diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..494438a --- /dev/null +++ b/.gitignore @@ -0,0 +1,271 @@ +# Prerequisites +*.d + +# Compiled Object files +*.slo +*.lo +*.o +*.obj + +# Precompiled Headers +*.gch +*.pch + +# Compiled Dynamic libraries +*.so +*.dylib +*.dll + +# Fortran module files +*.mod +*.smod + +# Compiled Static libraries +*.lai +*.la +*.a +*.lib + +# Executables +*.exe +*.out +*.app + + + +## Ignore Visual Studio temporary files, build results, and +## files generated by popular Visual Studio add-ons. + +# User-specific files +*.suo +*.user +*.userosscache +*.sln.docstates + +# User-specific files (MonoDevelop/Xamarin Studio) +*.userprefs + +# Build results +[Dd]ebug/ +[Dd]ebugPublic/ +[Rr]elease/ +[Rr]eleases/ +x64/ +x86/ +bld/ +[Bb]in/ +[Oo]bj/ + +# Visual Studio 2015 cache/options directory +.vs/ +# Uncomment if you have tasks that create the project's static files in wwwroot +#wwwroot/ + +# MSTest test Results +[Tt]est[Rr]esult*/ +[Bb]uild[Ll]og.* + +# NUNIT +*.VisualState.xml +TestResult.xml + +# Build Results of an ATL Project +[Dd]ebugPS/ +[Rr]eleasePS/ +dlldata.c + +# DNX +project.lock.json +artifacts/ + +*_i.c +*_p.c +*_i.h +*.ilk +*.meta +*.obj +*.pch +*.pdb +*.pgc +*.pgd +*.rsp +*.sbr +*.tlb +*.tli +*.tlh +*.tmp +*.tmp_proj +*.log +*.vspscc +*.vssscc +.builds +*.pidb +*.svclog +*.scc + +# Chutzpah Test files +_Chutzpah* + +# Visual C++ cache files +ipch/ +*.aps +*.ncb +*.opendb +*.opensdf +*.sdf +*.cachefile + +# Visual Studio profiler +*.psess +*.vsp +*.vspx +*.sap + +# TFS 2012 Local Workspace +$tf/ + +# Guidance Automation Toolkit +*.gpState + +# ReSharper is a .NET coding add-in +_ReSharper*/ +*.[Rr]e[Ss]harper +*.DotSettings.user + +# JustCode is a .NET coding add-in +.JustCode + +# TeamCity is a build add-in +_TeamCity* + +# DotCover is a Code Coverage Tool +*.dotCover + +# NCrunch +_NCrunch_* +.*crunch*.local.xml +nCrunchTemp_* + +# MightyMoose +*.mm.* +AutoTest.Net/ + +# Web workbench (sass) +.sass-cache/ + +# Installshield output folder +[Ee]xpress/ + +# DocProject is a documentation generator add-in +DocProject/buildhelp/ +DocProject/Help/*.HxT +DocProject/Help/*.HxC +DocProject/Help/*.hhc +DocProject/Help/*.hhk +DocProject/Help/*.hhp +DocProject/Help/Html2 +DocProject/Help/html + +# Click-Once directory +publish/ + +# Publish Web Output +*.[Pp]ublish.xml +*.azurePubxml +# TODO: Comment the next line if you want to checkin your web deploy settings +# but database connection strings (with potential passwords) will be unencrypted +*.pubxml +*.publishproj + +# NuGet Packages +*.nupkg +# The packages folder can be ignored because of Package Restore +**/packages/* +# except build/, which is used as an MSBuild target. +!**/packages/build/ +# Uncomment if necessary however generally it will be regenerated when needed +#!**/packages/repositories.config +# NuGet v3's project.json files produces more ignoreable files +*.nuget.props +*.nuget.targets + +# Microsoft Azure Build Output +csx/ +*.build.csdef + +# Microsoft Azure Emulator +ecf/ +rcf/ + +# Microsoft Azure ApplicationInsights config file +ApplicationInsights.config + +# Windows Store app package directory +AppPackages/ +BundleArtifacts/ + +# Visual Studio cache files +# files ending in .cache can be ignored +*.[Cc]ache +# but keep track of directories ending in .cache +!*.[Cc]ache/ + +# Others +ClientBin/ +~$* +*~ +*.dbmdl +*.dbproj.schemaview +*.pfx +*.publishsettings +node_modules/ +orleans.codegen.cs + +# RIA/Silverlight projects +Generated_Code/ + +# Backup & report files from converting an old project file +# to a newer Visual Studio version. Backup files are not needed, +# because we have git ;-) +_UpgradeReport_Files/ +Backup*/ +UpgradeLog*.XML +UpgradeLog*.htm + +# SQL Server files +*.mdf +*.ldf + +# Business Intelligence projects +*.rdl.data +*.bim.layout +*.bim_*.settings + +# Microsoft Fakes +FakesAssemblies/ + +# GhostDoc plugin setting file +*.GhostDoc.xml + +# Node.js Tools for Visual Studio +.ntvs_analysis.dat + +# Visual Studio 6 build log +*.plg + +# Visual Studio 6 workspace options file +*.opt + +# Visual Studio LightSwitch build output +**/*.HTMLClient/GeneratedArtifacts +**/*.DesktopClient/GeneratedArtifacts +**/*.DesktopClient/ModelManifest.xml +**/*.Server/GeneratedArtifacts +**/*.Server/ModelManifest.xml +_Pvt_Extensions + +# Paket dependency manager +.paket/paket.exe + +# FAKE - F# Make +.fake/ \ No newline at end of file diff --git a/CPPTools.sln b/CPPTools.sln new file mode 100644 index 0000000..9627e18 --- /dev/null +++ b/CPPTools.sln @@ -0,0 +1,31 @@ + +Microsoft Visual Studio Solution File, Format Version 12.00 +# Visual Studio 15 +VisualStudioVersion = 15.0.26730.8 +MinimumVisualStudioVersion = 10.0.40219.1 +Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "CPPTools", "CPPTools\CPPTools.vcxproj", "{77C5A027-83A9-4197-88E1-E79D935CB274}" +EndProject +Global + GlobalSection(SolutionConfigurationPlatforms) = preSolution + Debug|x64 = Debug|x64 + Debug|x86 = Debug|x86 + Release|x64 = Release|x64 + Release|x86 = Release|x86 + EndGlobalSection + GlobalSection(ProjectConfigurationPlatforms) = postSolution + {77C5A027-83A9-4197-88E1-E79D935CB274}.Debug|x64.ActiveCfg = Debug|x64 + {77C5A027-83A9-4197-88E1-E79D935CB274}.Debug|x64.Build.0 = Debug|x64 + {77C5A027-83A9-4197-88E1-E79D935CB274}.Debug|x86.ActiveCfg = Debug|Win32 + {77C5A027-83A9-4197-88E1-E79D935CB274}.Debug|x86.Build.0 = Debug|Win32 + {77C5A027-83A9-4197-88E1-E79D935CB274}.Release|x64.ActiveCfg = Release|x64 + {77C5A027-83A9-4197-88E1-E79D935CB274}.Release|x64.Build.0 = Release|x64 + {77C5A027-83A9-4197-88E1-E79D935CB274}.Release|x86.ActiveCfg = Release|Win32 + {77C5A027-83A9-4197-88E1-E79D935CB274}.Release|x86.Build.0 = Release|Win32 + EndGlobalSection + GlobalSection(SolutionProperties) = preSolution + HideSolutionNode = FALSE + EndGlobalSection + GlobalSection(ExtensibilityGlobals) = postSolution + SolutionGuid = {FD42DEB2-CFAD-43B5-8D13-D1E58247985A} + EndGlobalSection +EndGlobal diff --git a/CPPTools/ArchAbstract.h b/CPPTools/ArchAbstract.h new file mode 100644 index 0000000..44fb1a0 --- /dev/null +++ b/CPPTools/ArchAbstract.h @@ -0,0 +1,7 @@ +#pragma once + +// Add architecture abstraction things here. I.e. things that make the difference between architectures less visible + +#ifndef ulong_64b +#define ulong_64b unsigned long long +#endif \ No newline at end of file diff --git a/CPPTools/CPPTools.vcxproj b/CPPTools/CPPTools.vcxproj new file mode 100644 index 0000000..301d15a --- /dev/null +++ b/CPPTools/CPPTools.vcxproj @@ -0,0 +1,155 @@ + + + + + Debug + Win32 + + + Release + Win32 + + + Debug + x64 + + + Release + x64 + + + + 15.0 + {24D9CC51-39A4-4AD3-81FC-8CAE3D590AC1} + SlimSupport + 10.0.15063.0 + + + + Application + true + v141 + MultiByte + + + StaticLibrary + false + v141 + true + MultiByte + + + StaticLibrary + true + v141 + MultiByte + + + StaticLibrary + false + v141 + true + MultiByte + + + + + + + + + + + + + + + + + + + + + $(SolutionDir)\libs\SlimSupport\ + 64.lib + + + $(SolutionDir)\libs\SlimSupport + .lib + + + + Level3 + MaxSpeed + true + true + true + $(SolutionDir)libs\win_crypto++\include\;%(AdditionalIncludeDirectories) + MultiThreaded + + + true + true + $(SolutionDir)libs\win_crypto++\;%(AdditionalLibraryDirectories) + cryptlib64.lib;winsqlite3.lib;shlwapi.lib;Crypt32.lib;Ws2_32.lib;Mswsock.lib;AdvApi32.lib;%(AdditionalDependencies) + + + $(SolutionDir)libs\win_crypto++\;%(AdditionalLibraryDirectories) + cryptlib64.lib;winsqlite3.lib;shlwapi.lib;Crypt32.lib;Ws2_32.lib;Mswsock.lib;AdvApi32.lib;%(AdditionalDependencies) + + + + + Level3 + Disabled + true + + + + + Level3 + Disabled + true + $(SolutionDir)libs\win_crypto++\include\;%(AdditionalIncludeDirectories) + + + cryptlib64.lib;winsqlite3.lib;shlwapi.lib;Crypt32.lib;Ws2_32.lib;Mswsock.lib;AdvApi32.lib;%(AdditionalDependencies) + + + $(SolutionDir)libs\win_crypto++\;%(AdditionalLibraryDirectories) + + + + + Level3 + MaxSpeed + true + true + true + $(SolutionDir)libs\win_crypto++\include;%(AdditionalIncludeDirectories) + MultiThreaded + + + true + true + + + $(SolutionDir)libs\win_crypto++\;%(AdditionalLibraryDirectories) + cryptlib.lib;winsqlite3.lib;shlwapi.lib;Crypt32.lib;Ws2_32.lib;Mswsock.lib;AdvApi32.lib;%(AdditionalDependencies) + + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/CPPTools/CPPTools.vcxproj.filters b/CPPTools/CPPTools.vcxproj.filters new file mode 100644 index 0000000..e414768 --- /dev/null +++ b/CPPTools/CPPTools.vcxproj.filters @@ -0,0 +1,42 @@ + + + + + {4FC737F1-C7A5-4376-A066-2A32D752A2FF} + cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx + + + {93995380-89BD-4b04-88EB-625FBE52EBFB} + h;hh;hpp;hxx;hm;inl;inc;xsd + + + {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} + rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms + + + + + Header Files + + + Header Files + + + Header Files + + + Header Files + + + + + Source Files + + + Source Files + + + Source Files + + + \ No newline at end of file diff --git a/CPPTools/Crypto.cpp b/CPPTools/Crypto.cpp new file mode 100644 index 0000000..734a7ea --- /dev/null +++ b/CPPTools/Crypto.cpp @@ -0,0 +1,233 @@ +#include "Crypto.h" + +#include +#include +#include + + + +namespace Crypto { + + namespace AES { + // -------- AES START -------- + + // Parameters: + // message: Message to encrypt + // size: Length of message (probably strlen(message)) + // resultingSize: Secondary return value representing string length of returned char* + // aes_key: Key to use for encryption + // aes_it: Initialization vector to use for encryption + char* aes_encrypt(void* msg, ulong_64b size, ulong_64b* resultingSize, AES_KEY aes_key, AES_IV aes_iv) { + char* message = (char*)msg; + byte key[_AES_BYTE_SIZE], iv[_AES_BYTE_SIZE]; + memset(key, aes_key, _AES_BYTE_SIZE); + memset(iv, aes_iv, _AES_BYTE_SIZE); + + std::string ciphertext; + + CryptoPP::AES::Encryption aesEncryption(key, _AES_BYTE_SIZE); + CryptoPP::CBC_Mode_ExternalCipher::Encryption cbcEncryption(aesEncryption, iv); + + if (size > (size_t)size) throw _exception(); + + CryptoPP::StreamTransformationFilter stfEncryptor(cbcEncryption, new CryptoPP::StringSink(ciphertext)); + stfEncryptor.Put((const unsigned char*)message, size + 1); + stfEncryptor.MessageEnd(); + + ulong_64b t = ciphertext.size(); + + (*resultingSize) = t; + + char* cipher = (char*)malloc(t); + memcpy(cipher, ciphertext.c_str(), t); + + return cipher; + } + + char* aes_decrypt(void* msg, ulong_64b size, ulong_64b* resultSize, AES_KEY aes_key, AES_IV aes_iv) { + char* message = (char*)msg; + byte key[_AES_BYTE_SIZE], iv[_AES_BYTE_SIZE]; + memset(key, aes_key, _AES_BYTE_SIZE); + memset(iv, aes_iv, _AES_BYTE_SIZE); + + std::string decryptedtext; + + CryptoPP::AES::Decryption aesDecryption(key, _AES_BYTE_SIZE); + CryptoPP::CBC_Mode_ExternalCipher::Decryption cbcDecryption(aesDecryption, iv); + + CryptoPP::StreamTransformationFilter stfDecryptor(cbcDecryption, new CryptoPP::StringSink(decryptedtext)); + stfDecryptor.Put((const unsigned char*)message, size); + stfDecryptor.MessageEnd(); + + *resultSize = decryptedtext.size(); + + char* c = (char*)malloc(*resultSize); + //memset(c, 0, decryptedtext.size()); + memcpy(c, decryptedtext.c_str(), decryptedtext.size()); + + decryptedtext.~basic_string(); + + return c; + } + + // Just use this :P + Payload aes_auto_encrypt(void* msg, ulong_64b size) { + char* message = (char*)msg; + Payload p; + srand(time(NULL)); + + p.key = (char*)malloc(sizeof(AES_KEY)); + AES_KEY k = (AES_KEY)rand(); + + p.keySize = sizeof(AES_KEY); + + memcpy(p.key, &k, sizeof(AES_KEY)); + p.iv = (AES_IV)rand(); + + ulong_64b s; + p.ldPayload = aes_encrypt(message, size, &s, *(AES_KEY*)p.key, p.iv); + p.size = s; + + return p; + } + + // This too :P + char* aes_auto_decrypt(Payload p, ulong_64b* resultingSize) { + return aes_decrypt(p.ldPayload, p.size, resultingSize, *(AES_KEY*)p.key, p.iv); + } + + char* Payload::serialize(ulong_64b* size) { + char* ser = (char*)new char[*size=((sizeof(ulong_64b) * 2) + sizeof(AES_IV) + this->size + this->keySize)]; + ulong_64b offset = 0; + memcpy(ser + offset, &this->size, sizeof(ulong_64b)); + offset += sizeof(ulong_64b); + memcpy(ser + offset, &this->keySize, sizeof(ulong_64b)); + offset += sizeof(ulong_64b); + memcpy(ser + offset, &this->iv, sizeof(AES_IV)); + offset += sizeof(AES_IV); + memcpy(ser + offset, this->ldPayload, this->size); + offset += this->size; + memcpy(ser + offset, this->key, this->keySize); + return ser; + } + + Payload deserializePayload(void* frm, ulong_64b* readBytes) { + char* from = (char*)frm; + Payload data; + ulong_64b offset = 0; + + // Read target sizes + memcpy(&data.size, from + offset, sizeof(ulong_64b)); + offset += sizeof(ulong_64b); + memcpy(&data.keySize, from + offset, sizeof(ulong_64b)); + offset += sizeof(ulong_64b); + memcpy(&data.iv, from + offset, sizeof(AES_IV)); + offset += sizeof(AES_IV); + + // Allocate target sizes + data.ldPayload = (char*)malloc(data.size); + data.key = (char*)malloc(data.keySize); + + // Read data + memcpy(data.ldPayload, from + offset, data.size); + offset += data.size; + memcpy(data.key, from + offset, data.keySize); + offset += data.keySize; + + *readBytes = offset; + + return data; + } + // -------- AES END -------- + } + + namespace RSA { + // -------- RSA START -------- + KeyData rsa_gen_keys() { + KeyData k; + + CryptoPP::InvertibleRSAFunction params; + CryptoPP::RandomPool rng; + + time_t t = time(NULL); + rng.IncorporateEntropy((const byte*)&t, sizeof(t) * 8); + + params.GenerateRandomWithKeySize(rng, 3072); + k.privKey = CryptoPP::RSA::PrivateKey(params); + k.publKey = CryptoPP::RSA::PublicKey(params); + return k; + } + + char* serializeKey(CryptoPP::RSA::PublicKey& func, ulong_64b* rSize) { + CryptoPP::ByteQueue queue; + func.Save(queue); + //func.DEREncodePublicKey(queue); + + + byte* shortened = (byte*)malloc(*rSize=queue.TotalBytesRetrievable()); + memset(shortened, 0, *rSize); + + std::vector spk; + spk.resize(queue.TotalBytesRetrievable()); + + CryptoPP::ArraySink snk(&spk[0], spk.size()); + queue.CopyTo(snk); + + for (ulong_64b t = 0; t < spk.size(); ++t) shortened[t] = spk.at(t); + + return (char*)shortened; + } + + char* rsa_encrypt(void* msg, ulong_64b size, CryptoPP::RSA::PublicKey& pubKey, ulong_64b* resultingSize) { + char* message = (char*)msg; + CryptoPP::RandomPool rng; + + time_t t = time(NULL); + rng.IncorporateEntropy((const byte*)&t, sizeof(t) * 8); + + CryptoPP::RSAES_OAEP_SHA_Encryptor e(pubKey); + std::string cipher; + CryptoPP::StringSource s((const byte*)message, size, true, new CryptoPP::PK_EncryptorFilter(rng, e, new CryptoPP::StringSink(cipher))); + + *resultingSize = cipher.size(); + + char* c = (char*)malloc(cipher.size()); + memset(c, 0, cipher.size()); + memcpy(c, cipher.c_str(), cipher.size()); + return c; + } + + char* rsa_decrypt(void* msg, ulong_64b size, CryptoPP::RSA::PrivateKey& privKey, ulong_64b* resultingSize) { + char* message = (char*)msg; + CryptoPP::RandomPool rng; + + time_t t = time(NULL); + rng.IncorporateEntropy((const byte*)&t, sizeof(t) * 8); + + CryptoPP::RSAES_OAEP_SHA_Decryptor e(privKey); + std::string clear; + CryptoPP::StringSource s((const byte*)message, size, true, new CryptoPP::PK_DecryptorFilter(rng, e, new CryptoPP::StringSink(clear))); + + *resultingSize = clear.size(); + + char* c = (char*)malloc(clear.size()); + memset(c, 0, clear.size()); + memcpy(c, clear.c_str(), clear.size()); + return c; + } + // -------- RSA END -------- + } + + char* full_auto_encrypt(void* msg, ulong_64b mSize, CryptoPP::RSA::PublicKey& pk, ulong_64b* rSize) { + AES::Payload p = AES::aes_auto_encrypt(msg, mSize); + p.key = RSA::rsa_encrypt(p.key, p.keySize, pk, &p.keySize); + return p.serialize(rSize); + } + + char* full_auto_decrypt(void* msg, CryptoPP::RSA::PrivateKey& pk, ulong_64b* rSize) { + ulong_64b size; + AES::Payload p = AES::deserializePayload(msg, &size); + p.key = RSA::rsa_decrypt(p.key, p.keySize, pk, &p.keySize); + return AES::aes_auto_decrypt(p, rSize); + } +} \ No newline at end of file diff --git a/CPPTools/Crypto.h b/CPPTools/Crypto.h new file mode 100644 index 0000000..fc84b6b --- /dev/null +++ b/CPPTools/Crypto.h @@ -0,0 +1,69 @@ +#pragma once + +#ifndef LOGINDATA_H +#define LOGINDATA_H + +#include "ArchAbstract.h" + +#include +#include + +typedef unsigned short AES_IV_16; +typedef unsigned short AES_KEY_16; +typedef unsigned int AES_IV_32; +typedef unsigned int AES_KEY_32; + +#ifdef _AES_16_BIT +// 128 bit AES encryption + +#define _AES_BYTE_SIZE 16 + +typedef AES_IV_16 AES_IV; +typedef AES_KEY_16 AES_KEY; + +#else +// 256 bit AES encryption + +#define _AES_BYTE_SIZE 32 + +typedef AES_IV_32 AES_IV; +typedef AES_KEY_32 AES_KEY; + +#endif + +namespace Crypto { + namespace AES { + struct Payload { + ulong_64b size; // Payload metadata + ulong_64b keySize; // Key metadata + AES_IV iv; // Initialization vector + char* ldPayload; // Encrypted Data + char* key; // Encrypted AES key + char* serialize(ulong_64b*);// Serialize data to be sent over the wire :P + }; + Payload deserializePayload(void*, ulong_64b*); + char* aes_encrypt(void* message, ulong_64b size, ulong_64b* resultingSize, AES_KEY key, AES_IV iv); + char* aes_decrypt(void* message, ulong_64b size, ulong_64b* resultSize, AES_KEY key, AES_IV iv); + char* aes_auto_decrypt(Payload p, ulong_64b* resultingSize); + Payload aes_auto_encrypt(void* message, ulong_64b size); + } + + namespace RSA { + struct KeyData { + CryptoPP::RSA::PrivateKey privKey; + CryptoPP::RSA::PublicKey publKey; + }; + + char* serializeKey(CryptoPP::RSA::PublicKey&, ulong_64b* rSize); + + KeyData rsa_gen_keys(); + char* rsa_encrypt(void* message, ulong_64b size, CryptoPP::RSA::PublicKey& pubKey, ulong_64b* resultingSize); + char* rsa_decrypt(void* message, ulong_64b size, CryptoPP::RSA::PrivateKey& privKey, ulong_64b* resultingSize); + } + + char* full_auto_encrypt(void* message, ulong_64b mSize, CryptoPP::RSA::PublicKey&, ulong_64b* rSize); + char* full_auto_decrypt(void* cryptMessage, CryptoPP::RSA::PrivateKey&, ulong_64b* rSize); +} + + +#endif \ No newline at end of file diff --git a/CPPTools/Support.cpp b/CPPTools/Support.cpp new file mode 100644 index 0000000..aa3104e --- /dev/null +++ b/CPPTools/Support.cpp @@ -0,0 +1,493 @@ +#include +#include + +#include "Support.h" + +namespace Tools { + char* strappend(char* to, char* from) { + ulong_64b l, l1; + to = (char*)realloc(to, (l = strlen(to)) + (l1 = strlen(from))+1); + memcpy(to + l, from, l1); + to[l + l1] = 0; + return to; + } + + char* strappend(char* to, const char* from) { + ulong_64b l, l1; + to = (char*)realloc(to, (l = strlen(to)) + (l1 = strlen(from))+1); + memcpy(to + l, from, l1); + to[l + l1] = 0; + return to; + } + + char* strappend(const char* from, char* to) { + ulong_64b l, l1; + to = (char*)realloc(to, (l = strlen(to)) + (l1 = strlen(from))+1); + memcpy(to + l1, to, l); + memcpy(to, from, l1); + to[l + l1] = 0; + return to; + } + + char* __cdecl strappend(const char* from, const char* from1) { + ulong_64b l, l1; + char* to = (char*)malloc((l = strlen(from)) + (l1 = strlen(from1))+1); + memcpy(to, from, l); + memcpy(to + l, from1, l1); + to[l + l1] = 0; + return to; + } + + void destructivePrint(char* message, ulong_64b size) { + for (ulong_64b t = 0; t < size; ++t) std::cout << message[t]; + free(message); + } + + void destructivePrint(char* message) { + std::cout << message; + free(message); + } + + void destructivePrintln(char* message, ulong_64b size) { + destructivePrint(message, size); + std::cout << std::endl; + } + + void destructivePrintln(char* message) { + destructivePrint(message); + std::cout << std::endl; + } + + ulong_64b indexOf(char* in, char find) { + ulong_64b t = strlen(in); + for (ulong_64b t1 = 0; t1 < t; ++t1) if (in[t1] == find) return t1; + return -1; + } + + ulong_64b lastIndexOf(char* in, char find) { + ulong_64b t = strlen(in); + for (ulong_64b t1 = 0; t1 < t; ++t1) if (in[t - t1 - 1] == find) return t - t1; + return -1; + } + + char* copydata(const char* from, ulong_64b readBytes) { + char* c = (char*)malloc(readBytes); + memcpy(c, from, readBytes); + return c; + } + + char* toHexString(const void* data, ulong_64b size) { + char* c = (char*)data; + + ulong_64b lastNonZero = 0; + for (ulong_64b t = 0; t < size; ++t) if (c[t] != 0) lastNonZero = t; + if (lastNonZero == 0) return (char*)memset(malloc(1), '0', 1); + + char* c1 = (char*)malloc(lastNonZero * 2); + for (ulong_64b t = 0; t < lastNonZero; ++t) { + c1[2 * t] = (c[t]) & 15; + if (c1[(2 * t)] < 9) c1[(2 * t)] += 48; + else c1[(2 * t)] += 55; + + c1[(2 * t) + 1] = (c[t] >> 4) & 15; + if (c1[(2 * t) + 1] < 9) c1[(2 * t) + 1] += 48; + else c1[(2 * t) + 1] += 55; + } + return c1; + } + + char* toHexString(ulong_64b value) { return toHexString(&value, sizeof(value)); } + + bool isDigit(char c) { return (c > 47) && (c < 58); } + + bool isIP(char* c) { + size_t t = strlen(c); + size_t count = 0; + for (size_t t1 = 0; t1 < t; ++t1) { + if (c[t1] == '.') { + if ((t1 + 1) == t) return false; + ++count; + } + else if (!isDigit(c[t1])) return false; + if (count > 3) return false; + } + return count == 3; + } + + bool isNumber(char* c) { + for (size_t t = strlen(c); t > 0; --t) if (!isDigit(c[t - 1])) return false; + return true; + } +} + +namespace IO { + + bool cryptoLevelsAreCompatible(CryptoLevel l1, CryptoLevel l2) { + return !(((l1 == CryptoLevel::None) && (l2 == CryptoLevel::Force)) || ((l2 == CryptoLevel::None) && (l1 == CryptoLevel::Force))); + } + + char* __cdecl readSparse(std::vector* sparse, ulong_64b rSize, bool pop = true) { + if (sparse->size() < rSize) throw new _exception(); // This should never happen if function is used correctly + char* c = new char[rSize]; + for (ulong_64b b = 0; b < rSize; ++b) c[b] = sparse->at(b); + if(pop) sparse->erase(sparse->begin(), sparse->begin() + rSize); + return c; + } + + bool hasFullMessage(std::vector *sparse) { + if (sparse->size() < sizeof(ulong_64b)) return false; + ulong_64b size = 0; + char* c = readSparse(sparse, sizeof(ulong_64b), false); + memcpy(&size, c, sizeof(ulong_64b)); + delete[] c; + return sparse->size() >= (size + sizeof(ulong_64b)); + } + + + + void NetClient::sharedSetup() { + if (preferEncrypted != CryptoLevel::None) keys = Crypto::RSA::rsa_gen_keys(); + packets = new std::vector(); + sparse = new std::vector(); + outPacketBuf = new std::vector(); + _open = true; + canWrite = true; + evt = nullptr; + char cryptoPref = static_cast(preferEncrypted); + if(send(_socket, &cryptoPref, 1, 0)==SOCKET_ERROR) throw new _exception(); // Cannot establish connection :( + //_write(&cryptoPref, 1); + if (!noThread) listener = std::thread([this]() { while(_open) { update(); Sleep(25); } }); // Setup separate thread for reading new data + } + NetClient::NetClient(char* ipAddr, char* port, CryptoLevel preferEncrypted) : + commTime(time(nullptr)), preferEncrypted(preferEncrypted), startNegotiate(false) + { + _socket = INVALID_SOCKET; + this->noThread = false; + + WSADATA wsaData; + int iResult = WSAStartup(MAKEWORD(2, 2), &wsaData); + if (iResult != 0) throw new _exception(); + + + struct addrinfo *result = NULL, *ptr = NULL, hints; + + ZeroMemory(&hints, sizeof(hints)); + hints.ai_family = AF_INET; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + + iResult = getaddrinfo(ipAddr, port, &hints, &result); + + if (iResult) throw new _exception(); + + for (ptr = result; ptr != NULL; ptr = ptr->ai_next) { + + // Create a SOCKET for connecting to server + _socket = socket(ptr->ai_family, ptr->ai_socktype, ptr->ai_protocol); + if (_socket == INVALID_SOCKET) { + throw new _exception(); + } + + // Connect to server. + iResult = connect(_socket, ptr->ai_addr, (int)ptr->ai_addrlen); + if (iResult == SOCKET_ERROR) { + closesocket(_socket); + _socket = INVALID_SOCKET; + continue; + } + break; + } + + freeaddrinfo(result); + + if (_socket == INVALID_SOCKET) throw new _exception(); + + sharedSetup(); + } + + NetClient::NetClient(SOCKET wrap, bool noThread, Crypto::RSA::KeyData& keys, CryptoLevel preferEncrypted, bool startNegotiate) : + commTime(time(nullptr)), preferEncrypted(preferEncrypted), startNegotiate(startNegotiate) + { + _socket = wrap; + this->noThread = noThread; + sharedSetup(); + } + + NetClient::~NetClient() { + packets->clear(); + delete packets; + sparse->clear(); + delete sparse; + if (isOpen()) close(); + } + bool NetClient::close() { + bool result = !_open; + _open = false; + result &= (SOCKET_ERROR==shutdown(_socket, SD_BOTH)); + closesocket(_socket); + return result; + } + void NetClient::closeWrite() { + shutdown(_socket, SD_SEND); + canWrite = false; + } + bool NetClient::_write(char* message, ulong_64b size) { + int i; + char* c = new char[sizeof(ulong_64b)]; + memcpy(c, &size, sizeof(ulong_64b)); + for (ulong_64b wIdx = 0; wIdx < sizeof(ulong_64b); ++wIdx) { + if ((i = send(_socket, c + wIdx, 1, 0)) == SOCKET_ERROR) return false; + else if (i == 0) --wIdx; + } + for (ulong_64b wIdx = 0; wIdx < size; ++wIdx) { + if ((i = send(_socket, message + wIdx, 1, 0)) == SOCKET_ERROR) return false; + else if (i == 0) --wIdx; + } + return true; + } + bool NetClient::write(void* message, ulong_64b size) { + if (firstMessage) { + Packet p; + p.message = (char*)message; + p.size = size; + outPacketBuf->push_back(p); + return true; + } + if (!canWrite) return false; + char* msg = encrypted?Crypto::full_auto_encrypt(message, size, pK, &size):(char*)message; + _write(msg, size); + if (encrypted) delete[] msg; + return true; + } + bool NetClient::write(char* message) { return write(message, strlen(message)); } + bool NetClient::writeBufferedPackets() { + for (size_t t = 0; t < outPacketBuf->size(); ++t) if (!write(outPacketBuf->at(t).message, outPacketBuf->at(t).size)) { delete outPacketBuf; return false; }; + delete outPacketBuf; + return true; + } + Packet NetClient::read() { + if (packets->size() != 0) { + Packet p = packets->at(0); + packets->erase(packets->begin(), packets->begin()+1); // Delete first buffered packet + return p; + } + throw new _exception(); // No packets available! + } + void NetClient::setEventHandler(std::function _ev) { + evt = _ev; + + // Process unhandled packets + if (evt != nullptr) + for (size_t t = packets->size(); t > 0; --t) { + Packet p = packets->at(t - 1); + packets->pop_back(); + evt(this, p); + } + } + bool NetClient::isEncrypted() { return encrypted; } + void NetClient::update() { + int iResult = 0; + unsigned long rCount; + int rdErr = ioctlsocket(_socket, FIONREAD, &rCount); + if (rdErr == SOCKET_ERROR) throw new _exception(); // Error using socket :( + if (rCount > 0) { + iResult = recv(_socket, rBuf, BUFSIZE, 0); + if (iResult > 0) + for (int i = 0; i < iResult; ++i) + if (sparse->size() < BUF_2_MAX) + sparse->push_back(rBuf[i]); // Drop anything over the absolute max + } + while (!firstMessage && hasFullMessage(sparse)) { + Packet p; + char* size = readSparse(sparse, sizeof(ulong_64b)); + memcpy(&p.size, size, sizeof(ulong_64b)); + delete[] size; + p.message = readSparse(sparse, p.size); + if (encrypted) p.message = Crypto::full_auto_decrypt(p.message, keys.privKey, &p.size); + if(evt==nullptr) packets->push_back(p); + else evt(this, p); // Notify event handler of a new packet + } + if (iResult > 0) { + if (firstMessage) { + if (!fm_neg_hasLevel && sparse->size() >= 1) { + fm_neg_hasLevel = true; + char* readCrypt = readSparse(sparse, 1); + CryptoLevel lvl = static_cast(*readCrypt); + free(readCrypt); + if (cryptoLevelsAreCompatible(lvl, preferEncrypted)) { + // Determine whether or not to use encryption + encrypted = (preferEncrypted == CryptoLevel::Force) || (lvl == CryptoLevel::Force) || ((preferEncrypted == CryptoLevel::Prefer) && (lvl == CryptoLevel::Prefer)); + + if (!encrypted) { + firstMessage = false; // We're done here. No need to try to get a public key for an unencrypted channel + writeBufferedPackets(); + } + else { + ulong_64b size; + char* c = Crypto::RSA::serializeKey(keys.publKey, &size); + _write(c, size); // This shouldn't be encrypted + delete[] c; + } + } + else throw new _exception(); // Incompatible cryptographic requirements! + } + if (fm_neg_hasLevel && !fm_neg_hasSize && encrypted && sparse->size() >= sizeof(ulong_64b)) { + fm_neg_hasSize = true; + char* readSize = readSparse(sparse, sizeof(ulong_64b)); + + fm_neg_size = 0; + memcpy(&fm_neg_size, readSize, sizeof(ulong_64b)); + free(readSize); + } + if (fm_neg_hasSize && sparse->size() >= fm_neg_size) { + char* msg = readSparse(sparse, fm_neg_size); + + CryptoPP::StringSource src((const byte*)msg, fm_neg_size, true); + pK.Load(src); + + firstMessage = false; + writeBufferedPackets(); + } + } + }else if (iResult < 0 && _open) { + _open = false; + close(); + } + } + bool NetClient::isOpen() { return _open; } + + void NetClient::setOnDestroy(std::function call) { onDestroy = call; } + + ulong_64b NetClient::available() { return packets->size(); } + + + + bool NetServer::close() { + if (!_open) return false; + _open = false; + for (ulong_64b t = clients->size(); t > 0; --t) { + NetClient* s = clients->at(t-1); + s->close(); + clients->pop_back(); + delete s; + } + return true; + } + + NetServer::NetServer(char* port, std::function f=nullptr, CryptoLevel pref=CryptoLevel::None) : pref(pref) { + if (pref != CryptoLevel::None) keys = Crypto::RSA::rsa_gen_keys(); + _open = true; + timeoutHandler = NULL; + onDestroy = NULL; + handlers = new std::vector >(); + if (f != NULL) handlers->push_back(f); + clients = new std::vector(); + clientListener = std::thread([this, port]() { + SOCKET _server; + WSADATA wsaData; + int iResult; + + struct addrinfo *result = NULL; + struct addrinfo hints; + + // Initialize Winsock + iResult = WSAStartup(MAKEWORD(2, 2), &wsaData); + if (iResult != 0) throw new _exception(); + + + ZeroMemory(&hints, sizeof(hints)); + hints.ai_family = AF_INET; + hints.ai_socktype = SOCK_STREAM; + hints.ai_protocol = IPPROTO_TCP; + hints.ai_flags = AI_PASSIVE; + + // Resolve the server address and port + iResult = getaddrinfo(NULL, port, &hints, &result); + if (iResult) { + throw new _exception(); + } + + // Create a SOCKET for connecting to server + _server = socket(result->ai_family, result->ai_socktype, result->ai_protocol); + if (_server == INVALID_SOCKET) { + freeaddrinfo(result); + throw new _exception(); + } + + // Setup the TCP listening socket + iResult = bind(_server, result->ai_addr, (int)result->ai_addrlen); + if (iResult == SOCKET_ERROR) { + freeaddrinfo(result); + closesocket(_server); + throw new _exception(); // Can't be fucked to deal with errors + } + if (listen(_server, 20) == SOCKET_ERROR) { // 20 is the backlog amount, i.e. amount of connections Windows will accept if program is busy and can't accept atm. + closesocket(_server); + throw new _exception(); + } + timeval t; + t.tv_sec = 0; + t.tv_usec = 5000; + do { + fd_set connecting; + connecting.fd_count = 1; + connecting.fd_array[0] = _server; + int i = select(NULL, &connecting, NULL, NULL, &t); // Check for new clients + if (i == SOCKET_ERROR) { + throw new _exception(); + } + if (connecting.fd_count > 0) { // This checks if any new clients are tryig to connect. If not, don't block to await one; just continue to update clients + SOCKET client = accept(_server, NULL, NULL); + if (client == INVALID_SOCKET) { + closesocket(_server); + if (_open) throw new _exception(); + else break; + } + NetClient* cli = new NetClient(client, true, keys, this->pref, false); + clients->push_back(cli); + for (ulong_64b t = 0; t < handlers->size(); ++t) + if (handlers->at(t)(cli)) + break; + + } + updateClients(); + } while (_open); + closesocket(_server); + close(); + }); + + } + + NetServer::~NetServer() { + if (_open) close(); + handlers->clear(); + delete handlers; + clients->clear(); + delete clients; + onDestroy(); + } + + void NetServer::addHandler(std::function evtH) { + handlers->push_back(evtH); + } + + void NetServer::clearHandlers() { + handlers->clear(); + } + + void NetServer::updateClients() { + for (ulong_64b t = clients->size(); t > 0; --t) { + NetClient* c = clients->at(t-1); + if (!c->isOpen() || (timeoutHandler != NULL && !timeoutHandler(c))) { + clients->erase(clients->begin() + t - 1, clients->begin() + t); + c->close(); + } + else c->update(); + } + } + CryptoLevel NetServer::getCryptoPreference() { return pref; } + + bool NetServer::isOpen() { return _open; } + + void NetServer::setOnDestroy(std::function call) { onDestroy = call; } +} \ No newline at end of file diff --git a/CPPTools/Support.h b/CPPTools/Support.h new file mode 100644 index 0000000..1aae9d1 --- /dev/null +++ b/CPPTools/Support.h @@ -0,0 +1,134 @@ +#pragma once + +#ifndef _SUPPORT_H +#define _SUPPORT_H + +#ifdef _SUPPORT_SMALL_BUF +#define BUFSIZE 512 +#define BUF_2_MAX 2048 +#else +#define BUFSIZE 16384 +#define BUF_2_MAX 16384 +#endif + +#define WIN32_LEAN_AND_MEAN + +#include "ArchAbstract.h" + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include "Crypto.h" + + +namespace Tools { + char* strappend(char*, char*); + char* strappend(char*, const char*); + char* strappend(const char*, char*); + char* strappend(const char*, const char*); + void destructivePrint(char* message, ulong_64b size); + void destructivePrint(char* message); + void destructivePrintln(char* message, ulong_64b size); + void destructivePrintln(char* message); + ulong_64b indexOf(char*, char); + ulong_64b lastIndexOf(char*, char); + char* copydata(const char*, ulong_64b); + char* toHexString(const void* data, ulong_64b size); + char* toHexString(ulong_64b value); + bool isDigit(char c); + bool isNumber(char* c); + bool isIP(char* c); +} + +namespace IO { + + enum CryptoLevel { None, Prefer, Force }; + + struct Packet { + ulong_64b size; + char* message; + }; + + class NetServer; + class NetClient { + friend class NetServer; // Allow NetServer to access all members of NetClient + + private: + volatile bool _open; // Whether or not connection is open + bool canWrite; // Whether or not writing to peer is possible + bool noThread; // Whether or not reading incoming data should be / is being done in a separate thread + char rBuf[BUFSIZE]; // Recieve buffer + CryptoLevel preferEncrypted = CryptoLevel::None;// Whether or not the socket should attempt to request an encrypted channel + bool encrypted = false; // Whether or not negotiation determined the use of an encrypted channel + bool firstMessage = true; // Whether or not negotiation has yet ocurred + ulong_64b fm_neg_size; + bool fm_neg_hasLevel = false; + bool fm_neg_hasSize = false; + bool startNegotiate = false; + std::vector* sparse; + std::vector* outPacketBuf; + Crypto::RSA::KeyData keys; // Client's keysets (if using encryption) + CryptoPP::RSAFunction pK; // Remote host's public key (if using encryption) + + NetClient(SOCKET, bool, CryptoLevel, bool);// Special setup constructor + NetClient(SOCKET, bool, Crypto::RSA::KeyData&, CryptoLevel = CryptoLevel::None, bool = false);// Create wrapper for existing socket + void sharedSetup(); // Setup function for all constructor + bool _write(char*, ulong_64b); // Internal write function. Doesn't do any of the fancy auto encryption: just raw write... + bool writeBufferedPackets(); // Flushes and deletes buffer + void update(); // Read incoming data and store in buffers + protected: + std::thread listener; // Incoming data listener (optional) + SOCKET _socket; // Underlying socket used for communication + std::vector* packets; // Basically a set containing a backlog of unprocessed data. Will oly be used if event handler doesn't exist + std::function evt; // New data event handler + std::function onDestroy; // Event handler called when NetClient object is destroyed + public: + time_t commTime; // Latest time a transaction occurred + std::vector associatedData; + NetClient(char* ipAddr, char* port, CryptoLevel = CryptoLevel::None);// Standard constructor for creating connection + ~NetClient(); + bool close(); + void closeWrite(); + bool isEncrypted(); + size_t getBOPCount(); // Should return the amount of buffered packets to be sent to server + bool write(void* message, ulong_64b size); + bool write(char* message); + Packet read(); + void setEventHandler(std::function); // Register a callback that is guaranteed to be called when the socket has at least one unprocessed packet + void setOnDestroy(std::function); + bool isOpen(); + ulong_64b available(); + }; + + class NetServer { + friend class NetClient; + private: + CryptoLevel pref; + Crypto::RSA::KeyData keys; // Server's keysets (if using encryption) + + std::function onDestroy; + volatile bool _open; + void updateClients(); + protected: + std::thread clientListener; + std::vector>* handlers; + std::vector* clients; + public: + std::function timeoutHandler; + NetServer(char* port, std::function, CryptoLevel); + ~NetServer(); + bool isOpen(); + CryptoLevel getCryptoPreference(); + void addHandler(std::function); + void clearHandlers(); + void setOnDestroy(std::function); + bool close(); + }; +} +#endif \ No newline at end of file diff --git a/CPPTools/Test.cpp b/CPPTools/Test.cpp new file mode 100644 index 0000000..3c37c46 --- /dev/null +++ b/CPPTools/Test.cpp @@ -0,0 +1,17 @@ +#include "Support.h" +#include + +int main() { + std::vector* sparse = new std::vector(); + + sparse->push_back(1); + sparse->push_back(2); + sparse->push_back(3); + + std::cout << sparse->size() << std::endl; + + sparse->erase(sparse->begin(), sparse->begin()+sparse->size()); + + std::cout << sparse->size() << std::endl; + std::cin.ignore(); +} \ No newline at end of file diff --git a/CPPTools/Tools.h b/CPPTools/Tools.h new file mode 100644 index 0000000..eaf0a9e --- /dev/null +++ b/CPPTools/Tools.h @@ -0,0 +1,5 @@ +#pragma once + +#include "Crypto.h" +#include "Support.h" +#include "ArchAbstract.h" \ No newline at end of file diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..9cecc1d --- /dev/null +++ b/LICENSE @@ -0,0 +1,674 @@ + GNU GENERAL PUBLIC LICENSE + Version 3, 29 June 2007 + + Copyright (C) 2007 Free Software Foundation, Inc. + Everyone is permitted to copy and distribute verbatim copies + of this license document, but changing it is not allowed. + + Preamble + + The GNU General Public License is a free, copyleft license for +software and other kinds of works. + + The licenses for most software and other practical works are designed +to take away your freedom to share and change the works. By contrast, +the GNU General Public License is intended to guarantee your freedom to +share and change all versions of a program--to make sure it remains free +software for all its users. We, the Free Software Foundation, use the +GNU General Public License for most of our software; it applies also to +any other work released this way by its authors. You can apply it to +your programs, too. + + When we speak of free software, we are referring to freedom, not +price. Our General Public Licenses are designed to make sure that you +have the freedom to distribute copies of free software (and charge for +them if you wish), that you receive source code or can get it if you +want it, that you can change the software or use pieces of it in new +free programs, and that you know you can do these things. + + To protect your rights, we need to prevent others from denying you +these rights or asking you to surrender the rights. Therefore, you have +certain responsibilities if you distribute copies of the software, or if +you modify it: responsibilities to respect the freedom of others. + + For example, if you distribute copies of such a program, whether +gratis or for a fee, you must pass on to the recipients the same +freedoms that you received. You must make sure that they, too, receive +or can get the source code. And you must show them these terms so they +know their rights. + + Developers that use the GNU GPL protect your rights with two steps: +(1) assert copyright on the software, and (2) offer you this License +giving you legal permission to copy, distribute and/or modify it. + + For the developers' and authors' protection, the GPL clearly explains +that there is no warranty for this free software. For both users' and +authors' sake, the GPL requires that modified versions be marked as +changed, so that their problems will not be attributed erroneously to +authors of previous versions. + + Some devices are designed to deny users access to install or run +modified versions of the software inside them, although the manufacturer +can do so. This is fundamentally incompatible with the aim of +protecting users' freedom to change the software. The systematic +pattern of such abuse occurs in the area of products for individuals to +use, which is precisely where it is most unacceptable. Therefore, we +have designed this version of the GPL to prohibit the practice for those +products. If such problems arise substantially in other domains, we +stand ready to extend this provision to those domains in future versions +of the GPL, as needed to protect the freedom of users. + + Finally, every program is threatened constantly by software patents. +States should not allow patents to restrict development and use of +software on general-purpose computers, but in those that do, we wish to +avoid the special danger that patents applied to a free program could +make it effectively proprietary. To prevent this, the GPL assures that +patents cannot be used to render the program non-free. + + The precise terms and conditions for copying, distribution and +modification follow. + + TERMS AND CONDITIONS + + 0. Definitions. + + "This License" refers to version 3 of the GNU General Public License. + + "Copyright" also means copyright-like laws that apply to other kinds of +works, such as semiconductor masks. + + "The Program" refers to any copyrightable work licensed under this +License. Each licensee is addressed as "you". "Licensees" and +"recipients" may be individuals or organizations. + + To "modify" a work means to copy from or adapt all or part of the work +in a fashion requiring copyright permission, other than the making of an +exact copy. The resulting work is called a "modified version" of the +earlier work or a work "based on" the earlier work. + + A "covered work" means either the unmodified Program or a work based +on the Program. + + To "propagate" a work means to do anything with it that, without +permission, would make you directly or secondarily liable for +infringement under applicable copyright law, except executing it on a +computer or modifying a private copy. Propagation includes copying, +distribution (with or without modification), making available to the +public, and in some countries other activities as well. + + To "convey" a work means any kind of propagation that enables other +parties to make or receive copies. Mere interaction with a user through +a computer network, with no transfer of a copy, is not conveying. + + An interactive user interface displays "Appropriate Legal Notices" +to the extent that it includes a convenient and prominently visible +feature that (1) displays an appropriate copyright notice, and (2) +tells the user that there is no warranty for the work (except to the +extent that warranties are provided), that licensees may convey the +work under this License, and how to view a copy of this License. If +the interface presents a list of user commands or options, such as a +menu, a prominent item in the list meets this criterion. + + 1. Source Code. + + The "source code" for a work means the preferred form of the work +for making modifications to it. "Object code" means any non-source +form of a work. + + A "Standard Interface" means an interface that either is an official +standard defined by a recognized standards body, or, in the case of +interfaces specified for a particular programming language, one that +is widely used among developers working in that language. + + The "System Libraries" of an executable work include anything, other +than the work as a whole, that (a) is included in the normal form of +packaging a Major Component, but which is not part of that Major +Component, and (b) serves only to enable use of the work with that +Major Component, or to implement a Standard Interface for which an +implementation is available to the public in source code form. A +"Major Component", in this context, means a major essential component +(kernel, window system, and so on) of the specific operating system +(if any) on which the executable work runs, or a compiler used to +produce the work, or an object code interpreter used to run it. + + The "Corresponding Source" for a work in object code form means all +the source code needed to generate, install, and (for an executable +work) run the object code and to modify the work, including scripts to +control those activities. However, it does not include the work's +System Libraries, or general-purpose tools or generally available free +programs which are used unmodified in performing those activities but +which are not part of the work. For example, Corresponding Source +includes interface definition files associated with source files for +the work, and the source code for shared libraries and dynamically +linked subprograms that the work is specifically designed to require, +such as by intimate data communication or control flow between those +subprograms and other parts of the work. + + The Corresponding Source need not include anything that users +can regenerate automatically from other parts of the Corresponding +Source. + + The Corresponding Source for a work in source code form is that +same work. + + 2. Basic Permissions. + + All rights granted under this License are granted for the term of +copyright on the Program, and are irrevocable provided the stated +conditions are met. This License explicitly affirms your unlimited +permission to run the unmodified Program. The output from running a +covered work is covered by this License only if the output, given its +content, constitutes a covered work. This License acknowledges your +rights of fair use or other equivalent, as provided by copyright law. + + You may make, run and propagate covered works that you do not +convey, without conditions so long as your license otherwise remains +in force. You may convey covered works to others for the sole purpose +of having them make modifications exclusively for you, or provide you +with facilities for running those works, provided that you comply with +the terms of this License in conveying all material for which you do +not control copyright. Those thus making or running the covered works +for you must do so exclusively on your behalf, under your direction +and control, on terms that prohibit them from making any copies of +your copyrighted material outside their relationship with you. + + Conveying under any other circumstances is permitted solely under +the conditions stated below. Sublicensing is not allowed; section 10 +makes it unnecessary. + + 3. Protecting Users' Legal Rights From Anti-Circumvention Law. + + No covered work shall be deemed part of an effective technological +measure under any applicable law fulfilling obligations under article +11 of the WIPO copyright treaty adopted on 20 December 1996, or +similar laws prohibiting or restricting circumvention of such +measures. + + When you convey a covered work, you waive any legal power to forbid +circumvention of technological measures to the extent such circumvention +is effected by exercising rights under this License with respect to +the covered work, and you disclaim any intention to limit operation or +modification of the work as a means of enforcing, against the work's +users, your or third parties' legal rights to forbid circumvention of +technological measures. + + 4. Conveying Verbatim Copies. + + You may convey verbatim copies of the Program's source code as you +receive it, in any medium, provided that you conspicuously and +appropriately publish on each copy an appropriate copyright notice; +keep intact all notices stating that this License and any +non-permissive terms added in accord with section 7 apply to the code; +keep intact all notices of the absence of any warranty; and give all +recipients a copy of this License along with the Program. + + You may charge any price or no price for each copy that you convey, +and you may offer support or warranty protection for a fee. + + 5. Conveying Modified Source Versions. + + You may convey a work based on the Program, or the modifications to +produce it from the Program, in the form of source code under the +terms of section 4, provided that you also meet all of these conditions: + + a) The work must carry prominent notices stating that you modified + it, and giving a relevant date. + + b) The work must carry prominent notices stating that it is + released under this License and any conditions added under section + 7. This requirement modifies the requirement in section 4 to + "keep intact all notices". + + c) You must license the entire work, as a whole, under this + License to anyone who comes into possession of a copy. This + License will therefore apply, along with any applicable section 7 + additional terms, to the whole of the work, and all its parts, + regardless of how they are packaged. This License gives no + permission to license the work in any other way, but it does not + invalidate such permission if you have separately received it. + + d) If the work has interactive user interfaces, each must display + Appropriate Legal Notices; however, if the Program has interactive + interfaces that do not display Appropriate Legal Notices, your + work need not make them do so. + + A compilation of a covered work with other separate and independent +works, which are not by their nature extensions of the covered work, +and which are not combined with it such as to form a larger program, +in or on a volume of a storage or distribution medium, is called an +"aggregate" if the compilation and its resulting copyright are not +used to limit the access or legal rights of the compilation's users +beyond what the individual works permit. Inclusion of a covered work +in an aggregate does not cause this License to apply to the other +parts of the aggregate. + + 6. Conveying Non-Source Forms. + + You may convey a covered work in object code form under the terms +of sections 4 and 5, provided that you also convey the +machine-readable Corresponding Source under the terms of this License, +in one of these ways: + + a) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by the + Corresponding Source fixed on a durable physical medium + customarily used for software interchange. + + b) Convey the object code in, or embodied in, a physical product + (including a physical distribution medium), accompanied by a + written offer, valid for at least three years and valid for as + long as you offer spare parts or customer support for that product + model, to give anyone who possesses the object code either (1) a + copy of the Corresponding Source for all the software in the + product that is covered by this License, on a durable physical + medium customarily used for software interchange, for a price no + more than your reasonable cost of physically performing this + conveying of source, or (2) access to copy the + Corresponding Source from a network server at no charge. + + c) Convey individual copies of the object code with a copy of the + written offer to provide the Corresponding Source. This + alternative is allowed only occasionally and noncommercially, and + only if you received the object code with such an offer, in accord + with subsection 6b. + + d) Convey the object code by offering access from a designated + place (gratis or for a charge), and offer equivalent access to the + Corresponding Source in the same way through the same place at no + further charge. You need not require recipients to copy the + Corresponding Source along with the object code. If the place to + copy the object code is a network server, the Corresponding Source + may be on a different server (operated by you or a third party) + that supports equivalent copying facilities, provided you maintain + clear directions next to the object code saying where to find the + Corresponding Source. Regardless of what server hosts the + Corresponding Source, you remain obligated to ensure that it is + available for as long as needed to satisfy these requirements. + + e) Convey the object code using peer-to-peer transmission, provided + you inform other peers where the object code and Corresponding + Source of the work are being offered to the general public at no + charge under subsection 6d. + + A separable portion of the object code, whose source code is excluded +from the Corresponding Source as a System Library, need not be +included in conveying the object code work. + + A "User Product" is either (1) a "consumer product", which means any +tangible personal property which is normally used for personal, family, +or household purposes, or (2) anything designed or sold for incorporation +into a dwelling. In determining whether a product is a consumer product, +doubtful cases shall be resolved in favor of coverage. For a particular +product received by a particular user, "normally used" refers to a +typical or common use of that class of product, regardless of the status +of the particular user or of the way in which the particular user +actually uses, or expects or is expected to use, the product. A product +is a consumer product regardless of whether the product has substantial +commercial, industrial or non-consumer uses, unless such uses represent +the only significant mode of use of the product. + + "Installation Information" for a User Product means any methods, +procedures, authorization keys, or other information required to install +and execute modified versions of a covered work in that User Product from +a modified version of its Corresponding Source. The information must +suffice to ensure that the continued functioning of the modified object +code is in no case prevented or interfered with solely because +modification has been made. + + If you convey an object code work under this section in, or with, or +specifically for use in, a User Product, and the conveying occurs as +part of a transaction in which the right of possession and use of the +User Product is transferred to the recipient in perpetuity or for a +fixed term (regardless of how the transaction is characterized), the +Corresponding Source conveyed under this section must be accompanied +by the Installation Information. But this requirement does not apply +if neither you nor any third party retains the ability to install +modified object code on the User Product (for example, the work has +been installed in ROM). + + The requirement to provide Installation Information does not include a +requirement to continue to provide support service, warranty, or updates +for a work that has been modified or installed by the recipient, or for +the User Product in which it has been modified or installed. Access to a +network may be denied when the modification itself materially and +adversely affects the operation of the network or violates the rules and +protocols for communication across the network. + + Corresponding Source conveyed, and Installation Information provided, +in accord with this section must be in a format that is publicly +documented (and with an implementation available to the public in +source code form), and must require no special password or key for +unpacking, reading or copying. + + 7. Additional Terms. + + "Additional permissions" are terms that supplement the terms of this +License by making exceptions from one or more of its conditions. +Additional permissions that are applicable to the entire Program shall +be treated as though they were included in this License, to the extent +that they are valid under applicable law. If additional permissions +apply only to part of the Program, that part may be used separately +under those permissions, but the entire Program remains governed by +this License without regard to the additional permissions. + + When you convey a copy of a covered work, you may at your option +remove any additional permissions from that copy, or from any part of +it. (Additional permissions may be written to require their own +removal in certain cases when you modify the work.) You may place +additional permissions on material, added by you to a covered work, +for which you have or can give appropriate copyright permission. + + Notwithstanding any other provision of this License, for material you +add to a covered work, you may (if authorized by the copyright holders of +that material) supplement the terms of this License with terms: + + a) Disclaiming warranty or limiting liability differently from the + terms of sections 15 and 16 of this License; or + + b) Requiring preservation of specified reasonable legal notices or + author attributions in that material or in the Appropriate Legal + Notices displayed by works containing it; or + + c) Prohibiting misrepresentation of the origin of that material, or + requiring that modified versions of such material be marked in + reasonable ways as different from the original version; or + + d) Limiting the use for publicity purposes of names of licensors or + authors of the material; or + + e) Declining to grant rights under trademark law for use of some + trade names, trademarks, or service marks; or + + f) Requiring indemnification of licensors and authors of that + material by anyone who conveys the material (or modified versions of + it) with contractual assumptions of liability to the recipient, for + any liability that these contractual assumptions directly impose on + those licensors and authors. + + All other non-permissive additional terms are considered "further +restrictions" within the meaning of section 10. If the Program as you +received it, or any part of it, contains a notice stating that it is +governed by this License along with a term that is a further +restriction, you may remove that term. If a license document contains +a further restriction but permits relicensing or conveying under this +License, you may add to a covered work material governed by the terms +of that license document, provided that the further restriction does +not survive such relicensing or conveying. + + If you add terms to a covered work in accord with this section, you +must place, in the relevant source files, a statement of the +additional terms that apply to those files, or a notice indicating +where to find the applicable terms. + + Additional terms, permissive or non-permissive, may be stated in the +form of a separately written license, or stated as exceptions; +the above requirements apply either way. + + 8. Termination. + + You may not propagate or modify a covered work except as expressly +provided under this License. Any attempt otherwise to propagate or +modify it is void, and will automatically terminate your rights under +this License (including any patent licenses granted under the third +paragraph of section 11). + + However, if you cease all violation of this License, then your +license from a particular copyright holder is reinstated (a) +provisionally, unless and until the copyright holder explicitly and +finally terminates your license, and (b) permanently, if the copyright +holder fails to notify you of the violation by some reasonable means +prior to 60 days after the cessation. + + Moreover, your license from a particular copyright holder is +reinstated permanently if the copyright holder notifies you of the +violation by some reasonable means, this is the first time you have +received notice of violation of this License (for any work) from that +copyright holder, and you cure the violation prior to 30 days after +your receipt of the notice. + + Termination of your rights under this section does not terminate the +licenses of parties who have received copies or rights from you under +this License. If your rights have been terminated and not permanently +reinstated, you do not qualify to receive new licenses for the same +material under section 10. + + 9. Acceptance Not Required for Having Copies. + + You are not required to accept this License in order to receive or +run a copy of the Program. Ancillary propagation of a covered work +occurring solely as a consequence of using peer-to-peer transmission +to receive a copy likewise does not require acceptance. However, +nothing other than this License grants you permission to propagate or +modify any covered work. These actions infringe copyright if you do +not accept this License. Therefore, by modifying or propagating a +covered work, you indicate your acceptance of this License to do so. + + 10. Automatic Licensing of Downstream Recipients. + + Each time you convey a covered work, the recipient automatically +receives a license from the original licensors, to run, modify and +propagate that work, subject to this License. You are not responsible +for enforcing compliance by third parties with this License. + + An "entity transaction" is a transaction transferring control of an +organization, or substantially all assets of one, or subdividing an +organization, or merging organizations. If propagation of a covered +work results from an entity transaction, each party to that +transaction who receives a copy of the work also receives whatever +licenses to the work the party's predecessor in interest had or could +give under the previous paragraph, plus a right to possession of the +Corresponding Source of the work from the predecessor in interest, if +the predecessor has it or can get it with reasonable efforts. + + You may not impose any further restrictions on the exercise of the +rights granted or affirmed under this License. For example, you may +not impose a license fee, royalty, or other charge for exercise of +rights granted under this License, and you may not initiate litigation +(including a cross-claim or counterclaim in a lawsuit) alleging that +any patent claim is infringed by making, using, selling, offering for +sale, or importing the Program or any portion of it. + + 11. Patents. + + A "contributor" is a copyright holder who authorizes use under this +License of the Program or a work on which the Program is based. The +work thus licensed is called the contributor's "contributor version". + + A contributor's "essential patent claims" are all patent claims +owned or controlled by the contributor, whether already acquired or +hereafter acquired, that would be infringed by some manner, permitted +by this License, of making, using, or selling its contributor version, +but do not include claims that would be infringed only as a +consequence of further modification of the contributor version. For +purposes of this definition, "control" includes the right to grant +patent sublicenses in a manner consistent with the requirements of +this License. + + Each contributor grants you a non-exclusive, worldwide, royalty-free +patent license under the contributor's essential patent claims, to +make, use, sell, offer for sale, import and otherwise run, modify and +propagate the contents of its contributor version. + + In the following three paragraphs, a "patent license" is any express +agreement or commitment, however denominated, not to enforce a patent +(such as an express permission to practice a patent or covenant not to +sue for patent infringement). To "grant" such a patent license to a +party means to make such an agreement or commitment not to enforce a +patent against the party. + + If you convey a covered work, knowingly relying on a patent license, +and the Corresponding Source of the work is not available for anyone +to copy, free of charge and under the terms of this License, through a +publicly available network server or other readily accessible means, +then you must either (1) cause the Corresponding Source to be so +available, or (2) arrange to deprive yourself of the benefit of the +patent license for this particular work, or (3) arrange, in a manner +consistent with the requirements of this License, to extend the patent +license to downstream recipients. "Knowingly relying" means you have +actual knowledge that, but for the patent license, your conveying the +covered work in a country, or your recipient's use of the covered work +in a country, would infringe one or more identifiable patents in that +country that you have reason to believe are valid. + + If, pursuant to or in connection with a single transaction or +arrangement, you convey, or propagate by procuring conveyance of, a +covered work, and grant a patent license to some of the parties +receiving the covered work authorizing them to use, propagate, modify +or convey a specific copy of the covered work, then the patent license +you grant is automatically extended to all recipients of the covered +work and works based on it. + + A patent license is "discriminatory" if it does not include within +the scope of its coverage, prohibits the exercise of, or is +conditioned on the non-exercise of one or more of the rights that are +specifically granted under this License. You may not convey a covered +work if you are a party to an arrangement with a third party that is +in the business of distributing software, under which you make payment +to the third party based on the extent of your activity of conveying +the work, and under which the third party grants, to any of the +parties who would receive the covered work from you, a discriminatory +patent license (a) in connection with copies of the covered work +conveyed by you (or copies made from those copies), or (b) primarily +for and in connection with specific products or compilations that +contain the covered work, unless you entered into that arrangement, +or that patent license was granted, prior to 28 March 2007. + + Nothing in this License shall be construed as excluding or limiting +any implied license or other defenses to infringement that may +otherwise be available to you under applicable patent law. + + 12. No Surrender of Others' Freedom. + + If conditions are imposed on you (whether by court order, agreement or +otherwise) that contradict the conditions of this License, they do not +excuse you from the conditions of this License. If you cannot convey a +covered work so as to satisfy simultaneously your obligations under this +License and any other pertinent obligations, then as a consequence you may +not convey it at all. For example, if you agree to terms that obligate you +to collect a royalty for further conveying from those to whom you convey +the Program, the only way you could satisfy both those terms and this +License would be to refrain entirely from conveying the Program. + + 13. Use with the GNU Affero General Public License. + + Notwithstanding any other provision of this License, you have +permission to link or combine any covered work with a work licensed +under version 3 of the GNU Affero General Public License into a single +combined work, and to convey the resulting work. The terms of this +License will continue to apply to the part which is the covered work, +but the special requirements of the GNU Affero General Public License, +section 13, concerning interaction through a network will apply to the +combination as such. + + 14. Revised Versions of this License. + + The Free Software Foundation may publish revised and/or new versions of +the GNU General Public License from time to time. Such new versions will +be similar in spirit to the present version, but may differ in detail to +address new problems or concerns. + + Each version is given a distinguishing version number. If the +Program specifies that a certain numbered version of the GNU General +Public License "or any later version" applies to it, you have the +option of following the terms and conditions either of that numbered +version or of any later version published by the Free Software +Foundation. If the Program does not specify a version number of the +GNU General Public License, you may choose any version ever published +by the Free Software Foundation. + + If the Program specifies that a proxy can decide which future +versions of the GNU General Public License can be used, that proxy's +public statement of acceptance of a version permanently authorizes you +to choose that version for the Program. + + Later license versions may give you additional or different +permissions. However, no additional obligations are imposed on any +author or copyright holder as a result of your choosing to follow a +later version. + + 15. Disclaimer of Warranty. + + THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY +APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT +HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY +OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM +IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF +ALL NECESSARY SERVICING, REPAIR OR CORRECTION. + + 16. Limitation of Liability. + + IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING +WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS +THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY +GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE +USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF +DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD +PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), +EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMAGES. + + 17. Interpretation of Sections 15 and 16. + + If the disclaimer of warranty and limitation of liability provided +above cannot be given local legal effect according to their terms, +reviewing courts shall apply local law that most closely approximates +an absolute waiver of all civil liability in connection with the +Program, unless a warranty or assumption of liability accompanies a +copy of the Program in return for a fee. + + END OF TERMS AND CONDITIONS + + How to Apply These Terms to Your New Programs + + If you develop a new program, and you want it to be of the greatest +possible use to the public, the best way to achieve this is to make it +free software which everyone can redistribute and change under these terms. + + To do so, attach the following notices to the program. It is safest +to attach them to the start of each source file to most effectively +state the exclusion of warranty; and each file should have at least +the "copyright" line and a pointer to where the full notice is found. + + {one line to give the program's name and a brief idea of what it does.} + Copyright (C) {year} {name of author} + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . + +Also add information on how to contact you by electronic and paper mail. + + If the program does terminal interaction, make it output a short +notice like this when it starts in an interactive mode: + + {project} Copyright (C) {year} {fullname} + This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. + This is free software, and you are welcome to redistribute it + under certain conditions; type `show c' for details. + +The hypothetical commands `show w' and `show c' should show the appropriate +parts of the General Public License. Of course, your program's commands +might be different; for a GUI interface, you would use an "about box". + + You should also get your employer (if you work as a programmer) or school, +if any, to sign a "copyright disclaimer" for the program, if necessary. +For more information on this, and how to apply and follow the GNU GPL, see +. + + The GNU General Public License does not permit incorporating your program +into proprietary programs. If your program is a subroutine library, you +may consider it more useful to permit linking proprietary applications with +the library. If this is what you want to do, use the GNU Lesser General +Public License instead of this License. But first, please read +. diff --git a/README.md b/README.md new file mode 100644 index 0000000..ac081c6 --- /dev/null +++ b/README.md @@ -0,0 +1,2 @@ +# CPPTools +Useful tools for use in C++ projects diff --git a/libs/SlimSupport/CPPTools64.iobj b/libs/SlimSupport/CPPTools64.iobj new file mode 100644 index 0000000..e977ef3 Binary files /dev/null and b/libs/SlimSupport/CPPTools64.iobj differ diff --git a/libs/SlimSupport/CPPTools64.ipdb b/libs/SlimSupport/CPPTools64.ipdb new file mode 100644 index 0000000..ad0139a Binary files /dev/null and b/libs/SlimSupport/CPPTools64.ipdb differ diff --git a/libs/win_crypto++/include/3way.h b/libs/win_crypto++/include/3way.h new file mode 100644 index 0000000..b5f52a0 --- /dev/null +++ b/libs/win_crypto++/include/3way.h @@ -0,0 +1,68 @@ +// 3way.h - written and placed in the public domain by Wei Dai + +//! \file 3way.h +//! \brief Classes for the 3-Way block cipher + +#ifndef CRYPTOPP_THREEWAY_H +#define CRYPTOPP_THREEWAY_H + +#include "config.h" +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class ThreeWay_Info +//! \brief ThreeWay block cipher information +struct ThreeWay_Info : public FixedBlockSize<12>, public FixedKeyLength<12>, public VariableRounds<11> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "3-Way";} +}; + +//! \class ThreeWay +//! \brief ThreeWay block cipher +//! \sa 3-Way +class ThreeWay : public ThreeWay_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief Class specific implementation and overrides used to operate the cipher. + //! \details Implementations and overrides in \p Base apply to both \p ENCRYPTION and \p DECRYPTION directions + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); + + protected: + unsigned int m_rounds; + FixedSizeSecBlock m_k; + }; + + //! \class Enc + //! \brief Class specific methods used to operate the cipher in the forward direction. + //! \details Implementations and overrides in \p Enc apply to \p ENCRYPTION. + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + //! \class Dec + //! \brief Class specific methods used to operate the cipher in the reverse direction. + //! \details Implementations and overrides in \p Dec apply to \p DECRYPTION. + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef ThreeWay::Encryption ThreeWayEncryption; +typedef ThreeWay::Decryption ThreeWayDecryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/adler32.h b/libs/win_crypto++/include/adler32.h new file mode 100644 index 0000000..bb353f2 --- /dev/null +++ b/libs/win_crypto++/include/adler32.h @@ -0,0 +1,34 @@ +// adler32.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile adler32.h +//! \brief Class file for ADLER-32 checksum calculations + +#ifndef CRYPTOPP_ADLER32_H +#define CRYPTOPP_ADLER32_H + +#include "cryptlib.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! ADLER-32 checksum calculations +class Adler32 : public HashTransformation +{ +public: + CRYPTOPP_CONSTANT(DIGESTSIZE = 4) + Adler32() {Reset();} + void Update(const byte *input, size_t length); + void TruncatedFinal(byte *hash, size_t size); + unsigned int DigestSize() const {return DIGESTSIZE;} + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "Adler32";} + std::string AlgorithmName() const {return StaticAlgorithmName();} + +private: + void Reset() {m_s1 = 1; m_s2 = 0;} + + word16 m_s1, m_s2; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/aes.h b/libs/win_crypto++/include/aes.h new file mode 100644 index 0000000..5dd3ecb --- /dev/null +++ b/libs/win_crypto++/include/aes.h @@ -0,0 +1,23 @@ +// aes.h - written and placed in the public domain by Wei Dai + +//! \file +//! \brief Class file for the AES cipher (Rijndael) + +#ifndef CRYPTOPP_AES_H +#define CRYPTOPP_AES_H + +#include "rijndael.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class AES +//! \brief AES block cipher (Rijndael) +//! \sa AES winner, announced on 10/2/2000 +DOCUMENTED_TYPEDEF(Rijndael, AES); + +typedef RijndaelEncryption AESEncryption; +typedef RijndaelDecryption AESDecryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/algebra.h b/libs/win_crypto++/include/algebra.h new file mode 100644 index 0000000..6bb6ba6 --- /dev/null +++ b/libs/win_crypto++/include/algebra.h @@ -0,0 +1,453 @@ +// algebra.h - written and placed in the public domain by Wei Dai + +//! \file algebra.h +//! \brief Classes for performing mathematics over different fields + +#ifndef CRYPTOPP_ALGEBRA_H +#define CRYPTOPP_ALGEBRA_H + +#include "config.h" +#include "misc.h" +#include "integer.h" + +NAMESPACE_BEGIN(CryptoPP) + +class Integer; + +//! \brief Abstract group +//! \tparam T element class or type +//! \details const Element& returned by member functions are references +//! to internal data members. Since each object may have only +//! one such data member for holding results, the following code +//! will produce incorrect results: +//! 
    abcd = group.Add(group.Add(a,b), group.Add(c,d));
+//! But this should be fine: +//! 
    abcd = group.Add(a, group.Add(b, group.Add(c,d));
+template class CRYPTOPP_NO_VTABLE AbstractGroup +{ +public: + typedef T Element; + + virtual ~AbstractGroup() {} + + //! \brief Compare two elements for equality + //! \param a first element + //! \param b second element + //! \returns true if the elements are equal, false otherwise + //! \details Equal() tests the elements for equality using a==b + virtual bool Equal(const Element &a, const Element &b) const =0; + + //! \brief Provides the Identity element + //! \returns the Identity element + virtual const Element& Identity() const =0; + + //! \brief Adds elements in the group + //! \param a first element + //! \param b second element + //! \returns the sum of a and b + virtual const Element& Add(const Element &a, const Element &b) const =0; + + //! \brief Inverts the element in the group + //! \param a first element + //! \returns the inverse of the element + virtual const Element& Inverse(const Element &a) const =0; + + //! \brief Determine if inversion is fast + //! \returns true if inversion is fast, false otherwise + virtual bool InversionIsFast() const {return false;} + + //! \brief Doubles an element in the group + //! \param a the element + //! \returns the element doubled + virtual const Element& Double(const Element &a) const; + + //! \brief Subtracts elements in the group + //! \param a first element + //! \param b second element + //! \returns the difference of a and b. The element a must provide a Subtract member function. + virtual const Element& Subtract(const Element &a, const Element &b) const; + + //! \brief TODO + //! \param a first element + //! \param b second element + //! \returns TODO + virtual Element& Accumulate(Element &a, const Element &b) const; + + //! \brief Reduces an element in the congruence class + //! \param a element to reduce + //! \param b the congruence class + //! \returns the reduced element + virtual Element& Reduce(Element &a, const Element &b) const; + + //! \brief Performs a scalar multiplication + //! \param a multiplicand + //! \param e multiplier + //! \returns the product + virtual Element ScalarMultiply(const Element &a, const Integer &e) const; + + //! \brief TODO + //! \param x first multiplicand + //! \param e1 the first multiplier + //! \param y second multiplicand + //! \param e2 the second multiplier + //! \returns TODO + virtual Element CascadeScalarMultiply(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const; + + //! \brief Multiplies a base to multiple exponents in a group + //! \param results an array of Elements + //! \param base the base to raise to the exponents + //! \param exponents an array of exponents + //! \param exponentsCount the number of exponents in the array + //! \details SimultaneousMultiply() multiplies the base to each exponent in the exponents array and stores the + //! result at the respective position in the results array. + //! \details SimultaneousMultiply() must be implemented in a derived class. + //! \pre COUNTOF(results) == exponentsCount + //! \pre COUNTOF(exponents) == exponentsCount + virtual void SimultaneousMultiply(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; +}; + +//! \brief Abstract ring +//! \tparam T element class or type +//! \details const Element& returned by member functions are references +//! to internal data members. Since each object may have only +//! one such data member for holding results, the following code +//! will produce incorrect results: +//! 
    abcd = group.Add(group.Add(a,b), group.Add(c,d));
+//! But this should be fine: +//! 
    abcd = group.Add(a, group.Add(b, group.Add(c,d));
+template class CRYPTOPP_NO_VTABLE AbstractRing : public AbstractGroup +{ +public: + typedef T Element; + + //! \brief Construct an AbstractRing + AbstractRing() {m_mg.m_pRing = this;} + + //! \brief Copy construct an AbstractRing + //! \param source other AbstractRing + AbstractRing(const AbstractRing &source) + {CRYPTOPP_UNUSED(source); m_mg.m_pRing = this;} + + //! \brief Assign an AbstractRing + //! \param source other AbstractRing + AbstractRing& operator=(const AbstractRing &source) + {CRYPTOPP_UNUSED(source); return *this;} + + //! \brief Determines whether an element is a unit in the group + //! \param a the element + //! \returns true if the element is a unit after reduction, false otherwise. + virtual bool IsUnit(const Element &a) const =0; + + //! \brief Retrieves the multiplicative identity + //! \returns the multiplicative identity + virtual const Element& MultiplicativeIdentity() const =0; + + //! \brief Multiplies elements in the group + //! \param a the multiplicand + //! \param b the multiplier + //! \returns the product of a and b + virtual const Element& Multiply(const Element &a, const Element &b) const =0; + + //! \brief Calculate the multiplicative inverse of an element in the group + //! \param a the element + virtual const Element& MultiplicativeInverse(const Element &a) const =0; + + //! \brief Square an element in the group + //! \param a the element + //! \returns the element squared + virtual const Element& Square(const Element &a) const; + + //! \brief Divides elements in the group + //! \param a the dividend + //! \param b the divisor + //! \returns the quotient + virtual const Element& Divide(const Element &a, const Element &b) const; + + //! \brief Raises a base to an exponent in the group + //! \param a the base + //! \param e the exponent + //! \returns the exponentiation + virtual Element Exponentiate(const Element &a, const Integer &e) const; + + //! \brief TODO + //! \param x first element + //! \param e1 first exponent + //! \param y second element + //! \param e2 second exponent + //! \returns TODO + virtual Element CascadeExponentiate(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const; + + //! \brief Exponentiates a base to multiple exponents in the Ring + //! \param results an array of Elements + //! \param base the base to raise to the exponents + //! \param exponents an array of exponents + //! \param exponentsCount the number of exponents in the array + //! \details SimultaneousExponentiate() raises the base to each exponent in the exponents array and stores the + //! result at the respective position in the results array. + //! \details SimultaneousExponentiate() must be implemented in a derived class. + //! \pre COUNTOF(results) == exponentsCount + //! \pre COUNTOF(exponents) == exponentsCount + virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; + + //! \brief Retrieves the multiplicative group + //! \returns the multiplicative group + virtual const AbstractGroup& MultiplicativeGroup() const + {return m_mg;} + +private: + class MultiplicativeGroupT : public AbstractGroup + { + public: + const AbstractRing& GetRing() const + {return *m_pRing;} + + bool Equal(const Element &a, const Element &b) const + {return GetRing().Equal(a, b);} + + const Element& Identity() const + {return GetRing().MultiplicativeIdentity();} + + const Element& Add(const Element &a, const Element &b) const + {return GetRing().Multiply(a, b);} + + Element& Accumulate(Element &a, const Element &b) const + {return a = GetRing().Multiply(a, b);} + + const Element& Inverse(const Element &a) const + {return GetRing().MultiplicativeInverse(a);} + + const Element& Subtract(const Element &a, const Element &b) const + {return GetRing().Divide(a, b);} + + Element& Reduce(Element &a, const Element &b) const + {return a = GetRing().Divide(a, b);} + + const Element& Double(const Element &a) const + {return GetRing().Square(a);} + + Element ScalarMultiply(const Element &a, const Integer &e) const + {return GetRing().Exponentiate(a, e);} + + Element CascadeScalarMultiply(const Element &x, const Integer &e1, const Element &y, const Integer &e2) const + {return GetRing().CascadeExponentiate(x, e1, y, e2);} + + void SimultaneousMultiply(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const + {GetRing().SimultaneousExponentiate(results, base, exponents, exponentsCount);} + + const AbstractRing *m_pRing; + }; + + MultiplicativeGroupT m_mg; +}; + +// ******************************************************** + +//! \brief Base and exponent +//! \tparam T base class or type +//! \tparam T exponent class or type +template +struct BaseAndExponent +{ +public: + BaseAndExponent() {} + BaseAndExponent(const T &base, const E &exponent) : base(base), exponent(exponent) {} + bool operator<(const BaseAndExponent &rhs) const {return exponent < rhs.exponent;} + T base; + E exponent; +}; + +// VC60 workaround: incomplete member template support +template + Element GeneralCascadeMultiplication(const AbstractGroup &group, Iterator begin, Iterator end); +template + Element GeneralCascadeExponentiation(const AbstractRing &ring, Iterator begin, Iterator end); + +// ******************************************************** + +//! \brief Abstract Euclidean domain +//! \tparam T element class or type +//! \details const Element& returned by member functions are references +//! to internal data members. Since each object may have only +//! one such data member for holding results, the following code +//! will produce incorrect results: +//! 
    abcd = group.Add(group.Add(a,b), group.Add(c,d));
+//! But this should be fine: +//! 
    abcd = group.Add(a, group.Add(b, group.Add(c,d));
+template class CRYPTOPP_NO_VTABLE AbstractEuclideanDomain : public AbstractRing +{ +public: + typedef T Element; + + //! \brief Performs the division algorithm on two elements in the ring + //! \param r the remainder + //! \param q the quotient + //! \param a the dividend + //! \param d the divisor + virtual void DivisionAlgorithm(Element &r, Element &q, const Element &a, const Element &d) const =0; + + //! \brief Performs a modular reduction in the ring + //! \param a the element + //! \param b the modulus + //! \returns the result of a%b. + virtual const Element& Mod(const Element &a, const Element &b) const =0; + + //! \brief Calculates the greatest common denominator in the ring + //! \param a the first element + //! \param b the second element + //! \returns the the greatest common denominator of a and b. + virtual const Element& Gcd(const Element &a, const Element &b) const; + +protected: + mutable Element result; +}; + +// ******************************************************** + +//! \brief Euclidean domain +//! \tparam T element class or type +//! \details const Element& returned by member functions are references +//! to internal data members. Since each object may have only +//! one such data member for holding results, the following code +//! will produce incorrect results: +//! 
    abcd = group.Add(group.Add(a,b), group.Add(c,d));
+//! But this should be fine: +//! 
    abcd = group.Add(a, group.Add(b, group.Add(c,d));
+template class EuclideanDomainOf : public AbstractEuclideanDomain +{ +public: + typedef T Element; + + EuclideanDomainOf() {} + + bool Equal(const Element &a, const Element &b) const + {return a==b;} + + const Element& Identity() const + {return Element::Zero();} + + const Element& Add(const Element &a, const Element &b) const + {return result = a+b;} + + Element& Accumulate(Element &a, const Element &b) const + {return a+=b;} + + const Element& Inverse(const Element &a) const + {return result = -a;} + + const Element& Subtract(const Element &a, const Element &b) const + {return result = a-b;} + + Element& Reduce(Element &a, const Element &b) const + {return a-=b;} + + const Element& Double(const Element &a) const + {return result = a.Doubled();} + + const Element& MultiplicativeIdentity() const + {return Element::One();} + + const Element& Multiply(const Element &a, const Element &b) const + {return result = a*b;} + + const Element& Square(const Element &a) const + {return result = a.Squared();} + + bool IsUnit(const Element &a) const + {return a.IsUnit();} + + const Element& MultiplicativeInverse(const Element &a) const + {return result = a.MultiplicativeInverse();} + + const Element& Divide(const Element &a, const Element &b) const + {return result = a/b;} + + const Element& Mod(const Element &a, const Element &b) const + {return result = a%b;} + + void DivisionAlgorithm(Element &r, Element &q, const Element &a, const Element &d) const + {Element::Divide(r, q, a, d);} + + bool operator==(const EuclideanDomainOf &rhs) const + {CRYPTOPP_UNUSED(rhs); return true;} + +private: + mutable Element result; +}; + +//! \brief Quotient ring +//! \tparam T element class or type +//! \details const Element& returned by member functions are references +//! to internal data members. Since each object may have only +//! one such data member for holding results, the following code +//! will produce incorrect results: +//! 
    abcd = group.Add(group.Add(a,b), group.Add(c,d));
+//! But this should be fine: +//! 
    abcd = group.Add(a, group.Add(b, group.Add(c,d));
+template class QuotientRing : public AbstractRing +{ +public: + typedef T EuclideanDomain; + typedef typename T::Element Element; + + QuotientRing(const EuclideanDomain &domain, const Element &modulus) + : m_domain(domain), m_modulus(modulus) {} + + const EuclideanDomain & GetDomain() const + {return m_domain;} + + const Element& GetModulus() const + {return m_modulus;} + + bool Equal(const Element &a, const Element &b) const + {return m_domain.Equal(m_domain.Mod(m_domain.Subtract(a, b), m_modulus), m_domain.Identity());} + + const Element& Identity() const + {return m_domain.Identity();} + + const Element& Add(const Element &a, const Element &b) const + {return m_domain.Add(a, b);} + + Element& Accumulate(Element &a, const Element &b) const + {return m_domain.Accumulate(a, b);} + + const Element& Inverse(const Element &a) const + {return m_domain.Inverse(a);} + + const Element& Subtract(const Element &a, const Element &b) const + {return m_domain.Subtract(a, b);} + + Element& Reduce(Element &a, const Element &b) const + {return m_domain.Reduce(a, b);} + + const Element& Double(const Element &a) const + {return m_domain.Double(a);} + + bool IsUnit(const Element &a) const + {return m_domain.IsUnit(m_domain.Gcd(a, m_modulus));} + + const Element& MultiplicativeIdentity() const + {return m_domain.MultiplicativeIdentity();} + + const Element& Multiply(const Element &a, const Element &b) const + {return m_domain.Mod(m_domain.Multiply(a, b), m_modulus);} + + const Element& Square(const Element &a) const + {return m_domain.Mod(m_domain.Square(a), m_modulus);} + + const Element& MultiplicativeInverse(const Element &a) const; + + bool operator==(const QuotientRing &rhs) const + {return m_domain == rhs.m_domain && m_modulus == rhs.m_modulus;} + +protected: + EuclideanDomain m_domain; + Element m_modulus; +}; + +NAMESPACE_END + +#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES +#include "algebra.cpp" +#endif + +#endif diff --git a/libs/win_crypto++/include/algparam.h b/libs/win_crypto++/include/algparam.h new file mode 100644 index 0000000..bd6ee4c --- /dev/null +++ b/libs/win_crypto++/include/algparam.h @@ -0,0 +1,580 @@ +// algparam.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile algparam.h +//! \brief Classes for working with NameValuePairs + + +#ifndef CRYPTOPP_ALGPARAM_H +#define CRYPTOPP_ALGPARAM_H + +#include "config.h" +#include "cryptlib.h" + +// TODO: fix 6011 when the API/ABI can change +#if (CRYPTOPP_MSC_VERSION >= 1400) +# pragma warning(push) +# pragma warning(disable: 6011 28193) +#endif + +#include "smartptr.h" +#include "secblock.h" +#include "integer.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class ConstByteArrayParameter +//! \brief Used to pass byte array input as part of a NameValuePairs object +class ConstByteArrayParameter +{ +public: + //! \brief Construct a ConstByteArrayParameter + //! \param data a C-String + //! \param deepCopy flag indicating whether the data should be copied + //! \details The deepCopy option is used when the NameValuePairs object can't + //! keep a copy of the data available + ConstByteArrayParameter(const char *data = NULL, bool deepCopy = false) + : m_deepCopy(false), m_data(NULL), m_size(0) + { + Assign((const byte *)data, data ? strlen(data) : 0, deepCopy); + } + + //! \brief Construct a ConstByteArrayParameter + //! \param data a memory buffer + //! \param size the length of the memory buffer + //! \param deepCopy flag indicating whether the data should be copied + //! \details The deepCopy option is used when the NameValuePairs object can't + //! keep a copy of the data available + ConstByteArrayParameter(const byte *data, size_t size, bool deepCopy = false) + : m_deepCopy(false), m_data(NULL), m_size(0) + { + Assign(data, size, deepCopy); + } + + //! \brief Construct a ConstByteArrayParameter + //! \tparam T a std::basic_string class + //! \param string a std::basic_string class + //! \param deepCopy flag indicating whether the data should be copied + //! \details The deepCopy option is used when the NameValuePairs object can't + //! keep a copy of the data available + template ConstByteArrayParameter(const T &string, bool deepCopy = false) + : m_deepCopy(false), m_data(NULL), m_size(0) + { + CRYPTOPP_COMPILE_ASSERT(sizeof(CPP_TYPENAME T::value_type) == 1); + Assign((const byte *)string.data(), string.size(), deepCopy); + } + + //! \brief Assign contents from a memory buffer + //! \param data a memory buffer + //! \param size the length of the memory buffer + //! \param deepCopy flag indicating whether the data should be copied + //! \details The deepCopy option is used when the NameValuePairs object can't + //! keep a copy of the data available + void Assign(const byte *data, size_t size, bool deepCopy) + { + // This fires, which means: no data with a size, or data with no size. + // CRYPTOPP_ASSERT((data && size) || !(data || size)); + if (deepCopy) + m_block.Assign(data, size); + else + { + m_data = data; + m_size = size; + } + m_deepCopy = deepCopy; + } + + //! \brief Pointer to the first byte in the memory block + const byte *begin() const {return m_deepCopy ? m_block.begin() : m_data;} + //! \brief Pointer beyond the last byte in the memory block + const byte *end() const {return m_deepCopy ? m_block.end() : m_data + m_size;} + //! \brief Length of the memory block + size_t size() const {return m_deepCopy ? m_block.size() : m_size;} + +private: + bool m_deepCopy; + const byte *m_data; + size_t m_size; + SecByteBlock m_block; +}; + +//! \class ByteArrayParameter +//! \brief Used to pass byte array input as part of a NameValuePairs object +class ByteArrayParameter +{ +public: + //! \brief Construct a ByteArrayParameter + //! \param data a memory buffer + //! \param size the length of the memory buffer + ByteArrayParameter(byte *data = NULL, unsigned int size = 0) + : m_data(data), m_size(size) {} + + //! \brief Construct a ByteArrayParameter + //! \param block a SecByteBlock + ByteArrayParameter(SecByteBlock &block) + : m_data(block.begin()), m_size(block.size()) {} + + //! \brief Pointer to the first byte in the memory block + byte *begin() const {return m_data;} + //! \brief Pointer beyond the last byte in the memory block + byte *end() const {return m_data + m_size;} + //! \brief Length of the memory block + size_t size() const {return m_size;} + +private: + byte *m_data; + size_t m_size; +}; + +//! \class CombinedNameValuePairs +//! \brief Combines two sets of NameValuePairs +//! \details CombinedNameValuePairs allows you to provide two sets of of NameValuePairs. +//! If a name is not found in the first set, then the second set is searched for the +//! name and value pair. The second set of NameValuePairs often provides default values. +class CRYPTOPP_DLL CombinedNameValuePairs : public NameValuePairs +{ +public: + //! \brief Construct a CombinedNameValuePairs + //! \param pairs1 reference to the first set of NameValuePairs + //! \param pairs2 reference to the second set of NameValuePairs + CombinedNameValuePairs(const NameValuePairs &pairs1, const NameValuePairs &pairs2) + : m_pairs1(pairs1), m_pairs2(pairs2) {} + + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + +private: + const NameValuePairs &m_pairs1, &m_pairs2; +}; + +#ifndef CRYPTOPP_DOXYGEN_PROCESSING +template +class GetValueHelperClass +{ +public: + GetValueHelperClass(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst) + : m_pObject(pObject), m_name(name), m_valueType(&valueType), m_pValue(pValue), m_found(false), m_getValueNames(false) + { + if (strcmp(m_name, "ValueNames") == 0) + { + m_found = m_getValueNames = true; + NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(std::string), *m_valueType); + if (searchFirst) + searchFirst->GetVoidValue(m_name, valueType, pValue); + if (typeid(T) != typeid(BASE)) + pObject->BASE::GetVoidValue(m_name, valueType, pValue); + ((*reinterpret_cast(m_pValue) += "ThisPointer:") += typeid(T).name()) += ';'; + } + + if (!m_found && strncmp(m_name, "ThisPointer:", 12) == 0 && strcmp(m_name+12, typeid(T).name()) == 0) + { + NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(T *), *m_valueType); + *reinterpret_cast(pValue) = pObject; + m_found = true; + return; + } + + if (!m_found && searchFirst) + m_found = searchFirst->GetVoidValue(m_name, valueType, pValue); + + if (!m_found && typeid(T) != typeid(BASE)) + m_found = pObject->BASE::GetVoidValue(m_name, valueType, pValue); + } + + operator bool() const {return m_found;} + + template + GetValueHelperClass & operator()(const char *name, const R & (T::*pm)() const) + { + if (m_getValueNames) + (*reinterpret_cast(m_pValue) += name) += ";"; + if (!m_found && strcmp(name, m_name) == 0) + { + NameValuePairs::ThrowIfTypeMismatch(name, typeid(R), *m_valueType); + *reinterpret_cast(m_pValue) = (m_pObject->*pm)(); + m_found = true; + } + return *this; + } + + GetValueHelperClass &Assignable() + { +#ifndef __INTEL_COMPILER // ICL 9.1 workaround: Intel compiler copies the vTable pointer for some reason + if (m_getValueNames) + ((*reinterpret_cast(m_pValue) += "ThisObject:") += typeid(T).name()) += ';'; + if (!m_found && strncmp(m_name, "ThisObject:", 11) == 0 && strcmp(m_name+11, typeid(T).name()) == 0) + { + NameValuePairs::ThrowIfTypeMismatch(m_name, typeid(T), *m_valueType); + *reinterpret_cast(m_pValue) = *m_pObject; + m_found = true; + } +#endif + return *this; + } + +private: + const T *m_pObject; + const char *m_name; + const std::type_info *m_valueType; + void *m_pValue; + bool m_found, m_getValueNames; +}; + +template +GetValueHelperClass GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst=NULL, BASE *dummy=NULL) +{ + CRYPTOPP_UNUSED(dummy); + return GetValueHelperClass(pObject, name, valueType, pValue, searchFirst); +} + +template +GetValueHelperClass GetValueHelper(const T *pObject, const char *name, const std::type_info &valueType, void *pValue, const NameValuePairs *searchFirst=NULL) +{ + return GetValueHelperClass(pObject, name, valueType, pValue, searchFirst); +} + +// ******************************************************** + +// VC60 workaround +#if defined(_MSC_VER) && (_MSC_VER < 1300) +template +R Hack_DefaultValueFromConstReferenceType(const R &) +{ + return R(); +} + +template +bool Hack_GetValueIntoConstReference(const NameValuePairs &source, const char *name, const R &value) +{ + return source.GetValue(name, const_cast(value)); +} + +template +class AssignFromHelperClass +{ +public: + AssignFromHelperClass(T *pObject, const NameValuePairs &source) + : m_pObject(pObject), m_source(source), m_done(false) + { + if (source.GetThisObject(*pObject)) + m_done = true; + else if (typeid(BASE) != typeid(T)) + pObject->BASE::AssignFrom(source); + } + + template + AssignFromHelperClass & operator()(const char *name, void (T::*pm)(R)) // VC60 workaround: "const R &" here causes compiler error + { + if (!m_done) + { + R value = Hack_DefaultValueFromConstReferenceType(reinterpret_cast(*(int *)NULL)); + if (!Hack_GetValueIntoConstReference(m_source, name, value)) + throw InvalidArgument(std::string(typeid(T).name()) + ": Missing required parameter '" + name + "'"); + (m_pObject->*pm)(value); + } + return *this; + } + + template + AssignFromHelperClass & operator()(const char *name1, const char *name2, void (T::*pm)(R, S)) // VC60 workaround: "const R &" here causes compiler error + { + if (!m_done) + { + R value1 = Hack_DefaultValueFromConstReferenceType(reinterpret_cast(*(int *)NULL)); + if (!Hack_GetValueIntoConstReference(m_source, name1, value1)) + throw InvalidArgument(std::string(typeid(T).name()) + ": Missing required parameter '" + name1 + "'"); + S value2 = Hack_DefaultValueFromConstReferenceType(reinterpret_cast(*(int *)NULL)); + if (!Hack_GetValueIntoConstReference(m_source, name2, value2)) + throw InvalidArgument(std::string(typeid(T).name()) + ": Missing required parameter '" + name2 + "'"); + (m_pObject->*pm)(value1, value2); + } + return *this; + } + +private: + T *m_pObject; + const NameValuePairs &m_source; + bool m_done; +}; +#else +template +class AssignFromHelperClass +{ +public: + AssignFromHelperClass(T *pObject, const NameValuePairs &source) + : m_pObject(pObject), m_source(source), m_done(false) + { + if (source.GetThisObject(*pObject)) + m_done = true; + else if (typeid(BASE) != typeid(T)) + pObject->BASE::AssignFrom(source); + } + + template + AssignFromHelperClass & operator()(const char *name, void (T::*pm)(const R&)) + { + if (!m_done) + { + R value; + if (!m_source.GetValue(name, value)) + throw InvalidArgument(std::string(typeid(T).name()) + ": Missing required parameter '" + name + "'"); + (m_pObject->*pm)(value); + } + return *this; + } + + template + AssignFromHelperClass & operator()(const char *name1, const char *name2, void (T::*pm)(const R&, const S&)) + { + if (!m_done) + { + R value1; + if (!m_source.GetValue(name1, value1)) + throw InvalidArgument(std::string(typeid(T).name()) + ": Missing required parameter '" + name1 + "'"); + S value2; + if (!m_source.GetValue(name2, value2)) + throw InvalidArgument(std::string(typeid(T).name()) + ": Missing required parameter '" + name2 + "'"); + (m_pObject->*pm)(value1, value2); + } + return *this; + } + +private: + T *m_pObject; + const NameValuePairs &m_source; + bool m_done; +}; +#endif + +template +AssignFromHelperClass AssignFromHelper(T *pObject, const NameValuePairs &source, BASE *dummy=NULL) +{ + CRYPTOPP_UNUSED(dummy); + return AssignFromHelperClass(pObject, source); +} + +template +AssignFromHelperClass AssignFromHelper(T *pObject, const NameValuePairs &source) +{ + return AssignFromHelperClass(pObject, source); +} + +#endif // CRYPTOPP_DOXYGEN_PROCESSING + +// ******************************************************** + +// to allow the linker to discard Integer code if not needed. +typedef bool (CRYPTOPP_API * PAssignIntToInteger)(const std::type_info &valueType, void *pInteger, const void *pInt); +CRYPTOPP_DLL extern PAssignIntToInteger g_pAssignIntToInteger; + +CRYPTOPP_DLL const std::type_info & CRYPTOPP_API IntegerTypeId(); + +//! \class AlgorithmParametersBase +//! \brief Base class for AlgorithmParameters +class CRYPTOPP_DLL AlgorithmParametersBase +{ +public: + //! \class ParameterNotUsed + //! \brief Exception thrown when an AlgorithmParameter is unused + class ParameterNotUsed : public Exception + { + public: + ParameterNotUsed(const char *name) : Exception(OTHER_ERROR, std::string("AlgorithmParametersBase: parameter \"") + name + "\" not used") {} + }; + + // this is actually a move, not a copy + AlgorithmParametersBase(const AlgorithmParametersBase &x) + : m_name(x.m_name), m_throwIfNotUsed(x.m_throwIfNotUsed), m_used(x.m_used) + { + m_next.reset(const_cast(x).m_next.release()); + x.m_used = true; + } + + //! \brief Construct a AlgorithmParametersBase + //! \param name the parameter name + //! \param throwIfNotUsed flags indicating whether an exception should be thrown + //! \details If throwIfNotUsed is true, then a ParameterNotUsed exception + //! will be thrown in the destructor if the parameter is not not retrieved. + AlgorithmParametersBase(const char *name, bool throwIfNotUsed) + : m_name(name), m_throwIfNotUsed(throwIfNotUsed), m_used(false) {} + + virtual ~AlgorithmParametersBase() CRYPTOPP_THROW + { +#ifdef CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE + if (!std::uncaught_exception()) +#else + try +#endif + { + if (m_throwIfNotUsed && !m_used) + throw ParameterNotUsed(m_name); + } +#ifndef CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE + catch(const Exception&) + { + } +#endif + } + + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + +protected: + friend class AlgorithmParameters; + void operator=(const AlgorithmParametersBase& rhs); // assignment not allowed, declare this for VC60 + + virtual void AssignValue(const char *name, const std::type_info &valueType, void *pValue) const =0; + virtual void MoveInto(void *p) const =0; // not really const + + const char *m_name; + bool m_throwIfNotUsed; + mutable bool m_used; + member_ptr m_next; +}; + +//! \class AlgorithmParametersTemplate +//! \brief Template base class for AlgorithmParameters +//! \tparam T the class or type +template +class AlgorithmParametersTemplate : public AlgorithmParametersBase +{ +public: + //! \brief Construct an AlgorithmParametersTemplate + //! \param name the name of the value + //! \param value a reference to the value + //! \param throwIfNotUsed flags indicating whether an exception should be thrown + //! \details If throwIfNotUsed is true, then a ParameterNotUsed exception + //! will be thrown in the destructor if the parameter is not not retrieved. + AlgorithmParametersTemplate(const char *name, const T &value, bool throwIfNotUsed) + : AlgorithmParametersBase(name, throwIfNotUsed), m_value(value) + { + } + + void AssignValue(const char *name, const std::type_info &valueType, void *pValue) const + { + // special case for retrieving an Integer parameter when an int was passed in + if (!(g_pAssignIntToInteger != NULL && typeid(T) == typeid(int) && g_pAssignIntToInteger(valueType, pValue, &m_value))) + { + NameValuePairs::ThrowIfTypeMismatch(name, typeid(T), valueType); + *reinterpret_cast(pValue) = m_value; + } + } + +#if defined(DEBUG_NEW) && (_MSC_VER >= 1300) +# pragma push_macro("new") +# undef new +#endif + + void MoveInto(void *buffer) const + { + AlgorithmParametersTemplate* p = new(buffer) AlgorithmParametersTemplate(*this); + CRYPTOPP_UNUSED(p); // silence warning + } + +#if defined(DEBUG_NEW) && (_MSC_VER >= 1300) +# pragma pop_macro("new") +#endif + +protected: + T m_value; +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS AlgorithmParametersTemplate; +CRYPTOPP_DLL_TEMPLATE_CLASS AlgorithmParametersTemplate; +CRYPTOPP_DLL_TEMPLATE_CLASS AlgorithmParametersTemplate; + +//! \class AlgorithmParameters +//! \brief An object that implements NameValuePairs +//! \tparam T the class or type +//! \param name the name of the object or value to retrieve +//! \param value reference to a variable that receives the value +//! \param throwIfNotUsed if true, the object will throw an exception if the value is not accessed +//! \note throwIfNotUsed is ignored if using a compiler that does not support std::uncaught_exception(), +//! such as MSVC 7.0 and earlier. +//! \note A NameValuePairs object containing an arbitrary number of name value pairs may be constructed by +//! repeatedly using operator() on the object returned by MakeParameters, for example: +//! 
+//!     AlgorithmParameters parameters = MakeParameters(name1, value1)(name2, value2)(name3, value3);
+//!
+class CRYPTOPP_DLL AlgorithmParameters : public NameValuePairs +{ +public: + AlgorithmParameters(); + +#ifdef __BORLANDC__ + template + AlgorithmParameters(const char *name, const T &value, bool throwIfNotUsed=true) + : m_next(new AlgorithmParametersTemplate(name, value, throwIfNotUsed)) + , m_defaultThrowIfNotUsed(throwIfNotUsed) + { + } +#endif + + AlgorithmParameters(const AlgorithmParameters &x); + + AlgorithmParameters & operator=(const AlgorithmParameters &x); + + //! \tparam T the class or type + //! \param name the name of the object or value to retrieve + //! \param value reference to a variable that receives the value + //! \param throwIfNotUsed if true, the object will throw an exception if the value is not accessed + template + AlgorithmParameters & operator()(const char *name, const T &value, bool throwIfNotUsed) + { + member_ptr p(new AlgorithmParametersTemplate(name, value, throwIfNotUsed)); + p->m_next.reset(m_next.release()); + m_next.reset(p.release()); + m_defaultThrowIfNotUsed = throwIfNotUsed; + return *this; + } + + //! \brief Appends a NameValuePair to a collection of NameValuePairs + //! \tparam T the class or type + //! \param name the name of the object or value to retrieve + //! \param value reference to a variable that receives the value + template + AlgorithmParameters & operator()(const char *name, const T &value) + { + return operator()(name, value, m_defaultThrowIfNotUsed); + } + + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + +protected: + member_ptr m_next; + bool m_defaultThrowIfNotUsed; +}; + +//! \brief Create an object that implements NameValuePairs +//! \tparam T the class or type +//! \param name the name of the object or value to retrieve +//! \param value reference to a variable that receives the value +//! \param throwIfNotUsed if true, the object will throw an exception if the value is not accessed +//! \note throwIfNotUsed is ignored if using a compiler that does not support std::uncaught_exception(), +//! such as MSVC 7.0 and earlier. +//! \note A NameValuePairs object containing an arbitrary number of name value pairs may be constructed by +//! repeatedly using \p operator() on the object returned by \p MakeParameters, for example: +//! 
+//!     AlgorithmParameters parameters = MakeParameters(name1, value1)(name2, value2)(name3, value3);
+//!
+#ifdef __BORLANDC__ +typedef AlgorithmParameters MakeParameters; +#else +template +AlgorithmParameters MakeParameters(const char *name, const T &value, bool throwIfNotUsed = true) +{ + return AlgorithmParameters()(name, value, throwIfNotUsed); +} +#endif + +#define CRYPTOPP_GET_FUNCTION_ENTRY(name) (Name::name(), &ThisClass::Get##name) +#define CRYPTOPP_SET_FUNCTION_ENTRY(name) (Name::name(), &ThisClass::Set##name) +#define CRYPTOPP_SET_FUNCTION_ENTRY2(name1, name2) (Name::name1(), Name::name2(), &ThisClass::Set##name1##And##name2) + +// TODO: fix 6011 when the API/ABI can change +#if (CRYPTOPP_MSC_VERSION >= 1400) +# pragma warning(pop) +#endif + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/arc4.h b/libs/win_crypto++/include/arc4.h new file mode 100644 index 0000000..4a8f01d --- /dev/null +++ b/libs/win_crypto++/include/arc4.h @@ -0,0 +1,83 @@ +// arc4.h - written and placed in the public domain by Wei Dai + +//! \file arc4.h +//! \brief Classes for ARC4 cipher + +#ifndef CRYPTOPP_ARC4_H +#define CRYPTOPP_ARC4_H + +#include "cryptlib.h" +#include "strciphr.h" +#include "secblock.h" +#include "smartptr.h" + +NAMESPACE_BEGIN(CryptoPP) + +namespace Weak1 { + +//! \class ARC4_Base +//! \brief Class specific methods used to operate the cipher. +//! \details Implementations and overrides in \p Base apply to both \p ENCRYPTION and \p DECRYPTION directions +class CRYPTOPP_NO_VTABLE ARC4_Base : public VariableKeyLength<16, 1, 256>, public RandomNumberGenerator, public SymmetricCipher, public SymmetricCipherDocumentation +{ +public: + ~ARC4_Base(); + + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "ARC4";} + + void GenerateBlock(byte *output, size_t size); + void DiscardBytes(size_t n); + + void ProcessData(byte *outString, const byte *inString, size_t length); + + bool IsRandomAccess() const {return false;} + bool IsSelfInverting() const {return true;} + bool IsForwardTransformation() const {return true;} + + typedef SymmetricCipherFinal Encryption; + typedef SymmetricCipherFinal Decryption; + +protected: + void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); + virtual unsigned int GetDefaultDiscardBytes() const {return 0;} + + FixedSizeSecBlock m_state; + byte m_x, m_y; +}; + +//! Alleged RC4 +DOCUMENTED_TYPEDEF(SymmetricCipherFinal, ARC4) + +//! \class MARC4_Base +//! \brief Class specific methods used to operate the cipher. +//! \details Implementations and overrides in \p Base apply to both \p ENCRYPTION and \p DECRYPTION directions +//! \details MARC4 discards the first 256 bytes of keystream, which may be weaker than the rest +class CRYPTOPP_NO_VTABLE MARC4_Base : public ARC4_Base +{ +public: + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "MARC4";} + + typedef SymmetricCipherFinal Encryption; + typedef SymmetricCipherFinal Decryption; + +protected: + unsigned int GetDefaultDiscardBytes() const {return 256;} +}; + +DOCUMENTED_TYPEDEF(SymmetricCipherFinal, MARC4) + +} +#if CRYPTOPP_ENABLE_NAMESPACE_WEAK >= 1 +namespace Weak {using namespace Weak1;} // import Weak1 into CryptoPP::Weak +#else +using namespace Weak1; // import Weak1 into CryptoPP with warning +#ifdef __GNUC__ +#warning "You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning." +#else +#pragma message("You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning.") +#endif +#endif + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/argnames.h b/libs/win_crypto++/include/argnames.h new file mode 100644 index 0000000..06fc2ae --- /dev/null +++ b/libs/win_crypto++/include/argnames.h @@ -0,0 +1,94 @@ +// argnames.h - written and placed in the public domain by Wei Dai + +//! \file argnames.h +//! \brief Standard names for retrieving values by name when working with \p NameValuePairs + +#ifndef CRYPTOPP_ARGNAMES_H +#define CRYPTOPP_ARGNAMES_H + +#include "cryptlib.h" + +NAMESPACE_BEGIN(CryptoPP) + +DOCUMENTED_NAMESPACE_BEGIN(Name) + +#define CRYPTOPP_DEFINE_NAME_STRING(name) inline const char *name() {return #name;} + +CRYPTOPP_DEFINE_NAME_STRING(ValueNames) //!< string, a list of value names with a semicolon (';') after each name +CRYPTOPP_DEFINE_NAME_STRING(Version) //!< int +CRYPTOPP_DEFINE_NAME_STRING(Seed) //!< ConstByteArrayParameter +CRYPTOPP_DEFINE_NAME_STRING(Key) //!< ConstByteArrayParameter +CRYPTOPP_DEFINE_NAME_STRING(IV) //!< ConstByteArrayParameter, also accepts const byte * for backwards compatibility +CRYPTOPP_DEFINE_NAME_STRING(StolenIV) //!< byte * +CRYPTOPP_DEFINE_NAME_STRING(Rounds) //!< int +CRYPTOPP_DEFINE_NAME_STRING(FeedbackSize) //!< int +CRYPTOPP_DEFINE_NAME_STRING(WordSize) //!< int, in bytes +CRYPTOPP_DEFINE_NAME_STRING(BlockSize) //!< int, in bytes +CRYPTOPP_DEFINE_NAME_STRING(EffectiveKeyLength) //!< int, in bits +CRYPTOPP_DEFINE_NAME_STRING(KeySize) //!< int, in bits +CRYPTOPP_DEFINE_NAME_STRING(ModulusSize) //!< int, in bits +CRYPTOPP_DEFINE_NAME_STRING(SubgroupOrderSize) //!< int, in bits +CRYPTOPP_DEFINE_NAME_STRING(PrivateExponentSize)//!< int, in bits +CRYPTOPP_DEFINE_NAME_STRING(Modulus) //!< Integer +CRYPTOPP_DEFINE_NAME_STRING(PublicExponent) //!< Integer +CRYPTOPP_DEFINE_NAME_STRING(PrivateExponent) //!< Integer +CRYPTOPP_DEFINE_NAME_STRING(PublicElement) //!< Integer +CRYPTOPP_DEFINE_NAME_STRING(SubgroupOrder) //!< Integer +CRYPTOPP_DEFINE_NAME_STRING(Cofactor) //!< Integer +CRYPTOPP_DEFINE_NAME_STRING(SubgroupGenerator) //!< Integer, ECP::Point, or EC2N::Point +CRYPTOPP_DEFINE_NAME_STRING(Curve) //!< ECP or EC2N +CRYPTOPP_DEFINE_NAME_STRING(GroupOID) //!< OID +CRYPTOPP_DEFINE_NAME_STRING(PointerToPrimeSelector) //!< const PrimeSelector * +CRYPTOPP_DEFINE_NAME_STRING(Prime1) //!< Integer +CRYPTOPP_DEFINE_NAME_STRING(Prime2) //!< Integer +CRYPTOPP_DEFINE_NAME_STRING(ModPrime1PrivateExponent) //!< Integer +CRYPTOPP_DEFINE_NAME_STRING(ModPrime2PrivateExponent) //!< Integer +CRYPTOPP_DEFINE_NAME_STRING(MultiplicativeInverseOfPrime2ModPrime1) //!< Integer +CRYPTOPP_DEFINE_NAME_STRING(QuadraticResidueModPrime1) //!< Integer +CRYPTOPP_DEFINE_NAME_STRING(QuadraticResidueModPrime2) //!< Integer +CRYPTOPP_DEFINE_NAME_STRING(PutMessage) //!< bool +CRYPTOPP_DEFINE_NAME_STRING(TruncatedDigestSize) //!< int +CRYPTOPP_DEFINE_NAME_STRING(BlockPaddingScheme) //!< StreamTransformationFilter::BlockPaddingScheme +CRYPTOPP_DEFINE_NAME_STRING(HashVerificationFilterFlags) //!< word32 +CRYPTOPP_DEFINE_NAME_STRING(AuthenticatedDecryptionFilterFlags) //!< word32 +CRYPTOPP_DEFINE_NAME_STRING(SignatureVerificationFilterFlags) //!< word32 +CRYPTOPP_DEFINE_NAME_STRING(InputBuffer) //!< ConstByteArrayParameter +CRYPTOPP_DEFINE_NAME_STRING(OutputBuffer) //!< ByteArrayParameter +CRYPTOPP_DEFINE_NAME_STRING(InputFileName) //!< const char * +CRYPTOPP_DEFINE_NAME_STRING(InputFileNameWide) //!< const wchar_t * +CRYPTOPP_DEFINE_NAME_STRING(InputStreamPointer) //!< std::istream * +CRYPTOPP_DEFINE_NAME_STRING(InputBinaryMode) //!< bool +CRYPTOPP_DEFINE_NAME_STRING(OutputFileName) //!< const char * +CRYPTOPP_DEFINE_NAME_STRING(OutputFileNameWide) //!< const wchar_t * +CRYPTOPP_DEFINE_NAME_STRING(OutputStreamPointer) //!< std::ostream * +CRYPTOPP_DEFINE_NAME_STRING(OutputBinaryMode) //!< bool +CRYPTOPP_DEFINE_NAME_STRING(EncodingParameters) //!< ConstByteArrayParameter +CRYPTOPP_DEFINE_NAME_STRING(KeyDerivationParameters) //!< ConstByteArrayParameter +CRYPTOPP_DEFINE_NAME_STRING(Separator) //< ConstByteArrayParameter +CRYPTOPP_DEFINE_NAME_STRING(Terminator) //< ConstByteArrayParameter +CRYPTOPP_DEFINE_NAME_STRING(Uppercase) //< bool +CRYPTOPP_DEFINE_NAME_STRING(GroupSize) //< int +CRYPTOPP_DEFINE_NAME_STRING(Pad) //< bool +CRYPTOPP_DEFINE_NAME_STRING(PaddingByte) //< byte +CRYPTOPP_DEFINE_NAME_STRING(Log2Base) //< int +CRYPTOPP_DEFINE_NAME_STRING(EncodingLookupArray) //< const byte * +CRYPTOPP_DEFINE_NAME_STRING(DecodingLookupArray) //< const byte * +CRYPTOPP_DEFINE_NAME_STRING(InsertLineBreaks) //< bool +CRYPTOPP_DEFINE_NAME_STRING(MaxLineLength) //< int +CRYPTOPP_DEFINE_NAME_STRING(DigestSize) //!< int, in bytes +CRYPTOPP_DEFINE_NAME_STRING(L1KeyLength) //!< int, in bytes +CRYPTOPP_DEFINE_NAME_STRING(TableSize) //!< int, in bytes +CRYPTOPP_DEFINE_NAME_STRING(Blinding) //!< bool, timing attack mitigations, ON by default +CRYPTOPP_DEFINE_NAME_STRING(DerivedKey) //!< ByteArrayParameter, key derivation, derived key +CRYPTOPP_DEFINE_NAME_STRING(DerivedKeyLength) //!< int, key derivation, derived key length in bytes +CRYPTOPP_DEFINE_NAME_STRING(Personalization) //!< ConstByteArrayParameter +CRYPTOPP_DEFINE_NAME_STRING(PersonalizationSize) //!< int, in bytes +CRYPTOPP_DEFINE_NAME_STRING(Salt) //!< ConstByteArrayParameter +CRYPTOPP_DEFINE_NAME_STRING(Tweak) //!< ConstByteArrayParameter +CRYPTOPP_DEFINE_NAME_STRING(SaltSize) //!< int, in bytes +CRYPTOPP_DEFINE_NAME_STRING(TreeMode) //< byte +DOCUMENTED_NAMESPACE_END + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/asn.h b/libs/win_crypto++/include/asn.h new file mode 100644 index 0000000..60d994b --- /dev/null +++ b/libs/win_crypto++/include/asn.h @@ -0,0 +1,546 @@ +// asn.h - written and placed in the public domain by Wei Dai + +//! \file asn.h +//! \brief Classes and functions for working with ANS.1 objects + +#ifndef CRYPTOPP_ASN_H +#define CRYPTOPP_ASN_H + +#include "cryptlib.h" +#include "filters.h" +#include "smartptr.h" +#include "stdcpp.h" +#include "queue.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \brief ASN.1 types +//! \note These tags and flags are not complete +enum ASNTag +{ + BOOLEAN = 0x01, + INTEGER = 0x02, + BIT_STRING = 0x03, + OCTET_STRING = 0x04, + TAG_NULL = 0x05, + OBJECT_IDENTIFIER = 0x06, + OBJECT_DESCRIPTOR = 0x07, + EXTERNAL = 0x08, + REAL = 0x09, + ENUMERATED = 0x0a, + UTF8_STRING = 0x0c, + SEQUENCE = 0x10, + SET = 0x11, + NUMERIC_STRING = 0x12, + PRINTABLE_STRING = 0x13, + T61_STRING = 0x14, + VIDEOTEXT_STRING = 0x15, + IA5_STRING = 0x16, + UTC_TIME = 0x17, + GENERALIZED_TIME = 0x18, + GRAPHIC_STRING = 0x19, + VISIBLE_STRING = 0x1a, + GENERAL_STRING = 0x1b +}; + +//! \brief ASN.1 flags +//! \note These tags and flags are not complete +enum ASNIdFlag +{ + UNIVERSAL = 0x00, +// DATA = 0x01, +// HEADER = 0x02, + CONSTRUCTED = 0x20, + APPLICATION = 0x40, + CONTEXT_SPECIFIC = 0x80, + PRIVATE = 0xc0 +}; + +//! \brief Raises a BERDecodeErr +inline void BERDecodeError() {throw BERDecodeErr();} + +//! \brief Exception thrown when an unknown object identifier is encountered +class CRYPTOPP_DLL UnknownOID : public BERDecodeErr +{ +public: + //! \brief Construct an UnknownOID + UnknownOID() : BERDecodeErr("BER decode error: unknown object identifier") {} + //! \brief Construct an UnknownOID + //! \param err error message to use for the execption + UnknownOID(const char *err) : BERDecodeErr(err) {} +}; + +// unsigned int DERLengthEncode(unsigned int length, byte *output=0); + +//! \brief DER encode a length +//! \param bt BufferedTransformation object for writing +//! \param length the size to encode +//! \returns the number of octets used for the encoding +CRYPTOPP_DLL size_t CRYPTOPP_API DERLengthEncode(BufferedTransformation &bt, lword length); + +//! \brief BER decode a length +//! \param bt BufferedTransformation object for reading +//! \param length the decoded size +//! \returns true if the value was decoded +//! \throws BERDecodeError if the value fails to decode or is too large for size_t +//! \details BERLengthDecode() returns false if the encoding is indefinite length. +CRYPTOPP_DLL bool CRYPTOPP_API BERLengthDecode(BufferedTransformation &bt, size_t &length); + +//! \brief DER encode NULL +//! \param bt BufferedTransformation object for writing +CRYPTOPP_DLL void CRYPTOPP_API DEREncodeNull(BufferedTransformation &bt); + +//! \brief BER decode NULL +//! \param bt BufferedTransformation object for reading +CRYPTOPP_DLL void CRYPTOPP_API BERDecodeNull(BufferedTransformation &bt); + +//! \brief DER encode octet string +//! \param bt BufferedTransformation object for writing +//! \param str the string to encode +//! \param strLen the length of the string +//! \returns the number of octets used for the encoding +CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeOctetString(BufferedTransformation &bt, const byte *str, size_t strLen); + +//! \brief DER encode octet string +//! \param bt BufferedTransformation object for reading +//! \param str the string to encode +//! \returns the number of octets used for the encoding +CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeOctetString(BufferedTransformation &bt, const SecByteBlock &str); + +//! \brief BER decode octet string +//! \param bt BufferedTransformation object for reading +//! \param str the decoded string +//! \returns the number of octets used for the encoding +CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeOctetString(BufferedTransformation &bt, SecByteBlock &str); + +//! \brief BER decode octet string +//! \param bt BufferedTransformation object for reading +//! \param str the decoded string +//! \returns the number of octets used for the encoding +CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeOctetString(BufferedTransformation &bt, BufferedTransformation &str); + +//! \brief DER encode text string +//! \param bt BufferedTransformation object for writing +//! \param str the string to encode +//! \param asnTag the ASN.1 type +//! \returns the number of octets used for the encoding +//! \details DEREncodeTextString() can be used for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING +CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeTextString(BufferedTransformation &bt, const std::string &str, byte asnTag); + +//! \brief BER decode text string +//! \param bt BufferedTransformation object for reading +//! \param str the string to encode +//! \param asnTag the ASN.1 type +//! \details DEREncodeTextString() can be used for UTF8_STRING, PRINTABLE_STRING, and IA5_STRING +CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeTextString(BufferedTransformation &bt, std::string &str, byte asnTag); + +//! \brief DER encode bit string +//! \param bt BufferedTransformation object for writing +//! \param str the string to encode +//! \param strLen the length of the string +//! \param unusedBits the number of unused bits +//! \returns the number of octets used for the encoding +CRYPTOPP_DLL size_t CRYPTOPP_API DEREncodeBitString(BufferedTransformation &bt, const byte *str, size_t strLen, unsigned int unusedBits=0); + +//! \brief DER decode bit string +//! \param bt BufferedTransformation object for reading +//! \param str the decoded string +//! \param unusedBits the number of unused bits +CRYPTOPP_DLL size_t CRYPTOPP_API BERDecodeBitString(BufferedTransformation &bt, SecByteBlock &str, unsigned int &unusedBits); + +//! \brief BER decode and DER re-encode +//! \param bt BufferedTransformation object for writing +//! \param dest BufferedTransformation object +CRYPTOPP_DLL void CRYPTOPP_API DERReencode(BufferedTransformation &bt, BufferedTransformation &dest); + +//! \brief Object Identifier +class CRYPTOPP_DLL OID +{ +public: + //! \brief Construct an OID + OID() {} + //! \brief Construct an OID + //! \param v value to initialize the OID + OID(word32 v) : m_values(1, v) {} + //! \brief Construct an OID + //! \param bt BufferedTransformation object + OID(BufferedTransformation &bt) {BERDecode(bt);} + + //! \brief Append a value to an OID + //! \param rhs the value to append + inline OID & operator+=(word32 rhs) {m_values.push_back(rhs); return *this;} + + //! \brief DER encode this OID + //! \param bt BufferedTransformation object + void DEREncode(BufferedTransformation &bt) const; + + //! \brief BER decode an OID + //! \param bt BufferedTransformation object + void BERDecode(BufferedTransformation &bt); + + //! \brief BER decode an OID + //! \param bt BufferedTransformation object + //! \throws BERDecodeErr() if decoded value doesn't match an expected OID + //! \details BERDecodeAndCheck() can be used to parse an OID and verify it matches an expected. + //! 
+	//!   BERSequenceDecoder key(bt);
+	//!   ...
+	//!   BERSequenceDecoder algorithm(key);
+	//!   GetAlgorithmID().BERDecodeAndCheck(algorithm);
+	//!
+ void BERDecodeAndCheck(BufferedTransformation &bt) const; + + std::vector m_values; + +private: + static void EncodeValue(BufferedTransformation &bt, word32 v); + static size_t DecodeValue(BufferedTransformation &bt, word32 &v); +}; + +//! \brief ASN.1 encoded object filter +class EncodedObjectFilter : public Filter +{ +public: + enum Flag {PUT_OBJECTS=1, PUT_MESSANGE_END_AFTER_EACH_OBJECT=2, PUT_MESSANGE_END_AFTER_ALL_OBJECTS=4, PUT_MESSANGE_SERIES_END_AFTER_ALL_OBJECTS=8}; + + //! \brief Construct an EncodedObjectFilter + //! \param attachment a BufferedTrasformation to attach to this object + //! \param nObjects + //! \param flags bitwise OR of EncodedObjectFilter::Flag + EncodedObjectFilter(BufferedTransformation *attachment = NULL, unsigned int nObjects = 1, word32 flags = 0); + + //! \brief Input a byte buffer for processing + //! \param inString the byte buffer to process + //! \param length the size of the string, in bytes + void Put(const byte *inString, size_t length); + + unsigned int GetNumberOfCompletedObjects() const {return m_nCurrentObject;} + unsigned long GetPositionOfObject(unsigned int i) const {return m_positions[i];} + +private: + BufferedTransformation & CurrentTarget(); + + word32 m_flags; + unsigned int m_nObjects, m_nCurrentObject, m_level; + std::vector m_positions; + ByteQueue m_queue; + enum State {IDENTIFIER, LENGTH, BODY, TAIL, ALL_DONE} m_state; + byte m_id; + lword m_lengthRemaining; +}; + +//! \brief BER General Decoder +class CRYPTOPP_DLL BERGeneralDecoder : public Store +{ +public: + explicit BERGeneralDecoder(BufferedTransformation &inQueue, byte asnTag); + explicit BERGeneralDecoder(BERGeneralDecoder &inQueue, byte asnTag); + ~BERGeneralDecoder(); + + bool IsDefiniteLength() const {return m_definiteLength;} + lword RemainingLength() const {CRYPTOPP_ASSERT(m_definiteLength); return m_length;} + bool EndReached() const; + byte PeekByte() const; + void CheckByte(byte b); + + size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); + size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; + + // call this to denote end of sequence + void MessageEnd(); + +protected: + BufferedTransformation &m_inQueue; + bool m_finished, m_definiteLength; + lword m_length; + +private: + void Init(byte asnTag); + void StoreInitialize(const NameValuePairs ¶meters) + {CRYPTOPP_UNUSED(parameters); CRYPTOPP_ASSERT(false);} + lword ReduceLength(lword delta); +}; + +// GCC (and likely other compilers) identify the explicit DERGeneralEncoder as a copy constructor; +// and not a constructor. We had to remove the default asnTag value to point the compiler in the +// proper direction. We did not break the library or versioning based on the output of +// `nm --demangle libcryptopp.a | grep DERGeneralEncoder::DERGeneralEncoder | grep -v " U "`. + +//! \brief DER General Encoder +class CRYPTOPP_DLL DERGeneralEncoder : public ByteQueue +{ +public: +#if defined(CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562) + explicit DERGeneralEncoder(BufferedTransformation &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED); + explicit DERGeneralEncoder(DERGeneralEncoder &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED); +#else + explicit DERGeneralEncoder(BufferedTransformation &outQueue, byte asnTag /*= SEQUENCE | CONSTRUCTED*/); + explicit DERGeneralEncoder(DERGeneralEncoder &outQueue, byte asnTag /*= SEQUENCE | CONSTRUCTED*/); +#endif + ~DERGeneralEncoder(); + + // call this to denote end of sequence + void MessageEnd(); + +private: + BufferedTransformation &m_outQueue; + bool m_finished; + + byte m_asnTag; +}; + +//! \brief BER Sequence Decoder +class CRYPTOPP_DLL BERSequenceDecoder : public BERGeneralDecoder +{ +public: + explicit BERSequenceDecoder(BufferedTransformation &inQueue, byte asnTag = SEQUENCE | CONSTRUCTED) + : BERGeneralDecoder(inQueue, asnTag) {} + explicit BERSequenceDecoder(BERSequenceDecoder &inQueue, byte asnTag = SEQUENCE | CONSTRUCTED) + : BERGeneralDecoder(inQueue, asnTag) {} +}; + +//! \brief DER Sequence Encoder +class CRYPTOPP_DLL DERSequenceEncoder : public DERGeneralEncoder +{ +public: + explicit DERSequenceEncoder(BufferedTransformation &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED) + : DERGeneralEncoder(outQueue, asnTag) {} + explicit DERSequenceEncoder(DERSequenceEncoder &outQueue, byte asnTag = SEQUENCE | CONSTRUCTED) + : DERGeneralEncoder(outQueue, asnTag) {} +}; + +//! \brief BER Set Decoder +class CRYPTOPP_DLL BERSetDecoder : public BERGeneralDecoder +{ +public: + explicit BERSetDecoder(BufferedTransformation &inQueue, byte asnTag = SET | CONSTRUCTED) + : BERGeneralDecoder(inQueue, asnTag) {} + explicit BERSetDecoder(BERSetDecoder &inQueue, byte asnTag = SET | CONSTRUCTED) + : BERGeneralDecoder(inQueue, asnTag) {} +}; + +//! \brief DER Set Encoder +class CRYPTOPP_DLL DERSetEncoder : public DERGeneralEncoder +{ +public: + explicit DERSetEncoder(BufferedTransformation &outQueue, byte asnTag = SET | CONSTRUCTED) + : DERGeneralEncoder(outQueue, asnTag) {} + explicit DERSetEncoder(DERSetEncoder &outQueue, byte asnTag = SET | CONSTRUCTED) + : DERGeneralEncoder(outQueue, asnTag) {} +}; + +//! \brief Optional data encoder and decoder +//! \tparam T class or type +template +class ASNOptional : public member_ptr +{ +public: + //! \brief BER decode optional data + //! \param seqDecoder sequence with the optional ASN.1 data + //! \param tag ASN.1 tag to match as optional data + //! \param mask the mask to apply when matching the tag + //! \sa ASNTag and ASNIdFlag + void BERDecode(BERSequenceDecoder &seqDecoder, byte tag, byte mask = ~CONSTRUCTED) + { + byte b; + if (seqDecoder.Peek(b) && (b & mask) == tag) + reset(new T(seqDecoder)); + } + + //! \brief DER encode optional data + //! \param out BufferedTransformation object + void DEREncode(BufferedTransformation &out) + { + if (this->get() != NULL) + this->get()->DEREncode(out); + } +}; + +//! \brief Encode and decode ASN.1 objects with additional information +//! \tparam BASE base class or type +//! \details Encodes and decodes public keys, private keys and group +//! parameters with OID identifying the algorithm or scheme. +template +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE ASN1CryptoMaterial : public ASN1Object, public BASE +{ +public: + //! \brief DER encode ASN.1 object + //! \param bt BufferedTransformation object + //! \details Save() will write the OID associated with algorithm or scheme. + //! In the case of public and private keys, this function writes the + //! subjectPubicKeyInfo and privateKeyInfo parts. + void Save(BufferedTransformation &bt) const + {BEREncode(bt);} + + //! \brief BER decode ASN.1 object + //! \param bt BufferedTransformation object + void Load(BufferedTransformation &bt) + {BERDecode(bt);} +}; + +//! \brief Encodes and decodes subjectPublicKeyInfo +class CRYPTOPP_DLL X509PublicKey : public ASN1CryptoMaterial +{ +public: + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const; + + //! \brief Retrieves the OID of the algorithm + //! \returns OID of the algorithm + virtual OID GetAlgorithmID() const =0; + virtual bool BERDecodeAlgorithmParameters(BufferedTransformation &bt) + {BERDecodeNull(bt); return false;} + virtual bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const + {DEREncodeNull(bt); return false;} // see RFC 2459, section 7.3.1 + + //! decode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header + virtual void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size) =0; + //! encode subjectPublicKey part of subjectPublicKeyInfo, without the BIT STRING header + virtual void DEREncodePublicKey(BufferedTransformation &bt) const =0; +}; + +//! \brief Encodes and decodesprivateKeyInfo +class CRYPTOPP_DLL PKCS8PrivateKey : public ASN1CryptoMaterial +{ +public: + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const; + + //! \brief Retrieves the OID of the algorithm + //! \returns OID of the algorithm + virtual OID GetAlgorithmID() const =0; + virtual bool BERDecodeAlgorithmParameters(BufferedTransformation &bt) + {BERDecodeNull(bt); return false;} + virtual bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const + {DEREncodeNull(bt); return false;} // see RFC 2459, section 7.3.1 + + //! decode privateKey part of privateKeyInfo, without the OCTET STRING header + virtual void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size) =0; + //! encode privateKey part of privateKeyInfo, without the OCTET STRING header + virtual void DEREncodePrivateKey(BufferedTransformation &bt) const =0; + + //! decode optional attributes including context-specific tag + /*! /note default implementation stores attributes to be output in DEREncodeOptionalAttributes */ + virtual void BERDecodeOptionalAttributes(BufferedTransformation &bt); + //! encode optional attributes including context-specific tag + virtual void DEREncodeOptionalAttributes(BufferedTransformation &bt) const; + +protected: + ByteQueue m_optionalAttributes; +}; + +// ******************************************************** + +//! \brief DER Encode unsigned value +//! \tparam T class or type +//! \param out BufferedTransformation object +//! \param w unsigned value to encode +//! \param asnTag the ASN.1 type +//! \details DEREncodeUnsigned() can be used with INTEGER, BOOLEAN, and ENUM +template +size_t DEREncodeUnsigned(BufferedTransformation &out, T w, byte asnTag = INTEGER) +{ + byte buf[sizeof(w)+1]; + unsigned int bc; + if (asnTag == BOOLEAN) + { + buf[sizeof(w)] = w ? 0xff : 0; + bc = 1; + } + else + { + buf[0] = 0; + for (unsigned int i=0; i> (sizeof(w)-1-i)*8); + bc = sizeof(w); + while (bc > 1 && buf[sizeof(w)+1-bc] == 0) + --bc; + if (buf[sizeof(w)+1-bc] & 0x80) + ++bc; + } + out.Put(asnTag); + size_t lengthBytes = DERLengthEncode(out, bc); + out.Put(buf+sizeof(w)+1-bc, bc); + return 1+lengthBytes+bc; +} + +//! \brief BER Decode unsigned value +//! \tparam T class or type +//! \param in BufferedTransformation object +//! \param w unsigned value to encode +//! \param asnTag the ASN.1 type +//! \param minValue the minimum expected value +//! \param maxValue the maximum expected value +//! \throws BERDecodeErr() if the value cannot be parsed or the decoded value is not within range. +//! \details DEREncodeUnsigned() can be used with INTEGER, BOOLEAN, and ENUM +template +void BERDecodeUnsigned(BufferedTransformation &in, T &w, byte asnTag = INTEGER, + T minValue = 0, T maxValue = ((std::numeric_limits::max)())) +{ + byte b; + if (!in.Get(b) || b != asnTag) + BERDecodeError(); + + size_t bc; + bool definite = BERLengthDecode(in, bc); + if (!definite) + BERDecodeError(); + + SecByteBlock buf(bc); + + if (bc != in.Get(buf, bc)) + BERDecodeError(); + + const byte *ptr = buf; + while (bc > sizeof(w) && *ptr == 0) + { + bc--; + ptr++; + } + if (bc > sizeof(w)) + BERDecodeError(); + + w = 0; + for (unsigned int i=0; i maxValue) + BERDecodeError(); +} + +#ifdef CRYPTOPP_DOXYGEN_PROCESSING +//! \brief Compare two OIDs for equality +//! \param lhs the first OID +//! \param rhs the second OID +//! \returns true if the OIDs are equal, false otherwise +inline bool operator==(const OID &lhs, const OID &rhs); +//! \brief Compare two OIDs for inequality +//! \param lhs the first OID +//! \param rhs the second OID +//! \returns true if the OIDs are not equal, false otherwise +inline bool operator!=(const OID &lhs, const OID &rhs); +//! \brief Compare two OIDs for ordering +//! \param lhs the first OID +//! \param rhs the second OID +//! \returns true if the first OID is less than the second OID, false otherwise +//! \details operator<() calls std::lexicographical_compare() on each element in the array of values. +inline bool operator<(const OID &lhs, const OID &rhs); +//! \brief Append a value to an OID +//! \param lhs the OID +//! \param rhs the value to append +inline OID operator+(const OID &lhs, unsigned long rhs); +#else +inline bool operator==(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs) + {return lhs.m_values == rhs.m_values;} +inline bool operator!=(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs) + {return lhs.m_values != rhs.m_values;} +inline bool operator<(const ::CryptoPP::OID &lhs, const ::CryptoPP::OID &rhs) + {return std::lexicographical_compare(lhs.m_values.begin(), lhs.m_values.end(), rhs.m_values.begin(), rhs.m_values.end());} +inline ::CryptoPP::OID operator+(const ::CryptoPP::OID &lhs, unsigned long rhs) + {return ::CryptoPP::OID(lhs)+=rhs;} +#endif + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/authenc.h b/libs/win_crypto++/include/authenc.h new file mode 100644 index 0000000..5752695 --- /dev/null +++ b/libs/win_crypto++/include/authenc.h @@ -0,0 +1,66 @@ +// authenc.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile authenc.h +//! \brief Base classes for working with authenticated encryption modes of encryption +//! \since Crypto++ 5.6.0 + +#ifndef CRYPTOPP_AUTHENC_H +#define CRYPTOPP_AUTHENC_H + +#include "cryptlib.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class AuthenticatedSymmetricCipherBase +//! \brief Base implementation for one direction (encryption or decryption) of a stream cipher or block cipher mode with authentication +//! \since Crypto++ 5.6.0 +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedSymmetricCipherBase : public AuthenticatedSymmetricCipher +{ +public: + AuthenticatedSymmetricCipherBase() : m_state(State_Start), m_bufferedDataLength(0), + m_totalHeaderLength(0), m_totalMessageLength(0), m_totalFooterLength(0) {} + + bool IsRandomAccess() const {return false;} + bool IsSelfInverting() const {return true;} + + //! \brief Sets the key for this object without performing parameter validation + //! \param key a byte buffer used to key the cipher + //! \param length the length of the byte buffer + //! \param params additional parameters passed as NameValuePairs + //! \details key must be at least DEFAULT_KEYLENGTH in length. + void UncheckedSetKey(const byte * key, unsigned int length,const CryptoPP::NameValuePairs ¶ms) + {CRYPTOPP_UNUSED(key), CRYPTOPP_UNUSED(length), CRYPTOPP_UNUSED(params); CRYPTOPP_ASSERT(false);} + + void SetKey(const byte *userKey, size_t keylength, const NameValuePairs ¶ms); + void Restart() {if (m_state > State_KeySet) m_state = State_KeySet;} + void Resynchronize(const byte *iv, int length=-1); + void Update(const byte *input, size_t length); + void ProcessData(byte *outString, const byte *inString, size_t length); + void TruncatedFinal(byte *mac, size_t macSize); + +protected: + void AuthenticateData(const byte *data, size_t len); + const SymmetricCipher & GetSymmetricCipher() const {return const_cast(this)->AccessSymmetricCipher();}; + + virtual SymmetricCipher & AccessSymmetricCipher() =0; + virtual bool AuthenticationIsOnPlaintext() const =0; + virtual unsigned int AuthenticationBlockSize() const =0; + virtual void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms) =0; + virtual void Resync(const byte *iv, size_t len) =0; + virtual size_t AuthenticateBlocks(const byte *data, size_t len) =0; + virtual void AuthenticateLastHeaderBlock() =0; + virtual void AuthenticateLastConfidentialBlock() {} + virtual void AuthenticateLastFooterBlock(byte *mac, size_t macSize) =0; + + enum State {State_Start, State_KeySet, State_IVSet, State_AuthUntransformed, State_AuthTransformed, State_AuthFooter}; + State m_state; + unsigned int m_bufferedDataLength; + lword m_totalHeaderLength, m_totalMessageLength, m_totalFooterLength; + AlignedSecByteBlock m_buffer; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/base32.h b/libs/win_crypto++/include/base32.h new file mode 100644 index 0000000..c740f68 --- /dev/null +++ b/libs/win_crypto++/include/base32.h @@ -0,0 +1,96 @@ +// base32.h - written and placed in the public domain by Frank Palazzolo, based on hex.cpp by Wei Dai + +//! \file +//! \brief Classes for Base32Encoder and Base32Decoder + +#ifndef CRYPTOPP_BASE32_H +#define CRYPTOPP_BASE32_H + +#include "cryptlib.h" +#include "basecode.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class Base32Encoder +//! \brief Base32 encodes data +//! \details Converts data to base32. The default code is based on Differential Unicode Domain Encoding (DUDE) (draft-ietf-idn-dude-02.txt). +class Base32Encoder : public SimpleProxyFilter +{ +public: + //! \brief Construct a Base32Encoder + //! \param attachment a BufferedTrasformation to attach to this object + //! \param uppercase a flag indicating uppercase output + //! \param groupSize the size of the grouping + //! \param separator the separator to use between groups + //! \param terminator the terminator appeand after processing + //! \details Base32Encoder() constructs a default encoder. The constructor lacks fields for padding and + //! line breaks. You must use IsolatedInitialize() to change the default padding character or suppress it. + //! \sa IsolatedInitialize() for an example of modifying a Base32Encoder after construction. + Base32Encoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int groupSize = 0, const std::string &separator = ":", const std::string &terminator = "") + : SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment) + { + IsolatedInitialize(MakeParameters(Name::Uppercase(), uppercase)(Name::GroupSize(), groupSize)(Name::Separator(), ConstByteArrayParameter(separator))(Name::Terminator(), ConstByteArrayParameter(terminator))); + } + + //! \brief Initialize or reinitialize this object, without signal propagation + //! \param parameters a set of NameValuePairs used to initialize this object + //! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable + //! number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached + //! transformations. If initialization should be propagated, then use the Initialize() function. + //! \details The following code modifies the padding and line break parameters for an encoder: + //! 
+	//!     Base32Encoder encoder;
+	//!     AlgorithmParameters params = MakeParameters(Pad(), false)(InsertLineBreaks(), false);
+	//!     encoder.IsolatedInitialize(params);
+ //! \details You can change the encoding to RFC 4648, Base + //! 32 Encoding with Extended Hex Alphabet by performing the following: + //! 
+	//!     Base32Encoder encoder;
+	//!     const byte ALPHABET[] = "0123456789ABCDEFGHIJKLMNOPQRSTUV";
+	//!     AlgorithmParameters params = MakeParameters(Name::EncodingLookupArray(),(const byte *)ALPHABET);
+	//!     encoder.IsolatedInitialize(params);
+ //! \details If you change the encoding alphabet, then you will need to change the decoding alphabet \a and + //! the decoder's lookup table. + //! \sa Base32Decoder::IsolatedInitialize() for an example of changing a Base32Decoder's lookup table. + void IsolatedInitialize(const NameValuePairs ¶meters); +}; + +//! \class Base32Decoder +//! \brief Base32 decodes data +//! \details Decode base32 data. The default code is based on Differential Unicode Domain Encoding (DUDE) (draft-ietf-idn-dude-02.txt). +class Base32Decoder : public BaseN_Decoder +{ +public: + //! \brief Construct a Base32Decoder + //! \param attachment a BufferedTrasformation to attach to this object + //! \sa IsolatedInitialize() for an example of modifying a Base32Decoder after construction. + Base32Decoder(BufferedTransformation *attachment = NULL) + : BaseN_Decoder(GetDefaultDecodingLookupArray(), 5, attachment) {} + + //! \brief Initialize or reinitialize this object, without signal propagation + //! \param parameters a set of NameValuePairs used to initialize this object + //! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable + //! number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached + //! transformations. If initialization should be propagated, then use the Initialize() function. + //! \details You can change the encoding to RFC 4648, Base + //! 32 Encoding with Extended Hex Alphabet by performing the following: + //! 
+	//!     int lookup[256];
+	//!     const byte ALPHABET[] = "0123456789ABCDEFGHIJKLMNOPQRSTUV";
+	//!     Base32Decoder::InitializeDecodingLookupArray(lookup, ALPHABET, 32, true /*insensitive*/);
+	//!
+	//!     Base32Decoder decoder;
+	//!     AlgorithmParameters params = MakeParameters(Name::DecodingLookupArray(),(const int *)lookup);
+	//!     decoder.IsolatedInitialize(params);
+ //! \sa Base32Encoder::IsolatedInitialize() for an example of changing a Base32Encoder's alphabet. + void IsolatedInitialize(const NameValuePairs ¶meters); + +private: + //! \brief Provides the default decoding lookup table + //! \return default decoding lookup table + static const int * CRYPTOPP_API GetDefaultDecodingLookupArray(); +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/base64.h b/libs/win_crypto++/include/base64.h new file mode 100644 index 0000000..c179a8f --- /dev/null +++ b/libs/win_crypto++/include/base64.h @@ -0,0 +1,162 @@ +// base64.h - written and placed in the public domain by Wei Dai + +//! \file base64.h +//! \brief Classes for the Base64Encoder, Base64Decoder, Base64URLEncoder and Base64URLDecoder + +#ifndef CRYPTOPP_BASE64_H +#define CRYPTOPP_BASE64_H + +#include "cryptlib.h" +#include "basecode.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class Base64Encoder +//! \brief Base64 encodes data +//! \details Base64 encodes data per RFC 4648, Base 64 Encoding. +class Base64Encoder : public SimpleProxyFilter +{ +public: + //! \brief Construct a Base64Encoder + //! \param attachment a BufferedTrasformation to attach to this object + //! \param insertLineBreaks a BufferedTrasformation to attach to this object + //! \param maxLineLength the lenght of a line if line breaks are used + //! \details Base64Encoder constructs a default encoder. The constructor lacks a parameter for padding, and you must + //! use IsolatedInitialize() to modify the Base64Encoder after construction. + //! \sa IsolatedInitialize() for an example of modifying an encoder after construction. + Base64Encoder(BufferedTransformation *attachment = NULL, bool insertLineBreaks = true, int maxLineLength = 72) + : SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment) + { + IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), insertLineBreaks)(Name::MaxLineLength(), maxLineLength)); + } + + //! \brief Initialize or reinitialize this object, without signal propagation + //! \param parameters a set of NameValuePairs used to initialize this object + //! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable + //! number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached + //! transformations. If initialization should be propagated, then use the Initialize() function. + //! \details The following code modifies the padding and line break parameters for an encoder: + //! 
+	//!     Base64Encoder encoder;
+	//!     AlgorithmParameters params = MakeParameters(Pad(), false)(InsertLineBreaks(), false);
+	//!     encoder.IsolatedInitialize(params);
+ //! \details You can change the encoding to RFC 4648 web safe alphabet by performing the following: + //! 
+	//!     Base64Encoder encoder;
+	//!     const byte ALPHABET[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+	//!     AlgorithmParameters params = MakeParameters(Name::EncodingLookupArray(),(const byte *)ALPHABET);
+	//!     encoder.IsolatedInitialize(params);
+ //! \details If you change the encoding alphabet, then you will need to change the decoding alphabet \a and + //! the decoder's lookup table. + //! \sa Base64URLEncoder for an encoder that provides the web safe alphabet, and Base64Decoder::IsolatedInitialize() + //! for an example of modifying a decoder's lookup table after construction. + void IsolatedInitialize(const NameValuePairs ¶meters); +}; + +//! \class Base64Decoder +//! \brief Base64 decodes data +//! \details Base64 encodes data per RFC 4648, Base 64 Encoding. +class Base64Decoder : public BaseN_Decoder +{ +public: + //! \brief Construct a Base64Decoder + //! \param attachment a BufferedTrasformation to attach to this object + //! \sa IsolatedInitialize() for an example of modifying an encoder after construction. + Base64Decoder(BufferedTransformation *attachment = NULL) + : BaseN_Decoder(GetDecodingLookupArray(), 6, attachment) {} + + //! \brief Initialize or reinitialize this object, without signal propagation + //! \param parameters a set of NameValuePairs used to initialize this object + //! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable + //! number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached + //! transformations. If initialization should be propagated, then use the Initialize() function. + //! \details The default decoding alpahbet is RFC 4868. You can change the to RFC 4868 web safe alphabet + //! by performing the following: + //! 
+	//!     int lookup[256];
+	//!     const byte ALPHABET[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_";
+	//!     Base64Decoder::InitializeDecodingLookupArray(lookup, ALPHABET, 64, false);
+	//!
+	//!     Base64Decoder decoder;
+	//!     AlgorithmParameters params = MakeParameters(Name::DecodingLookupArray(),(const int *)lookup);
+	//!     decoder.IsolatedInitialize(params);
+ //! \sa Base64URLDecoder for a decoder that provides the web safe alphabet, and Base64Encoder::IsolatedInitialize() + //! for an example of modifying an encoder's alphabet after construction. + void IsolatedInitialize(const NameValuePairs ¶meters); + +private: + //! \brief Provides the default decoding lookup table + //! \return default decoding lookup table + static const int * CRYPTOPP_API GetDecodingLookupArray(); +}; + +//! \class Base64URLEncoder +//! \brief Base64 encodes data using a web safe alphabet +//! \details Base64 encodes data per RFC 4648, Base 64 Encoding +//! with URL and Filename Safe Alphabet. +class Base64URLEncoder : public SimpleProxyFilter +{ +public: + //! \brief Construct a Base64URLEncoder + //! \param attachment a BufferedTrasformation to attach to this object + //! \param insertLineBreaks a BufferedTrasformation to attach to this object + //! \param maxLineLength the lenght of a line if line breaks are used + //! \details Base64URLEncoder() constructs a default encoder using a web safe alphabet. The constructor ignores + //! insertLineBreaks and maxLineLength because the web and URL safe specifications don't use them. They are + //! present in the constructor for API compatibility with Base64Encoder so it is a drop-in replacement. The + //! constructor also disables padding on the encoder for the same reason. + //! \details If you need line breaks or padding, then you must use IsolatedInitialize() to set them + //! after constructing a Base64URLEncoder. + //! \sa Base64Encoder for an encoder that provides a classic alphabet, and Base64URLEncoder::IsolatedInitialize + //! for an example of modifying an encoder after construction. + Base64URLEncoder(BufferedTransformation *attachment = NULL, bool insertLineBreaks = false, int maxLineLength = -1) + : SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment) + { + CRYPTOPP_UNUSED(insertLineBreaks), CRYPTOPP_UNUSED(maxLineLength); + IsolatedInitialize(MakeParameters(Name::InsertLineBreaks(), false)(Name::MaxLineLength(), -1)(Name::Pad(),false)); + } + + //! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable + //! number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on attached + //! transformations. If initialization should be propagated, then use the Initialize() function. + //! \details The following code modifies the padding and line break parameters for an encoder: + //! 
+	//!     Base64URLEncoder encoder;
+	//!     AlgorithmParameters params = MakeParameters(Name::Pad(), true)(Name::InsertLineBreaks(), true);
+	//!     encoder.IsolatedInitialize(params);
+ //! \sa Base64Encoder for an encoder that provides a classic alphabet. + void IsolatedInitialize(const NameValuePairs ¶meters); +}; + +//! \class Base64URLDecoder +//! \brief Base64 decodes data using a web safe alphabet +//! \details Base64 encodes data per RFC 4648, Base 64 Encoding +//! with URL and Filename Safe Alphabet. +class Base64URLDecoder : public BaseN_Decoder +{ +public: + //! \brief Construct a Base64URLDecoder + //! \param attachment a BufferedTrasformation to attach to this object + //! \details Base64URLDecoder() constructs a default decoder using a web safe alphabet. + //! \sa Base64Decoder for a decoder that provides a classic alphabet. + Base64URLDecoder(BufferedTransformation *attachment = NULL) + : BaseN_Decoder(GetDecodingLookupArray(), 6, attachment) {} + + //! \brief Initialize or reinitialize this object, without signal propagation + //! \param parameters a set of NameValuePairs used to initialize this object + //! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable + //! number of arbitrarily typed arguments. IsolatedInitialize() does not call Initialize() on + //! attached transformations. If initialization should be propagated, then use the Initialize() function. + //! \sa Base64Decoder for a decoder that provides a classic alphabet, and Base64URLEncoder::IsolatedInitialize + //! for an example of modifying an encoder after construction. + void IsolatedInitialize(const NameValuePairs ¶meters); + +private: + //! \brief Provides the default decoding lookup table + //! \return default decoding lookup table + static const int * CRYPTOPP_API GetDecodingLookupArray(); +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/basecode.h b/libs/win_crypto++/include/basecode.h new file mode 100644 index 0000000..782cdc0 --- /dev/null +++ b/libs/win_crypto++/include/basecode.h @@ -0,0 +1,142 @@ +// basecode.h - written and placed in the public domain by Wei Dai + +//! \file +//! \brief Base classes for working with encoders and decoders. + +#ifndef CRYPTOPP_BASECODE_H +#define CRYPTOPP_BASECODE_H + +#include "cryptlib.h" +#include "filters.h" +#include "algparam.h" +#include "argnames.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class BaseN_Encoder +//! \brief Encoder for bases that are a power of 2 +class CRYPTOPP_DLL BaseN_Encoder : public Unflushable +{ +public: + //! \brief Construct a BaseN_Encoder + //! \param attachment a BufferedTransformation to attach to this object + BaseN_Encoder(BufferedTransformation *attachment=NULL) + : m_alphabet(NULL), m_padding(0), m_bitsPerChar(0) + , m_outputBlockSize(0), m_bytePos(0), m_bitPos(0) + {Detach(attachment);} + + //! \brief Construct a BaseN_Encoder + //! \param alphabet table of ASCII characters to use as the alphabet + //! \param log2base the log2base + //! \param attachment a BufferedTransformation to attach to this object + //! \param padding the character to use as padding + //! \pre log2base must be between 1 and 7 inclusive + //! \throws InvalidArgument if log2base is not between 1 and 7 + BaseN_Encoder(const byte *alphabet, int log2base, BufferedTransformation *attachment=NULL, int padding=-1) + : m_alphabet(NULL), m_padding(0), m_bitsPerChar(0) + , m_outputBlockSize(0), m_bytePos(0), m_bitPos(0) + { + Detach(attachment); + IsolatedInitialize(MakeParameters(Name::EncodingLookupArray(), alphabet) + (Name::Log2Base(), log2base) + (Name::Pad(), padding != -1) + (Name::PaddingByte(), byte(padding))); + } + + void IsolatedInitialize(const NameValuePairs ¶meters); + size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); + +private: + const byte *m_alphabet; + int m_padding, m_bitsPerChar, m_outputBlockSize; + int m_bytePos, m_bitPos; + SecByteBlock m_outBuf; +}; + +//! \class BaseN_Decoder +//! \brief Decoder for bases that are a power of 2 +class CRYPTOPP_DLL BaseN_Decoder : public Unflushable +{ +public: + //! \brief Construct a BaseN_Decoder + //! \param attachment a BufferedTransformation to attach to this object + //! \details padding is set to -1, which means use default padding. If not + //! required, then the value must be set via IsolatedInitialize(). + BaseN_Decoder(BufferedTransformation *attachment=NULL) + : m_lookup(0), m_padding(0), m_bitsPerChar(0) + , m_outputBlockSize(0), m_bytePos(0), m_bitPos(0) + {Detach(attachment);} + + //! \brief Construct a BaseN_Decoder + //! \param lookup table of values + //! \param log2base the log2base + //! \param attachment a BufferedTransformation to attach to this object + //! \details log2base is the exponent (like 5 in 25), and not + //! the number of elements (like 32). + //! \details padding is set to -1, which means use default padding. If not + //! required, then the value must be set via IsolatedInitialize(). + BaseN_Decoder(const int *lookup, int log2base, BufferedTransformation *attachment=NULL) + : m_lookup(0), m_padding(0), m_bitsPerChar(0) + , m_outputBlockSize(0), m_bytePos(0), m_bitPos(0) + { + Detach(attachment); + IsolatedInitialize(MakeParameters(Name::DecodingLookupArray(), lookup)(Name::Log2Base(), log2base)); + } + + void IsolatedInitialize(const NameValuePairs ¶meters); + size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); + + //! \brief Intializes BaseN lookup array + //! \param lookup table of values + //! \param alphabet table of ASCII characters + //! \param base the base for the encoder + //! \param caseInsensitive flag indicating whether the alpabet is case sensitivie + //! \pre COUNTOF(lookup) == 256 + //! \pre COUNTOF(alphabet) == base + //! \details Internally, the function sets the first 256 elements in the lookup table to + //! their value from the alphabet array or -1. base is the number of element (like 32), + //! and not an exponent (like 5 in 25) + static void CRYPTOPP_API InitializeDecodingLookupArray(int *lookup, const byte *alphabet, unsigned int base, bool caseInsensitive); + +private: + const int *m_lookup; + int m_padding, m_bitsPerChar, m_outputBlockSize; + int m_bytePos, m_bitPos; + SecByteBlock m_outBuf; +}; + +//! \class Grouper +//! \brief Filter that breaks input stream into groups of fixed size +class CRYPTOPP_DLL Grouper : public Bufferless +{ +public: + //! \brief Construct a Grouper + //! \param attachment a BufferedTransformation to attach to this object + Grouper(BufferedTransformation *attachment=NULL) + : m_groupSize(0), m_counter(0) {Detach(attachment);} + + //! \brief Construct a Grouper + //! \param groupSize the size of the grouping + //! \param separator the separator to use between groups + //! \param terminator the terminator appeand after processing + //! \param attachment a BufferedTransformation to attach to this object + Grouper(int groupSize, const std::string &separator, const std::string &terminator, BufferedTransformation *attachment=NULL) + : m_groupSize(0), m_counter(0) + { + Detach(attachment); + IsolatedInitialize(MakeParameters(Name::GroupSize(), groupSize) + (Name::Separator(), ConstByteArrayParameter(separator)) + (Name::Terminator(), ConstByteArrayParameter(terminator))); + } + + void IsolatedInitialize(const NameValuePairs ¶meters); + size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); + +private: + SecByteBlock m_separator, m_terminator; + size_t m_groupSize, m_counter; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/bench.h b/libs/win_crypto++/include/bench.h new file mode 100644 index 0000000..5dfb6d4 --- /dev/null +++ b/libs/win_crypto++/include/bench.h @@ -0,0 +1,13 @@ +// bench.h - written and placed in the public domain by Wei Dai + +#ifndef CRYPTOPP_BENCH_H +#define CRYPTOPP_BENCH_H + +#include "cryptlib.h" + +extern const double CLOCK_TICKS_PER_SECOND; + +void BenchmarkAll(double t, double hertz); +void BenchmarkAll2(double t, double hertz); + +#endif diff --git a/libs/win_crypto++/include/blake2.h b/libs/win_crypto++/include/blake2.h new file mode 100644 index 0000000..8baa0c2 --- /dev/null +++ b/libs/win_crypto++/include/blake2.h @@ -0,0 +1,314 @@ +// blake2.h - written and placed in the public domain by Jeffrey Walton and Zooko +// Wilcox-O'Hearn. Copyright assigned to the Crypto++ project. +// Based on Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's reference BLAKE2 +// implementation at http://github.com/BLAKE2/BLAKE2. + +//! \file blake2.h +//! \brief Classes for BLAKE2b and BLAKE2s message digests and keyed message digests +//! \details This implmentation follows Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's +//! BLAKE2: simpler, smaller, fast as MD5 (2013.01.29). +//! Static algorithm name return either "BLAKE2b" or "BLAKE2s". An object algorithm name follows +//! the naming described in RFC 7693, The +//! BLAKE2 Cryptographic Hash and Message Authentication Code (MAC). +//! \details The library provides specialized SSE2, SSE4 and NEON version of the BLAKE2 compression +//! function. For best results under ARM NEON, specify both an architecture and cpu. For example: +//! 
CXXFLAGS="-DNDEBUG -march=armv8-a+crc -mcpu=cortex-a53 ..."
+//! \since Crypto++ 5.6.4 + +#ifndef CRYPTOPP_BLAKE2_H +#define CRYPTOPP_BLAKE2_H + +#include "cryptlib.h" +#include "secblock.h" +#include "seckey.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class BLAKE2_Info +//! \brief BLAKE2 hash information +//! \tparam T_64bit flag indicating 64-bit +//! \since Crypto++ 5.6.4 +template +struct BLAKE2_Info : public VariableKeyLength<(T_64bit ? 64 : 32),0,(T_64bit ? 64 : 32),1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE> +{ + typedef VariableKeyLength<(T_64bit ? 64 : 32),0,(T_64bit ? 64 : 32),1,SimpleKeyingInterface::NOT_RESYNCHRONIZABLE> KeyBase; + CRYPTOPP_CONSTANT(MIN_KEYLENGTH = KeyBase::MIN_KEYLENGTH) + CRYPTOPP_CONSTANT(MAX_KEYLENGTH = KeyBase::MAX_KEYLENGTH) + CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = KeyBase::DEFAULT_KEYLENGTH) + + CRYPTOPP_CONSTANT(BLOCKSIZE = (T_64bit ? 128 : 64)) + CRYPTOPP_CONSTANT(DIGESTSIZE = (T_64bit ? 64 : 32)) + CRYPTOPP_CONSTANT(SALTSIZE = (T_64bit ? 16 : 8)) + CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = (T_64bit ? 16 : 8)) + + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return (T_64bit ? "BLAKE2b" : "BLAKE2s");} +}; + +//! \class BLAKE2_ParameterBlock +//! \brief BLAKE2 parameter block +//! \tparam T_64bit flag indicating 64-bit +//! \details BLAKE2b uses BLAKE2_ParameterBlock, while BLAKE2s +//! uses BLAKE2_ParameterBlock. +//! \since Crypto++ 5.6.4 +template +struct CRYPTOPP_NO_VTABLE BLAKE2_ParameterBlock +{ +}; + +//! \brief BLAKE2b parameter block specialization +template<> +struct CRYPTOPP_NO_VTABLE BLAKE2_ParameterBlock +{ + CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2_Info::SALTSIZE) + CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2_Info::DIGESTSIZE) + CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2_Info::PERSONALIZATIONSIZE) + + BLAKE2_ParameterBlock() + { + memset(this, 0x00, sizeof(*this)); + digestLength = DIGESTSIZE; + fanout = depth = 1; + } + + BLAKE2_ParameterBlock(size_t digestSize) + { + CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE); + memset(this, 0x00, sizeof(*this)); + digestLength = (byte)digestSize; + fanout = depth = 1; + } + + BLAKE2_ParameterBlock(size_t digestSize, size_t keyLength, const byte* salt, size_t saltLength, + const byte* personalization, size_t personalizationLength); + + byte digestLength; + byte keyLength, fanout, depth; + byte leafLength[4]; + byte nodeOffset[8]; + byte nodeDepth, innerLength, rfu[14]; + byte salt[SALTSIZE]; + byte personalization[PERSONALIZATIONSIZE]; +}; + +//! \brief BLAKE2s parameter block specialization +template<> +struct CRYPTOPP_NO_VTABLE BLAKE2_ParameterBlock +{ + CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2_Info::SALTSIZE) + CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2_Info::DIGESTSIZE) + CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2_Info::PERSONALIZATIONSIZE) + + BLAKE2_ParameterBlock() + { + memset(this, 0x00, sizeof(*this)); + digestLength = DIGESTSIZE; + fanout = depth = 1; + } + + BLAKE2_ParameterBlock(size_t digestSize) + { + CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE); + memset(this, 0x00, sizeof(*this)); + digestLength = (byte)digestSize; + fanout = depth = 1; + } + + BLAKE2_ParameterBlock(size_t digestSize, size_t keyLength, const byte* salt, size_t saltLength, + const byte* personalization, size_t personalizationLength); + + byte digestLength; + byte keyLength, fanout, depth; + byte leafLength[4]; + byte nodeOffset[6]; + byte nodeDepth, innerLength; + byte salt[SALTSIZE]; + byte personalization[PERSONALIZATIONSIZE]; +}; + +//! \class BLAKE2_State +//! \brief BLAKE2 state information +//! \tparam W word type +//! \tparam T_64bit flag indicating 64-bit +//! \details BLAKE2b uses BLAKE2_State, while BLAKE2s +//! uses BLAKE2_State. +//! \since Crypto++ 5.6.4 +template +struct CRYPTOPP_NO_VTABLE BLAKE2_State +{ + CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2_Info::BLOCKSIZE) + + BLAKE2_State() + { + // Set all members except scratch buffer[] + h[0]=h[1]=h[2]=h[3]=h[4]=h[5]=h[6]=h[7] = 0; + t[0]=t[1]=f[0]=f[1] = 0; + length = 0; + } + + // SSE2, SSE4 and NEON depend upon t[] and f[] being side-by-side + W h[8], t[2], f[2]; + byte buffer[BLOCKSIZE]; + size_t length; +}; + +//! \class BLAKE2_Base +//! \brief BLAKE2 hash implementation +//! \tparam W word type +//! \tparam T_64bit flag indicating 64-bit +//! \details BLAKE2b uses BLAKE2_Base, while BLAKE2s +//! uses BLAKE2_Base. +//! \since Crypto++ 5.6.4 +template +class BLAKE2_Base : public SimpleKeyingInterfaceImpl > +{ +public: + CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH = BLAKE2_Info::DEFAULT_KEYLENGTH) + CRYPTOPP_CONSTANT(MIN_KEYLENGTH = BLAKE2_Info::MIN_KEYLENGTH) + CRYPTOPP_CONSTANT(MAX_KEYLENGTH = BLAKE2_Info::MAX_KEYLENGTH) + + CRYPTOPP_CONSTANT(DIGESTSIZE = BLAKE2_Info::DIGESTSIZE) + CRYPTOPP_CONSTANT(BLOCKSIZE = BLAKE2_Info::BLOCKSIZE) + CRYPTOPP_CONSTANT(SALTSIZE = BLAKE2_Info::SALTSIZE) + CRYPTOPP_CONSTANT(PERSONALIZATIONSIZE = BLAKE2_Info::PERSONALIZATIONSIZE) + + typedef BLAKE2_State State; + typedef BLAKE2_ParameterBlock ParameterBlock; + typedef SecBlock > AlignedState; + typedef SecBlock > AlignedParameterBlock; + + virtual ~BLAKE2_Base() {} + + //! \brief Retrieve the static algorithm name + //! \returns the algorithm name (BLAKE2s or BLAKE2b) + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return BLAKE2_Info::StaticAlgorithmName();} + + //! \brief Retrieve the object's name + //! \returns the object's algorithm name following RFC 7693 + //! \details Object algorithm name follows the naming described in + //! RFC 7693, The BLAKE2 Cryptographic Hash and + //! Message Authentication Code (MAC). For example, "BLAKE2b-512" and "BLAKE2s-256". + std::string AlgorithmName() const {return std::string(StaticAlgorithmName()) + "-" + IntToString(this->DigestSize()*8);} + + unsigned int DigestSize() const {return m_digestSize;} + unsigned int OptimalDataAlignment() const {return (CRYPTOPP_BOOL_ALIGN16 ? 16 : GetAlignmentOf());} + + void Update(const byte *input, size_t length); + void Restart(); + + //! \brief Restart a hash with parameter block and counter + //! \param block paramter block + //! \param counter counter array + //! \details Parameter block is persisted across calls to Restart(). + void Restart(const BLAKE2_ParameterBlock& block, const W counter[2]); + + //! \brief Set tree mode + //! \param mode the new tree mode + //! \details BLAKE2 has two finalization flags, called State::f[0] and State::f[1]. + //! If treeMode=false (default), then State::f[1] is never set. If + //! treeMode=true, then State::f[1] is set when State::f[0] is set. + //! Tree mode is persisted across calls to Restart(). + void SetTreeMode(bool mode) {m_treeMode=mode;} + + //! \brief Get tree mode + //! \returns the current tree mode + //! \details Tree mode is persisted across calls to Restart(). + bool GetTreeMode() const {return m_treeMode;} + + void TruncatedFinal(byte *hash, size_t size); + +protected: + BLAKE2_Base(); + BLAKE2_Base(bool treeMode, unsigned int digestSize); + BLAKE2_Base(const byte *key, size_t keyLength, const byte* salt, size_t saltLength, + const byte* personalization, size_t personalizationLength, + bool treeMode, unsigned int digestSize); + + // Operates on state buffer and/or input. Must be BLOCKSIZE, final block will pad with 0's. + void Compress(const byte *input); + inline void IncrementCounter(size_t count=BLOCKSIZE); + + void UncheckedSetKey(const byte* key, unsigned int length, const CryptoPP::NameValuePairs& params); + +private: + AlignedState m_state; + AlignedParameterBlock m_block; + AlignedSecByteBlock m_key; + word32 m_digestSize; + bool m_treeMode; +}; + +//! \brief The BLAKE2b cryptographic hash function +//! \details BLAKE2b can function as both a hash and keyed hash. If you want only the hash, +//! then use the BLAKE2b constructor that accepts no parameters or digest size. If you +//! want a keyed hash, then use the constuctor that accpts the key as a parameter. +//! Once a key and digest size are selected, its effectively immutable. The Restart() +//! method that accepts a ParameterBlock does not allow you to change it. +//! \sa Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's +//! BLAKE2: simpler, smaller, fast as MD5 (2013.01.29). +//! \since Crypto++ 5.6.4 +class BLAKE2b : public BLAKE2_Base +{ +public: + typedef BLAKE2_Base ThisBase; // Early Visual Studio workaround + typedef BLAKE2_ParameterBlock ParameterBlock; + CRYPTOPP_COMPILE_ASSERT(sizeof(ParameterBlock) == 64); + + //! \brief Construct a BLAKE2b hash + //! \param digestSize the digest size, in bytes + //! \param treeMode flag indicating tree mode + BLAKE2b(bool treeMode=false, unsigned int digestSize = DIGESTSIZE) : ThisBase(treeMode, digestSize) {} + + //! \brief Construct a BLAKE2b hash + //! \param key a byte array used to key the cipher + //! \param keyLength the size of the byte array + //! \param salt a byte array used as salt + //! \param saltLength the size of the byte array + //! \param personalization a byte array used as prsonalization string + //! \param personalizationLength the size of the byte array + //! \param treeMode flag indicating tree mode + //! \param digestSize the digest size, in bytes + BLAKE2b(const byte *key, size_t keyLength, const byte* salt = NULL, size_t saltLength = 0, + const byte* personalization = NULL, size_t personalizationLength = 0, + bool treeMode=false, unsigned int digestSize = DIGESTSIZE) + : ThisBase(key, keyLength, salt, saltLength, personalization, personalizationLength, treeMode, digestSize) {} +}; + +//! \brief The BLAKE2s cryptographic hash function +//! \details BLAKE2s can function as both a hash and keyed hash. If you want only the hash, +//! then use the BLAKE2s constructor that accepts no parameters or digest size. If you +//! want a keyed hash, then use the constuctor that accpts the key as a parameter. +//! Once a key and digest size are selected, its effectively immutable. The Restart() +//! method that accepts a ParameterBlock does not allow you to change it. +//! \sa Aumasson, Neves, Wilcox-O'Hearn and Winnerlein's +//! BLAKE2: simpler, smaller, fast as MD5 (2013.01.29). +//! \since Crypto++ 5.6.4 +class BLAKE2s : public BLAKE2_Base +{ +public: + typedef BLAKE2_Base ThisBase; // Early Visual Studio workaround + typedef BLAKE2_ParameterBlock ParameterBlock; + CRYPTOPP_COMPILE_ASSERT(sizeof(ParameterBlock) == 32); + + //! \brief Construct a BLAKE2s hash + //! \param digestSize the digest size, in bytes + //! \param treeMode flag indicating tree mode + BLAKE2s(bool treeMode=false, unsigned int digestSize = DIGESTSIZE) : ThisBase(treeMode, digestSize) {} + + //! \brief Construct a BLAKE2s hash + //! \param key a byte array used to key the cipher + //! \param keyLength the size of the byte array + //! \param salt a byte array used as salt + //! \param saltLength the size of the byte array + //! \param personalization a byte array used as prsonalization string + //! \param personalizationLength the size of the byte array + //! \param treeMode flag indicating tree mode + //! \param digestSize the digest size, in bytes + BLAKE2s(const byte *key, size_t keyLength, const byte* salt = NULL, size_t saltLength = 0, + const byte* personalization = NULL, size_t personalizationLength = 0, + bool treeMode=false, unsigned int digestSize = DIGESTSIZE) + : ThisBase(key, keyLength, salt, saltLength, personalization, personalizationLength, treeMode, digestSize) {} +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/blowfish.h b/libs/win_crypto++/include/blowfish.h new file mode 100644 index 0000000..c543651 --- /dev/null +++ b/libs/win_crypto++/include/blowfish.h @@ -0,0 +1,56 @@ +// blowfish.h - written and placed in the public domain by Wei Dai + +//! \file blowfish.h +//! \brief Classes for the Blowfish block cipher + +#ifndef CRYPTOPP_BLOWFISH_H +#define CRYPTOPP_BLOWFISH_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class Blowfish_Info +//! \brief Blowfish block cipher information +struct Blowfish_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 4, 56>, public FixedRounds<16> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "Blowfish";} +}; + +// Blowfish + +//! \class Blowfish_Info +//! \brief Blowfish block cipher +class Blowfish : public Blowfish_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief Class specific implementation and overrides used to operate the cipher. + //! \details Implementations and overrides in \p Base apply to both \p ENCRYPTION and \p DECRYPTION directions + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + void UncheckedSetKey(const byte *key_string, unsigned int keylength, const NameValuePairs ¶ms); + + private: + void crypt_block(const word32 in[2], word32 out[2]) const; + + static const word32 p_init[ROUNDS+2]; + static const word32 s_init[4*256]; + + FixedSizeSecBlock pbox; + FixedSizeSecBlock sbox; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef Blowfish::Encryption BlowfishEncryption; +typedef Blowfish::Decryption BlowfishDecryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/blumshub.h b/libs/win_crypto++/include/blumshub.h new file mode 100644 index 0000000..df43d83 --- /dev/null +++ b/libs/win_crypto++/include/blumshub.h @@ -0,0 +1,63 @@ +// blumshub.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile blumshub.h +//! \brief Classes for Blum Blum Shub generator + +#ifndef CRYPTOPP_BLUMSHUB_H +#define CRYPTOPP_BLUMSHUB_H + +#include "cryptlib.h" +#include "modarith.h" +#include "integer.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! BlumBlumShub without factorization of the modulus +class PublicBlumBlumShub : public RandomNumberGenerator, + public StreamTransformation +{ +public: + PublicBlumBlumShub(const Integer &n, const Integer &seed); + + unsigned int GenerateBit(); + byte GenerateByte(); + void GenerateBlock(byte *output, size_t size); + void ProcessData(byte *outString, const byte *inString, size_t length); + + bool IsSelfInverting() const {return true;} + bool IsForwardTransformation() const {return true;} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~PublicBlumBlumShub() {} +#endif + +protected: + ModularArithmetic modn; + Integer current; + word maxBits, bitsLeft; +}; + +//! BlumBlumShub with factorization of the modulus +class BlumBlumShub : public PublicBlumBlumShub +{ +public: + // Make sure p and q are both primes congruent to 3 mod 4 and at least 512 bits long, + // seed is the secret key and should be about as big as p*q + BlumBlumShub(const Integer &p, const Integer &q, const Integer &seed); + + bool IsRandomAccess() const {return true;} + void Seek(lword index); + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~BlumBlumShub() {} +#endif + +protected: + const Integer p, q; + const Integer x0; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/camellia.h b/libs/win_crypto++/include/camellia.h new file mode 100644 index 0000000..0e0dc42 --- /dev/null +++ b/libs/win_crypto++/include/camellia.h @@ -0,0 +1,51 @@ +// camellia.h - written and placed in the public domain by Wei Dai + +//! \file camellia.h +//! \brief Classes for the Cameliia block cipher + +#ifndef CRYPTOPP_CAMELLIA_H +#define CRYPTOPP_CAMELLIA_H + +#include "config.h" +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class Camellia_Info +//! \brief Camellia block cipher information +struct Camellia_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32, 8> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "Camellia";} +}; + +//! \class Camellia +//! \brief Camellia block cipher +//! \sa Camellia +class Camellia : public Camellia_Info, public BlockCipherDocumentation +{ + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *key, unsigned int keylen, const NameValuePairs ¶ms); + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + + protected: + CRYPTOPP_ALIGN_DATA(4) static const byte s1[256]; + static const word32 SP[4][256]; + + unsigned int m_rounds; + SecBlock m_key; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef Camellia::Encryption CamelliaEncryption; +typedef Camellia::Decryption CamelliaDecryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/cast.h b/libs/win_crypto++/include/cast.h new file mode 100644 index 0000000..86a5a63 --- /dev/null +++ b/libs/win_crypto++/include/cast.h @@ -0,0 +1,109 @@ +// cast.h - written and placed in the public domain by Wei Dai + +//! \file cast.h +//! \brief Classes for the CAST-128 and CAST-256 block ciphers + +#ifndef CRYPTOPP_CAST_H +#define CRYPTOPP_CAST_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class CAST +//! \brief CAST block cipher base +class CAST +{ +protected: + static const word32 S[8][256]; +}; + +//! \class CAST128_Info +//! \brief CAST128 block cipher information +struct CAST128_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 5, 16> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "CAST-128";} +}; + +//! \class CAST128 +//! \brief CAST128 block cipher +//! \sa CAST-128 +class CAST128 : public CAST128_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief CAST128 block cipher default operation + class CRYPTOPP_NO_VTABLE Base : public CAST, public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + + protected: + bool reduced; + FixedSizeSecBlock K; + }; + + //! \class Enc + //! \brief CAST128 block cipher encryption operation + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + //! \class Dec + //! \brief CAST128 block cipher decryption operation + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +//! \class CAST256_Info +//! \brief CAST256 block cipher information +struct CAST256_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32, 4> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "CAST-256";} +}; + +//! \class CAST256 +//! \brief CAST256 block cipher +//! \sa CAST-256 +class CAST256 : public CAST256_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief CAST256 block cipher default operation + class CRYPTOPP_NO_VTABLE Base : public CAST, public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + + protected: + static const word32 t_m[8][24]; + static const unsigned int t_r[8][24]; + + static void Omega(int i, word32 kappa[8]); + + FixedSizeSecBlock K; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef CAST128::Encryption CAST128Encryption; +typedef CAST128::Decryption CAST128Decryption; + +typedef CAST256::Encryption CAST256Encryption; +typedef CAST256::Decryption CAST256Decryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/cbcmac.h b/libs/win_crypto++/include/cbcmac.h new file mode 100644 index 0000000..38c75b7 --- /dev/null +++ b/libs/win_crypto++/include/cbcmac.h @@ -0,0 +1,56 @@ +// cbcmac.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile cbcmac.h +//! \brief Classes for CBC MAC + +#ifndef CRYPTOPP_CBCMAC_H +#define CRYPTOPP_CBCMAC_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! _ +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_MAC_Base : public MessageAuthenticationCode +{ +public: + CBC_MAC_Base() : m_counter(0) {} + + void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); + void Update(const byte *input, size_t length); + void TruncatedFinal(byte *mac, size_t size); + unsigned int DigestSize() const {return const_cast(this)->AccessCipher().BlockSize();} + +protected: + virtual BlockCipher & AccessCipher() =0; + +private: + void ProcessBuf(); + SecByteBlock m_reg; + unsigned int m_counter; +}; + +//! CBC-MAC +/*! Compatible with FIPS 113. T should be a class derived from BlockCipherDocumentation. + Secure only for fixed length messages. For variable length messages use CMAC or DMAC. +*/ +template +class CBC_MAC : public MessageAuthenticationCodeImpl >, public SameKeyLengthAs +{ +public: + CBC_MAC() {} + CBC_MAC(const byte *key, size_t length=SameKeyLengthAs::DEFAULT_KEYLENGTH) + {this->SetKey(key, length);} + + static std::string StaticAlgorithmName() {return std::string("CBC-MAC(") + T::StaticAlgorithmName() + ")";} + +private: + BlockCipher & AccessCipher() {return m_cipher;} + typename T::Encryption m_cipher; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/ccm.h b/libs/win_crypto++/include/ccm.h new file mode 100644 index 0000000..2ecee0d --- /dev/null +++ b/libs/win_crypto++/include/ccm.h @@ -0,0 +1,122 @@ +// ccm.h - written and placed in the public domain by Wei Dai + +//! \file ccm.h +//! \brief CCM block cipher mode of operation +//! \since Crypto++ 5.6.0 + +#ifndef CRYPTOPP_CCM_H +#define CRYPTOPP_CCM_H + +#include "authenc.h" +#include "modes.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class CCM_Base +//! \brief CCM block cipher base implementation +//! \details Base implementation of the AuthenticatedSymmetricCipher interface +//! \since Crypto++ 5.6.0 +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CCM_Base : public AuthenticatedSymmetricCipherBase +{ +public: + CCM_Base() + : m_digestSize(0), m_L(0), m_messageLength(0), m_aadLength(0) {} + + // AuthenticatedSymmetricCipher + std::string AlgorithmName() const + {return GetBlockCipher().AlgorithmName() + std::string("/CCM");} + size_t MinKeyLength() const + {return GetBlockCipher().MinKeyLength();} + size_t MaxKeyLength() const + {return GetBlockCipher().MaxKeyLength();} + size_t DefaultKeyLength() const + {return GetBlockCipher().DefaultKeyLength();} + size_t GetValidKeyLength(size_t n) const + {return GetBlockCipher().GetValidKeyLength(n);} + bool IsValidKeyLength(size_t n) const + {return GetBlockCipher().IsValidKeyLength(n);} + unsigned int OptimalDataAlignment() const + {return GetBlockCipher().OptimalDataAlignment();} + IV_Requirement IVRequirement() const + {return UNIQUE_IV;} + unsigned int IVSize() const + {return 8;} + unsigned int MinIVLength() const + {return 7;} + unsigned int MaxIVLength() const + {return 13;} + unsigned int DigestSize() const + {return m_digestSize;} + lword MaxHeaderLength() const + {return W64LIT(0)-1;} + lword MaxMessageLength() const + {return m_L<8 ? (W64LIT(1)<<(8*m_L))-1 : W64LIT(0)-1;} + bool NeedsPrespecifiedDataLengths() const + {return true;} + void UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength); + +protected: + // AuthenticatedSymmetricCipherBase + bool AuthenticationIsOnPlaintext() const + {return true;} + unsigned int AuthenticationBlockSize() const + {return GetBlockCipher().BlockSize();} + void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms); + void Resync(const byte *iv, size_t len); + size_t AuthenticateBlocks(const byte *data, size_t len); + void AuthenticateLastHeaderBlock(); + void AuthenticateLastConfidentialBlock(); + void AuthenticateLastFooterBlock(byte *mac, size_t macSize); + SymmetricCipher & AccessSymmetricCipher() {return m_ctr;} + + virtual BlockCipher & AccessBlockCipher() =0; + virtual int DefaultDigestSize() const =0; + + const BlockCipher & GetBlockCipher() const {return const_cast(this)->AccessBlockCipher();}; + byte *CBC_Buffer() {return m_buffer+REQUIRED_BLOCKSIZE;} + + enum {REQUIRED_BLOCKSIZE = 16}; + int m_digestSize, m_L; + word64 m_messageLength, m_aadLength; + CTR_Mode_ExternalCipher::Encryption m_ctr; +}; + +//! \class CCM_Final +//! \brief CCM block cipher final implementation +//! \tparam T_BlockCipher block cipher +//! \tparam T_DefaultDigestSize default digest size, in bytes +//! \tparam T_IsEncryption direction in which to operate the cipher +//! \since Crypto++ 5.6.0 +template +class CCM_Final : public CCM_Base +{ +public: + static std::string StaticAlgorithmName() + {return T_BlockCipher::StaticAlgorithmName() + std::string("/CCM");} + bool IsForwardTransformation() const + {return T_IsEncryption;} + +private: + BlockCipher & AccessBlockCipher() {return m_cipher;} + int DefaultDigestSize() const {return T_DefaultDigestSize;} + typename T_BlockCipher::Encryption m_cipher; +}; + +//! \class CCM +//! \brief CCM block cipher mode of operation +//! \tparam T_BlockCipher block cipher +//! \tparam T_DefaultDigestSize default digest size, in bytes +//! \details \p CCM provides the \p Encryption and \p Decryption typedef. See GCM_Base +//! and GCM_Final for the AuthenticatedSymmetricCipher implementation. +//! \sa CCM at the Crypto Lounge +//! \since Crypto++ 5.6.0 +template +struct CCM : public AuthenticatedSymmetricCipherDocumentation +{ + typedef CCM_Final Encryption; + typedef CCM_Final Decryption; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/chacha.h b/libs/win_crypto++/include/chacha.h new file mode 100644 index 0000000..5ac1ec5 --- /dev/null +++ b/libs/win_crypto++/include/chacha.h @@ -0,0 +1,91 @@ +// chacha.h - written and placed in the public domain by Jeffrey Walton. +// Copyright assigned to the Crypto++ project. +// Based on Wei Dai's Salsa20 and Bernstein's reference ChaCha +// family implementation at http://cr.yp.to/chacha.html. + +//! \file chacha.h +//! \brief Classes for ChaCha8, ChaCha12 and ChaCha20 stream ciphers +//! \details Crypto++ provides Bernstein and ECRYPT's ChaCha from ChaCha, +//! a variant of Salsa20 (2008.01.28). Bernstein's implementation is _slightly_ different from the TLS working group's +//! implementation for cipher suites TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +//! TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, and TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256. +//! \since Crypto++ 5.6.4 + +#ifndef CRYPTOPP_CHACHA_H +#define CRYPTOPP_CHACHA_H + +#include "strciphr.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class ChaCha_Info +//! \brief ChaCha stream cipher information +//! \since Crypto++ 5.6.4 +template +struct ChaCha_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8>, public FixedRounds +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() { + return (R==8?"ChaCha8":(R==12?"ChaCha12":(R==20?"ChaCha20":"ChaCha"))); + } +}; + +//! \class ChaCha_Policy +//! \brief ChaCha stream cipher implementation +//! \since Crypto++ 5.6.4 +template +class CRYPTOPP_NO_VTABLE ChaCha_Policy : public AdditiveCipherConcretePolicy +{ +protected: + CRYPTOPP_CONSTANT(ROUNDS=FixedRounds::ROUNDS) + + void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); + void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); + void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); + bool CipherIsRandomAccess() const {return false;} // TODO + void SeekToIteration(lword iterationCount); + unsigned int GetAlignment() const; + unsigned int GetOptimalBlockSize() const; + + FixedSizeAlignedSecBlock m_state; +}; + +//! \class ChaCha8 +//! \brief ChaCha8 stream cipher +//! \sa ChaCha, a variant of Salsa20 (2008.01.28). +//! \since Crypto++ 5.6.4 +struct ChaCha8 : public ChaCha_Info<8>, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal, AdditiveCipherTemplate<> >, ChaCha_Info<8> > Encryption; + typedef Encryption Decryption; +}; + +//! \class ChaCha12 +//! \brief ChaCha12 stream cipher +//! \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working group's implementation for +//! cipher suites TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +//! TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, and TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256. +//! \sa ChaCha, a variant of Salsa20 (2008.01.28). +//! \since Crypto++ 5.6.4 +struct ChaCha12 : public ChaCha_Info<12>, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal, AdditiveCipherTemplate<> >, ChaCha_Info<12> > Encryption; + typedef Encryption Decryption; +}; + +//! \class ChaCha20 +//! \brief ChaCha20 stream cipher +//! \sa ChaCha, a variant of Salsa20 (2008.01.28). +//! \details Bernstein and ECRYPT's ChaCha is _slightly_ different from the TLS working group's implementation for +//! cipher suites TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256, +//! TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256, and TLS_DHE_RSA_WITH_CHACHA20_POLY1305_SHA256. +//! \since Crypto++ 5.6.4 +struct ChaCha20 : public ChaCha_Info<20>, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal, AdditiveCipherTemplate<> >, ChaCha_Info<20> > Encryption; + typedef Encryption Decryption; +}; + +NAMESPACE_END + +#endif // CRYPTOPP_CHACHA_H diff --git a/libs/win_crypto++/include/channels.h b/libs/win_crypto++/include/channels.h new file mode 100644 index 0000000..a05c63e --- /dev/null +++ b/libs/win_crypto++/include/channels.h @@ -0,0 +1,134 @@ +// channels.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile channels.h +//! \brief Classes for multiple named channels + +#ifndef CRYPTOPP_CHANNELS_H +#define CRYPTOPP_CHANNELS_H + +#include "cryptlib.h" +#include "simple.h" +#include "smartptr.h" +#include "stdcpp.h" + +NAMESPACE_BEGIN(CryptoPP) + +#if 0 +//! Route input on default channel to different and/or multiple channels based on message sequence number +class MessageSwitch : public Sink +{ +public: + void AddDefaultRoute(BufferedTransformation &destination, const std::string &channel); + void AddRoute(unsigned int begin, unsigned int end, BufferedTransformation &destination, const std::string &channel); + + void Put(byte inByte); + void Put(const byte *inString, unsigned int length); + + void Flush(bool completeFlush, int propagation=-1); + void MessageEnd(int propagation=-1); + void PutMessageEnd(const byte *inString, unsigned int length, int propagation=-1); + void MessageSeriesEnd(int propagation=-1); + +private: + typedef std::pair Route; + struct RangeRoute + { + RangeRoute(unsigned int begin, unsigned int end, const Route &route) + : begin(begin), end(end), route(route) {} + bool operator<(const RangeRoute &rhs) const {return begin < rhs.begin;} + unsigned int begin, end; + Route route; + }; + + typedef std::list RouteList; + typedef std::list DefaultRouteList; + + RouteList m_routes; + DefaultRouteList m_defaultRoutes; + unsigned int m_nCurrentMessage; +}; +#endif + +class ChannelSwitchTypedefs +{ +public: + typedef std::pair Route; + typedef std::multimap RouteMap; + + typedef std::pair > DefaultRoute; + typedef std::list DefaultRouteList; + + // SunCC workaround: can't use const_iterator here + typedef RouteMap::iterator MapIterator; + typedef DefaultRouteList::iterator ListIterator; +}; + +class ChannelSwitch; + +class ChannelRouteIterator : public ChannelSwitchTypedefs +{ +public: + ChannelRouteIterator(ChannelSwitch &cs) : m_cs(cs), m_useDefault(false) {} + + void Reset(const std::string &channel); + bool End() const; + void Next(); + BufferedTransformation & Destination(); + const std::string & Channel(); + + ChannelSwitch& m_cs; + std::string m_channel; + bool m_useDefault; + MapIterator m_itMapCurrent, m_itMapEnd; + ListIterator m_itListCurrent, m_itListEnd; + +protected: + // Hide this to see if we break something... + ChannelRouteIterator(); +}; + +//! Route input to different and/or multiple channels based on channel ID +class CRYPTOPP_DLL ChannelSwitch : public Multichannel, public ChannelSwitchTypedefs +{ +public: + ChannelSwitch() : m_it(*this), m_blocked(false) {} + ChannelSwitch(BufferedTransformation &destination) : m_it(*this), m_blocked(false) + { + AddDefaultRoute(destination); + } + ChannelSwitch(BufferedTransformation &destination, const std::string &outChannel) : m_it(*this), m_blocked(false) + { + AddDefaultRoute(destination, outChannel); + } + + void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); + + size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking); + size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking); + + bool ChannelFlush(const std::string &channel, bool completeFlush, int propagation=-1, bool blocking=true); + bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true); + + byte * ChannelCreatePutSpace(const std::string &channel, size_t &size); + + void AddDefaultRoute(BufferedTransformation &destination); + void RemoveDefaultRoute(BufferedTransformation &destination); + void AddDefaultRoute(BufferedTransformation &destination, const std::string &outChannel); + void RemoveDefaultRoute(BufferedTransformation &destination, const std::string &outChannel); + void AddRoute(const std::string &inChannel, BufferedTransformation &destination, const std::string &outChannel); + void RemoveRoute(const std::string &inChannel, BufferedTransformation &destination, const std::string &outChannel); + +private: + RouteMap m_routeMap; + DefaultRouteList m_defaultRoutes; + + ChannelRouteIterator m_it; + bool m_blocked; + + friend class ChannelRouteIterator; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/cmac.h b/libs/win_crypto++/include/cmac.h new file mode 100644 index 0000000..6e70d12 --- /dev/null +++ b/libs/win_crypto++/include/cmac.h @@ -0,0 +1,67 @@ +// cmac.h - written and placed in the public domain by Wei Dai + +//! \file cmac.h +//! \brief Classes for CMAC message authentication code +//! \since Crypto++ 5.6.0 + +#ifndef CRYPTOPP_CMAC_H +#define CRYPTOPP_CMAC_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class CMAC_Base +//! \brief CMAC base implementation +//! \since Crypto++ 5.6.0 +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CMAC_Base : public MessageAuthenticationCode +{ +public: + CMAC_Base() : m_counter(0) {} + + void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); + void Update(const byte *input, size_t length); + void TruncatedFinal(byte *mac, size_t size); + unsigned int DigestSize() const {return GetCipher().BlockSize();} + unsigned int OptimalBlockSize() const {return GetCipher().BlockSize();} + unsigned int OptimalDataAlignment() const {return GetCipher().OptimalDataAlignment();} + +protected: + friend class EAX_Base; + + const BlockCipher & GetCipher() const {return const_cast(this)->AccessCipher();} + virtual BlockCipher & AccessCipher() =0; + + void ProcessBuf(); + SecByteBlock m_reg; + unsigned int m_counter; +}; + +//! \brief CMAC message authentication code +//! \tparam T block cipher +//! \details Template parameter T should be a class derived from BlockCipherDocumentation, for example AES, with a block size of 8, 16, or 32. +//! \sa CMAC +//! \since Crypto++ 5.6.0 +template +class CMAC : public MessageAuthenticationCodeImpl >, public SameKeyLengthAs +{ +public: + //! \brief Construct a CMAC + CMAC() {} + //! \brief Construct a CMAC + //! \param key the MAC key + //! \param length the key size, in bytes + CMAC(const byte *key, size_t length=SameKeyLengthAs::DEFAULT_KEYLENGTH) + {this->SetKey(key, length);} + + static std::string StaticAlgorithmName() {return std::string("CMAC(") + T::StaticAlgorithmName() + ")";} + +private: + BlockCipher & AccessCipher() {return m_cipher;} + typename T::Encryption m_cipher; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/config.h b/libs/win_crypto++/include/config.h new file mode 100644 index 0000000..82f067b --- /dev/null +++ b/libs/win_crypto++/include/config.h @@ -0,0 +1,945 @@ +// config.h - written and placed in the public domain by Wei Dai + +//! \file config.h +//! \brief Library configuration file + +#ifndef CRYPTOPP_CONFIG_H +#define CRYPTOPP_CONFIG_H + +// ***************** Important Settings ******************** + +// define this if running on a big-endian CPU +#if !defined(IS_LITTLE_ENDIAN) && (defined(__BIG_ENDIAN__) || (defined(__s390__) || defined(__s390x__) || defined(__zarch__)) || (defined(__m68k__) || defined(__MC68K__)) || defined(__sparc) || defined(__sparc__) || defined(__hppa__) || defined(__MIPSEB__) || defined(__ARMEB__) || (defined(__MWERKS__) && !defined(__INTEL__))) +# define IS_BIG_ENDIAN +#endif + +// define this if running on a little-endian CPU +// big endian will be assumed if IS_LITTLE_ENDIAN is not defined +#ifndef IS_BIG_ENDIAN +# define IS_LITTLE_ENDIAN +#endif + +// Sanity checks. Some processors have more than big-, little- and bi-endian modes. PDP mode, where order results in "4312", should +// raise red flags immediately. Additionally, mis-classified machines, like (previosuly) S/390, should raise red flags immediately. +#if defined(IS_BIG_ENDIAN) && defined(__GNUC__) && defined(__BYTE_ORDER__) && (__BYTE_ORDER__ != __ORDER_BIG_ENDIAN__) +# error "IS_BIG_ENDIAN is set, but __BYTE_ORDER__ does not equal __ORDER_BIG_ENDIAN__" +#endif +#if defined(IS_LITTLE_ENDIAN) && defined(__GNUC__) && defined(__BYTE_ORDER__) && (__BYTE_ORDER__ != __ORDER_LITTLE_ENDIAN__) +# error "IS_LITTLE_ENDIAN is set, but __BYTE_ORDER__ does not equal __ORDER_LITTLE_ENDIAN__" +#endif + +// Define this if you want to disable all OS-dependent features, +// such as sockets and OS-provided random number generators +// #define NO_OS_DEPENDENCE + +// Define this to use features provided by Microsoft's CryptoAPI. +// Currently the only feature used is Windows random number generation. +// This macro will be ignored if NO_OS_DEPENDENCE is defined. +// #define USE_MS_CRYPTOAPI + +// Define this to use features provided by Microsoft's CryptoNG API. +// CryptoNG API is available in Vista and above and its cross platform, +// including desktop apps and store apps. Currently the only feature +// used is Windows random number generation. +// This macro will be ignored if NO_OS_DEPENDENCE is defined. +// #define USE_MS_CNGAPI + +// If the user did not make a choice, then select CryptoNG if either +// Visual Studio 2015 is available, or Windows 10 or above is available. +#if !defined(USE_MS_CRYPTOAPI) && !defined(USE_MS_CNGAPI) +# if (_MSC_VER >= 1900) || ((WINVER >= 0x0A00 /*_WIN32_WINNT_WIN10*/) || (_WIN32_WINNT >= 0x0A00 /*_WIN32_WINNT_WIN10*/)) +# define USE_MS_CNGAPI +# else +# define USE_MS_CRYPTOAPI +# endif +#endif + +// Define this to ensure C/C++ standard compliance and respect for GCC aliasing rules and other alignment fodder. If you +// experience a break with GCC at -O3, you should try this first. Guard it in case its set on the command line (and it differs). +#ifndef CRYPTOPP_NO_UNALIGNED_DATA_ACCESS +# define CRYPTOPP_NO_UNALIGNED_DATA_ACCESS +#endif + +// ***************** Less Important Settings *************** + +// Library version +#define CRYPTOPP_VERSION 565 + +// Define this if you want to set a prefix for TestData/ and TestVectors/ +// Be mindful of the trailing slash since its simple concatenation. +// g++ ... -DCRYPTOPP_DATA_DIR='"/tmp/cryptopp_test/share/"' +#ifndef CRYPTOPP_DATA_DIR +# define CRYPTOPP_DATA_DIR "" +#endif + +// define this to retain (as much as possible) old deprecated function and class names +// #define CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY + +// Define this to retain (as much as possible) ABI and binary compatibility with Crypto++ 5.6.2. +// Also see https://cryptopp.com/wiki/Config.h#Avoid_MAINTAIN_BACKWARDS_COMPATIBILITY +// #define CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + +// Define this if you want or need the library's memcpy_s and memmove_s. +// See http://github.com/weidai11/cryptopp/issues/28. +// #if !defined(CRYPTOPP_WANT_SECURE_LIB) +// # define CRYPTOPP_WANT_SECURE_LIB +// #endif + +// File system code to write to GZIP archive. +#if !defined(GZIP_OS_CODE) +# define GZIP_OS_CODE 0 +#endif + +// Try this if your CPU has 256K internal cache or a slow multiply instruction +// and you want a (possibly) faster IDEA implementation using log tables +// #define IDEA_LARGECACHE + +// Define this if, for the linear congruential RNG, you want to use +// the original constants as specified in S.K. Park and K.W. Miller's +// CACM paper. +// #define LCRNG_ORIGINAL_NUMBERS + +// Define this if you want Integer's operator<< to honor std::showbase (and +// std::noshowbase). If defined, Integer will use a suffix of 'b', 'o', 'h' +// or '.' (the last for decimal) when std::showbase is in effect. If +// std::noshowbase is set, then the suffix is not added to the Integer. If +// not defined, existing behavior is preserved and Integer will use a suffix +// of 'b', 'o', 'h' or '.' (the last for decimal). +// #define CRYPTOPP_USE_STD_SHOWBASE + +// choose which style of sockets to wrap (mostly useful for MinGW which has both) +#if !defined(NO_BERKELEY_STYLE_SOCKETS) && !defined(PREFER_BERKELEY_STYLE_SOCKETS) +# define PREFER_BERKELEY_STYLE_SOCKETS +#endif + +// #if !defined(NO_WINDOWS_STYLE_SOCKETS) && !defined(PREFER_WINDOWS_STYLE_SOCKETS) +// # define PREFER_WINDOWS_STYLE_SOCKETS +// #endif + +// set the name of Rijndael cipher, was "Rijndael" before version 5.3 +#define CRYPTOPP_RIJNDAEL_NAME "AES" + +// CRYPTOPP_DEBUG enables the library's CRYPTOPP_ASSERT. CRYPTOPP_ASSERT +// raises a SIGTRAP (Unix) or calls DebugBreak() (Windows). CRYPTOPP_ASSERT +// is only in effect when CRYPTOPP_DEBUG, DEBUG or _DEBUG is defined. Unlike +// Posix assert, CRYPTOPP_ASSERT is not affected by NDEBUG (or failure to +// define it). +// Also see http://github.com/weidai11/cryptopp/issues/277, CVE-2016-7420 +#if (defined(DEBUG) || defined(_DEBUG)) && !defined(CRYPTOPP_DEBUG) +# define CRYPTOPP_DEBUG 1 +#endif + +// ***************** Initialization and Constructor priorities ******************** + +// MacPorts/GCC and Solaris/GCC does not provide constructor(priority). Apple/GCC and Fink/GCC do provide it. +// See http://cryptopp.com/wiki/Static_Initialization_Order_Fiasco + +// CRYPTOPP_INIT_PRIORITY attempts to manage initialization of C++ static objects. +// Under GCC, the library uses init_priority attribute in the range +// [CRYPTOPP_INIT_PRIORITY, CRYPTOPP_INIT_PRIORITY+100]. Under Windows, +// CRYPTOPP_INIT_PRIORITY enlists "#pragma init_seg(lib)". +#ifndef CRYPTOPP_INIT_PRIORITY +# define CRYPTOPP_INIT_PRIORITY 250 +#endif + +// CRYPTOPP_USER_PRIORITY is for other libraries and user code that is using Crypto++ +// and managing C++ static object creation. It is guaranteed not to conflict with +// values used by (or would be used by) the Crypto++ library. +#if defined(CRYPTOPP_INIT_PRIORITY) && (CRYPTOPP_INIT_PRIORITY > 0) +# define CRYPTOPP_USER_PRIORITY (CRYPTOPP_INIT_PRIORITY + 101) +#else +# define CRYPTOPP_USER_PRIORITY 350 +#endif + +// __attribute__(init_priority(250)) is supported +#if (__GNUC__ && (CRYPTOPP_INIT_PRIORITY > 0) && ((CRYPTOPP_GCC_VERSION >= 40300) || (CRYPTOPP_LLVM_CLANG_VERSION >= 20900) || (_INTEL_COMPILER >= 300)) && !(MACPORTS_GCC_COMPILER > 0) && !defined(__sun__)) +# define HAVE_GCC_CONSTRUCTOR1 1 +#endif + +// __attribute__(init_priority()) is supported +#if (__GNUC__ && (CRYPTOPP_INIT_PRIORITY > 0) && !HAVE_GCC_CONSTRUCTOR1 && !(MACPORTS_GCC_COMPILER > 0) && !defined(__sun__)) +# define HAVE_GCC_CONSTRUCTOR0 1 +#endif + +#if (_MSC_VER && (CRYPTOPP_INIT_PRIORITY > 0)) +# define HAVE_MSC_INIT_PRIORITY 1 +#endif + +// ***************** Important Settings Again ******************** +// But the defaults should be ok. + +// namespace support is now required +#ifdef NO_NAMESPACE +# error namespace support is now required +#endif + +// Define this to workaround a Microsoft CryptoAPI bug where +// each call to CryptAcquireContext causes a 100 KB memory leak. +// Defining this will cause Crypto++ to make only one call to CryptAcquireContext. +#define WORKAROUND_MS_BUG_Q258000 + +#ifdef CRYPTOPP_DOXYGEN_PROCESSING +// Document the namespce exists. Put it here before CryptoPP is undefined below. +//! \namespace CryptoPP +//! \brief Crypto++ library namespace +//! \details Nearly all classes are located in the CryptoPP namespace. Within +//! the namespace, there are two additional namespaces. +//!
    +//!
  • Name - namespace for names used with \p NameValuePairs and documented in argnames.h +//!
  • Weak - namespace for weak and wounded algorithms, like ARC4, MD5 and Pananma +//!
+namespace CryptoPP { } +// Bring in the symbols fund in the weak namespace; and fold Weak1 into Weak +# define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 +# define Weak1 Weak +// Avoid putting "CryptoPP::" in front of everything in Doxygen output +# define CryptoPP +# define NAMESPACE_BEGIN(x) +# define NAMESPACE_END +// Get Doxygen to generate better documentation for these typedefs +# define DOCUMENTED_TYPEDEF(x, y) class y : public x {}; +// Make "protected" "private" so the functions and members are not documented +# define protected private +#else +# define NAMESPACE_BEGIN(x) namespace x { +# define NAMESPACE_END } +# define DOCUMENTED_TYPEDEF(x, y) typedef x y; +#endif +#define ANONYMOUS_NAMESPACE_BEGIN namespace { +#define ANONYMOUS_NAMESPACE_END } +#define USING_NAMESPACE(x) using namespace x; +#define DOCUMENTED_NAMESPACE_BEGIN(x) namespace x { +#define DOCUMENTED_NAMESPACE_END } + +// What is the type of the third parameter to bind? +// For Unix, the new standard is ::socklen_t (typically unsigned int), and the old standard is int. +// Unfortunately there is no way to tell whether or not socklen_t is defined. +// To work around this, TYPE_OF_SOCKLEN_T is a macro so that you can change it from the makefile. +#ifndef TYPE_OF_SOCKLEN_T +# if defined(_WIN32) || defined(__CYGWIN__) +# define TYPE_OF_SOCKLEN_T int +# else +# define TYPE_OF_SOCKLEN_T ::socklen_t +# endif +#endif + +#if defined(__CYGWIN__) && defined(PREFER_WINDOWS_STYLE_SOCKETS) +# define __USE_W32_SOCKETS +#endif + +typedef unsigned char byte; // put in global namespace to avoid ambiguity with other byte typedefs + +NAMESPACE_BEGIN(CryptoPP) + +typedef unsigned short word16; +typedef unsigned int word32; + +#if defined(_MSC_VER) || defined(__BORLANDC__) + typedef unsigned __int64 word64; + #define W64LIT(x) x##ui64 +#elif (_LP64 || __LP64__) + typedef unsigned long word64; + #define W64LIT(x) x##UL +#else + typedef unsigned long long word64; + #define W64LIT(x) x##ULL +#endif + +// define large word type, used for file offsets and such +typedef word64 lword; +const lword LWORD_MAX = W64LIT(0xffffffffffffffff); + +// Clang pretends to be VC++, too. +// See http://github.com/weidai11/cryptopp/issues/147 +#if defined(_MSC_VER) && defined(__clang__) +# error: "Unsupported configuration" +#endif + +#ifdef __GNUC__ + #define CRYPTOPP_GCC_VERSION (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) +#endif + +// Apple and LLVM's Clang. Apple Clang version 7.0 roughly equals LLVM Clang version 3.7 +#if defined(__clang__ ) && !defined(__apple_build_version__) + #define CRYPTOPP_LLVM_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__) + #define CRYPTOPP_CLANG_INTEGRATED_ASSEMBLER 1 +#elif defined(__clang__ ) && defined(__apple_build_version__) + #define CRYPTOPP_APPLE_CLANG_VERSION (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__) + #define CRYPTOPP_CLANG_INTEGRATED_ASSEMBLER 1 +#endif + +#ifdef _MSC_VER + #define CRYPTOPP_MSC_VERSION (_MSC_VER) +#endif + +// Need GCC 4.6/Clang 1.7/Apple Clang 2.0 or above due to "GCC diagnostic {push|pop}" +#if (CRYPTOPP_GCC_VERSION >= 40600) || (CRYPTOPP_LLVM_CLANG_VERSION >= 10700) || (CRYPTOPP_APPLE_CLANG_VERSION >= 20000) + #define CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE 1 +#endif + +// Clang due to "Inline assembly operands don't work with .intel_syntax", http://llvm.org/bugs/show_bug.cgi?id=24232 +// TODO: supply the upper version when LLVM fixes it. We set it to 20.0 for compilation purposes. +#if (defined(CRYPTOPP_LLVM_CLANG_VERSION) && CRYPTOPP_LLVM_CLANG_VERSION <= 200000) || (defined(CRYPTOPP_APPLE_CLANG_VERSION) && CRYPTOPP_APPLE_CLANG_VERSION <= 200000) || defined(CRYPTOPP_CLANG_INTEGRATED_ASSEMBLER) + #define CRYPTOPP_DISABLE_INTEL_ASM 1 +#endif + +// define hword, word, and dword. these are used for multiprecision integer arithmetic +// Intel compiler won't have _umul128 until version 10.0. See http://softwarecommunity.intel.com/isn/Community/en-US/forums/thread/30231625.aspx +#if (defined(_MSC_VER) && (!defined(__INTEL_COMPILER) || __INTEL_COMPILER >= 1000) && (defined(_M_X64) || defined(_M_IA64))) || (defined(__DECCXX) && defined(__alpha__)) || (defined(__INTEL_COMPILER) && defined(__x86_64__)) || (defined(__SUNPRO_CC) && defined(__x86_64__)) + typedef word32 hword; + typedef word64 word; +#else + #define CRYPTOPP_NATIVE_DWORD_AVAILABLE 1 + #if defined(__alpha__) || defined(__ia64__) || defined(_ARCH_PPC64) || defined(__x86_64__) || defined(__mips64) || defined(__sparc64__) + #if defined(__GNUC__) && !defined(__INTEL_COMPILER) && !(CRYPTOPP_GCC_VERSION == 40001 && defined(__APPLE__)) && CRYPTOPP_GCC_VERSION >= 30400 + // GCC 4.0.1 on MacOS X is missing __umodti3 and __udivti3 + // mode(TI) division broken on amd64 with GCC earlier than GCC 3.4 + typedef word32 hword; + typedef word64 word; + typedef __uint128_t dword; + typedef __uint128_t word128; + #define CRYPTOPP_WORD128_AVAILABLE 1 + #else + // if we're here, it means we're on a 64-bit CPU but we don't have a way to obtain 128-bit multiplication results + typedef word16 hword; + typedef word32 word; + typedef word64 dword; + #endif + #else + // being here means the native register size is probably 32 bits or less + #define CRYPTOPP_BOOL_SLOW_WORD64 1 + typedef word16 hword; + typedef word32 word; + typedef word64 dword; + #endif +#endif +#ifndef CRYPTOPP_BOOL_SLOW_WORD64 + #define CRYPTOPP_BOOL_SLOW_WORD64 0 +#endif + +const unsigned int WORD_SIZE = sizeof(word); +const unsigned int WORD_BITS = WORD_SIZE * 8; + +NAMESPACE_END + +#ifndef CRYPTOPP_L1_CACHE_LINE_SIZE + // This should be a lower bound on the L1 cache line size. It's used for defense against timing attacks. + // Also see http://stackoverflow.com/questions/794632/programmatically-get-the-cache-line-size. + #if defined(_M_X64) || defined(__x86_64__) || (__arm64__) || (__aarch64__) + #define CRYPTOPP_L1_CACHE_LINE_SIZE 64 + #else + // L1 cache line size is 32 on Pentium III and earlier + #define CRYPTOPP_L1_CACHE_LINE_SIZE 32 + #endif +#endif + +#if defined(_MSC_VER) + #if _MSC_VER == 1200 + #include + #endif + #if _MSC_VER > 1200 || defined(_mm_free) + #define CRYPTOPP_MSVC6PP_OR_LATER // VC 6 processor pack or later + #else + #define CRYPTOPP_MSVC6_NO_PP // VC 6 without processor pack + #endif +#endif + +#ifndef CRYPTOPP_ALIGN_DATA + #if defined(CRYPTOPP_MSVC6PP_OR_LATER) + #define CRYPTOPP_ALIGN_DATA(x) __declspec(align(x)) + #elif defined(__GNUC__) + #define CRYPTOPP_ALIGN_DATA(x) __attribute__((aligned(x))) + #else + #define CRYPTOPP_ALIGN_DATA(x) + #endif +#endif + +#ifndef CRYPTOPP_SECTION_ALIGN16 +#if defined(__GNUC__) && !defined(__APPLE__) + // the alignment attribute doesn't seem to work without this section attribute when -fdata-sections is turned on + #define CRYPTOPP_SECTION_ALIGN16 __attribute__((section ("CryptoPP_Align16"))) + #else + #define CRYPTOPP_SECTION_ALIGN16 + #endif +#endif + +// The section attribute attempts to initialize CPU flags to avoid Valgrind findings above -O1 +#if ((__MACH__ >= 1) && ((CRYPTOPP_LLVM_CLANG_VERSION >= 30600) || (CRYPTOPP_APPLE_CLANG_VERSION >= 70100) || (CRYPTOPP_GCC_VERSION >= 40300))) + #define CRYPTOPP_SECTION_INIT __attribute__((section ("__DATA,__data"))) +#elif ((__ELF__ >= 1) && (CRYPTOPP_GCC_VERSION >= 40300)) + #define CRYPTOPP_SECTION_INIT __attribute__((section ("nocommon"))) +#else + #define CRYPTOPP_SECTION_INIT +#endif + +#if defined(_MSC_VER) || defined(__fastcall) + #define CRYPTOPP_FASTCALL __fastcall +#else + #define CRYPTOPP_FASTCALL +#endif + +// VC60 workaround: it doesn't allow typename in some places +#if defined(_MSC_VER) && (_MSC_VER < 1300) +#define CPP_TYPENAME +#else +#define CPP_TYPENAME typename +#endif + +// VC60 workaround: can't cast unsigned __int64 to float or double +#if defined(_MSC_VER) && !defined(CRYPTOPP_MSVC6PP_OR_LATER) +#define CRYPTOPP_VC6_INT64 (__int64) +#else +#define CRYPTOPP_VC6_INT64 +#endif + +#ifdef _MSC_VER +#define CRYPTOPP_NO_VTABLE __declspec(novtable) +#else +#define CRYPTOPP_NO_VTABLE +#endif + +#ifdef _MSC_VER + // 4127: conditional expression is constant + // 4231: nonstandard extension used : 'extern' before template explicit instantiation + // 4250: dominance + // 4251: member needs to have dll-interface + // 4275: base needs to have dll-interface + // 4505: unreferenced local function + // 4512: assignment operator not generated + // 4660: explicitly instantiating a class that's already implicitly instantiated + // 4661: no suitable definition provided for explicit template instantiation request + // 4786: identifer was truncated in debug information + // 4355: 'this' : used in base member initializer list + // 4910: '__declspec(dllexport)' and 'extern' are incompatible on an explicit instantiation +# pragma warning(disable: 4127 4231 4250 4251 4275 4505 4512 4660 4661 4786 4355 4910) + // Security related, possible defects + // http://blogs.msdn.com/b/vcblog/archive/2010/12/14/off-by-default-compiler-warnings-in-visual-c.aspx +# pragma warning(once: 4191 4242 4263 4264 4266 4302 4826 4905 4906 4928) +#endif + +#ifdef __BORLANDC__ +// 8037: non-const function called for const object. needed to work around BCB2006 bug +# pragma warn -8037 +#endif + +// [GCC Bug 53431] "C++ preprocessor ignores #pragma GCC diagnostic". Clang honors it. +#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE +# pragma GCC diagnostic ignored "-Wunknown-pragmas" +# pragma GCC diagnostic ignored "-Wunused-function" +#endif + +// You may need to force include a C++ header on Android when using STLPort to ensure +// _STLPORT_VERSION is defined: CXXFLAGS="-DNDEBUG -g2 -O2 -std=c++11 -include iosfwd" +// TODO: Figure out C++17 and lack of std::uncaught_exception +#if (defined(_MSC_VER) && _MSC_VER <= 1300) || defined(__MWERKS__) || (defined(_STLPORT_VERSION) && ((_STLPORT_VERSION < 0x450) || defined(_STLP_NO_UNCAUGHT_EXCEPT_SUPPORT))) +#define CRYPTOPP_DISABLE_UNCAUGHT_EXCEPTION +#endif + +#ifndef CRYPTOPP_DISABLE_UNCAUGHT_EXCEPTION +#define CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE +#endif + +#ifdef CRYPTOPP_DISABLE_X86ASM // for backwards compatibility: this macro had both meanings +#define CRYPTOPP_DISABLE_ASM +#define CRYPTOPP_DISABLE_SSE2 +#endif + +// Apple's Clang prior to 5.0 cannot handle SSE2 (and Apple does not use LLVM Clang numbering...) +#if defined(CRYPTOPP_APPLE_CLANG_VERSION) && (CRYPTOPP_APPLE_CLANG_VERSION < 50000) +# define CRYPTOPP_DISABLE_ASM +#endif + +// Sun Studio 12 provides GCC inline assembly, http://blogs.oracle.com/x86be/entry/gcc_style_asm_inlining_support +// We can enable SSE2 for Sun Studio in the makefile with -D__SSE2__, but users may not compile with it. +#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(__SSE2__) && defined(__x86_64__) && (__SUNPRO_CC >= 0x5100) +# define __SSE2__ 1 +#endif + +#if !defined(CRYPTOPP_DISABLE_ASM) && ((defined(_MSC_VER) && defined(_M_IX86)) || (defined(__GNUC__) && (defined(__i386__) || defined(__x86_64__)))) + // C++Builder 2010 does not allow "call label" where label is defined within inline assembly + #define CRYPTOPP_X86_ASM_AVAILABLE + + #if !defined(CRYPTOPP_DISABLE_SSE2) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || CRYPTOPP_GCC_VERSION >= 30300 || defined(__SSE2__)) + #define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 1 + #else + #define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 0 + #endif + + #if !defined(CRYPTOPP_DISABLE_SSE3) && (_MSC_VER >= 1500 || (defined(__SSE3__) && defined(__SSSE3__))) + #define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 1 + #else + #define CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE 0 + #endif +#endif + +#if !defined(CRYPTOPP_DISABLE_ASM) && defined(_MSC_VER) && defined(_M_X64) + #define CRYPTOPP_X64_MASM_AVAILABLE +#endif + +#if !defined(CRYPTOPP_DISABLE_ASM) && defined(__GNUC__) && defined(__x86_64__) + #define CRYPTOPP_X64_ASM_AVAILABLE +#endif + +#if !defined(CRYPTOPP_DISABLE_ASM) && (defined(CRYPTOPP_MSVC6PP_OR_LATER) || defined(__SSE2__)) && !defined(_M_ARM) + #define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 1 +#else + #define CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE 0 +#endif + +// Intrinsics availible in GCC 4.3 (http://gcc.gnu.org/gcc-4.3/changes.html) and +// MSVC 2008 (http://msdn.microsoft.com/en-us/library/bb892950%28v=vs.90%29.aspx) +// SunCC could generate SSE4 at 12.1, but the intrinsics are missing until 12.4. +#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_SSE4) && !defined(_M_ARM) && ((_MSC_VER >= 1500) || (defined(__SSE4_1__) && defined(__SSE4_2__))) + #define CRYPTOPP_BOOL_SSE4_INTRINSICS_AVAILABLE 1 +#else + #define CRYPTOPP_BOOL_SSE4_INTRINSICS_AVAILABLE 0 +#endif + +// Don't disgorge AES-NI from CLMUL. There will be two to four subtle breaks +#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_AESNI) && !defined(_M_ARM) && (_MSC_FULL_VER >= 150030729 || __INTEL_COMPILER >= 1110 || (defined(__AES__) && defined(__PCLMUL__))) + #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 1 +#else + #define CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE 0 +#endif + +// AVX2 in MSC 18.00 +#if !defined(CRYPTOPP_DISABLE_ASM) && !defined(CRYPTOPP_DISABLE_AVX) && !defined(_M_ARM) && ((_MSC_VER >= 1600) || (defined(__RDRND__) || defined(__RDSEED__) || defined(__AVX__))) + #define CRYPTOPP_BOOL_AVX_AVAILABLE 1 +#else + #define CRYPTOPP_BOOL_AVX_AVAILABLE 0 +#endif + +// Requires ARMv7 and ACLE 1.0. Testing shows ARMv7 is really ARMv7a under most toolchains. +#if !defined(CRYPTOPP_BOOL_NEON_INTRINSICS_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) +# if defined(__ARM_NEON__) || defined(__ARM_NEON) || defined(_M_ARM) +# define CRYPTOPP_BOOL_NEON_INTRINSICS_AVAILABLE 1 +# endif +#endif + +// Requires ARMv8 and ACLE 2.0. For GCC, requires 4.8 and above. +// Microsoft plans to support ARM-64, but its not clear how to detect it. +// TODO: Add MSC_VER and ARM-64 platform define when available +#if !defined(CRYPTOPP_BOOL_ARM_CRC32_INTRINSICS_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) +# if defined(__ARM_FEATURE_CRC32) || defined(_M_ARM64) +# define CRYPTOPP_BOOL_ARM_CRC32_INTRINSICS_AVAILABLE 1 +# endif +#endif + +// Requires ARMv8 and ACLE 2.0. For GCC, requires 4.8 and above. +// Microsoft plans to support ARM-64, but its not clear how to detect it. +// TODO: Add MSC_VER and ARM-64 platform define when available +#if !defined(CRYPTOPP_BOOL_ARM_CRYPTO_INTRINSICS_AVAILABLE) && !defined(CRYPTOPP_DISABLE_ASM) +# if defined(__ARM_FEATURE_CRYPTO) || defined(_M_ARM64) +# define CRYPTOPP_BOOL_ARM_CRYPTO_INTRINSICS_AVAILABLE 1 +# endif +#endif + +#if CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || CRYPTOPP_BOOL_NEON_INTRINSICS_AVAILABLE || defined(CRYPTOPP_X64_MASM_AVAILABLE) + #define CRYPTOPP_BOOL_ALIGN16 1 +#else + #define CRYPTOPP_BOOL_ALIGN16 0 +#endif + +// how to allocate 16-byte aligned memory (for SSE2) +#if defined(CRYPTOPP_MSVC6PP_OR_LATER) + #define CRYPTOPP_MM_MALLOC_AVAILABLE +#elif defined(__APPLE__) + #define CRYPTOPP_APPLE_MALLOC_AVAILABLE +#elif defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) + #define CRYPTOPP_MALLOC_ALIGNMENT_IS_16 +#elif defined(__linux__) || defined(__sun__) || defined(__CYGWIN__) + #define CRYPTOPP_MEMALIGN_AVAILABLE +#else + #define CRYPTOPP_NO_ALIGNED_ALLOC +#endif + +// Apple always provides 16-byte aligned, and tells us to use calloc +// http://developer.apple.com/library/mac/documentation/Performance/Conceptual/ManagingMemory/Articles/MemoryAlloc.html + +// how to disable inlining +#if defined(_MSC_VER) && _MSC_VER >= 1300 +# define CRYPTOPP_NOINLINE_DOTDOTDOT +# define CRYPTOPP_NOINLINE __declspec(noinline) +#elif defined(__GNUC__) +# define CRYPTOPP_NOINLINE_DOTDOTDOT +# define CRYPTOPP_NOINLINE __attribute__((noinline)) +#else +# define CRYPTOPP_NOINLINE_DOTDOTDOT ... +# define CRYPTOPP_NOINLINE +#endif + +// How to declare class constants +// Use enum for OS X 10.5 ld, http://github.com/weidai11/cryptopp/issues/255 +#if (defined(_MSC_VER) && _MSC_VER <= 1300) || defined(__INTEL_COMPILER) || defined(__BORLANDC__) +# define CRYPTOPP_CONSTANT(x) enum {x}; +#else +# define CRYPTOPP_CONSTANT(x) static const int x; +#endif + +// Linux provides X32, which is 32-bit integers, longs and pointers on x86_64 using the full x86_64 register set. +// Detect via __ILP32__ (http://wiki.debian.org/X32Port). However, __ILP32__ shows up in more places than +// the System V ABI specs calls out, like on just about any 32-bit system with Clang. +#if ((__ILP32__ >= 1) || (_ILP32 >= 1)) && defined(__x86_64__) + #define CRYPTOPP_BOOL_X32 1 +#else + #define CRYPTOPP_BOOL_X32 0 +#endif + +// see http://predef.sourceforge.net/prearch.html +#if (defined(_M_IX86) || defined(__i386__) || defined(__i386) || defined(_X86_) || defined(__I86__) || defined(__INTEL__)) && !CRYPTOPP_BOOL_X32 + #define CRYPTOPP_BOOL_X86 1 +#else + #define CRYPTOPP_BOOL_X86 0 +#endif + +#if (defined(_M_X64) || defined(__x86_64__)) && !CRYPTOPP_BOOL_X32 + #define CRYPTOPP_BOOL_X64 1 +#else + #define CRYPTOPP_BOOL_X64 0 +#endif + +// Undo the ASM and Intrinsic related defines due to X32. +#if CRYPTOPP_BOOL_X32 +# undef CRYPTOPP_BOOL_X64 +# undef CRYPTOPP_X64_ASM_AVAILABLE +# undef CRYPTOPP_X64_MASM_AVAILABLE +#endif + +#if defined(__arm__) || defined(__aarch32__) || defined(_M_ARM) + #define CRYPTOPP_BOOL_ARM32 1 +#else + #define CRYPTOPP_BOOL_ARM32 0 +#endif + +// Microsoft plans to support ARM-64, but its not clear how to detect it. +// TODO: Add MSC_VER and ARM-64 platform define when available +#if defined(__arm64__) || defined(__aarch64__) || defined(_M_ARM64) + #define CRYPTOPP_BOOL_ARM64 1 +#else + #define CRYPTOPP_BOOL_ARM64 0 +#endif + +#if !defined(CRYPTOPP_NO_UNALIGNED_DATA_ACCESS) && !defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) +#if (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || defined(__powerpc__) || (__ARM_FEATURE_UNALIGNED >= 1)) + #define CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS +#endif +#endif + +// ***************** determine availability of OS features ******************** + +#ifndef NO_OS_DEPENDENCE + +#if defined(_WIN32) || defined(__CYGWIN__) +#define CRYPTOPP_WIN32_AVAILABLE +#endif + +#if defined(__unix__) || defined(__MACH__) || defined(__NetBSD__) || defined(__sun) +#define CRYPTOPP_UNIX_AVAILABLE +#endif + +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) +#define CRYPTOPP_BSD_AVAILABLE +#endif + +#if defined(CRYPTOPP_WIN32_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE) +# define HIGHRES_TIMER_AVAILABLE +#endif + +#ifdef CRYPTOPP_WIN32_AVAILABLE +# if !defined(WINAPI_FAMILY) +# define THREAD_TIMER_AVAILABLE +# elif defined(WINAPI_FAMILY) +# if (WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)) +# define THREAD_TIMER_AVAILABLE +# endif +# endif +#endif + +#ifdef CRYPTOPP_UNIX_AVAILABLE +# define HAS_BERKELEY_STYLE_SOCKETS +# define SOCKETS_AVAILABLE +#endif + +// Sockets are only available under Windows Runtime desktop partition apps (despite the MSDN literature) +#ifdef CRYPTOPP_WIN32_AVAILABLE +# define HAS_WINDOWS_STYLE_SOCKETS +# if !defined(WINAPI_FAMILY) +# define SOCKETS_AVAILABLE +# elif defined(WINAPI_FAMILY) +# if (WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)) +# define SOCKETS_AVAILABLE +# endif +# endif +#endif + +#if defined(HAS_WINDOWS_STYLE_SOCKETS) && (!defined(HAS_BERKELEY_STYLE_SOCKETS) || defined(PREFER_WINDOWS_STYLE_SOCKETS)) +# define USE_WINDOWS_STYLE_SOCKETS +#else +# define USE_BERKELEY_STYLE_SOCKETS +#endif + +#if defined(CRYPTOPP_WIN32_AVAILABLE) && defined(SOCKETS_AVAILABLE) && !defined(USE_BERKELEY_STYLE_SOCKETS) +# define WINDOWS_PIPES_AVAILABLE +#endif + +#if defined(CRYPTOPP_UNIX_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING) +# define NONBLOCKING_RNG_AVAILABLE +# define BLOCKING_RNG_AVAILABLE +# define OS_RNG_AVAILABLE +# define HAS_PTHREADS +# define THREADS_AVAILABLE +#endif + +#if defined(CRYPTOPP_BSD_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE) || defined(__CYGWIN__) +# define UNIX_SIGNALS_AVAILABLE 1 +#endif + +#ifdef CRYPTOPP_WIN32_AVAILABLE +# if !defined(WINAPI_FAMILY) +# define HAS_WINTHREADS +# define THREADS_AVAILABLE +# define NONBLOCKING_RNG_AVAILABLE +# define OS_RNG_AVAILABLE +# elif defined(WINAPI_FAMILY) +# if (WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)) +# define HAS_WINTHREADS +# define THREADS_AVAILABLE +# define NONBLOCKING_RNG_AVAILABLE +# define OS_RNG_AVAILABLE +# elif !(WINAPI_FAMILY_PARTITION(WINAPI_PARTITION_DESKTOP)) +# if ((WINVER >= 0x0A00 /*_WIN32_WINNT_WIN10*/) || (_WIN32_WINNT >= 0x0A00 /*_WIN32_WINNT_WIN10*/)) +# define NONBLOCKING_RNG_AVAILABLE +# define OS_RNG_AVAILABLE +# endif +# endif +# endif +#endif + +#endif // NO_OS_DEPENDENCE + +// ***************** DLL related ******************** + +#if defined(CRYPTOPP_WIN32_AVAILABLE) && !defined(CRYPTOPP_DOXYGEN_PROCESSING) + +#ifdef CRYPTOPP_EXPORTS +#define CRYPTOPP_IS_DLL +#define CRYPTOPP_DLL __declspec(dllexport) +#elif defined(CRYPTOPP_IMPORTS) +#define CRYPTOPP_IS_DLL +#define CRYPTOPP_DLL __declspec(dllimport) +#else +#define CRYPTOPP_DLL +#endif + +#define CRYPTOPP_API __cdecl + +#else // not CRYPTOPP_WIN32_AVAILABLE + +#define CRYPTOPP_DLL +#define CRYPTOPP_API + +#endif // CRYPTOPP_WIN32_AVAILABLE + +#if defined(__MWERKS__) +#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS extern class CRYPTOPP_DLL +#elif defined(__BORLANDC__) || defined(__SUNPRO_CC) +#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS template class CRYPTOPP_DLL +#else +#define CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS extern template class CRYPTOPP_DLL +#endif + +#if defined(CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES) && !defined(CRYPTOPP_IMPORTS) +#define CRYPTOPP_DLL_TEMPLATE_CLASS template class CRYPTOPP_DLL +#else +#define CRYPTOPP_DLL_TEMPLATE_CLASS CRYPTOPP_EXTERN_DLL_TEMPLATE_CLASS +#endif + +#if defined(__MWERKS__) +#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS extern class +#elif defined(__BORLANDC__) || defined(__SUNPRO_CC) +#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS template class +#else +#define CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS extern template class +#endif + +#if defined(CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES) && !defined(CRYPTOPP_EXPORTS) +#define CRYPTOPP_STATIC_TEMPLATE_CLASS template class +#else +#define CRYPTOPP_STATIC_TEMPLATE_CLASS CRYPTOPP_EXTERN_STATIC_TEMPLATE_CLASS +#endif + +// ************** Unused variable *************** + +// Portable way to suppress warnings. +// Moved from misc.h due to circular depenedencies. +#define CRYPTOPP_UNUSED(x) ((void)(x)) + +// ************** Deprecated *************** + +#if (CRYPTOPP_GCC_VERSION >= 40500) || (CRYPTOPP_LLVM_CLANG_VERSION >= 20800) +# define CRYPTOPP_DEPRECATED(msg) __attribute__((deprecated (msg))); +#elif (CRYPTOPP_GCC_VERSION) +# define CRYPTOPP_DEPRECATED(msg) __attribute__((deprecated)); +#else +# define CRYPTOPP_DEPRECATED(msg) +#endif + +// ***************** C++11 related ******************** + +// Visual Studio began at VS2010, http://msdn.microsoft.com/en-us/library/hh567368%28v=vs.110%29.aspx. +// Intel and C++11 language features, http://software.intel.com/en-us/articles/c0x-features-supported-by-intel-c-compiler +// GCC and C++11 language features, http://gcc.gnu.org/projects/cxx0x.html +// Clang and C++11 language features, http://clang.llvm.org/cxx_status.html +#if ((_MSC_VER >= 1600) || (__cplusplus >= 201103L)) && !defined(_STLPORT_VERSION) +# define CRYPTOPP_CXX11 1 +#endif + +// Hack ahead. Apple's standard library does not have C++'s unique_ptr in C++11. We can't +// test for unique_ptr directly because some of the non-Apple Clangs on OS X fail the same +// way. However, modern standard libraries have , so we test for it instead. +// Thanks to Jonathan Wakely for devising the clever test for modern/ancient versions. +// TODO: test under Xcode 3, where g++ is really g++. +#if defined(__APPLE__) && defined(__clang__) +# if !(defined(__has_include) && __has_include()) +# undef CRYPTOPP_CXX11 +# endif +#endif + +// C++11 or C++14 is available +#if defined(CRYPTOPP_CXX11) + +// atomics: MS at VS2012 (17.00); GCC at 4.4; Clang at 3.1/3.2; Intel 13.0; SunCC 12.5. +#if (CRYPTOPP_MSC_VERSION >= 1700) +# define CRYPTOPP_CXX11_ATOMICS 1 +#elif (__INTEL_COMPILER >= 1300) +# define CRYPTOPP_CXX11_ATOMICS 1 +#elif defined(__clang__) +# if __has_feature(cxx_atomic) +# define CRYPTOPP_CXX11_ATOMICS 1 +# endif +#elif (CRYPTOPP_GCC_VERSION >= 40400) +# define CRYPTOPP_CXX11_ATOMICS 1 +#elif (__SUNPRO_CC >= 0x5140) +# define CRYPTOPP_CXX11_ATOMICS 1 +#endif // atomics + +// synchronization: MS at VS2012 (17.00); GCC at 4.4; Clang at 3.3; Xcode 5.0; Intel 12.0; SunCC 12.4. +// TODO: verify Clang and Intel versions; find __has_feature(x) extension for Clang +#if (CRYPTOPP_MSC_VERSION >= 1700) +# define CRYPTOPP_CXX11_SYNCHRONIZATION 1 +#elif (__INTEL_COMPILER >= 1200) +# define CRYPTOPP_CXX11_SYNCHRONIZATION 1 +#elif (CRYPTOPP_LLVM_CLANG_VERSION >= 30300) || (CRYPTOPP_APPLE_CLANG_VERSION >= 50000) +# define CRYPTOPP_CXX11_SYNCHRONIZATION 1 +#elif (CRYPTOPP_GCC_VERSION >= 40400) +# define CRYPTOPP_CXX11_SYNCHRONIZATION 1 +#elif (__SUNPRO_CC >= 0x5130) +# define CRYPTOPP_CXX11_SYNCHRONIZATION 1 +#endif // synchronization + +// alignof/alignas: MS at VS2015 (19.00); GCC at 4.8; Clang at 3.3; Intel 15.0; SunCC 12.4. +#if (CRYPTOPP_MSC_VERSION >= 1900) +# define CRYPTOPP_CXX11_ALIGNAS 1 +# define CRYPTOPP_CXX11_ALIGNOF 1 +#elif (__INTEL_COMPILER >= 1500) +# define CRYPTOPP_CXX11_ALIGNAS 1 +# define CRYPTOPP_CXX11_ALIGNOF 1 +#elif defined(__clang__) +# if __has_feature(cxx_alignas) +# define CRYPTOPP_CXX11_ALIGNAS 1 +# endif +# if __has_feature(cxx_alignof) +# define CRYPTOPP_CXX11_ALIGNOF 1 +# endif +#elif (CRYPTOPP_GCC_VERSION >= 40800) +# define CRYPTOPP_CXX11_ALIGNAS 1 +# define CRYPTOPP_CXX11_ALIGNOF 1 +#elif (__SUNPRO_CC >= 0x5130) +# define CRYPTOPP_CXX11_ALIGNAS 1 +# define CRYPTOPP_CXX11_ALIGNOF 1 +#endif // alignof/alignas + +// noexcept: MS at VS2015 (19.00); GCC at 4.6; Clang at 3.0; Intel 14.0; SunCC 12.4. +#if (CRYPTOPP_MSC_VERSION >= 1900) +# define CRYPTOPP_CXX11_NOEXCEPT 1 +#elif (__INTEL_COMPILER >= 1400) +# define CRYPTOPP_CXX11_NOEXCEPT 1 +#elif defined(__clang__) +# if __has_feature(cxx_noexcept) +# define CRYPTOPP_CXX11_NOEXCEPT 1 +# endif +#elif (CRYPTOPP_GCC_VERSION >= 40600) +# define CRYPTOPP_CXX11_NOEXCEPT 1 +#elif (__SUNPRO_CC >= 0x5130) +# define CRYPTOPP_CXX11_NOEXCEPT 1 +#endif // noexcept compilers + +// variadic templates: MS at VS2013 (18.00); GCC at 4.3; Clang at 2.9; Intel 12.1; SunCC 12.4. +#if (CRYPTOPP_MSC_VERSION >= 1800) +# define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1 +#elif (__INTEL_COMPILER >= 1210) +# define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1 +#elif defined(__clang__) +# if __has_feature(cxx_variadic_templates) +# define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1 +# endif +#elif (CRYPTOPP_GCC_VERSION >= 40300) +# define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1 +#elif (__SUNPRO_CC >= 0x5130) +# define CRYPTOPP_CXX11_VARIADIC_TEMPLATES 1 +#endif // variadic templates + +// constexpr: MS at VS2015 (19.00); GCC at 4.6; Clang at 3.0; Intel 16.0; SunCC 12.4. +// Intel has mis-supported the feature since at least ICPC 13.00 +#if (CRYPTOPP_MSC_VERSION >= 1900) +# define CRYPTOPP_CXX11_CONSTEXPR 1 +#elif (__INTEL_COMPILER >= 1600) +# define CRYPTOPP_CXX11_CONSTEXPR 1 +#elif defined(__clang__) +# if __has_feature(cxx_constexpr) +# define CRYPTOPP_CXX11_CONSTEXPR 1 +# endif +#elif (CRYPTOPP_GCC_VERSION >= 40600) +# define CRYPTOPP_CXX11_CONSTEXPR 1 +#elif (__SUNPRO_CC >= 0x5130) +# define CRYPTOPP_CXX11_CONSTEXPR 1 +#endif // constexpr compilers + +// TODO: Emplacement, R-values and Move semantics +// Needed because we are catching warnings with GCC and MSC + +#endif // CRYPTOPP_CXX11 + +#if defined(CRYPTOPP_CXX11_NOEXCEPT) +# define CRYPTOPP_THROW noexcept(false) +# define CRYPTOPP_NO_THROW noexcept(true) +#else +# define CRYPTOPP_THROW +# define CRYPTOPP_NO_THROW +#endif // CRYPTOPP_CXX11_NOEXCEPT + +#if defined(CRYPTOPP_CXX11_CONSTEXPR) +# define CRYPTOPP_CONSTEXPR constexpr +#else +# define CRYPTOPP_CONSTEXPR +#endif // CRYPTOPP_CXX11_CONSTEXPR + +// Hack... CRYPTOPP_ALIGN_DATA is defined earlier, before C++11 alignas availability is determined +#if defined(CRYPTOPP_CXX11_ALIGNAS) +# undef CRYPTOPP_ALIGN_DATA +# define CRYPTOPP_ALIGN_DATA(x) alignas(x) +#endif // CRYPTOPP_CXX11_ALIGNAS + +// Hack... CRYPTOPP_CONSTANT is defined earlier, before C++11 constexpr availability is determined +#if defined(CRYPTOPP_CXX11_CONSTEXPR) +# undef CRYPTOPP_CONSTANT +# define CRYPTOPP_CONSTANT(x) constexpr static int x; +#endif + +// OK to comment the following out, but please report it so we can fix it. +// C++17 value taken from http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2015/n4567.pdf. +#if (defined(__cplusplus) && (__cplusplus >= 199711L) && (__cplusplus < 201402L)) && !defined(CRYPTOPP_UNCAUGHT_EXCEPTION_AVAILABLE) +# error "std::uncaught_exception is not available. This is likely a configuration error." +#endif + +#endif diff --git a/libs/win_crypto++/include/cpu.h b/libs/win_crypto++/include/cpu.h new file mode 100644 index 0000000..11a852c --- /dev/null +++ b/libs/win_crypto++/include/cpu.h @@ -0,0 +1,597 @@ +// cpu.h - written and placed in the public domain by Wei Dai + +//! \file cpu.h +//! \brief Functions for CPU features and intrinsics +//! \details The functions are used in X86/X32/X64 and NEON code paths + +#ifndef CRYPTOPP_CPU_H +#define CRYPTOPP_CPU_H + +#include "config.h" + +// ARM32/ARM64 Headers +#if (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64) +# if defined(__GNUC__) +# include +# endif +# if CRYPTOPP_BOOL_NEON_INTRINSICS_AVAILABLE || defined(__ARM_NEON) +# include +# endif +# if (CRYPTOPP_BOOL_ARM_CRYPTO_INTRINSICS_AVAILABLE || CRYPTOPP_BOOL_ARM_CRC32_INTRINSICS_AVAILABLE) || defined(__ARM_ACLE) +# include +# endif +#endif // ARM32 and ARM64 Headers + +// X86/X64/X32 Headers +#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64 + +// GCC X86 super-include +#if (CRYPTOPP_GCC_VERSION >= 40800) +# include +#endif +#if (CRYPTOPP_MSC_VERSION >= 1400) +# include +#endif + +// Baseline include +#if CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE || CRYPTOPP_BOOL_SSE2_INTRINSICS_AVAILABLE +# include // __m64, __m128i, _mm_set_epi64x +#endif +#if CRYPTOPP_BOOL_SSSE3_ASM_AVAILABLE +# include // _mm_shuffle_pi8, _mm_shuffle_epi8 +#endif // tmmintrin.h +#if CRYPTOPP_BOOL_SSE4_INTRINSICS_AVAILABLE +# include // _mm_blend_epi16 +# include // _mm_crc32_u{8|16|32} +#endif // smmintrin.h +#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE +# include // aesenc, aesdec, etc +#endif // wmmintrin.h +#if CRYPTOPP_BOOL_AVX_INTRINSICS_AVAILABLE +# include // RDRAND, RDSEED and AVX +#endif +#if CRYPTOPP_BOOL_AVX2_INTRINSICS_AVAILABLE +# include // AVX 512-bit extensions +#endif +#endif // X86/X64/X32 Headers + +// Applies to both X86/X32/X64 and ARM32/ARM64. And we've got MIPS devices on the way. +#if defined(_MSC_VER) || defined(__BORLANDC__) +# define CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY +#else +# define CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY +#endif + +// Applies to both X86/X32/X64 and ARM32/ARM64 +#if defined(CRYPTOPP_LLVM_CLANG_VERSION) || defined(CRYPTOPP_APPLE_CLANG_VERSION) || defined(CRYPTOPP_CLANG_INTEGRATED_ASSEMBLER) + #define NEW_LINE "\n" + #define INTEL_PREFIX ".intel_syntax;" + #define INTEL_NOPREFIX ".intel_syntax;" + #define ATT_PREFIX ".att_syntax;" + #define ATT_NOPREFIX ".att_syntax;" +#elif defined(__GNUC__) + #define NEW_LINE + #define INTEL_PREFIX ".intel_syntax prefix;" + #define INTEL_NOPREFIX ".intel_syntax noprefix;" + #define ATT_PREFIX ".att_syntax prefix;" + #define ATT_NOPREFIX ".att_syntax noprefix;" +#else + #define NEW_LINE + #define INTEL_PREFIX + #define INTEL_NOPREFIX + #define ATT_PREFIX + #define ATT_NOPREFIX +#endif + +#ifdef CRYPTOPP_GENERATE_X64_MASM + +#define CRYPTOPP_X86_ASM_AVAILABLE +#define CRYPTOPP_BOOL_X64 1 +#define CRYPTOPP_BOOL_SSE2_ASM_AVAILABLE 1 +#define NAMESPACE_END + +#else + +NAMESPACE_BEGIN(CryptoPP) + +#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64 || CRYPTOPP_DOXYGEN_PROCESSING + +#define CRYPTOPP_CPUID_AVAILABLE + +// Hide from Doxygen +#ifndef CRYPTOPP_DOXYGEN_PROCESSING +// These should not be used directly +extern CRYPTOPP_DLL bool g_x86DetectionDone; +extern CRYPTOPP_DLL bool g_hasMMX; +extern CRYPTOPP_DLL bool g_hasISSE; +extern CRYPTOPP_DLL bool g_hasSSE2; +extern CRYPTOPP_DLL bool g_hasSSSE3; +extern CRYPTOPP_DLL bool g_hasSSE4; +extern CRYPTOPP_DLL bool g_hasAESNI; +extern CRYPTOPP_DLL bool g_hasCLMUL; +extern CRYPTOPP_DLL bool g_isP4; +extern CRYPTOPP_DLL bool g_hasRDRAND; +extern CRYPTOPP_DLL bool g_hasRDSEED; +extern CRYPTOPP_DLL bool g_hasPadlockRNG; +extern CRYPTOPP_DLL bool g_hasPadlockACE; +extern CRYPTOPP_DLL bool g_hasPadlockACE2; +extern CRYPTOPP_DLL bool g_hasPadlockPHE; +extern CRYPTOPP_DLL bool g_hasPadlockPMM; +extern CRYPTOPP_DLL word32 g_cacheLineSize; + +CRYPTOPP_DLL void CRYPTOPP_API DetectX86Features(); +CRYPTOPP_DLL bool CRYPTOPP_API CpuId(word32 input, word32 output[4]); +#endif // CRYPTOPP_DOXYGEN_PROCESSING + +//! \brief Determines MMX availability +//! \returns true if MMX is determined to be available, false otherwise +//! \details MMX, SSE and SSE2 are core processor features for x86_64, and +//! the function always returns true for the platform. +inline bool HasMMX() +{ +#if CRYPTOPP_BOOL_X64 + return true; +#else + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasMMX; +#endif +} + +//! \brief Determines SSE availability +//! \returns true if SSE is determined to be available, false otherwise +//! \details MMX, SSE and SSE2 are core processor features for x86_64, and +//! the function always returns true for the platform. +inline bool HasISSE() +{ +#if CRYPTOPP_BOOL_X64 + return true; +#else + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasISSE; +#endif +} + +//! \brief Determines SSE2 availability +//! \returns true if SSE2 is determined to be available, false otherwise +//! \details MMX, SSE and SSE2 are core processor features for x86_64, and +//! the function always returns true for the platform. +inline bool HasSSE2() +{ +#if CRYPTOPP_BOOL_X64 + return true; +#else + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasSSE2; +#endif +} + +//! \brief Determines SSSE3 availability +//! \returns true if SSSE3 is determined to be available, false otherwise +//! \details HasSSSE3() is a runtime check performed using CPUID +//! \note Some Clang compilers incorrectly omit SSSE3 even though its native to the processor. +inline bool HasSSSE3() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasSSSE3; +} + +//! \brief Determines SSE4 availability +//! \returns true if SSE4.1 and SSE4.2 are determined to be available, false otherwise +//! \details HasSSE4() is a runtime check performed using CPUID which requires both SSE4.1 and SSE4.2 +inline bool HasSSE4() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasSSE4; +} + +//! \brief Determines AES-NI availability +//! \returns true if AES-NI is determined to be available, false otherwise +//! \details HasAESNI() is a runtime check performed using CPUID +inline bool HasAESNI() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasAESNI; +} + +//! \brief Determines Carryless Multiply availability +//! \returns true if pclmulqdq is determined to be available, false otherwise +//! \details HasCLMUL() is a runtime check performed using CPUID +inline bool HasCLMUL() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasCLMUL; +} + +//! \brief Determines if the CPU is an Intel P4 +//! \returns true if the CPU is a P4, false otherwise +//! \details IsP4() is a runtime check performed using CPUID +inline bool IsP4() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_isP4; +} + +//! \brief Determines RDRAND availability +//! \returns true if RDRAND is determined to be available, false otherwise +//! \details HasRDRAND() is a runtime check performed using CPUID +inline bool HasRDRAND() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasRDRAND; +} + +//! \brief Determines RDSEED availability +//! \returns true if RDSEED is determined to be available, false otherwise +//! \details HasRDSEED() is a runtime check performed using CPUID +inline bool HasRDSEED() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasRDSEED; +} + +//! \brief Determines Padlock RNG availability +//! \returns true if VIA Padlock RNG is determined to be available, false otherwise +//! \details HasPadlockRNG() is a runtime check performed using CPUID +inline bool HasPadlockRNG() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasPadlockRNG; +} + +//! \brief Determines Padlock ACE availability +//! \returns true if VIA Padlock ACE is determined to be available, false otherwise +//! \details HasPadlockACE() is a runtime check performed using CPUID +inline bool HasPadlockACE() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasPadlockACE; +} + +//! \brief Determines Padlock ACE2 availability +//! \returns true if VIA Padlock ACE2 is determined to be available, false otherwise +//! \details HasPadlockACE2() is a runtime check performed using CPUID +inline bool HasPadlockACE2() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasPadlockACE2; +} + +//! \brief Determines Padlock PHE availability +//! \returns true if VIA Padlock PHE is determined to be available, false otherwise +//! \details HasPadlockPHE() is a runtime check performed using CPUID +inline bool HasPadlockPHE() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasPadlockPHE; +} + +//! \brief Determines Padlock PMM availability +//! \returns true if VIA Padlock PMM is determined to be available, false otherwise +//! \details HasPadlockPMM() is a runtime check performed using CPUID +inline bool HasPadlockPMM() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_hasPadlockPMM; +} + +//! \brief Provides the cache line size +//! \returns lower bound on the size of a cache line in bytes, if available +//! \details GetCacheLineSize() returns the lower bound on the size of a cache line, if it +//! is available. If the value is not available at runtime, then 32 is returned for a 32-bit +//! processor and 64 is returned for a 64-bit processor. +//! \details x86/x32/x64 uses CPUID to determine the value and its usually accurate. The ARM +//! processor equivalent is a privileged instruction, so a compile time value is returned. +inline int GetCacheLineSize() +{ + if (!g_x86DetectionDone) + DetectX86Features(); + return g_cacheLineSize; +} + +#elif (CRYPTOPP_BOOL_ARM32 || CRYPTOPP_BOOL_ARM64) + +extern bool g_ArmDetectionDone; +extern bool g_hasNEON, g_hasPMULL, g_hasCRC32, g_hasAES, g_hasSHA1, g_hasSHA2; +void CRYPTOPP_API DetectArmFeatures(); + +//! \brief Determine if an ARM processor has Advanced SIMD available +//! \returns true if the hardware is capable of Advanced SIMD at runtime, false otherwise. +//! \details Advanced SIMD instructions are available under Aarch64 (ARM-64) and Aarch32 (ARM-32). +//! \details Runtime support requires compile time support. When compiling with GCC, you may +//! need to compile with -mfpu=neon (32-bit) or -march=armv8-a +//! (64-bit). Also see ARM's __ARM_NEON preprocessor macro. +inline bool HasNEON() +{ + if (!g_ArmDetectionDone) + DetectArmFeatures(); + return g_hasNEON; +} + +//! \brief Determine if an ARM processor provides Polynomial Multiplication (long) +//! \returns true if the hardware is capable of polynomial multiplications at runtime, false otherwise. +//! \details The multiplication instructions are available under Aarch64 (ARM-64) and Aarch32 (ARM-32). +//! \details Runtime support requires compile time support. When compiling with GCC, you may +//! need to compile with -march=armv8-a+crypto; while Apple requires +//! -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. +inline bool HasPMULL() +{ + if (!g_ArmDetectionDone) + DetectArmFeatures(); + return g_hasPMULL; +} + +//! \brief Determine if an ARM processor has CRC32 available +//! \returns true if the hardware is capable of CRC32 at runtime, false otherwise. +//! \details CRC32 instructions provide access to the processor's CRC32 and CRC32-C intructions. +//! They are provided by ARM C Language Extensions 2.0 (ACLE 2.0) and available under Aarch64 +//! (ARM-64) and Aarch32 (ARM-32) running on Aarch64 (i.e., an AArch32 execution environment). +//! \details Runtime support requires compile time support. When compiling with GCC, you may +//! need to compile with -march=armv8-a+crc; while Apple requires +//! -arch arm64. Also see ARM's __ARM_FEATURE_CRC32 preprocessor macro. +inline bool HasCRC32() +{ + if (!g_ArmDetectionDone) + DetectArmFeatures(); + return g_hasCRC32; +} + +//! \brief Determine if an ARM processor has AES available +//! \returns true if the hardware is capable of AES at runtime, false otherwise. +//! \details AES is part of the Crypto extensions from ARM C Language Extensions 2.0 (ACLE 2.0) +//! and available under Aarch64 (ARM-64) and Aarch32 (ARM-32) running on Aarch64 (i.e., an +//! AArch32 execution environment). +//! \details Runtime support requires compile time support. When compiling with GCC, you may +//! need to compile with -march=armv8-a+crypto; while Apple requires +//! -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. +inline bool HasAES() +{ + if (!g_ArmDetectionDone) + DetectArmFeatures(); + return g_hasAES; +} + +//! \brief Determine if an ARM processor has SHA1 available +//! \returns true if the hardware is capable of SHA1 at runtime, false otherwise. +//! \details SHA1 is part of the Crypto extensions from ARM C Language Extensions 2.0 (ACLE 2.0) +//! and available under Aarch64 (ARM-64) and Aarch32 (ARM-32) running on Aarch64 (i.e., an +//! AArch32 execution environment). +//! \details Runtime support requires compile time support. When compiling with GCC, you may +//! need to compile with -march=armv8-a+crypto; while Apple requires +//! -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. +inline bool HasSHA1() +{ + if (!g_ArmDetectionDone) + DetectArmFeatures(); + return g_hasSHA1; +} + +//! \brief Determine if an ARM processor has SHA2 available +//! \returns true if the hardware is capable of SHA2 at runtime, false otherwise. +//! \details SHA2 is part of the Crypto extensions from ARM C Language Extensions 2.0 (ACLE 2.0) +//! and available under Aarch64 (ARM-64) and Aarch32 (ARM-32) running on Aarch64 (i.e., an +//! AArch32 execution environment). +//! \details Runtime support requires compile time support. When compiling with GCC, you may +//! need to compile with -march=armv8-a+crypto; while Apple requires +//! -arch arm64. Also see ARM's __ARM_FEATURE_CRYPTO preprocessor macro. +inline bool HasSHA2() +{ + if (!g_ArmDetectionDone) + DetectArmFeatures(); + return g_hasSHA2; +} + +//! \brief Provides the cache line size at runtime +//! \returns true if the hardware is capable of CRC32 at runtime, false otherwise. +//! \details GetCacheLineSize() provides is an estimate using CRYPTOPP_L1_CACHE_LINE_SIZE. +//! The runtime instructions to query the processor are privileged. +inline int GetCacheLineSize() +{ + return CRYPTOPP_L1_CACHE_LINE_SIZE; +} + +#else + +inline int GetCacheLineSize() +{ + return CRYPTOPP_L1_CACHE_LINE_SIZE; +} + +#endif // X86/X32/X64 and ARM + +#endif + +#if CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64 + +#ifdef CRYPTOPP_GENERATE_X64_MASM + #define AS1(x) x*newline* + #define AS2(x, y) x, y*newline* + #define AS3(x, y, z) x, y, z*newline* + #define ASS(x, y, a, b, c, d) x, y, a*64+b*16+c*4+d*newline* + #define ASL(x) label##x:*newline* + #define ASJ(x, y, z) x label##y*newline* + #define ASC(x, y) x label##y*newline* + #define AS_HEX(y) 0##y##h +#elif defined(_MSC_VER) || defined(__BORLANDC__) + #define CRYPTOPP_MS_STYLE_INLINE_ASSEMBLY + #define AS1(x) __asm {x} + #define AS2(x, y) __asm {x, y} + #define AS3(x, y, z) __asm {x, y, z} + #define ASS(x, y, a, b, c, d) __asm {x, y, (a)*64+(b)*16+(c)*4+(d)} + #define ASL(x) __asm {label##x:} + #define ASJ(x, y, z) __asm {x label##y} + #define ASC(x, y) __asm {x label##y} + #define CRYPTOPP_NAKED __declspec(naked) + #define AS_HEX(y) 0x##y +#else + #define CRYPTOPP_GNU_STYLE_INLINE_ASSEMBLY + + // define these in two steps to allow arguments to be expanded + #define GNU_AS1(x) #x ";" NEW_LINE + #define GNU_AS2(x, y) #x ", " #y ";" NEW_LINE + #define GNU_AS3(x, y, z) #x ", " #y ", " #z ";" NEW_LINE + #define GNU_ASL(x) "\n" #x ":" NEW_LINE + #define GNU_ASJ(x, y, z) #x " " #y #z ";" NEW_LINE + #define AS1(x) GNU_AS1(x) + #define AS2(x, y) GNU_AS2(x, y) + #define AS3(x, y, z) GNU_AS3(x, y, z) + #define ASS(x, y, a, b, c, d) #x ", " #y ", " #a "*64+" #b "*16+" #c "*4+" #d ";" + #define ASL(x) GNU_ASL(x) + #define ASJ(x, y, z) GNU_ASJ(x, y, z) + #define ASC(x, y) #x " " #y ";" + #define CRYPTOPP_NAKED + #define AS_HEX(y) 0x##y +#endif + +#define IF0(y) +#define IF1(y) y + +#ifdef CRYPTOPP_GENERATE_X64_MASM +#define ASM_MOD(x, y) ((x) MOD (y)) +#define XMMWORD_PTR XMMWORD PTR +#else +// GNU assembler doesn't seem to have mod operator +#define ASM_MOD(x, y) ((x)-((x)/(y))*(y)) +// GAS 2.15 doesn't support XMMWORD PTR. it seems necessary only for MASM +#define XMMWORD_PTR +#endif + +#if CRYPTOPP_BOOL_X86 + #define AS_REG_1 ecx + #define AS_REG_2 edx + #define AS_REG_3 esi + #define AS_REG_4 edi + #define AS_REG_5 eax + #define AS_REG_6 ebx + #define AS_REG_7 ebp + #define AS_REG_1d ecx + #define AS_REG_2d edx + #define AS_REG_3d esi + #define AS_REG_4d edi + #define AS_REG_5d eax + #define AS_REG_6d ebx + #define AS_REG_7d ebp + #define WORD_SZ 4 + #define WORD_REG(x) e##x + #define WORD_PTR DWORD PTR + #define AS_PUSH_IF86(x) AS1(push e##x) + #define AS_POP_IF86(x) AS1(pop e##x) + #define AS_JCXZ jecxz +#elif CRYPTOPP_BOOL_X32 + #define AS_REG_1 ecx + #define AS_REG_2 edx + #define AS_REG_3 r8d + #define AS_REG_4 r9d + #define AS_REG_5 eax + #define AS_REG_6 r10d + #define AS_REG_7 r11d + #define AS_REG_1d ecx + #define AS_REG_2d edx + #define AS_REG_3d r8d + #define AS_REG_4d r9d + #define AS_REG_5d eax + #define AS_REG_6d r10d + #define AS_REG_7d r11d + #define WORD_SZ 4 + #define WORD_REG(x) e##x + #define WORD_PTR DWORD PTR + #define AS_PUSH_IF86(x) AS1(push r##x) + #define AS_POP_IF86(x) AS1(pop r##x) + #define AS_JCXZ jecxz +#elif CRYPTOPP_BOOL_X64 + #ifdef CRYPTOPP_GENERATE_X64_MASM + #define AS_REG_1 rcx + #define AS_REG_2 rdx + #define AS_REG_3 r8 + #define AS_REG_4 r9 + #define AS_REG_5 rax + #define AS_REG_6 r10 + #define AS_REG_7 r11 + #define AS_REG_1d ecx + #define AS_REG_2d edx + #define AS_REG_3d r8d + #define AS_REG_4d r9d + #define AS_REG_5d eax + #define AS_REG_6d r10d + #define AS_REG_7d r11d + #else + #define AS_REG_1 rdi + #define AS_REG_2 rsi + #define AS_REG_3 rdx + #define AS_REG_4 rcx + #define AS_REG_5 r8 + #define AS_REG_6 r9 + #define AS_REG_7 r10 + #define AS_REG_1d edi + #define AS_REG_2d esi + #define AS_REG_3d edx + #define AS_REG_4d ecx + #define AS_REG_5d r8d + #define AS_REG_6d r9d + #define AS_REG_7d r10d + #endif + #define WORD_SZ 8 + #define WORD_REG(x) r##x + #define WORD_PTR QWORD PTR + #define AS_PUSH_IF86(x) + #define AS_POP_IF86(x) + #define AS_JCXZ jrcxz +#endif + +// helper macro for stream cipher output +#define AS_XMM_OUTPUT4(labelPrefix, inputPtr, outputPtr, x0, x1, x2, x3, t, p0, p1, p2, p3, increment)\ + AS2( test inputPtr, inputPtr)\ + ASC( jz, labelPrefix##3)\ + AS2( test inputPtr, 15)\ + ASC( jnz, labelPrefix##7)\ + AS2( pxor xmm##x0, [inputPtr+p0*16])\ + AS2( pxor xmm##x1, [inputPtr+p1*16])\ + AS2( pxor xmm##x2, [inputPtr+p2*16])\ + AS2( pxor xmm##x3, [inputPtr+p3*16])\ + AS2( add inputPtr, increment*16)\ + ASC( jmp, labelPrefix##3)\ + ASL(labelPrefix##7)\ + AS2( movdqu xmm##t, [inputPtr+p0*16])\ + AS2( pxor xmm##x0, xmm##t)\ + AS2( movdqu xmm##t, [inputPtr+p1*16])\ + AS2( pxor xmm##x1, xmm##t)\ + AS2( movdqu xmm##t, [inputPtr+p2*16])\ + AS2( pxor xmm##x2, xmm##t)\ + AS2( movdqu xmm##t, [inputPtr+p3*16])\ + AS2( pxor xmm##x3, xmm##t)\ + AS2( add inputPtr, increment*16)\ + ASL(labelPrefix##3)\ + AS2( test outputPtr, 15)\ + ASC( jnz, labelPrefix##8)\ + AS2( movdqa [outputPtr+p0*16], xmm##x0)\ + AS2( movdqa [outputPtr+p1*16], xmm##x1)\ + AS2( movdqa [outputPtr+p2*16], xmm##x2)\ + AS2( movdqa [outputPtr+p3*16], xmm##x3)\ + ASC( jmp, labelPrefix##9)\ + ASL(labelPrefix##8)\ + AS2( movdqu [outputPtr+p0*16], xmm##x0)\ + AS2( movdqu [outputPtr+p1*16], xmm##x1)\ + AS2( movdqu [outputPtr+p2*16], xmm##x2)\ + AS2( movdqu [outputPtr+p3*16], xmm##x3)\ + ASL(labelPrefix##9)\ + AS2( add outputPtr, increment*16) + +#endif // X86/X32/X64 + +NAMESPACE_END + +#endif // CRYPTOPP_CPU_H diff --git a/libs/win_crypto++/include/crc.h b/libs/win_crypto++/include/crc.h new file mode 100644 index 0000000..a46d0eb --- /dev/null +++ b/libs/win_crypto++/include/crc.h @@ -0,0 +1,75 @@ +// crc.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile crc.h +//! \brief Classes for CRC-32 and CRC-32C checksum algorithm + +#ifndef CRYPTOPP_CRC32_H +#define CRYPTOPP_CRC32_H + +#include "cryptlib.h" + +NAMESPACE_BEGIN(CryptoPP) + +const word32 CRC32_NEGL = 0xffffffffL; + +#ifdef IS_LITTLE_ENDIAN +#define CRC32_INDEX(c) (c & 0xff) +#define CRC32_SHIFTED(c) (c >> 8) +#else +#define CRC32_INDEX(c) (c >> 24) +#define CRC32_SHIFTED(c) (c << 8) +#endif + +//! \brief CRC-32 Checksum Calculation +//! \details Uses CRC polynomial 0xEDB88320 +class CRC32 : public HashTransformation +{ +public: + CRYPTOPP_CONSTANT(DIGESTSIZE = 4) + CRC32(); + void Update(const byte *input, size_t length); + void TruncatedFinal(byte *hash, size_t size); + unsigned int DigestSize() const {return DIGESTSIZE;} + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "CRC32";} + std::string AlgorithmName() const {return StaticAlgorithmName();} + + void UpdateByte(byte b) {m_crc = m_tab[CRC32_INDEX(m_crc) ^ b] ^ CRC32_SHIFTED(m_crc);} + byte GetCrcByte(size_t i) const {return ((byte *)&(m_crc))[i];} + +protected: + void Reset() {m_crc = CRC32_NEGL;} + +private: + static const word32 m_tab[256]; + word32 m_crc; +}; + +//! \brief CRC-32C Checksum Calculation +//! \details Uses CRC polynomial 0x82F63B78 +//! \since Crypto++ 5.6.4 +class CRC32C : public HashTransformation +{ +public: + CRYPTOPP_CONSTANT(DIGESTSIZE = 4) + CRC32C(); + void Update(const byte *input, size_t length); + void TruncatedFinal(byte *hash, size_t size); + unsigned int DigestSize() const {return DIGESTSIZE;} + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "CRC32C";} + std::string AlgorithmName() const {return StaticAlgorithmName();} + + void UpdateByte(byte b) {m_crc = m_tab[CRC32_INDEX(m_crc) ^ b] ^ CRC32_SHIFTED(m_crc);} + byte GetCrcByte(size_t i) const {return ((byte *)&(m_crc))[i];} + +protected: + void Reset() {m_crc = CRC32_NEGL;} + +private: + static const word32 m_tab[256]; + word32 m_crc; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/cryptlib.h b/libs/win_crypto++/include/cryptlib.h new file mode 100644 index 0000000..5cb2313 --- /dev/null +++ b/libs/win_crypto++/include/cryptlib.h @@ -0,0 +1,3010 @@ +// cryptlib.h - written and placed in the public domain by Wei Dai + +//! \file cryptlib.h +//! \brief Abstract base classes that provide a uniform interface to this library. + +/*! \mainpage Crypto++ Library 5.6.5 API Reference +
+
Abstract Base Classes
+ cryptlib.h +
Authenticated Encryption Modes
+ CCM, EAX, \ref GCM "GCM (2K tables)", \ref GCM "GCM (64K tables)" +
Block Ciphers
+ \ref Rijndael "AES", Weak::ARC4, Blowfish, BTEA, Camellia, CAST128, CAST256, DES, \ref DES_EDE2 "2-key Triple-DES", \ref DES_EDE3 "3-key Triple-DES", + \ref DES_XEX3 "DESX", GOST, IDEA, \ref LR "Luby-Rackoff", MARS, RC2, RC5, RC6, \ref SAFER_K "SAFER-K", \ref SAFER_SK "SAFER-SK", SEED, Serpent, + \ref SHACAL2 "SHACAL-2", SHARK, SKIPJACK, +Square, TEA, \ref ThreeWay "3-Way", Twofish, XTEA +
Stream Ciphers
+ ChaCha8, ChaCha12, ChaCha20, \ref Panama "Panama-LE", \ref Panama "Panama-BE", Salsa20, \ref SEAL "SEAL-LE", \ref SEAL "SEAL-BE", WAKE, XSalsa20 +
Hash Functions
+ BLAKE2s, BLAKE2b, \ref Keccak "Keccak (F1600)", SHA1, SHA224, SHA256, SHA384, SHA512, \ref SHA3 "SHA-3", Tiger, Whirlpool, RIPEMD160, RIPEMD320, RIPEMD128, RIPEMD256, Weak::MD2, Weak::MD4, Weak::MD5 +
Non-Cryptographic Checksums
+ CRC32, Adler32 +
Message Authentication Codes
+ VMAC, HMAC, CBC_MAC, CMAC, DMAC, TTMAC, \ref GCM "GCM (GMAC)", BLAKE2 +
Random Number Generators
+ NullRNG(), LC_RNG, RandomPool, BlockingRng, NonblockingRng, AutoSeededRandomPool, AutoSeededX917RNG, + \ref MersenneTwister "MersenneTwister (MT19937 and MT19937-AR)", RDRAND, RDSEED +
Key Derivation and Password-based Cryptography
+ HKDF, \ref PKCS12_PBKDF "PBKDF (PKCS #12)", \ref PKCS5_PBKDF1 "PBKDF-1 (PKCS #5)", \ref PKCS5_PBKDF2_HMAC "PBKDF-2/HMAC (PKCS #5)" +
Public Key Cryptosystems
+ DLIES, ECIES, LUCES, RSAES, RabinES, LUC_IES +
Public Key Signature Schemes
+ DSA2, GDSA, ECDSA, NR, ECNR, LUCSS, RSASS, RSASS_ISO, RabinSS, RWSS, ESIGN +
Key Agreement
+ DH, DH2, \ref MQV_Domain "MQV", \ref HMQV_Domain "HMQV", \ref FHMQV_Domain "FHMQV", ECDH, ECMQV, ECHMQV, ECFHMQV, XTR_DH +
Algebraic Structures
+ Integer, PolynomialMod2, PolynomialOver, RingOfPolynomialsOver, + ModularArithmetic, MontgomeryRepresentation, GFP2_ONB, GF2NP, GF256, GF2_32, EC2N, ECP +
Secret Sharing and Information Dispersal
+ SecretSharing, SecretRecovery, InformationDispersal, InformationRecovery +
Compression
+ Deflator, Inflator, Gzip, Gunzip, ZlibCompressor, ZlibDecompressor +
Input Source Classes
+ StringSource, ArraySource, FileSource, SocketSource, WindowsPipeSource, RandomNumberSource +
Output Sink Classes
+ StringSinkTemplate, StringSink, ArraySink, FileSink, SocketSink, WindowsPipeSink, RandomNumberSink +
Filter Wrappers
+ StreamTransformationFilter, HashFilter, HashVerificationFilter, SignerFilter, SignatureVerificationFilter +
Binary to Text Encoders and Decoders
+ HexEncoder, HexDecoder, Base64Encoder, Base64Decoder, Base64URLEncoder, Base64URLDecoder, Base32Encoder, Base32Decoder +
Wrappers for OS features
+ Timer, Socket, WindowsHandle, ThreadLocalStorage, ThreadUserTimer +
FIPS 140 validated cryptography
+ fips140.h +
+ +In the DLL version of Crypto++, only the following implementation class are available. +
+
Block Ciphers
+ AES, \ref DES_EDE2 "2-key Triple-DES", \ref DES_EDE3 "3-key Triple-DES", SKIPJACK +
Cipher Modes (replace template parameter BC with one of the block ciphers above)
+ \ref ECB_Mode "ECB_Mode", \ref CTR_Mode "CTR_Mode", \ref CBC_Mode "CBC_Mode", \ref CFB_FIPS_Mode "CFB_FIPS_Mode", \ref OFB_Mode "OFB_Mode", \ref GCM "GCM" +
Hash Functions
+ SHA1, SHA224, SHA256, SHA384, SHA512 +
Public Key Signature Schemes (replace template parameter H with one of the hash functions above)
+ RSASS\, RSASS\, RSASS_ISO\, RWSS\, DSA, ECDSA\, ECDSA\ +
Message Authentication Codes (replace template parameter H with one of the hash functions above)
+ HMAC\, CBC_MAC\, CBC_MAC\, GCM\ +
Random Number Generators
+ DefaultAutoSeededRNG (AutoSeededX917RNG\) +
Key Agreement
+ DH, DH2 +
Public Key Cryptosystems
+ RSAES\ \> +
+ +

This reference manual is a work in progress. Some classes are lack detailed descriptions. +

Click here to download a zip archive containing this manual. +

Thanks to Ryan Phillips for providing the Doxygen configuration file +and getting us started on the manual. +*/ + +#ifndef CRYPTOPP_CRYPTLIB_H +#define CRYPTOPP_CRYPTLIB_H + +#include "config.h" +#include "stdcpp.h" +#include "trap.h" + +#if defined(CRYPTOPP_BSD_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE) +# include +#endif + +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4127 4189 4702) +#endif + +NAMESPACE_BEGIN(CryptoPP) + +// forward declarations +class Integer; +class RandomNumberGenerator; +class BufferedTransformation; + +//! \brief Specifies a direction for a cipher to operate +//! \sa BlockTransformation::IsForwardTransformation(), BlockTransformation::IsPermutation(), BlockTransformation::GetCipherDirection() +enum CipherDir { + //! \brief the cipher is performing encryption + ENCRYPTION, + //! \brief the cipher is performing decryption + DECRYPTION}; + +//! \brief Represents infinite time +const unsigned long INFINITE_TIME = ULONG_MAX; + +// VC60 workaround: using enums as template parameters causes problems +//! \brief Converts a typename to an enumerated value +template +struct EnumToType +{ + static ENUM_TYPE ToEnum() {return (ENUM_TYPE)VALUE;} +}; + +//! \brief Provides the byte ordering +//! \details Big-endian and little-endian modes are supported. Bi-endian and PDP-endian modes +//! are not supported. +enum ByteOrder { + //! \brief byte order is little-endian + LITTLE_ENDIAN_ORDER = 0, + //! \brief byte order is big-endian + BIG_ENDIAN_ORDER = 1}; + +//! \brief Provides a constant for LittleEndian +typedef EnumToType LittleEndian; +//! \brief Provides a constant for BigEndian +typedef EnumToType BigEndian; + +//! \class Exception +//! \brief Base class for all exceptions thrown by the library +//! \details All library exceptions directly or indirectly inherit from the Exception class. +//! The Exception class itself inherits from std::exception. The library does not use +//! std::runtime_error derived classes. +class CRYPTOPP_DLL Exception : public std::exception +{ +public: + //! \enum ErrorType + //! \brief Error types or categories + enum ErrorType { + //! \brief A method was called which was not implemented + NOT_IMPLEMENTED, + //! \brief An invalid argument was detected + INVALID_ARGUMENT, + //! \brief BufferedTransformation received a Flush(true) signal but can't flush buffers + CANNOT_FLUSH, + //! \brief Data integerity check, such as CRC or MAC, failed + DATA_INTEGRITY_CHECK_FAILED, + //! \brief Input data was received that did not conform to expected format + INVALID_DATA_FORMAT, + //! \brief Error reading from input device or writing to output device + IO_ERROR, + //! \brief Some other error occurred not belonging to other categories + OTHER_ERROR + }; + + //! \brief Construct a new Exception + explicit Exception(ErrorType errorType, const std::string &s) : m_errorType(errorType), m_what(s) {} + virtual ~Exception() throw() {} + + //! \brief Retrieves a C-string describing the exception + const char *what() const throw() {return (m_what.c_str());} + //! \brief Retrieves a string describing the exception + const std::string &GetWhat() const {return m_what;} + //! \brief Sets the error string for the exception + void SetWhat(const std::string &s) {m_what = s;} + //! \brief Retrieves the error type for the exception + ErrorType GetErrorType() const {return m_errorType;} + //! \brief Sets the error type for the exceptions + void SetErrorType(ErrorType errorType) {m_errorType = errorType;} + +private: + ErrorType m_errorType; + std::string m_what; +}; + +//! \brief An invalid argument was detected +class CRYPTOPP_DLL InvalidArgument : public Exception +{ +public: + explicit InvalidArgument(const std::string &s) : Exception(INVALID_ARGUMENT, s) {} +}; + +//! \brief Input data was received that did not conform to expected format +class CRYPTOPP_DLL InvalidDataFormat : public Exception +{ +public: + explicit InvalidDataFormat(const std::string &s) : Exception(INVALID_DATA_FORMAT, s) {} +}; + +//! \brief A decryption filter encountered invalid ciphertext +class CRYPTOPP_DLL InvalidCiphertext : public InvalidDataFormat +{ +public: + explicit InvalidCiphertext(const std::string &s) : InvalidDataFormat(s) {} +}; + +//! \brief A method was called which was not implemented +class CRYPTOPP_DLL NotImplemented : public Exception +{ +public: + explicit NotImplemented(const std::string &s) : Exception(NOT_IMPLEMENTED, s) {} +}; + +//! \brief Flush(true) was called but it can't completely flush its buffers +class CRYPTOPP_DLL CannotFlush : public Exception +{ +public: + explicit CannotFlush(const std::string &s) : Exception(CANNOT_FLUSH, s) {} +}; + +//! \brief The operating system reported an error +class CRYPTOPP_DLL OS_Error : public Exception +{ +public: + OS_Error(ErrorType errorType, const std::string &s, const std::string& operation, int errorCode) + : Exception(errorType, s), m_operation(operation), m_errorCode(errorCode) {} + ~OS_Error() throw() {} + + //! \brief Retrieve the operating system API that reported the error + const std::string & GetOperation() const {return m_operation;} + //! \brief Retrieve the error code returned by the operating system + int GetErrorCode() const {return m_errorCode;} + +protected: + std::string m_operation; + int m_errorCode; +}; + +//! \class DecodingResult +//! \brief Returns a decoding results +struct CRYPTOPP_DLL DecodingResult +{ + //! \brief Constructs a DecodingResult + //! \details isValidCoding is initialized to false and messageLength is initialized to 0. + explicit DecodingResult() : isValidCoding(false), messageLength(0) {} + //! \brief Constructs a DecodingResult + //! \param len the message length + //! \details isValidCoding is initialized to true. + explicit DecodingResult(size_t len) : isValidCoding(true), messageLength(len) {} + + //! \brief Compare two DecodingResult + //! \param rhs the other DecodingResult + //! \return true if both isValidCoding and messageLength are equal, false otherwise + bool operator==(const DecodingResult &rhs) const {return isValidCoding == rhs.isValidCoding && messageLength == rhs.messageLength;} + //! \brief Compare two DecodingResult + //! \param rhs the other DecodingResult + //! \return true if either isValidCoding or messageLength is \a not equal, false otherwise + //! \details Returns !operator==(rhs). + bool operator!=(const DecodingResult &rhs) const {return !operator==(rhs);} + + //! \brief Flag to indicate the decoding is valid + bool isValidCoding; + //! \brief Recovered message length if isValidCoding is true, undefined otherwise + size_t messageLength; + +#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY + operator size_t() const {return isValidCoding ? messageLength : 0;} +#endif +}; + +//! \class NameValuePairs +//! \brief Interface for retrieving values given their names +//! \details This class is used to safely pass a variable number of arbitrarily typed arguments to functions +//! and to read values from keys and crypto parameters. +//! \details To obtain an object that implements NameValuePairs for the purpose of parameter +//! passing, use the MakeParameters() function. +//! \details To get a value from NameValuePairs, you need to know the name and the type of the value. +//! Call GetValueNames() on a NameValuePairs object to obtain a list of value names that it supports. +//! then look at the Name namespace documentation to see what the type of each value is, or +//! alternatively, call GetIntValue() with the value name, and if the type is not int, a +//! ValueTypeMismatch exception will be thrown and you can get the actual type from the exception object. +class CRYPTOPP_NO_VTABLE NameValuePairs +{ +public: + virtual ~NameValuePairs() {} + + //! \class ValueTypeMismatch + //! \brief Thrown when an unexpected type is encountered + //! \details Exception thrown when trying to retrieve a value using a different type than expected + class CRYPTOPP_DLL ValueTypeMismatch : public InvalidArgument + { + public: + //! \brief Construct a ValueTypeMismatch + //! \param name the name of the value + //! \param stored the \a actual type of the value stored + //! \param retrieving the \a presumed type of the value retrieved + ValueTypeMismatch(const std::string &name, const std::type_info &stored, const std::type_info &retrieving) + : InvalidArgument("NameValuePairs: type mismatch for '" + name + "', stored '" + stored.name() + "', trying to retrieve '" + retrieving.name() + "'") + , m_stored(stored), m_retrieving(retrieving) {} + + //! \brief Provides the stored type + //! \return the C++ mangled name of the type + const std::type_info & GetStoredTypeInfo() const {return m_stored;} + + //! \brief Provides the retrieveing type + //! \return the C++ mangled name of the type + const std::type_info & GetRetrievingTypeInfo() const {return m_retrieving;} + + private: + const std::type_info &m_stored; + const std::type_info &m_retrieving; + }; + + //! \brief Get a copy of this object or subobject + //! \tparam T class or type + //! \param object reference to a variable that receives the value + template + bool GetThisObject(T &object) const + { + return GetValue((std::string("ThisObject:")+typeid(T).name()).c_str(), object); + } + + //! \brief Get a pointer to this object + //! \tparam T class or type + //! \param ptr reference to a pointer to a variable that receives the value + template + bool GetThisPointer(T *&ptr) const + { + return GetValue((std::string("ThisPointer:")+typeid(T).name()).c_str(), ptr); + } + + //! \brief Get a named value + //! \tparam T class or type + //! \param name the name of the object or value to retrieve + //! \param value reference to a variable that receives the value + //! \returns true if the value was retrieved, false otherwise + //! \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(), + //! GetRequiredParameter() and GetRequiredIntParameter() + template + bool GetValue(const char *name, T &value) const + { + return GetVoidValue(name, typeid(T), &value); + } + + //! \brief Get a named value + //! \tparam T class or type + //! \param name the name of the object or value to retrieve + //! \param defaultValue the default value of the class or type if it does not exist + //! \return the object or value + //! \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(), + //! GetRequiredParameter() and GetRequiredIntParameter() + template + T GetValueWithDefault(const char *name, T defaultValue) const + { + T value; + bool result = GetValue(name, value); + // No assert... this recovers from failure + if (result) {return value;} + return defaultValue; + } + + //! \brief Get a list of value names that can be retrieved + //! \return a list of names available to retrieve + //! \details the items in the list are delimited with a colon. + CRYPTOPP_DLL std::string GetValueNames() const + {std::string result; GetValue("ValueNames", result); return result;} + + //! \brief Get a named value with type int + //! \param name the name of the value to retrieve + //! \param value the value retrieved upon success + //! \return true if an int value was retrieved, false otherwise + //! \details GetIntValue() is used to ensure we don't accidentally try to get an + //! unsigned int or some other type when we mean int (which is the most common case) + //! \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(), + //! GetRequiredParameter() and GetRequiredIntParameter() + CRYPTOPP_DLL bool GetIntValue(const char *name, int &value) const + {return GetValue(name, value);} + + //! \brief Get a named value with type int, with default + //! \param name the name of the value to retrieve + //! \param defaultValue the default value if the name does not exist + //! \return the value retrieved on success or the default value + //! \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(), + //! GetRequiredParameter() and GetRequiredIntParameter() + CRYPTOPP_DLL int GetIntValueWithDefault(const char *name, int defaultValue) const + {return GetValueWithDefault(name, defaultValue);} + + //! \brief Ensures an expected name and type is present + //! \param name the name of the value + //! \param stored the type that was stored for the name + //! \param retrieving the type that is being retrieved for the name + //! \throws ValueTypeMismatch + //! \details ThrowIfTypeMismatch() effectively performs a type safety check. + //! stored and retrieving are C++ mangled names for the type. + //! \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(), + //! GetRequiredParameter() and GetRequiredIntParameter() + CRYPTOPP_DLL static void CRYPTOPP_API ThrowIfTypeMismatch(const char *name, const std::type_info &stored, const std::type_info &retrieving) + {if (stored != retrieving) throw ValueTypeMismatch(name, stored, retrieving);} + + //! \brief Retrieves a required name/value pair + //! \tparam T class or type + //! \param className the name of the class + //! \param name the name of the value + //! \param value reference to a variable to receive the value + //! \throws InvalidArgument + //! \details GetRequiredParameter() throws InvalidArgument if the name + //! is not present or not of the expected type T. + //! \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(), + //! GetRequiredParameter() and GetRequiredIntParameter() + template + void GetRequiredParameter(const char *className, const char *name, T &value) const + { + if (!GetValue(name, value)) + throw InvalidArgument(std::string(className) + ": missing required parameter '" + name + "'"); + } + + //! \brief Retrieves a required name/value pair + //! \param className the name of the class + //! \param name the name of the value + //! \param value reference to a variable to receive the value + //! \throws InvalidArgument + //! \details GetRequiredParameter() throws InvalidArgument if the name + //! is not present or not of the expected type T. + //! \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(), + //! GetRequiredParameter() and GetRequiredIntParameter() + CRYPTOPP_DLL void GetRequiredIntParameter(const char *className, const char *name, int &value) const + { + if (!GetIntValue(name, value)) + throw InvalidArgument(std::string(className) + ": missing required parameter '" + name + "'"); + } + + //! \brief Get a named value + //! \param name the name of the object or value to retrieve + //! \param valueType reference to a variable that receives the value + //! \param pValue void pointer to a variable that receives the value + //! \returns true if the value was retrieved, false otherwise + //! \details GetVoidValue() retrives the value of name if it exists. + //! \note GetVoidValue() is an internal function and should be implemented + //! by derived classes. Users should use one of the other functions instead. + //! \sa GetValue(), GetValueWithDefault(), GetIntValue(), GetIntValueWithDefault(), + //! GetRequiredParameter() and GetRequiredIntParameter() + CRYPTOPP_DLL virtual bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const =0; +}; + +#if CRYPTOPP_DOXYGEN_PROCESSING + +//! \brief Namespace containing value name definitions. +//! \details Name is part of the CryptoPP namespace. +//! \details The semantics of value names, types are: +//! 

+//!     ThisObject:ClassName (ClassName, copy of this object or a subobject)
+//!     ThisPointer:ClassName (const ClassName *, pointer to this object or a subobject)
+//!
+DOCUMENTED_NAMESPACE_BEGIN(Name) +// more names defined in argnames.h +DOCUMENTED_NAMESPACE_END + +//! \brief Namespace containing weak and wounded algorithms. +//! \details Weak is part of the CryptoPP namespace. Schemes and algorithms are moved into Weak +//! when their security level is reduced to an unacceptable level by contemporary standards. +//! \details To use an algorithm in the Weak namespace, you must \c \#define +//! CRYPTOPP_ENABLE_NAMESPACE_WEAK 1 before including a header for a weak or wounded +//! algorithm. For example: +//! 
+//!     \c \#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1
+//!     \c \#include 
+//!     ...
+//!     CryptoPP::Weak::MD5 md5;
+//!
+ +DOCUMENTED_NAMESPACE_BEGIN(Weak) +// weak and wounded algorithms +DOCUMENTED_NAMESPACE_END +#endif + +//! \brief An empty set of name-value pairs +extern CRYPTOPP_DLL const NameValuePairs &g_nullNameValuePairs; + +// ******************************************************** + +//! \class Clonable +//! \brief Interface for cloning objects +//! \note this is \a not implemented by most classes +//! \sa ClonableImpl, NotCopyable +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Clonable +{ +public: + virtual ~Clonable() {} + + //! \brief Copies this object + //! \return a copy of this object + //! \throws NotImplemented + //! \note this is \a not implemented by most classes + //! \sa NotCopyable + virtual Clonable* Clone() const {throw NotImplemented("Clone() is not implemented yet.");} // TODO: make this =0 +}; + +//! \class Algorithm +//! \brief Interface for all crypto algorithms +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Algorithm : public Clonable +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~Algorithm() {} +#endif + + //! \brief Interface for all crypto algorithms + //! \param checkSelfTestStatus determines whether the object can proceed if the self + //! tests have not been run or failed. + //! \details When FIPS 140-2 compliance is enabled and checkSelfTestStatus == true, + //! this constructor throws SelfTestFailure if the self test hasn't been run or fails. + //! \details FIPS 140-2 compliance is disabled by default. It is only used by certain + //! versions of the library when the library is built as a DLL on Windows. Also see + //! CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 in config.h. + Algorithm(bool checkSelfTestStatus = true); + + //! \brief Provides the name of this algorithm + //! \return the standard algorithm name + //! \details The standard algorithm name can be a name like \a AES or \a AES/GCM. Some algorithms + //! do not have standard names yet. For example, there is no standard algorithm name for + //! Shoup's ECIES. + //! \note AlgorithmName is not universally implemented yet + virtual std::string AlgorithmName() const {return "unknown";} +}; + +//! \class SimpleKeyingInterface +//! \brief Interface for algorithms that take byte strings as keys +//! \sa FixedKeyLength(), VariableKeyLength(), SameKeyLengthAs(), SimpleKeyingInterfaceImpl() +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SimpleKeyingInterface +{ +public: + virtual ~SimpleKeyingInterface() {} + + //! \brief Returns smallest valid key length in bytes + virtual size_t MinKeyLength() const =0; + //! \brief Returns largest valid key length in bytes + virtual size_t MaxKeyLength() const =0; + //! \brief Returns default (recommended) key length in bytes + virtual size_t DefaultKeyLength() const =0; + + //! \brief + //! \param n the desired keylength + //! \return the smallest valid key length in bytes that is greater than or equal to min(n, GetMaxKeyLength()) + virtual size_t GetValidKeyLength(size_t n) const =0; + + //! \brief Returns whether keylength is a valid key length + //! \param keylength the requested keylength + //! \return true if keylength is valid, false otherwise + //! \details Internally the function calls GetValidKeyLength() + virtual bool IsValidKeyLength(size_t keylength) const + {return keylength == GetValidKeyLength(keylength);} + + //! \brief Sets or reset the key of this object + //! \param key the key to use when keying the object + //! \param length the size of the key, in bytes + //! \param params additional initialization parameters that cannot be passed + //! directly through the constructor + virtual void SetKey(const byte *key, size_t length, const NameValuePairs ¶ms = g_nullNameValuePairs); + + //! \brief Sets or reset the key of this object + //! \param key the key to use when keying the object + //! \param length the size of the key, in bytes + //! \param rounds the number of rounds to apply the transformation function, + //! if applicable + //! \details SetKeyWithRounds() calls SetKey() with a NameValuePairs + //! object that only specifies rounds. rounds is an integer parameter, + //! and -1 means use the default number of rounds. + void SetKeyWithRounds(const byte *key, size_t length, int rounds); + + //! \brief Sets or reset the key of this object + //! \param key the key to use when keying the object + //! \param length the size of the key, in bytes + //! \param iv the intiialization vector to use when keying the object + //! \param ivLength the size of the iv, in bytes + //! \details SetKeyWithIV() calls SetKey() with a NameValuePairs + //! that only specifies IV. The IV is a byte buffer with size ivLength. + //! ivLength is an integer parameter, and -1 means use IVSize(). + void SetKeyWithIV(const byte *key, size_t length, const byte *iv, size_t ivLength); + + //! \brief Sets or reset the key of this object + //! \param key the key to use when keying the object + //! \param length the size of the key, in bytes + //! \param iv the intiialization vector to use when keying the object + //! \details SetKeyWithIV() calls SetKey() with a NameValuePairs() object + //! that only specifies iv. iv is a byte buffer, and it must have + //! a size IVSize(). + void SetKeyWithIV(const byte *key, size_t length, const byte *iv) + {SetKeyWithIV(key, length, iv, IVSize());} + + //! \brief Secure IVs requirements as enumerated values. + //! \details Provides secure IV requirements as a monotomically increasing enumerated values. Requirements can be + //! compared using less than (<) and greater than (>). For example, UNIQUE_IV < RANDOM_IV + //! and UNPREDICTABLE_RANDOM_IV > RANDOM_IV. + //! \sa IsResynchronizable(), CanUseRandomIVs(), CanUsePredictableIVs(), CanUseStructuredIVs() + enum IV_Requirement { + //! \brief The IV must be unique + UNIQUE_IV = 0, + //! \brief The IV must be random and possibly predictable + RANDOM_IV, + //! \brief The IV must be random and unpredictable + UNPREDICTABLE_RANDOM_IV, + //! \brief The IV is set by the object + INTERNALLY_GENERATED_IV, + //! \brief The object does not use an IV + NOT_RESYNCHRONIZABLE + }; + + //! \brief Minimal requirement for secure IVs + //! \return the secure IV requirement of the algorithm + virtual IV_Requirement IVRequirement() const =0; + + //! \brief Determines if the object can be resynchronized + //! \return true if the object can be resynchronized (i.e. supports initialization vectors), false otherwise + //! \note If this function returns true, and no IV is passed to SetKey() and CanUseStructuredIVs()==true, + //! an IV of all 0's will be assumed. + bool IsResynchronizable() const {return IVRequirement() < NOT_RESYNCHRONIZABLE;} + + //! \brief Determines if the object can use random IVs + //! \return true if the object can use random IVs (in addition to ones returned by GetNextIV), false otherwise + bool CanUseRandomIVs() const {return IVRequirement() <= UNPREDICTABLE_RANDOM_IV;} + + //! \brief Determines if the object can use random but possibly predictable IVs + //! \return true if the object can use random but possibly predictable IVs (in addition to ones returned by + //! GetNextIV), false otherwise + bool CanUsePredictableIVs() const {return IVRequirement() <= RANDOM_IV;} + + //! \brief Determines if the object can use structured IVs + //! \returns true if the object can use structured IVs, false otherwise + //! \details CanUseStructuredIVs() indicates whether the object can use structured IVs; for example a counter + //! (in addition to ones returned by GetNextIV). + bool CanUseStructuredIVs() const {return IVRequirement() <= UNIQUE_IV;} + + //! \brief Returns length of the IV accepted by this object + //! \return the size of an IV, in bytes + //! \throws NotImplemented() if the object does not support resynchronization + //! \details The default implementation throws NotImplemented + virtual unsigned int IVSize() const + {throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization");} + + //! \brief Provides the default size of an IV + //! \return default length of IVs accepted by this object, in bytes + unsigned int DefaultIVLength() const {return IVSize();} + + //! \brief Provides the minimum size of an IV + //! \return minimal length of IVs accepted by this object, in bytes + //! \throws NotImplemented() if the object does not support resynchronization + virtual unsigned int MinIVLength() const {return IVSize();} + + //! \brief Provides the maximum size of an IV + //! \return maximal length of IVs accepted by this object, in bytes + //! \throws NotImplemented() if the object does not support resynchronization + virtual unsigned int MaxIVLength() const {return IVSize();} + + //! \brief Resynchronize with an IV + //! \param iv the initialization vector + //! \param ivLength the size of the initialization vector, in bytes + //! \details Resynchronize() resynchronizes with an IV provided by the caller. ivLength=-1 means use IVSize(). + //! \throws NotImplemented() if the object does not support resynchronization + virtual void Resynchronize(const byte *iv, int ivLength=-1) { + CRYPTOPP_UNUSED(iv); CRYPTOPP_UNUSED(ivLength); + throw NotImplemented(GetAlgorithm().AlgorithmName() + ": this object doesn't support resynchronization"); + } + + //! \brief Retrieves a secure IV for the next message + //! \param rng a RandomNumberGenerator to produce keying material + //! \param iv a block of bytes to receive the IV + //! \details The IV must be at least IVSize() in length. + //! \details This method should be called after you finish encrypting one message and are ready + //! to start the next one. After calling it, you must call SetKey() or Resynchronize(). + //! before using this object again. + //! \details Internally, the base class implementation calls RandomNumberGenerator's GenerateBlock() + //! \note This method is not implemented on decryption objects. + virtual void GetNextIV(RandomNumberGenerator &rng, byte *iv); + +protected: + //! \brief Returns the base class Algorithm + //! \return the base class Algorithm + virtual const Algorithm & GetAlgorithm() const =0; + + //! \brief Sets the key for this object without performing parameter validation + //! \param key a byte buffer used to key the cipher + //! \param length the length of the byte buffer + //! \param params additional parameters passed as NameValuePairs + //! \details key must be at least DEFAULT_KEYLENGTH in length. + virtual void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) =0; + + //! \brief Validates the key length + //! \param length the size of the keying material, in bytes + //! \throws InvalidKeyLength if the key length is invalid + void ThrowIfInvalidKeyLength(size_t length); + + //! \brief Validates the object + //! \throws InvalidArgument if the IV is present + //! \details Internally, the default implementation calls IsResynchronizable() and throws + //! InvalidArgument if the function returns true. + //! \note called when no IV is passed + void ThrowIfResynchronizable(); + + //! \brief Validates the IV + //! \param iv the IV with a length of IVSize, in bytes + //! \throws InvalidArgument on failure + //! \details Internally, the default implementation checks the iv. If iv is not NULL, + //! then the function succeeds. If iv is NULL, then IVRequirement is checked against + //! UNPREDICTABLE_RANDOM_IV. If IVRequirement is UNPREDICTABLE_RANDOM_IV, then + //! then the function succeeds. Otherwise, an exception is thrown. + void ThrowIfInvalidIV(const byte *iv); + + //! \brief Validates the IV length + //! \param length the size of an IV, in bytes + //! \throws InvalidArgument if the number of rounds are invalid + size_t ThrowIfInvalidIVLength(int length); + + //! \brief Retrieves and validates the IV + //! \param params NameValuePairs with the IV supplied as a ConstByteArrayParameter + //! \param size the length of the IV, in bytes + //! \return a pointer to the first byte of the IV + //! \throws InvalidArgument if the number of rounds are invalid + const byte * GetIVAndThrowIfInvalid(const NameValuePairs ¶ms, size_t &size); + + //! \brief Validates the key length + //! \param length the size of the keying material, in bytes + inline void AssertValidKeyLength(size_t length) const + {CRYPTOPP_UNUSED(length); CRYPTOPP_ASSERT(IsValidKeyLength(length));} +}; + +//! \brief Interface for the data processing part of block ciphers +//! \details Classes derived from BlockTransformation are block ciphers +//! in ECB mode (for example the DES::Encryption class), which are stateless. +//! These classes should not be used directly, but only in combination with +//! a mode class (see CipherModeDocumentation in modes.h). +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockTransformation : public Algorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~BlockTransformation() {} +#endif + + //! \brief Encrypt or decrypt a block + //! \param inBlock the input message before processing + //! \param outBlock the output message after processing + //! \param xorBlock an optional XOR mask + //! \details ProcessAndXorBlock encrypts or decrypts inBlock, xor with xorBlock, and write to outBlock. + //! \details The size of the block is determined by the block cipher and its documentation. Use + //! BLOCKSIZE at compile time, or BlockSize() at runtime. + //! \note The message can be transformed in-place, or the buffers must \a not overlap + //! \sa FixedBlockSize, BlockCipherFinal from seckey.h and BlockSize() + virtual void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const =0; + + //! \brief Encrypt or decrypt a block + //! \param inBlock the input message before processing + //! \param outBlock the output message after processing + //! \details ProcessBlock encrypts or decrypts inBlock and write to outBlock. + //! \details The size of the block is determined by the block cipher and its documentation. + //! Use BLOCKSIZE at compile time, or BlockSize() at runtime. + //! \sa FixedBlockSize, BlockCipherFinal from seckey.h and BlockSize() + //! \note The message can be transformed in-place, or the buffers must \a not overlap + void ProcessBlock(const byte *inBlock, byte *outBlock) const + {ProcessAndXorBlock(inBlock, NULL, outBlock);} + + //! \brief Encrypt or decrypt a block in place + //! \param inoutBlock the input message before processing + //! \details ProcessBlock encrypts or decrypts inoutBlock in-place. + //! \details The size of the block is determined by the block cipher and its documentation. + //! Use BLOCKSIZE at compile time, or BlockSize() at runtime. + //! \sa FixedBlockSize, BlockCipherFinal from seckey.h and BlockSize() + void ProcessBlock(byte *inoutBlock) const + {ProcessAndXorBlock(inoutBlock, NULL, inoutBlock);} + + //! Provides the block size of the cipher + //! \return the block size of the cipher, in bytes + virtual unsigned int BlockSize() const =0; + + //! \brief Provides input and output data alignment for optimal performance. + //! \return the input data alignment that provides optimal performance + virtual unsigned int OptimalDataAlignment() const; + + //! returns true if this is a permutation (i.e. there is an inverse transformation) + virtual bool IsPermutation() const {return true;} + + //! \brief Determines if the cipher is being operated in its forward direction + //! \returns true if DIR is ENCRYPTION, false otherwise + //! \sa IsForwardTransformation(), IsPermutation(), GetCipherDirection() + virtual bool IsForwardTransformation() const =0; + + //! \brief Determines the number of blocks that can be processed in parallel + //! \return the number of blocks that can be processed in parallel, for bit-slicing implementations + //! \details Bit-slicing is often used to improve throughput and minimize timing attacks. + virtual unsigned int OptimalNumberOfParallelBlocks() const {return 1;} + + //! \brief Bit flags that control AdvancedProcessBlocks() behavior + enum FlagsForAdvancedProcessBlocks { + //! \brief inBlock is a counter + BT_InBlockIsCounter=1, + //! \brief should not modify block pointers + BT_DontIncrementInOutPointers=2, + //! \brief + BT_XorInput=4, + //! \brief perform the transformation in reverse + BT_ReverseDirection=8, + //! \brief + BT_AllowParallel=16}; + + //! \brief Encrypt and xor multiple blocks using additional flags + //! \param inBlocks the input message before processing + //! \param xorBlocks an optional XOR mask + //! \param outBlocks the output message after processing + //! \param length the size of the blocks, in bytes + //! \param flags additional flags to control processing + //! \details Encrypt and xor multiple blocks according to FlagsForAdvancedProcessBlocks flags. + //! \note If BT_InBlockIsCounter is set, then the last byte of inBlocks may be modified. + virtual size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; + + //! \brief Provides the direction of the cipher + //! \return ENCRYPTION if IsForwardTransformation() is true, DECRYPTION otherwise + //! \sa IsForwardTransformation(), IsPermutation() + inline CipherDir GetCipherDirection() const {return IsForwardTransformation() ? ENCRYPTION : DECRYPTION;} +}; + +//! \class StreamTransformation +//! \brief Interface for the data processing portion of stream ciphers +//! \sa StreamTransformationFilter() +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE StreamTransformation : public Algorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~StreamTransformation() {} +#endif + + //! \brief Provides a reference to this object + //! \return A reference to this object + //! \details Useful for passing a temporary object to a function that takes a non-const reference + StreamTransformation& Ref() {return *this;} + + //! \brief Provides the mandatory block size of the cipher + //! \return The block size of the cipher if input must be processed in blocks, 1 otherwise + virtual unsigned int MandatoryBlockSize() const {return 1;} + + //! \brief Provides the input block size most efficient for this cipher. + //! \return The input block size that is most efficient for the cipher + //! \details The base class implementation returns MandatoryBlockSize(). + //! \note Optimal input length is + //! n * OptimalBlockSize() - GetOptimalBlockSizeUsed() for any n \> 0. + virtual unsigned int OptimalBlockSize() const {return MandatoryBlockSize();} + + //! \brief Provides the number of bytes used in the current block when processing at optimal block size. + //! \return the number of bytes used in the current block when processing at the optimal block size + virtual unsigned int GetOptimalBlockSizeUsed() const {return 0;} + + //! \brief Provides input and output data alignment for optimal performance. + //! \return the input data alignment that provides optimal performance + virtual unsigned int OptimalDataAlignment() const; + + //! \brief Encrypt or decrypt an array of bytes + //! \param outString the output byte buffer + //! \param inString the input byte buffer + //! \param length the size of the input and output byte buffers, in bytes + //! \details Either inString == outString, or they must not overlap. + virtual void ProcessData(byte *outString, const byte *inString, size_t length) =0; + + //! \brief Encrypt or decrypt the last block of data + //! \param outString the output byte buffer + //! \param inString the input byte buffer + //! \param length the size of the input and output byte buffers, in bytes + //! ProcessLastBlock is used when the last block of data is special. + //! Currently the only use of this function is CBC-CTS mode. + virtual void ProcessLastBlock(byte *outString, const byte *inString, size_t length); + + //! \brief Provides the size of the last block + //! \returns the minimum size of the last block + //! \details MinLastBlockSize() returns the minimum size of the last block. 0 indicates the last + //! block is not special. + virtual unsigned int MinLastBlockSize() const {return 0;} + + //! \brief Encrypt or decrypt a string of bytes + //! \param inoutString the string to process + //! \param length the size of the inoutString, in bytes + //! \details Internally, the base class implementation calls ProcessData(). + inline void ProcessString(byte *inoutString, size_t length) + {ProcessData(inoutString, inoutString, length);} + + //! \brief Encrypt or decrypt a string of bytes + //! \param outString the output string to process + //! \param inString the input string to process + //! \param length the size of the input and output strings, in bytes + //! \details Internally, the base class implementation calls ProcessData(). + inline void ProcessString(byte *outString, const byte *inString, size_t length) + {ProcessData(outString, inString, length);} + + //! \brief Encrypt or decrypt a byte + //! \param input the input byte to process + //! \details Internally, the base class implementation calls ProcessData() with a size of 1. + inline byte ProcessByte(byte input) + {ProcessData(&input, &input, 1); return input;} + + //! \brief Determines whether the cipher supports random access + //! \returns true if the cipher supports random access, false otherwise + virtual bool IsRandomAccess() const =0; + + //! \brief Seek to an absolute position + //! \param pos position to seek + //! \throws NotImplemented + //! \details The base class implementation throws NotImplemented. The function + //! \ref CRYPTOPP_ASSERT "asserts" IsRandomAccess() in debug builds. + virtual void Seek(lword pos) + { + CRYPTOPP_UNUSED(pos); + CRYPTOPP_ASSERT(!IsRandomAccess()); + throw NotImplemented("StreamTransformation: this object doesn't support random access"); + } + + //! \brief Determines whether the cipher is self-inverting + //! \returns true if the cipher is self-inverting, false otherwise + //! \details IsSelfInverting determines whether this transformation is + //! self-inverting (e.g. xor with a keystream). + virtual bool IsSelfInverting() const =0; + + //! \brief Determines if the cipher is being operated in its forward direction + //! \returns true if DIR is ENCRYPTION, false otherwise + //! \sa IsForwardTransformation(), IsPermutation(), GetCipherDirection() + virtual bool IsForwardTransformation() const =0; +}; + +//! \class HashTransformation +//! \brief Interface for hash functions and data processing part of MACs +//! \details HashTransformation objects are stateful. They are created in an initial state, +//! change state as Update() is called, and return to the initial +//! state when Final() is called. This interface allows a large message to +//! be hashed in pieces by calling Update() on each piece followed by +//! calling Final(). +//! \sa HashFilter(), HashVerificationFilter() +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE HashTransformation : public Algorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~HashTransformation() {} +#endif + + //! \brief Provides a reference to this object + //! \return A reference to this object + //! \details Useful for passing a temporary object to a function that takes a non-const reference + HashTransformation& Ref() {return *this;} + + //! \brief Updates a hash with additional input + //! \param input the additional input as a buffer + //! \param length the size of the buffer, in bytes + virtual void Update(const byte *input, size_t length) =0; + + //! \brief Request space which can be written into by the caller + //! \param size the requested size of the buffer + //! \details The purpose of this method is to help avoid extra memory allocations. + //! \details size is an \a IN and \a OUT parameter and used as a hint. When the call is made, + //! size is the requested size of the buffer. When the call returns, size is the size of + //! the array returned to the caller. + //! \details The base class implementation sets size to 0 and returns NULL. + //! \note Some objects, like ArraySink, cannot create a space because its fixed. + virtual byte * CreateUpdateSpace(size_t &size) {size=0; return NULL;} + + //! \brief Computes the hash of the current message + //! \param digest a pointer to the buffer to receive the hash + //! \details Final() restarts the hash for a new message. + //! \pre COUNTOF(digest) == DigestSize() or COUNTOF(digest) == HASH::DIGESTSIZE ensures + //! the output byte buffer is large enough for the digest. + virtual void Final(byte *digest) + {TruncatedFinal(digest, DigestSize());} + + //! \brief Restart the hash + //! \details Discards the current state, and restart for a new message + virtual void Restart() + {TruncatedFinal(NULL, 0);} + + //! Provides the digest size of the hash + //! \return the digest size of the hash. + virtual unsigned int DigestSize() const =0; + + //! Provides the tag size of the hash + //! \return the tag size of the hash. + //! \details Same as DigestSize(). + unsigned int TagSize() const {return DigestSize();} + + //! \brief Provides the block size of the compression function + //! \return the block size of the compression function, in bytes + //! \details BlockSize() will return 0 if the hash is not block based. For example, + //! SHA3 is a recursive hash (not an iterative hash), and it does not have a block size. + virtual unsigned int BlockSize() const {return 0;} + + //! \brief Provides the input block size most efficient for this hash. + //! \return The input block size that is most efficient for the cipher + //! \details The base class implementation returns MandatoryBlockSize(). + //! \details Optimal input length is + //! n * OptimalBlockSize() - GetOptimalBlockSizeUsed() for any n \> 0. + virtual unsigned int OptimalBlockSize() const {return 1;} + + //! \brief Provides input and output data alignment for optimal performance + //! \return the input data alignment that provides optimal performance + virtual unsigned int OptimalDataAlignment() const; + + //! \brief Updates the hash with additional input and computes the hash of the current message + //! \param digest a pointer to the buffer to receive the hash + //! \param input the additional input as a buffer + //! \param length the size of the buffer, in bytes + //! \details Use this if your input is in one piece and you don't want to call Update() + //! and Final() separately + //! \details CalculateDigest() restarts the hash for the next message. + //! \pre COUNTOF(digest) == DigestSize() or COUNTOF(digest) == HASH::DIGESTSIZE ensures + //! the output byte buffer is large enough for the digest. + virtual void CalculateDigest(byte *digest, const byte *input, size_t length) + {Update(input, length); Final(digest);} + + //! \brief Verifies the hash of the current message + //! \param digest a pointer to the buffer of an \a existing hash + //! \return \p true if the existing hash matches the computed hash, \p false otherwise + //! \throws ThrowIfInvalidTruncatedSize() if the existing hash's size exceeds DigestSize() + //! \details Verify() performs a bitwise compare on the buffers using VerifyBufsEqual(), which is + //! a constant time comparison function. digestLength cannot exceed DigestSize(). + //! \details Verify() restarts the hash for the next message. + //! \pre COUNTOF(digest) == DigestSize() or COUNTOF(digest) == HASH::DIGESTSIZE ensures + //! the output byte buffer is large enough for the digest. + virtual bool Verify(const byte *digest) + {return TruncatedVerify(digest, DigestSize());} + + //! \brief Updates the hash with additional input and verifies the hash of the current message + //! \param digest a pointer to the buffer of an \a existing hash + //! \param input the additional input as a buffer + //! \param length the size of the buffer, in bytes + //! \return \p true if the existing hash matches the computed hash, \p false otherwise + //! \throws ThrowIfInvalidTruncatedSize() if the existing hash's size exceeds DigestSize() + //! \details Use this if your input is in one piece and you don't want to call Update() + //! and Verify() separately + //! \details VerifyDigest() performs a bitwise compare on the buffers using VerifyBufsEqual(), + //! which is a constant time comparison function. digestLength cannot exceed DigestSize(). + //! \details VerifyDigest() restarts the hash for the next message. + //! \pre COUNTOF(digest) == DigestSize() or COUNTOF(digest) == HASH::DIGESTSIZE ensures + //! the output byte buffer is large enough for the digest. + virtual bool VerifyDigest(const byte *digest, const byte *input, size_t length) + {Update(input, length); return Verify(digest);} + + //! \brief Computes the hash of the current message + //! \param digest a pointer to the buffer to receive the hash + //! \param digestSize the size of the truncated digest, in bytes + //! \details TruncatedFinal() call Final() and then copies digestSize bytes to digest. + //! The hash is restarted the hash for the next message. + virtual void TruncatedFinal(byte *digest, size_t digestSize) =0; + + //! \brief Updates the hash with additional input and computes the hash of the current message + //! \param digest a pointer to the buffer to receive the hash + //! \param digestSize the length of the truncated hash, in bytes + //! \param input the additional input as a buffer + //! \param length the size of the buffer, in bytes + //! \details Use this if your input is in one piece and you don't want to call Update() + //! and CalculateDigest() separately. + //! \details CalculateTruncatedDigest() restarts the hash for the next message. + //! \pre COUNTOF(digest) == DigestSize() or COUNTOF(digest) == HASH::DIGESTSIZE ensures + //! the output byte buffer is large enough for the digest. + virtual void CalculateTruncatedDigest(byte *digest, size_t digestSize, const byte *input, size_t length) + {Update(input, length); TruncatedFinal(digest, digestSize);} + + //! \brief Verifies the hash of the current message + //! \param digest a pointer to the buffer of an \a existing hash + //! \param digestLength the size of the truncated hash, in bytes + //! \return \p true if the existing hash matches the computed hash, \p false otherwise + //! \throws ThrowIfInvalidTruncatedSize() if digestLength exceeds DigestSize() + //! \details TruncatedVerify() is a truncated version of Verify(). It can operate on a + //! buffer smaller than DigestSize(). However, digestLength cannot exceed DigestSize(). + //! \details Verify() performs a bitwise compare on the buffers using VerifyBufsEqual(), which is + //! a constant time comparison function. digestLength cannot exceed DigestSize(). + //! \details TruncatedVerify() restarts the hash for the next message. + virtual bool TruncatedVerify(const byte *digest, size_t digestLength); + + //! \brief Updates the hash with additional input and verifies the hash of the current message + //! \param digest a pointer to the buffer of an \a existing hash + //! \param digestLength the size of the truncated hash, in bytes + //! \param input the additional input as a buffer + //! \param length the size of the buffer, in bytes + //! \return \p true if the existing hash matches the computed hash, \p false otherwise + //! \throws ThrowIfInvalidTruncatedSize() if digestLength exceeds DigestSize() + //! \details Use this if your input is in one piece and you don't want to call Update() + //! and TruncatedVerify() separately. + //! \details VerifyTruncatedDigest() is a truncated version of VerifyDigest(). It can operate + //! on a buffer smaller than DigestSize(). However, digestLength cannot exceed DigestSize(). + //! \details VerifyTruncatedDigest() restarts the hash for the next message. + //! \pre COUNTOF(digest) == DigestSize() or COUNTOF(digest) == HASH::DIGESTSIZE ensures + //! the output byte buffer is large enough for the digest. + virtual bool VerifyTruncatedDigest(const byte *digest, size_t digestLength, const byte *input, size_t length) + {Update(input, length); return TruncatedVerify(digest, digestLength);} + +protected: + //! \brief Validates a truncated digest size + //! \param size the requested digest size + //! \throws InvalidArgument if the algorithm's digest size cannot be truncated to the requested size + //! \details Throws an exception when the truncated digest size is greater than DigestSize() + void ThrowIfInvalidTruncatedSize(size_t size) const; +}; + +typedef HashTransformation HashFunction; + +//! \brief Interface for one direction (encryption or decryption) of a block cipher +//! \details These objects usually should not be used directly. See BlockTransformation for more details. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockCipher : public SimpleKeyingInterface, public BlockTransformation +{ +protected: + const Algorithm & GetAlgorithm() const {return *this;} +}; + +//! \brief Interface for one direction (encryption or decryption) of a stream cipher or cipher mode +//! \details These objects usually should not be used directly. See StreamTransformation for more details. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SymmetricCipher : public SimpleKeyingInterface, public StreamTransformation +{ +protected: + const Algorithm & GetAlgorithm() const {return *this;} +}; + +//! \brief Interface for message authentication codes +//! \details These objects usually should not be used directly. See HashTransformation for more details. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE MessageAuthenticationCode : public SimpleKeyingInterface, public HashTransformation +{ +protected: + const Algorithm & GetAlgorithm() const {return *this;} +}; + +//! \brief Interface for one direction (encryption or decryption) of a stream cipher or block cipher mode with authentication +//! \details The StreamTransformation part of this interface is used to encrypt/decrypt the data, and the +//! MessageAuthenticationCode part of this interface is used to input additional authenticated data (AAD, +//! which is MAC'ed but not encrypted), and to generate/verify the MAC. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedSymmetricCipher : public MessageAuthenticationCode, public StreamTransformation +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~AuthenticatedSymmetricCipher() {} +#endif + + //! \brief Exception thrown when the object is in the wrong state for the operation + //! \details this indicates that a member function was called in the wrong state, for example trying to encrypt + //! a message before having set the key or IV + class BadState : public Exception + { + public: + explicit BadState(const std::string &name, const char *message) : Exception(OTHER_ERROR, name + ": " + message) {} + explicit BadState(const std::string &name, const char *function, const char *state) : Exception(OTHER_ERROR, name + ": " + function + " was called before " + state) {} + }; + + //! \brief Provides the maximum length of AAD that can be input + //! \return the maximum length of AAD that can be input before the encrypted data + virtual lword MaxHeaderLength() const =0; + //! \brief Provides the maximum length of encrypted data + //! \return the maximum length of encrypted data + virtual lword MaxMessageLength() const =0; + //! \brief Provides the the maximum length of AAD + //! \return the maximum length of AAD that can be input after the encrypted data + virtual lword MaxFooterLength() const {return 0;} + //! \brief Determines if data lengths must be specified prior to inputting data + //! \return true if the data lengths are required before inputting data, false otherwise + //! \details if this function returns true, SpecifyDataLengths() must be called before attempting to input data. + //! This is the case for some schemes, such as CCM. + //! \sa SpecifyDataLengths() + virtual bool NeedsPrespecifiedDataLengths() const {return false;} + //! \brief Prespecifies the data lengths + //! \details this function only needs to be called if NeedsPrespecifiedDataLengths() returns true + //! \sa NeedsPrespecifiedDataLengths() + void SpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength=0); + //! \brief Encrypts and calculates a MAC in one call + //! \return true if the authenticated encryption succeeded, false otherwise + //! \details EncryptAndAuthenticate() encrypts and generates the MAC in one call. The function will truncate MAC if + //! macSize < TagSize(). + virtual void EncryptAndAuthenticate(byte *ciphertext, byte *mac, size_t macSize, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *message, size_t messageLength); + //! \brief Decrypts and verifies a MAC in one call + //! \return true if the MAC is valid and the decoding succeeded, false otherwise + //! \details DecryptAndVerify() decrypts and verifies the MAC in one call. The function returns true iff MAC is valid. + //! DecryptAndVerify() will assume MAC is truncated if macLength < TagSize(). + virtual bool DecryptAndVerify(byte *message, const byte *mac, size_t macLength, const byte *iv, int ivLength, const byte *header, size_t headerLength, const byte *ciphertext, size_t ciphertextLength); + + //! \brief Provides the name of this algorithm + //! \return the standard algorithm name + //! \details The standard algorithm name can be a name like \a AES or \a AES/GCM. Some algorithms + //! do not have standard names yet. For example, there is no standard algorithm name for + //! Shoup's ECIES. + virtual std::string AlgorithmName() const =0; + +protected: + const Algorithm & GetAlgorithm() const + {return *static_cast(this);} + virtual void UncheckedSpecifyDataLengths(lword headerLength, lword messageLength, lword footerLength) + {CRYPTOPP_UNUSED(headerLength); CRYPTOPP_UNUSED(messageLength); CRYPTOPP_UNUSED(footerLength);} +}; + +#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY +typedef SymmetricCipher StreamCipher; +#endif + +//! \class RandomNumberGenerator +//! \brief Interface for random number generators +//! \details The library provides a number of random number generators, from software based to hardware based generators. +//! \details All generated values are uniformly distributed over the range specified. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE RandomNumberGenerator : public Algorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~RandomNumberGenerator() {} +#endif + + //! \brief Update RNG state with additional unpredictable values + //! \param input the entropy to add to the generator + //! \param length the size of the input buffer + //! \throws NotImplemented + //! \details A generator may or may not accept additional entropy. Call CanIncorporateEntropy() to test for the + //! ability to use additional entropy. + //! \details If a derived class does not override IncorporateEntropy(), then the base class throws + //! NotImplemented. + virtual void IncorporateEntropy(const byte *input, size_t length) + { + CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(length); + throw NotImplemented("RandomNumberGenerator: IncorporateEntropy not implemented"); + } + + //! \brief Determines if a generator can accept additional entropy + //! \return true if IncorporateEntropy() is implemented + virtual bool CanIncorporateEntropy() const {return false;} + + //! \brief Generate new random byte and return it + //! \return a random 8-bit byte + //! \details Default implementation calls GenerateBlock() with one byte. + //! \details All generated values are uniformly distributed over the range specified within the + //! the contraints of a particular generator. + virtual byte GenerateByte(); + + //! \brief Generate new random bit and return it + //! \return a random bit + //! \details The default implementation calls GenerateByte() and return its lowest bit. + //! \details All generated values are uniformly distributed over the range specified within the + //! the contraints of a particular generator. + virtual unsigned int GenerateBit(); + + //! \brief Generate a random 32 bit word in the range min to max, inclusive + //! \param min the lower bound of the range + //! \param max the upper bound of the range + //! \return a random 32-bit word + //! \details The default implementation calls Crop() on the difference between max and + //! min, and then returns the result added to min. + //! \details All generated values are uniformly distributed over the range specified within the + //! the contraints of a particular generator. + virtual word32 GenerateWord32(word32 min=0, word32 max=0xffffffffUL); + + //! \brief Generate random array of bytes + //! \param output the byte buffer + //! \param size the length of the buffer, in bytes + //! \details All generated values are uniformly distributed over the range specified within the + //! the contraints of a particular generator. + //! \note A derived generator \a must override either GenerateBlock() or + //! GenerateIntoBufferedTransformation(). They can override both, or have one call the other. + virtual void GenerateBlock(byte *output, size_t size); + + //! \brief Generate random bytes into a BufferedTransformation + //! \param target the BufferedTransformation object which receives the bytes + //! \param channel the channel on which the bytes should be pumped + //! \param length the number of bytes to generate + //! \details The default implementation calls GenerateBlock() and pumps the result into + //! the DEFAULT_CHANNEL of the target. + //! \details All generated values are uniformly distributed over the range specified within the + //! the contraints of a particular generator. + //! \note A derived generator \a must override either GenerateBlock() or + //! GenerateIntoBufferedTransformation(). They can override both, or have one call the other. + virtual void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length); + + //! \brief Generate and discard n bytes + //! \param n the number of bytes to generate and discard + virtual void DiscardBytes(size_t n); + + //! \brief Randomly shuffle the specified array + //! \param begin an iterator to the first element in the array + //! \param end an iterator beyond the last element in the array + //! \details The resulting permutation is uniformly distributed. + template void Shuffle(IT begin, IT end) + { + // TODO: What happens if there are more than 2^32 elements? + for (; begin != end; ++begin) + std::iter_swap(begin, begin + GenerateWord32(0, end-begin-1)); + } + +#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY + byte GetByte() {return GenerateByte();} + unsigned int GetBit() {return GenerateBit();} + word32 GetLong(word32 a=0, word32 b=0xffffffffL) {return GenerateWord32(a, b);} + word16 GetShort(word16 a=0, word16 b=0xffff) {return (word16)GenerateWord32(a, b);} + void GetBlock(byte *output, size_t size) {GenerateBlock(output, size);} +#endif + +}; + +//! \brief Random Number Generator that does not produce random numbers +//! \return reference that can be passed to functions that require a RandomNumberGenerator +//! \details NullRNG() returns a reference that can be passed to functions that require a +//! RandomNumberGenerator but don't actually use it. The NullRNG() throws NotImplemented +//! when a generation function is called. +//! \sa ClassNullRNG, PK_SignatureScheme::IsProbabilistic() +CRYPTOPP_DLL RandomNumberGenerator & CRYPTOPP_API NullRNG(); + +//! \class WaitObjectContainer +class WaitObjectContainer; +//! \class CallStack +class CallStack; + +//! \brief Interface for objects that can be waited on. +class CRYPTOPP_NO_VTABLE Waitable +{ +public: + virtual ~Waitable() {} + + //! \brief Maximum number of wait objects that this object can return + //! \return the maximum number of wait objects + virtual unsigned int GetMaxWaitObjectCount() const =0; + + //! \brief Retrieves waitable objects + //! \param container the wait container to receive the references to the objects. + //! \param callStack CallStack object used to select waitable objects + //! \details GetWaitObjects is usually called in one of two ways. First, it can + //! be called like something.GetWaitObjects(c, CallStack("my func after X", 0));. + //! Second, if in an outer GetWaitObjects() method that itself takes a callStack + //! parameter, it can be called like + //! innerThing.GetWaitObjects(c, CallStack("MyClass::GetWaitObjects at X", &callStack));. + virtual void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) =0; + + //! \brief Wait on this object + //! \return true if the wait succeeded, false otherwise + //! \details Wait() is the same as creating an empty container, calling GetWaitObjects(), and then calling + //! Wait() on the container. + bool Wait(unsigned long milliseconds, CallStack const& callStack); +}; + +//! \brief Default channel for BufferedTransformation +//! \details DEFAULT_CHANNEL is equal to an empty string +extern CRYPTOPP_DLL const std::string DEFAULT_CHANNEL; + +//! \brief Channel for additional authenticated data +//! \details AAD_CHANNEL is equal to "AAD" +extern CRYPTOPP_DLL const std::string AAD_CHANNEL; + +//! \brief Interface for buffered transformations +//! \details BufferedTransformation is a generalization of BlockTransformation, +//! StreamTransformation and HashTransformation. +//! \details A buffered transformation is an object that takes a stream of bytes as input (this may +//! be done in stages), does some computation on them, and then places the result into an internal +//! buffer for later retrieval. Any partial result already in the output buffer is not modified +//! by further input. +//! \details If a method takes a "blocking" parameter, and you pass false for it, then the method +//! will return before all input has been processed if the input cannot be processed without waiting +//! (for network buffers to become available, for example). In this case the method will return true +//! or a non-zero integer value. When this happens you must continue to call the method with the same +//! parameters until it returns false or zero, before calling any other method on it or attached +//! /p BufferedTransformation. The integer return value in this case is approximately +//! the number of bytes left to be processed, and can be used to implement a progress bar. +//! \details For functions that take a "propagation" parameter, propagation != 0 means pass on +//! the signal to attached BufferedTransformation objects, with propagation decremented at each +//! step until it reaches 0. -1 means unlimited propagation. +//! \details \a All of the retrieval functions, like Get() and GetWord32(), return the actual +//! number of bytes retrieved, which is the lesser of the request number and MaxRetrievable(). +//! \details \a Most of the input functions, like Put() and PutWord32(), return the number of +//! bytes remaining to be processed. A 0 value means all bytes were processed, and a non-0 value +//! means bytes remain to be processed. +//! \nosubgrouping +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BufferedTransformation : public Algorithm, public Waitable +{ +public: + // placed up here for CW8 + static const std::string &NULL_CHANNEL; // same as DEFAULT_CHANNEL, for backwards compatibility + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~BufferedTransformation() {} +#endif + + //! \brief Construct a BufferedTransformation + BufferedTransformation() : Algorithm(false) {} + + //! \brief Provides a reference to this object + //! \return A reference to this object + //! \details Useful for passing a temporary object to a function that takes a non-const reference + BufferedTransformation& Ref() {return *this;} + + //! \name INPUT + //@{ + + //! \brief Input a byte for processing + //! \param inByte the 8-bit byte (octet) to be processed. + //! \param blocking specifies whether the object should block when processing input. + //! \return the number of bytes that remain in the block (i.e., bytes not processed) + //! \details Put(byte) calls Put(byte*, size_t). + size_t Put(byte inByte, bool blocking=true) + {return Put(&inByte, 1, blocking);} + + //! \brief Input a byte buffer for processing + //! \param inString the byte buffer to process + //! \param length the size of the string, in bytes + //! \param blocking specifies whether the object should block when processing input + //! \return the number of bytes that remain in the block (i.e., bytes not processed) + //! \details Internally, Put() calls Put2(). + size_t Put(const byte *inString, size_t length, bool blocking=true) + {return Put2(inString, length, 0, blocking);} + + //! Input a 16-bit word for processing. + //! \param value the 16-bit value to be processed + //! \param order the ByteOrder in which the word should be processed + //! \param blocking specifies whether the object should block when processing input + //! \return the number of bytes that remain in the block (i.e., bytes not processed) + size_t PutWord16(word16 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true); + + //! Input a 32-bit word for processing. + //! \param value the 32-bit value to be processed. + //! \param order the ByteOrder in which the word should be processed. + //! \param blocking specifies whether the object should block when processing input. + //! \return the number of bytes that remain in the block (i.e., bytes not processed) + size_t PutWord32(word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true); + + //! \brief Request space which can be written into by the caller + //! \param size the requested size of the buffer + //! \details The purpose of this method is to help avoid extra memory allocations. + //! \details size is an \a IN and \a OUT parameter and used as a hint. When the call is made, + //! size is the requested size of the buffer. When the call returns, size is the size of + //! the array returned to the caller. + //! \details The base class implementation sets size to 0 and returns NULL. + //! \note Some objects, like ArraySink, cannot create a space because its fixed. In the case of + //! an ArraySink, the pointer to the array is returned and the size is remaining size. + virtual byte * CreatePutSpace(size_t &size) + {size=0; return NULL;} + + //! \brief Determines whether input can be modifed by the callee + //! \return true if input can be modified, false otherwise + //! \details The base class implementation returns false. + virtual bool CanModifyInput() const + {return false;} + + //! \brief Input multiple bytes that may be modified by callee. + //! \param inString the byte buffer to process + //! \param length the size of the string, in bytes + //! \param blocking specifies whether the object should block when processing input + //! \return 0 indicates all bytes were processed during the call. Non-0 indicates the + //! number of bytes that were \a not processed + size_t PutModifiable(byte *inString, size_t length, bool blocking=true) + {return PutModifiable2(inString, length, 0, blocking);} + + //! \brief Signals the end of messages to the object + //! \param propagation the number of attached transformations the MessageEnd() signal should be passed + //! \param blocking specifies whether the object should block when processing input + //! \details propagation count includes this object. Setting propagation to 1 means this + //! object only. Setting propagation to -1 means unlimited propagation. + bool MessageEnd(int propagation=-1, bool blocking=true) + {return !!Put2(NULL, 0, propagation < 0 ? -1 : propagation+1, blocking);} + + //! \brief Input multiple bytes for processing and signal the end of a message + //! \param inString the byte buffer to process + //! \param length the size of the string, in bytes + //! \param propagation the number of attached transformations the MessageEnd() signal should be passed + //! \param blocking specifies whether the object should block when processing input + //! \return the number of bytes that remain in the block (i.e., bytes not processed) + //! \details Internally, PutMessageEnd() calls Put2() with a modified propagation to + //! ensure all attached transformations finish processing the message. + //! \details propagation count includes this object. Setting propagation to 1 means this + //! object only. Setting propagation to -1 means unlimited propagation. + size_t PutMessageEnd(const byte *inString, size_t length, int propagation=-1, bool blocking=true) + {return Put2(inString, length, propagation < 0 ? -1 : propagation+1, blocking);} + + //! \brief Input multiple bytes for processing + //! \param inString the byte buffer to process + //! \param length the size of the string, in bytes + //! \param messageEnd means how many filters to signal MessageEnd() to, including this one + //! \param blocking specifies whether the object should block when processing input + //! \details Derived classes must implement Put2(). + virtual size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) =0; + + //! \brief Input multiple bytes that may be modified by callee. + //! \param inString the byte buffer to process. + //! \param length the size of the string, in bytes. + //! \param messageEnd means how many filters to signal MessageEnd() to, including this one. + //! \param blocking specifies whether the object should block when processing input. + //! \details Internally, PutModifiable2() calls Put2(). + virtual size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking) + {return Put2(inString, length, messageEnd, blocking);} + + //! \class BlockingInputOnly + //! \brief Exception thrown by objects that have \a not implemented nonblocking input processing + //! \details BlockingInputOnly inherits from NotImplemented + struct BlockingInputOnly : public NotImplemented + {BlockingInputOnly(const std::string &s) : NotImplemented(s + ": Nonblocking input is not implemented by this object.") {}}; + //@} + + //! \name WAITING + //@{ + //! \brief Retrieves the maximum number of waitable objects + unsigned int GetMaxWaitObjectCount() const; + + //! \brief Retrieves waitable objects + //! \param container the wait container to receive the references to the objects + //! \param callStack CallStack object used to select waitable objects + //! \details GetWaitObjects is usually called in one of two ways. First, it can + //! be called like something.GetWaitObjects(c, CallStack("my func after X", 0));. + //! Second, if in an outer GetWaitObjects() method that itself takes a callStack + //! parameter, it can be called like + //! innerThing.GetWaitObjects(c, CallStack("MyClass::GetWaitObjects at X", &callStack));. + void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); + //@} // WAITING + + //! \name SIGNALS + //@{ + + //! \brief Initialize or reinitialize this object, without signal propagation + //! \param parameters a set of NameValuePairs to initialize this object + //! \throws NotImplemented + //! \details IsolatedInitialize() is used to initialize or reinitialize an object using a variable + //! number of arbitrarily typed arguments. The function avoids the need for multiple constuctors providing + //! all possible combintations of configurable parameters. + //! \details IsolatedInitialize() does not call Initialize() on attached transformations. If initialization + //! should be propagated, then use the Initialize() function. + //! \details If a derived class does not override IsolatedInitialize(), then the base class throws + //! NotImplemented. + virtual void IsolatedInitialize(const NameValuePairs ¶meters) { + CRYPTOPP_UNUSED(parameters); + throw NotImplemented("BufferedTransformation: this object can't be reinitialized"); + } + + //! \brief Flushes data buffered by this object, without signal propagation + //! \param hardFlush indicates whether all data should be flushed + //! \param blocking specifies whether the object should block when processing input + //! \note hardFlush must be used with care + virtual bool IsolatedFlush(bool hardFlush, bool blocking) =0; + + //! \brief Marks the end of a series of messages, without signal propagation + //! \param blocking specifies whether the object should block when completing the processing on + //! the current series of messages + virtual bool IsolatedMessageSeriesEnd(bool blocking) + {CRYPTOPP_UNUSED(blocking); return false;} + + //! \brief Initialize or reinitialize this object, with signal propagation + //! \param parameters a set of NameValuePairs to initialize or reinitialize this object + //! \param propagation the number of attached transformations the Initialize() signal should be passed + //! \details Initialize() is used to initialize or reinitialize an object using a variable number of + //! arbitrarily typed arguments. The function avoids the need for multiple constuctors providing + //! all possible combintations of configurable parameters. + //! \details propagation count includes this object. Setting propagation to 1 means this + //! object only. Setting propagation to -1 means unlimited propagation. + virtual void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1); + + //! \brief Flush buffered input and/or output, with signal propagation + //! \param hardFlush is used to indicate whether all data should be flushed + //! \param propagation the number of attached transformations the Flush() signal should be passed + //! \param blocking specifies whether the object should block when processing input + //! \details propagation count includes this object. Setting propagation to 1 means this + //! object only. Setting propagation to -1 means unlimited propagation. + //! \note Hard flushes must be used with care. It means try to process and output everything, even if + //! there may not be enough data to complete the action. For example, hard flushing a HexDecoder + //! would cause an error if you do it after inputing an odd number of hex encoded characters. + //! \note For some types of filters, like ZlibDecompressor, hard flushes can only + //! be done at "synchronization points". These synchronization points are positions in the data + //! stream that are created by hard flushes on the corresponding reverse filters, in this + //! example ZlibCompressor. This is useful when zlib compressed data is moved across a + //! network in packets and compression state is preserved across packets, as in the SSH2 protocol. + virtual bool Flush(bool hardFlush, int propagation=-1, bool blocking=true); + + //! \brief Marks the end of a series of messages, with signal propagation + //! \param propagation the number of attached transformations the MessageSeriesEnd() signal should be passed + //! \param blocking specifies whether the object should block when processing input + //! \details Each object that receives the signal will perform its processing, decrement + //! propagation, and then pass the signal on to attached transformations if the value is not 0. + //! \details propagation count includes this object. Setting propagation to 1 means this + //! object only. Setting propagation to -1 means unlimited propagation. + //! \note There should be a MessageEnd() immediately before MessageSeriesEnd(). + virtual bool MessageSeriesEnd(int propagation=-1, bool blocking=true); + + //! \brief Set propagation of automatically generated and transferred signals + //! \param propagation then new value + //! \details Setting propagation to 0 means do not automaticly generate signals. Setting + //! propagation to -1 means unlimited propagation. + virtual void SetAutoSignalPropagation(int propagation) + {CRYPTOPP_UNUSED(propagation);} + + //! \brief Retrieve automatic signal propagation value + //! \return the number of attached transformations the signal is propogated to. 0 indicates + //! the signal is only witnessed by this object + virtual int GetAutoSignalPropagation() const {return 0;} +public: + +#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY + void Close() {MessageEnd();} +#endif + //@} + + //! \name RETRIEVAL OF ONE MESSAGE + //@{ + + //! \brief Provides the number of bytes ready for retrieval + //! \return the number of bytes ready for retrieval + //! \details All retrieval functions return the actual number of bytes retrieved, which is + //! the lesser of the request number and MaxRetrievable() + virtual lword MaxRetrievable() const; + + //! \brief Determines whether bytes are ready for retrieval + //! \returns true if bytes are available for retrieval, false otherwise + virtual bool AnyRetrievable() const; + + //! \brief Retrieve a 8-bit byte + //! \param outByte the 8-bit value to be retrieved + //! \return the number of bytes consumed during the call. + //! \details Use the return value of Get to detect short reads. + virtual size_t Get(byte &outByte); + + //! \brief Retrieve a block of bytes + //! \param outString a block of bytes + //! \param getMax the number of bytes to Get + //! \return the number of bytes consumed during the call. + //! \details Use the return value of Get to detect short reads. + virtual size_t Get(byte *outString, size_t getMax); + + //! \brief Peek a 8-bit byte + //! \param outByte the 8-bit value to be retrieved + //! \return the number of bytes read during the call. + //! \details Peek does not remove bytes from the object. Use the return value of + //! Get to detect short reads. + virtual size_t Peek(byte &outByte) const; + + //! \brief Peek a block of bytes + //! \param outString a block of bytes + //! \param peekMax the number of bytes to Peek + //! \return the number of bytes read during the call. + //! \details Peek does not remove bytes from the object. Use the return value of + //! Get to detect short reads. + virtual size_t Peek(byte *outString, size_t peekMax) const; + + //! \brief Retrieve a 16-bit word + //! \param value the 16-bit value to be retrieved + //! \param order the ByteOrder in which the word should be retrieved + //! \return the number of bytes consumed during the call. + //! \details Use the return value of GetWord16 to detect short reads. + size_t GetWord16(word16 &value, ByteOrder order=BIG_ENDIAN_ORDER); + + //! \brief Retrieve a 32-bit word + //! \param value the 32-bit value to be retrieved + //! \param order the ByteOrder in which the word should be retrieved + //! \return the number of bytes consumed during the call. + //! \details Use the return value of GetWord16 to detect short reads. + size_t GetWord32(word32 &value, ByteOrder order=BIG_ENDIAN_ORDER); + + //! \brief Peek a 16-bit word + //! \param value the 16-bit value to be retrieved + //! \param order the ByteOrder in which the word should be retrieved + //! \return the number of bytes consumed during the call. + //! \details Peek does not consume bytes in the stream. Use the return value + //! of GetWord16 to detect short reads. + size_t PeekWord16(word16 &value, ByteOrder order=BIG_ENDIAN_ORDER) const; + + //! \brief Peek a 32-bit word + //! \param value the 32-bit value to be retrieved + //! \param order the ByteOrder in which the word should be retrieved + //! \return the number of bytes consumed during the call. + //! \details Peek does not consume bytes in the stream. Use the return value + //! of GetWord16 to detect short reads. + size_t PeekWord32(word32 &value, ByteOrder order=BIG_ENDIAN_ORDER) const; + + //! move transferMax bytes of the buffered output to target as input + + //! \brief Transfer bytes from this object to another BufferedTransformation + //! \param target the destination BufferedTransformation + //! \param transferMax the number of bytes to transfer + //! \param channel the channel on which the transfer should occur + //! \return the number of bytes transferred during the call. + //! \details TransferTo removes bytes from this object and moves them to the destination. + //! \details The function always returns transferMax. If an accurate count is needed, then use TransferTo2. + lword TransferTo(BufferedTransformation &target, lword transferMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) + {TransferTo2(target, transferMax, channel); return transferMax;} + + //! \brief Discard skipMax bytes from the output buffer + //! \param skipMax the number of bytes to discard + //! \details Skip() discards bytes from the output buffer, which is the AttachedTransformation(), if present. + //! The function always returns skipMax. + //! \details If you want to skip bytes from a Source, then perform the following. + //! 
StringSource ss(str, false, new Redirector(TheBitBucket()));
+		//! ss.Pump(10);    // Skip 10 bytes from Source
+		//! ss.Detach(new FilterChain(...));
+		//! ss.PumpAll();
+		//!
+ virtual lword Skip(lword skipMax=LWORD_MAX); + + //! copy copyMax bytes of the buffered output to target as input + + //! \brief Copy bytes from this object to another BufferedTransformation + //! \param target the destination BufferedTransformation + //! \param copyMax the number of bytes to copy + //! \param channel the channel on which the transfer should occur + //! \return the number of bytes copied during the call. + //! \details CopyTo copies bytes from this object to the destination. The bytes are not removed from this object. + //! \details The function always returns copyMax. If an accurate count is needed, then use CopyRangeTo2. + lword CopyTo(BufferedTransformation &target, lword copyMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) const + {return CopyRangeTo(target, 0, copyMax, channel);} + + //! \brief Copy bytes from this object using an index to another BufferedTransformation + //! \param target the destination BufferedTransformation + //! \param position the 0-based index of the byte stream to begin the copying + //! \param copyMax the number of bytes to copy + //! \param channel the channel on which the transfer should occur + //! \return the number of bytes copied during the call. + //! \details CopyTo copies bytes from this object to the destination. The bytes remain in this + //! object. Copying begins at the index position in the current stream, and not from an absolute + //! position in the stream. + //! \details The function returns the new position in the stream after transferring the bytes starting at the index. + lword CopyRangeTo(BufferedTransformation &target, lword position, lword copyMax=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL) const + {lword i = position; CopyRangeTo2(target, i, i+copyMax, channel); return i-position;} + +#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY + unsigned long MaxRetrieveable() const {return MaxRetrievable();} +#endif + //@} + + //! \name RETRIEVAL OF MULTIPLE MESSAGES + //@{ + + //! \brief Provides the number of bytes ready for retrieval + //! \return the number of bytes ready for retrieval + virtual lword TotalBytesRetrievable() const; + + //! \brief Provides the number of meesages processed by this object + //! \return the number of meesages processed by this object + //! \details NumberOfMessages returns number of times MessageEnd() has been + //! received minus messages retrieved or skipped + virtual unsigned int NumberOfMessages() const; + + //! \brief Determines if any messages are available for retrieval + //! \returns true if NumberOfMessages() > 0, false otherwise + //! \details AnyMessages returns true if NumberOfMessages() > 0 + virtual bool AnyMessages() const; + + //! \brief Start retrieving the next message + //! \return true if a message is ready for retrieval + //! \details GetNextMessage() returns true if a message is ready for retrieval; false + //! if no more messages exist or this message is not completely retrieved. + virtual bool GetNextMessage(); + + //! \brief Skip a number of meessages + //! \return 0 if the requested number of messages was skipped, non-0 otherwise + //! \details SkipMessages() skips count number of messages. If there is an AttachedTransformation() + //! then SkipMessages() is called on the attached transformation. If there is no attached + //! transformation, then count number of messages are sent to TheBitBucket() using TransferMessagesTo(). + virtual unsigned int SkipMessages(unsigned int count=UINT_MAX); + + //! \brief Transfer messages from this object to another BufferedTransformation + //! \param target the destination BufferedTransformation + //! \param count the number of messages to transfer + //! \param channel the channel on which the transfer should occur + //! \return the number of bytes that remain in the current transfer block (i.e., bytes not transferred) + //! \details TransferMessagesTo2() removes messages from this object and moves them to the destination. + //! If all bytes are not transferred for a message, then processing stops and the number of remaining + //! bytes is returned. TransferMessagesTo() does not proceed to the next message. + //! \details A return value of 0 indicates all messages were successfully transferred. + unsigned int TransferMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) + {TransferMessagesTo2(target, count, channel); return count;} + + //! \brief Copy messages from this object to another BufferedTransformation + //! \param target the destination BufferedTransformation + //! \param count the number of messages to transfer + //! \param channel the channel on which the transfer should occur + //! \return the number of bytes that remain in the current transfer block (i.e., bytes not transferred) + //! \details CopyMessagesTo copies messages from this object and copies them to the destination. + //! If all bytes are not transferred for a message, then processing stops and the number of remaining + //! bytes is returned. CopyMessagesTo() does not proceed to the next message. + //! \details A return value of 0 indicates all messages were successfully copied. + unsigned int CopyMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) const; + + //! \brief Skip all messages in the series + virtual void SkipAll(); + + //! \brief Transfer all bytes from this object to another BufferedTransformation + //! \param target the destination BufferedTransformation + //! \param channel the channel on which the transfer should occur + //! \return the number of bytes that remain in the current transfer block (i.e., bytes not transferred) + //! \details TransferMessagesTo2() removes messages from this object and moves them to the destination. + //! Internally TransferAllTo() calls TransferAllTo2(). + void TransferAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) + {TransferAllTo2(target, channel);} + + //! \brief Copy messages from this object to another BufferedTransformation + //! \param target the destination BufferedTransformation + //! \param channel the channel on which the transfer should occur + //! \details CopyAllTo copies messages from this object and copies them to the destination. + void CopyAllTo(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL) const; + + //! \brief Retrieve the next message in a series + //! \return true if a message was retreved, false otherwise + //! \details Internally, the base class implementation returns false. + virtual bool GetNextMessageSeries() {return false;} + //! \brief Provides the number of messages in a series + //! \return the number of messages in this series + virtual unsigned int NumberOfMessagesInThisSeries() const {return NumberOfMessages();} + //! \brief Provides the number of messages in a series + //! \return the number of messages in this series + virtual unsigned int NumberOfMessageSeries() const {return 0;} + //@} + + //! \name NON-BLOCKING TRANSFER OF OUTPUT + //@{ + + // upon return, byteCount contains number of bytes that have finished being transfered, + // and returns the number of bytes left in the current transfer block + + //! \brief Transfer bytes from this object to another BufferedTransformation + //! \param target the destination BufferedTransformation + //! \param byteCount the number of bytes to transfer + //! \param channel the channel on which the transfer should occur + //! \param blocking specifies whether the object should block when processing input + //! \return the number of bytes that remain in the transfer block (i.e., bytes not transferred) + //! \details TransferTo() removes bytes from this object and moves them to the destination. + //! Transfer begins at the index position in the current stream, and not from an absolute + //! position in the stream. + //! \details byteCount is an \a IN and \a OUT parameter. When the call is made, + //! byteCount is the requested size of the transfer. When the call returns, byteCount is + //! the number of bytes that were transferred. + virtual size_t TransferTo2(BufferedTransformation &target, lword &byteCount, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) =0; + + // upon return, begin contains the start position of data yet to be finished copying, + // and returns the number of bytes left in the current transfer block + + //! \brief Copy bytes from this object to another BufferedTransformation + //! \param target the destination BufferedTransformation + //! \param begin the 0-based index of the first byte to copy in the stream + //! \param end the 0-based index of the last byte to copy in the stream + //! \param channel the channel on which the transfer should occur + //! \param blocking specifies whether the object should block when processing input + //! \return the number of bytes that remain in the copy block (i.e., bytes not copied) + //! \details CopyRangeTo2 copies bytes from this object to the destination. The bytes are not + //! removed from this object. Copying begins at the index position in the current stream, and + //! not from an absolute position in the stream. + //! \details begin is an \a IN and \a OUT parameter. When the call is made, begin is the + //! starting position of the copy. When the call returns, begin is the position of the first + //! byte that was \a not copied (which may be different tahn end). begin can be used for + //! subsequent calls to CopyRangeTo2. + virtual size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const =0; + + // upon return, messageCount contains number of messages that have finished being transfered, + // and returns the number of bytes left in the current transfer block + + //! \brief Transfer messages from this object to another BufferedTransformation + //! \param target the destination BufferedTransformation + //! \param messageCount the number of messages to transfer + //! \param channel the channel on which the transfer should occur + //! \param blocking specifies whether the object should block when processing input + //! \return the number of bytes that remain in the current transfer block (i.e., bytes not transferred) + //! \details TransferMessagesTo2() removes messages from this object and moves them to the destination. + //! \details messageCount is an \a IN and \a OUT parameter. When the call is made, messageCount is the + //! the number of messages requested to be transferred. When the call returns, messageCount is the + //! number of messages actually transferred. + size_t TransferMessagesTo2(BufferedTransformation &target, unsigned int &messageCount, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); + + // returns the number of bytes left in the current transfer block + + //! \brief Transfer all bytes from this object to another BufferedTransformation + //! \param target the destination BufferedTransformation + //! \param channel the channel on which the transfer should occur + //! \param blocking specifies whether the object should block when processing input + //! \return the number of bytes that remain in the current transfer block (i.e., bytes not transferred) + //! \details TransferMessagesTo2() removes messages from this object and moves them to the destination. + size_t TransferAllTo2(BufferedTransformation &target, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); + //@} + + //! \name CHANNELS + //@{ + //! \brief Exception thrown when a filter does not support named channels + struct NoChannelSupport : public NotImplemented + {NoChannelSupport(const std::string &name) : NotImplemented(name + ": this object doesn't support multiple channels") {}}; + //! \brief Exception thrown when a filter does not recognize a named channel + struct InvalidChannelName : public InvalidArgument + {InvalidChannelName(const std::string &name, const std::string &channel) : InvalidArgument(name + ": unexpected channel name \"" + channel + "\"") {}}; + + //! \brief Input a byte for processing on a channel + //! \param channel the channel to process the data. + //! \param inByte the 8-bit byte (octet) to be processed. + //! \param blocking specifies whether the object should block when processing input. + //! \return 0 indicates all bytes were processed during the call. Non-0 indicates the + //! number of bytes that were \a not processed. + size_t ChannelPut(const std::string &channel, byte inByte, bool blocking=true) + {return ChannelPut(channel, &inByte, 1, blocking);} + + //! \brief Input a byte buffer for processing on a channel + //! \param channel the channel to process the data + //! \param inString the byte buffer to process + //! \param length the size of the string, in bytes + //! \param blocking specifies whether the object should block when processing input + //! \return 0 indicates all bytes were processed during the call. Non-0 indicates the + //! number of bytes that were \a not processed. + size_t ChannelPut(const std::string &channel, const byte *inString, size_t length, bool blocking=true) + {return ChannelPut2(channel, inString, length, 0, blocking);} + + //! \brief Input multiple bytes that may be modified by callee on a channel + //! \param channel the channel to process the data. + //! \param inString the byte buffer to process + //! \param length the size of the string, in bytes + //! \param blocking specifies whether the object should block when processing input + //! \return 0 indicates all bytes were processed during the call. Non-0 indicates the + //! number of bytes that were \a not processed. + size_t ChannelPutModifiable(const std::string &channel, byte *inString, size_t length, bool blocking=true) + {return ChannelPutModifiable2(channel, inString, length, 0, blocking);} + + //! \brief Input a 16-bit word for processing on a channel. + //! \param channel the channel to process the data. + //! \param value the 16-bit value to be processed. + //! \param order the ByteOrder in which the word should be processed. + //! \param blocking specifies whether the object should block when processing input. + //! \return 0 indicates all bytes were processed during the call. Non-0 indicates the + //! number of bytes that were \a not processed. + size_t ChannelPutWord16(const std::string &channel, word16 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true); + + //! \brief Input a 32-bit word for processing on a channel. + //! \param channel the channel to process the data. + //! \param value the 32-bit value to be processed. + //! \param order the ByteOrder in which the word should be processed. + //! \param blocking specifies whether the object should block when processing input. + //! \return 0 indicates all bytes were processed during the call. Non-0 indicates the + //! number of bytes that were \a not processed. + size_t ChannelPutWord32(const std::string &channel, word32 value, ByteOrder order=BIG_ENDIAN_ORDER, bool blocking=true); + + //! \brief Signal the end of a message + //! \param channel the channel to process the data. + //! \param propagation the number of attached transformations the ChannelMessageEnd() signal should be passed + //! \param blocking specifies whether the object should block when processing input + //! \return 0 indicates all bytes were processed during the call. Non-0 indicates the + //! number of bytes that were \a not processed. + //! \details propagation count includes this object. Setting propagation to 1 means this + //! object only. Setting propagation to -1 means unlimited propagation. + bool ChannelMessageEnd(const std::string &channel, int propagation=-1, bool blocking=true) + {return !!ChannelPut2(channel, NULL, 0, propagation < 0 ? -1 : propagation+1, blocking);} + + //! \brief Input multiple bytes for processing and signal the end of a message + //! \param channel the channel to process the data. + //! \param inString the byte buffer to process + //! \param length the size of the string, in bytes + //! \param propagation the number of attached transformations the ChannelPutMessageEnd() signal should be passed + //! \param blocking specifies whether the object should block when processing input + //! \return the number of bytes that remain in the block (i.e., bytes not processed) + //! \details propagation count includes this object. Setting propagation to 1 means this + //! object only. Setting propagation to -1 means unlimited propagation. + size_t ChannelPutMessageEnd(const std::string &channel, const byte *inString, size_t length, int propagation=-1, bool blocking=true) + {return ChannelPut2(channel, inString, length, propagation < 0 ? -1 : propagation+1, blocking);} + + //! \brief Request space which can be written into by the caller + //! \param channel the channel to process the data + //! \param size the requested size of the buffer + //! \return a pointer to a memroy block with length size + //! \details The purpose of this method is to help avoid extra memory allocations. + //! \details size is an \a IN and \a OUT parameter and used as a hint. When the call is made, + //! size is the requested size of the buffer. When the call returns, size is the size of + //! the array returned to the caller. + //! \details The base class implementation sets size to 0 and returns NULL. + //! \note Some objects, like ArraySink(), cannot create a space because its fixed. In the case of + //! an ArraySink(), the pointer to the array is returned and the size is remaining size. + virtual byte * ChannelCreatePutSpace(const std::string &channel, size_t &size); + + //! \brief Input multiple bytes for processing on a channel. + //! \param channel the channel to process the data. + //! \param inString the byte buffer to process. + //! \param length the size of the string, in bytes. + //! \param messageEnd means how many filters to signal MessageEnd() to, including this one. + //! \param blocking specifies whether the object should block when processing input. + //! \return the number of bytes that remain in the block (i.e., bytes not processed) + virtual size_t ChannelPut2(const std::string &channel, const byte *inString, size_t length, int messageEnd, bool blocking); + + //! \brief Input multiple bytes that may be modified by callee on a channel + //! \param channel the channel to process the data + //! \param inString the byte buffer to process + //! \param length the size of the string, in bytes + //! \param messageEnd means how many filters to signal MessageEnd() to, including this one + //! \param blocking specifies whether the object should block when processing input + //! \return the number of bytes that remain in the block (i.e., bytes not processed) + virtual size_t ChannelPutModifiable2(const std::string &channel, byte *inString, size_t length, int messageEnd, bool blocking); + + //! \brief Flush buffered input and/or output on a channel + //! \param channel the channel to flush the data + //! \param hardFlush is used to indicate whether all data should be flushed + //! \param propagation the number of attached transformations the ChannelFlush() signal should be passed + //! \param blocking specifies whether the object should block when processing input + //! \return true of the Flush was successful + //! \details propagation count includes this object. Setting propagation to 1 means this + //! object only. Setting propagation to -1 means unlimited propagation. + virtual bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true); + + //! \brief Marks the end of a series of messages on a channel + //! \param channel the channel to signal the end of a series of messages + //! \param propagation the number of attached transformations the ChannelMessageSeriesEnd() signal should be passed + //! \param blocking specifies whether the object should block when processing input + //! \details Each object that receives the signal will perform its processing, decrement + //! propagation, and then pass the signal on to attached transformations if the value is not 0. + //! \details propagation count includes this object. Setting propagation to 1 means this + //! object only. Setting propagation to -1 means unlimited propagation. + //! \note There should be a MessageEnd() immediately before MessageSeriesEnd(). + virtual bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true); + + //! \brief Sets the default retrieval channel + //! \param channel the channel to signal the end of a series of messages + //! \note this function may not be implemented in all objects that should support it. + virtual void SetRetrievalChannel(const std::string &channel); + //@} + + //! \name ATTACHMENT + //! \details Some BufferedTransformation objects (e.g. Filter objects) allow other BufferedTransformation objects to be + //! attached. When this is done, the first object instead of buffering its output, sends that output to the attached + //! object as input. The entire attachment chain is deleted when the anchor object is destructed. + + //@{ + //! \brief Determines whether the object allows attachment + //! \return true if the object allows an attachment, false otherwise + //! \details Sources and Filters will returns true, while Sinks and other objects will return false. + virtual bool Attachable() {return false;} + + //! \brief Returns the object immediately attached to this object + //! \return the attached transformation + //! \details AttachedTransformation() returns NULL if there is no attachment. The non-const + //! version of AttachedTransformation() always returns NULL. + virtual BufferedTransformation *AttachedTransformation() {CRYPTOPP_ASSERT(!Attachable()); return 0;} + + //! \brief Returns the object immediately attached to this object + //! \return the attached transformation + //! \details AttachedTransformation() returns NULL if there is no attachment. The non-const + //! version of AttachedTransformation() always returns NULL. + virtual const BufferedTransformation *AttachedTransformation() const + {return const_cast(this)->AttachedTransformation();} + + //! \brief Delete the current attachment chain and attach a new one + //! \param newAttachment the new BufferedTransformation to attach + //! \throws NotImplemented + //! \details Detach delete the current attachment chain and replace it with an optional newAttachment + //! \details If a derived class does not override Detach, then the base class throws + //! NotImplemented. + virtual void Detach(BufferedTransformation *newAttachment = 0) { + CRYPTOPP_UNUSED(newAttachment); CRYPTOPP_ASSERT(!Attachable()); + throw NotImplemented("BufferedTransformation: this object is not attachable"); + } + + //! \brief Add newAttachment to the end of attachment chain + //! \param newAttachment the attachment to add to the end of the chain + virtual void Attach(BufferedTransformation *newAttachment); + //@} + +protected: + //! \brief Decrements the propagation count while clamping at 0 + //! \return the decremented propagation or 0 + static int DecrementPropagation(int propagation) + {return propagation != 0 ? propagation - 1 : 0;} + +private: + byte m_buf[4]; // for ChannelPutWord16 and ChannelPutWord32, to ensure buffer isn't deallocated before non-blocking operation completes +}; + +//! \brief An input discarding BufferedTransformation +//! \return a reference to a BufferedTransformation object that discards all input +CRYPTOPP_DLL BufferedTransformation & TheBitBucket(); + +//! \class CryptoMaterial +//! \brief Interface for crypto material, such as public and private keys, and crypto parameters +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CryptoMaterial : public NameValuePairs +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~CryptoMaterial() {} +#endif + + //! Exception thrown when invalid crypto material is detected + class CRYPTOPP_DLL InvalidMaterial : public InvalidDataFormat + { + public: + explicit InvalidMaterial(const std::string &s) : InvalidDataFormat(s) {} + }; + + //! \brief Assign values to this object + //! \details This function can be used to create a public key from a private key. + virtual void AssignFrom(const NameValuePairs &source) =0; + + //! \brief Check this object for errors + //! \param rng a RandomNumberGenerator for objects which use randomized testing + //! \param level the level of thoroughness + //! \returns true if the tests succeed, false otherwise + //! \details There are four levels of thoroughness: + //!
    + //!
  • 0 - using this object won't cause a crash or exception + //!
  • 1 - this object will probably function, and encrypt, sign, other operations correctly + //!
  • 2 - ensure this object will function correctly, and perform reasonable security checks + //!
  • 3 - perform reasonable security checks, and do checks that may take a long time + //!
+ //! \details Level 0 does not require a RandomNumberGenerator. A NullRNG() can be used for level 0. + //! Level 1 may not check for weak keys and such. Levels 2 and 3 are recommended. + //! \sa ThrowIfInvalid() + virtual bool Validate(RandomNumberGenerator &rng, unsigned int level) const =0; + + //! \brief Check this object for errors + //! \param rng a RandomNumberGenerator for objects which use randomized testing + //! \param level the level of thoroughness + //! \throws InvalidMaterial + //! \details Internally, ThrowIfInvalid() calls Validate() and throws InvalidMaterial() if validation fails. + //! \sa Validate() + virtual void ThrowIfInvalid(RandomNumberGenerator &rng, unsigned int level) const + {if (!Validate(rng, level)) throw InvalidMaterial("CryptoMaterial: this object contains invalid values");} + + //! \brief Saves a key to a BufferedTransformation + //! \param bt the destination BufferedTransformation + //! \throws NotImplemented + //! \details Save() writes the material to a BufferedTransformation. + //! \details If the material is a key, then the key is written with ASN.1 DER encoding. The key + //! includes an object identifier with an algorthm id, like a subjectPublicKeyInfo. + //! \details A "raw" key without the "key info" can be saved using a key's DEREncode() method. + //! \details If a derived class does not override Save(), then the base class throws + //! NotImplemented(). + virtual void Save(BufferedTransformation &bt) const + {CRYPTOPP_UNUSED(bt); throw NotImplemented("CryptoMaterial: this object does not support saving");} + + //! \brief Loads a key from a BufferedTransformation + //! \param bt the source BufferedTransformation + //! \throws KeyingErr + //! \details Load() attempts to read material from a BufferedTransformation. If the + //! material is a key that was generated outside the library, then the following + //! usually applies: + //!
    + //!
  • the key should be ASN.1 BER encoded + //!
  • the key should be a "key info" + //!
+ //! \details "key info" means the key should have an object identifier with an algorthm id, + //! like a subjectPublicKeyInfo. + //! \details To read a "raw" key without the "key info", then call the key's BERDecode() method. + //! \note Load generally does not check that the key is valid. Call Validate(), if needed. + virtual void Load(BufferedTransformation &bt) + {CRYPTOPP_UNUSED(bt); throw NotImplemented("CryptoMaterial: this object does not support loading");} + + //! \brief Determines whether the object supports precomputation + //! \return true if the object supports precomputation, false otherwise + //! \sa Precompute() + virtual bool SupportsPrecomputation() const {return false;} + + //! \brief Perform precomputation + //! \param precomputationStorage the suggested number of objects for the precompute table + //! \throws NotImplemented + //! \details The exact semantics of Precompute() varies, but it typically means calculate + //! a table of n objects that can be used later to speed up computation. + //! \details If a derived class does not override Precompute(), then the base class throws + //! NotImplemented. + //! \sa SupportsPrecomputation(), LoadPrecomputation(), SavePrecomputation() + virtual void Precompute(unsigned int precomputationStorage) { + CRYPTOPP_UNUSED(precomputationStorage); CRYPTOPP_ASSERT(!SupportsPrecomputation()); + throw NotImplemented("CryptoMaterial: this object does not support precomputation"); + } + + //! \brief Retrieve previously saved precomputation + //! \param storedPrecomputation BufferedTransformation with the saved precomputation + //! \throws NotImplemented + //! \sa SupportsPrecomputation(), Precompute() + virtual void LoadPrecomputation(BufferedTransformation &storedPrecomputation) + {CRYPTOPP_UNUSED(storedPrecomputation); CRYPTOPP_ASSERT(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");} + //! \brief Save precomputation for later use + //! \param storedPrecomputation BufferedTransformation to write the precomputation + //! \throws NotImplemented + //! \sa SupportsPrecomputation(), Precompute() + virtual void SavePrecomputation(BufferedTransformation &storedPrecomputation) const + {CRYPTOPP_UNUSED(storedPrecomputation); CRYPTOPP_ASSERT(!SupportsPrecomputation()); throw NotImplemented("CryptoMaterial: this object does not support precomputation");} + + //! \brief Perform a quick sanity check + //! \details DoQuickSanityCheck() is for internal library use, and it should not be called by library users. + void DoQuickSanityCheck() const {ThrowIfInvalid(NullRNG(), 0);} + +#if (defined(__SUNPRO_CC) && __SUNPRO_CC < 0x590) + // Sun Studio 11/CC 5.8 workaround: it generates incorrect code when casting to an empty virtual base class + char m_sunCCworkaround; +#endif +}; + +//! \class GeneratableCryptoMaterial +//! \brief Interface for generatable crypto material, such as private keys and crypto parameters +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GeneratableCryptoMaterial : virtual public CryptoMaterial +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~GeneratableCryptoMaterial() {} +#endif + + //! \brief Generate a random key or crypto parameters + //! \param rng a RandomNumberGenerator to produce keying material + //! \param params additional initialization parameters + //! \throws KeyingErr if a key can't be generated or algorithm parameters are invalid + //! \details If a derived class does not override GenerateRandom, then the base class throws + //! NotImplemented. + virtual void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms = g_nullNameValuePairs) { + CRYPTOPP_UNUSED(rng); CRYPTOPP_UNUSED(params); + throw NotImplemented("GeneratableCryptoMaterial: this object does not support key/parameter generation"); + } + + //! \brief Generate a random key or crypto parameters + //! \param rng a RandomNumberGenerator to produce keying material + //! \param keySize the size of the key, in bits + //! \throws KeyingErr if a key can't be generated or algorithm parameters are invalid + //! \details GenerateRandomWithKeySize calls GenerateRandom with a NameValuePairs + //! object with only "KeySize" + void GenerateRandomWithKeySize(RandomNumberGenerator &rng, unsigned int keySize); +}; + +//! \brief Interface for public keys +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PublicKey : virtual public CryptoMaterial +{ +}; + +//! \brief Interface for private keys +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PrivateKey : public GeneratableCryptoMaterial +{ +}; + +//! \brief Interface for crypto prameters +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CryptoParameters : public GeneratableCryptoMaterial +{ +}; + +//! \brief Interface for asymmetric algorithms +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AsymmetricAlgorithm : public Algorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~AsymmetricAlgorithm() {} +#endif + + //! \brief Retrieves a reference to CryptoMaterial + //! \return a reference to the crypto material + virtual CryptoMaterial & AccessMaterial() =0; + + //! \brief Retrieves a reference to CryptoMaterial + //! \return a const reference to the crypto material + virtual const CryptoMaterial & GetMaterial() const =0; + + //! \brief Loads this object from a BufferedTransformation + //! \param bt a BufferedTransformation object + //! \deprecated for backwards compatibility, calls AccessMaterial().Load(bt) + void BERDecode(BufferedTransformation &bt) + {AccessMaterial().Load(bt);} + + //! \brief Saves this object to a BufferedTransformation + //! \param bt a BufferedTransformation object + //! \deprecated for backwards compatibility, calls GetMaterial().Save(bt) + void DEREncode(BufferedTransformation &bt) const + {GetMaterial().Save(bt);} +}; + +//! \brief Interface for asymmetric algorithms using public keys +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PublicKeyAlgorithm : public AsymmetricAlgorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~PublicKeyAlgorithm() {} +#endif + + // VC60 workaround: no co-variant return type + + //! \brief Retrieves a reference to a Public Key + //! \return a reference to the public key + CryptoMaterial & AccessMaterial() + {return AccessPublicKey();} + //! \brief Retrieves a reference to a Public Key + //! \return a const reference the public key + const CryptoMaterial & GetMaterial() const + {return GetPublicKey();} + + //! \brief Retrieves a reference to a Public Key + //! \return a reference to the public key + virtual PublicKey & AccessPublicKey() =0; + //! \brief Retrieves a reference to a Public Key + //! \return a const reference the public key + virtual const PublicKey & GetPublicKey() const + {return const_cast(this)->AccessPublicKey();} +}; + +//! \brief Interface for asymmetric algorithms using private keys +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PrivateKeyAlgorithm : public AsymmetricAlgorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~PrivateKeyAlgorithm() {} +#endif + + //! \brief Retrieves a reference to a Private Key + //! \return a reference the private key + CryptoMaterial & AccessMaterial() {return AccessPrivateKey();} + //! \brief Retrieves a reference to a Private Key + //! \return a const reference the private key + const CryptoMaterial & GetMaterial() const {return GetPrivateKey();} + + //! \brief Retrieves a reference to a Private Key + //! \return a reference the private key + virtual PrivateKey & AccessPrivateKey() =0; + //! \brief Retrieves a reference to a Private Key + //! \return a const reference the private key + virtual const PrivateKey & GetPrivateKey() const {return const_cast(this)->AccessPrivateKey();} +}; + +//! \brief Interface for key agreement algorithms +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE KeyAgreementAlgorithm : public AsymmetricAlgorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~KeyAgreementAlgorithm() {} +#endif + + //! \brief Retrieves a reference to Crypto Parameters + //! \return a reference the crypto parameters + CryptoMaterial & AccessMaterial() {return AccessCryptoParameters();} + //! \brief Retrieves a reference to Crypto Parameters + //! \return a const reference the crypto parameters + const CryptoMaterial & GetMaterial() const {return GetCryptoParameters();} + + //! \brief Retrieves a reference to Crypto Parameters + //! \return a reference the crypto parameters + virtual CryptoParameters & AccessCryptoParameters() =0; + //! \brief Retrieves a reference to Crypto Parameters + //! \return a const reference the crypto parameters + virtual const CryptoParameters & GetCryptoParameters() const {return const_cast(this)->AccessCryptoParameters();} +}; + +//! \brief Interface for public-key encryptors and decryptors +//! \details This class provides an interface common to encryptors and decryptors +//! for querying their plaintext and ciphertext lengths. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_CryptoSystem +{ +public: + virtual ~PK_CryptoSystem() {} + + //! \brief Provides the maximum length of plaintext for a given ciphertext length + //! \return the maximum size of the plaintext, in bytes + //! \details This function returns 0 if ciphertextLength is not valid (too long or too short). + virtual size_t MaxPlaintextLength(size_t ciphertextLength) const =0; + + //! \brief Calculate the length of ciphertext given length of plaintext + //! \return the maximum size of the ciphertext, in bytes + //! \details This function returns 0 if plaintextLength is not valid (too long). + virtual size_t CiphertextLength(size_t plaintextLength) const =0; + + //! \brief Determines whether this object supports the use of a named parameter + //! \param name the name of the parameter + //! \return true if the parameter name is supported, false otherwise + //! \details Some possible parameter names: EncodingParameters(), KeyDerivationParameters() + //! and others Parameters listed in argnames.h + virtual bool ParameterSupported(const char *name) const =0; + + //! \brief Provides the fixed ciphertext length, if one exists + //! \return the fixed ciphertext length if one exists, otherwise 0 + //! \details "Fixed" here means length of ciphertext does not depend on length of plaintext. + //! In this case, it usually does depend on the key length. + virtual size_t FixedCiphertextLength() const {return 0;} + + //! \brief Provides the maximum plaintext length given a fixed ciphertext length + //! \return maximum plaintext length given the fixed ciphertext length, if one exists, + //! otherwise return 0. + //! \details FixedMaxPlaintextLength(0 returns the maximum plaintext length given the fixed ciphertext + //! length, if one exists, otherwise return 0. + virtual size_t FixedMaxPlaintextLength() const {return 0;} + +#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY + size_t MaxPlainTextLength(size_t cipherTextLength) const {return MaxPlaintextLength(cipherTextLength);} + size_t CipherTextLength(size_t plainTextLength) const {return CiphertextLength(plainTextLength);} +#endif +}; + +//! \class PK_Encryptor +//! \brief Interface for public-key encryptors +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Encryptor : public PK_CryptoSystem, public PublicKeyAlgorithm +{ +public: + //! \brief Exception thrown when trying to encrypt plaintext of invalid length + class CRYPTOPP_DLL InvalidPlaintextLength : public Exception + { + public: + InvalidPlaintextLength() : Exception(OTHER_ERROR, "PK_Encryptor: invalid plaintext length") {} + }; + + //! \brief Encrypt a byte string + //! \param rng a RandomNumberGenerator derived class + //! \param plaintext the plaintext byte buffer + //! \param plaintextLength the size of the plaintext byte buffer + //! \param ciphertext a byte buffer to hold the encrypted string + //! \param parameters a set of NameValuePairs to initialize this object + //! \pre CiphertextLength(plaintextLength) != 0 ensures the plaintext isn't too large + //! \pre COUNTOF(ciphertext) == CiphertextLength(plaintextLength) ensures the output + //! byte buffer is large enough. + //! \sa PK_Decryptor + virtual void Encrypt(RandomNumberGenerator &rng, + const byte *plaintext, size_t plaintextLength, + byte *ciphertext, const NameValuePairs ¶meters = g_nullNameValuePairs) const =0; + + //! \brief Create a new encryption filter + //! \param rng a RandomNumberGenerator derived class + //! \param attachment an attached transformation + //! \param parameters a set of NameValuePairs to initialize this object + //! \details \p attachment can be \p NULL. The caller is responsible for deleting the returned pointer. + //! Encoding parameters should be passed in the "EP" channel. + virtual BufferedTransformation * CreateEncryptionFilter(RandomNumberGenerator &rng, + BufferedTransformation *attachment=NULL, const NameValuePairs ¶meters = g_nullNameValuePairs) const; +}; + +//! \class PK_Decryptor +//! \brief Interface for public-key decryptors +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Decryptor : public PK_CryptoSystem, public PrivateKeyAlgorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~PK_Decryptor() {} +#endif + + //! \brief Decrypt a byte string + //! \param rng a RandomNumberGenerator derived class + //! \param ciphertext the encrypted byte buffer + //! \param ciphertextLength the size of the encrypted byte buffer + //! \param plaintext a byte buffer to hold the decrypted string + //! \param parameters a set of NameValuePairs to initialize this object + //! \return the result of the decryption operation + //! \details If DecodingResult::isValidCoding is true, then DecodingResult::messageLength + //! is valid and holds the the actual length of the plaintext recovered. The result is undefined + //! if decryption failed. If DecodingResult::isValidCoding is false, then DecodingResult::messageLength + //! is undefined. + //! \pre COUNTOF(plaintext) == MaxPlaintextLength(ciphertextLength) ensures the output + //! byte buffer is large enough + //! \sa PK_Encryptor + virtual DecodingResult Decrypt(RandomNumberGenerator &rng, + const byte *ciphertext, size_t ciphertextLength, + byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const =0; + + //! \brief Create a new decryption filter + //! \param rng a RandomNumberGenerator derived class + //! \param attachment an attached transformation + //! \param parameters a set of NameValuePairs to initialize this object + //! \return the newly created decryption filter + //! \note the caller is responsible for deleting the returned pointer + virtual BufferedTransformation * CreateDecryptionFilter(RandomNumberGenerator &rng, + BufferedTransformation *attachment=NULL, const NameValuePairs ¶meters = g_nullNameValuePairs) const; + + //! \brief Decrypt a fixed size ciphertext + //! \param rng a RandomNumberGenerator derived class + //! \param ciphertext the encrypted byte buffer + //! \param plaintext a byte buffer to hold the decrypted string + //! \param parameters a set of NameValuePairs to initialize this object + //! \return the result of the decryption operation + //! \details If DecodingResult::isValidCoding is true, then DecodingResult::messageLength + //! is valid and holds the the actual length of the plaintext recovered. The result is undefined + //! if decryption failed. If DecodingResult::isValidCoding is false, then DecodingResult::messageLength + //! is undefined. + //! \pre COUNTOF(plaintext) == MaxPlaintextLength(ciphertextLength) ensures the output + //! byte buffer is large enough + //! \sa PK_Encryptor + DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *ciphertext, byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const + {return Decrypt(rng, ciphertext, FixedCiphertextLength(), plaintext, parameters);} +}; + +#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY +typedef PK_CryptoSystem PK_FixedLengthCryptoSystem; +typedef PK_Encryptor PK_FixedLengthEncryptor; +typedef PK_Decryptor PK_FixedLengthDecryptor; +#endif + +//! \class PK_SignatureScheme +//! \brief Interface for public-key signers and verifiers +//! \details This class provides an interface common to signers and verifiers for querying scheme properties +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_SignatureScheme +{ +public: + //! \class InvalidKeyLength + //! \brief Exception throw when the private or public key has a length that can't be used + //! \details InvalidKeyLength() may be thrown by any function in this class if the private + //! or public key has a length that can't be used + class CRYPTOPP_DLL InvalidKeyLength : public Exception + { + public: + InvalidKeyLength(const std::string &message) : Exception(OTHER_ERROR, message) {} + }; + + //! \class KeyTooShort + //! \brief Exception throw when the private or public key is too short to sign or verify + //! \details KeyTooShort() may be thrown by any function in this class if the private or public + //! key is too short to sign or verify anything + class CRYPTOPP_DLL KeyTooShort : public InvalidKeyLength + { + public: + KeyTooShort() : InvalidKeyLength("PK_Signer: key too short for this signature scheme") {} + }; + + virtual ~PK_SignatureScheme() {} + + //! \brief Provides the signature length if it only depends on the key + //! \return the signature length if it only depends on the key, in bytes + //! \details SignatureLength() returns the signature length if it only depends on the key, otherwise 0. + virtual size_t SignatureLength() const =0; + + //! \brief Provides the maximum signature length produced given the length of the recoverable message part + //! \param recoverablePartLength the length of the recoverable message part, in bytes + //! \return the maximum signature length produced for a given length of recoverable message part, in bytes + //! \details MaxSignatureLength() returns the maximum signature length produced given the length of the + //! recoverable message part. + virtual size_t MaxSignatureLength(size_t recoverablePartLength = 0) const + {CRYPTOPP_UNUSED(recoverablePartLength); return SignatureLength();} + + //! \brief Provides the length of longest message that can be recovered + //! \return the length of longest message that can be recovered, in bytes + //! \details MaxRecoverableLength() returns the length of longest message that can be recovered, or 0 if + //! this signature scheme does not support message recovery. + virtual size_t MaxRecoverableLength() const =0; + + //! \brief Provides the length of longest message that can be recovered from a signature of given length + //! \param signatureLength the length of the signature, in bytes + //! \return the length of longest message that can be recovered from a signature of given length, in bytes + //! \details MaxRecoverableLengthFromSignatureLength() returns the length of longest message that can be + //! recovered from a signature of given length, or 0 if this signature scheme does not support message + //! recovery. + virtual size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const =0; + + //! \brief Determines whether a signature scheme requires a random number generator + //! \return true if the signature scheme requires a RandomNumberGenerator() to sign + //! \details if IsProbabilistic() returns false, then NullRNG() can be passed to functions that take + //! RandomNumberGenerator(). + virtual bool IsProbabilistic() const =0; + + //! \brief Determines whether the non-recoverable message part can be signed + //! \return true if the non-recoverable message part can be signed + virtual bool AllowNonrecoverablePart() const =0; + + //! \brief Determines whether the signature must be input before the message + //! \return true if the signature must be input before the message during verifcation + //! \details if SignatureUpfront() returns true, then you must input the signature before the message + //! during verification. Otherwise you can input the signature at anytime. + virtual bool SignatureUpfront() const {return false;} + + //! \brief Determines whether the recoverable part must be input before the non-recoverable part + //! \return true if the recoverable part must be input before the non-recoverable part during signing + //! \details RecoverablePartFirst() determines whether you must input the recoverable part before the + //! non-recoverable part during signing + virtual bool RecoverablePartFirst() const =0; +}; + +//! \class PK_MessageAccumulator +//! \brief Interface for accumulating messages to be signed or verified +//! \details Only Update() should be called from the PK_MessageAccumulator() class. No other functions +//! inherited from HashTransformation, like DigestSize() and TruncatedFinal(), should be called. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_MessageAccumulator : public HashTransformation +{ +public: + //! \warning DigestSize() should not be called on PK_MessageAccumulator + unsigned int DigestSize() const + {throw NotImplemented("PK_MessageAccumulator: DigestSize() should not be called");} + + //! \warning TruncatedFinal() should not be called on PK_MessageAccumulator + void TruncatedFinal(byte *digest, size_t digestSize) + { + CRYPTOPP_UNUSED(digest); CRYPTOPP_UNUSED(digestSize); + throw NotImplemented("PK_MessageAccumulator: TruncatedFinal() should not be called"); + } +}; + +//! \class PK_Signer +//! \brief Interface for public-key signers +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Signer : public PK_SignatureScheme, public PrivateKeyAlgorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~PK_Signer() {} +#endif + + //! \brief Create a new HashTransformation to accumulate the message to be signed + //! \param rng a RandomNumberGenerator derived class + //! \return a pointer to a PK_MessageAccumulator + //! \details NewSignatureAccumulator() can be used with all signing methods. Sign() will autimatically delete the + //! accumulator pointer. The caller is responsible for deletion if a method is called that takes a reference. + virtual PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const =0; + + //! \brief Input a recoverable message to an accumulator + //! \param messageAccumulator a reference to a PK_MessageAccumulator + //! \param recoverableMessage a pointer to the recoverable message part to be signed + //! \param recoverableMessageLength the size of the recoverable message part + virtual void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const =0; + + //! \brief Sign and delete the messageAccumulator + //! \param rng a RandomNumberGenerator derived class + //! \param messageAccumulator a pointer to a PK_MessageAccumulator derived class + //! \param signature a block of bytes for the signature + //! \return actual signature length + //! \details Sign() deletes the messageAccumulator, even if an exception is thrown. + //! \pre COUNTOF(signature) == MaxSignatureLength() + virtual size_t Sign(RandomNumberGenerator &rng, PK_MessageAccumulator *messageAccumulator, byte *signature) const; + + //! \brief Sign and restart messageAccumulator + //! \param rng a RandomNumberGenerator derived class + //! \param messageAccumulator a pointer to a PK_MessageAccumulator derived class + //! \param signature a block of bytes for the signature + //! \param restart flag indicating whether the messageAccumulator should be restarted + //! \return actual signature length + //! \pre COUNTOF(signature) == MaxSignatureLength() + virtual size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const =0; + + //! \brief Sign a message + //! \param rng a RandomNumberGenerator derived class + //! \param message a pointer to the message + //! \param messageLen the size of the message to be signed + //! \param signature a block of bytes for the signature + //! \return actual signature length + //! \pre COUNTOF(signature) == MaxSignatureLength() + virtual size_t SignMessage(RandomNumberGenerator &rng, const byte *message, size_t messageLen, byte *signature) const; + + //! \brief Sign a recoverable message + //! \param rng a RandomNumberGenerator derived class + //! \param recoverableMessage a pointer to the recoverable message part to be signed + //! \param recoverableMessageLength the size of the recoverable message part + //! \param nonrecoverableMessage a pointer to the non-recoverable message part to be signed + //! \param nonrecoverableMessageLength the size of the non-recoverable message part + //! \param signature a block of bytes for the signature + //! \return actual signature length + //! \pre COUNTOF(signature) == MaxSignatureLength(recoverableMessageLength) + virtual size_t SignMessageWithRecovery(RandomNumberGenerator &rng, const byte *recoverableMessage, size_t recoverableMessageLength, + const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, byte *signature) const; +}; + +//! \class PK_Verifier +//! \brief Interface for public-key signature verifiers +//! \details The Recover* functions throw NotImplemented if the signature scheme does not support +//! message recovery. +//! \details The Verify* functions throw InvalidDataFormat if the scheme does support message +//! recovery and the signature contains a non-empty recoverable message part. The +//! Recover* functions should be used in that case. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_Verifier : public PK_SignatureScheme, public PublicKeyAlgorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~PK_Verifier() {} +#endif + + //! \brief Create a new HashTransformation to accumulate the message to be verified + //! \return a pointer to a PK_MessageAccumulator + //! \details NewVerificationAccumulator() can be used with all verification methods. Verify() will autimatically delete + //! the accumulator pointer. The caller is responsible for deletion if a method is called that takes a reference. + virtual PK_MessageAccumulator * NewVerificationAccumulator() const =0; + + //! \brief Input signature into a message accumulator + //! \param messageAccumulator a pointer to a PK_MessageAccumulator derived class + //! \param signature the signature on the message + //! \param signatureLength the size of the signature + virtual void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const =0; + + //! \brief Check whether messageAccumulator contains a valid signature and message + //! \param messageAccumulator a pointer to a PK_MessageAccumulator derived class + //! \return true if the signature is valid, false otherwise + //! \details Verify() deletes the messageAccumulator, even if an exception is thrown. + virtual bool Verify(PK_MessageAccumulator *messageAccumulator) const; + + //! \brief Check whether messageAccumulator contains a valid signature and message, and restart messageAccumulator + //! \param messageAccumulator a reference to a PK_MessageAccumulator derived class + //! \return true if the signature is valid, false otherwise + //! \details VerifyAndRestart() restarts the messageAccumulator + virtual bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const =0; + + //! \brief Check whether input signature is a valid signature for input message + //! \param message a pointer to the message to be verified + //! \param messageLen the size of the message + //! \param signature a pointer to the signature over the message + //! \param signatureLen the size of the signature + //! \return true if the signature is valid, false otherwise + virtual bool VerifyMessage(const byte *message, size_t messageLen, + const byte *signature, size_t signatureLen) const; + + //! \brief Recover a message from its signature + //! \param recoveredMessage a pointer to the recoverable message part to be verified + //! \param messageAccumulator a pointer to a PK_MessageAccumulator derived class + //! \return the result of the verification operation + //! \details Recover() deletes the messageAccumulator, even if an exception is thrown. + //! \pre COUNTOF(recoveredMessage) == MaxRecoverableLengthFromSignatureLength(signatureLength) + virtual DecodingResult Recover(byte *recoveredMessage, PK_MessageAccumulator *messageAccumulator) const; + + //! \brief Recover a message from its signature + //! \param recoveredMessage a pointer to the recoverable message part to be verified + //! \param messageAccumulator a pointer to a PK_MessageAccumulator derived class + //! \return the result of the verification operation + //! \details RecoverAndRestart() restarts the messageAccumulator + //! \pre COUNTOF(recoveredMessage) == MaxRecoverableLengthFromSignatureLength(signatureLength) + virtual DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const =0; + + //! \brief Recover a message from its signature + //! \param recoveredMessage a pointer for the recovered message + //! \param nonrecoverableMessage a pointer to the non-recoverable message part to be signed + //! \param nonrecoverableMessageLength the size of the non-recoverable message part + //! \param signature the signature on the message + //! \param signatureLength the size of the signature + //! \return the result of the verification operation + //! \pre COUNTOF(recoveredMessage) == MaxRecoverableLengthFromSignatureLength(signatureLength) + virtual DecodingResult RecoverMessage(byte *recoveredMessage, + const byte *nonrecoverableMessage, size_t nonrecoverableMessageLength, + const byte *signature, size_t signatureLength) const; +}; + +//! \class SimpleKeyAgreementDomain +//! \brief Interface for domains of simple key agreement protocols +//! \details A key agreement domain is a set of parameters that must be shared +//! by two parties in a key agreement protocol, along with the algorithms +//! for generating key pairs and deriving agreed values. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE SimpleKeyAgreementDomain : public KeyAgreementAlgorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~SimpleKeyAgreementDomain() {} +#endif + + //! \brief Provides the size of the agreed value + //! \return size of agreed value produced in this domain + virtual unsigned int AgreedValueLength() const =0; + + //! \brief Provides the size of the private key + //! \return size of private keys in this domain + virtual unsigned int PrivateKeyLength() const =0; + + //! \brief Provides the size of the public key + //! \return size of public keys in this domain + virtual unsigned int PublicKeyLength() const =0; + + //! \brief Generate private key in this domain + //! \param rng a RandomNumberGenerator derived class + //! \param privateKey a byte buffer for the generated private key in this domain + //! \pre COUNTOF(privateKey) == PrivateKeyLength() + virtual void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0; + + //! \brief Generate a public key from a private key in this domain + //! \param rng a RandomNumberGenerator derived class + //! \param privateKey a byte buffer with the previously generated private key + //! \param publicKey a byte buffer for the generated public key in this domain + //! \pre COUNTOF(publicKey) == PublicKeyLength() + virtual void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0; + + //! \brief Generate a private/public key pair + //! \param rng a RandomNumberGenerator derived class + //! \param privateKey a byte buffer for the generated private key in this domain + //! \param publicKey a byte buffer for the generated public key in this domain + //! \details GenerateKeyPair() is equivalent to calling GeneratePrivateKey() and then GeneratePublicKey(). + //! \pre COUNTOF(privateKey) == PrivateKeyLength() + //! \pre COUNTOF(publicKey) == PublicKeyLength() + virtual void GenerateKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const; + + //! \brief Derive agreed value + //! \param agreedValue a byte buffer for the shared secret + //! \param privateKey a byte buffer with your private key in this domain + //! \param otherPublicKey a byte buffer with the other party's public key in this domain + //! \param validateOtherPublicKey a flag indicating if the other party's public key should be validated + //! \return true upon success, false in case of failure + //! \details Agree() derives an agreed value from your private keys and couterparty's public keys. + //! \details The other party's public key is validated by default. If you have previously validated the + //! static public key, use validateStaticOtherPublicKey=false to save time. + //! \pre COUNTOF(agreedValue) == AgreedValueLength() + //! \pre COUNTOF(privateKey) == PrivateKeyLength() + //! \pre COUNTOF(otherPublicKey) == PublicKeyLength() + virtual bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const =0; + +#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY + bool ValidateDomainParameters(RandomNumberGenerator &rng) const + {return GetCryptoParameters().Validate(rng, 2);} +#endif +}; + +//! \brief Interface for domains of authenticated key agreement protocols +//! \details In an authenticated key agreement protocol, each party has two +//! key pairs. The long-lived key pair is called the static key pair, +//! and the short-lived key pair is called the ephemeral key pair. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedKeyAgreementDomain : public KeyAgreementAlgorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~AuthenticatedKeyAgreementDomain() {} +#endif + + //! \brief Provides the size of the agreed value + //! \return size of agreed value produced in this domain + virtual unsigned int AgreedValueLength() const =0; + + //! \brief Provides the size of the static private key + //! \return size of static private keys in this domain + virtual unsigned int StaticPrivateKeyLength() const =0; + + //! \brief Provides the size of the static public key + //! \return size of static public keys in this domain + virtual unsigned int StaticPublicKeyLength() const =0; + + //! \brief Generate static private key in this domain + //! \param rng a RandomNumberGenerator derived class + //! \param privateKey a byte buffer for the generated private key in this domain + //! \pre COUNTOF(privateKey) == PrivateStaticKeyLength() + virtual void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0; + + //! \brief Generate a static public key from a private key in this domain + //! \param rng a RandomNumberGenerator derived class + //! \param privateKey a byte buffer with the previously generated private key + //! \param publicKey a byte buffer for the generated public key in this domain + //! \pre COUNTOF(publicKey) == PublicStaticKeyLength() + virtual void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0; + + //! \brief Generate a static private/public key pair + //! \param rng a RandomNumberGenerator derived class + //! \param privateKey a byte buffer for the generated private key in this domain + //! \param publicKey a byte buffer for the generated public key in this domain + //! \details GenerateStaticKeyPair() is equivalent to calling GenerateStaticPrivateKey() and then GenerateStaticPublicKey(). + //! \pre COUNTOF(privateKey) == PrivateStaticKeyLength() + //! \pre COUNTOF(publicKey) == PublicStaticKeyLength() + virtual void GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const; + + //! \brief Provides the size of ephemeral private key + //! \return the size of ephemeral private key in this domain + virtual unsigned int EphemeralPrivateKeyLength() const =0; + + //! \brief Provides the size of ephemeral public key + //! \return the size of ephemeral public key in this domain + virtual unsigned int EphemeralPublicKeyLength() const =0; + + //! \brief Generate ephemeral private key + //! \param rng a RandomNumberGenerator derived class + //! \param privateKey a byte buffer for the generated private key in this domain + //! \pre COUNTOF(privateKey) == PrivateEphemeralKeyLength() + virtual void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const =0; + + //! \brief Generate ephemeral public key + //! \param rng a RandomNumberGenerator derived class + //! \param privateKey a byte buffer for the generated private key in this domain + //! \param publicKey a byte buffer for the generated public key in this domain + //! \pre COUNTOF(publicKey) == PublicEphemeralKeyLength() + virtual void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const =0; + + //! \brief Generate private/public key pair + //! \param rng a RandomNumberGenerator derived class + //! \param privateKey a byte buffer for the generated private key in this domain + //! \param publicKey a byte buffer for the generated public key in this domain + //! \details GenerateEphemeralKeyPair() is equivalent to calling GenerateEphemeralPrivateKey() and then GenerateEphemeralPublicKey() + virtual void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const; + + //! \brief Derive agreed value + //! \param agreedValue a byte buffer for the shared secret + //! \param staticPrivateKey a byte buffer with your static private key in this domain + //! \param ephemeralPrivateKey a byte buffer with your ephemeral private key in this domain + //! \param staticOtherPublicKey a byte buffer with the other party's static public key in this domain + //! \param ephemeralOtherPublicKey a byte buffer with the other party's ephemeral public key in this domain + //! \param validateStaticOtherPublicKey a flag indicating if the other party's public key should be validated + //! \return true upon success, false in case of failure + //! \details Agree() derives an agreed value from your private keys and couterparty's public keys. + //! \details The other party's ephemeral public key is validated by default. If you have previously validated + //! the static public key, use validateStaticOtherPublicKey=false to save time. + //! \pre COUNTOF(agreedValue) == AgreedValueLength() + //! \pre COUNTOF(staticPrivateKey) == StaticPrivateKeyLength() + //! \pre COUNTOF(ephemeralPrivateKey) == EphemeralPrivateKeyLength() + //! \pre COUNTOF(staticOtherPublicKey) == StaticPublicKeyLength() + //! \pre COUNTOF(ephemeralOtherPublicKey) == EphemeralPublicKeyLength() + virtual bool Agree(byte *agreedValue, + const byte *staticPrivateKey, const byte *ephemeralPrivateKey, + const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, + bool validateStaticOtherPublicKey=true) const =0; + +#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY + bool ValidateDomainParameters(RandomNumberGenerator &rng) const + {return GetCryptoParameters().Validate(rng, 2);} +#endif +}; + +// interface for password authenticated key agreement protocols, not implemented yet +#if 0 +//! \brief Interface for protocol sessions +/*! The methods should be called in the following order: + + InitializeSession(rng, parameters); // or call initialize method in derived class + while (true) + { + if (OutgoingMessageAvailable()) + { + length = GetOutgoingMessageLength(); + GetOutgoingMessage(message); + ; // send outgoing message + } + + if (LastMessageProcessed()) + break; + + ; // receive incoming message + ProcessIncomingMessage(message); + } + ; // call methods in derived class to obtain result of protocol session +*/ +class ProtocolSession +{ +public: + //! Exception thrown when an invalid protocol message is processed + class ProtocolError : public Exception + { + public: + ProtocolError(ErrorType errorType, const std::string &s) : Exception(errorType, s) {} + }; + + //! Exception thrown when a function is called unexpectedly + /*! for example calling ProcessIncomingMessage() when ProcessedLastMessage() == true */ + class UnexpectedMethodCall : public Exception + { + public: + UnexpectedMethodCall(const std::string &s) : Exception(OTHER_ERROR, s) {} + }; + + ProtocolSession() : m_rng(NULL), m_throwOnProtocolError(true), m_validState(false) {} + virtual ~ProtocolSession() {} + + virtual void InitializeSession(RandomNumberGenerator &rng, const NameValuePairs ¶meters) =0; + + bool GetThrowOnProtocolError() const {return m_throwOnProtocolError;} + void SetThrowOnProtocolError(bool throwOnProtocolError) {m_throwOnProtocolError = throwOnProtocolError;} + + bool HasValidState() const {return m_validState;} + + virtual bool OutgoingMessageAvailable() const =0; + virtual unsigned int GetOutgoingMessageLength() const =0; + virtual void GetOutgoingMessage(byte *message) =0; + + virtual bool LastMessageProcessed() const =0; + virtual void ProcessIncomingMessage(const byte *message, unsigned int messageLength) =0; + +protected: + void HandleProtocolError(Exception::ErrorType errorType, const std::string &s) const; + void CheckAndHandleInvalidState() const; + void SetValidState(bool valid) {m_validState = valid;} + + RandomNumberGenerator *m_rng; + +private: + bool m_throwOnProtocolError, m_validState; +}; + +class KeyAgreementSession : public ProtocolSession +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~KeyAgreementSession() {} +#endif + + virtual unsigned int GetAgreedValueLength() const =0; + virtual void GetAgreedValue(byte *agreedValue) const =0; +}; + +class PasswordAuthenticatedKeyAgreementSession : public KeyAgreementSession +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~PasswordAuthenticatedKeyAgreementSession() {} +#endif + + void InitializePasswordAuthenticatedKeyAgreementSession(RandomNumberGenerator &rng, + const byte *myId, unsigned int myIdLength, + const byte *counterPartyId, unsigned int counterPartyIdLength, + const byte *passwordOrVerifier, unsigned int passwordOrVerifierLength); +}; + +class PasswordAuthenticatedKeyAgreementDomain : public KeyAgreementAlgorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~PasswordAuthenticatedKeyAgreementDomain() {} +#endif + + //! return whether the domain parameters stored in this object are valid + virtual bool ValidateDomainParameters(RandomNumberGenerator &rng) const + {return GetCryptoParameters().Validate(rng, 2);} + + virtual unsigned int GetPasswordVerifierLength(const byte *password, unsigned int passwordLength) const =0; + virtual void GeneratePasswordVerifier(RandomNumberGenerator &rng, const byte *userId, unsigned int userIdLength, const byte *password, unsigned int passwordLength, byte *verifier) const =0; + + enum RoleFlags {CLIENT=1, SERVER=2, INITIATOR=4, RESPONDER=8}; + + virtual bool IsValidRole(unsigned int role) =0; + virtual PasswordAuthenticatedKeyAgreementSession * CreateProtocolSession(unsigned int role) const =0; +}; +#endif + +//! \brief Exception thrown when an ASN.1 BER decoing error is encountered +class CRYPTOPP_DLL BERDecodeErr : public InvalidArgument +{ +public: + BERDecodeErr() : InvalidArgument("BER decode error") {} + BERDecodeErr(const std::string &s) : InvalidArgument(s) {} +}; + +//! \brief Interface for encoding and decoding ASN1 objects +//! \details Each class that derives from ASN1Object should provide a serialization format +//! that controls subobject layout. Most of the time the serialization format is +//! taken from a standard, like P1363 or an RFC. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE ASN1Object +{ +public: + virtual ~ASN1Object() {} + + //! \brief Decode this object from a BufferedTransformation + //! \param bt BufferedTransformation object + //! \details Uses Basic Encoding Rules (BER) + virtual void BERDecode(BufferedTransformation &bt) =0; + + //! \brief Encode this object into a BufferedTransformation + //! \param bt BufferedTransformation object + //! \details Uses Distinguished Encoding Rules (DER) + virtual void DEREncode(BufferedTransformation &bt) const =0; + + //! \brief Encode this object into a BufferedTransformation + //! \param bt BufferedTransformation object + //! \details Uses Basic Encoding Rules (BER). + //! \details This may be useful if DEREncode() would be too inefficient. + virtual void BEREncode(BufferedTransformation &bt) const {DEREncode(bt);} +}; + +#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY +typedef PK_SignatureScheme PK_SignatureSystem; +typedef SimpleKeyAgreementDomain PK_SimpleKeyAgreementDomain; +typedef AuthenticatedKeyAgreementDomain PK_AuthenticatedKeyAgreementDomain; +#endif + +NAMESPACE_END + +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + +#endif diff --git a/libs/win_crypto++/include/default.h b/libs/win_crypto++/include/default.h new file mode 100644 index 0000000..96631ea --- /dev/null +++ b/libs/win_crypto++/include/default.h @@ -0,0 +1,177 @@ +// default.h - written and placed in the public domain by Wei Dai + +//! \file default.h +//! \brief Classes for DefaultEncryptor, DefaultDecryptor, DefaultEncryptorWithMAC and DefaultDecryptorWithMAC + +#ifndef CRYPTOPP_DEFAULT_H +#define CRYPTOPP_DEFAULT_H + +#include "sha.h" +#include "hmac.h" +#include "des.h" +#include "modes.h" +#include "filters.h" +#include "smartptr.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \brief Default block cipher for DefaultEncryptor, DefaultDecryptor, DefaultEncryptorWithMAC and DefaultDecryptorWithMAC +typedef DES_EDE2 DefaultBlockCipher; +//! \brief Default hash for use with DefaultEncryptorWithMAC and DefaultDecryptorWithMAC +typedef SHA DefaultHashModule; +//! \brief Default HMAC for use withDefaultEncryptorWithMAC and DefaultDecryptorWithMAC +typedef HMAC DefaultMAC; + +//! \class DefaultEncryptor +//! \brief Password-Based Encryptor using TripleDES +//! \details The class uses 2-key TripleDES (DES_EDE2) for encryption, which only +//! provides about 80-bits of security. +class DefaultEncryptor : public ProxyFilter +{ +public: + //! \brief Construct a DefaultEncryptor + //! \param passphrase a C-String password + //! \param attachment a BufferedTransformation to attach to this object + DefaultEncryptor(const char *passphrase, BufferedTransformation *attachment = NULL); + + //! \brief Construct a DefaultEncryptor + //! \param passphrase a byte string password + //! \param passphraseLength the length of the byte string password + //! \param attachment a BufferedTransformation to attach to this object + DefaultEncryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL); + +protected: + void FirstPut(const byte *); + void LastPut(const byte *inString, size_t length); + +private: + SecByteBlock m_passphrase; + CBC_Mode::Encryption m_cipher; + +} CRYPTOPP_DEPRECATED ("DefaultEncryptor will be changing in the near future because the algorithms are no longer secure"); + +//! \class DefaultDecryptor +//! \brief Password-Based Decryptor using TripleDES +//! \details The class uses 2-key TripleDES (DES_EDE2) for encryption, which only +//! provides about 80-bits of security. +class DefaultDecryptor : public ProxyFilter +{ +public: + //! \brief Constructs a DefaultDecryptor + //! \param passphrase a C-String password + //! \param attachment a BufferedTransformation to attach to this object + //! \param throwException a flag specifiying whether an Exception should be thrown on error + DefaultDecryptor(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true); + + //! \brief Constructs a DefaultDecryptor + //! \param passphrase a byte string password + //! \param passphraseLength the length of the byte string password + //! \param attachment a BufferedTransformation to attach to this object + //! \param throwException a flag specifiying whether an Exception should be thrown on error + DefaultDecryptor(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true); + + class Err : public Exception + { + public: + Err(const std::string &s) + : Exception(DATA_INTEGRITY_CHECK_FAILED, s) {} + }; + class KeyBadErr : public Err {public: KeyBadErr() : Err("DefaultDecryptor: cannot decrypt message with this passphrase") {}}; + + enum State {WAITING_FOR_KEYCHECK, KEY_GOOD, KEY_BAD}; + State CurrentState() const {return m_state;} + +protected: + void FirstPut(const byte *inString); + void LastPut(const byte *inString, size_t length); + + State m_state; + +private: + void CheckKey(const byte *salt, const byte *keyCheck); + + SecByteBlock m_passphrase; + CBC_Mode::Decryption m_cipher; + member_ptr m_decryptor; + bool m_throwException; + +} CRYPTOPP_DEPRECATED ("DefaultDecryptor will be changing in the near future because the algorithms are no longer secure"); + +//! \class DefaultEncryptorWithMAC +//! \brief Password-Based encryptor using TripleDES and HMAC/SHA-1 +//! \details DefaultEncryptorWithMAC uses a non-standard mashup function called Mash() to derive key +//! bits from the password. The class also uses 2-key TripleDES (DES_EDE2) for encryption, which only +//! provides about 80-bits of security. +//! \details The purpose of the function Mash() is to take an arbitrary length input string and +//! *deterministically* produce an arbitrary length output string such that (1) it looks random, +//! (2) no information about the input is deducible from it, and (3) it contains as much entropy +//! as it can hold, or the amount of entropy in the input string, whichever is smaller. +class DefaultEncryptorWithMAC : public ProxyFilter +{ +public: + //! \brief Constructs a DefaultEncryptorWithMAC + //! \param passphrase a C-String password + //! \param attachment a BufferedTransformation to attach to this object + DefaultEncryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL); + + //! \brief Constructs a DefaultEncryptorWithMAC + //! \param passphrase a byte string password + //! \param passphraseLength the length of the byte string password + //! \param attachment a BufferedTransformation to attach to this object + DefaultEncryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL); + +protected: + void FirstPut(const byte *inString) {CRYPTOPP_UNUSED(inString);} + void LastPut(const byte *inString, size_t length); + +private: + member_ptr m_mac; + +} CRYPTOPP_DEPRECATED ("DefaultEncryptorWithMAC will be changing in the near future because the algorithms are no longer secure"); + +//! \class DefaultDecryptorWithMAC +//! \brief Password-Based decryptor using TripleDES and HMAC/SHA-1 +//! \details DefaultDecryptorWithMAC uses a non-standard mashup function called Mash() to derive key +//! bits from the password. The class also uses 2-key TripleDES (DES_EDE2) for encryption, which only +//! provides about 80-bits of security. +//! \details The purpose of the function Mash() is to take an arbitrary length input string and +//! *deterministically* produce an arbitrary length output string such that (1) it looks random, +//! (2) no information about the input is deducible from it, and (3) it contains as much entropy +//! as it can hold, or the amount of entropy in the input string, whichever is smaller. +class DefaultDecryptorWithMAC : public ProxyFilter +{ +public: + //! \class MACBadErr + //! \brief Excpetion thrown when an incorrect MAC is encountered + class MACBadErr : public DefaultDecryptor::Err {public: MACBadErr() : DefaultDecryptor::Err("DefaultDecryptorWithMAC: MAC check failed") {}}; + + //! \brief Constructs a DefaultDecryptor + //! \param passphrase a C-String password + //! \param attachment a BufferedTransformation to attach to this object + //! \param throwException a flag specifiying whether an Exception should be thrown on error + DefaultDecryptorWithMAC(const char *passphrase, BufferedTransformation *attachment = NULL, bool throwException=true); + + //! \brief Constructs a DefaultDecryptor + //! \param passphrase a byte string password + //! \param passphraseLength the length of the byte string password + //! \param attachment a BufferedTransformation to attach to this object + //! \param throwException a flag specifiying whether an Exception should be thrown on error + DefaultDecryptorWithMAC(const byte *passphrase, size_t passphraseLength, BufferedTransformation *attachment = NULL, bool throwException=true); + + DefaultDecryptor::State CurrentState() const; + bool CheckLastMAC() const; + +protected: + void FirstPut(const byte *inString) {CRYPTOPP_UNUSED(inString);} + void LastPut(const byte *inString, size_t length); + +private: + member_ptr m_mac; + HashVerifier *m_hashVerifier; + bool m_throwException; + +} CRYPTOPP_DEPRECATED ("DefaultDecryptorWithMAC will be changing in the near future because the algorithms are no longer secure"); + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/des.h b/libs/win_crypto++/include/des.h new file mode 100644 index 0000000..3a5ec78 --- /dev/null +++ b/libs/win_crypto++/include/des.h @@ -0,0 +1,167 @@ +// des.h - written and placed in the public domain by Wei Dai + +//! \file des.h +//! \brief Classes for DES, 2-key Triple-DES, 3-key Triple-DES and DESX + +#ifndef CRYPTOPP_DES_H +#define CRYPTOPP_DES_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class RawDES +//! \brief DES block cipher base class +class CRYPTOPP_DLL RawDES +{ +public: + void RawSetKey(CipherDir direction, const byte *userKey); + void RawProcessBlock(word32 &l, word32 &r) const; + +protected: + static const word32 Spbox[8][64]; + + FixedSizeSecBlock k; +}; + +//! \class DES_Info +//! \brief DES block cipher information +struct DES_Info : public FixedBlockSize<8>, public FixedKeyLength<8> +{ + // disable DES in DLL version by not exporting this function + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "DES";} +}; + +//! \class DES +//! \brief DES block cipher +//! \details The DES implementation in Crypto++ ignores the parity bits +//! (the least significant bits of each byte) in the key. However you can use CheckKeyParityBits() +//! and CorrectKeyParityBits() to check or correct the parity bits if you wish. +//! \sa DES +class DES : public DES_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief DES block cipher default operation + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl, public RawDES + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + +public: + //! check DES key parity bits + static bool CheckKeyParityBits(const byte *key); + //! correct DES key parity bits + static void CorrectKeyParityBits(byte *key); + + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +//! \class DES_EDE2_Info +//! \brief 2-key TripleDES block cipher information +struct DES_EDE2_Info : public FixedBlockSize<8>, public FixedKeyLength<16> +{ + CRYPTOPP_DLL static const char * CRYPTOPP_API StaticAlgorithmName() {return "DES-EDE2";} +}; + +//! \class DES_EDE2 +//! \brief 2-key TripleDES block cipher +/// \sa DES-EDE2 +class DES_EDE2 : public DES_EDE2_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief DES_EDE2 block cipher default operation + class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + + protected: + RawDES m_des1, m_des2; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +//! \class DES_EDE3_Info +//! \brief 3-key TripleDES block cipher information +struct DES_EDE3_Info : public FixedBlockSize<8>, public FixedKeyLength<24> +{ + CRYPTOPP_DLL static const char * CRYPTOPP_API StaticAlgorithmName() {return "DES-EDE3";} +}; + +//! \class DES_EDE3 +//! \brief 3-key TripleDES block cipher +//! \sa DES-EDE3 +class DES_EDE3 : public DES_EDE3_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief DES_EDE3 block cipher default operation + class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + + protected: + RawDES m_des1, m_des2, m_des3; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +//! \class DES_XEX3_Info +//! \brief DESX block cipher information +struct DES_XEX3_Info : public FixedBlockSize<8>, public FixedKeyLength<24> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "DES-XEX3";} +}; + +//! \class DES_XEX3 +//! \brief DESX block cipher +//! \sa DES-XEX3, AKA DESX +class DES_XEX3 : public DES_XEX3_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief DES_XEX3 block cipher default operation + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + + protected: + FixedSizeSecBlock m_x1, m_x3; + // VS2005 workaround: calling modules compiled with /clr gets unresolved external symbol DES::Base::ProcessAndXorBlock + // if we use DES::Encryption here directly without value_ptr. + value_ptr m_des; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef DES::Encryption DESEncryption; +typedef DES::Decryption DESDecryption; + +typedef DES_EDE2::Encryption DES_EDE2_Encryption; +typedef DES_EDE2::Decryption DES_EDE2_Decryption; + +typedef DES_EDE3::Encryption DES_EDE3_Encryption; +typedef DES_EDE3::Decryption DES_EDE3_Decryption; + +typedef DES_XEX3::Encryption DES_XEX3_Encryption; +typedef DES_XEX3::Decryption DES_XEX3_Decryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/dh.h b/libs/win_crypto++/include/dh.h new file mode 100644 index 0000000..461ec38 --- /dev/null +++ b/libs/win_crypto++/include/dh.h @@ -0,0 +1,176 @@ +// dh.h - written and placed in the public domain by Wei Dai + +//! \file dh.h +//! \brief Classes for Diffie-Hellman key exchange + +#ifndef CRYPTOPP_DH_H +#define CRYPTOPP_DH_H + +#include "cryptlib.h" +#include "gfpcrypt.h" +#include "algebra.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class DH_Domain +//! \brief Diffie-Hellman domain +//! \tparam GROUP_PARAMETERS group parameters +//! \tparam COFACTOR_OPTION \ref CofactorMultiplicationOption "cofactor multiplication option" +//! \details A Diffie-Hellman domain is a set of parameters that must be shared +//! by two parties in a key agreement protocol, along with the algorithms +//! for generating key pairs and deriving agreed values. +template +class DH_Domain : public DL_SimpleKeyAgreementDomainBase +{ + typedef DL_SimpleKeyAgreementDomainBase Base; + +public: + typedef GROUP_PARAMETERS GroupParameters; + typedef typename GroupParameters::Element Element; + typedef DL_KeyAgreementAlgorithm_DH DH_Algorithm; + typedef DH_Domain Domain; + + //! \brief Construct a Diffie-Hellman domain + DH_Domain() {} + + //! \brief Construct a Diffie-Hellman domain + //! \param params group parameters and options + DH_Domain(const GroupParameters ¶ms) + : m_groupParameters(params) {} + + //! \brief Construct a Diffie-Hellman domain + //! \param bt BufferedTransformation with group parameters and options + DH_Domain(BufferedTransformation &bt) + {m_groupParameters.BERDecode(bt);} + + //! \brief Construct a Diffie-Hellman domain + //! \tparam T2 template parameter used as a constructor parameter + //! \param v1 RandomNumberGenerator derived class + //! \param v2 second parameter + //! \details v1 and v2 are passed directly to the GROUP_PARAMETERS object. + template + DH_Domain(RandomNumberGenerator &v1, const T2 &v2) + {m_groupParameters.Initialize(v1, v2);} + + //! \brief Construct a Diffie-Hellman domain + //! \tparam T2 template parameter used as a constructor parameter + //! \tparam T3 template parameter used as a constructor parameter + //! \param v1 RandomNumberGenerator derived class + //! \param v2 second parameter + //! \param v3 third parameter + //! \details v1, v2 and v3 are passed directly to the GROUP_PARAMETERS object. + template + DH_Domain(RandomNumberGenerator &v1, const T2 &v2, const T3 &v3) + {m_groupParameters.Initialize(v1, v2, v3);} + + //! \brief Construct a Diffie-Hellman domain + //! \tparam T2 template parameter used as a constructor parameter + //! \tparam T3 template parameter used as a constructor parameter + //! \tparam T4 template parameter used as a constructor parameter + //! \param v1 RandomNumberGenerator derived class + //! \param v2 second parameter + //! \param v3 third parameter + //! \param v4 fourth parameter + //! \details v1, v2, v3 and v4 are passed directly to the GROUP_PARAMETERS object. + template + DH_Domain(RandomNumberGenerator &v1, const T2 &v2, const T3 &v3, const T4 &v4) + {m_groupParameters.Initialize(v1, v2, v3, v4);} + + //! \brief Construct a Diffie-Hellman domain + //! \tparam T1 template parameter used as a constructor parameter + //! \tparam T2 template parameter used as a constructor parameter + //! \param v1 first parameter + //! \param v2 second parameter + //! \details v1 and v2 are passed directly to the GROUP_PARAMETERS object. + template + DH_Domain(const T1 &v1, const T2 &v2) + {m_groupParameters.Initialize(v1, v2);} + + //! \brief Construct a Diffie-Hellman domain + //! \tparam T1 template parameter used as a constructor parameter + //! \tparam T2 template parameter used as a constructor parameter + //! \tparam T3 template parameter used as a constructor parameter + //! \param v1 first parameter + //! \param v2 second parameter + //! \param v3 third parameter + //! \details v1, v2 and v3 are passed directly to the GROUP_PARAMETERS object. + template + DH_Domain(const T1 &v1, const T2 &v2, const T3 &v3) + {m_groupParameters.Initialize(v1, v2, v3);} + + //! \brief Construct a Diffie-Hellman domain + //! \tparam T1 template parameter used as a constructor parameter + //! \tparam T2 template parameter used as a constructor parameter + //! \tparam T3 template parameter used as a constructor parameter + //! \tparam T4 template parameter used as a constructor parameter + //! \param v1 first parameter + //! \param v2 second parameter + //! \param v3 third parameter + //! \param v4 fourth parameter + //! \details v1, v2, v3 and v4 are passed directly to the GROUP_PARAMETERS object. + template + DH_Domain(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4) + {m_groupParameters.Initialize(v1, v2, v3, v4);} + + //! \brief Retrieves the group parameters for this domain + //! \return the group parameters for this domain as a const reference + const GroupParameters & GetGroupParameters() const {return m_groupParameters;} + //! \brief Retrieves the group parameters for this domain + //! \return the group parameters for this domain as a non-const reference + GroupParameters & AccessGroupParameters() {return m_groupParameters;} + + //! \brief Generate a public key from a private key in this domain + //! \param rng RandomNumberGenerator derived class + //! \param privateKey byte buffer with the previously generated private key + //! \param publicKey byte buffer for the generated public key in this domain + //! \details If using a FIPS 140-2 validated library on Windows, then this class will perform + //! a self test to ensure the key pair is pairwise consistent. Non-FIPS and non-Windows + //! builds of the library do not provide FIPS validated cryptography, so the code should be + //! removed by the optimizer. + //! \pre COUNTOF(publicKey) == PublicKeyLength() + void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const + { + Base::GeneratePublicKey(rng, privateKey, publicKey); + + if (FIPS_140_2_ComplianceEnabled()) + { + SecByteBlock privateKey2(this->PrivateKeyLength()); + this->GeneratePrivateKey(rng, privateKey2); + + SecByteBlock publicKey2(this->PublicKeyLength()); + Base::GeneratePublicKey(rng, privateKey2, publicKey2); + + SecByteBlock agreedValue(this->AgreedValueLength()), agreedValue2(this->AgreedValueLength()); + bool agreed1 = this->Agree(agreedValue, privateKey, publicKey2); + bool agreed2 = this->Agree(agreedValue2, privateKey2, publicKey); + + if (!agreed1 || !agreed2 || agreedValue != agreedValue2) + throw SelfTestFailure(this->AlgorithmName() + ": pairwise consistency test failed"); + } + } + + static std::string CRYPTOPP_API StaticAlgorithmName() + {return GroupParameters::StaticAlgorithmNamePrefix() + DH_Algorithm::StaticAlgorithmName();} + std::string AlgorithmName() const {return StaticAlgorithmName();} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DH_Domain() {} +#endif + +private: + const DL_KeyAgreementAlgorithm & GetKeyAgreementAlgorithm() const + {return Singleton().Ref();} + DL_GroupParameters & AccessAbstractGroupParameters() + {return m_groupParameters;} + + GroupParameters m_groupParameters; +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS DH_Domain; + +//! Diffie-Hellman in GF(p) with key validation +typedef DH_Domain DH; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/dh2.h b/libs/win_crypto++/include/dh2.h new file mode 100644 index 0000000..2bedb96 --- /dev/null +++ b/libs/win_crypto++/include/dh2.h @@ -0,0 +1,65 @@ +// dh2.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile dh2.h +//! \brief Classes for Diffie-Hellman authenticated key exchange + +#ifndef CRYPTOPP_DH2_H +#define CRYPTOPP_DH2_H + +#include "cryptlib.h" + +NAMESPACE_BEGIN(CryptoPP) + +/// Unified Diffie-Hellman +class DH2 : public AuthenticatedKeyAgreementDomain +{ +public: + DH2(SimpleKeyAgreementDomain &domain) + : d1(domain), d2(domain) {} + DH2(SimpleKeyAgreementDomain &staticDomain, SimpleKeyAgreementDomain &ephemeralDomain) + : d1(staticDomain), d2(ephemeralDomain) {} + + CryptoParameters & AccessCryptoParameters() {return d1.AccessCryptoParameters();} + + unsigned int AgreedValueLength() const + {return d1.AgreedValueLength() + d2.AgreedValueLength();} + + unsigned int StaticPrivateKeyLength() const + {return d1.PrivateKeyLength();} + unsigned int StaticPublicKeyLength() const + {return d1.PublicKeyLength();} + void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const + {d1.GeneratePrivateKey(rng, privateKey);} + void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const + {d1.GeneratePublicKey(rng, privateKey, publicKey);} + void GenerateStaticKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const + {d1.GenerateKeyPair(rng, privateKey, publicKey);} + + unsigned int EphemeralPrivateKeyLength() const + {return d2.PrivateKeyLength();} + unsigned int EphemeralPublicKeyLength() const + {return d2.PublicKeyLength();} + void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const + {d2.GeneratePrivateKey(rng, privateKey);} + void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const + {d2.GeneratePublicKey(rng, privateKey, publicKey);} + void GenerateEphemeralKeyPair(RandomNumberGenerator &rng, byte *privateKey, byte *publicKey) const + {d2.GenerateKeyPair(rng, privateKey, publicKey);} + + bool Agree(byte *agreedValue, + const byte *staticPrivateKey, const byte *ephemeralPrivateKey, + const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, + bool validateStaticOtherPublicKey=true) const; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DH2() {} +#endif + +protected: + SimpleKeyAgreementDomain &d1, &d2; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/dll.h b/libs/win_crypto++/include/dll.h new file mode 100644 index 0000000..263e41b --- /dev/null +++ b/libs/win_crypto++/include/dll.h @@ -0,0 +1,77 @@ +// dll.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile dll.h +//! \brief Functions and definitions required for building the FIPS-140 DLL on Windows + +#ifndef CRYPTOPP_DLL_H +#define CRYPTOPP_DLL_H + +#if !defined(CRYPTOPP_IMPORTS) && !defined(CRYPTOPP_EXPORTS) && !defined(CRYPTOPP_DEFAULT_NO_DLL) +#ifdef CRYPTOPP_CONFIG_H +#error To use the DLL version of Crypto++, this file must be included before any other Crypto++ header files. +#endif +#define CRYPTOPP_IMPORTS +#endif + +#include "aes.h" +#include "cbcmac.h" +#include "ccm.h" +#include "cmac.h" +#include "channels.h" +#include "des.h" +#include "dh.h" +#include "dsa.h" +#include "ec2n.h" +#include "eccrypto.h" +#include "ecp.h" +#include "files.h" +#include "fips140.h" +#include "gcm.h" +#include "hex.h" +#include "hmac.h" +#include "modes.h" +#include "mqueue.h" +#include "nbtheory.h" +#include "osrng.h" +#include "pkcspad.h" +#include "pssr.h" +#include "randpool.h" +#include "rsa.h" +#include "rw.h" +#include "sha.h" +#include "skipjack.h" +#include "trdlocal.h" + +#ifdef CRYPTOPP_IMPORTS + +#ifdef _DLL +// cause CRT DLL to be initialized before Crypto++ so that we can use malloc and free during DllMain() +#ifdef CRYPTOPP_DEBUG +# pragma comment(lib, "msvcrtd") +# pragma comment(lib, "cryptopp") +#else +# pragma comment(lib, "msvcrt") +# pragma comment(lib, "cryptopp") +#endif +#endif + +#endif // #ifdef CRYPTOPP_IMPORTS + +#include // for new_handler + +NAMESPACE_BEGIN(CryptoPP) + +#if !(defined(_MSC_VER) && (_MSC_VER < 1300)) +using std::new_handler; +#endif + +typedef void * (CRYPTOPP_API * PNew)(size_t); +typedef void (CRYPTOPP_API * PDelete)(void *); +typedef void (CRYPTOPP_API * PGetNewAndDelete)(PNew &, PDelete &); +typedef new_handler (CRYPTOPP_API * PSetNewHandler)(new_handler); +typedef void (CRYPTOPP_API * PSetNewAndDelete)(PNew, PDelete, PSetNewHandler); + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/dmac.h b/libs/win_crypto++/include/dmac.h new file mode 100644 index 0000000..f0d8802 --- /dev/null +++ b/libs/win_crypto++/include/dmac.h @@ -0,0 +1,99 @@ +// dmac.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile dmac.h +//! \brief Classes for DMAC message authentication code + +#ifndef CRYPTOPP_DMAC_H +#define CRYPTOPP_DMAC_H + +#include "cbcmac.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! _ +template +class CRYPTOPP_NO_VTABLE DMAC_Base : public SameKeyLengthAs, public MessageAuthenticationCode +{ +public: + static std::string StaticAlgorithmName() {return std::string("DMAC(") + T::StaticAlgorithmName() + ")";} + + CRYPTOPP_CONSTANT(DIGESTSIZE=T::BLOCKSIZE) + + DMAC_Base() : m_subkeylength(0), m_counter(0) {} + + void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); + void Update(const byte *input, size_t length); + void TruncatedFinal(byte *mac, size_t size); + unsigned int DigestSize() const {return DIGESTSIZE;} + +private: + byte *GenerateSubKeys(const byte *key, size_t keylength); + + size_t m_subkeylength; + SecByteBlock m_subkeys; + CBC_MAC m_mac1; + typename T::Encryption m_f2; + unsigned int m_counter; +}; + +//! DMAC +/*! Based on "CBC MAC for Real-Time Data Sources" by Erez Petrank + and Charles Rackoff. T should be a class derived from BlockCipherDocumentation. +*/ +template +class DMAC : public MessageAuthenticationCodeFinal > +{ +public: + DMAC() {} + DMAC(const byte *key, size_t length=DMAC_Base::DEFAULT_KEYLENGTH) + {this->SetKey(key, length);} +}; + +template +void DMAC_Base::UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) +{ + m_subkeylength = T::StaticGetValidKeyLength(T::BLOCKSIZE); + m_subkeys.resize(2*UnsignedMin((unsigned int)T::BLOCKSIZE, m_subkeylength)); + m_mac1.SetKey(GenerateSubKeys(key, length), m_subkeylength, params); + m_f2.SetKey(m_subkeys+m_subkeys.size()/2, m_subkeylength, params); + m_counter = 0; + m_subkeys.resize(0); +} + +template +void DMAC_Base::Update(const byte *input, size_t length) +{ + m_mac1.Update(input, length); + m_counter = (unsigned int)((m_counter + length) % T::BLOCKSIZE); +} + +template +void DMAC_Base::TruncatedFinal(byte *mac, size_t size) +{ + ThrowIfInvalidTruncatedSize(size); + + byte pad[T::BLOCKSIZE]; + byte padByte = byte(T::BLOCKSIZE-m_counter); + memset(pad, padByte, padByte); + m_mac1.Update(pad, padByte); + m_mac1.TruncatedFinal(mac, size); + m_f2.ProcessBlock(mac); + + m_counter = 0; // reset for next message +} + +template +byte *DMAC_Base::GenerateSubKeys(const byte *key, size_t keylength) +{ + typename T::Encryption cipher(key, keylength); + memset(m_subkeys, 0, m_subkeys.size()); + cipher.ProcessBlock(m_subkeys); + m_subkeys[m_subkeys.size()/2 + T::BLOCKSIZE - 1] = 1; + cipher.ProcessBlock(m_subkeys+m_subkeys.size()/2); + return m_subkeys; +} + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/dsa.h b/libs/win_crypto++/include/dsa.h new file mode 100644 index 0000000..3a93610 --- /dev/null +++ b/libs/win_crypto++/include/dsa.h @@ -0,0 +1,41 @@ +// dsa.h - written and placed in the public domain by Wei Dai + +//! \file dsa.h +//! \brief Classes for the DSA signature algorithm + +#ifndef CRYPTOPP_DSA_H +#define CRYPTOPP_DSA_H + +#include "cryptlib.h" +#include "gfpcrypt.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \brief DSA Signature Format +//! \details The DSA signature format used by Crypto++ is as defined by IEEE P1363. +//! Java nad .Net use the DER format, and OpenPGP uses the OpenPGP format. +enum DSASignatureFormat { + //! \brief Crypto++ native signature encoding format + DSA_P1363, + //! \brief signature encoding format used by Java and .Net + DSA_DER, + //! \brief OpenPGP signature encoding format + DSA_OPENPGP +}; + +//! \brief Converts between signature encoding formats +//! \param buffer byte buffer for the converted signature encoding +//! \param bufferSize the length of the converted signature encoding buffer +//! \param toFormat the source signature format +//! \param signature byte buffer for the existing signature encoding +//! \param signatureLen the length of the existing signature encoding buffer +//! \param fromFormat the source signature format +//! \details This function converts between these formats, and returns length +//! of signature in the target format. If toFormat == DSA_P1363, then +//! bufferSize must equal publicKey.SignatureLength() +size_t DSAConvertSignatureFormat(byte *buffer, size_t bufferSize, DSASignatureFormat toFormat, + const byte *signature, size_t signatureLen, DSASignatureFormat fromFormat); + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/eax.h b/libs/win_crypto++/include/eax.h new file mode 100644 index 0000000..4f4e8da --- /dev/null +++ b/libs/win_crypto++/include/eax.h @@ -0,0 +1,109 @@ +// eax.h - written and placed in the public domain by Wei Dai + +//! \file eax.h +//! \brief EAX block cipher mode of operation + +#ifndef CRYPTOPP_EAX_H +#define CRYPTOPP_EAX_H + +#include "authenc.h" +#include "modes.h" +#include "cmac.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class EAX_Base +//! \brief EAX block cipher base implementation +//! \details Base implementation of the AuthenticatedSymmetricCipher interface +//! \since Crypto++ 5.6.0 +class CRYPTOPP_NO_VTABLE EAX_Base : public AuthenticatedSymmetricCipherBase +{ +public: + // AuthenticatedSymmetricCipher + std::string AlgorithmName() const + {return GetMAC().GetCipher().AlgorithmName() + std::string("/EAX");} + size_t MinKeyLength() const + {return GetMAC().MinKeyLength();} + size_t MaxKeyLength() const + {return GetMAC().MaxKeyLength();} + size_t DefaultKeyLength() const + {return GetMAC().DefaultKeyLength();} + size_t GetValidKeyLength(size_t n) const + {return GetMAC().GetValidKeyLength(n);} + bool IsValidKeyLength(size_t n) const + {return GetMAC().IsValidKeyLength(n);} + unsigned int OptimalDataAlignment() const + {return GetMAC().OptimalDataAlignment();} + IV_Requirement IVRequirement() const + {return UNIQUE_IV;} + unsigned int IVSize() const + {return GetMAC().TagSize();} + unsigned int MinIVLength() const + {return 0;} + unsigned int MaxIVLength() const + {return UINT_MAX;} + unsigned int DigestSize() const + {return GetMAC().TagSize();} + lword MaxHeaderLength() const + {return LWORD_MAX;} + lword MaxMessageLength() const + {return LWORD_MAX;} + +protected: + // AuthenticatedSymmetricCipherBase + bool AuthenticationIsOnPlaintext() const + {return false;} + unsigned int AuthenticationBlockSize() const + {return 1;} + void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms); + void Resync(const byte *iv, size_t len); + size_t AuthenticateBlocks(const byte *data, size_t len); + void AuthenticateLastHeaderBlock(); + void AuthenticateLastFooterBlock(byte *mac, size_t macSize); + SymmetricCipher & AccessSymmetricCipher() {return m_ctr;} + const CMAC_Base & GetMAC() const {return const_cast(this)->AccessMAC();} + virtual CMAC_Base & AccessMAC() =0; + + CTR_Mode_ExternalCipher::Encryption m_ctr; +}; + +//! \class EAX_Final +//! \brief EAX block cipher final implementation +//! \tparam T_BlockCipher block cipher +//! \tparam T_IsEncryption direction in which to operate the cipher +//! \since Crypto++ 5.6.0 +template +class EAX_Final : public EAX_Base +{ +public: + static std::string StaticAlgorithmName() + {return T_BlockCipher::StaticAlgorithmName() + std::string("/EAX");} + bool IsForwardTransformation() const + {return T_IsEncryption;} + +private: + CMAC_Base & AccessMAC() {return m_cmac;} + CMAC m_cmac; +}; + +#ifdef EAX // EAX is defined to 11 on GCC 3.4.3, OpenSolaris 8.11 +#undef EAX +#endif + +//! \class EAX +//! \brief EAX block cipher mode of operation +//! \tparam T_BlockCipher block cipher +//! \details \p EAX provides the \p Encryption and \p Decryption typedef. See EAX_Base +//! and EAX_Final for the AuthenticatedSymmetricCipher implementation. +//! \sa EAX at the Crypto Lounge +//! \since Crypto++ 5.6.0 +template +struct EAX : public AuthenticatedSymmetricCipherDocumentation +{ + typedef EAX_Final Encryption; + typedef EAX_Final Decryption; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/ec2n.h b/libs/win_crypto++/include/ec2n.h new file mode 100644 index 0000000..3c1bb63 --- /dev/null +++ b/libs/win_crypto++/include/ec2n.h @@ -0,0 +1,135 @@ +// ec2n.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile ec2n.h +//! \brief Classes for Elliptic Curves over binary fields + + +#ifndef CRYPTOPP_EC2N_H +#define CRYPTOPP_EC2N_H + +#include "cryptlib.h" +#include "gf2n.h" +#include "integer.h" +#include "algebra.h" +#include "eprecomp.h" +#include "smartptr.h" +#include "pubkey.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! Elliptic Curve Point +struct CRYPTOPP_DLL EC2NPoint +{ + EC2NPoint() : identity(true) {} + EC2NPoint(const PolynomialMod2 &x, const PolynomialMod2 &y) + : identity(false), x(x), y(y) {} + + bool operator==(const EC2NPoint &t) const + {return (identity && t.identity) || (!identity && !t.identity && x==t.x && y==t.y);} + bool operator< (const EC2NPoint &t) const + {return identity ? !t.identity : (!t.identity && (x; + +//! Elliptic Curve over GF(2^n) +class CRYPTOPP_DLL EC2N : public AbstractGroup +{ +public: + typedef GF2NP Field; + typedef Field::Element FieldElement; + typedef EC2NPoint Point; + + EC2N() {} + EC2N(const Field &field, const Field::Element &a, const Field::Element &b) + : m_field(field), m_a(a), m_b(b) {} + // construct from BER encoded parameters + // this constructor will decode and extract the the fields fieldID and curve of the sequence ECParameters + EC2N(BufferedTransformation &bt); + + // encode the fields fieldID and curve of the sequence ECParameters + void DEREncode(BufferedTransformation &bt) const; + + bool Equal(const Point &P, const Point &Q) const; + const Point& Identity() const; + const Point& Inverse(const Point &P) const; + bool InversionIsFast() const {return true;} + const Point& Add(const Point &P, const Point &Q) const; + const Point& Double(const Point &P) const; + + Point Multiply(const Integer &k, const Point &P) const + {return ScalarMultiply(P, k);} + Point CascadeMultiply(const Integer &k1, const Point &P, const Integer &k2, const Point &Q) const + {return CascadeScalarMultiply(P, k1, Q, k2);} + + bool ValidateParameters(RandomNumberGenerator &rng, unsigned int level=3) const; + bool VerifyPoint(const Point &P) const; + + unsigned int EncodedPointSize(bool compressed = false) const + {return 1 + (compressed?1:2)*m_field->MaxElementByteLength();} + // returns false if point is compressed and not valid (doesn't check if uncompressed) + bool DecodePoint(Point &P, BufferedTransformation &bt, size_t len) const; + bool DecodePoint(Point &P, const byte *encodedPoint, size_t len) const; + void EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const; + void EncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const; + + Point BERDecodePoint(BufferedTransformation &bt) const; + void DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const; + + Integer FieldSize() const {return Integer::Power2(m_field->MaxElementBitLength());} + const Field & GetField() const {return *m_field;} + const FieldElement & GetA() const {return m_a;} + const FieldElement & GetB() const {return m_b;} + + bool operator==(const EC2N &rhs) const + {return GetField() == rhs.GetField() && m_a == rhs.m_a && m_b == rhs.m_b;} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~EC2N() {} +#endif + +private: + clonable_ptr m_field; + FieldElement m_a, m_b; + mutable Point m_R; +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS DL_FixedBasePrecomputationImpl; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupPrecomputation; + +template class EcPrecomputation; + +//! EC2N precomputation +template<> class EcPrecomputation : public DL_GroupPrecomputation +{ +public: + typedef EC2N EllipticCurve; + + // DL_GroupPrecomputation + const AbstractGroup & GetGroup() const {return m_ec;} + Element BERDecodeElement(BufferedTransformation &bt) const {return m_ec.BERDecodePoint(bt);} + void DEREncodeElement(BufferedTransformation &bt, const Element &v) const {m_ec.DEREncodePoint(bt, v, false);} + + // non-inherited + void SetCurve(const EC2N &ec) {m_ec = ec;} + const EC2N & GetCurve() const {return m_ec;} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~EcPrecomputation() {} +#endif + +private: + EC2N m_ec; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/eccrypto.h b/libs/win_crypto++/include/eccrypto.h new file mode 100644 index 0000000..31f8a99 --- /dev/null +++ b/libs/win_crypto++/include/eccrypto.h @@ -0,0 +1,376 @@ +// eccrypto.h - written and placed in the public domain by Wei Dai + +//! \file eccrypto.h +//! \brief Classes and functions for Elliptic Curves over prime and binary fields + +#ifndef CRYPTOPP_ECCRYPTO_H +#define CRYPTOPP_ECCRYPTO_H + +#include "config.h" +#include "cryptlib.h" +#include "pubkey.h" +#include "integer.h" +#include "asn.h" +#include "hmac.h" +#include "sha.h" +#include "gfpcrypt.h" +#include "dh.h" +#include "mqv.h" +#include "hmqv.h" +#include "fhmqv.h" +#include "ecp.h" +#include "ec2n.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \brief Elliptic Curve Parameters +//! \tparam EC elliptic curve field +//! \details This class corresponds to the ASN.1 sequence of the same name +//! in ANSI X9.62 and SEC 1. EC is currently defined for ECP and EC2N. +template +class DL_GroupParameters_EC : public DL_GroupParametersImpl > +{ + typedef DL_GroupParameters_EC ThisClass; + +public: + typedef EC EllipticCurve; + typedef typename EllipticCurve::Point Point; + typedef Point Element; + typedef IncompatibleCofactorMultiplication DefaultCofactorOption; + + DL_GroupParameters_EC() : m_compress(false), m_encodeAsOID(false) {} + DL_GroupParameters_EC(const OID &oid) + : m_compress(false), m_encodeAsOID(false) {Initialize(oid);} + DL_GroupParameters_EC(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero()) + : m_compress(false), m_encodeAsOID(false) {Initialize(ec, G, n, k);} + DL_GroupParameters_EC(BufferedTransformation &bt) + : m_compress(false), m_encodeAsOID(false) {BERDecode(bt);} + + void Initialize(const EllipticCurve &ec, const Point &G, const Integer &n, const Integer &k = Integer::Zero()) + { + this->m_groupPrecomputation.SetCurve(ec); + this->SetSubgroupGenerator(G); + m_n = n; + m_k = k; + } + void Initialize(const OID &oid); + + // NameValuePairs + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + + // GeneratibleCryptoMaterial interface + //! this implementation doesn't actually generate a curve, it just initializes the parameters with existing values + /*! parameters: (Curve, SubgroupGenerator, SubgroupOrder, Cofactor (optional)), or (GroupOID) */ + void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); + + // DL_GroupParameters + const DL_FixedBasePrecomputation & GetBasePrecomputation() const {return this->m_gpc;} + DL_FixedBasePrecomputation & AccessBasePrecomputation() {return this->m_gpc;} + const Integer & GetSubgroupOrder() const {return m_n;} + Integer GetCofactor() const; + bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const; + bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation *precomp) const; + bool FastSubgroupCheckAvailable() const {return false;} + void EncodeElement(bool reversible, const Element &element, byte *encoded) const + { + if (reversible) + GetCurve().EncodePoint(encoded, element, m_compress); + else + element.x.Encode(encoded, GetEncodedElementSize(false)); + } + virtual unsigned int GetEncodedElementSize(bool reversible) const + { + if (reversible) + return GetCurve().EncodedPointSize(m_compress); + else + return GetCurve().GetField().MaxElementByteLength(); + } + Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const + { + Point result; + if (!GetCurve().DecodePoint(result, encoded, GetEncodedElementSize(true))) + throw DL_BadElement(); + if (checkForGroupMembership && !ValidateElement(1, result, NULL)) + throw DL_BadElement(); + return result; + } + Integer ConvertElementToInteger(const Element &element) const; + Integer GetMaxExponent() const {return GetSubgroupOrder()-1;} + bool IsIdentity(const Element &element) const {return element.identity;} + void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; + static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {return "EC";} + + // ASN1Key + OID GetAlgorithmID() const; + + // used by MQV + Element MultiplyElements(const Element &a, const Element &b) const; + Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const; + + // non-inherited + + // enumerate OIDs for recommended parameters, use OID() to get first one + static OID CRYPTOPP_API GetNextRecommendedParametersOID(const OID &oid); + + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const; + + void SetPointCompression(bool compress) {m_compress = compress;} + bool GetPointCompression() const {return m_compress;} + + void SetEncodeAsOID(bool encodeAsOID) {m_encodeAsOID = encodeAsOID;} + bool GetEncodeAsOID() const {return m_encodeAsOID;} + + const EllipticCurve& GetCurve() const {return this->m_groupPrecomputation.GetCurve();} + + bool operator==(const ThisClass &rhs) const + {return this->m_groupPrecomputation.GetCurve() == rhs.m_groupPrecomputation.GetCurve() && this->m_gpc.GetBase(this->m_groupPrecomputation) == rhs.m_gpc.GetBase(rhs.m_groupPrecomputation);} + +#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY + const Point& GetBasePoint() const {return this->GetSubgroupGenerator();} + const Integer& GetBasePointOrder() const {return this->GetSubgroupOrder();} + void LoadRecommendedParameters(const OID &oid) {Initialize(oid);} +#endif + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_GroupParameters_EC() {} +#endif + +protected: + unsigned int FieldElementLength() const {return GetCurve().GetField().MaxElementByteLength();} + unsigned int ExponentLength() const {return m_n.ByteCount();} + + OID m_oid; // set if parameters loaded from a recommended curve + Integer m_n; // order of base point + mutable Integer m_k; // cofactor + mutable bool m_compress, m_encodeAsOID; // presentation details +}; + +//! EC public key +template +class DL_PublicKey_EC : public DL_PublicKeyImpl > +{ +public: + typedef typename EC::Point Element; + + void Initialize(const DL_GroupParameters_EC ¶ms, const Element &Q) + {this->AccessGroupParameters() = params; this->SetPublicElement(Q);} + void Initialize(const EC &ec, const Element &G, const Integer &n, const Element &Q) + {this->AccessGroupParameters().Initialize(ec, G, n); this->SetPublicElement(Q);} + + // X509PublicKey + void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size); + void DEREncodePublicKey(BufferedTransformation &bt) const; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_PublicKey_EC() {} +#endif +}; + +//! EC private key +template +class DL_PrivateKey_EC : public DL_PrivateKeyImpl > +{ +public: + typedef typename EC::Point Element; + + void Initialize(const DL_GroupParameters_EC ¶ms, const Integer &x) + {this->AccessGroupParameters() = params; this->SetPrivateExponent(x);} + void Initialize(const EC &ec, const Element &G, const Integer &n, const Integer &x) + {this->AccessGroupParameters().Initialize(ec, G, n); this->SetPrivateExponent(x);} + void Initialize(RandomNumberGenerator &rng, const DL_GroupParameters_EC ¶ms) + {this->GenerateRandom(rng, params);} + void Initialize(RandomNumberGenerator &rng, const EC &ec, const Element &G, const Integer &n) + {this->GenerateRandom(rng, DL_GroupParameters_EC(ec, G, n));} + + // PKCS8PrivateKey + void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size); + void DEREncodePrivateKey(BufferedTransformation &bt) const; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_PrivateKey_EC() {} +#endif +}; + +//! Elliptic Curve Diffie-Hellman, AKA ECDH +template ::DefaultCofactorOption> +struct ECDH +{ + typedef DH_Domain, COFACTOR_OPTION> Domain; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~ECDH() {} +#endif +}; + +/// Elliptic Curve Menezes-Qu-Vanstone, AKA ECMQV +template ::DefaultCofactorOption> +struct ECMQV +{ + typedef MQV_Domain, COFACTOR_OPTION> Domain; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~ECMQV() {} +#endif +}; + +//! \brief Hashed Menezes-Qu-Vanstone in ECP or EC2N +//! \details This implementation follows Hugo Krawczyk's HMQV: A High-Performance +//! Secure Diffie-Hellman Protocol. Note: this implements HMQV only. HMQV-C with Key Confirmation is not provided. +template ::DefaultCofactorOption, class HASH = SHA256> +struct ECHMQV +{ + typedef HMQV_Domain, COFACTOR_OPTION, HASH> Domain; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~ECHMQV() {} +#endif +}; + +typedef ECHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA1 >::Domain ECHMQV160; +typedef ECHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA256 >::Domain ECHMQV256; +typedef ECHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA384 >::Domain ECHMQV384; +typedef ECHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA512 >::Domain ECHMQV512; + +//! \brief Fully Hashed Menezes-Qu-Vanstone in ECP or EC2N +//! \details This implementation follows Augustin P. Sarr and Philippe Elbaz–Vincent, and Jean–Claude Bajard's +//! A Secure and Efficient Authenticated Diffie-Hellman Protocol. +//! Note: this is FHMQV, Protocol 5, from page 11; and not FHMQV-C. +template ::DefaultCofactorOption, class HASH = SHA256> +struct ECFHMQV +{ + typedef FHMQV_Domain, COFACTOR_OPTION, HASH> Domain; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~ECFHMQV() {} +#endif +}; + +typedef ECFHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA1 >::Domain ECFHMQV160; +typedef ECFHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA256 >::Domain ECFHMQV256; +typedef ECFHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA384 >::Domain ECFHMQV384; +typedef ECFHMQV< ECP, DL_GroupParameters_EC< ECP >::DefaultCofactorOption, SHA512 >::Domain ECFHMQV512; + +//! EC keys +template +struct DL_Keys_EC +{ + typedef DL_PublicKey_EC PublicKey; + typedef DL_PrivateKey_EC PrivateKey; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_Keys_EC() {} +#endif +}; + +template +struct ECDSA; + +//! ECDSA keys +template +struct DL_Keys_ECDSA +{ + typedef DL_PublicKey_EC PublicKey; + typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest, ECDSA > PrivateKey; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_Keys_ECDSA() {} +#endif +}; + +//! ECDSA algorithm +template +class DL_Algorithm_ECDSA : public DL_Algorithm_GDSA +{ +public: + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "ECDSA";} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_Algorithm_ECDSA() {} +#endif +}; + +//! ECNR algorithm +template +class DL_Algorithm_ECNR : public DL_Algorithm_NR +{ +public: + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "ECNR";} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_Algorithm_ECNR() {} +#endif +}; + +//! ECDSA +template +struct ECDSA : public DL_SS, DL_Algorithm_ECDSA, DL_SignatureMessageEncodingMethod_DSA, H> +{ +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~ECDSA() {} +#endif +}; + +//! ECNR +template +struct ECNR : public DL_SS, DL_Algorithm_ECNR, DL_SignatureMessageEncodingMethod_NR, H> +{ +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~ECNR() {} +#endif +}; + +//! Elliptic Curve Integrated Encryption Scheme, AKA ECIES +/*! Default to (NoCofactorMultiplication and DHAES_MODE = false) for compatibilty with SEC1 and Crypto++ 4.2. + The combination of (IncompatibleCofactorMultiplication and DHAES_MODE = true) is recommended for best + efficiency and security. */ +template +struct ECIES + : public DL_ES< + DL_Keys_EC, + DL_KeyAgreementAlgorithm_DH, + DL_KeyDerivationAlgorithm_P1363 >, + DL_EncryptionAlgorithm_Xor, DHAES_MODE>, + ECIES > +{ + static std::string CRYPTOPP_API StaticAlgorithmName() {return "ECIES";} // TODO: fix this after name is standardized + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~ECIES() {} +#endif + +#if (CRYPTOPP_GCC_VERSION >= 40500) || (CRYPTOPP_LLVM_CLANG_VERSION >= 20800) +} __attribute__((deprecated ("ECIES will be changing in the near future due to (1) an implementation bug and (2) an interop issue"))); +#elif (CRYPTOPP_GCC_VERSION) +} __attribute__((deprecated)); +#else +}; +#endif + +NAMESPACE_END + +#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES +#include "eccrypto.cpp" +#endif + +NAMESPACE_BEGIN(CryptoPP) + +CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_EC; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_EC; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKeyImpl >; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKeyImpl >; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_EC; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_EC; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKeyImpl >; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKeyImpl >; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_EC; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_EC; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest, ECDSA >; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest, ECDSA >; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/ecp.h b/libs/win_crypto++/include/ecp.h new file mode 100644 index 0000000..88070be --- /dev/null +++ b/libs/win_crypto++/include/ecp.h @@ -0,0 +1,146 @@ +// ecp.h - written and placed in the public domain by Wei Dai + +//! \file ecp.h +//! \brief Classes for Elliptic Curves over prime fields + +#ifndef CRYPTOPP_ECP_H +#define CRYPTOPP_ECP_H + +#include "cryptlib.h" +#include "integer.h" +#include "algebra.h" +#include "modarith.h" +#include "eprecomp.h" +#include "smartptr.h" +#include "pubkey.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! Elliptical Curve Point +struct CRYPTOPP_DLL ECPPoint +{ + ECPPoint() : identity(true) {} + ECPPoint(const Integer &x, const Integer &y) + : identity(false), x(x), y(y) {} + + bool operator==(const ECPPoint &t) const + {return (identity && t.identity) || (!identity && !t.identity && x==t.x && y==t.y);} + bool operator< (const ECPPoint &t) const + {return identity ? !t.identity : (!t.identity && (x; + +//! Elliptic Curve over GF(p), where p is prime +class CRYPTOPP_DLL ECP : public AbstractGroup +{ +public: + typedef ModularArithmetic Field; + typedef Integer FieldElement; + typedef ECPPoint Point; + + ECP() {} + ECP(const ECP &ecp, bool convertToMontgomeryRepresentation = false); + ECP(const Integer &modulus, const FieldElement &a, const FieldElement &b) + : m_fieldPtr(new Field(modulus)), m_a(a.IsNegative() ? modulus+a : a), m_b(b) {} + // construct from BER encoded parameters + // this constructor will decode and extract the the fields fieldID and curve of the sequence ECParameters + ECP(BufferedTransformation &bt); + + // encode the fields fieldID and curve of the sequence ECParameters + void DEREncode(BufferedTransformation &bt) const; + + bool Equal(const Point &P, const Point &Q) const; + const Point& Identity() const; + const Point& Inverse(const Point &P) const; + bool InversionIsFast() const {return true;} + const Point& Add(const Point &P, const Point &Q) const; + const Point& Double(const Point &P) const; + Point ScalarMultiply(const Point &P, const Integer &k) const; + Point CascadeScalarMultiply(const Point &P, const Integer &k1, const Point &Q, const Integer &k2) const; + void SimultaneousMultiply(Point *results, const Point &base, const Integer *exponents, unsigned int exponentsCount) const; + + Point Multiply(const Integer &k, const Point &P) const + {return ScalarMultiply(P, k);} + Point CascadeMultiply(const Integer &k1, const Point &P, const Integer &k2, const Point &Q) const + {return CascadeScalarMultiply(P, k1, Q, k2);} + + bool ValidateParameters(RandomNumberGenerator &rng, unsigned int level=3) const; + bool VerifyPoint(const Point &P) const; + + unsigned int EncodedPointSize(bool compressed = false) const + {return 1 + (compressed?1:2)*GetField().MaxElementByteLength();} + // returns false if point is compressed and not valid (doesn't check if uncompressed) + bool DecodePoint(Point &P, BufferedTransformation &bt, size_t len) const; + bool DecodePoint(Point &P, const byte *encodedPoint, size_t len) const; + void EncodePoint(byte *encodedPoint, const Point &P, bool compressed) const; + void EncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const; + + Point BERDecodePoint(BufferedTransformation &bt) const; + void DEREncodePoint(BufferedTransformation &bt, const Point &P, bool compressed) const; + + Integer FieldSize() const {return GetField().GetModulus();} + const Field & GetField() const {return *m_fieldPtr;} + const FieldElement & GetA() const {return m_a;} + const FieldElement & GetB() const {return m_b;} + + bool operator==(const ECP &rhs) const + {return GetField() == rhs.GetField() && m_a == rhs.m_a && m_b == rhs.m_b;} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~ECP() {} +#endif + +private: + clonable_ptr m_fieldPtr; + FieldElement m_a, m_b; + mutable Point m_R; +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS DL_FixedBasePrecomputationImpl; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupPrecomputation; + +template class EcPrecomputation; + +//! ECP precomputation +template<> class EcPrecomputation : public DL_GroupPrecomputation +{ +public: + typedef ECP EllipticCurve; + + // DL_GroupPrecomputation + bool NeedConversions() const {return true;} + Element ConvertIn(const Element &P) const + {return P.identity ? P : ECP::Point(m_ec->GetField().ConvertIn(P.x), m_ec->GetField().ConvertIn(P.y));}; + Element ConvertOut(const Element &P) const + {return P.identity ? P : ECP::Point(m_ec->GetField().ConvertOut(P.x), m_ec->GetField().ConvertOut(P.y));} + const AbstractGroup & GetGroup() const {return *m_ec;} + Element BERDecodeElement(BufferedTransformation &bt) const {return m_ec->BERDecodePoint(bt);} + void DEREncodeElement(BufferedTransformation &bt, const Element &v) const {m_ec->DEREncodePoint(bt, v, false);} + + // non-inherited + void SetCurve(const ECP &ec) + { + m_ec.reset(new ECP(ec, true)); + m_ecOriginal = ec; + } + const ECP & GetCurve() const {return *m_ecOriginal;} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~EcPrecomputation() {} +#endif + +private: + value_ptr m_ec, m_ecOriginal; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/elgamal.h b/libs/win_crypto++/include/elgamal.h new file mode 100644 index 0000000..06826d1 --- /dev/null +++ b/libs/win_crypto++/include/elgamal.h @@ -0,0 +1,144 @@ +// elgamal.h - written and placed in the public domain by Wei Dai + +//! \file elgamal.h +//! \brief Classes and functions for ElGamal key agreement and encryption schemes + +#ifndef CRYPTOPP_ELGAMAL_H +#define CRYPTOPP_ELGAMAL_H + +#include "cryptlib.h" +#include "modexppc.h" +#include "integer.h" +#include "gfpcrypt.h" +#include "pubkey.h" +#include "dsa.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +class CRYPTOPP_NO_VTABLE ElGamalBase : public DL_KeyAgreementAlgorithm_DH, + public DL_KeyDerivationAlgorithm, + public DL_SymmetricEncryptionAlgorithm +{ +public: + void Derive(const DL_GroupParameters &groupParams, byte *derivedKey, size_t derivedLength, const Integer &agreedElement, const Integer &ephemeralPublicKey, const NameValuePairs &derivationParams) const + { + CRYPTOPP_UNUSED(groupParams), CRYPTOPP_UNUSED(ephemeralPublicKey), CRYPTOPP_UNUSED(derivationParams); + agreedElement.Encode(derivedKey, derivedLength); + } + + size_t GetSymmetricKeyLength(size_t plainTextLength) const + { + CRYPTOPP_UNUSED(plainTextLength); + return GetGroupParameters().GetModulus().ByteCount(); + } + + size_t GetSymmetricCiphertextLength(size_t plainTextLength) const + { + unsigned int len = GetGroupParameters().GetModulus().ByteCount(); + if (plainTextLength <= GetMaxSymmetricPlaintextLength(len)) + return len; + else + return 0; + } + + size_t GetMaxSymmetricPlaintextLength(size_t cipherTextLength) const + { + unsigned int len = GetGroupParameters().GetModulus().ByteCount(); + if (cipherTextLength == len) + return STDMIN(255U, len-3); + else + return 0; + } + + void SymmetricEncrypt(RandomNumberGenerator &rng, const byte *key, const byte *plainText, size_t plainTextLength, byte *cipherText, const NameValuePairs ¶meters) const + { + CRYPTOPP_UNUSED(parameters); + const Integer &p = GetGroupParameters().GetModulus(); + unsigned int modulusLen = p.ByteCount(); + + SecByteBlock block(modulusLen-1); + rng.GenerateBlock(block, modulusLen-2-plainTextLength); + memcpy(block+modulusLen-2-plainTextLength, plainText, plainTextLength); + block[modulusLen-2] = (byte)plainTextLength; + + a_times_b_mod_c(Integer(key, modulusLen), Integer(block, modulusLen-1), p).Encode(cipherText, modulusLen); + } + + DecodingResult SymmetricDecrypt(const byte *key, const byte *cipherText, size_t cipherTextLength, byte *plainText, const NameValuePairs ¶meters) const + { + CRYPTOPP_UNUSED(parameters); + const Integer &p = GetGroupParameters().GetModulus(); + unsigned int modulusLen = p.ByteCount(); + + if (cipherTextLength != modulusLen) + return DecodingResult(); + + Integer m = a_times_b_mod_c(Integer(cipherText, modulusLen), Integer(key, modulusLen).InverseMod(p), p); + + m.Encode(plainText, 1); + unsigned int plainTextLength = plainText[0]; + if (plainTextLength > GetMaxSymmetricPlaintextLength(modulusLen)) + return DecodingResult(); + m >>= 8; + m.Encode(plainText, plainTextLength); + return DecodingResult(plainTextLength); + } + + virtual const DL_GroupParameters_GFP & GetGroupParameters() const =0; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~ElGamalBase() {} +#endif +}; + +template +class ElGamalObjectImpl : public DL_ObjectImplBase, public ElGamalBase +{ +public: + size_t FixedMaxPlaintextLength() const {return this->MaxPlaintextLength(FixedCiphertextLength());} + size_t FixedCiphertextLength() const {return this->CiphertextLength(0);} + + const DL_GroupParameters_GFP & GetGroupParameters() const {return this->GetKey().GetGroupParameters();} + + DecodingResult FixedLengthDecrypt(RandomNumberGenerator &rng, const byte *cipherText, byte *plainText) const + {return Decrypt(rng, cipherText, FixedCiphertextLength(), plainText);} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~ElGamalObjectImpl() {} +#endif + +protected: + const DL_KeyAgreementAlgorithm & GetKeyAgreementAlgorithm() const {return *this;} + const DL_KeyDerivationAlgorithm & GetKeyDerivationAlgorithm() const {return *this;} + const DL_SymmetricEncryptionAlgorithm & GetSymmetricEncryptionAlgorithm() const {return *this;} +}; + +struct ElGamalKeys +{ + typedef DL_CryptoKeys_GFP::GroupParameters GroupParameters; + typedef DL_PrivateKey_GFP_OldFormat PrivateKey; + typedef DL_PublicKey_GFP_OldFormat PublicKey; +}; + +//! \class ElGamal +//! \brief ElGamal encryption scheme with non-standard padding +struct ElGamal +{ + typedef DL_CryptoSchemeOptions SchemeOptions; + + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "ElgamalEnc/Crypto++Padding";} + + typedef SchemeOptions::GroupParameters GroupParameters; + //! implements PK_Encryptor interface + typedef PK_FinalTemplate, SchemeOptions, SchemeOptions::PublicKey> > Encryptor; + //! implements PK_Decryptor interface + typedef PK_FinalTemplate, SchemeOptions, SchemeOptions::PrivateKey> > Decryptor; +}; + +typedef ElGamal::Encryptor ElGamalEncryptor; +typedef ElGamal::Decryptor ElGamalDecryptor; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/emsa2.h b/libs/win_crypto++/include/emsa2.h new file mode 100644 index 0000000..610fe43 --- /dev/null +++ b/libs/win_crypto++/include/emsa2.h @@ -0,0 +1,88 @@ +// emsa2.h - written and placed in the public domain by Wei Dai + +//! \file emsa2.h +//! \brief Classes and functions for various padding schemes used in public key algorithms + +#ifndef CRYPTOPP_EMSA2_H +#define CRYPTOPP_EMSA2_H + +#include "cryptlib.h" +#include "pubkey.h" +#include "misc.h" + +#ifdef CRYPTOPP_IS_DLL +# include "sha.h" +#endif + +NAMESPACE_BEGIN(CryptoPP) + +template class EMSA2HashId +{ +public: + static const byte id; +}; + +template +class EMSA2HashIdLookup : public BASE +{ +public: + struct HashIdentifierLookup + { + template struct HashIdentifierLookup2 + { + static HashIdentifier Lookup() + { + return HashIdentifier(&EMSA2HashId::id, 1); + } + }; + }; +}; + +// EMSA2HashId can be instantiated with the following classes. +class SHA1; +class SHA224; +class SHA256; +class SHA384; +class SHA512; +class RIPEMD128; +class RIPEMD160; +class Whirlpool; +// end of list + +#ifdef CRYPTOPP_IS_DLL +CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId; +CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId; +CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId; +CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId; +CRYPTOPP_DLL_TEMPLATE_CLASS EMSA2HashId; +#endif + +//! _ +class CRYPTOPP_DLL EMSA2Pad : public EMSA2HashIdLookup +{ +public: + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "EMSA2";} + + size_t MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const + {CRYPTOPP_UNUSED(hashIdentifierLength); return 8*digestLength + 31;} + + void ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, size_t recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, size_t representativeBitLength) const; +}; + +//! EMSA2, for use with RWSS and RSA_ISO +/*! Only the following hash functions are supported by this signature standard: + \dontinclude emsa2.h + \skip EMSA2HashId can be instantiated + \until end of list +*/ +struct P1363_EMSA2 : public SignatureStandard +{ + typedef EMSA2Pad SignatureMessageEncodingMethod; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/eprecomp.h b/libs/win_crypto++/include/eprecomp.h new file mode 100644 index 0000000..f94a4de --- /dev/null +++ b/libs/win_crypto++/include/eprecomp.h @@ -0,0 +1,93 @@ +// eprecomp.h - written and placed in the public domain by Wei Dai + +//! \file eprecomp.h +//! \brief Classes for precomputation in a group + +#ifndef CRYPTOPP_EPRECOMP_H +#define CRYPTOPP_EPRECOMP_H + +#include "cryptlib.h" +#include "integer.h" +#include "algebra.h" +#include "stdcpp.h" + +NAMESPACE_BEGIN(CryptoPP) + +template +class DL_GroupPrecomputation +{ +public: + typedef T Element; + + virtual bool NeedConversions() const {return false;} + virtual Element ConvertIn(const Element &v) const {return v;} + virtual Element ConvertOut(const Element &v) const {return v;} + virtual const AbstractGroup & GetGroup() const =0; + virtual Element BERDecodeElement(BufferedTransformation &bt) const =0; + virtual void DEREncodeElement(BufferedTransformation &bt, const Element &P) const =0; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_GroupPrecomputation() {} +#endif +}; + +template +class DL_FixedBasePrecomputation +{ +public: + typedef T Element; + + virtual bool IsInitialized() const =0; + virtual void SetBase(const DL_GroupPrecomputation &group, const Element &base) =0; + virtual const Element & GetBase(const DL_GroupPrecomputation &group) const =0; + virtual void Precompute(const DL_GroupPrecomputation &group, unsigned int maxExpBits, unsigned int storage) =0; + virtual void Load(const DL_GroupPrecomputation &group, BufferedTransformation &storedPrecomputation) =0; + virtual void Save(const DL_GroupPrecomputation &group, BufferedTransformation &storedPrecomputation) const =0; + virtual Element Exponentiate(const DL_GroupPrecomputation &group, const Integer &exponent) const =0; + virtual Element CascadeExponentiate(const DL_GroupPrecomputation &group, const Integer &exponent, const DL_FixedBasePrecomputation &pc2, const Integer &exponent2) const =0; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_FixedBasePrecomputation() {} +#endif +}; + +template +class DL_FixedBasePrecomputationImpl : public DL_FixedBasePrecomputation +{ +public: + typedef T Element; + + DL_FixedBasePrecomputationImpl() : m_windowSize(0) {} + + // DL_FixedBasePrecomputation + bool IsInitialized() const + {return !m_bases.empty();} + void SetBase(const DL_GroupPrecomputation &group, const Element &base); + const Element & GetBase(const DL_GroupPrecomputation &group) const + {return group.NeedConversions() ? m_base : m_bases[0];} + void Precompute(const DL_GroupPrecomputation &group, unsigned int maxExpBits, unsigned int storage); + void Load(const DL_GroupPrecomputation &group, BufferedTransformation &storedPrecomputation); + void Save(const DL_GroupPrecomputation &group, BufferedTransformation &storedPrecomputation) const; + Element Exponentiate(const DL_GroupPrecomputation &group, const Integer &exponent) const; + Element CascadeExponentiate(const DL_GroupPrecomputation &group, const Integer &exponent, const DL_FixedBasePrecomputation &pc2, const Integer &exponent2) const; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_FixedBasePrecomputationImpl() {} +#endif + +private: + void PrepareCascade(const DL_GroupPrecomputation &group, std::vector > &eb, const Integer &exponent) const; + + Element m_base; + unsigned int m_windowSize; + Integer m_exponentBase; // what base to represent the exponent in + std::vector m_bases; // precalculated bases +}; + +NAMESPACE_END + +#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES +#include "eprecomp.cpp" +#endif + +#endif diff --git a/libs/win_crypto++/include/esign.h b/libs/win_crypto++/include/esign.h new file mode 100644 index 0000000..aea68d0 --- /dev/null +++ b/libs/win_crypto++/include/esign.h @@ -0,0 +1,133 @@ +#ifndef CRYPTOPP_ESIGN_H +#define CRYPTOPP_ESIGN_H + +/** \file + This file contains classes that implement the + ESIGN signature schemes as defined in IEEE P1363a. +*/ + +#include "cryptlib.h" +#include "pubkey.h" +#include "integer.h" +#include "asn.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! _ +class ESIGNFunction : public TrapdoorFunction, public ASN1CryptoMaterial +{ + typedef ESIGNFunction ThisClass; + +public: + void Initialize(const Integer &n, const Integer &e) + {m_n = n; m_e = e;} + + // PublicKey + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const; + + // CryptoMaterial + bool Validate(RandomNumberGenerator &rng, unsigned int level) const; + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + + // TrapdoorFunction + Integer ApplyFunction(const Integer &x) const; + Integer PreimageBound() const {return m_n;} + Integer ImageBound() const {return Integer::Power2(GetK());} + + // non-derived + const Integer & GetModulus() const {return m_n;} + const Integer & GetPublicExponent() const {return m_e;} + + void SetModulus(const Integer &n) {m_n = n;} + void SetPublicExponent(const Integer &e) {m_e = e;} + +protected: + // Covertiy finding on overflow. The library allows small values for research purposes. + unsigned int GetK() const {return SaturatingSubtract(m_n.BitCount()/3, 1U);} + + Integer m_n, m_e; +}; + +//! _ +class InvertibleESIGNFunction : public ESIGNFunction, public RandomizedTrapdoorFunctionInverse, public PrivateKey +{ + typedef InvertibleESIGNFunction ThisClass; + +public: + void Initialize(const Integer &n, const Integer &e, const Integer &p, const Integer &q) + {m_n = n; m_e = e; m_p = p; m_q = q;} + // generate a random private key + void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits) + {GenerateRandomWithKeySize(rng, modulusBits);} + + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const; + + Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const; + + // GeneratibleCryptoMaterial + bool Validate(RandomNumberGenerator &rng, unsigned int level) const; + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + /*! parameters: (ModulusSize) */ + void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); + + const Integer& GetPrime1() const {return m_p;} + const Integer& GetPrime2() const {return m_q;} + + void SetPrime1(const Integer &p) {m_p = p;} + void SetPrime2(const Integer &q) {m_q = q;} + +protected: + Integer m_p, m_q; +}; + +//! _ +template +class EMSA5Pad : public PK_DeterministicSignatureMessageEncodingMethod +{ +public: + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "EMSA5";} + + void ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, size_t recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, size_t representativeBitLength) const + { + CRYPTOPP_UNUSED(rng), CRYPTOPP_UNUSED(recoverableMessage), CRYPTOPP_UNUSED(recoverableMessageLength); + CRYPTOPP_UNUSED(messageEmpty), CRYPTOPP_UNUSED(hashIdentifier); + SecByteBlock digest(hash.DigestSize()); + hash.Final(digest); + size_t representativeByteLength = BitsToBytes(representativeBitLength); + T mgf; + mgf.GenerateAndMask(hash, representative, representativeByteLength, digest, digest.size(), false); + if (representativeBitLength % 8 != 0) + representative[0] = (byte)Crop(representative[0], representativeBitLength % 8); + } +}; + +//! EMSA5, for use with ESIGN +struct P1363_EMSA5 : public SignatureStandard +{ + typedef EMSA5Pad SignatureMessageEncodingMethod; +}; + +struct ESIGN_Keys +{ + static std::string StaticAlgorithmName() {return "ESIGN";} + typedef ESIGNFunction PublicKey; + typedef InvertibleESIGNFunction PrivateKey; +}; + +//! ESIGN, as defined in IEEE P1363a +template +struct ESIGN : public TF_SS +{ +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/factory.h b/libs/win_crypto++/include/factory.h new file mode 100644 index 0000000..cc2dd90 --- /dev/null +++ b/libs/win_crypto++/include/factory.h @@ -0,0 +1,139 @@ +#ifndef CRYPTOPP_OBJFACT_H +#define CRYPTOPP_OBJFACT_H + +#include "cryptlib.h" +#include "misc.h" +#include "stdcpp.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! _ +template +class ObjectFactory +{ +public: + virtual ~ObjectFactory () {} + virtual AbstractClass * CreateObject() const =0; +}; + +//! _ +template +class DefaultObjectFactory : public ObjectFactory +{ +public: + AbstractClass * CreateObject() const + { + return new ConcreteClass; + } +}; + +//! _ +template +class ObjectFactoryRegistry +{ +public: + class FactoryNotFound : public Exception + { + public: + FactoryNotFound(const char *name) : Exception(OTHER_ERROR, std::string("ObjectFactoryRegistry: could not find factory for algorithm ") + name) {} + }; + + ~ObjectFactoryRegistry() + { + for (CPP_TYPENAME Map::iterator i = m_map.begin(); i != m_map.end(); ++i) + { + delete (ObjectFactory *)i->second; + i->second = NULL; + } + } + + void RegisterFactory(const std::string &name, ObjectFactory *factory) + { + m_map[name] = factory; + } + + const ObjectFactory * GetFactory(const char *name) const + { + CPP_TYPENAME Map::const_iterator i = m_map.find(name); + return i == m_map.end() ? NULL : (ObjectFactory *)i->second; + } + + AbstractClass *CreateObject(const char *name) const + { + const ObjectFactory *factory = GetFactory(name); + if (!factory) + throw FactoryNotFound(name); + return factory->CreateObject(); + } + + // Return a vector containing the factory names. This is easier than returning an iterator. + // from Andrew Pitonyak + std::vector GetFactoryNames() const + { + std::vector names; + CPP_TYPENAME Map::const_iterator iter; + for (iter = m_map.begin(); iter != m_map.end(); ++iter) + names.push_back(iter->first); + return names; + } + + CRYPTOPP_NOINLINE static ObjectFactoryRegistry & Registry(CRYPTOPP_NOINLINE_DOTDOTDOT); + +private: + // use void * instead of ObjectFactory * to save code size + typedef std::map Map; + Map m_map; +}; + +template +ObjectFactoryRegistry & ObjectFactoryRegistry::Registry(CRYPTOPP_NOINLINE_DOTDOTDOT) +{ + static ObjectFactoryRegistry s_registry; + return s_registry; +} + +template +struct RegisterDefaultFactoryFor { +RegisterDefaultFactoryFor(const char *name=NULL) +{ + // BCB2006 workaround + std::string n = name ? std::string(name) : std::string(ConcreteClass::StaticAlgorithmName()); + ObjectFactoryRegistry::Registry(). + RegisterFactory(n, new DefaultObjectFactory); +}}; + +template +void RegisterAsymmetricCipherDefaultFactories(const char *name=NULL, SchemeClass *dummy=NULL) +{ + CRYPTOPP_UNUSED(dummy); + RegisterDefaultFactoryFor((const char *)name); + RegisterDefaultFactoryFor((const char *)name); +} + +template +void RegisterSignatureSchemeDefaultFactories(const char *name=NULL, SchemeClass *dummy=NULL) +{ + CRYPTOPP_UNUSED(dummy); + RegisterDefaultFactoryFor((const char *)name); + RegisterDefaultFactoryFor((const char *)name); +} + +template +void RegisterSymmetricCipherDefaultFactories(const char *name=NULL, SchemeClass *dummy=NULL) +{ + CRYPTOPP_UNUSED(dummy); + RegisterDefaultFactoryFor((const char *)name); + RegisterDefaultFactoryFor((const char *)name); +} + +template +void RegisterAuthenticatedSymmetricCipherDefaultFactories(const char *name=NULL, SchemeClass *dummy=NULL) +{ + CRYPTOPP_UNUSED(dummy); + RegisterDefaultFactoryFor((const char *)name); + RegisterDefaultFactoryFor((const char *)name); +} + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/fhmqv.h b/libs/win_crypto++/include/fhmqv.h new file mode 100644 index 0000000..4093998 --- /dev/null +++ b/libs/win_crypto++/include/fhmqv.h @@ -0,0 +1,304 @@ +// fhmqv.h - written and placed in the public domain by Jeffrey Walton, Ray Clayton and Uri Blumenthal +// Shamelessly based upon Wei Dai's MQV source files + +#ifndef CRYPTOPP_FHMQV_H +#define CRYPTOPP_FHMQV_H + +//! \file fhmqv.h +//! \brief Classes for Fully Hashed Menezes-Qu-Vanstone key agreement in GF(p) +//! \since Crypto++ 5.6.4 + +#include "gfpcrypt.h" +#include "algebra.h" +#include "sha.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \brief Fully Hashed Menezes-Qu-Vanstone in GF(p) +//! \details This implementation follows Augustin P. Sarr and Philippe Elbaz–Vincent, and Jean–Claude Bajard's +//! A Secure and Efficient Authenticated Diffie-Hellman Protocol. +//! Note: this is FHMQV, Protocol 5, from page 11; and not FHMQV-C. +//! \sa MQV, HMQV, FHMQV, and AuthenticatedKeyAgreementDomain +//! \since Crypto++ 5.6.4 +template +class FHMQV_Domain : public AuthenticatedKeyAgreementDomain +{ +public: + typedef GROUP_PARAMETERS GroupParameters; + typedef typename GroupParameters::Element Element; + typedef FHMQV_Domain Domain; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~FHMQV_Domain() {} +#endif + + FHMQV_Domain(bool clientRole = true): m_role(clientRole ? RoleClient : RoleServer) {} + + FHMQV_Domain(const GroupParameters ¶ms, bool clientRole = true) + : m_role(clientRole ? RoleClient : RoleServer), m_groupParameters(params) {} + + FHMQV_Domain(BufferedTransformation &bt, bool clientRole = true) + : m_role(clientRole ? RoleClient : RoleServer) + {m_groupParameters.BERDecode(bt);} + + template + FHMQV_Domain(T1 v1, bool clientRole = true) + : m_role(clientRole ? RoleClient : RoleServer) + {m_groupParameters.Initialize(v1);} + + template + FHMQV_Domain(T1 v1, T2 v2, bool clientRole = true) + : m_role(clientRole ? RoleClient : RoleServer) + {m_groupParameters.Initialize(v1, v2);} + + template + FHMQV_Domain(T1 v1, T2 v2, T3 v3, bool clientRole = true) + : m_role(clientRole ? RoleClient : RoleServer) + {m_groupParameters.Initialize(v1, v2, v3);} + + template + FHMQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4, bool clientRole = true) + : m_role(clientRole ? RoleClient : RoleServer) + {m_groupParameters.Initialize(v1, v2, v3, v4);} + +public: + + const GroupParameters & GetGroupParameters() const {return m_groupParameters;} + GroupParameters & AccessGroupParameters(){return m_groupParameters;} + + CryptoParameters & AccessCryptoParameters(){return AccessAbstractGroupParameters();} + + //! return length of agreed value produced + unsigned int AgreedValueLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(false);} + //! return length of static private keys in this domain + unsigned int StaticPrivateKeyLength() const {return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();} + //! return length of static public keys in this domain + unsigned int StaticPublicKeyLength() const{return GetAbstractGroupParameters().GetEncodedElementSize(true);} + + //! generate static private key + /*! \pre size of privateKey == PrivateStaticKeyLength() */ + void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const + { + Integer x(rng, Integer::One(), GetAbstractGroupParameters().GetMaxExponent()); + x.Encode(privateKey, StaticPrivateKeyLength()); + } + + //! generate static public key + /*! \pre size of publicKey == PublicStaticKeyLength() */ + void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const + { + CRYPTOPP_UNUSED(rng); + const DL_GroupParameters ¶ms = GetAbstractGroupParameters(); + Integer x(privateKey, StaticPrivateKeyLength()); + Element y = params.ExponentiateBase(x); + params.EncodeElement(true, y, publicKey); + } + + unsigned int EphemeralPrivateKeyLength() const {return StaticPrivateKeyLength() + StaticPublicKeyLength();} + unsigned int EphemeralPublicKeyLength() const{return StaticPublicKeyLength();} + + //! return length of ephemeral private keys in this domain + void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const + { + const DL_GroupParameters ¶ms = GetAbstractGroupParameters(); + Integer x(rng, Integer::One(), params.GetMaxExponent()); + x.Encode(privateKey, StaticPrivateKeyLength()); + Element y = params.ExponentiateBase(x); + params.EncodeElement(true, y, privateKey+StaticPrivateKeyLength()); + } + + //! return length of ephemeral public keys in this domain + void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const + { + CRYPTOPP_UNUSED(rng); + memcpy(publicKey, privateKey+StaticPrivateKeyLength(), EphemeralPublicKeyLength()); + } + + //! derive agreed value from your private keys and couterparty's public keys, return false in case of failure + /*! \note The ephemeral public key will always be validated. + If you have previously validated the static public key, use validateStaticOtherPublicKey=false to save time. + \pre size of agreedValue == AgreedValueLength() + \pre length of staticPrivateKey == StaticPrivateKeyLength() + \pre length of ephemeralPrivateKey == EphemeralPrivateKeyLength() + \pre length of staticOtherPublicKey == StaticPublicKeyLength() + \pre length of ephemeralOtherPublicKey == EphemeralPublicKeyLength() + */ + bool Agree(byte *agreedValue, + const byte *staticPrivateKey, const byte *ephemeralPrivateKey, + const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, + bool validateStaticOtherPublicKey=true) const + { + byte *XX = NULL, *YY = NULL, *AA = NULL, *BB = NULL; + size_t xxs = 0, yys = 0, aas = 0, bbs = 0; + + // Depending on the role, this will hold either A's or B's static + // (long term) public key. AA or BB will then point into tt. + SecByteBlock tt(StaticPublicKeyLength()); + + try + { + const DL_GroupParameters ¶ms = GetAbstractGroupParameters(); + + if(m_role == RoleServer) + { + Integer b(staticPrivateKey, StaticPrivateKeyLength()); + Element B = params.ExponentiateBase(b); + params.EncodeElement(true, B, tt); + + XX = const_cast(ephemeralOtherPublicKey); + xxs = EphemeralPublicKeyLength(); + YY = const_cast(ephemeralPrivateKey) + StaticPrivateKeyLength(); + yys = EphemeralPublicKeyLength(); + AA = const_cast(staticOtherPublicKey); + aas = StaticPublicKeyLength(); + BB = tt.BytePtr(); + bbs = tt.SizeInBytes(); + } + else if(m_role == RoleClient) + { + Integer a(staticPrivateKey, StaticPrivateKeyLength()); + Element A = params.ExponentiateBase(a); + params.EncodeElement(true, A, tt); + + XX = const_cast(ephemeralPrivateKey) + StaticPrivateKeyLength(); + xxs = EphemeralPublicKeyLength(); + YY = const_cast(ephemeralOtherPublicKey); + yys = EphemeralPublicKeyLength(); + AA = tt.BytePtr(); + aas = tt.SizeInBytes(); + BB = const_cast(staticOtherPublicKey); + bbs = StaticPublicKeyLength(); + } + else + { + CRYPTOPP_ASSERT(0); + return false; + } + + // DecodeElement calls ValidateElement at level 1. Level 1 only calls + // VerifyPoint to ensure the element is in G*. If the other's PublicKey is + // requested to be validated, we manually call ValidateElement at level 3. + Element VV1 = params.DecodeElement(staticOtherPublicKey, false); + if(!params.ValidateElement(validateStaticOtherPublicKey ? 3 : 1, VV1, NULL)) + return false; + + // DecodeElement calls ValidateElement at level 1. Level 1 only calls + // VerifyPoint to ensure the element is in G*. Crank it up. + Element VV2 = params.DecodeElement(ephemeralOtherPublicKey, false); + if(!params.ValidateElement(3, VV2, NULL)) + return false; + + const Integer& q = params.GetSubgroupOrder(); + const unsigned int len /*bytes*/ = (((q.BitCount()+1)/2 +7)/8); + + Integer d, e; + SecByteBlock dd(len), ee(len); + + Hash(NULL, XX, xxs, YY, yys, AA, aas, BB, bbs, dd.BytePtr(), dd.SizeInBytes()); + d.Decode(dd.BytePtr(), dd.SizeInBytes()); + + Hash(NULL, YY, yys, XX, xxs, AA, aas, BB, bbs, ee.BytePtr(), ee.SizeInBytes()); + e.Decode(ee.BytePtr(), ee.SizeInBytes()); + + Element sigma; + if(m_role == RoleServer) + { + Integer y(ephemeralPrivateKey, StaticPrivateKeyLength()); + Integer b(staticPrivateKey, StaticPrivateKeyLength()); + Integer s_B = (y + e * b) % q; + + Element A = params.DecodeElement(AA, false); + Element X = params.DecodeElement(XX, false); + + Element t1 = params.ExponentiateElement(A, d); + Element t2 = m_groupParameters.MultiplyElements(X, t1); + + sigma = params.ExponentiateElement(t2, s_B); + } + else + { + Integer x(ephemeralPrivateKey, StaticPrivateKeyLength()); + Integer a(staticPrivateKey, StaticPrivateKeyLength()); + Integer s_A = (x + d * a) % q; + + Element B = params.DecodeElement(BB, false); + Element Y = params.DecodeElement(YY, false); + + Element t1 = params.ExponentiateElement(B, e); + Element t2 = m_groupParameters.MultiplyElements(Y, t1); + + sigma = params.ExponentiateElement(t2, s_A); + } + + Hash(&sigma, XX, xxs, YY, yys, AA, aas, BB, bbs, agreedValue, AgreedValueLength()); + } + catch (DL_BadElement &) + { + return false; + } + return true; + } + +protected: + + inline void Hash(const Element* sigma, + const byte* e1, size_t e1len, const byte* e2, size_t e2len, + const byte* s1, size_t s1len, const byte* s2, size_t s2len, + byte* digest, size_t dlen) const + { + HASH hash; + size_t idx = 0, req = dlen; + size_t blk = STDMIN(dlen, (size_t)HASH::DIGESTSIZE); + + if(sigma) + { + Integer x = GetAbstractGroupParameters().ConvertElementToInteger(*sigma); + SecByteBlock sbb(x.MinEncodedSize()); + x.Encode(sbb.BytePtr(), sbb.SizeInBytes()); + hash.Update(sbb.BytePtr(), sbb.SizeInBytes()); + } + + hash.Update(e1, e1len); + hash.Update(e2, e2len); + hash.Update(s1, s1len); + hash.Update(s2, s2len); + + hash.TruncatedFinal(digest, blk); + req -= blk; + + // All this to catch tail bytes for large curves and small hashes + while(req != 0) + { + hash.Update(&digest[idx], (size_t)HASH::DIGESTSIZE); + + idx += (size_t)HASH::DIGESTSIZE; + blk = STDMIN(req, (size_t)HASH::DIGESTSIZE); + hash.TruncatedFinal(&digest[idx], blk); + + req -= blk; + } + } + +private: + + // The paper uses Initiator and Recipient - make it classical. + enum KeyAgreementRole{ RoleServer = 1, RoleClient }; + + DL_GroupParameters & AccessAbstractGroupParameters() {return m_groupParameters;} + const DL_GroupParameters & GetAbstractGroupParameters() const{return m_groupParameters;} + + GroupParameters m_groupParameters; + KeyAgreementRole m_role; +}; + +//! \brief Fully Hashed Menezes-Qu-Vanstone in GF(p) +//! \details This implementation follows Augustin P. Sarr and Philippe Elbaz–Vincent, and Jean–Claude Bajard's +//! A Secure and Efficient Authenticated Diffie-Hellman Protocol. +//! Note: this is FHMQV, Protocol 5, from page 11; and not FHMQV-C. +//! \sa FHMQV, MQV_Domain, HMQV_Domain, AuthenticatedKeyAgreementDomain +//! \since Crypto++ 5.6.4 +typedef FHMQV_Domain FHMQV; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/files.h b/libs/win_crypto++/include/files.h new file mode 100644 index 0000000..ace73cd --- /dev/null +++ b/libs/win_crypto++/include/files.h @@ -0,0 +1,113 @@ +#ifndef CRYPTOPP_FILES_H +#define CRYPTOPP_FILES_H + +#include "cryptlib.h" +#include "filters.h" +#include "argnames.h" +#include "smartptr.h" + +#include +#include + +NAMESPACE_BEGIN(CryptoPP) + +//! file-based implementation of Store interface +class CRYPTOPP_DLL FileStore : public Store, private FilterPutSpaceHelper, public NotCopyable +{ +public: + class Err : public Exception + { + public: + Err(const std::string &s) : Exception(IO_ERROR, s) {} + }; + class OpenErr : public Err {public: OpenErr(const std::string &filename) : Err("FileStore: error opening file for reading: " + filename) {}}; + class ReadErr : public Err {public: ReadErr() : Err("FileStore: error reading file") {}}; + + FileStore() : m_stream(NULL), m_space(NULL), m_len(0), m_waiting(0) {} + FileStore(std::istream &in) : m_stream(NULL), m_space(NULL), m_len(0), m_waiting(0) + {StoreInitialize(MakeParameters(Name::InputStreamPointer(), &in));} + FileStore(const char *filename) : m_stream(NULL), m_space(NULL), m_len(0), m_waiting(0) + {StoreInitialize(MakeParameters(Name::InputFileName(), filename ? filename : ""));} +#if defined(CRYPTOPP_UNIX_AVAILABLE) || _MSC_VER >= 1400 + //! specify file with Unicode name. On non-Windows OS, this function assumes that setlocale() has been called. + FileStore(const wchar_t *filename) + {StoreInitialize(MakeParameters(Name::InputFileNameWide(), filename));} +#endif + + std::istream* GetStream() {return m_stream;} + + lword MaxRetrievable() const; + size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); + size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; + lword Skip(lword skipMax=ULONG_MAX); + +private: + void StoreInitialize(const NameValuePairs ¶meters); + + member_ptr m_file; + std::istream *m_stream; + byte *m_space; + size_t m_len; + bool m_waiting; +}; + +//! file-based implementation of Source interface +class CRYPTOPP_DLL FileSource : public SourceTemplate +{ +public: + typedef FileStore::Err Err; + typedef FileStore::OpenErr OpenErr; + typedef FileStore::ReadErr ReadErr; + + FileSource(BufferedTransformation *attachment = NULL) + : SourceTemplate(attachment) {} + FileSource(std::istream &in, bool pumpAll, BufferedTransformation *attachment = NULL) + : SourceTemplate(attachment) {SourceInitialize(pumpAll, MakeParameters(Name::InputStreamPointer(), &in));} + FileSource(const char *filename, bool pumpAll, BufferedTransformation *attachment = NULL, bool binary=true) + : SourceTemplate(attachment) {SourceInitialize(pumpAll, MakeParameters(Name::InputFileName(), filename)(Name::InputBinaryMode(), binary));} +#if defined(CRYPTOPP_UNIX_AVAILABLE) || _MSC_VER >= 1400 + //! specify file with Unicode name. On non-Windows OS, this function assumes that setlocale() has been called. + FileSource(const wchar_t *filename, bool pumpAll, BufferedTransformation *attachment = NULL, bool binary=true) + : SourceTemplate(attachment) {SourceInitialize(pumpAll, MakeParameters(Name::InputFileNameWide(), filename)(Name::InputBinaryMode(), binary));} +#endif + + std::istream* GetStream() {return m_store.GetStream();} +}; + +//! file-based implementation of Sink interface +class CRYPTOPP_DLL FileSink : public Sink, public NotCopyable +{ +public: + class Err : public Exception + { + public: + Err(const std::string &s) : Exception(IO_ERROR, s) {} + }; + class OpenErr : public Err {public: OpenErr(const std::string &filename) : Err("FileSink: error opening file for writing: " + filename) {}}; + class WriteErr : public Err {public: WriteErr() : Err("FileSink: error writing file") {}}; + + FileSink() : m_stream(NULL) {} + FileSink(std::ostream &out) + {IsolatedInitialize(MakeParameters(Name::OutputStreamPointer(), &out));} + FileSink(const char *filename, bool binary=true) + {IsolatedInitialize(MakeParameters(Name::OutputFileName(), filename)(Name::OutputBinaryMode(), binary));} +#if defined(CRYPTOPP_UNIX_AVAILABLE) || _MSC_VER >= 1400 + //! specify file with Unicode name. On non-Windows OS, this function assumes that setlocale() has been called. + FileSink(const wchar_t *filename, bool binary=true) + {IsolatedInitialize(MakeParameters(Name::OutputFileNameWide(), filename)(Name::OutputBinaryMode(), binary));} +#endif + + std::ostream* GetStream() {return m_stream;} + + void IsolatedInitialize(const NameValuePairs ¶meters); + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); + bool IsolatedFlush(bool hardFlush, bool blocking); + +private: + member_ptr m_file; + std::ostream *m_stream; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/filters.h b/libs/win_crypto++/include/filters.h new file mode 100644 index 0000000..5b8c633 --- /dev/null +++ b/libs/win_crypto++/include/filters.h @@ -0,0 +1,1301 @@ +// filters.h - written and placed in the public domain by Wei Dai + +//! \file filters.h +//! \brief Implementation of BufferedTransformation's attachment interface. + +#ifndef CRYPTOPP_FILTERS_H +#define CRYPTOPP_FILTERS_H + +#include "cryptlib.h" + +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4127 4189 4514) +#endif + +#include "cryptlib.h" +#include "simple.h" +#include "secblock.h" +#include "misc.h" +#include "smartptr.h" +#include "queue.h" +#include "algparam.h" +#include "stdcpp.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class Filter +//! \brief Implementation of BufferedTransformation's attachment interface +//! \details Filter is a cornerstone of the Pipeline trinitiy. Data flows from +//! Sources, through Filters, and then terminates in Sinks. The difference +//! between a Source and Filter is a Source \a pumps data, while a Filter does +//! not. The difference between a Filter and a Sink is a Filter allows an +//! attached transformation, while a Sink does not. +//! \details See the discussion of BufferedTransformation in cryptlib.h for +//! more details. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Filter : public BufferedTransformation, public NotCopyable +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~Filter() {} +#endif + + //! \name ATTACHMENT + //@{ + + //! \brief Construct a Filter + //! \param attachment an optional attached transformation + //! \details attachment can be \p NULL. + Filter(BufferedTransformation *attachment = NULL); + + //! \brief Determine if attachable + //! \returns \p true if the object allows attached transformations, \p false otherwise. + //! \note Source and Filter offer attached transformations; while Sink does not. + bool Attachable() {return true;} + + //! \brief Retrieve attached transformation + //! \returns pointer to a BufferedTransformation if there is an attached transformation, \p NULL otherwise. + BufferedTransformation *AttachedTransformation(); + + //! \brief Retrieve attached transformation + //! \returns pointer to a BufferedTransformation if there is an attached transformation, \p NULL otherwise. + const BufferedTransformation *AttachedTransformation() const; + + //! \brief Replace an attached transformation + //! \param newAttachment an optional attached transformation + //! \details newAttachment can be a single filter, a chain of filters or \p NULL. + //! Pass \p NULL to remove an existing BufferedTransformation or chain of filters + void Detach(BufferedTransformation *newAttachment = NULL); + + //@} + + // See the documentation for BufferedTransformation in cryptlib.h + size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); + size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; + + // See the documentation for BufferedTransformation in cryptlib.h + void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1); + bool Flush(bool hardFlush, int propagation=-1, bool blocking=true); + bool MessageSeriesEnd(int propagation=-1, bool blocking=true); + +protected: + virtual BufferedTransformation * NewDefaultAttachment() const; + void Insert(Filter *nextFilter); // insert filter after this one + + virtual bool ShouldPropagateMessageEnd() const {return true;} + virtual bool ShouldPropagateMessageSeriesEnd() const {return true;} + + void PropagateInitialize(const NameValuePairs ¶meters, int propagation); + + //! \brief Forward processed data on to attached transformation + //! \param outputSite unknown, system crash between keyboard and chair... + //! \param inString the byte buffer to process + //! \param length the size of the string, in bytes + //! \param messageEnd means how many filters to signal MessageEnd() to, including this one + //! \param blocking specifies whether the object should block when processing input + //! \param channel the channel to process the data + //! \returns the number of bytes that remain in the block (i.e., bytes not processed) + size_t Output(int outputSite, const byte *inString, size_t length, int messageEnd, bool blocking, const std::string &channel=DEFAULT_CHANNEL); + + //! \brief Output multiple bytes that may be modified by callee. + //! \param outputSite unknown, system crash between keyboard and chair... + //! \param inString the byte buffer to process + //! \param length the size of the string, in bytes + //! \param messageEnd means how many filters to signal MessageEnd() to, including this one + //! \param blocking specifies whether the object should block when processing input + //! \param channel the channel to process the data + //! \returns the number of bytes that remain in the block (i.e., bytes not processed) + size_t OutputModifiable(int outputSite, byte *inString, size_t length, int messageEnd, bool blocking, const std::string &channel=DEFAULT_CHANNEL); + + //! \brief Signals the end of messages to the object + //! \param outputSite unknown, system crash between keyboard and chair... + //! \param propagation the number of attached transformations the MessageEnd() signal should be passed + //! \param blocking specifies whether the object should block when processing input + //! \param channel the channel to process the data + //! \returns TODO + //! \details propagation count includes this object. Setting propagation to 1 means this + //! object only. Setting propagation to -1 means unlimited propagation. + bool OutputMessageEnd(int outputSite, int propagation, bool blocking, const std::string &channel=DEFAULT_CHANNEL); + + //! \brief Flush buffered input and/or output, with signal propagation + //! \param outputSite unknown, system crash between keyboard and chair... + //! \param hardFlush is used to indicate whether all data should be flushed + //! \param propagation the number of attached transformations the Flush() signal should be passed + //! \param blocking specifies whether the object should block when processing input + //! \param channel the channel to process the data + //! \returns TODO + //! \details propagation count includes this object. Setting propagation to 1 means this + //! object only. Setting propagation to -1 means unlimited propagation. + //! \note Hard flushes must be used with care. It means try to process and output everything, even if + //! there may not be enough data to complete the action. For example, hard flushing a HexDecoder + //! would cause an error if you do it after inputing an odd number of hex encoded characters. + //! \note For some types of filters, like ZlibDecompressor, hard flushes can only + //! be done at "synchronization points". These synchronization points are positions in the data + //! stream that are created by hard flushes on the corresponding reverse filters, in this + //! example ZlibCompressor. This is useful when zlib compressed data is moved across a + //! network in packets and compression state is preserved across packets, as in the SSH2 protocol. + bool OutputFlush(int outputSite, bool hardFlush, int propagation, bool blocking, const std::string &channel=DEFAULT_CHANNEL); + + //! \brief Marks the end of a series of messages, with signal propagation + //! \param outputSite unknown, system crash between keyboard and chair... + //! \param propagation the number of attached transformations the MessageSeriesEnd() signal should be passed + //! \param blocking specifies whether the object should block when processing input + //! \param channel the channel to process the data + //! \returns TODO + //! \details Each object that receives the signal will perform its processing, decrement + //! propagation, and then pass the signal on to attached transformations if the value is not 0. + //! \details propagation count includes this object. Setting propagation to 1 means this + //! object only. Setting propagation to -1 means unlimited propagation. + //! \note There should be a MessageEnd() immediately before MessageSeriesEnd(). + bool OutputMessageSeriesEnd(int outputSite, int propagation, bool blocking, const std::string &channel=DEFAULT_CHANNEL); + +private: + member_ptr m_attachment; + +protected: + size_t m_inputPosition; + int m_continueAt; +}; + +//! \class FilterPutSpaceHelper +//! \brief Create a working space in a BufferedTransformation +struct CRYPTOPP_DLL FilterPutSpaceHelper +{ + //! \brief Create a working space in a BufferedTransformation + //! \param target BufferedTransformation for the working space + //! \param channel channel for the working space + //! \param minSize minimum size of the allocation, in bytes + //! \param desiredSize preferred size of the allocation, in bytes + //! \param bufferSize actual size of the allocation, in bytes + //! \pre desiredSize >= minSize and bufferSize >= minSize. + //! \details \p bufferSize is an IN and OUT parameter. If HelpCreatePutSpace() returns a non-NULL value, then + //! bufferSize is valid and provides the size of the working space created for the caller. + //! \details Internally, HelpCreatePutSpace() calls \ref BufferedTransformation::ChannelCreatePutSpace + //! "ChannelCreatePutSpace()" using \p desiredSize. If the target returns \p desiredSize with a size less + //! than \p minSize (i.e., the request could not be fulfilled), then an internal SecByteBlock + //! called \p m_tempSpace is resized and used for the caller. + byte *HelpCreatePutSpace(BufferedTransformation &target, const std::string &channel, size_t minSize, size_t desiredSize, size_t &bufferSize) + { + CRYPTOPP_ASSERT(desiredSize >= minSize && bufferSize >= minSize); + if (m_tempSpace.size() < minSize) + { + byte *result = target.ChannelCreatePutSpace(channel, desiredSize); + if (desiredSize >= minSize) + { + bufferSize = desiredSize; + return result; + } + m_tempSpace.New(bufferSize); + } + + bufferSize = m_tempSpace.size(); + return m_tempSpace.begin(); + } + + //! \brief Create a working space in a BufferedTransformation + //! \param target the BufferedTransformation for the working space + //! \param channel channel for the working space + //! \param minSize minimum size of the allocation, in bytes + //! \details Internally, the overload calls HelpCreatePutSpace(BufferedTransformation &target, const std::string &channel, size_t minSize, size_t desiredSize, size_t &bufferSize) using \p minSize for missing arguments. + byte *HelpCreatePutSpace(BufferedTransformation &target, const std::string &channel, size_t minSize) + {return HelpCreatePutSpace(target, channel, minSize, minSize, minSize);} + + //! \brief Create a working space in a BufferedTransformation + //! \param target the BufferedTransformation for the working space + //! \param channel channel for the working space + //! \param minSize minimum size of the allocation, in bytes + //! \param bufferSize the actual size of the allocation, in bytes + //! \details Internally, the overload calls HelpCreatePutSpace(BufferedTransformation &target, const std::string &channel, size_t minSize, size_t desiredSize, size_t &bufferSize) using \p minSize for missing arguments. + byte *HelpCreatePutSpace(BufferedTransformation &target, const std::string &channel, size_t minSize, size_t bufferSize) + {return HelpCreatePutSpace(target, channel, minSize, minSize, bufferSize);} + + //! \brief Temporay working space + SecByteBlock m_tempSpace; +}; + +//! \class MeterFilter +//! \brief Measure how many bytes and messages pass through the filter +//! \details measure how many bytes and messages pass through the filter. The filter also serves as valve by +//! maintaining a list of ranges to skip during processing. +class CRYPTOPP_DLL MeterFilter : public Bufferless +{ +public: + //! \brief Construct a MeterFilter + //! \param attachment an optional attached transformation + //! \param transparent flag indicating if the filter should function transparently + //! \details \p attachment can be \p NULL. The filter is transparent by default. If the filter is + //! transparent, then PutMaybeModifiable() does not process a request and always returns 0. + MeterFilter(BufferedTransformation *attachment=NULL, bool transparent=true) + : m_transparent(transparent), m_currentMessageBytes(0), m_totalBytes(0) + , m_currentSeriesMessages(0), m_totalMessages(0), m_totalMessageSeries(0) + , m_begin(NULL), m_length(0) {Detach(attachment); ResetMeter();} + + //! \brief Set or change the transparent mode of this object + //! \param transparent the new transparent mode + void SetTransparent(bool transparent) {m_transparent = transparent;} + + //! \brief Adds a range to skip during processing + //! \param message the message to apply the range + //! \param position the 0-based index in the current stream + //! \param size the length of the range + //! \param sortNow flag indicating whether the range should be sorted + //! \details Internally, MeterFilter maitains a deque of ranges to skip. As messages are processed, + //! ranges of bytes are skipped according to the list of ranges. + void AddRangeToSkip(unsigned int message, lword position, lword size, bool sortNow = true); + + //! \brief Resets the meter + //! \details ResetMeter() reinitializes the meter by setting counters to 0 and removing previous + //! skip ranges. + void ResetMeter(); + + void IsolatedInitialize(const NameValuePairs ¶meters) + {CRYPTOPP_UNUSED(parameters); ResetMeter();} + + lword GetCurrentMessageBytes() const {return m_currentMessageBytes;} + lword GetTotalBytes() const {return m_totalBytes;} + unsigned int GetCurrentSeriesMessages() const {return m_currentSeriesMessages;} + unsigned int GetTotalMessages() const {return m_totalMessages;} + unsigned int GetTotalMessageSeries() const {return m_totalMessageSeries;} + + byte * CreatePutSpace(size_t &size) + {return AttachedTransformation()->CreatePutSpace(size);} + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); + size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking); + bool IsolatedMessageSeriesEnd(bool blocking); + +private: + size_t PutMaybeModifiable(byte *inString, size_t length, int messageEnd, bool blocking, bool modifiable); + bool ShouldPropagateMessageEnd() const {return m_transparent;} + bool ShouldPropagateMessageSeriesEnd() const {return m_transparent;} + + struct MessageRange + { + inline bool operator<(const MessageRange &b) const // BCB2006 workaround: this has to be a member function + {return message < b.message || (message == b.message && position < b.position);} + unsigned int message; lword position; lword size; + }; + + bool m_transparent; + lword m_currentMessageBytes, m_totalBytes; + unsigned int m_currentSeriesMessages, m_totalMessages, m_totalMessageSeries; + std::deque m_rangesToSkip; + byte *m_begin; + size_t m_length; +}; + +//! \class TransparentFilter +//! \brief A transparent MeterFilter +//! \sa MeterFilter, OpaqueFilter +class CRYPTOPP_DLL TransparentFilter : public MeterFilter +{ +public: + //! \brief Construct a TransparentFilter + //! \param attachment an optional attached transformation + TransparentFilter(BufferedTransformation *attachment=NULL) : MeterFilter(attachment, true) {} +}; + +//! \class OpaqueFilter +//! \brief A non-transparent MeterFilter +//! \sa MeterFilter, TransparentFilter +class CRYPTOPP_DLL OpaqueFilter : public MeterFilter +{ +public: + //! \brief Construct an OpaqueFilter + //! \param attachment an optional attached transformation + OpaqueFilter(BufferedTransformation *attachment=NULL) : MeterFilter(attachment, false) {} +}; + +//! \class FilterWithBufferedInput +//! \brief Divides an input stream into discrete blocks +//! \details FilterWithBufferedInput divides the input stream into a first block, a number of +//! middle blocks, and a last block. First and last blocks are optional, and middle blocks may +//! be a stream instead (i.e. blockSize == 1). +//! \sa AuthenticatedEncryptionFilter, AuthenticatedDecryptionFilter, HashVerificationFilter, +//! SignatureVerificationFilter, StreamTransformationFilter +class CRYPTOPP_DLL FilterWithBufferedInput : public Filter +{ +public: + +#if !defined(CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562) + //! default FilterWithBufferedInput for temporaries + FilterWithBufferedInput(); +#endif + + //! \brief Construct a FilterWithBufferedInput with an attached transformation + //! \param attachment an attached transformation + FilterWithBufferedInput(BufferedTransformation *attachment); + + //! \brief Construct a FilterWithBufferedInput with an attached transformation + //! \param firstSize the size of the first block + //! \param blockSize the size of middle blocks + //! \param lastSize the size of the last block + //! \param attachment an attached transformation + //! \details \p firstSize and \p lastSize may be 0. \p blockSize must be at least 1. + FilterWithBufferedInput(size_t firstSize, size_t blockSize, size_t lastSize, BufferedTransformation *attachment); + + void IsolatedInitialize(const NameValuePairs ¶meters); + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) + { + return PutMaybeModifiable(const_cast(inString), length, messageEnd, blocking, false); + } + size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking) + { + return PutMaybeModifiable(inString, length, messageEnd, blocking, true); + } + + //! \brief Flushes data buffered by this object, without signal propagation + //! \param hardFlush indicates whether all data should be flushed + //! \param blocking specifies whether the object should block when processing input + //! \details IsolatedFlush() calls ForceNextPut() if hardFlush is true + //! \note hardFlush must be used with care + bool IsolatedFlush(bool hardFlush, bool blocking); + + //! \brief Flushes data buffered by this object + //! \details The input buffer may contain more than blockSize bytes if lastSize != 0. + //! ForceNextPut() forces a call to NextPut() if this is the case. + void ForceNextPut(); + +protected: + virtual bool DidFirstPut() const {return m_firstInputDone;} + virtual size_t GetFirstPutSize() const {return m_firstSize;} + virtual size_t GetBlockPutSize() const {return m_blockSize;} + virtual size_t GetLastPutSize() const {return m_lastSize;} + + virtual void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize) + {CRYPTOPP_UNUSED(parameters); CRYPTOPP_UNUSED(firstSize); CRYPTOPP_UNUSED(blockSize); CRYPTOPP_UNUSED(lastSize); InitializeDerived(parameters);} + virtual void InitializeDerived(const NameValuePairs ¶meters) + {CRYPTOPP_UNUSED(parameters);} + // FirstPut() is called if (firstSize != 0 and totalLength >= firstSize) + // or (firstSize == 0 and (totalLength > 0 or a MessageEnd() is received)). + // inString is m_firstSize in length. + virtual void FirstPut(const byte *inString) =0; + // NextPut() is called if totalLength >= firstSize+blockSize+lastSize + virtual void NextPutSingle(const byte *inString) + {CRYPTOPP_UNUSED(inString); CRYPTOPP_ASSERT(false);} + // Same as NextPut() except length can be a multiple of blockSize + // Either NextPut() or NextPutMultiple() must be overriden + virtual void NextPutMultiple(const byte *inString, size_t length); + // Same as NextPutMultiple(), but inString can be modified + virtual void NextPutModifiable(byte *inString, size_t length) + {NextPutMultiple(inString, length);} + // LastPut() is always called + // if totalLength < firstSize then length == totalLength + // else if totalLength <= firstSize+lastSize then length == totalLength-firstSize + // else lastSize <= length < lastSize+blockSize + virtual void LastPut(const byte *inString, size_t length) =0; + virtual void FlushDerived() {} + +protected: + size_t PutMaybeModifiable(byte *begin, size_t length, int messageEnd, bool blocking, bool modifiable); + void NextPutMaybeModifiable(byte *inString, size_t length, bool modifiable) + { + if (modifiable) NextPutModifiable(inString, length); + else NextPutMultiple(inString, length); + } + + // This function should no longer be used, put this here to cause a compiler error + // if someone tries to override NextPut(). + virtual int NextPut(const byte *inString, size_t length) + {CRYPTOPP_UNUSED(inString); CRYPTOPP_UNUSED(length); CRYPTOPP_ASSERT(false); return 0;} + + class BlockQueue + { + public: + void ResetQueue(size_t blockSize, size_t maxBlocks); + byte *GetBlock(); + byte *GetContigousBlocks(size_t &numberOfBytes); + size_t GetAll(byte *outString); + void Put(const byte *inString, size_t length); + size_t CurrentSize() const {return m_size;} + size_t MaxSize() const {return m_buffer.size();} + + private: + SecByteBlock m_buffer; + size_t m_blockSize, m_maxBlocks, m_size; + byte *m_begin; + }; + + size_t m_firstSize, m_blockSize, m_lastSize; + bool m_firstInputDone; + BlockQueue m_queue; +}; + +//! \class FilterWithInputQueue +//! \brief A filter that buffers input using a ByteQueue +//! \details FilterWithInputQueue will buffer input using a ByteQueue. When the filter receives +//! a \ref BufferedTransformation::MessageEnd() "MessageEnd()" signal it will pass the data +//! on to its attached transformation. +class CRYPTOPP_DLL FilterWithInputQueue : public Filter +{ +public: + //! \brief Construct a FilterWithInputQueue + //! \param attachment an optional attached transformation + FilterWithInputQueue(BufferedTransformation *attachment=NULL) : Filter(attachment) {} + + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) + { + if (!blocking) + throw BlockingInputOnly("FilterWithInputQueue"); + + m_inQueue.Put(inString, length); + if (messageEnd) + { + IsolatedMessageEnd(blocking); + Output(0, NULL, 0, messageEnd, blocking); + } + return 0; + } + +protected: + virtual bool IsolatedMessageEnd(bool blocking) =0; + void IsolatedInitialize(const NameValuePairs ¶meters) + {CRYPTOPP_UNUSED(parameters); m_inQueue.Clear();} + + ByteQueue m_inQueue; +}; + +//! \struct BlockPaddingSchemeDef +//! \brief Padding schemes used for block ciphers +struct BlockPaddingSchemeDef +{ + //! \enum BlockPaddingScheme + //! \brief Padding schemes used for block ciphers. + //! \details DEFAULT_PADDING means PKCS_PADDING if cipher.MandatoryBlockSize() > 1 && + //! cipher.MinLastBlockSize() == 0, which holds for ECB or CBC mode. Otherwise, + //! NO_PADDING for modes like OFB, CFB, CTR, CBC-CTS. + //! \sa Block Cipher Padding for + //! additional details. + enum BlockPaddingScheme { + //! \brief No padding added to a block + NO_PADDING, + //! \brief 0's padding added to a block + ZEROS_PADDING, + //! \brief PKCS #5 padding added to a block + PKCS_PADDING, + //! \brief 1 and 0's padding added to a block + ONE_AND_ZEROS_PADDING, + //! \brief Default padding scheme + DEFAULT_PADDING + }; +}; + +//! \class StreamTransformationFilter +//! \brief Filter wrapper for StreamTransformation +//! \details Filter wrapper for StreamTransformation. The filter will optionally handle padding/unpadding when needed +class CRYPTOPP_DLL StreamTransformationFilter : public FilterWithBufferedInput, public BlockPaddingSchemeDef, private FilterPutSpaceHelper +{ +public: + //! \brief Construct a StreamTransformationFilter + //! \param c reference to a StreamTransformation + //! \param attachment an optional attached transformation + //! \param padding the \ref BlockPaddingSchemeDef "padding scheme" + //! \param allowAuthenticatedSymmetricCipher flag indicating whether the filter should allow authenticated encryption schemes + StreamTransformationFilter(StreamTransformation &c, BufferedTransformation *attachment = NULL, BlockPaddingScheme padding = DEFAULT_PADDING, bool allowAuthenticatedSymmetricCipher = false); + + std::string AlgorithmName() const {return m_cipher.AlgorithmName();} + +protected: + void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize); + void FirstPut(const byte *inString); + void NextPutMultiple(const byte *inString, size_t length); + void NextPutModifiable(byte *inString, size_t length); + void LastPut(const byte *inString, size_t length); + + static size_t LastBlockSize(StreamTransformation &c, BlockPaddingScheme padding); + + StreamTransformation &m_cipher; + BlockPaddingScheme m_padding; + unsigned int m_optimalBufferSize; +}; + +#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY +typedef StreamTransformationFilter StreamCipherFilter; +#endif + +//! \class HashFilter +//! \brief Filter wrapper for HashTransformation +class CRYPTOPP_DLL HashFilter : public Bufferless, private FilterPutSpaceHelper +{ +public: + //! \brief Construct a HashFilter + //! \param hm reference to a HashTransformation + //! \param attachment an optional attached transformation + //! \param putMessage flag indicating whether the original message should be passed to an attached transformation + //! \param truncatedDigestSize the size of the digest + //! \param messagePutChannel the channel on which the message should be output + //! \param hashPutChannel the channel on which the digest should be output + HashFilter(HashTransformation &hm, BufferedTransformation *attachment = NULL, bool putMessage=false, int truncatedDigestSize=-1, const std::string &messagePutChannel=DEFAULT_CHANNEL, const std::string &hashPutChannel=DEFAULT_CHANNEL); + + std::string AlgorithmName() const {return m_hashModule.AlgorithmName();} + void IsolatedInitialize(const NameValuePairs ¶meters); + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); + byte * CreatePutSpace(size_t &size) {return m_hashModule.CreateUpdateSpace(size);} + +private: + HashTransformation &m_hashModule; + bool m_putMessage; + unsigned int m_digestSize; + byte *m_space; + std::string m_messagePutChannel, m_hashPutChannel; +}; + +//! \class HashVerificationFilter +//! \brief Filter wrapper for HashTransformation +class CRYPTOPP_DLL HashVerificationFilter : public FilterWithBufferedInput +{ +public: + //! \class HashVerificationFailed + //! \brief Exception thrown when a data integrity check failure is encountered + class HashVerificationFailed : public Exception + { + public: + HashVerificationFailed() + : Exception(DATA_INTEGRITY_CHECK_FAILED, "HashVerificationFilter: message hash or MAC not valid") {} + }; + + //! \enum Flags + //! \brief Flags controlling filter behavior. + //! \details The flags are a bitmask and can be OR'd together. + enum Flags { + //! \brief Indicates the hash is at the end of the message (i.e., concatenation of message+hash) + HASH_AT_END=0, + //! \brief Indicates the hash is at the beginning of the message (i.e., concatenation of hash+message) + HASH_AT_BEGIN=1, + //! \brief Indicates the message should be passed to an attached transformation + PUT_MESSAGE=2, + //! \brief Indicates the hash should be passed to an attached transformation + PUT_HASH=4, + //! \brief Indicates the result of the verification should be passed to an attached transformation + PUT_RESULT=8, + //! \brief Indicates the filter should throw a HashVerificationFailed if a failure is encountered + THROW_EXCEPTION=16, + //! \brief Default flags using \p HASH_AT_BEGIN and \p PUT_RESULT + DEFAULT_FLAGS = HASH_AT_BEGIN | PUT_RESULT + }; + + //! \brief Construct a HashVerificationFilter + //! \param hm reference to a HashTransformation + //! \param attachment an optional attached transformation + //! \param flags flags indicating behaviors for the filter + //! \param truncatedDigestSize the size of the digest + //! \details truncatedDigestSize = -1 indicates \ref HashTransformation::DigestSize() "DigestSize" should be used. + HashVerificationFilter(HashTransformation &hm, BufferedTransformation *attachment = NULL, word32 flags = DEFAULT_FLAGS, int truncatedDigestSize=-1); + + std::string AlgorithmName() const {return m_hashModule.AlgorithmName();} + bool GetLastResult() const {return m_verified;} + +protected: + void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize); + void FirstPut(const byte *inString); + void NextPutMultiple(const byte *inString, size_t length); + void LastPut(const byte *inString, size_t length); + +private: + friend class AuthenticatedDecryptionFilter; + + HashTransformation &m_hashModule; + word32 m_flags; + unsigned int m_digestSize; + bool m_verified; + SecByteBlock m_expectedHash; +}; + +typedef HashVerificationFilter HashVerifier; // for backwards compatibility + +//! \class AuthenticatedEncryptionFilter +//! \brief Filter wrapper for encrypting with AuthenticatedSymmetricCipher +//! \details Filter wrapper for encrypting with AuthenticatedSymmetricCipher, optionally handling padding/unpadding when needed +class CRYPTOPP_DLL AuthenticatedEncryptionFilter : public StreamTransformationFilter +{ +public: + //! \brief Construct a AuthenticatedEncryptionFilter + //! \param c reference to a AuthenticatedSymmetricCipher + //! \param attachment an optional attached transformation + //! \param putAAD flag indicating whether the AAD should be passed to an attached transformation + //! \param truncatedDigestSize the size of the digest + //! \param macChannel the channel on which the MAC should be output + //! \param padding the \ref BlockPaddingSchemeDef "padding scheme" + //! \details truncatedDigestSize = -1 indicates \ref HashTransformation::DigestSize() "DigestSize" should be used. + AuthenticatedEncryptionFilter(AuthenticatedSymmetricCipher &c, BufferedTransformation *attachment = NULL, bool putAAD=false, int truncatedDigestSize=-1, const std::string &macChannel=DEFAULT_CHANNEL, BlockPaddingScheme padding = DEFAULT_PADDING); + + void IsolatedInitialize(const NameValuePairs ¶meters); + byte * ChannelCreatePutSpace(const std::string &channel, size_t &size); + size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking); + void LastPut(const byte *inString, size_t length); + +protected: + HashFilter m_hf; +}; + +//! \class AuthenticatedDecryptionFilter +//! \brief Filter wrapper for decrypting with AuthenticatedSymmetricCipher +//! \details Filter wrapper wrapper for decrypting with AuthenticatedSymmetricCipher, optionally handling padding/unpadding when needed. +class CRYPTOPP_DLL AuthenticatedDecryptionFilter : public FilterWithBufferedInput, public BlockPaddingSchemeDef +{ +public: + //! \enum Flags + //! \brief Flags controlling filter behavior. + //! \details The flags are a bitmask and can be OR'd together. + enum Flags { + //! \brief Indicates the MAC is at the end of the message (i.e., concatenation of message+mac) + MAC_AT_END=0, + //! \brief Indicates the MAC is at the beginning of the message (i.e., concatenation of mac+message) + MAC_AT_BEGIN=1, + //! \brief Indicates the filter should throw a HashVerificationFailed if a failure is encountered + THROW_EXCEPTION=16, + //! \brief Default flags using \p THROW_EXCEPTION + DEFAULT_FLAGS = THROW_EXCEPTION + }; + + //! \brief Construct a AuthenticatedDecryptionFilter + //! \param c reference to a AuthenticatedSymmetricCipher + //! \param attachment an optional attached transformation + //! \param flags flags indicating behaviors for the filter + //! \param truncatedDigestSize the size of the digest + //! \param padding the \ref BlockPaddingSchemeDef "padding scheme" + //! \details Additional authenticated data should be given in channel "AAD". + //! \details truncatedDigestSize = -1 indicates \ref HashTransformation::DigestSize() "DigestSize" should be used. + AuthenticatedDecryptionFilter(AuthenticatedSymmetricCipher &c, BufferedTransformation *attachment = NULL, word32 flags = DEFAULT_FLAGS, int truncatedDigestSize=-1, BlockPaddingScheme padding = DEFAULT_PADDING); + + std::string AlgorithmName() const {return m_hashVerifier.AlgorithmName();} + byte * ChannelCreatePutSpace(const std::string &channel, size_t &size); + size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking); + bool GetLastResult() const {return m_hashVerifier.GetLastResult();} + +protected: + void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize); + void FirstPut(const byte *inString); + void NextPutMultiple(const byte *inString, size_t length); + void LastPut(const byte *inString, size_t length); + + HashVerificationFilter m_hashVerifier; + StreamTransformationFilter m_streamFilter; +}; + +//! \class SignerFilter +//! \brief Filter wrapper for PK_Signer +class CRYPTOPP_DLL SignerFilter : public Unflushable +{ +public: + //! \brief Construct a SignerFilter + //! \param rng a RandomNumberGenerator derived class + //! \param signer a PK_Signer derived class + //! \param attachment an optional attached transformation + //! \param putMessage flag indicating whether the original message should be passed to an attached transformation + SignerFilter(RandomNumberGenerator &rng, const PK_Signer &signer, BufferedTransformation *attachment = NULL, bool putMessage=false) + : m_rng(rng), m_signer(signer), m_messageAccumulator(signer.NewSignatureAccumulator(rng)), m_putMessage(putMessage) {Detach(attachment);} + + std::string AlgorithmName() const {return m_signer.AlgorithmName();} + + void IsolatedInitialize(const NameValuePairs ¶meters); + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); + +private: + RandomNumberGenerator &m_rng; + const PK_Signer &m_signer; + member_ptr m_messageAccumulator; + bool m_putMessage; + SecByteBlock m_buf; +}; + +//! \class SignatureVerificationFilter +//! \brief Filter wrapper for PK_Verifier +class CRYPTOPP_DLL SignatureVerificationFilter : public FilterWithBufferedInput +{ +public: + //! \brief Exception thrown when an invalid signature is encountered + class SignatureVerificationFailed : public Exception + { + public: + SignatureVerificationFailed() + : Exception(DATA_INTEGRITY_CHECK_FAILED, "VerifierFilter: digital signature not valid") {} + }; + + //! \enum Flags + //! \brief Flags controlling filter behavior. + //! \details The flags are a bitmask and can be OR'd together. + enum Flags { + //! \brief Indicates the signature is at the end of the message (i.e., concatenation of message+signature) + SIGNATURE_AT_END=0, + //! \brief Indicates the signature is at the beginning of the message (i.e., concatenation of signature+message) + SIGNATURE_AT_BEGIN=1, + //! \brief Indicates the message should be passed to an attached transformation + PUT_MESSAGE=2, + //! \brief Indicates the signature should be passed to an attached transformation + PUT_SIGNATURE=4, + //! \brief Indicates the result of the verification should be passed to an attached transformation + PUT_RESULT=8, + //! \brief Indicates the filter should throw a HashVerificationFailed if a failure is encountered + THROW_EXCEPTION=16, + //! \brief Default flags using \p SIGNATURE_AT_BEGIN and \p PUT_RESULT + DEFAULT_FLAGS = SIGNATURE_AT_BEGIN | PUT_RESULT + }; + + //! \brief Construct a SignatureVerificationFilter + //! \param verifier a PK_Verifier derived class + //! \param attachment an optional attached transformation + //! \param flags flags indicating behaviors for the filter + SignatureVerificationFilter(const PK_Verifier &verifier, BufferedTransformation *attachment = NULL, word32 flags = DEFAULT_FLAGS); + + std::string AlgorithmName() const {return m_verifier.AlgorithmName();} + + //! \brief Retrieves the result of the last verification + //! \returns true if the signature on the previosus message was valid, false otherwise + bool GetLastResult() const {return m_verified;} + +protected: + void InitializeDerivedAndReturnNewSizes(const NameValuePairs ¶meters, size_t &firstSize, size_t &blockSize, size_t &lastSize); + void FirstPut(const byte *inString); + void NextPutMultiple(const byte *inString, size_t length); + void LastPut(const byte *inString, size_t length); + +private: + const PK_Verifier &m_verifier; + member_ptr m_messageAccumulator; + word32 m_flags; + SecByteBlock m_signature; + bool m_verified; +}; + +typedef SignatureVerificationFilter VerifierFilter; // for backwards compatibility + +//! \class Redirector +//! \brief Redirect input to another BufferedTransformation without owning it +class CRYPTOPP_DLL Redirector : public CustomSignalPropagation +{ +public: + //! \enum Behavior + //! \brief Controls signal propagation behavior + enum Behavior + { + //! \brief Pass data only + DATA_ONLY = 0x00, + //! \brief Pass signals + PASS_SIGNALS = 0x01, + //! \brief Pass wait events + PASS_WAIT_OBJECTS = 0x02, + //! \brief Pass everything + //! \details PASS_EVERYTHING is default + PASS_EVERYTHING = PASS_SIGNALS | PASS_WAIT_OBJECTS + }; + + //! \brief Construct a Redirector + Redirector() : m_target(NULL), m_behavior(PASS_EVERYTHING) {} + + //! \brief Construct a Redirector + //! \param target the destination BufferedTransformation + //! \param behavior \ref Behavior "flags" specifying signal propagation + Redirector(BufferedTransformation &target, Behavior behavior=PASS_EVERYTHING) + : m_target(&target), m_behavior(behavior) {} + + //! \brief Redirect input to another BufferedTransformation + //! \param target the destination BufferedTransformation + void Redirect(BufferedTransformation &target) {m_target = ⌖} + //! \brief Stop redirecting input + void StopRedirection() {m_target = NULL;} + + Behavior GetBehavior() {return (Behavior) m_behavior;} + void SetBehavior(Behavior behavior) {m_behavior=behavior;} + bool GetPassSignals() const {return (m_behavior & PASS_SIGNALS) != 0;} + void SetPassSignals(bool pass) { if (pass) m_behavior |= PASS_SIGNALS; else m_behavior &= ~(word32) PASS_SIGNALS; } + bool GetPassWaitObjects() const {return (m_behavior & PASS_WAIT_OBJECTS) != 0;} + void SetPassWaitObjects(bool pass) { if (pass) m_behavior |= PASS_WAIT_OBJECTS; else m_behavior &= ~(word32) PASS_WAIT_OBJECTS; } + + bool CanModifyInput() const + {return m_target ? m_target->CanModifyInput() : false;} + + void Initialize(const NameValuePairs ¶meters, int propagation); + byte * CreatePutSpace(size_t &size) + { + if (m_target) + return m_target->CreatePutSpace(size); + else + { + size = 0; + return NULL; + } + } + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) + {return m_target ? m_target->Put2(inString, length, GetPassSignals() ? messageEnd : 0, blocking) : 0;} + bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) + {return m_target && GetPassSignals() ? m_target->Flush(hardFlush, propagation, blocking) : false;} + bool MessageSeriesEnd(int propagation=-1, bool blocking=true) + {return m_target && GetPassSignals() ? m_target->MessageSeriesEnd(propagation, blocking) : false;} + + byte * ChannelCreatePutSpace(const std::string &channel, size_t &size) + { + if (m_target) + return m_target->ChannelCreatePutSpace(channel, size); + else + { + size = 0; + return NULL; + } + } + size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) + {return m_target ? m_target->ChannelPut2(channel, begin, length, GetPassSignals() ? messageEnd : 0, blocking) : 0;} + size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking) + {return m_target ? m_target->ChannelPutModifiable2(channel, begin, length, GetPassSignals() ? messageEnd : 0, blocking) : 0;} + bool ChannelFlush(const std::string &channel, bool completeFlush, int propagation=-1, bool blocking=true) + {return m_target && GetPassSignals() ? m_target->ChannelFlush(channel, completeFlush, propagation, blocking) : false;} + bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true) + {return m_target && GetPassSignals() ? m_target->ChannelMessageSeriesEnd(channel, propagation, blocking) : false;} + + unsigned int GetMaxWaitObjectCount() const + { return m_target && GetPassWaitObjects() ? m_target->GetMaxWaitObjectCount() : 0; } + void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack) + { if (m_target && GetPassWaitObjects()) m_target->GetWaitObjects(container, callStack); } + +private: + BufferedTransformation *m_target; + word32 m_behavior; +}; + +// Used By ProxyFilter +class CRYPTOPP_DLL OutputProxy : public CustomSignalPropagation +{ +public: + OutputProxy(BufferedTransformation &owner, bool passSignal) : m_owner(owner), m_passSignal(passSignal) {} + + bool GetPassSignal() const {return m_passSignal;} + void SetPassSignal(bool passSignal) {m_passSignal = passSignal;} + + byte * CreatePutSpace(size_t &size) + {return m_owner.AttachedTransformation()->CreatePutSpace(size);} + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) + {return m_owner.AttachedTransformation()->Put2(inString, length, m_passSignal ? messageEnd : 0, blocking);} + size_t PutModifiable2(byte *begin, size_t length, int messageEnd, bool blocking) + {return m_owner.AttachedTransformation()->PutModifiable2(begin, length, m_passSignal ? messageEnd : 0, blocking);} + void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1) + {if (m_passSignal) m_owner.AttachedTransformation()->Initialize(parameters, propagation);} + bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) + {return m_passSignal ? m_owner.AttachedTransformation()->Flush(hardFlush, propagation, blocking) : false;} + bool MessageSeriesEnd(int propagation=-1, bool blocking=true) + {return m_passSignal ? m_owner.AttachedTransformation()->MessageSeriesEnd(propagation, blocking) : false;} + + byte * ChannelCreatePutSpace(const std::string &channel, size_t &size) + {return m_owner.AttachedTransformation()->ChannelCreatePutSpace(channel, size);} + size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) + {return m_owner.AttachedTransformation()->ChannelPut2(channel, begin, length, m_passSignal ? messageEnd : 0, blocking);} + size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking) + {return m_owner.AttachedTransformation()->ChannelPutModifiable2(channel, begin, length, m_passSignal ? messageEnd : 0, blocking);} + bool ChannelFlush(const std::string &channel, bool completeFlush, int propagation=-1, bool blocking=true) + {return m_passSignal ? m_owner.AttachedTransformation()->ChannelFlush(channel, completeFlush, propagation, blocking) : false;} + bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true) + {return m_passSignal ? m_owner.AttachedTransformation()->ChannelMessageSeriesEnd(channel, propagation, blocking) : false;} + +private: + BufferedTransformation &m_owner; + bool m_passSignal; +}; + +//! \class ProxyFilter +//! \brief Base class for Filter classes that are proxies for a chain of other filters +class CRYPTOPP_DLL ProxyFilter : public FilterWithBufferedInput +{ +public: + //! \brief Construct a ProxyFilter + //! \param filter an output filter + //! \param firstSize the first Put size + //! \param lastSize the last Put size + //! \param attachment an attached transformation + ProxyFilter(BufferedTransformation *filter, size_t firstSize, size_t lastSize, BufferedTransformation *attachment); + + bool IsolatedFlush(bool hardFlush, bool blocking); + + //! \brief Sets the OutputProxy filter + //! \param filter an OutputProxy filter + void SetFilter(Filter *filter); + void NextPutMultiple(const byte *s, size_t len); + void NextPutModifiable(byte *inString, size_t length); + +protected: + member_ptr m_filter; +}; + +//! \class SimpleProxyFilter +//! \brief Proxy filter that doesn't modify the underlying filter's input or output +class CRYPTOPP_DLL SimpleProxyFilter : public ProxyFilter +{ +public: + //! \brief Construct a SimpleProxyFilter + //! \param filter an output filter + //! \param attachment an attached transformation + SimpleProxyFilter(BufferedTransformation *filter, BufferedTransformation *attachment) + : ProxyFilter(filter, 0, 0, attachment) {} + + void FirstPut(const byte * inString) + {CRYPTOPP_UNUSED(inString);} + void LastPut(const byte *inString, size_t length) + {CRYPTOPP_UNUSED(inString), CRYPTOPP_UNUSED(length); m_filter->MessageEnd();} +}; + +//! \class PK_EncryptorFilter +//! \brief Filter wrapper for PK_Encryptor +//! \details PK_DecryptorFilter is a proxy for the filter created by PK_Encryptor::CreateEncryptionFilter. +//! This class provides symmetry with VerifierFilter. +class CRYPTOPP_DLL PK_EncryptorFilter : public SimpleProxyFilter +{ +public: + //! \brief Construct a PK_EncryptorFilter + //! \param rng a RandomNumberGenerator derived class + //! \param encryptor a PK_Encryptor derived class + //! \param attachment an optional attached transformation + PK_EncryptorFilter(RandomNumberGenerator &rng, const PK_Encryptor &encryptor, BufferedTransformation *attachment = NULL) + : SimpleProxyFilter(encryptor.CreateEncryptionFilter(rng), attachment) {} +}; + +//! \class PK_DecryptorFilter +//! \brief Filter wrapper for PK_Decryptor +//! \details PK_DecryptorFilter is a proxy for the filter created by PK_Decryptor::CreateDecryptionFilter. +//! This class provides symmetry with SignerFilter. +class CRYPTOPP_DLL PK_DecryptorFilter : public SimpleProxyFilter +{ +public: + //! \brief Construct a PK_DecryptorFilter + //! \param rng a RandomNumberGenerator derived class + //! \param decryptor a PK_Decryptor derived class + //! \param attachment an optional attached transformation + PK_DecryptorFilter(RandomNumberGenerator &rng, const PK_Decryptor &decryptor, BufferedTransformation *attachment = NULL) + : SimpleProxyFilter(decryptor.CreateDecryptionFilter(rng), attachment) {} +}; + +//! \class StringSinkTemplate +//! \brief Append input to a string object +//! \tparam T std::basic_string type +//! \details \ref StringSinkTemplate "StringSink" is a StringSinkTemplate typedef +template +class StringSinkTemplate : public Bufferless +{ +public: + // VC60 workaround: no T::char_type + typedef typename T::traits_type::char_type char_type; + + //! \brief Construct a StringSinkTemplate + //! \param output std::basic_string type + StringSinkTemplate(T &output) + : m_output(&output) {CRYPTOPP_ASSERT(sizeof(output[0])==1);} + + void IsolatedInitialize(const NameValuePairs ¶meters) + {if (!parameters.GetValue("OutputStringPointer", m_output)) throw InvalidArgument("StringSink: OutputStringPointer not specified");} + + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) + { + CRYPTOPP_UNUSED(messageEnd); CRYPTOPP_UNUSED(blocking); + if (length > 0) + { + typename T::size_type size = m_output->size(); + if (length < size && size + length > m_output->capacity()) + m_output->reserve(2*size); + m_output->append((const char_type *)inString, (const char_type *)inString+length); + } + return 0; + } + +private: + T *m_output; +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS StringSinkTemplate; +DOCUMENTED_TYPEDEF(StringSinkTemplate, StringSink); + +//! \class RandomNumberSink +//! \brief Incorporates input into RNG as additional entropy +class RandomNumberSink : public Bufferless +{ +public: + //! \brief Construct a RandomNumberSink + RandomNumberSink() + : m_rng(NULL) {} + + //! \brief Construct a RandomNumberSink + //! \param rng a RandomNumberGenerator derived class + RandomNumberSink(RandomNumberGenerator &rng) + : m_rng(&rng) {} + + void IsolatedInitialize(const NameValuePairs ¶meters); + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); + +private: + RandomNumberGenerator *m_rng; +}; + +//! \class ArraySink +//! \brief Copy input to a memory buffer +class CRYPTOPP_DLL ArraySink : public Bufferless +{ +public: + //! \brief Construct an ArraySink + //! \param parameters a set of NameValuePairs to initialize this object + //! \details Name::OutputBuffer() is a mandatory parameter using this constructor. + ArraySink(const NameValuePairs ¶meters = g_nullNameValuePairs) + : m_buf(NULL), m_size(0), m_total(0) {IsolatedInitialize(parameters);} + + //! \brief Construct an ArraySink + //! \param buf pointer to a memory buffer + //! \param size length of the memory buffer + ArraySink(byte *buf, size_t size) + : m_buf(buf), m_size(size), m_total(0) {} + + //! \brief Provides the size remaining in the Sink + //! \returns size remaining in the Sink, in bytes + size_t AvailableSize() {return SaturatingSubtract(m_size, m_total);} + + //! \brief Provides the number of bytes written to the Sink + //! \returns number of bytes written to the Sink, in bytes + lword TotalPutLength() {return m_total;} + + void IsolatedInitialize(const NameValuePairs ¶meters); + byte * CreatePutSpace(size_t &size); + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); + +protected: + byte *m_buf; + size_t m_size; + lword m_total; +}; + +//! \class ArrayXorSink +//! \brief Xor input to a memory buffer +class CRYPTOPP_DLL ArrayXorSink : public ArraySink +{ +public: + //! \brief Construct an ArrayXorSink + //! \param buf pointer to a memory buffer + //! \param size length of the memory buffer + ArrayXorSink(byte *buf, size_t size) + : ArraySink(buf, size) {} + + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); + byte * CreatePutSpace(size_t &size) {return BufferedTransformation::CreatePutSpace(size);} +}; + +//! \class StringStore +//! \brief String-based implementation of Store interface +class StringStore : public Store +{ +public: + //! \brief Construct a StringStore + //! \param string pointer to a C-String + StringStore(const char *string = NULL) + {StoreInitialize(MakeParameters("InputBuffer", ConstByteArrayParameter(string)));} + + //! \brief Construct a StringStore + //! \param string pointer to a memory buffer + //! \param length size of the memory buffer + StringStore(const byte *string, size_t length) + {StoreInitialize(MakeParameters("InputBuffer", ConstByteArrayParameter(string, length)));} + + //! \brief Construct a StringStore + //! \tparam T std::basic_string type + //! \param string reference to a std::basic_string type + template StringStore(const T &string) + {StoreInitialize(MakeParameters("InputBuffer", ConstByteArrayParameter(string)));} + + CRYPTOPP_DLL size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); + CRYPTOPP_DLL size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; + +private: + CRYPTOPP_DLL void StoreInitialize(const NameValuePairs ¶meters); + + const byte *m_store; + size_t m_length, m_count; +}; + +//! RNG-based implementation of Source interface +class CRYPTOPP_DLL RandomNumberStore : public Store +{ +public: + RandomNumberStore() + : m_rng(NULL), m_length(0), m_count(0) {} + + RandomNumberStore(RandomNumberGenerator &rng, lword length) + : m_rng(&rng), m_length(length), m_count(0) {} + + bool AnyRetrievable() const {return MaxRetrievable() != 0;} + lword MaxRetrievable() const {return m_length-m_count;} + + size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); + size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const + { + CRYPTOPP_UNUSED(target); CRYPTOPP_UNUSED(begin); CRYPTOPP_UNUSED(end); CRYPTOPP_UNUSED(channel); CRYPTOPP_UNUSED(blocking); + throw NotImplemented("RandomNumberStore: CopyRangeTo2() is not supported by this store"); + } + +private: + void StoreInitialize(const NameValuePairs ¶meters); + + RandomNumberGenerator *m_rng; + lword m_length, m_count; +}; + +//! empty store +class CRYPTOPP_DLL NullStore : public Store +{ +public: + NullStore(lword size = ULONG_MAX) : m_size(size) {} + void StoreInitialize(const NameValuePairs ¶meters) + {CRYPTOPP_UNUSED(parameters);} + lword MaxRetrievable() const {return m_size;} + size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); + size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; + +private: + lword m_size; +}; + +//! \class Source +//! \brief Implementation of BufferedTransformation's attachment interface +//! \details Source is a cornerstone of the Pipeline trinitiy. Data flows from +//! Sources, through Filters, and then terminates in Sinks. The difference +//! between a Source and Filter is a Source \a pumps data, while a Filter does +//! not. The difference between a Filter and a Sink is a Filter allows an +//! attached transformation, while a Sink does not. +//! \details See the discussion of BufferedTransformation in cryptlib.h for +//! more details. +//! \sa Store and SourceTemplate +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Source : public InputRejecting +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~Source() {} +#endif + + //! \brief Construct a Source + //! \param attachment an optional attached transformation + Source(BufferedTransformation *attachment = NULL) + {Source::Detach(attachment);} + + //! \name PIPELINE + //@{ + + //! \brief Pump data to attached transformation + //! \param pumpMax the maximpum number of bytes to pump + //! \returns the number of bytes that remain in the block (i.e., bytes not processed) + //! \details Internally, Pump() calls Pump2(). + //! \note pumpMax is a \p lword, which is a 64-bit value that typically uses \p LWORD_MAX. The default + //! argument is a \p size_t that uses \p SIZE_MAX, and it can be 32-bits or 64-bits. + lword Pump(lword pumpMax=(size_t)SIZE_MAX) + {Pump2(pumpMax); return pumpMax;} + + //! \brief Pump messages to attached transformation + //! \param count the maximpum number of messages to pump + //! \returns TODO + //! \details Internally, PumpMessages() calls PumpMessages2(). + unsigned int PumpMessages(unsigned int count=UINT_MAX) + {PumpMessages2(count); return count;} + + //! \brief Pump all data to attached transformation + //! \details Internally, PumpAll() calls PumpAll2(). + void PumpAll() + {PumpAll2();} + + //! \brief Pump data to attached transformation + //! \param byteCount the maximpum number of bytes to pump + //! \param blocking specifies whether the object should block when processing input + //! \returns the number of bytes that remain in the block (i.e., bytes not processed) + //! \details byteCount is an \a IN and \a OUT parameter. When the call is made, byteCount is the + //! requested size of the pump. When the call returns, byteCount is the number of bytes that + //! were pumped. + virtual size_t Pump2(lword &byteCount, bool blocking=true) =0; + + //! \brief Pump messages to attached transformation + //! \param messageCount the maximpum number of messages to pump + //! \param blocking specifies whether the object should block when processing input + //! \details messageCount is an IN and OUT parameter. + virtual size_t PumpMessages2(unsigned int &messageCount, bool blocking=true) =0; + + //! \brief Pump all data to attached transformation + //! \param blocking specifies whether the object should block when processing input + //! \returns the number of bytes that remain in the block (i.e., bytes not processed) + virtual size_t PumpAll2(bool blocking=true); + + //! \brief Determines if the Source is exhausted + //! \returns true if the source has been exhausted + virtual bool SourceExhausted() const =0; + + //@} + +protected: + void SourceInitialize(bool pumpAll, const NameValuePairs ¶meters) + { + IsolatedInitialize(parameters); + if (pumpAll) + PumpAll(); + } +}; + +//! \class SourceTemplate +//! \brief Transform a Store into a Source +//! \tparam T the class or type +template +class SourceTemplate : public Source +{ +public: + //! \brief Construct a SourceTemplate + //! \tparam T the class or type + //! \param attachment an attached transformation + SourceTemplate(BufferedTransformation *attachment) + : Source(attachment) {} + void IsolatedInitialize(const NameValuePairs ¶meters) + {m_store.IsolatedInitialize(parameters);} + size_t Pump2(lword &byteCount, bool blocking=true) + {return m_store.TransferTo2(*AttachedTransformation(), byteCount, DEFAULT_CHANNEL, blocking);} + size_t PumpMessages2(unsigned int &messageCount, bool blocking=true) + {return m_store.TransferMessagesTo2(*AttachedTransformation(), messageCount, DEFAULT_CHANNEL, blocking);} + size_t PumpAll2(bool blocking=true) + {return m_store.TransferAllTo2(*AttachedTransformation(), DEFAULT_CHANNEL, blocking);} + bool SourceExhausted() const + {return !m_store.AnyRetrievable() && !m_store.AnyMessages();} + void SetAutoSignalPropagation(int propagation) + {m_store.SetAutoSignalPropagation(propagation);} + int GetAutoSignalPropagation() const + {return m_store.GetAutoSignalPropagation();} + +protected: + T m_store; +}; + +//! \class SourceTemplate +//! \brief String-based implementation of the Source interface +class CRYPTOPP_DLL StringSource : public SourceTemplate +{ +public: + //! \brief Construct a StringSource + //! \param attachment an optional attached transformation + StringSource(BufferedTransformation *attachment = NULL) + : SourceTemplate(attachment) {} + + //! \brief Construct a StringSource + //! \param string C-String + //! \param pumpAll C-String + //! \param attachment an optional attached transformation + StringSource(const char *string, bool pumpAll, BufferedTransformation *attachment = NULL) + : SourceTemplate(attachment) {SourceInitialize(pumpAll, MakeParameters("InputBuffer", ConstByteArrayParameter(string)));} + //! binary byte array as source + StringSource(const byte *string, size_t length, bool pumpAll, BufferedTransformation *attachment = NULL) + : SourceTemplate(attachment) {SourceInitialize(pumpAll, MakeParameters("InputBuffer", ConstByteArrayParameter(string, length)));} + //! std::string as source + StringSource(const std::string &string, bool pumpAll, BufferedTransformation *attachment = NULL) + : SourceTemplate(attachment) {SourceInitialize(pumpAll, MakeParameters("InputBuffer", ConstByteArrayParameter(string)));} +}; + +// Use the third constructor for an array source +DOCUMENTED_TYPEDEF(StringSource, ArraySource); + +//! RNG-based implementation of Source interface +class CRYPTOPP_DLL RandomNumberSource : public SourceTemplate +{ +public: + RandomNumberSource(RandomNumberGenerator &rng, int length, bool pumpAll, BufferedTransformation *attachment = NULL) + : SourceTemplate(attachment) + {SourceInitialize(pumpAll, MakeParameters("RandomNumberGeneratorPointer", &rng)("RandomNumberStoreSize", length));} +}; + +NAMESPACE_END + +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + +#endif diff --git a/libs/win_crypto++/include/fips140.h b/libs/win_crypto++/include/fips140.h new file mode 100644 index 0000000..53e9a0a --- /dev/null +++ b/libs/win_crypto++/include/fips140.h @@ -0,0 +1,113 @@ +// fips140.h - written and placed in the public domain by Wei Dai + +//! \file fips140.h +//! \brief Classes and functions for the FIPS 140-2 validated library +//! \details The FIPS validated library is only available on Windows as a DLL. Once compiled, +//! the library is always in FIPS mode contingent upon successful execution of +//! DoPowerUpSelfTest() or DoDllPowerUpSelfTest(). +//! \sa Visual Studio and +//! config.h on the Crypto++ wiki. + +#ifndef CRYPTOPP_FIPS140_H +#define CRYPTOPP_FIPS140_H + +#include "cryptlib.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class SelfTestFailure +//! Exception thrown when a crypto algorithm is used after a self test fails +//! \details The self tests for an algorithm are performed by Algortihm class +//! when CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 is defined. +class CRYPTOPP_DLL SelfTestFailure : public Exception +{ +public: + explicit SelfTestFailure(const std::string &s) : Exception(OTHER_ERROR, s) {} +}; + +//! \brief Determines whether the library provides FIPS validated cryptography +//! \returns true if FIPS 140-2 validated features were enabled at compile time. +//! \details true if FIPS 140-2 validated features were enabled at compile time, +//! false otherwise. +//! \note FIPS mode is enabled at compile time. A program or other module cannot +//! arbitrarily enter or exit the mode. +CRYPTOPP_DLL bool CRYPTOPP_API FIPS_140_2_ComplianceEnabled(); + +//! \brief Status of the power-up self test +enum PowerUpSelfTestStatus { + + //! \brief The self tests have not been performed. + POWER_UP_SELF_TEST_NOT_DONE, + //! \brief The self tests were executed via DoPowerUpSelfTest() or + //! DoDllPowerUpSelfTest(), but the result was failure. + POWER_UP_SELF_TEST_FAILED, + //! \brief The self tests were executed via DoPowerUpSelfTest() or + //! DoDllPowerUpSelfTest(), and the result was success. + POWER_UP_SELF_TEST_PASSED +}; + +//! \brief Performs the power-up self test +//! \param moduleFilename the fully qualified name of the module +//! \param expectedModuleMac the expected MAC of the components protected by the integrity check +//! \details Performs the power-up self test, and sets the self test status to +//! POWER_UP_SELF_TEST_PASSED or POWER_UP_SELF_TEST_FAILED. +//! \details The self tests for an algorithm are performed by the Algortihm class +//! when CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 is defined. +CRYPTOPP_DLL void CRYPTOPP_API DoPowerUpSelfTest(const char *moduleFilename, const byte *expectedModuleMac); + +//! \brief Performs the power-up self test on the DLL +//! \details Performs the power-up self test using the filename of this DLL and the +//! embedded module MAC, and sets the self test status to POWER_UP_SELF_TEST_PASSED or +//! POWER_UP_SELF_TEST_FAILED. +//! \details The self tests for an algorithm are performed by the Algortihm class +//! when CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 is defined. +CRYPTOPP_DLL void CRYPTOPP_API DoDllPowerUpSelfTest(); + +//! \brief Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED +//! \details Sets the power-up self test status to POWER_UP_SELF_TEST_FAILED to simulate failure. +CRYPTOPP_DLL void CRYPTOPP_API SimulatePowerUpSelfTestFailure(); + +//! \brief Provides the current power-up self test status +//! \returns the current power-up self test status +CRYPTOPP_DLL PowerUpSelfTestStatus CRYPTOPP_API GetPowerUpSelfTestStatus(); + +#ifndef CRYPTOPP_DOXYGEN_PROCESSING +typedef PowerUpSelfTestStatus (CRYPTOPP_API * PGetPowerUpSelfTestStatus)(); +#endif + +//! \brief Class object that calculates the MAC on the module +//! \returns the MAC for the module +CRYPTOPP_DLL MessageAuthenticationCode * CRYPTOPP_API NewIntegrityCheckingMAC(); + +//! \brief Verifies the MAC on the module +//! \param moduleFilename the fully qualified name of the module +//! \param expectedModuleMac the expected MAC of the components protected by the integrity check +//! \param pActualMac the actual MAC of the components calculated by the integrity check +//! \param pMacFileLocation the offest of the MAC in the PE/PE+ module +//! \returns true if the MAC is valid, false otherwise +CRYPTOPP_DLL bool CRYPTOPP_API IntegrityCheckModule(const char *moduleFilename, const byte *expectedModuleMac, SecByteBlock *pActualMac = NULL, unsigned long *pMacFileLocation = NULL); + +#ifndef CRYPTOPP_DOXYGEN_PROCESSING +// this is used by Algorithm constructor to allow Algorithm objects to be constructed for the self test +bool PowerUpSelfTestInProgressOnThisThread(); + +void SetPowerUpSelfTestInProgressOnThisThread(bool inProgress); + +void SignaturePairwiseConsistencyTest(const PK_Signer &signer, const PK_Verifier &verifier); +void EncryptionPairwiseConsistencyTest(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor); + +void SignaturePairwiseConsistencyTest_FIPS_140_Only(const PK_Signer &signer, const PK_Verifier &verifier); +void EncryptionPairwiseConsistencyTest_FIPS_140_Only(const PK_Encryptor &encryptor, const PK_Decryptor &decryptor); +#endif + +//! \brief The placeholder used prior to embedding the actual MAC in the module. +//! \details After the DLL is built but before it is MAC'd, the string CRYPTOPP_DUMMY_DLL_MAC +//! is used as a placeholder for the actual MAC. A post-build step is performed which calculates +//! the MAC of the DLL and embeds it in the module. The actual MAC is written by the +//! cryptest.exe program using the mac_dll subcommand. +#define CRYPTOPP_DUMMY_DLL_MAC "MAC_51f34b8db820ae8" + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/fltrimpl.h b/libs/win_crypto++/include/fltrimpl.h new file mode 100644 index 0000000..3c55640 --- /dev/null +++ b/libs/win_crypto++/include/fltrimpl.h @@ -0,0 +1,85 @@ +#ifndef CRYPTOPP_FLTRIMPL_H +#define CRYPTOPP_FLTRIMPL_H + +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4100) +#endif + +#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE +# pragma GCC diagnostic push +# pragma GCC diagnostic ignored "-Wunused-value" +#endif + +#define FILTER_BEGIN \ + switch (m_continueAt) \ + { \ + case 0: \ + m_inputPosition = 0; + +#define FILTER_END_NO_MESSAGE_END_NO_RETURN \ + break; \ + default: \ + CRYPTOPP_ASSERT(false); \ + } + +#define FILTER_END_NO_MESSAGE_END \ + FILTER_END_NO_MESSAGE_END_NO_RETURN \ + return 0; + +/* +#define FILTER_END \ + case -1: \ + if (messageEnd && Output(-1, NULL, 0, messageEnd, blocking)) \ + return 1; \ + FILTER_END_NO_MESSAGE_END +*/ + +#define FILTER_OUTPUT3(site, statement, output, length, messageEnd, channel) \ + {\ + case site: \ + statement; \ + if (Output(site, output, length, messageEnd, blocking, channel)) \ + return STDMAX(size_t(1), length-m_inputPosition);\ + } + +#define FILTER_OUTPUT2(site, statement, output, length, messageEnd) \ + FILTER_OUTPUT3(site, statement, output, length, messageEnd, DEFAULT_CHANNEL) + +#define FILTER_OUTPUT(site, output, length, messageEnd) \ + FILTER_OUTPUT2(site, 0, output, length, messageEnd) + +#define FILTER_OUTPUT_BYTE(site, output) \ + FILTER_OUTPUT(site, &(const byte &)(byte)output, 1, 0) + +#define FILTER_OUTPUT2_MODIFIABLE(site, statement, output, length, messageEnd) \ + {\ + case site: \ + statement; \ + if (OutputModifiable(site, output, length, messageEnd, blocking)) \ + return STDMAX(size_t(1), length-m_inputPosition);\ + } + +#define FILTER_OUTPUT_MODIFIABLE(site, output, length, messageEnd) \ + FILTER_OUTPUT2_MODIFIABLE(site, 0, output, length, messageEnd) + +#define FILTER_OUTPUT2_MAYBE_MODIFIABLE(site, statement, output, length, messageEnd, modifiable) \ + {\ + case site: \ + statement; \ + if (modifiable ? OutputModifiable(site, output, length, messageEnd, blocking) : Output(site, output, length, messageEnd, blocking)) \ + return STDMAX(size_t(1), length-m_inputPosition);\ + } + +#define FILTER_OUTPUT_MAYBE_MODIFIABLE(site, output, length, messageEnd, modifiable) \ + FILTER_OUTPUT2_MAYBE_MODIFIABLE(site, 0, output, length, messageEnd, modifiable) + +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + +#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE +# pragma GCC diagnostic pop +#endif + +#endif diff --git a/libs/win_crypto++/include/gcm.h b/libs/win_crypto++/include/gcm.h new file mode 100644 index 0000000..1022ed8 --- /dev/null +++ b/libs/win_crypto++/include/gcm.h @@ -0,0 +1,132 @@ +// gcm.h - written and placed in the public domain by Wei Dai + +//! \file gcm.h +//! \brief GCM block cipher mode of operation +//! \since Crypto++ 5.6.0 + +#ifndef CRYPTOPP_GCM_H +#define CRYPTOPP_GCM_H + +#include "authenc.h" +#include "modes.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \enum GCM_TablesOption +//! \brief GCM table size options +enum GCM_TablesOption { + //! \brief Use a table with 2K entries + GCM_2K_Tables, + //! \brief Use a table with 64K entries + GCM_64K_Tables}; + +//! \class GCM_Base +//! \brief GCM block cipher base implementation +//! \details Base implementation of the AuthenticatedSymmetricCipher interface +//! \since Crypto++ 5.6.0 +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE GCM_Base : public AuthenticatedSymmetricCipherBase +{ +public: + // AuthenticatedSymmetricCipher + std::string AlgorithmName() const + {return GetBlockCipher().AlgorithmName() + std::string("/GCM");} + size_t MinKeyLength() const + {return GetBlockCipher().MinKeyLength();} + size_t MaxKeyLength() const + {return GetBlockCipher().MaxKeyLength();} + size_t DefaultKeyLength() const + {return GetBlockCipher().DefaultKeyLength();} + size_t GetValidKeyLength(size_t n) const + {return GetBlockCipher().GetValidKeyLength(n);} + bool IsValidKeyLength(size_t n) const + {return GetBlockCipher().IsValidKeyLength(n);} + unsigned int OptimalDataAlignment() const; + IV_Requirement IVRequirement() const + {return UNIQUE_IV;} + unsigned int IVSize() const + {return 12;} + unsigned int MinIVLength() const + {return 1;} + unsigned int MaxIVLength() const + {return UINT_MAX;} // (W64LIT(1)<<61)-1 in the standard + unsigned int DigestSize() const + {return 16;} + lword MaxHeaderLength() const + {return (W64LIT(1)<<61)-1;} + lword MaxMessageLength() const + {return ((W64LIT(1)<<39)-256)/8;} + +protected: + // AuthenticatedSymmetricCipherBase + bool AuthenticationIsOnPlaintext() const + {return false;} + unsigned int AuthenticationBlockSize() const + {return HASH_BLOCKSIZE;} + void SetKeyWithoutResync(const byte *userKey, size_t keylength, const NameValuePairs ¶ms); + void Resync(const byte *iv, size_t len); + size_t AuthenticateBlocks(const byte *data, size_t len); + void AuthenticateLastHeaderBlock(); + void AuthenticateLastConfidentialBlock(); + void AuthenticateLastFooterBlock(byte *mac, size_t macSize); + SymmetricCipher & AccessSymmetricCipher() {return m_ctr;} + + virtual BlockCipher & AccessBlockCipher() =0; + virtual GCM_TablesOption GetTablesOption() const =0; + + const BlockCipher & GetBlockCipher() const {return const_cast(this)->AccessBlockCipher();}; + byte *HashBuffer() {return m_buffer+REQUIRED_BLOCKSIZE;} + byte *HashKey() {return m_buffer+2*REQUIRED_BLOCKSIZE;} + byte *MulTable() {return m_buffer+3*REQUIRED_BLOCKSIZE;} + inline void ReverseHashBufferIfNeeded(); + + class CRYPTOPP_DLL GCTR : public CTR_Mode_ExternalCipher::Encryption + { + protected: + void IncrementCounterBy256(); + }; + + GCTR m_ctr; + static word16 s_reductionTable[256]; + static volatile bool s_reductionTableInitialized; + enum {REQUIRED_BLOCKSIZE = 16, HASH_BLOCKSIZE = 16}; +}; + +//! \class GCM_Final +//! \brief GCM block cipher final implementation +//! \tparam T_BlockCipher block cipher +//! \tparam T_TablesOption table size, either \p GCM_2K_Tables or \p GCM_64K_Tables +//! \tparam T_IsEncryption direction in which to operate the cipher +//! \since Crypto++ 5.6.0 +template +class GCM_Final : public GCM_Base +{ +public: + static std::string StaticAlgorithmName() + {return T_BlockCipher::StaticAlgorithmName() + std::string("/GCM");} + bool IsForwardTransformation() const + {return T_IsEncryption;} + +private: + GCM_TablesOption GetTablesOption() const {return T_TablesOption;} + BlockCipher & AccessBlockCipher() {return m_cipher;} + typename T_BlockCipher::Encryption m_cipher; +}; + +//! \class GCM +//! \brief GCM block cipher mode of operation +//! \tparam T_BlockCipher block cipher +//! \tparam T_TablesOption table size, either \p GCM_2K_Tables or \p GCM_64K_Tables +//! \details \p GCM provides the \p Encryption and \p Decryption typedef. See GCM_Base +//! and GCM_Final for the AuthenticatedSymmetricCipher implementation. +//! \sa GCM at the Crypto Lounge +//! \since Crypto++ 5.6.0 +template +struct GCM : public AuthenticatedSymmetricCipherDocumentation +{ + typedef GCM_Final Encryption; + typedef GCM_Final Decryption; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/gf256.h b/libs/win_crypto++/include/gf256.h new file mode 100644 index 0000000..007fb00 --- /dev/null +++ b/libs/win_crypto++/include/gf256.h @@ -0,0 +1,67 @@ +#ifndef CRYPTOPP_GF256_H +#define CRYPTOPP_GF256_H + +#include "cryptlib.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! GF(256) with polynomial basis +class GF256 +{ +public: + typedef byte Element; + typedef int RandomizationParameter; + + GF256(byte modulus) : m_modulus(modulus) {} + + Element RandomElement(RandomNumberGenerator &rng, int ignored = 0) const + {CRYPTOPP_UNUSED(ignored); return rng.GenerateByte();} + + bool Equal(Element a, Element b) const + {return a==b;} + + Element Zero() const + {return 0;} + + Element Add(Element a, Element b) const + {return a^b;} + + Element& Accumulate(Element &a, Element b) const + {return a^=b;} + + Element Inverse(Element a) const + {return a;} + + Element Subtract(Element a, Element b) const + {return a^b;} + + Element& Reduce(Element &a, Element b) const + {return a^=b;} + + Element Double(Element a) const + {CRYPTOPP_UNUSED(a); return 0;} + + Element One() const + {return 1;} + + Element Multiply(Element a, Element b) const; + + Element Square(Element a) const + {return Multiply(a, a);} + + bool IsUnit(Element a) const + {return a != 0;} + + Element MultiplicativeInverse(Element a) const; + + Element Divide(Element a, Element b) const + {return Multiply(a, MultiplicativeInverse(b));} + +private: + word m_modulus; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/gf2_32.h b/libs/win_crypto++/include/gf2_32.h new file mode 100644 index 0000000..32499b5 --- /dev/null +++ b/libs/win_crypto++/include/gf2_32.h @@ -0,0 +1,68 @@ +#ifndef CRYPTOPP_GF2_32_H +#define CRYPTOPP_GF2_32_H + +#include "cryptlib.h" +#include "secblock.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! GF(2^32) with polynomial basis +class GF2_32 +{ +public: + typedef word32 Element; + typedef int RandomizationParameter; + + GF2_32(word32 modulus=0x0000008D) : m_modulus(modulus) {} + + Element RandomElement(RandomNumberGenerator &rng, int ignored = 0) const + {CRYPTOPP_UNUSED(ignored); return rng.GenerateWord32();} + + bool Equal(Element a, Element b) const + {return a==b;} + + Element Identity() const + {return 0;} + + Element Add(Element a, Element b) const + {return a^b;} + + Element& Accumulate(Element &a, Element b) const + {return a^=b;} + + Element Inverse(Element a) const + {return a;} + + Element Subtract(Element a, Element b) const + {return a^b;} + + Element& Reduce(Element &a, Element b) const + {return a^=b;} + + Element Double(Element a) const + {CRYPTOPP_UNUSED(a); return 0;} + + Element MultiplicativeIdentity() const + {return 1;} + + Element Multiply(Element a, Element b) const; + + Element Square(Element a) const + {return Multiply(a, a);} + + bool IsUnit(Element a) const + {return a != 0;} + + Element MultiplicativeInverse(Element a) const; + + Element Divide(Element a, Element b) const + {return Multiply(a, MultiplicativeInverse(b));} + +private: + word32 m_modulus; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/gf2n.h b/libs/win_crypto++/include/gf2n.h new file mode 100644 index 0000000..23007ec --- /dev/null +++ b/libs/win_crypto++/include/gf2n.h @@ -0,0 +1,370 @@ +#ifndef CRYPTOPP_GF2N_H +#define CRYPTOPP_GF2N_H + +/*! \file */ + +#include "cryptlib.h" +#include "secblock.h" +#include "algebra.h" +#include "misc.h" +#include "asn.h" + +#include + +NAMESPACE_BEGIN(CryptoPP) + +//! Polynomial with Coefficients in GF(2) +/*! \nosubgrouping */ +class CRYPTOPP_DLL PolynomialMod2 +{ +public: + //! \name ENUMS, EXCEPTIONS, and TYPEDEFS + //@{ + //! divide by zero exception + class DivideByZero : public Exception + { + public: + DivideByZero() : Exception(OTHER_ERROR, "PolynomialMod2: division by zero") {} + }; + + typedef unsigned int RandomizationParameter; + //@} + + //! \name CREATORS + //@{ + //! creates the zero polynomial + PolynomialMod2(); + //! copy constructor + PolynomialMod2(const PolynomialMod2& t); + + //! convert from word + /*! value should be encoded with the least significant bit as coefficient to x^0 + and most significant bit as coefficient to x^(WORD_BITS-1) + bitLength denotes how much memory to allocate initially + */ + PolynomialMod2(word value, size_t bitLength=WORD_BITS); + + //! convert from big-endian byte array + PolynomialMod2(const byte *encodedPoly, size_t byteCount) + {Decode(encodedPoly, byteCount);} + + //! convert from big-endian form stored in a BufferedTransformation + PolynomialMod2(BufferedTransformation &encodedPoly, size_t byteCount) + {Decode(encodedPoly, byteCount);} + + //! create a random polynomial uniformly distributed over all polynomials with degree less than bitcount + PolynomialMod2(RandomNumberGenerator &rng, size_t bitcount) + {Randomize(rng, bitcount);} + + //! return x^i + static PolynomialMod2 CRYPTOPP_API Monomial(size_t i); + //! return x^t0 + x^t1 + x^t2 + static PolynomialMod2 CRYPTOPP_API Trinomial(size_t t0, size_t t1, size_t t2); + //! return x^t0 + x^t1 + x^t2 + x^t3 + x^t4 + static PolynomialMod2 CRYPTOPP_API Pentanomial(size_t t0, size_t t1, size_t t2, size_t t3, size_t t4); + //! return x^(n-1) + ... + x + 1 + static PolynomialMod2 CRYPTOPP_API AllOnes(size_t n); + + //! + static const PolynomialMod2 & CRYPTOPP_API Zero(); + //! + static const PolynomialMod2 & CRYPTOPP_API One(); + //@} + + //! \name ENCODE/DECODE + //@{ + //! minimum number of bytes to encode this polynomial + /*! MinEncodedSize of 0 is 1 */ + unsigned int MinEncodedSize() const {return STDMAX(1U, ByteCount());} + + //! encode in big-endian format + /*! if outputLen < MinEncodedSize, the most significant bytes will be dropped + if outputLen > MinEncodedSize, the most significant bytes will be padded + */ + void Encode(byte *output, size_t outputLen) const; + //! + void Encode(BufferedTransformation &bt, size_t outputLen) const; + + //! + void Decode(const byte *input, size_t inputLen); + //! + //* Precondition: bt.MaxRetrievable() >= inputLen + void Decode(BufferedTransformation &bt, size_t inputLen); + + //! encode value as big-endian octet string + void DEREncodeAsOctetString(BufferedTransformation &bt, size_t length) const; + //! decode value as big-endian octet string + void BERDecodeAsOctetString(BufferedTransformation &bt, size_t length); + //@} + + //! \name ACCESSORS + //@{ + //! number of significant bits = Degree() + 1 + unsigned int BitCount() const; + //! number of significant bytes = ceiling(BitCount()/8) + unsigned int ByteCount() const; + //! number of significant words = ceiling(ByteCount()/sizeof(word)) + unsigned int WordCount() const; + + //! return the n-th bit, n=0 being the least significant bit + bool GetBit(size_t n) const {return GetCoefficient(n)!=0;} + //! return the n-th byte + byte GetByte(size_t n) const; + + //! the zero polynomial will return a degree of -1 + signed int Degree() const {return (signed int)(BitCount()-1U);} + //! degree + 1 + unsigned int CoefficientCount() const {return BitCount();} + //! return coefficient for x^i + int GetCoefficient(size_t i) const + {return (i/WORD_BITS < reg.size()) ? int(reg[i/WORD_BITS] >> (i % WORD_BITS)) & 1 : 0;} + //! return coefficient for x^i + int operator[](unsigned int i) const {return GetCoefficient(i);} + + //! + bool IsZero() const {return !*this;} + //! + bool Equals(const PolynomialMod2 &rhs) const; + //@} + + //! \name MANIPULATORS + //@{ + //! + PolynomialMod2& operator=(const PolynomialMod2& t); + //! + PolynomialMod2& operator&=(const PolynomialMod2& t); + //! + PolynomialMod2& operator^=(const PolynomialMod2& t); + //! + PolynomialMod2& operator+=(const PolynomialMod2& t) {return *this ^= t;} + //! + PolynomialMod2& operator-=(const PolynomialMod2& t) {return *this ^= t;} + //! + PolynomialMod2& operator*=(const PolynomialMod2& t); + //! + PolynomialMod2& operator/=(const PolynomialMod2& t); + //! + PolynomialMod2& operator%=(const PolynomialMod2& t); + //! + PolynomialMod2& operator<<=(unsigned int); + //! + PolynomialMod2& operator>>=(unsigned int); + + //! + void Randomize(RandomNumberGenerator &rng, size_t bitcount); + + //! + void SetBit(size_t i, int value = 1); + //! set the n-th byte to value + void SetByte(size_t n, byte value); + + //! + void SetCoefficient(size_t i, int value) {SetBit(i, value);} + + //! + void swap(PolynomialMod2 &a) {reg.swap(a.reg);} + //@} + + //! \name UNARY OPERATORS + //@{ + //! + bool operator!() const; + //! + PolynomialMod2 operator+() const {return *this;} + //! + PolynomialMod2 operator-() const {return *this;} + //@} + + //! \name BINARY OPERATORS + //@{ + //! + PolynomialMod2 And(const PolynomialMod2 &b) const; + //! + PolynomialMod2 Xor(const PolynomialMod2 &b) const; + //! + PolynomialMod2 Plus(const PolynomialMod2 &b) const {return Xor(b);} + //! + PolynomialMod2 Minus(const PolynomialMod2 &b) const {return Xor(b);} + //! + PolynomialMod2 Times(const PolynomialMod2 &b) const; + //! + PolynomialMod2 DividedBy(const PolynomialMod2 &b) const; + //! + PolynomialMod2 Modulo(const PolynomialMod2 &b) const; + + //! + PolynomialMod2 operator>>(unsigned int n) const; + //! + PolynomialMod2 operator<<(unsigned int n) const; + //@} + + //! \name OTHER ARITHMETIC FUNCTIONS + //@{ + //! sum modulo 2 of all coefficients + unsigned int Parity() const; + + //! check for irreducibility + bool IsIrreducible() const; + + //! is always zero since we're working modulo 2 + PolynomialMod2 Doubled() const {return Zero();} + //! + PolynomialMod2 Squared() const; + + //! only 1 is a unit + bool IsUnit() const {return Equals(One());} + //! return inverse if *this is a unit, otherwise return 0 + PolynomialMod2 MultiplicativeInverse() const {return IsUnit() ? One() : Zero();} + + //! greatest common divisor + static PolynomialMod2 CRYPTOPP_API Gcd(const PolynomialMod2 &a, const PolynomialMod2 &n); + //! calculate multiplicative inverse of *this mod n + PolynomialMod2 InverseMod(const PolynomialMod2 &) const; + + //! calculate r and q such that (a == d*q + r) && (deg(r) < deg(d)) + static void CRYPTOPP_API Divide(PolynomialMod2 &r, PolynomialMod2 &q, const PolynomialMod2 &a, const PolynomialMod2 &d); + //@} + + //! \name INPUT/OUTPUT + //@{ + //! + friend std::ostream& operator<<(std::ostream& out, const PolynomialMod2 &a); + //@} + +private: + friend class GF2NT; + + SecWordBlock reg; +}; + +//! +inline bool operator==(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) +{return a.Equals(b);} +//! +inline bool operator!=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) +{return !(a==b);} +//! compares degree +inline bool operator> (const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) +{return a.Degree() > b.Degree();} +//! compares degree +inline bool operator>=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) +{return a.Degree() >= b.Degree();} +//! compares degree +inline bool operator< (const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) +{return a.Degree() < b.Degree();} +//! compares degree +inline bool operator<=(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) +{return a.Degree() <= b.Degree();} +//! +inline CryptoPP::PolynomialMod2 operator&(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.And(b);} +//! +inline CryptoPP::PolynomialMod2 operator^(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Xor(b);} +//! +inline CryptoPP::PolynomialMod2 operator+(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Plus(b);} +//! +inline CryptoPP::PolynomialMod2 operator-(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Minus(b);} +//! +inline CryptoPP::PolynomialMod2 operator*(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Times(b);} +//! +inline CryptoPP::PolynomialMod2 operator/(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.DividedBy(b);} +//! +inline CryptoPP::PolynomialMod2 operator%(const CryptoPP::PolynomialMod2 &a, const CryptoPP::PolynomialMod2 &b) {return a.Modulo(b);} + +// CodeWarrior 8 workaround: put these template instantiations after overloaded operator declarations, +// but before the use of QuotientRing > for VC .NET 2003 +CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup; +CRYPTOPP_DLL_TEMPLATE_CLASS AbstractRing; +CRYPTOPP_DLL_TEMPLATE_CLASS AbstractEuclideanDomain; +CRYPTOPP_DLL_TEMPLATE_CLASS EuclideanDomainOf; +CRYPTOPP_DLL_TEMPLATE_CLASS QuotientRing >; + +//! GF(2^n) with Polynomial Basis +class CRYPTOPP_DLL GF2NP : public QuotientRing > +{ +public: + GF2NP(const PolynomialMod2 &modulus); + + virtual GF2NP * Clone() const {return new GF2NP(*this);} + virtual void DEREncode(BufferedTransformation &bt) const + {CRYPTOPP_UNUSED(bt); CRYPTOPP_ASSERT(false);} // no ASN.1 syntax yet for general polynomial basis + + void DEREncodeElement(BufferedTransformation &out, const Element &a) const; + void BERDecodeElement(BufferedTransformation &in, Element &a) const; + + bool Equal(const Element &a, const Element &b) const + {CRYPTOPP_ASSERT(a.Degree() < m_modulus.Degree() && b.Degree() < m_modulus.Degree()); return a.Equals(b);} + + bool IsUnit(const Element &a) const + {CRYPTOPP_ASSERT(a.Degree() < m_modulus.Degree()); return !!a;} + + unsigned int MaxElementBitLength() const + {return m;} + + unsigned int MaxElementByteLength() const + {return (unsigned int)BitsToBytes(MaxElementBitLength());} + + Element SquareRoot(const Element &a) const; + + Element HalfTrace(const Element &a) const; + + // returns z such that z^2 + z == a + Element SolveQuadraticEquation(const Element &a) const; + +protected: + unsigned int m; +}; + +//! GF(2^n) with Trinomial Basis +class CRYPTOPP_DLL GF2NT : public GF2NP +{ +public: + // polynomial modulus = x^t0 + x^t1 + x^t2, t0 > t1 > t2 + GF2NT(unsigned int t0, unsigned int t1, unsigned int t2); + + GF2NP * Clone() const {return new GF2NT(*this);} + void DEREncode(BufferedTransformation &bt) const; + + const Element& Multiply(const Element &a, const Element &b) const; + + const Element& Square(const Element &a) const + {return Reduced(a.Squared());} + + const Element& MultiplicativeInverse(const Element &a) const; + +private: + const Element& Reduced(const Element &a) const; + + unsigned int t0, t1; + mutable PolynomialMod2 result; +}; + +//! GF(2^n) with Pentanomial Basis +class CRYPTOPP_DLL GF2NPP : public GF2NP +{ +public: + // polynomial modulus = x^t0 + x^t1 + x^t2 + x^t3 + x^t4, t0 > t1 > t2 > t3 > t4 + GF2NPP(unsigned int t0, unsigned int t1, unsigned int t2, unsigned int t3, unsigned int t4) + : GF2NP(PolynomialMod2::Pentanomial(t0, t1, t2, t3, t4)), t0(t0), t1(t1), t2(t2), t3(t3) {} + + GF2NP * Clone() const {return new GF2NPP(*this);} + void DEREncode(BufferedTransformation &bt) const; + +private: + unsigned int t0, t1, t2, t3; +}; + +// construct new GF2NP from the ASN.1 sequence Characteristic-two +CRYPTOPP_DLL GF2NP * CRYPTOPP_API BERDecodeGF2NP(BufferedTransformation &bt); + +NAMESPACE_END + +#ifndef __BORLANDC__ +NAMESPACE_BEGIN(std) +template<> inline void swap(CryptoPP::PolynomialMod2 &a, CryptoPP::PolynomialMod2 &b) +{ + a.swap(b); +} +NAMESPACE_END +#endif + +#endif diff --git a/libs/win_crypto++/include/gfpcrypt.h b/libs/win_crypto++/include/gfpcrypt.h new file mode 100644 index 0000000..3144f69 --- /dev/null +++ b/libs/win_crypto++/include/gfpcrypt.h @@ -0,0 +1,636 @@ +#ifndef CRYPTOPP_GFPCRYPT_H +#define CRYPTOPP_GFPCRYPT_H + +/** \file + Implementation of schemes based on DL over GF(p) +*/ + +#include "config.h" + +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4189) +#endif + +#include "cryptlib.h" +#include "pubkey.h" +#include "integer.h" +#include "modexppc.h" +#include "algparam.h" +#include "smartptr.h" +#include "sha.h" +#include "asn.h" +#include "hmac.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters; + +//! _ +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE DL_GroupParameters_IntegerBased : public ASN1CryptoMaterial > +{ + typedef DL_GroupParameters_IntegerBased ThisClass; + +public: + void Initialize(const DL_GroupParameters_IntegerBased ¶ms) + {Initialize(params.GetModulus(), params.GetSubgroupOrder(), params.GetSubgroupGenerator());} + void Initialize(RandomNumberGenerator &rng, unsigned int pbits) + {GenerateRandom(rng, MakeParameters("ModulusSize", (int)pbits));} + void Initialize(const Integer &p, const Integer &g) + {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(ComputeGroupOrder(p)/2);} + void Initialize(const Integer &p, const Integer &q, const Integer &g) + {SetModulusAndSubgroupGenerator(p, g); SetSubgroupOrder(q);} + + // ASN1Object interface + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const; + + // GeneratibleCryptoMaterial interface + /*! parameters: (ModulusSize, SubgroupOrderSize (optional)) */ + void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + + // DL_GroupParameters + const Integer & GetSubgroupOrder() const {return m_q;} + Integer GetGroupOrder() const {return GetFieldType() == 1 ? GetModulus()-Integer::One() : GetModulus()+Integer::One();} + bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const; + bool ValidateElement(unsigned int level, const Integer &element, const DL_FixedBasePrecomputation *precomp) const; + bool FastSubgroupCheckAvailable() const {return GetCofactor() == 2;} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + // Cygwin i386 crash at -O3; see . + void EncodeElement(bool reversible, const Element &element, byte *encoded) const; + unsigned int GetEncodedElementSize(bool reversible) const; +#else + void EncodeElement(bool reversible, const Element &element, byte *encoded) const + {CRYPTOPP_UNUSED(reversible); element.Encode(encoded, GetModulus().ByteCount());} + unsigned int GetEncodedElementSize(bool reversible) const + {CRYPTOPP_UNUSED(reversible); return GetModulus().ByteCount();} +#endif + + Integer DecodeElement(const byte *encoded, bool checkForGroupMembership) const; + Integer ConvertElementToInteger(const Element &element) const + {return element;} + Integer GetMaxExponent() const; + static std::string CRYPTOPP_API StaticAlgorithmNamePrefix() {return "";} + + OID GetAlgorithmID() const; + + virtual const Integer & GetModulus() const =0; + virtual void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g) =0; + + void SetSubgroupOrder(const Integer &q) + {m_q = q; ParametersChanged();} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_GroupParameters_IntegerBased() {} +#endif + +protected: + Integer ComputeGroupOrder(const Integer &modulus) const + {return modulus-(GetFieldType() == 1 ? 1 : -1);} + + // GF(p) = 1, GF(p^2) = 2 + virtual int GetFieldType() const =0; + virtual unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const; + +private: + Integer m_q; +}; + +//! _ +template > +class CRYPTOPP_NO_VTABLE DL_GroupParameters_IntegerBasedImpl : public DL_GroupParametersImpl +{ + typedef DL_GroupParameters_IntegerBasedImpl ThisClass; + +public: + typedef typename GROUP_PRECOMP::Element Element; + + // GeneratibleCryptoMaterial interface + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const + {return GetValueHelper(this, name, valueType, pValue).Assignable();} + + void AssignFrom(const NameValuePairs &source) + {AssignFromHelper(this, source);} + + // DL_GroupParameters + const DL_FixedBasePrecomputation & GetBasePrecomputation() const {return this->m_gpc;} + DL_FixedBasePrecomputation & AccessBasePrecomputation() {return this->m_gpc;} + + // IntegerGroupParameters + const Integer & GetModulus() const {return this->m_groupPrecomputation.GetModulus();} + const Integer & GetGenerator() const {return this->m_gpc.GetBase(this->GetGroupPrecomputation());} + + void SetModulusAndSubgroupGenerator(const Integer &p, const Integer &g) // these have to be set together + {this->m_groupPrecomputation.SetModulus(p); this->m_gpc.SetBase(this->GetGroupPrecomputation(), g); this->ParametersChanged();} + + // non-inherited + bool operator==(const DL_GroupParameters_IntegerBasedImpl &rhs) const + {return GetModulus() == rhs.GetModulus() && GetGenerator() == rhs.GetGenerator() && this->GetSubgroupOrder() == rhs.GetSubgroupOrder();} + bool operator!=(const DL_GroupParameters_IntegerBasedImpl &rhs) const + {return !operator==(rhs);} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_GroupParameters_IntegerBasedImpl() {} +#endif +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS DL_GroupParameters_IntegerBasedImpl; + +//! GF(p) group parameters +class CRYPTOPP_DLL DL_GroupParameters_GFP : public DL_GroupParameters_IntegerBasedImpl +{ +public: + // DL_GroupParameters + bool IsIdentity(const Integer &element) const {return element == Integer::One();} + void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; + + // NameValuePairs interface + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const + { + return GetValueHelper(this, name, valueType, pValue).Assignable(); + } + + // used by MQV + Element MultiplyElements(const Element &a, const Element &b) const; + Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_GroupParameters_GFP() {} +#endif + +protected: + int GetFieldType() const {return 1;} +}; + +//! GF(p) group parameters that default to same primes +class CRYPTOPP_DLL DL_GroupParameters_GFP_DefaultSafePrime : public DL_GroupParameters_GFP +{ +public: + typedef NoCofactorMultiplication DefaultCofactorOption; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_GroupParameters_GFP_DefaultSafePrime() {} +#endif + +protected: + unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const {return modulusSize-1;} +}; + +//! GDSA algorithm +template +class DL_Algorithm_GDSA : public DL_ElgamalLikeSignatureAlgorithm +{ +public: + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "DSA-1363";} + + void Sign(const DL_GroupParameters ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const + { + const Integer &q = params.GetSubgroupOrder(); + r %= q; + Integer kInv = k.InverseMod(q); + s = (kInv * (x*r + e)) % q; + CRYPTOPP_ASSERT(!!r && !!s); + } + + bool Verify(const DL_GroupParameters ¶ms, const DL_PublicKey &publicKey, const Integer &e, const Integer &r, const Integer &s) const + { + const Integer &q = params.GetSubgroupOrder(); + if (r>=q || r<1 || s>=q || s<1) + return false; + + Integer w = s.InverseMod(q); + Integer u1 = (e * w) % q; + Integer u2 = (r * w) % q; + // verify r == (g^u1 * y^u2 mod p) mod q + return r == params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(u1, u2)) % q; + } + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_Algorithm_GDSA() {} +#endif +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS DL_Algorithm_GDSA; + +//! NR algorithm +template +class DL_Algorithm_NR : public DL_ElgamalLikeSignatureAlgorithm +{ +public: + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "NR";} + + void Sign(const DL_GroupParameters ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const + { + const Integer &q = params.GetSubgroupOrder(); + r = (r + e) % q; + s = (k - x*r) % q; + CRYPTOPP_ASSERT(!!r); + } + + bool Verify(const DL_GroupParameters ¶ms, const DL_PublicKey &publicKey, const Integer &e, const Integer &r, const Integer &s) const + { + const Integer &q = params.GetSubgroupOrder(); + if (r>=q || r<1 || s>=q) + return false; + + // check r == (m_g^s * m_y^r + m) mod m_q + return r == (params.ConvertElementToInteger(publicKey.CascadeExponentiateBaseAndPublicElement(s, r)) + e) % q; + } + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_Algorithm_NR() {} +#endif +}; + +/*! DSA public key format is defined in 7.3.3 of RFC 2459. The + private key format is defined in 12.9 of PKCS #11 v2.10. */ +template +class DL_PublicKey_GFP : public DL_PublicKeyImpl +{ +public: + void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &y) + {this->AccessGroupParameters().Initialize(params); this->SetPublicElement(y);} + void Initialize(const Integer &p, const Integer &g, const Integer &y) + {this->AccessGroupParameters().Initialize(p, g); this->SetPublicElement(y);} + void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &y) + {this->AccessGroupParameters().Initialize(p, q, g); this->SetPublicElement(y);} + + // X509PublicKey + void BERDecodePublicKey(BufferedTransformation &bt, bool, size_t) + {this->SetPublicElement(Integer(bt));} + void DEREncodePublicKey(BufferedTransformation &bt) const + {this->GetPublicElement().DEREncode(bt);} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_PublicKey_GFP() {} +#endif +}; + +//! DL private key (in GF(p) groups) +template +class DL_PrivateKey_GFP : public DL_PrivateKeyImpl +{ +public: + void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits) + {this->GenerateRandomWithKeySize(rng, modulusBits);} + void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &g) + {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupGenerator", g));} + void Initialize(RandomNumberGenerator &rng, const Integer &p, const Integer &q, const Integer &g) + {this->GenerateRandom(rng, MakeParameters("Modulus", p)("SubgroupOrder", q)("SubgroupGenerator", g));} + void Initialize(const DL_GroupParameters_IntegerBased ¶ms, const Integer &x) + {this->AccessGroupParameters().Initialize(params); this->SetPrivateExponent(x);} + void Initialize(const Integer &p, const Integer &g, const Integer &x) + {this->AccessGroupParameters().Initialize(p, g); this->SetPrivateExponent(x);} + void Initialize(const Integer &p, const Integer &q, const Integer &g, const Integer &x) + {this->AccessGroupParameters().Initialize(p, q, g); this->SetPrivateExponent(x);} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_PrivateKey_GFP() {} +#endif +}; + +//! DL signing/verification keys (in GF(p) groups) +struct DL_SignatureKeys_GFP +{ + typedef DL_GroupParameters_GFP GroupParameters; + typedef DL_PublicKey_GFP PublicKey; + typedef DL_PrivateKey_GFP PrivateKey; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_SignatureKeys_GFP() {} +#endif +}; + +//! DL encryption/decryption keys (in GF(p) groups) +struct DL_CryptoKeys_GFP +{ + typedef DL_GroupParameters_GFP_DefaultSafePrime GroupParameters; + typedef DL_PublicKey_GFP PublicKey; + typedef DL_PrivateKey_GFP PrivateKey; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_CryptoKeys_GFP() {} +#endif +}; + +//! provided for backwards compatibility, this class uses the old non-standard Crypto++ key format +template +class DL_PublicKey_GFP_OldFormat : public BASE +{ +public: + void BERDecode(BufferedTransformation &bt) + { + BERSequenceDecoder seq(bt); + Integer v1(seq); + Integer v2(seq); + Integer v3(seq); + + if (seq.EndReached()) + { + this->AccessGroupParameters().Initialize(v1, v1/2, v2); + this->SetPublicElement(v3); + } + else + { + Integer v4(seq); + this->AccessGroupParameters().Initialize(v1, v2, v3); + this->SetPublicElement(v4); + } + + seq.MessageEnd(); + } + + void DEREncode(BufferedTransformation &bt) const + { + DERSequenceEncoder seq(bt); + this->GetGroupParameters().GetModulus().DEREncode(seq); + if (this->GetGroupParameters().GetCofactor() != 2) + this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq); + this->GetGroupParameters().GetGenerator().DEREncode(seq); + this->GetPublicElement().DEREncode(seq); + seq.MessageEnd(); + } + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_PublicKey_GFP_OldFormat() {} +#endif +}; + +//! provided for backwards compatibility, this class uses the old non-standard Crypto++ key format +template +class DL_PrivateKey_GFP_OldFormat : public BASE +{ +public: + void BERDecode(BufferedTransformation &bt) + { + BERSequenceDecoder seq(bt); + Integer v1(seq); + Integer v2(seq); + Integer v3(seq); + Integer v4(seq); + + if (seq.EndReached()) + { + this->AccessGroupParameters().Initialize(v1, v1/2, v2); + this->SetPrivateExponent(v4 % (v1/2)); // some old keys may have x >= q + } + else + { + Integer v5(seq); + this->AccessGroupParameters().Initialize(v1, v2, v3); + this->SetPrivateExponent(v5); + } + + seq.MessageEnd(); + } + + void DEREncode(BufferedTransformation &bt) const + { + DERSequenceEncoder seq(bt); + this->GetGroupParameters().GetModulus().DEREncode(seq); + if (this->GetGroupParameters().GetCofactor() != 2) + this->GetGroupParameters().GetSubgroupOrder().DEREncode(seq); + this->GetGroupParameters().GetGenerator().DEREncode(seq); + this->GetGroupParameters().ExponentiateBase(this->GetPrivateExponent()).DEREncode(seq); + this->GetPrivateExponent().DEREncode(seq); + seq.MessageEnd(); + } + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_PrivateKey_GFP_OldFormat() {} +#endif +}; + +//! DSA-1363 +template +struct GDSA : public DL_SS< + DL_SignatureKeys_GFP, + DL_Algorithm_GDSA, + DL_SignatureMessageEncodingMethod_DSA, + H> +{ +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~GDSA() {} +#endif +}; + +//! NR +template +struct NR : public DL_SS< + DL_SignatureKeys_GFP, + DL_Algorithm_NR, + DL_SignatureMessageEncodingMethod_NR, + H> +{ +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~NR() {} +#endif +}; + +//! DSA group parameters, these are GF(p) group parameters that are allowed by the DSA standard +class CRYPTOPP_DLL DL_GroupParameters_DSA : public DL_GroupParameters_GFP +{ +public: + /*! also checks that the lengths of p and q are allowed by the DSA standard */ + bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const; + /*! parameters: (ModulusSize), or (Modulus, SubgroupOrder, SubgroupGenerator) */ + /*! ModulusSize must be between DSA::MIN_PRIME_LENGTH and DSA::MAX_PRIME_LENGTH, and divisible by DSA::PRIME_LENGTH_MULTIPLE */ + void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); + + static bool CRYPTOPP_API IsValidPrimeLength(unsigned int pbits) + {return pbits >= MIN_PRIME_LENGTH && pbits <= MAX_PRIME_LENGTH && pbits % PRIME_LENGTH_MULTIPLE == 0;} + + enum {MIN_PRIME_LENGTH = 1024, MAX_PRIME_LENGTH = 3072, PRIME_LENGTH_MULTIPLE = 1024}; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_GroupParameters_DSA() {} +#endif +}; + +template +class DSA2; + +//! DSA keys +struct DL_Keys_DSA +{ + typedef DL_PublicKey_GFP PublicKey; + typedef DL_PrivateKey_WithSignaturePairwiseConsistencyTest, DSA2 > PrivateKey; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_Keys_DSA() {} +#endif +}; + +//! DSA, as specified in FIPS 186-3 +// class named DSA2 instead of DSA for backwards compatibility (DSA was a non-template class) +template +class DSA2 : public DL_SS< + DL_Keys_DSA, + DL_Algorithm_GDSA, + DL_SignatureMessageEncodingMethod_DSA, + H, + DSA2 > +{ +public: + static std::string CRYPTOPP_API StaticAlgorithmName() {return "DSA/" + (std::string)H::StaticAlgorithmName();} + +#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY + enum {MIN_PRIME_LENGTH = 1024, MAX_PRIME_LENGTH = 3072, PRIME_LENGTH_MULTIPLE = 1024}; +#endif + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DSA2() {} +#endif +}; + +//! DSA with SHA-1, typedef'd for backwards compatibility +typedef DSA2 DSA; + +CRYPTOPP_DLL_TEMPLATE_CLASS DL_PublicKey_GFP; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_GFP; +CRYPTOPP_DLL_TEMPLATE_CLASS DL_PrivateKey_WithSignaturePairwiseConsistencyTest, DSA2 >; + +//! the XOR encryption method, for use with DL-based cryptosystems +template +class DL_EncryptionAlgorithm_Xor : public DL_SymmetricEncryptionAlgorithm +{ +public: + bool ParameterSupported(const char *name) const {return strcmp(name, Name::EncodingParameters()) == 0;} + size_t GetSymmetricKeyLength(size_t plaintextLength) const + {return plaintextLength + MAC::DEFAULT_KEYLENGTH;} + size_t GetSymmetricCiphertextLength(size_t plaintextLength) const + {return plaintextLength + MAC::DIGESTSIZE;} + size_t GetMaxSymmetricPlaintextLength(size_t ciphertextLength) const + {return (unsigned int)SaturatingSubtract(ciphertextLength, (unsigned int)MAC::DIGESTSIZE);} + void SymmetricEncrypt(RandomNumberGenerator &rng, const byte *key, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters) const + { + CRYPTOPP_UNUSED(rng); + const byte *cipherKey = NULL, *macKey = NULL; + if (DHAES_MODE) + { + macKey = key; + cipherKey = key + MAC::DEFAULT_KEYLENGTH; + } + else + { + cipherKey = key; + macKey = key + plaintextLength; + } + + ConstByteArrayParameter encodingParameters; + parameters.GetValue(Name::EncodingParameters(), encodingParameters); + + if (plaintextLength) // Coverity finding + xorbuf(ciphertext, plaintext, cipherKey, plaintextLength); + + MAC mac(macKey); + mac.Update(ciphertext, plaintextLength); + mac.Update(encodingParameters.begin(), encodingParameters.size()); + if (DHAES_MODE) + { + byte L[8] = {0,0,0,0}; + PutWord(false, BIG_ENDIAN_ORDER, L+4, word32(encodingParameters.size())); + mac.Update(L, 8); + } + mac.Final(ciphertext + plaintextLength); + } + DecodingResult SymmetricDecrypt(const byte *key, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters) const + { + size_t plaintextLength = GetMaxSymmetricPlaintextLength(ciphertextLength); + const byte *cipherKey, *macKey; + if (DHAES_MODE) + { + macKey = key; + cipherKey = key + MAC::DEFAULT_KEYLENGTH; + } + else + { + cipherKey = key; + macKey = key + plaintextLength; + } + + ConstByteArrayParameter encodingParameters; + parameters.GetValue(Name::EncodingParameters(), encodingParameters); + + MAC mac(macKey); + mac.Update(ciphertext, plaintextLength); + mac.Update(encodingParameters.begin(), encodingParameters.size()); + if (DHAES_MODE) + { + byte L[8] = {0,0,0,0}; + PutWord(false, BIG_ENDIAN_ORDER, L+4, word32(encodingParameters.size())); + mac.Update(L, 8); + } + if (!mac.Verify(ciphertext + plaintextLength)) + return DecodingResult(); + + if (plaintextLength) // Coverity finding + xorbuf(plaintext, ciphertext, cipherKey, plaintextLength); + + return DecodingResult(plaintextLength); + } + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_EncryptionAlgorithm_Xor() {} +#endif +}; + +//! _ +template +class DL_KeyDerivationAlgorithm_P1363 : public DL_KeyDerivationAlgorithm +{ +public: + bool ParameterSupported(const char *name) const {return strcmp(name, Name::KeyDerivationParameters()) == 0;} + void Derive(const DL_GroupParameters ¶ms, byte *derivedKey, size_t derivedLength, const T &agreedElement, const T &ephemeralPublicKey, const NameValuePairs ¶meters) const + { + SecByteBlock agreedSecret; + if (DHAES_MODE) + { + agreedSecret.New(params.GetEncodedElementSize(true) + params.GetEncodedElementSize(false)); + params.EncodeElement(true, ephemeralPublicKey, agreedSecret); + params.EncodeElement(false, agreedElement, agreedSecret + params.GetEncodedElementSize(true)); + } + else + { + agreedSecret.New(params.GetEncodedElementSize(false)); + params.EncodeElement(false, agreedElement, agreedSecret); + } + + ConstByteArrayParameter derivationParameters; + parameters.GetValue(Name::KeyDerivationParameters(), derivationParameters); + KDF::DeriveKey(derivedKey, derivedLength, agreedSecret, agreedSecret.size(), derivationParameters.begin(), derivationParameters.size()); + } + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_KeyDerivationAlgorithm_P1363() {} +#endif +}; + +//! Discrete Log Integrated Encryption Scheme, AKA DLIES +template +struct DLIES + : public DL_ES< + DL_CryptoKeys_GFP, + DL_KeyAgreementAlgorithm_DH, + DL_KeyDerivationAlgorithm_P1363 >, + DL_EncryptionAlgorithm_Xor, DHAES_MODE>, + DLIES<> > +{ + static std::string CRYPTOPP_API StaticAlgorithmName() {return "DLIES";} // TODO: fix this after name is standardized + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DLIES() {} +#endif +}; + +NAMESPACE_END + +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + +#endif diff --git a/libs/win_crypto++/include/gost.h b/libs/win_crypto++/include/gost.h new file mode 100644 index 0000000..b8366a6 --- /dev/null +++ b/libs/win_crypto++/include/gost.h @@ -0,0 +1,69 @@ +// gost.h - written and placed in the public domain by Wei Dai + +//! \file gost.h +//! \brief Classes for the GIST block cipher + +#ifndef CRYPTOPP_GOST_H +#define CRYPTOPP_GOST_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class GOST_Info +//! \brief GOST block cipher information +struct GOST_Info : public FixedBlockSize<8>, public FixedKeyLength<32> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "GOST";} +}; + +//! \class GOST +//! \brief GOST block cipher +//! \sa GOST +class GOST : public GOST_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief GOST block cipher default operation + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + + protected: + static void PrecalculateSTable(); + + static const byte sBox[8][16]; + static volatile bool sTableCalculated; + static word32 sTable[4][256]; + + FixedSizeSecBlock m_key; + }; + + //! \class Enc + //! \brief GOST block cipher encryption operation + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + //! \class Dec + //! \brief GOST block cipher decryption operation + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef GOST::Encryption GOSTEncryption; +typedef GOST::Decryption GOSTDecryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/gzip.h b/libs/win_crypto++/include/gzip.h new file mode 100644 index 0000000..f044476 --- /dev/null +++ b/libs/win_crypto++/include/gzip.h @@ -0,0 +1,101 @@ +// gzip.h - written and placed in the public domain by Wei Dai + +//! \file gzip.h +//! \brief GZIP compression and decompression (RFC 1952) + +#ifndef CRYPTOPP_GZIP_H +#define CRYPTOPP_GZIP_H + +#include "cryptlib.h" +#include "zdeflate.h" +#include "zinflate.h" +#include "crc.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class Gzip +//! \brief GZIP Compression (RFC 1952) +class Gzip : public Deflator +{ +public: + //! \brief Construct a Gzip compressor + //! \param attachment an attached transformation + //! \param deflateLevel the deflate level + //! \param log2WindowSize the window size + //! \param detectUncompressible flag to detect if data is compressible + //! \details detectUncompressible makes it faster to process uncompressible files, but + //! if a file has both compressible and uncompressible parts, it may fail to compress + //! some of the compressible parts. + Gzip(BufferedTransformation *attachment=NULL, unsigned int deflateLevel=DEFAULT_DEFLATE_LEVEL, unsigned int log2WindowSize=DEFAULT_LOG2_WINDOW_SIZE, bool detectUncompressible=true) + : Deflator(attachment, deflateLevel, log2WindowSize, detectUncompressible), m_totalLen(0) {} + //! \brief Construct a Gzip compressor + //! \param parameters a set of NameValuePairs to initialize this object + //! \param attachment an attached transformation + //! \details Possible parameter names: Log2WindowSize, DeflateLevel, DetectUncompressible + Gzip(const NameValuePairs ¶meters, BufferedTransformation *attachment=NULL) + : Deflator(parameters, attachment), m_totalLen(0) {} + +protected: + enum {MAGIC1=0x1f, MAGIC2=0x8b, // flags for the header + DEFLATED=8, FAST=4, SLOW=2}; + + void WritePrestreamHeader(); + void ProcessUncompressedData(const byte *string, size_t length); + void WritePoststreamTail(); + + word32 m_totalLen; + CRC32 m_crc; +}; + +//! \class Gunzip +//! \brief GZIP Decompression (RFC 1952) +class Gunzip : public Inflator +{ +public: + typedef Inflator::Err Err; + + //! \class HeaderErr + //! \brief Exception thrown when a header decoding error occurs + class HeaderErr : public Err {public: HeaderErr() : Err(INVALID_DATA_FORMAT, "Gunzip: header decoding error") {}}; + //! \class TailErr + //! \brief Exception thrown when the tail is too short + class TailErr : public Err {public: TailErr() : Err(INVALID_DATA_FORMAT, "Gunzip: tail too short") {}}; + //! \class CrcErr + //! \brief Exception thrown when a CRC error occurs + class CrcErr : public Err {public: CrcErr() : Err(DATA_INTEGRITY_CHECK_FAILED, "Gunzip: CRC check error") {}}; + //! \class LengthErr + //! \brief Exception thrown when a length error occurs + class LengthErr : public Err {public: LengthErr() : Err(DATA_INTEGRITY_CHECK_FAILED, "Gunzip: length check error") {}}; + + //! \brief Construct a Gunzip decompressor + //! \param attachment an attached transformation + //! \param repeat decompress multiple compressed streams in series + //! \param autoSignalPropagation 0 to turn off MessageEnd signal + Gunzip(BufferedTransformation *attachment = NULL, bool repeat = false, int autoSignalPropagation = -1); + +protected: + enum { + //! \brief First header magic value + MAGIC1=0x1f, + //! \brief Second header magic value + MAGIC2=0x8b, + //! \brief Deflated flag + DEFLATED=8 + }; + + enum FLAG_MASKS { + CONTINUED=2, EXTRA_FIELDS=4, FILENAME=8, COMMENTS=16, ENCRYPTED=32}; + + unsigned int MaxPrestreamHeaderSize() const {return 1024;} + void ProcessPrestreamHeader(); + void ProcessDecompressedData(const byte *string, size_t length); + unsigned int MaxPoststreamTailSize() const {return 8;} + void ProcessPoststreamTail(); + + word32 m_length; + CRC32 m_crc; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/hex.h b/libs/win_crypto++/include/hex.h new file mode 100644 index 0000000..49542fc --- /dev/null +++ b/libs/win_crypto++/include/hex.h @@ -0,0 +1,52 @@ +// hex.h - written and placed in the public domain by Wei Dai + +//! \file hex.h +//! \brief Classes for HexEncoder and HexDecoder + +#ifndef CRYPTOPP_HEX_H +#define CRYPTOPP_HEX_H + +#include "cryptlib.h" +#include "basecode.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class HexEncoder +//! \brief Converts given data to base 16 +class CRYPTOPP_DLL HexEncoder : public SimpleProxyFilter +{ +public: + //! \brief Construct a HexEncoder + //! \param attachment a BufferedTrasformation to attach to this object + //! \param uppercase a flag indicating uppercase output + //! \param groupSize the size of the output grouping + //! \param separator the separator to use between groups + //! \param terminator the terminator append after processing + HexEncoder(BufferedTransformation *attachment = NULL, bool uppercase = true, int groupSize = 0, const std::string &separator = ":", const std::string &terminator = "") + : SimpleProxyFilter(new BaseN_Encoder(new Grouper), attachment) + { + IsolatedInitialize(MakeParameters(Name::Uppercase(), uppercase)(Name::GroupSize(), groupSize)(Name::Separator(), ConstByteArrayParameter(separator))(Name::Terminator(), ConstByteArrayParameter(terminator))); + } + + void IsolatedInitialize(const NameValuePairs ¶meters); +}; + +//! \class HexDecoder +//! \brief Decode base 16 data back to bytes +class CRYPTOPP_DLL HexDecoder : public BaseN_Decoder +{ +public: + //! \brief Construct a HexDecoder + //! \param attachment a BufferedTrasformation to attach to this object + HexDecoder(BufferedTransformation *attachment = NULL) + : BaseN_Decoder(GetDefaultDecodingLookupArray(), 4, attachment) {} + + void IsolatedInitialize(const NameValuePairs ¶meters); + +private: + static const int * CRYPTOPP_API GetDefaultDecodingLookupArray(); +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/hkdf.h b/libs/win_crypto++/include/hkdf.h new file mode 100644 index 0000000..f091790 --- /dev/null +++ b/libs/win_crypto++/include/hkdf.h @@ -0,0 +1,109 @@ +// hkdf.h - written and placed in public domain by Jeffrey Walton. Copyright assigned to Crypto++ project. + +//! \file hkdf.h +//! \brief Classes for HKDF from RFC 5869 +//! \since Crypto++ 5.6.3 + +#ifndef CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H +#define CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H + +#include "cryptlib.h" +#include "hrtimer.h" +#include "secblock.h" +#include "hmac.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! abstract base class for key derivation function +class KeyDerivationFunction +{ +public: + //! maximum number of bytes which can be produced under a secuirty context + virtual size_t MaxDerivedKeyLength() const =0; + virtual bool Usesinfo() const =0; + //! derive a key from secret + virtual unsigned int DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, const byte* info=NULL, size_t infoLen=0) const =0; + + virtual ~KeyDerivationFunction() {} +}; + +//! \brief Extract-and-Expand Key Derivation Function (HKDF) +//! \tparam T HashTransformation class +//! \sa Cryptographic Extraction and Key Derivation: The HKDF Scheme +//! and HMAC-based Extract-and-Expand Key Derivation Function (HKDF) +//! \since Crypto++ 5.6.3 +template +class HKDF : public KeyDerivationFunction +{ +public: + CRYPTOPP_CONSTANT(DIGESTSIZE = T::DIGESTSIZE) + CRYPTOPP_CONSTANT(SALTSIZE = T::DIGESTSIZE) + static const char* StaticAlgorithmName () { + static const std::string name(std::string("HKDF(") + std::string(T::StaticAlgorithmName()) + std::string(")")); + return name.c_str(); + } + size_t MaxDerivedKeyLength() const {return static_cast(T::DIGESTSIZE) * 255;} + bool Usesinfo() const {return true;} + unsigned int DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, const byte* info, size_t infoLen) const; + +protected: + // If salt is missing (NULL), then use the NULL vector. Missing is different than EMPTY (0 length). The length + // of s_NullVector used depends on the Hash function. SHA-256 will use 32 bytes of s_NullVector. + typedef byte NullVectorType[SALTSIZE]; + static const NullVectorType& GetNullVector() { + static const NullVectorType s_NullVector = {0}; + return s_NullVector; + } +}; + +template +unsigned int HKDF::DeriveKey(byte *derived, size_t derivedLen, const byte *secret, size_t secretLen, const byte *salt, size_t saltLen, const byte* info, size_t infoLen) const +{ + static const size_t DIGEST_SIZE = static_cast(T::DIGESTSIZE); + const unsigned int req = static_cast(derivedLen); + + CRYPTOPP_ASSERT(secret && secretLen); + CRYPTOPP_ASSERT(derived && derivedLen); + CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength()); + + if (derivedLen > MaxDerivedKeyLength()) + throw InvalidArgument("HKDF: derivedLen must be less than or equal to MaxDerivedKeyLength"); + + HMAC hmac; + FixedSizeSecBlock prk, buffer; + + // Extract + const byte* key = (salt ? salt : GetNullVector()); + const size_t klen = (salt ? saltLen : DIGEST_SIZE); + + hmac.SetKey(key, klen); + hmac.CalculateDigest(prk, secret, secretLen); + + // Expand + hmac.SetKey(prk.data(), prk.size()); + byte block = 0; + + while (derivedLen > 0) + { + if (block++) {hmac.Update(buffer, buffer.size());} + if (info && infoLen) {hmac.Update(info, infoLen);} + hmac.CalculateDigest(buffer, &block, 1); + +#if CRYPTOPP_MSC_VERSION + const size_t segmentLen = STDMIN(derivedLen, DIGEST_SIZE); + memcpy_s(derived, segmentLen, buffer, segmentLen); +#else + const size_t segmentLen = STDMIN(derivedLen, DIGEST_SIZE); + std::memcpy(derived, buffer, segmentLen); +#endif + + derived += segmentLen; + derivedLen -= segmentLen; + } + + return req; +} + +NAMESPACE_END + +#endif // CRYPTOPP_HASH_KEY_DERIVATION_FUNCTION_H diff --git a/libs/win_crypto++/include/hmac.h b/libs/win_crypto++/include/hmac.h new file mode 100644 index 0000000..4811a3f --- /dev/null +++ b/libs/win_crypto++/include/hmac.h @@ -0,0 +1,75 @@ +// hmac.h - written and placed in the public domain by Wei Dai + +//! \file hmac.h +//! \brief Classes for HMAC message authentication codes + +#ifndef CRYPTOPP_HMAC_H +#define CRYPTOPP_HMAC_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class HMAC_Base +//! \brief HMAC information +//! \details HMAC_Base derives from VariableKeyLength and MessageAuthenticationCode +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE HMAC_Base : public VariableKeyLength<16, 0, INT_MAX>, public MessageAuthenticationCode +{ +public: + //! \brief Construct a HMAC_Base + HMAC_Base() : m_innerHashKeyed(false) {} + void UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms); + + void Restart(); + void Update(const byte *input, size_t length); + void TruncatedFinal(byte *mac, size_t size); + unsigned int OptimalBlockSize() const {return const_cast(this)->AccessHash().OptimalBlockSize();} + unsigned int DigestSize() const {return const_cast(this)->AccessHash().DigestSize();} + +protected: + virtual HashTransformation & AccessHash() =0; + byte * AccessIpad() {return m_buf;} + byte * AccessOpad() {return m_buf + AccessHash().BlockSize();} + byte * AccessInnerHash() {return m_buf + 2*AccessHash().BlockSize();} + +private: + void KeyInnerHash(); + + SecByteBlock m_buf; + bool m_innerHashKeyed; +}; + +//! \class HMAC +//! \brief HMAC +//! \tparam T HashTransformation derived class +//! \details HMAC derives from MessageAuthenticationCodeImpl. It calculates the HMAC using +//! HMAC(K, text) = H(K XOR opad, H(K XOR ipad, text)). +//! \sa HMAC +template +class HMAC : public MessageAuthenticationCodeImpl > +{ +public: + CRYPTOPP_CONSTANT(DIGESTSIZE=T::DIGESTSIZE) + CRYPTOPP_CONSTANT(BLOCKSIZE=T::BLOCKSIZE) + + //! \brief Construct a HMAC + HMAC() {} + //! \brief Construct a HMAC + //! \param key the HMAC key + //! \param length the size of the HMAC key + HMAC(const byte *key, size_t length=HMAC_Base::DEFAULT_KEYLENGTH) + {this->SetKey(key, length);} + + static std::string StaticAlgorithmName() {return std::string("HMAC(") + T::StaticAlgorithmName() + ")";} + std::string AlgorithmName() const {return std::string("HMAC(") + m_hash.AlgorithmName() + ")";} + +private: + HashTransformation & AccessHash() {return m_hash;} + + T m_hash; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/hmqv.h b/libs/win_crypto++/include/hmqv.h new file mode 100644 index 0000000..d162347 --- /dev/null +++ b/libs/win_crypto++/include/hmqv.h @@ -0,0 +1,312 @@ +// hmqv.h - written and placed in the public domain by Uri Blumenthal +// Shamelessly based upon Jeffrey Walton's FHMQV and Wei Dai's MQV source files + +#ifndef CRYPTOPP_HMQV_H +#define CRYPTOPP_HMQV_H + +//! \file hmqv.h +//! \brief Classes for Hashed Menezes-Qu-Vanstone key agreement in GF(p) +//! \since Crypto++ 5.6.4 + +#include "gfpcrypt.h" +#include "algebra.h" +#include "sha.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \brief Hashed Menezes-Qu-Vanstone in GF(p) +//! \details This implementation follows Hugo Krawczyk's HMQV: A High-Performance +//! Secure Diffie-Hellman Protocol. Note: this implements HMQV only. HMQV-C with Key Confirmation is not provided. +//! \sa MQV, HMQV, FHMQV, and AuthenticatedKeyAgreementDomain +//! \since Crypto++ 5.6.4 +template +class HMQV_Domain: public AuthenticatedKeyAgreementDomain +{ +public: + typedef GROUP_PARAMETERS GroupParameters; + typedef typename GroupParameters::Element Element; + typedef HMQV_Domain Domain; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~HMQV_Domain() {} +#endif + + HMQV_Domain(bool clientRole = true): m_role(clientRole ? RoleClient : RoleServer) {} + + HMQV_Domain(const GroupParameters ¶ms, bool clientRole = true) + : m_role(clientRole ? RoleClient : RoleServer), m_groupParameters(params) {} + + HMQV_Domain(BufferedTransformation &bt, bool clientRole = true) + : m_role(clientRole ? RoleClient : RoleServer) + {m_groupParameters.BERDecode(bt);} + + template + HMQV_Domain(T1 v1, bool clientRole = true) + : m_role(clientRole ? RoleClient : RoleServer) + {m_groupParameters.Initialize(v1);} + + template + HMQV_Domain(T1 v1, T2 v2, bool clientRole = true) + : m_role(clientRole ? RoleClient : RoleServer) + {m_groupParameters.Initialize(v1, v2);} + + template + HMQV_Domain(T1 v1, T2 v2, T3 v3, bool clientRole = true) + : m_role(clientRole ? RoleClient : RoleServer) + {m_groupParameters.Initialize(v1, v2, v3);} + + template + HMQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4, bool clientRole = true) + : m_role(clientRole ? RoleClient : RoleServer) + {m_groupParameters.Initialize(v1, v2, v3, v4);} + +public: + + const GroupParameters & GetGroupParameters() const {return m_groupParameters;} + GroupParameters & AccessGroupParameters(){return m_groupParameters;} + + CryptoParameters & AccessCryptoParameters(){return AccessAbstractGroupParameters();} + + //! return length of agreed value produced + unsigned int AgreedValueLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(false);} + //! return length of static private keys in this domain + unsigned int StaticPrivateKeyLength() const {return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();} + //! return length of static public keys in this domain + unsigned int StaticPublicKeyLength() const{return GetAbstractGroupParameters().GetEncodedElementSize(true);} + + //! generate static private key + /*! \pre size of privateKey == PrivateStaticKeyLength() */ + void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const + { + Integer x(rng, Integer::One(), GetAbstractGroupParameters().GetMaxExponent()); + x.Encode(privateKey, StaticPrivateKeyLength()); + } + + //! generate static public key + /*! \pre size of publicKey == PublicStaticKeyLength() */ + void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const + { + CRYPTOPP_UNUSED(rng); + const DL_GroupParameters ¶ms = GetAbstractGroupParameters(); + Integer x(privateKey, StaticPrivateKeyLength()); + Element y = params.ExponentiateBase(x); + params.EncodeElement(true, y, publicKey); + } + + unsigned int EphemeralPrivateKeyLength() const {return StaticPrivateKeyLength() + StaticPublicKeyLength();} + unsigned int EphemeralPublicKeyLength() const{return StaticPublicKeyLength();} + + //! return length of ephemeral private keys in this domain + void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const + { + const DL_GroupParameters ¶ms = GetAbstractGroupParameters(); + Integer x(rng, Integer::One(), params.GetMaxExponent()); + x.Encode(privateKey, StaticPrivateKeyLength()); + Element y = params.ExponentiateBase(x); + params.EncodeElement(true, y, privateKey+StaticPrivateKeyLength()); + } + + //! return length of ephemeral public keys in this domain + void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const + { + CRYPTOPP_UNUSED(rng); + memcpy(publicKey, privateKey+StaticPrivateKeyLength(), EphemeralPublicKeyLength()); + } + + //! derive agreed value from your private keys and couterparty's public keys, return false in case of failure + /*! \note The ephemeral public key will always be validated. + If you have previously validated the static public key, use validateStaticOtherPublicKey=false to save time. + \pre size of agreedValue == AgreedValueLength() + \pre length of staticPrivateKey == StaticPrivateKeyLength() + \pre length of ephemeralPrivateKey == EphemeralPrivateKeyLength() + \pre length of staticOtherPublicKey == StaticPublicKeyLength() + \pre length of ephemeralOtherPublicKey == EphemeralPublicKeyLength() + */ + bool Agree(byte *agreedValue, + const byte *staticPrivateKey, const byte *ephemeralPrivateKey, + const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, + bool validateStaticOtherPublicKey=true) const + { + byte *XX = NULL, *YY = NULL, *AA = NULL, *BB = NULL; + size_t xxs = 0, yys = 0, aas = 0, bbs = 0; + + // Depending on the role, this will hold either A's or B's static + // (long term) public key. AA or BB will then point into tt. + SecByteBlock tt(StaticPublicKeyLength()); + + try + { + const DL_GroupParameters ¶ms = GetAbstractGroupParameters(); + + if(m_role == RoleServer) + { + Integer b(staticPrivateKey, StaticPrivateKeyLength()); + Element B = params.ExponentiateBase(b); + params.EncodeElement(true, B, tt); + + XX = const_cast(ephemeralOtherPublicKey); + xxs = EphemeralPublicKeyLength(); + YY = const_cast(ephemeralPrivateKey) + StaticPrivateKeyLength(); + yys = EphemeralPublicKeyLength(); + AA = const_cast(staticOtherPublicKey); + aas = StaticPublicKeyLength(); + BB = tt.BytePtr(); + bbs = tt.SizeInBytes(); + } + else if(m_role == RoleClient) + { + Integer a(staticPrivateKey, StaticPrivateKeyLength()); + Element A = params.ExponentiateBase(a); + params.EncodeElement(true, A, tt); + + XX = const_cast(ephemeralPrivateKey) + StaticPrivateKeyLength(); + xxs = EphemeralPublicKeyLength(); + YY = const_cast(ephemeralOtherPublicKey); + yys = EphemeralPublicKeyLength(); + AA = tt.BytePtr(); + aas = tt.SizeInBytes(); + BB = const_cast(staticOtherPublicKey); + bbs = StaticPublicKeyLength(); + } + else + { + CRYPTOPP_ASSERT(0); + return false; + } + + // DecodeElement calls ValidateElement at level 1. Level 1 only calls + // VerifyPoint to ensure the element is in G*. If the other's PublicKey is + // requested to be validated, we manually call ValidateElement at level 3. + Element VV1 = params.DecodeElement(staticOtherPublicKey, false); + if(!params.ValidateElement(validateStaticOtherPublicKey ? 3 : 1, VV1, NULL)) + return false; + + // DecodeElement calls ValidateElement at level 1. Level 1 only calls + // VerifyPoint to ensure the element is in G*. Crank it up. + Element VV2 = params.DecodeElement(ephemeralOtherPublicKey, false); + if(!params.ValidateElement(3, VV2, NULL)) + return false; + + // const Integer& p = params.GetGroupOrder(); // not used, remove later + const Integer& q = params.GetSubgroupOrder(); + const unsigned int len /*bytes*/ = (((q.BitCount()+1)/2 +7)/8); + + Integer d, e; + SecByteBlock dd(len), ee(len); + + // Compute $d = \hat{H}(X, \hat{B})$ + Hash(NULL, XX, xxs, BB, bbs, dd.BytePtr(), dd.SizeInBytes()); + d.Decode(dd.BytePtr(), dd.SizeInBytes()); + + // Compute $e = \hat{H}(Y, \hat{A})$ + Hash(NULL, YY, yys, AA, aas, ee.BytePtr(), ee.SizeInBytes()); + e.Decode(ee.BytePtr(), ee.SizeInBytes()); + + Element sigma; + if(m_role == RoleServer) + { + Integer y(ephemeralPrivateKey, StaticPrivateKeyLength()); + Integer b(staticPrivateKey, StaticPrivateKeyLength()); + Integer s_B = (y + e * b) % q; + + Element A = params.DecodeElement(AA, false); + Element X = params.DecodeElement(XX, false); + + Element t1 = params.ExponentiateElement(A, d); + Element t2 = m_groupParameters.MultiplyElements(X, t1); + + // $\sigma_B}=(X \cdot A^{d})^{s_B} + sigma = params.ExponentiateElement(t2, s_B); + } + else + { + Integer x(ephemeralPrivateKey, StaticPrivateKeyLength()); + Integer a(staticPrivateKey, StaticPrivateKeyLength()); + Integer s_A = (x + d * a) % q; + + Element B = params.DecodeElement(BB, false); + Element Y = params.DecodeElement(YY, false); + + Element t1 = params.ExponentiateElement(B, e); + Element t2 = m_groupParameters.MultiplyElements(Y, t1); + + // $\sigma_A}=(Y \cdot B^{e})^{s_A} + sigma = params.ExponentiateElement(t2, s_A); + } + Hash(&sigma, NULL, 0, NULL, 0, agreedValue, AgreedValueLength()); + } + catch (DL_BadElement &) + { + return false; + } + return true; + } + +protected: + // Hash invocation by client and server differ only in what keys + // each provides. + + inline void Hash(const Element* sigma, + const byte* e1, size_t e1len, // Ephemeral key and key length + const byte* s1, size_t s1len, // Static key and key length + byte* digest, size_t dlen) const + { + HASH hash; + size_t idx = 0, req = dlen; + size_t blk = STDMIN(dlen, (size_t)HASH::DIGESTSIZE); + + if(sigma) + { + if (e1len != 0 || s1len != 0) { + CRYPTOPP_ASSERT(0); + } + Integer x = GetAbstractGroupParameters().ConvertElementToInteger(*sigma); + SecByteBlock sbb(x.MinEncodedSize()); + x.Encode(sbb.BytePtr(), sbb.SizeInBytes()); + hash.Update(sbb.BytePtr(), sbb.SizeInBytes()); + } else { + if (e1len == 0 || s1len == 0) { + CRYPTOPP_ASSERT(0); + } + hash.Update(e1, e1len); + hash.Update(s1, s1len); + } + + hash.TruncatedFinal(digest, blk); + req -= blk; + + // All this to catch tail bytes for large curves and small hashes + while(req != 0) + { + hash.Update(&digest[idx], (size_t)HASH::DIGESTSIZE); + + idx += (size_t)HASH::DIGESTSIZE; + blk = STDMIN(req, (size_t)HASH::DIGESTSIZE); + hash.TruncatedFinal(&digest[idx], blk); + + req -= blk; + } + } + +private: + + // The paper uses Initiator and Recipient - make it classical. + enum KeyAgreementRole{ RoleServer = 1, RoleClient }; + + DL_GroupParameters & AccessAbstractGroupParameters() {return m_groupParameters;} + const DL_GroupParameters & GetAbstractGroupParameters() const{return m_groupParameters;} + + GroupParameters m_groupParameters; + KeyAgreementRole m_role; +}; + +//! \brief Hashed Menezes-Qu-Vanstone in GF(p) +//! \details This implementation follows Hugo Krawczyk's HMQV: A High-Performance +//! Secure Diffie-Hellman Protocol. Note: this implements HMQV only. HMQV-C with Key Confirmation is not provided. +//! \sa HMQV, MQV_Domain, FHMQV_Domain, AuthenticatedKeyAgreementDomain +//! \since Crypto++ 5.6.4 +typedef HMQV_Domain HMQV; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/hrtimer.h b/libs/win_crypto++/include/hrtimer.h new file mode 100644 index 0000000..934ca66 --- /dev/null +++ b/libs/win_crypto++/include/hrtimer.h @@ -0,0 +1,67 @@ +#ifndef CRYPTOPP_HRTIMER_H +#define CRYPTOPP_HRTIMER_H + +#include "config.h" + +#if !defined(HIGHRES_TIMER_AVAILABLE) || (defined(CRYPTOPP_WIN32_AVAILABLE) && !defined(THREAD_TIMER_AVAILABLE)) +#include +#endif + +NAMESPACE_BEGIN(CryptoPP) + +#ifdef HIGHRES_TIMER_AVAILABLE + typedef word64 TimerWord; +#else + typedef clock_t TimerWord; +#endif + +//! \class TimerBase +//! \brief Base class for timers +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TimerBase +{ +public: + enum Unit {SECONDS = 0, MILLISECONDS, MICROSECONDS, NANOSECONDS}; + TimerBase(Unit unit, bool stuckAtZero) + : m_timerUnit(unit), m_stuckAtZero(stuckAtZero), m_started(false) + , m_start(0), m_last(0) {} + + virtual TimerWord GetCurrentTimerValue() =0; // GetCurrentTime is a macro in MSVC 6.0 + virtual TimerWord TicksPerSecond() =0; // this is not the resolution, just a conversion factor into seconds + + void StartTimer(); + double ElapsedTimeAsDouble(); + unsigned long ElapsedTime(); + +private: + double ConvertTo(TimerWord t, Unit unit); + + Unit m_timerUnit; // HPUX workaround: m_unit is a system macro on HPUX + bool m_stuckAtZero, m_started; + TimerWord m_start, m_last; +}; + +//! \class ThreadUserTimer +//! \brief Measure CPU time spent executing instructions of this thread (if supported by OS) +//! \note ThreadUserTimer only works correctly on Windows NT or later desktops and servers. +//! On Unix-based it reports process time. On Windows Phone and Windows Store it reports wall +//! clock time with performance counter precision. On all others it reports wall clock time. +class ThreadUserTimer : public TimerBase +{ +public: + ThreadUserTimer(Unit unit = TimerBase::SECONDS, bool stuckAtZero = false) : TimerBase(unit, stuckAtZero) {} + TimerWord GetCurrentTimerValue(); + TimerWord TicksPerSecond(); +}; + +//! high resolution timer +class CRYPTOPP_DLL Timer : public TimerBase +{ +public: + Timer(Unit unit = TimerBase::SECONDS, bool stuckAtZero = false) : TimerBase(unit, stuckAtZero) {} + TimerWord GetCurrentTimerValue(); + TimerWord TicksPerSecond(); +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/ida.h b/libs/win_crypto++/include/ida.h new file mode 100644 index 0000000..3fd51e3 --- /dev/null +++ b/libs/win_crypto++/include/ida.h @@ -0,0 +1,161 @@ +// ida.h - written and placed in the public domain by Wei Dai + +//! \file ida.h +//! \brief Classes for Information Dispersal Algorithm (IDA) + +#ifndef CRYPTOPP_IDA_H +#define CRYPTOPP_IDA_H + +#include "cryptlib.h" +#include "mqueue.h" +#include "filters.h" +#include "channels.h" +#include "secblock.h" +#include "stdcpp.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +/// base class for secret sharing and information dispersal +class RawIDA : public AutoSignaling > > +{ +public: + RawIDA(BufferedTransformation *attachment=NULL) + : m_threshold (0), m_channelsReady(0), m_channelsFinished(0) + {Detach(attachment);} + + unsigned int GetThreshold() const {return m_threshold;} + void AddOutputChannel(word32 channelId); + void ChannelData(word32 channelId, const byte *inString, size_t length, bool messageEnd); + lword InputBuffered(word32 channelId) const; + + void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); + size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) + { + if (!blocking) + throw BlockingInputOnly("RawIDA"); + ChannelData(StringToWord(channel), begin, length, messageEnd != 0); + return 0; + } + +protected: + virtual void FlushOutputQueues(); + virtual void OutputMessageEnds(); + + unsigned int InsertInputChannel(word32 channelId); + unsigned int LookupInputChannel(word32 channelId) const; + void ComputeV(unsigned int); + void PrepareInterpolation(); + void ProcessInputQueues(); + + typedef std::map InputChannelMap; + InputChannelMap m_inputChannelMap; + InputChannelMap::iterator m_lastMapPosition; + std::vector m_inputQueues; + std::vector m_inputChannelIds, m_outputChannelIds, m_outputToInput; + std::vector m_outputChannelIdStrings; + std::vector m_outputQueues; + int m_threshold; + unsigned int m_channelsReady, m_channelsFinished; + std::vector > m_v; + SecBlock m_u, m_w, m_y; +}; + +/// a variant of Shamir's Secret Sharing Algorithm +class SecretSharing : public CustomFlushPropagation +{ +public: + SecretSharing(RandomNumberGenerator &rng, int threshold, int nShares, BufferedTransformation *attachment=NULL, bool addPadding=true) + : m_rng(rng), m_ida(new OutputProxy(*this, true)) + { + Detach(attachment); + IsolatedInitialize(MakeParameters("RecoveryThreshold", threshold)("NumberOfShares", nShares)("AddPadding", addPadding)); + } + + void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); + size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); + bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) {return m_ida.Flush(hardFlush, propagation, blocking);} + +protected: + RandomNumberGenerator &m_rng; + RawIDA m_ida; + bool m_pad; +}; + +/// a variant of Shamir's Secret Sharing Algorithm +class SecretRecovery : public RawIDA +{ +public: + SecretRecovery(int threshold, BufferedTransformation *attachment=NULL, bool removePadding=true) + : RawIDA(attachment) + {IsolatedInitialize(MakeParameters("RecoveryThreshold", threshold)("RemovePadding", removePadding));} + + void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); + +protected: + void FlushOutputQueues(); + void OutputMessageEnds(); + + bool m_pad; +}; + +/// a variant of Rabin's Information Dispersal Algorithm +class InformationDispersal : public CustomFlushPropagation +{ +public: + InformationDispersal(int threshold, int nShares, BufferedTransformation *attachment=NULL, bool addPadding=true) + : m_ida(new OutputProxy(*this, true)), m_pad(false), m_nextChannel(0) + { + Detach(attachment); + IsolatedInitialize(MakeParameters("RecoveryThreshold", threshold)("NumberOfShares", nShares)("AddPadding", addPadding)); + } + + void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); + size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); + bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) {return m_ida.Flush(hardFlush, propagation, blocking);} + +protected: + RawIDA m_ida; + bool m_pad; + unsigned int m_nextChannel; +}; + +/// a variant of Rabin's Information Dispersal Algorithm +class InformationRecovery : public RawIDA +{ +public: + InformationRecovery(int threshold, BufferedTransformation *attachment=NULL, bool removePadding=true) + : RawIDA(attachment), m_pad(false) + {IsolatedInitialize(MakeParameters("RecoveryThreshold", threshold)("RemovePadding", removePadding));} + + void IsolatedInitialize(const NameValuePairs ¶meters=g_nullNameValuePairs); + +protected: + void FlushOutputQueues(); + void OutputMessageEnds(); + + bool m_pad; + ByteQueue m_queue; +}; + +class PaddingRemover : public Unflushable +{ +public: + PaddingRemover(BufferedTransformation *attachment=NULL) + : m_possiblePadding(false), m_zeroCount(0) {Detach(attachment);} + + void IsolatedInitialize(const NameValuePairs ¶meters) + {CRYPTOPP_UNUSED(parameters); m_possiblePadding = false;} + size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking); + + // GetPossiblePadding() == false at the end of a message indicates incorrect padding + bool GetPossiblePadding() const {return m_possiblePadding;} + +private: + bool m_possiblePadding; + lword m_zeroCount; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/idea.h b/libs/win_crypto++/include/idea.h new file mode 100644 index 0000000..e2273da --- /dev/null +++ b/libs/win_crypto++/include/idea.h @@ -0,0 +1,66 @@ +// idea.h - written and placed in the public domain by Wei Dai + +//! \file idea.h +//! \brief Classes for the IDEA block cipher + +#ifndef CRYPTOPP_IDEA_H +#define CRYPTOPP_IDEA_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class IDEA_Info +//! \brief IDEA block cipher information +struct IDEA_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public FixedRounds<8> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "IDEA";} +}; + +//! \class IDEA +//! \brief IDEA block cipher +//! \sa IDEA +class IDEA : public IDEA_Info, public BlockCipherDocumentation +{ +public: // made public for internal purposes +#ifdef CRYPTOPP_NATIVE_DWORD_AVAILABLE + typedef word Word; +#else + typedef hword Word; +#endif + +private: + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + unsigned int OptimalDataAlignment() const {return 2;} + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + + private: + void EnKey(const byte *); + void DeKey(); + FixedSizeSecBlock m_key; + + #ifdef IDEA_LARGECACHE + static inline void LookupMUL(word &a, word b); + void LookupKeyLogs(); + static void BuildLogTables(); + static volatile bool tablesBuilt; + static word16 log[0x10000], antilog[0x10000]; + #endif + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef IDEA::Encryption IDEAEncryption; +typedef IDEA::Decryption IDEADecryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/integer.h b/libs/win_crypto++/include/integer.h new file mode 100644 index 0000000..0cdc67a --- /dev/null +++ b/libs/win_crypto++/include/integer.h @@ -0,0 +1,614 @@ +// integer.h - written and placed in the public domain by Wei Dai + +//! \file integer.h +//! \brief Multiple precision integer with arithmetic operations +//! \details The Integer class can represent positive and negative integers +//! with absolute value less than (256**sizeof(word))(256**sizeof(int)). +//! \details Internally, the library uses a sign magnitude representation, and the class +//! has two data members. The first is a IntegerSecBlock (a SecBlock) and it is +//! used to hold the representation. The second is a Sign, and its is used to track +//! the sign of the Integer. + +#ifndef CRYPTOPP_INTEGER_H +#define CRYPTOPP_INTEGER_H + +#include "cryptlib.h" +#include "secblock.h" +#include "stdcpp.h" + +#include + +NAMESPACE_BEGIN(CryptoPP) + +//! \struct InitializeInteger +//! Performs static intialization of the Integer class +struct InitializeInteger +{ + InitializeInteger(); +}; + +// http://github.com/weidai11/cryptopp/issues/256 +#if defined(CRYPTOPP_WORD128_AVAILABLE) +typedef SecBlock > IntegerSecBlock; +#else +typedef SecBlock > IntegerSecBlock; +#endif + +//! \brief Multiple precision integer with arithmetic operations +//! \details The Integer class can represent positive and negative integers +//! with absolute value less than (256**sizeof(word))(256**sizeof(int)). +//! \details Internally, the library uses a sign magnitude representation, and the class +//! has two data members. The first is a IntegerSecBlock (a SecBlock) and it is +//! used to hold the representation. The second is a Sign, and its is used to track +//! the sign of the Integer. +//! \nosubgrouping +class CRYPTOPP_DLL Integer : private InitializeInteger, public ASN1Object +{ +public: + //! \name ENUMS, EXCEPTIONS, and TYPEDEFS + //@{ + //! \brief Exception thrown when division by 0 is encountered + class DivideByZero : public Exception + { + public: + DivideByZero() : Exception(OTHER_ERROR, "Integer: division by zero") {} + }; + + //! \brief Exception thrown when a random number cannot be found that + //! satisfies the condition + class RandomNumberNotFound : public Exception + { + public: + RandomNumberNotFound() : Exception(OTHER_ERROR, "Integer: no integer satisfies the given parameters") {} + }; + + //! \enum Sign + //! \brief Used internally to represent the integer + //! \details Sign is used internally to represent the integer. It is also used in a few API functions. + //! \sa Signedness + enum Sign { + //! \brief the value is positive or 0 + POSITIVE=0, + //! \brief the value is negative + NEGATIVE=1}; + + //! \enum Signedness + //! \brief Used when importing and exporting integers + //! \details Signedness is usually used in API functions. + //! \sa Sign + enum Signedness { + //! \brief an unsigned value + UNSIGNED, + //! \brief a signed value + SIGNED}; + + //! \enum RandomNumberType + //! \brief Properties of a random integer + enum RandomNumberType { + //! \brief a number with no special properties + ANY, + //! \brief a number which is probabilistically prime + PRIME}; + //@} + + //! \name CREATORS + //@{ + //! \brief Creates the zero integer + Integer(); + + //! copy constructor + Integer(const Integer& t); + + //! \brief Convert from signed long + Integer(signed long value); + + //! \brief Convert from lword + //! \param sign enumeration indicating Sign + //! \param value the long word + Integer(Sign sign, lword value); + + //! \brief Convert from two words + //! \param sign enumeration indicating Sign + //! \param highWord the high word + //! \param lowWord the low word + Integer(Sign sign, word highWord, word lowWord); + + //! \brief Convert from a C-string + //! \param str C-string value + //! \param order byte order + //! \details \p str can be in base 2, 8, 10, or 16. Base is determined by a case + //! insensitive suffix of 'h', 'o', or 'b'. No suffix means base 10. + //! \details Byte order was added at Crypto++ 5.7 to allow use of little-endian + //! integers with curve25519, Poly1305 and Microsoft CAPI. + explicit Integer(const char *str, ByteOrder order = BIG_ENDIAN_ORDER); + + //! \brief Convert from a wide C-string + //! \param str wide C-string value + //! \param order byte order + //! \details \p str can be in base 2, 8, 10, or 16. Base is determined by a case + //! insensitive suffix of 'h', 'o', or 'b'. No suffix means base 10. + //! \details Byte order was added at Crypto++ 5.7 to allow use of little-endian + //! integers with curve25519, Poly1305 and Microsoft CAPI. + explicit Integer(const wchar_t *str, ByteOrder order = BIG_ENDIAN_ORDER); + + //! \brief Convert from a big-endian byte array + //! \param encodedInteger big-endian byte array + //! \param byteCount length of the byte array + //! \param sign enumeration indicating Signedness + //! \param order byte order + //! \details Byte order was added at Crypto++ 5.7 to allow use of little-endian + //! integers with curve25519, Poly1305 and Microsoft CAPI. + Integer(const byte *encodedInteger, size_t byteCount, Signedness sign=UNSIGNED, ByteOrder order = BIG_ENDIAN_ORDER); + + //! \brief Convert from a big-endian array + //! \param bt BufferedTransformation object with big-endian byte array + //! \param byteCount length of the byte array + //! \param sign enumeration indicating Signedness + //! \param order byte order + //! \details Byte order was added at Crypto++ 5.7 to allow use of little-endian + //! integers with curve25519, Poly1305 and Microsoft CAPI. + Integer(BufferedTransformation &bt, size_t byteCount, Signedness sign=UNSIGNED, ByteOrder order = BIG_ENDIAN_ORDER); + + //! \brief Convert from a BER encoded byte array + //! \param bt BufferedTransformation object with BER encoded byte array + explicit Integer(BufferedTransformation &bt); + + //! \brief Create a random integer + //! \param rng RandomNumberGenerator used to generate material + //! \param bitCount the number of bits in the resulting integer + //! \details The random integer created is uniformly distributed over [0, 2bitCount]. + Integer(RandomNumberGenerator &rng, size_t bitCount); + + //! \brief Integer representing 0 + //! \returns an Integer representing 0 + //! \details Zero() avoids calling constructors for frequently used integers + static const Integer & CRYPTOPP_API Zero(); + //! \brief Integer representing 1 + //! \returns an Integer representing 1 + //! \details One() avoids calling constructors for frequently used integers + static const Integer & CRYPTOPP_API One(); + //! \brief Integer representing 2 + //! \returns an Integer representing 2 + //! \details Two() avoids calling constructors for frequently used integers + static const Integer & CRYPTOPP_API Two(); + + //! \brief Create a random integer of special form + //! \param rng RandomNumberGenerator used to generate material + //! \param min the minimum value + //! \param max the maximum value + //! \param rnType RandomNumberType to specify the type + //! \param equiv the equivalence class based on the parameter \p mod + //! \param mod the modulus used to reduce the equivalence class + //! \throw RandomNumberNotFound if the set is empty. + //! \details Ideally, the random integer created should be uniformly distributed + //! over {x | min \<= x \<= max and \p x is of rnType and x \% mod == equiv}. + //! However the actual distribution may not be uniform because sequential + //! search is used to find an appropriate number from a random starting + //! point. + //! \details May return (with very small probability) a pseudoprime when a prime + //! is requested and max \> lastSmallPrime*lastSmallPrime. \p lastSmallPrime + //! is declared in nbtheory.h. + Integer(RandomNumberGenerator &rng, const Integer &min, const Integer &max, RandomNumberType rnType=ANY, const Integer &equiv=Zero(), const Integer &mod=One()); + + //! \brief Exponentiates to a power of 2 + //! \returns the Integer 2e + //! \sa a_times_b_mod_c() and a_exp_b_mod_c() + static Integer CRYPTOPP_API Power2(size_t e); + //@} + + //! \name ENCODE/DECODE + //@{ + //! \brief The minimum number of bytes to encode this integer + //! \param sign enumeration indicating Signedness + //! \note The MinEncodedSize() of 0 is 1. + size_t MinEncodedSize(Signedness sign=UNSIGNED) const; + + //! \brief Encode in big-endian format + //! \param output big-endian byte array + //! \param outputLen length of the byte array + //! \param sign enumeration indicating Signedness + //! \details Unsigned means encode absolute value, signed means encode two's complement if negative. + //! \details outputLen can be used to ensure an Integer is encoded to an exact size (rather than a + //! minimum size). An exact size is useful, for example, when encoding to a field element size. + void Encode(byte *output, size_t outputLen, Signedness sign=UNSIGNED) const; + + //! \brief Encode in big-endian format + //! \param bt BufferedTransformation object + //! \param outputLen length of the encoding + //! \param sign enumeration indicating Signedness + //! \details Unsigned means encode absolute value, signed means encode two's complement if negative. + //! \details outputLen can be used to ensure an Integer is encoded to an exact size (rather than a + //! minimum size). An exact size is useful, for example, when encoding to a field element size. + void Encode(BufferedTransformation &bt, size_t outputLen, Signedness sign=UNSIGNED) const; + + //! \brief Encode in DER format + //! \param bt BufferedTransformation object + //! \details Encodes the Integer using Distinguished Encoding Rules + //! The result is placed into a BufferedTransformation object + void DEREncode(BufferedTransformation &bt) const; + + //! encode absolute value as big-endian octet string + //! \param bt BufferedTransformation object + //! \param length the number of mytes to decode + void DEREncodeAsOctetString(BufferedTransformation &bt, size_t length) const; + + //! \brief Encode absolute value in OpenPGP format + //! \param output big-endian byte array + //! \param bufferSize length of the byte array + //! \returns length of the output + //! \details OpenPGPEncode places result into a BufferedTransformation object and returns the + //! number of bytes used for the encoding + size_t OpenPGPEncode(byte *output, size_t bufferSize) const; + + //! \brief Encode absolute value in OpenPGP format + //! \param bt BufferedTransformation object + //! \returns length of the output + //! \details OpenPGPEncode places result into a BufferedTransformation object and returns the + //! number of bytes used for the encoding + size_t OpenPGPEncode(BufferedTransformation &bt) const; + + //! \brief Decode from big-endian byte array + //! \param input big-endian byte array + //! \param inputLen length of the byte array + //! \param sign enumeration indicating Signedness + void Decode(const byte *input, size_t inputLen, Signedness sign=UNSIGNED); + + //! \brief Decode nonnegative value from big-endian byte array + //! \param bt BufferedTransformation object + //! \param inputLen length of the byte array + //! \param sign enumeration indicating Signedness + //! \note bt.MaxRetrievable() \>= inputLen. + void Decode(BufferedTransformation &bt, size_t inputLen, Signedness sign=UNSIGNED); + + //! \brief Decode from BER format + //! \param input big-endian byte array + //! \param inputLen length of the byte array + void BERDecode(const byte *input, size_t inputLen); + + //! \brief Decode from BER format + //! \param bt BufferedTransformation object + void BERDecode(BufferedTransformation &bt); + + //! \brief Decode nonnegative value from big-endian octet string + //! \param bt BufferedTransformation object + //! \param length length of the byte array + void BERDecodeAsOctetString(BufferedTransformation &bt, size_t length); + + //! \brief Exception thrown when an error is encountered decoding an OpenPGP integer + class OpenPGPDecodeErr : public Exception + { + public: + OpenPGPDecodeErr() : Exception(INVALID_DATA_FORMAT, "OpenPGP decode error") {} + }; + + //! \brief Decode from OpenPGP format + //! \param input big-endian byte array + //! \param inputLen length of the byte array + void OpenPGPDecode(const byte *input, size_t inputLen); + //! \brief Decode from OpenPGP format + //! \param bt BufferedTransformation object + void OpenPGPDecode(BufferedTransformation &bt); + //@} + + //! \name ACCESSORS + //@{ + //! \brief Determines if the Integer is convertable to Long + //! \returns true if *this can be represented as a signed long + //! \sa ConvertToLong() + bool IsConvertableToLong() const; + //! \brief Convert the Integer to Long + //! \return equivalent signed long if possible, otherwise undefined + //! \sa IsConvertableToLong() + signed long ConvertToLong() const; + + //! \brief Determines the number of bits required to represent the Integer + //! \returns number of significant bits = floor(log2(abs(*this))) + 1 + unsigned int BitCount() const; + //! \brief Determines the number of bytes required to represent the Integer + //! \returns number of significant bytes = ceiling(BitCount()/8) + unsigned int ByteCount() const; + //! \brief Determines the number of words required to represent the Integer + //! \returns number of significant words = ceiling(ByteCount()/sizeof(word)) + unsigned int WordCount() const; + + //! \brief Provides the i-th bit of the Integer + //! \returns the i-th bit, i=0 being the least significant bit + bool GetBit(size_t i) const; + //! \brief Provides the i-th byte of the Integer + //! \returns the i-th byte + byte GetByte(size_t i) const; + //! \brief Provides the low order bits of the Integer + //! \returns n lowest bits of *this >> i + lword GetBits(size_t i, size_t n) const; + + //! \brief Determines if the Integer is 0 + //! \returns true if the Integer is 0, false otherwise + bool IsZero() const {return !*this;} + //! \brief Determines if the Integer is non-0 + //! \returns true if the Integer is non-0, false otherwise + bool NotZero() const {return !IsZero();} + //! \brief Determines if the Integer is negative + //! \returns true if the Integer is negative, false otherwise + bool IsNegative() const {return sign == NEGATIVE;} + //! \brief Determines if the Integer is non-negative + //! \returns true if the Integer is non-negative, false otherwise + bool NotNegative() const {return !IsNegative();} + //! \brief Determines if the Integer is positive + //! \returns true if the Integer is positive, false otherwise + bool IsPositive() const {return NotNegative() && NotZero();} + //! \brief Determines if the Integer is non-positive + //! \returns true if the Integer is non-positive, false otherwise + bool NotPositive() const {return !IsPositive();} + //! \brief Determines if the Integer is even parity + //! \returns true if the Integer is even, false otherwise + bool IsEven() const {return GetBit(0) == 0;} + //! \brief Determines if the Integer is odd parity + //! \returns true if the Integer is odd, false otherwise + bool IsOdd() const {return GetBit(0) == 1;} + //@} + + //! \name MANIPULATORS + //@{ + //! + Integer& operator=(const Integer& t); + + //! + Integer& operator+=(const Integer& t); + //! + Integer& operator-=(const Integer& t); + //! + //! \sa a_times_b_mod_c() and a_exp_b_mod_c() + Integer& operator*=(const Integer& t) {return *this = Times(t);} + //! + Integer& operator/=(const Integer& t) {return *this = DividedBy(t);} + //! + //! \sa a_times_b_mod_c() and a_exp_b_mod_c() + Integer& operator%=(const Integer& t) {return *this = Modulo(t);} + //! + Integer& operator/=(word t) {return *this = DividedBy(t);} + //! + //! \sa a_times_b_mod_c() and a_exp_b_mod_c() + Integer& operator%=(word t) {return *this = Integer(POSITIVE, 0, Modulo(t));} + + //! + Integer& operator<<=(size_t); + //! + Integer& operator>>=(size_t); + + //! \brief Set this Integer to random integer + //! \param rng RandomNumberGenerator used to generate material + //! \param bitCount the number of bits in the resulting integer + //! \details The random integer created is uniformly distributed over [0, 2bitCount]. + void Randomize(RandomNumberGenerator &rng, size_t bitCount); + + //! \brief Set this Integer to random integer + //! \param rng RandomNumberGenerator used to generate material + //! \param min the minimum value + //! \param max the maximum value + //! \details The random integer created is uniformly distributed over [min, max]. + void Randomize(RandomNumberGenerator &rng, const Integer &min, const Integer &max); + + //! \brief Set this Integer to random integer of special form + //! \param rng RandomNumberGenerator used to generate material + //! \param min the minimum value + //! \param max the maximum value + //! \param rnType RandomNumberType to specify the type + //! \param equiv the equivalence class based on the parameter \p mod + //! \param mod the modulus used to reduce the equivalence class + //! \throw RandomNumberNotFound if the set is empty. + //! \details Ideally, the random integer created should be uniformly distributed + //! over {x | min \<= x \<= max and \p x is of rnType and x \% mod == equiv}. + //! However the actual distribution may not be uniform because sequential + //! search is used to find an appropriate number from a random starting + //! point. + //! \details May return (with very small probability) a pseudoprime when a prime + //! is requested and max \> lastSmallPrime*lastSmallPrime. \p lastSmallPrime + //! is declared in nbtheory.h. + bool Randomize(RandomNumberGenerator &rng, const Integer &min, const Integer &max, RandomNumberType rnType, const Integer &equiv=Zero(), const Integer &mod=One()); + + bool GenerateRandomNoThrow(RandomNumberGenerator &rng, const NameValuePairs ¶ms = g_nullNameValuePairs); + void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms = g_nullNameValuePairs) + { + if (!GenerateRandomNoThrow(rng, params)) + throw RandomNumberNotFound(); + } + + //! \brief Set the n-th bit to value + //! \details 0-based numbering. + void SetBit(size_t n, bool value=1); + + //! \brief Set the n-th byte to value + //! \details 0-based numbering. + void SetByte(size_t n, byte value); + + //! \brief Reverse the Sign of the Integer + void Negate(); + + //! \brief Sets the Integer to positive + void SetPositive() {sign = POSITIVE;} + + //! \brief Sets the Integer to negative + void SetNegative() {if (!!(*this)) sign = NEGATIVE;} + + //! \brief Swaps this Integer with another Integer + void swap(Integer &a); + //@} + + //! \name UNARY OPERATORS + //@{ + //! + bool operator!() const; + //! + Integer operator+() const {return *this;} + //! + Integer operator-() const; + //! + Integer& operator++(); + //! + Integer& operator--(); + //! + Integer operator++(int) {Integer temp = *this; ++*this; return temp;} + //! + Integer operator--(int) {Integer temp = *this; --*this; return temp;} + //@} + + //! \name BINARY OPERATORS + //@{ + //! \brief Perform signed comparison + //! \param a the Integer to comapre + //! \retval -1 if *this < a + //! \retval 0 if *this = a + //! \retval 1 if *this > a + int Compare(const Integer& a) const; + + //! + Integer Plus(const Integer &b) const; + //! + Integer Minus(const Integer &b) const; + //! + //! \sa a_times_b_mod_c() and a_exp_b_mod_c() + Integer Times(const Integer &b) const; + //! + Integer DividedBy(const Integer &b) const; + //! + //! \sa a_times_b_mod_c() and a_exp_b_mod_c() + Integer Modulo(const Integer &b) const; + //! + Integer DividedBy(word b) const; + //! + //! \sa a_times_b_mod_c() and a_exp_b_mod_c() + word Modulo(word b) const; + + //! + Integer operator>>(size_t n) const {return Integer(*this)>>=n;} + //! + Integer operator<<(size_t n) const {return Integer(*this)<<=n;} + //@} + + //! \name OTHER ARITHMETIC FUNCTIONS + //@{ + //! + Integer AbsoluteValue() const; + //! + Integer Doubled() const {return Plus(*this);} + //! + //! \sa a_times_b_mod_c() and a_exp_b_mod_c() + Integer Squared() const {return Times(*this);} + //! extract square root, if negative return 0, else return floor of square root + Integer SquareRoot() const; + //! return whether this integer is a perfect square + bool IsSquare() const; + + //! is 1 or -1 + bool IsUnit() const; + //! return inverse if 1 or -1, otherwise return 0 + Integer MultiplicativeInverse() const; + + //! calculate r and q such that (a == d*q + r) && (0 <= r < abs(d)) + static void CRYPTOPP_API Divide(Integer &r, Integer &q, const Integer &a, const Integer &d); + //! use a faster division algorithm when divisor is short + static void CRYPTOPP_API Divide(word &r, Integer &q, const Integer &a, word d); + + //! returns same result as Divide(r, q, a, Power2(n)), but faster + static void CRYPTOPP_API DivideByPowerOf2(Integer &r, Integer &q, const Integer &a, unsigned int n); + + //! greatest common divisor + static Integer CRYPTOPP_API Gcd(const Integer &a, const Integer &n); + //! calculate multiplicative inverse of *this mod n + //! \sa a_times_b_mod_c() and a_exp_b_mod_c() + Integer InverseMod(const Integer &n) const; + //! + //! \sa a_times_b_mod_c() and a_exp_b_mod_c() + word InverseMod(word n) const; + //@} + + //! \name INPUT/OUTPUT + //@{ + //! \brief Extraction operator + //! \param in a reference to a std::istream + //! \param a a reference to an Integer + //! \returns a reference to a std::istream reference + friend CRYPTOPP_DLL std::istream& CRYPTOPP_API operator>>(std::istream& in, Integer &a); + //! + //! \brief Insertion operator + //! \param out a reference to a std::ostream + //! \param a a constant reference to an Integer + //! \returns a reference to a std::ostream reference + //! \details The output integer responds to std::hex, std::oct, std::hex, std::upper and + //! std::lower. The output includes the suffix \a \b h (for hex), \a \b . (\a \b dot, for dec) + //! and \a \b o (for octal). There is currently no way to supress the suffix. + //! \details If you want to print an Integer without the suffix or using an arbitrary base, then + //! use IntToString(). + //! \sa IntToString + friend CRYPTOPP_DLL std::ostream& CRYPTOPP_API operator<<(std::ostream& out, const Integer &a); + //@} + +#ifndef CRYPTOPP_DOXYGEN_PROCESSING + //! modular multiplication + CRYPTOPP_DLL friend Integer CRYPTOPP_API a_times_b_mod_c(const Integer &x, const Integer& y, const Integer& m); + //! modular exponentiation + CRYPTOPP_DLL friend Integer CRYPTOPP_API a_exp_b_mod_c(const Integer &x, const Integer& e, const Integer& m); +#endif + +private: + + Integer(word value, size_t length); + int PositiveCompare(const Integer &t) const; + + IntegerSecBlock reg; + Sign sign; + +#ifndef CRYPTOPP_DOXYGEN_PROCESSING + friend class ModularArithmetic; + friend class MontgomeryRepresentation; + friend class HalfMontgomeryRepresentation; + + friend void PositiveAdd(Integer &sum, const Integer &a, const Integer &b); + friend void PositiveSubtract(Integer &diff, const Integer &a, const Integer &b); + friend void PositiveMultiply(Integer &product, const Integer &a, const Integer &b); + friend void PositiveDivide(Integer &remainder, Integer "ient, const Integer ÷nd, const Integer &divisor); +#endif +}; + +//! +inline bool operator==(const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)==0;} +//! +inline bool operator!=(const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)!=0;} +//! +inline bool operator> (const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)> 0;} +//! +inline bool operator>=(const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)>=0;} +//! +inline bool operator< (const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)< 0;} +//! +inline bool operator<=(const CryptoPP::Integer& a, const CryptoPP::Integer& b) {return a.Compare(b)<=0;} +//! +inline CryptoPP::Integer operator+(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Plus(b);} +//! +inline CryptoPP::Integer operator-(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Minus(b);} +//! +//! \sa a_times_b_mod_c() and a_exp_b_mod_c() +inline CryptoPP::Integer operator*(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Times(b);} +//! +inline CryptoPP::Integer operator/(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.DividedBy(b);} +//! +//! \sa a_times_b_mod_c() and a_exp_b_mod_c() +inline CryptoPP::Integer operator%(const CryptoPP::Integer &a, const CryptoPP::Integer &b) {return a.Modulo(b);} +//! +inline CryptoPP::Integer operator/(const CryptoPP::Integer &a, CryptoPP::word b) {return a.DividedBy(b);} +//! +//! \sa a_times_b_mod_c() and a_exp_b_mod_c() +inline CryptoPP::word operator%(const CryptoPP::Integer &a, CryptoPP::word b) {return a.Modulo(b);} + +NAMESPACE_END + +#ifndef __BORLANDC__ +NAMESPACE_BEGIN(std) +inline void swap(CryptoPP::Integer &a, CryptoPP::Integer &b) +{ + a.swap(b); +} +NAMESPACE_END +#endif + +#endif diff --git a/libs/win_crypto++/include/iterhash.h b/libs/win_crypto++/include/iterhash.h new file mode 100644 index 0000000..505fda2 --- /dev/null +++ b/libs/win_crypto++/include/iterhash.h @@ -0,0 +1,187 @@ +#ifndef CRYPTOPP_ITERHASH_H +#define CRYPTOPP_ITERHASH_H + +#include "cryptlib.h" +#include "secblock.h" +#include "misc.h" +#include "simple.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class HashInputTooLong +//! \brief Exception thrown when trying to hash more data than is allowed by a hash function +class CRYPTOPP_DLL HashInputTooLong : public InvalidDataFormat +{ +public: + explicit HashInputTooLong(const std::string &alg) + : InvalidDataFormat("IteratedHashBase: input data exceeds maximum allowed by hash function " + alg) {} +}; + +//! \class IteratedHashBase +//! \brief Iterated hash base class +//! \tparam T Hash word type +//! \tparam BASE HashTransformation derived class +//! \details IteratedHashBase provides an interface for block-based iterated hashes +//! \sa HashTransformation, MessageAuthenticationCode +template +class CRYPTOPP_NO_VTABLE IteratedHashBase : public BASE +{ +public: + typedef T HashWordType; + + //! \brief Construct an IteratedHashBase + IteratedHashBase() : m_countLo(0), m_countHi(0) {} + + //! \brief Provides the input block size most efficient for this cipher. + //! \return The input block size that is most efficient for the cipher + //! \details The base class implementation returns MandatoryBlockSize(). + //! \note Optimal input length is + //! n * OptimalBlockSize() - GetOptimalBlockSizeUsed() for any n \> 0. + unsigned int OptimalBlockSize() const {return this->BlockSize();} + + //! \brief Provides input and output data alignment for optimal performance. + //! \return the input data alignment that provides optimal performance + //! \details OptimalDataAlignment returnes the natural alignment of the hash word. + unsigned int OptimalDataAlignment() const {return GetAlignmentOf();} + + //! \brief Updates a hash with additional input + //! \param input the additional input as a buffer + //! \param length the size of the buffer, in bytes + void Update(const byte *input, size_t length); + + //! \brief Requests space which can be written into by the caller + //! \param size the requested size of the buffer + //! \details The purpose of this method is to help avoid extra memory allocations. + //! \details size is an \a IN and \a OUT parameter and used as a hint. When the call is made, + //! size is the requested size of the buffer. When the call returns, size is the size of + //! the array returned to the caller. + //! \details The base class implementation sets size to 0 and returns NULL. + //! \note Some objects, like ArraySink, cannot create a space because its fixed. + byte * CreateUpdateSpace(size_t &size); + + //! \brief Restart the hash + //! \details Discards the current state, and restart for a new message + void Restart(); + + //! \brief Computes the hash of the current message + //! \param digest a pointer to the buffer to receive the hash + //! \param digestSize the size of the truncated digest, in bytes + //! \details TruncatedFinal() call Final() and then copies digestSize bytes to digest. + //! The hash is restarted the hash for the next message. + void TruncatedFinal(byte *digest, size_t digestSize); + +protected: + inline T GetBitCountHi() const {return (m_countLo >> (8*sizeof(T)-3)) + (m_countHi << 3);} + inline T GetBitCountLo() const {return m_countLo << 3;} + + void PadLastBlock(unsigned int lastBlockSize, byte padFirst=0x80); + virtual void Init() =0; + + virtual ByteOrder GetByteOrder() const =0; + virtual void HashEndianCorrectedBlock(const HashWordType *data) =0; + virtual size_t HashMultipleBlocks(const T *input, size_t length); + void HashBlock(const HashWordType *input) {HashMultipleBlocks(input, this->BlockSize());} + + virtual T* DataBuf() =0; + virtual T* StateBuf() =0; + +private: + T m_countLo, m_countHi; +}; + +//! \class IteratedHash +//! \brief Iterated hash base class +//! \tparam T_HashWordType Hash word type +//! \tparam T_Endianness Endianness type of hash +//! \tparam T_BlockSize Block size of the hash +//! \tparam T_Base HashTransformation derived class +//! \details IteratedHash provides a default implementation for block-based iterated hashes +//! \sa HashTransformation, MessageAuthenticationCode +template +class CRYPTOPP_NO_VTABLE IteratedHash : public IteratedHashBase +{ +public: + typedef T_Endianness ByteOrderClass; + typedef T_HashWordType HashWordType; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~IteratedHash() { } +#endif + + CRYPTOPP_CONSTANT(BLOCKSIZE = T_BlockSize) + // BCB2006 workaround: can't use BLOCKSIZE here + CRYPTOPP_COMPILE_ASSERT((T_BlockSize & (T_BlockSize - 1)) == 0); // blockSize is a power of 2 + + //! \brief Provides the block size of the hash + //! \return the block size of the hash, in bytes + //! \details BlockSize() returns T_BlockSize. + unsigned int BlockSize() const {return T_BlockSize;} + + //! \brief Provides the byte order of the hash + //! \returns the byte order of the hash as an enumeration + //! \details GetByteOrder() returns T_Endianness::ToEnum(). + //! \sa ByteOrder() + ByteOrder GetByteOrder() const {return T_Endianness::ToEnum();} + + //! \brief Adjusts the byte ordering of the hash + //! \param out the output buffer + //! \param in the input buffer + //! \param byteCount the size of the buffers, in bytes + //! \details CorrectEndianess() calls ConditionalByteReverse() using T_Endianness. + inline void CorrectEndianess(HashWordType *out, const HashWordType *in, size_t byteCount) + { + ConditionalByteReverse(T_Endianness::ToEnum(), out, in, byteCount); + } + +protected: + T_HashWordType* DataBuf() {return this->m_data;} + FixedSizeSecBlock m_data; +}; + +//! \class IteratedHashWithStaticTransform +//! \brief Iterated hash with a static transformation function +//! \tparam T_HashWordType Hash word type +//! \tparam T_Endianness Endianness type of hash +//! \tparam T_BlockSize Block size of the hash +//! \tparam T_StateSize Internal state size of the hash +//! \tparam T_Transform HashTransformation derived class +//! \tparam T_DigestSize Digest size of the hash +//! \tparam T_StateAligned Flag indicating if state is 16-byte aligned +//! \sa HashTransformation, MessageAuthenticationCode +template +class CRYPTOPP_NO_VTABLE IteratedHashWithStaticTransform + : public ClonableImpl, T_Transform> > +{ +public: + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~IteratedHashWithStaticTransform() { } +#endif + + CRYPTOPP_CONSTANT(DIGESTSIZE = T_DigestSize ? T_DigestSize : T_StateSize) + + //! \brief Provides the digest size of the hash + //! \return the digest size of the hash, in bytes + //! \details DigestSize() returns DIGESTSIZE. + unsigned int DigestSize() const {return DIGESTSIZE;}; + +protected: + IteratedHashWithStaticTransform() {this->Init();} + void HashEndianCorrectedBlock(const T_HashWordType *data) {T_Transform::Transform(this->m_state, data);} + void Init() {T_Transform::InitState(this->m_state);} + + T_HashWordType* StateBuf() {return this->m_state;} + FixedSizeAlignedSecBlock m_state; +}; + +#ifndef __GNUC__ + CRYPTOPP_DLL_TEMPLATE_CLASS IteratedHashBase; + CRYPTOPP_STATIC_TEMPLATE_CLASS IteratedHashBase; + + CRYPTOPP_DLL_TEMPLATE_CLASS IteratedHashBase; + CRYPTOPP_STATIC_TEMPLATE_CLASS IteratedHashBase; +#endif + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/keccak.h b/libs/win_crypto++/include/keccak.h new file mode 100644 index 0000000..b5d7e3b --- /dev/null +++ b/libs/win_crypto++/include/keccak.h @@ -0,0 +1,108 @@ +// keccak.h - written and placed in the public domain by Wei Dai + +//! \file keccak.h +//! \brief Classes for Keccak message digests +//! \details The Crypto++ Keccak implementation uses F1600 with XOF d=0x01. +//! FIPS 202 conformance (XOF d=0x06) is available in SHA3 classes. +//! \details Keccak will likely change in the future to accomodate extensibility of the +//! round function and the XOF functions. +//! \sa Keccak +//! \since Crypto++ 5.6.4 + +#ifndef CRYPTOPP_KECCAK_H +#define CRYPTOPP_KECCAK_H + +#include "cryptlib.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class Keccak +//! \brief Keccak message digest base class +//! \details The Crypto++ Keccak implementation uses F1600 with XOF d=0x01. +//! FIPS 202 conformance (XOF d=0x06) is available in SHA3 classes. +//! \details Keccak is the base class for Keccak_224, Keccak_256, Keccak_384 and Keccak_512. +//! Library users should instantiate a derived class, and only use Keccak +//! as a base class reference or pointer. +//! \details Keccak will likely change in the future to accomodate extensibility of the +//! round function and the XOF functions. +//! \details Perform the following to specify a different digest size. The class will use F1600, +//! XOF d=0x01, and a new vaue for r() (which will be 200-2*24 = 152). +//! 
  Keccack_192 : public Keccack
+//!   {
+//!     public:
+//!       CRYPTOPP_CONSTANT(DIGESTSIZE = 24)
+//!       Keccack_192() : Keccack(DIGESTSIZE) {}
+//!   };
+//!
+//! +//! \sa SHA3, Keccak_224, Keccak_256, Keccak_384 and Keccak_512. +//! \since Crypto++ 5.6.4 +class Keccak : public HashTransformation +{ +public: + //! \brief Construct a Keccak + //! \param digestSize the digest size, in bytes + //! \details Keccak is the base class for Keccak_224, Keccak_256, Keccak_384 and Keccak_512. + //! Library users should instantiate a derived class, and only use Keccak + //! as a base class reference or pointer. + //! \since Crypto++ 5.6.4 + Keccak(unsigned int digestSize) : m_digestSize(digestSize) {Restart();} + unsigned int DigestSize() const {return m_digestSize;} + std::string AlgorithmName() const {return "Keccak-" + IntToString(m_digestSize*8);} + CRYPTOPP_CONSTEXPR static const char* StaticAlgorithmName() { return "Keccak"; } + unsigned int OptimalDataAlignment() const {return GetAlignmentOf();} + + void Update(const byte *input, size_t length); + void Restart(); + void TruncatedFinal(byte *hash, size_t size); + + //unsigned int BlockSize() const { return r(); } // that's the idea behind it + +protected: + inline unsigned int r() const {return 200 - 2 * m_digestSize;} + + FixedSizeSecBlock m_state; + unsigned int m_digestSize, m_counter; +}; + +//! \class Keccak_224 +//! \tparam DigestSize controls the digest size as a template parameter instead of a per-class constant +//! \brief Keccak-X message digest, template for more fine-grained typedefs +//! \since Crypto++ 5.7.0 +template +class Keccak_Final : public Keccak +{ +public: + CRYPTOPP_CONSTANT(DIGESTSIZE = T_DigestSize) + CRYPTOPP_CONSTANT(BLOCKSIZE = 200 - 2 * DIGESTSIZE) + + //! \brief Construct a Keccak-X message digest + Keccak_Final() : Keccak(DIGESTSIZE) {} + static std::string StaticAlgorithmName() { return "Keccak-" + IntToString(DIGESTSIZE * 8); } + unsigned int BlockSize() const { return BLOCKSIZE; } +private: + CRYPTOPP_COMPILE_ASSERT(BLOCKSIZE < 200); // ensure there was no underflow in the math + CRYPTOPP_COMPILE_ASSERT(BLOCKSIZE > (int)T_DigestSize); // this is a general expectation by HMAC +}; + +//! \class Keccak_224 +//! \brief Keccak-224 message digest +//! \since Crypto++ 5.6.4 +typedef Keccak_Final<28> Keccak_224; +//! \class Keccak_256 +//! \brief Keccak-256 message digest +//! \since Crypto++ 5.6.4 +typedef Keccak_Final<32> Keccak_256; +//! \class Keccak_384 +//! \brief Keccak-384 message digest +//! \since Crypto++ 5.6.4 +typedef Keccak_Final<48> Keccak_384; +//! \class Keccak_512 +//! \brief Keccak-512 message digest +//! \since Crypto++ 5.6.4 +typedef Keccak_Final<64> Keccak_512; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/lubyrack.h b/libs/win_crypto++/include/lubyrack.h new file mode 100644 index 0000000..c43794f --- /dev/null +++ b/libs/win_crypto++/include/lubyrack.h @@ -0,0 +1,144 @@ +// lubyrack.h - written and placed in the public domain by Wei Dai + +//! \file lubyrack.h +//! \brief Classes for the Luby-Rackoff block cipher + +#ifndef CRYPTOPP_LUBYRACK_H +#define CRYPTOPP_LUBYRACK_H + +#include "simple.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +template struct DigestSizeDoubleWorkaround // VC60 workaround +{ + CRYPTOPP_CONSTANT(RESULT = 2*T::DIGESTSIZE) +}; + +//! \class LR_Info +//! \brief Luby-Rackoff block cipher information +template +struct LR_Info : public VariableKeyLength<16, 0, 2*(INT_MAX/2), 2>, public FixedBlockSize::RESULT> +{ + static std::string StaticAlgorithmName() {return std::string("LR/")+T::StaticAlgorithmName();} +}; + +//! \class LR +//! \brief Luby-Rackoff block cipher +template +class LR : public LR_Info, public BlockCipherDocumentation +{ + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl > + { + public: + // VC60 workaround: have to define these functions within class definition + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms) + { + this->AssertValidKeyLength(length); + + L = length/2; + buffer.New(2*S); + digest.New(S); + key.Assign(userKey, 2*L); + } + + protected: + CRYPTOPP_CONSTANT(S=T::DIGESTSIZE) + unsigned int L; // key length / 2 + SecByteBlock key; + + mutable T hm; + mutable SecByteBlock buffer, digest; + }; + + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + +#define KL this->key +#define KR this->key+this->L +#define BL this->buffer +#define BR this->buffer+this->S +#define IL inBlock +#define IR inBlock+this->S +#define OL outBlock +#define OR outBlock+this->S + + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const + { + this->hm.Update(KL, this->L); + this->hm.Update(IL, this->S); + this->hm.Final(BR); + xorbuf(BR, IR, this->S); + + this->hm.Update(KR, this->L); + this->hm.Update(BR, this->S); + this->hm.Final(BL); + xorbuf(BL, IL, this->S); + + this->hm.Update(KL, this->L); + this->hm.Update(BL, this->S); + this->hm.Final(this->digest); + xorbuf(BR, this->digest, this->S); + + this->hm.Update(KR, this->L); + this->hm.Update(OR, this->S); + this->hm.Final(this->digest); + xorbuf(BL, this->digest, this->S); + + if (xorBlock) + xorbuf(outBlock, xorBlock, this->buffer, 2*this->S); + else + memcpy_s(outBlock, 2*this->S, this->buffer, 2*this->S); + } + }; + + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const + { + this->hm.Update(KR, this->L); + this->hm.Update(IR, this->S); + this->hm.Final(BL); + xorbuf(BL, IL, this->S); + + this->hm.Update(KL, this->L); + this->hm.Update(BL, this->S); + this->hm.Final(BR); + xorbuf(BR, IR, this->S); + + this->hm.Update(KR, this->L); + this->hm.Update(BR, this->S); + this->hm.Final(this->digest); + xorbuf(BL, this->digest, this->S); + + this->hm.Update(KL, this->L); + this->hm.Update(OL, this->S); + this->hm.Final(this->digest); + xorbuf(BR, this->digest, this->S); + + if (xorBlock) + xorbuf(outBlock, xorBlock, this->buffer, 2*this->S); + else + memcpy(outBlock, this->buffer, 2*this->S); + } +#undef KL +#undef KR +#undef BL +#undef BR +#undef IL +#undef IR +#undef OL +#undef OR + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/luc.h b/libs/win_crypto++/include/luc.h new file mode 100644 index 0000000..8140a4a --- /dev/null +++ b/libs/win_crypto++/include/luc.h @@ -0,0 +1,306 @@ +#ifndef CRYPTOPP_LUC_H +#define CRYPTOPP_LUC_H + +/** \file +*/ + +#include "cryptlib.h" +#include "gfpcrypt.h" +#include "integer.h" +#include "algebra.h" +#include "secblock.h" + +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4127 4189) +#endif + +#include "pkcspad.h" +#include "integer.h" +#include "oaep.h" +#include "dh.h" + +#include + +NAMESPACE_BEGIN(CryptoPP) + +//! The LUC function. +/*! This class is here for historical and pedagogical interest. It has no + practical advantages over other trapdoor functions and probably shouldn't + be used in production software. The discrete log based LUC schemes + defined later in this .h file may be of more practical interest. +*/ +class LUCFunction : public TrapdoorFunction, public PublicKey +{ + typedef LUCFunction ThisClass; + +public: + void Initialize(const Integer &n, const Integer &e) + {m_n = n; m_e = e;} + + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const; + + Integer ApplyFunction(const Integer &x) const; + Integer PreimageBound() const {return m_n;} + Integer ImageBound() const {return m_n;} + + bool Validate(RandomNumberGenerator &rng, unsigned int level) const; + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + + // non-derived interface + const Integer & GetModulus() const {return m_n;} + const Integer & GetPublicExponent() const {return m_e;} + + void SetModulus(const Integer &n) {m_n = n;} + void SetPublicExponent(const Integer &e) {m_e = e;} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~LUCFunction() {} +#endif + +protected: + Integer m_n, m_e; +}; + +//! _ +class InvertibleLUCFunction : public LUCFunction, public TrapdoorFunctionInverse, public PrivateKey +{ + typedef InvertibleLUCFunction ThisClass; + +public: + void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits, const Integer &eStart=17); + void Initialize(const Integer &n, const Integer &e, const Integer &p, const Integer &q, const Integer &u) + {m_n = n; m_e = e; m_p = p; m_q = q; m_u = u;} + + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const; + + Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; + + bool Validate(RandomNumberGenerator &rng, unsigned int level) const; + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + /*! parameters: (ModulusSize, PublicExponent (default 17)) */ + void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); + + // non-derived interface + const Integer& GetPrime1() const {return m_p;} + const Integer& GetPrime2() const {return m_q;} + const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;} + + void SetPrime1(const Integer &p) {m_p = p;} + void SetPrime2(const Integer &q) {m_q = q;} + void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~InvertibleLUCFunction() {} +#endif + +protected: + Integer m_p, m_q, m_u; +}; + +struct LUC +{ + static std::string StaticAlgorithmName() {return "LUC";} + typedef LUCFunction PublicKey; + typedef InvertibleLUCFunction PrivateKey; +}; + +//! LUC cryptosystem +template +struct LUCES : public TF_ES +{ +}; + +//! LUC signature scheme with appendix +template +struct LUCSS : public TF_SS +{ +}; + +// analagous to the RSA schemes defined in PKCS #1 v2.0 +typedef LUCES >::Decryptor LUCES_OAEP_SHA_Decryptor; +typedef LUCES >::Encryptor LUCES_OAEP_SHA_Encryptor; + +typedef LUCSS::Signer LUCSSA_PKCS1v15_SHA_Signer; +typedef LUCSS::Verifier LUCSSA_PKCS1v15_SHA_Verifier; + +// ******************************************************** + +// no actual precomputation +class DL_GroupPrecomputation_LUC : public DL_GroupPrecomputation +{ +public: + const AbstractGroup & GetGroup() const {CRYPTOPP_ASSERT(false); throw 0;} + Element BERDecodeElement(BufferedTransformation &bt) const {return Integer(bt);} + void DEREncodeElement(BufferedTransformation &bt, const Element &v) const {v.DEREncode(bt);} + + // non-inherited + void SetModulus(const Integer &v) {m_p = v;} + const Integer & GetModulus() const {return m_p;} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_GroupPrecomputation_LUC() {} +#endif + +private: + Integer m_p; +}; + +//! _ +class DL_BasePrecomputation_LUC : public DL_FixedBasePrecomputation +{ +public: + // DL_FixedBasePrecomputation + bool IsInitialized() const {return m_g.NotZero();} + void SetBase(const DL_GroupPrecomputation &group, const Integer &base) + {CRYPTOPP_UNUSED(group); m_g = base;} + const Integer & GetBase(const DL_GroupPrecomputation &group) const + {CRYPTOPP_UNUSED(group); return m_g;} + void Precompute(const DL_GroupPrecomputation &group, unsigned int maxExpBits, unsigned int storage) + {CRYPTOPP_UNUSED(group); CRYPTOPP_UNUSED(maxExpBits); CRYPTOPP_UNUSED(storage);} + void Load(const DL_GroupPrecomputation &group, BufferedTransformation &storedPrecomputation) + {CRYPTOPP_UNUSED(group); CRYPTOPP_UNUSED(storedPrecomputation);} + void Save(const DL_GroupPrecomputation &group, BufferedTransformation &storedPrecomputation) const + {CRYPTOPP_UNUSED(group); CRYPTOPP_UNUSED(storedPrecomputation);} + Integer Exponentiate(const DL_GroupPrecomputation &group, const Integer &exponent) const; + Integer CascadeExponentiate(const DL_GroupPrecomputation &group, const Integer &exponent, const DL_FixedBasePrecomputation &pc2, const Integer &exponent2) const + { + CRYPTOPP_UNUSED(group); CRYPTOPP_UNUSED(exponent); CRYPTOPP_UNUSED(pc2); CRYPTOPP_UNUSED(exponent2); + // shouldn't be called + throw NotImplemented("DL_BasePrecomputation_LUC: CascadeExponentiate not implemented"); + } + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_BasePrecomputation_LUC() {} +#endif + +private: + Integer m_g; +}; + +//! _ +class DL_GroupParameters_LUC : public DL_GroupParameters_IntegerBasedImpl +{ +public: + // DL_GroupParameters + bool IsIdentity(const Integer &element) const {return element == Integer::Two();} + void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; + Element MultiplyElements(const Element &a, const Element &b) const + { + CRYPTOPP_UNUSED(a); CRYPTOPP_UNUSED(b); + throw NotImplemented("LUC_GroupParameters: MultiplyElements can not be implemented"); + } + Element CascadeExponentiate(const Element &element1, const Integer &exponent1, const Element &element2, const Integer &exponent2) const + { + CRYPTOPP_UNUSED(element1); CRYPTOPP_UNUSED(exponent1); CRYPTOPP_UNUSED(element2); CRYPTOPP_UNUSED(exponent2); + throw NotImplemented("LUC_GroupParameters: MultiplyElements can not be implemented"); + } + + // NameValuePairs interface + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const + { + return GetValueHelper(this, name, valueType, pValue).Assignable(); + } + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_GroupParameters_LUC() {} +#endif + +private: + int GetFieldType() const {return 2;} +}; + +//! _ +class DL_GroupParameters_LUC_DefaultSafePrime : public DL_GroupParameters_LUC +{ +public: + typedef NoCofactorMultiplication DefaultCofactorOption; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_GroupParameters_LUC_DefaultSafePrime() {} +#endif + +protected: + unsigned int GetDefaultSubgroupOrderSize(unsigned int modulusSize) const {return modulusSize-1;} +}; + +//! _ +class DL_Algorithm_LUC_HMP : public DL_ElgamalLikeSignatureAlgorithm +{ +public: + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "LUC-HMP";} + + void Sign(const DL_GroupParameters ¶ms, const Integer &x, const Integer &k, const Integer &e, Integer &r, Integer &s) const; + bool Verify(const DL_GroupParameters ¶ms, const DL_PublicKey &publicKey, const Integer &e, const Integer &r, const Integer &s) const; + + size_t RLen(const DL_GroupParameters ¶ms) const + {return params.GetGroupOrder().ByteCount();} + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_Algorithm_LUC_HMP() {} +#endif +}; + +//! _ +struct DL_SignatureKeys_LUC +{ + typedef DL_GroupParameters_LUC GroupParameters; + typedef DL_PublicKey_GFP PublicKey; + typedef DL_PrivateKey_GFP PrivateKey; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_SignatureKeys_LUC() {} +#endif +}; + +//! LUC-HMP, based on "Digital signature schemes based on Lucas functions" by Patrick Horster, Markus Michels, Holger Petersen +template +struct LUC_HMP : public DL_SS +{ +}; + +//! _ +struct DL_CryptoKeys_LUC +{ + typedef DL_GroupParameters_LUC_DefaultSafePrime GroupParameters; + typedef DL_PublicKey_GFP PublicKey; + typedef DL_PrivateKey_GFP PrivateKey; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_CryptoKeys_LUC() {} +#endif +}; + +//! LUC-IES +template +struct LUC_IES + : public DL_ES< + DL_CryptoKeys_LUC, + DL_KeyAgreementAlgorithm_DH, + DL_KeyDerivationAlgorithm_P1363 >, + DL_EncryptionAlgorithm_Xor, DHAES_MODE>, + LUC_IES<> > +{ + static std::string StaticAlgorithmName() {return "LUC-IES";} // non-standard name + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~LUC_IES() {} +#endif +}; + +// ******************************************************** + +//! LUC-DH +typedef DH_Domain LUC_DH; + +NAMESPACE_END + +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + +#endif diff --git a/libs/win_crypto++/include/mars.h b/libs/win_crypto++/include/mars.h new file mode 100644 index 0000000..46270f2 --- /dev/null +++ b/libs/win_crypto++/include/mars.h @@ -0,0 +1,59 @@ +// mars.h - written and placed in the public domain by Wei Dai + +//! \file mars.h +//! \brief Classes for the MARS block cipher (IBM AES submission) + +#ifndef CRYPTOPP_MARS_H +#define CRYPTOPP_MARS_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class MARS_Info +//! \brief MARS block cipher information +struct MARS_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 56, 8> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "MARS";} +}; + +//! \class MARS +//! \brief MARS block cipher +//! \sa MARS +class MARS : public MARS_Info, public BlockCipherDocumentation +{ + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + + protected: + static const word32 Sbox[512]; + + FixedSizeSecBlock m_k; + }; + + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef MARS::Encryption MARSEncryption; +typedef MARS::Decryption MARSDecryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/md2.h b/libs/win_crypto++/include/md2.h new file mode 100644 index 0000000..cb48d1d --- /dev/null +++ b/libs/win_crypto++/include/md2.h @@ -0,0 +1,46 @@ +#ifndef CRYPTOPP_MD2_H +#define CRYPTOPP_MD2_H + +#include "cryptlib.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +namespace Weak1 { + +/// MD2 +class MD2 : public HashTransformation +{ +public: + MD2(); + void Update(const byte *input, size_t length); + void TruncatedFinal(byte *hash, size_t size); + unsigned int DigestSize() const {return DIGESTSIZE;} + unsigned int BlockSize() const {return BLOCKSIZE;} + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "MD2";} + + CRYPTOPP_CONSTANT(DIGESTSIZE = 16) + CRYPTOPP_CONSTANT(BLOCKSIZE = 16) + +private: + void Transform(); + void Init(); + SecByteBlock m_X, m_C, m_buf; + unsigned int m_count; +}; + +} +#if CRYPTOPP_ENABLE_NAMESPACE_WEAK >= 1 +namespace Weak {using namespace Weak1;} // import Weak1 into CryptoPP::Weak +#else +using namespace Weak1; // import Weak1 into CryptoPP with warning +#ifdef __GNUC__ +#warning "You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning." +#else +#pragma message("You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning.") +#endif +#endif + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/md4.h b/libs/win_crypto++/include/md4.h new file mode 100644 index 0000000..11f39cd --- /dev/null +++ b/libs/win_crypto++/include/md4.h @@ -0,0 +1,35 @@ +#ifndef CRYPTOPP_MD4_H +#define CRYPTOPP_MD4_H + +#include "iterhash.h" + +NAMESPACE_BEGIN(CryptoPP) + +namespace Weak1 { + +//! MD4 +/*! \warning MD4 is considered insecure, and should not be used + unless you absolutely need it for compatibility. */ +class MD4 : public IteratedHashWithStaticTransform +{ +public: + static void InitState(HashWordType *state); + static void Transform(word32 *digest, const word32 *data); + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "MD4";} +}; + +} +#if CRYPTOPP_ENABLE_NAMESPACE_WEAK >= 1 +namespace Weak {using namespace Weak1;} // import Weak1 into CryptoPP::Weak +#else +using namespace Weak1; // import Weak1 into CryptoPP with warning +#ifdef __GNUC__ +#warning "You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning." +#else +#pragma message("You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning.") +#endif +#endif + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/md5.h b/libs/win_crypto++/include/md5.h new file mode 100644 index 0000000..e404f39 --- /dev/null +++ b/libs/win_crypto++/include/md5.h @@ -0,0 +1,33 @@ +#ifndef CRYPTOPP_MD5_H +#define CRYPTOPP_MD5_H + +#include "iterhash.h" + +NAMESPACE_BEGIN(CryptoPP) + +namespace Weak1 { + +//! MD5 +class MD5 : public IteratedHashWithStaticTransform +{ +public: + static void InitState(HashWordType *state); + static void Transform(word32 *digest, const word32 *data); + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "MD5";} +}; + +} +#if CRYPTOPP_ENABLE_NAMESPACE_WEAK >= 1 +namespace Weak {using namespace Weak1;} // import Weak1 into CryptoPP::Weak +#else +using namespace Weak1; // import Weak1 into CryptoPP with warning +#ifdef __GNUC__ +#warning "You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning." +#else +#pragma message("You may be using a weak algorithm that has been retained for backwards compatibility. Please '#define CRYPTOPP_ENABLE_NAMESPACE_WEAK 1' before including this .h file and prepend the class name with 'Weak::' to remove this warning.") +#endif +#endif + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/mdc.h b/libs/win_crypto++/include/mdc.h new file mode 100644 index 0000000..4e56063 --- /dev/null +++ b/libs/win_crypto++/include/mdc.h @@ -0,0 +1,79 @@ +// mdc.h - written and placed in the public domain by Wei Dai + +#ifndef CRYPTOPP_MDC_H +#define CRYPTOPP_MDC_H + +//! \file mdc.h +//! \brief Classes for the MDC message digest + +#include "seckey.h" +#include "secblock.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class MDC_Info +//! \brief MDC_Info cipher information +template +struct MDC_Info : public FixedBlockSize, public FixedKeyLength +{ + static std::string StaticAlgorithmName() {return std::string("MDC/")+T::StaticAlgorithmName();} +}; + + +//! \class MDC +//! \brief MDC cipher +//! \details MDC() is a construction by Peter Gutmann to turn an iterated hash function into a PRF +//! \sa MDC +template +class MDC : public MDC_Info +{ + //! \class Enc + //! \brief MDC cipher encryption operation + class CRYPTOPP_NO_VTABLE Enc : public BlockCipherImpl > + { + typedef typename T::HashWordType HashWordType; + + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms) + { + this->AssertValidKeyLength(length); + memcpy_s(m_key, m_key.size(), userKey, this->KEYLENGTH); + T::CorrectEndianess(Key(), Key(), this->KEYLENGTH); + } + + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const + { + T::CorrectEndianess(Buffer(), (HashWordType *)inBlock, this->BLOCKSIZE); + T::Transform(Buffer(), Key()); + if (xorBlock) + { + T::CorrectEndianess(Buffer(), Buffer(), this->BLOCKSIZE); + xorbuf(outBlock, xorBlock, m_buffer, this->BLOCKSIZE); + } + else + T::CorrectEndianess((HashWordType *)outBlock, Buffer(), this->BLOCKSIZE); + } + + bool IsPermutation() const {return false;} + + unsigned int OptimalDataAlignment() const {return sizeof(HashWordType);} + + private: + HashWordType *Key() {return (HashWordType *)m_key.data();} + const HashWordType *Key() const {return (const HashWordType *)m_key.data();} + HashWordType *Buffer() const {return (HashWordType *)m_buffer.data();} + + // VC60 workaround: bug triggered if using FixedSizeAllocatorWithCleanup + FixedSizeSecBlock::KEYLENGTH, AllocatorWithCleanup > m_key; + mutable FixedSizeSecBlock::BLOCKSIZE, AllocatorWithCleanup > m_buffer; + }; + +public: + //! use BlockCipher interface + typedef BlockCipherFinal Encryption; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/mersenne.h b/libs/win_crypto++/include/mersenne.h new file mode 100644 index 0000000..c3dd50a --- /dev/null +++ b/libs/win_crypto++/include/mersenne.h @@ -0,0 +1,212 @@ +// mersenne.h - written and placed in public domain by Jeffrey Walton. +// Copyright assigned to Crypto++ project. + +//! \file mersenne.h +//! \brief Class file for Mersenne Twister +//! \warning MersenneTwister is suitable for Monte-Carlo simulations, where uniformaly distrubuted +//! numbers are required quickly. It should not be used for cryptographic purposes. +//! \since Crypto++ 5.6.3 +#ifndef CRYPTOPP_MERSENNE_TWISTER_H +#define CRYPTOPP_MERSENNE_TWISTER_H + +#include "cryptlib.h" +#include "secblock.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class MersenneTwister +//! \brief Mersenne Twister class for Monte-Carlo simulations +//! \tparam K Magic constant +//! \tparam M Period parameter +//! \tparam N Size of the state vector +//! \tparam F Multiplier constant +//! \tparam S Initial seed +//! \details Provides the MersenneTwister implementation. The class is a header-only implementation. +//! \warning MersenneTwister is suitable for simulations, where uniformaly distrubuted numbers are +//! required quickly. It should not be used for cryptographic purposes. +//! \sa MT19937, MT19937ar +//! \since Crypto++ 5.6.3 +template +class MersenneTwister : public RandomNumberGenerator +{ +public: + //! \brief Construct a Mersenne Twister + //! \param seed 32-bit seed + //! \details Defaults to template parameter S due to changing algorithm + //! parameters over time + MersenneTwister(unsigned long seed = S) : m_seed(seed), m_idx(N) + { + m_state[0] = seed; + for (unsigned int i = 1; i < N+1; i++) + m_state[i] = word32(F * (m_state[i-1] ^ (m_state[i-1] >> 30)) + i); + } + + //! \brief Generate random array of bytes + //! \param output byte buffer + //! \param size length of the buffer, in bytes + //! \details Bytes are written to output in big endian order. If output length + //! is not a multiple of word32, then unused bytes are not accumulated for subsequent + //! calls to GenerateBlock. Rather, the unused tail bytes are discarded, and the + //! stream is continued at the next word32 boundary from the state array. + void GenerateBlock(byte *output, size_t size) + { + // Handle word32 size blocks + word32 temp; + for (size_t i=0; i < size/4; i++, output += 4) + { +#if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) && defined(IS_LITTLE_ENDIAN) + *((word32*)output) = ByteReverse(NextMersenneWord()); +#elif defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) + *((word32*)output) = NextMersenneWord(); +#else + temp = NextMersenneWord(); + output[3] = CRYPTOPP_GET_BYTE_AS_BYTE(temp, 0); + output[2] = CRYPTOPP_GET_BYTE_AS_BYTE(temp, 1); + output[1] = CRYPTOPP_GET_BYTE_AS_BYTE(temp, 2); + output[0] = CRYPTOPP_GET_BYTE_AS_BYTE(temp, 3); +#endif + } + + // No tail bytes + if (size%4 == 0) + { + // Wipe temp + *((volatile word32*)&temp) = 0; + return; + } + + // Handle tail bytes + temp = NextMersenneWord(); + switch (size%4) + { + case 3: output[2] = CRYPTOPP_GET_BYTE_AS_BYTE(temp, 1); /* fall through */ + case 2: output[1] = CRYPTOPP_GET_BYTE_AS_BYTE(temp, 2); /* fall through */ + case 1: output[0] = CRYPTOPP_GET_BYTE_AS_BYTE(temp, 3); break; + + default: CRYPTOPP_ASSERT(0); ;; + } + + // Wipe temp + *((volatile word32*)&temp) = 0; + } + + //! \brief Generate a random 32-bit word in the range min to max, inclusive + //! \returns random 32-bit word in the range min to max, inclusive + //! \details If the 32-bit candidate is not within the range, then it is discarded + //! and a new candidate is used. + word32 GenerateWord32(word32 min=0, word32 max=0xffffffffL) + { + const word32 range = max-min; + if (range == 0xffffffffL) + return NextMersenneWord(); + + const int maxBits = BitPrecision(range); + word32 value; + + do{ + value = Crop(NextMersenneWord(), maxBits); + } while (value > range); + + return value+min; + } + + //! \brief Generate and discard n bytes + //! \param n the number of bytes to discard, rounded up to a word32 size + //! \details If n is not a multiple of word32, then unused bytes are + //! not accumulated for subsequent calls to GenerateBlock. Rather, the unused + //! tail bytes are discarded, and the stream is continued at the next + //! word32 boundary from the state array. + void DiscardBytes(size_t n) + { + for(size_t i=0; i < RoundUpToMultipleOf(n, 4U); i++) + NextMersenneWord(); + } + +protected: + + //! \brief Returns the next 32-bit word from the state array + //! \returns the next 32-bit word from the state array + //! \details fetches the next word frm the state array, performs bit operations on + //! it, and then returns the value to the caller. + word32 NextMersenneWord() + { + if (m_idx >= N) { Twist(); } + + word32 temp = m_state[m_idx++]; + + temp ^= (temp >> 11); + temp ^= (temp << 7) & 0x9D2C5680; // 0x9D2C5680 (2636928640) + temp ^= (temp << 15) & 0xEFC60000; // 0xEFC60000 (4022730752) + + return temp ^ (temp >> 18); + } + + //! \brief Performs the twist operaton on the state array + void Twist() + { + static const unsigned long magic[2]={0x0UL, K}; + word32 kk, temp; + + CRYPTOPP_ASSERT(N >= M); + for (kk=0;kk> 1) ^ magic[temp & 0x1UL]; + } + + for (;kk> 1) ^ magic[temp & 0x1UL]; + } + + temp = (m_state[N-1] & 0x80000000)|(m_state[0] & 0x7FFFFFFF); + m_state[N-1] = m_state[M-1] ^ (temp >> 1) ^ magic[temp & 0x1UL]; + + // Reset index + m_idx = 0; + + // Wipe temp + *((volatile word32*)&temp) = 0; + } + +private: + + //! \brief 32-bit word state array of size N + FixedSizeSecBlock m_state; + //! \brief the value used to seed the generator + unsigned int m_seed; + //! \brief the current index into the state array + unsigned int m_idx; +}; + +//! \class MT19937 +//! \brief Original MT19937 generator provided in the ACM paper. +//! \details MT19937 uses 4537 as default initial seed. +//! \sa MT19937ar, Mersenne twister: +//! a 623-dimensionally equidistributed uniform pseudo-random number generator +//! \since Crypto++ 5.6.3 +#if CRYPTOPP_DOXYGEN_PROCESSING +class MT19937 : public MersenneTwister<0x9908B0DF /*2567483615*/, 397, 624, 0x10DCD /*69069*/, 4537> {}; +#else +typedef MersenneTwister<0x9908B0DF /*2567483615*/, 397, 624, 0x10DCD /*69069*/, 4537> MT19937; +#endif + +//! \class MT19937ar +//! \brief Updated MT19937 generator adapted to provide an array for initialization. +//! \details MT19937 uses 5489 as default initial seed. Use this generator when interoperating with C++11's +//! mt19937 class. +//! \sa MT19937, Mersenne Twister +//! with improved initialization +//! \since Crypto++ 5.6.3 +#if CRYPTOPP_DOXYGEN_PROCESSING +class MT19937ar : public MersenneTwister<0x9908B0DF /*2567483615*/, 397, 624, 0x6C078965 /*1812433253*/, 5489> {}; +#else +typedef MersenneTwister<0x9908B0DF /*2567483615*/, 397, 624, 0x6C078965 /*1812433253*/, 5489> MT19937ar; +#endif + +NAMESPACE_END + +#endif // CRYPTOPP_MERSENNE_TWISTER_H + diff --git a/libs/win_crypto++/include/misc.h b/libs/win_crypto++/include/misc.h new file mode 100644 index 0000000..e374d27 --- /dev/null +++ b/libs/win_crypto++/include/misc.h @@ -0,0 +1,2402 @@ + +// misc.h - written and placed in the public domain by Wei Dai + +//! \file misc.h +//! \brief Utility functions for the Crypto++ library. + +#ifndef CRYPTOPP_MISC_H +#define CRYPTOPP_MISC_H + +#include "config.h" + +#if !CRYPTOPP_DOXYGEN_PROCESSING + +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4146 4514) +# if (CRYPTOPP_MSC_VERSION >= 1400) +# pragma warning(disable: 6326) +# endif +#endif + +#include "cryptlib.h" +#include "stdcpp.h" +#include "smartptr.h" + +#ifdef _MSC_VER + #if _MSC_VER >= 1400 + // VC2005 workaround: disable declarations that conflict with winnt.h + #define _interlockedbittestandset CRYPTOPP_DISABLED_INTRINSIC_1 + #define _interlockedbittestandreset CRYPTOPP_DISABLED_INTRINSIC_2 + #define _interlockedbittestandset64 CRYPTOPP_DISABLED_INTRINSIC_3 + #define _interlockedbittestandreset64 CRYPTOPP_DISABLED_INTRINSIC_4 + #include + #undef _interlockedbittestandset + #undef _interlockedbittestandreset + #undef _interlockedbittestandset64 + #undef _interlockedbittestandreset64 + #define CRYPTOPP_FAST_ROTATE(x) 1 + #elif _MSC_VER >= 1300 + #define CRYPTOPP_FAST_ROTATE(x) ((x) == 32 | (x) == 64) + #else + #define CRYPTOPP_FAST_ROTATE(x) ((x) == 32) + #endif +#elif (defined(__MWERKS__) && TARGET_CPU_PPC) || \ + (defined(__GNUC__) && (defined(_ARCH_PWR2) || defined(_ARCH_PWR) || defined(_ARCH_PPC) || defined(_ARCH_PPC64) || defined(_ARCH_COM))) + #define CRYPTOPP_FAST_ROTATE(x) ((x) == 32) +#elif defined(__GNUC__) && (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86) // depend on GCC's peephole optimization to generate rotate instructions + #define CRYPTOPP_FAST_ROTATE(x) 1 +#else + #define CRYPTOPP_FAST_ROTATE(x) 0 +#endif + +#ifdef __BORLANDC__ +#include +#include +#endif + +#if defined(__GNUC__) && defined(__linux__) +#define CRYPTOPP_BYTESWAP_AVAILABLE +#include +#endif + +#if defined(__GNUC__) && defined(__BMI__) +# include +# if defined(__clang__) +# ifndef _tzcnt_u32 +# define _tzcnt_u32(x) __tzcnt_u32(x) +# endif +# ifndef _blsr_u32 +# define _blsr_u32(x) __blsr_u32(x) +# endif +# ifdef __x86_64__ +# ifndef _tzcnt_u64 +# define _tzcnt_u64(x) __tzcnt_u64(x) +# endif +# ifndef _blsr_u64 +# define _blsr_u64(x) __blsr_u64(x) +# endif +# endif // x86_64 +# endif // Clang +#endif // GNUC and BMI + +#endif // CRYPTOPP_DOXYGEN_PROCESSING + +#if CRYPTOPP_DOXYGEN_PROCESSING +//! \brief The maximum value of a machine word +//! \details SIZE_MAX provides the maximum value of a machine word. The value is +//! \p 0xffffffff on 32-bit machines, and \p 0xffffffffffffffff on 64-bit machines. +//! Internally, SIZE_MAX is defined as __SIZE_MAX__ if __SIZE_MAX__ is defined. If not +//! defined, then SIZE_T_MAX is tried. If neither __SIZE_MAX__ nor SIZE_T_MAX is +//! is defined, the library uses std::numeric_limits::max(). The library +//! prefers __SIZE_MAX__ because its a constexpr that is optimized well +//! by all compilers. std::numeric_limits::max() is \a not a constexpr, +//! and it is \a not always optimized well. +# define SIZE_MAX ... +#else +// Its amazing portability problems still plague this simple concept in 2015. +// http://stackoverflow.com/questions/30472731/which-c-standard-header-defines-size-max +// Avoid NOMINMAX macro on Windows. http://support.microsoft.com/en-us/kb/143208 +#ifndef SIZE_MAX +# if defined(__SIZE_MAX__) && (__SIZE_MAX__ > 0) +# define SIZE_MAX __SIZE_MAX__ +# elif defined(SIZE_T_MAX) && (SIZE_T_MAX > 0) +# define SIZE_MAX SIZE_T_MAX +# else +# define SIZE_MAX ((std::numeric_limits::max)()) +# endif +#endif + +#endif // CRYPTOPP_DOXYGEN_PROCESSING + +NAMESPACE_BEGIN(CryptoPP) + +// Forward declaration for IntToString specialization +class Integer; + +// ************** compile-time assertion *************** + +#if CRYPTOPP_DOXYGEN_PROCESSING +//! \brief Compile time assertion +//! \param expr the expression to evaluate +//! \details Asserts the expression expr though a dummy struct. +#define CRYPTOPP_COMPILE_ASSERT(expr) { ... } +#else // CRYPTOPP_DOXYGEN_PROCESSING +template +struct CompileAssert +{ + static char dummy[2*b-1]; +}; +//! \endif + +#define CRYPTOPP_COMPILE_ASSERT(assertion) CRYPTOPP_COMPILE_ASSERT_INSTANCE(assertion, __LINE__) +#if defined(CRYPTOPP_EXPORTS) || defined(CRYPTOPP_IMPORTS) +#define CRYPTOPP_COMPILE_ASSERT_INSTANCE(assertion, instance) +#else +# if defined(__GNUC__) +# define CRYPTOPP_COMPILE_ASSERT_INSTANCE(assertion, instance) \ + static CompileAssert<(assertion)> \ + CRYPTOPP_ASSERT_JOIN(cryptopp_CRYPTOPP_ASSERT_, instance) __attribute__ ((unused)) +# else +# define CRYPTOPP_COMPILE_ASSERT_INSTANCE(assertion, instance) \ + static CompileAssert<(assertion)> \ + CRYPTOPP_ASSERT_JOIN(cryptopp_CRYPTOPP_ASSERT_, instance) +# endif // __GNUC__ +#endif +#define CRYPTOPP_ASSERT_JOIN(X, Y) CRYPTOPP_DO_ASSERT_JOIN(X, Y) +#define CRYPTOPP_DO_ASSERT_JOIN(X, Y) X##Y + +#endif // CRYPTOPP_DOXYGEN_PROCESSING + +// ************** count elements in an array *************** + +#if CRYPTOPP_DOXYGEN_PROCESSING +//! \brief Counts elements in an array +//! \param arr an array of elements +//! \details COUNTOF counts elements in an array. On Windows COUNTOF(x) is defined +//! to _countof(x) to ensure correct results for pointers. +//! \note COUNTOF does not produce correct results with pointers, and an array must be used. +//! sizeof(x)/sizeof(x[0]) suffers the same problem. The risk is eliminated by using +//! _countof(x) on Windows. Windows will provide the immunity for other platforms. +# define COUNTOF(arr) +#else +// VS2005 added _countof +#ifndef COUNTOF +# if defined(_MSC_VER) && (_MSC_VER >= 1400) +# define COUNTOF(x) _countof(x) +# else +# define COUNTOF(x) (sizeof(x)/sizeof(x[0])) +# endif +#endif // COUNTOF +#endif // CRYPTOPP_DOXYGEN_PROCESSING + +// ************** misc classes *************** + +//! \brief An Empty class +//! \details The Empty class can be used as a template parameter BASE when no base class exists. +class CRYPTOPP_DLL Empty +{ +}; + +#if !CRYPTOPP_DOXYGEN_PROCESSING +template +class CRYPTOPP_NO_VTABLE TwoBases : public BASE1, public BASE2 +{ +}; + +template +class CRYPTOPP_NO_VTABLE ThreeBases : public BASE1, public BASE2, public BASE3 +{ +}; +#endif // CRYPTOPP_DOXYGEN_PROCESSING + +//! \class ObjectHolder +//! \tparam the class or type +//! \brief Uses encapsulation to hide an object in derived classes +//! \details The object T is declared as protected. +template +class ObjectHolder +{ +protected: + T m_object; +}; + +//! \class NotCopyable +//! \brief Ensures an object is not copyable +//! \details NotCopyable ensures an object is not copyable by making the +//! copy constructor and assignment operator private. Deleters are not +//! used under C++11. +//! \sa Clonable class +class NotCopyable +{ +public: + NotCopyable() {} +private: + NotCopyable(const NotCopyable &); + void operator=(const NotCopyable &); +}; + +//! \class NewObject +//! \brief An object factory function +//! \details NewObject overloads operator()(). +template +struct NewObject +{ + T* operator()() const {return new T;} +}; + +#if CRYPTOPP_DOXYGEN_PROCESSING +//! \brief A memory barrier +//! \details MEMORY_BARRIER attempts to ensure reads and writes are completed +//! in the absence of a language synchronization point. It is used by the +//! Singleton class if the compiler supports it. The barrier is provided at the +//! customary places in a double-checked initialization. +//! \details Internally, MEMORY_BARRIER uses std::atomic_thread_fence if +//! C++11 atomics are available. Otherwise, intrinsic(_ReadWriteBarrier), +//! _ReadWriteBarrier() or __asm__("" ::: "memory") is used. +#define MEMORY_BARRIER ... +#else +#if defined(CRYPTOPP_CXX11_ATOMICS) +# define MEMORY_BARRIER() std::atomic_thread_fence(std::memory_order_acq_rel) +#elif (_MSC_VER >= 1400) +# pragma intrinsic(_ReadWriteBarrier) +# define MEMORY_BARRIER() _ReadWriteBarrier() +#elif defined(__INTEL_COMPILER) +# define MEMORY_BARRIER() __memory_barrier() +#elif defined(__GNUC__) || defined(__clang__) +# define MEMORY_BARRIER() __asm__ __volatile__ ("" ::: "memory") +#else +# define MEMORY_BARRIER() +#endif +#endif // CRYPTOPP_DOXYGEN_PROCESSING + +//! \brief Restricts the instantiation of a class to one static object without locks +//! \tparam T the class or type +//! \tparam F the object factory for T +//! \tparam instance the initiali instance count +//! \details This class safely initializes a static object in a multithreaded environment. For C++03 +//! and below it will do so without using locks for portability. If two threads call Ref() at the same +//! time, they may get back different references, and one object may end up being memory leaked. This +//! is by design and it avoids a subltle initialization problem ina multithreaded environment with thread +//! local storage on early Windows platforms, like Windows XP and Windows 2003. +//! \details For C++11 and above, a standard double-checked locking pattern with thread fences +//! are used. The locks and fences are standard and do not hinder portability. +//! \sa Double-Checked +//! Locking is Fixed In C++11 +template , int instance=0> +class Singleton +{ +public: + Singleton(F objectFactory = F()) : m_objectFactory(objectFactory) {} + + // prevent this function from being inlined + CRYPTOPP_NOINLINE const T & Ref(CRYPTOPP_NOINLINE_DOTDOTDOT) const; + +private: + F m_objectFactory; +}; + +//! \brief Return a reference to the inner Singleton object +//! \details Ref() is used to create the object using the object factory. The +//! object is only created once with the limitations discussed in the class documentation. +//! \sa Double-Checked Locking is Fixed In C++11 +#if defined(CRYPTOPP_CXX11_ATOMICS) && defined(CRYPTOPP_CXX11_SYNCHRONIZATION) +template + const T & Singleton::Ref(CRYPTOPP_NOINLINE_DOTDOTDOT) const +{ + static std::mutex s_mutex; + static std::atomic s_pObject; + + T *p = s_pObject.load(std::memory_order_relaxed); + std::atomic_thread_fence(std::memory_order_acquire); + + if (p) + return *p; + + std::lock_guard lock(s_mutex); + p = s_pObject.load(std::memory_order_relaxed); + std::atomic_thread_fence(std::memory_order_acquire); + + if (p) + return *p; + + T *newObject = m_objectFactory(); + s_pObject.store(newObject, std::memory_order_relaxed); + std::atomic_thread_fence(std::memory_order_release); + + return *newObject; +} +#else +template +const T & Singleton::Ref(CRYPTOPP_NOINLINE_DOTDOTDOT) const +{ + static volatile simple_ptr s_pObject; + T *p = s_pObject.m_p; + MEMORY_BARRIER(); + + if (p) + return *p; + + T *newObject = m_objectFactory(); + p = s_pObject.m_p; + MEMORY_BARRIER(); + + if (p) + { + delete newObject; + return *p; + } + + s_pObject.m_p = newObject; + MEMORY_BARRIER(); + + return *newObject; +} +#endif + +// ************** misc functions *************** + +#if (!__STDC_WANT_SECURE_LIB__ && !defined(_MEMORY_S_DEFINED)) || defined(CRYPTOPP_WANT_SECURE_LIB) + +//! \brief Bounds checking replacement for memcpy() +//! \param dest pointer to the desination memory block +//! \param sizeInBytes the size of the desination memory block, in bytes +//! \param src pointer to the source memory block +//! \param count the size of the source memory block, in bytes +//! \throws InvalidArgument +//! \details ISO/IEC TR-24772 provides bounds checking interfaces for potentially +//! unsafe functions like memcpy(), strcpy() and memmove(). However, +//! not all standard libraries provides them, like Glibc. The library's +//! memcpy_s() is a near-drop in replacement. Its only a near-replacement +//! because the library's version throws an InvalidArgument on a bounds violation. +//! \details memcpy_s() and memmove_s() are guarded by __STDC_WANT_SECURE_LIB__. +//! If __STDC_WANT_SECURE_LIB__ is \a not defined or defined to 0, then the library +//! makes memcpy_s() and memmove_s() available. The library will also optionally +//! make the symbols available if CRYPTOPP_WANT_SECURE_LIB is defined. +//! CRYPTOPP_WANT_SECURE_LIB is in config.h, but it is disabled by default. +//! \details memcpy_s() will assert the pointers src and dest are not NULL +//! in debug builds. Passing NULL for either pointer is undefined behavior. +inline void memcpy_s(void *dest, size_t sizeInBytes, const void *src, size_t count) +{ + // Safer functions on Windows for C&A, http://github.com/weidai11/cryptopp/issues/55 + + // Pointers must be valid; otherwise undefined behavior + CRYPTOPP_ASSERT(dest != NULL); CRYPTOPP_ASSERT(src != NULL); + // Destination buffer must be large enough to satsify request + CRYPTOPP_ASSERT(sizeInBytes >= count); + if (count > sizeInBytes) + throw InvalidArgument("memcpy_s: buffer overflow"); + +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4996) +# if (CRYPTOPP_MSC_VERSION >= 1400) +# pragma warning(disable: 6386) +# endif +#endif + memcpy(dest, src, count); +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif +} + +//! \brief Bounds checking replacement for memmove() +//! \param dest pointer to the desination memory block +//! \param sizeInBytes the size of the desination memory block, in bytes +//! \param src pointer to the source memory block +//! \param count the size of the source memory block, in bytes +//! \throws InvalidArgument +//! \details ISO/IEC TR-24772 provides bounds checking interfaces for potentially +//! unsafe functions like memcpy(), strcpy() and memmove(). However, +//! not all standard libraries provides them, like Glibc. The library's +//! memmove_s() is a near-drop in replacement. Its only a near-replacement +//! because the library's version throws an InvalidArgument on a bounds violation. +//! \details memcpy_s() and memmove_s() are guarded by __STDC_WANT_SECURE_LIB__. +//! If __STDC_WANT_SECURE_LIB__ is \a not defined or defined to 0, then the library +//! makes memcpy_s() and memmove_s() available. The library will also optionally +//! make the symbols available if CRYPTOPP_WANT_SECURE_LIB is defined. +//! CRYPTOPP_WANT_SECURE_LIB is in config.h, but it is disabled by default. +//! \details memmove_s() will assert the pointers src and dest are not NULL +//! in debug builds. Passing NULL for either pointer is undefined behavior. +inline void memmove_s(void *dest, size_t sizeInBytes, const void *src, size_t count) +{ + // Safer functions on Windows for C&A, http://github.com/weidai11/cryptopp/issues/55 + + // Pointers must be valid; otherwise undefined behavior + CRYPTOPP_ASSERT(dest != NULL); CRYPTOPP_ASSERT(src != NULL); + // Destination buffer must be large enough to satsify request + CRYPTOPP_ASSERT(sizeInBytes >= count); + if (count > sizeInBytes) + throw InvalidArgument("memmove_s: buffer overflow"); + +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4996) +# if (CRYPTOPP_MSC_VERSION >= 1400) +# pragma warning(disable: 6386) +# endif +#endif + memmove(dest, src, count); +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif +} + +#if __BORLANDC__ >= 0x620 +// C++Builder 2010 workaround: can't use std::memcpy_s because it doesn't allow 0 lengths +# define memcpy_s CryptoPP::memcpy_s +# define memmove_s CryptoPP::memmove_s +#endif + +#endif // __STDC_WANT_SECURE_LIB__ + +//! \brief Swaps two variables which are arrays +//! \param a the first value +//! \param b the second value +//! \details C++03 does not provide support for std::swap(__m128i a, __m128i b) +//! because __m128i is an unsigned long long[2]. Most compilers +//! support it out of the box, but Sun Studio C++ compilers 12.2 and 12.3 do not. +//! \sa How to swap two __m128i variables +//! in C++03 given its an opaque type and an array? on Stack Overflow. +template +inline void vec_swap(T& a, T& b) +{ + T t; + t=a, a=b, b=t; +} + +//! \brief Memory block initializer and eraser that attempts to survive optimizations +//! \param ptr pointer to the memory block being written +//! \param value the integer value to write for each byte +//! \param num the size of the source memory block, in bytes +//! \details Internally the function calls memset with the value value, and receives the +//! return value from memset as a volatile pointer. +inline void * memset_z(void *ptr, int value, size_t num) +{ +// avoid extranous warning on GCC 4.3.2 Ubuntu 8.10 +#if CRYPTOPP_GCC_VERSION >= 30001 + if (__builtin_constant_p(num) && num==0) + return ptr; +#endif + volatile void* x = memset(ptr, value, num); + return const_cast(x); +} + +//! \brief Replacement function for std::min +//! \param a the first value +//! \param b the second value +//! \returns the minimum value based on a comparison of b \< a using operator\< +//! \details STDMIN was provided because the library could not use std::min or std::max in MSVC60 or Cygwin 1.1.0 +template inline const T& STDMIN(const T& a, const T& b) +{ + return b < a ? b : a; +} + +//! \brief Replacement function for std::max +//! \param a the first value +//! \param b the second value +//! \returns the minimum value based on a comparison of a \< b using operator\< +//! \details STDMAX was provided because the library could not use std::min or std::max in MSVC60 or Cygwin 1.1.0 +template inline const T& STDMAX(const T& a, const T& b) +{ + // can't use std::min or std::max in MSVC60 or Cygwin 1.1.0 + return a < b ? b : a; +} + +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4389) +#endif + +#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE +# pragma GCC diagnostic push +# pragma GCC diagnostic ignored "-Wsign-compare" +# if (CRYPTOPP_LLVM_CLANG_VERSION >= 20800) || (CRYPTOPP_APPLE_CLANG_VERSION >= 30000) +# pragma GCC diagnostic ignored "-Wtautological-compare" +# elif (CRYPTOPP_GCC_VERSION >= 40300) +# pragma GCC diagnostic ignored "-Wtype-limits" +# endif +#endif + +//! \brief Safe comparison of values that could be neagtive and incorrectly promoted +//! \param a the first value +//! \param b the second value +//! \returns the minimum value based on a comparison a and b using operator<. +//! \details The comparison b \< a is performed and the value returned is a's type T1. +template inline const T1 UnsignedMin(const T1& a, const T2& b) +{ + CRYPTOPP_COMPILE_ASSERT((sizeof(T1)<=sizeof(T2) && T2(-1)>0) || (sizeof(T1)>sizeof(T2) && T1(-1)>0)); + if (sizeof(T1)<=sizeof(T2)) + return b < (T2)a ? (T1)b : a; + else + return (T1)b < a ? (T1)b : a; +} + +//! \brief Tests whether a conversion from -> to is safe to perform +//! \param from the first value +//! \param to the second value +//! \returns true if its safe to convert from into to, false otherwise. +template +inline bool SafeConvert(T1 from, T2 &to) +{ + to = (T2)from; + if (from != to || (from > 0) != (to > 0)) + return false; + return true; +} + +//! \brief Converts a value to a string +//! \param value the value to convert +//! \param base the base to use during the conversion +//! \returns the string representation of value in base. +template +std::string IntToString(T value, unsigned int base = 10) +{ + // Hack... set the high bit for uppercase. + static const unsigned int HIGH_BIT = (1U << 31); + const char CH = !!(base & HIGH_BIT) ? 'A' : 'a'; + base &= ~HIGH_BIT; + + CRYPTOPP_ASSERT(base >= 2); + if (value == 0) + return "0"; + + bool negate = false; + if (value < 0) + { + negate = true; + value = 0-value; // VC .NET does not like -a + } + std::string result; + while (value > 0) + { + T digit = value % base; + result = char((digit < 10 ? '0' : (CH - 10)) + digit) + result; + value /= base; + } + if (negate) + result = "-" + result; + return result; +} + +//! \brief Converts an unsigned value to a string +//! \param value the value to convert +//! \param base the base to use during the conversion +//! \returns the string representation of value in base. +//! \details this template function specialization was added to suppress +//! Coverity findings on IntToString() with unsigned types. +template <> CRYPTOPP_DLL +std::string IntToString(word64 value, unsigned int base); + +//! \brief Converts an Integer to a string +//! \param value the Integer to convert +//! \param base the base to use during the conversion +//! \returns the string representation of value in base. +//! \details This is a template specialization of IntToString(). Use it +//! like IntToString(): +//! 
+//!   // Print integer in base 10
+//!   Integer n...
+//!   std::string s = IntToString(n, 10);
+//!
+//! \details The string is presented with lowercase letters by default. A +//! hack is available to switch to uppercase letters without modifying +//! the function signature. +//! 
+//!   // Print integer in base 16, uppercase letters
+//!   Integer n...
+//!   const unsigned int UPPER = (1 << 31);
+//!   std::string s = IntToString(n, (UPPER | 16));
+template <> CRYPTOPP_DLL +std::string IntToString(Integer value, unsigned int base); + +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + +#if CRYPTOPP_GCC_DIAGNOSTIC_AVAILABLE +# pragma GCC diagnostic pop +#endif + +#define RETURN_IF_NONZERO(x) size_t returnedValue = x; if (returnedValue) return returnedValue + +// this version of the macro is fastest on Pentium 3 and Pentium 4 with MSVC 6 SP5 w/ Processor Pack +#define GETBYTE(x, y) (unsigned int)byte((x)>>(8*(y))) +// these may be faster on other CPUs/compilers +// #define GETBYTE(x, y) (unsigned int)(((x)>>(8*(y)))&255) +// #define GETBYTE(x, y) (((byte *)&(x))[y]) + +#define CRYPTOPP_GET_BYTE_AS_BYTE(x, y) byte((x)>>(8*(y))) + +//! \brief Returns the parity of a value +//! \param value the value to provide the parity +//! \returns 1 if the number 1-bits in the value is odd, 0 otherwise +template +unsigned int Parity(T value) +{ + for (unsigned int i=8*sizeof(value)/2; i>0; i/=2) + value ^= value >> i; + return (unsigned int)value&1; +} + +//! \brief Returns the number of 8-bit bytes or octets required for a value +//! \param value the value to test +//! \returns the minimum number of 8-bit bytes or octets required to represent a value +template +unsigned int BytePrecision(const T &value) +{ + if (!value) + return 0; + + unsigned int l=0, h=8*sizeof(value); + while (h-l > 8) + { + unsigned int t = (l+h)/2; + if (value >> t) + l = t; + else + h = t; + } + + return h/8; +} + +//! \brief Returns the number of bits required for a value +//! \param value the value to test +//! \returns the maximum number of bits required to represent a value. +template +unsigned int BitPrecision(const T &value) +{ + if (!value) + return 0; + + unsigned int l=0, h=8*sizeof(value); + + while (h-l > 1) + { + unsigned int t = (l+h)/2; + if (value >> t) + l = t; + else + h = t; + } + + return h; +} + +//! Determines the number of trailing 0-bits in a value +//! \param v the 32-bit value to test +//! \returns the number of trailing 0-bits in v, starting at the least significant bit position +//! \details TrailingZeros returns the number of trailing 0-bits in v, starting at the least +//! significant bit position. The return value is undefined if there are no 1-bits set in the value v. +//! \note The function does \a not return 0 if no 1-bits are set because 0 collides with a 1-bit at the 0-th position. +inline unsigned int TrailingZeros(word32 v) +{ + // GCC 4.7 and VS2012 provides tzcnt on AVX2/BMI enabled processors + // We don't enable for Microsoft because it requires a runtime check. + // http://msdn.microsoft.com/en-us/library/hh977023%28v=vs.110%29.aspx + CRYPTOPP_ASSERT(v != 0); +#if defined(__GNUC__) && defined(__BMI__) + return (unsigned int)_tzcnt_u32(v); +#elif defined(__GNUC__) && (CRYPTOPP_GCC_VERSION >= 30400) + return (unsigned int)__builtin_ctz(v); +#elif defined(_MSC_VER) && (_MSC_VER >= 1400) + unsigned long result; + _BitScanForward(&result, v); + return (unsigned int)result; +#else + // from http://graphics.stanford.edu/~seander/bithacks.html#ZerosOnRightMultLookup + static const int MultiplyDeBruijnBitPosition[32] = + { + 0, 1, 28, 2, 29, 14, 24, 3, 30, 22, 20, 15, 25, 17, 4, 8, + 31, 27, 13, 23, 21, 19, 16, 7, 26, 12, 18, 6, 11, 5, 10, 9 + }; + return MultiplyDeBruijnBitPosition[((word32)((v & -v) * 0x077CB531U)) >> 27]; +#endif +} + +//! Determines the number of trailing 0-bits in a value +//! \param v the 64-bit value to test +//! \returns the number of trailing 0-bits in v, starting at the least significant bit position +//! \details TrailingZeros returns the number of trailing 0-bits in v, starting at the least +//! significant bit position. The return value is undefined if there are no 1-bits set in the value v. +//! \note The function does \a not return 0 if no 1-bits are set because 0 collides with a 1-bit at the 0-th position. +inline unsigned int TrailingZeros(word64 v) +{ + // GCC 4.7 and VS2012 provides tzcnt on AVX2/BMI enabled processors + // We don't enable for Microsoft because it requires a runtime check. + // http://msdn.microsoft.com/en-us/library/hh977023%28v=vs.110%29.aspx + CRYPTOPP_ASSERT(v != 0); +#if defined(__GNUC__) && defined(__BMI__) && defined(__x86_64__) + return (unsigned int)_tzcnt_u64(v); +#elif defined(__GNUC__) && (CRYPTOPP_GCC_VERSION >= 30400) + return (unsigned int)__builtin_ctzll(v); +#elif defined(_MSC_VER) && (_MSC_VER >= 1400) && (defined(_M_X64) || defined(_M_IA64)) + unsigned long result; + _BitScanForward64(&result, v); + return (unsigned int)result; +#else + return word32(v) ? TrailingZeros(word32(v)) : 32 + TrailingZeros(word32(v>>32)); +#endif +} + +//! \brief Truncates the value to the specified number of bits. +//! \param value the value to truncate or mask +//! \param bits the number of bits to truncate or mask +//! \returns the value truncated to the specified number of bits, starting at the least +//! significant bit position +//! \details This function masks the low-order bits of value and returns the result. The +//! mask is created with (1 << bits) - 1. +template +inline T Crop(T value, size_t bits) +{ + if (bits < 8*sizeof(value)) + return T(value & ((T(1) << bits) - 1)); + else + return value; +} + +//! \brief Returns the number of 8-bit bytes or octets required for the specified number of bits +//! \param bitCount the number of bits +//! \returns the minimum number of 8-bit bytes or octets required by bitCount +//! \details BitsToBytes is effectively a ceiling function based on 8-bit bytes. +inline size_t BitsToBytes(size_t bitCount) +{ + return ((bitCount+7)/(8)); +} + +//! \brief Returns the number of words required for the specified number of bytes +//! \param byteCount the number of bytes +//! \returns the minimum number of words required by byteCount +//! \details BytesToWords is effectively a ceiling function based on WORD_SIZE. +//! WORD_SIZE is defined in config.h +inline size_t BytesToWords(size_t byteCount) +{ + return ((byteCount+WORD_SIZE-1)/WORD_SIZE); +} + +//! \brief Returns the number of words required for the specified number of bits +//! \param bitCount the number of bits +//! \returns the minimum number of words required by bitCount +//! \details BitsToWords is effectively a ceiling function based on WORD_BITS. +//! WORD_BITS is defined in config.h +inline size_t BitsToWords(size_t bitCount) +{ + return ((bitCount+WORD_BITS-1)/(WORD_BITS)); +} + +//! \brief Returns the number of double words required for the specified number of bits +//! \param bitCount the number of bits +//! \returns the minimum number of double words required by bitCount +//! \details BitsToDwords is effectively a ceiling function based on 2*WORD_BITS. +//! WORD_BITS is defined in config.h +inline size_t BitsToDwords(size_t bitCount) +{ + return ((bitCount+2*WORD_BITS-1)/(2*WORD_BITS)); +} + +//! Performs an XOR of a buffer with a mask +//! \param buf the buffer to XOR with the mask +//! \param mask the mask to XOR with the buffer +//! \param count the size of the buffers, in bytes +//! \details The function effectively visits each element in the buffers and performs +//! buf[i] ^= mask[i]. buf and mask must be of equal size. +CRYPTOPP_DLL void CRYPTOPP_API xorbuf(byte *buf, const byte *mask, size_t count); + +//! Performs an XOR of an input buffer with a mask and stores the result in an output buffer +//! \param output the destination buffer +//! \param input the source buffer to XOR with the mask +//! \param mask the mask buffer to XOR with the input buffer +//! \param count the size of the buffers, in bytes +//! \details The function effectively visits each element in the buffers and performs +//! output[i] = input[i] ^ mask[i]. output, input and mask must be of equal size. +CRYPTOPP_DLL void CRYPTOPP_API xorbuf(byte *output, const byte *input, const byte *mask, size_t count); + +//! \brief Performs a near constant-time comparison of two equally sized buffers +//! \param buf1 the first buffer +//! \param buf2 the second buffer +//! \param count the size of the buffers, in bytes +//! \details The function effectively performs an XOR of the elements in two equally sized buffers +//! and retruns a result based on the XOR operation. The function is near constant-time because +//! CPU micro-code timings could affect the "constant-ness". Calling code is responsible for +//! mitigating timing attacks if the buffers are \a not equally sized. +//! \sa ModPowerOf2 +CRYPTOPP_DLL bool CRYPTOPP_API VerifyBufsEqual(const byte *buf1, const byte *buf2, size_t count); + +//! \brief Tests whether a value is a power of 2 +//! \param value the value to test +//! \returns true if value is a power of 2, false otherwise +//! \details The function creates a mask of value - 1 and returns the result of +//! an AND operation compared to 0. If value is 0 or less than 0, then the function returns false. +template +inline bool IsPowerOf2(const T &value) +{ + return value > 0 && (value & (value-1)) == 0; +} + +#if defined(__GNUC__) && defined(__BMI__) +template <> +inline bool IsPowerOf2(const word32 &value) +{ + return value > 0 && _blsr_u32(value) == 0; +} + +# if defined(__x86_64__) +template <> +inline bool IsPowerOf2(const word64 &value) +{ + return value > 0 && _blsr_u64(value) == 0; +} +# endif +#endif + +//! \brief Performs a saturating subtract clamped at 0 +//! \param a the minuend +//! \param b the subtrahend +//! \returns the difference produced by the saturating subtract +//! \details Saturating arithmetic restricts results to a fixed range. Results that are less than 0 are clamped at 0. +//! \details Use of saturating arithmetic in places can be advantageous because it can +//! avoid a branch by using an instruction like a conditional move (CMOVE). +template +inline T1 SaturatingSubtract(const T1 &a, const T2 &b) +{ + // Generated ASM of a typical clamp, http://gcc.gnu.org/ml/gcc-help/2014-10/msg00112.html + return T1((a > b) ? (a - b) : 0); +} + +//! \brief Performs a saturating subtract clamped at 1 +//! \param a the minuend +//! \param b the subtrahend +//! \returns the difference produced by the saturating subtract +//! \details Saturating arithmetic restricts results to a fixed range. Results that are less than +//! 1 are clamped at 1. +//! \details Use of saturating arithmetic in places can be advantageous because it can +//! avoid a branch by using an instruction like a conditional move (CMOVE). +template +inline T1 SaturatingSubtract1(const T1 &a, const T2 &b) +{ + // Generated ASM of a typical clamp, http://gcc.gnu.org/ml/gcc-help/2014-10/msg00112.html + return T1((a > b) ? (a - b) : 1); +} + +//! \brief Reduces a value to a power of 2 +//! \param a the first value +//! \param b the second value +//! \returns ModPowerOf2() returns a & (b-1). b must be a power of 2. +//! Use IsPowerOf2() to determine if b is a suitable candidate. +//! \sa IsPowerOf2 +template +inline T2 ModPowerOf2(const T1 &a, const T2 &b) +{ + CRYPTOPP_ASSERT(IsPowerOf2(b)); + // Coverity finding CID 170383 Overflowed return value (INTEGER_OVERFLOW) + return T2(a) & SaturatingSubtract(b,1U); +} + +//! \brief Rounds a value down to a multiple of a second value +//! \param n the value to reduce +//! \param m the value to reduce \n to to a multiple +//! \returns the possibly unmodified value \n +//! \details RoundDownToMultipleOf is effectively a floor function based on m. The function returns +//! the value n - n\%m. If n is a multiple of m, then the original value is returned. +template +inline T1 RoundDownToMultipleOf(const T1 &n, const T2 &m) +{ + if (IsPowerOf2(m)) + return n - ModPowerOf2(n, m); + else + return n - n%m; +} + +//! \brief Rounds a value up to a multiple of a second value +//! \param n the value to reduce +//! \param m the value to reduce \n to to a multiple +//! \returns the possibly unmodified value \n +//! \details RoundUpToMultipleOf is effectively a ceiling function based on m. The function +//! returns the value n + n\%m. If n is a multiple of m, then the original value is +//! returned. If the value n would overflow, then an InvalidArgument exception is thrown. +template +inline T1 RoundUpToMultipleOf(const T1 &n, const T2 &m) +{ + if (n > (SIZE_MAX/sizeof(T1))-m-1) + throw InvalidArgument("RoundUpToMultipleOf: integer overflow"); + return RoundDownToMultipleOf(T1(n+m-1), m); +} + +//! \brief Returns the minimum alignment requirements of a type +//! \param dummy an unused Visual C++ 6.0 workaround +//! \returns the minimum alignment requirements of a type, in bytes +//! \details Internally the function calls C++11's alignof if available. If not available, +//! then the function uses compiler specific extensions such as __alignof and +//! _alignof_. If an extension is not available, then the function uses +//! __BIGGEST_ALIGNMENT__ if __BIGGEST_ALIGNMENT__ is smaller than sizeof(T). +//! sizeof(T) is used if all others are not available. +//! In all cases, if CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS is defined, then the +//! function returns 1. +template +inline unsigned int GetAlignmentOf(T *dummy=NULL) // VC60 workaround +{ +// GCC 4.6 (circa 2008) and above aggressively uses vectorization. +#if defined(CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS) + if (sizeof(T) < 16) + return 1; +#endif + CRYPTOPP_UNUSED(dummy); +#if defined(CRYPTOPP_CXX11_ALIGNOF) + return alignof(T); +#elif (_MSC_VER >= 1300) + return __alignof(T); +#elif defined(__GNUC__) + return __alignof__(T); +#elif CRYPTOPP_BOOL_SLOW_WORD64 + return UnsignedMin(4U, sizeof(T)); +#else +# if __BIGGEST_ALIGNMENT__ + if (__BIGGEST_ALIGNMENT__ < sizeof(T)) + return __BIGGEST_ALIGNMENT__; + else +# endif + return sizeof(T); +#endif +} + +//! \brief Determines whether ptr is aligned to a minimum value +//! \param ptr the pointer being checked for alignment +//! \param alignment the alignment value to test the pointer against +//! \returns true if ptr is aligned on at least align boundary +//! \details Internally the function tests whether alignment is 1. If so, the function returns true. +//! If not, then the function effectively performs a modular reduction and returns true if the residue is 0 +inline bool IsAlignedOn(const void *ptr, unsigned int alignment) +{ + return alignment==1 || (IsPowerOf2(alignment) ? ModPowerOf2((size_t)ptr, alignment) == 0 : (size_t)ptr % alignment == 0); +} + +//! \brief Determines whether ptr is minimally aligned +//! \param ptr the pointer to check for alignment +//! \param dummy an unused Visual C++ 6.0 workaround +//! \returns true if ptr follows native byte ordering, false otherwise +//! \details Internally the function calls IsAlignedOn with a second parameter of GetAlignmentOf +template +inline bool IsAligned(const void *ptr, T *dummy=NULL) // VC60 workaround +{ + CRYPTOPP_UNUSED(dummy); + return IsAlignedOn(ptr, GetAlignmentOf()); +} + +#if defined(IS_LITTLE_ENDIAN) + typedef LittleEndian NativeByteOrder; +#elif defined(IS_BIG_ENDIAN) + typedef BigEndian NativeByteOrder; +#else +# error "Unable to determine endian-ness" +#endif + +//! \brief Returns NativeByteOrder as an enumerated ByteOrder value +//! \returns LittleEndian if the native byte order is little-endian, and BigEndian if the + //! native byte order is big-endian +//! \details NativeByteOrder is a typedef depending on the platform. If IS_LITTLE_ENDIAN is + //! set in config.h, then GetNativeByteOrder returns LittleEndian. If + //! IS_BIG_ENDIAN is set, then GetNativeByteOrder returns BigEndian. +//! \note There are other byte orders besides little- and big-endian, and they include bi-endian + //! and PDP-endian. If a system is neither little-endian nor big-endian, then a compile time error occurs. +inline ByteOrder GetNativeByteOrder() +{ + return NativeByteOrder::ToEnum(); +} + +//! \brief Determines whether order follows native byte ordering +//! \param order the ordering being tested against native byte ordering +//! \returns true if order follows native byte ordering, false otherwise +inline bool NativeByteOrderIs(ByteOrder order) +{ + return order == GetNativeByteOrder(); +} + +//! \brief Returns the direction the cipher is being operated +//! \param obj the cipher object being queried +//! \returns \p ENCRYPTION if the cipher obj is being operated in its forward direction, +//! \p DECRYPTION otherwise +//! \details A cipher can be operated in a "forward" direction (encryption) or a "reverse" +//! direction (decryption). The operations do not have to be symmetric, meaning a second +//! application of the transformation does not necessariy return the original message. +//! That is, E(D(m)) may not equal E(E(m)); and D(E(m)) may not +//! equal D(D(m)). +template +inline CipherDir GetCipherDir(const T &obj) +{ + return obj.IsForwardTransformation() ? ENCRYPTION : DECRYPTION; +} + +//! \brief Attempts to reclaim unused memory +//! \throws bad_alloc +//! \details In the normal course of running a program, a request for memory normally succeeds. If a +//! call to AlignedAllocate or UnalignedAllocate fails, then CallNewHandler is called in +//! an effort to recover. Internally, CallNewHandler calls set_new_handler(NULL) in an effort +//! to free memory. There is no guarantee CallNewHandler will be able to procure more memory so +//! an allocation succeeds. If the call to set_new_handler fails, then CallNewHandler throws +//! a bad_alloc exception. +CRYPTOPP_DLL void CRYPTOPP_API CallNewHandler(); + +//! \brief Performs an addition with carry on a block of bytes +//! \param inout the byte block +//! \param size the size of the block, in bytes +//! \details Performs an addition with carry by adding 1 on a block of bytes starting at the least +//! significant byte. Once carry is 0, the function terminates and returns to the caller. +//! \note The function is not constant time because it stops processing when the carry is 0. +inline void IncrementCounterByOne(byte *inout, unsigned int size) +{ + CRYPTOPP_ASSERT(inout != NULL); CRYPTOPP_ASSERT(size < INT_MAX); + for (int i=int(size-1), carry=1; i>=0 && carry; i--) + carry = !++inout[i]; +} + +//! \brief Performs an addition with carry on a block of bytes +//! \param output the destination block of bytes +//! \param input the source block of bytes +//! \param size the size of the block +//! \details Performs an addition with carry on a block of bytes starting at the least significant +//! byte. Once carry is 0, the remaining bytes from input are copied to output using memcpy. +//! \details The function is \a close to near-constant time because it operates on all the bytes in the blocks. +inline void IncrementCounterByOne(byte *output, const byte *input, unsigned int size) +{ + CRYPTOPP_ASSERT(output != NULL); CRYPTOPP_ASSERT(input != NULL); CRYPTOPP_ASSERT(size < INT_MAX); + + int i, carry; + for (i=int(size-1), carry=1; i>=0 && carry; i--) + carry = ((output[i] = input[i]+1) == 0); + memcpy_s(output, size, input, size_t(i)+1); +} + +//! \brief Performs a branchless swap of values a and b if condition c is true +//! \param c the condition to perform the swap +//! \param a the first value +//! \param b the second value +template +inline void ConditionalSwap(bool c, T &a, T &b) +{ + T t = c * (a ^ b); + a ^= t; + b ^= t; +} + +//! \brief Performs a branchless swap of pointers a and b if condition c is true +//! \param c the condition to perform the swap +//! \param a the first pointer +//! \param b the second pointer +template +inline void ConditionalSwapPointers(bool c, T &a, T &b) +{ + ptrdiff_t t = size_t(c) * (a - b); + a -= t; + b += t; +} + +// see http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/protect-secrets.html +// and https://www.securecoding.cert.org/confluence/display/cplusplus/MSC06-CPP.+Be+aware+of+compiler+optimization+when+dealing+with+sensitive+data + +//! \brief Sets each element of an array to 0 +//! \param buf an array of elements +//! \param n the number of elements in the array +//! \details The operation performs a wipe or zeroization. The function attempts to survive optimizations and dead code removal +template +void SecureWipeBuffer(T *buf, size_t n) +{ + // GCC 4.3.2 on Cygwin optimizes away the first store if this loop is done in the forward direction + volatile T *p = buf+n; + while (n--) + *((volatile T*)(--p)) = 0; +} + +#if (_MSC_VER >= 1400 || defined(__GNUC__)) && (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86) + +//! \brief Sets each byte of an array to 0 +//! \param buf an array of bytes +//! \param n the number of elements in the array +//! \details The operation performs a wipe or zeroization. The function attempts to survive optimizations and dead code removal. +template<> inline void SecureWipeBuffer(byte *buf, size_t n) +{ + volatile byte *p = buf; +#ifdef __GNUC__ + asm volatile("rep stosb" : "+c"(n), "+D"(p) : "a"(0) : "memory"); +#else + __stosb((byte *)(size_t)p, 0, n); +#endif +} + +//! \brief Sets each 16-bit element of an array to 0 +//! \param buf an array of 16-bit words +//! \param n the number of elements in the array +//! \details The operation performs a wipe or zeroization. The function attempts to survive optimizations and dead code removal. +template<> inline void SecureWipeBuffer(word16 *buf, size_t n) +{ + volatile word16 *p = buf; +#ifdef __GNUC__ + asm volatile("rep stosw" : "+c"(n), "+D"(p) : "a"(0) : "memory"); +#else + __stosw((word16 *)(size_t)p, 0, n); +#endif +} + +//! \brief Sets each 32-bit element of an array to 0 +//! \param buf an array of 32-bit words +//! \param n the number of elements in the array +//! \details The operation performs a wipe or zeroization. The function attempts to survive optimizations and dead code removal. +template<> inline void SecureWipeBuffer(word32 *buf, size_t n) +{ + volatile word32 *p = buf; +#ifdef __GNUC__ + asm volatile("rep stosl" : "+c"(n), "+D"(p) : "a"(0) : "memory"); +#else + __stosd((unsigned long *)(size_t)p, 0, n); +#endif +} + +//! \brief Sets each 64-bit element of an array to 0 +//! \param buf an array of 64-bit words +//! \param n the number of elements in the array +//! \details The operation performs a wipe or zeroization. The function attempts to survive optimizations and dead code removal. +template<> inline void SecureWipeBuffer(word64 *buf, size_t n) +{ +#if CRYPTOPP_BOOL_X64 + volatile word64 *p = buf; +#ifdef __GNUC__ + asm volatile("rep stosq" : "+c"(n), "+D"(p) : "a"(0) : "memory"); +#else + __stosq((word64 *)(size_t)p, 0, n); +#endif +#else + SecureWipeBuffer((word32 *)buf, 2*n); +#endif +} + +#endif // #if (_MSC_VER >= 1400 || defined(__GNUC__)) && (CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X86) + +#if (_MSC_VER >= 1700) && defined(_M_ARM) +template<> inline void SecureWipeBuffer(byte *buf, size_t n) +{ + char *p = reinterpret_cast(buf+n); + while (n--) + __iso_volatile_store8(--p, 0); +} + +template<> inline void SecureWipeBuffer(word16 *buf, size_t n) +{ + short *p = reinterpret_cast(buf+n); + while (n--) + __iso_volatile_store16(--p, 0); +} + +template<> inline void SecureWipeBuffer(word32 *buf, size_t n) +{ + int *p = reinterpret_cast(buf+n); + while (n--) + __iso_volatile_store32(--p, 0); +} + +template<> inline void SecureWipeBuffer(word64 *buf, size_t n) +{ + __int64 *p = reinterpret_cast<__int64*>(buf+n); + while (n--) + __iso_volatile_store64(--p, 0); +} +#endif + +//! \brief Sets each element of an array to 0 +//! \param buf an array of elements +//! \param n the number of elements in the array +//! \details The operation performs a wipe or zeroization. The function attempts to survive optimizations and dead code removal. +template +inline void SecureWipeArray(T *buf, size_t n) +{ + if (sizeof(T) % 8 == 0 && GetAlignmentOf() % GetAlignmentOf() == 0) + SecureWipeBuffer((word64 *)(void *)buf, n * (sizeof(T)/8)); + else if (sizeof(T) % 4 == 0 && GetAlignmentOf() % GetAlignmentOf() == 0) + SecureWipeBuffer((word32 *)(void *)buf, n * (sizeof(T)/4)); + else if (sizeof(T) % 2 == 0 && GetAlignmentOf() % GetAlignmentOf() == 0) + SecureWipeBuffer((word16 *)(void *)buf, n * (sizeof(T)/2)); + else + SecureWipeBuffer((byte *)(void *)buf, n * sizeof(T)); +} + +//! \brief Converts a wide character C-string to a multibyte string +//! \param str C-string consisting of wide characters +//! \param throwOnError flag indication the function should throw on error +//! \returns str converted to a multibyte string or an empty string. +//! \details StringNarrow converts a wide string to a narrow string using C++ std::wcstombs() under +//! the executing thread's locale. A locale must be set before using this function, and it can be +//! set with std::setlocale() if needed. Upon success, the converted string is returned. +//! \details Upon failure with throwOnError as false, the function returns an empty string. If +//! throwOnError as true, the function throws an InvalidArgument() exception. +//! \note If you try to convert, say, the Chinese character for "bone" from UTF-16 (0x9AA8) to UTF-8 +//! (0xE9 0xAA 0xA8), then you must ensure the locale is available. If the locale is not available, +//! then a 0x21 error is returned on Windows which eventually results in an InvalidArgument() exception. +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 +std::string StringNarrow(const wchar_t *str, bool throwOnError = true); +#else +static std::string StringNarrow(const wchar_t *str, bool throwOnError = true) +{ + CRYPTOPP_ASSERT(str); + std::string result; + + // Safer functions on Windows for C&A, https://github.com/weidai11/cryptopp/issues/55 +#if (CRYPTOPP_MSC_VERSION >= 1400) + size_t len=0, size=0; + errno_t err = 0; + + //const wchar_t* ptr = str; + //while (*ptr++) len++; + len = wcslen(str)+1; + + err = wcstombs_s(&size, NULL, 0, str, len*sizeof(wchar_t)); + CRYPTOPP_ASSERT(err == 0); + if (err != 0) {goto CONVERSION_ERROR;} + + result.resize(size); + err = wcstombs_s(&size, &result[0], size, str, len*sizeof(wchar_t)); + CRYPTOPP_ASSERT(err == 0); + + if (err != 0) + { +CONVERSION_ERROR: + if (throwOnError) + throw InvalidArgument("StringNarrow: wcstombs_s() call failed with error " + IntToString(err)); + else + return std::string(); + } + + // The safe routine's size includes the NULL. + if (!result.empty() && result[size - 1] == '\0') + result.erase(size - 1); +#else + size_t size = wcstombs(NULL, str, 0); + CRYPTOPP_ASSERT(size != (size_t)-1); + if (size == (size_t)-1) {goto CONVERSION_ERROR;} + + result.resize(size); + size = wcstombs(&result[0], str, size); + CRYPTOPP_ASSERT(size != (size_t)-1); + + if (size == (size_t)-1) + { +CONVERSION_ERROR: + if (throwOnError) + throw InvalidArgument("StringNarrow: wcstombs() call failed"); + else + return std::string(); + } +#endif + + return result; +} +#endif // StringNarrow and CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + +#ifdef CRYPTOPP_DOXYGEN_PROCESSING + +//! \brief Allocates a buffer on 16-byte boundary +//! \param size the size of the buffer +//! \details AlignedAllocate is primarily used when the data will be proccessed by MMX, SSE2 and NEON +//! instructions. The assembly language routines rely on the alignment. If the alignment is not +//! respected, then a SIGBUS could be generated on Unix and Linux, and an +//! EXCEPTION_DATATYPE_MISALIGNMENT could be generated on Windows. +//! \note AlignedAllocate and AlignedDeallocate are available when CRYPTOPP_BOOL_ALIGN16 is +//! defined. CRYPTOPP_BOOL_ALIGN16 is defined in config.h +CRYPTOPP_DLL void* CRYPTOPP_API AlignedAllocate(size_t size); + +//! \brief Frees a buffer allocated with AlignedAllocate +//! \param ptr the buffer to free +//! \note AlignedAllocate and AlignedDeallocate are available when CRYPTOPP_BOOL_ALIGN16 is +//! defined. CRYPTOPP_BOOL_ALIGN16 is defined in config.h +CRYPTOPP_DLL void CRYPTOPP_API AlignedDeallocate(void *ptr); + +#endif // CRYPTOPP_DOXYGEN_PROCESSING + +#if CRYPTOPP_BOOL_ALIGN16 +CRYPTOPP_DLL void* CRYPTOPP_API AlignedAllocate(size_t size); +CRYPTOPP_DLL void CRYPTOPP_API AlignedDeallocate(void *ptr); +#endif // CRYPTOPP_BOOL_ALIGN16 + +//! \brief Allocates a buffer +//! \param size the size of the buffer +CRYPTOPP_DLL void * CRYPTOPP_API UnalignedAllocate(size_t size); + +//! \brief Frees a buffer allocated with UnalignedAllocate +//! \param ptr the buffer to free +CRYPTOPP_DLL void CRYPTOPP_API UnalignedDeallocate(void *ptr); + +// ************** rotate functions *************** + +//! \brief Performs a left rotate +//! \tparam T the word type +//! \param x the value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a portable C/C++ implementation. The value x to be rotated can be 8 to 64-bits wide. +//! \details y must be in the range [0, sizeof(T)*8 - 1] to avoid undefined behavior. +//! Use rotlMod if the rotate amount y is outside the range. +//! \note rotlFixed attempts to enlist a rotate IMM instruction because its often faster +//! than a rotate REG. Immediate rotates can be up to three times faster than their register +//! counterparts. +template inline T rotlFixed(T x, unsigned int y) +{ + // Portable rotate that reduces to single instruction... + // https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157, + // https://software.intel.com/en-us/forums/topic/580884 + // and https://llvm.org/bugs/show_bug.cgi?id=24226 + static const unsigned int THIS_SIZE = sizeof(T)*8; + static const unsigned int MASK = THIS_SIZE-1; + CRYPTOPP_ASSERT(y < THIS_SIZE); + return T((x<>(-y&MASK))); +} + +//! \brief Performs a right rotate +//! \tparam T the word type +//! \param x the value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a portable C/C++ implementation. The value x to be rotated can be 8 to 64-bits wide. +//! \details y must be in the range [0, sizeof(T)*8 - 1] to avoid undefined behavior. +//! Use rotrMod if the rotate amount y is outside the range. +//! \note rotrFixed attempts to enlist a rotate IMM instruction because its often faster +//! than a rotate REG. Immediate rotates can be up to three times faster than their register +//! counterparts. +template inline T rotrFixed(T x, unsigned int y) +{ + // Portable rotate that reduces to single instruction... + // https://gcc.gnu.org/bugzilla/show_bug.cgi?id=57157, + // https://software.intel.com/en-us/forums/topic/580884 + // and https://llvm.org/bugs/show_bug.cgi?id=24226 + static const unsigned int THIS_SIZE = sizeof(T)*8; + static const unsigned int MASK = THIS_SIZE-1; + CRYPTOPP_ASSERT(y < THIS_SIZE); + return T((x >> y)|(x<<(-y&MASK))); +} + +//! \brief Performs a left rotate +//! \tparam T the word type +//! \param x the value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a portable C/C++ implementation. The value x to be rotated can be 8 to 64-bits wide. +//! \details y must be in the range [0, sizeof(T)*8 - 1] to avoid undefined behavior. +//! Use rotlMod if the rotate amount y is outside the range. +//! \note rotlVariable attempts to enlist a rotate IMM instruction because its often faster +//! than a rotate REG. Immediate rotates can be up to three times faster than their register +//! counterparts. +template inline T rotlVariable(T x, unsigned int y) +{ + static const unsigned int THIS_SIZE = sizeof(T)*8; + static const unsigned int MASK = THIS_SIZE-1; + CRYPTOPP_ASSERT(y < THIS_SIZE); + return T((x<>(-y&MASK))); +} + +//! \brief Performs a right rotate +//! \tparam T the word type +//! \param x the value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a portable C/C++ implementation. The value x to be rotated can be 8 to 64-bits wide. +//! \details y must be in the range [0, sizeof(T)*8 - 1] to avoid undefined behavior. +//! Use rotrMod if the rotate amount y is outside the range. +//! \note rotrVariable attempts to enlist a rotate IMM instruction because its often faster +//! than a rotate REG. Immediate rotates can be up to three times faster than their register +//! counterparts. +template inline T rotrVariable(T x, unsigned int y) +{ + static const unsigned int THIS_SIZE = sizeof(T)*8; + static const unsigned int MASK = THIS_SIZE-1; + CRYPTOPP_ASSERT(y < THIS_SIZE); + return T((x>>y)|(x<<(-y&MASK))); +} + +//! \brief Performs a left rotate +//! \tparam T the word type +//! \param x the value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a portable C/C++ implementation. The value x to be rotated can be 8 to 64-bits wide. +//! \details y is reduced to the range [0, sizeof(T)*8 - 1] to avoid undefined behavior. +//! \note rotrVariable will use either rotate IMM or rotate REG. +template inline T rotlMod(T x, unsigned int y) +{ + static const unsigned int THIS_SIZE = sizeof(T)*8; + static const unsigned int MASK = THIS_SIZE-1; + return T((x<<(y&MASK))|(x>>(-y&MASK))); +} + +//! \brief Performs a right rotate +//! \tparam T the word type +//! \param x the value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a portable C/C++ implementation. The value x to be rotated can be 8 to 64-bits wide. +//! \details y is reduced to the range [0, sizeof(T)*8 - 1] to avoid undefined behavior. +//! \note rotrVariable will use either rotate IMM or rotate REG. +template inline T rotrMod(T x, unsigned int y) +{ + static const unsigned int THIS_SIZE = sizeof(T)*8; + static const unsigned int MASK = THIS_SIZE-1; + return T((x>>(y&MASK))|(x<<(-y&MASK))); +} + +#ifdef _MSC_VER + +//! \brief Performs a left rotate +//! \tparam T the word type +//! \param x the 32-bit value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a Microsoft specific implementation using _lrotl provided by +//! . The value x to be rotated is 32-bits. y must be in the range +//! [0, sizeof(T)*8 - 1] to avoid undefined behavior. +//! \note rotlFixed will assert in Debug builds if is outside the allowed range. +template<> inline word32 rotlFixed(word32 x, unsigned int y) +{ + // Uses Microsoft call, bound to C/C++ language rules. + CRYPTOPP_ASSERT(y < 8*sizeof(x)); + return y ? _lrotl(x, static_cast(y)) : x; +} + +//! \brief Performs a right rotate +//! \tparam T the word type +//! \param x the 32-bit value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a Microsoft specific implementation using _lrotr provided by +//! . The value x to be rotated is 32-bits. y must be in the range +//! [0, sizeof(T)*8 - 1] to avoid undefined behavior. +//! \note rotrFixed will assert in Debug builds if is outside the allowed range. +template<> inline word32 rotrFixed(word32 x, unsigned int y) +{ + // Uses Microsoft call, bound to C/C++ language rules. + CRYPTOPP_ASSERT(y < 8*sizeof(x)); + return y ? _lrotr(x, static_cast(y)) : x; +} + +//! \brief Performs a left rotate +//! \tparam T the word type +//! \param x the 32-bit value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a Microsoft specific implementation using _lrotl provided by +//! . The value x to be rotated is 32-bits. y must be in the range +//! [0, sizeof(T)*8 - 1] to avoid undefined behavior. +//! \note rotlVariable will assert in Debug builds if is outside the allowed range. +template<> inline word32 rotlVariable(word32 x, unsigned int y) +{ + CRYPTOPP_ASSERT(y < 8*sizeof(x)); + return _lrotl(x, static_cast(y)); +} + +//! \brief Performs a right rotate +//! \tparam T the word type +//! \param x the 32-bit value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a Microsoft specific implementation using _lrotr provided by +//! . The value x to be rotated is 32-bits. y must be in the range +//! [0, sizeof(T)*8 - 1] to avoid undefined behavior. +//! \note rotrVariable will assert in Debug builds if is outside the allowed range. +template<> inline word32 rotrVariable(word32 x, unsigned int y) +{ + CRYPTOPP_ASSERT(y < 8*sizeof(x)); + return _lrotr(x, static_cast(y)); +} + +//! \brief Performs a left rotate +//! \tparam T the word type +//! \param x the 32-bit value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a Microsoft specific implementation using _lrotl provided by +//! . The value x to be rotated is 32-bits. y must be in the range +//! [0, sizeof(T)*8 - 1] to avoid undefined behavior. +template<> inline word32 rotlMod(word32 x, unsigned int y) +{ + y %= 8*sizeof(x); + return _lrotl(x, static_cast(y)); +} + +//! \brief Performs a right rotate +//! \tparam T the word type +//! \param x the 32-bit value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a Microsoft specific implementation using _lrotr provided by +//! . The value x to be rotated is 32-bits. y must be in the range +//! [0, sizeof(T)*8 - 1] to avoid undefined behavior. +template<> inline word32 rotrMod(word32 x, unsigned int y) +{ + y %= 8*sizeof(x); + return _lrotr(x, static_cast(y)); +} + +#endif // #ifdef _MSC_VER + +#if _MSC_VER >= 1300 && !defined(__INTEL_COMPILER) +// Intel C++ Compiler 10.0 calls a function instead of using the rotate instruction when using these instructions + +//! \brief Performs a left rotate +//! \tparam T the word type +//! \param x the 64-bit value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a Microsoft specific implementation using _lrotl provided by +//! . The value x to be rotated is 64-bits. y must be in the range +//! [0, sizeof(T)*8 - 1] to avoid undefined behavior. +//! \note rotrFixed will assert in Debug builds if is outside the allowed range. +template<> inline word64 rotlFixed(word64 x, unsigned int y) +{ + // Uses Microsoft call, bound to C/C++ language rules. + CRYPTOPP_ASSERT(y < 8*sizeof(x)); + return y ? _rotl64(x, static_cast(y)) : x; +} + +//! \brief Performs a right rotate +//! \tparam T the word type +//! \param x the 64-bit value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a Microsoft specific implementation using _lrotr provided by +//! . The value x to be rotated is 64-bits. y must be in the range +//! [0, sizeof(T)*8 - 1] to avoid undefined behavior. +//! \note rotrFixed will assert in Debug builds if is outside the allowed range. +template<> inline word64 rotrFixed(word64 x, unsigned int y) +{ + // Uses Microsoft call, bound to C/C++ language rules. + CRYPTOPP_ASSERT(y < 8*sizeof(x)); + return y ? _rotr64(x, static_cast(y)) : x; +} + +//! \brief Performs a left rotate +//! \tparam T the word type +//! \param x the 64-bit value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a Microsoft specific implementation using _lrotl provided by +//! . The value x to be rotated is 64-bits. y must be in the range +//! [0, sizeof(T)*8 - 1] to avoid undefined behavior. +//! \note rotlVariable will assert in Debug builds if is outside the allowed range. +template<> inline word64 rotlVariable(word64 x, unsigned int y) +{ + CRYPTOPP_ASSERT(y < 8*sizeof(x)); + return _rotl64(x, static_cast(y)); +} + +//! \brief Performs a right rotate +//! \tparam T the word type +//! \param x the 64-bit value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a Microsoft specific implementation using _lrotr provided by +//! . The value x to be rotated is 64-bits. y must be in the range +//! [0, sizeof(T)*8 - 1] to avoid undefined behavior. +//! \note rotrVariable will assert in Debug builds if is outside the allowed range. +template<> inline word64 rotrVariable(word64 x, unsigned int y) +{ + CRYPTOPP_ASSERT(y < 8*sizeof(x)); + return y ? _rotr64(x, static_cast(y)) : x; +} + +//! \brief Performs a left rotate +//! \tparam T the word type +//! \param x the 64-bit value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a Microsoft specific implementation using _lrotl provided by +//! . The value x to be rotated is 64-bits. y must be in the range +//! [0, sizeof(T)*8 - 1] to avoid undefined behavior. +template<> inline word64 rotlMod(word64 x, unsigned int y) +{ + CRYPTOPP_ASSERT(y < 8*sizeof(x)); + return y ? _rotl64(x, static_cast(y)) : x; +} + +//! \brief Performs a right rotate +//! \tparam T the word type +//! \param x the 64-bit value to rotate +//! \param y the number of bit positions to rotate the value +//! \details This is a Microsoft specific implementation using _lrotr provided by +//! . The value x to be rotated is 64-bits. y must be in the range +//! [0, sizeof(T)*8 - 1] to avoid undefined behavior. +template<> inline word64 rotrMod(word64 x, unsigned int y) +{ + CRYPTOPP_ASSERT(y < 8*sizeof(x)); + return y ? _rotr64(x, static_cast(y)) : x; +} + +#endif // #if _MSC_VER >= 1310 + +#if _MSC_VER >= 1400 && !defined(__INTEL_COMPILER) +// Intel C++ Compiler 10.0 gives undefined externals with these + +template<> inline word16 rotlFixed(word16 x, unsigned int y) +{ + // Intrinsic, not bound to C/C++ language rules. + return _rotl16(x, static_cast(y)); +} + +template<> inline word16 rotrFixed(word16 x, unsigned int y) +{ + // Intrinsic, not bound to C/C++ language rules. + return _rotr16(x, static_cast(y)); +} + +template<> inline word16 rotlVariable(word16 x, unsigned int y) +{ + return _rotl16(x, static_cast(y)); +} + +template<> inline word16 rotrVariable(word16 x, unsigned int y) +{ + return _rotr16(x, static_cast(y)); +} + +template<> inline word16 rotlMod(word16 x, unsigned int y) +{ + return _rotl16(x, static_cast(y)); +} + +template<> inline word16 rotrMod(word16 x, unsigned int y) +{ + return _rotr16(x, static_cast(y)); +} + +template<> inline byte rotlFixed(byte x, unsigned int y) +{ + // Intrinsic, not bound to C/C++ language rules. + return _rotl8(x, static_cast(y)); +} + +template<> inline byte rotrFixed(byte x, unsigned int y) +{ + // Intrinsic, not bound to C/C++ language rules. + return _rotr8(x, static_cast(y)); +} + +template<> inline byte rotlVariable(byte x, unsigned int y) +{ + return _rotl8(x, static_cast(y)); +} + +template<> inline byte rotrVariable(byte x, unsigned int y) +{ + return _rotr8(x, static_cast(y)); +} + +template<> inline byte rotlMod(byte x, unsigned int y) +{ + return _rotl8(x, static_cast(y)); +} + +template<> inline byte rotrMod(byte x, unsigned int y) +{ + return _rotr8(x, static_cast(y)); +} + +#endif // #if _MSC_VER >= 1400 + +#if (defined(__MWERKS__) && TARGET_CPU_PPC) + +template<> inline word32 rotlFixed(word32 x, unsigned int y) +{ + CRYPTOPP_ASSERT(y < 32); + return y ? __rlwinm(x,y,0,31) : x; +} + +template<> inline word32 rotrFixed(word32 x, unsigned int y) +{ + CRYPTOPP_ASSERT(y < 32); + return y ? __rlwinm(x,32-y,0,31) : x; +} + +template<> inline word32 rotlVariable(word32 x, unsigned int y) +{ + CRYPTOPP_ASSERT(y < 32); + return (__rlwnm(x,y,0,31)); +} + +template<> inline word32 rotrVariable(word32 x, unsigned int y) +{ + CRYPTOPP_ASSERT(y < 32); + return (__rlwnm(x,32-y,0,31)); +} + +template<> inline word32 rotlMod(word32 x, unsigned int y) +{ + return (__rlwnm(x,y,0,31)); +} + +template<> inline word32 rotrMod(word32 x, unsigned int y) +{ + return (__rlwnm(x,32-y,0,31)); +} + +#endif // #if (defined(__MWERKS__) && TARGET_CPU_PPC) + +// ************** endian reversal *************** + +//! \brief Gets a byte from a value +//! \param order the ByteOrder of the value +//! \param value the value to retrieve the byte +//! \param index the location of the byte to retrieve +template +inline unsigned int GetByte(ByteOrder order, T value, unsigned int index) +{ + if (order == LITTLE_ENDIAN_ORDER) + return GETBYTE(value, index); + else + return GETBYTE(value, sizeof(T)-index-1); +} + +//! \brief Reverses bytes in a 8-bit value +//! \param value the 8-bit value to reverse +//! \note ByteReverse returns the value passed to it since there is nothing to reverse +inline byte ByteReverse(byte value) +{ + return value; +} + +//! \brief Reverses bytes in a 16-bit value +//! \brief Performs an endian reversal +//! \param value the 16-bit value to reverse +//! \details ByteReverse calls bswap if available. Otherwise the function performs a 8-bit rotate on the word16 +inline word16 ByteReverse(word16 value) +{ +#ifdef CRYPTOPP_BYTESWAP_AVAILABLE + return bswap_16(value); +#elif defined(_MSC_VER) && _MSC_VER >= 1300 + return _byteswap_ushort(value); +#else + return rotlFixed(value, 8U); +#endif +} + +//! \brief Reverses bytes in a 32-bit value +//! \brief Performs an endian reversal +//! \param value the 32-bit value to reverse +//! \details ByteReverse calls bswap if available. Otherwise the function uses a combination of rotates on the word32 +inline word32 ByteReverse(word32 value) +{ +#if defined(__GNUC__) && defined(CRYPTOPP_X86_ASM_AVAILABLE) + __asm__ ("bswap %0" : "=r" (value) : "0" (value)); + return value; +#elif defined(CRYPTOPP_BYTESWAP_AVAILABLE) + return bswap_32(value); +#elif defined(__MWERKS__) && TARGET_CPU_PPC + return (word32)__lwbrx(&value,0); +#elif _MSC_VER >= 1400 || (_MSC_VER >= 1300 && !defined(_DLL)) + return _byteswap_ulong(value); +#elif CRYPTOPP_FAST_ROTATE(32) + // 5 instructions with rotate instruction, 9 without + return (rotrFixed(value, 8U) & 0xff00ff00) | (rotlFixed(value, 8U) & 0x00ff00ff); +#else + // 6 instructions with rotate instruction, 8 without + value = ((value & 0xFF00FF00) >> 8) | ((value & 0x00FF00FF) << 8); + return rotlFixed(value, 16U); +#endif +} + +//! \brief Reverses bytes in a 64-bit value +//! \brief Performs an endian reversal +//! \param value the 64-bit value to reverse +//! \details ByteReverse calls bswap if available. Otherwise the function uses a combination of rotates on the word64 +inline word64 ByteReverse(word64 value) +{ +#if defined(__GNUC__) && defined(CRYPTOPP_X86_ASM_AVAILABLE) && defined(__x86_64__) + __asm__ ("bswap %0" : "=r" (value) : "0" (value)); + return value; +#elif defined(CRYPTOPP_BYTESWAP_AVAILABLE) + return bswap_64(value); +#elif defined(_MSC_VER) && _MSC_VER >= 1300 + return _byteswap_uint64(value); +#elif CRYPTOPP_BOOL_SLOW_WORD64 + return (word64(ByteReverse(word32(value))) << 32) | ByteReverse(word32(value>>32)); +#else + value = ((value & W64LIT(0xFF00FF00FF00FF00)) >> 8) | ((value & W64LIT(0x00FF00FF00FF00FF)) << 8); + value = ((value & W64LIT(0xFFFF0000FFFF0000)) >> 16) | ((value & W64LIT(0x0000FFFF0000FFFF)) << 16); + return rotlFixed(value, 32U); +#endif +} + +//! \brief Reverses bits in a 8-bit value +//! \param value the 8-bit value to reverse +//! \details BitReverse performs a combination of shifts on the byte +inline byte BitReverse(byte value) +{ + value = byte((value & 0xAA) >> 1) | byte((value & 0x55) << 1); + value = byte((value & 0xCC) >> 2) | byte((value & 0x33) << 2); + return rotlFixed(value, 4U); +} + +//! \brief Reverses bits in a 16-bit value +//! \param value the 16-bit value to reverse +//! \details BitReverse performs a combination of shifts on the word16 +inline word16 BitReverse(word16 value) +{ + value = word16((value & 0xAAAA) >> 1) | word16((value & 0x5555) << 1); + value = word16((value & 0xCCCC) >> 2) | word16((value & 0x3333) << 2); + value = word16((value & 0xF0F0) >> 4) | word16((value & 0x0F0F) << 4); + return ByteReverse(value); +} + +//! \brief Reverses bits in a 32-bit value +//! \param value the 32-bit value to reverse +//! \details BitReverse performs a combination of shifts on the word32 +inline word32 BitReverse(word32 value) +{ + value = word32((value & 0xAAAAAAAA) >> 1) | word32((value & 0x55555555) << 1); + value = word32((value & 0xCCCCCCCC) >> 2) | word32((value & 0x33333333) << 2); + value = word32((value & 0xF0F0F0F0) >> 4) | word32((value & 0x0F0F0F0F) << 4); + return ByteReverse(value); +} + +//! \brief Reverses bits in a 64-bit value +//! \param value the 64-bit value to reverse +//! \details BitReverse performs a combination of shifts on the word64 +inline word64 BitReverse(word64 value) +{ +#if CRYPTOPP_BOOL_SLOW_WORD64 + return (word64(BitReverse(word32(value))) << 32) | BitReverse(word32(value>>32)); +#else + value = word64((value & W64LIT(0xAAAAAAAAAAAAAAAA)) >> 1) | word64((value & W64LIT(0x5555555555555555)) << 1); + value = word64((value & W64LIT(0xCCCCCCCCCCCCCCCC)) >> 2) | word64((value & W64LIT(0x3333333333333333)) << 2); + value = word64((value & W64LIT(0xF0F0F0F0F0F0F0F0)) >> 4) | word64((value & W64LIT(0x0F0F0F0F0F0F0F0F)) << 4); + return ByteReverse(value); +#endif +} + +//! \brief Reverses bits in a value +//! \param value the value to reverse +//! \details The template overload of BitReverse operates on signed and unsigned values. +//! Internally the size of T is checked, and then value is cast to a byte, +//! word16, word32 or word64. After the cast, the appropriate BitReverse +//! overload is called. +template +inline T BitReverse(T value) +{ + if (sizeof(T) == 1) + return (T)BitReverse((byte)value); + else if (sizeof(T) == 2) + return (T)BitReverse((word16)value); + else if (sizeof(T) == 4) + return (T)BitReverse((word32)value); + else + { + CRYPTOPP_ASSERT(sizeof(T) == 8); + return (T)BitReverse((word64)value); + } +} + +//! \brief Reverses bytes in a value depending upon endianess +//! \tparam T the class or type +//! \param order the ByteOrder the data is represented +//! \param value the value to conditionally reverse +//! \details Internally, the ConditionalByteReverse calls NativeByteOrderIs. +//! If order matches native byte order, then the original value is returned. +//! If not, then ByteReverse is called on the value before returning to the caller. +template +inline T ConditionalByteReverse(ByteOrder order, T value) +{ + return NativeByteOrderIs(order) ? value : ByteReverse(value); +} + +//! \brief Reverses bytes in an element from an array of elements +//! \tparam T the class or type +//! \param out the output array of elements +//! \param in the input array of elements +//! \param byteCount the total number of bytes in the array +//! \details Internally, ByteReverse visits each element in the in array +//! calls ByteReverse on it, and writes the result to out. +//! \details ByteReverse does not process tail byes, or bytes that are +//! \a not part of a full element. If T is int (and int is 4 bytes), then +//! byteCount = 10 means only the first 2 elements or 8 bytes are +//! reversed. +//! \details The follwoing program should help illustrate the behavior. +//! 
vector v1, v2;
+//!
+//! v1.push_back(1);
+//! v1.push_back(2);
+//! v1.push_back(3);
+//! v1.push_back(4);
+//!
+//! v2.resize(v1.size());
+//! ByteReverse(&v2[0], &v1[0], 16);
+//!
+//! cout << "V1: ";
+//! for(unsigned int i = 0; i < v1.size(); i++)
+//!   cout << std::hex << v1[i] << " ";
+//! cout << endl;
+//!
+//! cout << "V2: ";
+//! for(unsigned int i = 0; i < v2.size(); i++)
+//!   cout << std::hex << v2[i] << " ";
+//! cout << endl;
+//! The program above results in the follwoing output. +//! 
V1: 00000001 00000002 00000003 00000004
+//! V2: 01000000 02000000 03000000 04000000
+//! \sa ConditionalByteReverse +template +void ByteReverse(T *out, const T *in, size_t byteCount) +{ + CRYPTOPP_ASSERT(byteCount % sizeof(T) == 0); + size_t count = byteCount/sizeof(T); + for (size_t i=0; ibyteCount = 10 means only the first 2 elements or 8 bytes are +//! reversed. +//! \sa ByteReverse +template +inline void ConditionalByteReverse(ByteOrder order, T *out, const T *in, size_t byteCount) +{ + if (!NativeByteOrderIs(order)) + ByteReverse(out, in, byteCount); + else if (in != out) + memcpy_s(out, byteCount, in, byteCount); +} + +template +inline void GetUserKey(ByteOrder order, T *out, size_t outlen, const byte *in, size_t inlen) +{ + const size_t U = sizeof(T); + CRYPTOPP_ASSERT(inlen <= outlen*U); + memcpy_s(out, outlen*U, in, inlen); + memset_z((byte *)out+inlen, 0, outlen*U-inlen); + ConditionalByteReverse(order, out, out, RoundUpToMultipleOf(inlen, U)); +} + +#ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS +inline byte UnalignedGetWordNonTemplate(ByteOrder order, const byte *block, const byte *) +{ + CRYPTOPP_UNUSED(order); + return block[0]; +} + +inline word16 UnalignedGetWordNonTemplate(ByteOrder order, const byte *block, const word16 *) +{ + return (order == BIG_ENDIAN_ORDER) + ? block[1] | (block[0] << 8) + : block[0] | (block[1] << 8); +} + +inline word32 UnalignedGetWordNonTemplate(ByteOrder order, const byte *block, const word32 *) +{ + return (order == BIG_ENDIAN_ORDER) + ? word32(block[3]) | (word32(block[2]) << 8) | (word32(block[1]) << 16) | (word32(block[0]) << 24) + : word32(block[0]) | (word32(block[1]) << 8) | (word32(block[2]) << 16) | (word32(block[3]) << 24); +} + +inline word64 UnalignedGetWordNonTemplate(ByteOrder order, const byte *block, const word64 *) +{ + return (order == BIG_ENDIAN_ORDER) + ? + (word64(block[7]) | + (word64(block[6]) << 8) | + (word64(block[5]) << 16) | + (word64(block[4]) << 24) | + (word64(block[3]) << 32) | + (word64(block[2]) << 40) | + (word64(block[1]) << 48) | + (word64(block[0]) << 56)) + : + (word64(block[0]) | + (word64(block[1]) << 8) | + (word64(block[2]) << 16) | + (word64(block[3]) << 24) | + (word64(block[4]) << 32) | + (word64(block[5]) << 40) | + (word64(block[6]) << 48) | + (word64(block[7]) << 56)); +} + +inline void UnalignedbyteNonTemplate(ByteOrder order, byte *block, byte value, const byte *xorBlock) +{ + CRYPTOPP_UNUSED(order); + block[0] = (byte)(xorBlock ? (value ^ xorBlock[0]) : value); +} + +inline void UnalignedbyteNonTemplate(ByteOrder order, byte *block, word16 value, const byte *xorBlock) +{ + if (order == BIG_ENDIAN_ORDER) + { + if (xorBlock) + { + block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); + block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); + } + else + { + block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); + block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); + } + } + else + { + if (xorBlock) + { + block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); + block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); + } + else + { + block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); + block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); + } + } +} + +inline void UnalignedbyteNonTemplate(ByteOrder order, byte *block, word32 value, const byte *xorBlock) +{ + if (order == BIG_ENDIAN_ORDER) + { + if (xorBlock) + { + block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); + block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); + block[2] = xorBlock[2] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); + block[3] = xorBlock[3] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); + } + else + { + block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); + block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); + block[2] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); + block[3] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); + } + } + else + { + if (xorBlock) + { + block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); + block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); + block[2] = xorBlock[2] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); + block[3] = xorBlock[3] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); + } + else + { + block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); + block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); + block[2] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); + block[3] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); + } + } +} + +inline void UnalignedbyteNonTemplate(ByteOrder order, byte *block, word64 value, const byte *xorBlock) +{ + if (order == BIG_ENDIAN_ORDER) + { + if (xorBlock) + { + block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 7); + block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 6); + block[2] = xorBlock[2] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 5); + block[3] = xorBlock[3] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 4); + block[4] = xorBlock[4] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); + block[5] = xorBlock[5] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); + block[6] = xorBlock[6] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); + block[7] = xorBlock[7] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); + } + else + { + block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 7); + block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 6); + block[2] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 5); + block[3] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 4); + block[4] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); + block[5] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); + block[6] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); + block[7] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); + } + } + else + { + if (xorBlock) + { + block[0] = xorBlock[0] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); + block[1] = xorBlock[1] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); + block[2] = xorBlock[2] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); + block[3] = xorBlock[3] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); + block[4] = xorBlock[4] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 4); + block[5] = xorBlock[5] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 5); + block[6] = xorBlock[6] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 6); + block[7] = xorBlock[7] ^ CRYPTOPP_GET_BYTE_AS_BYTE(value, 7); + } + else + { + block[0] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 0); + block[1] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 1); + block[2] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 2); + block[3] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 3); + block[4] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 4); + block[5] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 5); + block[6] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 6); + block[7] = CRYPTOPP_GET_BYTE_AS_BYTE(value, 7); + } + } +} +#endif // #ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS + +template +inline T GetWord(bool assumeAligned, ByteOrder order, const byte *block) +{ +//#ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS +// if (!assumeAligned) +// return UnalignedGetWordNonTemplate(order, block, (T*)NULL); +// CRYPTOPP_ASSERT(IsAligned(block)); +//#endif +// return ConditionalByteReverse(order, *reinterpret_cast(block)); + CRYPTOPP_UNUSED(assumeAligned); +#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS + return ConditionalByteReverse(order, *reinterpret_cast((const void *)block)); +#else + T temp; + memcpy(&temp, block, sizeof(T)); + return ConditionalByteReverse(order, temp); +#endif +} + +template +inline void GetWord(bool assumeAligned, ByteOrder order, T &result, const byte *block) +{ + result = GetWord(assumeAligned, order, block); +} + +template +inline void PutWord(bool assumeAligned, ByteOrder order, byte *block, T value, const byte *xorBlock = NULL) +{ +//#ifndef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS +// if (!assumeAligned) +// return UnalignedbyteNonTemplate(order, block, value, xorBlock); +// CRYPTOPP_ASSERT(IsAligned(block)); +// CRYPTOPP_ASSERT(IsAligned(xorBlock)); +//#endif +// *reinterpret_cast(block) = ConditionalByteReverse(order, value) ^ (xorBlock ? *reinterpret_cast(xorBlock) : 0); + CRYPTOPP_UNUSED(assumeAligned); +#ifdef CRYPTOPP_ALLOW_UNALIGNED_DATA_ACCESS + *reinterpret_cast((void *)block) = ConditionalByteReverse(order, value) ^ (xorBlock ? *reinterpret_cast((const void *)xorBlock) : 0); +#else + T t1, t2 = 0; + t1 = ConditionalByteReverse(order, value); + if (xorBlock) memcpy(&t2, xorBlock, sizeof(T)); + memmove(block, &(t1 ^= t2), sizeof(T)); +#endif +} + +//! \class GetBlock +//! \brief Access a block of memory +//! \tparam T class or type +//! \tparam B enumeration indicating endianess +//! \tparam A flag indicating alignment +//! \details GetBlock() provides alternate read access to a block of memory. The enumeration B is +//! BigEndian or LittleEndian. The flag A indicates if the memory block is aligned for class or type T. +//! Repeatedly applying operator() results in advancing in the block of memory. +//! \details An example of reading two word32 values from a block of memory is shown below. w1 +//! will be 0x03020100 and w1 will be 0x07060504. +//! 
+//!    word32 w1, w2;
+//!    byte buffer[8] = {0,1,2,3,4,5,6,7};
+//!    GetBlock block(buffer);
+//!    block(w1)(w2);
+//!
+template +class GetBlock +{ +public: + //! \brief Construct a GetBlock + //! \param block the memory block + GetBlock(const void *block) + : m_block((const byte *)block) {} + + //! \brief Access a block of memory + //! \tparam U class or type + //! \param x the value to read + //! \returns pointer to the remainder of the block after reading x + template + inline GetBlock & operator()(U &x) + { + CRYPTOPP_COMPILE_ASSERT(sizeof(U) >= sizeof(T)); + x = GetWord(A, B::ToEnum(), m_block); + m_block += sizeof(T); + return *this; + } + +private: + const byte *m_block; +}; + +//! \class PutBlock +//! \brief Access a block of memory +//! \tparam T class or type +//! \tparam B enumeration indicating endianess +//! \tparam A flag indicating alignment +//! \details PutBlock() provides alternate write access to a block of memory. The enumeration B is +//! BigEndian or LittleEndian. The flag A indicates if the memory block is aligned for class or type T. +//! Repeatedly applying operator() results in advancing in the block of memory. +//! \details An example of writing two word32 values from a block of memory is shown below. After the code +//! executes, the byte buffer will be {0,1,2,3,4,5,6,7}. +//! 
+//!    word32 w1=0x03020100, w2=0x07060504;
+//!    byte buffer[8];
+//!    PutBlock block(NULL, buffer);
+//!    block(w1)(w2);
+//!
+template +class PutBlock +{ +public: + //! \brief Construct a PutBlock + //! \param block the memory block + //! \param xorBlock optional mask + PutBlock(const void *xorBlock, void *block) + : m_xorBlock((const byte *)xorBlock), m_block((byte *)block) {} + + //! \brief Access a block of memory + //! \tparam U class or type + //! \param x the value to write + //! \returns pointer to the remainder of the block after writing x + template + inline PutBlock & operator()(U x) + { + PutWord(A, B::ToEnum(), m_block, (T)x, m_xorBlock); + m_block += sizeof(T); + if (m_xorBlock) + m_xorBlock += sizeof(T); + return *this; + } + +private: + const byte *m_xorBlock; + byte *m_block; +}; + +//! \class BlockGetAndPut +//! \brief Access a block of memory +//! \tparam T class or type +//! \tparam B enumeration indicating endianess +//! \tparam GA flag indicating alignment for the Get operation +//! \tparam PA flag indicating alignment for the Put operation +//! \details GetBlock() provides alternate write access to a block of memory. The enumeration B is +//! BigEndian or LittleEndian. The flag A indicates if the memory block is aligned for class or type T. +//! \sa GetBlock() and PutBlock(). +template +struct BlockGetAndPut +{ + // function needed because of C++ grammatical ambiguity between expression-statements and declarations + static inline GetBlock Get(const void *block) {return GetBlock(block);} + typedef PutBlock Put; +}; + +template +std::string WordToString(T value, ByteOrder order = BIG_ENDIAN_ORDER) +{ + if (!NativeByteOrderIs(order)) + value = ByteReverse(value); + + return std::string((char *)&value, sizeof(value)); +} + +template +T StringToWord(const std::string &str, ByteOrder order = BIG_ENDIAN_ORDER) +{ + T value = 0; + memcpy_s(&value, sizeof(value), str.data(), UnsignedMin(str.size(), sizeof(value))); + return NativeByteOrderIs(order) ? value : ByteReverse(value); +} + +// ************** help remove warning on g++ *************** + +//! \class SafeShifter +//! \brief Safely shift values when undefined behavior could occur +//! \tparam overflow boolean flag indicating if overflow is present +//! \details SafeShifter safely shifts values when undefined behavior could occur under C/C++ rules. +//! The class behaves much like a saturating arithmetic class, clamping values rather than allowing +//! the compiler to remove undefined behavior. +//! \sa SafeShifter, SafeShifter +template struct SafeShifter; + +//! \class SafeShifter +//! \brief Shifts a value in the presence of overflow +//! \details the \p true template parameter indicates overflow would occur. +//! In this case, SafeShifter clamps the value and returns 0. +template<> struct SafeShifter +{ + //! \brief Right shifts a value that overflows + //! \tparam T class or type + //! \return 0 + //! \details Since overflow == true, the value 0 is always returned. + //! \sa SafeLeftShift + template + static inline T RightShift(T value, unsigned int bits) + { + CRYPTOPP_UNUSED(value); CRYPTOPP_UNUSED(bits); + return 0; + } + + //! \brief Left shifts a value that overflows + //! \tparam T class or type + //! \return 0 + //! \details Since overflow == true, the value 0 is always returned. + //! \sa SafeRightShift + template + static inline T LeftShift(T value, unsigned int bits) + { + CRYPTOPP_UNUSED(value); CRYPTOPP_UNUSED(bits); + return 0; + } +}; + +//! \class SafeShifter +//! \brief Shifts a value in the absence of overflow +//! \details the \p false template parameter indicates overflow would \a not occur. +//! In this case, SafeShifter returns the shfted value. +template<> struct SafeShifter +{ + //! \brief Right shifts a value that does not overflow + //! \tparam T class or type + //! \return the shifted value + //! \details Since overflow == false, the shifted value is returned. + //! \sa SafeLeftShift + template + static inline T RightShift(T value, unsigned int bits) + { + return value >> bits; + } + + //! \brief Left shifts a value that does not overflow + //! \tparam T class or type + //! \return the shifted value + //! \details Since overflow == false, the shifted value is returned. + //! \sa SafeRightShift + template + static inline T LeftShift(T value, unsigned int bits) + { + return value << bits; + } +}; + +//! \class SafeRightShift +//! \brief Safely right shift values when undefined behavior could occur +//! \tparam bits the number of bit positions to shift the value +//! \tparam T class or type +//! \param value the value to right shift +//! \result the shifted value or 0 +//! \details SafeRightShift safely shifts the value to the right when undefined behavior +//! could occur under C/C++ rules. SafeRightShift will return the shifted value or 0 +//! if undefined behavior would occur. +template +inline T SafeRightShift(T value) +{ + return SafeShifter<(bits>=(8*sizeof(T)))>::RightShift(value, bits); +} + +//! \class SafeLeftShift +//! \brief Safely left shift values when undefined behavior could occur +//! \tparam bits the number of bit positions to shift the value +//! \tparam T class or type +//! \param value the value to left shift +//! \result the shifted value or 0 +//! \details SafeLeftShift safely shifts the value to the left when undefined behavior +//! could occur under C/C++ rules. SafeLeftShift will return the shifted value or 0 +//! if undefined behavior would occur. +template +inline T SafeLeftShift(T value) +{ + return SafeShifter<(bits>=(8*sizeof(T)))>::LeftShift(value, bits); +} + +// ************** use one buffer for multiple data members *************** + +#define CRYPTOPP_BLOCK_1(n, t, s) t* m_##n() {return (t *)(void *)(m_aggregate+0);} size_t SS1() {return sizeof(t)*(s);} size_t m_##n##Size() {return (s);} +#define CRYPTOPP_BLOCK_2(n, t, s) t* m_##n() {return (t *)(void *)(m_aggregate+SS1());} size_t SS2() {return SS1()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} +#define CRYPTOPP_BLOCK_3(n, t, s) t* m_##n() {return (t *)(void *)(m_aggregate+SS2());} size_t SS3() {return SS2()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} +#define CRYPTOPP_BLOCK_4(n, t, s) t* m_##n() {return (t *)(void *)(m_aggregate+SS3());} size_t SS4() {return SS3()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} +#define CRYPTOPP_BLOCK_5(n, t, s) t* m_##n() {return (t *)(void *)(m_aggregate+SS4());} size_t SS5() {return SS4()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} +#define CRYPTOPP_BLOCK_6(n, t, s) t* m_##n() {return (t *)(void *)(m_aggregate+SS5());} size_t SS6() {return SS5()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} +#define CRYPTOPP_BLOCK_7(n, t, s) t* m_##n() {return (t *)(void *)(m_aggregate+SS6());} size_t SS7() {return SS6()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} +#define CRYPTOPP_BLOCK_8(n, t, s) t* m_##n() {return (t *)(void *)(m_aggregate+SS7());} size_t SS8() {return SS7()+sizeof(t)*(s);} size_t m_##n##Size() {return (s);} +#define CRYPTOPP_BLOCKS_END(i) size_t SST() {return SS##i();} void AllocateBlocks() {m_aggregate.New(SST());} AlignedSecByteBlock m_aggregate; + +NAMESPACE_END + +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + +#endif diff --git a/libs/win_crypto++/include/modarith.h b/libs/win_crypto++/include/modarith.h new file mode 100644 index 0000000..80bc472 --- /dev/null +++ b/libs/win_crypto++/include/modarith.h @@ -0,0 +1,321 @@ +// modarith.h - written and placed in the public domain by Wei Dai + +//! \file modarith.h +//! \brief Class file for performing modular arithmetic. + +#ifndef CRYPTOPP_MODARITH_H +#define CRYPTOPP_MODARITH_H + +// implementations are in integer.cpp + +#include "cryptlib.h" +#include "integer.h" +#include "algebra.h" +#include "secblock.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +CRYPTOPP_DLL_TEMPLATE_CLASS AbstractGroup; +CRYPTOPP_DLL_TEMPLATE_CLASS AbstractRing; +CRYPTOPP_DLL_TEMPLATE_CLASS AbstractEuclideanDomain; + +//! \class ModularArithmetic +//! \brief Ring of congruence classes modulo n +//! \details This implementation represents each congruence class as the smallest +//! non-negative integer in that class. +//! \details const Element& returned by member functions are references +//! to internal data members. Since each object may have only +//! one such data member for holding results, the following code +//! will produce incorrect results: +//! 
    abcd = group.Add(group.Add(a,b), group.Add(c,d));
+//! But this should be fine: +//! 
    abcd = group.Add(a, group.Add(b, group.Add(c,d));
+class CRYPTOPP_DLL ModularArithmetic : public AbstractRing +{ +public: + + typedef int RandomizationParameter; + typedef Integer Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~ModularArithmetic() {} +#endif + + //! \brief Construct a ModularArithmetic + //! \param modulus congruence class modulus + ModularArithmetic(const Integer &modulus = Integer::One()) + : AbstractRing(), m_modulus(modulus), m_result((word)0, modulus.reg.size()) {} + + //! \brief Copy construct a ModularArithmetic + //! \param ma other ModularArithmetic + ModularArithmetic(const ModularArithmetic &ma) + : AbstractRing(), m_modulus(ma.m_modulus), m_result((word)0, ma.m_modulus.reg.size()) {} + + //! \brief Construct a ModularArithmetic + //! \param bt BER encoded ModularArithmetic + ModularArithmetic(BufferedTransformation &bt); // construct from BER encoded parameters + + //! \brief Clone a ModularArithmetic + //! \returns pointer to a new ModularArithmetic + //! \details Clone effectively copy constructs a new ModularArithmetic. The caller is + //! responsible for deleting the pointer returned from this method. + virtual ModularArithmetic * Clone() const {return new ModularArithmetic(*this);} + + //! \brief Encodes in DER format + //! \param bt BufferedTransformation object + void DEREncode(BufferedTransformation &bt) const; + + //! \brief Encodes element in DER format + //! \param out BufferedTransformation object + //! \param a Element to encode + void DEREncodeElement(BufferedTransformation &out, const Element &a) const; + + //! \brief Decodes element in DER format + //! \param in BufferedTransformation object + //! \param a Element to decode + void BERDecodeElement(BufferedTransformation &in, Element &a) const; + + //! \brief Retrieves the modulus + //! \returns the modulus + const Integer& GetModulus() const {return m_modulus;} + + //! \brief Sets the modulus + //! \param newModulus the new modulus + void SetModulus(const Integer &newModulus) + {m_modulus = newModulus; m_result.reg.resize(m_modulus.reg.size());} + + //! \brief Retrieves the representation + //! \returns true if the representation is MontgomeryRepresentation, false otherwise + virtual bool IsMontgomeryRepresentation() const {return false;} + + //! \brief Reduces an element in the congruence class + //! \param a element to convert + //! \returns the reduced element + //! \details ConvertIn is useful for derived classes, like MontgomeryRepresentation, which + //! must convert between representations. + virtual Integer ConvertIn(const Integer &a) const + {return a%m_modulus;} + + //! \brief Reduces an element in the congruence class + //! \param a element to convert + //! \returns the reduced element + //! \details ConvertOut is useful for derived classes, like MontgomeryRepresentation, which + //! must convert between representations. + virtual Integer ConvertOut(const Integer &a) const + {return a;} + + //! \brief TODO + //! \param a element to convert + const Integer& Half(const Integer &a) const; + + //! \brief Compare two elements for equality + //! \param a first element + //! \param b second element + //! \returns true if the elements are equal, false otherwise + //! \details Equal() tests the elements for equality using a==b + bool Equal(const Integer &a, const Integer &b) const + {return a==b;} + + //! \brief Provides the Identity element + //! \returns the Identity element + const Integer& Identity() const + {return Integer::Zero();} + + //! \brief Adds elements in the ring + //! \param a first element + //! \param b second element + //! \returns the sum of a and b + const Integer& Add(const Integer &a, const Integer &b) const; + + //! \brief TODO + //! \param a first element + //! \param b second element + //! \returns TODO + Integer& Accumulate(Integer &a, const Integer &b) const; + + //! \brief Inverts the element in the ring + //! \param a first element + //! \returns the inverse of the element + const Integer& Inverse(const Integer &a) const; + + //! \brief Subtracts elements in the ring + //! \param a first element + //! \param b second element + //! \returns the difference of a and b. The element a must provide a Subtract member function. + const Integer& Subtract(const Integer &a, const Integer &b) const; + + //! \brief TODO + //! \param a first element + //! \param b second element + //! \returns TODO + Integer& Reduce(Integer &a, const Integer &b) const; + + //! \brief Doubles an element in the ring + //! \param a the element + //! \returns the element doubled + //! \details Double returns Add(a, a). The element a must provide an Add member function. + const Integer& Double(const Integer &a) const + {return Add(a, a);} + + //! \brief Retrieves the multiplicative identity + //! \returns the multiplicative identity + //! \details the base class implementations returns 1. + const Integer& MultiplicativeIdentity() const + {return Integer::One();} + + //! \brief Multiplies elements in the ring + //! \param a the multiplicand + //! \param b the multiplier + //! \returns the product of a and b + //! \details Multiply returns a*b\%n. + const Integer& Multiply(const Integer &a, const Integer &b) const + {return m_result1 = a*b%m_modulus;} + + //! \brief Square an element in the ring + //! \param a the element + //! \returns the element squared + //! \details Square returns a*a\%n. The element a must provide a Square member function. + const Integer& Square(const Integer &a) const + {return m_result1 = a.Squared()%m_modulus;} + + //! \brief Determines whether an element is a unit in the ring + //! \param a the element + //! \returns true if the element is a unit after reduction, false otherwise. + bool IsUnit(const Integer &a) const + {return Integer::Gcd(a, m_modulus).IsUnit();} + + //! \brief Calculate the multiplicative inverse of an element in the ring + //! \param a the element + //! \details MultiplicativeInverse returns a-1\%n. The element a must + //! provide a InverseMod member function. + const Integer& MultiplicativeInverse(const Integer &a) const + {return m_result1 = a.InverseMod(m_modulus);} + + //! \brief Divides elements in the ring + //! \param a the dividend + //! \param b the divisor + //! \returns the quotient + //! \details Divide returns a*b-1\%n. + const Integer& Divide(const Integer &a, const Integer &b) const + {return Multiply(a, MultiplicativeInverse(b));} + + //! \brief TODO + //! \param x first element + //! \param e1 first exponent + //! \param y second element + //! \param e2 second exponent + //! \returns TODO + Integer CascadeExponentiate(const Integer &x, const Integer &e1, const Integer &y, const Integer &e2) const; + + //! \brief Exponentiates a base to multiple exponents in the ring + //! \param results an array of Elements + //! \param base the base to raise to the exponents + //! \param exponents an array of exponents + //! \param exponentsCount the number of exponents in the array + //! \details SimultaneousExponentiate() raises the base to each exponent in the exponents array and stores the + //! result at the respective position in the results array. + //! \details SimultaneousExponentiate() must be implemented in a derived class. + //! \pre COUNTOF(results) == exponentsCount + //! \pre COUNTOF(exponents) == exponentsCount + void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const; + + //! \brief Provides the maximum bit size of an element in the ring + //! \returns maximum bit size of an element + unsigned int MaxElementBitLength() const + {return (m_modulus-1).BitCount();} + + //! \brief Provides the maximum byte size of an element in the ring + //! \returns maximum byte size of an element + unsigned int MaxElementByteLength() const + {return (m_modulus-1).ByteCount();} + + //! \brief Provides a random element in the ring + //! \param rng RandomNumberGenerator used to generate material + //! \param ignore_for_now unused + //! \returns a random element that is uniformly distributed + //! \details RandomElement constructs a new element in the range [0,n-1], inclusive. + //! The element's class must provide a constructor with the signature Element(RandomNumberGenerator rng, + //! Element min, Element max). + Element RandomElement( RandomNumberGenerator &rng , const RandomizationParameter &ignore_for_now = 0) const + // left RandomizationParameter arg as ref in case RandomizationParameter becomes a more complicated struct + { + CRYPTOPP_UNUSED(ignore_for_now); + return Element(rng, Integer::Zero(), m_modulus - Integer::One()) ; + } + + //! \brief Compares two ModularArithmetic for equality + //! \param rhs other ModularArithmetic + //! \returns true if this is equal to the other, false otherwise + //! \details The operator tests for equality using this.m_modulus == rhs.m_modulus. + bool operator==(const ModularArithmetic &rhs) const + {return m_modulus == rhs.m_modulus;} + + static const RandomizationParameter DefaultRandomizationParameter ; + +protected: + Integer m_modulus; + mutable Integer m_result, m_result1; +}; + +// const ModularArithmetic::RandomizationParameter ModularArithmetic::DefaultRandomizationParameter = 0 ; + +//! \class MontgomeryRepresentation +//! \brief Performs modular arithmetic in Montgomery representation for increased speed +//! \details The Montgomery representation represents each congruence class [a] as +//! a*r\%n, where r is a convenient power of 2. +//! \details const Element& returned by member functions are references +//! to internal data members. Since each object may have only +//! one such data member for holding results, the following code +//! will produce incorrect results: +//! 
    abcd = group.Add(group.Add(a,b), group.Add(c,d));
+//! But this should be fine: +//! 
    abcd = group.Add(a, group.Add(b, group.Add(c,d));
+class CRYPTOPP_DLL MontgomeryRepresentation : public ModularArithmetic +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~MontgomeryRepresentation() {} +#endif + + //! \brief Construct a IsMontgomeryRepresentation + //! \param modulus congruence class modulus + //! \note The modulus must be odd. + MontgomeryRepresentation(const Integer &modulus); + + //! \brief Clone a MontgomeryRepresentation + //! \returns pointer to a new MontgomeryRepresentation + //! \details Clone effectively copy constructs a new MontgomeryRepresentation. The caller is + //! responsible for deleting the pointer returned from this method. + virtual ModularArithmetic * Clone() const {return new MontgomeryRepresentation(*this);} + + bool IsMontgomeryRepresentation() const {return true;} + + Integer ConvertIn(const Integer &a) const + {return (a<<(WORD_BITS*m_modulus.reg.size()))%m_modulus;} + + Integer ConvertOut(const Integer &a) const; + + const Integer& MultiplicativeIdentity() const + {return m_result1 = Integer::Power2(WORD_BITS*m_modulus.reg.size())%m_modulus;} + + const Integer& Multiply(const Integer &a, const Integer &b) const; + + const Integer& Square(const Integer &a) const; + + const Integer& MultiplicativeInverse(const Integer &a) const; + + Integer CascadeExponentiate(const Integer &x, const Integer &e1, const Integer &y, const Integer &e2) const + {return AbstractRing::CascadeExponentiate(x, e1, y, e2);} + + void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const + {AbstractRing::SimultaneousExponentiate(results, base, exponents, exponentsCount);} + +private: + Integer m_u; + mutable IntegerSecBlock m_workspace; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/modes.h b/libs/win_crypto++/include/modes.h new file mode 100644 index 0000000..7af1fab --- /dev/null +++ b/libs/win_crypto++/include/modes.h @@ -0,0 +1,485 @@ +// modes.h - written and placed in the public domain by Wei Dai + +//! \file modes.h +//! \brief Class file for modes of operation. + +#ifndef CRYPTOPP_MODES_H +#define CRYPTOPP_MODES_H + +#include "cryptlib.h" +#include "secblock.h" +#include "misc.h" +#include "strciphr.h" +#include "argnames.h" +#include "algparam.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class CipherModeDocumentation +//! \brief Block cipher mode of operation information +//! \details Each class derived from this one defines two types, Encryption and Decryption, +//! both of which implement the SymmetricCipher interface. +//! For each mode there are two classes, one of which is a template class, +//! and the other one has a name that ends in "_ExternalCipher". +//! The "external cipher" mode objects hold a reference to the underlying block cipher, +//! instead of holding an instance of it. The reference must be passed in to the constructor. +//! For the "cipher holder" classes, the CIPHER template parameter should be a class +//! derived from BlockCipherDocumentation, for example DES or AES. +//! \details See NIST SP 800-38A for definitions of these modes. See +//! AuthenticatedSymmetricCipherDocumentation for authenticated encryption modes. +struct CipherModeDocumentation : public SymmetricCipherDocumentation +{ +}; + +//! \class CipherModeBase +//! \brief Block cipher mode of operation information +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CipherModeBase : public SymmetricCipher +{ +public: + size_t MinKeyLength() const {return m_cipher->MinKeyLength();} + size_t MaxKeyLength() const {return m_cipher->MaxKeyLength();} + size_t DefaultKeyLength() const {return m_cipher->DefaultKeyLength();} + size_t GetValidKeyLength(size_t n) const {return m_cipher->GetValidKeyLength(n);} + bool IsValidKeyLength(size_t n) const {return m_cipher->IsValidKeyLength(n);} + + unsigned int OptimalDataAlignment() const {return m_cipher->OptimalDataAlignment();} + + unsigned int IVSize() const {return BlockSize();} + virtual IV_Requirement IVRequirement() const =0; + + void SetCipher(BlockCipher &cipher) + { + this->ThrowIfResynchronizable(); + this->m_cipher = &cipher; + this->ResizeBuffers(); + } + + void SetCipherWithIV(BlockCipher &cipher, const byte *iv, int feedbackSize = 0) + { + this->ThrowIfInvalidIV(iv); + this->m_cipher = &cipher; + this->ResizeBuffers(); + this->SetFeedbackSize(feedbackSize); + if (this->IsResynchronizable()) + this->Resynchronize(iv); + } + +protected: + CipherModeBase() : m_cipher(NULL) {} + inline unsigned int BlockSize() const {CRYPTOPP_ASSERT(m_register.size() > 0); return (unsigned int)m_register.size();} + virtual void SetFeedbackSize(unsigned int feedbackSize) + { + if (!(feedbackSize == 0 || feedbackSize == BlockSize())) + throw InvalidArgument("CipherModeBase: feedback size cannot be specified for this cipher mode"); + } + +// Thanks to Zireael, http://github.com/weidai11/cryptopp/pull/46 +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual void ResizeBuffers(); +#else + virtual void ResizeBuffers() + { + m_register.New(m_cipher->BlockSize()); + } +#endif + + BlockCipher *m_cipher; + AlignedSecByteBlock m_register; +}; + +//! \class ModePolicyCommonTemplate +//! \brief Block cipher mode of operation common operations +//! \tparam POLICY_INTERFACE common operations +template +class CRYPTOPP_NO_VTABLE ModePolicyCommonTemplate : public CipherModeBase, public POLICY_INTERFACE +{ + unsigned int GetAlignment() const {return m_cipher->OptimalDataAlignment();} + void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); +}; + +template +void ModePolicyCommonTemplate::CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) +{ + m_cipher->SetKey(key, length, params); + ResizeBuffers(); + int feedbackSize = params.GetIntValueWithDefault(Name::FeedbackSize(), 0); + SetFeedbackSize(feedbackSize); +} + +//! \class CFB_ModePolicy +//! \brief CFB block cipher mode of operation +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CFB_ModePolicy : public ModePolicyCommonTemplate +{ +public: + IV_Requirement IVRequirement() const {return RANDOM_IV;} + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "CFB";} + +protected: + unsigned int GetBytesPerIteration() const {return m_feedbackSize;} + byte * GetRegisterBegin() {return m_register + BlockSize() - m_feedbackSize;} + bool CanIterate() const {return m_feedbackSize == BlockSize();} + void Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount); + void TransformRegister(); + void CipherResynchronize(const byte *iv, size_t length); + void SetFeedbackSize(unsigned int feedbackSize); + void ResizeBuffers(); + + SecByteBlock m_temp; + unsigned int m_feedbackSize; +}; + +inline void CopyOrZero(void *dest, const void *src, size_t s) +{ + if (src) + memcpy_s(dest, s, src, s); + else + memset(dest, 0, s); +} + +//! \class OFB_ModePolicy +//! \brief OFB block cipher mode of operation +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE OFB_ModePolicy : public ModePolicyCommonTemplate +{ +public: + bool CipherIsRandomAccess() const {return false;} + IV_Requirement IVRequirement() const {return UNIQUE_IV;} + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "OFB";} + +private: + unsigned int GetBytesPerIteration() const {return BlockSize();} + unsigned int GetIterationsToBuffer() const {return m_cipher->OptimalNumberOfParallelBlocks();} + void WriteKeystream(byte *keystreamBuffer, size_t iterationCount); + void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); +}; + +//! \class CTR_ModePolicy +//! \brief CTR block cipher mode of operation +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CTR_ModePolicy : public ModePolicyCommonTemplate +{ +public: + bool CipherIsRandomAccess() const {return true;} + IV_Requirement IVRequirement() const {return RANDOM_IV;} + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "CTR";} + +protected: + virtual void IncrementCounterBy256(); + + unsigned int GetAlignment() const {return m_cipher->OptimalDataAlignment();} + unsigned int GetBytesPerIteration() const {return BlockSize();} + unsigned int GetIterationsToBuffer() const {return m_cipher->OptimalNumberOfParallelBlocks();} + void WriteKeystream(byte *buffer, size_t iterationCount) + {OperateKeystream(WRITE_KEYSTREAM, buffer, NULL, iterationCount);} + bool CanOperateKeystream() const {return true;} + void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); + void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); + void SeekToIteration(lword iterationCount); + + AlignedSecByteBlock m_counterArray; +}; + +//! \class BlockOrientedCipherModeBase +//! \brief Block cipher mode of operation default implementation +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE BlockOrientedCipherModeBase : public CipherModeBase +{ +public: + void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); + unsigned int MandatoryBlockSize() const {return BlockSize();} + bool IsRandomAccess() const {return false;} + bool IsSelfInverting() const {return false;} + bool IsForwardTransformation() const {return m_cipher->IsForwardTransformation();} + void Resynchronize(const byte *iv, int length=-1) {memcpy_s(m_register, m_register.size(), iv, ThrowIfInvalidIVLength(length));} + +protected: + bool RequireAlignedInput() const {return true;} + + // Thanks to Zireael, http://github.com/weidai11/cryptopp/pull/46 +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + void ResizeBuffers(); +#else + void ResizeBuffers() + { + CipherModeBase::ResizeBuffers(); + m_buffer.New(BlockSize()); + } +#endif + + SecByteBlock m_buffer; +}; + +//! \class ECB_OneWay +//! \brief ECB block cipher mode of operation default implementation +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE ECB_OneWay : public BlockOrientedCipherModeBase +{ +public: + void SetKey(const byte *key, size_t length, const NameValuePairs ¶ms = g_nullNameValuePairs) + {m_cipher->SetKey(key, length, params); BlockOrientedCipherModeBase::ResizeBuffers();} + IV_Requirement IVRequirement() const {return NOT_RESYNCHRONIZABLE;} + unsigned int OptimalBlockSize() const {return BlockSize() * m_cipher->OptimalNumberOfParallelBlocks();} + void ProcessData(byte *outString, const byte *inString, size_t length); + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "ECB";} +}; + +//! \class CBC_ModeBase +//! \brief CBC block cipher mode of operation default implementation +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_ModeBase : public BlockOrientedCipherModeBase +{ +public: + IV_Requirement IVRequirement() const {return UNPREDICTABLE_RANDOM_IV;} + bool RequireAlignedInput() const {return false;} + unsigned int MinLastBlockSize() const {return 0;} + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "CBC";} +}; + +//! \class CBC_Encryption +//! \brief CBC block cipher mode of operation encryption operation +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_Encryption : public CBC_ModeBase +{ +public: + void ProcessData(byte *outString, const byte *inString, size_t length); +}; + +//! \class CBC_CTS_Encryption +//! \brief CBC-CTS block cipher mode of operation encryption operation +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_CTS_Encryption : public CBC_Encryption +{ +public: + void SetStolenIV(byte *iv) {m_stolenIV = iv;} + unsigned int MinLastBlockSize() const {return BlockSize()+1;} + void ProcessLastBlock(byte *outString, const byte *inString, size_t length); + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "CBC/CTS";} + +protected: + void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) + { + CBC_Encryption::UncheckedSetKey(key, length, params); + m_stolenIV = params.GetValueWithDefault(Name::StolenIV(), (byte *)NULL); + } + + byte *m_stolenIV; +}; + +//! \class CBC_Decryption +//! \brief CBC block cipher mode of operation decryption operation +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_Decryption : public CBC_ModeBase +{ +public: + void ProcessData(byte *outString, const byte *inString, size_t length); + +protected: + + // Thanks to Zireael, http://github.com/weidai11/cryptopp/pull/46 +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + void ResizeBuffers(); +#else + void ResizeBuffers() + { + BlockOrientedCipherModeBase::ResizeBuffers(); + m_temp.New(BlockSize()); + } +#endif + + AlignedSecByteBlock m_temp; +}; + +//! \class CBC_CTS_Decryption +//! \brief CBC-CTS block cipher mode of operation decryption operation +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CBC_CTS_Decryption : public CBC_Decryption +{ +public: + unsigned int MinLastBlockSize() const {return BlockSize()+1;} + void ProcessLastBlock(byte *outString, const byte *inString, size_t length); +}; + +//! \class CipherModeFinalTemplate_CipherHolder +//! \brief Block cipher mode of operation aggregate +template +class CipherModeFinalTemplate_CipherHolder : protected ObjectHolder, public AlgorithmImpl > +{ +public: + CipherModeFinalTemplate_CipherHolder() + { + this->m_cipher = &this->m_object; + this->ResizeBuffers(); + } + CipherModeFinalTemplate_CipherHolder(const byte *key, size_t length) + { + this->m_cipher = &this->m_object; + this->SetKey(key, length); + } + CipherModeFinalTemplate_CipherHolder(const byte *key, size_t length, const byte *iv) + { + this->m_cipher = &this->m_object; + this->SetKey(key, length, MakeParameters(Name::IV(), ConstByteArrayParameter(iv, this->m_cipher->BlockSize()))); + } + CipherModeFinalTemplate_CipherHolder(const byte *key, size_t length, const byte *iv, int feedbackSize) + { + this->m_cipher = &this->m_object; + this->SetKey(key, length, MakeParameters(Name::IV(), ConstByteArrayParameter(iv, this->m_cipher->BlockSize()))(Name::FeedbackSize(), feedbackSize)); + } + + static std::string CRYPTOPP_API StaticAlgorithmName() + {return CIPHER::StaticAlgorithmName() + "/" + BASE::StaticAlgorithmName();} +}; + +//! \class CipherModeFinalTemplate_ExternalCipher +//! \tparam BASE CipherModeFinalTemplate_CipherHolder base class +//! \details +template +class CipherModeFinalTemplate_ExternalCipher : public BASE +{ +public: + CipherModeFinalTemplate_ExternalCipher() {} + CipherModeFinalTemplate_ExternalCipher(BlockCipher &cipher) + {this->SetCipher(cipher);} + CipherModeFinalTemplate_ExternalCipher(BlockCipher &cipher, const byte *iv, int feedbackSize = 0) + {this->SetCipherWithIV(cipher, iv, feedbackSize);} + + std::string AlgorithmName() const + {return (this->m_cipher ? this->m_cipher->AlgorithmName() + "/" : std::string("")) + BASE::StaticAlgorithmName();} +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS CFB_CipherTemplate >; +CRYPTOPP_DLL_TEMPLATE_CLASS CFB_EncryptionTemplate >; +CRYPTOPP_DLL_TEMPLATE_CLASS CFB_DecryptionTemplate >; + +//! \class CFB_Mode +//! \brief CFB block cipher mode of operation. +template +struct CFB_Mode : public CipherModeDocumentation +{ + typedef CipherModeFinalTemplate_CipherHolder > > > Encryption; + typedef CipherModeFinalTemplate_CipherHolder > > > Decryption; +}; + +//! \class CFB_Mode_ExternalCipher +//! \brief CFB mode, external cipher. +struct CFB_Mode_ExternalCipher : public CipherModeDocumentation +{ + typedef CipherModeFinalTemplate_ExternalCipher > > > Encryption; + typedef CipherModeFinalTemplate_ExternalCipher > > > Decryption; +}; + +//! \class CFB_FIPS_Mode +//! \brief CFB block cipher mode of operation providing FIPS validated cryptography. +//! \details Requires full block plaintext according to FIPS 800-38A +template +struct CFB_FIPS_Mode : public CipherModeDocumentation +{ + typedef CipherModeFinalTemplate_CipherHolder > > > > Encryption; + typedef CipherModeFinalTemplate_CipherHolder > > > > Decryption; +}; + +//! \class CFB_FIPS_Mode_ExternalCipher +//! \brief CFB mode, external cipher, providing FIPS validated cryptography. +//! \details Requires full block plaintext according to FIPS 800-38A +struct CFB_FIPS_Mode_ExternalCipher : public CipherModeDocumentation +{ + typedef CipherModeFinalTemplate_ExternalCipher > > > > Encryption; + typedef CipherModeFinalTemplate_ExternalCipher > > > > Decryption; +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS AdditiveCipherTemplate >; + +//! \class OFB_Mode +//! \brief OFB block cipher mode of operation. +template +struct OFB_Mode : public CipherModeDocumentation +{ + typedef CipherModeFinalTemplate_CipherHolder > > > Encryption; + typedef Encryption Decryption; +}; + +//! \class OFB_Mode_ExternalCipher +//! \brief OFB mode, external cipher. +struct OFB_Mode_ExternalCipher : public CipherModeDocumentation +{ + typedef CipherModeFinalTemplate_ExternalCipher > > > Encryption; + typedef Encryption Decryption; +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS AdditiveCipherTemplate >; +CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher > > >; + +//! \class CTR_Mode +//! \brief CTR block cipher mode of operation. +template +struct CTR_Mode : public CipherModeDocumentation +{ + typedef CipherModeFinalTemplate_CipherHolder > > > Encryption; + typedef Encryption Decryption; +}; + +//! \class CTR_Mode_ExternalCipher +//! \brief CTR mode, external cipher. +struct CTR_Mode_ExternalCipher : public CipherModeDocumentation +{ + typedef CipherModeFinalTemplate_ExternalCipher > > > Encryption; + typedef Encryption Decryption; +}; + +//! \class ECB_Mode +//! \brief ECB block cipher mode of operation. +template +struct ECB_Mode : public CipherModeDocumentation +{ + typedef CipherModeFinalTemplate_CipherHolder Encryption; + typedef CipherModeFinalTemplate_CipherHolder Decryption; +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher; + +//! \class ECB_Mode_ExternalCipher +//! \brief ECB mode, external cipher. +struct ECB_Mode_ExternalCipher : public CipherModeDocumentation +{ + typedef CipherModeFinalTemplate_ExternalCipher Encryption; + typedef Encryption Decryption; +}; + +//! CBC mode +template +struct CBC_Mode : public CipherModeDocumentation +{ + typedef CipherModeFinalTemplate_CipherHolder Encryption; + typedef CipherModeFinalTemplate_CipherHolder Decryption; +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher; +CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher; + +//! CBC mode, external cipher +struct CBC_Mode_ExternalCipher : public CipherModeDocumentation +{ + typedef CipherModeFinalTemplate_ExternalCipher Encryption; + typedef CipherModeFinalTemplate_ExternalCipher Decryption; +}; + +//! CBC mode with ciphertext stealing +template +struct CBC_CTS_Mode : public CipherModeDocumentation +{ + typedef CipherModeFinalTemplate_CipherHolder Encryption; + typedef CipherModeFinalTemplate_CipherHolder Decryption; +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher; +CRYPTOPP_DLL_TEMPLATE_CLASS CipherModeFinalTemplate_ExternalCipher; + +//! \class CBC_CTS_Mode_ExternalCipher +//! \brief CBC mode with ciphertext stealing, external cipher +struct CBC_CTS_Mode_ExternalCipher : public CipherModeDocumentation +{ + typedef CipherModeFinalTemplate_ExternalCipher Encryption; + typedef CipherModeFinalTemplate_ExternalCipher Decryption; +}; + +#ifdef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY +typedef CFB_Mode_ExternalCipher::Encryption CFBEncryption; +typedef CFB_Mode_ExternalCipher::Decryption CFBDecryption; +typedef OFB_Mode_ExternalCipher::Encryption OFB; +typedef CTR_Mode_ExternalCipher::Encryption CounterMode; +#endif + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/modexppc.h b/libs/win_crypto++/include/modexppc.h new file mode 100644 index 0000000..73c565e --- /dev/null +++ b/libs/win_crypto++/include/modexppc.h @@ -0,0 +1,37 @@ +#ifndef CRYPTOPP_MODEXPPC_H +#define CRYPTOPP_MODEXPPC_H + +#include "cryptlib.h" +#include "modarith.h" +#include "integer.h" +#include "algebra.h" +#include "eprecomp.h" +#include "smartptr.h" +#include "pubkey.h" + +NAMESPACE_BEGIN(CryptoPP) + +CRYPTOPP_DLL_TEMPLATE_CLASS DL_FixedBasePrecomputationImpl; + +class ModExpPrecomputation : public DL_GroupPrecomputation +{ +public: + // DL_GroupPrecomputation + bool NeedConversions() const {return true;} + Element ConvertIn(const Element &v) const {return m_mr->ConvertIn(v);} + virtual Element ConvertOut(const Element &v) const {return m_mr->ConvertOut(v);} + const AbstractGroup & GetGroup() const {return m_mr->MultiplicativeGroup();} + Element BERDecodeElement(BufferedTransformation &bt) const {return Integer(bt);} + void DEREncodeElement(BufferedTransformation &bt, const Element &v) const {v.DEREncode(bt);} + + // non-inherited + void SetModulus(const Integer &v) {m_mr.reset(new MontgomeryRepresentation(v));} + const Integer & GetModulus() const {return m_mr->GetModulus();} + +private: + value_ptr m_mr; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/mqueue.h b/libs/win_crypto++/include/mqueue.h new file mode 100644 index 0000000..702cb2d --- /dev/null +++ b/libs/win_crypto++/include/mqueue.h @@ -0,0 +1,105 @@ +#ifndef CRYPTOPP_MQUEUE_H +#define CRYPTOPP_MQUEUE_H + +#include "cryptlib.h" +#include "queue.h" +#include "filters.h" +#include "misc.h" + +#include + +NAMESPACE_BEGIN(CryptoPP) + +//! Message Queue +class CRYPTOPP_DLL MessageQueue : public AutoSignaling +{ +public: + MessageQueue(unsigned int nodeSize=256); + + void IsolatedInitialize(const NameValuePairs ¶meters) + {m_queue.IsolatedInitialize(parameters); m_lengths.assign(1, 0U); m_messageCounts.assign(1, 0U);} + size_t Put2(const byte *begin, size_t length, int messageEnd, bool blocking) + { + CRYPTOPP_UNUSED(blocking); + m_queue.Put(begin, length); + m_lengths.back() += length; + if (messageEnd) + { + m_lengths.push_back(0); + m_messageCounts.back()++; + } + return 0; + } + bool IsolatedFlush(bool hardFlush, bool blocking) + {CRYPTOPP_UNUSED(hardFlush), CRYPTOPP_UNUSED(blocking); return false;} + bool IsolatedMessageSeriesEnd(bool blocking) + {CRYPTOPP_UNUSED(blocking); m_messageCounts.push_back(0); return false;} + + lword MaxRetrievable() const + {return m_lengths.front();} + bool AnyRetrievable() const + {return m_lengths.front() > 0;} + + size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); + size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; + + lword TotalBytesRetrievable() const + {return m_queue.MaxRetrievable();} + unsigned int NumberOfMessages() const + {return (unsigned int)m_lengths.size()-1;} + bool GetNextMessage(); + + unsigned int NumberOfMessagesInThisSeries() const + {return m_messageCounts[0];} + unsigned int NumberOfMessageSeries() const + {return (unsigned int)m_messageCounts.size()-1;} + + unsigned int CopyMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) const; + + const byte * Spy(size_t &contiguousSize) const; + + void swap(MessageQueue &rhs); + +private: + ByteQueue m_queue; + std::deque m_lengths; + std::deque m_messageCounts; +}; + + +//! A filter that checks messages on two channels for equality +class CRYPTOPP_DLL EqualityComparisonFilter : public Unflushable > +{ +public: + struct MismatchDetected : public Exception {MismatchDetected() : Exception(DATA_INTEGRITY_CHECK_FAILED, "EqualityComparisonFilter: did not receive the same data on two channels") {}}; + + /*! if throwIfNotEqual is false, this filter will output a '\\0' byte when it detects a mismatch, '\\1' otherwise */ + EqualityComparisonFilter(BufferedTransformation *attachment=NULL, bool throwIfNotEqual=true, const std::string &firstChannel="0", const std::string &secondChannel="1") + : m_throwIfNotEqual(throwIfNotEqual), m_mismatchDetected(false) + , m_firstChannel(firstChannel), m_secondChannel(secondChannel) + {Detach(attachment);} + + size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking); + bool ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1, bool blocking=true); + +private: + unsigned int MapChannel(const std::string &channel) const; + bool HandleMismatchDetected(bool blocking); + + bool m_throwIfNotEqual, m_mismatchDetected; + std::string m_firstChannel, m_secondChannel; + MessageQueue m_q[2]; +}; + +NAMESPACE_END + +#ifndef __BORLANDC__ +NAMESPACE_BEGIN(std) +template<> inline void swap(CryptoPP::MessageQueue &a, CryptoPP::MessageQueue &b) +{ + a.swap(b); +} +NAMESPACE_END +#endif + +#endif diff --git a/libs/win_crypto++/include/mqv.h b/libs/win_crypto++/include/mqv.h new file mode 100644 index 0000000..ca6a82c --- /dev/null +++ b/libs/win_crypto++/include/mqv.h @@ -0,0 +1,221 @@ +// mqv.h - written and placed in the public domain by Wei Dai + +//! \file mqv.h +//! \brief Classes for Menezes–Qu–Vanstone (MQV) key agreement + +#ifndef CRYPTOPP_MQV_H +#define CRYPTOPP_MQV_H + +#include "cryptlib.h" +#include "gfpcrypt.h" +#include "modarith.h" +#include "integer.h" +#include "algebra.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class MQV_Domain +//! \brief MQV domain for performing authenticated key agreement +//! \tparam GROUP_PARAMETERS doamin parameters +//! \tparam COFACTOR_OPTION cofactor option +//! \details GROUP_PARAMETERS paramters include the curve coefcients and the base point. +//! Binary curves use a polynomial to represent its characteristic, while prime curves +//! use a prime number. +//! \sa MQV, HMQV, FHMQV, and AuthenticatedKeyAgreementDomain +template +class MQV_Domain : public AuthenticatedKeyAgreementDomain +{ +public: + typedef GROUP_PARAMETERS GroupParameters; + typedef typename GroupParameters::Element Element; + typedef MQV_Domain Domain; + + //! \brief Construct a MQV domain + MQV_Domain() {} + + //! \brief Construct a MQV domain + //! \param params group parameters and options + MQV_Domain(const GroupParameters ¶ms) + : m_groupParameters(params) {} + + //! \brief Construct a MQV domain + //! \param bt BufferedTransformation with group parameters and options + MQV_Domain(BufferedTransformation &bt) + {m_groupParameters.BERDecode(bt);} + + //! \brief Construct a MQV domain + //! \tparam T1 template parameter used as a constructor parameter + //! \tparam T2 template parameter used as a constructor parameter + //! \param v1 first parameter + //! \param v2 second parameter + //! \details v1 and v2 are passed directly to the GROUP_PARAMETERS object. + template + MQV_Domain(T1 v1, T2 v2) + {m_groupParameters.Initialize(v1, v2);} + + //! \brief Construct a MQV domain + //! \tparam T1 template parameter used as a constructor parameter + //! \tparam T2 template parameter used as a constructor parameter + //! \tparam T3 template parameter used as a constructor parameter + //! \param v1 first parameter + //! \param v2 second parameter + //! \param v3 third parameter + //! \details v1, v2 and v3 are passed directly to the GROUP_PARAMETERS object. + template + MQV_Domain(T1 v1, T2 v2, T3 v3) + {m_groupParameters.Initialize(v1, v2, v3);} + + //! \brief Construct a MQV domain + //! \tparam T1 template parameter used as a constructor parameter + //! \tparam T2 template parameter used as a constructor parameter + //! \tparam T3 template parameter used as a constructor parameter + //! \tparam T4 template parameter used as a constructor parameter + //! \param v1 first parameter + //! \param v2 second parameter + //! \param v3 third parameter + //! \param v4 third parameter + //! \details v1, v2, v3 and v4 are passed directly to the GROUP_PARAMETERS object. + template + MQV_Domain(T1 v1, T2 v2, T3 v3, T4 v4) + {m_groupParameters.Initialize(v1, v2, v3, v4);} + + //! \brief Retrieves the group parameters for this domain + //! \return the group parameters for this domain as a const reference + const GroupParameters & GetGroupParameters() const {return m_groupParameters;} + + //! \brief Retrieves the group parameters for this domain + //! \return the group parameters for this domain as a non-const reference + GroupParameters & AccessGroupParameters() {return m_groupParameters;} + + //! \brief Retrieves the crypto parameters for this domain + //! \return the crypto parameters for this domain as a non-const reference + CryptoParameters & AccessCryptoParameters() {return AccessAbstractGroupParameters();} + + //! \brief Provides the size of the agreed value + //! \return size of agreed value produced in this domain + //! \details The length is calculated using GetEncodedElementSize(false), which means the + //! element is encoded in a non-reversible format. A non-reversible format means its a raw byte array, + //! and it lacks presentation format like an ASN.1 BIT_STRING or OCTET_STRING. + unsigned int AgreedValueLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(false);} + + //! \brief Provides the size of the static private key + //! \return size of static private keys in this domain + //! \details The length is calculated using the byte count of the subgroup order. + unsigned int StaticPrivateKeyLength() const {return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();} + + //! \brief Provides the size of the static public key + //! \return size of static public keys in this domain + //! \details The length is calculated using GetEncodedElementSize(true), which means the + //! element is encoded in a reversible format. A reversible format means it has a presentation format, + //! and its an ANS.1 encoded element or point. + unsigned int StaticPublicKeyLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(true);} + + //! \brief Generate static private key in this domain + //! \param rng a RandomNumberGenerator derived class + //! \param privateKey a byte buffer for the generated private key in this domain + //! \details The private key is a random scalar used as an exponent in the range [1,MaxExponent()]. + //! \pre COUNTOF(privateKey) == PrivateStaticKeyLength() + void GenerateStaticPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const + { + Integer x(rng, Integer::One(), GetAbstractGroupParameters().GetMaxExponent()); + x.Encode(privateKey, StaticPrivateKeyLength()); + } + + //! \brief Generate a static public key from a private key in this domain + //! \param rng a RandomNumberGenerator derived class + //! \param privateKey a byte buffer with the previously generated private key + //! \param publicKey a byte buffer for the generated public key in this domain + //! \details The public key is an element or point on the curve, and its stored in a revrsible format. + //! A reversible format means it has a presentation format, and its an ANS.1 encoded element or point. + //! \pre COUNTOF(publicKey) == PublicStaticKeyLength() + void GenerateStaticPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const + { + CRYPTOPP_UNUSED(rng); + const DL_GroupParameters ¶ms = GetAbstractGroupParameters(); + Integer x(privateKey, StaticPrivateKeyLength()); + Element y = params.ExponentiateBase(x); + params.EncodeElement(true, y, publicKey); + } + + unsigned int EphemeralPrivateKeyLength() const {return StaticPrivateKeyLength() + StaticPublicKeyLength();} + unsigned int EphemeralPublicKeyLength() const {return StaticPublicKeyLength();} + + void GenerateEphemeralPrivateKey(RandomNumberGenerator &rng, byte *privateKey) const + { + const DL_GroupParameters ¶ms = GetAbstractGroupParameters(); + Integer x(rng, Integer::One(), params.GetMaxExponent()); + x.Encode(privateKey, StaticPrivateKeyLength()); + Element y = params.ExponentiateBase(x); + params.EncodeElement(true, y, privateKey+StaticPrivateKeyLength()); + } + + void GenerateEphemeralPublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const + { + CRYPTOPP_UNUSED(rng); + memcpy(publicKey, privateKey+StaticPrivateKeyLength(), EphemeralPublicKeyLength()); + } + + bool Agree(byte *agreedValue, + const byte *staticPrivateKey, const byte *ephemeralPrivateKey, + const byte *staticOtherPublicKey, const byte *ephemeralOtherPublicKey, + bool validateStaticOtherPublicKey=true) const + { + try + { + const DL_GroupParameters ¶ms = GetAbstractGroupParameters(); + Element WW = params.DecodeElement(staticOtherPublicKey, validateStaticOtherPublicKey); + Element VV = params.DecodeElement(ephemeralOtherPublicKey, true); + + Integer s(staticPrivateKey, StaticPrivateKeyLength()); + Integer u(ephemeralPrivateKey, StaticPrivateKeyLength()); + Element V = params.DecodeElement(ephemeralPrivateKey+StaticPrivateKeyLength(), false); + + const Integer &r = params.GetSubgroupOrder(); + Integer h2 = Integer::Power2((r.BitCount()+1)/2); + Integer e = ((h2+params.ConvertElementToInteger(V)%h2)*s+u) % r; + Integer tt = h2 + params.ConvertElementToInteger(VV) % h2; + + if (COFACTOR_OPTION::ToEnum() == NO_COFACTOR_MULTIPLICTION) + { + Element P = params.ExponentiateElement(WW, tt); + P = m_groupParameters.MultiplyElements(P, VV); + Element R[2]; + const Integer e2[2] = {r, e}; + params.SimultaneousExponentiate(R, P, e2, 2); + if (!params.IsIdentity(R[0]) || params.IsIdentity(R[1])) + return false; + params.EncodeElement(false, R[1], agreedValue); + } + else + { + const Integer &k = params.GetCofactor(); + if (COFACTOR_OPTION::ToEnum() == COMPATIBLE_COFACTOR_MULTIPLICTION) + e = ModularArithmetic(r).Divide(e, k); + Element P = m_groupParameters.CascadeExponentiate(VV, k*e, WW, k*(e*tt%r)); + if (params.IsIdentity(P)) + return false; + params.EncodeElement(false, P, agreedValue); + } + } + catch (DL_BadElement &) + { + return false; + } + return true; + } + +private: + DL_GroupParameters & AccessAbstractGroupParameters() {return m_groupParameters;} + const DL_GroupParameters & GetAbstractGroupParameters() const {return m_groupParameters;} + + GroupParameters m_groupParameters; +}; + +//! Menezes-Qu-Vanstone in GF(p) with key validation, AKA MQV +//! \sa MQV, HMQV_Domain, FHMQV_Domain, AuthenticatedKeyAgreementDomain +typedef MQV_Domain MQV; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/nbtheory.h b/libs/win_crypto++/include/nbtheory.h new file mode 100644 index 0000000..f24d084 --- /dev/null +++ b/libs/win_crypto++/include/nbtheory.h @@ -0,0 +1,173 @@ +// nbtheory.h - written and placed in the public domain by Wei Dai + +//! \file nbtheory.h +//! \brief Classes and functions for number theoretic operations + +#ifndef CRYPTOPP_NBTHEORY_H +#define CRYPTOPP_NBTHEORY_H + +#include "cryptlib.h" +#include "integer.h" +#include "algparam.h" + +NAMESPACE_BEGIN(CryptoPP) + +// obtain pointer to small prime table and get its size +CRYPTOPP_DLL const word16 * CRYPTOPP_API GetPrimeTable(unsigned int &size); + +// ************ primality testing **************** + +//! \brief Generates a provable prime +//! \param rng a RandomNumberGenerator to produce keying material +//! \param bits the number of bits in the prime number +//! \returns Integer() meeting Maurer's tests for primality +CRYPTOPP_DLL Integer CRYPTOPP_API MaurerProvablePrime(RandomNumberGenerator &rng, unsigned int bits); + +//! \brief Generates a provable prime +//! \param rng a RandomNumberGenerator to produce keying material +//! \param bits the number of bits in the prime number +//! \returns Integer() meeting Mihailescu's tests for primality +//! \details Mihailescu's methods performs a search using algorithmic progressions. +CRYPTOPP_DLL Integer CRYPTOPP_API MihailescuProvablePrime(RandomNumberGenerator &rng, unsigned int bits); + +//! \brief Tests whether a number is a small prime +//! \param p a candidate prime to test +//! \returns true if p is a small prime, false otherwise +//! \details Internally, the library maintains a table fo the first 32719 prime numbers +//! in sorted order. IsSmallPrime() searches the table and returns true if p is +//! in the table. +CRYPTOPP_DLL bool CRYPTOPP_API IsSmallPrime(const Integer &p); + +//! +//! \returns true if p is divisible by some prime less than bound. +//! \details TrialDivision() true if p is divisible by some prime less than bound. bound not be +//! greater than the largest entry in the prime table, which is 32719. +CRYPTOPP_DLL bool CRYPTOPP_API TrialDivision(const Integer &p, unsigned bound); + +// returns true if p is NOT divisible by small primes +CRYPTOPP_DLL bool CRYPTOPP_API SmallDivisorsTest(const Integer &p); + +// These is no reason to use these two, use the ones below instead +CRYPTOPP_DLL bool CRYPTOPP_API IsFermatProbablePrime(const Integer &n, const Integer &b); +CRYPTOPP_DLL bool CRYPTOPP_API IsLucasProbablePrime(const Integer &n); + +CRYPTOPP_DLL bool CRYPTOPP_API IsStrongProbablePrime(const Integer &n, const Integer &b); +CRYPTOPP_DLL bool CRYPTOPP_API IsStrongLucasProbablePrime(const Integer &n); + +// Rabin-Miller primality test, i.e. repeating the strong probable prime test +// for several rounds with random bases +CRYPTOPP_DLL bool CRYPTOPP_API RabinMillerTest(RandomNumberGenerator &rng, const Integer &w, unsigned int rounds); + +//! \brief Verifies a prime number +//! \param p a candidate prime to test +//! \returns true if p is a probable prime, false otherwise +//! \details IsPrime() is suitable for testing candidate primes when creating them. Internally, +//! IsPrime() utilizes SmallDivisorsTest(), IsStrongProbablePrime() and IsStrongLucasProbablePrime(). +CRYPTOPP_DLL bool CRYPTOPP_API IsPrime(const Integer &p); + +//! \brief Verifies a prime number +//! \param rng a RandomNumberGenerator for randomized testing +//! \param p a candidate prime to test +//! \param level the level of thoroughness of testing +//! \returns true if p is a strong probable prime, false otherwise +//! \details VerifyPrime() is suitable for testing candidate primes created by others. Internally, +//! VerifyPrime() utilizes IsPrime() and one-round RabinMillerTest(). If the candiate passes and +//! level is greater than 1, then 10 round RabinMillerTest() primality testing is performed. +CRYPTOPP_DLL bool CRYPTOPP_API VerifyPrime(RandomNumberGenerator &rng, const Integer &p, unsigned int level = 1); + +//! \class PrimeSelector +//! \brief Application callback to signal suitability of a cabdidate prime +class CRYPTOPP_DLL PrimeSelector +{ +public: + const PrimeSelector *GetSelectorPointer() const {return this;} + virtual bool IsAcceptable(const Integer &candidate) const =0; +}; + +//! \brief Finds a random prime of special form +//! \param p an Integer reference to receive the prime +//! \param max the maximum value +//! \param equiv the equivalence class based on the parameter mod +//! \param mod the modulus used to reduce the equivalence class +//! \param pSelector pointer to a PrimeSelector function for the application to signal suitability +//! \returns true if and only if FirstPrime() finds a prime and returns the prime through p. If FirstPrime() +//! returns false, then no such prime exists and the value of p is undefined +//! \details FirstPrime() uses a fast sieve to find the first probable prime +//! in {x | p<=x<=max and x%mod==equiv} +CRYPTOPP_DLL bool CRYPTOPP_API FirstPrime(Integer &p, const Integer &max, const Integer &equiv, const Integer &mod, const PrimeSelector *pSelector); + +CRYPTOPP_DLL unsigned int CRYPTOPP_API PrimeSearchInterval(const Integer &max); + +CRYPTOPP_DLL AlgorithmParameters CRYPTOPP_API MakeParametersForTwoPrimesOfEqualSize(unsigned int productBitLength); + +// ********** other number theoretic functions ************ + +inline Integer GCD(const Integer &a, const Integer &b) + {return Integer::Gcd(a,b);} +inline bool RelativelyPrime(const Integer &a, const Integer &b) + {return Integer::Gcd(a,b) == Integer::One();} +inline Integer LCM(const Integer &a, const Integer &b) + {return a/Integer::Gcd(a,b)*b;} +inline Integer EuclideanMultiplicativeInverse(const Integer &a, const Integer &b) + {return a.InverseMod(b);} + +// use Chinese Remainder Theorem to calculate x given x mod p and x mod q, and u = inverse of p mod q +CRYPTOPP_DLL Integer CRYPTOPP_API CRT(const Integer &xp, const Integer &p, const Integer &xq, const Integer &q, const Integer &u); + +// if b is prime, then Jacobi(a, b) returns 0 if a%b==0, 1 if a is quadratic residue mod b, -1 otherwise +// check a number theory book for what Jacobi symbol means when b is not prime +CRYPTOPP_DLL int CRYPTOPP_API Jacobi(const Integer &a, const Integer &b); + +// calculates the Lucas function V_e(p, 1) mod n +CRYPTOPP_DLL Integer CRYPTOPP_API Lucas(const Integer &e, const Integer &p, const Integer &n); +// calculates x such that m==Lucas(e, x, p*q), p q primes, u=inverse of p mod q +CRYPTOPP_DLL Integer CRYPTOPP_API InverseLucas(const Integer &e, const Integer &m, const Integer &p, const Integer &q, const Integer &u); + +inline Integer ModularExponentiation(const Integer &a, const Integer &e, const Integer &m) + {return a_exp_b_mod_c(a, e, m);} +// returns x such that x*x%p == a, p prime +CRYPTOPP_DLL Integer CRYPTOPP_API ModularSquareRoot(const Integer &a, const Integer &p); +// returns x such that a==ModularExponentiation(x, e, p*q), p q primes, +// and e relatively prime to (p-1)*(q-1) +// dp=d%(p-1), dq=d%(q-1), (d is inverse of e mod (p-1)*(q-1)) +// and u=inverse of p mod q +CRYPTOPP_DLL Integer CRYPTOPP_API ModularRoot(const Integer &a, const Integer &dp, const Integer &dq, const Integer &p, const Integer &q, const Integer &u); + +// find r1 and r2 such that ax^2 + bx + c == 0 (mod p) for x in {r1, r2}, p prime +// returns true if solutions exist +CRYPTOPP_DLL bool CRYPTOPP_API SolveModularQuadraticEquation(Integer &r1, Integer &r2, const Integer &a, const Integer &b, const Integer &c, const Integer &p); + +// returns log base 2 of estimated number of operations to calculate discrete log or factor a number +CRYPTOPP_DLL unsigned int CRYPTOPP_API DiscreteLogWorkFactor(unsigned int bitlength); +CRYPTOPP_DLL unsigned int CRYPTOPP_API FactoringWorkFactor(unsigned int bitlength); + +// ******************************************************** + +//! generator of prime numbers of special forms +class CRYPTOPP_DLL PrimeAndGenerator +{ +public: + PrimeAndGenerator() {} + // generate a random prime p of the form 2*q+delta, where delta is 1 or -1 and q is also prime + // Precondition: pbits > 5 + // warning: this is slow, because primes of this form are harder to find + PrimeAndGenerator(signed int delta, RandomNumberGenerator &rng, unsigned int pbits) + {Generate(delta, rng, pbits, pbits-1);} + // generate a random prime p of the form 2*r*q+delta, where q is also prime + // Precondition: qbits > 4 && pbits > qbits + PrimeAndGenerator(signed int delta, RandomNumberGenerator &rng, unsigned int pbits, unsigned qbits) + {Generate(delta, rng, pbits, qbits);} + + void Generate(signed int delta, RandomNumberGenerator &rng, unsigned int pbits, unsigned qbits); + + const Integer& Prime() const {return p;} + const Integer& SubPrime() const {return q;} + const Integer& Generator() const {return g;} + +private: + Integer p, q, g; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/network.h b/libs/win_crypto++/include/network.h new file mode 100644 index 0000000..f1cb642 --- /dev/null +++ b/libs/win_crypto++/include/network.h @@ -0,0 +1,234 @@ +#ifndef CRYPTOPP_NETWORK_H +#define CRYPTOPP_NETWORK_H + +#include "config.h" + +#if !defined(NO_OS_DEPENDENCE) && defined(SOCKETS_AVAILABLE) + +#include "filters.h" +#include "hrtimer.h" +#include "stdcpp.h" + +NAMESPACE_BEGIN(CryptoPP) + +class LimitedBandwidth +{ +public: + LimitedBandwidth(lword maxBytesPerSecond = 0) + : m_maxBytesPerSecond(maxBytesPerSecond), m_timer(Timer::MILLISECONDS) + , m_nextTransceiveTime(0) + { m_timer.StartTimer(); } + + lword GetMaxBytesPerSecond() const + { return m_maxBytesPerSecond; } + + void SetMaxBytesPerSecond(lword v) + { m_maxBytesPerSecond = v; } + + lword ComputeCurrentTransceiveLimit(); + + double TimeToNextTransceive(); + + void NoteTransceive(lword size); + +public: + /*! GetWaitObjects() must be called despite the 0 return from GetMaxWaitObjectCount(); + the 0 is because the ScheduleEvent() method is used instead of adding a wait object */ + unsigned int GetMaxWaitObjectCount() const { return 0; } + void GetWaitObjects(WaitObjectContainer &container, const CallStack &callStack); + +private: + lword m_maxBytesPerSecond; + + typedef std::deque > OpQueue; + OpQueue m_ops; + + Timer m_timer; + double m_nextTransceiveTime; + + void ComputeNextTransceiveTime(); + double GetCurTimeAndCleanUp(); +}; + +//! a Source class that can pump from a device for a specified amount of time. +class CRYPTOPP_NO_VTABLE NonblockingSource : public AutoSignaling, public LimitedBandwidth +{ +public: + NonblockingSource(BufferedTransformation *attachment) + : m_messageEndSent(false) , m_doPumpBlocked(false), m_blockedBySpeedLimit(false) {Detach(attachment);} + + //! \name NONBLOCKING SOURCE + //@{ + + //! pump up to maxSize bytes using at most maxTime milliseconds + /*! If checkDelimiter is true, pump up to delimiter, which itself is not extracted or pumped. */ + size_t GeneralPump2(lword &byteCount, bool blockingOutput=true, unsigned long maxTime=INFINITE_TIME, bool checkDelimiter=false, byte delimiter='\n'); + + lword GeneralPump(lword maxSize=LWORD_MAX, unsigned long maxTime=INFINITE_TIME, bool checkDelimiter=false, byte delimiter='\n') + { + GeneralPump2(maxSize, true, maxTime, checkDelimiter, delimiter); + return maxSize; + } + lword TimedPump(unsigned long maxTime) + {return GeneralPump(LWORD_MAX, maxTime);} + lword PumpLine(byte delimiter='\n', lword maxSize=1024) + {return GeneralPump(maxSize, INFINITE_TIME, true, delimiter);} + + size_t Pump2(lword &byteCount, bool blocking=true) + {return GeneralPump2(byteCount, blocking, blocking ? INFINITE_TIME : 0);} + size_t PumpMessages2(unsigned int &messageCount, bool blocking=true); + //@} + +protected: + virtual size_t DoPump(lword &byteCount, bool blockingOutput, + unsigned long maxTime, bool checkDelimiter, byte delimiter) =0; + + bool BlockedBySpeedLimit() const { return m_blockedBySpeedLimit; } + +private: + bool m_messageEndSent, m_doPumpBlocked, m_blockedBySpeedLimit; +}; + +//! Network Receiver +class CRYPTOPP_NO_VTABLE NetworkReceiver : public Waitable +{ +public: + virtual bool MustWaitToReceive() {return false;} + virtual bool MustWaitForResult() {return false;} + //! receive data from network source, returns whether result is immediately available + virtual bool Receive(byte* buf, size_t bufLen) =0; + virtual unsigned int GetReceiveResult() =0; + virtual bool EofReceived() const =0; +}; + +class CRYPTOPP_NO_VTABLE NonblockingSinkInfo +{ +public: + virtual ~NonblockingSinkInfo() {} + virtual size_t GetMaxBufferSize() const =0; + virtual size_t GetCurrentBufferSize() const =0; + virtual bool EofPending() const =0; + //! compute the current speed of this sink in bytes per second + virtual float ComputeCurrentSpeed() =0; + //! get the maximum observed speed of this sink in bytes per second + virtual float GetMaxObservedSpeed() const =0; +}; + +//! a Sink class that queues input and can flush to a device for a specified amount of time. +class CRYPTOPP_NO_VTABLE NonblockingSink : public Sink, public NonblockingSinkInfo, public LimitedBandwidth +{ +public: + NonblockingSink() : m_blockedBySpeedLimit(false) {} + + bool IsolatedFlush(bool hardFlush, bool blocking); + + //! flush to device for no more than maxTime milliseconds + /*! This function will repeatedly attempt to flush data to some device, until + the queue is empty, or a total of maxTime milliseconds have elapsed. + If maxTime == 0, at least one attempt will be made to flush some data, but + it is likely that not all queued data will be flushed, even if the device + is ready to receive more data without waiting. If you want to flush as much data + as possible without waiting for the device, call this function in a loop. + For example: while (sink.TimedFlush(0) > 0) {} + \return number of bytes flushed + */ + lword TimedFlush(unsigned long maxTime, size_t targetSize = 0); + + virtual void SetMaxBufferSize(size_t maxBufferSize) =0; + //! set a bound which will cause sink to flush if exceeded by GetCurrentBufferSize() + virtual void SetAutoFlushBound(size_t bound) =0; + +protected: + virtual lword DoFlush(unsigned long maxTime, size_t targetSize) = 0; + + bool BlockedBySpeedLimit() const { return m_blockedBySpeedLimit; } + +private: + bool m_blockedBySpeedLimit; +}; + +//! Network Sender +class CRYPTOPP_NO_VTABLE NetworkSender : public Waitable +{ +public: + virtual bool MustWaitToSend() {return false;} + virtual bool MustWaitForResult() {return false;} + virtual void Send(const byte* buf, size_t bufLen) =0; + virtual unsigned int GetSendResult() =0; + virtual bool MustWaitForEof() {return false;} + virtual void SendEof() =0; + virtual bool EofSent() {return false;} // implement if MustWaitForEof() == true +}; + +//! Network Source +class CRYPTOPP_NO_VTABLE NetworkSource : public NonblockingSource +{ +public: + NetworkSource(BufferedTransformation *attachment); + + unsigned int GetMaxWaitObjectCount() const; + void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); + + bool SourceExhausted() const {return m_dataBegin == m_dataEnd && GetReceiver().EofReceived();} + +protected: + size_t DoPump(lword &byteCount, bool blockingOutput, unsigned long maxTime, bool checkDelimiter, byte delimiter); + + virtual NetworkReceiver & AccessReceiver() =0; + const NetworkReceiver & GetReceiver() const {return const_cast(this)->AccessReceiver();} + +private: + SecByteBlock m_buf; + size_t m_putSize, m_dataBegin, m_dataEnd; + bool m_waitingForResult, m_outputBlocked; +}; + +//! Network Sink +class CRYPTOPP_NO_VTABLE NetworkSink : public NonblockingSink +{ +public: + NetworkSink(unsigned int maxBufferSize, unsigned int autoFlushBound); + + unsigned int GetMaxWaitObjectCount() const; + void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); + + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); + + void SetMaxBufferSize(size_t maxBufferSize) {m_maxBufferSize = maxBufferSize; m_buffer.SetNodeSize(UnsignedMin(maxBufferSize, 16U*1024U+256U));} + void SetAutoFlushBound(size_t bound) {m_autoFlushBound = bound;} + + size_t GetMaxBufferSize() const {return m_maxBufferSize;} + size_t GetCurrentBufferSize() const {return (size_t)m_buffer.CurrentSize();} + + void ClearBuffer() { m_buffer.Clear(); } + + bool EofPending() const { return m_eofState > EOF_NONE && m_eofState < EOF_DONE; } + + //! compute the current speed of this sink in bytes per second + float ComputeCurrentSpeed(); + //! get the maximum observed speed of this sink in bytes per second + float GetMaxObservedSpeed() const; + +protected: + lword DoFlush(unsigned long maxTime, size_t targetSize); + + virtual NetworkSender & AccessSender() =0; + const NetworkSender & GetSender() const {return const_cast(this)->AccessSender();} + +private: + enum EofState { EOF_NONE, EOF_PENDING_SEND, EOF_PENDING_DELIVERY, EOF_DONE }; + + size_t m_maxBufferSize, m_autoFlushBound; + bool m_needSendResult, m_wasBlocked; + EofState m_eofState; + ByteQueue m_buffer; + size_t m_skipBytes; + Timer m_speedTimer; + float m_byteCountSinceLastTimerReset, m_currentSpeed, m_maxObservedSpeed; +}; + +NAMESPACE_END + +#endif // SOCKETS_AVAILABLE + +#endif // CRYPTOPP_NETWORK_H diff --git a/libs/win_crypto++/include/nr.h b/libs/win_crypto++/include/nr.h new file mode 100644 index 0000000..c398e35 --- /dev/null +++ b/libs/win_crypto++/include/nr.h @@ -0,0 +1,6 @@ +#ifndef CRYPTOPP_NR_H +#define CRYPTOPP_NR_H + +#include "gfpcrypt.h" + +#endif diff --git a/libs/win_crypto++/include/oaep.h b/libs/win_crypto++/include/oaep.h new file mode 100644 index 0000000..a1c2d74 --- /dev/null +++ b/libs/win_crypto++/include/oaep.h @@ -0,0 +1,43 @@ +#ifndef CRYPTOPP_OAEP_H +#define CRYPTOPP_OAEP_H + +#include "cryptlib.h" +#include "pubkey.h" +#include "sha.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! _ +class CRYPTOPP_DLL OAEP_Base : public PK_EncryptionMessageEncodingMethod +{ +public: + bool ParameterSupported(const char *name) const {return strcmp(name, Name::EncodingParameters()) == 0;} + size_t MaxUnpaddedLength(size_t paddedLength) const; + void Pad(RandomNumberGenerator &rng, const byte *raw, size_t inputLength, byte *padded, size_t paddedLength, const NameValuePairs ¶meters) const; + DecodingResult Unpad(const byte *padded, size_t paddedLength, byte *raw, const NameValuePairs ¶meters) const; + +protected: + virtual unsigned int DigestSize() const =0; + virtual HashTransformation * NewHash() const =0; + virtual MaskGeneratingFunction * NewMGF() const =0; +}; + +//! EME-OAEP, for use with classes derived from TF_ES +template +class OAEP : public OAEP_Base, public EncryptionStandard +{ +public: + static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string("OAEP-") + MGF::StaticAlgorithmName() + "(" + H::StaticAlgorithmName() + ")";} + typedef OAEP EncryptionMessageEncodingMethod; + +protected: + unsigned int DigestSize() const {return H::DIGESTSIZE;} + HashTransformation * NewHash() const {return new H;} + MaskGeneratingFunction * NewMGF() const {return new MGF;} +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS OAEP; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/oids.h b/libs/win_crypto++/include/oids.h new file mode 100644 index 0000000..784cf22 --- /dev/null +++ b/libs/win_crypto++/include/oids.h @@ -0,0 +1,135 @@ +// oids.h - written and placed in the public domain by Wei Dai + +//! \file oids.h +//! \brief ASN.1 object identifiers for algorthms and schemes + +#ifndef CRYPTOPP_OIDS_H +#define CRYPTOPP_OIDS_H + +#include "asn.h" + +NAMESPACE_BEGIN(CryptoPP) + +NAMESPACE_BEGIN(ASN1) + +#define DEFINE_OID(value, name) inline OID name() {return value;} + +DEFINE_OID(1, iso) + DEFINE_OID(iso()+2, member_body) + DEFINE_OID(member_body()+840, iso_us) + DEFINE_OID(iso_us()+10040, ansi_x9_57) + DEFINE_OID(ansi_x9_57()+4+1, id_dsa) + DEFINE_OID(iso_us()+10045, ansi_x9_62) + DEFINE_OID(ansi_x9_62()+1, id_fieldType) + DEFINE_OID(id_fieldType()+1, prime_field) + DEFINE_OID(id_fieldType()+2, characteristic_two_field) + DEFINE_OID(characteristic_two_field()+3, id_characteristic_two_basis) + DEFINE_OID(id_characteristic_two_basis()+1, gnBasis) + DEFINE_OID(id_characteristic_two_basis()+2, tpBasis) + DEFINE_OID(id_characteristic_two_basis()+3, ppBasis) + DEFINE_OID(ansi_x9_62()+2, id_publicKeyType) + DEFINE_OID(id_publicKeyType()+1, id_ecPublicKey) + DEFINE_OID(ansi_x9_62()+3, ansi_x9_62_curves) + DEFINE_OID(ansi_x9_62_curves()+1, ansi_x9_62_curves_prime) + DEFINE_OID(ansi_x9_62_curves_prime()+1, secp192r1) + DEFINE_OID(ansi_x9_62_curves_prime()+7, secp256r1) + DEFINE_OID(iso_us()+113549, rsadsi) + DEFINE_OID(rsadsi()+1, pkcs) + DEFINE_OID(pkcs()+1, pkcs_1) + DEFINE_OID(pkcs_1()+1, rsaEncryption); + DEFINE_OID(rsadsi()+2, rsadsi_digestAlgorithm) + DEFINE_OID(rsadsi_digestAlgorithm()+2, id_md2) + DEFINE_OID(rsadsi_digestAlgorithm()+5, id_md5) + DEFINE_OID(iso()+3, identified_organization) + // Arc from http://tools.ietf.org/html/draft-josefsson-pkix-newcurves + DEFINE_OID(identified_organization()+6, dod) + DEFINE_OID(dod()+1, internet) + DEFINE_OID(internet()+4, internet_private) + DEFINE_OID(internet_private()+1, enterprise) + DEFINE_OID(enterprise()+11591,GNU) + DEFINE_OID(GNU()+15,ellipticCurve) + DEFINE_OID(ellipticCurve()+1,id_curve25519) + DEFINE_OID(ellipticCurve()+2,id_curve448) + DEFINE_OID(ellipticCurve()+3,id_curve25519ph) + DEFINE_OID(ellipticCurve()+4,id_curve448ph) + DEFINE_OID(identified_organization()+14, oiw); + DEFINE_OID(oiw()+3, oiw_secsig); + DEFINE_OID(oiw_secsig()+2, oiw_secsig_algorithms); + DEFINE_OID(oiw_secsig_algorithms()+26, id_sha1); + DEFINE_OID(identified_organization()+36, teletrust); + DEFINE_OID(teletrust()+3, teletrust_algorithm) + DEFINE_OID(teletrust_algorithm()+2+1, id_ripemd160) + DEFINE_OID(teletrust_algorithm()+3+2+8+1, teletrust_ellipticCurve) + DEFINE_OID(teletrust_ellipticCurve()+1+1, brainpoolP160r1) + DEFINE_OID(teletrust_ellipticCurve()+1+3, brainpoolP192r1) + DEFINE_OID(teletrust_ellipticCurve()+1+5, brainpoolP224r1) + DEFINE_OID(teletrust_ellipticCurve()+1+7, brainpoolP256r1) + DEFINE_OID(teletrust_ellipticCurve()+1+9, brainpoolP320r1) + DEFINE_OID(teletrust_ellipticCurve()+1+11, brainpoolP384r1) + DEFINE_OID(teletrust_ellipticCurve()+1+13, brainpoolP512r1) + DEFINE_OID(identified_organization()+132, certicom); + DEFINE_OID(certicom()+0, certicom_ellipticCurve); + // these are sorted by curve type and then by OID + // first curves based on GF(p) + DEFINE_OID(certicom_ellipticCurve()+6, secp112r1); + DEFINE_OID(certicom_ellipticCurve()+7, secp112r2); + DEFINE_OID(certicom_ellipticCurve()+8, secp160r1); + DEFINE_OID(certicom_ellipticCurve()+9, secp160k1); + DEFINE_OID(certicom_ellipticCurve()+10, secp256k1); + DEFINE_OID(certicom_ellipticCurve()+28, secp128r1); + DEFINE_OID(certicom_ellipticCurve()+29, secp128r2); + DEFINE_OID(certicom_ellipticCurve()+30, secp160r2); + DEFINE_OID(certicom_ellipticCurve()+31, secp192k1); + DEFINE_OID(certicom_ellipticCurve()+32, secp224k1); + DEFINE_OID(certicom_ellipticCurve()+33, secp224r1); + DEFINE_OID(certicom_ellipticCurve()+34, secp384r1); + DEFINE_OID(certicom_ellipticCurve()+35, secp521r1); + // then curves based on GF(2^n) + DEFINE_OID(certicom_ellipticCurve()+1, sect163k1); + DEFINE_OID(certicom_ellipticCurve()+2, sect163r1); + DEFINE_OID(certicom_ellipticCurve()+3, sect239k1); + DEFINE_OID(certicom_ellipticCurve()+4, sect113r1); + DEFINE_OID(certicom_ellipticCurve()+5, sect113r2); + DEFINE_OID(certicom_ellipticCurve()+15, sect163r2); + DEFINE_OID(certicom_ellipticCurve()+16, sect283k1); + DEFINE_OID(certicom_ellipticCurve()+17, sect283r1); + DEFINE_OID(certicom_ellipticCurve()+22, sect131r1); + DEFINE_OID(certicom_ellipticCurve()+23, sect131r2); + DEFINE_OID(certicom_ellipticCurve()+24, sect193r1); + DEFINE_OID(certicom_ellipticCurve()+25, sect193r2); + DEFINE_OID(certicom_ellipticCurve()+26, sect233k1); + DEFINE_OID(certicom_ellipticCurve()+27, sect233r1); + DEFINE_OID(certicom_ellipticCurve()+36, sect409k1); + DEFINE_OID(certicom_ellipticCurve()+37, sect409r1); + DEFINE_OID(certicom_ellipticCurve()+38, sect571k1); + DEFINE_OID(certicom_ellipticCurve()+39, sect571r1); +DEFINE_OID(2, joint_iso_ccitt) + DEFINE_OID(joint_iso_ccitt()+16, country) + DEFINE_OID(country()+840, joint_iso_ccitt_us) + DEFINE_OID(joint_iso_ccitt_us()+1, us_organization) + DEFINE_OID(us_organization()+101, us_gov) + DEFINE_OID(us_gov()+3, csor) + DEFINE_OID(csor()+4, nistalgorithms) + DEFINE_OID(nistalgorithms()+1, aes) + DEFINE_OID(aes()+1, id_aes128_ECB) + DEFINE_OID(aes()+2, id_aes128_cbc) + DEFINE_OID(aes()+3, id_aes128_ofb) + DEFINE_OID(aes()+4, id_aes128_cfb) + DEFINE_OID(aes()+21, id_aes192_ECB) + DEFINE_OID(aes()+22, id_aes192_cbc) + DEFINE_OID(aes()+23, id_aes192_ofb) + DEFINE_OID(aes()+24, id_aes192_cfb) + DEFINE_OID(aes()+41, id_aes256_ECB) + DEFINE_OID(aes()+42, id_aes256_cbc) + DEFINE_OID(aes()+43, id_aes256_ofb) + DEFINE_OID(aes()+44, id_aes256_cfb) + DEFINE_OID(nistalgorithms()+2, nist_hashalgs) + DEFINE_OID(nist_hashalgs()+1, id_sha256) + DEFINE_OID(nist_hashalgs()+2, id_sha384) + DEFINE_OID(nist_hashalgs()+3, id_sha512) + +NAMESPACE_END + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/osrng.h b/libs/win_crypto++/include/osrng.h new file mode 100644 index 0000000..ba7873c --- /dev/null +++ b/libs/win_crypto++/include/osrng.h @@ -0,0 +1,267 @@ +// osrng.h - written and placed in the public domain by Wei Dai + +//! \file osrng.h +//! \brief Classes for access to the operating system's random number generators + +#ifndef CRYPTOPP_OSRNG_H +#define CRYPTOPP_OSRNG_H + +#include "config.h" + +#if !defined(OS_NO_DEPENDENCE) && defined(OS_RNG_AVAILABLE) + +#include "cryptlib.h" +#include "randpool.h" +#include "smartptr.h" +#include "fips140.h" +#include "rng.h" +#include "aes.h" +#include "sha.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class OS_RNG_Err +//! \brief Exception thrown when an operating system error is encountered +class CRYPTOPP_DLL OS_RNG_Err : public Exception +{ +public: + //! \brief Constructs an OS_RNG_Err + //! \param operation the operation or API call when the error occurs + OS_RNG_Err(const std::string &operation); +}; + +#ifdef NONBLOCKING_RNG_AVAILABLE + +#ifdef CRYPTOPP_WIN32_AVAILABLE +//! \class MicrosoftCryptoProvider +//! \brief Wrapper for Microsoft crypto service provider +//! \sa \def USE_MS_CRYPTOAPI, \def USE_MS_CNGAPI, \def WORKAROUND_MS_BUG_Q258000 +class CRYPTOPP_DLL MicrosoftCryptoProvider +{ +public: + //! \brief Construct a MicrosoftCryptoProvider + MicrosoftCryptoProvider(); + ~MicrosoftCryptoProvider(); + +// type HCRYPTPROV and BCRYPT_ALG_HANDLE, avoid #include +#if defined(USE_MS_CRYPTOAPI) +# if defined(__CYGWIN__) && defined(__x86_64__) + typedef unsigned long long ProviderHandle; +# elif defined(WIN64) || defined(_WIN64) + typedef unsigned __int64 ProviderHandle; +# else + typedef unsigned long ProviderHandle; +# endif +#elif defined(USE_MS_CNGAPI) + typedef void *PVOID; + typedef PVOID ProviderHandle; +#endif // USE_MS_CRYPTOAPI or USE_MS_CNGAPI + + //! \brief Retrieves the provider handle + //! \returns CryptoAPI provider handle + //! \details If USE_MS_CRYPTOAPI is in effect, then CryptAcquireContext() + //! acquires then handle and CryptReleaseContext() releases the handle + //! upon destruction. If USE_MS_CNGAPI is in effect, then + //! BCryptOpenAlgorithmProvider() acquires then handle and + //! BCryptCloseAlgorithmProvider() releases the handle upon destruction. + ProviderHandle GetProviderHandle() const {return m_hProvider;} + +private: + ProviderHandle m_hProvider; +}; + +#if defined(_MSC_VER) && defined(USE_MS_CRYPTOAPI) +# pragma comment(lib, "advapi32.lib") +#endif + +#if defined(_MSC_VER) && defined(USE_MS_CNGAPI) +# pragma comment(lib, "bcrypt.lib") +#endif + +#endif //CRYPTOPP_WIN32_AVAILABLE + +//! \class NonblockingRng +//! \brief Wrapper class for /dev/random and /dev/srandom +//! \details Encapsulates CryptoAPI's CryptGenRandom() or CryptoNG's BCryptGenRandom() +//! on Windows, or /dev/urandom on Unix and compatibles. +class CRYPTOPP_DLL NonblockingRng : public RandomNumberGenerator +{ +public: + //! \brief Construct a NonblockingRng + NonblockingRng(); + ~NonblockingRng(); + + //! \brief Generate random array of bytes + //! \param output the byte buffer + //! \param size the length of the buffer, in bytes + //! \details GenerateIntoBufferedTransformation() calls are routed to GenerateBlock(). + void GenerateBlock(byte *output, size_t size); + +protected: +#ifdef CRYPTOPP_WIN32_AVAILABLE + MicrosoftCryptoProvider m_Provider; +#else + int m_fd; +#endif +}; + +#endif + +#if defined(BLOCKING_RNG_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING) + +//! \class BlockingRng +//! \brief Wrapper class for /dev/random and /dev/srandom +//! \details Encapsulates /dev/random on Linux, OS X and Unix; and /dev/srandom on the BSDs. +class CRYPTOPP_DLL BlockingRng : public RandomNumberGenerator +{ +public: + //! \brief Construct a BlockingRng + BlockingRng(); + ~BlockingRng(); + + //! \brief Generate random array of bytes + //! \param output the byte buffer + //! \param size the length of the buffer, in bytes + //! \details GenerateIntoBufferedTransformation() calls are routed to GenerateBlock(). + void GenerateBlock(byte *output, size_t size); + +protected: + int m_fd; +}; + +#endif + +//! OS_GenerateRandomBlock +//! \brief Generate random array of bytes +//! \param blocking specifies whther a bobcking or non-blocking generator should be used +//! \param output the byte buffer +//! \param size the length of the buffer, in bytes +//! \details OS_GenerateRandomBlock() uses the underlying operating system's +//! random number generator. On Windows, CryptGenRandom() is called using NonblockingRng. +//! \details On Unix and compatibles, /dev/urandom is called if blocking is false using +//! NonblockingRng. If blocking is true, then either /dev/randomd or /dev/srandom is used +//! by way of BlockingRng, if available. +CRYPTOPP_DLL void CRYPTOPP_API OS_GenerateRandomBlock(bool blocking, byte *output, size_t size); + + +//! \class AutoSeededRandomPool +//! \brief Automatically Seeded Randomness Pool +//! \details This class seeds itself using an operating system provided RNG. +//! AutoSeededRandomPool was suggested by Leonard Janke. +class CRYPTOPP_DLL AutoSeededRandomPool : public RandomPool +{ +public: + //! \brief Construct an AutoSeededRandomPool + //! \param blocking controls seeding with BlockingRng or NonblockingRng + //! \param seedSize the size of the seed, in bytes + //! \details Use blocking to choose seeding with BlockingRng or NonblockingRng. + //! The parameter is ignored if only one of these is available. + explicit AutoSeededRandomPool(bool blocking = false, unsigned int seedSize = 32) + {Reseed(blocking, seedSize);} + + //! \brief Reseed an AutoSeededRandomPool + //! \param blocking controls seeding with BlockingRng or NonblockingRng + //! \param seedSize the size of the seed, in bytes + void Reseed(bool blocking = false, unsigned int seedSize = 32); +}; + +//! \class AutoSeededX917RNG +//! \tparam BLOCK_CIPHER a block cipher +//! \brief Automatically Seeded X9.17 RNG +//! \details AutoSeededX917RNG is from ANSI X9.17 Appendix C, seeded using an OS provided RNG. +//! If 3-key TripleDES (DES_EDE3) is used, then its a X9.17 conforming generator. If AES is +//! used, then its a X9.31 conforming generator. +//! \details Though ANSI X9 prescribes 3-key TripleDES, the template parameter BLOCK_CIPHER can be any +//! BlockTransformation derived class. +//! \sa X917RNG, DefaultAutoSeededRNG +template +class AutoSeededX917RNG : public RandomNumberGenerator, public NotCopyable +{ +public: + //! \brief Construct an AutoSeededX917RNG + //! \param blocking controls seeding with BlockingRng or NonblockingRng + //! \param autoSeed controls auto seeding of the generator + //! \details Use blocking to choose seeding with BlockingRng or NonblockingRng. + //! The parameter is ignored if only one of these is available. + //! \sa X917RNG + explicit AutoSeededX917RNG(bool blocking = false, bool autoSeed = true) + {if (autoSeed) Reseed(blocking);} + + //! \brief Reseed an AutoSeededX917RNG + //! \param blocking controls seeding with BlockingRng or NonblockingRng + //! \param additionalEntropy additional entropy to add to the generator + //! \param length the size of the additional entropy, in bytes + //! \details Internally, the generator uses SHA256 to extract the entropy from + //! from the seed and then stretch the material for the block cipher's key + //! and initialization vector. + void Reseed(bool blocking = false, const byte *additionalEntropy = NULL, size_t length = 0); + + //! \brief Deterministically reseed an AutoSeededX917RNG for testing + //! \param key the key to use for the deterministic reseeding + //! \param keylength the size of the key, in bytes + //! \param seed the seed to use for the deterministic reseeding + //! \param timeVector a time vector to use for deterministic reseeding + //! \details This is a testing interface for testing purposes, and should \a NOT + //! be used in production. + void Reseed(const byte *key, size_t keylength, const byte *seed, const byte *timeVector); + + bool CanIncorporateEntropy() const {return true;} + void IncorporateEntropy(const byte *input, size_t length) {Reseed(false, input, length);} + void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword length) + {m_rng->GenerateIntoBufferedTransformation(target, channel, length);} + +private: + member_ptr m_rng; +}; + +template +void AutoSeededX917RNG::Reseed(const byte *key, size_t keylength, const byte *seed, const byte *timeVector) +{ + m_rng.reset(new X917RNG(new typename BLOCK_CIPHER::Encryption(key, keylength), seed, timeVector)); +} + +template +void AutoSeededX917RNG::Reseed(bool blocking, const byte *input, size_t length) +{ + SecByteBlock seed(BLOCK_CIPHER::BLOCKSIZE + BLOCK_CIPHER::DEFAULT_KEYLENGTH); + const byte *key; + do + { + OS_GenerateRandomBlock(blocking, seed, seed.size()); + if (length > 0) + { + SHA256 hash; + hash.Update(seed, seed.size()); + hash.Update(input, length); + hash.TruncatedFinal(seed, UnsignedMin(hash.DigestSize(), seed.size())); + } + key = seed + BLOCK_CIPHER::BLOCKSIZE; + } // check that seed and key don't have same value + while (memcmp(key, seed, STDMIN((unsigned int)BLOCK_CIPHER::BLOCKSIZE, (unsigned int)BLOCK_CIPHER::DEFAULT_KEYLENGTH)) == 0); + + Reseed(key, BLOCK_CIPHER::DEFAULT_KEYLENGTH, seed, NULL); +} + +CRYPTOPP_DLL_TEMPLATE_CLASS AutoSeededX917RNG; + +#if defined(CRYPTOPP_DOXYGEN_PROCESSING) +//! \class DefaultAutoSeededRNG +//! \brief A typedef providing a default generator +//! \details DefaultAutoSeededRNG is a typedef of either AutoSeededX917RNG or AutoSeededRandomPool. +//! If CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 is defined, then DefaultAutoSeededRNG is +//! AutoSeededX917RNG. Otherwise, DefaultAutoSeededRNG is AutoSeededRandomPool. +class DefaultAutoSeededRNG {} +#else +// AutoSeededX917RNG in FIPS mode, otherwise it's AutoSeededRandomPool +#if CRYPTOPP_ENABLE_COMPLIANCE_WITH_FIPS_140_2 +typedef AutoSeededX917RNG DefaultAutoSeededRNG; +#else +typedef AutoSeededRandomPool DefaultAutoSeededRNG; +#endif +#endif // CRYPTOPP_DOXYGEN_PROCESSING + +NAMESPACE_END + +#endif + +#endif diff --git a/libs/win_crypto++/include/ossig.h b/libs/win_crypto++/include/ossig.h new file mode 100644 index 0000000..6725cb9 --- /dev/null +++ b/libs/win_crypto++/include/ossig.h @@ -0,0 +1,124 @@ +// ossig.h - written and placed in the public domain by Jeffrey Walton +// +//! \file ossig.h +//! \brief Utility class for trapping OS signals. +//! \since Crypto++ 5.6.5 + +#ifndef CRYPTOPP_OS_SIGNAL_H +#define CRYPTOPP_OS_SIGNAL_H + +#include "config.h" + +#if defined(UNIX_SIGNALS_AVAILABLE) +# include +#endif + +NAMESPACE_BEGIN(CryptoPP) + +// ************** Unix and Linux compatibles *************** + +#if defined(UNIX_SIGNALS_AVAILABLE) || defined(CRYPTOPP_DOXYGEN_PROCESSING) + +//! \brief Signal handler function pointer +//! \details SignalHandlerFn is provided as a stand alone function pointer with external "C" linkage +//! \sa SignalHandler, NullSignalHandler +extern "C" { + typedef void (*SignalHandlerFn) (int); +}; + +//! \brief Null signal handler function +//! \param unused the signal number +//! \details NullSignalHandler is provided as a stand alone function with external "C" linkage +//! and not a static member function due to the the member function's implicit +//! external "C++" linkage. +//! \sa SignalHandler, SignalHandlerFn +extern "C" { + inline void NullSignalHandler(int unused) {CRYPTOPP_UNUSED(unused);} +}; + +//! Signal handler for Linux and Unix compatibles +//! \tparam S Signal number +//! \tparam O Flag indicating exsting handler should be overwriiten +//! \details SignalHandler() can be used to install a signal handler with the signature +//! void handler_fn(int). If SignalHandlerFn is not NULL, then +//! the sigaction is set to the function and the sigaction flags is set to the flags. +//! If SignalHandlerFn is NULL, then a default handler is installed +//! using sigaction flags set to 0. The default handler only returns from the call. +//! \details Upon destruction the previous signal handler is restored if the former signal handler +//! was replaced. +//! \warning Do not use SignalHandler in a code block that uses setjmp or longjmp +//! because the destructor may not run. +//! \since Crypto++ 5.6.5 +//! \sa NullSignalHandler, SignalHandlerFn, \ref CRYPTOPP_ASSERT "CRYPTOPP_ASSERT", DebugTrapHandler +template +struct SignalHandler +{ + //! \brief Construct a signal handler + //! \param pfn Pointer to a signal handler function + //! \param flags Flags to use with the signal handler + //! \details SignalHandler() installs a signal handler with the signature + //! void handler_fn(int). If SignalHandlerFn is not NULL, then + //! the sigaction is set to the function and the sigaction flags is set to the flags. + //! If SignalHandlerFn is NULL, then a default handler is installed + //! using sigaction flags set to 0. The default handler only returns from the call. + //! \details Upon destruction the previous signal handler is restored if the former signal handler + //! was overwritten. + //! \warning Do not use SignalHandler in a code block that uses setjmp or longjmp + //! because the destructor may not run. setjmp is why cpu.cpp does not use SignalHandler + //! during CPU feature testing. + //! \since Crypto++ 5.6.5 + SignalHandler(SignalHandlerFn pfn = NULL, int flags = 0) : m_installed(false) + { + // http://pubs.opengroup.org/onlinepubs/007908799/xsh/sigaction.html + struct sigaction new_handler; + + do + { + int ret = 0; + + ret = sigaction (S, 0, &m_old); + if (ret != 0) break; // Failed + + // Don't step on another's handler if Overwrite=false + if (m_old.sa_handler != 0 && !O) break; + +#if defined __CYGWIN__ + // http://github.com/weidai11/cryptopp/issues/315 + memset(&new_handler, 0x00, sizeof(new_handler)); +#else + ret = sigemptyset (&new_handler.sa_mask); + if (ret != 0) break; // Failed +#endif + + new_handler.sa_handler = (pfn ? pfn : &NullSignalHandler); + new_handler.sa_flags = (pfn ? flags : 0); + + // Install it + ret = sigaction (S, &new_handler, 0); + if (ret != 0) break; // Failed + + m_installed = true; + + } while(0); + } + + ~SignalHandler() + { + if (m_installed) + sigaction (S, &m_old, 0); + } + +private: + struct sigaction m_old; + bool m_installed; + +private: + // Not copyable + SignalHandler(const SignalHandler &); + void operator=(const SignalHandler &); +}; +#endif + +NAMESPACE_END + +#endif // CRYPTOPP_OS_SIGNAL_H diff --git a/libs/win_crypto++/include/panama.h b/libs/win_crypto++/include/panama.h new file mode 100644 index 0000000..124a433 --- /dev/null +++ b/libs/win_crypto++/include/panama.h @@ -0,0 +1,163 @@ +// panama.h - written and placed in the public domain by Wei Dai + +//! \file panama.h +//! \brief Classes for Panama hash and stream cipher + +#ifndef CRYPTOPP_PANAMA_H +#define CRYPTOPP_PANAMA_H + +#include "strciphr.h" +#include "iterhash.h" +#include "secblock.h" + +// Clang 3.3 integrated assembler crash on Linux. Clang 3.4 due to compiler error with .intel_syntax +#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_INTEL_ASM) +# define CRYPTOPP_DISABLE_PANAMA_ASM +#endif + +NAMESPACE_BEGIN(CryptoPP) + +// Base class, do not use directly +template +class CRYPTOPP_NO_VTABLE Panama +{ +public: + void Reset(); + void Iterate(size_t count, const word32 *p=NULL, byte *output=NULL, const byte *input=NULL, KeystreamOperation operation=WRITE_KEYSTREAM); + +protected: + typedef word32 Stage[8]; + CRYPTOPP_CONSTANT(STAGES = 32) + + FixedSizeAlignedSecBlock m_state; +}; + +namespace Weak { +//! \class PanamaHash +//! \brief Panama hash +//! \sa Panama Hash +template +class PanamaHash : protected Panama, public AlgorithmImpl, PanamaHash > +{ +public: + CRYPTOPP_CONSTANT(DIGESTSIZE = 32) + PanamaHash() {Panama::Reset();} + unsigned int DigestSize() const {return DIGESTSIZE;} + void TruncatedFinal(byte *hash, size_t size); + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return B::ToEnum() == BIG_ENDIAN_ORDER ? "Panama-BE" : "Panama-LE";} + +protected: + void Init() {Panama::Reset();} + void HashEndianCorrectedBlock(const word32 *data) {this->Iterate(1, data);} // push + size_t HashMultipleBlocks(const word32 *input, size_t length); + word32* StateBuf() {return NULL;} +}; +} + +//! \class HermeticHashFunctionMAC +//! \brief MAC construction using a hermetic hash function +template +class HermeticHashFunctionMAC : public AlgorithmImpl > >, T_Info> +{ +public: + void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) + { + CRYPTOPP_UNUSED(params); + + m_key.Assign(key, length); + Restart(); + } + + void Restart() + { + m_hash.Restart(); + m_keyed = false; + } + + void Update(const byte *input, size_t length) + { + if (!m_keyed) + KeyHash(); + m_hash.Update(input, length); + } + + void TruncatedFinal(byte *digest, size_t digestSize) + { + if (!m_keyed) + KeyHash(); + m_hash.TruncatedFinal(digest, digestSize); + m_keyed = false; + } + + unsigned int DigestSize() const + {return m_hash.DigestSize();} + unsigned int BlockSize() const + {return m_hash.BlockSize();} + unsigned int OptimalBlockSize() const + {return m_hash.OptimalBlockSize();} + unsigned int OptimalDataAlignment() const + {return m_hash.OptimalDataAlignment();} + +protected: + void KeyHash() + { + m_hash.Update(m_key, m_key.size()); + m_keyed = true; + } + + T_Hash m_hash; + bool m_keyed; + SecByteBlock m_key; +}; + +namespace Weak { +//! \class PanamaMAC +//! \brief Panama message authentication code +template +class PanamaMAC : public HermeticHashFunctionMAC > +{ +public: + PanamaMAC() {} + PanamaMAC(const byte *key, unsigned int length) + {this->SetKey(key, length);} +}; +} + +//! \class PanamaCipherInfo +//! \brief Panama stream cipher information +template +struct PanamaCipherInfo : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 32> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return B::ToEnum() == BIG_ENDIAN_ORDER ? "Panama-BE" : "Panama-LE";} +}; + +//! \class PanamaCipherPolicy +//! \brief Panama stream cipher operation +template +class PanamaCipherPolicy : public AdditiveCipherConcretePolicy, + public PanamaCipherInfo, + protected Panama +{ +protected: + void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); + void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); + bool CipherIsRandomAccess() const {return false;} + void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); + unsigned int GetAlignment() const; + + FixedSizeSecBlock m_key; +}; + +//! \class PanamaCipher +//! \brief Panama stream cipher +//! \sa Panama Stream Cipher +template +struct PanamaCipher : public PanamaCipherInfo, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal, AdditiveCipherTemplate<> >, PanamaCipherInfo > Encryption; + typedef Encryption Decryption; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/pch.h b/libs/win_crypto++/include/pch.h new file mode 100644 index 0000000..a228b0d --- /dev/null +++ b/libs/win_crypto++/include/pch.h @@ -0,0 +1,30 @@ +// pch.h - written and placed in the public domain by Wei Dai + +//! \headerfile pch.h +//! \brief Precompiled header file + +#ifndef CRYPTOPP_PCH_H +#define CRYPTOPP_PCH_H + +# ifdef CRYPTOPP_GENERATE_X64_MASM + #include "cpu.h" + +# else + #include "config.h" + + #ifdef USE_PRECOMPILED_HEADERS + #include "simple.h" + #include "secblock.h" + #include "misc.h" + #include "smartptr.h" + #include "stdcpp.h" + #endif +# endif + +// Enable file and line numbers, if available. +// #if defined(_MSC_VER) && defined(_DEBUG) && defined(USE_PRECOMPILED_HEADERS) +// # define DEBUG_NEW new(_NORMAL_BLOCK, __FILE__, __LINE__) +// # define new DEBUG_NEW +// #endif + +#endif // CRYPTOPP_PCH_H diff --git a/libs/win_crypto++/include/pkcspad.h b/libs/win_crypto++/include/pkcspad.h new file mode 100644 index 0000000..0aec21a --- /dev/null +++ b/libs/win_crypto++/include/pkcspad.h @@ -0,0 +1,106 @@ +// pkcspad.h - written and placed in the public domain by Wei Dai + +//! \file pkcspad.h +//! \brief Classes for PKCS padding schemes +//! \details PKCS#1 v1.5, v2.0 and P1363a allow MD2, MD5, SHA1, SHA224, SHA256, SHA384, SHA512, Tiger and RipeMd-160 to be instantiated. + +#ifndef CRYPTOPP_PKCSPAD_H +#define CRYPTOPP_PKCSPAD_H + +#include "cryptlib.h" +#include "pubkey.h" + +#ifdef CRYPTOPP_IS_DLL +#include "sha.h" +#endif + +NAMESPACE_BEGIN(CryptoPP) + +//! \class PKCS_EncryptionPaddingScheme +//! \brief PKCS#1 v1.5 Encryption Padding Scheme +//! \sa EME-PKCS1-v1_5 +class PKCS_EncryptionPaddingScheme : public PK_EncryptionMessageEncodingMethod +{ +public: + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "EME-PKCS1-v1_5";} + + size_t MaxUnpaddedLength(size_t paddedLength) const; + void Pad(RandomNumberGenerator &rng, const byte *raw, size_t inputLength, byte *padded, size_t paddedLength, const NameValuePairs ¶meters) const; + DecodingResult Unpad(const byte *padded, size_t paddedLength, byte *raw, const NameValuePairs ¶meters) const; +}; + +//! \class PKCS_DigestDecoration +//! \brief PKCS#1 decoration data structure +template class PKCS_DigestDecoration +{ +public: + static const byte decoration[]; + static const unsigned int length; +}; + +// PKCS_DigestDecoration can be instantiated with the following +// classes as specified in PKCS#1 v2.0 and P1363a +class SHA1; +class SHA224; +class SHA256; +class SHA384; +class SHA512; +class Tiger; +class RIPEMD160; +namespace Weak1 { +class MD2; +class MD5; +} +// end of list + +#ifdef CRYPTOPP_IS_DLL +CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration; +CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration; +CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration; +CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration; +CRYPTOPP_DLL_TEMPLATE_CLASS PKCS_DigestDecoration; +#endif + +//! \class PKCS1v15_SignatureMessageEncodingMethod +//! \brief PKCS#1 v1.5 Signature Encoding Scheme +//! \sa EMSA-PKCS1-v1_5 +class CRYPTOPP_DLL PKCS1v15_SignatureMessageEncodingMethod : public PK_DeterministicSignatureMessageEncodingMethod +{ +public: + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "EMSA-PKCS1-v1_5";} + + size_t MinRepresentativeBitLength(size_t hashIdentifierSize, size_t digestSize) const + {return 8 * (digestSize + hashIdentifierSize + 10);} + + void ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, size_t recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, size_t representativeBitLength) const; + + struct HashIdentifierLookup + { + template struct HashIdentifierLookup2 + { + static HashIdentifier Lookup() + { + return HashIdentifier(PKCS_DigestDecoration::decoration, PKCS_DigestDecoration::length); + } + }; + }; +}; + +//! PKCS #1 version 1.5, for use with RSAES and RSASS +/*! Only the following hash functions are supported by this signature standard: + \dontinclude pkcspad.h + \skip can be instantiated + \until end of list +*/ +struct PKCS1v15 : public SignatureStandard, public EncryptionStandard +{ + typedef PKCS_EncryptionPaddingScheme EncryptionMessageEncodingMethod; + typedef PKCS1v15_SignatureMessageEncodingMethod SignatureMessageEncodingMethod; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/polynomi.h b/libs/win_crypto++/include/polynomi.h new file mode 100644 index 0000000..00770db --- /dev/null +++ b/libs/win_crypto++/include/polynomi.h @@ -0,0 +1,467 @@ +// polynomi.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile polynomi.h +//! \brief Classes for polynomial basis and operations + + +#ifndef CRYPTOPP_POLYNOMI_H +#define CRYPTOPP_POLYNOMI_H + +/*! \file */ + +#include "cryptlib.h" +#include "secblock.h" +#include "algebra.h" +#include "misc.h" + +#include +#include + +NAMESPACE_BEGIN(CryptoPP) + +//! represents single-variable polynomials over arbitrary rings +/*! \nosubgrouping */ +template class PolynomialOver +{ +public: + //! \name ENUMS, EXCEPTIONS, and TYPEDEFS + //@{ + //! division by zero exception + class DivideByZero : public Exception + { + public: + DivideByZero() : Exception(OTHER_ERROR, "PolynomialOver: division by zero") {} + }; + + //! specify the distribution for randomization functions + class RandomizationParameter + { + public: + RandomizationParameter(unsigned int coefficientCount, const typename T::RandomizationParameter &coefficientParameter ) + : m_coefficientCount(coefficientCount), m_coefficientParameter(coefficientParameter) {} + + private: + unsigned int m_coefficientCount; + typename T::RandomizationParameter m_coefficientParameter; + friend class PolynomialOver; + }; + + typedef T Ring; + typedef typename T::Element CoefficientType; + //@} + + //! \name CREATORS + //@{ + //! creates the zero polynomial + PolynomialOver() {} + + //! + PolynomialOver(const Ring &ring, unsigned int count) + : m_coefficients((size_t)count, ring.Identity()) {} + + //! copy constructor + PolynomialOver(const PolynomialOver &t) + : m_coefficients(t.m_coefficients.size()) {*this = t;} + + //! construct constant polynomial + PolynomialOver(const CoefficientType &element) + : m_coefficients(1, element) {} + + //! construct polynomial with specified coefficients, starting from coefficient of x^0 + template PolynomialOver(Iterator begin, Iterator end) + : m_coefficients(begin, end) {} + + //! convert from string + PolynomialOver(const char *str, const Ring &ring) {FromStr(str, ring);} + + //! convert from big-endian byte array + PolynomialOver(const byte *encodedPolynomialOver, unsigned int byteCount); + + //! convert from Basic Encoding Rules encoded byte array + explicit PolynomialOver(const byte *BEREncodedPolynomialOver); + + //! convert from BER encoded byte array stored in a BufferedTransformation object + explicit PolynomialOver(BufferedTransformation &bt); + + //! create a random PolynomialOver + PolynomialOver(RandomNumberGenerator &rng, const RandomizationParameter ¶meter, const Ring &ring) + {Randomize(rng, parameter, ring);} + //@} + + //! \name ACCESSORS + //@{ + //! the zero polynomial will return a degree of -1 + int Degree(const Ring &ring) const {return int(CoefficientCount(ring))-1;} + //! + unsigned int CoefficientCount(const Ring &ring) const; + //! return coefficient for x^i + CoefficientType GetCoefficient(unsigned int i, const Ring &ring) const; + //@} + + //! \name MANIPULATORS + //@{ + //! + PolynomialOver& operator=(const PolynomialOver& t); + + //! + void Randomize(RandomNumberGenerator &rng, const RandomizationParameter ¶meter, const Ring &ring); + + //! set the coefficient for x^i to value + void SetCoefficient(unsigned int i, const CoefficientType &value, const Ring &ring); + + //! + void Negate(const Ring &ring); + + //! + void swap(PolynomialOver &t); + //@} + + + //! \name BASIC ARITHMETIC ON POLYNOMIALS + //@{ + bool Equals(const PolynomialOver &t, const Ring &ring) const; + bool IsZero(const Ring &ring) const {return CoefficientCount(ring)==0;} + + PolynomialOver Plus(const PolynomialOver& t, const Ring &ring) const; + PolynomialOver Minus(const PolynomialOver& t, const Ring &ring) const; + PolynomialOver Inverse(const Ring &ring) const; + + PolynomialOver Times(const PolynomialOver& t, const Ring &ring) const; + PolynomialOver DividedBy(const PolynomialOver& t, const Ring &ring) const; + PolynomialOver Modulo(const PolynomialOver& t, const Ring &ring) const; + PolynomialOver MultiplicativeInverse(const Ring &ring) const; + bool IsUnit(const Ring &ring) const; + + PolynomialOver& Accumulate(const PolynomialOver& t, const Ring &ring); + PolynomialOver& Reduce(const PolynomialOver& t, const Ring &ring); + + //! + PolynomialOver Doubled(const Ring &ring) const {return Plus(*this, ring);} + //! + PolynomialOver Squared(const Ring &ring) const {return Times(*this, ring);} + + CoefficientType EvaluateAt(const CoefficientType &x, const Ring &ring) const; + + PolynomialOver& ShiftLeft(unsigned int n, const Ring &ring); + PolynomialOver& ShiftRight(unsigned int n, const Ring &ring); + + //! calculate r and q such that (a == d*q + r) && (0 <= degree of r < degree of d) + static void Divide(PolynomialOver &r, PolynomialOver &q, const PolynomialOver &a, const PolynomialOver &d, const Ring &ring); + //@} + + //! \name INPUT/OUTPUT + //@{ + std::istream& Input(std::istream &in, const Ring &ring); + std::ostream& Output(std::ostream &out, const Ring &ring) const; + //@} + +private: + void FromStr(const char *str, const Ring &ring); + + std::vector m_coefficients; +}; + +//! Polynomials over a fixed ring +/*! Having a fixed ring allows overloaded operators */ +template class PolynomialOverFixedRing : private PolynomialOver +{ + typedef PolynomialOver B; + typedef PolynomialOverFixedRing ThisType; + +public: + typedef T Ring; + typedef typename T::Element CoefficientType; + typedef typename B::DivideByZero DivideByZero; + typedef typename B::RandomizationParameter RandomizationParameter; + + //! \name CREATORS + //@{ + //! creates the zero polynomial + PolynomialOverFixedRing(unsigned int count = 0) : B(ms_fixedRing, count) {} + + //! copy constructor + PolynomialOverFixedRing(const ThisType &t) : B(t) {} + + explicit PolynomialOverFixedRing(const B &t) : B(t) {} + + //! construct constant polynomial + PolynomialOverFixedRing(const CoefficientType &element) : B(element) {} + + //! construct polynomial with specified coefficients, starting from coefficient of x^0 + template PolynomialOverFixedRing(Iterator first, Iterator last) + : B(first, last) {} + + //! convert from string + explicit PolynomialOverFixedRing(const char *str) : B(str, ms_fixedRing) {} + + //! convert from big-endian byte array + PolynomialOverFixedRing(const byte *encodedPoly, unsigned int byteCount) : B(encodedPoly, byteCount) {} + + //! convert from Basic Encoding Rules encoded byte array + explicit PolynomialOverFixedRing(const byte *BEREncodedPoly) : B(BEREncodedPoly) {} + + //! convert from BER encoded byte array stored in a BufferedTransformation object + explicit PolynomialOverFixedRing(BufferedTransformation &bt) : B(bt) {} + + //! create a random PolynomialOverFixedRing + PolynomialOverFixedRing(RandomNumberGenerator &rng, const RandomizationParameter ¶meter) : B(rng, parameter, ms_fixedRing) {} + + static const ThisType &Zero(); + static const ThisType &One(); + //@} + + //! \name ACCESSORS + //@{ + //! the zero polynomial will return a degree of -1 + int Degree() const {return B::Degree(ms_fixedRing);} + //! degree + 1 + unsigned int CoefficientCount() const {return B::CoefficientCount(ms_fixedRing);} + //! return coefficient for x^i + CoefficientType GetCoefficient(unsigned int i) const {return B::GetCoefficient(i, ms_fixedRing);} + //! return coefficient for x^i + CoefficientType operator[](unsigned int i) const {return B::GetCoefficient(i, ms_fixedRing);} + //@} + + //! \name MANIPULATORS + //@{ + //! + ThisType& operator=(const ThisType& t) {B::operator=(t); return *this;} + //! + ThisType& operator+=(const ThisType& t) {Accumulate(t, ms_fixedRing); return *this;} + //! + ThisType& operator-=(const ThisType& t) {Reduce(t, ms_fixedRing); return *this;} + //! + ThisType& operator*=(const ThisType& t) {return *this = *this*t;} + //! + ThisType& operator/=(const ThisType& t) {return *this = *this/t;} + //! + ThisType& operator%=(const ThisType& t) {return *this = *this%t;} + + //! + ThisType& operator<<=(unsigned int n) {ShiftLeft(n, ms_fixedRing); return *this;} + //! + ThisType& operator>>=(unsigned int n) {ShiftRight(n, ms_fixedRing); return *this;} + + //! set the coefficient for x^i to value + void SetCoefficient(unsigned int i, const CoefficientType &value) {B::SetCoefficient(i, value, ms_fixedRing);} + + //! + void Randomize(RandomNumberGenerator &rng, const RandomizationParameter ¶meter) {B::Randomize(rng, parameter, ms_fixedRing);} + + //! + void Negate() {B::Negate(ms_fixedRing);} + + void swap(ThisType &t) {B::swap(t);} + //@} + + //! \name UNARY OPERATORS + //@{ + //! + bool operator!() const {return CoefficientCount()==0;} + //! + ThisType operator+() const {return *this;} + //! + ThisType operator-() const {return ThisType(Inverse(ms_fixedRing));} + //@} + + //! \name BINARY OPERATORS + //@{ + //! + friend ThisType operator>>(ThisType a, unsigned int n) {return ThisType(a>>=n);} + //! + friend ThisType operator<<(ThisType a, unsigned int n) {return ThisType(a<<=n);} + //@} + + //! \name OTHER ARITHMETIC FUNCTIONS + //@{ + //! + ThisType MultiplicativeInverse() const {return ThisType(B::MultiplicativeInverse(ms_fixedRing));} + //! + bool IsUnit() const {return B::IsUnit(ms_fixedRing);} + + //! + ThisType Doubled() const {return ThisType(B::Doubled(ms_fixedRing));} + //! + ThisType Squared() const {return ThisType(B::Squared(ms_fixedRing));} + + CoefficientType EvaluateAt(const CoefficientType &x) const {return B::EvaluateAt(x, ms_fixedRing);} + + //! calculate r and q such that (a == d*q + r) && (0 <= r < abs(d)) + static void Divide(ThisType &r, ThisType &q, const ThisType &a, const ThisType &d) + {B::Divide(r, q, a, d, ms_fixedRing);} + //@} + + //! \name INPUT/OUTPUT + //@{ + //! + friend std::istream& operator>>(std::istream& in, ThisType &a) + {return a.Input(in, ms_fixedRing);} + //! + friend std::ostream& operator<<(std::ostream& out, const ThisType &a) + {return a.Output(out, ms_fixedRing);} + //@} + +private: + struct NewOnePolynomial + { + ThisType * operator()() const + { + return new ThisType(ms_fixedRing.MultiplicativeIdentity()); + } + }; + + static const Ring ms_fixedRing; +}; + +//! Ring of polynomials over another ring +template class RingOfPolynomialsOver : public AbstractEuclideanDomain > +{ +public: + typedef T CoefficientRing; + typedef PolynomialOver Element; + typedef typename Element::CoefficientType CoefficientType; + typedef typename Element::RandomizationParameter RandomizationParameter; + + RingOfPolynomialsOver(const CoefficientRing &ring) : m_ring(ring) {} + + Element RandomElement(RandomNumberGenerator &rng, const RandomizationParameter ¶meter) + {return Element(rng, parameter, m_ring);} + + bool Equal(const Element &a, const Element &b) const + {return a.Equals(b, m_ring);} + + const Element& Identity() const + {return this->result = m_ring.Identity();} + + const Element& Add(const Element &a, const Element &b) const + {return this->result = a.Plus(b, m_ring);} + + Element& Accumulate(Element &a, const Element &b) const + {a.Accumulate(b, m_ring); return a;} + + const Element& Inverse(const Element &a) const + {return this->result = a.Inverse(m_ring);} + + const Element& Subtract(const Element &a, const Element &b) const + {return this->result = a.Minus(b, m_ring);} + + Element& Reduce(Element &a, const Element &b) const + {return a.Reduce(b, m_ring);} + + const Element& Double(const Element &a) const + {return this->result = a.Doubled(m_ring);} + + const Element& MultiplicativeIdentity() const + {return this->result = m_ring.MultiplicativeIdentity();} + + const Element& Multiply(const Element &a, const Element &b) const + {return this->result = a.Times(b, m_ring);} + + const Element& Square(const Element &a) const + {return this->result = a.Squared(m_ring);} + + bool IsUnit(const Element &a) const + {return a.IsUnit(m_ring);} + + const Element& MultiplicativeInverse(const Element &a) const + {return this->result = a.MultiplicativeInverse(m_ring);} + + const Element& Divide(const Element &a, const Element &b) const + {return this->result = a.DividedBy(b, m_ring);} + + const Element& Mod(const Element &a, const Element &b) const + {return this->result = a.Modulo(b, m_ring);} + + void DivisionAlgorithm(Element &r, Element &q, const Element &a, const Element &d) const + {Element::Divide(r, q, a, d, m_ring);} + + class InterpolationFailed : public Exception + { + public: + InterpolationFailed() : Exception(OTHER_ERROR, "RingOfPolynomialsOver: interpolation failed") {} + }; + + Element Interpolate(const CoefficientType x[], const CoefficientType y[], unsigned int n) const; + + // a faster version of Interpolate(x, y, n).EvaluateAt(position) + CoefficientType InterpolateAt(const CoefficientType &position, const CoefficientType x[], const CoefficientType y[], unsigned int n) const; +/* + void PrepareBulkInterpolation(CoefficientType *w, const CoefficientType x[], unsigned int n) const; + void PrepareBulkInterpolationAt(CoefficientType *v, const CoefficientType &position, const CoefficientType x[], const CoefficientType w[], unsigned int n) const; + CoefficientType BulkInterpolateAt(const CoefficientType y[], const CoefficientType v[], unsigned int n) const; +*/ +protected: + void CalculateAlpha(std::vector &alpha, const CoefficientType x[], const CoefficientType y[], unsigned int n) const; + + CoefficientRing m_ring; +}; + +template +void PrepareBulkPolynomialInterpolation(const Ring &ring, Element *w, const Element x[], unsigned int n); +template +void PrepareBulkPolynomialInterpolationAt(const Ring &ring, Element *v, const Element &position, const Element x[], const Element w[], unsigned int n); +template +Element BulkPolynomialInterpolateAt(const Ring &ring, const Element y[], const Element v[], unsigned int n); + +//! +template +inline bool operator==(const CryptoPP::PolynomialOverFixedRing &a, const CryptoPP::PolynomialOverFixedRing &b) + {return a.Equals(b, a.ms_fixedRing);} +//! +template +inline bool operator!=(const CryptoPP::PolynomialOverFixedRing &a, const CryptoPP::PolynomialOverFixedRing &b) + {return !(a==b);} + +//! +template +inline bool operator> (const CryptoPP::PolynomialOverFixedRing &a, const CryptoPP::PolynomialOverFixedRing &b) + {return a.Degree() > b.Degree();} +//! +template +inline bool operator>=(const CryptoPP::PolynomialOverFixedRing &a, const CryptoPP::PolynomialOverFixedRing &b) + {return a.Degree() >= b.Degree();} +//! +template +inline bool operator< (const CryptoPP::PolynomialOverFixedRing &a, const CryptoPP::PolynomialOverFixedRing &b) + {return a.Degree() < b.Degree();} +//! +template +inline bool operator<=(const CryptoPP::PolynomialOverFixedRing &a, const CryptoPP::PolynomialOverFixedRing &b) + {return a.Degree() <= b.Degree();} + +//! +template +inline CryptoPP::PolynomialOverFixedRing operator+(const CryptoPP::PolynomialOverFixedRing &a, const CryptoPP::PolynomialOverFixedRing &b) + {return CryptoPP::PolynomialOverFixedRing(a.Plus(b, a.ms_fixedRing));} +//! +template +inline CryptoPP::PolynomialOverFixedRing operator-(const CryptoPP::PolynomialOverFixedRing &a, const CryptoPP::PolynomialOverFixedRing &b) + {return CryptoPP::PolynomialOverFixedRing(a.Minus(b, a.ms_fixedRing));} +//! +template +inline CryptoPP::PolynomialOverFixedRing operator*(const CryptoPP::PolynomialOverFixedRing &a, const CryptoPP::PolynomialOverFixedRing &b) + {return CryptoPP::PolynomialOverFixedRing(a.Times(b, a.ms_fixedRing));} +//! +template +inline CryptoPP::PolynomialOverFixedRing operator/(const CryptoPP::PolynomialOverFixedRing &a, const CryptoPP::PolynomialOverFixedRing &b) + {return CryptoPP::PolynomialOverFixedRing(a.DividedBy(b, a.ms_fixedRing));} +//! +template +inline CryptoPP::PolynomialOverFixedRing operator%(const CryptoPP::PolynomialOverFixedRing &a, const CryptoPP::PolynomialOverFixedRing &b) + {return CryptoPP::PolynomialOverFixedRing(a.Modulo(b, a.ms_fixedRing));} + +NAMESPACE_END + +NAMESPACE_BEGIN(std) +template inline void swap(CryptoPP::PolynomialOver &a, CryptoPP::PolynomialOver &b) +{ + a.swap(b); +} +template inline void swap(CryptoPP::PolynomialOverFixedRing &a, CryptoPP::PolynomialOverFixedRing &b) +{ + a.swap(b); +} +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/pssr.h b/libs/win_crypto++/include/pssr.h new file mode 100644 index 0000000..7ee39eb --- /dev/null +++ b/libs/win_crypto++/include/pssr.h @@ -0,0 +1,100 @@ +// pssr.h - written and placed in the public domain by Wei Dai + +//! \file pssr.h +//! \brief Classes for probablistic signature schemes + +#ifndef CRYPTOPP_PSSR_H +#define CRYPTOPP_PSSR_H + +#include "cryptlib.h" +#include "pubkey.h" +#include "emsa2.h" + +#ifdef CRYPTOPP_IS_DLL +#include "sha.h" +#endif + +NAMESPACE_BEGIN(CryptoPP) + +//! \brief PSSR Message Encoding Method interface +class CRYPTOPP_DLL PSSR_MEM_Base : public PK_RecoverableSignatureMessageEncodingMethod +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~PSSR_MEM_Base() {} +#endif + +private: + virtual bool AllowRecovery() const =0; + virtual size_t SaltLen(size_t hashLen) const =0; + virtual size_t MinPadLen(size_t hashLen) const =0; + virtual const MaskGeneratingFunction & GetMGF() const =0; + +public: + size_t MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const; + size_t MaxRecoverableLength(size_t representativeBitLength, size_t hashIdentifierLength, size_t digestLength) const; + bool IsProbabilistic() const; + bool AllowNonrecoverablePart() const; + bool RecoverablePartFirst() const; + void ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, size_t recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, size_t representativeBitLength) const; + DecodingResult RecoverMessageFromRepresentative( + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, size_t representativeBitLength, + byte *recoverableMessage) const; +}; + +//! \brief PSSR Message Encoding Method with Hash Identifier +//! \tparam USE_HASH_ID flag indicating whether the HashId is used +template class PSSR_MEM_BaseWithHashId; + +//! \brief PSSR Message Encoding Method with Hash Identifier +//! \tparam true flag indicating HashId is used +template<> class PSSR_MEM_BaseWithHashId : public EMSA2HashIdLookup {}; + +//! \brief PSSR Message Encoding Method without Hash Identifier +//! \tparam false flag indicating HashId is not used +template<> class PSSR_MEM_BaseWithHashId : public PSSR_MEM_Base {}; + +//! \brief PSSR Message Encoding Method +//! \tparam ALLOW_RECOVERY flag indicating whether the scheme provides message recovery +//! \tparam MGF mask generation function +//! \tparam SALT_LEN length of the salt +//! \tparam MIN_PAD_LEN minimum length of the pad +//! \tparam USE_HASH_ID flag indicating whether the HashId is used +//! \details If ALLOW_RECOVERY is true, the the signature scheme provides message recovery. If +//! ALLOW_RECOVERY is false, the the signature scheme is appendix, and the message must be +//! provided during verification. +template +class PSSR_MEM : public PSSR_MEM_BaseWithHashId +{ + virtual bool AllowRecovery() const {return ALLOW_RECOVERY;} + virtual size_t SaltLen(size_t hashLen) const {return SALT_LEN < 0 ? hashLen : SALT_LEN;} + virtual size_t MinPadLen(size_t hashLen) const {return MIN_PAD_LEN < 0 ? hashLen : MIN_PAD_LEN;} + virtual const MaskGeneratingFunction & GetMGF() const {static MGF mgf; return mgf;} + +public: + static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string(ALLOW_RECOVERY ? "PSSR-" : "PSS-") + MGF::StaticAlgorithmName();} +}; + +//! \brief Probabilistic Signature Scheme with Recovery +//! \details Signature Schemes with Recovery encode the message with the signature. +//! \sa PSSR-MGF1 +struct PSSR : public SignatureStandard +{ + typedef PSSR_MEM SignatureMessageEncodingMethod; +}; + +//! \brief Probabilistic Signature Scheme with Appendix +//! \details Signature Schemes with Appendix require the message to be provided during verification. +//! \sa PSS-MGF1 +struct PSS : public SignatureStandard +{ + typedef PSSR_MEM SignatureMessageEncodingMethod; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/pubkey.h b/libs/win_crypto++/include/pubkey.h new file mode 100644 index 0000000..4a51bca --- /dev/null +++ b/libs/win_crypto++/include/pubkey.h @@ -0,0 +1,2255 @@ +// pubkey.h - written and placed in the public domain by Wei Dai + +//! \file pubkey.h +//! \brief This file contains helper classes/functions for implementing public key algorithms. +//! \details The class hierachies in this header file tend to look like this: +//! +//! 
+//!                   x1
+//!                  +--+
+//!                  |  |
+//!                 y1  z1
+//!                  |  |
+//!             x2  x2
+//!                  |  |
+//!                 y2  z2
+//!                  |  |
+//!             x3  x3
+//!                  |  |
+//!                 y3  z3
+//!
+//! +//!
    +//!
  • x1, y1, z1 are abstract interface classes defined in cryptlib.h +//!
  • x2, y2, z2 are implementations of the interfaces using "abstract policies", which +//! are pure virtual functions that should return interfaces to interchangeable algorithms. +//! These classes have \p Base suffixes. +//!
  • x3, y3, z3 hold actual algorithms and implement those virtual functions. +//! These classes have \p Impl suffixes. +//!
+//! +//! \details The \p TF_ prefix means an implementation using trapdoor functions on integers. +//! \details The \p DL_ prefix means an implementation using group operations in groups where discrete log is hard. + +#ifndef CRYPTOPP_PUBKEY_H +#define CRYPTOPP_PUBKEY_H + +#include "config.h" + +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4702) +#endif + +#include "cryptlib.h" +#include "integer.h" +#include "algebra.h" +#include "modarith.h" +#include "filters.h" +#include "eprecomp.h" +#include "fips140.h" +#include "argnames.h" +#include "smartptr.h" +#include "stdcpp.h" + +// VC60 workaround: this macro is defined in shlobj.h and conflicts with a template parameter used in this file +#undef INTERFACE + +#if defined(__SUNPRO_CC) +# define MAYBE_RETURN(x) return x +#else +# define MAYBE_RETURN(x) CRYPTOPP_UNUSED(x) +#endif + +NAMESPACE_BEGIN(CryptoPP) + +//! \class TrapdoorFunctionBounds +//! \brief Provides range for plaintext and ciphertext lengths +//! \details A trapdoor function is a function that is easy to compute in one direction, +//! but difficult to compute in the opposite direction without special knowledge. +//! The special knowledge is usually the private key. +//! \details Trapdoor functions only handle messages of a limited length or size. +//! \p MaxPreimage is the plaintext's maximum length, and \p MaxImage is the +//! ciphertext's maximum length. +//! \sa TrapdoorFunctionBounds(), RandomizedTrapdoorFunction(), TrapdoorFunction(), +//! RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse() +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TrapdoorFunctionBounds +{ +public: + virtual ~TrapdoorFunctionBounds() {} + + //! \brief Returns the maximum size of a message before the trapdoor function is applied + //! \returns the maximum size of a message before the trapdoor function is applied + //! \details Derived classes must implement \p PreimageBound(). + virtual Integer PreimageBound() const =0; + //! \brief Returns the maximum size of a message after the trapdoor function is applied + //! \returns the maximum size of a message after the trapdoor function is applied + //! \details Derived classes must implement \p ImageBound(). + virtual Integer ImageBound() const =0; + //! \brief Returns the maximum size of a message before the trapdoor function is applied bound to a public key + //! \returns the maximum size of a message before the trapdoor function is applied bound to a public key + //! \details The default implementation returns PreimageBound() - 1. + virtual Integer MaxPreimage() const {return --PreimageBound();} + //! \brief Returns the maximum size of a message after the trapdoor function is applied bound to a public key + //! \returns the the maximum size of a message after the trapdoor function is applied bound to a public key + //! \details The default implementation returns ImageBound() - 1. + virtual Integer MaxImage() const {return --ImageBound();} +}; + +//! \class RandomizedTrapdoorFunction +//! \brief Applies the trapdoor function, using random data if required +//! \details \p ApplyFunction() is the foundation for encrypting a message under a public key. +//! Derived classes will override it at some point. +//! \sa TrapdoorFunctionBounds(), RandomizedTrapdoorFunction(), TrapdoorFunction(), +//! RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse() +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE RandomizedTrapdoorFunction : public TrapdoorFunctionBounds +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~RandomizedTrapdoorFunction() { } +#endif + + //! \brief Applies the trapdoor function, using random data if required + //! \param rng a \p RandomNumberGenerator derived class + //! \param x the message on which the encryption function is applied + //! \returns the message \p x encrypted under the public key + //! \details \p ApplyRandomizedFunction is a generalization of encryption under a public key + //! cryptosystem. The \p RandomNumberGenerator may (or may not) be required. + //! Derived classes must implement it. + virtual Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const =0; + + //! \brief Determines if the encryption algorithm is randomized + //! \returns \p true if the encryption algorithm is randomized, \p false otherwise + //! \details If \p IsRandomized() returns \p false, then \p NullRNG() can be used. + virtual bool IsRandomized() const {return true;} +}; + +//! \class TrapdoorFunction +//! \brief Applies the trapdoor function +//! \details \p ApplyFunction() is the foundation for encrypting a message under a public key. +//! Derived classes will override it at some point. +//! \sa TrapdoorFunctionBounds(), RandomizedTrapdoorFunction(), TrapdoorFunction(), +//! RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse() +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TrapdoorFunction : public RandomizedTrapdoorFunction +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~TrapdoorFunction() { } +#endif + + //! \brief Applies the trapdoor function + //! \param rng a \p RandomNumberGenerator derived class + //! \param x the message on which the encryption function is applied + //! \details \p ApplyRandomizedFunction is a generalization of encryption under a public key + //! cryptosystem. The \p RandomNumberGenerator may (or may not) be required. + //! \details Internally, \p ApplyRandomizedFunction() calls \p ApplyFunction() \a + //! without the \p RandomNumberGenerator. + Integer ApplyRandomizedFunction(RandomNumberGenerator &rng, const Integer &x) const + {CRYPTOPP_UNUSED(rng); return ApplyFunction(x);} + bool IsRandomized() const {return false;} + + //! \brief Applies the trapdoor + //! \param x the message on which the encryption function is applied + //! \returns the message \p x encrypted under the public key + //! \details \p ApplyFunction is a generalization of encryption under a public key + //! cryptosystem. Derived classes must implement it. + virtual Integer ApplyFunction(const Integer &x) const =0; +}; + +//! \class RandomizedTrapdoorFunctionInverse +//! \brief Applies the inverse of the trapdoor function, using random data if required +//! \details \p CalculateInverse() is the foundation for decrypting a message under a private key +//! in a public key cryptosystem. Derived classes will override it at some point. +//! \sa TrapdoorFunctionBounds(), RandomizedTrapdoorFunction(), TrapdoorFunction(), +//! RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse() +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE RandomizedTrapdoorFunctionInverse +{ +public: + virtual ~RandomizedTrapdoorFunctionInverse() {} + + //! \brief Applies the inverse of the trapdoor function, using random data if required + //! \param rng a \p RandomNumberGenerator derived class + //! \param x the message on which the decryption function is applied + //! \returns the message \p x decrypted under the private key + //! \details \p CalculateRandomizedInverse is a generalization of decryption using the private key + //! The \p RandomNumberGenerator may (or may not) be required. Derived classes must implement it. + virtual Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const =0; + + //! \brief Determines if the decryption algorithm is randomized + //! \returns \p true if the decryption algorithm is randomized, \p false otherwise + //! \details If \p IsRandomized() returns \p false, then \p NullRNG() can be used. + virtual bool IsRandomized() const {return true;} +}; + +//! \class TrapdoorFunctionInverse +//! \brief Applies the inverse of the trapdoor function +//! \details \p CalculateInverse() is the foundation for decrypting a message under a private key +//! in a public key cryptosystem. Derived classes will override it at some point. +//! \sa TrapdoorFunctionBounds(), RandomizedTrapdoorFunction(), TrapdoorFunction(), +//! RandomizedTrapdoorFunctionInverse() and TrapdoorFunctionInverse() +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TrapdoorFunctionInverse : public RandomizedTrapdoorFunctionInverse +{ +public: + virtual ~TrapdoorFunctionInverse() {} + + //! \brief Applies the inverse of the trapdoor function + //! \param rng a \p RandomNumberGenerator derived class + //! \param x the message on which the decryption function is applied + //! \returns the message \p x decrypted under the private key + //! \details \p CalculateRandomizedInverse is a generalization of decryption using the private key + //! \details Internally, \p CalculateRandomizedInverse() calls \p CalculateInverse() \a + //! without the \p RandomNumberGenerator. + Integer CalculateRandomizedInverse(RandomNumberGenerator &rng, const Integer &x) const + {return CalculateInverse(rng, x);} + + //! \brief Determines if the decryption algorithm is randomized + //! \returns \p true if the decryption algorithm is randomized, \p false otherwise + //! \details If \p IsRandomized() returns \p false, then \p NullRNG() can be used. + bool IsRandomized() const {return false;} + + //! \brief Calculates the inverse of an element + //! \param rng a \p RandomNumberGenerator derived class + //! \param x the element + //! \returns the inverse of the element in the group + virtual Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const =0; +}; + +// ******************************************************** + +//! \class PK_EncryptionMessageEncodingMethod +//! \brief Message encoding method for public key encryption +class CRYPTOPP_NO_VTABLE PK_EncryptionMessageEncodingMethod +{ +public: + virtual ~PK_EncryptionMessageEncodingMethod() {} + + virtual bool ParameterSupported(const char *name) const + {CRYPTOPP_UNUSED(name); return false;} + + //! max size of unpadded message in bytes, given max size of padded message in bits (1 less than size of modulus) + virtual size_t MaxUnpaddedLength(size_t paddedLength) const =0; + + virtual void Pad(RandomNumberGenerator &rng, const byte *raw, size_t inputLength, byte *padded, size_t paddedBitLength, const NameValuePairs ¶meters) const =0; + + virtual DecodingResult Unpad(const byte *padded, size_t paddedBitLength, byte *raw, const NameValuePairs ¶meters) const =0; +}; + +// ******************************************************** + +//! \class TF_Base +//! \brief The base for trapdoor based cryptosystems +//! \tparam TFI trapdoor function interface derived class +//! \tparam MEI message encoding interface derived class +template +class CRYPTOPP_NO_VTABLE TF_Base +{ +protected: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~TF_Base() { } +#endif + + virtual const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const =0; + + typedef TFI TrapdoorFunctionInterface; + virtual const TrapdoorFunctionInterface & GetTrapdoorFunctionInterface() const =0; + + typedef MEI MessageEncodingInterface; + virtual const MessageEncodingInterface & GetMessageEncodingInterface() const =0; +}; + +// ******************************************************** + +//! \class PK_FixedLengthCryptoSystemImpl +//! \brief Public key trapdoor function default implementation +//! \tparam BASE public key cryptosystem with a fixed length +template +class CRYPTOPP_NO_VTABLE PK_FixedLengthCryptoSystemImpl : public BASE +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~PK_FixedLengthCryptoSystemImpl() { } +#endif + + size_t MaxPlaintextLength(size_t ciphertextLength) const + {return ciphertextLength == FixedCiphertextLength() ? FixedMaxPlaintextLength() : 0;} + size_t CiphertextLength(size_t plaintextLength) const + {return plaintextLength <= FixedMaxPlaintextLength() ? FixedCiphertextLength() : 0;} + + virtual size_t FixedMaxPlaintextLength() const =0; + virtual size_t FixedCiphertextLength() const =0; +}; + +//! \class TF_CryptoSystemBase +//! \brief Trapdoor function cryptosystem base class +//! \tparam INTERFACE public key cryptosystem base interface +//! \tparam BASE public key cryptosystem implementation base +template +class CRYPTOPP_NO_VTABLE TF_CryptoSystemBase : public PK_FixedLengthCryptoSystemImpl, protected BASE +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~TF_CryptoSystemBase() { } +#endif + + bool ParameterSupported(const char *name) const {return this->GetMessageEncodingInterface().ParameterSupported(name);} + size_t FixedMaxPlaintextLength() const {return this->GetMessageEncodingInterface().MaxUnpaddedLength(PaddedBlockBitLength());} + size_t FixedCiphertextLength() const {return this->GetTrapdoorFunctionBounds().MaxImage().ByteCount();} + +protected: + size_t PaddedBlockByteLength() const {return BitsToBytes(PaddedBlockBitLength());} + // Coverity finding on potential overflow/underflow. + size_t PaddedBlockBitLength() const {return SaturatingSubtract(this->GetTrapdoorFunctionBounds().PreimageBound().BitCount(),1U);} +}; + +//! \class TF_DecryptorBase +//! \brief Trapdoor function cryptosystems decryption base class +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TF_DecryptorBase : public TF_CryptoSystemBase > +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~TF_DecryptorBase() { } +#endif + + DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const; +}; + +//! \class TF_DecryptorBase +//! \brief Trapdoor function cryptosystems encryption base class +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TF_EncryptorBase : public TF_CryptoSystemBase > +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~TF_EncryptorBase() { } +#endif + + void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters = g_nullNameValuePairs) const; +}; + +// ******************************************************** + +// Typedef change due to Clang, http://github.com/weidai11/cryptopp/issues/300 +typedef std::pair HashIdentifier; + +//! \class PK_SignatureMessageEncodingMethod +//! \brief Interface for message encoding method for public key signature schemes. +//! \details \p PK_SignatureMessageEncodingMethod provides interfaces for message +//! encoding method for public key signature schemes. The methods support both +//! trapdoor functions (TF_*) and discrete logarithm (DL_*) +//! based schemes. +class CRYPTOPP_NO_VTABLE PK_SignatureMessageEncodingMethod +{ +public: + virtual ~PK_SignatureMessageEncodingMethod() {} + + virtual size_t MinRepresentativeBitLength(size_t hashIdentifierLength, size_t digestLength) const + {CRYPTOPP_UNUSED(hashIdentifierLength); CRYPTOPP_UNUSED(digestLength); return 0;} + virtual size_t MaxRecoverableLength(size_t representativeBitLength, size_t hashIdentifierLength, size_t digestLength) const + {CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(hashIdentifierLength); CRYPTOPP_UNUSED(digestLength); return 0;} + + bool IsProbabilistic() const + {return true;} + bool AllowNonrecoverablePart() const + {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} + virtual bool RecoverablePartFirst() const + {throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} + + // for verification, DL + virtual void ProcessSemisignature(HashTransformation &hash, const byte *semisignature, size_t semisignatureLength) const + {CRYPTOPP_UNUSED(hash); CRYPTOPP_UNUSED(semisignature); CRYPTOPP_UNUSED(semisignatureLength);} + + // for signature + virtual void ProcessRecoverableMessage(HashTransformation &hash, + const byte *recoverableMessage, size_t recoverableMessageLength, + const byte *presignature, size_t presignatureLength, + SecByteBlock &semisignature) const + { + CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(recoverableMessage); CRYPTOPP_UNUSED(recoverableMessageLength); + CRYPTOPP_UNUSED(presignature); CRYPTOPP_UNUSED(presignatureLength); CRYPTOPP_UNUSED(semisignature); + if (RecoverablePartFirst()) + CRYPTOPP_ASSERT(!"ProcessRecoverableMessage() not implemented"); + } + + virtual void ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, size_t recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, size_t representativeBitLength) const =0; + + virtual bool VerifyMessageRepresentative( + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, size_t representativeBitLength) const =0; + + virtual DecodingResult RecoverMessageFromRepresentative( // for TF + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, size_t representativeBitLength, + byte *recoveredMessage) const + {CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(hashIdentifier); CRYPTOPP_UNUSED(messageEmpty); + CRYPTOPP_UNUSED(representative); CRYPTOPP_UNUSED(representativeBitLength); CRYPTOPP_UNUSED(recoveredMessage); + throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} + + virtual DecodingResult RecoverMessageFromSemisignature( // for DL + HashTransformation &hash, HashIdentifier hashIdentifier, + const byte *presignature, size_t presignatureLength, + const byte *semisignature, size_t semisignatureLength, + byte *recoveredMessage) const + {CRYPTOPP_UNUSED(hash);CRYPTOPP_UNUSED(hashIdentifier); CRYPTOPP_UNUSED(presignature); CRYPTOPP_UNUSED(presignatureLength); + CRYPTOPP_UNUSED(semisignature); CRYPTOPP_UNUSED(semisignatureLength); CRYPTOPP_UNUSED(recoveredMessage); + throw NotImplemented("PK_MessageEncodingMethod: this signature scheme does not support message recovery");} + + // VC60 workaround + struct HashIdentifierLookup + { + template struct HashIdentifierLookup2 + { + static HashIdentifier CRYPTOPP_API Lookup() + { + return HashIdentifier((const byte *)NULL, 0); + } + }; + }; +}; + +//! \class PK_DeterministicSignatureMessageEncodingMethod +//! \brief Interface for message encoding method for public key signature schemes. +//! \details \p PK_DeterministicSignatureMessageEncodingMethod provides interfaces +//! for message encoding method for public key signature schemes. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_DeterministicSignatureMessageEncodingMethod : public PK_SignatureMessageEncodingMethod +{ +public: + bool VerifyMessageRepresentative( + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, size_t representativeBitLength) const; +}; + +//! \class PK_RecoverableSignatureMessageEncodingMethod +//! \brief Interface for message encoding method for public key signature schemes. +//! \details \p PK_RecoverableSignatureMessageEncodingMethod provides interfaces +//! for message encoding method for public key signature schemes. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_RecoverableSignatureMessageEncodingMethod : public PK_SignatureMessageEncodingMethod +{ +public: + bool VerifyMessageRepresentative( + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, size_t representativeBitLength) const; +}; + +//! \class DL_SignatureMessageEncodingMethod_DSA +//! \brief Interface for message encoding method for public key signature schemes. +//! \details \p DL_SignatureMessageEncodingMethod_DSA provides interfaces +//! for message encoding method for DSA. +class CRYPTOPP_DLL DL_SignatureMessageEncodingMethod_DSA : public PK_DeterministicSignatureMessageEncodingMethod +{ +public: + void ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, size_t recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, size_t representativeBitLength) const; +}; + +//! \class DL_SignatureMessageEncodingMethod_NR +//! \brief Interface for message encoding method for public key signature schemes. +//! \details \p DL_SignatureMessageEncodingMethod_NR provides interfaces +//! for message encoding method for Nyberg-Rueppel. +class CRYPTOPP_DLL DL_SignatureMessageEncodingMethod_NR : public PK_DeterministicSignatureMessageEncodingMethod +{ +public: + void ComputeMessageRepresentative(RandomNumberGenerator &rng, + const byte *recoverableMessage, size_t recoverableMessageLength, + HashTransformation &hash, HashIdentifier hashIdentifier, bool messageEmpty, + byte *representative, size_t representativeBitLength) const; +}; + +//! \class PK_MessageAccumulatorBase +//! \brief Interface for message encoding method for public key signature schemes. +//! \details \p PK_MessageAccumulatorBase provides interfaces +//! for message encoding method. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE PK_MessageAccumulatorBase : public PK_MessageAccumulator +{ +public: + PK_MessageAccumulatorBase() : m_empty(true) {} + + virtual HashTransformation & AccessHash() =0; + + void Update(const byte *input, size_t length) + { + AccessHash().Update(input, length); + m_empty = m_empty && length == 0; + } + + SecByteBlock m_recoverableMessage, m_representative, m_presignature, m_semisignature; + Integer m_k, m_s; + bool m_empty; +}; + +//! \class PK_MessageAccumulatorImpl +//! \brief Interface for message encoding method for public key signature schemes. +//! \details \p PK_MessageAccumulatorBase provides interfaces +//! for message encoding method. +template +class PK_MessageAccumulatorImpl : public PK_MessageAccumulatorBase, protected ObjectHolder +{ +public: + HashTransformation & AccessHash() {return this->m_object;} +}; + +//! _ +template +class CRYPTOPP_NO_VTABLE TF_SignatureSchemeBase : public INTERFACE, protected BASE +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~TF_SignatureSchemeBase() { } +#endif + + size_t SignatureLength() const + {return this->GetTrapdoorFunctionBounds().MaxPreimage().ByteCount();} + size_t MaxRecoverableLength() const + {return this->GetMessageEncodingInterface().MaxRecoverableLength(MessageRepresentativeBitLength(), GetHashIdentifier().second, GetDigestSize());} + size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const + {CRYPTOPP_UNUSED(signatureLength); return this->MaxRecoverableLength();} + + bool IsProbabilistic() const + {return this->GetTrapdoorFunctionInterface().IsRandomized() || this->GetMessageEncodingInterface().IsProbabilistic();} + bool AllowNonrecoverablePart() const + {return this->GetMessageEncodingInterface().AllowNonrecoverablePart();} + bool RecoverablePartFirst() const + {return this->GetMessageEncodingInterface().RecoverablePartFirst();} + +protected: + size_t MessageRepresentativeLength() const {return BitsToBytes(MessageRepresentativeBitLength());} + // Coverity finding on potential overflow/underflow. + size_t MessageRepresentativeBitLength() const {return SaturatingSubtract(this->GetTrapdoorFunctionBounds().ImageBound().BitCount(),1U);} + virtual HashIdentifier GetHashIdentifier() const =0; + virtual size_t GetDigestSize() const =0; +}; + +//! _ +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TF_SignerBase : public TF_SignatureSchemeBase > +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~TF_SignerBase() { } +#endif + + void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const; + size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart=true) const; +}; + +//! _ +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE TF_VerifierBase : public TF_SignatureSchemeBase > +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~TF_VerifierBase() { } +#endif + + void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const; + bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const; + DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &recoveryAccumulator) const; +}; + +// ******************************************************** + +//! _ +template +struct TF_CryptoSchemeOptions +{ + typedef T1 AlgorithmInfo; + typedef T2 Keys; + typedef typename Keys::PrivateKey PrivateKey; + typedef typename Keys::PublicKey PublicKey; + typedef T3 MessageEncodingMethod; +}; + +//! _ +template +struct TF_SignatureSchemeOptions : public TF_CryptoSchemeOptions +{ + typedef T4 HashFunction; +}; + +//! _ +template +class CRYPTOPP_NO_VTABLE TF_ObjectImplBase : public AlgorithmImpl +{ +public: + typedef SCHEME_OPTIONS SchemeOptions; + typedef KEY_CLASS KeyClass; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~TF_ObjectImplBase() { } +#endif + + PublicKey & AccessPublicKey() {return AccessKey();} + const PublicKey & GetPublicKey() const {return GetKey();} + + PrivateKey & AccessPrivateKey() {return AccessKey();} + const PrivateKey & GetPrivateKey() const {return GetKey();} + + virtual const KeyClass & GetKey() const =0; + virtual KeyClass & AccessKey() =0; + + const KeyClass & GetTrapdoorFunction() const {return GetKey();} + + PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const + { + CRYPTOPP_UNUSED(rng); + return new PK_MessageAccumulatorImpl; + } + PK_MessageAccumulator * NewVerificationAccumulator() const + { + return new PK_MessageAccumulatorImpl; + } + +protected: + const typename BASE::MessageEncodingInterface & GetMessageEncodingInterface() const + {return Singleton().Ref();} + const TrapdoorFunctionBounds & GetTrapdoorFunctionBounds() const + {return GetKey();} + const typename BASE::TrapdoorFunctionInterface & GetTrapdoorFunctionInterface() const + {return GetKey();} + + // for signature scheme + HashIdentifier GetHashIdentifier() const + { + typedef CPP_TYPENAME SchemeOptions::MessageEncodingMethod::HashIdentifierLookup::template HashIdentifierLookup2 L; + return L::Lookup(); + } + size_t GetDigestSize() const + { + typedef CPP_TYPENAME SchemeOptions::HashFunction H; + return H::DIGESTSIZE; + } +}; + +//! _ +template +class TF_ObjectImplExtRef : public TF_ObjectImplBase +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~TF_ObjectImplExtRef() { } +#endif + + TF_ObjectImplExtRef(const KEY *pKey = NULL) : m_pKey(pKey) {} + void SetKeyPtr(const KEY *pKey) {m_pKey = pKey;} + + const KEY & GetKey() const {return *m_pKey;} + KEY & AccessKey() {throw NotImplemented("TF_ObjectImplExtRef: cannot modify refererenced key");} + +private: + const KEY * m_pKey; +}; + +//! _ +template +class CRYPTOPP_NO_VTABLE TF_ObjectImpl : public TF_ObjectImplBase +{ +public: + typedef KEY_CLASS KeyClass; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~TF_ObjectImpl() { } +#endif + + const KeyClass & GetKey() const {return m_trapdoorFunction;} + KeyClass & AccessKey() {return m_trapdoorFunction;} + +private: + KeyClass m_trapdoorFunction; +}; + +//! _ +template +class TF_DecryptorImpl : public TF_ObjectImpl +{ +}; + +//! _ +template +class TF_EncryptorImpl : public TF_ObjectImpl +{ +}; + +//! _ +template +class TF_SignerImpl : public TF_ObjectImpl +{ +}; + +//! _ +template +class TF_VerifierImpl : public TF_ObjectImpl +{ +}; + +// ******************************************************** + +//! \class MaskGeneratingFunction +//! \brief Mask generation function interface +class CRYPTOPP_NO_VTABLE MaskGeneratingFunction +{ +public: + virtual ~MaskGeneratingFunction() {} + + //! \brief Generate and apply mask + //! \param hash HashTransformation derived class + //! \param output the destination byte array + //! \param outputLength the size fo the the destination byte array + //! \param input the message to hash + //! \param inputLength the size of the message + //! \param mask flag indicating whether to apply the mask + virtual void GenerateAndMask(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, bool mask = true) const =0; +}; + +//! \fn P1363_MGF1KDF2_Common +//! \brief P1363 mask generation function +//! \param hash HashTransformation derived class +//! \param output the destination byte array +//! \param outputLength the size fo the the destination byte array +//! \param input the message to hash +//! \param inputLength the size of the message +//! \param derivationParams additional derivation parameters +//! \param derivationParamsLength the size of the additional derivation parameters +//! \param mask flag indicating whether to apply the mask +//! \param counterStart starting counter value used in generation function +CRYPTOPP_DLL void CRYPTOPP_API P1363_MGF1KDF2_Common(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, const byte *derivationParams, size_t derivationParamsLength, bool mask, unsigned int counterStart); + +//! \class P1363_MGF1 +//! \brief P1363 mask generation function +class P1363_MGF1 : public MaskGeneratingFunction +{ +public: + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "MGF1";} + void GenerateAndMask(HashTransformation &hash, byte *output, size_t outputLength, const byte *input, size_t inputLength, bool mask = true) const + { + P1363_MGF1KDF2_Common(hash, output, outputLength, input, inputLength, NULL, 0, mask, 0); + } +}; + +// ******************************************************** + +//! \class MaskGeneratingFunction +//! \brief P1363 key derivation function +//! \tparam H hash function used in the derivation +template +class P1363_KDF2 +{ +public: + static void CRYPTOPP_API DeriveKey(byte *output, size_t outputLength, const byte *input, size_t inputLength, const byte *derivationParams, size_t derivationParamsLength) + { + H h; + P1363_MGF1KDF2_Common(h, output, outputLength, input, inputLength, derivationParams, derivationParamsLength, false, 1); + } +}; + +// ******************************************************** + +//! \brief Exception thrown when an invalid group element is encountered +//! \details Thrown by DecodeElement and AgreeWithStaticPrivateKey +class DL_BadElement : public InvalidDataFormat +{ +public: + DL_BadElement() : InvalidDataFormat("CryptoPP: invalid group element") {} +}; + +//! \brief Interface for Discrete Log (DL) group parameters +//! \tparam T element in the group +//! \details The element is usually an Integer, \ref ECP "ECP::Point" or \ref EC2N "EC2N::Point" +template +class CRYPTOPP_NO_VTABLE DL_GroupParameters : public CryptoParameters +{ + typedef DL_GroupParameters ThisClass; + +public: + typedef T Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_GroupParameters() { } +#endif + + DL_GroupParameters() : m_validationLevel(0) {} + + // CryptoMaterial + bool Validate(RandomNumberGenerator &rng, unsigned int level) const + { + if (!GetBasePrecomputation().IsInitialized()) + return false; + + if (m_validationLevel > level) + return true; + + bool pass = ValidateGroup(rng, level); + pass = pass && ValidateElement(level, GetSubgroupGenerator(), &GetBasePrecomputation()); + + m_validationLevel = pass ? level+1 : 0; + + return pass; + } + + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const + { + return GetValueHelper(this, name, valueType, pValue) + CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupOrder) + CRYPTOPP_GET_FUNCTION_ENTRY(SubgroupGenerator) + ; + } + + bool SupportsPrecomputation() const {return true;} + + void Precompute(unsigned int precomputationStorage=16) + { + AccessBasePrecomputation().Precompute(GetGroupPrecomputation(), GetSubgroupOrder().BitCount(), precomputationStorage); + } + + void LoadPrecomputation(BufferedTransformation &storedPrecomputation) + { + AccessBasePrecomputation().Load(GetGroupPrecomputation(), storedPrecomputation); + m_validationLevel = 0; + } + + void SavePrecomputation(BufferedTransformation &storedPrecomputation) const + { + GetBasePrecomputation().Save(GetGroupPrecomputation(), storedPrecomputation); + } + + //! \brief Retrieves the subgroup generator + //! \return the subgroup generator + //! \details The subgroup generator is retrieved from the base precomputation + virtual const Element & GetSubgroupGenerator() const {return GetBasePrecomputation().GetBase(GetGroupPrecomputation());} + + //! \brief Set the subgroup generator + //! \param base the new subgroup generator + //! \details The subgroup generator is set in the base precomputation + virtual void SetSubgroupGenerator(const Element &base) {AccessBasePrecomputation().SetBase(GetGroupPrecomputation(), base);} + + //! \brief Retrieves the subgroup generator + //! \return the subgroup generator + //! \details The subgroup generator is retrieved from the base precomputation. + virtual Element ExponentiateBase(const Integer &exponent) const + { + return GetBasePrecomputation().Exponentiate(GetGroupPrecomputation(), exponent); + } + + //! \brief Exponentiates an element + //! \param base the base elemenet + //! \param exponent the exponent to raise the base + //! \return the result of the exponentiation + //! \details Internally, ExponentiateElement() calls SimultaneousExponentiate(). + virtual Element ExponentiateElement(const Element &base, const Integer &exponent) const + { + Element result; + SimultaneousExponentiate(&result, base, &exponent, 1); + return result; + } + + //! \brief Retrieves the group precomputation + //! \return a const reference to the group precomputation + virtual const DL_GroupPrecomputation & GetGroupPrecomputation() const =0; + + //! \brief Retrieves the group precomputation + //! \return a const reference to the group precomputation using a fixed base + virtual const DL_FixedBasePrecomputation & GetBasePrecomputation() const =0; + + //! \brief Retrieves the group precomputation + //! \return a non-const reference to the group precomputation using a fixed base + virtual DL_FixedBasePrecomputation & AccessBasePrecomputation() =0; + + //! \brief Retrieves the subgroup order + //! \return the order of subgroup generated by the base element + virtual const Integer & GetSubgroupOrder() const =0; + + //! \brief Retrieves the maximum exponent for the group + //! \return the maximum exponent for the group + virtual Integer GetMaxExponent() const =0; + + //! \brief Retrieves the order of the group + //! \return the order of the group + //! \details Either GetGroupOrder() or GetCofactor() must be overriden in a derived class. + virtual Integer GetGroupOrder() const {return GetSubgroupOrder()*GetCofactor();} + + //! \brief Retrieves the cofactor + //! \return the cofactor + //! \details Either GetGroupOrder() or GetCofactor() must be overriden in a derived class. + virtual Integer GetCofactor() const {return GetGroupOrder()/GetSubgroupOrder();} + + //! \brief Retrieves the encoded element's size + //! \param reversible flag indicating the encoding format + //! \return encoded element's size, in bytes + //! \details The format of the encoded element varies by the underlyinhg type of the element and the + //! reversible flag. GetEncodedElementSize() must be implemented in a derived class. + //! \sa GetEncodedElementSize(), EncodeElement(), DecodeElement() + virtual unsigned int GetEncodedElementSize(bool reversible) const =0; + + //! \brief Encodes the element + //! \param reversible flag indicating the encoding format + //! \param element reference to the element to encode + //! \param encoded destination byte array for the encoded element + //! \details EncodeElement() must be implemented in a derived class. + //! \pre COUNTOF(encoded) == GetEncodedElementSize() + virtual void EncodeElement(bool reversible, const Element &element, byte *encoded) const =0; + + //! \brief Decodes the element + //! \param encoded byte array with the encoded element + //! \param checkForGroupMembership flag indicating if the element should be validated + //! \return Element after decoding + //! \details DecodeElement() must be implemented in a derived class. + //! \pre COUNTOF(encoded) == GetEncodedElementSize() + virtual Element DecodeElement(const byte *encoded, bool checkForGroupMembership) const =0; + + //! \brief Converts an element to an Integer + //! \param element the element to convert to an Integer + //! \return Element after converting to an Integer + //! \details ConvertElementToInteger() must be implemented in a derived class. + virtual Integer ConvertElementToInteger(const Element &element) const =0; + + //! \brief Check the group for errors + //! \param rng RandomNumberGenerator for objects which use randomized testing + //! \param level level of thoroughness + //! \return true if the tests succeed, false otherwise + //! \details There are four levels of thoroughness: + //!
    + //!
  • 0 - using this object won't cause a crash or exception + //!
  • 1 - this object will probably function, and encrypt, sign, other operations correctly + //!
  • 2 - ensure this object will function correctly, and perform reasonable security checks + //!
  • 3 - perform reasonable security checks, and do checks that may take a long time + //!
+ //! \details Level 0 does not require a RandomNumberGenerator. A NullRNG() can be used for level 0. + //! Level 1 may not check for weak keys and such. Levels 2 and 3 are recommended. + //! \details ValidateGroup() must be implemented in a derived class. + virtual bool ValidateGroup(RandomNumberGenerator &rng, unsigned int level) const =0; + + //! \brief Check the element for errors + //! \param level level of thoroughness + //! \param element element to check + //! \param precomp optional pointer to DL_FixedBasePrecomputation + //! \return true if the tests succeed, false otherwise + //! \details There are four levels of thoroughness: + //!
    + //!
  • 0 - using this object won't cause a crash or exception + //!
  • 1 - this object will probably function, and encrypt, sign, other operations correctly + //!
  • 2 - ensure this object will function correctly, and perform reasonable security checks + //!
  • 3 - perform reasonable security checks, and do checks that may take a long time + //!
+ //! \details Level 0 performs group membership checks. Level 1 may not check for weak keys and such. + //! Levels 2 and 3 are recommended. + //! \details ValidateElement() must be implemented in a derived class. + virtual bool ValidateElement(unsigned int level, const Element &element, const DL_FixedBasePrecomputation *precomp) const =0; + + virtual bool FastSubgroupCheckAvailable() const =0; + + //! \brief Determines if an element is an identity + //! \param element element to check + //! \return true if the element is an identity, false otherwise + //! \details The identity element or or neutral element is a special element in a group that leaves + //! other elements unchanged when combined with it. + //! \details IsIdentity() must be implemented in a derived class. + virtual bool IsIdentity(const Element &element) const =0; + + //! \brief Exponentiates a base to multiple exponents + //! \param results an array of Elements + //! \param base the base to raise to the exponents + //! \param exponents an array of exponents + //! \param exponentsCount the number of exponents in the array + //! \details SimultaneousExponentiate() raises the base to each exponent in the exponents array and stores the + //! result at the respective position in the results array. + //! \details SimultaneousExponentiate() must be implemented in a derived class. + //! \pre COUNTOF(results) == exponentsCount + //! \pre COUNTOF(exponents) == exponentsCount + virtual void SimultaneousExponentiate(Element *results, const Element &base, const Integer *exponents, unsigned int exponentsCount) const =0; + +protected: + void ParametersChanged() {m_validationLevel = 0;} + +private: + mutable unsigned int m_validationLevel; +}; + +//! \brief Base implmentation of Discrete Log (DL) group parameters +//! \tparam GROUP_PRECOMP group precomputation class +//! \tparam BASE_PRECOMP fixed base precomputation class +//! \tparam BASE class or type of an element +template , class BASE = DL_GroupParameters > +class DL_GroupParametersImpl : public BASE +{ +public: + typedef GROUP_PRECOMP GroupPrecomputation; + typedef typename GROUP_PRECOMP::Element Element; + typedef BASE_PRECOMP BasePrecomputation; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_GroupParametersImpl() { } +#endif + + //! \brief Retrieves the group precomputation + //! \return a const reference to the group precomputation + const DL_GroupPrecomputation & GetGroupPrecomputation() const {return m_groupPrecomputation;} + + //! \brief Retrieves the group precomputation + //! \return a const reference to the group precomputation using a fixed base + const DL_FixedBasePrecomputation & GetBasePrecomputation() const {return m_gpc;} + + //! \brief Retrieves the group precomputation + //! \return a non-const reference to the group precomputation using a fixed base + DL_FixedBasePrecomputation & AccessBasePrecomputation() {return m_gpc;} + +protected: + GROUP_PRECOMP m_groupPrecomputation; + BASE_PRECOMP m_gpc; +}; + +//! \brief Base class for a Discrete Log (DL) key +//! \tparam T class or type of an element +//! \details The element is usually an Integer, \ref ECP "ECP::Point" or \ref EC2N "EC2N::Point" +template +class CRYPTOPP_NO_VTABLE DL_Key +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_Key() { } +#endif + + //! \brief Retrieves abstract group parameters + //! \return a const reference to the group parameters + virtual const DL_GroupParameters & GetAbstractGroupParameters() const =0; + //! \brief Retrieves abstract group parameters + //! \return a non-const reference to the group parameters + virtual DL_GroupParameters & AccessAbstractGroupParameters() =0; +}; + +//! \brief Interface for Discrete Log (DL) public keys +template +class CRYPTOPP_NO_VTABLE DL_PublicKey : public DL_Key +{ + typedef DL_PublicKey ThisClass; + +public: + typedef T Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_PublicKey() { } +#endif + + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const + { + return GetValueHelper(this, name, valueType, pValue, &this->GetAbstractGroupParameters()) + CRYPTOPP_GET_FUNCTION_ENTRY(PublicElement); + } + + void AssignFrom(const NameValuePairs &source); + + // non-inherited + virtual const Element & GetPublicElement() const {return GetPublicPrecomputation().GetBase(this->GetAbstractGroupParameters().GetGroupPrecomputation());} + virtual void SetPublicElement(const Element &y) {AccessPublicPrecomputation().SetBase(this->GetAbstractGroupParameters().GetGroupPrecomputation(), y);} + virtual Element ExponentiatePublicElement(const Integer &exponent) const + { + const DL_GroupParameters ¶ms = this->GetAbstractGroupParameters(); + return GetPublicPrecomputation().Exponentiate(params.GetGroupPrecomputation(), exponent); + } + virtual Element CascadeExponentiateBaseAndPublicElement(const Integer &baseExp, const Integer &publicExp) const + { + const DL_GroupParameters ¶ms = this->GetAbstractGroupParameters(); + return params.GetBasePrecomputation().CascadeExponentiate(params.GetGroupPrecomputation(), baseExp, GetPublicPrecomputation(), publicExp); + } + + virtual const DL_FixedBasePrecomputation & GetPublicPrecomputation() const =0; + virtual DL_FixedBasePrecomputation & AccessPublicPrecomputation() =0; +}; + +//! \brief Interface for Discrete Log (DL) private keys +template +class CRYPTOPP_NO_VTABLE DL_PrivateKey : public DL_Key +{ + typedef DL_PrivateKey ThisClass; + +public: + typedef T Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_PrivateKey() { } +#endif + + void MakePublicKey(DL_PublicKey &pub) const + { + pub.AccessAbstractGroupParameters().AssignFrom(this->GetAbstractGroupParameters()); + pub.SetPublicElement(this->GetAbstractGroupParameters().ExponentiateBase(GetPrivateExponent())); + } + + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const + { + return GetValueHelper(this, name, valueType, pValue, &this->GetAbstractGroupParameters()) + CRYPTOPP_GET_FUNCTION_ENTRY(PrivateExponent); + } + + void AssignFrom(const NameValuePairs &source) + { + this->AccessAbstractGroupParameters().AssignFrom(source); + AssignFromHelper(this, source) + CRYPTOPP_SET_FUNCTION_ENTRY(PrivateExponent); + } + + virtual const Integer & GetPrivateExponent() const =0; + virtual void SetPrivateExponent(const Integer &x) =0; +}; + +template +void DL_PublicKey::AssignFrom(const NameValuePairs &source) +{ + DL_PrivateKey *pPrivateKey = NULL; + if (source.GetThisPointer(pPrivateKey)) + pPrivateKey->MakePublicKey(*this); + else + { + this->AccessAbstractGroupParameters().AssignFrom(source); + AssignFromHelper(this, source) + CRYPTOPP_SET_FUNCTION_ENTRY(PublicElement); + } +} + +class OID; + +//! _ +template +class DL_KeyImpl : public PK +{ +public: + typedef GP GroupParameters; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_KeyImpl() { } +#endif + + O GetAlgorithmID() const {return GetGroupParameters().GetAlgorithmID();} +// void BERDecode(BufferedTransformation &bt) +// {PK::BERDecode(bt);} +// void DEREncode(BufferedTransformation &bt) const +// {PK::DEREncode(bt);} + bool BERDecodeAlgorithmParameters(BufferedTransformation &bt) + {AccessGroupParameters().BERDecode(bt); return true;} + bool DEREncodeAlgorithmParameters(BufferedTransformation &bt) const + {GetGroupParameters().DEREncode(bt); return true;} + + const GP & GetGroupParameters() const {return m_groupParameters;} + GP & AccessGroupParameters() {return m_groupParameters;} + +private: + GP m_groupParameters; +}; + +class X509PublicKey; +class PKCS8PrivateKey; + +//! _ +template +class DL_PrivateKeyImpl : public DL_PrivateKey, public DL_KeyImpl +{ +public: + typedef typename GP::Element Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_PrivateKeyImpl() { } +#endif + + // GeneratableCryptoMaterial + bool Validate(RandomNumberGenerator &rng, unsigned int level) const + { + bool pass = GetAbstractGroupParameters().Validate(rng, level); + + const Integer &q = GetAbstractGroupParameters().GetSubgroupOrder(); + const Integer &x = GetPrivateExponent(); + + pass = pass && x.IsPositive() && x < q; + if (level >= 1) + pass = pass && Integer::Gcd(x, q) == Integer::One(); + return pass; + } + + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const + { + return GetValueHelper >(this, name, valueType, pValue).Assignable(); + } + + void AssignFrom(const NameValuePairs &source) + { + AssignFromHelper >(this, source); + } + + void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms) + { + if (!params.GetThisObject(this->AccessGroupParameters())) + this->AccessGroupParameters().GenerateRandom(rng, params); +// std::pair seed; + Integer x(rng, Integer::One(), GetAbstractGroupParameters().GetMaxExponent()); +// Integer::ANY, Integer::Zero(), Integer::One(), +// params.GetValue("DeterministicKeyGenerationSeed", seed) ? &seed : NULL); + SetPrivateExponent(x); + } + + bool SupportsPrecomputation() const {return true;} + + void Precompute(unsigned int precomputationStorage=16) + {AccessAbstractGroupParameters().Precompute(precomputationStorage);} + + void LoadPrecomputation(BufferedTransformation &storedPrecomputation) + {AccessAbstractGroupParameters().LoadPrecomputation(storedPrecomputation);} + + void SavePrecomputation(BufferedTransformation &storedPrecomputation) const + {GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation);} + + // DL_Key + const DL_GroupParameters & GetAbstractGroupParameters() const {return this->GetGroupParameters();} + DL_GroupParameters & AccessAbstractGroupParameters() {return this->AccessGroupParameters();} + + // DL_PrivateKey + const Integer & GetPrivateExponent() const {return m_x;} + void SetPrivateExponent(const Integer &x) {m_x = x;} + + // PKCS8PrivateKey + void BERDecodePrivateKey(BufferedTransformation &bt, bool, size_t) + {m_x.BERDecode(bt);} + void DEREncodePrivateKey(BufferedTransformation &bt) const + {m_x.DEREncode(bt);} + +private: + Integer m_x; +}; + +//! _ +template +class DL_PrivateKey_WithSignaturePairwiseConsistencyTest : public BASE +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_PrivateKey_WithSignaturePairwiseConsistencyTest() { } +#endif + + void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs ¶ms) + { + BASE::GenerateRandom(rng, params); + + if (FIPS_140_2_ComplianceEnabled()) + { + typename SIGNATURE_SCHEME::Signer signer(*this); + typename SIGNATURE_SCHEME::Verifier verifier(signer); + SignaturePairwiseConsistencyTest_FIPS_140_Only(signer, verifier); + } + } +}; + +//! _ +template +class DL_PublicKeyImpl : public DL_PublicKey, public DL_KeyImpl +{ +public: + typedef typename GP::Element Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_PublicKeyImpl() { } +#endif + + // CryptoMaterial + bool Validate(RandomNumberGenerator &rng, unsigned int level) const + { + bool pass = GetAbstractGroupParameters().Validate(rng, level); + pass = pass && GetAbstractGroupParameters().ValidateElement(level, this->GetPublicElement(), &GetPublicPrecomputation()); + return pass; + } + + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const + { + return GetValueHelper >(this, name, valueType, pValue).Assignable(); + } + + void AssignFrom(const NameValuePairs &source) + { + AssignFromHelper >(this, source); + } + + bool SupportsPrecomputation() const {return true;} + + void Precompute(unsigned int precomputationStorage=16) + { + AccessAbstractGroupParameters().Precompute(precomputationStorage); + AccessPublicPrecomputation().Precompute(GetAbstractGroupParameters().GetGroupPrecomputation(), GetAbstractGroupParameters().GetSubgroupOrder().BitCount(), precomputationStorage); + } + + void LoadPrecomputation(BufferedTransformation &storedPrecomputation) + { + AccessAbstractGroupParameters().LoadPrecomputation(storedPrecomputation); + AccessPublicPrecomputation().Load(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation); + } + + void SavePrecomputation(BufferedTransformation &storedPrecomputation) const + { + GetAbstractGroupParameters().SavePrecomputation(storedPrecomputation); + GetPublicPrecomputation().Save(GetAbstractGroupParameters().GetGroupPrecomputation(), storedPrecomputation); + } + + // DL_Key + const DL_GroupParameters & GetAbstractGroupParameters() const {return this->GetGroupParameters();} + DL_GroupParameters & AccessAbstractGroupParameters() {return this->AccessGroupParameters();} + + // DL_PublicKey + const DL_FixedBasePrecomputation & GetPublicPrecomputation() const {return m_ypc;} + DL_FixedBasePrecomputation & AccessPublicPrecomputation() {return m_ypc;} + + // non-inherited + bool operator==(const DL_PublicKeyImpl &rhs) const + {return this->GetGroupParameters() == rhs.GetGroupParameters() && this->GetPublicElement() == rhs.GetPublicElement();} + +private: + typename GP::BasePrecomputation m_ypc; +}; + +//! \brief Interface for Elgamal-like signature algorithms +template +class CRYPTOPP_NO_VTABLE DL_ElgamalLikeSignatureAlgorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_ElgamalLikeSignatureAlgorithm() { } +#endif + + virtual void Sign(const DL_GroupParameters ¶ms, const Integer &privateKey, const Integer &k, const Integer &e, Integer &r, Integer &s) const =0; + virtual bool Verify(const DL_GroupParameters ¶ms, const DL_PublicKey &publicKey, const Integer &e, const Integer &r, const Integer &s) const =0; + virtual Integer RecoverPresignature(const DL_GroupParameters ¶ms, const DL_PublicKey &publicKey, const Integer &r, const Integer &s) const + { + CRYPTOPP_UNUSED(params); CRYPTOPP_UNUSED(publicKey); CRYPTOPP_UNUSED(r); CRYPTOPP_UNUSED(s); + throw NotImplemented("DL_ElgamalLikeSignatureAlgorithm: this signature scheme does not support message recovery"); + MAYBE_RETURN(Integer::Zero()); + } + virtual size_t RLen(const DL_GroupParameters ¶ms) const + {return params.GetSubgroupOrder().ByteCount();} + virtual size_t SLen(const DL_GroupParameters ¶ms) const + {return params.GetSubgroupOrder().ByteCount();} +}; + +//! \brief Interface for DL key agreement algorithms +template +class CRYPTOPP_NO_VTABLE DL_KeyAgreementAlgorithm +{ +public: + typedef T Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_KeyAgreementAlgorithm() { } +#endif + + virtual Element AgreeWithEphemeralPrivateKey(const DL_GroupParameters ¶ms, const DL_FixedBasePrecomputation &publicPrecomputation, const Integer &privateExponent) const =0; + virtual Element AgreeWithStaticPrivateKey(const DL_GroupParameters ¶ms, const Element &publicElement, bool validateOtherPublicKey, const Integer &privateExponent) const =0; +}; + +//! \brief Interface for key derivation algorithms used in DL cryptosystems +template +class CRYPTOPP_NO_VTABLE DL_KeyDerivationAlgorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_KeyDerivationAlgorithm() { } +#endif + + virtual bool ParameterSupported(const char *name) const + {CRYPTOPP_UNUSED(name); return false;} + virtual void Derive(const DL_GroupParameters &groupParams, byte *derivedKey, size_t derivedLength, const T &agreedElement, const T &ephemeralPublicKey, const NameValuePairs &derivationParams) const =0; +}; + +//! \brief Interface for symmetric encryption algorithms used in DL cryptosystems +class CRYPTOPP_NO_VTABLE DL_SymmetricEncryptionAlgorithm +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_SymmetricEncryptionAlgorithm() { } +#endif + + virtual bool ParameterSupported(const char *name) const + {CRYPTOPP_UNUSED(name); return false;} + virtual size_t GetSymmetricKeyLength(size_t plaintextLength) const =0; + virtual size_t GetSymmetricCiphertextLength(size_t plaintextLength) const =0; + virtual size_t GetMaxSymmetricPlaintextLength(size_t ciphertextLength) const =0; + virtual void SymmetricEncrypt(RandomNumberGenerator &rng, const byte *key, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters) const =0; + virtual DecodingResult SymmetricDecrypt(const byte *key, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters) const =0; +}; + +//! \brief Discrete Log (DL) base interface +//! \tparam KI public or private key interface +template +class CRYPTOPP_NO_VTABLE DL_Base +{ +protected: + typedef KI KeyInterface; + typedef typename KI::Element Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_Base() { } +#endif + + const DL_GroupParameters & GetAbstractGroupParameters() const {return GetKeyInterface().GetAbstractGroupParameters();} + DL_GroupParameters & AccessAbstractGroupParameters() {return AccessKeyInterface().AccessAbstractGroupParameters();} + + virtual KeyInterface & AccessKeyInterface() =0; + virtual const KeyInterface & GetKeyInterface() const =0; +}; + +//! \brief Discrete Log (DL) signature scheme base implementation +//! \tparam INTERFACE PK_Signer or PK_Verifier derived class +//! \tparam DL_Base key base used in the scheme +//! \details DL_SignatureSchemeBase provides common functions for signers and verifiers. +//! DL_Base is used for signers, and DL_Base is used for verifiers. +template +class CRYPTOPP_NO_VTABLE DL_SignatureSchemeBase : public INTERFACE, public DL_Base +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_SignatureSchemeBase() { } +#endif + + //! \brief Provides the signature length + //! \returns signature length, in bytes + //! \details SignatureLength returns the size required for r+s. + size_t SignatureLength() const + { + return GetSignatureAlgorithm().RLen(this->GetAbstractGroupParameters()) + + GetSignatureAlgorithm().SLen(this->GetAbstractGroupParameters()); + } + + //! \brief Provides the maximum recoverable length + //! \returns maximum recoverable length, in bytes + size_t MaxRecoverableLength() const + {return GetMessageEncodingInterface().MaxRecoverableLength(0, GetHashIdentifier().second, GetDigestSize());} + + //! \brief Provides the maximum recoverable length + //! \param signatureLength the size fo the signature + //! \returns maximum recoverable length based on signature length, in bytes + //! \details this function is not implemented and always returns 0. + size_t MaxRecoverableLengthFromSignatureLength(size_t signatureLength) const + {CRYPTOPP_UNUSED(signatureLength); CRYPTOPP_ASSERT(false); return 0;} // TODO + + //! \brief Determines if the scheme is probabilistic + //! \returns true if the scheme is probabilistic, false otherwise + bool IsProbabilistic() const + {return true;} + + //! \brief Determines if the scheme has non-recoverable part + //! \returns true if the message encoding has a non-recoverable part, false otherwise. + bool AllowNonrecoverablePart() const + {return GetMessageEncodingInterface().AllowNonrecoverablePart();} + + //! \brief Determines if the scheme allows recoverable part first + //! \returns true if the message encoding allows the recoverable part, false otherwise. + bool RecoverablePartFirst() const + {return GetMessageEncodingInterface().RecoverablePartFirst();} + +protected: + size_t MessageRepresentativeLength() const {return BitsToBytes(MessageRepresentativeBitLength());} + size_t MessageRepresentativeBitLength() const {return this->GetAbstractGroupParameters().GetSubgroupOrder().BitCount();} + + virtual const DL_ElgamalLikeSignatureAlgorithm & GetSignatureAlgorithm() const =0; + virtual const PK_SignatureMessageEncodingMethod & GetMessageEncodingInterface() const =0; + virtual HashIdentifier GetHashIdentifier() const =0; + virtual size_t GetDigestSize() const =0; +}; + +//! \brief Discrete Log (DL) signature scheme signer base implementation +//! \tparam T +template +class CRYPTOPP_NO_VTABLE DL_SignerBase : public DL_SignatureSchemeBase > +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_SignerBase() { } +#endif + + //! \brief Testing interface + //! \param k Integer + //! \param e Integer + //! \param r Integer + //! \param s Integer + void RawSign(const Integer &k, const Integer &e, Integer &r, Integer &s) const + { + const DL_ElgamalLikeSignatureAlgorithm &alg = this->GetSignatureAlgorithm(); + const DL_GroupParameters ¶ms = this->GetAbstractGroupParameters(); + const DL_PrivateKey &key = this->GetKeyInterface(); + + r = params.ConvertElementToInteger(params.ExponentiateBase(k)); + alg.Sign(params, key.GetPrivateExponent(), k, e, r, s); + } + + void InputRecoverableMessage(PK_MessageAccumulator &messageAccumulator, const byte *recoverableMessage, size_t recoverableMessageLength) const + { + PK_MessageAccumulatorBase &ma = static_cast(messageAccumulator); + ma.m_recoverableMessage.Assign(recoverableMessage, recoverableMessageLength); + this->GetMessageEncodingInterface().ProcessRecoverableMessage(ma.AccessHash(), + recoverableMessage, recoverableMessageLength, + ma.m_presignature, ma.m_presignature.size(), + ma.m_semisignature); + } + + size_t SignAndRestart(RandomNumberGenerator &rng, PK_MessageAccumulator &messageAccumulator, byte *signature, bool restart) const + { + this->GetMaterial().DoQuickSanityCheck(); + + PK_MessageAccumulatorBase &ma = static_cast(messageAccumulator); + const DL_ElgamalLikeSignatureAlgorithm &alg = this->GetSignatureAlgorithm(); + const DL_GroupParameters ¶ms = this->GetAbstractGroupParameters(); + const DL_PrivateKey &key = this->GetKeyInterface(); + + SecByteBlock representative(this->MessageRepresentativeLength()); + this->GetMessageEncodingInterface().ComputeMessageRepresentative( + rng, + ma.m_recoverableMessage, ma.m_recoverableMessage.size(), + ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty, + representative, this->MessageRepresentativeBitLength()); + ma.m_empty = true; + Integer e(representative, representative.size()); + + // hash message digest into random number k to prevent reusing the same k on a different messages + // after virtual machine rollback + if (rng.CanIncorporateEntropy()) + rng.IncorporateEntropy(representative, representative.size()); + Integer k(rng, 1, params.GetSubgroupOrder()-1); + Integer r, s; + r = params.ConvertElementToInteger(params.ExponentiateBase(k)); + alg.Sign(params, key.GetPrivateExponent(), k, e, r, s); + + /* + Integer r, s; + if (this->MaxRecoverableLength() > 0) + r.Decode(ma.m_semisignature, ma.m_semisignature.size()); + else + r.Decode(ma.m_presignature, ma.m_presignature.size()); + alg.Sign(params, key.GetPrivateExponent(), ma.m_k, e, r, s); + */ + + size_t rLen = alg.RLen(params); + r.Encode(signature, rLen); + s.Encode(signature+rLen, alg.SLen(params)); + + if (restart) + RestartMessageAccumulator(rng, ma); + + return this->SignatureLength(); + } + +protected: + void RestartMessageAccumulator(RandomNumberGenerator &rng, PK_MessageAccumulatorBase &ma) const + { + // k needs to be generated before hashing for signature schemes with recovery + // but to defend against VM rollbacks we need to generate k after hashing. + // so this code is commented out, since no DL-based signature scheme with recovery + // has been implemented in Crypto++ anyway + /* + const DL_ElgamalLikeSignatureAlgorithm &alg = this->GetSignatureAlgorithm(); + const DL_GroupParameters ¶ms = this->GetAbstractGroupParameters(); + ma.m_k.Randomize(rng, 1, params.GetSubgroupOrder()-1); + ma.m_presignature.New(params.GetEncodedElementSize(false)); + params.ConvertElementToInteger(params.ExponentiateBase(ma.m_k)).Encode(ma.m_presignature, ma.m_presignature.size()); + */ + CRYPTOPP_UNUSED(rng); CRYPTOPP_UNUSED(ma); + } +}; + +//! _ +template +class CRYPTOPP_NO_VTABLE DL_VerifierBase : public DL_SignatureSchemeBase > +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_VerifierBase() { } +#endif + + void InputSignature(PK_MessageAccumulator &messageAccumulator, const byte *signature, size_t signatureLength) const + { + CRYPTOPP_UNUSED(signature); CRYPTOPP_UNUSED(signatureLength); + PK_MessageAccumulatorBase &ma = static_cast(messageAccumulator); + const DL_ElgamalLikeSignatureAlgorithm &alg = this->GetSignatureAlgorithm(); + const DL_GroupParameters ¶ms = this->GetAbstractGroupParameters(); + + size_t rLen = alg.RLen(params); + ma.m_semisignature.Assign(signature, rLen); + ma.m_s.Decode(signature+rLen, alg.SLen(params)); + + this->GetMessageEncodingInterface().ProcessSemisignature(ma.AccessHash(), ma.m_semisignature, ma.m_semisignature.size()); + } + + bool VerifyAndRestart(PK_MessageAccumulator &messageAccumulator) const + { + this->GetMaterial().DoQuickSanityCheck(); + + PK_MessageAccumulatorBase &ma = static_cast(messageAccumulator); + const DL_ElgamalLikeSignatureAlgorithm &alg = this->GetSignatureAlgorithm(); + const DL_GroupParameters ¶ms = this->GetAbstractGroupParameters(); + const DL_PublicKey &key = this->GetKeyInterface(); + + SecByteBlock representative(this->MessageRepresentativeLength()); + this->GetMessageEncodingInterface().ComputeMessageRepresentative(NullRNG(), ma.m_recoverableMessage, ma.m_recoverableMessage.size(), + ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty, + representative, this->MessageRepresentativeBitLength()); + ma.m_empty = true; + Integer e(representative, representative.size()); + + Integer r(ma.m_semisignature, ma.m_semisignature.size()); + return alg.Verify(params, key, e, r, ma.m_s); + } + + DecodingResult RecoverAndRestart(byte *recoveredMessage, PK_MessageAccumulator &messageAccumulator) const + { + this->GetMaterial().DoQuickSanityCheck(); + + PK_MessageAccumulatorBase &ma = static_cast(messageAccumulator); + const DL_ElgamalLikeSignatureAlgorithm &alg = this->GetSignatureAlgorithm(); + const DL_GroupParameters ¶ms = this->GetAbstractGroupParameters(); + const DL_PublicKey &key = this->GetKeyInterface(); + + SecByteBlock representative(this->MessageRepresentativeLength()); + this->GetMessageEncodingInterface().ComputeMessageRepresentative( + NullRNG(), + ma.m_recoverableMessage, ma.m_recoverableMessage.size(), + ma.AccessHash(), this->GetHashIdentifier(), ma.m_empty, + representative, this->MessageRepresentativeBitLength()); + ma.m_empty = true; + Integer e(representative, representative.size()); + + ma.m_presignature.New(params.GetEncodedElementSize(false)); + Integer r(ma.m_semisignature, ma.m_semisignature.size()); + alg.RecoverPresignature(params, key, r, ma.m_s).Encode(ma.m_presignature, ma.m_presignature.size()); + + return this->GetMessageEncodingInterface().RecoverMessageFromSemisignature( + ma.AccessHash(), this->GetHashIdentifier(), + ma.m_presignature, ma.m_presignature.size(), + ma.m_semisignature, ma.m_semisignature.size(), + recoveredMessage); + } +}; + +//! \brief Discrete Log (DL) cryptosystem base implementation +//! \tparam PK field element type +//! \tparam KI public or private key interface +template +class CRYPTOPP_NO_VTABLE DL_CryptoSystemBase : public PK, public DL_Base +{ +public: + typedef typename DL_Base::Element Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_CryptoSystemBase() { } +#endif + + size_t MaxPlaintextLength(size_t ciphertextLength) const + { + unsigned int minLen = this->GetAbstractGroupParameters().GetEncodedElementSize(true); + return ciphertextLength < minLen ? 0 : GetSymmetricEncryptionAlgorithm().GetMaxSymmetricPlaintextLength(ciphertextLength - minLen); + } + + size_t CiphertextLength(size_t plaintextLength) const + { + size_t len = GetSymmetricEncryptionAlgorithm().GetSymmetricCiphertextLength(plaintextLength); + return len == 0 ? 0 : this->GetAbstractGroupParameters().GetEncodedElementSize(true) + len; + } + + bool ParameterSupported(const char *name) const + {return GetKeyDerivationAlgorithm().ParameterSupported(name) || GetSymmetricEncryptionAlgorithm().ParameterSupported(name);} + +protected: + virtual const DL_KeyAgreementAlgorithm & GetKeyAgreementAlgorithm() const =0; + virtual const DL_KeyDerivationAlgorithm & GetKeyDerivationAlgorithm() const =0; + virtual const DL_SymmetricEncryptionAlgorithm & GetSymmetricEncryptionAlgorithm() const =0; +}; + +//! \brief Discrete Log (DL) decryptor base implementation +//! \tparam T field element type +template +class CRYPTOPP_NO_VTABLE DL_DecryptorBase : public DL_CryptoSystemBase > +{ +public: + typedef T Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_DecryptorBase() { } +#endif + + DecodingResult Decrypt(RandomNumberGenerator &rng, const byte *ciphertext, size_t ciphertextLength, byte *plaintext, const NameValuePairs ¶meters = g_nullNameValuePairs) const + { + try + { + CRYPTOPP_UNUSED(rng); + const DL_KeyAgreementAlgorithm &agreeAlg = this->GetKeyAgreementAlgorithm(); + const DL_KeyDerivationAlgorithm &derivAlg = this->GetKeyDerivationAlgorithm(); + const DL_SymmetricEncryptionAlgorithm &encAlg = this->GetSymmetricEncryptionAlgorithm(); + const DL_GroupParameters ¶ms = this->GetAbstractGroupParameters(); + const DL_PrivateKey &key = this->GetKeyInterface(); + + Element q = params.DecodeElement(ciphertext, true); + size_t elementSize = params.GetEncodedElementSize(true); + ciphertext += elementSize; + ciphertextLength -= elementSize; + + Element z = agreeAlg.AgreeWithStaticPrivateKey(params, q, true, key.GetPrivateExponent()); + + SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(encAlg.GetMaxSymmetricPlaintextLength(ciphertextLength))); + derivAlg.Derive(params, derivedKey, derivedKey.size(), z, q, parameters); + + return encAlg.SymmetricDecrypt(derivedKey, ciphertext, ciphertextLength, plaintext, parameters); + } + catch (DL_BadElement &) + { + return DecodingResult(); + } + } +}; + +//! \brief Discrete Log (DL) encryptor base implementation +//! \tparam T field element type +template +class CRYPTOPP_NO_VTABLE DL_EncryptorBase : public DL_CryptoSystemBase > +{ +public: + typedef T Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_EncryptorBase() { } +#endif + + void Encrypt(RandomNumberGenerator &rng, const byte *plaintext, size_t plaintextLength, byte *ciphertext, const NameValuePairs ¶meters = g_nullNameValuePairs) const + { + const DL_KeyAgreementAlgorithm &agreeAlg = this->GetKeyAgreementAlgorithm(); + const DL_KeyDerivationAlgorithm &derivAlg = this->GetKeyDerivationAlgorithm(); + const DL_SymmetricEncryptionAlgorithm &encAlg = this->GetSymmetricEncryptionAlgorithm(); + const DL_GroupParameters ¶ms = this->GetAbstractGroupParameters(); + const DL_PublicKey &key = this->GetKeyInterface(); + + Integer x(rng, Integer::One(), params.GetMaxExponent()); + Element q = params.ExponentiateBase(x); + params.EncodeElement(true, q, ciphertext); + unsigned int elementSize = params.GetEncodedElementSize(true); + ciphertext += elementSize; + + Element z = agreeAlg.AgreeWithEphemeralPrivateKey(params, key.GetPublicPrecomputation(), x); + + SecByteBlock derivedKey(encAlg.GetSymmetricKeyLength(plaintextLength)); + derivAlg.Derive(params, derivedKey, derivedKey.size(), z, q, parameters); + + encAlg.SymmetricEncrypt(rng, derivedKey, plaintext, plaintextLength, ciphertext, parameters); + } +}; + +//! \brief Discrete Log (DL) scheme options +//! \tparam T1 algorithm information +//! \tparam T2 group paramters for the scheme +template +struct DL_SchemeOptionsBase +{ + typedef T1 AlgorithmInfo; + typedef T2 GroupParameters; + typedef typename GroupParameters::Element Element; +}; + +//! \brief Discrete Log (DL) key options +//! \tparam T1 algorithm information +//! \tparam T2 keys used in the scheme +template +struct DL_KeyedSchemeOptions : public DL_SchemeOptionsBase +{ + typedef T2 Keys; + typedef typename Keys::PrivateKey PrivateKey; + typedef typename Keys::PublicKey PublicKey; +}; + +//! \brief Discrete Log (DL) signature scheme options +//! \tparam T1 algorithm information +//! \tparam T2 keys used in the scheme +//! \tparam T3 signature algorithm +//! \tparam T4 message encoding method +//! \tparam T5 hash function +template +struct DL_SignatureSchemeOptions : public DL_KeyedSchemeOptions +{ + typedef T3 SignatureAlgorithm; + typedef T4 MessageEncodingMethod; + typedef T5 HashFunction; +}; + +//! \brief Discrete Log (DL) crypto scheme options +//! \tparam T1 algorithm information +//! \tparam T2 keys used in the scheme +//! \tparam T3 key agreement algorithm +//! \tparam T4 key derivation algorithm +//! \tparam T5 symmetric encryption algorithm +template +struct DL_CryptoSchemeOptions : public DL_KeyedSchemeOptions +{ + typedef T3 KeyAgreementAlgorithm; + typedef T4 KeyDerivationAlgorithm; + typedef T5 SymmetricEncryptionAlgorithm; +}; + +//! \brief Discrete Log (DL) base object implementation +//! \tparam BASE TODO +//! \tparam SCHEME_OPTIONS options for the scheme +//! \tparam KEY key used in the scheme +template +class CRYPTOPP_NO_VTABLE DL_ObjectImplBase : public AlgorithmImpl +{ +public: + typedef SCHEME_OPTIONS SchemeOptions; + typedef typename KEY::Element Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_ObjectImplBase() { } +#endif + + PrivateKey & AccessPrivateKey() {return m_key;} + PublicKey & AccessPublicKey() {return m_key;} + + // KeyAccessor + const KEY & GetKey() const {return m_key;} + KEY & AccessKey() {return m_key;} + +protected: + typename BASE::KeyInterface & AccessKeyInterface() {return m_key;} + const typename BASE::KeyInterface & GetKeyInterface() const {return m_key;} + + // for signature scheme + HashIdentifier GetHashIdentifier() const + { + typedef typename SchemeOptions::MessageEncodingMethod::HashIdentifierLookup HashLookup; + return HashLookup::template HashIdentifierLookup2::Lookup(); + } + size_t GetDigestSize() const + { + typedef CPP_TYPENAME SchemeOptions::HashFunction H; + return H::DIGESTSIZE; + } + +private: + KEY m_key; +}; + +//! \brief Discrete Log (DL) object implementation +//! \tparam BASE TODO +//! \tparam SCHEME_OPTIONS options for the scheme +//! \tparam KEY key used in the scheme +template +class CRYPTOPP_NO_VTABLE DL_ObjectImpl : public DL_ObjectImplBase +{ +public: + typedef typename KEY::Element Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_ObjectImpl() { } +#endif + +protected: + const DL_ElgamalLikeSignatureAlgorithm & GetSignatureAlgorithm() const + {return Singleton().Ref();} + const DL_KeyAgreementAlgorithm & GetKeyAgreementAlgorithm() const + {return Singleton().Ref();} + const DL_KeyDerivationAlgorithm & GetKeyDerivationAlgorithm() const + {return Singleton().Ref();} + const DL_SymmetricEncryptionAlgorithm & GetSymmetricEncryptionAlgorithm() const + {return Singleton().Ref();} + HashIdentifier GetHashIdentifier() const + {return HashIdentifier();} + const PK_SignatureMessageEncodingMethod & GetMessageEncodingInterface() const + {return Singleton().Ref();} +}; + +//! \brief Discrete Log (DL) signer implementation +//! \tparam SCHEME_OPTIONS options for the scheme +template +class DL_SignerImpl : public DL_ObjectImpl, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PrivateKey> +{ +public: + PK_MessageAccumulator * NewSignatureAccumulator(RandomNumberGenerator &rng) const + { + member_ptr p(new PK_MessageAccumulatorImpl); + this->RestartMessageAccumulator(rng, *p); + return p.release(); + } +}; + +//! \brief Discrete Log (DL) verifier implementation +//! \tparam SCHEME_OPTIONS options for the scheme +template +class DL_VerifierImpl : public DL_ObjectImpl, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PublicKey> +{ +public: + PK_MessageAccumulator * NewVerificationAccumulator() const + { + return new PK_MessageAccumulatorImpl; + } +}; + +//! \brief Discrete Log (DL) encryptor implementation +//! \tparam SCHEME_OPTIONS options for the scheme +template +class DL_EncryptorImpl : public DL_ObjectImpl, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PublicKey> +{ +}; + +//! \brief Discrete Log (DL) decryptor implementation +//! \tparam SCHEME_OPTIONS options for the scheme +template +class DL_DecryptorImpl : public DL_ObjectImpl, SCHEME_OPTIONS, typename SCHEME_OPTIONS::PrivateKey> +{ +}; + +// ******************************************************** + +//! \brief Discrete Log (DL) simple key agreement base implementation +//! \tparam T class or type +template +class CRYPTOPP_NO_VTABLE DL_SimpleKeyAgreementDomainBase : public SimpleKeyAgreementDomain +{ +public: + typedef T Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_SimpleKeyAgreementDomainBase() { } +#endif + + CryptoParameters & AccessCryptoParameters() {return AccessAbstractGroupParameters();} + unsigned int AgreedValueLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(false);} + unsigned int PrivateKeyLength() const {return GetAbstractGroupParameters().GetSubgroupOrder().ByteCount();} + unsigned int PublicKeyLength() const {return GetAbstractGroupParameters().GetEncodedElementSize(true);} + + void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const + { + Integer x(rng, Integer::One(), GetAbstractGroupParameters().GetMaxExponent()); + x.Encode(privateKey, PrivateKeyLength()); + } + + void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const + { + CRYPTOPP_UNUSED(rng); + const DL_GroupParameters ¶ms = GetAbstractGroupParameters(); + Integer x(privateKey, PrivateKeyLength()); + Element y = params.ExponentiateBase(x); + params.EncodeElement(true, y, publicKey); + } + + bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const + { + try + { + const DL_GroupParameters ¶ms = GetAbstractGroupParameters(); + Integer x(privateKey, PrivateKeyLength()); + Element w = params.DecodeElement(otherPublicKey, validateOtherPublicKey); + + Element z = GetKeyAgreementAlgorithm().AgreeWithStaticPrivateKey( + GetAbstractGroupParameters(), w, validateOtherPublicKey, x); + params.EncodeElement(false, z, agreedValue); + } + catch (DL_BadElement &) + { + return false; + } + return true; + } + + //! \brief Retrieves a reference to the group generator + //! \returns const reference to the group generator + const Element &GetGenerator() const {return GetAbstractGroupParameters().GetSubgroupGenerator();} + +protected: + virtual const DL_KeyAgreementAlgorithm & GetKeyAgreementAlgorithm() const =0; + virtual DL_GroupParameters & AccessAbstractGroupParameters() =0; + const DL_GroupParameters & GetAbstractGroupParameters() const {return const_cast *>(this)->AccessAbstractGroupParameters();} +}; + +//! \brief Methods for avoiding "Small-Subgroup" attacks on Diffie-Hellman Key Agreement +//! \details Additional methods exist and include public key validation and choice of prime p. +//! \sa Methods for Avoiding the "Small-Subgroup" Attacks on the +//! Diffie-Hellman Key Agreement Method for S/MIME +enum CofactorMultiplicationOption { + //! \brief No cofactor multiplication applied + NO_COFACTOR_MULTIPLICTION, + //! \brief Cofactor multiplication compatible with ordinary Diffie-Hellman + //! \details Modifies the computation of ZZ by including j (the cofactor) in the computations and is + //! compatible with ordinary Diffie-Hellman. + COMPATIBLE_COFACTOR_MULTIPLICTION, + //! \brief Cofactor multiplication incompatible with ordinary Diffie-Hellman + //! \details Modifies the computation of ZZ by including j (the cofactor) in the computations but is + //! not compatible with ordinary Diffie-Hellman. + INCOMPATIBLE_COFACTOR_MULTIPLICTION}; + +typedef EnumToType NoCofactorMultiplication; +typedef EnumToType CompatibleCofactorMultiplication; +typedef EnumToType IncompatibleCofactorMultiplication; + +//! \details Diffie-Hellman key agreement algorithm +template +class DL_KeyAgreementAlgorithm_DH : public DL_KeyAgreementAlgorithm +{ +public: + typedef ELEMENT Element; + +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~DL_KeyAgreementAlgorithm_DH() {} +#endif + + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() + {return COFACTOR_OPTION::ToEnum() == INCOMPATIBLE_COFACTOR_MULTIPLICTION ? "DHC" : "DH";} + + Element AgreeWithEphemeralPrivateKey(const DL_GroupParameters ¶ms, const DL_FixedBasePrecomputation &publicPrecomputation, const Integer &privateExponent) const + { + return publicPrecomputation.Exponentiate(params.GetGroupPrecomputation(), + COFACTOR_OPTION::ToEnum() == INCOMPATIBLE_COFACTOR_MULTIPLICTION ? privateExponent*params.GetCofactor() : privateExponent); + } + + Element AgreeWithStaticPrivateKey(const DL_GroupParameters ¶ms, const Element &publicElement, bool validateOtherPublicKey, const Integer &privateExponent) const + { + if (COFACTOR_OPTION::ToEnum() == COMPATIBLE_COFACTOR_MULTIPLICTION) + { + const Integer &k = params.GetCofactor(); + return params.ExponentiateElement(publicElement, + ModularArithmetic(params.GetSubgroupOrder()).Divide(privateExponent, k)*k); + } + else if (COFACTOR_OPTION::ToEnum() == INCOMPATIBLE_COFACTOR_MULTIPLICTION) + return params.ExponentiateElement(publicElement, privateExponent*params.GetCofactor()); + else + { + CRYPTOPP_ASSERT(COFACTOR_OPTION::ToEnum() == NO_COFACTOR_MULTIPLICTION); + + if (!validateOtherPublicKey) + return params.ExponentiateElement(publicElement, privateExponent); + + if (params.FastSubgroupCheckAvailable()) + { + if (!params.ValidateElement(2, publicElement, NULL)) + throw DL_BadElement(); + return params.ExponentiateElement(publicElement, privateExponent); + } + else + { + const Integer e[2] = {params.GetSubgroupOrder(), privateExponent}; + Element r[2]; + params.SimultaneousExponentiate(r, publicElement, e, 2); + if (!params.IsIdentity(r[0])) + throw DL_BadElement(); + return r[1]; + } + } + } +}; + +// ******************************************************** + +//! \brief Template implementing constructors for public key algorithm classes +template +class CRYPTOPP_NO_VTABLE PK_FinalTemplate : public BASE +{ +public: + PK_FinalTemplate() {} + + PK_FinalTemplate(const CryptoMaterial &key) + {this->AccessKey().AssignFrom(key);} + + PK_FinalTemplate(BufferedTransformation &bt) + {this->AccessKey().BERDecode(bt);} + + PK_FinalTemplate(const AsymmetricAlgorithm &algorithm) + {this->AccessKey().AssignFrom(algorithm.GetMaterial());} + + PK_FinalTemplate(const Integer &v1) + {this->AccessKey().Initialize(v1);} + +#if (defined(_MSC_VER) && _MSC_VER < 1300) + + template + PK_FinalTemplate(T1 &v1, T2 &v2) + {this->AccessKey().Initialize(v1, v2);} + + template + PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3) + {this->AccessKey().Initialize(v1, v2, v3);} + + template + PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4) + {this->AccessKey().Initialize(v1, v2, v3, v4);} + + template + PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5) + {this->AccessKey().Initialize(v1, v2, v3, v4, v5);} + + template + PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5, T6 &v6) + {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);} + + template + PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5, T6 &v6, T7 &v7) + {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);} + + template + PK_FinalTemplate(T1 &v1, T2 &v2, T3 &v3, T4 &v4, T5 &v5, T6 &v6, T7 &v7, T8 &v8) + {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);} + +#else + + template + PK_FinalTemplate(const T1 &v1, const T2 &v2) + {this->AccessKey().Initialize(v1, v2);} + + template + PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3) + {this->AccessKey().Initialize(v1, v2, v3);} + + template + PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4) + {this->AccessKey().Initialize(v1, v2, v3, v4);} + + template + PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5) + {this->AccessKey().Initialize(v1, v2, v3, v4, v5);} + + template + PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6) + {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);} + + template + PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6, const T7 &v7) + {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);} + + template + PK_FinalTemplate(const T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6, const T7 &v7, const T8 &v8) + {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);} + + template + PK_FinalTemplate(T1 &v1, const T2 &v2) + {this->AccessKey().Initialize(v1, v2);} + + template + PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3) + {this->AccessKey().Initialize(v1, v2, v3);} + + template + PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4) + {this->AccessKey().Initialize(v1, v2, v3, v4);} + + template + PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5) + {this->AccessKey().Initialize(v1, v2, v3, v4, v5);} + + template + PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6) + {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6);} + + template + PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6, const T7 &v7) + {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7);} + + template + PK_FinalTemplate(T1 &v1, const T2 &v2, const T3 &v3, const T4 &v4, const T5 &v5, const T6 &v6, const T7 &v7, const T8 &v8) + {this->AccessKey().Initialize(v1, v2, v3, v4, v5, v6, v7, v8);} + +#endif +}; + +//! \brief Base class for public key encryption standard classes. +//! \details These classes are used to select from variants of algorithms. +//! Not all standards apply to all algorithms. +struct EncryptionStandard {}; + +//! \brief Base class for public key signature standard classes. +//! \details These classes are used to select from variants of algorithms. +//! Not all standards apply to all algorithms. +struct SignatureStandard {}; + +//! \brief Trapdoor Function (TF) encryption scheme +//! \tparam STANDARD standard +//! \tparam KEYS keys used in the encryption scheme +//! \tparam ALG_INFO algorithm information +template +class TF_ES; + +template > +class TF_ES : public KEYS +{ + typedef typename STANDARD::EncryptionMessageEncodingMethod MessageEncodingMethod; + +public: + //! see EncryptionStandard for a list of standards + typedef STANDARD Standard; + typedef TF_CryptoSchemeOptions SchemeOptions; + + static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string(KEYS::StaticAlgorithmName()) + "/" + MessageEncodingMethod::StaticAlgorithmName();} + + //! implements PK_Decryptor interface + typedef PK_FinalTemplate > Decryptor; + //! implements PK_Encryptor interface + typedef PK_FinalTemplate > Encryptor; +}; + +//! \class TF_SS +//! \brief Trapdoor Function (TF) Signature Scheme +//! \tparam STANDARD standard +//! \tparam H hash function +//! \tparam KEYS keys used in the signature scheme +//! \tparam ALG_INFO algorithm information +template // VC60 workaround: doesn't work if KEYS is first parameter +class TF_SS; + +template > // VC60 workaround: doesn't work if KEYS is first parameter +class TF_SS : public KEYS +{ +public: + //! see SignatureStandard for a list of standards + typedef STANDARD Standard; + typedef typename Standard::SignatureMessageEncodingMethod MessageEncodingMethod; + typedef TF_SignatureSchemeOptions SchemeOptions; + + static std::string CRYPTOPP_API StaticAlgorithmName() {return std::string(KEYS::StaticAlgorithmName()) + "/" + MessageEncodingMethod::StaticAlgorithmName() + "(" + H::StaticAlgorithmName() + ")";} + + //! implements PK_Signer interface + typedef PK_FinalTemplate > Signer; + //! implements PK_Verifier interface + typedef PK_FinalTemplate > Verifier; +}; + +//! \class DL_SS +//! \brief Discrete Log (DL) signature scheme +//! \tparam KEYS keys used in the signature scheme +//! \tparam SA signature algorithm +//! \tparam MEM message encoding method +//! \tparam H hash function +//! \tparam ALG_INFO algorithm information +template +class DL_SS; + +template > +class DL_SS : public KEYS +{ + typedef DL_SignatureSchemeOptions SchemeOptions; + +public: + static std::string StaticAlgorithmName() {return SA::StaticAlgorithmName() + std::string("/EMSA1(") + H::StaticAlgorithmName() + ")";} + + //! implements PK_Signer interface + typedef PK_FinalTemplate > Signer; + //! implements PK_Verifier interface + typedef PK_FinalTemplate > Verifier; +}; + +//! \brief Discrete Log (DL) encryption scheme +//! \tparam KEYS keys used in the encryption scheme +//! \tparam AA key agreement algorithm +//! \tparam DA key derivation algorithm +//! \tparam EA encryption algorithm +//! \tparam ALG_INFO algorithm information +template +class DL_ES : public KEYS +{ + typedef DL_CryptoSchemeOptions SchemeOptions; + +public: + //! implements PK_Decryptor interface + typedef PK_FinalTemplate > Decryptor; + //! implements PK_Encryptor interface + typedef PK_FinalTemplate > Encryptor; +}; + +NAMESPACE_END + +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + +#endif diff --git a/libs/win_crypto++/include/pwdbased.h b/libs/win_crypto++/include/pwdbased.h new file mode 100644 index 0000000..2d787da --- /dev/null +++ b/libs/win_crypto++/include/pwdbased.h @@ -0,0 +1,254 @@ +// pwdbased.h - written and placed in the public domain by Wei Dai + +//! \file pwdbased.h +//! \brief Password based key derivation functions + +#ifndef CRYPTOPP_PWDBASED_H +#define CRYPTOPP_PWDBASED_H + +#include "cryptlib.h" +#include "hrtimer.h" +#include "integer.h" +#include "hmac.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \brief Abstract base class for password based key derivation function +class PasswordBasedKeyDerivationFunction +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~PasswordBasedKeyDerivationFunction() {} +#endif + + //! \brief Provides the maximum derived key length + //! \returns maximum derived key length, in bytes + virtual size_t MaxDerivedKeyLength() const =0; + + //! \brief Determines if the derivation function uses the purpose byte + //! \returns true if the derivation function uses the purpose byte, false otherwise + virtual bool UsesPurposeByte() const =0; + + //! \brief Derive key from the password + //! \param derived the byte buffer to receive the derived password + //! \param derivedLen the size of the byte buffer to receive the derived password + //! \param purpose an octet indicating the purpose of the derivation + //! \param password the byte buffer with the password + //! \param passwordLen the size of the password, in bytes + //! \param salt the byte buffer with the salt + //! \param saltLen the size of the salt, in bytes + //! \param iterations the number of iterations to attempt + //! \param timeInSeconds the length of time the derivation function should execute + //! \returns iteration count achieved + //! \details DeriveKey returns the actual iteration count achieved. If timeInSeconds == 0, then the complete number + //! of iterations will be obtained. If timeInSeconds != 0, then DeriveKey will iterate until time elapsed, as + //! measured by ThreadUserTimer. + virtual unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds=0) const =0; +}; + +//! \brief PBKDF1 from PKCS #5 +//! \tparam T a HashTransformation class +template +class PKCS5_PBKDF1 : public PasswordBasedKeyDerivationFunction +{ +public: + size_t MaxDerivedKeyLength() const {return T::DIGESTSIZE;} + bool UsesPurposeByte() const {return false;} + // PKCS #5 says PBKDF1 should only take 8-byte salts. This implementation allows salts of any length. + unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds=0) const; +}; + +//! \brief PBKDF2 from PKCS #5 +//! \tparam T a HashTransformation class +template +class PKCS5_PBKDF2_HMAC : public PasswordBasedKeyDerivationFunction +{ +public: + size_t MaxDerivedKeyLength() const {return 0xffffffffU;} // should multiply by T::DIGESTSIZE, but gets overflow that way + bool UsesPurposeByte() const {return false;} + unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds=0) const; +}; + +/* +class PBKDF2Params +{ +public: + SecByteBlock m_salt; + unsigned int m_interationCount; + ASNOptional > m_keyLength; +}; +*/ + +template +unsigned int PKCS5_PBKDF1::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const +{ + CRYPTOPP_UNUSED(purpose); + CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength()); + CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0); + + if (!iterations) + iterations = 1; + + T hash; + hash.Update(password, passwordLen); + hash.Update(salt, saltLen); + + SecByteBlock buffer(hash.DigestSize()); + hash.Final(buffer); + + unsigned int i; + ThreadUserTimer timer; + + if (timeInSeconds) + timer.StartTimer(); + + for (i=1; i +unsigned int PKCS5_PBKDF2_HMAC::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const +{ + CRYPTOPP_UNUSED(purpose); + CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength()); + CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0); + + if (!iterations) + iterations = 1; + + HMAC hmac(password, passwordLen); + SecByteBlock buffer(hmac.DigestSize()); + ThreadUserTimer timer; + + unsigned int i=1; + while (derivedLen > 0) + { + hmac.Update(salt, saltLen); + unsigned int j; + for (j=0; j<4; j++) + { + byte b = byte(i >> ((3-j)*8)); + hmac.Update(&b, 1); + } + hmac.Final(buffer); + +#if CRYPTOPP_MSC_VERSION + const size_t segmentLen = STDMIN(derivedLen, buffer.size()); + memcpy_s(derived, segmentLen, buffer, segmentLen); +#else + const size_t segmentLen = STDMIN(derivedLen, buffer.size()); + memcpy(derived, buffer, segmentLen); +#endif + + if (timeInSeconds) + { + timeInSeconds = timeInSeconds / ((derivedLen + buffer.size() - 1) / buffer.size()); + timer.StartTimer(); + } + + for (j=1; j +class PKCS12_PBKDF : public PasswordBasedKeyDerivationFunction +{ +public: + size_t MaxDerivedKeyLength() const {return size_t(0)-1;} + bool UsesPurposeByte() const {return true;} + unsigned int DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const; +}; + +template +unsigned int PKCS12_PBKDF::DeriveKey(byte *derived, size_t derivedLen, byte purpose, const byte *password, size_t passwordLen, const byte *salt, size_t saltLen, unsigned int iterations, double timeInSeconds) const +{ + CRYPTOPP_ASSERT(derivedLen <= MaxDerivedKeyLength()); + CRYPTOPP_ASSERT(iterations > 0 || timeInSeconds > 0); + + if (!iterations) + iterations = 1; + + const size_t v = T::BLOCKSIZE; // v is in bytes rather than bits as in PKCS #12 + const size_t DLen = v, SLen = RoundUpToMultipleOf(saltLen, v); + const size_t PLen = RoundUpToMultipleOf(passwordLen, v), ILen = SLen + PLen; + SecByteBlock buffer(DLen + SLen + PLen); + byte *D = buffer, *S = buffer+DLen, *P = buffer+DLen+SLen, *I = S; + + memset(D, purpose, DLen); + size_t i; + for (i=0; i 0) + { + hash.CalculateDigest(Ai, buffer, buffer.size()); + + if (timeInSeconds) + { + timeInSeconds = timeInSeconds / ((derivedLen + Ai.size() - 1) / Ai.size()); + timer.StartTimer(); + } + + for (i=1; i +{ +public: + //! \brief Construct a ByteQueue + //! \param nodeSize the initial node size + //! \details Internally, ByteQueue uses a ByteQueueNode to store bytes, and \p nodeSize determines the + //! size of the ByteQueueNode. A value of 0 indicates the ByteQueueNode should be automatically sized, + //! which means a value of 256 is used. + ByteQueue(size_t nodeSize=0); + + //! \brief Copy construct a ByteQueue + //! \param copy the other ByteQueue + ByteQueue(const ByteQueue ©); + ~ByteQueue(); + + lword MaxRetrievable() const + {return CurrentSize();} + bool AnyRetrievable() const + {return !IsEmpty();} + + void IsolatedInitialize(const NameValuePairs ¶meters); + byte * CreatePutSpace(size_t &size); + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); + + size_t Get(byte &outByte); + size_t Get(byte *outString, size_t getMax); + + size_t Peek(byte &outByte) const; + size_t Peek(byte *outString, size_t peekMax) const; + + size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); + size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; + + // these member functions are not inherited + void SetNodeSize(size_t nodeSize); + + lword CurrentSize() const; + bool IsEmpty() const; + + void Clear(); + + void Unget(byte inByte); + void Unget(const byte *inString, size_t length); + + const byte * Spy(size_t &contiguousSize) const; + + void LazyPut(const byte *inString, size_t size); + void LazyPutModifiable(byte *inString, size_t size); + void UndoLazyPut(size_t size); + void FinalizeLazyPut(); + + ByteQueue & operator=(const ByteQueue &rhs); + bool operator==(const ByteQueue &rhs) const; + bool operator!=(const ByteQueue &rhs) const {return !operator==(rhs);} + byte operator[](lword i) const; + void swap(ByteQueue &rhs); + + //! \class Walker + //! \brief A ByteQueue iterator + class Walker : public InputRejecting + { + public: + //! \brief Construct a ByteQueue Walker + //! \param queue a ByteQueue + Walker(const ByteQueue &queue) + : m_queue(queue), m_node(NULL), m_position(0), m_offset(0), m_lazyString(NULL), m_lazyLength(0) + {Initialize();} + + lword GetCurrentPosition() {return m_position;} + + lword MaxRetrievable() const + {return m_queue.CurrentSize() - m_position;} + + void IsolatedInitialize(const NameValuePairs ¶meters); + + size_t Get(byte &outByte); + size_t Get(byte *outString, size_t getMax); + + size_t Peek(byte &outByte) const; + size_t Peek(byte *outString, size_t peekMax) const; + + size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true); + size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const; + + private: + const ByteQueue &m_queue; + const ByteQueueNode *m_node; + lword m_position; + size_t m_offset; + const byte *m_lazyString; + size_t m_lazyLength; + }; + + friend class Walker; + +private: + void CleanupUsedNodes(); + void CopyFrom(const ByteQueue ©); + void Destroy(); + + bool m_autoNodeSize; + size_t m_nodeSize; + ByteQueueNode *m_head, *m_tail; + byte *m_lazyString; + size_t m_lazyLength; + bool m_lazyStringModifiable; +}; + +//! use this to make sure LazyPut is finalized in event of exception +class CRYPTOPP_DLL LazyPutter +{ +public: + LazyPutter(ByteQueue &bq, const byte *inString, size_t size) + : m_bq(bq) {bq.LazyPut(inString, size);} + ~LazyPutter() + {try {m_bq.FinalizeLazyPut();} catch(const Exception&) {CRYPTOPP_ASSERT(0);}} +protected: + LazyPutter(ByteQueue &bq) : m_bq(bq) {} +private: + ByteQueue &m_bq; +}; + +//! like LazyPutter, but does a LazyPutModifiable instead +class LazyPutterModifiable : public LazyPutter +{ +public: + LazyPutterModifiable(ByteQueue &bq, byte *inString, size_t size) + : LazyPutter(bq) {bq.LazyPutModifiable(inString, size);} +}; + +NAMESPACE_END + +#ifndef __BORLANDC__ +NAMESPACE_BEGIN(std) +template<> inline void swap(CryptoPP::ByteQueue &a, CryptoPP::ByteQueue &b) +{ + a.swap(b); +} +NAMESPACE_END +#endif + +#endif diff --git a/libs/win_crypto++/include/rabin.h b/libs/win_crypto++/include/rabin.h new file mode 100644 index 0000000..615104c --- /dev/null +++ b/libs/win_crypto++/include/rabin.h @@ -0,0 +1,111 @@ +// rabin.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile rabin.h +//! \brief Classes for Rabin encryption and signature schemes + +#ifndef CRYPTOPP_RABIN_H +#define CRYPTOPP_RABIN_H + +#include "cryptlib.h" +#include "oaep.h" +#include "pssr.h" +#include "integer.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! _ +class RabinFunction : public TrapdoorFunction, public PublicKey +{ + typedef RabinFunction ThisClass; + +public: + void Initialize(const Integer &n, const Integer &r, const Integer &s) + {m_n = n; m_r = r; m_s = s;} + + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const; + + Integer ApplyFunction(const Integer &x) const; + Integer PreimageBound() const {return m_n;} + Integer ImageBound() const {return m_n;} + + bool Validate(RandomNumberGenerator &rng, unsigned int level) const; + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + + const Integer& GetModulus() const {return m_n;} + const Integer& GetQuadraticResidueModPrime1() const {return m_r;} + const Integer& GetQuadraticResidueModPrime2() const {return m_s;} + + void SetModulus(const Integer &n) {m_n = n;} + void SetQuadraticResidueModPrime1(const Integer &r) {m_r = r;} + void SetQuadraticResidueModPrime2(const Integer &s) {m_s = s;} + +protected: + Integer m_n, m_r, m_s; +}; + +//! _ +class InvertibleRabinFunction : public RabinFunction, public TrapdoorFunctionInverse, public PrivateKey +{ + typedef InvertibleRabinFunction ThisClass; + +public: + void Initialize(const Integer &n, const Integer &r, const Integer &s, + const Integer &p, const Integer &q, const Integer &u) + {m_n = n; m_r = r; m_s = s; m_p = p; m_q = q; m_u = u;} + void Initialize(RandomNumberGenerator &rng, unsigned int keybits) + {GenerateRandomWithKeySize(rng, keybits);} + + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const; + + Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; + + bool Validate(RandomNumberGenerator &rng, unsigned int level) const; + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + /*! parameters: (ModulusSize) */ + void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); + + const Integer& GetPrime1() const {return m_p;} + const Integer& GetPrime2() const {return m_q;} + const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;} + + void SetPrime1(const Integer &p) {m_p = p;} + void SetPrime2(const Integer &q) {m_q = q;} + void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;} + +protected: + Integer m_p, m_q, m_u; +}; + +//! Rabin +struct Rabin +{ + static std::string StaticAlgorithmName() {return "Rabin-Crypto++Variant";} + typedef RabinFunction PublicKey; + typedef InvertibleRabinFunction PrivateKey; +}; + +//! Rabin encryption +template +struct RabinES : public TF_ES +{ +}; + +//! Rabin signature +template +struct RabinSS : public TF_SS +{ +}; + +// More typedefs for backwards compatibility +class SHA1; +typedef RabinES >::Decryptor RabinDecryptor; +typedef RabinES >::Encryptor RabinEncryptor; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/randpool.h b/libs/win_crypto++/include/randpool.h new file mode 100644 index 0000000..7b3dd78 --- /dev/null +++ b/libs/win_crypto++/include/randpool.h @@ -0,0 +1,71 @@ +// randpool.h - written and placed in the public domain by Wei Dai + +//! \file randpool.h +//! \brief Class file for Randomness Pool +//! \details RandomPool can be used to generate cryptographic quality pseudorandom bytes +//! after seeding the pool with IncorporateEntropy(). Internally, the generator uses +//! AES-256 to produce the stream. Entropy is stirred in using SHA-256. +//! \details RandomPool used to follow the design of randpool in PGP 2.6.x. At version 5.5 +//! RandomPool was redesigned to reduce the risk of reusing random numbers after state +//! rollback (which may occur when running in a virtual machine like VMware or a hosted +//! environment). +//! \details If you need the pre-Crypto++ 5.5 generator then you can find it with: +//! 
+//!    $ git clone https://github.com/weidai11/cryptopp cryptopp-ancient
+//!    $ cryptopp-ancient
+//!
+//!    # Checkout the RandomPool change
+//!    $ git checkout f41245df6fb9b85574260eca9cd32777e8ab5136
+//!
+//!    # Go back one more
+//!    git checkout HEAD~1
+//!
+//!    $ grep 'MDC' *.h *.cpp
+//!    randpool.cpp:typedef MDC RandomPoolCipher;
+//!
+//! \since Crypto++ 4.0 (PGP 2.6.x style), Crypto++ 5.5 (AES-256 based) + +#ifndef CRYPTOPP_RANDPOOL_H +#define CRYPTOPP_RANDPOOL_H + +#include "cryptlib.h" +#include "filters.h" +#include "secblock.h" +#include "smartptr.h" +#include "aes.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class RandomPool +//! \brief Randomness Pool based on AES-256 +//! \details RandomPool can be used to generate cryptographic quality pseudorandom bytes +//! after seeding the pool with IncorporateEntropy(). Internally, the generator uses +//! AES-256 to produce the stream. Entropy is stirred in using SHA-256. +//! \details RandomPool used to follow the design of randpool in PGP 2.6.x. At version 5.5 +//! RandomPool was redesigned to reduce the risk of reusing random numbers after state +//! rollback (which may occur when running in a virtual machine like VMware or a hosted +//! environment). +//! \since Crypto++ 4.0 (PGP 2.6.x style), Crypto++ 5.5 (AES-256 based) +class CRYPTOPP_DLL RandomPool : public RandomNumberGenerator, public NotCopyable +{ +public: + //! \brief Construct a RandomPool + RandomPool(); + + bool CanIncorporateEntropy() const {return true;} + void IncorporateEntropy(const byte *input, size_t length); + void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size); + + // for backwards compatibility. use RandomNumberSource, RandomNumberStore, and RandomNumberSink for other BufferTransformation functionality + void Put(const byte *input, size_t length) {IncorporateEntropy(input, length);} + +private: + FixedSizeAlignedSecBlock m_seed; + FixedSizeAlignedSecBlock m_key; + member_ptr m_pCipher; + bool m_keySet; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/rc2.h b/libs/win_crypto++/include/rc2.h new file mode 100644 index 0000000..686e9ce --- /dev/null +++ b/libs/win_crypto++/include/rc2.h @@ -0,0 +1,95 @@ +// rc2.h - written and placed in the public domain by Wei Dai + +//! \file rc2.h +//! \brief Classes for the RC2 block cipher + +#ifndef CRYPTOPP_RC2_H +#define CRYPTOPP_RC2_H + +#include "seckey.h" +#include "secblock.h" +#include "algparam.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class RC2_Info +//! \brief RC2 block cipher information +struct RC2_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 1, 128> +{ + CRYPTOPP_CONSTANT(DEFAULT_EFFECTIVE_KEYLENGTH = 1024) + CRYPTOPP_CONSTANT(MAX_EFFECTIVE_KEYLENGTH = 1024) + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "RC2";} +}; + +//! \class RC2 +//! \brief RC2 block cipher +//! \sa RC2 on the Crypto Lounge. +class RC2 : public RC2_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief Class specific methods used to operate the cipher. + //! \details Implementations and overrides in \p Base apply to both \p ENCRYPTION and \p DECRYPTION directions + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + unsigned int OptimalDataAlignment() const {return GetAlignmentOf();} + + protected: + FixedSizeSecBlock K; // expanded key table + }; + + //! \class Enc + //! \brief Class specific methods used to operate the cipher in the forward direction. + //! \details Implementations and overrides in \p Enc apply to \p ENCRYPTION. + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + //! \class Dec + //! \brief Class specific methods used to operate the cipher in the reverse direction. + //! \details Implementations and overrides in \p Dec apply to \p DECRYPTION. + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + +public: + + //! \class Encryption + //! \brief Class specific methods used to operate the cipher in the forward direction. + //! \details Implementations and overrides in \p Encryption apply to \p ENCRYPTION. + class Encryption : public BlockCipherFinal + { + public: + Encryption() {} + Encryption(const byte *key, size_t keyLen=DEFAULT_KEYLENGTH) + {SetKey(key, keyLen);} + Encryption(const byte *key, size_t keyLen, int effectiveKeyLen) + {SetKey(key, keyLen, MakeParameters("EffectiveKeyLength", effectiveKeyLen));} + }; + + //! \class Decryption + //! \brief Class specific methods used to operate the cipher in the reverse direction. + //! \details Implementations and overrides in \p Decryption apply to \p DECRYPTION. + class Decryption : public BlockCipherFinal + { + public: + Decryption() {} + Decryption(const byte *key, size_t keyLen=DEFAULT_KEYLENGTH) + {SetKey(key, keyLen);} + Decryption(const byte *key, size_t keyLen, int effectiveKeyLen) + {SetKey(key, keyLen, MakeParameters("EffectiveKeyLength", effectiveKeyLen));} + }; +}; + +typedef RC2::Encryption RC2Encryption; +typedef RC2::Decryption RC2Decryption; + +NAMESPACE_END + +#endif + diff --git a/libs/win_crypto++/include/rc5.h b/libs/win_crypto++/include/rc5.h new file mode 100644 index 0000000..1602ab0 --- /dev/null +++ b/libs/win_crypto++/include/rc5.h @@ -0,0 +1,59 @@ +// rc5.h - written and placed in the public domain by Wei Dai + +//! \file rc5.h +//! \brief Classes for the RC5 block cipher + +#ifndef CRYPTOPP_RC5_H +#define CRYPTOPP_RC5_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class RC5_Info +//! \brief RC5 block cipher information +struct RC5_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 0, 255>, public VariableRounds<16> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "RC5";} + typedef word32 RC5_WORD; +}; + +//! \class RC5 +//! \brief RC5 block cipher +//! \sa RC5 +class RC5 : public RC5_Info, public BlockCipherDocumentation +{ + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + + protected: + unsigned int r; // number of rounds + SecBlock sTable; // expanded key table + }; + + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef RC5::Encryption RC5Encryption; +typedef RC5::Decryption RC5Decryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/rc6.h b/libs/win_crypto++/include/rc6.h new file mode 100644 index 0000000..e9084c9 --- /dev/null +++ b/libs/win_crypto++/include/rc6.h @@ -0,0 +1,59 @@ +// rc6.h - written and placed in the public domain by Wei Dai + +//! \file rc6.h +//! \brief Classes for the RC6 block cipher + +#ifndef CRYPTOPP_RC6_H +#define CRYPTOPP_RC6_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class RC6_Info +//! \brief RC6 block cipher information +struct RC6_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32, 8>, public VariableRounds<20> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "RC6";} + typedef word32 RC6_WORD; +}; + +//! \class RC6 +//! \brief RC6 block cipher +//! \sa RC6 +class RC6 : public RC6_Info, public BlockCipherDocumentation +{ + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + + protected: + unsigned int r; // number of rounds + SecBlock sTable; // expanded key table + }; + + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef RC6::Encryption RC6Encryption; +typedef RC6::Decryption RC6Decryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/rdrand.h b/libs/win_crypto++/include/rdrand.h new file mode 100644 index 0000000..34a1e4c --- /dev/null +++ b/libs/win_crypto++/include/rdrand.h @@ -0,0 +1,199 @@ +// rdrand.h - written and placed in public domain by Jeffrey Walton and Uri Blumenthal. +// Copyright assigned to Crypto++ project. + +//! \file rdrand.h +//! \brief Classes for RDRAND and RDSEED +//! \since Crypto++ 5.6.3 + +#ifndef CRYPTOPP_RDRAND_H +#define CRYPTOPP_RDRAND_H + +#include "cryptlib.h" + +// This file (and friends) provides both RDRAND and RDSEED, but its somewhat +// experimental. They were added at Crypto++ 5.6.3. At compile time, it +// indirectly uses CRYPTOPP_BOOL_{X86|X32|X64} (via CRYPTOPP_CPUID_AVAILABLE) +// to select an implementation or "throw NotImplemented". At runtime, the +// class uses the result of CPUID to determine if RDRAND or RDSEED are +// available. If not available, a lazy throw strategy is used. I.e., the +// throw is deferred until GenerateBlock() is called. + +// Microsoft added RDRAND in August 2012, VS2012. GCC added RDRAND in December 2010, GCC 4.6. +// Clang added RDRAND in July 2012, Clang 3.2. Intel added RDRAND in September 2011, ICC 12.1. + +NAMESPACE_BEGIN(CryptoPP) + +//! \brief Exception thrown when a RDRAND generator encounters +//! a generator related error. +//! \since Crypto++ 5.6.3 +class RDRAND_Err : public Exception +{ +public: + RDRAND_Err(const std::string &operation) + : Exception(OTHER_ERROR, "RDRAND: " + operation + " operation failed") {} +}; + +//! \brief Hardware generated random numbers using RDRAND instruction +//! \sa MaurerRandomnessTest() for random bit generators +//! \since Crypto++ 5.6.3 +class RDRAND : public RandomNumberGenerator +{ +public: + std::string AlgorithmName() const {return "RDRAND";} + + //! \brief Construct a RDRAND generator + //! \param retries the number of retries for failed calls to the hardware + //! \details RDRAND() constructs a generator with a maximum number of retires + //! for failed generation attempts. + //! \details According to DJ of Intel, the Intel RDRAND circuit does not underflow. + //! If it did hypothetically underflow, then it would return 0 for the random value. + //! Its not clear what AMD's behavior will be, and what the returned value will be if + //! underflow occurs. + //! Also see RDRAND + //! not really random with Oracle Studio 12.3 + patches + RDRAND(unsigned int retries = 4) : m_retries(retries) {} + + virtual ~RDRAND() {} + + //! \brief Retrieve the number of retries used by the generator + //! \returns the number of times GenerateBlock() will attempt to recover from a failed generation + unsigned int GetRetries() const + { + return m_retries; + } + + //! \brief Set the number of retries used by the generator + //! \param retries number of times GenerateBlock() will attempt to recover from a failed generation + void SetRetries(unsigned int retries) + { + m_retries = retries; + } + + //! \brief Generate random array of bytes + //! \param output the byte buffer + //! \param size the length of the buffer, in bytes +#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) + virtual void GenerateBlock(byte *output, size_t size); +#else + virtual void GenerateBlock(byte *output, size_t size) { + CRYPTOPP_UNUSED(output), CRYPTOPP_UNUSED(size); + throw NotImplemented("RDRAND: rdrand is not available on this platform"); + } +#endif + + //! \brief Generate and discard n bytes + //! \param n the number of bytes to generate and discard + //! \details the RDSEED generator discards words, not bytes. If n is + //! not a multiple of a machine word, then it is rounded up to + //! that size. +#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) + virtual void DiscardBytes(size_t n); +#else + virtual void DiscardBytes(size_t n) { + CRYPTOPP_UNUSED(n); + throw NotImplemented("RDRAND: rdrand is not available on this platform"); + } +#endif + + //! \brief Update RNG state with additional unpredictable values + //! \param input unused + //! \param length unused + //! \details The operation is a nop for this generator. + virtual void IncorporateEntropy(const byte *input, size_t length) + { + // Override to avoid the base class' throw. + CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(length); + // CRYPTOPP_ASSERT(0); // warn in debug builds + } + +private: + unsigned int m_retries; +}; + +//! \brief Exception thrown when a RDSEED generator encounters +//! a generator related error. +//! \since Crypto++ 5.6.3 +class RDSEED_Err : public Exception +{ +public: + RDSEED_Err(const std::string &operation) + : Exception(OTHER_ERROR, "RDSEED: " + operation + " operation failed") {} +}; + +//! \brief Hardware generated random numbers using RDSEED instruction +//! \sa MaurerRandomnessTest() for random bit generators +//! \since Crypto++ 5.6.3 +class RDSEED : public RandomNumberGenerator +{ +public: + std::string AlgorithmName() const {return "RDSEED";} + + //! \brief Construct a RDSEED generator + //! \param retries the number of retries for failed calls to the hardware + //! \details RDSEED() constructs a generator with a maximum number of retires + //! for failed generation attempts. + //! \details Empirical testing under a 6th generaton i7 (6200U) shows RDSEED fails + //! to fulfill requests at about 6 to 8 times the rate of RDRAND. The default + //! retries reflects the difference. + RDSEED(unsigned int retries = 64) : m_retries(retries) {} + + virtual ~RDSEED() {} + + //! \brief Retrieve the number of retries used by the generator + //! \returns the number of times GenerateBlock() will attempt to recover from a failed generation + unsigned int GetRetries() const + { + return m_retries; + } + + //! \brief Set the number of retries used by the generator + //! \param retries number of times GenerateBlock() will attempt to recover from a failed generation + void SetRetries(unsigned int retries) + { + m_retries = retries; + } + + //! \brief Generate random array of bytes + //! \param output the byte buffer + //! \param size the length of the buffer, in bytes +#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) + virtual void GenerateBlock(byte *output, size_t size); +#else + virtual void GenerateBlock(byte *output, size_t size) { + CRYPTOPP_UNUSED(output), CRYPTOPP_UNUSED(size); + throw NotImplemented("RDSEED: rdseed is not available on this platform"); + } +#endif + + //! \brief Generate and discard n bytes + //! \param n the number of bytes to generate and discard + //! \details the RDSEED generator discards words, not bytes. If n is + //! not a multiple of a machine word, then it is rounded up to + //! that size. +#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) + virtual void DiscardBytes(size_t n); +#else + virtual void DiscardBytes(size_t n) { + CRYPTOPP_UNUSED(n); + throw NotImplemented("RDSEED: rdseed is not available on this platform"); + } +#endif + + //! \brief Update RNG state with additional unpredictable values + //! \param input unused + //! \param length unused + //! \details The operation is a nop for this generator. + virtual void IncorporateEntropy(const byte *input, size_t length) + { + // Override to avoid the base class' throw. + CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(length); + // CRYPTOPP_ASSERT(0); // warn in debug builds + } + +private: + unsigned int m_retries; +}; + +NAMESPACE_END + +#endif // CRYPTOPP_RDRAND_H diff --git a/libs/win_crypto++/include/resource.h b/libs/win_crypto++/include/resource.h new file mode 100644 index 0000000..ae07ae7 --- /dev/null +++ b/libs/win_crypto++/include/resource.h @@ -0,0 +1,15 @@ +//{{NO_DEPENDENCIES}} +// Microsoft Developer Studio generated include file. +// Used by cryptopp.rc +// + +// Next default values for new objects +// +#ifdef APSTUDIO_INVOKED +#ifndef APSTUDIO_READONLY_SYMBOLS +#define _APS_NEXT_RESOURCE_VALUE 101 +#define _APS_NEXT_COMMAND_VALUE 40001 +#define _APS_NEXT_CONTROL_VALUE 1000 +#define _APS_NEXT_SYMED_VALUE 101 +#endif +#endif diff --git a/libs/win_crypto++/include/rijndael.h b/libs/win_crypto++/include/rijndael.h new file mode 100644 index 0000000..612b522 --- /dev/null +++ b/libs/win_crypto++/include/rijndael.h @@ -0,0 +1,87 @@ +// rijndael.h - written and placed in the public domain by Wei Dai + +//! \file rijndael.h +//! \brief Classes for Rijndael encryption algorithm +//! \details All key sizes are supported. The library only provides Rijndael with 128-bit blocks, +//! and not 192-bit or 256-bit blocks + +#ifndef CRYPTOPP_RIJNDAEL_H +#define CRYPTOPP_RIJNDAEL_H + +#include "seckey.h" +#include "secblock.h" + +// Clang 3.3 integrated assembler crash on Linux +#if CRYPTOPP_BOOL_X32 || (defined(CRYPTOPP_LLVM_CLANG_VERSION) && (CRYPTOPP_LLVM_CLANG_VERSION < 30400)) +# define CRYPTOPP_DISABLE_RIJNDAEL_ASM +#endif + +NAMESPACE_BEGIN(CryptoPP) + +//! \brief Rijndael block cipher information +struct Rijndael_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32, 8> +{ + CRYPTOPP_DLL static const char * CRYPTOPP_API StaticAlgorithmName() {return CRYPTOPP_RIJNDAEL_NAME;} +}; + +//! \brief Rijndael block cipher implementation details +//! \sa Rijndael +class CRYPTOPP_DLL Rijndael : public Rijndael_Info, public BlockCipherDocumentation +{ + //! \brief Rijndael block cipher data processing functionss + //! \details Provides implementation common to encryption and decryption + class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + + protected: + static void FillEncTable(); + static void FillDecTable(); + + // VS2005 workaround: have to put these on seperate lines, or error C2487 is triggered in DLL build + static const byte Se[256]; + static const byte Sd[256]; + + static const word32 rcon[]; + + unsigned int m_rounds; + FixedSizeAlignedSecBlock m_key; + }; + + //! \brief Rijndael block cipher data processing functions + //! \details Provides implementation for encryption transformation + class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; +#if CRYPTOPP_BOOL_X64 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X86 + Enc(); + size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; + private: + SecByteBlock m_aliasBlock; +#endif + }; + + //! \brief Rijndael block cipher data processing functions + //! \details Provides implementation for decryption transformation + class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; +#if CRYPTOPP_BOOL_AESNI_INTRINSICS_AVAILABLE + size_t AdvancedProcessBlocks(const byte *inBlocks, const byte *xorBlocks, byte *outBlocks, size_t length, word32 flags) const; +#endif + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef Rijndael::Encryption RijndaelEncryption; +typedef Rijndael::Decryption RijndaelDecryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/ripemd.h b/libs/win_crypto++/include/ripemd.h new file mode 100644 index 0000000..f7baa47 --- /dev/null +++ b/libs/win_crypto++/include/ripemd.h @@ -0,0 +1,54 @@ +// ripemd.h - written and placed in the public domain by Wei Dai + +//! \file +//! \brief Classes for RIPEMD message digest + +#ifndef CRYPTOPP_RIPEMD_H +#define CRYPTOPP_RIPEMD_H + +#include "iterhash.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! RIPEMD-160 +/*! Digest Length = 160 bits */ +class RIPEMD160 : public IteratedHashWithStaticTransform +{ +public: + static void InitState(HashWordType *state); + static void Transform(word32 *digest, const word32 *data); + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "RIPEMD-160";} +}; + +/*! Digest Length = 320 bits, Security is similar to RIPEMD-160 */ +class RIPEMD320 : public IteratedHashWithStaticTransform +{ +public: + static void InitState(HashWordType *state); + static void Transform(word32 *digest, const word32 *data); + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "RIPEMD-320";} +}; + +/*! \warning RIPEMD-128 is considered insecure, and should not be used + unless you absolutely need it for compatibility. */ +class RIPEMD128 : public IteratedHashWithStaticTransform +{ +public: + static void InitState(HashWordType *state); + static void Transform(word32 *digest, const word32 *data); + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "RIPEMD-128";} +}; + +/*! \warning RIPEMD-256 is considered insecure, and should not be used + unless you absolutely need it for compatibility. */ +class RIPEMD256 : public IteratedHashWithStaticTransform +{ +public: + static void InitState(HashWordType *state); + static void Transform(word32 *digest, const word32 *data); + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "RIPEMD-256";} +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/rng.h b/libs/win_crypto++/include/rng.h new file mode 100644 index 0000000..99f48f9 --- /dev/null +++ b/libs/win_crypto++/include/rng.h @@ -0,0 +1,111 @@ +// rng.h - written and placed in the public domain by Wei Dai + +//! \file rng.h +//! \brief Miscellaneous classes for RNGs +//! \details This file contains miscellaneous classes for RNGs, including LC_RNG(), +//! X917RNG() and MaurerRandomnessTest() +//! \sa osrng.h, randpool.h + +#ifndef CRYPTOPP_RNG_H +#define CRYPTOPP_RNG_H + +#include "cryptlib.h" +#include "filters.h" +#include "smartptr.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \brief Linear Congruential Generator (LCG) +//! \details Originally propsed by William S. England. +//! \warning LC_RNG is suitable for simulations, where uniformaly distrubuted numbers are +//! required quickly. It should not be used for cryptographic purposes. +class LC_RNG : public RandomNumberGenerator +{ +public: + //! \brief Construct a Linear Congruential Generator (LCG) + //! \param init_seed the initial value for the generator + LC_RNG(word32 init_seed) + : seed(init_seed) {} + + void GenerateBlock(byte *output, size_t size); + + word32 GetSeed() {return seed;} + +private: + word32 seed; + + static const word32 m; + static const word32 q; + static const word16 a; + static const word16 r; +}; + +//! \class X917RNG +//! \brief ANSI X9.17 RNG +//! \details X917RNG is from ANSI X9.17 Appendix C, and it uses a 64-bit block cipher, like TripleDES. +//! If you use a 128-bit block cipher, like AES, then you are effectively using an ANSI X9.31 generator. +//! \sa AutoSeededX917RNG, DefaultAutoSeededRNG +class CRYPTOPP_DLL X917RNG : public RandomNumberGenerator, public NotCopyable +{ +public: + //! \brief Construct a X917RNG + //! \param cipher the block cipher to use for the generator + //! \param seed a byte buffer to use as a seed + //! \param deterministicTimeVector additional entropy + //! \details cipher will be deleted by the destructor. seed must be at least + //! BlockSize() in length. deterministicTimeVector = 0 means obtain time vector + //! from the system. + //! \details When constructing a X917RNG, the generator must be keyed or an access + //! violation will occur because the time vector is encrypted using the block cipher. + //! To key the generator during constructions, perform the following: + //! 
+	//!   SecByteBlock key(AES::DEFAULT_KEYLENGTH), seed(AES::BLOCKSIZE);
+	//!   OS_GenerateRandomBlock(false, key, key.size());
+	//!   OS_GenerateRandomBlock(false, seed, seed.size());
+	//!   X917RNG prng(new AES::Encryption(key, AES::DEFAULT_KEYLENGTH), seed, NULL);
+ //! \sa AutoSeededX917RNG + X917RNG(BlockTransformation *cipher, const byte *seed, const byte *deterministicTimeVector = 0); + + void GenerateIntoBufferedTransformation(BufferedTransformation &target, const std::string &channel, lword size); + +private: + member_ptr m_cipher; + const unsigned int m_size; // S, blocksize of cipher + SecByteBlock m_datetime; // DT, buffer for enciphered timestamp + SecByteBlock m_randseed, m_lastBlock, m_deterministicTimeVector; +}; + +//! \class MaurerRandomnessTest +//! \brief Maurer's Universal Statistical Test for Random Bit Generators +//! \details This class implements Maurer's Universal Statistical Test for +//! Random Bit Generators. It is intended for measuring the randomness of +//! *PHYSICAL* RNGs. +//! \details For more details see Maurer's paper in Journal of Cryptology, 1992. +class MaurerRandomnessTest : public Bufferless +{ +public: + //! \brief Contruct a MaurerRandomnessTest + MaurerRandomnessTest(); + + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); + + //! \brief Provides the number of bytes of input is needed by the test + //! \returns how many more bytes of input is needed by the test + // BytesNeeded() returns how many more bytes of input is needed by the test + // GetTestValue() should not be called before BytesNeeded()==0 + unsigned int BytesNeeded() const {return n >= (Q+K) ? 0 : Q+K-n;} + + // returns a number between 0.0 and 1.0, describing the quality of the + // random numbers entered + double GetTestValue() const; + +private: + enum {L=8, V=256, Q=2000, K=2000}; + double sum; + unsigned int n; + unsigned int tab[V]; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/rsa.h b/libs/win_crypto++/include/rsa.h new file mode 100644 index 0000000..49c7c45 --- /dev/null +++ b/libs/win_crypto++/include/rsa.h @@ -0,0 +1,250 @@ +// rsa.h - written and placed in the public domain by Wei Dai + +//! \file rsa.h +//! \brief Classes for the RSA cryptosystem +//! \details This file contains classes that implement the RSA +//! ciphers and signature schemes as defined in PKCS #1 v2.0. + +#ifndef CRYPTOPP_RSA_H +#define CRYPTOPP_RSA_H + +#include "cryptlib.h" +#include "pubkey.h" +#include "integer.h" +#include "pkcspad.h" +#include "oaep.h" +#include "emsa2.h" +#include "asn.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class RSAFunction +//! \brief RSA trapdoor function using the public key +class CRYPTOPP_DLL RSAFunction : public TrapdoorFunction, public X509PublicKey +{ + typedef RSAFunction ThisClass; + +public: + //! \brief Initialize a RSA public key with {n,e} + //! \param n the modulus + //! \param e the public exponent + void Initialize(const Integer &n, const Integer &e) + {m_n = n; m_e = e;} + + // X509PublicKey + OID GetAlgorithmID() const; + void BERDecodePublicKey(BufferedTransformation &bt, bool parametersPresent, size_t size); + void DEREncodePublicKey(BufferedTransformation &bt) const; + + // CryptoMaterial + bool Validate(RandomNumberGenerator &rng, unsigned int level) const; + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + + // TrapdoorFunction + Integer ApplyFunction(const Integer &x) const; + Integer PreimageBound() const {return m_n;} + Integer ImageBound() const {return m_n;} + + // non-derived + const Integer & GetModulus() const {return m_n;} + const Integer & GetPublicExponent() const {return m_e;} + + void SetModulus(const Integer &n) {m_n = n;} + void SetPublicExponent(const Integer &e) {m_e = e;} + +protected: + Integer m_n, m_e; +}; + +//! \class InvertibleRSAFunction +//! \brief RSA trapdoor function using the private key +class CRYPTOPP_DLL InvertibleRSAFunction : public RSAFunction, public TrapdoorFunctionInverse, public PKCS8PrivateKey +{ + typedef InvertibleRSAFunction ThisClass; + +public: + //! \brief Create a RSA private key + //! \param rng a RandomNumberGenerator derived class + //! \param modulusBits the size of the modulud, in bits + //! \param e the desired public exponent + void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits, const Integer &e = 17); + + //! \brief Initialize a RSA private key with {n,e,d,p,q,dp,dq,u} + //! \param n modulus + //! \param e public exponent + //! \param d private exponent + //! \param p first prime factor + //! \param q second prime factor + //! \param dp d mod p + //! \param dq d mod q + //! \param u q-1 mod p + void Initialize(const Integer &n, const Integer &e, const Integer &d, const Integer &p, const Integer &q, const Integer &dp, const Integer &dq, const Integer &u) + {m_n = n; m_e = e; m_d = d; m_p = p; m_q = q; m_dp = dp; m_dq = dq; m_u = u;} + //! \brief Initialize a RSA private key with {n,e,d} + //! \param n modulus + //! \param e public exponent + //! \param d private exponent + //! \details Initialize() will factor n using d and populate {p,q,dp,dq,u}. + void Initialize(const Integer &n, const Integer &e, const Integer &d); + + // PKCS8PrivateKey + void BERDecode(BufferedTransformation &bt) + {PKCS8PrivateKey::BERDecode(bt);} + void DEREncode(BufferedTransformation &bt) const + {PKCS8PrivateKey::DEREncode(bt);} + void Load(BufferedTransformation &bt) + {PKCS8PrivateKey::BERDecode(bt);} + void Save(BufferedTransformation &bt) const + {PKCS8PrivateKey::DEREncode(bt);} + OID GetAlgorithmID() const {return RSAFunction::GetAlgorithmID();} + void BERDecodePrivateKey(BufferedTransformation &bt, bool parametersPresent, size_t size); + void DEREncodePrivateKey(BufferedTransformation &bt) const; + + // TrapdoorFunctionInverse + Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; + + // GeneratableCryptoMaterial + bool Validate(RandomNumberGenerator &rng, unsigned int level) const; + /*! parameters: (ModulusSize, PublicExponent (default 17)) */ + void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + + // non-derived interface + const Integer& GetPrime1() const {return m_p;} + const Integer& GetPrime2() const {return m_q;} + const Integer& GetPrivateExponent() const {return m_d;} + const Integer& GetModPrime1PrivateExponent() const {return m_dp;} + const Integer& GetModPrime2PrivateExponent() const {return m_dq;} + const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;} + + void SetPrime1(const Integer &p) {m_p = p;} + void SetPrime2(const Integer &q) {m_q = q;} + void SetPrivateExponent(const Integer &d) {m_d = d;} + void SetModPrime1PrivateExponent(const Integer &dp) {m_dp = dp;} + void SetModPrime2PrivateExponent(const Integer &dq) {m_dq = dq;} + void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;} + +protected: + Integer m_d, m_p, m_q, m_dp, m_dq, m_u; +}; + +//! \class RSAFunction_ISO +//! \brief RSA trapdoor function using the public key +class CRYPTOPP_DLL RSAFunction_ISO : public RSAFunction +{ +public: + Integer ApplyFunction(const Integer &x) const; + Integer PreimageBound() const {return ++(m_n>>1);} +}; + +//! \class InvertibleRSAFunction_ISO +//! \brief RSA trapdoor function using the private key +class CRYPTOPP_DLL InvertibleRSAFunction_ISO : public InvertibleRSAFunction +{ +public: + Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; + Integer PreimageBound() const {return ++(m_n>>1);} +}; + +//! \class RSA +//! \brief RSA algorithm +struct CRYPTOPP_DLL RSA +{ + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "RSA";} + typedef RSAFunction PublicKey; + typedef InvertibleRSAFunction PrivateKey; +}; + +//! \class RSAES +//! \brief RSA encryption algorithm +//! \tparam STANDARD signature standard +//! \sa RSA cryptosystem +template +struct RSAES : public TF_ES +{ +}; + +//! \class RSASS +//! \brief RSA signature algorithm +//! \tparam STANDARD signature standard +//! \tparam H hash transformation +//! \details See documentation of PKCS1v15 for a list of hash functions that can be used with it. +//! \sa RSA signature scheme with appendix +template +struct RSASS : public TF_SS +{ +}; + +//! \class RSA_ISO +//! \brief RSA algorithm +struct CRYPTOPP_DLL RSA_ISO +{ + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "RSA-ISO";} + typedef RSAFunction_ISO PublicKey; + typedef InvertibleRSAFunction_ISO PrivateKey; +}; + +//! \class RSASS_ISO +//! \brief RSA signature algorithm +//! \tparam H hash transformation +template +struct RSASS_ISO : public TF_SS +{ +}; + +//! \brief \ref RSAES "RSAES::Decryptor" typedef +//! \details RSA encryption scheme defined in PKCS #1 v2.0 +DOCUMENTED_TYPEDEF(RSAES::Decryptor, RSAES_PKCS1v15_Decryptor); +//! \brief \ref RSAES "RSAES::Encryptor" typedef +//! \details RSA encryption scheme defined in PKCS #1 v2.0 +DOCUMENTED_TYPEDEF(RSAES::Encryptor, RSAES_PKCS1v15_Encryptor); + +//! \brief \ref RSAES "RSAES>::Decryptor" typedef +//! \details RSA encryption scheme defined in PKCS #1 v2.0 +DOCUMENTED_TYPEDEF(RSAES >::Decryptor, RSAES_OAEP_SHA_Decryptor); +//! \brief \ref RSAES "RSAES>::Encryptor" typedef +//! \details RSA encryption scheme defined in PKCS #1 v2.0 +DOCUMENTED_TYPEDEF(RSAES >::Encryptor, RSAES_OAEP_SHA_Encryptor); + +#ifdef CRYPTOPP_DOXYGEN_PROCESSING +//! \brief \ref RSASS "RSASS::Signer" typedef +//! \details RSA signature schemes defined in PKCS #1 v2.0 +class RSASSA_PKCS1v15_SHA_Signer : public RSASS::Signer {}; +//! \brief \ref RSASS "RSASS::Verifier" typedef +//! \details RSA signature schemes defined in PKCS #1 v2.0 +class RSASSA_PKCS1v15_SHA_Verifier : public RSASS::Verifier {}; + +namespace Weak { + +//! \brief \ref RSASS "RSASS::Signer" typedef +//! \details RSA signature schemes defined in PKCS #1 v2.0 +class RSASSA_PKCS1v15_MD2_Signer : public RSASS::Signer {}; +//! \brief \ref RSASS "RSASS::Verifier" typedef +//! \details RSA signature schemes defined in PKCS #1 v2.0 +class RSASSA_PKCS1v15_MD2_Verifier : public RSASS::Verifier {}; + +//! \brief \ref RSASS "RSASS::Signer" typedef +//! \details RSA signature schemes defined in PKCS #1 v2.0 +class RSASSA_PKCS1v15_MD5_Signer : public RSASS::Signer {}; +//! \brief \ref RSASS "RSASS::Verifier" typedef +//! \details RSA signature schemes defined in PKCS #1 v2.0 +class RSASSA_PKCS1v15_MD5_Verifier : public RSASS::Verifier {}; +} + +#else +typedef RSASS::Signer RSASSA_PKCS1v15_SHA_Signer; +typedef RSASS::Verifier RSASSA_PKCS1v15_SHA_Verifier; + +namespace Weak { + typedef RSASS::Signer RSASSA_PKCS1v15_MD2_Signer; + typedef RSASS::Verifier RSASSA_PKCS1v15_MD2_Verifier; + typedef RSASS::Signer RSASSA_PKCS1v15_MD5_Signer; + typedef RSASS::Verifier RSASSA_PKCS1v15_MD5_Verifier; +} +#endif // CRYPTOPP_DOXYGEN_PROCESSING + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/rw.h b/libs/win_crypto++/include/rw.h new file mode 100644 index 0000000..e16b966 --- /dev/null +++ b/libs/win_crypto++/include/rw.h @@ -0,0 +1,128 @@ +// rw.h - written and placed in the public domain by Wei Dai + +//! \file rw.h +//! \brief Classes for Rabin-Williams signature scheme +//! \details The implementation provides Rabin-Williams signature schemes as defined in +//! IEEE P1363. It uses Bernstein's tweaked square roots in place of square roots to +//! speedup calculations. +//! \sa RSA signatures and Rabin–Williams +//! signatures: the state of the art (20080131), Section 6, The tweaks e and f. + +#ifndef CRYPTOPP_RW_H +#define CRYPTOPP_RW_H + +#include "cryptlib.h" +#include "pubkey.h" +#include "integer.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class RWFunction +//! \brief Rabin-Williams trapdoor function using the public key +class CRYPTOPP_DLL RWFunction : public TrapdoorFunction, public PublicKey +{ + typedef RWFunction ThisClass; + +public: + void Initialize(const Integer &n) + {m_n = n;} + + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const; + + void Save(BufferedTransformation &bt) const + {DEREncode(bt);} + void Load(BufferedTransformation &bt) + {BERDecode(bt);} + + Integer ApplyFunction(const Integer &x) const; + Integer PreimageBound() const {return ++(m_n>>1);} + Integer ImageBound() const {return m_n;} + + bool Validate(RandomNumberGenerator &rng, unsigned int level) const; + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + + const Integer& GetModulus() const {return m_n;} + void SetModulus(const Integer &n) {m_n = n;} + +protected: + Integer m_n; +}; + +//! \class InvertibleRWFunction +//! \brief Rabin-Williams trapdoor function using the private key +//! \since Tweaked roots using e and f since Crypto++ 5.6.4 +class CRYPTOPP_DLL InvertibleRWFunction : public RWFunction, public TrapdoorFunctionInverse, public PrivateKey +{ + typedef InvertibleRWFunction ThisClass; + +public: + InvertibleRWFunction() : m_precompute(false) {} + + void Initialize(const Integer &n, const Integer &p, const Integer &q, const Integer &u); + // generate a random private key + void Initialize(RandomNumberGenerator &rng, unsigned int modulusBits) + {GenerateRandomWithKeySize(rng, modulusBits);} + + void BERDecode(BufferedTransformation &bt); + void DEREncode(BufferedTransformation &bt) const; + + void Save(BufferedTransformation &bt) const + {DEREncode(bt);} + void Load(BufferedTransformation &bt) + {BERDecode(bt);} + + Integer CalculateInverse(RandomNumberGenerator &rng, const Integer &x) const; + + // GeneratibleCryptoMaterial + bool Validate(RandomNumberGenerator &rng, unsigned int level) const; + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + /*! parameters: (ModulusSize) */ + void GenerateRandom(RandomNumberGenerator &rng, const NameValuePairs &alg); + + const Integer& GetPrime1() const {return m_p;} + const Integer& GetPrime2() const {return m_q;} + const Integer& GetMultiplicativeInverseOfPrime2ModPrime1() const {return m_u;} + + void SetPrime1(const Integer &p) {m_p = p;} + void SetPrime2(const Integer &q) {m_q = q;} + void SetMultiplicativeInverseOfPrime2ModPrime1(const Integer &u) {m_u = u;} + + virtual bool SupportsPrecomputation() const {return true;} + virtual void Precompute(unsigned int unused = 0) {CRYPTOPP_UNUSED(unused); PrecomputeTweakedRoots();} + virtual void Precompute(unsigned int unused = 0) const {CRYPTOPP_UNUSED(unused); PrecomputeTweakedRoots();} + + virtual void LoadPrecomputation(BufferedTransformation &storedPrecomputation); + virtual void SavePrecomputation(BufferedTransformation &storedPrecomputation) const; + +protected: + void PrecomputeTweakedRoots() const; + +protected: + Integer m_p, m_q, m_u; + + mutable Integer m_pre_2_9p, m_pre_2_3q, m_pre_q_p; + mutable bool m_precompute; +}; + +//! \class RW +//! \brief Rabin-Williams algorithm +struct RW +{ + static std::string StaticAlgorithmName() {return "RW";} + typedef RWFunction PublicKey; + typedef InvertibleRWFunction PrivateKey; +}; + +//! \class RWSS +//! \brief Rabin-Williams signature scheme +template +struct RWSS : public TF_SS +{ +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/safer.h b/libs/win_crypto++/include/safer.h new file mode 100644 index 0000000..e1d2dc7 --- /dev/null +++ b/libs/win_crypto++/include/safer.h @@ -0,0 +1,107 @@ +// safer.h - written and placed in the public domain by Wei Dai + +//! \file safer.h +//! \brief Classes for the SAFER and SAFER-K block ciphers + +#ifndef CRYPTOPP_SAFER_H +#define CRYPTOPP_SAFER_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class SAFER +//! \brief SAFER block cipher +class SAFER +{ +public: + //! \class Base + //! \brief SAFER block cipher default operation + class CRYPTOPP_NO_VTABLE Base : public BlockCipher + { + public: + unsigned int OptimalDataAlignment() const {return 1;} + void UncheckedSetKey(const byte *userkey, unsigned int length, const NameValuePairs ¶ms); + + protected: + virtual bool Strengthened() const =0; + + SecByteBlock keySchedule; + static const byte exp_tab[256]; + static const byte log_tab[256]; + }; + + //! \class Enc + //! \brief SAFER block cipher encryption operation + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + //! \class Dec + //! \brief SAFER block cipher decryption operation + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; +}; + +//! \class SAFER_Impl +//! \brief SAFER block cipher default implementation +//! \tparam BASE SAFER::Enc or SAFER::Dec derived base class +//! \tparam INFO SAFER_Info derived class +//! \tparam STR flag indicating a strengthened implementation +//! \details SAFER-K is not strengthened; while SAFER-SK is strengthened. +template +class CRYPTOPP_NO_VTABLE SAFER_Impl : public BlockCipherImpl +{ +protected: + bool Strengthened() const {return STR;} +}; + +//! \class SAFER_K_Info +//! \brief SAFER-K block cipher information +struct SAFER_K_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 8, 16, 8>, public VariableRounds<10, 1, 13> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "SAFER-K";} +}; + +//! \class SAFER_K +//! \brief SAFER-K block cipher +//! \sa SAFER-K +class SAFER_K : public SAFER_K_Info, public SAFER, public BlockCipherDocumentation +{ +public: + typedef BlockCipherFinal > Encryption; + typedef BlockCipherFinal > Decryption; +}; + +//! \class SAFER_SK_Info +//! \brief SAFER-SK block cipher information +struct SAFER_SK_Info : public FixedBlockSize<8>, public VariableKeyLength<16, 8, 16, 8>, public VariableRounds<10, 1, 13> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "SAFER-SK";} +}; + +//! \class SAFER_SK +//! \brief SAFER-SK block cipher +//! \sa SAFER-SK +class SAFER_SK : public SAFER_SK_Info, public SAFER, public BlockCipherDocumentation +{ +public: + typedef BlockCipherFinal > Encryption; + typedef BlockCipherFinal > Decryption; +}; + +typedef SAFER_K::Encryption SAFER_K_Encryption; +typedef SAFER_K::Decryption SAFER_K_Decryption; + +typedef SAFER_SK::Encryption SAFER_SK_Encryption; +typedef SAFER_SK::Decryption SAFER_SK_Decryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/salsa.h b/libs/win_crypto++/include/salsa.h new file mode 100644 index 0000000..0188447 --- /dev/null +++ b/libs/win_crypto++/include/salsa.h @@ -0,0 +1,88 @@ +// salsa.h - written and placed in the public domain by Wei Dai + +//! \file salsa.h +//! \brief Classes for Salsa and Salsa20 stream ciphers + +#ifndef CRYPTOPP_SALSA_H +#define CRYPTOPP_SALSA_H + +#include "strciphr.h" +#include "secblock.h" + +// TODO: work around GCC 4.8+ issue with SSE2 ASM until the exact details are known +// and fix is released. Duplicate with "valgrind ./cryptest.exe tv salsa" +// "Inline assembly operands don't work with .intel_syntax", http://llvm.org/bugs/show_bug.cgi?id=24232 +#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_INTEL_ASM) || (CRYPTOPP_GCC_VERSION >= 40800) +# define CRYPTOPP_DISABLE_SALSA_ASM +#endif + +NAMESPACE_BEGIN(CryptoPP) + +//! \class Salsa20_Info +//! \brief Salsa20 stream cipher information +struct Salsa20_Info : public VariableKeyLength<32, 16, 32, 16, SimpleKeyingInterface::UNIQUE_IV, 8> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "Salsa20";} +}; + +//! \class Salsa20_Policy +//! \brief Salsa20 stream cipher operation +class CRYPTOPP_NO_VTABLE Salsa20_Policy : public AdditiveCipherConcretePolicy +{ +protected: + void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); + void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); + void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); + bool CipherIsRandomAccess() const {return true;} + void SeekToIteration(lword iterationCount); +#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) && !defined(CRYPTOPP_DISABLE_SALSA_ASM) + unsigned int GetAlignment() const; + unsigned int GetOptimalBlockSize() const; +#endif + + FixedSizeAlignedSecBlock m_state; + int m_rounds; +}; + +//! \class Salsa20 +//! \brief Salsa20 stream cipher +//! \details Salsa20 provides a variable number of rounds: 8, 12 or 20. The default number of rounds is 20. +//! \sa XSalsa20 +struct Salsa20 : public Salsa20_Info, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal >, Salsa20_Info> Encryption; + typedef Encryption Decryption; +}; + +//! \class XSalsa20_Info +//! \brief XSalsa20 stream cipher information +struct XSalsa20_Info : public FixedKeyLength<32, SimpleKeyingInterface::UNIQUE_IV, 24> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "XSalsa20";} +}; + +//! \class XSalsa20_Policy +//! \brief XSalsa20 stream cipher operation +class CRYPTOPP_NO_VTABLE XSalsa20_Policy : public Salsa20_Policy +{ +public: + void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); + void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); + +protected: + FixedSizeSecBlock m_key; +}; + +//! \class XSalsa20 +//! \brief XSalsa20 stream cipher +//! \details XSalsa20 provides a variable number of rounds: 8, 12 or 20. The default number of rounds is 20. +//! \sa XSalsa20 +struct XSalsa20 : public XSalsa20_Info, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal >, XSalsa20_Info> Encryption; + typedef Encryption Decryption; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/seal.h b/libs/win_crypto++/include/seal.h new file mode 100644 index 0000000..14e3066 --- /dev/null +++ b/libs/win_crypto++/include/seal.h @@ -0,0 +1,58 @@ +// seal.h - written and placed in the public domain by Wei Dai + +//! \file seal.h +//! \brief Classes for SEAL stream cipher + +#ifndef CRYPTOPP_SEAL_H +#define CRYPTOPP_SEAL_H + +#include "strciphr.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class SEAL_Info +//! \brief SEAL stream cipher information +//! \tparam B Endianess of the stream cipher +template +struct SEAL_Info : public FixedKeyLength<20, SimpleKeyingInterface::INTERNALLY_GENERATED_IV, 4> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return B::ToEnum() == LITTLE_ENDIAN_ORDER ? "SEAL-3.0-LE" : "SEAL-3.0-BE";} +}; + +//! \class SEAL_Policy +//! \brief SEAL stream cipher operation +//! \tparam B Endianess of the stream cipher +template +class CRYPTOPP_NO_VTABLE SEAL_Policy : public AdditiveCipherConcretePolicy, public SEAL_Info +{ +protected: + void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); + void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); + void CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length); + bool CipherIsRandomAccess() const {return true;} + void SeekToIteration(lword iterationCount); + +private: + FixedSizeSecBlock m_T; + FixedSizeSecBlock m_S; + SecBlock m_R; + + word32 m_startCount, m_iterationsPerCount; + word32 m_outsideCounter, m_insideCounter; +}; + +//! \class SEAL +//! \brief SEAL stream cipher +//! \tparam B Endianess of the stream cipher +//! \sa SEAL +template +struct SEAL : public SEAL_Info, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal, AdditiveCipherTemplate<> >, SEAL_Info > Encryption; + typedef Encryption Decryption; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/secblock.h b/libs/win_crypto++/include/secblock.h new file mode 100644 index 0000000..1d51438 --- /dev/null +++ b/libs/win_crypto++/include/secblock.h @@ -0,0 +1,813 @@ +// secblock.h - written and placed in the public domain by Wei Dai + +//! \file secblock.h +//! \brief Classes and functions for secure memory allocations. + +#ifndef CRYPTOPP_SECBLOCK_H +#define CRYPTOPP_SECBLOCK_H + +#include "config.h" +#include "stdcpp.h" +#include "misc.h" + +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4700) +# if (CRYPTOPP_MSC_VERSION >= 1400) +# pragma warning(disable: 6386) +# endif +#endif + +NAMESPACE_BEGIN(CryptoPP) + +// ************** secure memory allocation *************** + +//! \class AllocatorBase +//! \brief Base class for all allocators used by SecBlock +//! \tparam T the class or type +template +class AllocatorBase +{ +public: + typedef T value_type; + typedef size_t size_type; +#ifdef CRYPTOPP_MSVCRT6 + typedef ptrdiff_t difference_type; +#else + typedef std::ptrdiff_t difference_type; +#endif + typedef T * pointer; + typedef const T * const_pointer; + typedef T & reference; + typedef const T & const_reference; + + pointer address(reference r) const {return (&r);} + const_pointer address(const_reference r) const {return (&r); } + void construct(pointer p, const T& val) {new (p) T(val);} + void destroy(pointer p) {CRYPTOPP_UNUSED(p); p->~T();} + + //! \brief Returns the maximum number of elements the allocator can provide + //! \returns the maximum number of elements the allocator can provide + //! \details Internally, preprocessor macros are used rather than std::numeric_limits + //! because the latter is \a not a \a constexpr. Some compilers, like Clang, do not + //! optimize it well under all circumstances. Compilers like GCC, ICC and MSVC appear + //! to optimize it well in either form. + CRYPTOPP_CONSTEXPR size_type max_size() const {return (SIZE_MAX/sizeof(T));} + +#if defined(CRYPTOPP_CXX11_VARIADIC_TEMPLATES) || defined(CRYPTOPP_DOXYGEN_PROCESSING) + + //! \brief Constructs a new U using variadic arguments + //! \tparam U the type to be forwarded + //! \tparam Args the arguments to be forwarded + //! \param ptr pointer to type U + //! \param args variadic arguments + //! \details This is a C++11 feature. It is available when CRYPTOPP_CXX11_VARIADIC_TEMPLATES + //! is defined. The define is controlled by compiler versions detected in config.h. + template + void construct(U* ptr, Args&&... args) {::new ((void*)ptr) U(std::forward(args)...);} + + //! \brief Destroys an U constructed with variadic arguments + //! \tparam U the type to be forwarded + //! \details This is a C++11 feature. It is available when CRYPTOPP_CXX11_VARIADIC_TEMPLATES + //! is defined. The define is controlled by compiler versions detected in config.h. + template + void destroy(U* ptr) {if(ptr) ptr->~U();} + +#endif + +protected: + + //! \brief Verifies the allocator can satisfy a request based on size + //! \param size the size of the allocation, in elements + //! \throws InvalidArgument + //! \details CheckSize verifies the number of elements requested is valid. + //! \details If size is greater than max_size(), then InvalidArgument is thrown. + //! The library throws InvalidArgument if the size is too large to satisfy. + //! \details Internally, preprocessor macros are used rather than std::numeric_limits + //! because the latter is \a not a \a constexpr. Some compilers, like Clang, do not + //! optimize it well under all circumstances. Compilers like GCC, ICC and MSVC appear + //! to optimize it well in either form. + //! \note size is the count of elements, and not the number of bytes + static void CheckSize(size_t size) + { + // C++ throws std::bad_alloc (C++03) or std::bad_array_new_length (C++11) here. + if (size > (SIZE_MAX/sizeof(T))) + throw InvalidArgument("AllocatorBase: requested size would cause integer overflow"); + } +}; + +#define CRYPTOPP_INHERIT_ALLOCATOR_TYPES \ +typedef typename AllocatorBase::value_type value_type;\ +typedef typename AllocatorBase::size_type size_type;\ +typedef typename AllocatorBase::difference_type difference_type;\ +typedef typename AllocatorBase::pointer pointer;\ +typedef typename AllocatorBase::const_pointer const_pointer;\ +typedef typename AllocatorBase::reference reference;\ +typedef typename AllocatorBase::const_reference const_reference; + +//! \brief Reallocation function +//! \tparam T the class or type +//! \tparam A the class or type's allocator +//! \param alloc the allocator +//! \param oldPtr the previous allocation +//! \param oldSize the size of the previous allocation +//! \param newSize the new, requested size +//! \param preserve flag that indicates if the old allocation should be preserved +//! \note oldSize and newSize are the count of elements, and not the +//! number of bytes. +template +typename A::pointer StandardReallocate(A& alloc, T *oldPtr, typename A::size_type oldSize, typename A::size_type newSize, bool preserve) +{ + CRYPTOPP_ASSERT((oldPtr && oldSize) || !(oldPtr || oldSize)); + if (oldSize == newSize) + return oldPtr; + + if (preserve) + { + typename A::pointer newPointer = alloc.allocate(newSize, NULL); + const size_t copySize = STDMIN(oldSize, newSize) * sizeof(T); + + if (oldPtr && newPointer) {memcpy_s(newPointer, copySize, oldPtr, copySize);} + alloc.deallocate(oldPtr, oldSize); + return newPointer; + } + else + { + alloc.deallocate(oldPtr, oldSize); + return alloc.allocate(newSize, NULL); + } +} + +//! \class AllocatorWithCleanup +//! \brief Allocates a block of memory with cleanup +//! \tparam T class or type +//! \tparam T_Align16 boolean that determines whether allocations should be aligned on 16-byte boundaries +//! \details If T_Align16 is true, then AllocatorWithCleanup calls AlignedAllocate() +//! for memory allocations. If T_Align16 is false, then AllocatorWithCleanup() calls +//! UnalignedAllocate() for memory allocations. +//! \details Template parameter T_Align16 is effectively controlled by cryptlib.h and mirrors +//! CRYPTOPP_BOOL_ALIGN16. CRYPTOPP_BOOL_ALIGN16 is often used as the template parameter. +template +class AllocatorWithCleanup : public AllocatorBase +{ +public: + CRYPTOPP_INHERIT_ALLOCATOR_TYPES + + //! \brief Allocates a block of memory + //! \param ptr the size of the allocation + //! \param size the size of the allocation, in elements + //! \returns a memory block + //! \throws InvalidArgument + //! \details allocate() first checks the size of the request. If it is non-0 + //! and less than max_size(), then an attempt is made to fulfill the request using either + //! AlignedAllocate() or UnalignedAllocate(). + //! \details AlignedAllocate() is used if T_Align16 is true. + //! UnalignedAllocate() used if T_Align16 is false. + //! \details This is the C++ *Placement New* operator. ptr is not used, and the function + //! CRYPTOPP_ASSERTs in Debug builds if ptr is non-NULL. + //! \sa CallNewHandler() for the methods used to recover from a failed + //! allocation attempt. + //! \note size is the count of elements, and not the number of bytes + pointer allocate(size_type size, const void *ptr = NULL) + { + CRYPTOPP_UNUSED(ptr); CRYPTOPP_ASSERT(ptr == NULL); + this->CheckSize(size); + if (size == 0) + return NULL; + +#if CRYPTOPP_BOOL_ALIGN16 + // TODO: should this need the test 'size*sizeof(T) >= 16'? + if (T_Align16 && size*sizeof(T) >= 16) + return (pointer)AlignedAllocate(size*sizeof(T)); +#endif + + return (pointer)UnalignedAllocate(size*sizeof(T)); + } + + //! \brief Deallocates a block of memory + //! \param ptr the pointer for the allocation + //! \param size the size of the allocation, in elements + //! \details Internally, SecureWipeArray() is called before deallocating the memory. + //! Once the memory block is wiped or zeroized, AlignedDeallocate() or + //! UnalignedDeallocate() is called. + //! \details AlignedDeallocate() is used if T_Align16 is true. + //! UnalignedDeallocate() used if T_Align16 is false. + void deallocate(void *ptr, size_type size) + { + CRYPTOPP_ASSERT((ptr && size) || !(ptr || size)); + SecureWipeArray((pointer)ptr, size); + +#if CRYPTOPP_BOOL_ALIGN16 + if (T_Align16 && size*sizeof(T) >= 16) + return AlignedDeallocate(ptr); +#endif + + UnalignedDeallocate(ptr); + } + + //! \brief Reallocates a block of memory + //! \param oldPtr the previous allocation + //! \param oldSize the size of the previous allocation + //! \param newSize the new, requested size + //! \param preserve flag that indicates if the old allocation should be preserved + //! \returns pointer to the new memory block + //! \details Internally, reallocate() calls StandardReallocate(). + //! \details If preserve is true, then index 0 is used to begin copying the + //! old memory block to the new one. If the block grows, then the old array + //! is copied in its entirety. If the block shrinks, then only newSize + //! elements are copied from the old block to the new one. + //! \note oldSize and newSize are the count of elements, and not the + //! number of bytes. + pointer reallocate(T *oldPtr, size_type oldSize, size_type newSize, bool preserve) + { + CRYPTOPP_ASSERT((oldPtr && oldSize) || !(oldPtr || oldSize)); + return StandardReallocate(*this, oldPtr, oldSize, newSize, preserve); + } + + //! \brief Template class memeber Rebind + //! \tparam T allocated class or type + //! \tparam T_Align16 boolean that determines whether allocations should be aligned on 16-byte boundaries + //! \tparam U bound class or type + //! \details Rebind allows a container class to allocate a different type of object + //! to store elements. For example, a std::list will allocate std::list_node to + //! store elements in the list. + //! \details VS.NET STL enforces the policy of "All STL-compliant allocators + //! have to provide a template class member called rebind". + template struct rebind { typedef AllocatorWithCleanup other; }; +#if _MSC_VER >= 1500 + AllocatorWithCleanup() {} + template AllocatorWithCleanup(const AllocatorWithCleanup &) {} +#endif +}; + +CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup; +CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup; +CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup; +CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup; +#if defined(CRYPTOPP_WORD128_AVAILABLE) +CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup; // for Integer +#endif +#if CRYPTOPP_BOOL_X86 +CRYPTOPP_DLL_TEMPLATE_CLASS AllocatorWithCleanup; // for Integer +#endif + +//! \class NullAllocator +//! \brief NULL allocator +//! \tparam T class or type +//! \details A NullAllocator is useful for fixed-size, stack based allocations +//! (i.e., static arrays used by FixedSizeAllocatorWithCleanup). +//! \details A NullAllocator always returns 0 for max_size(), and always returns +//! NULL for allocation requests. Though the allocator does not allocate at +//! runtime, it does perform a secure wipe or zeroization during cleanup. +template +class NullAllocator : public AllocatorBase +{ +public: + //LCOV_EXCL_START + CRYPTOPP_INHERIT_ALLOCATOR_TYPES + + // TODO: should this return NULL or throw bad_alloc? Non-Windows C++ standard + // libraries always throw. And late mode Windows throws. Early model Windows + // (circa VC++ 6.0) returned NULL. + pointer allocate(size_type n, const void* unused = NULL) + { + CRYPTOPP_UNUSED(n); CRYPTOPP_UNUSED(unused); + CRYPTOPP_ASSERT(false); return NULL; + } + + void deallocate(void *p, size_type n) + { + CRYPTOPP_UNUSED(p); CRYPTOPP_UNUSED(n); + CRYPTOPP_ASSERT(false); + } + + CRYPTOPP_CONSTEXPR size_type max_size() const {return 0;} + //LCOV_EXCL_STOP +}; + +//! \class FixedSizeAllocatorWithCleanup +//! \brief Static secure memory block with cleanup +//! \tparam T class or type +//! \tparam S fixed-size of the stack-based memory block, in elements +//! \tparam A AllocatorBase derived class for allocation and cleanup +//! \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack- +//! based allocation at compile time. The class can grow its memory +//! block at runtime if a suitable allocator is available. If size +//! grows beyond S and a suitable allocator is available, then the +//! statically allocated array is obsoleted. +//! \note This allocator can't be used with standard collections because +//! they require that all objects of the same allocator type are equivalent. +template , bool T_Align16 = false> +class FixedSizeAllocatorWithCleanup : public AllocatorBase +{ +public: + CRYPTOPP_INHERIT_ALLOCATOR_TYPES + + //! \brief Constructs a FixedSizeAllocatorWithCleanup + FixedSizeAllocatorWithCleanup() : m_allocated(false) {} + + //! \brief Allocates a block of memory + //! \param size size of the memory block, in elements + //! \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack-based + //! allocation at compile time. If size is less than or equal to + //! S, then a pointer to the static array is returned. + //! \details The class can grow its memory block at runtime if a suitable + //! allocator is available. If size grows beyond S and a suitable + //! allocator is available, then the statically allocated array is + //! obsoleted. If a suitable allocator is \a not available, as with a + //! NullAllocator, then the function returns NULL and a runtime error + //! eventually occurs. + //! \sa reallocate(), SecBlockWithHint + pointer allocate(size_type size) + { + CRYPTOPP_ASSERT(IsAlignedOn(m_array, 8)); + + if (size <= S && !m_allocated) + { + m_allocated = true; + return GetAlignedArray(); + } + else + return m_fallbackAllocator.allocate(size); + } + + //! \brief Allocates a block of memory + //! \param size size of the memory block, in elements + //! \param hint an unused hint + //! \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack- + //! based allocation at compile time. If size is less than or equal to + //! S, then a pointer to the static array is returned. + //! \details The class can grow its memory block at runtime if a suitable + //! allocator is available. If size grows beyond S and a suitable + //! allocator is available, then the statically allocated array is + //! obsoleted. If a suitable allocator is \a not available, as with a + //! NullAllocator, then the function returns NULL and a runtime error + //! eventually occurs. + //! \sa reallocate(), SecBlockWithHint + pointer allocate(size_type size, const void *hint) + { + if (size <= S && !m_allocated) + { + m_allocated = true; + return GetAlignedArray(); + } + else + return m_fallbackAllocator.allocate(size, hint); + } + + //! \brief Deallocates a block of memory + //! \param ptr a pointer to the memory block to deallocate + //! \param size size of the memory block, in elements + //! \details The memory block is wiped or zeroized before deallocation. + //! If the statically allocated memory block is active, then no + //! additional actions are taken after the wipe. + //! \details If a dynamic memory block is active, then the pointer and + //! size are passed to the allocator for deallocation. + void deallocate(void *ptr, size_type size) + { + if (ptr == GetAlignedArray()) + { + CRYPTOPP_ASSERT(size <= S); + CRYPTOPP_ASSERT(m_allocated); + m_allocated = false; + SecureWipeArray((pointer)ptr, size); + } + else + m_fallbackAllocator.deallocate(ptr, size); + } + + //! \brief Reallocates a block of memory + //! \param oldPtr the previous allocation + //! \param oldSize the size of the previous allocation + //! \param newSize the new, requested size + //! \param preserve flag that indicates if the old allocation should be preserved + //! \returns pointer to the new memory block + //! \details FixedSizeAllocatorWithCleanup provides a fixed-size, stack- + //! based allocation at compile time. If size is less than or equal to + //! S, then a pointer to the static array is returned. + //! \details The class can grow its memory block at runtime if a suitable + //! allocator is available. If size grows beyond S and a suitable + //! allocator is available, then the statically allocated array is + //! obsoleted. If a suitable allocator is \a not available, as with a + //! NullAllocator, then the function returns NULL and a runtime error + //! eventually occurs. + //! \note size is the count of elements, and not the number of bytes. + //! \sa reallocate(), SecBlockWithHint + pointer reallocate(pointer oldPtr, size_type oldSize, size_type newSize, bool preserve) + { + if (oldPtr == GetAlignedArray() && newSize <= S) + { + CRYPTOPP_ASSERT(oldSize <= S); + if (oldSize > newSize) + SecureWipeArray(oldPtr+newSize, oldSize-newSize); + return oldPtr; + } + + pointer newPointer = allocate(newSize, NULL); + if (preserve && newSize) + { + const size_t copySize = STDMIN(oldSize, newSize); + memcpy_s(newPointer, sizeof(T)*newSize, oldPtr, sizeof(T)*copySize); + } + deallocate(oldPtr, oldSize); + return newPointer; + } + + CRYPTOPP_CONSTEXPR size_type max_size() const {return STDMAX(m_fallbackAllocator.max_size(), S);} + +private: + +#ifdef __BORLANDC__ + T* GetAlignedArray() {return m_array;} + T m_array[S]; +#else + T* GetAlignedArray() {return (CRYPTOPP_BOOL_ALIGN16 && T_Align16) ? (T*)(void *)(((byte *)m_array) + (0-(size_t)m_array)%16) : m_array;} + CRYPTOPP_ALIGN_DATA(8) T m_array[(CRYPTOPP_BOOL_ALIGN16 && T_Align16) ? S+8/sizeof(T) : S]; +#endif + + A m_fallbackAllocator; + bool m_allocated; +}; + +//! \class SecBlock +//! \brief Secure memory block with allocator and cleanup +//! \tparam T a class or type +//! \tparam A AllocatorWithCleanup derived class for allocation and cleanup +template > +class SecBlock +{ +public: + typedef typename A::value_type value_type; + typedef typename A::pointer iterator; + typedef typename A::const_pointer const_iterator; + typedef typename A::size_type size_type; + + //! \brief Construct a SecBlock with space for size elements. + //! \param size the size of the allocation, in elements + //! \throws std::bad_alloc + //! \details The elements are not initialized. + //! \note size is the count of elements, and not the number of bytes + explicit SecBlock(size_type size=0) + : m_size(size), m_ptr(m_alloc.allocate(size, NULL)) { } + + //! \brief Copy construct a SecBlock from another SecBlock + //! \param t the other SecBlock + //! \throws std::bad_alloc + SecBlock(const SecBlock &t) + : m_size(t.m_size), m_ptr(m_alloc.allocate(t.m_size, NULL)) { + CRYPTOPP_ASSERT((!t.m_ptr && !m_size) || (t.m_ptr && m_size)); + if (t.m_ptr) {memcpy_s(m_ptr, m_size*sizeof(T), t.m_ptr, t.m_size*sizeof(T));} + } + + //! \brief Construct a SecBlock from an array of elements. + //! \param ptr a pointer to an array of T + //! \param len the number of elements in the memory block + //! \throws std::bad_alloc + //! \details If ptr!=NULL and len!=0, then the block is initialized from the pointer ptr. + //! If ptr==NULL and len!=0, then the block is initialized to 0. + //! Otherwise, the block is empty and \a not initialized. + //! \note size is the count of elements, and not the number of bytes + SecBlock(const T *ptr, size_type len) + : m_size(len), m_ptr(m_alloc.allocate(len, NULL)) { + CRYPTOPP_ASSERT((!m_ptr && !m_size) || (m_ptr && m_size)); + if (ptr && m_ptr) + memcpy_s(m_ptr, m_size*sizeof(T), ptr, len*sizeof(T)); + else if (m_size) + memset(m_ptr, 0, m_size*sizeof(T)); + } + + ~SecBlock() + {m_alloc.deallocate(m_ptr, m_size);} + +#ifdef __BORLANDC__ + operator T *() const + {return (T*)m_ptr;} +#else + operator const void *() const + {return m_ptr;} + operator void *() + {return m_ptr;} + + operator const T *() const + {return m_ptr;} + operator T *() + {return m_ptr;} +#endif + + //! \brief Provides an iterator pointing to the first element in the memory block + //! \returns iterator pointing to the first element in the memory block + iterator begin() + {return m_ptr;} + //! \brief Provides a constant iterator pointing to the first element in the memory block + //! \returns constant iterator pointing to the first element in the memory block + const_iterator begin() const + {return m_ptr;} + //! \brief Provides an iterator pointing beyond the last element in the memory block + //! \returns iterator pointing beyond the last element in the memory block + iterator end() + {return m_ptr+m_size;} + //! \brief Provides a constant iterator pointing beyond the last element in the memory block + //! \returns constant iterator pointing beyond the last element in the memory block + const_iterator end() const + {return m_ptr+m_size;} + + //! \brief Provides a pointer to the first element in the memory block + //! \returns pointer to the first element in the memory block + typename A::pointer data() {return m_ptr;} + //! \brief Provides a pointer to the first element in the memory block + //! \returns constant pointer to the first element in the memory block + typename A::const_pointer data() const {return m_ptr;} + + //! \brief Provides the count of elements in the SecBlock + //! \returns number of elements in the memory block + //! \note the return value is the count of elements, and not the number of bytes + size_type size() const {return m_size;} + //! \brief Determines if the SecBlock is empty + //! \returns true if number of elements in the memory block is 0, false otherwise + bool empty() const {return m_size == 0;} + + //! \brief Provides a byte pointer to the first element in the memory block + //! \returns byte pointer to the first element in the memory block + byte * BytePtr() {return (byte *)m_ptr;} + //! \brief Return a byte pointer to the first element in the memory block + //! \returns constant byte pointer to the first element in the memory block + const byte * BytePtr() const {return (const byte *)m_ptr;} + //! \brief Provides the number of bytes in the SecBlock + //! \return the number of bytes in the memory block + //! \note the return value is the number of bytes, and not count of elements. + size_type SizeInBytes() const {return m_size*sizeof(T);} + + //! \brief Set contents and size from an array + //! \param ptr a pointer to an array of T + //! \param len the number of elements in the memory block + //! \details If the memory block is reduced in size, then the reclaimed memory is set to 0. + void Assign(const T *ptr, size_type len) + { + New(len); + if (m_ptr && ptr && len) + {memcpy_s(m_ptr, m_size*sizeof(T), ptr, len*sizeof(T));} + } + + //! \brief Copy contents from another SecBlock + //! \param t the other SecBlock + //! \details Assign checks for self assignment. + //! \details If the memory block is reduced in size, then the reclaimed memory is set to 0. + void Assign(const SecBlock &t) + { + if (this != &t) + { + New(t.m_size); + if (m_ptr && t.m_ptr && t.m_size) + {memcpy_s(m_ptr, m_size*sizeof(T), t, t.m_size*sizeof(T));} + } + } + + //! \brief Assign contents from another SecBlock + //! \param t the other SecBlock + //! \details Internally, operator=() calls Assign(). + //! \details If the memory block is reduced in size, then the reclaimed memory is set to 0. + SecBlock& operator=(const SecBlock &t) + { + // Assign guards for self-assignment + Assign(t); + return *this; + } + + //! \brief Append contents from another SecBlock + //! \param t the other SecBlock + //! \details Internally, this SecBlock calls Grow and then appends t. + SecBlock& operator+=(const SecBlock &t) + { + CRYPTOPP_ASSERT((!t.m_ptr && !t.m_size) || (t.m_ptr && t.m_size)); + + if(t.m_size) + { + const size_type oldSize = m_size; + if(this != &t) // s += t + { + Grow(m_size+t.m_size); + memcpy_s(m_ptr+oldSize, (m_size-oldSize)*sizeof(T), t.m_ptr, t.m_size*sizeof(T)); + } + else // t += t + { + Grow(m_size*2); + memcpy_s(m_ptr+oldSize, (m_size-oldSize)*sizeof(T), m_ptr, oldSize*sizeof(T)); + } + } + return *this; + } + + //! \brief Construct a SecBlock from this and another SecBlock + //! \param t the other SecBlock + //! \returns a newly constructed SecBlock that is a conacentation of this and t + //! \details Internally, a new SecBlock is created from this and a concatenation of t. + SecBlock operator+(const SecBlock &t) + { + CRYPTOPP_ASSERT((!m_ptr && !m_size) || (m_ptr && m_size)); + CRYPTOPP_ASSERT((!t.m_ptr && !t.m_size) || (t.m_ptr && t.m_size)); + if(!t.m_size) return SecBlock(*this); + + SecBlock result(m_size+t.m_size); + if(m_size) {memcpy_s(result.m_ptr, result.m_size*sizeof(T), m_ptr, m_size*sizeof(T));} + memcpy_s(result.m_ptr+m_size, (result.m_size-m_size)*sizeof(T), t.m_ptr, t.m_size*sizeof(T)); + return result; + } + + //! \brief Bitwise compare two SecBlocks + //! \param t the other SecBlock + //! \returns true if the size and bits are equal, false otherwise + //! \details Uses a constant time compare if the arrays are equal size. The constant time + //! compare is VerifyBufsEqual() found in misc.h. + //! \sa operator!=() + bool operator==(const SecBlock &t) const + { + return m_size == t.m_size && + VerifyBufsEqual(reinterpret_cast(m_ptr), reinterpret_cast(t.m_ptr), m_size*sizeof(T)); + } + + //! \brief Bitwise compare two SecBlocks + //! \param t the other SecBlock + //! \returns true if the size and bits are equal, false otherwise + //! \details Uses a constant time compare if the arrays are equal size. The constant time + //! compare is VerifyBufsEqual() found in misc.h. + //! \details Internally, operator!=() returns the inverse of operator==(). + //! \sa operator==() + bool operator!=(const SecBlock &t) const + { + return !operator==(t); + } + + //! \brief Change size without preserving contents + //! \param newSize the new size of the memory block + //! \details Old content is \a not preserved. If the memory block is reduced in size, + //! then the reclaimed memory is set to 0. If the memory block grows in size, then + //! the new memory is \a not initialized. + //! \details Internally, this SecBlock calls reallocate(). + //! \sa New(), CleanNew(), Grow(), CleanGrow(), resize() + void New(size_type newSize) + { + m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, false); + m_size = newSize; + } + + //! \brief Change size without preserving contents + //! \param newSize the new size of the memory block + //! \details Old content is \a not preserved. If the memory block is reduced in size, + //! then the reclaimed content is set to 0. If the memory block grows in size, then + //! the new memory is initialized to 0. + //! \details Internally, this SecBlock calls New(). + //! \sa New(), CleanNew(), Grow(), CleanGrow(), resize() + void CleanNew(size_type newSize) + { + New(newSize); + if (m_ptr) {memset_z(m_ptr, 0, m_size*sizeof(T));} + } + + //! \brief Change size and preserve contents + //! \param newSize the new size of the memory block + //! \details Old content is preserved. New content is not initialized. + //! \details Internally, this SecBlock calls reallocate() when size must increase. If the + //! size does not increase, then Grow() does not take action. If the size must + //! change, then use resize(). + //! \sa New(), CleanNew(), Grow(), CleanGrow(), resize() + void Grow(size_type newSize) + { + if (newSize > m_size) + { + m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, true); + m_size = newSize; + } + } + + //! \brief Change size and preserve contents + //! \param newSize the new size of the memory block + //! \details Old content is preserved. New content is initialized to 0. + //! \details Internally, this SecBlock calls reallocate() when size must increase. If the + //! size does not increase, then CleanGrow() does not take action. If the size must + //! change, then use resize(). + //! \sa New(), CleanNew(), Grow(), CleanGrow(), resize() + void CleanGrow(size_type newSize) + { + if (newSize > m_size) + { + m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, true); + memset_z(m_ptr+m_size, 0, (newSize-m_size)*sizeof(T)); + m_size = newSize; + } + } + + //! \brief Change size and preserve contents + //! \param newSize the new size of the memory block + //! \details Old content is preserved. If the memory block grows in size, then + //! new memory is \a not initialized. + //! \details Internally, this SecBlock calls reallocate(). + //! \sa New(), CleanNew(), Grow(), CleanGrow(), resize() + void resize(size_type newSize) + { + m_ptr = m_alloc.reallocate(m_ptr, m_size, newSize, true); + m_size = newSize; + } + + //! \brief Swap contents with another SecBlock + //! \param b the other SecBlock + //! \details Internally, std::swap() is called on m_alloc, m_size and m_ptr. + void swap(SecBlock &b) + { + // Swap must occur on the allocator in case its FixedSize that spilled into the heap. + std::swap(m_alloc, b.m_alloc); + std::swap(m_size, b.m_size); + std::swap(m_ptr, b.m_ptr); + } + +// protected: + A m_alloc; + size_type m_size; + T *m_ptr; +}; + +#ifdef CRYPTOPP_DOXYGEN_PROCESSING +//! \class SecByteBlock +//! \brief \ref SecBlock "SecBlock" typedef. +class SecByteBlock : public SecBlock {}; +//! \class SecWordBlock +//! \brief \ref SecBlock "SecBlock" typedef. +class SecWordBlock : public SecBlock {}; +//! \class AlignedSecByteBlock +//! \brief SecBlock using \ref AllocatorWithCleanup "AllocatorWithCleanup" typedef +class AlignedSecByteBlock : public SecBlock > {}; +#else +typedef SecBlock SecByteBlock; +typedef SecBlock SecWordBlock; +typedef SecBlock > AlignedSecByteBlock; +#endif + +// No need for move semantics on derived class *if* the class does not add any +// data members; see http://stackoverflow.com/q/31755703, and Rule of {0|3|5}. + +//! \class FixedSizeSecBlock +//! \brief Fixed size stack-based SecBlock +//! \tparam T class or type +//! \tparam S fixed-size of the stack-based memory block, in elements +//! \tparam A AllocatorBase derived class for allocation and cleanup +template > +class FixedSizeSecBlock : public SecBlock +{ +public: + //! \brief Construct a FixedSizeSecBlock + explicit FixedSizeSecBlock() : SecBlock(S) {} +}; + +//! \class FixedSizeAlignedSecBlock +//! \brief Fixed size stack-based SecBlock with 16-byte alignment +//! \tparam T class or type +//! \tparam S fixed-size of the stack-based memory block, in elements +//! \tparam A AllocatorBase derived class for allocation and cleanup +template +class FixedSizeAlignedSecBlock : public FixedSizeSecBlock, T_Align16> > +{ +}; + +//! \class SecBlockWithHint +//! \brief Stack-based SecBlock that grows into the heap +//! \tparam T class or type +//! \tparam S fixed-size of the stack-based memory block, in elements +//! \tparam A AllocatorBase derived class for allocation and cleanup +template > > +class SecBlockWithHint : public SecBlock +{ +public: + //! construct a SecBlockWithHint with a count of elements + explicit SecBlockWithHint(size_t size) : SecBlock(size) {} +}; + +template +inline bool operator==(const CryptoPP::AllocatorWithCleanup&, const CryptoPP::AllocatorWithCleanup&) {return (true);} +template +inline bool operator!=(const CryptoPP::AllocatorWithCleanup&, const CryptoPP::AllocatorWithCleanup&) {return (false);} + +NAMESPACE_END + +NAMESPACE_BEGIN(std) +template +inline void swap(CryptoPP::SecBlock &a, CryptoPP::SecBlock &b) +{ + a.swap(b); +} + +#if defined(_STLP_DONT_SUPPORT_REBIND_MEMBER_TEMPLATE) || (defined(_STLPORT_VERSION) && !defined(_STLP_MEMBER_TEMPLATE_CLASSES)) +// working for STLport 5.1.3 and MSVC 6 SP5 +template +inline CryptoPP::AllocatorWithCleanup<_Tp2>& +__stl_alloc_rebind(CryptoPP::AllocatorWithCleanup<_Tp1>& __a, const _Tp2*) +{ + return (CryptoPP::AllocatorWithCleanup<_Tp2>&)(__a); +} +#endif + +NAMESPACE_END + +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + +#endif diff --git a/libs/win_crypto++/include/seckey.h b/libs/win_crypto++/include/seckey.h new file mode 100644 index 0000000..21274cd --- /dev/null +++ b/libs/win_crypto++/include/seckey.h @@ -0,0 +1,466 @@ +// seckey.h - written and placed in the public domain by Wei Dai + +//! \file +//! \brief Classes and functions for implementing secret key algorithms. + +#ifndef CRYPTOPP_SECKEY_H +#define CRYPTOPP_SECKEY_H + +#include "config.h" + +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4189) +#endif + +#include "cryptlib.h" +#include "misc.h" +#include "simple.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \brief Inverts the cipher's direction +//! \param dir the cipher's direction +//! \returns DECRYPTION if \ref CipherDir "dir" is ENCRYPTION, DECRYPTION otherwise +inline CipherDir ReverseCipherDir(CipherDir dir) +{ + return (dir == ENCRYPTION) ? DECRYPTION : ENCRYPTION; +} + +//! \class FixedBlockSize +//! \brief Inherited by algorithms with fixed block size +//! \tparam N the blocksize of the algorithm +template +class FixedBlockSize +{ +public: + //! \brief The block size of the algorithm provided as a constant. + CRYPTOPP_CONSTANT(BLOCKSIZE = N) +}; + +// ************** rounds *************** + +//! \class FixedRounds +//! \brief Inherited by algorithms with fixed number of rounds +//! \tparam R the number of rounds used by the algorithm +template +class FixedRounds +{ +public: + //! \brief The number of rounds for the algorithm provided as a constant. + CRYPTOPP_CONSTANT(ROUNDS = R) +}; + +//! \class VariableRounds +//! \brief Inherited by algorithms with variable number of rounds +//! \tparam D Default number of rounds +//! \tparam N Minimum number of rounds +//! \tparam D Maximum number of rounds +template // use INT_MAX here because enums are treated as signed ints +class VariableRounds +{ +public: + //! \brief The default number of rounds for the algorithm provided as a constant. + CRYPTOPP_CONSTANT(DEFAULT_ROUNDS = D) + //! \brief The minimum number of rounds for the algorithm provided as a constant. + CRYPTOPP_CONSTANT(MIN_ROUNDS = N) + //! \brief The maximum number of rounds for the algorithm provided as a constant. + CRYPTOPP_CONSTANT(MAX_ROUNDS = M) + //! \brief The default number of rounds for the algorithm based on key length + //! provided by a static function. + //! \param keylength the size of the key, in bytes + //! \details keylength is unused in the default implementation. + CRYPTOPP_CONSTEXPR static unsigned int StaticGetDefaultRounds(size_t keylength) + { + // Comma operator breaks Debug builds with GCC 4.0 - 4.6. + // Also see http://github.com/weidai11/cryptopp/issues/255 +#if defined(CRYPTOPP_CXX11_CONSTEXPR) + return CRYPTOPP_UNUSED(keylength), static_cast(DEFAULT_ROUNDS); +#else + CRYPTOPP_UNUSED(keylength); + return static_cast(DEFAULT_ROUNDS); +#endif + } + +protected: + //! \brief Validates the number of rounds for an algorithm. + //! \param rounds the candidate number of rounds + //! \param alg an Algorithm object used if the number of rounds are invalid + //! \throws InvalidRounds if the number of rounds are invalid + //! \details ThrowIfInvalidRounds() validates the number of rounds and throws if invalid. + inline void ThrowIfInvalidRounds(int rounds, const Algorithm *alg) + { + if (M == INT_MAX) // Coverity and result_independent_of_operands + { + if (rounds < MIN_ROUNDS) + throw InvalidRounds(alg ? alg->AlgorithmName() : std::string("VariableRounds"), rounds); + } + else + { + if (rounds < MIN_ROUNDS || rounds > MAX_ROUNDS) + throw InvalidRounds(alg ? alg->AlgorithmName() : std::string("VariableRounds"), rounds); + } + } + + //! \brief Validates the number of rounds for an algorithm + //! \param param the candidate number of rounds + //! \param alg an Algorithm object used if the number of rounds are invalid + //! \returns the number of rounds for the algorithm + //! \throws InvalidRounds if the number of rounds are invalid + //! \details GetRoundsAndThrowIfInvalid() validates the number of rounds and throws if invalid. + inline unsigned int GetRoundsAndThrowIfInvalid(const NameValuePairs ¶m, const Algorithm *alg) + { + int rounds = param.GetIntValueWithDefault("Rounds", DEFAULT_ROUNDS); + ThrowIfInvalidRounds(rounds, alg); + return (unsigned int)rounds; + } +}; + +// ************** key length *************** + +//! \class FixedKeyLength +//! \brief Inherited by keyed algorithms with fixed key length +//! \tparam N Default key length, in bytes +//! \tparam IV_REQ the \ref SimpleKeyingInterface::IV_Requirement "IV requirements" +//! \tparam IV_L default IV length, in bytes +//! \sa SimpleKeyingInterface +template +class FixedKeyLength +{ +public: + //! \brief The default key length used by the algorithm provided as a constant + //! \details KEYLENGTH is provided in bytes, not bits + CRYPTOPP_CONSTANT(KEYLENGTH=N) + //! \brief The minimum key length used by the algorithm provided as a constant + //! \details MIN_KEYLENGTH is provided in bytes, not bits + CRYPTOPP_CONSTANT(MIN_KEYLENGTH=N) + //! \brief The maximum key length used by the algorithm provided as a constant + //! \details MAX_KEYLENGTH is provided in bytes, not bits + CRYPTOPP_CONSTANT(MAX_KEYLENGTH=N) + //! \brief The default key length used by the algorithm provided as a constant + //! \details DEFAULT_KEYLENGTH is provided in bytes, not bits + CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=N) + //! \brief The default IV requirements for the algorithm provided as a constant + //! \details The default value is NOT_RESYNCHRONIZABLE. See IV_Requirement + //! in cryptlib.h for allowed values. + CRYPTOPP_CONSTANT(IV_REQUIREMENT = IV_REQ) + //! \brief The default IV length used by the algorithm provided as a constant + //! \details IV_LENGTH is provided in bytes, not bits. The default implementation uses 0. + CRYPTOPP_CONSTANT(IV_LENGTH = IV_L) + //! \brief The default key length for the algorithm provided by a static function. + //! \param keylength the size of the key, in bytes + //! \details The default implementation returns KEYLENGTH. keylength is unused + //! in the default implementation. + CRYPTOPP_CONSTEXPR static size_t CRYPTOPP_API StaticGetValidKeyLength(size_t keylength) + { + // Comma operator breaks Debug builds with GCC 4.0 - 4.6. + // Also see http://github.com/weidai11/cryptopp/issues/255 +#if defined(CRYPTOPP_CXX11_CONSTEXPR) + return CRYPTOPP_UNUSED(keylength), static_cast(KEYLENGTH); +#else + CRYPTOPP_UNUSED(keylength); + return static_cast(KEYLENGTH); +#endif + } +}; + +//! \class VariableKeyLength +//! \brief Inherited by keyed algorithms with variable key length +//! \tparam D Default key length, in bytes +//! \tparam N Minimum key length, in bytes +//! \tparam M Maximum key length, in bytes +//! \tparam M Default key length multiple, in bytes. The default multiple is 1. +//! \tparam IV_REQ the \ref SimpleKeyingInterface::IV_Requirement "IV requirements" +//! \tparam IV_L default IV length, in bytes. The default length is 0. +//! \sa SimpleKeyingInterface +template +class VariableKeyLength +{ + // Make these private to avoid Doxygen documenting them in all derived classes + CRYPTOPP_COMPILE_ASSERT(Q > 0); + CRYPTOPP_COMPILE_ASSERT(N % Q == 0); + CRYPTOPP_COMPILE_ASSERT(M % Q == 0); + CRYPTOPP_COMPILE_ASSERT(N < M); + CRYPTOPP_COMPILE_ASSERT(D >= N); + CRYPTOPP_COMPILE_ASSERT(M >= D); + +public: + //! \brief The minimum key length used by the algorithm provided as a constant + //! \details MIN_KEYLENGTH is provided in bytes, not bits + CRYPTOPP_CONSTANT(MIN_KEYLENGTH=N) + //! \brief The maximum key length used by the algorithm provided as a constant + //! \details MAX_KEYLENGTH is provided in bytes, not bits + CRYPTOPP_CONSTANT(MAX_KEYLENGTH=M) + //! \brief The default key length used by the algorithm provided as a constant + //! \details DEFAULT_KEYLENGTH is provided in bytes, not bits + CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=D) + //! \brief The key length multiple used by the algorithm provided as a constant + //! \details MAX_KEYLENGTH is provided in bytes, not bits + CRYPTOPP_CONSTANT(KEYLENGTH_MULTIPLE=Q) + //! \brief The default IV requirements for the algorithm provided as a constant + //! \details The default value is NOT_RESYNCHRONIZABLE. See IV_Requirement + //! in cryptlib.h for allowed values. + CRYPTOPP_CONSTANT(IV_REQUIREMENT=IV_REQ) + //! \brief The default initialization vector length for the algorithm provided as a constant + //! \details IV_LENGTH is provided in bytes, not bits. The default implementation uses 0. + CRYPTOPP_CONSTANT(IV_LENGTH=IV_L) + //! \brief Provides a valid key length for the algorithm provided by a static function. + //! \param keylength the size of the key, in bytes + //! \details If keylength is less than MIN_KEYLENGTH, then the function returns + //! MIN_KEYLENGTH. If keylength is greater than MAX_KEYLENGTH, then the function + //! returns MAX_KEYLENGTH. If keylength is a multiple of KEYLENGTH_MULTIPLE, + //! then keylength is returned. Otherwise, the function returns keylength rounded + //! \a down to the next smaller multiple of KEYLENGTH_MULTIPLE. + //! \details keylength is provided in bytes, not bits. + // TODO: Figure out how to make this CRYPTOPP_CONSTEXPR + static size_t CRYPTOPP_API StaticGetValidKeyLength(size_t keylength) + { + if (keylength < (size_t)MIN_KEYLENGTH) + return MIN_KEYLENGTH; + else if (keylength > (size_t)MAX_KEYLENGTH) + return (size_t)MAX_KEYLENGTH; + else + { + keylength += KEYLENGTH_MULTIPLE-1; + return keylength - keylength%KEYLENGTH_MULTIPLE; + } + } +}; + +//! \class SameKeyLengthAs +//! \brief Provides key lengths based on another class's key length +//! \tparam T another FixedKeyLength or VariableKeyLength class +//! \tparam IV_REQ the \ref SimpleKeyingInterface::IV_Requirement "IV requirements" +//! \tparam IV_L default IV length, in bytes +//! \sa SimpleKeyingInterface +template +class SameKeyLengthAs +{ +public: + //! \brief The minimum key length used by the algorithm provided as a constant + //! \details MIN_KEYLENGTH is provided in bytes, not bits + CRYPTOPP_CONSTANT(MIN_KEYLENGTH=T::MIN_KEYLENGTH) + //! \brief The maximum key length used by the algorithm provided as a constant + //! \details MIN_KEYLENGTH is provided in bytes, not bits + CRYPTOPP_CONSTANT(MAX_KEYLENGTH=T::MAX_KEYLENGTH) + //! \brief The default key length used by the algorithm provided as a constant + //! \details MIN_KEYLENGTH is provided in bytes, not bits + CRYPTOPP_CONSTANT(DEFAULT_KEYLENGTH=T::DEFAULT_KEYLENGTH) + //! \brief The default IV requirements for the algorithm provided as a constant + //! \details The default value is NOT_RESYNCHRONIZABLE. See IV_Requirement + //! in cryptlib.h for allowed values. + CRYPTOPP_CONSTANT(IV_REQUIREMENT=IV_REQ) + //! \brief The default initialization vector length for the algorithm provided as a constant + //! \details IV_LENGTH is provided in bytes, not bits. The default implementation uses 0. + CRYPTOPP_CONSTANT(IV_LENGTH=IV_L) + //! \brief Provides a valid key length for the algorithm provided by a static function. + //! \param keylength the size of the key, in bytes + //! \details If keylength is less than MIN_KEYLENGTH, then the function returns + //! MIN_KEYLENGTH. If keylength is greater than MAX_KEYLENGTH, then the function + //! returns MAX_KEYLENGTH. If keylength is a multiple of KEYLENGTH_MULTIPLE, + //! then keylength is returned. Otherwise, the function returns keylength rounded + //! \a down to the next smaller multiple of KEYLENGTH_MULTIPLE. + //! \details keylength is provided in bytes, not bits. + CRYPTOPP_CONSTEXPR static size_t CRYPTOPP_API StaticGetValidKeyLength(size_t keylength) + {return T::StaticGetValidKeyLength(keylength);} +}; + +// ************** implementation helper for SimpleKeyingInterface *************** + +//! \class SimpleKeyingInterfaceImpl +//! \brief Provides a base implementation of SimpleKeyingInterface +//! \tparam BASE a SimpleKeyingInterface derived class +//! \tparam INFO a SimpleKeyingInterface derived class +//! \details SimpleKeyingInterfaceImpl() provides a default implementation for ciphers providing a keying interface. +//! Functions are virtual and not eligible for C++11 constexpr-ness. +//! \sa Algorithm(), SimpleKeyingInterface() +template +class CRYPTOPP_NO_VTABLE SimpleKeyingInterfaceImpl : public BASE +{ +public: + //! \brief The minimum key length used by the algorithm + //! \returns minimum key length used by the algorithm, in bytes + size_t MinKeyLength() const + {return INFO::MIN_KEYLENGTH;} + + //! \brief The maximum key length used by the algorithm + //! \returns maximum key length used by the algorithm, in bytes + size_t MaxKeyLength() const + {return (size_t)INFO::MAX_KEYLENGTH;} + + //! \brief The default key length used by the algorithm + //! \returns default key length used by the algorithm, in bytes + size_t DefaultKeyLength() const + {return INFO::DEFAULT_KEYLENGTH;} + + //! \brief Provides a valid key length for the algorithm + //! \param keylength the size of the key, in bytes + //! \returns the valid key lenght, in bytes + //! \details keylength is provided in bytes, not bits. If keylength is less than MIN_KEYLENGTH, + //! then the function returns MIN_KEYLENGTH. If keylength is greater than MAX_KEYLENGTH, + //! then the function returns MAX_KEYLENGTH. if If keylength is a multiple of KEYLENGTH_MULTIPLE, + //! then keylength is returned. Otherwise, the function returns a \a lower multiple of + //! KEYLENGTH_MULTIPLE. + size_t GetValidKeyLength(size_t keylength) const {return INFO::StaticGetValidKeyLength(keylength);} + + //! \brief The default IV requirements for the algorithm + //! \details The default value is NOT_RESYNCHRONIZABLE. See IV_Requirement + //! in cryptlib.h for allowed values. + SimpleKeyingInterface::IV_Requirement IVRequirement() const + {return (SimpleKeyingInterface::IV_Requirement)INFO::IV_REQUIREMENT;} + + //! \brief The default initialization vector length for the algorithm + //! \details IVSize is provided in bytes, not bits. The default implementation uses IV_LENGTH, which is 0. + unsigned int IVSize() const + {return INFO::IV_LENGTH;} +}; + +//! \class BlockCipherImpl +//! \brief Provides a base implementation of Algorithm and SimpleKeyingInterface for block ciphers +//! \tparam INFO a SimpleKeyingInterface derived class +//! \tparam BASE a SimpleKeyingInterface derived class +//! \details BlockCipherImpl() provides a default implementation for block ciphers using AlgorithmImpl() +//! and SimpleKeyingInterfaceImpl(). Functions are virtual and not eligible for C++11 constexpr-ness. +//! \sa Algorithm(), SimpleKeyingInterface(), AlgorithmImpl(), SimpleKeyingInterfaceImpl() +template +class CRYPTOPP_NO_VTABLE BlockCipherImpl : public AlgorithmImpl > > +{ +public: + //! Provides the block size of the algorithm + //! \returns the block size of the algorithm, in bytes + unsigned int BlockSize() const {return this->BLOCKSIZE;} +}; + +//! \class BlockCipherFinal +//! \brief Provides class member functions to key a block cipher +//! \tparam DIR a CipherDir +//! \tparam BASE a BlockCipherImpl derived class +template +class BlockCipherFinal : public ClonableImpl, BASE> +{ +public: + //! \brief Construct a default BlockCipherFinal + //! \details The cipher is not keyed. + BlockCipherFinal() {} + + //! \brief Construct a BlockCipherFinal + //! \param key a byte array used to key the cipher + //! \details key must be at least DEFAULT_KEYLENGTH in length. Internally, the function calls + //! SimpleKeyingInterface::SetKey. + BlockCipherFinal(const byte *key) + {this->SetKey(key, this->DEFAULT_KEYLENGTH);} + + //! \brief Construct a BlockCipherFinal + //! \param key a byte array used to key the cipher + //! \param length the length of the byte array + //! \details key must be at least DEFAULT_KEYLENGTH in length. Internally, the function calls + //! SimpleKeyingInterface::SetKey. + BlockCipherFinal(const byte *key, size_t length) + {this->SetKey(key, length);} + + //! \brief Construct a BlockCipherFinal + //! \param key a byte array used to key the cipher + //! \param length the length of the byte array + //! \param rounds the number of rounds + //! \details key must be at least DEFAULT_KEYLENGTH in length. Internally, the function calls + //! SimpleKeyingInterface::SetKeyWithRounds. + BlockCipherFinal(const byte *key, size_t length, unsigned int rounds) + {this->SetKeyWithRounds(key, length, rounds);} + + //! \brief Provides the direction of the cipher + //! \returns true if DIR is ENCRYPTION, false otherwise + //! \sa GetCipherDirection(), IsPermutation() + bool IsForwardTransformation() const {return DIR == ENCRYPTION;} +}; + +//! \class MessageAuthenticationCodeImpl +//! \brief Provides a base implementation of Algorithm and SimpleKeyingInterface for message authentication codes +//! \tparam INFO a SimpleKeyingInterface derived class +//! \tparam BASE a SimpleKeyingInterface derived class +//! \details MessageAuthenticationCodeImpl() provides a default implementation for message authentication codes +//! using AlgorithmImpl() and SimpleKeyingInterfaceImpl(). Functions are virtual and not subject to C++11 +//! constexpr. +//! \sa Algorithm(), SimpleKeyingInterface(), AlgorithmImpl(), SimpleKeyingInterfaceImpl() +template +class MessageAuthenticationCodeImpl : public AlgorithmImpl, INFO> +{ +}; + +//! \class MessageAuthenticationCodeFinal +//! \brief Provides class member functions to key a message authentication code +//! \tparam DIR a CipherDir +//! \tparam BASE a BlockCipherImpl derived class +template +class MessageAuthenticationCodeFinal : public ClonableImpl, MessageAuthenticationCodeImpl > +{ +public: + //! \brief Construct a default MessageAuthenticationCodeFinal + //! \details The message authentication code is not keyed. + MessageAuthenticationCodeFinal() {} + //! \brief Construct a BlockCipherFinal + //! \param key a byte array used to key the algorithm + //! \details key must be at least DEFAULT_KEYLENGTH in length. Internally, the function calls + //! SimpleKeyingInterface::SetKey. + MessageAuthenticationCodeFinal(const byte *key) + {this->SetKey(key, this->DEFAULT_KEYLENGTH);} + //! \brief Construct a BlockCipherFinal + //! \param key a byte array used to key the algorithm + //! \param length the length of the byte array + //! \details key must be at least DEFAULT_KEYLENGTH in length. Internally, the function calls + //! SimpleKeyingInterface::SetKey. + MessageAuthenticationCodeFinal(const byte *key, size_t length) + {this->SetKey(key, length);} +}; + +// ************** documentation *************** + +//! \class BlockCipherDocumentation +//! \brief Provides Encryption and Decryption typedefs used by derived classes to +//! implement a block cipher +//! \details These objects usually should not be used directly. See CipherModeDocumentation +//! instead. Each class derived from this one defines two types, Encryption and Decryption, +//! both of which implement the BlockCipher interface. +struct BlockCipherDocumentation +{ + //! implements the BlockCipher interface + typedef BlockCipher Encryption; + //! implements the BlockCipher interface + typedef BlockCipher Decryption; +}; + +//! \class SymmetricCipherDocumentation +//! \brief Provides Encryption and Decryption typedefs used by derived classes to +//! implement a symmetric cipher +//! \details Each class derived from this one defines two types, Encryption and Decryption, +//! both of which implement the SymmetricCipher interface. Two types of classes derive +//! from this class: stream ciphers and block cipher modes. Stream ciphers can be used +//! alone, cipher mode classes need to be used with a block cipher. See CipherModeDocumentation +//! for more for information about using cipher modes and block ciphers. +struct SymmetricCipherDocumentation +{ + //! implements the SymmetricCipher interface + typedef SymmetricCipher Encryption; + //! implements the SymmetricCipher interface + typedef SymmetricCipher Decryption; +}; + +//! \class AuthenticatedSymmetricCipherDocumentation +//! \brief Provides Encryption and Decryption typedefs used by derived classes to +//! implement an authenticated encryption cipher +//! \details Each class derived from this one defines two types, Encryption and Decryption, +//! both of which implement the AuthenticatedSymmetricCipher interface. +struct AuthenticatedSymmetricCipherDocumentation +{ + //! implements the AuthenticatedSymmetricCipher interface + typedef AuthenticatedSymmetricCipher Encryption; + //! implements the AuthenticatedSymmetricCipher interface + typedef AuthenticatedSymmetricCipher Decryption; +}; + +NAMESPACE_END + +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + +#endif diff --git a/libs/win_crypto++/include/seed.h b/libs/win_crypto++/include/seed.h new file mode 100644 index 0000000..86674ab --- /dev/null +++ b/libs/win_crypto++/include/seed.h @@ -0,0 +1,46 @@ +// seed.h - written and placed in the public domain by Wei Dai + +//! \file seed.h +//! \brief Classes for the SEED block cipher +//! \since Crypto++ 5.6.0 + +#ifndef CRYPTOPP_SEED_H +#define CRYPTOPP_SEED_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class SEED_Info +//! \brief SEED block cipher information +//! \since Crypto++ 5.6.0 +struct SEED_Info : public FixedBlockSize<16>, public FixedKeyLength<16>, public FixedRounds<16> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "SEED";} +}; + +//! \class SEED +//! \brief SEED block cipher +//! \sa SEED +//! \since Crypto++ 5.6.0 +class SEED : public SEED_Info, public BlockCipherDocumentation +{ + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + + protected: + FixedSizeSecBlock m_k; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/serpent.h b/libs/win_crypto++/include/serpent.h new file mode 100644 index 0000000..4ef4190 --- /dev/null +++ b/libs/win_crypto++/include/serpent.h @@ -0,0 +1,57 @@ +// serpent.h - written and placed in the public domain by Wei Dai + +//! \file serpent.h +//! \brief Classes for the Serpent block cipher + +#ifndef CRYPTOPP_SERPENT_H +#define CRYPTOPP_SERPENT_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class Serpent_Info +//! \brief Serpent block cipher information +struct Serpent_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32, 8>, public FixedRounds<32> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "Serpent";} +}; + +//! \class Serpent +//! \brief Serpent block cipher +/// \sa Serpent +class Serpent : public Serpent_Info, public BlockCipherDocumentation +{ + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + + protected: + FixedSizeSecBlock m_key; + }; + + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef Serpent::Encryption SerpentEncryption; +typedef Serpent::Decryption SerpentDecryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/serpentp.h b/libs/win_crypto++/include/serpentp.h new file mode 100644 index 0000000..ddf4056 --- /dev/null +++ b/libs/win_crypto++/include/serpentp.h @@ -0,0 +1,434 @@ +// private header for Serpent and Sosemanuk + +NAMESPACE_BEGIN(CryptoPP) + +// linear transformation +#define LT(i,a,b,c,d,e) {\ + a = rotlFixed(a, 13); \ + c = rotlFixed(c, 3); \ + d = rotlFixed(d ^ c ^ (a << 3), 7); \ + b = rotlFixed(b ^ a ^ c, 1); \ + a = rotlFixed(a ^ b ^ d, 5); \ + c = rotlFixed(c ^ d ^ (b << 7), 22);} + +// inverse linear transformation +#define ILT(i,a,b,c,d,e) {\ + c = rotrFixed(c, 22); \ + a = rotrFixed(a, 5); \ + c ^= d ^ (b << 7); \ + a ^= b ^ d; \ + b = rotrFixed(b, 1); \ + d = rotrFixed(d, 7) ^ c ^ (a << 3); \ + b ^= a ^ c; \ + c = rotrFixed(c, 3); \ + a = rotrFixed(a, 13);} + +// order of output from S-box functions +#define beforeS0(f) f(0,a,b,c,d,e) +#define afterS0(f) f(1,b,e,c,a,d) +#define afterS1(f) f(2,c,b,a,e,d) +#define afterS2(f) f(3,a,e,b,d,c) +#define afterS3(f) f(4,e,b,d,c,a) +#define afterS4(f) f(5,b,a,e,c,d) +#define afterS5(f) f(6,a,c,b,e,d) +#define afterS6(f) f(7,a,c,d,b,e) +#define afterS7(f) f(8,d,e,b,a,c) + +// order of output from inverse S-box functions +#define beforeI7(f) f(8,a,b,c,d,e) +#define afterI7(f) f(7,d,a,b,e,c) +#define afterI6(f) f(6,a,b,c,e,d) +#define afterI5(f) f(5,b,d,e,c,a) +#define afterI4(f) f(4,b,c,e,a,d) +#define afterI3(f) f(3,a,b,e,c,d) +#define afterI2(f) f(2,b,d,e,c,a) +#define afterI1(f) f(1,a,b,c,e,d) +#define afterI0(f) f(0,a,d,b,e,c) + +// The instruction sequences for the S-box functions +// come from Dag Arne Osvik's paper "Speeding up Serpent". + +#define S0(i, r0, r1, r2, r3, r4) \ + { \ + r3 ^= r0; \ + r4 = r1; \ + r1 &= r3; \ + r4 ^= r2; \ + r1 ^= r0; \ + r0 |= r3; \ + r0 ^= r4; \ + r4 ^= r3; \ + r3 ^= r2; \ + r2 |= r1; \ + r2 ^= r4; \ + r4 = ~r4; \ + r4 |= r1; \ + r1 ^= r3; \ + r1 ^= r4; \ + r3 |= r0; \ + r1 ^= r3; \ + r4 ^= r3; \ + } + +#define I0(i, r0, r1, r2, r3, r4) \ + { \ + r2 = ~r2; \ + r4 = r1; \ + r1 |= r0; \ + r4 = ~r4; \ + r1 ^= r2; \ + r2 |= r4; \ + r1 ^= r3; \ + r0 ^= r4; \ + r2 ^= r0; \ + r0 &= r3; \ + r4 ^= r0; \ + r0 |= r1; \ + r0 ^= r2; \ + r3 ^= r4; \ + r2 ^= r1; \ + r3 ^= r0; \ + r3 ^= r1; \ + r2 &= r3; \ + r4 ^= r2; \ + } + +#define S1(i, r0, r1, r2, r3, r4) \ + { \ + r0 = ~r0; \ + r2 = ~r2; \ + r4 = r0; \ + r0 &= r1; \ + r2 ^= r0; \ + r0 |= r3; \ + r3 ^= r2; \ + r1 ^= r0; \ + r0 ^= r4; \ + r4 |= r1; \ + r1 ^= r3; \ + r2 |= r0; \ + r2 &= r4; \ + r0 ^= r1; \ + r1 &= r2; \ + r1 ^= r0; \ + r0 &= r2; \ + r0 ^= r4; \ + } + +#define I1(i, r0, r1, r2, r3, r4) \ + { \ + r4 = r1; \ + r1 ^= r3; \ + r3 &= r1; \ + r4 ^= r2; \ + r3 ^= r0; \ + r0 |= r1; \ + r2 ^= r3; \ + r0 ^= r4; \ + r0 |= r2; \ + r1 ^= r3; \ + r0 ^= r1; \ + r1 |= r3; \ + r1 ^= r0; \ + r4 = ~r4; \ + r4 ^= r1; \ + r1 |= r0; \ + r1 ^= r0; \ + r1 |= r4; \ + r3 ^= r1; \ + } + +#define S2(i, r0, r1, r2, r3, r4) \ + { \ + r4 = r0; \ + r0 &= r2; \ + r0 ^= r3; \ + r2 ^= r1; \ + r2 ^= r0; \ + r3 |= r4; \ + r3 ^= r1; \ + r4 ^= r2; \ + r1 = r3; \ + r3 |= r4; \ + r3 ^= r0; \ + r0 &= r1; \ + r4 ^= r0; \ + r1 ^= r3; \ + r1 ^= r4; \ + r4 = ~r4; \ + } + +#define I2(i, r0, r1, r2, r3, r4) \ + { \ + r2 ^= r3; \ + r3 ^= r0; \ + r4 = r3; \ + r3 &= r2; \ + r3 ^= r1; \ + r1 |= r2; \ + r1 ^= r4; \ + r4 &= r3; \ + r2 ^= r3; \ + r4 &= r0; \ + r4 ^= r2; \ + r2 &= r1; \ + r2 |= r0; \ + r3 = ~r3; \ + r2 ^= r3; \ + r0 ^= r3; \ + r0 &= r1; \ + r3 ^= r4; \ + r3 ^= r0; \ + } + +#define S3(i, r0, r1, r2, r3, r4) \ + { \ + r4 = r0; \ + r0 |= r3; \ + r3 ^= r1; \ + r1 &= r4; \ + r4 ^= r2; \ + r2 ^= r3; \ + r3 &= r0; \ + r4 |= r1; \ + r3 ^= r4; \ + r0 ^= r1; \ + r4 &= r0; \ + r1 ^= r3; \ + r4 ^= r2; \ + r1 |= r0; \ + r1 ^= r2; \ + r0 ^= r3; \ + r2 = r1; \ + r1 |= r3; \ + r1 ^= r0; \ + } + +#define I3(i, r0, r1, r2, r3, r4) \ + { \ + r4 = r2; \ + r2 ^= r1; \ + r1 &= r2; \ + r1 ^= r0; \ + r0 &= r4; \ + r4 ^= r3; \ + r3 |= r1; \ + r3 ^= r2; \ + r0 ^= r4; \ + r2 ^= r0; \ + r0 |= r3; \ + r0 ^= r1; \ + r4 ^= r2; \ + r2 &= r3; \ + r1 |= r3; \ + r1 ^= r2; \ + r4 ^= r0; \ + r2 ^= r4; \ + } + +#define S4(i, r0, r1, r2, r3, r4) \ + { \ + r1 ^= r3; \ + r3 = ~r3; \ + r2 ^= r3; \ + r3 ^= r0; \ + r4 = r1; \ + r1 &= r3; \ + r1 ^= r2; \ + r4 ^= r3; \ + r0 ^= r4; \ + r2 &= r4; \ + r2 ^= r0; \ + r0 &= r1; \ + r3 ^= r0; \ + r4 |= r1; \ + r4 ^= r0; \ + r0 |= r3; \ + r0 ^= r2; \ + r2 &= r3; \ + r0 = ~r0; \ + r4 ^= r2; \ + } + +#define I4(i, r0, r1, r2, r3, r4) \ + { \ + r4 = r2; \ + r2 &= r3; \ + r2 ^= r1; \ + r1 |= r3; \ + r1 &= r0; \ + r4 ^= r2; \ + r4 ^= r1; \ + r1 &= r2; \ + r0 = ~r0; \ + r3 ^= r4; \ + r1 ^= r3; \ + r3 &= r0; \ + r3 ^= r2; \ + r0 ^= r1; \ + r2 &= r0; \ + r3 ^= r0; \ + r2 ^= r4; \ + r2 |= r3; \ + r3 ^= r0; \ + r2 ^= r1; \ + } + +#define S5(i, r0, r1, r2, r3, r4) \ + { \ + r0 ^= r1; \ + r1 ^= r3; \ + r3 = ~r3; \ + r4 = r1; \ + r1 &= r0; \ + r2 ^= r3; \ + r1 ^= r2; \ + r2 |= r4; \ + r4 ^= r3; \ + r3 &= r1; \ + r3 ^= r0; \ + r4 ^= r1; \ + r4 ^= r2; \ + r2 ^= r0; \ + r0 &= r3; \ + r2 = ~r2; \ + r0 ^= r4; \ + r4 |= r3; \ + r2 ^= r4; \ + } + +#define I5(i, r0, r1, r2, r3, r4) \ + { \ + r1 = ~r1; \ + r4 = r3; \ + r2 ^= r1; \ + r3 |= r0; \ + r3 ^= r2; \ + r2 |= r1; \ + r2 &= r0; \ + r4 ^= r3; \ + r2 ^= r4; \ + r4 |= r0; \ + r4 ^= r1; \ + r1 &= r2; \ + r1 ^= r3; \ + r4 ^= r2; \ + r3 &= r4; \ + r4 ^= r1; \ + r3 ^= r0; \ + r3 ^= r4; \ + r4 = ~r4; \ + } + +#define S6(i, r0, r1, r2, r3, r4) \ + { \ + r2 = ~r2; \ + r4 = r3; \ + r3 &= r0; \ + r0 ^= r4; \ + r3 ^= r2; \ + r2 |= r4; \ + r1 ^= r3; \ + r2 ^= r0; \ + r0 |= r1; \ + r2 ^= r1; \ + r4 ^= r0; \ + r0 |= r3; \ + r0 ^= r2; \ + r4 ^= r3; \ + r4 ^= r0; \ + r3 = ~r3; \ + r2 &= r4; \ + r2 ^= r3; \ + } + +#define I6(i, r0, r1, r2, r3, r4) \ + { \ + r0 ^= r2; \ + r4 = r2; \ + r2 &= r0; \ + r4 ^= r3; \ + r2 = ~r2; \ + r3 ^= r1; \ + r2 ^= r3; \ + r4 |= r0; \ + r0 ^= r2; \ + r3 ^= r4; \ + r4 ^= r1; \ + r1 &= r3; \ + r1 ^= r0; \ + r0 ^= r3; \ + r0 |= r2; \ + r3 ^= r1; \ + r4 ^= r0; \ + } + +#define S7(i, r0, r1, r2, r3, r4) \ + { \ + r4 = r2; \ + r2 &= r1; \ + r2 ^= r3; \ + r3 &= r1; \ + r4 ^= r2; \ + r2 ^= r1; \ + r1 ^= r0; \ + r0 |= r4; \ + r0 ^= r2; \ + r3 ^= r1; \ + r2 ^= r3; \ + r3 &= r0; \ + r3 ^= r4; \ + r4 ^= r2; \ + r2 &= r0; \ + r4 = ~r4; \ + r2 ^= r4; \ + r4 &= r0; \ + r1 ^= r3; \ + r4 ^= r1; \ + } + +#define I7(i, r0, r1, r2, r3, r4) \ + { \ + r4 = r2; \ + r2 ^= r0; \ + r0 &= r3; \ + r2 = ~r2; \ + r4 |= r3; \ + r3 ^= r1; \ + r1 |= r0; \ + r0 ^= r2; \ + r2 &= r4; \ + r1 ^= r2; \ + r2 ^= r0; \ + r0 |= r2; \ + r3 &= r4; \ + r0 ^= r3; \ + r4 ^= r1; \ + r3 ^= r4; \ + r4 |= r0; \ + r3 ^= r2; \ + r4 ^= r2; \ + } + +// key xor +#define KX(r, a, b, c, d, e) {\ + a ^= k[4 * r + 0]; \ + b ^= k[4 * r + 1]; \ + c ^= k[4 * r + 2]; \ + d ^= k[4 * r + 3];} + +#define LK(r, a, b, c, d, e) {\ + a = k[(8-r)*4 + 0]; \ + b = k[(8-r)*4 + 1]; \ + c = k[(8-r)*4 + 2]; \ + d = k[(8-r)*4 + 3];} + +#define SK(r, a, b, c, d, e) {\ + k[(8-r)*4 + 4] = a; \ + k[(8-r)*4 + 5] = b; \ + k[(8-r)*4 + 6] = c; \ + k[(8-r)*4 + 7] = d;} + +void Serpent_KeySchedule(word32 *k, unsigned int rounds, const byte *userKey, size_t keylen); + +NAMESPACE_END diff --git a/libs/win_crypto++/include/sha.h b/libs/win_crypto++/include/sha.h new file mode 100644 index 0000000..81bff8f --- /dev/null +++ b/libs/win_crypto++/include/sha.h @@ -0,0 +1,76 @@ +// sha.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile sha.h +//! \brief Classes for SHA-1 and SHA-2 family of message digests + +#ifndef CRYPTOPP_SHA_H +#define CRYPTOPP_SHA_H + +#include "config.h" +#include "iterhash.h" + +// Clang 3.3 integrated assembler crash on Linux +// http://github.com/weidai11/cryptopp/issues/264 +#if defined(CRYPTOPP_LLVM_CLANG_VERSION) && (CRYPTOPP_LLVM_CLANG_VERSION < 30400) +# define CRYPTOPP_DISABLE_SHA_ASM +#endif + +NAMESPACE_BEGIN(CryptoPP) + +/// SHA-1 +class CRYPTOPP_DLL SHA1 : public IteratedHashWithStaticTransform +{ +public: + static void CRYPTOPP_API InitState(HashWordType *state); + static void CRYPTOPP_API Transform(word32 *digest, const word32 *data); + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-1";} +}; + +typedef SHA1 SHA; // for backwards compatibility + +//! implements the SHA-256 standard +class CRYPTOPP_DLL SHA256 : public IteratedHashWithStaticTransform +{ +public: +#if (defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X32_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE)) && !defined(CRYPTOPP_DISABLE_SHA_ASM) + size_t HashMultipleBlocks(const word32 *input, size_t length); +#endif + static void CRYPTOPP_API InitState(HashWordType *state); + static void CRYPTOPP_API Transform(word32 *digest, const word32 *data); + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-256";} +}; + +//! implements the SHA-224 standard +class CRYPTOPP_DLL SHA224 : public IteratedHashWithStaticTransform +{ +public: +#if (defined(CRYPTOPP_X86_ASM_AVAILABLE) || defined(CRYPTOPP_X32_ASM_AVAILABLE) || defined(CRYPTOPP_X64_MASM_AVAILABLE)) && !defined(CRYPTOPP_DISABLE_SHA_ASM) + size_t HashMultipleBlocks(const word32 *input, size_t length); +#endif + static void CRYPTOPP_API InitState(HashWordType *state); + static void CRYPTOPP_API Transform(word32 *digest, const word32 *data) {SHA256::Transform(digest, data);} + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-224";} +}; + +//! implements the SHA-512 standard +class CRYPTOPP_DLL SHA512 : public IteratedHashWithStaticTransform +{ +public: + static void CRYPTOPP_API InitState(HashWordType *state); + static void CRYPTOPP_API Transform(word64 *digest, const word64 *data); + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-512";} +}; + +//! implements the SHA-384 standard +class CRYPTOPP_DLL SHA384 : public IteratedHashWithStaticTransform +{ +public: + static void CRYPTOPP_API InitState(HashWordType *state); + static void CRYPTOPP_API Transform(word64 *digest, const word64 *data) {SHA512::Transform(digest, data);} + CRYPTOPP_CONSTEXPR static const char * CRYPTOPP_API StaticAlgorithmName() {return "SHA-384";} +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/sha3.h b/libs/win_crypto++/include/sha3.h new file mode 100644 index 0000000..7975098 --- /dev/null +++ b/libs/win_crypto++/include/sha3.h @@ -0,0 +1,93 @@ +// sha3.h - written and placed in the public domain by Wei Dai + +//! \file sha3.h +//! \brief Classes for SHA3 message digests +//! \details The Crypto++ implementation conforms to the FIPS 202 version of SHA3 using F1600 with XOF d=0x06. +//! Previous behavior (XOF d=0x01) is available in Keccak classes. +//! \sa SHA-3, +//! SHA-3 STANDARD (FIPS 202). +//! \since Crypto++ 5.6.2 + +#ifndef CRYPTOPP_SHA3_H +#define CRYPTOPP_SHA3_H + +#include "cryptlib.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class SHA3 +//! \brief SHA3 message digest base class +//! \details The Crypto++ implementation conforms to FIPS 202 version of SHA3 using F1600 with XOF d=0x06. +//! Previous behavior (XOF d=0x01) is available in Keccak classes. +//! \details SHA3 is the base class for SHA3_224, SHA3_256, SHA3_384 and SHA3_512. +//! Library users should instantiate a derived class, and only use SHA3 +//! as a base class reference or pointer. +//! \sa Keccak, SHA3_224, SHA3_256, SHA3_384 and SHA3_512. +//! \since Crypto++ 5.6.2 +class SHA3 : public HashTransformation +{ +public: + //! \brief Construct a SHA3 + //! \param digestSize the digest size, in bytes + //! \details SHA3 is the base class for SHA3_224, SHA3_256, SHA3_384 and SHA3_512. + //! Library users should instantiate a derived class, and only use SHA3 + //! as a base class reference or pointer. + SHA3(unsigned int digestSize) : m_digestSize(digestSize) {Restart();} + unsigned int DigestSize() const {return m_digestSize;} + std::string AlgorithmName() const {return "SHA3-" + IntToString(m_digestSize*8);} + CRYPTOPP_CONSTEXPR static const char* StaticAlgorithmName() { return "SHA3"; } + unsigned int OptimalDataAlignment() const {return GetAlignmentOf();} + + void Update(const byte *input, size_t length); + void Restart(); + void TruncatedFinal(byte *hash, size_t size); + + // unsigned int BlockSize() const { return r(); } // that's the idea behind it +protected: + inline unsigned int r() const {return 200 - 2 * m_digestSize;} + + FixedSizeSecBlock m_state; + unsigned int m_digestSize, m_counter; +}; + +//! \class SHA3_224 +//! \tparam DigestSize controls the digest size as a template parameter instead of a per-class constant +//! \brief SHA3-X message digest, template for more fine-grained typedefs +//! \since Crypto++ 5.7.0 +template +class SHA3_Final : public SHA3 +{ +public: + CRYPTOPP_CONSTANT(DIGESTSIZE = T_DigestSize) + CRYPTOPP_CONSTANT(BLOCKSIZE = 200 - 2 * DIGESTSIZE) + + //! \brief Construct a SHA3-X message digest + SHA3_Final() : SHA3(DIGESTSIZE) {} + static std::string StaticAlgorithmName() { return "SHA3-" + IntToString(DIGESTSIZE * 8); } + unsigned int BlockSize() const { return BLOCKSIZE; } +private: + CRYPTOPP_COMPILE_ASSERT(BLOCKSIZE < 200); // ensure there was no underflow in the math + CRYPTOPP_COMPILE_ASSERT(BLOCKSIZE > (int)T_DigestSize); // this is a general expectation by HMAC +}; + +//! \class SHA3_224 +//! \brief SHA3-224 message digest +//! \since Crypto++ 5.6.2 +typedef SHA3_Final<28> SHA3_224; +//! \class SHA3_256 +//! \brief SHA3-256 message digest +//! \since Crypto++ 5.6.2 +typedef SHA3_Final<32> SHA3_256; +//! \class SHA3_384 +//! \brief SHA3-384 message digest +//! \since Crypto++ 5.6.2 +typedef SHA3_Final<48> SHA3_384; +//! \class SHA3_512 +//! \brief SHA3-512 message digest +//! \since Crypto++ 5.6.2 +typedef SHA3_Final<64> SHA3_512; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/shacal2.h b/libs/win_crypto++/include/shacal2.h new file mode 100644 index 0000000..c14f445 --- /dev/null +++ b/libs/win_crypto++/include/shacal2.h @@ -0,0 +1,59 @@ +// shacal.h - written and placed in the public domain by Wei Dai + +//! \file shacal2.h +//! \brief Classes for the SHACAL-2 block cipher + +#ifndef CRYPTOPP_SHACAL2_H +#define CRYPTOPP_SHACAL2_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class SHACAL2_Info +//! \brief SHACAL2 block cipher information +struct SHACAL2_Info : public FixedBlockSize<32>, public VariableKeyLength<16, 16, 64> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "SHACAL-2";} +}; + +//! \class SHACAL2 +//! \brief SHACAL2 block cipher +//! \sa SHACAL-2 +class SHACAL2 : public SHACAL2_Info, public BlockCipherDocumentation +{ + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + + protected: + FixedSizeSecBlock m_key; + + static const word32 K[64]; + }; + + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef SHACAL2::Encryption SHACAL2Encryption; +typedef SHACAL2::Decryption SHACAL2Decryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/shark.h b/libs/win_crypto++/include/shark.h new file mode 100644 index 0000000..f381f22 --- /dev/null +++ b/libs/win_crypto++/include/shark.h @@ -0,0 +1,76 @@ +// shark.h - written and placed in the public domain by Wei Dai + +//! \file shark.h +//! \brief Classes for the SHARK block cipher + +#ifndef CRYPTOPP_SHARK_H +#define CRYPTOPP_SHARK_H + +#include "config.h" +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class SHARK_Info +//! \brief SHARK block cipher information +struct SHARK_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public VariableRounds<6, 2> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "SHARK-E";} +}; + +//! \class SHARK +//! \brief SHARK block cipher +/// SHARK-E +class SHARK : public SHARK_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief SHARK block cipher default operation + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶m); + + protected: + unsigned int m_rounds; + SecBlock m_roundKeys; + }; + + //! \class Enc + //! \brief SHARK block cipher encryption operation + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + + // used by Base to do key setup + void InitForKeySetup(); + + private: + static const byte sbox[256]; + static const word64 cbox[8][256]; + }; + + //! \class Dec + //! \brief SHARK block cipher decryption operation + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + + private: + static const byte sbox[256]; + static const word64 cbox[8][256]; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef SHARK::Encryption SHARKEncryption; +typedef SHARK::Decryption SHARKDecryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/simple.h b/libs/win_crypto++/include/simple.h new file mode 100644 index 0000000..e1aa568 --- /dev/null +++ b/libs/win_crypto++/include/simple.h @@ -0,0 +1,306 @@ +// simple.h - written and placed in the public domain by Wei Dai + +//! \file simple.h +//! \brief Classes providing basic library services. + +#ifndef CRYPTOPP_SIMPLE_H +#define CRYPTOPP_SIMPLE_H + +#include "config.h" + +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4127 4189) +#endif + +#include "cryptlib.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class ClonableImpl +//! \brief Base class for identifying alogorithm +//! \tparam BASE base class from which to derive +//! \tparam DERIVED class which to clone +template +class CRYPTOPP_NO_VTABLE ClonableImpl : public BASE +{ +public: + Clonable * Clone() const {return new DERIVED(*static_cast(this));} +}; + +//! \class AlgorithmImpl +//! \brief Base class for identifying alogorithm +//! \tparam BASE an Algorithm derived class +//! \tparam ALGORITHM_INFO an Algorithm derived class +//! \details AlgorithmImpl provides StaticAlgorithmName from the template parameter BASE +template +class CRYPTOPP_NO_VTABLE AlgorithmImpl : public BASE +{ +public: + static std::string CRYPTOPP_API StaticAlgorithmName() {return ALGORITHM_INFO::StaticAlgorithmName();} + std::string AlgorithmName() const {return ALGORITHM_INFO::StaticAlgorithmName();} +}; + +//! \class InvalidKeyLength +//! \brief Exception thrown when an invalid key length is encountered +class CRYPTOPP_DLL InvalidKeyLength : public InvalidArgument +{ +public: + explicit InvalidKeyLength(const std::string &algorithm, size_t length) : InvalidArgument(algorithm + ": " + IntToString(length) + " is not a valid key length") {} +}; + +//! \class InvalidRounds +//! \brief Exception thrown when an invalid number of rounds is encountered +class CRYPTOPP_DLL InvalidRounds : public InvalidArgument +{ +public: + explicit InvalidRounds(const std::string &algorithm, unsigned int rounds) : InvalidArgument(algorithm + ": " + IntToString(rounds) + " is not a valid number of rounds") {} +}; + +//! \class InvalidPersonalizationLength +//! \brief Exception thrown when an invalid personalization string length is encountered +class CRYPTOPP_DLL InvalidPersonalizationLength : public InvalidArgument +{ +public: + explicit InvalidPersonalizationLength(const std::string &algorithm, size_t length) : InvalidArgument(algorithm + ": " + IntToString(length) + " is not a valid salt length") {} +}; + +//! \class InvalidSaltLength +//! \brief Exception thrown when an invalid salt length is encountered +class CRYPTOPP_DLL InvalidSaltLength : public InvalidArgument +{ +public: + explicit InvalidSaltLength(const std::string &algorithm, size_t length) : InvalidArgument(algorithm + ": " + IntToString(length) + " is not a valid salt length") {} +}; + +// ***************************** + +//! \class Bufferless +//! \brief Base class for bufferless filters +//! \tparam T the class or type +template +class CRYPTOPP_NO_VTABLE Bufferless : public T +{ +public: + bool IsolatedFlush(bool hardFlush, bool blocking) + {CRYPTOPP_UNUSED(hardFlush); CRYPTOPP_UNUSED(blocking); return false;} +}; + +//! \class Unflushable +//! \brief Base class for unflushable filters +//! \tparam T the class or type +template +class CRYPTOPP_NO_VTABLE Unflushable : public T +{ +public: + bool Flush(bool completeFlush, int propagation=-1, bool blocking=true) + {return ChannelFlush(DEFAULT_CHANNEL, completeFlush, propagation, blocking);} + bool IsolatedFlush(bool hardFlush, bool blocking) + {CRYPTOPP_UNUSED(hardFlush); CRYPTOPP_UNUSED(blocking); CRYPTOPP_ASSERT(false); return false;} + bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true) + { + if (hardFlush && !InputBufferIsEmpty()) + throw CannotFlush("Unflushable: this object has buffered input that cannot be flushed"); + else + { + BufferedTransformation *attached = this->AttachedTransformation(); + return attached && propagation ? attached->ChannelFlush(channel, hardFlush, propagation-1, blocking) : false; + } + } + +protected: + virtual bool InputBufferIsEmpty() const {return false;} +}; + +//! \class InputRejecting +//! \brief Base class for input rejecting filters +//! \tparam T the class or type +//! \details T should be a BufferedTransformation derived class +template +class CRYPTOPP_NO_VTABLE InputRejecting : public T +{ +public: + struct InputRejected : public NotImplemented + {InputRejected() : NotImplemented("BufferedTransformation: this object doesn't allow input") {}}; + + //! \name INPUT + //@{ + + //! \brief Input a byte array for processing + //! \param inString the byte array to process + //! \param length the size of the string, in bytes + //! \param messageEnd means how many filters to signal MessageEnd() to, including this one + //! \param blocking specifies whether the object should block when processing input + //! \throws InputRejected + //! \returns the number of bytes that remain in the block (i.e., bytes not processed) + //! \details Internally, the default implmentation throws InputRejected. + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) + {CRYPTOPP_UNUSED(inString); CRYPTOPP_UNUSED(length); CRYPTOPP_UNUSED(messageEnd); CRYPTOPP_UNUSED(blocking); throw InputRejected();} + //@} + + //! \name SIGNALS + //@{ + bool IsolatedFlush(bool hardFlush, bool blocking) + {CRYPTOPP_UNUSED(hardFlush); CRYPTOPP_UNUSED(blocking); return false;} + bool IsolatedMessageSeriesEnd(bool blocking) + {CRYPTOPP_UNUSED(blocking); throw InputRejected();} + size_t ChannelPut2(const std::string &channel, const byte *inString, size_t length, int messageEnd, bool blocking) + {CRYPTOPP_UNUSED(channel); CRYPTOPP_UNUSED(inString); CRYPTOPP_UNUSED(length); CRYPTOPP_UNUSED(messageEnd); CRYPTOPP_UNUSED(blocking); throw InputRejected();} + bool ChannelMessageSeriesEnd(const std::string& channel, int messageEnd, bool blocking) + {CRYPTOPP_UNUSED(channel); CRYPTOPP_UNUSED(messageEnd); CRYPTOPP_UNUSED(blocking); throw InputRejected();} + //@} +}; + +//! \class CustomFlushPropagation +//! \brief Provides interface for custom flush signals +//! \tparam T the class or type +//! \details T should be a BufferedTransformation derived class +template +class CRYPTOPP_NO_VTABLE CustomFlushPropagation : public T +{ +public: + //! \name SIGNALS + //@{ + virtual bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) =0; + //@} + +private: + bool IsolatedFlush(bool hardFlush, bool blocking) + {CRYPTOPP_UNUSED(hardFlush); CRYPTOPP_UNUSED(blocking); CRYPTOPP_ASSERT(false); return false;} +}; + +//! \class CustomSignalPropagation +//! \brief Provides interface for initialization of derived filters +//! \tparam T the class or type +//! \details T should be a BufferedTransformation derived class +template +class CRYPTOPP_NO_VTABLE CustomSignalPropagation : public CustomFlushPropagation +{ +public: + virtual void Initialize(const NameValuePairs ¶meters=g_nullNameValuePairs, int propagation=-1) =0; + +private: + void IsolatedInitialize(const NameValuePairs ¶meters) + {CRYPTOPP_UNUSED(parameters); CRYPTOPP_ASSERT(false);} +}; + +//! \class Multichannel +//! \brief Provides multiple channels support for custom flush signal processing +//! \tparam T the class or type +//! \details T should be a BufferedTransformation derived class +template +class CRYPTOPP_NO_VTABLE Multichannel : public CustomFlushPropagation +{ +public: + bool Flush(bool hardFlush, int propagation=-1, bool blocking=true) + {return this->ChannelFlush(DEFAULT_CHANNEL, hardFlush, propagation, blocking);} + bool MessageSeriesEnd(int propagation=-1, bool blocking=true) + {return this->ChannelMessageSeriesEnd(DEFAULT_CHANNEL, propagation, blocking);} + byte * CreatePutSpace(size_t &size) + {return this->ChannelCreatePutSpace(DEFAULT_CHANNEL, size);} + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) + {return this->ChannelPut2(DEFAULT_CHANNEL, inString, length, messageEnd, blocking);} + size_t PutModifiable2(byte *inString, size_t length, int messageEnd, bool blocking) + {return this->ChannelPutModifiable2(DEFAULT_CHANNEL, inString, length, messageEnd, blocking);} + +// void ChannelMessageSeriesEnd(const std::string &channel, int propagation=-1) +// {PropagateMessageSeriesEnd(propagation, channel);} + byte * ChannelCreatePutSpace(const std::string &channel, size_t &size) + {CRYPTOPP_UNUSED(channel); size = 0; return NULL;} + bool ChannelPutModifiable(const std::string &channel, byte *inString, size_t length) + {this->ChannelPut(channel, inString, length); return false;} + + virtual size_t ChannelPut2(const std::string &channel, const byte *begin, size_t length, int messageEnd, bool blocking) =0; + size_t ChannelPutModifiable2(const std::string &channel, byte *begin, size_t length, int messageEnd, bool blocking) + {return ChannelPut2(channel, begin, length, messageEnd, blocking);} + + virtual bool ChannelFlush(const std::string &channel, bool hardFlush, int propagation=-1, bool blocking=true) =0; +}; + +//! \class AutoSignaling +//! \brief Provides auto signaling support +//! \tparam T the class or type +//! \details T should be a BufferedTransformation derived class +template +class CRYPTOPP_NO_VTABLE AutoSignaling : public T +{ +public: + AutoSignaling(int propagation=-1) : m_autoSignalPropagation(propagation) {} + + void SetAutoSignalPropagation(int propagation) + {m_autoSignalPropagation = propagation;} + int GetAutoSignalPropagation() const + {return m_autoSignalPropagation;} + +private: + int m_autoSignalPropagation; +}; + +//! \class Store +//! \brief Acts as a Source for pre-existing, static data +//! \tparam T the class or type +//! \details A BufferedTransformation that only contains pre-existing data as "output" +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Store : public AutoSignaling > +{ +public: + //! \brief Construct a Store + Store() : m_messageEnd(false) {} + + void IsolatedInitialize(const NameValuePairs ¶meters) + { + m_messageEnd = false; + StoreInitialize(parameters); + } + + unsigned int NumberOfMessages() const {return m_messageEnd ? 0 : 1;} + bool GetNextMessage(); + unsigned int CopyMessagesTo(BufferedTransformation &target, unsigned int count=UINT_MAX, const std::string &channel=DEFAULT_CHANNEL) const; + +protected: + virtual void StoreInitialize(const NameValuePairs ¶meters) =0; + + bool m_messageEnd; +}; + +//! \class Sink +//! \brief Implementation of BufferedTransformation's attachment interface +//! \details Sink is a cornerstone of the Pipeline trinitiy. Data flows from +//! Sources, through Filters, and then terminates in Sinks. The difference +//! between a Source and Filter is a Source \a pumps data, while a Filter does +//! not. The difference between a Filter and a Sink is a Filter allows an +//! attached transformation, while a Sink does not. +//! \details A Sink doesnot produce any retrievable output. +//! \details See the discussion of BufferedTransformation in cryptlib.h for +//! more details. +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Sink : public BufferedTransformation +{ +public: + size_t TransferTo2(BufferedTransformation &target, lword &transferBytes, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) + {CRYPTOPP_UNUSED(target); CRYPTOPP_UNUSED(transferBytes); CRYPTOPP_UNUSED(channel); CRYPTOPP_UNUSED(blocking); transferBytes = 0; return 0;} + size_t CopyRangeTo2(BufferedTransformation &target, lword &begin, lword end=LWORD_MAX, const std::string &channel=DEFAULT_CHANNEL, bool blocking=true) const + {CRYPTOPP_UNUSED(target); CRYPTOPP_UNUSED(begin); CRYPTOPP_UNUSED(end); CRYPTOPP_UNUSED(channel); CRYPTOPP_UNUSED(blocking); return 0;} +}; + +//! \class BitBucket +//! \brief Acts as an input discarding Filter or Sink +//! \tparam T the class or type +//! \details The BitBucket discards all input and returns 0 to the caller +//! to indicate all data was processed. +class CRYPTOPP_DLL BitBucket : public Bufferless +{ +public: + std::string AlgorithmName() const {return "BitBucket";} + void IsolatedInitialize(const NameValuePairs ¶ms) + {CRYPTOPP_UNUSED(params);} + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking) + {CRYPTOPP_UNUSED(inString); CRYPTOPP_UNUSED(length); CRYPTOPP_UNUSED(messageEnd); CRYPTOPP_UNUSED(blocking); return 0;} +}; + +NAMESPACE_END + +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + +#endif diff --git a/libs/win_crypto++/include/skipjack.h b/libs/win_crypto++/include/skipjack.h new file mode 100644 index 0000000..03bf78a --- /dev/null +++ b/libs/win_crypto++/include/skipjack.h @@ -0,0 +1,72 @@ +// skipjack.h - written and placed in the public domain by Wei Dai + +//! \file skipjack.h +//! \brief Classes for the SKIPJACK block cipher + +#ifndef CRYPTOPP_SKIPJACK_H +#define CRYPTOPP_SKIPJACK_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class SKIPJACK_Info +//! \brief SKIPJACK block cipher information +struct SKIPJACK_Info : public FixedBlockSize<8>, public FixedKeyLength<10> +{ + CRYPTOPP_DLL static const char * CRYPTOPP_API StaticAlgorithmName() {return "SKIPJACK";} +}; + +//! \class SKIPJACK +//! \brief SKIPJACK block cipher +//! \sa SKIPJACK +class SKIPJACK : public SKIPJACK_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief SKIPJACK block cipher default operation + class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + unsigned int OptimalDataAlignment() const {return GetAlignmentOf();} + + protected: + static const byte fTable[256]; + + FixedSizeSecBlock tab; + }; + + //! \class Enc + //! \brief SKIPJACK block cipher encryption operation + class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + private: + static const byte Se[256]; + static const word32 Te[4][256]; + }; + + //! \class Dec + //! \brief SKIPJACK block cipher decryption operation + class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + private: + static const byte Sd[256]; + static const word32 Td[4][256]; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef SKIPJACK::Encryption SKIPJACKEncryption; +typedef SKIPJACK::Decryption SKIPJACKDecryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/smartptr.h b/libs/win_crypto++/include/smartptr.h new file mode 100644 index 0000000..1f0d3a8 --- /dev/null +++ b/libs/win_crypto++/include/smartptr.h @@ -0,0 +1,321 @@ +// smartptr.h - written and placed in the public domain by Wei Dai + +//! \file +//! \headerfile smartptr.h +//! \brief Classes for automatic resource management + +#ifndef CRYPTOPP_SMARTPTR_H +#define CRYPTOPP_SMARTPTR_H + +#include "config.h" +#include "stdcpp.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class simple_ptr +//! \brief Manages resources for a single object +//! \tparam T class or type +//! \details \p simple_ptr is used frequently in the library to manage resources and +//! ensure cleanup under the RAII pattern (Resource Acquisition Is Initialization). +template class simple_ptr +{ +public: + simple_ptr(T *p = NULL) : m_p(p) {} + ~simple_ptr() + { + delete m_p; + *((volatile T**)&m_p) = NULL; + } + + T *m_p; +}; + +//! \class member_ptr +//! \brief Pointer that overloads operator -> +//! \tparam T class or type +//! \details member_ptr is used frequently in the library to avoid the issues related to +//! std::auto_ptr in C++11 (deprecated) and std::unique_ptr in C++03 (non-existent). +//! \bug Issue 48: "Use of auto_ptr causes dirty compile under C++11" +template class member_ptr +{ +public: + explicit member_ptr(T *p = NULL) : m_p(p) {} + + ~member_ptr(); + + const T& operator*() const { return *m_p; } + T& operator*() { return *m_p; } + + const T* operator->() const { return m_p; } + T* operator->() { return m_p; } + + const T* get() const { return m_p; } + T* get() { return m_p; } + + T* release() + { + T *old_p = m_p; + *((volatile T**)&m_p) = NULL; + return old_p; + } + + void reset(T *p = 0); + +protected: + member_ptr(const member_ptr& rhs); // copy not allowed + void operator=(const member_ptr& rhs); // assignment not allowed + + T *m_p; +}; + +template member_ptr::~member_ptr() {delete m_p;} +template void member_ptr::reset(T *p) {delete m_p; m_p = p;} + +// ******************************************************** + +//! \class value_ptr +//! \brief Value pointer +//! \tparam T class or type +template class value_ptr : public member_ptr +{ +public: + value_ptr(const T &obj) : member_ptr(new T(obj)) {} + value_ptr(T *p = NULL) : member_ptr(p) {} + value_ptr(const value_ptr& rhs) + : member_ptr(rhs.m_p ? new T(*rhs.m_p) : NULL) {} + + value_ptr& operator=(const value_ptr& rhs); + bool operator==(const value_ptr& rhs) + { + return (!this->m_p && !rhs.m_p) || (this->m_p && rhs.m_p && *this->m_p == *rhs.m_p); + } +}; + +template value_ptr& value_ptr::operator=(const value_ptr& rhs) +{ + T *old_p = this->m_p; + this->m_p = rhs.m_p ? new T(*rhs.m_p) : NULL; + delete old_p; + return *this; +} + +// ******************************************************** + +//! \class clonable_ptr +//! \brief A pointer which can be copied and cloned +//! \tparam T class or type +//! \details \p T should adhere to the \p Clonable interface +template class clonable_ptr : public member_ptr +{ +public: + clonable_ptr(const T &obj) : member_ptr(obj.Clone()) {} + clonable_ptr(T *p = NULL) : member_ptr(p) {} + clonable_ptr(const clonable_ptr& rhs) + : member_ptr(rhs.m_p ? rhs.m_p->Clone() : NULL) {} + + clonable_ptr& operator=(const clonable_ptr& rhs); +}; + +template clonable_ptr& clonable_ptr::operator=(const clonable_ptr& rhs) +{ + T *old_p = this->m_p; + this->m_p = rhs.m_p ? rhs.m_p->Clone() : NULL; + delete old_p; + return *this; +} + +// ******************************************************** + +//! \class counted_ptr +//! \brief Reference counted pointer +//! \tparam T class or type +//! \details users should declare \p m_referenceCount as std::atomic +//! (or similar) under C++ 11 +template class counted_ptr +{ +public: + explicit counted_ptr(T *p = 0); + counted_ptr(const T &r) : m_p(0) {attach(r);} + counted_ptr(const counted_ptr& rhs); + + ~counted_ptr(); + + const T& operator*() const { return *m_p; } + T& operator*() { return *m_p; } + + const T* operator->() const { return m_p; } + T* operator->() { return get(); } + + const T* get() const { return m_p; } + T* get(); + + void attach(const T &p); + + counted_ptr & operator=(const counted_ptr& rhs); + +private: + T *m_p; +}; + +template counted_ptr::counted_ptr(T *p) + : m_p(p) +{ + if (m_p) + m_p->m_referenceCount = 1; +} + +template counted_ptr::counted_ptr(const counted_ptr& rhs) + : m_p(rhs.m_p) +{ + if (m_p) + m_p->m_referenceCount++; +} + +template counted_ptr::~counted_ptr() +{ + if (m_p && --m_p->m_referenceCount == 0) + delete m_p; +} + +template void counted_ptr::attach(const T &r) +{ + if (m_p && --m_p->m_referenceCount == 0) + delete m_p; + if (r.m_referenceCount == 0) + { + m_p = r.clone(); + m_p->m_referenceCount = 1; + } + else + { + m_p = const_cast(&r); + m_p->m_referenceCount++; + } +} + +template T* counted_ptr::get() +{ + if (m_p && m_p->m_referenceCount > 1) + { + T *temp = m_p->clone(); + m_p->m_referenceCount--; + m_p = temp; + m_p->m_referenceCount = 1; + } + return m_p; +} + +template counted_ptr & counted_ptr::operator=(const counted_ptr& rhs) +{ + if (m_p != rhs.m_p) + { + if (m_p && --m_p->m_referenceCount == 0) + delete m_p; + m_p = rhs.m_p; + if (m_p) + m_p->m_referenceCount++; + } + return *this; +} + +// ******************************************************** + +//! \class vector_ptr +//! \brief Manages resources for an array of objects +//! \tparam T class or type +//! \details \p vector_ptr is used frequently in the library to avoid large stack allocations, +//! and manage resources and ensure cleanup under the RAII pattern (Resource Acquisition +//! Is Initialization). +template class vector_ptr +{ +public: + //! Construct an arry of \p T + //! \param size the size of the array, in elements + //! \details If \p T is a Plain Old Dataype (POD), then the array is uninitialized. + vector_ptr(size_t size=0) + : m_size(size), m_ptr(new T[m_size]) {} + ~vector_ptr() + {delete [] m_ptr;} + + T& operator[](size_t index) + {CRYPTOPP_ASSERT(m_size && indexm_size); return this->m_ptr[index];} + const T& operator[](size_t index) const + {CRYPTOPP_ASSERT(m_size && indexm_size); return this->m_ptr[index];} + + size_t size() const {return this->m_size;} + void resize(size_t newSize) + { + T *newPtr = new T[newSize]; + for (size_t i=0; im_size && im_ptr; + this->m_size = newSize; + this->m_ptr = newPtr; + } + +#ifdef __BORLANDC__ + operator T *() const + {return (T*)m_ptr;} +#else + operator const void *() const + {return m_ptr;} + operator void *() + {return m_ptr;} + + operator const T *() const + {return m_ptr;} + operator T *() + {return m_ptr;} +#endif + +private: + vector_ptr(const vector_ptr &c); // copy not allowed + void operator=(const vector_ptr &x); // assignment not allowed + + size_t m_size; + T *m_ptr; +}; + +// ******************************************************** + +//! \class vector_member_ptrs +//! \brief Manages resources for an array of objects +//! \tparam T class or type +template class vector_member_ptrs +{ +public: + //! Construct an arry of \p T + //! \param size the size of the array, in elements + //! \details If \p T is a Plain Old Dataype (POD), then the array is uninitialized. + vector_member_ptrs(size_t size=0) + : m_size(size), m_ptr(new member_ptr[size]) {} + ~vector_member_ptrs() + {delete [] this->m_ptr;} + + member_ptr& operator[](size_t index) + {CRYPTOPP_ASSERT(indexm_size); return this->m_ptr[index];} + const member_ptr& operator[](size_t index) const + {CRYPTOPP_ASSERT(indexm_size); return this->m_ptr[index];} + + size_t size() const {return this->m_size;} + void resize(size_t newSize) + { + member_ptr *newPtr = new member_ptr[newSize]; + for (size_t i=0; im_size && im_ptr[i].release()); + delete [] this->m_ptr; + this->m_size = newSize; + this->m_ptr = newPtr; + } + +private: + vector_member_ptrs(const vector_member_ptrs &c); // copy not allowed + void operator=(const vector_member_ptrs &x); // assignment not allowed + + size_t m_size; + member_ptr *m_ptr; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/socketft.h b/libs/win_crypto++/include/socketft.h new file mode 100644 index 0000000..fcd8065 --- /dev/null +++ b/libs/win_crypto++/include/socketft.h @@ -0,0 +1,227 @@ +#ifndef CRYPTOPP_SOCKETFT_H +#define CRYPTOPP_SOCKETFT_H + +#include "config.h" + +#if !defined(NO_OS_DEPENDENCE) && defined(SOCKETS_AVAILABLE) + +#include "cryptlib.h" +#include "network.h" +#include "queue.h" + +#ifdef USE_WINDOWS_STYLE_SOCKETS +# if defined(_WINSOCKAPI_) && !defined(_WINSOCK2API_) +# error Winsock 1 is not supported by this library. Please include this file or winsock2.h before windows.h. +# endif +#include +#include +#include "winpipes.h" +#else +#include +#include +#include +#include +#endif + +NAMESPACE_BEGIN(CryptoPP) + +#ifdef USE_WINDOWS_STYLE_SOCKETS +typedef ::SOCKET socket_t; +#else +typedef int socket_t; +const socket_t INVALID_SOCKET = -1; +// cygwin 1.1.4 doesn't have SHUT_RD +const int SD_RECEIVE = 0; +const int SD_SEND = 1; +const int SD_BOTH = 2; +const int SOCKET_ERROR = -1; +#endif + +#ifndef socklen_t +typedef TYPE_OF_SOCKLEN_T socklen_t; // see config.h +#endif + +//! wrapper for Windows or Berkeley Sockets +class Socket +{ +public: + //! exception thrown by Socket class + class Err : public OS_Error + { + public: + Err(socket_t s, const std::string& operation, int error); + socket_t GetSocket() const {return m_s;} + + private: + socket_t m_s; + }; + + Socket(socket_t s = INVALID_SOCKET, bool own=false) : m_s(s), m_own(own) {} + Socket(const Socket &s) : m_s(s.m_s), m_own(false) {} + virtual ~Socket(); + + bool GetOwnership() const {return m_own;} + void SetOwnership(bool own) {m_own = own;} + + operator socket_t() {return m_s;} + socket_t GetSocket() const {return m_s;} + void AttachSocket(socket_t s, bool own=false); + socket_t DetachSocket(); + void CloseSocket(); + + void Create(int nType = SOCK_STREAM); + void Bind(unsigned int port, const char *addr=NULL); + void Bind(const sockaddr* psa, socklen_t saLen); + void Listen(int backlog=5); + // the next three functions return false if the socket is in nonblocking mode + // and the operation cannot be completed immediately + bool Connect(const char *addr, unsigned int port); + bool Connect(const sockaddr* psa, socklen_t saLen); + bool Accept(Socket& s, sockaddr *psa=NULL, socklen_t *psaLen=NULL); + void GetSockName(sockaddr *psa, socklen_t *psaLen); + void GetPeerName(sockaddr *psa, socklen_t *psaLen); + unsigned int Send(const byte* buf, size_t bufLen, int flags=0); + unsigned int Receive(byte* buf, size_t bufLen, int flags=0); + void ShutDown(int how = SD_SEND); + + void IOCtl(long cmd, unsigned long *argp); + bool SendReady(const timeval *timeout); + bool ReceiveReady(const timeval *timeout); + + virtual void HandleError(const char *operation) const; + void CheckAndHandleError_int(const char *operation, int result) const + {if (result == SOCKET_ERROR) HandleError(operation);} + void CheckAndHandleError(const char *operation, socket_t result) const + {if (result == static_cast(SOCKET_ERROR)) HandleError(operation);} +#ifdef USE_WINDOWS_STYLE_SOCKETS + void CheckAndHandleError(const char *operation, BOOL result) const + {if (!result) HandleError(operation);} + void CheckAndHandleError(const char *operation, bool result) const + {if (!result) HandleError(operation);} +#endif + + //! look up the port number given its name, returns 0 if not found + static unsigned int PortNameToNumber(const char *name, const char *protocol="tcp"); + //! start Windows Sockets 2 + static void StartSockets(); + //! calls WSACleanup for Windows Sockets + static void ShutdownSockets(); + //! returns errno or WSAGetLastError + static int GetLastError(); + //! sets errno or calls WSASetLastError + static void SetLastError(int errorCode); + +protected: + virtual void SocketChanged() {} + + socket_t m_s; + bool m_own; +}; + +class SocketsInitializer +{ +public: + SocketsInitializer() {Socket::StartSockets();} + ~SocketsInitializer() {try {Socket::ShutdownSockets();} catch (const Exception&) {CRYPTOPP_ASSERT(0);}} +}; + +class SocketReceiver : public NetworkReceiver +{ +public: + SocketReceiver(Socket &s); + +#ifdef USE_BERKELEY_STYLE_SOCKETS + bool MustWaitToReceive() {return true;} +#else + ~SocketReceiver(); + bool MustWaitForResult() {return true;} +#endif + bool Receive(byte* buf, size_t bufLen); + unsigned int GetReceiveResult(); + bool EofReceived() const {return m_eofReceived;} + + unsigned int GetMaxWaitObjectCount() const {return 1;} + void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); + +private: + Socket &m_s; + +#ifdef USE_WINDOWS_STYLE_SOCKETS + WindowsHandle m_event; + OVERLAPPED m_overlapped; + DWORD m_lastResult; + bool m_resultPending; +#else + unsigned int m_lastResult; +#endif + + bool m_eofReceived; +}; + +class SocketSender : public NetworkSender +{ +public: + SocketSender(Socket &s); + +#ifdef USE_BERKELEY_STYLE_SOCKETS + bool MustWaitToSend() {return true;} +#else + ~SocketSender(); + bool MustWaitForResult() {return true;} + bool MustWaitForEof() { return true; } + bool EofSent(); +#endif + void Send(const byte* buf, size_t bufLen); + unsigned int GetSendResult(); + void SendEof(); + + unsigned int GetMaxWaitObjectCount() const {return 1;} + void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); + +private: + Socket &m_s; +#ifdef USE_WINDOWS_STYLE_SOCKETS + WindowsHandle m_event; + OVERLAPPED m_overlapped; + DWORD m_lastResult; + bool m_resultPending; +#else + unsigned int m_lastResult; +#endif +}; + +//! socket-based implementation of NetworkSource +class SocketSource : public NetworkSource, public Socket +{ +public: + SocketSource(socket_t s = INVALID_SOCKET, bool pumpAll = false, BufferedTransformation *attachment = NULL) + : NetworkSource(attachment), Socket(s), m_receiver(*this) + { + if (pumpAll) + PumpAll(); + } + +private: + NetworkReceiver & AccessReceiver() {return m_receiver;} + SocketReceiver m_receiver; +}; + +//! socket-based implementation of NetworkSink +class SocketSink : public NetworkSink, public Socket +{ +public: + SocketSink(socket_t s=INVALID_SOCKET, unsigned int maxBufferSize=0, unsigned int autoFlushBound=16*1024) + : NetworkSink(maxBufferSize, autoFlushBound), Socket(s), m_sender(*this) {} + + void SendEof() {ShutDown(SD_SEND);} + +private: + NetworkSender & AccessSender() {return m_sender;} + SocketSender m_sender; +}; + +NAMESPACE_END + +#endif // SOCKETS_AVAILABLE + +#endif // CRYPTOPP_SOCKETFT_H diff --git a/libs/win_crypto++/include/sosemanuk.h b/libs/win_crypto++/include/sosemanuk.h new file mode 100644 index 0000000..867407c --- /dev/null +++ b/libs/win_crypto++/include/sosemanuk.h @@ -0,0 +1,52 @@ +// sosemanuk.h - written and placed in the public domain by Wei Dai + +//! \file sosemanuk.h +//! \brief Classes for Sosemanuk stream cipher + +#ifndef CRYPTOPP_SOSEMANUK_H +#define CRYPTOPP_SOSEMANUK_H + +#include "strciphr.h" +#include "secblock.h" + +// Clang due to "Inline assembly operands don't work with .intel_syntax" +// https://llvm.org/bugs/show_bug.cgi?id=24232 +#if CRYPTOPP_BOOL_X32 || defined(CRYPTOPP_DISABLE_INTEL_ASM) +# define CRYPTOPP_DISABLE_SOSEMANUK_ASM +#endif + +NAMESPACE_BEGIN(CryptoPP) + +//! algorithm info +struct SosemanukInfo : public VariableKeyLength<16, 1, 32, 1, SimpleKeyingInterface::UNIQUE_IV, 16> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "Sosemanuk";} +}; + +//! _ +class SosemanukPolicy : public AdditiveCipherConcretePolicy, public SosemanukInfo +{ +protected: + void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); + void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); + void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length); + bool CipherIsRandomAccess() const {return false;} +#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) && !defined(CRYPTOPP_DISABLE_SOSEMANUK_ASM) + unsigned int GetAlignment() const; + unsigned int GetOptimalBlockSize() const; +#endif + + FixedSizeSecBlock m_key; + FixedSizeAlignedSecBlock m_state; +}; + +//! Sosemanuk +struct Sosemanuk : public SosemanukInfo, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal >, SosemanukInfo> Encryption; + typedef Encryption Decryption; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/square.h b/libs/win_crypto++/include/square.h new file mode 100644 index 0000000..cae1720 --- /dev/null +++ b/libs/win_crypto++/include/square.h @@ -0,0 +1,63 @@ +// square.h - written and placed in the public domain by Wei Dai + +//! \file square.h +//! \brief Classes for the Square block cipher + +#ifndef CRYPTOPP_SQUARE_H +#define CRYPTOPP_SQUARE_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class Square_Info +//! \brief Square block cipher information +struct Square_Info : public FixedBlockSize<16>, public FixedKeyLength<16>, FixedRounds<8> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "Square";} +}; + +//! \class Square +//! \brief Square block cipher +//! \sa Square +class Square : public Square_Info, public BlockCipherDocumentation +{ + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + + protected: + FixedSizeSecBlock m_roundkeys; + }; + + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + private: + static const byte Se[256]; + static const word32 Te[4][256]; + }; + + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + private: + static const byte Sd[256]; + static const word32 Td[4][256]; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef Square::Encryption SquareEncryption; +typedef Square::Decryption SquareDecryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/stdcpp.h b/libs/win_crypto++/include/stdcpp.h new file mode 100644 index 0000000..c8020cc --- /dev/null +++ b/libs/win_crypto++/include/stdcpp.h @@ -0,0 +1,80 @@ +#ifndef CRYPTOPP_STDCPP_H +#define CRYPTOPP_STDCPP_H + +#if _MSC_VER >= 1500 +#define _DO_NOT_DECLARE_INTERLOCKED_INTRINSICS_IN_MEMORY +#include +#endif + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +// http://connect.microsoft.com/VisualStudio/feedback/details/1600701/type-info-does-not-compile-with-has-exceptions-0 +#if defined(_MSC_VER) && (_MSC_VER < 1900) && defined(_HAS_EXCEPTIONS) && (_HAS_EXCEPTIONS == 0) +namespace std { + using ::type_info; +} +#endif + +// make_unchecked_array_iterator +#if _MSC_VER >= 1600 +#include +#endif + +#if defined(CRYPTOPP_CXX11_ATOMICS) +#include +#endif + +#if defined(CRYPTOPP_CXX11_SYNCHRONIZATION) +#include +#endif + +#if defined(CRYPTOPP_CXX11_RVALUES) +# include +#endif + +#include +#include +#include +#include + +// uintptr_t and ptrdiff_t +#if (__cplusplus < 201103L) && (!defined(_MSC_VER) || (_MSC_VER >= 1700)) +# include +#elif defined(_MSC_VER) && (_MSC_VER < 1700) +# include +#endif + +// workaround needed on Sun Studio 12u1 Sun C++ 5.10 SunOS_i386 128229-02 2009/09/21 +#ifdef CRYPTOPP_INCLUDE_VECTOR_CC +# include +#endif + +// for alloca +#if defined(CRYPTOPP_BSD_AVAILABLE) +# include +#elif defined(CRYPTOPP_UNIX_AVAILABLE) || defined(__sun) || defined(QNX) +# include +#elif defined(CRYPTOPP_WIN32_AVAILABLE) || defined(__MINGW32__) || defined(__BORLANDC__) +# include +#endif + +#ifdef _MSC_VER +# pragma warning(disable: 4231) // re-disable this +# ifdef _CRTAPI1 +# define CRYPTOPP_MSVCRT6 +# endif +#endif + +#endif diff --git a/libs/win_crypto++/include/strciphr.h b/libs/win_crypto++/include/strciphr.h new file mode 100644 index 0000000..f81fbcd --- /dev/null +++ b/libs/win_crypto++/include/strciphr.h @@ -0,0 +1,633 @@ +// strciphr.h - written and placed in the public domain by Wei Dai + +//! \file strciphr.h +//! \brief Classes for implementing stream ciphers +//! \details This file contains helper classes for implementing stream ciphers. +//! All this infrastructure may look very complex compared to what's in Crypto++ 4.x, +//! but stream ciphers implementations now support a lot of new functionality, +//! including better performance (minimizing copying), resetting of keys and IVs, and methods to +//! query which features are supported by a cipher. +//! \details Here's an explanation of these classes. The word "policy" is used here to mean a class with a +//! set of methods that must be implemented by individual stream cipher implementations. +//! This is usually much simpler than the full stream cipher API, which is implemented by +//! either AdditiveCipherTemplate or CFB_CipherTemplate using the policy. So for example, an +//! implementation of SEAL only needs to implement the AdditiveCipherAbstractPolicy interface +//! (since it's an additive cipher, i.e., it xors a keystream into the plaintext). +//! See this line in seal.h: +//! 
+//!     typedef SymmetricCipherFinal\, AdditiveCipherTemplate\<\> \> \> Encryption;
+//!
+//! \details AdditiveCipherTemplate and CFB_CipherTemplate are designed so that they don't need +//! to take a policy class as a template parameter (although this is allowed), so that +//! their code is not duplicated for each new cipher. Instead they each +//! get a reference to an abstract policy interface by calling AccessPolicy() on itself, so +//! AccessPolicy() must be overriden to return the actual policy reference. This is done +//! by the ConceretePolicyHolder class. Finally, SymmetricCipherFinal implements the constructors and +//! other functions that must be implemented by the most derived class. + +#ifndef CRYPTOPP_STRCIPHR_H +#define CRYPTOPP_STRCIPHR_H + +#include "config.h" + +#if CRYPTOPP_MSC_VERSION +# pragma warning(push) +# pragma warning(disable: 4127 4189) +#endif + +#include "cryptlib.h" +#include "seckey.h" +#include "secblock.h" +#include "argnames.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class AbstractPolicyHolder +//! \brief Access a stream cipher policy object +//! \tparam POLICY_INTERFACE class implementing AbstractPolicyHolder +//! \tparam BASE class or type to use as a base class +template +class CRYPTOPP_NO_VTABLE AbstractPolicyHolder : public BASE +{ +public: + typedef POLICY_INTERFACE PolicyInterface; + virtual ~AbstractPolicyHolder() {} + +protected: + virtual const POLICY_INTERFACE & GetPolicy() const =0; + virtual POLICY_INTERFACE & AccessPolicy() =0; +}; + +//! \class ConcretePolicyHolder +//! \brief Stream cipher policy object +//! \tparam POLICY class implementing AbstractPolicyHolder +//! \tparam BASE class or type to use as a base class +template +class ConcretePolicyHolder : public BASE, protected POLICY +{ +public: +#ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~ConcretePolicyHolder() {} +#endif +protected: + const POLICY_INTERFACE & GetPolicy() const {return *this;} + POLICY_INTERFACE & AccessPolicy() {return *this;} +}; + +//! \brief Keystream operation flags +//! \sa AdditiveCipherAbstractPolicy::GetBytesPerIteration(), AdditiveCipherAbstractPolicy::GetOptimalBlockSize() +//! and AdditiveCipherAbstractPolicy::GetAlignment() +enum KeystreamOperationFlags { + //! \brief Output buffer is aligned + OUTPUT_ALIGNED=1, + //! \brief Input buffer is aligned + INPUT_ALIGNED=2, + //! \brief Input buffer is NULL + INPUT_NULL = 4 +}; + +//! \brief Keystream operation flags +//! \sa AdditiveCipherAbstractPolicy::GetBytesPerIteration(), AdditiveCipherAbstractPolicy::GetOptimalBlockSize() +//! and AdditiveCipherAbstractPolicy::GetAlignment() +enum KeystreamOperation { + //! \brief Wirte the keystream to the output buffer, input is NULL + WRITE_KEYSTREAM = INPUT_NULL, + //! \brief Wirte the keystream to the aligned output buffer, input is NULL + WRITE_KEYSTREAM_ALIGNED = INPUT_NULL | OUTPUT_ALIGNED, + //! \brief XOR the input buffer and keystream, write to the output buffer + XOR_KEYSTREAM = 0, + //! \brief XOR the aligned input buffer and keystream, write to the output buffer + XOR_KEYSTREAM_INPUT_ALIGNED = INPUT_ALIGNED, + //! \brief XOR the input buffer and keystream, write to the aligned output buffer + XOR_KEYSTREAM_OUTPUT_ALIGNED= OUTPUT_ALIGNED, + //! \brief XOR the aligned input buffer and keystream, write to the aligned output buffer + XOR_KEYSTREAM_BOTH_ALIGNED = OUTPUT_ALIGNED | INPUT_ALIGNED}; + +//! \class AdditiveCipherAbstractPolicy +//! \brief Policy object for additive stream ciphers +struct CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AdditiveCipherAbstractPolicy +{ + virtual ~AdditiveCipherAbstractPolicy() {} + + //! \brief Provides data alignment requirements + //! \returns data alignment requirements, in bytes + //! \details Internally, the default implementation returns 1. If the stream cipher is implemented + //! using an SSE2 ASM or intrinsics, then the value returned is usually 16. + virtual unsigned int GetAlignment() const {return 1;} + + //! \brief Provides number of bytes operated upon during an iteration + //! \returns bytes operated upon during an iteration, in bytes + //! \sa GetOptimalBlockSize() + virtual unsigned int GetBytesPerIteration() const =0; + + //! \brief Provides number of ideal bytes to process + //! \returns the ideal number of bytes to process + //! \details Internally, the default implementation returns GetBytesPerIteration() + //! \sa GetBytesPerIteration() + virtual unsigned int GetOptimalBlockSize() const {return GetBytesPerIteration();} + + //! \brief Provides buffer size based on iterations + //! \returns the buffer size based on iterations, in bytes + virtual unsigned int GetIterationsToBuffer() const =0; + + //! \brief Generate the keystream + //! \param keystream the key stream + //! \param iterationCount the number of iterations to generate the key stream + //! \sa CanOperateKeystream(), OperateKeystream(), WriteKeystream() + virtual void WriteKeystream(byte *keystream, size_t iterationCount) + {OperateKeystream(KeystreamOperation(INPUT_NULL | (KeystreamOperationFlags)IsAlignedOn(keystream, GetAlignment())), keystream, NULL, iterationCount);} + + //! \brief Flag indicating + //! \returns true if the stream can be generated independent of the transformation input, false otherwise + //! \sa CanOperateKeystream(), OperateKeystream(), WriteKeystream() + virtual bool CanOperateKeystream() const {return false;} + + //! \brief Operates the keystream + //! \param operation the operation with additional flags + //! \param output the output buffer + //! \param input the input buffer + //! \param iterationCount the number of iterations to perform on the input + //! \details OperateKeystream() will attempt to operate upon GetOptimalBlockSize() buffer, + //! which will be derived from GetBytesPerIteration(). + //! \sa CanOperateKeystream(), OperateKeystream(), WriteKeystream(), KeystreamOperation() + virtual void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) + {CRYPTOPP_UNUSED(operation); CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(iterationCount); CRYPTOPP_ASSERT(false);} + + //! \brief Key the cipher + //! \param params set of NameValuePairs use to initialize this object + //! \param key a byte array used to key the cipher + //! \param length the size of the key array + virtual void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) =0; + + //! \brief Resynchronize the cipher + //! \param keystreamBuffer the keystream buffer + //! \param iv a byte array used to resynchronize the cipher + //! \param length the size of the IV array + virtual void CipherResynchronize(byte *keystreamBuffer, const byte *iv, size_t length) + {CRYPTOPP_UNUSED(keystreamBuffer); CRYPTOPP_UNUSED(iv); CRYPTOPP_UNUSED(length); throw NotImplemented("SimpleKeyingInterface: this object doesn't support resynchronization");} + + //! \brief Flag indicating random access + //! \returns true if the cipher is seekable, false otherwise + //! \sa SeekToIteration() + virtual bool CipherIsRandomAccess() const =0; + + //! \brief Seeks to a random position in the stream + //! \returns iterationCount + //! \sa CipherIsRandomAccess() + virtual void SeekToIteration(lword iterationCount) + {CRYPTOPP_UNUSED(iterationCount); CRYPTOPP_ASSERT(!CipherIsRandomAccess()); throw NotImplemented("StreamTransformation: this object doesn't support random access");} +}; + +//! \class AdditiveCipherConcretePolicy +//! \brief Base class for additive stream ciphers +//! \tparam WT word type +//! \tparam W count of words +//! \tparam X bytes per iteration count +//! \tparam BASE AdditiveCipherAbstractPolicy derived base class +template +struct CRYPTOPP_NO_VTABLE AdditiveCipherConcretePolicy : public BASE +{ + typedef WT WordType; + CRYPTOPP_CONSTANT(BYTES_PER_ITERATION = sizeof(WordType) * W) + +#if !(CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X64) + //! \brief Provides data alignment requirements + //! \returns data alignment requirements, in bytes + //! \details Internally, the default implementation returns 1. If the stream cipher is implemented + //! using an SSE2 ASM or intrinsics, then the value returned is usually 16. + unsigned int GetAlignment() const {return GetAlignmentOf();} +#endif + + //! \brief Provides number of bytes operated upon during an iteration + //! \returns bytes operated upon during an iteration, in bytes + //! \sa GetOptimalBlockSize() + unsigned int GetBytesPerIteration() const {return BYTES_PER_ITERATION;} + + //! \brief Provides buffer size based on iterations + //! \returns the buffer size based on iterations, in bytes + unsigned int GetIterationsToBuffer() const {return X;} + + //! \brief Flag indicating + //! \returns true if the stream can be generated independent of the transformation input, false otherwise + //! \sa CanOperateKeystream(), OperateKeystream(), WriteKeystream() + bool CanOperateKeystream() const {return true;} + + //! \brief Operates the keystream + //! \param operation the operation with additional flags + //! \param output the output buffer + //! \param input the input buffer + //! \param iterationCount the number of iterations to perform on the input + //! \details OperateKeystream() will attempt to operate upon GetOptimalBlockSize() buffer, + //! which will be derived from GetBytesPerIteration(). + //! \sa CanOperateKeystream(), OperateKeystream(), WriteKeystream(), KeystreamOperation() + virtual void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount) =0; +}; + +//! \brief Helper macro to implement OperateKeystream +#define CRYPTOPP_KEYSTREAM_OUTPUT_WORD(x, b, i, a) \ + PutWord(bool(x & OUTPUT_ALIGNED), b, output+i*sizeof(WordType), (x & INPUT_NULL) ? (a) : (a) ^ GetWord(bool(x & INPUT_ALIGNED), b, input+i*sizeof(WordType))); + +//! \brief Helper macro to implement OperateKeystream +#define CRYPTOPP_KEYSTREAM_OUTPUT_XMM(x, i, a) {\ + __m128i t = (x & INPUT_NULL) ? a : _mm_xor_si128(a, (x & INPUT_ALIGNED) ? _mm_load_si128((__m128i *)input+i) : _mm_loadu_si128((__m128i *)input+i));\ + if (x & OUTPUT_ALIGNED) _mm_store_si128((__m128i *)output+i, t);\ + else _mm_storeu_si128((__m128i *)output+i, t);} + +//! \brief Helper macro to implement OperateKeystream +#define CRYPTOPP_KEYSTREAM_OUTPUT_SWITCH(x, y) \ + switch (operation) \ + { \ + case WRITE_KEYSTREAM: \ + x(WRITE_KEYSTREAM) \ + break; \ + case XOR_KEYSTREAM: \ + x(XOR_KEYSTREAM) \ + input += y; \ + break; \ + case XOR_KEYSTREAM_INPUT_ALIGNED: \ + x(XOR_KEYSTREAM_INPUT_ALIGNED) \ + input += y; \ + break; \ + case XOR_KEYSTREAM_OUTPUT_ALIGNED: \ + x(XOR_KEYSTREAM_OUTPUT_ALIGNED) \ + input += y; \ + break; \ + case WRITE_KEYSTREAM_ALIGNED: \ + x(WRITE_KEYSTREAM_ALIGNED) \ + break; \ + case XOR_KEYSTREAM_BOTH_ALIGNED: \ + x(XOR_KEYSTREAM_BOTH_ALIGNED) \ + input += y; \ + break; \ + } \ + output += y; + +//! \class AdditiveCipherTemplate +//! \brief Base class for additive stream ciphers with SymmetricCipher interface +//! \tparam BASE AbstractPolicyHolder base class +template > +class CRYPTOPP_NO_VTABLE AdditiveCipherTemplate : public BASE, public RandomNumberGenerator +{ +public: + //! \brief Generate random array of bytes + //! \param output the byte buffer + //! \param size the length of the buffer, in bytes + //! \details All generated values are uniformly distributed over the range specified within the + //! the contraints of a particular generator. + void GenerateBlock(byte *output, size_t size); + + //! \brief Apply keystream to data + //! \param outString a buffer to write the transformed data + //! \param inString a buffer to read the data + //! \param length the size fo the buffers, in bytes + //! \details This is the primary method to operate a stream cipher. For example: + //! 
+	//!     size_t size = 30;
+	//!     byte plain[size] = "Do or do not; there is no try";
+	//!     byte cipher[size];
+	//!     ...
+	//!     ChaCha20 chacha(key, keySize);
+	//!     chacha.ProcessData(cipher, plain, size);
+	//!
+ void ProcessData(byte *outString, const byte *inString, size_t length); + + //! \brief Resynchronize the cipher + //! \param iv a byte array used to resynchronize the cipher + //! \param length the size of the IV array + void Resynchronize(const byte *iv, int length=-1); + + //! \brief Provides number of ideal bytes to process + //! \returns the ideal number of bytes to process + //! \details Internally, the default implementation returns GetBytesPerIteration() + //! \sa GetBytesPerIteration() and GetOptimalNextBlockSize() + unsigned int OptimalBlockSize() const {return this->GetPolicy().GetOptimalBlockSize();} + + //! \brief Provides number of ideal bytes to process + //! \returns the ideal number of bytes to process + //! \details Internally, the default implementation returns remaining unprocessed bytes + //! \sa GetBytesPerIteration() and OptimalBlockSize() + unsigned int GetOptimalNextBlockSize() const {return (unsigned int)this->m_leftOver;} + + //! \brief Provides number of ideal data alignment + //! \returns the ideal data alignment, in bytes + //! \sa GetAlignment() and OptimalBlockSize() + unsigned int OptimalDataAlignment() const {return this->GetPolicy().GetAlignment();} + + //! \brief Determines if the cipher is self inverting + //! \returns true if the stream cipher is self inverting, false otherwise + bool IsSelfInverting() const {return true;} + + //! \brief Determines if the cipher is a forward transformation + //! \returns true if the stream cipher is a forward transformation, false otherwise + bool IsForwardTransformation() const {return true;} + + //! \brief Flag indicating random access + //! \returns true if the cipher is seekable, false otherwise + //! \sa Seek() + bool IsRandomAccess() const {return this->GetPolicy().CipherIsRandomAccess();} + + //! \brief Seeks to a random position in the stream + //! \param position the absolute position in the stream + //! \sa IsRandomAccess() + void Seek(lword position); + + typedef typename BASE::PolicyInterface PolicyInterface; + +protected: + void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); + + unsigned int GetBufferByteSize(const PolicyInterface &policy) const {return policy.GetBytesPerIteration() * policy.GetIterationsToBuffer();} + + inline byte * KeystreamBufferBegin() {return this->m_buffer.data();} + inline byte * KeystreamBufferEnd() {return (this->m_buffer.data() + this->m_buffer.size());} + + SecByteBlock m_buffer; + size_t m_leftOver; +}; + +//! \class CFB_CipherAbstractPolicy +//! \brief Policy object for feeback based stream ciphers +class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE CFB_CipherAbstractPolicy +{ +public: + virtual ~CFB_CipherAbstractPolicy() {} + + //! \brief Provides data alignment requirements + //! \returns data alignment requirements, in bytes + //! \details Internally, the default implementation returns 1. If the stream cipher is implemented + //! using an SSE2 ASM or intrinsics, then the value returned is usually 16. + virtual unsigned int GetAlignment() const =0; + + //! \brief Provides number of bytes operated upon during an iteration + //! \returns bytes operated upon during an iteration, in bytes + //! \sa GetOptimalBlockSize() + virtual unsigned int GetBytesPerIteration() const =0; + + //! \brief Access the feedback register + //! \returns pointer to the first byte of the feedback register + virtual byte * GetRegisterBegin() =0; + + //! \brief TODO + virtual void TransformRegister() =0; + + //! \brief Flag indicating iteration support + //! \returns true if the cipher supports iteration, false otherwise + virtual bool CanIterate() const {return false;} + + //! \brief Iterate the cipher + //! \param output the output buffer + //! \param input the input buffer + //! \param dir the direction of the cipher + //! \param iterationCount the number of iterations to perform on the input + //! \sa IsSelfInverting() and IsForwardTransformation() + virtual void Iterate(byte *output, const byte *input, CipherDir dir, size_t iterationCount) + {CRYPTOPP_UNUSED(output); CRYPTOPP_UNUSED(input); CRYPTOPP_UNUSED(dir); CRYPTOPP_UNUSED(iterationCount); + CRYPTOPP_ASSERT(false); /*throw 0;*/ throw Exception(Exception::OTHER_ERROR, "SimpleKeyingInterface: unexpected error");} + + //! \brief Key the cipher + //! \param params set of NameValuePairs use to initialize this object + //! \param key a byte array used to key the cipher + //! \param length the size of the key array + virtual void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length) =0; + + //! \brief Resynchronize the cipher + //! \param iv a byte array used to resynchronize the cipher + //! \param length the size of the IV array + virtual void CipherResynchronize(const byte *iv, size_t length) + {CRYPTOPP_UNUSED(iv); CRYPTOPP_UNUSED(length); throw NotImplemented("SimpleKeyingInterface: this object doesn't support resynchronization");} +}; + +//! \class CFB_CipherConcretePolicy +//! \brief Base class for feedback based stream ciphers +//! \tparam WT word type +//! \tparam W count of words +//! \tparam BASE CFB_CipherAbstractPolicy derived base class +template +struct CRYPTOPP_NO_VTABLE CFB_CipherConcretePolicy : public BASE +{ + typedef WT WordType; + + //! \brief Provides data alignment requirements + //! \returns data alignment requirements, in bytes + //! \details Internally, the default implementation returns 1. If the stream cipher is implemented + //! using an SSE2 ASM or intrinsics, then the value returned is usually 16. + unsigned int GetAlignment() const {return sizeof(WordType);} + + //! \brief Provides number of bytes operated upon during an iteration + //! \returns bytes operated upon during an iteration, in bytes + //! \sa GetOptimalBlockSize() + unsigned int GetBytesPerIteration() const {return sizeof(WordType) * W;} + + //! \brief Flag indicating iteration support + //! \returns true if the cipher supports iteration, false otherwise + bool CanIterate() const {return true;} + + //! \brief Perform one iteration in the forward direction + void TransformRegister() {this->Iterate(NULL, NULL, ENCRYPTION, 1);} + + //! \brief + //! \tparam B enumeration indicating endianess + //! \details RegisterOutput() provides alternate access to the feedback register. The + //! enumeration B is BigEndian or LittleEndian. Repeatedly applying operator() + //! results in advancing in the register. + template + struct RegisterOutput + { + RegisterOutput(byte *output, const byte *input, CipherDir dir) + : m_output(output), m_input(input), m_dir(dir) {} + + //! \brief XOR feedback register with data + //! \param registerWord data represented as a word type + //! \returns reference to the next feedback register word + inline RegisterOutput& operator()(WordType ®isterWord) + { + CRYPTOPP_ASSERT(IsAligned(m_output)); + CRYPTOPP_ASSERT(IsAligned(m_input)); + + if (!NativeByteOrderIs(B::ToEnum())) + registerWord = ByteReverse(registerWord); + + if (m_dir == ENCRYPTION) + { + if (m_input == NULL) + { + CRYPTOPP_ASSERT(m_output == NULL); + } + else + { + WordType ct = *(const WordType *)m_input ^ registerWord; + registerWord = ct; + *(WordType*)m_output = ct; + m_input += sizeof(WordType); + m_output += sizeof(WordType); + } + } + else + { + WordType ct = *(const WordType *)m_input; + *(WordType*)m_output = registerWord ^ ct; + registerWord = ct; + m_input += sizeof(WordType); + m_output += sizeof(WordType); + } + + // registerWord is left unreversed so it can be xor-ed with further input + + return *this; + } + + byte *m_output; + const byte *m_input; + CipherDir m_dir; + }; +}; + +//! \class CFB_CipherTemplate +//! \brief Base class for feedback based stream ciphers with SymmetricCipher interface +//! \tparam BASE AbstractPolicyHolder base class +template +class CRYPTOPP_NO_VTABLE CFB_CipherTemplate : public BASE +{ +public: + //! \brief Apply keystream to data + //! \param outString a buffer to write the transformed data + //! \param inString a buffer to read the data + //! \param length the size fo the buffers, in bytes + //! \details This is the primary method to operate a stream cipher. For example: + //! 
+	//!     size_t size = 30;
+	//!     byte plain[size] = "Do or do not; there is no try";
+	//!     byte cipher[size];
+	//!     ...
+	//!     ChaCha20 chacha(key, keySize);
+	//!     chacha.ProcessData(cipher, plain, size);
+	//!
+ void ProcessData(byte *outString, const byte *inString, size_t length); + + //! \brief Resynchronize the cipher + //! \param iv a byte array used to resynchronize the cipher + //! \param length the size of the IV array + void Resynchronize(const byte *iv, int length=-1); + + //! \brief Provides number of ideal bytes to process + //! \returns the ideal number of bytes to process + //! \details Internally, the default implementation returns GetBytesPerIteration() + //! \sa GetBytesPerIteration() and GetOptimalNextBlockSize() + unsigned int OptimalBlockSize() const {return this->GetPolicy().GetBytesPerIteration();} + + //! \brief Provides number of ideal bytes to process + //! \returns the ideal number of bytes to process + //! \details Internally, the default implementation returns remaining unprocessed bytes + //! \sa GetBytesPerIteration() and OptimalBlockSize() + unsigned int GetOptimalNextBlockSize() const {return (unsigned int)m_leftOver;} + + //! \brief Provides number of ideal data alignment + //! \returns the ideal data alignment, in bytes + //! \sa GetAlignment() and OptimalBlockSize() + unsigned int OptimalDataAlignment() const {return this->GetPolicy().GetAlignment();} + + //! \brief Flag indicating random access + //! \returns true if the cipher is seekable, false otherwise + //! \sa Seek() + bool IsRandomAccess() const {return false;} + + //! \brief Determines if the cipher is self inverting + //! \returns true if the stream cipher is self inverting, false otherwise + bool IsSelfInverting() const {return false;} + + typedef typename BASE::PolicyInterface PolicyInterface; + +protected: + virtual void CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, size_t length) =0; + + void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms); + + size_t m_leftOver; +}; + +//! \class CFB_EncryptionTemplate +//! \brief Base class for feedback based stream ciphers in the forward direction with SymmetricCipher interface +//! \tparam BASE AbstractPolicyHolder base class +template > +class CRYPTOPP_NO_VTABLE CFB_EncryptionTemplate : public CFB_CipherTemplate +{ + bool IsForwardTransformation() const {return true;} + void CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, size_t length); +}; + +//! \class CFB_DecryptionTemplate +//! \brief Base class for feedback based stream ciphers in the reverse direction with SymmetricCipher interface +//! \tparam BASE AbstractPolicyHolder base class +template > +class CRYPTOPP_NO_VTABLE CFB_DecryptionTemplate : public CFB_CipherTemplate +{ + bool IsForwardTransformation() const {return false;} + void CombineMessageAndShiftRegister(byte *output, byte *reg, const byte *message, size_t length); +}; + +//! \class CFB_RequireFullDataBlocks +//! \brief Base class for feedback based stream ciphers with a mandatory block size +//! \tparam BASE CFB_EncryptionTemplate or CFB_DecryptionTemplate base class +template +class CFB_RequireFullDataBlocks : public BASE +{ +public: + unsigned int MandatoryBlockSize() const {return this->OptimalBlockSize();} +}; + +//! \class SymmetricCipherFinal +//! \brief SymmetricCipher implementation +//! \tparam BASE AbstractPolicyHolder derived base class +//! \tparam INFO AbstractPolicyHolder derived information class +//! \sa Weak::ARC4, ChaCha8, ChaCha12, ChaCha20, Salsa20, SEAL, Sosemanuk, WAKE +template +class SymmetricCipherFinal : public AlgorithmImpl, INFO> +{ +public: + //! \brief Construct a stream cipher + SymmetricCipherFinal() {} + + //! \brief Construct a stream cipher + //! \param key a byte array used to key the cipher + //! \details This overload uses DEFAULT_KEYLENGTH + SymmetricCipherFinal(const byte *key) + {this->SetKey(key, this->DEFAULT_KEYLENGTH);} + + //! \brief Construct a stream cipher + //! \param key a byte array used to key the cipher + //! \param length the size of the key array + SymmetricCipherFinal(const byte *key, size_t length) + {this->SetKey(key, length);} + + //! \brief Construct a stream cipher + //! \param key a byte array used to key the cipher + //! \param length the size of the key array + //! \param iv a byte array used as an initialization vector + SymmetricCipherFinal(const byte *key, size_t length, const byte *iv) + {this->SetKeyWithIV(key, length, iv);} + + //! \brief Clone a SymmetricCipher + //! \returns a new SymmetricCipher based on this object + Clonable * Clone() const {return static_cast(new SymmetricCipherFinal(*this));} +}; + +NAMESPACE_END + +#ifdef CRYPTOPP_MANUALLY_INSTANTIATE_TEMPLATES +#include "strciphr.cpp" +#endif + +NAMESPACE_BEGIN(CryptoPP) +CRYPTOPP_DLL_TEMPLATE_CLASS AbstractPolicyHolder; +CRYPTOPP_DLL_TEMPLATE_CLASS AdditiveCipherTemplate >; +CRYPTOPP_DLL_TEMPLATE_CLASS CFB_CipherTemplate >; +CRYPTOPP_DLL_TEMPLATE_CLASS CFB_EncryptionTemplate >; +CRYPTOPP_DLL_TEMPLATE_CLASS CFB_DecryptionTemplate >; + +NAMESPACE_END + +#if CRYPTOPP_MSC_VERSION +# pragma warning(pop) +#endif + +#endif diff --git a/libs/win_crypto++/include/tea.h b/libs/win_crypto++/include/tea.h new file mode 100644 index 0000000..c437358 --- /dev/null +++ b/libs/win_crypto++/include/tea.h @@ -0,0 +1,163 @@ +// tea.h - written and placed in the public domain by Wei Dai + +//! \file tea.h +//! \brief Classes for the TEA, BTEA and XTEA block ciphers + +#ifndef CRYPTOPP_TEA_H +#define CRYPTOPP_TEA_H + +#include "seckey.h" +#include "secblock.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class TEA_Info +//! \brief TEA block cipher information +struct TEA_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public VariableRounds<32> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "TEA";} +}; + +//! \class TEA +//! \brief TEA block cipher +//! \sa TEA +class TEA : public TEA_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief TEA block cipher default operation + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + + protected: + FixedSizeSecBlock m_k; + word32 m_limit; + }; + + //! \class Enc + //! \brief TEA block cipher encryption operation + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + //! \class Dec + //! \brief TEA block cipher decryption operation + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef TEA::Encryption TEAEncryption; +typedef TEA::Decryption TEADecryption; + +//! \class XTEA_Info +//! \brief XTEA block cipher information +struct XTEA_Info : public FixedBlockSize<8>, public FixedKeyLength<16>, public VariableRounds<32> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "XTEA";} +}; + +//! \class XTEA +//! \brief XTEA block cipher +//! \sa XTEA +class XTEA : public XTEA_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief XTEA block cipher default operation + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + + protected: + FixedSizeSecBlock m_k; + word32 m_limit; + }; + + //! \class Enc + //! \brief XTEA block cipher encryption operation + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + //! \class Dec + //! \brief XTEA block cipher decryption operation + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +//! \class BTEA_Info +//! \brief BTEA block cipher information +struct BTEA_Info : public FixedKeyLength<16> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "BTEA";} +}; + +//! \class BTEA +//! \brief BTEA block cipher +//! \details Corrected Block TEA as described in "xxtea". This class hasn't been tested yet. +//! \sa Corrected Block TEA. +class BTEA : public BTEA_Info, public BlockCipherDocumentation +{ + //! \class Base + //! \brief BTEA block cipher default operation + class CRYPTOPP_NO_VTABLE Base : public AlgorithmImpl, BTEA_Info>, public BTEA_Info + { + public: + void UncheckedSetKey(const byte *key, unsigned int length, const NameValuePairs ¶ms) + { + CRYPTOPP_UNUSED(length), CRYPTOPP_UNUSED(params); + m_blockSize = params.GetIntValueWithDefault("BlockSize", 60*4); + GetUserKey(BIG_ENDIAN_ORDER, m_k.begin(), 4, key, KEYLENGTH); + } + + unsigned int BlockSize() const {return m_blockSize;} + + protected: + FixedSizeSecBlock m_k; + unsigned int m_blockSize; + }; + + //! \class Enc + //! \brief BTEA block cipher encryption operation + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + //! \class Dec + //! \brief BTEA block cipher decryption operation + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/tiger.h b/libs/win_crypto++/include/tiger.h new file mode 100644 index 0000000..fb5b9d8 --- /dev/null +++ b/libs/win_crypto++/include/tiger.h @@ -0,0 +1,30 @@ +#ifndef CRYPTOPP_TIGER_H +#define CRYPTOPP_TIGER_H + +#include "config.h" +#include "iterhash.h" + +// Clang 3.3 integrated assembler crash on Linux +// http://github.com/weidai11/cryptopp/issues/264 +#if defined(CRYPTOPP_LLVM_CLANG_VERSION) && (CRYPTOPP_LLVM_CLANG_VERSION < 30400) +# define CRYPTOPP_DISABLE_TIGER_ASM +#endif + +NAMESPACE_BEGIN(CryptoPP) + +/// Tiger +class Tiger : public IteratedHashWithStaticTransform +{ +public: + static void InitState(HashWordType *state); + static void Transform(word64 *digest, const word64 *data); + void TruncatedFinal(byte *hash, size_t size); + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "Tiger";} + +protected: + static const word64 table[4*256+3]; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/trap.h b/libs/win_crypto++/include/trap.h new file mode 100644 index 0000000..4a54504 --- /dev/null +++ b/libs/win_crypto++/include/trap.h @@ -0,0 +1,146 @@ +// trap.h - written and placed in public domain by Jeffrey Walton. +// Copyright assigned to Crypto++ project + +//! \file trap.h +//! \brief Debugging and diagnostic assertions +//! \details CRYPTOPP_ASSERT is the library's debugging and diagnostic assertion. CRYPTOPP_ASSERT +//! is enabled by CRYPTOPP_DEBUG, DEBUG or _DEBUG. +//! \details CRYPTOPP_ASSERT raises a SIGTRAP (Unix) or calls __debugbreak() (Windows). +//! CRYPTOPP_ASSERT is only in effect when the user requests a debug configuration. Unlike Posix assert, +//! NDEBUG (or failure to define it) does not affect the library. +//! The traditional Posix define NDEBUG has no effect on CRYPTOPP_DEBUG or DebugTrapHandler. +//! \since Crypto++ 5.6.5 +//! \sa DebugTrapHandler, Issue 277, +//! CVE-2016-7420 + +#ifndef CRYPTOPP_TRAP_H +#define CRYPTOPP_TRAP_H + +#include "config.h" + +#if CRYPTOPP_DEBUG +# include +# include +# if defined(CRYPTOPP_BSD_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE) +# include "ossig.h" +# elif defined(CRYPTOPP_WIN32_AVAILABLE) +# if (_MSC_VER >= 1400) +# include +# endif +# endif +#endif // CRYPTOPP_DEBUG + +// ************** run-time assertion *************** + +#if defined(CRYPTOPP_DOXYGEN_PROCESSING) +//! \brief Debugging and diagnostic assertion +//! \details CRYPTOPP_ASSERT is the library's debugging and diagnostic assertion. CRYPTOPP_ASSERT +//! is enabled by the preprocessor macros CRYPTOPP_DEBUG, DEBUG or _DEBUG. +//! \details CRYPTOPP_ASSERT raises a SIGTRAP (Unix) or calls DebugBreak() (Windows). +//! CRYPTOPP_ASSERT is only in effect when the user explictly requests a debug configuration. +//! \details If you want to ensure CRYPTOPP_ASSERT is inert, then do not define +//! CRYPTOPP_DEBUG, DEBUG or _DEBUG. Avoiding the defines means CRYPTOPP_ASSERT +//! is processed into ((void)(exp)). +//! \details The traditional Posix define NDEBUG has no effect on CRYPTOPP_DEBUG, CRYPTOPP_ASSERT +//! or DebugTrapHandler. +//! \details An example of using \ref CRYPTOPP_ASSERT "CRYPTOPP_ASSERT" and DebugTrapHandler is shown below. The library's +//! test program, cryptest.exe (from test.cpp), exercises the structure: +//! 
+//!    #if CRYPTOPP_DEBUG && (defined(CRYPTOPP_BSD_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE))
+//!    static const DebugTrapHandler g_dummyHandler;
+//!    #endif
+//!
+//!    int main(int argc, char* argv[])
+//!    {
+//!       CRYPTOPP_ASSERT(argv != nullptr);
+//!       ...
+//!    }
+//!
+//! \since Crypto++ 5.6.5 +//! \sa DebugTrapHandler, SignalHandler, Issue 277, +//! CVE-2016-7420 +# define CRYPTOPP_ASSERT(exp) { ... } +#endif + +#if CRYPTOPP_DEBUG && (defined(CRYPTOPP_BSD_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE)) +# define CRYPTOPP_ASSERT(exp) { \ + if (!(exp)) { \ + std::ostringstream oss; \ + oss << "Assertion failed: " << (char*)(__FILE__) << "(" \ + << (int)(__LINE__) << "): " << (char*)(__func__) \ + << std::endl; \ + std::cerr << oss.str(); \ + raise(SIGTRAP); \ + } \ + } +#elif CRYPTOPP_DEBUG && defined(CRYPTOPP_WIN32_AVAILABLE) +# define CRYPTOPP_ASSERT(exp) { \ + if (!(exp)) { \ + std::ostringstream oss; \ + oss << "Assertion failed: " << (char*)(__FILE__) << "(" \ + << (int)(__LINE__) << "): " << (char*)(__FUNCTION__) \ + << std::endl; \ + std::cerr << oss.str(); \ + __debugbreak(); \ + } \ + } +#endif // DEBUG and Unix or Windows + +// Remove CRYPTOPP_ASSERT in non-debug builds. +// Can't use CRYPTOPP_UNUSED due to circular dependency +#ifndef CRYPTOPP_ASSERT +# define CRYPTOPP_ASSERT(exp) ((void)(exp)) +#endif + +NAMESPACE_BEGIN(CryptoPP) + +// ************** SIGTRAP handler *************** + +#if (CRYPTOPP_DEBUG && (defined(CRYPTOPP_BSD_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE))) || defined(CRYPTOPP_DOXYGEN_PROCESSING) +//! \brief Default SIGTRAP handler +//! \details DebugTrapHandler() can be used by a program to install an empty SIGTRAP handler. If present, +//! the handler ensures there is a signal handler in place for SIGTRAP raised by +//! CRYPTOPP_ASSERT. If CRYPTOPP_ASSERT raises SIGTRAP without +//! a handler, then one of two things can occur. First, the OS might allow the program +//! to continue. Second, the OS might terminate the program. OS X allows the program to continue, while +//! some Linuxes terminate the program. +//! \details If DebugTrapHandler detects another handler in place, then it will not install a handler. This +//! ensures a debugger can gain control of the SIGTRAP signal without contention. It also allows multiple +//! DebugTrapHandler to be created without contentious or unusual behavior. Though muliple DebugTrapHandler can be +//! created, a program should only create one, if needed. +//! \details A DebugTrapHandler is subject to C++ static initialization [dis]order. If you need to install a handler +//! and it must be installed early, then reference the code associated with CRYPTOPP_INIT_PRIORITY in +//! cryptlib.cpp and cpu.cpp. +//! \details If you want to ensure CRYPTOPP_ASSERT is inert, then do not define +//! CRYPTOPP_DEBUG, DEBUG or _DEBUG. Avoiding the defines means CRYPTOPP_ASSERT +//! is processed into ((void)(exp)). +//! \details The traditional Posix define NDEBUG has no effect on CRYPTOPP_DEBUG, CRYPTOPP_ASSERT +//! or DebugTrapHandler. +//! \details An example of using \ref CRYPTOPP_ASSERT "CRYPTOPP_ASSERT" and DebugTrapHandler is shown below. The library's +//! test program, cryptest.exe (from test.cpp), exercises the structure: +//! 
+//!    #if CRYPTOPP_DEBUG && (defined(CRYPTOPP_BSD_AVAILABLE) || defined(CRYPTOPP_UNIX_AVAILABLE))
+//!    static const DebugTrapHandler g_dummyHandler;
+//!    #endif
+//!
+//!    int main(int argc, char* argv[])
+//!    {
+//!       CRYPTOPP_ASSERT(argv != nullptr);
+//!       ...
+//!    }
+//!
+//! \since Crypto++ 5.6.5 +//! \sa \ref CRYPTOPP_ASSERT "CRYPTOPP_ASSERT", SignalHandler, Issue 277, +//! CVE-2016-7420 + +#if defined(CRYPTOPP_DOXYGEN_PROCESSING) +class DebugTrapHandler : public SignalHandler { }; +#else +typedef SignalHandler DebugTrapHandler; +#endif + +#endif // Linux, Unix and Documentation + +NAMESPACE_END + +#endif // CRYPTOPP_TRAP_H diff --git a/libs/win_crypto++/include/trdlocal.h b/libs/win_crypto++/include/trdlocal.h new file mode 100644 index 0000000..7682388 --- /dev/null +++ b/libs/win_crypto++/include/trdlocal.h @@ -0,0 +1,44 @@ +#ifndef CRYPTOPP_TRDLOCAL_H +#define CRYPTOPP_TRDLOCAL_H + +#include "config.h" + +#if !defined(NO_OS_DEPENDENCE) && defined(THREADS_AVAILABLE) + +#include "misc.h" + +#ifdef HAS_WINTHREADS +typedef unsigned long ThreadLocalIndexType; +#else +#include +typedef pthread_key_t ThreadLocalIndexType; +#endif + +NAMESPACE_BEGIN(CryptoPP) + +//! thread local storage +class CRYPTOPP_DLL ThreadLocalStorage : public NotCopyable +{ +public: + //! exception thrown by ThreadLocalStorage class + class Err : public OS_Error + { + public: + Err(const std::string& operation, int error); + }; + + ThreadLocalStorage(); + ~ThreadLocalStorage() CRYPTOPP_THROW; + + void SetValue(void *value); + void *GetValue() const; + +private: + ThreadLocalIndexType m_index; +}; + +NAMESPACE_END + +#endif // THREADS_AVAILABLE + +#endif // CRYPTOPP_TRDLOCAL_H diff --git a/libs/win_crypto++/include/trunhash.h b/libs/win_crypto++/include/trunhash.h new file mode 100644 index 0000000..dd0cfa1 --- /dev/null +++ b/libs/win_crypto++/include/trunhash.h @@ -0,0 +1,52 @@ +#ifndef CRYPTOPP_TRUNHASH_H +#define CRYPTOPP_TRUNHASH_H + +#include "cryptlib.h" + +NAMESPACE_BEGIN(CryptoPP) + +class NullHash : public HashTransformation +{ +public: + void Update(const byte *input, size_t length) + {CRYPTOPP_UNUSED(input);CRYPTOPP_UNUSED(length);} + unsigned int DigestSize() const + {return 0;} + void TruncatedFinal(byte *digest, size_t digestSize) + {CRYPTOPP_UNUSED(digest);CRYPTOPP_UNUSED(digestSize);} + bool TruncatedVerify(const byte *digest, size_t digestLength) + {CRYPTOPP_UNUSED(digest);CRYPTOPP_UNUSED(digestLength);return true;} +}; + +//! construct new HashModule with smaller DigestSize() from existing one +template +class TruncatedHashTemplate : public HashTransformation +{ +public: + TruncatedHashTemplate(T hm, unsigned int digestSize) + : m_hm(hm), m_digestSize(digestSize) {} + TruncatedHashTemplate(const byte *key, size_t keyLength, unsigned int digestSize) + : m_hm(key, keyLength), m_digestSize(digestSize) {} + TruncatedHashTemplate(size_t digestSize) + : m_digestSize(digestSize) {} + + void Restart() + {m_hm.Restart();} + void Update(const byte *input, size_t length) + {m_hm.Update(input, length);} + unsigned int DigestSize() const {return m_digestSize;} + void TruncatedFinal(byte *digest, size_t digestSize) + {m_hm.TruncatedFinal(digest, digestSize);} + bool TruncatedVerify(const byte *digest, size_t digestLength) + {return m_hm.TruncatedVerify(digest, digestLength);} + +private: + T m_hm; + unsigned int m_digestSize; +}; + +typedef TruncatedHashTemplate TruncatedHashModule; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/ttmac.h b/libs/win_crypto++/include/ttmac.h new file mode 100644 index 0000000..6eececc --- /dev/null +++ b/libs/win_crypto++/include/ttmac.h @@ -0,0 +1,46 @@ +// ttmac.h - written and placed in the public domain by Kevin Springle + +//! \file ttmac.h +//! \brief Classes for the TTMAC message authentication code + +#ifndef CRYPTOPP_TTMAC_H +#define CRYPTOPP_TTMAC_H + +#include "seckey.h" +#include "iterhash.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class TTMAC_Base +//! \brief TTMAC message authentication code information +class CRYPTOPP_NO_VTABLE TTMAC_Base : public FixedKeyLength<20>, public IteratedHash +{ +public: + static std::string StaticAlgorithmName() {return std::string("Two-Track-MAC");} + CRYPTOPP_CONSTANT(DIGESTSIZE=20) + + unsigned int DigestSize() const {return DIGESTSIZE;}; + void UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms); + void TruncatedFinal(byte *mac, size_t size); + +protected: + static void Transform (word32 *digest, const word32 *X, bool last); + void HashEndianCorrectedBlock(const word32 *data) {Transform(m_digest, data, false);} + void Init(); + word32* StateBuf() {return m_digest;} + + FixedSizeSecBlock m_digest; + FixedSizeSecBlock m_key; +}; + +//! \class TTMAC +//! \brief Two-Track-MAC message authentication code +//! \tparam T HashTransformation class +//! \details 160-bit MAC with 160-bit key +//! \sa MessageAuthenticationCode(), Two-Track-MAC +DOCUMENTED_TYPEDEF(MessageAuthenticationCodeFinal, TTMAC) + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/twofish.h b/libs/win_crypto++/include/twofish.h new file mode 100644 index 0000000..1b2a14f --- /dev/null +++ b/libs/win_crypto++/include/twofish.h @@ -0,0 +1,64 @@ +// twofish.h - written and placed in the public domain by Wei Dai + +//! \file twofish.h +//! \brief Classes for the Twofish block cipher + +#ifndef CRYPTOPP_TWOFISH_H +#define CRYPTOPP_TWOFISH_H + +#include "seckey.h" +#include "secblock.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class Twofish_Info +//! \brief Twofish block cipher information +struct Twofish_Info : public FixedBlockSize<16>, public VariableKeyLength<16, 16, 32, 8>, FixedRounds<16> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "Twofish";} +}; + +//! \class Twofish +//! \brief Twofish block cipher +//~ \sa Twofish +class Twofish : public Twofish_Info, public BlockCipherDocumentation +{ + class CRYPTOPP_NO_VTABLE Base : public BlockCipherImpl + { + public: + void UncheckedSetKey(const byte *userKey, unsigned int length, const NameValuePairs ¶ms); + + protected: + static word32 h0(word32 x, const word32 *key, unsigned int kLen); + static word32 h(word32 x, const word32 *key, unsigned int kLen); + + static const byte q[2][256]; + static const word32 mds[4][256]; + + FixedSizeSecBlock m_k; + FixedSizeSecBlock m_s; + }; + + class CRYPTOPP_NO_VTABLE Enc : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + + class CRYPTOPP_NO_VTABLE Dec : public Base + { + public: + void ProcessAndXorBlock(const byte *inBlock, const byte *xorBlock, byte *outBlock) const; + }; + +public: + typedef BlockCipherFinal Encryption; + typedef BlockCipherFinal Decryption; +}; + +typedef Twofish::Encryption TwofishEncryption; +typedef Twofish::Decryption TwofishDecryption; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/validate.h b/libs/win_crypto++/include/validate.h new file mode 100644 index 0000000..133d028 --- /dev/null +++ b/libs/win_crypto++/include/validate.h @@ -0,0 +1,133 @@ +#ifndef CRYPTOPP_VALIDATE_H +#define CRYPTOPP_VALIDATE_H + +#include "cryptlib.h" +#include +#include + +bool ValidateAll(bool thorough); +bool TestSettings(); +bool TestOS_RNG(); +bool TestAutoSeeded(); +bool TestAutoSeededX917(); + +#if (CRYPTOPP_BOOL_X86 || CRYPTOPP_BOOL_X32 || CRYPTOPP_BOOL_X64) +bool TestRDRAND(); +bool TestRDSEED(); +#endif + +bool ValidateBaseCode(); +bool ValidateCRC32(); +bool ValidateCRC32C(); +bool ValidateAdler32(); +bool ValidateMD2(); +bool ValidateMD4(); +bool ValidateMD5(); +bool ValidateSHA(); +bool ValidateSHA2(); +bool ValidateTiger(); +bool ValidateRIPEMD(); +bool ValidatePanama(); +bool ValidateWhirlpool(); +bool ValidateBLAKE2s(); +bool ValidateBLAKE2b(); + +bool ValidateHMAC(); +bool ValidateTTMAC(); + +bool ValidateCipherModes(); +bool ValidatePBKDF(); +bool ValidateHKDF(); + +bool ValidateDES(); +bool ValidateIDEA(); +bool ValidateSAFER(); +bool ValidateRC2(); +bool ValidateARC4(); + +bool ValidateRC5(); +bool ValidateBlowfish(); +bool ValidateThreeWay(); +bool ValidateGOST(); +bool ValidateSHARK(); +bool ValidateSEAL(); +bool ValidateCAST(); +bool ValidateSquare(); +bool ValidateSKIPJACK(); +bool ValidateRC6(); +bool ValidateMARS(); +bool ValidateRijndael(); +bool ValidateTwofish(); +bool ValidateSerpent(); +bool ValidateSHACAL2(); +bool ValidateCamellia(); +bool ValidateSalsa(); +bool ValidateSosemanuk(); +bool ValidateVMAC(); +bool ValidateCCM(); +bool ValidateGCM(); +bool ValidateCMAC(); + +bool ValidateBBS(); +bool ValidateDH(); +bool ValidateMQV(); +bool ValidateHMQV(); +bool ValidateFHMQV(); +bool ValidateRSA(); +bool ValidateElGamal(); +bool ValidateDLIES(); +bool ValidateNR(); +bool ValidateDSA(bool thorough); +bool ValidateLUC(); +bool ValidateLUC_DL(); +bool ValidateLUC_DH(); +bool ValidateXTR_DH(); +bool ValidateRabin(); +bool ValidateRW(); +//bool ValidateBlumGoldwasser(); +bool ValidateECP(); +bool ValidateEC2N(); +bool ValidateECDSA(); +bool ValidateESIGN(); + +#if CRYPTOPP_DEBUG +bool TestSecBlock(); +bool TestPolynomialMod2(); +bool TestHuffmanCodes(); +#endif + +// Coverity finding +template +T StringToValue(const std::string& str); + +// Coverity finding +template<> +int StringToValue(const std::string& str); + +// Coverity finding +class StreamState +{ +public: + StreamState(std::ostream& out) + : m_out(out), m_fmt(out.flags()), m_prec(out.precision()) + { + } + + ~StreamState() + { + m_out.precision(m_prec); + m_out.flags(m_fmt); + } + +private: + std::ostream& m_out; + std::ios_base::fmtflags m_fmt; + std::streamsize m_prec; +}; + +// Functions that need a RNG; uses AES inf CFB mode with Seed. +CryptoPP::RandomNumberGenerator & GlobalRNG(); + +bool RunTestDataFile(const char *filename, const CryptoPP::NameValuePairs &overrideParameters=CryptoPP::g_nullNameValuePairs, bool thorough=true); + +#endif diff --git a/libs/win_crypto++/include/vmac.h b/libs/win_crypto++/include/vmac.h new file mode 100644 index 0000000..9717819 --- /dev/null +++ b/libs/win_crypto++/include/vmac.h @@ -0,0 +1,91 @@ +// vmac.h - written and placed in the public domain by Wei Dai + +//! \file vmac.h +//! \brief Classes for the VMAC message authentication code + +#ifndef CRYPTOPP_VMAC_H +#define CRYPTOPP_VMAC_H + +#include "cryptlib.h" +#include "iterhash.h" +#include "seckey.h" + +// Clang 3.3 integrated assembler crash on Linux +// http://github.com/weidai11/cryptopp/issues/264 +#if (defined(CRYPTOPP_LLVM_CLANG_VERSION) && (CRYPTOPP_LLVM_CLANG_VERSION < 30400)) || CRYPTOPP_BOOL_X32 +# define CRYPTOPP_DISABLE_VMAC_ASM +#endif + +NAMESPACE_BEGIN(CryptoPP) + +//! \class VMAC_Base +//! \brief VMAC message authentication code base class +class VMAC_Base : public IteratedHashBase +{ +public: + std::string AlgorithmName() const {return std::string("VMAC(") + GetCipher().AlgorithmName() + ")-" + IntToString(DigestSize()*8);} + unsigned int IVSize() const {return GetCipher().BlockSize();} + unsigned int MinIVLength() const {return 1;} + void Resynchronize(const byte *nonce, int length=-1); + void GetNextIV(RandomNumberGenerator &rng, byte *IV); + unsigned int DigestSize() const {return m_is128 ? 16 : 8;}; + void UncheckedSetKey(const byte *userKey, unsigned int keylength, const NameValuePairs ¶ms); + void TruncatedFinal(byte *mac, size_t size); + unsigned int BlockSize() const {return m_L1KeyLength;} + ByteOrder GetByteOrder() const {return LITTLE_ENDIAN_ORDER;} + unsigned int OptimalDataAlignment() const; + +protected: + virtual BlockCipher & AccessCipher() =0; + virtual int DefaultDigestSize() const =0; + const BlockCipher & GetCipher() const {return const_cast(this)->AccessCipher();} + void HashEndianCorrectedBlock(const word64 *data); + size_t HashMultipleBlocks(const word64 *input, size_t length); + void Init() {} + word64* StateBuf() {return NULL;} + word64* DataBuf() {return (word64 *)(void*)m_data();} + + void VHASH_Update_SSE2(const word64 *data, size_t blocksRemainingInWord64, int tagPart); +#if !(defined(_MSC_VER) && _MSC_VER < 1300) // can't use function template here with VC6 + template +#endif + void VHASH_Update_Template(const word64 *data, size_t blockRemainingInWord128); + void VHASH_Update(const word64 *data, size_t blocksRemainingInWord128); + + CRYPTOPP_BLOCK_1(polyState, word64, 4*(m_is128+1)) + CRYPTOPP_BLOCK_2(nhKey, word64, m_L1KeyLength/sizeof(word64) + 2*m_is128) + CRYPTOPP_BLOCK_3(data, byte, m_L1KeyLength) + CRYPTOPP_BLOCK_4(l3Key, word64, 2*(m_is128+1)) + CRYPTOPP_BLOCK_5(nonce, byte, IVSize()) + CRYPTOPP_BLOCK_6(pad, byte, IVSize()) + CRYPTOPP_BLOCKS_END(6) + + bool m_is128, m_padCached, m_isFirstBlock; + unsigned int m_L1KeyLength; +}; + +//! \class VMAC +//! \brief VMAC message authentication code +//! \tparam T_BlockCipher block cipher +//! \tparam T_DigestBitSize digest size, in bits +//! \details VMAC is a block cipher-based message authentication code algorithm +//! using a universal hash proposed by Ted Krovetz and Wei Dai in April 2007. The +//! algorithm was designed for high performance backed by a formal analysis. +//! \details The implementation is based on Ted Krovetz's public domain vmac.c +//! and draft-krovetz-vmac-01.txt. +//! \sa VMAC. +template +class VMAC : public SimpleKeyingInterfaceImpl > +{ +public: + static std::string StaticAlgorithmName() {return std::string("VMAC(") + T_BlockCipher::StaticAlgorithmName() + ")-" + IntToString(T_DigestBitSize);} + +private: + BlockCipher & AccessCipher() {return m_cipher;} + int DefaultDigestSize() const {return T_DigestBitSize/8;} + typename T_BlockCipher::Encryption m_cipher; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/wait.h b/libs/win_crypto++/include/wait.h new file mode 100644 index 0000000..1667c90 --- /dev/null +++ b/libs/win_crypto++/include/wait.h @@ -0,0 +1,239 @@ +// wait.h - written and placed in the public domain by Wei Dai + +#ifndef CRYPTOPP_WAIT_H +#define CRYPTOPP_WAIT_H + +#include "config.h" + +#if !defined(NO_OS_DEPENDENCE) && (defined(SOCKETS_AVAILABLE) || defined(WINDOWS_PIPES_AVAILABLE)) + +#include "cryptlib.h" +#include "misc.h" +#include "stdcpp.h" + +#ifdef USE_WINDOWS_STYLE_SOCKETS +#include +#else +#include +#include +#endif + +// For defintions of VOID, PVOID, HANDLE, PHANDLE, etc. +#if defined(CRYPTOPP_WIN32_AVAILABLE) +#define WIN32_LEAN_AND_MEAN +#include +#endif + +#include "hrtimer.h" + +#if defined(__has_feature) +# if __has_feature(memory_sanitizer) +# define CRYPTOPP_MSAN 1 +# endif +#endif + +// http://connect.microsoft.com/VisualStudio/feedback/details/1581706 +// and http://github.com/weidai11/cryptopp/issues/214 +#if CRYPTOPP_MSC_VERSION == 1900 +# pragma warning(push) +# pragma warning(disable: 4589) +#endif + +NAMESPACE_BEGIN(CryptoPP) + +class Tracer +{ +public: + Tracer(unsigned int level) : m_level(level) {} + virtual ~Tracer() {} + +protected: + //! Override this in your most-derived tracer to do the actual tracing. + virtual void Trace(unsigned int n, std::string const& s) = 0; + + /*! By default, tracers will decide which trace messages to trace according to a trace level + mechanism. If your most-derived tracer uses a different mechanism, override this to + return false. If this method returns false, the default TraceXxxx(void) methods will all + return 0 and must be overridden explicitly by your tracer for trace messages you want. */ + virtual bool UsingDefaults() const { return true; } + +protected: + unsigned int m_level; + + void TraceIf(unsigned int n, std::string const&s) + { if (n) Trace(n, s); } + + /*! Returns nr if, according to the default log settings mechanism (using log levels), + the message should be traced. Returns 0 if the default trace level mechanism is not + in use, or if it is in use but the event should not be traced. Provided as a utility + method for easier and shorter coding of default TraceXxxx(void) implementations. */ + unsigned int Tracing(unsigned int nr, unsigned int minLevel) const + { return (UsingDefaults() && m_level >= minLevel) ? nr : 0; } +}; + +// Your Tracer-derived class should inherit as virtual public from Tracer or another +// Tracer-derived class, and should pass the log level in its constructor. You can use the +// following methods to begin and end your Tracer definition. + +// This constructor macro initializes Tracer directly even if not derived directly from it; +// this is intended, virtual base classes are always initialized by the most derived class. +#define CRYPTOPP_TRACER_CONSTRUCTOR(DERIVED) \ + public: DERIVED(unsigned int level = 0) : Tracer(level) {} + +#define CRYPTOPP_BEGIN_TRACER_CLASS_1(DERIVED, BASE1) \ + class DERIVED : virtual public BASE1, public NotCopyable { CRYPTOPP_TRACER_CONSTRUCTOR(DERIVED) + +#define CRYPTOPP_BEGIN_TRACER_CLASS_2(DERIVED, BASE1, BASE2) \ + class DERIVED : virtual public BASE1, virtual public BASE2, public NotCopyable { CRYPTOPP_TRACER_CONSTRUCTOR(DERIVED) + +#define CRYPTOPP_END_TRACER_CLASS }; + +// In your Tracer-derived class, you should define a globally unique event number for each +// new event defined. This can be done using the following macros. + +#define CRYPTOPP_BEGIN_TRACER_EVENTS(UNIQUENR) enum { EVENTBASE = UNIQUENR, +#define CRYPTOPP_TRACER_EVENT(EVENTNAME) EventNr_##EVENTNAME, +#define CRYPTOPP_END_TRACER_EVENTS }; + +// In your own Tracer-derived class, you must define two methods per new trace event type: +// - unsigned int TraceXxxx() const +// Your default implementation of this method should return the event number if according +// to the default trace level system the event should be traced, or 0 if it should not. +// - void TraceXxxx(string const& s) +// This method should call TraceIf(TraceXxxx(), s); to do the tracing. +// For your convenience, a macro to define these two types of methods are defined below. +// If you use this macro, you should also use the TRACER_EVENTS macros above to associate +// event names with numbers. + +#define CRYPTOPP_TRACER_EVENT_METHODS(EVENTNAME, LOGLEVEL) \ + virtual unsigned int Trace##EVENTNAME() const { return Tracing(EventNr_##EVENTNAME, LOGLEVEL); } \ + virtual void Trace##EVENTNAME(std::string const& s) { TraceIf(Trace##EVENTNAME(), s); } + + +/*! A simple unidirectional linked list with m_prev == 0 to indicate the final entry. + The aim of this implementation is to provide a very lightweight and practical + tracing mechanism with a low performance impact. Functions and methods supporting + this call-stack mechanism would take a parameter of the form "CallStack const& callStack", + and would pass this parameter to subsequent functions they call using the construct: + + SubFunc(arg1, arg2, CallStack("my func at place such and such", &callStack)); + + The advantage of this approach is that it is easy to use and should be very efficient, + involving no allocation from the heap, just a linked list of stack objects containing + pointers to static ASCIIZ strings (or possibly additional but simple data if derived). */ +class CallStack +{ +public: + CallStack(char const* i, CallStack const* p) : m_info(i), m_prev(p) {} + CallStack const* Prev() const { return m_prev; } + virtual std::string Format() const; + +protected: + char const* m_info; + CallStack const* m_prev; +}; + +/*! An extended CallStack entry type with an additional numeric parameter. */ +class CallStackWithNr : public CallStack +{ +public: + CallStackWithNr(char const* i, word32 n, CallStack const* p) : CallStack(i, p), m_nr(n) {} + std::string Format() const; + +protected: + word32 m_nr; +}; + +/*! An extended CallStack entry type with an additional string parameter. */ +class CallStackWithStr : public CallStack +{ +public: + CallStackWithStr(char const* i, char const* z, CallStack const* p) : CallStack(i, p), m_z(z) {} + std::string Format() const; + +protected: + char const* m_z; +}; + +// Thanks to Maximilian Zamorsky for help with http://connect.microsoft.com/VisualStudio/feedback/details/1570496/ +CRYPTOPP_BEGIN_TRACER_CLASS_1(WaitObjectsTracer, Tracer) + CRYPTOPP_BEGIN_TRACER_EVENTS(0x48752841) + CRYPTOPP_TRACER_EVENT(NoWaitLoop) + CRYPTOPP_END_TRACER_EVENTS + CRYPTOPP_TRACER_EVENT_METHODS(NoWaitLoop, 1) +CRYPTOPP_END_TRACER_CLASS + +struct WaitingThreadData; + +//! container of wait objects +class WaitObjectContainer : public NotCopyable +{ +public: + //! exception thrown by WaitObjectContainer + class Err : public Exception + { + public: + Err(const std::string& s) : Exception(IO_ERROR, s) {} + }; + + static unsigned int MaxWaitObjects(); + + WaitObjectContainer(WaitObjectsTracer* tracer = 0); + + void Clear(); + void SetNoWait(CallStack const& callStack); + void ScheduleEvent(double milliseconds, CallStack const& callStack); + // returns false if timed out + bool Wait(unsigned long milliseconds); + +#ifdef USE_WINDOWS_STYLE_SOCKETS +# ifndef CRYPTOPP_MAINTAIN_BACKWARDS_COMPATIBILITY_562 + virtual ~WaitObjectContainer(); +# else + ~WaitObjectContainer(); +#endif + void AddHandle(HANDLE handle, CallStack const& callStack); +#else + void AddReadFd(int fd, CallStack const& callStack); + void AddWriteFd(int fd, CallStack const& callStack); +#endif + +private: + WaitObjectsTracer* m_tracer; + +#ifdef USE_WINDOWS_STYLE_SOCKETS + void CreateThreads(unsigned int count); + std::vector m_handles; + std::vector m_threads; + HANDLE m_startWaiting; + HANDLE m_stopWaiting; +#else + fd_set m_readfds, m_writefds; + int m_maxFd; +#endif + double m_firstEventTime; + Timer m_eventTimer; + bool m_noWait; + +#ifdef USE_WINDOWS_STYLE_SOCKETS + typedef size_t LastResultType; +#else + typedef int LastResultType; +#endif + enum { LASTRESULT_NOWAIT = -1, LASTRESULT_SCHEDULED = -2, LASTRESULT_TIMEOUT = -3 }; + LastResultType m_lastResult; + unsigned int m_sameResultCount; + Timer m_noWaitTimer; + void SetLastResult(LastResultType result); + void DetectNoWait(LastResultType result, CallStack const& callStack); +}; + +NAMESPACE_END + +#if CRYPTOPP_MSC_VERSION == 1900 +# pragma warning(pop) +#endif + +#endif + +#endif diff --git a/libs/win_crypto++/include/wake.h b/libs/win_crypto++/include/wake.h new file mode 100644 index 0000000..e099396 --- /dev/null +++ b/libs/win_crypto++/include/wake.h @@ -0,0 +1,75 @@ +// wake.h - written and placed in the public domain by Wei Dai + +//! \file wake.h +//! \brief Classes for WAKE stream cipher + +#ifndef CRYPTOPP_WAKE_H +#define CRYPTOPP_WAKE_H + +#include "seckey.h" +#include "secblock.h" +#include "strciphr.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \class WAKE_OFB_Info +//! \brief WAKE stream cipher information +//! \tparam B Endianess of the stream cipher +template +struct WAKE_OFB_Info : public FixedKeyLength<32> +{ + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return B::ToEnum() == LITTLE_ENDIAN_ORDER ? "WAKE-OFB-LE" : "WAKE-OFB-BE";} +}; + +class CRYPTOPP_NO_VTABLE WAKE_Base +{ +protected: + word32 M(word32 x, word32 y); + void GenKey(word32 k0, word32 k1, word32 k2, word32 k3); + + word32 t[257]; + word32 r3, r4, r5, r6; +}; + +//! \class WAKE_Policy +//! \brief WAKE stream cipher operation +//! \tparam B Endianess of the stream cipher +template +class CRYPTOPP_NO_VTABLE WAKE_Policy : public AdditiveCipherConcretePolicy, protected WAKE_Base +{ +protected: + void CipherSetKey(const NameValuePairs ¶ms, const byte *key, size_t length); + // OFB + void OperateKeystream(KeystreamOperation operation, byte *output, const byte *input, size_t iterationCount); + bool CipherIsRandomAccess() const {return false;} +}; + +//! \class WAKE_OFB +//! \brief WAKE stream cipher +//! \tparam B Endianess of the stream cipher +template +struct WAKE_OFB : public WAKE_OFB_Info, public SymmetricCipherDocumentation +{ + typedef SymmetricCipherFinal, AdditiveCipherTemplate<> >, WAKE_OFB_Info > Encryption; + typedef Encryption Decryption; +}; + +/* +template +class WAKE_ROFB_Policy : public WAKE_Policy +{ +protected: + void Iterate(KeystreamOperation operation, byte *output, const byte *input, unsigned int iterationCount); +}; + +template +struct WAKE_ROFB : public WAKE_Info +{ + typedef SymmetricCipherTemplate, WAKE_ROFB_Policy > > Encryption; + typedef Encryption Decryption; +}; +*/ + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/whrlpool.h b/libs/win_crypto++/include/whrlpool.h new file mode 100644 index 0000000..83388d4 --- /dev/null +++ b/libs/win_crypto++/include/whrlpool.h @@ -0,0 +1,21 @@ +#ifndef CRYPTOPP_WHIRLPOOL_H +#define CRYPTOPP_WHIRLPOOL_H + +#include "config.h" +#include "iterhash.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! Whirlpool +class Whirlpool : public IteratedHashWithStaticTransform +{ +public: + static void InitState(HashWordType *state); + static void Transform(word64 *digest, const word64 *data); + void TruncatedFinal(byte *hash, size_t size); + CRYPTOPP_CONSTEXPR static const char *StaticAlgorithmName() {return "Whirlpool";} +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/winpipes.h b/libs/win_crypto++/include/winpipes.h new file mode 100644 index 0000000..308bea3 --- /dev/null +++ b/libs/win_crypto++/include/winpipes.h @@ -0,0 +1,145 @@ +#ifndef CRYPTOPP_WINPIPES_H +#define CRYPTOPP_WINPIPES_H + +#include "config.h" + +#if !defined(NO_OS_DEPENDENCE) && defined(WINDOWS_PIPES_AVAILABLE) + +#include "cryptlib.h" +#include "network.h" +#include "queue.h" +#include + +NAMESPACE_BEGIN(CryptoPP) + +//! \brief Windows Handle +class WindowsHandle +{ +public: + WindowsHandle(HANDLE h = INVALID_HANDLE_VALUE, bool own=false); + WindowsHandle(const WindowsHandle &h) : m_h(h.m_h), m_own(false) {} + virtual ~WindowsHandle(); + + bool GetOwnership() const {return m_own;} + void SetOwnership(bool own) {m_own = own;} + + operator HANDLE() const {return m_h;} + HANDLE GetHandle() const {return m_h;} + bool HandleValid() const; + void AttachHandle(HANDLE h, bool own=false); + HANDLE DetachHandle(); + void CloseHandle(); + +protected: + virtual void HandleChanged() {} + + HANDLE m_h; + bool m_own; +}; + +//! \brief Windows Pipe +class WindowsPipe +{ +public: + class Err : public OS_Error + { + public: + Err(HANDLE h, const std::string& operation, int error); + HANDLE GetHandle() const {return m_h;} + + private: + HANDLE m_h; + }; + +protected: + virtual HANDLE GetHandle() const =0; + virtual void HandleError(const char *operation) const; + void CheckAndHandleError(const char *operation, BOOL result) const + {if (!result) HandleError(operation);} +}; + +//! \brief Pipe-based implementation of NetworkReceiver +class WindowsPipeReceiver : public WindowsPipe, public NetworkReceiver +{ +public: + WindowsPipeReceiver(); + + bool MustWaitForResult() {return true;} + bool Receive(byte* buf, size_t bufLen); + unsigned int GetReceiveResult(); + bool EofReceived() const {return m_eofReceived;} + + HANDLE GetHandle() const {return m_event;} + unsigned int GetMaxWaitObjectCount() const {return 1;} + void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); + +private: + WindowsHandle m_event; + OVERLAPPED m_overlapped; + DWORD m_lastResult; + bool m_resultPending; + bool m_eofReceived; +}; + +//! \brief Pipe-based implementation of NetworkSender +class WindowsPipeSender : public WindowsPipe, public NetworkSender +{ +public: + WindowsPipeSender(); + + bool MustWaitForResult() {return true;} + void Send(const byte* buf, size_t bufLen); + unsigned int GetSendResult(); + bool MustWaitForEof() { return false; } + void SendEof() {} + + HANDLE GetHandle() const {return m_event;} + unsigned int GetMaxWaitObjectCount() const {return 1;} + void GetWaitObjects(WaitObjectContainer &container, CallStack const& callStack); + +private: + WindowsHandle m_event; + OVERLAPPED m_overlapped; + DWORD m_lastResult; + bool m_resultPending; +}; + +//! \brief Windows Pipe Source +class WindowsPipeSource : public WindowsHandle, public NetworkSource, public WindowsPipeReceiver +{ +public: + WindowsPipeSource(HANDLE h=INVALID_HANDLE_VALUE, bool pumpAll=false, BufferedTransformation *attachment=NULL) + : WindowsHandle(h), NetworkSource(attachment) + { + if (pumpAll) + PumpAll(); + } + + using NetworkSource::GetMaxWaitObjectCount; + using NetworkSource::GetWaitObjects; + +private: + HANDLE GetHandle() const {return WindowsHandle::GetHandle();} + NetworkReceiver & AccessReceiver() {return *this;} +}; + +//! \brief Windows Pipe Sink +class WindowsPipeSink : public WindowsHandle, public NetworkSink, public WindowsPipeSender +{ +public: + WindowsPipeSink(HANDLE h=INVALID_HANDLE_VALUE, unsigned int maxBufferSize=0, unsigned int autoFlushBound=16*1024) + : WindowsHandle(h), NetworkSink(maxBufferSize, autoFlushBound) {} + + using NetworkSink::GetMaxWaitObjectCount; + using NetworkSink::GetWaitObjects; + +private: + HANDLE GetHandle() const {return WindowsHandle::GetHandle();} + NetworkSender & AccessSender() {return *this;} +}; + +NAMESPACE_END + +#endif // WINDOWS_PIPES_AVAILABLE + +#endif diff --git a/libs/win_crypto++/include/words.h b/libs/win_crypto++/include/words.h new file mode 100644 index 0000000..cce1e3e --- /dev/null +++ b/libs/win_crypto++/include/words.h @@ -0,0 +1,108 @@ +#ifndef CRYPTOPP_WORDS_H +#define CRYPTOPP_WORDS_H + +#include "config.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +inline size_t CountWords(const word *X, size_t N) +{ + while (N && X[N-1]==0) + N--; + return N; +} + +inline void SetWords(word *r, word a, size_t n) +{ + for (size_t i=0; i> (WORD_BITS-shiftBits); + } + return carry; +} + +inline word ShiftWordsRightByBits(word *r, size_t n, unsigned int shiftBits) +{ + CRYPTOPP_ASSERT (shiftBits0; i--) + { + u = r[i-1]; + r[i-1] = (u >> shiftBits) | carry; + carry = u << (WORD_BITS-shiftBits); + } + return carry; +} + +inline void ShiftWordsLeftByWords(word *r, size_t n, size_t shiftWords) +{ + shiftWords = STDMIN(shiftWords, n); + if (shiftWords) + { + for (size_t i=n-1; i>=shiftWords; i--) + r[i] = r[i-shiftWords]; + SetWords(r, 0, shiftWords); + } +} + +inline void ShiftWordsRightByWords(word *r, size_t n, size_t shiftWords) +{ + shiftWords = STDMIN(shiftWords, n); + if (shiftWords) + { + for (size_t i=0; i+shiftWords +class GFP2_ONB : public AbstractRing +{ +public: + typedef F BaseField; + + GFP2_ONB(const Integer &p) : modp(p) + { + if (p%3 != 2) + throw InvalidArgument("GFP2_ONB: modulus must be equivalent to 2 mod 3"); + } + + const Integer& GetModulus() const {return modp.GetModulus();} + + GFP2Element ConvertIn(const Integer &a) const + { + t = modp.Inverse(modp.ConvertIn(a)); + return GFP2Element(t, t); + } + + GFP2Element ConvertIn(const GFP2Element &a) const + {return GFP2Element(modp.ConvertIn(a.c1), modp.ConvertIn(a.c2));} + + GFP2Element ConvertOut(const GFP2Element &a) const + {return GFP2Element(modp.ConvertOut(a.c1), modp.ConvertOut(a.c2));} + + bool Equal(const GFP2Element &a, const GFP2Element &b) const + { + return modp.Equal(a.c1, b.c1) && modp.Equal(a.c2, b.c2); + } + + const Element& Identity() const + { + return GFP2Element::Zero(); + } + + const Element& Add(const Element &a, const Element &b) const + { + result.c1 = modp.Add(a.c1, b.c1); + result.c2 = modp.Add(a.c2, b.c2); + return result; + } + + const Element& Inverse(const Element &a) const + { + result.c1 = modp.Inverse(a.c1); + result.c2 = modp.Inverse(a.c2); + return result; + } + + const Element& Double(const Element &a) const + { + result.c1 = modp.Double(a.c1); + result.c2 = modp.Double(a.c2); + return result; + } + + const Element& Subtract(const Element &a, const Element &b) const + { + result.c1 = modp.Subtract(a.c1, b.c1); + result.c2 = modp.Subtract(a.c2, b.c2); + return result; + } + + Element& Accumulate(Element &a, const Element &b) const + { + modp.Accumulate(a.c1, b.c1); + modp.Accumulate(a.c2, b.c2); + return a; + } + + Element& Reduce(Element &a, const Element &b) const + { + modp.Reduce(a.c1, b.c1); + modp.Reduce(a.c2, b.c2); + return a; + } + + bool IsUnit(const Element &a) const + { + return a.c1.NotZero() || a.c2.NotZero(); + } + + const Element& MultiplicativeIdentity() const + { + result.c1 = result.c2 = modp.Inverse(modp.MultiplicativeIdentity()); + return result; + } + + const Element& Multiply(const Element &a, const Element &b) const + { + t = modp.Add(a.c1, a.c2); + t = modp.Multiply(t, modp.Add(b.c1, b.c2)); + result.c1 = modp.Multiply(a.c1, b.c1); + result.c2 = modp.Multiply(a.c2, b.c2); + result.c1.swap(result.c2); + modp.Reduce(t, result.c1); + modp.Reduce(t, result.c2); + modp.Reduce(result.c1, t); + modp.Reduce(result.c2, t); + return result; + } + + const Element& MultiplicativeInverse(const Element &a) const + { + return result = Exponentiate(a, modp.GetModulus()-2); + } + + const Element& Square(const Element &a) const + { + const Integer &ac1 = (&a == &result) ? (t = a.c1) : a.c1; + result.c1 = modp.Multiply(modp.Subtract(modp.Subtract(a.c2, a.c1), a.c1), a.c2); + result.c2 = modp.Multiply(modp.Subtract(modp.Subtract(ac1, a.c2), a.c2), ac1); + return result; + } + + Element Exponentiate(const Element &a, const Integer &e) const + { + Integer edivp, emodp; + Integer::Divide(emodp, edivp, e, modp.GetModulus()); + Element b = PthPower(a); + return AbstractRing::CascadeExponentiate(a, emodp, b, edivp); + } + + const Element & PthPower(const Element &a) const + { + result = a; + result.c1.swap(result.c2); + return result; + } + + void RaiseToPthPower(Element &a) const + { + a.c1.swap(a.c2); + } + + // a^2 - 2a^p + const Element & SpecialOperation1(const Element &a) const + { + CRYPTOPP_ASSERT(&a != &result); + result = Square(a); + modp.Reduce(result.c1, a.c2); + modp.Reduce(result.c1, a.c2); + modp.Reduce(result.c2, a.c1); + modp.Reduce(result.c2, a.c1); + return result; + } + + // x * z - y * z^p + const Element & SpecialOperation2(const Element &x, const Element &y, const Element &z) const + { + CRYPTOPP_ASSERT(&x != &result && &y != &result && &z != &result); + t = modp.Add(x.c2, y.c2); + result.c1 = modp.Multiply(z.c1, modp.Subtract(y.c1, t)); + modp.Accumulate(result.c1, modp.Multiply(z.c2, modp.Subtract(t, x.c1))); + t = modp.Add(x.c1, y.c1); + result.c2 = modp.Multiply(z.c2, modp.Subtract(y.c2, t)); + modp.Accumulate(result.c2, modp.Multiply(z.c1, modp.Subtract(t, x.c2))); + return result; + } + +protected: + BaseField modp; + mutable GFP2Element result; + mutable Integer t; +}; + +//! \brief Creates primes p,q and generator g for XTR +void XTR_FindPrimesAndGenerator(RandomNumberGenerator &rng, Integer &p, Integer &q, GFP2Element &g, unsigned int pbits, unsigned int qbits); + +GFP2Element XTR_Exponentiate(const GFP2Element &b, const Integer &e, const Integer &p); + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/xtrcrypt.h b/libs/win_crypto++/include/xtrcrypt.h new file mode 100644 index 0000000..7f535d8 --- /dev/null +++ b/libs/win_crypto++/include/xtrcrypt.h @@ -0,0 +1,56 @@ +#ifndef CRYPTOPP_XTRCRYPT_H +#define CRYPTOPP_XTRCRYPT_H + +/** \file + "The XTR public key system" by Arjen K. Lenstra and Eric R. Verheul +*/ + +#include "cryptlib.h" +#include "xtr.h" +#include "integer.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! XTR-DH with key validation + +class XTR_DH : public SimpleKeyAgreementDomain, public CryptoParameters +{ + typedef XTR_DH ThisClass; + +public: + XTR_DH(const Integer &p, const Integer &q, const GFP2Element &g); + XTR_DH(RandomNumberGenerator &rng, unsigned int pbits, unsigned int qbits); + XTR_DH(BufferedTransformation &domainParams); + + void DEREncode(BufferedTransformation &domainParams) const; + + bool Validate(RandomNumberGenerator &rng, unsigned int level) const; + bool GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const; + void AssignFrom(const NameValuePairs &source); + CryptoParameters & AccessCryptoParameters() {return *this;} + unsigned int AgreedValueLength() const {return 2*m_p.ByteCount();} + unsigned int PrivateKeyLength() const {return m_q.ByteCount();} + unsigned int PublicKeyLength() const {return 2*m_p.ByteCount();} + + void GeneratePrivateKey(RandomNumberGenerator &rng, byte *privateKey) const; + void GeneratePublicKey(RandomNumberGenerator &rng, const byte *privateKey, byte *publicKey) const; + bool Agree(byte *agreedValue, const byte *privateKey, const byte *otherPublicKey, bool validateOtherPublicKey=true) const; + + const Integer &GetModulus() const {return m_p;} + const Integer &GetSubgroupOrder() const {return m_q;} + const GFP2Element &GetSubgroupGenerator() const {return m_g;} + + void SetModulus(const Integer &p) {m_p = p;} + void SetSubgroupOrder(const Integer &q) {m_q = q;} + void SetSubgroupGenerator(const GFP2Element &g) {m_g = g;} + +private: + unsigned int ExponentBitLength() const; + + Integer m_p, m_q; + GFP2Element m_g; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/zdeflate.h b/libs/win_crypto++/include/zdeflate.h new file mode 100644 index 0000000..35a9ed0 --- /dev/null +++ b/libs/win_crypto++/include/zdeflate.h @@ -0,0 +1,172 @@ +// zdeflate.h - written and placed in the public domain by Wei Dai + +//! \file zdeflate.h +//! \brief DEFLATE compression and decompression (RFC 1951) + +#ifndef CRYPTOPP_ZDEFLATE_H +#define CRYPTOPP_ZDEFLATE_H + +#include "cryptlib.h" +#include "filters.h" +#include "misc.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! \brief Encoding table writer +class LowFirstBitWriter : public Filter +{ +public: + //! \brief Construct a LowFirstBitWriter + //! \param attachment an attached transformation + LowFirstBitWriter(BufferedTransformation *attachment); + + void PutBits(unsigned long value, unsigned int length); + void FlushBitBuffer(); + void ClearBitBuffer(); + + void StartCounting(); + unsigned long FinishCounting(); + +protected: + bool m_counting; + unsigned long m_bitCount; + unsigned long m_buffer; + unsigned int m_bitsBuffered, m_bytesBuffered; + FixedSizeSecBlock m_outputBuffer; +}; + +//! \class HuffmanEncoder +class HuffmanEncoder +{ +public: + typedef unsigned int code_t; + typedef unsigned int value_t; + + //! \brief Construct a HuffmanEncoder + HuffmanEncoder() {} + + //! \brief Construct a HuffmanEncoder + //! \param codeBits a table of code bits + //! \param nCodes the number of codes in the table + HuffmanEncoder(const unsigned int *codeBits, unsigned int nCodes); + + //! \brief Initialize or reinitialize this object + //! \param codeBits a table of code bits + //! \param nCodes the number of codes in the table + void Initialize(const unsigned int *codeBits, unsigned int nCodes); + + static void GenerateCodeLengths(unsigned int *codeBits, unsigned int maxCodeBits, const unsigned int *codeCounts, size_t nCodes); + + void Encode(LowFirstBitWriter &writer, value_t value) const; + + struct Code + { + unsigned int code; + unsigned int len; + }; + + SecBlock m_valueToCode; +}; + +//! \class Deflator +//! \brief DEFLATE compressor (RFC 1951) +class Deflator : public LowFirstBitWriter +{ +public: + //! \brief Deflate level as enumerated values. + enum { + //! \brief Minimum deflation level, fastest speed (0) + MIN_DEFLATE_LEVEL = 0, + //! \brief Default deflation level, compromise between speed (6) + DEFAULT_DEFLATE_LEVEL = 6, + //! \brief Minimum deflation level, slowest speed (9) + MAX_DEFLATE_LEVEL = 9}; + + //! \brief Windows size as enumerated values. + enum { + //! \brief Minimum window size, smallest table (9) + MIN_LOG2_WINDOW_SIZE = 9, + //! \brief Default window size (15) + DEFAULT_LOG2_WINDOW_SIZE = 15, + //! \brief Maximum window size, largest table (15) + MAX_LOG2_WINDOW_SIZE = 15}; + + //! \brief Construct a Deflator compressor + //! \param attachment an attached transformation + //! \param deflateLevel the deflate level + //! \param log2WindowSize the window size + //! \param detectUncompressible flag to detect if data is compressible + //! \details detectUncompressible makes it faster to process uncompressible files, but + //! if a file has both compressible and uncompressible parts, it may fail to compress + //! some of the compressible parts. + Deflator(BufferedTransformation *attachment=NULL, int deflateLevel=DEFAULT_DEFLATE_LEVEL, int log2WindowSize=DEFAULT_LOG2_WINDOW_SIZE, bool detectUncompressible=true); + //! \brief Construct a Deflator compressor + //! \param parameters a set of NameValuePairs to initialize this object + //! \param attachment an attached transformation + //! \details Possible parameter names: Log2WindowSize, DeflateLevel, DetectUncompressible + Deflator(const NameValuePairs ¶meters, BufferedTransformation *attachment=NULL); + + //! \brief Sets the deflation level + //! \param deflateLevel the level of deflation + //! \details SetDeflateLevel can be used to set the deflate level in the middle of compression + void SetDeflateLevel(int deflateLevel); + + //! \brief Retrieves the deflation level + //! \returns the level of deflation + int GetDeflateLevel() const {return m_deflateLevel;} + + //! \brief Retrieves the window size + //! \returns the windows size + int GetLog2WindowSize() const {return m_log2WindowSize;} + + void IsolatedInitialize(const NameValuePairs ¶meters); + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); + bool IsolatedFlush(bool hardFlush, bool blocking); + +protected: + virtual void WritePrestreamHeader() {} + virtual void ProcessUncompressedData(const byte *string, size_t length) + {CRYPTOPP_UNUSED(string), CRYPTOPP_UNUSED(length);} + virtual void WritePoststreamTail() {} + + enum {STORED = 0, STATIC = 1, DYNAMIC = 2}; + enum {MIN_MATCH = 3, MAX_MATCH = 258}; + + void InitializeStaticEncoders(); + void Reset(bool forceReset = false); + unsigned int FillWindow(const byte *str, size_t length); + unsigned int ComputeHash(const byte *str) const; + unsigned int LongestMatch(unsigned int &bestMatch) const; + void InsertString(unsigned int start); + void ProcessBuffer(); + + void LiteralByte(byte b); + void MatchFound(unsigned int distance, unsigned int length); + void EncodeBlock(bool eof, unsigned int blockType); + void EndBlock(bool eof); + + struct EncodedMatch + { + unsigned literalCode : 9; + unsigned literalExtra : 5; + unsigned distanceCode : 5; + unsigned distanceExtra : 13; + }; + + int m_deflateLevel, m_log2WindowSize, m_compressibleDeflateLevel; + unsigned int m_detectSkip, m_detectCount; + unsigned int DSIZE, DMASK, HSIZE, HMASK, GOOD_MATCH, MAX_LAZYLENGTH, MAX_CHAIN_LENGTH; + bool m_headerWritten, m_matchAvailable; + unsigned int m_dictionaryEnd, m_stringStart, m_lookahead, m_minLookahead, m_previousMatch, m_previousLength; + HuffmanEncoder m_staticLiteralEncoder, m_staticDistanceEncoder, m_dynamicLiteralEncoder, m_dynamicDistanceEncoder; + SecByteBlock m_byteBuffer; + SecBlock m_head, m_prev; + FixedSizeSecBlock m_literalCounts; + FixedSizeSecBlock m_distanceCounts; + SecBlock m_matchBuffer; + unsigned int m_matchBufferEnd, m_blockStart, m_blockLength; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/zinflate.h b/libs/win_crypto++/include/zinflate.h new file mode 100644 index 0000000..e2fd237 --- /dev/null +++ b/libs/win_crypto++/include/zinflate.h @@ -0,0 +1,153 @@ +#ifndef CRYPTOPP_ZINFLATE_H +#define CRYPTOPP_ZINFLATE_H + +#include "cryptlib.h" +#include "secblock.h" +#include "filters.h" +#include "stdcpp.h" + +NAMESPACE_BEGIN(CryptoPP) + +//! _ +class LowFirstBitReader +{ +public: + LowFirstBitReader(BufferedTransformation &store) + : m_store(store), m_buffer(0), m_bitsBuffered(0) {} + unsigned int BitsBuffered() const {return m_bitsBuffered;} + unsigned long PeekBuffer() const {return m_buffer;} + bool FillBuffer(unsigned int length); + unsigned long PeekBits(unsigned int length); + void SkipBits(unsigned int length); + unsigned long GetBits(unsigned int length); + +private: + BufferedTransformation &m_store; + unsigned long m_buffer; + unsigned int m_bitsBuffered; +}; + +struct CodeLessThan; + +//! Huffman Decoder +class HuffmanDecoder +{ +public: + typedef unsigned int code_t; + typedef unsigned int value_t; + enum {MAX_CODE_BITS = sizeof(code_t)*8}; + + class Err : public Exception {public: Err(const std::string &what) : Exception(INVALID_DATA_FORMAT, "HuffmanDecoder: " + what) {}}; + + HuffmanDecoder() : m_maxCodeBits(0), m_cacheBits(0), m_cacheMask(0), m_normalizedCacheMask(0) {} + HuffmanDecoder(const unsigned int *codeBitLengths, unsigned int nCodes) + : m_maxCodeBits(0), m_cacheBits(0), m_cacheMask(0), m_normalizedCacheMask(0) + {Initialize(codeBitLengths, nCodes);} + + void Initialize(const unsigned int *codeBitLengths, unsigned int nCodes); + unsigned int Decode(code_t code, /* out */ value_t &value) const; + bool Decode(LowFirstBitReader &reader, value_t &value) const; + +private: + friend struct CodeLessThan; + + struct CodeInfo + { + CodeInfo(code_t code=0, unsigned int len=0, value_t value=0) : code(code), len(len), value(value) {} + inline bool operator<(const CodeInfo &rhs) const {return code < rhs.code;} + code_t code; + unsigned int len; + value_t value; + }; + + struct LookupEntry + { + unsigned int type; + union + { + value_t value; + const CodeInfo *begin; + }; + union + { + unsigned int len; + const CodeInfo *end; + }; + }; + + static code_t NormalizeCode(code_t code, unsigned int codeBits); + void FillCacheEntry(LookupEntry &entry, code_t normalizedCode) const; + + unsigned int m_maxCodeBits, m_cacheBits, m_cacheMask, m_normalizedCacheMask; + std::vector > m_codeToValue; + mutable std::vector > m_cache; +}; + +//! DEFLATE (RFC 1951) decompressor + +class Inflator : public AutoSignaling +{ +public: + class Err : public Exception + { + public: + Err(ErrorType e, const std::string &s) + : Exception(e, s) {} + }; + class UnexpectedEndErr : public Err {public: UnexpectedEndErr() : Err(INVALID_DATA_FORMAT, "Inflator: unexpected end of compressed block") {}}; + class BadBlockErr : public Err {public: BadBlockErr() : Err(INVALID_DATA_FORMAT, "Inflator: error in compressed block") {}}; + + //! \brief RFC 1951 Decompressor + //! \param attachment the filter's attached transformation + //! \param repeat decompress multiple compressed streams in series + //! \param autoSignalPropagation 0 to turn off MessageEnd signal + Inflator(BufferedTransformation *attachment = NULL, bool repeat = false, int autoSignalPropagation = -1); + + void IsolatedInitialize(const NameValuePairs ¶meters); + size_t Put2(const byte *inString, size_t length, int messageEnd, bool blocking); + bool IsolatedFlush(bool hardFlush, bool blocking); + + virtual unsigned int GetLog2WindowSize() const {return 15;} + +protected: + ByteQueue m_inQueue; + +private: + virtual unsigned int MaxPrestreamHeaderSize() const {return 0;} + virtual void ProcessPrestreamHeader() {} + virtual void ProcessDecompressedData(const byte *string, size_t length) + {AttachedTransformation()->Put(string, length);} + virtual unsigned int MaxPoststreamTailSize() const {return 0;} + virtual void ProcessPoststreamTail() {} + + void ProcessInput(bool flush); + void DecodeHeader(); + bool DecodeBody(); + void FlushOutput(); + void OutputByte(byte b); + void OutputString(const byte *string, size_t length); + void OutputPast(unsigned int length, unsigned int distance); + + static const HuffmanDecoder *FixedLiteralDecoder(); + static const HuffmanDecoder *FixedDistanceDecoder(); + + const HuffmanDecoder& GetLiteralDecoder() const; + const HuffmanDecoder& GetDistanceDecoder() const; + + enum State {PRE_STREAM, WAIT_HEADER, DECODING_BODY, POST_STREAM, AFTER_END}; + State m_state; + bool m_repeat, m_eof, m_wrappedAround; + byte m_blockType; + word16 m_storedLen; + enum NextDecode {LITERAL, LENGTH_BITS, DISTANCE, DISTANCE_BITS}; + NextDecode m_nextDecode; + unsigned int m_literal, m_distance; // for LENGTH_BITS or DISTANCE_BITS + HuffmanDecoder m_dynamicLiteralDecoder, m_dynamicDistanceDecoder; + LowFirstBitReader m_reader; + SecByteBlock m_window; + size_t m_current, m_lastFlush; +}; + +NAMESPACE_END + +#endif diff --git a/libs/win_crypto++/include/zlib.h b/libs/win_crypto++/include/zlib.h new file mode 100644 index 0000000..ef7cbcd --- /dev/null +++ b/libs/win_crypto++/include/zlib.h @@ -0,0 +1,60 @@ +#ifndef CRYPTOPP_ZLIB_H +#define CRYPTOPP_ZLIB_H + +#include "cryptlib.h" +#include "adler32.h" +#include "zdeflate.h" +#include "zinflate.h" + +NAMESPACE_BEGIN(CryptoPP) + +/// ZLIB Compressor (RFC 1950) +class ZlibCompressor : public Deflator +{ +public: + ZlibCompressor(BufferedTransformation *attachment=NULL, unsigned int deflateLevel=DEFAULT_DEFLATE_LEVEL, unsigned int log2WindowSize=DEFAULT_LOG2_WINDOW_SIZE, bool detectUncompressible=true) + : Deflator(attachment, deflateLevel, log2WindowSize, detectUncompressible) {} + ZlibCompressor(const NameValuePairs ¶meters, BufferedTransformation *attachment=NULL) + : Deflator(parameters, attachment) {} + + unsigned int GetCompressionLevel() const; + +protected: + void WritePrestreamHeader(); + void ProcessUncompressedData(const byte *string, size_t length); + void WritePoststreamTail(); + + Adler32 m_adler32; +}; + +/// ZLIB Decompressor (RFC 1950) +class ZlibDecompressor : public Inflator +{ +public: + typedef Inflator::Err Err; + class HeaderErr : public Err {public: HeaderErr() : Err(INVALID_DATA_FORMAT, "ZlibDecompressor: header decoding error") {}}; + class Adler32Err : public Err {public: Adler32Err() : Err(DATA_INTEGRITY_CHECK_FAILED, "ZlibDecompressor: ADLER32 check error") {}}; + class UnsupportedAlgorithm : public Err {public: UnsupportedAlgorithm() : Err(INVALID_DATA_FORMAT, "ZlibDecompressor: unsupported algorithm") {}}; + class UnsupportedPresetDictionary : public Err {public: UnsupportedPresetDictionary() : Err(INVALID_DATA_FORMAT, "ZlibDecompressor: unsupported preset dictionary") {}}; + + //! \brief Construct a ZlibDecompressor + //! \param attachment a \ BufferedTransformation to attach to this object + //! \param repeat decompress multiple compressed streams in series + //! \param autoSignalPropagation 0 to turn off MessageEnd signal + ZlibDecompressor(BufferedTransformation *attachment = NULL, bool repeat = false, int autoSignalPropagation = -1); + unsigned int GetLog2WindowSize() const {return m_log2WindowSize;} + +private: + unsigned int MaxPrestreamHeaderSize() const {return 2;} + void ProcessPrestreamHeader(); + void ProcessDecompressedData(const byte *string, size_t length); + unsigned int MaxPoststreamTailSize() const {return 4;} + void ProcessPoststreamTail(); + + unsigned int m_log2WindowSize; + Adler32 m_adler32; +}; + +NAMESPACE_END + +#endif