diff options
| author | Jeffrey Walton <noloader@gmail.com> | 2015-11-22 19:17:15 -0500 |
|---|---|---|
| committer | Jeffrey Walton <noloader@gmail.com> | 2015-11-22 19:17:15 -0500 |
| commit | 298988a5b9687f64de733ce01319e90e94b0b688 (patch) | |
| tree | 8b026ad4838457e3e5385ff91380ead4499d30f5 | |
| parent | 62618fda97bbde6d4cc4752101e69839fc4f3b6f (diff) | |
| download | cryptopp-git-298988a5b9687f64de733ce01319e90e94b0b688.tar.gz | |
Crypto++ 5.6.3 check-inCRYPTOPP_5_6_3
| -rw-r--r-- | 3way.h | 5 | ||||
| -rwxr-xr-x | GNUmakefile | 33 | ||||
| -rw-r--r-- | Install.txt | 338 | ||||
| -rw-r--r-- | TestVectors/hkdf.txt | 32 | ||||
| -rw-r--r-- | algparam.h | 7 | ||||
| -rw-r--r-- | arc4.h | 3 | ||||
| -rw-r--r-- | argnames.h | 4 | ||||
| -rw-r--r-- | base32.h | 26 | ||||
| -rw-r--r-- | base64.cpp | 1 | ||||
| -rw-r--r-- | base64.h | 59 | ||||
| -rw-r--r-- | basecode.h | 45 | ||||
| -rw-r--r-- | bench.cpp | 2 | ||||
| -rw-r--r-- | blowfish.h | 4 | ||||
| -rw-r--r-- | camellia.cpp | 5 | ||||
| -rw-r--r-- | camellia.h | 8 | ||||
| -rw-r--r-- | cast.h | 8 | ||||
| -rw-r--r-- | config.h | 3 | ||||
| -rw-r--r-- | config.recommend | 1416 | ||||
| -rwxr-xr-x | cryptest.sh | 20 | ||||
| -rw-r--r-- | cryptlib.h | 179 | ||||
| -rw-r--r-- | datatest.cpp | 4 | ||||
| -rw-r--r-- | default.cpp | 5 | ||||
| -rw-r--r-- | default.h | 110 | ||||
| -rw-r--r-- | des.h | 5 | ||||
| -rw-r--r-- | dsa.h | 3 | ||||
| -rw-r--r-- | eccrypto.h | 12 | ||||
| -rw-r--r-- | ecp.h | 3 | ||||
| -rw-r--r-- | elgamal.h | 8 | ||||
| -rw-r--r-- | emsa2.h | 9 | ||||
| -rw-r--r-- | eprecomp.h | 7 | ||||
| -rw-r--r-- | gost.h | 8 | ||||
| -rw-r--r-- | ida.h | 2 | ||||
| -rw-r--r-- | idea.h | 8 | ||||
| -rw-r--r-- | lubyrack.h | 5 | ||||
| -rw-r--r-- | mars.h | 5 | ||||
| -rw-r--r-- | mersenne.h | 32 | ||||
| -rw-r--r-- | misc.cpp | 5 | ||||
| -rw-r--r-- | misc.h | 23 | ||||
| -rw-r--r-- | mqv.h | 16 | ||||
| -rw-r--r-- | nbtheory.h | 55 | ||||
| -rw-r--r-- | osrng.h | 1 | ||||
| -rw-r--r-- | panama.h | 5 | ||||
| -rw-r--r-- | pubkey.h | 6 | ||||
| -rw-r--r-- | rc2.h | 4 | ||||
| -rw-r--r-- | rc5.h | 8 | ||||
| -rw-r--r-- | rc6.h | 8 | ||||
| -rw-r--r-- | rdrand.S | 1195 | ||||
| -rw-r--r-- | rdrand.h | 6 | ||||
| -rw-r--r-- | rng.h | 6 | ||||
| -rw-r--r-- | safer.h | 8 | ||||
| -rw-r--r-- | salsa.h | 5 | ||||
| -rw-r--r-- | seal.h | 5 | ||||
| -rw-r--r-- | secblock.h | 5 | ||||
| -rw-r--r-- | seed.h | 5 | ||||
| -rw-r--r-- | serpent.h | 8 | ||||
| -rw-r--r-- | shacal2.h | 8 | ||||
| -rw-r--r-- | shark.h | 5 | ||||
| -rw-r--r-- | skipjack.h | 2 | ||||
| -rw-r--r-- | sosemanuk.h | 5 | ||||
| -rw-r--r-- | square.h | 2 | ||||
| -rw-r--r-- | tea.h | 8 | ||||
| -rw-r--r-- | test.cpp | 2 | ||||
| -rw-r--r-- | twofish.h | 8 | ||||
| -rw-r--r-- | validat1.cpp | 77 | ||||
| -rw-r--r-- | vs-clean.cmd | 39 | ||||
| -rw-r--r-- | vs2010.zip | bin | 19917 -> 19917 bytes | |||
| -rw-r--r-- | wake.h | 5 |
67 files changed, 2138 insertions, 1821 deletions
@@ -1,8 +1,7 @@ // 3way.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \headerfile 3way.h
-//! \brief Class file for the 3way cipher
+//! \file 3way.h
+//! \brief Classes for the 3-Way block cipher
#ifndef CRYPTOPP_THREEWAY_H
#define CRYPTOPP_THREEWAY_H
diff --git a/GNUmakefile b/GNUmakefile index 8fae3168..fee44fb8 100755 --- a/GNUmakefile +++ b/GNUmakefile @@ -269,6 +269,10 @@ LIB_MAJOR := $(shell echo $(LIB_VER) | cut -c 1) LIB_MINOR := $(shell echo $(LIB_VER) | cut -c 2) LIB_PATCH := $(shell echo $(LIB_VER) | cut -c 3) +ifeq ($(strip $(LIB_PATCH)),) +LIB_PATCH := 0 +endif + all: cryptest.exe ifneq ($(IS_DARWIN),0) @@ -292,18 +296,18 @@ test check: cryptest.exe # Directory we want (can't specify on Doygen command line) DOCUMENT_DIRECTORY := ref$(LIB_VER) -# Default directory (missing in config file) -ifeq ($(strip $(DOXYGEN_DIRECTORY)),) -DOXYGEN_DIRECTORY := html-docs -endif # Directory Doxygen uses (specified in Doygen config file) ifeq ($(wildcard Doxyfile),Doxyfile) DOXYGEN_DIRECTORY := $(strip $(shell $(EGREP) "OUTPUT_DIRECTORY" Doxyfile | grep -v "\#" | cut -d "=" -f 2)) endif +# Default directory (missing in config file) +ifeq ($(strip $(DOXYGEN_DIRECTORY)),) +DOXYGEN_DIRECTORY := html-docs +endif .PHONY: docs html docs html: - -$(RM) -r $(DOXYGEN_DIRECTORY)/ $(DOCUMENT_DIRECTORY)/ + -$(RM) -r $(DOXYGEN_DIRECTORY)/ $(DOCUMENT_DIRECTORY)/ html-docs/ doxygen Doxyfile -d CRYPTOPP_DOXYGEN_PROCESSING mv $(DOXYGEN_DIRECTORY)/ $(DOCUMENT_DIRECTORY)/ -$(RM) CryptoPPRef.zip @@ -404,7 +408,7 @@ diff: -svn diff -r 541 > cryptopp$(LIB_VER).diff # This recipe prepares the distro files -TEXT_FILES := *.h *.cpp *.asm *.S adhoc.cpp.proto License.txt Readme.txt Filelist.txt Doxyfile cryptest* cryptlib* dlltest* cryptdll* cryptopp.rc TestVectors/*.txt TestData/*.dat +TEXT_FILES := *.h *.cpp adhoc.cpp.proto License.txt Readme.txt Install.txt Filelist.txt config.recommend Doxyfile cryptest* cryptlib* dlltest* cryptdll* *.sln *.vcproj *.dsw *.dsp cryptopp.rc TestVectors/*.txt TestData/*.dat EXEC_FILES := GNUmakefile GNUmakefile-cross cryptest.sh rdrand-nasm.sh TestData/ TestVectors/ ifeq ($(wildcard Filelist.txt),Filelist.txt) @@ -413,12 +417,15 @@ endif .PHONY: convert convert: - chmod a-x $(TEXT_FILES) - chmod u+x $(EXEC_FILES) - chmod u+x cryptest.sh - unix2dos --keepdate --quiet $(TEXT_FILES) rdrand-masm.cmd - unix2dos --keepdate --quiet *.sln *.vcproj - dos2unix --keepdate --quiet GNUmakefile GNUmakefile-cross cryptest.sh rdrand-nasm.sh + chmod 0700 TestVectors/ TestData/ + chmod 0600 $(TEXT_FILES) *.zip + chmod 0700 $(EXEC_FILES) + chmod u+x *.cmd *.sh + unix2dos --keepdate --quiet $(TEXT_FILES) *.asm *.cmd + dos2unix --keepdate --quiet GNUmakefile GNUmakefile-cross *.S *.sh +ifneq ($(IS_DARWIN),0) + xattr -c * +endif .PHONY: zip dist zip dist: | distclean convert diff @@ -435,7 +442,7 @@ bench benchmark benchmarks: cryptest.exe echo "<BODY>" >> benchmarks.html echo "<H1><a href=\"http://www.cryptopp.com\">Crypto++</a>" $(LIB_MAJOR).$(LIB_MINOR).$(LIB_REVISION) "Benchmarks</H1>" >> benchmarks.html echo "<P>Here are speed benchmarks for some commonly used cryptographic algorithms.</P>" >> benchmarks.html - cryptest.exe b 3 2.4 >> benchmarks.html + ./cryptest.exe b 3 2.4 >> benchmarks.html echo "</BODY>" >> benchmarks.html echo "</HTML>" >> benchmarks.html diff --git a/Install.txt b/Install.txt index 9a116b38..77232b18 100644 --- a/Install.txt +++ b/Install.txt @@ -1,169 +1,169 @@ -CONTENTS OF THIS FILE ---------------------- - -* Introduction -* Building the Library -* Installing the Library -* Makefile Targets -* DataDir Patch -* Dynamic Analysis -* Acceptance Testing -* Reporting problems - -INTRODUCTION ------------- - -Crypto++ Library is a free C++ class library of cryptographic algorithms and schemes. It was written and placed in public domain by Wei Dai. The library homepage is at http://www.cryptopp.com/. The latest library source code can be found at https://github.com/weidai11/cryptopp. For licensing and copyright information, please see License.txt. - -These are general instructions for the BSDs, Linux, OS X, Solaris and Unix. On BSD you will likely have to use `gmake` to build the library. On Linux, OS X, Solaris and Unix, the system's make should be OK. On Windows, Crypto++ provides Borland and Visual Studio solutions. - -Crypto++ uses a GNU makefile, which combines configuration and a non-anemic make. You should look through the GNUmakefile and config.h to ensure settings look reasonable before building. Please pay particular attention to CRYPTOPP_NO_UNALIGNED_DATA_ACCESS in config.h. - -Crypto++ does not depend upon other tools or libraries. It does not use Autotools, does not use Cmake, and does not use Boost. - - -BUILDING THE LIBRARY --------------------- - -In general, all you should have to do is open a terminal, and then: - - make - make test - sudo make install - -The command above builds the static library and cryptest.exe program. If you want to build the shared object, then issue: - - make static dynamic cryptest.exe - -Or: - - make libcryptopp.a libcryptopp.so cryptest.exe - - -If you would like to use a different compiler, the set CXX: - - export CXX=/opt/intel/bin/icpc - make - -If you want to build using C++11, then: - - make CXXFLAGS="-std=c++11" - -Or: - - CXXFLAGS="-std=c++11" - make - -LLVM's libc++ is also supported, so you can: - - CXXFLAGS="-std=c++11 -stdlib=libc++" - make - - -INSTALLING THE LIBRARY ----------------------- - -To install the library into a user selected directory, perform: - - make install PREFIX=/usr/local - -During install, the makefile copies cryptest.exe into $PREFIX/bin, copies headers into $PREFIX/include/cryptopp, and copies libraries into $PREFIX/lib. If you only built a static or dynamic version of the library, then only one library is copied. The install recipe does not fail if the static library or shared object is not built. - -PREFIX is non-standard, but its retained for historical purposes. The makefile also responds to `prefix=<path>`. - -There are some open issues installing the library because cryptest.exe is not sympathetic to path changes of of its test vectors and test data. See the DataDir patch below to fix it. - - -MAKEFILE TARGETS ----------------- - -The following are some of the targets provided by the GNU makefile. - -`make` invokes the default rule, which builds the Crypto++ static library and test harness. They are called `libcryptopp.a` and `cryptest.exe`, respectively. `cryptest.exe` links against `libcryptopp.a`, so the static library is a prerequisite for the target. - -`make libcryptopp.a` and `make static` build the static version of the library. - -`make libcryptopp.so` and `make dynamic` build the dynamic version of the library. On Mac OS X, the recipe builds `libcryptopp.dylib` instead. - -`make cryptest.exe` builds the library test harness. - -`make test` and `make check` are the same recipe and invoke the test harness with the the validation option. That is, it executes `cryptest.exe v`. - -`make install` installs the library. By default, the makefile copies into `/usr`. On OpenBSD, `make install` uses `/usr/local` by default because C++ headers should not be placed with the system headers. - -`make clean` cleans most transient and temporary objects. - -`make disclean` cleans most objects that are not part of the original distribution. - -`make dist` and `make zip` build s ZIP file that is suitable for distribution. - - -DATADIR PATCH -------------- - -The library offers a DataDir patch to help with post-installation issues regarding the location of the test vectors and test data. Its a patch provided by the community, so it must be applied manually. To acquire the patch, see http://www.cryptopp.com/wiki/DataDir. - - -DYNAMIC ANALYSIS ----------------- - -The Crypto++ embraces tools like Undefined Behavior sanitizer (UBsan), Address sanitizer (Asan) and Valgrind. Both Clang 3.2 and above and GCC 4.8 and above provide sanitizers. Please check with your distribution on how to install the compiler with its sanitizer libraries (they are sometimes a separate install item). - -UBsan and Asan are mutually exclusive options, so you can perform only one of these at a time: - - make ubsan - ./cryptest.exe v 2>&1 | egrep "(error|FAILED)" - ./cryptest.exe tv all 2>&1 | egrep "(error|FAILED)" - -Or: - - make asan - ./cryptest.exe v 2>&1 | egrep "(error|FAILED)" - ./cryptest.exe tv all 2>&1 | egrep "(error|FAILED)" - -If you experience self test failures or see reports of undefined behavior, then you should ensure CRYPTOPP_NO_UNALIGNED_DATA_ACCESS is defined in config.h. CRYPTOPP_NO_UNALIGNED_DATA_ACCESS is not defined due to historical purposes. - -If you experience failures under Asan, then gather more information with: - - ./cryptest.exe v 2>&1 | asan_symbolize - -If you moved Crypto++ such that the paths have changed, then perform: - - ./cryptest.exe v 2>&1 | sed "s/<old path>/<new path>/g" | asan_symbolize - - -ACCEPTANCE TESTING ------------------- - -Crypto++ uses five security gates in its engineering process. The library must maintain the quality provided by the review system and integrity of the test suites. You can use the information to decide if the Crypto++ library suits your needs and provides a compatible security posture. - -The first gate is code review and discussion of proposed patches. Git commits often cross reference a User Group discussions. - -Second is the compiler warning system. The code must clean compile under the equivalent of GCC's -Wall -Wextra (modulo -Wno-type-limits -Wno-unknown-pragmas). This is a moving target as compiler analysis improves. - -Third, the code must pass cleanly though GCC and Clang's Undefined Behavior sanitizer (UBsan) and Address sanitizer (Asan) with CRYPTOPP_NO_UNALIGNED_DATA_ACCESS defined in config.h. See DYNAMIC ANALYSIS above on how to execute them. - -Fourth, the test harness provides a "validation" option which performs basic system checks (like endianess and word sizes) and exercises algorithms (like AES and SHA). You run the validation suite as shown below. The tail of the output should indicate 0 failed tests. - - ./cryptest.exe v - ... - - All tests passed! - Test ended at Sun Jul 26 02:10:57 2015 - Seed used was: 1437891055 - -Fifth, the test harness provides a "test vector" option which uses many known test vectors, even those published by other people (like Brian Gladman for AES). You run the test vectors as shown below. The tail of the output should indicate 0 failed tests. - - ./cryptest.exe tv all - ... - - Testing SymmetricCipher algorithm MARS/ECB. - ................. - Tests complete. Total tests = 4094. Failed tests = 0. - -REPORTING PROBLEMS ------------------- - -Dirty compiles and failures in the validation suite or test vectors should be reported at the Crypto++ User Group. The User Group is located at https://groups.google.com/forum/#!forum/cryptopp-users. - -Also see http://www.cryptopp.com/wiki/Bug_Report. +CONTENTS OF THIS FILE
+---------------------
+
+* Introduction
+* Building the Library
+* Installing the Library
+* Makefile Targets
+* DataDir Patch
+* Dynamic Analysis
+* Acceptance Testing
+* Reporting problems
+
+INTRODUCTION
+------------
+
+Crypto++ Library is a free C++ class library of cryptographic algorithms and schemes. It was written and placed in public domain by Wei Dai. The library homepage is at http://www.cryptopp.com/. The latest library source code can be found at https://github.com/weidai11/cryptopp. For licensing and copyright information, please see License.txt.
+
+These are general instructions for the BSDs, Linux, OS X, Solaris and Unix. On BSD you will likely have to use `gmake` to build the library. On Linux, OS X, Solaris and Unix, the system's make should be OK. On Windows, Crypto++ provides Borland and Visual Studio solutions.
+
+Crypto++ uses a GNU makefile, which combines configuration and a non-anemic make. You should look through the GNUmakefile and config.h to ensure settings look reasonable before building. Please pay particular attention to CRYPTOPP_NO_UNALIGNED_DATA_ACCESS in config.h.
+
+Crypto++ does not depend upon other tools or libraries. It does not use Autotools, does not use Cmake, and does not use Boost.
+
+
+BUILDING THE LIBRARY
+--------------------
+
+In general, all you should have to do is open a terminal, and then:
+
+ make
+ make test
+ sudo make install
+
+The command above builds the static library and cryptest.exe program. If you want to build the shared object, then issue:
+
+ make static dynamic cryptest.exe
+
+Or:
+
+ make libcryptopp.a libcryptopp.so cryptest.exe
+
+
+If you would like to use a different compiler, the set CXX:
+
+ export CXX=/opt/intel/bin/icpc
+ make
+
+If you want to build using C++11, then:
+
+ make CXXFLAGS="-std=c++11"
+
+Or:
+
+ CXXFLAGS="-std=c++11"
+ make
+
+LLVM's libc++ is also supported, so you can:
+
+ CXXFLAGS="-std=c++11 -stdlib=libc++"
+ make
+
+
+INSTALLING THE LIBRARY
+----------------------
+
+To install the library into a user selected directory, perform:
+
+ make install PREFIX=/usr/local
+
+During install, the makefile copies cryptest.exe into $PREFIX/bin, copies headers into $PREFIX/include/cryptopp, and copies libraries into $PREFIX/lib. If you only built a static or dynamic version of the library, then only one library is copied. The install recipe does not fail if the static library or shared object is not built.
+
+PREFIX is non-standard, but its retained for historical purposes. The makefile also responds to `prefix=<path>`.
+
+There are some open issues installing the library because cryptest.exe is not sympathetic to path changes of of its test vectors and test data. See the DataDir patch below to fix it.
+
+
+MAKEFILE TARGETS
+----------------
+
+The following are some of the targets provided by the GNU makefile.
+
+`make` invokes the default rule, which builds the Crypto++ static library and test harness. They are called `libcryptopp.a` and `cryptest.exe`, respectively. `cryptest.exe` links against `libcryptopp.a`, so the static library is a prerequisite for the target.
+
+`make libcryptopp.a` and `make static` build the static version of the library.
+
+`make libcryptopp.so` and `make dynamic` build the dynamic version of the library. On Mac OS X, the recipe builds `libcryptopp.dylib` instead.
+
+`make cryptest.exe` builds the library test harness.
+
+`make test` and `make check` are the same recipe and invoke the test harness with the the validation option. That is, it executes `cryptest.exe v`.
+
+`make install` installs the library. By default, the makefile copies into `/usr`. On OpenBSD, `make install` uses `/usr/local` by default because C++ headers should not be placed with the system headers.
+
+`make clean` cleans most transient and temporary objects.
+
+`make disclean` cleans most objects that are not part of the original distribution.
+
+`make dist` and `make zip` build s ZIP file that is suitable for distribution.
+
+
+DATADIR PATCH
+-------------
+
+The library offers a DataDir patch to help with post-installation issues regarding the location of the test vectors and test data. Its a patch provided by the community, so it must be applied manually. To acquire the patch, see http://www.cryptopp.com/wiki/DataDir.
+
+
+DYNAMIC ANALYSIS
+----------------
+
+The Crypto++ embraces tools like Undefined Behavior sanitizer (UBsan), Address sanitizer (Asan) and Valgrind. Both Clang 3.2 and above and GCC 4.8 and above provide sanitizers. Please check with your distribution on how to install the compiler with its sanitizer libraries (they are sometimes a separate install item).
+
+UBsan and Asan are mutually exclusive options, so you can perform only one of these at a time:
+
+ make ubsan
+ ./cryptest.exe v 2>&1 | egrep "(error|FAILED)"
+ ./cryptest.exe tv all 2>&1 | egrep "(error|FAILED)"
+
+Or:
+
+ make asan
+ ./cryptest.exe v 2>&1 | egrep "(error|FAILED)"
+ ./cryptest.exe tv all 2>&1 | egrep "(error|FAILED)"
+
+If you experience self test failures or see reports of undefined behavior, then you should ensure CRYPTOPP_NO_UNALIGNED_DATA_ACCESS is defined in config.h. CRYPTOPP_NO_UNALIGNED_DATA_ACCESS is not defined due to historical purposes.
+
+If you experience failures under Asan, then gather more information with:
+
+ ./cryptest.exe v 2>&1 | asan_symbolize
+
+If you moved Crypto++ such that the paths have changed, then perform:
+
+ ./cryptest.exe v 2>&1 | sed "s/<old path>/<new path>/g" | asan_symbolize
+
+
+ACCEPTANCE TESTING
+------------------
+
+Crypto++ uses five security gates in its engineering process. The library must maintain the quality provided by the review system and integrity of the test suites. You can use the information to decide if the Crypto++ library suits your needs and provides a compatible security posture.
+
+The first gate is code review and discussion of proposed patches. Git commits often cross reference a User Group discussions.
+
+Second is the compiler warning system. The code must clean compile under the equivalent of GCC's -Wall -Wextra (modulo -Wno-type-limits -Wno-unknown-pragmas). This is a moving target as compiler analysis improves.
+
+Third, the code must pass cleanly though GCC and Clang's Undefined Behavior sanitizer (UBsan) and Address sanitizer (Asan) with CRYPTOPP_NO_UNALIGNED_DATA_ACCESS defined in config.h. See DYNAMIC ANALYSIS above on how to execute them.
+
+Fourth, the test harness provides a "validation" option which performs basic system checks (like endianess and word sizes) and exercises algorithms (like AES and SHA). You run the validation suite as shown below. The tail of the output should indicate 0 failed tests.
+
+ ./cryptest.exe v
+ ...
+
+ All tests passed!
+ Test ended at Sun Jul 26 02:10:57 2015
+ Seed used was: 1437891055
+
+Fifth, the test harness provides a "test vector" option which uses many known test vectors, even those published by other people (like Brian Gladman for AES). You run the test vectors as shown below. The tail of the output should indicate 0 failed tests.
+
+ ./cryptest.exe tv all
+ ...
+
+ Testing SymmetricCipher algorithm MARS/ECB.
+ .................
+ Tests complete. Total tests = 4094. Failed tests = 0.
+
+REPORTING PROBLEMS
+------------------
+
+Dirty compiles and failures in the validation suite or test vectors should be reported at the Crypto++ User Group. The User Group is located at https://groups.google.com/forum/#!forum/cryptopp-users.
+
+Also see http://www.cryptopp.com/wiki/Bug_Report.
diff --git a/TestVectors/hkdf.txt b/TestVectors/hkdf.txt index 8d40911d..f66a9003 100644 --- a/TestVectors/hkdf.txt +++ b/TestVectors/hkdf.txt @@ -5,7 +5,7 @@ Comment: Test Case 4 Key: 0x0b0b0b0b0b0b0b0b0b0b0b
Salt: 0x000102030405060708090a0b0c
Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
DerivedKey: 0x085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896
Test: Verify
@@ -16,7 +16,7 @@ Comment: Test Case 5 Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
DerivedKey: 0x0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4
Test: Verify
@@ -27,7 +27,7 @@ Comment: Test Case 6 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
Salt: ""
Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
DerivedKey: 0x0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918
Test: Verify
@@ -38,7 +38,7 @@ Comment: Test Case 7 Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
Salt: ""
Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
DerivedKey: 0x2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48
Test: Verify
@@ -49,7 +49,7 @@ Comment: Test Case 1 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
Salt: 0x000102030405060708090a0b0c
Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
DerivedKey: 0x3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865
Test: Verify
@@ -60,7 +60,7 @@ Comment: Test Case 2 Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
DerivedKey: 0xb11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87
Test: Verify
@@ -71,7 +71,7 @@ Comment: Test Case 3 Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
Salt: ""
Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
DerivedKey: 0x8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8
Test: Verify
@@ -82,7 +82,7 @@ Comment: Test Case 8 (Mirror Tests 1 and 4) Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
Salt: 0x000102030405060708090a0b0c
Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
DerivedKey: 0x832390086CDA71FB47625BB5CEB168E4C8E26A1A16ED34D9FC7FE92C1481579338DA362CB8D9F925D7CB
Test: Verify
@@ -93,7 +93,7 @@ Comment: Test Case 9 (Mirror Tests 2 and 5) Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
DerivedKey: 0xCE6C97192805B346E6161E821ED165673B84F400A2B514B2FE23D84CD189DDF1B695B48CBD1C8388441137B3CE28F16AA64BA33BA466B24DF6CFCB021ECFF235F6A2056CE3AF1DE44D572097A8505D9E7A93
Test: Verify
@@ -104,7 +104,7 @@ Comment: Test Case 10 (Mirror Test 3 and 6) Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
Salt: ""
Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
DerivedKey: 0xF5FA02B18298A72A8C23898A8703472C6EB179DC204C03425C970E3B164BF90FFF22D04836D0E2343BAC
Test: Verify
@@ -115,7 +115,7 @@ Comment: Test Case 11 Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
Salt: ""
Info:
-DerivedLength: 42
+DerivedKeyLength: 42
DerivedKey: 0x1407D46013D98BC6DECEFCFEE55F0F90B0C7F63D68EB1A80EAF07E953CFC0A3A5240A155D6E4DAA965BB
Test: Verify
@@ -126,7 +126,7 @@ Comment: Test Case 12 (Mirror Tests 3 and 6) Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
Salt: ""
Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
DerivedKey: 0xF5FA02B18298A72A8C23898A8703472C6EB179DC204C03425C970E3B164BF90FFF22D04836D0E2343BAC
Test: Verify
@@ -137,7 +137,7 @@ Comment: Test Case 13 (Mirror Tests 1 and 4) Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
Salt: 0x000102030405060708090a0b0c
Info: 0xf0f1f2f3f4f5f6f7f8f9
-DerivedLength: 42
+DerivedKeyLength: 42
DerivedKey: 0x0D29F74CCD8640F44B0DD9638111C1B5766EFED752AF358109E2E7C9CD4A28EF2F90B2AD461FBA0744D4
Test: Verify
@@ -148,7 +148,7 @@ Comment: Test Case 14 (Mirror Tests 2 and 5) Key: 0x000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f
Salt: 0x606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeaf
Info: 0xb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff
-DerivedLength: 82
+DerivedKeyLength: 82
DerivedKey: 0x4EBE4FE2DCCEC42661699500BE279A993FED90351E19373B3926FAA3A410700B2BBF77E254CF1451AE6068D64A0904D966F4FF25498445A501B88F50D21E3A68A890E09445DC5886DD00E7F4F7C58A512170
Test: Verify
@@ -159,7 +159,7 @@ Comment: Test Case 15 (Mirror Tests 3 and 6) Key: 0x0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b
Salt: ""
Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
DerivedKey: 0x110632D0F7AEFAC31771FC66C22BB3462614B81E4B04BA7F2B662E0BD694F56458615F9A9CB56C57ECF2
Test: Verify
@@ -170,6 +170,6 @@ Comment: Test Case 16 (Mirror Test 7) Key: 0x0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c
Salt: r64 0x00
Info: ""
-DerivedLength: 42
+DerivedKeyLength: 42
DerivedKey: 0x4089286EBFB23DD8A02F0C9DAA35D538EB09CD0A8CBAB203F39083AA3E0BD313E6F91E64F21A187510B0
Test: Verify
@@ -12,7 +12,7 @@ #include "config.h"
// TODO: fix 6011 when the API/ABI can change
-#if CRYPTOPP_MSC_VERSION
+#if (CRYPTOPP_MSC_VERSION >= 1400)
# pragma warning(push)
# pragma warning(disable: 6011 28193)
#endif
@@ -494,6 +494,11 @@ AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwI #define CRYPTOPP_SET_FUNCTION_ENTRY(name) (Name::name(), &ThisClass::Set##name)
#define CRYPTOPP_SET_FUNCTION_ENTRY2(name1, name2) (Name::name1(), Name::name2(), &ThisClass::Set##name1##And##name2)
+// TODO: fix 6011 when the API/ABI can change
+#if (CRYPTOPP_MSC_VERSION >= 1400)
+# pragma warning(pop)
+#endif
+
NAMESPACE_END
#endif
@@ -1,7 +1,6 @@ // arc4.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \headerfile arc4.h
+//! \file arc4.h
//! \brief Classes for ARC4 cipher
#ifndef CRYPTOPP_ARC4_H
@@ -78,9 +78,9 @@ CRYPTOPP_DEFINE_NAME_STRING(MaxLineLength) //< int CRYPTOPP_DEFINE_NAME_STRING(DigestSize) //!< int, in bytes
CRYPTOPP_DEFINE_NAME_STRING(L1KeyLength) //!< int, in bytes
CRYPTOPP_DEFINE_NAME_STRING(TableSize) //!< int, in bytes
-CRYPTOPP_DEFINE_NAME_STRING(Blinding) //!< bool
+CRYPTOPP_DEFINE_NAME_STRING(Blinding) //!< bool, timing attack mitigations, ON by default
CRYPTOPP_DEFINE_NAME_STRING(DerivedKey) //!< ByteArrayParameter, key derivation, derived key
-CRYPTOPP_DEFINE_NAME_STRING(DerivedLength) //!< int, key derivation, derived key length in bytes
+CRYPTOPP_DEFINE_NAME_STRING(DerivedKeyLength) //!< int, key derivation, derived key length in bytes
DOCUMENTED_NAMESPACE_END
NAMESPACE_END
@@ -18,12 +18,32 @@ NAMESPACE_BEGIN(CryptoPP) class Base32Encoder : public SimpleProxyFilter
{
public:
- Base32Encoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int outputGroupSize = 0, const std::string &separator = ":", const std::string &terminator = "")
+ //! \brief Construct a Base32Encoder
+ //! \param attachment a BufferedTrasformation to attach to this object
+ //! \param uppercase a flag indicating uppercase output
+ //! \param groupSize the size of the grouping
+ //! \param separator the separator to use between groups
+ //! \param terminator the terminator appeand after processing
+ //! \details Base32Encoder() constructs a default encoder. The constructor lacks fields for padding and
+ //! line breaks. You must use IsolatedInitialize() to change the default padding character or suppress it.
+ //! \sa IsolatedInitialize() for an example of modifying a Base32Encoder after construction.
+ Base32Encoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int groupSize = 0, const std::string &separator = ":", const std::string &terminator = "")
: SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment)
{
- IsolatedInitialize(MakeParameters(Name::Uppercase(), uppercase)(Name::GroupSize(), outputGroupSize)(Name::Separator(), ConstByteArrayParameter(separator))(Name::Terminator(), ConstByteArrayParameter(terminator)));
+ IsolatedInitialize(MakeParameters(Name::Uppercase(), uppercase)(Name::GroupSize(), groupSize)(Name::Separator(), ConstByteArrayParameter(separator))(Name::Terminator(), ConstByteArrayParameter(terminator)));
}
+ //! \brief Initialize or reinitialize this object, without signal propagation
+ //! \param parameters a set of NameValuePairs used to initialize this object
+ //! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
+ //! number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached
+ //! transformations. If initialization should be propagated, then use the Initialize() function.
+ //! \details The following code modifies the padding and line break parameters for an encoder:
+ //! <pre>
+ //! Base32Encoder encoder;
+ //! AlgorithmParameters params = MakeParameters(Pad(), false)(InsertLineBreaks(), false);
+ //! encoder.IsolatedInitialize(params);
+ //! </pre>
void IsolatedInitialize(const NameValuePairs ¶meters);
};
@@ -34,6 +54,8 @@ public: class Base32Decoder : public BaseN_Decoder
{
public:
+ //! \brief Construct a Base32Decoder
+ //! \param attachment a BufferedTrasformation to attach to this object
Base32Decoder(BufferedTransformation *attachment = NULL)
: BaseN_Decoder(GetDefaultDecodingLookupArray(), 5, attachment) {}
@@ -5,7 +5,6 @@ NAMESPACE_BEGIN(CryptoPP)
-
// Base64
static const byte s_stdVec[] =
"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
@@ -1,6 +1,6 @@ // base64.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file base64.h
//! \brief Classes for the Base64Encoder, Base64Decoder, Base64URLEncoder and Base64URLDecoder
#ifndef CRYPTOPP_BASE64_H
@@ -18,12 +18,30 @@ NAMESPACE_BEGIN(CryptoPP) class Base64Encoder : public SimpleProxyFilter
{
public:
+ //! \brief Construct a Base64Encoder
+ //! \param attachment a BufferedTrasformation to attach to this object
+ //! \param insertLineBreaks a BufferedTrasformation to attach to this object
+ //! \param maxLineLength the lenght of a line if line breaks are used
+ //! \details Base64Encoder() constructs a default encoder. The constructor lacks parameters for padding.
+ //! You must use IsolatedInitialize() to modify the Base64Encoder after construction.
+ //! \sa IsolatedInitialize() for an example of modifying a Base64Encoder after construction.
Base64Encoder(BufferedTransformation *attachment = NULL, bool insertLineBreaks = true, int maxLineLength = 72)
: SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment)
{
IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), insertLineBreaks)(Name::MaxLineLength(), maxLineLength));
}
-
+
+ //! \brief Initialize or reinitialize this object, without signal propagation
+ //! \param parameters a set of NameValuePairs used to initialize this object
+ //! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
+ //! number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached
+ //! transformations. If initialization should be propagated, then use the Initialize() function.
+ //! \details The following code modifies the padding and line break parameters for an encoder:
+ //! <pre>
+ //! Base64Encoder encoder;
+ //! AlgorithmParameters params = MakeParameters(Pad(), false)(InsertLineBreaks(), false);
+ //! encoder.IsolatedInitialize(params);
+ //! </pre>
void IsolatedInitialize(const NameValuePairs ¶meters);
};
@@ -34,9 +52,16 @@ public: class Base64Decoder : public BaseN_Decoder
{
public:
+ //! \brief Construct a Base64Decoder
+ //! \param attachment a BufferedTrasformation to attach to this object
Base64Decoder(BufferedTransformation *attachment = NULL)
: BaseN_Decoder(GetDecodingLookupArray(), 6, attachment) {}
+ //! \brief Initialize or reinitialize this object, without signal propagation
+ //! \param parameters a set of NameValuePairs used to initialize this object
+ //! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
+ //! number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on
+ //! attached transformations. If initialization should be propagated, then use the Initialize() function.
void IsolatedInitialize(const NameValuePairs ¶meters)
{CRYPTOPP_UNUSED(parameters);}
@@ -51,12 +76,33 @@ private: class Base64URLEncoder : public SimpleProxyFilter
{
public:
+ //! \brief Construct a Base64URLEncoder
+ //! \param attachment a BufferedTrasformation to attach to this object
+ //! \param insertLineBreaks a BufferedTrasformation to attach to this object
+ //! \param maxLineLength the lenght of a line if line breaks are used
+ //! \details Base64URLEncoder() constructs a default encoder. The constructor ignores insertLineBreaks
+ //! and maxLineLength because the web and URL safe specifications don't use them. They are present
+ //! in the constructor for API compatibility with Base64Encoder (drop-in replacement). The
+ //! constructor also disables padding on the encoder for the same reason.
+ //! \details If you need line breaks or padding, then you must use IsolatedInitialize() to set them
+ //! after constructing a Base64URLEncoder.
+ //! \sa IsolatedInitialize() for an example of modifying a Base64URLEncoder after construction.
Base64URLEncoder(BufferedTransformation *attachment = NULL, bool insertLineBreaks = false, int maxLineLength = -1)
: SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment)
{
- IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), insertLineBreaks)(Name::MaxLineLength(), maxLineLength));
+ CRYPTOPP_UNUSED(insertLineBreaks), CRYPTOPP_UNUSED(maxLineLength);
+ IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), false)(Name::MaxLineLength(), -1)(Name::Pad(),false));
}
+ //! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
+ //! number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached
+ //! transformations. If initialization should be propagated, then use the Initialize() function.
+ //! \details The following code modifies the padding and line break parameters for an encoder:
+ //! <pre>
+ //! Base64URLEncoder encoder;
+ //! AlgorithmParameters params = MakeParameters(Name::Pad(), true)(Name::InsertLineBreaks(), true);
+ //! encoder.IsolatedInitialize(params);
+ //! </pre>
void IsolatedInitialize(const NameValuePairs ¶meters);
};
@@ -67,9 +113,16 @@ public: class Base64URLDecoder : public BaseN_Decoder
{
public:
+ //! \brief Construct a Base64URLDecoder
+ //! \param attachment a BufferedTrasformation to attach to this object
Base64URLDecoder(BufferedTransformation *attachment = NULL)
: BaseN_Decoder(GetDecodingLookupArray(), 6, attachment) {}
+ //! \brief Initialize or reinitialize this object, without signal propagation
+ //! \param parameters a set of NameValuePairs used to initialize this object
+ //! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable
+ //! number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on
+ //! attached transformations. If initialization should be propagated, then use the Initialize() function.
void IsolatedInitialize(const NameValuePairs ¶meters)
{CRYPTOPP_UNUSED(parameters);}
@@ -14,15 +14,24 @@ NAMESPACE_BEGIN(CryptoPP)
//! \class BaseN_Encoder
-//! \details base n encoder, where n is a power of 2
+//! \brief Encoder for bases that are a power of 2
class CRYPTOPP_DLL BaseN_Encoder : public Unflushable<Filter>
{
public:
+ //! \brief Construct a BaseN_Encoder
+ //! \param attachment a BufferedTransformation to attach to this object
BaseN_Encoder(BufferedTransformation *attachment=NULL)
: m_alphabet(NULL), m_padding(0), m_bitsPerChar(0)
, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
{Detach(attachment);}
+ //! \brief Construct a BaseN_Encoder
+ //! \param alphabet table of ASCII characters to use as the alphabet
+ //! \param log2base the log<sub>2</sub>base
+ //! \param attachment a BufferedTransformation to attach to this object
+ //! \param padding the character to use as padding
+ //! \pre log2base must be between 1 and 7 inclusive
+ //! \throws InvalidArgument if log2base is not between 1 and 7
BaseN_Encoder(const byte *alphabet, int log2base, BufferedTransformation *attachment=NULL, int padding=-1)
: m_alphabet(NULL), m_padding(0), m_bitsPerChar(0)
, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
@@ -45,15 +54,27 @@ private: };
//! \class BaseN_Decoder
-//! \details base n encoder, where n is a power of 2
+//! \brief Decoder for bases that are a power of 2
class CRYPTOPP_DLL BaseN_Decoder : public Unflushable<Filter>
{
public:
+ //! \brief Construct a BaseN_Decoder
+ //! \param attachment a BufferedTransformation to attach to this object
+ //! \details padding is set to -1, which means use default padding. If not
+ //! required, then the value must be set via IsolatedInitialize().
BaseN_Decoder(BufferedTransformation *attachment=NULL)
: m_lookup(0), m_padding(0), m_bitsPerChar(0)
, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
{Detach(attachment);}
+ //! \brief Construct a BaseN_Decoder
+ //! \param lookup table of values
+ //! \param log2base the log<sub>2</sub>base
+ //! \param attachment a BufferedTransformation to attach to this object
+ //! \details log2base is the exponent (like 5 in 2<sup>5</sup>), and not
+ //! the number of elements (like 32).
+ //! \details padding is set to -1, which means use default padding. If not
+ //! required, then the value must be set via IsolatedInitialize().
BaseN_Decoder(const int *lookup, int log2base, BufferedTransformation *attachment=NULL)
: m_lookup(0), m_padding(0), m_bitsPerChar(0)
, m_outputBlockSize(0), m_bytePos(0), m_bitPos(0)
@@ -65,6 +86,16 @@ public: void IsolatedInitialize(const NameValuePairs ¶meters);
size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking);
+ //! \brief Intializes BaseN lookup array
+ //! \param lookup table of values
+ //! \param alphabet table of ASCII characters
+ //! \param base the base for the encoder
+ //! \param caseInsensitive flag indicating whether the alpabet is case sensitivie
+ //! \pre COUNTOF(lookup) == 256
+ //! \pre COUNTOF(alphabet) == base
+ //! \details Internally, the function sets the first 256 elements in the lookup table to
+ // their value from the alphabet array or -1. base is the number of element (like 32),
+ //! and not an exponent (like 5 in 2<sup>5</sup>)
static void CRYPTOPP_API InitializeDecodingLookupArray(int *lookup, const byte *alphabet, unsigned int base, bool caseInsensitive);
private:
@@ -74,13 +105,21 @@ private: SecByteBlock m_outBuf;
};
-//! filter that breaks input stream into groups of fixed size
+//! \class Grouper
+//! \brief Filter that breaks input stream into groups of fixed size
class CRYPTOPP_DLL Grouper : public Bufferless<Filter>
{
public:
+ //! \brief Construct a Grouper
+ //! \param attachment a BufferedTransformation to attach to this object
Grouper(BufferedTransformation *attachment=NULL)
: m_groupSize(0), m_counter(0) {Detach(attachment);}
+ //! \brief Construct a Grouper
+ //! \param groupSize the size of the grouping
+ //! \param separator the separator to use between groups
+ //! \param terminator the terminator appeand after processing
+ //! \param attachment a BufferedTransformation to attach to this object
Grouper(int groupSize, const std::string &separator, const std::string &terminator, BufferedTransformation *attachment=NULL)
: m_groupSize(0), m_counter(0)
{
@@ -379,7 +379,7 @@ void BenchmarkAll(double t, double hertz) cout << "Throughput Geometric Average: " << setiosflags(ios::fixed) << exp(logtotal/(logcount ? logcount : 1)) << endl;
// Safer functions on Windows for C&A, https://github.com/weidai11/cryptopp/issues/55
-#if defined(CRYPTOPP_MSC_VERSION)
+#if (CRYPTOPP_MSC_VERSION >= 1400)
tm localTime = {};
char timeBuf[64];
errno_t err;
@@ -1,7 +1,7 @@ // blowfish.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \brief Classes for the Blowfish algorithm
+//! \file blowfish.h
+//! \brief Classes for the Blowfish block cipher
#ifndef CRYPTOPP_BLOWFISH_H
#define CRYPTOPP_BLOWFISH_H
diff --git a/camellia.cpp b/camellia.cpp index 0323bdbe..1c37d4e8 100644 --- a/camellia.cpp +++ b/camellia.cpp @@ -13,7 +13,10 @@ See comments at top of rijndael.cpp for more details. #include "config.h"
#if CRYPTOPP_MSC_VERSION
-# pragma warning(disable: 4456 6246)
+# pragma warning(disable: 4456)
+# if (CRYPTOPP_MSC_VERSION >= 1400)
+# pragma warning(disable: 6246)
+# endif
#endif
#include "camellia.h"
@@ -1,15 +1,11 @@ // camellia.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \headerfile camellia.h
-//! \brief Classes for Cameliia cipher
+//! \file camellia.h
+//! \brief Classes for the Cameliia block cipher
#ifndef CRYPTOPP_CAMELLIA_H
#define CRYPTOPP_CAMELLIA_H
-/** \file
-*/
-
#include "config.h"
#include "seckey.h"
#include "secblock.h"
@@ -1,15 +1,11 @@ // cast.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \headerfile cast.h
-//! \brief Classes for CAST cipher
+//! \file cast.h
+//! \brief Classes for the CAST-128 and CAST-256 block ciphers
#ifndef CRYPTOPP_CAST_H
#define CRYPTOPP_CAST_H
-/** \file
-*/
-
#include "seckey.h"
#include "secblock.h"
@@ -1,7 +1,6 @@ // config.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \headerfile config.h
+//! \file config.h
//! \brief Library configuration file
#ifndef CRYPTOPP_CONFIG_H
diff --git a/config.recommend b/config.recommend index f30f9a26..eb7dbb58 100644 --- a/config.recommend +++ b/config.recommend @@ -1,708 +1,708 @@ -// config.h - written and placed in the public domain by Wei Dai - -//! \file config.h -//! \brief Library configuration file - -#ifndef CRYPTOPP_CONFIG_H -#define CRYPTOPP_CONFIG_H - -// ***************** Important Settings ******************** - -// define this if running on a big-endian CPU -#if !defined(IS_LITTLE_ENDIAN) && (defined(__BIG_ENDIAN__) || (defined(__s390__) || defined(__s390x__) || defined(__zarch__)) || defined(__sparc) || defined(__sparc__) || defined(__hppa__) || defined(__MIPSEB__) || defined(__ARMEB__) || (defined(__MWERKS__) && !defined(__INTEL__))) -# define IS_BIG_ENDIAN -#endif - -// define this if running on a little-endian CPU -// big endian will be assumed if IS_LITTLE_ENDIAN is not defined -#ifndef IS_BIG_ENDIAN -# define IS_LITTLE_ENDIAN -#endif - -// Sanity checks. Some processors have more than big-, little- and bi-endian modes. PDP mode, where order results in "4312", should -// raise red flags immediately. Additionally, mis-classified machines, like (previosuly) S/390, should raise red flags immediately. -#if defined(IS_BIG_ENDIAN) && defined(__GNUC__) && defined(__BYTE_ORDER__) && (__BYTE_ORDER__ != __ORDER_BIG_ENDIAN__) -# error "IS_BIG_ENDIAN is set, but __BYTE_ORDER__ does not equal __ORDER_BIG_ENDIAN__" -#endif -#if defined(IS_LITTLE_ENDIAN) && defined(__GNUC__) && defined(__BYTE_ORDER__) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__) -# error "IS_LITTLE_ENDIAN is set, but __BYTE_ORDER__ does not equal __ORDER_LITTLE_ENDIAN__" -#endif - -// define this if you want to disable all OS-dependent features, -// such as sockets and OS-provided random number generators -// #define NO_OS_DEPENDENCE - -// Define this to use features provided by Microsoft's CryptoAPI. -// Currently the only feature used is random number generation. -// This macro will be ignored if NO_OS_DEPENDENCE is defined. -#define USE_MS_CRYPTOAPI - -// Define this to ensure C/C++ standard compliance and respect for GCC aliasing rules and other alignment fodder. If you -// experience a break with GCC at -O3, you should try this first. Guard it in case its set on the command line (and it differs). -#ifndef CRYPTOPP_NO_UNALIGNED_DATA_ACCESS -# define CRYPTOPP_NO_UNALIGNED_DATA_ACCESS -#endif - -// ***************** Less Important Settings *************** - -// Library version -#define CRYPTOPP_VERSION 563 - -// define this to retain (as much as possible) old deprecated function and class names -// #define CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY - -// define this to retain (as much as possible) ABI and binary compatibility with Crypto++ 5.6.2. -// Also see https://cryptopp.com/wiki/Config.h#Avoid_MAINTAIN_BACKWARDS_COMPATIBILITY -#if (CRYPTOPP_VERSION <= 600) -# if !defined(CRYPTOPP_NO_BACKWARDS_COMPATIBILITY_562) && !defined(CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562) -// # define CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 -# endif -#endif - -// Define this if you want or need the library's memcpy_s and memmove_s. -// See http://github.com/weidai11/cryptopp/issues/28. -// #if !defined(CRYPTOPP_WANT_SECURE_LIB) -// # define CRYPTOPP_WANT_SECURE_LIB -// #endif - -// File system code to write to GZIP archive. -#if !defined(GZIP_OS_CODE) -# define GZIP_OS_CODE 0 -#endif - -// Try this if your CPU has 256K internal cache or a slow multiply instruction -// and you want a (possibly) faster IDEA implementation using log tables -// #define IDEA_LARGECACHE - -// Define this if, for the linear congruential RNG, you want to use -// the original constants as specified in S.K. Park and K.W. Miller's -// CACM paper. -// #define LCRNG_ORIGINAL_NUMBERS - -// choose which style of sockets to wrap (mostly useful for MinGW which has both) -#if !defined(NO_BERKELEY_STYLE_SOCKETS) && !defined(PREFER_BERKELEY_STYLE_SOCKETS) -# define PREFER_BERKELEY_STYLE_SOCKETS -#endif - -// #if !defined(NO_WINDOWS_STYLE_SOCKETS) && !defined(PREFER_WINDOWS_STYLE_SOCKETS) -// # define PREFER_WINDOWS_STYLE_SOCKETS -// #endif - -// set the name of Rijndael cipher, was "Rijndael" before version 5.3 -#define CRYPTOPP_RIJNDAEL_NAME "AES" - -// CRYPTOPP_INIT_PRIORITY attempts to manage initialization of C++ static objects. -// Under GCC, the library uses init_priority attribute in the range -// [CRYPTOPP_INIT_PRIORITY, CRYPTOPP_INIT_PRIORITY+100]. Under Windows, -// CRYPTOPP_INIT_PRIORITY enlists "#pragma init_seg(lib)". -#define CRYPTOPP_INIT_PRIORITY 250 - -// CRYPTOPP_USER_PRIORITY is for other libraries and user code that is using Crypto++ -// and managing C++ static object creation. It is guaranteed not to conflict with -// values used by (or would be used by) the Crypto++ library. -#if defined(CRYPTOPP_INIT_PRIORITY) && (CRYPTOPP_INIT_PRIORITY > 0) -# define CRYPTOPP_USER_PRIORITY (CRYPTOPP_INIT_PRIORITY + 101) -#else -# define CRYPTOPP_USER_PRIORITY 250 -#endif - -// ***************** Important Settings Again ******************** -// But the defaults should be ok. - -// namespace support is now required -#ifdef NO_NAMESPACE -# error namespace support is now required -#endif - -// Define this to workaround a Microsoft CryptoAPI bug where -// each call to CryptAcquireContext causes a 100 KB memory leak. -// Defining this will cause Crypto++ to make only one call to CryptAcquireContext. -#define WORKAROUND_MS_BUG_Q258000 - -#ifdef CRYPTOPP_DOXYGEN_PROCESSING -// Document the namespce exists. Put it here before CryptoPP is undefined below. -//! \namespace CryptoPP -//! \brief Crypto++ library namespace -//! \details Nearly all classes are located in the CryptoPP namespace. Within -//! the namespace, there are two additional namespaces. -//! <ul> -//! <li>Name - namespace for names used with \p NameValuePairs and documented in argnames.h -//! <li>Weak - namespace for weak and wounded algorithms, like ARC4, MD5 and Pananma -//! </ul> -namespace CryptoPP { } -// Bring in the symbols fund in the weak namespace; and fold Weak1 into Weak -# define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 -# define Weak1 Weak -// Avoid putting "CryptoPP::" in front of everything in Doxygen output -# define CryptoPP -# define NAMESPACE_BEGIN(x) -# define NAMESPACE_END -// Get Doxygen to generate better documentation for these typedefs -# define DOCUMENTED_TYPEDEF(x, y) class y : public x {}; -// Make "protected" "private" so the functions and members are not documented -# define protected private -#else -# define NAMESPACE_BEGIN(x) namespace x { -# define NAMESPACE_END } -# define DOCUMENTED_TYPEDEF(x, y) typedef x y; -#endif -#define ANONYMOUS_NAMESPACE_BEGIN namespace { -#define ANONYMOUS_NAMESPACE_END } -#define USING_NAMESPACE(x) using namespace x; -#define DOCUMENTED_NAMESPACE_BEGIN(x) namespace x { -#define DOCUMENTED_NAMESPACE_END } - -// What is the type of the third parameter to bind? -// For Unix, the new standard is ::socklen_t (typically unsigned int), and the old standard is int. -// Unfortunately there is no way to tell whether or not socklen_t is defined. -// To work around this, TYPE_OF_SOCKLEN_T is a macro so that you can change it from the makefile. -#ifndef TYPE_OF_SOCKLEN_T -# if defined(_WIN32) || defined(__CYGWIN__) -# define TYPE_OF_SOCKLEN_T int -# else -# define TYPE_OF_SOCKLEN_T ::socklen_t -# endif -#endif - -#if defined(__CYGWIN__) && defined(PREFER_WINDOWS_STYLE_SOCKETS) -# define __USE_W32_SOCKETS -#endif - -typedef unsigned char byte; // put in global namespace to avoid ambiguity with other byte typedefs - -NAMESPACE_BEGIN(CryptoPP) - -typedef unsigned short word16; -typedef unsigned int word32; - -#if defined(_MSC_VER) || defined(__BORLANDC__) - typedef unsigned __int64 word64; - #define W64LIT(x) x##ui64 -#else - typedef unsigned long long word64; - #define W64LIT(x) x##ULL -#endif - -// define large word type, used for file offsets and such -typedef word64 lword; -const lword LWORD_MAX = W64LIT(0xffffffffffffffff); - -#ifdef __GNUC__ - #define CRYPTOPP_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) -#endif - -// Apple and LLVM's Clang. Apple Clang version 7.0 roughly equals LLVM Clang version 3.7 -#if defined(__clang__ ) && !defined(__apple_build_version__) - #define CRYPTOPP_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__) -#elif defined(__clang__ ) && defined(__apple_build_version__) - #define CRYPTOPP_APPLE_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__) -#endif - -#ifdef _MSC_VER - #define CRYPTOPP_MSC_VERSION (_MSC_VER) -#endif - -// Need GCC 4.6/Clang 1.7/Apple Clang 2.0 or above due to "GCC diagnostic {push|pop}" -#if (CRYPTOPP_GCC_VERSION >= 40600) || (CRYPTOPP_CLANG_VERSION >= 10700) || (CRYPTOPP_APPLE_CLANG_VERSION >= 20000) - #define CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE 1 -#endif - -// Clang due to "Inline assembly operands don't work with .intel_syntax", http://llvm.org/bugs/show_bug.cgi?id=24232 -// TODO: supply the upper version when LLVM fixes it. We set it to 20.0 for compilation purposes. -#if (defined(CRYPTOPP_CLANG_VERSION) && CRYPTOPP_CLANG_VERSION <= 200000) || (defined(CRYPTOPP_APPLE_CLANG_VERSION) && CRYPTOPP_APPLE_CLANG_VERSION <= 200000) - #define CRYPTOPP_DISABLE_INTEL_ASM 1 -#endif - -// define hword, word, and dword. these are used for multiprecision integer arithmetic -// Intel compiler won't have _umul128 until version 10.0. See http://softwarecommunity.intel.com/isn/Community/en-US/forums/thread/30231625.aspx -#if (defined(_MSC_VER) && (!defined(__INTEL_COMPILER) || __INTEL_COMPILER >= 1000) && (defined(_M_X64) || defined(_M_IA64))) || (defined(__DECCXX) && defined(__alpha__)) || (defined(__INTEL_COMPILER) && (__INTEL_COMPILER < 1000) && defined(__x86_64__)) || (defined(__SUNPRO_CC) && defined(__x86_64__)) - typedef word32 hword; - typedef word64 word; -#else - #define CRYPTOPP_NATIVE_DWORD_AVAILABLE - #if defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || defined(__x86_64__) || defined(__mips64) || defined(__sparc64__) - #if defined(__GNUC__) && !defined(__INTEL_COMPILER) && !(CRYPTOPP_GCC_VERSION == 40001 && defined(__APPLE__)) && (CRYPTOPP_GCC_VERSION >= 30400) - // GCC 4.0.1 on MacOS X is missing __umodti3 and __udivti3 - // mode(TI) division broken on amd64 with GCC earlier than GCC 3.4 - #define CRYPTOPP_WORD128_AVAILABLE - typedef word32 hword; - typedef word64 word; - typedef __uint128_t dword; - typedef __uint128_t word128; - #elif defined(__GNUC__) && (__SIZEOF_INT128__ >= 16) - // Detect availabliltiy of int128_t and uint128_t in preprocessor, http://gcc.gnu.org/ml/gcc-help/2015-08/msg00185.html. - #define CRYPTOPP_WORD128_AVAILABLE - typedef word32 hword; - typedef word64 word; - typedef __uint128_t dword; - typedef __uint128_t word128; - #else - // if we're here, it means we're on a 64-bit CPU but we don't have a way to obtain 128-bit multiplication results - typedef word16 hword; - typedef word32 word; - typedef word64 dword; - #endif - #elif defined(__GNUC__) && (__SIZEOF_INT128__ >= 16) - // Detect availabliltiy of int128_t and uint128_t in preprocessor, http://gcc.gnu.org/ml/gcc-help/2015-08/msg00185.html. - #define CRYPTOPP_WORD128_AVAILABLE - typedef word32 hword; - typedef word64 word; - typedef __uint128_t dword; - typedef __uint128_t word128; - #else - // being here means the native register size is probably 32 bits or less - #define CRYPTOPP_BOOL_SLOW_WORD64 1 - typedef word16 hword; - typedef word32 word; - typedef word64 dword; - #endif -#endif -#ifndef CRYPTOPP_BOOL_SLOW_WORD64 - #define CRYPTOPP_BOOL_SLOW_WORD64 0 -#endif - -// Produce a compiler error. It can be commented out, but you may not get the benefit of the fastest integers. -#if (__SIZEOF_INT128__ >= 16) && !defined(CRYPTOPP_WORD128_AVAILABLE) && !defined(__aarch64__) -# error "An int128_t and uint128_t are available, but CRYPTOPP_WORD128_AVAILABLE is not defined" -#endif - -const unsigned int WORD_SIZE = sizeof(word); -const unsigned int WORD_BITS = WORD_SIZE * 8; - -NAMESPACE_END - -#ifndef CRYPTOPP_L1_CACHE_LINE_SIZE - // This should be a lower bound on the L1 cache line size. It's used for defense against timing attacks. - // Also see http://stackoverflow.com/questions/794632/programmatically-get-the-cache-line-size. - #if defined(_M_X64) || defined(__x86_64__) || (__ILP32__ >= 1) - #define CRYPTOPP_L1_CACHE_LINE_SIZE 64 - #else - // L1 cache line size is 32 on Pentium III and earlier - #define CRYPTOPP_L1_CACHE_LINE_SIZE 32 - #endif -#endif - -#if defined(_MSC_VER) - #if _MSC_VER == 1200 - #include <malloc.h> - #endif - #if _MSC_VER > 1200 || defined(_mm_free) - #define CRYPTOPP_MSVC6PP_OR_LATER // VC 6 processor pack or later - #else - #define CRYPTOPP_MSVC6_NO_PP // VC 6 without processor pack - #endif -#endif - -#ifndef CRYPTOPP_ALIGN_DATA - #if defined(CRYPTOPP_MSVC6PP_OR_LATER) - #define CRYPTOPP_ALIGN_DATA(x) __declspec(align(x)) - #elif defined(__GNUC__) - #define CRYPTOPP_ALIGN_DATA(x) __attribute__((aligned(x))) - #else - #define CRYPTOPP_ALIGN_DATA(x) - #endif -#endif - -#ifndef CRYPTOPP_SECTION_ALIGN16 -#if defined(__GNUC__) && !defined(__APPLE__) - // the alignment attribute doesn't seem to work without this section attribute when -fdata-sections is turned on - #define CRYPTOPP_SECTION_ALIGN16 __attribute__((section ("CryptoPP_Align16"))) - #else - #define CRYPTOPP_SECTION_ALIGN16 - #endif -#endif - -#if defined(_MSC_VER) || defined(__fastcall) - #define CRYPTOPP_FASTCALL __fastcall -#else - #define CRYPTOPP_FASTCALL -#endif - -// VC60 workaround: it doesn't allow typename in some places -#if defined(_MSC_VER) && (_MSC_VER < 1300) -#define CPP_TYPENAME -#else -#define CPP_TYPENAME typename -#endif - -// VC60 workaround: can't cast unsigned __int64 to float or double -#if defined(_MSC_VER) && !defined(CRYPTOPP_MSVC6PP_OR_LATER) -#define CRYPTOPP_VC6_INT64 (__int64) -#else -#define CRYPTOPP_VC6_INT64 -#endif - -#ifdef _MSC_VER -#define CRYPTOPP_NO_VTABLE __declspec(novtable) -#else -#define CRYPTOPP_NO_VTABLE -#endif - -#ifdef _MSC_VER - // 4127: conditional expression is constant - // 4231: nonstandard extension used : 'extern' before template explicit instantiation - // 4250: dominance - // 4251: member needs to have dll-interface - // 4275: base needs to have dll-interface - // 4505: unreferenced local function - // 4512: assignment operator not generated - // 4660: explicitly instantiating a class that's already implicitly instantiated - // 4661: no suitable definition provided for explicit template instantiation request - // 4786: identifer was truncated in debug information - // 4355: 'this' : used in base member initializer list - // 4910: '__declspec(dllexport)' and 'extern' are incompatible on an explicit instantiation -# pragma warning(disable: 4127 4231 4250 4251 4275 4505 4512 4660 4661 4786 4355 4910) - // Security related, possible defects - // http://blogs.msdn.com/b/vcblog/archive/2010/12/14/off-by-default-compiler-warnings-in-visual-c.aspx -# pragma warning(once: 4191 4242 4263 4264 4266 4302 4826 4905 4906 4928) -#endif - -#ifdef __BORLANDC__ -// 8037: non-const function called for const object. needed to work around BCB2006 bug -# pragma warn -8037 -#endif - -// [GCC Bug 53431] "C++ preprocessor ignores #pragma GCC diagnostic". Clang honors it. -#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE -# pragma GCC diagnostic ignored "-Wunknown-pragmas" -# pragma GCC diagnostic ignored "-Wunused-function" -#endif - -#if (defined(_MSC_VER) && _MSC_VER <= 1300) || defined(__MWERKS__) || defined(_STLPORT_VERSION) -#define CRYPTOPP_DISABLE_UNCAUGHT_EXCEPTION -#endif - -#ifndef CRYPTOPP_DISABLE_UNCAUGHT_EXCEPTION -#define CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE -#endif - -#ifdef CRYPTOPP_DISABLE_X86ASM // for backwards compatibility: this macro had both meanings -#define CRYPTOPP_DISABLE_ASM -#define CRYPTOPP_DISABLE_SSE2 -#endif - -// Apple's Clang prior to 5.0 cannot handle SSE2 (and Apple does not use LLVM Clang numbering...) -#if defined(CRYPTOPP_APPLE_CLANG_VERSION) && (CRYPTOPP_APPLE_CLANG_VERSION < 50000) -# define CRYPTOPP_DISABLE_ASM -#endif - -#if !defined(CRYPTOPP_DISABLE_ASM) && ((defined(_MSC_VER) && defined(_M_IX86)) || (defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)))) - // C++Builder 2010 does not allow "call label" where label is defined within inline assembly - #define CRYPTOPP_X86_ASM_AVAILABLE - - #if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || CRYPTOPP_GCC_VERSION >= 30300 || defined(__SSE2__)) - #define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 1 - #else - #define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 0 - #endif - - // SSE3 was actually introduced in GNU as 2.17, which was released 6/23/2006, but we can't tell what version of binutils is installed. - // GCC 4.1.2 was released on 2/13/2007, so we'll use that as a proxy for the binutils version. Also see the output of - // `gcc -dM -E -march=native - < /dev/null | grep -i SSE` for preprocessor defines available. - #if !defined(CRYPTOPP_DISABLE_SSSE3) && (_MSC_VER >= 1400 || CRYPTOPP_GCC_VERSION >= 40102 || defined(__SSSE3__) || defined(__SSE3__)) - #define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 1 - #else - #define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 0 - #endif -#endif - -#if !defined(CRYPTOPP_DISABLE_ASM) && defined(_MSC_VER) && defined(_M_X64) - #define CRYPTOPP_X64_MASM_AVAILABLE -#endif - -#if !defined(CRYPTOPP_DISABLE_ASM) && defined(__GNUC__) && defined(__x86_64__) - #define CRYPTOPP_X64_ASM_AVAILABLE -#endif - -#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || defined(__SSE2__)) - #define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 1 -#else - #define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 0 -#endif - -#if !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(CRYPTOPP_DISABLE_AESNI) && CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && (CRYPTOPP_GCC_VERSION >= 40400 || _MSC_FULL_VER >= 150030729 || __INTEL_COMPILER >= 1110 || defined(__AES__)) - #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1 -#else - #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 0 -#endif - -#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) - #define CRYPTOPP_BOOL_ALIGN16 1 -#else - #define CRYPTOPP_BOOL_ALIGN16 0 -#endif - -// how to allocate 16-byte aligned memory (for SSE2) -#if defined(CRYPTOPP_MSVC6PP_OR_LATER) - #define CRYPTOPP_MM_MALLOC_AVAILABLE -#elif defined(__APPLE__) - #define CRYPTOPP_APPLE_MALLOC_AVAILABLE -#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) - #define CRYPTOPP_MALLOC_ALIGNMENT_IS_16 -#elif defined(__linux__) || defined(__sun__) || defined(__CYGWIN__) - #define CRYPTOPP_MEMALIGN_AVAILABLE -#else - #define CRYPTOPP_NO_ALIGNED_ALLOC -#endif - -// Apple always provides 16-byte aligned, and tells us to use calloc -// http://developer.apple.com/library/mac/documentation/Performance/Conceptual/ManagingMemory/Articles/MemoryAlloc.html - -// how to disable inlining -#if defined(_MSC_VER) && _MSC_VER >= 1300 -# define CRYPTOPP_NOINLINE_DOTDOTDOT -# define CRYPTOPP_NOINLINE __declspec(noinline) -#elif defined(__GNUC__) -# define CRYPTOPP_NOINLINE_DOTDOTDOT -# define CRYPTOPP_NOINLINE __attribute__((noinline)) -#else -# define CRYPTOPP_NOINLINE_DOTDOTDOT ... -# define CRYPTOPP_NOINLINE -#endif - -// how to declare class constants -#if (defined(_MSC_VER) && _MSC_VER <= 1300) || defined(__INTEL_COMPILER) -# define CRYPTOPP_CONSTANT(x) enum {x}; -#else -# define CRYPTOPP_CONSTANT(x) static const int x; -#endif - -// Linux provides X32, which is 32-bit integers, longs and pointers on x86_64 using the full x86_64 register set. -// Detect via __ILP32__ (http://wiki.debian.org/X32Port). Both GCC and Clang provide the preprocessor macro. -#if ((__ILP32__ >= 1) || (_ILP32 >= 1)) - #define CRYPTOPP_BOOL_X32 1 -#else - #define CRYPTOPP_BOOL_X32 0 -#endif - -// see http://predef.sourceforge.net/prearch.html -#if (defined(_M_IX86) || defined(__i386__) || defined(__i386) || defined(_X86_) || defined(__I86__) || defined(__INTEL__)) && !CRYPTOPP_BOOL_X32 - #define CRYPTOPP_BOOL_X86 1 -#else - #define CRYPTOPP_BOOL_X86 0 -#endif - -#if (defined(_M_X64) || defined(__x86_64__)) && !CRYPTOPP_BOOL_X32 - #define CRYPTOPP_BOOL_X64 1 -#else - #define CRYPTOPP_BOOL_X64 0 -#endif - -// Undo the ASM and Intrinsic related defines due to X32. -#if CRYPTOPP_BOOL_X32 -# undef CRYPTOPP_BOOL_X64 -# undef CRYPTOPP_X64_ASM_AVAILABLE -# undef CRYPTOPP_X64_MASM_AVAILABLE -#endif - -#if !defined(CRYPTOPP_NO_UNALIGNED_DATA_ACCESS) && !defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) -#if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || defined(__powerpc__) || (__ARM_FEATURE_UNALIGNED >= 1)) - #define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS -#endif -#endif - -// ***************** determine availability of OS features ******************** - -#ifndef NO_OS_DEPENDENCE - -#if defined(_WIN32) || defined(__CYGWIN__) -#define CRYPTOPP_WIN32_AVAILABLE -#endif - -#if defined(__unix__) || defined(__MACH__) || defined(__NetBSD__) || defined(__sun) -#define CRYPTOPP_UNIX_AVAILABLE -#endif - -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) -#define CRYPTOPP_BSD_AVAILABLE -#endif - -#if defined(CRYPTOPP_WIN32_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE) -# define HIGHRES_TIMER_AVAILABLE -#endif - -#ifdef CRYPTOPP_UNIX_AVAILABLE -# define HAS_BERKELEY_STYLE_SOCKETS -#endif - -#ifdef CRYPTOPP_WIN32_AVAILABLE -# define HAS_WINDOWS_STYLE_SOCKETS -#endif - -#if defined(HIGHRES_TIMER_AVAILABLE) && (defined(HAS_BERKELEY_STYLE_SOCKETS) || defined(HAS_WINDOWS_STYLE_SOCKETS)) -# define SOCKETS_AVAILABLE -#endif - -#if defined(HAS_WINDOWS_STYLE_SOCKETS) && (!defined(HAS_BERKELEY_STYLE_SOCKETS) || defined(PREFER_WINDOWS_STYLE_SOCKETS)) -# define USE_WINDOWS_STYLE_SOCKETS -#else -# define USE_BERKELEY_STYLE_SOCKETS -#endif - -#if defined(HIGHRES_TIMER_AVAILABLE) && defined(CRYPTOPP_WIN32_AVAILABLE) && !defined(USE_BERKELEY_STYLE_SOCKETS) -# define WINDOWS_PIPES_AVAILABLE -#endif - -#if defined(CRYPTOPP_WIN32_AVAILABLE) && defined(USE_MS_CRYPTOAPI) -# define NONBLOCKING_RNG_AVAILABLE -# define OS_RNG_AVAILABLE -#endif - -#if defined(CRYPTOPP_UNIX_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING) -# define NONBLOCKING_RNG_AVAILABLE -# define BLOCKING_RNG_AVAILABLE -# define OS_RNG_AVAILABLE -# define HAS_PTHREADS -# define THREADS_AVAILABLE -#endif - -#ifdef CRYPTOPP_WIN32_AVAILABLE -# define HAS_WINTHREADS -# define THREADS_AVAILABLE -#endif - -#endif // NO_OS_DEPENDENCE - -// ***************** DLL related ******************** - -#if defined(CRYPTOPP_WIN32_AVAILABLE) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) - -#ifdef CRYPTOPP_EXPORTS -#define CRYPTOPP_IS_DLL -#define CRYPTOPP_DLL __declspec(dllexport) -#elif defined(CRYPTOPP_IMPORTS) -#define CRYPTOPP_IS_DLL -#define CRYPTOPP_DLL __declspec(dllimport) -#else -#define CRYPTOPP_DLL -#endif - -#define CRYPTOPP_API __cdecl - -#else // not CRYPTOPP_WIN32_AVAILABLE - -#define CRYPTOPP_DLL -#define CRYPTOPP_API - -#endif // CRYPTOPP_WIN32_AVAILABLE - -#if defined(__MWERKS__) -#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS extern class CRYPTOPP_DLL -#elif defined(__BORLANDC__) || defined(__SUNPRO_CC) -#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS template class CRYPTOPP_DLL -#else -#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS extern template class CRYPTOPP_DLL -#endif - -#if defined(CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES) && !defined(CRYPTOPP_IMPORTS) -#define CRYPTOPP_DLL_TEMPLATE_CLASS template class CRYPTOPP_DLL -#else -#define CRYPTOPP_DLL_TEMPLATE_CLASS CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS -#endif - -#if defined(__MWERKS__) -#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS extern class -#elif defined(__BORLANDC__) || defined(__SUNPRO_CC) -#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS template class -#else -#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS extern template class -#endif - -#if defined(CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES) && !defined(CRYPTOPP_EXPORTS) -#define CRYPTOPP_STATIC_TEMPLATE_CLASS template class -#else -#define CRYPTOPP_STATIC_TEMPLATE_CLASS CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS -#endif - -// ************** Unused variable *************** - -// Portable way to suppress warnings. -// Moved from misc.h due to circular depenedencies. -#define CRYPTOPP_UNUSED(x) ((void)x) - -// ***************** C++11 related ******************** - -// Visual Studio began at VS2010, http://msdn.microsoft.com/en-us/library/hh567368%28v=vs.110%29.aspx. -// Intel and C++11 language features, http://software.intel.com/en-us/articles/c0x-features-supported-by-intel-c-compiler -// GCC and C++11 language features, http://gcc.gnu.org/projects/cxx0x.html -// Clang and C++11 language features, http://clang.llvm.org/cxx_status.html -#if (_MSC_VER >= 1600) || (__cplusplus >= 201103L) -# define CRYPTOPP_CXX11 1 -#endif - -// Hack ahead. Apple's standard library does not have C++'s unique_ptr in C++11. We can't -// test for unique_ptr directly because some of the non-Apple Clangs on OS X fail the same -// way. However, modern standard libraries have <forward_list>, so we test for it instead. -// Thanks to Jonathan Wakely for devising the clever test for modern/ancient versions. -// TODO: test under Xcode 3, where g++ is really g++. -#if defined(__APPLE__) && defined(__clang__) -# if !(defined(__has_include) && __has_include(<forward_list>)) -# undef CRYPTOPP_CXX11 -# endif -#endif - -// C++11 or C++14 is available -#if defined(CRYPTOPP_CXX11) - -// alignof/alignas: MS at VS2013 (19.00); GCC at 4.8; Clang at 3.3; and Intel 15.0. -#if (CRYPTOPP_MSC_VERSION >= 1900) -# define CRYPTOPP_CXX11_ALIGNAS 1 -# define CRYPTOPP_CXX11_ALIGNOF 1 -#elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1500) -# define CRYPTOPP_CXX11_ALIGNAS 1 -# define CRYPTOPP_CXX11_ALIGNOF 1 -#elif defined(__clang__) -# if __has_feature(cxx_alignof) -# define CRYPTOPP_CXX11_ALIGNAS 1 -# define CRYPTOPP_CXX11_ALIGNOF 1 -# endif -#elif (CRYPTOPP_GCC_VERSION >= 40800) -# define CRYPTOPP_CXX11_ALIGNAS 1 -# define CRYPTOPP_CXX11_ALIGNOF 1 -#endif // alignof/alignas - -// noexcept: MS at VS2015 (19.00); GCC at 4.6; Clang at 3.0; and Intel 14.0. -#if (CRYPTOPP_MSC_VERSION >= 1900) -# define CRYPTOPP_CXX11_NOEXCEPT 1 -#elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1400) -# define CRYPTOPP_CXX11_NOEXCEPT 1 -#elif defined(__clang__) -# if __has_feature(cxx_noexcept) -# define CRYPTOPP_CXX11_NOEXCEPT 1 -# endif -#elif (CRYPTOPP_GCC_VERSION >= 40600) -# define CRYPTOPP_CXX11_NOEXCEPT 1 -#endif // noexcept compilers - -// variadic templates: MS at VS2013 (18.00); GCC at 4.3; Clang at 2.9; and Intel 12.1. -#if (CRYPTOPP_MSC_VERSION >= 1800) -# define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1 -#elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1210) -# define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1 -#elif defined(__clang__) -# if __has_feature(cxx_variadic_templates) -# define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1 -# endif -#elif (CRYPTOPP_GCC_VERSION >= 40300) -# define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1 -#endif // variadic templates - -// TODO: Emplacement, R-values and Move semantics -// Needed because we are catching warnings with GCC and MSC - -#endif // CRYPTOPP_CXX11 - -#if defined(CRYPTOPP_CXX11_NOEXCEPT) -# define CRYPTOPP_THROW noexcept(false) -# define CRYPTOPP_NO_THROW noexcept(true) -#else -# define CRYPTOPP_THROW -# define CRYPTOPP_NO_THROW -#endif // CRYPTOPP_CXX11_NOEXCEPT - -// OK to comment the following out, but please report it so we can fix it. -#if (defined(__cplusplus) && (__cplusplus >= 199711L)) && !defined(CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE) -# error "std::uncaught_exception is not available. This is likely a configuration error." -#endif - -#endif +// config.h - written and placed in the public domain by Wei Dai
+
+//! \file config.h
+//! \brief Library configuration file
+
+#ifndef CRYPTOPP_CONFIG_H
+#define CRYPTOPP_CONFIG_H
+
+// ***************** Important Settings ********************
+
+// define this if running on a big-endian CPU
+#if !defined(IS_LITTLE_ENDIAN) && (defined(__BIG_ENDIAN__) || (defined(__s390__) || defined(__s390x__) || defined(__zarch__)) || defined(__sparc) || defined(__sparc__) || defined(__hppa__) || defined(__MIPSEB__) || defined(__ARMEB__) || (defined(__MWERKS__) && !defined(__INTEL__)))
+# define IS_BIG_ENDIAN
+#endif
+
+// define this if running on a little-endian CPU
+// big endian will be assumed if IS_LITTLE_ENDIAN is not defined
+#ifndef IS_BIG_ENDIAN
+# define IS_LITTLE_ENDIAN
+#endif
+
+// Sanity checks. Some processors have more than big-, little- and bi-endian modes. PDP mode, where order results in "4312", should
+// raise red flags immediately. Additionally, mis-classified machines, like (previosuly) S/390, should raise red flags immediately.
+#if defined(IS_BIG_ENDIAN) && defined(__GNUC__) && defined(__BYTE_ORDER__) && (__BYTE_ORDER__ != __ORDER_BIG_ENDIAN__)
+# error "IS_BIG_ENDIAN is set, but __BYTE_ORDER__ does not equal __ORDER_BIG_ENDIAN__"
+#endif
+#if defined(IS_LITTLE_ENDIAN) && defined(__GNUC__) && defined(__BYTE_ORDER__) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__)
+# error "IS_LITTLE_ENDIAN is set, but __BYTE_ORDER__ does not equal __ORDER_LITTLE_ENDIAN__"
+#endif
+
+// define this if you want to disable all OS-dependent features,
+// such as sockets and OS-provided random number generators
+// #define NO_OS_DEPENDENCE
+
+// Define this to use features provided by Microsoft's CryptoAPI.
+// Currently the only feature used is random number generation.
+// This macro will be ignored if NO_OS_DEPENDENCE is defined.
+#define USE_MS_CRYPTOAPI
+
+// Define this to ensure C/C++ standard compliance and respect for GCC aliasing rules and other alignment fodder. If you
+// experience a break with GCC at -O3, you should try this first. Guard it in case its set on the command line (and it differs).
+#ifndef CRYPTOPP_NO_UNALIGNED_DATA_ACCESS
+# define CRYPTOPP_NO_UNALIGNED_DATA_ACCESS
+#endif
+
+// ***************** Less Important Settings ***************
+
+// Library version
+#define CRYPTOPP_VERSION 563
+
+// define this to retain (as much as possible) old deprecated function and class names
+// #define CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
+
+// define this to retain (as much as possible) ABI and binary compatibility with Crypto++ 5.6.2.
+// Also see https://cryptopp.com/wiki/Config.h#Avoid_MAINTAIN_BACKWARDS_COMPATIBILITY
+#if (CRYPTOPP_VERSION <= 600)
+# if !defined(CRYPTOPP_NO_BACKWARDS_COMPATIBILITY_562) && !defined(CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562)
+// # define CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
+# endif
+#endif
+
+// Define this if you want or need the library's memcpy_s and memmove_s.
+// See http://github.com/weidai11/cryptopp/issues/28.
+// #if !defined(CRYPTOPP_WANT_SECURE_LIB)
+// # define CRYPTOPP_WANT_SECURE_LIB
+// #endif
+
+// File system code to write to GZIP archive.
+#if !defined(GZIP_OS_CODE)
+# define GZIP_OS_CODE 0
+#endif
+
+// Try this if your CPU has 256K internal cache or a slow multiply instruction
+// and you want a (possibly) faster IDEA implementation using log tables
+// #define IDEA_LARGECACHE
+
+// Define this if, for the linear congruential RNG, you want to use
+// the original constants as specified in S.K. Park and K.W. Miller's
+// CACM paper.
+// #define LCRNG_ORIGINAL_NUMBERS
+
+// choose which style of sockets to wrap (mostly useful for MinGW which has both)
+#if !defined(NO_BERKELEY_STYLE_SOCKETS) && !defined(PREFER_BERKELEY_STYLE_SOCKETS)
+# define PREFER_BERKELEY_STYLE_SOCKETS
+#endif
+
+// #if !defined(NO_WINDOWS_STYLE_SOCKETS) && !defined(PREFER_WINDOWS_STYLE_SOCKETS)
+// # define PREFER_WINDOWS_STYLE_SOCKETS
+// #endif
+
+// set the name of Rijndael cipher, was "Rijndael" before version 5.3
+#define CRYPTOPP_RIJNDAEL_NAME "AES"
+
+// CRYPTOPP_INIT_PRIORITY attempts to manage initialization of C++ static objects.
+// Under GCC, the library uses init_priority attribute in the range
+// [CRYPTOPP_INIT_PRIORITY, CRYPTOPP_INIT_PRIORITY+100]. Under Windows,
+// CRYPTOPP_INIT_PRIORITY enlists "#pragma init_seg(lib)".
+#define CRYPTOPP_INIT_PRIORITY 250
+
+// CRYPTOPP_USER_PRIORITY is for other libraries and user code that is using Crypto++
+// and managing C++ static object creation. It is guaranteed not to conflict with
+// values used by (or would be used by) the Crypto++ library.
+#if defined(CRYPTOPP_INIT_PRIORITY) && (CRYPTOPP_INIT_PRIORITY > 0)
+# define CRYPTOPP_USER_PRIORITY (CRYPTOPP_INIT_PRIORITY + 101)
+#else
+# define CRYPTOPP_USER_PRIORITY 250
+#endif
+
+// ***************** Important Settings Again ********************
+// But the defaults should be ok.
+
+// namespace support is now required
+#ifdef NO_NAMESPACE
+# error namespace support is now required
+#endif
+
+// Define this to workaround a Microsoft CryptoAPI bug where
+// each call to CryptAcquireContext causes a 100 KB memory leak.
+// Defining this will cause Crypto++ to make only one call to CryptAcquireContext.
+#define WORKAROUND_MS_BUG_Q258000
+
+#ifdef CRYPTOPP_DOXYGEN_PROCESSING
+// Document the namespce exists. Put it here before CryptoPP is undefined below.
+//! \namespace CryptoPP
+//! \brief Crypto++ library namespace
+//! \details Nearly all classes are located in the CryptoPP namespace. Within
+//! the namespace, there are two additional namespaces.
+//! <ul>
+//! <li>Name - namespace for names used with \p NameValuePairs and documented in argnames.h
+//! <li>Weak - namespace for weak and wounded algorithms, like ARC4, MD5 and Pananma
+//! </ul>
+namespace CryptoPP { }
+// Bring in the symbols fund in the weak namespace; and fold Weak1 into Weak
+# define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
+# define Weak1 Weak
+// Avoid putting "CryptoPP::" in front of everything in Doxygen output
+# define CryptoPP
+# define NAMESPACE_BEGIN(x)
+# define NAMESPACE_END
+// Get Doxygen to generate better documentation for these typedefs
+# define DOCUMENTED_TYPEDEF(x, y) class y : public x {};
+// Make "protected" "private" so the functions and members are not documented
+# define protected private
+#else
+# define NAMESPACE_BEGIN(x) namespace x {
+# define NAMESPACE_END }
+# define DOCUMENTED_TYPEDEF(x, y) typedef x y;
+#endif
+#define ANONYMOUS_NAMESPACE_BEGIN namespace {
+#define ANONYMOUS_NAMESPACE_END }
+#define USING_NAMESPACE(x) using namespace x;
+#define DOCUMENTED_NAMESPACE_BEGIN(x) namespace x {
+#define DOCUMENTED_NAMESPACE_END }
+
+// What is the type of the third parameter to bind?
+// For Unix, the new standard is ::socklen_t (typically unsigned int), and the old standard is int.
+// Unfortunately there is no way to tell whether or not socklen_t is defined.
+// To work around this, TYPE_OF_SOCKLEN_T is a macro so that you can change it from the makefile.
+#ifndef TYPE_OF_SOCKLEN_T
+# if defined(_WIN32) || defined(__CYGWIN__)
+# define TYPE_OF_SOCKLEN_T int
+# else
+# define TYPE_OF_SOCKLEN_T ::socklen_t
+# endif
+#endif
+
+#if defined(__CYGWIN__) && defined(PREFER_WINDOWS_STYLE_SOCKETS)
+# define __USE_W32_SOCKETS
+#endif
+
+typedef unsigned char byte; // put in global namespace to avoid ambiguity with other byte typedefs
+
+NAMESPACE_BEGIN(CryptoPP)
+
+typedef unsigned short word16;
+typedef unsigned int word32;
+
+#if defined(_MSC_VER) || defined(__BORLANDC__)
+ typedef unsigned __int64 word64;
+ #define W64LIT(x) x##ui64
+#else
+ typedef unsigned long long word64;
+ #define W64LIT(x) x##ULL
+#endif
+
+// define large word type, used for file offsets and such
+typedef word64 lword;
+const lword LWORD_MAX = W64LIT(0xffffffffffffffff);
+
+#ifdef __GNUC__
+ #define CRYPTOPP_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__)
+#endif
+
+// Apple and LLVM's Clang. Apple Clang version 7.0 roughly equals LLVM Clang version 3.7
+#if defined(__clang__ ) && !defined(__apple_build_version__)
+ #define CRYPTOPP_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__)
+#elif defined(__clang__ ) && defined(__apple_build_version__)
+ #define CRYPTOPP_APPLE_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__)
+#endif
+
+#ifdef _MSC_VER
+ #define CRYPTOPP_MSC_VERSION (_MSC_VER)
+#endif
+
+// Need GCC 4.6/Clang 1.7/Apple Clang 2.0 or above due to "GCC diagnostic {push|pop}"
+#if (CRYPTOPP_GCC_VERSION >= 40600) || (CRYPTOPP_CLANG_VERSION >= 10700) || (CRYPTOPP_APPLE_CLANG_VERSION >= 20000)
+ #define CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE 1
+#endif
+
+// Clang due to "Inline assembly operands don't work with .intel_syntax", http://llvm.org/bugs/show_bug.cgi?id=24232
+// TODO: supply the upper version when LLVM fixes it. We set it to 20.0 for compilation purposes.
+#if (defined(CRYPTOPP_CLANG_VERSION) && CRYPTOPP_CLANG_VERSION <= 200000) || (defined(CRYPTOPP_APPLE_CLANG_VERSION) && CRYPTOPP_APPLE_CLANG_VERSION <= 200000)
+ #define CRYPTOPP_DISABLE_INTEL_ASM 1
+#endif
+
+// define hword, word, and dword. these are used for multiprecision integer arithmetic
+// Intel compiler won't have _umul128 until version 10.0. See http://softwarecommunity.intel.com/isn/Community/en-US/forums/thread/30231625.aspx
+#if (defined(_MSC_VER) && (!defined(__INTEL_COMPILER) || __INTEL_COMPILER >= 1000) && (defined(_M_X64) || defined(_M_IA64))) || (defined(__DECCXX) && defined(__alpha__)) || (defined(__INTEL_COMPILER) && (__INTEL_COMPILER < 1000) && defined(__x86_64__)) || (defined(__SUNPRO_CC) && defined(__x86_64__))
+ typedef word32 hword;
+ typedef word64 word;
+#else
+ #define CRYPTOPP_NATIVE_DWORD_AVAILABLE
+ #if defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || defined(__x86_64__) || defined(__mips64) || defined(__sparc64__)
+ #if defined(__GNUC__) && !defined(__INTEL_COMPILER) && !(CRYPTOPP_GCC_VERSION == 40001 && defined(__APPLE__)) && (CRYPTOPP_GCC_VERSION >= 30400)
+ // GCC 4.0.1 on MacOS X is missing __umodti3 and __udivti3
+ // mode(TI) division broken on amd64 with GCC earlier than GCC 3.4
+ #define CRYPTOPP_WORD128_AVAILABLE
+ typedef word32 hword;
+ typedef word64 word;
+ typedef __uint128_t dword;
+ typedef __uint128_t word128;
+ #elif defined(__GNUC__) && (__SIZEOF_INT128__ >= 16)
+ // Detect availabliltiy of int128_t and uint128_t in preprocessor, http://gcc.gnu.org/ml/gcc-help/2015-08/msg00185.html.
+ #define CRYPTOPP_WORD128_AVAILABLE
+ typedef word32 hword;
+ typedef word64 word;
+ typedef __uint128_t dword;
+ typedef __uint128_t word128;
+ #else
+ // if we're here, it means we're on a 64-bit CPU but we don't have a way to obtain 128-bit multiplication results
+ typedef word16 hword;
+ typedef word32 word;
+ typedef word64 dword;
+ #endif
+ #elif defined(__GNUC__) && (__SIZEOF_INT128__ >= 16)
+ // Detect availabliltiy of int128_t and uint128_t in preprocessor, http://gcc.gnu.org/ml/gcc-help/2015-08/msg00185.html.
+ #define CRYPTOPP_WORD128_AVAILABLE
+ typedef word32 hword;
+ typedef word64 word;
+ typedef __uint128_t dword;
+ typedef __uint128_t word128;
+ #else
+ // being here means the native register size is probably 32 bits or less
+ #define CRYPTOPP_BOOL_SLOW_WORD64 1
+ typedef word16 hword;
+ typedef word32 word;
+ typedef word64 dword;
+ #endif
+#endif
+#ifndef CRYPTOPP_BOOL_SLOW_WORD64
+ #define CRYPTOPP_BOOL_SLOW_WORD64 0
+#endif
+
+// Produce a compiler error. It can be commented out, but you may not get the benefit of the fastest integers.
+#if (__SIZEOF_INT128__ >= 16) && !defined(CRYPTOPP_WORD128_AVAILABLE) && !defined(__aarch64__)
+# error "An int128_t and uint128_t are available, but CRYPTOPP_WORD128_AVAILABLE is not defined"
+#endif
+
+const unsigned int WORD_SIZE = sizeof(word);
+const unsigned int WORD_BITS = WORD_SIZE * 8;
+
+NAMESPACE_END
+
+#ifndef CRYPTOPP_L1_CACHE_LINE_SIZE
+ // This should be a lower bound on the L1 cache line size. It's used for defense against timing attacks.
+ // Also see http://stackoverflow.com/questions/794632/programmatically-get-the-cache-line-size.
+ #if defined(_M_X64) || defined(__x86_64__) || (__ILP32__ >= 1)
+ #define CRYPTOPP_L1_CACHE_LINE_SIZE 64
+ #else
+ // L1 cache line size is 32 on Pentium III and earlier
+ #define CRYPTOPP_L1_CACHE_LINE_SIZE 32
+ #endif
+#endif
+
+#if defined(_MSC_VER)
+ #if _MSC_VER == 1200
+ #include <malloc.h>
+ #endif
+ #if _MSC_VER > 1200 || defined(_mm_free)
+ #define CRYPTOPP_MSVC6PP_OR_LATER // VC 6 processor pack or later
+ #else
+ #define CRYPTOPP_MSVC6_NO_PP // VC 6 without processor pack
+ #endif
+#endif
+
+#ifndef CRYPTOPP_ALIGN_DATA
+ #if defined(CRYPTOPP_MSVC6PP_OR_LATER)
+ #define CRYPTOPP_ALIGN_DATA(x) __declspec(align(x))
+ #elif defined(__GNUC__)
+ #define CRYPTOPP_ALIGN_DATA(x) __attribute__((aligned(x)))
+ #else
+ #define CRYPTOPP_ALIGN_DATA(x)
+ #endif
+#endif
+
+#ifndef CRYPTOPP_SECTION_ALIGN16
+#if defined(__GNUC__) && !defined(__APPLE__)
+ // the alignment attribute doesn't seem to work without this section attribute when -fdata-sections is turned on
+ #define CRYPTOPP_SECTION_ALIGN16 __attribute__((section ("CryptoPP_Align16")))
+ #else
+ #define CRYPTOPP_SECTION_ALIGN16
+ #endif
+#endif
+
+#if defined(_MSC_VER) || defined(__fastcall)
+ #define CRYPTOPP_FASTCALL __fastcall
+#else
+ #define CRYPTOPP_FASTCALL
+#endif
+
+// VC60 workaround: it doesn't allow typename in some places
+#if defined(_MSC_VER) && (_MSC_VER < 1300)
+#define CPP_TYPENAME
+#else
+#define CPP_TYPENAME typename
+#endif
+
+// VC60 workaround: can't cast unsigned __int64 to float or double
+#if defined(_MSC_VER) && !defined(CRYPTOPP_MSVC6PP_OR_LATER)
+#define CRYPTOPP_VC6_INT64 (__int64)
+#else
+#define CRYPTOPP_VC6_INT64
+#endif
+
+#ifdef _MSC_VER
+#define CRYPTOPP_NO_VTABLE __declspec(novtable)
+#else
+#define CRYPTOPP_NO_VTABLE
+#endif
+
+#ifdef _MSC_VER
+ // 4127: conditional expression is constant
+ // 4231: nonstandard extension used : 'extern' before template explicit instantiation
+ // 4250: dominance
+ // 4251: member needs to have dll-interface
+ // 4275: base needs to have dll-interface
+ // 4505: unreferenced local function
+ // 4512: assignment operator not generated
+ // 4660: explicitly instantiating a class that's already implicitly instantiated
+ // 4661: no suitable definition provided for explicit template instantiation request
+ // 4786: identifer was truncated in debug information
+ // 4355: 'this' : used in base member initializer list
+ // 4910: '__declspec(dllexport)' and 'extern' are incompatible on an explicit instantiation
+# pragma warning(disable: 4127 4231 4250 4251 4275 4505 4512 4660 4661 4786 4355 4910)
+ // Security related, possible defects
+ // http://blogs.msdn.com/b/vcblog/archive/2010/12/14/off-by-default-compiler-warnings-in-visual-c.aspx
+# pragma warning(once: 4191 4242 4263 4264 4266 4302 4826 4905 4906 4928)
+#endif
+
+#ifdef __BORLANDC__
+// 8037: non-const function called for const object. needed to work around BCB2006 bug
+# pragma warn -8037
+#endif
+
+// [GCC Bug 53431] "C++ preprocessor ignores #pragma GCC diagnostic". Clang honors it.
+#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE
+# pragma GCC diagnostic ignored "-Wunknown-pragmas"
+# pragma GCC diagnostic ignored "-Wunused-function"
+#endif
+
+#if (defined(_MSC_VER) && _MSC_VER <= 1300) || defined(__MWERKS__) || defined(_STLPORT_VERSION)
+#define CRYPTOPP_DISABLE_UNCAUGHT_EXCEPTION
+#endif
+
+#ifndef CRYPTOPP_DISABLE_UNCAUGHT_EXCEPTION
+#define CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE
+#endif
+
+#ifdef CRYPTOPP_DISABLE_X86ASM // for backwards compatibility: this macro had both meanings
+#define CRYPTOPP_DISABLE_ASM
+#define CRYPTOPP_DISABLE_SSE2
+#endif
+
+// Apple's Clang prior to 5.0 cannot handle SSE2 (and Apple does not use LLVM Clang numbering...)
+#if defined(CRYPTOPP_APPLE_CLANG_VERSION) && (CRYPTOPP_APPLE_CLANG_VERSION < 50000)
+# define CRYPTOPP_DISABLE_ASM
+#endif
+
+#if !defined(CRYPTOPP_DISABLE_ASM) && ((defined(_MSC_VER) && defined(_M_IX86)) || (defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__))))
+ // C++Builder 2010 does not allow "call label" where label is defined within inline assembly
+ #define CRYPTOPP_X86_ASM_AVAILABLE
+
+ #if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || CRYPTOPP_GCC_VERSION >= 30300 || defined(__SSE2__))
+ #define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 1
+ #else
+ #define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 0
+ #endif
+
+ // SSE3 was actually introduced in GNU as 2.17, which was released 6/23/2006, but we can't tell what version of binutils is installed.
+ // GCC 4.1.2 was released on 2/13/2007, so we'll use that as a proxy for the binutils version. Also see the output of
+ // `gcc -dM -E -march=native - < /dev/null | grep -i SSE` for preprocessor defines available.
+ #if !defined(CRYPTOPP_DISABLE_SSSE3) && (_MSC_VER >= 1400 || CRYPTOPP_GCC_VERSION >= 40102 || defined(__SSSE3__) || defined(__SSE3__))
+ #define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 1
+ #else
+ #define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 0
+ #endif
+#endif
+
+#if !defined(CRYPTOPP_DISABLE_ASM) && defined(_MSC_VER) && defined(_M_X64)
+ #define CRYPTOPP_X64_MASM_AVAILABLE
+#endif
+
+#if !defined(CRYPTOPP_DISABLE_ASM) && defined(__GNUC__) && defined(__x86_64__)
+ #define CRYPTOPP_X64_ASM_AVAILABLE
+#endif
+
+#if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || defined(__SSE2__))
+ #define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 1
+#else
+ #define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 0
+#endif
+
+#if !defined(CRYPTOPP_DISABLE_SSSE3) && !defined(CRYPTOPP_DISABLE_AESNI) && CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE && (CRYPTOPP_GCC_VERSION >= 40400 || _MSC_FULL_VER >= 150030729 || __INTEL_COMPILER >= 1110 || defined(__AES__))
+ #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1
+#else
+ #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 0
+#endif
+
+#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE)
+ #define CRYPTOPP_BOOL_ALIGN16 1
+#else
+ #define CRYPTOPP_BOOL_ALIGN16 0
+#endif
+
+// how to allocate 16-byte aligned memory (for SSE2)
+#if defined(CRYPTOPP_MSVC6PP_OR_LATER)
+ #define CRYPTOPP_MM_MALLOC_AVAILABLE
+#elif defined(__APPLE__)
+ #define CRYPTOPP_APPLE_MALLOC_AVAILABLE
+#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
+ #define CRYPTOPP_MALLOC_ALIGNMENT_IS_16
+#elif defined(__linux__) || defined(__sun__) || defined(__CYGWIN__)
+ #define CRYPTOPP_MEMALIGN_AVAILABLE
+#else
+ #define CRYPTOPP_NO_ALIGNED_ALLOC
+#endif
+
+// Apple always provides 16-byte aligned, and tells us to use calloc
+// http://developer.apple.com/library/mac/documentation/Performance/Conceptual/ManagingMemory/Articles/MemoryAlloc.html
+
+// how to disable inlining
+#if defined(_MSC_VER) && _MSC_VER >= 1300
+# define CRYPTOPP_NOINLINE_DOTDOTDOT
+# define CRYPTOPP_NOINLINE __declspec(noinline)
+#elif defined(__GNUC__)
+# define CRYPTOPP_NOINLINE_DOTDOTDOT
+# define CRYPTOPP_NOINLINE __attribute__((noinline))
+#else
+# define CRYPTOPP_NOINLINE_DOTDOTDOT ...
+# define CRYPTOPP_NOINLINE
+#endif
+
+// how to declare class constants
+#if (defined(_MSC_VER) && _MSC_VER <= 1300) || defined(__INTEL_COMPILER)
+# define CRYPTOPP_CONSTANT(x) enum {x};
+#else
+# define CRYPTOPP_CONSTANT(x) static const int x;
+#endif
+
+// Linux provides X32, which is 32-bit integers, longs and pointers on x86_64 using the full x86_64 register set.
+// Detect via __ILP32__ (http://wiki.debian.org/X32Port). Both GCC and Clang provide the preprocessor macro.
+#if ((__ILP32__ >= 1) || (_ILP32 >= 1))
+ #define CRYPTOPP_BOOL_X32 1
+#else
+ #define CRYPTOPP_BOOL_X32 0
+#endif
+
+// see http://predef.sourceforge.net/prearch.html
+#if (defined(_M_IX86) || defined(__i386__) || defined(__i386) || defined(_X86_) || defined(__I86__) || defined(__INTEL__)) && !CRYPTOPP_BOOL_X32
+ #define CRYPTOPP_BOOL_X86 1
+#else
+ #define CRYPTOPP_BOOL_X86 0
+#endif
+
+#if (defined(_M_X64) || defined(__x86_64__)) && !CRYPTOPP_BOOL_X32
+ #define CRYPTOPP_BOOL_X64 1
+#else
+ #define CRYPTOPP_BOOL_X64 0
+#endif
+
+// Undo the ASM and Intrinsic related defines due to X32.
+#if CRYPTOPP_BOOL_X32
+# undef CRYPTOPP_BOOL_X64
+# undef CRYPTOPP_X64_ASM_AVAILABLE
+# undef CRYPTOPP_X64_MASM_AVAILABLE
+#endif
+
+#if !defined(CRYPTOPP_NO_UNALIGNED_DATA_ACCESS) && !defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS)
+#if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || defined(__powerpc__) || (__ARM_FEATURE_UNALIGNED >= 1))
+ #define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS
+#endif
+#endif
+
+// ***************** determine availability of OS features ********************
+
+#ifndef NO_OS_DEPENDENCE
+
+#if defined(_WIN32) || defined(__CYGWIN__)
+#define CRYPTOPP_WIN32_AVAILABLE
+#endif
+
+#if defined(__unix__) || defined(__MACH__) || defined(__NetBSD__) || defined(__sun)
+#define CRYPTOPP_UNIX_AVAILABLE
+#endif
+
+#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__)
+#define CRYPTOPP_BSD_AVAILABLE
+#endif
+
+#if defined(CRYPTOPP_WIN32_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE)
+# define HIGHRES_TIMER_AVAILABLE
+#endif
+
+#ifdef CRYPTOPP_UNIX_AVAILABLE
+# define HAS_BERKELEY_STYLE_SOCKETS
+#endif
+
+#ifdef CRYPTOPP_WIN32_AVAILABLE
+# define HAS_WINDOWS_STYLE_SOCKETS
+#endif
+
+#if defined(HIGHRES_TIMER_AVAILABLE) && (defined(HAS_BERKELEY_STYLE_SOCKETS) || defined(HAS_WINDOWS_STYLE_SOCKETS))
+# define SOCKETS_AVAILABLE
+#endif
+
+#if defined(HAS_WINDOWS_STYLE_SOCKETS) && (!defined(HAS_BERKELEY_STYLE_SOCKETS) || defined(PREFER_WINDOWS_STYLE_SOCKETS))
+# define USE_WINDOWS_STYLE_SOCKETS
+#else
+# define USE_BERKELEY_STYLE_SOCKETS
+#endif
+
+#if defined(HIGHRES_TIMER_AVAILABLE) && defined(CRYPTOPP_WIN32_AVAILABLE) && !defined(USE_BERKELEY_STYLE_SOCKETS)
+# define WINDOWS_PIPES_AVAILABLE
+#endif
+
+#if defined(CRYPTOPP_WIN32_AVAILABLE) && defined(USE_MS_CRYPTOAPI)
+# define NONBLOCKING_RNG_AVAILABLE
+# define OS_RNG_AVAILABLE
+#endif
+
+#if defined(CRYPTOPP_UNIX_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING)
+# define NONBLOCKING_RNG_AVAILABLE
+# define BLOCKING_RNG_AVAILABLE
+# define OS_RNG_AVAILABLE
+# define HAS_PTHREADS
+# define THREADS_AVAILABLE
+#endif
+
+#ifdef CRYPTOPP_WIN32_AVAILABLE
+# define HAS_WINTHREADS
+# define THREADS_AVAILABLE
+#endif
+
+#endif // NO_OS_DEPENDENCE
+
+// ***************** DLL related ********************
+
+#if defined(CRYPTOPP_WIN32_AVAILABLE) && !defined(CRYPTOPP_DOXYGEN_PROCESSING)
+
+#ifdef CRYPTOPP_EXPORTS
+#define CRYPTOPP_IS_DLL
+#define CRYPTOPP_DLL __declspec(dllexport)
+#elif defined(CRYPTOPP_IMPORTS)
+#define CRYPTOPP_IS_DLL
+#define CRYPTOPP_DLL __declspec(dllimport)
+#else
+#define CRYPTOPP_DLL
+#endif
+
+#define CRYPTOPP_API __cdecl
+
+#else // not CRYPTOPP_WIN32_AVAILABLE
+
+#define CRYPTOPP_DLL
+#define CRYPTOPP_API
+
+#endif // CRYPTOPP_WIN32_AVAILABLE
+
+#if defined(__MWERKS__)
+#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS extern class CRYPTOPP_DLL
+#elif defined(__BORLANDC__) || defined(__SUNPRO_CC)
+#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS template class CRYPTOPP_DLL
+#else
+#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS extern template class CRYPTOPP_DLL
+#endif
+
+#if defined(CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES) && !defined(CRYPTOPP_IMPORTS)
+#define CRYPTOPP_DLL_TEMPLATE_CLASS template class CRYPTOPP_DLL
+#else
+#define CRYPTOPP_DLL_TEMPLATE_CLASS CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS
+#endif
+
+#if defined(__MWERKS__)
+#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS extern class
+#elif defined(__BORLANDC__) || defined(__SUNPRO_CC)
+#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS template class
+#else
+#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS extern template class
+#endif
+
+#if defined(CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES) && !defined(CRYPTOPP_EXPORTS)
+#define CRYPTOPP_STATIC_TEMPLATE_CLASS template class
+#else
+#define CRYPTOPP_STATIC_TEMPLATE_CLASS CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS
+#endif
+
+// ************** Unused variable ***************
+
+// Portable way to suppress warnings.
+// Moved from misc.h due to circular depenedencies.
+#define CRYPTOPP_UNUSED(x) ((void)x)
+
+// ***************** C++11 related ********************
+
+// Visual Studio began at VS2010, http://msdn.microsoft.com/en-us/library/hh567368%28v=vs.110%29.aspx.
+// Intel and C++11 language features, http://software.intel.com/en-us/articles/c0x-features-supported-by-intel-c-compiler
+// GCC and C++11 language features, http://gcc.gnu.org/projects/cxx0x.html
+// Clang and C++11 language features, http://clang.llvm.org/cxx_status.html
+#if (_MSC_VER >= 1600) || (__cplusplus >= 201103L)
+# define CRYPTOPP_CXX11 1
+#endif
+
+// Hack ahead. Apple's standard library does not have C++'s unique_ptr in C++11. We can't
+// test for unique_ptr directly because some of the non-Apple Clangs on OS X fail the same
+// way. However, modern standard libraries have <forward_list>, so we test for it instead.
+// Thanks to Jonathan Wakely for devising the clever test for modern/ancient versions.
+// TODO: test under Xcode 3, where g++ is really g++.
+#if defined(__APPLE__) && defined(__clang__)
+# if !(defined(__has_include) && __has_include(<forward_list>))
+# undef CRYPTOPP_CXX11
+# endif
+#endif
+
+// C++11 or C++14 is available
+#if defined(CRYPTOPP_CXX11)
+
+// alignof/alignas: MS at VS2013 (19.00); GCC at 4.8; Clang at 3.3; and Intel 15.0.
+#if (CRYPTOPP_MSC_VERSION >= 1900)
+# define CRYPTOPP_CXX11_ALIGNAS 1
+# define CRYPTOPP_CXX11_ALIGNOF 1
+#elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1500)
+# define CRYPTOPP_CXX11_ALIGNAS 1
+# define CRYPTOPP_CXX11_ALIGNOF 1
+#elif defined(__clang__)
+# if __has_feature(cxx_alignof)
+# define CRYPTOPP_CXX11_ALIGNAS 1
+# define CRYPTOPP_CXX11_ALIGNOF 1
+# endif
+#elif (CRYPTOPP_GCC_VERSION >= 40800)
+# define CRYPTOPP_CXX11_ALIGNAS 1
+# define CRYPTOPP_CXX11_ALIGNOF 1
+#endif // alignof/alignas
+
+// noexcept: MS at VS2015 (19.00); GCC at 4.6; Clang at 3.0; and Intel 14.0.
+#if (CRYPTOPP_MSC_VERSION >= 1900)
+# define CRYPTOPP_CXX11_NOEXCEPT 1
+#elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1400)
+# define CRYPTOPP_CXX11_NOEXCEPT 1
+#elif defined(__clang__)
+# if __has_feature(cxx_noexcept)
+# define CRYPTOPP_CXX11_NOEXCEPT 1
+# endif
+#elif (CRYPTOPP_GCC_VERSION >= 40600)
+# define CRYPTOPP_CXX11_NOEXCEPT 1
+#endif // noexcept compilers
+
+// variadic templates: MS at VS2013 (18.00); GCC at 4.3; Clang at 2.9; and Intel 12.1.
+#if (CRYPTOPP_MSC_VERSION >= 1800)
+# define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
+#elif defined(__INTEL_COMPILER) && (__INTEL_COMPILER >= 1210)
+# define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
+#elif defined(__clang__)
+# if __has_feature(cxx_variadic_templates)
+# define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
+# endif
+#elif (CRYPTOPP_GCC_VERSION >= 40300)
+# define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1
+#endif // variadic templates
+
+// TODO: Emplacement, R-values and Move semantics
+// Needed because we are catching warnings with GCC and MSC
+
+#endif // CRYPTOPP_CXX11
+
+#if defined(CRYPTOPP_CXX11_NOEXCEPT)
+# define CRYPTOPP_THROW noexcept(false)
+# define CRYPTOPP_NO_THROW noexcept(true)
+#else
+# define CRYPTOPP_THROW
+# define CRYPTOPP_NO_THROW
+#endif // CRYPTOPP_CXX11_NOEXCEPT
+
+// OK to comment the following out, but please report it so we can fix it.
+#if (defined(__cplusplus) && (__cplusplus >= 199711L)) && !defined(CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE)
+# error "std::uncaught_exception is not available. This is likely a configuration error."
+#endif
+
+#endif
diff --git a/cryptest.sh b/cryptest.sh index 2a880e5b..b4321601 100755 --- a/cryptest.sh +++ b/cryptest.sh @@ -7,9 +7,9 @@ # to automate building the library and running the self test with various # combinations of flags, options, and conditions. -# Everything is tee'd into cryptest-result.txt. Change it to suite your taste. -# You should be able to use `egrep "(error|FAILED)" cryptest-result.txt` to -# quickly find errors and failures. +# Everything is tee'd into cryptest-result.txt. Change it to suite your taste. You +# should be able to use `egrep -a "(Error|error|FAILED|Illegal)" cryptest-result.txt` +# to quickly find errors and failures. # Set to suite your taste TEST_RESULTS=cryptest-result.txt @@ -142,10 +142,6 @@ echo "User CXXFLAGS: $CXXFLAGS" echo "Retained CXXFLAGS: $ADD_CXXFLAGS" echo "Compiler:" $($CXX --version | head -1) -# Remove previous test results -rm -f "$TEST_RESULTS" > /dev/null 2>&1 -touch "$TEST_RESULTS" - TEST_BEGIN=$(date) echo echo "Start time: $TEST_BEGIN" @@ -153,6 +149,16 @@ echo "Start time: $TEST_BEGIN" ############################################ ############################################ +# Remove previous test results +rm -f "$TEST_RESULTS" > /dev/null 2>&1 +touch "$TEST_RESULTS" + +rm -f "$BENCHMARK_RESULTS" > /dev/null 2>&1 +touch "$BENCHMARK_RESULTS" + +rm -f "$WARN_RESULTS" > /dev/null 2>&1 +touch "$WARN_RESULTS" + ############################################ # Basic debug build echo @@ -7,22 +7,26 @@ <dl>
<dt>Abstract Base Classes<dd>
cryptlib.h
-<dt>Authenticated Encryption<dd>
- AuthenticatedSymmetricCipherDocumentation
-<dt>Symmetric Ciphers<dd>
- SymmetricCipherDocumentation
+<dt>Authenticated Encryption Modes<dd>
+ CCM, EAX, \ref GCM "GCM (2K tables)", \ref GCM "GCM (64K tables)"
+<dt>Block Ciphers<dd>
+ \ref Rijndael "AES", Weak::ARC4, Blowfish, BTEA, Camellia, CAST128, CAST256, DES, \ref DES_EDE2 "2-key Triple-DES", \ref DES_EDE3 "3-key Triple-DES",
+ \ref DES_XEX3 "DESX", GOST, IDEA, \ref LR "Luby-Rackoff", MARS, RC2, RC5, RC6, \ref SAFER_K "SAFER-K", \ref SAFER_SK "SAFER-SK", SEED, Serpent,
+ \ref SHACAL2 "SHACAL-2", SHARK, SKIPJACK,
+Square, TEA, \ref ThreeWay "3-Way", Twofish, XTEA
+<dt>Stream Ciphers<dd>
+ \ref Panama "Panama-LE", \ref Panama "Panama-BE", Salsa20, \ref SEAL "SEAL-LE", \ref SEAL "SEAL-BE", WAKE, XSalsa20
<dt>Hash Functions<dd>
- SHA1, SHA224, SHA256, SHA384, SHA512, Tiger, Whirlpool, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, Weak::MD2, Weak::MD4, Weak::MD5
+ SHA1, SHA224, SHA256, SHA384, SHA512, \ref SHA3 "SHA-3", Tiger, Whirlpool, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, Weak::MD2, Weak::MD4, Weak::MD5
<dt>Non-Cryptographic Checksums<dd>
CRC32, Adler32
<dt>Message Authentication Codes<dd>
- VMAC, HMAC, CBC_MAC, CMAC, DMAC, TTMAC, GCM (GMAC)
+ VMAC, HMAC, CBC_MAC, CMAC, DMAC, TTMAC, \ref GCM "GCM (GMAC)"
<dt>Random Number Generators<dd>
- NullRNG(), LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG
-<dt>Key Derivation<dd>
- HKDF
-<dt>Password-based Cryptography<dd>
- PasswordBasedKeyDerivationFunction
+ NullRNG(), LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG,
+ \ref MersenneTwister "MersenneTwister (MT19937 and MT19937-AR)", RDRAND, RDSEED
+<dt>Key Derivation and Password-based Cryptography<dd>
+ HKDF, \ref PKCS12_PBKDF "PBKDF (PKCS #12)", \ref PKCS5_PBKDF1 "PBKDF-1 (PKCS #5)", \ref PKCS5_PBKDF2_HMAC "PBKDF-2/HMAC (PKCS #5)"
<dt>Public Key Cryptosystems<dd>
DLIES, ECIES, LUCES, RSAES, RabinES, LUC_IES
<dt>Public Key Signature Schemes<dd>
@@ -31,8 +35,7 @@ DH, DH2, MQV, ECDH, ECMQV, XTR_DH
<dt>Algebraic Structures<dd>
Integer, PolynomialMod2, PolynomialOver, RingOfPolynomialsOver,
- ModularArithmetic, MontgomeryRepresentation, GFP2_ONB,
- GF2NP, GF256, GF2_32, EC2N, ECP
+ ModularArithmetic, MontgomeryRepresentation, GFP2_ONB, GF2NP, GF256, GF2_32, EC2N, ECP
<dt>Secret Sharing and Information Dispersal<dd>
SecretSharing, SecretRecovery, InformationDispersal, InformationRecovery
<dt>Compression<dd>
@@ -40,23 +43,23 @@ <dt>Input Source Classes<dd>
StringSource, ArraySource, FileSource, SocketSource, WindowsPipeSource, RandomNumberSource
<dt>Output Sink Classes<dd>
- StringSinkTemplate, ArraySink, FileSink, SocketSink, WindowsPipeSink, RandomNumberSink
+ StringSinkTemplate, StringSink, ArraySink, FileSink, SocketSink, WindowsPipeSink, RandomNumberSink
<dt>Filter Wrappers<dd>
StreamTransformationFilter, HashFilter, HashVerificationFilter, SignerFilter, SignatureVerificationFilter
<dt>Binary to Text Encoders and Decoders<dd>
- HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base32Encoder, Base32Decoder
+ HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base64URLEncoder, Base64URLDecoder, Base32Encoder, Base32Decoder
<dt>Wrappers for OS features<dd>
Timer, Socket, WindowsHandle, ThreadLocalStorage, ThreadUserTimer
-<dt>FIPS 140 related<dd>
+<dt>FIPS 140 validated cryptography<dd>
fips140.h
</dl>
In the DLL version of Crypto++, only the following implementation class are available.
<dl>
<dt>Block Ciphers<dd>
- AES, DES_EDE2, DES_EDE3, SKIPJACK
+ AES, \ref DES_EDE2 "2-key Triple-DES", \ref DES_EDE3 "3-key Triple-DES", SKIPJACK
<dt>Cipher Modes (replace template parameter BC with one of the block ciphers above)<dd>
- ECB_Mode\<BC\>, CTR_Mode\<BC\>, CBC_Mode\<BC\>, CFB_FIPS_Mode\<BC\>, OFB_Mode\<BC\>, GCM\<AES\>
+ \ref ECB_Mode "ECB_Mode<BC>", \ref CTR_Mode "CTR_Mode<BC>", \ref CBC_Mode "CBC_Mode<BC>", \ref CFB_FIPS_Mode "CFB_FIPS_Mode<BC>", \ref OFB_Mode "OFB_Mode<BC>", \ref GCM "GCM<AES>"
<dt>Hash Functions<dd>
SHA1, SHA224, SHA256, SHA384, SHA512
<dt>Public Key Signature Schemes (replace template parameter H with one of the hash functions above)<dd>
@@ -226,15 +229,17 @@ struct CRYPTOPP_DLL DecodingResult //! \brief Compare two DecodingResult
//! \param rhs the other DecodingResult
- //! \returns true if both isValidCoding and messageLength are equal, false otherwise
+ //! \returns true if both isValidCoding and messageLength are equal, false otherwise
bool operator==(const DecodingResult &rhs) const {return isValidCoding == rhs.isValidCoding && messageLength == rhs.messageLength;}
//! \brief Compare two DecodingResult
//! \param rhs the other DecodingResult
- //! \returns true if both isValidCoding and messageLength are \a not equal, false otherwise
+ //! \returns true if either isValidCoding or messageLength is \a not equal, false otherwise
//! \details Returns <tt>!operator==(rhs)</tt>.
bool operator!=(const DecodingResult &rhs) const {return !operator==(rhs);}
+ //! \brief Flag to indicate the decoding is valid
bool isValidCoding;
+ //! \brief Recovered message length if isValidCoding is true, undefined otherwise
size_t messageLength;
#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
@@ -590,7 +595,7 @@ public: }
//! \brief Gets a secure IV for the next message
- //! \param rng a RandomNumberGenerator to produce keying material
+ //! \param rng a RandomNumberGenerator to produce keying material
//! \param iv a block of bytes to receive the IV
//! \details This method should be called after you finish encrypting one message and are ready
//! to start the next one. After calling it, you must call SetKey() or Resynchronize()
@@ -735,7 +740,7 @@ public: //! \sa IsForwardTransformation(), IsPermutation(), GetCipherDirection()
inline CipherDir GetCipherDirection() const {return IsForwardTransformation() ? ENCRYPTION : DECRYPTION;}
-
+
#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
virtual ~BlockTransformation() {}
#endif
@@ -836,7 +841,7 @@ public: //! \returns true if DIR is ENCRYPTION, false otherwise
//! \sa IsForwardTransformation(), IsPermutation(), GetCipherDirection()
virtual bool IsForwardTransformation() const =0;
-
+
#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
virtual ~StreamTransformation() {}
#endif
@@ -991,7 +996,7 @@ public: //! \details VerifyTruncatedDigest() restarts the hash for the next nmessage.
virtual bool VerifyTruncatedDigest(const byte *digest, size_t digestLength, const byte *input, size_t length)
{Update(input, length); return TruncatedVerify(digest, digestLength);}
-
+
#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
virtual ~HashTransformation() {}
#endif
@@ -1057,7 +1062,7 @@ public: // redeclare this to avoid compiler ambiguity errors
virtual std::string AlgorithmName() const =0;
-
+
#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
virtual ~AuthenticatedSymmetricCipher() {}
#endif
@@ -1169,6 +1174,7 @@ public: word16 GetShort(word16 a=0, word16 b=0xffff) {return (word16)GenerateWord32(a, b);}
void GetBlock(byte *output, size_t size) {GenerateBlock(output, size);}
#endif
+
};
//! \brief Random Number Generator that does not produce random numbers
@@ -1874,7 +1880,7 @@ public: virtual void Attach(BufferedTransformation *newAttachment);
//@}
-
+
#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
virtual ~BufferedTransformation() {}
#endif
@@ -1910,7 +1916,7 @@ public: virtual void AssignFrom(const NameValuePairs &source) =0;
//! \brief Check this object for errors
- //! \param rng a RandomNumberGenerator for objects which use randominzed testing
+ //! \param rng a RandomNumberGenerator for objects which use randomized testing
//! \param level the level of thoroughness
//! \returns true if the tests succeed, false otherwise
//! \details There are four levels of thoroughness:
@@ -1920,13 +1926,13 @@ public: //! <li>2 - ensure this object will function correctly, and perform reasonable security checks
//! <li>3 - perform reasonable security checks, and do checks that may take a long time
//! </ul>
- //! \details Level 0 does not require a RandomNumberGenerator. A NullRNG () can be used for level 0.
+ //! \details Level 0 does not require a RandomNumberGenerator. A NullRNG() can be used for level 0.
//! \details Level 1 may not check for weak keys and such.
//! \details Levels 2 and 3 are recommended.
virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0;
//! \brief Check this object for errors
- //! \param rng a RandomNumberGenerator for objects which use randominzed testing
+ //! \param rng a RandomNumberGenerator for objects which use randomized testing
//! \param level the level of thoroughness
//! \throws InvalidMaterial
//! \details Internally, ThrowIfInvalid() calls Validate() and throws InvalidMaterial if validation fails.
@@ -1987,7 +1993,7 @@ public: // for internal library use
void DoQuickSanityCheck() const {ThrowIfInvalid(NullRNG(), 0);}
-
+
#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
virtual ~CryptoMaterial() {}
#endif
@@ -2005,7 +2011,7 @@ class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GeneratableCryptoMaterial : virtual public public:
//! \brief Generate a random key or crypto parameters
- //! \param rng a RandomNumberGenerator to produce keying material
+ //! \param rng a RandomNumberGenerator to produce keying material
//! \param params additional initialization parameters
//! \throws KeyingErr if a key can't be generated or algorithm parameters are invalid
//! \details If a derived class does not override GenerateRandom, then the base class throws
@@ -2016,13 +2022,13 @@ public: }
//! \brief Generate a random key or crypto parameters
- //! \param rng a RandomNumberGenerator to produce keying material
+ //! \param rng a RandomNumberGenerator to produce keying material
//! \param keySize the size of the key, in bits
//! \throws KeyingErr if a key can't be generated or algorithm parameters are invalid
//! \details GenerateRandomWithKeySize calls GenerateRandom with a NameValuePairs
//! object with only "KeySize"
void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize);
-
+
#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
virtual ~GeneratableCryptoMaterial() {}
#endif
@@ -2062,7 +2068,7 @@ public: //! for backwards compatibility, calls GetMaterial().Save(bt)
void DEREncode(BufferedTransformation &bt) const
{GetMaterial().Save(bt);}
-
+
#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
virtual ~AsymmetricAlgorithm() {}
#endif
@@ -2079,7 +2085,7 @@ public: virtual PublicKey & AccessPublicKey() =0;
virtual const PublicKey & GetPublicKey() const {return const_cast<PublicKeyAlgorithm *>(this)->AccessPublicKey();}
-
+
#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
virtual ~PublicKeyAlgorithm() {}
#endif
@@ -2095,7 +2101,7 @@ public: virtual PrivateKey & AccessPrivateKey() =0;
virtual const PrivateKey & GetPrivateKey() const {return const_cast<PrivateKeyAlgorithm *>(this)->AccessPrivateKey();}
-
+
#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
virtual ~PrivateKeyAlgorithm() {}
#endif
@@ -2111,7 +2117,7 @@ public: virtual CryptoParameters & AccessCryptoParameters() =0;
virtual const CryptoParameters & GetCryptoParameters() const {return const_cast<KeyAgreementAlgorithm *>(this)->AccessCryptoParameters();}
-
+
#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
virtual ~KeyAgreementAlgorithm() {}
#endif
@@ -2146,49 +2152,65 @@ public: //! return maximum plaintext length given the fixed ciphertext length, if one exists, otherwise return 0
virtual size_t FixedMaxPlaintextLength() const {return 0;}
-
+
#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY
size_t MaxPlainTextLength(size_t cipherTextLength) const {return MaxPlaintextLength(cipherTextLength);}
size_t CipherTextLength(size_t plainTextLength) const {return CiphertextLength(plainTextLength);}
#endif
};
+//! \class PK_Encryptor
//! \brief Interface for public-key encryptors
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Encryptor : public PK_CryptoSystem, public PublicKeyAlgorithm
{
public:
- //! exception thrown when trying to encrypt plaintext of invalid length
+ //! \brief Exception thrown when trying to encrypt plaintext of invalid length
class CRYPTOPP_DLL InvalidPlaintextLength : public Exception
{
public:
InvalidPlaintextLength() : Exception(OTHER_ERROR, "PK_Encryptor: invalid plaintext length") {}
};
- //! encrypt a byte string
- /*! re CiphertextLength(plaintextLength) != 0 (i.e., plaintext isn't too long)
- re size of ciphertext == CiphertextLength(plaintextLength)
- */
+ //! \brief Encrypt a byte string
+ //! \param rng a RandomNumberGenerator derived class
+ //! \param plaintext the plaintext byte buffer
+ //! \param plaintextLength the size of the plaintext byte buffer
+ //! \param ciphertext a byte buffer to hold the encrypted string
+ //! \param parameters additional configuration options
+ //! \pre <tt>CiphertextLength(plaintextLength) != 0</tt> ensures the plaintext isn't too large
+ //! \pre <tt>COUNTOF(ciphertext) == CiphertextLength(plaintextLength)</tt> ensures the output
+ //! byte buffer is large enough.
+ //! \sa PK_Decryptor
virtual void Encrypt(RandomNumberGenerator &rng,
const byte *plaintext, size_t plaintextLength,
byte *ciphertext, const NameValuePairs ¶meters = g_nullNameValuePairs) const =0;
- //! create a new encryption filter
- /*! \note The caller is responsible for deleting the returned pointer.
- \note Encoding parameters should be passed in the "EP" channel.
- */
+ //! \brief Create a new encryption filter
+ //! \note The caller is responsible for deleting the returned pointer.
+ //! \note Encoding parameters should be passed in the "EP" channel.
virtual BufferedTransformation * CreateEncryptionFilter(RandomNumberGenerator &rng,
BufferedTransformation *attachment=NULL, const NameValuePairs ¶meters = g_nullNameValuePairs) const;
};
+//! \class PK_Decryptor
//! \brief Interface for public-key decryptors
-
class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Decryptor : public PK_CryptoSystem, public PrivateKeyAlgorithm
{
public:
- //! decrypt a byte string, and return the length of plaintext
- /*! re size of plaintext == MaxPlaintextLength(ciphertextLength) bytes.
- \returns the actual length of the plaintext, indication that decryption failed.
- */
+ //! \brief Decrypt a byte string
+ //! \param rng a RandomNumberGenerator derived class
+ //! \param ciphertext the encrypted byte buffer
+ //! \param ciphertextLength the size of the encrypted byte buffer
+ //! \param plaintext a byte buffer to hold the decrypted string
+ //! \param parameters additional configuration options
+ //! \returns the result of the decryption operation
+ //! \pre <tt>COUNTOF(plaintext) == MaxPlaintextLength(ciphertextLength)</tt> ensures the output
+ //! byte buffer is large enough
+ //! \details If DecodingResult::isValidCoding is true, then DecodingResult::messageLength
+ //! is valid and holds the the actual length of the plaintext recovered.
+ //! on success. The result is undefined if decryption failed. If DecodingResult::isValidCoding
+ //! is false, then DecodingResult::messageLength is undefined.
+ //! \sa PK_Encryptor
virtual DecodingResult Decrypt(RandomNumberGenerator &rng,
const byte *ciphertext, size_t ciphertextLength,
byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const =0;
@@ -2295,30 +2317,30 @@ public: virtual void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const =0;
//! sign and delete messageAccumulator (even in case of exception thrown)
- /*! re size of signature == MaxSignatureLength()
+ /*! \pre size of signature == MaxSignatureLength()
\returns actual signature length
*/
virtual size_t Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const;
//! sign and restart messageAccumulator
- /*! re size of signature == MaxSignatureLength()
+ /*! \pre size of signature == MaxSignatureLength()
\returns actual signature length
*/
virtual size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const =0;
//! sign a message
- /*! re size of signature == MaxSignatureLength()
+ /*! \pre size of signature == MaxSignatureLength()
\returns actual signature length
*/
virtual size_t SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const;
//! sign a recoverable message
- /*! re size of signature == MaxSignatureLength(recoverableMessageLength)
+ /*! \pre size of signature == MaxSignatureLength(recoverableMessageLength)
\returns actual signature length
*/
virtual size_t SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength,
const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const;
-
+
#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562
virtual ~PK_Signer() {}
#endif
@@ -2351,17 +2373,17 @@ public: const byte *signature, size_t signatureLength) const;
//! recover a message from its signature
- /*! re size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
+ /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
*/
virtual DecodingResult Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const;
//! recover a message from its signature
- /*! re size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
+ /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
*/
virtual DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const =0;
//! recover a message from its signature
- /*! re size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
+ /*! \pre size of recoveredMessage == MaxRecoverableLengthFromSignatureLength(signatureLength)
*/
virtual DecodingResult RecoverMessage(byte *recoveredMessage,
const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength,
@@ -2388,7 +2410,7 @@ public: //! return length of public keys in this domain
virtual unsigned int PublicKeyLength() const =0;
//! generate private key
- /*! re size of privateKey == PrivateKeyLength() */
+ /*! \pre size of privateKey == PrivateKeyLength() */
virtual void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
//! generate public key
/*! re size of publicKey == PublicKeyLength() */
@@ -2399,8 +2421,8 @@ public: //! derive agreed value from your private key and couterparty's public key, return false in case of failure
/*! \note If you have previously validated the public key, use validateOtherPublicKey=false to save time.
re size of agreedValue == AgreedValueLength()
- re length of privateKey == PrivateKeyLength()
- re length of otherPublicKey == PublicKeyLength()
+ \pre length of privateKey == PrivateKeyLength()
+ \pre length of otherPublicKey == PublicKeyLength()
*/
virtual bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const =0;
@@ -2431,7 +2453,7 @@ public: //! return length of static public keys in this domain
virtual unsigned int StaticPublicKeyLength() const =0;
//! generate static private key
- /*! re size of privateKey == PrivateStaticKeyLength() */
+ /*! \pre size of privateKey == PrivateStaticKeyLength() */
virtual void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
//! generate static public key
/*! re size of publicKey == PublicStaticKeyLength() */
@@ -2444,25 +2466,26 @@ public: virtual unsigned int EphemeralPrivateKeyLength() const =0;
//! return length of ephemeral public keys in this domain
virtual unsigned int EphemeralPublicKeyLength() const =0;
- //! generate ephemeral private key
- /*! re size of privateKey == PrivateEphemeralKeyLength() */
+ //! \brief Generate ephemeral private key
+ //! \pre size of privateKey == PrivateEphemeralKeyLength()
virtual void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0;
- //! generate ephemeral public key
- /*! re size of publicKey == PublicEphemeralKeyLength() */
+ //! \brief Generate ephemeral public key
+ //! \pre size of publicKey == PublicEphemeralKeyLength()
virtual void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0;
- //! generate private/public key pair
+ //! \brief Generate private/public key pair
/*! \note equivalent to calling GenerateEphemeralPrivateKey() and then GenerateEphemeralPublicKey() */
virtual void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const;
- //! derive agreed value from your private keys and couterparty's public keys, return false in case of failure
- /*! \note The ephemeral public key will always be validated.
- If you have previously validated the static public key, use validateStaticOtherPublicKey=false to save time.
- re size of agreedValue == AgreedValueLength()
- re length of staticPrivateKey == StaticPrivateKeyLength()
- re length of ephemeralPrivateKey == EphemeralPrivateKeyLength()
- re length of staticOtherPublicKey == StaticPublicKeyLength()
- re length of ephemeralOtherPublicKey == EphemeralPublicKeyLength()
- */
+ //! \brief Derive agreed value
+ //! \returns true upon success, false in case of failure
+ //! \details Agree() derives an agreed value from your private keys and couterparty's public keys
+ //! \details The ephemeral public key will always be validated. If you have previously validated the
+ //! static public key, use validateStaticOtherPublicKey=false to save time.
+ //! \pre size of agreedValue == AgreedValueLength()
+ //! \pre length of staticPrivateKey == StaticPrivateKeyLength()
+ //! \pre length of ephemeralPrivateKey == EphemeralPrivateKeyLength()
+ //! \pre length of staticOtherPublicKey == StaticPublicKeyLength()
+ //! \pre length of ephemeralOtherPublicKey == EphemeralPublicKeyLength()
virtual bool Agree(byte *agreedValue,
const byte *staticPrivateKey, const byte *ephemeralPrivateKey,
const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey,
diff --git a/datatest.cpp b/datatest.cpp index b4656541..98b5b642 100644 --- a/datatest.cpp +++ b/datatest.cpp @@ -610,10 +610,10 @@ void TestKeyDerivationFunction(TestData &v) std::string salt = GetDecodedDatum(v, "Salt");
std::string info = GetDecodedDatum(v, "Info");
std::string derived = GetDecodedDatum(v, "DerivedKey");
- std::string t = GetDecodedDatum(v, "DerivedLength");
+ std::string t = GetDecodedDatum(v, "DerivedKeyLength");
TestDataNameValuePairs pairs(v);
- unsigned int length = pairs.GetIntValueWithDefault(Name::DerivedLength(), (int)derived.size());
+ unsigned int length = pairs.GetIntValueWithDefault(Name::DerivedKeyLength(), (int)derived.size());
member_ptr<KeyDerivationFunction> kdf;
kdf.reset(ObjectFactoryRegistry<KeyDerivationFunction>::Registry().CreateObject(name.c_str()));
diff --git a/default.cpp b/default.cpp index de9fb0e8..e2ad6d65 100644 --- a/default.cpp +++ b/default.cpp @@ -20,8 +20,8 @@ NAMESPACE_BEGIN(CryptoPP) static const unsigned int MASH_ITERATIONS = 200;
static const unsigned int SALTLENGTH = 8;
-static const unsigned int BLOCKSIZE = Default_BlockCipher::Encryption::BLOCKSIZE;
-static const unsigned int KEYLENGTH = Default_BlockCipher::Encryption::DEFAULT_KEYLENGTH;
+static const unsigned int BLOCKSIZE = DefaultBlockCipher::Encryption::BLOCKSIZE;
+static const unsigned int KEYLENGTH = DefaultBlockCipher::Encryption::DEFAULT_KEYLENGTH;
// The purpose of this function Mash() is to take an arbitrary length input
// string and *deterministicly* produce an arbitrary length output string such
@@ -270,3 +270,4 @@ void DefaultDecryptorWithMAC::LastPut(const byte *inString, size_t length) }
NAMESPACE_END
+
@@ -1,8 +1,7 @@ // default.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \headerfile default.h
-//! \brief Classes for DefaultEncryptor, DefaultEncryptorWithMAC and decryptors
+//! \file default.h
+//! \brief Classes for DefaultEncryptor, DefaultDecryptor, DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
#ifndef CRYPTOPP_DEFAULT_H
#define CRYPTOPP_DEFAULT_H
@@ -16,15 +15,29 @@ NAMESPACE_BEGIN(CryptoPP)
-typedef DES_EDE2 Default_BlockCipher;
+//! \brief Default block cipher for DefaultEncryptor, DefaultDecryptor, DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
+typedef DES_EDE2 DefaultBlockCipher;
+//! \brief Default hash for use with DefaultEncryptorWithMAC and DefaultDecryptorWithMAC
typedef SHA DefaultHashModule;
+//! \brief Default HMAC for use withDefaultEncryptorWithMAC and DefaultDecryptorWithMAC
typedef HMAC<DefaultHashModule> DefaultMAC;
-//! Password-Based Encryptor using DES-EDE2
+//! \class DefaultEncryptor
+//! \brief Password-Based Encryptor using TripleDES
+//! \details The class uses 2-key TripleDES (DES_EDE2) for encryption, which only
+//! provides about 80-bits of security.
class DefaultEncryptor : public ProxyFilter
{
public:
+ //! \brief Construct a DefaultEncryptor
+ //! \param passphrase a C-String password
+ //! \param attachment a BufferedTransformation to attach to this object
DefaultEncryptor(const char *passphrase, BufferedTransformation *attachment = NULL);
+
+ //! \brief Construct a DefaultEncryptor
+ //! \param passphrase a byte string password
+ //! \param passphraseLength the length of the byte string password
+ //! \param attachment a BufferedTransformation to attach to this object
DefaultEncryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL);
protected:
@@ -33,14 +46,34 @@ protected: private:
SecByteBlock m_passphrase;
- CBC_Mode<Default_BlockCipher>::Encryption m_cipher;
+ CBC_Mode<DefaultBlockCipher>::Encryption m_cipher;
+
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
+} __attribute__((deprecated ("DefaultEncryptor will be changing in the near future because the algorithms are no longer secure")));
+#elif (CRYPTOPP_GCC_VERSION)
+} __attribute__((deprecated));
+#else
};
+#endif
-//! Password-Based Decryptor using DES-EDE2
+//! \class DefaultDecryptor
+//! \brief Password-Based Decryptor using TripleDES
+//! \details The class uses 2-key TripleDES (DES_EDE2) for encryption, which only
+//! provides about 80-bits of security.
class DefaultDecryptor : public ProxyFilter
{
public:
+ //! \brief Constructs a DefaultDecryptor
+ //! \param passphrase a C-String password
+ //! \param attachment a BufferedTransformation to attach to this object
+ //! \param throwException a flag specifiying whether an Exception should be thrown on error
DefaultDecryptor(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true);
+
+ //! \brief Constructs a DefaultDecryptor
+ //! \param passphrase a byte string password
+ //! \param passphraseLength the length of the byte string password
+ //! \param attachment a BufferedTransformation to attach to this object
+ //! \param throwException a flag specifiying whether an Exception should be thrown on error
DefaultDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true);
class Err : public Exception
@@ -64,16 +97,39 @@ private: void CheckKey(const byte *salt, const byte *keyCheck);
SecByteBlock m_passphrase;
- CBC_Mode<Default_BlockCipher>::Decryption m_cipher;
+ CBC_Mode<DefaultBlockCipher>::Decryption m_cipher;
member_ptr<FilterWithBufferedInput> m_decryptor;
bool m_throwException;
+
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
+} __attribute__((deprecated ("DefaultDecryptor will be changing in the near future because the algorithms are no longer secure")));
+#elif (CRYPTOPP_GCC_VERSION)
+} __attribute__((deprecated));
+#else
};
+#endif
-//! Password-Based Encryptor using DES-EDE2 and HMAC/SHA-1
+//! \class DefaultEncryptorWithMAC
+//! \brief Password-Based encryptor using TripleDES and HMAC/SHA-1
+//! \details DefaultEncryptorWithMAC uses a non-standard mashup function called Mash() to derive key
+//! bits from the password. The class also uses 2-key TripleDES (DES_EDE2) for encryption, which only
+//! provides about 80-bits of security.
+//! \details The purpose of the function Mash() is to take an arbitrary length input string and
+//! *deterministicly* produce an arbitrary length output string such that (1) it looks random,
+//! (2) no information about the input is deducible from it, and (3) it contains as much entropy
+//! as it can hold, or the amount of entropy in the input string, whichever is smaller.
class DefaultEncryptorWithMAC : public ProxyFilter
{
public:
+ //! \brief Constructs a DefaultEncryptorWithMAC
+ //! \param passphrase a C-String password
+ //! \param attachment a BufferedTransformation to attach to this object
DefaultEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL);
+
+ //! \brief Constructs a DefaultEncryptorWithMAC
+ //! \param passphrase a byte string password
+ //! \param passphraseLength the length of the byte string password
+ //! \param attachment a BufferedTransformation to attach to this object
DefaultEncryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL);
protected:
@@ -82,15 +138,42 @@ protected: private:
member_ptr<DefaultMAC> m_mac;
+
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
+} __attribute__((deprecated ("DefaultEncryptorWithMAC will be changing in the near future because the algorithms are no longer secure")));
+#elif (CRYPTOPP_GCC_VERSION)
+} __attribute__((deprecated));
+#else
};
+#endif
-//! Password-Based Decryptor using DES-EDE2 and HMAC/SHA-1
+//! \class DefaultDecryptorWithMAC
+//! \brief Password-Based decryptor using TripleDES and HMAC/SHA-1
+//! \details DefaultDecryptorWithMAC uses a non-standard mashup function called Mash() to derive key
+//! bits from the password. The class also uses 2-key TripleDES (DES_EDE2) for encryption, which only
+//! provides about 80-bits of security.
+//! \details The purpose of the function Mash() is to take an arbitrary length input string and
+//! *deterministicly* produce an arbitrary length output string such that (1) it looks random,
+//! (2) no information about the input is deducible from it, and (3) it contains as much entropy
+//! as it can hold, or the amount of entropy in the input string, whichever is smaller.
class DefaultDecryptorWithMAC : public ProxyFilter
{
public:
+ //! \class MACBadErr
+ //! \brief Excpetion thrown when an incorrect MAC is encountered
class MACBadErr : public DefaultDecryptor::Err {public: MACBadErr() : DefaultDecryptor::Err("DefaultDecryptorWithMAC: MAC check failed") {}};
+ //! \brief Constructs a DefaultDecryptor
+ //! \param passphrase a C-String password
+ //! \param attachment a BufferedTransformation to attach to this object
+ //! \param throwException a flag specifiying whether an Exception should be thrown on error
DefaultDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true);
+
+ //! \brief Constructs a DefaultDecryptor
+ //! \param passphrase a byte string password
+ //! \param passphraseLength the length of the byte string password
+ //! \param attachment a BufferedTransformation to attach to this object
+ //! \param throwException a flag specifiying whether an Exception should be thrown on error
DefaultDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true);
DefaultDecryptor::State CurrentState() const;
@@ -104,7 +187,14 @@ private: member_ptr<DefaultMAC> m_mac;
HashVerifier *m_hashVerifier;
bool m_throwException;
+
+#if (CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_CLANG_VERSION >= 20800)
+} __attribute__((deprecated ("DefaultDecryptorWithMAC will be changing in the near future because the algorithms are no longer secure")));
+#elif (CRYPTOPP_GCC_VERSION)
+} __attribute__((deprecated));
+#else
};
+#endif
NAMESPACE_END
@@ -1,8 +1,7 @@ // des.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \headerfile des.h
-//! \brief Classes for DES, 2-key and 3-key Triple-DES
+//! \file des.h
+//! \brief Classes for DES, 2-key Triple-DES, 3-key Triple-DES and DESX
#ifndef CRYPTOPP_DES_H
#define CRYPTOPP_DES_H
@@ -1,7 +1,6 @@ // dsa.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \headerfile dsa.h
+//! \file dsa.h
//! \brief Classes for the DSA signature algorithm
#ifndef CRYPTOPP_DSA_H
@@ -1,9 +1,11 @@ +// eccrypto.h - written and placed in the public domain by Wei Dai
+
+//! \file eccrypto.h
+//! \brief Classes and functions for Elliptic Curves over prime and binary fields
+
#ifndef CRYPTOPP_ECCRYPTO_H
#define CRYPTOPP_ECCRYPTO_H
-/*! \file
-*/
-
#include "config.h"
#include "cryptlib.h"
#include "pubkey.h"
@@ -139,8 +141,8 @@ protected: OID m_oid; // set if parameters loaded from a recommended curve
Integer m_n; // order of base point
- bool m_compress, m_encodeAsOID;
mutable Integer m_k; // cofactor
+ mutable bool m_compress, m_encodeAsOID; // presentation details
};
//! EC public key
@@ -473,8 +475,8 @@ protected: OID m_oid; // set if parameters loaded from a recommended curve
Integer m_n; // order of base point
- bool m_compress, m_encodeAsOID;
mutable Integer m_k; // cofactor
+ mutable bool m_compress, m_encodeAsOID; // presentation details
};
//! EC public key
@@ -1,7 +1,6 @@ // ecp.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \headerfile ecp.h
+//! \file ecp.h
//! \brief Classes for Elliptic Curves over prime fields
#ifndef CRYPTOPP_ECP_H
@@ -1,3 +1,8 @@ +// elgamal.h - written and placed in the public domain by Wei Dai
+
+//! \file elgamal.h
+//! \brief Classes and functions for ElGamal key agreement and encryption schemes
+
#ifndef CRYPTOPP_ELGAMAL_H
#define CRYPTOPP_ELGAMAL_H
@@ -116,7 +121,8 @@ struct ElGamalKeys typedef DL_PublicKey_GFP_OldFormat<DL_CryptoKeys_GFP::PublicKey> PublicKey;
};
-//! ElGamal encryption scheme with non-standard padding
+//! \class ElGamal
+//! \brief ElGamal encryption scheme with non-standard padding
struct ElGamal
{
typedef DL_CryptoSchemeOptions<ElGamal, ElGamalKeys, int, int, int> SchemeOptions;
@@ -1,10 +1,11 @@ +// emsa2.h - written and placed in the public domain by Wei Dai
+
+//! \file emsa2.h
+//! \brief Classes and functions for various padding schemes used in public key algorithms
+
#ifndef CRYPTOPP_EMSA2_H
#define CRYPTOPP_EMSA2_H
-/** \file
- This file contains various padding schemes for public key algorithms.
-*/
-
#include "cryptlib.h"
#include "pubkey.h"
#include "misc.h"
@@ -1,10 +1,15 @@ +// eprecomp.h - written and placed in the public domain by Wei Dai
+
+//! \file eprecomp.h
+//! \brief Classes for precomputation in a group
+
#ifndef CRYPTOPP_EPRECOMP_H
#define CRYPTOPP_EPRECOMP_H
#include "cryptlib.h"
#include "integer.h"
#include "algebra.h"
-#include <vector>
+#include "stdcpp.h"
NAMESPACE_BEGIN(CryptoPP)
@@ -1,9 +1,11 @@ +// gost.h - written and placed in the public domain by Wei Dai
+
+//! \file gost.h
+//! \brief Classes for the GIST block cipher
+
#ifndef CRYPTOPP_GOST_H
#define CRYPTOPP_GOST_H
-/** \file
-*/
-
#include "seckey.h"
#include "secblock.h"
@@ -1,6 +1,6 @@ // ida.h - written and placed in the public domain by Wei Dai
-//! \file
+//! \file ida.h
//! \brief Classes for Information Dispersal Algorithm (IDA)
#ifndef CRYPTOPP_IDA_H
@@ -1,9 +1,11 @@ +// idea.h - written and placed in the public domain by Wei Dai
+
+//! \file idea.h
+//! \brief Classes for the IDEA block cipher
+
#ifndef CRYPTOPP_IDEA_H
#define CRYPTOPP_IDEA_H
-/** \file
-*/
-
#include "seckey.h"
#include "secblock.h"
@@ -1,10 +1,11 @@ // lubyrack.h - written and placed in the public domain by Wei Dai
+//! \file lubyrack.h
+//! \brief Classes for the Luby-Rackoff block cipher
+
#ifndef CRYPTOPP_LUBYRACK_H
#define CRYPTOPP_LUBYRACK_H
-/** \file */
-
#include "simple.h"
#include "secblock.h"
@@ -1,8 +1,7 @@ // mars.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \brief Implementation of the MARS cipher (IBM AES submission)
-
+//! \file mars.h
+//! \brief Classes for the MARS block cipher (IBM AES submission)
#ifndef CRYPTOPP_MARS_H
#define CRYPTOPP_MARS_H
@@ -1,7 +1,9 @@ -// mersenne.h - written and placed in public domain by Jeffrey Walton. Copyright assigned to Crypto++ project.
+// mersenne.h - written and placed in public domain by Jeffrey Walton.
+// Copyright assigned to Crypto++ project.
//! \file
-//! \brief Implementation of the Mersenne Twister
+//! \brief Class file for Mersenne Twister
+//! \note Suitable for Monte Carlo simulations, and not cryptographic use
#ifndef CRYPTOPP_MERSENNE_TWISTER_H
#define CRYPTOPP_MERSENNE_TWISTER_H
@@ -19,14 +21,16 @@ NAMESPACE_BEGIN(CryptoPP) //! \tparam N Size of the state vector
//! \tparam F Multiplier constant
//! \tparam S Sefault seed
-//! \details Provides the \p MersenneTwister implementation. The class is a header-only implementation
+//! \details Provides the MersenneTwister implementation. The class is a header-only implementation.
+//! \warning MersenneTwister is suitable for simulations, where uniformaly distrubuted numbers are
+//! required quickly. It should not be used for cryptographic purposes.
template <unsigned int K, unsigned int M, unsigned int N, unsigned int F, unsigned long S>
class MersenneTwister : public RandomNumberGenerator
{
public:
//! \brief Construct a Mersenne Twister
- //! \param seed 32 bit seed
- //! \details Defaults to template parameter \p S due to changing algorithm
+ //! \param seed 32-bit seed
+ //! \details Defaults to template parameter S due to changing algorithm
//! parameters over time
MersenneTwister(unsigned long seed = S) : m_seed(seed), m_idx(N)
{
@@ -38,9 +42,9 @@ public: //! \brief Generate random array of bytes
//! \param output byte buffer
//! \param size length of the buffer, in bytes
- //! \details Bytes are written to \p output in big endian order. If \p output length
+ //! \details Bytes are written to output in big endian order. If output length
//! is not a multiple of word32, then unused bytes are not accumulated for subsequent
- //! calls to \p GenerateBlock. Rather, the unused tail bytes are discarded, and the
+ //! calls to GenerateBlock. Rather, the unused tail bytes are discarded, and the
//! stream is continued at the next word32 boundary from the state array.
void GenerateBlock(byte *output, size_t size)
{
@@ -84,8 +88,9 @@ public: *((volatile word32*)&temp) = 0;
}
- //! \brief Generate a random 32 bit word in the range min to max, inclusive
- //! \details If the 32 bit candidate is not within the range, then it is discarded
+ //! \brief Generate a random 32-bit word in the range min to max, inclusive
+ //! \returns random 32-bit word in the range min to max, inclusive
+ //! \details If the 32-bit candidate is not within the range, then it is discarded
//! and a new candidate is used.
word32 GenerateWord32(word32 min=0, word32 max=0xffffffffL)
{
@@ -105,8 +110,8 @@ public: //! \brief Generate and discard n bytes
//! \param n the number of bytes to discard, rounded up to a <tt>word32</tt> size
- //! \details If \p n is not a multiple of <tt>word32</tt>, then unused bytes are
- //! not accumulated for subsequent calls to \p GenerateBlock. Rather, the unused
+ //! \details If n is not a multiple of <tt>word32</tt>, then unused bytes are
+ //! not accumulated for subsequent calls to GenerateBlock. Rather, the unused
//! tail bytes are discarded, and the stream is continued at the next
//! <tt>word32</tt> boundary from the state array.
void DiscardBytes(size_t n)
@@ -118,6 +123,7 @@ public: protected:
//! \brief Returns the next 32-bit word from the state array
+ //! \returns the next 32-bit word from the state array
//! \details fetches the next word frm the state array, performs bit operations on
//! it, and then returns the value to the caller.
word32 NextMersenneWord()
@@ -164,7 +170,7 @@ protected: private:
- //! \brief 32-bit word state array of size \p N
+ //! \brief 32-bit word state array of size N
FixedSizeSecBlock<word32, N+1> m_state;
//! \brief the value used to seed the generator
unsigned int m_seed;
@@ -178,7 +184,7 @@ typedef MersenneTwister<0x9908B0DF /*2567483615*/, 397, 624, 0x10DCD /*69069*/, //! \brief Updated MT19937 generator adapted to provide an array for initialization.
//! \details Also see http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/MT2002/emt19937ar.html; uses 5489 as default initial seed.
-//! \note Use this generator when interoperating with C++11's \p mt19937 class.
+//! \note Use this generator when interoperating with C++11's mt19937 class.
typedef MersenneTwister<0x9908B0DF /*2567483615*/, 397, 624, 0x6C078965 /*1812433253*/, 5489> MT19937ar;
NAMESPACE_END
@@ -4,7 +4,10 @@ #include "config.h"
#if CRYPTOPP_MSC_VERSION
-# pragma warning(disable: 4189 6237)
+# pragma warning(disable: 4189)
+# if (CRYPTOPP_MSC_VERSION >= 1400)
+# pragma warning(disable: 6237)
+# endif
#endif
#ifndef CRYPTOPP_IMPORTS
@@ -12,7 +12,10 @@ #if CRYPTOPP_MSC_VERSION
# pragma warning(push)
-# pragma warning(disable: 6326)
+# pragma warning(disable: 4146)
+# if (CRYPTOPP_MSC_VERSION >= 1400)
+# pragma warning(disable: 6326)
+# endif
#endif
#include "cryptlib.h"
@@ -129,8 +132,8 @@ struct CompileAssert //! \brief Counts elements in an array
//! \param arr an array of elements
//! \details COUNTOF counts elements in an array. On Windows COUNTOF(x) is deinfed
-//! to _countof(x) to ensure correct results for pointers. Since the library code is
-//! cross-platform, Windows will ensure the safety on non-Windows platforms.
+//! to <tt>_countof(x)</tt> to ensure correct results for pointers. Since the library code
+//! is cross-platform, Windows will ensure the safety on non-Windows platforms.
//! \note COUNTOF does not produce correct results with pointers, and an array must be used.
//! The library ensures correct application of COUNTOF by enlisting _countof on Windows
//! platforms. Microsoft's _countof fails to compile using pointers.
@@ -209,7 +212,7 @@ struct NewObject //! <tt>_ReadWriteBarrier()</tt> or <tt>__asm__("" ::: "memory")</tt>.
#define MEMORY_BARRIER ...
#else
-#if defined(_MSC_VER)
+#if (_MSC_VER >= 1400)
# pragma intrinsic(_ReadWriteBarrier)
# define MEMORY_BARRIER() _ReadWriteBarrier()
#elif defined(__INTEL_COMPILER)
@@ -217,7 +220,7 @@ struct NewObject #elif defined(__GNUC__) || defined(__clang__)
# define MEMORY_BARRIER() __asm__ __volatile__ ("" ::: "memory")
#else
-// # error "Unknown compiler"
+# define MEMORY_BARRIER()
#endif
#endif // CRYPTOPP_DOXYGEN_PROCESSING
@@ -306,7 +309,10 @@ inline void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t cou #if CRYPTOPP_MSC_VERSION
# pragma warning(push)
-# pragma warning(disable 4996 6386)
+# pragma warning(disable: 4996)
+# if (CRYPTOPP_MSC_VERSION >= 1400)
+# pragma warning(disable: 6386)
+# endif
#endif
memcpy(dest, src, count);
#if CRYPTOPP_MSC_VERSION
@@ -345,7 +351,10 @@ inline void memmove_s(void *dest, size_t sizeInBytes, const void *src, size_t co #if CRYPTOPP_MSC_VERSION
# pragma warning(push)
-# pragma warning(disable 4996 6386)
+# pragma warning(disable: 4996)
+# if (CRYPTOPP_MSC_VERSION >= 1400)
+# pragma warning(disable: 6386)
+# endif
#endif
memmove(dest, src, count);
#if CRYPTOPP_MSC_VERSION
@@ -1,9 +1,11 @@ +// mqv.h - written and placed in the public domain by Wei Dai
+
+//! \file mqv.h
+//! \brief Classes for Menezes–Qu–Vanstone (MQV) key agreement
+
#ifndef CRYPTOPP_MQV_H
#define CRYPTOPP_MQV_H
-/** \file
-*/
-
#include "cryptlib.h"
#include "gfpcrypt.h"
#include "modarith.h"
@@ -12,7 +14,13 @@ NAMESPACE_BEGIN(CryptoPP)
-//! _
+//! \class MQV_Domain
+//! \brief MQV domain for performing authenticated key agreement
+//! \tparam GROUP_PARAMETERS doamin parameters
+//! \tparam COFACTOR_OPTION cofactor option
+//! \details GROUP_PARAMETERS paramters include the curve coefcients and the base point.
+//! Binary curves use a polynomial to represent its characteristic, while prime curves
+//! use a prime number.
template <class GROUP_PARAMETERS, class COFACTOR_OPTION = CPP_TYPENAME GROUP_PARAMETERS::DefaultCofactorOption>
class MQV_Domain : public AuthenticatedKeyAgreementDomain
{
@@ -1,5 +1,8 @@ // nbtheory.h - written and placed in the public domain by Wei Dai
+//! \file nbtheory.h
+//! \brief Classes and functions for number theoretic operations
+
#ifndef CRYPTOPP_NBTHEORY_H
#define CRYPTOPP_NBTHEORY_H
@@ -14,14 +17,31 @@ CRYPTOPP_DLL const word16 * CRYPTOPP_API GetPrimeTable(unsigned int &size); // ************ primality testing ****************
-// generate a provable prime
+//! \brief Generates a provable prime
+//! \param rng a RandomNumberGenerator to produce keying material
+//! \param bits the number of bits in the prime number
+//! \returns Integer() meeting Maurer's tests for primality
CRYPTOPP_DLL Integer CRYPTOPP_API MaurerProvablePrime(RandomNumberGenerator &rng, unsigned int bits);
+
+//! \brief Generates a provable prime
+//! \param rng a RandomNumberGenerator to produce keying material
+//! \param bits the number of bits in the prime number
+//! \returns Integer() meeting Mihailescu's tests for primality
+//! \details Mihailescu's methods performs a search using algorithmic progressions.
CRYPTOPP_DLL Integer CRYPTOPP_API MihailescuProvablePrime(RandomNumberGenerator &rng, unsigned int bits);
+//! \brief Tests whether a number is a small prime
+//! \param p a candidate prime to test
+//! \returns true if p is a small prime, false otherwise
+//! \details Internally, the library maintains a table fo the first 32719 prime numbers
+//! in sorted order. IsSmallPrime() searches the table and returns true if p is
+//! in the table.
CRYPTOPP_DLL bool CRYPTOPP_API IsSmallPrime(const Integer &p);
-// returns true if p is divisible by some prime less than bound
-// bound not be greater than the largest entry in the prime table
+//!
+//! \returns true if p is divisible by some prime less than bound.
+//! \details TrialDivision() true if p is divisible by some prime less than bound. bound not be
+//! greater than the largest entry in the prime table, which is 32719.
CRYPTOPP_DLL bool CRYPTOPP_API TrialDivision(const Integer &p, unsigned bound);
// returns true if p is NOT divisible by small primes
@@ -38,12 +58,25 @@ CRYPTOPP_DLL bool CRYPTOPP_API IsStrongLucasProbablePrime(const Integer &n); // for several rounds with random bases
CRYPTOPP_DLL bool CRYPTOPP_API RabinMillerTest(RandomNumberGenerator &rng, const Integer &w, unsigned int rounds);
-// primality test, used to generate primes
+//! \brief Verifies a prime number
+//! \param p a candidate prime to test
+//! \returns true if p is a probable prime, false otherwise
+//! \details IsPrime() is suitable for testing candidate primes when creating them. Internally,
+//! IsPrime() utilizes SmallDivisorsTest(), IsStrongProbablePrime() and IsStrongLucasProbablePrime().
CRYPTOPP_DLL bool CRYPTOPP_API IsPrime(const Integer &p);
-// more reliable than IsPrime(), used to verify primes generated by others
+//! \brief Verifies a prime number
+//! \param rng a RandomNumberGenerator for randomized testing
+//! \param p a candidate prime to test
+//! \param level the level of thoroughness of testing
+//! \returns true if p is a strong probable prime, false otherwise
+//! \details VerifyPrime() is suitable for testing candidate primes created by others. Internally,
+//! VerifyPrime() utilizes IsPrime() and one-round RabinMillerTest(). If the candiate passes and
+//! level is greater than 1, then 10 round RabinMillerTest() primality testing is performed.
CRYPTOPP_DLL bool CRYPTOPP_API VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level = 1);
+//! \class PrimeSelector
+//! \brief Application callback to signal suitability of a cabdidate prime
class CRYPTOPP_DLL PrimeSelector
{
public:
@@ -51,8 +84,16 @@ public: virtual bool IsAcceptable(const Integer &candidate) const =0;
};
-// use a fast sieve to find the first probable prime in {x | p<=x<=max and x%mod==equiv}
-// returns true iff successful, value of p is undefined if no such prime exists
+//! \brief Finds a random prime of special form
+//! \param p an Integer reference to receive the prime
+//! \param max the maximum value
+//! \param equiv the equivalence class based on the parameter mod
+//! \param mod the modulus used to reduce the equivalence class
+//! \param pSelector pointer to a PrimeSelector function for the application to signal suitability
+//! \returns true if and only if FirstPrime() finds a prime and returns the prime through p. If FirstPrime()
+//! returns false, then no such prime exists and the value of p is undefined
+//! \details FirstPrime() uses a fast sieve to find the first probable prime
+//! in <tt>{x | p<=x<=max and x%mod==equiv}</tt>
CRYPTOPP_DLL bool CRYPTOPP_API FirstPrime(Integer &p, const Integer &max, const Integer &equiv, const Integer &mod, const PrimeSelector *pSelector);
CRYPTOPP_DLL unsigned int CRYPTOPP_API PrimeSearchInterval(const Integer &max);
@@ -123,6 +123,7 @@ protected: //! OS_GenerateRandomBlock
//! \brief Generate random array of bytes
+//! \param blocking specifies whther a bobcking or non-blocking generator should be used
//! \param output the byte buffer
//! \param size the length of the buffer, in bytes
//! \details OS_GenerateRandomBlock() uses the underlying operating system's
@@ -1,3 +1,8 @@ +// panama.h - written and placed in the public domain by Wei Dai
+
+//! \file panama.h
+//! \brief Classes for Panama stream cipher
+
#ifndef CRYPTOPP_PANAMA_H
#define CRYPTOPP_PANAMA_H
@@ -109,7 +109,7 @@ public: virtual Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const =0;
//! \brief Determines if the encryption algorithm is randomized
- //! \returns \p true if the encryption algorithm is randominzed, \p false otherwise
+ //! \returns \p true if the encryption algorithm is randomized, \p false otherwise
//! \details If \p IsRandomized() returns \p false, then \p NullRNG() can be used.
virtual bool IsRandomized() const {return true;}
@@ -170,7 +170,7 @@ public: virtual Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const =0;
//! \brief Determines if the decryption algorithm is randomized
- //! \returns \p true if the decryption algorithm is randominzed, \p false otherwise
+ //! \returns \p true if the decryption algorithm is randomized, \p false otherwise
//! \details If \p IsRandomized() returns \p false, then \p NullRNG() can be used.
virtual bool IsRandomized() const {return true;}
};
@@ -197,7 +197,7 @@ public: {return CalculateInverse(rng, x);}
//! \brief Determines if the decryption algorithm is randomized
- //! \returns \p true if the decryption algorithm is randominzed, \p false otherwise
+ //! \returns \p true if the decryption algorithm is randomized, \p false otherwise
//! \details If \p IsRandomized() returns \p false, then \p NullRNG() can be used.
bool IsRandomized() const {return false;}
@@ -1,6 +1,7 @@ // rc2.h - written and placed in the public domain by Wei Dai
+
//! \file rc2.h
-//! \brief Class file for the RC2 stream cipher
+//! \brief Classes for the RC2 block cipher
#ifndef CRYPTOPP_RC2_H
#define CRYPTOPP_RC2_H
@@ -91,3 +92,4 @@ typedef RC2::Decryption RC2Decryption; NAMESPACE_END
#endif
+
@@ -1,9 +1,11 @@ +// rc5.h - written and placed in the public domain by Wei Dai
+
+//! \file rc5.h
+//! \brief Classes for the RC5 block cipher
+
#ifndef CRYPTOPP_RC5_H
#define CRYPTOPP_RC5_H
-/** \file
-*/
-
#include "seckey.h"
#include "secblock.h"
@@ -1,9 +1,11 @@ +// rc6.h - written and placed in the public domain by Wei Dai
+
+//! \file rc6.h
+//! \brief Classes for the RC6 block cipher
+
#ifndef CRYPTOPP_RC6_H
#define CRYPTOPP_RC6_H
-/** \file
-*/
-
#include "seckey.h"
#include "secblock.h"
@@ -1,599 +1,596 @@ -;; rdrand.asm - written and placed in public domain by Jeffrey Walton and Uri Blumenthal.
-;; Copyright assigned to the Crypto++ project.
-
-;; This ASM file provides RDRAND and RDSEED to downlevel Unix and Linux tool chains.
-;; Additionally, the inline assembly code produced by GCC and Clang is not that
-;; impressive. However, using this code requires NASM and an edit to the GNUmakefile.
-
-;; nasm -f elf32 rdrand.S -DX86 -g -o rdrand-x86.o
-;; nasm -f elfx32 rdrand.S -DX32 -g -o rdrand-x32.o
-;; nasm -f elf64 rdrand.S -DX64 -g -o rdrand-x64.o
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-;; Naming convention used in rdrand.{h|cpp|asm|S}
-;; MSC = Microsoft Compiler (and compatibles)
-;; GCC = GNU Compiler (and compatibles)
-;; ALL = MSC and GCC (and compatibles)
-;; RRA = RDRAND, Assembly
-;; RSA = RDSEED, Assembly
-;; RRI = RDRAND, Intrinsic
-;; RSA = RDSEED, Intrinsic
-
-;; Caller/Callee Saved Registers
-;; https://msdn.microsoft.com/en-us/library/6t169e9c.aspx
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-;; C/C++ Function prototypes
-;; X86, X32 and X64:
-;; extern "C" int NASM_RRA_GenerateBlock(byte* ptr, size_t size, unsigned int safety);
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-;; Return values
-%define RDRAND_SUCCESS 1
-%define RDRAND_FAILURE 0
-
-%define RDSEED_SUCCESS 1
-%define RDSEED_FAILURE 0
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-%ifdef X86 or X32 ;; Set via the command line
-
-;; Arg1, byte* buffer
-;; Arg2, size_t bsize
-;; Arg3, unsigned int safety
-;; EAX (out): success (1), failure (0)
-
-global NASM_RRA_GenerateBlock
-section .text
-
-%ifdef X86
-align 8
-cpu 486
-%else
-align 16
-%endif
-
-NASM_RRA_GenerateBlock:
-
-%ifdef X86
-%define arg1 [ebp+04h]
-%define arg2 [ebp+08h]
-%define arg3 [ebp+0ch]
-%define MWSIZE 04h ;; machine word size
-%else
-%define MWSIZE 08h ;; machine word size
-%endif
-
- %define buffer edi
- %define bsize esi
- %define safety edx
-
-%ifdef X86
-.Load_Arguments:
-
- mov buffer, arg1
- mov bsize, arg2
- mov safety, arg3
-%endif
-
-.Validate_Pointer:
-
- cmp buffer, 0
- je .GenerateBlock_PreRet
-
- ;; Top of While loop
-.GenerateBlock_Top:
-
- ;; Check remaining size
- cmp bsize, 0
- je .GenerateBlock_Success
-
-%ifdef X86
-.Call_RDRAND_EAX:
-%else
-.Call_RDRAND_RAX:
- DB 48h ;; X32 can use the full register, issue the REX.w prefix
-%endif
- ;; RDRAND is not available prior to VS2012. Just emit
- ;; the byte codes using DB. This is `rdrand eax`.
- DB 0Fh, 07h, F0h
-
- ;; If CF=1, the number returned by RDRAND is valid.
- ;; If CF=0, a random number was not available.
- jc .RDRAND_succeeded
-
-.RDRAND_failed:
-
- ;; Exit if we've reached the limit
- cmp safety, 0
- je .GenerateBlock_Failure
-
- dec safety
- jmp .GenerateBlock_Top
-
-.RDRAND_succeeded:
-
- cmp bsize, MWSIZE
- jb .Partial_Machine_Word
-
-.Full_Machine_Word:
-
-%ifdef X32
- mov [buffer+4], eax ;; We can only move 4 at a time
- DB 048h ;; Combined, these result in
- shr eax, 32 ;; `shr rax, 32`
-%endif
-
- mov [buffer], eax
- add buffer, MWSIZE ;; No need for Intel Core 2 slow word workarounds,
- sub bsize, MWSIZE ;; like `lea buffer,[buffer+MWSIZE]` for faster adds
-
- ;; Continue
- jmp .GenerateBlock_Top
-
- ;; 1,2,3 bytes remain for X86
- ;; 1,2,3,4,5,6,7 remain for X32
-.Partial_Machine_Word:
-
-%ifdef X32
- ;; Test bit 2 to see if size is at least 4
- test bsize, 4
- jz .Bit_2_Not_Set
-
- mov [buffer], eax
- add buffer, 4
-
- DB 048h ;; Combined, these result in
- shr eax, 32 ;; `shr rax, 32`
-
-.Bit_2_Not_Set:
-%endif
-
- ;; Test bit 1 to see if size is at least 2
- test bsize, 2
- jz .Bit_1_Not_Set
-
- mov [buffer], ax
- shr eax, 16
- add buffer, 2
-
-.Bit_1_Not_Set:
-
- ;; Test bit 0 to see if size is at least 1
- test bsize, 1
- jz .GenerateBlock_Success
-
- mov [buffer], al
-
-.Bit_0_Not_Set:
-
- ;; We've hit all the bits
- jmp .GenerateBlock_Success
-
-.GenerateBlock_PreRet:
-
- ;; Test for success (was the request completely fulfilled?)
- cmp bsize, 0
- je .GenerateBlock_Success
-
-.GenerateBlock_Failure:
-
- xor eax, eax
- mov al, RDRAND_FAILURE
- ret
-
-.GenerateBlock_Success:
-
- xor eax, eax
- mov al, RDRAND_SUCCESS
- ret
-
-%endif ;; X86 and X32
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-%ifdef X64 ;; Set via the command line
-
-global NASM_RRA_GenerateBlock
-section .text
-align 16
-
-;; Arg1, byte* buffer
-;; Arg2, size_t bsize
-;; Arg3, unsigned int safety
-;; RAX (out): success (1), failure (0)
-
-NASM_RRA_GenerateBlock:
-
-%define MWSIZE 08h ;; machine word size
-%define buffer rdi
-%define bsize rsi
-%define safety edx
-
- ;; No need for Load_Arguments due to fastcall
-
-.Validate_Pointer:
-
- ;; Validate pointer
- cmp buffer, 0
- je .GenerateBlock_PreRet
-
- ;; Top of While loop
-.GenerateBlock_Top:
-
- ;; Check remaining size
- cmp bsize, 0
- je .GenerateBlock_Success
-
-.Call_RDRAND_RAX:
- ;; RDRAND is not available prior to VS2012. Just emit
- ;; the byte codes using DB. This is `rdrand rax`.
- DB 048h, 0Fh, 0C7h, 0F0h
-
- ;; If CF=1, the number returned by RDRAND is valid.
- ;; If CF=0, a random number was not available.
- jc .RDRAND_succeeded
-
-.RDRAND_failed:
-
- ;; Exit if we've reached the limit
- cmp safety, 0h
- je .GenerateBlock_Failure
-
- dec safety
- jmp .GenerateBlock_Top
-
-.RDRAND_succeeded:
-
- cmp bsize, MWSIZE
- jb .Partial_Machine_Word
-
-.Full_Machine_Word:
-
- mov [buffer], rax
- add buffer, MWSIZE
- sub bsize, MWSIZE
-
- ;; Continue
- jmp .GenerateBlock_Top
-
- ;; 1,2,3,4,5,6,7 bytes remain
-.Partial_Machine_Word:
-
- ;; Test bit 2 to see if size is at least 4
- test bsize, 4
- jz .Bit_2_Not_Set
-
- mov [buffer], eax
- shr rax, 32
- add buffer, 4
-
-.Bit_2_Not_Set:
-
- ;; Test bit 1 to see if size is at least 2
- test bsize, 2
- jz .Bit_1_Not_Set
-
- mov [buffer], ax
- shr eax, 16
- add buffer, 2
-
-.Bit_1_Not_Set:
-
- ;; Test bit 0 to see if size is at least 1
- test bsize, 1
- jz .GenerateBlock_Success
-
- mov [buffer], al
-
-.Bit_0_Not_Set:
-
- ;; We've hit all the bits
- jmp .GenerateBlock_Success
-
-.GenerateBlock_PreRet:
-
- ;; Test for success (was the request completely fulfilled?)
- cmp bsize, 0
- je .GenerateBlock_Success
-
-.GenerateBlock_Failure:
-
- xor rax, rax
- mov al, RDRAND_FAILURE
- ret
-
-.GenerateBlock_Success:
-
- xor rax, rax
- mov al, RDRAND_SUCCESS
- ret
-
-%endif ;; X64
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-%ifdef X86 or X32 ;; Set via the command line
-
-;; Arg1, byte* buffer
-;; Arg2, size_t bsize
-;; Arg3, unsigned int safety
-;; EAX (out): success (1), failure (0)
-
-global NASM_RSA_GenerateBlock
-section .text
-align 8
-
-%ifdef X86
-align 8
-cpu 486
-%else
-align 16
-%endif
-
-NASM_RSA_GenerateBlock:
-
-%ifdef X86
-%define arg1 [ebp+04h]
-%define arg2 [ebp+08h]
-%define arg3 [ebp+0ch]
-%define MWSIZE 04h ;; machine word size
-%else
-%define MWSIZE 08h ;; machine word size
-%endif
-
- %define buffer edi
- %define bsize esi
- %define safety edx
-
-%ifdef X86
-.Load_Arguments:
-
- mov buffer, arg1
- mov bsize, arg2
- mov safety, arg3
-%endif
-
-.Validate_Pointer:
-
- cmp buffer, 0
- je .GenerateBlock_PreRet
-
- ;; Top of While loop
-.GenerateBlock_Top:
-
- ;; Check remaining size
- cmp bsize, 0
- je .GenerateBlock_Success
-
-%ifdef X86
-.Call_RDSEED_EAX:
-%else
-.Call_RDSEED_RAX:
- DB 48h ;; X32 can use the full register, issue the REX.w prefix
-%endif
- ;; RDSEED is not available prior to VS2012. Just emit
- ;; the byte codes using DB. This is `rdseed eax`.
- DB 0Fh, 0C7h, 0F8h
-
- ;; If CF=1, the number returned by RDSEED is valid.
- ;; If CF=0, a random number was not available.
- jc .RDSEED_succeeded
-
-.RDSEED_failed:
-
- ;; Exit if we've reached the limit
- cmp safety, 0
- je .GenerateBlock_Failure
-
- dec safety
- jmp .GenerateBlock_Top
-
-.RDSEED_succeeded:
-
- cmp bsize, MWSIZE
- jb .Partial_Machine_Word
-
-.Full_Machine_Word:
-
- mov [buffer], eax
- add buffer, MWSIZE ;; No need for Intel Core 2 slow word workarounds,
- sub bsize, MWSIZE ;; like `lea buffer,[buffer+MWSIZE]` for faster adds
-
- ;; Continue
- jmp .GenerateBlock_Top
-
- ;; 1,2,3 bytes remain for X86
- ;; 1,2,3,4,5,6,7 remain for X32
-.Partial_Machine_Word:
-
-%ifdef X32
- ;; Test bit 2 to see if size is at least 4
- test bsize, 4
- jz .Bit_2_Not_Set
-
- mov [buffer], eax
- add buffer, 4
-
- DB 048h ;; Combined, these result in
- shr eax, 32 ;; `shr rax, 32`
-
-.Bit_2_Not_Set:
-%endif
-
- ;; Test bit 1 to see if size is at least 2
- test bsize, 2
- jz .Bit_1_Not_Set
-
- mov [buffer], ax
- shr eax, 16
- add buffer, 2
-
-.Bit_1_Not_Set:
-
- ;; Test bit 0 to see if size is at least 1
- test bsize, 1
- jz .GenerateBlock_Success
-
- mov [buffer], al
-
-.Bit_0_Not_Set:
-
- ;; We've hit all the bits
- jmp .GenerateBlock_Success
-
-.GenerateBlock_PreRet:
-
- ;; Test for success (was the request completely fulfilled?)
- cmp bsize, 0
- je .GenerateBlock_Success
-
-.GenerateBlock_Failure:
-
- xor eax, eax
- mov al, RDSEED_FAILURE
- ret
-
-.GenerateBlock_Success:
-
- xor eax, eax
- mov al, RDSEED_SUCCESS
- ret
-
-%endif ;; X86 and X32
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
-%ifdef X64 ;; Set via the command line
-
-global NASM_RSA_GenerateBlock
-section .text
-align 16
-
-;; Arg1, byte* buffer
-;; Arg2, size_t bsize
-;; Arg3, unsigned int safety
-;; RAX (out): success (1), failure (0)
-
-NASM_RSA_GenerateBlock:
-
-%define MWSIZE 08h ;; machine word size
-%define buffer rdi
-%define bsize rsi
-%define safety edx
-
- ;; No need for Load_Arguments due to fastcall
-
-.Validate_Pointer:
-
- ;; Validate pointer
- cmp buffer, 0
- je .GenerateBlock_PreRet
-
- ;; Top of While loop
-.GenerateBlock_Top:
-
- ;; Check remaining size
- cmp bsize, 0
- je .GenerateBlock_Success
-
-.Call_RDSEED_RAX:
- ;; RDSEED is not available prior to VS2012. Just emit
- ;; the byte codes using DB. This is `rdseed rax`.
- DB 048h, 0Fh, 0C7h, 0F8h
-
- ;; If CF=1, the number returned by RDSEED is valid.
- ;; If CF=0, a random number was not available.
- jc .RDSEED_succeeded
-
-.RDSEED_failed:
-
- ;; Exit if we've reached the limit
- cmp safety, 0
- je .GenerateBlock_Failure
-
- dec safety
- jmp .GenerateBlock_Top
-
-.RDSEED_succeeded:
-
- cmp bsize, MWSIZE
- jb .Partial_Machine_Word
-
-.Full_Machine_Word:
-
- mov [buffer], rax
- add buffer, MWSIZE
- sub bsize, MWSIZE
-
- ;; Continue
- jmp .GenerateBlock_Top
-
- ;; 1,2,3,4,5,6,7 bytes remain
-.Partial_Machine_Word:
-
- ;; Test bit 2 to see if size is at least 4
- test bsize, 4
- jz .Bit_2_Not_Set
-
- mov [buffer], eax
- shr rax, 32
- add buffer, 4
-
-.Bit_2_Not_Set:
-
- ;; Test bit 1 to see if size is at least 2
- test bsize, 2
- jz .Bit_1_Not_Set
-
- mov [buffer], ax
- shr eax, 16
- add buffer, 2
-
-.Bit_1_Not_Set:
-
- ;; Test bit 0 to see if size is at least 1
- test bsize, 1
- jz .GenerateBlock_Success
-
- mov [buffer], al
-
-.Bit_0_Not_Set:
-
- ;; We've hit all the bits
- jmp .GenerateBlock_Success
-
-.GenerateBlock_PreRet:
-
- ;; Test for success (was the request completely fulfilled?)
- cmp bsize, 0
- je .GenerateBlock_Success
-
-.GenerateBlock_Failure:
-
- xor rax, rax
- mov al, RDSEED_FAILURE
- ret
-
-.GenerateBlock_Success:
-
- xor rax, rax
- mov al, RDSEED_SUCCESS
- ret
-
-%endif ;; _M_X64
-
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;
-
+;; rdrand.asm - written and placed in public domain by Jeffrey Walton and Uri Blumenthal. +;; Copyright assigned to the Crypto++ project. + +;; This ASM file provides RDRAND and RDSEED to downlevel Unix and Linux tool chains. +;; Additionally, the inline assembly code produced by GCC and Clang is not that +;; impressive. However, using this code requires NASM and an edit to the GNUmakefile. + +;; nasm -f elf32 rdrand.S -DX86 -g -o rdrand-x86.o +;; nasm -f elfx32 rdrand.S -DX32 -g -o rdrand-x32.o +;; nasm -f elf64 rdrand.S -DX64 -g -o rdrand-x64.o + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +;; Naming convention used in rdrand.{h|cpp|asm|S} +;; MSC = Microsoft Compiler (and compatibles) +;; GCC = GNU Compiler (and compatibles) +;; ALL = MSC and GCC (and compatibles) +;; RRA = RDRAND, Assembly +;; RSA = RDSEED, Assembly +;; RRI = RDRAND, Intrinsic +;; RSA = RDSEED, Intrinsic + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +;; C/C++ Function prototypes +;; X86, X32 and X64: +;; extern "C" int NASM_RRA_GenerateBlock(byte* ptr, size_t size, unsigned int safety); + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +;; Return values +%define RDRAND_SUCCESS 1 +%define RDRAND_FAILURE 0 + +%define RDSEED_SUCCESS 1 +%define RDSEED_FAILURE 0 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +%ifdef X86 or X32 ;; Set via the command line + +;; Arg1, byte* buffer +;; Arg2, size_t bsize +;; Arg3, unsigned int safety +;; EAX (out): success (1), failure (0) + +global NASM_RRA_GenerateBlock +section .text + +%ifdef X86 +align 8 +cpu 486 +%else +align 16 +%endif + +NASM_RRA_GenerateBlock: + +%ifdef X86 +%define arg1 [ebp+04h] +%define arg2 [ebp+08h] +%define arg3 [ebp+0ch] +%define MWSIZE 04h ;; machine word size +%else +%define MWSIZE 08h ;; machine word size +%endif + + %define buffer edi + %define bsize esi + %define safety edx + +%ifdef X86 +.Load_Arguments: + + mov buffer, arg1 + mov bsize, arg2 + mov safety, arg3 +%endif + +.Validate_Pointer: + + cmp buffer, 0 + je .GenerateBlock_PreRet + + ;; Top of While loop +.GenerateBlock_Top: + + ;; Check remaining size + cmp bsize, 0 + je .GenerateBlock_Success + +%ifdef X86 +.Call_RDRAND_EAX: +%else +.Call_RDRAND_RAX: + DB 48h ;; X32 can use the full register, issue the REX.w prefix +%endif + ;; RDRAND is not available prior to VS2012. Just emit + ;; the byte codes using DB. This is `rdrand eax`. + DB 0Fh, 07h, F0h + + ;; If CF=1, the number returned by RDRAND is valid. + ;; If CF=0, a random number was not available. + jc .RDRAND_succeeded + +.RDRAND_failed: + + ;; Exit if we've reached the limit + cmp safety, 0 + je .GenerateBlock_Failure + + dec safety + jmp .GenerateBlock_Top + +.RDRAND_succeeded: + + cmp bsize, MWSIZE + jb .Partial_Machine_Word + +.Full_Machine_Word: + +%ifdef X32 + mov [buffer+4], eax ;; We can only move 4 at a time + DB 048h ;; Combined, these result in + shr eax, 32 ;; `shr rax, 32` +%endif + + mov [buffer], eax + add buffer, MWSIZE ;; No need for Intel Core 2 slow word workarounds, + sub bsize, MWSIZE ;; like `lea buffer,[buffer+MWSIZE]` for faster adds + + ;; Continue + jmp .GenerateBlock_Top + + ;; 1,2,3 bytes remain for X86 + ;; 1,2,3,4,5,6,7 remain for X32 +.Partial_Machine_Word: + +%ifdef X32 + ;; Test bit 2 to see if size is at least 4 + test bsize, 4 + jz .Bit_2_Not_Set + + mov [buffer], eax + add buffer, 4 + + DB 048h ;; Combined, these result in + shr eax, 32 ;; `shr rax, 32` + +.Bit_2_Not_Set: +%endif + + ;; Test bit 1 to see if size is at least 2 + test bsize, 2 + jz .Bit_1_Not_Set + + mov [buffer], ax + shr eax, 16 + add buffer, 2 + +.Bit_1_Not_Set: + + ;; Test bit 0 to see if size is at least 1 + test bsize, 1 + jz .GenerateBlock_Success + + mov [buffer], al + +.Bit_0_Not_Set: + + ;; We've hit all the bits + jmp .GenerateBlock_Success + +.GenerateBlock_PreRet: + + ;; Test for success (was the request completely fulfilled?) + cmp bsize, 0 + je .GenerateBlock_Success + +.GenerateBlock_Failure: + + xor eax, eax + mov al, RDRAND_FAILURE + ret + +.GenerateBlock_Success: + + xor eax, eax + mov al, RDRAND_SUCCESS + ret + +%endif ;; X86 and X32 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +%ifdef X64 ;; Set via the command line + +global NASM_RRA_GenerateBlock +section .text +align 16 + +;; Arg1, byte* buffer +;; Arg2, size_t bsize +;; Arg3, unsigned int safety +;; RAX (out): success (1), failure (0) + +NASM_RRA_GenerateBlock: + +%define MWSIZE 08h ;; machine word size +%define buffer rdi +%define bsize rsi +%define safety edx + + ;; No need for Load_Arguments due to fastcall + +.Validate_Pointer: + + ;; Validate pointer + cmp buffer, 0 + je .GenerateBlock_PreRet + + ;; Top of While loop +.GenerateBlock_Top: + + ;; Check remaining size + cmp bsize, 0 + je .GenerateBlock_Success + +.Call_RDRAND_RAX: + ;; RDRAND is not available prior to VS2012. Just emit + ;; the byte codes using DB. This is `rdrand rax`. + DB 048h, 0Fh, 0C7h, 0F0h + + ;; If CF=1, the number returned by RDRAND is valid. + ;; If CF=0, a random number was not available. + jc .RDRAND_succeeded + +.RDRAND_failed: + + ;; Exit if we've reached the limit + cmp safety, 0h + je .GenerateBlock_Failure + + dec safety + jmp .GenerateBlock_Top + +.RDRAND_succeeded: + + cmp bsize, MWSIZE + jb .Partial_Machine_Word + +.Full_Machine_Word: + + mov [buffer], rax + add buffer, MWSIZE + sub bsize, MWSIZE + + ;; Continue + jmp .GenerateBlock_Top + + ;; 1,2,3,4,5,6,7 bytes remain +.Partial_Machine_Word: + + ;; Test bit 2 to see if size is at least 4 + test bsize, 4 + jz .Bit_2_Not_Set + + mov [buffer], eax + shr rax, 32 + add buffer, 4 + +.Bit_2_Not_Set: + + ;; Test bit 1 to see if size is at least 2 + test bsize, 2 + jz .Bit_1_Not_Set + + mov [buffer], ax + shr eax, 16 + add buffer, 2 + +.Bit_1_Not_Set: + + ;; Test bit 0 to see if size is at least 1 + test bsize, 1 + jz .GenerateBlock_Success + + mov [buffer], al + +.Bit_0_Not_Set: + + ;; We've hit all the bits + jmp .GenerateBlock_Success + +.GenerateBlock_PreRet: + + ;; Test for success (was the request completely fulfilled?) + cmp bsize, 0 + je .GenerateBlock_Success + +.GenerateBlock_Failure: + + xor rax, rax + mov al, RDRAND_FAILURE + ret + +.GenerateBlock_Success: + + xor rax, rax + mov al, RDRAND_SUCCESS + ret + +%endif ;; X64 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +%ifdef X86 or X32 ;; Set via the command line + +;; Arg1, byte* buffer +;; Arg2, size_t bsize +;; Arg3, unsigned int safety +;; EAX (out): success (1), failure (0) + +global NASM_RSA_GenerateBlock +section .text +align 8 + +%ifdef X86 +align 8 +cpu 486 +%else +align 16 +%endif + +NASM_RSA_GenerateBlock: + +%ifdef X86 +%define arg1 [ebp+04h] +%define arg2 [ebp+08h] +%define arg3 [ebp+0ch] +%define MWSIZE 04h ;; machine word size +%else +%define MWSIZE 08h ;; machine word size +%endif + + %define buffer edi + %define bsize esi + %define safety edx + +%ifdef X86 +.Load_Arguments: + + mov buffer, arg1 + mov bsize, arg2 + mov safety, arg3 +%endif + +.Validate_Pointer: + + cmp buffer, 0 + je .GenerateBlock_PreRet + + ;; Top of While loop +.GenerateBlock_Top: + + ;; Check remaining size + cmp bsize, 0 + je .GenerateBlock_Success + +%ifdef X86 +.Call_RDSEED_EAX: +%else +.Call_RDSEED_RAX: + DB 48h ;; X32 can use the full register, issue the REX.w prefix +%endif + ;; RDSEED is not available prior to VS2012. Just emit + ;; the byte codes using DB. This is `rdseed eax`. + DB 0Fh, 0C7h, 0F8h + + ;; If CF=1, the number returned by RDSEED is valid. + ;; If CF=0, a random number was not available. + jc .RDSEED_succeeded + +.RDSEED_failed: + + ;; Exit if we've reached the limit + cmp safety, 0 + je .GenerateBlock_Failure + + dec safety + jmp .GenerateBlock_Top + +.RDSEED_succeeded: + + cmp bsize, MWSIZE + jb .Partial_Machine_Word + +.Full_Machine_Word: + + mov [buffer], eax + add buffer, MWSIZE ;; No need for Intel Core 2 slow word workarounds, + sub bsize, MWSIZE ;; like `lea buffer,[buffer+MWSIZE]` for faster adds + + ;; Continue + jmp .GenerateBlock_Top + + ;; 1,2,3 bytes remain for X86 + ;; 1,2,3,4,5,6,7 remain for X32 +.Partial_Machine_Word: + +%ifdef X32 + ;; Test bit 2 to see if size is at least 4 + test bsize, 4 + jz .Bit_2_Not_Set + + mov [buffer], eax + add buffer, 4 + + DB 048h ;; Combined, these result in + shr eax, 32 ;; `shr rax, 32` + +.Bit_2_Not_Set: +%endif + + ;; Test bit 1 to see if size is at least 2 + test bsize, 2 + jz .Bit_1_Not_Set + + mov [buffer], ax + shr eax, 16 + add buffer, 2 + +.Bit_1_Not_Set: + + ;; Test bit 0 to see if size is at least 1 + test bsize, 1 + jz .GenerateBlock_Success + + mov [buffer], al + +.Bit_0_Not_Set: + + ;; We've hit all the bits + jmp .GenerateBlock_Success + +.GenerateBlock_PreRet: + + ;; Test for success (was the request completely fulfilled?) + cmp bsize, 0 + je .GenerateBlock_Success + +.GenerateBlock_Failure: + + xor eax, eax + mov al, RDSEED_FAILURE + ret + +.GenerateBlock_Success: + + xor eax, eax + mov al, RDSEED_SUCCESS + ret + +%endif ;; X86 and X32 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + +%ifdef X64 ;; Set via the command line + +global NASM_RSA_GenerateBlock +section .text +align 16 + +;; Arg1, byte* buffer +;; Arg2, size_t bsize +;; Arg3, unsigned int safety +;; RAX (out): success (1), failure (0) + +NASM_RSA_GenerateBlock: + +%define MWSIZE 08h ;; machine word size +%define buffer rdi +%define bsize rsi +%define safety edx + + ;; No need for Load_Arguments due to fastcall + +.Validate_Pointer: + + ;; Validate pointer + cmp buffer, 0 + je .GenerateBlock_PreRet + + ;; Top of While loop +.GenerateBlock_Top: + + ;; Check remaining size + cmp bsize, 0 + je .GenerateBlock_Success + +.Call_RDSEED_RAX: + ;; RDSEED is not available prior to VS2012. Just emit + ;; the byte codes using DB. This is `rdseed rax`. + DB 048h, 0Fh, 0C7h, 0F8h + + ;; If CF=1, the number returned by RDSEED is valid. + ;; If CF=0, a random number was not available. + jc .RDSEED_succeeded + +.RDSEED_failed: + + ;; Exit if we've reached the limit + cmp safety, 0 + je .GenerateBlock_Failure + + dec safety + jmp .GenerateBlock_Top + +.RDSEED_succeeded: + + cmp bsize, MWSIZE + jb .Partial_Machine_Word + +.Full_Machine_Word: + + mov [buffer], rax + add buffer, MWSIZE + sub bsize, MWSIZE + + ;; Continue + jmp .GenerateBlock_Top + + ;; 1,2,3,4,5,6,7 bytes remain +.Partial_Machine_Word: + + ;; Test bit 2 to see if size is at least 4 + test bsize, 4 + jz .Bit_2_Not_Set + + mov [buffer], eax + shr rax, 32 + add buffer, 4 + +.Bit_2_Not_Set: + + ;; Test bit 1 to see if size is at least 2 + test bsize, 2 + jz .Bit_1_Not_Set + + mov [buffer], ax + shr eax, 16 + add buffer, 2 + +.Bit_1_Not_Set: + + ;; Test bit 0 to see if size is at least 1 + test bsize, 1 + jz .GenerateBlock_Success + + mov [buffer], al + +.Bit_0_Not_Set: + + ;; We've hit all the bits + jmp .GenerateBlock_Success + +.GenerateBlock_PreRet: + + ;; Test for success (was the request completely fulfilled?) + cmp bsize, 0 + je .GenerateBlock_Success + +.GenerateBlock_Failure: + + xor rax, rax + mov al, RDSEED_FAILURE + ret + +.GenerateBlock_Success: + + xor rax, rax + mov al, RDSEED_SUCCESS + ret + +%endif ;; _M_X64 + +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; +;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;; + @@ -16,7 +16,7 @@ // to select an implementation or "throw NotImplemented". At runtime, the
// class uses the result of CPUID to determine if RDRAND or RDSEED are
// available. A lazy throw strategy is used in case the CPU does not support
-// the instruction. I.e., the throw is deferred until GenerateBlock is called.
+// the instruction. I.e., the throw is deferred until GenerateBlock() is called.
// Microsoft added RDRAND in August 2012, VS2012. GCC added RDRAND in December 2010, GCC 4.6.
// Clang added RDRAND in July 2012, Clang 3.2. Intel added RDRAND in September 2011, ICC 12.1.
@@ -48,7 +48,7 @@ public: virtual ~RDRAND() {}
//! \brief Retrieve the number of retries used by the generator
- //! returns the number of times GenerateBlock will attempt to recover from a failed generation
+ //! \returns the number of times GenerateBlock() will attempt to recover from a failed generation
unsigned int GetRetries() const
{
return m_retries;
@@ -127,7 +127,7 @@ public: virtual ~RDSEED() {}
//! \brief Retrieve the number of retries used by the generator
- //! returns the number of times GenerateBlock will attempt to recover from a failed generation
+ //! \returns the number of times GenerateBlock() will attempt to recover from a failed generation
unsigned int GetRetries() const
{
return m_retries;
@@ -16,10 +16,14 @@ NAMESPACE_BEGIN(CryptoPP)
//! \brief Linear Congruential Generator (LCG)
-//! \details Originally by William S. England, do not use for cryptographic purposes
+//! \details Originally propsed by William S. England.
+//! \warning LC_RNG is suitable for simulations, where uniformaly distrubuted numbers are
+//! required quickly. It should not be used for cryptographic purposes.
class LC_RNG : public RandomNumberGenerator
{
public:
+ //! \brief Construct a Linear Congruential Generator (LCG)
+ //! \param init_seed the initial value for the generator
LC_RNG(word32 init_seed)
: seed(init_seed) {}
@@ -1,9 +1,11 @@ +// safer.h - written and placed in the public domain by Wei Dai
+
+//! \file safer.h
+//! \brief Classes for the SAFER block cipher
+
#ifndef CRYPTOPP_SAFER_H
#define CRYPTOPP_SAFER_H
-/** \file
-*/
-
#include "seckey.h"
#include "secblock.h"
@@ -1,8 +1,7 @@ // salsa.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \headerfile salsa.h
-//! \brief Classes for Salsa encryption scheme
+//! \file salsa.h
+//! \brief Classes for Salsa and Salsa20 stream ciphers
#ifndef CRYPTOPP_SALSA_H
#define CRYPTOPP_SALSA_H
@@ -1,8 +1,7 @@ // seal.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \headerfile seal.h
-//! \brief Classes for SEAL encryption scheme
+//! \file seal.h
+//! \brief Classes for SEAL stream cipher
#ifndef CRYPTOPP_SEAL_H
#define CRYPTOPP_SEAL_H
@@ -12,7 +12,10 @@ #if CRYPTOPP_MSC_VERSION
# pragma warning(push)
-# pragma warning(disable: 4700 6386)
+# pragma warning(disable: 4700)
+# if (CRYPTOPP_MSC_VERSION >= 1400)
+# pragma warning(disable: 6386)
+# endif
#endif
NAMESPACE_BEGIN(CryptoPP)
@@ -1,8 +1,7 @@ // seed.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \headerfile seed.h
-//! \brief Classes for SEED encryption scheme
+//! \file seed.h
+//! \brief Classes for the SEED block cipher
#ifndef CRYPTOPP_SEED_H
#define CRYPTOPP_SEED_H
@@ -1,9 +1,11 @@ +// serpent.h - written and placed in the public domain by Wei Dai
+
+//! \file serpent.h
+//! \brief Classes for the Serpent block cipher
+
#ifndef CRYPTOPP_SERPENT_H
#define CRYPTOPP_SERPENT_H
-/** \file
-*/
-
#include "seckey.h"
#include "secblock.h"
@@ -1,9 +1,11 @@ +// shacal.h - written and placed in the public domain by Wei Dai
+
+//! \file shacal.h
+//! \brief Classes for the SHACAL-2 block cipher
+
#ifndef CRYPTOPP_SHACAL2_H
#define CRYPTOPP_SHACAL2_H
-/** \file
-*/
-
#include "seckey.h"
#include "secblock.h"
@@ -1,8 +1,7 @@ // shark.h - written and placed in the public domain by Wei Dai
-//! \file
-//! \headerfile shark.h
-//! \brief Classes for SHARK encryption scheme
+//! \file shark.h
+//! \brief Classes for the SHARK block cipher
#ifndef CRYPTOPP_SHARK_H
#define CRYPTOPP_SHARK_H
@@ -1,7 +1,7 @@ // skipjack.h - written and placed in the public domain by Wei Dai
//! \file skipjack.h
-//! \brief Classes for Skipjack encryption algorithm
+//! \brief Classes for the SKIPJACK block cipher
#ifndef CRYPTOPP_SKIPJACK_H
#define CRYPTOPP_SKIPJACK_H
diff --git a/sosemanuk.h b/sosemanuk.h index d1025c20..5b32ee85 100644 --- a/sosemanuk.h +++ b/sosemanuk.h @@ -1,3 +1,8 @@ +// sosemanuk.h - written and placed in the public domain by Wei Dai
+
+//! \file sosemanuk.h
+//! \brief Classes for Sosemanuk stream cipher
+
#ifndef CRYPTOPP_SOSEMANUK_H
#define CRYPTOPP_SOSEMANUK_H
@@ -1,7 +1,7 @@ // square.h - written and placed in the public domain by Wei Dai
//! \file square.h
-//! \brief Classes for SQUARE encryption algorithm
+//! \brief Classes for the Square block cipher
#ifndef CRYPTOPP_SQUARE_H
#define CRYPTOPP_SQUARE_H
@@ -1,9 +1,11 @@ +// tea.h - written and placed in the public domain by Wei Dai
+
+//! \file tea.h
+//! \brief Classes for the TEA, BTEA and XTEA block ciphers
+
#ifndef CRYPTOPP_TEA_H
#define CRYPTOPP_TEA_H
-/** \file
-*/
-
#include "seckey.h"
#include "secblock.h"
#include "misc.h"
@@ -940,7 +940,7 @@ bool Validate(int alg, bool thorough, const char *seedInput) }
// Safer functions on Windows for C&A, https://github.com/weidai11/cryptopp/issues/55
-#if defined(CRYPTOPP_MSC_VERSION)
+#if (CRYPTOPP_MSC_VERSION >= 1400)
tm localTime = {};
char timeBuf[64];
errno_t err;
@@ -1,9 +1,11 @@ +// twofish.h - written and placed in the public domain by Wei Dai
+
+//! \file twofish.h
+//! \brief Classes for the Twofish block cipher
+
#ifndef CRYPTOPP_TWOFISH_H
#define CRYPTOPP_TWOFISH_H
-/** \file
-*/
-
#include "seckey.h"
#include "secblock.h"
diff --git a/validat1.cpp b/validat1.cpp index 38fe72c4..1d614636 100644 --- a/validat1.cpp +++ b/validat1.cpp @@ -32,6 +32,8 @@ #include "rc6.h"
#include "mars.h"
#include "aes.h"
+#include "cpu.h"
+#include "rng.h"
#include "rijndael.h"
#include "twofish.h"
#include "serpent.h"
@@ -42,8 +44,7 @@ #include "rdrand.h"
#include "zdeflate.h"
#include "smartptr.h"
-#include "rng.h"
-#include "cpu.h"
+#include "channels.h"
#include <time.h>
#include <memory>
@@ -460,42 +461,44 @@ bool TestAutoSeeded() bool TestRDRAND()
{
RDRAND rdrand;
- bool maurer = true, generate = true, discard = true;
+ bool entropy = true, compress = true, discard = true;
static const unsigned int SIZE = 10000;
if (HasRDRAND())
{
cout << "\nTesting RDRAND generator...\n\n";
- vector_ptr<byte> rdbytes(SIZE);
- RandomNumberSource rns(rdrand, SIZE, true, new ArraySink(rdbytes, rdbytes.size()));
- ArraySource as(rdbytes, rdbytes.size(), true);
-
- MaurerRandomnessTest mt;
- as.CopyTo(mt);
+ MeterFilter meter(new Redirector(TheBitBucket()));
+ Deflator deflator(new Redirector(meter));
+ MaurerRandomnessTest maurer;
- const double mv = mt.GetTestValue();
+ ChannelSwitch chsw;
+ chsw.AddDefaultRoute(deflator);
+ chsw.AddDefaultRoute(maurer);
+
+ RandomNumberSource rns(rdrand, SIZE, true, new Redirector(chsw));
+ deflator.Flush(true);
+
+ assert(0 == maurer.BytesNeeded());
+ const double mv = maurer.GetTestValue();
if (mv < 0.98f)
{
cout << "FAILED:";
- maurer = false;
+ entropy = false;
}
else
cout << "passed:";
- const std::streamsize oldp = cout.precision(5);
+ const std::streamsize oldp = cout.precision(6);
const std::ios::fmtflags oldf = cout.setf(std::ios::fixed, std::ios::floatfield);
- cout << " Maurer Randomness Test value of " << mv << endl;
+ cout << " Maurer Randomness Test returned value " << mv << endl;
cout.precision(oldp);
cout.setf(oldf, std::ios::floatfield);
- MeterFilter meter(new Redirector(TheBitBucket()));
- as.CopyTo(meter);
-
if (meter.GetTotalBytes() < SIZE)
{
cout << "FAILED:";
- generate = false;
+ compress = false;
}
else
cout << "passed:";
@@ -519,10 +522,10 @@ bool TestRDRAND() else
cout << "\nRDRAND generator not available, skipping test.\n";
- if (!(maurer && generate && discard))
+ if (!(entropy && compress && discard))
cout.flush();
- return maurer && generate && discard;
+ return entropy && compress && discard;
}
#endif
@@ -530,42 +533,44 @@ bool TestRDRAND() bool TestRDSEED()
{
RDSEED rdseed;
- bool maurer = true, generate = true, discard = true;
+ bool entropy = true, compress = true, discard = true;
static const unsigned int SIZE = 10000;
if (HasRDSEED())
{
cout << "\nTesting RDSEED generator...\n\n";
- vector_ptr<byte> rdbytes(SIZE);
- RandomNumberSource rns(rdseed, SIZE, true, new ArraySink(rdbytes, rdbytes.size()));
- ArraySource as(rdbytes, rdbytes.size(), true);
-
- MaurerRandomnessTest mt;
- as.CopyTo(mt);
+ MeterFilter meter(new Redirector(TheBitBucket()));
+ Deflator deflator(new Redirector(meter));
+ MaurerRandomnessTest maurer;
- const double mv = mt.GetTestValue();
+ ChannelSwitch chsw;
+ chsw.AddDefaultRoute(deflator);
+ chsw.AddDefaultRoute(maurer);
+
+ RandomNumberSource rns(rdseed, SIZE, true, new Redirector(chsw));
+ deflator.Flush(true);
+
+ assert(0 == maurer.BytesNeeded());
+ const double mv = maurer.GetTestValue();
if (mv < 0.98f)
{
cout << "FAILED:";
- maurer = false;
+ entropy = false;
}
else
cout << "passed:";
- const std::streamsize oldp = cout.precision(5);
+ const std::streamsize oldp = cout.precision(6);
const std::ios::fmtflags oldf = cout.setf(std::ios::fixed, std::ios::floatfield);
- cout << " Maurer Randomness Test value of " << mv << endl;
+ cout << " Maurer Randomness Test returned value " << mv << endl;
cout.precision(oldp);
cout.setf(oldf, std::ios::floatfield);
- MeterFilter meter(new Redirector(TheBitBucket()));
- as.CopyTo(meter);
-
if (meter.GetTotalBytes() < SIZE)
{
cout << "FAILED:";
- generate = false;
+ compress = false;
}
else
cout << "passed:";
@@ -589,10 +594,10 @@ bool TestRDSEED() else
cout << "\nRDSEED generator not available, skipping test.\n";
- if (!(maurer && generate && discard))
+ if (!(entropy && compress && discard))
cout.flush();
- return maurer && generate && discard;
+ return entropy && compress && discard;
}
#endif
diff --git a/vs-clean.cmd b/vs-clean.cmd deleted file mode 100644 index 33cbc58c..00000000 --- a/vs-clean.cmd +++ /dev/null @@ -1,39 +0,0 @@ -@echo OFFse
-REM set THIS_DIR=%~dp0
-set THIS_DIR=.
-
-attrib -R -A -S -H "%THIS_DIR%\*.aps"
-attrib -R -A -S -H "%THIS_DIR%\*.ncb"
-attrib -R -A -S -H "%THIS_DIR%\*.suo"
-attrib -R -A -S -H "%THIS_DIR%\*.sdf"
-attrib -R -A -S -H "%THIS_DIR%\*.user"
-
-del "%THIS_DIR%\*.aps" /q
-del "%THIS_DIR%\*.ncb" /q
-del "%THIS_DIR%\*.suo" /q
-del "%THIS_DIR%\*.sdf" /q
-del "%THIS_DIR%\*.user" /q
-del "%THIS_DIR%\*.diff" /q
-del "%THIS_DIR%\adhoc.cpp" /q
-del "%THIS_DIR%\cryptopp.mac.done" /q
-del "%THIS_DIR%\adhoc.cpp.copied" /q
-
-REM Visual Studio build artifacts
-rmdir /Q /S "%THIS_DIR%\Debug\"
-rmdir /Q /S "%THIS_DIR%\Release\"
-rmdir /Q /S "%THIS_DIR%\Win32\"
-rmdir /Q /S "%THIS_DIR%\x64\"
-rmdir /Q /S "%THIS_DIR%\ipch\"
-rmdir /Q /S "%THIS_DIR%\.vs\"
-
-REM Visual Studio VCUpgrade artifacts
-del "%THIS_DIR%\*.old" /q
-del "%THIS_DIR%\UpgradeLog.htm" /q
-del "%THIS_DIR%\UpgradeLog.XML" /q
-rmdir /Q /S "%THIS_DIR%\_UpgradeReport_Files\"
-rmdir /Q /S "%THIS_DIR%\Backup\"
-
-REM New Visual Studio artifacts after a VCUpgrade 2010
-REM attrib -R -A -S -H "%THIS_DIR%\*.filters"
-REM del "%THIS_DIR%\*.filters" /q
-REM del "%THIS_DIR%\*.vcxproj" /q
\ No newline at end of file Binary files differ@@ -1,3 +1,8 @@ +// wake.h - written and placed in the public domain by Wei Dai
+
+//! \file wake.h
+//! \brief Classes for WAKE stream cipher
+
#ifndef CRYPTOPP_WAKE_H
#define CRYPTOPP_WAKE_H
|