ATT_PREFIX ".att_syntax;"
#define ATT_NOPREFIX ".att_syntax;"
#else
#define NEW_LINE
#define INTEL_PREFIX ".intel_syntax prefix;"
#define INTEL_NOPREFIX ".intel_syntax noprefix;"
#define ATT_PREFIX ".att_syntax prefix;"
#define ATT_NOPREFIX ".att_syntax noprefix;"
#endif
// define these in two steps to allow arguments to be expanded
#define GNU_AS1(x) #x ";" NEW_LINE
#define GNU_AS2(x, y) #x ", " #y ";" NEW_LINE
#define GNU_AS3(x, y, z) #x ", " #y ", " #z ";" NEW_LINE
#define GNU_ASL(x) "\n" #x ":" NEW_LINE
#define GNU_ASJ(x, y, z) #x " " #y #z ";" NEW_LINE
#define AS1(x) GNU_AS1(x)
#define AS2(x, y) GNU_AS2(x, y)
#define AS3(x, y, z) GNU_AS3(x, y, z)
#define ASS(x, y, a, b, c, d) #x ", " #y ", " #a "*64+" #b "*16+" #c "*4+" #d ";"
#define ASL(x) GNU_ASL(x)
#define ASJ(x, y, z) GNU_ASJ(x, y, z)
#define ASC(x, y) #x " " #y ";"
#define CRYPTOPP_NAKED
#define AS_HEX(y) 0x##y
#endif
#define IF0(y)
#define IF1(y) y
// Should be confined to GCC, but its used to help manage Clang 3.4 compiler error.
// Also see LLVM Bug 24232, http://llvm.org/bugs/show_bug.cgi?id=24232 .
#ifndef INTEL_PREFIX
#define INTEL_PREFIX
#endif
#ifndef INTEL_NOPREFIX
#define INTEL_NOPREFIX
#endif
#ifndef ATT_PREFIX
#define ATT_PREFIX
#endif
#ifndef ATT_NOPREFIX
#define ATT_NOPREFIX
#endif
#ifdef CRYPTOPP_GENERATE_X64_MASM
#define ASM_MOD(x, y) ((x) MOD (y))
#define XMMWORD_PTR XMMWORD PTR
#else
// GNU assembler doesn't seem to have mod operator
#define ASM_MOD(x, y) ((x)-((x)/(y))*(y))
// GAS 2.15 doesn't support XMMWORD PTR. it seems necessary only for MASM
#define XMMWORD_PTR
#endif
#if CRYPTOPP_BOOL_X86
#define AS_REG_1 ecx
#define AS_REG_2 edx
#define AS_REG_3 esi
#define AS_REG_4 edi
#define AS_REG_5 eax
#define AS_REG_6 ebx
#define AS_REG_7 ebp
#define AS_REG_1d ecx
#define AS_REG_2d edx
#define AS_REG_3d esi
#define AS_REG_4d edi
#define AS_REG_5d eax
#define AS_REG_6d ebx
#define AS_REG_7d ebp
#define WORD_SZ 4
#define WORD_REG(x) e##x
#define WORD_PTR DWORD PTR
#define AS_PUSH_IF86(x) AS1(push e##x)
#define AS_POP_IF86(x) AS1(pop e##x)
#define AS_JCXZ jecxz
#elif CRYPTOPP_BOOL_X32
#define AS_REG_1 ecx
#define AS_REG_2 edx
#define AS_REG_3 r8d
#define AS_REG_4 r9d
#define AS_REG_5 eax
#define AS_REG_6 r10d
#define AS_REG_7 r11d
#define AS_REG_1d ecx
#define AS_REG_2d edx
#define AS_REG_3d r8d
#define AS_REG_4d r9d
#define AS_REG_5d eax
#define AS_REG_6d r10d
#define AS_REG_7d r11d
#define WORD_SZ 4
#define WORD_REG(x) e##x
#define WORD_PTR DWORD PTR
#define AS_PUSH_IF86(x) AS1(push r##x)
#define AS_POP_IF86(x) AS1(pop r##x)
#define AS_JCXZ jecxz
#elif CRYPTOPP_BOOL_X64
#ifdef CRYPTOPP_GENERATE_X64_MASM
#define AS_REG_1 rcx
#define AS_REG_2 rdx
#define AS_REG_3 r8
#define AS_REG_4 r9
#define AS_REG_5 rax
#define AS_REG_6 r10
#define AS_REG_7 r11
#define AS_REG_1d ecx
#define AS_REG_2d edx
#define AS_REG_3d r8d
#define AS_REG_4d r9d
#define AS_REG_5d eax
#define AS_REG_6d r10d
#define AS_REG_7d r11d
#else
#define AS_REG_1 rdi
#define AS_REG_2 rsi
#define AS_REG_3 rdx
#define AS_REG_4 rcx
#define AS_REG_5 r8
#define AS_REG_6 r9
#define AS_REG_7 r10
#define AS_REG_1d edi
#define AS_REG_2d esi
#define AS_REG_3d edx
#define AS_REG_4d ecx
#define AS_REG_5d r8d
#define AS_REG_6d r9d
#define AS_REG_7d r10d
#endif
#define WORD_SZ 8
#define WORD_REG(x) r##x
#define WORD_PTR QWORD PTR
#define AS_PUSH_IF86(x)
#define AS_POP_IF86(x)
#define AS_JCXZ jrcxz
#endif
// helper macro for stream cipher output
#define AS_XMM_OUTPUT4(labelPrefix, inputPtr, outputPtr, x0, x1, x2, x3, t, p0, p1, p2, p3, increment)\
AS2( test inputPtr, inputPtr)\
ASC( jz, labelPrefix##3)\
AS2( test inputPtr, 15)\
ASC( jnz, labelPrefix##7)\
AS2( pxor xmm##x0, [inputPtr+p0*16])\
AS2( pxor xmm##x1, [inputPtr+p1*16])\
AS2( pxor xmm##x2, [inputPtr+p2*16])\
AS2( pxor xmm##x3, [inputPtr+p3*16])\
AS2( add inputPtr, increment*16)\
ASC( jmp, labelPrefix##3)\
ASL(labelPrefix##7)\
AS2( movdqu xmm##t, [inputPtr+p0*16])\
AS2( pxor xmm##x0, xmm##t)\
AS2( movdqu xmm##t, [inputPtr+p1*16])\
AS2( pxor xmm##x1, xmm##t)\
AS2( movdqu xmm##t, [inputPtr+p2*16])\
AS2( pxor xmm##x2, xmm##t)\
AS2( movdqu xmm##t, [inputPtr+p3*16])\
AS2( pxor xmm##x3, xmm##t)\
AS2( add inputPtr, increment*16)\
ASL(labelPrefix##3)\
AS2( test outputPtr, 15)\
ASC( jnz, labelPrefix##8)\
AS2( movdqa [outputPtr+p0*16], xmm##x0)\
AS2( movdqa [outputPtr+p1*16], xmm##x1)\
AS2( movdqa [outputPtr+p2*16], xmm##x2)\
AS2( movdqa [outputPtr+p3*16], xmm##x3)\
ASC( jmp, labelPrefix##9)\
ASL(labelPrefix##8)\
AS2( movdqu [outputPtr+p0*16], xmm##x0)\
AS2( movdqu [outputPtr+p1*16], xmm##x1)\
AS2( movdqu [outputPtr+p2*16], xmm##x2)\
AS2( movdqu [outputPtr+p3*16], xmm##x3)\
ASL(labelPrefix##9)\
AS2( add outputPtr, increment*16)
#endif
#ifndef CRYPTOPP_CPU_H
#define CRYPTOPP_CPU_H
#include "Common/Tcdefs.h"
#include "config.h"
#ifdef CRYPTOPP_GENERATE_X64_MASM
#define CRYPTOPP_X86_ASM_AVAILABLE
#define CRYPTOPP_BOOL_X64 1
#define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 1
#else
#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE
#include <emmintrin.h>
#endif
#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE
#if defined(__SSSE3__) || defined(__INTEL_COMPILER)
#ifdef TC_WINDOWS_DRIVER
extern __m128i _mm_shuffle_epi8 (__m128i a, __m128i b);
#else
#include <tmmintrin.h>
#endif
#endif
#if defined(__SSE4_1__) || defined(__INTEL_COMPILER)
#ifdef TC_WINDOWS_DRIVER
extern int _mm_extract_epi32(__m128i src, const int ndx);
extern __m128i _mm_insert_epi32(__m128i dst, int s, const int ndx);
#else
#include <smmintrin.h>
#endif
#endif
#if (defined(__AES__) && defined(__PCLMUL__)) || defined(__INTEL_COMPILER)
#ifdef TC_WINDOWS_DRIVER
extern __m128i _mm_clmulepi64_si128(__m128i v1, __m128i v2,
const int imm8);
extern __m128i _mm_aeskeygenassist_si128(__m128i ckey, const int rcon);
extern __m128i _mm_aesimc_si128(__m128i v);
extern __m128i _mm_aesenc_si128(__m128i v, __m128i rkey);
extern __m128i _mm_aesenclast_si128(__m128i v, __m128i rkey);
extern __m128i _mm_aesdec_si128(__m128i v, __m128i rkey);
extern __m128i _mm_aesdeclast_si128(__m128i v, __m128i rkey);
#else
#include <wmmintrin.h>
#endif
#endif
#endif
#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64
#define CRYPTOPP_CPUID_AVAILABLE
#if defined(__cplusplus)
extern "C" {
#endif
// these should not be used directly
extern int g_x86DetectionDone;
extern int g_hasSSSE3;
extern int g_hasAESNI;
extern int g_hasCLMUL;
extern int g_isP4;
extern uint32 g_cacheLineSize;
void DetectX86Features(); // must be called at the start of the program/driver
int CpuId(uint32 input, uint32 *output);
#if CRYPTOPP_BOOL_X64
#define HasSSE2() 1
#define HasISSE() 1
#define HasMMX() 1
#else
extern int g_hasSSE2;
extern int g_hasISSE;
extern int g_hasMMX;
#define HasSSE2() g_hasSSE2
#define HasISSE() g_hasISSE
#define HasMMX() g_hasMMX
#endif
#define HasSSSE3() g_hasSSSE3
#define HasAESNI() g_hasAESNI
#define HasCLMUL() g_hasCLMUL
#define IsP4() g_isP4
#define GetCacheLineSize() g_cacheLineSize
#if defined(__cplusplus)
}
#endif
#else
#define GetCacheLineSize() CRYPTOPP_L1_CACHE_LINE_SIZE
#endif
#endif
#ifdef CRYPTOPP_GENERATE_X64_MASM
#define AS1(x) x*newline*
#define AS2(x, y) x, y*newline*
#define AS3(x, y, z) x, y, z*newline*
#define ASS(x, y, a, b, c, d) x, y, a*64+b*16+c*4+d*newline*
#define ASL(x) label##x:*newline*
#define ASJ(x, y, z) x label##y*newline*
#define ASC(x, y) x label##y*newline*
#define AS_HEX(y) 0##y##h
#elif defined(_MSC_VER) || defined(__BORLANDC__)
#define CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY
#define AS1(x) __asm {x}
#define AS2(x, y) __asm {x, y}
#define AS3(x, y, z) __asm {x, y, z}
#define ASS(x, y, a, b, c, d) __asm {x, y, (a)*64+(b)*16+(c)*4+(d)}
#define ASL(x) __asm {label##x:}
#define ASJ(x, y, z) __asm {x label##y}
#define ASC(x, y) __asm {x label##y}
#define CRYPTOPP_NAKED __declspec(naked)
#define AS_HEX(y) 0x##y
#else
#define CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY
#if defined(CRYPTOPP_CLANG_VERSION) || defined(CRYPTOPP_APPLE_CLANG_VERSION)
#define NEW_LINE "\n"
#define INTEL_PREFIX ".intel_syntax;"
#define INTEL_NOPREFIX ".intel_syntax;"
#define ATT_PREFIX ".att_syntax;"
#define ATT_NOPREFIX ".att_syntax;"
#else
#define NEW_LINE
#define INTEL_PREFIX ".intel_syntax prefix;"
#define INTEL_NOPREFIX ".intel_syntax noprefix;"
#define ATT_PREFIX ".att_syntax prefix;"
#define ATT_NOPREFIX ".att_syntax noprefix;"
#endif
// define these in two steps to allow arguments to be expanded
#define GNU_AS1(x) #x ";" NEW_LINE
#define GNU_AS2(x, y) #x ", " #y ";" NEW_LINE
#define GNU_AS3(x, y, z) #x ", " #y ", " #z ";" NEW_LINE
#define GNU_ASL(x) "\n" #x ":" NEW_LINE
#define GNU_ASJ(x, y, z) #x " " #y #z ";" NEW_LINE
#define AS1(x) GNU_AS1(x)
#define AS2(x, y) GNU_AS2(x, y)
#define AS3(x, y, z) GNU_AS3(x, y, z)
#define ASS(x, y, a, b, c, d) #x ", " #y ", " #a "*64+" #b "*16+" #c "*4+" #d ";"
#define ASL(x) GNU_ASL(x)
#define ASJ(x, y, z) GNU_ASJ(x, y, z)
#define ASC(x, y) #x " " #y ";"
#define CRYPTOPP_NAKED
#define AS_HEX(y) 0x##y
#endif
#define IF0(y)
#define IF1(y) y
// Should be confined to GCC, but its used to help manage Clang 3.4 compiler error.
// Also see LLVM Bug 24232, http://llvm.org/bugs/show_bug.cgi?id=24232 .
#ifndef INTEL_PREFIX
#define INTEL_PREFIX
#endif
#ifndef INTEL_NOPREFIX
#define INTEL_NOPREFIX
#endif
#ifndef ATT_PREFIX
#define ATT_PREFIX
#endif
#ifndef ATT_NOPREFIX
#define ATT_NOPREFIX
#endif
#ifdef CRYPTOPP_GENERATE_X64_MASM
#define ASM_MOD(x, y) ((x) MOD (y))
#define XMMWORD_PTR XMMWORD PTR
#else
// GNU assembler doesn't seem to have mod operator
#define ASM_MOD(x, y) ((x)-((x)/(y))*(y))
// GAS 2.15 doesn't support XMMWORD PTR. it seems necessary only for MASM
#define XMMWORD_PTR
#endif
#if CRYPTOPP_BOOL_X86
#define AS_REG_1 ecx
#define AS_REG_2 edx
#define AS_REG_3 esi
#define AS_REG_4 edi
#define AS_REG_5 eax
#define AS_REG_6 ebx
#define AS_REG_7 ebp
#define AS_REG_1d ecx
#define AS_REG_2d edx
#define AS_REG_3d esi
#define AS_REG_4d edi
#define AS_REG_5d eax
#define AS_REG_6d ebx
#define AS_REG_7d ebp
#define WORD_SZ 4
#define WORD_REG(x) e##x
#define WORD_PTR DWORD PTR
#define AS_PUSH_IF86(x) AS1(push e##x)
#define AS_POP_IF86(x) AS1(pop e##x)
#define AS_JCXZ jecxz
#elif CRYPTOPP_BOOL_X32
#define AS_REG_1 ecx
#define AS_REG_2 edx
#define AS_REG_3 r8d
#define AS_REG_4 r9d
#define AS_REG_5 eax
#define AS_REG_6 r10d
#define AS_REG_7 r11d
#define AS_REG_1d ecx
#define AS_REG_2d edx
#define AS_REG_3d r8d
#define AS_REG_4d r9d
#define AS_REG_5d eax
#define AS_REG_6d r10d
#define AS_REG_7d r11d
#define WORD_SZ 4
#define WORD_REG(x) e##x
#define WORD_PTR DWORD PTR
#define AS_PUSH_IF86(x) AS1(push r##x)
#define AS_POP_IF86(x) AS1(pop r##x)
#define AS_JCXZ jecxz
#elif CRYPTOPP_BOOL_X64
#ifdef CRYPTOPP_GENERATE_X64_MASM
#define AS_REG_1 rcx
#define AS_REG_2 rdx
#define AS_REG_3 r8
#define AS_REG_4 r9
#define AS_REG_5 rax
#define AS_REG_6 r10
#define AS_REG_7 r11
#define AS_REG_1d ecx
#define AS_REG_2d edx
#define AS_REG_3d r8d
#define AS_REG_4d r9d
#define AS_REG_5d eax
#define AS_REG_6d r10d
#define AS_REG_7d r11d
#else
#define AS_REG_1 rdi
#define AS_REG_2 rsi
#define AS_REG_3 rdx
#define AS_REG_4 rcx
#define AS_REG_5 r8
#define AS_REG_6 r9
#define AS_REG_7 r10
#define AS_REG_1d edi
#define AS_REG_2d esi
#define AS_REG_3d edx
#define AS_REG_4d ecx
#define AS_REG_5d r8d
#define AS_REG_6d r9d
#define AS_REG_7d r10d
#endif
#define WORD_SZ 8
#define WORD_REG(x) r##x
#define WORD_PTR QWORD PTR
#define AS_PUSH_IF86(x)
#define AS_POP_IF86(x)
#define AS_JCXZ jrcxz
#endif
// helper macro for stream cipher output
#define AS_XMM_OUTPUT4(labelPrefix, inputPtr, outputPtr, x0, x1, x2, x3, t, p0, p1, p2, p3, increment)\
AS2( test inputPtr, inputPtr)\
ASC( jz, labelPrefix##3)\
AS2( test inputPtr, 15)\
ASC( jnz, labelPrefix##7)\
AS2( pxor xmm##x0, [inputPtr+p0*16])\
AS2( pxor xmm##x1, [inputPtr+p1*16])\
AS2( pxor xmm##x2, [inputPtr+p2*16])\
AS2( pxor xmm##x3, [inputPtr+p3*16])\
AS2( add inputPtr, increment*16)\
ASC( jmp, labelPrefix##3)\
ASL(labelPrefix##7)\
AS2( movdqu xmm##t, [inputPtr+p0*16])\
AS2( pxor xmm##x0, xmm##t)\
AS2( movdqu xmm##t, [inputPtr+p1*16])\
AS2( pxor xmm##x1, xmm##t)\
AS2( movdqu xmm##t, [inputPtr+p2*16])\
AS2( pxor xmm##x2, xmm##t)\
AS2( movdqu xmm##t, [inputPtr+p3*16])\
AS2( pxor xmm##x3, xmm##t)\
AS2( add inputPtr, increment*16)\
ASL(labelPrefix##3)\
AS2( test outputPtr, 15)\
ASC( jnz, labelPrefix##8)\
AS2( movdqa [outputPtr+p0*16], xmm##x0)\
AS2( movdqa [outputPtr+p1*16], xmm##x1)\
AS2( movdqa [outputPtr+p2*16], xmm##x2)\
AS2( movdqa [outputPtr+p3*16], xmm##x3)\
ASC( jmp, labelPrefix##9)\
ASL(labelPrefix##8)\
AS2( movdqu [outputPtr+p0*16], xmm##x0)\
AS2( movdqu [outputPtr+p1*16], xmm##x1)\
AS2( movdqu [outputPtr+p2*16], xmm##x2)\
AS2( movdqu [outputPtr+p3*16], xmm##x3)\
ASL(labelPrefix##9)\
AS2( add outputPtr, increment*16)
#endif