Implemented 1.3.2 protocol encryption using CryptoPP, up to Client Status packet (http://wiki.vg/Protocol_FAQ step 14)
git-svn-id: http://mc-server.googlecode.com/svn/trunk@808 0a769ca7-a7f5-676a-18bf-c427514a06d6
This commit is contained in:
parent
d5f8701f63
commit
539364846a
139
CryptoPP/3way.cpp
Normal file
139
CryptoPP/3way.cpp
Normal file
@ -0,0 +1,139 @@
|
||||
// 3way.cpp - modifed by Wei Dai from Joan Daemen's 3way.c
|
||||
// The original code and all modifications are in the public domain.
|
||||
|
||||
#include "pch.h"
|
||||
#include "3way.h"
|
||||
#include "misc.h"
|
||||
|
||||
NAMESPACE_BEGIN(CryptoPP)
|
||||
|
||||
void ThreeWay_TestInstantiations()
|
||||
{
|
||||
ThreeWay::Encryption x1;
|
||||
ThreeWay::Decryption x2;
|
||||
}
|
||||
|
||||
static const word32 START_E = 0x0b0b; // round constant of first encryption round
|
||||
static const word32 START_D = 0xb1b1; // round constant of first decryption round
|
||||
static const word32 RC_MODULUS = 0x11011;
|
||||
|
||||
static inline word32 reverseBits(word32 a)
|
||||
{
|
||||
a = ((a & 0xAAAAAAAA) >> 1) | ((a & 0x55555555) << 1);
|
||||
a = ((a & 0xCCCCCCCC) >> 2) | ((a & 0x33333333) << 2);
|
||||
return ((a & 0xF0F0F0F0) >> 4) | ((a & 0x0F0F0F0F) << 4);
|
||||
}
|
||||
|
||||
#define mu(a0, a1, a2) \
|
||||
{ \
|
||||
a1 = reverseBits(a1); \
|
||||
word32 t = reverseBits(a0); \
|
||||
a0 = reverseBits(a2); \
|
||||
a2 = t; \
|
||||
}
|
||||
|
||||
#define pi_gamma_pi(a0, a1, a2) \
|
||||
{ \
|
||||
word32 b0, b2; \
|
||||
b2 = rotlFixed(a2, 1U); \
|
||||
b0 = rotlFixed(a0, 22U); \
|
||||
a0 = rotlFixed(b0 ^ (a1|(~b2)), 1U); \
|
||||
a2 = rotlFixed(b2 ^ (b0|(~a1)), 22U);\
|
||||
a1 ^= (b2|(~b0)); \
|
||||
}
|
||||
|
||||
// thanks to Paulo Barreto for this optimized theta()
|
||||
#define theta(a0, a1, a2) \
|
||||
{ \
|
||||
word32 b0, b1, c; \
|
||||
c = a0 ^ a1 ^ a2; \
|
||||
c = rotlFixed(c, 16U) ^ rotlFixed(c, 8U); \
|
||||
b0 = (a0 << 24) ^ (a2 >> 8) ^ (a1 << 8) ^ (a0 >> 24); \
|
||||
b1 = (a1 << 24) ^ (a0 >> 8) ^ (a2 << 8) ^ (a1 >> 24); \
|
||||
a0 ^= c ^ b0; \
|
||||
a1 ^= c ^ b1; \
|
||||
a2 ^= c ^ (b0 >> 16) ^ (b1 << 16); \
|
||||
}
|
||||
|
||||
#define rho(a0, a1, a2) \
|
||||
{ \
|
||||
theta(a0, a1, a2); \
|
||||
pi_gamma_pi(a0, a1, a2); \
|
||||
}
|
||||
|
||||
void ThreeWay::Base::UncheckedSetKey(const byte *uk, unsigned int length, const NameValuePairs ¶ms)
|
||||
{
|
||||
AssertValidKeyLength(length);
|
||||
|
||||
m_rounds = GetRoundsAndThrowIfInvalid(params, this);
|
||||
|
||||
for (unsigned int i=0; i<3; i++)
|
||||
m_k[i] = (word32)uk[4*i+3] | ((word32)uk[4*i+2]<<8) | ((word32)uk[4*i+1]<<16) | ((word32)uk[4*i]<<24);
|
||||
|
||||
if (!IsForwardTransformation())
|
||||
{
|
||||
theta(m_k[0], m_k[1], m_k[2]);
|
||||
mu(m_k[0], m_k[1], m_k[2]);
|
||||
m_k[0] = ByteReverse(m_k[0]);
|
||||
m_k[1] = ByteReverse(m_k[1]);
|
||||
m_k[2] = ByteReverse(m_k[2]);
|
||||
}
|
||||
}
|
||||
|
||||
void ThreeWay::Enc::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
|
||||
{
|
||||
typedef BlockGetAndPut<word32, BigEndian> Block;
|
||||
|
||||
word32 a0, a1, a2;
|
||||
Block::Get(inBlock)(a0)(a1)(a2);
|
||||
|
||||
word32 rc = START_E;
|
||||
|
||||
for(unsigned i=0; i<m_rounds; i++)
|
||||
{
|
||||
a0 ^= m_k[0] ^ (rc<<16);
|
||||
a1 ^= m_k[1];
|
||||
a2 ^= m_k[2] ^ rc;
|
||||
rho(a0, a1, a2);
|
||||
|
||||
rc <<= 1;
|
||||
if (rc&0x10000) rc ^= 0x11011;
|
||||
}
|
||||
a0 ^= m_k[0] ^ (rc<<16);
|
||||
a1 ^= m_k[1];
|
||||
a2 ^= m_k[2] ^ rc;
|
||||
theta(a0, a1, a2);
|
||||
|
||||
Block::Put(xorBlock, outBlock)(a0)(a1)(a2);
|
||||
}
|
||||
|
||||
void ThreeWay::Dec::ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const
|
||||
{
|
||||
typedef BlockGetAndPut<word32, LittleEndian> Block;
|
||||
|
||||
word32 a0, a1, a2;
|
||||
Block::Get(inBlock)(a0)(a1)(a2);
|
||||
|
||||
word32 rc = START_D;
|
||||
|
||||
mu(a0, a1, a2);
|
||||
for(unsigned i=0; i<m_rounds; i++)
|
||||
{
|
||||
a0 ^= m_k[0] ^ (rc<<16);
|
||||
a1 ^= m_k[1];
|
||||
a2 ^= m_k[2] ^ rc;
|
||||
rho(a0, a1, a2);
|
||||
|
||||
rc <<= 1;
|
||||
if (rc&0x10000) rc ^= 0x11011;
|
||||
}
|
||||
a0 ^= m_k[0] ^ (rc<<16);
|
||||
a1 ^= m_k[1];
|
||||
a2 ^= m_k[2] ^ rc;
|
||||
theta(a0, a1, a2);
|
||||
mu(a0, a1, a2);
|
||||
|
||||
Block::Put(xorBlock, outBlock)(a0)(a1)(a2);
|
||||
}
|
||||
|
||||
NAMESPACE_END
|
53
CryptoPP/3way.h
Normal file
53
CryptoPP/3way.h
Normal file
@ -0,0 +1,53 @@
|
||||
#ifndef CRYPTOPP_THREEWAY_H
|
||||
#define CRYPTOPP_THREEWAY_H
|
||||
|
||||
/** \file
|
||||
*/
|
||||
|
||||
#include "seckey.h"
|
||||
#include "secblock.h"
|
||||
|
||||
NAMESPACE_BEGIN(CryptoPP)
|
||||
|
||||
//! _
|
||||
struct ThreeWay_Info : public FixedBlockSize<12>, public FixedKeyLength<12>, public VariableRounds<11>
|
||||
{
|
||||
static const char *StaticAlgorithmName() {return "3-Way";}
|
||||
};
|
||||
|
||||
/// <a href="http://www.weidai.com/scan-mirror/cs.html#3-Way">3-Way</a>
|
||||
class ThreeWay : public ThreeWay_Info, public BlockCipherDocumentation
|
||||
{
|
||||
class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl<ThreeWay_Info>
|
||||
{
|
||||
public:
|
||||
void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms);
|
||||
|
||||
protected:
|
||||
unsigned int m_rounds;
|
||||
FixedSizeSecBlock<word32, 3> m_k;
|
||||
};
|
||||
|
||||
class CRYPTOPP_NO_VTABLE Enc : public Base
|
||||
{
|
||||
public:
|
||||
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
|
||||
};
|
||||
|
||||
class CRYPTOPP_NO_VTABLE Dec : public Base
|
||||
{
|
||||
public:
|
||||
void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const;
|
||||
};
|
||||
|
||||
public:
|
||||
typedef BlockCipherFinal<ENCRYPTION, Enc> Encryption;
|
||||
typedef BlockCipherFinal<DECRYPTION, Dec> Decryption;
|
||||
};
|
||||
|
||||
typedef ThreeWay::Encryption ThreeWayEncryption;
|
||||
typedef ThreeWay::Decryption ThreeWayDecryption;
|
||||
|
||||
NAMESPACE_END
|
||||
|
||||
#endif
|
1634
CryptoPP/Doxyfile
Normal file
1634
CryptoPP/Doxyfile
Normal file
File diff suppressed because it is too large
Load Diff
62
CryptoPP/License.txt
Normal file
62
CryptoPP/License.txt
Normal file
@ -0,0 +1,62 @@
|
||||
Compilation Copyright (c) 1995-2010 by Wei Dai. All rights reserved.
|
||||
This copyright applies only to this software distribution package
|
||||
as a compilation, and does not imply a copyright on any particular
|
||||
file in the package.
|
||||
|
||||
All individual files in this compilation are placed in the public domain by
|
||||
Wei Dai and other contributors.
|
||||
|
||||
I would like to thank the following authors for placing their works into
|
||||
the public domain:
|
||||
|
||||
Joan Daemen - 3way.cpp
|
||||
Leonard Janke - cast.cpp, seal.cpp
|
||||
Steve Reid - cast.cpp
|
||||
Phil Karn - des.cpp
|
||||
Andrew M. Kuchling - md2.cpp, md4.cpp
|
||||
Colin Plumb - md5.cpp
|
||||
Seal Woods - rc6.cpp
|
||||
Chris Morgan - rijndael.cpp
|
||||
Paulo Baretto - rijndael.cpp, skipjack.cpp, square.cpp
|
||||
Richard De Moliner - safer.cpp
|
||||
Matthew Skala - twofish.cpp
|
||||
Kevin Springle - camellia.cpp, shacal2.cpp, ttmac.cpp, whrlpool.cpp, ripemd.cpp
|
||||
|
||||
Permission to use, copy, modify, and distribute this compilation for
|
||||
any purpose, including commercial applications, is hereby granted
|
||||
without fee, subject to the following restrictions:
|
||||
|
||||
1. Any copy or modification of this compilation in any form, except
|
||||
in object code form as part of an application software, must include
|
||||
the above copyright notice and this license.
|
||||
|
||||
2. Users of this software agree that any modification or extension
|
||||
they provide to Wei Dai will be considered public domain and not
|
||||
copyrighted unless it includes an explicit copyright notice.
|
||||
|
||||
3. Wei Dai makes no warranty or representation that the operation of the
|
||||
software in this compilation will be error-free, and Wei Dai is under no
|
||||
obligation to provide any services, by way of maintenance, update, or
|
||||
otherwise. THE SOFTWARE AND ANY DOCUMENTATION ARE PROVIDED "AS IS"
|
||||
WITHOUT EXPRESS OR IMPLIED WARRANTY INCLUDING, BUT NOT LIMITED TO,
|
||||
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
|
||||
PURPOSE. IN NO EVENT WILL WEI DAI OR ANY OTHER CONTRIBUTOR BE LIABLE FOR
|
||||
DIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN IF
|
||||
ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
|
||||
|
||||
4. Users will not use Wei Dai or any other contributor's name in any
|
||||
publicity or advertising, without prior written consent in each case.
|
||||
|
||||
5. Export of this software from the United States may require a
|
||||
specific license from the United States Government. It is the
|
||||
responsibility of any person or organization contemplating export
|
||||
to obtain such a license before exporting.
|
||||
|
||||
6. Certain parts of this software may be protected by patents. It
|
||||
is the users' responsibility to obtain the appropriate
|
||||
licenses before using those parts.
|
||||
|
||||
If this compilation is used in object code form in an application
|
||||
software, acknowledgement of the author is not required but would be
|
||||
appreciated. The contribution of any useful modifications or extensions
|
||||
to Wei Dai is not required but would also be appreciated.
|
444
CryptoPP/Readme.txt
Normal file
444
CryptoPP/Readme.txt
Normal file
@ -0,0 +1,444 @@
|
||||
Crypto++: a C++ Class Library of Cryptographic Schemes
|
||||
Version 5.6.1 (8/9/2010, SVN r520)
|
||||
|
||||
Crypto++ Library is a free C++ class library of cryptographic schemes.
|
||||
Currently the library contains the following algorithms:
|
||||
|
||||
algorithm type name
|
||||
|
||||
authenticated encryption schemes GCM, CCM, EAX
|
||||
|
||||
high speed stream ciphers Panama, Sosemanuk, Salsa20, XSalsa20
|
||||
|
||||
AES and AES candidates AES (Rijndael), RC6, MARS, Twofish, Serpent,
|
||||
CAST-256
|
||||
|
||||
IDEA, Triple-DES (DES-EDE2 and DES-EDE3),
|
||||
other block ciphers Camellia, SEED, RC5, Blowfish, TEA, XTEA,
|
||||
Skipjack, SHACAL-2
|
||||
|
||||
block cipher modes of operation ECB, CBC, CBC ciphertext stealing (CTS),
|
||||
CFB, OFB, counter mode (CTR)
|
||||
|
||||
message authentication codes VMAC, HMAC, GMAC, CMAC, CBC-MAC, DMAC,
|
||||
Two-Track-MAC
|
||||
|
||||
SHA-1, SHA-2 (SHA-224, SHA-256, SHA-384, and
|
||||
hash functions SHA-512), Tiger, WHIRLPOOL, RIPEMD-128,
|
||||
RIPEMD-256, RIPEMD-160, RIPEMD-320
|
||||
|
||||
RSA, DSA, ElGamal, Nyberg-Rueppel (NR),
|
||||
public-key cryptography Rabin-Williams (RW), LUC, LUCELG,
|
||||
DLIES (variants of DHAES), ESIGN
|
||||
|
||||
padding schemes for public-key PKCS#1 v2.0, OAEP, PSS, PSSR, IEEE P1363
|
||||
systems EMSA2 and EMSA5
|
||||
|
||||
Diffie-Hellman (DH), Unified Diffie-Hellman
|
||||
key agreement schemes (DH2), Menezes-Qu-Vanstone (MQV), LUCDIF,
|
||||
XTR-DH
|
||||
|
||||
elliptic curve cryptography ECDSA, ECNR, ECIES, ECDH, ECMQV
|
||||
|
||||
insecure or obsolescent MD2, MD4, MD5, Panama Hash, DES, ARC4, SEAL
|
||||
algorithms retained for backwards 3.0, WAKE, WAKE-OFB, DESX (DES-XEX3), RC2,
|
||||
compatibility and historical SAFER, 3-WAY, GOST, SHARK, CAST-128, Square
|
||||
value
|
||||
|
||||
Other features include:
|
||||
|
||||
* pseudo random number generators (PRNG): ANSI X9.17 appendix C, RandomPool
|
||||
* password based key derivation functions: PBKDF1 and PBKDF2 from PKCS #5,
|
||||
PBKDF from PKCS #12 appendix B
|
||||
* Shamir's secret sharing scheme and Rabin's information dispersal algorithm
|
||||
(IDA)
|
||||
* fast multi-precision integer (bignum) and polynomial operations
|
||||
* finite field arithmetics, including GF(p) and GF(2^n)
|
||||
* prime number generation and verification
|
||||
* useful non-cryptographic algorithms
|
||||
+ DEFLATE (RFC 1951) compression/decompression with gzip (RFC 1952) and
|
||||
zlib (RFC 1950) format support
|
||||
+ hex, base-32, and base-64 coding/decoding
|
||||
+ 32-bit CRC and Adler32 checksum
|
||||
* class wrappers for these operating system features (optional):
|
||||
+ high resolution timers on Windows, Unix, and Mac OS
|
||||
+ Berkeley and Windows style sockets
|
||||
+ Windows named pipes
|
||||
+ /dev/random, /dev/urandom, /dev/srandom
|
||||
+ Microsoft's CryptGenRandom on Windows
|
||||
* A high level interface for most of the above, using a filter/pipeline
|
||||
metaphor
|
||||
* benchmarks and validation testing
|
||||
* x86, x86-64 (x64), MMX, and SSE2 assembly code for the most commonly used
|
||||
algorithms, with run-time CPU feature detection and code selection
|
||||
* some versions are available in FIPS 140-2 validated form
|
||||
|
||||
You are welcome to use it for any purpose without paying me, but see
|
||||
License.txt for the fine print.
|
||||
|
||||
The following compilers are supported for this release. Please visit
|
||||
http://www.cryptopp.com the most up to date build instructions and porting notes.
|
||||
|
||||
* MSVC 6.0 - 2010
|
||||
* GCC 3.3 - 4.5
|
||||
* C++Builder 2010
|
||||
* Intel C++ Compiler 9 - 11.1
|
||||
* Sun Studio 12u1, Express 11/08, Express 06/10
|
||||
|
||||
*** Important Usage Notes ***
|
||||
|
||||
1. If a constructor for A takes a pointer to an object B (except primitive
|
||||
types such as int and char), then A owns B and will delete B at A's
|
||||
destruction. If a constructor for A takes a reference to an object B,
|
||||
then the caller retains ownership of B and should not destroy it until
|
||||
A no longer needs it.
|
||||
|
||||
2. Crypto++ is thread safe at the class level. This means you can use
|
||||
Crypto++ safely in a multithreaded application, but you must provide
|
||||
synchronization when multiple threads access a common Crypto++ object.
|
||||
|
||||
*** MSVC-Specific Information ***
|
||||
|
||||
On Windows, Crypto++ can be compiled into 3 forms: a static library
|
||||
including all algorithms, a DLL with only FIPS Approved algorithms, and
|
||||
a static library with only algorithms not in the DLL.
|
||||
(FIPS Approved means Approved according to the FIPS 140-2 standard.)
|
||||
The DLL may be used by itself, or it may be used together with the second
|
||||
form of the static library. MSVC project files are included to build
|
||||
all three forms, and sample applications using each of the three forms
|
||||
are also included.
|
||||
|
||||
To compile Crypto++ with MSVC, open the "cryptest.dsw" (for MSVC 6 and MSVC .NET
|
||||
2003) or "cryptest.sln" (for MSVC 2005 - 2010) workspace file and build one or
|
||||
more of the following projects:
|
||||
|
||||
cryptopp - This builds the DLL. Please note that if you wish to use Crypto++
|
||||
as a FIPS validated module, you must use a pre-built DLL that has undergone
|
||||
the FIPS validation process instead of building your own.
|
||||
dlltest - This builds a sample application that only uses the DLL.
|
||||
cryptest Non-DLL-Import Configuration - This builds the full static library
|
||||
along with a full test driver.
|
||||
cryptest DLL-Import Configuration - This builds a static library containing
|
||||
only algorithms not in the DLL, along with a full test driver that uses
|
||||
both the DLL and the static library.
|
||||
|
||||
To use the Crypto++ DLL in your application, #include "dll.h" before including
|
||||
any other Crypto++ header files, and place the DLL in the same directory as
|
||||
your .exe file. dll.h includes the line #pragma comment(lib, "cryptopp")
|
||||
so you don't have to explicitly list the import library in your project
|
||||
settings. To use a static library form of Crypto++, make the "cryptlib"
|
||||
project a dependency of your application project, or specify it as
|
||||
an additional library to link with in your project settings.
|
||||
In either case you should check the compiler options to
|
||||
make sure that the library and your application are using the same C++
|
||||
run-time libraries and calling conventions.
|
||||
|
||||
*** DLL Memory Management ***
|
||||
|
||||
Because it's possible for the Crypto++ DLL to delete objects allocated
|
||||
by the calling application, they must use the same C++ memory heap. Three
|
||||
methods are provided to achieve this.
|
||||
1. The calling application can tell Crypto++ what heap to use. This method
|
||||
is required when the calling application uses a non-standard heap.
|
||||
2. Crypto++ can tell the calling application what heap to use. This method
|
||||
is required when the calling application uses a statically linked C++ Run
|
||||
Time Library. (Method 1 does not work in this case because the Crypto++ DLL
|
||||
is initialized before the calling application's heap is initialized.)
|
||||
3. Crypto++ can automatically use the heap provided by the calling application's
|
||||
dynamically linked C++ Run Time Library. The calling application must
|
||||
make sure that the dynamically linked C++ Run Time Library is initialized
|
||||
before Crypto++ is loaded. (At this time it is not clear if it is possible
|
||||
to control the order in which DLLs are initialized on Windows 9x machines,
|
||||
so it might be best to avoid using this method.)
|
||||
|
||||
When Crypto++ attaches to a new process, it searches all modules loaded
|
||||
into the process space for exported functions "GetNewAndDeleteForCryptoPP"
|
||||
and "SetNewAndDeleteFromCryptoPP". If one of these functions is found,
|
||||
Crypto++ uses methods 1 or 2, respectively, by calling the function.
|
||||
Otherwise, method 3 is used.
|
||||
|
||||
*** GCC-Specific Information ***
|
||||
|
||||
A makefile is included for you to compile Crypto++ with GCC. Make sure
|
||||
you are using GNU Make and GNU ld. The make process will produce two files,
|
||||
libcryptopp.a and cryptest.exe. Run "cryptest.exe v" for the validation
|
||||
suite.
|
||||
|
||||
*** Documentation and Support ***
|
||||
|
||||
Crypto++ is documented through inline comments in header files, which are
|
||||
processed through Doxygen to produce an HTML reference manual. You can find
|
||||
a link to the manual from http://www.cryptopp.com. Also at that site is
|
||||
the Crypto++ FAQ, which you should browse through before attempting to
|
||||
use this library, because it will likely answer many of questions that
|
||||
may come up.
|
||||
|
||||
If you run into any problems, please try the Crypto++ mailing list.
|
||||
The subscription information and the list archive are available on
|
||||
http://www.cryptopp.com. You can also email me directly by visiting
|
||||
http://www.weidai.com, but you will probably get a faster response through
|
||||
the mailing list.
|
||||
|
||||
*** History ***
|
||||
|
||||
1.0 - First public release. Withdrawn at the request of RSA DSI.
|
||||
- included Blowfish, BBS, DES, DH, Diamond, DSA, ElGamal, IDEA,
|
||||
MD5, RC4, RC5, RSA, SHA, WAKE, secret sharing, DEFLATE compression
|
||||
- had a serious bug in the RSA key generation code.
|
||||
|
||||
1.1 - Removed RSA, RC4, RC5
|
||||
- Disabled calls to RSAREF's non-public functions
|
||||
- Minor bugs fixed
|
||||
|
||||
2.0 - a completely new, faster multiprecision integer class
|
||||
- added MD5-MAC, HAVAL, 3-WAY, TEA, SAFER, LUC, Rabin, BlumGoldwasser,
|
||||
elliptic curve algorithms
|
||||
- added the Lucas strong probable primality test
|
||||
- ElGamal encryption and signature schemes modified to avoid weaknesses
|
||||
- Diamond changed to Diamond2 because of key schedule weakness
|
||||
- fixed bug in WAKE key setup
|
||||
- SHS class renamed to SHA
|
||||
- lots of miscellaneous optimizations
|
||||
|
||||
2.1 - added Tiger, HMAC, GOST, RIPE-MD160, LUCELG, LUCDIF, XOR-MAC,
|
||||
OAEP, PSSR, SHARK
|
||||
- added precomputation to DH, ElGamal, DSA, and elliptic curve algorithms
|
||||
- added back RC5 and a new RSA
|
||||
- optimizations in elliptic curves over GF(p)
|
||||
- changed Rabin to use OAEP and PSSR
|
||||
- changed many classes to allow copy constructors to work correctly
|
||||
- improved exception generation and handling
|
||||
|
||||
2.2 - added SEAL, CAST-128, Square
|
||||
- fixed bug in HAVAL (padding problem)
|
||||
- fixed bug in triple-DES (decryption order was reversed)
|
||||
- fixed bug in RC5 (couldn't handle key length not a multiple of 4)
|
||||
- changed HMAC to conform to RFC-2104 (which is not compatible
|
||||
with the original HMAC)
|
||||
- changed secret sharing and information dispersal to use GF(2^32)
|
||||
instead of GF(65521)
|
||||
- removed zero knowledge prover/verifier for graph isomorphism
|
||||
- removed several utility classes in favor of the C++ standard library
|
||||
|
||||
2.3 - ported to EGCS
|
||||
- fixed incomplete workaround of min/max conflict in MSVC
|
||||
|
||||
3.0 - placed all names into the "CryptoPP" namespace
|
||||
- added MD2, RC2, RC6, MARS, RW, DH2, MQV, ECDHC, CBC-CTS
|
||||
- added abstract base classes PK_SimpleKeyAgreementDomain and
|
||||
PK_AuthenticatedKeyAgreementDomain
|
||||
- changed DH and LUCDIF to implement the PK_SimpleKeyAgreementDomain
|
||||
interface and to perform domain parameter and key validation
|
||||
- changed interfaces of PK_Signer and PK_Verifier to sign and verify
|
||||
messages instead of message digests
|
||||
- changed OAEP to conform to PKCS#1 v2.0
|
||||
- changed benchmark code to produce HTML tables as output
|
||||
- changed PSSR to track IEEE P1363a
|
||||
- renamed ElGamalSignature to NR and changed it to track IEEE P1363
|
||||
- renamed ECKEP to ECMQVC and changed it to track IEEE P1363
|
||||
- renamed several other classes for clarity
|
||||
- removed support for calling RSAREF
|
||||
- removed option to compile old SHA (SHA-0)
|
||||
- removed option not to throw exceptions
|
||||
|
||||
3.1 - added ARC4, Rijndael, Twofish, Serpent, CBC-MAC, DMAC
|
||||
- added interface for querying supported key lengths of symmetric ciphers
|
||||
and MACs
|
||||
- added sample code for RSA signature and verification
|
||||
- changed CBC-CTS to be compatible with RFC 2040
|
||||
- updated SEAL to version 3.0 of the cipher specification
|
||||
- optimized multiprecision squaring and elliptic curves over GF(p)
|
||||
- fixed bug in MARS key setup
|
||||
- fixed bug with attaching objects to Deflator
|
||||
|
||||
3.2 - added DES-XEX3, ECDSA, DefaultEncryptorWithMAC
|
||||
- renamed DES-EDE to DES-EDE2 and TripleDES to DES-EDE3
|
||||
- optimized ARC4
|
||||
- generalized DSA to allow keys longer than 1024 bits
|
||||
- fixed bugs in GF2N and ModularArithmetic that can cause calculation errors
|
||||
- fixed crashing bug in Inflator when given invalid inputs
|
||||
- fixed endian bug in Serpent
|
||||
- fixed padding bug in Tiger
|
||||
|
||||
4.0 - added Skipjack, CAST-256, Panama, SHA-2 (SHA-256, SHA-384, and SHA-512),
|
||||
and XTR-DH
|
||||
- added a faster variant of Rabin's Information Dispersal Algorithm (IDA)
|
||||
- added class wrappers for these operating system features:
|
||||
- high resolution timers on Windows, Unix, and MacOS
|
||||
- Berkeley and Windows style sockets
|
||||
- Windows named pipes
|
||||
- /dev/random and /dev/urandom on Linux and FreeBSD
|
||||
- Microsoft's CryptGenRandom on Windows
|
||||
- added support for SEC 1 elliptic curve key format and compressed points
|
||||
- added support for X.509 public key format (subjectPublicKeyInfo) for
|
||||
RSA, DSA, and elliptic curve schemes
|
||||
- added support for DER and OpenPGP signature format for DSA
|
||||
- added support for ZLIB compressed data format (RFC 1950)
|
||||
- changed elliptic curve encryption to use ECIES (as defined in SEC 1)
|
||||
- changed MARS key schedule to reflect the latest specification
|
||||
- changed BufferedTransformation interface to support multiple channels
|
||||
and messages
|
||||
- changed CAST and SHA-1 implementations to use public domain source code
|
||||
- fixed bug in StringSource
|
||||
- optmized multi-precision integer code for better performance
|
||||
|
||||
4.1 - added more support for the recommended elliptic curve parameters in SEC 2
|
||||
- added Panama MAC, MARC4
|
||||
- added IV stealing feature to CTS mode
|
||||
- added support for PKCS #8 private key format for RSA, DSA, and elliptic
|
||||
curve schemes
|
||||
- changed Deflate, MD5, Rijndael, and Twofish to use public domain code
|
||||
- fixed a bug with flushing compressed streams
|
||||
- fixed a bug with decompressing stored blocks
|
||||
- fixed a bug with EC point decompression using non-trinomial basis
|
||||
- fixed a bug in NetworkSource::GeneralPump()
|
||||
- fixed a performance issue with EC over GF(p) decryption
|
||||
- fixed syntax to allow GCC to compile without -fpermissive
|
||||
- relaxed some restrictions in the license
|
||||
|
||||
4.2 - added support for longer HMAC keys
|
||||
- added MD4 (which is not secure so use for compatibility purposes only)
|
||||
- added compatibility fixes/workarounds for STLport 4.5, GCC 3.0.2,
|
||||
and MSVC 7.0
|
||||
- changed MD2 to use public domain code
|
||||
- fixed a bug with decompressing multiple messages with the same object
|
||||
- fixed a bug in CBC-MAC with MACing multiple messages with the same object
|
||||
- fixed a bug in RC5 and RC6 with zero-length keys
|
||||
- fixed a bug in Adler32 where incorrect checksum may be generated
|
||||
|
||||
5.0 - added ESIGN, DLIES, WAKE-OFB, PBKDF1 and PBKDF2 from PKCS #5
|
||||
- added key validation for encryption and signature public/private keys
|
||||
- renamed StreamCipher interface to SymmetricCipher, which is now implemented
|
||||
by both stream ciphers and block cipher modes including ECB and CBC
|
||||
- added keying interfaces to support resetting of keys and IVs without
|
||||
having to destroy and recreate objects
|
||||
- changed filter interface to support non-blocking input/output
|
||||
- changed SocketSource and SocketSink to use overlapped I/O on Microsoft Windows
|
||||
- grouped related classes inside structs to help templates, for example
|
||||
AESEncryption and AESDecryption are now AES::Encryption and AES::Decryption
|
||||
- where possible, typedefs have been added to improve backwards
|
||||
compatibility when the CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY macro is defined
|
||||
- changed Serpent, HAVAL and IDEA to use public domain code
|
||||
- implemented SSE2 optimizations for Integer operations
|
||||
- fixed a bug in HMAC::TruncatedFinal()
|
||||
- fixed SKIPJACK byte ordering following NIST clarification dated 5/9/02
|
||||
|
||||
5.01 - added known answer test for X9.17 RNG in FIPS 140 power-up self test
|
||||
- submitted to NIST/CSE, but not publicly released
|
||||
|
||||
5.02 - changed EDC test to MAC integrity check using HMAC/SHA1
|
||||
- improved performance of integrity check
|
||||
- added blinding to defend against RSA timing attack
|
||||
|
||||
5.03 - created DLL version of Crypto++ for FIPS 140-2 validation
|
||||
- fixed vulnerabilities in GetNextIV for CTR and OFB modes
|
||||
|
||||
5.0.4 - Removed DES, SHA-256, SHA-384, SHA-512 from DLL
|
||||
|
||||
5.1 - added PSS padding and changed PSSR to track IEEE P1363a draft standard
|
||||
- added blinding for RSA and Rabin to defend against timing attacks
|
||||
on decryption operations
|
||||
- changed signing and decryption APIs to support the above
|
||||
- changed WaitObjectContainer to allow waiting for more than 64
|
||||
objects at a time on Win32 platforms
|
||||
- fixed a bug in CBC and ECB modes with processing non-aligned data
|
||||
- fixed standard conformance bugs in DLIES (DHAES mode) and RW/EMSA2
|
||||
signature scheme (these fixes are not backwards compatible)
|
||||
- fixed a number of compiler warnings, minor bugs, and portability problems
|
||||
- removed Sapphire
|
||||
|
||||
5.2 - merged in changes for 5.01 - 5.0.4
|
||||
- added support for using encoding parameters and key derivation parameters
|
||||
with public key encryption (implemented by OAEP and DL/ECIES)
|
||||
- added Camellia, SHACAL-2, Two-Track-MAC, Whirlpool, RIPEMD-320,
|
||||
RIPEMD-128, RIPEMD-256, Base-32 coding, FIPS variant of CFB mode
|
||||
- added ThreadUserTimer for timing thread CPU usage
|
||||
- added option for password-based key derivation functions
|
||||
to iterate until a mimimum elapsed thread CPU time is reached
|
||||
- added option (on by default) for DEFLATE compression to detect
|
||||
uncompressible files and process them more quickly
|
||||
- improved compatibility and performance on 64-bit platforms,
|
||||
including Alpha, IA-64, x86-64, PPC64, Sparc64, and MIPS64
|
||||
- fixed ONE_AND_ZEROS_PADDING to use 0x80 instead 0x01 as padding.
|
||||
- fixed encoding/decoding of PKCS #8 privateKeyInfo to properly
|
||||
handle optional attributes
|
||||
|
||||
5.2.1 - fixed bug in the "dlltest" DLL testing program
|
||||
- fixed compiling with STLport using VC .NET
|
||||
- fixed compiling with -fPIC using GCC
|
||||
- fixed compiling with -msse2 on systems without memalign()
|
||||
- fixed inability to instantiate PanamaMAC
|
||||
- fixed problems with inline documentation
|
||||
|
||||
5.2.2 - added SHA-224
|
||||
- put SHA-256, SHA-384, SHA-512, RSASSA-PSS into DLL
|
||||
|
||||
5.2.3 - fixed issues with FIPS algorithm test vectors
|
||||
- put RSASSA-ISO into DLL
|
||||
|
||||
5.3 - ported to MSVC 2005 with support for x86-64
|
||||
- added defense against AES timing attacks, and more AES test vectors
|
||||
- changed StaticAlgorithmName() of Rijndael to "AES", CTR to "CTR"
|
||||
|
||||
5.4 - added Salsa20
|
||||
- updated Whirlpool to version 3.0
|
||||
- ported to GCC 4.1, Sun C++ 5.8, and Borland C++Builder 2006
|
||||
|
||||
5.5 - added VMAC and Sosemanuk (with x86-64 and SSE2 assembly)
|
||||
- improved speed of integer arithmetic, AES, SHA-512, Tiger, Salsa20,
|
||||
Whirlpool, and PANAMA cipher using assembly (x86-64, MMX, SSE2)
|
||||
- optimized Camellia and added defense against timing attacks
|
||||
- updated benchmarks code to show cycles per byte and to time key/IV setup
|
||||
- started using OpenMP for increased multi-core speed
|
||||
- enabled GCC optimization flags by default in GNUmakefile
|
||||
- added blinding and computational error checking for RW signing
|
||||
- changed RandomPool, X917RNG, GetNextIV, DSA/NR/ECDSA/ECNR to reduce
|
||||
the risk of reusing random numbers and IVs after virtual machine state
|
||||
rollback
|
||||
- changed default FIPS mode RNG from AutoSeededX917RNG<DES_EDE3> to
|
||||
AutoSeededX917RNG<AES>
|
||||
- fixed PANAMA cipher interface to accept 256-bit key and 256-bit IV
|
||||
- moved MD2, MD4, MD5, PanamaHash, ARC4, WAKE_CFB into the namespace "Weak"
|
||||
- removed HAVAL, MD5-MAC, XMAC
|
||||
|
||||
5.5.1 - fixed VMAC validation failure on 32-bit big-endian machines
|
||||
|
||||
5.5.2 - ported x64 assembly language code for AES, Salsa20, Sosemanuk, and Panama
|
||||
to MSVC 2005 (using MASM since MSVC doesn't support inline assembly on x64)
|
||||
- fixed Salsa20 initialization crash on non-SSE2 machines
|
||||
- fixed Whirlpool crash on Pentium 2 machines
|
||||
- fixed possible branch prediction analysis (BPA) vulnerability in
|
||||
MontgomeryReduce(), which may affect security of RSA, RW, LUC
|
||||
- fixed link error with MSVC 2003 when using "debug DLL" form of runtime library
|
||||
- fixed crash in SSE2_Add on P4 machines when compiled with
|
||||
MSVC 6.0 SP5 with Processor Pack
|
||||
- ported to MSVC 2008, GCC 4.2, Sun CC 5.9, Intel C++ Compiler 10.0,
|
||||
and Borland C++Builder 2007
|
||||
|
||||
5.6.0 - added AuthenticatedSymmetricCipher interface class and Filter wrappers
|
||||
- added CCM, GCM (with SSE2 assembly), EAX, CMAC, XSalsa20, and SEED
|
||||
- added support for variable length IVs
|
||||
- added OIDs for Brainpool elliptic curve parameters
|
||||
- improved AES and SHA-256 speed on x86 and x64
|
||||
- changed BlockTransformation interface to no longer assume data alignment
|
||||
- fixed incorrect VMAC computation on message lengths
|
||||
that are >64 mod 128 (x86 assembly version is not affected)
|
||||
- fixed compiler error in vmac.cpp on x86 with GCC -fPIC
|
||||
- fixed run-time validation error on x86-64 with GCC 4.3.2 -O2
|
||||
- fixed HashFilter bug when putMessage=true
|
||||
- fixed AES-CTR data alignment bug that causes incorrect encryption on ARM
|
||||
- removed WORD64_AVAILABLE; compiler support for 64-bit int is now required
|
||||
- ported to GCC 4.3, C++Builder 2009, Sun CC 5.10, Intel C++ Compiler 11
|
||||
|
||||
5.6.1 - added support for AES-NI and CLMUL instruction sets in AES and GMAC/GCM
|
||||
- removed WAKE-CFB
|
||||
- fixed several bugs in the SHA-256 x86/x64 assembly code:
|
||||
* incorrect hash on non-SSE2 x86 machines on non-aligned input
|
||||
* incorrect hash on x86 machines when input crosses 0x80000000
|
||||
* incorrect hash on x64 when compiled with GCC with optimizations enabled
|
||||
- fixed bugs in AES x86 and x64 assembly causing crashes in some MSVC build configurations
|
||||
- switched to a public domain implementation of MARS
|
||||
- ported to MSVC 2010, GCC 4.5.1, Sun Studio 12u1, C++Builder 2010, Intel C++ Compiler 11.1
|
||||
- renamed the MSVC DLL project to "cryptopp" for compatibility with MSVC 2010
|
||||
|
||||
Written by Wei Dai
|
77
CryptoPP/adler32.cpp
Normal file
77
CryptoPP/adler32.cpp
Normal file
@ -0,0 +1,77 @@
|
||||
// adler32.cpp - written and placed in the public domain by Wei Dai
|
||||
|
||||
#include "pch.h"
|
||||
#include "adler32.h"
|
||||
|
||||
NAMESPACE_BEGIN(CryptoPP)
|
||||
|
||||
void Adler32::Update(const byte *input, size_t length)
|
||||
{
|
||||
const unsigned long BASE = 65521;
|
||||
|
||||
unsigned long s1 = m_s1;
|
||||
unsigned long s2 = m_s2;
|
||||
|
||||
if (length % 8 != 0)
|
||||
{
|
||||
do
|
||||
{
|
||||
s1 += *input++;
|
||||
s2 += s1;
|
||||
length--;
|
||||
} while (length % 8 != 0);
|
||||
|
||||
if (s1 >= BASE)
|
||||
s1 -= BASE;
|
||||
s2 %= BASE;
|
||||
}
|
||||
|
||||
while (length > 0)
|
||||
{
|
||||
s1 += input[0]; s2 += s1;
|
||||
s1 += input[1]; s2 += s1;
|
||||
s1 += input[2]; s2 += s1;
|
||||
s1 += input[3]; s2 += s1;
|
||||
s1 += input[4]; s2 += s1;
|
||||
s1 += input[5]; s2 += s1;
|
||||
s1 += input[6]; s2 += s1;
|
||||
s1 += input[7]; s2 += s1;
|
||||
|
||||
length -= 8;
|
||||
input += 8;
|
||||
|
||||
if (s1 >= BASE)
|
||||
s1 -= BASE;
|
||||
if (length % 0x8000 == 0)
|
||||
s2 %= BASE;
|
||||
}
|
||||
|
||||
assert(s1 < BASE);
|
||||
assert(s2 < BASE);
|
||||
|
||||
m_s1 = (word16)s1;
|
||||
m_s2 = (word16)s2;
|
||||
}
|
||||
|
||||
void Adler32::TruncatedFinal(byte *hash, size_t size)
|
||||
{
|
||||
ThrowIfInvalidTruncatedSize(size);
|
||||
|
||||
switch (size)
|
||||
{
|
||||
default:
|
||||
hash[3] = byte(m_s1);
|
||||
case 3:
|
||||
hash[2] = byte(m_s1 >> 8);
|
||||
case 2:
|
||||
hash[1] = byte(m_s2);
|
||||
case 1:
|
||||
hash[0] = byte(m_s2 >> 8);
|
||||
case 0:
|
||||
;
|
||||
}
|
||||
|
||||
Reset();
|
||||
}
|
||||
|
||||
NAMESPACE_END
|
28
CryptoPP/adler32.h
Normal file
28
CryptoPP/adler32.h
Normal file
@ -0,0 +1,28 @@
|
||||
#ifndef CRYPTOPP_ADLER32_H
|
||||
#define CRYPTOPP_ADLER32_H
|
||||
|
||||
#include "cryptlib.h"
|
||||
|
||||
NAMESPACE_BEGIN(CryptoPP)
|
||||
|
||||
//! ADLER-32 checksum calculations
|
||||
class Adler32 : public HashTransformation
|
||||
{
|
||||
public:
|
||||
CRYPTOPP_CONSTANT(DIGESTSIZE = 4)
|
||||
Adler32() {Reset();}
|
||||
void Update(const byte *input, size_t length);
|
||||
void TruncatedFinal(byte *hash, size_t size);
|
||||
unsigned int DigestSize() const {return DIGESTSIZE;}
|
||||
static const char * StaticAlgorithmName() {return "Adler32";}
|
||||
std::string AlgorithmName() const {return StaticAlgorithmName();}
|
||||
|
||||
private:
|
||||
void Reset() {m_s1 = 1; m_s2 = 0;}
|
||||
|
||||
word16 m_s1, m_s2;
|
||||
};
|
||||
|
||||
NAMESPACE_END
|
||||
|
||||
#endif
|
16
CryptoPP/aes.h
Normal file
16
CryptoPP/aes.h
Normal file
@ -0,0 +1,16 @@
|
||||
#ifndef CRYPTOPP_AES_H
|
||||
#define CRYPTOPP_AES_H
|
||||
|
||||
#include "rijndael.h"
|
||||
|
||||
NAMESPACE_BEGIN(CryptoPP)
|
||||
|
||||
//! <a href="http://www.cryptolounge.org/wiki/AES">AES</a> winner, announced on 10/2/2000
|
||||
DOCUMENTED_TYPEDEF(Rijndael, AES);
|
||||
|
||||
typedef RijndaelEncryption AESEncryption;
|
||||
typedef RijndaelDecryption AESDecryption;
|
||||
|
||||
NAMESPACE_END
|
||||
|
||||
#endif
|
340
CryptoPP/algebra.cpp
Normal file
340
CryptoPP/algebra.cpp
Normal file
@ -0,0 +1,340 @@
|
||||
// algebra.cpp - written and placed in the public domain by Wei Dai
|
||||
|
||||
#include "pch.h"
|
||||
|
||||
#ifndef CRYPTOPP_ALGEBRA_CPP // SunCC workaround: compiler could cause this file to be included twice
|
||||
#define CRYPTOPP_ALGEBRA_CPP
|
||||
|
||||
#include "algebra.h"
|
||||
#include "integer.h"
|
||||
|
||||
#include <vector>
|
||||
|
||||
NAMESPACE_BEGIN(CryptoPP)
|
||||
|
||||
template <class T> const T& AbstractGroup<T>::Double(const Element &a) const
|
||||
{
|
||||
return Add(a, a);
|
||||
}
|
||||
|
||||
template <class T> const T& AbstractGroup<T>::Subtract(const Element &a, const Element &b) const
|
||||
{
|
||||
// make copy of a in case Inverse() overwrites it
|
||||
Element a1(a);
|
||||
return Add(a1, Inverse(b));
|
||||
}
|
||||
|
||||
template <class T> T& AbstractGroup<T>::Accumulate(Element &a, const Element &b) const
|
||||
{
|
||||
return a = Add(a, b);
|
||||
}
|
||||
|
||||
template <class T> T& AbstractGroup<T>::Reduce(Element &a, const Element &b) const
|
||||
{
|
||||
return a = Subtract(a, b);
|
||||
}
|
||||
|
||||
template <class T> const T& AbstractRing<T>::Square(const Element &a) const
|
||||
{
|
||||
return Multiply(a, a);
|
||||
}
|
||||
|
||||
template <class T> const T& AbstractRing<T>::Divide(const Element &a, const Element &b) const
|
||||
{
|
||||
// make copy of a in case MultiplicativeInverse() overwrites it
|
||||
Element a1(a);
|
||||
return Multiply(a1, MultiplicativeInverse(b));
|
||||
}
|
||||
|
||||
template <class T> const T& AbstractEuclideanDomain<T>::Mod(const Element &a, const Element &b) const
|
||||
{
|
||||
Element q;
|
||||
DivisionAlgorithm(result, q, a, b);
|
||||
return result;
|
||||
}
|
||||
|
||||
template <class T> const T& AbstractEuclideanDomain<T>::Gcd(const Element &a, const Element &b) const
|
||||
{
|
||||
Element g[3]={b, a};
|
||||
unsigned int i0=0, i1=1, i2=2;
|
||||
|
||||
while (!Equal(g[i1], this->Identity()))
|
||||
{
|
||||
g[i2] = Mod(g[i0], g[i1]);
|
||||
unsigned int t = i0; i0 = i1; i1 = i2; i2 = t;
|
||||
}
|
||||
|
||||
return result = g[i0];
|
||||
}
|
||||
|
||||
template <class T> const typename QuotientRing<T>::Element& QuotientRing<T>::MultiplicativeInverse(const Element &a) const
|
||||
{
|
||||
Element g[3]={m_modulus, a};
|
||||
Element v[3]={m_domain.Identity(), m_domain.MultiplicativeIdentity()};
|
||||
Element y;
|
||||
unsigned int i0=0, i1=1, i2=2;
|
||||
|
||||
while (!Equal(g[i1], Identity()))
|
||||
{
|
||||
// y = g[i0] / g[i1];
|
||||
// g[i2] = g[i0] % g[i1];
|
||||
m_domain.DivisionAlgorithm(g[i2], y, g[i0], g[i1]);
|
||||
// v[i2] = v[i0] - (v[i1] * y);
|
||||
v[i2] = m_domain.Subtract(v[i0], m_domain.Multiply(v[i1], y));
|
||||
unsigned int t = i0; i0 = i1; i1 = i2; i2 = t;
|
||||
}
|
||||
|
||||
return m_domain.IsUnit(g[i0]) ? m_domain.Divide(v[i0], g[i0]) : m_domain.Identity();
|
||||
}
|
||||
|
||||
template <class T> T AbstractGroup<T>::ScalarMultiply(const Element &base, const Integer &exponent) const
|
||||
{
|
||||
Element result;
|
||||
SimultaneousMultiply(&result, base, &exponent, 1);
|
||||
return result;
|
||||
}
|
||||
|
||||
template <class T> T AbstractGroup<T>::CascadeScalarMultiply(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const
|
||||
{
|
||||
const unsigned expLen = STDMAX(e1.BitCount(), e2.BitCount());
|
||||
if (expLen==0)
|
||||
return Identity();
|
||||
|
||||
const unsigned w = (expLen <= 46 ? 1 : (expLen <= 260 ? 2 : 3));
|
||||
const unsigned tableSize = 1<<w;
|
||||
std::vector<Element> powerTable(tableSize << w);
|
||||
|
||||
powerTable[1] = x;
|
||||
powerTable[tableSize] = y;
|
||||
if (w==1)
|
||||
powerTable[3] = Add(x,y);
|
||||
else
|
||||
{
|
||||
powerTable[2] = Double(x);
|
||||
powerTable[2*tableSize] = Double(y);
|
||||
|
||||
unsigned i, j;
|
||||
|
||||
for (i=3; i<tableSize; i+=2)
|
||||
powerTable[i] = Add(powerTable[i-2], powerTable[2]);
|
||||
for (i=1; i<tableSize; i+=2)
|
||||
for (j=i+tableSize; j<(tableSize<<w); j+=tableSize)
|
||||
powerTable[j] = Add(powerTable[j-tableSize], y);
|
||||
|
||||
for (i=3*tableSize; i<(tableSize<<w); i+=2*tableSize)
|
||||
powerTable[i] = Add(powerTable[i-2*tableSize], powerTable[2*tableSize]);
|
||||
for (i=tableSize; i<(tableSize<<w); i+=2*tableSize)
|
||||
for (j=i+2; j<i+tableSize; j+=2)
|
||||
powerTable[j] = Add(powerTable[j-1], x);
|
||||
}
|
||||
|
||||
Element result;
|
||||
unsigned power1 = 0, power2 = 0, prevPosition = expLen-1;
|
||||
bool firstTime = true;
|
||||
|
||||
for (int i = expLen-1; i>=0; i--)
|
||||
{
|
||||
power1 = 2*power1 + e1.GetBit(i);
|
||||
power2 = 2*power2 + e2.GetBit(i);
|
||||
|
||||
if (i==0 || 2*power1 >= tableSize || 2*power2 >= tableSize)
|
||||
{
|
||||
unsigned squaresBefore = prevPosition-i;
|
||||
unsigned squaresAfter = 0;
|
||||
prevPosition = i;
|
||||
while ((power1 || power2) && power1%2 == 0 && power2%2==0)
|
||||
{
|
||||
power1 /= 2;
|
||||
power2 /= 2;
|
||||
squaresBefore--;
|
||||
squaresAfter++;
|
||||
}
|
||||
if (firstTime)
|
||||
{
|
||||
result = powerTable[(power2<<w) + power1];
|
||||
firstTime = false;
|
||||
}
|
||||
else
|
||||
{
|
||||
while (squaresBefore--)
|
||||
result = Double(result);
|
||||
if (power1 || power2)
|
||||
Accumulate(result, powerTable[(power2<<w) + power1]);
|
||||
}
|
||||
while (squaresAfter--)
|
||||
result = Double(result);
|
||||
power1 = power2 = 0;
|
||||
}
|
||||
}
|
||||
return result;
|
||||
}
|
||||
|
||||
template <class Element, class Iterator> Element GeneralCascadeMultiplication(const AbstractGroup<Element> &group, Iterator begin, Iterator end)
|
||||
{
|
||||
if (end-begin == 1)
|
||||
return group.ScalarMultiply(begin->base, begin->exponent);
|
||||
else if (end-begin == 2)
|
||||
return group.CascadeScalarMultiply(begin->base, begin->exponent, (begin+1)->base, (begin+1)->exponent);
|
||||
else
|
||||
{
|
||||
Integer q, t;
|
||||
Iterator last = end;
|
||||
--last;
|
||||
|
||||
std::make_heap(begin, end);
|
||||
std::pop_heap(begin, end);
|
||||
|
||||
while (!!begin->exponent)
|
||||
{
|
||||
// last->exponent is largest exponent, begin->exponent is next largest
|
||||
t = last->exponent;
|
||||
Integer::Divide(last->exponent, q, t, begin->exponent);
|
||||
|
||||
if (q == Integer::One())
|
||||
group.Accumulate(begin->base, last->base); // avoid overhead of ScalarMultiply()
|
||||
else
|
||||
group.Accumulate(begin->base, group.ScalarMultiply(last->base, q));
|
||||
|
||||
std::push_heap(begin, end);
|
||||
std::pop_heap(begin, end);
|
||||
}
|
||||
|
||||
return group.ScalarMultiply(last->base, last->exponent);
|
||||
}
|
||||
}
|
||||
|
||||
struct WindowSlider
|
||||
{
|
||||
WindowSlider(const Integer &expIn, bool fastNegate, unsigned int windowSizeIn=0)
|
||||
: exp(expIn), windowModulus(Integer::One()), windowSize(windowSizeIn), windowBegin(0), fastNegate(fastNegate), firstTime(true), finished(false)
|
||||
{
|
||||
if (windowSize == 0)
|
||||
{
|
||||
unsigned int expLen = exp.BitCount();
|
||||
windowSize = expLen <= 17 ? 1 : (expLen <= 24 ? 2 : (expLen <= 70 ? 3 : (expLen <= 197 ? 4 : (expLen <= 539 ? 5 : (expLen <= 1434 ? 6 : 7)))));
|
||||
}
|
||||
windowModulus <<= windowSize;
|
||||
}
|
||||
|
||||
void FindNextWindow()
|
||||
{
|
||||
unsigned int expLen = exp.WordCount() * WORD_BITS;
|
||||
unsigned int skipCount = firstTime ? 0 : windowSize;
|
||||
firstTime = false;
|
||||
while (!exp.GetBit(skipCount))
|
||||
{
|
||||
if (skipCount >= expLen)
|
||||
{
|
||||
finished = true;
|
||||
return;
|
||||
}
|
||||
skipCount++;
|
||||
}
|
||||
|
||||
exp >>= skipCount;
|
||||
windowBegin += skipCount;
|
||||
expWindow = word32(exp % (word(1) << windowSize));
|
||||
|
||||
if (fastNegate && exp.GetBit(windowSize))
|
||||
{
|
||||
negateNext = true;
|
||||
expWindow = (word32(1) << windowSize) - expWindow;
|
||||
exp += windowModulus;
|
||||
}
|
||||
else
|
||||
negateNext = false;
|
||||
}
|
||||
|
||||
Integer exp, windowModulus;
|
||||
unsigned int windowSize, windowBegin;
|
||||
word32 expWindow;
|
||||
bool fastNegate, negateNext, firstTime, finished;
|
||||
};
|
||||
|
||||
template <class T>
|
||||
void AbstractGroup<T>::SimultaneousMultiply(T *results, const T &base, const Integer *expBegin, unsigned int expCount) const
|
||||
{
|
||||
std::vector<std::vector<Element> > buckets(expCount);
|
||||
std::vector<WindowSlider> exponents;
|
||||
exponents.reserve(expCount);
|
||||
unsigned int i;
|
||||
|
||||
for (i=0; i<expCount; i++)
|
||||
{
|
||||
assert(expBegin->NotNegative());
|
||||
exponents.push_back(WindowSlider(*expBegin++, InversionIsFast(), 0));
|
||||
exponents[i].FindNextWindow();
|
||||
buckets[i].resize(1<<(exponents[i].windowSize-1), Identity());
|
||||
}
|
||||
|
||||
unsigned int expBitPosition = 0;
|
||||
Element g = base;
|
||||
bool notDone = true;
|
||||
|
||||
while (notDone)
|
||||
{
|
||||
notDone = false;
|
||||
for (i=0; i<expCount; i++)
|
||||
{
|
||||
if (!exponents[i].finished && expBitPosition == exponents[i].windowBegin)
|
||||
{
|
||||
Element &bucket = buckets[i][exponents[i].expWindow/2];
|
||||
if (exponents[i].negateNext)
|
||||
Accumulate(bucket, Inverse(g));
|
||||
else
|
||||
Accumulate(bucket, g);
|
||||
exponents[i].FindNextWindow();
|
||||
}
|
||||
notDone = notDone || !exponents[i].finished;
|
||||
}
|
||||
|
||||
if (notDone)
|
||||
{
|
||||
g = Double(g);
|
||||
expBitPosition++;
|
||||
}
|
||||
}
|
||||
|
||||
for (i=0; i<expCount; i++)
|
||||
{
|
||||
Element &r = *results++;
|
||||
r = buckets[i][buckets[i].size()-1];
|
||||
if (buckets[i].size() > 1)
|
||||
{
|
||||
for (int j = (int)buckets[i].size()-2; j >= 1; j--)
|
||||
{
|
||||
Accumulate(buckets[i][j], buckets[i][j+1]);
|
||||
Accumulate(r, buckets[i][j]);
|
||||
}
|
||||
Accumulate(buckets[i][0], buckets[i][1]);
|
||||
r = Add(Double(r), buckets[i][0]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
template <class T> T AbstractRing<T>::Exponentiate(const Element &base, const Integer &exponent) const
|
||||
{
|
||||
Element result;
|
||||
SimultaneousExponentiate(&result, base, &exponent, 1);
|
||||
return result;
|
||||
}
|
||||
|
||||
template <class T> T AbstractRing<T>::CascadeExponentiate(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const
|
||||
{
|
||||
return MultiplicativeGroup().AbstractGroup<T>::CascadeScalarMultiply(x, e1, y, e2);
|
||||
}
|
||||
|
||||
template <class Element, class Iterator> Element GeneralCascadeExponentiation(const AbstractRing<Element> &ring, Iterator begin, Iterator end)
|
||||
{
|
||||
return GeneralCascadeMultiplication<Element>(ring.MultiplicativeGroup(), begin, end);
|
||||
}
|
||||
|
||||
template <class T>
|
||||
void AbstractRing<T>::SimultaneousExponentiate(T *results, const T &base, const Integer *exponents, unsigned int expCount) const
|
||||
{
|
||||
MultiplicativeGroup().AbstractGroup<T>::SimultaneousMultiply(results, base, exponents, expCount);
|
||||
}
|
||||
|
||||
NAMESPACE_END
|
||||
|
||||
#endif
|
285
CryptoPP/algebra.h
Normal file
285
CryptoPP/algebra.h
Normal file
@ -0,0 +1,285 @@
|
||||
#ifndef CRYPTOPP_ALGEBRA_H
|
||||
#define CRYPTOPP_ALGEBRA_H
|
||||
|
||||
#include "config.h"
|
||||
|
||||
NAMESPACE_BEGIN(CryptoPP)
|
||||
|
||||
class Integer;
|
||||
|
||||
// "const Element&" returned by member functions are references
|
||||
// to internal data members. Since each object may have only
|
||||
// one such data member for holding results, the following code
|
||||
// will produce incorrect results:
|
||||
// abcd = group.Add(group.Add(a,b), group.Add(c,d));
|
||||
// But this should be fine:
|
||||
// abcd = group.Add(a, group.Add(b, group.Add(c,d));
|
||||
|
||||
//! Abstract Group
|
||||
template <class T> class CRYPTOPP_NO_VTABLE AbstractGroup
|
||||
{
|
||||
public:
|
||||
typedef T Element;
|
||||
|
||||
virtual ~AbstractGroup() {}
|
||||
|
||||
virtual bool Equal(const Element &a, const Element &b) const =0;
|
||||
virtual const Element& Identity() const =0;
|
||||
virtual const Element& Add(const Element &a, const Element &b) const =0;
|
||||
virtual const Element& Inverse(const Element &a) const =0;
|
||||
virtual bool InversionIsFast() const {return false;}
|
||||
|
||||
virtual const Element& Double(const Element &a) const;
|
||||
virtual const Element& Subtract(const Element &a, const Element &b) const;
|
||||
virtual Element& Accumulate(Element &a, const Element &b) const;
|
||||
virtual Element& Reduce(Element &a, const Element &b) const;
|
||||
|
||||
virtual Element ScalarMultiply(const Element &a, const Integer &e) const;
|
||||
virtual Element CascadeScalarMultiply(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const;
|
||||
|
||||
virtual void SimultaneousMultiply(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
|
||||
};
|
||||
|
||||
//! Abstract Ring
|
||||
template <class T> class CRYPTOPP_NO_VTABLE AbstractRing : public AbstractGroup<T>
|
||||
{
|
||||
public:
|
||||
typedef T Element;
|
||||
|
||||
AbstractRing() {m_mg.m_pRing = this;}
|
||||
AbstractRing(const AbstractRing &source) {m_mg.m_pRing = this;}
|
||||
AbstractRing& operator=(const AbstractRing &source) {return *this;}
|
||||
|
||||
virtual bool IsUnit(const Element &a) const =0;
|
||||
virtual const Element& MultiplicativeIdentity() const =0;
|
||||
virtual const Element& Multiply(const Element &a, const Element &b) const =0;
|
||||
virtual const Element& MultiplicativeInverse(const Element &a) const =0;
|
||||
|
||||
virtual const Element& Square(const Element &a) const;
|
||||
virtual const Element& Divide(const Element &a, const Element &b) const;
|
||||
|
||||
virtual Element Exponentiate(const Element &a, const Integer &e) const;
|
||||
virtual Element CascadeExponentiate(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const;
|
||||
|
||||
virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const;
|
||||
|
||||
virtual const AbstractGroup<T>& MultiplicativeGroup() const
|
||||
{return m_mg;}
|
||||
|
||||
private:
|
||||
class MultiplicativeGroupT : public AbstractGroup<T>
|
||||
{
|
||||
public:
|
||||
const AbstractRing<T>& GetRing() const
|
||||
{return *m_pRing;}
|
||||
|
||||
bool Equal(const Element &a, const Element &b) const
|
||||
{return GetRing().Equal(a, b);}
|
||||
|
||||
const Element& Identity() const
|
||||
{return GetRing().MultiplicativeIdentity();}
|
||||
|
||||
const Element& Add(const Element &a, const Element &b) const
|
||||
{return GetRing().Multiply(a, b);}
|
||||
|
||||
Element& Accumulate(Element &a, const Element &b) const
|
||||
{return a = GetRing().Multiply(a, b);}
|
||||
|
||||
const Element& Inverse(const Element &a) const
|
||||
{return GetRing().MultiplicativeInverse(a);}
|
||||
|
||||
const Element& Subtract(const Element &a, const Element &b) const
|
||||
{return GetRing().Divide(a, b);}
|
||||
|
||||
Element& Reduce(Element &a, const Element &b) const
|
||||
{return a = GetRing().Divide(a, b);}
|
||||
|
||||
const Element& Double(const Element &a) const
|
||||
{return GetRing().Square(a);}
|
||||
|
||||
Element ScalarMultiply(const Element &a, const Integer &e) const
|
||||
{return GetRing().Exponentiate(a, e);}
|
||||
|
||||
Element CascadeScalarMultiply(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const
|
||||
{return GetRing().CascadeExponentiate(x, e1, y, e2);}
|
||||
|
||||
void SimultaneousMultiply(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const
|
||||
{GetRing().SimultaneousExponentiate(results, base, exponents, exponentsCount);}
|
||||
|
||||
const AbstractRing<T> *m_pRing;
|
||||
};
|
||||
|
||||
MultiplicativeGroupT m_mg;
|
||||
};
|
||||
|
||||
// ********************************************************
|
||||
|
||||
//! Base and Exponent
|
||||
template <class T, class E = Integer>
|
||||
struct BaseAndExponent
|
||||
{
|
||||
public:
|
||||
BaseAndExponent() {}
|
||||
BaseAndExponent(const T &base, const E &exponent) : base(base), exponent(exponent) {}
|
||||
bool operator<(const BaseAndExponent<T, E> &rhs) const {return exponent < rhs.exponent;}
|
||||
T base;
|
||||
E exponent;
|
||||
};
|
||||
|
||||
// VC60 workaround: incomplete member template support
|
||||
template <class Element, class Iterator>
|
||||
Element GeneralCascadeMultiplication(const AbstractGroup<Element> &group, Iterator begin, Iterator end);
|
||||
template <class Element, class Iterator>
|
||||
Element GeneralCascadeExponentiation(const AbstractRing<Element> &ring, Iterator begin, Iterator end);
|
||||
|
||||
// ********************************************************
|
||||
|
||||
//! Abstract Euclidean Domain
|
||||
template <class T> class CRYPTOPP_NO_VTABLE AbstractEuclideanDomain : public AbstractRing<T>
|
||||
{
|
||||
public:
|
||||
typedef T Element;
|
||||
|
||||
virtual void DivisionAlgorithm(Element &r, Element &q, const Element &a, const Element &d) const =0;
|
||||
|
||||
virtual const Element& Mod(const Element &a, const Element &b) const =0;
|
||||
virtual const Element& Gcd(const Element &a, const Element &b) const;
|
||||
|
||||
protected:
|
||||
mutable Element result;
|
||||
};
|
||||
|
||||
// ********************************************************
|
||||
|
||||
//! EuclideanDomainOf
|
||||
template <class T> class EuclideanDomainOf : public AbstractEuclideanDomain<T>
|
||||
{
|
||||
public:
|
||||
typedef T Element;
|
||||
|
||||
EuclideanDomainOf() {}
|
||||
|
||||
bool Equal(const Element &a, const Element &b) const
|
||||
{return a==b;}
|
||||
|
||||
const Element& Identity() const
|
||||
{return Element::Zero();}
|
||||
|
||||
const Element& Add(const Element &a, const Element &b) const
|
||||
{return result = a+b;}
|
||||
|
||||
Element& Accumulate(Element &a, const Element &b) const
|
||||
{return a+=b;}
|
||||
|
||||
const Element& Inverse(const Element &a) const
|
||||
{return result = -a;}
|
||||
|
||||
const Element& Subtract(const Element &a, const Element &b) const
|
||||
{return result = a-b;}
|
||||
|
||||
Element& Reduce(Element &a, const Element &b) const
|
||||
{return a-=b;}
|
||||
|
||||
const Element& Double(const Element &a) const
|
||||
{return result = a.Doubled();}
|
||||
|
||||
const Element& MultiplicativeIdentity() const
|
||||
{return Element::One();}
|
||||
|
||||
const Element& Multiply(const Element &a, const Element &b) const
|
||||
{return result = a*b;}
|
||||
|
||||
const Element& Square(const Element &a) const
|
||||
{return result = a.Squared();}
|
||||
|
||||
bool IsUnit(const Element &a) const
|
||||
{return a.IsUnit();}
|
||||
|
||||
const Element& MultiplicativeInverse(const Element &a) const
|
||||
{return result = a.MultiplicativeInverse();}
|
||||
|
||||
const Element& Divide(const Element &a, const Element &b) const
|
||||
{return result = a/b;}
|
||||
|
||||
const Element& Mod(const Element &a, const Element &b) const
|
||||
{return result = a%b;}
|
||||
|
||||
void DivisionAlgorithm(Element &r, Element &q, const Element &a, const Element &d) const
|
||||
{Element::Divide(r, q, a, d);}
|
||||
|
||||
bool operator==(const EuclideanDomainOf<T> &rhs) const
|
||||
{return true;}
|
||||
|
||||
private:
|
||||
mutable Element result;
|
||||
};
|
||||
|
||||
//! Quotient Ring
|
||||
template <class T> class QuotientRing : public AbstractRing<typename T::Element>
|
||||
{
|
||||
public:
|
||||
typedef T EuclideanDomain;
|
||||
typedef typename T::Element Element;
|
||||
|
||||
QuotientRing(const EuclideanDomain &domain, const Element &modulus)
|
||||
: m_domain(domain), m_modulus(modulus) {}
|
||||
|
||||
const EuclideanDomain & GetDomain() const
|
||||
{return m_domain;}
|
||||
|
||||
const Element& GetModulus() const
|
||||
{return m_modulus;}
|
||||
|
||||
bool Equal(const Element &a, const Element &b) const
|
||||
{return m_domain.Equal(m_domain.Mod(m_domain.Subtract(a, b), m_modulus), m_domain.Identity());}
|
||||
|
||||
const Element& Identity() const
|
||||
{return m_domain.Identity();}
|
||||
|
||||
const Element& Add(const Element &a, const Element &b) const
|
||||
{return m_domain.Add(a, b);}
|
||||
|
||||
Element& Accumulate(Element &a, const Element &b) const
|
||||
{return m_domain.Accumulate(a, b);}
|
||||
|
||||
const Element& Inverse(const Element &a) const
|
||||
{return m_domain.Inverse(a);}
|
||||
|
||||
const Element& Subtract(const Element &a, const Element &b) const
|
||||
{return m_domain.Subtract(a, b);}
|
||||
|
||||
Element& Reduce(Element &a, const Element &b) const
|
||||
{return m_domain.Reduce(a, b);}
|
||||
|
||||
const Element& Double(const Element &a) const
|
||||
{return m_domain.Double(a);}
|
||||
|
||||
bool IsUnit(const Element &a) const
|
||||
{return m_domain.IsUnit(m_domain.Gcd(a, m_modulus));}
|
||||
|
||||
const Element& MultiplicativeIdentity() const
|
||||
{return m_domain.MultiplicativeIdentity();}
|
||||
|
||||
const Element& Multiply(const Element &a, const Element &b) const
|
||||
{return m_domain.Mod(m_domain.Multiply(a, b), m_modulus);}
|
||||
|
||||
const Element& Square(const Element &a) const
|
||||
{return m_domain.Mod(m_domain.Square(a), m_modulus);}
|
||||
|
||||
const Element& MultiplicativeInverse(const Element &a) const;
|
||||
|
||||
bool operator==(const QuotientRing<T> &rhs) const
|
||||
{return m_domain == rhs.m_domain && m_modulus == rhs.m_modulus;}
|
||||
|
||||
protected:
|
||||
EuclideanDomain m_domain;
|
||||
Element m_modulus;
|
||||
};
|
||||
|
||||
NAMESPACE_END
|
||||
|
||||
#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES
|
||||
#include "algebra.cpp"
|
||||
#endif
|
||||
|
||||
#endif
|
75
CryptoPP/algparam.cpp
Normal file
75
CryptoPP/algparam.cpp
Normal file
@ -0,0 +1,75 @@
|
||||
// algparam.cpp - written and placed in the public domain by Wei Dai
|
||||
|
||||
#include "pch.h"
|
||||
|
||||
#ifndef CRYPTOPP_IMPORTS
|
||||
|
||||
#include "algparam.h"
|
||||
|
||||
NAMESPACE_BEGIN(CryptoPP)
|
||||
|
||||
PAssignIntToInteger g_pAssignIntToInteger = NULL;
|
||||
|
||||
bool CombinedNameValuePairs::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
|
||||
{
|
||||
if (strcmp(name, "ValueNames") == 0)
|
||||
return m_pairs1.GetVoidValue(name, valueType, pValue) && m_pairs2.GetVoidValue(name, valueType, pValue);
|
||||
else
|
||||
return m_pairs1.GetVoidValue(name, valueType, pValue) || m_pairs2.GetVoidValue(name, valueType, pValue);
|
||||
}
|
||||
|
||||
void AlgorithmParametersBase::operator=(const AlgorithmParametersBase& rhs)
|
||||
{
|
||||
assert(false);
|
||||
}
|
||||
|
||||
bool AlgorithmParametersBase::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const
|
||||
{
|
||||
if (strcmp(name, "ValueNames") == 0)
|
||||
{
|
||||
NameValuePairs::ThrowIfTypeMismatch(name, typeid(std::string), valueType);
|
||||
if (m_next.get())
|
||||
m_next->GetVoidValue(name, valueType, pValue);
|
||||
(*reinterpret_cast<std::string *>(pValue) += m_name) += ";";
|
||||
return true;
|
||||
}
|
||||
else if (strcmp(name, m_name) == 0)
|
||||
{
|
||||
AssignValue(name, valueType, pValue);
|
||||
m_used = true;
|
||||
return true;
|
||||
}
|
||||
else if (m_next.get())
|
||||
return m_next->GetVoidValue(name, valueType, pValue);
|
||||
else
|
||||
return false;
|
||||
}
|
||||
|
||||
AlgorithmParameters::AlgorithmParameters()
|
||||
: m_defaultThrowIfNotUsed(true)
|
||||
{
|
||||
}
|
||||
|
||||
AlgorithmParameters::AlgorithmParameters(const AlgorithmParameters &x)
|
||||
: m_defaultThrowIfNotUsed(x.m_defaultThrowIfNotUsed)
|
||||
{
|
||||
m_next.reset(const_cast<AlgorithmParameters &>(x).m_next.release());
|
||||
}
|
||||
|
||||
AlgorithmParameters & AlgorithmParameters::operator=(const AlgorithmParameters &x)
|
||||
{
|
||||
m_next.reset |